From 593d89d4d3054781d4ecbeb13bf9437feb96c279 Mon Sep 17 00:00:00 2001 From: Kevin Miller Date: Fri, 6 Apr 2018 08:59:18 -0500 Subject: [PATCH 001/361] Fixed `-OutFile` argument to be the correct path `$Env:ProgramFiles\Docker\Docker\resources\bin\docker-compose.exe` --- compose/install.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose/install.md b/compose/install.md index 86a363fc4b..216a0c49c6 100644 --- a/compose/install.md +++ b/compose/install.md @@ -77,14 +77,14 @@ Docker Compose. To do so, follow these steps: version of Compose you want to use: ```none - Invoke-WebRequest "https://github.com/docker/compose/releases/download/$dockerComposeVersion/docker-compose-Windows-x86_64.exe" -UseBasicParsing -OutFile $Env:ProgramFiles\docker\docker-compose.exe + Invoke-WebRequest "https://github.com/docker/compose/releases/download/$dockerComposeVersion/docker-compose-Windows-x86_64.exe" -UseBasicParsing -OutFile $Env:ProgramFiles\Docker\Docker\resources\bin\docker-compose.exe ``` For example, to download Compose version {{site.compose_version}}, the command is: ```none - Invoke-WebRequest "https://github.com/docker/compose/releases/download/{{site.compose_version}}/docker-compose-Windows-x86_64.exe" -UseBasicParsing -OutFile $Env:ProgramFiles\docker\docker-compose.exe + Invoke-WebRequest "https://github.com/docker/compose/releases/download/{{site.compose_version}}/docker-compose-Windows-x86_64.exe" -UseBasicParsing -OutFile $Env:ProgramFiles\Docker\Docker\resources\bin\docker-compose.exe ``` > Use the latest Compose release number in the download command. > From ef4179adc53ed0b4d30d2ea70054afdaaaec4f94 Mon Sep 17 00:00:00 2001 From: Vladimir Jimenez Date: Wed, 11 Apr 2018 22:04:55 -0700 Subject: [PATCH 002/361] Take down docker.github.io --- .nojekyll | 0 _config.yml | 2 +- index.html | 9 +++++++++ 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 .nojekyll create mode 100644 index.html diff --git a/.nojekyll b/.nojekyll new file mode 100644 index 0000000000..e69de29bb2 diff --git a/_config.yml b/_config.yml index 4c7cd44cd8..f9286f1ec6 100644 --- a/_config.yml +++ b/_config.yml @@ -14,7 +14,7 @@ lsi: false url: https://docs.docker.com # This needs to have all the directories you expect to be in the archives (delivered by docs-base in the Dockerfile) keep_files: ["v1.4", "v1.5", "v1.6", "v1.7", "v1.8", "v1.9", "v1.10", "v1.11", "v1.12", "v1.13", "v17.03", "v17.06", "v17.09", "v17.12"] -exclude: ["_scripts", "apidocs/layouts", "Gemfile", "hooks"] +exclude: ["_scripts", "apidocs/layouts", "Gemfile", "hooks", "index.html"] # Component versions -- address like site.docker_ce_stable_version # You can't have - characters in these for non-YAML reasons diff --git a/index.html b/index.html new file mode 100644 index 0000000000..22baa6dd17 --- /dev/null +++ b/index.html @@ -0,0 +1,9 @@ + + + + + + Docker docs + + + \ No newline at end of file From 464425f12d8aaf3e6f3c0566f2252a0e9930f153 Mon Sep 17 00:00:00 2001 From: Vladimir Jimenez Date: Thu, 12 Apr 2018 09:52:06 -0700 Subject: [PATCH 003/361] Abuse 404.html to redirect to docs.docker.com --- 404.html | 14 ++++++++++++++ _config.yml | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 404.html diff --git a/404.html b/404.html new file mode 100644 index 0000000000..6ec3c16fa6 --- /dev/null +++ b/404.html @@ -0,0 +1,14 @@ + + + + + Docker docs + + +

We have moved away from the docker.github.io domain. Please visit docs.docker.com instead.

+ + + + \ No newline at end of file diff --git a/_config.yml b/_config.yml index f9286f1ec6..b2a6979585 100644 --- a/_config.yml +++ b/_config.yml @@ -14,7 +14,7 @@ lsi: false url: https://docs.docker.com # This needs to have all the directories you expect to be in the archives (delivered by docs-base in the Dockerfile) keep_files: ["v1.4", "v1.5", "v1.6", "v1.7", "v1.8", "v1.9", "v1.10", "v1.11", "v1.12", "v1.13", "v17.03", "v17.06", "v17.09", "v17.12"] -exclude: ["_scripts", "apidocs/layouts", "Gemfile", "hooks", "index.html"] +exclude: ["_scripts", "apidocs/layouts", "Gemfile", "hooks", "index.html", "404.html"] # Component versions -- address like site.docker_ce_stable_version # You can't have - characters in these for non-YAML reasons From e411300bf3dedfd089288e44ed655650a82ce785 Mon Sep 17 00:00:00 2001 From: muxator Date: Sat, 14 Apr 2018 12:39:16 +0200 Subject: [PATCH 004/361] Mention btrfs storage driver for Docker CE Docker CE supports btrfs storage driver on Ubuntu, and Docker EE supports it on SLES. Mention it in the documentation. --- install/linux/docker-ce/ubuntu.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index 0bc9b66302..5725f9aeb2 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -54,7 +54,8 @@ networks, are preserved. The Docker CE package is now called `docker-ce`. ### Supported storage drivers -Docker CE on Ubuntu supports `overlay2` and `aufs` storage drivers. +Docker CE on Ubuntu supports `overlay2`, `aufs` and `btrfs` storage drivers. +Please note, however, that in Docker EE `btrfs` is only supported on SLES (see [btrfs](/engine/userguide/storagedriver/btrfs-driver.md)). - For new installations on version 4 and higher of the Linux kernel, `overlay2` is supported and preferred over `aufs`. From d2d65042a8728a51e42cdfc5777580021719eefe Mon Sep 17 00:00:00 2001 From: Vladimir Jimenez Date: Thu, 26 Apr 2018 08:06:53 -0700 Subject: [PATCH 005/361] Make changes based on feedback --- 404.html | 7 ++++--- index.html | 6 ++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/404.html b/404.html index 6ec3c16fa6..410cdd8549 100644 --- a/404.html +++ b/404.html @@ -2,13 +2,14 @@ - Docker docs + + Docker Documentation -

We have moved away from the docker.github.io domain. Please visit docs.docker.com instead.

+

We have moved away from the docker.github.io domain. If you're not automatically redirected, please visit us at docs.docker.com.

\ No newline at end of file diff --git a/index.html b/index.html index 22baa6dd17..462229e9d4 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,9 @@ - Docker docs + Docker Documentation - + +

We have moved away from the docker.github.io domain. If you're not automatically redirected, please visit us at docs.docker.com.

+ \ No newline at end of file From 0d21824e3c9bad1a2e2c4eb04483263dc2402c37 Mon Sep 17 00:00:00 2001 From: Vlad Dm <2tunnels@gmail.com> Date: Sat, 19 May 2018 16:07:15 +0300 Subject: [PATCH 006/361] update compose django example --- compose/django.md | 18 +++++++++--------- compose/images/django-it-worked.png | Bin 21453 -> 18133 bytes 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/compose/django.md b/compose/django.md index 8c1ffaa34d..9fcd334a0d 100644 --- a/compose/django.md +++ b/compose/django.md @@ -30,9 +30,9 @@ and a `docker-compose.yml` file. (You can use either a `.yml` or `.yaml` extensi ENV PYTHONUNBUFFERED 1 RUN mkdir /code WORKDIR /code - ADD requirements.txt /code/ + COPY requirements.txt /code/ RUN pip install -r requirements.txt - ADD . /code/ + COPY . /code/ This `Dockerfile` starts with a [Python 3 parent image](https://hub.docker.com/r/library/python/tags/3/). The parent image is modified by adding a new `code` directory. The parent image is further modified @@ -46,8 +46,8 @@ and a `docker-compose.yml` file. (You can use either a `.yml` or `.yaml` extensi 6. Add the required software in the file. - Django>=1.8,<2.0 - psycopg2 + Django>=2.0,<3.0 + psycopg2>=2.7,<3.0 7. Save and close the `requirements.txt` file. @@ -71,7 +71,7 @@ and a `docker-compose.yml` file. (You can use either a `.yml` or `.yaml` extensi image: postgres web: build: . - command: python3 manage.py runserver 0.0.0.0:8000 + command: python manage.py runserver 0.0.0.0:8000 volumes: - .:/code ports: @@ -93,15 +93,15 @@ In this step, you create a Django starter project by building the image from the 2. Create the Django project by running the [docker-compose run](/compose/reference/run/) command as follows. - sudo docker-compose run web django-admin.py startproject composeexample . + sudo docker-compose run web django-admin startproject composeexample . - This instructs Compose to run `django-admin.py startproject composeexample` + This instructs Compose to run `django-admin startproject composeexample` in a container, using the `web` service's image and configuration. Because the `web` image doesn't exist yet, Compose builds it from the current directory, as specified by the `build: .` line in `docker-compose.yml`. Once the `web` service image is built, Compose runs it and executes the - `django-admin.py startproject` command in the container. This command + `django-admin startproject` command in the container. This command instructs Django to create a set of files and directories representing a Django project. @@ -202,7 +202,7 @@ In this section, you set up the database connection for Django. 5. List running containers. - In another terminal window, list the running Docker processes with the `docker ps` command. + In another terminal window, list the running Docker processes with the `docker container ls` command. ```none $ docker ps diff --git a/compose/images/django-it-worked.png b/compose/images/django-it-worked.png index 0bbdf1a92144e2f33f52443c9f8a2e7ac7b21abd..a96a3b0aeccefc62e513d823986fc4a35234f2a9 100644 GIT binary patch literal 18133 zcmbV!bzD{5*6udx6lp{nX{B>3f;0%ysUY3mp>%hrAPv$T8>PFuySw{N@IBvmzkAO8 z;rLUW2TllP z!b+A92-35=p9he*1YGbToRx@#Al$-}XDE-+=85TcAdr_35rKEIb`#svwyIdVf8h3X zb!qF!1fRT;k$o)t5u=FqBudj)Bw&SsaushktdpWDLhNW@rin#@u|@r(53jVWkyQjk z7BwQxcX*`9j9S+K6SfA1#p0K9yO;anTRlCJ_A9Z|vwS><0X~ZychiGFw%zzK?*H-9 z_|e_@pA%$&?f%pMdHSE%{6Aj$mRm~++Y}(LKNcUmxDdg?MQwT)tgK?ztb+X*9tSang7;Vm}NQ&VH|M#Y@qt2-AV^M8?MvCoOZ!nGfH8H_8GIe-)p-^7xrrCp` z?}qRC9ekmi_a#2M)Kvpa9X}tt`N?0Ioa(x}eG?jSzD-o6e6RH2ek&TBg(qOWR*h_o zoXeHPKOV5xJbGxS-Uc06uH|sx0CPXKooER zWC=b#Yzoii*6}@IhB+n4$$v1?;UInOKa2?=bHBNjRgylcS!kG=N7392GmF0S6@2{Y z;X{a(dZj2PWbVPIqNAJ1=$%tFR<7gz2@8RLEsNquwLtTLPObUvwis(E{uB7W3!u;a zF`R83sRNr1_+SpX7nz-6>1&3}5xLZVEnhiBXWgXXDbx75 zSh8^z|L?y8@oX9Bm8Jg*W|7VLB{=@C&pc-PTl~T}#IR1w6p?FDAbr`wA0I;?M0vv> z)`V3~@faSUVsZ-Z1f@+kto5)>P07d^EvV5%)n`aMbQ(+lfk1>OArLgOAao28ikwNx z75l2ukfb*?l+TQt2Ify@Fv@xP>Y|i>7&D#BU=AAtdvKF{!V6Z+7333Qh@b9TQwAH= z{d$;{uPZ2`zW#ihqU1H(qiT~!_iN`F5@#`DJPj(%xH$`7WX(TVOFX!)U}SCYV>}@= za+qJM1{1bVp+bPX_3kjP9bP#4Xc!IgOuNzllOL95+i~7{*-l{^yZz_IkC`_r{64DW z>Khm*+sBsOIH{WJGIGXlkz^fskd*MZlR#+RZ$`?AR{O+m?ZEC|WOdhM$eC11r?^gx zPOQ5`qy1g#v}$&T9&BUAuV%VTj;;=t;W=5TF-Y@ib9d&M5CbNG+LQm9e1bR&&*q~e z*8G7no>3OpS}cQY3s^2t;yWqqh&T5e+t)-Y_BFFnw(vao`>9E1p?S4$iz7xX469hs z>ok&1FON-&{$J`8t7knT^p#fh%_M8#Ir0PfpnjXAtHr1Cx|;OErHFzk_u9JGSCx~^ zej=l3?R&FN?X4c3aDiLT)zD&{EfjOJ4)nygY-nwW+5qgt!^Jzm2*IC_h5yyZmSC8L zSYp1IENQdDJT!BdlcC-`Fk?}Z^mJMbUvYXRhx8Mz=AEK)A>HGQ?1V{v`+3b~RRs!W zRfzzG&LXz)sy=QRCqEyxl;NTuSSWynlp2hI#Eb6E%pO+UZ3>xIz1eD~1GfCvb?DEo z? zJ2}E4{loYyk2F_ebAY;Txt!V(U;^sBUI`1aasC%3{hb5&``&Q=?R1Y@|9#CJiv7=P zUf4W9YzwccQQR zd1Qj?<@GHFzeC41mrkG)-2PC&5z1tF>eXLUuFk)>xL}vh&rzW97ZXDuk&pQKNWP;W zec|F54SHFcwZs$jk42xB?s)HlYv4(aI~)e2yC<)dX=rE>NKEsTJ=6Zt4;1jY*-B@E z+sewH9#*oGY_snYOotg5=#@^dZ8@<2QQ&UxWak`LRSgX(`2DDHn+AvT@@*cEJKz@0|vlq>D62^mdSXJTAQz z9=lQ_M{(zScL==e9RS%{J`0>0yeWchOn{aqxAN6&*iLY5X=_nu)bho(RS*q^zGNLo%& zX5_R*L7R5n2`gJ8+NdRC&Mv&FGO=f)|BSn` z)2lq!+eh4(H#fVk+AB*eu4R==S23Yv<{SWVk$;6fhUnQkKYEC|CCr3TM&H@fv*XP; zBIzG2)c%i4=$Iy<}$0*ZeB^!e@ealBNv-74KEI=dxl zLM&i+@YlcuCj9dQ1NXA7ZON_+C)bu?1zDd)ZmV6Pw?mt~P(VQLw;=b!_Aab4Sl+n5 z4z9FV+CF_fi_*rqwn-lGuzYEH^yZVQj75EE1p31AH^8Ot_*7pc3L;u>SG)aAEQO9L zw*8`j`~{3JgJ4)9gLaCLY}Vnovt6ZqeCdkoF7#rERQtVqVj?{%I^?YoKMXi^BqY== zZfYK<`Ly8J{h4Bq*&%jAE9(x*+YLt5x=Q=x@%W|f_46rau`}bw2M-}@!g`ZWA%%r0 z4Gm9p1daK9j7=FuDZdO&tT4XnEU3`V#pb(Ebav(qLIsfZ%$(30aN;#`lhtS)SXnt& zO~}=Gqf%aoQ0=~Iax3KzA3({lkH`V95g>ejb+y{8QpL$0yTkPpc3Jq1ni%5700$5& z<=H$(&=OmKV|$jUL8PGb(O z2%s?4c2^eH&&PUGr8NGgllKX++*4 z8*5e*(lG~P%(jlTv0s^uI`GTozBp!<# zWgj}t6T~UMDE(?)3__xPF!!4uuna|9=r7^i=z3oC2x0PQk!6c)0n(i-it)0Ea?YT^ zb-l6=nQ5^-C*7nO)Hjv3nNa6@!{Z5{8z8QjhMozK#>x(y*Cbj+mUgdheJG2{i0x5L ziV*%8(iu|q;IB7Tq_fB#R*qEew7HnwBW%?#stiQrd867=oLBs=n<+1nKWIw(#N1RC3{{Op zWb36(Ad4SlW)X|^jR3+0xruuUF>cn#9w|#LSC767b;~jiC04$QT73EN4m7MD7z9e@ zrq`H!mdmB*Wa(&ppEhXSoaM}DX1O6b+fR7!LE#(G_D0)VUR1%QIv$JZqx)wWAU77O!K_1I z1V}*{Z|OQ;BTu3zdn!c53oAmG>DE9(T~=YE#K^W7#B43=(cf+4z2=?I@x>eqrIBsZcIDxLSpCzrooF(g|@pS-Pt2s?z6j=g4!+Q{y0;gW+G$hY^RB`)RQ9gad zpsZAtGIZ8o)#+&IR*Pwu_)A`RYjI8dY~E^}F!=&|;v$Eawj52qe6C{~quVlvWPZOn zVNr3IZz%8wzy#@V->@hrqE?iT=$ZrukqIzFV+0Ma>k$E<(&BI;oIMnvi4<1{ z9YP3xMdG2eV+_4+trz%@PnP+(Z1ONg-o;?_wYOoA4H$n*O*tXM_|a*-QfBa5+c z`K2=DXdSxers4U54MeZ}JKeByJnSzuoFulkt6(j|`uZ)RB$1t8PaSl5+7h~p6O_}2 z^{n}KmcMh45pa^>MlCnNPyU_DZzeh!1p><|(R>PzHthkp_;NfiV_+?7SVJqs^m@B+ zki$7!E=cLzw~96!|Ay}DA$pXx{vy0k;&xQ;v~CI!_&;oSw&#}a)4U*Qm#Be*Je4Oe z25tC}ZO!!|H@%}qH*+QlLnnjYH>f-;Vjb}!3tR%kve*nd#yLCtuj>$AtuJ$DTz2#kV>k=X8@%$*&%nRupBhpz1q8Gi+)77%*-7ueV=nUOo$%}Xk& zIIKzv-eX{ZT$Nv#FtsWk!hQ4)$ekL*r5+H}|H`u65%#+S!2iFW{`vBMp8g*%6%iJW zVb<+wC3ZF1r_lZSwJVlcx7qJ`qJe9?sT|c*Pg7Hq4Hvbir>Esg*ZHQ#tzVoezqa-= z9I?}07jth{JiF;+x$$(ifwclQodF@MTM+p>jJKm@Hro@8-e~bjR2&?3!#Q%)w2=3K zfq@0E8wX?K{JJ{lWIktARaGvF?a^OqD)mlPstmKG`r+%Gy$PI_dvm}2aTs%k4ICXW zQ&Lje!>PQzycXbX9{tIE09M!VXfRVMndH6KTC#ebLs@b0KzDcd=%@m;NTEP|yBg)k zj~~R&N1@`BhMCI+N+pyO6xuVj_Li$X%@}ZEoaPGx#>U3INxZYJx6YpY{RkBy+T)D% zXA5IRTBM4k&zxD-yXr)^khlEkAqQ)v|7QM)g8B4 ziHV6_7Qnh-XAAyB+%`u$)7+GlPg^mFRUv8*FTj@bSd}W%lK@z^>FLh>^-EG*9LraL z5q4F~XYh<)Q&aPW{SpR$TN1CM8Tx~iT#$6(Q8k&WEc(*uRifLwVa4U@dTW2Ua=bZO z(9R<$C^%VR%E-W=gWEDW={Qws{)|cz3`ftvL`JsgdV8r+pk6nUr_?9~bYZO0eDRMb z5*aBeo5_@-tgOJGmH%d{{>9vH_xAR7u%xTxPTigaJPeHAuxhQ=pze6~!(et(AmGCl zuqCwz9kf>wK%cgzYfcxM{aGYxYHC_rT6z*V2e)8IR8&;1`^`Ac7f0u7X~9R&X6;uK z6A}^>G@PybQr=xf3=9moUTOcyG9A`xHw>8VQo#6a+yl zdC_M$eFM5zU^-h5*2u`n=(?F-!OzbhXZpe3{#=Z)?&sio6uk&sJ9>u3oaK9aASBl$ps3AkzYzcc!X72}iP-o8WV2Pb!}28Go$4NXjTCQV@y(koZLX?S=N&}HQ1N5;nVjEyDWrE`bv?d?ID;>gN*f`NvH z)B_op=`C?tcz8JM>Od@L@#1J*%hXguMyA+!vi#`i==SCmc4cuiFgRFYJgEb~XklSt zd3jj#>iTF<%9=|}Ts(l!0Ev_EZZkwhNj>Zw9F&!mC@3jkKwYMeZpxL?HVS@+se1;RB%aw%c#U-J}N3Is;lp8ZUSM>HZ;6N zO40^8B;!>FE@lVf3NxkxorWtmx78H0{VKtTJI1W56v2TSj74|G%0-P`M3R|ywd z#5|Auq{s_0L3ndp+lq<`sKt`7h=_=soZKP3evxQAAG<`tkWR@QKD}aC6mRn#o39Qi zE-qf~j6R&^m7^Kn7|umPM8w3zJVI#!mS{NoD^i%;wEkSj%!~=T9I2o_4yG6LT5Bga zelcAvTE0LXXs7ATI*x`@XhK4**(x4-QUrFyBSn%uEux#Zp@+fR=;I zWEVew|4-Cdq4$U3NM3ec9^sp>J~sy$0Oohbir&*i{!*`-=oQ?-hxPR6 zvtu?EmOSOMoXW~GVCpVARjbGf=KBlHV6pM=Dk>Ewbyn+P@$vC4OME2Wi(pfnhSZBR zpTPDA*iG`(>#B##-wt{*)~MnLAbiJ^8yQt{3{8_ ze|ez0T*l97rQfVO%l(n>?bz7ZKp|j5=TCCE(05tfovJ$g4M#jQJj^;9wjx(OY&ke4 zV$6p0tG}2+|Mw^46oR)fV>=&Yyf*@_+F-Aq&pwEd3aPDgJl(LW2Ec!4?rq9I#OuIv zyKJtp=@$?%N>Mm6Nrw9h4nKSORFUymPKF2%BoZ*o2BS$toX?vB*v>n z;@dfxDgp_w!_i!;&MSI))*7=jWVMeU8=&1l;wq#76ua43*rX;ePqqiwt@``>FMLe3 zv>Mr)D5Q@LZVbBdw8Rl?=oPq^89d> zfK3IFlhA23igNO0bf?5_-ni$is*4LB2{{c-huH$4P2On4J6l_HPA^EfX}^}xR~qX0 z2L@gPRQB`p1L(atHHF~vCE1__`z zZ>h4bF%gpKjz5{q)=R)w0bBwG9oN+rJpY-kp2};!n*aTKpzhV?i!H2%Bf{iiZf}y)}My zMR^uzWo>O7_KlE;s5_?h2$-1>(oWoXLSiBuGOig|?$FQ>!ZXURy1JWI)qtkqm3zfe zV*AG@Ft(JYW3oYM1L-9yPdM1QbpoU4+j~BuJpgdWRR9cGYp&rNQDLe`IAwE7OA@Cg zB{%maPy^sbxq&yYwcGbVcqU%Ed3AmWpf5u{7X=B4fXyhz-Te{C(%yVyY;3IY)%NSp z4Q^mcIa1eK=%v9Q1yl zIf%h;WNgfxu}5q-{j7LA@yqCkK>T#6$@TShkC0F@p$(0)@^awwSzmhuB_7p{iyhdgCcQL8e`=Fp86cm&Slj)5@)`_vP z06_h=#)^;|$pI|_z%}c1DDm-Q$UJVNgwbrhTJCU5Q&XO5l?*g=H@EKtuv#z!AO^6) z-}!T({PnjNU}R*(iE43eZLO=TDxn)__CYqokxnCL7SQ3>XYHZ*lg3@bL^X z4-1Rcaz`Yf$NhlbLeH1NZD;JgO-HfpIKYzSXygDnZ$?Tc_OBjZk#ix-&CQJumeXzF z;onFK;nMn0hgk`GxSt3I9A2a-Me-GL4K)WRXTD<5pQg#{t1DoW2Y?Z14BG-a0eI!? zo7e#2u^!UMzCx~0M^{}Y_wm(?aZl6VQja>Leug-V8L&du*vuly8=)T1A@aT%igN0s^>U3 z1gP|MOJ;lS*0}0Pg7E#eYQ|#ohx@4_dj>N9OlR~xNEf-8F!1purDkny88sFp92^_~quz5TR}9I| z-v%BL&>W!X=dbSQ_j3!t@Gi#BpeP!34sy`u#zuE^i}M3*=VEbD(S=qgJu+KcTSmr$ zgapE%#iQt>@ySUzIJnI8^nRA;TkTC|eD&%z#&xDd ze2e*%H?fPJ-S`?%Mqm}9@Ug6hQO&d@RqS!10H+NMXrSpJ_;F=Ukw@TRk53-b!KoiN zH0mj)c=hu|xiSi*8U<7Z&fJ58dp}9>9yg*vov!v<5fBi1dV0Wk3osH&@t6izGUX1f zU|t&lN>^7`07ow_F9%uFWMudUj{smCYc*i-|7mQzTZoJdgGN2!^XIG}paEVwGc(h4 zym%SJL*?b=!17pGSsy(`ZtLzIb}fpfCneR~ovFk0ZDLXs0vul}l0{?^><#c3AYw6` zb=>8JLZKjp1;Cpwvku7P2Ch^06F4~N$(R=4Q#XLD0t%|-0>3AZ1_%ADWMHu2&sfi4 zwe~SvHZC%9*kH0eX091go0cuJbs@I0 zF#*?PV`Bs8#HUP2)>`sTQbIz)8Q0tEL~h%R^z`T0*fdy(Ab9nCM#ZN8gpk8*E>+O~ zWM|s(a7E&Vu@i*Z1t7!>BH{)R)U3G=R8zzGcz9|`^~S~=TVxW1brm2VAQcc4bhDnB zJT)~{TUQs~1qF^nN~+hx!{czZSEI_Jxx3qV;HOB5PWPK#u9EQ*-NV^FKzHpAyV+m) zVOns=|5B|2?0RWw3FI&)$H!4#@YwzS{-mJp1mCq;MFsJ8TsPU;+?*3IXAotrY;6(Z z;IP~7OnD;VuqjOd9ILCX4GRlnP_NA*&aY}u_2?Shxbu+TYDP%EUDBcpN|SvE7%S10 zy1lvfgp=njQmoZ%_RGr3dhd;@R%!Mwt)GL73z(xMkX(B=BfSbjGGLu(XuFr=_fZ0=oThy(Clu8tMa@ePNb->DjOtkPst3*FhH@f0U4|e$liY5 z6X!^a-&Qc1QA54Tf+Ftog9f9u3KR$=NwQKKl>BoQ3P3afSPG+3@z3__ z4Q?3lW}uu8G6O*O`&gzyP6G%>sYJ&*AKL-4CJS7~T{7&gct#$UQNCSp7w{W~T zg@ZE7v2!^(WlYG%d-LYD^h5g9+F8%_Dsv9OrsEiwB$Drq?v{~Z_S6v@v}pSlRijOR zKRqzGj%9*z>$f~Vm@E(l(`?_`zECg)5ntHnm~vNW?O;a-rO8sMN$sLmYghT)fS!nxmiD_ddT&3NzI^!jcwdqLNfQM(nC(=+~_WCy) zq3P1k&Rc^`U0gr3_1VvxUk%>yIuY9~3#H#BI^5V2zG1Fc7FpWtT$C45(~@(9p<5hp zcrF}rhEwwV`ly)ZltLRO_LI!{@-R5_i4e?2@7l4oJa}smIyG2uj!Zd2K+M8%yAnxc zPxUxsJ6LL~TG3K#_LC{v(bju--(Bvu*8c70x>-sM9_|t7R1?AFbmv8F66&uOHqf`E zPmr>S_r}iZpucGrZFgz##MIkXS!FU1_jRl*EAOG6#lcS8Bs&pdf)H|WFwtwzliN`G2wn1O)_7iU#Vvt(cpeyfzm@l5f}btX!pCmwm1uPi0VW)sxaI%PI7?j0ix z6l67@mUB2ykDB(Eo|yI)tW=O2HGGT}H(%)@@zQ?(olK|O?!&FtVq5<-mE_i-p6vAn z3IamVROxaF+U%rGrHD$ob8M`20Qy0kNu>a@wcq;hIqC>Wt?E0&J{`}6K@lrtPjEVm}~bZy^hDdJJoMOU8|3$_NAmKrn6wv zt>apPT>;s@r6sWKV38ls+8;s^pMmxcyM`vs_DXZhf{5sdh@{-STGfv+uenUTR5Mso)uI%=%Zh5}lXQBq-vo7unCF|;4 zOztWSkIcN;S10Kt_xPDk9O^?MmTd3bQcBgE#9engr{m%vf3klK$9B9!#N;?47sbeSdb*wJrymX0GE^ zRe5eMw&KmnG86eM*XDlY=SSuHc4I5PJb$vz%F3=QsX@rcv?9J?dhzh}$w_GdSxvYL zJTkHhlWA3a?kXCz&NaQZbQtk-*YykSK|-vNZ@<*f*?-|m$_{c}Loa#}D&OUr^yL`h zZ@TtyC0K9&2_t#tDQivtUPEC9)n-$lqhI<<$@+fuqWjZBsZ}G@;oCuNuiGe!U(bv8 zP&kD)h5}6k5{VC1<@Z*~lelk!ooBmu*qx@kaJ-I?ooq%|^%Z*KrH3eSxs@O(gP<{> z!JVC2b18I54MsGhueQL64@`km?7!%9UYSpOIkJ|Tq6Vn-+~=L8mc1G?(UUVkk%>j7#8bSan&g+ejk|Y z?IFeLz(DZX#Zv-?!pbEhvyW#!^ZOnl>b%z#CK`?I=wBR%Bk6y+u(mewwR|pRZ(nN_li$JNa=O-j+iJsfv86jw zWSO#KWK0K%?yHMqlG8%6M@XBGVq^{p>+vbVB5|aM_Jx~b?7NPJiL%; zXdU@zFYR{KA7s$Fy*{;$h&Oezd{HimV?c8(RWK}f>0GIJd&DTcZyJG$voRUq&?i=n(e&K`nz*MadSLCY1`xhp6r?TrmDWt)of>N6p=^Ud| zv*iB@x;tyngbfwirL-@EU19mgX+2)ab&*)3&T=y?!b2Ylv)0?MVf*g-<>1D8uC-e? zct1EAE%`=tip&GuRkwGASH#1(Fy*7mkLm-R_uF0xODLS}7rse0J*O%|`A)_aR>k)P z#8OhHxxM!=<3YWl#?)P#Tw|k;m>|_bbaXg2&V|X3PZ0SBM@2)!k%RNc5x=^#Gks?< zeqcvqnu5P2TMj-viPnd1WYnM`DWe%;tCgeXo*rJwM825PRbAWDq-QPNM7V5IV?cl< zuR?vamH36#rj7ZeN{?Fud=@IPFK)^!88dLSO;-irL8iQAGB>!Wn6+qp<+)GY^>pMx zi`*0T+o2!Yd9G)S!8eUE zy5{-S-_Q>#z6`dUp7(|qy&t8Z^}HR2-b>X;=Ak5LqyHuGfcSA*B`@`j}{ zsb62N%2#7MUr)Qr<+La>z=VM`AI8u*4SGxCoYI%)W;it zMsGjs1&hK%)KG!DTl=Z1#=EthU~xEb^r>e#2~3)|?i!v1^`ytzn$`7ZLko78yzzEE z0sF5YzxWxLMufk=cU@wdeD3RVE_QZC0)k6RdtHv88iE6s9Lm$7kJ%Bs&Xqj$i}29f zu62I|676XJz&eGtHxi&gT2^Ao<9f42T$O)g(@FeQ(+@pW!ymonB>gH>)2^Vc)Gq?ur+?_zmE7h4{>@| z+N3NC%9YfYHQ0qltlgsYQCTfp3(r;sj=wD=$@$Pkm7z-RhwJg_KmvZGh2Cz>x~tAw zp;q*POy@0!&sOqn#_PV4-n|(TuUq~phu9*y7dDcSPv!Q@H%$7^YwWmGCb#J&SKFpZ zWekS77GZv#3jC0@fxdE-J`rDmp(fv8QS{7=Hr$&`bSfq1m^Z1$0D04Q#liqJ?JKfLP8MhdtZKvze&4?rgbhvr^`X6iKG*zs4W zs6B%jbohAOa>=Uz4`Dmkf|-M;$OLR$CM|&Lv+&kY3{b7W&Nl0hH|t$GyN8)w2Cf?0 z5p0p;nB(uL1YH!N)c9d%i&S2|5&w6x_xy1;f{y)vTnRZ!mxT|0eTW3j3Y)%9Xs@sM zC2H^N0T++E?8gs2)@xytnb^LNchc`$0M*myi}&|$jge*sbUDQ+>sd^>#Fp5zYks&A z2`p& zlftvcXb|JU*~2+;JK9UZDew!UskGKf)g9jy5hW*y)}|TkmD;)(^i@WZ>Aczr6fhzC zw55D@K}BV2%IUZ@815@6U*2E${Y28q&@Fuz?tFBuy^Lmg(wjY7fBPupM=x69MSFYA zdrJm@-ycNkB_~g#4>dTbjar^~1S7$lI#N7#`!(%kqv7iK1ccHq%D2A*2^4OR2Xu+b zTjX}>57(z{=dYft8J2+exbEsl;FTmAxyGHJ#E!=Y(Vh9fRA03-w#5*_An_o_arbTw zc0(aDi7E))T0W$ggiju2O9lD(w(2~Byv6yRbe~XwY(F7`fZp_f>%Ku#5P9fEk$-tX zA2)KdeLlQhmpXuCe|chB?Xu_>8EFi{GUg24;ok(G^*YNLk^JAxx-5F5s-y{eQEur3 z$oZm<>_^_er!Yq{z|JIoRyW>lvnqKU46WPUSmD$@;1B$eKd3K#fW|5Nw>QcpwUT4C zhFAewvvl0xR=6V78WcPIVDh5_iAL@q51ValbTng-FisAA7A9m5{jNiM%^{+L+XJ1O zTL|k(iYVkQm3O(Zo22e#P{9Cm`0e4wsFRhRk!=0-PT1ZzvK8Kwha}|xAz*bKo!n(W z*&qO=@!mtJXRg=lN3rjB^Ctx0mHs_8MNts?Pm$#W#J(&RI zuEgK&Lgs|F47dLq( zWaDQ@C@rne4=$ziIyFp0-;=jg^g{(N0&ycL8w zLp8PyTS{Wj5jPVNW=pGi9fEl;u6$zJJwhn_HJq(>EGbW_o7ME*Nd4!KSI_!VDq+fX zX>F(e+m{ku`gHy2am!5Z6%Krwe+xwm+mBv&q6Lt6EUji9mPD#C7#PVOJOcvu9bhWw z&d3!~ZV3h6@bObG`k0ET?%_l4qq-2HrD$bwmafog(4myQ&Y?~HbD<=9&rRsx|)f7emkZWOh@K{yap{TlC}rx z+O;S0Cic(K8)pYNx|q{bYz-O)P69$KK219wlAj7vxA~K!GkG~?W@a<4pFa(Syf!x< zL?F4jx$ccl5EFwQtdVt2sq!F@n3yEJcu|KyB9X*4zl+mxx^!}I(9PIJP18Zi3{SE& zw$BT`P6iPfDF!RG#ZTqwm_*AzO(z^&)f>_4J1g63bK>y(2S=>^mTrq<*tWk%*~iSv zRVrxG(pn@EuO5?-b5N&daZtftlCgX(^xa|!JK8N zMq%!%HTv*1=*Kbi6jaJMZEJ7u9;KpYgc^_aA$WvbeMjb25pspOJVfdc(8rx5(xtN1 z8V0>m@4d@C9}D%wmPMdr;=jqt+d9wNTC8)ph-XN^uJ~;g$s|4Qk<8j6+TKbfEUe8` zkb#%We-`riE;(0@&!ac=d$xRJbhP8^0SJ%1(Bg%qWry?qs;lEbkh-QzfXha=y49XL z%D}cxIFOK^-!F?lH_OOs}9j~ytX$XQgDTzxpU;uhMyJR0o z2cb5FwhYu=%u`^V@v6suVg3Zr1co%zyv>ed79d zK>^GeU~QY@Gy&kVs0{Q^>HLX>-j9rwU$mN-sCx>I=kG`hocVz4oJ=kOQ248>qr$=; zSb_-95&Ec>{0&iN8_?mm!EMcYVQBD5^y*Ks?JGY6YkhhXcZ3Yu_`Q-AMQcoTysj+$ zmK=0GlDk57O8!&9AfB_yk*Qi)Lqip>A8>+AcL7#}2fB(1+_jNSxvisRxwaZ}CZmnb zj`_yXZ(!s#HKz$oCOZv<^MN@}`P+c=cXuZ{w%p)ej}sx+REk2EQLv2<#`;sy8c>EX z}D0{>q(a9Mf$0}>=L2)b8(Kz;M49OM-i!8fX$D+_tY6-CRZ4T=< zX9j^#R!$B_)WN2ggyGjWo+aVj;QfzJNBSd)Dcfh{nIl;qrcyrdnlRc#zmR>!slVBQ z(a0_4;ra9OI`~r?fJ7$3lnV(Nm+g`{Rxzkno_u@orOIBPwZfE(tNJdfqW-ZZW`;=X zjFy!Ee}lf5r37ro0Gqt1Tm{Wz`KQbVaYc7Xi*)nyNuLM`9?yo1lC-(G%~G9z>VF42 zhY6j$WZ|zs?gWFMa4T_h!{CUKm2Ct`$zL?xX}57%A5RD#n6x_BDN2tBH3ks)7Z(*l zqiwwwIb0+IKQzyldtrX^K)*hslzOtl%+1{jN=zG>d-REv<*fk^S&EPx%E~H0ZzdOw ziNmdnGy}tn6PqCA{ET4=ZtkkiuYSdytH+^+(s@0&VUBhh6v;cuTRlWPY00no;e@N?Y&)Ti{{NY_@zt9aN zl*uu(S!l3)$y)4RpZS*;RVJ}HAMr3 zZj0KBy!*1kK3kVNY@ocI0K#ZZFNv-;9*2XWZyg<-uc%H|aDGC^7O9bP5SyoJf}p*x{h-vg$7p-an|#?v?2g4#;AeIyytIxn<%nXIJi~)PuPJ0i8;Yofq@+w zr#GpC`fy$-1VrqM6^+~;d3yhu(<6|)ZlnV0zxc`#I9}hfNC{!HufoFQBu&lDT3uPO zR8mAA*@m7x@npBBG28vnB5ACbB_#n3i?^j@`T7w!75#M~anoSDfbBoT$!?hI&ki-N ztY`+8M-}Km40qvT5#o?!M zAHP=|HwFPK4cFTzZm6G>?9UgaG~$>y$A9!MR$uqrl-{_5B*4vPdaoJbgGdxP_>}l} zlWcD@8=0(hM)pCVI62N`Gny3lpSgG|#>erGo_DQ{DbvHFqm)}WJTR&Y%JpWj@vO_?{fsXb$HP{?z_HwJN>Sn=lDD3FI&GO_2BsDbpJ~u zAdtR#CQ87eYcA)~o`VX56urZ^*+Oe_J$MDT@+fu`o@A5#O2b5*2C7CGSySoIgdC5{ z`ZW){g`+_abC@qv7)b^18G`vi8VJkFQ4fi42}lIeq;asdw}sC>n( zV{;`G`w2klY7y8NXw0`mny= zAlYAj@#{b2K~w%&{fjrGWZ{CYwV!o2&z4eMG5Hm}I5pxfFXxFa(TtJ^VGT#$L1AEP zYie<5-Ce}d#m07*^UKuKw=a#-Gk+h5hT%C?{p(kGdlR>6Xs{b812_hev-AoClKA-Vi?;Rk??!1DKyq6S znqEkqTU0btAmvk30X$Ida3D)QbCF`C==qFy=ir+lbbe6t*OAl^hksS08t@Pfvc?0* zAf#{SL$gFLr{h7c=?%BTk+?2Z#X&AkQ0CVD!9gJYn~5=%CQJkpfy_Zsav6SjiA@I8 zF7|}q!^4BWXU6|iwuQfKo(w@bk2aE4Mx%!q}*L1b?>UX7e^&B zF`NEXWfi7x*O-dKDe_AXtmnEy9w6aC9cfz+nra&Hz*GsDod!}pZ#m5LIziPUkS0Ao ze)JiV{KdH^Cch}-Qua{bora?&fM3WGaUYz%bp*|&_o{!VY2f(h^#4`NzPtaQ8~-)V f{~VQR`}Tp0(jS}eggx_j7mEl=3jE^#{QZ9c{)^IL literal 21453 zcmZs>1yEc;(=H4_LvVu2l3)P>1h)kO1PJaB+(Yo-?g5hE5F8eFx5e4u&f*S>ySps# zL*Dm(_tyRI)Yj~&Iz2r--96ns&zWCJ3Q|}YWEcnt2w2jeKdB%fAVHs=JJC^}`pg`H zGz0|IKhmE>)!Y#G7bj!LrAUH}IM=eWN~Gzv*g5|-)f*-U8vngM_hB!p>(V)KMjjWG$v`SM*S8KZqc<*;j!nQvGP{{!hbAgGY&_$Rjw=&{^SZ4Emn^0 zma$0I+|||jJ1T*Grgmd3&+9!=Vb%ob*|2ly>P?t98EKNsSrNXJVpGV?UE#Az?$4*scd#n8gzhAJhP4i!$V!WB8J)w@YT z1XgArvOjj^VzrQM&-RZeK-?++&M{&CC+p&>LU@M$hL3Yk|HAg1#o>bS$DW9VmSN#5 zwqb!Do~1QojHZ2ygD-6Qu{X*`#TOsQxoqRoPX3~CQBAqYDI^{$S_1#$J3Y9I?r$kV zS%q-zTU5c4kg^C+8XLE(?fW%WsmBOM9Afiy&rZkIz0~UAlT#;Y`hKp$F10I%geGR; zq6fdj$Xg?B(BwUep25_GdPCVA`9DFuQIY(s8$_BqbHU>Ig z&U)`F9O6Osd(vdVM=%KNzRWSzS3O$W`l_X0b>Sfj0C}wZpMkRVntg9w%heXz4vk#x zSr=W{Tzjgg?RthjkgC_2dKy3J*6Grt9PcUwe(nfEexB}Q=NYT3?fIc@(i;ND9q`?k zVDA~O_q?x)=gpcVWH_{ne12(bbRC+a{WSkaPSAOV=vwBfNmTEf9Vk1d^0?$E4z!}6 zu~CWt{m{lsMtoOc5iaQL`^W8{L!Mu_xxgA7vt5a$9yM|(^niJ9K(A7QYI|7c$Ip8l zS20V%t27nxpCcH8Un>>#aDICs{7^q>4LhFI)&4%u24uEAvQoy}NL6G`fESJ3A-E0a7@UxZG%&G+?jB3Cv$t;9e-}jm z1?;UJ(d4?=G73?@s%YX{n{8R30iA_yg_+B1LVr{COj#_H`nrjg;r&Mg^oj1R^b8A4 zqb;F}ZKP25sWU*g<02`v7MLgV_&u^r(Xv?-i1fUQWNMJzr>(=jwW1s%AvknZ>!Rh; zn#XLhuiNkciYp5oV7w|TiF}{~{R=YG|Lf1!{D>8__PL5L;tIww=%mkc#&LG|;VjWJ zBuUD}vw-(gU{!$*QHo7lN!M=7>!oCLi3tbUx~ZK~HOuMZv9Gx$bcI5&j;%4pq_{$X z`?u8`|JdWc0V-~q{Y^UEXl9!laMYM<)>DkQe3bUM&BNsOEfKzY6x4qfoElgMsnW*( z^~3HcnzU4Jn?7WNyvyAH{-^qFcg~SWN0s^8%o6It zbV8*0JRDlr%od>C7oRVwSG&ZTl5SJ3CwdloB%nHa%p;42f6}aIA8E>Gh-A z*NvoO%x89}Kg`RiBlh|Tiib;q3DR|fS2{+c52?QxNfRgSZgt8(Xr65VD<_7aJNzCh zm-$Q^wQ7?kWQBtfGLTD?eP&>UNg6}$?i#kmesWcad0MCi(6T*tu+0SmEeg!fsohi5 zR^4=w&!-*tkmN|q9upFNyt8lTe45w~U({_X<7)<*7Ae0?Cd6CfmUsfk79zGMB1~JB zt3O3tgq0rERQ`*6Ts{W=&OC8C-uV8j1qD^KUUAJ(m*NE*KIm0U>tj)`Ba_35At=Gg zL1*Ey_XE{I-EEQq*?g&cqjZtM4c*GKkALi=29|4UyJ>)c6u0w=-5s^f`@fNw7sn2| zCTn?IP6=#GPU05zy4@MA+`!0NDeH@6q@|wb8%AkTC6jiS_p;v=7F*o}|10-Lw<*CO zDXu~NhpHL@)iF-4+HbySu~q>OR8~n-bDb|6@~)fgoo6jx?ItWb)|03SH3%+zbxf*> z*t?%VQ=PBPTZ_bkS{->SE|vGnn7{_xk4q4*z{TP=Jbg{xqZ!)Xo?PpPR`zsTLy`F& zc23;4aRhVVy4A|h2fS>~GFP8OQ(r2o^x144Tl*?Ln@|a#@57+s{;`#)ufftH050sd z-LQJJJH6pM>Tz(ySQ#5mR8F(JU_Vl6RXcbhf4K zcTM9)RN3~Dt2!S9ejjMR5kyCJYB%CHOB&xfU^JtQV;gGca-VHR$p3MHlfjWDX;@h>&K<@M|5aPfL}SZ zCg{oAcCBn{K7U@t5ZRUldy0&+oA?r6#+g%UzWld!+p9SY1TSK*OdqS~1DevC?i+2# zANsQ=Pj4@s8;i(x*KU^kOF}lj?OPV-L&sQ#WM4vkdM`SP$c6CWm#2`gpww4((ap`8MQ9IOt91(Fz@iMk^kg=QqW2)54^Rf2Rl<4$i7l z!IZNCHUhKSbq0IVE2tn~rE_2jtWkLiI98}r#-cOAf|kz6#-_d_GkX;s;VkjY5~001 zcaagE_B-C6*I!~N)$<)|jOI_(&xQ$F zEn1ATjM?XZR`XeQOdxA7rb|TbXUfC_j7Fyx)eT8;@P-QVyc4@-0@m z`-K3+FsN>>KFz&Cy4<}=`s-uK!7wM#uEHxsx8=TH>5+G@Ib{CakUjM15X#~PVrbG} z+4y67W@Pr`UveJsKlY-25H`(+$n$&=Pt!YM@KBmcaJ{l(`4YZp$(Jg-BlA6bL%T2~ zmxH8E;Nk9W_zGl>)o2u}jbo6x;V8BKEB&b!0?D6Rhm%*6r6)`u>6ky2JqZGIDN9ro zQB%7T^Lchnb3A}&RVn@0GF$$IDJOSBfi*mkwY3e%*q50=W= zGz>9~07WO~ae{3Qf?b}%H2-{=nOfuHwc_Po)KjuS^)uAz{6O+T2~8d$Ih;g1wH}>K z|MSJu1ZU6bWAiz>{!V&c-iPPRV)&d>|2}7AKlg{{cZvUbb+xbSXj%h0nGwv+r;j;^ ze5~$n^nZm+Tpz%U_x+6<7DfRz^{8J)K>J%w|4>>u?dyFEQCh?g1{k5l}6I6WxfoX5;PU zhNS9};92*(rRI_&^P;fKR|CWNC`6Uj-XI9U;E}t&rzsEtyN+;Y z`%Up{h=6RadEcb;%e@&o#oNRX$r%2|$X!8g4Tkv$aTRO9;cm^_%X9n|JU( zJ*m%AlMq3*c?#a(#Ckgb>~bIa2t8i=O5jL7h}Xv8zOxAY2)8A%;-|m8ROCE)ML!oA zx);itWPp?TKD20pLS4H@x5v&a6u_LQmdbRnwUO}G*8+Zm_C{u|v!{?CZ*}&s>v@R+ z+P-=Hk6j&sg3(Q5Pc-$oP3gCdKWS;fUQ4cs`bpBWMue$>0afj;G(Mdt)(1 z?3QXH~pR_Yo@&u!5Jo zjxW+$dd2*C9qjJlFcFjy)#eyFr}EqvJ~Qxs#$8EW()s ztq%PiH&m7_k0KjB(b0Qqo0Vr}LUik|B;QexWq24M>D4A^GHizIm|DC{gWRRQ?KpUg zVJ>wURj#FT7(ExSn9HsCZT*BNzD56hQYrKNk;9HTNad6Gfe#a_ko+QNQft7qco7p@ zW;(e9Rk1!WpJ&@6G#%s2khmB?=+tVCIJ({tU96_D`vwlF2^hWmW?@lHYnBPfNqeh7uuIU6Uj9^MSSu-ijCrNrtMA!P8qQFJO|k*ltLvz6$!Yw;oe zfa-{GyEw1v6vHx2DPc0wnfv$SO#nMZiu@h+K4_<|oKtL|pHE{1YRUAXyVdG&+#fDS zU&$A}1F+tqF_^Eph7CDkJ6#Ya%ghGUKE^nwdo;2?1|Qa_i7&7M40UT-&ooyX3SQk$ z`hFV7FPkYVu+5Lv0N9#ZBl>gC!B|0xHEdAvd~Kgx(y+U-MW*fcMM4Z51Lsr&rNz(% zyIEIXEH0HyJ*&(SvcQOFI+`+ChW;eQ9e{`1uew_&Vb zA&GooIkR-P?kS#aWjG6c{E0OC8#H(9HWjhJVil@1%ApZ^1$<`{Fv+Cf#$<85$Y1=a z9vWhMIlA;)4bFk=SCfxg({|%@IP_7LhXpKR@inXNvihjy%a@8@%d8l`Q%Eg2IYj*K z63R*4>ZFM4+uGb&j_u4O4y9EnX2fWEUN1b^M-!R$V-_So^Y;#nN#i@cR%lpl7UV`ki8kqMsCxD$7nkfYl zW8}CXMH2Z?P5Qj=KfDJy`g6S$5WT{Rf7{>Qr9LK;nGgO8qRbPsxY?@Wj8r(5{UA2F zj@`8>#s2ak9~YFUh9N_KG%9DDVtm3d;kRcKT_iUwlH=Z?&cWQ&=6&H?6O5f7wh0Y>0RB+kj_3UwWPpJGy_Cd3Rc#7L$J>bwiuJHUpYaw2*CDzxIa%;cR zoW1yyjYG{6Q9V>_|x(3Ln6RaXV z6p37;ODmr3$`QEK7E#TPZ8B-JLQ?!HXRz!#s&S2l{7FcUGU7LUJ1{J?+qG2=m>qtM zSAz!?#Q=zHt8KktnfC@^>E$;s7F?M02q}kIe}7=1EbU@9fE5W19~I^!21IFpeaN|(O>s+@ zyXvWZp~*QkbCq6`4L@w`6FTV2KSPqOX_o%;B_&(?ypU>o7cS{Dyb!1P&C5o|%ZqI9 zBGly6^N6>GStw%swY=5?m!M1>8ZNYdrm?hA9tIeAJOS~XJ{!H}e~j+O^by-5jbc_k zp}b78F&EaEqszh!H%iQ-Ue?%@?2vT&$5e-by`$ZT zVz+_t(${Vdb7ach_+HIQoo92%ghg)&rZr_AIV-u}nn|SngqzNZP{${M4s?cwu1!?R zi9q;kw4ZF=hbl=SvVQuM`;BM}E7+PHsYzN6xoF*(PWq#tnG>b_;lPP2^DiW3B%DE_CY5% z40`pOv7H{<)7j$;{U}zx!64oA5!_dIZyq8r5NVoKa0P3FaQZ%GuGebHybub7eT)LI zSmx4AKA!9|lnAGdUN8#FxJ$0`r@sInJC{(j_md)}v!5VwrfgvROIm!V*0i9wm#s~< zx@=UPox8E(Q8hHK9337xI@-c_RI*?94k6=b}OcW65fvacqm)ZQuM zNx*#?+)yj81;Qi3Mr+HcPIy0gRiiuBtPR%7T?Ri&FS@^3cYO8b(%OtOwJ^sS8K=DL~y^L>qSqm3XiNSJ5 z=mF%pQKODGDFzIh`s|ell^QqM1RgKKd>1FLx?pu)O@P2L=;}aNWTT?0_mCpkF3+3$ zkb;-7bY<(()5-IDnC;vG)xL6P$u6%OJ)Zpm6?W(zO2?bs^9D-qfELZ6Vw=Ye&Pun0 z(-Dy;l^!FBr?CI0_TZQ5l&b7>`pA~NPZy4r)vGYQkbc|80Nxe#A)`0_8D+t6@x_)! zDx&5sZwfW~mB~#;duHg?I>*hxnbQ>yF;uH-9^2U?l3K;ZP-lL64khHZZtm8%PXM#0 z7@aGUu3G4IUuP@jA?g6uY0_=c8d@Y4lj&FIc@5>eI_|1&t6x_FGRvN{2tm15Z-n&h zn5OT*mb{wfsin?e+5LN)J}7>U%Ke=p~?&-`KKBA`j@U%KGnK>$HaI zZq0trV|hGQ9G5xIYi^VrDxBWB-MyDI*!wtC2(>)Ix<=?;m`GO%9Xlew4*La2oP96# z-@;3)UyAu<*)CKzt0FNms(^q`9cY+T{FdT;^(KbNZ?NlWYrVzUDS!r*d2*5b9+O)Q z#BZ7UX`V}Id9J|*3L#ri+1R0W#*zAFdP&%|ic`qfvq}mkR4$!H1;_VT$?k70&Mape zzrI(gvYuNekmBQgV*P=&fe=~|{a62Y z@z1Runk~x7((?1i1W5+Xcgdel=(}t!AJtBDQ;|+efUkZzHwuyD&3C*>VJE|c+zv#F zoG7Kd2Tg(tA3_O9-u>M!%eO*=P@>dnh*{6{geLE3d)D&#ysiI@BUqq3LY`+ZZi9k% za!5w`YivR_4Yu5Y=+!L3MOTJKgGW{y5gwdg=o7ow>nH|J@`sXK`zH-O*UrI4C#jsm z#$$9@%*lP-X?Z3Q1v{Nf%{+b>)j#o*f12+Bhko4U#^mP{Aphih!+`sTYLfzMC0HTWtDWR;N~yxE&Zx{K}*DMS>^((VfUr|&nfhpgd}0U5uMfV)%y1e z-zy$+c4I0_E%L}!6xM`!c3UWZT5A36#zR7^dXg&CWkiY67tzS3>Lg1DolV#)@4%7o z;=J|80o+pPR-603cFNM+)Cec{`2n`bN_0!F>H3pu!N@>z)6#G6^|zDAXqV~^%h_pc zKJ5278AO!OHlgLm0_x4F`V!fxb5=4WhAOb2QhK!J8kuW|l0i&RZA%2cl$zABW^wv1%Al?@l#gArMuXyAVC{);LJ@VU zV^5);z&@*vk_yCAujBo_(2lIY48lX~8q?g*_mb>)r>dLZ_z4Cs8UP0dEEXrlW4R|O$c=6X*81GSH%t?e|z-OwpanmQzWeqtV`0=2+ie52hOUJ$oc9?k8X8!l40_=SIIh`AFYvn8?GHEoX+|;UxJo|r#e1d z@Zg~80E?W6Omm*KAQsLgjEJbaoX&GX$|>@pDyeIZf}4j+*;`d)Xj%8a2Nm*64HFc1 zDkf&O*=j{wVu@TU56g&U-@{YKiJ7tW87Qyc%Z)bV#hCZ6Z7^h+*XfF@{4~oK&9sQL z=+ri>zQa+$6peQtuu=oDLLr^ObuEa$u}MYH*L3sOSop8qyw&#ZU;3`OZ4k2m3LFW* z)l=`J|4ou9#Lx>H6IK8DU9=!&hAh^`e~XJ7?5fl2XW@(Dc;rt@h zJs&r4SZ6hLc@1dSo()}7^*R0{r5JI?`1rc~FBPACbMRwId+`E3MryBsizoDs;Q~%D zyxfl*~^&F-v^b%7okF1-2jyheL&$}t`*DV zm)qhKPL_9x!Df4N_R4V7r=n$5(9-jDW@d~cC|RSC{X()qfraD}4^KZyHOTf8YmxB%Sv{iD6>}U4gUaHGleje2for`CPe7 z@!az;FbQJFUxV~AVFo!8=h&sRb&Sz-;ZBW1V1Tr(GGEmvoVUze)s1U>5APo0HAcz@ zTa16W8h{U5K4rS^Y2UcPu~=xqX*_a18HvvCGa+cd zKL?G2iQX%#QIebB|H3k2u!1A2T74tu8$97fV199YBG%Eq$}z_!{K#W9{8+MK7ky)X zE_i!i%T7Yveg4mRt-=@zcQH^@KUFCOHKpBn~VrI5bS{`Jmh z7=&_Ooa3neo*0zo{q~lV@Gb+Qkjje#Np2UUlllut|M}2+q)+fcI96Fc{m%is^ZtCx zqKotQG|T%{z5KA2e|g9Mf8`x`3kT^tjVpTz)+{o6Qy*%TP__Fj8_^DHTf-#y%3(s2 ziPXkqmWnt_&&AEvW@7#;1j&>ar&!mB|2=6zME=0VB751+Wo7I2-U*!Dcf2F?i?bXF z!3d@KUcXA}KG^GfQRk{uTBF%WEYZ?xa5A{czvc7yU!@Sbb(G!^y?3`+>0acitR8pc z|9M!tA&CluIz5ITQ_1k9d&^pl*Y?#yrU8+-Rs(#T8dV=IiS~pOK11ebz~_GO`Mc165yPja{|zR7jQkJP|3Hp| zj?WYlnK)2OGA+p?zECw>_C?zaC7R)fRMaU#iHLeULB@N^G zBwj7)*Zd=cpJucKbBIdbz6YbG2XzsHUab`LbN?len2-@ny`|))EICU}PIfN7@8@;5 zlX|PyQ+khvd9qc%b_W}I$K5hTsxAg;_0%ev(>W`48K^uIkDX1{4H35A*VYVZekLX+ zc)e2?6b{Q{4@&OOxJrp|+Q&|NcaS||b_;(V{eJ!s~CYSM3A6UyZ2}A9r(|bg}p8Un}v0B%=rD*11aQI{2|5c?XiJ@Pj<#y+xy47MZUx8+xJ=9U;XPZ z@@q_I7{FPO?AEgXXrPz#=gdkKzCH;>eZ{g2h^9^Z{TJ*>WJY>Sj_djPbv8aRJpx4~ zRG-Fu-206Cx3xsaEpkL`mW+yGL_6hvUNAJ9*OTL~0al%MH-y>E-$G$HQN9eOs%PJS zjMP28y9mSNczJVI6-jAxKzbDn?;w3uKG6={=>@4e82t%TDSosYd2n+@KM=2l<}%LEUG&G5?rhYy|!U`%1PjVW%n$9!f{1$2Ito%A)Asrcpw7wNW@X;hcsIq3wbK{zE?tj z12nc7kmxLxu8g6b6kp744u~2D82c_~APkHy9yHpsw~pWh7)*1Dot?bfo5Nbg(#clj zzslw!SP@S8)_youpTGI_-Iq&E3f&Jcn{>||sn>$8a(z96%592CvXUAYEjJ!`%3IN0 z4`>X0__6d!X?@$U=W4TmdUSI!*E{&R5CJmN<`p>l(0LE?Te>_MAx?jOQ04xLM)dJH zwF=;}-w?p6PX9|^0{vCxRVcf26V@^}_l05pGwOQ<`~bAr@b!6%n&MJ(5o17#+bU@V z8RPs=>f- z=4t+E3)@KFx*cbF*Jo7$$OzzsRNiy`;a1mztjG(|T$O?pZ=#3hLu9%I=f`% zmMya0HTm%ijS(w;Y%y24bbAx<$C#D=pkkPOUr-M2pOG>ZkVJi|M^>rTPP#5)8 zfc^soW(8Z3B!p(*Vk(W)eM!@X!T#NzBinpLnWJC(Q1`nPv$sw3#NXL%mS_j4TnKZ5 z=+|HP-1EoQqT+s>O)od*pt;+Ny);?ml)cg%omxU$=X&U;-@;h0pS`%rTPHP3@G1`k z5?hblcclEd#PLDakzEv_H|=b7`{>S5@Iq|Y834^@_gU0nTy~8xXs_8*2z?#=_BEBo zYULj?EeE_Nn)K{sX{%vhRvSl=;Ys9+IDqsEU0nqh)L9{A0@DENI_cRUi{GWd^@o(h zzAZ){o%kZ`9|_X5&dj)L+4COSF{4G0<;q39FjdoS@w+d&(O<4n2DaI|Kd6`q-)&j= z@F0kMNUv)f7ERWYi=v9XH7sx0&}qfzoT;J>WJ!m|P~Z7{MEw=hm>bOV5O={vRUN%$h@;m8v7Vup6cs`1rzRE^<8%#OxF~1Yebp+M3Un`=tK-8o;BZFCv`+$mjR%;UrwPxiP7jb zYe})o!~j0&>!V$tQ>zD~M=_Y+r7j7$Kcu~dV*G1INbaac(sKQn-?zNOCE*-N}3 ze%G|NkFRb%HuEMNpqkb*;ozIn#F{hYpSDKN0r<|Bg*omV!HYj9kXj*McatPKqtZG9 z`V~AjoN-R~=Kvj&>lEv=nVvw3k34h8=F;ai`Fb>M^rng=)Ef$mqMb=VL8q;|S+vw2 zVyxO}4h#FcMxmwA=EE6+^RkPs;;v1?I!$)0Z4bli3nuV-Fw!UdHWGSbbkzIAKC1=H zWr~LNZ=uUQk^$`pN|Szpvy!3i@Cc?rq`*jfyPZ;V9-Tvnxka-|0QUtZobq1c%5K~J zcKQdnPb!t$321d3c%WO@4n^PdAp+}RqrEp~G@7M6v&K+qEg?lHC)@UV6|U zek;aW!M*A*eiV4GyV*&w(kK!;iBQWDEF8#1f*B36FKdT2UH{DZULhT0_$pE4ni$&> z8R%_#!diQK_GX-_L{<>}kO^(2zGk*Vcs6EBcV~?jx^$bfa8b!rjpSwg~ zR^aC)0pb-C{nw(+QDe~!K!|(a5@}9qN6*cr7BdbMhZUW$eT&CA7ewOYG6CW+$Y`3p^ z6bfI6`IB8f=5_s+@FuahVV;l{CZ(5Yh93i;e_0TVN#Ct>c?e8`Gjd-?IU`Z$cQA%r zxKQuEFz{t9YP=T~yw zK)o>w3eINvc_kSTz;6hv+8?y}_~%Ve)cySm12ulsPRq|aSWj!~f>rcit~rh*(Tl(l z#xIyHl%HNS4#*%|ci^^H$kza-OZ-qi*I~Y>&^1LZ4&bfVy=nCSHG(WJu^MsJ6-MM5 z(e<#vae_kXm_~3EcB$7W%<(y$yH?42L-{5m6xiWB7+qb}RfPOG>H}wz|B*4oCivd^ z*5kIfk=D~J&}b|+;L|GNO*p#=cGl&XC9s3KSmDl85#*Q|`MiJ3+X@v^xYOH=wXp1k zxY{$wRAdJNc{X>!uXg5)0}hBwZe{hC2ZW$7x^%jPc~oZLC2(t0 zf(6kx$`iDBuqz5uroZRq&dzxyO15{H%q?{nQvMUjKra$EkKN6MFUITj3hK9)Y0(_X z9iNf-H4SNm&xS@Z{WCcQ<>DU_^(Bu%mnktMH5i}t3uJgt1x@-J>Vf^0JJ(Y0u7Pof zy-qgMBxV3e&Fa8W!FO0V%zOx?{;14$c5~dIjegCF5zK#=kqJEw^s7-M2|-fXi+FMV zCQu>&i>q`^M4wRWEe%G$_tB;OiKp=hbx(d|o8p%|0NnyK*Sov1u)hjt6I1KE`9%j+ zhp%yCL^WbXcqcyt=%b(U_cpqW&Zk?NG&Enjd`494lVPFO(5yE;A=}KZrKe{W_!0pI5{{ z{|U4hN9`8#mlE%=sX2(l4a~p9D(^#M->rA3;o}I*wb~%2{qA?sZA_|I*Xb<>%1^?o6!`An%J|HGp|H`zCbQh|shm#0tNZy6iv$d!aaWdM_;wLt9*>6Um$Vcxnz?7wpex9ic;Zto=0me*=g!b-FM6xMW9r!tp4W1 z%pcNo=B)T4@oxhz-mP)`Ct$p&$k;VJKfl&vB)Ec`;sj-o_o_w)s$syx%(&EdHyW>+ zf326&eHigaS!`LT-IT)2fVY7zYhn2g{x=h&v}kt&{OQljK7VUj z{KjE^<*hyBr=3kh^~qxdtXFL{89KGQf%ad!TkR4r331gbB@!1Ql-Wd0AIG|t*Q zJb*OEgfs3|HoQZ(l(Rygpw-C)kv@iKk$1Y*Q7s30>lh)dGbUam`ecVT{}y|3GA!r0 zc(!}57iaUI0Qc?`-XEpEUFS@fSM#!Ibq*10Z1#LJG2cqx&-UXm;)?KYw8raRyc8{H9O8f#RQ%K?|7 zYj>O75j2%HYG+dg-aio8vcHBJ$-)XRESt`UHWD_E^CG@*wxc@UX>pDIZ^V6fT7nB1 z`|K(5uII`ehW0~%xzLlTwLwU1aVF)ebxxg}eEEpSvCmvOWl!I|k|^8VM&FqID})}$ zEv355LY6hu8zobgoVDv*^R1$RX^LzT^Q|X0L&2ZuwXMqT^Yf{LHI)5vqOj>a9B|iu zRtt(JW$)RBcT3mmP)B3Q;H~c+9B}9S@dX0z4}=om&&-J{H~47nenBJ%)X(V8|Ev2T z^?bkWuj@_bt8dR~(3bjG}f{ftz?+)Dm(fzxW_YcMTzq_R;mI$ZMP}F}q_)ODj z9$y(P3}AZbX`1tZ;JDkKfb2U&N4^Om#RgFKv1iaoQd`jay9E8v5c6Y0-@_c|^30r? z9KyCtHbRN`n`vtyK8YE@GDsx^qps7x-z6;EdaHL>J7+ivARW=uyWlw6xZ!{mt0@X{ z*J6#_o2|_m$2XFv>~!8aZU}ka2w(8*=L_P{;9%5MXJ-!i{Uo$HFAU5Q@=w!#A z$c9wf#K;cmY>mwL;1HG^v3QMn_32oeKXiEjJxC33Aj|`{{k}NfntsX2=e5hUK`hJc zkn*TGH$GDAJ$xHvc6LT=zNWf0Z=qU}yp+VK(tTo=uNuU?VkL7H5q=x6*%-B-nI~=~ zWf#+`g5sK_wYG;F8f@#t`)fu= zr9lXw&Wy6f>1K)|p_1Wi3MX--pd(TCm-mt>MV8-Sg~jRN1_NW{5>CzNA(whZE{8`cT2|6o^5&Gy#y#}H(_5RjK4O)C zR63oL^RiV7?!`(Zw<`lz#=|gJ^h2UIK=iPt12Q8LMR^HAN9MnC5X~VsaNWE)>eVN% z7v8%KKbQv#R>Xqsq>l5~xuV(J9qt$|7H{L{9|L>^AIxV?a(B+OiJ5KJWFOgAPaSm@ zrTba6xwdcXAb-&~DVVXA2VjErU2O?ZpN+5Ax$#{wHM+KM9xPay3CZq+DU~=XF9;if zsyVta&DwHrri~XqoRUJp`V~j)2J?nZJdI$?3}G65kWYYpsJys5Xt88g_8#fpDZ>Xz z`088?A(y1fDn#{Bq=v=*wTO;B|m#5$+> zCTXQgr7sB73W3W<4dqL+F7sv*w_ovKO|*YaN(+?Y>8^O!VLIsZ0;LoH4nNr%TgaVW zJQB2J_4;~e8lX*bebZ3;6sL4~&=^kfeQCZR;U2g@Z1bo$_3wgD|9cy zA@}XFvFgxj+#+ojTg7deaR|4blDs{QN3tbn#Jr^EeWOTam$N7&J~3Zo?DRWHxab6= zrS2Hjy_KM0Q#rd=hVViFma=KXSda&1&~m9*ircJ zBPF(N4_ZN;bLiE)hfIZ~`{AnnZ_l{cGJl_?DI^4d#`QRd+$#{C@PZ@Bl|aQF31(({ zaZ_0ms|jXZkjx3y)%4g#UsfN|g6d<8-~+Qhx#HRl?M4hS+>;zC|07dxIbS~MjOAKi zbV#{hJ2#G}^HT4j*2Y=NO|Z2$yW%W$uh_+Yar`<98v3dZV`X!$e+*CaE8^WPL+=z9 zmJI)2JQ!e8UE{srp&H3t9^cRQ6kPd>$+>P3LMXO`!|mnHCc zGwI~vWZT6r==SZ#FYF`4+1{b@5gU!#@sp~_etuu*7M+4iJ zXEj*Bc~~X+T2{cxCnRWMp!q@%sV@QHT#U+Rs%*WG59OAg9TCB{yGIt2UL8}({k;Ym zED3>>_xI(0tG)VWY^nFQ2W&SskkuV;zIwp)AcQ=98-2nx+5JAD;{1)+R5m&*i-M01 z;g()-SjN7w{=A!QlXsI&?HTQNyl=QR+#wsDHPf*@2ReHc4@8U`gQLGj(Y~HiXqR&< z?(&q4%-qXH$YjtK4f#FHkJKUFXgiBL|SZs;uh*z59!u zHr=wP2#+Q5qE&>jMhFP%9xO&522Out=$N-h#UUiUS7;4~eGqv!P-9J82KG^$H%fSD z$EuaEeE+@m7HxP0L}a}dyDDfFt8clJ>*`77OsMx$uzetCxo+KUs8tpXe3&Clx3_@m zAfoy8)cO@AmWo4&4FTJ=Q*-ZjlwpDX{X@7PkqzA*c>$gS$&&C!jqNw8+g7b9URBm3 zP<|S>RPABI$tt+9S{RhnifReWT~+FX{PjsCbugYylu3SsyPaAu=Fwc}#6d!1wk{Ay z{f&ZTA&yx3nowbqsPmo@CQ4V#Yl;oWmx^y9V$4YJs>5IVPmxNE>e3+76$ySkqIEp% zC!-kPPEKwRZ-Iob2&a{>2YRY4Zt=~|dVx41I>IvvCFtNE$ebA%(^9h5cMR6%hET3r zmuxPSnCK0^BPGd4ny*ofc7N>ya{i9Bkmq1Q_U%>} zj5V0h*`U$wR^A9+!IFUv226h*OFa=)-Ri>J*s6{&fnkQU=!(sg#HtIi37t0o$nR@B z5XcU`a;iWDP6D@od>4PUDLOuG@4aFVTqj~y9-i=Kn5<=yqHKNrZ5J$qTQOHM57dD@ z(%RyeZye(DY5EqU?FR<(#*}$2WexsHSDBY*i*mh&B-L7CP47;zc&EE!LCmVIS?Ypj z$N1ha=I!FLM9Ffl72OZ{yON%(zSYBA6z#Cra2$)4B$OUH3$^JegYRYBxa}fhaogJ8 z_!{i=MUBPQ19TDc@qF1a{qIv3e0CX-6Q}oLM+nruGrjRmuh__BM#;s2jaBvC|0u}T zZG}naGR{u#iUjU?8$0yB98ABuejzOF6S}4jDq~Y-ec3cO;TU%szj5+GA)oTjn(eDM zIn>5=OX>Gm-z!Uf-1jnE=-|1Mg=-T*U`;#=VVGEg+w(5VR6YJRy-=yzaWDtzJ@-3G z#yJGZ3;E`G5!nG8%UgsZkKV-o&5t_vl6gelIGd~MwphSFxZD-aMdiZTe*jGpMt85y z0M5lC709@41LS&7eI^1=awfc- zzriQnjJ-lmaLrSxWSANVRwG6n-rTbA>wA7;C{BGeXa&d6@|^H&ImDPRl*fqAgY_yX zL{5JfCrq!e4_~R5kJXF!?3dOtMjX6;!&DgzG2lUfh14mA1|M$VQ(>9!48vmz?BK$s z*#%!k+BFb5zqR__3^n1HKDO`o$R4!(=_OP`IeIkglC(jDX0N*oef$Hg&UqE=ude5o zf?g!~og>e%<2unll}Ahvt&c~fL|%13u2R2YudyxV7wRG^_;QF& zw^)YR=p6dE(L!HD(i68st6d)6GX}7C1ErsWM2{9BZt-}&6d)=MI#z&vY?I>fi-(dV zv5L$=zkQ&rY;f1m=NDak+0yYxs^Xz##tv~?tC)4nsx;XMm8lm{Yi3!rzluUs+avWW z{P^X81hO>tl*K*Q9t!HlBe3aR)Hm+TI6fZ!Gn{NV0t&wUSbqs|bW-`p`?3^rF6^R# z*%y@ujbN#jOg{Ht*mZ!svNb(nio+SUC$J=(`!gu5rBMf4-p$62yyCN=4p)k(;d&7n}KIC@5CQk}Ek8`_*@#{C(YX(fuw`WL6> zy}sK#g0!Z$4Z2s>T2j%5J1(k()Z(od+}kbEf%|oQ`Wt(V;095f`LK{%*YI5`A~j|p zF)bM~tmlNcXY;J<1igH^06RQFS1N80yvU>iL>A)NOgy0sE%uils{$Vp3_d_a-Jv2q z8RqY?|MGD3*`i&)Ry&4cH~CIBo)&UV83EV$tK`s6nFbSnaZbyREa}yS-~$w-IauaV zSc`R~T8`$WG(r5la9JS(l_wvcX_m3?*_Uz^8wlF3%W*6H@d6hfO-d7&4(tg)3>9{8 za2+b9j)YRXsDN2hh@l8#4i?r)gK5{O0G%HFm4nzBFv~7^Q%Dan)2KI~-tARQ?pxu= zFX@{Gn73S%>fB%4%E)O4eily;HlW~r>Z|sOdZCe8&)$G6ZbWZs6l+cemzC^O(r}TX zy&H;%*EjoeQB;NafnHw;AK^lPakHC5vNLBT`~76w2jnqUlyEoHB8E-Ntet(;5_Rnp zpR2;0*|};5#Y2-F&KIiDPuL-xOFPVPP$6pt zHj}ufAM?sc75FkHQxJUy%;MIbiXFGv4d#xuP`Ww~90ou0V+23JU&npb@6B&(My{FM zh!!)D2*HEGkl2swwJZ!!FDk85uc#$TYi^w8(;L{rjNH(L-~zk;M`{~-=>J#8na4x* zwtt+YdCFc%$(pn<*@`TKND-p!gE5xu#=e`ej3imIZ<$eKDO<#hZA{3LC1f28ifm(O zETfp=H~Bul-|P4M@%(enALm@xeV=pRug^KJ*L8i~r3%#x;9i8RUtDA89`V$sO6laO z{mhNQjCk|B$Pkn0{Sc5jyO%I{lYLGO8vR*oj;rc5X*7Hk8Ql3`VPM*nRYxNV3NnevVHP4wf~x?U`uOvYS` zr(xw1%iCE6nI=7ZxAn)AO9r)9JKS{eNczNwKlJ@nT7;Trt`sSfbr#wHo>&4X<5wc0?$p2X zqXaqniN=#-XSKM+2WlQ`2ONj-PcL7{aF$v&+U!&Bvh1|b>k-p^nZO^#Ty`uN!2Pgj z@Z8!p`E-j7Hi|9Ptc~MY6hOjtFIV0#_P()_==obAw(stsF1pov#TcNKgpn-#CP8-k z6*OScGi7A{z($I?UTr+BcIjh!fTX}`Wbt+WRk+aCCB_b{|7xEAv=UBYl++}6`@}8} zd;{r~WROe^$`yP45(E7lc-2RTSJuy5ERB&x*Le)viHXifC4raH9dt6aHr8uVMzKeY66`0|Ue-vk$5le(b?n3zMa9vJI_G7r4f@nO_aeBjLve^h0gq^$90 zue;wI+NoQg`Kbhp>048GR0e|F@;jQGgT?jDk&aFM`O>5p`eG!VWnZ7W8X8Futq=~x zpo8wpmG%oui2}vj+x6FmTWfp1d`w)u6>;Uq6bQYOjr=#TvyZ)L#FOsOc z#gO*L*~<*q?vx6pT|r>bR=qj;Ts^9tp>J!llYr3EN(Rsmh4;OEANdzJ{R9tti$X@i zMC#J6-ww%i;rkOe{(WR05Y;a}>CY-uap$XQ?tl+Ya~XavnDMjum@)#en8PAC8v9Mq z?$VEDd|moFoTcLECS5lpOhMWg2jwJQDq56GBJhQtA?`t)A7N~gjiQUr{qnuy;`NszPNg%$ zf@aknVWK?NLeI%>RSbVGSjITpttEHnY-szXJtG^$T*AAg!3a-Q$uVCF+*JUp)!Gy_ zwyzliE0?7R!%5NXy?SVd-1%nD@54cT_Bv&u_y2mR^e8J9O4}ZLo zO}ctakD-0=-tmCrbAxBb>H?I^+0#5OJB{j4m|Jg-^sV!L?2qYJZJz|Nq>VBbDo8>uIF@h*4${KTG` zlZvtz_q*6CRr7I)_4iG4H>7(ZOy&VQS%jt`D_3229Z1P`-!atA!erYPw`2&YH_z+# zY#r>Zi1!D}O90w7_@=da+f>Qig3_~w)7!97WTX(_pv}dRj~+ilI38Ye&p==`s6hRU zcn*oVU?Jz?ty=WR1(@QDkY3<>;klwQr*QS4{`MvJEJupOeNPUJ#> zD`!*)@|PbesJK?=&SF_hj{Cy(r~Aw-=Kg>RH^f`I(xYdLmob$<88u&)s6hT1Cu+C) zdA;@%;XPMB)oas$LsDCQvZVY;H}vQ1l_*(O6XS6TaZiRjMf>~Gh5KjrZGL+Nm_9<2 zepINzz4E->!twjTS-n?@%4Mlah>G{&Ufm%l4b#E_?gCY)xmkBWhj)t|dWN&~eIc&S zXi(sq^J@)p_q8YE>ti?eWaMWbbb*^{yGf>otOz*!<>tM}^JnJHMqAO`h={gaPJ||K zj-$IYO1O#hPk2q0xc$5xR4hzbjivSq0Oiq$!>m$*p6&s*yRTxGPL%PKQx26p=iC{B z*PZ#QK9}4Y+!-^}@cN12x5qv%?z)Xnt&a6fX$!q)3I^1C}FfjmsE}FVz7qUQ|$5O7zYkTQR{Tq95X3EC;U48 znd+0^*<&K3l$*0l_Oi_J zoMz__?Yl1pw@S`ts{`e#a)Ro#8Q<5R(HR3}2)@>FV7y0Df?JZ~_ZdSrINyyLp<`-3 z{TOrM2=In!HKPI4Tk?&;fC6V0j{y~OBE1zb=p55wd?F_>Cx0)jm$M~y3o<0JrIYK- z?3Dl=v)*#2h0s*n1h`&p>7e-@1a>SC^h*^DxBh^@X4ijBE{SqsqVP9J$Uf4k=o`P7 zwknoRgvtiSjTwhB5^o8@l)9$ zj~2H^j3}d-@e{gmi)@1PIb&(a35ic_d#)|2L8j0-$fYU;yD8egM($pYDEhchyY)@u^nD10 zc0dn1{N_gYDLk~;!5L3ED9<^D==?3iFfpx)poM!JcRl^RvQ#Ei1t8X{=vfBP&1#>` z2;`2}04$FL#&QOm>}M@#RCN9AL}rR)u$p=pCatF1dsxwqkNXoS5D=ZO9-*e%v6Uqa z&5WS$1&l5Y-2oPbmmKDWh_^9_Dd|P6^A&$UI8>J1o=l;1)82$J7``#1FMf5^t zOYRG$19a5T#4%BHD%9{&9o-J=Q5RxNQ|G=G3OJqESHs)n?#c zaAp{R$e6l%I871SJEB(yO%2$a@BdatSM}Ab90>*8JTlV#jsE;`UqLzOWs|u=Q*_aS zRG_f==Z`J2xZ%{tUoy|>pK={|m;kPM7ATs2tm^Ub5y^rPsWE!H5<(1)hmUf>r) z9a{xyC8nRZV!4DD-6B%XURL#KQms5xn-eEnzH~lvY#dpTj$l~Crf=&9iJVg1ml(bA zAobv1w(nbHw=0*n2W1E%HyRh445uLBPlNvdXm>%v0ZaEcFx}6#KYZ9ua?bf~Bb4Bb zko^LE8>G5l>;j#wV4(@=jXeyX&G6Vs90}ka_`gSFr!=dZp;U-CqrjteSrHtlo&dSZ zpdEGB-`K^QPT~Lj9CY0Qhx!kq{v&P|wBf&0Z0fvQ#n?Z22#f5n5DSp=M%Y*DMo4On z=WEXqOn)z7FIoMk^wBc9jpX|@1X^u-f^}C?$!qklcPZsL*+Tr8QbdEY0iVKcUGUY1 zK4${**;Hrfa1(FFfp532*Z7@g_M?XQ0h@0?}#3j-O{EJ1V1XYmB>$TR5#1p zFYtO*5M-_^TA^H`hZ$~fo9@3$StHfsE~7$LsmS0ZzoFjo_mmx0x0(00OmoO%56_`sr!dgI%Qwi z9fCF)o_U+b8+XeFD3k9UjYd+b5_};*SFBEK%aY|R|Id~#-l}}zZ&Ytk!&)|`3(+R_ zx2DMyx%}0kx)H9}=#N(!#YtEZtJW=C<0>J1D652ZNV*w{*wLVe;T_t( zHzenUmJ_Q_5l`z8A(cTZFSBQ)ROTIrkKRMVwO!|@o7ClR2NsU&FFau>#mj`6^1j%Q zDvJ13f%yLD@7C3OYwk^3%z}Cotk*kg0>KJ8cc-~&amL*V*IVY;cOIE zcj5LNHm7dq1CJ7ki4LPV)*lDGD-SAhLWVf{duU|do0Uoq8EqpV^5T~cIbEPzjZi9J4%sII`aD617gY0JH00<`=f%d zUON31I!DDQR48PNeJSa`& z4u7@M8!_@nQ*jWjb5%<>2A0?!B)J^4Bpb-0xK`o+9&GIWEz(;!F!nGH&-_!ZjgMzh RQ2lSzgL?*Am72E5{{ar`iKGAk From b9cd9ea58a299bd08dfc0dd5d614266c3c3f1fc3 Mon Sep 17 00:00:00 2001 From: Lorenz Vanthillo Date: Tue, 5 Jun 2018 19:34:37 +0200 Subject: [PATCH 007/361] Update device-mapper-driver.md --- storage/storagedriver/device-mapper-driver.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/storagedriver/device-mapper-driver.md b/storage/storagedriver/device-mapper-driver.md index bd7e47385f..71c534c5e8 100644 --- a/storage/storagedriver/device-mapper-driver.md +++ b/storage/storagedriver/device-mapper-driver.md @@ -154,7 +154,7 @@ configuration options have been added: |:--------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------|:--------|:-----------------------------------| | `dm.directlvm_device` | The path to the block device to configure for `direct-lvm`. | Yes | | `dm.directlvm_device="/dev/xvdf"` | | `dm.thinp_percent` | The percentage of space to use for storage from the passed in block device. | No | 95 | `dm.thinp_percent=95` | -| `dm.thinp_metapercent` | The percentage of space to for metadata storage from the passed-in block device. | No | 1 | `dm.thinp_metapercent=1` | +| `dm.thinp_metapercent` | The percentage of space to use for metadata storage from the passed-in block device. | No | 1 | `dm.thinp_metapercent=1` | | `dm.thinp_autoextend_threshold` | The threshold for when lvm should automatically extend the thin pool as a percentage of the total storage space. | No | 80 | `dm.thinp_autoextend_threshold=80` | | `dm.thinp_autoextend_percent` | The percentage to increase the thin pool by when an autoextend is triggered. | No | 20 | `dm.thinp_autoextend_percent=20` | | `dm.directlvm_device_force` | Whether to format the block device even if a filesystem already exists on it. If set to `false` and a filesystem is present, an error is logged and the filesystem is left intact. | No | false | `dm.directlvm_device_force=true` | From acc395fca6aff474117b3e4242141131d5dc6113 Mon Sep 17 00:00:00 2001 From: Per Lundberg Date: Wed, 20 Jun 2018 16:28:10 +0300 Subject: [PATCH 008/361] nginx.md: Add note about potential security isues I thought about this while setting this up, and then found this guide (I was setting it up without the guide first.) The potential security implications are important, so I think we should mention them here on this web page. (We could even go further by outright _warning_ people about this, but perhaps letting people know about it so they can make an informed decision is a better way to go. This can be perfectly fine for certain intranet scenarios.) --- registry/recipes/nginx.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/registry/recipes/nginx.md b/registry/recipes/nginx.md index 73370f7e0f..81c448467b 100644 --- a/registry/recipes/nginx.md +++ b/registry/recipes/nginx.md @@ -38,6 +38,12 @@ you want through the secondary authentication mechanism implemented inside your proxy, it also requires that you move TLS termination from the Registry to the proxy itself. +> Another important thing to note is that by binding your registry to +> `localhost:5000` without authentication, you open up a potential loophole in +> your Docker Registry security - anyone who can log on to the server where your +> Docker Registry is running can push images to your registry, without +> authentication. This could have potentially devastating effects. + Furthermore, introducing an extra http layer in your communication pipeline makes it more complex to deploy, maintain, and debug. Make sure the extra complexity is required. From 62f90368dfda0c273f98ca245abd37dd1275ba68 Mon Sep 17 00:00:00 2001 From: Hannah Agee Date: Wed, 20 Jun 2018 12:04:08 -0400 Subject: [PATCH 009/361] Update centos.md --- install/linux/docker-ee/centos.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/linux/docker-ee/centos.md b/install/linux/docker-ee/centos.md index 2005be2b50..ec0b766b62 100644 --- a/install/linux/docker-ee/centos.md +++ b/install/linux/docker-ee/centos.md @@ -29,7 +29,7 @@ This section lists what you need to consider before installing Docker EE. Items ### Architectures and storage drivers -Docker EE supports {{ linux-dist-long }} 64-bit, versions 7.1 and higher (7.1, 7.2, 7.3, 7.4), running on `x86_64`. +Docker EE supports {{ linux-dist-long }} 64-bit, latest version, running on `x86_64`. On {{ linux-dist-long }}, Docker EE supports storage drivers, `overlay2` and `devicemapper`. In Docker EE 17.06.2-ee-5 and higher, `overlay2` is the recommended storage driver. The following limitations apply: From bb41fdbecec2da1142bc73008634fb1e7461e3ef Mon Sep 17 00:00:00 2001 From: David Scott Date: Tue, 26 Jun 2018 15:42:05 +0100 Subject: [PATCH 010/361] Docker for Mac: add page on disk space The disk space usage of Docker on Mac has been difficult to manage and has confused lots of people, see https://github.com/docker/for-mac/issues/371 This patch adds a top-level section to the Docker for Mac docs alongside networking which explains - where the space has gone - how to reclaim some of it In future I'd like to add more about why some systems use `Docker.raw` and some `Docker.qcow2` but we're in a transitional state at the moment. It'll be simpler to explain after the next stable version has been released. Signed-off-by: David Scott --- docker-for-mac/images/settings-disk.png | Bin 0 -> 49336 bytes docker-for-mac/space.md | 88 ++++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 docker-for-mac/images/settings-disk.png create mode 100644 docker-for-mac/space.md diff --git a/docker-for-mac/images/settings-disk.png b/docker-for-mac/images/settings-disk.png new file mode 100644 index 0000000000000000000000000000000000000000..e025b16e15e38961c422dfe062b9d55079712b50 GIT binary patch literal 49336 zcmZU41yp9et|;z<+u(e-yE}ZiySux)yTjlN?l8E!+u$(B;O_2jkN=$e?m6qdz1Ci9 z?>1@DHciqrjZ}~m{|1Kx2Lb}}O;Q4=1Oftj|Me=uKz)_i4zV78{rFglh$u*kh!80_ z*_&C~n1X;%CKwwSP)pKMju;vm7>rEPP{BF5D@8=aC>it&^iK8;5Dgj(5#^-o=xkvl zZw&;X`E(5T!W1x^22DuazIo1-H2HjBve*1{QX}JTy$=L+m$GtX1_vjB{*j%fl$8Z< zatN}_JqjsGCis9rq}|e41Tx4EY7&hOiVtJ530gNte1=5ihMGP(2&RUHx`$vQ4YCX- ziQEhok&S4m9k4X|J(5bW8G3|10=G9{Za}netygI=A)rGNs*S6dkw-9pC@BLA2f+y% zd7ROMv6YdMF`WgQQG@x2nKQLWEja+4`w&Y7)3n4qnUWJsgk80dOQ0pMk+exdypM%J zQ(nApq<03S2oc>JxljN)P}UrsCmwlRf27yo*FClh1s#_Q*20}eR&D=Ac158CJFXV=l^XHRtC z1NiQlAR-8&`r zA(4lzjh!>M2Or>H5Zqti{}eL-i2eoQV$BE8kX0ZOv3D{hVxwoJX9V!W5fKsbI+>Vp zD*?s+2mR}h4`AWq;=s+o;O_2D@6JMR?_|!v#KpzMz{t$N%uM$MLFepg=VItVXXi}v z??(P_J3v!sV<$@o7fX9PqJP>oG_rSf;R68vA@sk`zxg!vu>21tJLmuD)>j7^{;6SL zqGx3I-?qO{dH*TpR(}i{ z0dElVhnP4!iYO5k%!r5*te}h)n}~=kNc0!cdvE|HSws-(>^d2vn4K~1Y22lM?(KOT zlX`8!2Dtm9-(!yV1=nR{%ck+w^)(X?0#pnh7wTjtM|ejE&&1?pJ_SA)H-rn!5%LUi zp2*gAh@h1fbx?3{o$IMu450vlSRu;bei$m56!zg%cC=QL6)_o^D85hG|BD8K(i$2X z%8f|C8==?bMKx&0?|HMwG?~FB;^V^`@$4G%;oz31NAq9AgaTSKIC;3ZzV~MpN+bZ5 znr(3rO67Cexj8v4p6?nELH`4L6(K}KO$|q<)fn)zq2ZQ9&9$rjKTHdT3!1^SwzpGD zc8K~7oe%%Ol~`>89~Oa5aNF*r9>_la-Wx0-W$%wef-?9}M zj5RY@W*2O?s(LOitkwEGagB|vODik=D=R8JgM&a*8Ur)4Fr%TUzCVAM^!JZ{y1?*G zAT#19BRjlN2BFOf3Sbl-%}?O3DKzVFajs_Ys>ckI(&Ep;HSQe+JIf2hIXvJ`dX(;M&+ypzwI(yS z!IgP#p&=K;PjIMY%R5%B4mD=t4?LJhR$^qpo@Sy)x5X{FbpDI{Kf*#l43oaEs=j-X z9VOD@;F4I0BTND4cAYfe+xf{cjs6tAGgFlnYE3R|uK4R1x@MmsHz7KFZ<0oF?H|6f z4=3Q!YFGq}_4tmFJ@ANrU}pzCl27+f3w&0_an13EG8kPgi0AG~*(5$yXyw_JZg>>` zDr+PNhdQm!cdj*89VFY6zVuzCg!0amjmz-Ra;olL-pL$wB_~ z+eOQTqL9oqrq?8nKgH5muC&j)Ac>r54Mk61~9lfYxtn7eSupGC>O4jp;y+ZIhP}eB;21^n0mK4qz8Wxj%3{HKcx#f zPi9zJ1}K4`NOafV|AAideXkVRatsQ{b{BQIX&NftqFkt4nt^~ACZ&StaeIR~Yq5>A zKb+{>W4bh4KuW4T-Ju&zDK3UAsKFo3d>0=$O)>Py@7~;n!0Dp!*3(lFHI{RN6 zg7{#cC@|OvYGpSvY;P~8OoMLam0Gq*c0^b-J6`As+Gd!Py8GWzmIdhU8on#->*g(BfHda>OftJ)hUf#V) zn%2Df$amgL(JV=7syV&ApVl~Sf-ca!961BQ%l!TlU%?0y$!Bw0&8yg1!#TrGVZh_L zN&<5n=>(2ehQH(?*xY!(84946Dujfmce}-QIm)KHn$A%(xW$FwC_Oki=zJj3@tfBx z4<8cnK5YyhxLRtzmr|&KmJ?HMdR*+}?etg`=O{osR8RIf&?rfQ+-S#-Y0p)`Og6Tu zNAkPyumKVK^}_-JNVfh_{~;Y7fEXwa1?K5=5(X8EOwC{Crp_Rw*^65y!a=MM8n7=f z<$^9eo*Le^H<^S+zk+H=>^)?AUR3X-4&_9?sD(BIkxwBiMlw+kH9=~xx6jmyFtGc_ zmaalNGi>cSX7NkvJ>zAjk1^h-g#(P2#`^HoP2`}KhsMceB3m6icuMFrz_mBsEEJp4 zW1Q#s5hpUUutVhae6ixPH-2|8%!g-tME&65NY8A2_Goi+xE6cg*mXFW-oT!9rZ#)$ zM7~gKce@ba8MzA+NJQT9X(6f~XOk@Agi39zcM`qmGw1Gt*&`{>5&{f;C#{`m@;4ix zqioq?v5y=PxGZyuLI2&$92gh~0}tOp_k9wrqz@@N849KB$?35 z&CqCcvT&qF)UOT0JO*CH?`SzRGSuM+s-vK->!ZeezGBWaHr#B#Iy90jyjt|<>tgiF zx3Bf{9i}MqU9ujz4Kt{hCHnUV3&;#^xyV*snBe=%eS&|{heoileb#?$sYfHRV3A)( z@nqpTLD$27Z0MH2w?N)+`yX>Ne{gF=1iysiU*`8qqaJ0wkj!g(sk;7;i|}P_?T}{@ zyzFNFkXq6560}{svb^kTR~VujiAvePe#n{5K!&(4e|+ ze(nz5q?>^7k6NO;2@sQP4UR80{g2-LVyKTOPrC;T!7qM(buWrgtVoWCf5O$fi2K>G z%qHWkhgR{LD3NR+>X%^MEF=FqQ=#ebl0|b`^=chOrl&UToTMZ)?8L>5 z4ZYCw;tk#!l_l5lQ}1Wb9P*LSbL0BP#))YfuN>ikfbE;_TQ!7+XKVzPsToArR?QY>Q92NqJCoK_OfBZ>F8-uun*iKpl7?QNpj zgJDkKl6XA9(D7WUaxjSBYXx2_A+R#J&=w@hGmfr@YXkDLX=A6T{H88^Ve$ z)DwlmW9TyuUY%iJss%kUDM@rCi71nsi(e@Zrq!^QF#Ow+V}C#|3>u)NfxSRZ)48!C zEsR2%Ps8}HI9z(XfvIj1`+)6{Q4Ex^^rqY8SZR3s@-qH(v4&<)c5qnZB_>}U;{5nH@?bKP26%XQ7(O$j;PY}^ zTBh64++KQ~^_%mJS1y}7v`V{Wr|mE&I8FTn`sh7~d$q-66t(l^q@p~VRL`PSTzGHd zCrisYz92x1OM4BN*w23p)KhYJlw}$^3_ZtKlCEetKue zjZZKs?vCxDi>}bZYr#@83`T?A0B`j+VM;F5)@zb_hfmK5Jnt#&9~p5i=Qc%?H~K)N zC4W$-^g^#=*2Z5yquTdP%&l1P`>?>C2r~c^$l%k>xCWg>+5CcTva|rzhSc2>Jozz0 z5??!fFs#pG7)LzN;Mm%0Pf{t~%NjXdeu;ztqIo z4=yZ z6(eVLb@fmm>xJ@Sw>}!J#vOIYQY zqGK0;HS4ok;)qK=_&)-60ovc}MP<}1xS&jNn+EEIRR6R(8qZf!LGqeVQ4=h=EFt*k zHVO*D)IC<2{E&4sFpF)RCr$r}Ymm$`r|2JymwI)}T;SP+&RU%gwJ0u)?O2iUvS5o` zE5!pBeRbNa@Ev~i=7^AM1;>D0ct)xKj|H*~k8#XL19Uv0Dq$^e+xGJCj>LW)oT-(W2QmGC%(la)>%tijy3Mr!%vk^OA51zMiNGAg6VipHeR zT_BSa)E_@yq-|KYw)T+dY^hNgIm(y6Tc=gCwb%c7KP^I1PPyF(-Wgu#Xr7`J=H4c( zXb+tf7`FX-+4H+$nqRw>um`Ca<Jyvek{u zyK!{q#0u3x&60MMHWrkGTdmhg?}_nXVDG@lwo=N~qP~Cr*FNuQH(sFD{ZbE|K@V@5 z_cq1~DfS5wpF3pJ{}Z1~Dp>(ImQ1C5b^V*Lg1s*Gk>$II9V1E(dEj|fjdBz+?J6=F z7Z1E+3YVf%z0!{fsEodGfs#=I&uGK98brAs$?3>#NSY|vfGJ!J> zGlfCqj568)O1*uNM$ATlbrn;sTLpQ9uA19WJ2+?`)Wot$AO=sY1!Y8+Xe?_oCa|Vd z91HBAnFG=u#QLCQJ7mTofdXU`nPdas0&3i}ALNp`zrGGM3^Y!HUXx_=8=Z?BpDgB` za;cor`-*Lpx!Io?1A9qfxmdo(s0eXF$Iyi9wKnH;&SU4h4;$igHk1(C zS_~Po=|16S31>&?QA#EA^YsS-+!H%l1eD$<@OHR56-NB@&Vpd5+f!Rp=Rmes^V# z{c^o%pY*sl!%0e$Ov93f&QBJsZ9tclbc=p125i(N&ANehHK`4KcEETBgCg}6@2t%k zigF7HKo1+N5ZP45m>(bd5@+3Ef9G4}*#~zjgLaUSXtd$QZ0r%Q8x|hlxxuamR2sd1 z<{x#157Bx&;{tj=|~<5Z~w%SGs_G_!ovxO&cy zTSF4Oq=$Y*;LO#JP4qVje+{p(kIPkd;{0)*^adNUjQb6c{F-N&Vk`H4h6;X^eipfi zq|Tuf_tl)Y?iQyOF27~txFv{R{@g+AYub;7m?x%|-GlZUW# z1{wM#_I1~m5iu-Vk0MapPv0ywS-#oxW`ap?pWWXb2?{E2>UJANPya6IU;G_FejjSq z#6cu{AbLVYQfbQJ9BnsySm4M^4(FI-_VbcU(;|x->wKC&GeQ-Y9nd5p>A`jhH(gh# zSS?1SgZ&5#KspQhBaE45@~haPJqT8XA&b)w9Rs%~N)4P}6u4Eo#BGkukIfAsq-bgJ za)3h`C6uRl6z~*LLFp9k-Hav1k<04|#ty(Q+i1kM$*xQ=N{sqdFu6>iDKSB3`{$qv z>Du;l>geT$rWVJb2b)m4S&A2d3jF%YSTvvnc$;VIHRGh&m3UQ%D8 zp(@0>MK=0(&8BZ`GE{Ew4+n5bOh6wCw&Cs$f_D7atUL#>T&aF$)sX^{e$z0pcr`M{ z(<0J2*cW)8E%8QMWO(o(!R9VBxw4Of;)wP~5{h)Z-<;~3taPk2*3c#ZjB-H&rR&um zx|p;O@}-%zie&}s?sni?;Pyax1zVWXwBseZ(E7nPAU}cIpU$|jOQI6Un8GMFcu}#J zlL_ibCEsU(yspfzoKJjD5{_upH>_*HY7KoRof6hY`5YMosZOLicrNx4(GDtN!x@vW z{sW++7sYzAS63ME?e6zzY)_%Yv6;ojrM1n|jVot+T1a+MaRDeG*uJ0n1HjAMb+cUA zKaPopPXb>Y@mnb|Awwox-D|l>a@JA3fHq8YJb7Rw7m0-TC`v{`D2_={7=)CFiT`iN z6@+35oV%%+VfC0XK_Pl-;)Hi9v#e-xhM2A|pgM~y^yj8uXcPtw^`4$b)o3^AH`t`S zyebfsmz5^#T7$mNnQm#0dH?e7HkB5A#Iw`s7B)}!<}&GwLde?^$#mL!>l93aMLGCs zQwVQRu;E!b6~Y9)gnxfNpzd{kX~&8PN-1g!yi!R(#0XVjezs7X)4s`etOED_tEz58 zk;&Pm075LsCq28$PvC{H;Lk|zym@iLUR!gj^hp%S^ofob(%m`7X`B#O9P%t{upP8r zQyVy4I`Ou!DpOtx!$o`jJmW(%i6|@+s;43UO{JI*D+Mu>P*+1wGYTCXSc>`q97EYd zPz>w-vuOA2Fj)sraoS!{_or)G@hoRQ!ar)RiuYR%F5f*6<%BtkpTA$NWgc*P{y|&N zsWIN06GKnq$L+DA$)YLR?mrngV%)}_dhgPRNC~a2brNh`65<^}XBhl^0dGNW|5+Ry z<4e3_8dq98*ta$Yd;KR6Mu0p8-r&pqDTWe7Fq-24oIX6$ zio(%RNJ@V`yb=d5jn!B&fXrtuB3WOGXsuEns(Mr&9A5T~fFim}d?C!iv!1m;J{)kd zBRQDO7tk7j*6L}1i;M++i;>%_1Lamv)X~5Ju2^^vFTvb^ZZ#Khn(Hcf3QD8cE~L%s z>D*l)H(IMN;MW20uwKp9~v6Q1ZWVP0tw-lQ6Pz}d6#lw zFob0daNjH&nSrxLB^!}a?-vyzyf_j>G-#gm4%rhrP4(7~wk$Ax?^cq1C}gEuXY6s+ z@CEbrE!`7jn{wQ%0V|RXeNBYs={HI+UT>HBqcF_@$b5M4U?U?=(lA3+X;5tuy?(jh zI~F|lyu)fu!_&F`0h?|FeTh#uweD=cQ;d7^J6qcBbRqDvb>Mowxr2n%T7Vmw%6|D2 z+Qc_!!XYo8P>amj+aEyrHO@NZ)J3!1Y^=<@(`XUJUrua7cWz@-+r?@6Vk(2*Cerya zHYd*mDQoPmDw(hqe+z`m_B#%GcY}y;{ta3}`$2j-d`ts1Pvak*#Nn&@`AS422o?Ci zvD#w)8&Xj-QHZEPrAPvW?6~kfj=X8_St$<<)n=uyRccry8y#C}jF&u+PXwlSvC84L zfm(t<%#1yAG+P85K2|wxNj`$F0ZZK54d|r8Nqd%UpxcPPhRZ5$WrA+BGcG5upkZ{kg-sNX0gbh#@5Koc9|zpVqwq_ILtiq>LU_J=H&vA2H2q`cxzS4_aP{eY)gc!aavGr~m>J@k>P z&X?B$y~SyPfl~PccHZ`?k%*^mZ=|ejhCrzlJ3+Yd^o_bCi#MoeXrxXgJkAPq0g492 z*e!B@bDD@AJzts7?`BUj28T`Rd1Wpr+sI9;M!CJ0H!dztxN*=-rupn7_nAQV^JrkB zOp!z;i}N~%*lqlW_0@+Ph)p$N+A|TdZwpF+b+f30fKW_wzPXg+#{PD4N>1Wt0xY08 z=~=WR+)}wms3)+?;PN0gaRC<~6k$dKO~LkFhO*ji0@8i<8Ap`=7X8AkO1wCpOrcHW zArCTBhf&#$3zB;hZmuaN;6t(&UxaZg7mlB3_8)pB7QJq7N)-#+S8m<_@z{=bLu2OFk2g2Z4Eqv zMZx;vwoT*1V})HJ^NM)LaVA`ax>)yCV+!Dt?2F3v8;l=UH+%{wjLsf#^7%YhaXDK8 zEfmO(u&e2cqu1@&T`LKG^3i~A^eJJ(;T6Dh8`2(aW%+d(r$egLLs&K2lYj<+Jz(4y z1gSw>F1bQ%n)dOvk6yJ?wtD_}y(|PCS98|V;*jYzgm;xC#*DH@w3G*@Te2ZLzpda8 zCGT>pT4c3%LEzL~KLp!vDl)cwoo!I8xs?;S*F~?^Nk(RGQP;C-HB$N}G#w?FEGTLy z#DF8Da@Om)cvllpJ^-CvGuO`aH+v$N=SnC;k~|H&zHvWZL3442&Wt*l$5(vZy8;d@ zP)4KOgf=h~MsO@?j1=4G)^gX9qS5n>BVNA?ZJgyyue(c-;^X4_ z1wP+`o3q=aRRzAm0Bz{sO>AvR&QYorFN%w!Yy+ww%je62-%(M1&B2pX!Evo-{a_zg zcQA=84|GZ(+jkL=ZuWV9J8#)!^nG#J&k&RPnHce94=VDw-VmuQU)BiueXxtA)6`tQ z0#d-jufr1elg{)ddZm?00Tgb3Wj3dWvt_*1#2TrCgi+%mjU@m{$j zZ2R~TI9cWmavS>ZL3RDD<%4O%0}jh{{$1OU ztkXD(9B=)x=D?V77XQ~5Kc1%w!Jvy=x`VbrFp1ivfzcObtI@1uw^{r$E+~K2)4a^ zyPj^2t!0xJ8cig-lzo>anta?ePMhTs`pY5RQ4qmM6Q^7{y%m3NeKpQ7K4g0(9rK+9 z^A_tf2!cj{6f$>!MK)&`mRL}JXuiMh=jrw7i$I;-y4G8_A-){GK*+2q&CUWrm%+ih z)8BbbDsdhnB7qK`J@{lnro{};8;Sm? zRL_iof`w>^HbU(nin82fQHA1k&x%-$hjb|=3+yqE^c9dFn9-Zg7akf5U4nF1Q<1Rv z3J|WA!-@n7>qSarBw1f7Zq>`M_fbd{ZImZeDiR1Pz#!8XOxKfzJ|~*P^^EcWZ?ufQ z1BsqtYs$NnXIP*Cz7rw?!jL~p`#Z|w>pk=MKwll=9f15~p%%9^6&Gldn2*;Yy#l{6 zZl=%rQy$%5wG-jVt z($lDxCo@O=OXlP_qt3WMm&H(d&#*SkK?wTK^~he)R_z$HhNW904%DVHW8sUZw`w&` zp>^7WARL=wFfby)6BT~XA~cyw4P`9n8SYkJS48bqS=gwWDMK`o(%Nag1goc2dn&X zt|jv=?%H84fl6c#-euH){dUxl!uniLg8sLV!N{pU*ntpr-)e8HVB~Xc%U*XhOgp^{ zr{krZ`u%)osK^!q=G0}e|9%+?b*7?wi+XJRsy7H&Dt&{Kc}pcx615slNRey1ov=r) zsgHTBGn|5L19QknX8i3Fp6}3ysRQxSn1)wBwmr%%r5o-3AapRK3GV+D0hUwE%B3K* z;+chI?oc0Y)6U1|T+l$cMN02`Uv`y}`mSjGAPkw3`ZBepAM5U$RFOu8syeBWL1gqU zx&9wq4>@rCNo*axLmkX`8EF{0tq$y%e}ifYLz#La({asFoZNWq^!Vb^8+bzDV*{3N z5~74m&&D@;in`Yk^_|4BD+#u|JY4+?>&Jx<}}m3eM8# zyb9FR<*q}4@FMUmT&xMaTn{AXgEvnFv++<>IIfAkY*h(#xjQT%5{9E%JJ4SaU)TirEg7SZ_ZuFU16`4jPue1m(jt`GLHjL1uJz{V z+nJsY%ODL3{rlASjg+46z_5?|N*dp5O^OZk5FV|%Ir&^}_o$N!m0txhI}sy4Vc?wx z?(|FJDlO+q;M%@)>g{8}%Xd?yLA#kXI+GH5)Qih#4}tA7t6q{Kbe+>iq4NXLP!Km2 zv7fNl2{33R^JE{;j<+|UGS6mYjGmy>Y1g9l*fws+y0#f*Bx-3^0dmT5{p*D>8UE1f zvA^T>{j;vuy>?B750{KEVj>Ss(ItArYK;qv9U17hf5BJ6daM< zJ{=MC>5&3#tzgb<$=JPss5aKFA%)p=I|Vg;1JVe%qF|U9E@+GLc7y4UB^wpxn~H7f zKyL@Om_Y)hIx=3ZX%{B$3PYVdt&ei4w6EZ$eHi zqFQ9(z^4v1HN%k35g{iIaI(^<0~O3m>ydPnT?;&kt~PHJc^x>;cxkMu2#IzWskDj^ z^m2JpMF@Q2(FfWg&a!tepeYePn1nAp6wfM7*$xFVI5y=pj<5^K+N5FQ4dJT14 zm-FEibsj=73VM~YiP!>YtX8|*c@#yikCNkcQRirzGO4^T@2S)-meUdNW&XD_K$))4 z@$9*3Gy5RgX68HnY8qTI%)}MP07p(uVc)5~v_2=5a6%#pq}>$T6bqM>O6r#EbZ1@; zg&0M|K%{^X2{_894DClk;IhX60s?$T1j~(GGIDt&Ey?o%9|tXo@Tb`w%$fUn;9n9i zxU;tf4mDaTIqpbT@fKF(ntq7$I$ird5fBgDdM&h(Fqt zBn?@^f3y3$iJpop@r`u!q3h2_hQ9^`0(T^`k!qM#6b(Z5y5bH2#b??+M-+54&0=>8Q=73ui(J@lV z2oWJAm6moToAdII$Y3T4*gjF#B0^}Yq4y^X1JVp#Dl-N1uaG&JoyLnGH{bqCVZe@`ugnxm#?l9G0+VwjGuv8KYx4e@U>0|a zc#y&`I`t@-*<~78xpQD;ae5)kt5k$`bu>$PleWg30aVLnAT=$1nVWmlIUMX6CZp_$ zXY;rolOnM02%1WL4uqz{=)TGwn17v*(756J@_D~sETa~3Ix-h<*b?M@zndGQjMHI1 z6|dvj1z}vH8R&`o&H`n-+N^4ux4=U|Ei!C%4gQ1}2^qB=je)j_CQ0gd;R@#|boX1h zOlQ3vbd!r?py6^dv=|`~B8f!!BKI&I9c;MJ#WZqNNi&wl@W`P=OFB7g4yl-eHTW~Y z^r`_VIJl4Sm%3c^wwBr$^P~LQ=p48JU7y}-v&D z#Kw9}+|44JjxPPMk*`8$d+SalN_JNTk`2DDivPaWmamt`jT0uK;M<>F5&6E=NjSe^ zn!H0?zHOZkSDl8MfWPOVuN$>+#=qrJcb4#Ux!sZDIx8lyoSTsP@@u^)R}D$sY-|}2 zflOs88%VD;m!Zz12laXBID@Xc5y-wZ{B+d{UOrE+v*W-)1hrzaNjvdZ-_paMEanBS zr+-81tJl~{<>G91|ALnZ7!)|gC%E!V4@yd%K9tp342nVYZ7ieF=j>RK1hX`BXDr55 zZ!D3V(V~E&^ao4b)tKM4PH1GGBWE(1!iYo2(Py7y*)wX4+HWXR;gkE2$5aAzMpAg9 zrfxH`B4KVTetkGs z?mn>Zx=)=Ak0;>MdQKzc^+3KuBBPjoVETdJdT=LA$mK*j9ETtMB_C8FvhZpEFFB2q zd3~R2QB%?un`LIQlFeE}@R9q?_+;vQbZ~E(UiubpN`e*azs%nv25*uqCZ{ZuNcAZ0 z$PHD*pjvCtQ z?x1}13l$G;k7)0P<^bM1+^=9H(`ZAjik^A%;2MO{N9GCH&|HnGX)GcZ#kBFNbQQDct8Yq$Vq;c)jK0i~Ok{D`MG`7=cl7W#yWS>$AbWvu}qfg&k)HX=2__9mYbU^yp?6JW@!664u4E48yNoJ>vTp6qCo+8 z-01SAQN-DOKzml69&-PAdA~@8oY>l#z+Ad2^#$Evy}{SzPRa;H;Fp}ZcgbQj7KHmj z;b64x;dqO>$aL*buU1?<==O<@xiciVw~^OMBzUnoF<3_dQF8ld0p|W!*xms{#cJq1 zg)G7(Zcr`D#^+oOOWTh zgqJ2pc;K+of=PMy&rpc$I;R9~=^`=s_Z7Umd7PA|XUSoRkN}NEaH@NlS4Y z-x5QK?tN&7D>HH~aKLo1;s~*7lJ9`7c$b!LqATw_e9GKUf(c$(Pxs{CtLC8XHx{s( zP^&LrVSRDHr<<@L7Xcd)sj>=U@i>vOx6paV+H*2!Z1`;n*3oEZ;_Lgtz!R(GA438p zqrxJHLEO$^n`%m7ci}oABc|qQ03csqGFSW#P{YM5Qx)nU0aA!g<&LNoNm67OI1<8> zu-*#_&Sdk%XnOCfi7+;@Pr%iRTPja5wC&6Dr_2x>1<6fW3^31^L^QK8T|M>&b$>zo zsz(YH=c$Ph**b@JDnjUFMiWIw1Y?Fg>6)b)J*P|wu7%T1Il&}oc5y? z05sWE7{pD;XZPOal34H;QE{0Jg2_Uj5cu6!%1keznIKL1#|RLe)Rd*_RvpjRYm)Z- zCgrD!wNBC56lN{rrk{YcOA{ND#S9TAcZYHRAeBTX>HJY~v{XzLhD0@=tQyldkCpdV z-x4;?w$94PXhfuDS(UMq5!n3Ob^rYY$P6#{lC!^7?TMzJz%HdS|A?)TA=G@d$SauS z^?U5ln8nDTnNOV_Fad^V(ELEqqtzCq4Xl&oc9(C4vndh{4u?FNXqVTxki}*VsTJ=f zpmUy4{=ZA9H92A6+v1h2K{Q)e%E#Q22cQ zrp)A$VO@44I0qVfMRtVxHWpk6ttP@xTd0B{hOM?fnwiQ?1Qm}Gh6g%AaxZ3*-W~@ZghBos) zq>5C;WaQ|X{`$X+@^4e@yPw50@sq~tnwrqnQx#g%D2t^?3S=VSMXYqtv&hzVgJt%n zfDOJCa89H5KP1|TBFVV-gwY&(p66fp{)$0}@0Fq`0OvE=ZI!fZooZ*R!Y;JYC(-^S zag(XGeWlm4yZS7_Yz81l=T;w{2@o0f)c=CGn8wxoqiI70mfS4UJGl{AQK{{hrA?LZhTX8se%4s$VK5DrsMI; zp@0W~PuCf+kzQMYkSC@A3!rdb6%FXh3VN_5MQA8=GJToPt$S?90Q@Nca?e>@n@QCTDIfv~dPh2`& zNqgQ{XV11~{J9@g(!rkG&|EJhGvcZFB%|W&X3b7P>1yO-w!4Rj>z#&BBxiE0UXITG z(T%uh56q8~=Q5QThDv~mX!V0i4I^FRTB1R$&->Q3`Y0*XFxNQPTsuin@5k6Wu}+RN zhw%uYNcDwXYbBNq(m*F?p7>Qcp~Lzb8j*FO&1U^q<;5Z=@{YCoEluA~F$=t~5)uM} zGA`{BMQ+(Q__5KQ%b{UhgmTYCz#C@0ef$xVL9bHhFYBr6#`vUg_Ozxs&g3;WC8fkW zx%-rbqfF-~BdLg0rH9C1?^x)^(eix6t;{gmVQk9TpqtoQ0YDi1+Nwo;p^u}0Z0#~m z_f_FO#od73YRQ$2qL1wY?nG~y6pa%FcIT%vSrey{m4JCh?Xu5-oxSFGNMu5UrOG!4 z*%8Fb6)i(2XBGhQNr}hE)2Lf5nd$C#Px*)=^hi&`-K~-siKh0i8CJ3hVYcv@@%>w5 z1jbHKj}k;8d7_VkB?2AEv-)kBq?=vt?Eye8j~6R17LP{Kn(N@{ETBQIFZQ@tVzBh% z(Q#4(8pXW8;cNud#jE?fS@j2w8i4EiwgH*x&BEtB<*9MA49@?wv{sM3|E7#fjlCpE zHgAveA}1;g1GOQv3X0}khZA|`FLSC`iJ-PLoEG;_I8<0j`~mk#`$Xetc>c)f@JFgN zdZ@6Z0L34^^7ER_&X^^_cd7n0y|Q_FguP91w6lQQ2RW6=A** znF>q?RD)!sbC-gS`aDu6P;OsXvYPC=AN>{k1-3pt(q*~kad4^JGyQV={B;RORh#P9 z)7_kWowUyaVTnq;21?e(OE821`liQE<1Fhe^Ued_LR0VBPn5Uo{R)^B0VFvLp6$sE zUkAxfv{p1Cu7T9a%--1!eyP76nDr<`sC4*DJqub0mE36ZgzN)3#L|x3{qTmUeU-In z_ak+I;*QrdADxR)qqfMN`;=#Eyox=mE~dN{C3(m_e-Q~hN-mwY1Muy%Y3T8_APETx zF#yfAr+%gTs!valw<98sg|%mZP{BKIU+ey0o{FGaEgypZ zgB_tX232gKPh3a(&7{r|)7qj=3+X}JWybM(vTN_uCRTfLY?MR6)JB#r1+j^K^RHetJ>39=IITdRBt_KNoDyi zU&3;U+Y^?9a;H6_A_9(=9?uJV#nlJYb)`Gvd{L+N)7+oc_B}B~C*^&9z<5jPL6dj& z96l6*>)>e0hR)e`{iBPK=7W@%MoskkcymjhiL+9(m>UlgGc<+v98aOxh)PFCfOWB{ zpez#~s&kXj&`uQvovMRmWn?PiIFa`6vLG(va)4O$Oj#8MD71Qkab`&rDCGz?b>)Mb zePTp(pBX11shBgsjIkW#!ANCa75>7NqTrNR8vATFO7ON?F?31wNksr3={3#%Z2jLm^=|D0MhpbY3M$(xN z_*6~oT&zo>DfMV#=*V=RUnneS#>(wk;_gs{)W$T%;SjwT_E4%O=8lwraH-pdw=%}j zqg!|T^s(`B@39gf;%GX`YRKv7G4ngiac#gf?vDUp%i!Cct$SKJkL+m%vbPsrntu<3hKhwe9K7a?L>wJn_;pLf5;7 zae5N+nrQ?<)VL8;qtzjQz&NoYNZ7KA8pH1}9CHmy+RNGLks@HTO z#X^}hk6b1rY>vWh_bk#F263(CM7wVhdV#wuwq3p{AgzU@T4IYC0>ri5Cm_AVp5)+w zO~svtewB_h`ble^FBw4+Q0o6aXsEN%1>sB)uk@HmMthNjN_JW)L1Pt(C1iN<_phEC z{;Tn+5W@H8UzSx@0yNcHzlShbeXA^JtwqnFY7>}xTuSGa4?sj{H&gd=)ciLNwd!t5 zBPFC^)bsuA$6rDGBk%!XjnchKx#!5(a));1d-czaYc~aaocO+e8w~6{p;YVXsm!n6G9e|A@-8k2M@I2# z_eai4&Y*5bqX?l)VzpgiZIV-x9fe78&pcAn#->72Nq(ik7U}SQB=9I+G`Pcm$f0~D z>yhE5`*V`p>;mhwsXG{gWzt6s)`D)0N`uQ`dL#@iC5u9Re|!%Ow*HEfwNJFe(@nqg zXTk;=nUT|cJKU!elh@2r8&01pFl3LKKt=u;Q9^aR;G>(r2|tY?0TANWse1LQ5m86TD8A8CS|WX94QeA z!^YB*bzS>|{^(;QdpW%|7>8t>3He(B=W1X3&1)r%=sobj#d!A}7LB}&ow+QeM46$; z3ZoTU3JvFPMX2d#X6STJCMna5{$#qj)FSPz%vzo)k{zrKsmQSC58WTg8E&YXeH%lX zu{{&7m}R~QMemtr(I?}R0b%@hF1qTYqF|?_QYPIqoBrY9z-5}s`JJ{@Y(6tQuO0zZ z`)`x=Y9o22kK~I{Kw|E!qK`$pgAdbc3@p& z)4&F^$$9=0_Z25**-#Ad-RhysN>;4bYF+)oQV}nMzKrvr%Bmsc3rwXs9I>E|AnefW zPI?$UOd^yVlcac4Wuuy78yP2} zT*0Evf<`)trFJhH+G0*}T&-p29_jfF^2J&Wr^4XET^zte>-LF`C+1m)<^Ek`8nIg!zxFF|838B?#fk3dcGKS8@(bT4|N(? zerx_<|6;Zvav%@Q``O2ub1QvVxF|$iXv)zC=W)X|_Jf;w<(iX!G_eg)S?yrk3}CC3CVt58Ihr*z~LDR_~IG14xcGxZ6+s zY2F0NI)alzn@P7?x(&qPqb5eI<08(PehYPiI^p#<=W2#91RpGCe;oR-M8jDg+5rg4 z1n+$5cl7Of*E;X!-93WMB90kU*d)0W(z%&@k-8`U=moW@#&N^Wm`Xc4;94VJ0V|{R z$wEb1Vi@KyCp~iMR8$@F+Om~IZW`nBD2pu(RE(lugz;7QPmLFcVmEI9UQu6S|35oWwxK&r`7;1AZD3cq$}-O)Pw= zRp5);4%f-{+%ATRAK$C>GxE?S)hOge&e{01Q<@Iz>L|-&;l+9dM}djHD=O<XXUp$t8@l*( zr^R!oEHn}V#&>R6ulze@b?IK@Fg23#j?veB4c@!cIg~l9&#)JH$)_2IKq}~BoOIR- zRza}n{Qtw)J4M;rD{Y`_wawMGZM#?7wr$(CZQHhO+qP|--g|%Ff5y2xmosBjC6za+ zJoBkkB_mj+4h3nzMRJYoK4L#wKOv}srCMu1o97`={046Vg-M2}HTWDw*HDDtZ
kiwrn@X@?co5iwnq7!!_vSv*z$&Ke2rZ*lLtSewTs}0tN zlUe@K-WF=7vkg(;Tr@nOmty^)9l!4GlKep?^|z=Ae{E47N|hGg%dsRh0jLZ`)YyXt zddPv&dN}Hn{o!b3U!JXt2Pp0=R(^+5$3c~-uSSiL&`n@ba9>re7DsAYP?}J>j1OYH zXs9k~AufFzyL(ud?@ni;nZ9*$Z(SM6vK)Y~P=Eq^@T0>5!=wc8UBk{U#IiZ8&c7wu`l|n}1pqJ%-0Fk?!bm(zy0)RgY*)5@ z*)#r$;w+ob=o>__5N|J!f^RjXRAh_kc)pO?Y%!CNw`cG?JYIRGbFq9c+kAUz z4t$Jo{vEN9P1Qyj5H3KHbo+2qjikC>{%NJeB)V6Zu6z00JT{K7r?(uWPma3}Iuz)5 zcO8hVcA1Dmk>4(kS`;at4H8nlWhp&~Nmx)%?wm>$@<3B4D*iwx)30lqNTdh7Ev8KU zEgSULZ+dvfsn45!*u^xyecdaJzlqq2E(ve1udk(Pw$KMvvF&v(OE&4pp@<}9j`Hc= zz?NaaY^8q0VKl}QDZZoeB>R=gYB`3%$um!ZRwXKpQ6bER>vFoRuV_)-B!hSDDe?$S zR@;$@<45~9M~WpfW0JP=YBMo@OU1O?&UOw$H-_H3X@c6PeE3A24t|p9GO5+|UK;L0 z4DxRrX9M7rD3lD6W5qxOiZMDfg*E|Nv0(0l<`5eVD3aAE2i8)C@UOE(5$P#2GyWkd zU{NEn#@xjxX`d6F!=X2l?X9i-qpPB}mmb21!-%GGf24rK2smI&5MVa;60VO1YL6AV zIZPQMRX|{|E3|fj2m~hu2)7DE5h>LgMBvFPFrGDj?p3wKao()v$CRk$1o*;VFI8$p zByXPtw?$_88_Uv!Qdp%KmtoOYp@+%zvAyDaJj_FUw7O;KJjpH2YCbb za0eF$^D%Mdq~cfb*Lm3R)SL^FlDA$dd{+H#muVqGgtPNO*o>TZ;#BHQ3e*jOR9K865$0%;fypZ|z>vtKK)WXwAlY$+ zyTrCzmKK*pTeShbkT3&{6!=Lon_=h+<^Ib9GgY$t#Sqm1ff@+TQ@c`HhULrr@HpB; zt};MjBV36%tubRzr()#el$yg55JM4leB{Fn4?0lYW0CT51GuDGAwae`@t2D6g0(3L zxV?e{aw4C|;(b7&iJ6oaD4_*LdM>gmp&MpWp&HDO$Cxpk@(WT15(N|f&!m3E@L1Jo zuOT5BVA=k0doD@R1(jU+?--%LYJqc}5y;1_MEI+H5)rh*-EK|(wdmp$Hlyxuh!uR5_Zd6D8%jVtAk{1=^b7j5Xrk<~zTLFGrRr$9WyEj)P&XhR9y9CgQ1x=(U|`|eX?ET@>_7iW;m z_Pk??Z+m~ghimt7$QbeU_)P|Rbj~$<@*UhxX!l~9k#;p+J3&H3>zt&6OyW4f?>gtk5P&zIM z>>ZG<7JU$3DQm5SI_hJ6etaw#y#HM9RP+Ib@j}3icH0B6lgJCl;_(7luGU0K2L+cQ zIGTB)FZvKmRMO)Odm%NPMd+W}YC*u&p8?VGDr{Vby^t84DwQW0qvpiysiS zs~my-wJ+e;<08i1t>Y)h&cx)Jyy=2;rykl z)Bcws{s+i}I{*J$42I6fCu#x5Uuq%!KgrquWRipVa`2srK1d^%AOE3Cahn-6k>C@l z0kR;~5wsG4IxF9euuc!U*?}7<+;9yA2S|Q#nPeJN$US%wSrzd=-0}ZkYy$$vYKGYOkg~0>J=*v^8Vga${WK$O`Lcb*Hqp;w_JcYTXz2(p` z8TF-lH<5eamRkVdS0t>f4t8G&Yf}3!+d*56Jux?S9gOI6Y{*)x8OTp&O0sRo!xJgy zGpquW1k(4~Pwrn|1P|egCkz=85jMj%c1SrqG3!ChWt0`kFsN?C!)CQ`)zQn==7V-r zAkv;c2U;=VFRxhFB-aeDRtE+>)TSDrP(yS5P9H(TcQ+?ToX=0OjgZlAkFlm5P=|PP zp>Aq_TdpOA?}C$YGicS0Pmd@jw-|j|Dk>O~=nTq)+Bki{M^FfW)!q0)gtwNO)XnzG z`Ja*itg7BvEPp7Zm4_BuKV>F*0gRukhkve>%N(o=mh6qP#y|6*5s5Suhv(a2jgR+) zO%p^sp)y=TzO0GgfRPn9JO48JHG3vqT$EN*<7Nu#k@se(45 zIRhfO2dene10$B$3}M@65AzNK4jT)Cex(wpV7PBpd%sor>KM>ZP6s9vreNSPBplob z5WYmYJuCLi8zjE5trc4#IQo>7##szV0!5*o~0~747wT_DH z6bPY$y{^wF#tE)U6^F=A_Zay%#PXh7%T$ASxptZ<;P(0c>>NPpTDzKrWMiPjHvi@^ z4@Z~A%GRyT8BS+gXykTu;aYZS6(o0AO6Mk|c8`x8^ih1v4vWeJ`l?C#{^BzwCtk&a z9Xfm36=#shha*;Z@C}RhV^ImLO?ORhEXG&Igp{lju)WW;~tP3(JEVaV(z?f%`<3ge$q#<~*48KAuH!^Iby2uZA@~`t&egoqp_!!4}Ud!~wUxNmyeo7`Qug z#N{b-faIFwQ8zQmiY+$R?Pj~48j!o3*)qn5!u&d|ouqePbpwMML9{x=Shj=v!n{Ln z7*YQC!`C1->_UwVLtP4}gc)1nzrpf{cv~8FIKY7=B(^JmRjMpDw!OfX z1Pzt5J&2=X^t7-M+IxO$5tZerKcBJI?Bjq-H~_}KL-j z(!%KSBFX=pU4{|=qHBqbiI~vmYJVLjx9g&sNU{E`dG@g3HmBZ=X>1e!0FTx?yxE#S ziWw=e9*!^CkLRu~VXj`c|C65VRa!-c)Q%bJi31NK(fU|E z7ITb)p~4sPXxneoWaKPy`r3eBGi|9A@DrgYMveo!)+X_c;7Z0H=-vQW>U+RkZROVY z`cXx_PqEs|+3xCHd`?WHir5Y-vyHZ}uc(NU)b72>2~1IiLeZRlCVpkTOtWpYG2Ibm zprFt_0t&=wh+#>xGOF@iDT7k2XxCTupcztkZj3zgC>D>3C~daS(*CjfXv$4qSeKGY zDkoRCiZhA;JY`}5hC?!6ghhrRNQs9B+{pegP%r%_S%+{p<>Lv|#cUv1c z*+1cN8cU`E0fbMn zF)41g7R=v@uQmCSPJEQlCF4ddN3recgLaYgmYq61deN9b*XNym500RSet&;sPEoFOn40?{1+9&fDwz*1kkS1d@1=mtBCex=JK~>;!*!aGHr$~R+@4Ap@ zi8sYs(Bc5)=?GzGB!NXS?=`SzX{mb-*F}75M&z&gkR*g_rk32CMqeM{o*{Atkj7V={LdjprX9 zV0AVUNzVi%m|=f?q6a&v&$RAVUCWN29Ae%fZEy+fB_X4ZP{8PLn7&5RDeF$hfRt4r-2=79{)}eg5l{De|GMvmJV-V z;>qZ~XUJroU07|scDRamz&?0eTbiy9I?QbvtuVoQVgjAZYp|%!^hZW-+J&LMedj2_ z4hy!ik*HZ+<(gv!!m@pSX#4o^_hQ8nb<}EUg~=FWukPg9 zGs_}U(B5e0(zsmzxsGPG`q}*DOF15UlQf;aWyu40(Q{Mxd?)lM^L)q08;sJD^R~&R zdT6Kq<^6iIFNCLgVF`(Hjo8d!;kzYVsC(RafHepN*Dhe+%Vy9PG%qTqQDT zmG!nf%jqtF?-jnqYXg#trkXlI(bq3!1|!|`Ert_D2S#+o2l(1{;0lZW+uL`~+BX-& z585h}3#wMkElmj4o8S(W-yq=G=W?ZVQD4@G_y)ftp}9%+tBA9#W#E_OlFO!>0;_El z{p1L%oR}7du|EjFsJU+<4%{IW!`Oa~83VE;YtHbXL{Gx8G(_}<^Is^kg~Y?#Jwcgx zF3s)~tC)l6T8HR*uW>}AW=Ou1cH8}MQJZz0=cne3m>m)F%6T@2GfJn?U2`~FHI2^G zC($2GTTAQ648z`jviU;b&C5vh-r_>tPK!E!%mkYNddsoUdlqN0hX&x}H`}<&&yG~f zkl&c^dbWqFdX_pliy}R+_Ca6;Rf>IGa)Yidv!_kJY^T~@6$MA8R8{KC0P`#;bU%VG z?PQ!clnkNqqJJ{nXaXlC7;q8MX)bl zq^Cgm5nz78`RCDGQWx8ip2AbTqU5jhQTK7uP2Gs6qp*-lI}S1MpCqt;&6}Ik(-W58 zG@9$UAUF?Rn!CL$Tj)^9${_ioY|ohQuW1$~3TLX;A0Mxb73&QcS&!{G!u1erN7HM? z3XsPvsWpz&t&>DSu68fB8-K1g)CVU16PFRbv;Mr|!bB)YPve8MmUeMQxznQeILS^m9Ke-Pd zb#I>+Z?Bj4Td*A%?w8f*YdA`ji!xdc{myaUj-EYRWRdNbBXdEjg?G>q z3mB_xGVUm&ewkPsTBtWNQu137Edm22eP1dXNRMz`fZoMSF(}4%q>kV@hPe#Tv~>nI zcQrRyU31;3U*y@JnC)MwH3T&Bp!*FtBq=ywHW>I4&Oa)qXlpU8i+Kyn*J(F+U4~v- zO1IMF(f$w!N(_Y#WRJ!pkY!vo2$n`7KzLwPF$>Bi&V_%4k{b?eNz+>L=b z0qq(=6b_Z5x|ZIgo#=V2(0RBRVL+|xDQ_75H%?culZ&vb&HvyoVKa@mzp=#PYo7+s z*AUZKk}+>|3wh@$!&EP2u}PSwf%2M)iqXHmo#VpbIkDgcY?QS9u+Z3elhlJ)xtd5E z!=A7JV^OuRxmRebWzoDSgKd&$O0}Imvv%j*jn(Z1tP5uj7O(4)_B{NmW_;m!?YWL; z`wd;N^WBRJsCdfK9`o5kSgNMODd=37oj-O91zod}tpCo>esb>)c7G_^ z*L+6n0iF8~QSp@E<=zy1k)GgY5mlzqUEq4W;Lsb@2CB5QGqtXZq!VJj{gYp2FhSDiHE0I6*B@^xtmx2U&6~v!(HqAJ zcg+cf5AUxy{rzy)`dxjj$kENWJd4vfGq2%8pY;w)3)#0!w34MG98A_048ZL#^hdV{ z-t4p0{l1GgMjl=g7H@NqqnjZ9P&1Qr^bqN;B;Lo{I_Z29JHY9y-iU6$8wW=m)<0DK zb}hbt*70>BOs&&REZ*L6R)=4g^x_*&GPY_b?qDAIj-9r7lVP_6_S>ZUCe>Cx*5!x| zoYp@tylqe#J_xhV9s^@qq2BYn=8DEdAlak(@%hG~DAn4iujWB6lDiW!FE-|02-{H(Nka=uIm5IlBK;o_Lj(~y zm)IQhMi@0bKz_;(5PH#i);3^tnXXT@+-!=PddHA6fEP2^KW0*?lTdiH9;Y-wa-|#5 zbmy_7&5XAXIMtb?E2p^?E@E)G3oqI$e^wH2l9j`n z4P$qjj}|XfZ`WTDXADPX2D5da?p^ED9Q~TlkqST3T63M1GOBGsMt*wHmIJw-?k`7l zKD+*Y%v5ygG8#e z(1aU$El#!Gi3GOZ-FBF*jKuh~uCQ*Q$~>4YqxL$@cAA@VlDCCoUz)QtjwZQzJ{6nD zVwYuacDf8T9RD^*P_Rj@aiZHQX4;IgK8W+jjvX{dnJbw=(BoTL()mNSky|K9!0P_4 zTk(x7@tJMwFc>@J(t4st;EVz_UNtU3(!an3KO9x0_WjyxQI^$w1AqAac5!R7ZY!VW zMKe7jlN^0DKehzS;`M@{e<}@xfuc?MN(<1*?jm};mu(~SB+0ci|3R$vsVxhGuId0b zP!{W1pnrS4+Yj)7$qAmT>@{402LB+R{vAvl{aUWA9QEz9)F0F@$wLmn&W#bVu*|&k zr2V#Qecc_n{Pl#~mGiOogyVN*sWwL{>@>qny@e_)pFQhDlN(tdd2l9PM+B*cJwruz z3W3`a9x46TeyiW`jchq))4V`kUrQSxu$-Xd_yfz_#Eruxe4`fg_KdH=M4}r{nkTva zX3^f|{ZYB#1yBeoFqq&I#*tnV$b@(=U_10QXJQ|>zL+%Cc?tycN^%Bi=oPdnFB zCl4ak(B$9ir_7nJPt%w4ZSKF*mEwf4g*@JoGfl$E9$!nC7IWmZu3KgeMQCkzK(!7v zy0=gkGeTDD-ha3^QK6jO_6fUz+Lsgi|BOfAUk2;GR$7E0K;Jr^hTFke&UX^dKdNQb zjo3o0M^ydIO+kHTNA{?J#F=tK@1#YM{~}4tbL9P|=5~usin^SszrB7L&*n+4f=+#d z$-1+P1pz8r7u{!;CUpC7s)vU_XXzjRT;ID~Cf0omo4$4E27kGK?T(MSyI*bk{?^ll z6lQc%+}V9wMeP>1s(*`0_1(HGvl?!~764?OfyPyHzzRuTv*>TanbLg<@056Bb}uJB zIl2yfoi8#Ojj4Wl&}3aaI7P`bKr!Uwtrb6%;O9!xK#x=jcNQ$8u>u4L7~5LvPp`Mi2ov6>9RMgJ=L=R$O&IzO%?72 zv=n~ST9wJgad6dGciDJZ<2#(25F{{9*K^XIbG$`t2R;Z1=OIZfRN(ASg zR-C&h(b~sPWmeEK(HZa!Xp0pVilhQ=6*IzBn zPSh5{o=ls$7DP7Z7_8fk0T6?3?ybf|$cEA$lCQ9}Yt9_bt_!uU7`Y8i}q7Fl@ z7=+bnByU%PD~Pi!n8*NKd92D)brOd}^_(fxa9VzWA1Wnfsv%))tZF9Q>wqq=T$y?D zTu<|jAx|>$lZ|=&o#dr9k((~2jK7n7OlMJ=YMl}CukGDg!M_Oy`# zu|%Z7f|OjX7~pft9_JA@N=}E>jn9_+ddPqTKW17M?GqRX==a@(O(RxMy6|ju!P`A* z@iwkIKpeJ)Y1Z!5n2L2i1eEd%5e`VgnK)H4lRzeR)sJ0SL@5QF_BU}4kQkASCPP3W zc`r-qFGL*x2_JA;-!a6U)8{dU3I+tT_Xj7-@^+yexAITr3 zCDuR{)EX@^+hYTVrTIV;w_}=Eg1u%8|4~dXkRz+6rgpi7pqZ;@i~m0X9RTQX-ehXc zvP;FaAi*T@@&9P~=`{xg>?X|(n)jIU-%+Ia|Kf18moZHJ&xrn`&&=l+$0NGWlq&sy ze*K8ig8p_oJIWcO|5s$;*G~h}ugrRb|C;feSO*5+Vqx-cqT#PkN(qd z4<^t`X}Ul8_`f1DfIkh(zZ|CG{?}`Y4;xsGJPW8|(!U}(Y2Xv7kIG+ZD`rMht91Vk z2GTb@)pZBQfeum)`Dd#BXO$cH4Q!hNjrCOIzuHv6Z_?USZ|nY)|;(LaWt=})r#UtbhIb{Y+i_x)?Q0?tpv;&7V1-oJ(`{m1aI zNF(M-n!{~BHaWHwc5t}t_;Y`A)tE2mi6Q>IV_Vn~;a9x$!?U$L@8 zAGC}%kg@$*Ryd4sm0RbXUwYBQ`%Pmt8srzLY^c5rdAbg(v|+4Eq_qXwJQuP_=;C69 z8w`N{pwm5rb@|AXg>F+g`IL&KGL^@2iGhZy|6N=lQaxp7`Q|a#{~a7g9*GnQ1jP=_I7ty(a-qFbCLZk zj)bw?imWvSI7tE&g(I)c)B5urUMIrxmwVUyT*VSnI+-h+Y$23=Dx#<`)1zCMzaFteg6mVFb z;COgA1hNFhlhYk01@CQu$B(ArWTrN`CT&FPQMl_nT{EYWRMB3aN4nFcee~%|%Km^9 zd~kKdFk>NPa;>n0WjZ5*AuLJn#G{gnM`DhAr^yy;p^k5DDt-in{4lQ~Q9M!mDAwlF zum1n+DhyvU+q1lxq)K=FCLSBM&#nPp!TYmhMOTLkzKJ~>eHT%j1CRL37_qA~d1zJG)%Y3VYtxknr^|eppc5@ux>H*tO_Xy!~2k z^IuH@R=s(l)FCPDXkxo5ipO*$9%zzOl)?v9A{Ci9yw7|##PL_N>@T4DMR;R|zyGxHheYHkFQsg3cMtU?Ru zr-u$hT2b4s68;FY?$H&*_b(K#V7FosB2yFt6R159iY+XIc=99b%GLmYX$3^8H|>kU zy7%~mOI4|}j&2eiw8d`Ft+>iwNgWuG)_V7&F?&G_K|KEaJVEkP#(Vb46z~uq@#^3r3P)E`bpVwkSP-fDGZS`Pm3Mts5g30xU z5a~oU8v6^z;q~Gfqt^ZBC6A15c>ADn^TD-(KpY{W(ZX{AIvNYGfcNJ#S`7Gi@1FH) z=-@sOnFu%V@aC%^HCChdsuhQm7(x;r9-OMq>_8s;+xJR~7krraTwG(W)Fdd!uqZ@Ku1+PQOfVpej@DMM+U|N5}|D&Ch6qwp{RhP7M@_ti2fF&Kp|z^Iw`nG zs#8L<5uF*!WWj?A_`QXAr2A$4UQ7AJIplQayMfup$^@Y6t6A89S3Nlt)X%e1WCoyd z$)P*?6gg633G6B>7}odwkC#M-r!~2otW1Oeci+zegP_>^b8-8TS16*=@oQf=h9RF; zXU}6Ig&y#NI?0a}ZmYtS!fsC+sT15ixTGoU{l-uY4YDy8>L|5V54*0h#E)XJR|-Qvvt39gV!+IzL- zj^XtI#RHlhnE7O(xSO(w(UUBwtHRF0|68q<=2Z;r0E78tBRD~`RKQ6E_B5_LKa+cs zzmit-RjIIE9Pyydo-6r=dubF zsAV2Cp{RKq6SGW`TOmNp_FeVj1(lUHXNMIs~FY}H`=1?7-)qt$% zmWNEUjZ;1+@%^TXaa2-j64>0|izdwnPv zRiXZAG_X?wp#l&*Z7-D1Nl9Uo%O&I~$qYkKeX3`c03Jt&b055UXI*^D21uMXn9)~| zQwmoTL!zK@wvn;XzfYF}0^VI2#G8jY+fSxI{Gp}}$(;i{QGCq_`rtd-F!YWe zmZS9w1@^M}ybU}kHJ75Qpz}idkG^Phgl48y;OK?g7<3HaJjrz}1+Av)n2Lsl`rfm% zb$T0YNQI_)%+?y2?XPTCUDrryDeRaec_s#4NY5H%;B4_pUPOn5zAGvUECJ&*EZI54 zQ0lUoi)3XYGNLsZ-o>XDOV3p-w7qclkEQqvD3K9SDu=}(+*RBX^JqqI-Oh;A)Kq+K zc1TYf`)2ck8Z|Q7q zxJob9z(M?1JVyQpIG7~=g9g{~)0Ft8v^_FQIT0Fb$=o+o7TL`i^*&6&^E*sG+1-w( zZ#=9BKQ;_ml00;P{ZIhcVJCf?wI)4G3a&e-;<_Y=1lxiS2rYH3%O>>5vyq!BEiPpr znnXRvC!{fQ|Fj+=_1^yDRGi>X<_g0bfYiks@*GXv>F6s`b@cW1E=>2K7H^rrqE-BV z6Zp?E5+KM1n-XkaM1sI*p1ikAX($WDMqxHxHJlU|LetTCE*EqO&L=x)g>A&e-8lZU z13rPwW<@%a`o^Y*2IGfqm`}0EOki=ox4>jVs@o3#3r_!oX`kTW2ppZx8jHDA5dSBs z1As(~o6)A~)UB*SAob7G{GcL*lplx(k-s1CFXl5t`9XAz<=iS5|F2+=RA=7_E8hQH z46W~);16)TEQ4JN`UhL`27=efSJSfppWYlNc%5Rc_A~!R-G6YQjP4H%q=<+@{69df z`5(Aj^`>L_FZ}%fH547<;wqt!-hPqxbU*RsdWb}dk-owJj63UC6s^iQ0!cMaz3D=X z(Yb=*eH{&Sh%4>BGR1CQONZqbf#k2RNbwdgmgy6tq&r+@9PwOp^o(_s@ISW{l}6z7 z%?@Pl&{e}Y{aIY@Ha9D58;gH9y`q58OBRO=>Hf%JQwQDRoU6q9`GX>cq_hGqj`j{$ z$3MKN3=}3B!5=QS@O&iy>Jz? zWngRc*9rg@XC(*D&$5hLsgU=OJo8X6@v9oU+^S|3s6ChsK-?{gn8U12suK1*Z5<#cX z?n@>9{Nt3tcy)p*grw2eCw8od`fVGfSehJrK3jK?o#=_FTR2pxHq|1`^y!kjv&$7@ zsvtSy?V*Y^tsO|weVD7rfO{$eHFC0hco_9DP#Z zwNnn=zO!Ww=f>e zq$XOq)B_gj>hEkiiI;Fo^td6i))U@-y9NDw4IO%M?M z5qZlP*C?U)Vka0Ad_qrv}8p6^@j29F2>D;bZz-da9Is2M>SuKP%1hBXB&P;PQ46K z)&O*|xD>pd!$UB$EstPe`nO4hVBXVQI!Apa+$781cW+SSamoFK5bDN}zfHGO5+f*S zExWnfn*h7Li(4dU4VYRq8E-Z5GkIbvRmCW!un z3{U*4yIMh_>9<#;yiI2!tXp_gp{BdtN!Cq{o{P(bAEeUm!s8W~g??bb3Tf-s46r_5 za1YTdDNJabCsMfRHzHW^M1USMd6tA`rzTGaXew54Z#0C*_ZuDNm_;<6mZ?hp?VpZ~ zxm>67;9t&6QlBmmrv}ox`5(I`d#T9M#Z_FSEzcYmZ<0RM=?uOu*qzgueOQt#p{3MO ziG$ZSW{c?9RO$d!T(lGsVvW?;okq|;oqykRnmx+_3WzWVmrf895b3@d=$;cOM&lp~ zq(b|n_+3#MuD}muHZ2m*h9LV%A_=)J#7eXyEyD9+ZPCI^`8RDEM(XX4SGW(}p!tP| z9WLH)px!!|P$laS;No`zbUh8<@dH_Dea%R4v-ZhhfLmN|u{}WM{L|&@Occl1GHg&o zRP)#H_J$RXVD_~mg9voBg#Lw}_gxUBgU~QH`ZQg21?=6hLxRZ8_1r}|=1s0tF$|~)A1=BVay|;MAx{r6G z?I@7fP71ipfiw%6Uq@V6gQo-Sc)mTyx*p)5pqvl{n0$^#2TsV*KK{D+iLW}CUR@d4?q@uP_t13THzjq8RvU@9xp)1jEGleJnm?${oNu7V0sQ zHKQddv?y{K4@6pYnbFkt<>7ssPG3WqGe^kbWu$q>+#4}{8GA6sG=An;i*pH6k`Go| z`y`@q=L^a1#0e~u3396Je8qM*MZx^JI*Spn8Coia-y8pdD#Bg~?`p@??xz5W+Ukz( z5YoU#U%u(nMTYLE$iY~Va= zZ8t5R!kRUo!2M{mLQ)dUQG%gDv!1^MoEn{$8?MOz|uu|l!f1RA2ej&EOg_mIG+F6$E%O9~O zurMUUI9!R!VI0uuWTP1gp=w)jEphzhS%5s};*-BSO+PakTDeDWYK+4~t zGCkR0a;lPPtz3~XxdSnhGkqmq15&)j#gUhxOp8LX5=vfgaw9Jl*V;I@n&1NzHby82ISD-@SZ-s;!lmXa#*SeI&+@u)bK!sQpS4cS0i5Q+!F>!07X0?Xm*WdQ5ANScy#*> zG!MgdQSUYWGRg9rk>8dM6k@ZVh)n*4=GqJ7!lIP>{?10&6{_9oqSto?(Lu7Ryf3B5 za-n9+f|EUOk&MXE$a=4?jblyp!$dF76|r=yf=Y8|U2UZvX@k85H(dqEyXdqjS96`I z=(r_>I!|5?ZdgY6G=+VE?Ey+v{&*|la(tpaHx$nNI<$vZ`wU8bW*d0Guf+^8jr|NUua9Y?yq(v!PDcv#`n%(6BxyhF$MY}NM31d@=1;8YDcC<;4bfybVkOUxMLN!jx9a=;%~TQ zi4yX)&RLCaH&M{~B}`%l2ADNmBAb8HS93hG#qXpg7fz-?A+zhNsUDHP^@IVaS!2Gh zYR7<1IQuKFvps zd7&1VauFp)BwrnVF21UNN%27Z@3yN90p1tirM8VXY-QVr2|F<4v> zccIakS0BibFWo-215Mr87$$lG7!9_k6EZxu^|kqc9c#cd^u44JZn~&hCfjn@ROk2f zgYhle;zI3DlSHpDlWF+7&*^iuK}p;W=qPW%(@bMIIN7Oz)80oAvU1-{EZAQ4Jvsk8J2 zoUl=RNzBii&S0;!w$0Y3ky~de5bX~WqOi)VLhYj>h3Rdv+W$%ZY!hd|D6-Jj^E#

nd|FJ&9_XjKtdC$Tw9EX9?dVj@qi8`$uMpo=+V95XW#$}wWHE2$=U z1-SSV8l`~F{>Y|`0JF$6k?KkJc~0iIIfq0cnRUsD4uG#6nUU4)rdwV2`!4oXjNel< zV1a<#4ibMYR^fsIJ#K7`Vi>dEP^gJsoS=_D)T&#JRZBlh49U@Y8eLE@b*DQg@jS5F zXyWwrXmmA(?E?*EqPXuJ$-k8HhxU?;PCVq34F>4UTPlfyz31mJ+`H?dJkRXS>1iRk zjO3h*3awYoxK_G`C+3S3jKezi&)}0CPthPLj7#)|WzXAHmsgY7`so=96PxzC25$`o z^KPbENXtLiWQ~3k@2QTN$(wbiOL1=TCH#}7gaEk^1?j85_eocNXQ*yo*w{XiggRLl z<$oSlnn?YnW3NN$X}mG_TbafC<*v^^FvR_A|1QN*ukyqn5XH4f93GCkfBeh}@5x|U zyWN936m2{$wqWL$^=HB~@~VOd&d3ENHsZK0<7x_RN(7RL`XX5jkk&Txv*hSvgE6kB zXd)zQ@v-AueuCp*rqwPbjlBU|BOuD0T>*^QNw{;8SM_!dBC^KI?7?FlET*-euE`2# z1n!&rIykfs-GFQ%Oc9b6=m4cMLpFmof=M9=^5snNw>;3Gt{7j?Rl}UCg~zT!a1ptP zV$$F?#-9%hsbNbYi~4rZ#0@kNM3Ed2rP|29E87B82Ri~_`#jrFuX?#+-JI_??MOsN z4o((sxuwETtYg?rCbYg)R;EkhRa=t%NX13f|<4!NBdsExU zEd|V<_o%I+t{Sc5(<2^XHS~;GpY2b9Zb<`n8mUthjOsX{7NKTw(3r2{gV4-rIC>~Q zw&O7wGFY{m(W<_xW2p^o&Pm8_;K}qZ=)u6OHXLM??3PzT4PGztn2OhYhbH+efoj)D zOi)q#_zI&L9Xv5R(3P|5<+An|kBMJOB!fvPky-@<=M%gHD^9gV`y-vFa>{lIltIjiS zMUHh86qpqMuFyED!>tO>xF9(|wsheQ; z>M#1A;C2B$M?b?ztUk-^+I&5TkyfGyxT0M|#xUaALo_5G=pi+cGFeaMk_TM$J^jiH z#?Mu$zKc-jZ(%}f$;X!%@;E1=gu_=0s(V(pEyEj%^8IM{eMRMyZafdn#LXOMEyU%$ zT*op@X^*PZ6Fmb_%$8WK#9vx^W(VTbTS&4s0J!JMI+jmqyvE?HZ7Pf?g@e35S<(-Yo5;K#+uXvZ!m8)4PNQw1uwKx zInbs{w<8~{n*2l6dKtZ+d&Du_8eTO>)U_20A3s{ZH&}nJNZv$s=|k5_w_GR$E+q@b z++?NrdtG$b#rmfRIgOAKShipqt8mXHs@zkpKvj1-{>SrKzUMkl5 z3`ScLBjK$FWhLcalSkK}ZRy3c)dst9mal7@)sB8_)tr$&bkJ9Ed+b1zMSWcX@`RQ7 zCbgg<3^)f|iv6e?(k0)n2a+!X(f%Gho{2Rm;wu`ln}O(9&VBZmdgab@KPqf zznno>yI7dNZedbUeYNwX*HLjYIb$(1mj3L3pY6TnBuqe(sHwd@@;7XhZ8;7(*?qV(@;;x=vR3udlf-v)aGYwyw_ey2 zOu5feC~HyzS01go{yu7PH17wbRfoeEM?~|=bg6e}T(Y;}Z_A?lB)=eLf6wVwEY6Dd zF!g;z>qwEpBCimk<~wD38Owknq&kZwXVUb*85S&Pom2EfjRPaJ%yD?($;7jqpRu=~ zKV7Av2RPr$6$T>zt`o({Xr_iZ0H|C`zRDyAK2AjP8FqvZGn>XK+#R!(r(+pn`(>Kv z<3)bBfpy1Yl0#LY&nK?`Jg_@!@~?|ykFV5gjg84~N!5nUH6FFKjv-DJCu#w=W2j@K z`5YA@i+~d2uS^B26$L)BVXCBpy!<$+k`fXllhju^<@pD_qqM^TYuwZfyW+1ZB~OGiN33#!L+mZv|k_V zD|EElwCgZ4FBG$Z6|-R&FK!&&&g@GbT_c>Y?+NNZ!Z~t1?|6Nsw-4sJ;mK@vM4=qk zV{IuzFNJF5f>;L&d2ZaVEbZi24_vPIANe!Yg!e`LDK(MD-RiKW@_Se-U6lv(;nERY zR=_n>l2y$J!s{u9Orb%!aAz`&t)iLQck19hMi?W{l9(R)X_nIrn@jmd7>I~~I{QCO zPyr0nX30oM+<5@daBw2-PLGF1$A#@^Muo^PAm7^Ux0zwrC}vv(TfT#DQd!_Sk9v?Q zc?k>2*Q+SVGyh60keHLt3=X^jK8t(b&Jl~#yv z*Ag37sr`gsmv>7$I+9%(!7XW@wj1DSBAFBxR8!gp(N}Lvu}TuK=oy&7 zFXg++z*dJIH-8K$cA7jkz|)+J1W6pQH@pO2O+FiI~?kqa>H? z?{_J!dpJMq7?sJ&r@s-0QlVc!0V;12dY7cZ4f{gaE3Q|h_Q(q-D9zEdvf?mUr_Rtb zOXsVnQK!M=H#o1euq@`4d)5k7Gg=E*x z89Z7^vRYlvrCF7DAFaEn({6Q<_%-X?;EDllMss!%hz}mW(@ZLCrgaWiA~$%}e=^BJ z(-RFm+5{74%$XC9515F#{}ZP4#*>Iz=^M~F(TcyZm4#$D8ci4P=ob)GBT;mfx+^gu z19TVn0|h*KrNcJz*hk3omh&jsx=@)qATc$KX%JRSg}Q;7g{_>kuwXV4PTY7j%vQK6 z^t1*;K1qLiwzRq8K!nT#*V4R#E2o}d#{k(u`N!E22j}4RU_s{8JZIkeqA}q z5%sd>`#Z$e+OJlpoEOurtL|t{6j4=BfWk@yvvCYnF_e_%8{9{GSQf`n#kFSZEQLnv zj#5c`1*gJJ8nqMH)a|v$Az{hB-+>breStr)0q=_|ZPr(bkvE|KAf9l5RFViprbKWl zAB)O@^+vUAVZ(9gU$-RiO-MB1xC%;d+_jEZtIY?IT;2{{P4^*vhTCg-_w1LCWziZr z6IC}yvavxleF_V7cG$*kl2QJkTDr6av$b0xv|5}Xak++~Q4(;9WuxcHm&?JRpu^=f zG)_=2myoGTXMglk~}ovn6r2Fnkp-$ij{z8J)x z57CcUU%FXWmz;@StoGE;#XF!`a9E5HoL0fKc={cK_K!@j@|2G-ifPna1W_uNtj+Es zOhAKtm_bxcT9q!8lS7}~;9DO(cDs$fmYZH;Cv+?7yh?;xuhxuHgh0DQroPR@P3KaC z=i^kgwSB`U$uGY5xhK{hp#xF#P^2Dq5hGE6li&wW2w;=|NL3mjcxrY z@ZP$`jmsU@RbdPgX86}Ya)Eix?`+DFh+=aI6i|72Wl3bAaVB*|1XN|DhB|5%O-?At zbxK6*X=&1B0oq?h6+r0KcGN8S-u1Z6UpSRYIeCY@7VCzehMN4WzdfB4r56(k{u^L< zEeqmlZ*MPjGxG6pElmCo*zhl%{sU?JPjoW^(3j;QjsCA8e-PD=&_F~0E}dg}7$N^k zJ^zn1v|r;2pu_*WO#eV-|7~joh&4KhP=KX(#yA6<|6Q~{G%XNM#|og+r4aFni90<( z&|;F3LgL~-RbPWHR(1<`wZMr$43 z*k9*}u%2FaFjeaRCBX#`$XAWY?re!csZ<5FT(hx43AjjWyGa5x@-baMMVIJlpT{f6 z_+N_sH$5RhDDeOj_j-45sW0T0!yx?DgD~|+@q`Z+wE=XTDE$B!Hm!Nu&q0@Y`r{`YYW6n{`*-th(9O+_N*$Otj^=og zl&Sgp{A)caYBf~zf-`dygEZY^LH1V`Fub4S1=B&s2LrdM8~14gmYxizD}vvex8k`t zU)ndp=gxAU^j4&-II=F?=m#v-cuYwXFYCRdmY5u@7X@EtFoK$t&`HB#R`_hs@7E$`Stfoqv57uR?_U`gL3`zJLl-r#7f)ZyGgD9KOT;^se6aTmS_yKJ!p; zJ*BfBquTgd3#Gc1w3BZ)A_!+k*T`z`_pVLKYM~$Ap1bGjOxM?dsXasJYDzQej@A0LwpGHFfrC!bSK>-regHmo`?&$v<=Y_RK_ z=fRUQDjkIk>^$VdU7q47oU zh6d@0EXXYuON{Z*OQXH4FjnfVtqa_1Z+5TQz3%p`>a3T3bsi}4JoLGcwMzBguzUgp zh-?q4d&V?ekxxu$L>-m_-gZ7CEvDBg9QT`nQght~yuVwwcrY2Gs^Hau=p<+3jTZnm zV)i$s$46Cdk0TPSHYND4D_u^vHAqe4nB&|Zb*c;Wnn4aN3qQNSt`7tUJ|_zau>K7Y7P!q}s|^O8H*$NS!S&jq7Nsj&_bPf`Jp| zi6}d{KWMkTZqUy;pP=(o%)pYSHG_+~83VdyI+;6jle)&>)KB-%=v4NNU)d?T4TymAbzcM# z4UK31!H1*S*21-flc(MT8g@rkb>UkT;z>K`@e?(h7{THRGns@QswJTS?-t(h%zI0R zgzOidtIasxzS0cMoS}F(y)oV>*+d!sUG;TxO)DVYaK2nd-}AXgxBbBGbUvqToHsjC z>77m9KzMYSUijifl9b@n&z?T`4N;_8>z&G_Ph#HZJMo#U;9Ty9*uZtoO;PxT&9ZK{ z{a1YZ^QaQZMlAP~YqeSztjF3xaHi|^6l|kGzw=Gm-YK4CCEf6AXtJ$dUD=ZqE8(IUK@u zQu_tbP=QSupFvo-Y-$<1ES3e4i_ z1K5yijE*R}(C4%6D7;TDbU3tmOy9Nx<;yy?)flZ27IB#^NO$%~+y-vd#NHys(Imw+ z6JzlA$ZidX(fX!mX5}4ODPN!l5_;{EnIvwU=juqr45pYgk@0#D$taGE_F*EhSim7u z=Uv6I5A~+%_Di~~d}c%;k@GQg#K8?PS{ zp-l`IZ{X>Nm>cAolD5e2&DlFak&8avnth{&3B0n047gf6NJ**J`b`&Ou%d%z^W2ZP z&43cEI7)`zm@)tg0tpimBV_2eWh6yE-I;}G_{%M?nS%vjB=M`7m)+)6mN@Y>k8rSz zdJ^kso z20q5?;%znpGEvs(D!Z6du`ZAVM zVgllKSEb+Xv}#G#l^+6)WUCnI6a) z6CEf{t#4C}^Z4K`SueXutP3&@YAwdv1Ku?k9o<p3UH~&@LiU-L%U6UFKURp?91&YZeaC z!QnwYyOfXwUjyu^IBhS;_v3PACJ~s&CnKz+;;L(_LaWNYr*oWMV)L4$8W1iC_L18b z_gBOst%6vF^zpZhh{|Nwgkt8i-;VaTnM`5s3Q(af|LvN}1G0oaYS!)*e$Dp%k!|15tqfiDB z{#ND9*=PTo9R&a>c;^lDh0H+`8oMlb_tLkTowZQ{W@HN3+6&pmUST0~II zcsh}IcNea5ys(dNRlbv&YKXo#Y*6`Wzq3`Mw=?W_r^86nQSb)iLFslbQLvvJKNqho za)HJ^^{GGFK7rW0cg&BT)KvR7jeK zpGZD29Mt*4p9X(^>YTkkd5U{NwcHE6Q-Zx+?Gtc!9*W)_aiiYio&6mDbjM%+{D>q9 z?P+y6j^v3VAiTzRqsk>ggG~#Ad+yvBPngta1JzAsKL1JPo+F8TXEBR?e!4jQTfXnu z1rIK^v$EVBu~NHeaBwyEiGD+i35aTPX}%u-AcBz3XW0&j9W{AYaoJW~BL86Eznj7=y*t!nn{YIwDk zgtrvl8a|T&4JL1~z2g+G1*btTxc+hp#ZWq49^`@L}U^P;2waffq9VIQ8eEDa3)I=`a1zSEUTj`|YS?;rVCRaoACR}kASw*H1)};_?BR6JqDcg0 zpX_B2C&F*a7>I2^yB(Cc;mOdk#bx;Ool`-7a z^((M?8x`3#8gr_v7y!+t4Ti@p?BC|U>IIo6{yk03YS^vt;;Lb82%|A*(UTov!uGip z7`Ix?C;6AXEBUAP!ckla2U|GdzV&63>4DWpP%;-oTivw^hJZ4p=e@zs)esk0k+I%F zPhJCOQUxL7N&T-M*8 zw?wk@3skX|YyLKkzHkfG(Wgl@yz~!zGFg9oI=kI}I@;}={Wy~Ba%xvsv%4_rx%>*q z_9;%dB*7Ea4$z@}s(To_4(PP@_<`TVBQJPyfAO4G=k+~%TP$VjrLfr&<>?EB_#8tT zDY{@&{gzHUs%Buc!0YdQ^Q3&6(Nn2?C;qrt5PR280D-ogU+h=*`r<%1I<=VosMQO;zDx`U1 zuXsW(WkqOQBA%GxYx-FI+nTqpyEyvVXTZfKasb-&R&P$%45#w&a^T<{_U*p0nAN?)Nv;!{EmIU zy1dh9!&}Qi=M>J%6_42`PH^PFgs_B_d^<&>y_69xWQfdrZMfyr#{m`CShB;)ii+BD z$;4j)?mi#9=ClJoHKhX>s1#gSjBApeCH;TwePvi&NwaY90KwfM1c%@rEC~?YJutWr z?ry;)xVtmB`#^AacXxOH*qhyV_dfgn`TpNO^PK5Zr>jqOm-eY@;cVaz)8J6_*C>x$ z%$3o~JfMna`zdAd$<7$78>Gt-kI4KJX{I?#{-*@p_o>S(K^Q0UlcD_^sgS6P?y%RC zo<7PtDf%u={$*KuiXNX{9$o7-*EFyP}T`C};i{$0CxXfHr2r* zl34@xuexf1qNly57UOOLD~JJZ^Bd|P7ubhffF{WWz**K>-g{wjV?JRnXonZHnKKTp zKv>EXv0smCQdY+^sZmrF0_!O{=#5wuI^=R%LHmLb9kv+?1Sc;WmI;#)zhJV{+q}rE z>&Lzlx#_}2>Fyb(Zkz8+Y5vT}qVIZ}RJFGvh%mRI3CbZl!xBT|=kF?#+O?-^HGqX(pvkN22p(;XC213Qye9vI!l+B@1TslFxk zOGf^Vd8E>8*cM4aW$8vcx%bVnFXrehRxD{pD=7z)v<*Hr51-HWCCKGgaCY(4k*MOk z*KMZXvK0f6meL6VAl6Fc;(L6^}}=Re7Zk#tX3?`<^Yu@ZO$$bXO_h2X#@@i$y_^5cqr?f^S1U8qG3bLGX2> zu|A;ZAbh`!=qdDK)tBCjT~ncLKyP4cFBtEzGzOx^6Af0+HX1q38}UaD^O2tJ!iLS| zstD&f!VH^}aac35(*K~T64!OQH3`jm&SE+0ihKX=Fi7@S{g-5`uPFnN4TBOU&-Sv# z2#jp+qTU{+TCr7d12-kA##)%ea5P8T1c*TBmRYl9?C)K#yHazOm_D7N-Y1;)OLBen zUXga%D~nkg5U^Vsqqo9qRlniAZ=FeB(6hbY2Lxoc?m@~Gf3smTOznoXDVV`cszV-c zwl^p8!D2orf3aiyw9JNN-rLgMEbc~Qd?Og*&sHXCO}_GWFZul&M`}c%>mUNY24nN% zH4|I)V@dm_FV{Z;GJn*h;PMq*YP3I{1{l8ICIPG>7+l{fzu5xt{^G0$?j!T;#E(+tF+HTcr9;7uM#BW4S_?hk84^(`WMt z;_WwLkz^qfC)~F*%iMhy)zlVN2e<;u)IV9moI1klu){PG9)x5uF3AX{B#j({_6(zu z_Mp>3=8P0Bf?aNu#D1lr60wQ&J>g`V6YQ;<5=6N74@g4_mgd^)x zTYy7*^au;04NZ5=N;E3=7|FIP%NJN`A=oDZ7~9OK&)AUrem!tsd&S=d?|#w2;eb*+ zXWV$Rv>1^-H?WTJ!&gKSFR+0w(F<*6*yD@i#=vL*92ggA_m1c2?2-qxrFU1LEtwz6 zA`#S`*-SDvffJ4XX|C`rBOah#%Tt% zz=0XtpZ465a0ntagQ`Uy#=LBH!$H$;)Mr(^tH8Igas8{Puv1f0TYw2w*!4tsmqCmyQzql)}<4RTMM z1KiXw;Di`JNC0!VcEkXEObpvji8)PW?iLDCdkxJl&Nyy+USP205o*7C4(p{f%@*E_ z;03n5_4XjzqqHXxEiLV5JYUPn>vxIM&Uu$rafXtjRT9WPIBNv z{N!7rKbwv1SaxD!vo4(PI%H0yWd3yK_5qG8BCye4r_S!~E0Yci{!~BA#b_!^>Fc&Y z(Dc!-p_#PD1Drqs)I8kxCvs2N{*=LCa8Rb@DU8k@q1s|CY>AYy@|#8z-2Ne4=VnZh zczND!4esxD1@&>N%+lD>wBg@Jr)|la#%z}`q~h3|m0$(;qLMb0Lu0pMKI*b~T#=is zu9l<2;urUrzzKBY5toG*xPJo9F;h4n0IV`F#D?Fz;ibAV`Sv+nKmaw(|I*$ zQsiqB#3TDzAKq-8Gi*2EBiyy7Cu|pY;o?Z!etUtYO)}$_>-Ab8CK1BA8exhFLd-1j z&m)DvrT2Y8)VUr9_%*W0K0w&uAJA;LUILsM@6fu2;^n93T(p8%%H<)a>v(f5-YoUe zh}-}2HyA9JyC$lGXd5WAW<}eD<=$W! zkA3j8mgbw36;dUtVP{U?-+r5<-w(#W2*M&qun=c|x*>h{asf*p-e}T)M^w`D@ARXP+5qFkp&-yp5p%cs}1SY+A*ZHks$_xBE-Yp&simM4&#mvlA zKQE8is!2rGSo;&4^}af?g}8bfPYN!g|G+x zUYjp+B@<5XR>AMQ#y#MS2@w?L2?ONvD>*e8Q+k)JxHcs49JseZtrs55LLQD`JX~qF zUF^s2sVvNTBHqg4`jK**uK8@XNmeL#B0wIXIWwG0VyY&sv2+n9O>$fKO#F*_|Gk2^ z?Z_%r|DjHjhT&so}cao|2t{fcFxy*H!x(I33UTl`IL8KZZdAb(JrVOQV)T^sI z&%K3ER3}*QlBW!_KVV79w=0sXogL}-)bnv|E^P>S3ZwSt4)&j$8f|LOs)Am|#vx&|dp1LDQ!cUUP-=I+HcE7=E4>4^da%#8QQ#X4{{CGCjqDnWi zDsHwS#$6nSZt~_R2l(4crL{?*q0>BJHlblmNM$0a?<;}j1 z6aN`p3N_)6G|W*}{4ni@@e27A`^1x%sg=rSv~hm%C#hG4VRl&v19*;z$kdvL#~wm= z%4PfrsE0H=W0D*^!Kp|YfyL>B!<&M!}?Iv1m9 zxw>w86_zfb%W#l|=!qRPp z*4+e*?OT!HP)iuS2c-4* zVQ};mLTT61V;Yg~y=VAAa6{=|6F2o zJ)vl--6rt!FWyWUk_#o|ZjA=a^vGXA%IQij8N%4^sOpY;eE@O^+X^EX2F_2eNG*-$ z7GtE9oGu(OV{GHw>B4W>7(81$1myQeVu__HH#=RYlC)KFmiknf-dDELfaq{=aGAX2 z?;V-L^4sdj8ZY5r zX}RCaeoQJH{eo&^sUpPSL-8eVj!)~WsXs)fc_Iy6S7L?)5v1|A)=%J**O&4C}|M&LyDi5T*t{fj* z0U!bn{81~%RhL#L=7VC{$Lx5<Od5#ibY=KvJxQ0hf6B|tTW`)<6Cb{AR0m2mH1)kT zo<#f7=Y2=F*BAbPGCFhz(|PhDAgOghAs3+M1WGb~S)EXf_%iZ?c{bh!Ry4xHH}i$> z-D|dmc-_JflgI2E^_g>Ik+LT=_`>|tjvH2EsE0DEJip2uYDAi-YL(Jt85!wMUH0jk z7g%zV?HqCF88kvA#69UWUu>SwD^zVSxuS+iGN>5G!#1!Kce_HD+$Dsq#Q`4%q`~ve zACJ7CXsnyOQ1Vg!Xvz}Eu$u6htA1q0XGAt{&s7ysAvIW}HzH^=V-ouo*t4JLo@w9#JSUD5?Zl)Qqq9SYx%NFE|w zV(~|}Vq&5|K~EFCJB}}DWb>T6Z1+(7My{M5Ugf(mi{Y2kkc`Fd@PR?y1t=Wv$!NUO zFnMA*iqgY!bd!`O7B{!B-WN<=aJ9s38+PGJYI-Q@bjY)hE08?FgO6>gcXMcjB4yU} zd?a|_;LEc8RO}de;CR=r@&kqNRNYp1x|~5ypR&7?JXp(Nn<&3`p6MC=j7;?R<2$Gb zl6u?4Cw`?wuZUn(aoU^d7hN9{=`C^jp)&%kOGS+6R$*X$geql0tbT*X2f;+#v*EZ- ze(?;D%)$mXufXp$sp!!0aWk{hK^cXQ8eK)>9)64c$TL4u#7qUB?q2)WY*#EWv7zCc zL~cG_-UN=vk+vcb*PD#YZt78&fe*-nl!zC0B1f<>esTJ^wKD zL%43Ph!+XphYKEn{E~db3(ii_3ZbSrBQd`}s|w3q_uZ9773hVmvv?&!A~Eq>HkE9t z+9|v)2Zh)iz;r^H0k4M$G`;Z_=9*f9BFo>=!o! z4DXDmcl}b|=~X;bgnsQLPG+^|YVX@9%?Bd%s!4BAP&mx*e6PPPa2n{Sy)@1bAE3>^ z55$PiI|^=(H(j?5OR#Jflc+n4Ia~%E3ZET;7;esQY*0gi!6O_UWxJA0*pH2o&J)?~ zj2yMAtE8WvCNWgOI;^^N&lucx7Zdr8GLxlBh{7>K?QtTNqMpS3F7F(T1!5{j_=oKE zzkhNL%~%zacd0BD>$X)bvhO^{OJ5&)Ne;TJDAQ>zMr9*hY2^~_zcpn;5T(S{MhAWt zFr-1$8Z$f(1GF)|u&1r42*1yy?ahyCs**F)KFOd`m0~~aLu}PV->b>*SJSOMMUYw$F(hIGIFQ2r3ZC zuo;U6(|(*Nn)vpqfgD+)ZshCX&=%LDB#P=-*3+JHdhO5rd>!nHvuDxs&A#WCHqRUL zZi0)v!LAa^<(`WHDQ`bhsB)L?WWoXZi7YxA_{r*gS(UA40H@M}r`UAz>QU&IUYA;& zJW>0doHG)}Y$`Zu(JUH;qJ?Uuz@Y?5nL7esOT*}ImkX+o9$bLR9?VB-0>+JAb;%=s zWM5t}p&026f$lzvk%61;#nP!{umCX2LenQmF>FcO^p+v*78B>jt~>Om^_L5elFQJd zKhSvqwMM>HE{s-ELqi{*p(o{v8I_%2ti@rBU!RJ4piezt7~IqM#=xxQ@_l2nuI#h9 zEf1|^5|)1->@WRL$mj?fEw+c0PLj(P<+Y!m zm+9Wmgsa|8>7hfZQfMd&L817fLcP&W4x|GES?H4x+0-BLl39?Kq+H8jzDjncDHZMt zI1|oGOn7-)7XK=WZ;brRUvyrfxMTF1R#5Wsc(4=0*GSun98Cohi!@nyeyoBV1f zuF|D_Rw{&}^_Cy)T>%8SLJi(?3TJDP$n229s5#+9AW`Aypt|1YttDMKA4tf+vWcl9 zV+KWj=Zsc0?=A~wgb8b0Z}7&c2v7U&?bf@-E2F704e8iL~2-g)F|t0K#7uE|muBKWP%A)zp-$)0Eh8=i9wp3a2b^mlFs-Lu6oN z6pB#uk=ZQ*U4FJP_x%_p&Sw7fVDwxq?vK8J16)mr9}RNI7!k1bo}YgL(?8vfyH$R} zmx|3&y?wVa?e71^%u#!(AG3cmIeb)|=yW^A*gR|KMTH{K<&X`UQPiH<0FU;{ph{jq z9t4XUK3fZ~G1HF|DUEw^F8eEzTONw9rxjsigkWzk$~5Im9~|3nBjkflOX9TKBRfgU`_SGV^?LFKR*wyL2mAB!-GmIJb!kg z%4EIaJcEghh0jTJbhN^D98OM*u#8kp`n$d~e5QvH)B102eGD8MeBuf5!n*?-}q|3%$I65oo+_U@Wfoi2s&INO#rr_#xlZbzDO7> z20ng<5_C)za!Gbr;vh|*KD|`|1-$_ow034oO0K(Sd;Je?(Q(Yz>mDPzrl3 z%ck2OLqnU?Lr`7#GU^EE+?YT<-AcUMOlSB+cyBS-=F*6V=(-2IG^d9lve2COl~LXr z8=Cu;n#@Z6?#{0CuFCxf^=^hjsK1+frSL*!Rak%>;t*L?yS|Tk-!3hW@F%btyMumB zPs|vf6lcANdCGPK^G+O@;n2U`sY6(*l9*UC*mcRVEldD}Y z=RNU-2Z$M3%R^X%WzBVqY@6ug++G`yoYqlVGjR zVhWux)D;;?%C)MBYp||*=WNb)=XL^@w>qMHVQPCQnb~-hw25VyNrv(wZPHJTWAbjVjlGKcdb;CchKV%zZI`KZRsYhA76Zz;h#F3v`~mo5OX z`BsCy_3fn~eD@?AAeJAcC=W2=eu}j1+>7{Ht%wZRBY4k?te*3_^+6W$67}3GM+sVC-45qtup+4lUhcH0Ih79ocd<9om+8Rb?$2a2&IP1>kZ^v(m#IO zZk9eSecE(Monx-R6{*T&zTZggsF|;2z29Cq3D$gIUs2qlyoFR!&u;~}4R^fbY=2_GVWvkf}!HASc-jDvU*OMKy!V3bNO zlUX8amY!hute1OYG*^-;>6?M`d;uvRa%(-o0!oyaBOiSItahT&{(| z!hOo#f+e?$&zCK&kDKHrRZnFpM7Q|FE9yoLJYR;Mr1t1`(==(HjB3^&0}l2_?hPkg z+*8hSA2sVIj|Y)?O1dgyIj99rT!~Cr-;#^V=z^;0@lXZdKtTWg;ga>6){ap~i=e;e^KVRwWnQco z1MnVQJv|4#|90=!AB4bt_g?cq(EosX9qSv_JC5%{|Ak6#p&%f& zb(jL}ApXmXWVpTF{J)p{|DMT$4akR^lbQ9dkO3vDQf_B1)7m!>~6W5*1+eo%2@Vz0NTISXWV8>h>M}I>hwIMzCZ~2cRz0+OT93lo6h^`mb~Jl zt@d)`O@~vs+r4ll*)?9*%n&h&dceO}mi?>t_F!V;^}N~Abo2c_XnzIliDZH|R3Q1v z60z{sME`n6R3`82a2|0{LThO38rj#583@^uLjToqfHJAwNLjk)bHiksc0eur;!!-p zDP}K#R>b39%u=8LiHJ=v3-)+gi)_RP%E|S@?BqN-@2@{~DUT{A=;%r~6f3l*!jr z9+n5Nejhrg;PxR(x18-OKTj=IWE%V?@1&D=YWmW) zXcfQtSUIN#UY)(@Q{;5wpabd4T9oCzbAa?`RYFx?vCL|5q!I-Q8T0J?{n`Oi8Ou6N ztehghMU*!_`KiJErxFyCAxuPciltHh4-}hro|y>OqP<8iN@S->vc~Pz+4P>fQ6iu( zmA^7gOmlM1Ea_-Al?_sPu3#W74Ky9cuidUQr|WTKCMRdoWb0-{<}Z#!T3)W{Xm=ND z26eZlnmq1wIXw&2tQ*YOw-B4`&Rcb_*tuxb)CQtLa${XKaMfQz68#K|4qc43hX2+A zv{`V_+kY^ZIKeupHBWib|G?K!S@;=>?^a!Hc*V|PRjI#ZnSV_1~-S-wu3 z?3-Q9o{#4rkJmGz$M6)lU`x6*7QEn4&|RgGnLZJesSUqocaA(p41K>a+UWWU%C3r- zMd4Mn+D9E~%`dywAD+xie~@=jDi{6oBs;QQJg!lTGEvaY2+!eI6~ExLYR4FnOmsO zCH8Ppy$s1})|yb%Rchg+E{o z$>Z2ay=OekC_>G1CbP@5Sf#d%MZuf-IE-hkA>?i3@PxKO%Ev<3jESiB5 zfB|ej{VIoHhWzrCcu(io*%n0hgF@@1So;9}CQu=zs&?`2tie;IBL@^v;+}r!>b>>x zR!T(OteIaO=J_Ej+sr$Ew=!bnX&QPN^1;z-gn6=qc?N?66vc z3luldW1u`(de(rkl_TinxmYDvqOZ`T<7}OdHqV zmOwwYHcEM=<~QO0;j)b3x5a8dx3AgrUW7R?_P$bR9t{;GF&PPuYL6tb3EX0pOwusY zxX%;1U*EsAN8CP@F^84cd#OIEA-|lfgsS3)MiW?@S#J0QI^sB5OXi*yK=v>Bmva(O z&4^S~bRFYWaeTS8&yuBWnvhTM&HI}n)uYE(wRa47o{{muyC!u@2(V9CTzxy^-uo6l zj~I)}Iny$MZM?4Ut^vGsQcbCX$wbU?M)ML$z$<+QCuu|gft*`yT71aK-}0&T4FnTE z!tei+2HsBu>;r&x$6Nsk+Psa1w7?;0^^KE-| zLF*Y7%ao^RR7E!@%`8L#D5DKM4F^P1jV0io*|Az2W$qg2XogkREF+(r>3xa)1DL&j z2FJ-D{Ih!rmt)EoVs4GggrWBmhdkfuYMmwEz>;+aA;*#Vj5E!k2E=U>p?meCO9jW{ zt8Y7J0v(Q(RuV^4~gFx62fq#o;Y0> zcKIlIUyjR$P0kwn!h}=y5D{=OxYY19G-9=YZj0|Kx{fuh4PW-<#`fJivisFpzEqLy zn@KRIcEpkKM{UDIKT@gkNKl-#oG^+zZ#pA+8XKPKyy;3i+*MKA9zZe3i%Z14ShzRH z;|)SuA35h+p883pHRdC%z`hyoZ1J4auG#Y3b3OH0rd; z{f$_-gZ+>TV&K({kuDLNMsG}h|NcFUP@cRJ(bP90*X1mV3N)T8N{wR^iI2ACH2N7b zJbGTwi7pNJkL4qbrb4t2@P+M`DQZg3nDz3p{vQa5Y_$4JehAeBLWebgV;lJ^<;=`2 ztJf^KV}%cP;O0Vv|TwYg#%%|tkrJV1bhbrCsv^;iY_Lp_S8;MlJpz8lJ zo?;OWpZE1jUUxEZN4;`?S;2R8z5tpWa-Pp}#WdZi`(b(rMuIKzIA@G^ zyUQG1Ic(kh0l4=l!v-HYhgY~ymxh&;fu! z($66x3x`=WCuK_GUS@W&{MAzPoTj4`@kJYWRHh)lDW*-Kz;=(rvk@Qf?A6$Q8Cu$n z?}&$CN@`NvW`OC_os@j4d5^Q}>Q2h0BaKOhm1DP}iLy$h<0G-S=?F5FYlWVR z1&#ZUC921lpfaGjX9#eY1Z{Ehr9uPNG`K4KJd{kGg-4C2A24hz^sAF@dv1azSD^JW zD{8UHWd#!Wu?)~vVm?*cruZV?;nRv z0#BVS_U|2!_JV2)A2)184`?mP8A_~u07l<)3L~!UFW8We^ReFI#eTnq5XA&Q&h+&!c*q9hdD6FBzJO0 z6htnd2UqX(TSKmr!q6+8r++diR?k(suCdt?FIlNvs13ZGNAh6jzWS8vxU6P6-fL)f zvQ$D+=VsB)SSSXnYQF4Eud!X2_BDs<0{spnEXB%`{Ap?Xl?k>-)J|G}VZ89C9`Qt_ zH4uwShR5o&uCb4&i1S~w`U24hkW<-suV>LaU`5rmPdJ6WX>NR$IvC7c{joGkceRT5 z>snl{gT0fqA!?aNWX5XpA7oss*EO)i6lMbW6?@hqOs}W3PCw2vn#pWL9Tn~~^!??< z8T=tH$QPi@)5E#1ag8)&pB~fGuaYUPgL$7_-K*Cno{Z&U0()0zi%g2u(@{$fYxeFP zb*hJX4`Nsj$SVxrmP1z>hC-G6))g7kZ=I4mX2Q35fFv9TpN zrij$@%UaLqL$IQ7#3I_c9*ddmX8aeya7J@#8Kp%}MVHdB|b$ZgPBT{_1DKrK^h9Qh95Sg7&SY8NH}!eMu) zf&4E=Mpj(AYtsY&va+sOo_VZxlDXV&qHkWy68umwUpZJ2LjeC0#j)fzV4(t+t_o4-6MbYdNV7uD)*b;UYV|d-@8Q}d@0rP_)P1V&TQoSh#?~`TX)e^ z=(=-ldMGedd4DV_^{06u8`pMR#$QYE)4A*8YfVkV{Y5hM0~OEGC75UPvTTp+dIzFQ zfT+Y=dg(OS_Nix?P{-9dZBeTvg0TYlxdPwWw&2wRB{H=>{%ex|Hd|_xGfo3YuCl|& znXhAdbw$@A=7AGk;oM0y3tit$dkG-5+4V_{VgI7tKb+;ZGIH&a>&?Gyf`43*y1gR& zaWXs3`j>9~XJ83~^i6lqKO6o6A}#*ov8&T@?!Q|82?eR`2K%?A`uEi@^;e%<6@@YN z%Riz2?BNxa(SK1^k-u~YK4#6dCuB`I%Qvv&AujPNmo?qeo zs@_PDb~xMZ5&V~B@>)IQjO-sv<3E$}*6feCB44xJzaw6#udzzp^uIj3e?IJ8j{O?{ zobHg=`Fr?(U%jHj`zQ2YJ^UZ4|M1iQ5%BK?@_)(QAU999X=t$azO(+9j>0&6?J_w-CGdQ;cqcObg0 z{O<;a`qU4}vI}k{2~PRr*n>0m?R1zfxs4VY&1r5!xVV|!Jsi_seOhfLy;feYM=3%q z2=vKr$4}wC9iFMBm|*i9c9VM8sWoNodofJTWBA5;U^1^IEl~GzVmw2+-mIu(6cHQ& zaq|0JxT^nfLrORuf2**JYs5_>Q{()DSnORf-PI3Y?!vMlEuHvsAhDV_%@iH<`soe4 zBM(N*GV#Fjr5 z{M$G2g>p3umQo5K;i;3)`>W}}MX?}ym5zQE!nP}y*m#p^#~8}%S~om$b_)xKEtuZl zmc1au>%NmRB5V-lpPq3v^!e-ga=4H9FKfhDrSytxD6Z8yTk2u^1o?xB+3eaG3>7Zg z9#+%+>+t04+Ox6}B>96aT9!5w`ObI#xwH#$>02I^s?o$mg*gK}h0!qIc&%oo^A5|(UdxpF~N`@n+S282==0Yp( z@J%d^cYej4NNKE3?I>@?NTs7Sr|HiG%o`2e*$7zX8gg%$b`y~=Wzm$OC|8|Be(vH| z!0QqaU~~dH(DtpQWsa%5vpP`lUz%tsyGeAw&}@Qe)ud`lE4nNZ4x_zcJ(^OzZ+b|? z!#PjHD-yG1xc&a#Xxnw-@M8T%&4!R9At%&QTpyu%$t+#!p_wOr4q`Z+O4wx8ePan! zs3I+I*qh!ih^F;t=l}>Q`Wmx+DFlY)wft#UTHQh~QurK|ITHMI+6j66HbIa*gx)lQ zwIg5HrikK$*%mQk!Q{YnZ}vj3n00s%HXDJ1at^itYNpok$!rUi*@%X3EO)zy8VMFU zla1{{9f47iRTRcxg@IW-`}7qeB+lc^S32Z0cP1v4_o9iG3gaARZYzelr9ZAM z&y)D@-CVxyJTBs4)z(B9zN>O*UDcN!^C#)18}^}Z*eeX)TZhr2EFBzU3SrB22p;QY zX(Tj$tyBPEDp0>!oW;M*qY{*xtTc&(xE#vg_@kSfh8(BJ%DgVi%$pT)5{a*|CB;hd zyt*cdo4WnltzUM0ER}6#{9aNW)WE4e&lwVX320fY7949kxXtAj-y_U@lrf((7Cm8= z)8D3NWrIsL*_vjj2B3xU!UX#_OHZc#Y8OWg1)ks>T`J!P{>UsT$5N!uyv zvS7r}Al{7PqWPYr0$XH;tdF%SM#ei}EFe zV{<^EMtAb}pT!ZsF=t<2wDU8neQh0sik~>6u>k<*q5e z_w!{DUtKI^M7S`@nK#~#pN{5hC7N27a+{-GHr1h$L@{1voHsy$lqEBwxq%GZEWxQo zoh^LSI2jEip>XPOkpG!Ji_QHqw`MbW#HXDxUlZ{;5x7!!;0}&zhZ?qzZ>B(Y7mHRf zGCeX(Rx)Jm#}0ozeABl1G>HY$a|T-jJ+6Sc5QF_}Sb+l3>Z^0Z(h0_jCaC5Ds>Ch| zot+<;JMD3s^@Fc@^vYD2pf0hoWf~F$L<`(OIPYtmeZbH0xkqIdQL}q&MaMeYaAu2I#D%rCAK)Nl>%GBfu>W%HF@(-@`Df#|~W+?yp(^L+s$1q}h>y zpUg!eD+q-row_G*hsGguztj!Gr}eKw10cBSY$0sQgYbjmJvJ@z~(n4sDhb?H@|e zn+YpWUVK=5>v})O`gtlhlUF8n0;1fdF6hEjgzGa5CDJ6jZ4zCFxUGI8 zY?19~f-+|;kO3jLCou)?gdum;|s;#K6InlG!I~%u$Gc8)JiK-Qulgz

);`=THn=21O9vCt_CW+!TqucCRAe*?RbwJAl-alzcy@uuFo)RH>P z(=jwpb91pH&Tw9p{lZ4^zGZHYXmNFpZD5XNO|h%1`_7;^3L#wXf~sg_&mn#yz$A1? z$>x~QbOS5w+$W<4r^c|UYRqHz^6NmoyPhG8BkhBH)=(Crn}@szmFY7stI2K+={WyM zkaR}xnOST`=d`s41(`!!rOA~Wuxe)U=y_|zR*LhI`YiFI^;BO2-)*AU*e&lvJu6}W zUyJO-wo}z$?MV%f=R9_b_4WF!-2P#xr%w$CL}#yUUPQr08xh zXu9m3f&PwqxM6$qU!sEGkG=42x$L0;DeW2Xc4K>4jt&ZFWbQ1ucO|z3P^!HBoCgg? zUMR5AgGS||hm_+`=(>K!Z>E*n7_Q<=ToehNu#X1LZ3KR`C(*trHm6aaue_OhaANd2 ze-MI-eF9^@sR9)20MOrl4wb**qI*=R?Ve*1qbirn&0g86Ops3$9jMO&OlCjMvAcU1 zRdp_sU(UR+gs7yc#@0@UObBY!Ci2h^8B!0axI`GXM%sOeg26hRjj8AZtN4p(@wN$| zG{=}5RW>dZR}>N6;h8i}kk8zrx%a=tj8&4zy8kd=U%zE;Zh5pFTV-IC=%HOaqQ>A0 zlPw+ix+PalGqX^mEr0*lPCXIcZ)#r?p$Y4b1^Bu~c zyu&AE`Y@s1&CP$Bb`vnFkZKd6f!9;i-X+O1YOeQmg(|%4VHO3u+ZCpcI#H#E*q*0H z)k6V@H!AXBwk^eEV@VIgCG>hTlJJ`pPRab>-XRJR|Dh=ovXuGc*R(UKV2_5nGinOE50t?A(7( z{Ek1yn)w4UT0OqA7r0$C?o8%~63|R{MQ8blRRkn~BS0O^CAaisV9bC436aa6WQKyO z+GLZfJU=tf?$Bzed*%*;Br3dQ2bgR?L1ZxFtLEbA4HIiuvE6jUKA*R~v#*51tru-E zY&Wo4sH}rKNlQ;YNT;H0^plHJD`l`_u%12d5bUEB*lZn3r zdl+@K-hXC*zkPD0p)_VxusQTuKmn^-I8&$wmG_FcEOuDFbClVm@T*lN!jVbhu3zJ! zsy6FMGiylw7F=p})_W{_c^^-MB#zj+J@*XrQ}!<{>Y)?Y=m!6=?I)x(_y?P!F${lrcEr;UrObZx}Ck5g|YlG9qr6Qr7^8%!j? zHdzWk`o&)Yx;4@^A+9%bpZoA1`sI%hpc}3&r&gkSOuJMxY9`aRW6fuxPqg%N5o*>O z&|D1H5E$GIidCl5Dr3#TY{!*qChgS_aW8$I#&F){?>&c61y?g*QjkVcsnGJ~h}9Pu zP@|gId2@!pah9SbT9pF5No+0;wqYBa=Xiwo^jvr#m^J2W_&a0{vo~8)v9JZ3H% zj1|^RwI^5in};aa)RI@3)BHsLA(`*{*bhcWb=F)oi zb^>`b6F=*{o^1WoFrC3{#9`s!K+ZKO8_9Ne?Ng}ENPm#WxUnXOhjs6k8&G{~iqO$b z{~J&KpDRN8j}>9NXnduE9tceRP$H&eI&X@|7HjlgN#9PrbCkN$I{fdpl$W7Uc# z&Uc!MjSGsnX}JoiRHBY+nhW2l;Ma0RQcn9OVFb>;(}QADpV0_SUmwXV4b@n!5|V)1)#(UtVI#2ZV#J+96baw>>BH^Bj*r4pn`)H; zddtD_4gbD}{|%!1B6rKv<=s9yMrL3juBHGpc|zSLprIYn8zZ?Pih!%EduGy%x3J3u zIN9p%dUH^jm{{bZ0c3sD==Q7b_HotR@HyGIM@Ak_A(+qoaW%K+=%*`vki#4IdOjYE zG%b61Xb2U`X%!XSmZPdmATZjaH?pcu5b>wxY_|6(spJ&oRe0o{VHS_g{9uEA5 zHVN@Gj@e`bEJurS#tDCW`HgG>&_vBMJ$SS!U@$mIATM4QpHq3T%f#T&0ZYAL{o-|+ zS0#&F=F*gp7V6{%E5e2{2ca3%z7XLCHHfZh6vDlGnk8p^5}ej-h;a zWAGdl5ea)L+)|qAT);|ZexA?3;e*_pDqjZp#oFkEiiR zH*t&er8URdLC?6uB&==3@;XN*V_Gv2YO?*@F%tpFj?#)~NzC)KENfJ-N&R3HA?;(_|p)<-bK7|%ssc&%D7 zOiv2l_XkH+enkD6>a9q#ZMuOW<$@6brxC+Q``8OV>jfbdoRudphRjb2XH;FZnYK~K z+%o;@(FV57hg|(Dx|=Ku`Y*>HYRqP&kJSAiqwNO>F8f#0f+K2j6P93Uy83w}*wSD0 zqR@+5Z>t!mk*+^Dm&~nA?R?+;y z_y~RSX?Ov8$$g^9n53+C0&e~_OOn*bwIV_*1uU!Q!fR>H5tD2PE`~Fl_j^>@)vCn% zW_=vAbTSL)?$Fq_=)@CyjcbWLpf`%Z_ zc)tj`-j_X3&fc`cr!$`fDQT?Db_~wFMn1o$_dK05x^&4M3mr9vAekddZat_JPCC!* zQNMy|5%=-4vRCz`_Erh2Z9PgHp648Ok7OUvZ)x6&5jY#>TWKP+jq}YF6%2HQR*4@} z66KdRs!Kvl_AbXchYv`l&h_z7Au8_9ccZt=y_#Jdm=uxasEXmOuT*9bZK3bFQxb0T zEN9Xa3}v}u?{vzlC;v$@fk9nX|9h zh!jc7$atf$XT@3~o`Hh)c!Lg7IiYoBRJdUmvvLi7P-;D>vaBA)zEo=NIuy&E+UOn~ zbC3iINtYd&S+2E)kf%@eoIovoV6zhrYbOmQm2CQNX09$VN-i7<+whGUo9k$GK3vEna{9x;^Orym65VpG|$dviV4Hni7wdyeR%mQaX=V#H{{7jpxlM z3G92Qsmn79OOdD~5^JewQSIqeF2H%s!YXUbZ~mzf4$pyJjAs#sEgxhMi~K}4YO&duet?Vp6& z?-s-nhQ&c6Pk`E+4p5boLD5!J_$Ga>!11I)jD>W({=__UP6+3Y!@D4@5}t!xp`^C|_PEf+x5_cO_QjN$L^Xd-Ag)4Gkq5Pw3Y#~*aixBqZgtb7 zRPspLQ|&%Jk&~Y|AT2z|SB!*a|A$ToijH@ER?|o30OauHcLDBz@4-pMqUDvj`{@WcIg`y-p$$BE%KR5X= zQTW%7uYBY*H80mtf_k-X z8YEuOFz|T3+qh$p<>NH9grt3BO!>Ki|074kkHO)!q2V&H><0o%UB=;Cni~OYoQ$Q7 zKkd$Q?FcHTQUZc!o9x}C-pWlJ<_p)0-cow{-Q{X?u$AOJXXLS;hcs-ot52*pJg$zK zF1lh$vKk4DvKVm1i;X8Cr}bC@1$oXytLw{Ur8YYLbSeMoU9k~)XJUV2%nJ#-xvdl^ zH?_BFJ{!SDzy4iltN%0FUNxZsL{Ovfef%p_aE7keNv`(z)(~6VIO{{7P{r$OB^L!3 zKDbJsGw4p(R_fC}3t3|ZXk`-3dloU<`#QAO3a_3B0(EQopBf|7h6SEK&{@U*9q|7Z z3ZBB|WSbm$hN~7F0tMlT>era6bqb;HA0Sos zS^^9%O%~w!wu@Ruj!wH^-N!^TGgs2_DmHFv?`B*fnr7=kmo+Yv#{i^p_0?p zE8?|2oKuK4be(u&3-zv(wNCAtR?nW?_pO1@L%gKa_G3M@~iOJPQOQaPeuKrLpBFV)6#kqr7*nBQ?Nmg_1Y&`wtchaQ8ZZ|Ej zYg(TA6`+uYCP?n2^m@^I?y|}bLXd?&gf+Y~wtMq6SnG6@%?n!cu`}Vxd{)&mx|e|G zdyE5by}&`}Y&C=OSUO=2xV>25^l*H3d@!jD(uaQ~IfIvUn+eQ{yye)h5s@jghUgJy zqHb#VF?pO0k5$?$7b91?`L;+!&0QBGs$Vbihy*skFJBAN;yO?j;O^XxaQ~+7Qn^p= zRsIG29kP^%I0Yk;5>2a<;;j^+*MLY|-b+M$^j&arUeu)haMyr7q*2G-x!*X8s7N&o zZ#>hMn8R+o?8}PIuN)pY9BhE1@fn+O{>l}}&9<*9l&`Rl2OqgLySVCz=xmheto6ju z)fTL%N&ZHCXI?Bj&%999=3TAfU9LLEid(@++hYMAtEw+iQ4^(G2d5dx16~ijHJ)^H zsl2YL&30O>9i?{1xe1o3J2axwyk}Dyb9(qmcf72n+7!mjMXOrZmz&Jfo#smPYE48I zk{KJqQUf-wd3{o;8)~_$yKr`?WGg@?zIxSN^mdt`+4BI8h@+;!?5;k~h^0wH+L`Qh z2Ua;@&-N`vZO!)*2dns8bWZpq6g0#8pwH z<81cVP)uX&?YQMY!FaDsGb^SEjzX&wO+q77zY?}5JN&TjDvV`py2@j$j0*m@o1~Y# zdg?fY*}14EV>0b|JMM${4OgjgL{3RC(7jBi0(gDSg3%_jRsyt%v#LSsc7}`2ZN04N z(z0mdO=>Pl&}q5IeU6v?ZVA|v-~r;t){~Ldm1h!HTvkgS+AW_q@^%7F8Vk2U96VOD zvpb%5N&>aZ($zelj~FMzR_s%jreMs~Fa^}84PHn;?QQI*tZ*hMi?kcJe>pOMEWkj7 zR{rO@&&NY-9gU)J{TeAhDdHbILYl+V7;Em!!h)h!XIpgc(j&C^<&mZTJ*D_s8;33e z{9vTEnN+fHr~0IzJ3WJ-nkY47ceGwqXMAlVjr}+XDb}Olh zc|K{ngmab6F{8c(ntr-2c*x&Xf?_p`BQ!KpO-HBC>00M--kj*{LV1VJ=i{K=E|McO zKV#{_=|ue!e&NgXS5`@aYj4(U7t<-Rig^C{!>=!}S}SA+(ENBJ7-$t+>ODgU&4hA7 z^eS8H8})SQ@6}w7@px?=Ma4QD=<=EkNnnwm#NtCT#35$+x*SODoK2i6eKSIYxGpvs zxdeWUn?PAWGR{q>CUmR+27@Hez4eW>ZB}gSCTfAQ`Pl`tES?!Ny3V9%AF;cUbG#Ue zIQP#wR*IV+>4dPSV;xqH-&<_GYt~bpEM;)bW$P;l$U2e3f%J~;*1m5;IhSAPvEb@i zLyEUK%1YvGT_s(iv`^hLhAu7Q1Hl6gh904Ie1q{8gT!AXH&im8ZO#{?t5Zqc$;g7< z4ahiaJYR7Y(@KhIsaTpp1u>kp&oaIGuI9U-cobewKNrskcj~;6;X+cauAj4&Z_&(d ztaeFSuz4dsDssMXCfv#P4p2cT3q7~GpIoi7VK}7Y!?>By6K(QuJ-yhE5hP4;akj^`NV{BBgFkq$NU=SB2#bhS?PRp8&@!2Ad}W+%+@=9kG30WWIDofKgi#vV- zG_$V7v$+zN4tnO>v<4`_T&u1K+)plbC6_z7 z=21yzu$fYmYw&6)1ppi_Wu=@`6yt#GyBQ1((tR~3bN$Pp`(aI~H9ni0ca~XXp{

kA|8cmz6pTH{^IBRO zEzkUfNgtwN0d$?f>sJs=AV?G>G}_>rZq?BhF>_eoZ06nmIe?t;Y2|bPl|9!8YLS{% zhmiSJW{PyfVL=cem0-onp>V;|J(?4wUEog5KH`8mjfD8RTccE*#b!bbRx3r!y0Kkv zXAg;S?y{03M94N(a39SWAFHyccTaB#J5W!S-d45nwupC{!JE~@*;W=fi&6+obZ7LQ zxRYp6F;5>CZXE00`KnD|wZk_V6)v81*GRRK$gS4M)G3vC-sKEYOC*m|&$yv{c9s!?I$ zq?oU&J;D=z3v+MWE;$vSI|cgvs>U05U)STBU%(~F7@mol6d@GVbWUTDmONIxUF!-f=r` zV78Q&3G&YqXt2~CJ^Q-*_x)${8>tI&%X>me@Qa0Y>$mp zY$*e2rExyDU|<#k`lK9pr7?mtU6ES8UtbnAL7M5N9x>MO7BquLsvLKxwB$zW3XB>y zP~56d?+!2z3_cr1W2iL?p70ohV}X!cR^0qf&yvNLr>XAyFF0-@((U{k)YBRyhvv@S zk=?A?2$hGV?azys*QifTkY_{eqar@qTEk&7khjD_22Gbe`u-F?aGB!lGplI9Ij?`Y z$1Im=z{;#{K>>~=BoQ@zB9Q!Uo^G2=eR0z^l-%$=5|nv*rd0k5D=v2*uE#q8xLksTM5+5qm&nOtd& zq6fB3lIkH{A%H6tWo6sQ-4pd$-;~=bt%6Ms($fpy1FP=68k>20>2;R%>bwu77qdBD zTN{=$bBpK(dm~NbwG(!y5BOMyQ(EN{0I+Ok?t=1Trke3m$ivw->!yJwFJbd*uGE&f ztC6M(g58l6z}URkEE1&-RUdn~N8A8shNCCc2=}F7cicA+2U!dG9ZAd|CVxt#aen}{>#N=wj4^zrVpy^*IEyYr?6xoj@1KcPPk$E zQSbM@RI$S>L)%#wqaB?ltk_>;CNc>yg9t9b>TsTKoAL^JdrfL1b78 zyz20Brn0i(>*@}WZ2Y-Q5zF_{R7!^^qfX-P#U{}Hqm5jk@*HJm3%woNi&g=s|XkHg9$Q1S=)RQ0pDU@yjv*=UIkFge*nW78_x4O zXZC(QWg5A$kCjnVt#@9njry9G?fl!*`CV5VjXHUuM%|Y*l62mevc0tNJI#*04!`gP z;rT~smv1ZfU6RtCE9xS~p?KP`fP@dXp3IL0s7~MuVj$JYEVMSA4*RU1f#xcpvSaOg z`UGC?@cR4=YD^Pz`_awB^zA;D)?rt59EU)I#B|>cJCB3iOVu;esLWviPP4wwB6>S&r*Ni2Mm=G9`x)+%4l>E`{~oE*aSY}U*-0w5Mv>Ymqj`2kQuoT_eJU0puC zalWwr@c@}q*{;bYYha=9Ws9+^tE@^RH$3Ke?x!@yyB!lW66`8W;=GPO)9)4k$-c#Q(ph&boKO}E(EJLczuvst9X zW7WILEK9}{vAhIeJvHJQOD-V+iqCdUo==(vb3152#()-~tkM3f-i?J6LLxw2)F zZ@^V*+n9Lq+N@8nX%wb>FFdbj&m>^_&Zmnq3l-shYvzQf- zPH!)BM1s6wcO9MT6fjd|m6Iz8cG4h@3XR0Jo!#o8l)ck{*Z{~gSLGRXN8wKK@^2Wb zfl?8)?-G~x3!f8q#Xt%$P^Z$*jbdvO9_aLCDOm|VH?1|fSoalUp6=RAZ_acha6reh z;31p?i@(yFth5y>NrU;;&cHg*eZU)#sQH|f(*%yY=sCjpuhC*@r1)nB0+ z3&wob4ahSn0`3J@H4I6)6Q==^Ra=)RJD&6S`^t~!wQLp222yQ#%n4D%-I;i`Ij`-u zS0u;TN@?$DxNw~Imv-OQ&}P;%h4}2MHlAzfmbXI**+Mokf(y-ui;EHk3f%U|Y)V`X zQlhQwud4@$S5>2p+W7=p#%8vg+ygv2Vx8s{t3Bt;#+xgZ#3HdtI~1KkKIM0NZ>F+4 zYgpMf(eW8AzmW2zYZ;8k*Uso!j)7RbHO*HguqGe@@>*r=F7|_~Ax?Kzymxo6sN7O1o7&i+17Sxq{l8F*B{(qbmb1O&XR~Xs}YS zp7LZ)pgcoa9&Uqw?D3uF5EP4{jOrbh43jqF>f}C|v3vuvU2hR6+$d9ez1BQRk91U8 zxe8 z0ehTrusd{gqqyBpitTgrx9{EQz6I_HCF4Uvvu3fTB!m4dG#3+snXZKD(!Wlz@^>Jh zg>=U`?6dg(wsckm+^_&bn*#RyDdX z+fP?8I?9W66-ZU(@eYn$WN1Hq1HqQ0YP0OA*~nxBbje?hw@cK&(cN~ui9OlS!?+Wk zlpD$>Z(9;i!#O1h;j&oW0G;WUGI>{bfDaeICw-dGo_>~uclJL~rg0ws`#0s;gFGXK zzv@f!g_j&qTj?#dBI;Gjj#R6+jETo*9S>w{ijSv>#;S*1< zlW!18s&7XNowyN7OE+B{S_@;+`F~+pid;zW{4}nvM7>}6YPN`jxIKY9fD)>YsAIWe zYLjOEr2Q4WVv~bO4q0uuy~ptylkYf3QGO4GA)SLo$;IB8r1o^-?EW?}L4e}-=Sgk90#RrT27JAbzL8F5>F$3fTWd zn0{-V`;QDzrv3BZqWtduk0HTpa^b_|5EB>sFE0J#C2V-a>;F$*W-RzW{_+43?Q`3m z@65Tg?*vG{k^{Oot8RB6LT(u$R2bf;MqQ;+f7wf`#UyQZ?K(MS_4G+zKGD85(`^p! zznS5$uL_?%s8@D#KOH#rDN$ zqJQxU0cj^5zOQcJSU9bjK{~E7yreF$$HE5i_(p_})k%`$B(9sXO~z)y+z&kH?EH9B zHCQi9O^@AoZfy##2XON3MPpA-1Wj3hVna=rp?cC=8PUxO4pyZ#l_b@kBkp3eV{)Imdgh;}xe@M%`g!lzF-qJu^?Mvk1{ucYnYQx5H>Syw2 zfoyAxpKAbt*i1qA|^OiZbglzVR({RZz;Kw^q)_=xPD?|4pfkQVcku ziYWCHu5LS+F++FNT5R1W*r7G?X$!U}Ts zfrcqFKIhS7o-P%4hiiQV_ZTqxiqoCL$UG}^x-`<7m>ACb=YeX$aTT^@v8lE+L)c~O z@!#!+trlC=txl)E(-&&XG%Y)(+Jou&TXZceOGd}HC((IZHAkAo`gU(te7%#4xoOaz zaJMW{&{Ufmx4zM<8SPpq(gep__=C7HO?dKB?EpG-0xP?3W~wgq1dgw$Ce3EM`{c^) zJ(Jn3b~Vm!$4+>k!SJve&j}A?pl<|@{Zw7o?-RL;rsdvli+rEqKK_dLc*{B?^z})< zgFsI7P)qK&)!p7Z5Qp_JS`OGUukTY17mam}K1KO~?N!#lP8Rx0=66beNID{!y*>v`=IZ(mj@S42`b>`7xDr)-%{Cp0Tg&GV`9Ebb|5 zC*O{LuYh}!H7-Ws+765HrUW+?Wn=S{6Y#4EdIR*q1a*l{XUO}E`EzHMM4WE9f>-BM zJ9d4D&K0%U>#Q`>}Yt*gsSa-Jub)?wd5l&9PKndvvoG`5$EcH?Y7?c5YQ$50-61^p(w?+NZ` zldE$q2a9@*d>Tt-clIp9*+RZ0hEZnLbA6Qf(>vCSQ+;!7i?)Da`r#>gF8+*JW-G`b zb>D2ABG>JA{?=MTJvZ2{yMFnSI%>pa@+FUdBLjUstVf|1k}UPktl{ z1idXS^6ej(Ea?o;C;RsKymfrLBzY^q43!s;@!^X?0~jca2tN3DgpJwb&f7=5w}L}< z3nEOZn(ENCPHN~rM1Y{lF-oV|xpv@PMVrcT;@e)mm*7-6S6JsJ?bqH-@UgV`JBd0Q z!euM__{r>TQx@Y>24-l*-M|q+RfVQSt(&@qZ6_;ubTF!diORbPWe~GIhFf?wO<@wf z=EW=f)oZU#=6TL%4{w}~ImW-|fywj^d`rjyHMN)e)``t8Y8l8Zu6dp7bFk3{nXh>} zHf%bvCeZJ`u{P$XFq-dAQt^UCDmt_D^g$!!UfPF!(iN1?k1ehjlxXVOxx9@`x+F(4 zx|`vE<#LFQJIb_bcRX>Xi_?EY(c_QcR@>Di17gI5*#a&)@7=zLpCh*=FLde~|m>E3yyVqI_V{qSUmW7tHv5;1Oo6WpyoDyWORKX-*L)=hR{#wo4 z(mXgv*ST?^C$xV|5+s!637+RTS}^f+p2%jo8~Up6C>HyasJenx$S1*edwyPU1N?x) zJI`9{9ZH6c+O!MgByP$Bfjc?6W+A}l16S1pl$treDJN&hkz}&C8UAkH(e+G$#_%9! zOtmT=4fX~}G_?8-&v$+gNgRJByqcz4OSGbahGgj}pR3ca&Gc_i<6XoLXqQli*C`(f zo^Q|>z*}kO0{wCY+nvYpQJF~Px>IO>P}LC_KAwF?()j?5j-6I|#1D6ix{OJ~_=VK7 z;^5-^o9|XV3KRqtHvyr-Vu$Dm$Pt=kh~lEJw8|I^8QQ5d!S8lxQ7{5~F3J!bE#kMo zMwGW6)VrIpetL8F5HV)WS)YaVJPmlBa!%?Q4cbh(W@Gf(2Cfd02le81v6L^9vpN`k zw%I9lXGN;T#!T>w_~ybllfd zG<}}k-e75$9u|YJ=@f-kp`(Z#NA}?qM+!N1l%+|Q@1Rj3o>`{11h;F3DtR1ssX{M$ z#>Lujl=B+@AdQ2Of&!WF92L-Bl9iUIcV%|BFxwN(kDj{x2;8qHG?+eozMDk2%!Q4A z7=t!9#2U`(YTjgg7QCn;mx#YX{^HYNVv=phUh)xaP|5w{otzhLtLAYfCo0;R%#8>F zhN2(h1EV<7 z$|qeYvWhg>wP1U**ys`f3iBfyDI9=W2oPu*UFC@rpErls^qytH-ZGD-ME{#W-Tl_? z10jC@Ydd1b0_xL7?FPL~-4@HoHx)bQAHVB-c3*sXNhi{zV44dL`n?|SnFInF)RFVP zzPfPhXpxVnD>TjQIBiRMJN)GEcsGK;r8pwM1TnmSuk8&!d(#*!QX=_A`oHskY;Z4p z(Vv;ofigD-t1E(!6n>Wt@w937*nZukFlrc5=HC3BtlJvz)dB8Yv~JU#%i%|){BU8# z)ZFFC0AP3UCs4Z^zl@Ajq5ZjY@tpkfK z?rNUix!Z3*cJj+2E_%foX8R>9MpH2a7K)my@X;y4Tu6GEAd(H$lrEPsA?5Pxrxv-5 zWF}@=F4#r=E>Nh`ULu}{1n1j5>sr_&eL;2&=siq-O+;Y&6XvhpwHr%mFjQ_Y17fEz z!EdDBW!DB`041$wpo^CqW)Jpn)k$Vf=s9 zNjY+#TEd!bvo|U9Kwhgh*9!ZI&BAh=a!$!0L!!ta&|DPX{+&0v!R;ga4U_F_uV>Ww zVd+?Lx3wn9H^CPPchq94Cy^oXTlTJ})uShB{r#F~?p+wgx@Nn`xyJx%d*R(Y=(iYw zuY$MA9k?R;%?334Sv>=n0{ilVUGMw>TsUfKqdP5vSqHNmt{E`K!iNutKcT7Yej9-$ z)5~IsIh=#^L|5v?JywGrG-cLuAS&GOq6(eZdXNY3(G1+Xt0Jrqdyv(b$NwSG5wsG; z<(c5$d)#Y?XW|BaX5(QPUG@Ar96zTw_*`kB5eC0NTHquIgH_Ov&jeR@zCLR@{-{tV zq{HXv!Jrm#- z*6)Ame}EZn8cuJ4zjomwnTynE*L4hIYXv82x~7>1KRce3Vjq+Lm;5&S@+`FB+VTLOI0JCM1|cU5byVOP3jk#CiC-t zYGZ;)Vs7mNg-p@wHjsZSf}b4qhoV(^KhyBG>*9U9#f(dT$X3*G;6}D`eHiS{;rXV?st9n-$;| zrmAPr=6_4fFZDBAf?S7Gp)CZ!zDq*yacUX(4$IcN$!B3}l3cj@%-s(xSmuC8Pu0JD zkL=!O!O4G(Q!zC?Wb&baxDiSu%M6TzcRk3v&tY@_<9{-y_ox3Xwn9737HR)*@nNyFA$66eFlQUA>dH9#T=)=B+8X95H~s!x8xC?v zb*R%Eh8uFf6zzZJ-@*X@s)fOGA>mJL{P#;sNoX(cxygO@#QV?mezEC52ClXbWYW%a z{?_Dwe+wsY9W~+{5-jQE3H6^(|Izx3areyqeASPeSpLoaUz2U)cvQEXG#A8``A_S^ z$W|Q7`El)kJOP;>6d3gnWr5yUtOfmw0FgH*HO!9a87V=A3 zLy?9BQD=e~ZdIviw1ZEDNK= z_9J5gb!!s(i!+cZKA;_>eK@v7zPdkqbzNB4Hcg%#PTv>!$0$~jp5B9S%htU9+4vR# zVnXDTXZ-~JWuBdNYs5!XyB_kRFMPw0-ualS)OP_l@R!F@6*%S2V`Xpm440BSr0i8# zJQrAf4m}SI#zwmK1P)(1x$mDq(m`1XzE0b_jy{f@J-#eF(brzD1~b%)Yzs}JtTqzP zFTM|veFJSqbWa<0JUnj;?D@<)nVbVGtSH3B`G=wYk&g`S6&sU)F@91h;~M>@`q@nm zj-XU{zAo*+w@)(ePYjP2<-WFqW`}o{J3Q!CrQggbjs$;Y!gn;fZ2t7pX#-pTBaFjAr_pFN$l7!w1bDDjMev9v&|ku&fJ@;o;vG!p+e5dp!0oGWt*>UJr4N1&c9u< zb-#7$P5!b>d{D4xE==0$lBV>J)1%XJZxPY+(yaKmUiQPCZobb4g?2{ZLbvB3F^mci zx<>n5nC(Z>K3;W==zP~xLcz6y?7=H(C0VlKx@-%mVvJd#+p2l6RSg?YUvk#P^x$R| zJMj^a#FEjT;WQ5U*EQ6IBX%LgXaS*4*m;Ay+SI_-MC}v1SfLRG8}R{_MX?)S7*b>2 zDKGlI9NB0sxYTnIn*W4b)ql#jorQvVd$SDSjST`4X$WM<8xVm0&>_sq@Ri?(WbF7` zj+zidUYe_QFw)ywbpv_@(mb9*&zt>e(cfTM2o6^T;?*31Pc*w|!>*;X1+EMilgOH!1X{_~BJ;D|1A_Z_=@RW> z(rKBg;_Zz1Hw}cy_Dt=OA$RD`fO6b(a$hpTgiDqpJ|pti{R6;GW=)h!eNxQs$v=jC zgT#E2ZVBMPMiUxvjT=d=(%k!f7C_(Ekn+>pNSg9=p0Eo? zF~`mK-#@3NyldZx-*+V7$P{}7>=x#~DN6k8(^{O|hT%G<%QrAucDux(u_r zPGfO+A)9avPRcm1f`!VV#9jB?!SER_%Ciz2N7zy2Q+^W)z}5c2M?MEyJDX*FRjxBg z7^p>X(SdRZ?CTEg*o3v91Fd52=kxOaF%Mpej38j4Yd_ZXuLbLesH?JsO^hN2}_Hij; zb2vf6izVqYww!SFbZv21JwRW=kKRTq>l)e8Xlbt&1>J8xAPmS8u}Y3wKq38K?Xg6C zLAu(b_G^gq3QM3Vvz~+-GmGkjNMA>oP@!pL+h_>&vsYW%INeQPA^NT_jq#m}54(>@~&-y4A~$0squOz|>@IB$UI9D-?#cSDUIKs~nwMrw83So$VCKH;&ntGm-?yPBVU5C(R^@5*RD0-zu3FCe1YNO{^Z8v)S9&uZIe z<__A_GoK_(WN(O`p>x@Y6|?FG!WHDOC9+8?tFMISklxlrmnl3wgvAqj&zibzQY|V< zkS|z(+~>W0>n*1RKF5hHa%-^U1B|4h*S~2+E9?(N*BKPLopDE<{3871v4dLdQUrcb zz7>1TyGu_gLOhJ~5A@Sw=A6CFF|t^tV|E&L}MC$LQQ#CpV)pY=9qoy zcu&k=alUdnmChjukxR#Hsn44a-G?KIWMiPdc&HJ;kG5PpA0U=a)_KIz@@;C<`s~W8 z!@GJjK?|C17IyTH-|%=#1Mar)PJSwJy^k=}{ye*cHa=S7nePPNdu)#7fIj5wJJ!!% z#e5NOeauN6l)RA&oGU(7+S1slQ$m#vL`RGXhb1|9NEP^>Vkyrf*O9ozlD?v>x*w=7 zleM9N{7~?T!iz31GiA%IlT#gj_ATDTS5LmpKISFau6#l{>cv4OjOrsfjr4;XNGg8T zyUmoRLaDi9yR?5Bu&p)32Y#-{s6G4o#{OP3p?WHY&xr|IYmi26Bd&|qqYUpiu_f^L zq0WLi_P&hcyz-1!CW@$2Q0tRc5l#Z0c%_ml<>gF=yW?$Bv@>q{KNq+#O>TNBYxdeZ zDSkcbw!?sU8%VRN6EAqNz0KUq#84G3%Ml?t`!_@Inj{kcdbDM z?H$J3U^zr?)r$L=0iMZbf1qEBRbI=ExEE26+2!JcoV@C7X(BCw<#`|4WfgOT@xL` zQ^G9V30d`-qeb7chS^AGX`0xn?2k(Zomws|C5-5ON-wo~Tr%*w+&#|31F-@qKpK53 zu*$0&8O|g5(zgIBN7nh-Nz*B%A=K$j`a^_I{p<|$RRot_w>od+`jNX>+6H+ZO{aav z*yHi+o9TI3kd=9LyEkfXJXaW102q*zPsyc%^^>{-6rFGlGA3J{}44q&w&nG5%onRs zm9}T?6eP~X(s_M{u}H1BCLeUKhF@Cj6HVi&P`*ag+?ee)+P|P*J8(4EA0?SKv3}Zz zL-lo~w5y_ZjZ5%=4byDw@*`(q5K*$>Sk~^O0wyu%K#e?t&Dz&Iwzp`}hU%l||m+B1ew}&@|nT5J|j`qpN99 zF!g#nY@1m!oTen!SY*UMclTRF{13Qb$qEh^xN*3G-4gH|cueJ$$8{DTWH69tyi%3Y zSE7vw>SdKFQXP0u(L0OMTv=ZHKKubH^xg9nnwSGkj4dDg#(w@#u?1&keoM7}eXT%3 zTqHgv;;^2Ug$1gfVk+>r1vZB7$vfA@B_rlm1EfSgp6RtI#xOT@rA~^?&d1YUMJfz2 z>g$>EX0@ixsvlC>ns1SF&Fv*bv&%nJPVnN5aqWq_Mj&19SG4ic64i_--G0G}4&?8X zSjP&xlRTrLa^k^keQG&o-Yp(Z7)G0jwGq1>YUXNx;3NT)X*ub-Z_5jq%?{GoVqjU- zcpB2o(7QaoVpxfE4n=9%>mc+NX&t9LV-r2vz6!|#ZJ{ihkM{T4hE7oP~?TaP;eU^^gDhG&= zo0b&OeNdBNAfcAYsGAZL%Tr;l1!N;>R64rBUM$fPdMm3O7=Ii*+?3ezFr7;TW`l-+ z^5P`mpKa>Ttx0K28~$CASDaU;8J$Bah6d&8S(*S$i*7C=Kz_gttUPFIW4}(f5!|s* z6)YXU7?Bhkp4#bo_2!Fj$Pg02@jxtVJFm(>Ow7}nJa7Gl7Vo%brYSY&r8l&#&-ZxasG_abD)s2w25o1{ zN<8wKQk9^XC!B7Cxd7#{)0xsS^1i&?WKQQVjO|rljmq1MI2oGn$mhzvc9CvsvSO#+Op)SNPhYew)>#iqw)=Br~6mOVxqWf+45TfufF+lPpuFsn;>+y0WNQ@Nu(RGGIGd5;fTbOT~^O%-MN&a#+t z2j+WC`d4P%hy9brSXb@TpRsa&_mbdgDsMJe@E=Hgcq+(%HEUDe70e#yD4uvctd9<$lf zK)mcG0SDJy#_R!GCD_OCR3@oHlCxW#jbUn$RDC~Pq7u0)EKLl}9tuS>f z{8!xSk`Na^)ehb6SuOb4DrYcYT09YO4)*F1)UthVwY9EIUt~Glg8!9y!Pa)xqR4j9pF-CV_rKiKF+~`>*Vx-;(_)RO zV|Ooq;utsF5)Ga+YhBt>5JVwArlutwO`%n`q%B;cc15TNWo2pdr|V&rgmtWQe_;uG zWAS*&dhlDTUD-*^=j!UcnkxKaoHtqjKz6@0Bjpdx=(wQ^--K{td@hcz5EuBE%!yBx zwfd0mQ`@dLbf=wVb`AM`dClYJHmhRe} zAKv`Dd0+HzDDdB{yoX!C8=`*)w0<|`V)+A>JzZU2`mg8rvuisFgufYLk>EFrys2*2 zT*%XpA$!oKR^=?utxNRKDA-n5!+`ov_=VO13qB+G(PvG+R%b>L8u$5=XSS}6ZSV^p zFh4%D92rZw#-wV^eg-_%u}LGxaUKeOk@n{VmbB0v(ATPCHhg~#O;qQRLVP`{2{bix*KRYv)nl`oVAWJuZzYg*OU1|9~SA zFm!%^(xq|i2ftA7EqcUU#c)!bHK9rZw>;wgPjMQ_st;zXp1%8z+uabxOmV~c`L>Ig z*CbX)^^1h~pvRxASR%r7z$vqSFgW{b?!2vj=;aC6L;I_BQv+s~Zk zL|=U#n&3#04S4im^%PWk>ARHwH> zp=}$Poc$WH$k!LCXv&Vvn#kM0x_SC%2J)YQoJ0S@^;MC%@9!2KSNy`?gw-D_J}RZv zxZ(^S;J2vD?m@ZOQvh(cxdE3OsZR`L7oFiyaxp$aSb1-Ch+Of3o>+vGIqzfuoy{ zUH>w^RH+QTKy6O<{oz#|s`vpG3=e0mkeWp+;|k5QXsbG24~@Ip2_1QrbcahC-T9L+ zyYZA#kpUj}#{I1N`Qe>e)#^kUB6=Nu7Mbm2av(;SQ-TZI1g^3z_#x zen1KT(kM|s6bii}d>=l+$NI{+OJ&-67VP(qMknw7eUTYhoucbkN7egJ?wVcGi~MJW z>auvEYiRKbym@K4v!o9T-m(vPQeY*Xq=&2$eUrDswv$|`BJ{8tRQA|8B9zimLrj2q z+`bA(ZQT3JYmAa>SB=_dtDK|;34jVrns2nbzAd!uxlleH)$?SXJ7DT%Qi1HuQY0 z2$#&m3JcS!qDwfXojgtiDBKn?Kx$i#j_dwOp~7t-AUe+!r^d99+_Y}myY5iHg?K)) zP)X*cABDc)K<`qZqkhYRf0@hLGIrw&l!9EnMNW)XcI+ZLvH6gOF(^mXL$=;_LqLn^ z7U6tM=#&dSC~l|cV28g6A+un7O)|3$C%25ymtfNa5QA%TKKpSF2N&n1>s!D?uF`(xF<_16XpY_?K8xNfFQDTQ2#kMbYQ ziBLnXakPX|yw-M2ONWqC@#QzL_Kh!-^WH66_`lN?G{waTdE4}O9V~4B!I!Oz-4quM9dYe5N#K4i*>Ha>r$S&|o|u%pSn?#k zFb|4^3a+Z;!c?(x49(5Eqf))(71G+&K~TR?&Zc}im9fzZ^Cy63K|u~G?!L5sB~8q2 z25Sf|4gWgrW{KFkp@zHv&6p&xX?Ec%zk{{5oH>h0saqu?$9Mv}DGHR?U0>yq%B>oi zqcY*`6jglMR0cPl!FRWfWMmV6OYOj-vLO4}-Qu9cHl*}Ean#(d6|lL#^8wd(&EwKX z!>~NEFRIst?kjPvcAB8=M@inpasPy_PXRZfbsuxm%L3d*q!4Rk&?x0^P~stg6JU$l zSdjC5MjK!5VF=qfXUR6DkO5Mv0vR&yNVLy-sn-(#Ve0~A8@Kt+YJd>%kFC@iEzRA*; z>bv<5R(!7m&%w4^AlIe!h=_OzqTAxOaJhSFiz`GV|4sh_x<542)>;DyTcOF4{1iK% ztW1xZtiv`gKN7xQ6X5q{em;qYkXb_{|B&r1rC>QIS*+gKoJ+_`=cchMI$Q@n8z>1<>dcXd1&BvR3 zaw9Ur=Ik)BEFY?#wAwL3zs|+Pz%}7~`j&X6==O#v_ts-?PrUamU`4hx$kevCDBrQ# zxVVnZ>y3jKX)VZIJ)F|NZHv}+XdF zd7r}6=*C@_o8lBz3eW3OPh@JnT4V$rX~8hOY|vk490AI2@)opjwCkneQ=X9uRH)`GI{TrQ+ z$2#2L99NLMOfGf3jEKll~^J7Fq@&4~?3jI(*KZWKijSVVo!g(<2O$zpHo|Q5F2S z_@Du=dp{&1=I*C5)2F2Hg&L8g9*>L>tErcno(^jgV42D~4 z=PQ*kzSCTI(r0@Cb5g85)4fknX;{7bN1+b$O!P#Y8hd8=j04!#!AQ2Pn~JnWe6S5N z$Mh!7uau~8jLT+>S|?gw$(Q$wY%w{LX`;NX=OmK%5HD@dOc_x3YEpylhz=MT>)o&Y z_5mVs626feLscfad7^UJVt0K*Ioy=ZoyO^D^3X$NhxXlW30UpekN1w$IzQ) zQF1-RD>9EvhtPBCuam^|CMNQIAO^RWg?uk%)#8f zd9KhsdBULQj|q2BXEfP?j=nhOX!`*=m!^ka6Wc6J^BBU5SfE!s?ApjOyic&LKv*8U zGS%e7qH=E+V=Xu^59}`~@}>GZs+R!r`mbmb|BSRK-OCmqpp0M=LGPkX-{Y7z zIie}9BQp%7l20qzmx)8_W#~yi2 zGogP0)#0g;f!5`~ve9sj<2s%2-u{r3Ul`c^*xH6;LK_p-E+c)$SL_ zB9|yOb6+fbg#Ah_hh1#GIZJR$u4TX+T#En-cZhHIE6Wa4(s$ zgm^kA-5Dkx($HfG@7f5=2zv5>8NvEJWLiqn(*(U{C5qMPtcB9z8a*}06fa+){;R56 zJ#Mdi}z1?z2g> zlAjprOj$3O{*4F`KKeXUtv>x!%~4=YCO^QK;_a~>a`#pePTPgj8 z2FGJIy*KXcuCl{?1K?ba|K5^QfD6*J)@V2HDV$AZaB2l#5`k#S0#1s<=Ipd``4Vlu zuS_A~$B4*a+Q;F2+aN_^~GZO(<;jO11vI>dQwk6cNs?8g+YCyC<;Eh68`4uHt2Dgb6@3>pc8E`&Aj_L z^v5zjMWv#Wphn~mZzw)|d-z9wgtFXESh+U-O~{d>S6q5qL>w~o%Ur4Q(3jG&M!Pw~ zSZN%B(7S7AM#Uviu$daWEA^adr68DalB~$a*;{3+(`B1>T_N(;-^9V^k9N@Dh^7NU zRO-wHQGWx>M&f}!GjUI>z=iplnR210ur&Z6arTK(-FkK3)4m-L3O2e_;SpNH>0Zym z#pegI&LRRS=8Vs@F1G;%ayuDYkyIKb*!R)-j*6@o2jCLJiXf!)oUP^rxe z?{ZLsY$!+gI%UdbkV`R7G-k<4rJ@uEES_>`-(?!<`b_$$PlG+|p;Y~jvr9gB%4I5c zVka9|YT@>(ktKKJ>T_FfA}`W>qve;*1O9^m&ViX#mv&8*PO9^Z{lx0Njz(Bv!TLC3 z$vDb1__H%l8H@|R6#P9}D&rvmy9~<4FJ|8}Ln=v+a8e#J`Wt!pL_&AE>^0-^E0O)3 zJafMFz{52SAALCj@%`q$dLG(wVMw`0fG2GIkO|HB1(dc#w1<#aIsj(_@!A#EoQOwy zWuMmN>9rIqso0@bJuLv_y5lpX^75{t{#0DdFgd3&k}F!pD+_Nlu11!DS$CUpW^)ol zKw893$Y$Zg=Yz&BS`Q8G$o}EF5lXZo3#Hb1DCMNro(nEQoHdD@X~H~uVaYTX^wHHt zaF^&x;t7C+Lpsq2gwUi9S%!$0gdelE>y$a?6S>d^y>$1Oo7dp8R1QVwUw;Z$ymUK- zQa%^i`!oKj zY>ag1ey~cv6ak3)X`{Z;)3)}!pm>b@XlHN?s{7R`BI_O& zq>pVi3##uYCrz~4si`d4m5kDE#*A`?->hsozMt>1g3j>Pdbm183}AUNGl6bE^sf_} z9WoS{Lck+A!_pD$ycrO{l|(W)dR1ff9`yF@$qCH?(3&_cO3Yx&kXw=`k<_+z=om@h zm7^&&sW&+FvOBK>UI{e(g-7|DWDUy9o^`MqOMK9cKt^+fAcN%GCBpDK{5+ck2EZA? z+T?4t5f4)Rh@b&^PQ`=pQGtI^u^VByx8ZaF)cRk)VU%gxBT&hAc5zbS+E*HrxWpiY&qvoXN-UrpXo;L`WAX{A zlr<)PPkeMc@Ky`_mdl#HMFEX(xNN+fX5&;=n_}?fhw+^S=-)TQNlm@bSXFn(MIrh3 zf;~RIiM`zED$bF<)&Ew+?HKc9CBRxbrJNCF&1=Z-_Eo?WQ=cf-r!}9nKi)XiJmZpu z2inaM?fw?a40kT)d%|VBvU^!1ol!CJaht@K^LL<`@?~jqAgd3O)q{`boh0sht)`-`x@#xutOZ*c`Dq zD=dsixGh>xGW^~$SCnf_lzZSdZ9r`7oTN&fYhJFM3cF2P)O%GP(4Dv3nTV`yBRcXq zF%izpDRx$=gWq^z5w`0~`bvyRGhy^n0!!VAhaWwGrBH|KZzi5+sw2z)*%L`3$@#mn z^*8Y=j}g{|*0 z`3>GwC}dsw;eQg~58VKGhE$Ht?tvxPN+uYP7ri(Vet0`@Sj`nyweasF%d+yHzIBgR z>A3}ee>)r1DUnIom4PDA-MHd~U#HCPe%={ycl7m`809}aP}|S0U^o2jUwq#6kBJX>$ipe;eB` zd|D zyALV+&1VCh?kIfWOX+uc#w*CxTY;ZmUv7BVd2H&y;S=~yVNhnXgE2f<7t<9iOZeO zi+^8u>2N4O_do1(&ftbG*!0ByiX7}{U(O?#2q?K9cOnoto2|I1rWzH^$F~0V{AN>o zMsvaMRua#Qk@qc^dH-~Oc`amlvW`p_$8j?wW z7IBh7;p){ZA{XhGpQ^7`K*C=gC#yCj_9wXn9`1l!h+chtLW$y_c3>Q11?d?~&0e5bX9#b@n(svQB z@4lTj3W%A1^_ud$Bo%m!qWsbpsCK{EewV$pL4F`fT+(>)^|kzqvP)(J3OnOrA^hAi zirUNznDaN;=Ugb{H-TJwg7>cy3L=H)UWO??X1+@j+$U^H9}YK{^wPs~20mh1L=wje zE!QU1j+%MwDvyz!HGVq&s*j0k>0X32|eK?%S*0L?! zED0bh>)@V!6%`JdjFO*q)k~Sg=M42NJVXzaA}9C&=`3CV)%1o?{B{||FiaYU3v03( zMN1dpuTyy>S`4Ho+v*APzPV?Xb{Wc?<(G?WLEjnjj#3(<6!9QEhXv-V35r<=b5H@R zkh+K&Pd6juopq-dPq40@&f5>aOFCwmX^9^1OI*Ddku~ENaAmXWRnsGUnsI&qPsB%+ z&6@U(g(>Z3NBF1(F%mLtZXT>vi;NB{iTVd^>ud9-YCpec&M6+***K5n=AxG7V)!~V z)2Y?K8O4kzmcQC^2P9Pi`9TQX|)I&5xJOlQ6`8Cvo_1BO}Hqs0RL-_qwMWj^pr!j@$ki;U54a$8*x{hQj(Fs5zU?P zaA1`!{ztXV6?(J=Ae+@9sJ(e5cPE%u$afWT7vK9+?vn9ZCf|%N@alL5Y;CxWEpNc59gOFhJFC4q$_umJo9e#nn_H#1sM6H2 z@Um=Gtv5rb9lw7OJBo-u48k9l%&K3VL6cm#U^&i+YF3{hzO999#21mO?ZRP&vFDuB z*G*rvPx_KH>t5#m-RKlj)sv@0#RYj)S@n1C4R(#_c~^5|CVH3^{W@mXexZ%L4gm5JM&7n0vZ5Dv zi!nD2)s=0(TLi3d7 zL}W`wDSs`Uk!X0_#W;wi{T6qhC{jYTU>Aer5xA} zrHrAk+au8Gj~~%WD6TO%1Yy}Eg0c$?{GmDyo@rt?H#hZmc0$FKE0{6OBS@L&jq^(a zq%T`0pKm@f`=tN&L|f0x4JFWrXRGx}V%B?iQ23NLyGdaDPk{iPqal3kK1%(*j`DA- zSdUk_dfxnuDH2($f(S7J?<-t7{4ZMa%dex^An?mY9ud$y+`yNAO;e#%r!}SC1;Z3HIM+^aeyv`2_Qa^1~jDSjc5sSOUM=NZ~5-I3YB`kH8Xo$qa757QVYiQ zTf3r_8E6ESc$F5OpG+zRZx3)TJ&*O{lJ!6c;A|WOFXSkkO}TaIU;7sLR`_5Qw=6<| zK^**$p1p0&eaB|%ZC{yGiVHDgPzDPpk?XzZtg{tQC&B(T&;IQ6VqZ;0^Lm^ot`)qv za3~G0xa5@JZsS0jTHb6ouck@*<3A%0J6u0Vi%#811EMr&L2hheGNBMf4eefuuxY=~ z|G2vjYRTh@`Tn@T>sCnu^Bi0%RBnsqdip$u<*$4jFjB00w~Fv6XsnfD3dY!3)jq$u z&NLL`CQrt7GIn)=){^s0=$g;Y?`6k2V1@QlXW*W9JgX{ zo6>$up7`tr>$YQKHy^?^-8~TU4BD*uP z^DxBf$7g0Qb9CdNqlJF>Doqi_8AqkGZVwp=8_6PBofh<`gdWoHoAwlCF2U3;4Qr?r z&$3;eh);!^T>pnm^9)ga8^GP2;iOK;@sSrgoT_(Gt~i+3^6nT%5;!fzql76imxj(i) z&<$rAP}xiT3&H)uwBRSGUGSV?l&r__-j@^646n}C*g?&OQJ$SVeU95SzhM4vM}RD$Moe%L-T&t<{*t{InfCJ6*=%(XYU$0}4u^f~q^`26 zbDM%DaQzwRfFMnVx)ebwq~i|g=+0+K>I65+(V_^ zg+(_s&oMzu4!jW(G0GKEX+vBr%r`)^>Yq<|skQM!JsMnCW;vccZdK#_?ocI~Yk1nnhk7 zqdrrpp+?p)_u%KQtvZZ>0~DXmPAI(Qz+N<DIXTXJH0Z>Mo_^&)`GesY^PR&hys$Z*4?l1e){G0%A*MY&6{e7racPQ84 zEg#dY#5?sSY8Y%#D4Nl!IdkHTS|CQ=Zmsh6sdt531ny|JGspN_21yZRix-9=`Gv#hmPvOA{-=-{+8 z@Vier+`c*qGbvmN?sfU17k1e%;+DtXBZ|L}t(-sZ>OSniWB!+GYyMf>;KZf>XbCZ2 z$L*+zw?1Rl)eUjFsFN%DhiQk?K$Yz#BJ?cw8Lt##FegtBm(jIe!1BiSA^SFg0z(_0 zOTM&*uIfuEZb#K}pi_C2&w;ay;>?Ap&9K`Ft1{=vD+MM*fj}@zDZ8h8>}1 zXZ@y(A+LR#Pzvk;OL(DH>-|vQ;M?ZyMaWsvf6iIvO~u!aqwEE$8t@XL`j-SY9@=@u zE_bIzZ=56tf#3?gm#&`hIY^PUi(a4~iP^SVFVkX|!aYe3;dCfFgL;Tg?rVaIJ6_zA z>K215P$jR2bC1K!NvXvpI@M!g=NTk{OAO$6a}BI8eSLJWl=pvh+C1Waux-ycbx}j~ z7Q9tkGiHHeRvTpD(4PrFcqYPMB0uXNlGU^KJBDWj`rV-G#{jmq zC8SU8b3Es9``*T8jK*wKy$fiztuvNA6Ia=xPa6d+S4V7GBq- zF4FG-NIL{P5!G_~nla2MvZjaF>A#%gBGL^3^Pq~u5PVN)`!i5!HNZ}_>Q08QOjp&* zv5l|6KrV)@m(F-7=E4Cct-tG=y{ZZ!HU)b^2RkB5)EgmC-J+c^s5PO9jJTLoe~w#p zAr9!25xc79$Iv26j0ZEK^YYHuBEZ!|`mJ+?&~^bG1%G-(^_t1sOKj4s`45r-uc}8X zl_!oy{u`h8Ry6@AqAG zR&rJOuP^Xx#xP`1%Lpp$m9w_Znzo{>pQUZQdcArw4^7emHN4YMrOP~FQ$Nxe(SwqiOHe+H& z*voW8GgAfHeImn*$YZFEdv^-At=p7-ZHiGQU(@g81k@jr5x%g)`?#6d_e2n^tG%uY z=LHh93C8mW2lQj|Puk@FT#sc%g^xm4GX?aq^!lPHc4nyUISyC^;Wx^oM z-2Q_g2SR$BCZRY!N<{!=e|L zlkOeOjEavqo2)uI#_jIaG=85%V1j71)|+7w5MA`iT@qU&{UTcj#U1#_z2 zzHuD_q5Y>p2aM)FQu-d5r(8Bxu#-dvLeA#JPvE>*N2;ubxpHT>e!H;QzV3 z_Nh4CT7M);vEUJ2Ow}l)y zLT7y5@5oTtXvZamATjC6V%WX8dxNfogS9iOk3?r~4U7nBde8HrlN=KB74w~Sb^Wt~ z2Y9gDO3BYPtU94Tccg`c7JbZ%s)e|~V~0o9(2ClqbM)zq0q?VWiQrlQ4jr%F-g3+a z?KDyLJBB6h1cklvY<*(1S~}-@pX3nDR&4mw_D{@6iMoKrjtz3Zr#;tbLxx|ord?TD zO?vNpq`r#p^dxgyh;8@ospLz5e+LlSBfb91Q#JILClm9^lQn^GMrbXc*K8~gkG>I( zE#379UJsTU?^e}q@Wby!Jl2Pp1iE%ivtfH5NsJ$<@_!njGK`1*17)*tA$~&4AR)!k zj;HygL}Oyv_)lBBn`2ZJdoS6$t>SpGu9c9GRnTrOSAYM$W$yIDoA?#iWZlUGzrr6* z{!3h0b%VCr1%*&wrqp57x8$L|Q8>>sP2r?E`5-qy==;jt_|?C*i!*uS7r7F#*XT>* z$o7>O)5kI_S)jmV;dnoCqA^I~$JhuD4H~-XsD$*})glMUtjh1N>pHxQQ--*-Uh|UT zC5V5OdAQ+fmnui^naFF(?+9GnKYXU=S4$8)9SLM$hgJyvk75PGP6COLET0HFTy6Os zW--^oDpiEackOqLa3>tYVjh1G@oyF++VR?-JDN^@JCxh~arq{f*kV36k zI*& zc4z#Db35czX6S=#Iwxkx8KS=6EDhQ^Bl%5V<+TO-ULtjyi8nZXQSF;s*|3@D z!aPvPPq}c5ry6zi1tRj+K3cVN$4=t+u=k(aV|>MquJbD`UFIoKcfMVA3lT`Rr#@M#nNAzcY1~8cqkqG0u0_xG=iGSwKMmJpN zQ$$;dr&OZH>C0S^N_@ZJ$JjF6m%WC|f@8hSj2qLQY!5U*QX<1g8@xze{o|2I0-k1m z+ZOAa4<24OOdj{&f56(iJUxjIG|Tm`oNJZMUEkK5&bhKG1QWH!w7QoD^D+#O z*+BdiCF|3Skg{^jq>Bjyu`Af6K4)?#MS)wn_Y$Ki1V&@v_c09Ns%Jye?nQS_LC=?4 zZLyj6KhQzX&(HV2$KN9U$ud}fT3hi5Nx+*Su~6HTBmh`YZzjl{LKEaac0$k;dVy3F zx4IPa#Dd2-CL{W|7}I;59~GAQ-j|X>jCBO3ekzIM(}`nDt!D3|WFCmCZxpj%8{n5$ zSQ|s_G(r8cX{;b;7+)oJ^?SIf>Y&mHg;Av&v>Own&)HTy&F6^udl3y`iF{knqaph) zC)qdJpck?DEn5OjwpWvx??7~Jx(Nnu0>}`I9x;Pl`X?!nR&V;_+Al;^rrq)?-Jw~s zsj7>Vk@0-_+(Nzvacfjb3|`L^?R03Hl=tII&7NDvf+$-120PV!DsRj>v6545jJ?pCLl3915 zN&c4TUI8C;N8DyRzFPJOmFbE;#(9gVHi18Tg0=PAxk@Oj6WKShHRlEN0wakn=7$z< zw{HNugOv(c8V6ljU%8ddviBO{JXVUeOCRI*?{}~8zyLniob94&Xzq${-QCQ2KuQ9v=ge43t#X@n8=Y?fo_qK%M*d-;c^nEPxM~Xe8X75l_>RY=aKnjWEvf72&LhDwJNtd(mXowuT!@MFAJ9S{Co;mVzgTvF62*vt-bONusTEj+1a^<^5W?lPa?f< z)l(#I3)SVf^AI1{Rlf}p_=)CtA9~Zf{z*KD0y;`O`j*4Q=E7*Cs?aFM$R-;~hGIlm ziaczzC7)$-ur$=EyMtYfH^)!J{a6OX^PXIzW>6zpHJL&X`GQdy@~u!PlEuVJy*-^e zs1!cv;;E)VYdVTaSbY^Db0g73MHY1`^1dJf^`PUzpxi#<1u|JgqFs*CSYvL+o$dai z>CCDoJ18m&9uG=kk$KKRv)V!}va4Wylfw^PFBp?dV2IP96BeXyw7pPe1m6=&#;}SW z4=y6seg8-|zgvdH=yYF{AsOrRy^c|)RHL9CE6X;iEDno7B0nN9QKXKV3u|*gnZOwF zxGpl85$a{1xS=1Pde+XO17T24mSYPI6!Z^dE{Rd@I`ib2(a&urzH5h+n~4F0u&l4C z5HA;_D2G&FsOnLs_jZU8v=M!6udJhAL|f$&b+sXDWt|l*R`UsC6|cCUp$N{4SSpd{ z>a*Bd_k9*DQZ#4^?odPV>M7Ctkh#_p~G--8H4wRUhn-;0@^F0fzYf;wNi>r$0o` zUBv3Fr03m=VfF$}qvWYHt$(mX=Nw&5Mb);qX$}B3x7}! zEbw)Ql3*`2epUa4yaqd8wVY?efQ<{|GdGC-t z*mjP@iaOUKEa9L*EuL?7W_RFWDz786GO$``ySY=Cw9c8{<{q zH5bbdMU{-5kqwSGJ8(l3UQ;0DO?zk_R<`y?(n&e=UJUh5^l)l{Q(Ib4;v72ROD zOFz2yVGqR}68x@chNraDa4TLNJ}lq-(58HQ(Rdj<%Ot|cc(Iux#d z=n&sfXq%$9@XBDlAs>2aHa52QQnm~z1^q5(yeS^9(O6WHUgI@`3|5rdYh=ebr|gMo z_GS`qDN^4OJ1IwsdH#rGRb3THacFB@prP;QR#VF#J&!Ooy}cyy2mZm4q0Smi+QY<0J&~0)_4@+gPA+aIvK_g zW1EIf5^F+^YuNreNy|(lK}i>6cOh|8Ldh<3%Z|_k1^*R>cggRXJ5s_{R~E1kgQV0? z(u+smZKkqM?qqOA>m`Eg5Mxf_)H|J|;hkUx&X;l-p7oAM%F2E&PT7{^xGG6IqOilp zn?|mrvgyq$G&*0=-6)PTdFm+~HaSeSXRX_KF)t%B0edPR4SOD3^rgcXVH>PToLDUtN?~uP}W3X{Dwo&1(Xhys+tO6Gwl)m1=IJQYGRD5Y)I2yYnEI zna9Qrx$y2)1kBHJt}N=0Qe>Wv+F%%&WUXr5xE!Fqx5f`&wBhoz99ZE!%Q;RHKp0VW z)690zZCE$R)p6DcljU7si<(!%<#4`wVErc7P?dyP;p}BkEHf-(NLb!6*C*Q}F7n*eM-r2PF6)sO16MhU=4f}C(n3|F)bRIr}ypih2&Gki_0Y>tC(V-RIIlWHjuIm6+XO(HcT_6 zOnY;Xz4d|kr-bjxOX;xm;;e}97fQzDmW)CD=(zRoHeqFiHih^yk`n_y#$UC_YRpRe zk<&IgwBK?q%2}}7$ucZ{!B2K`#*nPCEiOyUmj}P~Xo$!7sIq7D^T*9?tSq5h@9W^b zHkOp(88O85e9w$7`W?^hC}Q-2cSO4)XPaeq^X89@kTeJmFY<$W3D8WU z*vVgFaGO}KopD!L#!vtZ^1!(yYN$@=bLOD;C4R~k*Bl>yq8Z)_J8 z9*$3=l$Y_=kW8mhL<({EX)qS=ULz&num%OxiCkTXvyU*UsetkfroKGZBt6jA&;U`J znapyHy*6$hT{p&T^)L3+n2*~fsvbAFp#<)eh)CjumfJ*i#SYjtkOa$kC(?cCO^q8642XNg(P0OC9SEV?iCM%$%nQ3Sa~EG69U!*E!=SyU?l;Ymd0%oe3Pj}146 zZC}=4P@c?HDW1GLuT1(8^lVb4OHb{7tA4Shas+b@340f{$d5reQtEW_9BBd| z*-3a?XY)!*W&`tEui8sjM~7FsDQDDWC|VJ|<+lbGmJsSZK->aibxRBya{q!|w`mAV zFH=9dBT3o}14avs>1%t{O$s>qiAbI+efMEBR2m2@MFaGtM@}@wQR+_ zCY$5&3$cqtuEc}4_xYeizas~Qtlk~Wbn(F$*)nau7p0At@upfOBV|&c^tsTc%%oWr zBD--LRFG$Od4e?b9Zcjw0Q|%lIsVoXvm2TTw(+)gEosia-D+GsoOe6FAG@fnxmz0K zG!2P7-#xQ#<^tE9{Z-&nR|WxWnP$K_SHs#AqJM-q`{(?1oy9KlM)GV|Byq~T^)40f z@9$+<#HEvqJtGL(FT&HfQcc5WQzJGmjwFWts87}cI!J(~B~bZz20@;jKM!fchG!G0 zr6S|s?X0L98Cm$pK*Uz+!&==P2@WVz0b-zUuXYj7R|HYzrc4KA+QYp)XMLV`UhzI<=M@DA3-_&` zxHfBxUA@g9n|K>x%uke2odu2b6wy5tPA%i`5DZk%dV^(ymz zEGw^RSGs&2i+NdM+e7xflHvMV?=~V)gT}%2hY;fW0&VHD$c|;<)@VH+uOAY#D{oE7pbm`Zp+vNBf4<#{<}(jw`(f zo;HrFiemua+T40S_=!eOQU8%~eW-nhuI1m#_Z;Iu(ywoeBg2DlN zwX8B(C(Mg3Q61w!1z3V6b*8UObz#DDl}9e@YOt_OP4 zJPvmk_pOdP+@~%WZ#N5LvmsQdYn_u6ZRo)`j<}BD?srQx@>mge0x=WuJ|2HJ@h=aa zLJU}6!h}EJ`}e>6vS*ZI*=daws9ps`{PGX|b=@zW=pQ`%AHvh0_KxLedFiLN%;lf{ z_y7D&r$6}Li4^O zzEsLP8_WN@1LdDP9FuguNP@*60y7@JU-nnWig>{~!F0Oiz<)`xfBxJRwdiOK2j!ny zO_h)Uubcc?N4{r~II97X@BX-}z75ez@Q=H@f=h@FzeM=^_X_PoVq#)9@U98qo(nNz zy!E`cW3=K(mHlJj<6p00^bgXoApftHWeJr(8#-omc{u;42Tmc272I?c@euR>(Jk<> zS(Jmvy#8{cdhI{w!k=A_e|}`F(z5?M>r25B%uJTnCq^Rw?+H;94!(Q5q5&SbLX>Z; zr3%abf4_DB{5DsZ&b`rkBl(J0pWH7vJ=-0K79CL2Xobxmd>GMnB^)v~=q_Ycl>OGv zcI>zN*cLj@uuF<<)v6_IRCHn=lV?XK_nB;pZ-V}F+Ux}jJ@8DRIQv7YNp!}9aX;vO zdwt#6*H=`N2le&vb~VuJyX$cUj9LX@;u|vZeK^PprTcx)Z3rtJK@=$oZ6JM2`&zZs z9A62em0E=<%{>b-oEgHCyIPe(Zqe!B=z|$qZ`mNLlC+(Cn0E6mB2rhu;c|r;pq!tf z(t76OQeo!>MOM3MC}EEfKj3;Mam=uI)N;o=;jF#=IPMJ78nYnrR(cb$bv>4@BxL6| z0>UEh`I+omRF}`{3PEzxp-!3JGkk=z@xkAE*gXd(oy@2XzpcW2X;LP>G6SJjkUot{ zaJo>H+5XKDeS5&1cz4nBqa`LB#zG7&aHw^+f}Q}i#<1@=#;nSYEyusoNL}ut;=ab8 zC_Uij3j3S0|C9#{`Uz7Xxwg(w3#Hu+QwaMlwC-BFX3vmqDhK5itz8@3{h7Cm{$>{L z^-QpM{oNQBv*{f1s^tsM%u}ME2o1l?x+}($OOVUS>Ile*?)}qCRl#}WOo1~ZkVi%S zm7nWxk0xsr?5kDXc|*(lVHwgwNL9}c&d=|BRc@8=<%x|XNrs0TE@wAo_QQ-Y+($&+ zVsn?+eE=HY*_l%Wfum(nUK5GAky6dbHe*DFaD>gV{VTyZsjyR!B88i6op~;`G-j!R zX3an_thIY)xI4{Rv5Vf*cCu!Jz+{5qY8Ti~ttIL$Cb>d(?o!cVQ5RGq?0NGNoTe z&#p*Y<}mmys+7n&I4NnjV{~L=G{8dQcGXKUA22HL!;@@d$yu zKcA=2+v+id(Z8U}Wx?aRwGb-T;SrYKJ)+B0-qZJu%guTw?a+6_VLVysIp4yCdzjOA z2rCYLfOx6Qlb;x^PIzA$BjIa#e_O1Wh<3qyGfLVK`hLAP>4$obV})Cugr6p`SZ4-|0!`m*v9~L;JiO(;IRK4jL|nM;RZObzlnOCy!Xm z*C7z57=1TV4aX0sb!b?dFCI)CPx>8?)+8{71hb6C2^WHyR-OaiE3^F%cB4SCjrgW?;}1!McL}4N;cHUCTIs>C)3O7O zyRjxbHJ&`AR2BGsMhJjg7T%Pk+|Owv^u20Fa$UoR8aM(Tm}EBbxS`a}20y0a;f@IX zZ=ztbk6l?!7&3yjTSEp2!DR!Wc1MRSjL!^=dTN~gQL(Wh+2Lr}ddBnvL)>%$p@~YY%hP}YOaIXHr$1121G`Fmn#O?wA z^OQHLi@2h@rdaef4e(V9EtEZZE(_2NjVB^pv=P;N4sz;knaDvJI|hAiSC77chz(tL zdjwl|ZzLDj(`$>W<*mfSnFxdx?N$ol94ESA!<}B|_1gf>Rz>_nwIoVKDH*#-2FV^e zLUAOix@A&U^gZ_xpZ@68!!v!@&Q8v9At`D_PzS1Sdg*1$TFM2nn9xuEE`1h9H69 z?hXNhySw|~?hxD=T)$!W?r!eQ{+{Ri@5~IGbGo{^s`{WYqa)9EXs^!!@D2|i zcsIJ&nWy%h+mqC^OaPEZ@FC}z8MLd0U2$uFf3!uf%3y111$Mzp zDA&7r={8#-n_kSI(P9m&dg$6^ny1sQKLhj<^JidTe{ck-Bj@eL@gpIQ+l3YcqDNB= z>hMYQMOn`?L+EI$m$E4zkxD4vU_yfxBVsiSNHgjr3}q7%PZ*=ok4ZfA2eF))Qy5td zcI>zwXMy<9G^1_B12{{d=DSy8y~Fo#j*vtTOx1!dY*`NQFTTWZU>@d6%(Bhikz9Ti z+!TMb@mnUAqbN;&*?(L*wU^9Z*G%v}+SRv|;iX$xQ2bXAul{If!Bv4Myj^i>2ovcy ztn&_{q6Y&W1RysGCd!vGCit%Y%hiX^aLl;`JS_|1v1&p?6)Gn?`17W(u+f8yS=8xn zu655}D|ogvRa}f0JaQWKQ&e&0))y=$877`&R%^l{fPQ*55D#L1-{(Yw*ISYVY`$evhWt(F`*_e&Q@{9Oe~(7<#0QlTOQOK0cclLBotL zZlU|exY218a`U2;T)KnslUI;jw%clYvOxC){dto*3`hogw>4qnrPpCSTtJ71+D^R*IhDXj*WYbu+;^Bn9UDaA=Zz{_p|?4jTYLW$_F4I?HI z-_0tp$g$MQ%8MuYMp5wf@P~eo`5Lp{`)VreeW=$U9H3vL*OW|3nLBtHJqo2L=S4-u z6b~5&j(~9$FD86u}10D4)<}17ist4+BY4Z>YBO zjJeI2!-Dz>_X0*w6lE)+QKdLq3zO&MfOtX`TxV2#=5TZ;>cbtCAA9Qu4fJ7!R;?VH za7agu)s-VJ1lw?6_xT9ndvMBSH?=wDYeKL7DESe8({eHS5I@!2kgBtl#VlEIZ3*JjfL_w~lD*G)tr;a0{dOD0K@9q^UYL>T@Yu?ae1fyjmovyNR}C$r?hndV0l5u(_`vn_6Ck#De_QRKOtc{d60TRBXv1U zim>C@r}ezP<4_Yqo-C5vb@D0ga<+vWp`H>+f8`E@f?J73&H`y&8Pc{P>bRs`EaDc6h4>pIXphmwQ>~a@3FW0j!zC*+bwx{&4>3_Jhf?^ zb@fSFi@F#2e@yynI)}SxXPn>CH^K38v3Rh!S7dH8_sVJfX!HHFYc2Y=z1`BXx%JOw zxIfVArLfItLytw+#>m2TAC&@2L-U`g2$L2NVibBX^kbM+EA^BRE03;kmZf-MS2T`e zz9c}kx7=$(%9B%780!uOrH|%xTb|+1ppDc#!Ds6^uLkIGUp>Sp)c>SZ(~$$Z&JRee zoYmLb?u-&|xAGT?W^JxQxsI&HQ%VwK3t3{y3Nv9`>zx#G=zOS2ecm-)JcpH@HFWi1 z2tRD3=V$IBb9F{vqK{Tg(SfHi8Htx`9E-LLV`zzM2@`85DQRy1vVN z8$RW9^5UATH+!Xt?0bIG9OdcMG8tKp3mmv(K$9gHG}9LjsoGGG#+yXcxCDHSKKlvA zoK0t+PB9Or2_#HKx+Z*A?TH8`rVqq`;l>f9GJYwn9%(;=KhM%ME7v43_Ru;)d}9$+O)_SXj^w(_IL9-CO+2Q@ye;G6xTa zv2Qx*9J~~P7kIDJu{KW6vTwO%Qj09yl0%NpK}_;f3W`BjRvPO?>r`xA!NQ3W?17*nU`UYKTr&48X;WALwm+awJw7J6>9;b)9z4CY;?NLf$dqfdYLe%`Q4AOq4;4{tj3<;0c?PkW0`3+us{lG?@*3a{elL+ekmr1XoKRQIVfwaH$x*`_?( zku|rxvw~qK99OLzY5(M)`^xG%e`<9RpH& zhG7b@C;pwcJxK!&SIwq2_4NOJXazK~tpzv z{l5zU<5>VC*wO!o02rPHFms`2{(lI73Ve5r_JscfL34U`EsZ5u8dAT^$v>B}AHa7n zfb04BtHhoW$v=l*Ed{O$nRjfSRsZ*)(SWJE${(00{tpCA>lt}0+3%j7e&M~2*sZN0 zx6ECd={$iXUDaH)&~1JmiM2vJl-==)C6;j8IS{eks5zLyg~&`zasHAGolEsgNCeh$`(XzQ{&84DvG z7d{+TOqur#%UwUign@2#zhkL&%V7O&Tt0qr*_s4}M>Q0kwE#_AcavI|(}L`i^p&VX zUPJt#zHRQhs;iBki*5ja_?=C&9D0htNwd(UNF7rY5W2?MWXwE>^hQ> z@(cLV?O##%!$zh=g-ssNSq71z1hxz9hvgvKxH#FkB#di$=TzUbocjK_$%S? zS3`N9%Es1DZBAkl94zK5Gu$SG23i&^P^Pe#5^FgmG8bgnQx)_uEe-go3e$RBDNB9$ zvzRqaY!bXLY<(NsS4`yfz1X(~t5XF%)%CQq%gyZEub-qOFDqj#5rzC--AM|+T%=Z@ z_0*cH12=s8pGA@(L=849lHMou&;u9|k!qgl*50PpGF|(ZV>=TiIer;HQqPqI)f-{V zEKwk*s80V|tz&DUcC9ryL^B^;L%BOrF#{#WbQ4R2jStBPMwV?YB5QE*YwGp+?o1$j z_B>`u3f?`9weZBY$j;e^&zYEH3cgK{M;b~`#0$a z_2f7-8)GH`f^EVR#I{WCPbkgOv`FNH!5yAxZ$7nKfl1)xgq5nfM-|=<`@9=rdOb;r z7ny3veb@1h>kOHMT>*3G_~9*D`s;~->b&EgaU6K2U^&=38Lh7^$oB9ahcw12^i31t&pMjDWnhU$Tpxt; zCb|q8?}Pka@o4(1-E7SE_(+{@r|(Z6b3eGbG-Yqw4OrsH{95t;r{0y|f-{AURt)UC z>d8PR^p#Oa^=TrgI1TYyS5pZS0uf;l9;* zp)3Po4H=ehXM2B~Se71*`k6(Zj)@A2xLtUjuQZi>DRoc=^k}{Br3i0rrCp4(xMSzsd30F?c`csbY!OeqRQE z{Mzu`K2WP6=>YLxUK_mq!vQaqfryiTT+FY2PDl$4?7A4VK3@L&t7kl?sSL$k{#yM1 z{SFxn&;CEYgyQaZg@1mEtSES3EM(7-<$ufLkHO2vKLdUpRgh5ar6a%=DdW1fBTD|qC8|8?^qN5sn7arShB;A7lrj6m@?iC9vwL^Vb7}3nLpzzg*iTXFa$xwd|8kMy%wP&CXbSNZF z_TjR`TKr4E$q!`%v7^AwzPdN6pHBv>Oe~HRJNGwZJh@#9GI!~oOZ5L+&txs1bF8@Z zh$X?0^?Bnt8lET*F4&M&NVlY`VMKneI~EeQ%y>_b761+$dLtw(dvdy)4?vxY_N{&2 z3S)0H9JMVfyBD1Es~RgJ2;4dce8-;;5>uRCD^yO>HWEnMlSja(l6NCzAGR0<$xiSq zJx1xA2c`?8%^OjN{^$6fUv$sgoc{UXrWVMeRwsBa7Vi_2>-d>H9iZ-0t|8DgiY9{n zzItj0Gk2TEodf+2eFoe&6gKA#JV*7euUasi(y!+Z=AnY9$Ma)W`iVtr=> z5ZdZ-p)=!zt6Yc85|%@9l1>da6|q!pu4aVXgZTP?r%-%f+>k_#$E0i+aGe`P(GY=7WeTRoEc zko7p8j=LIIB?mGucrxjF;Jw3L{zl~JgZsM{!XSbdp)Vs+vN8w?G7E;tii~NaSdHuY z6TA;0?w7}K$9G+=D_Nobb_V47mY7T)%Z)ou;RNRh^}Q)XrlQ#}YfJINat6ZKc$_cX zbB)^o@MtfhDOs&F;j4n%XVRn008QIrOW zj1W)I!f$cwZeBCs(B>R64{En(JMVmW{hR~vH6nV>0kDgf<+CzNab)tp)QLSeV)NA7Tfe{V>@8}e{W*HI+HK~#4|t9oJq^~uXw^%ngrtZ%b) z6dmL{|F88QGtZIXV)$@wNp8a?#09d%*T>x7q4`XeSg5gN4fRq&JBhK`g^T-~U|YVA z11LXoyb_{xmCJ4!SmA?hRZN>u!%?5U9&3(#V=dPxi}m?jeiQe=pIDg-9m*r6xghK7srb?C$lCi= zEj)9{X2^?2aSKm9e7-6}rG$q}ftt~{(m1D&sj^19Vo!lIpcg1+l7F3gsGR7QZ#h1H z(zwc~z+V4*lx-FawyM>elI5xF%HTeG$5Az#CWnY{@)P(fB&5CG8Cyr*C6bP9m|x&< zJYq?t=2zzEpjrr6p!tbN%a` zE%Ln94-?-L%^D{?22%c#L8#`;ajBn9lEF0njKOFnE39Y_M_}53bCBI(DQV@Fwohky;l`J z-wT0$aGb~pZ<@$0$}b@Wmznb%9MvS&$p(MOXG*!J@eANe{*3xLkwT^z;Uf!Pfx?yX8 zew*bCqh|wCS&FRjpDjim1C*rX`4j&qe%Cl$=#pk3_(}TyyVH4{!1-~=2VQCZ>IIYX zMWH>7&?{NXdLIjLS(pt!9GGOVzeZCT{^vNnY3XfFAsI9yysVHHUPw+dAL__$nh&i6 zqmDg{GP*%IrT%!=GB6`ssIZrYWhO(&5QlyB#g$Q2r&)%N>CUtzPMlj*^PJ|Y8P0uM zMi{xClGDTSa&M9zzxhPQ_O|;6aBzEnk8NvjMxNxMdV7TS-h-U=5 z#?1xh|CG9|@?cPP^el&t{)oKaZ$>rhEBJZ5uvQpm`ZS$Uk?EU72rApkeoqFdg1IsJ z%&v8b#T%BBOS0d)XK5qXBidPsI(=X4w%@?=)6Sajc;BKDz?g95=XP;1i)=19%-8bR zvcqgfEDtI;6>H^3&d=|)nSRAb?Wa>w?xD`-)X!hO(Bg!JTIMv#Cy>Np1d5 zC+2$|2rtsco7)k^kZVi9ja3vp9#*u_DPH#1eVryqjzc)pWqeV+r7h{K;dvfzk#31r zhS=;c4Qlzp0>(tMO7BVCLX;?jVQk_)ULSK5`s zCfIcOZl(3&?k=-JyChF~t)RS(E#|{&X_(`h>F--_nD&_mThce(G?3gEm#WPWNRmU_ z#y~lr8mlW0E|@)+?CV!>_q68(ig8FtH9mJT57yrfGhZxmC-871**6661ea+`ReD_P znO3GbAGu3X^#UmHnq0ks7k zn$HrLx%V{~B&4E5Qn;UY%+i%x5*KY)SIkNY=!f6T*QQ>InpZDwY@uFhi$~cF%H>H_ zOEe?z1&N$$k%Jicm^~ZSsCE8;BQt`Yqes+`{=dLU8>|ywd_>+4dZD&1TJt1TRz%h* z6JKuYL$~@KnF#n{&O5&)x(|kQ^j(|1H0rO)Bp5rh7NU!i3Vkfk^YT~aCZul9>+2&( zVDWl+#!v@fI?~F`EeUM{whqD-<0BdhqVZFZXZ2YO{!kPDB=e!;J7DK?4C>vbu}!kB z%UIaRau_>M>JdVrjF@`_r)==f?xiSS@zv$dH8nP|LTZs`{*O@C{smOtfgRuT%9S6g z7PHZ7Vd`IqbBrlTy zGCGcHimL^tKQ6!AjaQ88uHfD&SDnDND0fnF<@PnUcXPeb*oRqmdq2Erce&&!Wirxm zy)o-p0ASIJ8gU~fWSRT2*5eIEzj?bFzjqAxhmxspiD2^d3YaB+ESyMD?`9pR7U;4N z*<_k2y**X>)hRvv?dL_(#(~9Sw8swra)qjUW(}BZ)7@3wOgRUPqm`ncuYs5OrYWRV zw@NF@K zi_aoK0C=4?{}n4Oeji)`$ZKz$du+p(lpmS@eGqF=o~?Y62|CC6U07Z4gZBJwqs<OWM`6D*dTGw(^;8oCsSKlWozOS=KA20OC`p%>~VI!%I8yI9n z#z$ojU3zYfPgZrg=MC|Jo}+{jrhwOk9>OCETh=moJheE*Emix}rZZwk#$#^Kz(ea`tdN=*p2B9w>SH=gfpI7Wx^fa$&!Nj>raXHHi`RtA z$ZFbH8!7r^K{RIB(uNgZ-)o%VG-`E|O&E1Y+GF1f?Y?OngN}4DFf*HD z39$0l2SYk|)D-F&l%gqH-=bA>zZtqO$wQ}z!sM(+uJEndk^#e{VH==h_1#Tu5}g{^ zDZD5xoUcZaJ}x;T*rtZubw>5gk2snloyTkBknuybpl(zt0$ZN0ak6q!MQ6L@Ay0Z* zAVaKizht!rs?`Amxk34+UwilqOD?v)X_;L28PwkIeN4U<;o_Ps9r84%uau_X)}6L@ zcqDZ(NCJSWcIRR88|h{YXN^*%c6O~C^++wQ3Tp=7(pe?kR%geRL9FY>H*~HAD@|S_ z0E}>o!w^9AE{u2?u==&|{77)b{NSMRPgxnV80X`sR^EuGHG{<^)@7yd_u(QtE*gn?)i3)&*;?K#=26qu8LOi%eHd5w^_&xLS6FcnEzY=^ksGwJ z2%|=n9^P;BZ}4R6%%nX@pPV&MV0b+Uz_+$)wRB9kQmvSplbOqW@4r$qd3e?20`gTa zE6!_JnRHHHY~1wfQRMD%&aOt?Tjrv?^7lBuYPp3YNVlInyqlz_Uio8>FH{eS2cgV> z{5K{BCi_dvvHI#@-<8u|=die@!c5M(M{4D+Z;+Z^a{tc_T-D~hiD4z_a~oPZqw1#eM;}>9o#5mC@FN;?Mf_IPn~8g=?uCa7Uy;RB&sdpZj9ZmUJWl6d_U^Aqn91w z;$c)o>g14&Bc2kJhRoKpj1dhkP1QY6*-Vk>Okr@VAqWn&iRN5DNUC#IDvBh5@#T$q z4TuG{=r6z=#K?8gvnd%KF1!duayrZ=8n zOU6WM-K^P*aO`PnzPCIQat5=pdi4}A0gmxeX(v8pi^xs6^9u3~n(T|ecZCP6^)_Sg zLn{?SPDF z0vPyHRC%zuBos!kCsm^@sz>h`KZx7bkRZbf%p(aV78u?8i8?*1ahty`y6AeGNJcdz zh|2%6HSKoR`)#)b09PwI6f!-F;jHKbDW7L?Q(sYPS^Qbh_Qe9|!RE3^P0GKf&2b-g zzE9?}Nj9&K$gv10W6KRQKRb(qBaCfaGE6vfj4O=^mK5fbaBs55ISa#fsh5<)O((R$ zcZ*)s%yFs^JH^tswMRkNAyahmUJ2gq#kl&}r?@TV9x^w!T4dhLl`BG9D!ix2{mvXK zR6noP=($XqqT}UjO3)3jfE1+KHv`l5!@8E|YIE<8#LzZiOtWEzv+bQMIYePGh(|28 zN69wc4)m4Ete4%E<3#b{8s|KH91huR9=Me+CROKE@T)=iFyVgg-i8xnm*%*V*kF#@ zAV5?tjzW*b`tyk_!-&kbWq{0c>4TXq%n=fiFtNdU!PvY8Q>A@%0tJ1<(uB%_% zz-%gzY|AZP;_z5lgHCVA#a17~@fEOX>P7GBM#3} z+P<;Z^7vRJtyer`RPRjg+MUjlo)j!OL^ZTl?PQPk2Ea zdf-Mzw$$~P)GRh+@mOIva*g%J*p=9F?D87gDF5B;H%+LUPantK=H4cwLa~YMXGZm@ zX2aj8m1KMi;bEPzVhQeNsCe{?&2DxVTIVCEU6q|d-pakg7W@`k9aj-%gyR~fHvoE& z++<|9&|X$AEPjvsK(G_&xUt-U7#!0sH$-sZcOOjz>|Ocn(aSp!r!$7?s<&2@eEh+} zb=N@d>T%GW1YkfCMsfK5j4~oua68)|?s5Lsof%s3`m)f~U)sgw`w^|i&q&)01GJ`y-M!byz-yxZAr>}uqJ=!D{ zWN%T;n(W;pb@LNv__PheTB2S~dxDy3XGVF4aR-ryr{;}vwH|We*pKGAuqX|HY~$wBo{WJ5;5-zwFuoG_ z;h_0=+0Sv^gMrM;GMz1-x*)rr&(F<2?rxDf{vL{P)a z;o;-ZaIzh<`tU`X%9irQ#@O2siHMsk7M9BM>B(0tap-JxsR4iX)N3QR@imWk|9iU+ zj_#ZF%S<~3ikOU+4&PpoI2EjXH;X3pKVwx`p=-4QeZpf8k8_>Ew3-Q%EbDv)$iJ#x zA{KT~1o@>c*~*{%ZEHwQWa#Fj%H1~jW3&1bo0 zS56zbA1@#cXf}ZQSVJ9)+PJlF?90Y$2d*GR)B}H&{T|Ll*b9~5>uDU1Rgbh3w^)^PiEq6t1+{w~)^q3xo_EYP{9wL@ z6Ti0OW#XThj!h2KPuRQ=*7jBCw$yKBESaz=vVt=CGl4TvC|jy2VPlsk|XfLXze z#IB`-zB9s!6hW=LXSSB2bvv$jaNqk4(;mYvl?qy5U~J?pU0SNBVV6~m{ix7*^Cj*JdP zOwEZI;-OpS{PLJcGvQr={7C7h%nT~L;lRN7j6i&Htcr+}TQ1W5<4u8xU8^{v*=5GC zwT=(2c5Bn2z?y`MYj&F@R<(N9I-7Q+#w3v&+L{o4@SeFipyg|6>*HIUr_v%21u3S+ zlKOi2Um2UP+Co~|WlZ;E5TvakMO`X?!Gih+5T^=GF;$w`JfA}GoHFtrM6VN@Mo*%b zNmW>=5mv3!fTX+-K{bS8E;EBly164^vWu`swdc3ZZzT*B85C_XnX?SC&3b(+NGzys z_;#g_e&a%4RIQ}~7**;;L_$bd$OzCbpsKB%mea7JTwGy07Qhyz#~#bXsp9#b*0v(5 zchF+NUv9|OTT(}fGW!D+vXL_D2bv|_Ei(o`Pt`lp@^2yMj{Hj{q2~M~SD5w7-GYRH zMy>3SUT87F%PHPlky;^8jibb}d>${EO-|*Eb4j+-===pqfH$8)ZT9Cf>p`9)@J27} zU-Ph;f4|b0pFMMyS*^5Cp$5LfIP8llWtZvQ&vz>o8F8l>kiGO6nY+tekz?sFi6Kxt zywTZ$E7aN@lAVEe9_t$BpI zfwD$Jip}iJH_B<_x^T@ZveF@|4Vd9-1F=nlsh3s5-!C_7e3TXpIUlUm%@g$NY%r92q1!AG1?X2am~d+_UJ6}+qvbIhwl4YSRc7f zcita`e7YUiz=(3Y2a;|YCX`|I4|=25)LgmKbkWDL;i1=CC3OUFidWx3jhR@YqMWto z8S6{A^qY-&RfV(5hgCYS>!&Nm3VC5a}mLIL}32)jXJMlTj(m1u`M zFADaIhZG9WLPzve)Z8Qf%nm6&AD2~-%nbV%lnVhP91%=nc7O|9m9wbDP?s&(J`hPT zdI+6$e9K|2MkggZXvB8`JIB3tnn56?T9=$Qn$_K) zHf5n%XV`GrrQDOyC7b2KSmki&5EC@Zjn7!ZJ%j4P*cc+*GUBf|X;#11T)5B3ZK%&- z!YnNL5ef)R<^hvN))g%$-_(C^ClGU}W1q4JI(*>NPWgbJ9L4e58OzKAMqMz`g8NtcYsqzbat4d1+^%)F7`R*Tb+4*V0`<oCw2MxcU;qsb>b%*$|Uyis8?&X1w zMP1D+s-kE~$v8&%XpKnLU^1U5m(t;~@}@&d*-O*F;H8pSWkB+2k0+(6QL5;;#lw7} zW9=@fg5y(pzp6@cihwDOw6rVfm8*Qw1u!Bo+3v7OTc>}#%AIb!X2{lBKUsU$W2ef4 z@&_X04Q_%Xb~?ArOku}JLV#V>c&Ok976gV*gs#)1S@jpMuKolKqn;U=ouGsRNz68b zf1(W%?<~;SgibE&&2B5!pbUeIhhpXGy`tU?@viAaZht@gVL)L#TiTh@Zh~1r$j=D% zrkchkKkkJnd20`bo2KkiCM^fv&7Oj^)d!^`(1N1j%%M-7=ufx;F2AgUxM&!BEP4i_6Yb#brjdb{$mDiU~Q$8M1 zPFWA0tI6!r@Hye6mlu6x%-RImc~z@;#7R0!Zvg|H+ zdZT+T`}2H7g6S>$78A-`@IGAG?H>3%x0l6KNElagxqY(GzNem?&~ zO8#h?55iS_XAIrW>$?8|)h+Q#Y;;V7Dkv+k-(d{Kda>5{J?om>4xmLDgVV9`ENpwV)To2NVSh;bk9Zh|IOcc{=*ET zXEF?H$xDsj`nvz|=dvH4QF?T`;Qxca{Lj$huP{2V{pEtEwYjD0h|IjI>s|p zKk8ee-_9kjJjiD;EuDhs&3T8{KOjU5W>D^-m1+Mq)qin%>R_HzKQA4W)l{G@#>;zT zz08ktYfFr3%eVH*4gdG4vb@jqnADlj;u3O5@+~)witJo5%qKkpsws#;SNg9_&N)>F z5@0Gyk?WK@b?t1@vKs*vbsR{()-1Rfr*_(C;c)UkVtCAwCEBEH%Z9;GRa@tKU(x%vq21Qg?W=YvBT6Lyf_G82G=dijkNkG zg$HCYT`^5d2lmb_Gpjx-`e7C{s3rs!S5oRF%e>Lk+d#1qdGU_SKi1Vl&@Q=KS2-Pp z&E}_WZ%lo{Wu6e2dZ;!S|F~?QP&*9k+0&D0Kls8Rx2U(Np1K2LlZ=+HTwzZq&<5P{ zFHu_lSQ=bj5vD|?faZ}x+DGHXj8uI+G(!faW&bJk23th zMHX~$X3~?fjwMnB*R|fgd*`tDmxBHy_G)c#45aP_Kj)pqfMQoja6i7V8xBhti>ewt zVRI|*&Q>oHS|Rz)YReU>kSLK93tH`qOda{TBAEo4kkM;Eeg$wFPek%em@Mx*DLb!J zvUa|xv+3tbA5FYSHs-6w@O1aUJvXdf%E*Z*dJ!g~PZrOgtFLXEm}p?UVu&=h0z^(Iw|5w74>ns( zIq^X0NYD)G(R1LFnTm|-e=jHb@ob2uatpg_wCy31LuL`;l@IQCU=MwZ5WC}v4%-B{ z6?k4bK?St(heyETVp|G=%eVV@G}o9-viKv*Q7&JeInB~ZACV|vFwW`HYWWSA0{z$| z%eQm-mtS&tcjRAzoLEl#HglLgmZv2JPnarp+fr+&RZ3?$Ts*FT!8w%R z{RQXjjTrZ7ZTPgFWgMOKir^3qO{J7?xJR^)R+#i0nB8yHm5Tg+Ez`?c09bAjUqv+s zbHMwiBsMv@0hV<|4uq3^uA1ltcgwfsTaVbgT5=0Qy*Ym5^886UH2Y)EM6YY&ehgf$ zM>h0Ltku=2>jEhr`Vvg^{|}ux=I*?|B6Jn?e+_1a&>^@}OOcZ%WlaSPyx(QYS2YNU zgc>r4{Doov>PSj{2I1O(L7326KEg1+8Ep>q0R+?$SXD%e`b?1^K$%z0O`-T~1(gjo{m4?oCKD6c~Di?}0rce2YTCuj_zniQwlylsXM;*)D&Nlp5!HB#&n0uNqUg${DCITK%10lo9tF zbVw?hTu!YYQ6Yk-T9eN@UR$crbivqDit z|0!r7j%5(hBk^@K8%Dfhf5i~XjpW~v%U{;w$A{;IkQLmWJIw;YzK&=tRjPBm=SL5> z2PoaUu{&#T+c@H4iAQ%|tB!odKVQ|F< zE~R4;Wl3q^Y;N*bJ~X~ENZ|?XKt!6gIujdR%7in`Ek)hp#~S(F%2LUyfwiB8w%g%< zoyecjNVWW`zxtdRN78RI_UG@hZ@>x{B`f`V&CIiL{KqH%hrIDWFYx0#*v7~D>HS8~ z`@^z&&r?5FQ8igvu>T!~fq!`Pa(8~2r=qk1e=pcime>RfXE1PvCgr#DRtUv=Q!AM2 zY#u{FOCdJsP4Km?);#iI?~yT9wfa88q;h5qNzOD$4O&i+9_lM)lo%o!2oZSkT_`>5 zC_I=UE)kC1g?Pd4JZI9#Y-4jsC9SV`qmlqI_P&EodFKSX{ zKau|V5$><=;ZSDTp`mmew>&4zA)&xu%WCWDcimp(-(Cy@V%(OJ27x;x zHWuI3S~C08?2SW2lAj+Sr0Wg^rMr;*6Yr1b3F)$Wr=Nz)8=@zFQROziMblX^)W(f@nXH+9Jrt{q0)f{2;Uk@Q? ze7KGCHuk#X%S)a0bqp^FyHP0)+V!gC$0Vvr$NO3*==&gEigXHmj;{~!r{DV4YIB6V_iI0--KP7rjV zT0Up2v4G=gW!!Xm#So-_HRruSh;_QP^9>$7n*)@W^f1Bm(qw65ru+WGg_>~n2<&wC zoDS|c8Uj=P(zn8(d3sN6{8DS*@)OEV+y3^Atisd&PQiH;e1)DKV)UeK3$sG=cVc+V zP7~Wxjm1-@X;XaK3&)H1xAYg5m7wHMHf^!=6}LLqr5*dE^x8CyX6rQ0+v}Z&TgPNx z_EP*MqkTYS>e#l`A?V{wNpScI$D05kKB0^b6Fb0mGNJBz`SE&f;G?mN*dHo2|4|qA zk$uXFtw-dK&u|tJx+Xu8dO=$W3;a2lZjPV!!{#P9Qs+R?$35(b#|54?_j6cX)B#R2 z$X1&8$bjv*x|_5dQ?E}cAl~hsCeP%^zTAENoy6<*VU=!Y0?BlI2Wh;CTDIJ#qsd5g z^@Vi%MQ+=kevqEohS#{p!=$h6U^S&J#a4CZGHNfQKA<)9JpQ7PCAv@5-?yt$|v*SYM~S&AFAgy0@BGetx;XKD`roy>CtuH}c7o zhdsAQ6|L6OSdI?B=DDnQdT%cixO~@wyB{X*nUMHsQTXau+<(P7q^!Hvx!+lTY=Tv< zr{Hcq?5@yhyN4HWHIz{4tkN|aRJSW5Kxog{K)3ZVG$A4@vGf6Ce>xA6!Hy24+` zD&ToEx#OniICT5iI_4p-?asvdn^zgN`5qVS4*%6uv9Z4j*j z<1w$3-Bj@okDc3M#m~9AHRJvD3rea)D*xTno~oOd zri7eq-iNb?+o;>K z(ad&?@@t?**8bEsM-R&zorb;k+lo#_d(pk_y13SR2AN9F5&?7h`?E=)YKsTeqnoXI zxJ%o0ong3x9>M}IFE?Ja!y>L?8m2VEtdpBXcahj@7XZCJovz{Yy4{`#^#WjA9O zF0M0wjevlY^MinM&f?B$+`-OT_r;ucfbxy%{4JpxVY=knpjv6kCrR(QQ0n`j^3&A? z1r4#VK*7?U`4ouDodOp_grZOU4)6FL!b<84kH4X}Ok;(sNKqbFZ}AlaS{)3;}3Kp zV+?7nI*`&aQDi)_i<|o?SHMB9K6O zN&0j#k3Bf^O3WGocEb8xe5vu%aS&`cE|&F5>)WfEV<~;Ai+Be&a>ek&g7ERmw(*hl zBCGo>CBnHsq6VR4_^NxHNh4C$za02BT*&b!h#B{dpBS}WN-7>K3{Q8*J^!!0FON!c z{r)vOr@6GjOewA7DYGQ=nDclVw4BSF2P{hyMKWhm(K?+>1vAskiOK;LhYZ14EKMt? z6afK;)JhRiNd!fKYjw`|TXz4tYyIxJ>n{20g_q}L@BQxmc|LpZ=XpuS6d8FRma83| zN`rCFs~)xZO-2`|i_||hf<#|1!up@-&&VIhoUNg%YG-MO4cX@}IBpl6uPx2X@XqhC zl1DgP=lggV+k2T)L)=^fokBRI=PA8H-tJcR=FSAFTJ6(-o_4K?gkQJwhU7^K&+U}W zenq<7^K=a|q2$Vx4^48Md}>VHoWv2Tz-b$l0`eTTmm6Qoc2$LSPF5HyT55X+L*Rr{ zR%g3OaZXz56`#w`=EUcGYL6=iv>NmJb9$=Ho@(B9nPbgp4bNdc-p+TXX)oG(N9eQL zQciVidl-ZLP0b&v9<0glh4tdPGShg>fx@g^<_F`a0{x_(Lm2&@OpV&%D`4UNmexnpGzEj;8y;MHC#^7>boIGMO|sbf3-3NRE!ynI zPgfOKL`*o#Yv$b>ORY4IU&}Lx>@xsP4OD7)E90ctGff+>CU#c6Cz!{TGIowOV{1lu zHWz1Ea6qgO4v169-80rjY{xk=q^IsFpj%>yfHe-A^bBDvBV|)H`jl2>cAfqbvDYqr zDsbX}hliHHFNOOI~>z+tPLsiJ#jo= zFr~@(hT)d#oGcAn_+YK)fLea*llA82Yv>QOIFF@kRB}?2@~vlfzG2U4>Prtf_dh)O zn&j{KR$L;~O;!FYHICtKzb4rHEYkSu?_Wu4bfcxzcqSf{In$ZgQto5le5(>}P+I%P zNE1BpWOKIC4pZ!XgX-%x3sX5Tn-ey0mLSz?@WS1`DnJDm2V+ zDxNrY4%=Wr?ePrZ?x*(}z{7)PyEcqL20ZzK4a;)<~`$!;|^^XkuoAbx6}!&nw3ducA=54o6k7;5{c zu{_lT;bVWn3m~Pd;B)B%xb2t*5JODI)~Av^VR;hk_@gS>7Q@tXgwkb3*cFmXt|O2j ze!gQ6yrpnAJ@>dDkt}m3cVJf`+3POi+@Ayax8_2WYWeIq{vWN0^43R>e-7h7W7i7( zh{YIWuN_2#`gg1X*RoCDq>}U;el{T3aTaS#R7zZWqIo+5#lv+C0E z@#_iz%k}jzQ`?O@nX$mZhYjlNPXs_Q@M=lj^m5IpYTnhmkO5iCPC;#Zb$&e((Um(i zib@#jMJFAqKkzmCf&BK4Uul=I<<0SLX;6%dI7zvfk{$JDe~5@e+>*cZ@?juGH|j;6 z|J%v)=U-Y|0V^D?GfX@kM!++Oa{Z@ilOL)$If{BJhtDNrdn)oeoTv|m zds}*M_`bS@oAG&ZC;3cD+ExRZhj8$D!BY1a-o=h&bV&PzLu5}6y<`gk_vq6i z?Q@OsHquftSEs`Jk_&`@pY#hnem`{_I3#&zuQf`^7RX~>%Q`{2HWLHJ+owZ%+uvr_ z!XusZbPox+(Z(p^WZ6gWLl@vFnUHc7#;lXT_?GuNM=SLtj7Dc~7pEZ|fu};9H)R(& zdhq0`RFO3yu6t{Ss|uhx6Y!kg+=a^+dwmvgt%ccsMlu#l?>F zi39;iQ*o;1(s|Csu61U^r$ukQo>rz`Cu*x9wGZoqm@tW!3GgBFa4vZQZJ(e=2j||& zQX5e(#FY(IDwEMnO4-z1`K5sH4N*W9Mgj=N%&Z!%fsHr{lwz<>xVmb2WQ z5g3StAk@HIP4mfQFW5e60(#x3vmpQ(f`-cZMqL=_I}%;}flI>e_jV005P)*me?X_i z<5-RM2?(SVbJRI;OKzI)DP_lARJJsEyNUe0>@)c3zU57^QNi8mPK0oj6QB)+;Z4VK zl*>*b&q)MZndx>dfkD8C65QORbwn7uCQxWy?A)Ls7gZ70g|EORC>$)mlSdB<*Yo&Z&Ujb$Sg+nCt*IsN2_G8E zu})*~VN?j1m0vRrCR^~X4ZIC1pDg5S;iEu3llY3}z;G7I__ew<0o7DEM9Ka5bTe_s zJDZFbSFoGiHh#f>Bfv)Ak7Wc6*(Xo_sg&qmd<_4nGV*uE6xe%qCbabox;J&J<+&ld zd1M3UF`wi6>{GBM|I-VZWF3z|`mwl%vIv9H`Q8r1sXJ)sX}y4p4)3H|qeB1GTYy7j zt%PPlw9I*gX1+V7JP6J0VhX@6bBs17s$EC>7@tKUuYEj~GjcOvaU>mMIG_dda|xt| zsm`jSTiCq38hHYayD+S{Pd*^qFY`iuu61E`ke%6aFGM;%c^g^iJ~4@$Jr-^fF*ge| z(*p%rx^VF_b8XJFLW4ez3Hd=NiF&71UDIWINFLkeIYDE)3D%8mSu=4kFN?Fti@&@t+G5ox+c65e<+JPmezv!N= zE^4akKq!{ zy1fWT+Kx&isrC>`IT7VB_?*k$AeiZSXj$iUtV;F?)ompuu*@Bs6P=~J;PB%@j+bqb zlRiaRe*+=dF7gohE|eK(*pP2{%si67F774A_1c9yh!$lfCgEL~8`)#)NyqjTIu6l~ z|AFM8CALK}o2$6;J(|BqY0F%6-V~p0aLq|M&2U#6)O;wGI`V9$ctR;;4x%>JOjez+ z$2i^8zSpqJT@5|avoU$}b2XE=1utAy4Yh~39j=#0rTta)e)3|-rJ{_f^SG?pxQ*;e zMf>R<{Hw(ahQ0jRVYnl}M7`k^wgygEzW&0~o3-SYI>oOuS8cRW>-+cb3#w_gMrA=s zUx8Bcu*$vE4_hJTYufU2y=+iLk1R=c8LW$N-OmBet;Uu`DnZ4+UU2r#Ngu%BXwG_e zz^r2NQXr0UA*6QDZ)}f-&(Sc_<#JB}WX_9IouU39_{iceM34quHZo%K;;CDVI8L;X zwb%qb#X+yH2qB>dNzP2O1H@*wQnTYuD8Vn%CF(_jR+Uqg_Jf;`HX^Kxb=358^$+D& zp9RW8p6KQn6iq;4OM8X8%gog9d4lG2jp8HF3XLk=#2-G5p2mf-RJ*C{h*5NQ#t0dgWx zQKe8;h?*xLvL^CtZSEOna{^y9Sj)f8L47mQ>qGZm=9a8GPT%B-4=T=^&2l!clvT{t zz}v#&Tk#|}vjJ9kZI(x0amkSgp8-4xwLJ5>+1Hm%n!vf@i?;K&kbs7F8L9XDKwG#= zhbYZOJo2f6n2NXl{Gq(7S(-EGe_~E)CdqWFH`;3!y8Sl6Q z52cR@bB5A)mt~fhT$#B|zrOBk(I8ZNQ(Ye+%MI!APVuYgUkVGXU7;L(#K8=Dm~ht8 ztgBc@>(^+~Y`&eqFZ^{X>*Im<4Rv}`x7@xUQ)8Q5-%1aqNeh@8I z{GhJp+f4oaX~*SSuVb3jH{$jE>B9&2iyb{!c5H=I%h0=f%^HW@o@c&sv+qxvZrspl z`UYdRs>=6P*|2(7RvqjglJegGTaA@f1p5g=|L4HCyXWb+n3z)9xzm4M{LU9w=a|*$ z@+ao8I`glRm{n@|1Bv~g1LjpQ{s(_nS@J4N{w^54dBrMAUS-Mu7g_Rm{Rd8>jz26=#SQRw|++DwB-)?p8A*n?ZEvji1u;^T>Am( z`+5D_=);GWJK)A;$A9>NFM1noTke4Wzp08&z^?Nvl|QU_JkxY~P7~7>_umYXEct)IUw5 zZ~5lBv+x9F|6OU4jasAIu7}BAm#qEw%P|8skDY{7{#Us6DKJ|rA-Hp$Pln)AG;Q(_ zY@I{KfOXSPX2>^+{A3SYDoXLL6l8hZmqOGU-%>FvLuT@bIB8eeC&R+7CPt(Qi8q0z znZa0;btGfMU)&*qYFlsrSBNiOJ?Ro741JHpmCvxZcB3}!>(f8>38kmtY2H_DTS?{j zq;$`9Y%QM`z*_sWXo*M0i|)AEj^n)7In1%SlUA`uyQpfNLR@EB5_xp4SS|qouhJ8a zoub1cbAoS|yUw{yEC4CCINBBLFV8LfaxeXe88KN$o?WtV5m7KBQ!6(S^K`6LAt!Mn~P|Y~PU)7_Z z?~saYZ7x?`YdlYR<=_B9Tt{e23a<@Rquj&Ld3BesEZ?%6&v|fv^9COA`Es~kK=_@lFI=(QwL)LSoim8thF2Fh>ILMAUZ2W?N;+I**hP_w%o zf;Ck7K%=pfp5Up=tNs5sPNnPS?%H2{qGJmUwsdyh7NhFn6fx5LM5_iZhvuk6Y7EYF z%qdlQ`!PpambV;W#{ys7r}IZ<(7z%3wDfK)#nw|=2|_!4E#|^-*=4T2(vmEd+@e3- zudt1N^o+C>w?&trvq#jc7wim=VD>Zod!j}&P?JlPBpDEcE>FCU836a%T;AXsI{!gSq=Je|M)s)<>IZ1mL{;br zy>w3K=>ZLR`Sq8%*hqFYYD??OAqJAjz2>H=J}8)Y!_J^AnJl%%GeBk{pS9rNrwBJ- zjBiec_u&=3fZo6@1gi;Q*s#GeJ% zVOmcA2Nb^^1m85G^nEhV0cslXit9%~B4+bA+}Bpw@qVhd-4hCJn6`G-$3B6Pupp{- z;`Ye|BxXsX(G^$Oqk?YHG++dv^n9V&QEkEuz)Rl^uXDeltg8UL>H8OSEF`g{a~p!V^IUN$0w?2QD`p2<*B3lphNOTNru_xaW5#6?I7?+4{kczI&4j2c z!7lLA>94p(R^}q2;^>6bKL5E4E;3ox#}I90sn!zp?1XA!j1^G#kgw3Ew)|%T| zq^C^Htaydw7{7$8KCLYz^z^;~rbh3{7u12BZdXJa2sF5CpQhPB<$*k}b9qAyYX;>YyR|9rAVm}bB=RJ)ahl3$54|M{} zff(7HUh5%-?I5KAfr$`=a`+PQQkMUyrhGh4RHp-nxO`3&ZEubE(5R(+I}DYsseK#N z1i$D>4-l1Bz?_#Q%@U2A{m6D?nUi$j{+P57mu zzVU_kZVK2p_}-~)g5p#-sVO)7>;r?dBKzAWDiv_pAB>4f(=OADeXfh8$b&w=A+@hK z<(ez&3wZuK{bVN-q)uJLG-!#ADlM6|Vj#6&AQ7CvstPJ*m|5jux35SEAV;kQ@gg@k zRwr_C#6Z_Q;g(WWVTofxsmxC13p*bSpvPtqv*dF!y@d0$GH}>v&K*;MhrZl>zl5Xr zjK;lB8@%ClB;zhBQpYYEB*Df<*fnSPImz+nDwL~=j}=>qia^g@7hU~@Ny#4Mc?5eN zt_OeX- zTpE6c-s`sZgzQQRYqBXJQ3eLdsV`TWmsKbF0K5`)9$b!VQEN2bS1>)*_}(X;1!XoR z$+*w;V^XE__h5tNi^LXM~xl&h;euQwJ{eBgjC3}vtq>Kev{dB(KB zb!lS0&V+vCN~`?>7PoCqNj3CK4b6L3*uiBcIV}#{SmUrbV59Kczp3LtmJY5k0*Z>V z3rHL4i?~F~+GXlmk;8IZ$09WxpS}7{!ga+R`DH`hoKLYUnXFi)wct(?SK=oz#;0Oq^(BNh8!ZN9@?LRlVQo-f?2PiT%Okc2uwAeds zrj{=1T0KA8CjRWV$+#br?3g8S*Jam&cLx`01$ox_for#T@&G2S=?%D!;u}0b{q~=; z<%;@fuV|bAsA06iRiYcGfcwSh_0xpzpGMK#jKs*?%0985tX5kYE#}K>5E)yogpzBp z<&2p=bb0OXEAIG)$-(7Reqd1u&|hICqsOe}=bk{|@mufxn6xaXS+LC;8iS`7p`0IS z-15qNytL&1fkN)>EeHTT>fXAuD+S;GY;jY9BO4=CyZj)8%$0(Ck+DUO-MkZGc=l)2 zB>N(l&n`~B4V@o8SX&mI^phz!RFpI-8nBlm{VE14w(hcMpV;#2+!@Q$r6=8Q{x2QV B%^v^& From a2a0a7376466db8189cebd7e4dcbf94b15f83d83 Mon Sep 17 00:00:00 2001 From: orlvn <40461115+orlvn@users.noreply.github.com> Date: Mon, 29 Oct 2018 17:29:36 +0100 Subject: [PATCH 024/361] Update services.md Tasks, not services are scheduled on nodes. --- engine/swarm/services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/swarm/services.md b/engine/swarm/services.md index 44c2722a48..3830d5063b 100644 --- a/engine/swarm/services.md +++ b/engine/swarm/services.md @@ -664,7 +664,7 @@ For more information on constraints, refer to the `docker service create` #### Placement preferences While [placement constraints](#placement-constraints) limit the nodes a service -can run on, _placement preferences_ try to place services on appropriate nodes +can run on, _placement preferences_ try to place tasks on appropriate nodes in an algorithmic way (currently, only spread evenly). For instance, if you assign each node a `rack` label, you can set a placement preference to spread the service evenly across nodes with the `rack` label, by value. This way, if From 5c0fe6c66394dc598da943c5a7612ff06b00e03f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Henr=C3=A9=20Botha?= Date: Mon, 12 Nov 2018 14:57:27 +0200 Subject: [PATCH 025/361] Fix ordering of service config reference --- compose/compose-file/index.md | 181 +++++++++++++++++----------------- 1 file changed, 90 insertions(+), 91 deletions(-) diff --git a/compose/compose-file/index.md b/compose/compose-file/index.md index c34bd24b68..0b4c1121a9 100644 --- a/compose/compose-file/index.md +++ b/compose/compose-file/index.md @@ -359,6 +359,16 @@ See `man 7 capabilities` for a full list. > [deploying a stack in swarm mode](/engine/reference/commandline/stack_deploy.md) > with a (version 3) Compose file. +### cgroup_parent + +Specify an optional parent cgroup for the container. + + cgroup_parent: m-executor-abcd + +> **Note**: This option is ignored when +> [deploying a stack in swarm mode](/engine/reference/commandline/stack_deploy.md) +> with a (version 3) Compose file. + ### command Override the default command. @@ -464,16 +474,6 @@ configs: You can grant a service access to multiple configs and you can mix long and short syntax. Defining a config does not imply granting a service access to it. -### cgroup_parent - -Specify an optional parent cgroup for the container. - - cgroup_parent: m-executor-abcd - -> **Note**: This option is ignored when -> [deploying a stack in swarm mode](/engine/reference/commandline/stack_deploy.md) -> with a (version 3) Compose file. - ### container_name Specify a custom container name, rather than a generated default name. @@ -515,6 +515,45 @@ in the registry: credential_spec: registry: my-credential-spec +### depends_on + +Express dependency between services, Service dependencies cause the following +behaviors: + +- `docker-compose up` starts services in dependency order. In the following + example, `db` and `redis` are started before `web`. + +- `docker-compose up SERVICE` automatically includes `SERVICE`'s + dependencies. In the following example, `docker-compose up web` also + creates and starts `db` and `redis`. + +Simple example: + + version: '3' + services: + web: + build: . + depends_on: + - db + - redis + redis: + image: redis + db: + image: postgres + +> There are several things to be aware of when using `depends_on`: +> +> - `depends_on` does not wait for `db` and `redis` to be "ready" before +> starting `web` - only until they have been started. If you need to wait +> for a service to be ready, see [Controlling startup order](/compose/startup-order.md) +> for more on this problem and strategies for solving it. +> +> - Version 3 no longer supports the `condition` form of `depends_on`. +> +> - The `depends_on` option is ignored when +> [deploying a stack in swarm mode](/engine/reference/commandline/stack_deploy.md) +> with a version 3 Compose file. + ### deploy > **[Version 3](compose-versioning.md#version-3) only.** @@ -841,46 +880,6 @@ client create option. > [deploying a stack in swarm mode](/engine/reference/commandline/stack_deploy.md) > with a (version 3) Compose file. -### depends_on - -Express dependency between services, Service dependencies cause the following -behaviors: - -- `docker-compose up` starts services in dependency order. In the following - example, `db` and `redis` are started before `web`. - -- `docker-compose up SERVICE` automatically includes `SERVICE`'s - dependencies. In the following example, `docker-compose up web` also - creates and starts `db` and `redis`. - -Simple example: - - version: '3' - services: - web: - build: . - depends_on: - - db - - redis - redis: - image: redis - db: - image: postgres - -> There are several things to be aware of when using `depends_on`: -> -> - `depends_on` does not wait for `db` and `redis` to be "ready" before -> starting `web` - only until they have been started. If you need to wait -> for a service to be ready, see [Controlling startup order](/compose/startup-order.md) -> for more on this problem and strategies for solving it. -> -> - Version 3 no longer supports the `condition` form of `depends_on`. -> -> - The `depends_on` option is ignored when -> [deploying a stack in swarm mode](/engine/reference/commandline/stack_deploy.md) -> with a version 3 Compose file. - - ### dns Custom DNS servers. Can be a single value or a list. @@ -899,31 +898,6 @@ Custom DNS search domains. Can be a single value or a list. - dc1.example.com - dc2.example.com -### tmpfs - -> [Version 2 file format](compose-versioning.md#version-2) and up. - -Mount a temporary file system inside the container. Can be a single value or a list. - - tmpfs: /run - tmpfs: - - /run - - /tmp - -> **Note**: This option is ignored when -> [deploying a stack in swarm mode](/engine/reference/commandline/stack_deploy.md) -> with a (version 3-3.5) Compose file. - -> [Version 3.6 file format](compose-versioning.md#version-3) and up. - -Mount a temporary file system inside the container. Size parameter specifies the size -of the tmpfs mount in bytes. Unlimited by default. - - - type: tmpfs - target: /app - tmpfs: - size: 1000 - ### entrypoint Override the default entrypoint. @@ -1459,6 +1433,22 @@ ports: > **Note:** The long syntax is new in v3.2 +### restart + +`no` is the default restart policy, and it does not restart a container under +any circumstance. When `always` is specified, the container always restarts. The +`on-failure` policy restarts a container if the exit code indicates an +on-failure error. + + restart: "no" + restart: always + restart: on-failure + restart: unless-stopped + +> **Note**: This option is ignored when +> [deploying a stack in swarm mode](/engine/reference/commandline/stack_deploy.md) +> with a (version 3) Compose file. Use [restart_policy](#restart_policy) instead. + ### secrets Grant access to secrets on a per-service basis using the per-service `secrets` @@ -1605,6 +1595,31 @@ dictionary. > [deploying a stack in swarm mode](/engine/reference/commandline/stack_deploy.md) > with a (version 3) Compose file. +### tmpfs + +> [Version 2 file format](compose-versioning.md#version-2) and up. + +Mount a temporary file system inside the container. Can be a single value or a list. + + tmpfs: /run + tmpfs: + - /run + - /tmp + +> **Note**: This option is ignored when +> [deploying a stack in swarm mode](/engine/reference/commandline/stack_deploy.md) +> with a (version 3-3.5) Compose file. + +> [Version 3.6 file format](compose-versioning.md#version-3) and up. + +Mount a temporary file system inside the container. Size parameter specifies the size +of the tmpfs mount in bytes. Unlimited by default. + + - type: tmpfs + target: /app + tmpfs: + size: 1000 + ### ulimits Override the default ulimits for a container. You can either specify a single @@ -1827,22 +1842,6 @@ Full detail on these flags, the problems they solve, and their `docker run` counterparts is in the Docker for Mac topic [Performance tuning for volume mounts (shared filesystems)](/docker-for-mac/osxfs-caching.md). -### restart - -`no` is the default restart policy, and it does not restart a container under -any circumstance. When `always` is specified, the container always restarts. The -`on-failure` policy restarts a container if the exit code indicates an -on-failure error. - - restart: "no" - restart: always - restart: on-failure - restart: unless-stopped - -> **Note**: This option is ignored when -> [deploying a stack in swarm mode](/engine/reference/commandline/stack_deploy.md) -> with a (version 3) Compose file. Use [restart_policy](#restart_policy) instead. - ### domainname, hostname, ipc, mac\_address, privileged, read\_only, shm\_size, stdin\_open, tty, user, working\_dir Each of these is a single value, analogous to its From 6245cd1c13b6a07c14f8f6ba23e1c431d4bce857 Mon Sep 17 00:00:00 2001 From: dingzhengkai Date: Fri, 16 Nov 2018 09:27:08 +0800 Subject: [PATCH 026/361] Update .gitmodules https://go.googlesource.com might not be accessed in some conditions, but not github.com --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index cfc41a54c7..2f5e5ca887 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,7 +4,7 @@ branch = f28e87c7b9dae139855b574e96f22822986249a8 [submodule "tests/src/golang.org/x/net"] path = tests/src/golang.org/x/net - url = https://go.googlesource.com/net + url = https://github.com/golang/net branch = 45e771701b814666a7eb299e6c7a57d0b1799e91 [submodule "tests/src/gopkg.in/yaml.v2"] path = tests/src/gopkg.in/yaml.v2 From 2691045247a3bad9bd88d7f77ec4d89b5f28cbdf Mon Sep 17 00:00:00 2001 From: Nikita Shpilevoy Date: Mon, 17 Dec 2018 13:19:33 +0300 Subject: [PATCH 027/361] Added gpg-agent dependency gpg-agent isn't installed by default in Ubuntu on some hostings. This leads to error: gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory gpg: can't connect to the agent: No such file or directory --- install/linux/docker-ce/ubuntu.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index 522bff5161..12f3c4f946 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -138,7 +138,8 @@ the repository. apt-transport-https \ ca-certificates \ curl \ - software-properties-common + software-properties-common \ + gpg-agent ``` 3. Add Docker's official GPG key: From 18c8aa001af589b1694e91bf32de7a0d3a0b414b Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Fri, 28 Dec 2018 08:41:11 -0700 Subject: [PATCH 028/361] Update ubuntu.md --- install/linux/docker-ce/ubuntu.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index 12f3c4f946..cee58e4ebb 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -138,8 +138,8 @@ the repository. apt-transport-https \ ca-certificates \ curl \ - software-properties-common \ - gpg-agent + gpg-agent \ + software-properties-common ``` 3. Add Docker's official GPG key: From f9950129d83d6b534790e9021f5c13593a382925 Mon Sep 17 00:00:00 2001 From: zulli73 Date: Sat, 29 Dec 2018 10:19:04 +0100 Subject: [PATCH 029/361] Ensure PMU Virtualization is turned off Having PMU Virtualization turned on in Parallels on Macs may cause the MobyLinuxVM to not properly start up and consume considerable amount of CPU finally letting Docker on Windows to fail altogether --- docker-for-windows/troubleshoot.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-for-windows/troubleshoot.md b/docker-for-windows/troubleshoot.md index 05cd015e02..349a2b46f8 100644 --- a/docker-for-windows/troubleshoot.md +++ b/docker-for-windows/troubleshoot.md @@ -488,6 +488,10 @@ with Linux containers. Check the settings in **Hardware → CPU & Memory → Advanced Options → Enable nested virtualization** (the exact menu sequence might vary slightly). +* Ensure "PMU Virtualization" is turned off in Parallels on Macs. Check the + settings in **Hardware → CPU & Memory → Advanced Settings → PMU + Virtualization** + * Configure your VM with at least 2 CPUs and sufficient memory to run your workloads. From e88b98fcc4c1cf3799a65e42ab7c340f68f4080e Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Wed, 2 Jan 2019 08:51:16 -0700 Subject: [PATCH 030/361] Update nginx.md wording --- registry/recipes/nginx.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/registry/recipes/nginx.md b/registry/recipes/nginx.md index 81c448467b..1f039f6114 100644 --- a/registry/recipes/nginx.md +++ b/registry/recipes/nginx.md @@ -38,11 +38,10 @@ you want through the secondary authentication mechanism implemented inside your proxy, it also requires that you move TLS termination from the Registry to the proxy itself. -> Another important thing to note is that by binding your registry to -> `localhost:5000` without authentication, you open up a potential loophole in -> your Docker Registry security - anyone who can log on to the server where your -> Docker Registry is running can push images to your registry, without -> authentication. This could have potentially devastating effects. +> ***NOTE:*** Docker does not recommend binding your registry to `localhost:5000` without +> authentication. This creates a potential loophole in your Docker Registry security. +> As a result, anyone with access to your Docker Registry can push images without +> authentication. Furthermore, introducing an extra http layer in your communication pipeline makes it more complex to deploy, maintain, and debug. Make sure the extra From c64de0db8c2fe3fe835c67af376fcd54272cfcd5 Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Wed, 2 Jan 2019 08:53:08 -0700 Subject: [PATCH 031/361] Update ubuntu.md Fixed package name. --- install/linux/docker-ce/ubuntu.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index cee58e4ebb..abbb0adea0 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -138,7 +138,7 @@ the repository. apt-transport-https \ ca-certificates \ curl \ - gpg-agent \ + gnupg-agent \ software-properties-common ``` From 3bb75c40f636f1f30d3f9629d57399963f989047 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Thu, 3 Jan 2019 17:17:02 -0800 Subject: [PATCH 032/361] Follow-up PR to 7203 with additional screenshot Naming convention changes --- .../join-nodes/join-linux-nodes-to-cluster.md | 11 +++++++---- ee/ucp/images/ucp-remove-node.png | Bin 0 -> 210193 bytes 2 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 ee/ucp/images/ucp-remove-node.png diff --git a/ee/ucp/admin/configure/join-nodes/join-linux-nodes-to-cluster.md b/ee/ucp/admin/configure/join-nodes/join-linux-nodes-to-cluster.md index fd9bf08834..708d445bc6 100644 --- a/ee/ucp/admin/configure/join-nodes/join-linux-nodes-to-cluster.md +++ b/ee/ucp/admin/configure/join-nodes/join-linux-nodes-to-cluster.md @@ -40,7 +40,7 @@ When you join a node to a cluster, you specify its role: manager or worker. You can join Windows Server 2016, IBM z System, and Linux nodes to the cluster, but only Linux nodes can be managers. -To join nodes to the cluster, go to the Docker EE web UI and navigate to the +To join nodes to the cluster, go to the UCP web interface and navigate to the **Nodes** page. 1. Click **Add Node** to add a new node. @@ -60,7 +60,7 @@ To add a Windows node, click **Windows** and follow the instructions in [Join Windows worker nodes to a cluster](join-windows-nodes-to-cluster.md). After you run the join command in the node, the node is displayed on the -**Nodes** page in the Docker EE web UI. From there, you can change the node's +**Nodes** page in the UCP web interface. From there, you can change the node's cluster configuration, including its assigned orchestrator type. [Learn how to change the orchestrator for a node](../set-orchestrator-type.md). @@ -77,7 +77,7 @@ so that it is: Pause or drain a node from the **Edit Node** page: -1. In the Docker EE web UI, browse to the **Nodes** page and select the node. +1. In the UCP web interface, browse to the **Nodes** page and select the node. 2. In the details pane, click **Configure** and select **Details** to open the **Edit Node** page. 3. In the **Availability** section, click **Active**, **Pause**, or **Drain**. @@ -107,7 +107,7 @@ you demote them to workers. You can remove worker nodes from the cluster at any time: -1. Confirm the node has been shut down or has left the swarm (i.e. `docker swarm leave`). +1. Shut down the worker node or have it leave the swarm. See [docker swarm leave](/engine/reference/commandline/swarm_leave/#extended-description) for example usage. 2. Navigate to the **Nodes** page, and select the node. 3. In the details pane, click **Actions** and select **Remove**. 4. Click **Confirm** when prompted. @@ -115,6 +115,9 @@ You can remove worker nodes from the cluster at any time: Since manager nodes are important to the cluster overall health, you need to be careful when removing one from the cluster. + +![](../../../images/ucp-remove-node.png){: .with-border} + To remove a manager node: 1. Make sure all nodes in the cluster are healthy. Don't remove manager nodes diff --git a/ee/ucp/images/ucp-remove-node.png b/ee/ucp/images/ucp-remove-node.png new file mode 100644 index 0000000000000000000000000000000000000000..134afdfde22b105b97fcdbc2f5311d1cc17fdb2f GIT binary patch literal 210193 zcmcG$cT|&4^f!q5wS$O?NVia=gHoicNS96sEg&MjNeLxX8z=}!2`F7U1VV3t07{cy zL+FuC2q6LqB_XhJ_w2sv@BL%Xp0fkb;dv&*WbU1N@7(*DJI@DwU3G>FY!~S0=omCL zo*2^6UF4vnJGF7{46O!iVqr}CbLP3W`V+e2-#=N%f&^O4`Ij1I-gIo_`dP=v3H$k|V&^*>%O1AhCPKr2MAf%?qz1!@`J_t>Z;|bE~mt z_I|$h$)|mj7gni|14zJh!)k{2X5Z0PI=9;HDR$5a+A#hs56|$a{Q3O*K1<@in19A`Ov{8@(Xp6vSb`S(4W>dzbh)IH2O$8qYPI>&3TZ2zgEi@yDm{-3%m zga7{rr$A35->n^N$987%udja=`8I=`{Jz{ zDQ5kPQxo35xt_&*Lv10G=@+{pT=Q@4wr2FUU8bWO`abidb>bdx8Mepc!N>D|_8+Er zotZYjj#x2Z+b15@c;SZaFK6DI{Ikik*xz#&WOM z|JTg6W<>pemy+elX)ed-En)85UlM9Vzwud|Mb^J##q`fA!S%1o--zVdt0xamr}`WS zzWMeDc7eqK`{quiq=IqpTe9b zrYxens}y3@n<_~sug~B9R*u6grU!FxWG}3h4{$-vbuxkGj@a@6C6KtJ#YK~F@Q}O| zy%l>TX?MNc*F@_*!YN;E*B4BPABU9$x_Y!|IRl4tw4XnX&%NS7Rtk;jX#I=ZbRoaa zaS-NjPkUF|IbyiXij@Wn)RkvTdRf@$pRvF6t2)`R8ZA18MAju)_)3}BrIf#|DHm1Q zL}d5apZJ>{A-|r6|2+G{1$!9R0Rf*IJyu!l$vF@Dy!Z4-s#GmOMmDnDQq>hGB;7$= z6|gz;w`%`-Q-=mTu(GhlE!J#RQ?-Q_ls{|EmP_P|<;1%dsWhwSJyJQUuA=9ZlGFnZ zh@d&A9SNUAPcWR<3KtRBbe@ZUZ|~}mdAmaiWbmAC>eDrNBsLD{5s&<*?->f$ub!UB0OOI9OM6$*PS4zN}1Ck;S zvEQ2W05M8pRV1{mlv7vn^G(JVS|FWtD|poUY3{ZTGsv;}B-@wimsyG_52UsInwWbg zM!3~ZgNK!prUKbNlGZE%Zx>R?I!~^yNOBG-_-bUhPooP)N{F_8@^ES6De_vQTb)s6 zj&Og3(E}AtGKD&QkLNr$Gga%JV)(VY{{d;&vm?cHL2yAUL?uPS zA?H$A51OUzkS!7Ob16>Nyh5TFW(C)Bq5OQ+0C`bg_h^4+=!0!kP0=pt7yC$>N3rDk zqGONQDnsum;8c(xgX9J%=JtGjeh}x#TiIc^-Qe}KX!4e2=BBJD(7~^I31jX$`9TOb z?=>ruIj6+0cPIEm1Brd4nw6cDQydiRooJocJhppm#f(lTxDMx@d4zfCnK7RB(@0$6 zgCW>hbU?AwbMfp1{=&POz=`nJUO>>>+F!K#aZP?W0vkPk86W zJB^CGV8JaCwYEU-0#Qfv{5`3SBeY2!kY+%Niz+Wx7>Fg}LNE1=$ALyqb%!1a=aO!z z*Twc}%GW+iD1Bo!v;F3?ap$tTuUl-j$hbg(A_)ycUceO_c zyT?zMMPu$L_vR#oL#m6C)s;iwf~Cc9q1X%s32Xj3m)jp**qphEYq{S>>SgEc-+6Ez z5O-xK*{*%cB|}p|NTMAyx19>V0V>o)_R~YtUChEStwBrI2b5-iy>N!E#)k>Cn4t-m z-f_(y<=ocUu&G{CAUUoC9K32bbqh{9b%xm~VbHMo3)WR-cItq%aXQJ}KX=10BQplDA2G1fduA9;ZCinZ^JnOeHxzSl)OvAwcZ}I z+7j*xVk(23OS3$YuN8;}g!*0^D#?`Ol!gy-6LAMylTH+F1=$IoiTVs?p;Q*>q})}# z!O6e zX?WN6n#>~ZOtJb=%)2~-Tt)rl&S#8hmek@&os7{^i|}&K=krcDeYKHJOjY!%l+SqK zNswu%s$?3==*a2lx6yavRshN^+v;XI5z)A+#S|+s*O?KQD}RYuSnZRa_2=KbPCD{3 zjhSQ1EYqft_x4w}L_a#l&Au%Adg+l+gOsPwov&J50M!TH;`dvEAC@ur#81bCJW4lA zY+#HlglTATTk24o0*Yq&bwvkmm{1+9-sw^VD-t>Fu!F((g>j!tV@fS0g2N)Xn-m_*aT=PyJ}Rb`XDS1}qhG+xN~l z^JzftTqrZ@!}& zA~t_8p0X4%=XM(Zl5=5nRqjfp%Taj!O0s<9n1wmJi8`1tZa0$jFGEZoW|y8vU+RxX zKYdGoEFlO~^b(mBFR+gd<}$MBhy57N`aVXTeQl-5L|aK0HnHD+XaJ0X%0@*IyzipC ziTztApb%W9jbnSO0v6`1IkI@_J|G@U8tGb2`31P$2XSq21P|?pyiZlQ2^*pSb&UW_k2i8 z{Rs0BP{B3a_wQo?0SEYd=?S+U1Rp>1m{M>zy=pkv4JNdTbTMOl2Gn}YAC!!Vl}5T( z9WyUW=ztttqU?%pBBCo|JHV?r3!mUGx71}*{H)rf?vk)vpOoNJyRDOOB@0eea%x`u zW2f;XH|vGF+Ig~AiZbPSRc8=DW>Z;ST#toRPTYLWrm2=%^6whP{%TPzai1Z5Mo7v% zV0lPbWP$^2q@5GE>3w=+&#h4FZI~@G*y)yTH!8Ts##Zw}BEY4!fC~`&l!2Mzt%!I! zGJC<%U!2NyvAI|yJen69{Z0yEYqRrx8WeGTy-ycQVG%1EdBmM>Qb5&QC6;e40ODSh z8^tT78^N*ED5*-TTQ;G!>MUA1CX=Pyzh+UlndcLmXCz9^uR@lb^xr&l$@&)LP&|sa zH@zBjl8yDL^+j%xlJW7Ir92>I-fVBtONA=PDg-lxM~W0vpK>oSN;efJNeOW1n=Qfh zUh#G*Hm3}b?#d~U7JD=8u=fPa%pNS(L)D3ktHqLc>)~t+BP5-#%?}+V>QvGiB-b;=ISW9Sz>_o$@jkN||rr_pV$n8~r zTz2tCfyEk}a~giVt=?V9jMeLXsI0KMkx6H@?8;``)n+9g0U@w;NDQxls7zW&NUmTp zj(uZC^y3;uMX?BAA)Bif8Fjv5#`37A$UDhj72PX255{Ch-7a?9S`Q$jY9uo-`0imW)V`aC=bGEtBTV&F(o0WX1>XZJW zzQ&yF4%U^5cNvr%f^$m7`*2rvjJ+ej$Yr-L>lPbYc3--94Vknr4tm5|w;1Nct=hSK zlG*VLZOutIv+8VAWPMCAez)nkEcI6)MEB5Q((cvbt9MCowiK=-km2Uqw|8+LyLhl2 zc?Rj@(`9!W^9zoi$5bmVy=d~KMI?iwZcVcV*VU_)41tl=wz`Wp19uSqdp}w|tD~&* zoLD`8QR7`atb$v12xrRUQngl%iz0R5!4cQjxO;nvxWt!5MTeXW-E2C*gy?pQ`s^Av z+*~Y7DnJG#r1mXlaIscUQhlM6IZ^tWtMirF^i&n2Tb%o!VXJxrsT~p)M%D zF@lnad0DXNI2_;JHrMifoDga(eZAvNm5#g2(RMT??-Cd+ozW?|x2P zlbcJ=J#}@`ZhpA@DJ4Z^QSEd-G$3`L=Ver+hz)4lGfj2&+?_N}k4|r3h*@4#&&S%$ zui<;;G^g-pXi%1NFhlLv)?(-M@?!ItlMqMChYo&Pgr^aY%W}{Cvj&!T-DiE>r(|_? z_A5>yf2^Q&DleFkjEuY<=%bMwb|ik=+WIip6zJP4iGm;PJOX?5)(K`GR1kT+Is|0d z3>ug3W_?ljAB7=0Ir^b5?!v(pMEU3&=DDFhnhbZWC2m`5i`^aRGic_^=tQw|yN^2& z0FEQuL~-ws0#~GB$>yZeUF|Yaq{p#>;)J|+-pWq+(t4?90HUOnzgv7PX99H#)FcO= z5AAR}kf&1#Mg-!bYYTkGRZ^^>A)8;i&VX$?&9>JVb6!JSTzz3guZf=uv*sJ)@NdGw zArHy&*NY-?^Clccja_F*<8hO0$=kkf!QD$Da(0?zMAVZRMHijFKnA*@bAlW)3()`x zK$qpRe_dG$ObELv*49|Q8Xlt{S!jBHz_OyrJQ)o$aS<%$H+dkJ1$2HeX?V&8$PNSXXT>Tp zd7BOP_^SG;p=lISd#c>4%n3V{Fom5`Ga2snNW`WAL@=2p^psuB8)NxO@Y^wo+~U_J zIShv{O36`s>xaZB^)#_@>40H?t!`SqK1;Tx}W=D9eZHkzqXpGQTU|- z82q&0DO_WkyE2chtKa`=e3J1b!pS81$ioV9*~5v(4!kq=g*@IA&<6-;+VTaO6qwu+ zIsch#UsZZa&J}Z6@kr+hp)3}^d$q-1H9EZMs^)Ykrdlg~O13cW)tR%xDtYgsjomM) zl2T>Ci!yd<8atE~NBt>m__nuS6S?YZeT@J8Y$^T&)UD#IpWp0(;l87MpyJHH+#!q;l=BzAN+b-$}Pp{g~uluy80v~3lo5E z?)f%}-kjT}uNm~<31g3<*~*+!Iero*=}=hvO=U@+?M=;?((W3n#9sVA#&Cb$xvF(b z?CgJIw|ZU28*C8}c17t*qpMxD!dFQH6^8nI_Nv^UY*AnrCbyg9#h< z{WJ&X@Oi^Y{M+haY*kYt#)~?Dn1B9*7Zi)zo>X?gnI*P{#n}QjiMSnS;@; zRRALt+o8tOy_o)Sfpn2&i!akuM>7pu%tbrbww7E&YSKP&Y~MB7#Y5^!rB98G_tWDP zmZU@tPW6!}qh3e-dwcz?sU#mw$nxxNdKFmDQzJQ<72!Q)PhFno2!84KFyb_O=(tAT z@FB`Tu_0HK)HFVD*d*V>&=~1R`941n8JtOzh~sHOX&t=AwK8v{%`X=_1#sfHu z0}#9LZl$(s#tCvMHO0^97P3(;D?TQC8yU^NBviZr+3IBj9RVQFopiH*oV*RK-+=fu z&uxnkn+k=%M|1w5=p2F|hpHQJr`NULihDE>Dgmf<8>!dfoR-ge^E&_Jy=&#U+mZF| z<~N*nNpOXf2kiylWJl^Oa^u6Q;Zx%!@8S}Bew22^>9uez7%*m5Hz9V9Y}7IEi%wdT zj51>Z8icUUvpB0BFsk;bAv%D;@BEq`Z_O!2C zB2R3HR9{(4ZE3k(ag#!JsA$D>(9Hh@q80Nz6TB(#jP-)Ln@%SC_=|BK=P&W}4Luc> z%;xZ^z(vS$$pHOd;CYy$Ve07^n3(9C(3y=f0cMCT_#^aGHI1$=#`_8rZ!Z6h=9kMj zRi(6{Dim8z{wlyNyp8@lc&GdIX2ky0BE!6*@=FCLdj_Gu@j^N}<+~ZRh~df$7K%H4 zioRKM*36@4aYgR*bggrIT(P)F%%K%C6nf!Zn;b4N!H2BLFE0M41NyL3`XWat$lk?= zg}^1N!8DDkxnFE1@{s+P!vxDS(=Zd#ZuMTx1_gSLzMHUv?K9GiA4DG#Hbj<}Qx12H z1BA8XuSKg#?G_HN4>f}l(EVR1dDle_bi-{5gBzbmbICpqx2dM?1xXe+?65d4=J&_v zM%$&DxAZD zT~lBXb;o*-zpeA2p#d?!ZjFCAG$~H6L&i(dMg!#m7z41cx-y;{{E1O#0jkY@){po~ z*#-E-vZcMpug5z9yiED&!jKnzDui8CSl9|~&hXCc>R{v_NyZ8AwF(0(}MDqo~5oUaK` zqzaIR{YO`hKJXuRfGkY1j1{Sz)%*gxMkrCtTZiKxc%_X~1BQ)A-+vRt=DoxuGP1e9 z7^7(-dr3WqOo$Szs{d0#h87gu0;+((&T1Nv7#vkH3(Kh7oRJIyUOgj=!-jSU73sELe)#C7kOmP$)g4es#e#!9ju2^jWF7qxFNVHe~i4z zRb6G(bh#wS0BU%&9b~P$fHW3rt^XippM_-?j|M6qW8cXIwconezd}9Z($;xTk$M;f zvD;2HuYl+*#0vC|6!CMEUF1tEvQi9u!9j4ahDbF8Z+Mz?IS!)y0rXs+oN$ z32CVVoZ3FEM{mIGHWBMXry^h=PlN50@2|6T6^=|5kNUjhbNMp@tXPhhIF?tI%7^}9 z!1KP^=K21rVn5u85Aq`i9>Dcw=x-wu$c+X|VQX88vWvCieSQwzBDdAFxL54b6ruAY z7qpTPt~|#Vc=l93GZc{Gj{?gPDuoQccg9zT*nZgz-O!9ynm4BImK8{P=p?gwONDD{a6sS`g)Ly_1A_8OJ>JGvfN4BrB@gH` zgT3lQcoUls(9V!ujau^89-*ICHQ7V@+`(ZH!Abc+3H@+KonA7HxtW?;4h^ z69yvHa(a6EQT;MU(ssu>b+d4qIjx12MsS77@xH}X2vey^nq*=+S_%(cB_`b0)0REX zILnQyi%RCH1EEohj0*8yFD(=*}L>yz?p{yN-8{Vkp ztsJDjqm)t{N>wCHv~WR;UB-C@uT9fJOYde4F8TFeaohe10;}k^k0BlqP$9x%RTr{c zq%P%0ZcHI+A_l>C${R*geap+V7QfTfb%*zB)`%(qkYJO^+J zt{YtS7zXnTUYmgW>@}6ggw$B}7N1|GqwynVacxfqlmF7K-v3wY2{}r2g2l2`oQ84R z9(VR)7f1RGON<(+VER}94NgUMc2?>@Hk1eX>J*dmk~4x#yJD$vJUblS|939Hh1ZY3 zn_~toEh}2H{{2t^v?7@pny`0wy4sA;d~Bn|KB%}G*2xj@_VvL5+eAwlR|`QjU2^j? zA7y(4XB5B4r|CDhtFH5adhPVd69>UcoU-fUia~pv0)uh~rG7k`7Cl1MwbDVtnv`8a z@_4gd%DsMsa`*2J$D^L!GBMefMo%~HL^7>=_C2(4Gr_J{+^R;>d-qsm_d zifRpiWx8v@5~rVsT7C|vZyO@OkDw=&ti6tL9xbphnZX$|?!^}fojR$;1_0=c5}{-i zFx3d03MfeTc`a8hr0cF1;80v#4CB=lGAY$Me<3qq+n-_0BE<`7bAyaMt?X3IO_TP~ z!4;mm9dB>&{(F_t0eS!Z^288Vd>gG>L-J6Ot>#os?c$Fjnd^*-2i#QBKwx!%c0f-+ zl2ecP$B)z*zlSYnyq{I9{cX_{8n;(4CR1_?d0w+hx7AmPq+Z7yN=Vh@c&0si?SPO| zLPytX(z^caOSWC$rurAlALORY)_b zIcU*+h)vJ#THKv`8LN8-KC~edXN1bM<2UL>rgaZLV^cj?3ex0hz6|U1+Eh^vjSJ)C zXgjB_+i@CN)`G>wKBLy|$%BhJio^Onq*3LJB5O-Xg#zjEELX3gfz6{S#mcHmNyyUs zrTZEqr(%`!&T@rnt!8)@4=4mQk$17PL~b9_=G6~RYHSwOmRFZ6_y3~%wn8J~6totm ztz0saaPbb};FBwZ3q}r99Mb@Curn4D`>@_X$f+!HoVoqlN(IQ+V`z|6q?)=&UPaGy zAAY76BCd7Ln^n@QSsLR*k^40{`V-{6|CEV^q-M9>v)7 za^F6^jAd|MvsJyu#p@xdUK<~dmCE>!C{1S)cZYLvWy41lhN<1O>Dt>&A;zcw5c;sB z#YvFd_7VBB8qyGcKXBjYxku(D!Uo_gW~N9Q2y7(3a5F9wiCV8=mH-g!1Qu=Hae?kj z-i)>RA)Xu2e8Ht>z3){?6nS3?UZ58vglY%PidU(@9uMg5&Br&Nh+a!GRij=AGBVymR@_T-(03g*C*lH^migN+GH zKC|;%&8y{>H5YTyfY=83^V;g-p5Yygs+5Db!m__-tFZ~5zW~R!p6GUNB3+T#9vW|B ztyx?QAFmQ?DRy+biCWxRtC7Lza+Sf)V~@Hr^c%Bp*LVO+B-FWXwM}e+-Ba@2TkPU> zQ(oG5VL*Gzxd}1KCLz{4Z~9Rvspw;gMNO)AC-{CSMy3`+*n`ph8CD?qd6z_D5#Mpz=koQNXLqSCdcff{YIQmXZK>=>`iW+KNwEu_$XtxRAo>& zcKyrphs$GGS$QgQ{*q1YFdMugo4zBj$~%K;0C)zV^Rzg!ktUi`m%SuCa!SRdJ0-o} zl%i}L$}*ZRolwD_%zvul1rorZ{Sk%1Nku0^7yRLFchRGAnz_P^=L^b_-e`=pg8EsX z@-cCY1KWq=$dlobCzHaf2S-w{G1pC|8i@g7q9mB)+Hm-%oN1P~yYIIyK^VaO643OD z38&{j8&^`~3fprA$EV5ojrApi#&2DbDm6YEot9`+TELFsE>f1HNV|}HWsR%f)Oj^2 zK7{-nb#Bq#iH5=56T#Zxtp*3&H~x&I#KP9VX-+@vFQy1dh>m26`PVul%?PzYQ1wz{ zqFb5FPNs~N-U>BN;|V6H@$RC;wCBYRszTaO?V?QRcFmNhpyez7`IYxcSO&_``qc1GX2{NH@a#n(R7^3ooQTjYCP&ZKT`yeTdr zKVLg9%Vzal3O7Ug3gVWgu_+oiZ#3j_cheMtr>uz*jJ##NYD%wUh2LTjtMFO;Rtjd69X0PlO>p%qH1<&bmG6OrR zRC|@LtU_4(?1r)_;}Hf!!Y}Y5eysxe2x6Mc%up<5$9LAD3`3yt{F1QT|6&6jUGu8w+((NIg8>$C^**)$Ur6*ex2zw$+`*BCxH*o)FZ zTNh+n2O@cjKn6Bi?`yw)qg*l$afj0sjYpFfOG>1BZu>7UujHr6_#K@TF{^FbL_9jh zOwaealSr}msT1RU~+MPE-_i#%fGvh$(R32>kE3)T;UWjGbMl?B_dkdToIyvt{Mt=;N`EPP3e zyxPRZIou69rQPIZ+3lOx*i3I%0-;cDnXSjWbVH3b1zN zey((8k9{!G`3W{C(@uQ$W|wAk<-SJfQU23mCgb2mk&P*h-^MX35x$U1v~`bvcN-QG z?yA|4lc`h29acq}5C2RA)DQcrRqw3z8MYvnQ|>WzgY!P$39jlM$M2{J#^#-Qt$i2{ z=S~sHv~#qL&QT7s%E4?V=e_Dk+HU$V(9VJFjrKKvhl#^0%GI@4+q-2_^L^UNT{S;M zqPfdHV263*mdIX~SmmhODUGsl3`4gG;iQp47Zk76Ld~VECc0k2aIVC)H|VFvo4%G# zb~QQt*VQCljG8(yuX;Yi(CcUGSG8lK2LP)a_YYjpR_{1^(n4@N)%oE=YNUeTg&W)a zDf)eJ*F7r0d%*dns@isWQ;f%M@5s=lj3q@kpt;rj+FaS=w|SwhYOx$&hwrFM2I$&6 z(nrtix5VeBZ3t7h3s{8Y}|x+^OTt))s$&59u*&Z zoO5`n&;W;_F+u7rl*Q8M-8ON0D)G>pM020`_o!PQes`}&xqN3W$p5cF##MNfze;&@ zbP!n>dc5P&)89?=jr2LS9Wo)6zsaKcZr!#t zm$HpDGdGPpwjksZ0uGb)UgfQ$>|#rsniQ@p|7je|>0jA8I-b?0Eb)IgOD3@B$6++W zHR^guY>4L?NoQCBeRgILVfZ6_)4Ii{`f>2puYJBJjDla=Z>JgUZehm*ioVWd$mXm0 z?)Df3nyXfeo(pXIBpglKS#LWT6QHExKqTR^bd^9?j zCbP`?xCZLy!Jd&b&ucPuV@cDQMSQGfsElTUz}ScnSp?=&C)qH)$(}RYLE&;Faqvs^ zSom=+q~K)wovFZUL=?DQaAh5#2djfcvxmRHz89UVZb-;wN>`N2;?dg^JBQ6<2ERht zbZ{{USH55~bQ&59joLQ8rs47PJ)DaH|EU0{Tr~V$%OaU{acxYgXz}?CE%<58scV%Z zvFN z=#B($f>v>iTO(wraMx;9TtTP-&MsG&qfV(CL@8Q_8=f4H-?^kUa&$T=L|MV&^bzr_ zfTIU?v(1}C{QjQH?8^KpMpo4vFm5ttueVooPX|{3Co0vk;IMcE+PdZ_iy|-g#6Kj2h(Ug9&PnQ0^-Yzf$L}15r08 zk*T6ed#;N6?W5hnb<`cv+1~ou0dA41&g68i}<}WCUtU6QNXqfxW|TDXIL$|pc$qdnv=?f4-^&U znj6J<6J=dM+2)I2iXHX`9BZ>khODq6@ITYe?CHFH#GoQqYynvt_s!b^A!!1oh4To8 z3k4%;Mg8}Jq3OOcv(FlbJk}~-$+PsaTW)A#cN}mV)z0lY2RitADJj1YZA4IuFsGTJ zOz2mL>OBS(R@x%COrfW`K71ITh?l5E!qbQ(u)ew;vfPs@0R~$-l!;Etcu&-aaCec2 z>pibtnS_d+BxMYLN?e@Xy&r191RQgMAoqo_Ge@tk2cD(bNj}a*S=T10oyID0r=U-9 z=vtSj1)dB~m&eutkFw41*RKCZ+HWCfO}DHy<~i9cJ~~Cleu*F?*yV-1=Ll}s0Qn9d z=*$&ZXU?rpmbxUYS_XD3r})nYI8hvem1KBb(~cVK)_xe=Nto_6DH-#tVNOoSyc&~m zg&Z?on;-l@g@yt7PI=G0?1u^p3TsT(?KkF`BYi<$f$fjl%-a970FJaA^|(%Op5Ayn z_-IUUR!S^aBo6WOvy(>G-Y=;DYVjx9M#H*cGQO&>I%{$0Qqk9C8DP8df{bLP_pGuG zcTL{0XylrD8PIX0FC{UAI3OdHZ#z2Q9a#w519nOUrk558*|O=IvaEwaSQH_fO}^o= z@^O}VZ0ObDkqZ_sDlr)rCM=r}C)KAyFb=4?C9**w-$ki-Tp~e;I3W|4c++X`Fg*|o zIa8Xrb!@NQG>J~yXW*RcNUbD9G1LxZn&-6)6b+|1^V=N_Y)<=_`gymbT2>>#>lRS5 zkDH}Ca&^PvMUfu7i01zK^sA%H4a$nWXX1{e`E!5&BR(_2hjQ2nyR7c!v@%ss+wn$I zV9(7hm)AZThH4G@szP&89p3qLM4(cv?F%eJje(hn7d10oz&8Dt$-+hv;9?7Fcw%Kf zdzI+IdKK7H)y-*qs@^?=c|;;%6z%b9P~$uUp-m5LT{@-{-&GFAi!p?t6Q}x{*(Cz*)sKl(C z7}Ir7&3A+Lq!47N$vyh1kB`eB9(Klg-@@qcF!?BCSLuy9!)`DN5etocL8d--H89!K zMa1)m4<|_`OD@_ubj$2v*x~kRAjHbX$40DU-@ceXa)RX~yls zV2@pI7~0$%j(7*HrG-2YA59)x3zlGgXf2_Fmxypa%dYv z>`z*$^Va2VIV4?x49q^mrF=nsIJhVa@z#N6C<*G}tFBx{-xp(|!^m-yQ0=)w%EjZw z`nN3u+Z?1IYribPgW3uO0^P+T%G8eQ7W0tVkBuV>S{6~TluIk_G4%p_pK{ye{ZYIH z?mDjL8W6vz2+x-71ZV2vCk{N&LPUOAD7_+9?|5Hu=C(^S%~&O$I@z;(V~XFg2-y7P zO2`~79&|CZ6y`J<#3dN6}S>c$ESbb~TwNAS>e~}a${YJl=jiv@SV^&8~#SRN5 zS6TjhL+;39!B%RE>YGjSbu36sdRiQXS#wU+B-pr8qMSAia==8UoNDKO^W_%~uZ=N-LyQ=fx*F1nsZ)A z;SMy6CuXu(jkHG%07I}%P_$@}mHk)HPIhT9`Q@UM3XXR0-aQM&9~uP!#&yg6D2a5lb>L8Dy**|D z@nqvO+$zAiDv!26H1T=1C|EmFf-j29DhSKlS$jkDuO_%t6%>gLwViP|J{oW@Sy`oC z=JNwx0`^p_7Eikp=H~dUIWI>p5LF?47carEJSHT#p-~B{Q(b9|yH=TsF=;LnEyUH2 zxb%*`8MStO@AA~o!;4;C(vZ`C_`19sNAsjB|EVtL1=&<1j|tB_^%h-jT#Q-KeF}EU zbgIUKHml95;IGq71)}zdCXW4hzlAMZFD8BL`NV}pyv}k?}^WF zTpf5I#rgnFLr0+99&0l+JX>B&US4~0(yZToZ!*~mK--b&JGUPshi~Vu`s;kp(84*6 zJE}7}jE&)bSvQ;m`cS}BSI#MciuTt^D$1J+C>Pjswi&o+5J#l8N6FK-+JP$tXEe^D zE(&dI4J zX|lQUmG%31M~`5W0LR9aaS*3pE;9;??iY%}t+~%779+nHca9j9`(C`>7A-d-vy4Th z?seD22YZ8@baco%emwilRnl)Q6}Q0}9&jfs@Zy!0ubOS%WAcvf-X#_boE+v$23d11 z@%T73u=}BHI-;``K3bIfMzm!=Xm;mkPJC|5TtIARG&L^r!bRWue%iKx&mNVLw~pV+ zr+KPQ$iDn9uyNsO_%lKr<_WKnx_heF`#NA}Jit;%g>85krqqx>g@(Z?q$qu;!KX~X^Lak4bV+mk=+`*tyXL8Y(<_xJW$0Pye z$nfvOeKnr5TdEokdZn(u6A#v;e9(oK(CfJo(K)pv<1_Gm{oNb!cKTa4CIBJ6^8xEK z6+ByCu1Bx?g&rojI&_6x`1v44^k5m#z22$V2uAU)rnlYvD;Ngo&-*i)v{V+^XefHI zmz|pt;U}3|yuGAs$~~IG)`D2#xt&Oj5>B7%&7`-LgA+R=HMS2;X)(%7+~)r6+TPnSBKJ%fPSu_DBd&i_jpKCYPr217UH<5t^m9TpZVG%KXug^5BB1Z_*t~Lkd)-+* zS*L8ONO}Of4E)*x4+Tg7%S58rUrhxl)Ftb!?lBhfS|iu%4MVibX&avo*Hy2%E_Izn zc{)7JlkjQ2;6qoCB?xlBqbX~payDs9q=Dg<`sg_7 zU3fBZip?}_t)MFrv69kVZtqgRgDc-Wlq=EJrph(MDw~ne_paD3!dTp+r$&wk;KK{W zh(wphk|gaIT?@|9&zm$GM=96KD58P1q@e{j<>Q6^TCF#3wNJU>Kc$v4BBsArU>a4qbv(9Wgk!JK*20!pXPdm)jb?hc zRTL9QL9WRgF0F1^%GhwB%M#puAJuGCv+y#UFF1*qtm0i=+X;vPuE&pVn^9Xr&2j?O zmV1Em#^JZ3*Efa}V-AWxBDOz&5F94Kwwf#NS_c>v9j({4N^+2JsiTttzkWd!s6yzr5+V)9T zh~)BurR;m{*UbhsEx?K$G-l4Kkz%qfMenqbCCrI#6C3@s+bv^}S6t1b*z%wl7H-cw zjcGyVC3mhk*+GTM1Wr@KBM(1p32n1ClKx6%priBEGk!4FrdZ39%?Kw|On znyA$hza({)+P{|<9*t|?qyPN6TE z<oI&Y#95_7>eFUm2R;GK9(4>TszimnAK%3*lZpehKYW5Xy(*gf z)@QSrfAYul&ZXuGzI>VFuBGwR2uqLW!F!idXef%g$i|gH=H|;LmU`?C+pMfi zZjICz*ti_Lx@qJfbazuhshB)>yiZ9pOL*!VfBELQE7vC)pH>`1|*&9(VKVeKH;qc2r(t3trSnJ@lNYMBS*7$KM%l#^a>rX(@nlFTaH(?90$y}&6a?*q_5AOr14DSjnt#lB_rFLk^qruQ9`sXt>n z%Wk>5%sPJkacwQCHs1nA%MG_0Dg;9-bYm}ev9@yFD-)Ub&- zpJIbRVKk~jS6L`?>Hb~KmZ=*Y*bc@9g4N(gi(Z_?7pArw=uz)PkU%cHl(%2DI4^4@bfp}M zFNdy1I)7uJe*WuJHXZWH?-S<;)_=~|^Iu62_>(`s??2J7%YW-M|K~CPPyd^<`u}g6 z$$mLWhXnOS9*;_=9GA29{e2{ZZuZ@U|M3Qa`2YDDfSUsU^F;&y+h+VmbXj%YH?~5j z;$7by{7qYyJktZE^TD3=K!Dms*p zeRL6L^86H}M{UCnH#w()+UWnM+bLV`clVKT|?H7JPTd0x6z;OH?8NG`zO2j%!RFB{GmmlH7q?sQrr$z>MOE5HI6>=sxI0L4?D--sux1ixSyE65 zx!|*$NF%8!N#wV7_Rhi46pDqAD0{e12-Clk6}H&leT}HwlDd*$)82+85EyY^X6G-t zZE~#-FP%&lmbdEIA10j$4%SQ%#S=zGxm}J6;y-yI^F=wnOb>$yDswnB0k*VOV3Nz;;0GE@12?L6lNxJ&x2Bd)k0q6Xnrv*SM0%!IJYiqc^&LVv*`6dJ$xExTRmxqLX(TnnSMZ1 z4H;;osh$qiZPsqEx>NC6w6@nBM~>h(evW)RDxIJ0d|wJcfi7MOb#O|k9Wy0&Z--fl zMgPEyBbM1xZ`b-t)^e+8rt>!T`(lif{>q%CebLs^iwlqfD6;`b`iF?7mwfIHrLnph zE|nJO9-7>@GE?TJt=%&Pyl_M~U(};3VP|3Zbx^;yK#Iq8dL&BzF^yahTQ6;)5EFCS z*mWt1o#5;&ujLaA9ZMRtD?j(Q_|Yky{x2r5$iXihY!hd(x$?bpaogO(F28qZZDu^O z>s29f_ei6Wdi7%3cCA39>twuB`|-h#DgV5M(1P4A;Y9(u2{6rFi>|VWF4J|y_dM) z$XVB>;KjUXx?=|dER96>GiUzO`%rM<%bBQPeYWvm!e#U-UMV9bx06j!Po#1(<(Y2Q zx;kw(>o+d0->%INIWN%0>@lX?Z|qsCGMTYo+nWf#K|At7o+vQK){8#J=?|I2$SB1; z98+455H&*759Nu)XvR5d=n*be{WB|c2&PwyR;~lD-ov@q4eY)3{e9pn@sg6TnwMa^ z){&WQ#|YcZDW>&bbD`0Cs7dOg_IL4IZ*qe&s@1bMz@lEhs70}T^%L6W<<39!DDmAC%|9Q1ZU~3fTMfao> zMg=@lgFJ|sPncOtREodvmyxl(y47cG}vE;Wfqo2Yc@w)MVH73uDCw+}?^P zRisH5=^aFx^b&dz>4b#dtD+z(AfZX`EdfFggc212=_NquEz)}l9da)3=XvK*-*aZp zeBXEG{PQuB86e5E*Is+=wbxqvw||=zzA`Voh(09a`on61q4R)=q9_No01rdZcyHV4 zRv*eGPA@fywX+Ayf#2YrqLlkGRKq5RDf?G)qdiY=d*7Jg@5h$-Zgz`tZXL}O+H-Wf zKeQS14GMZn0l5~KXGCt?$p2B+ zT15QMN%rkz=xL?21K1GsLH-YecBTcEg>zg0c&DOy{adxYQZ+ZXRBt2N#U;M*%e}lt zDJgmLyD?el(%hD}vGcLpI;!^|Ut8k28~RM>4riYvD9no_HGL1Yx#7Ij!@@WyA6b0S z6_^f&Z+LRivt#&eS~1k;!hLdus=BuRJuwxga{M`m^p0L8YyiiOF~@e|+W9^(hh?k8 zZ$LyqM)wH7Uk387le6!ZJ;9LOG)AtyXO?WizYY7K(e()Qaa78YOZk0AmJ#Sy9P^>{ z5Nb?d0C(ILuRZ`JyGHXaDz|w*LAa2006n$#QC-=IL1+?ZxAbx_5GwV%0zSJaOdniy zeq;qUh8*i|hRV?)h=IEFpxP-|T+T!1&Unwk*4_7Ufu{v(pHO@+P~v%=PQaLPEqTAt zJC+j13f-qG&xs4m3SUFNE$-pA8;BG`G`RpV9rE2$_oaw&@86pX)_56xlrJZQb>6Pc zNmn^!&%4pgc}4#c1SnCtUtvdm8fq=9I6~ikH*&PHr`hjm8n^V=eL*wIBro$YH~OjI zT$DHyuJCFt`6bIOmy&`HERgpx`YHtQdyLH@J6IdWXlzezJVI{lQ&Mneyf-TRx5?AX z2}C!&D>p?HqKsqy2s5U?Sv>v~^YxF|Fh=Ja894qV;=**)Z@Y0MBomR2^uf2n81G%i z{@z0wuRop)y#2o&zyNVhFntq4S>o^Ka~Cas((w3x&`tRAJHv$x1>WkKbJkVERDC6n zyD;p*e&{`J<@f*rN|U;vdU9pc)XN>~N8WUyR_tKg=wWl;gi~Gb#N~*q?I# zJB5={d)w{lr+B^ydT}8gnEl-b8y+?M!3SKqVgBz5*}bFt`(YE{?f*A1<^Q)4>i_en z#r_jfvn55)2tR`9OuZTZaS>#m|H++8SbUy|@AITKr=6ECzMam=K8ar0_DS~?5(Q;fZ2(9qAA z)r*!S7-} z`L2?r7iRw?&ieHyIOhAS@+&bU06vQ2Pew11@K}MCPZxuG2DE_L_UpGuJ}WaTP2Qd6 z_lW(UnBV`(N`tetK|1*!#wbMJ#zrZ!9IfC~k1}AX+vn5z_2Hkder>xA5N|OR7Qp*R zJM_S~Gwn-FTFU*4nIVG5S&3_-+@=k(;A%%4Tx~2iE-gKa}FIxZXYjDnx)5IjBV@gb1=JKeoa{qD{i%~;u&O~6-BZ0uDWuEJt zAk%E~vQN2#$wj-j+9K-)5dr9)7haQBQ|5iM3D@#8%D$P^?xRH2LLTwA?1 zny(}Mo z%Gq)i>9kz-8WPnZ?5?Of_HuUY1%3ZnNZ8-U>f(gk zsiGF0eEX*U?IfoD-S>QL`yPXE!gfoeYT*IKp6i3LCq$O9(U)yo3@Yt`?U+lW1Qt7J`&TKykqojUZirIE8H}w9kw}Sul_U|3iS4QQ& z09;Z-Pa&bHC3lX}2<1`7fdB&sewlPakA7IeH9V_ZA|C1y8xIv%E!%6fj4EoMk|G=` ztryG&1qC?xCvcVv4l~<>?^?K&wJ|3qrXDjl67zh9Emg4t*8Dx%5YrIPxcH80NW~^I`8;uA2+89^bt-pTe*6J?+Qv(%=KBc*)c>9{-50^SvbyV{Uqf*DJ z_@c@CV^E^=uzSW6KXP5W!8}NkkVU0U8sApw%kgEjFKBRxr5d$9?lunR4APFbwx5V! z3tw}~PYe83>T(^xpH5b``Oenjn3d~PI_4-Y$1M}eNq%t%i>&%UwA*&Q-})H<{xLTn zE?`52Nol3aOUVUbRYh;udk^)savvW8lDF(!YI37Bm4cpGCnlLp$J#3)*RHL!cu_F8 zpN-_`2KYF>yCLW6qNs#wm^vuzKFx5~S%S(X(i`XJi0V>CmfzQqVbuY0+&1vZ_nBuJ zD$&e>2N!?|@77-(Z@t9JTc6pC7(!jAS+F{ajTtdY9Il3Nn^lyc-_UMSCTA|RuaE(=0L2zbj$s*O*Y6dRz;tO%0 zEz&Dtg%#=yh^tItoRZui*Z{DcEUOt;+0BVHzlh&sC>r=m2^O$y|E7LCh6X#GFpjJZ zND7;l&KkGJl0BZnphElckytpHZclwL=$umd74sHSD~Og%E@(Lb@3xl>}09})%^U&AtdAUd`MHy%og0SU^>=PMdT z-VLonL$@_nP-Les?_a0*&!h~7ZjZ=9t^Gz@83Ukl!W4wGziCjnGPe zqOFHr!kmf@$TS4*CtEdj+i8V(&Yng}iuz2bwQB7b0Z9BG<8J#|QE%ZuvOsA@Cp1Sz z-DO1)ajGbBhGENbaLCkwhGohO4CTQ;omm>{B=iuEEBvXW*FG{9N;%qZy(~EMl9TZi zHp34zst0&Ez6-48aqbKlml!Tayq9bzv^0%Ge=3fn2o0fFzf4(`=**z0uYn(sid`b#Q65qb-N4!ThV%__QWlIJnAy6(T%oK4Rcr)gXl;UD1pGjh3IP8pB4xV>tfkXY}|}WJr6fhB2TKF zgPg@|!N$7u;6KAfvUpjZJ+FljuE@x3>^seb2@LQ|0unQ9Ib9Nvwy}g|DMzLH$>+WE zUqdjZV|#MPGk6EI}4}gSL5-#OB5o*>bB6n*?OhF-^67AkXDJ8~t=l4QNmGhH7CWu6g?IRmg=%gMMk12T5nH z**1-R1&XN9szps*V;XKj`P}x>;<-US$y%l&C;!{3{$LBghQZ>gI{+;bYODdHsv)rt z*Mp9;vYRD(kH4K&AB)!qslblr2urTSH$Jtn9C*^G`hGeeG&UvjAp83(Yw&JsP(x8w zvWo8ylhl4BlD5kdvPoJACcexTYb@IS$N@KAm>GC^Y8d>BZrww8KkT;SOk#I4riRi{ zVU;Mxv^(xe{oGCBM9SH$+d3U3ZOeZNL8E5{cHfkliN@q`VSJPHDb)8puF#+s6Kode zEz&gHAwV&TbKXa;QlMciH44R%<%%J^njXZj+m#D6R)zHvbD|I?tEh4wT z-wDm33G<0d=s#qhLz4x#dw2qsATq+R@!)?$;V?eN5>w60>F7g=Bb%pJX`F|_65Lh%ZV_x#}{zK(c<$D zb(3oCotl_U4HvhLgXFg1H%K~$j$|41F^y#kX|c-Vt*~Bc&r5dG;icE z`z3Dfo%BQcrl`xz$0Hv)-P3K%MdWODP$BIUgLbWrr;@HEwB%u-WE{^NG5a&u4E1o0 zhPGqX^Sowh!%}MlI>5U4hnBCCR-XwUP;}ra-z=;_in;uuLHhZvl0IhW$K%C`p&lT< z2`Q8;kVE0Fi$5tR*O?Ij3@iDT&JR1O@%Y`Lw9=BGIy2!09poHkAGB7e>7(b6B4NL{ z7{||w%bZF{9Ga6la|%V8-uE^IsiHcI^+#`kj#lD7W_4|m%JoZTH>|zFNGHd_qeY9y zC<9fdh^5L@joSHPdZa(1=o@dW-r^77Pz9&ro2_q}ZuzG207%B2efhuTt@tNG1Eshl zn#Y?6?>@T>zyd2J3XB16oDL`ZXOVIYCiB?wj)0?i@2KvF&UTvU#DlzGdnI5=ZmO6~ zNLUsSkQy6kPx{0Ykgr97B-2`}p%D-ea9Bud7_BUR>PJ*NSH_Alr!w&=&NK5)3_Mzy z`d(dILDCDN*I&6nP)kqD-K`wRfm}cOhM;69C|GtSl5$We!;XaX#nwCDGKRP>3?{Ht z>qw;0in%%e#O));ZK=d#YFk_xX-0-#{k=kVz^k;pJ){LU^wW9NQbDs-#?r z*&Z08ZEaLg2}v*MYf64)YHiXr@k)_CrTGiVI`D6Mvqj_+#G?XKGK{IXi|!7#`v zSkb`T_y_I{Qg}Hwe?@RN(Kleem^AmVWGrpzKTWW<$PcHNN+$hAe?Zq z<~ZGbOJp?mk#syPVIm_lQ;QO`wK;Yak$jc*!e^~bUn7P*@G=egSapU*Bs2Tp5%z2I zFs8i*8?2Cga=OCtJVDfPtU9Ppr+yL`J0Kr5m2xwB;b++fJ>447*VS_=!0u6k1dn!h zkoJRlLx)LxKJ`C?YyaPz*Kw=QoTIwzx_zktO2W+0TPHwu%mH6}3HuRBJJd)rI>A)$ zDoA`#A?>hI#~|dfcpM~rv9bid^Q@WbcI^P{)0i0z7KnPqD-Tb;Dh$4n_DL&d+4Y}D z@dfI9Wclo;7I_gx_z&KN4U`|LmeMgx~1a(7#M* zd07yelX%p6Xipt&-CmxHalE=>yYdQt#p6UqPfww$R2%l-XbGLsC^(wU8@ac*eiN$3 z>AZ~gQS*J_XK+DVZ9;moiDR*uR-F`Jo@p(B$m7e~<$#n}+I}oNTM)cWx7he?t@?=)Cg*hw2q9~2{ivkB4>Z<1>NeBFj z9;s)$+fN>mZqvNT%@=U)`6!UR;J)WlJsWxwS$EZQ@*2YP)eC6Gt- z2K#7=Gmk3&Ef1v&TE^GOpNdKDr3Nrgh<#-Wi#{1YWDmXL&#E)uI%-h;1I(XrhoInB zNuTPTSize`D*PsP{n6hR_~ne^V<|ged*l;ssQcLSgc5E~u#vg#i!VY?9UE%+vlhIb zR&HwQN*mDWdh`xau=#lyRTt)Ws|~WaQ4?YavZ?w%25L;6AR0hs&=Rw=R`W{CZg5Kk zJquPK@ixg~*2~i)R2m+Pm6UdxbbB@)LDf9nQiyDQ_t5w%VEvQ7)tx z&*Z1|mrM+$`t2^Cym|L@mZD%mJ+Yuu{Z(5v1l%?s;B5?!7&GeG>><^V4&iZVW z`{PFq`rWv=C|2CE8|c1Payu$_P$02#=UZXB*@J;yKty!!(v}obY%se+<;gq4 zRMf_@hft;c@RY5CNuHcq-_Wj8?UXvTo|*e2cxY)ZS5)HexVnyF3b1BX2J%Rji+-P7 z&-8U{XQ7R0+|lx%IoT_^9r67gZ;Mav%`WaJd;fU3sPq`Pg(2OAyd@qv6ouEy-V78{ zShcIFTw}_DzZyX6>+A||tRFxkdCBe0Z2jqAJByO24UGiwks1Bx=p2YrzggN5w$ z5p+UNv8<6GBZqf)c+6w2FmG@pdZo=%vy+ka2I{2d{=bmeP1~93j5oreNga0jJ~iBO z{i}?{FY(pdbZt!`K9fvTpHIAdtBYgtAA9Qq0z={hg>($*b@CV`{XNlUqc_E7UBc?R ztK;4Pb3?6cFE=!`W#-s}o-z1dRZi$zk6|GwR?|MD`Rn=@U&rZ#@GgtBZR4cqjb2cQ zN%%gJW_IYiW7s=>H6OZA@&jO@FgD;sWEmM!QXH#xxGjgiNa&`S?tjarL!r9&490Oj zK5dM?FQLWTz2i~BB&WyHn}C~=DE^|Auo{i;H1)*K=eW(Q6jp>GS{`Z2D;|*+Ele>ksi=jPc9>eet05MW=?G6ano3Ue?Qd~c7 z!foE5;5Ls*SOjZoMR$v?sCJ30bUwA7Ee|0T+;5<$bXXG`9K@->S|X`)!6o%3@~6iv zl2Ous^_I>uQj0rSEm(>yIL<8)`sN`lNyIbK(Q3O5ApyZHzn%+oiQE}h7e zIBWCWkh^egd-PHeWNc`>xg%~#1#90NB3_BXFL&&om4l9)2?{_4DD$vLMjjOAiDmsT z^nv}B^<6rKhd9U4q4ks{d-nFOPCI>zt&5wji!sb zeAuIXh%GstgUx2*ZOwudg-rr)X8sD7iF{Hr)*Jh3$ixEj-9cXq^`?OVx_3hR^k)OqE$r->y046daHD25&x)oPb$^{2cL9{n5Z@JuoLuT1;&Zf(bzyC-PnszB>Io#~03>9()NK z=pAP6DBtaS2lDlrnI%7!*k4`|vz7^J*c`a!d)S2{#E>$q@A_+;oTmFui%$&*>YJqP zN~B}(L!Q9II(F>PYl}?vT_41W?-KjqgGUp$g8KH?iEwDWjc5Lh2#JW+g!7?1EJp!j zj_f>@5#LWxhRp}nl*>&Uz<{)%TiUHWltM~=1qIc&_9*6ngRSm{ZkJd59Og16AXbny z>v!WZDr4R99p7X`pVTjf^QP@8bI-+;z3F<&oy2) z_g^+CK5L=;TextyiBKW4^kR2ZCXj?Bhxt@_`ovV@TC6zf z@BWNwEzI-h(OJ>hL(?|`8kIc+6SZ<$5e(UEve!#U(U!<7l_iUL9@HAqW&zXIq z zt7bH2a(IvyO`iyBL~-5kh;Nw_6KIIi=|EVH>iNBhn^jld;`qyfn<(Y7YBv$kp@!by zGydU$3Po%X*C{~8`cvx$W7UKTbLoB_NB^UmvLht%BovC-LLV?JIU8VtW_gu+HXf*3wRMliVkp!%NF>YeN&L@dD(yTS9+;eYhvZ z$%*XRWF7C4j|tSPKR`NQG5YDS_wYv@0-Fwl~$}d>2>U=g?#MHbj>+jSE=u9)Wr^f04n7^IU$CFCps# zIV3GPjxh>45{k-n(cL0i1xMy$-Xm zqve3~n2x#r=7m&F^W^FE1!$e2`EfVJ?#y<=kE=S+Kozd0pFQ)U>#}1#( z1raq9Oq|VL9IK?)=}h@dv(a(fVTc6mV2XI)2k_<667g;w5k}>Xwd z`1qVUrv~LIVp|WPMSO=@d4t=eNZhG$X82BBQ|1(Ld0~x1ENEt3e0L`-5Rq^0ZwLe2 z+*zJt;FdHS=zxsGD92lJIUxZNFb5nZSIRlQP#SHwBIlo8)ETqAQ4DPSsp)t217U<* z?r$rGc3F=j)yDv^#zEQ@L1`-{AUeffQ5!<% z!6%6k?mWNo#n-CcR?b7>gS)4N1jQ-T-v9WBv1^KF_)Z@WCburM#$)AC!dJc}HqKW` z2Twxs8pbosivezZDBXO&soeOeuG7+nG5-42(X4lY_m`L6=`q{*1q0Ac$rEX z`P#zWog$&EZysp>!mrbw$(=~Gp#qex+m_sy&x9-`HT8JLs-x_s=+8!?#@+z`pK)H~ z+@DA-$T0z#Hkn@{VXJD%8wyh}cX)={PfttYXnHHnP7g1Ru{LCzlR&+W6i2wzzBlCh zbq5nx6XXc5?}`fn0zBT08+6sDZgo%KSDT5(_4Z1rh|Om(Xdp@}8E*W(?9e2%gnqV9 zt*Jh|)I}s-0^zxqa`ZILN}2i-bUDw$%+z>Q`E`UG-|;PTq|c`ZZOGO4i;1u%b7Dfg zfP=DO&V)yx=UYW#ik-^qG{Opw6MUGmiLxlC>q~40umX==(C{Xj6h4hyWVK8z(7nFJa;Z%WC{;=? zdr^F&A||wai`l>!GxUcfKLOmmy-q_e1M>QETi1*yWO9T-+Qv1oK8hf?C4CzxGc62H z*rn?VHx>j*`%KVriiJI4Y}gwThs}b*c^ejAsYiL$nxJ>$OF-1!-JQLkqM5|%o$iLR zYS5++H||Foix;~mrp6VXjE^4}4cE_oI^Vj~D4>=qz}F^~o~I!hg1Ib1;ha%#5+!*U zd;ZHbA05M$%Y@+=jU^c$(HNf_)vLqBNudW##t!cktI@=%2)+*Ocen|E%vWH)s6$zN zD)mj|emtn)M3eIU&HvOcf|=F9w_v7z5A&)#!ibj^;HAaZkSECeIgwjPHjFN!_V{bL zSh$iSJaQ?`i-ry=J@>fQY{iwU13W4XtwK6G2atp&~Y z4}q^g_-o4Zt~LTn;iHG4uHWYljuweUhe2d&m?_d*Hi7LaVX|=}v@2_!#n)I8by(4d04WhVU@!M*OvR~?{jRn(P>$N%?VuZlj5V0Q*DJvS z5puz~fSs|mF>|v_TeEb8%){~ZQ?)TK)L3`h?owz6Z!E4UK^BOG!r)-gr>U@C%$vl*@pq3y4#(MGcV zleYdxcAma<`{*Qw$PsNr0GQh+wx7Gd0SEAr$RQ`>i|g(PDI z7$*cLPpv^u<8HeJCmrf_1VwDZN~5?FljFD=P%m6+T(SLG`7o*utSIltx(~kL7szmG z1VBWCCoG)qrErBa8Ks}lmCEof-m;>}O3;~%M6d)OX)l`J0(lbLRPJIY~tm&xBe@qa}^EBsR@IY8APFw+$q^FqcDQa<~M!{BLmI{>01=(_kEz?^V! zvqUw!4nAIn5n6!K(p{!K@ zaT6pYi`JcKQlEkAufBYWP5&Dyvl=zJ-I^oSmH0#MoQil-(bG4xXlDtfuOk&Q3EuDnVqE>arWj-YPE5>zkL2ieqN3p;2f3vfoz3iq>O*5*31VF zk&-2eL?{C^hv*UgWf`B^e;Hv2Oe{3Q_-or@Ai%c;gb43}jjzjlT^hcs3cg0Iq~us; z$6s<#5|UkQNhxQO(c2V%MSXWyf>jT;AU4RslatuHQ_{UunAkOstNi{yN+T%aOTX08d&bhg3tSGKq(SPGXXik8YTrCaT;Tqd1xUqRx5GX}lan z^q*n*DQjI+SR~j1e3fRO1g}7jHN4eox5$1$002N;CUExl>Rh%vTC()m%ekuhD}s>3 z`Mk^C?zzZz&&3i(C|OS=={tQ;3$t>z8(z+QqFxg2<9C{Qu=h5_JHs37_PM4;^m%h$xayPm-P#uenvh+mMxhdUR9yf#Zpjkf%4_ z?_BXI%)b89!}iZGQk*Ph4Fy~el*Q^EN$mnVhGQ|?v*%_{)wY7SzRw4{cAQ~%@W-tS zV(wis33)%#KfSbUdbHbIx6%6^iD6e3bKcBYKj_DaRVI6^-zYYyPzMPL((UB}8D_X5 zLqD05iqw+?) zeB6SNK$+-AiN+|oprk}NpC}vj4ZiWxVbabCRt((!gZwy!JS^~_*lF=gxhNg2&RO1rOgy(#9RN)3q{1!JQ(07Ug?V=5?o`7T@unz!`6Pul};U zyvoovozZ%zuuVRHA3#Iynb3nBSgyV97604l;sZMS zEX1n@OD{-WNfzg_6Qv6!<@K!lNZ)?@W+qa{iZht3U85K_>Zp%ewMXBr^OiZ^+Mn+hxkYnssIII%V(^; zt@zVRcBh}N2;PX^R-yAfJbqvpqKeK8@Y$#mMt11yK@;O6>;N`J)`q$YC78Q)-E@V} zO+~><4tQpj`qSuOH6pyL<<`hoTWzd0i{Jm&7AVC?@HbZCl`Z9|a2R|2o$i zoQ^EyH=SNW<6UN0i)pB!s;Cb)dfgU`2OfWA#s*2NKC%@MUV;D{`rq=)1TFN&{k` zh_@2pK&Sipz=hAh`~+8ED=ttk{**Hvl+#0z@Q|~oFC0mnr~k$fQMj!DrtLryRM#%zOr&*(U21P?{^$y z|Cao}A>hqF)d&pzgFhhU0CZdN|BCkhf8l=j0RQ`T_kUh<*`IX+NEv(`lgz9614b>) zAgFEEKPKJhkq`8L_yM2?x4qG;1xQJXV?>zMKzffbw7|{DlWHo`uQBy?Z5x@2M%w7@!0V^Zu1qQnRgq)+HZd`4>REv_4llC zdO3#e{^xJX1b#OelGfisT!7SoD_G9i_xe_EMVYv9<4DPSWTR{kW;RzHLA+ZFUm?h(<@>L_0r+4V4(cF{g)6{0{e&BW^agL!)*IxG8A* z>F=u-Ny-!8>s%I(69o=6Zc)l%@*PCb(WM>fagf>$c+zJ0VxtbeT-^j}y2Ro0&pa7vlxep-CEHi0rv z_`r~TlZusQLhyfsP&g;8#1tKDBIYn&~~+k6*0SHzU+UT-qQShmh`KcQm9kKTbbS@K^wf z;|sP8>z)m?@a1m7{W;jICRSAt$Z~i{&@dv~Y2WBP94AL>mc23}PnzL46Ux zJscQQpisZGV6NFhQ3vllKBxeRVf^$Pw#TJ!PiDLvBkZ44>I+X2Z0Bet^{gl7k(fS& zQx`S_AVWhSYbu{@x|v3%Gebt=OY&{%GoYzrcD=!8=(BD=_(|kdstDH+9KxwVr`E>@ z8niM;6@_(DbXEElt_t+~vu(cG=PkJ?HN4}Ytc*{)Hxi!X(@ez?K`*l2 zsl2Q5S;38_MYAiT?G7|iUmDrAuL}@}X@Yrdk@s@r7t#<;m}4`Ah2&X| zO^?5s4TU5f@pR-~3lXmvrTf(T0wv`g`?fF!Wmt7y5JD?KU2nO3pOX6T*>Y$Lg}BEd z847)J24*wOD+nd4a+vVV4N72C_Fa$DuOjx!O1csocw}2WL<3 z+@dy+Y5HmiI$V%fRtC$F3#$-3YhN*GT$u+Wbz`eCwYBv*f$ngh^@K6|{yxh!*>;`% z?>Kmvr924<0U4MSO-P^RJPwny!4k8q6e(!3e*TT%CB^`r<=&U?!lwL&=}zN0;`IIo zu-%a)5426c^<&bD-)Efdmfl5m+=?41s;#hr1JjOp+;8lp9T@nsQB_5!P6+Y=g67}; zY9+bX8}RPKheuM!j9^p=`p}c|4i$I@H)V%gmt5`@`hpkwX;NbqX1W!`%L~u?)o^CH zoKB5uqKZ*VpStoWbO43DZ@stE(cZqBq4WIsppS{Lc)H*I;%XeTsqmpIFHM#$h z*?ucXYGCunmu0s=jf9Q8xdV{x&~A|3bZ{e2YbQ|uZ`QY^!KRL)23M(Uzf<31S57*~ z59c}lEg%A7ON5TpwD(bEtB6YAP_F~X%Iftsx5%2*DG^p94XJG^)XvZQGyp3BkD;d6 z!97vsBd&uF;hD@!i(7bD&f86AkEP+pcC>}X9e{hiU^GA+CGRE)?1|mJyO<;}##Y%U ziJHi=wQYO=oWtVXtcd^|ewW`GOS6#u?6%KNUYYMgRf0#~oIbGA-GDN<)fy?(2s9;L zNt|X>*506>5Lk1f0A0OI-z%);)a^gH$avI@vjKleMxwbER<_)1&%nG0TNDpSsz=mS zH@(P=N!j5qo4#azV&V6W49(g=)JJ0E(pq3p^zV(}_c4bSEu0Z4o%?4z=1dqbNy={iQ*<;vR8**oTZ6G`+MJ zs~YWw5U>l>Uk%|u!yIj^ATHAA-v#=}7m=m3`@0E$w!KK3{)Q`FQ!qR{o|*E_9c9*i zS!8oF%aQ$5AY^pAN@}W986j%kPrbYVO<)L|d5$OU$MfjVevD4y56UbLIvrdI z5a;D7>Bb=SQP69fe{neiiw;+OMZ<{DXJhc>jeyVAhk#cR$k;e^`0Gv{kl=O& z+P-Xs>~CO=jrD@y8v4jVH{LF7s974bJ@^QPUf=T@C=4*}3UmoAijD>iLH@GQ+R0N} zIXTXvRv5Ama0@oHsTf(AOAX0c@jY?y<2v7EBmY|X{%<#g0qXIUqiD6g7uJ;NLo{+! zML~Vi`sCKj@In*B#irgpmJ0S?<(UX_ zL(qoPb-yDk0=2R>unY;z^-$OYvw>Rjnto}*C`iu+x#J{p(&047=1U=YcdVnGS-H8n zxqNKR%qcqyWfw$;8Kr#>sJ<4n5d9l@Aqk00gDB*DWWZYHu(>32I(y?(ZO4@}GJ#}4 zE}xHl8;fO@3Q^yfcvXi^y~bH%+J2M+>#U}%Y_$HA_2a~WOvtM=zimEK@x#Xxhto~% zqQ0u)kApN@_N5EJ3z39vnjLj-^3NV3w4+-Ad0WTD(KlP_H!t5&o|CO_h15FORr!v$ z#6zZ(V1S?Yn5^Yq1{_-c0Y*|+r9V1b5pKHo^z7>2zaBdShJMqKBy4(h3($$F_#BVr zkp{lCK)xccWp`iP>mG4`Z36MEw21j<#AMufm^U;vQ7h*M_~%nt`-Om}uUv#ZapLJr zD+dpci#RVPLxv$Bi9`9?)vH6IYSbzm6p`x7V~W~7pSKh_rFUvhnG~bgf#?Lr41@_} zU%xJ&9)N~;7$*;c4%s+CdsCB%oX2yhsmegC&ELNsRr)FBy>qR$A2TxUqtc1-ZclmZ zk3xAG_E;&;P`2ZjE$&RX?2z$vR6%wy_lHsq4MEj-XOZ1mu+zhZMLyJ2jN6ZbYuB$! zu21n|=9D-n7OUpY%$!;og?TluOB*bE63zX~{E;CAFP6^NQz1G<%fkuF4HF@s$=v%bH{`yS@)VgiW&Z$`%%ZtIK@%a`h{rO{|uQZGdMY z)I3#Kj3!+N_7u)4nU{{lHwJ$~Wn8iqzyD1QFJcJl2cje_QdE&Sjuc`p<&t6^X%4w` z>C)034H7#*^wWd6_cTS_JEs2YdH)x=5nqRv>!Vc*ivL{&fb*4&&-aJVv8U_Rb%uCN zlmI9`-T7d6s&V>QR&7bLef^ka~RV(8>{5uTTf#rHPguj&U zu%`8TXMg>Ed(;<|im86!1ur)NQmV=H<2;pKPtz!KNL2Id_X-aCQPRt)@+uPRVBp;s zSu{)2GmaQK^WXiWv**?6zfvZ@etm*SWv~K|Y_?PQCyvC>h$D%yGJIFXY zjKbqkLZrr@W?rV^{CU;1AeCw2EI#D?g^BK!{>+9+zhkm4|9R!qu`HiBNTt&)WbV$? z&_~$|lJp^@>u6Ia%*iXX*ZL37#4)EDJ#+u<%%_1RLNExFD1%;rRDHk^t;FJUpVgbrJ!KW%jU~B`p2U$`NI{{`|^*iv6l* zUEt}OFo>BPY?VX(`i)N&)Ws#-u~sN9HohIo8#6+ip+H8%At11uLyXLBjYO0dXzpp( zJ$Vu`$eia=Jk)b4so}%6ZG{4mc}W71T5pr5&4TDL=oIARFkPGdHPrb{UckGTmp_h+ z8v$u+b07p^A;0B()0I!X@|`;zg%I|RMH(xYNl6P`R6E(X#Hr;4i?B!0H)q~`xFTKH zx?z>h`+LuVms5n!wWj$p|6UygrfJZ5k&C~77AP?BQBoy{hyXMCAmP6iZhxzII2&b! z{huz;{hu$D{HuN#9K$RrXm@BH&9I!Rw$8e!CMc{j8=gYgq$XefW-%inkX{lC!-bVofF|Pt2d~vt-W^Til(=B4G-qT z71#){Oho%fO+azw)*ZUq+7Id`N>q4ipJrxeLUE#=tDmIK4lFNSz6`f$3Z>?I@wy{W zssH5#(#pV7-=8$!etWB0{{HnzLJ+tRWVFC-q5EA_l>YPQ)9lGM(!e+8=H`@P!0cmH z{giQ;jJn2DN?2H*Q?Kabh@&39B|^~Z`(IIG-5nj+x{XEzAT1>o6#|Sa0ZK=3&%?Qn z1Yp9bz_xdG1YLh934(`;MyEcerIpZ$d)~EY@e7LtoY#eQS2W1puPibtMTJHTYI_)B`$O`g)yLH(xzfVsarBYX@}MW9ALj zkOAvvYze2iG$robiBnT3*=S<`;B1}%`p*KF)V5fPR=d{X41wa>*QO>)28Inj-fdl* z;`&s8o`s!}Q5G^s-P1_Yhx(=Fmk%v_wFt28S%2S_r1NzG?1fw3xzXNRt|^7 z#0+N1Uyqv0qmVw)1jGSstoQZRTR@f2#4=6Whi0%!l!O4P-cmeU8)wz4Ep9f4NK>k^ z#{BFcC1q|kWX#vYysf7P7fB~x2^kYw8?VLYs+Cx_MlKH(C(q8#eh4V3Ia5(l8Eo+L z@&M*!3m8*bshh13q3!N25WaoeZTj;$$Yj0YR1mSjb8R#i80;#$z9+zV=qB)(4ixIJ zWvl8W9NEd!RJK{c%SSEUl(ny;$t2y?r52a!nEh=K+I*@Y$IkG~*qN zn+agYd1JeEYEuUodfqB&$j!-F{QUAli!D%rM6Z^2jPs-?CnEsky@vtZ z^oWR49Av7|6lkes7c~`#2s}OVx$!|H@TBH{@b=bWQT5v&=pZU0Ac7z%sDwxgNS6U9 z9n!5xcXt?w(kdw_-Q68ZclQv|-3@omd-|N;y?@?$cpe5AX2*BMC)VDRw{{)!u6(yw zA|q>xMWa+UA|ir$!D%@6b>o(OiKfg_!$d>D=w>pj*fBD4^#ca3(%;IxH0gqij+q~Y zz-V(H91P^gBImWcR8-F`YR-x!+?D0bH|ML}kZuPgIO~MHy}iLdeyGisLwT6H9Q&z~ zr{=b=2(I8^ob$o@n*I57gZJK_?=a6Wl$MqzE+wT{VZXN9{Tx@($xxBUUn$tinEsYy zWOhP)d}-Iv2Z%@}t;%5UHW@c&43VXYXb*RyP8=rlAtjR1_0f3Jf#4d#>Yo)PSz(RaWG#e`>8Tw)KBg-}G zU~O!O2ASi!wlOE<8yDU|ou_NPTbwd!X&q>(Ir;uV+Z(9=HG6aG zfwZkU=k|-SKt8Bneg0gNi>!-p_Lc{nw|)~%%;R;MS-(n_>=7Z-RG2#s^zqpywp?{x zlaSw-tit3L^!oGXkKufKgt?1X=1cfoCl-e?q5dSnP3}FrO z^784c6+41(sOkjPQNm?e_6g-ai{qDQWBK;%aT4%vZ}I zmfspFw=)U(^ufpb3*qv%02&$^$Np7)f*&LkkBu!d87g7w z`_sNtJ59_s2wfa?(I4PixLjsrV3_?AgNlFn4`}v3*x1<8+d-@BWhxn$pZn?g`_0z@ zW4j~Mh0f^mtwyqmeR_2sf9F^BJDi%z%AxNz_E$$<&1qz-7BuP#{N%LrDjB!- zbw8RT%4yA9A2#I_*z14gygy=~sG_nsRJb8=R9w8rD@M=A*xw$(Zldu3S{TKA*Ujob zChNVkZ7emJ@84gFt)>zZ(nb}mF`ZesBPQ37^PC9_JNv7Zp`0AMYPm@ME2%gh!Dgpl zJ;v7Tvoy+j!zuV3Evt&)V-tS-NPiIPDsNv=)mjNiqXLK1K1C{$vnX3xp}M+i!l1tf zn$Oat%f?79xiz4yO>&{0r6jOFtP79~xIp)pTMr6d4$RL^ zkQalS(+z|-Z^l7AHJYq+YUG9Tt5%@zKk2-}B-WcK_WiMbJ8_s!3Mga=+pnOl^!F>M zGTxp=OByg9=uMJ9;kJZc<)MuRPibR@SicY7C^zffhi&lTK!RBL!n&ClY!S4jJcS)xjkDJd0+z z0=&ng^`WDqqaT89(rXDLQ9HaF~SlNF)grnhZ(5N|ClZ z(W#AnhjAFoQhivj$15nPrCw~>^OfpFCFv(O$UGDv1!w@UqX^cjYHv_obcEx;W21vB z)J6yE6U=%?HK%hd;*yfVfV*jEIxz``~gw3Um#dk zM+!nhLgv0TZd7at0#(rjLO{>N#L>H2>9q407zfa-YS_Ew$*PL@_;}aJMmU!P5Xtm) zUunO8VY^;A|F?Dlt(R2q1Qxsk+hrrCIM&BS1sVnls>HeBb}*3w@d;8r3aB3+EyRXE$^vz&xJ*8~J8#MT*kq7##FTTkKm zX+F|I$<#Cxra*!LFYWHyRvpbpk_x$3j-5Q$Tuyj^wdR*1MSQw|Y zX!LfZMYUXke#dxchO74GTVMdpPY(bJ;qq^KmfJ4fFBoA2KIG?zEfp&`QF>eGc#+C( zsTVH(Jjf}I>d(`C5fU0o&&Q_@9gOQzoEc{%r}=m)t8OD5BV)S-s;_wX`S2^zk=X@b>kW8(!Y zD=UQ6?x7pu^J8)Op=?c%GUD6YCE+ZuA#0GS!~J_M%jv*@ngS`gk{?L@cv~p|2R%?~ zrAzbR0RXn6Lhh~*${Tub-=e6FAXmOAa76hd%Q9#;qj|dCrks&VS!zj8i3Zbq1eusR z%xbNG*9H7;63OLGNr8JU!)m`|!Qt|?h|%0yFYL5=xk zCOA^zU{Pc`(pxISqFt>~GU=Q_omN=bpX42pr`uGHBOa8vxM=9*?cMg4?IAzE2Gxsz zey4@#6mJUWm-0?QNNB|q^Jl<)Xj9j)=Uv^&I89SqzCXx-GT?lEv_KPbFax;Tg0TSL zG1Xm>Z|mhN%mDGn^&%lUhO}I=0K4n+OSX1)Dmgos_G$qx;$;nAHFcDrf zQEtbcTyr!}1_dLt(M*B)*8cKF1<)g`N+N~u;SwmvhX&cz&+_FG49`!m33x6CfvB&`i@%?Vs z6#qz=YgW9uDqikf8vm5El2WKrj+U8Z36vecBc=E6-}mdfgpMwdtZJd?UN@p&u!Mp| z`@azu0bx7tm#R0FM;a-Q4ghTUT>y%Qo06247oRCqdyBkykpZ31dFma8A1D2S=WK7U zJSw@EhqiZ@`UZge%(54ZWWu^Gg{qt1dm8<^*aErUyH!gQrtue>y++R&*^wVG@)B&D zy9hDirwRa@9vcS15i6LHbPpXbwmjpTU8;kU3Gl(ZjS8U4e!91=$KXTdOqHKd8_U<8 z{6Temt22OXz*c^R2l)FB*mMb`e8M3s|C0yZc_34@0M${+oc6}cZ0ukSU0l;jtld)J zZ$6(tcSEax(?2a5NRb6|3pGUoR?%myQ9HvvE@!B2XV`sL;QVk_lxJbB1gZ4qO}w(1 z>v?t<1-E7GHSv%{D3eArzrOq#OBBjkvDYt9?dj=Zj^zp5ymjYJR%$9;;8B^-XyJ0J zlW=BuI59+3r{g>Y2oAZqkHCak>Xl%jd5vaScL)YS+~6rIxvf+~DIcx~C$MnTi^KPm zU$>8KY;nmn{ElJ10Sm0>*f~;QK-Lg3z!}Y5L&9g&ON~SP=!v{j!Wn=a?Toc7^^(rD zExQ}iIa1}R{J$cFG@$U0RygEz`9FmcIRwnkZo+QpYY*bE!KwAZ2QXJ={kcf{DBX6y zLh+{-J3d~?@t?fLbX%ebXK%gr7GMq8=-!0c14c$khjA-!2^o#HP^O)5QRDCXXL8kh#aauemYKP^ zL66;U4_=tKbOJqV^UZ|nyuIuk-0E`a^q}U#3{|_NqIrw7-a9g6FM&Kk#RAw!QB?F( z*O)EW@g>5JG8$PvZtmeyhocM>unT19D(wRq zPT+L2p|P+-f9KdKR%j&&v^W%)W}T>XvXP2lOX{Rb4vOi_++C2E=;YBH?4O?rgeq?> zy+cDoQ&@(+DR?o3nn$-UC_@=f5Pg3=GmTFTF_T4X%%@YXOHG4W#W z;b}X2mm>$`NLssbk@0Auk!W{bhkoD5MveB$)hNJQB=2fLE>Z@_rAc~oC{y*-ET=aP zSu#{mae9l~)2$}T48~VIV*$V4^gyv#!)II*gITio@85$<=Va_Dpt^!y+tLmE44UHa z@bfN@^8_dkOe(pxhrs2TcZ?Rf78?5@X9JJ8JDEG5(<;x86APM;bC(G4C_ajiWM;`% z+$CON0c^2r?)r@z+A<<#r%Om1nu2K1OMU(1{SD;C&b}1wcexuOtsj!3Trjew1eRxf zSvZp&)<)-8Ei%kT50YG0B&s@{gd++IAG;k+dtX+J5piu9`u6SHF0gabK0>Mm$ArYh zUrEvekVrYpj&`hitps~ZeNEvpJT}Q)ENT@iXN0Lt9wBDSKRgWd^hkzubF`|)L)XrF z_Ggy_FMxNJM=zZAI!S`-|HRNj(P1Ogq#N%v2Sh}m{MKbJ9GArglqdUN$k2kAq^Yd! zR@B4%Ei^QFd|V^!sFUR_H8r(iYw*K8rG1|-UwUx3#&sk;&h~~BL#=L@RsdlVxGH>` zkdWk}sj;!#4{pvD$!VtHOk`gzS~Wf1BQ~eAa%}1{!+SDYXgtuGw0hQnE99uCwE3c{ z|4m-AdC3YOUpD75e|T#s$!GRL_XMJOmU0AF?Dr;;=OoThXml`B^%#nW7#+g6QwZf7 z)RLiy`(MmfCX!PM)tO??cOTd-_qXJ{Bkc6ohL5R`gO{LO-XsYkkOvwT@BJQn{pw7U zq~gyviCqXTFeZgd&-TYS>{nI%NjX{%FDiDuZz4o5MWj$1U$U$ zfO&(agSm~R zP$7S?8wAKvm<^au=L~hYartTF3aTTyz8!Zy=l7((X%58ZU^E$`2!ALUmQ3>FC za0vXD0Iru;y*Nx*OWBrSx3AF5P|o4Z7E9xg%X)8<(*ivv`xQ&!&O(>6mR8Id(jHo% zT41WzF-pn|3zJ{&T~`Y`rjxa@kP#Q}1>N>-!AS7euRlSVAlt#E;5Ynp4;|x%!gpG! z<*ZdgV&YWLMu3MYjf{+-LJGrH zwJ8hui$nLI3ift0mGkjZihma<)X5-ywE)j79y5OhpnQegQR679^XZ4HB>s|AqJG_Q z3aCR4f_g!7dKHgR2IpbLhatN=Uc}e0O9_w+M0YCC;qvA54CxBQ;J0u15XeijfkK?5 z+FGt#B5)qsGPtUCwzoApbww=Lfg=EAQve_c_UkSnlVvayc1xoH{0cS57Q8zPH@#4j5SK;Fm=i$WgrAdvQQi;M$4YVlaZ-yxRe3C^U1S_W zD;=eh;;FKLAyK_=J{u*S(H0ARA0*CW`5Y`9oB`zdKG%f(m>KiYW_hI!#l5#-snd4d@;csIG58~%dCkCtCPW&o&n!i$sj!8lA!(YGCquF-qu`aB{6+4;QQC+Kof{UuA0KWDhD2xF# zGY{=f)qOad-2eFM`%YWseekh777MigiRAu%!LuD2;Dv{GC!J6Cs=W9=%w45;IAzhF?F7gFxZ{? zfJ@K9k|T|jJIaz?XjO!4^qUMSHXWH^8y}=>dCRs0B)cEffQ)t^o003FAE0aiJw3gY zfg@l7%+ISpuUYvnBe-R(xuBJP>(;G-LZer+Dv*lpD(jH1S)9!&aFPKPG~Rpx|6%yq zmYW=8+33V=Z%YWWoncuuGVFI)h)LuHtxSx@+zx;@NTq>NcYFI{R0)0fD%lWD5i_m> z%@XWDw*8@DR2h&@l!;-~@{NWWEey00P*fe3raM(FEpuh+<{xDEi3UYn5D*bn1WN!6 z(&xX6vh`S3&84NKv%Gh+qBtQ9mn&-~lUcR<+|Albs{2>e3JrgP{ASo3bWgEZ$YPRT z6L9$MC8yiz%-S~G{=$y9xH$Ty11Q*vK+$@3Xf7vV+#r_)D6c8V2N)T4s1fttS#*E-M2m6XwvviUIOv%? z6P67)it|}2dC#~e9TTb#XRz>ZAc%zFrr4fppp+$Px$P<5;kJANTA=lkhzZ0rFziqY z*UhJ~==4#@<-!qDwMxf4z@9LwqM)Ggmfx0+j!xFu*||s{G0ODImoI9?rV(uH>_v`S zZ^F2e!1GIogETqZoQAM7pC~VqV37e~Nv_8IEFGscYh1!kP3;HRV~K!R!37VyZVhmA z>{HBj!m5V{8%QMau@gub%OeFT0hB`KyTyHgfuNRDgTeD5dPC5phkxLWv*!uvV zQlXhsER30Qo&lO~#4?UiaHpH<@=k@e-G@q`U=~T*ThDEed!Q(2P~2w*0ECH&372lX zf{>L6`fCOtTeISL_YvKrM<{G0dgs^BU9^RJ6>d&Xvy)LG`e2xIG-$S);XiXxAL3k9`^0pT$9Y~W&@OqSG1%Y}DoAI|_hT_#~%BlQN;;3R3 zk}DZHcB^qwD->m@89%tK;^A_LBH*pF?%mm%eDD@d*r^Vkx*o?%4`v;lGm3}2;Y7WX z5l}RXbag8fm=2ta3dO?0G70HimS+J{ox^zB_x*5ZWp{pX$wYZi3d%EpcJRQRha zl_Lu`a{fZgpokf*4(EwWOApq2Vfnjw0-uG7uq_o!r{mx*s5&t~&&+Uzl8negW#_&x$B`EDmIZwdGC#Zc_quT~&P!X<~}) zjdd6=*v2_IkA%4gwslPuRfh7kT(s5%?4r?+1gg6d2oJ39RiKmrPEe#lq=Hf=E+)ph zJ}_{lb087qM2fa+paC(nP)r9B-MTev?M4pi1S(p2{|g%%8y=EJ+=1Pt5S2KjkDHUK zXZULb+q9rpUdP29@?!&JcioJFsF0B*tz@3&0gmU^!T|1iGb}9Llr!gOUc? z8cOFz=^>8u9J-CzRp6_qOce0-Tl^!sx4l3FfF0^DvCxJ&EAgDlZ68(^U>nfyh|FRT z)M9>faC@+2)FGqPYK>2K_UxK_AeslMLDGjaxb1`l!_d#IXvDNJ$Y5Q;-Eme*2Y{3& zhuP@ku&z@c@|6~R3X1GV^YWH(ts3{LYCwGS&mZwA2bkzW26G5L0iej?Tu?k>3Zn23 zkZirj*ZPa!!BEbhM4Z?g2m{xKXGsWdi=82;_ePsjbr2?C`{$S2uPqNWO!&Bx8!!W+ zo0`($fEY(<##={FqWw;4Qg%z=UyR#~Zg@8kj~2%>u5@9DpA(1T4YakjWw8CRv!ibf zs6JdR=+fxbv$ZXhF{(eJX@!X=I%?{~P9r38PF;K14hFBvK^PsV@$lGQU=J7CE&^eD z1=K%|WawuZD1%EeTcyleFT_;<=7#RwyLTNMd-p^l5v3O)n4sXnnkvHNQKcG^vLWe1 zzMWf`nQ?1P^ac-vmEB3aU(J|1YG8(dAQ5)A4EwvFZlfRlQP9pgw4y~Y%=V8QZIHYL zIf2LNf%^LT&Zm>3m$hfwy8&O>Ep|WsX1h7{6nqs2(K9NTL4bLgA)N#Edp-hIKR!P5(nckBsh-Wj9oXiqHAlPglYMp z1ZI04?}q7o3jm2)T%Nyv{VK(FQ`O9Qo09+Qm+;@D9U+hEp2*JyFm@4E>xV*wJ@F#U z3s%$hUMOf`r2)Q^|Fm7k>^Rvk_AY*1e%Y0=5|-z|=(R?vphA8?ltfWtN5e$GkH<#e zSkGVvtbCV^h@3nV{2k&xfM3kd9hF1DBiq(_4WysK#bjI0QR$OymWR;k=7%0EIS`BV zyJ9qxCUY&PpM~M^2p;|Uu2yqc0<}Kuo=cNInes}lD5M=6Y-yzek8wX;pxu|z#IsjP zS_YuG!08M#ic&od$BO;3O@qxh%a5>%Chl#c6QUfUX(sFzw! z8y&qDa;*@g=cV49Ki)KO>p$|!g8{?k!>w8KFg}<7lGsd2`O0KDpL(q|oo<#Nn6YR@ z8A}5DV9{zwP>@b=84687`is%StS%rMj%*}IgE>1YFjn=KjEu6E0s{|9%@*!XV=ay|GKEUAA~TI&L|$J4Gv>uEs%QtKONk%ekr(T*ueV0tOm5J zpIgd38R0vdYOsDnIcYarWL3u(s zb07l5rtb>sl#K1cGtzfx@7}#jF{84X(~9BeaomjCLV#$KDibS+va#Bn{62q{g)ZCn zoWa7G+6Z{W*fba5o0G=7p`wP(Q94ec!9Zn__{e=GCMncJ z1FKn)nxY%+yG*yGnfJrcX@G&wqlv#+>E(7J)@qgXX?7 zFU6=`O}ibgAK)sPIA+T$Vd~8 z4sbh!YkIWy^^Gf+mrIkCGVU0^y7UCJ6p`34M%DMw!_@V{0fy||4#&sCdp&SoxYwPP zHG56YY+#^BN-6*e81k7WE+%H)(Oq%3{WHW|9Z~4h3+N(*YaTH%F`xbX2n1hMuB`=JcnEosCsZ7VJOCyXFy|Asv_FY<>uLaVc5J8+6pq(e=clJ%+c>&uyOfoezkwkcr3NZ0sypQt2}&8PRx`pq ztosRpg89yeatS?C@C;vXB=)fpe!p?i^Oc8TZ6Zy_fCFbCl`j-Y*RX1SP(aRvl=_*R$n6LsVjP~>n zKK>;Z7M2SCGY}fDt2#=@3i?-8R*I7yT=%*JJF5Z{Cy&~jnqKrzZ_xRRejs7jzY9F3 zUzUZLS@i8&Y8apKBE7=e^y`<-*357COr*$$oY#fHVPW22)#}1{#o|c816)C2Vf##t zGJJ?O5uk97GGV&+rL=UTL9E*+@J0)QDDKYRErJ4c31PoJ{smMytRW9AEiK2n5arF5 z2eH@sDo@rcu3=*f12w$+^`#}uGfu1ZnL@XSZNx+N22`0Y^^F|j)1^G+!z=)HLlu9OfT1-SQ-0K zyaFR_ANQr7JVAh*H?_VV08K86*G@dVv7rGST3}`>Zg@F=_TJhU5ugmh0Wx)d0f8+b zmA;oQz(Yl?sV=}~O9zJ+_V%1GO>4StVfXZ>tPUKc<66;BI>$stPPK6nY8-RfUBwgThKxNizl5@fS=4c}e~Rp|>8+ zu9tfWyFsT8D7BD{!hivSzJLD!@pOmO|0)Fq1>hf=gBpyFJXmKiZu0Rp5Eu%6e*T*z zB$!`>-~ajZHj2mQD&mpDx`t#7f7xK$-sWa4jGTOQZ-II8=L!qvNDI2#Y-l-gJD%5VZcq>Y5rZfRc4Vl!$*#NU5LJ4s%vkFd{eoIuPtyVG)sg zY;5?T{yl}u1@_k`Oa?@=JD>k};&k@{Qq+s9EmNzC6yVtnjJUxo>jry6pB!PTae8j< z3PdRs8&&^XBqR@=GoC9hCulCu%)I~YOEjAlriDK`0Fvy&*}cIUXQQ!!7qLo;bFzvx z`jE)gC+mE!fV^bsLx@3(2kGV=ctaU*dzm}D!7Z_$U)Fl+f?{g@d2YomAt3?p&K)z3 z0Qt0Ez;ZI|Zr#asPqzU;8^YNS3A715Hx^C-05B?mpQ1Q-aB*=_)tIH`H2;w#6d-W; zN_f_5F3vW@`FxlP9xIzxiUn^j=*_Rs;w#Sp zrB1J`_`+)83(G8H# z8z8~c2hvcf310a$Xr261H+$S{aC6CZR7V+iTPjUX|5QO4Sh9PEUJ}wLv*NfJO{c*yotl6u-5`X z^(=UU*Au(O__xOOdt`(J^trr~R-+{OFQD z`X$xYjT-;UqS!ff#CYgPt#iY-h>1S~Lx+26$K)NkL8a7kKhi_xv7n$}{08X#0pRP>Lkg!_1Z$O-?H?Js=}Nc}l?>mgwx2Ft!S*&J7lIIf=EHocg<=cFoJ2ksAn=xbfz|D@*HU3kb z^~tDn_{;lWb?V+%rGr5&tbP&c-x50XO6s_0d+;H4<6`jq0in-HA@- zJt0(uFfMgH%HJIMTH>vu&(Yf43?KUvx>!CmS#$w)H5YV-dsG2cCXKDT>l0*9FW5l5 z`JDDDWpv`aDD7mRsya)oLK?Qb{ilVPUEgowNG6(>5TzY2hQ#jbXy7U=lq#w6b$*MD zr3CC@pm<=4iG|ewJH`r3Lp-nv1~wf5XNi!+(yy-&9z1Px%gLYJDKzSvT3InUP)kYI zz21eUKvq;%oYu01nhLCUfU3f|V(+$lHf-|Tc4bhi@Emms2i-7S6@&$IbxmXzm9M!r zsqWrIfQ)vlO06p0CP%NLe%oRmg|fve~OHnL|oAIo4bG75uBXel9QVRVzq^&Hrw@oqQwO5X>?3*+A6 z49CFy?32Ru^3W{v8hx;RfMa4;4D|vF{{@pv?;&*AD_HTqoRGJ++S1-e$HSAG0GRxU z)c+AFPWRI8=BA~Gj(en54w0TMJ6A15@TX5bhQgqE1);S=QJa1;4JvnVNJyQ|qgunq z^&=x?PccYdodKGzgNuGp@-lraxW|CG<<2w;<`)*QB1`~}jE|2muO?H=y)qpl@fRf^ zB*cvPLxYdmZ_IJPP;OvXoSS>|>IXEo2yFNQpnU@=OJm$R#3?m*nAKw#H?-p9XZRi* zuAc+OUfwbtW7X9wj&gE%Py@Vp7nYaRSlZqSQE^=M^74XUriTJl^$r@5|@UsXwP&MB)4A&&zc%=9*_d!3+Aq zu&Z0Bo-H$hZEkuQP!2ZS!epQa7*3;v?<@*ly%N%?NVt-L$|Er6( z&<;uqWIz8XML{=Uwe<$}w0}PqIC#6f*sq^YNb&^XR}(DlmXfF)w#5yPeT(t$d(Y9} zE_#36;MXzguQiVvSW)Lq=acUJ{0BTdBygDl8s_v2ms(VF0Y z_B{XkhI;dVJ$B=Q@~@%J-v2zBDgJ)Y|J>2PKl!SO%}x8yE&cnG3gW-*`@i1)@6YU6 zr^5ed1E^oDe&b3GVWMOF6{>B2f36V+@dR$d^2lz6yEJX!;H~q&zxh9&$0v)*D>yi1<$M$Vp~0Nw;8SD(e}dcTxM=EvVl@ndT*-TTMZ|Mk7R>5spj z$SghPd@qyaZ-=7$NJxAQ{-$>BV8x2{@qf?LB8ACgv?jKQOi|>(z^=c4 z%iH>NJLH?LcSr=nIOMvGzO;dV&I{$4Te-UlbDzryOdO)t914so(iDel_ApWh=x>w% z_Zq^_9ESe1zl~FBZ-lrGRZpf^nC9D9TP+$A{Bih@Rx??O$r~NOQ5|E7EWi!ybQdKs zWejV1WmhiJy^!Oq^zv>;pEQIl`D%v){HUk?yPXexfuVijm2O$=~8}q zQeR}!%tA+iPtZ-*X0w?!I5-3|)`sJV+hGg8-o-0#a44@}p>wvwqw0aH zy&PTcX_d$HbhX>vkaLngZ3PWK2Ibi;50k;!qazvLY7;uXtzAvM zsZd1Za0PjB&vpIIDEbTg3%_?~Cu&y+D(FKNC)f#0YE(XD6S7fo5qQT3V6BM%Piz6D zdK{14^u&pCW`sQjS+YdtoAG5R=$rj5MD8DpoVzqkI7rtE^c$3X0juL0j}P{OQRtmLpFEzM3COj z(?4@%;U}fOKl5|1R{|!ut>ziAuc9OF#+j+}^IGx0udpqy2pHih<97T*>@MVX^~b3z z;)#ug#bvwY&$$%$uH9I^Ohjb$s0;$D3@glXbCFd;>g7kM->n0L=k8fIN12F!PE^z( zb3z*Qs_dG~-!9BwLhuWWZw(kwK7XB{L9UlEo`nC9;yTvvM5~0JbUlg4KB#`HBOW(@ zyuai}%zusP$H|nq>!lkMf0 z~aTYaJ>pm-YCcTHtZMgoh zk?fm}d>m7Ccw}>KgYe`cs`=bR87;rWkDv2kc4>hK>s?`S=Gp13-L(mcLk(G#&s^ta z1m1zMxqKa`sxni*uj~jn+#nb92}5eUari;y++qXEwHtv`pgpU6M<~1J$EyyTqA#YP*b(Z z7!$Rhs<{8wOb+ipt$@$_XH1hCr}y!*X{MXj_!!Ro*^{L|3EzJzCWiS*>JaPt^&@9{k#^3^)?h~E+r7|-(h`YYnZy3-dnt&&ofW{k5p=Ndu%j>_+CG^oG(eKkLIYYC* zB7|<*%}`tKJVqe8^eKq@YbcNRmT<~6v~v2mZae*OT|I}7l8bXN#4R+PB-iTr@zbk> z%iO?Vwt~{5UibTh;j^l+>|d{s`>;eBL|R+o&~KzoW<+F4Nb~*pCB!RLqn$fM}#Z|_pc*#R;j+qrfHxBW1Lr=ch-E= z(Jhnw)I=-eSrSGhFK;n5guIcEn2Bv2ferVevq{Zlw=lr0Ycw||tfyR7oL#$3=0Mmt z&wOap6x{O2q)~U%bPyZk2Bk=Qk_w{MJ2vNu@u*bg-cXpx(7(CZXj{I90Rql6i?y}Qbh^T`pRx!bACrlM}sobRM=iRz|he==IYqN zYQxqmgU$BL2UBw+nOeyflJU|p_?JXe&h+pBU`9npv+6FtbuBl>k?%F1*&cA*UA%3| zk)@T>w6bw3amb(Qp?$ir#x*sv+GSl967gkMon+I};nt@tts1#&oJtQvhI5y(Y}bkD zTw}FmJsGwz7kkUTKU$Txzj1Da_wjhnd*gMp=Xw2tlT632*)D!x$b@|g{*NiiLOv7| z@8JfFxpqzK+pP@WUr&U^-p_n-Ams7uy%QZhb0h5b&3@LKK>iUy&Qv%(M9gS(xN+wj zd=_8wX)g>~B1>bw`D9>zfr@IEnz^&R<5goI9ewHdgy;A&8>zpeSxZIzf|#!8bXH9@ zc2Yh+-{xvl%Jg9xyGrh%1;VpqtXTKY=FfQSJ|(_lf4{meK>@N0&3&F~(FAvTCRIDtP`2jgZ;Xq)>vzot@@bq8 zun8|Y+3Y+%G-{GYc=|qjw}$j!xXyVM;lRa(Dt`n)6$`Z%&vbT$v@SB}hKUiQB__Ul z5*OI@npN)T009tp7tAdSBGtTtrkIs#px+Ar>8>*z8`UP(*Sd`mzCm{XI%l!QeCp@v z8yF*6<>U`ev*go^DrleR=efS_XT=&wOv>g$x;+EdTeON z>*ykaTHZRouIsaWm9ai}qOrpJ_7MUBt>TW>#Xa1EhA_%%14U)eZN@=;4>$9B`jXL% z^x7at^024qPDiDDT-)sn(Bxm9%W*cXOcY?KIl7=D0Bj&y(G}3g;KroZ z97m2GM?`cscV)-h3P>~vt|MwAFEo54lxK`JC$ImGMeA42ZX7bCp#6?{a)aWwAWIZq zn|ZB`d6XdB3KDh+L-?Rf9F zPZnW3ae8!oC`Yx{X>c4YR=>~Vy6Tuz*T1VH(bZfF2s6GkF;TRSC@ffKpxokX%-6bl z>VIOYe>_R2LY=X3FW(~4lHxutT6HG2hJXO_8wfBO;44TxDV)un9M&TLML=xskMquG zQ?Pk{PLyBeDQq9F6haU4#vz^Rew?JI*Zl|X0}EB^aIKk@oZGd387aeOKW%S+#QU3u zIzBa(e`URS`ni{rTg{%qM_fv;A~Mc!^O&`d3INzJ+Kfv#d;lr)c z(oWcBW;kK*9wEQ1d24=kjQRSN_q_InH3hIwM~m7YkwKyEZS#(rymlXF%s0*5Rz}Ni zow~Z2g#}7`KQnWRb9`Bny}50w?;tp-6;r=2CN7Ov%)ueWWie5oo|8dotDzzPUQye_ zH?qV$@8(|&^gpt5IjHhy&QynO6MB=WUSa0iuD=NMui}l72d?hRBSZ{$JUTu}5epe7 z()s4`RAd2R7M@XIELWh%JGZwbjZnBAAtE}i99F45_qd$xj_vU_0%@-KKG*rk8&$&* z2)uz4kqY-;|l-qte6?E)4#?UJ()16~z}g(p7aC+8IP< zUH_Na>5=w^X*S$t0=iSpNQ8Eqb&ijol3vxMjt#j5OOA`u#_5?FPi1sQywX|3S9Oa= zn~USZM@PqRrpHxPj`p}z_V!9t9vwWS)6__h0y8k`dzi16jll@cM;h3ia}RXw9Qgs$q3 zOHR6AELvLHp+q7+}*HuKbUR0t)#WGpGO3cnEu7X|D!c3)cj$5-`HjNcxLS4Ot$)|9$UMM zF|9_3c;swy60#mw$N~egdb)=wziL-Z`a(JRxsfVKuy~kp)(iKiuZxBR5>1F)4+bs< z=$!odU5Lcenn)5vT||;TS1Nna|zwX zrO4UfCEJ6{b;V-F4?Wi!ChnS=$$f3u=?__otMIOQM@lQCtu09`a9zmsB&k=jX?V^J2?+qSV}_1`=`&{vGkYJ__k}~n3UBOmoL;S z0|-(=1ga2q;8ytQ?+Eyj&Q z%_Bs7PPQykk~Zo~0PrC?0>hzlyARo6))A7;!O`KiRlRE(N=l!0h;-2q)zwVX>+_9w zA~$7K=qMuj@s>zPIN9&0UnLXbbh>|O3?sMuKeG3)AC}S311J%EjF&ViBl&;!T4`!% zY%cz?LLkhnSlxweZa;DAHb0!mtcFzNJ2+qN&abe;!9SnOb@F}wt~^_urryOH4OP#% z3HDr~Lqras&33MMT#=>NG-l~5pfT{ev|}KISrf{HhRAYN=PhJ}CS{;6aL@JJbx-Zy z-C;SvE9fU)d9Gk~kyIERUW$*EW_web4tIBXE0GiP|2jgB6FKfth zDY}z6z&CI(y`&?wSo$V+>-p=SjEw)4nV<_f*L%*2N~7}VjbJm$G7)sH?mMv( zcws??4yUK@FD>plPwzypk_Rg^+ZsP)XTW;mgs_0xhp5$gG-W>+E#8(_n2C+BTyxHE zm=lV#DBV0k)9Kt{nLS||qsOVtKGducteQ?%!kjZ_FjNIswNA{16k{6i4MOXlCDob&tn^B4DJzT+Z-+U5>De6?>TA1(S4I<5~~c(++?y_Bl> zvJ>_Or7Z|weAUHsJMY3Sse0z3BMWy%^@N<3jOM_l^vJtph56-WO~||9(v0D}1Lex? zd3^rUX2+-+0xSevTjzKd?eSClkBaNoz|dzw54@6s^(WtB17R;*%k=Mrx}QEo)JkPN zTL^fE@cgyXLM&)SuP<_GjqiRAR=#%jKXk{|PjuXoxIm&=DbzQ9C{Cc4E z{5T66-sSzw%s1mM7V1)lWIr-=1l+s#O?yJ1?#4T0(Dz8+@k)LaPZYh-`y{*X=Hm4; z1^wwx|E|i_J2eL_2H2ecD?FBaqiS-S;o~=F$rm9OFC(yZ8QF-GMd?Fk(v||Jb1W`E zasP6M0>t?Tb})#@O5NM&WM>p@+D; z0^28I!1S5B?Y-%l8UV8Z%(x7pYX1MbK)yfb@nxT3x>)jyHh zO;S>j`=<(bP5PC_z2`gOU-3%GV?8aZFVGO1Bg;jHrh94`OMnAUbImz^IF+iq8KhEY ze=s|1asW&++ER=_P7vO(5B;L^m#!s&B}Q z37y_^bb%Z3xeM7{ZLB~`1Zs1kx=mYsx+x$xs3n1Z>;;&g04I{wj?Mkpp2^vJKbOZ} zyDfBce;XgiMu~27$>YMm3#mAsi)B$$PK;4<0jgD)v4yWb#k$JQ(F2vE7K~^6hUy^Y zGz#E<;XFT&pN8V#;qn@<`uq)vv;Bs?&8WdbXMLW)SWmVYS;ht|YShL#Cy{|j(u#5C z8x1S6OHV3_%{FU_7|hIZ=O(PvI`iAdj>4pnQy)A|C-kGO<>)pizj5WQw?X46S99B- z{(h$FZY@aF(=R}9+lNcb>1$o%e;|gxemDq9%#<`RZe}?A5p9~f@4C7EjW@bFt-@{L z#xAb_fDt))`Rf)eGTeN8%Dhs*v_Tq^&Co#o*1>@*L$aaxt)2l~^GaYG!T`6hj*~B| zpXk8B|MF}8P>=V{_G8jTJ7;1)(dI;XM<>nVU`%KQ(Zoq!~#xH!e-I%_Hn(~^ks*la?y9g z#Vao;P#fhU2HkCXES{%;6l8<9Y;|Bg89siJ($~-+s&D=G?jkpzdFvmu0RL(@@r|BK z&(h?XTwT)z{0-P~9XWSW_ia0>s+i{G_71NK(YIGVgsVHTGPksMj8U%jkl;Gq^5N^J zf^jeYV+jt(Hq^ii``^d^hmrCBY2$n*4Tr1!yc-!97%Ea$XhOs(7yoS+2z*4V{Qnb6 z(9dW}{OfG|+p~P%|HG0&?fhFJu*3fIP5$;%GxPr+uFPMi-2a|1ypi93&9(g75&ZpW zzCvmOcpL`wb1jg9)U>qs!R>|d7VnxGA*@e-Kd9x)|8;<*c`($4x)+uRd_2`7 z$t3yd|A(vh0LQxT-+(W&l0-$eq$DA!kP)e9kuoBC%a)ZbBPt_zC3`fKy&@wdp={Y? zC1fXA3Gey4@8|!%$MHT#$9+8aopD{)@B96X^K+i(2kMLWnCNN!A3CLGb?skr!T=d)Q#pb&3v2tm!{50PTd!~gx3*PZ{riB$V}F9_kEcyGcJG4KETs_%m2 z#A|nN0bDZOTd)mo13#CSYvGar;y{{AA}COMPo3ft78Z^YF(i+Ri(^w_1+2yrS|h1H z4o=wKLx;AOmzQIDeLJ+SfJgX2@N8o)Dwi|KD#t%N(w^9knIRa0emcUnj}NJ`>3SX9 z_pHV-E8??Bl&C2!a5F7_r8tG>r$KMGhlKyK5wN-ePiYp4CBmP z=P3;UNFnUv^k7F+9Q0!N_oQ1doE&`W#=zK9_21)hA3_QCA|++t;ltamrS9f?l&Vl^ z_||SvL0+C*O@QgQyVvt#2bb|CPEQb_NWPd!?*#wVS!@pMSZLeZ({$LsA<{hu3m!bZjE+W*OpOO1!0eTg;eA@$0b*0^J)4A7wHfEGA+`M@Rb}fb?EMO#n zoOVOvxGq3{*rz&7bqYbV!vResnBtU@uCpQF5O+<+rFB?FJbdU2-dFOA7ZeCELfVCA zp<5UpA0Jog4}I|9%#9mtB)NSNNgzGb(9-(7dS#wjFDN7gzs9YfK7I0SwFtlyg82&L z?%fnGuW20|XM5iIsqR9N<2XGzIXS^R{RTzc*6hzfD1_Gf{DljQoP%4)$y>m{0Vk^6GTt)J2bY~7@Z6}+ zb#5BkQ1`LCRW8OBTI9Yc;3UZjmK>SB{vg$Y$KHDj7;H1vT!qHvXh{xI#kt0X{NELG`8MKJ`vv5!~Y8T5g}SF#PRs-E%~bg47T%wFd$&)6r*= zJdZw$IF4N=&Lucy`w?0}I-c*;wlf6BRI|{U)%O>*sU@4eXT_hrY-u>ue_;nl@&(bQ z{la?(FK%(}-LUZNhDWHn#@zkddAJ}Lw!gkw;68F*DeC|j&qO3kUe|8LEjipDwntd! zJ+9}uDtxF%ohQ|t<_7x5q+tQ!3U=q#E+sWtSkh(|hVmkQT%YnC!JWv^uh3hW##B^% zNP>@#3WUS_#<_+r9vC^u50-mn{t?&Q{NY{5^V?kpFFhCbYo)czb(7h=IHusv7~-@1 zFlVn;?MStp{pV%dM2_p69*&sg*QKth#g)Y_{fOAu2Z~&7FHTc($o^1{mkf-Gin3f> zjg#@{OumT^1YVDKKtB!YG{r~qA$J0wIY`agPuf=2){No0r(x&CV|nqv{Ik7jN7wV8 zt$~RVI**MPb?=K&AL`|>z9jP?T=;Lub&tzNLr1StMn*?j#catXqmCvaI{FZ;*wXT{BDmEmYHIr%r0{@15(m+@uy>Yv2iNX?Pr7Z}{1HZ> z!48nSi;odm4SY|H^mm|b;7S~z72}e0;`j9Qw4eQYlIP)1n6}iwo~P@zol2fkmwi!b z=?FN7-S6CvZOn)J7{CBc!r>bQL9Dip@^v=*meNjrmAh6U>2D(y+z<;A^#47Rkf3V9 zYPG{z6Ja)4O(5d&;{eDvNuxV_F|WQHC6cT#z8Rx)2}y7Wo#;h({fnoq^?i~LC$a-%nM&jetvPO zu)`@aeWuD5$}oZRtpmAYhYnrXeHqRT*AZFe_eJc5d`rS*roVI#*q8(X+^2nSFN1p- z7hdJAcmUpD8-FO~!U9fNBYsF;ZsLQQ4 zGj=DHj7#q}B4>k5FR_z`;G+-) zhov)jsL;cp3|xU!xb@W)?%z;&3oP^}o%SaTlwmr!3k4iOootLnoYnn+~6*h z!NDiOBD@{W+G)`2*rA9L2Q14iBnj79jz3E?+A~4>EZv0+PYrB&|MA`~Mh*@^+AueG zFA-51$3!l@V;`dRojdyDWjr(#5l=6#oga57N8@n2xkv_{JJ-`{cNzsVK6;IIFtOCkyH%hI1R}s z2mOc4#tojQ^+$0oS?KOw%A1U>XrGB_N71ld`N_uXH+G%i z92gj|fML>^?DHch1A_$~A-xku>og4n{TA{Fj+oB4N(JGked`BNv9Mmj>pe)p{Au)- zH2hzqa9;ND@}8@#8C%`KB0@sOrX=CTCBrarco11sTu|>F3ySN4)fgLBS65ht`Y@h? zRv_I0gk?e6f8b%tOtph6BqJk3L3b(ab@SlBV}c`qgj)1@W@6$V81oVw=c68}ZWQh_ zH#a9_DKIG(#i=1K@-xXV&|yPbbY{g9vHEK1C>|%nhWB)C zZHC{yva+(HC?tj#z~N8tn7xM}wvlku_%8oSgU%~%_a8i%27ZQFN@!kKj#5{SiK(d} zOdif(zPvk2_n4?CA>To{qQe4l^2@8sr;qQ3)K9*%59UMdpQ|1dWise?J3}~5?#wR# zBY+Re{8-U*RPN}j?*A;#$;r7<|GKdtVAXT=??N*#j64N)CF0-`!jNVZ#Lt#e+_>RR zpRYpw_~HR1M5-j|*o4uOhalUd@dm>;jz8+|WYD8WsxQ0p5Oi2sS>^YBfwb1DgZdT- zeUT{Z?RAOhbyei07MwTGGN}x^hof-5#!l$WK>nv1Yl_D(U2KZ@ zr9K5WGJiD6si)3tpyEoit|uSeL4#R+HOR@M8|M~3n1~L;J6N8Z>B-a2P-O&+_+5PY z0gZ7mTyxXc6$PGr=<8!g7-L#Gtu5Gh0?i&WNW7%;2N2%_Mq;37S~O%laX|VH1IVKO zKdTmBvr)3g634V(rte$s(iW|#f)`y=jHqyt=4s*uY;A2(#!}oPaM ziTmPmTNg#2!|E?n)b`YJt5bPj`}V~dh>fn~dacSMRMjh?1LOn>V}Cw4^fRa+&baox?3zxtzG#+kkC?*5^qkB?V@f$#0@jYk)ZCKvwsKmv}l zZAT=qUU+A2r~kjc8yT2zLv`k4f|dn2YWUAbd?VyjE?vhC9;BX_m{8&0{edtE`vAYG zBzz1IgdzDkO}08z(s^`HFtJEL?@O(5_o zm{_W+ftO?POJJPuXyLvPdJ+MuG}>ED;E76jdQ}`J9SQbWcKI^BXdMIY-u?D>b%AI< z5in8ip{d2GCMTiH$mCzhJ;2S)O$eU}L1fE@{eI2Y*g-*am!6h3Ps<0)c!Jzd!3*2C zEdX1x=L`R-9|g6&8uGA+fBqrIHxp+Wf|MVybUR~{G@0OP`6Z>z;&_qU0v{~ZQTkFm z`b-fhPbMoX3uq*_Rpw!53;G9UxD3jpHqJ4srX?a5ZY>@@@FUP#fT(mAIq(t&TjTZF z89Sb3tx3QO=ca37uC-%Paq(80yEt0N$?rdZ-bx$zVb&^q(Om{oLjjKK){AbaVhN>} zL|8PpNZO3(22?8oGOp*#z| z8{2%)b@nS`)*5aAp%`xG)wVGyk@XUUi7RtqfoaW`$uH=R0CA8WQ`?5IouGv`aiPbI z5Xv3nOQtre9?p*!!)IOD<%OT}^7Fs`;vne%G<~5(+h%!(B68GLFA{V>yL1O{ZCd`d z?47ed&K40LABvVAD+Fkkzaa(#LIKtkWZ5waOPDxWAHCOBW0%^GZrgz10Ameta!H21hBO7(SR&-0rT^^T`}7&_H9`qVFO*X^qwfEf24CEU}v7 zvzLWO*E7^FRcY$!XV+X!8@%d)q|bUO)r;Ce+1*%JRGa~e%9bliAld&*TW1SEo2GMc z!Qj2a3|^-JBywU>!dDWc@4<`weOK2W1jfLNFXd7BzaIJcmDPxTXO1b>6|hLT2;vN> zjx4_WUw3}uFKTfKrymSlZr>vWr1H}KWS+T8mnypLBBBZk#~@g-l#UQ*0`-7>fh3*x z-+4t~WmVPHlqi8?8@tpM6&0&c4WcW5p>F@ijf*4#XPWdTUn$pFqGfTEkT5|4)esM9 z6z_qvf~{i=$~NQozGN)$r)e?V$G6&!RJ@-%qy5&1UxkVg?Ke9b4FXj`!k}IARv(`tWR=p=91!Kb=^19{JDeH>5TS=RL#$Zgjr|+x7@My*?GQT*Y(dt^u5MG-?BJLaqBtm{5>I0tigu&$wgCfO+b?bUN_#H7^IONsPO#GwbTG8YRDtg)40c`s2rD$D^99nPq)3l z2yDP?-Q3*WY45B7?l=Qmve4}7j~+cbm+e#lFqa2)s{u}i%ea33g0gd;6SO<<06O!e z&mAge`5`{_L9A(c0GDkVD5Ps~E3vLA435h@yc;=&RYYwDM{r7FH^oZH%aV1L!asW_ zOTvxeV&k$UOsJ0o$*c-a&H*J>(en*@`X8c?nFmb0L6P6*=~WC~vELP}P&gzh)?O_- zIa1WK8=jCfKG($$n|SG8BKpb2aVBn#V_nxhdgf3^20HB8xii4vIV5;T`#iTqBqRv` z)(r>@RR8nPNF5G_0bbsKU4TlfFDXT>i5MFhK}OVkkvk@*Yx(0J#pTlNS6TflRYq=F z<@-q7vKH6hB?S~(F`Vmb1s6lXgsbwUOI5IHuoFM#1$Ynj$x+-a01elRg;Aicpng18 zh4n0FSzY>Y!f;z3^!h+51z5Nn9*m97*ssNcC=?1%P3QJcAsEU3$mTq1L;+`P6W1~* zoq2T9QLqn{Q*h`L7@kK<(&jO^^PF@=-?IRycQ1W+YH!=5Z~{H>fh zB9a5F3Ps?7mK=d7Qhw3@Cg*A<`YgsW`nS)}4dJmW?0$!ZP$4j1f1vl7SQcQpeyV=x zHGrUCz3VdGe{a*Vik^K#Pxz;(lU|vc%U9E<;ybVAIB06JBzXV1DF|!f$rN-doCN0A zI#tmC_%G1F7|G<*r}KDSTo5&Vkbu6l7CASt8Bhh`_Q=n06z894M)ibr)TxmB+_(B9 z%K8l0`eK((bj~{3-g8su&N6WFHgK8{z#xP5*YxX0h#!dI(C!)~C8g?$&2>AT?(TPU z;jG6L+AkC$@}wK*jNTI5lBZo@dB8-g&9dNM`0}9-oL_$2jW>PerKQD+u9?^APs|os zSPJsRxgy%Yg28lwsmR$uIk`7?nx$Yd#_rMQ0Kg6qv^YB23?!k;V3cfZ6fbNTFC%QT zoXWXG3`l%RF#(X*Z>u7(1E|9K=yslP<-jM+ndtfJUQQfrjR++**>Uw;I+1z6$B>Sn zW1S|zh{dB45-i9;yJU)Bw#zu(U)nYK*PQ-w*nu9P3#R!(CSqH4PI zJccM-;Fck5{VL`wKWt+@oXEY*m)^!605gEw=Y&Woz`l$vnpE$7opNnyaUJ*w&JHfu z*2TAyi`}A{KXIyei}q-9)i-wS!qN|VbA55PQ28MxKvajza?Mv6o@Y{TZ)A<1&TTj~ z_hSnMd_={X?U;bLZSCnnH5BkZe-ay!eDs(eu_P=*YZ}SDf%qGsiaoYoLa?3#s6S&~J84t}_tj3jLMw`s38v$2BQ$ z3IwFT_G*uIm|!0VJVc|EQ`Np9SL~`;L$#7I*@q_NY}ZYIq;FYY+ckC41#^!P1=1A4 z4wjdUpyv2st~eln>qzziba4-d-v3?7xi65F?^Yq2*bG}u;O48bRjLELnbJ3&;O6yuS@`{16Fn>G>g$Mh z)t%v9`daR#9VK@Bc)RW9w&iS(=Xq1rldo+m@=+60t^nd=M_8(XGhUz}62Z#iX1?qA z)vG$IT<tKaLqHZhFI^nc}og&?Xe~&kL zjtavN$g)#cd%57vo836S`6Xd^PI(FxL`jdKgI}0>!Hv+~-W#t{YAJjD2FIEckNo(_ zb@JAJ_@es3ub2PH#of%zMko!$GP7U22%u~#XfEeKEJPo~tj4uxkNH0@-;}`sg+}xi zR%wjjR>D=}2u2+1T#iy-UR`Ee4FXw8=o?tozwQT$Z_KI}d* z(0Q30O)rQY?=e!hpZ|7_j_r7`t_R_@f#GSs)eQV24_mZIdHp%QO&WdUN7O!AZUoq| zH+C9voUrRya=YHI8tjN>y65o+)CHfKnwU*^h`H`IiScL;K=!WT-B(*QIC|Rs%W@K}(!}YYBVRw)%y}#>VDi z9omvBx_z{0J%cFMYF{OK-~aQ+Jx9=xqc|rCj8!w&MfMrBOlTiJsu}AJ2zTTjJu@k z>gx%;ec?2cn6N#Ma}|@EL8E8i}onP1+}BDrJmK* zjlW=~ZKP{x$fJ>^vo+#;02asG(6Pm?Ce1SU6Szy3mX>Ivs}e4i#H9C0Wau6Vp`@lZ zhUaZ}nTI(3zI=1T0|qLr`yy!IyV6&!PRgm3A}Kb#J&yYp`Z~URcPCehNAGoU`)@ zjI_w&m8o+zLtvn6`&sz*+w}DGs$$1+oLrH&ugWblUcL-0@TZ`l*ejHonOzk*R0nK9 z=iP0_f`S4;#*coK+lGdR?_fz#o`);CA%pkS@jl;OTE2d5AfLyqczV{=A;nX(%7Fv( zwCWAC@nWg3R8}Ydn3IQ%NYZ`lm~hfCf9sUe&uYO=AqD?S0OUl;Y|n{Fbqz952+jp8 zeV-Q>Yl-Y_CQJ)|{At`rP_{dI9O~Htf=k*b`r+;F5nbFZB-A%Fn~}J#H#?8SE2anKT!cwinYx|BJwE(Sz%p7fR-ZYHf$wW&DJ95LFzXhJw z$Il9?^Y6y*N&Z{{(euOj_(p+WOD2Bb6yFQ%rpG&J@6{iD^-%3o8k1{Xy0eQxn(zs|Zv3`JD*^ypF3;SlaakArL3 zUE+LL+jiscs^4B7TulUDa*J&wz?NxyTkclqVJ~75e5qP2Ceu7<9TLv&tHfkSMN8`* zo<2hF=@BP4x8l#xXGtEoeRoJA%=FIBg$3j7SwccW({aD&=PU8?D3LdMdU-_vn?ei2 z4%!GYBS3nnt}y}{lL2GjtjppAWNAXBU+!7_xvUH>fs|YgvEt1y7zdl1cfh@*Qjyz> zB1!0B@3k=*66S`KO6lXIc;z4jsrA2&ebzSdli(CpguePj(JT4| zU`Mf_V{^Ry^o8aR=3*mrqj0n`jnDl%_YNc12hNI)AB}QVwZ5SLgA46d(9}^H!*M5e zCI{fm3T&>s2Wz&dOS-2_Si*@Cb28DB!iI*1et*^wJRU|zPvotI$vBrRsa{-wv4aRK zqazv9)6(vfht1%=g&_HWnrDbsS|dCjv?JbdX+K~F1jL9mT?s$nyNI(Tm);g1>y?;} zh>HvP&wPdA;FW~4*uhFg&k>BMkZbS{a>@99U2V^)CqL8SvnET1&Sc$Nh*ruI#B zb@EC|+p$3Fh-NdQ*irK)jt5=(Ursh9$kcDh;@kx#Y?BDv)sXkbppv|l>VO-}bg;#> z7U=#}Rn;vpl)>^~nn=7wI)KVblZ;Lq5ec(^t*2K{AUjNZ73J3jomgC4w3fSuUc5)n zLO@>^`-n-zu2j`2`@;TceY3wS^JZOhU=1NCSoalf#}UB@X%dK!xz3(^=fXIw`?(Ag z-xmYKJP?q5Q=!g`I<5xeaRdc#B^0u2>?%9j*iUWW??fFeYxh3&)DTb5={W!Q8@zRo#F^$vm z=Uo}wc=n>~Iq#ZoZTll)sw5T$**O=7UtfJLXlD2zIM`m`STGhn^PZHdJ8v2`-~I&W z@$Jg$((^NYbBCLI%i-3i&2d0qSGSSPTQQW)RIDoNF!m^Se=Ff+t!~DnZ~?n+Yf9lL z$ibagds^*GCL|u5eWnaTX-J4k=n-tD6q^{rAi#|5H;!JvXj;s}zKCK$UFi`L)g}LP zu+!-t&(+&TG;Rx1^T7#Qb@n%R_; zL+7*V;{pYtT0ish zS|uVJoRHw1vMncR1LMZRksAy(|U9vn-m7IQ%f2<(4u-Vk*M~Ue||F;aqFfLM2t)Y#l)DA^j$1u!XkHAtyDUC>UMt3KlvoPFFb#ysnGs+Pgg{e z-lcIq(gU)55X}Umn~^?R+uKdPP}L-Ef*OJ>-2Y3PRdxrwx|G+_5pt*YsMs=c?#78hRQU zhT{XjLS6|Sfz^(DvdGq1#s}3IXUHwAqR>CP^vDDjDHs^+g**tA4_ct3w|^Q0pWSy{ zOzaza5z_k5H*g+y3ieMi^BB7o$lM2QwZe$%ryMhhw z-PT)CHxa85rDzmhwdKxWDprdLP=kwos+xccmxj9f>F2FcoD$XI2D{emIf77kMXc+E znb1kz`cAWr0rZsuHkEe9RJFR4D`P&J*drx&+ZMc{pGerK?1x829J{zZzAO-(725sj zIn*V$Jv{OUOK?rFS&|AaYX(P$I@mDNj!irf6C2yJi7i9n;GE@*Z}DcwRy0a~y^xcl zKRP>0V&+3cIwucD=IvRW?eDW(kI!z?P*ao3)IbAYHM-0Ri!cFv8hK*mjNsZ^AlO)d zTUA$&c0$nh%%w})*lG5_@AO2@`_{Q1(^F&dHEnIX;HPM0qrH9mb_vHZIy@EpIfVt3 z2+S-%DQA~hd2pFg9e(O%!NNX^Lho-doqX|PKSADr!?$7n3z7}l+Rl3c9a407vwpbLkyM_{6Q# zToFcKu>TF8dj@)l&PaqfxvES=&Hd7FoK(_V%zeX{7-<<*=Qxw#SB z1+WNS4pnl`=xa}BoV+`@jxM(oU@C|4R+UkI;Q0B{{9?y*scQ1iTcP%n%kFZ$IaI{! zd;?7nxOxOf3Ka-)pdafMyZ(~uUK`Zer8Wj}4i$O4Tbu>4CojBXd8Sd!*3;{CR+gE~ z$C|CjRYJ%W7Q1;H!(a3GI?#-meeBGSIh?dYzb}Ea>{~d^?fEixMB-o0V=r4| zNd6YAJ7qU-iZk@dzENk_nl-ffX@1i`0L(G3i|k<`MG9&eEx8+et~b`#=TDRy zbJ%~MM0pz*6hsX)z+vLc0i7~;Cgc`mUcbBT#01^L1D22!U}2+>kTWvc_tEGmkSNj{ zXJ##0licyunj1M!GsiD^dC6=Oqv|E!CusV0&x2~eIdS^qxdC%YBIC++?tM>Sxz%0# z7@p3q40d{YTv!!AN)l@MbVDve2sP;E<3q$S4DgseCIZB11A_n_aVNmvFEQ<{OSpv! zR#iiTuLwIqN*=#67{6u-Q792!%7XS}3})Sl zG9F?mPBqsXd*27i=|0Lf*xh*b5fke7|Rk4dgLdA7ckGJ4jTd2J_k&p*uDeA zwqKyf6c`lI;4J!KyX`mb%@xI`l+?c;-}J$m>5)?$z>CeGG9s!YLDzqg0@s=Ku%;5* zfzLpIkD`vOw8EJGbz0g7{QRrh+7D3T?!zLbMzb%R@W+88{o$pIV}QUP_~K@T>f{2a>+%Fv!$85L1Jmbr;ZNqL865Qy>`5sPqYfFAf?L6BBH6w*wXU zJQ+^p(;L}@Eq(VOUa5;k;RW;hpaXvm_HS^Rq&5cEUGKUd67msrLrLjV=y^d9HhXkg zqHh+sS+PEva7?ClQHZ!wD^ly@)e$KkHL!&HZ+@!>lmYqFeEau1^{xJxnQ1I+jfi%h zk$DTO<}NC(Qu8rn8}Um;4xm#++CNW9@_pii_g!fagtH4I_s)n!p$<$K3t}UHTTAp;Vp%0Y0GUP=05&0DwHm3R1&_@>In#_c%G#9dmAD;O&1?9_N9 zSc=1~Y<|$eMc=J3tE$)OV&p)6WMm`RlA*?a*c7m-{pWYx~!I>}l0Txk(Ospigm}#gYbN z(Sq2cD0l%DJnGVQxWd!Kc<(H-Q8mCZ6@C411W4E?YPUR`oSWN$=a1G~O+y1Tb_y(0 zKyor{Yl0JR*R&m7cUO+>!~oaMo!@?zWg{tpjVljd{-AnPYJ2d;H1dC4+P^cOQww>a z{l_#ZY((=RiM0RV!9Hi1%C)7z1&NeAFnO?Oo+p{;ysg#NVUz>5;@KH{1D!1A+*GkqJj@ zCafz^xqdweNbbk#>ef|7_ZKKP@zx{P;~za5`AL$#{y2OI8YI^TX^cmn0dcWPd|fR z7cD+CDw;0DtqQ77IlIrnom6&qpW)0Fb#-;LgTfPQjh{cC##{_^b%drD*HTqy7%=Z5 z$eQpQ#`}OJy8(Vg=OXyZomVQCy%HpyX+eg=`!zde`mwfFm7M7duSz)Ee`!&pBDwp9 zOP%S|zA)AF4(t1F9;mEo{X%gr!U0d7_CF;{o4+1xh+FX$*s0m!$T7c0l)_p|RkPh) zOH;Y$EG+nmit8HVaTYpeseVabISp8e!Yy|N&Jy%VLT&RPLtkdQ0+W9-v^5W=a+&4& zneZ?aLRjvg4nZ3M{D=o-I+`Wx=%wdrs@JZGpnbLs=6w+qX+sG@}Wbr$1--_2i2G!=nY$CGo^j92GKQzAa3Mf?jT{rDkR_(P>V$y$WwkJV7tE^k3B} zCG#UTvGbp~$3^izj^<%96VYsJY~5veqW$0067hS^f-jGZX&|cp`T(vKalB1U52U4~ zCAC@zQa$W{w>o&bF*1P>X^vu4qFVz3FPa>&nbP@NAe6l=nuC>|>HOSag=`=7 zrA4MPJv$e6ovW{$m&%PBap1Kc#>*$aM|~26@j+!-Npdn`?2Hp49#~tv&^=*)4^cf& zE%>bU4Yu_5)@?L3H_zqyjwIZwC_xsDed7BTMBR)V1$EY)XGiWdV*Rh!c7eQcDanNr zx3`GO@<6?BIXafktQL9Y%ww>06uT#5x2T8sM@ocM5fDXIpJ#kte zg5jvPcXXUiReMHMxVCH}zB{uc68_&b=gky-_qxx(-G9u+^Eec5{~5U+annhTGsFH@ z@0GQ-@@HSmBmB+({sHt&obB|%w(@T-%`(eQnis~mc%h^}&K6p&%w@%7;jz?lZ9H@S zlli677iQ+$hJRDk@aC>g_+W;N!$a(ic%WLoeEjcYBNPTi8pParuSk*?uL|M_rB7_E zzypRaUa0>xM@-M3ry-cCKttTgT?BMa zBD5c{d4D++je&mOQ|2|bA_D>gs<4IVFa6=&K?zvRB%?0%F`UzGLH z{A$6+qWu0&4g&uQs6o?2Qem7a*Kdn0ZP z9Jgp2eJt$lb{i}&H`-=JR!il7hf)NJW9ILj>dWy+cKLrcAg8m9bvL_GyW^82gde9? zhPITR($>=pL#0sJ-_Hp{=o-*@ZA+)_7Z@mwIQHG}_=J5ojZKYcE5SvVhx0eMtC~3m zcRrW>0Kz@J2_{x=pi{vi^rLwFH=3aNSUe8XBep_xq1G&6}NQ*b;t6HU&&ZZ z0qRiR61P?K!-+rMYx!^cp%Tq^Q9xd3h&eG;sO&V1whzm=s0rNyz)?K4%E|qtX)e-d zZr+WJu9lV-!@)zf4jHn|{r$T3(x53q^rFeRhVeMf_U$tfGnZ<*@}O?Sfd(9)N=HX$ zGRL|jhyTbC^DPQYwCBQOPTc+4|C;hC0g1?bICjQ-G1&QQX2@ZFToC40J1woPk4Mu# zG5?xumHGizW;?WJc}}qEfa^SLO;E z0VF1i5!_FL=M1Vs_u~(`{adFmzZ}G31N8J;NGNrlWn_e`&xVDh@dY>~qKyTw>dCqc z5HI4y0cW8kLDWW#yy(~bbB^pil9PE?LAN@vLrKx-5K6kIPoIupU`gs_8w;IN0s#le z6BP+Vs0hl#7;-%Fh;s1FEm%8I>wpAPG_>(8&5OL3JUKr5)4D=13O`hA zEFJ-rPlXx^$q&UQpGVf@MDx9xMXF0^>oQKg1*A!gAoj*1kr)H*2PcxUC2~E-OX?wP z_s|D-uMZT_e@pupi0J<$@#x**l*vMBoX9K3X03B_6`mU|zXXkurs=ddgEA(SpUqcB z44R$hKW;2c{~WF&^-}GjPKGOKqPl2xyZ1(jm#)U39EY5%8iipFX@y2#|5yCI%7koR_-ol-Wv~!hm>r{ zl;KR`CW^AS0cCA-WqT^wdgcl{qH0(QhZlCxpWUHrH?PD=v<}ZhplUX=46zB{7Be81 z-J6XvcFV*_Y5Hr)?fHFHZ;QqgJSb*b%iI@@@{h)&n?=Dx-NKwRo#tXCABVLE{}Kuq ziKzZ0w};-x+tgajRNO@#n}d>m8GR+Q)FBh2uesTLn@!PC3yWV*5ZkHRUD#ZOeX#FA z&_5s-eGEalneZBY_3~J)#NKBIuj@6oPAw9AJ>Np*(y)}MIqN1D+lA0obkal!oodfN zDB{cTr3^z2oi+kY#aROft087_u<|Szw9HQL7kZd{3#nGXaMiMjv%Y!LVHFr2AgkTJ zg%c*LBmu|h1FNGebj!d>5fb>cEHRnaii`$FmOvrQDwc6+GFm0E1yoh^926Tdlxkfa z9nqH~tiGNsLvfH^DT?8XXm9buc}JKcMJj2X3iS^qz+ZISrweDo5PglHW+NI_O8+G! zB}~bMnrJ^9#$p<%P)TnnW#{7~vXa^+2%O;E=EfR$tSUi$Upi_BzT{5b_o}cTCLh3} z8BaLI`>~!`nd&6;g}87}?Yd@aYHNc`4+04cu4cW3s-2!onkLDnCD=j5-q@H|%x)kA zBb^+22|etl(4y`KtyGC>|2$dMU+3c>Ym7~op%wwl)^s@u%V8@G+QOQ40nC||LaGD? zC|<0m52hRuuGeO)N#`&p?MYJ2)Tqx=C80k$NE2m0>Q$=~4=?;2NwBi=d-k?MaBhH& zB5Hgy8L}wNxC!3sxpS1Ku((2cv0c@AjNXdaYbw3aaO^gAyAxbMG&ID&f);iqe9#Ux zFELCe+5cT}$k$p&yCCUlD+@u@;X%}2g5Bf7}wHQLhpd26VjJ1HC1t1$&4o^v__sIgL~`YbpsxaHOkd*HBVvYzdqA%d4xKvSMHi zj1N=L_AGN#t1j2;k+9VZ2RA9NVl{x@$*Uq?qHT71bhJ7_7ke@c#U$PVI@oUM_}$Ha zFcJz1;hVhBc^WsTxXFXwNmMzlXbGu=jaB#r@cX@U{Q3gbwLl zyg@;_oo!H|o2bni+j!~{2XDlAg2VWq%>lG>bOZ{^6oZpw2#v7DF*!EsRYJ~+jUc9~ z|6Iovz%fw1ve*u~AY?}z7+``=O04Ci7*y5O4TaW9Yn= ziMcmQG+zef2}qstCt6*h^8WSf7Qw$nlER3Okn98S3PDycHL-Mgs!n=w4Fm@QOahdH zI`$l16A$wPLQw}<%o)r$u0o0G-5;L{nB$G>SYRBJ%dO zm=U>3Q10S+F^=VLTv{IK{TcxaicJQ3P(pnY=dC9cNTwGWWA-QT4X_C z5!Nq<988c{BLT<;Q!gUhKne$4BEd^x8zmaEEK}**_snf?lwcCd!GOSE?I@2;C;*nN{<{8)V(0cYz(@~ZNyM0X9&40xP`gvI2YXT zZ*YKaj1Y}t6*hQA3f9(w-*25nGfI3C1n!QJ1*(7;Cl)sIi9<+W ztil~s?kDHtGx!-ihAqMO@EtLD7#7*JX>ypvBhaHid0!CDk*Z2e&L zEgYK0#J37~B1olvzxr7RTYI`1mrQR$Q788FWkL!pDS#oIwzn6-VbUU{Kq~}o0zhNU z{)neBF#@+Wa$GXvoI%N~+^dM&ix;KYC_gbWQq`;9X9WPI=SbU^FPD2uR>&kUJS6lj z#KQzWq_KIlX-QG%!H7g;KZ`}|&BjRcYvxU|BMYB&`m1ht27rb9yrhJU;7_4t(bOf( z9x~R?C97yEb<1Ira`EEJYY%%^EVjuNMv`fOkO6)@d^~1zJd5)@F>1;msz5*sq9UoT zPOiq?bd5Z}KO;WnKlau~R1`y4)rW%P`{?M_-hG^IVq;y+)Kh#14xHY$sMxfe|TevBNm(F6SWB9fnu}kMnWo?7lmwDZ#;OFsmW&&AX#* zxr6hB}jr7PEVtZ-3Z{V~!OQ6JtNqdxH4y0MbDXpZwx@7~w|50^7!D z%qB*nr3%NW3{}dao%YcFJ7ql|{_EP8eIM5XhdUDACcjusSq!>$#Yg&>6SJw9O9XN^ z1fIj7kdl1uD%P0?z1K1u6T|P{H@cIEBhM~oEm9hS2`g6FkSAp(w-4O6!|eb$PDMk* zY~BM5L4tS1yuWk91El%@BF;95l)BD|O-!rt?*<7dU*g4LuY|atfq{X9$a}Lb1yaWxYbjJh z=A0@st?kiSl~*p%ym9_DU+K{Kra24?ewroMGh{pt@bLjQTIzY&r+*#I%eI;VGt4^0 zuJl{a{ISkBoHF9{ySwk!w4~Kwwb4<4V2x%~b``oa`I&>E&2)r>9QPDn2+11hnP$11 z(zivhH`(}B{98UgJ_Qxm^As>BG%yeRHmsmT9ULK@fHmMiE!98s=_fsqouxt}n-$m=fsNrFdItNv79PC3Hqx zTZ2#um-M5thS7E3eQdgO$cRN?7slN|SAz9V09f=RmDJoOThcRiM|!CfA$Mm(=GF_R zktlQu1?bO$g+1HI(WXzkrFlh*Brpb6j6oNDI%gJ|>&w08(Bq=EzQgUkLWaQ!5)L;c zo;7}o7&m32Z2K(*-7`QV$;Fb1%UYAEY3b=&Yfnyq;qG^+)uy;sVnNW*bA!xaCag06 zj16JoCTpoqh|7`i&@Mgv=O3eANWRAajKGOtsA@uSF&FPVU=xak*d1<5zo`6+{_=4S~ z3M8A#5{xp87AtDGJQ_^>Q$w)5`aFZZG)M!bW^0y5FoVRKT>1X!ie~Y+`4-WGC`Z97 z)#!5~7M~GOAKYW(X0uMJl0qLCXU-%l;UjD8)LLI(C;SIAme&9NZRk{dJ#e{X+v10R zIg+)j>LzT;O`c44p*nYa3=h#K4)P_mao;Qaw%mDt;q zujN1}*U{tALy66NSQv9M1v9ghp5%&zYN; z7(hT9h0VX!bHh^UxMY?t`Xk@I5xoy!mu+&|k;0DKH&JR;8;8r(h;E5a7wOX;7E73Y z`#ed@d$;2n?aPK~!~n_~P`RfznYeFnJyxa4$>P?x)JX8`9zY z2@ej|c9RLMoh0|=*~WndXob*%z*Nh?*$Yo)Wii{w=K6R_!BqZTzrVjx&j;oB z1AIyJj6FM|jYhVf&3vhl%mT`01DMU+hL@X740HcA)`^bvJ;cyBpR5|m5O!@Jq0Qwy zb!Fuirbc%N1snP&5$$ZWQFL5Be;pp2{-^1yt95D{O3PvKiq+5_s~GfD_$ES%BvyJ( zalE5nhfn*)4MDSC?%1gbBQiVZ_eGTkIqqIdKYz-Bfm&t56jpA2rR*d4K^3cwb|RiD z_77~7ugI<+hsNLPR^t%?0i!LMa4`@pWF=a1&T+I(1pMXPbnw6dt$uICiV-kRbY1$t z*GCuReFxq6dA&TUU*s?2d6xN#b(BE!rGx8D({lz>xwpP+eTdLHxKbH3Rwu*#^OV~! zll*1&Q&M{eJL}#KR^uaC{Wa?9+@F-s+8iS8{@WsU?pRoy&)6xu)UuNxU*d(m=~#+@ z`doT#I$xun5x{)<6hqjlbXI*=DFOW~er~j(f*xt}A!JLZx~>v2Bt(`QX}~6HZDBn0 zrQ|cj5=>%gyk@&&p~0yeS^xhnCu_*}=g)D8cjMdtjDevOR@f!rKP2pUcGe*gy)i2j4L`B=2zAfy$Y+4`m>UL zqW+CBIem)>TxNVn=icw1_CytaQLy1AFI-m7(>p`$zQkq9*eoXD(wDL3OLCnkC(mS<~f6u^S7gy})@ z__x_pF7X9(D78@g!%#(h;>E=DOi4di0OJsJD3G*k|w*OsUm!dnXo~nj6lVqSO zli{`cZE9cPz>eudy!h-gGc$)I=%Ja;YO?dFS3sTk-_Q~>`s$kVE&bE^ts1Pm(_k1#vHImPC=Wx z@!@Q%`gkJ#+R^ctM3`~(DH!BQnJVm(-2617QC^bgiGh=&MDMJ%j=r;VUjn`mEhPp= z#D={7eyN#aO_b?y;)9;x4k|LloS84)+sbt&7u`Xjv*#FhD$UeLH_d1MRa=dg*a&Plt(qW(`-%N===3<7-^3GwU=WnW#=8L9rqK#7KVDsOjsTlF5N{B?#5d zpS>y$vrro^el*|q?dyWMfq_9#J&UZq%KyyMYMid0#)1RmNR!XtS)REQM zrdY4no$I7(IUXXo3c8}VFAFkb{Mp#L7AE8@sTeN) zB|h%B2XN;Org7gg-ww!odzbe#cXoCf!3zh~@1%{Rv`%Z7{aan}%qIun$p_{~zf0|> zgvxDAUyW_|yuHL34)p7pJYn~J-4aNQda)5p);GdG!4B_ zP$}JrGXzwtcfJ`D(GX3u=vUAT6zcY!X2?YZvqa~{YNI`-=BehObBda z7JQEpIu^@^0F*#yGIEESi@`)jjD?PH+yuVIz|4FXJre|T05kT9i+8;k*u<_$BNQ_- z?!NyL;2<~g0RNdFT7dII@&#j%E#o{*vaj*KM^S#3nW$=T)kvg7uO(Ix5h9|ZXu!9y zD7c|h>Y^lak(I=EB>{U>PxTx=a%2bQE`+ZjTC1KZsBe+)pL0k5?=^qoti~J%$<@T? z@RN(6sc`>Kgbrg4G*I^Fuk#bbv4s+TTOwF_$#L=)1=OrtvH#kQR_s3#Za@^V=mzDIhZzW`rF6e4-S40GaINysYr5wmQZy!3KK$p z@VlYFS&Et&m!L;XDY`xXY{>b4{f5S?rw9J;5X@2#%m56eKvXbn`$e?sxbTEa9>6mL zT=a(*Q#~I3_ZE#VVhjwS0C0xs6W~aKBJ`oF>nS}04+XMKeXAis%qP$QAR;Vu?iK}- zz>-={^SFkfOB;sq!2d(uTSrCNcJ2Q|2&f=n&>@HzbR(&tpppvGjdV-uP!a+vp-2e` zh=NFWw=gK(-O@4i(0upY@xIUfyw9`N@Bbfbxg?aC>$=X^=idAH9As}AsGvX2`SIv0 zSQMd6KpC=zaDca`BLra;bgp7kYyhMaFY3fPb3-->xzi{JwNFy->obyt+m<= zxSbXxUN=mM?jQ76I`^x+xc8Zp-T@8wX(I#Mn(s8p{P*?!F)$lD^pK_%2n-aM*{g|LgG8^FgcgXlQiOJ=S)ekti!Ib>8FopMmiA zZwqTTeFxz|7A!u%r;t#@ZyRvi=F1P~yR+Foo0d?IMjt;h^H*)YTqz>_jd8_e9X)3oNX5>E-*j|A(;dyuU|f2 z+dWEOi6p$ta-HbN$M^b`Kl*|GzVv^+<1gM0b587*QtCfj*w=f$&>%V$@LTvCZPkzu zSTv_JnDp5l(;&!%xCyGg_8+jE3o0(jxX+T(H7PX{@nm;1-EN>Dqg?)#y50-&7-N+3 z#9yn?zh5e}=+fVd7-JgK%kQ(y$;~~iWB%4lBVw-G^yx;Jwg8RT`mp50Af>)ftwEx% z?0B244BKf0DHF0gLV5z({Qwdt`QoHX=E?Brw!|Kl(@%qRH z?Rt}z7PJJ=##K>S0T5lLMZa;IHF3Q4*j_e={3IOIv&|f5j1X(H`_7Dd^apVUquiON zzq5w);l&_ZTq(@&( zHrkQ)$Y%dqgWJX`7rcvF`d6Qos+jovms_x4U99_I*paL1ch~mlDs}j+kov&{E+Re0 zsGn>5`p5XydX)&ok;#tO#0Q~rS=Zwty4g<@z6L^veI4+W0*b`H#Y&GDCx zr_rApKAhGx^)&$gkY`y~s2zs!M`V2Ysf3x<7{ODd9GZb^Im+Rfo9W+k7Z>Ix`_m~c zEv?qe^(9|!@gyrhRtu@FUT5_bb9irqsqZOe8rm8(X|=xGJ*c=m#Qa1RU?D=%>0V8hGh>13_W*GjJ486BTW zKv#t}vPMi)mb~O~GhbkqZ;}^6dVYvhH`wlOzmlVbK3T4JuGs#iPcDAjO_4$J`I(c0 z4N0;tu0Y7vSb51lb)!N6CedgnJ3(3{|4iIV=@&!hVr7SSuG7-4w*@d7AI)YDmPvSE z#_vC*vh3cGyLz5In(sn4tK#j$M5Me=VEf#OkE?_Zs!e*jJ=4wLMkHr6Aq>5I)S>$^ z*Y55nR}SVtnibtZ^0s#C=Y@B-T=@4fOR}!4|7EQeKl8P>0I<;nKUGx2dUK)u^xnL0EPhkv|lC4f$r1c3gcRR=d@aXwMjpN^om zOoi7(N2uF|>xuD3nPN5yeS)4*+#BWB%A7#w=#HIR`nwmPXqFNugE!6dTQA(Jo}aB6t2!&WJoF2<5~fJHU6rp=)qwT7 zBien7r_Zwphp}o;}Kw8>Qv2vJk%xCa>uG-Z>F8r(cuqb$q36Kfvi1hC##yw|r-{zU4+Z{xB~O zTRyPe#}f3O)2}=Da+@2xg$3GX_xzHeyTwLXYzv9)V8&2X+67w8No3Xy!>_`pO7gmy`f^mh}*~Vj#NLGP!tt3PHCH4y!dnm{B^p@?+FvSHG zBP<}xeU!F)a8l(hdAvjYmj0Gcr37;5;?}t}vtdlJSEY%IB&%5{>f7W`)@&icw6(qf ztMWqYlIEvGi?l@0A2p1$!k*ooU2ex#l%tq!fEfGw(kGqrdNH*r$6B z115H&$Rw#8Qxte&Upm+KYv)cbWoihUQK*TPT=Y1;Ky3Y{_+*{83-uNk!5$}iR*vDh z{Fpak`n1ine$md6i6PrU3A{w_Lpn4nX@VN$ ze^fT}4MUV}@dBaZ83MjQ0`sfvx2(|icTrm4JdUM@M3)IF5^=L72)wyR%RYdcnX zsU=R zTdm4m8*t)Df20090zs2WF~>DK-BX%Ceu)|fgflPdXE|6C4i>{n$;B_fr{Ao4>9ICe zrgW-0JTLcjmBg6v^Vy7_f)XXaCGasTXAw=BC5VV8y~4ZGkG`a^be;56DiSXk746?cN85Zm78g06) z_4DNQr?S7Muo&JhXYYtQ^9F%{XU0nHbYUc2C zL^_B-91==pLTzhnQJdtVSwaYVpLd{rtrey<=9FuUe9rhxL7)jy;a&=KK}bn1uLIeMx=&{PALkW12(Rj3_2VPKS@~EW6FCZIX7&%O_vyctxsafKDY*g+#O|w>PPm0tYz(%^!cI*dR9Ye^MUR*9;~^h}7i zYvDT;gY2!YeA5Qg5zWs!xUeVCgQ?2G1m%>!vQhtjHx_W=9Pi4hL`s^W6X_e6qb%0V znOK(hedz1>6K(YXuBtK1jeW<^>_!NAC;OWzVaHyd^9*GSVJLQ7iEB8LdqDTPa-7j9 zyR`YK#=#D)O+p?SS+fJ34=x@K!k4h&V?{P!xQW_e559?UvRtU9`^aVdZIT~(SI@3* zhm3yvo@R(Xnr?OFVRgp;OnA4<$?N%p)6#48SsYEG$a8ktngQLCN7fsq``QobARNP( zrWoIS_I?8S^?Xq4om~1;4`R>S3Q-cRUVnH0Y2FbcvDf*KzSaYed}8hzQ450vJ5Iag zcFE)>mBh1qY=YZ6) zwh@87eQZ%P${qjZVC{r+M!2fgfi3{Hx_L%AeAlxv-h5p$vG@uvkT-P7=(o2?%xx$& zKIX5fmv~KP<7bzOm=}9+r$emRiN}mROm@#TnEIHK(u;?XKd8sg)-BaC%JXXLG9Sj( z8yy*0`z3ecdo@&y)$Jq=hKbEm|DBr=W!7H7L3f$o-lus*jy@;d8IkUG9O@+lCo>DoVU-cIflGoLboaLTpU{C$QafPZYiRdh|??<=kNF1*dd1xDs93=KYls- zT4~cYBB;Rk;0)7gmfPoDF0LNq35s#k?9c=e-_5A3l4Viot4~pix8BjyMiP2rQma8=p`n{nvPGci z;i~4gGHgYQW6+!`YG0bz@icyAw_E>2;v0&`#`-3M_IlVL(&SQv8zzCVd%*k(Qe6j-K2SN5%gB$>j8k?qFG^nE1Q*appTQ zc1oY>qL8E-M+}hjK)1~$m2ACQ8*`o8v_GCQ$v0*Jco1@*-`ZnN;f=G~5S6ff^#a>K ziL6pbF1bv__E^BTwDjpVs2Tp-$1@&N;i~2bKaAYUkcpXM%dFX*3OcRtcOK~x3tY)?H;E~>w;Q1z^<*_nqqg<-mJIOiRNWmS(TQ}LWyO(lz z2GPb1?+KYO8+ALn`ekC}4tCg}_Qfjo@~z$ALA&SEjA$dZKGnAmuN^VOG$G(4qc>^be7qzhWEyqZ9% zR6CEgcMa%|3F5RokKVa7KRE7P(x_N;aJM_s`u(YyPn05y_m(j(tY@7aJuDTeUFK^Y zW!Ki5x*FCnoArYgVmdA8GyEs(jb?t+c?)UVrq#3v&!Y{r!$ecDMzQ795fk1KYs@zVGSiKN$Lb?eypZg|4<+A2NBRTWS4ApYA$qLbWZFbKpiHi>j}Y zz2Jua$Z1q8l&P{SEZ4mfyb4jPc^1Yh>uXc@21?Bm1`lK%6{pSHEMmv|>$N#4cY6C) z^bM?Bcb-~(mI=7R#JN+IRlZMaJu+>3T7>oAMlv&V87=mIvgC-R9Ua%@*;rx zAI4E8xi)Eg+r14cht-EaL)Yr{4+BQqv$acc6TJ2c<@gA=vg zZc^rslntmK-c2|`k5A0Hc&RrF6mB1#6I?ZQllFnEVYE&Vs%X|ONd zN6cY8+9M?X`2EVq+?M zEqU%!QMu&uI{#0%;rjmJ;SIlwZ`OzPkIEYkVv9X}Vign=PsXTKu1)7&BGo*K7pG{C zebX-KP8s`2%WmCkVY+c@_f!0CEuWI6Zb0l^p9F~$x)Ahe@RwcT^rg_ypvELFiG~&n z6>H9Fk4@3tg-zO4Owxl}&f)jjf8_?0x2*EOm>t;KB5>cS9gdC`9Gji%6EDNHQj@TL zMBuf~CHZ5g6>Tuv^HVU2OSw&Wq>K0P<$2yrjP3+H1U z!8mKp`tcv4+C6zE3?_5J$grRKw4Ao6xDDPA|MpQDct5$5CSa4`c%uPaXe;(5xyCMx z^9_86k2kOUig+sniL#OhEJSM<-+%yAn2j$ur|3%K5x>BLLi+D#TyNL5>GRP2=7r|g zmIQBQN*;_Rb}wFzLe}=92$|nCt>yu~K)`uB4EcO2@-s=Y3_+bXCu1MVJ+WH7vk$~` zB=L&ZK19?Yyh^lBhZHp$a3`jHJ*5?_rXgY8)8uI~Z(~vEU$o;=;!Ic?N=!V@cTkjm zeQ2noXT*oRNyrSIns5;HHP?wFT?p7S@{LMmp z&le@-qziT_NhbU>pwKqpo=@ssoEWpRCnP5yea@R^jNzD)SY;xdrg^3$Bo*N1bxy#y zc4EW$TQ99!-9Jo4JLzW{b?xoeH?|6zG{kz~K1licq6aX|UmpAU6E7ctP>;E;9)W<& zlxqVI<2-tMd;Mj0XuEf{I`qb?8YHR=ucC!;k3FxfHhDVEVw$0LfZ15Y9B*JYeI@_$ zv;5b;Rykc2Y8;dZjQ-E!gZ&1Lh|wzUfBZ?_J@B~+9wCA0m-UaUUS0SZFLjr{rRhtE z!Y(sK(5u7$4;S4)jQYon{`-rk;k2$ee~hZpP=1$F+^!9R|bex0RH$Gv~_4W%` z34(A@)W2R*;Od{wQ{YX0@LpyK7=nGZ?WM0Z#0qM^Gk12#{9be}W0L6l%tRs*`EYb% zmbEgy8UG(c_mQ2u<%7T9!$1BO{L>}yA20XE7uNsP?DWTfGdm6XZ?3Hu{>{|%?^kPL z{co(@i=lhBs<{`E|nETE!q_1hL+=otq9 z`h9B=zIRA7)d*dclvXb?e>QB~V#*NL%5=G3EXPhkYLl$YLequrUUHHiT|V_{?b^ey zw)T$UW4$ImfBeE#PVlS}I$TbbEZjR0bwxMU`M)Vi{`<9V{M)E>ih6O>?p1VfVpqB6 zy2|p`g+BZE*PI!(g5n`ypnV1XaSbOYqXn#Xy!#wiM>H=&rGu1IiCwpd*w)syeI;Kn zI{-3&s*6MN>CiIT7~J(3pD@5c(Pbym6h;3F&HTC6jGqSBX5cQg+H7?O=E^%ZkR4o^ z`+Yj_>iGsc=1^ts=Ej_=RN z5J*pgK!wImP>O{DOi0hovmTn(D_o?Ey3L94QA{nj!VQU~p=Fjn7{fxQCD481-@ShnPL#UAjlXQNkN;J zo{*lNc~8aBvAT}~H|#?kanN0(ohs0`!#(Qh=}FAbzks;x7{$cN$pB4@(DTB$h6b0t zZ{IWSD%fynX=?#(BeBzxjE>Id#}9nJfY8 zWdwaaz<4)M%{GwM20@InQzcQMb0L+$vx~NZV|P2g0s5BJU~8TzHPrdhBXZjhky2k5 z@$WLj6TS>o^`s=ja}kxG^!{A-y=+N`GKfq^?la~1(=&^OyxORs#&IN^qNuYfKXF|OFbFekz3s^Z1F)jI0wb}Tk`}=#}$Cs=oKdRy!PkXVc z_xW*}@*};Fjn`)iZd{ZSXP~|WqClR3Az;ZX|KI1lCIl(kjP!i39IJnMCWU}0rt zzIpR|yWm&8W}x3rw8V5n8x7eVzm^9vfp6a~PM1BN%0u!*N*>Ilf^iUg1~!5(B1jtM-vZ&F>vIt@QY#rzarlQJU(vtnX4l>i$@E;E1@rx)KcfZGhYoL+_nwe+xAJsH&;n z9@Js0`uLMeE7RX_=8^2y{jEK>N;I2xtr`Fz0o${!nu`M}VlPrg?Q zqa1R-68FYuBE0RDB){y*UJ-SoQkzP2`L0IomJhRu_(;CFt2geO1!P zHRAazWv*~p{5?Vl1dJ;5-xFl*BIPARkjU08rB-7KT5A%(>={&DTUJNUN-2$|r~Cq_ zL9dJorI*HHhTHX<$`J+zchvv*9-}N43%{G$ApCp^AKF9Lb}uX)5Wfb;#(~Z4elU6@ zM1Xsz$i?4Aa$uk3f*uMAIrnvRylTGoUQynG z*Kb~P9HW8rfVI1R0g>Cg%g;`M6imRXe{!f-DnlD14Aa$~iHr1PZ|dwo!NT*3^{9Rv zCle_K^P2VeMPI5cAZ@OJ-#7w6!KwB8z4vr&mJs?91hUWshdTB+$T;=_QqK-9ASG~E z6+T%zv`;T@cvt`=w=G_uXk~n?O4N~{s!GDm=!gIa+9mFLY|tzS3<^{9rHdC08m@$1 z2FT~Wz*eAYl?0_p_p!p z&_K>6_1QB&gAo`j6ES894%fSHc0`D89AU-;kYqF$>45Zwzq`AexIU|ZK241?XV2t-k~<#*p4;TYykzjp=h{A9D)JZ~^9cJn z!UJw6QS{|WL$1(U9V_HzKrtUK#!7wqbPyyfl&{++ef~UERa&H5{^AmJVa5z1Jz5Wq zxT$iE^4kHHf2BeQi2F?=CLI>e!cO1VI@FWQ>-#uPe!vxPTfOK9LRr4SH1LRlKO!}l zcF`vgZV3^f==|SMXtI0l#@a!$IVCl^KAynKKe`Av6bO&tYWMka z_3i7MK+yBnU>2lB%)l%F)oWu>sAN%z`k8a5WsusUSd(%(R4ZdeDEed~z!byW#+eNR z%bc6}>9E!p`{~(amoAw&a1D%%ueX}ZN)c@6| z@^V6N?aDSBjA3E$pRT%wGsTp}lPgnK&UqB+48HYh9ewK)d8Q()=#^;bx8eCta<|z* zGr%m6Ge8BQczvia9RZPPJD!XaBbM_?>bWa@{o)x29JqaNk>65CQ#Be!F~*9AIo;hE zDUH5m6*+3~2(kds_kTE@nPq*xvy;c(6}{NAy|W_&+DK4)@^G-7RY{TOK}HKa-?;eu zcifL+*{V|rtid#R0=Zll?uG1>4^a`h?>f|phC$Mg~dD%9&Rd3dhWQ2d(K@~EUL)Mv%(Lo+cxJ^e$S3VR%QTF!$T;wJYwF?E1+g@ErRA*kdO6a?Vf z9zD?v`psk9QdBx8!bnEt{pI&lwQs%}$1hfmZEuwM$il|;_PHQ|AheXv@6q3~>n`U_g!C;9*}#>0BGVfiDRWIDS>-m>kfgEztTSl``*7yA}TT(#!> zQkiPWW#7*LE8`MDIeKXCl%V*D$2p?QQNwG$!*{0{^#qW1M_@T*NlR@n4+rUb884q; zg>ClwL}OkX?lCl7>lfEln&bX#T|z`4+F&QSua6=?BDI@j1<&ax86h39v$yZVOolEr zBrT+AMiy5%pf|HLJ+#x{G!apb$P8Qdjk`VifM)S}e&jsq{NjZO>(i$bu+ccqmtBt7 ziEm9W`F4L7x$)sfUEvRyTWpLT7opG$!EJ$-nVE@#>;s3>FfSje=#m7>7;oap*cm^5 zyf(dN|CWlUZt>(`f8VH~o^4IdmAgPHDQCAOH(3@dcbMG1u+*OnV)1JsjINevT%f%i z^fNC&L^RmK&Ieo4hp3220EQ^1^#H}f6i20vt~_bLRp_DIBXDF$WSdy(lvTe)_tt?6 zSoOQ}^`!pnM#smV8hi6Mu~RDmw;?vRd^I0Dl);bwDY+A8#6up;OG0~aaYcB`Oz$2U zI;w=*zXkqOi%;;&EcV%SbxBsbxwDiTEw~}=36flgl^dN;VDAyfuz{ELr95V^csN6v ztueWF^wjXq%Qeg*s!s!dUp_|U5|*I~>=b|+b&T{lshi$n;It80?1K0Z!Z_@)UrGuW z@V8)<5$4EC=s5dyI$ufh6yk%rs)4)KkVik^q$O-tb;~%QzHoeibmU%YMYe8H^O2pW zc@4*p^aBYdCY*fJ_PX3;R7YphT{*conq-0b&BN2+Rtqi$6pv$wL9tD70zLLYu-;E@ z_v-3w~CtWA69%u`zX`m{$;qx4q}598Vf($vy(k*@s)bzvQ3a3-4CFI-X^ zzR2$N+Zv84OJ+fLyXN)`_-P!fkZN?LBh48V;AJ&A5+501LSa3Em5L8Y05a3}=WVV} zjK3d30m=WA|ENiZ*a30v|n3>zRX>_VR7Ouk9J%P46rbn!eGzPm(Hc$ri3g+!FK{C$J zQ1)J%w@)y#Lf0Mt#_>B1>X?T31s16O0bXKys5f0IHLy686v%LIIy$%kQ~{p6cUU8s zd2al)oC^ix5|GPVeoyaAQk6>Yt!Y(w?TzpP3sVvC2!W1mZ@!aXmy+=0(z}`2`H82y zyXe|DjhBj3Qc^C9xfj$AcPZvw#{I-nJg=N8JwJ_?z|I+aO>(-U6p+n z*HE2o0R6(@9zt0xd3u&pTF07hYHB)@07Z&F$=9R`M*;(j@j;BAmp(C_R*y@{S0&5-eml z1!#}DC5YaWA?B1x?woavf!XW(@GCU2--f+yG(^f@is?fr;2hIQtpbUzmwD3PETn-n z1GLlu)mqBoQLb|8-oe2YRzV6ldrQTS_w~K%0uJF{c?mKaiq}0oxq?d*pO^ZRIxVp* z<4G|)OY6IUdWIH%5S%6n@)8vl7bjO#&_OH;hgUV1Fev2C<7dwj z=r^-UQo+0%S^O|7ApQN#PL87S0;0v0g z@>)i`O7#VgDt<6Ce&2N-VChnskEL188#?_kXSo)-;CMy{*g%VmmVhBoR!Q@#HTRak zDQ&Jn1$IdE=aefM0oeBzf`VWnTCBxu2GDMYh8FX-K{*86W>6MTQ(HU|dX5C1>Sq;p zinE$wgmr2))}$xi2>eroNl8^WBJpjDCwQ}iPqK9@7vFnKH{p%`_`)(d`AsjIvCDXF zxk}XaI4&n1(&M@S-2vG%Ags>B2!4HhgMSor;IU9Divf6;4rlQ`HP)5w&GEOiOfVnk zb$;Dj=BcVo))>qf08Qhry~AK0ocg`zCgL_oa5OLHrPaKi;ZX%2fAYl+-W8)H#RLyRni(#F6EpZOgNAIVMsNTxp6P_9rH+wNe2dM?A*rZfO zxtkGywi%4u(a7$f-UmHWPy?B>etSkQ4<+aC)BS@)lpZL9zE}(m9DMX;9sB`-lqn54Trv*7Rd#+T)#z+F;y-7p2H*Zx1&cUefukf+8(;}K+IuV_Jx$lTe(lt+F-Go>-O_}#pcfN z=v?tM9u6BD8}x+w&0T>F3jF4z6r4#QDg{k6IsFCfJee%blS#fa2u32=-)?KW?rm;v zN?Tgq^g)s&rXZWMJ&$M)7yGNJi-u8u6ccDD;1t|-b;+P67dt2Y7mSeyt1Z-64Ye=} zJ{;uzbXNVp&70?kL}j&wNrOu9Z7X`9+D?)}eD^Y-Q3)&Jfr~d#X7Z-t;9mb5EJ&$E zpPNxDxG`;9#Bo->z_nmlHvo#vFYyi>n9x40?JcpA+4?G+#l?k_oAjcW!+$~w@FfJ{ zxgT*Rq{dD`yO-GUj|&tkkvkc9h)>63-4yXS3cu5zgN;rw5N1kjp$!3DJa%^j}$rsiXh~DU&BxH`?Yj-B+>j6wv!kD~Y{?yyC#1 zcx7Umj}NZ9<2)_asQdl{g~C1YP0AL^HpfiG03g}W-R{Rbm=mpV=GHmm=r7E#M!guA&S}E~6rE5UggaPg>fd0C5YW5lpJI*b@>GLXQr1j6rBmWp=gx9ug^9 zWINhrmeT~gZct$0eTs8zV2_it*!cuH;$);Scn{P~uK>D%jF(a|fyelE%xvLMZEPLT zv500+L%x{~(~Y&}+?Sbn$l(ks?dc9l-ZNep20Fn3R9lQkKOB1Tm4Vf;Ud3piXD}&s z_pS^xoI7E~*UBs!pYxIGdwI0@o3kAU!UG>`1p410FfU7uX>ik~x?Jh%0(}DP=`SX}4}492}f|iGc_a+;t@; zh||DVZNQHAYkC@x3yi?XEE)n4$D^WEU+*l7IJ35o{-7*9SE7Kj8tWL?XbE+(F!inFUE~c8Ttxp_@8vjiE|> z<^4_#uEa8x&m|YdCoH~26{BG9@258x3A-`A!ZEHghRn0yp`aqW?hceF4I;IVeAkfo z&0duyG$(**@;+rnrH9V(=tC1iM9pY@{lZH}2#M+t$$OjS`wlQ>2M@)X8B4#DIHWGl zLB15BTl?A=6`Zeif?M+yY~Uj!O}AaQi62hwIiT%R#!CSOmEf7DFt49?-SL_dNJj~k zywEWc;S^gR5~`23vnv-D&qFzbC>vPGu?je0K2l7Wre=Q3=2)oXi-;J0B9BnIk2b+!g+9DpU@MqZ|Y?Ib8B2C}elY`zF5Q2zj-w!=Pv z#=ttImDvb9>1$%j1m3@Sep20fb`jS6M>?v+h`^wrm45UEXIE7VewzI87_iX*jWpyv z42J>q?qYpH9Q)~{N|VCm-2*dqbO=|WmJNk<9Q>=T(-*MJtfl^}7=>zjO3F9u77Ik@ z&g2cW)%i#n4zZSwoCPA5Z+QUWMz#*Q53W+Yi2tKIcj}y^B&sBunwq?UB@Jm@#AQK2 zf@B{b*zuD37r46=I}ix@rY17n5H8)ar+gC{03%4uu@W)%@{+uJPj-{#TAtcm;N376 z*D$aGIdF;RW1^olocxyY{m0igQ3$8tnv)~6=Qa0~xsj+}U*J|0C}(36Cq!pSg_Z{R zju^Tp@*!Nr7WVW#_O6PEd=Sp@l2ikqbj@pn;FaY6;wnIQrsYMB!2T8}o8ptTuVEQ*a=O0WHf%S&H)A&8)sLny8qH^n2-G;vV@hw5y7oRj4ZHT}t_T?4XGIuPt zGqs#C1C|vM;aFv*TjBRvIMKV3&!_y>iVF|;5mX70F0vtV@ekCf;k08J*;p&$(zaT@ zUnVk%_S1_ge8Iq3zG1j$KL>n$5Pav0bUaF_^${(yLjl#lg;%hssK`hiGjSD?p^(iD z=mXI$5R#o+NzalNe?0x<+qlA_UPGofg>$Z!iR9UL7Dd*XeYwPbHa0eO<2$$?AXcoa zuj_QnCx=2A&@S-KoLQV##wOIx9yq`}@+LC3wWMGOWR!5H(uzNqZ>CKUtyk_slHjqQ zHn@Eq*ou}BG^t9iCeI~3m#I|a<26dmJH3aTDrQNluxaO|?CM6g>H~U!wPNu_Z`w1) zb8rGkT}^&zpX^=`PKcW8dNH8K=$C#Vyd2L4>tBj575Fyhz_D41A}?NFBeEDcB9m3) zuxH6dau#Z#BO=Gn&BH$EFz8CGR{6Zz($0?WM)-Rs{V@hOd4}v{;S=(vSu01P<2~}{ zDu9Z{O%n_Tr&96U7F}O(w%faEeksW!%R5|oe+5yWvtFRqxI|68pjzVqTUph}Xzwi8 zm(_gv8BVVkIfFi)m8YFj>}v-&LY?<#z_q`LaRgR*7%%H7lq~}mgdajDVI66H3egrP zVdJQLzCAR_#D?JIOZ%d6P3Cver*;*aqP>9x2t(81^T9DTuMJuh?4IE9i3`>h0P*1? z3>)F3d)C5Yp~IPQ`e0Y1t?{dJfgx&VrEUqBlt98v&dO5MPy+4$&dMm8wJcOJp#+7^ z)&e$FSo_R(4t+@A}TI2s$5}H|9EOu0a7HQ)w^^J4Of+~4`EA~J-Np8TKa$?>c|}xJ$ME% z9*A4k9Wc^Mzj|}=2n&~>M}B~27Q-6APw~)YPjoge#VxSL0WZ&G?g)0 zs9Jx<0MN8`7iaGEXD3%yjxK(f6%Y`pTYsRGU?4>GGSD`>xiZJIK3r;4fawYzpu}os zNn4hF0Cdx6vA{wKxDq%7U{E#D;R+Rr>HTf163-P8FdT&vJbRBg zM3zw9{);qp zm3+LWriyhCfCfSE9~;q+O3(>U8nONVBt36DLXkK`0cCj4|9;b-FgPvExYZ|x;Fmf7l&Lh{IeL-6t}a@Hw|5QV$2HR;&L883`V?{itASr1qiCy7W$hk?ov>wkvblO4h%}al{75@TbFm9_I>-%4e88gh} z;{sb5-8)8EMPK!NxR_5k0p(p}Rh38R=8ygDKtbv+*ki4B@!`#_F7cW%`+ zHl)9z_KB*hALGe<0HjAWjs|FA6SUWxuI&D-J}hBtMoNo+@|dM|H{^A*yk1%sS|2$U zqc1Hb1^OexT-SCzxVggnE5%ZmE7j5)R!565s4HxYg+l>Q=P=OxH>1Am~`yf+m8d=x9S%86Fz9Js$eoxhvC|(a|xdzvf-wO#^p6Tu6-vz7Ann zyES&T6MYj`)t1`9hcUfkHsp6Gm%J_(sbIB1ct2190v+p&-R6QgUG zTB?7id4Xu`dw{m-Wm6JRYI9I3Zi!+>XxpN1U07dt0Q#m-x*R~m);a@XJ7JN_%cGrN zUiJg*{pk42%1SUK^Fd4kfQqY7iQ&G6%&PZT1FUgf+_H7P#P`E>Mv22hEUfX58BE%~CASommHrjsdDbFe1I zPzLvtNzR=w;PJ5G-m;_NhsfurN(xaj%I-s?R(#g6rD4+G4%s{7z6@O}9%YDw&jU5J zuEz&bMieTJZyJoAnwXr%K~;)&9OSvJpI23Xk_3+_yLunnmxZ-K%+j4Dol(g5h4ziO zm8^EaC&Kh;pdf8!Rf_R}R4ZirMl!m4{#X(FenkVqae2@Ya_#DpMUCtrl>>k!*4Twk z{Kdta5i|gEVm9~zt0COo7WRRXIUV3N-OSRd@{5dAb8>RhATg&kGkKwy$adj(K?XY$ zp9!RCeY0PM0Xuj70?Hrx^#{&VqE6_a$e-K!5Qz7O$uX3yhht>Dc=58ffl~kG}~Zqu9}UiHa$5p!AL8P78;5sB3ECB(hm8W0&uAe|3&NU3KjM zCCR-XMjgzW50#Vx?y^&4&0Gn-4*ZGBhzED?sA3CDu>#NpQD zP_0XZHZMr_1EV^R=6(j4anE;vEvehDP0_UpXp-n+F4yWm()QCl5U)Pe@4F_H*_Tiz*>HX?eP1lf#pow90J!{o`jd#2RSkdDAW;%k=( zz*edFX&~?z28ZGUKF^JAFZwPUhPM(S$I;wOc&GMGfw6`xlop}vi8YgfNLY&dCp1rx zTfWyEP?eVUT`L7tq;_U#++IlSHzBla%3!xy`^QoA(km!FbdQW!N6wU0=R0f{9?l06 z#fc+}tR`k!Vqoopz^(3f35-b?4Rl94+K8GF!r9MNRbxg3F)-Z>;3|eQsx2mFWMRmA z6&Dmtb<|3mo_HM}K1b-@F@)`n!siX0iAZewyZSz}n;(8Yb#v;y`J+)QAp#APRw_m_ z&nfMmjGDH_v3W^9x(M>-M0l^ypTEHUtC3xbfq}toDrg&=y3hVu@SUu59Tzxgfq~NU z$>x@Q%p9uYW|^L!x}N7?nzQgQdc+uL)oOn@DpT{BO*W5~cXlTI$kfjCAfUrQXwB*+ zDoCq@h4XT07&wf*g(HF^WArs*1|j-_C^1uFAfu1y?r>_82y=3AQMNU|efw6FmrWI^ z9ovE83jd`;5oW>h=0*Q=BnfmDkY%M+9=xJ2g#IE5yh(_i0MGAk$a)3hNK(m)I%ea2 z==pIt9=U~eax2PmsmW*UT-%;H%QX?|<@Utw=vOn>9k4XJdTmKi{ro03Oux=}wb4Nl z_I_u{w8e89xMjS}1260uE?qk1b@I~ek%Ox%rHC~FZ|0*14!LU>s6EG$pnw5CaFi*& z49m~A>u>2y#6=x!Y%;_4Y=3=7Q{!7MlY02@d#f`cKK{T6FapX_>6hk}q5h#|arccs zVT1?$6{N}q64RneK&Us(=*DwFEL2QnE=ZCHl*EcF$=`!kW%}}*wuu-$M0e}e5Gk;9 z`S_GC?m{8FT$AO+=FU!IJsSf~hk(gIKTIqvTQUV1h6P{pyeN2%cnD@5%9Lhi?S(^W ztRTsPKzXuIG1YNFz@I?2(T_MCRX;qeecc!?UeNcBPgy>@B|nXm%T2-=y@v7e_RsPk zv+83kvSi;DYa2b^7M);_?|%_z~KO?V3F4sIIw&HmnaS)4pno*M4zXVI9{lUrmc2eou z%6o>yuToyK664E9YI4ogbVx_y*B1qCb#*rDaA@*}6pjCqCRj!F&eYe{`7dS3WG?hq zVzcgO((J0&&~;YhH|Mo>Bq4cH&v-^!1%v5G0jhl=TX1FoG@{ z!^v%R{Z$!gggfnf7VQz?tfr=x2)sr>oLy&QtB>hUT^~v~ z@dJdd{BFzPsj~o(A4WS5TPfjx6l-sZjFiJ2Xs__M5Zx|RWNFB4iZc{+L282Qsh?97IPf}GhMV<9LToQLd$8tuUy zmlOv=?nJ_FoMW6ii2@39u-;SFdt|#!74yEil8(V)#S&J>`*L!!&}IdNKdehZ{tb5p zym?^UUtdnGN@-#)8$U%rFtnV*FYYQvNaj5k2$P&C{MmyCH^54{d@-{IAs;W;I<=Y7 z4bn~38ad8lVH70P6rIgX3A|HgP5qn*)5@kkO8M3gr=oA40bXCguXHx_6M6qvuK@Nf ze54JQ6GL$2J(k!j-+mE`xyxSyJzwBfjFXr??X`^HC5RVuz@;qr-Nmly78}2D>_Q=8 zD9BjQ#ndB2KG0t;(__KMtPbSjVY?C+7tkd0ldtk+LTLPQTVg*p)>-iWU&`sW$s7bc2S!XRsy%(mI(gWpjq+Z;IfCO{ z)I3qYz1ExVBP$geQVY$>TQA>43j$n1aZQVaJtUgvg@;vAs>S_2a^1Be6>~z4B@ymN zoBK%FxZ?D33Ru^0FW`7tl5@mqo{=(PX;98JLG?lB8O6m|fRbz1*#H`o_;JAyMd%FY zv|&Jz7Io@=0%?($xEace=?ZQmRD1!%vYwthCB$NSSZ5u!KSHLtR}o1l=9MUmHpt=}m{Skx}=a%q^;U#!hb(r*W_xF+z9~2kdqhqQC)ybDZIz zViVO1`Ij(q+g*XmKYvtNv()%9oY0K@EZF;-5=u&u93+x?Lvd$*kBCKw^OAW#ic#e5 zRfw#wum4O=hMu;bxLIE3S)YsSEdgRTm3}g)#xK|8ZsP9fQ(6@!T%!x1jnWG#PiLHj> z96%GbXQ|MYFbgY%goG5kR3>yZ%x4$OHPL5Oa4*6?HbiUw#O{E3+%m6aIPwN1+Q4_Y z@pg!k&*C?(?CYOaZ<8dbZKcStEhr6PTmm_x^o5)VXjVF1-SxlcKt6%PQn@|_WI>zZ zm4#HGCm8K}zd7LwLq<*h1}``2VSv$V;br*xE7&ihNc|{@1K83V@`bg;78-TUwuI-J z1VROr?{-xGVuJM@bQ!N-M_2Iy*b6%&aQd#@_{07HfVa+j)wRGEB0h3gd;B;c?0H(V zw=cf@D+O;^(dA#&PB32qJIy`T>8HfzA8i! zPCN*LHkZCFA!mdiReFEp+e})0fmv)h!ceJI=%`uatrf31Ndt5cYN2BMgBU=KEPaq7r!<(ojw|-_rhZlhUo40SJBqy^5hzbfyeZ>a9;HLDD#+l=K zSk6DeOJ9SuwEmA%T#*M3G=|WTnh$T?oOIiHj;Qs;cZue4v8`E=Rd=TXOIirI@e}_m zoef1ra#14(Vj?CYUcmj;QlQ#)i%iA4+vXiu4S+G^cx*oHVta?+;6vtiI2QF7Hvo;6 zbi=6mOHf^JS{vlGhXAtzM&tAZq%ibp0w4N7aO#aQXq-RdwEvu{PlbnZAN*uH&N^K` z;4+;gyve28gNZ8D`9fG2-QtUak0~RlgLUiR0D|jTZC}g-ohsHkG4kVNqWsDWtXkyB zAGzTMpunl4PYEk86VDi$YuKJ6Z6jY7 zE>+6v|HxOMuvUuiH#Q!oPG~{`stI8nsMHE}t(N*o7R|oIlAJhR&@Rw#xDevuJychZvtH*T zBY?IVn2?BaLs7U3H#VeQSA^i)+gSX>0^sfVX7$zM&(O%5dlYA9Kf~dDAuHSbA?<0$ zFN@c&Z+aZ2($4LmjzbOag>+OaLhsT}HrVClC6)E2$9QeWbu8()sOGE_PEgpIP7Kem z0EISLUIx5a+hql?x7Nrj#unlYICURlq4L1syYci7G2Z042AT$FAF#Tw zGt-iiicWjnG&%`{0rAa=gNEGbnC2gyKr!$Fy&wF72~^!>aH%HUi!f7imy zIgQpB|&^AQI-t7x*yW)_#wCOqxIb+ zm?m_v7|dP05(YzfM(L1ba9joFaCfZEin20XAEp!6u;Fnxq+DT6Ee0f6GTIHj6-hFHOD-%;o085C zJlAtm;VR_S>{B3gCQn@eP^4(1ow&cK5(<<;`eAOfWBUrU_dujZ@4n6<2xEsV1I61B zx~;ti&Wr1w$xu-NmGkB;CUv)ui_H^8bZ4C?()O>R=t$0JZl*CkogD}`a~l5W6tW~gN$sYzP1MYwid22ye=@N$OzgG4=4Lh?c%E-^kOd#sUsMKgzAMRyRWRc@Y{b6^ zEUWA=A zG6oqPUF5-1;|k;7k3CB)S>D#rY8HK470*oA{?&LwH+{ZfD)LO_7AFS zOO2pD%c)&wGg5YZyJZBznCaSDS1>WJ=(8hAOC-4VU?|`e0>X@cylVNP0KCXJ5oX#> zJv}|}Qb1wH0P#04-HgV>+NF6(O=Ecu+2M&yVm%xRYHBR@S^yK!b8wIV6(7=IFgugP z{M*}~6tCXLUe#04R$SVcZLfNtHEv#to4hLC4{ODJNW*T^0TgK`7b6v$`CoHSJ*PKW z+Pkv?7@jv^-3g%k8t}eHRV9_>_Q&Yx#I@Ta=KCda#V5~4BA@e$+~!P=QT;HCtn(&( z)c77xRSrYxeJue&-^OO>o7JH9S~)*Dmzu=pX5EEi0lST=#mN(aB*y9&k01Xyshh~D zYa;GKetGHdlvaHG8dVT@*57y4g3A=_D09fj?HM+rx>Z%t+(96>kHv6&c#Pl>d93tO zd6WQ){VU-TCgR48q1*2Mz@RN))UP>5U-NKYSzBY%N&^yO>6&KvEtPHfnRc=d!csdYq1>fMAIdU!2nL)n*od?AmO zLw8oPg1fQA{#QGG+zwKk^m?FpE=~DR_ z)r+rH>)HqyrsX?r(jd}9Y`_A(XqBS5^~t18Goz7_5eg+4cHglDfBl;e=i zTd;gQ&`b$hpsJj!ns79IR@u~Q5seE5ii}=EOE^CeY!6)&g&thu+pGa1`go~LYL8Kd zH{JB;{XTcHw8FwiF5t(~Ktyp5YmlFh~9war^SbU}9iw&?2{o@iy02mv-*8M9~Ca8eYH9Z`s+|d{m~?JJ{t3 z=EA#oS?^l()E^}$>rizF<3aplW#A19(b~Jr%n!ErW=Y*u;I!9=&hD&Tcy%JYoiSi( zWT#k=IAeVjv-WsP+v52h3y)15xN4Hp%{mbDP-@RY40+rS;d-Sw+PS{G+OwJQ?Hit% za^97TMAsorNc3wOFjKKvU%78ST8ay7JGIx$JY5S#4r9u@0RhIn4zJDP6_@sVNiCxM z;IY>zH!tS{rLrk^a)WRipTH!P>n(CDFVr=OLQLAyj0<51QP1d~j+G}* zM-@ZB-K*j3D|_2Bq+Zrqx#RMs+TB`KAQdo51?9VFeeLUiFer9ur}jZkaeAFe2RG&u zovHgzRE?t#1)2D;ag{?BVW!_Am~d-j==t&?3(h5ll8pDB>Z|d3fmvCsKaso8W-^6E zIpEbtMC8yw0DUQ4HJA-p$-5+p*kM8FsInL>h+gT`l)_klx#zkPRi>*})lF;T5s@A`Eh-QZa)4{o@;ycZoEBO|)NhycIi8W|Q574r)# zP)2+y*8dP1TB1qr8&^&wP0J_rd5nJeumQJ^W3Gdc*K*^uq<7hVSPQ8Y2w(NJ-XX!c zT^jSN89rLg#gZX)(fNH~>`(uEq^K^gMp-!=%dS=FTu5{nEr{;xuo>dNC^A0n;0p$@ z`|Fu49U|B$S6lb4Dnz%A|I&9tF38H<4iakWzAqv5!48(+@K>y|=MV>>`#HA` z5?JrtX*f3Upmxl%D=WJ@+36=ZSClSZ;1lM~OL_fzR7+diRq0GzT-*YrB%R$tmkBY| zV`*b!W1lV-kaRLT;%$tknN@KC2dC5}iB1R`c$7uPR#)X$BfjH&&57^qtjlgrY$~mw zt&Q9Ce0x8xn2vEL`p~K){jT#_%|(5`8nNzhX)EY`EWT^PjGJqDy@XXs`I~jl7Ywj- z=r{2v6nHAxubl2r(3pBTHCE&Te&-N*I}#k11^vXV+;?g2&{wamIGv_z(Z+5}7ZER^ zC0Bm_Jc(L5suhkFfyI5N;w!}#>cCqKcI^Wu4WzfHHBLDIJjVNJ1~NgRT?q^v8uLYM zFYlHO{UabgmRo>#VYU(fZfuRGg=5P5_cCn9+tS-9T8fv@1C|axm0QH|w~qr&10Z31 zD5S*BOy2W%yq~X8d!3lqmWzn?I~}h=I{6GeT9A+~85Hofyl2s)Y!U!A43F1Il1&}1 zf6K;bkGyt6fA8B%-cJy>m#=qZ>sDb+|NZ-SHc@Ueg5fG5!YQ{xgh_?t021dTjOeS6 z4AGQxRndxGb>PXbma1VFM#{4|iag*V<_!s0g2-cJ<&(N5OiY!nIbt!L!dT_n(=X3;0beXvH(bby4Y*Re97$268$<@&i$&8V+w z|1x4}j88$h(@OSv&Jb^z$2!Get{S7qrlq*}-8-9*{iRX%L3`63xMIPSy!~VB+k(Hc zQwL%PvKk09iuYIj_V1bv+2`1Fnq_BG3g%tEPCDC6>rwlmQB0kR)zS$@;0^oz>%(QN zgo~ZpwY|5VZoyFPL57*|((fT{kGdUCcbX)()5{x4HniXRUpjB(b?NUkJzqaZR+N{2 zj_}MFJyBRzUX2i0--mJ4`x7U?A<4`|Z2OtFON%@v1U0yyM%qE*XaN!7i^t|a^zG~h zXO`v+rOg;)u>s2~n|;TWWbT-6W4B=SH5;5=26L;(*@T4!$RlpcTE5D+!Cxp@08S)x zwH5)0Q&0kct`+a+U5O(4^7m|QpE(TIM2KCbF0wsixx*$2Wk3if+|F-xq6L;=Nz zXO!PODT1Y_Mv_z3wN;QEs|yQvu=>j?Di}HPDa-Ab^>(xuy$}VRC;;UAs<2 zeGEXwEv;&fHS#=sxqAD28|~ zWnN84_q5JiEbO`9A#E!s&Nt7F9$DyhG<7&H2bbJsO?u|{JLMg}(+tD7hGuwF0;311 zP_meYrsjG6{7ZSYcS0Fm4_@bKscyAmE6etBl?7c73=oW0NrhA)(%&1#y>6jWL01;j z7JwK^_A&CUw&xKhBL8qPiF3cR09Z8Mz_S7jMxn&wDl+VqzG!6spDB-eKn@!yIaP8s z;Psm|>U1ys0fjPn9ssin!*gMz=-*s`qH;WK&%LNd*Y|k%1%@3fSVKUy;(Wa%$9A#K zw_OoJDMka;4vNe5=#hY<`Bccx;ysv!gr`dB_JoSPzmcc%XD2)?8s~4hlE&RTKNCeN zI4zFt?bj)WJ=hVyZ6$XDYKyXl!hqrePl!Fy5&>*Oy&n_~kB=VS31`SgI_+*w(Vm~5 z6OH%@!W_*P`gyoZU>HV+^Dx41bp7{cXm__kvso;)nO#hk3b_JaU@xB5myK%#$viET zV)Dmj;5W@4l*=poX$m)f`#_B4+He6i2%F@TR6%5<1M-23nbo&2)p+%a z0#V!7hd$%@`cU{&94i(jy4QFsZgVKDk5)#B0E~~s0V;@&+Jao%Qv24(BSnU&*-7Lk zcacO}+xD5$6vP74**s^ztSBy-fz*>>BdvrMbD_$((WA_HYBp5aT!w z={aZdc+UrN8wWl!oGKuzFrqK1#eKkC4gJ~Lip$A~UI3O2Q1u?# zp1TDlaiC39IQc7NzJ;+yBmRwi+j$wA#5$j=Y#}{_)T@w{q@W(pmDOI{+R<_S zD$^h>VS0)?28RI~5dnduxHuY0!A@a82;aSaWP}`&rBuH=7x1rlr_{f?#eM8F<>6o8 z6!HiXaA#&`y`hE4)+&6}&a*K$r+JTG6n2@Oo*t-wq7Q}AzI;hm*_@QS6V(mcy&u^G zi(Luz0CH__Rl4XkYa;WOU%7Ugea)s6%A*!^dn~NHWbYctJH7rGq+r^4RalU8UU@uf zhJbGAhMTCTDAsP^!{ayh=A)IEU>^eqXRZPxT{3?9qe{Jlhj36RYeO-;=1+-3jKBngVbNy~$ zgrTN-cN1$0zE76fF}zP>u1Plh(f&|Vb-VZ znq0-_CQn#GXodWu-=K%bMfh-MbRiH7u2T8Beed^(5y0Z{2SzagH7@~J838Wm4XXhP z6~GsYEhZSWB3xZvb>uYSCx(0g@|uEd+pVpQfR!Oyv;?90kw#3w^8mkU5w>m6{2fc=1{_<;@h`=u7nWrf<3qh!5{)w3N2eY8n`8d<{zUM##&0pOC2mKg zyiz1Ak_iSp2lCs%>?_T_^jS-A(Wb?O3i>l@jn$A;$lnu}>`GJ)P5tehS9N@6@?sM? zJ9Xi*`WytT(;X#~reZ_Or!g%(Lrd-^VB_AfMkoo}g4;R#5+p03yAvGT{_f&2Mu?XiDFsV^ddCKX_ zL`=SyjJo12&L4Tm;N@yny@#B>F%4ND8|G@)7;?kVda9aC!1Si$#xO2o_=ipEqv^*J zjo(X3h;uaxL?yw*hdKRO!X3lcf~Z(kBSA~cE(1QNHvg~%iRK&EV_kocf`bqEtdQ|} z#5Xn?o9!m=?(Q~pr${ue*|I8+uO(1jxxz3RU0|dM)(AdVudrPTnTs9Cid_o*R`i`N z+DIkeNd$yPde)(FaUg3-lC!!94y6r(^^4+Hf-L0$;FYfXTn5owo8#ofoe8X>k<84@ zwOwLouN}^4XcCD8GUUcgvO|gF){N(?V&^#hEly5qb+gMn5A5&mJ?*PI&rre=}mJ!jxl2Mu0~TtthsX=>a@-_ILauoNt(0ne`Uu>`^@&@%KEmg;1e9)!T&cmT3F}HgvO%CHrTd z5tF}Prk5xXwxV^smRMWxJ+M^4!j#O(Zd>YyESZ$UdgyWr0gt6c{f7_TX=W-g#Q3JA z^Ahd`2+Bhx$jOyy%b%txw3l9Ze973n!JQFJ2@^s;;1G*laCIgMjOi>S_%TPxv?p?7 z`xDbPEj-`zKY#Y(g;ej>Ov|rdKfgt>TI4dZnDAdhuh8B57PVJxmQ?M|;c<##{4I;q z^V|(ihAgz~vy%g9ouS;}GP8^U%4g7uSlgJ4VwN1ae(Cj-=J~qXsBtizUtj=+ET_k- z_uy%}UXpj=b&j}M)E1s1rS4N`)cL;Zl+R-PZGJb0{kQe&nof0UB^!S18yy!l11<8Y zP>j8|7%QHz)o)6jY_!l{{YL4Ux#1_H%8h(^^-O+5@ME-{t!??ytBuz?hc8Rm%$l{# zRs|x%>8lfYj%1bnXCr0OqE9o#X22C08(}{3og4&~jkPg=5S;G$-mqSh^Xs511YQ(D zKuGQZNlH;COTTS!0w1D}u&>OacU)MQCEmQp`^VI%8mDL zeg+%Re%Em96S_ZQ`t;HRrkWRen)};(jgV_P+wg8~Z^gf{z(kS@M(5M>1{a&ECE7fD z{DxYg8)V#An&pmlZ+7kD5;%U=S1{7kU!H-iPu94vA~gxAZS0?oWQF&3`{4MHsL~;X zZUczFsa6(--D0uju5POZ%gV5EaT|_@0@R}0wJ|YU)R;3Qld7PQZ7BJDQI(I41s7`I ze1n~ISK?l7u45je*n<${iE32w8culU&n*`rW5&n3l80*1+$JXH8nNw4VQLSY*zU{kK@%{ z{dku!afiZGzpS*B4v=xMNbD$A=^5{e?d|-tx7Vnh=#Coi7q!?LPKG?C;=%xiOU{sG zS4Zn*p;t_yk6~OFJ+MbiE_e;vdDIaG&UqwM*KX2i>tQ$Xs)oi^guLP8+}hhQi-5l0 zm{G={gYu|w}!Qdu~J=2rU&IHjn(*0*Btm3@otLU zhWDeP;pQVAJuXJ2($#R%n``+zH>r4I=l(&p9TW{Tu7|q7^+}&}P}b3*Ynl`w1#CEF z`q%Z}^Ya50H+qNNd$p=uXA+T{*QImrC*@fRt(6UpM(&q~hKBOT5_>6^-Maz;+M23E z1}^SUItTS{116tSQ^WaR2Ta7oUA^j`tdcj$?>y}_u!^;Ff(7uqa+lrnDzSmc6Q6}4 zk>E2LLJ@682fHHIt^$_z6ZO0(14k{zusN2fPQ)*Z#GO&}cgk5;4;8~x*ui(>u*39qr~8wlt&D0i6jKF?S?F&MZF3pR9D!Zk`+bSt`=xxS6-J7v5Wu~|&8%>oJIrLWsZO?h6R^@pSny1h7P1*t|BfjP9kK_ zVHFabILHWKy_wi{X^N8oU=J@3L)=S)-AegE4ERI?B1O5I@!1nfbsogk# z#X^PS`ZvwK6N`PocTed~QN@}3t5+~9G2_&5r;d`rgkMfh2d*RbP|3(V zm6`q`S349!FVSiPoGh4?!5ag)R8C?Bd}?ZH3Pi-lnt59R4Zv@-R4BhmFYG~H`=HiA zEY~I2DflbT#s&>kUcSWCv`{w7RC;w!h8`8lkCz_i(+vfYxP`q;x0hxn*$o=o)NkB28s(BYX7 zOvr6LDXZGs94vO7DEMAAsjYXGI<|gj&Oru-zqdAOfMJ}Qn;VSf2-CJI*b53@<$z`j zNE>e=A{4VGtsvqXcqrft1BO7*DifLASOuGxll6xh6|RJ++0W@aCiT5ag%a%;qXf%k z_w@3qXCxRl7xwl7MW0sFzV|9*ts?{@Y9zZ(X&5N_28kPUYoHNajJZLR!;RJEOUn=7l2Dn3#JPX%KE2Z@0L;8tcIOX{UF` zvkt%_1Dl86dQ7)xvo8GCD-L)M$8I+eH2@n?r<>D(nSeh%#C#|HIrKi(OWnf1$!gB_ zSwR}=1LXr$P8oG}o2a3gu2(a-_>`6&I-XRmaOt7dj{DP?agac?O=UKRShRR}pXF*( zid0r(F?9ue+2w(Z8(_uAVQG)|?ORrOIX5BX79u!iLaseFtqIi1xXNt-1cFlL1lR=Y zTV=XFeEb-5^ygw{hH3Vs%Jr@O&*&b2x(+?Ixom_`f4g*Jq?w`bk8GO1EPs%uFar-Jz|~*n zS(Fzw3tjJ9j+edxWkPM+SRCfR?goyx7nHv5JP%d|;(Q9bg&zOyp-&gSXXO5H@#cnJnr(Ntlh5ux zQpr=ppcLEgra~QbWISw@`&Vqcw7tGKmX<+8$_>~d&n_}Ea( z8`{PYXuE9@`4NFZ=vJ$X9i#&%>9xLpiSWv+(S9pC>5dP(2aF}!l(VtG3d^xERNLcy zXM&&_+m7oK-2F5ood&sm4^S7{@__3>Ct8BMoSYYkL`$8wKM$-ug4=<@1-~1#ArN5X zytQqTBw;$(->(A?lU&yG`cJ`B0`FsVfJp`)UnR;;5|R13^;o|(E4{+Pg~r1 zSUWge&)|d#i&O6=s0S`nQ3YvLA?tKFrWGb{y?#xV?KE-G<9|^PMRU6dT;t;pSeC~+vo^2qlO{NlGkSz@7w2?8lJUoqo-~kKlRMJ z;U&aIPc!9qibmtIkBO+2)^-a{y5ZI{n_ZSsXlE_Dc?F>}z9dfyk!aI18zCjyNbr66)c6J zlOFX9!(<$o>}N;YE~+I4tao0TMn-;omt^7~*xzp`Mw1vVcMnvQr)Q@e2DAJdZ1A=$ zzIa}s@yEJc`)i!h0|lfcae$wH1{0i$xunRybGsvJ)pt)CT*lyJJOPp zIxxnJ<~O;55*-4}{S)648D97IHCB>^BdoXYAhpobh)N`u<@T98^EEP2;TTLwNm%{O z^30ZoJfiNr6>4oH7-(^dPVYU%wzqtE(e<#2DFU{-N#eUI-oi#KuO*L`L`sBSY%=D! zy*FoPq^?;4rI*w#CS6#sU_;zJgoO`BQnqRZ4PrW5PN!)%(=ktFw6@#0Mmol&w1S?q z({*1Tl7MgCx~-E6@=mY7Lhedo5fp>t7OQfK_G{WxlhXu1B*z5;0xazWt3rIOZ5_sf%L9+MB6eZ)^?yg^y@J?&{vYt7Z_=!;v@*zioiN7fzIJ7EBo#;;Lr zi$E6!2vA*HTj0O0P>-n<7USL$&EVQR-1|!$nCtr?0r>(6N_QIDk?C{62V!rfvL1Pe z>jqv5!4!Y+Mh(%Kxa(6I>51u0*B@8RKCGNN@Hzi0&ZJi2*B;Z9Z|lo_h0^?|qt>c# z2H6WmMHrLim}7qs!Xtbz<$h!Gcv>G(+Xe~JT{qnPYediZKU}%mz}77(X@9ajQg{P= z#OR}BW`6%}xK!35xx4nxvwHUmOn&5*lyIO5g%WaTd1h@k=!HiDNp~7PeEHb?elrop z+uGU(OS^(#4+p*ij66J%39)}Y&jA7Eu$r0yhf^i_`>G`a)}#keT=&W|##pD7-=QcQ zohTVnqRVJtb|E0QnJCgQ^qf%nzRIU{6+`Jk?Vapju2m_GQ+2|9Ti8jSCPTsl6u~CQ zG=&z^!ZiV*lJ$2bMQ!a}LnUfsocg0m#yt1+My_jAy|1a-7ewfce!+D%ULde1CYrdc0 zM`OzKHAZ>=7MyP0Sj|-MQwx zP~b9d@}EEYU;jT!ZwSX2?%F730s1i-g6Gv;WvlV=?0JC9&=3&IWf}QtEdB)v#%n48 zyxMDYRHJwjZ-+29RtT|RJ>NIc^69~muvnNp^}b|WG|J0*GF8}4@!8t;VQ&~lw$>>+ zU4Bo5Pq@bzVuHY9XI4 z_TwjZD#}agzRTWQoAg8&%wOksyn~PHqZjvsu(R{mg2ln6lHv1_CR}}~xuxw0)k?Qp zU$|J}e+yHgDuyvzr-OVunUwmHv9S+}@|t+}5Ac`p*~7u%b#fBTaOl zO_$@LPdWX)3p~Vhicw;Ho2NVJ!SlFFnf=ES&d_pftLdH6IhR(XK%x3+>fXbLAY_SHgrd zA+@s{O!3;HSv`c;i!2Gq-vzSS1`leRGlZ%BdTefvk2Iz}HnH_bnNg243)L@Dsfbh^ z^NEfd7#sQjeq8?gbGJfo^p>qTW`xZ4p7dsYJzLmb&V_qWLElFG`=V8w+e|mqjJ}5# z-=lu|F|R>e+m#UggM#&`(ntQP41a7bml;FD8UI8VB5lta9H?kgDnDQH52dLeuGpvt zyLvQ)B|CfRW-d$4_cPH+E$98#=7t(=j~!~^vl7qgmV&Fy%xn)GHw4UO$9(wCPsAER zY5YMvsNODiQZu4Pe--~Cs2 z6J55GS~^Aiy?-)5L?Xq&K&({B$pKrTAgKGCIy{KqJo5cF7XU{;W5PelQ!|8Hpp5x0 zs{|M?LWCjD`FS2+!yZ!;vG=D8CMU9gEQ!B9`FmB*ltVeyr2T2y7wS25X)ZLxqoLfn zqLK?UyF}Aq1G)9L1x|FVLfB$#z+c#E9m3y+|5iH|v*o5gZC3l0sPuWO5K4`aw-`8`_SkX#X>+do^8UJxt$;`L1ifi@6=u9FR~C3@zA0VHvSOdkM~WrT#b-hVbcvvcl~#;wd^0ogW?R ziJ~qHw zW_HM?VfU}(B^!o$dLj)C)DXd)+L;O|-xY2d_N=c>Js}9O2(+k?*Fw7|ON^R(*x2}e z%E-_pcLfh$ygV)6pHI+ydJr*6SlYCkuHxMe7~&6R2Fyr;r1)9lrBevK`IrRd>WZTFE<7TQ`$9ZUGdvyV;-^I1^U{b zpM3dHtZhO`n%Tn)dw{yr4yIP|-@VPh?o-cZAQ~zaji?rcP@nfh(VA=e9xj?2Re~W&*%1!l; z>+$zx39oN)@U{Qc{*k%qtCzeO_A80W9=(X&FxhM_0)cOKZ^m+vd#@5Gwg zhjga;IcM?VL=J6>GptHr$s3K4F6ctfB)FeAq%r1E3)XsJg&?$dVu=_>GdOkdc|o zqg%cE8_h?7E(iozMJLzhLImrzj2=pYB^rt#t;-^83#gov{U23uaAPC7m-ld%NdttW zg1z!WovIu%v%cl?iJ)_3USs^=2X5>-o=v*(qH*Xs%J_(--;04W5?4sBP`&1~dSq~m z*Ye3D_;CojRdZg)^%3lf?TYfr=i=9mhT2bK}yUKttKvwEL7 zIm*Rg_?`7>Xa1Cx- zVi^I-U@5o#y%Ob&GMHWXbA^Hf#Ps})B%h>EVkd9qoBzv#{M=)V;(Q~#JekCx*3~zD zD2#YOg2734q-^xvu7OS!ZmjM*pY7j_cAUHh7_Yfv_!AUT9>~~UQTPziaPYz~p{^wG zV?bS#W(7vF_LL~j1}XE4Ld!nowdZ2S1usn2ZJ~rsw-`gwAOUX?`+m=l`1#w=gO2PL zSh);4hffeN`H+SVlZ5mNn+G&wBqJF&T=#LL54uSt4+8B~$&F~l!2e47CKhEySvdoA z4Om1=OdnsuplI@R)1SFQe)0|=`E#V4!>SD7$yS?*WL*42GrB3WZcw;r(a?%l=&2li;S$RH`enUk zeLMYmBBJcnkSvW3XE?I_suxT2-aG%rfRRAt9**?Gak|q*pHO(KB;6yl5zV337w=O9 ztDdgn*-TbsJiCG(k4CpMjC)$TtAeQgJ~^(hgp#^IFOX^m_;|lL#gqyOkH_ zqs7#SFaT)Lv3F6_#Z=->NI$H9npZ;zc?zX(dYq>dO^EJk1G;a(svPJUN+UpZwRsZl zo#Z71_*@*$#%+SJ_Z1+Ce#}wzWuo!Oe>BgAbLo3$JSGA%t!D;mF0KQKGH_kclam-> z{_*a8+NY7D4SOH1z)wbp+8%0V+sA2FO5uVtbC95aK4vJ_z6OPHl|{Ae6BCxs--$kj z5781{G}A`^V^c?c@-+dvdyfFY)K};_TzSb)P3rAq9sT?4MxtK+{w+T)%KvOc{6#4keY07^;xkumq z%o?(;D#bvMP)^XIzNe7{RBAWGqE8wz~dJyN4sWuT<=ExD(^c3|Lg)cXm)Y?HiRA8ch2cek$ z`oC=r44?gg7ELAKp>TTAA5+Nhu#i1q0=pXw2};d+oe}9?gC61Ta&q?90bbv9KNT?S zDy2-R6K7_>Ti-jMC708KKpa2XFTk;UnKeM#cAuENSW5GygZd}%P{Bkn$HxP74IpTg zTA5O`fsv)90Jal;L!hS%o)`czm_=%7_<^~4%YR;~7VF*LAd3mw)>rU2An2yPj1Eu? z5tSgp^L6q0uF#J93C~z1D+(0u+R(^A&t5!fbj!ei-*M$f=I37ts>%QT4)!O5uC75x z6-gy*j}g%v{6@nPFN4ZS8t;4OYsQ*nlKJb`57$<$Ry*dVT8aB^%jP@FT5$yAF@@6N z!%yLi_t*9wlJTIcw&lMt;8}9xd7I6Qc5Pt*=x;^)0mt()#x> zE-Vjm64VJ8-yz~}l;r$&Bt)GY^)7xCu`HqKJaz*l2!^=aBLauNSAA!ZHQ5@$fuGpL zNiZN%e0Sw?2%3C2=}r{nI6zfmb2w~s?NcPmnYvTvR=K~Q&S`W{FikS_dA<8-`V;AQ znX7Ej5!1^vZze?;N%%M@&`%BuTRO*worX*AUxyCvWvnT|Q?j72WXst_@Ij$>7_y`i zi}IC;!c%y6O?=`K%+2`zRwPDZ3;nlc@%c7tyX)OYAb>)vb=sx~v#i`3hgsIPKb^$x zHn#Q|B|{N35^oot$O};L%?8R5YbV&AsHKF&7ON7xW$|X;&<$msz4~Ax~;Z zH*-ewakF^MuUvSn)v4*#7HH))vszUJI>eQXYAh_`*EDO>#Q96p#vAM*B9Su;3nDwh za2&3nlxZ2XN4P*-Vrs3i38IDuH~ zQM=c9089av+}>!G>)6{~QMz*<-US8%wFCjh*WsX$S5)*#6#3b>4Ea}hc=(Mq6)>7z zx?F#GdJ4B~C|g?V{5qnRN&B9p-f6OHOt@^Ks1Ny0V!pH0DK(3=lSAXVgnziU9FCFi zr7A{-wd2VtI9-Ng)88Sk_#p{K_Qa3t1)S)pEsXOy^zQubyx1tv=yQ@<(+pg1@PH7o zF!J<-k^suyI$pk0D9tux&0>@8H~iTY4QqmmW{PbRS+k|M&2ooXKa zwT>@NhA3yJ>ius{i{+hP1@gfx(pM!9T={Xd5@~`x7SmXjXXf&%IjQNc<7FQ&Bklj} zVCt-d7nnDiA|A-;sGJ_oXDp3pMl_xdJ(bD7CxXsMA@G+M&c9o`0hiUBlC9&_Jc+D< z_nSahn*sNgdazeid+^t~-t`C8OSsK%X2b)Rr`B2bp}w!bf~{ZwQ3=AZzZg-~9dfdS z#bFk*t5@U2m8^TkWd$}?o+q4wTLv@0aE-uS!F^EEBFb;G!UHTCQE;%nN&LJazoE|B z*7h&Yn%|l~>*`~^4)#wE)QC-)K4FQ%^DWKZxv>*gZpU|JR!=^4;9;g5*xz()7*Gp1 zUV?8fr7KOb(a4F`!3$51hLj6~9JEU1N;`aZc>c8W;?)&#~{6#_{REj7Z zMOv~d64|3dNSRs5%F4*dO4`}7vUjqQ%HAQFQIz>Tp6B)c+-|?$b-Vt!&g(3%m*?~G zxR2w0+>e9fg;#Wo?+f)TNm-U3`wVpZDzAY&R^X;xw26)G^+*d;ayiRNl*w-24>~0A zYNRlVaV*dEQl*qFr?{1|zo(>lVy)!ea%cO!*RgevLlb_Dud<^~U_H9&a1i)9ZvMK4uFnTnVMRbM|C@oFoE%(Qmp!}xd(C%Tcyn8yK=GF( z%xCF+(*CWWFBM(w_?IM4DyK-G<6`_Ty6+#Pf};4)M2gpj^!ERi z$r}vnNeWvkqo3WX%|7VVGCDRHR9@yzPP%wQd|~_cU(1~XN+9f!F8KHV@YD+YX-1Pf z(^*K5!&diCER3xV33X%;6I3tP5k|Gm4i(HR-%j0jbgX*?>{%sAeLUWal{(tVQOtth z$w}t~2vBz=EUJ^3cPhRbkjoSj%DB>cGc$9<8vX6&a-Ue7)Y6W(y))xKA5h^n(f5h9 zn7TI|;ZL~KiW`gEY!j1#_dD9~Y{<^bGxuxmsgCnIGjtjPPu(C;g&Y%W{_>UCQ`g?b zOnxImwe!ZG+>@1dvwp#GGLAx|p@x4c91?CyX;V1Q551maxHX2MKE$~Eq1GiCyoYPG z&-FLXwc@7N(txbcN3s6RO*IorW;P0nXU-2_aGa!N*360J=E>n{FRG8}pYG0+c3*OK zs*o;`E&+MAMY?e|xxaR|cn-JIu9BS8%UU*1c2Ayv7D7ua?C0v~rIzfT5^%U#*!Stc zT<4K2spjU6@yyOY#hFui6)=juXTn^%IyE@dH7O@`j{C3Yrn*ZA+x4$y)3Pqin{$er ztXzHOe_JZbgHtvu2KQ0AM^GDi{n}=lmZs)8HzmJ1zq@4lUxBDX(^aMw-^8!K}7Q>XBoC?}4oAyEaA9kOVm~S$8gfw1K}n z#_XdO`Fp)S!@48qetygGB zK7IOTAGr_7uDpOb$RUSE(Ruh5nbV9SiFCPO-r^ZgxY)nq0;jER?(W0W)3h+IikQ76 zMgME=>Cai!l97XnwWd;=54jh${!#SyFsZ0a{~RGdsu6zBy_NrxcUu7c4Mt= zPys_{3CYp^f5a(55^C+;$Sj_ z7o!m}n*N^;x7Q{d3b4q7AUm9GR`{P$VPEEi3|rgDRJpgnU_=d}Nh80o2*M_Gk)pgV z@M*|EZK??JCFY{t7ubzO`tZbGy?widaF(xr6lLOj?!tv#Jv}`(3Z6DL=~@=)VPQK6 zd1v@^%PTT}f|Uz6^Y}cISTQJKr$Tx*G&B@H1Kl{dyKs;{sisDY=$~%LDnjcEAx79? zp=7!5*KKEfpt($Tp<6$gYpx8vMt(k}z9p2Z@rRRNE4o7MU|NGA$lixqu(E;TA zbjMHTJ90!BUkD1FkkluKKBQ(VHrpEAYEu}O<t1v?vriW;_i`rFdW%Maiw7I|$dfE}Eel!RZz2fGnPT@jZ8Wjpb} zWXLo>_4GWzn(^AdHZO=V{pK}ze|y`ZLx-rhZL3n;TvQybp;uI~vf`Z`tgyQ@n0=>T zAzC7E_yNEr><}GfpoVMiX?PN1`&U`|rh+ZxH&Y?6k1-~m5MXj@8k$=lq%t-6?D5+| z{rH4Xtn%xN)nC6dVUL)ao?h}gS1H~OPO+^_`0GDsz-1P?`d)>cg0Mv2xl?qgRQQuj z+=vvGDB)@D3*s{3c5WCo9ooZe%L+Ll@7C29 z&b4&+_TV-4vK!(ze$p1)13@Z}^D>E9QHXJM#{m}M#t7-E8BI>dJ7X3HJ);3=Rc=2J z{$0AsJo91W59U?A)O%(hxlX|o^TbD&yCv)A?v}Z;Z!FeSkVpWSz3W7__O(_y3&M9u8+;XWy8aP!zxZn~|Er z#j)G8IZ2wXWQo0Uu%b(Cpx1p~cvZS$nxzy+GiNOEe#ZSK? z5!#Xs;A@lZvFfzo_Vvvrp8c-0HNLq?A2<-)9b24G=F6L(5 zRY94QGERDWEUihhRIryT{Z-Gp<-v6jt9P(Td1HT+qy$$Q?1EFuFVQaz?Ef=uTNSaK zd67TIby04+hI>l#p6qx@&nKnB|LE^hubr0Gukc$>q4W8D6N*#> zQu=`D$k1WxkI(-f7hrPo`l2{INsOCf1T9xjYisXB^taAkpr{cB7m_oKUGe5`LoF>v zVgVbRGUOLb_)lUd6h2nCy<%>2VAzqoA&1B*6~~kOM2Zr+ofb_o!?XP*MC=0VTl4be zK%@1ax|b_F8H$G0-^#-WUS~+Why615v8)^4f8@#yjc;Kc@L{ipnOMv0!4&sd>EMR! zFB&9{!-pHMWu0Gbm{)!Kbp&=NcojNx>*&Vu0C#{t$0BA)d!$Ol!lhkINvZpF-b6;` ztFx(X|E~McgdGm2^HK6XlvR3vyDp9W_}a-=xcry&twl^z6?L-)zXyeStu}d8g&dZa zYtIGt5DyM`zd?j#mqiOJT!NmDqXC?lKp@z3!Dy-Z5PPkfj>pcpmzd3X2j&n)7 zyZ9TYFRyxXvX=N2it^d#!aO2q!VgD#+UKRyO0f26*6jQ9E%WMX7p=6QprDS&td^ZI z`yacdS9LE6ELR*bal`{UUTWxz-=v`+FUjkd2i23^ z<2U0R&Z!ncoSza$C6vB!WJo0a0-Gw75gB`&CvVFTCU0`753;h3K7IO>Ben_2;vV!@ zN&e~X2@^lG00H%wtj`4E_DI!F70T${mC_z9_Oydw2Jl`zLThjhQJsUYyS>F2mw^ zAg@GgV`CM>;O*BjPT_|77uSI2s;!H=yJC*5nbhEQ zg7E2!7yjm!RQ{PyKSUY(GC#;+6gJlm2@1+tby1c_>LJwZc_q}(o`s<$1tdNjuS}wD z1dk&}?~4=sD+bs^OsXj$Y(YkXJk#lK*NI1pM-|kCB4kJ0`HtOvcM{J&=d=!kHXgiF zM{y7N`1z}SwopM!_=dUNHEV0GPFeV&BEf6=Q{oz7ckS28VST--y1K21Yv#@JZom2N zpE!u*l_9gFWPQZ(H@hRuUR^mq!qpX>jS>gL5Nb;EX{>znVXZ~@W}j5g2H%buE+daW zOj+T`El=?dPzgNqnjR=)MK1xR28k5q3>`CwBfhL*u#w~`Eqw#8$FiOumA#gAC>FZU$?WJ!zB!mrPnW6p75MFqhBK-DLFbCu2>HZ zIT5t1JtTk9YZdbFh}mn`ZI#VBJf?fRNMbL>l{Su_ zdbs?SR@|joB{G)7iR^#GnWio+L!#{uCyQ8>yh%~f!t}OhAZ35#yHuGPrJ9&A{&nJ2} zhumh9cA%;FySypP%HYi1rJg!$br>4G)JUl>cAT);n8ixMnZb~-u=;yj zx4TrBK}dzjfrL;(s^*ht&+hZOuv|Op@cjehf($P&6_n9xQ`z?J4LDk{wi8BFSXV!8 zYRY-<-iAq<$NUhP!&;NMXz5aq_59)@*PKSO91DIDdJrPS5T;@7UL4rDvLCIdyR{}c zcz0KtYA890=w3$Zf(flO($G+q@8$Bl|8}t$s4m~GAyl;>NHbFDvxOPaoWvn64h_!@ znQs~T4O5+MPwA@Lp;z$G^8gFWwqk>u%OU}{`tI)Q^zKu7a_C$PL%TD+Ts$y8$iCo_ z=ef<|KRov=Kna=N<6Y^;Y8WzAR9WAlTm7Y2{$BH%O(( zV^yL!02S@RzxsOBTeEm<)wqg;bUi{CDj9?U#=UzRScAJ=dqCIz?e*~!$DUwDCMGx@ zP@-%#-B|lqI$aI(xuHvjjZIC;V2EFuvHSiZ;_sgVyuTw97mP zo{80kL#&v^;t4$t48>BLq5F(@n!sR8F00Y|+d;e%#7{*ucNw{O!H4{vmzdl*ntke9BE$gQm}wvfEH$8NVrFIa0Ta-W>+*!t~j=n|V^1@40^|G(S$>DZa* z1{xGBcW2(4h)z!_57LtxUr3O;Fj(d^%04Fblb2655-27H z%fPof8M!}8Y$#cCF54_ArfLQ*EZka1f>P3m_wL}j%SHAF37K=X1c^}IB8%{p`1mu4 zo9J)>r64rQY62Lr8yr^q`d%MYRI0v`RQxu|}Y*=hlw7YYM%CXCR zZb`x2+WvQ$BDzYHNaV&0xo$2l^SL~V8AJoNINnlwW)=q4;@00T3v%1oNnSh>35-qL zIws;;A4GqE(tghu^mvw$5lUSNCGTGd8jC$2aBzv2ys&~KQtHu^Z{7K!0t$!MxOtWq z7OJr;^I-~(0ln|$Otva{AE#(|5L#?2gG=IlJh9I*m4DFQe|FM;FA9b@Q41QBho`0w zF3$}%AcP28eB8ZI{P^)>-X2O3gI5_Dha9WmJw$a?dPplYL4&o=Ne<;<8f^yz6fb8R zlaYL-igR;6zsLz)w}s)4U9_Je2LtZoqx3s)0JIB(x89b_J0xY{UB(QVb@lc8`t^}P zu5S?%5(*3try?CYc5J>?*T_htb`ERgV-~D0Y3blHb~)F4n@*;|b?#f{UL`Op{=8B2 z=v=yA;;3Y z5*$hf(h&Lfy+YjXZW5yf`4=xPF9q4JQBkXP_fQnQ5NtR`HMQZt1D`W7VRxzEl|*{^wIwgOdjg6U2&e_&-K9x4v0B9u%sF zyyZg?ZY)6C^pw6s9W){INcPLKS50rTLC>K+Z2xvIFE1G8JVg@?SgTZk%>b?Mr!QY% zqd*Bq8Z^7WtX$mOIAvsd4vs~me|qrX!Rf<7N$OPin<1={I}k>l`mIl#AV(0&D33u7 zLIR@7P;4G+ZEZzmfR_A(l9Km%3!$$!#BuDXNVSuiy1D@{`+ZkfsGQZQ%>M{zH#uCh zdBR%`_?j@o9gR8YILVi<1Y65!o_@^EQW}4_GBGjHAo~J<9b5#pf()Rsg)nv7$!P=? z4pFH*I)v2{5zA&~?OT!O&YjyXqCj4W1*Ko}!^*<6W=jSJ*mEYp3`9kQ@L)=&=h|m_ z8qh3+Ca&+Msgptc-nVZb$Ic-9_w+dZ(i{nv>N|ABn5?l=+UEp|NV<_$WBf5N$hB7pu$g-kXA^(1h5FNgMwr^k)D|; z1ei&gg8@7RCR|0H@H_Y@Y*t6QzS*4X_bR8P)zcUq84=jfnYNpSb{XCffmTFEKLH>l z8V_TY{Vpiw&$qh2SlY0#u=pRU1k=iT#Fo%+TBs@E0B~?>mxhK0q`M!NwJt3=9g~m% zI{nZ+D?PoIz+j>pKMf3o)z+#&ze=8IrXE*wU|@hKXCPV_@#v97l$aL>Lh+ezX)uFE zh+Z6Uc61cukNtR(duN1NrLW18{B-zm-}Ufl@9U$*LGm|onMq>ecg%a6Tdm~I^3$FD zM>qX_uDPqQvV-g)iS}ME;;d;y*!~^1)-_D9oyYeBxD%gCz7hBCuL-0;NR@Mx;&Q#1|Mw=U|T}Z2M1ijqA-ow@z2joge2DW>(~GO z9Ss-pSh)>ZKb&RYImB7Q34vqX5kr^ZtpO>6k*I4Vb^v|L^YFiFbv^$I4&A+Jb^@R> zG~9tpfc+^{`f>Z0apoI~Oh1m-3DZIlO1)l0$K}SHv_Gn#$Hrb}ORmHlT{8fF2sysf z5H=W$s4iL9C zR_7YmujCoM=nB6qAhEM}Ie_)a*pDZP07@1JVa|bHkOg(My>53S^VXLC0`iS~^DIKw zQ6kS7p2zheEJTHj^>$9Q>~B1)g=x335gIGVtu34bctZLhMXmpY`X|RQtey`dtUSP6D2DaVa|QcoN7V-t?JoJJb8a`y0-1 z?}QaSYla4D7u;dkTxsd+pIfTKT6rL7!H8)iGvVvOS-Sm{GIQoi8Y(d;7P70v|nFr7J99bwszW?u60qE zTPXyHv}-X>3I#-64tejdI^DOtzt!k4$Kb!lpO;D-yZp>9ub40H2{|wm9Q69|r)&AR zfPvK8>rO9wMZZ~r`B~cBpqF2?gBclVt6%4@Ij_IF+yt4cPpz&P*F~P}TKlsDygc?z zT5FxsuwtSf-?QTv^ z4jvdVEd9Nb@UZy(NQ*^qMC7p@3TdSrh(Dd5?hDE~4XY#{v_7qRg{E)6rhhPj7;po5 z7(CeUzI!#Mu_>kBVU0U|?E@F-mFVAtvD@9-_ITJYT06v%uV!=DMg zI_vK{x0>w!NbXBg@YsjT#r%my;ZvEVl~vl?x7JF^9k^@2rLHZB0gx!XT;CL31s$NP z;Hud>Io0D6)M99k3JBcCcoz2KH@U+s!^ub};Y39#;h1aMTVSgbd#Vc=(&5NICF5=Wg*RvC)iy%W{3^pk>+?Y zlA6_CKt)^9F7p3^;e3>U#?kV>$n4*~evJ^#CO&S8dG5y#4iB%D-; zjb3jUL(>jl*zLfaefM>yJ$*X=`P@;KtGu$7AI(Jp_K$pieoo5a9y`S&RFbnL+1U*6 zJW#T<to**N7AH)Gr}HF!Q{YoypIUAN6ssTV-iwq4-?!0D4)*KE|CrcTM0$liOH1<&46QZIiQqacA`(GiCBK6) zMSl6_T%PmyGNkILiM5g7qbGQx^aP7MJ_8I!eY*!ZDgi+t+#zcvc+o%C4uUm2exH41 zon2j0eC=!{l97$(mUYL_V_&uL+2bt)0TXCosb$!-ghtL@7%e= z_|oRuwO8E}W5dJ8@9|(-@h~w_?g#B_3^Uu(*`^?A|atkzu|I8p@igI*ZY@H zYOls=rd-QF%i4HkyGBkZP%9ev!CWqN5m8T32t{*;`X@5vFZ#`T)W_NG%Qpdo*8jW{ zoZ&=!L4x{Juha{Tl$$#C>0fU+{QiOcWf~MM#{U+^o?++6Z zlas?i3bwfBqLz4@A^T-xmKAypTP!M;7Zx~2VZ$xW$a+3mE`C-zKu>l*4RXT6loXAg zd#_!im=gPo9BQ6DjAA|3&JM_Dsj}sVt-4KfX2+H-TeP&bPwUHGk(TPhzG~2d`oP7@uDrBiJI3dKB#-P+EoE*-@3LSD3+3-jO5_< z@z(mL#fkZi@j1zT_y-=AhhB?D><^bu`1;QGFC7&Tci&m9d{0a7!uG31>>Fcc%b{WW z_cQL$-MhDsk6*%d*6Ygho*pKeyUxF*NX9kef?e71cIJ0tPFD)MiBXbo3?kSL)hL#R z{|_x1+!&<~3=8odykzU%gv3PV4%bJ84wKK17ZTn@5J#$$)!GPL&M}cGsqYckZkEfGei-Y z#c%A!v`j-q0V6Jnes*29y0SKS(Ex5Z@%mzJ7Uu9MP)I&dwh)K>f~aQv^6Nk?g($g**X$H2%B;T=VbWzs5jO zNwn2(qN8`?tBfRqFyRfKBaGA4U$ScMmIKbmDOHZUd(YSRyiA+;KDuHB%vNxxKC7#z zb_HVR{l)nNmqQj&k&zoY&coDVf-^=%9$&O|ZhZ^f#vBp_98xAJEZXs?kWf8Pshper zGHIje78dL8IBk%5!|n$<8>tw(rFbl{5CG6F!Mx6w+OOvW6xVztC4nM6!87E&X4;^i zSybOA-zVkw}nN*JP=-}N&y1BpQ<>h$Rn5U4F2z_07d3mDCZ!Ev0t$lA0OyAP-p}Dzm>&{HQ zu~L^vyvZ*QDRw!ez~H;#3ELssnup>!r@3#v3JpLA5F!^YR^LTUQTl5|%e1XbcBEVO z=K#vm#`jXPvaAqv^xfH~&`8iSd3p84JC_5F?CHz5-m8;-xyrGUe>cs}Y$#4=w3cUf zPBpsRJadiGTT%lC+RQDiHmbai_IYjkN1o12Pal)6_|t%z9*{dx)8pyGIh68}rQUOG z6Qtem(z!mFwzjsl2R%n>x1qaGOP1^YvFaP|Y}4QIr!8bZ06}kW5~^9)MJ6|+VVJ9j z716a9qsOx?n)a|s*^@Tc2RG?}cQz+Tw*3%0qLa=+b_aO7DjcqrCp6Ff7hMHrc!6u{ zO~9lmVh-9%#>3TqUD+mENXBRgRA;cZ6I7@UU$Epe`dbn*Sca$^yWPW5_erKmV6=P2 zQt6z}eq@l;)Kpm7QKIcdXiVQ{q#DK+gf9p9fp{D6u#?lu)_HsAcvyPq#~AMjD*6Kq zRXEzC&6#bhR9~`}8#8l&XH0g$Ak8;7OWS|PtXpM-bpx);=cO0wNoPgV92*)?2p~65 zf=(diy1;#uk;0hTTYT@a;}~B>xZgNuza=1@=||q991;gw=xgD^nqH%nGcR7gTwDnk zAAGq!+F1SBt$hzZr~L28_Rmfr>GG&2Qls2_@PLMxVB@(%8rWrZrZDv02uL3qLkW?Q z#H=3eIjpw#cvtDV0*o(RTWH#nc^D%UXb6&dQ~vQ zJyMcm>xvZf9A6rLWo=^E&tkH`JhwiQGCVfv(^lS7@7}gdWflkARFYK^6XUyK86`{1 z`^~!FZl6D@s26^2YiIV-#3l`vUZb{$ZQh+56gK;5zP3h)>vdrHQof15wXd5a%0Z18WybBf*Tf#PQ8+!9W@T%Y!r!FUZxM0&gcy ziP;nnVs?Vhuf0xO88l&B4b<4S_-zLS{`}BSE6& zg%d<+lt12%jfpY+7=4(h$xTv1B683Q!EH|+HIR%rn5f%ZhYzdnD6IAz{FWzI1jHj-_!@4o~Z>m*(dyQR44FOaFFm5wRS)bPOb4 zv7u9nD~uX85E2O8Lbc;zCm_}di@r1G&T)Axe0+3-S72@j4T=<#IU2^V^S>dfQd3?*XdADq&LzotK9XA9|xkP0m}a+iUdhePWLKORgRI z7rM)e?I-LrsRyncKO&j^uDH0HpG>YZ-sbf>W~-ki5rwD(r7Rnpn~(hzLuE-Qa*=$m zNgX`sQz*HAy3}kcIgD&>Aod zMM#CSVD0pTq3akEteFk~-bV9^j3liWD|ds>^#f633UZG}e_XW!93&nDAa#nwz;8Bb7 z9vLx(_wNuo8KUCYBY1@ZLhp$(cOEqN|Ic&u#Z35!u-ew8gtW}eu=J!yXP=+x_4Mi@ zDZ!f)LGhTlcxra`!{(-GxkNa+{`he%&3cHE!5`%{ilMo@#RqCU%CNi!?JnfoI5GDC zGfkLQ%=nN%lKLr6{R;*qPN7}9QJ4@D=3GyA)LE{Vnim!pLR4y?Zd?zTKODN~6ciNm zHZ-^uU8SyKKn@9PvA^F|L{`dLIZ4)8Xk}%E06B5m)skes-bnCpbCW^J_^9uzj+PIZ z%O39E#3Ck5U5&CjEN=hUU)YQt+ z97`FLxCLXgrIDjZc)zC z8N?0x!%eU;%Xa&7gR3SEDv-T;{P;(VO47_qAn+5(8f#-fyo z^h)6OJ)5f8oTl?O=gyRlsU~jVNjJBZhbg*n2>dltr)rjrFoI#seETUdz0HF{!^3&a zI((_<13ARy<&$_NEE`6FW@7Y4&i{yph^BxJyVrl<#Air+86O|taf9vI+7_^QFv3Tr zg02uJcOj%Bo$Eo<*SET^*3|wc5NO<5$w6u9SBa9c==S8!to?uXK8DAO8CuZ4y@MN+ zxUBHi13n+dOF2G*VH5spZ?sPi#<=Fsq8iOF=ihjwC42P95ia#iPP93EVCRBaz!-RaX{|0A-zONFlc#U`(-~^-waZ# zd>FxVTQdsY|eeZ_> zD}a}lox~ge?uZGl@L`wy2{vUBP(dyy%=8>sTU#US;I+xu(LE4l=bRX($Vx~==SRy= zq;gajVd@Zd;tRAN;poRu6|Tt#k{6$#;8x=gd|BXU0uC~bwZ3_?9!b!(p_mAN;P*PM zJ*VB@H@%MJrn6NfYG>8`=0^0)f9L#RCgMA z*+v^vl0b=Rtf<)Ba5q){SwTf)WgvUL#H_sjIsgKJv**tJ0vz0XhZgR+=*S+HwIlJk z6p($>xOC;p13bXw%dxBRP(F;4D=#ULMWoB|+Vn)#imro}Ps(z5wr+*0J025UW=v6! z^$K}ehgeGBXb=jrXj;Ao%C7ijyqjxJB>Wa=kGsoS{9ujOr2ZGk zIRERwR`7NP{32Ixhf=C9OQh*;b6lO`;6>0Gv7A8nmcZ8 zE?sw%bdJ8iYVcu^dIzm{_%e`z7n*!+$LRX$1IBWa4*}(9d|{6Pg5^X7KEEXQ6;Sp_ zGRr3+7hep;WKJLD8~t3t=Dz7}k#jo>t(Rqn-`ktDgt{j z2eaudprfPneIa2R_6mjNv8HWQk{T+Il2Dy?UBZ=%=T-| zG-gE8O(_z`B_Xkt6XL7EYT!d#h%u)ypO6rxF@td_YSU+Q_IV$`mS8Zs1zM{E319x# zH_368Y9Qm>qZR1SYXZhQqd;uPxnd)*Cs<2Q?@aDhpz!Gi#hn@jvu)Sdv(NtCSKVN;TpyhzV-8f#peKtB`7`kDIfUy{BP$-!% zv!&EFlbJGS_mr}a0x7Nxxzy*7?5AI40Y(@2 zj$94xleaOWs=}s5Ym>cPmx9gAf$jq$+E=bT)_ZvqYSohg7;5u&e*fXxaDY&uxh-sV9n~x$2G73vw_%ItMw0V@5ALMT{kgK`1KUn}UX<#oH#veb1y`0M3o@R%KduLQsC<0hTK;B9~AOQhUHe;aM!H7@(2_!(2VAL$5%^r}qesJke~p%wkr%e)nT|qAonX4U zOe8sHo7U0f&R%+bv8&uec5da`rpwaM3JEOB8@B{8pLDtOIh|=Um)2=UmRT#SIG+k~ zo?GLu&Sf{=1t#47^{a(Bm1(D>XneEHk_V07LUil;Z^r)!7#JcHG3Laal{xcV8xZfp z*-P=@m8GSnZNcn~*q*>zag8wdiGt1X1dqWlbd@M z%YBX?8XH~ByH^NwHaVDSegIG^-_(}Q(?%CAnCS?7w8T2*MKIou9kv9%n|=KzBjk9_~p5YHf^U|p>?Ma zF$=hoPjjnyEk{xDf4vZ++}*zqqtmU#zFwfz02vyMnz|wHp+hFMfsEe^;X?5DM_PFH zwRX4mZ`$+*YMN!*eZ(tD>h`u6Dx(VAc7HoK ztPoqQX%qP}I^N+gc;>DRi!}!5*$$(sqUw|s6dV!~dyopby;eb~K~H1*$Fn#uFDkIL zthAJYjm>7k5#}IhE#)9znd3ZXsC{UwF!j<&PR8y$Vseb#4xDUkiMR~=?H$6T1?;Ox zn?4L1B({FhrqqBzaicm)QDM6Qxq#5?m``x?$w^Chn~rRUe=GcVv8xagA{)hXz8Yhf zz%pmpvJ&&osO{8-K;Tb88pu|O9T?J{(bC{^=-Bv~exR@x2ct{lE4k%y^wpPYBY;2%y! zHy-iDmoRQl8ExKJC_@z_U|7mb?&F=juoM``l)Wt5lF#STI*3eM zETGZ>$otxUXwoB` z(-X`Zhz79KFwc^1W_~vfe4*$U4H3uXVm=QQRPTS;%o4O}CPb>;L-uR*096VP;se9( z-S+{{V-e@X%Z{qX#vt8C1nL5KLkSHENFkaiXb>_{y>dpzo_%iVCs2@XClFMYzTUz_ zvz3uG&$cNs?Hu3kh1NEv$8j~}65f?`eqPsa@{|OkCujRyKyjvca@mLB|%Ib{T`Se?$%C+aB zO$cEN^|>g~lFVh@W{W560m$dZ41%i_BXsq~B@3*L*xea7KIdKxJ$@K-22lHwJpI=( zQr`xug!!iBoOH(XO;5ij;4k}Q$_CmOTb1x@kAQou@XELOM~N{rAEYQq$eY=GwXd?Wc=cv6RZtv~ zvzn6jztQ)s3ytnbP^eXNoX@shJW71KO;J`6y}jO1Xp)nWpd~CfD;$>4d4n1U;MpTbq}o4{IoOT^yR84gmrRk1t~+Sm@W|E5n4z z!yk0I$aOAI7EU!UV)9$voo96>JLF0R&y)?i6k@9Zu%MLtk^nmUbVH+CGi>K#1VrLl zzF}0FXW3GX6G+BPPIg(Ac6l|=s!f9Bl^_E(nvozt+vLK3*}A-4h^o1|y82;UoYc_b z48Y8>rr7g5LL;7qPo7lrd+|!bZl1zt_ujput8*0-+v3=%eDh7f3Pz!|1+V~^cDx0b zy^SKAfMdRszrfeV{6!SaD29(?Ibs7x`b_SP{xTf??bG9fCb)_0B0!$ACv!m4A$Gp7 zj!j7P;MWQ*w|c$%rk!1uR?JoKM@o{`mIjUl=Qm_uRB!BakIB767lR=)=ePHF|A~U^ zCG5Ijj*y@B>Q$f$H?&iNwU%Ha8Gh;0_t8;b6vv<>je?Q*?6(uh7a~9Ygun5;c!G>( z?79ggb5Z8ZJQ3xfrM$orKqXc{MMcH>$Yu2DMgA7ci9CxwkG|2Nj{D$*;vm6~0X5n@ z*jfZ12edB|tzKnUZXK3Mh_$FYcf@66We>(SX@T}a!X{i@AS0Jra!t$~-{N9<4i4i_ z6~!k~agmZQ-J<|q2CjyB%^#2M3{s)8W}R3UbW7Fv2D& zff4|&6Hs;(muI(rV8fb)dZN^E!z{f#|Jboc91gHK!LZ^Pc@J^~hk$@hr3mtAq)5+z zl>$Hy43UOWlYqno(j@XdVdw|+90Vg*vrKXOEHB}iuFsxzU);4{e>rH)=suq0Gi!yD zYaZShiK+%E@Pxpgw49s>-rBUw4d^_<&Y?ma=s2(sF{D@f%uHXJ~5 zXFN0k3juf*S#H@*rtD->&=ZEFl-*Z^Z;N~N5MUc7+K7-SFF+aFnbU#)mtfLW>cIBR zZop*q@$-)syBolF3&sjZBmw9;U-o7o^;LMW<7%1HS{><(fBNRlgLEq>--MF?09jzZ zRd&vJdA6VL=uv|6^RcN3^lD-;$ONy~ygsU7%2o!IajDU@jGnGAM6LH%7&J+H^ zh3C&jFw2Y$(_r{a44#g0R;%yoy`AiQ0LytF39ycRAKG~FoyD-q@!&le1iUh zwcui_1y17O!`sjf5quP26d^r7HI2hFfI@LXwt`nZQ3>DYaYDlI!~_+38&KQHgsErt zOD_YeX^bT7-id-t?I#Z^xy9jB@bGKY5qU9O+~9k zM6sJ$^Ag1eF#(7d#l-0hD=i(}p+!40GcIC_=Z)&AQwg@bThU)6!YQ=_oKSP~XWeu5M`UR!^+hSPHjV=~K5E=}v4Gprerq8})(FD;ZnaD5e~T1+ zv{vNlc&e{NzHK1FKCc%Hi+$KyDERvit<4Zz+ezNI$KVz`bb7}A-<%{Hdy@%*hgtXU z4+WQK1QU2fN$k_GYDyj56FiKWE9k8Ru`#VZE@`>9ca!mpP3yl&094xcz^xh$#)pSZ zwEAlNR*Nwdj4N{{@UOpAl$4R~!i7eYQ&VDaweRZak)69d(vxqkVj}>+(dCyZfeMfR z#7GU`Q>Yy1-_Emr$3cz7Sna&!kGxv1^-izU!ot|na*!docCpdNik}6b)7adWYd5Gs z{F)RH)7zf?TX?1l8Sx?|wk-x0IfABdng8i%oSp-%t z5s~)q6Q!l4^9xN!N8e_ZlN|36k`fi+H2> zMnR^QDSvG>tt(iKM@;W{YDr1LyRV=S1n4Rv*X)~*i|Ki;!~s5u`f5X7aK=|lWaI*+ z%7+e~3*Q@6Ju4BqMlkp}urO8Fsl&|53YHeK%@8;dAf4uVoHY!J;5_Cuta(B;(fsW$-+-67++N|+&?0K#7jA`1i%Mbr7`3J!Wz>4l}C@h zK9;WEY4h#0BLZ7WGm8PQpzOfZZ5cq3y@#Y;$SGh5eWrE`#>McbIMiK-g5U%3);>&N zgy2#ol5Q5@cO+Vu|B+=KEBId@Mgr5>K;2bbX%8QooekS-=;9Oo8-x8=t#SJ@LyaB> zWT4+}>s*ZgE^Lq$9kvp}5Jk<~!=+PLv7HMPnn{`>6g&08Kw zVcavG!qs=q*<$-SN*-p)2fLNnzm_fzRc*<2(l5R>wkxlVZ8n=s4{j;d*rdDB;S9bN zSPt~KlEl;s3xjSW^-SmVY>RDsBjwF8&wpmibLh}8LJrC?Df=N3ratD!_F^gap;yAL z)E>vM)B}0HGj z%gB5`w7i@@l&mX5_9e@`ga-@y}ls!0>Y~M z^FW2u=j`))I&b$2H}MnYpthFQ@g6v&C4PO{`#7aCu>yLucDG z+xb}t}HP#V%yW;qBFeDV79N=tRPy`%Ic+-^u;}y%AE%F1Go}VlAN$BeqO6f~z8QI%`@by@6tcT= zp1#g~Y~Yjg{NH12Ghx6ZSt0c^ndHkLgQ?8B4osOB?r#Iz2XzXGR^38}?YQeP0*iRZ z1w#DWyhw+wg)mVjsz@#-*3PeArOoBVnc42l`FboVS7Dzn8)$y;W`;p=WOFDm*UN=B z_Y)i({-?)8UgXkpe;SxoTR4u(O*@+TJq}BDRtr52I#OaU4w}u9J!xgctUYFbb7jU%Xc_~4@GEtc$DesGxS!_V{W3Nfc>8uG*rUa z4kh_dKUrVi1;%%g+aLb;MR4M&*pzML8#KccGFo@zY~9!zItT07q1P3-*y& zCT9Pf_s#DQG2Xp&iRpS2-ly-Cqt}n^6FvGIw2~eU*83eGH2vQ1BvA0&K(0>afFBHD z?9vI(k@MCYJ~m%%N|=J{_B8ASFEH#GDCz+F$c?G5h+n#1%a-nO3Lsr}_NVEIuIZ)e zebIh&x2U`k+8*aC=04i(a%)w=y3m259*MX0J;Q=Ef4O^W5JMJb`)!72+p^f{0FL%~||2$p)AESX*4yRX+ ziqCmVGt=nr0R8&*i+jv5TfjX2TjtbvnOJlUcw9xl2^eWCT~ zu$qw(J0=!n%!y809>uZWn7(r}e7`KnF`tM<{gE$uCz&xxqqT3?f^14a;NSlw%e#lv z8{CWuLlqHstW-i=Jc1*@2dPHoVqXfX)2KysM~k^Ex!tW~zEUe7OIWt0e!W4}{A`Vn zSkwj2mLP^2esis4IF@(4g9mth3*RnxUERG-Gd+G7$k1XQ?)J0C7z@JJCDXk>UbH;3 zZFfOKAe?MEP{@KIV{lGgB*nIN6&;{~s4%iu>VV9-exep=fymkW|s^|Mtxv zT8WD<6L<(7Ima3^udE_u&rELn|+3s9B+O~)_HsK z>eYVl_~E9HAHfZ!ujKGFO^OeDyd4AW{~VLX##pWfml3pG$>r(kx~8V>o}Qk2Hn&q# zbDT&G45S8Yj+29<(&RXe#`asqiRKP%ZEceJ2T#4exU=f`=B;I<2=j6?zZwB7L2$MX znl*&|QrS9fIE%|+&UXI%`Ft67qWviMSpC4Zd)Ka-?GpQ6h1>htWA=$6T6kX;c+P|u zR@7>N?vvY~=|w%g0G{s(zj5O6)`-Qh*YZiHxjEg(k$$2$+c83z2BqxNXvFhB7a?2% zCeD4t5SiQQE`0!9hw-Td*$(5I9NS)rwGPGgsJbD=7`yU+lyl{)LL19on|p~c2Tt*T z$MRJ+g}W|YgN1M39%0;ewbZ5ET&EJ$ncxBrC$uZhsM{FzHR476Li7Qc?boPXL6ZCI z4|bN+6Z<>D6U;vyqIzR76f^shBKYU|Fm>UZMoiH{>-XkgX<^l0(Y+|PoQ{cPU|IIN zce};K#d+Ew-_bZnnx9EspRps_`K)elSN+36LaP5qnov*tz}nO;ZhYpx+-#W*FJp` zS)lkJjiBuV+EBG|NA;(=%6D$P21}_Sn;;JJbf%!!Q6a(V*mYeMBBhwHKVvs4zuW!& zZ)^Tnq%8lXa4Tksw@0lTnwpyOig=On4sJR*I&xWe;w?mtEa24c{9<{e@67@9>fyDj z%xr9G-`=7TI#j)em6@KH!_ii|MgAW+=)Zj~+=zzs_u23J=Lhv!qt2C|V_`!JLtvrU z{@p_A%C*>T*_s#xCKQR1?AP+3mz~I4VcqX}K&%OF+p{nF7+sdH&dQdYI|=)*o#4p; zJ0(g{-juu5vKlxJOLK#EzvS>!u|wSj&TDa}wBtB~&l^zR0KK^$5?kfkO(TM3N9_aa zK(>^xUfoY{?I5v**G}}IkgBRf<^1#E=jk22q`FnH#5z)-d z%>3`)_ci%cV7-nNI_vMo&J+ez{fJ4zrnS_>8aKu_v^8DakAE#KsbVITWefhv{MoM; z_@Y7Qu#k5cp=kX09-N-f0eYj?@$NB8%|R$Zk*x&58pK~PNKb{ad!Moob1D(1q7d-oj*_*zCG=Lh?eZ+Xah%ckkXE z0=u5=60R(YW7RMYbd^9CBhpz1Jy!*<8=*P{Fm5hnJ{(hd8=x=)al;fg{+ba4MMbXz z__XgE@Y#&`KZXSy^6b1;S#LQyGVa>71sb9D}#*;taqV|#pxK5 zHiEsgOFa9`7^JXj8+)+Wh$=oe=1y%{@8UGoKCXa$nNjl&R5Nr|m#sE%NFaVOzg)4o zpV;Zf>jjhPe~Uu|F8klQ@W9>rq`4jJ3LzLqEtFptP=#&)$2(<6o?ND&F5Gm*9=dn`G!*si-lly;Df;8zWZFVwR)8GH2r49i|!`s7x zzh7RS7=VIokW3c30a)%lW229Dd46oILG^-k_)<rb;lOz&f-i* z&k5&#`x?5RpPvUqADa-zF=(Utjy0Hi<$0%)tH5DJTiGQN&SRR~36c@_Rhrgv1b*-> zo?$sHYqUiATYKN1@v#Q&3eWYQcLnlQ0kr9Y7=btV0wOg89Dk+AKJ{r@+MVI*t!3*= zy@plMu|`qbFY53_ol*Ax|5$tLxTw~(4HyF(u>%BDP*enq5+p1TC6sPdLb^j5bt?vl zf`HN}4MT^th=PJhcMOOK%+N4&eAn9Neb0OL`TqNUAHU;1ia4|8SEG%D4-8%n>|1|&Qz`id6ICq z`FQBvWx`Lf@6R7&bnC(8xCL1gWs`=TAQGh$ZJ%`fd@Ulpa3oY;R)s` z?eJ`?#))%h&t?K44!cIos-&PJ_Wap1qX{YpZYRpl2DHRS8}B8DacuhJ|JXy9j;`#wt-M&|-iON&iSgRp->5`?q&Ws48H_>d05ZtLSy^0vQa$tA z=o)%}#wRO&H;33+>ryXfv?d|rELNL8GN-qRm{<4DFC(-0GRvK-KZ*a79p$x>Q){KtPpjt(;3Pw{m6D_&o$tHe1 zQloJrgFr__G4d{79(~ctz>?F)k4vF9WYjQvC!-aa=?6ShYln*4hwVGv7KTM1T=y0k zZHSf=upd(GorGX9yLeO{_`ZYSi@UWy=kvF7ZBq#J@u=B@og^)`*u&_`%1^0}^)b)w z+XEidN*!cOyw@k1B#=)rhV2(~D+qI6o>Sg#c_8j3Oay~ai*4snk(a-l8OtL^5Z7EN zi(tg3-0lPhZ&q{fVC@G_%z`sfyzJh!%Mdl=bu|7YzG3c_G+y%ON%DsTi^dR|f$q!b zrV~ewTm?L=;`{eockV=z=f9fgP@gcHkL8LgDyY#$I@_s>>5h|sJj~M3p3`z)qPeAr zIbL8L?#QjbFM{dWx-2o#r6~pfH*da~=PWS%#JnREU9%5zqH|XeJ(KYxcN$`GpS^#+ zXC(I)U4>cWNl)F&wJ- z`0SnZQJE0ITNvy&3Xc}_`W?aRNFj5mMdOPybLnNPX%i`@E5S!>x#iwl%R%|FPaqRg z@N^5^ABz~WcYef^-EPX?>DV9IR_L5VjucanmnWhl66(R>9P)I2SVFK8gaFjj?mn(| zU=g&8z<8X5Tu5YLC}Y#st<%oiO~1W5L}?-g6CjG>y|H(7b*Y^_$!>=dvm;s)K4nx| zu+pnPsUK`$wkWu>rE@nH{Ltkm`}%aj`bvsYQd5PDSfX~J)BeliN?Nmt+!+#${A=@0 z2L=TtAYPcYq?S;ZPz9!J5w}xQ@nIG5Dt1g@iYpeklTu@%;Zx-}qD@y_t>L|cY&*VDZRFVW0-57)fA?x2yF|)nf za8U^a+Yf-n&NGOT2++va@^TaGc{i$Fa8(Q*ySXj#8sSbk$0;S1)l$Q4S(`t40bJ^2 zra&tO6qxd+FOEA+^(52j+aB93FX(-H<#DlT&AKh8SHHw@Rmd}>!*l4+MWTh8i7dN# z??gFvHRVTnU^*%85$Nnl|3+7?`5a z2b*UoqIBeDK-w`9Q+p@U%ypy6dEw+WR=JvGmo0HH07;ot@5D55Qz0VzcVD?9s1%vV z36W(~Z?K#IqUI{#2q|gH8x)(Ha~QOjjw&g*&O8ZlHM7%GaGwcsTj8R`s5j1}aPRws zlQ}@c{1y~wMdt_D!zZ1Tbo4;?&~BZj*c1hWJ0avSl4M71np<0e?xGQz>Z>G8Htuq1 z&au!zeI)O?Fio0V9vPJ|N2Wll4_{V9ZASa9sgFYhqGAjzLYXCuQp$~103t96+b4mk zVxlKOG6&pEqA6Rvucl^FR%_lCojIrO2kSG@-v}3~GRQDOdy?tG{ZwL&P^1+%EhRXq z>A0QL2|J%TZ=uv5$!fjoxW;J8%I@F4U$prlks+-o;gMLaeGZtM0{r<6>;}9f zZYdQ*1mS(zu*HB-!poF^IDy2Mg+VW)=QFvBh#Ll4N51I7(7ECd6cj}!C~e)Uo3s2I z(H%f|5*uzwE8So{qvFH3|13wh75dD2dRLOdZsiq~yDD{_2kgJNpBYCoHU!{YMi{nA zh;(65tHQ-ro{uo|-V=_CY}TYWCH+D3q<;$g$cf(j2nWYN$$GX1)Z2SbtBT@Aqal)T zhD&sTjp@WqXLA6l@+b+3#s}i#dCDb`eNH`MTNFp6rR|Tb!>V=_I5G)Z-u~pKgDqnV zCc6plTG=D3Mww6{C7e_7;I@cDl}Vs^?lq%ZYLE^DE$On0#G{M5+41q!)(~>J{zMfTpMu!8T^qtqd|-(}btSeZk00|bIFhiI zND7}neQG#iqkiKJi@F1I$*}#x+5&px-e#H$@`b~Jl}DuPD4tqwE=shk6erQR>NCGA z1r@cmd3?&*UwoBM2`1A-_>mC)w$A-+pTB#@4*5|ViObc(c7ydww7|qC`;twB(_+$- zpXrWA_yxv>49W`aB!x-y%MUQ*O8}Bo=j>oow5@t z2hfPA`E)|tU72w@1)D5#LV9iU)aj!|j@*s04!N2qxVinyd(WJ8ZR(r7y>eN1CZBk1 zGxIdnT}({s{gbw?3v^pOOFynx5_v79)xJ~7Och%QW%x_RhPE6oZf>QUH(#MFL>dYR zv`ME$!i-Ard|Oy$pFFCU*WV6ua74AXeMNZ!m529efbQD8J9=RxKc!@bJDrj3H3w}_ zX5wH(E?@Jw#1j-4bhD>}t0a{DDlH5fqcfOx?P@rzb}Q(vh(ShfSx+zJ1i)w?=jsoX z?&b?9@2!2!9w@XM{HP>8KTVqH8uZwz_E;jRW^%PEJYnL+!N7Xq?WdjH%<_e-i!p&p zBHv>8))}^$^4ks89qD#FUUSbEwp~{`)ksZ8&yVK(MJZ7wrI|e_%Mx3ouT2t_QD{n} zp(3m`_VLSm!&1az_SbyKC}rW5g04@>`~h}6f!q^gZ(B{x8%njk&l8zzbIn9@e3BV| zFd9uxR~vStxz1;x9Dczuy=ZabMj`0@>Y0YGYdJ+7MnVEk=_Dg^DX-spU`!Y{{9YDH z9i(ZoRc|B}G$lXQQK}GMBO)T07TC-pwUo%~qbN=<5r>FYVx21d#f%wmSUpd`Zo5-mZcVXw8d!SEn)C0njNum;~%xl~FvRzjdBq9bG*Sk7Bt0qjV$K39`R|K2?lkZOE+L|j>R z?`}L%Oe6?I)`Zw4C2wqeLQaWz3A!SsJv^FmVA)Wir37SjJ(}{iz)U#li`eIP=3(N% zhZ2T1)T)5W)H+vF$bRT8Q6Go9tpMqneD%eiEXsPXRm3%BbeQMZk95R?%pp|=l+%6H z?R2Zk@i(9R?;_nJJ|&0IU|lq&Eh`aOR}8XxJa!OTX`>$3mkQ!DQO?*p2MZnh;W~7* z5CPspadqFQq@<)t_ooMo--yfguHV@oDpQYd~R@P(yAza5w z*1PqOw&$b}g&xWWBf#j0)(34ed?n;I@qEyULX|iHuN{X}oVcpjQ{_0ykcprm+_l5< zG5g;)mxlOs>@WTkqN3V49o8=(y>V1Z$d2*`QYw88ZKAI8hWHnh+7FV6t!_T$ABd`# zo4bm-L=>Ug1s}_L^odoWo8<>TvH=hhUW={*AsI2NUsurJFlkNKN28z?tfga#{_T&5 zpLE&1XU_?C_RB~k%ACZai~<1L(0`@=6&h|gC@;#W@0<= zu37zZRRoQ_dv?d_m%)4f-XZ^bog!2*ZOh{ZF@}Gy+`qp0_kY)Zo^2+6lY9*=BiVY# z3*5rTq;K3i!2eDfR|u}_o)wbDgz&oc>vQhE`}cLxiQD|^R({%j{KAC-+4?M7y3=j^ zKIQelE>iyQ)oVIF+HC#5KmPr@g9mYu|Mk7KS3aHjuWxyH{9SncLBeY!e{!otRx@h&9IQ277#4rW2b(I6FnGGLy5 zT%Dx+xW$w^-J4mo<^8a*nE!XZx)iqgwD%w0&-T<9Y_r_*&o^ny@YKj@b}o84 zW+}2*8J>MDyQe$iV6R2S_b)zA_#eA;{PUkg$RyedGVz9&_Pi?Zjih^^{;G!ve*f`> zEL(w-E6w8J!z3Ngt3lj*%-RZ+-nDviNHtf5M$4W#<6E@#batz0y6VYY2XAiv@1+$F z-m`yuWXYQKvjy%0W83u&*nClf)|5PI;5qy7^J*p!qHp$}Ut=WXaz~_CeI(6uxVmlO zT;1k=Pz!Hp+jBP(krdZK+0L9O)mwhz*g5UQZbsO9qW@lIwnlsyTEAJ7evdWl~MVuXKU1RdhU-%iOhAZRP>Ht z^GyyHh*fJ^!~5pl;s5+h_`S-Bj5+Gf>-i$mmwne6cf=*?WocIoQpWF3Q6>cN40{jO zoy#bA=+WzB+x)SX-Jkd1t)3oxDJT!gSC6D+C9nKwwQ-`bonk5}YyKG;{o6`6$VEh4 z7q`ps@%74zT?cmQg{1!TJ*#w$D>#rb8dv;&M%h(gd*8hzt9f8Nb|qQC@g7pKHvwVs zk&o70_pPftcSLK`^wPNN%o?DOTQdUr<2kJIa% zs6_&e&ig7ayL!hnKh7+({@Avh6%Sd|9itAz9crcP80(%!K57&e{Yi~~&GkKj#ynLi zxh#38q{L|<>&SCz>!Z-W56ypHYmij_w+)>I-9q6rsOA1tg+;EoI>vJ#2<{7~clDR9 zGv((>&=L-J6#i)|4nc8JTy#`LuMK*YNIM{j&D%Rs(~< z+VYi{>X}&jkUyO?W)7+CJ@$pgzZls27W_Z=jvqU>@QNe8AYFcrp8j8F?Y}SOlK@A} zG1|q8fnCV`<|oNvjb@wo#<>@Z+NsC1nkuWQy<0B&y&Fq<-M7qVf3%5#j71%dPR8lv z&9#ObN0Xi9iswt&3LQjWT=gsSX^do-)MwmW|KP{T-i+;+*KwUZnc3*-^ZEVZs*lS@ z8HSqWPKhpE@w;~ifewdLR#?)%ujB9E$n@X66FKcN9$j}X-8M4yCQ6?3AzRP0$QIYj z+BVX+joiyT!VwZ^uRVRHA~40_Ec-}QWvuFgH&jJm{ary~DX zCyyBMPiKOZ@DErQt4hnLiBGoHlEY{HhVI-Et$*_P2_@mq<*eVWoEpP3bC&J)x*EYZ zR1M>N%f0XP|0A?}82rW~wkW1kkGp|QPRGidTAa+pf2Ed1=-3wn1$Cz<%Nb6gyng{)DssUu9lKl%)eGRJGFDu)=kD^6Uh8U=kLcVr;sBi_wrox{c$uyVk=vMN&ioI zJj6>sRa6zD7}(5Tb7%=W$4DRbvmct5W;5@M(Jhz5Isct?PfQ}`Q4EbTrFNycJd;uiRb%!P$GCkZNIXue!d3 zNyPEc3y!{*=sc8TkizU*Z7BKgU8PyFiAS@c=R-M%RCf36rA1D$n~Dqe+VxXItQu77 z!|aE7P1<%<1@T{X7A42_S*%E+l*06j+O;Aspe;~+FANJ~R5zP8U**1{hRXbU^^c|i zT&eZM>`^VoWK9{@@Yf!?yv(un@hdaa!evyk<>_YcP5eJatrf|IE1VMD=62yjt%>~s z1@ArGEK~My7nE?`rzv*r7g>xg*UwUI5IrmJ?npTwx_Cl7C$FmAVSv$RN$Hd*?Jo)M zeMhBEoI2G!HMdzwQS+{}indxjd1){$g^}aM)p)<7`$|gkr(Ker*=FBWaB(fU1?H%b zUW@Q5jxJL5?Wh!%fpnA6{`pbFvRB==Q}mTrP9E;yN&NbrZE>;LEwI?2RKkwhp|;}G zbKdUx;D7_H+{Eg9+-Vx&GY-Q`mn@Psql5c(5_J}TugBT!mSbU9M;FcE)BI~?fjv6< zo|BACXNa0_)bon#B2zlW&FeLC7M7~Iw6i39c@4f;5}SA}3)0g6`!YOp?`Ifa`WB!4 zcK&jyX&fxoB%PW+FpX_Uv3TgV63dBW3?FppoHtH*7&>A|5S4FHeAV53aJN)lMb>D% zii>9G!w_mZ5soaq4E!AaB)ts%=Ff5UuXaAC-%r<_;^G#$ym@qfxmh^*>w97IqFc9y z+f91^_)N_$^Gem}Rxe&Y&uLAgu6G~WU7)_3muj0^@X!>Vs);B%lt$teoR&fzyp2ZO z2LjtZPRLyS%d^rr%lOY5MFcXV`aeEi2YZ z8U~JMc+KS7KCk`s#clpJ)!uIDghqF)3luZ;Fs?TzEO{x zb#A1dDWU;LC2@#OoD1Ea<7;bP{`=k-u4?u4$(%Pk$;CD4IC}TaYh_aVHcQsO6QbXf zMItAqr&DigojkcoFucC+4F^qTfMld1*R+7xgTPDHak}cWIDb$3y9je0t7dD^yeRvs zazp;Tn>KqFTWFmwE@}1dG|zFHZkP0GZvGh-uOl|A3;FnKz9R+tk=gF)H^?jBFZ)I{ zlO0v+6%=^?Bz#)+vs1{S>4ls~^2aa{ubGjRE(h8Y+lu1)vl)u=$_7zybJR)moz-k_ z@b=Xm=A`!72W4LSlEp+8gFP;$BSoT=ne-dYH~JyTx~WFeVKa8HU-;1bNW6-soXFe& zyM$WNScSaEQorPybt=Wcaq-?AxE(&j#j;h&B`fTiZu#t5<{R?TwwXoe?j2pf`QIBG zzwt2WpT1w9o%6!0!Q)F2Q4F9qSWzpK#jl?xOo@#rV(SMpPI}fKN9zq)d+ig(>{+ew zuXk&`8s4bqeAPQU=#{7srGZCW=n|K}3W1^In-I$l1i>T{r zS!@G4Dnm1s(MK$PqT+g}pyPGK;|1x!2C-X5{f>`qEbFkfn#J9Stq!?0^1c4Vac=+8 zo}1C7kvnranG1))ASK`&h69HEu^YmtXiIt{l|!|!V{TH&FZ`6$_38>`BcpepOIoy4pDNQWn!ua8}~*nwM~XJTOT(<@%cnMcRmM-shAO3R^&r=)qJ#`)2l zBKMGWx$km9T#}-d)w2V#u?Mz#K790WSN)kbi@Q~W@yCP0f_7MH%paX<@^g2Is-><9 zT0=y{XRbTFiXT0C#9R=Pkn}k~NN;a)m{RND6x+TXwW}W_N9*e&Tk<9zI7Mx>)|1pY zr?zO(lLi?o;xsw;g=?fq!4oXjf-G)gpoPa zhZH@FWt~_ucuDVr+Yq0a9$&89!TBALb|PC>3xwG zsXf+|p=}+u8gacyvj(eHlIqBT1$SMt@6yyss)fogEY#w{J7!!T0z&+sUxv|tUs;wb z%UHfm^F1M(=@0}Y#nHZx#Y~^uZVkT52~q@c!r3(a~jIirRHGW3Vafg~XQq z98xDzk{T-PM)?fSW18yw+cwv>=hs&cG^$vK+a_~4jw7a8b>`>HIwU70HKg_C`bIsq z%nt*#yg?w+;RT}t%hSr?0BYi)B)O0a$5psjb;xiF9=rCvx6H6FU4<4%UI`puu4^VE z6F;+_;h$GRLcht7A2VNaelLG7?cAx8XI4L?W_bNh`+#CbP`l9W@+YIo>b-`;PrQ9O zUVME&ma^JE`0}-vZ2au7av63X!SPBz8!9a-bojEu~uLr_^-!LjHi@Jk4Vw) z-AwDr_9;$t)t$~fp4T@|Oco1t=eKWAdcL7}*9BND-&k75EgUMlG}9}WfK%Alw)wrrF4nH8RplcoXIHzw zv#;53GCA3#U-tRS=e`^)=L33YoRigyFEZztE=jmCVm}4{aWB8Wlt>m!m`WP*sNcJ1 z_xC|t{`;=6lRwukk}&T186wOnWvwWrsI2{S)jv{Hq(*4u1v#ug7fkz1W))cdi34Dk+O%JA|U8lxnx!o67M8*=y#@DP9kj;_Va1ZpZ#Y;l}n7f*IoTllLE$n)IHoyC?#m40%T<; zB4B*%7kG(q%BnfD{T^w%byKuj8_d)g) z6nYL8`D$FsDgJ&>2ahb}4CAvx1;L>Q{+9ow8?Gyv2J0y2tO^o*4DIV4m~v;iFyqS(9I-tbUm&Y%>ya zz@Hcf5c9SZlh!su!Qm-5cOJKwV*ZJI;5`poh>Dt;hhyuH$5uvf3zlJd-`2cuks;IW z?>?-CdCrZko(jY2gX4^JDrZ#~*v~8W+X`u9`!!uLOKr*%&1qjEb)}r#bHmT4tHki& z|K6zxQl+TN72j*p8!~%(y$!`&*m3E*_HVE4o@4)9x_dk8vbR|=I-EH?p(dfp3gs`& ze$706_L6`3r7?M`l5sPGlB(e`VbTA6xqtn?*)}8Je}0FK?*H%h{eSfZ@pc=Y{&%CA zj&9ZV|L(xk9X!Z&^}jAINW)5M<72waTY3bJ>mOhLpT-G>?LWiCQf9iG<)Fd!+{Z@+ zIEU?DNB1r_~5_*RE}UUx^{_x&OG{Oc^kQ zlH4YP$@l4zj!Q{B0}7u2^xV4k_fJRE{^P~tIK%G0FRLazFE?%c`v-V~{E5c*ryOq_ z*qHh$B7TC=4MBLdqki#Sm8~F&LZ62iSYdp3{MfO$sy7eNU2Y#XpD^o6)Aa<3Jqh*z z0Jmmc>}z9crl%8E5X9UckkzA!jR`;pa0v>&y#y=e%G@$w=%A#BY1FQY-6Oy@5&(f_ zXMiJ^cnx3Kk9KiO%|jyyhy#6ofs>2`5D|03Lzw45dEms+qcK;LFA`ThHD^lxc9!no zw!dc=W29bNA%8!=58#&};l@yo_n0aTcy0uD-%j(u`a#ok0zUz0k0qwlz66vCKpWoH z^lIFdq@*MXe-jh6X5hvsyrIBX)RL?3rezMyGdY#!Mq*;8vAB?>mkRH#k1!Z&o3dCN z(SwmPptaojohS~kKFEw9roDib`V!bzJh5}3BY@ggR9C0WOswCsuiNHj(f#rF#6kfA zik6m?uPJ{pfmH*_U!wB|pi{LF+OeDXErkXQF;MKWj03g%Iyw@jrlz6Q7I>rqS+y2C zklsEFh`7p!%KS8P=de9>tfv&}k~M(Z6RjIy>}Z4al7-N)44AILEEJ2vE_MCdwVS4< zLjv;lW<+HQjCG%NZbS5qy?~v>%TA(^Cyy5=#*+}Rw1rR(zAv>jPg4NUhq+Of>-h0o z%E|#SP>lkT0wKw6q(cp`xSOD*Q4}qrVq>X*MEQb>5Cw7@*O@cGbKLUg$-s;rQfoIr zu@7h;R=#%a>5d&c-n@Mq2UDA)=bJxvn#AH`|^jl(F4W$9h;0GV9 zXRYy*6ODh5NGj@@CtEHN;bx_DbF$C%_n(4wwLvMuEEn$IM4ClF?{T5QrmaqJn^>W(zFx)L>+{Y?xFAcQ@-uVd(g_R-HL!vpE4Xb9d!n=r=pJNV7p!Pqo zY{#X5VunGkz4u5v%rv<;IVGX4fTtB#3^7M0Dly4Nc9r-Q!)e!DCZZ;X!t>M*qxZow=Vt0e?i3GByv1>|@I&Lc;U z5_8}zo)5sX6VqecfmgKwBd`Gto!@qVjihpUe#AUS19NC>0NgT#(CP4ix?QfK^WJnp zJBjILM59yhH-0mrTsh|nMy{NxhaAWGlL{rS%rw0*zibNx>ZXlu!1Jfj6+Y?mGD^JY zrnEQj$Z;{TVkwJhzN@*}Wp=CRJhHjYol^j2=bSd!LY;0FzmYAQwP(wKAw^R!>NHn@ zoPd>XW>nM_xV^q6KnKP31gb~A^kK5GhCSqbv&}mbunGk7IcwcjWkp3pSSYu_i@+N-@H%4Cebh4<&e=}_d z>paT80m{Y;6=F~sitS2pvk6W@cr{pFDKu&`7X)4);l?mu$gfZ_@#p&v(-XfVOW0TO$kM10ZKZP|oLJw@3o^M-CY0sHhu^FL-&oXM^+B z)v9C9s)KQw&0#b>)GD*XvZI4`v_EdXxsT0d>;aI_+f!YkCw)JBW@flO7HXLH3!%eJ z0H+KAQ*#R>@G2%iN=O9nBq4k?0H2o$qE~UaN)|I{BJrTnG%Ps9l=jpB2aySqBJnpR zOIca?M+w>4RR;A0AWvYQ&(dCRCBUoT5oidK$f||se8X~Cv<0Y+#{+p1UJbj-sUA-@ zW2oW>owtdBSPG@l^HmhskO?3JYLSlvpjcqRA+>m9 z2o50M%LA`K(Ez%-ZG+1z9{pby1CKOi#yd}GevJ70oBYWYTj3q5s=JIeDx9d`lIXsv zi>D!+xil;5b#UHLTRN0@DY^Y&lk*~r^yA9?*11#j)D&m>DgtMTecc2$jQ0$*xUwKZ zhpAM9Nic951*_?C>e~%xH9K)H0L9!4*bQb~E`P|GMte}Cyz;gm1l6U-jsf+#@x*WjWXKS(l$ zFBL{beKE8F-DeO?$#XxsA)-Qn->UPV`Rd(Whm+DNE4C(2FjSUUPwiEO2y@EUuRk}a z3hJXBtOflHh}~qT6kVWCasL23ttD;(B4CQ!4_F$xN|qwfomU?uB|0wktkNMk z70^s$JsZ&p?}QQW8`6&4-BR22#{bh`B_70AAX-NMikI8(1ChDkVF7uRE6vG=@>DaKVDY7WF7ut5N6d^=9`P5Hx_|cGeI1r zRb;z@N9qdk^s)&EE+!#(U-uNPHBACXGad<*bJhn4S!Dq@PcUuXt{~0`#N1iAstY2=C&55?H);XToYB0j zBa%Oc+|UkMv`im1G#=&Q`T1>^%Mz`bOH{NgkwHW{<*@qyVgW#DA>!Hzq;^nx0Ru7_ zY|!3GK%rAS7ArG$!~zxBnP=CQV-b!=J`1WsDQ^7blI_+2P`j`Y_Q@$LE$IthIUrtFY zXFX?bfP`4nf$ZuK`iE3;TQ^I6&GNZmJh>HT|Lg~o01oRQFO)G`G@wo(LVb!ydqSVw z+tVfAx)J7{Iq4sg2H8i>ZDJ=u1sb&+Boct-d8&6a_R7>d128|dS7l&#c)~`YVZb!O zduarFRKi0U!1*^pL6k;izThe*5vR=8cL=N?=cKx8=y@9nlcuECw#T>eoj6f3x~-rJ zDTsGvUmaIU!QBoHpxWy|>|GLCzavb{UAr#&;5W4lgSjn62atZ_A!SOT+Iao$?`K~1 z8{BGwpQUnI22s#%vPytC1$ip9(PC~WquQ(3qF`Ji{Pr(c3v@bBNo7>*`Q}8jUqFDt zqAT&kC1s6NKi~qdgWeVr9!@?wvwhx{REcHv2dxIiYrRh2;7XPSE@yO13{yQGi6j}F zM~2)`hw-xc{_4=>AdUrBnO`d}O& z!q-LDs^eKR%FF_5qi{MF>YPizImK!_9mphB5vSP(8MK}WnrDE9s_K9pLn!i+9$TR- z*9Cj2z=zhS82JNu^mi3OOW1oU#W>R=Zvco<^Za4{PWP213OcoN3+IUECEUePYy!yG zvT;EWiBoR(Cb$9zpG&Z5YELD(CHKvWoBTpYrTf#WULgiLmz{C02+E0LWv|T`Ht{D< zxRgl{R8MB-BMNW5G5dzCUObL+roAi(z`T0jwxMvAK}4xDpBm2}N+70PsE_8>KDrk85O{M@NWpFaKjM1co2+CUy4sbt`JK;SzEp;CQo$d_ zO`8Zf8a$Cu^?{dqZ%cI>$TGk!>wt(SN+poyR^zvP2`sl3aw}FJ&hESfVGybaq^fiyBtU1ggO`) zsZ~BDIAGaNCj#8-X7L%ThXfnIyEx?T#A2xw`h|z5;4mYs3nW-}gWUttNwL5lo)odf zY*K=oJs|z3PN_hLSi*;uTZ*_dC}L4dqQJAmc101l-;Q8NHRL;3fbhjEKuMq!{7;>o zw@dR3GHRi4=WcFLJD^bG8|BfT1bYw`5hq1dkMO@m%nT&!WAzhZM*Z!A-5f(xWp#61 zbg(=@!#eXc!nio4O$F5fPI)_so}pSHFy@e)m~igO4=L}xh0+IDYh=hy(?jt9i7#Y+ zKwfQ&qw9k!!A-(xC)jOI#0%KA5&V|%PU6O4PRwL;IaiBDE#$gTartk?4k154blRSy0FA z+#VJ1_U(Xz1NQV|32&xoJT%O%g_UcbQ%a4q5|FJD9AKhO$1eii3|Qy~c&|_z)+dZQ z#vXFbgFNa9RODzjU_Kd7U``)BY9wh0pdAwXvvs(ejFXgLBX~3MU59qN7%%K{Q4tf} z41oUkytoPk5|MpOg^s$!es9*P=X)AcR91`rgh#owk}w)F1kL%Isj9Lv7)B>?j2ssf zR0XhlRW&mTbBV%Vqd|cHMxa07?UZz4EG3O<_|wVHMzIrhLvP70@DCv((!g~sDS>3; zn0l{qt{WdiBEJefoTVAE!1N=^JHc8fL>6=dngnHN-81tS-YB?+Z){)#e}us3*ESUu zRBLF69mX3&_qhot0d6DsPi75b$d|WxmfmS71;>5M+g9gK9;+zi;$rMr|JSc0;r!J& zCy14hBQ5<7YRgyZucN$sdP+?6&(F|Af**_g5qF1gWV@A1H_@H2?DiP1$*D3>NYO5A zD0W|AYTv|A_><)t;s|kbdoSFy>r6>tQ&FncadS&mC!sGvbTo*q;%0?T2?~IIzum?2 zv?cLolSH-^w3o{G*ry%4HyQ0!!1y{$Q;JQ=phcx z5Q3|U*5|L@-a_*&%39L#n`*}HAtMQb!!I^SWA|{9=%TV6mVSP$l#vgambwLR!?YG2 zFg)GAm;wn>5z%l(GPO~#3R&yY)(q8p`bPx!3mX_6$NBC@jEh@$7eSH(WeAAs-#7*H zjQ9K6&U88~Xl@Zis9uI%c=P$woZ#*EKLLp@8`(xXi(qz28--8#zU+1#`!jTb=J!(|&dAjsF7{|0Lmj+pQc(4F z#7(+QePElrAdZtO({0H~S2ZUwIqy0_7_FZ8TNr4)LX7koo| z@ECBu4xh8NQtG@1&NOtrV&M}-=Ze+H1%B@w zd|S`Hd-vtbNhXN&JkSqe*Ja!S0PUCa$VQ7xP_z8s*V3AL- zFgxyvtq*kUzw-(D=Y(}Fgh*S*MveREH3(TG@_po;S`}U2>F?6kLYC@^DaY$;N&LRp zkyjsPI9>j7Z?tRf?#jz|%yTfuJ9zLQojPd`XxMOv(+o_PWEFD@xeyDjjRTt=zpv-J zWFeMcw7T^4TTxdb!qOJ@#*oY&pg9FDJcMVol9IoSl{ge=0!(mwnH=gFfZ>Lz4^)?Kd$^st>y{(sX`(aR*gP)D%bazvz6=mh#06?nx5YG?EnO% z))JHx>N0L*$b<(z zx}H0F`;>DbJTKD9n^SZ+??!^e6vVxJ=(FBgyM+VrI>{JhGlTXb=-_#MYw{c?W0ZoU zhXd=hX7?8kKl47%ENVM&6U4mN&jm-+9a6>a)*ABSj9R{^4WVqP0e;42yn6NO zNBdzWq=iFc2ey=Ms1Sk-;65n7dF15e9HiLe5}@fwk`bOl*A*Xi=ZwX?O73>MssQZEX!97W<&(J{m7jX!N{t_@b57ne79s1Cmyu#~bx# zUpVqbc^=isn}q2Ja+Oa|D3?+ulDva(?nSI#b$h!qdgbD=_1pXLpa{Ytqa^*LmxONY zdnn%!uCLhPIKj=#!>BZ;i6zKo!yw#3@f}&7w*|u-r26!nzXKp*Q z+gSHSn25^NtmL|zWT_K|Caam*n3-Q-A$Qz?4CP_wE#Q6aXxRskqlAPL^7E6B;^ z>JG$lrVzZBaR(+h1Fvr%UY=Aw;jh(p?2cN%k7r-+rfCT5Qwun9>r*NPMgXPI@aMZ$wgMRk<%5>%ZA))Hb0fBywW)L$+;0oEnPWzKVH39w|fu?CB z@AGz-v~Ji>rCIk~FIkra_4|t#taCdCho}Y_?^-7Dj0h!hl(KOmfF+eN@Oyy}2OCQzvFtVBRtvl~bdb#RM$Gwl|eYI0KU9F)Vpq2bb zd@y*de@${`6%z2v_<%7n>(J^Po0%zx8Vvp9cAjqmlR6)TB#WS!KdujZmkodVGneE$ za%1e*idlYRS?#)&=Y>`I9FB}A60^5N{%5^UI~FO!@HtX8Ij8DB?X!N3HuJtI~|0$Q$w`cdD3G)b&x-N_3+ACguO^GJ!z~AyneoPZ%j! z)xb*O7m|w|rY(p|@Vc`l+*7wJo>EN}PwfeXyggbY|09V81CkPSEJK8J2-ov+yB|f6 z*S-yfxpX54z;zmB|3nUPQ6d?aQBp?30QHRZ?`x=M*V5A;f|UpQH|)XnNXD$wN%7V)s z4OBz^f|LWV8 z0gCFVbPdhS?B4Rx)1iQRfNKm6Hgv&#!zfJ3)E+{UNSD(v+$ymG%-|ZNQweE?FBn-7 zrf_GoZ15B;lHXL4Yv0(t?XWu^Ijr-A~S7C)AlSFumsN{O8@hwRd|7Va?VI&jRhVyYz%2 zH5H~MJ(%Lc^rZ|hjrl5haQ3^HC-?aFul&$rI%pH^<>kfmj1C6WQuYNUak;Wpvcy$df@c1R|ZcqlSLXdS_p|!9Jb5jG6=|X zC%n0lFSisr3qYoukmiJI=58q8z^-?PsXfF5du4q>B|f}1ZE33*sqz$?p1eBtGy90! zZ6j#wDwM2WtkRRrhGklvKwEoz{z<_<*C0Kbu7c5t9;;tqpeJwB5x9hDIQBaf(MI*XN2$R>D`_k>rw9ACQ#hNsY`d;|M4XkBN)1f|cS~Q4AC6r*Bv>FD8|QK0BIgT8f`#@-Bmtn38J1S48=5 zCK&W)P&=4D-?EFs-uQJHCpCLX3j9)4_jya~DClUldg-zgjCuCqLp(fNadDiJIoSOh z6W*c;r}peg=Wze@_;?9)j&GlR2fND0F!Y2E6>PD(;``5HfQmnC{1bszD`71a(P(T1 z{b(Q(*m0~v{2%o>A%dt*lCZPOQY!v6za{X_c|pMz^WBHxF*bIQzWiUFLr$R&%Yt1e zG<|k-+})9CYE5{G8`~T?d2$P;MkN@r9teYL-Nk76Ru_vOZ_jWr>mhug|Df46o06P- zl(`stY<1e1+g1i>KwU-%JxjAMP~o|pTZ8i^?0BTXm=hYfmk-!Fx+6_WRBD&Km1>CU;f`MCD#ji!~Nx*3j z1ul^Wp;AbcreAD+c|a%|g#mQ&IGhR~)Tnp!j}6+76BZi!H;?an9(~HXRS3f-Ga){> z3=z8V+Ro0-J8M@k{l0U0-_wte_0=wtd*L-DoO>Jfb zC;@|ty~lk$l$l3T@`F0R8uI?aFqSiA z?#S6yHzb09+Q`u#v05LBn4@WrCMQ5TEg|=`Av?Y{71`=XTc4AazmRz8^*X>KpmT?{ zeBRHNG~Gixo}~iJK!?9szt-OnahWhvau_z;{Q6o0cMsuk(p~Zh9*ED7(LrXowPUQ= zI7<+Q8;(_sii4&k>tgKJi-6iR+HBmqbx#r*J_?7wS$A|=mHYFthzYZ^LFE+7>%0Ah zPIge;c@l{Phq(u}hF{R$U=bCDi8y3hx3ak}oC$<$w+QG$$>=}~8c zA@@ntM>L93VlRb4Nrl8>;@Wi~!&TMQoDW%EUt1fXe@jzSx~UU3&5)cuL$$y)OjqhI@q>tn+N}~d>*DPsj#su8+Bhf8Qs+WvovJXslPp{QfBOC`cnxf`K62NJ)1|H;8meqX?)- zx5NY~X#we$k{0Ry#{Z&}PHT;*zOv zllI2s*)k<-0KAhdb^vtwnXgh)Q!~U{l$qIITKU-xCvXOO&jn9^gp5E_fJBlJCiG&U zNP_HOZtkV1dbkO0T9gDSWp1$1`TR&$NBYA@+W7as61j=< zfXCh37G&sl0+GIq?%l^cEgT*1V0C#*c^APDSg@#fWpx_g9+89s{TweGSJm=s5VC8eF`q|cXZyVy;mh4!3~vmjJ!!t;=Qu+mw} z9w!%l3k~rYL69@%9PI6HgAxO4Ku)XdBj5;3CqPvMS#UgiiK|Hwxo<9Ea#zW+7a%>; z7Ph+7#c5TW1Hcy*6cz7x8{DCUQ_csbmFY&#ROWgNkMI`fK4%t19$NKBDoRSZLk6$# zpX;_cLco+2Xs%5wEP$`Bw?~|NOlh8k4cZJ|t{ayP}16~AGG>9ami^F83rGFkQrn4}X zLT3Ekdl2_Ez~|AQUc%dhxxGt$u0XNReNR|gTpapHCk0c8A;GBxx4LCRAh!1lx0vIC445Ts+xl$zX;IFhN*FJZEc#(YA_Uo=&ZgI1w*iS0%`ee5I0c9 zp~X+%2J@MNCPBL_F3M6oCv8GiB;(#+lm)J9rMteQ_O zAY|V?GLWBLS_%P_6Ny|OK7VckVi&syz^7OI{g*CXYO@DYOl1Vdn#)jdvI`F_ik%(X zLji&$EiiN4>YlWX4flaF+`$pN*-#-rU*GAK6@vQW-htua2ZyX;zYSnokrP@M)-hCQ z;1dR01=`U2FC0K}n$s)<<$a;K{K0bulYpSwsEOa=ERZGsjdnr(0FM`=k^6-e8HwKU zzqJ5X(qJHO`pg~I1&&)&H+K>@Kx7VxAOlXN+`>Ro%J;{{5)yuo8}jeJwGqrrd30R@ z(w~p<^a&kBpfpXUYK4^A-3vSxpomFcQ_UTSu6hjS+uJW|yFA;mv7c)B8L7Jiem1wa zEZ6cDKxpt4RZ@zT5LYk(L*(~aS?4{^pd@)N0jCK*n67=+sZAOln`}ySGa<)8Qezm4 ziHTx17=zG?tbl8QC=RNMZe#vB=M7p`fga`YjBQ#-0)}f`Z@bc5y^0GKs(n2_%y>_C zE71B7qn)q|!U2b}dD#iM#3Kwlp>c|x$G$w z9KHo#I9ol|)Yc|SeS!=AD-{t!-R}m>ddJ5fxnrfId;b)4-k5CGJv&r|F_d69h7WqJ zmF?RAn>9n$jZ|FV(hGC5$q=OI6oi5k6&q_-bTX=7I(KaZU8Zrf?r@pCPnXu~*tUA= zZC+j&)>mlIeFr4H6DQsubyQAmwg^!D@j>AqWKoQgp+}sKnW$g9F4N z7T74rKX5;ewR~;-RY@`Q|I!G44pdC4;GLrP5Org+( z(Y=Qbdeph5pFdeD>Zc&YYe0za!)8Yuc%Vr6 zsKj@_)@LY8<8%aq?dYJ#I>#=hg+8}6f z>NkOoevkFxHY2f#RA+2Hq|vO9geGvYjD!Of=MC6$WYsa)d543`o}e;Avjv}Xbu
bme4(jqkC7cX}U#vs* z+arC{D(7h4v{6f?idd`<6LmCCw>wD!gwoIRoE$~1YD#CyR&~1%PxF>Lvv`X0*QYI& zGDIe|Jx%;v%+H4dAdDSa0Q={(4hGCygBo|~A`BDn96R8oDsp9bKNq>A(~pa%vmIWF z2%*x~*(l1*7QeW`(rc?FiDj++UxOZsK3VLIU-lT<58jIeDx~kKd_Jt_;ejJey0`tJ z+Me^h*&m~1JqzNuWn^V9NFw%Q#YE4dkM(A;MV45yzwGI)&XOy{8a)kjF&D9PJJy3q0yK5>q z`6){*6?i4MzHCp$y%?)c7(pj|deWUUhALsNVD3yCF|NL1j)A0VW7XjS6~#&~^E2}+ zSWsvy|J*tI)u>+gn?5CR(0N))%RbMVKhq(lVMzAZ(6F!qX?FJ^GHseaQw z82Sp){XAJ~JlvXEYnX6v_Z`nsbxiw<%NymU>_}2e*3%cdlA4F@2Ug4t!H=WE`w?J* zFHZgR1Dfu}&-EK}S#uz1=dwimffi5yk_|FTg$j7~MSykpqH=HC(r6ti+UCXD!U7*v zj7oVT#-aY)1|OfgF6A1~Mw47tys*A_k^N^;8xzzMK8k+j^899t;Sp@u!BcQ1$`88b zr@`@sP)4m}l?4t~;1VmV+7d8mut-pEE2qKstv6bIdqTrXK)Z2dKwvkrEwuQ(rnO;C zT`5&%qvM_LJwZWinl8{{VB21+#NO|+)^vjheP;YKDtjP(PJr0v>=boNg_eRgnR>Og zRqSZ}S=j&Pp~rUs5La>dFbPp6y*?dhDzU+VY^4YFbJ6@Hz4@V7WTO~Rd;r1u5z+bnj+WJn1ndt;(QbVJg`w;UpzM}imSK%7!cr2Ge1sYzaQ?$6ic1I=-p5nq#sSvT0Rm{(B zD)#1Dqd!HbIB_*j)B_5xQ?@g2)C3dzwY4NWHqsplg2@-U2(SW(&PY`KT&*G`lRbGX zGUfz8e$S4~D}G9Vq{x4nK^#o&G`zAxc1C(~N;zsufb^PdF)s5s9_u-_!K#J-uTPqwp^GU?$cU}WX2G8!=CuPo9|q(6mtz6 zP;&)~)huu0aJ>ePVG08~sve0nUdB%qbm#2fGR_+pc=Xarv9sxTzuf$vMero){Qha% zrQ?sT2?D`6X&IN z2)wkS7`7t1NJ8%sC$t`kRvV2jp^WCvUt^DJI7Y`uUYl^wjQxGv&uSK{Xp;j+Cu zvYeSaSOK4(fO?r5whho|^QGAzO_xi$NFjnA0XPn>k|_W~6y5pkxxlC82jhqTja7j= z4!})zEljga(Kq@&>%R!9g|ZDT@I5%5398)cY_7rS^b~&}HchUh@QYtOyQ+`WEBKB+ z*jxti8y45uOsjL697_u1mJ1Ko?trH z>`RnC+T2WOR8Bh~EJS4b{FNy_ii>dwK4jsU;L7u5>K7`!n?!oh+Va~56x((^RD+%9 z;qO6_N9tJMZN!Z%uTGD>(1$AZ+CLXH!|kE`jK^eP;=Rhpaf0oJ|IPg`-1KJ2u+8z3 zwc)o^`vDZFG!!8is3$G^ZIWvPeH$^>!)bczZoS%y!V2K$yvr-s*#iSuJ5?LF+h4r+ zv=+gWeOC8FlG9`mj}Pn^Y04_&VPy>L;rgqx#U=BY;^LrBN8GHG5?af*FTAw7_f47nMg@vjcx%x{1^*UpGiprw1tD69^ zs{eOyFEckw(1{(TD`0(F>{N!Xj%={A7IB#yN7s46wbxx6zfn)a zCwKAi#>O9&{0%~7=xtQkT&Ny)pbL5nRQEBHlT?%ii37>>y55>9L23 zm;Wmq@9D!YL72q;oEEp?!=Ai@2+y?hk51ImHTY$@?bGT{HDHCuj)6s(nXVR=)HR?t z7t(cjD)YZEE(BpJ@87isSxJOzVRH%I4XMgXh4^P2G3gZMII*QEJ3qdWEdcsw?w|*(y(jr{4Sk8b zC2&__F8IZjvI^R)($bSsPH<6_b+on^f<2hWfyF-$cq`l95BITyN{-k$*n5>7jjXD4cwOm1`Ty$LV?>Ts@j0aO05>8$VCUq z78+cdjI%NihfPGf5Td?{vn=mIq@JFyBz>(edkvBwmS`Hf?>jDkpmkvLe>yy;9 z6?IjjUv{=Hl9Tn8*EsY~jx}|b{+&6xRpAt7;n|4^q-I?Jf_4!%Lh0 z#NWo0!SVHNQjsiNu7o1KM^ixKP5$tW^gx# z%sJiEcCooc&xDT@C9AB8ve*ADusJ#nrzaI~d?wB+Eb1U5C#xv0hLAZuTzm*hy4$~_ zd*U+2%q*=etFkf|wa~xRYv92{r!Ge)Md5jHbSLb9y9N_Zs7L|R8fXK8aqM_xN4Cp(nu{cFN_J7nSX z^m;^AsWO>Ow$2FdO1K4X+}c~dB8G^qfr8!V7uCUQ8QG~QIa%Qq1aadB+ni$dha#1Q zuZmnq&=D22g>-y80z5VHq{#*z#;~`+L?<=#i4WWG_J)!fYQJINpoi)pR7x8OOmsDr zww46^TmM=p)8{EKkm+pj;kG>2Nt7+zBL?D0{XxyMEyz-0ZUC=oo;EN0Fb52I2>U-T z-wR7I(aLzcnpr7+;R4huVPUcu$xSfT32}d?A7No2Bf+IpS5(?sT2z$T{Si@wM>Fkx;x2H}y7h{#iVSTDY*;P=;bTP9&nC&4n%HE!XMX(v58z8w$}48h z=Haa6ZUR?FRkT&(6Ve0e^6VYqA`)kr9X7gw>ZoGS_e_*sOcW%r_gw`Q_-wf8pz~A& zD@n{2nX&O6nqh&PsP{&LNwx*l}#7jz+*|HAQ>0fg)I zP4HfxijBdg_1=C=N=IPkk_yY2|5fQ-);hjxOdKs8f&olS*a$t9<2|hX^}~?w0al7S zS2I?M%AY}UZ8qQ}EkmHF=L?bfE`G=iG0IZxK*#R4=N9GnOY zOLJ>}n@^(l#t4V0DvSRl5QV$D%;^ixU(+F@$c@mHsx_BGhA93}{>)tA?g?_}2h*%} z6XyDvfv%2$Df$xd(Aac|=~`caf^frqWn+Uozph7cH8`vZu9B%>hjElw)+cebf<(I2 zt249&u}Qwy&PANATBS5G<;D%;(2Av=wt7|`9Pjw_EECA0VG)`cTAb~lM6&X|LmITN zvKBG7v}Dh*!Dm*!K`IxAr3FPUP1L!tzSL;(U?i({#|QKlo3)Si*as8>T z(KEER$V^GjEc_K(owJG09#g#dP>YnTNr-~yaT)>39BU}1fRUUc%p3Ou+fHCP=?Ukd zkMe)RW;g%lQEf(L@uJhdP9Lk!CrT~R%NOk_&AkivO`K=*c)bK|&R4F7EeC<#dZkQL zijo)7_6SkH_Zd5CeFh5ovmYo74(6Ozj&PB@Z-MQQ!pV|FYWiUfKtBTu4RvR0DX-A0 z;X28Ujk&W6bahRIa25tm(wF0wG0t`I>A?ZAl7BEIqRQTAaO)F8pRy1{Gg*bE>@mYQ ztZNgLUrgcu+F9E=Jly;ZiiFqhG$8*lbuRf*z`vc#cmFww_f+EkqRrMIxFKo_t_JzMfgeEoJo{Tj92xX-#&{iIJqy6$_eMy~ z_h2!dUkx!)QbAubHNmMW$tUM!W%fFJ#25jeH)J2FgAa-bM)*^xXxbV#RFH__edhf+3(w-!LU5JCaqjr*feRIr9s6JR1_#>A(E_E z)@g7SwoWP-E**oZkmvx__l%aEM%q>LX!`%@w9ED{ZqBfXlB_TBI|(MdKKg$q5+9(^Wf|sc^0~e|#lsuCUsC7F%KMRfMwm!?un91(|ei7E5p&BA!y~uMl zb&atE;L)2N=c*ryLzLY=JghV~A7NpUefDnu?i=mDi#l6;*p<^+ z-HxFGi;$o;OJ7D5ymyiv+s?mNia#^cG9bSGozBOJ@5^}kzHH&4GT{%F5JPxp>SG&} zUwqk!2?F91BFZaF7puFgeEvZ{Z)H108d7evyQl58i3pD2>dSti+^yR9>PzP{=#5*Pc$log(Fd{6M9X z#NesCp-tTtLzo6(gB;^-0fGxvK3nAE@jx>Wa#_`2L&!tm^6))Da=cI^( zk>v&yQ$B!Hl(GiW!bd#@#wB?=Gvry`Apr}p_t5y5tzn@dM(9fRj(NwmWZ)o1mHU+B ztnQ#=l$b`ovlP^gLMiuSUizoH&XRwUgG_fq8nPO;FQL7wSPmHI;IaaiPoNA_xiyEX z@`%PBY}RxPVmLI5t6*`fiEx6`sN?gCI6Fm%_63mU>knj*ScZls(M12|PEu6`hoU4^A zn)Y{iEvuYgiy0x+UvgV4!H15F$39}Ikw85`hxBGFcKV0w%~}_Kg)mu1k-0sZh<7%4 zt#qO5bVv|7240@Wcl9#mB9o)8Z(z%4#R)N1>Bw^PqMGr@+SASJxP@K4r^zM$uQG zVSRSPh!k&bQKR6fs~=$KFDZr!9r8XvZRr$-%*sed$3R7VPaehGae(Eld}^uyPO%Wf zEU4$BvFzwBTgyej^Hy>`dN`*cGVu2 z*L%3Ab($}+SwtX2F+21PKcJv+UTu$d6*S1++85SWFZNHgv{k8#39tx5LE&A6{|=+f ziIRtKqq*5h*KhSg(KTovfUvbCdML6~4o<_m>dtigx9e<5S!2tDO88#d=%<;Q{YO*5 z2k(KzJG;o=R-i;m81V}v$*R|D|EMa^iSyF%!%B@}1g69=P}xhnxjyc;&dhG&;$Vf7 zmCobX`#O{bcQhQ8g{fj*Se``FcuA51j-%kS9O1rzIU$Ygj<*oDInut-84FGv&1&WrArLgt z%(^@t0czl&gO-<>p=OAl_%a*3RUS`i(}xojCpU?Nby*qlm zDReWV-|}Z0mZS|bEmk}<3BiFkx5Kpn==Vh=2r!Kmi+iRu$h^y>S-gl8ZjsIb)qKzZ zwd_?nq~0*r6MrqSyBFUInUxSPN0Apv^JTo?P9ewJuMHG zK-O5?GXlh@W#P~*I|J)s(zW-!4@1uvTL`Aq3oa+udJ`Tcg;wc$COsT1a+oFdM zy~oGgUe@}CQy)QQWoT0~Kd+0y*(owXS5?{M;D8(*QMLG%F}*N%bc*ipd{KGs^Yv@0 zo%#;#HSRX*&de6O6{Q2hT8;jRtT?iA@Giar4<3(rti0IAK!ATIQY zNWiYs0N_5lghB5W4H9&!p`ul@60DnbUrJ;+T6&}jF*&&eSG%zB4Mz=jtL}9F0-v~; z5spc+tf-@Jv|Rov&3v&J4wj&PUT7vG%RGs)3f2 z;TIFHq&6oT?NI-y>>NDdZuLl)axqg=EvDZcE}zU3!v9;!AhJp2X-!dEYH9=s^T11u z{%R;~SG;BYXWwOLs{1#wgyY*&E8y!Y0KBovUhv0Bcn7mLwq#G^1~*ywI#B9FVT1+`y)h<^CY;<>xNtYo$HE zrZ9?~kmkq3~wavzJyT%!{({1nHXg+(X&sn;8Djp*jo8xr5wG&YWXUL zfc`WTIXnXME-!nkrH#J&7dJmI2BMalLWqX@_W0vt_2XaNrqJf+<1{rnt~H8f_F;wl z4kswA)Wta!y07W;^Ln~_@^kV!h1wBbB1MZgb{to_obtFIDwJ=^Afz^zobz7bnEoE@ z=;LBxKt{qv;^F6lWLJ|SAy(zyqOuG=m2e?VGR>*rrUlpuDey@+ttsr~?W=aeDs=V7{vjVGdru%MpGxf0dlk~1Jo)IbUhJecPbVL!*@AW})q z?@^Ob9dcVEJi3?-$lB{J%vwLt;*a`%6r-Zh>tw;3^!rUbkyr?djEuLujF6rFhYpzg zDdvCJKp_M;ItoidiZ;JjaPAJ{0Wp80*R$N6RwVti}wJi#znZ7m%H9eGgw(z@cqVn9X$L#0BnU8&g z6JB0SsKaA|(__rTBMXGPh#xyXMOnE(^fYm0x9#4UK0+<2*8S2Eg{f-evyQU|4m3rk z(IrgnxMN+_-5;`yD;V!IHJ7FrXZ*cBSHD9&K@R26 z5J*6Lqotxw-emb~&fL_j?Hl@2E*mV`ue}p}L#-{(jJyX%IbZQ9(8WGBJMlBvU8mgV zMHc)xmNqpxv$K1!wY$e0-K+209cF&U^*Bu$gA1oVfpqrrLH>Bu{dj@ad*%>!z-&;d zc4PU~`cvkRTvf@wmhR~<8ttautt|{i;zPDqUK$5^FH#)Lz}d$OZ>k;2oSpY}_7ro) zbQ^>A@@wApqktU$&-D}2>4Ca(vbus< zX$fxrl#&CVi;67pqPjoDC}_^{RzlL=Re|z)KF^2p@rB9rD@Ei9)I-s)@;=A;$T@l{ z7;3%#mRFFA77_Mhw0{tLi1;AFfWBiR_Gf1kxmS|WYQCRb@zD!6;7J0RLYxTCv-4E& zw6yUS=w80fM@&CthupUCIq8hp@e>L03_Jkm zqD16fI-JNBxe+=Xgz$>AT(cHb3#P9VROu;A46#jjsRyaFp4;+-YNCcl__fh1lhd#h zp(x${{EAgcHAi#Qe3S#w=PI5-cVTiU(kN==hZ^1D^Z!Ly;E;+>oayIv)N^&{+pvp> zhSP8i=-T17&v84MnVL0P8!<0p@lSr(qh5^44VCojlduvDGcBKupFLw`EP7q_rsM7E z*TX##vLe=JJ+p=#xZZhCn(Mi;!o)02^#z6P z-a6VUT7>&_VUpM)G?fd47Dr9sbR13J&4r)?;21jOZ87<>Q;n`TugMBOX}ONnX73}U z{A4@jQ}u@QUeV7YE7PwX!Cr$dROud`(4?Ajobaq-5`11XsB(1&Y7jH~Xv$Bny$dxj zg3%e?h4THXPvcGJmkt)^$!>Cc6x@6lW6f5o4`SWfMMM(hx2@;cJ^qtw2!qx?@R=EQ zhSMnLAp}z}@GQ>sanT8|(h2ko4&?uCP~hMc-YwsPr z;d8il=u_zg>Hd^ZKnKzLB8<_bk^DVHALO0!uwrImjD6PF zGAUyX4AlLgfWQ^vU2G&l2m#LS?iwipHfD0vKH*EIFhqV8*dfE{?c9vo*s$r|Zt$ta zdW4BO$DI4{-UY7gUEk&knv6FoZ<(w_}OYM&^oq! zuO_RBm4}S>4JR1~uPPO(lGj9O8DyXA@PL#iKW}IMP}y5?3)k;IAobS+MPD08{ApFa zGbAGAhlk1Xo+9x9eJH6XYyAO};&>@D@8ZzFT*2=&FCVDY;ER$={St?2ce8+3svX*;{62p9+OPG5E^o7XyOh+y@faX>ZKDZ zs)~}v$o#A`mq-nytw+G~(^1qj7CJX)Zy^VZ+hnLXj?ew|>bcPE@cvd&x)-V%kqRR# zM@CWU2amdyIqzVG>XP58Y?9Zo*@3!%tktp+`P{?)ey;0Noc}B=NGka-e!lBA1l(D` zVM>#{Dn5xyq%%dHwZ)^$3ykmIQEZ;6prYMA3apK63{b6}ll#8T%iDG2eb9|ztuI3E&(zYcZxiG^B1k*NX8V0F4(1|l=7j7bE|z|W z^(Wi}Xx51Z}!1LQNUbacr#zVVXDD+RN>_3f84<~+NBmCqJ0 zrs)_es+w{$%8_&@xHvR-SZbulxVGSG%lllw2 zZga#$9Y!0u@iVK5A?-Hfs~9>WZT^%SetvCvBk77>n~V?ZJpM`e{7w2jq;5`lQc_n| zH#pit$wQW#R{L05EmlEWUOVnb^3>Q=u^Yz0HlEY}OiZE=noNS(eQ$+mny)U&r27sPln zStS$iS@P?5#joF}dAzS;LENjNH1$ctGGZ<0olE%%3Z(+RfTZC`cg-VS)uGYeyu~JO z{W0x@ZmF0}%KT4NVlY#)z2}bUX|%;PQtYG@iJEfrAS{V}(qkZ_p<=DB>?E%~<14B$ zH9bEv;pcB;|M(3cv;i&snDyuguR{WGzZA9onNjQ^yjI8lNZVJ0r)ZKkZOZp5+s&d3Q( z3A55j?_GkX+BZeH@tKJ+5YHUquJ3QCE=_-}8(#=TX38(fWn?P!txpdKa(ci))Aw zzdSx`QI}I!4D5ZfVQpH3 zbXI?F)w^x-Mfy`{c$h4Y!-l(|)+bxTu-asDf?m@g-0wf$y1NE;wDY=O{Su4#Q8A6? zKPfm_r@ywmz7i9w=^GCiav72))(^C{(7G(+g1r^O?fnhH7jfG=q?VtoaEV?J$3$7` zLtlb0neP`Fba!LxkPwd~PH$y-bb54lVhn|ltJ3bh%uu_dzS-MvF9YAmNDhrV=jy*^ z;T!GfTjHg`IweExCgDWDusb<3GlLS1G%$=0Z~=8TYN4m>{VSr&*VO?Um}(LiUT&U=Yct zFMVPiUqqoYzQU=@udPJ;_(}6=l4FjZd8PaN7}?)$Bklcd%+EFECKrPhhx!L;nJCe= zo(>|qQq4~;Z~+GLA$4wOoUW3vg6Y}zbJL7sbZhHlbktIZQ~UD^T%7zI$FnoE(C{uM z!%b{dbb7nN*;-d1!mM|_O;^EqdZ~nq^i}*d1~-~^1MH>3sMi-^kiN4&35`gp|2p=& zrXfAE5QNqf)GVl5(Yo(l-l|IgN1z|>pWl&vHzKa6 zBrTB9C`mM(&o(stU{v-eiGovAg0f%CUBdDM;<%7rpY8JAbUyA^t**KvbqxKmI7WCx zZ11`=6N#;vl+wg_%k$Cl(~`9Iaa2MRt`_+WgOM}n4q@{qOZb4(>8hAWtca6$ORM2^*N^mM6fNqdSk;s@eHLbQ#t0eDpCO+jqwe@^)Ole4 zXeJuJC`wrwIaYfteI1tcW%6PWg=*9E*ud0vbHVf;Nf)Fp!NQUoS7K5 zz{Lf|*~j1L)+CQ9jp(pFd`aaH&{0F#t4eZH_i81KEl$v!;$%mQYzmXW2V`4sWL>!8&;)h!n4sG0*w=E;3}Qx~a1eL2 z(P96dTEw2z4rrIh(1#ppD#0%XiwHTwo%N#Ue|2DEBiu4}Qw|S~)mD{d{)!VXAtv3|%Tek4oJo;(M<%7IHF$qJ#4|l* zjUk5qiQS7DL-Wt&sLG91O~?JpW9?^BNqH>JT0Em=_9c>XuHSXvKVs0hhUHxUt15YX z#Y@}VO-OKtZoO#w!GK`EP6C6JbqJV37KH8N?&)UL(jGH?R=f1kcS2r%!X1<#1xAKF z+(&P$qS{|TJl_B^G!e;=`GqlR0soxmhj(EYXBaQzB4t1DdLQS3ln4PVPHI5A5tbIm zq~raVa^nhTz{`WHIDl#;Q?kP-wi|;J$xlpCM+@9>OJ_$$Mn3ghHfjnwmF<0V^S53d zj|6-ltq@KzSpFg+H$dD!Bz!=IPk=+x(cj%8(Mhz>_=1{A$LZpv?Smc0mQL%Q+4?eqp9hjiv&CdRz|4EYQe4Q<3rNZO;&vjEA?7G!u_W~HW zXUixojxRLmW!gx{s;ig|gF>@#ax#gN7eEwUBAP3uzqK2kS6bhfVC|EsfKNhfva*aS z-(GFI+85-Z6u9wI)pfiC(^D>@j0$bO~>GHKu z(woPbMzbM-9p<|PQQq;JFN|FGDHZ$jGq$q!jzd*>>OIyJ6uiEO*u{rROFB88zI;60 zF(;dQEsuH*0>==V#jWku1Sagk?0n4Ea3h z=v~IE<^e{vvXb9K&OF?FVQ-@_?aoI}=#VgM^iAi_q~wM62om}&lg)P%+oe$&M?-`T z(1G#z4V-bcrwJ~W&|s#$f0W2G^kPI5z%n$)mqOkAJ67|pwHje>*sIOk#OrQvMAAPM z5NStKJ({L}CEEWa4EKhj>Z(*tQr!8SsiB&qmXhbU6HQ{GL_|;Mei}(YM|&T~!#7>j z+1HQ!&(F>?27gKZ>J=7XJx$Mb(^E6FQ}^c{t)XdN4Spbk9v)I@=e$Q4brmQ^W%>w@ zzRvx&iz?I9$N4ip$ftn3h`!iBO>f&Lr;rHQRw)KwbDO>Wl&AzI6@XoQOS<6*!3w8x zJQb583ldn%oj+8Ry3-X_w#X_q0GB-PDep^|=s$*YtDro!yuO2pgPlF_&dG{@p73SS zi)GNMKSIv*pf)(EqM|ZUV{UCd{G-g?2%lIaao|}9wZAZ{l7_m|!2FY~S6ak~^Vu)- zD1sc)^0Q?N@hMUAfFhz&g0-r`N$yXq_(w{Hc=ryaL}P4iclj_mDH@HepOLQA-kz~A zXLo!51RePtCA?Y6Zd;Xo6=*V&`Mf|P{A*KjkSVm3M2{Ud5(bF)w?stPW0ND4q8@Rd zEb-_DrUgfIK9eQjG}JYf_H_2}bI@n!XCoCJr8FT>SnsVyJgL(dTQb^MS1H~>7-Xgc zD;d{qh+pe=VNIf3dEWgq(dM1hr#A^Z@ov`u zX+&1pJZ@L-VzCnfSrRp8i!^zG+~u8t-fW|naN;7+BYXjI)a3B^sNky(A_(LfJVl9Bz-#~R!*JFu8e&d$@gOwv_LH_M)VExV#eaUVRN^E`7DS$EP*}2kr5z}nWwNEu1)(O_lmD-L5t{b^ z1!Eg|jdLS~i#772jED-G{mFnOF~fc`z%|2pljvsTVfb^4X4cS0J~_EIzASCR69laW ztK@6nSVnkXea29meyjPmPDsMY-k2iE*F?7(lZ+$qNplO+ysg{Upy^5-TrFmz)Stn!{jQD+nGIVd~~E^fw?5D zwz9r{sAmibMXS0DB{Ue*!>A)LN#wPG1E>sJ9Ym)O?V}$!NGeQTVA$6_36a#hLeP)K zEly0Fd8^G)eQ|{H{k_o&tDRUTb}M-V6G@c5CT`^PZ>-9!{Of>1Kfge(hNl*k*(Sjr z6h9)XeS(tnk(MHFUZJo=;O>%{XJ{#kwI?FVVHXl>TWRy4P#>8yb7(w$FS_Cg*qn=()=9RIatH|$QJLH2@QjMdj5|I*4 zzQ`;;%nu|{ekW{g&GGQqwa#*TOnbQUdLXaKht9QrdoM`Cha3Q014@SY0?yFDuOri> z#J7*dKw_k1+X9CZ2Yqm$(8|^_iGjP^_Q}d?U(8-*Hst1`5;{uq+q!TOOMCN=n)Ryh z-dAtRn;hGkY~d!?8NN>7TzdE?3+*|E$go&M<)}8Ygom}vd}@t%M?KY$_juq&KNk6# z2)`Cqn6g^^=K2+!x#3>L>$I|Nw=`lny7cn=?*kj+pQYs>n0s`7SxM9MrAS2Sz_BBb1y^>*k-h!@) zQH7Cj@hwdQqa?q3e)-kc?4P8pTj>YOA0;qS=hHtSANesf6TEHM(5_h}wAnDoc9Rng zn~vm3cjH@}AIvQ%a~C~r)wJ@G3(x%Jh6FW5Q?h`c(L9kr5z18}(431^QZl0(WfXjC zhC?_yt}H!(PvEt8m<%lzH^R+JrLrp&iwv7EDV@~U&Q#!bld$%xJU=S52v5N^u$i_t z+vD>XP~yKJ(1ZSxlfZyRmtv~-$2wysCTpt}f0_dUV_t0%)H8|dU(^LXFqpi&~ zQXFEzSJB=xS$q{_fX!UslB-ca^YHP6WFQta^1gG8ad0jw=i2qtmHLz?HC9e{aqTl= zf*cT=Hd2}+!|(M_SmGF0=Q0u7TiHP~P!==+w(*syAk7RV{*SNPb^j4)qJ zO*D2TBHn3ZEf3{jB*eLT`3vK{IE+#iT$YfGW3Ep`P6ipt@_!`ZphbLvLhi@DeCuiM z8rPcyjoA*0r){S+v6m1`HPt{CuQ{m$BB1O>><8~!@E}O&uk5%<2Z3ZX%wlw82JM!E zv)cLcBHw1Xq2bIT>UFFn9?Dc3^{e7vY94VMR74AWr^q3{=J%bm0GWx8rT53z|2?DO zhv7DtTN3yV9u=Sx{ z0(D!3!}m7H(hOI__087Rr#f}?qk^=5MeKl8{Hr)z+IakaH#%jp=>}xAC!I5|dIO7B z0t_iMRpc|Ponz{&Aw>^{)GFo&`ef$=EBY;|U5bB|bl(Js7p@v_VXMvZZmi=*n3pK1 zt0{efvUK$^m(*wDvX$GT>}$<~_#@wfFd%RyUh1z-{$KI@6}mh=0TCS??dchs{mGHt z@!1E-z9>l}-7b{RP|D^-Z@SpsfXc>^qKDbcIx|(!l3@SJ8dYP?i}G_79d=gD63@cg zaKEc>6S0Jxq=GJPr-y!BLppi+Hja*`8U_`x^wOQq1CQ{5!j3^h4VwQg%TM02kIkE` zLVxEO&&?a<52Kypp+|Mx=g z@xgf6wKR0}*S0tJSI7hWlNGfTdWVOHy`Z9vE*K>Wxw8)I?Y(H4pH^ck>m9G_W_U4; z+bOdi`HKaJcktbB-d4$2{}ePEe2pthYKI>z>VC2s8~^bvWA$bGTR%S~xqnIw{w+tS z)!{yfBR8sjZRnf&D{rE@oYAgp{gxLkkjetA{B%T+EP4 zao)|n;t!Go%}HxpOii#IM{2HO3oZuf{z8l-?wIJ9&}+~pKt`I&(7bg%0||P zukB~jANK$@aP}@!Ay?)yF&8H{t z989G>LP5q{LX|?v{9921ib?(o#ymqGY~jXE*Sd1odW7l&dXG5nisM;Hjl8@ZFHb!Z zg+k@c=4ste-+?L@#~|5@5Vj7>ib@wpXD5q5mq}$UJ1P}R3mZ}bqE(cre`;C&YX&Nj z)Kq;7n~V{fj8J!ZZ_ETeHnlgGYFAk{PRX#B*OR`ySgEypvX+LX2L#X7V(r|pr?=xc z@DJn|^nJu3UHI*HQ^tQBUzCl6Z(yRv?3*%&a{JSc_kI0z#RV!fPb$4iP&=z>nve0_ zR)Tk)#k&zNG+Jr%qjt6tJbVb7O3&*mjDWAyZ67Sg+F>`!XKJH%is0l-rzWh!Y!&Ch zh->h=Jx>uC0wgn=*cj=E)(~DSe{T?eYHMh3Y^z1*cl=z!*?8AEaNUj&)2Ezz2PvR* zZBjg36L&z5&$5(rS3+~`1!O5vYl_ljEd04}cl9e!>H{zZTH!(IPHoF^?q}8>@RdaB z__P)bt6c+;c-1`LT3k&Hlqra=vgg(?kS5+E#ahWAxdTen)Q+-KEXRKL|uYF{G zd^uIwVq3nl3zE>{s%8*pGtu&kV5`4MC^O-J6O{0SZTmN$0|L0ewMc)IG~mDgRvG;% z@&EJFUrPn7@_+v3|6K5ImC>Ky{5@uWs#*TM_%Gb}^V1)%^Pj81NB!e_{&U6O-Sg*? z|9Kn#mrwntXz8C11snfQ*!l0p|9;e8vHCx^@lR#VfBxuy-Udzc8Por-r})2o-`@xQ z|6a5Ic^k+_st(wdl7%XfsOaeVO6C;574mXy|NGhNX)pDHkSD*t&wTh$L8{yEq%-SB zOIq5C^QVjexcp~H`6v)kKSuXqi**>K$&a+GjBLbC^qAofk}TSNparT9x{0Z23;+UR z_f7t$!2hgFH`lA?)rCQY-2TBCeoB5`GRlEI!RLs7jQ!UB4_ze&DtDj8ZMN{IY>?$T zbB@ZtCDMPFPFLJ_h5AiA13i}@6D=hjle`wBx*CHjB>1lNWvXw~&#%9;HdVN(ahh}$ zzP2Z7&P62gK0ayq_eEhq9*~0r=+~A3YJ=+Q z>N?IRc1OOhpR^=3v<`Rw{8f^35y5osF=D&b1UkbE zRQZ$DRD9!0-*KB|6eC@)AGdxj?f2So6#K?R(nKniGBdgO z*7!Hbc{4DwWmnt0+cyt*Gcm#SBUW{FZg-Z)1J^~>2J-FAiopl<>qJu7MVEa;H6=$2 zi+YWi)A2I~6Ip2Ms=|m(eVqr8XKmPvc`D?^`Z;Ke#6-zRCxiYDhL){Qk!t??u9{R4 z!=ifDpY@ml?Y;T=dmjh|9~~7ZYi(AM058`PGfhR6j_va1WYy93G+6uCUHI7p@&N#O zE~y5(8EM7`s#|^}7wHIyv`HFff%~0GGgyQRfw~9K5F-U*TnB4@aW^+IgN;W3AFA#w zo+~^37VKu^#HiAs=V?&6Qq`8tv`uJPRp!!}bP|%MjTC7$TY9;EP49tDs@q@=3wDT$ zOlh*cyQ2i1E(UctJ0nif{|P9-`CIoOZ*G%}S7IV4R>-Bx&q05R7FZUPOOb6P+C|+e zra3q3*G6u!M{qb*qevI4K^L1+>v<4+DX{3X?0;Z& zj{O0h_BlJsJ*A7yE3M5;&wH{uJ37m0cOfjnRSdcs)qY}OWHSLx%RtjZg2MZ^zvz5JXwQW)2Q0 zA>0w{|JvshuNQiFdXnxc8pi1Bn8tJSqr0R;0Y1?n!=tNb>gsIWq`~%DMO{qU)KJRB z1?oj4Albjy>`Ni=_TWG^yVm1&Wo;#9i&>k?!fH>g%2`p#vSGRBjhmxZ`pDtK)WM%7 z&{fvgr~{cl0s7)%QIc9|4lZ}MKr8;K@$;vq?i*H!=R(7ynZhFNT79>eDDj)Z+X?+Lq}=0Ilo@6GbRTt4YFXTD!P+Exn|eWKdZ)%>T%0uS6tBMky{FzA*%u%#e96Sci7QgG!6Fiv{Rn3FZh+oY zL5N|=Umk!~igLcR|Gsx<=z~xjRC8;yQw;R{yj*{-yzhBUO`ij@ehe0oT#=3L9_|F9 z#wjZ;c2OHgTbj8U8A|aLU`KyXI6e+@Lr8l;-f9s(4)&~eMQ`);Jn}U@UKCF3cVHhb zF3v#{9A+J(R}m|GCOf_5s#3GOJXrRRe|vSN8wnt^5EE;MOAmld()6QAjXHNPFbYZS zwS-LSQt5q=itkb?dnkYN-;nW-0SDE@v2BuIvop|T<@{E99eaNHk=;)zcbW0w%UrFZ z92-lJvC123c)0_|ix&4?`=+p%%I-Cq)G>y$Ev;MA-`1sj>aDlZ*i@wBZR7Q(vZMwz z^h0LZ9u6m%DLbiIZ#Ua&q=G&uXW<7)4#oWZ)~7wA!;f7Nm4^j&CuRGONt5tVIIWZD9^~iB#S^{oIfaNX_;_n zt6Bg~&<>x*-N(o0qh_K~)-ZZYrb<5LOEVMIYGKwOY=26mK#keCdJp%G%J%qKTw;9< zRTtxR>rRb7_7^kUTo>zX-@?WMaqjpe2PzsZBx_K? zZfx}tQEpWe85^(5;AkxHtFy)8Rw`R-pfkpWv7*JlyX86Z(biY)*>XUKtEgkACTYll zH_^+oC4heG3B`TWgYBnkqc*77bOAyN|4&DWGfe-$;yDQOMSwet&@Y~e|Ld{7^7a3}K-2o|M@4`!L7W;?;$%-K=v3vGA9%%C3?%}in6KN|n7{u} zo;Sd+6)trg2vA+T{e6DQckLkt{KArs$K~`)CH7Q4|~TFw!1;+$g*5o4PwWHlZHUR8ZH>xK(!en6FhdoScD2B-PiC{wz{b>I0NC zYW|1PM+;3Ep)}!BQ6tbI$k0+tRLWA?YJqW(HU<|fmYuUQh;-~tIiheIrs9~OX8DBL zD_$0Mph;J!it{msgRU{)*a?%TM=QxfO(m@5Kg^)mMBaDpL2m=UPK{59_^s5r6eY$c zUS2Kfy7`>+1Mn2mYrfxf_^DgLSx4x-sFKzvNeR^{T-yF7IDCKpt|Ui|VtRDa8R~Cg zzSlDCI#*r;y=&tInKDivt| zDzE2#!zn=Vx~`$@hK-9cT2lVE8a*wCHm^#<4?pT5zT4ipxl3Z&{2b8_t0lYMKo{_m z0Nanp*9Kbavm1~_wXT>(t3Z^s9F#L2R?w10mi#g&G$;ZsJglhDrpC%>-`-j%?Pqmw z0s$5+UC+YqJ27PrNoJ+#rMw}nUpWgK zjJeSczKf=mnEp+H!M2Yq-{u|9%1CMEM)iHk=-gClvhMWEM7UY3LTpr02!lTBI@)6= z&GSwi;0bLVZC_n=#s0zFAX->U#MGl1#`N*o$h;IlM@55Negl;;Y`DxmR(D^0nmFJ9 zU&M2pL>I>7A0oyTCko!gLBzVK)uwqG*z{)wmq_kUJV<@mtp;;LRh0}5?ps&CsV?5H zckiH-KKt+-in~Z~f0szw03TU@>z;3aisGagDk~Y^Xth0d2av2qcwBTwB@m z$q%O=)OrJVoc!X`cu(tix#1!x{smxjmR;PX>+K=t26*+@Nls0x&N6vLGgYbs@!oUqA<_0_c7Iq{ zFfK$anE$>L2?R{f$M0HK!60Y7u2he6Vl4E$flwQ-?cE)6rkUaC2BV>t>Zq7%K~XDD zo7J%MIp;mN9u|J$(KP1JDv{9Ve%&Slq{D^aF~)=BABA&Y!*Q^1_ec;?G`pzpuXi`K zZ?E@R|2QE)V{~#+H%rFu&QI(`@?Wm5*M>r21;wG+7=}C1CMmiVy${}0*=DvtQ*OGz zsX&;TU@E`AiU(GBfEP2X?Kw`7n#(iozEoA@@bg2 zk*SMrM>IHB2Qfp8!@6_4&TMq!=;+s7kjCGT#o@&Xue~M_pS!ufD?B2S!iD+IYuWdA ztrk9>haLX(QwMymmM2MKfH*5Cv-^>6;&1m1S(RmG>A!aLoFh9YWh`xUf65MBge*oib4%mQ(%~PO z7M$?2Xu-%-p1JwX72rkw9LQ=P_*~CvT;`iJl#25F+Zolxn?96c2(Q@_29!X9j(`Cl z*Newk`)7~ciz8CGofbzix0uqNFGs0?3N2@)+rYp9%Y9Oh!_2OG_(`6$=8#q$r`L!* zQ5U$`5M8+(pAS%R`?PeF}+$;$vUrKYOs6?bSAy!kV@MGkVy^!2% z${0eZ%ujg65`XDd_lHb-$M#AmO=tK~oR9Bt6R<8$;&U!U++Va{OS(S_LSx>A=#< zyNAsQCaBH6t_Ijry#6v{7k*HAS%Q;?b|%337A>^0stW@9Uo|NNw$G^6g2&k^<0 z{kE>|&;07LN~iIAdEYhfD+rj&uGO@7bSZnk229ltLOd0v35IdqOYpk97O(0iouX&k zXF|R2ZmDIGAnlNX{{RuZrKATKXlQA%7UHo%?-%W z#Z@Zb$$FVn01E;Gc}!pOe50=W7WtKxo!Lx~tzQx9>P`395R}JNiY`VU-T9&}^8mx= zJdo0Y)7gBUik5?T^(K4k-UzxH(cissa+tD+KA_qrY4l!nJYxuc8je8?!~^=6$o{KU z9&*PoZb@RI&U7Jemc4hG*b^Mc9j^-TPUV~WCarFk1n=DD7Dc+rjM3jyfY6$ypGzPm z>063hwSu{I$DuQtg}21^0W`4U{zlfve`mqU?K|q|SMwBZpW50??8o$D`vn<^TRwOD zF6B6TQ(WvJA3tT-c=J6j(n)vwU0YwjmFXhreg`e?*QqPZ$hWXHeVXZYv>u;&f1H~t zaI#*?hHKkU;zINMYK1h_W9Mk+G~G*CNk!j*n`nyBvP3aQ5|BVFi>dqbQj?L!*&BP$KE)!w_2K-!(BTYBvQQ)Ii?m0evy6AkN2vGR`ssa0$j9efcn7oh zebgy#n;X^XYnYT#Hnj~UHIMR}C*-wO-vIB_34_{@?TS$vaZ7c-?cMUDEeD5DY`bXr zbb#@vH>@o((DTfa5ki7C+T?n^ zD2817rAwF@WR$#*yRuhCL4jtPgx5x0QAXMf%U)@V|KE$M)Y~xxsiG&;N-euMy<>XZC zXP7y__qZa(IwN|wfE~3Bt8ftrh2SPN*t*U807nZ>1}dtYgWQuT>qYdo22;cron>#>8}&Bt)&ms@T(F4yz1m)?<7 zuu0L^Ul+&S9k4FpU!0E5CYb!RH4Q4f=4E|C>9XrVqIe-@2*LySqvNdyPmg@yHzN@E zp4HN?=L;RLKpRVD=7sb`@<9k5+z@Znr4p&qZ7PEuIKdT~rm{1j^=aBQ=gR3JeBSJUUjU-ka%j{Xzre!xLJ zDQpi#)0y=s7LpbdGQtwS&6^87b*VPp> zsZXa~-{26ORw(VAIg)Hre6{5{KpuiAtk81|YWQKU4}+$OD+U4_Hg;cQX^*ky901OGv@t+ZT0uDU9 z&$CT*2?bYTO11Pgj}8R+?~5BHWEXdSq(6wfP1Pk5aDrDAZ!&56^Bfgp2w-CrT|q;k zo>zXlcknAUDAS`WL7!8+6G3j*Qv~CucVL@T@1Vr#gBps>gJ)yj$5&&s^?PDT{0$sK zf5CxWIN&cTTL>xYHfS(%k+l`ix5@X3L# z9}>gl25YJA$KjXML%=$|eC!G~5F6kY6Y6f}E?jP#L~@351QVnky;+QK%yCb81oQvv z0COIYGj8tz3cQ_uGr(G!;=jsrwW+rC5L}88y>ad5(t3^nvChwOl@zj&+krm=VBUbu;h6g{jDzH=WU4FqczwR=Of| z?~ZpOvj$prxg077pWkcnaxWDkxz78*_ggu}=9&_!-eGj%!V9D&q|8qmIy6qP9$igE zrZige{mz)2?plIx*r<7lvYnh-kjmUG=)y@rmxja|8$A}Sn`^GcsmTeTEEuTAXgKe| zQoFo|UDsBM&s7jF>xu%Iqoy(AWZ?Ww;MW~%nztMeHEtJwlp+!i)cR%-g=Ht4VD#vgj_5DI4gBSukU8*|dcQoO7 z+(G#~ZHXU-VIhHgAO!^Ox_t2dE##8In8cz7pv(S%PTi`+{pHvAO4x$R{_f#*86v}v zZ^@x^vflUEfU?_xPmfHFJZk~r!MzNx&Qu7R`1554)gp_y7KDYS`=c6Cc=5&c+|ULI zVuRtplbp5au`OsR&!a1d_iYz{VC3GU1HDJ~65sVa0HNdwE{@XikaauxLUT)=O` zFJ|kZVC3Q)VSvW$tZY*K+3FlA?9zs$UeA*5M{_dbUCVd%A;|UT{J2zSv0%~kYU{Nc zQrOFs;>2IF?~YP+T@UcpMG6dvNNMCgg!rUYTgQmnhqmgoW*YYtziR#@Xs)6oP<93a z*xe?nZr)dTNH465iDS$_>cvFI`<7Ek>~rL8Pce1BhMKmb%bX2O-Sz!zM9+@#RoS8Y zy)ku^cA-9N{-!n!1o)D~{mDwjTPFkZ&$L*`KTrQekYEd~e)EV(!n$jIUEFm-uZMn~9imr07fxJQ_2C_q;6HI?jzsSgCJLko;PP?bQVDb{ieMeNhnK6(ZP^)NYTw^=bVl2+_hGl$!c;4YV z5C)co^xn08%DL6maYa+PHhPS=j)SGQKza}F0imKkqy&h?#e{(TGfaAJmKT!nAXIkr z0s|Gmn=L^Qhx9n$rb&Srpsx+q$l_aL=5Eo=p!fpLo2!7H8q{_J*GkaCb7=w_m0>|#YmeFiZ$ zRu`DuLq~uQ#Q4BqY(s>W3zWv^y=b8lDQ-GfEtH?ml+|d#h|s&W*n3!8YGi8t&-j?Q zlvqDlN0Nz-`@{UF5F_I^$ zgr(uBE^PJKq!YHzC3xMIid&?W?Gg9ptJQps-Cp(Kx1J3Rgn%#btzuFymsUqR8FTSX zAJ_$Jw`|g;oo;l*;9%V1?IT)|PaSVVT3X1nncpqyjSqJVLXKvAV4J0OYw+9QXZJ;EP%C7?S$>$!=Xbyf$>4&j)XAS z!`sMYzzy7=`RT$Dyl-!_;V&}XbR!hrdY;@FsnMw1fz5Q^HROX-omBNs)@8Y9&KC&| zuoT=+mk%-7`>Yms>CUzH+9K-@Cg8HWNUtwEX<1ia^FI4%z_!QhA(vKP?9HM-KjeM8 z1aaGEW^RJ-3Bs^HHeDaDPgZeC+c^nU{lSJW3~VkD4h6i|I$@BwMc8|n=LHA17#YuT zwu|M%U=$u`T$~l+U}*eAjpR5T6@2EGW6G;F9Ye?~h8v2JOpYPblLsk;Dwt>>zSP(3~hHsR&EA(l}nh7kgvqo(l3%g_%vMw9lj~7 z4|hKBtNuC1Q&F+#DHtW0`^Dznvq`I&TB9K$HbRe}d~4*E6?wv{{WA=7LIT2<&%~pD zeskVlSMMvG3nnB;L{H^$xf$hHXtB>!*m3$e2N3RVZ{pA8mKc*Mf&&mNSOFe^YICys z|KaT|!>Ve#u3^9?L`4J%5fM-3@Gl9|g|Q%VlI6H~2x%zT~6MMb-QX>|}2Y~uw;sTU7^nX>*I+HoN$p}OtPak_ql zL(odPzZz4Kops#@Xi>2uY!8pmj@t8 z;9mJ1>ds!y>b}mfvtGO3Y>*Wtr!YpAN}@WPJ6i>2;gD)yem*x0v-fbBTR5MzIQ{tx znM-j+OM=DqmZWT^+OuDetA!-Vrov=C>NqewMu*$C z9);>p|BB~va00G*XonmWs-^64W#1D)2ADaNTcg#COcJ}x`_w?1P~+s0k5t@aRwi~9 z2uOB&NF$cXxmQaIZLG$e#tmN?mx$YKUipNjqY4CG)>t9^%hcfV{KSnGJsn-bG;&@y zK|aCth;K@2Z<;Ko#}msbCoj(idmK!2Q|{yOQ6c|ptcZGEaY66mfKNzu&5-Q!dS~9a99jwT_kUIjDbTaMLXTHe&ThIf!JG3D) zraLh>9F^D94j)vlcdbgt@2Ato1NTJ~%AkAa)P^I?4V(=8!;a=y{g(P}D*zc3awL%(iVZ(s|!oe^)MujsPCg?fQ`W!|eDIS5{q z3?jhiAO7QCY0AH+gZ={aMEwYJ#^~9f53uDQvBdvDP9?|u|EHV^?OFX-7WFS9YxLXv zTMYSMny~+Tb$<{3U9$8yZT-I~(9rey{|Mp!+m}x9Q&$-mlzjSH+r?eg+t|}MLeI-M zMSr(*c+k(TnLgbSar>RCVn{RLrTa!uM+$ErGG5TDE?JW@^v$FUbe97P@-V&}R`=l} z;St_#yuc`5|3Z*xwKUpnZ#->_dr-!nYg5oXPNJbWR`nMBOnBS2x;$p2Pp<~jF^n^pq}hzVNg)}QDI>Ps{r3hx}HUyHzRZf>x$FSH!FHo zGxPcL=lF^W(5GmS3Ssg#B)fdi@KV^3nq-SIdZpd^Z|8?yHxB8Y5x1kdV1PrbQn9xp zqY~9`14`p!eFhUDGCVfoYQjeu4drk}rS6~o?|9Fg`A}V5-J!21Z};T6nv_O0K#h!7 z2XU9WI`eXY*6}{?4Z2z1`$ljJ%iWGk?n6B`UhsU8Oq#9rZZwa=Ouls_(b3b`PYo1_1cfU@lPgqZ7Z(?Cf`b_8?oVy|U$G_yC+l=B^SY2C43>kqz3hL)`_+Q}~jjd%9-jO4*8qNY-}Z{KEKZ0`S{9|RWzrNx`$*ZvAP9SF5JI-pxyZLpYo z-FYfla6YGTvsg}k5AX3-b)XO|bn0_|Xzf*&Vfvv3stn6|yGM-{a>-tjGZu(xmr zKI_e1dQb%&2V)9X2Rx4QC)$o5XSx&GpckWU?3B8$s%k5#EoPW}DfuLo|9|*&Z4O&DbF9ePFX6?aVNXjIU5CDkw1P z3VNW3jG^GM(uXwT57$R8bBZ5|i_G|Ki=IsVKnQbRHLB2oO(k*nG;5}~X;lR4DRPxQUC;6S@a(^Mh??L@AMnL2-2V)9*1c9_rSY1*fz>fV>nqcfWiF5^4gZ3gkr9 zOSPTGYmF3{6SR|Mj(DM%ce%SRUGs&fRqK;cfn%(?{Ridcknh;Ig!}nlzABnxp0K`& za#u7b8~6=Z4Ge7gs_NIwjKgnPIXdy``jg)cEf zbR%gW8gYyajtXk`zNz|o5up|z9;vDD(%0^R>v3wEri!vU*aCEPce0suY)Bil?OwuN znOhPjT?cj*8jIJqn2xy2L5g=UUU%th_}eaE1{LHKBy`zM$Frev6=6hxU@EuM%C%n# zbfFb%J3ii}JCyfzdkp(dAW6MuCM%JC;!MQ@Lbe}Gji9X9QLMNcdS&A$_S!)!>m}ds zJ^F@*Q#&K{T&61vEA#)oWMLjfHdgUkw^CDuY|ZQS#aT8t#Y1=IPxmvyGb(xAA`qcF@Y-J)4Jl7VQ%R zkd0K+$u|oc6&KTyG3J|*NX|tyE3EQblPMs=6t(otc2{bRprirHFLJVNuJ_s5ZmYo{ zyH};e%E+D$W&;y`c7_Pwk-9rzMK2~E>mAvqQg*aq$G%*&ShURNx)pJNvO{^oQideL-2(J{Fhxru&;WEQTu#>c8s&XItfUZWE9ou+ezsEsXcx zG?@>Sdo0gDmLu-qymzC~{A7tqKp{8;*1pqxF$a+IcEZ!-yDv~%Lwu`bnkgLmiVRD79$q+)TeuX!^f2)*YpvSCSK04SjUEY;4+MJbOs)|^kpI6ycVn+F9+s{l7%DEg)*@fA&r1`ivX^Hg3A ziZi0R7Ni2AQgLs~n}1=yH$U#zagpcbgptX_aDN*I+i8C!SW2_RkGkVL=U_p5GxNhD zZSjly@v_SDd4|c=jX05RSZ_fqxA?O$Z}OUi!((~0^?{SLDg9ecwudEPE{)AF%_q-?caD8#88tJ>y%zxd0vhhpShTdG zqeJob=A#0SN0Vsp%FL%pCfd z8yE2SWd5t2!)lNtzcUtGE*T{U)O99P8gCs&JBI45rvT zq}K1enhdmGb=X;xN$)NhzzGaM+`G7TZ#gb5dwTDeTt3xXs&}NRhldv+v7k7V!f>BH zq1^VVtZbgpo|rDG2oOB8=O8F!qV$1!gA0 z;-xPJdPVt#oSa3rw)Ty`tXtZfT4Ty}y^>;R$%=(_DxoJTxZ#5SrcbrBV?eg}>n$ON zM#DZ#bxe`TL0qURuT}&PM@zi2O-^fCW;NwXv&a>UcYQ4kmt%SSc}JojWkYt1l^`ab z!yq)hC`-YUTAt?O4Ft@qRU{IlM&fe?8$vDiCfTjDB6C?qX$yDl^@c8JC719n4aE3e7@uS#VlmBJx)tA&wbyMT9(|tE+_Q zyt$9G(81oX{n8>f3zO)XXuT)n<*z(8VEDrXbu%(5VDT=}r^KmB1kYhv)m+QbU?+ET zgSJg$d}fN)ogpjZ#PA?CmA#RyUTpGM>T0SGmNTemGoi+SHHEL@TFqk%>#4#Bpoi-4EpsC`%mP|_UNV}Ic>Xmh&*bRi0HhY8n3xzf&9yl6 zMnCK~E4KG(5|A?sj7`iFtwC~Cfz-TadSzc@VQyg*V4QzyaPb#4rUv#LL@MxSeX445LI~cmj@Gxq z?hrctj+Tn@bD-(TyP=o{zzam81mqoCE>)zmo$QIXosWU;>_L0L#$niAXfx8x6C@WwD;f~H`xbGGnM_P*|JV;@C$c9K z@GHp2I-2Mn*bWRV6TT{3A*fdF3N?9hxR<}lEkNu78GYzj3{z00^&4w1ETa6dS>^z)DNtJ-TvMO0%rceG!??%>YnX175Z}-X$zL-9Pio)1Kh(%ok!5bIJIhbR%sx85vik?b3ROhFOwpMMCC60Tb zlE|v87ISI9LkHMU-*k%s^9F!l2{9?j_NJ?=#fJ`trslqWl7_}c`*&~@<@=ziNW8`f zqDGvWL4|+g2Gp2Ijt|BtDqSZ?_!y>nJ5=nXwHqEX)V!TPS++%o>gYT8{}jujC)NL( zqOJ-zOsO9~HZKKl;sqP95C>eKw0yd8*`E>lO|SXwpJ7f64U!1hH;=wg>B#2kbXgPQ zo}YUCzI*BG7u?|SuOGzue#g(4pmJUf!$=2b3|b0bx%#e{D;u9e<5ho+6Es<)Ma<|( zd(DkN3mOZ5Y522MQ)OE0cX*FZ0YPs@i6RV?aP^;Us%jHUL~Z{%@^`htA1VM%TA+(* z{*V>F-$V4J{wYWJTV3{V+t7~z%>ux0{AMoxZ2G6r?e|gta3a5B12jE=zQ2Dy{0Ygq z&pKLKW}{HbnF=2421c5inyRX#SqiXp2}NT1eu0;^@9U~U&OM)S&VudZGiP?G3m`rN zeQmPLesV9AA3}3nJwoa~3WF=ymd~E~A`k<~5|M2QLKYSlW1XEF$y_gGWo`D>CbD{K z-*L^(&ZefM7|&`gT3K1CtE)SxQnRqE4Wn$zRIUnRo~S`-6-<9w7N#flJNNjRg#_qs zC|a)T=$g7(JyUkm>8hZjt=z*81)4Z<2{sXt=d>TBb92JKP^wsWWPyf*r)qveaene=pY2a_>X-0Yr^&qsh6ifWW1b!cr80#Axsi~-@w&uGcnbf~!W-`*#v$L>VA$3(&RvuhYla_9O zdjY?`w)Q;*4i1isi;IqqPJ0}GUw8MHkyr%c=7*Aj+ik5QD4SHn@qQ@%T6~|9RGg9` z5<5RVeNIAJN=nfBmza_gF|#U+iB%C`Ay2$pw*y;&&M+T!S63gIJc=!QquAhKY`z#0 z5(|CM%~lsqdTC_=+vVD9igr^0_fh1nkj-2Tmhyc@Y6{YOn&LsLsuwH9;0%k*R(?zwd(#$8Z>%a}gR!Q!; zjY&*(Zyf8TXMUq4UCAcp$E7kXeuJW*Hm0SS zl^SSvC+A?dd-k2TkBA6_W~!MkAO`-y&GH3Vfk|P&pyq9~p1#ra4UFWh_$sr1)OA4> zf=KBrJ4wb9X!5+hgO5zhtlaMtO%oot<1)x=gc!KDQ1<;!uj}uHlXxrzqeh2WvqFG_ zqa+iUA(Ra?W4c}?<>u-d5D@Sww;`B9$aXHo(IG!3W++86=2LBbef^d3jg1XFQZ6lb zSJ$J1?Zx%08>ZUYn38sOc3z}9cCP-@IsFKBgN%#}K0dyDEK_sy%hflE{5@o4WbBvv zU&_e5nfJmWqM@Pjb9wy)sfN0Pz1BeC5%6(jWF(a5!*sZRhy_vX=eoK&OiavJRGtDM15-BGBti~0G)CV-=l~Yw$32YY2 z67ST+xj-U&a9*MhY?tMX!@c6BfXKU?AmGC*JHuSAug{rr-F>{&veg!fwHw+s2i@k1 zeS(E%`guz$_jdMnb~Y!9y<*%*ebf{d9V{w`2U{5M~2qSSJYpiVc zM{(1z|Fm(I_U@3mj{(!m16L|uA=B^05L~-n}U17%|)~-MARbO*Q+(sjRx_T zm_8{vOFT4M?!rxy6*2^K<;?W7cFL1G%BA+1$;s5$y8HTkyo?o@>FI}xt#q874|+3I z>r^ABCMSC{l&N+u`FMHVBq7<^+T!8k6E@6QGgI}ccHim{&0aJcDqJ2avRI$2qgTlI znszl>&t|6OwVb~T=3<58`kfRrGqY65nBFW@96qAfTU~*2WkHrgqVS?t-vOv2Nsg9^rsV(Wgs&T z9S@G){pt>CL%RFc)^!>5ejtRG9;i<70%IWGiUbkZkzr!V9qZ35JlHsS86VSySMXbj z=$pr@G5O&2a&llRRyG+|etLm;J||vBEoZTu0tkOH1=6sfXqHiU={5f$*N~$h>DbsCE~ck(XQ7=sOmyXn@BVoR71XAx}O#Kl5o#S{}Fg*xRH} zGU>B(nH)L!M#e^&=@vZhJDuMG!5~A&rn$3#bcakZXdif-7v?Ro6%U#3a3Q~baYc@P z`}FhuRmsQ=5Ulx&H+hGPk5!E;`)|J_iK;Z;Y^yBaF$bR5%&lhpXKST0v`v8is%%9$ z4f%m#ixB4BIj4J{`T+p~zxxY1cLBV;>mgQvuVf5Ya!QK6o?dG-r$i}n1TW0VPEPx6 zar_hYgZqSpgs`y1v*|U#@=(hQFFA816b(%^I4lq9X=!C!Pd6cvOcz;h6fY}!=(d0V zjuq3~9TFO<4GXlc?p^0xkOh5IUBax#dZA~vT~SfNs9JdT+`0A1r$36MJUpOkdbiG> zsI{d9sZs7cRUg=XY_$L*0_tiSZO$4H2s!Va&tM(y9q2jd6~ks>q$gj%BXoz$9eAuH zqAKlaXmI~2Y4FKf4{-j)3|U;m`uT?s&D|#q%yIZKi|lnK`U^A2V|U4TDLVvsv1GkY z9(ht0HTRiy?i>hzAv3wE z8=H>1Q*y{M&?U{i=AeB^o9i!8E4FuwAEjGvIMW~vN>Tz3S@CB29M^_^xAE{EPGIVm z78iphpU3lAJQJN|e2m|wk~`UH$A10X6P2UDn)(hqkaykdjCyyM`Sc-AVOjxW#hW71 zl|c`K*IQdV%MYw&=FU*u9LU!h10bKTX*TLM{?j*a=`4UUwBYjLMV9MCqc}w^t*vqF z20`{YHnVMUJXVRHKVzz-4+1C2mcDAw3=YQsSX^Ap!_1tOot<4#ackhA zN&oP$nw5!Et?H-t1fi_Bw*~gAql|(prCQZ*zI?fB#k!Ywugc!u-rL)I@_S}xX2`^k zA7UD17o8rG5vQKQiow9ZU`f3{JY8vyDJ9h$Rp}~e=9aYA(c0Vxc~0p6o%WpT*_Ek| zMJ3B8*KZJ{g7oK;0WcgLG`U6%qXe_e!G=IvMjayj@@Fw4Wo~5eF|#Y zUsEQ<#i~HNN27s!x8O+4PxdDtdKM{*qTDSyTke%28hSPOAWC|D2+>Gd|Rx?M}SyT^M%qt3<}lVgZN1RnR0-iUl|PR8fN zMNLJZ`KW`LWUM#_qtwwkNsO{{hU@ZR7P?)u)A*d{lO|d3KL87qKSazL@6IG`Cn==o z<>o46X_&ow^=4mE65cyAzxVH}T%XribmTvMqg2({_$(8XLPA^|7Z-Q@D-sFjr5D># zgx9ZUsF!l_yX3Rd3dY(WAK1ytb`72Pzj2}ZjiSk{uCDGadC3eM$F9U|9*UPD=U|=v76f4Pw(J(oWT+R31uc+#KA*P z(C6r~?SC2Y_mdEHF?m~K0fdZrb^-Z?U}FMAk!xVierwM8+sTjv&*<0sQu-MjRS6fl zOI;3qDe`PKBQpkG$jiEAUQV9*D0Ibaol;)Up* zvnVH0?91`-6_K=8mM_W@R~|TT?CncH7NL)vUgB31UNegCLDkv>-q7xN7WO-jgG9YR z$t0qd#1FZk7{V933#JZ0@Az`tnIKSxsN^_VTh~st@^Hdvq_v5Qff8%PY6GFu!#8Yl z#-?M+k0m4Wo9~(qgi**az*#(U}Aa9GD9s?hCMx^ZfiVj8|9t&CR`*Fx?C*RHgfa866teg2cpEn=`G3lRtEGyHce! zQP$_^0dX;DR*?D6&(A9>DFqm6XzCgnIi+H#s;Vwl^brk~S&Rwh_}ui>ArKJ}DYaiN zv7Ep@K z;H@RJ@Dop#QOg={q-c-ogNi^2>Mw1O=5U~WPM?+Gz2x=e$y9p45}7u`!GZI=drWPk znAO0uioEfnP6mptd}R z)fvyXB2F;r2O z#gjRD4Ue7N^;U|DBqWTcSlH zAF#fBkwqol&CP9uHt@?`);C;wgzIlaUeqo^#$;1SLaR1CHO^w2f`zsrE zIF=#`ZBP@i*f4qq*J{LSTr5mKgqHroERgaF=EG`Z{T#PLSNc7Ebs;v}HA^oS@VgB- zu7BI+$0v&eoh2>%49e+n^3C}Hbm0^fRY1`ZQmK-cQMS0IZlr;td0g0b#ji09C$fNu z6;jw!*TM=0zGfifl8R(DaV>{d9ygp378x5;cqy-wZAa@$*ab5LNVKAJ3~#zxLssd6 zRP3|vVUobIIFv2kHGZ3%6CYXqnh7g;^@`DZeC}ICl@c`ikWyNnUmgJ|4#;$Bn+11l zVg2eNVi+koyv=Yuf~g|t;y2S`oiUiap?=3=#72w(`%woyT_h>7WOV5q;GQhVSzi9g z!y{n)WRq`9vUCTu&q-Gxl!Npat66m?JSFqNoFb5$sp2#}{RSB910c)psS2kW?v&7;pBp*vk?|qdq@|bwb z0b|pb##_SNMbrnV$sPxY9t@aBbrN&ZP+3`;rA$me)=GMJ?3XQ^*brq&NwUL!$PT~7tvWWofq1I;z1FNY}%txs8X*!NIv};(iy%4>TQyW?!(^ig16~*X%qHwex29 zcWUOAFy<{153`qwmsI>M6#1j&_{Uc0 zKl48K{u(c!1sCWRo`1Nq-=rD(EB?@Hzj-$Jj=$ymnEI~F=lZ|*cvu>Sq;gaKdPJ4= zrL&PcVEW;oc^6u>Q-NS)u#veerNS4z$7?Lb)UUry8Gp2vIFZBNZJO%VOp#j*x3vB*H8UAL~(BJaUY5&#Q{HDYHU;0D+ zM}f^h1|q+y!GA%I;C@aVOJRvZ9i4vc++|8|irWY1?T5uHGUd zR4y>y@gE`5KhhPbxUK3%WU=R4+3FqN{R3wUE@sQosTRM=jLVBzX{k%^wHQPN&k9if zqD%oT7dX8rkeaa<U^G<{ zg8PmRZy2$_(-p$4sd>^*{9Ry>1jYS+T@Ygina8vI+FFXOu6|^t@2;H_m?QxiMEh_c zX8<)~`ho`cK5gYgx^RV_?%V6xKZx@kK`CZISM>bW%@{4C)$0kdDRGDxO&$)8kMRhz z#U($Z79%5*A_pscY=5}`GutO!n#<%@0wlqAW$nY0i~A1u?x!oEv?c7_U+;DFe|J9k zJ{``<8KrRVIslpCtvcFN<4DEJ_=gvK5JP-$yBv160yJ>_{j54{z;zOuy4l_5XVzSr z_}EBT{IMXv(BFSzXlb|uuZNT4j-I0QSbV&ORnQYU`ukZ`PoN37KcErKN=tc$du%z` z&)S zVybxbInylZCX`iG>y33We?sQGjD4${lNjd1ZNEI@=X5R#70@tcS7dMd z>{&ap+;Ew5vmP6PO?snEBu}Y}Hn*sQ+8wAlE6jEHmX_Ja#Otw7!cOXwV|tyccD^N6 z;ArCE>tTU6$_v7YxR#w2t(2GyjA-SVtC@EFl$bTw?|kw5dbvFq=m~OrFe{Gl0&;0N*1;!gWFw1S&V9^%Vs>E z@$M@2^OY|5dt7I{rM>UpS6e?>(#o%B+V9%9S3f{c12up^tC$ws2$6U|I)%ywyS2um zU>gtQGG?PTYu^ylumIa`$6OJvV6c3u)&#osx?p9LQ(nYes-C_-QNCM)lsapHk{8Z+ zvPo3eaAyfrin@tPBUA<_v2P+#nj{;jdcz@5j)u)>DQKn8i79vdPvY!Nb* zNHuOD`<**XzMy|MGc)OGbrm(}^Uf^gUL6e1q^g!B$_g?rLqTB`Z4L^&tLms}=)<|= zu0&3^x?EN(*S7lA;x!ecu<(OcWp_by@Sk;S``waKvN=>(OY>2D|L>o(;_l?i(c^CX7q=*d3|6cVqBhgy- z2^gp(R*ud^BYJ=#17-d_Ca05c^FFe(u_capUY?cLNefr!mlpKv{uw9oXZJ!xJl6>a zx!F)^bYVT*TzGhRoE%(W(gQ|qn#dQQ(((Znh?_)?vaY$okRtc(XOO9pS&iT)%3{m9lEhBymV^qeo6k#=3ksl-TWb=K zPj7Z2p3q5(w?1rU5PUZG4&-E8pjH{;=LaADNMsD9#nJ_ucSrnKWv`BB-hH|Le5$Dg zoB+TF?)=?ruC>$1f=u#A!M(K$VFurN7JzVYpn1N!uyB)%#Msn)er3MS%lzQGo_^uw zVw&Bp9c`yHIWCL+g}LG<;o{Kd{5+;ckshtg+iT1!M&qQ{?}Rq$GiaDk&2@GS`Cmsy zshAH}C??BHeApYUombr@`vyKv$NIA~lzOxd%+IIZ7-j3tf>6Si*`e4ydY~UXnSOQ; z--&Dnt1hS%1MOA4B2l2l(Pk??)?=#dvXy1_$(~z^`ntK59$Fwc7Abu=U|OU4qsaSs!5a#^o3yQZ;X% z+_2rp;4mJ)Gu17|E z{*;XZJ%7X4Z3WZ68EDO?o^`jtcqo9B6wnG%Io6Tu2QCU z#Cif1t1u%N%YOZe+}Ax2SeCScGGqum1Knx!^_%V_PBGn#NtCDEDf(1ku)4tHPH~HX z+r+nmXJnv952P@WnzvJ+W?QYuNmR);z~aRmDxHQxIzjcNd@BwC<*)RYienfSt`-{s z^Elfn%s=@pk4zs=wGIXNH#dFuDr`f7SBZBp%u@3aTi{qS053lcd*k&BnA5`V-M5&U-dF^^TZijst^%mzln6zMeks zU3!^Zv#{+aGmqR66k2O_4%h9?5fD#~FR<#ZB>LBtdsWpjq{Y8p9})-;+*dw4q4T0k>UpKNs=GWM;33J7QKuRT zGgP_up}86Mi!ojaMFoYv_Y_G}1W;MdmFP5gdASk_{vLk;Bi&ghRcdUOt$zO7(2Uno z-Kqq_6s#pu;x}#@`JGi-i%brh9{DBNMiMTm@uPwoQ5PvS12>xJ$~j4`9;8{A8XFo% z1YR<5dpu=avkazi8*AI3Od=7ovriHc)cyt%XehvBP|@?07IOfTP5Dr>qe z%6?S+e&+lVSUedfcMI{Dj?BcBNH2en4gKWt;;VhzYXXCijrW#9dFvHAsrkalb7{Oz zj_s<2gTuY7tkiA;C6bebE>O)2MUuVhEkIU+0JUUslI{U`=GLUPp&T8DcuIz|3pY3L zKZt$VlX&-K=hg#WlX-0X)|E3+%TEdNeDjD_c&!sp74UuH%tu_rT)*G+P!>e6YL?1A ze*Bo8i}987$_nb*pp*%CNm0?VO8GzyV~@FTSQqZ(rDn0 zjx3IN!Ey&uN%DtcJ@03XIKI-5kd^quye%DFdhae9A1gH>UMMI*mKDWYZ_{5Hhk}a{ znySHDgI|l^DN86^49t`01MFFQ`64@*L$~%xwEnnuPHD*Ul7CS7Q%{GW9Smmmyos&4 z^g&j2mUUEC*X?&9rIdna$igfSCG)_ode~`B$s%FxP{sWv>+_79{S?=xX>75n=++?% zjWf`?DL)`MwLR0q^xeoKZ%GEz0DGLv^900YmeYLeRF|R53g6c6|YT*rTXyUHinq^m)b2^|2Uqmc1-S}J~v zg)(Zxuhoj6_XizYDP*N>B>emLB%ZZrm>51;)ZO_&XgK{T(_6m_McDh2atP=V`gD^kAaWIO=y{Ug1ymS~aTe z#9+TL*#mPK*eyaHq3-n2m?Swzb6=il6$ixdN><%!=iYI{<(pPqb0MSxQ-G2+XWtIUx?p>!38rp>MjcBFNO8Fe0t8KGCg(RB z1Du+1abZri8|f4wlQ|a{9yqjHg#ZP3?x10eV*-0L8>DzUX_OSlitSb@my^s5*G&g0 z1uS~+;?Cuo90-@gA_2aP-*E)2y+lYW0^bJ`5J`zQ_k-G$XQX4m?qIU#VJpiQs_%K0 z8jy;K&aoT-l-y!Qe%^w7(hI;lPj|vPh@i{}uEyad0Ew*ne_k10`WbZACQ5Bj(>kzQnkS#mGqRd|%jE=9@*+aGf=U zIq!qGd`UED_Sl<|pQbfd$O3U3n_RfwIK#hI zTzeg56JOdQWp6qZf2L^oDQTdH#i?0mz6p1{dwuXAx2ND?%W*^D(VmcFVqB@h#XOoY z%8xEeFeKic;JPgMF7t9uxKbx?kv@dF*|8kb4=Fd?VwY)KC zJTc))cklLBjIz0?mpFn%Dv0S z{>Y^jexjS2%6+xv6tKCcTvOd9W|+T+qws^qZO@xCI~TG$3V28#kAgd+D;nhKcKmasKbsU#WuIgGCHKj}?V+{vifI z6~;v^xP2G3;QnDg$2fD_6B8?n(i0O7`MV!6?16FH^AQF+`ewu7SE}G}@88>D6Z|6j z@%-KdKe8Wn2D%P^F8sW%v#(7`Oa_APS*Z)RJuhj&q38#}p(KPnYx|Pf9)DQlR*-$APQ3{luZhJB;%%A}FLW4)-iJcZNu= zy4j(o7HS%#=WU&v=b@|yOoVbYmz{X|daauZz9(i3A9YdADxzHQF5}fvCu@{yU7fUOIoHlUK}m>u) zD@@f<*H+*B#5imFT6ylw3Ds*4*PZ05E`zMdk4=Co_bd2pG^|xbMC?~S^5R7D72i!Y z5NV)h%5i9GqYv3GKQ1&KbNFe^Xi&q1+#I^2D%JQyWdUuodM7fv^3`-KHJ3HAJEJ_^ zK*>?}nUhyRTvuZrrS&T_^~W!tDT~;TZiX5BBD!HzFle9=S7>#J{IJpF8D?;@*WwQ& z1H6N8UCy_%H!)d#VQ(kIZR9-O_^HIZJ~Z^|N;3x5Uiq25euT|w6x-(Wxu?o2FYal? z@p_<=7PG~vHJjpEz+U9n{+igP+e^2ajJoDo#=J28oBP%cCy%pQqKF7dnVVr^lP+gz zbP5bMIzj~v?JS+nQ^fm8ONHy95@PwroRb$x!o{g)oz2z~*c_}BMmc%u_l}Y^kLI%) z-nKPbLq$ZH-j3`HgR!|;f!ZogRy%eDG1Kl48N9+-7Fu)SG9t!p+iQDU{rRy`AD8eB zrS2LKHDy^YH?80(h7pdqon?Xd1XYUVSkoJ46FIoBJ#)c5Mny$4!2qqQ{t!PuKEuf& zz(DJ*@jgnxAe6yz&os8c(d$XZH1r0Q5DOX09djAi8h@s&QDn8* zTYiCo{;ZdVQmK{yk+d<^3 zdYHI|uHfif^n;T{9ZB`$k0>0S$!mJ3%p{uuI-+@F$mClZIV)V=eT9K}^ax8SdZ(J! z{dNcaZV@zY33i=rsC3^zK!mk#owH1repvBqrTnErsWs;cztH}2&FOy92Hj?uC>6bhjdPYE5i&PpG?tKo>Vh?WXah# zl22KjYz!Bj9x5INk%bX!Ot0u|qq2~ew&6W8?70=Eo2TWcITi-9)6J1GgZRg@!M_Aw zw4Y95I+VYBOUZhuB5wYfK~1uK#AO5G*GGp^@f2hVk#aqF={?(w%S6bOfQshQu;0_! z%+w{Vd6_J{7}^R~_YJg_ifpwuvs4^oWx@atsx4QeqRqlTw!ppl@))eNy=tb5j(mF} zP3EI0<}I0b3_r{%`0R~$tEqCA@{AUPj(r&DWBENAUAnj~jX%qqF$g@3r)9I*oMkSG z^m^PNbuyD?KsH?dizF5LL0T;$KU3PcXa>Bu-r0&6W6*Qb(poD}#+g=pCV`P?-W6ooW6)4xW2kZ-zS>-6EeDr3&-9Rm&Xq+#<|+Hh0d8-Dw#JcPltK!UfZ2)zf!(jdVRf8T8M(<$52M#^Q3IlLM{CV5SBLWl8;H!=kZef@)1 zZ^Y@c5dT@Q6wA*$mQKIENIAf3G~?RXOs_blkfolbkd7z9-kkNSBBscqzr<$pjsIQG z$KM&6PxyDd)yf!fa*HmUkzU~?zTK=r3RWux?YZAis2XDX_I`XH)+=OP_l+P(dNlXoBxpOu|QIU_`TTn8|l2ZON&q`5JnOozXcU{<2)^aTqz9Ym@bCcSVqRd?GK$ zL+ev{l1*vt}T|j(0`e1TCu9DTKhvUbaAl5!vhvWb|yMOP2IBG@!(A|2!E~ZtRs#} zDTfe6!=pnM5^g%O(1`rBO3UN4$|lUfmM&apDyvkrurvA7k0T{N;ei6%y_0>CVRxZ`a%Wzv#g2Yaax+$2_0kr&G7f39 zU@ab~*d2$-wV7Ofk%W{n)nHaVOjq4>k!NUdW@%r-x+#<(H8@^?-Re<7D}UnTBx7?! z`&rfaEB8vtZ`^XC>p%LDUHfg5BmrtniZj*+%4{r@9Baq-2x5*MR@4orvO8Nh=h8me z#T2R(hD0Mchn(x~49SP-w*^azt<1^w^OQCk!y4TLZRzUAfBrOP9s@o|_6p3+Ma#S| z)D>x)fy)B|_eT?_P$nNWmC5VCx5viPX?o~&3Ez24n_1 z$sXBnRHk@-&E@dDrceFm$?u&l+o5TsT*V=&Ai?j49S;ZzfXsLy)nBOPiAJjcUD2o) z4cdO=wKHfi{2R2P@ft1~$^HRte<2OCO&mI^1*l02r`2Q+afyePTRB>Hpv5Lg{ z^I`Mq`Rr<~ivolkZWEn~1}!laT4`fDBXQW%cb)7VIeaV3jEj3&DmFe&(emEfuZgKtHtUUF&D!B~^s6dk z4=Wj-#~D0uYDuuRg$`uhJ?}!VYFx(qb9*q4FtPUL8gDm8ZU;){Whklz1Vl`~Nu1=BFy%HM zBD`*|y%FmLePOK=pDcak^(Ry7JL{#kwm!Bqm~qbOT;H^9xXSWej(xTDAx>mg@u6vK zWeYMnQ(X!lK#*6`BI4&J0Ffc5@$A^npWUX5zakJ}={@uDZe|A{kGfll<1aCt@l)ce zO$2%t%vr1o1zYSoYD88}PTD}1Ls&t1S5uD(m}Fu}og3gSZFX0&SDG9!8*$!eD)vD? zVHms^?(G=8i+vfpW7&G5Pwgb7++QyaZcC7>F=RCt*jVkZtwU7xvG{@O(ywbSv*6Ov z-LiD*vJwuE1rTxpL?K0WgKaMhZ3OP^ZKM2EhWK#L*JO*M=jZEL)mmFBtCfr6p`RzT z2aGZmXia*%dzjTGu8>FGYqn2+5ci;bnlx0Rk+7V@%wAZ$q&p+SiFMNNW8spBXzCkL3D9>NFraXG`B0KoBFfz5>XmO512n$HYcVDL`U*=pwLoUR^YJKaf%3zH3wOV1CKNetBFnw%sILu0U_|H#1#w@+XN+elmtrsM^ z^d+7SMN=@1^5hKQTvarU8xB{W;qH>T_wg{8%*E+o80Z`$yOM+Y6kiN`%gyME<9lDa z2YTtD;F3YJu+R?1JoFW1cFC9QGM8a*PDDX3LVs^%Ib%5g&*5&j%gxPR9+hG zvr*BmBA#{ikVrxginEq-rbn%%IX`;WyHP*y+uYEbRiCQ3^v_d1HY(t|z|B0b)Eo({ zwDieT&*Rs$dc5FtXOkr_9#`{CNWKlqaZh1-UlJW6z>AR=cr3#~j z#`_BvpB63chn+^*j?Y~R3*D{!XF{kr1GWmY%z3B%9wgAFOCyRcFF(yf5|ISm^xpHcXK=?)+aLLx^O zU7Vd!ivRj4*%g{fI;cqYkpE3T=6r6(xM$B^>sx^1> z)#Ll3Br@XI2LS4vjQ^Q*D0$*YCem{;%%7JF2Pd`xk7C zgUA3XNF4{INE?+RQZkByfPnN~6p&7&mjt3BFra{d3DR|FVn_l=F9{ZEC`#`|Isrlt zfk55~&dmG%*34VK_ufBmt@jsek$ca*cb{|i+559Udv9RuG3-BPhU$!9YRHp#G+klf zyXn8l#_&u3`nRa!qoHfnH1>4eX7TgjmIINTV1BOW&ct`3p<=@dC!nE)USPOW2ha9_ z9(j1(OY@%QJOIpkdqxsdlIzpkYkBGptG)BkXwRtP5!RT8oUKb%3}VyK5qe0uBVrFa zixpSz>cYt=p{h6%3hL_7)?Tg7Fs>MSl5EF>8!NW|RF*D8WVf`rKJiPnak*C*$Zk>o zviJ4K!yu1OgXzrqL49NP>FhjpThfBybWnYm6)Rch)7mUk!8KML88feBPhvwZ&n(Ms!2nO~X>eZe*6mCpW)gaTscV-C4Yyo;q`%hF_Jv_uX! zz7shr1g`@}9F|hCO(n)_3#37|b5t)iDl+DX0Ta#(*GapFAs+q{wWl})k_tn{&K-XRAT-bj z$05W`DbN1;>=du#UZFOJDRy+bR$f@iwAVD>NIg+}>V5_0Sv8JcX87R^z<(@4k+`?- zylf`l+g0u*kFT$#6VGf3DSFO+o1d6;nq5q`eQ2Haby?9@R_+Q6;9Ob?dINS3Jn>eW zzgRYI6z~sxM82xX+?$YjkMWTA98vl8*QSsGV60#+kocf%fBLTEvd2e^JZDJb8^A_>rLTAfM)d8{1i0(r6>_~7-+iX`wk_NO{zHG&6mRR;|^cG6l%3EEs-Ex z-k>zz*Pxj4Zs<+l0-9CRJjP=QcJioIwas}Vh|dAUY^rg=w<(Aiw?bW!DES}f@lE{>?(!L?Y(3h2mw)96&b7&bOqhIIWyQIoKDySsY zO^m7R)zIW|iwg-J*MbWeXFf<^1KPK5R?4RE6tJHO6vPUv3(HP=8nt{%TlRuBI3p;N=4ZKODx_|tpHmfq$N$_J+7$C|^IGw@GH z7Yt{lQB}RJr3i#0qjk&F#)`xx!uI-@gZY-?qCs|Pt$m1nV!=ww^B`{FKaNF4uuU#K zRpO|dK}kps!ME?+Gw*>x7e)@5<@EOBwq7!!2wGA7nfnv@tP}Cx!AV{t37LribZ?H&HOLS9DBbem=e(w( zjVXvovvE_rh(@UUjbeVgW|!pRP&NBR{s)%+OV$L(Nd8&Cf9WhqR-B1^nbfZYYSBG; zx(b44jtZbMvvnUP=?+pT8rVykSJ2%Hoomqm>$Sw^zgrjtw$6`^Nwg`vYDX|?^GEZ$ z{sFM{Non@K*s;BB#D6x%MQbm##ATFXd4?qsbX`*o5^>ecz3;ALZsDFLV zy!zu;onZS`+Fa&`uU)(D{TC`b-`qoPlx;juvoSQ4`I?Y&FZ3|xWO%1%sfK|?gruHj z;Z3a!SdkKMokhA$%T`k*5fym}a+9esFB@Q5!=N8&^L*a}8RZaZBb1YrO*}FcYA!0G z+T8g9?19)!MFlT&#k%u`pmMVPBt&Nb2_Jd~s$j>Q~NG*quVwRg&?r3a=4waugzG-tpQGG_I@ zpMtF#+;uj5Wd$P@j^Bv0q8%@6+w?M6k%J(DkZ2AtAIgfpqT6JdH7LiMX693bnVcVA zM>*03U}`eSV~w}Bw(Q26RU!{HGzc++oH6xtESZF`~E@!73Gv1y+}JG&TM}5 z;o@gn9r7Q9WAS&y{n_9EjWg8;>5pAK_Y0(tc@f zC?6C$A$}MkdYAmpZIg*i+nPCPYGkY(qzf01OfF4Nlq`7YTY6*#1gJV|Q9dB{JY1vD z^h7;tposj1q}!vY^dovrx03Dvsd0+J~MZ3ztU{EA{bFu zbPs8Po%Y`7(d#^?@js^ypBi9x(P(31LnlR%0Dy35@%o?`$`FD8+~3B}Ne7Ux$f5qV zr#*bk@Gtyzg7{ESF0ibiFogU8iM1&%{PJM>rbQZo-zDhC_SC>Q&>7`c*5i^J#2K_;R@912voOC)s?2(R$;T^3lto=E^HV>g|k1jZKOO`_c zdmIi>=qH9wZE;L`)`g$f-r_4bxfJZbUUs=9%1(a7l_x4K0XYpeh|{cX;+f6OG3ni| zt|1C=t++65=b|cFLY6*9c|Xlm<(BvI1Vu;AuYPtC$E*)6l*~xQF?E>Vhs}F1D_@T- zuP=**((zM2Z*0gxAeF#l#pk+`8r0RyRHl zB3jc-8QWejq>@aHiRFn`_J5gW1Kg@Ld$BR{HG)(Uz-zwSr7Mv?jv6Z0TIr z&lSJ!nlE2c5zCh(YUpJIInK~tZD(&3r1d?JdTECuU$`iLFF%ZkM0Hrf)WT zpR-L?RZvlKa;JG&xY#Qioxf~a72F^qLToyB-pM-pIZznCt`bB+5yEFnCgIl6FMM#^ zNiDbh7gfYqe1Jm>bO)=4sbdVwYb$^?-fZ}R~*OYXS%`1p;*;qB~G zidDS@6arO~i)&|>B{RrxkT@AxVu7)7uU^pWz)QYS8l|~h;g+iA;gEufjZI?rBIPWs z^KPuhiC>vwDzj1+Tl`q#=x;x%mlWu^wh{dSF zDEqODJ8dmxlG;!+n_BT*{?u2T99$Aa&d$_;rPS)ycAvdm`#g{w71ZMlN@6A8v7}yY z(lR7?xH!DHrDZx6ZF;q;4H$~za#@B0)02cY5KxW8Wj;&Nvv?5e?y)->b~tRNJOEXw z7%I}g<~#8C!<$K`c59hSqQRO$IRJ`$dX0Q2B=S&2O_`Tv-M~~D`^Kdj@~ZTgHYvkPj1Q8bj;n`D>c2ZEq#@bSpRc>=L zbcph{hnIS9z;C6=fJHQF6c`oF<{-i$`s9YE>WLdN)+ni=tCa$ZUJqJn>Q=6VrD~L7 zMSoR=X!dAe^yY-UXpXnzJ@P~yH~>*x0L;4~ZPPoy+1XHxuSMtaCzmUaE8iO$4dY_( zP_MrbybDdes(l|;ls?G`6Q#a+;g)0=4BPb=I`QIgfANjw(vMkr?Pe(UBN>G?xvwh< zteyl>FD8Y{18Y|#QCw2_7ee9h|1o>VR0EkrV?%bU_ zn#^_m17{9OkM;1MzRHnbm#IvG{02)WPN;GT?lLQE9zSW9_4U*l!TGB8fKR;wmu>j= za3bf4dXkOof8V2eoH@>{(3nTZa=Ic2z`fH;%c&(s?iyR3Yscz)aksjmHBe-f1A z(L$5lcr78@x!;}G1IowbDC;=;YXc<0M*cI6DwpkMz4fQ8fG~iU1!vw7pUZTmuy2^6bSYL#OMQXQe@h zZ)sD!@()$?PbywjLO2kXsBWD#N7gT@B63HbNAMt6P`Lmt_y z*m_r^wn>ueGqHY)4t>cIhONU=WY0POB zSM22Ef(MJ%5D$bu9JO{@JFSrE{fjAw<$#m9r_h($Gk4{w&gLFT5!Ei>K@3U2Q#CC; z^;}CWQVM^5yXNgx9^jibi`-#edVBxjR9+|*Lg~O6yv3EDbW%8Za{h#ZZJ|ZJCU(BV zgSYsz3*mv0iQ8fi@0}SOsao!q$0wB2I&X}9kWLsf+A<3Z3p|f=5yQX3y>^_N>FNnq z3*P%JDDNU6XpV^Pv{5m*7-e%6zZ&%uI7p`C+1~j^aD?S!Y%}#CKM%!oiOP3=$wJ15 z^X7=;)E3$2`h592s``}}q~BW>*%`jO@(DHyUtnE^SsH9Ja`r8-=?CJ@XYpGNsziUz z2FgwUA%|~RK_JT`zpiVt+Z`ujj!Q*e9%Lsd3h-g&jW2dXZOtLBC9D|g^N^O&?y^)p z+)^jad%cvtMNCrOP4O8FLwC)l70eYX3k=HoUwuERL0T_Borixt=eIxKvK4CGSGeD7 z-AAt}udx4323^B@cSonA)guan3Wc?*bg33B&nyL;oU^@Vv=bEBjk}fyDUu($P~#b> zT(~QnwXSPCOn$ZVW#RcO`x(f$c*R|#Tj4kMh94)`df*>u4qwMigojQlG{n3gM2AywiU+7P$QwWp?A&nKr%w7F($`I6gvvT282Bo7O@)74$)jZVJQ>x7=(=!->} zw^aq#dYCC@BZh@Z674P>%QC!juV~*===G|O8U`dOq_hrRIR8Rb4P{`jz7xffqoSVZ z5}=jZQ+&SiTF37Z^dWPxUC7?e%27M3GgcmQ;+HpqldR+m3bmhf4P%el`((DS-nU+n zo33HLjFLZqFPi1{Z2h$o zB~+4d$}dOp(pCBpS4sD?`w8|b!@==6D)>t}Yf^z43YuN*ipHx!kuS$Q#UB!^5JeSA zd0r1^qM{>5F7KDTziU!$@pb6Z+oaC@4!?n=yt9l0lWh+xZwy>GE+Zg~obHbv?JyUWWW&Z!pFSsNLQMQN8aVGB=UP(ew{7+K8%60y zp@*6TWjx(~)(s73+*xK zZE*%zWV$CM6Wz=oR;`WoIv9(!B4mhauJ~^+d;7DbJWQKyDF|#EiXgtnr?*y%W+W-H5NI*q>4?jnfbDtLCw zI>A-D!PL?-FuX|U}QdG{zIw3Q&77D&@LYu8{ ze?*a_oBDIYSkRt+`Ewd-g0L*Uvo+|h{cu^=Wp^_6MpOfWUosw}vWN<*%+}B?KaMF% z;dMOjLbW+RBedS+Ec8XmrXVp`ITe@I&!ySc7l$+-xIm{gD4Q=i?FWsmwg;&c7T`5@ zZTWmM%~BoBF<49c(w{xInxif8@vq%l=vGM{agP{#4Id2aJysgjLrC!=NAYL#n^<5|eal2U8E5;c+ZhS6Z&MzDczj zp<9#FOygdHb9Zh{aNv{E7B^1W7M5wfmg#RL^d*+}dF~_0`orxmChxH=W82g}u=VE6*#{M4U|5J}cjsK{=!w&(GxFM|`{$ZYqyOAv29tJg0* zUzQ{?S@K$K0xiR(IAc1bMcnf;o!EvJ~N8p=)ja;Se;x3IEkOOg$z zxkj8zuZGT7x(=ZI^kYO4sfp1-R_Xh1VY%HfpG;3JyMd(i&R?|Km}~CS_=+Sc@7iE% z+uOo*Za7)h#gs}#e9(QTjbmMDhDZ~i`vDiqO~iXR)1>yQwpNeqJ%+X`^f_#~wUz7X zlL~uk`W49=B4*L&YO~40p2_Uk_7_7|yt^dy6)Wi;u&sA~zfID5uP&oRV z%W?8btg%_!v&0x@jW*`AKH2SbKSlPc2g-{m{eIW>kG-KIN&JS6qE|>P9aG|h4=**Y zv@!F088RV03BR|LOVEdGha>aXJOuAR$1?hhFZEh|%=13&eM?42S_iX)n==w>aW1d9 zv{}G4ov^d6XDZmS4EHAlMb6gBJ#us#;lH_6d)V8-%Q3U2xEPlmS_?SxQ^v}v`^Nd_!e?f0CzYW?JwwUpoB1XK zuNRkylQOq6elqQ$kZlGG7T0F&J(Jyp`5Z;3FZzp=tIlMI_x*BIqVIlCoq3KzYhtZM z!p{mR+3uOaM!M8p{4Z1kPubKL3#x5%1Wa@2M~P|=noeP8vAC^&bHX=$$6DI}9fZGa zk$<;Y{$1^LV#9@bA+HWvuExx2TKinI%|KHa`U-v`WAlYu)ii>u0>^TotA473p1UBD z!)-c{YSd*rlv4x`EqH2DY9NKl5hA}0ZF9br7fgHa+SZzBFq9uHO$MvT^aP=D-L>|* zw87vTUIDuDu+8Re&FY1jxY_idgG{=y(UPQQs9*x=9l2L5!c!S(%6m2c!O!nQ3oYe3 zhw~Dj>A|x-8eikz*3-PIxn!UMy=T2sA{_L1VWpi#-hQY6h$pGdznHS<48a#fAs5Re;k zH`4_2^Es(<%m;^e2Jajl*r)H9Yn0`mrCa5kOMi3Y4T@ak7Pvt@T;H)Mkzn2SR_H|Q zGThm3N2rXu2}DeP?-U$3JCLIFZrORLCZgj@4^lXNi{5OZ3OYVQa z&;PXq8PsMl;6G;cpCkWwBE(Cux$4{!$f}eQZvA|!Bu18U_Nx5%cRlwAqUZ`c(baxJ zxkQ&LgFa2E6r0jhpRrXz5=KV2jNZz5{SK}?5Gvx(31=N#=5o3B9K1D;luAlgnB~J; z+dec^#^WXMCLLaYNCl85fU|TEJ$b1qNo$wJuu#uAkzi2V@-Dk_u$=46_GpK(DUqq?7sm;_?MZTOFU|18H!dT7+G$A|% zm_+^}kH-A)%KeqC_mwWdL zhqYz3+>ikw;ZiP}?j3F(2ASQ@+eZn0hIorJ_$8+dXbhxocdJW^8{v#uW3jB# zR?;}U-aWP{%1~Ym)Nw^g-0->9&060A=^DMQd& zwCW=$$(=K(DY`3Ug@*T6lk_vO81V&+_{B=hN3D{xF~X^d#*o3zy)W0M5gtpbFLG8j zc|upsGKVi8^$;d~iy)Aosw92rdc%dX#0B+lZW|=72t-M#C3c#Fj3s+4`^O2kyYq{? z^RbC{?t4PXeSH_%9YJqDi(@A^PG75DxlUEudx+CJNWBG%k^1>q;rX{n`^EthNF46T zx!it&_hFpinzqrNyGF;N&ta7RNa~yYgw(ZU;gFL_ku#AeXe8eHH~cXr*fcko%Uq;o z6?eo*=^q3hM)RYP8Yk@C?ne-+^NA46X->I~rXf7R`P>L0kWu;h}aHNB<%jOP! zaB$sNX4+oW`tsPyQgF8=b!VQr_MZD~r+4#$NJ!*nZvDM5N~N#r6z1g|(h{p@U$88{ z;nGSc6e?No)mco-_;0@Sk8Ls6*=tCVRwFcsDP%!uD@n?yY}f8)NPcO-B=yK9+(nzt z>r6OW9G?`G_ZMhO+-$fO`CMu*VkY!cBFk>Z@j16;1v=#>uEDIw(Jb?I=>5q^IR61& z4R-Gg7hm0wVK=9DzJkgu^$e%CfSUTO#3#aV&k*J^cj4!ukSzg}Kavx+^N^g)72;Z( zZ{^}SC?)QcoP}hG;sL){MB+U~wj-Y-@TULGO~g(Mi5c)nQTe>9V+!q&tM6q4kY7s^%J1 z6v}QeIly$^0Y+h$5717AS<8|8Y5!sMY`Xn zbmj$mpPhh3%vk3i=w1-TP%UESH~FKqnDj$a?WXvb+@hje_YRK@b=RsGr{B%83<|pK ziV0GFq;MfWV}XvYa=MewStrNEJnS}Sa5hu1)2X!BC-=gm)Qvc*Sdul5 z?5ozejU7=me9~Ce>r-sJ8ew?g%DOwDz$fPhxODQFV6;r7gwX2pPFnRx(RTj2-SjB=GmbW5^+7f`KtU@ZQBT|+A%4#j#3w$ zXbnBKLVzy5Gs0hZ#8M)n`3(wPT#Gd{9~G#wr|G=MmdB}z3x~4Vm@CjBrZ@Qr<@KiB-@%u&;{*6k5qWn z{kpkP2Q)*gqQZ7$NG<(accpx<)y(nI9fIKeZqM>4U=MCyWrUx;8wITSxsAOS={<&u z(?;}?uCPuE7q*#@R6qZ5K2@!ul@F(rB0|d>Y0U5aCYNS;bj3&uZ7@o_z*S9a?@d|Uup2fNi2(x{-WnsQ_Y4ix|UrS&qT1g`v zcS1*TL}vBgvx&6gx;q^m;S+iZKG_4(k37=ty{U-kG5b678S*Lc^^i5V>#txztEZ=B$@ zge+=XhE3FHCV6onDSz};cCj+HT3oaAiq0O|TE*7ikVgFtS1`kIWy6}j%+e<=WRqtV z>a_xok}onrK>{8X3Ct;U2H+)HGpVOAkIk1_m8gmLV4>w>OCUONtF*fJkysT;5$OP?R61}TIW zP@#OS+(q8{W{SS5CA#9)J3zg=BB=&rgLeBrTrhv3lMESa!fAgqF-b%cCfxAjK=V^D zCT5ksqvU&|<4#tmy*bXBn@jtRE%2E-3=~i=w4hHH$1Wx;^5B>cY)yvcCGv=#&lI}; zW_(o-61?lQWT8uc7>CDCzJfSxr(>JEcck9zz9L7`wr&63+^?ASecAqA_IDTwi+@_K z|J6XHm@w&GVAxHn9?b5)@@Q-rT#QJ~s(0YM!mFduU{{hRfoMs(DFCSWT%CLyw!Vh1 z#q zp{twbfbo1JlfBQmq<920i(yf~>4qEho?8NnNZNEzaVLZ^e;1oa$~&?~XFAN*qWEU6 zg7?}!b+m9JsxP9AQEp%*stZ+sBu0kYQg_jY#1?e6pYR{peQKp?EXz^iy!iY8Xp9NS zO)nffV*z2_TR5VqwCEEBCMLLQqPmEAIST7fz0@H*YRw)fPAC5cbxeB9@C3%YIO{k? ze{}52HfOydquy#&0>25le|#L&39pfdeXSdhX;kl}dX##38=~dRgN}kPDJc!$WCU~d zczRQ}9=xRoS5Qo=gG2G}XOpUV)@d#XTwBfu(oz=xIUx7UKbTO)ddI>+>51XqH)adt z327NFm2k7bsh5?#*G6KT&F2?fX1~4p>U_lq$MI*hd|Z&#j;LhOX5-EUs#N_Uq{wmV z+Z?{vn@ZF-rEj%#Z%=hUPaC$+Yv0>L=9^+0i1TZ54F4ZIk7>Dx3AMS#`izmdOeyPRAFABC(uJ9H>#*{BF`CBNXKLCymkN2v#uFd1hyXtHx!){ldJ2$-5{cWt( zy7GPQefs38xH|K!yGP-u?GGStv4-l)$g2g<9j;|o<~WbqDNVaCo8mbd{lTs~4sm%! ziaWl?Q#Jih93cSuy~xU+3i1HP_&2oSpE;%!UnV!%1Ap(4(lni!f5Jslqh9$8V>&c% M>E6WNuzT`90PO?lO#lD@ diff --git a/ee/dtr/images/pull-mirror-2.png b/ee/dtr/images/pull-mirror-2.png new file mode 100644 index 0000000000000000000000000000000000000000..39c8b85b82d8013f7fd3264ab111eb17a1a4e1ef GIT binary patch literal 56644 zcmd?RWmHsQ`!_m>k_sZy5{i^`H;5pJq#&Kr-Q5TXNQpEKPU(76=4-CjCi52?Roo1%VzN zVxR#dTW)5h9d}s2OPyKMd_wH`w9%AJ4wrZL|;Rp zz+=NtXmYv+fv7;z5@KK7W_K4{oxV=Ab*(HJje5S0d%x94jqyn730^0bx+rvtWv8m9 zaJA~<`*f*2bI7NI(buQ)RB_3Ro*a8f!{4u8qr?#ZIu^04OX*K3zYyUJb~in!h-x*d zn0b!(@Aa3Cj@v)v--}-H=l^_ol>1)>LjLQK|G4)50lb z#MMXabzNN@C@?s9Wp%g6bx%a*0B{;4x>x!tw{_rH~*S4?~6 z;j|Z?pN}ptFMoRA*lNDy3*6ebL=&|Io)FnFV|LT$tXiTolxWY(zBfg3?}kj3Hs&WI z=W|L#9MlGP`j&h(e0aca66rNMg)ANLWRVURdd1B5{Ct@C(*1XuKDH!TkT&DipR|2v&x{IQVKBh_t5SwP>Rdi-aKJ01q38Nw*AwhI}n*W3a zO|A6vJ0BlsO;%>%fQB2d58uIjllC0r5KeAJ!Qi4@tDD;!3``rPwX=qsN28--M~8=0 z9B*y{+og4MbnKmr=R}wZu^G&_UlI|iF?xy*qzEqISqWBJYUQ8n)|q%Wo`2ERmH(_M zKpPV}{7c`fq4C}!b#?WH(%6{2iwi9mA2BcQlq7?U4t#whIzC#=PVu>zKT3pBegSX> z13mrQw|vB+dg%hi%1WA_H9gQwDw2LJ>w9@OkZCs$HC@LmG~b~4O)_h-tt2yE9Y85} ztZ3c94C+qhMsu1pob_Hnxx9+3) zC&JK^8~mu%wLRyy_v5b9W}rNu^VgDebh^Ix)Gqsr2=%;=CniGtM`CEWTMF7A-rRd% zi1XOYY`85f4MidM8{)up+G^Hw2p+4|J6Jl}aN(ifuHk%SQ}1XXN_6DlyRO&G zAj0dU{XX#=@wB|$@l~G_Vl>p0(l@XqRbUcI9)m++FqK9ODyjE6l}@OdvFcCZOjl@5 z`E0I10!sHi5!UnJ9VqK(Rc_Ako|~NbFosO`X&r?#k|T(pqOokvq{1j0qDoRNQJ^+FY73(ma?3BQDsiUbPUG~wamUU($HCEm>~^^L_;g>Bk#@dw>E9N_@dezZJW zmT=PRsK8SzA2;Xfz)@}od>!wiBpz@NK`XGd4bM#focnWj}Jj#BgkKZ~hp9u7TfJHY*~M zc=H6fGLKreUUj=#PRQ<;=mvAgz(CcaF@I9;`OrY0;nX6rP3?)URN`X{>}Pjc&IR*6 z8XEkRUOYj-0!-r3G6r1FZbi&HT%bH zTxtDf>4b|zJJX|nz3FO4B85gSOg})eVD~zrgJrVtQa$iM7d~sl2NM^bK}qT%(JNv# z9T8H~?C59Un&S>^)|k|oKF<53j#W{g&h`cJiq5tu(R;M_MiP8_UZ*Ty2Hr3*Gg6DN zhvqV>;t`O9j+hmxY3!`|!_sL1Qy0dv+YYRoovUNEA+q{e$=H$4l{cY|p!0ee`a!O9 zA7PHE(cxrpdbxcc4@X6XJFEX?ZeZvS-z z*zLA4s%M~YE#g8nPis@Y>ijaTzx!K2)Dx{jIn#F!#+aX)+XFW@tb#MW`JNEJq;3>1 zFkF(FH=;S7r&#k*DV>R^imh**QRim|hdun7r<6h=`IO!vd3Y<2pP;c>Ts{|ZTbmF# zxQ|FkH|_WphIx3A4LAv4ceX7cqTENXOPW?Wk{>@A5h`b36}d_@3|YCWy+o7q8O=3B zUql`-I$15@_=<|wyKeU*ScNy;ykRB6XS2GedCWPvrXV|b;)riuL#zHDGl*g9*c1#5 z+&J=HTU#5X4*iDDjx;0}vz=E_TVCA_Z`IGxOJ9_2xTgS>J3468dl7()bB$wT<5eH` zVq_(Me6+m3A(;?Kp6IqDtnJ-te8wWPQ@72Hvt%Arg6|c4{cjoI>U^(or za;e=-M`a=@(eq?)bxlbh*7r-s4fG9l8wzrrJ5H|)rP^w4+f8VHr;K|NF;ays$2cjR z1o9QV))|J*I?7SE70Uf`*bd2@KrIamqu$aiR{i<&Cqf6pC>d46{#OC4%6xQMI`kAA z1J;7<-Ll*IQ-?ewclwe|5io(sB9D^7p#&Tyc46hxpzwKSyRL3pynFO_QbYZ0Q#xxE68U+o5D$Le47)Q<1HH3Ewgy}eBS>pR)hL3VZXAj zwppWGREZqG;U59$0l0cM&xw@z{2j+hG;PQvM}d3skf*2T7i}da zh~+X?*iZHPw#6`)nQpv^5*4ebq3AdQ6!*xh1a<+Hd$~-DA$$3_wX^XK^rXvEY``3t z4C=HLU4;>I9KNxs-QPiz6N*WS>kLl!RXLGD5f!EIJX|Cl!rhvx89{tik#O4+Rj(|* zEJIl~i+k>U`0G})uR9Nq`}-g2$2H~yBkM1FdwZqjrD+N@-Zl@W43so-2ixj7b`pEI zAhI}rKLDYWX8-b{q7+lTD^~1;yKT3@&Y7f^7EptbFvB~RlB)c?+MFCsjKYZg{7t?6 zd&oY)_RfyOXVQ_rzKW6RDgc=QcR;Bvz-iY(6qf$!KDvZ>kPN6qP8_xdTrR1_xFfO^ zX6n7^R14!o)rwb!R4lg^b2)9BjvoyqOODsQx_S~6X{lC-g^OLxt$2NX$>ot+;9y^J zo4u?H_vrim^TK>WI=MmqxT)wmjhU%3!M=T?ctV6S&cpd2?>)mmWa65U!g1yaOMnlO z&k5QjeJe_YpEbeK3{;po8|tBT{1gfC@e=~(KYNU>`)<>>bbse-8t%KQcG^wFe;Ggs zN6YBA)l*_Gi27WSh!IRhP10nz?#)M2=6SX4Cwkx9%*k%BXn*gqGJ)+2&tENP_upM1 zEnvq+LPA0oPZiM2Uc7YEM66$a$*#6iS=Er$AnZJQ+B%sy33aaNRD=&-(F>ObN;YC-Y1*wQsj z%4T5LylLfgTBp}?-F>v&%bt+-+gpM=>aE8KVawv$WCKd0fsTNS{wVg4-BM}|`%x0n zG~g1ldl-ts7CTB?Q4y69hr`dC?oMwx^W@Q^pr$)z7i(p6(_b4SYuqb7op*NGubXku zzO0{0mkjNEwcGf8*-QqsFs40)V38Cm2WN$YX_|`aUlAMu=oH}f&AI#A z9WdyL+o~7aA_Je4KU^?V%A{5klv?GH>6Kw^)_wb0mF|mNPs`XLMix zyUD;>qt};|kUoSOB|4C0%-G#G{q5NZG@2EPdQvMnNA;D2gbGivI z$?Y8%q+@9a*N<29GEvWTkQM-ASy=}0CF-4P zLyha|=OtRUlSz{QP@r^#z`FCzgdsVndecppU<2~Vs7RHulZM94-Q8jA(lY5B5l)J@ zy1G6*?Fe>Tsp3VsT&`e!c)x<611_&rPj6DfR>%~$ql~?&83xhm?%;;C zV0ZtZ$$YUZzb=_(zF5=wE@|mEG`}?rZ;yX?afTmVBBjvl6TwEij0B?G95PVR0 zuC4DUYTIxl6eV)|2oT7Iho=GF+>_pyi_opH!r(!!{}D!uaf)8cuE=kz-WPl}*?@3K z*h^zR01M=h=*FU;jqu82o~dy1b}*ztG23+id)mU){z(*x??Bw`#S(sCYGOh zZrgbLrqRQx@UGB*M160PJ{oUD_I{tyhSaxsjUrVgK+P_O3iyMWh2?ySOh{&cmHWuWkpyB7Y&v7S2|(SmGyNdH4E`6O1=_-8X*+JF!PKEj|{9RnLP zPg-%ow6t=@>XndJ;P0@34*qDc!d+a z{^G$5EDW!OxGE)EgrWgR8JU*@NI2#*%#st2hh=|*75m0Cv%ueB_4dN9ro{Q>!?gbr z{dY1WWhQ0fu|w1G$&vm1&RZcaiD&=5MoA$#R_Z}=B_v2C#C1RZ&qsfy|M~rr{=W_U z_apyt?f-92mH3aP_^$*1FP%y@@*B?Re%z@B#1|L*-p^HwG+<8xq#Rn8qXBp?kQOEL zY5i{k?GbX<-BiVUFky}MK?oe09Buj|G?)lIp1#_@M9!8OUJh|8q}W}NLoe)37I69Q zd{%m3#J*?huq9icLrjLh=0?Ww!?XN@^a}J=gEB=WO)S3&6K5gOGgx{O)Q%lHfoW}r zk)>UqErsBWUoR5;;9tA1O1^l~Tl-B|IN#J<4iO~E=Hau5dfsJO^vzjSTR?E3Zd3qP zd`jXp;_hyTc8UnANg!$uekzdNW+ZLSpe9=z!+X-(Y`&EdmdNjlazexkAfOUmA~{_jk;Zyg8b-nV$@g_WYbFj3 zCn4b&`C19`evRl(E2D5Xw^~l8VUQIMndPLdJ^)MHJl*Z*F2!i}}Q?&Es?#cbAdl>rl8lHk|Sru3)hVKJm#jp2L z0Za?Hn@|kgT&XD*BO{YCuL;uMW21-1r#ZFtcXLx<(K40RO&UM z`BUce;pyR@^XvJbFqGQW(P-JEYw_Z_%fl1anJT&;jI7XcJXu*?-7nz;G2(o7zk3CQ|lY z&Sub4A)7_+)1^CJSo2QR-!y!bxx5a($D<(BWL8wI?z>PHq4gLe6hZE2!7OVQ_*#$L zfK^Dl8+r?v+(K(!fCZ#%;{Pj2tkuYpys7J*TC|%&YJ9bxI(2k$vX&-AkzZT;*pGS6 zwbU4i1JdNO-N1;gBCq*T=_+d_^e}xOZdRLAzc7<<;A+RYmQRq=qJvE&`B` z;0tG~Eu<0g%sW;6j*y1Iw%qe?H3<=~_?)_OWD0ix17bTL9#z8&%(&BxYjqQW{oc#q z1?~-!1i(;$D8uUuOIl1Sj`|KNrt3UeFNCjOI{IAsXS9Go0Q@`}#vd}^03V&4ee3wu z3JB2K*V`aZgLC%fHj!5%$^EG{^W8(7cU07zVK{rU4n4zRC>Vzq_kG7am5mp`<-2|N zxhi4wKb|&VsHv%KFlqN^wo6?aEp?tDn~o2ySZ|0=&~JxH6gU5WRkFw(QqZbUQ#3j70y zw8dA?14obYzyjhe1h)j1#agSzU}rrF07xjcP91ELdY-7;BuO{NNT&T}M73cbcmPo9 zBZR9SoF3^_ z7wdOW8&UHN!4Zx=H3&)z5C@WV>FDfL0bq?20EwXZo4WE=WXV@0&E9hzPf)Eze{Lij z<}zR{Y70xu6mM_6ye*!^0M<~2K-?bEU=>R(`=}OLXa8kM1QfYa0PxjSWIQN#X9Ni< z*fH<3``M7LbI5B;h)bZfA0P{})#gv$o2XWc^!$Sf_kPNg;^tKv<|7Rx!2I6k=P2pgG*2EPDDO5CCGwSg{DtQ? z*JmNcvhs3{^NYFSP@eqt+e6nmsB>Sk^*X{Z-K*QGY%AuUOdaFe2}}qQE04(VLk!-; z14v)LVuqO8>r)j){tpbSr&fm?aQHb$MXR;%9rF+Vz8ocFukjn?vH2{|=Qv7d8Oo=y@8v{nDgHQJ9 zVrD9x1xb=LU_YRd6lYPY4GtX1_|FphyZap;QyIp+&VIJC=UqfpR<2fBkhQuhSq#>T z8@}GUyMts)Xlne2wboDh;KH#hnXgZG76|}C&@MC$H$NDv}N2mBF9YBjPxzB@2>hk zMw_;EJ~{>;{7y(eaI-$1T8jSV^xUryLVSBcHq#TDNi=srU8ldDKJh`<%Ine6?Wtw< z6r^0uVKFNgAorVREdkWKHK4_poU%&4^k+pJMZMaAyLl*WQ+?8^tn_jyE+;2fFbx~i z=21(DuxH`3O=0C(t$)Z<9(QxBEappl@bR@LC4Wf-)Znz+w_z2)*bT??%CcTN?$tI+ zJ#!%uc68DGN=T1tPN%$B zawa=yKC;L@%c(Y742OugM?Fxbznl)A2jft#6tHJst;l$~S<3F)*mxnYq~?82o?TvD z|NfmUdAh;8yFeskFU=s1rYmvMofioQ1L54*R166aD*~MIlc1ni0uC=@W@M)Z$<1Fl zSv|_Ighj6WK$LXpv;6{4K;(ia8+gF0P|d^7Rp`v)L7X7B2nZ|go!}DPqDTzv6!+{(ocNL8=|X7Y|DYK(T*z@`2v`7ufti4E*;a|8edA z_fF-{=Hs3G(c3H6K`HRrMOTD2MuVC04R`o`wnPNg8}7%RP`1iqQC6MF--?t(+z;59 zn0^h1; zFGmDmx69PYqtMUy^Wq7jlkcXN-4bthf-G?HP^ea)AnRV|t0(jW%%e3IL)62jhlKn` zGW$OU{!g;o|M4aNG4QE4W#}Ahorn-+8L^j}&G2U8t?}JqO2GfB1&HI=saSX!uLU}E z;V$30W2t=VptklfVXp5L^})w>4x|^N_dE}8DWy?ou8%p%>o*QSLW-WL=2wbd$&UxY z;$K3AudH*Wxm$AZyFXc9CpbI>r!##0pUgkK;-s*wssPak_&TM}<{raXclY3g;0Y7E z<&j0+%>nM`zHtOigz3%?E{c@2mflMtkSg8A$@1yrCf#(8Hs@+e=G9OQ>3JUJ_RA(qlPN4H7`c7Q-oMzKk-7Y~@d38v zf7j$>M&5a^!dOlYi~{T2b)StjM7eL56;cl zW%$iND}XU@tM$#NekS-uYErCb(fo{PQP(j^5N(%tMM9PXyKS> zU#_egWr+XTBvGrL4mW7hPWV|k($b6;Xvj9cvJ~0jrO9hgH$SC>|a}FV+ToIQvzq?ri1u4T)}W#u7bng$PC+FnHKS@1ifFw}(r zla0Q!dD}D|%&c(Q*8VZZZ7Q$d%J62KSVTSAOEMnf8OW=rvlOpqd!U~0i(O65U;rE= zJQ(W+Z1k0Bii&V7Ytsc>y4`3(@oLpm?|5Kth}(n2!^LLE&{ao4qb?Mh?vq-SB6QwG zGm`H~Cvvl))+K}=fE zP++Z;ziP`?geZ35P=2)*RTKxq4a&Sr^%CDn-eZd2r*Ky zdc(rP;$%MclaZAqFf8nLkMk;c>FDGr&-Z{uHvNK5gWtW7nn zUaTfko81faTs?G{&{9zL>4Dk+;jZ$BcqNgXb`#RIK69T0K^m1DO`sT#Tn}{p^pL*Z#4BnnB}byREoOVE}g%Q#TQY!~vn#UYGGDArO%XiZmVuC_B zUyzIrM)?1>8492e=Y^slFo}Nl3y$XPs(!40eg1UgVBmFghwPj_?*1;3<^31j>0wWHKMTa#u&?{TfRmvBm5t^$Vm?D*oEh_g89 zT-3{>#fjp?a-Ja3H3xT}uZ|vEXKxq^V_7G2pM!Njl-4jNIOFJBC1f-=-iz}adzG;S zC5{_3%!fa|j$%X5**0T}~Dw69poy~I^#p*Su zSRS;#{jf!`vhc?l)iY{UL5t&44{Q5SI|(ZhH7LOuD?`oE7I>i6xq;B8FXtzBdE!Ag zwG64$b-9-wd}EBGU@!|t=C~2OsxugLX>2I~#vx>DXrxqgwQO^A#C^WA)=Pf-;p$*j zd{=>WWh68Drhx|4SAjaF>y@By1K&N>%tsR&C|fLcvM1s#;I1}pG8(RuWu)b5eCT-|bff67~-zQAg zs_hLA&rg?UYG`AUqvgg9pEH?YYq{)YJ3`|pzAuu+G{XQQO4Y_-v&qc>ANObxJ8GQ1 zy)r3mn#{H3j^-VIL~J-yoA}<@olTdQPb%~&2-lU@WlzCqW_F*vqu+J(gcpiHcE#;W0P|K&N&s~impdU-Uuy#2(!$V7Er?;E{yRw=NnlKR*F zBAUWd6rfaKH&PBzO7EN;)kY+$=@=!blg7zn?t3GFv4VV`Q5yj@ zX|YY+RglopEbL`Mtiwzx%B})mcYG=m0~;qx3pN>9uZE*+^J3YxZH=tadFY>Fk@1@F zDf1k(7*(^GbbsWsB-O;TQCnNJT3-Z1CT9?jC0!0pduPW5m<0AT(_)F_BqcqdOtL2PGoci6jr2@ahrs!O z6OI02*0$81H2;Fr^2N#3H%9^V3YjAZP9;T)Z#_+~RE6dvRIBEH<~nTI*!-ROA_*R# zAZ7)ZgBxC8dnbEV9A$Xdp=uZl3GrpMA{7|f?6=n!*5eb8ob0p4t&F$tv?t$g9Kp}5 zlj=BQ^s0@f@1HTyo4R|k=(O#MzF?k9?_(C-hqZTxrbRFIFT`}7?vdQMNYPza9hz6x z7fbh>0#uNQ+ga;dj@&kzE=m0zI$E%|CNl>Zn8j7) zSr9x2Mw@q!U*J%*>az`(Ifn@pYpH+zU?Ir^8WOc*9032Y=VA^x{6#wv56!TYqG(2< zy}%`huiQ5b-F1iq^XX@i}yRG@g)l#k-|se#KXbP zVAnF_x;qN8GLZZE{$dFO0Nt(GxKIxy2(hht6Eyq0ihI0{*adB zH+#$}9iG@Zn2tQ~(e=jjMRUJSF94bB92_iS>y3>!qtz6FRjYR#dZy-ZXodwKM4Yt! z{qXu)y~aq}<}@7(VO2WDB|q%?iZ>pNg}i&qU3t_RP;)vE(fQW*sD%7MUAn{3+%Jj6 zDNc{b{GivtN2`A}@^ha4y)y1!iW#U!z1scE(5COV7%h@-r005$OFa&Y^YjVLR?Fe7 z*x!Hp-s^`q{axhxn;+F@hR2tA5|?$qH5CWfCm4vImM$-{IE5V=jIN4%RSN{&vxsy+ zYFwSH1ha=b=+-nH<1$2*;mJO-WtW1uIT#|`y;y0!y0S&%rLV|06k#Q=8yeJfV7=BJC*`iMC=qaRKhm2Gs6}0oBb9Pj4NY-I z3SRoY!D5;fAc=N{2hV@@?#3*J?-O@#;z!p0IA!Me?uui{Z`te4}4!DiPwn0O?RSY%R6H?C0O@DKNGgm5mgH3Uco6hD3p* zJBnT;yVV`uaTj+pb63#Q1{1MFtWGvfY~s+OquIY+A08O#Xzr3 zjKb|m=lWv5Es(w4USR)2k__5eC!iVv?_Rj_s(tS3WuPx2p;uUMSutWFWMl?^9H#AE zBy;ci=$**!%kOCr0~q|sZ}~7XPAgD$@GES=GW1>i@bwKMj_ozuJ-y?1CYi#qDVlq; zt*y5nkN6%{$F#O|60|GM)kGR>&&s`gNrd{`b@&cmY#Swi={DCsvW)FnM#mE>Y#&Nj ztf&3kdm)wmsNs6#E9}G=PCLrsh#@L=;N*=U+%lzKH;MT?c$tHCiM*Hm{wYOEE_tO_sR9qdqcF(#zeFD6ceUKPn#Hrvjprn=b} zacXkg-%HH`5;+8`>4Yta6gjwSQ$$_y6;HDm#e`oK#86$^|Jh(5q04LDVuXNo2jldKRC=A+fK0e-}m#h@! z>6w!w3S@IMrFA@?Mun#cpTFnNG%b~X_2y01dv}3K>zVLxL^|*7{3yw1EB~C$c72A^ z;!hSV4f-WeLcw~Q%!aMU&P5BAF=tvXC$sqX1(Ov!n~p^nJ?bNKCW1DCbjsRFns{ze zKL@%<%}J15caztCj$KZ-^ym2D?k1SeojL1!O!-r9;y0RJRrt? za`6LQe(&uJ;)^zW^p^>a`ubT)EvCtsN!I4l>9T=d4rdF~W|n?4p(Ba6XT@4WgL_*G zRj2?oSR16fm$C6dDPdvJ7Ij$(h;nr@0ISRG( z^nQLX`A2Bt+lve-W!4e|o@^k5u`$_G@JIDz-ndn#g`l(X(S_Xuf%~0<6J(<@cxS^B zw@FeE*EzM2)EgCBwo0w-tkw1Nq+5?bbQE$O#WvGv0*jK5Yb`$Z5HqDiH3=&gLk_W4 z_(tlaMx`#zr|yxlrRPLD{*;^e?gTGypF^%8Hs=30LyK+c9bHUM0DICu7bEw<1QQ6p zCO(*}d=n|@Z-U|R&ZiM}fwH#x)(HDC8bh^kIA-l<7JAlJT*r^Vtza@4{109)NRCq2KvR2x>`PEO;vdt-PdyB0il9+Ib9r!X%zG9 z`wm@EB!fu3d)d>;g(CIlz1o&97v{Q*0m(B)BIi%CR^u6f_#YtLVG9Fsfj`RwgSq%u zehtrl#erE9;F4dXziTqn^JhpRYRbW*QHFNNVZsb5x|YMzgcpL&4OE+f@K$d!ZOr z?$Pb5MkjxiXU)|GxG4GQ{^YQguLGg#iPs{r*xEP~hX4=I1tZjp+(a;K%_q+y$OU#vjl0`v$$e?val;9F8##&tB6A$NV1U zNNc#*kSqjGm>8br?bX)R|4K=d_E5!_wq4P_6gqa5ApAw$2tK9U={swRYMo+ajYhp~_)(RHI-| z^dG#M3#*(mGclThGdn#iDN2#+@puUuz3|jWW@>%j?Dx}govd1%TXXa1dbp;&1LwRR zf1(;G;)H+c70J*5kT>3+q6%%MpzF-44IzV52B7c{>6pUFTM`c;pGk&La(wH~v$-<$ zLf;d_XcKqpZ1wserW#N!fHobhR&6nVm_+U5fVJCy(AYn674+{uh9pXn>!}*cx zD`{yue(nG~R3yM3Yc%;_>r;+usB8D1y7#?8oFXQIELq8Cm%Ss&*?&dMUHtl;*4Y3@ z0E~p^d-n~0t*dq9QpjRG_%c8WsCYJ>Ph1J77=`H0;bI-G0qj1!g3_cEz$EqVEGKB7Udu6Cw)imNm}e?yYOo6l z*p87`W863LTzbe>U zD_=mdiL0L9_4cKdmn3Fr5{>K@$%nem-f;4y{NjP8+9qa&L3x8OvN(b%I0 zZv$`uF4{Hb_utm(`zUr*4L$wS2CW2@x&eL^+3d_BFT}<7-M@I3nr6S2EgT3K`G4v3 zx{{4uP5Cw3v=_vjoSN;ZSpEX+%U{NTViBUv)Q)rlpp+Tye1DQY2swnVS7t6H8?ou# zAar#h%sW!yCDm&am6`rs-k;jXl(rE3 z$>P_?*kSany!bDdwGdUQS3w^W`w1W2dRa82#et({tZ0XaE^Moet(`qL26{T)zFNLQ zx6M~M!C+Daf(M&Tgx-c-Pev2K(tT)*I_Qa<2$j8F*P67Q>GZDAZif>z)|eKC5b^L) z&^3E}%eFe1g1we%b)Xz{<6H!#_jPCzWR1(UeC2ryemtLnFnb^e{@_RrV)QWuwE zfS)N+QcL{o{u7B3b}xI9b>L;~>c%{uap??Iap^0yY<&N;s&u0Auz^^uqCgL*Dw(Eb z_3WnsR@jyiRma?!?XxGsO*U7#gx5{bi071Qv{ANl_^fK5WeFG69RdN+eR(*m8jkpK z608tLQ2tX6U;)2dGAJ7Zur+l@NEtyc+F5RAiv!VF{65F}R5*L^S(0ta!X`h^bTvS- zAg-Y~f>fVNxKCKTFaJ{Q{4QmeRIqdiO_RUEJp1OIKHGDr@7_QW@aq1?EIsn*=vauR zrtt9W+~N=+<~uU!n{V@%M1zkkf(!GseFz3Fniq=9nLhYNM1VJ$vF2HB=N7{LU*V^&hUW{Z#K_#+rgRm`bQSD>I7EcJLggHulr$D zBQ@r1H)k#iFS$}vpGsUqQ-9aPUxIsBtA^`C@mm*5E##A&cVM(Q~9<# zv@fj(t?N!e0%`Ho@qb)sFT z9qm0^47#ox>?kFyBD(L#`Q}d^K$e(>-&pOu+2sLAjQykJ;p?lf8R-^K)8 zx)Ub}H8BIE3OVsZqO9oM@KOR9yArQg1b=&EbM9`u8UWrq5db+K4tL_^d%Yo#?izpBovJF9 ze=qeW00m}M^WZ{0W;7swFm4aOE9hc^oT>2l6+R?;fK(Nof4R9C+f-Degp~BZbn*Jr z^&Hy&yQA|z(trOk@FgP_i!h7;T)eTS++$L4P$<&d+c%Wx@?yk2%f7~zN6W&y$nl{m z^bwr@HP7qN_3?4XJQ2pJ5;{gkGQR`gySMfQs>_gAvG z&mty*t*kq4hGjK3vzFMDn10mYwOZ_L@$s%bi6`5h{kvv9cd!a)WMC}RQV6N3A=1^= z&9BmViiX-MCdS84B40lb)L@;VOuDb8@F}D`+x*VCQ1_Jx5K~URLd+djW@=P5A~m3| zM_OhmLu2frVdVw**C$C6LZHf4f;-HKDLo~*cV+!+xICIbm2Gf-Fggfm5@Bb|WHkiz>ru#l$MjCmv;wxb0$F zdjTy4Je}?B9v%Btdtv^e)?S``7LP3beczuAtEEPCJxaaV8uOq|gNKTht0zw+cp~_!arJ$* zg`)BBcIU|gDk`FZ_Cy1Yq?txr(LqVNdY7FLppdTWmO@(o8_-$z_!7CYy)U*IxrgEj zSuSa02a?`EmDk&q%uIlRsOOukQfKPu=mJU*qoSgS_B5+pUPXPzlt$k>NVYSx6e%^}r8gzp+hfJ#1>&W=)6 z5&!N5C{US}|FKhqac*c~0M#@bA1LT@wxScHOSt*|-2$fUl*Tu)8QQEgSC>&eG$IP5 zkm%`|jC{Qwp#|Kkd(=Xw{wR14qI~?=xxNlx*;$pf`tah;r^#u5*#9)#X%!!Ld2>@{ z6K9Wn&n=6G?~9JS(;|=_{fm93$nzc$T%Y74bZKg?nN+FHadJkY*nzTTa044%Gxo06(is#z?X zdXE2hn}j$*UKV^OD5b1are5TA)Xvr0C+Ftj{yZTuq{pg6wOYsXqC)gFh2LqotVw^; zP~^|dZ$L*1lY0FtpoOu(8PU@{SfZBNd=KY6?}V-GuJ$){_Nh0UV}t&hn@7UpfJTSF zPJ`FX)B*RmBG_tbL_qyDa&@)vNrI>vq_eX#sUt_+>%Q+aSx<3ntW47y$k_E0dg_=m zt9J}>ntsvN{$4Q>(rExMq|A$U+IkKou9)r|pA=5n+F7kliEgmDjwq$1M!b@fH{PjC zPpZ<#1LOs$Jpp=Alf`XMPOyQ>iNpcI{z*gY1}nG)P$+80L7K$lO$)4};4Gbq?<)|e z$LD?2Q9Oju*j;hLZ$NP zVFa+^>7v{WsuP7j8Xog}bO z3(`$}sgARpiiuCk#jPL2&)*aJl3%LXSGRmQG?HY;(%stwJcS-mjsB8=-~{eEX3@A& zA+qTgzH60t&kp7u0UsXP(RrMx`lQ^EF-}>xEVMtAd6gPBv_q02QJ2 zO1Q?TPtYzo9k%pa7Rl`1(gcmP2R{Oe)us9D{9KB)R^i({wS_FA=O0;2DC^v>E|FJw z>9HMWQ@WVbp09aqm&6oX?kilER=#}oq-<%1f*0ft8h^=4W6-?+lX*e-{wKYzMC;;y z;YC4`eaO%MRSTfjI9WLDi2|5Uv0rZ*dCf;ZP+`6n&dj;kH9<7^z9lK&rPZMN({gbl zB!rtJVmg?Xw3NcRS^I{8=E=UzJ~6u+73lrzgtg^p!$dZd$Caea_0Ew$8XL*$VI7I& zY7**f92Jfu#g3*qIjK_GR=hcRxtX>@>PGMlDh{U8`k|S*F;v4~+~Oq#Gx{do@|WJ8 zXJ+=P$H!Q;^?aG0vf&zIvZ?Y>fAL{r@8Ytgrb^t9YYLeYJF*tYEJ2r+znnd0loUTg zhMyn#yN=eDg*+|17d+b4s1<OK*?PEFJy#VdiTqE3~?6y#*FP3*>T=)P~rbXeyz%kC&LPP`o{yq%1T^C7)6R zzV{UkeEei}fm1JeydLDInqQU3`!M&Jajw(d$+KS6W0h^9IT|#&m_hx^47aU+H#0ar ze0>vLk#afKi)pF;4!h)z{Fc1;`w}i?t6!6S$leR;CO(40JKK{1W4fNglN#)%Ip7-irbJF$!F69lrhgPA~Io zTl;|Ajn?0gz@&`I5xmDcf>6uxB%Vjsf#5~2ze7!|9g$)pTv@ik+((kE2Auvd3 zbZ{;0Z%mod71o~#=kDG?ab!p-!dLP1_~re<#?GTqiSL?m1)a{bQW8{*ytwJin&JDY z*&|RXCM#Tn#Ex^#Y9i|G?cwD-GCCC;B{%1i<(sa% zMKLzxrNyIGO_R{KvWW;lHyz;8vYF2CS1)xU0UZ6x#_IR&7+TGFNN&S7xodtw{#Mu= z8BlNWNhs#Kh_K-msww|bemp*JY?qvmly7i3V15kOf3=!06KM*b$M^bK_Q(|HiYfn- z^ls9dAIG$e?^r$}L+k*JcuACyQCXy&;(9I1A&El~0^BG=Pn)&d=q!Qy4bw~MzkmM} zj)nB?IC&69ND@Dl>^4$ziV77|w-bD+bveoWhUqc%{66vz&K?Tr3xJv~|GwoD;NwE( z&6AR7@ULFlF>H=5!&gx1v~lR@&|fCRhpv_9=9>N#*WhZ>si~;w9KJ*uMx0rT{Ll^# zv3r{?h^x~sKHk}vkU3_)va)Y4KBw|-UGeYuRD&d9^JzNN9gM+_$v`K`M3J^yUdc;_>*wVjr_=DKdBh@Q?SzdXa+jW{w@_GPob_05kf$zH!|*?_#wQB~yIH(7#Ymh`seDBi1w?Y%08 zc8)=9lKvs3jJSyNbC>B-XY}fWMeN2_kOHo2e}g5*qublz8Z`y4DkBE%SL9y`OT+=o z-XY=Kk!38}IxvIj5rFqO_Yodplk-oEXPy4-Qtama^q}{jpj0mj5<a=zk_iWn~hnMBMZsx@8MT?W~0>h`pdBWm=8K#i8bsp#O`tuYjs! z+qOJF0wh>~;F>^y;O-J2A%WoT?(VL^gC$6?0Kwhe-2()7cXzkm=f3xD|NgK4=-)m1 zjB)QtLQ%D=YVWn?nscqS74v=7Q@zD9+s^!+6&9sS_b^$EJSkAEMz0ckYVQiyz{khL zrbDS4_k9m5sDpZLwWZ#;b zizj};3ljmBwxqJMaT%fh2bjyo4m0d1%9W}_PY@M7FXgnS0i4 zqkkxAuP2;48(+{eX+%&acXfV_l{k?!a}mx|6wZ}qofVgQ;Vp$t+vYKv{Z&|M4*8*2 zecR@AB(YJ2v*c%uML&pG5W(5@_VY4f8W&H0sS} zsXd;26)R9KM+E{@oV`LAW$90CE|ilWVrK z-)~{W#QMJ_$Dp{msl9jFf)FIq#J(ouK>*S1(dFp}Yw2Ip$72(D(wZvIfIrIk`B~Um z8PUC=L0Uu3w<1*h6FJ6v2V;hdnb`QG5U|oSeoFbO777OTAl7hlEsMAR+S+e#UmDJE zlKQ-9u&oZNR}<%rhlK~EHHQcXKFRF;nEda*n7}-L%VfjeRY|(Xr~A*c)qG zYawT2MnWQ@qB~+SvG2)AaKAi51xXkf$`{iL3kyZ#U*Il9%&1~3p^e6J^xJRQW-@{VnD=#(iESI>$^#Q1kRkSPs6RNi0i_yqWj=jqs6=cNyHAw)0;Y@Tz1tE)f#xe;)LasQRK+N+UZj{h3=-?4_1w2Ib_0g2vwg>_v2|!&t8jVu$uK7YOLAO*=z=&e7 z#x2@XPq3U}x173SKw&VG-T9qaY?j+*MN@`lwIzoJld$r5^K-AUj zakF2FX1^wPORcw=3mz=UGsQW!NGdxH(@<}{l2m~ zqbn|&^t2to;``Po5&#>>ZaM#~R-E24yQTmc-WMGymM##uf<|AWk@B)%!=}{?pmK*Tm$LB;Sy@q{YfkgC#3IfUZMSRMY|D z6rG?d&HC6D1_He`PUkbUs~hL^k{sM-5`GHQ&7<9b0bT9$(S&nps*({ z4)NOA^17#k8dNmJFCr`!TidB<-(o$ohGWpE_9v^q`biRZ1p;Jm zsvNC6OUges`=f_G{r9D%VLe1av+1rF{HM-e52^m65cdW}6E(d%|K-s1eB%t{aT_2uON zbYBG69IK+qIhU+Vqck;fR_^zHFp%&RZWJlB(NgqEZo2;%dyX9n)afDol#sxTK!fDv znK7EoDZdZ!A46DVe(QKJ&p>>-&C-F}Srig9VqLirBT0 z*aR;gm(M+@1|?qH@FFocr{Mib?Wyy{ap0>MvEgzxCHLw(qn|^+vCV*C#Dr;SpT}Ai zL571|-QH-=XBFaNSk34efw~i+FR;UvcJ?9LIkLG&fA&;3Dt`y8cc9w<>b=ce-Z|g=?qUYqIovlIEHUE>{FnbT zu%TDe!u-WSa5gvDJ*&TT@+D1oZB47?yB;M3!d6*XQeJ=Jy|!+%u8j3OQxsDvQ~g<( zq}{;g_zZvIb0k#k$HfsBSLd2#`4N?~ZM={KRV;aGte;6q5>*C9W+BVItEJl8%^En@;3%aCmE;Y@)!#!_Gh`!cwDTD{vi` z-5LV=z@cLk&h0Fne|VF5bbRr$pArJz-bWpo@1pOf39Y20jvuSU)I#X6;m>zNv^Xrg zI6iy6J4~L3vJ>SLm5>+MCzH{5N?OAIdZ<6;sr`qI{f3QSk~G+>CQYdqvN6a1Ua<%0 z9@JIxa+(?L;vD2zP_5a95;EhawhI1;P@!n#9;sVCHMK~g*fb|A-{IBcc4!Nh6TNa7 zaOLFTUOA|z2u53y=yVJgoZK=d&m>>1U#DT*OvW34kCq?_hxw&+S;XnUj^|iawS_U? zyV6cOd~TXB`FD6X&^=DTZcK_zs}b;JMHj@6+BX@&*q%`sp+ro`!eb7c_IsSrA5w1e zX)DAp?X3YN&I*L>ua3o^-<*Y3rm2_uNanM|XN_-zAL`GeWX6{jzC}QAyVL8EkB*Mf z>t68a>237xUG1)@DNIx_bat(&c12NvLXAoc0;XpL07A>;D{?&Xll2RPU$wVo_P()v zkV@hU>0vzOxDxY6k>BCYzgRw8^({Mj4m8E!QG4!2h21JNwD!`d;1~E!qvm(?I|;;o zYFuD>ue)AOkGLo*C;^PQnp{tzvl1tBbb8FBwrI@Srp+is5tZg9j@<#T_+ zojPvB!qBQed|51jF|?t0qhQ`8V$bs4&;NC9>S=!dsq24=jZjeycRA?IjEq83kKuq< zNgXyVq*nrcb^5$0|8G#&%S8<%KFFjQ* z2_%1t2_=byEd7FXIBx4!Y3eKEUJ!Enfwp3)A184+xw)%wDxqiw(-_{n>S2^Ox~1@ zU#$lB3+cNT-srxo5>3^zljAzWWhqM=drul$5i?~$Bq#lEL5%WTb5ar=6nJT>44b1o zl~IG5x|SlrSpHXjcEUO!O^pzveT2&{}`K1dhHrn)Q<4;z69g` z7`sIkQfUfm)eW2D>nXy!Bl0KPriWn^*w}E#nu|qQt~UDKn-Ou|Aq-|3weHQY*%D}VZ7s6kF4v}co zV*YIfDh6_2q!(NL8XNfvEZ$}o<@<(-Q#dME(fu8nSmvlG+CibCrGAQ1$|mI^ZQEXb zcKbl3=kL0aGTXbOe$%_t?=FVj0NcKbosG-;*In`&HT!UQRpt-$hu@uVQS`ZKWk z*e7!g^w~X+k4bKYVo%jFF_`0#GuN?{YYq8`6ZnwWQ3h!K8AN?&bga0xQq@3EQ&a0n zVAZJ3Qb&KX6!kR3dhslmqCG}^e`isA^)P>%BYxsX@Wh|(vp+i(CDr9X`i?gU0I&rD zBj*3bplk7$IaT~($}^$&_DDKWlV+q*q65S~_slKSkSTm_hOmeTi}qW42PZBPd_{jf z@O(mWyCrz&%Ki&6ag+^ZZN5eHR?No=RARz^3Vcx6luGb>*s0lB6>%~*o_cKG-hO}o zp5MJt%VcPJGs-zN8*(jMJlgi>sF4|BT%oGJxz^r2J9}a^)4D(&S5c+Tl^lo2fOd)P zEBd)PzH4#vJUV#dTfYTc020dZoUtbvPTKsx*}afoB$YAx7QPZJ0MRri3DYdIM|*W>NWkgbRaeSbK0U{QAe zpW>{3y^+9?x`#D0bfCubl{@EJ^tk(|Iz+62<8ol^}vVe7qpxL zeBh)1aRhLp|EEJhga%+T^z&byQ_h%e#1Qf97!*p2#rc`|D8gU6=EcWy8A8MG)d zTm=lc>}zZ~q3~;s5 zt8ij}jp2Vj)BpMq-FN?xo1szfKZg7Fh5mJxzYqEQ#r!u8`PYj<|F6&TuS5R6p?|;7 z|H~o&zvs~jHDEM8biVmC^jpZ~!yCDuLBDC$%a9qGuTep>ka%3^tgU{Lm{_?SZMRu^ zwy9O3H>7FIs%ldQw3mP`w3Y%qIdshVU?uM@RHx$+1NWPO*AOT+BzDne$MgpeeGA)0 z&Xh{&t`3!j#2J^M+7d(){_6A~oq|T68Bd;?jootAXXNCBhyQro!6A-umEZlUb8@m` zp?B1X(Y0@Ws?>Z&#nn{E}6^3qFQDK(j>coCev-2~y zO6rXzwWFKwZ)?@VQ*gZ6S)omK>PF$j8e6@A@J|APM#2V2&EDDd^_+`?6WHzWoqAKh zoI`ev3^$j0N-?SE>HK|@_;k6Qgw)NQK4oTM<$|ZG=5*jwC>xyW3;!-tQE%}u@LPNm zT(11r@O?6-5-%+!clEYiF}I?offSL`bB8rDQchY!0}jZi6=-O}>O;!l%pmw{0nsA_ zfdHH>KA3~!;ZZ{lK136Iadf+!&gsF97mkWr^SDqi@k1as z*@vuK@>g0K22h-VDuelbS%*&ZaVG(PZ^j8ydyTWSwd7qxJl_d<51z%)gD;RX{lmgg z>fSpEH7_)he*Z*EY$d9Khf2u(6$ytykRs|exY6VLo0f&aLH$~@TF<8+K1_KXA=2Yu zw@I3W&@;&Za9%a7$Ht5$?0Oy{-`P~9hy&dR6JBBn^lDI?^s{S1vwGr0FLrPk==opNEq&32 z;Z78jLUzZa9unuR?M(=zxbccXJdw3E?|g?9 zzu~6&vczT+PK!J%JCVQBbbw~c4G$>O$QABxM3i^g|PD^FcHefP~#aH_(zw$omvPJfhAsw1C)*GXf0`X{gm#~sa@?{#EKryG`jy@NJ40Nk5}4MEtXn5CYt?<~j4 zbgWjpkMKtb1WX9!%hAgfrslg1ck}7eescmj%&yg#O^`eIg0=A>r1=W>(Q_RI#0K#N zc8`24j0P*tym!CtYSg8TnXNv#d%0gMJpP9Lb@<~xbO?tYz!kRmgXMz&CryuM_qQD| z5HNWwZ*J%`FEIHZH`KPyT%*?O9K*Ye4j+fs{6pR#pptZw4c#F%x^=Bo;yi*b$FA7d zI1Dh5gCtL!hts`L$WF7c`_3Xm{5qGvkPpt|HF=hlC}TYZR)ht!H2f z4=K=Sda_T}CQ)_0YejIp_}GX5QNC}lrh{LA+E^#pX|v+S3sp6Xz0Gkmn;Uax$kM)& zmTA?+fhows$7bhvf}!^jRk&?x7!euyouVT>SP8mAKE83hIVUT{@K_EaF zpwwr6n?)hs0=fs2BEr&Z)`dovF>l#(BO9ME*1Fz{0C7Yc$_r7^wskP2Gdiv@UOBtG zqT_>ez(*O(_}LyxfwqXJGF|gHoGqi4FJwN6%X{6U4!U(gK(%qtU~l_iBLbtz9d0Q_ z22e0nPKkv9VF;)&5mX{SF!x_U0~~{O=bO^Nr7dkV93vx8Cn>1c*lqN$T!2hj(9-zR z@1NXw;ANyq6%!k>g@xti<)LpKMyzH_!a)Mih=Xj>1Ja#_l+O;(L15FeD>k%I!^xww zJ(T}qmJPn#P`oobcolTB_>!^q67<1dUCHdn<*`)`nKf=u1jg4$R@P=~iwPud0CnHU zexL9S|6cQ17td6K2W7O_(~W^-f46L@5B0wQ`z6^q9c}j_6xQ`Jl&$^&aAaSiqR0%z zCEqnK@O@A8f&q#M#t^w)fB5{LZTlKGF<8)aJrD$)(J`@Plnf-Gm@Wtr2`j=5Xc}>k z$3~2}$U*z~zV+FXBH5_>GVI0~*^dS84TT)`+(I0L5@VsJ^eOx>k zpn(_;xDf&a1#&XGDv0y+(%YPpQZKv13GVS5K<%KsadC;%sk9 zV&Z_W)$dSFAuyQ0gw?O~@VrqI4Mg-nsW7nR4XbMD?;6Cru^h8I{k3;<^Q)?WZmUdaB?2l|gk=PQSu+aM^mN%AD?Lh}F6 zxx$-1OeLPkrvyDgmtT5}@GI#%)r2YEKguQlS)`UC0a}u=YGB(F;A;tGYJ7;-? z3c<5l!)nol`LH`C z-#@3uIkme5eWjFjexrpc%J1asbDQgEJEg(q&x@@>mYPkR#c5??TU^E&(3@^xe}uEC z1M~AHf{+0^IyAoXf?kKboC1shN^wlkYRDgf*sW`4H+y{B&nF%8_r)8;FW+4GHF&%9 zC^6NlEVhAabHG`5+7(>~g(rTP|{srj9>!i1qXY*n0_n^U=QFd42H4zkA19>---*4wZpNz{Sg zMO06BY0PcdA?@tu^404zImX%cG#muf4;b1cfiAjdyB4aae<+KxuO7S3?OpjUI9LNe zu?=2sxLqEPjCRPq5ms91F|Z9H$*;u8zog%#ukT76Mx7 zd1>eQR(SWuAd{JCotf4>6A$N<-dM>iiqn9OO9bh~S);z%Q^Q$8K6gZ*wRAM|I2fb3 z-QLWsG&Q=VY6urv=!KcBUdF9UBrs4Wi(;Q16x3(Ot5f0_QOFN7T$=8@Hm<-H$fsi(S9H0gWq|xo-MYF)mQ7dhan-ZJ z5>)gC-Bk5#?n}ODmzzkUEK0C@c(b8U4NRKc6lON*G=7dn>NqUJX1EpIBh8ReaBvVN z)zER|Cz}2E@CN5hWc1V&A>z&_$?bC0T?8AX)uzf$3TD=g)E8)1JYddcEtavxB&jV9 zf6tQi{T^kcuHnD1=KsNey6)Bfm)}`j+??++WfPw&L6)|*w105mk0N`EvM7HZEwi%& z;ig^wWq&cHbe1vzil~+w$AC= zfs>na&FYO4J#l+V`_Ryq+B0PHsX7gF(?&oXL0W#n+=E{4ef0>?h9Wt?fjt%#|KHt@*A|R>IVV9K;;d5okprjR z7;;SCp6&r{`nETl)fBjFPQaHuDvif_&j{2c^5BEU=&0!XXh|HIYVu0Jl{ zy5*i_PD~RzhwD7A>edUBnYA0$KF}3ZFnu_!Bu9C#!|cSbw80L#p4p5?@%upDnsTKj z9Dx3w0`6nF)wctDwgtl4ql zZq_V3NR6sW`Np36n?u^`8HOW=^<=l8p z%}Mp*u<3#M;rvYR%3#2i_S)ttP+E@WXo_`iXJQP66Yj<*3x}_U$&Ol$v{JLGumRF* z&Fp`=!oPZZzMKSTp`aYW#0hCs(5Fz$zymEJg+bX|fzIHPp6MLT&%mIkr;k0J5)t-+ z(*^^Quz!7Km{;sk;APBbd*`RH%Zkck4Hl*-%GWo{CilM8t!>p71DcG}F`o@t@hw$d zDYBE{qy@I_eyXrYG_mws8tYCga&v^@sYuJ~kAxl%jZ})t^|X5tawIM~@5hKe1yXQ9 zoo5n{LtWWJDJIAH6+!WOa7TvX>D)L7AiVzlK}3(U&pr{d<@SJe4=9s3@Q&TpB^ zcYR}fF}v>GJR4J{sWq9EESN8u)=zHLhT28z(q3FoJ&`fAbQxLIua6!_!M$*vEAizN zdRpv`6!sKco#x1m8&lLVx`o3)jxao(rRF0@gxj&_eu=G#w|Z*6!&RVO-Xt;V{5vRB z_aiq$<1y;jub;&?aAKps`t~kH;~?-atXu{oHERU`gl)3`3|y(_C^n?!N`~x})yQ5| z<}MB~e&~V54qWn3lZqcpZ&quRSYg)>qIz1#XuHBJickdU$HvuJ5)VU1+UEN_ z+1g8QWlR(ZK!v3?X7`*?zVK(5Lzk{6<1=Au(h3@S30@Y(tfiG%D$bux+#4qcR7WW$ zBhqiXd*72M=SnpLK<^FZkBUl6c2W56TFimcp|d+U4;8K-ov%cJbUHOVoeCWNUAWm? z4!SfombG&X_6hu@zvt!v`{yB_``e|cVjLiXXwU4qY)v=P^wH3KkF&=HtbAcnY30EOKbD27 zq2}Ym$EM&879*ycqWWQeUc#y>F%U?Q9=3h34+*ZCYBy24K0F;-Nk$;~0CdHJx0TyK;aet!os`cpP=$(lR*9pD4 zw@7+tP^z!hRiPvx2CRoF-d>rET86`2vLjNX$G@OyZD%8>Dnju@&>K)M*~Iab^iF)&JLlIVOW;3JX5N<%O-+A{S#^tZ!Bw{= zGS3IYR6noo)>=+{4c_qs)Qru6JGb}EjMC?%N2ryY@6E7i6eNg8CTTdQUhq5@*cwaa z^S;@z03iCs6Bx{q>GqhhrGXfqb>Hur%o9zKF5VN4^Rr|1TMdUg1UyJ!&amtM(1Jixs z?74|-fgql#*uFS4nQ=J@RF3xFxlymae*(bj>!?vw>g28(UzV4^ea+OVzN01aU{*3q zu8&E`Stue>=WOu<0>~Bu1V$UcE7t7mga`5LPZ!;9nmQL8tUBV*+mGgBQ+~O{4*oH& z;Eam=3ScHQ<`IN>Fl-O5s04eF6sXs|NDoBw7pMLpsmV`|^HL~PTDvXo`<2P@Bt?6a zvfVx4MV4bTLl{k`UV!v2eJCk*j0qUUFNGu6aungd;xp_5t+B~&@KC;^0txw@fdZB! zd2-iwc`p?$wMgus3{dG4JI|peK91KDS?qJaH9a5P7g8wO6~h16Q^2uiHlWmwfaVt_ z9sngG?G8N&Io)4^pf?@#{9j?<517k3zf>uNqSqEJ{%N+ z(w+@!QB?M@Dhk<%%f%^t1MAfik(q4h0M!FtydNnd;?XH)Gm>RE+a&mf6%NK#HtrCc_ndcj1>j~+|VH~LKPV>$@E0q$rYZWSaX8%;19 zQ*9a{KnDF*gg+QyfpjF$fBm`@%OTwr=yQhh+@=c$_sy&RN{e3<^Zgg31!#w&&;)u0o&Rwq4D?FzT=_O_ z))p#6&_k*V?sC4Jq7_Ph&@FL9zjq>y5krAUQ(*z@8%L_dgp2%*N#kF?2`+#>Jn+f@ z19~a&`9JgS|BXZbZ>ahI-@N;OmLuj3VGLAUo&wI@WgKwk;a#_{fbsbOv+kwoMKIim z@Vf5u-5DV(2Ik=dg6GwBEc@(3+hOc-`O`(!N^?U;%S6fv0C@o6%{2J}eVE8YAat7t zcXKd1QQ~o0qv1~ z8&t+s>%4m#C6+2r{Y##j5m4IXp#;9ZA0vV}Pz7I{&2NKaYjM>C;CdYzK5&7#nlzG(4_Qda~U@DlIo#OZPxQZivEx&4x{@5&&QUKBy`37hUZJa8~DhxJdr1(n3OnB~#MC zMO5_9F9#aB)`w?6!FVR2X^)CGMbcbwj{>OU#DY^GLrhh;asfLH0|C{tHC79&S3~7P zEei{%z>p_a?RS_l@EVmR1Ezn>@7Q_wK7vWN=Ur**<+suK<0AfSwNfRCITi4CNrMM?PB>VcNC;DlHxusP%eW2&kliP50L|d4Flq% z7qQLq(%!%K2qE5cUGN|)VWj~iXL52*sm%>-Een_4#cCa|H9z{gWzYNbH@a51n%}!# zzO+h){9$5-1#OI{>g+hO#0dj|y9T|@hnuB-Dr_b&S|ambyS@S_>V16+#C)m@MHt~C z5bWg!R5nQ5+}-~E{-46nMj6RG5&V2^OKaQYXIm3kAwM3d==JjDUz5><07(+eV#zuZ zO)G9-M+%Dv5*s8X;=CpDf9Ty03B1dmB%`66TnjMP(}N?37r&c)!~Ohno{tE^XgBkc zkoN?XQSZ|=T=wEz9fepOc}ek_+6VxVWUA)mBb3PHSiD7a8gPXQLaMy%pfsf1WRyax zB>^Q70wJif?Dk_Kdll7Nz^w$Rm{441Tr&E-m0UrXd4@cd_(N57Ihg!!vI2!( zafn6)Zq6B011Xv3*3R4 zs&gnX1k@*RVZWP<;4@@Tl_$FUF<-UrGyakyboX#S+M2svUfY`5<0k|Jj#-!d9E-*C z1=mMC_oHj2tGmYPS3c)SGog4)$cG*$Z){IaO6`U`X&*204Pz_ER0hv_F^^Vut@MoV zAUR_WhE{eAI4|3VCO_WsP%@yw;s1E{9PwTE#rHU-H$Gh7gSOZmptI)b)7LaSI3Orw zjZgj_69)0}${z*w%$6P;m2$}@Q4}q$3&bH!#a1KJ*-B`j1ZpM3f3fw?kzqLi0Y4ku zA@3eKKLeW*41ST5dn&!6fRH=Lg;r{58pWFFNW zQOZq(pSwFIom+G_x_$ne6*vsU#Kc;gc=3Qo-dolUzH?fNa3X)GlEnN-*KoGMqkJR)+hei4fEhk<^j>E9Xc*c%#ok2(=f)p!T-q9|92Zizd*QoO1<*P&|l!)>!u zsdg_~9LKF@C<&izgJ9EbFOKtaid1~zXr&!%fYeWTe_5ZI8P$gKJ|tZPWI2jZVesJN zE+T5Jt*yPq3cnOrb9ic0;g*z5)1jl^-_KiKw&TfRNaxGy45pu7@_`CNaC5YGXYJT< z!}+7FS<9M}UTaUH)|1^%WPZo9Md1YkJ3@;7MDU8nQC(B!S)n45lM_deg*l)j!)!(m zS|dW5gg}O)O>Hp_!v|MG3VzpHlyVE8?L_~GZ6BOKr5}_uJf+FcBSrkuY4stY57;)* z%ee@T#L3p_-qKD3ps?rUH(t$HXMMW(xrm3oK}=qvelXZR^YD2mThCO zY4YUx7f7b8&IwUw=Bcp>KUmUDmgBcNWT5G%CTLFsAMMo$7|ye=`{8aR?k|CCB$Pe5 z3dn@53U2r7<-5ePp-X{#jCihEAfI$f(b@BBivl^B|Mo_WJms@5@P=LCxLtElp>6K| zTTsw}xtB`R6{uUJtZZ3ux129zNG#-w?+LbdGSrOWn@%X@2n zAXV(QtM@no@>H1z4v@N#fph-}_7JOHhn^5u`nfnflzIV~1B$W~F#mw5er1uy5fLVe(tEXV&X z3+7)}|2seF-v{_FsQuqK#?w~rYcP25=jn^SG$?47I@3IKmVX@rA%?xJukJG zD)Ffe2S&CURI{iz$p2XZZ3Ai*CF=1o3}N}^^Bv6@agS!qic_r?n}8_zNnE_6 z{;(+|1cyQQV6N7y-j5kS45&qhqfZ6Bhm9*-c`$;ZXo1aN=k%363%NH8l?80dg>&U$A>o8vUn(kCe<$-1Kz@Nx(&g09e5wRmG8#o8(H4YG7KaHk;)DsR z_gg^byS0N&mmgF5A9_XzAb76~k7Yr2_)`CeMHmQFphgpT)Md69Y-9m6)fd3_0gcf| z%WKvzF99Fyok0Xh2dqn*+7iTF4hun0w*_KjCg7uW>m7UmNmQTW9)5cm?*mePR!*Q< z|3J1Rtu8I)l*k@kt{zZh0)atEb#;3ynO6%Sm_Y@|tka?Y``4|YM+c|?$nLE@5OBr? zGHCz+1R$UWh2QbNl|V}Cc^wKAV_Qp;X1x*j_Vwi(%*c4nv`u?Z@0L)rw=58zUQ&Y# zAYy4;QQ<35&TeU)o*+CG3^X9u=r8Ot9F@ zRxktY2m^p60lGXWbqoQ)MqB$l3Z_WJ%TYxzY#=DwEdJhBuDsv?rm17jYc2#3Fj4z& zk|caUNV5cUU%;;jwT6nI|NXmn?;w$pk&Mnq+O%p_$lVbn-HBFB&%ir%KWas|x;q^@ z{>?H3Eoej&xMNIqUU_zRn)29@`8jrJe?RQ*&fUgMt=h74rqT?|5G@Gg2ZI(pe29XA zg7Zl)gyAUQbf`P4YRhL-hjP-C@RCd!--gOduiXk zWm2K!;J^Xf*gHSoU&<&e2W=+1p%N1l2Ze^VAO~Lkc<^HifTlPR14+JL`^4t>Hg$f-F{AUGn+o6A-5}XGs!jFf@U(P zvOuJ!$v-|rVpvU5(rPOaJcf8CEakeqXxLwZjiVDHeC$e)bzZ6oUT9IqRI;lTOBgwXjGEj z`owTD!UL1x^eqeaOVCpp^Bk(LUxKjYOJ0$F_)02~KqdR0`_mztkNt>S+4N<^)=H$e z4~arkiXCU5$>jpH4XaUh0fpC@X6pTom4oQWZ4`ys>BPQkjuKk@fMMflE9K63WqAPV z4uk0P<`=08aDh}6CVJyJsvnj&8K}ruANnZ^fl}!fopX47zKJ3;r z2*@2b7uhQmNoxwHxQT*Y!ex}Np5h^ofLt4W<{8aQ8gz_;!sen#klyGp*EOK_a_KO; z4~s_KVQzhdh52l~1FgV;oZ`)P>^Z@Bo{JoKDH8GA8deebxf65=pCeV-&C(_`7&L6u zn_LS+MbasnI20qt8s*&1@j2gvU29}gh&9far>a@?uaNSTvVSZjAAKj@8P|AJN>}x9 ze3@BPuCuIK;+(61wIP3AjZDChR{>el3hV{|;rAO|G+k2vx@9y2F1 zWDkrL30#`oM2p(m+RIN}BdM0@#&~KryaQ8z;<`DRNsXkLrwe~DFMtNXjrbo#Kc6cc{gIg&CkzYR$Z;6uKp9?Ao;ZS!9x9?Bqb+mY*xqe z6lh$Wot348WMpLU`CKaousQ=!2vi@nn%uARs|tZnOW=0M8>rbH&8A^uD(%_bTwi|! z@>X`OwY7g$nNPPRBYI1_sN^&xwr7x!=gG_)ax#*>JD#*|x=KtbE@l%KlPyeOBNsJl zYm=|lb%~)@5%M4=%JaE*&7X&(TU%PvPP$Cdk&XOOsGe?_H1oJy(?73Om?xo4hrLv+ zM=2>5nU<#aGUZ!N*ZHnWHp10yu5(Xjx5&lbECYfYfncDvKkaktp?%t9Og-#~&DH8gJoAcfN;bEEc-O0(b?NNXtGh15TfgLq> z%R|7;KSxCTb9KCW4*X}1kpFXPnKVBkVPQ723ED71E?GxMN9M$VzMdYcvkb3BSU5O` zHLyE*uG~iz6&0vm8c>)35XoY$MrI(9LrGFHT(L+!mzdABgc6oi{=p%W`St6SBDAQ- zE>hv|U81scogsa_V0Y&ClyA8{96t+wj`}>Be0q91SE7HzbhNBiu}~v>vMY4-hn6Dt zRiyp;P;-vp{LIPuannwX8UG;`(zi}s8GZSR0VHExJ%;-U-Qbm1Uqio6{Q7u;Czj0dzW@^F`#c@A-^n|1ZKJ=+>K z9nA{kcHGN(iiEx8kE8hqOg-}?e%%g4e}Dg6r^5x;tL4B-@LF~g)%&C0rW+-@hzJKD z4|~JFjTNeKB=LL9WZl`W_ig89Cy(UFq({fZWCE~H!^Ncn=JRNa58OC7jEK{EDWGVy zM5mqA^~@LrkNJIsz(Wl_o2foaqv!q2&3^SFtMMPw^PTa}2K_%2W~(fwF=3X9rLVQn zq9WIJR}0soUw-KB&~*4oZeUW0J* z>Wr!N_4dm6)>W?Wt!4BsidTF3B>ngS^#MxzDJ4gzH%Fsy`{>rPyTATpWmM5b#|nff zs(jCLs}%l$4}SU(W|XA^pxsX2{CwD)5$u9+vvcZT?R;zLS6a_%Vz`Kod+y zF;UU)v9Yn|RSErCRd%(m=R3K;sXpyOBj%kltN{-EISPt`u5OydwHLzN5dSUh<66x3 zS3EpCyF(!m$N|x-R>7T_)TFu#f*gpKmc)bc7cp$Kw~UgJ)CyF^nAuV^6?#s<9lF%i z?~Yz}i}p3UUQe+M_4oFQ0+CfrYUs}thh|LlquuNBjr(5-8+QNt5E;U4A$rPgbDYC9SLmu!A=zQJ3d^ ziF)Vz1+{(sEHo`cQYoQcv#yc{llg&ZdaGlllkK)nPI9KE2^5mJYD=|~=BXQ)^S z;QU_%gf6qu+yC_!&_^4K?M*ZlU&t=5d8+YeOR=Ck>CY%b|dm{;k?qlZ>L@o>+5~rz1h2 zAAr~(55m++RK>B$9tq(P$Xsd7Iu^v6N4^yDsOC9K4S`I4p^5(MSlBnvFYkBHpkJiY zu+T5WfBfhL6%6!m(6fP$4+ixA?|waje!ZZ2OsdYVmrUZ3ihzY!hRAIW_VI!M|JNh<$Kd{p z5&Xx&{d2_suQ&78ss7iS|KFYJ@0*8#v=D7>IuM+-N3Pp( zSNtvx1bRdmKySa{?efhcllVFHaO-$5=lq0jvq{_-%}Lv6xrJgwICY?&Yb za{2vzgC!r49U7POS`Kt$U~bqJuY_$!`Gn-;RD=A9t&ZGLTSr^jFjIxIcg8HBIs+_$ z!g~wfs>2yFU@{#nCq>?Tei=)?zP4rzZ0XKoaWyu*O3^B%lu3_wU`$kEKEQc-rt4y= z4eptdkx>eTVg?Q-iy|WFGLg|>4LA^ZPJ(m{{Zi$z5=|mD6X_w<1F*;DShW$yfJ(`y z@594+vbkxlj@vny*@IizY-TZ0QRy3D1bH&|bra_`s%kKhOLkvmX1p-qoE5XH3M&s= zUfox1qg7gr3q{(WoZ%Hd-lKJPbiFN6_6Db+Vvrj0;*$~)={5$N(tZsOj;W4~O<>KT z6cErVoGlUcCEhkF^qS6N19z>M_+#LWsEdosjp+^T`Tn#7$aU%a-8V9VmG7|EAquQ! zzFhqTwN_Dq!!-z7lyxJZtX3dR-+;w9-iq)NmHn!(xc^# z>u&Ab_|50YG+o^a`%cpjAG)bp7PUYqqyW4$8s&qL}f(` zv#{yzMYD(ebLE3qpz$QYvPEVDV|gm=S&cf&n{3y+CSQZTPDJO9uCH(B0s|UN4({6I zSc(P<536vcwRLB@G71QgMN@%xIP{9wwgw8-iUVHvKhG{V<4JzdPu7-LW1&4$EVk5G zTR!L#e72NTL#IR)*m#x)lHD>?FO`(EOCc5uRl<&5N#7{M@6_dtJc|J^7mK{%yNC`? z;XR)u=~MT(S(k5o7<8L)I{GFSOZ}FELn#RbX%ZnSYpYYns&}$mErv$%Pc_TtmakN{ z^6p%jM>e~~bk@k5&s2;pS`3Z+BFz?a=5&{D=aoG&El2JXdsZs=-Alo2HtW9=f1IRfE4pIGt0oZbGifg9*Z}7 zJ2J@6iO&2^PEO=+9}i+18yhe71W27YI6Qc-X~1(5?ejuC^c9smd*~P{G$7{llwBN1 zVn9O!GVXxuS+7y$@}+=$qnH5~=T!dVAEOG7N#fl*q*(gN?i8<7lk$x`{o@zc&TiX1 zrK>v}SE4H5I+d~??rY5b6$`G{zwWv>p1<5My~px=B{WasD!WVC^Ycrx> za&d9>0wmH23%jQ%O&7JebZGloH5pXy8Q^f^c-wH4A~wFe?t1UeW#Jl34GH zE{n%@eE9OCKshr7hv8fGWTutLKVwvi#|Q(3H`=0Z@`<(sVJHC6*7~elS2q9T(uDPD)*VddtTBgFEZ0(vu@`yH%0h=y0 zKUd*8@Krv<$Mr)n2?rHPvSlY`t5{O1V$~EB@N#>H=(xc2-wyr81DXHQSn*)}f>fSm zt%lo?1Ah=*2Xd4vVcXE@arx!YmWXg-CL~Ww6sIHi2N|C`%tzW(EO~2M+RNT#Rh*hO$`yIjd^N5Q!mL_UbEB^#UiN4syHZ0XmD*T0UQkbkNjl z%R$K0)>QFjjX}uvHVyV~MBgz107BY>R<9z9UwCjy-EtUZ00h-7+_!X=3Gj*EMJ#L7 z@U?z5#cn@z2?a(b6@oGLH!g16Cu*&}|FuhTfst_849!y*A8c)Vii- z>;6{5+*vZ&Vgj{K+NIOMq_bm=LNm0MlJzshev<>A@GhOF!^fT%PRudsIawUe9u1Gps&~7LtH?P*EqPo-t?BPNwJv?0AqTo>S3_^4dbw_+b88@ zWi`<3L~Oxw?fRiv>}6?;Cmo0T{SxREA*O^j)`}padxh(`5qe{O?>Wq>p;&4LVo=u1 zOl__{0l-*Ht>xbGdyWyM`{&kJIOXzXvJ0Gyc)m;!0G(@ig z%?C#I^A_n*1~ReCfdcry>NpFQGX{ULdFWiIE%i+jKEK1rGi9bbd3-WMwyvbrBw zJR}^o*jx4ZS_*r9m-1s%0HF12Q-Y|ox(|H0MSjSKQZNaND80BfGlYwYN# z_#_+NbX8zKf9}Wo%#G&36K^6TqJRK1deT4k6QOCyaj>;V|K)ik6x=VPNl3rdeA`%& z{uOA0^WIym+sdny$cL8C*TG}q>V5ODUbZvj>Ls3Xi^MZ8s1fZXu#=Q6dGN`-GpS>g#)*E zmTTTpH_5-Zw|9p8uy&M`UUGwI*)_XY)Bt+^$#P2XZXafV+<|6B=J3~WqK>OU!mS+1|78dXz^|k$E+TllrquoN$yy0OB zM%>sIC4bu6XKz@`E&&0Km5^tm>eTp!aZ6P=518@ZeFped(bLn^ZK8)DwrK_EY+I>2 z6`q8%Ln9+vXqGEV8R0)q5UuArU_u8b8a{s>w{b5neyNirj=&vN>@`Ix^|!DG?(Lo3 zfX%mR&aOrQwl-YuS}ZM+1Sbq5kZ#{)-L@UFVPm$|Cr-QuOIauXwo5lEz2|x4$Pqz7 zc{O-29SU+W142gNP!OWKb%jaf()O+TEPvUe(}ovK+w zl4}O`fC$lB^J6{VbZ6f+_9P3F(XW@s0o+O|$U+-sJbraGGsDfs-lqmWb~KLYx&4Dg zwHY4(Wk%5a)>p@R$hl@R$Rjb1Pb5(a3YcHu=7C4*xb%<+0DH0sa3VwhEDBjT4MqU# z^xb5Y)4Fh-LkT%b3lY;jJ(RTM;8AM&Z@kuKQCmxkI8^duzvw~eZXCD0{hYFM2yIEO zXm^{qkNK7~0B-q^)X!-f8$OV2v9JVjL}eL4qi3hR?wx^VGPxEm6Ug_@*+v?;f-`i3y-=BB@F)%TyRNC>%$N4Qf2Pq&Q z3@djVcwZ1U0E!CF;`f>x^h%d?*7=5UWN}3U4&j=+TAzwth&O|5dw4)KbxazO2!JFR zTo0^oyk(05p9~sz`A<}lbRQ4~umP8?I*Bdnxm_t`H30>tRh@})eoq-a1Srid&YJ+g z5{k+?O8*<*pDa7}M4^`%f7kqDpj^1#_3A-u{BwP=YEGc}nW ze+=!aU&CFwawR%GI_oF`MtS)_*Q#Rd5GT1v;=uzLVfN1UWB=BU4k&$R!@%CiCw<-4 zLyD%7?i^KP^%$WZQE<2Y;?1QK%#Wuo1^rk&kKgM(t`u;fditVp9Ldfb z*rz#yVq&@}oSZLpbiq^rh;cWj$_3t>zLa zn7dV=$~D>4F_^*K)S-r6e{lwl@0A1FAm7ElWiY27s4~_>>R`sm^S7k29I6{SM_9@2EFqt z+q_nnH{jlshj%l;9yi5{*-DJNwCf)f`BTVcT_2EG`%eP>|H2``8~?(se{ebC^pEi7 z=D75bshS#^>81w{RDFoctwmOxjtNT|adSI1uL9b%kCNm+D7N$P7gnYsQ^Q$JRwp4q z!)pKyhfhc1*+&cd{`Ka%2UT@^eA$oI4j&km25)V+R?Ot31b)z(S4m0#C!POyGW{2( z|F_D(Ury{lm4UjOn@eL@LPKHg)CTBAlH|-buJZGn);N~!4OZCB zi{2aSag!P&Gbz)(@>4GM+s?Mf;8(;uLtjz~TqLAiz6@R-5Pg11HPPcsJaKkn;*$;I zGbTb`zlk8OJXc3-24_0KdV76 zOTFW{1XT;75sci%K5Bu-E!d@fN(5sXu%F}u72w5;X2nb%h~=SwbPIFrvd#Opa4|;6 zP?Ia-@-+p86`rF9tgOK-2hT#yEYG@d#DNC7^x;ZP4bGw^J1eKH=kw>e_U|vg^7tdG zExTl7N`()6Dsli6!C~tlhhmV<>sAcRW`BQ%JXKhcR0-DqwKi^x>)FJI8DEvX{rO<9 zpVf}X;*i~={jl>_%(MZF)kzJJwW%K;mw&YIYJBIHA>&>SQrJGnA?tGwto|Rx6LD!j zodG(UymKh@D)j=37)?RrjB45zB|A|ne{ubE3+26%A}=JVYNh+bk?@Vqy!W)J=@Y|c zt551vZVK%mPDJN}B_v16XJ-~A09Yzx5wonZFcvcI-w=rEFN5cR&tez-m=tYni#qruOe(02hZ$MT#czM$_WN7gyBbn1Bj%(I>-)?Br+t>Q`P}5; zt52V!v&I6pFp#89*hnUp>iHfcF`ow+>15wq%S$r2aA0D|4+z0&FY z#~LMI0X{;5hggw$l?|HFB2?5P1r_+!L66UWWGe?m8M#4)Z_ZB9;o)T+RfW%YwhRH0 z1l5na+o$Wi*e0dwZrMR5Fa(?$Sp}hTh=|T1um8vbTw^$L1N-&c`R%(U_6eLpc_{Kg zz5vj6jIkC8*M2*o#}l%m@Q1*D(6R@!6sONw=Q^nd-0lLDVd1ZmzNG$Y26*Dmj=M-~{K+tV* zLYbh~6<8(o!Un3-c`)YFp};+iW|zs!Ep^a@pmDygxoMvslKaX=paLfkJfeU_vVirX zUNd)#_4I}*xI=)Q>~P~^e_b#%8TIykPv><=TU%#rPiOHfkKh`Fc2(^`B^w)ZPfaGy z4`zEmF*mGsJaAT3QF-YEaGX^dZG)}L>i2fvIPmiE3dvsAL;KuR(zi+3?m}N&T8fTy zs&O6XNt%pqclUq-YjwNSp?KI=3^bS70|)fZiz)Av+XQbeYH&Bw<2ZNEX8&n$przUI-8{uCOx7`kO-ch&I7XR@xFFRz-@(P_5(k2Ghd? zP+^P&dGx@tnAxPtB?ICBbas9k(NeJ=YnvWeZK{jk+^iKe%_(oL+bor@fERgBPLlg; z8-Cjjig_2G1*$7~ksAfus6GKEr+|l;u4+s3V$-DVtRJ!{F)=#1XdI=)aDiZ7`&4)# zot--5?Qi#IXXe`a8m-Um)6Cz0dUAkD9#^%dvFK^&r2&7PP-&b8t;PARq%p)=P$7YI z=M4TDC{o|Rxv9^y$Oo@Q4^x+fY`M5V6wifY83?l zGun{EcFY0LjA@HCXb(l$OO7Xq?SsB7Gl%I!H6-V4A+)?G?S0G?+wYAgFiGJr#X zxvV|%i_4tOW?N|7Q`;h!$@EqgHO!ywvgaGrP z9=Z9NyY1We?)v9p)ZutfFF$WXz~tO_+E@Yt-vObuuyHl;$7`FwIS9Zgv5J2Vle=G< z)x~uU>L@o%fos0ucy#ifZxjdPDKlv zR_iK@+G1w}Xrz)=cv zXwL&t6tG%QG5y$SA$}Rtj>|IrQ>iAfonpnrD(BaML3NC9j+EJ6rDs{?$|z6)({h*r z7|c96fZHFeRAIPrUOxR94njsic=q!0X3!k~o`&T~+pjc=Y-)8-%CzGFm%z|G+0RPa zJLP~x;yxscjTy*;7+0eFdVn#;NFUw5`Z3oBxB>9A-5+HFNW}MACgBTdJ8jVeKyEA+ zt51Gl9X!@dlCuA`?&XItB(%kpKkTqjq<#?^ShUqi!Yq2v<$E=)G5YCF3761W zAoT^Co)ZD*8P#+ZkQksr=9}Gq@?j6ROr=Ajq<)5DjVpZwVuU#}{FHv(BYlr|6A5YG zOisM%RBsa)^cE}-dLBe(=D&QAvg^E+M704SCKfJ*X3nFG>#R%(wN2O7)ENMFQglK> zHUK+7K}eFMheOa=CF^YEV3#9$-Q%Yq2)NJm;Svqm>>9MYauEXfVtM_}ngr`<7BtVl zg|^-Ubix385&mvj!<9@iJP1m^O)^rk(00JXh+&<8$PR)sXfq~X8OK8<57gYg9HExU zxik!!R{D?!l3M0i?G#`oJZsXbK=#~XJ^3S!hk=Y0IWHB0aFNg_k}kU3pW<6&wSnIa z4CH~_dD_&!|MLMmb?P|SC0PjE`9dLk#&$MAuN8rT2n@;6ykPSN{o1|JT)@fA*Mt+5 zr{Q3*u0nt~_znbLE1ZXP2ez+eWcZN3n^Q{uOX3Mk(@cP)fn~MY%XBdUX4Fs&f-+ce zpar&AP6mXR58C`d+gN~kUnVyUh5RT1?b;1UrvDI&F7$nFR40`BpZim6V`#1buj>M} zeIU^`#1JLQQQ_TXlhEN0+eP^@Ow~^z9n1~0)X&Aq6<(8DAk7pD<{|>fF_iNECLL;d zJVp5UT-VDfD~ke>TugK{LxlnCG-U-}AhbcFD>ng@D)8nIAu_wz){n0pR9M z|0ZxsYH+e_7gzsG1D&Uo#N|3Y^#^O}7B(ptMf1?h9gF0vJg$Mg#{QfpPj34cfk!{6 zOHnG4d(*lx2{F77L6FB=T5@F$%tHZ1t&6srT9w^wU6%*8t)o0L@Om=^1fnbF^Cr^% zxOD0$5W~tb6j!rq&0Pem5gKUa)Grdc9g=gZ7TpLaY02^%JbkUJN` zo8(0Sh6dUgxK@D#sv8Lx187kus1!5=oe#0vpMw9>#(ug6@)85);7RO6+SnC{!N0Vv zxFOeA9?+l}UyDd6EOhNisp^&ovKA>HNoWIyFAN@msBpQI57Ij@=41umeTAan1Oj`3PD((FQ%_YSLF}-H)^MhzMNg!0*gm zKXUAdCVEc9s!**+0RwM%%CtOa&B^Ib9>@G3eG2sYaT~wAvO^yBNHZxk7XpnsXuEaC z0{5^Y(eE2JWEsayv)>(2#RXO9Zix=Bp;9#%#rw&=`19G+Ex+-*CtgF^Iy+-gsH!FC z_Uh5$68~@|+S19QUk@S;3=CsZQXZ^7`w#+1x~Zl`K3M(_aDb%nJ_+&Y=xAXN4>378 zd7BCjfNa1-6wvEx`gItxZF)1D3_?(dfCYUws|q9V!0M7UW03axw5tlH8bYLJyh7$J zfnQfsYb_TI@~GbkgzRn?um-W0r?04i0%%V&OEX6IcPkFJHUw?a1A)gJdV`Tkcyjx7 z#x}_0$RjpC0Cga@h7^1!jPcRc{G*kYHYd+3;0D)UXu+9!@ z4S2Yo-{pUtH_PEUdho!LK$)djB0wr%cz(orWxpYn3WZ(?_*A640%`;^%fE**{sT(< z-J$+hl<^2V6ta;8n3={Ub8{a?0{{Tz4Ii(Fb%X0T=1_}H+fdJY7REeydiHkD6(vtK zv{828C3%Kib+}DoECs()L5o9}eyF!^f^o=uX`|1dyPT`-uJRS?v+y`LtxyNAKwo2&Pac;qU%RLj zTEvoEwZPSfQ_=4}WW2i_;_qKQ){k=xs?~(N#`wsCV^~SKy}cM`$a;pAsvP4fEo@~A zP4ZV6ad?-mu@1esjspatG39yERQJz5bXNZ83IL){YM(5cm~1vxNo-I;p}=4gVB>ef zEBls%?osYP!qV}f_I7Kl0Ia9*W9X^CdwiMtlWbQd7sEXmse+o?ntYH4WB8{w!P9O{ zUz-*`KIkg&e2!!vZAewC-;P8gC>btg^MXp;cRJXmx(!i^g1~z@m#YKcLupANXHE`O zYNsmd0s%_DPmP%eq86o}8Z2dO>9>S#z+yw0ISPUMAXLIa>P#$PxbL8R@j^meN79GZ z*#yPq)j+H0RiAGD))}er+H={f!;wRQgD!K(Mz{I)c7RJSu}kR2ps7d0 zW>KZF0<@t_s7Aris2UIV^n%?Z$rKPMxVUY`XlrkY2 z#s3Z1{MdRa9iZj(O{0`DZcZy3brmOXd{)S0W#z~O-8M#0--^CN?ZrhjQ0O-^9mHot zCdTRzVSpG?ftXWTCgD5-QeO<)ANlQ%?5r%({fBH zgQIr8|D96`F<*6kX3{-iWb$WJuF+KQWK?D!G;fN_*=W) zc)7L9_?@4IpmG`RICjCmzu->1vFMVla4vgdDwwv^$Q7LgAHa_A35iIlsGm-?1NzB< zQ9E}R8d$&yT#I*6nVEn{0u4cOza<-))%9GE^Q^FwlM{7yL<>Gp6vqP|DKI9`NHVqvkn9ld%REih2Y%Bmz|~}9p)&PJ9EZH;y1QSpf_G60XOH2mQ0%*~ zu!3>q>P-MR1{O&=<~bj^l+q`DS3YuneLy`bj4~n?+wLk2-$peQ_~JFmGHDUJhw6-T zgB|4L<-axd8S_VmQXX2N>w<3emp~BGSHbPA*z8k#`FG#RXTJ0rQxKJ?id^4ZL-XL* zX+q!;29N&9&td&Qwos%F-UeGvSbY=*dqPn5wa%Y5@$u1qKXPVb)k)$CfC+ga=6iwn zvW6AA(fH&0W&Incl52k#@iS$MIVI}b*xv9vXF>1jW9DJj*2%M!xDa75w-J+pg>BKb zl4HuBEF&W~-@L8P^LENGDh||mD$d0Ezi5ujH*I$g88 zb8WVN?T1&aKR7--8;@o7XnUmL&%Vl5Xenn|%mIG=Dz zooYCtTt5h6pm+aCr|l~}0K<3$#04#YEni{o+p?m}${H1-Dh`Yn%gR-Q=SV~`P85`_ z{x7`kF)=YB5MY@+Kz%{T`Ap62ZQ8d>BP9LiEWl9nLJDF%^pVIM1TroKN~Jo57d6@j zRo)XB>3?5VmT6ImDIzGl89z2F&)Q}CH8V3~5z^ReFP^{ESTwV=l-D19N*WOUPl_|K zq&3hfri}7*$$E*y(8@>}cuWkA?2p~=c);;%iS1252J=WGjRGDpKGhIf;6!wwmGXjco_n(nX zIC+j8iwX=>+#nR1@oRK zRibn0X?TW6UuO)`*ZUuVK$Ma8-}RxYID{3@CqNKfL=4geO6w3JXx7OY4@z426=pvGMjd52u(lk7+H4R!l0Yi*+P6`omQjQ#MK$ z?|IeYp~A0U@A(J#TlabW@(?25{7KJkVJi8`=(FnT(Oz z9}|hu(Sn&b_b&{7`FfB4TVFc?`PR|VQHWc~ygoR^>rshQ=5)@wUi)QVQBWKAYe&`$ zIGy!g+)T{0A=ON>!FI= z|5pt7B;aJ%U(&dLCrbUT^7I$D_^139!h9l?RUB?rh(RJa&+z)H*=GV3M3+EV(RD0ojnRO z3`~n&LQ^_Bkv7`{&catCKaGwZo*mjO`n-D zfhkYD!0%GbAKzu`^X{*IgR+R;GO(zux&8R&=*wjHU#FL3LzC*x27ECj1d;C)$zAb~ zP!b|$tQekNm?nL3Yeuaam>44Ch<41+W%B_6cw+h0Cs*2)lE7mwY*4jBry@v9=&bLf zb-z`a%8!h=G*@1y`~0C(9H~aFCfSayZk6fic1Xj?T<>YqKIk>!3j~41^xVY5?ITTD z4m;E3v`2NEc{4@F;I#IK?^AYuz9{t;AsaO6a^(NI4vu3!#thut$Ee=FO%F*y_FKJFzZ%J zML2D~O0K;yE-nSl16?rCk@NRYtP)aF=;9R;6;Z#F5{b<7ePUs}5zC{RZ4dw6Rt7U| zQWs@W>lo(De*58;l)yaZLC4*h`;zAuPI{-PI?z8*A7}nyEI4;HT$L7VT5iID%lkfh z%lL#3;m2H)@%J$swEag7lI!bkvdYgjAL+%#oX_IJkhwY`k4CP&w}iImY%%XrG9PlX zFo~>Y2Umo*cD`$fv~`c{9_WL3l~x%(7f(TEc$Qp&9#!RWpez%dcp=_?s_>nm-MvLU zf~f~qsUYiAneWT&h1TsB}mU(D+)UKm*C7KtMWHqZ>8M~?BRQq8lwZzqD@bo|`LA7Orq_}lTu-O#`UQDTa*ol+$ZczB z>bG^+VkgWk@3_mClDibMl*-6#zo(|sjolkkmXdH4AZ`0U304j&xZql(du&sL@Bq=Z z?!1O(qOV7JK@9v=j8?G)J)a`?`k7xLq2?x-2i6ikIuKu^=EhP)#cS2iv;jqlWD%Ki&cBXI(r}pI>!wSev?5Lk6r$J7(N%$Lg3S22#N z=OTDp5`LUta;K7;Y&g+JjWU4`=fj}3hMDU-GYdsA#ugqS?crD-9dv3LQgqM|rnLOJ-})X35(g8+|$X?>hY-dD7@?)DGhmQaYhF zsl5Jb7CI0+Zf4@*7GMSpXx(&OE|Mo2>H9;Y^bKv-VU7iAZJzC|Y4HWBYNvhLrcdi! zC@a~+yXe5L&O~-P%-#=QlcAaF4%hRH)mj~sH#>4L*ChIg@o*1zEi|4psZ2{L7h2|i zIsaCJ$`-yB8WI>%n_^pHS(V&pj_Ry@!$n8h`;8%e`SEqmsQR5Ynr|1$BTFIcz=12T zA@}YW^(IH4v$SaQi#_lFp%lqJxEjgEg`>Ts_)_BL@|}V0V6T@-X0`>oRZt~yCvalm<4^|Tn_Eux~xMyAd(ly-q; zf3a6!Ou~@+Dj&q6w2?`QZL8fdvWvT_u{*y1`b1p^bxqz)zDPZG3S!9Rfgyf?A_QBv z$h~|1`R;Gv%PD+8)#JmY?d8L5ZO!pEHs$Ihq-Rm{t(v=+4UN?bl7KxWHG2or`)l%L z=?LS>s`b-9+>B%QPnM35yD4=QEc4l3AW$arER5u<*qDg~p#Q4=L*&ISAjVlKX%i<}ea|(B>%NGcrS^HJ>b??%~)W zy|^{LBbkup!UzqtyX+8?pIzAbCBLt}t7*cJs5m3%K`v#2#Cn@i{3HxvBgmeK3+{zk zE4v_&JMgV5Lv2-!ILEA9uGG;Y#J=-N(k$~wll_hjvuoeja+MlUxvu?9DB-@k4n*6! z!Y=|C{R5G{X`?bmoSN~jbG{dG^wCa>!1+hk@_(52yuj>?j}4HeYLuL49=gLhpcBEgSn>U7DH*6s=3~Cg=76y-BqN`whh@Cjf$s=#!|Wdw~M$57Xps$IvQiT z7fUX^;fFRw<*e=MSP#mm<4*=LHCb>DO=;mtjv6+(_%Uxkn^jjla{U1FYHa$l)EWBP zatDo8CR9Yv{w;aTdB_&>)Rb+rLqGTv;@-}L6BWgn#Km&%iZ{G#b?ALp8UM>W)gq<^ zOdh1BTK7Y@P%9Yldy&!cw99-&E{3O$g8`LI;h;{&8V12!{n<&tx%kNRv-xMVh>`o&c%&2xpT29{5_{ER%BOc2t_ z!AN(dF4@lXy-wb>z)9r!nOGV_TTY8j%r>FOu1Mw=n0{>K1QrFCl_P3XP?pLZj+aIk79Q{Sa&M@=WQBW{oL{uE`qSA^9pE zO9>(ow(DIWDMY>ajuS(tivCz!#rVR#bFWb!Wb7ExU07cBJYGwq^*B{Pa$3^0Q7ZFW zn~QH#%*p8GfhM|lUn+g1rQY*EX-}fY^>|lrBxPNv^K~S z##L5+xZ~f!%oINb&!72Dl}fGY8a0|si(uuZgM#cSW|DZ)ldbs zENC1yU>*1PnDMibslsQTk5RVWYuuB^uW6y9Cw;RDFngQHBIMs6ExwkkWvNkQv@0;b z^J|jGJ{^5R1gVyyZGbg)gmk*i70aZuyl;p5Ny5HI2}zcQq_AH-(J^9`YirYMeGTWZ z(DsyL1Avk-S(gY=j(54{JBR0k#;9|S#z*V~MK*;}Za5^O+ug5^P`WEr)~NHBMyRO- z0&X@N!EUr<3c9q!00GvytYUC*&?1U9xMV%7cc%A*zfI82_o)pFLIMR&%_PdSNkZxV z+So3F7}4}ad4_P_aZpuYB);e6Ds2tF#$5r30fO(XD)O`RGRE~|AUh$KbVoMz{_p+jbWAp9HH_mItvnvH1D8nxBhXeEl=X0-COP(b{ViIftt!M=uW?11J9FnU|E>S;4kPtv9k7NZq#AcIFu< z3l}haf$rbzyIhPCl&Nt15qGT?e*dGb163a^-{B4()Vr-xTON{`rt%2`iaa$5W9b8q zlJI%8-)I zy?1i&1KRcFLkRffm5t%~oZ z)MF+;av7yXe1(G9=B41e9J~TP2a*25D=2a!vBxn-AVx-Q)^pI}Wyjp+TTZoxywm)W zzfPy--Du3_Z`lHsGFwkLJz&4g*f7?Z{2s0)>F)fLJ@W)Xx+!KE0p`nkIKxs}niaAw z6>ssgXSqrA+fX9cKbUu3B7uQ4gyH7jJNIq!vFv=1Ms&D@D07^C(3U&$AWya(@u?Dy zrJqs(myaW6v(V*Dfzk&(Y+x;uxD_adM#g9QD%s)kUa3ZtnNQk-zh!;~U-aqcl#ue> z6IVp4>Txz=qN9Ce(%LQyedby5qST+J?D6PN!EX6Xa5w)bbPgDkxT6=2&6Hl2WJp2( z6icp%NGF1y{`2R*d&>F$zT)v$NAmw6O!WUt0{TC37#TzMw>r$<4d7po>hB^{fBmSx zzW*<&_<#QDukZi60r{(?8z?2`{A_xpmXe9IcaIt{`bzlyrpvo)!i{cu9`!0!$%}n* ziq;<_uAB=3b7SKEr5qP8Rpgbh*2}iVncVe%bVaoHzT^$_`>gEme~%QBnbQ1KpJE4w zAne(hw&}rZ-bp-=Oj->!s*Fx1eAdal^5C-IIoy6@+PDozPowwqu%M6otHux5S(oL{ z{`n1hC82Awm8G{tA-Lx^{QEb^_lX=%JAIRDk3@vZIulMkZ&nRA3X%Qu&A{`1-g~~x zQDKWuo71>s+48c|?$B%id(;5eccYeZ1Nx-K#!YZ6ePtXr;a7&90ktKz30Bj8XNZY%GhfH{$O8j!ovcC6}>y%pKa?2(^1boB8@KEHIj*0_+`oHRGpB zo#3SBm1U$S#H=ByCy&fWxp(2HD{kGYp*eXW-LwAi^KcHFhf%1eAt|#t592qWhS+JK z#QZwDUf;+^|56ekkjFGv@T`u>x`2j4Sm(5B8 z{jB`z2x;J?s2!6^QfknSv9rdx!kyD`pB>^r@>T1|!K4eWC=9N(KP{4FcKfXuSSG0# zp@PTxzEdyQ{3_+4r7gp}Mb?dTA};|Xd^1y`F@0FCQ3pYF$ zigcKltmqNyN`LkQ>c9-KrUtsvNLwp?HA*VeIvX%Er`)x`&^C57(%;35%k`}$dZqq) znpG+k)dlZu^AcK29_&ef&A(G#%biZD=ZfY@9`3+ULXpN7OI+Y?ce{el_O6XB^EU=I zP{)$XZxljKs<00ciy{-GYdAu`{5+I9b~Ah6)z+c1=d_NO2O|U!RZP*~as~U}xqY%y zwE`ob{`y+rnrs#^Hq0{O*?0itc5Bwg%rm|*&q~{5@#VxSshqI6!>n4BV;+&j?lCrp zZ#S|?+8%nwFrMHqzoT>(=Xysw^zr4A+Vh|#x767^WOk6`##f1Eq$gh~`Z7~5_zXfP zCm$t*L0NyfAw4}cGE=b-l)a=XR1yD27Ir_=1e_^)>|G8ve1XgctH{Z4=$ICXqHOeG zn1_v1jSRo{!`r`jDHMY3-yA%xH+>>5tiHwEXv_f@*5{`ofl1B$*y9r9oVmb{gd$5eUTpQD={K5*C?A7BZ>26i^c17_WmC3+_CPw zV0Sv5V!lXyrbf>BL_AuhZC>x5XKJT8CT^G{hmF(124Aye+wyIX_VHJ)8n2hjC3JiU z>KJ->WWXbNi6B9A#K`vLn8t=$a##jf`MTKKR(HYFoIH2dcag5H3@2 z_hPjdzN;5V?WPMxAam4E-`&vf<=N0u8DgLlnP-0UZDjIB_mUz~Q`z2eyG+3m>;=V>N! zEz~G)I%A}ATO1d=$`Utn%?FH(Q~SCvjV05@7nKm-OEBXEje=37}Nu`Lx3{j9Q8 zSt1t5(Jc?Ix4;*omT$V{>wI&Fqs>^ZZqGf!7ITqf6cGvq_{*xIwUXO3SL*k&0$i(6 zahIOUdlj2p#Pq~dA@TD20oqvXV93*y0)swl)1}A)rxZmx2R^?)Q{5o_qq(eThxW_5 z5bT=;h1~5;OCvZL2Dg=vQDc3ZxK?`#(N+q#GakwBG&H%lK{V>eWk;=$21 zGdt;{4^YDsyRn-$?+)E;6iwoG%cm`=dydLy+Yoi~35klHtWLxIyaD^FHl=ux*79xa z9Ho|K^lL+5B!~Dy;7F!p65=s2b%yXm^p@a+9;154@!7+BiKRwd($tA7l&c}C{#N|^ z6`H7Ed#Kim<%EW=oV)bOJ=E0`F2jkha*AGGk2ON#9D=^eCk3SD1~x!tSl06;UWN=) z=g6-*g9|OTg6_ZkX4&WxtR9(1}_4=%RkjTuaz^)j$8AWFs z{8@X-TJIr8qni^=k}^_*eC(6MgRy<8$l=~cTE?HXku-jNeZqa`^6w-zC~I??GhO882|x;pT@ca=8=g zC)~kzdETuAZ?M+{Q@n%_aFk7iHg4yJ(y`fQuFh)_6O3vrj1W65i%=r^O7JBBv7 zn8&?HzL{jOyB{IC|7#R}2ak~mvc7k1r`n;)oFbSMF3JlnxY1dqOI=KWmu;Y$20Bs> zzGM*@z0^mVtHN(fgji}%R`)Bm6uX@B26jYxda^}u=^JrZ!Bb}Nvs(ybSQ||lJbCnK zDVFq9pFWD5B5Ox*cFXH&_J&WFN%?7M$7QRTlB@{6JU>^$f0M_Q8S?viw!Pcv88E{= zqwE!4N5Rd_Z&^Qn)dOJ=%WLkNLTT?#)-=REBi{wkn%0-I%Uo_gOC(2vBes+Mr7me)5`rg!Pr-qb~77 z7e85iaOuO0S#9JzkEWC@zDFf)^gq)Rysddo{V|np zKCZZ*ig|B(dSk&)g1v|-^N=N*#rAZb_SjEf{K|*ncQ#lPioPTb{SXeY8^EY&oegB_Li~5>5u`uFEN%;~I96fq z{iJq}2OEsW9n?D~PE}LLd}|3moA?Ws931rEcJ@n_m<#eoY|_+UyYGGzRbfB@TN!)G za03xGZ}`D8 zCcE2!*vp3o(Ce6tQzH*h_Xsbcs^@a#f4R8{LYmRNDWO?)Ix02wcHZ9#`tYpitmKAo z`(L(_C5vvH(M=RQKDcR#DXZ&&k+iqwJxKTajiBGiLI>kKzgHpFeIt)z4cj&cjm~IS z0!!fgbcy@XXaYY%R+-&bMeutGKu!S$eXgg!u8PkfG-Ezr+wmqybQPPEI*k!gn5QAd z(L|SscdM3&$F0l$ZCfKgE7OEwvlzYNu2|6xpFc=fRtSo0$2LH@-y_Xr?k^;YP455( z9%LI67c5KcEBv)RmTL`z;q*l;RYoVkc4fo(DsJXL?a~cavKC);ByS ztwK+mscHB$WU^Wc?N@zvF5QFwq7>_`H@d?&-r`3-?S3cnYI7LH-=Z9jL(UENWqw43 zL<;-@ED`7nvMlr;+Nq&_o`NaSEB@G6M!i31pBTzk6N96C;`Xk^=-taI_eC#XMT`Ss!zZt{fnHx z7Q5}6Z?J-EI~?J8UaHEYa{fm_#|4M1`qHB@@Q-o-&iM^`KU>`03E?_g@l?;>$Td%U zVPEN#CK`z-;o95`_3_d~Yxnhk+&XN2g*nHC8g`A)0=|dk<%2}4SWfJ?H5Va5jM($L z?YsGAhs7^vi4WZDpsIK0_lpw$L%cYwdBq?v@UgodT<9$9RX1y7`KhY(`fZk=Eg#aE z+V1%elg?ZJ5*8-%9x{X3_rH;S{vkg6RYCgka%W#i9euolkm}C(Lx`%*z2dv~pZzcF C0|&eS literal 0 HcmV?d00001 diff --git a/ee/dtr/user/promotion-policies/pull-mirror.md b/ee/dtr/user/promotion-policies/pull-mirror.md index 077c92c5d9..ff50ef2e4b 100644 --- a/ee/dtr/user/promotion-policies/pull-mirror.md +++ b/ee/dtr/user/promotion-policies/pull-mirror.md @@ -28,7 +28,7 @@ To get started: * Registry type: You can choose between **Docker Trusted Registry** and **Docker Hub**. If you choose DTR, enter your DTR URL. Otherwise, **Docker Hub** defaults to `https://index.docker.io`. * Username and Password or access token: Your credentials in the remote repository you wish to poll from. To use an access token instead of your password, see [authentication token](../access-tokens.md). * Repository: Enter the `namespace` and the `repository_name` after the `/`. - * Show advanced settings: Enter the TLS details for the remote repository or check `Skip TLS verification`. + * Show advanced settings: Enter the TLS details for the remote repository or check `Skip TLS verification`. If the DTR remote repository is using self-signed certificates or certificates signed by your own certificate authority, you also need to provide the public key certificate for that CA. You can retrieve the certificate by accessing `https:///ca`. "Remote certificate authority" is optional for a remote repository in Docker Hub. ![](../../images/pull-mirror-1.png){: .img-fluid .with-border} @@ -37,6 +37,10 @@ To get started: 5. Click **Connect**. +6. Once you have successfully connected to the remote repository, click **Save** to mirror future tags. To mirror all tags, click **Save & Apply** instead. + + + ![](../../images/pull-mirror-2.png){: .img-fluid .with-border} ## Pull mirroring on the API @@ -49,13 +53,13 @@ POST /api/v0/repositories/{namespace}/{reponame}/pollMirroringPolicies ``` Click **Try it out** and enter your HTTP request details. `namespace` and `reponame` refer -to the repository that will be the mirror. The other fields refer to the remote repository to poll from and the credentials to use. As a best practice, use a service account just for this purpose. Instead of providing the password for that account, you should pass an +to the repository that will be poll mirrored. The boolean field, `initialEvaluation`, corresponds to **Save** when set to `false` and will only mirror images created after your API request. Setting it to `true` will evaluate and mirror all tags in the remote repository. The other body parameters correspond to the relevant remote repository details that you can [see on the DTR web interface](#pull-mirroring-on-the-web-interface). As a best practice, use a service account just for this purpose. Instead of providing the password for that account, you should pass an [authentication token](../access-tokens.md). -If the Docker Trusted or Hub registry to mirror images from is using self-signed certificates or +If the DTR remote repository is using self-signed certificates or certificates signed by your own certificate authority, you also need to provide -the public key certificate for that certificate authority. -You can get it by accessing `https:///ca`. +the public key certificate for that CA. +You can get it by accessing `https:///ca`. The `remoteCA` field is optional for mirroring a Docker Hub repository. Click **Execute**. On success, the API returns an `HTTP 201` response. From 7d1e0860b7e7b547243e2e10e1dd0a9e43d39049 Mon Sep 17 00:00:00 2001 From: Olly P Date: Wed, 30 Jan 2019 17:59:09 +0000 Subject: [PATCH 284/361] Updated UCP Audit Logging since UCP 3.1.2 --- ee/ucp/admin/configure/create-audit-logs.md | 123 ++++++++++++++------ ee/ucp/images/auditlogging.png | Bin 0 -> 105800 bytes ee/ucp/release-notes.md | 4 + 3 files changed, 94 insertions(+), 33 deletions(-) create mode 100644 ee/ucp/images/auditlogging.png diff --git a/ee/ucp/admin/configure/create-audit-logs.md b/ee/ucp/admin/configure/create-audit-logs.md index e9d60d6294..568440a187 100644 --- a/ee/ucp/admin/configure/create-audit-logs.md +++ b/ee/ucp/admin/configure/create-audit-logs.md @@ -4,64 +4,115 @@ description: Learn how to create audit logs of all activity in UCP keywords: logs, ucp, swarm, kubernetes, audits --- -Audit logs are a chronological record of security-relevant activities by individual users, administrators or software components that have affected the system. They are focused on external user/agent actions and security rather than understanding state or events of the system itself. +Audit logs are a chronological record of security-relevant activities by +individual users, administrators or software components that have affected the +system. They are focused on external user/agent actions and security rather than +understanding state or events of the system itself. -Audit Logs capture all HTTP actions (GET, PUT, POST, PATCH, DELETE) to all UCP API, Swarm API and Kubernetes API endpoints that are invoked (except for the ignored list) and sent to Docker Engine via stdout. Creating audit logs is a UCP component that integrates with Swarm, K8s, and UCP APIs. +Audit Logs capture all HTTP actions (GET, PUT, POST, PATCH, DELETE) to all UCP +API, Swarm API and Kubernetes API endpoints that are invoked (except for the +ignored list) and sent to Docker Engine via stdout. Creating audit logs is a UCP +component that integrates with Swarm, K8s, and UCP APIs. ## Logging levels -To allow more control to administrators over the audit Logging, three audit logging levels are provided: +To allow more control to administrators over the audit logging, three audit +logging levels are provided: -- None: audit logging is disabled -- Metadata: includes the following: +- **None**: audit logging is disabled + +- **Metadata**: includes the following: - Method and API endpoint for the request - UCP user who made the request - Response Status (success or failure) - Timestamp of the call - - Object ID of any created or updated resource (for create or update API calls). We do not include names of created or updated resources + - Object ID of any created or updated resource (for create or update API + calls). We do not include names of created or updated resources - License Key - Remote Address -- Request: includes all fields from the Metadata level as well as the request payload. + +- **Request**: includes all fields from the Metadata level as well as the +request payload. + +> Once UCP audit logging has been enabled, audit logs can be found within the +> container logs of the `ucp-controller` container on each UCP manager node. +> Please ensure you have a +> [logging driver](../../../../config/containers/logging/configure/) +> configured appropriately with log rotation set as audit logging can start to +> generate a lot of data. ## Benefits You can use audit logs to help with the following use cases: -- **Historical Troubleshooting** - Audit logs are helpful in determining a sequence of past events that explain why an issue occured. -- **Security Analysis and Auditing** - Security is one of the primary uses for audit logs. A full record of all user interactions with the container infrastructure gives your security team full visibility to questionable or attempted unauthorized accesses. -- **Chargeback** - You can use audit logs and information about the resources to generate chargeback information. -- **Alerting** - If there is a watch on an event stream or a notification created by the event, alerting features can be built on top of event tools that generate alerts for ops teams (PagerDuty, OpsGenie, Slack, or custom solutions). +- **Historical Troubleshooting** - Audit logs are helpful in determining a +sequence of past events that explain why an issue occured. -## Procedure +- **Security Analysis and Auditing** - Security is one of the primary uses for +audit logs. A full record of all user interactions with the container +infrastructure gives your security team full visibility to questionable or +attempted unauthorized accesses. -1. Download the UCP Client bundle [Download client bundle from the command line](https://success.docker.com/article/download-client-bundle-from-the-cli). +- **Chargeback** - You can use audit logs and information about the resources to +generate chargeback information. -2. Retrieve JSON for current audit log configuration. +- **Alerting** - If there is a watch on an event stream or a notification +created by the event, alerting features can be built on top of event tools that +generate alerts for ops teams (PagerDuty, OpsGenie, Slack, or custom solutions). - ``` - export DOCKER_CERT_PATH=~/ucp-bundle-dir/ - curl --cert ${DOCKER_CERT_PATH}/cert.pem --key ${DOCKER_CERT_PATH}/key.pem --cacert ${DOCKER_CERT_PATH}/ca.pem -k -X GET https://ucp-domain/api/ucp/config/logging > auditlog.json - ``` +## Enablig UCP Audit Logging -3. Open auditlog.json to modify the 'auditlevel' field to `metadata` or `request`. +UCP audit logging can be enabled via the UCP web user interface or via the +UCP configuration file. - ``` - { - "logLevel": "INFO", - "auditLevel": "metadata", - "supportDumpIncludeAuditLogs": false - } - ``` +### Enabling UCP Audit Logging via UI -4. Send the JSON request for the auditlog config with the same API path but with the `PUT` method. +1) Log in to the **UCP** Web User Interface - ``` - curl --cert ${DOCKER_CERT_PATH}/cert.pem --key ${DOCKER_CERT_PATH}/key.pem --cacert ${DOCKER_CERT_PATH}/ca.pem -k -H "Content-Type: application/json" -X PUT --data $(cat auditlog.json) https://ucp-domain/api/ucp/config/logging - ``` +2) Navigate to **Admin Settings** -5. Create any workload or RBAC grants in Kubernetes and generate a support dump to check the contents of ucp-controller.log file for audit log entries. +3) Select **Audit Logs** -6. Optionally, configure the Docker Engine driver to logstash and collect and query audit logs within ELK stack after deploying ELK. (https://success.docker.com/article/elasticsearch-logstash-kibana-logging) +4) In the **Configure Audit Log Level** section, select the relevant logging +level. + +![Enabling Audit Logging in UCP](../../images/auditlogging.png){: .with-border} + +5) Click **Save** + +### Enabling UCP Audit Logging via Config File + +Enabling UCP audit logging via the UCP Configuration file can be done before +or after a UCP installation. Following the UCP Configuration file documentation +[here](../ucp-configuration-file/). + +The section of the UCP configuration file that controls UCP auditing logging is: + +``` +[audit_log_configuration] + level = "metadata" + support_dump_include_audit_logs = false +``` + +The supported variables are `""`, `"metadata"` or `"request"`. + +## Accessing Audit Logs + +The audit logs are exposed today through the `ucp-controller` logs. You can +access these logs locally through the Docker cli or through an external +container logging solution, such as [ELK](https://success.docker.com/article/elasticsearch-logstash-kibana-logging) + +### Accessing Audit Logs via the Docker Cli + +1) Source a UCP Client Bundle + +2) Use the Docker Logs command to obtain audit logs, note in the below example +it is failed to show last log entry. + +``` +$ docker logs ucp-controller --tail 1 +{"audit":{"auditID":"f8ce4684-cb55-4c88-652c-d2ebd2e9365e","kind":"docker-swarm","level":"metadata","metadata":{"creationTimestamp":null},"requestReceivedTimestamp":"2019-01-30T17:21:45.316157Z","requestURI":"/metricsservice/query?query=(%20(sum%20by%20(instance)%20(ucp_engine_container_memory_usage_bytes%7Bmanager%3D%22true%22%7D))%20%2F%20(sum%20by%20(instance)%20(ucp_engine_memory_total_bytes%7Bmanager%3D%22true%22%7D))%20)%20*%20100\u0026time=2019-01-30T17%3A21%3A45.286Z","sourceIPs":["172.31.45.250:48516"],"stage":"RequestReceived","stageTimestamp":null,"timestamp":null,"user":{"extra":{"licenseKey":["FHy6u1SSg_U_Fbo24yYUmtbH-ixRlwrpEQpdO_ntmkoz"],"username":["admin"]},"uid":"4ec3c2fc-312b-4e66-bb4f-b64b8f0ee42a","username":"4ec3c2fc-312b-4e66-bb4f-b64b8f0ee42a"},"verb":"GET"},"level":"info","msg":"audit","time":"2019-01-30T17:21:45Z"} +``` ## Sample logs @@ -100,7 +151,8 @@ Here is a sample audit log for a Swarm cluster. ## API endpoints ignored -The following API endpoints are ignored since they are not considered security events and may create a large amount of log entries. +The following API endpoints are ignored since they are not considered security +events and may create a large amount of log entries. - /_ping - /ca @@ -115,3 +167,8 @@ The following API endpoints are ignored since they are not considered security e - /apidocs - /kubernetesdocs - /manage + +## Where to go next + +- [Collect UCP Cluster Metrics with Prometheus](collect-cluster-metrics.md) +- [Learn more about the UCP Configuration File](ucp-configuration-file.md) \ No newline at end of file diff --git a/ee/ucp/images/auditlogging.png b/ee/ucp/images/auditlogging.png new file mode 100644 index 0000000000000000000000000000000000000000..6618c24d1f318964b7712e356c78454d2dbf5314 GIT binary patch literal 105800 zcmeFZcT|(x);@~50Y#B*L8V)QNSEFO1f_)Ddr^=YLNC%)L=*%xG^K^!LujEF8z8*~ zr1zH4A(YVWik|(Q^WFRR9pm>K<7AAzG599$yXKnZd7e3!?=;jDsHy0w$jHd3p^A^S z$jHvplac-P>MRBL&9yD2a`59XH(998S@7~Z`|K@vPv*T(6ra_8~>?RrXv5e01#N{zBcUtUt(*~R5t-8+|va)MRPH9?lXH!m7 zah&$NbUt*~2yOBGmBp^yrA)>PNae_oS*wrGchR%T7s9UYx$pPl7gU`b9v!RVq>g=hcQ{%;!@{(M5fVdZ~*85%M~06VJu0*m|KTerEj z)kVjDPy3qi;s7e)lJL*2E_7C?3+9gPzgJF%&B@4k?CI&baDgt`#nW?ObFK}GG8PdN z6U)uWnB~`}iY|HgHk3P;#U#HP|L@Pe$k&sRc?nFWlP({AzPzKQ~83R z^**zK<&Tevo5i}R?d`!-lZCTo!F3?q%KV)wcbFn-pDpc4ksaw7cF?{YB75fx{iVg(acLil*Bq(q>Ml@Qko z&kFcoP&TW-9f2(J$)D(4oj$%Iz{>q7BvKBq<2rYT{n;~XyseH(<{iq!j^*!L)6bNH3qfer>(yJQe%y=}L@Oy;L|WKZ6AnaTh!0b+5N>^1(iuXD0 z`BiI+R3 zc9|bU)*lBH&mY#RwB#-!AjZZF9`<8eyb(+&q6|iLtfr(MG3y_Jm%I+FTpwSf*nk?c zRWW`FoaznX)%HY)LXKO4p8UuaHua?$rv=y&3&VRjTy{+;w#LgYyMS+*Nd3!N*(2C_4alRi8Q1<+$SfG zKiYB)57_a@|L{_WSmd+J8CB-&{b`kMH&hoy%w>euHnKvxhX}9f@?L%=ix*it9~K&I zu91>-a1pn^D>aziw_r?84xFOQZUI?sGs>ydc7IpcUvVYAX|vWmP~XMnU2XulkI!V4 z2w^Uf93)lLo3PN(FpqoFmCVmqxm6Pye%VTUZ7Ah`klDw#^WM{V`t&20_rA}55WD#2 zPYz}596aUr*@)01-Z}qJWySuYX7m15f-xz?rN+c_10(Tsb5n({Udhf~zxs20T#cK4 zQ2#)$0}>PQjE^`pNSNu>mH(Ntd=Lj~=?ldq(E9SX^!trjD_{$CwKHw3?WV8yVZcRT<%CU2?b*f2l(?qx zYzFbNScvN9QjIV*b^Lv+PFW9$x-k%LVFBkya(Ljzb|5BcwX$Q?5+7uWNFT^kMlfp2 zTbI}GAL~nQO`2YRpl92KC$zlZZ|!Ws_DT!i6B9C3e_#CwZX_t?)F39!JGgo#vybNj zL$`vuv~%33DQxk%L+$awj?J)_s4TMm6B@YOy-H72N!LMm^};}c&?N2|w-XG67ZI62w$JB7> zqA!7(4^fTOmdZBJ!YXdigrJ?glE$CU zUlJ&IuxY+mwm_iT-qi&G=Yt>O(>p+VuRD(U!_3LCR2mv6 zGS%lenf>S9iiiltu=>jLQYbSGZdLySISdS|Qa_$tU1)em^{~sb>3IFEWmd$@%2J`% z@xiA=MkWZ<*mJG#ZMHc!$Hu&`@F;|1CF*lhI`0BkGz8-?`tZbeI-sg%-~)twurSvP z8EAsgF)+w5JRb+;V1lRVy=Y)mM=Buf$@drnrOcR1ii#9AYA@EZ!9LHqAqk^yK0Y#j? zJ3rxW-TG^nz~ANZOU%EJfQejylqCEWGBR%1d}Q?3c)GHLn0U0*sA-w2YH)xr4U{Q(?gAQfZIH?7M#|Ty2T8X2rGJ;5|L#DZ z|K3N-)}O7h5JFY4cCffCu3smm0S#flO?8{xf>&dCNu06>sUmnkntpALzqg2ig zKRZ(UD3JL8qQyWYy%0p_ zJLOKUVA=0bAuHti19O1^Z0C$Dy#c^5D)w~CTp^_yd>(;bNU;A`tUIy81G*_C8UA&s zRa!;rx>IE9K`eWM)}+=JA+NT)bYi^0Ajznre^lKF7pXczm=f8#>T>uR(br38Xfd}N zuHl6urmsYW@3h!0$>*f-V~?y)fQKHux!CQt7LYYt<}OLxl%RKkNsEaO<130(iCa&W z?%kld*nrK8tV>GDQumQF?>aCPxXz>NV;u{=SIB#q(O>e!MpDe@(<;6DR%YFO(t;{w zA*`(I92~e>c)SqouD<@@R{5zs2ASWxT}gHI>Q(y|7QAYOd6{dtZuggwEtQ8i1vp3S z4G#Im#A2yNI<0NIj_D4MSA$L(e8wB{72GWZ*x!MtDJK!rY}c-j6so-vye%m2Moz@vO^#(=1U9*1oHS|cJ}=T38kf5 zR)rLm&;Qx2zstR|`T0v(p+QbdsbBqT^oI+VUv5lU_E1UtsC3W|MCpjn$$Va{jMBqf zO{=k*5xFU)*^bRWC+&TLEbsIKP@}p*XUTV!_kOnpPXM-A*Sy2D6?TP*B>Z+@&Yqj&E zNh-NNWT@~oz@~h$YoNf<59S-&)ubNz&^cxD8dVLPr7sgbYCvqyI0fct<74%XzC|+k z6@RK!Hr=6RyUR0`D02!Rr;GBBp&Uu_-xjv7UQxwSwtf9-Mou0~bXnpU^J*sR(|%kT z%OG}JKq9+0ppa*7_?cBgU9|FT{=0f>{zA%#?H*3`w(l!w>J>W}EWPIurR_K`CkaUJ zX+z^mR7e)yQ{cFFulwB*K!nCy8Vxpoy2M6^r_E>)TzuH?`G*wjImz0)T!C;(# zPLh+8w~Qw@f5|cO`%e1wq&W|WNPPJ!0wQ#_(5>^sO9%lsY}Tn3Q8GJ+AJoMYkRkFU zKyl>jj%5>=$3L?ui9Ifs@i>j{NlLAo#Z9NxQARFybk*0H#A&0Lk?ZvUuDZ8{oAy_l znPM+)M@6Nlr_HF@6C;(~`S}bH{rND3^vJl7nm5#o>1)@HNr6LxUUm1aqm2X$dD#>c zGP7(JpFEC^eFN|PU|gLKZ_ARONQt+Rr8aLTLL(y?^8hqp&CJS`OD7^S#OH>&s7F$a z4@Ofyh-0oYd1(bmnQaopPjXHNDrmXJ7az8UnCF_dWo?Q|M&^W-MuD0`Clki6JT^8S z1%aA(nC778c?603KHfOu&Y<1*9Z6lUTl#Moe?{pH29(c-5kW{jjjE!=nBM-|P7S6}xp%x9hxdkPefg#{$>6K0<`-{w^Rt*)4>$ zjP#j~NmOY6nrBi{QyuJXHoH#@6n|Rle_Q3wv+g=K3034a)gPL; zHwf!ac?mMU-W0E>=r7xul@*kBwi>&*xY5$m5(f`YEYOV-6B8lOp`jsH7Z*NR3dHRE zd=>>Y{oni#V@m&D8p>f1Ai$jS&t9GO^PgRq@tC@J!VegT60}W2$>0C zubOLU|eUFdp+q4heF?}e+Y|; zvZplDzP0Ym4qQlQP3WKY8)dFP|#nJ#9 zx8&LZG#ne3U32=-Z}un6Q_>zD&mj+|XwyV=PA`RBuLDx(89t( zAn$Q-aS0NwtgP%#j*m!cpO#1=^S?L%_~z^ZZp<@+54Xv22+%4#+$thAcii;>2A#fq z8DlY~N8(zD{u1aJjO}PjJSRzDeZi?R=TdvNu{~vYkZABy{B|VUoq`i6-;_EvuqJVw(fcYQs z_D~4q;^9h5^tbY5EeqGY-cnGcrg#EboUkamlmN-MOS|I~!Z$n+~eRcike7Jsg6|6gh|naY3P{)binYmNUf#(#a|Kl?IdDy9GQ zv|>2#-P0iPgcANaJU)9E17kSY+}s4MJDqTBs)~zC@#QO5!aZ16SOB{)z)Wosy_6Ic z@5f3?O3r}>TR8T&k)8MNr;)1Wi+n95rBKhc@l4QK!>><$|J}So+yeC`Qi_-ZvU`7- z-4%?}gc$)BoMTq^H!B2UyFNKGx3ZFnFRW1uxyY0^Zjo;Yszn5gwBw2gQNzQ23VcP4x=zlMtwKY+p}OV;S>=wt}N1{S-dPimhvCqM8mIXpU=U0ch}QcW-^ znbFJSHZH#*bZ~I6H2HNM$Mdf?5BVReY(fjrub_4N4QduC71&@Qs;D6+N3kuIyDu9V zU_^~g`iMlLtK1fD;K8@_!q9bvJ?U$GSJWS*ihJO4Olv$55Pf}p54@+pM~uP`P2C>&9Tg3Y{#dmPZnP>)R#ui{TQcCV66@pV zm#9}@a0?2$sBsR!XS0+mSF7WS15gC; zH$uPm%=U8W3@a4e3MFXkjO%A#8Lt~LSObr~yuAFL@cQ*%D?_Et25VzAUcp@=tgLbg z!tma&L6q1ux$_>YqlV+-;|m1>+}x_h6^=0wxyO%hOi)4rUF)$y`a70M0=m0lC?PIR zGG*3kqxnZbk)=-#wJ9$y59VsW%hS#-_t{>|HNw~@m8zSWC4((Yw``7JXJ>~71Oxyt zN7NmCMqUHY+MlI5!jW55RHSjRbCm0Uu*1&7V-`*?)QcH3%Lfi|0}ilb?vEc3XiOlI zb!o9DJ@oziXvom7UpeYXDZPWXddh>{wKza60j0_U*S0h^W-1k)C%Ns5z}tVK|CmsJ zv}0@;O(r2BakT!OM(@^{-0jraPkfdf+u@OsgO6w=Z6A>FpdH7miMae+(yRe?XMbw} zkJUH-2;nw63>zpo*B8PPU@N5cGAb(SuF7-OndUetMqVzi{vaBu9B{266FxPBnLk!r zyYHEk6Z+H{*>L#Qe8(Wz`EUY|ZR~q9cB7M${KtJaS8LXmma>rpgXZd3Hl*KesQqAJ zk}!PO0lV79o4pvuTmJ##f$N8YoFcMQcetqx>=*+wTy%7Ffx7gO4sXLD0;D7$s8LW0 zzM=@b&O2Zk8Qzntom~*I2B@OQ_;YQ`ruRTNb>W!^JgEcy8weEe?7At6;jPnw8ts2K$P_U>Cs3JA2}ZajVZlwNpQEi)^Neq?lP zjL;!6(Tc@ldVK>XznseN!v8A1hb=TU2As`jZz`k=DdbeJphQ@C4+K@p^56OQYJCi$Em4DC|L@vC3i|-R!fgDYc8X*pB&GetJ;%~ zlA7MrY2SKwGe*i5$!A#&;>niaFX=q_Vztie^(Fqwxme@vy_rbk@PNt5$rO-Wa1kJD z&I++Sc&?Eo;l(dY@h=XmBhK+7&O9JjGhJQ@v08uNX!$yLbkyXCi09R7R)Ru%@^tgx z6ME7W7}{v04~xva=K?|V6XdpthzRh&>~!~U>Wox4HOvnF9_IKWeF>!SN)?2*7H0R0 z%*v40L%w2{R%tvpJCJ*X0C~L1!s1j=0UzmfpHP?De@sck9IZo~-wr%EFh4pz;OIyc z>-)5m0?H$}okp-oO52a-W`GZr&HXll2T;ankqN&xd#WJ2zAPw*|A9D{LwG$1r2OMj zn=U}(^{gW1F~{9HY=^G~3ey##{Ny}l7#43o+DKje;wjZpqbgY9FxfHy z^3ZbRJB_r1-+=T{*(3sMc2__^o40oTRq=SO_xX+_33X1rf_}?LNoxo58c!6~M!;?U z0&poM4r&}1$W?dMk2L^j5E&K~6}4R*^{zfx_2uy%1CS(<>slCOsfoc!$H5_SdPd#8 zFRNn{2y+n9gb)enoIZWJzacO%eGNpXtw(`e*fsjpzrDP?#sYkoY;S@M9Q2y#K2ouF`qtV%+6kwT>lb;$e5nC2xpSmL721rj;@o(B(+4>p|6}Np5HCvc7&WE+{@Kf zC(aWtIA8xU&s3mjvlB3LCkgM(46IL*I7W5%2!zA?ITEBvaH_W|5P=W(KQ{=R{&5av zQq_w)l}&Jw8f5YsWzTgWzQiAhXwH-Fwi6g223i6`yzkV?IjloSXvO*OTMoz=1Y1OS;3 z1B`TZxtYpw^!T-glln_MwxEhMMKHnq<~j8XyI-6-BWT}m%WYO`fG7hKY?;~FZGC-P z+mfPJ9#qamNQATBmO43fv*d^Xo^89>or+M(7X1tWt9940+O;sb8qXCSAnhC;9`Y=C z{2qy0SAPVWC3)R%P$PsxhP9tx$IZ?VxAndgzjE+!^yX$jRz`gvGL)}$yQy#LT?M

iev21vv+Jga`tKDo{>N4|2DTt!HyqsQeQ7<2kGQ#k` zqOhT9Jn^cmsbO#mh*Q`K8- zc4j6+8{iZC9)+8IcemGA?77UnOkw1dl=!`k8Nf@7%4}2RBN#pS;xuz-XP*K6jSg?4 zPV+ZCJqH5=!;B0e1_uaC)27EDMp%}@isHhJCx20UF8{g(rt@rUY^tiN7~q$$borq{ z1n~<9gcAVTFx!l83k=NY?W*@Pm<08z$#rNq+q@xw>g-uCR{IJNtL--4Fd>T{qynsE zVDPD@{;=$v)k~J#ZDbNirY*QypoBL`8-oYG{fDtt;=qXI3y$rUekUtS%XIa-^;xkU z@jAbd@yR@1B7^oh7Xa&07)ofjvap;{A%wkuUu1+{zGdGLFBG04V`4J*{rG@L1QMK2 z^y%wy^jY?m2EgRKA`{VSjq5}_8VGSlU|?o2A6;)zwlq{aD92Qqlk-!jrW`(^OF#Yg zt*9Hz%=Gm3xbIrh){Sg6R+IGyAbv{4=K=1>DJqhFPuT2ZXipGXOM6Ap*cfAue|LpX z4{sA0IyE~BadL73+3=H;zQ?`5341;MG`)^^Ou@j+%#1GDOp=;jPy>J$qH`c9O1Pf% zYPxf8q8$Jerjh=7XEZ^=*yr7+h z5Kdu#%VDTQ&bZt`tjn9{Q1bV9%j84^5cPCEwih@wHX(Hs$EsuAfLVf?(V)oDJ}1Sh zXa=bYm8VZr!GM~TlMOFrNazW!e0C0uCT8^3+bz*4DXK)*BqW?ZJmT;VD$c1i0R11( zEfQq@`>|Z}Jpl=0%$YNDGb>j8i%*=KE_gB0y2;YfecmK&6y862q~=(drv9UKU_eg> z1JgAEqaAUNKneg1I40SQIDd!?Jhsc57^3Oe+S=kQYiW}x?dU7ryhY^2b{|=*B#LTE zcrJGX_K30Ra?Gd9)mq9q!xFGJC3c{{BOl;eQWdh`=;#>Z=;iDz7z-OHuu~Dy{0ww- z)Aa`cVPcGc&mD=49B(wUh=Xi;`V1#B3%87y9K^&nP(VTMtACQDpSC%%)Y{PH4SKA% zlBT||^{zFbdkYK&Vq#;nMjT6-Q-S^I;{|LA0kz@r?udx6$(nL@b{1XOh5%@B)d~cU z)nC*BCr4hHnVA5*2Jr8I20gK0D{=ol*ojOEY8-Ow0q91GFMwfl@G86pNNq}}sF)Za zLh|f)LmmZ8w%E{K3Di=aR{?!N0u5m;fEY-G>wa>?^=dlRZ6{)-l+BVI>4ddT9S6iq z6WpL$O7`*d+(g5Mqk8$=C7U;QJY75oBp*5TElv%5KXM!`G3Bi#6xKiARjsP2vj29# z!Z~da4YAu^zvbinW308cbAbE1JiwT@aQ%g-@%`EJa>%zr5j|y3CF?eq`=~Bd%A0rY zsfEQBYK$+j6v5$eA@?WJlHx=&vDk!CIh<&S|DeGSjLpKpXTW3ajSn0e89wwwDqYl(0__`KLUz6V20Vbwl-W&u zqFNJl8aDx?v^SR9SVu!6MKwVf;3!oD1kk53w=PMWr0jRoGs+6AOJg;0#}gMOJAGS~T_pIraSf0zytx)91_Ay625zqN8nh>yPwCz(8DCK$|eMcRr~G zHJ%uqQFrhi3X)-TK} zd-MHc^Y-3(V4xg>^bne!Uk3_#u#g=+_<+-R;Rd=kRi5yQFs&WAgtbBTh9^lZPWD*( zOrgBC2WHi`+ctHpVe1d;jz$hHRbA|1p3H;9Kj(jK5Q^iVig9YGeU(uhqThy)v=mR zvD2VEy-6MkhV8R}5J8W3n{V#{f5CZ3SnT<3E8w-tXj$b6$BXm;eZZ0{J1Yx!0D^eC z7UTv!r(*Raajd=4yUzkPW<@)0?9$;)#g-oz?DlsFcrRTf}g6G=cAR>gwuSl4I&b_Nsb8$BerFhetrcHvd+ zw&}CB?W#Yjo*6i0?+c%Mbh^T+&q$ivu+Y@^q(9tLoNmNxbu1g?@3G$Wn%JXDS*RLM z{F_duwiRBcos=Y~D&tZGl& z{1ZtD0FxqUca*h$Y|PLLIlN`A-gUGzMy`tBice}Y>ZT|?ZtrAd1rlH4$dTS#Ys82Z zq2;M!qaydJ)jGGI`;K5DKzAB|eeFnQ$?ayAKmhe_PNd1XVI0SdJn$5px27__eg96& z!h)ue`cyFAVXTN~3imYv5)hbL8?Dq78SPdj!9Wv}TI}D)paK`%SC#SjRk7Ay_V<;$ zD&5r{cyKI$8z2vC&Q#vyWHoMN_ZlcTbSq$pz>(`ZEiE`yks##o>pm+R8>}-?j94T4 z=n*zY^A3sdf#w*!sPl_t9~`?W0675pFaCIEfHES~+`fI=ecQINV!16r#3{LWd2J2- zH7G>q)3huC09kv#0TP1$ct@chd=vO~ML^D)%1%W}?tJoG9c2g6%?+sI^Yl7?kf4gp zeBrM$dcQmZr5otGyi5|;GR54i&6nYPKt1AoaQGslck(p~g)%WUB`hEVaoNagKN}n8 zPAlAtiI2~_$Rw^)?F2|JkP}RC<8?KFE9Zlh1K4Bj)bzYAT@8Krzx9EF8=SX^2)m;MDgw)KR5wjj-kMqr0l{ z+w}mXx_3$55d=I4+Djtfw{Oe(6So2Etec*mF7v?ak%;PWv1K+mp7Mlorc)xs?r?9T zwW9<3ihLniSO&rDJ*(-zKNr{9)uj)xo4D6%23zuTt*>9d0@OWFY}vfM)fI-V_JFA( zrH<0jzX$PN1d_yMjo?D~xXy{ll4_mMz8h+!1WegDfYHIf$GnYmd?wt3u!5&o3gN60 z#>N02f5F{=2|FTy*;Z=~E^;5-QNdR@lv2?1dQf#SOaY8DLriDZvWXseoW|pf&CRVY zUq29fufoH_0aY)jxX752B%#bwVr^ps1GXD3diq`LV9av_PA}nEuyKvhnIsW@Yz4@l zpk42QuKuB1<XzMpc*OzArc6`cq%y9Xdw@r4mFdJcuX&lf(n3+ZVxmngi=U9 zQq(1_r#|rH7-*JD=7lZe<7Qh6U4z^eqiLk!1__A~+@4h{4c`1SIOqestlMC15FJQT zSm^IRd6E2l+Qo7>%zJBo2@rhbg9i_`XQR|{N4v_>=z;<+|Lq>BuhrcFd{D*8 z+FFmkpa_G(MyX4A_h?^a6nD?*UAcAZYttqW1#{Nd&kTcZ1wi>E54`i-Sqk*q=^s3Q z3#e4**|@#^eRe^?GT9L@F9gH&=lV>(qy&?dpnBa4XE{*`_C&P>`~Ft8E93b9)zT@x zOU+>4v=AkOo0L)anra(V;Ik~5n-e&&eo3V=gQ!2r8D6f~84Ft=zBT1K`%B~F?KC`O_e@o26AxeQ1SUd5}t#P zl;(-GhY3x)dH0IE`vob=8qh#5E9XqgZjiK`ota%(@xSw}>{rcNeSWSs@*{+>I%d2( z?u(2U=2nYPR8i>%IuPO8`L2ZVfr(0&D3I?R%H=_x1vzAPX2#O9R#r|~RaN)dtf82= zc+1F$F;K^2JW(ZA!Kp}oel0ycJ<#J&tD3jAvRWFga^`2K8eZl1Q} z`m?!Mx#qjB?x)E{Z82wHOAXp5++fm@+ptdUd@QOvJt}nK1#B=cn6$4K8Ku&apC)0f zn$@6MyF86HQXw9;*;Ue9{R5^o*jl?QOrm}Ui2iy)%;mx%F)<(4;WpyRFT0!0V%Bq}knQ0FG-#(k{zT*(VQfBn?YV^Vm2C1-PS`ZdMu|LVPobOCZ|MpE5+Iw=m3(B3K`aKYt zC^e*%rIKLfrE`~oif!Ku$>>GTEG+2Tlm9ue`K9L^nT8c{7smq?zwSTYKTss&4~~G~ zeimyZGT^>DoJH2u*mD=SR?+6>QsZXeAlV0q-CAn8tA~r8a~LXhYq}@d2r1 zfWr=h`k>pDhY;P^wE#jBvDSycVfF0Ur~2zxuiEZ!&JmYO)m7o35hEh_hgWL|DUu{2 z1kxOM{{ACF3m7LS#%^5YlBTA(H?gdMx%TrGo1LqW%{wVk53LrlORnMp9X`I+kM)A z0p0{i6%^s-7%h9|isX-XoJ5#tHh>7w3L5gMsU7{b-Z_5${(=@i;7W@3q+UI1jb<0g zxc%q!Z;lUyp6nrORdjq_+4i;;m^auWbR3c+GGaU0+v>~VbR6kDIo{{v6cN=PxF-WF z1F51LlOxD$%7|eMl@Q*`!zC8dcoHzbZ51phM|{?)KUhLbMz$_;A3%}1?cTPmUIOS8 zg8|$RV7pNOT>!1g)N4Xgjijjnppz$RbZF|n)GN0&@9!i&kP28en_6Nwh<|X9mj{#! zvpOHUsc&+iRV0!xYVQ){(ZYH)eywtxBf?>P5EWe=nZ&ze>V}59j~9BO@!i@$Qdf z{`uV(3*esr@e2F+zh-B+2(!#vJ!81CiTJA{4%sJ zT|z)OIXNZwC;f5bnd!ogBe~ej%>UepOyo51W{nn5T;~0x%}W5{BsngtA)VP&JlA(2f|dA9ysYPQsiv!&3mJiU8c-wsDjb0j*Yd>y5j;*S^%28aycuA&k93#>63cNi4@r3R^ZfF|e`T$67c8 z@J6GXvS zt7=aNUT8I_<~C*lGrYUN1WsQ|Vu(B0jUZZtF?1Iwgkb#|>MHf>UkSL_%DeyU?iXoQ zcZb`wV1xPLt{q@Qd!zcy243E2?yuAK4fb$g;|z)shEL>zLbB98bkBcp zfRlBe)m*9X`b2x5*ZBZFG{){FBEp(&(pwyrjoBUizPWYl7H|oj_isxV+;Q7> za`JMVVytpYOLVTDo`~$4npgH%9p@lop0Pwu-uFLq?Ufv)U_jgmmzQg7f+9}C`tJ>n zVi-j5Up`t^yX`$Wg7rSu_C>Cm5{4yM>e(9C-@kH{2>C>BogS}*g! z7Opok{yxTK`e68~0Rd|F`8Y1^XF33MzG-N{{YBn_Z8XfaTLMF+{cpHO%AU3fV^K^Q zBX2Gs(2-uW3V;4pAPw=~E6>Qv%m-s(;4aoqYsS-f-)1INmCs;RLyfy0NkYcI_) z-e9is{+8RA_rY1A^L8fWm;PWG6DCpyhJr~{2vnY~O^BCQ+8h{GN8-N5#=Cc{#Pd{C zz|wp!nVoC2167G1^=jRE7FeMxMin1oVsxwKuhG)7FIklEm+*VsVmCxYM_QQ@yX5SM zH7sC8P^nARTUO}IVLrdgVao@JRjq)4R8k6=(Kk2iqo1<5z1=~x1zMSzly@WI!rWX= z<9cS;+yOHHW350-&eQ97q|0_sL$bzG6MwCP&^YQu`hdsDYZrSBw4JBIVV%-N}_DyPm!C z(CZj?f)Q$>#FX#cJ8&ANb`=)4aO`0>q1Sh^RUma>pG>NC^T(AB>%NJDUfx%GgN9?F z=F?=AV&U{6n!Ys5!v5w}lM+I9{W)6b&&eMP)7jJ%5yRz=4T<^SzdKMLoH-5b@K=v6V~@Fn3%`k&w>L=c zby@pMbae3|fvLdWg!K&HxydKsAGQeiYQglt{g=aXvOlGu#o|p2=w1}^boxB+eeAzC z#MP0|prI~F)X1g%`%lKpqx$U^4sZvZ?-S~LE*s)3*U@*c-6f5tNk4PaX^2>*^H=yh zQ&6CczWT&cn{Z;+ka+LO{Ts)w%OERDZY~R2SzF~gRoqvl7m=?YA1BdH&=0*UedJeF z=#Sb(TaFCiewAZ9*Q9gM3%uRKs>T@4KD{yFB6M=1Utkp{5bYe*7A$AVU=uQ><;Xa6 zUJ2#qQ_v0z2@V5?uF?yWB!GzXt4<+O&D#w4V}JYZc)4xe_O`oeZ8QgzqcY-0UF(OW zB+F243AT#R^eR3*^hiqWp`WC~P@XTd6(2h-+w*dIC z&V^l`EsT-LWGlef4awGs6mnzMLdc~#`PiYkcDXUvu5)w+XM_!Vt?Lu;SZ(H2{fKAc zS6uWE{aIGZU`X;yKQlvIN*(3J#mT9O*|h~W=%%xmKHAX~V|_$HSR96qo0*At{_Ycy zky+g&A*P<9Q~qUsW4uO~r|I$&!iog@!Q(bD@GnVFU05I7|8zqxDN+-djrLmCTm?8> z%dtz{+{U*i<*W#VYkd@j^I<<7Ks@=z*%twJ3p}}X+*Mc}8Co5PN)YL5(?)hzh9LXD z-f1TBJ>wr;ZTiZHS9olXq@{u#P8rR9mq(^%mq{a}9M#dpV~jCsa2UM}rT1-Kv7g9_ z$puRfD|73Tg7%)d(#)B$5fgg0XTfrNC=u;GyU0hrx1Z~TX5QS|U>8a@7j_&d(S<>v zcS5N7bcGD+eNcL6V_v8@9dl|klD%-fukvZp-3gH?@wIQXV2mn$Yh_p5b-VI*dKx%4 zmZi2bV%MJY5m<|pFJLAXZdCcKD$TN!Q@Y{daX>w3!Xf~2ldpSgF> zw%6O08c$dw4kI4GVFH+Ho_R$?QzR4W4KL-oehE3RfptyMXvTLqoIgcE_1`%J(G(YQATAB znGp5@ZQs(zL1#iDJ`vwsTy|0t6s2P>lwf<10|xmfnvb&PU;#ZT^>s>-OWSmP;;8tL zJlH}6aW-to$E}Gni|-v2n#CunrNzP3Gx_X!<=rDZR8Brg1U6A(Sur25TQ}c+sG*u5 zD2!=1-jN`>?}#8EK)|C5muC|5{N~_zRPDhDDc^p7L6taoWw_WEX?Q^79wB^xB^Q4% z)NDU4_!yzGo8=KUPcQ9RX1Ck~5Q6g(6|}ee)R7950$oceuiwK-lzMnA|3A!qWmHvb z)Gi(rkD_29(ki9W-C%-%q;x7M-Q9?YsFZYfv+3@T?%Z^DcjukkIOlw0+;Q)p`{S-L zR76~RtvBYJ@0`zko`DQ&Oov_qI^INvSbmuXVt9EO@i!vU83vlYt4mX)V|*U1z_S%` z0&Ge^Wfii6N(!M8qVKHOe;@zH6P}>b2icSqVv-6r#jIQY=_m71j;2zH&a=1s;!;QISxXso8K_v%PAuBuhC;*c%U_$^r*DNDxNVT_K5) zsKyAS3V=wfv9sz)bFaa7*OE}!iLZ4OQZRNFlqZfH-~ed8UZ8$B-<)B#-e9Oh-1Qtl zaNj(<`r7O-?jQx2-s!5xj=l}wo`H~m+i|QXy!s;QX5JEWc}BI5^8VIN_3OzsS%ctf zZH%s*Lcn!VXC$Tw+HK$Izfa4Vi^ zDSpAUa<=nDCiUP&#w%MHfLHgKdn~LuK-`-&v4-H~DWTd_@{>tbHr&AX_(-6&oOC^8 zulv5BWEvXZ)swOshmpZ2eK=$9`C}!-#B2xr-gPiCKL-!e6-`>9-B<4XP3%=ywU`KU zken~MI6NF;lVG1KA+F55#~Bq;Pu@m<9^(+5xb6*27zs3pz+g}MVil5>;}*YnMnmIH z#rFHx!adm$1*0e8f{hPtGzO^@ii{#w?=ZYlb=WG4o4kC>@fCBS(!-}d{9c5#f(jMd zZVwypGRJvGSXpI5|HMvj3CX;YnY)V3*4eGzB3~U0r88b1y7;8%3j&(3814BSqiHEr zeY^?^26J`f)!YjT3Pd9=SF8s8a!ikYdhSLzaPAClwQE6idk7&b5f@H69RD@c7Xj2c zzL#S~XM5t3tWa#@Q65ntH%6zTp~H6Piq1f87QW(o^-g3_QSp53LoeOKi%cxGD#m$e z7j2J(1eud?#xpYbY-9oZMI(#d?7=7`q#k5 zH=X2EW;-8!X=;0ai%zARx5@O3v%oOcrCCOMEPAXZy_=Kyxo@3^^hne<>m+ovBn4ra zTO^_5tBWbDG@-&ihr7$sCl$n<@jX)dgT>1BHWn4LJ2!98X^pH2(DV-tXm6Be%&f^C zuO2d;9b}ZNX7@k zZ-!5>wYPSaIc;f$me}+=qa5tFhc>AEF%S0^Xk5n-7k0pm!z?#7Q;9$Q;c{7!`DJ@U zN8s4;UBSyK($Ch)cT!T*(vW$k0stDE9}(m2%krf(->$jj^7&Jeye~he$?_+Q6|SVh z{qqM$2PjNE0js{hRM>iFyt=Jm*AWvRlk!~m-l#;{n3vq4W!C2Ul~7L`m!xAUH7 z#j5=~jrWa>9~WOQu^A!_>%|(7wJ&_@#-ta$UjvF3TGUJb$BY}HLv>)JO$Pd3@ z|9DJXU;ofhDgo$VE-do5KL4ZR^n^Lrkq@w=RIK+@kSi(807`;PW#ApIx$3i=2LWv> zgIXJXstF+e)$iw>GY2?Qc+nImMkFWA_6+Kr1b1QnrxW> zqt{!DS5A??&NAKrN9b43=fCC8cREHeGg|*XV6@_rrDxYZ7yl!27Lh1Sb8Qd#_*5Y`{64;5?5v^3l5?^tOE9rLOj_&Z7k;lh>7@0eK4fWf zIikL+MT)R6BxFQA$+UacqZ3^BD8+Ew3t-o;&C=1Q`TK{TxatN`eo}!!wuN9<+58pc z;!d)Sb0DUq5GhmytWvyZb4!bluX)5ozmUBM zbL*{FZFy)u9PcM3*p*p@zTI?oDrRkcK_Oo!k7C5MARt3U7vJ(|J-XIbuskkxjO2K3 z2FI_+KuAZ(Wx2X~MEMdft&(|5<2n4HAwMBp~4` z$c3sHjcQ)oHV^H@$H^N)yl8Drjh!Jo1k7q$jY2#wE-y63prJ|F-PpveI9tZTQ(je6 zr7hA`HknW6H5?{cmzo<|=60Ui!sNWXd#8uO8mcqzf++Yn-Rz+6U;wAi1XwxIR#oA?^G^cO}Z zQ?ouI($-Z0ZIt&CmQC{}JIS^Bnr&+8He^Vkfv*l^KafS5fA!8!vWu~&!V=rs+9se_ z<;CCngL1mPh8?@gwn&7nT(UZ6zHY4N%Ak^Y_)5txM7WP~wWpf?{&l<<5BdJHW-%U+ z|L)*X_uLVsdtaRGD(g~vW2>}Q{c2NNTkq^jiJ#d|4;aqmjCYl>k;go#N=y1P3yjeHS51cNe(yZYwq>xOWk_9koW z>{LNN+GTA$8Skc(hQgvDouvze-LkTpf|5#4KOWoLH~Z^lYMwbrBQ%s_?BVkPVlC4r zx&mct10p_iA-eL@fC#JoC*WQmZ9MhaCE<=!^&;%d)jZV?!R<|U1`F^Ajyhv>4?M>j z8>^@t1o0WnzKouZs{^ib(K|7sbBRvmHN-E)em*I_6B7!>CV3H&n{mK{Ml&ib4+DfO zeu1e!oGnfBG_14s*G!ru~esx4E z$^aBx=5*6-!FFv`S=c?O$=`$vqdIRA z)3+9diLVRv_V(ILLyz%Jd>@&hX~mHQ>X(mHhQ*trNek$n$)WHto9@2^6+_)0&%6YE zfMZnOIHqdOw1TFyH_AYNgx4+!US#LcF`{qkbz(B4&oW*)Cf4+8Mq0fp=as!dY-7F@ zBd^-t9Y9oq8qu6AUKN$Y_8v+WyY;(nYKkRqb9xQ>m16AYD;-dM0t9p--QyCL56Nj- zmw8osGac+jY-gJ+p#tK8&nvaodi=wTx-Qe{*m)gIxJs|o0~208^Z8sr!-sePH6rEQc_``TS^(8Iv4#4HDYj0yDmo z6%`k1_13Q;o{S78@XBgxj@Z|~Y&|<{mh8iWW3J7NOR~wyiHDWqkPbd)RHO_|LuLb|I-9zd-Gd1(RR})%AC!8@FM$2t3EJp?9`1;n3GDzb3`m&hzDgh24 zWXIOV3dlL{TH6H4GBq?b^t8yEnlo_7TY3=#Hnje-+piY#sQbS`J^NDTKRe%zx`oR9 zVp>{WAyee5V>TdChx7dO+!B?dV(3!wu1g$Qd|X1~Q1fdr(S3O`^0e`Bi)tp>I=z33 zn{#pHlmo-qRbmzy0nc#pSd6RN`_FuP;*3cJC7(Wx2}n~&GjvdTAb2?Ln6Z?9FF=~* zf!C)ROriD$IO>!DvEzICJCELtz^S#ClB}r}DNVd;01zpYZ>K~YHcEWda%5Dxx{xDz zp|6IXc2}XK+Rwftv_hHAtgpYzv`rSYj}(*- zuX>Y}oh-Vcep2Ivpg^yC|Kb_B;Nij&9Wq*fiGX-&>SpG*!@Sf3dJ!WGW=q z{yith7Yd8O{e^phEhz)MSPJJaH~j$-^Q*c%o>G1=L0PumM8Jse5x>iZtqpy?LD3=S zPTANQe?8l<79lj$!Ik-P```|Ze3rtTy1HLT04-!J4s4Ddz{#G)ke~clisFOgWk{j_ zdwr;lQNQ_K8u{ekZ$Zq6{hyyn|EvlXzF)imkh`yiB+`Gb+oX`c`uCDUl{f#r-Z1>< zM*m;^XM_y$Ct~37dwP5ipp{Bq{K>osm>f)iu0RzpX^}qV3e=?F8a9DslRLkbFL4{;JHN4ab}=RPg))3XBIp*S{3<-ml>pzr7=Nw(|9N@D=80 zvjA0Q)FqYfc(^9^e})>!q@|!k>P{YDVUWst_qvte!XjUqsO_q6U?hqk->q(NXsCH` zanaha$l4kZWo){pnFWDJ)s~Xr8geqNy;D_|C`;^tfm72{8X&sUjza>9-tJ(#0wcdtou+Xs-Kix|kR zq-bX-LvQJN?(qj5oro!HH1ih~vjgFzs5H?pC>4B8B@1eih)*mcv3e?1crrLOh9Y=` zgi*^sr*_FgYvd_xLb6ziWbNQ@B44^a%Pyj7PaZ@ZQrKdpb2iT^Xz4^81$c_hB=_2g zgtzmwuc!DXwx>K9;gr7ilc5jwMvrSzwP*1O&V2nePkqI}0g{`z8At*)ApR3aUS2P- z8mY3kLD=GMx$Y;nJ)h5-Q|&Ev5k}@cy9m~NJ!Gn!_+hg4V5Yuius;sKc2ampN=C<% zP>;8!KP^PZRRQ9-y zIg3sI8^NyV*!m_yS%3mJBx!~7+U}<8t!$RjP*YRqp@=^Kbl21jldM{x?FMTT`U(BR zePfry2xq2eLk{W2n&Fl?)_}ZgYAxApe?Y^dEFcypSyN=HvDNJ39h`h~A`yr9dNiss zlb5mE{tswi+(sM*(cu2X_3MXkJ5BTlv$~fjaw;;s;Q0AOnJYh#jELJrO6+tF$9$zj z#_*MGeor0%9inj)+dDcO%66a~CwNdSf;X0J?C5zSDXECQ6N~PAQ9X%FPMt?fZxF|x zE{#&YP-s9)AB3IEQ#tbBitY>AtmOsvB)rfn+6xNviSe({lPrt63k1Y5!&|~P0iNV@ zi-1HmhK_|sdChLq1&H|5j*lnLI|Er+vij0(o5N05;HlPNJxz?K+TK{s*jZM`);1a& zCGW+AI<>vnDgw01Ih^kk%?wbVw>0$G0w>bye|lyxd%6zc@Z)q^T2vX`5;JhV zc7cg`ui8?oL`DR)xbaUN2Fo=oATQNWJ(5gSAi%;x8f)8q=C z2#B33lANvOnGlVwYeKFZpP?{vmvFtixOIp*$r3wHtM|DN@Q`bE;wO@}FEpN&rW_9| z@z6V@>OcmRgGCxMFr)VejxL$=6EV^9F=k#WF2ys41r`W1v=?K2!GK`G!A%Q!=y7N; zaRZ5Yxhr;0O#G^2h3+WspZ)h(9#y;ueOVw%)Kg@y2rbwlgMd=;4Ru3k*l`LI=GgufMHyMl0du*2v)i;)-vI11& zCjMBwJ(q{$^df~0wkNmoLO6~PjEJXl zKOj^4KTGb~k24}1c{aRk8`@-8sHp6BC%94!EXg^d4fp6r7#6MrpQMb}FxwLtb)Ps@ zRzqn>3=s#jt2{g0VeoL&nzRb%B}nGEh)tEGaTTy`rw5=4^!w^-O#!cgrt}uN7X#iI z$s=Z=us^4sL3ouuQ%p=6AtTc4I3TBX{5g#a)pG#Z#GpZdS41cEvwPrkR#G=U_5tvL zcw&B<8S7!GXe5uKS{cRFB~?owCo&qT zdq)SwOVRbWzy`Zgy1!njR7l9$08pbww+8a+m7dDcGNDu?Q)*5Kn|2aS$?jsyK*Q32 zjLRK1olo*`dq8cbm}`B3%K0sV$TvD(?%x8)Ts||?W{JLxeFI1Fa8GX8qH}*X*at`I zNBC%!A}L@QQ71BQ|71+TMxVH_VZzrHB?ts`eq~%8%3tble67<(-``VU(5(T7dC*2^ z?XjR>6!L-MQ*@4m1bO=0{QQID{r%6Mca}nTb}lcOj2u0L!<5x~P1ZB`WWx}w!7%{dt*cNTlf6M`NIRb!Y7 z>+czv`jaUO2}%PaDY+mr1?Oxd+&fra&5obnIJ5*I{QlFgfE}jqF$90ZuV~4Xd%BRi z(6M1rOGcKGnYo@a)8Y4#_`&8}5xAY)PNbtZH^Z|;E?OmwL@m0Kx2JpunTk8sy zi1#EU<4elJmb?_JA(P23Rfyl$$P4*AcV$guHtdu<$+Y^az>LWtT~+wqOk#=EFfgMa z5O~2;T8w_hM&RxFP%ug(Uv^xgSb>P}gqBq5ot4`Of>U)3eE^oHZ4(0A-E?9k9YdnD z*6Rxx`?@0mD>logNAEN>5$2)!LOvMB6aD9t3!i=@<6$%|)xp>g#1mMFQXn6M2IO>2 zUGTYw230p;24R`*hxBO=M>+lA%xALav)lgEt2dY$8Iax)UT~F#z?MU>T8lY=DDd0S z6`6oYGQUt+@rds!6?sA%UVA6h!r z{09yye*32h-)IcW@B{psYyxjQ0OVT_8FR9Q!qw^TFc+#C+B41(tPDCn9^o|aC>Bwi znVwIgT^S1YNZYYBamw%t9H>4dc-vQw{_V>*$vx4PjF4$@6<^BHG#aQw0$Oennder@ z!}H1>dTxB;FmdSuIQZ@{2>M7dMZK&2oPFb#PkQ#KhuK+SN$y#P1eAN5p_2-@S{Hlr zJpkPE=;Fnr6s&*HWy3$H9bImsi6?tTa*{%&&3vgR`njrA%>d)v)%lTU$P{Tf=-Zmj z>czG3N6JPTgp15<(;;r&dLTHMHTSp{!@z0nHf;cz$LVXN)6&e!LiC2EySR)+K5qz1 zeQL&woNMy(^4jgEsv=0jQ@y^^Nm~iJ`6dQ*;9~WOn-)%vZ{x5&e3iT+Qz84}!Gpp> zV_ck>Jj*dzl_%xAp&JQ+GLzuht+dDI%_I^0XON@1P=PbsB>=mF!+ONfczW5?8$3N2{YpH4Cjtlb>vF_ z{<%u0w@|_*gYPgu`tte~5&+k^Ykk!T7T9cTJIlj@5?RL3+WF$Eb%ow&%9!XUs#JRd zB;xf@j|zhSs$ds%I|xa!d=V>+ij+;GV!?v0JHf7nocEM2QgQIp&4YtcVPV4rCOm&k z?uTY}&U0u6ABb$R7k|_i2(9S$7G~AC-%0qtR_qx2NI0Xs90rO-ARTa?NOudQUD!`H3jg+{XLD`V&%{M{Z{*{o4u<6@ zYuwYmvXrsC+%gt%1pfB@fo~f_Xt8K`9_Itjbc1qT$h|7TQI%em*_#40*g(SdquPUUqZ%5Cq= z+t3VAz3w@0V-D#WR;k#Y7 z!}rZH`ok(p8&v=e-C6FE7vnXH99C9t?Pa`k#pWQ`5e70R&v=OTwWL#^tLx|Om1IFn zFXVU$MZlM;R^$shQER1czM$lRt#4G~?EOQsLNQgzOxHPWHvIq(DovM^u)N~tCENfB zSvxf!2bDZgRK0(B?@X+GR0YSu{?F1{Z`b$_TolbA5TdyLLM!l;fN$@fwDye%ig|r~ zF4t;xZgbn{tQnQp$=bLC`6lmB1Oknd1npjx#d|0Lvj9NI{xS`VXkO@Iri|WEBzBlY{b;&207g$EK-isgHKb(?<%W zIf{z#xi<49eW7Vy88Lfk#!*Towr7l3tzB zTtR8q&qBS)%DSzmr<7%T1A#sg@ZGO4eSQ(%$y;DU%HGDJkVW6eF%}1tpGmv^0>Z(q z4W4{v@@A-0IL9kZbP+9zkX3&uS=;a=a=~_~<60TR$^fJA!c=dzc^|PoyKXwbtcA8w zu@4*(iY=G5z+cNgF+(#lMNvlsR~{(NrEmg$4(b~I2oUafK#xv^a2&n&*RM2K<(LHE zz+f+@gGkhc-qhr}svQI;+3*{{32|C;J_VEpuqFB-5QtLlVK{C?!H*$0xzUnLaDuhg z4=GKzcT?AZqg=s7=O7g?-g78ZJ%j&vi9@;|PvSUTy3hW1@?g01bm1!oD(&R>%pje1 zaWKnX+STb1kmtn1Ckis2`#=x{C)b~SSF>docTTeN@R{NazZ&zaZxsG`xsTS-#2SVq?RNuA7%v~PDdiv`+xsCtF> zbgt)c;u2(FJjv@}B$L~5*73iyH1Mc>kQ#vJtf3HL>60W zrQw&4#;ZVJptCliez-D?r(Ecl!oTwuvPjz0+Pcu6O9l0zXlPN)zmhT^F8pOzw$oFl z&T_Jqv4foSFV@v^G}lA6#1vf;Y_wVSx6C!!^1Na1HO8bs$7>S_CyQ75d})JGcsX+m zoyM{6n1x8}k9-FR1&$UE=i?L2k3K|btbE1w-KoSh)H!Lh*H~F?6Fsb$JB=(m!tzS# zKVv@~6+Fj>o!y(S?g9&-1Z&Dz~B+qdst z^Z7nHWRQJyM5>Wt%=Z2JC##t)8{$X-joB8v_Ap<$Sz8U_xq$1=DYhscfM1uiWQ@}n z)b*0(77p&#c0X58nH71x80AJy=vtO>Z(t#NJ42dzg#h_*|#+y?H}{%&kGI8dxxX0Y7?4I6WYm=qF>hH_4CQ# zHzjUAt-C)TSn}$N7vzN{MVq5;UZx|}?Z)GB+$3V5wZ7{7;XB2Kb98U_CfLzt9XAZq z=ZWV{IWw z6}q@$LTGcz)Yi7{?UD_N2YwXiK4U5p8vjRRq8%t zJ^uNZX~!p7jpr*XRRT?>q)*OSX?8J-QbcepnG5#@kOUfO&tdudTtTZFHMx4qJ1UnZ zb31)>eEo34a!g^N-JWj6;OOXPqOZPV#hV!$v_s|F>cWgk^f8WfXbxOf)2UhC{tSnd zs|EA5>!>R^+A_lW6AnRvx1xB%YeUD%FtM?!#zte}JwSS$o9{?)Q4SA9P^E>iXw02f z*MxKH%dRb~@=x*K^KSx2ZDej-^^Wzm8skutSeWQvZ>BuQ=DC-5h5ByY!bSfc68u8t z$vucISqc?@ej5Dd-IN>qd%;|FaXG)SsIGoaF5j47OE$F@nlj%G^|a`rmGThLtsYt1 zqJIbdLRsA9wYhct*s3?O0Y2WBK2$vk4=mwoCH*9a*WLoLwy#1#O7iHwfNQ=>Lt`=SWAePvEFMBO-yV#nV z=194H(ma&m&Xv-QY4(qQ9qZr-1SYY*D%`U`D-S9AVBu`|cHdr%em`A6n{WR%ZP^BI zK>C;hg5l42KY#ocKVQ(BQ$0(LKKRxCz7?C<1Ao{Bl3h%Vjm?SHzDC1J%1ipGH+;YDcQ+Om z6<;H~^PwP7pv;5(_vo8sH8wZbBat|<8qqm^5?OB{~5+c{(Hgw^A9ic9(MlP%zysp^XDldf5z$0 zD!4DHFZ6p0{xfUdIc98-`BmKDp9S>K&F&);o}>SBpI=`jv;IGS zv<6iW6TBWQKj0S-z-snD^4S1KQ5d`VW#56}j_7}%`OB9cOc>V3&!^R1%Sk;K(!pN{ zmfyFsy?*Q3V?|E?E{m~OS?n`qdW zLW6Zq!Oi~Jq0Ba0W9l}>&WZ=La5&dlMT4WsF+(cYDBE0$zE^dX=%2*`&(OnwdTph< z0J_m^`}jg{INzDkEnZSN_WPUk#Xi@ItK~UPF-J>BRPCzT+7H_+7`***%~s1!H13Bo zQ}Et%A|5HG=d-|5Z4D9>G`>_YW~J|3V;P+`l8iS>3Vz zzy_6|revXUjkJ5wRKAdTCsC{x4xZo~)(XLc;zQ&7y*TAincQ#gakhc;7++rfXF)9f zTpx=AUR$^6&FiTDIzG1Aa!Fk1N_JKbg>3*b9T;EQMzfJi+DPu~=<3V^)u4(vriW-| z?mC*XxZUwg-Msc|PhF+f+IAyywR)Egt=s=yRre)DQR{Z+!M%sUjbp87Zzd7#-OTBx#7o9vvbGzo6@q< zM|m7J$Lz)%8_!uiqLK>xWmc2;KIFQ;>SAKl9!ZzpAsM5?#8Hk00Cz{AF7yZ_@yO4uF%f6**d%O^a#WxNdN?wVAiHKaDVK zY-!5hLB{H8s#qOMJpJhWsFrzk0e53-XYzziRddlj_*EnmytaGQn>R=?zA%=~DAp}m z8JW7=;GAF%zJQNEo+?@+Zns)*Y`ALm73YnxOhq_c$F^h}wOhdB-B)`A>AUC_wR4qP z%qAz9Roqs4T8fO7lQ@W=vNxBYUW7L8Z#kN`v$NPeh1azvG+RqMQ%zSf8-K}*UT+*t z(f-NXd#}qwtHj&_UqeY`#y&M-j}(d;Eh^WV6JJ-%9Bg14?|gq^vEoV0*A_$>p}t>v zu9SV^y5hkc5bzGW2+JL9Q9~ytIL(Cqh@p#y<#puBvGC5b^#^=8?`AkbTT!pirm)1c zUZl^sU7u~JDP=1{Z#3T-cQmBIKGtBOT%thc8xtj)mnGkk4-*xXQj@>|;eF9W*JawSBA|W;%UXezc5U zQajm_s#Jb#fYCkIqG?pYo2x(Yu`4@UNOhFUqDJ#bU z)$6B%Zwv#V~6gaVY zcm7%k4!%NUL_Wf0dEVJ+CP<4c|7Ozk1jS!$)H(54c!K7Qxp zU+Cf|PTz{h{M zvnbfykZ?Ta8o4!7z+`1`T7%8ai7L1WCB{#?T_$SGfC*U zPyenPvlO}0pUC#?;_jSNqRP0l;OiplgwPRhY{;~*6L`Ej+#eAVAiuKE=c-u8`=hkB z+4@}zPhoLk2Tw5*TB0ar_CcU(QJgTdtddP5$CU8PS86azN}aJ>*dw-qX?D}n&W&xY z>Rq`DL9Zwj`1yP1%iCwevH9krZCBs*c=Qb*FI>dPUO!5%T5yJ(mYT9m2lgOXy;3Xde8){E8*A-V88hS?TbOE%{{CH4>Zzkio1(fr3oz!%8ht1C+mEmKXugPs2h-ltBj z>1a)r*(JQ3hK3f-wQ@kUUGk$7iexuW=~7J;jig||`{75-eQ*XV=|ugBvL1DuV+T|Z z8NAIXTpAKY{=S4|(m&g^I&zNPV$!er&_Z8dNpOzuO*9vm3l`=F z7iQj{mOJF(Pqkz0E-0_${|xA?zme8^PAx7zl`s}etLFvb9Gk%^+HX=JcsW9k0qVGBw1xitJaV1HPtjeKgMDG+OMIc|` zc+{iW+gi6IRV+C>9WJ`S?FBKSQU(8G3ow5M@;f!iT9>+sw`3HN6K0!uoJt>_qx&{a zXO?Pu-LcvI@^+|A*^WyWtGUnM&B5SRB|f{qZ`O?%T9!VR7HV!XGB%ziY3Kdwl!7}# z`eWJm@~K_VkD{=(V}F1Db7AHr=Mj0Oy~*E>(zR1rW>#iuO{eNN+RyB2fSYJxvdGWD-mZ1shOKQLIdO?0kSxJd702c?BX=0{tz;gaUpoQCPqp|wm*qEdb zDoL;{E$es>2+7Gk#}FZzJh-|@u>`ff%g)YolL{}6|Fa-XCQ!$hIASRDe65*gYVlGQ zbGD_mYkP@G{{H*#%7MlP z5m{{Y$B|Tj8}=kMEu|UF_|oI%S#R?ja|b~=cLTr-ZVpt8PP^2TOau#%OnQcA{nmzi=vfMB+(5Cj%w<*Bl&?7?S^hMqZUT;E+1f`~CB@oIb8i@j z=#FP+XE>H&!)qwwIR)BdOK<69+RQI%-v#EhA3YH7(QuAY(Yr#`<_vU?$F;(aoj3JYse|1ma~+h@hCF`f$R8gf!Yd%9R}Y zFR^B>bx0g4SqOS~dHl*m{oG~Vn8H78M-FA32RR#^m$_m-(`qoT_E0u?nj&+ewyzQB zL2>wov{l6l6rCLE7TGjJx4WXEkq|chrxv2LiWbZ7_D-KY&(m(L z8mkb`Snoj?PR=ZdzUrfW{>f$Xo!Mkf<9UZ~%HLc|xSk#E<>l?{ZpN5ODee+;{~%a% zcv+#s^Y9UEjI9~-y(do0U;ow|9zB+P|*Hf--(s?H8LRN2uly=92^wL(-sNDTIshRr=L=_@^~V=^2+?P3wzQluBoL_5ywl^w0W&1y;H&ocoZ$8>FT9 zxO}JBJJ)dJn^*a9NIwqZ;ZZf~K8VT0?#1(@a4;cFdABs_?^rF(%pDla63)^pG-;|j zUi<*3J_&t=&7NxPj)eEkoE|w8fOM2Eav%l6nd`3iF*1V=!}(lJk$dVgAr$$WLPQh~ z_H^mGas=F0B2*lAAM%DU`m+!e4EkLDh>niO@eWOWjj$GJIjlG(S8Tr8;O52GlBnuf z4~Gxz4+u9*l$l)+sAq88kc6mG$8w}-^rpaHCnv$jt6X-hJ6tm9W0fHyq32-6H6O33 zyt2}|a?ZhlrTpT*UgdgG=6`cs-fsMGB+|wU2CC8VnFYb93ciR4VwP1(QYN>sQl$`n z=DOOMWovZ^SeC<-va@rHO)MZTUgxNo6>D!HW1zjrTxW#_C#k9Nk)(40p`hm@X(&;>3et;;4a_|U@eU(DQiOsF1&8$9rKOr zGF#RuZMKtNLKR2God08KmG1mX^1Vb)**6+{N1K-28gX*5v6=2}it-ZXE&u=g=*t~# z0m!*|V3QIAVelQ#qG(65biunxotL3>G%_=1w%0?x08V_Dy7=i6$ejQk!Jwwzg>nfV=rc0TRz?_(0k z5di>p5+p5v?sBjR=)!CF#vD}Z|s@jD~hAU{1l{XHV04VY5h!ABtq z?@hDSE$cWTtz^ozSY89BKNkPot$ zJ-~hb>eUs{$gqyj1|glZG@pn6EY4#NHZ!zeH*hrfAYh|lX7&RCiOzC+TTp9DF&_cW zbPkKI_n@FVB}KUkY0G03 zkw6UoJv7t}ZVKiv|Ii8j;^f?%fPw-(&~#JM&|F0zzg1N5=?~^c1AF_OE1z}h|76PV zvm_Gz&OEnO>9I0tb=)m2EtSiBb4~`ale&^7L&bNxPl}043;Zl!K@RCPP{F$6G0A1A z)pFDil~~dNZFBX=NI1~VPAx1n`j89Dfy7vv2%PC`cbD&xl2)%C=H@c*E)S^7vTApc zc@lCwefN$Gz|VU9nNC2?H>3fKUOzNMfCe2vf1#sax^g9#oLfpjMTOXx zLPQM)d>^V_czA+pYWIQEeip{Xe=uD>=QEJ>cEkzZOfTIO0)E>53P(O`YwKLSfg2#P z14K0YFp`2|Vu_$Ylxr}8pEJ+`yuE(!epLx!@t@N|ZEv`|O`+IOSX5-ZgOp{mKQsd& z6AjDUN)q5$b%nKN+|IMtQEF|fcmQP8Upzd>A3gd8l;Kj=_5}tbsM+VAax|^Jih&MF zf*K9q@6DNGBV;q`w3rz!mgPXd2vP!-s%Xf ztqJ%J&yp3aUR2Q$_QQh*52A8&bL%z&0|HFuJMI-*t{Dh3qQQwK8dUmNRx>D|pR>Qr zmJI}$^U2U3h=t9=0|Km_kk{@`rG+C*uK(fRmoMK3vhH0%pj3yM)dc0l9sH6%=7T-q z&#KdT1ByX}To&%Y-fGgPY{{YL>+g@!3|emT;3oyzbSy8feNqHc2+lq5u(0FA<>X$9 ziejPNc8jlLn46w{lc#X$(xof}=9Md{#*QpRLuy%|#-k$(yr-X_BUPUlsEyb6_9*Y& zbAqWG90c*u4xp_c%K97Vbi=r9ngT6Wtf+jVcf<(u`?vNoUkW+AShJcdf_{>Z# zsP?r5M?q4d@o&f|qk%�g@pDecsHmf}hhaNceSr1`8r~1Q_J`L92!v&1ZiB%k zqonlp^Q!@^s<*o8%=ksSgSrby1TIXe+QwvUs!CZ1aPW7P+aKAKk^Fh$&dy7}%`&jf z3k((*wr|cf11vQcvA466xAJ&h6I#m8pFb}(um_t~P*hZ7xj*X)5vLy*6!>XS8xf1Q zz){_kC8S&zfUV?zx;!^`@iBBzD-Xe3K2lG{EH5ud!&=|!I%P7XU^LjhfU8z=CK@tqv)B|;Vx;4V-w&`UQi{o`g#4E`(!4s0MKRx(FQ z6LOf;7|1$-k%wGL)Am9)hxy_ykYGTqX%Jv>0wGZlE=^fxJfK61oghJf{27j$`HaDDMLjTtF1*2JH2$hNCSo-)+_z zuy%k8KFf4Y6ofM#P*bON-aiF{C@3VPc6xjemyqBS8rlqY4$SlgVXG2JW58?=@Ypy3vkqws8oY6%m5Vi5@@0Uvu4ZjTQnF%yqHGy6h zq!;J4N#jfEO&Tpm_fwMI6lAH6(N(66G z=E0VZD=fSN-g0<&c==FROpKDAK9hfo_V=?&5P=;HGbSBf#-k%l zEUa|t)IY;9*gcXJbd=1TeJ=_>xIvmeKUfZp|6w|Y9>{_#LBacIl! z3I9CS??0zY|9>j#D?K+c*=lHMGMJ}-z9{wIlKh`HggsrE zzKt%vLXGVp47?Ir_$IyM2BXlcgwI&Dvl(}MN#!{>P>BF#+dbc4<$^|vt0yXA!Kdhb z?!?uj&aMRS>;!g~`5G3lhT?Nx35}UlgGwGb3r$({vp+@~Vx@|6zbpT!y35(A*$s4? zy~)USzJZR3=Rqn&W;H*$JU_J21tplYWm7&>(IdI0?oOql129F zWTPudWux3t*t4>}-BGJGb!ak}hfJB%>FHG>Ea+sK7-_E{JMDQ$!M*+XnJekPFMc+K z0vI)1$Tb=;LF+Xf;kOVqD0AN!tg)0Y(H1V-w!arfb1GcS-(75N3S}$f&Uz_jRl6;s zEGijO>sPX)j#JX3M{`uq1@dO*;;DidG*!agjqi;vp^6TI-Q|eD@}*~y&2;xDikSfW zi>uc%w!1P1A`Yf8w+)}k79j}0wfpTH4 ztt?biE?mJt56wT5TsozzvAvq9w__vOoxK>pc1VAEdbGd3(#OzS<#`>MXV86Hl!AgQ zRkt%04+{NWR2hZGA8Y?JSdOYFw^j7`Hm%~NN}gB)3Toz0{WFLZJw-J}2`MFaq>j0q zDxC5qj2WOS*}q9PRoM%vQ~QqbwUp8;_+~9RxwNNmpeiti)(gHAN`UB4Vec(tC%9HKI?;94kj(_84nGJCSX!hQf^`* z9N1D26l>$DGo?M&y)@BeDcy zjUE{gn|!a!+5w9%g#Qy$l$e-Ci*hAwuX#e`X!;3a?buah$Z``(_=FA*`D~w1M~a>V z1X6JS$aF$)Xlk4Q9^cvVPIk1>BelzG_6!$3d>_9%YtJ-bkp_t`K<3!dYyYgrFYmq3 z2Ty81%;C;pIqC_zgCjw(zh51%zs_GiZq2t^fVws5-bgL-8HTh@iS-bcik0sDwTg{L z0FAag+_8*{*X&;mWzlZ=bg{l8RuNZm4EgnJ3sh5k+q3MB9nazv=RE!ExS@1PscPTq zIbzEYdR7vIKbmy?^=RZ5*x};kS|?LtZgM5o!tpL$>-^E&th>aAyQQgZYMi%8+Cgn* zYP@qQ|AjFmKGO+!gD&!qIpvtnI9};98%>FQHYBs$U*?4_;Mow0P(*-ZQP7=7>hXp;9x5G?6ep&X&XTj~!VQ0Mv==yZnRk~n^WV$?tN zezoQB0^=&g=4 zm!|)c%Q3!r!NuhYNe}jix9CSq>Z^aJ+NC z=g`>tngr2-KcD-ci6H0|`7oc&Es-D94K0mtS7YLj=?(AQM)=p)jVdmL06waY=j5;8 z0gmDS#ol`dHJ!E(zqqd0K}AJCz=9%uQHp?oih_XjUSpw0iqfQnu%ehAOWX3o5G{y6WPnKOskan+b_z3!{upG)k~2^b2+D=8mU zUeMw(liZ=KtZLoLSvpuxX=A=L=)AD!EaSlxXMc&uWnTGS<33Oms0Ep+Tj`KLBPf=l zxF{1E7uu}QQGLt7T+YC>J8(9LGh@)v^PgUT#if-~(1QhlU=xT!uiv}KQM&!Ha|i0B z-7up(0zvNpSt*xark9ncC*0}zyqx<(OD*c=-W!O^Z1H6i4M^Lb%w2O8(!fR^NInwhLl=DF9X(VoYCMuJ+xR>umEm4?@UhYAD8Z8~w&XLR19w&>} z{9klom?h!RA4$=#uzgvd*9duVB4we($n?AzoV4}F=wSa5|Q7heMCBw6`8;T3S z00joSj!$^aq_fwPKZlcjcqBy%`+iUn7Z%LuQCk zkF22iuK4op_TlxV4em0^mJ)CHM5`7es( z{J`E+(-y*UGF^=+ejH?q+C@eU4`oQ;|*mpZO zmTPoG7HU&6Opo^*WOiRuxnG}as9>0^nd-CPcwOO1maE8UvdnNq&Tu7^eUw+ou2SGU zX=OMpp~p&w58t^uJ~raHeKy+=`!_2W`cE*36>fxEcy-QorzOcUEEYd&ohIR|X{h_O zsOxh|Fz2>#bm?QM;Me850XJmV_+QSzHplB32XLe?hZCJ*Mt3vy%oM8bS=b=6cGT^r zq@{fN)a=S3^7yv@3x%m^L&A2D@# zA0G%?0^87S0$LZdiw(`+LCPVog5^jUiD1WnPADGQ*181G#F=mk4sAz=h3S0Y@!L0w zM)=CbyQKDu=8WZsfDd6RTZaAs$)s_rPis8A%Ks%c+WCPJ|E88%y9u};(St?|kVHQG zWu|evYU#}B+H2zF=VZ|JYg9t*&hMdS3{+EdpOX!9Db35Pr0hf|H@E4(yOQ}yE(}wR zx}ec6K*x}vadmU926X=QFpnchJUf*xUM%{7=S4vO@aIdxK}A{aF5l_Jo-Qp?Gg@6o zyTj}IK1}pZ-!92<%_;JcmPDVZf5L|sFFud^)7KAS@V%t~!wI?cC4&aP-0y)9_3n?# zsr({}LH2at^+-amKY3{7R+1wK?hizJ4POJnK?xs401=!4^7e(qJbU7Cz1J)ZSNpje zq!7F;>N}lmZyR8rbvr{~3Fva?%}Hf#?H+~;!hE@|w-@*BW%%Sm`j$V2Z;TBh8HdG2 zX#khZ3}x14Vyt+6O?K;mGpmp#l%VMCQQ!)I;wMf{Pl55bSyy2+MRUm43+L#Mqnp-% zq3S<%Oh(ee!g8=#Mddb6yz=Qn+c5qxVPVo3r|*4Ub?629u`V_8F6sQ(`m7EFBadxA zCPQ~i9LD~x)?r?jBlJd3u&%gq1=3jGQ2UO!4R>XIH}#x*|7olW!JUUF4;tiJr?n%q z&3D&CK|#8gt%#rAGIR2kOhea1qis+3;uAB}9;WPXNH@RQ+zX=RoBOxxv-FD|_YwFv zZg;d63hdu|ApPEnjfd?9^{hRouk~$Qmj_vdp%_JWwDU)FwCw{*T<2EE&Tb`dulu#& zo@(4uDcRt!7M^ai!z_I#I)=S@`-z1)=xb_79mI>!G`_Ih9dTuK6Ir?4pYOaN!eMX4y!zP>fzDHN^4DWCv)x13MC0WRmT%K~LhoER4 zE+pgj5bDyiU2Srwp-f!(a9Bjpup*A;9~>GRg~(bwnL#>vwG9Nv)CLNYu%*D*So(Ze z(^sa8|Hd-nKsj=9b%mTjvN~R73xDBfX9mFW1LH=nc%v$t+FLMLYfCFBpDgZmE$Q7p zVL;nu6xL*#Rc30MxlP2~JMA-281C|D;k7Ap@iiE?rMX_);s^b&AFjQ28<Ky29w1w^3 z<~)8lLuo&H+}x)dOYRgqGm<-IA>lk~wpR3@jghN*&0%E3RG`lQ!xNfdiyQSp(d%Oj z(AG*_xw3|zXEnZIc$PuCr>A3ZwJ0ww1RjfgqE{&J==3rLE(m59y?ydWGwzUvnrfQD zumsa^N=gKGUnkF%?Dhs)av94a15@c5db75mtgPZM@W$X-AKUcy&i{jX+}!{}&82vm z)f?2$v9ZoqF%`=uxAG6Cq(SH-5G{p1jFfbo&fKCw^ML?@p|!dF;bRiCtT1h4eNGS% z%E3-BKu5(NH6;jl9b;pvzlZ{HZ2i-Cw(|X?D{=w#kNOXM^iv9g@$8=>3``vi+@WDk zI)E=#Rc!gVh;>U4Vh*2`W`=Sw=h|TAt_AJ%#qRqlCpqs**&Uxn1f2}G7pmMREX0;Z zzpsO)p|8UicEi*-TK{wv(}9JZr=Wx8tLuz+UJJqMZ_ZPle7tJy{^K(l3jzTfi1X4 zh*FRJU7SM(cDTDOZcHa1R-WQuKY8Hl$lk_)>6x=)Ja0o37z>@&`Ol*z;~%;QmzcCl z#;O+F%jt7la`IV}WMWQ6=e5uyiXtELPxg3(j-?6IyPzLfS*_z#rB-^*6=;9SL%%h% z7NvYYtN=~mkvT>kn7Ze>Lwz-Nn2Qk79E}Qh+MXRIk`UL2Fv1$_Z*dm8&gQY-bLaV3 z?dNZVb4??4ASLXlD()I|RT}jat(suhDz5NZ)b;0#xDo>+=4rR>*q5WSodyi*FJ0zB z@5|~lwsv-_>r+@?OAGt48SCgln%f%@YV(aneOc!_bg}F#^ZZ;R&E_~>TL%qpTv0A_ zpK|bl*@f|W!IBKt+TY#h-b$fQLrdgIbNq$NZ((WzY~WIMx%D^1yvN!z<~3*sr7dg10d9 z7>XB=B6k`_c6}dm_HDUeapdID8~Sb%i)lv&E1h{0)x7=sg^YXc;+6xq{~n*%n9Q>M zK7SL*C+I|)}>=1 z+!VdHz;MqX+iImw<1d%1i0giS%F@n|Q0ApK@-f_39DN0t;6xOSGq`Gjox7UGE_9X? zU1dJJCY`BNVB}H@b7byQANGl$Leq~nZ zq1l|FM0t>xMT{!#!~6{m zay$`D69VH{5V8BmI(_58qYnGhUZUtx1`XLwh7dLOWm?>N>$<`L*!Z$SbY)9+tPUy3 zG5%w!W3fskbzxwC-ePTRUN;Pbz;4-Xm~$Lp{NJ@F5%cpPA<`_ry}aXh-zkGPrS_BY zId;gLk9n?pRL4sBmj^^HK?Z5ZlywF4l{M)w%YSj=YF7feeA#5p@WWx%+uuHy;C@cF z!nL*o@9%Ezli)75^~6ZN@gi}?@U`Mu*w{EzS8ARHyLaxsuZ@=+zj|+p4R)QhB3Z_F zf9Vo+PZaO^a=rc62G5@^@h0j-P(80PJkbQ~hZirzUTi-3L%X|s&;En;(C1@}htB^v zW#tc0GHf{f753%!+1`dU7POLoBTgu2US$v#cE#Q?kNp7+2e3uzf@lQzHE8mt~#PzuK+X{rxAVJ?AHxE}+M? zyR{crmmo))GIXD&H}hY+{I-mbglhknBl6pY>kE4m{;J@e-mk!HsBG>m>ue~Fz*PL5F0nKQfoJZf}w&|ol% z;q+5+j=iThs>i+1=%=P-BRr<3-W;k1|xRBrJwZ6-j31N)z; zl~?^v{ck0pwY)%vfg#<@$fG<|TYGY9?n7sPEs#rCO?hQ_4bs%DKf|EboIf@##S+@W zfVtfQEsB=o77_wyFX==NmM<+mc$ZXj71-0}A*g?4>FV+|kh7S#6E9zSk|(xjJG)p4 z4FyAaf{zP{`Fy{i=JDgSl*}-q!hL=;EjX=1^LlfW^f2m2^`hr=m;X8C{ZU&_4|A#tH(Nw0E$=xzuNEW^KyCrCWhzUOO#_6cJ^R z)HdvH(=Mr6EFxi^Sh*IYHt@yp`V({7MB=d{CsS}$6ff5Y=%nyu==tKtd`QRC9&fVM17^p3w8EH}2RM0Q;dbi6sN~c%!A=Nwzc*}HE zDB?;!lJVr@8G!AZw3x-k=^E*MSbDV&>$>k%z*N`!XQa=&k{u(uY1%)g9hwqeT$FtH0M~%V@qn9%w(W-0`5;+Q z>4Z1w92;w4wRiF(nK{KY$+WNH&;Hysw=9JqCNw5?4Wl=1`3G|%Kac+VJg#1v8X4dO zTI!|f+o3!Gg0B4qhM7BeDozZ>4fwG%AZNx-pw=mpL&dIXLrPEicqI{{yC(o9??t1Q zr;&!(uH@qwnZM_euxobxo6n5PeZru@HwD`m)Zfw}XW#Q{fHM67ISD85?6}GTX(?W1 z*vyhy)IQgGTUp!i77}T+-`$Fry^uhp85Cce?9)gKOaAJZ5}2nR3J5STK4bT4pS>V$H9v> z*Lqk>I(qbYzi~no!i;N#f8pZlzib?aws`0J?hFjMyG`8Y^{iGANVEP+{3Jqq>` zQ#PU!@pG7SUS;}U|pP*Lt=M)upS z54pm)sE`ApSpfl0cGAT25s1-^q5>G<6wX7V2Ff?V>8}QxkN*|pFGDxsc5|QTq-hX)=Xx;0&aQ4nTUd?Yc`A8>Ou!*pyPte$$(izz zlk|Z5F_9dBiZCFhc|32G;XjsNlXW9ao52_Py!Or; z9z9*%{)&+Y5=dgZS!hbSaD1*Y?%xx3dV{y&iyT;}m2AFOFw2bgKLqK5So`^#eP!k!8Gl{6X-_+MWYFQ?j-=CvK38UfXY}>I zf4YOd$f5P7#Uk{`Kdxj=g!YDP1`!jmFcX%UZ>3;K3Mzbsa)n6FSEvZAN;xo-}8aLymYa`afjG< z+wlW}%FQ`~U2qWlNv_}T!1cGEA2>Vm=5HR#s(n^Q9eVJE>~B3yQ2Hru4D8DGr~S%H zw-klUWZ4T0ex2Yd?bkECdiIpX?^7a=!3C8C0s4SXQUoz|>{#IFG0>#Qr@sePI|n~I{^Zm7pD4Ji0y?zXHl4y$WDEKpHV;mDQ+%foV= zF^U|>oW?iVP{96(9QO0Da86$$-Qy^GrJp^Vu9UEi*^;tXyzgG$u(6$xE011z`Dl4r z1e?=ccoBT08EPN*n5}QZ4u;N3)227I*zNV})ij3)N1VwNep~-TLVI@U*3%jDqJHv4 zLUqg7R-dkx(TDfl+7aOql5W56IhVeMzwlEZwn-~@Ysjo!z$N8}cscjK`5V=j<|VoQ z*lReP`-Myjer!wiEM*^q@AQ;Pu*Dq-6L7-mez=}xx1@Y-R?+-i_Q{;FiXP)}i;IZW z)l!mdlHA03WD`LxYP7#^CC_Moul0z<2g_dW)?bgd#^~pXr4rtzoaGG_do*weTtQn( zLmR949KXkEL6axB4R0Yfv}HI@iHg!zk9SBhhdcE)ZJRsthc}7`oa4OQqV^|KNK1*> z99NEyc=_zE#c1!*Zp+y@c~oFe$`N}3bF&|3;FlQ zkPJgJHWjp)l=Q65@SP56mNsnanG7oSHgz z(WKSx>%4;y^wxCsn|WD^n&=wqTM6Yk#zwVRT;!wZR%B*o_DW<2#>IckemRhV;TIQRG6l9B#=5>{OolwYJ;8cvk{{T~a5eyNhT#$&{m1~q^BDAzHurmi zHD96{T(UT&T*{2qT8_%=8dFem738}a0$Z6}r_ng=P?s5@x|RCU7Q%z9vSMACdrWrQ zArqk~^C2X$2X_$V-D z+^4L6&vO+NZAw))w0Xf5s6E%Z-O1{}xwUxwLAOlfhR5u=T6 z7d_v(wTyFI8QPr)JJ4>0%EjUg6Wb7i%AQNrGC9}$jK;T;@Nz#&_o=FoO2ogG#8T?L z(D{4+(AC$Qi@>LvA+Co3|s86p$!GjVpMu$mj#3H6*>dGR3cT;i5l4vZU6 z4ntF(AJ3DLX{!@J(*~$yk#Vm&cCp8cBph=3J-3C#u)4@s!ngOOh?w_?+tsE0)xX~5 z&p77`|3I-T7Sx`L$%>|Och1@8wzZ*C#syX=xIk4sZSBk%gqO}7TQvK{{6q)#0R&_6 zHUA(ke6PsNh4=Ox{zJChhjS5EM2)to-jVdNJl~URd zY_N!ArevEcY*4z-u8o`qAG%{&q`!Tqzu00u9%J1k=uu+xPW|v*YFiI8v1+dG?|Q5v zlMXqZFwRQ7;aXTSD3cl1dOYC#sHh69!d=hFH&NelFeC4{2wqa4pO5<7$MgHx!+t7v z`&;BewgZGdwPgR%^wzj5Z6+n!+-OWvzmF2kgby1`G4Vgp3j=g}riQysLVI&`ypXZ+GB++Vv@LEO@ka{`uB3tX0_IEoJJugY&0zL3>j3Tv z<3nVUT^_LT@Dyv^>Hk4MpHKFzj{Asbk@?%DGK}}+!aG7wRqWV$BkrVKnsw;~%J<_R zw%g;*LgzMCi-o$|fA=jmEp{k^Uy zmzeu`gRpwBZu41~K=&#lugux8INFOS*l#GE!tjpT04TWp%P4~q@G1S<-s?8rf zz~jCJ8?p--4>l-{r|c$Iw&k{sX~l=Ys+>0Vdoj2N~U9Mci-kZSOoiRstCV@^* zY&E~2%r2J{d|YEA7Q-x$Uf?=dwjtVgJjBV_wQq|&Gw@)-LD|xBit03d#eSp!Z@l%1 z=ANlW)bCHKy~I3{Q}Ql{H0161&CGN4Z>)W4P=)=cJFb=MTzb0tcEp68zdT}w8rQ}F zNFex53rmTs6)Y-=m!Y}WOCHz?adXP*g5@*b?kQm$?*GP(|J>B1%seJD<}ldFv77(Q zmF(J*zC-HPR<>=aLU!C-sa=?-Y(V=+0pN{oOS`Pft=lD$yot9XcwEVL@)g(d?IDm1 zlMacyC*&-%oPSzs%0hws2SXAYaT>3`>_`jrHfw*r(|lyLyjp5er-~?U1*?s#t0wsw zwn5Qg_ZcXJAieE?o zmoA5`C>wZsfTsyRtok)4OG#bjvZLKEC)t;{<19VnxH>^_4Nd8i9G1Hk%q4B8W8Kyl zjFbQxN~!6pn~I8R1juX9Vf$l`t>(Wj!!l78xjU-7_$0Q{ z)p>ZcP}q`Co|#LM8v&{+-wCX&22p(nP=d;mqn!wZh;gb0%+Hv3sa!!^?dmUqe5D5D z^S1iPGGc|-?)$@KJ^({7&*2`^VGRv4_;};e%aJY8Y71wqgIXYR~ z(~owSXE}1&pwTncZ^-qOx^q-+_sekIb7`qr`6)M^-Lytq|7Ft3+DCr!{$86=q4w}S zrVDVSv`a;L##-;PM>a2!jD$OXM`Ozh^rS=*q}_6c3~BunQOng`-*=4<3c6opcb&ZP zB#8HX#(nIImLYx6^gMj0l2*Z^UtjO5$`*}N$@6(}NK@&r>!HT+(Oah|y@R`%c5YDm zA&o(4>*nq)GBJP>rAlaFp>wgrvIJ(|0ZnYl*M4ekj`5tI{FZv6kGKI;k$RUffH5}- zpJ$UX_G4U$==#hc&){1j#V%p9@3fzD;K_@cK4a!8ZJ&Glt9JL|lnjK7G3JbZ*VckL zjb=RA2Fv@=_~U=Btl1jT67z!VP<$8o`v-WIobtTLYj z1^MwnXm58*Pp+(dVx*g8=*p%E_iW2e`CFmJyQx`TX-syUCz8VE*oN|*9dn4iysMud z26}uuH+AfIlZ{xWqb~2k*+Dg-Dp^WfFjCJ@+q295*RvGcO?RgE4HY_zod3fsXS7mpV}dC|sZ`jLHZ?OfGx4MD2ty5J=K5W~)Z-W5WcqL7mixa_A9XRu zY}c_{PEYdZ<=^U(T+xgDqVJlEmng}o$Ed$`St7<9}}ZAh#wkxjnl5YT_>$Y9Todg z&p{S|b8vpVj#=r!4WEpSh%IILT^7RUq*6ZZWr&I9#_MXtE_BG_K7g-DiZsyGC)8S- z_d+wyO0Pl~q%iG@DsvmjM&;#hmXNnOr(BK^%nFH*BH!uA3yL{>yzmiW-g!DYg#CJl zj8Cw7rNPEMX8PNDrnDck1i3CBluJwJ>7@l5Eo(2*$GR25a>wl7Uh};(+p%dvGHZ52 zt=n@L)Wu!IrBAOi5b9eglD8pR!{Jm_qy1SlQV5#;B9a|&g zg)_cG{=@1K`SM%oqtY_Wx@bng(0MKv6rJ{~C^_9^rJEeXU=aw(?D{yizrWVXIF{~Z z14b)R*UByDx1^aepAcYY$bGZ&`ZhgpIW}6+%MS0>@o6yo!?0JXD#eh{M3y632w#1j ziF+7N%7ol8n4bH3dOT7n;%#VZ=$j?seZJ`E}WZXGHq%I`{!*Il`=pp(=Nr z>y78jP+AaC2K(WlvsKHhqi1fE5xljTYVP6iDgpJNupyAk$no> zI>cBI=n@X`yE_q4MW>&n!ZoFQ-MPVkxdt)lv2I-8fdvx1>r76aaM{>$@a=G(Hbk}J zw#jC4+r_Y^lt7tPem?P0Lr+thpJj8+djaFQ=2bLr~p^HW?>G2Z0bx|o7HwmBPY zp6#ERINTZr1YyFbR=}mxkXqB}UwYN7QbolF6FEbE*^{L5pSgt3!AQwlp$^<^W{y?E z4r~uox6UJtVlO$i(uz@OX0#j`H-W9UsLrdQ^X$%9{QLqG+_UjPq2VHV{fA0HGQDf; z*LG|*w{;k}$tLrdGRbpu2bMidQcq3n|28E+ip(3X)PsMAT=1>78_&&YD^yU@06U%p z#kBnnY59@10z4U&m8M|l_w8H26+GWz*!kFbQMOz>q8 zWE~2ht9cvCIwYnj`7A3@=8xExw%aQ>zA191TwvVUAfLI|QJp!=jlR|ume}K)V1^v+ zP$zxtn{OqX;Wj76#lGY!^?7~wqe3kRYI^J(s4$+ntooKd$VsSqeqAGoubvh%uhQD- z**kXrXZTV>@y%cXl?rHM<8p_vE3#KydJgU+<_rs8xjicF-n&(%ARX+qrm{y!;KKi~`e*R6}hG;&*kyAsZpL={eZGL@_^ynh{v7;x_g+n-n%OJ(_fVSwz zj5M2``kH~*zW0h}F1nGI*jd05L!CNV&ncH_KAKF=Z2S2K+fbe-PR>jur=8a*L{7AK zmCm-T2e^<~Cc)%F?ryP(em#G4E>4eZgi}CUvQRD;L+rtSh>vylbS+5ewbBl&MVP#4x)>V zN7;|2ulX!jzTZvhN!qJ1&>Q^fL0-q!iVTgK$1NZufajJ5-SQ z>JufOJpuD&Rk^lXmVzb|J~fGPs^5-;6n{tb;S*b{Ln3;{#;KM>bT=fE&ZQ)12Y+6T zS>NJz;Xi8sc>K4XY+C`DJ0+Y1Q2@8T2CBsJPXqw7Sp}i0E60w0;f2n9 zY2x%W>jj~+synLX>_+)(tc;92o`v>w(?1@+q$70s%vl+w^I=ASu42tbO2kIQMGCXB zvSOsH?VeI$lgbB6i;SfFTc>MtCW$1=qAR%kTXWHab{s>-5D}c5m;AZRZK`1;;MAl= zc-JgXa@Pg;4{9aK{o9fTe706v_mA+HfRS(b0TMTuO;S;A7L%VCX z^KpbHw@P?OG#~82-&I<%aBxdi&)oc7kC73**6fs3V~jqO*xuS3j-aWVogF3y8Xz($ zZv{=4{N&e<0%OlIbQQJmCd>U$Gvyq$Ga-st2h-h+jYi4|t5M zOOLy72FxgaJ{ghm)REzqfPW`YG1ORIlyHNXz3hbe>6+$CI)c4c#Ch4!lw3|3(?H?h zDRnRb1}9+Jp_5wqI|Mfh<5VEGey_v=*mFdFjo{<_{K8s<440g-GNTq4c%y5fbdXIf zsQ~-$XpheC&=2TQA6ZkB>q!b!?C9@8O^f z3^rr*RD7;7!0i(eIkD*iW!8!#)M?sJm^N{0~agzZ8ZJ;d$z{dHq_&w02XHr zWD}?wbU)q8!j9pFZSBBR=s74klBAzwY=$AVC(0vW%ZVo;BQ1AGA~rLo<4XgFy9sA6(+y8+GnW39ex1ngze^!MHt?TB@EB} zyn0_Km?rJz6B5u_-{p{d{OEE1)y});c+O=NCzS4QvnqlHD%UHbTIa(u#_aX=^o(%o zkc-0nNrBPALC;fZHOBZ*P?XLS*C)Y7~Qv@}v+x0CmZ3@^c9LUtg%~Z8@j&)Bxzi zFCd^}V`Jl2>@E(cuz0m@lNC(?OGA5ptinx5T^Bic7Lf7pr6Rb zn7T$DA22Jk0dSAnyxJV_G=T8)`GEvf_naa;JUs~sUi0PmNRpq{=Sd{{H7ieL<(H8n zh+KeAwba!q(5Mt_wmq0i7|U(uCW9}0ULgTD1n3ftDo;vi*JDzZg3ILR!|*XY@Lc7S z&>+Vkc214hzMmmUe>-~d13(G+(FlavNqI8W%H3}_GrzE~I|f=^P?07OwmSvdrtNYd`}*;}-YmOFn96vO&X=9F=} zAS-JII2%H5Mi_Nv?yNEhZI6aLEd>}lKnpM#_u0td$#5Kp;I6s~+GGIxlnP@+rlzN1 zzL_$Bh}f?@&NnW$xmy(fw=bs%)&00goRE$0h~Q z2~L0ygX%EAl%~FYI|G^cKu(#}_i|aPgC)A0)YmUxcEO_r+bqb;%>3->({y+87=|eT z4U$ve&_J-3--rgxOZF7t!SuDYLlpzr&jGpx>G9w}b`ZCGt_-=dhw2f3`Qi25OeZzn z+)99C)LZI^AWFHG=YEn)6yW1irhj5(l?phcV}}pF+p&{zAU+`U{&;YCdAV_^Lp-pl z9Gsb;L&pYKG14AODNw=vSXU?hc;Qa$ee<*D&np5Zi$37Z-``)_Wi|1jgfLuh zAh*0Zfc3gTzw{PaYaqv=R#lAJa3fN3;cde_Ax-jF)ztjF176?QIEIPq$^}@}AWH)W$02c{Tw%-3tgw19(b+ngS8Y z1EN+sKC74CJ}Ojl{1!ghS)tQ*nop%h+l`qrw{? zKicpBFs)rA{Mx1R>ih0e_$#0{zG$0y6<9Nrwe!IG-ugy9Hg;b3lHAr+oHya&sKc+66%|cC);zlE_+EOr0$AS)yBp+VKp`xBe|LcZHaeE z1Mk0l$u9owJnBbUsn}QR`^Qi{cVwmK%&XS?x5Id#YTTQ;6%!Z>a+}ROj?%fW6xjRa zZ<=dkx(NmHaCTeP+ghrQc`fsxPVu2Ig$>AwFwXA#o4mX{=x`5*mp9jwM(lj2AmNJ7 zF-be88VMVvZ=Y3stqJr$*M%?F=mVo+?P26nWbn@qaunaKWAyOy%7WuayM2F~s*#wx zvf>i!37o|4cMAU5%!;6x#JpA?a7sPGaT7oP(+lv)*c#+4=8|;~v>?KR&0JV;ikCwf zHwGtie!U9=W;o17_^|^9LHYZ}%44_Jk)SZ|f{-}UF87leg#+e`0_j*jLqceP_|d(M-_ zaR^}INlXDQk3R5^a%~g9UE=UyquZ=pNke*Ivtp#2QvtL^80A(n%|PYSm2+F1lnz*c zesUvBb+(;ujh5&M>~osjC@3!01*KOSEs+ePk$ciK@St{&adG9+mGnrt4#2dcK^x{! z;Ozi(D+}Zx9a>LGLl_tn8LJNb%G%|s(*XOj1*9LCnSPL(b9(-nR;_Q}(GAaq3%3An z8HUAT!41^6mI0&Cf65oMQQMj?s01J%76bJP`Y8D>UepF3k1hz{^jY?(gVtLmkLQ6+ zM#2&3+U3@*Tk)s;s6mK8z>R^uw*g0mUrLw_o@z|jlR)0vC(Zi>wKA)9?%cV- zz8un~D#!{j&cyFG900c{1LO!YXvP&T8K93W+*>)TxTGHi3i0uUq@|^SUdnE)ZD}Ef z2Gy<8vWax{0gW_mZ$%YABIrgC)N;;@qFR2gBB)cqeA$syLBpwGgB-T6%ZCwV+@d^x z&Vv`;4YjqaERv30_o7>^WF;Ox`9oyk{KxEF0dzNtmskEy>G!Qg_t{2QBF1V$gPl|M zqg8ZRS2{0OoJFa6-n^FG94RMUY&cdLc0OfhXKNEObO?tIKfFn$I|>%?=IEBQs6!4} zHOI}#nFA;~TcE-bI^X$$;9E$Ycm1z|{juOMn2M+XR5JCO; z>i-J-ZUET!Vci|+q6yv;$g)0Y3i~0a$)e1_v%?axZLb0Y``(J)7rRr#fP{QCHmBXK z?&C*@%~L;py5ahLKuepVfC0}O9-q;0BxJwRQc`B8V;v)PQ9b}MRRppdmU7TinJ!U4 z=gR<;WQ*q^pAV}>nLf8F0Dc#ELiFSG2puCUWpWp~CEInd! z?vS;H?iKKRsCe8K-RHLh_+DrxPKlXYF592W^Yc8(N12j9KKNmJ})~V z?agJ^prwb^fSv@m8Cm!I;H%fKi=$KDov&OPxF4JW%cp+{ewhR0ngLifU_E9}!P|cY zK2HaF%NZMTtKI$Ggu#7!;3Vk~M_nZ$g`8Jn&g!Av;L?hs8*1+SWdk@vc3ID2Z*Ok` zEgM{jbRhmAo5T6+Mk_Epwm^G}k#^10&o+Fg#O3kHxHLQaHmEjsaXa0r4WH8xuT_B9 z^d&1X$D&LM?mc5Xa3Tq;gEFhTtji?3%)L*0=r#x<)50JHdxEs&Nqcvon}RLxVbQp9 zm-fK_AV(_bt6uhRPT|SJxXzBrilEUC=F4D{eOu~ZK;--BT%1SP_mPnOb~;){8Ixfd zb}UCSVbat&9^Tf48ZY(angCJ zI3L;ru5Uo>%S7OO=yns#MfTJTGtS|!6Gx96c@N@)j0QX>I6}fdQfJG-;fRQj&w-;N zR!k?v6&wM^4o|2px2%S~Au_?yt` z^j;@Tczdl{prAt>CCMJxe@HVB2$`@hY~g*m5ie6|kA;f{v#Y$;GSS;x5*Vqqn01$`^ z_#|W7Dk%LXA}21s0gn)ze~HsO=f34iL8@Njv|o$_GIyP|5DtNH93P_|GR~9>2F@~l z*~WI=qkFm#H6_S;ndgsEA3uJa4*XCFOTaCMgT=dd|Nc4gR?5OA@&QVC`f_h-u5(?N z+x`3Z!9Bk#+19e&qh%_nREp-44?_-Bgd@2?*qqAgNyM14;+5M_n$Mh)TK>{+o=3I1 zaqm$fm(To^G||#>W*}l070-3?jh#ly!QcB`)HWUk$t5mhtbD38&-x$i`m{LFI~7;{ zR3z=EtSv1sLj$P&^ZeYyhYp>Bbf~4ZwQ4B%4pT&8R(SZ)*xgrP3GD-Tqbt*oWyl!} zM)bAf;$ma7-n==a+_#Kttgq*TpbAzsKe*e9iqG4;JChXywIKikm}e$LPdZWhzaS76}*kmY-UgTrGxwA_%Jam*CTiT{{6=|II@7edhF=Y^!M+tLjs7^ z`+|O5NJpk{(1VRJFLEF7igTFdH#KFwR(m06IC}D=sUsGm!rovg=`Jlj0#9uYoK?a| zc@e}p(DeTv0)`9-Y(Y@pL`6kms$x29fk^GPaX~Lpenwui+7Lis&d$#8u#n3OI7Lm( zH(->ZvG+l{yb_MPBO)@ZkMq8d^HsKo;*#`eSd?mJYP1! zlw(-%GlJXRqKP|wxf+|)SO2-K4HNX}k#KSsJ=H{{ESt^*IXS&6;gs^hVBAIVaWUkV zAZ}ALGg&DqpQv|6Lx@*loHjUFz)QE(F=r`h?&v5@Kte=J4|v=BwpG8*%vih2y1BVU z;&3?EGMZ{Rm-#HaNn(H$lWPXC$R%YI;vM6T`ij*)E$}I{ea_>{{*gb(4_{?5u)L_u zTAg>QsGMs5J~xB}8+|s2+14(F!AxZd?)S$J(^Jk6BVb@3VOtDN6S9ll%@kdBH%s?U+hR=xa{8VZ7xtuo$xKf= zT0kUd;3`U7-AP&4fP)VW>i^(>@4IKuAKD-MR+x5N_arx^w6&6h--y=T{`mCx8~pO( zmypR3=MLJ4GkN6hw9mZMd`WD!cHdvEKzP*#ATb!5?A~784`55@v1B(}ul5ohGkw`o zFHg@32s(rj2!!kWh*3d7!P4Sl7Yy_w-CJBREU4*(J{P>lhaapfmw~sYzC#H#kM-K>yu$aRbHh4 z)ulVNS#ULUOPAAg0+I~Iu=fojby%$W;P=uK1wf1tcN~M(U#{YF?C>v!+|Fi$eH=+$M|XvKILMTTa%<%PX6)CJ&SXLG^YediH!v^{PRo>wN`C+Th3x1< zs@vLT(4Bc$!1U+>1QHf+&*DU5{CVZefUr*mi=39np}e%Z8p#71NI+Cn%YAg}GRe%| z4qJ;DZbL%aWVqa9ocK-vKTuIN#O#_uGOXx!@bD<_LAk<*CkoyRr>&M}4aIW{BO)WgM`)ej+X|FwBt-CV{q%UG!e#C~T?9Vd ztvLt2*XMWH`T3gNWQ~&|W)->+nR$XANOE`sNrS$*HX_6%84x+qBT?9uy#lF>*?0b2 zk1A*cdq~|TcBL~~XI3x+dLON*VS6586F5=DRHR8S#BnAbko+;LB53`YnfNVtuD2S@ z6J(-7=vN?5o6{(Hl+{P*cAC?s1@}ce47atZ(Jd;NMhuuJ8o-eu_{nx82e zVCFr0G+kVZdHBF6Bm1*Mnk=-zj~>nc1~gvjhu@yot?ZonxIQ-H>&xK3{La|Nr`j8Z z;&gDSSn|B0M=3wa#^y0}deHC56Vrqz6W)Kp)!=-pz)3sl;6kNR=}NzXkeO8sp;C@{ zm2pT&hqMM7P6s8I&^%Z!phxkb99*QDGMiO3^w;C5~AEe(LLPL!!JqM?D zKCF(CUcI50xHcI>@cJzY!EgSkxtV*jC{x4*1}KfSr5$?arZ3Iful zcOoV9qM{V(B}6(%2@pC22qAE0wz_}cckdbZk9)>Ar+DEYB>@Ztw*t zWZ-!QhX}?p-vjK;U8~fhg9Usflx5c!jZ&uxS^5y!5GE0o07_~VSY~}isF?vML*yN^ zu;WdbWWOpE^X@&MjxS&SRmF$_YjjVsfJiEbe83#=NhAn00Yp#s^T8OEGp$wp&CJXV zfLb77AYlbgL%F=6#Ifz{dTUk*@7_fRP)LWUsBjQY&@3eCl!1^zFlpVF7o+cW`}WiN zo_VyAx>zvoL8!W4sXp|(J_K%oQzuWl3@|2xH&4b5!7lYCOH&P=>;$cLBjy1avC7lP z1^mxWHxsZr_>m%U$u?oh&mNQ$z<8(5oUzcfhgb`-=bx!6Sq|F{b>Go|L7+?;X)=X4 zZOESwmyMT18@BZm{CPk#%w{I}tAGrM~u zQGT>TA|)uEcbOyTar5#j0s880M#k@M-FmVhppk@2&c$fW&To%DC?Bxz$xv{EKs*rF z4CxA{xosj5T1)z63E9(mbsesC@ipvKtKP_kSj{9hVQ{cM(Xl}}>K*&mB-!teuFV8H zU^#G;(L$&gVfPYp`8Z;|@RbrFr9ekso>XTlrhbcC>D%O#W@MnyuHVehqjZ3QVO0S~ zbYB`-SVnFi-8nD)g5%PqJ3xbxdgI0owTBNsfU7YBj3UbLI17m{@OZpBoH(Fq$ee14 zwjr!e4U{`gSUFtP42H-tM?Lo)IO)*a0-PoH0%@4LVe{>To?g6ok^EHTOa-LTK~KV@ zbJw$yUJyc+R+I$4dPRnj058SxT>q)|3s8|1Q}_<#(sKmjMCpe-3P z1to}rgOGXnBzQQz0N0{?3C;kPa{>$xZ|Q^xV_^;eD4=mr0$7lYPQ#wMjeXk34I}K0 zcGtnO4wgEAyQI`s>7A!IH3!3XIZHfOj3Fq<1t!fX&Zw@yT?l-K+rS6iCuV zl9wFrI17$Zc6K&k*HPpai(xm6NZ!PETvrUh5@es&5J5uyoR|Qq&zzhzg$rr}23?G< znvS($lQ;CkN0QS6VA5bOW*`nPMmxFJVxpl67@pe==r0CsY#~e?C^QL#`S6)s$m(tl zAwc8ncDHju;hEitfho@!urE19MXM#)cYHt|5Dh3$En%7wE(wwRU2r|oaOGT3+CamR z3+X_Y^gZi|IRSRq2MB#2s)++X;szfd3ed$&A(D-l206xntB|o%xF8ohyBwU7fntj= zK=|0@Mg4cmVcQmDk7oU2iXhH~n^V`)%7XM)zJ8Sk_zJE%qX22b)Q~Q)&~|>39*cUQ zd~$6t1*P5v2DCVr5Ic|yXul>S{U8_pvT}~;tnJTo7XWKB1n6*km$(ELGXoG|GSWzX z;QDoXu=-@^tK2aexChkW6CqTy29h8eH~rySuBGPo?RK=y2v9wcp`gK%bL2DGPwrza zrx3IqPHvqqi|4_0CkHePiRSdV={A=1GN;=2dPwc25fgniq$v&ZGnAFT^K$flz9`pQ z;AS%{wm~D`-FXXR*|x2qQ|uJH=(R4dFZCfQ<-!FuJ!2JX?@B@Y!Q|^@LwQ}P_M*8Y zuk9sdO9w``rqV-IP3B|;{jlqfOp3o&iHzjP2!r>+P2J(&#~cLNe`}m7aFr}6fM~;` zRRV(n%Cz}}-+Gr^I2$-#5EUyOpxWK7)skqe0>ueBfPA1|y*dI8PA;U{z;NWagt|cC zi^TR!YOEBZwy!{+3wmxLy#uJtZ7>Wa!8Qg>zMDapYIxFOM9mTG`k2>|_$-_A;-``~O> zY9Kg>CDv$8Fe~jEo3POspQRd$Tnl~%H{wDW8LTE_ducgWsO;-V?p0fCR{&81;HwW5 z8d+W{s;Y45(FV>0t%UDrGA@vwnP~&?dub+CLP7%KK4cHg1oO$0sjyIxM9cwu>D~eX zGs+upohkHWsS?MNuUDZ0j7c`tB0ARp^SE9+6R^?X|P6Km}tp+nr7>8UTzE z0uHd0=~OJ9Hz9&|$Lsq^i1wu1IXVn?tyAq;2*<=em=6GE0I!PCYnz*x1GM5FfEs89 zhpa259vuNygI^rhRawCL_?eoUTLbDHo@4(p@WqQ9&^B|hAoVBbfGC2jrvQMn;yU`* zU!6^FFEY;vSD{_ytgrEVEG23iNYght*6rk%+toIOLQ8!$E*#N#G z7gG=JMl`Yz@EA1YSV|s!-p{S|@g^_^bxCXvO{hr49|r&G@Zm0~t5}~1lN#901JWTf zA_pG55ysrqG!0U-vfPHXdgK%xT-?$!%f6Oi4t8tqb?MS~pQ7SgMnGflW2)z7<6F(w z=r=FH*?t%?Zs}Wu((Zj8r+Jcshn=x>C&R*!WRc)jz}jiZE4BF!$^``G+gIlL(^Dn4 zur@S!e{E8(B*8jL#YQ|IJKChABq=N}bd1GR)8lh^dh7~G9E#QkzC-pB$|65dHIAmX zGv`bzNDK>Jvf4>inuWnFeI$O2#>P}$e{9vV#Z=;rbrWPkg6m#+;avCmzGP-i6KJ5R z&8br>)5(YC8uq;yGeO-`r%ri(p2$vY5jl76lTkmUdB8QwgyY^}UwIHPg7o{*){p}9 z-X&mhz9%Ym%*@D@Cw4BDVyb{zegA$hvrvsMu8q9%&>#zOcYVbBOjRu{0EjL?dWb&c zjD4qgL^B)w2OdzS(w=UFR3)= zEs+87FBxVBST8~Gz(YSppk5Px{mf}j5WtB^9F7ZQt;!6Qu!N0(=m4r8e&Is6Za17O zAf#ZyPMtmL+1}Arx!pmRSv3v${K57omBv!Tg|K=6K14%^ME>ky+5)`^pfAgYJ63pq z?Uo7}*9$NkWa8aQ7rx^^N@9M@xo~iBG@VbLv?V4B7L@8jK0LL{vZ|qacN@nb?D#={ z^}{+54^xC%(%0r(2R-l-{o11mi?NzIIynG@de?P;Onq<%>Jn!czVDW<5l|ivlq`ON zqGyuc@|Xu*p(nd{=^1HX)84J~6A0Tm@>*I6N?U3eVD;3ny!+9&ee5V|;Gc4iGaN#^ zO7@G3M;w@@Rft%=%M_ocW{vOjXSGnV`hI}C5jC@DuTg)7LL6BWMxUgn&|?68HGIEC zl2vz_Jk3RE3Th)z6o80fU~L&i-`$tBgHRMI1*`QJgD4*)P*6mlH8f;J1qF#<-Ed^s z3+AYt|BUxBp7U*hsPh{SSQV&CA!n;$C)u(&Z(Wd-GypxR3a;SpGONs!mggW%(3=FD zZER!)6>6sA@B!e2(){yD6pl}ZJSRfPrWg+x2PZ(RlmVXw(YGNoh!1t880%hNC>tds zx;a@{4U@`W8;a;e zz?IERP09Jn@$qqB-FOu7=FPcWbPgaG{H`3)ugNYJs0t7_o0*4jImhD_Lz#-_0LBE% zerZAF!S6!8Pw5NJO8nOZUH>Nk=J#u?`__M-pg{lYv3~#hlNoI1e|bf}{axny>t}kh z|EK(MjF0rMu1@UzuO;&@Xnt3PB5qPS)Kxp6`2MH&xqA%`ZJvgWbl|VIKW_Otwe5H6 z*9!1>2}pI4!TO|M&-$stea_=ywCdPu4A$h0ead!H^q%?6qt_USA7))$f5D7VVGTa5qC9 zr|)ddr<~XzN`cIW#GOADMBK&t+*I>rDzDH#NS64wTfmS$p+QEkG`sGZ*c+YN3AO%T&10 z@5w6|^iKOs@8r{*g8`$N3R&97=?*E;6aUOD(d$-Zj`=VhD4DD7?2^kc{6X~d2Xnt) zzXO@gQLW>1jxv2%oLAtsmv#5|#}oYy9w2s6=VT~-Y_di-zolktZu&Ks1pXw5#Bm6H z_~1s*<=#Axxg~_@@5P!-h_!u~@BRItJlVEH5B62QIsdBxZ7f_p@)67{&fUEs%-S{P zEPvz8uTNU0a-IvUm^*kd7i~>Er?ucr-|+j1@YwmPRMm*1@d^o!6~E6EtE^oQNAJ~W zQ_bIRivQj}6XQnmuTbcb|3}asOC7Z6VOQJBQ@kpSXa6N44;d{+FNqKpXPtKnf@ENT zz-#S%jj8FW7D#~a+l5|RruZjd#pq6*hDrxj|JqtO>JmQeGbTYta$%?j+l8gq#TVytRsbbQ6}?VuV=z0ijj5bR@T!$A}i=a zteH;d0GGPedQ)6)rd%0i&;rUMgF`?@ z>?^}3;7~f=DhUZvPGZq#lTSA@yLV4s{kC&X6jDEP$_6w0Dsgx{tWG?g0a&|BF#~j*EQvG1N2cd$Rs8$p~`zrk-w`*JIXa3=O&m_dIWnhtxBO#_Q!&onFY3fy5t!$|t+wiL#5oEY2T!uw7uD>OYP^=$1KoNFlYb>9o-m%B{7 ze}0P=a9P|>4Q!h*iFfyD!}`|)5$%;B>0AhPToiZvt$(Y!KL}Dwo#&&_YZ&ELfh zF;J-y^wpF(BrFd^aAX zQC>yctKva=I;y=zUt1e3Ye!VoQp+o!Xhdy(I-j0lA-o<8wVA7i7!AAJyw*O%6pD@c z6x|t{z2tgm8}qPY1(K?tCr{8Ny_s2mAD<7yduQ8~h2+EC7X}S&YI15Na)2)-dVrgg zr|8PSbZ1ukh><>j1-tImP$Hk=Y(dcQ3TMR`1V_7MLyAt51&HLM)}MslM7HZw_J zyuAxZ5LwZW@RcF4tNqdLLHmu)pZA^|sdB4F1;m&7T)3{y>c8>ae-I@{M^`sG6LyRi zQ{pkI@#yAo55KRNM{S1xb!ifDqni=o*RBE3Ab#aF5KGrwhqcaf-PIOaU*scDWs2MJF~OdLQnR>^Aq=K`tnB8JR}p% z?>Bia;SpILn+4lM-My}D?m>QB1TC7MvpYEiCOKNoVfofEnJhiaILg8A5vo1w<0ZT$ z?rRS2_<;Qf_}gUx!GMdC-2AIDK3xxd|*6vPh-U16?yNi zm@{sZTTb~zs{;K5k)vmDxc)WJT_#+7XOGRD7&K6l^i3K-*{5UJmAbmofGctJ*>}D| zG1|K2hI!~?o1_fAHF)=k5?(%DR=cmQoIN~tc*!Nr_6b{WfaJwynw_<;5)x{^UOQc6 zg?HwOx$;}<(aK1g24-}vbYO3>&6&X>E5nZ7=;CQk&I@|9p^T~KT@ZIF^mK4(;84w~ zr#!A2gbfRI71Z>uACp*}4~ArkO5KP=FG`gid}R*F>&h^7H&fw;)<@H9vKaVPdUWOT z?vP{6@SMaf#9Vqb%CEzpdd}lHr5;)nij{LQ4!!ZurEoJV2Nk?<>VX?j;IKZ=tB2##<;jeNKF_&vIA z)ZjlOA`@fMiHo%@8g*YyyL2lZGh6vWfDbHCDk5WKo zt3@Y8abtW~5g7%{#`v-Fs#8p-(x5hbLF!ayzL*DBiu_4=mAYC9I0AY-wFJcklR@j= z<>XSq+fSd`)?wU3T^Ik(#X-t7#Zbd~csifK6|YWHn78Ft16kk~h6p>7*y-Q0@mT6_ zaB9Xbbn$cEqnZevv-Ew+-E~g#Iv|-+O8L4aoq-N@m%-4KZkG)U>nYW&zcMFnMHJMT zKOQKvveOk@$khg+=mv?mY0Xcaqib9hfco(4q#T<-tr|l2S}Egfc!@2V!EUtJ&|}y+ zV%K-CrgZgu0OcIMS+&FzZOyG)BP&g%Z-SYIo4sYosvPzr7B;69Qqk2`C4Ke-DbnC2#QJNBzK#V} zPJyY2j;Y!4+0HX0iW{ooz+tkzf;9tlva+;}6tdA#7n9yP&s2ji!=m?INtUh}VW|7QHYRps zT&AsljNK~z`UHkxabDuq4;vOU5E{MqRb%h1Pb1f&XLafPkNneco5HP<$>VBV{`%~+ zv>r9Y2B~@3mU5?;q`!^?Q0e7^IT2WhTRO#jTpfFt7L{-@^#v`OyoD>Pk%}j&qw=@a z0c97`^9iYku{pn9JnRiGz^!|juB}$i2CaFW8XF6=Yi6Zd{7$V4KwuCK0edP{Ls%r* z8vS}{`p5SkzTy&BJOd=TdK1cq^pI!!>_&1hmk}S_^NrV$(T4BB%F2dU>5H*Y$fmzJ z%-3KvEM{M!tb$e@&E!O8bpm~d<4D9YwrmrkAognW&G2d^MH8nTnW8)moHh#OO`?QB zme%V{<1~I!i|tNlCazd3^@v>Pdv zj`JTZpsOoDN00g=t605mH)mUUyZ#hL*^abo2=Q_0N+I=9?U@G$FVWu(&kPKd4Jp4x zM;E#6Hes&o<$F7YE!!rOhGuZ_)S#k9uDa6-yCP#IwEO|^5g8xrElZqzV28ci=x&D= z%}5ut8?+Kq2vCb$cL5gyztDw$8sGS5N%dOEH8ngZz`=x}!VE6;jqGgl;ocrg)2<0H zJ(pYo>a=pWwCH4zI&OUdtuLEuLofxbPt=o55rMENiWRWS@h~7(F%bIM1>b3^ah$)R z%^fGCsU!PBnh}8U@U&;9jf`JDKY8Nbb1Pm6JUN8opbc}63i%kLx2e5XkJy8a9c^>t z2(~+!S|_!Z=IuIbs>zb{o;+Q2rpYqXsVa%d@BEcZQ=3H*SSMwtLTOS;N>0((r^h`F zUK5=-m?7jYu^Juiis2Trnf!SE2=!sf1#c+-V5%_t@wdY6Ql?IkamXS)iTIMP1+&8` z&+xhA&s;-_H)Q(~{B<%XuH=@0eeLD+jPHXjEk^tS)*!GU($bN!iOJw=0m{n-$0NK~ zxMcDCtPR;`{epAI1y3tqmtP%b&q^oExlf!t!N1s*X>G^FCDxdHRkSFmr7%8!E}7Ut zCzPrjVMwalC4M``ZBVN-XfTpGt^BrfVfr}3b<>aaS+s8Qihx-M_WhP@NjQEZg;VT&K`Iz}tNx zMY%q301Z=!2SQ-O4||L#+vv&)H7cJ1>!%kwW$P9HtrRA{#YYjr%*8aa^!aVR?izX? zyiR)h&3kjAgMTfM;JrY|L>KyrMGrtHad=weA~P~W`7Nr?rvK-r)ltA2UcVTS%Mk9V zUFa;$2m6iL*n}7h1=^#{;Nx8nl2w}i@SKbFmRkV-$56%v;Ls`^^?_UK5~9V-gN<(| zvZ`W#l#;bZs049pVJclSkt7vuQkSE|tB=l%7IYX)rXTI-Dni?!Z1FlI;K!4|FCX9u z8&b|MaQWJS(UdNjMFO9k<>qd{+`x4W9~ve#$j{i*OMZ>I_Q$dPH1(RifPc;ZC{~ic zlKslETPt5@XZM}Q#G6OVN)J?S871%EVV0wZ!Jy=JV^f*(Aw?QPR=VRnFk$(-vlsDt zTkKqY*(jtggBJaM(%0-YW9K>xLcpmo%RR}g?PfBhreWm~u&tt|J1485=$?Q(L`6Bb z>(ek7s(euZ1f*?im#SvH&$KOZ<8A&Pu6y3p`IcwIwP@nC6sMESlI{;KU5H3f`63`3+5tXGn?UEi@aHxA|+H10le@~{~!@Pkgt2q@5u zefB)ZFlmHA)bfL`AM@sv>;Fe_O3h$SOOuf_%CY}QzD|{*zF32Ge~v(S+HvUuvCP3g zOE#vWUMEMfj{>U)LzqXl$1ciumv@y7NF)sB`kayPZpa^uFQ{^B>A@Hrll1F~v zqghqUb`{?l$xlPwwIyb+9@Lyho9Sm%mSKngJ&ZS%pn}rN+#X)ftgd<+% zY_qvb(>W!1t@hgPiUt09tHC|)?OziR4B1&Pb7uMc2P+0OM$(+#+p~BlghSBOtT`&I z@CeG4)V!XPsCR3q!l2UdLwEO$!0iHX@m$ICxz$-lgy%Pf>vR02PA83hd3Vu`QNZ^l z?BqIWC+VHx!>nOFvm$)z-S1zf0yslI(v>W`9 zzd82Ir^IB*-*2nm6?Rs0Sk#T2-v*A5l9e*%*xhll)jX5L?I4q-UeKK-*291 zM#XPKaek+OPO*PPpY2eJ4~w4)hIS@1>*Zf`(eK~ICKiMYx?8q_30%*LYxiSMJaF;F zu|9C{W~*2cDn>>@-mVKDAYHK_<@z8v3i)ueow>wiX- z{x}l+s>HnhGTHOJSiop2l>S-0#%GpD2wvZ9G=x09%=uflZk(l_L)>8{r$0eScN-db zsq$9umQos^<$yRQ8W~nr?gfPmlkhB^qE}pZSyWH9AVm&={ zXrR!iu3#RmZ?O;aOh`)lJv9ayKu;@=p1>&?=$XPy^eX|Q8W<=K` zHLbfJjR#A+-|IRkyPC=*T$dniVy3XTe1qYtE1W4oL$B>c{Vym>UDdh3>fk_K3BZg|fx2SV`9ZSFdyn$B!Lu?l(|OJ_ryWv^7CpUS4> z?rWHYQYngZ$fQ}w38x>~!nx=`L~HIVr8L^EYpL4^jlyzRnmNbgw7jfLXS4RIcfv;q z;1N|Drvu0Em2B(EAS??)D_^&?_rTs}{IF=(+qbW*Sn^p)-PFw>NvkE&&I^hRPn-_TBJGx5X@a)lsz19#M@9uOS)B2KuNE({xiS z+FRDG&i7dNuZy)2W-Sy*#z2^rSOJGx zyOP%*K2i9Im=#IJ?4qLbbaHvk+Y0k1z!2wpZ>ro~Ub-m8B zuHS3<{x0fmIxAxLPHvw=H+E^S(O&JTs=nVHhc^AKV*f!iDL0wl2~uk~vHFBHr5$bL zE>;3!IgJ(#WF(v4#>gOEk$)MF?|NgiZS%Q%Y7Uc``Q`Rp*}qf=2-6p-E6si8$_fmk zG!&1I0uBIlw8*BHj#Zg6IAfF!oce;I)f>;BKjZi`x)=XVRmE84o_B0@O*I|EiL0y* zOD=sI1P!1pS#N!Chu`Xgl;LPkpHO5JCoqeE!F?L=^b`XVn+fw_MsVcs$={FY8q3J& zdaD>AmJ_A`m8ZZEEn-U{4+F+I9@qSeHb#1%d=d4P}!&` zCQgc3#p4SZIrmh$n>v(2c6Rg%mL?Ve{W+NlYz1l$)~4P1L?TR1(z8ItKlVOooZC+W z;(2sSt@B|E`8P_X(6L{;$}EHwNVj30tHeU-YgvXG0sr>`Sj|91-Y3?k0R>%t zvw>*XQxB~^SeklD+TOH656(}cb^B6W$YzMKQL%)?On1CMXm30EzPt6mDa7{ZukVhL zvpAm!Mul3g04UrjDuOQSJSe4q{`_FJS@ATve`aQR{yhw1?k~LWMewp_V#u&h5WQjc zD=P!Hq)3i;{`1m{dLMq?M4IZ4*(3jkhxz}KOyvKi3Dp1P+jgWc*2(|g+@^ZVNLf1Y z->rRo|JgsOS%m3-%Tuw^AA3RhYR==^rArJVi<0=+kvmJZyUx;qE;;}<0MXCAj#d?~ zI~BJBqTWNO=9Hns2Sdq0+o|2{_a5i+W`-;(iUs-#5a-Egu_e;1zfY*LNeuu8E7Q_w>v zQ8mko@VW=KotkO(8&<}+$iR1vJK^pFWyeP!3Tn3RK^ekZ=#am0gAdv^SV*Nd$V9KJ zA3q!KYy=X(A?%bs*&v{GEFAnFNk5nk>Ae)9si=#A67#ZStUn*tKAJt^RbFMY<%anY z$ry45V|yRp|L-svNBe&u>6;iu=oLvjOf%)w7=|0(Q|Osqs9Nv6kDNY#kN z{8J4wEt$K!IpAjUufD+Hw+?KICR{$xE~EqzC-vV(k-w8g47Nlxqztl7HfQso@$1U~ zRY}Z0to0;VLxYm2zWep;j@td@zL3U*LK%M7v%hv^>i{P&vYaEM*`DJJW+I5fF~$nY z%xFh^)oUu-&qNgAMjZI*v(fwN0$WIB}i#P z#xl?hi~;+J2seI71M}jFc0s5$vqM;znpFe3C{k+KL1? zB(pFRyQ-B{z7rH!=K|f*h6hBt#QhH!RVBk#pRvO)n{^Jj^lH(wuK)J z_>8>?WeJNWOnO0jDPKSl#$E7A*|CC4s|5+KcL@==k2|*)xE|k+LtE$LMSrtM#OJq= zi0qJoe@riRc&@Y@{;e8I&ojN)o$yl+RsdlL;I0DYGwk zf79cx#C921-%;D?P_>bj@^do|`*wUhc4Kky$gwP+*cT4ib{I`=o`o1S@SZ?+^nZt8 zH{zw=W50R%7a#maB5CHhbf#rBk~hJN#Dj2@Ddevbz1ah)m1bIf$s~Y=kVo z4N#Yw6-yExDx_YpL+}EU&FU{$AH`-2V;wSm&eSaL?dCNYCA$}j@3aQ5u55JU5TxJ{ z;wV<9*eG@3axL&#CB2~Sf`inI!N`U4dyE^C9JYl@C!e1$8@02+5!hKE^?*cr?4hT} zEezBiJx&_&BboV0u8H~aVdWw<)y(V)w#IcK70uw);b-03q_kGM^VNzGfxt=W)S1PZ zBQ^~0ybvmkbbt)(9_gnIpb@PF{t(Z{dSdJtL}y};Rw5~Q{MgR@vRz}o*W=opJ?eZN z$_#6LXeiFS{okB3lD+Qv|2Jop$M-^^&Q25ZwA&jqIq#?2^l?oQa6Z>Ndw4mx*yZXe z4O0{KMdc|2+!w??+^Ng!t(8`?nX5CcpYzID=j&HEg{jb$mo7sczFjzzPcN zn1Y(sRk`?s;i5a?>&@#i-@i9^9o<_xJ}f-B$vz~fC#9viJ`a2Zq|jX=!IhkAqQNzM zYs5v3ORu+@&<;j!&UDL%Np6ON8MVC6e^z|V`Ww_PSdIE-&b;KHuCxCr?E`or6o}H! z_0}dx`r-tKX4Xez^}Y(2Ii}xNZ^gT z=`pnTewy1Lqj52gLy4BwZD~k;Sj?jvSY)q2g=D5v{C)QDh{zjK`b%|$B48tQRUFVO zn-z+TjK+Oq-^)wX7aQdEaokx-J*_w6cgS(JawxFim$LmtP$!X~X4Z1%A;Yu6WcZ<) z)oD5&d9b=Ak$%K_-x%)G3QR6l`r$CUdwYB4$%=^?N=IO#N~Cmkz4a=$evNEf>IF9} zw-AQwgz)@G<~PR1#%6`XgV8IbV+ zOCpsXxos(ah)G_>RYu0o{gxGdj83I@h>n0m!EuZs_M`9e<6LyUi4UNdxnN5?v=+_z zt-F6zF@3LcpZh?8KwQd5!*C@+MF}qyt5P+D6keiNV{{*WL=ajnj&n}Va7uMR-G|SR z_4l7cqaq+JsnR`nrlrCd(st8*Z+|70YH~ODB+swJqyEh^w9}FeP_PUfav0X!;48Uu zSUx;$WVlL1KU1@e2S5rRGK^D@S0Q9mEI=&l(Z$(X>vKpK{yp3%|RJadIOn6ABB zAnU&oL=De+@9sSfm@E+)^>(~d7HVMGu8dFKJtzS9?tlW-_>r~d^MP~3tJe74&Bc+5 zzN=rz>}Hr!2@?tPSd3!rdNqS-X-eg5<3S4wvsEAs>!731HiMV@sYYOXYbmN{VJ z$%|)#Aod5h&1h-ln()({jD)7P7R?rO1sq*Rh4b*^+zu@tg>1z7kI6x6##BvCe@&m`Ro|%N%TtFuxkim4{ZucTicoaAmV0 zIhn_y3bM^dk#+end72#AKiRiSjTrMdGm7h1y6j(IVbeX47h5Li@MS19a zASDhckrOD-(S>{CA-PePMC4!nb<`=*^jt#!wVTb^>hkooyGaxL)BiAs@+MzFEg6(YlP_<-)7EZ-V z5Jt16nLCnwNsTv&ceTFdey$m1!76M1zKq-W#-+GS;zbIa4dYBaX=sDd(zd>5bhENyao zVUqqY2c``F8lNWH!kLI!K79kEPqZR=QhAY`MLx04Y7k~S;27kYEpoO!)nmEhd0cJ0~a<+!Tm9Bb2K#1CaV7z0lY2nhx%Jd%csg3S#7 zJXtvtIoP273d2aI2Jn?j%@&Xm&bUP?=mZ3Re(p7spbSJ%wLA6&&a12QQ7}8vW&l$R z3$R$;roqBYpKODyRe`g&?Z2yp56x8yvyb(}+TBxB=+R|;fYKFonztk?n3t62r0`rAgz*F8F7?hJj@3S9GF9@E>fFkRWM4*QXmc+2?9 z-BxqHJM2nDkP(pdChc9Ts`6l1lHMGtfAZQ^&~CUnd@8rxW`mnzh<^d5Obj+hF;~S9 z*IkAj+t@DD*INmj!KCSD%vXqn-GySpV!W?V4 zN)9kyUfIaV$#_w1atN~fD`9nY#!^fD>@1gY%SHx%OVZuNwAbw)?7tlGwj_^#Fv zPv#9_(IatfvQ}Oq#O|WMXpc^Z)$MqNnZ$U0)1tvntptzOG;J=%hjcw+t41Jx1~$6; zIrCQfwA;GR4|g~idOxqiwi-X|y_sWU-Crp5ytkF0Obv#5gj^B;PH?)OB-qooMaQ(aaQEzWrihiHqXX|>%leagu%26iQsa0p*0LqQp)$eO~TIg&mCGrTu35r zZ(Wzhlcvxwb!#PVSD zZbN08VX^%hhN6`?82pTqYM*1rLUB+q^Y`2(|4-j}g}U7vqV@-*q{cW;(bb%299kM_ z4*D5kyX7rb=f7e`u{+U4#k)O8q%%3`HBQ(YTVmxNOI4CO@TsjWr2NO{odw#u%Mx6T zSGpd#`ihHf%um!mPZD7YWB9w7Hwp0~2HYyg9TltGm;b(+rkWht_MUNb79k89&tJH} zla-a1Qkn7MF%@_|6t74t|QcovOgR8BrZHqwIaO3zRQLEf)nwnw#wvt$;Z)NC} z6qQR1|2%b5S=b3`ncuI;+m%Bnsd?%&g8yBSUvKhK1!4T}ukr^$lz%S%`}@xuzc2b< z-r4fb^4$O9Z9MbwFA4WBm0S)ln0(sQvTg9^~~w8leomD*w+Rb zywS6NpXyAs2LIp3$uAMAT(qpNZX7A8uTSt*3+LTt@usTasO$Fa0c^;1Fp>3{wRzPvqpm+RMdye$8a6ecvAE1BG8onBoOi`>juB?^sX=9GqJB1ji{ z3RvW%43lbUij~?7E1zC$RO%cU=))xcS@5PqX)*_XUG>b_5ZR~uclP~7eS}TY{o1Wv zlIIq-E;Xa}$$CJ=1D2#2$Iv!&6D6I~^i*LFHPoetIxR1U-DhLt_)u@7hVCtLb70V} z@H!U4@+oa4HE5podpl|NROCB8qX*(p5<|fx<`n*J-Il_>%81k6{&FC6@QzBm*-2bK z@P%GVbYxcN(p2QUV%r5Sp|G)=h=$i^zeffgW^QmxNqbE_xbaX+!^sY3&w>0}>pHNBAh_XOxNd6LdirnZF19ey}E?q(4&HuKMNU=M7}onaD3&2!w`? zax<+zfn9L^2hLIPLlQ49>8IR~1dcLr!l$RWe3M|PtfyflHI1A4M&zyi6ztH!erfI8 z+V0kUpOnv~@6-~vmZT0iI%7G9hN_w7h;24&Kcd~m|(zqaYxT5T~HaCt-5!P}ykW$_& zn)iN7#_{8XDCOU0sLAVIOEU@~AQUshdTLee0yHGwap^TW;3#o-PKDerv&pF3@?BY$iO zgw-v}Q7k6$MKH1($~$=-;;q{|oLg#(m8&C3NfHK^D1KCKQt;ODu|B4Iin@82fuySDn;^w=LsCAdHQqX~}M3NqT+ z*=gAce&@{Hvc~N5U%?1boIN8oWHk8XIalrEO+_997ITf7Js~3JL67$Lq3MM|Q*ouM zRhSWMv5*q-?(#@xOIA)U)uR;~#AGa2!~W%B_C>7JE|%AKoseT-C2eEFShqbWMj`IM z$+Wu^-O(=>hp^KpN9*cG%>R9ejq4k36u-{z=s^KI^}*LwPd=;&-T2v1<+bx%O2t6E z{>PTlRbMzG($XM9g_t7ZctDa(e{Vgji6{BuN=NOFHgCUSiRY9U?Z(z z&k`6$w}1H)Gas`g z_dl?+16&P7JHvINc6M(xwGPIQct2WiT@v%{>-_Q8O)E1xH|osgwUuel6?uviFQ}a= z8#-s6)SPxO7(YzJj3O56ocLmxBzZY=DbAIRx!(A~-E-Nc1r?!%G81bNvNI!OwDM1*n7}zdT=qy=Vi{u7g`#x6zoXy)y`tHDPR@Pt zC;q1J6_=ntMc@9R$#Gy{fFdia;Lr!)Jy-SORidpHZygRTtElLo)v~&SBH5Tw6;jWz zeu1|_ZbmWsI)nDs_ay?+!C!W0%#uRGzQ4VsLWys)u`Z<|J$=yWznt|y`qb&k=SQE` zk#rP`H4Em`h}v*FVmD#j!N7R%=O*}@gDo`Rt9q$Z7iTDqCrIt2v{X{9(XM7^40 z$n0Q?tg(Ktm&>1(6p=zMKu44jr)JLYCPR==daYRyNU+;cx%c&jTevac@q(h zwfxZ|+hL*N2^1g21Wv}aUAH<%dSoAn-6CxLsN>=Gc)%&_ocCsx6PxzjXz$h0M?D23 z{RX$o0iQo9VD#E5!wgKeBPS@fygTY}*BJIlNzn^j0{`mvvWS0mV13rOwAU)pgJQYc z=V+5ixWnH3EOGIRC4ab~Yj{%amZ*Y-oynVoxW>eitHjOGD*R=NP$sF*Hf!J^VtUbQ zQpoDTaeSc6o{zv&AxQ&crH5Jh4r7_TwIkyq0hBV1gKij#zE>~0|QNXzQrPzJ5kd+v@etzo>5zAqDw;jJC|(v%!vX=OL%>2!ttUdz_(#HP!) z_irhN-0KBi2eY=<&P(sC?(Mc$E7hIj7k)E;k?`!`mI*(@Ld4zzoCTxR@-ExK=you+ zg&Vod2dTDQIQE32GR%JletqM&{$8~eu{+B*f3GbqEhT(*Q>wn{{Pky)hg3AQzrCGc z2PLRl;~+sXsM5WK=32V;0l`sEb!U8b_LgpwE)O$ath>$g79Hb#akNLbi{6p?0}s<4p6&rmHgnp)tlkAMj~~Quf#RNx+*?G? zh_`W#8N=4q`n~AJlzAaABlz4(a|-O{X2!|NUNFoq6B- zl@0H<#l`Bqp9ntFvDwJeG}C9^Xu6(2ur9HzfBYkjdasVjtt$OUxj@`>WBRq(H4WCN z?xCUANl6Zdf%|W&y6_R6fAf4l41>_VVg_@2in#OhnZ%SIxS9%^dw5vS&Cv^+2~v=4 z@nWJ|K#xdN!{sBd6v2hQ+ zg!-fUZBIo;sp@Jf$!Kxxi*Azm<%JzTKC9s7hJW8SO|xhCy=)kqUAu%|o8z49^}g-( z*%K2g+8#ne#wID1>UGhXfi3tX?yGDsKfd|k5_Nca%}vAz+GMYtyZR0s6f9lXzt6nQ zQ@4KPkC^}dF5>VX8~^85(O0@|{?V?#zw1r+VfMXz=^H0dR?-QJ6xe^jW7CDU0#8kS zmRc6t`FT`aVHsBy#+I-x%?Y^_%Z@^uPW-=C7QX7h6(^r=+Y&gGa_5b$NMgJ$BdV7sg`OBAjCt_n`ukdiE zmzIWpqCjj1z8EuF^bMO<&AbY+%cC2yFaJ7PUq3NK6u}7bKh#ot-E7KsmH!lE^@tX- z0fqHzak@H9Vj7PjSbaNggdG+Bvnb^61X;2Z)O0B?yCOyi>(}%OA7^Q8UCO$7Ev~{^ z?*i}6mYk=L&%VySz6O8~?iy4*F=-4NY=PM-=6W97Qoi#>+mKi8MeN8NN7fQ00WMtP zfAQ>iy%!OQfRIgHwLTbG{WRSF>{^`1#%r^xqU@PgzL$hC_hd1@D@pj?-H1zwx5s>vDY~tMN^l za#DPFk#pisGcQDJ;|2YE^vq}E?EJWs^7R^%3`t^_%%;S>M>lz_S^pS9ve-3!O9zMk z?R_;}T}Iu~CFA+5g9ck2tfIc|*nB=Qacn~L?#vrs3diBzD?@8re7+R~8~>G5i)%3t zDDp;E1@5rl_naQ5dhfRuvat$)2t|b#VSXe@w)NA#XHe2A<%9Tq`#UEmVGXete??Q@ zNJ?^I8|OI_gC%%2V_VDZW2K#+{*iw2ci*bBL{SPjVDG^&4-Y3qm`%kOY3Ye#=h+TW z6jzCv{FLi7N2#c(SW6`uI(qv&zkYZ{5zF?K8Up9Hafnv`yu9kCXvVTP!p_g6!*3A< zriYyQxViIvQ6|y%3t{r>zpo~t2(lMYAp^tRrd!LO97^JzC}bs_*&J~b6EYB^qopmr zk4-Al;^0E2Rip=%mI_kD#xg7Ag;ymO~@|B3qwal%uS16R{jyq? ze@Rn*`_YobA$j;y4mG1T%E%-WAEl|0;NbF~11cjk$#|1|O3%E>45XrHou3h@Cf<6Av>^fWv2XQPtD_dG_2kI_E(1h13!3q^ zx}DFpqPMD|rbACMv()WLs;KZ?k9pwf<<%v{_Fi7|!B~cs>dMB3GY6x@@R=A~#*`2iG6jXE9J|BSaxhC6`nz8PWU|7V1NG_VYa- zoJ4oA%UPzA3LD86DIU~XKUEEXg0{XSRQI8N+kbDBi@&V&+Fs<|0)MG{Knmslk2Z#! z`T62pXsI}%&}M|Wpv;6m6s1* zdw}cttzC}m_W&SqWJu(@fVfDVW@?ep*6A^pVU`FMj6ZZmRMf361`MsWa@tGnPtpW!IlvqWM z2Q0rZ{bOmdVI~v_?W88HjULvs)_tW2IW(DW9K7q+1opJvh4KjtyzbJ4VxR46;FU)w zExtaweEj&Iw+6qQ_1VS@Fdsc;FR=YB(4`L*QOAQipD%YQB%^`n*l|`BO*awB9-iLh z$gfBNT3ByQpny-qe=h!8sLQNPa>gMq=Z0}k;B_(z3kvc^^0C@QUTo$kqe)|xva%|P zmt)d6`~uov8$m~yt}bO>IVaDK%pM$lRE7HlxQJ&Bi&e4EF=B zCoMKs6`wuiV478Pi#^}lJ-B{*W`cCq1YUtRp(%1at8@t>7c=24%3~yj? zi0w+_#0umppFRr`&%Ef!4@Y?+o0**7TBd5)+1vH4Vz~4}E!XY<-iGrl_51GJ)$F#C zx%PP1?|ZD*e)|uLjA&_^h&6z`>FGmh+e3pL9aixbx3?0@>)XvUF+ZMVVD1aW-%Ye#7fO;pxAA zZTR|6sA%!3zQy6h+WbY!kKHxNi7fv#<8xJnLA z#WTqS;X9IKiPz(a+qv=H2;){KoKyG=jG=MY`DP+WZiHX{rZeg zzic&;02;Kb6f?xln|pw*6Yl$&yStn&-zm6L&{vzP{UqrwF&M7gU3WSV+ofe1O*aWW z*?%V0`G|;!NLN?as@v(|hoC!Q+xz96q8ljby?*oNX`k&v$|t>I#G(NRFV$Wu9{jq7 zGsFV18^70~p>7smze;doK=l--!VRDlPO$dc7RkPt_z*5T(;0nPvLniSY+*r7Q}ZOG zx&l&Dxf75`Z((W5sq~y2XcMH+2Pk<%`{zQj93IpXr2h>-Mr15V{f%id0ORfRmoH~h zp6glW_kGIFwiqmNV%qAL`A+|42u7e{v+~vG^2o%5xtzNoP})Vt##*AFM76q#2Y@~X zKi}@Jt^H7ZJ<1^-xOVUA>kr|KeP+{9bWAhuocb#Z9bwSk(eV{1@+6#o{2m$_`ZPFL z*l*M0y1YDFbDym!&}B9?H@`0ehi7OQEVhOo695nVi+S{)_e0Um|{+vrlK>bPo zQeadx1t#~8si`LUeRIQbAl~iw-+vd^OMCb3F))4}XJS%xauV$8>w|JhU#tg*lsg}A zB<_Xyuf4s!I$6dWbdtV3x^n#F$+~VW!%%4UkY@!N&p}T@63G;Z@%20>q6>TN*0k>4JqBw5!jy>k zcqJvJ{qUQui4svDG9zl&{|yMi)QpYK4iwpafcuOWwiGg|W?%rWQVHkrKf1fSpFVwh zl!F8N#kiI=+i88t7?{1{r9Fj!9hqBBjw8QM1%^vY&uI_jXFq=Y=s4Fa2tnOxamT+j zQdOp1olA3bBY=T*?KW!n6)~}VAcKSp2%bK4wpu7GXRC0bZ z0;bdwGee{pgK0#o^24UNFqSSGL=bFe!S;k`brWspXD3)2l^2EZ$O z`Aia1@Z4ui_ChEfn~B8&Co1TpKv;7_K|u&^(c7e^Z>ulrMqr3USjp$q)F2>{2d+P> zM~~iu^aj`Y^T$|NX7BLBZ^9d}^Ex3AJX~B)fiF3rC1-HwPBjpy zE8V_r0s|d~K zPaHdT&BWv!%#%LJMG@qIK4oN>;Sgf9Ca?6vwRZTP0+ z20`}n<<}Y6WuH5He?}~r)T|Rf-N_9va2;Vli;INCc;e{Mt12pofCG9Y34wR&=kSE3 z$Hl`V3>K4JLDB)iB#_to2)_Vy%p=p&eba94bG^#rl0k0~j+ zHaLD*KR0gOq61~P$=69qZJ=G0Xwur+$|WPi26V8n41wGelt7OD`R5IwF0TFdsm^3H zkWuz+d3hpe55dJ@n>l!piQn~8zD$@fFzdlO+Y5>SS0M<8fr7>fP*$neGW0bU0QdRu zi_tDn=6J;_5qUu)6;cK;A+-=21BIu1FP(0jB!;c1sMvqtKpu}Kuo?p6GYHii!zKgg zU4ZjB089%W?b$)5JRog`yMwQQC}5?D2emX2YbXg`DqFu5C5HmesP`W}K(}zFJ~{>{ zR}(=&<25*|<1np{9{mlx&PG5^%2t0cjpveg26lFK7Mv6U?uPT?#g~nZw}8O57RXi= zm6es#1UshF=A)h(8ynMYi+<^oybr#35-or>^0c(aWmx}{ z6=eK}+}!V@e(q~?J>A`)VX+Tr6e1z zn_!kfeYTSzGBvR@TB|m{KwsUe=H?*j!WLYSHl(lOxWT)hM& zU2+?aY57tnV$Ccq2YA9+SXd}PQ7_>-^}3=Jq5#N_eht!Md%*;bP%oUneFG&Xe4} zMO)^6{P+|x>>CTXU@s%Pimff*rAwFQfRdMvfi=?9`Wi+^mTfp3j#k=aW&$&5W^R7$ z%$eqZUAr4Gm`U*73nZ+rCD1!JwY8Z82QI6uPuwn0d*o@?NQE;^ob#eF#j&tUufe^G<*Ef57j60#@ad zYg$`_5&iu-K%%W^XLkvxj{z+JLw8bg`ogCEX!AqB4>w_e>Fn7W(3q406H83=_y37p zU2pu8qh4(Xl3OcV+i@_s0(Bwqe4%vXf&sZ~)_4?jVZP{O*$!7Gft;5R@DDT4{fn=! z4Cu@de3XmI$`XL(_%ev91s9)>6)?nbOJ2+9|N{iO2ic9ZMF#V|jowFe^S&?bfXkK$R*e*&*XR z-b;~z%g0x$3EQdXNVn~c{R z%Vf{`(NHpQ!{&i=pnD<)Q0r6!4;wDM@_Z|l06;-QPw!AQPz6h6N?o|HKcl-D*7x(! z(D|kL1t5ec0`2dyQ>QHCViFQ=tEnAflvzCrl+k${!)Sy6&>wTj$|l2I_lJv#iqdfc zNR-*iS%@O(yFaI5*f@}W7I82hIAGG2AOcMoQdwNPMiv*bAT;Qef*s&VK>2N0d3RLz z=9+rW7vkWLePCkqUxuMh5-z*(X^RSKWNqoMz)3APa1>YBNr6WNX3rZoHoRDA;;SvM z<>lpa&_@Ea>N?w}s-p7EOei8cx{gjJi*IKKL<1^pE*=9oqsy-o5}H-ThJH^>9??U) zUjj|IQIO*)jICH{=JniK!zJ~1X(s6pAz>G$%~sJ`M(q}0g%N>H^{#<|eU*S^WtMN< zNiA0oModah{V^>-Uk&fJPVlIWhl=6<5)p}p!Q7qJ5DPl0&OrZMdOr<`WP!0dCnq=T z*J@qp3}&DZ#;Rm*&kxR>^zl7dK1drny13L@5(Nxhrz zr1U&bftcgc($YxHJ`UGXyiHC;Oj()a85R~P)_t&?U;utT2Z!?Q+dlwE^T@~y(QMaN z+0#-|1YsNVTMFb5FZkZQ44PNZ-oHN=yi857$p&4mct9higB+GFDf+NGzj}2DsBxPB zh0hU^B_1HUv23s&-OdE=JACFF2u_{`Wwb4FV1~bzt7T@wW#iureU_j3o{w^e+zjj| zt{c=l^nLN8Fg=F+`L}&gB)z4oY7V;7M;wG8jSWgnx8>z`1GoF{Y7V^6yfL#Rx4!F1 zU|@Q7w!4Q5#TIDr>5X~&83O17ew7Q*LRxR=y1P>7Ml$B?efLk`Lf8`{8>ck1t zoD5!2Z$s!jkmKeK0(<-3)%AO#K^U9kluKaE)jM~NLR7|I*B8J41h+UBGXouA$Hkov z2LA^{vf%h}qZg0T&1zlt;>DT72JbwM5?){XLY=-Uf4Q-Sa71qpCqVU2pZ*SGm+`{m z_9e!w+B@K;zJFlLW@2X#>$7!#-hd3SWLNC#*D!E%%h+8dq(Q)48it1I78Vxa zIf&H!s5F?4<+U}p)85`*;h_qgz})Wm$P`f@3-$rVns{8&tE{|=cODvOA!qtQR>Ju| z_F`>q4eoXo)SjpF0p9@{03zw?Y4h^kzx^f-iUGCAuMOcGJbZkao#tOghoh=F{5NxJ zmq|_e5IO7xGX?jd4J(_TuvlM*c4%>*^~)fG8z`?27=uD2NOfuI>V|Y%rvPS#1Gv;> z;o)irCfGP3aH1=Rs<#$ao%EcP?Ij#PdUT{~lJp|X)%@XZqdF2Z!m}0B;NqCx_9T!RoLDk{)4~*#Pn{%Fu>w8>-}O3 zcpK_a7Q<>O6?EN>@Fp|oPn|}WSH2(W6ExBZoy+#igJNNqt>9SIm<7*wW?v@M=@6jXK&Ng(w}&v z*P{>O^=eJ$6+T3O%nwz#JE@AdO!z@58XXlEcgx!PB6w3acylLu8gqW~vtgq#{-0z+ z$L@KmHsT7!`toUTruphWYNpLmTG@I^kRpIk17=F&{{3&hhU z=RuBzL9Hsj9AGuTjS^4_nsca0rkwKD&^Q5LkgaErxay(8MNa=B(4fe7pVtAQ-Dkzc zh~nXw(nPx+;%GAkM0{T{3kQK3?kfneMgetze+No&J(o5SnKD1ct&ZN_-sv0V5Ip;? ztg9pyj?Fc-;YV(x3Ul@zV`iSd@*M=@2FCVdk_(E_*o8ju>+y2_vM|H+%fhZdHZ~@2 zV2~_-{1z2!tC*YYJFK5Y)B`bC4D7q0BWnbDSBE%cSwrfs-@O~5OhA7YXozqDP(BI? zldl5?UN>!v{WP2~>V@oivxrAUT?bng$wjFnB$CLq$Db`&SB_px0px zdZ@MoMWGuR7^gxn&mWx~9j8TYPXp`y5jT*IL}+Vi(TyMEbLh(uOa$m# z9RW;}KVc4z(zjIs0Y*sY3_?Lj)>jfFrl)#tL}!4u32yox8J4w--wCqGBYy+VbLYIu zZ+JS)PUoW`$cBB6GRo*bZYNt?(CI!dWMGn25#=D5aI%or%PD`7rz9J zL4BM1VtOyf{-_4M2PhFu0(y0g(;EVL75Vqq(6AlQ(JQd$(^sf+EdRs{p5&a$=42ZrV=Wvxw%bvnK+>>^~0n&1fjg3a2y$k{uLY^z*MC+fO zxVIL!4MC9-UJ)(NA@u?~3k16ozA?$kVKqj7adX%E*}~ol9iR5-c~M})SAYqQRocq{ z(Ce#7E(F0t=6!GlV{l_V>DiD1U|-x?fCLRl7eG*YR#=#xRiHlDGY``z zmH2mg94KihLCydK8)X0`oR^iQJpniXi!BiZk4_2-B(74D-MSmeicAj;41ky?AkmUAlMFbJku?OG^s` zC4M+&`l4TxhEYQl^m{2&O*B9yN5Hp7IAm2cG@@#6pC9S(x%o5a|Ms7BD8I;+E3ac> zCRf#|X0-sBZ-F5Kh};9gSyxXF9UoL~t|$ZSWyJ@rkw~c}C2{mv4AxG*-0aVSwTey|DRX>}YpI3zq zi1$IJ5l8{s4wghfwud}3u8pRrJ4BJ%kpBQ7JE#M=fZ!F4g7rVn%GwGx=Dn3*IU6dA z5;WZl>&pjpYXGHc=JYaz33!+VVAU}QP%o*0^G94aQ9|suhxm?jJSMF$N z)Pg62q{QMH4Sl~M0;~CU3w!mf%6T%zP=!;X44Dd9b}~6eFAQ;≪A6Bb?~ zcL=(rn=lD+D zXaMmp4-oODR}M@-dP5~ivfBU;4PhM}PlAK@fq}y|0mXppH*ZSDe!u@uFTfsvk@Sp% zRcET(nFewtSw_@;un`gx+7(_Rj$YaX(nQPvw19x9M_-v6FFm#If~}-Vh0W= zMU^joJ*ekYck<7ZCv#2e4gi1&gZP-f0BO`kLLtt;rKATe&B?{Z6l9~ItN>?oAv67h zG~i$fStgS6PFX799ISTnLgervwaax8s*# zE?}<)tq92dnF`>b>;W&X~B7|RPan_CMZuCN56s8;z9-4fZEK)#w=`c2;egp zMAndr2C=AkDTIBo$y}Sa54ToBEXYK&`z&3nT>o(p?=^dA#P#@hL={yZa$k#gEN|TS zJ>R0u1bhs*BA|1CJeLLBwrzg_q}(Ca0;lx_GV9(x7Wwf2MWt*@+lTy;q3!_co^+!Q z3fc>P8Z=$$wV5MT9C};m-}E>#`r#yKL|j}W6rqx6laFj|VbUeD4ndI`D)q-|BQ{SI zeQLxAzujrZskHj{@QlH#P4ObzP-VkPd{3sfJV07{Hm3GzOt-c9e19RUxMKindy{bb zP!N9(fPj!Ti`s^UhH1OD1&H9F?l&?y85ACl^|ZTi*#Qq}G-=5syDRFgxr+~yc{2GdA+1V{Ag%*Rz z3$~aa5V?OqO)r$ZsXr#3bh-=j6Qk>W*;!ekFnsV2errSERN*^y5a6B~@1@nJyx34U zq5x(9+pwfei$2^8#APo70s`32ORn|E$Rabwlp&*`@ZmcRO(a)s(_w;Jf@?86DSX}N z=;O3B%UImvXMISaf?qckiie((`GO%rCl>AyqGGUdtoDMQzgFVVDXsd80gz6l&$Hi3 z6iR&a5PasYrsmCCx1KB8(c3#q2O%sl6-5ec_!A8egfT^1-`qLy5`iC|9q@Fn1%&rJ zB*ewb2HI$kpFZ82HR~!eI`WxVN{R>gBjL9xP9AhoPcsLa-<-MuHrPk#VJrZHwCyQq zVoZbb5me>$zs!1r1o4&cZf935P!PBbkPE8bl&s9TpF%_J*4cTnb+#ljbJQB36-!i8 z*9TM`(JB2E=e(Yh8FVoD3ME4VKq7Rgq9&S94~5jRvB23 z3nY577|J>{(SWw}t;v+t{0!`JDJ@$(D#KJ0ibSwSa0&{3zi_t!1RtAz=9Ki@DJj1? zkyazX{Q^W`BRLlJ*#hZquG{PbkV(|nX&bqB7u+nGbWHKq)5p(qBJQSeW2{n(<3-ftYn2NT_*0 zDt`Z=L*I-p_r~5(Q&AaDMcU8I9@UQoNCDb%K>7+5*2{>6L1m$9(2~9~v!;~};{I#kBP4q16b1M0<3K4)c3K-%ocmnhAb zE%^C!*Uof}Q_zm3}?d|A5h!~uHKYDi4hc%j@@OzsD&ebaDeVDNg4KkZ4Mm_8Pp>|55brhjq% z_^}9wB4wHXX(F!dgMOVrWoqFGc;_*j_dO3A8V_qz3qpKh)Y#(3dag8(_#S%x$0Bm% z=dAtnzcQttO@-}6L*5k1BJC9#$x@8>*qtkH@};Qou8skwvVgB>UTM@4E8B@P{?8Vy z=R4>7nA+haWv-g;LLc`p((fth2X(&#pln0PdP*4QtCSe`8J=B8Ea_*@85H-f)7VHP@w)>F- zW3RR%Rt|<~;M%JLmK)e$kV> zl><~KFg$kjqIc`o0-GA4T-bk?@`KFDt_vYsy&_twBYhmw*KfoTZ}@1c9u}xv*(-JL z2q470(B{mDm0n>e#=8b;P((AL$+X;nx~2>(TkGGd2U;YeUK@KNgpXYoq=KUe7o^DGbu9 z6^l!~gWmdOsXs&dU;h*Tc|dp%{WPgx@6o&?Y?SS}Ay3y~^Ca>pB2v_+#?@2Wnn!nOn=$>JQsC;) zSz#5$?MeG|c$F&)p)4QdtndG9(cRxqf)z8mX;4~Kx|uM$@{U}dF;z+AFXM{Uck!Ls zccgV+xTMgSLU`-@I%Q(x33a+rvSn9|SXQ+XJJSfhi{jF{p&YT3-EF1B1vx@CmA$ci z&q3$WzU@K`X1B{^8}>z7a&pkk5Mm{QJ%X)xfL}T0Qd76sV59@e#c#3|i3;~0m!Hja zs@EQFN%Ak_8BmFP%{lCKYj1bAd2@jkrQ1zxJhw`Q+U$4tnW*^!m#0NDv2;C;S3~Rz ze}nH-#dIfH-QBO2l+)b0b1Yx?+`C;@nKoMYbF^GAl;9-LRwJcX)=zkDqr+S6rRGcU zvxaf9oLUCn^7XII#B&XR&zY{x&A~gkw)oEvz^N^kFuQ`v`IpI$L0?wqbF?Ak|PslX0*&7 z>@W*l>f12PK3vUP)OloJVsp_)ST~dniC*yj3$?YvEU_Sr!iE+PMWjwn9>E#2mpj{hQa zw&ixe!Z2kLRfLy}-JF^mq*lw9uJq3mW2QByN=ye?iC-azGY-|uz7 zB}wU9QtgVB?AP^|%aJA;lLj_eefOpS+E$tC4*O{U?!>!Y)fv!Xa*n!C>P;GQA*&>b z$}kzao7-2-CMT|@H8dBUPC2?%-Zi9DJ6E(*tSh*%g!?J-4mH5|pQ7QCu0iIvq+JU#@}5EMH|&O3Ha9=Wp-!O;lG^ z>AVxRLCD{VEGjCx{~&W)RjQjMm)4SHt)uTVpW0gSAY3((amNlY`wugefmyM?v2myr z5m52Z-Rk``TD#JfAC+%5-4WW~{kALaE@u>1VTJWdsxSFsndSQHcd$g>WInQ00lPaw zFr--rVF3BKdHK+u?72D1gA^6pSt$CZTmJ74T#dE1Hy|=?$?s#dmlL&b{lwK&!6@5x z-X@GgSW?M(SU%irZ6=Rxk3u+W1efR3_Xa5$InQQd5_?V#%WE#Hhb1MQM0It)>_=N> zos&B{Wp8c%fZJ~TS{FjUNj0p9h!}xM%OIMo&#ghMfMa{f8y^kg#(F+|n(@Q!U-~T1 zNSZm~DLwMSrag0d>mkaWboiPuIoWMxZEwF#AXgBdb2SNMmq_wzW$6(5_Z&V*1fVhR znkD$5=f(-dkhepy{$UGjQta?x7sVH8W54r&WkFgz46YH1?A}7#G($_vG&XMY3@20J zPua3EUiZ!MPxh1&)yWpuYQM5>q;5I)UfWkREbR1k-DhNIvGHUT#ZK0**-B!rdP~@A zyphi!?~1=Ssn1r*$s|l}V|UJ@Y<0iYIO)yxD9Ug~PD^dLY`m}g@OdaIHh;YtBIMTp zYLGY*D6yEi9h=3Yaw~FfHE7;tX%}@IgI;XoQQvYtA~#jtg=1`7Wfpd63oSOAT{b1Q zo2t7%1e-6yV5C%RI0QgfrrA{ryO_i<4iK{o;{}<-AOWewx%$0}+uvMEH<~p;j?QW>|cl$Sk+< zQg3Ylx$+^zKbb3?L;P|u$I9epOD;!Kgd)eVaS}{yqEkP?1*6X2oP-!2U_W^%I|nNT z9$ig*a*CA_5k|Jdl3}FhW6d~(b}NY zBCVYF-ddTDT3aRZJJS%0huEaWp@fO_tqgh=B2@M6>=t#cRjpQUb~(|iS*3O z<}YUhLvRnfyWVKKOs1+Y;+cg$(W1i=&Bh3ON7kS(UIcndr*SzBh;aH^u0Hi>y2Bg_ zwQA68ga}{xjFffBrgP@@u7DlGYwC6mxqW1foc@aiCqUH#WyQc?6atNk5%9dNNHICM zqLq!!?7~lS(%#=7De@62*%0Lb3;fiAQ(5TG3!a0{vsA_K!tEB$pK5GIE}w3Nv&$I7 z=BRi`yo1Ysxe0lm+i)>2(wvpzPnsuDkeq*cAAS$sK`Tx_xDG!x3dwgLC@YjYvvY&J ztOm5Q-*eRH_xyDo_0u&@oyl2bQl#HL{l#+gUz*)NPyDOvS@(2j!7?yh6{LUr&(|H5 z|37@R-R{gO{$>C*W!}H^`9z<<8afER%Cc`|!ph!Yi!n#P$j9?R<|ChzsT);ez8q45 zJbt4sLo&Yxjpf=ShW2OKm9%t4)sSNgH`oD-Tuqe_+)nA`PD*Rs#sh2C6 zfg#gS*~SK{n)fvHlbV}F?0U=h9M*1cf4ywl08742uG}9p=&Ak1(ReQoXL)to5A5lY zoT0vc(&y%8HC();omULMVKPXVq*dCFNMiMK-wWnXVw5z^HDMcv&XyVfb!|G#x*5V` z{hS1RB$%N^c+zlO&gQJ8@Tbb`+KQ^Og&=U`(b{>geO{>TAqO83@5M?Rsw5$4 zt!;I7fX8x^%(ya0)QIAuqcw@qxDQZxip@Ff{GWqW)4RpI*7R5|p5$hY()!YBJN`4(~kxyAA&~Ws4{TfQ@8osuh{gJ&$y$=%Ai6Lb_;)+>vo_7%_VIz(gkZk z$l1y%9i7}9`5Kb9$c~;IEcscFAN}qQ{_IF$z8YGDAbm=qhbYIgRdPxtd;ITLWNZDC;>h z9WP?(UNkT%!`36Q_#S0hC4*?esmYud>1IQ)lq^+YRTlAuv#e6%)w@?})Dz$6`ul6C zZ4WA?gXf9_+|jDeUvaLm!fWEmVq(1D2Zf?xVsbG@a+LZuXuBg(ySAt~#PXP!n9ZfH zA@_#zC7FD;rI-N$P)m1{@VpJluD3CzOYb-52J;7SJ6LO^TcdAiH^Wl6ov`s&$%q;q z4yg_K^z>{D{hWHp-= zVzKAv%@`4n0V>^li2Z&Q-bH@zVWkxni?(>=M%m+OeO;tJzQmW^^M^y}Voh*9c>!Hy z=uHv9aVwFAOv!2}5wCCUYuTMWJu&D-s&Y1(5+l95nonQYdo7bi5N!*4<@X|Fsj%6q zg=6DHq?DXVl*EOAT>nEL;!MgRdD)Snhz`@FQ-pmDyzHEELudldNoX^O0B0 zCzKs(CDuNkAog`uC1d@!kbM)O1D1F6^;6Z55d;H|v%wrbcf!1=1CqWE!joliXp96C z?MhV{E%gxE2&A+dS9_im{bs7afn$|5dOnK@LzFX1-Sc4J73ges2_Le6-Or}mOx}Vl}*M= z5GT(o1u?R8_}Om8eV17Nph(Dc@lPC;4@$|)6LP@&FD7op`!|IRI27MSomEOsmX@I3 zB0c8AP%*{e%_}gJ$<(m3bzk1e(`2ddRc6NH4>Ad;wG4lF63ap)ml*Z7*LZeTdfTmL z{u;YW^s!60?5-;AxE<)Ps^Q}D8JBNbJwzTtam9-p+olmvJ{HapG2!|O|5BQ4Gkl$f zLMDL2Otr5LAdO+A#m;YgVkndjOZ8T%Bi=2%G*)#PqF$ugb_IFrC^HO)#Y&eI+XAzU ziR$I0r4Qle+ZCiKN57Rf=}Fll#)ApNH8NzmH}d#`ZC>Ub#>@czb|X50EiOO#%aMEs&+XBl;#U4rD5n}@U3^(Rd0+R-oDH3 zwYof4vgHmiu7zXU$6>*L{rf9cS-wSoa@o5YKktQPWBI*=D$JHsC3y^$YB((N?kYrB zuTD#f2Xi>z!8^A)GM3m7S+@-;W_@IYC^!@mruhWE=HZr z-}bxZ>Gmqa%B^mJi2=Ftzv#J^>~c~N9X-r0j}ZeMk|OG(d8MB2Ra#M3WRKW*yqj2y zqVX{qk}|lIV0K_zV{>V)N_@ST>~Cz~;baj^b@v-PLZO6L#x5Ez$(1g?Q(S3~t6H4{ zv-BLO*>|e#Cs1dop43_%>|(YvRX8%gAi-cD_TY-B1wANW5x=~)d!PMMKbq#_ueRNz zOv6&KD{{Dspt^9R>l(LZ=7Aa9Fs_y=%feLGmd`Cktvk*3x>C9 zzuqie`>ZVGTOY*t=wV!)a;#a`^JB0R@mD&)XS54Elpv`T(fl>(&&ZEp>%x}UCaB&E zJ5~pD9cKMRDtvgV8}c%Gyop=ftYS zN9JRzE_WIvMnDLzUHJI|V8FJ+#rPQYBvLe=P97I(bL#t$4FAr`%eiI%v^dWw9R#)8 z5Se9HO!sVV1P!~1SB;SdCN&HtE;;n45w&=CK3yGjUs}vfVIVF-9u2JMl7cpv#KG-$ z&OUo&7JVZVo54ePFFf(giVlL|oYu$6Y}wl2BTdhZX~K;gzlD7#2k*O+ z|KXIawh5-kT08G?|0{a^5>hEUuK*Kz2=(*zHtxS4{ogVI^~}nEj#zIi-MDuDzhnI0 z5%}*2{C5QYI|Bb5f&Y%ce@Ebd=L%Nns`BDqEB0IZ^=10Mqp)aeH%&`7M|Q(N{~E*)Ai8)hV1Xh56NIorTr*P z7w%U$l(h(P)z4S&4dR)o&IO(LVXV#c!d;If@kh5bY1C>1<}RDg1qVAjRe5>&goFon z_?ovTy1PYy!b06VPC>r*w}@Ri z38|@?aPEImd?1hxn#JIH$`+Y;pth8TBMn%-3nTkj&?W2)azp`{7iKh z{Bkc0m-&09iWNt}}(_ko)a`<5W`&_{ctq}8GA9}(F zB6+A&DTlLb(u3~$`jZA9zQp%}R0#bwA~F}l^q_d#r(V|ArAt)g-0re(BmFN~3sqGy zy=e~A++kJyipNrtI5-bOBhnN2d9Lw|0d4kcGckPHWqia_f6m~``dEYIlW#wyh$yh?9_+g5&pLXJtLZ~ zokUe;TGSp1>f`za_B}>Xt5XZV3Q2z{#fTM8yi9vA(PO1b8F(LaCDXd?wLvs~#2|-eV#orUy=u3#MQ|%AXJ`ujvD?6^VZ;`cERUMjIDOf#q2r}L=Kx)iG6D=y7g;w z3r@y?ARm`cW=ETkRPTaA(XE+%E_u$~pXqfq2b3(csOznuBg~1GJnBv37qAF&$(Qf{ zjJ0b9;Z)%`rW_`D`} zw5)IHE+-Hq1hgiJ$uY`q-U=rAZmeP|z2_scc+?tO`||Tmp5Y!X^`H9{p1##h@?3n$ zXKmlY7Tj}_VXwS@d5-w*3gx*@- zB%SUM=9zzh915;jb?bev+2mgJ@HII+r)iqHiYZ>yjgZ6GHm`Ks#rIZSVEUm0Azu3?e+sO@?G%Q><4+&qg9kWO2?xKa{LJA*i;c!pSAKFMco-SP$A zmn)Y<^%sf`^z7#}P~XYj3A#K;Bf#14h+qy+X?jK7jX2|mIm~|L@3DqZrES0MstWYM zY-;)J?=%?!FNql27Oz;tA2@L*)gK>~PWNA(KKQXV=CW&AQpJ?(DT^}Ut9$=u^3JU_ zxO~+({_$wg==*_ZXVGk_!p~xg;(wEmxlo{b?|R1-r|UD~VRlVkg~b|HzG`ONK>GgT)97kE1W;7MTbu35gabhWop5b5vABZu@+RB(5pY zmZmA2{W!usE8g+Zig_jYnFVbuHr2%=H6na|zOkm#xqdQ+$RuFcIQC)9XLPi!uh8?n z?b0*OLg|&l(!s)%H->TrXDgzwhp7n=zWbwJ3vlF25IOo2z4zL+Rp{$|>W<{vz2z(6 zJ2|I0prWR#@8sa|=rWnTjJJE{8LOONf=)&9ZA(l0fm|86jcQ-dmGm@WVJV~wAyp&m zLFX_I2^}oZSDwvmIoo(A(rneF{oVbGllpRA{$*&iv-8}2i?Ftj4=LGL+I6^7zTeHw&cf%{eU#V(<5U>-G_KRMzB@3a9_- zLblHwTT+JUuvAx!`sNsAvnjuObJQCxq@he35St`o@b@a0h%#2_%=VgKlKc2O0Tn`V zl?1AaMrp%sQA$MEU;yR^iY%x_S#{NOgmJI{s?CQaTPOVK7P5wIl{Y>h0C zd@4;{_KIfSU}BduXj#1{%rV#<5wGK-IzYQENG8P)+g_xoJU~uo==sMz(Z#~Sie#Ue z>A5OjLxrGyoi0Y_&GO)c^>ln+xvXHk##ow04i2{}wbGm+5vir+&;RFv3x6Jv@E3Hw zldh*TYic^yS8Rz;2nz1`{qTlY@y8DzIC&HsIv(k5Zi@&drc6vEN{J}OirjjG=6x^&`~FEko@6T-`~*k(bbKl8JRaerB@Hm$Jk6^G6iO0qAFPb7OTKOY^p zIJDqU<&pWdqt26$Pt?UVJ7PET<@DcKb^{Mo{Cub>c14S7Sx=c|*IKW`e}%&jIgq+) zhIORDfx2fpmxet@9gkG4-YZ(QZHl>s%uh+<(e?7`0GpN~FSdL)&6#NAjeWAG&P34L zeZIAE=}uXh=*K$`(f0(lJ>TiHfj6N)T1ADgNWm93Gx4U02JSca(lei$N4gTopdutAJWAa0jD-shOv_wrXik>Y;@Tr3eIxs*A+z5*S73NalY1k zXV3NJr_WNN{iT#03?3W#S)ET@YC>Q1B=;2A6b+O%^$ZStUvcI<5fzou{Tq-G1?}Cp z5+=3S2x_+)Sq6<$z3E&{zGQq7t+JBt&89LM?qzj%*j~BEA4{zEB^wBmdefIzS8Xwk z?M7iJR@HZR8kgFQCYeqN$;d>RoqzP2tI$hk*ppUggK=?kTDI_a#eeld?s&T|_6zKf zlvCn-wpvY;6%Vo|Kg86~qC-2GxMNnjbL$3&b(>M!t*Ls+`%fd$xg%d$MD+%5BK3WU zw+{~4@%nqbz1QmPt|#?~L8;@>6(PS3l~YVi^qaB(5Ane?Ezhd6p1ur7n-rf}LzI4J zT7Ew9vuTo~FZaHMK~zM+o_%90&hx@e@Fhc%5_wAI18<}(t~Ntt)ZE|BufJ@9q6yd4Gqb+>x*MhzZ=Z-3B; z&%PekCL*MvOGR5mZu^$RV5`bkLZrO3o-nGTN;ifRGx5E-M+Xxmr6irn;jFFi&`11+ z-5u^9{o628{LAQ%?|TUR56+e787{_Tgyq6=!5N|&;UH&0aj~VD$KOr2Qv$`VoC)Q- zpK&4jc30SKvDrVfCv6f*Sw(zSiaZ#~GCc0@p>BCbi8e=>NuX}K zIty;Ey(slDwKe~+z9lu#slh+q!ZRb`Z11T$FqR)GytbC{Z&YfK*E9ea~~{EyQWr!SsnKhp>@ zAl%$M8W~xt4T)#ulDPWNmbjB!i-T2ia$7W1>!d1DXY2XM)bBgctp|5U>#RS8LzEEF zU`ebp$ezdv>miOf>IR_?#Al!1b}mXjaj6<#z6&;aRPPtntM#+{(UT zgT~zHi9zA}m?_GH4+&j(2=V6%3#09=NLy=xaWcnTGp8Z4MX^#SN}V;+Ocx=T(Z-#j%Y3X1iaPA6zA#uNAce5Sj(6R+F7!I^?E1xM%%N3siXOkE ziSxw<16_$pBMS>rBJm*e)MCqHDSPZ{t8E#&%y}TpPGYm8rPO76p1z&fNflW-J6|Lo zJg5|j;piUHvUi($b=oymQxa~PtD?{nvEtDo%%LpXvwroTV-h4* zppQ!wEo553$>E~pJT1=pd%sT>Kz%Z|NqLPL=#DT%=R~rx2vq3PMhB$wve0kT<+R!? zk7x;_ds`h-UXvYcu>KPFn;utosCqxxq>9N1BmFlvPL$d;kYL=*A3eG}aqmK#h47k} zOq2$J?iA|PQQGsJwxYyU;bF{UDYE52PXsU(T_RXw38e(X)^FoxFz$FK0$Zu+cBS<8 z*N}{Bf%Ma3%ffx010>jICtCY(IdNEUlj=UR({p_l!kqH*5*{OASI)HY@$rqP#DZHuVEuOi+K?*et&eG%Z!{n1kktZi`Bfk1@ku z&h~3~MRKtrSsWN5GjO|oEBXp@r6%&4_YUe!IA1`Dx?8@@L9F2?Y{EHIJS%v17Jqdp zwL0vc?B$2eW0tWldHt;dzIF?3QZ=ee?T!}~2mH1cMG)@psTCERYhIV&GPQwQ+Z-1A zYzm7JAM-W#gd%U=+%fk6-NEhkWlTAunq_ozsT}e4&9L`Uy_lW1w|6HV?{vcQcU%u1 zAA!f?#T;(698ff5u?aim^=aoWipv_pE=_Q#@e|VXTbOesWFI4Ka6#kAmCkG76yxG-j!_CK@J^9q&Z?7Gve z#K6!l`G0#h85sV>Jq!&0E6wEpi5H&WVwRIC#Q$m)Vqmb}b@AU;)c+iY2Od-Jf)i$C h{?V!(=~>!l5U!~>a7b&omOh6{H`Q)rUpIR4e*n8v4gmlF literal 0 HcmV?d00001 diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index 804b74f2c7..b3cf450102 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -51,6 +51,10 @@ upgrade your installation to the latest release. * Identity Provider initiated SAML Single Sign-on is now supported in UCP. The admin can enable this feature in Admin Settings -> SAML Settings. +### Audit Logging +* UCP Audit logging is now controlled via the UCP Configuration file, it is also +now configurable within the UCP UI. (#15466) + ### Bug Fixes * Core * Significantly reduced database load in environments with a lot of concurrent From 6e5ed7e17ff671c8e248d669ae5ebfff6f08ca73 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Wed, 30 Jan 2019 10:48:10 -0800 Subject: [PATCH 285/361] Incorporate engineering feedback --- ee/dtr/user/promotion-policies/pull-mirror.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/dtr/user/promotion-policies/pull-mirror.md b/ee/dtr/user/promotion-policies/pull-mirror.md index ff50ef2e4b..f73b857ffc 100644 --- a/ee/dtr/user/promotion-policies/pull-mirror.md +++ b/ee/dtr/user/promotion-policies/pull-mirror.md @@ -53,7 +53,7 @@ POST /api/v0/repositories/{namespace}/{reponame}/pollMirroringPolicies ``` Click **Try it out** and enter your HTTP request details. `namespace` and `reponame` refer -to the repository that will be poll mirrored. The boolean field, `initialEvaluation`, corresponds to **Save** when set to `false` and will only mirror images created after your API request. Setting it to `true` will evaluate and mirror all tags in the remote repository. The other body parameters correspond to the relevant remote repository details that you can [see on the DTR web interface](#pull-mirroring-on-the-web-interface). As a best practice, use a service account just for this purpose. Instead of providing the password for that account, you should pass an +to the repository that will be poll mirrored. The boolean field, `initialEvaluation`, corresponds to **Save** when set to `false` and will only mirror images created after your API request. Setting it to `true` corresponds to **Save & Apply** which means all tags in the remote repository will be evaluated and mirrored. The other body parameters correspond to the relevant remote repository details that you can [see on the DTR web interface](#pull-mirroring-on-the-web-interface). As a best practice, use a service account just for this purpose. Instead of providing the password for that account, you should pass an [authentication token](../access-tokens.md). If the DTR remote repository is using self-signed certificates or From 81fe9158dbac4cca6b1cc29db23d7f3b825d779c Mon Sep 17 00:00:00 2001 From: Olly P Date: Wed, 30 Jan 2019 19:10:21 +0000 Subject: [PATCH 286/361] Re-Add Logging API Configuration --- ee/ucp/admin/configure/create-audit-logs.md | 31 +++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/ee/ucp/admin/configure/create-audit-logs.md b/ee/ucp/admin/configure/create-audit-logs.md index 568440a187..443fc316cf 100644 --- a/ee/ucp/admin/configure/create-audit-logs.md +++ b/ee/ucp/admin/configure/create-audit-logs.md @@ -62,8 +62,8 @@ generate alerts for ops teams (PagerDuty, OpsGenie, Slack, or custom solutions). ## Enablig UCP Audit Logging -UCP audit logging can be enabled via the UCP web user interface or via the -UCP configuration file. +UCP audit logging can be enabled via the UCP web user interface, the UCP API or +via the UCP configuration file. ### Enabling UCP Audit Logging via UI @@ -80,6 +80,33 @@ level. 5) Click **Save** +### Enabling UCP Audit Logging via API + +1. Download the UCP Client bundle [Download client bundle from the command line](https://success.docker.com/article/download-client-bundle-from-the-cli). + +2. Retrieve JSON for current audit log configuration. + + ``` + export DOCKER_CERT_PATH=~/ucp-bundle-dir/ + curl --cert ${DOCKER_CERT_PATH}/cert.pem --key ${DOCKER_CERT_PATH}/key.pem --cacert ${DOCKER_CERT_PATH}/ca.pem -k -X GET https://ucp-domain/api/ucp/config/logging > auditlog.json + ``` + +3. Open auditlog.json to modify the 'auditlevel' field to `metadata` or `request`. + + ``` + { + "logLevel": "INFO", + "auditLevel": "metadata", + "supportDumpIncludeAuditLogs": false + } + ``` + +4. Send the JSON request for the auditlog config with the same API path but with the `PUT` method. + + ``` + curl --cert ${DOCKER_CERT_PATH}/cert.pem --key ${DOCKER_CERT_PATH}/key.pem --cacert ${DOCKER_CERT_PATH}/ca.pem -k -H "Content-Type: application/json" -X PUT --data $(cat auditlog.json) https://ucp-domain/api/ucp/config/logging + ``` + ### Enabling UCP Audit Logging via Config File Enabling UCP audit logging via the UCP Configuration file can be done before From 6037e9f0f149e3753865da172a13f28fc7ed58d2 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Tue, 29 Jan 2019 14:27:15 -0800 Subject: [PATCH 287/361] Adds a note on installing Docker CE on unsupported Debian and Ubuntu distros Fixed note details to match Ubuntu's --- install/linux/docker-ce/debian.md | 6 +++++- install/linux/docker-ce/ubuntu.md | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index e8840da08c..e87c704e87 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -120,7 +120,11 @@ from the repository. after the word `stable` in the commands below. [Learn about **nightly** and **test** channels](/install/index.md). > **Note**: The `lsb_release -cs` sub-command below returns the name of your - > Debian distribution, such as `stretch`. + > Debian distribution, such as `helium`. Sometimes, in a distribution + > like BunsenLabs Linux, you might need to change `$(lsb_release -cs)` + > to your parent Debian distribution. For example, if you are using + > `BunsenLabs Linux Helium`, you could use `stretch`. Docker does not offer any guarantees on untested + > and unsupported Debian distributions.

k^Kh@{Fo za^If`(o?_kyoem|L&s6BO%TmJ2l1T?2>%clSJ)}jJzl3<9+z;p{Ub8jA(3LZc{6O7 z0rdtZSW7TKy~*2V2lHU3mMT}4d0)0$DQfwNMd%b8hIDoM!IMBZA7mga>dISIn0W!m zoN*_-T0m*34>~~y3UeE%8Ks}G#esJOqk8N?Tn+R)!5TseV2~K{*Og zM%Cz)Tc{^U#=`I^dcHJ4N4AfpvC+}KaCc%3tN;~8Au#DemEdSlY%E!6S=kI6P|SGG z0kKA$j!fMUknvVGaJ`hEKxAs*0hglA5;z$adeS2x+oBe7B7{~D&8^ji1!DxZd*1`o zO8E)-z(?K(+}1(0FWcg9N=eVldl`r&W(v7UR5zy0AI|aNM_Ns1 z7M`AU&yG@$@2S>%cv?AsSEhRa5f5?`IIj`UOZOu0LdLZ>w+s#~+>Cjm;gmX zPAo7$hAIgj?&quS7bLa7dP9W~EF(rOqwYCx#5IoC^Rwj`ZivW?eEI^-5_lx$AOphz zR9M{D_&T_SA*NKMQL8H}E8Oj#kWbaJy}&0Vlmtr-P|4Vy9=j^;)>Ks`@^1@DD^GE~ zMFsq+4{O}qgh%%k2&!)_m-O0HTmdox%#DecH*Q!Tv2geIp9bX#bV&I1zVIKhkOs3B z6uqEe(y(cMx+kEth+!u9HMLPs-6F6Ba}Uw|Y0RJ7ix!TsL81BqGYucWO9&<_g4lOs z(u@52gt!U)Kz$FampG(sAVdIa$NOGNcO0-+VN#DD6Typx=tT$t7LsHd6t~UvJ%9s; zYXaG~aNG>4<+7Il4CkoiMuAMoS>jC(1Y3qUIU3{ntD((&%{_H>bsmgkYkoK##Yk*$ zO^uA4j@F*;@qvW`9`S1qDh{ekLj`mYPQv2jufQVBc=zt>r_sif_w0M?D=VRpA0nP4 zU>w5Hai1+Nde{68rK}VQICSNBhJsX^FP)5VU z0iu<(s1N>@;Yz4%;TYtiShF}oswqS@@3v_H#Ro_T)3x?_^D9nVJZRK#mWN=WsJsBO_O*yZVs)qzo0N*m6;S!v z?yYMBA_p$-5SD%p%`A*OFRJYDDe3C!LVjIQBSN%i+#F-#=O+i@I4LC+6(nNk>VGb- z!o3j|5kX3?K4PKpS=jgd{F+kDadV{buHJVIgE=Oid-VFYy>r6)KK{I&07$nYlaoVR zTBLsr4I$Yq=vxps5LD>*N$rLr5noBd2iNW;`<0n{ijJx*NTej;7u=*fSNp~yZ8NE?KZ()4^fg?boJxMGDdDR(-UH0Tg7u z1|YPL0^EyR;sX=L&WX1^IU+uQLK<9FAjOviOb%x6f4fDK`3X{dgfmzMLsW~5r#B+O ztp*4d@J^itZc?%mMuQRnEC%Or-x+X4;kl{>K+XbWh;X5}tO>GUx`#OZ!L?slSonhs z01|!Maj?sL#4QTIIix(HMI7ZryO^EBJ2f@1tUh=wa?_JfwXoBruc~dpjd)-D& z8xNpjIsXJk7dU?s`+fTv%sxe|hiqMrVRoo3LQmGiX?F|wkWrHHCXg?E!*P50^2D-X6zJF6_dM*xfG_0McolW zW_rWLG%Z>W@E39}LouCL{A3$IusQuplJ{=qe;4SYQ)7pD(G|sK8 z!nGs9y_`jEIaowo%DO(H33~N7V6y=(4SCuvh)@YM1GU(y(T@NLhL;bsTgmV+1qFQs z@n!eF0(k#i97q^MYNDDi2@$j{19}%(n_62hi4&s5KrcoBsiwD-%@uO;2a~hb<={<4 zV(SOyQvB+VuU{fbV2zU#23F{f<`9$g+35+%-;g47SbqhJv*7+l;INP|khl$D zMNy-54>fQc`7W3!Q!mtbbezQ7r_+fhY2qL$=Z2h3(ash6BwV0l0o(pu$;hLHn;>fQ z8L@B@2xZQ4`~A@1ItzHX(xcPwb{~-Gek?$DxE#A$O34QkwKp$x)^@%{wufX zg1AbKPrK9BgF@99?dPor%y>04G*M%+IC7)W24_^c{4M! z)p%JesBotW;B07GaFE(x|FD+aWn8=v)n>@dzI{UJY&BK)`0x+-=g_`!G}a9w_y)6T z??8KmNP?&)@GAhe)q_twyobghI?w(3k;^h8T?dw9QDTOmVt;Sh0!HIdPXb~)Tw+3u zSgi6A-+)T;teoZCYB%r8Q7gq176=jt2M4K#G-IQq7V)|jGVo+b=0V63J(bQSTq0$i zpqn$ClQ}$0gJGfN_UrRkT(52qv2!0xkFqLb07K~G1Lq{|D-%wglnC3PWNcspi2zb3 z)v=f?fJZUrH3U83Lo`n1xI`Z&Ql@SZSDsTO3SKx-WAJ^fRmph*( z9zBN$s51XlV4v#CF3&E~{dp}&m@ZKNA{m)Kbb9D+?Qx zY=y2D>fYo-r2{cgoAb;Ot*?Fs{A57ZMzuIMw{3RE!#OP(7$0EVLjey#Ov@m$&pCTV zzWc-)Th|U10Q{s66oVRZ0^2~1z%ihps~Z8r8b*Fv@O{#IRt}FCG#OyT4cc6c^M~Z1 zyq)F`la@HN1_kD028@nk-$zWbK?ubUGn#=H&j1Xnlr>9{b$AYz1LDvH1h;~k+5_Jp zi#U-5g4Z-*L%?i6gQ@Rkv-TdAn*Vpms}KSWEWWZICl?}CbKOQf6o4WI{_TAI4w`B7 zuNb~^s{$m3g!<^{NGLV#HCH9Lyt(X-n9!&M+1!OaXO$@L7?4)8hrr)$pqE{8Xn}Sw zFq-SK{rwT7S5UWIfYKSTZLqXCFP+)Dv|2{CI7CIAdcNU+QPpIK`IsIm8d60cpNJ

!N(?L0ok!jV9l>7k8q~0gWD6>lnX9wrFZ*c3(~oA0}?gW?PuR^4?Mt9;CT#5^Z*YfMM0}AZDGNInud*m&RgC)zlo7;m&>J<h zHJ>cO+O@?u0_WfDW4$5h_OZ0^KUfzDK9{#w)pfPt-q``)8}?j`K#YF0*!wLzdRci) z!CjO10R5>UZw<^%gT#y2IQ5lhsMkT^-UDVBfj)*>j7H&$~ea6)_vVi;z=Q+sUGPlNCN`~Ch|7grXGj@>t@TjX=-iFVl?x`zCbI) zNb`5|jd9~%Ki@V(#FZSS#<#XEbDdBIR49%sTd)(s;}P(;V2kA{MnX_{7$qeqV^fXO zSTZD#Xcr6-tOh)~&h#}FvLn(WiB^jpz~L+k6XN1X6l4MGte0I`TYD@=F}6+C(N8LjsE8^J-}IjBpSN0nigDe)Y>hDNIT#>O6u(n`@LujUY$>j4(14~z$>f> zHf{n|1pqwzKxS+%<)q{L?h@i)0w}$zf<1$XVqp9LhFX*SI$0<1w1CpgfQVKK`UwV{ zm)2{Y`M8cjP=s}oJ&W_X)?^Wk?_pU99m{7aM!mKHEf6`s4Lv|oW4?qpu7LTl?3Fz@ z)W-56GkaeIPs5YKlWagLi7$@q&~zm4-$)H8HGMJ~dKNDR*Hs=o1UYF@Ca5f)m~0Fz zIUt^!6n=o-VKro@?vMoPf2+(KFpC1y7NY`aN)7`ME$V1J|K1YpH$JHx96z6J<$6KC z6d~Bx=7L3Pj|Mw|8s(FE2cZ|~_x@rLk*`(di^#YD^0=h5IkP|tv5f&Sbt}9~EC?7H z9CFQYASq~Thk?wDOzd(L1*tO>?aJ5U-JJ3ds-{bum=y<=j;SPT1Tx@0B{}=5fKBf+MpW%N-{b9 zZgN-C1=M{ncYvipB1o+Rf&~&F#ICtcsPmElowNQE`XkiPo+2YXvJW4YXaorq_s}%A zKoVz{Jp9H;9W+_-ovC0V{mhL3!tc0^x`)76VnV{A&EuvDw8+}xg6a+&eRW)-Um>IA z(VZwYy|lR*L3MZit!c;48Io{9>`||6%F^2l^}jcz--J{9EG1j(jTd2BcBtG>F2VaO z{pNhKrIpWmYr)$Sv?s=FcF)_#UD9JoSM`R!5Ve4avC>*>)a%IY#cZ@*yBMy)I!S5M z^^B9V6Py+rA&yq}9o|u|P4-gBFrNdBkhR_KHn^i7?Y|3pu@Y)lG&pR3n6F+t!?zTB ziQU!MTCeomZ=-*^>sD#)AA9(`O>U1aa_h)`sQP_(HvQdNT)OyKTfCJBL3`u*u788Y zJ-?6kvryh=WQ$+6s}?hh+e}!swH|~tzu~uKL|lSUh{Es|bSW~DLWcGg)Gxv0tykQm zdO!zx%X(5+F}enH5OB|pDjrHf{}mmOY7(BFqQJ|YLQ6MZ{xeYLz{(b=2?sY&K=+YG z3%de9&6uAsgHR00Bmy~OCrM^feegMWFMJ5ZUkIpCL6ddwdJND9L_nT=1&FHq>6mNsZ7LSPNa%mTEc;X*lLcUFv*^BT5NRkMu8%RLl7zXhP2+8=pPK9mV zrKP0QLj(Z$wgn019}U?1JneSF?O%p$C7y6xiRm;#5DZ8i0T9LlIRiM-gD!j)cJj82 z+qW6(c)MY?j;o-~1!V|d65Jdp2J-wv2pjdF8;W_Q1(qoyV*)?}PXE&K^5~*SKizZv zsUV#1Oc$d&JKaNrxi<2<;cdhmQSlh!{Yx$L0;Ih#9pYPeHzJ{d?F9rE0((Gf6{DCK z9Wq6yW5oN$U}sPUwj9AFiY`#h~#~?U%$~Ypj84KDz61g#sjM` zc%*9i0@zIl0r>+L1YGp#vuA!_lNV*s-`8hhe9tKkxN$n5!6YDRA+RajT_~4h@F>CW zHI6>NdN%yFx!}Q`dMwCOkmU{J2_~q0`~dxg=>qj>m1Yq@X#NWc`0_;%5nVu1G*<%E zM3V|RAko;U!qYBScp_&gY8tFq zq=BCYNCDtXo0Y+v;+mku^pA*$m@qFZFDJFN)6htYD|khaVQOK~1nd$hBO_p~#q2zU z9h<7Q&2Wb@jK1X7BHAYQZQqMK&jEydpE_*r1^WPye?!sEvRV*JBE${6a0o9gP?^X^ zJ_YPrT>=#I7E^UJAi07dECXCFMW_@b2^5buAPR%f9<_0Wj&6f{IKEt0P8HOhK@XUH z@4xkiWdbNO@K$Ue=%Me`4^XR|wGv2%K>mi+W`g`Yl-AX{lbJoQ)5LX%BNFFN99jR88g8?C(xJ(U+VyH&O|Q0VZU_qV{pcVr z2=`1e=5x9P3;0`m`&TfT#z27=DR15Bp?QuN9WCt>|8&@|AjvFueGU2qn66Q$n_Q{G z$0j611ymbgkfm;^aGHn-PMAt?NOW4oXM1T0L^q38E}gH*3a`Vy6TL~hUx0R0UbBP-$a{+1!ppsWjq z$N95Hl`T#s+yyXD=$?zbcfpMh(o$u5yLBQevlU^Qj`Y6hVC}}%)}Y|h%JS#tn23fQ z>N+?9=B#&%n{)`G0Az72eDny>xaY0bz$iT?Z1W+c=WoFlaw|slyaRv_gpQwprW*3j z(yksSm0}gfC_Na(u|GD&LG=o>Tq+c!l}BJ}x;(hSkkElZR8U4&uQqNZB=aO?`9E!;B&@gROzFEh-Jt z0C=i>abSf+*dGSpBw?ut6>rcqFJ8L-s2<48bWsNWauX07HN2ON3BD)~x{d>-R#E6T z`E0?*(lq-<%&RU=ml<^N(1r;U-);bd2a`iy!3t4iV1nrh`g-=N1yQM~M1lG*e^@!? zaEZJ&P%<%iEtmBb7|0OxCiFeIXiEdqTTQ2Glt_0dYLgU3ES z0Fb4aRhN2gce&nE9b6AzAolU`Q7bdMe4Y=6x->w0*z+My`|Z+n=)yJtSJ>g==4eMg zF0KfySV&B2z)D_3u?;cHKG$Fit?OfKIum#2$}x8zoAfjs*QTqJkz5GebE71lBlXGS zze$v~fyQiEbkl8ELEm5b|CB^(d#uJ1-aaw&X8j6W%WF^)jWe zBt)U!H~2>LdVK%b+;g5`6_JxNy3A)i;d67$>D}9+C{a)r-G9s9{I&2-O6u12)5IEl zc`O!2$r;@9Ouqgk43aZJEWVdEd*+n+g%%&P@i{TUW`q_>7icZCG;W59uK`$edqiH6 zruIrwt=u9}+r$k>SBN>%d_|QUNt^|^^L8MDAw{&G2c8gAVRBeF%tjiiy-=ZE=6+z8 zya!!BVQ?b;gqc|t9G!+d$xjLa*qUv=s>__{Blu47qn3`%R>z6c^`!ZCZ-lI9M}&fa z4ThXaHcAI$KxSfb>zR6Oc3Yg0jO;0ZH+8mFeFmOZSktre}}OH#{M zzd$?4a2w3}NIroM6*2$`u3uXe9PKwrbHxFSZ7zvsEtGw?KZSwNdI;cPV}Kxi^fK(K6cu&3a5Q9S57VZU$A#mJAQnt;|#c<0A6wL(3g zfsJooYcn(Y{ii_ulOQATSW&NGO+cEpsxvk@Oh-Wxa_wRKbXJ0n9e@7t3KKOH-mOr8 zn>~99@)SfPQO(GpI`|sS9~bCAiHwOcu-8sbN_v%`^Rg}fL9x(Z87Dl38W?s14#L1h zfb$!YJ2y2q3k>A%_k1zXT~)glbVlXetg?;N#;YoPE-QHz)4(fn>y2CR2~ksth=?dC zD-RgyN~uoS8+opSSP&7bAiB>L`@o#j5c9b~bp-|8G9~G8p~MpUr%WtK)k%gQ~w)-L*d|;SVw+&}m9Ula@MmdD-PvZCyU( zzCB78d+WIVj&60B%L^x1YWzO_npZj2rQ2!vZ|kq1-YdG)?BLKB4YN<6Cov!KNv@Kz z)`-502o9_2Y42K z#o#dXUCGFNPyD{i9XDI2@`E<(^}Y4!HH{9aAYmi+Fj%`S;+lk)2x=m=?v;GN7hmXY zzr=hTa)0TT=vWa!0owGIAYIMLRpx6={Xr0&XwR#~pNJ;)Vfi%#d!D#2NxT(S3*{`K z0Ei0&*1%K%*J}986Qo_=dU~A6SGc$g>2Sd`e-P9YNm0QWqnh_LXu#^fjs(lq_+3`Qg{@$n6=7eP8O{AECqXAv;G z@^;@jPRLGR(FRL=U?0f=+<0?$%o-B~zJpvhG?(!>lS^)|t$Ny_X~Os1wt)CPshgTQ zad3Baa}(nDIC?pSMBqzf+OmUSG|_#=sQQkM+@U54C@`U>Kz*^GxqUWD!sg_s*2*~&6~eB zH<$WqhU0GGqN=!@MTF$0GV}5te~%Z!pIq(Q+<7U&io3pA(~#(>)_U5UCzV1&thK}h zB3)o!{}NvfXLVVtuE}X?Qo->Fq7SGkwPcAd zjph~(I=i6HPwr{TJ-Nq#JOUF zs!x`7UjCGr9X!{KRS)kUiXv#rDPEtq$a)_nmkixeGf*160F>F@zDSJ_RHQkrrmCy< zs*4x3rcmn7z6e`X6gkJE)SMuY;#sD z!&+qwth%e7;4i8nC(pPjV46ibIt~d`04O~!hDb8!%C-{SG`W(i_;I_=P|CK|QIauA zv&jbpbcS0wEbW&a-4wctZ?Kne`~-&wp{}2;5lZ<51sk^-inKU4%C`zXd$1KA1lN`Z!1CNY=T9 z+9Zu8Yoj-=+=4wbzj}daVof)HJL-tHl{7?hB2CQEaopDU@zB8H+Anoz)Q3L4{iwpr zzz*x{Nkgv!6c?{y5C|3`QZ)YwA|^d(b=e2KcL;?4(PIk<2~3b41i>&xQSP2b8c%n#a#? zyxZ8LAKO8h`yL$Cs@g9-ezP$da6`{~S~&VVYk5Egt)2H+kKyWSZArQPw({AYPsz#cQiUi+BPqTmlQGcqzVZzFZ+GZ;Bug@L-Z8R9|5720=>WhIRSz^N-6u#f|JB}r`~jr9Kco>ry%Iu; z2!gwSFaldWqRaR;%;}B-;U_@w5Q!TMdENrA49z4(8hhx2g=Dolch~d_+}Zzr7B^}` zM=TJ`5!zeMp_hOz1Y9(Pv#=}T-j{_Jf^;GJ_Nf_i_9zy7=(g7f4Er zZd56}I^MdfprYd=T}Fw@Se>H#*ftxLD%z_bvhVho(%oa9idw+w+)F=NMrr@)w``IT z1=0SA`6fxFYs)j+UzI?Hg^A$X9bUd!gf!q@xc&T9dNIu~5i&r{;JJi{n|Ot3k8 z>tYV`PNJrM;PKP70rwmdr#LI=O9wgpR(I-``Xm{@rMX>MLmv_ikL_@4S7JrUVcRzd zpuD%+uIag8zqsIN~QRi7&?x){9d$n-oCdBk^cU5oeIuQo`>u1MO7AJOG_X9r_ zp2QFrnx751oOGepQ`zAk+zU-_dmiZ)JooJ8SlJ`s)LUa0ld0CR-m12kDj~*~mtP&< zW(XuK=WIMtUcb9PQs8C1vv(VN(T6LqXRkr*l<^|<)D8C5KZ`o|>_Z2ahdprZNkoK6 z&rUne8m8pmh!p16(RQd5G_JKsCr=&q=Lw-u=>4`1wJ&;{mP*J?tm1;$et41gDKz>O z!L%xi$(j+Kp%1wd+S;jI27pjSrlo;=Cqs1WL_J;#+GC(u3EK;>E|KmfWoZI|~$F0s4=)d+xl()aG6fFLCf@wXyY{MUhbgA5)!5$F<-_R7=i z&~gJcFZ7pf%v31^`YfjF2Jx8-qB2g(&Tyqv1mB#-yBU({FbfsVG|JO^%}d?m+_9KdOOOWxC683a&~5QF-GLI2Z2-ujmW5>jUxRSVKQK_Vl4Rh2b{rhl+uW0rlP=32 zbAI`O6!c&Ja)AOkDPSbZKR0wul}-Xhc##T?5HSeN$-Xr)49 zqquc+B0H1xUFFBlO;A~jpC+H-9M*fjzrlg^NRoM&YDj;4@A9KXm3t}NDmH{;VzeLpi1sp3+2a6?jo#Mj{H52Rlgpbuv0w#zre;nGuG zauU;9TDfUjzA+|SMGLKBm#Fu)`=neBss<#dw>$r2?a!}xHP!i5p}d)<((3y=t`Lac z7Q9YLK-be?kht`KT1fh0Eqb}FS*`Go`kjgwwwrPclmlj1`$w9D+#NqNyV7F}rVh5K z9>_mtD2O4Q-E7f4^XVFMI)}0|e$+VJTQuiUGV)s0bJP6KVHR)C^hi!TiTGA%PySbS z^fA$s`E&{U&?}nGYYbDh#h)m#6Y^20Y!mqwIFq5TXuwYU{o9~~@yFE_i{ zX2p?si|A2MQ>q^Mg9I+0&3f^ALuRk|JROYT4>!h4(y_BtGkgu?(q~{ImQ+&xb0*Y7n?D%r>5RITA-k`|V zozv|-uXox7GRlrbB-9Y-v}&~W&qk`Z_>-5#!e=+^_k@nfTU0`rZ<1cSe?RNN$UD-w zzIPt-RC#Qc8l};aCvu8pA7hW-_hkntj+9(57_9D`=-!CvNUfT1qwvJ5O^c9;Xcbv> zM=!efET&W~_qvHb9}?a4AM`pp<#m{;I(hChdobleca{HiEkdl!VxCR5Z;8eE6#+Px z7)uAzQaa^4*|5()_VL!C6chJwOZoWv^>$@=XO5E~>yj?XWMPB2+3++ybhMznQzO&U zb-T{2Dpq?P6SLbIF%VynzdoFpGNtoVoX6SDCVH*v>yoWi4?FjmbCsoQ1?7_Oh)+)T zwnRnIUHvw;k}}8g=|iUrD_Q)ft+T_^h%>qumL4f7V2<`GD&nD{!-?klTegm(*7lR_ zOxEsRIcb&h&c5hh7jhmBT4_fQnVOjUoJ0qZ>RCr7r)C+;FgwZJA(Y6|puIF!xBAXU z7L%?@V5EJDlvHPb>?h3yQ)=7cx3YUd_ZgHe&YyB>7AZzOVAg-sRYO^1PUWRJ)~TM} zEUKIKe9e{DZoss|+6fC&Jm9OotYX+Wbrtmm**=;*(GLOWn+wpi{U0CRW;|wD>!TLv zLNtfwsnfu>0yNukV?>d`;9y?tW`}d}&U&hQ@xXP>h!Vq(eJP4g)uq?KG{GoaBdRnj z%DBBuU^Ol?HN2^DNc&@HoAtK`yLT^*t=fqQ-(Pw*^(vob1ix?Gj_^x{UAt*cdvTcH zn$pce-FJ<*cJXn4pJx}T?UXGqzPYw%WAcx+co1lNDu4irks z=zSLJYz1Ap*mpC9!>c8V={eH*<2}M`_H!pZL-{dLsn-sU6_Yfj!^YKY`1vN+6kB?> zDoXhFoQ8}|Mx>dS<2$&&wUM1OHyZt06n zx|hy}L4rr0*NbM~K7AlBdZuV`^agzrADATYHiWWP(W=T%D^Zn$@kxvk> z!9)6kF>JA=ce(j7U1kHyez;4kv?gqKS(2~f{o`#rVK%Ns+dgQlwYL-)QG8NPXyzm0 zT@Q~*hEL>CyxFmFbGI7$?Y&x@3ySJhIe(ffGzPNzWj{qF=YIbD=&{SnTIH;=w#^gW z+S6UK`T2$Av>>|vHj@1%h7m+!6>Bu`1V8Z+R zRqi#}&;$;!XBQ>8o9zXu!%`9ht3*F%kVJ{tn|GbBU#EVF$PVHg%-kdDpQsqmkYDT^ z@QVn0saoDyLwp9Ge)Ge>II9Y)Z=-7Z1$4 zl7<&UyM<(M@A5zOdF2gFNI%|0(vkCSg<(;du|8Yx(sV?%jcv|j!*LI!bKxbq#5K z+%CNn7aPAkzj=w*V9;btxYcK8`IFAtDDtYMg%3)R&*ixxMRoNmwsRN*ow;vQK65xO zf7kKo7M5@{TWnoeSTJ1q!jP~Om6I07JaJIpc(`BE)2V*4wcwRm zF`1g(!AYHA&PB%|t5NJ8aHwSy5^m{PdblI}>~S*nrzBTiB@(<}5n>5ubN!hH6UlCl z8`nbvrs)3T2_aur)A|@3XMPp>e$&NmQPzpGdLqBtx>j7mijqw>X={E6`8+@SGPPHE ze4@<~1MssGYE`QEsQa ztz{Wb`^z-w-&%m7FjbxGTwLP50XTA6*tv!TYP+L56sk^>*T2Y!ri-nMa#g>`xE?{5 zsd6)kMHfBrNz^3m?Rris<(RYH$;&T)qClS;NQZNa!zLUBp4VbS~UvxNA#kK?m( zkDk4?QKMKgZSQJ}(kB;I(&I8p%4UoTW{fKIZHO$c*!1{MTgpN)&0>ox=B!R7jA6$? z>l=~GyjDMK64HjGO*gHhbxVxPTI1b>i@IAD_f}$fEI6cuI4aC1(a_&;{`*JSM%JhHBJs4~;20!EReOPzW5IvQLew&||NW!-Sm(rJcu-?1T8f{n>(0bGR6Z-IyHF#{!yvWsQpq$kQ&gK znA9xJR3XKG21wNJ0)w|$|8bSSzEouR-;RLS;AZ{vqgqq?rJxjQSHa&s_Cu0?{M0H*wP1l{kikFx68?v^cZMA0Es_B~Fl7I^D2~~0s+XrQqTGh_yV;TN z`RB(yIV|`^|NM9_IsO0o+sadhQN zZx1r$E&lW4|I2Uw|Mz|TKU~c)^S_?6o)-x#Yu+F~Q`gN#tFyh!H^@|)W@U9Q1!)J4 zbv^XQ`tNJhdon00e)7$}X?Q3+Mw2W$hi@d}(1XsGZon2Z?f*ETNL)BNx9aqz*s4~c z+*szfqIk67f3Gb)FTG)l=**Y3YLC%pQ|ipsj$^Hj49YcUK747z>hnzLb6LL3uw4If zU%gKvGY2-?U#?=XUX53uoUb)e-M)P^@8%JGZt9etN#rrlW1~s?AdV6BB7wJ4XR*#dlkqt5>(h-kdeLe@VIv0{ZFl^?5Ti#g~idlaDLXfA5ObQ^P^R%utavQdF#T}*S*g37=plF%mG;Y7UgPACG%`VmR z6NlrU`D8xr%ePHf6?Hfpx#wQ=Yvh->eM_RN&H1*#c)%jBJY7vkw&{AUKQ`9@w+c6f zsd0X^B`guY^GI%Th=sLAKa((5%1&T@eNs6;ZNi8@waE4~!nlotBRVRML3J-bWM%R& zg@BKZd-jrSbf$!+Iu%XLR@pEvg{c8wqOvoxy{suvsM9Ggecs23NW2OD`ZmLC(dZf3 ze?0i#1*L`~cCw1I(nQWjWsf3Msls0{l)RT*QoW!s7(6qOwnB4P;o9Btls}bj^#|<~ zygUppny16J+1#eZN0O+s$A@%#vtz2;Ic|p0-0i!q?ABbsv+9)CkRg{}rCxV;O3pR4 z#&qLb?^|sPq2KdEY^x)x_*gOFJrpOUi zj3kzVc`{nu1HDBteVkvO?izQ!Ta@dGJ@KD4XvNg+Qq`|WD=I9?Y?PI&c8N^U{?gP! zrt6q@+@HPC_wtQS`XhA3pVLo#zjz;C-u@btn+ufn;Przq3YrDqQ*rK^$JZYQ!d51W-Yr?_oE_U6%A`hX_xXW668^b|%_XC|s z8?{N>*@_=b+Tr;*C%R?BS4Z}fQ01Fhrb#btJJnA1x43vXdaXO5npz4p&yQ+;{*?Yd z)*cEq{E*^_Oj%2S>Sx6R19{22)K2rYLbBmbEKT7i6CTNYj$)cK^BrVw#B@(t`{$O& z*yj&8c(;`8cY}&)$){L{#Eg>eiydFoP8QPU6-#Cqn+a0R&(zCQ(zxDOcTI`vLaxhi z<=!5ZWIJ6C+5Fqp%`K{(rv-d_ublWeY3*uZMxvrX#i*3rWX0gopM5o(QCB&WHjR;q zVX+e?>{Fq;8u=GkSe<{8s~7WRmc87@xV(c_yPWR+?pvVaAGCn_y3gYE+Q5?!nMwwS zv1*G`+f)S#`aSlSQ|@x{wRlWcwYx5CsyWYZQ{@k4$2@uFa=;T1&!y@zpj*r*$j?`| zIvMnQ#c5~#W6IU^IQ3Z7Uzq&HbMQ~ZCMDR=Y>EgHO#G;4hMO;wKPAnf`6O=9&4Dh^ex3S_TSIUVI{9vr3 z)9$*3K6zq3loz8~6WN!Ry_t|~}5SJk|sM@-dI_K2N1@zq(}KP~0!C!54} zJOl(wV<_;LMb=kc-Vx?JoA0T)IF=x^5KviI#H_wN^sI~cy17K?pd$T;VwtqalEuU# zdUNGKA?>odWcG(ooQ{2L)UuqXuAZzG<_^}#&-xZe8+H|3n;&{*sp@{{$}yMZI`-IB z-$2&RX*pv%w;*5w;t zGmD5q%jmwO5wS37_0T5_O<6d3jKq%o@srA8&xyy0@oKD}dd!~d&@_KK+qLBV^Wh{t*g7gxRCWIn{4oP%S7)3xslNyy?Ly-=Nih$He z4FM8FNJ0%I)D-gG{LcFu$8*klzrWtKzV&^FC2NVq(vv< zXWlv&G&(_VW#4I%)#F?%t?YSTbX9Qc^o^VM+A#;X>kXdWv47c?Zmb!U6WsUokgKYO zuY!Ww+bK2o^fp}qp@~9%D3?TSgAWr;dTUq)b_jE!-IuwK|2$9fpcrs-N}T>~Ys@=c z>P%|U+9iE|IFZ*WSV1G+zBl7%(EFf>`PK|AP%}^@M@%78QFQyq79}^G;V+7-V5gpS z)}yTM4qKsTus5^iM?!#*+EmOh>WSi_6r+&f`o-mef+3Q&YJ~ScAD{QYG2IS5gp&o2UBbNeOX#`2J{$WO`H&rU>8#o14#WR?bN{4xR}`;>%# z8-KJPEwzZESXfj}ByP;FwQIOnWZ!#EqRfA?w~0pV1r&(I%#6Fi1|gMO$6A{yp>?O4 z!!rA4vR{5TI1lXGp5MSjUqgkiqdoaWKb7VDWiAq#?ltm>*VEAJg;DZ-)~x78k4GB| zV(q0XRYlHMOZMJYe&&VkRz0@q_#Ol>FP-wrc_RVCUxn;y&#r4OQ8l#3Ce9zbIycmj zcJ9<`QJ+C}{>yXvqN9PaNp6NtCjHP8mp>d(h>pzBM=9O{bc@|RYqXejwaLf~@qV2w zEWXe>-~BXMoaK9Ko;lud)zYQF((+1Rbr<@Vlw-$w-TLOwSkFnmT1p*UiN)l1P3Sv0 z(%&URJLP3wNafi3-7213DJ^Wl{rT?P_Bla4WmBI*sW$7tx?R8D_zch31P&Yr#Rt=_^9sUc^6|yaC?LliF zyOP=MJ8)Rr?qr*9+o#aaKcJ=NPViGD&fmoCKXTNj`UX`H^15rHrp+Y3&wjXf;tv-} zXvFUlJ{?R^n0BfIr2=M`SAMu015dr3`v{q&rQq4BV|~@`Ix%w{OKk)}9%A5{*gL*4l{JoX#Zo z`Ay>L3?2Rz>J553hOXbl>oo;j;IayM&wq+qYqgDEosU*(S?~$D0Vkt2$Q=bMQ6JYi ztkJtos^00iRG!fXn|=IZui&iA53pt{)KB`W&Mq3cd3JdY>$e6d(tct1_>hkV!b z$&Y~tx-d%3Gic_sewX%+G3tiTzCFI9)*EAryeS!FghV1l*M`Alby(!smgQWeBF@Kp z$y{YuhjmxJ9l~}EJwABA*(8AQ`sRG)f^?q-?u z51|1c{z!4XtF&_Aw^xRdb}2urCuK__IREA{`W7v< z6NQ7Wj&F>~1$F^Y*#6K%414Bc*DTzC;`wc>GR z4(Djg(9A}|ybI^WA(ENN4lk^4l@oOg*}Yd=^w_7H;{ELIFp@zT65n_zQn^%2 ztSICTg}8!aBUf*Rx?Xw}>{Hs}9ip*W|1R@xrH$JB`s>2PTq59zzp*P@XEKbkB1*B%v+KE%YW=YD`$7^3Z( z!a7o+ur|ebS`u?0{*(cL^DBB9t_^TIxAfDRZxEq|K6u-SS^q1Py?u%jzrnbB-keGS zI8RWoxG`>3wJvn^xl~G~aw3`eJRw_n8uET*`VJ^KP8+P4a4)>~!5RK~L`K1^Jw`uE zbO!?KKp3@I2wPzi37!4Mu=HljGvVG;yYm+!`-OQoHon@-3;Y;c-uCE&V@Q*PJ!;K- zf7=zkbJt(U;`f&8q7>~@RkLjyEELw}DfR+UDigyeO>}bj_wFrU2$&hmpH*6y zXjQ@Uvgy~VlH67FZk%sZAVNV;C6U)E4S`1a&4$>x;A z`5AV>i(bOSbM=53#l`4J=g>ywh>Lq^J!bE3waJ>6IiROzk&(rGl1F(j`^K(|{>pzM z?bNAqx6C0tw9k+M;1R!PxcMEE!u+4|;cc;n><b49R7yA#nZZ*0A5jRo~q^1+FKzVpGq-Fz*q0_l5oaNl*b-u7zcBlrN; z*3t=sGOnxB1pXNj?pMRnc{|V4Tnf_dI!7>Zu#nh_E7liLPmrqe3Hx(}3EPRccb&Gi z7v&NYlVt#RI<92({66IedPbgB6*Friz!*|uUt`SU-pvGRAUgSbaxd^y^UWSn>^)F2 z0gx`cM6MYb&eiXGT{j6$s_K1TK&Xn@S5tj5RhGWxc3Wpk!~ngxrZE-9joG{?(9ret zf~N}m1^XE3=5M^W8#(u{S$yNBR4vB-XMgnjocn)rN-zDA3Mx6d7zr67WI$&-V=7h5k`=d;Zq@J2!=*Urz*$ zy}0kW$rU{F>mjcVF+Ge4v*U7WJ!E z-S2(#2oBNu`U90l``F`4bxAH@Bz^HItO{QqwDe^QXs_N>^ZfjqHx!ep`&H{S-|k~J zm98a+ns25}#+jV=i9^z-A@LLoz|cw+IFReLY8FX;4dnl%-`(UN;@D`bs-t=ZJ8BuJ zR&67NV&d8|yyQjdEJbbNrHi3)_t|3Q`BBE6IXx`a1HrspoaOf+V5Bv#gMH_zr;(tE z>79lOO!$ouNs~m!8fjhp!cwy{%$g*o%3XPn9!#xB*EWkr92SpVjys>b)$1`@A7FRC zw)XAq#U_Z6+s16pH7T@TY0KTj!C!dIqmx~X3f@Ar*2$ClZ8ciP7^DL!l0$ImG`F$Y zY0g_`S6aKwFQ9XQU*M@voOh*lz}<$xR8=Z@YJAVo$0~W7Mk}`rvWW!N^5KOGb()$Z z;LM)08b3eV7P?-NsurIaHZV(ypI_8bJ3oEFLF~JrHM|dyYylSAI5W6H zif~8chOrAp_x41r-R{C0JzVThVB5?h&0E?1%Qu873|KSjn$nrI%LjwAdrCv+BS6%Iiw5cbo<+ zh4J)l&MH%BW}qh{F*7O2&-;CA%>Ex7DpM5(G6K^)0~>%wi{#AEYn{Nkb>#x>=ERVX z6Gmp4*!xUcw&T}AHd-88sLu|ZMY7ykcL32CXOg!3I=6fCCO34WZ_N^VYEB(#_PwmO zgsQO4dOtw!LR;#06dfk#r&u;=2CQt<`w4s36vv1zB*yij(@s)pH>2%u8RCSOOf;w8 z?eSmUyJvEJ@9txvGl{+jevFWz@7?|I5n_;E%;%Uu)Unt{MQZ9tuj}?KVuxqg?Y0iWwXzaH@Tc2?r-I2H>c=F<+H%wb$muJI@>Jv3l0 z|B834`tf6J>tLB>JMk#x=f$3!5fhNpRWVaY)gb0!2v5X|t{s+eXz;f0s2V89z?3B= zwW$*MiFPGVpH9&$ZHf?DEP#uL}s*x;w?uEpP^5{R|5hK!^}D4~rf2NF2NyGpa#tDyX0OaL~EZ9M^a3 z*bfN&or`0&k^CZOR8F3p3E|mQ+ofq7FK|s9T7B_XfhL^J_^g|gms8-IrSDw+tG1nB zRP*b8W8KU4#+uel9LuIg5Dzwp%YDtG05l;tN!gKn8qXbnRX(I2FgNf-Tj;0T_XehWfs9p- zz#z8kk`$pY{1m)vY=IIiRO7=)hR!s{>0Q^-6BC%*p>+JWR)%ql$K^kp;5l!ueSEf{ za!7w+H1n0Ol1_54QF2=Hccsv-UGwMs&$mK&zl?Z_Alnv1!og_|B0j%HhOV7AG|MCW zHOd3adz#7X8I%EIKjc=q#(Z;mKV0cN9)IZMNJuR#Suu5!X6xGq+48JT!dew1Da7`+ z{uz_nl)-2Pv-b7izS+(#=H&YL#?ncaXOGz00@>C$Nus$asz z{bud}X!(Q}VhB=)5)e}`Rv~Ke}W3Lb$i5SG1n#0fE&+<~-@4%Pw;nr1&*YVn! z*(MN-S;=ygWZ=tv>0!o~?rhR8N2B+}oSK=>)b;=Tkgv5`(0$-$cba$(25Al2UA9-a z*i?9u1WKCNGkG%+Da-aT_{~`uVtJ5gKtG?+GfZDyRW&d@BQ}&Rv*^*65M<^s_l~s| za4jpc@$C0kawo3*=I(jp7uT|FCJ!}#9<;Q>>CJX zntL?Vme<&36B1HCTVWUwxafd><4AqTC79FWwX)NlDs2MZhtNG(3GG_dmk&C~et)H9 zSN|a|6yCv1F}H4;+Q&g~a`B3x?l{Z>dF!1mU<*)STqD!gY9_jIOQ%H63W};NZP2IoZ1#UqD-Q%abNTRXP!&|Mmhzzu&WO{amhl z$1@yNzj%1|KW>;2s<|p;Gp{}?0F68;IdC#HyjhBLh4nDqA zzuYq+E29wKa`)35vw%lx8q6Az=fbsW6KP{L5pBR0 zJ2vOz!LVdHvF!w+wBCAUjism8mdjakbACvMX55c`u`yOclpQo4d%-a>t0bykJ?tIr=wUGl{2I)|ok`%-~V zm5hEt<&(O)ju^*}d`Mjf>^}Pd#E05WC6Rn@d*g{bN2PT(I%gLC{uIbPE7oSxa?;w- zAHM&z2V`%I`$cw7GS1_149v|o;F^7d$WXbQv=_UkhIFJiAq2J3W^sBPil}JV>^XN9EeL--y!SJWVBXV&7h#Uf?HCou za9z**bv3^tt>we?f*kBjWotSMz*M?>*LYUX;-Bhapbzg{Ks)~$sjQ;x{A;Um$;n@y ze4=l3o;{>FzwS|T^5;Vx^k`g|VxF0C9z3el+Qvd??wwbaO?+TpX~*KmT+@uoB6(&E%?m1x=ZD|?#CtRhZp7*C1 z)%cuh0M114P?vdfl48lI*pMw;M{DAzyh|tCSv3wB16?_MN?pAM-FEfNs_xlQMf-?) zXOB;n@2$RU)~Eq5IJ&zYr8`z)e;?1G+3K!+efek-tD}7#c%*&VdKoH~anC|6*5(FZ zNNsVCg>KEXOAzmMmMlguuAuZ`nCFbmhCUGy1~So z;*_b+kGR0ZxMO=A@*e)pz)w@`z`i5e7kF>)zYtQg78woH6a#>6^pIFw@QQm(@XE|1 zF7PxqON8D&h;+yYrp{9*-g%_vN`%ogV^GY6Y&!qr=1}kXqEMF)q9V+$BU-tnTfS|{ zSi57kMZlK1l329*5w5folqOByo|+f?XErbL8PaN6;|>h+RG3FEN`Niu)6cz zQE4)}nWXSbY;s~UY^h4aqxUNW-2;V|-KrVaxRllQtRJSNlf_9@J7qAwy_B`j9)al7 z1Q9{@jQlgNuqMhQHL~(NE`e~jgHJ`38X;WoHr>5rh4*dK+nhea-?Z^Q0lwpn9e(2T z2QP%Sze=zA)Ohyy(P+MH{mD@FK})H94xMs05bIec*6u=}w7HP4{34xEafWP8lF>L? zItG~(^|2d19~hJPnmhY`L_9F0NzXo%Y_z|vXO3*<7NA=)LRWtFk@#^T&=NKl8w_0e zq0Eepuj}BwCIod;l|AheAwPe(n}Qr5e?6N z41_=8SZI_*sl$;P-ltq6|Isze&TAHrbfq9lCRf$H(5u5LN^yw&}(2 zUqO|q?Ne`@C5gD!)H5v-Bo8zlQZn?G)Gwro0P(=-6Qkmje&+}9CZM4p?X;Mj+{ScV zPUqM4CJlsZvF)nGjCYL$9#wlKrq;wr!2M`Yaenq~Gqy#039d9=-Z%n|^OKOK^rIr)YFOkmqDlI5zo0s)RGA zl$aRyH5LU!DQqKg2>rz^Mz=C9`>L8ziV(E;5Rsnf`VFuJt=~r^oog2FgD#d&l|sNLk{8Tr>Zk2YtJ1- z*%xQU>0B~>+ps*m-{+$^2P|>pc(oKC9I}CBh;_hVdo)|WCs-7uA667 zaYG?ZqkjgbF|6XDqEBhV zCDjJpd-nn<*kcDC-5{TLt=zUcvhYX;_7IBUTAeUpxwzb{i5)Gz@M(ZEo^@ifS@8Oy zF`bz{&|buarX%>5aho>U40+pUu*6y zFQTQeggi|q?x}WQaJ>HD^p}0U?4AX(O6kEeu)U$MAy2r1bd^_Dh$QM20ETZ``2{UH zX;*zJZLuIg?g`>g?4L=H5{`WR{&+g(Y-yJnNj#VeEjm&!x}lW?llPQ20F^A!PW`-h zSH&?o>Kg0r=wX%RCXS@`hWKeq>vchnc0*dXcg3l+UHdQobou9*rsFce?EKT2rsJaK zoF>z~KVCd~uu+dmz$4wRO9zUu^r z5a4@`u1R2~!x@^DCkNbQ9(ay7SJ4vX)xarYKU zjh(^n4VZ)O7bFf2Dtxfmx`FA+|ATXHU?f9HxI@0F@Js%4`-G)5y9SWBRuz z`@!RR`|*j**Li#b4(fs_h&jv5T4yAOIXL?6%XHH@1*ZdxL#dL|}9l=UnIK_ew} zQX2=hR~|T0zzC)El2Ryl%RPpJy!Faft_$mWOof+_oSXS&Gg9b-@g_0i_rpJAAMdx7 z&#keVKdz26uez{2wz|GfdmqIcL^WC!4;1~!FStSeBfij*(Cti=-b*en*f|g~UG^5Q zLxSFgp1*i4l?sYMl&^jXenK0u3;AHWH7Rqll5xGV zpVZxXvTGd1r&lD+dS)m}Y!sK)}WOcNw)F`xftVBU>pGswt@_*~r3lc0_+(;m*kfX>-!?WP>RQoRsoO3fek z-eK7)RKJy(n5feR3`B)?%Uw-T)Sdf7*1q>ko7}Es!WO$PO1gJU&9uz>vpyzVZ%=ia zRS9W@vExv6o0(g8qtw-1!S1+W*8e$uDe)w{>q*|KCW=*qPwv(roiU94bvbu^aeh91 zQH>|g_V1wjVaj~KO=-CWtfkcS9q7yh{q+pv>|{@ljP&VkRTpuj{lorsAc z-N~r(n=Gj@ZxxxHgD(r>p`?ZpwW|tMw=v~wLk=pay7i7RCV_9I8RLLvON8f-*SDMH zQLFLeiE*BlRrqXqRjiLQuo$zo=%i_tq=8^pmlJlLGOO! zOko6^jHqlbX=?FfgsfDRP1m8OKh+3`CE2S>rjB#Ht^|%0pUW}z8*wo+wT$O5KIT*~ zU1RFjGljQSVil|rU9aqdn^zMY+$GpcDu{;nrC|4NbR7q_zJA+u@mJeR>b7po81*i3 zUTvNquBbtKoVCrP&6}BAH|ib}wGRpiI8}n(dq+FhMDpwd)|G7zaTLD73qQ3MvCq7f z5%%S^{|!v9o5O}({i=YtvQ$y=+pnS&X2bgn%akMXuRt6$OgI|_9D+<9eVL~>2wLO0Wv*E!JkGTl-Za1T zjal=F3qp7>r!yj53z9~DAaG|Mrff|@wBQ^!TP82iy?aD%fL^HWM%!Aa=y31)l;Vn1 z=1Om4unSu9eBre+PSUHi4{2Ka#$Yp!Ra>YA)h22D)TP(YC*w5VjBoOzaB4vm__!T0 z5Cp)LqS8{aMtc}gc_C&To0lSu5n-3+v!`#JRN2|1!zB9l**M+hsRvBAz(Cs2=;Eg- z88ce_;~z!q1YJy7UP0f3QVCssNlohJX>+1A*^QEG!jScBvz5GYXlCx~$~ldj(qjh|xh@h2 z&J)k__A6TpiKtIzKCg=w>W#R&WZ7m$L%mM2(icu33dw%{)P$R9|$cPlQ zL0)N+gx(aMQxK}0L-Nrd=t7dcs>gmOlgS~DoJV84FZx@}YZ|8w6txx`NWt7SS(pPN zj{dgoB8G6anxv&4b*NoUV=SRrQ2PvfVYx2+>&a327*lEf$WJ`3B$hzlpkSN?d6$xG z{GNc2uW6#ErfvyEIc0`yKbFUjRn)O8lXF4938I8Sjd?vA@lukb$Wc$+a-=n~&c*D^ z(UrC|Z;4l;0de>@^7ok{>c~XnZ_E0iCHc+$_#%0;=iI7V+)`r08|D+B4#>-` zM(I|54;_V z)c%rsF#v%|f??}I@tRF7cS{?#k~(~e#iaKOAP$J3x?X59-ukSkK)k>{RgnUV6gbCR9;S|$Ef+od_LP-S=H=X+#j8W2>GtZP z%3tb?AfKNbm>H7R(&8&xEZf|8aEFdOlZ=G!*o^1)cukoj(#I=%W%>7%lD(L%;m%F( zqdCW|Wrf%=iJgceLlJXx@O5|TwX`5`^=VN&?maZ=;ouRR-+-utPp6T3>fGAX9Mh*c zI3m<5F_B(RA4>B=>#vVC5UgI`{3HX_R%b8ZMsAqiyw5?F3YCOkg!GY)->W#bqd0SY` zPX=|_`c-QT=KQ$hq-B$cmSSGI@1(Ts>3>7ece_n1&yeTOX{%8q7DWeqIM3tMs2eEE z3kJonKC~lbI)$M_q@+>4&i_o4WTdA=Kt=|9$Tm*kM?wC43>VC9xf*db}Wu4 zx;nBp>j7i?canpf0+?yh;JEW1&J_{buc*NnQR3;$o^4m~>!8%qqM}aAxJ^@J(9GjK z`!b+a1AiUXWF3rhjU(!ggMM^uF+m?ub)pS!n-ZVxc%K)hc=SL)$qf652a;Tc&i1l` zA;a4DYA)KkId`#>3PQnA*4CPC2=1fehM`n$DYL}Pq~ipeq4uRdlEo@!)n8!dL2&xs zO|+*!;O8_kaDshc&qmLAH8reGn^2l(0%3tu@B==}5)sb!f>Q}f9ggh9Nu@If$99m- zWUS_jQIIqM%eP~-X`ejH7$Z;re%`O_!O{ALu#V_He!OZ)0@!kz3;obJ`G%GJi^A-$ zupcIgMMVnEk6#3Y+_f`t@%+QgNRd6e^j2*!_#o{o2wMJufjOns>iql>Dvc!z3X7l` zRzZIKc+~V-`RxuHcfNi|LQKV5*o5x(J%e9_#P# zPa7H%`bHNB8ARKCId8DN=IJA#w@6L6?&FOxGV+_4Xs%@W1yFYF5<2irl=#wg_l4(T z1Nem|%dFcclv}P{^^@q|8EDr#9V=(E8VtGOoOnhKXSO;eg`(zTl$s`TfHbGCU)f3H z$A$cRvG3aTlJ7Btky)X<>)oH`|A*^SyZ-IJ?7DsOpNiYfo7w5H&Yr{wX@& zG|%{@tTqfeR!iUg1MnyPw#(p;i?=xorKqXbSGO~kk4RgzCQE24&lT5Q0Y!0laV_WN zz`!T^w=EDY`OrzoHcoH*kDkq*4d%O(yh1Jdtf=>Ow5kSwH>R{v$H++kn84qcYE^uX z)NyxacFw2En=RQV?P+Ieo90zBrsG7ZxnW`JLe*muZDHMqg!^hg>C)fE#(J_|m`uG= zlFTqIn2P?U)zQ)f+T;TnTzZ7&wy2v$tmy0_Qf+HY2d zZ+(tnrQ6=-u*=)}&mpe31_rXe{yiuUG%kO6+0yYWMTMDo#H2tBi(j|d>eX~}0a1xd z6L9zJV$Bt2L~n0|Mb9%StQu`u!Z#jw$@M2Om2oigsqJRDT>(7_1!nAUZxYkv2?oI4EDdxXlL9D=S}~djNg1@Tr}BH~o#KU0 zzZl#2q90PgrGglp>$vo#_^fMP_V&~cJRFy(piU0P zZKQzYP(AKm18S`o;|}4-5ol(*k_5X-4?bdJ`!CcDx(`aVccZpov0B?xg<*{4l#G?C zEI|`5FE4zU-tsda>WC;$l^CY=^>c*ZCuA5Xyt0dmdF>?6xBQ|O z!eM^%{UmyslDU1&h^!pFZCqFTWMs|O;deS`k~=}a37N#F;G||F7%ckRmWq}VkG1x^ zk-mEOl;_x(s;a1086|BbuR8ZMAZ7Z%8qy2;;)v++s+(yI30avs(i;^Psc2I`u17_ctQ|W%S3` z6d!nCONnd8KtYO*%d8yJR;9RVO<{4%!YD<(WF-V^4~b`K?ym6}OiJ@k_sR6P!_$Mo z+DZ={3X*MuaMn{up-dyWHonCM%XOWpgCM1!)ZlCl%{Q>Utzm0}vUDK*gNo+)7?N&J za!Srn@t87Ag!9c;T~*v9Dfv-Ml#J1wwODPrhm%+y!4l+bChvNV9g3+y0$2<_BqP1P zUj<)yTbBA#vtCIOIek&ndAvy$jt~FzP?PouOYaF|7`CknZ{dqd+kXgKU_|{LWp+hB z5jk}SS;Y_Qe%cwAGKYfidlprNTjo?dmK@~bB)2x45()ap??h2bG)AR%?qyG8E*8I) zbUkXqY@05J_|R%l0oL(KlZtVX7<8!;ntfY#Ev52(J&ZoBBrzoIncgLEaII3*tt9OF96+e#?39I4N}u0X=ak+j_-7b zpl&7dYIpxYJGXYFFax->+}z^xu60rd`psXqAxk488e@}@X+8zvdY(MQzVM{O&7&3F z7Pe9bq4i;X?Ca0LknD4J5+8ws)nIQgU;*#a{wKg}_vL);U#Rwu8BPdU_JB z=lBP9Uq|~lt?;&P?VOIodDO8y&R|{5L~K6>OcWB1MV)#%Hb@3}=CrdFEIRqXzprYS z(4O6G^6ESEW+DN!zd7hkaJiynzh>uUWaL4g77Cwl&uf}M>XLP5W)@~t)|c>--2_Fp zk$2--^<&dy&4%AF%w|kie`-&uqSCjg@c(0&RY5x%z448A5hR~DLauAn4eu`+Y59u77mYmdj^tnS2qDLa|Cai1p=OH*4T-_N8DW^`ifL*H{R z=9hHK%9XrK&bv{d<<^l<;O_3de(CS*^6u^>kX^1!etDlr2qMFwr<*oSuf*8RDlCx5 z{VFERAb?SDcl;&B5oWcjuyG0GYH?Ci;Z~Zl9XT zmbAJ@1l;S(m?5Z!fpW;~+cCgj5||@?b?I!0;C#Qv4z{JpeM-C&CNq!G3W|iHA?Ii# z4P#~P`{5+2W$>-Pr}%;14rUpN7jzyKqcfRG%gph@{Sx0dD}vB&&QgeIXjGh)SP#IJ=D$3(zPpnX7At7;z7%` z1q11f@TbaUuhi64v;URFMUz@1BZImTph05zJ!bdL|GgFzWP;w|c7W}>Nf8t?xi`(? z4U}*RS3%H4@!E9jrjqeJ<^0m}b2dg`(7 zB)q?*=9Iy9_~?Rg_uR%d^I>rl%OgdtNZSd6P*mvd7FNwyjN#`8Ez7#ZgLo$m{5qk$B$O`8YUdIG zTA7qK?uv-xXyY3>L7FSI@up^HoG1B*nCRwzWzv5oQ*-T@zwtri=%CCG(P?1oX3X&x ziCZ1}p@4VdsTe3b_C;%Mb@^D@_mc((>9yzM?BhVTz@cawD}(XI-3m41FQn?GEb-l^ z@T`Rg%rNN8wREXbuO=4@u}ZtlP#Osg)Yfc!-dY+SP~NWBoSY!3s^hTeI z7l*yP_VieLeEchX`4zVkTo^8Jp}w9&`^v1`@NPI%>xw1o#dj*z{f2?u8JBARYl6EW z0p@M1`!Ym$sU9Af2}lD?e;#6`!BD9Sh*9=cLJi?7M@WFiSl|7Rh?4!8Og6LFClu7L zrL`k|0gPY>01w)E`tu18eT-k@3G(YZq)G0%Np|?7&${wGW+((;e*SM-km!LiX$&79Aw=d9!Y5h zzzp-hMbKRjE?)rEbJ?0uG{`B0^-<3Zm=DJcJrxbz!i@Q?9TQf)_c@KSvE@7IN8k!h zO`sr2$_xz1*P$@F=Ysl{tun18S?HFEY*f#THyo^w^u$J?+B;h9iAqPZN zaZ~H8wd-o%9>}PLt!w+KE339pv;6j}HKV67V-qJqX0ZCQmSG0+YaJsOLQlePE0A@` z1u_H9AD60&t6DuscgO)N4>zz0mtHT$4txU>FN6Mr{3&+O^=S}#KDV~og>5Op zrw>Ehk2qnB(PBFg9{^TX$;|9*M_bUST>Qu=U%HBKUo>g*6~PTaAUiDL{RTecKa3C{ z*HvoILr}0dy<--YRQMq|vnU-lTiOAtr`@CVkLc)4``i&F?cM zjP{wkZVZ;83uk)L7?2G8tm2ZA0)xpfqznXsLkUSNTaHp6S8WSlF7vEwzmix-(BWND z9}bMVK3w}6r^mO@bX5Q{^$u_{C0*Lo;>D>MH_TiR#v~S@rM*yvI(0$Yqu|s|l5z$q z%B+rnf^7d0IEGlffmycsRBfk7N8z?(u0N;-#BUg*9xeb`eHHEz6?c1RXmH52s9QsL ziDb;8k-%lJVAw=%;JCt0;!3QuCzH3veu#3NS0N~VW}R-wVmA?>9s;8jxHTnRF?khY zXN_kS7G+oEP{oUm{k<*EF3u)As4)x*3bJr;Zwa3Oy7FYSk`Y=A@qq{*R8lgqCpY4s z0?4BIwJbvA-se~IWee)=sV6yMOSmxVCv3(`?ZrAJ6)kNhMjEq&wJZa$fLQ0OI#o=-Vq3@Q3$wrOo$+Ye|+mbB#SIbteT zr`MPC1$QX=#MD%hFmJ~u6012eSI5j`@6Z9;i-j=RIShiaHOBjV(f}Rjh4<=VvGx~$ zM&^BT)c`|WQ4N~h7yZzNM@v|oyv@gl`&7ICh>#Tm%6~_?9cUTxI|GcV2Y9=HY za(h?iF|FK_LTlCLC%%G;)n{gQ^u*1-t`ozMnxMdfptEeFQI%2w9nDDjhn{V_ANv2D?od;&>^t zs@nMp5Hu!Ob2Lz&7+VGf0b>u7be~+s%!v@}(t?#{*4JxnlN9mu6$Kc>=}@+ySE3{+ zFwi8&nQjfrk^(Vkr}ihjOp&q<$vFn3{ssO;Ci$k^-#2uJk-Z$;_AkRno2XAuHW0Hp z(@u3OsSsD92}-%e)V*{Lr1tHV8azD=q6IP0WzMJJww1GzGxI{Ie(t!9(v*{*!g~Z! z$|f+ahI(`tql~jd;Kmz6dn)Dt*9qtw^Nmnox5&PE z=C&?W;U3pw))wUT5zF0^pw>K|V)Hjj-UXMw-=*yeI9yHk+xSXea_kLs`dSmSqUE%x zn-$D(@Ut&y8@SH?FcGo@jawHU53Mv>!MR+?bG)xF5xn^?D%B^LJ7~#$7anvQX$Gkn z87Zy+OEIJ)p%9*XBPA6qf{x`cELJ*Vq+RnqMi<_zgfyRF06m+=M~A+YOh-B5z^}H3 z*GCmUhuPm;69CpzP`Qz{#DqG3KYtsKADX* z#kzTo#Iv3t@^5d9y17OK5RL80Fzkv7K^J2Z?!Bnd7#L(ixP-!i;5HVzkm&C15o$JP zX}`tY0%|Zl8!M3k84nEG;pY1RFCev3Gr0thmU%XAhjNE>w+4p6elE0+g%v(i%4gxu zdUJj^`{yKkBs>T*1p;w-6zW8`k$${X5IGEm3>s8J>@LO1CU=I+FH3`|d&J&RPEU)L zj-$NmII$4R0;?O!4V~WX&iL^aBnZ=_khVB_Y+7k|vY_58W#s!)_-pPDyg!SpxMu4l zYw55sZE_f3JDS>E;8T9P&_5RmBnf}~FYAaJ;y*Bi_CqI%?@rKX55&v1jdLhsp#r66s#Q|U#!~@M`VIp4N%VK+vk5?02+V!yLAaWC8z_@ zJ;(#=+yiDNa=lK6%{jOy6L2k>JU4v47#2+Q!EBtqh-l?VVUd)sbF=lBQSWa}OQ6FuhCg7>8gG$uUQW+Wc?ih|AUXvFBPOk&eyK$1he666q!``5$ zh?WkC5W67#!8-7|9VVPwYbEd67p-KT0db;rb%o}HEuq@<>;ou4J?vYdVPWhT-g*aQ zs=zJN2>ljpZK~z&HlHfo<4Y%YQZaQif6}<)qk)p*FIC@gbK#NmG<(qSVrtVVw)jVr zB4I6mUm*&dBD2rH=^W5U_nPDt- zn@_T*cKOK4W<0N30mZe&EiWv(HZKHzx{Tj6cVPgMr>7c2QDY+}{^BgRLa2D~4+HM~ z$}>61D>Z-^afk{(w-7HaZ4gLVo-8O3-gFD!DY|!%UC?+KYDZiEfQvRS$?@sgWWXLy zOajMeKtRC3VqBVc?ZwtcpA;#B9cVtS*g)@qZNEI;8iUngKFPx*?!oyxU(e}l$o)1U z7XkvVzZ=c5Q|w*~2SGmFx6gO0!yr!}7zf57nr{Ik2Y4C-WnkEt=jEJaceAI}ZRr#~ ziNYU^pjazeh39mcr0Z}pY>~h~1O75S?EPf}SH1^6Y_>hKk%th}OW1M1g*E|+q96|8 zTpIQ)?ff}Dao?^7^!4#cILR@#wC~^>9Jv0v)iye{k}Zh_o{|{_A^1wlI77pyTd z`cI5=c0tcNA0*<_1|GmrcBXN8ZvBN9Bmo>I5kReVygwe>mUTrjQ53Z?=ZWi$<}6q!xf#+dX5W@;5};SAcUm*&-ZRI2Q9N-zjl15 z*(QnjqjYPHP)V_Y9je{tb3>kNlh}TY6i1DFAmW{$9B%$!-CgHjQ(3oWuu#-NMFc^x z1(2@NhCU+$8mjajL3A{EkS*FW&)}ecjX;gQ2NzTjFwN=Od*4!CH*C7iMSRMmnl^1d= zI5PK+3*1Gz#?5?gZf^X&<=c@=Ysq|L(OhHEy!?E53`Sx_xCd}F=dGUKe#GX6r8|(PL>tp=O;>6 z6o~=%FEF4ZnLWTvbrab7;W9Egc)ZB5$1GxBTZM`G6PP?Ixour~`eS~48g?iL2m;8v zW)z6HR+W7T)753+`RoMySJ!2OQlTcBzjU+i>&vc3k9-7%c~r_3g9~4~!v6*vSoehm zp;drejf;8wFgUGz(q3Tys(>^oX->S}>;u^tyPKEfQik8hmRMAr`r0#Le!#!5lACQ` zeKCv#(%t;$cz)uc{Y*z^iKGToy~;l~nND9~Zs|-MABX*yyPo)B)(PBK_jSXa?+C*S zw7w;M{=cp^7z?ADX2wpamgOFdXn=zGCKD5<=iXj`f)8;5sPiawke##uo{# zj-SnmpIuatW(=n){rts?t##_ZaA^hjtFtUc3 zl9IK4-!SnKYiv@8=x`L^{o0y;{bA0-3-bsM|cx zLPLjWr{2Z>wsrV01iJJ1v8aTIsk@$D`*NDi7%#`uQ%m%3{G5MR#-ve$t*p<-+gF4) zS~1;2R!*X)V-m5A_<+T5=6AQ2&nHZc3HSw}M!M9$O4;8RVS)Dhcw-A#-m^BS zEQwIMeCuXhrK2tuYwTutMcOFtRLrmao{Wd#H#F~BBDYo3u_hiSFn7K79i5)e&w50g zW5-^!PWg5$_!fae@M&qs#o)xXIRvmpgnY9%=A9oI)maxYQZV85N8Q~os;dEQMOCg# zybjS&8(xH=BJ1qGzb6u$`UjPjYT5cXYEi zE?1*Ac*hfO{UxBby}R2Gx~w=oBVMB6r(c?Ewb)VaW|4=ksj(gyFz%qxgls}xgRIxB zMpDTW%l-)|DcOCrrgn>paPHIpG~!?9GSL%1HAniE=9+-Sq0`qY0b9DPqH0NOtihOj zP0^f0iUUvci@J#UV)2DyQb`53WINU^P0^6t)zaTT^7 z=8}@mq!Ij~NC)(kK|bgYp|tfcyNNPNd;?~-wie#?_~|+qto!@j+Q8FeflFmJPTdUk zHESmS@f{X7(bk@!5sy05@$-v|3j-uQ6w<-s`CxSb0j!&5s?{-2oT+vGv*keAeb!eC zvn#aooP|1_;nZ91?lI#bE5`uCj^HSP=xvtBTLQrhq~#F`#ifX`>MY!2aJRtE%Gtso z!iiMBZguGKav0V*d29O*sBouhDfkj;v!3N>b!0G&&=r>h;^hu8hqz&eAy9T*oqOJ{t`=)o`O*gRB0Vuy zV8xmD4F6tvv@I`PlNA&Z2$F!|OqJ$bs;~vU_)zpDTvsprT>WdwM9zCC4nFSFf5M%1 zd_mVMO?BJW{P`rhqWsaYfmu-;t*Lt_ZzhnJ=d9L;j>i!TiouJII6EaIEJ}f>fC51K zCVF40?#%!0MFJhA9Nf*uS88RI!|ziCTEYmV9)pOyK9fMA`qf<;OOX^25SP<6QY|&J zk~c#GDU>wZc5=FV*En5(ejWLW=Xi{!eRutlBVSCcYE52EJFw9`;MAM1iG5q=FZ`UA z5}ytJ=QMd*D-Mi{Ycp#uBUn{ML?;^`3v-BxiRnFnK;+$|6~;|gZuxOHU)4Zzw;>K= z34hL>MqYK}Px&6;HWUC|h-q;NN}#K|TPqGbd==`5mD<%_lD^Ej@*vp#l6{i$V5SJ&AI@33~vc6(c$A9kR&Aj zXIlJ^3#9xmlUH#$V?6^D5E5MNli!B7t*!v90x~=<8D+uEuK#^h~7}3@5wr zD}`Lgx)m+h5jd9sBr$5XtE3lSC2~N#g;A)aSm$I<{3jA=)YCSz_Xz~;NO4>s(X*tn zrJ+Bk?<`Q46@v#dIL3o-0H!3nmP^oO_aQ1{jo%6INsDVAc&sieDn60B?;G2b;bJYo z*A(ePxH_)!0r())+Yr#W9F`TM@fw?%=mCkmMdALGJV6IBsD!&^QI)~p32pBdt zsJom%z~ouF<3<#muI=?>*>cTRwWSjb2o{R8Y5i^|vOK!Ion0&LPTs6Fb(TWxwEm5r zt0Dz?0zw$4571MCD=Sq2&*tFNX8dGp)()nv+p`Y-o+GLww~=K{Fcr`Z=z7%cijjwF zk#sh%AXupjypZ!@vrZLCW0h1LpTi6rAvrX!1}8>%r8X=&p4LGz3KG zE_|#g7<}cmqRz>wH#EE1-InJp>ezfb?SWms{dc36$&`<|#XJ^FZ3qM%0v)iD6Mmxa zH|UXgiYl%|3h>4E4;mMpR~wh`zkly$m;Mun^flMaXKc|i(eT^%my}wBDTtaYsn+J^ zWtZn&c$%{sN+3SIw4WGy`r1H&|6P-N8*EhadDOWAjxVWj+u&f0mYDS3hKXLIv?|xB z!%mCWE#784daDC9WK3j;cW5bwA`s2!fzKa)=M;w(6cL6LR^siZnkc&PAY~c9U2l-a z`^id#kWd2uQK5c=IIYO%g3$QMvR!%)BRd7hmnb{GzqxR)rVaXS>TG2vt42d7p4>`F zrhElta7!8*bGX_Mp59(nekpeVw$~Uv-w_ z>1yH&Rj9%s){S=T=shDxJZi)sA7BBE#?gv(leMnR3ojZnwk(Gc=KKoE&Zj5-YZ`Oe zo5t)%u)I_`;UED%K7B=BZ*Lv@sVU3&v|3mC5l2TCvz;Gp@Vn9C9ewBu^6FZO$4$*I zy$e83@TP4=KY;^H;mc+XfExA2OQb-xo_Azgdu4IL51(&eAu1ToZqc@0s0C%fNu#%n zyq*KpU+s(n07HC58KTX=OAGzSh6RH|O-+%Iwn`ncr|`ExrpmF?t9THKI<^$jp6>$ti(0t`r^Q1 z609f?gJFLv)IX$_fnEDCfJo$y=Hug-9hR4$qWhjfOi%pqD$&im`imtJ!`LF)p6tdM zYcIS$OM0#yx;>#1psdf}oLE6rQJYkT*FOoUxKev_!^PNdTr3y2YSBmaQA5{D09nS# z(A%Sn2^0X7;>u55t+wciPN`x9)JSG^vP-U10p)$q3ov{x&musvEs!FKVzi_gf}?g{ zOtsr^Mc`1}95%D^SD-}6D4ZDt9n%jmFRp*Nz=%;ZnsGp?w)M!-?*_5Ck97i*SXWvz zVVRLCnFv$aF85WzsY}g|&u)L*v94XCj%61Y1O0G1gtE>)uX?2M%IdIKMC!y6K6G2! zIsenMHa6koLH8J{CJBiOUJz# R_{V~;36Awy;V5w)K-Iw=W>ZvFL)5o%>oNXsY! zi=c0TrsEZWB2*yD02YT-5n2cpcJL2Ua- z=+dZr{%)F$N>9*kXXjD=QJh(55JP1%2nIEzXWu9nPvPEQP~EFz*&HDAkG!U$g6UrL zKkf}6I=Ac4-E=_g;(~Pr!TXxoi2jdN^MPGmZ3e+Mm>mBwIo@c=khj(^Y_F!1>Ob!e zP~=ZmFYbO26%$}VNx@t;#(((8KLVddQSPJ`H?FjPzSnnrX)I7euU0OhB+-tCt%@Cj zHn9qfxSshe$0>Q}K5ZDcC=VJ!u!)jd3p#uQM(*kC>_rw9;;V>N=e7R@H-#Xpj+mA< zJcWqyx1tSt@Dl=zo^txuj(M*Of21y^(bx|%>ks5^d@@Vqiun}+B@(3-11GZ<$2@EX zcO0D@oX3VQLi>RAQ6IAUY-@{UhM9O3pe6fAfZ#TFJ9#P(W93ACg7q81_a_My^EpQj7g&P>O*tz#uZv-(M*W z0w`|?*C}V0*452LDFtj5$E0r?2Jak5PCKGyh0FybYRui$v)kk4w+;@_i^bOkw8CD! z0{|u`uN}7?lFk{W+eBVLdk4Q6KIc;ydixg83_$v}9OFsbk=?iJt~}u|HBa;OkTs1y zdJ}v|^f>F~lg}=nO72Zp+umT=9M7MNO#M_-%CAtY9}}`?vOK+X0;mrcXYqS`p@IBb z#ql?yCVwkW#JJ4!653FMLC4Az++M zg;Y(9;+_yvv8=OBmDZMU0Pg`>ve)-o`T(R0P)MZ#udnXJh=B zN-$_-2W^a@0*4n0HmPSmRtHuOP6?I09zf)5&Z|a6X8PkSaUDCDDfTZbm9^OB&9h7N zbAXFzYfP!$!0wl~SpguQ8-juJfCnyM@jHSH)aq&z-ACecUP@t6Ny}6cUFpFXNV~W* zx#MSIYnI~a?%ak52!=tIuRJiY`?O1L1O$@>?pD#`!E{Ux+-=-AsTYk9`tj1V+*xn&0q@r(U_shFops3ImM?4hL zV$)Bt9yB(9A@4U=R?3if-<3UZ*NX{RktzkOkczN7-$7VI;oZ(|O}F;2{DG~qw2R8w zH}7gmS5(A7(tE_}dvF)mWaZ=}^^0L$A^c7jNC5F%(V7n0o&=kA_QUZp zI~xpDVry%GXh(_Iy5^9Y5^uw%ipq8wk@~OBU z3ei=jFe)mnkNe5fc(uecz;^1W)Y%NGOPI>fcaq^td*$4$q~mmO8+u?;4XHcrP;*o5 z64tGwT-*YQz9*A6KQF%TG~BDxgcHy>!lqBKZg8<~n2pxeiES(OOnXX*Y=}YE9^ujN z+MuDYl?A4ir|aUnx;naEK^(RldcbgKmmk{P--)~TsW4l1?r;5wd-s@LeiM=O*A4I^ z0vwD>kEQJ$x6fg9zs9it{d6N~1&}PNRc2)|p9u&0OWdX^>)lXfF?_a&MT27s$=`Z7H~jHG`d z%;ESF-Q;EZjSG9<-apjNFt_*%HNl^M_CC7ZS`HFjl}cpods_Ei3`1+=M$f>aMZP6BR+Q{USWOYxWPM^T%|w3CtF7mmri r3Czs@I(`=YH>)iZ(|^sa$KaUxb%%-boLK+f7oZw?zm{CT{pf!HF7pc5 literal 0 HcmV?d00001 From bd77b434fe067ddf8285579631ba98b0bfe8cdbd Mon Sep 17 00:00:00 2001 From: Drugoy Date: Sun, 6 Jan 2019 00:04:03 +0300 Subject: [PATCH 033/361] Remove bad, breaky advice `yum remove docker-selinux` and `yum remove docker-engine-selinux` result into a prompt to remove `container-selinux` package, which, in turn, is a dependency for `docker-ce`, which results into a prompt to remove it as well. --- install/linux/docker-ce/centos.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/install/linux/docker-ce/centos.md b/install/linux/docker-ce/centos.md index aacf1d203f..023f3dc180 100644 --- a/install/linux/docker-ce/centos.md +++ b/install/linux/docker-ce/centos.md @@ -49,8 +49,6 @@ $ sudo yum remove docker \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ - docker-selinux \ - docker-engine-selinux \ docker-engine ``` From d5b35366de6eae9e2996703281352f8aa79a1486 Mon Sep 17 00:00:00 2001 From: Brett Randall Date: Tue, 4 Sep 2018 19:35:27 +1000 Subject: [PATCH 034/361] Updated Kubernetes Stable channel version support, retired Edge channel notes/versions. Signed-off-by: Brett Randall --- _includes/kubernetes-mac-win.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/_includes/kubernetes-mac-win.md b/_includes/kubernetes-mac-win.md index 90f420dd37..8b11235eb3 100644 --- a/_includes/kubernetes-mac-win.md +++ b/_includes/kubernetes-mac-win.md @@ -12,11 +12,11 @@ Usage: {% include kubernetes-mac-win.md platform="mac" %} {% if platform == "mac" %} {% assign product = "Docker for Mac" %} - {% capture min-version %}{{ product }} **17.12 CE Edge**{% endcapture %} + {% capture min-version %}{{ product }} 18.06.0-ce-mac70 CE{% endcapture %} {% capture version-caveat %} - Kubernetes is available in {{ min-version }} and higher, and **18.06 Stable** and higher - {% endcapture%} + **Kubernetes is only available in {{ min-version }} and higher. + {% endcapture %} {% capture local-kubectl-warning %} > If you independently installed the Kubernetes CLI, `kubectl`, make sure that @@ -31,10 +31,10 @@ Usage: {% include kubernetes-mac-win.md platform="mac" %} {% elsif platform == "windows" %} {% assign product = "Docker for Windows" %} - {% capture min-version %}{{ product }} **18.02 CE Edge**{% endcapture %} + {% capture min-version %}{{ product }} 18.06.0-ce-win70 CE{% endcapture %} {% capture version-caveat %} - Kubernetes is available in {{ min-version }} and higher, and **18.06 Stable** and higher + **Kubernetes is only available in {{ min-version }} and higher. {% endcapture %} {% capture local-kubectl-warning %} @@ -45,7 +45,9 @@ Usage: {% include kubernetes-mac-win.md platform="mac" %} {% endif %} -{{ version-caveat }}, this includes a standalone Kubernetes server and client, +{{ version-caveat }} + +{{ min-version }} includes a standalone Kubernetes server and client, as well as Docker CLI integration. The Kubernetes server runs locally within your Docker instance, is not configurable, and is a single-node cluster. From 58beec2d765ef61c686154181d2435504a36026a Mon Sep 17 00:00:00 2001 From: Brett Randall Date: Fri, 6 Jul 2018 00:14:10 -0400 Subject: [PATCH 035/361] Included httpsProxy key/value in sample client config.json. Signed-off-by: Brett Randall --- network/proxy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/network/proxy.md b/network/proxy.md index 1b4468bcb0..c07cf093ca 100644 --- a/network/proxy.md +++ b/network/proxy.md @@ -36,6 +36,7 @@ configure it in different ways: "default": { "httpProxy": "http://127.0.0.1:3001", + "httpsProxy": "http://127.0.0.1:3001", "noProxy": "*.test.example.com,.example2.com" } } From 6a1f9f919327c164ea9704511f16d6bd427d9a80 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 8 Jan 2019 14:42:05 -0500 Subject: [PATCH 036/361] 404 registry API --- registry/deploying.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/registry/deploying.md b/registry/deploying.md index 740adac2ad..4e8fe13bf4 100644 --- a/registry/deploying.md +++ b/registry/deploying.md @@ -562,6 +562,6 @@ More specific and advanced information is available in the following sections: - [Configuration reference](configuration.md) - [Working with notifications](notifications.md) - [Advanced "recipes"](recipes/index.md) - - [Registry API](spec/api.md) + - [Registry API](/registry/spec/api.md) - [Storage driver model](storage-drivers/index.md) - [Token authentication](spec/auth/token.md) From 5f84894ee4dd0a81aa42cf527f092cfb5f23b732 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 8 Jan 2019 11:55:36 +0100 Subject: [PATCH 037/361] Add containerd 1.2.2 update to Engine 18.09.1 release notes Signed-off-by: Sebastiaan van Stijn --- engine/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index decdb8caf0..31d35d354a 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -32,7 +32,7 @@ consistency and compatibility reasons. ### Improvements for Docker Engine EE and CE * Updated to BuildKit 0.3.3 [docker/engine#122](https://github.com/docker/engine/pull/122) -* Updated to containerd 1.2.1-rc.0 [docker/engine#121](https://github.com/docker/engine/pull/121) +* Updated to containerd 1.2.2 [docker/engine#144](https://github.com/docker/engine/pull/144) * Provide additional warnings for use of deprecated legacy overlay and devicemapper storage drivers [docker/engine#85](https://github.com/docker/engine/pull/85) * prune: perform image pruning before build cache pruning [docker/cli#1532](https://github.com/docker/cli/pull/1532) * Added bash completion for experimental CLI commands (manifest) [docker/cli#1542](https://github.com/docker/cli/pull/1542) From 297b0d7359cadb8fad23f2bbf059cada3388c3a1 Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Wed, 9 Jan 2019 13:04:05 -0500 Subject: [PATCH 038/361] Update release-notes.md --- engine/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index decdb8caf0..31d35d354a 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -32,7 +32,7 @@ consistency and compatibility reasons. ### Improvements for Docker Engine EE and CE * Updated to BuildKit 0.3.3 [docker/engine#122](https://github.com/docker/engine/pull/122) -* Updated to containerd 1.2.1-rc.0 [docker/engine#121](https://github.com/docker/engine/pull/121) +* Updated to containerd 1.2.2 [docker/engine#144](https://github.com/docker/engine/pull/144) * Provide additional warnings for use of deprecated legacy overlay and devicemapper storage drivers [docker/engine#85](https://github.com/docker/engine/pull/85) * prune: perform image pruning before build cache pruning [docker/cli#1532](https://github.com/docker/cli/pull/1532) * Added bash completion for experimental CLI commands (manifest) [docker/cli#1542](https://github.com/docker/cli/pull/1542) From ad1fea20e2b0e86175d9a3ae228f242de00e3f7e Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Wed, 9 Jan 2019 10:10:10 -0800 Subject: [PATCH 039/361] Update sample image table links and overview --- samples/index.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/samples/index.md b/samples/index.md index 736ac99850..e61e83be3a 100644 --- a/samples/index.md +++ b/samples/index.md @@ -25,14 +25,11 @@ repository]({{ labsbase }}). ## Library references -These docs are imported from -[the official Docker Library docs](https://github.com/docker-library/docs/), -and help you use some of the most popular software that has been -"Dockerized" into Docker images. +The following table provides a list of popular official Docker images. For detailed documentation, select the specific image name. | Image name | Description | | ---------- | ----------- | -{% for page in site.samples %}| [{{ page.title }}]({{ page.url }}) | {{ page.description | strip }} | +{% for page in site.samples %}| [{{ page.title }}](https://hub.docker.com/_/{{ page.title }}) | {{ page.description | strip }} | {% endfor %} ## Sample applications From aeb3c1e9bb46d16c7b4f7f5b43a37e9c8c368479 Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Wed, 9 Jan 2019 16:44:14 -0500 Subject: [PATCH 040/361] Update release-notes.md Fixed XX --- engine/release-notes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index 31d35d354a..a6ac3c2595 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -171,7 +171,7 @@ In this release, Docker has also removed support for TLS < 1.2 [moby/moby#37660] Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254), and Debian 8 "Jessie" [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254). ### 18.03.ee-5 -2019-XX-XX +2019-01-09 ### Security fixes * Upgraded Go language to 1.10.6 to resolve CVE-2018-16873, CVE-2018-16874, and CVE-2018-16875. @@ -184,7 +184,7 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d * Mask proxy credentials from URL when displayed in system info (docker/escalation#879) ### 17.06.2-ee-18 -2019-XX-XX +2019-01-09 ### Security fixes * Upgraded Go language to 1.10.6 to resolve CVE-2018-16873, CVE-2018-16874, and CVE-2018-16875. From 538ad91d021074224242378b2b26e25f2a3dac75 Mon Sep 17 00:00:00 2001 From: ollypom Date: Thu, 10 Jan 2019 13:39:39 +0000 Subject: [PATCH 041/361] Updated Azure Json Permissions Signed-off-by: ollypom --- ee/ucp/admin/install/install-on-azure.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ee/ucp/admin/install/install-on-azure.md b/ee/ucp/admin/install/install-on-azure.md index eefa0a4531..809965a77c 100644 --- a/ee/ucp/admin/install/install-on-azure.md +++ b/ee/ucp/admin/install/install-on-azure.md @@ -50,8 +50,9 @@ in the format `Orchestrator=Kubernetes:x.y.z`. This value may change in each UCP release. To find the relevant version please see the UCP [Release Notes](../../release-notes). For example for UCP 3.1.0 the tag would be `Orchestrator=Kubernetes:1.11.2`. -- The Azure Computer Name needs to match the Node Operating System's Hostname. -Note this applies to the FQDN of the host including domain names. +- The Azure Virtual Machine Object Name needs to match the Azure Virtual Machine +Computer Name and the Node Operating System's Hostname. Note this applies to the +FQDN of the host including domain names. - An Azure Service Principal with `Contributor` access to the Azure Resource Group hosting the UCP Nodes. Note, if using a separate networking Resource Group the same Service Principal will need `Network Contributor` access to this @@ -68,8 +69,9 @@ objects are being deployed. ### Azure Configuration File -For Docker UCP to integrate into Microsoft Azure, you need to place an Azure configuration file -within each UCP node in your cluster, at `/etc/kubernetes/azure.json`. +For Docker UCP to integrate into Microsoft Azure, you need to place an Azure +configuration file within each UCP node in your cluster, at +`/etc/kubernetes/azure.json`. The `azure.json` file needs 0644 permissions. See the template below. Note entries that do not contain `****` should not be changed. From 387d1a14f7380593781995a85e2076b99ed55b9f Mon Sep 17 00:00:00 2001 From: L-Hudson <44844738+L-Hudson@users.noreply.github.com> Date: Thu, 10 Jan 2019 11:45:35 -0500 Subject: [PATCH 042/361] Update index.md Editorial crx --- compose/compose-file/index.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/compose/compose-file/index.md b/compose/compose-file/index.md index 91875fe4c9..574dba6404 100644 --- a/compose/compose-file/index.md +++ b/compose/compose-file/index.md @@ -222,7 +222,7 @@ When the value supplied is a relative path, it is interpreted as relative to the location of the Compose file. This directory is also the build context that is sent to the Docker daemon. -Compose builds and tags it with a generated name, and use that image +Compose builds and tags it with a generated name, and uses that image thereafter. build: @@ -296,7 +296,7 @@ A list of images that the engine uses for cache resolution. Add metadata to the resulting image using [Docker labels](/engine/userguide/labels-custom-metadata.md). You can use either an array or a dictionary. -It's recommended that you use reverse-DNS notation to prevent your labels from conflicting with +We recommend that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software. build: @@ -490,14 +490,14 @@ an error. ### credential_spec -> **Note:** this option was added in v3.3 +> **Note:** this option was added in v3.3. Configure the credential spec for managed service account. This option is only used for services using Windows containers. The `credential_spec` must be in the format `file://` or `registry://`. When using `file:`, the referenced file must be present in the `CredentialSpecs` -subdirectory in the docker data directory, which defaults to `C:\ProgramData\Docker\` +subdirectory in the Docker data directory, which defaults to `C:\ProgramData\Docker\` on Windows. The following example loads the credential spec from a file named `C:\ProgramData\Docker\CredentialSpecs\my-credential-spec.json`: @@ -585,7 +585,7 @@ Specify a service discovery method for external clients connecting to a swarm. > **[Version 3.3](compose-versioning.md#version-3) only.** * `endpoint_mode: vip` - Docker assigns the service a virtual IP (VIP) -that acts as the “front end” for clients to reach the service on a +that acts as the front end for clients to reach the service on a network. Docker routes requests between the client and available worker nodes for the service, without client knowledge of how many nodes are participating in the service or their IP addresses or ports. From 75befc151c8f404a859038adde755755bdf39388 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 11 Jan 2019 10:43:30 +0100 Subject: [PATCH 043/361] Remove "Cloud stack file reference" from navigation The content was already removed, and a SEO redirect is present, so we can remove this one from the navigation Signed-off-by: Sebastiaan van Stijn --- _data/toc.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/_data/toc.yaml b/_data/toc.yaml index dc4b8c23da..06cbfbebae 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -528,9 +528,6 @@ reference: - title: Compose file reference path: /compose/compose-file/ nosync: true - - title: Cloud stack file reference - path: /docker-cloud/apps/stack-yaml-reference/ - nosync: true - sectiontitle: Command-Line Interfaces (CLIs) section: From 61156cf3a2d0661b7e92ddf20d46c6e9a0974f0e Mon Sep 17 00:00:00 2001 From: William Triplett Date: Fri, 11 Jan 2019 07:15:50 -0500 Subject: [PATCH 044/361] Update Mac OS dependency from El Capitan to Sierra The link referenced at the top takes the user to a download page claiming Mac OS Sierra 10.12 is required. --- docker-for-mac/install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-for-mac/install.md b/docker-for-mac/install.md index 984d434f27..1814ebc7f9 100644 --- a/docker-for-mac/install.md +++ b/docker-for-mac/install.md @@ -35,7 +35,7 @@ for Docker for Mac, and how the two products can coexist. Unrestricted Mode. You can check to see if your machine has this support by running the following command in a terminal: `sysctl kern.hv_support` - - macOS El Capitan 10.11 and newer macOS releases are supported. We recommend + - macOS Sierra 10.12 and newer macOS releases are supported. We recommend upgrading to the latest version of macOS. - At least 4GB of RAM From babcb17b453c58a0bf6e8954ff9a10b112024589 Mon Sep 17 00:00:00 2001 From: Jenkins-pr-release-docs Date: Fri, 11 Jan 2019 13:56:06 +0000 Subject: [PATCH 045/361] Docker for mac edge relnotes 2.0.1.0 Signed-off-by: Jenkins-pr-release-docs --- docker-for-mac/edge-release-notes.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/docker-for-mac/edge-release-notes.md b/docker-for-mac/edge-release-notes.md index 38c298a28a..4ca895ad25 100644 --- a/docker-for-mac/edge-release-notes.md +++ b/docker-for-mac/edge-release-notes.md @@ -18,6 +18,26 @@ for Mac](install.md#download-docker-for-mac). ## Edge Releases of 2018 +### Docker Community Edition 2.0.1.0 2019-01-11 + +[Download](https://download.docker.com/mac/edge/30090/Docker.dmg) + +* Upgrades + - [Docker 18.09.1](https://github.com/docker/docker-ce/releases/tag/v18.09.1) + - [Kubernetes 1.13.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md#v1130) + - [Kitematic 0.17.6](https://github.com/docker/kitematic/releases/tag/v0.17.6) + - Golang 1.10.6, fixes CVEs: [CVE-2018-16875](https://www.cvedetails.com/cve/CVE-2018-16875), [CVE-2018-16873](https://www.cvedetails.com/cve/CVE-2018-16873) and [CVE-2018-16874](https://www.cvedetails.com/cve/CVE-2018-16874) + + WARNING: If you have an existing Kubernetes cluster created with Docker Desktop, this upgrade will reset the cluster. If you need to back up your Kubernetes cluster or persistent volumes you can use [Ark](https://github.com/heptio/ark). + +* Bug fixes and minor changes + - Fix service log collection in diagnostics + - Gather /etc/hosts to help diagnostics + - Ensure localhost resolves to 127.0.0.1. Related to [docker/for-mac#2990](https://github.com/docker/for-mac/issues/2990#issuecomment-443097942), [docker/for-mac#3383](https://github.com/docker/for-mac/issues/3383) + - Add 18.09 missing daemon options + - Rename Docker for Mac to Docker Desktop + - Partially open services ports if possible. [docker/for-mac#3438](https://github.com/docker/for-mac/issues/3438) + ### Docker Community Edition 2.0.0.0-mac82 2018-12-07 [Download](https://download.docker.com/mac/edge/29268/Docker.dmg) From 397c7da3a43dc4f11a8249bd76fc91576ab0300d Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 09:46:58 -0500 Subject: [PATCH 046/361] Update install.md --- docker-for-windows/install.md | 36 +++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/docker-for-windows/install.md b/docker-for-windows/install.md index cf612c569b..a2ec97114f 100644 --- a/docker-for-windows/install.md +++ b/docker-for-windows/install.md @@ -1,12 +1,12 @@ --- -description: How to install Docker for Windows +description: How to install Docker Desktop for Windows keywords: windows, beta, edge, alpha, install, download -title: Install Docker for Windows +title: Install Docker Desktop for Windows --- -Docker for Windows is the [Community Edition +Docker Desktop for Windows is the [Community Edition (CE)](https://www.docker.com/community-edition) of Docker for Microsoft Windows. -To download Docker for Windows, head to Docker Hub. +To download Docker Desktop for Windows, head to Docker Hub. [Download from Docker Hub](https://hub.docker.com/editions/community/docker-ce-desktop-windows){: @@ -14,8 +14,8 @@ Hub](https://hub.docker.com/editions/community/docker-ce-desktop-windows){: ## What to know before you install -* **README FIRST for Docker Toolbox and Docker Machine users**: Docker for - Windows requires Microsoft Hyper-V to run. The Docker for Windows installer +* **README FIRST for Docker Toolbox and Docker Machine users**: Docker Desktop for + Windows requires Microsoft Hyper-V to run. The Docker Desktop for Windows installer enables Hyper-V for you, if needed, and restarts your machine. After Hyper-V is enabled, VirtualBox no longer works, but any VirtualBox VM images remain. VirtualBox VMs created with `docker-machine` (including the `default` one @@ -33,20 +33,20 @@ Hub](https://hub.docker.com/editions/community/docker-ce-desktop-windows){: - CPU SLAT-capable feature. - At least 4GB of RAM. -> **Note**: If your system does not meet the requirements to run Docker for +> **Note**: If your system does not meet the requirements to run Docker Desktop for > Windows, you can install [Docker Toolbox](/toolbox/overview.md), which uses > Oracle Virtual Box instead of Hyper-V. -* **What the Docker for Windows install includes**: The installation provides +* **What the Docker Desktop for Windows install includes**: The installation provides [Docker Engine](/engine/userguide/), Docker CLI client, [Docker Compose](/compose/overview.md), [Docker Machine](/machine/overview.md), and [Kitematic](/kitematic/userguide.md). -* Containers and images created with Docker for Windows are shared between all +* Containers and images created with Docker Desktop for Windows are shared between all user accounts on machines where it is installed. This is because all Windows accounts use the same VM to build and run containers. -* Nested virtualization scenarios, such as running Docker for Windows on a +* Nested virtualization scenarios, such as running Docker Desktop for Windows on a VMWare or Parallels instance might work, but there are no guarantees. For - more information, see [Running Docker for Windows in nested virtualization + more information, see [Running Docker Desktop for Windows in nested virtualization scenarios](troubleshoot.md#running-docker-for-windows-in-nested-virtualization-scenarios) ### About Windows containers @@ -55,7 +55,7 @@ Looking for information on using Windows containers? * [Switch between Windows and Linux containers](https://docs.docker.com/docker-for-windows/#switch-between-windows-and-linux-containers) - describes the Linux / Windows containers toggle in Docker for Windows and + describes the Linux / Windows containers toggle in Docker Desktop for Windows and points you to the tutorial mentioned above. * [Getting Started with Windows Containers (Lab)](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md) @@ -65,9 +65,9 @@ Looking for information on using Windows containers? * Docker Container Platform for Windows Server 2016 [articles and blog posts](https://www.docker.com/microsoft/) on the Docker website -## Install Docker for Windows desktop app +## Install Docker Desktop for Windows desktop app -1. Double-click **Docker for Windows Installer.exe** to run the installer. +1. Double-click **Docker Desktop for Windows Installer.exe** to run the installer. If you haven't already downloaded the installer (`Docker for Windows Installer.exe`), you can get it from @@ -84,10 +84,10 @@ Looking for information on using Windows containers? 3. Click **Finish** on the setup complete dialog to launch Docker. -## Start Docker for Windows +## Start Docker Desktop for Windows Docker does not start automatically after installation. To start it, search for -Docker, select **Docker for Windows** in the search results, and click it (or +Docker, select **Docker Desktop for Windows** in the search results, and click it (or hit Enter). ![search for Docker app](images/docker-app-search.png){:width="400px"} @@ -109,11 +109,11 @@ suggested next steps, and a link to this documentation. When initialization is complete, select **About Docker** from the Notifications area icon to verify that you have the latest version. -Congratulations! You are up and running with Docker for Windows. +Congratulations! You are up and running with Docker Desktop for Windows. ## Where to go next -* [Getting started](index.md) introduces Docker for Windows. +* [Getting started](index.md) introduces Docker Desktop for Windows. * [Get started with Docker](/get-started/) is a tutorial that teaches you how to deploy a multi-service stack. * [Troubleshooting](troubleshoot.md) describes common problems, workarounds, and From f36feeaadc1b92f0ea5cb3a7803a1fb9f9cbe35a Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 09:56:44 -0500 Subject: [PATCH 047/361] Update faqs.md --- docker-for-windows/faqs.md | 76 +++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/docker-for-windows/faqs.md b/docker-for-windows/faqs.md index a391b5712e..997752e827 100644 --- a/docker-for-windows/faqs.md +++ b/docker-for-windows/faqs.md @@ -4,26 +4,26 @@ keywords: windows faqs title: Frequently asked questions (FAQ) --- -**Looking for popular FAQs on Docker for Windows?** Check out the +**Looking for popular FAQs on Docker Desktop for Windows?** Check out the [Docker Success Center](http://success.docker.com/){: target="_blank" class="_"} for knowledge base articles, FAQs, technical support for subscription levels, and more. ### Questions about Stable and Edge channels -#### How do I get the Stable or Edge version of Docker for Windows? +#### How do I get the Stable or Edge version of Docker Desktop for Windows? Use the download links for the channels given in the topic -[Download Docker for Windows](install#download-docker-for-windows). +[Download Docker Desktop for Windows](install#download-docker-for-windows). This topic also has more information about the two channels. -#### What is the difference between the Stable and Edge versions of Docker for Windows? +#### What is the difference between the Stable and Edge versions of Docker Desktop for Windows? -Two different download channels are available for Docker for Windows: +Two different download channels are available for Docker Desktop for Windows: * The **Stable channel** provides a general availability release-ready installer for a fully baked and tested, more reliable app. The Stable version of Docker - for Windows comes with the latest released version of Docker Engine. The + Desktop for Windows comes with the latest released version of Docker Engine. The release schedule is synced with Docker Engine releases and hotfixes. On the Stable channel, you can select whether to send usage statistics and other data. @@ -35,7 +35,7 @@ Two different download channels are available for Docker for Windows: Stable, often one or more per month. Usage statistics and crash reports are sent by default. You do not have the option to disable this on the Edge channel. -#### Can I switch back and forth between Stable and Edge versions of Docker for Windows? +#### Can I switch back and forth between Stable and Edge versions of Docker Desktop for Windows? Yes, you can switch between versions to try out the Edge release to see what's new, then go back to Stable for other work. However, **you can have only one app @@ -43,7 +43,7 @@ installed at a time**. Switching back and forth between Stable and Edge apps can destabilize your development environment, particularly in cases where you switch from a newer (Edge) channel to older (Stable). -For example, containers created with a newer Edge version of Docker for Windows +For example, containers created with a newer Edge version of Docker Desktop for Windows may not work after you switch back to Stable because they may have been created leveraging Edge features that aren't in Stable yet. Just keep this in mind as you create and work with Edge containers, perhaps in the spirit of a playground @@ -88,12 +88,12 @@ You can find the list of frequent issues in [Logs and Troubleshooting](troubleshoot). If you do not find a solution in Troubleshooting, browse issues on -[Docker for Windows issues on GitHub](https://github.com/docker/for-win/issues){: target="_blank" class="_"} +[Docker Desktop for Windows issues on GitHub](https://github.com/docker/for-win/issues){: target="_blank" class="_"} or create a new one. You can also create new issues based on diagnostics. To -learn more about running diagnostics and about Docker for Windows GitHub issues, +learn more about running diagnostics and about Docker Desktop for Windows GitHub issues, see [Diagnose and Feedback](/docker-for-windows#diagnose--feedback). -[Docker for Windows forum](https://forums.docker.com/c/docker-for-windows){: target="_blank" class="_"} +[Docker Desktop for Windows forum](https://forums.docker.com/c/docker-for-windows){: target="_blank" class="_"} provides discussion threads as well, and you can create discussion topics there, but we recommend using the GitHub issues over the forums for better tracking and response. @@ -120,13 +120,13 @@ ID is mentioned in a GitHub issue). Docker Inc. will only use the data in the diagnostics bundle to investigate specific user issues, but may derive high level (non personal) metrics such as the rate of issues from it. -### Can I use Docker for Windows with new swarm mode? +### Can I use Docker Desktop for Windows with new swarm mode? -Yes! You can use Docker for Windows to test single-node features of +Yes! You can use Docker Desktop for Windows to test single-node features of [swarm mode](/engine/swarm/) introduced with Docker Engine 1.12, including initializing a swarm with a single node, creating services, and scaling services. Docker “Moby” on Hyper-V serves as the single swarm node. You can also -use Docker Machine, which comes with Docker for Windows, to create and +use Docker Machine, which comes with Docker Desktop for Windows, to create and experiment with a multi-node swarm. Check out the tutorial at [Get started with swarm mode](/engine/swarm/swarm-tutorial/). @@ -134,21 +134,21 @@ experiment with a multi-node swarm. Check out the tutorial at You might need to provide the location of the Engine API for Docker clients and development tools. -On Docker for Windows, clients can connect to the Docker Engine through a +On Docker Desktop for Windows, clients can connect to the Docker Engine through a **named pipe**: `npipe:////./pipe/docker_engine`, or **TCP socket** at this URL: `tcp://localhost:2375`. This sets `DOCKER_HOST` and `DOCKER_CERT_PATH` environment variables to the given values (for the named pipe or TCP socket, whichever you use). -See also [Docker Engine API](/engine/api) and the Docker for Windows forums +See also [Docker Engine API](/engine/api) and the Docker Desktop for Windows forums topic [How to find the remote API](https://forums.docker.com/t/how-to-find-the-remote-api/20988){: target="_blank" class="_"}. ### Volumes #### Can I change permissions on shared volumes for container-specific deployment requirements? -No, at this point, Docker for Windows does not enable you to control (`chmod`) +No, at this point, Docker Desktop for Windows does not enable you to control (`chmod`) the Unix-style permissions on [shared volumes](/docker-for-windows#shared-drives) for deployed containers, but rather sets permissions to a default value of [0777](http://permissions-calculator.org/decode/0777/){: target="_blank" class="_"} @@ -167,7 +167,7 @@ in [Troubleshooting](troubleshoot). #### Are symlinks supported? -Docker for Windows supports symbolic links (symlinks) created within containers. +Docker Desktop for Windows supports symbolic links (symlinks) created within containers. Symlinks resolve within and across containers. Symlinks created outside of Docker do not work. @@ -176,7 +176,7 @@ To learn more about the reasons for this limitation, see the following discussio * GitHub issue: [Symlinks don't work as expected](https://github.com/docker/for-win/issues/109#issuecomment-251307391){: target="_blank" class="_"} -* Docker for Windows forums topic: +* Docker Desktop for Windows forums topic: [Symlinks on shared volumes not supported](https://forums.docker.com/t/symlinks-on-shared-volumes-not-supported/9288){: target="_blank" class="_"} @@ -184,15 +184,15 @@ To learn more about the reasons for this limitation, see the following discussio #### How do I add custom CA certificates? -Starting with Docker for Windows 1.12.1, 2016-09-16 (Stable) and Beta 26 +Starting with Docker Desktop for Windows 1.12.1, 2016-09-16 (Stable) and Beta 26 (2016-09-14 1.12.1-beta26), all trusted Certificate Authorities (CA) (root or intermediate) are supported. Docker recognizes certs stored under Trust Root Certification Authorities or Intermediate Certification Authorities. -Docker for Windows creates a certificate bundle of all user-trusted CAs based on +Docker Desktop for Windows creates a certificate bundle of all user-trusted CAs based on the Windows certificate store, and appends it to Moby trusted certificates. So if an enterprise SSL certificate is trusted by the user on the host, it is -trusted by Docker for Windows. +trusted by Docker Desktop for Windows. To learn more about how to install a CA root certificate for the registry, see [Verify repository client with certificates](/engine/security/certificates) @@ -200,20 +200,20 @@ in the Docker Engine topics. #### How do I add client certificates? -Starting with Docker for Windows 17.06.0-ce, you do not need to push your +Starting with Docker Desktop for Windows 17.06.0-ce, you do not need to push your certificates with `git` commands anymore. You can put your client certificates in `~/.docker/certs.d/:/client.cert` and `~/.docker/certs.d/:/client.key`. -When the Docker for Windows application starts up, it copies the +When the Docker Desktop for Windows application starts up, it copies the `~/.docker/certs.d` folder on your Windows system to the `/etc/docker/certs.d` -directory on Moby (the Docker for Windows virtual machine running on Hyper-V). +directory on Moby (the Docker fDesktop or Windows virtual machine running on Hyper-V). -You need to restart Docker for Windows after making any changes to the keychain +You need to restart Docker Desktop for Windows after making any changes to the keychain or to the `~/.docker/certs.d` directory in order for the changes to take effect. The registry cannot be listed as an _insecure registry_ (see -[Docker Daemon](/docker-for-windows#daemon)). Docker for Windows ignores +[Docker Daemon](/docker-for-windows#daemon)). Docker Desktop for Windows ignores certificates listed under insecure registries, and does not send client certificates. Commands like `docker run` that attempt to pull from the registry produce error messages on the command line, as well as on the registry. @@ -222,7 +222,7 @@ To learn more about how to set the client TLS certificate for verification, see [Verify repository client with certificates](/engine/security/certificates) in the Docker Engine topics. -### Why does Docker for Windows sometimes lose network connectivity, causing `push` or `pull` commands to fail? +### Why does Docker Desktop for Windows sometimes lose network connectivity, causing `push` or `pull` commands to fail? Networking is not yet fully stable across network changes and system sleep cycles. Exit and start Docker to restore connectivity. @@ -235,15 +235,15 @@ Hyper-V is enabled on Windows. ### Can I share local drives and filesystem with my Docker Machine VMs? No, you cannot share local drives with Docker Machine nodes when using Docker -for Windows with Hyper-V. Shared drives can be made available to containers, but -Docker for Windows does not support mounts for nodes you created with +Desktop for Windows with Hyper-V. Shared drives can be made available to containers, but +Docker Desktop for Windows does not support mounts for nodes you created with `docker-machine`. -For more about sharing local drives with containers using Docker for Windows, +For more about sharing local drives with containers using Docker Desktop for Windows, see [Shared drives](/docker-for-windows#shared-drives) in the Getting Started topic. -To learn more about using Docker for Windows and Docker Machine, see +To learn more about using Docker Desktop for Windows and Docker Machine, see [What to know before you install](install#what-to-know-before-you-install) in the Getting Started topic. For more about Docker Machine itself, see [What is Docker Machine?](/machine/overview#what-is-docker-machine), and the @@ -251,7 +251,7 @@ Getting Started topic. For more about Docker Machine itself, see ### Windows Requirements -#### How do I run Windows containers on Docker on Windows Server 2016? +#### How do I run Windows containers on Docker Desktop on Windows Server 2016? See [About Windows containers and Windows Server 2016](/install/windows/docker-ee/#about-docker-ee-containers-and-windows-server). @@ -260,26 +260,26 @@ A full tutorial is available in [docker/labs](https://github.com/docker/labs){: #### Why is Windows 10 Home not supported? -Docker for Windows requires the Hyper-V Windows feature which is not +Docker Desktop for Windows requires the Hyper-V Windows feature which is not available on Home-edition. #### Why is Windows 10 required? -Docker for Windows uses Windows Hyper-V. While older Windows versions have +Docker Desktop for Windows uses Windows Hyper-V. While older Windows versions have Hyper-V, their Hyper-V implementations lack features critical for Docker for Windows to work. -#### Why does Docker for Windows fail to start when firewalls or anti-virus software is installed? +#### Why does Docker Desktop for Windows fail to start when firewalls or anti-virus software is installed? Some firewalls and anti-virus software might be incompatible with Hyper-V and some Windows 10 builds (possibly, the Anniversary Update), which impacts Docker -for Windows. See details and workarounds in +Desktop for Windows. See details and workarounds in [Docker fails to start when firewall or anti-virus software is installed](troubleshoot#docker-fails-to-start-when-firewall-or-anti-virus-software-is-installed) in [Troubleshooting](troubleshoot). ### How do I uninstall Docker Toolbox? -You might decide that you do not need Toolbox now that you have Docker for +You might decide that you do not need Toolbox now that you have Docker Desktop for Windows, and want to uninstall it. For details on how to perform a clean uninstall of Toolbox on Windows, see [How to uninstall Toolbox](/toolbox/toolbox_install_windows#how-to-uninstall-toolbox) in the Toolbox Windows topics. From 219ff06eb3f22a3f8135be4fc0cc32fc1b0d54a2 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 09:59:14 -0500 Subject: [PATCH 048/361] Update docker-toolbox.md --- docker-for-windows/docker-toolbox.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-for-windows/docker-toolbox.md b/docker-for-windows/docker-toolbox.md index 989ccd9c5a..7e8db8d637 100644 --- a/docker-for-windows/docker-toolbox.md +++ b/docker-for-windows/docker-toolbox.md @@ -1,24 +1,24 @@ --- -description: Docker for Windows and Docker Toolbox +description: Docker Desktop for Windows and Docker Toolbox keywords: windows, alpha, beta, toolbox, docker-machine, tutorial title: Migrate Docker Toolbox --- This page explains how to migrate your Docker Toolbox disk image, or images if -you have them, to Docker for Windows. +you have them, to Docker Desktop for Windows. -In version 18.01.0 and higher, the Docker for Windows installer no longer +In version 18.01.0 and higher, the Docker Desktop for Windows installer no longer prompts users to migrate from Docker Toolbox--you must do so manually. -## How to migrate Docker Toolbox disk images to Docker for Windows +## How to migrate Docker Toolbox disk images to Docker Desktop for Windows > **Warning**: Migrating disk images from Docker Toolbox _clobbers_ Docker > images if they exist. The migration process replaces the entire VM with your > previous Docker Toolbox data. 1. Install [qemu](https://www.qemu.org/){: target="_blank" class="_"} (a machine emulator): [https://cloudbase.it/downloads/qemu-img-win-x64-2_3_0.zip](https://cloudbase.it/downloads/qemu-img-win-x64-2_3_0.zip). -2. Install [Docker for Windows](install/){: target="_blank" class="_"}. -3. Stop Docker for Windows, if running. +2. Install [Docker Desktop for Windows](install/){: target="_blank" class="_"}. +3. Stop Docker Desktop for Windows, if running. 4. Move your current Docker VM disk to a safe location: ```shell @@ -31,7 +31,7 @@ prompts users to migrate from Docker Toolbox--you must do so manually. qemu-img.exe convert 'C:\Users\\.docker\machine\machines\default\disk.vmdk' -O vhdx -o subformat=dynamic -p 'C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks\MobyLinuxVM.vhdx' ``` -6. Restart Docker for Windows (with your converted disk). +6. Restart Docker Desktop for Windows (with your converted disk). ## How to uninstall Docker Toolbox From 9a2ae6b9c3fe916752f686d4f56d87f776a90145 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 10:05:41 -0500 Subject: [PATCH 049/361] Update index.md --- docker-for-windows/index.md | 48 ++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/docker-for-windows/index.md b/docker-for-windows/index.md index 06341b846d..f765621b93 100644 --- a/docker-for-windows/index.md +++ b/docker-for-windows/index.md @@ -13,12 +13,12 @@ redirect_from: title: Get started with Docker for Windows --- -Welcome to Docker for Windows! +Welcome to Docker Desktop for Windows! Docker is a full development platform for creating containerized apps, and -Docker for Windows is the best way to get started with Docker _on Windows_. +Docker Desktop for Windows is the best way to get started with Docker _on Windows_. -> See [Install Docker for Windows](install.md){: target="_blank" class="_"} for information on system requirements and stable & edge channels. +> See [Install Docker Desktop for Windows](install.md){: target="_blank" class="_"} for information on system requirements and stable & edge channels. ## Test your installation @@ -178,19 +178,19 @@ running something more complex, such as an OS and a webserver. ## Docker Settings dialog -The **Docker for Windows menu** is a popup by which you can configure your +The **Docker Desktop for Windows menu** is a popup by which you can configure your Docker settings -- installation, updates, version channels, Docker Hub login, and more. This section explains the configuration options accessible from the **Settings** dialog. -1. Open the Docker for Windows menu by right-clicking the Docker icon in the Notifications area (or System tray): +1. Open the Docker Desktop for Windows menu by right-clicking the Docker icon in the Notifications area (or System tray): ![Showing hidden apps in the taskbar](images/whale-icon-systray-hidden.png){:width="250px"} 2. Select **Settings...** to open the Settings dialog: - ![Docker for Windows popup menu](images/docker-menu-settings.png){:width="400px"} + ![Docker Desktop for Windows popup menu](images/docker-menu-settings.png){:width="400px"} ### General @@ -198,23 +198,23 @@ On the **General** tab of the Settings dialog, you can configure when to start a ![Settings](images/settings-general.png){:width="600px"} -* **Start Docker when you log in** - Automatically start the Docker for Windows +* **Start Docker when you log in** - Automatically start the Docker Desktop for Windows application upon Windows system login. -* **Automatically check for updates** - By default, Docker for Windows +* **Automatically check for updates** - By default, Docker Desktop for Windows automatically checks for updates and notifies you when an update is available. Click **OK** to accept and install updates (or cancel to keep the current version). You can manually update by choosing **Check for Updates** from the main Docker menu. -* **Send usage statistics** - By default, Docker for Windows sends diagnostics, +* **Send usage statistics** - By default, Docker Desktop for Windows sends diagnostics, crash reports, and usage data. This information helps Docker improve and troubleshoot the application. Uncheck to opt out. Docker may also sometimes prompt you for more information. ### Shared drives -Share your local drives (volumes) with Docker for Windows, so that they are +Share your local drives (volumes) with Docker Desktop for Windows, so that they are available to your [Linux containers](#switch-between-windows-and-linux-containers). ![Shared drives](images/settings-shared-drives.png){:width="600px"} @@ -240,7 +240,7 @@ credentials so that you don't need to enter them every time. There are a number of issues with using host-mounted volumes and network paths for database files. See [Volume mounts from host paths use a nobrl option to override database locking](troubleshoot.md#volume-mounts-from-host-paths-use-a-nobrl-option-to-override-database-locking). > - * Docker for Windows sets permissions to read/write/execute for users, groups and others [0777 or a+rwx](http://permissions-calculator.org/decode/0777/). + * Docker Desktop for Windows sets permissions to read/write/execute for users, groups and others [0777 or a+rwx](http://permissions-calculator.org/decode/0777/). This is not configurable. See [Permissions errors on data directories for shared volumes](troubleshoot.md#permissions-errors-on-data-directories-for-shared-volumes). > * Ensure the domain user has access to shared drives, as described in [Verify domain user has permissions for shared drives](troubleshoot.md#verify-domain-user-has-permissions-for-shared-drives-volumes). @@ -292,7 +292,7 @@ The Linux VM restarts after changing the settings on the Advanced tab. This take ### Network -You can configure Docker for Windows networking to work on a virtual private network (VPN). +You can configure Docker Desktop for Windows networking to work on a virtual private network (VPN). ![Network settings](images/settings-network.png){:width="600px"} @@ -300,7 +300,7 @@ You can configure Docker for Windows networking to work on a virtual private net * **DNS Server** - You can configure the DNS server to use dynamic or static IP addressing. -> **Note**: Some users reported problems connecting to Docker Hub on Docker for +> **Note**: Some users reported problems connecting to Docker Hub on Docker Desktop for > Windows stable version. This would manifest as an error when trying to run > `docker` commands that pull images from Docker Hub that are not already > downloaded, such as a first time run of `docker run hello-world`. If you @@ -312,7 +312,7 @@ Updating these settings requires a reconfiguration and reboot of the Linux VM. ### Proxies -Docker for Windows lets you configure HTTP/HTTPS Proxy Settings and +Docker Desktop for Windows lets you configure HTTP/HTTPS Proxy Settings and automatically propagates these to Docker and to your containers. For example, if you set your proxy settings to `http://proxy.example.com`, Docker uses this proxy when pulling containers. @@ -350,7 +350,7 @@ configure the more common daemon options with interactive settings (and also JSO #### Experimental mode -Both Docker for Windows Stable and Edge releases have the experimental version +Both Docker Desktop for Windows Stable and Edge releases have the experimental version of Docker Engine enabled, described in the [Docker Experimental Features README](https://github.com/docker/cli/blob/master/experimental/README.md) on GitHub. @@ -361,7 +361,7 @@ others may be modified or pulled from subsequent Edge releases, and never released on Stable. On both Edge and Stable releases, you can toggle **experimental mode** on and -off. If you toggle it off, Docker for Windows uses the current generally +off. If you toggle it off, Docker Desktop for Windows uses the current generally available release of Docker Engine. Run `docker version` to see if you are in Experimental mode. Experimental mode @@ -424,13 +424,13 @@ For a full list of options on the Docker daemon, see [daemon](/engine/reference/ ### Kubernetes -[Kubernetes on Docker for Windows](/docker-for-windows/kubernetes/){: target="_blank" class="_"} +[Kubernetes on Docker Desktop for Windows](/docker-for-windows/kubernetes/){: target="_blank" class="_"} is available in [18.02 Edge (win50)](/docker-for-windows/edge-release-notes/#docker-community-edition-18020-ce-rc1-win50-2018-01-26){: target="_blank" class="_"} and higher, and in [18.06 Stable (win70)](/docker-for-windows/edge-release-notes/#docker-community-edition-18060-ce-win70-2018-07-25) and higher. ![Enable Kubernetes](images/settings-kubernetes.png){:width="600px"} -From Docker for Windows 18.02 CE Edge and 18.06 CE Stable a standalone Kubernetes server is included that runs on your Windows host, so that you can test deploying your +From Docker Desktop for Windows 18.02 CE Edge and 18.06 CE Stable a standalone Kubernetes server is included that runs on your Windows host, so that you can test deploying your Docker workloads on Kubernetes. The Kubernetes client command, `kubectl`, is included and configured to connect @@ -443,7 +443,7 @@ to change context so that `kubectl` is pointing to `docker-for-desktop`: > kubectl config use-context docker-for-desktop ``` -You can also change it through the Docker for Windows menu: +You can also change it through the Docker Desktop for Windows menu: ![Change Kubernetes Context](images/docker-menu-context-switch.png){:width="600px"} @@ -467,7 +467,7 @@ experience conflicts, remove it. The Kubernetes containers are stopped and removed, and the `/usr/local/bin/kubectl` command is removed. - For more about using the Kubernetes integration with Docker for Windows, + For more about using the Kubernetes integration with Docker Desktop for Windows, see [Deploy on Kubernetes](kubernetes.md). ### Reset @@ -485,15 +485,15 @@ On the Reset tab, you can restart Docker or reset its configuration. Visit our [Logs and Troubleshooting](troubleshoot.md) guide for more details. -Log on to our [Docker for Windows forum](https://forums.docker.com/c/docker-for-windows) to get help from the community, review current user topics, or join a discussion. +Log on to our [Docker Desktop for Windows forum](https://forums.docker.com/c/docker-for-windows) to get help from the community, review current user topics, or join a discussion. -Log on to [Docker for Windows issues on GitHub](https://github.com/docker/for-win/issues) to report bugs or problems and review community reported issues. +Log on to [Docker Desktop for Windows issues on GitHub](https://github.com/docker/for-win/issues) to report bugs or problems and review community reported issues. To give feedback on the documentation or update it yourself, use the Feedback options at the bottom of each docs page. ## Switch between Windows and Linux containers -From the Docker for Windows menu, you can toggle which daemon (Linux or Windows) +From the Docker Desktop for Windows menu, you can toggle which daemon (Linux or Windows) the Docker CLI talks to. Select **Switch to Windows containers** to use Windows containers, or select **Switch to Linux containers** to use Linux containers (the default). @@ -543,7 +543,7 @@ in the FAQs. ## Docker Hub -Select **Sign in /Create Docker ID** from the Docker for Windows menu to access your [Docker Hub](https://hub.docker.com/){: target="_blank" clas="_" } account. Once logged in, you can access your Docker Hub repositories directly from the Docker for Windows menu. +Select **Sign in /Create Docker ID** from the Docker Desktop for Windows menu to access your [Docker Hub](https://hub.docker.com/){: target="_blank" clas="_" } account. Once logged in, you can access your Docker Hub repositories directly from the Docker Desktop for Windows menu. See these [Docker Hub topics](/docker-hub/index.md){: target="_blank" class="_" } to learn more: From e872839aba4ffbf67d5bdbb60541dbfca68e68f7 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 10:11:49 -0500 Subject: [PATCH 050/361] Update troubleshoot.md --- docker-for-windows/troubleshoot.md | 68 +++++++++++++++--------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/docker-for-windows/troubleshoot.md b/docker-for-windows/troubleshoot.md index 05cd015e02..b390290cf6 100644 --- a/docker-for-windows/troubleshoot.md +++ b/docker-for-windows/troubleshoot.md @@ -8,12 +8,12 @@ title: Logs and troubleshooting --- Here is information about how to diagnose and troubleshoot problems, send logs -and communicate with the Docker for Windows team, use our forums and Knowledge +and communicate with the Docker Desktop for Windows team, use our forums and Knowledge Hub, browse and log issues on GitHub, and find workarounds for known problems. ## Docker Knowledge Hub -**Looking for help with Docker for Windows?** Check out the [Docker Knowledge +**Looking for help with Docker Desktop for Windows?** Check out the [Docker Knowledge Hub](http://success.docker.com/q) for knowledge base articles, FAQs, and technical support for various subscription levels. @@ -22,7 +22,7 @@ technical support for various subscription levels. ### In-app diagnostics If you encounter problems for which you do not find solutions in this -documentation, on [Docker for Windows issues on +documentation, on [Docker Desktop for Windows issues on GitHub](https://github.com/docker/for-win/issues), or the [Docker for Win forum](https://forums.docker.com/c/docker-for-windows), we can help you troubleshoot the log data. @@ -41,7 +41,7 @@ Desktop](https://docs.docker.com/docker-for-mac/faqs/#how-is-personal-data-handl ![Diagnose & Feedback with ID](images/diagnostic-id.png){:width="600px"} -If you click on **Report an issue**, this opens [Docker for Windows issues on +If you click on **Report an issue**, this opens [Docker Desktop for Windows issues on GitHub](https://github.com/docker/for-win/issues/) in your web browser in a "create new issue" template, to be completed before submision. Do not forget to include your diagnostic ID. @@ -51,7 +51,7 @@ include your diagnostic ID. ### Diagnosing from the terminal On occasions it is useful to run the diagnostics yourself, for instance if -Docker for Windows cannot start. +Docker Desktop for Windows cannot start. First locate the `com.docker.diagnose`, that should be in `C:\Program Files\Docker\Docker\resources\com.docker.diagnose.exe`. @@ -74,7 +74,7 @@ Diagnostics ID: CD6CF862-9CBD-4007-9C2F-5FBE0572BBC2/20180720152545 (uploade ### Make sure certificates are set up correctly -Docker for Windows ignores certificates listed under insecure registries, and +Docker Desktop for Windows ignores certificates listed under insecure registries, and does not send client certificates to them. Commands like `docker run` that attempt to pull from the registry produces error messages on the command line, like this: @@ -99,7 +99,7 @@ Getting Started topic. #### Permissions errors on data directories for shared volumes -Docker for Windows sets permissions on [shared volumes](index.md#shared-drives) +Docker Desktop for Windows sets permissions on [shared volumes](index.md#shared-drives) to a default value of [0777](http://permissions-calculator.org/decode/0777/) (`read`, `write`, `execute` permissions for `user` and for `group`). @@ -109,7 +109,7 @@ volume defaults at container runtime, you need to either use non-host-mounted volumes or find a way to make the applications work with the default file permissions. -Docker for Windows currrently implements host-mounted volumes based on the +Docker Desktop for Windows currrently implements host-mounted volumes based on the [Microsoft SMB protocol](https://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx), which does not support fine-grained, `chmod` control over these permissions. @@ -123,7 +123,7 @@ drives](https://github.com/docker/docker.github.io/issues/3298). #### inotify on shared drives does not work -Currently, `inotify` does not work on Docker for Windows. This becomes evident, +Currently, `inotify` does not work on Docker Desktop for Windows. This becomes evident, for example, when an application needs to read/write to a container across a mounted drive. Instead of relying on filesystem inotify, we recommend using polling features for your framework or programming language. @@ -133,7 +133,7 @@ polling features for your framework or programming language. polling mode described here: [nodemon isn't restarting node applications](https://github.com/remy/nodemon#application-isnt-restarting) -* **Docker for Windows issue on GitHub** - See the issue [Inotify on shared +* **Docker Desktop for Windows issue on GitHub** - See the issue [Inotify on shared drives does not work](https://github.com/docker/for-win/issues/56#issuecomment-242135705) @@ -214,7 +214,7 @@ container](https://github.com/docker/for-win/issues/25). #### Volume mounts from host paths use a `nobrl` option to override database locking You may encounter problems using volume mounts on the host, depending on the -database software and which options are enabled. Docker for Windows uses +database software and which options are enabled. Docker Desktop for Windows uses [SMB/CIFS protocols](https://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx) to mount host paths, and mounts them with the `nobrl` option, which prevents @@ -239,7 +239,7 @@ Compose file documentation. #### Local security policies can block shared drives and cause login errors -You need permissions to mount shared drives to use the Docker for Windows +You need permissions to mount shared drives to use the Docker Desktop for Windows [shared drives](index.md#shared-drives) feature. If local policy prevents this, you get errors when you attempt to enable shared @@ -286,7 +286,7 @@ script](https://github.com/moby/moby/issues/24388). ### Virtualization -In order for Docker for Windows to function properly your machine needs: +In order for Docker Desktop for Windows to function properly your machine needs: 1. [Hyper-V](https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/hyper-v-technology-overview) installed and working @@ -297,14 +297,14 @@ In order for Docker for Windows to function properly your machine needs: #### Hyper-V -Docker for Windows requires a Hyper-V as well as the Hyper-V Module for Windows -Powershell to be installed and enabled. The Docker for Windows installer enables +Docker Desktop for Windows requires a Hyper-V as well as the Hyper-V Module for Windows +Powershell to be installed and enabled. The Docker Desktop for Windows installer enables it for you. See [these instructions](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_install) to install Hyper-V manually. A reboot is *required*. If you install Hyper-V -without the reboot, Docker for Windows does not work correctly. On some systems, +without the reboot, Docker Desktop for Windows does not work correctly. On some systems, Virtualization needs to be enabled in the BIOS. The steps to do so are Vendor specific, but typically the BIOS option is called `Virtualization Technology (VTx)` or similar. @@ -317,11 +317,11 @@ In the subequent screen, verify Hyper-V is enabled and has a checkmark: #### Hyper-V driver for Docker Machine -Docker for Windows comes with the legacy tool Docker Machine which uses the old +Docker Desktop for Windows comes with the legacy tool Docker Machine which uses the old [`boot2docker.iso`](https://github.com/boot2docker/boot2docker){: target="_blank" class="_"}, and the [Microsoft Hyper-V driver](/machine/drivers/hyper-v.md) to create local virtual machines. _This is -tangential to using Docker for Windows_, but if you want to use Docker Machine +tangential to using Docker Desktop for Windows_, but if you want to use Docker Machine to create multiple local VMs, or to provision remote machines, see the [Docker Machine](/machine/index.md) topics. We mention this here only in case someone is looking for information about Docker Machine on Windows, which requires that @@ -337,16 +337,16 @@ Performance tab on the Task Manager: ![Task Manager](images/virtualization-enabled.png){:width="700px"} If, at some point, if you manually uninstall Hyper-V or disable virtualization, -Docker for Windows cannot start. See: [Unable to run Docker for Windows on +Docker Desktop for Windows cannot start. See: [Unable to run Docker for Windows on Windows 10 Enterprise](https://github.com/docker/for-win/issues/74). -### Networking and WiFi problems upon Docker for Windows install +### Networking and WiFi problems upon Docker Desktop for Windows install Some users have encountered networking issues during install and startup of -Docker for Windows. For example, upon install or auto-reboot, network adapters +Docker Desktop for Windows. For example, upon install or auto-reboot, network adapters and/or WiFi gets disabled. In some scenarios, problems are due to having VirtualBox or its network adapters still installed, but in other scenarios this -is not the case. (See also, Docker for Windows issue on GitHub: [Enabling +is not the case. (See also, Docker Desktop for Windows issue on GitHub: [Enabling Hyper-V feature turns my wi-fi off](https://github.com/docker/for-win/issues/139).) @@ -392,7 +392,7 @@ A full tutorial is available in [docker/labs](https://github.com/docker/labs) at Containers](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md). You can install a native Windows binary which allows you to develop and run -Windows containers without Docker for Windows. However, if you install Docker +Windows containers without Docker Desktop for Windows. However, if you install Docker this way, you cannot develop or run Linux containers. If you try to run a Linux container on the native Docker daemon, an error occurs: @@ -404,7 +404,7 @@ C:\Program Files\Docker\docker.exe: ### Limitations of Windows containers for `localhost` and published ports -Docker for Windows provides the option to switch Windows and Linux containers. +Docker Desktop for Windows provides the option to switch Windows and Linux containers. If you are using Windows containers, keep in mind that there are some limitations with regard to networking due to the current implementation of Windows NAT (WinNAT). These limitations may potentially resolve as the Windows @@ -459,7 +459,7 @@ Now you can connect to the webserver by using `http://172.17.0.2:80` (or simply For more information, see: -* Docker for Windows issue on GitHub: [Port binding does not work for +* Docker Desktop for Windows issue on GitHub: [Port binding does not work for locahost](https://github.com/docker/for-win/issues/458) * [Published Ports on Windows Containers Don't Do @@ -469,16 +469,16 @@ For more information, see: limitations](https://blogs.technet.microsoft.com/virtualization/2016/05/25/windows-nat-winnat-capabilities-and-limitations/) -### Running Docker for Windows in nested virtualization scenarios +### Running Docker Desktop for Windows in nested virtualization scenarios -Docker for Windows can run inside a Windows 10 virtual machine (VM) running on +Docker Desktop for Windows can run inside a Windows 10 virtual machine (VM) running on apps like Parallels or VMware Fusion on a Mac provided that the VM is properly configured. However, problems and intermittent failures may still occur due to the way these apps virtualize the hardware. For these reasons, _**Docker for Windows is not supported for nested virtualization scenarios**_. It might work in some cases, and not in others. -The better solution is to run Docker for Windows natively on a Windows system +The better solution is to run Docker Desktop for Windows natively on a Windows system (to work with Windows or Linux containers), or Docker for Mac on Mac to work with Linux containers. @@ -548,14 +548,14 @@ We are currently investigating this issue. ### NAT/IP configuration -By default, Docker for Windows uses an internal network prefix of +By default, Docker Desktop for Windows uses an internal network prefix of `10.0.75.0/24`. Should this clash with your normal network setup, you can change the prefix from the **Settings** menu. See the [Network](index.md#network) topic under [Settings](index.md#docker-settings). ## Workarounds -### `inotify` currently does not work on Docker for Windows +### `inotify` currently does not work on Docker Desktop for Windows If you are using `Node.js` with `nodemon`, a temporary workaround is to try the fallback polling mode described here: [nodemon isn't restarting node @@ -576,10 +576,10 @@ consult the shell's documentation. ### Make sure Docker is running for webserver examples -For the `hello-world-nginx` example and others, Docker for Windows must be +For the `hello-world-nginx` example and others, Docker Desktop for Windows must be running to get to the webserver on `http://localhost/`. Make sure that the Docker whale is showing in the menu bar, and that you run the Docker commands in -a shell that is connected to the Docker for Windows Engine (not Engine from +a shell that is connected to the Docker Desktop for Windows Engine (not Engine from Toolbox). Otherwise, you might start the webserver container but get a "web page not available" error when you go to `docker`. @@ -601,7 +601,7 @@ docker app. **Some firewalls and anti-virus software might be incompatible with Microsoft **Windows 10 builds**, such as Windows 10 Anniversary Update. The conflict typically occurs after a Windows update or new install of the firewall, and -manifests as an error response from the Docker daemon and a **Docker for Windows +manifests as an error response from the Docker daemon and a **Docker Desktop for Windows start failure**. The Comodo Firewall was one example of this problem, but users report that software has since been updated to work with these Windows 10 builds. @@ -610,7 +610,7 @@ See the Comodo forums topics [Comodo Firewall conflict with Hyper-V](https://forums.comodo.com/bug-reports-cis/comodo-firewall-began-conflict-with-hyperv-t116351.0.html) and [Windows 10 Anniversary build doesn't allow Comodo drivers to be installed](https://forums.comodo.com/install-setup-configuration-help-cis/windows-10-aniversary-build-doesnt-allow-comodo-drivers-to-be-installed-t116322.0.html). -A Docker for Windows user-created issue describes the problem specifically as it +A Docker Desktop for Windows user-created issue describes the problem specifically as it relates to Docker: [Docker fails to start on Windows 10](https://github.com/docker/for-win/issues/27). From 7bef7e51da86975158dc984277b5117e15326c20 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 10:16:55 -0500 Subject: [PATCH 051/361] Update get-started.md --- machine/get-started.md | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/machine/get-started.md b/machine/get-started.md index 847669b477..9177a9bf1c 100644 --- a/machine/get-started.md +++ b/machine/get-started.md @@ -9,17 +9,17 @@ Docker host inside of a local virtual machine. ## Prerequisite Information -With the advent of [Docker for Mac](/docker-for-mac/index.md) and [Docker for +With the advent of [Docker Desktop for Mac](/docker-for-mac/index.md) and [Docker Desktop for Windows](/docker-for-windows/index.md) as replacements for [Docker Toolbox](/toolbox/overview.md), we recommend that you use these for your primary Docker workflows. You can use these applications to run Docker natively on your -local system without using Docker Machine at all. (See [Docker for Mac vs. +local system without using Docker Machine at all. (See [Docker Desktop for Mac vs. Docker Toolbox](/docker-for-mac/docker-toolbox.md) for an explanation on the Mac side.) For now, however, if you want to create _multiple_ local machines, you still need Docker Machine to create and manage machines for multi-node -experimentation. Both Docker for Mac and Docker for Windows include the newest +experimentation. Both Docker Desktop for Mac and Docker Desktop for Windows include the newest version of Docker Machine, so when you install either of these, you get `docker-machine`. @@ -27,13 +27,13 @@ The new solutions come with their own native virtualization solutions rather than Oracle VirtualBox, so keep the following considerations in mind when using Machine to create local VMs. -* **Docker for Mac** - You can use `docker-machine create` with the `virtualbox` driver to create additional local machines. +* **Docker Desktop for Mac** - You can use `docker-machine create` with the `virtualbox` driver to create additional local machines. -* **Docker for Windows** - You can use `docker-machine create` with the `hyperv` driver to create additional local machines. +* **Docker Desktop for Windows** - You can use `docker-machine create` with the `hyperv` driver to create additional local machines. -#### If you are using Docker for Windows +#### If you are using Docker Desktop for Windows -Docker for Windows uses [Microsoft +Docker Desktop for Windows uses [Microsoft Hyper-V](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/windows_welcome) for virtualization, and Hyper-V is not compatible with Oracle VirtualBox. Therefore, you cannot run the two solutions simultaneously. But you can still @@ -42,15 +42,15 @@ driver. The prerequisites are: -* Have Docker for Windows installed, and running (which requires that virtualization and Hyper-V are enabled, as described in [What to know before you install Docker for Windows](/docker-for-windows/install.md#what-to-know-before-you-install)). +* Have Docker Desktop for Windows installed, and running (which requires that virtualization and Hyper-V are enabled, as described in [What to know before you install Docker Desktop for Windows](/docker-for-windows/install.md#what-to-know-before-you-install)). * Set up the Hyper-V driver to use an external virtual network switch See the [Docker Machine driver for Microsoft Hyper-V](drivers/hyper-v.md) topic, which includes an [example](/machine/drivers/hyper-v.md#example) of how to do this. -#### If you are using Docker for Mac +#### If you are using Docker Desktop for Mac -Docker for Mac uses [HyperKit](https://github.com/docker/HyperKit/), a +Docker Desktop for Mac uses [HyperKit](https://github.com/docker/HyperKit/), a lightweight macOS virtualization solution built on top of the [Hypervisor.framework](https://developer.apple.com/reference/hypervisor). @@ -58,7 +58,7 @@ Currently, there is no `docker-machine create` driver for HyperKit, so use the `virtualbox` driver to create local machines. (See the [Docker Machine driver for Oracle VirtualBox](drivers/virtualbox.md).) You can run both HyperKit and Oracle VirtualBox on the same system. To learn more, see -[Docker for Mac vs. Docker Toolbox](/docker-for-mac/docker-toolbox/). +[Docker Desktop for Mac vs. Docker Toolbox](/docker-for-mac/docker-toolbox/). * Make sure you have [the latest VirtualBox](https://www.virtualbox.org/wiki/Downloads){: target="_blank" class="_"} correctly installed on your system (either as part of an earlier Toolbox install, @@ -66,7 +66,7 @@ both HyperKit and Oracle VirtualBox on the same system. To learn more, see #### If you are using Docker Toolbox -Docker for Mac and Docker for Windows both require newer versions of their +Docker Desktop for Mac and Docker Desktop for Windows both require newer versions of their respective operating systems, so users with older OS versions must use Docker Toolbox. @@ -75,14 +75,14 @@ machine based on Oracle [VirtualBox](https://www.virtualbox.org/){: target="_blank" class="_"}. (See the [Docker Machine driver for Oracle VirtualBox](drivers/virtualbox.md).) -* If you are using Docker Toolbox on a Windows system that has Hyper-V but cannot run Docker for Windows (for example Windows 8 Pro), you must use the +* If you are using Docker Toolbox on a Windows system that has Hyper-V but cannot run Docker Desktop for Windows (for example Windows 8 Pro), you must use the `hyperv` driver to create local machines. (See the [Docker Machine driver for Microsoft Hyper-V](drivers/hyper-v.md).) * Make sure you have [the latest VirtualBox](https://www.virtualbox.org/wiki/Downloads){: target="_blank" class="_"} correctly installed on your system. If you used [Toolbox](https://www.docker.com/products/docker-toolbox){: target="_blank" class="_"} - or [Docker for Windows](/docker-for-windows/index.md){: target="_blank" class="_"} + or [Docker Desktop for Windows](/docker-for-windows/index.md){: target="_blank" class="_"} to install Docker Machine, VirtualBox is automatically installed. @@ -123,9 +123,9 @@ The examples here show how to create and start a machine, run Docker commands, a it `default` as shown in the example. If you already have a "default" machine, choose another name for this new machine. - * If you are using Toolbox on Mac, Toolbox on older Windows systems without Hyper-V, or Docker for Mac, use `virtualbox` as the driver, as shown in this example. (The Docker Machine VirtualBox driver reference is [here](drivers/virtualbox.md).) (See [prerequisites](get-started.md#prerequisite-information) above to learn more.) + * If you are using Toolbox on Mac, Toolbox on older Windows systems without Hyper-V, or Docker Desktop for Mac, use `virtualbox` as the driver, as shown in this example. (The Docker Machine VirtualBox driver reference is [here](drivers/virtualbox.md).) (See [prerequisites](get-started.md#prerequisite-information) above to learn more.) - * On Docker for Windows systems that support Hyper-V, use the `hyperv` driver as shown in the [Docker Machine Microsoft Hyper-V driver reference](drivers/hyper-v.md) and follow the [example](/machine/drivers/hyper-v.md#example), which shows how to use an external network switch and provides the flags for the full command. (See [prerequisites](get-started.md#prerequisite-information) above to learn more.) + * On Docker Desktop for Windows systems that support Hyper-V, use the `hyperv` driver as shown in the [Docker Machine Microsoft Hyper-V driver reference](drivers/hyper-v.md) and follow the [example](/machine/drivers/hyper-v.md#example), which shows how to use an external network switch and provides the flags for the full command. (See [prerequisites](get-started.md#prerequisite-information) above to learn more.) $ docker-machine create --driver virtualbox default Running pre-create checks... @@ -290,7 +290,7 @@ For machines other than `default`, and commands other than those listed above, y ## Unset environment variables in the current shell You might want to use the current shell to connect to a different Docker Engine. -This would be the case if, for example, you are [running Docker for Mac +This would be the case if, for example, you are [running Docker Desktop for Mac concurrent with Docker Toolbox](/docker-for-mac/docker-toolbox.md) and want to talk to two different Docker Engines. In both scenarios, you have the option to switch the environment for the current @@ -339,12 +339,12 @@ shell to talk to different Docker engines. $ env | grep DOCKER ``` - If you are running Docker for Mac, you can run Docker commands to talk + If you are running Docker Desktop for Mac, you can run Docker commands to talk to the Docker Engine installed with that app. - Since [Docker for Windows is incompatible with + Since [Docker Desktop for Windows is incompatible with Toolbox](/docker-for-windows/install.md#what-to-know-before-you-install), - this scenario isn't applicable because Docker for Windows uses the Docker + this scenario isn't applicable because Docker Desktop for Windows uses the Docker Engine and Docker Machine that come with it. ## Start local machines on startup From bb19d49405364d4ab6e5a4161add610a3e70194d Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 10:19:57 -0500 Subject: [PATCH 052/361] Update index.md --- engine/swarm/swarm-tutorial/index.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/engine/swarm/swarm-tutorial/index.md b/engine/swarm/swarm-tutorial/index.md index 50700d4f89..de929e7cb5 100644 --- a/engine/swarm/swarm-tutorial/index.md +++ b/engine/swarm/swarm-tutorial/index.md @@ -56,7 +56,7 @@ follows: * [install Docker Engine on Linux machines](#install-docker-engine-on-linux-machines) -* [use Docker for Mac or Docker for Windows](#use-docker-for-mac-or-docker-for-windows) +* [use Docker Desktop for Mac or Docker Desktop for Windows](#use-docker-for-mac-or-docker-for-windows) #### Install Docker Engine on Linux machines @@ -66,29 +66,29 @@ instructions](../../installation/index.md) for your platform. Spin up the three machines, and you are ready. You can test both single-node and multi-node swarm scenarios on Linux machines. -#### Use Docker for Mac or Docker for Windows +#### Use Docker Desktop for Mac or Docker Desktop for Windows -Alternatively, install the latest [Docker for Mac](/docker-for-mac/index.md) or -[Docker for Windows](/docker-for-windows/index.md) application on one +Alternatively, install the latest [Docker Desktop for Mac](/docker-for-mac/index.md) or +[Docker Desktop for Windows](/docker-for-windows/index.md) application on one computer. You can test both single-node and multi-node swarm from this computer, but you need to use Docker Machine to test the multi-node scenarios. -* You can use Docker for Mac or Windows to test _single-node_ features of swarm +* You can use Docker Desktop for Mac or Windows to test _single-node_ features of swarm mode, including initializing a swarm with a single node, creating services, and scaling services. Docker "Moby" on Hyperkit (Mac) or Hyper-V (Windows) serve as the single swarm node.

-* Currently, you cannot use Docker for Mac or Docker for Windows alone to test a +* Currently, you cannot use Docker Desktop for Mac or Docker Desktop for Windows alone to test a _multi-node_ swarm. However, you can use the included version of [Docker Machine](/machine/overview.md) to create the swarm nodes (see [Get started with Docker Machine and a local VM](/machine/get-started.md)), then follow the tutorial for all multi-node features. For this scenario, you run -commands from a Docker for Mac or Docker for Windows host, but that Docker host itself is +commands from a Docker for Mac or Docker Desktop for Windows host, but that Docker host itself is _not_ participating in the swarm. After you create the nodes, you can run all swarm commands as shown from the Mac terminal or Windows PowerShell with -Docker for Mac or Docker for Windows running. +Docker for Mac or Docker Desktop for Windows running. ### The IP address of the manager machine From d94d6ff294648e67d7f7f119582245dd611e0270 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 10:23:53 -0500 Subject: [PATCH 053/361] Update toolbox_install_windows.md --- toolbox/toolbox_install_windows.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/toolbox/toolbox_install_windows.md b/toolbox/toolbox_install_windows.md index cd7c8b679a..dc808e9c57 100644 --- a/toolbox/toolbox_install_windows.md +++ b/toolbox/toolbox_install_windows.md @@ -7,7 +7,7 @@ title: Install Docker Toolbox on Windows Docker Toolbox provides a way to use Docker on Windows systems that do not -meet minimal system requirements for the [Docker for +meet minimal system requirements for the [Docker Desktop for Windows](/docker-for-windows/index.md) app. If you have not done so already, download the installer here: @@ -33,7 +33,7 @@ small Linux VM on your machine. This VM hosts Docker Engine for you on your Windows system. >**Tip**: One of the advantages of the newer -[Docker for +[Docker Desktop for Windows](/docker-for-windows/index.md) solution is that it uses native virtualization and does not require VirtualBox to run Docker. @@ -50,11 +50,11 @@ To verify your machine meets these requirements, do the following: If you have a newer system, specifically 64bit Windows 10 Pro, with Enterprise and Education (1607 Anniversary update, Build 14393 or later), - consider using [Docker for Windows](/docker-for-windows) instead. It runs + consider using [Docker Desktop for Windows](/docker-for-windows) instead. It runs natively on the Windows, so there is no need for a pre-configured Docker QuickStart shell. It also uses Hyper-V for virtualization, so the instructions below for checking virtualization will be out of date for newer - Windows systems. Full install prerequisites are provided in the Docker for + Windows systems. Full install prerequisites are provided in the Docker Desktop for Windows topic in [What to know before you install](/docker-for-windows/#what-to-know-before-you-install). @@ -230,7 +230,7 @@ Removing Toolbox involves removing all the Docker components it includes. A full uninstall also includes removing the local and remote machines you created with Docker Machine. In some cases, you might want to keep machines created with Docker Machine. -For example, if you plan to re-install Docker Machine as a part of Docker for Windows you can continue to manage those machines through Docker. Or, if you have remote machines on a cloud provider and you plan to manage them using the provider, you wouldn't want to remove them. So the step to remove machines is described here as optional. +For example, if you plan to re-install Docker Machine as a part of Docker Desktop for Windows you can continue to manage those machines through Docker. Or, if you have remote machines on a cloud provider and you plan to manage them using the provider, you wouldn't want to remove them. So the step to remove machines is described here as optional. To uninstall Toolbox on Windows, do the following: @@ -253,7 +253,7 @@ To uninstall Toolbox on Windows, do the following: This step is optional because if you plan to re-install Docker Machine as a part - of [Docker for + of [Docker Desktop for Windows](/docker-for-windows/index.md), you can import and continue to manage those machines through Docker. From 8b74e73b8b4bd9e6a42156332d21476ed394278c Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 10:26:22 -0500 Subject: [PATCH 054/361] Update install.md --- docker-for-windows/install.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-for-windows/install.md b/docker-for-windows/install.md index a2ec97114f..9b5b769e81 100644 --- a/docker-for-windows/install.md +++ b/docker-for-windows/install.md @@ -20,7 +20,7 @@ Hub](https://hub.docker.com/editions/community/docker-ce-desktop-windows){: enabled, VirtualBox no longer works, but any VirtualBox VM images remain. VirtualBox VMs created with `docker-machine` (including the `default` one typically created during Toolbox install) no longer start. These VMs cannot be - used side-by-side with Docker for Windows. However, you can still use + used side-by-side with Docker Desktop for Windows. However, you can still use `docker-machine` to manage remote VMs. * **System Requirements**: @@ -69,7 +69,7 @@ Looking for information on using Windows containers? 1. Double-click **Docker Desktop for Windows Installer.exe** to run the installer. - If you haven't already downloaded the installer (`Docker for Windows + If you haven't already downloaded the installer (`Docker Desktop Installer.exe`), you can get it from [**download.docker.com**](https://download.docker.com/win/stable/Docker%20for%20Windows%20Installer.exe). It typically downloads to your `Downloads` folder, or you can run it from From b7f44fc86701034e65a309fe6e172ce821d41ee4 Mon Sep 17 00:00:00 2001 From: Jenkins-pr-release-docs Date: Fri, 11 Jan 2019 17:10:15 +0000 Subject: [PATCH 055/361] Docker for win edge relnotes 2.0.1.0 Signed-off-by: Jenkins-pr-release-docs --- docker-for-windows/edge-release-notes.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docker-for-windows/edge-release-notes.md b/docker-for-windows/edge-release-notes.md index fd234c5f34..27f1d2c316 100644 --- a/docker-for-windows/edge-release-notes.md +++ b/docker-for-windows/edge-release-notes.md @@ -18,6 +18,27 @@ for Windows](install.md#download-docker-for-windows). ## Edge Releases of 2018 +### Docker Community Edition 2.0.1.0 2019-01-11 + +[Download](https://download.docker.com/win/edge/30090/Docker%20Desktop%20Installer.exe) + +* Upgrades + - [Docker 18.09.1](https://github.com/docker/docker-ce/releases/tag/v18.09.1) + - [Kubernetes 1.13.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md#v1130) + - [Kitematic 0.17.6](https://github.com/docker/kitematic/releases/tag/v0.17.6) + - Golang 1.10.6, fixes CVEs: [CVE-2018-16875](https://www.cvedetails.com/cve/CVE-2018-16875), [CVE-2018-16873](https://www.cvedetails.com/cve/CVE-2018-16873) and [CVE-2018-16874](https://www.cvedetails.com/cve/CVE-2018-16874) + + WARNING: If you have an existing Kubernetes cluster created with Docker Desktop, this upgrade will reset the cluster. If you need to back up your Kubernetes cluster or persistent volumes you can use [Ark](https://github.com/heptio/ark). + +* Bug fixes and minor changes + - Fix service log collection in diagnostics + - Gather /etc/hosts to help diagnostics + - Add 18.09 missing daemon options + - Rename Docker for Windows to Docker Desktop + - Partially open services ports if possibles + - Quit will not check if service is running anymore + - Fix UI lock when changing kubernetes state + ### Docker Community Edition 2.0.0.0-win82 2018-12-07 [Download](https://download.docker.com/win/edge/29268/Docker%20for%20Windows%20Installer.exe) From 4ccef1ef6c87ea9b906e5879e52567676dd54475 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 12:54:19 -0500 Subject: [PATCH 056/361] Update faqs.md --- docker-for-windows/faqs.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-for-windows/faqs.md b/docker-for-windows/faqs.md index 997752e827..183faecbfa 100644 --- a/docker-for-windows/faqs.md +++ b/docker-for-windows/faqs.md @@ -101,7 +101,7 @@ response. #### How can I opt out of sending my usage data? If you do not want auto-send of usage data, use the Stable channel. For more -information, see [Stable and Edge channels](#questions-about-stable-and-edge-channels) ("What is the difference between the Stable and Edge versions of Docker for Windows?"). +information, see [Stable and Edge channels](#questions-about-stable-and-edge-channels) ("What is the difference between the Stable and Edge versions of Docker Desktop for Windows?"). ### How is personal data handled in Docker Desktop? @@ -160,7 +160,7 @@ For workarounds and to learn more, see #### Why doesn't `nodemon` pick up file changes in a container mounted on a shared drive? -Currently, `inotify` does not work on Docker for Windows. This is a known issue. +Currently, `inotify` does not work on Docker Desktop for Windows. This is a known issue. For more information and a temporary workaround, see [inotify on shared drives does not work](troubleshoot#inotify-on-shared-drives-does-not-work){: target="_blank" class="_"} in [Troubleshooting](troubleshoot). @@ -266,7 +266,7 @@ available on Home-edition. #### Why is Windows 10 required? Docker Desktop for Windows uses Windows Hyper-V. While older Windows versions have -Hyper-V, their Hyper-V implementations lack features critical for Docker for +Hyper-V, their Hyper-V implementations lack features critical for Docker Desktop for Windows to work. #### Why does Docker Desktop for Windows fail to start when firewalls or anti-virus software is installed? From a05e627550827361bea28c678f3f2bc6b4bcd7bd Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 12:56:36 -0500 Subject: [PATCH 057/361] Update index.md --- docker-for-windows/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-for-windows/index.md b/docker-for-windows/index.md index f765621b93..2db9fa1c2d 100644 --- a/docker-for-windows/index.md +++ b/docker-for-windows/index.md @@ -274,7 +274,7 @@ If you run a Docker command from a shell with a volume mount (as shown in the example below) or kick off a Compose file that includes volume mounts, you get a popup asking if you want to share the specified drive. -You can select to **Share it**, in which case it is added your Docker for +You can select to **Share it**, in which case it is added your Docker Desktop for Windows [Shared Drives list](index.md#shared-drives) and available to containers. Alternatively, you can opt not to share it by hitting Cancel. @@ -288,7 +288,7 @@ The Linux VM restarts after changing the settings on the Advanced tab. This take * **CPUs** - Change the number of processors assigned to the Linux VM. -* **Memory** - Change the amount of memory the Docker for Windows Linux VM uses. +* **Memory** - Change the amount of memory the Docker Desktop for Windows Linux VM uses. ### Network From 0087ec819e9cbb0083d633684acc9788f12d1366 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 12:59:15 -0500 Subject: [PATCH 058/361] Update troubleshoot.md --- docker-for-windows/troubleshoot.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-for-windows/troubleshoot.md b/docker-for-windows/troubleshoot.md index b390290cf6..8fdac64cf7 100644 --- a/docker-for-windows/troubleshoot.md +++ b/docker-for-windows/troubleshoot.md @@ -23,7 +23,7 @@ technical support for various subscription levels. If you encounter problems for which you do not find solutions in this documentation, on [Docker Desktop for Windows issues on -GitHub](https://github.com/docker/for-win/issues), or the [Docker for Win +GitHub](https://github.com/docker/for-win/issues), or the [Docker Desktop for Windows forum](https://forums.docker.com/c/docker-for-windows), we can help you troubleshoot the log data. @@ -474,12 +474,12 @@ For more information, see: Docker Desktop for Windows can run inside a Windows 10 virtual machine (VM) running on apps like Parallels or VMware Fusion on a Mac provided that the VM is properly configured. However, problems and intermittent failures may still occur due to -the way these apps virtualize the hardware. For these reasons, _**Docker for +the way these apps virtualize the hardware. For these reasons, _**Docker Desktop for Windows is not supported for nested virtualization scenarios**_. It might work in some cases, and not in others. The better solution is to run Docker Desktop for Windows natively on a Windows system -(to work with Windows or Linux containers), or Docker for Mac on Mac to work +(to work with Windows or Linux containers), or Docker Desktop for Mac on Mac to work with Linux containers. #### If you still want to use nested virtualization @@ -523,7 +523,7 @@ Discussion thread on GitHub at [Docker for Windows issue ### Networking issues -Some users have reported problems connecting to Docker Hub on the Docker for +Some users have reported problems connecting to Docker Hub on the Docker Desktop for Windows stable version. (See GitHub issue [22567](https://github.com/moby/moby/issues/22567).) From 4fb1c403ea696200b98be292cf72f28cf04e08df Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:01:08 -0500 Subject: [PATCH 059/361] Update index.md --- engine/swarm/swarm-tutorial/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/engine/swarm/swarm-tutorial/index.md b/engine/swarm/swarm-tutorial/index.md index de929e7cb5..6a8183e656 100644 --- a/engine/swarm/swarm-tutorial/index.md +++ b/engine/swarm/swarm-tutorial/index.md @@ -85,10 +85,10 @@ _multi-node_ swarm. However, you can use the included version of [Docker Machine](/machine/overview.md) to create the swarm nodes (see [Get started with Docker Machine and a local VM](/machine/get-started.md)), then follow the tutorial for all multi-node features. For this scenario, you run -commands from a Docker for Mac or Docker Desktop for Windows host, but that Docker host itself is +commands from a Docker Desktop for Mac or Docker Desktop for Windows host, but that Docker host itself is _not_ participating in the swarm. After you create the nodes, you can run all swarm commands as shown from the Mac terminal or Windows PowerShell with -Docker for Mac or Docker Desktop for Windows running. +Docker Desktop for Mac or Docker Desktop for Windows running. ### The IP address of the manager machine From c569fe224e94e4eebceaa021805b6170e5964b0f Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:05:08 -0500 Subject: [PATCH 060/361] Update index.md --- index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/index.md b/index.md index 9ef3dba252..7959711d85 100644 --- a/index.md +++ b/index.md @@ -73,18 +73,18 @@ the industry to modernize all applications. Docker EE Advanced comes with enterp

- Docker for Mac + Docker Desktop for Mac
-

Docker for Mac

+

Docker Desktop for Mac

A native application using the macOS sandbox security model which delivers all Docker tools to your Mac.

- Docker for Windows + Docker Desktop for Windows
-

Docker for Windows

+

Docker Desktop for Windows

A native Windows application which delivers all Docker tools to your Windows computer.

From 2d752d9d3496c4082b25752cad20bc4b94efb672 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:06:21 -0500 Subject: [PATCH 061/361] Update dotnetcore.md --- engine/examples/dotnetcore.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/examples/dotnetcore.md b/engine/examples/dotnetcore.md index 14a656d4f8..38facac14b 100644 --- a/engine/examples/dotnetcore.md +++ b/engine/examples/dotnetcore.md @@ -35,7 +35,7 @@ tutorial](https://www.asp.net/get-started) to initialize a project or clone our 2. Add the text below to your `Dockerfile` for either Linux or [Windows Containers](https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/). The tags below are multi-arch meaning they pull either Windows or - Linux containers depending on what mode is set in [Docker for + Linux containers depending on what mode is set in [Docker Desktop for Windows](/docker-for-windows/). Read more on [switching containers](/docker-for-windows/#switch-between-windows-and-linux-containers). 3. The `Dockerfile` assumes that your application is called `aspnetapp`. Change the `Dockerfile` to use the DLL file of your project. From ae7f5e3aa4f646f9683d8678025406610d220614 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:08:23 -0500 Subject: [PATCH 062/361] Update overview.md --- machine/overview.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/machine/overview.md b/machine/overview.md index 16c63c3485..6c6d0bdb47 100644 --- a/machine/overview.md +++ b/machine/overview.md @@ -27,11 +27,11 @@ point to a host called `default`, follow on-screen instructions to complete `env` setup, and run `docker ps`, `docker run hello-world`, and so forth. Machine _was_ the _only_ way to run Docker on Mac or Windows previous to Docker -v1.12. Starting with the beta program and Docker v1.12, [Docker for -Mac](/docker-for-mac/index.md) and [Docker for +v1.12. Starting with the beta program and Docker v1.12, [Docker Desktop for +Mac](/docker-for-mac/index.md) and [Docker Desktop for Windows](/docker-for-windows/index.md) are available as native apps and the better choice for this use case on newer desktops and laptops. We encourage you -to try out these new apps. The installers for Docker for Mac and Docker for +to try out these new apps. The installers for Docker Desktop for Mac and Docker Desktop for Windows include Docker Machine, along with Docker Compose. If you aren't sure where to begin, see [Get Started with Docker](/get-started/), @@ -51,7 +51,7 @@ Docker Machine has these two broad use cases. ![Docker Machine on Mac and Windows](img/machine-mac-win.png){: .white-bg} - If you work primarily on an older Mac or Windows laptop or desktop that doesn't meet the requirements for the new [Docker for Mac](/docker-for-mac/index.md) and [Docker for Windows](/docker-for-windows/index.md) apps, then you need Docker Machine run Docker Engine locally. Installing Docker Machine on a Mac or Windows box with the [Docker Toolbox](/toolbox/overview.md) installer provisions a local virtual machine with Docker Engine, gives you the ability to connect it, and run `docker` commands. + If you work primarily on an older Mac or Windows laptop or desktop that doesn't meet the requirements for the new [Docker Desktop for Mac](/docker-for-mac/index.md) and [Docker Desktop for Windows](/docker-for-windows/index.md) apps, then you need Docker Machine run Docker Engine locally. Installing Docker Machine on a Mac or Windows box with the [Docker Toolbox](/toolbox/overview.md) installer provisions a local virtual machine with Docker Engine, gives you the ability to connect it, and run `docker` commands. * **I want to provision Docker hosts on remote systems** From 403da538a2f0c6c6986ec840fc3c48acc4a7ccbc Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:12:20 -0500 Subject: [PATCH 063/361] Update create-swarm.md --- engine/swarm/swarm-tutorial/create-swarm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/engine/swarm/swarm-tutorial/create-swarm.md b/engine/swarm/swarm-tutorial/create-swarm.md index 75675454e5..1fe91ab00b 100644 --- a/engine/swarm/swarm-tutorial/create-swarm.md +++ b/engine/swarm/swarm-tutorial/create-swarm.md @@ -23,10 +23,10 @@ machines. $ docker swarm init --advertise-addr ``` - >**Note**: If you are using Docker for Mac or Docker for Windows to test + >**Note**: If you are using Docker Desktop for Mac or Docker Desktop for Windows to test single-node swarm, simply run `docker swarm init` with no arguments. There is no need to specify `--advertise-addr` in this case. To learn more, see the topic -on how to [Use Docker for Mac or Docker for +on how to [Use Docker Desktop or Mac or Docker Desktop for Windows](/engine/swarm/swarm-tutorial/index.md#use-docker-for-mac-or-docker-for-windows) with Swarm. In the tutorial, the following command creates a swarm on the `manager1` From 661100cce2cded9044a76c335b4228dc5f3c4495 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:15:16 -0500 Subject: [PATCH 064/361] Update gettingstarted.md --- compose/gettingstarted.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/compose/gettingstarted.md b/compose/gettingstarted.md index 06fd9b7605..822df6a0e9 100644 --- a/compose/gettingstarted.md +++ b/compose/gettingstarted.md @@ -160,7 +160,7 @@ Hub registry. 2. Enter `http://0.0.0.0:5000/` in a browser to see the application running. - If you're using Docker natively on Linux, Docker for Mac, or Docker for + If you're using Docker natively on Linux, Docker Desktop for Mac, or Docker Desktop for Windows, then the web app should now be listening on port 5000 on your Docker daemon host. Point your web browser to `http://localhost:5000` to find the `Hello World` message. If this doesn't resolve, you can also try @@ -253,15 +253,15 @@ If you get runtime errors indicating an application file is not found, a volume mount is denied, or a service cannot start, try enabling file or drive sharing. Volume mounting requires shared drives for projects that live outside of `C:\Users` (Windows) or `/Users` (Mac), and is required for _any_ project on -Docker for Windows that uses [Linux +Docker Desktop for Windows that uses [Linux containers](/docker-for-windows/#switch-between-windows-and-linux-containers-beta-feature). For more information, see [Shared Drives](../docker-for-windows/#shared-drives) -on Docker for Windows, [File sharing](../docker-for-mac/#file-sharing) on Docker +on Docker Desktop for Windows, [File sharing](../docker-for-mac/#file-sharing) on Docker for Mac, and the general examples on how to [Manage data in containers](../engine/tutorials/dockervolumes.md). > > * If you are using Oracle VirtualBox on an older Windows OS, you might encounter an issue with shared folders as described in this [VB trouble ticket](https://www.virtualbox.org/ticket/14920). Newer Windows systems meet the -requirements for [Docker for Windows](/docker-for-windows/install.md) and do not +requirements for [Docker Desktop for Windows](/docker-for-windows/install.md) and do not need VirtualBox. {: .important} From e22dff1b59e367dbbd998492e2de5d6acf56b5b1 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:17:48 -0500 Subject: [PATCH 065/361] Update aspnet-mssql-compose.md --- compose/aspnet-mssql-compose.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/compose/aspnet-mssql-compose.md b/compose/aspnet-mssql-compose.md index ce60a4db28..d0ea56670d 100644 --- a/compose/aspnet-mssql-compose.md +++ b/compose/aspnet-mssql-compose.md @@ -25,8 +25,8 @@ configure this app to use our SQL Server database, and then create a 1. Create a new directory for your application. This directory is the context of your docker-compose project. For - [Docker for Windows](/docker-for-windows/#/shared-drives) and - [Docker for Mac](/docker-for-mac/#/file-sharing), you + [Docker Desktop for Windows](/docker-for-windows/#/shared-drives) and + [Docker Desktop for Mac](/docker-for-mac/#/file-sharing), you need to set up file sharing for the volume that you need to map. 1. Within your directory, use the `aspnetcore-build` Docker image to generate a @@ -37,7 +37,7 @@ configure this app to use our SQL Server database, and then create a $ docker run -v ${PWD}:/app --workdir /app microsoft/aspnetcore-build:lts dotnet new mvc --auth Individual ``` - > **Note**: If running in Docker for Windows, make sure to use Powershell + > **Note**: If running in Docker Desktop for Windows, make sure to use Powershell or specify the absolute path of your app directory. 1. Create a `Dockerfile` within your app directory and add the following content: @@ -170,8 +170,8 @@ configure this app to use our SQL Server database, and then create a 1. Make sure you allocate at least 2GB of memory to Docker Engine. Here is how to do it on - [Docker for Mac](/docker-for-mac/#/advanced) and - [Docker for Windows](/docker-for-windows/#/advanced). + [Docker Desktop for Mac](/docker-for-mac/#/advanced) and + [Docker Desktop for Windows](/docker-for-windows/#/advanced). This is necessary to run the SQL Server on Linux container. 1. Run the `docker-compose up` command. After a few seconds, you should be able From 62edcf746d54917f0d77140aafaae6ea8228067b Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:20:06 -0500 Subject: [PATCH 066/361] Update live-restore.md --- config/containers/live-restore.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/containers/live-restore.md b/config/containers/live-restore.md index 41117f4b9c..eaa2c2310d 100644 --- a/config/containers/live-restore.md +++ b/config/containers/live-restore.md @@ -13,7 +13,7 @@ is called _live restore_. The live restore option helps reduce container downtime due to daemon crashes, planned outages, or upgrades. > **Note**: Live restore is not supported on Windows containers, but it does work -for Linux containers running on Docker for Windows. +for Linux containers running on Docker Desktop for Windows. ## Enable live restore @@ -21,7 +21,7 @@ There are two ways to enable the live restore setting to keep containers alive when the daemon becomes unavailable. **Only do one of the following**. * Add the configuration to the daemon configuration file. On Linux, this - defaults to `/etc/docker/daemon.json`. On Docker for Mac or Docker for Windows, + defaults to `/etc/docker/daemon.json`. On Docker Desktop for Mac or Docker Desktop for Windows, select the Docker icon from the task bar, then click **Preferences** -> **Daemon** -> **Advanced**. @@ -67,8 +67,8 @@ data. The default buffer size is 64K. If the buffers fill, you must restart the Docker daemon to flush them. On Linux, you can modify the kernel's buffer size by changing -`/proc/sys/fs/pipe-max-size`. You cannot modify the buffer size on Docker for -Mac or Docker for Windows. +`/proc/sys/fs/pipe-max-size`. You cannot modify the buffer size on Docker Desktop for +Mac or Docker Desktop for Windows. ## Live restore and swarm mode From 39b11d41850dff3a7c5b1b7890d26cc87e17177b Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:21:55 -0500 Subject: [PATCH 067/361] Update networking.md --- docker-for-windows/networking.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docker-for-windows/networking.md b/docker-for-windows/networking.md index a97cf53bf4..adaf056293 100644 --- a/docker-for-windows/networking.md +++ b/docker-for-windows/networking.md @@ -1,19 +1,19 @@ --- description: Networking keywords: windows, networking -title: Networking features in Docker for Windows +title: Networking features in Docker Desktop for Windows --- {% assign Arch = 'Windows' %} -Docker for {{Arch}} provides several networking features to make it easier to +Docker Desktop for {{Arch}} provides several networking features to make it easier to use. ## Features ### VPN Passthrough -Docker for {{Arch}}'s networking can work when attached to a VPN. To do this, -Docker for {{Arch}} intercepts traffic from the containers and injects it into +Docker Desktop for {{Arch}}'s networking can work when attached to a VPN. To do this, +Docker Desktop for {{Arch}} intercepts traffic from the containers and injects it into {{Arch}} as if it originated from the Docker application. ### Port Mapping @@ -24,7 +24,7 @@ When you run a container with the `-p` argument, for example: $ docker run -p 80:80 -d nginx ``` -Docker for {{Arch}} makes whatever is running on port 80 in the container (in +Docker Desktop for {{Arch}} makes whatever is running on port 80 in the container (in this case, `nginx`) available on port 80 of `localhost`. In this example, the host and container ports are the same. What if you need to specify a different host port? If, for example, you already have something running on port 80 of @@ -43,18 +43,18 @@ See [Proxies](index#Proxies). ## Known limitations, use cases, and workarounds -Following is a summary of current limitations on the Docker for {{Arch}} +Following is a summary of current limitations on the Docker Desktop for {{Arch}} networking stack, along with some ideas for workarounds. ### There is no docker0 bridge on {{Arch}} -Because of the way networking is implemented in Docker for {{Arch}}, you cannot +Because of the way networking is implemented in Docker Desktop for {{Arch}}, you cannot see a `docker0` interface on the host. This interface is actually within the virtual machine. ### I cannot ping my containers -Docker for Windows can't route traffic to Linux containers. However, you can +Docker Desktop for Windows can't route traffic to Linux containers. However, you can ping the Windows containers. ### Per-container IP addressing is not possible @@ -72,7 +72,7 @@ The host has a changing IP address (or none if you have no network access). From 18.03 onwards our recommendation is to connect to the special DNS name `host.docker.internal`, which resolves to the internal IP address used by the host. -This is for development purpose and will not work in a production environment outside of Docker for Windows. +This is for development purpose and will not work in a production environment outside of Docker Desktop for Windows. The gateway is also reachable as `gateway.docker.internal`. From 49e5c67881201b58ba571d832badea0890c80b32 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:23:58 -0500 Subject: [PATCH 068/361] Update insecure.md --- registry/insecure.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/registry/insecure.md b/registry/insecure.md index 54f981c33f..1af15dfde0 100644 --- a/registry/insecure.md +++ b/registry/insecure.md @@ -23,7 +23,7 @@ isolated testing or in a tightly controlled, air-gapped environment. 1. Edit the `daemon.json` file, whose default location is `/etc/docker/daemon.json` on Linux or `C:\ProgramData\docker\config\daemon.json` on Windows Server. If you use - Docker for Mac or Docker for Windows, click the Docker icon, choose + Docker Desktop for Mac or Docker Desktop for Windows, click the Docker icon, choose **Preferences**, and choose +**Daemon**. If the `daemon.json` file does not exist, create it. Assuming there are no @@ -94,11 +94,11 @@ This is more secure than the insecure registry solution. 3. Click **Finish**. Restart Docker. - - **Docker for Mac**: Follow the instructions on + - **Docker Desktop for Mac**: Follow the instructions on [Adding custom CA certificates](/docker-for-mac/faqs.md#how-do-i-add-custom-ca-certificates){: target="_blank" class="_"}. Restart Docker. - - **Docker for Windows**: Follow the instructions on + - **Docker Desktop for Windows**: Follow the instructions on [Adding custom CA certificates](/docker-for-windows/faqs.md#how-do-i-add-custom-ca-certificates){: target="_blank" class="_"}. Restart Docker. @@ -162,4 +162,4 @@ Then, select the following options: [Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal). -After adding the CA certificate to Windows, restart Docker for Windows. +After adding the CA certificate to Windows, restart Docker Desktop for Windows. From 9cb9b5b100255258900cd77d5684ff169a4667a7 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:32:17 -0500 Subject: [PATCH 069/361] Update install-machine.md --- machine/install-machine.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machine/install-machine.md b/machine/install-machine.md index 6d9a9e5740..90109fe1dd 100644 --- a/machine/install-machine.md +++ b/machine/install-machine.md @@ -109,7 +109,7 @@ To uninstall Docker Machine: Removing machines is an optional step because there are cases where you might want to save and migrate existing machines to a [Docker - for Mac](/docker-for-mac/index.md) or [Docker for + for Mac](/docker-for-mac/index.md) or [Docker Desktop for Windows](/docker-for-windows/index.md) environment, for example. * Remove the executable: `rm $(which docker-machine)` From eb6f2d9e56172317879305e65050433d44d75c7d Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:34:18 -0500 Subject: [PATCH 070/361] Update prometheus.md --- config/thirdparty/prometheus.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/config/thirdparty/prometheus.md b/config/thirdparty/prometheus.md index 5eb6fd560d..4a2946e0c2 100644 --- a/config/thirdparty/prometheus.md +++ b/config/thirdparty/prometheus.md @@ -27,7 +27,7 @@ exist, create it. - **Linux**: `/etc/docker/daemon.json` - **Windows Server**: `C:\ProgramData\docker\config\daemon.json` -- **Docker for Mac / Docker for Windows**: Click the Docker icon in the toolbar, +- **Docker Desktop for Mac / Docker Desktop for Windows**: Click the Docker icon in the toolbar, select **Preferences**, then select **Daemon**. Click **Advanced**. If the file is currently empty, paste the following: @@ -43,7 +43,7 @@ If the file is not empty, add those two keys, making sure that the resulting file is valid JSON. Be careful that every line ends with a comma (`,`) except for the last line. -Save the file, or in the case of Docker for Mac or Docker for Windows, save the +Save the file, or in the case of Docker Desktop for Mac or Docker Desktop for Windows, save the configuration. Restart Docker. Docker now exposes Prometheus-compatible metrics on port 9323. @@ -63,13 +63,13 @@ Prometheus runs as a Docker service on a Docker swarm. Copy one of the following configuration files and save it to `/tmp/prometheus.yml` (Linux or Mac) or `C:\tmp\prometheus.yml` (Windows). This is a stock Prometheus configuration file, except for the addition of the Docker -job definition at the bottom of the file. Docker for Mac and Docker for Windows +job definition at the bottom of the file. Docker Desktop for Mac and Docker Desktop for Windows need a slightly different configuration.
@@ -200,8 +200,8 @@ Next, start a single-replica Prometheus service using this configuration.
@@ -242,8 +242,8 @@ Verify that the Docker target is listed at http://localhost:9090/targets/. ![Prometheus targets page](images/prometheus-targets.png) -You can't access the endpoint URLs directly if you use Docker -for Mac or Docker for Windows. +You can't access the endpoint URLs directly if you use Docker Desktop +for Mac or Docker Desktop for Windows. ## Use Prometheus From a93d6f148b52cb72b8aebd5a67057e2f02478858 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:35:23 -0500 Subject: [PATCH 071/361] Update breaking_changes.md --- engine/breaking_changes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/engine/breaking_changes.md b/engine/breaking_changes.md index 832340623b..570ac6d994 100644 --- a/engine/breaking_changes.md +++ b/engine/breaking_changes.md @@ -17,8 +17,8 @@ The following list compiles any updates to Docker Engine that created backwards-incompatibility for old versions of Docker tools. > **Note**: In the case of your local environment, you should be updating your - Docker Engine using [Docker for Mac](/docker-for-mac), - [Docker for Windows](/docker-for-windows). That way all your tools stay + Docker Engine using [Docker Desktop for Mac](/docker-for-mac), + [Docker Desktop for Windows](/docker-for-windows). That way all your tools stay in sync with Docker Engine. ## Engine 1.10 From 1846c5e2582c83f04d80a6ed4742fe5402d35dc5 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:36:38 -0500 Subject: [PATCH 072/361] Update overview.md --- toolbox/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox/overview.md b/toolbox/overview.md index 4400f512d5..011594904d 100644 --- a/toolbox/overview.md +++ b/toolbox/overview.md @@ -5,7 +5,7 @@ keywords: docker, documentation, about, technology, kitematic, gui, toolbox title: Docker Toolbox overview --- -Docker Toolbox is an installer for quick setup and launch of a Docker environment on older Mac and Windows systems that do not meet the requirements of the new [Docker for Mac](/docker-for-mac/index.md) and [Docker for Windows](/docker-for-windows/index.md) apps. +Docker Toolbox is an installer for quick setup and launch of a Docker environment on older Mac and Windows systems that do not meet the requirements of the new [Docker Desktop for Mac](/docker-for-mac/index.md) and [Docker Desktop for Windows](/docker-for-windows/index.md) apps. ![Toolbox installer](images/toolbox-installer.png) From 80aa68894ab7a3065075c2975f4f48455df64cc9 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:38:08 -0500 Subject: [PATCH 073/361] Update docker-ee.md --- install/windows/docker-ee.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/windows/docker-ee.md b/install/windows/docker-ee.md index a024625eb7..05cc3c55e2 100644 --- a/install/windows/docker-ee.md +++ b/install/windows/docker-ee.md @@ -268,8 +268,8 @@ posts](https://www.docker.com/microsoft/) on the Docker website. ## Where to go next * [Getting started](/docker-for-windows/index.md) provides an overview of -Docker for Windows, basic Docker command examples, how to get help or give -feedback, and links to all topics in the Docker for Windows guide. +Docker Desktop for Windows, basic Docker command examples, how to get help or give +feedback, and links to all topics in the Docker Desktop for Windows guide. * [FAQs](/docker-for-windows/faqs.md) provides answers to frequently asked questions. From 72d557b41e0871732e404e54d0300a71009466c5 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:41:01 -0500 Subject: [PATCH 074/361] Update glossary.yaml --- _data/glossary.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/_data/glossary.yaml b/_data/glossary.yaml index f7cdbb2ba0..d42732b086 100644 --- a/_data/glossary.yaml +++ b/_data/glossary.yaml @@ -81,24 +81,24 @@ Docker Enterprise Edition: | containerized applications, that you can deploy in the cloud or on-premise. It includes a tested and certified version of Docker, web UIs for managing your app resources, and support. -Docker for Mac: | - [Docker for Mac](/docker-for-mac/) is an easy-to-install, lightweight +Docker Desktop for Mac: | + [Docker Desktop for Mac](/docker-for-mac/) is an easy-to-install, lightweight Docker development environment designed specifically for the Mac. A native - Mac application, Docker for Mac uses the macOS Hypervisor + Mac application, Docker Desktop for Mac uses the macOS Hypervisor framework, networking, and filesystem. It's the best solution if you want to build, debug, test, package, and ship Dockerized applications on a - Mac. Docker for Mac supersedes [Docker Toolbox](#toolbox) as + Mac. Docker Desktop for Mac supersedes [Docker Toolbox](#toolbox) as state-of-the-art Docker on macOS. -Docker for Windows: | - [Docker for Windows](/docker-for-windows/) is an +Docker Desktop for Windows: | + [Docker Desktop for Windows](/docker-for-windows/) is an easy-to-install, lightweight Docker development environment designed specifically for Windows 10 systems that support Microsoft Hyper-V - (Professional, Enterprise and Education). Docker for Windows uses Hyper-V for + (Professional, Enterprise and Education). Docker Desktop for Windows uses Hyper-V for virtualization, and runs as a native Windows app. It works with Windows Server 2016, and gives you the ability to set up and run Windows containers as well as the standard Linux containers, with an option to switch between the two. Docker for Windows is the best solution if you want to build, debug, test, package, and - ship Dockerized applications from Windows machines. Docker for Windows + ship Dockerized applications from Windows machines. Docker Desktop for Windows supersedes [Docker Toolbox](#toolbox) as state-of-the-art Docker on Windows. Docker Hub: | The [Docker Hub](https://hub.docker.com/) is a centralized resource for working with @@ -163,8 +163,8 @@ image: | does not have state and it never changes. Kitematic: | A legacy GUI, bundled with [Docker Toolbox](#toolbox), for managing Docker - containers. We recommend upgrading to [Docker for Mac](#docker for Mac) or - [Docker for Windows](#docker for Windows), which have superseded Kitematic. + containers. We recommend upgrading to [Docker Desktop for Mac](#docker for Mac) or + [Docker Desktop for Windows](#docker for Windows), which have superseded Kitematic. layer: | In an image, a layer is modification to the image, represented by an instruction in the Dockerfile. Layers are applied in sequence to the base image to create the final image. @@ -309,11 +309,11 @@ Toolbox: | installer for Mac and Windows users. It uses Oracle VirtualBox for virtualization. - For Macs running OS X El Capitan 10.11 and newer macOS releases, [Docker for + For Macs running OS X El Capitan 10.11 and newer macOS releases, [Docker Desktop for Mac](/docker-for-mac/) is the better solution. For Windows 10 systems that support Microsoft Hyper-V (Professional, Enterprise - and Education), [Docker for + and Education), [Docker Desktop for Windows](/docker-for-windows/) is the better solution. Union file system: | Union file systems implement a [union From 1a9813a62d6fba092b0a13962888b57a3935e19c Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:42:17 -0500 Subject: [PATCH 075/361] Update kubernetes.md --- docker-for-windows/kubernetes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-for-windows/kubernetes.md b/docker-for-windows/kubernetes.md index 31779bccae..9c44b03e13 100644 --- a/docker-for-windows/kubernetes.md +++ b/docker-for-windows/kubernetes.md @@ -1,5 +1,5 @@ --- -description: Deploying to Kubernetes on Docker for Windows +description: Deploying to Kubernetes on Docker Desktop for Windows keywords: windows, edge, kubernetes, kubectl, orchestration title: Deploy on Kubernetes --- From a702ed28a6b1ce719ec6e4a04f9475eef32966df Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:44:01 -0500 Subject: [PATCH 076/361] Update kubectl.md --- ee/ucp/user-access/kubectl.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ee/ucp/user-access/kubectl.md b/ee/ucp/user-access/kubectl.md index eeb4171706..26ee21d941 100644 --- a/ee/ucp/user-access/kubectl.md +++ b/ee/ucp/user-access/kubectl.md @@ -11,12 +11,12 @@ command-line tool named kubectl. To access the UCP cluster with kubectl, install the [UCP client bundle](cli.md). -> Kubernetes on Docker for Mac and Docker for Windows +> Kubernetes on Docker Desktop for Mac and Docker Desktop for Windows > -> Docker for Mac and Docker for Windows provide a standalone Kubernetes server that +> Docker Desktop for Mac and Docker Desktop for Windows provide a standalone Kubernetes server that > runs on your development machine, with kubectl installed by default. This installation is > separate from the Kubernetes deployment on a UCP cluster. -> Learn how to [deploy to Kubernetes on Docker for Mac](/docker-for-mac/kubernetes.md). +> Learn how to [deploy to Kubernetes on Docker Desktop for Mac](/docker-for-mac/kubernetes.md). {: .important} ## Install the kubectl binary @@ -100,5 +100,5 @@ Docker Enterprise Edition provides users unique certificates and keys to authent ## Where to go next - [Deploy a workload to a Kubernetes cluster](../kubernetes.md) -- [Deploy to Kubernetes on Docker for Mac](/docker-for-mac/kubernetes.md) +- [Deploy to Kubernetes on Docker Desktop for Mac](/docker-for-mac/kubernetes.md) From 0e14f90a99fee99abfbed10d124c394451ad109e Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:45:13 -0500 Subject: [PATCH 077/361] Update index.md --- get-started/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/get-started/index.md b/get-started/index.md index 36328a270f..6b3e1ba886 100644 --- a/get-started/index.md +++ b/get-started/index.md @@ -115,10 +115,10 @@ of Docker Community Edition (CE) or Enterprise Edition (EE) on a > For full Kubernetes Integration > -> - [Kubernetes on Docker for Mac](/docker-for-mac/kubernetes/){: target="_blank" class="_"} +> - [Kubernetes on Docker Desktop for Mac](/docker-for-mac/kubernetes/){: target="_blank" class="_"} is available in [17.12 Edge (mac45)](/docker-for-mac/edge-release-notes/#docker-community-edition-17120-ce-mac45-2018-01-05){: target="_blank" class="_"} or [17.12 Stable (mac46)](/docker-for-mac/release-notes/#docker-community-edition-17120-ce-mac46-2018-01-09){: target="_blank" class="_"} and higher. -> - [Kubernetes on Docker for Windows](/docker-for-windows/kubernetes/){: target="_blank" class="_"} +> - [Kubernetes on Docker Desktop for Windows](/docker-for-windows/kubernetes/){: target="_blank" class="_"} is available in [18.02 Edge (win50)](/docker-for-windows/edge-release-notes/#docker-community-edition-18020-ce-rc1-win50-2018-01-26){: target="_blank" class="_"} and higher edge channels only. From f67b015c3af9b9bc791bf25c7ea592b3acacaddc Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:46:36 -0500 Subject: [PATCH 078/361] Update hyper-v.md --- machine/drivers/hyper-v.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/machine/drivers/hyper-v.md b/machine/drivers/hyper-v.md index 939b3d337b..fe5e629986 100644 --- a/machine/drivers/hyper-v.md +++ b/machine/drivers/hyper-v.md @@ -8,7 +8,7 @@ toc_max: 4 Creates a Boot2Docker virtual machine locally on your Windows machine using Hyper-V. -Hyper-V must be enabled on your desktop system. Docker for Windows automatically +Hyper-V must be enabled on your desktop system. Docker Desktop for Windows automatically enables it upon install. See this article on the Microsoft developer network for instructions on [how to manually enable Hyper-V](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_install). @@ -57,7 +57,7 @@ Hyper-V](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick #### 1. Make sure Hyper-V is enabled. -Hyper-V is automatically enabled on a Docker for Windows installation. To enable it manually, see [instructions on how to manually enable Hyper-V](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_install) on the Microsoft developer network. +Hyper-V is automatically enabled on a Docker Desktop for Windows installation. To enable it manually, see [instructions on how to manually enable Hyper-V](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_install) on the Microsoft developer network. #### 2. Set up a new external network switch (Optional) @@ -71,7 +71,7 @@ Select the **Virtual Switch Manager** on the right-hand **Actions** panel. ![Hyper-V manager](../img/hyperv-manager.png) -Set up a new **external network switch** to use instead of DockerNAT network switch (for Moby), which is set up by default when you install Docker for Windows. If you already have another network switch set up, use that one instead but make sure it is an **external** switch.) +Set up a new **external network switch** to use instead of DockerNAT network switch (for Moby), which is set up by default when you install Docker Desktop for Windows. If you already have another network switch set up, use that one instead but make sure it is an **external** switch.) For this example, we created a virtual switch called `Primary Virtual Switch`. From 34a1aea420cca0bdecd08f9cd22e59156da78979 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:54:42 -0500 Subject: [PATCH 079/361] Update host.md --- network/host.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/host.md b/network/host.md index b2a4f5089f..e6d82575be 100644 --- a/network/host.md +++ b/network/host.md @@ -10,7 +10,7 @@ which binds to port 80 and you use `host` networking, the container's application will be available on port 80 on the host's IP address. The host networking driver only works on Linux hosts, and is not supported on -Docker for Mac, Docker for Windows, or Docker EE for Windows Server. +Docker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows Server. In Docker 17.06 and higher, you can also use a `host` network for a swarm service, by passing `--network host` to the `docker container create` command. From e619f14c6ed22e5666ebc59e3eeb1f90fa79bf72 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:55:47 -0500 Subject: [PATCH 080/361] Update bundles.md --- compose/bundles.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose/bundles.md b/compose/bundles.md index d28910ae88..a4157c38ae 100644 --- a/compose/bundles.md +++ b/compose/bundles.md @@ -56,8 +56,8 @@ Wrote bundle to vossibility-stack.dab > you need to install an experimental build of Docker Engine to use it. > > If you're on Mac or Windows, download the “Beta channel” version of -> [Docker for Mac](/docker-for-mac/) or -> [Docker for Windows](/docker-for-windows/) to install +> [Docker Desktop for Mac](/docker-for-mac/) or +> [Docker Desktop for Windows](/docker-for-windows/) to install > it. If you're on Linux, follow the instructions in the > [experimental build README](https://github.com/docker/cli/blob/master/experimental/README.md). From d87c0416153021e631f425a9c66d2bfb1562cc11 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:57:49 -0500 Subject: [PATCH 081/361] Update userguide.md --- kitematic/userguide.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kitematic/userguide.md b/kitematic/userguide.md index a8257f9a9d..ca0f347043 100644 --- a/kitematic/userguide.md +++ b/kitematic/userguide.md @@ -26,9 +26,9 @@ GUI. First, if you haven't yet done so, download and install Kitematic in one of the following ways: -* Choose **Kitematic** from the Docker for Mac or Docker for Windows menu to get started with the Kitematic install. +* Choose **Kitematic** from the Docker Desktop for Mac or Docker Desktop for Windows menu to get started with the Kitematic install. -* Install [Docker Toolbox](/toolbox/overview.md#ready-to-get-started) (on older systems that do not meet the requirements of [Docker for Mac](/docker-for-mac/install.md#what-to-know-before-you-install) or [Docker for Windows](/docker-for-windows/install.md#what-to-know-before-you-install)). +* Install [Docker Toolbox](/toolbox/overview.md#ready-to-get-started) (on older systems that do not meet the requirements of [Docker Desktop for Mac](/docker-for-mac/install.md#what-to-know-before-you-install) or [Docker Desktop for Windows](/docker-for-windows/install.md#what-to-know-before-you-install)). * Download Kitematic directly from the [Kitematic releases page](https://github.com/docker/kitematic/releases/). From d04138d726c2016e46ccb05f8d2542e33cf34f49 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 13:59:12 -0500 Subject: [PATCH 082/361] Update install.md --- compose/install.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/compose/install.md b/compose/install.md index 2ab151c251..88e4996001 100644 --- a/compose/install.md +++ b/compose/install.md @@ -12,7 +12,7 @@ You can run Compose on macOS, Windows, and 64-bit Linux. Docker Compose relies on Docker Engine for any meaningful work, so make sure you have Docker Engine installed either locally or remote, depending on your setup. -- On desktop systems like Docker for Mac and Windows, Docker Compose is +- On desktop systems like Docker Desktop for Mac and Windows, Docker Compose is included as part of those desktop installs. - On Linux systems, first install the @@ -39,22 +39,22 @@ Python package manager or installing Compose as a container.
### Install Compose on macOS -**Docker for Mac** and **Docker Toolbox** already include Compose along +**Docker Desktop for Mac** and **Docker Toolbox** already include Compose along with other Docker apps, so Mac users do not need to install Compose separately. Docker install instructions for these are here: - * [Get Docker for Mac](/docker-for-mac/install.md) + * [Get Docker Desktop for Mac](/docker-for-mac/install.md) * [Get Docker Toolbox](/toolbox/overview.md) (for older systems)
### Install Compose on Windows systems -**Docker for Windows** and **Docker Toolbox** already include Compose +**Docker Desktop for Windows** and **Docker Toolbox** already include Compose along with other Docker apps, so most Windows users do not need to install Compose separately. Docker install instructions for these are here: -* [Get Docker for Windows](/docker-for-windows/install.md) +* [Get Docker Desktop for Windows](/docker-for-windows/install.md) * [Get Docker Toolbox](/toolbox/overview.md) (for older systems) **If you are running the Docker daemon and client directly on Microsoft From 1e1762d3449b0915968618866f13fcc76ddc524b Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:01:00 -0500 Subject: [PATCH 083/361] Update index.md --- install/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/index.md b/install/index.md index 72cea8fa51..231e2d8803 100644 --- a/install/index.md +++ b/install/index.md @@ -152,8 +152,8 @@ to choose the best installation path for you. | Platform | x86_64 | |:----------------------------------------------------------------------------|:-----------------:| -| [Docker for Mac (macOS)](/docker-for-mac/install/) | {{ green-check }} | -| [Docker for Windows (Microsoft Windows 10)](/docker-for-windows/install/) | {{ green-check }} | +| [Docker Desktop for Mac (macOS)](/docker-for-mac/install/) | {{ green-check }} | +| [Docker Desktop for Windows (Microsoft Windows 10)](/docker-for-windows/install/) | {{ green-check }} | #### Server From 623872673887de3dbad2617cc325b85e22a7924a Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:03:25 -0500 Subject: [PATCH 084/361] Update network-tutorial-host.md --- network/network-tutorial-host.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/network-tutorial-host.md b/network/network-tutorial-host.md index 54aa3a6b30..7b5441aeea 100644 --- a/network/network-tutorial-host.md +++ b/network/network-tutorial-host.md @@ -24,7 +24,7 @@ host. [documentation for the `nginx` image](https://hub.docker.com/_/nginx/) - The `host` networking driver only works on Linux hosts, and is not supported - on Docker for Mac, Docker for Windows, or Docker EE for Windows Server. + on Docker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows Server. ## Procedure From d552074f7a6190f9ea5613f12f8025aba8386788 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:05:53 -0500 Subject: [PATCH 085/361] Update index.md --- datacenter/dtr/2.2/guides/user/access-dtr/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/datacenter/dtr/2.2/guides/user/access-dtr/index.md b/datacenter/dtr/2.2/guides/user/access-dtr/index.md index 9cea619e9a..26b043105f 100644 --- a/datacenter/dtr/2.2/guides/user/access-dtr/index.md +++ b/datacenter/dtr/2.2/guides/user/access-dtr/index.md @@ -29,7 +29,7 @@ In your browser navigate to `https:///ca` to download the TLS certificate used by DTR. Then [add that certificate to macOS Keychain](https://support.apple.com/kb/PH20129). -After adding the CA certificate to Keychain, restart Docker for Mac. +After adding the CA certificate to Keychain, restart Docker Desktop for Mac. ### Windows @@ -46,7 +46,7 @@ Then, select the following options: [Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal). -After adding the CA certificate to Windows, restart Docker for Windows. +After adding the CA certificate to Windows, restart Docker Desktop for Windows. ### Ubuntu/ Debian From 6115286f1a7f7c8855a927628b2df4d7a275030b Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:06:56 -0500 Subject: [PATCH 086/361] Update index.md --- ee/dtr/user/access-dtr/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ee/dtr/user/access-dtr/index.md b/ee/dtr/user/access-dtr/index.md index 62d887f7ba..d8a969cd4a 100644 --- a/ee/dtr/user/access-dtr/index.md +++ b/ee/dtr/user/access-dtr/index.md @@ -29,7 +29,7 @@ In your browser navigate to `https:///ca` to download the TLS certificate used by DTR. Then [add that certificate to macOS Keychain](https://support.apple.com/kb/PH20129). -After adding the CA certificate to Keychain, restart Docker for Mac. +After adding the CA certificate to Keychain, restart Docker Desktop for Mac. ### Windows @@ -46,7 +46,7 @@ Then, select the following options: [Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal). -After adding the CA certificate to Windows, restart Docker for Windows. +After adding the CA certificate to Windows, restart Docker Desktop for Windows. ### Ubuntu/ Debian From 66a760993de7b9129864d9b7303fc01b4671706c Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:08:14 -0500 Subject: [PATCH 087/361] Update index.md --- datacenter/dtr/2.3/guides/user/access-dtr/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/datacenter/dtr/2.3/guides/user/access-dtr/index.md b/datacenter/dtr/2.3/guides/user/access-dtr/index.md index d22a84c15c..58f76276c8 100644 --- a/datacenter/dtr/2.3/guides/user/access-dtr/index.md +++ b/datacenter/dtr/2.3/guides/user/access-dtr/index.md @@ -29,7 +29,7 @@ In your browser navigate to `https:///ca` to download the TLS certificate used by DTR. Then [add that certificate to macOS Keychain](https://support.apple.com/kb/PH20129). -After adding the CA certificate to Keychain, restart Docker for Mac. +After adding the CA certificate to Keychain, restart Docker Desktop for Mac. ### Windows @@ -46,7 +46,7 @@ Then, select the following options: [Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal). -After adding the CA certificate to Windows, restart Docker for Windows. +After adding the CA certificate to Windows, restart Docker Desktop for Windows. ### Ubuntu/ Debian From c958675fe89d94752de6d387f7062959a118ee48 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:09:17 -0500 Subject: [PATCH 088/361] Update index.md --- datacenter/dtr/2.4/guides/user/access-dtr/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/datacenter/dtr/2.4/guides/user/access-dtr/index.md b/datacenter/dtr/2.4/guides/user/access-dtr/index.md index d22a84c15c..58f76276c8 100644 --- a/datacenter/dtr/2.4/guides/user/access-dtr/index.md +++ b/datacenter/dtr/2.4/guides/user/access-dtr/index.md @@ -29,7 +29,7 @@ In your browser navigate to `https:///ca` to download the TLS certificate used by DTR. Then [add that certificate to macOS Keychain](https://support.apple.com/kb/PH20129). -After adding the CA certificate to Keychain, restart Docker for Mac. +After adding the CA certificate to Keychain, restart Docker Desktop for Mac. ### Windows @@ -46,7 +46,7 @@ Then, select the following options: [Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal). -After adding the CA certificate to Windows, restart Docker for Windows. +After adding the CA certificate to Windows, restart Docker Desktop for Windows. ### Ubuntu/ Debian From e1712a39a6ac0be735d9df16a75017c72280b504 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:11:06 -0500 Subject: [PATCH 089/361] Update configure-your-notary-client.md --- .../2.5/guides/user/access-dtr/configure-your-notary-client.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datacenter/dtr/2.5/guides/user/access-dtr/configure-your-notary-client.md b/datacenter/dtr/2.5/guides/user/access-dtr/configure-your-notary-client.md index aee56a291b..7edd727e2f 100644 --- a/datacenter/dtr/2.5/guides/user/access-dtr/configure-your-notary-client.md +++ b/datacenter/dtr/2.5/guides/user/access-dtr/configure-your-notary-client.md @@ -28,7 +28,7 @@ you're using: ## Download the Notary CLI client -If you're using Docker for Mac or Docker for Windows, you already have the +If you're using Docker Desktop for Mac or Docker Desktop for Windows, you already have the `notary` command installed. If you're running Docker on a Linux distribution, you can [download Notary From cce9e2c714f603f7d837ab985ae5ed2f301dd455 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:12:29 -0500 Subject: [PATCH 090/361] Update index.md --- datacenter/dtr/2.5/guides/user/access-dtr/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/datacenter/dtr/2.5/guides/user/access-dtr/index.md b/datacenter/dtr/2.5/guides/user/access-dtr/index.md index d22a84c15c..58f76276c8 100644 --- a/datacenter/dtr/2.5/guides/user/access-dtr/index.md +++ b/datacenter/dtr/2.5/guides/user/access-dtr/index.md @@ -29,7 +29,7 @@ In your browser navigate to `https:///ca` to download the TLS certificate used by DTR. Then [add that certificate to macOS Keychain](https://support.apple.com/kb/PH20129). -After adding the CA certificate to Keychain, restart Docker for Mac. +After adding the CA certificate to Keychain, restart Docker Desktop for Mac. ### Windows @@ -46,7 +46,7 @@ Then, select the following options: [Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal). -After adding the CA certificate to Windows, restart Docker for Windows. +After adding the CA certificate to Windows, restart Docker Desktop for Windows. ### Ubuntu/ Debian From be8ceaa893f2f05fbb34126aab181778905071c8 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:13:42 -0500 Subject: [PATCH 091/361] Update configure-your-notary-client.md --- .../2.2/guides/user/access-dtr/configure-your-notary-client.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datacenter/dtr/2.2/guides/user/access-dtr/configure-your-notary-client.md b/datacenter/dtr/2.2/guides/user/access-dtr/configure-your-notary-client.md index 59bcb2e0e3..81ec1893b2 100644 --- a/datacenter/dtr/2.2/guides/user/access-dtr/configure-your-notary-client.md +++ b/datacenter/dtr/2.2/guides/user/access-dtr/configure-your-notary-client.md @@ -20,7 +20,7 @@ client bundle, that UCP can trace back to your user account. ## Download the Notary CLI client -If you're using Docker for Mac or Docker for Windows, you already have the +If you're using Docker Desktop for Mac or Docker Desktop for Windows, you already have the `notary` command installed. If you're running Docker on a Linux distribution, you can [download the From 0cc6aeb654f6a4531169fec1f648d3df6ccc46e8 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:15:37 -0500 Subject: [PATCH 092/361] Update configure-your-notary-client.md --- .../2.3/guides/user/access-dtr/configure-your-notary-client.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datacenter/dtr/2.3/guides/user/access-dtr/configure-your-notary-client.md b/datacenter/dtr/2.3/guides/user/access-dtr/configure-your-notary-client.md index 2142a73f7e..dda26ddabe 100644 --- a/datacenter/dtr/2.3/guides/user/access-dtr/configure-your-notary-client.md +++ b/datacenter/dtr/2.3/guides/user/access-dtr/configure-your-notary-client.md @@ -20,7 +20,7 @@ client bundle, that UCP can trace back to your user account. ## Download the Notary CLI client -If you're using Docker for Mac or Docker for Windows, you already have the +If you're using Docker Desktop for Mac or Docker Desktop for Windows, you already have the `notary` command installed. If you're running Docker on a Linux distribution, you can [download the From 3a97eec35ae3b244ecdc9c0b157257b356450db4 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:17:16 -0500 Subject: [PATCH 093/361] Update select-storage-driver.md --- storage/storagedriver/select-storage-driver.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/storage/storagedriver/select-storage-driver.md b/storage/storagedriver/select-storage-driver.md index 4df14fcc71..f488b2a736 100644 --- a/storage/storagedriver/select-storage-driver.md +++ b/storage/storagedriver/select-storage-driver.md @@ -140,9 +140,9 @@ storage driver, be sure to read about > have a lower priority than issues encountered when using a recommended > configuration. -### Docker for Mac and Docker for Windows +### Docker Desktop for Mac and Docker Desktop for Windows -Docker for Mac and Docker for Windows are intended for development, rather +Docker Desktop for Mac and Docker Desktop for Windows are intended for development, rather than production. Modifying the storage driver on these platforms is not possible. From f052758c434a81438832d1c3b770ab285657af62 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:18:46 -0500 Subject: [PATCH 094/361] Update part3.md --- get-started/part3.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/get-started/part3.md b/get-started/part3.md index 4d1c85ec40..c9baf3cc60 100644 --- a/get-started/part3.md +++ b/get-started/part3.md @@ -9,8 +9,8 @@ description: Learn how to define load-balanced and scalable service that runs co - [Install Docker version 1.13 or higher](/engine/installation/index.md). -- Get [Docker Compose](/compose/overview.md). On [Docker for -Mac](/docker-for-mac/index.md) and [Docker for +- Get [Docker Compose](/compose/overview.md). On [Docker Desktop for +Mac](/docker-for-mac/index.md) and [Docker Desktop for Windows](/docker-for-windows/index.md) it's pre-installed, so you're good-to-go. On Linux systems you need to [install it directly](https://github.com/docker/compose/releases). On pre Windows 10 systems From f301faa09c7b472145647de23a7fbb5407d55238 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:42:19 -0500 Subject: [PATCH 095/361] Update network-tutorial-macvlan.md --- network/network-tutorial-macvlan.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/network-tutorial-macvlan.md b/network/network-tutorial-macvlan.md index 31000e99b7..4852f6f3ed 100644 --- a/network/network-tutorial-macvlan.md +++ b/network/network-tutorial-macvlan.md @@ -22,7 +22,7 @@ container to it. to your networking equipment. - The `macvlan` networking driver only works on Linux hosts, and is not supported - on Docker for Mac, Docker for Windows, or Docker EE for Windows Server. + on Docker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows Server. - You need at least version 3.9 of the Linux kernel, and version 4.0 or higher is recommended. From dba8ed51977d58e63a3fb329727d0ea46f08d1d3 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:43:33 -0500 Subject: [PATCH 096/361] Update baseimages.md --- develop/develop-images/baseimages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/develop/develop-images/baseimages.md b/develop/develop-images/baseimages.md index 1a1d6d41ae..1b22a86e65 100644 --- a/develop/develop-images/baseimages.md +++ b/develop/develop-images/baseimages.md @@ -89,7 +89,7 @@ docker build --tag hello . Don't forget the `.` character at the end, which sets the build context to the current directory. -> **Note**: Because Docker for Mac and Docker for Windows use a Linux VM, +> **Note**: Because Docker Desktop for Mac and Docker Desktop for Windows use a Linux VM, > you need a Linux binary, rather than a Mac or Windows binary. > You can use a Docker container to build it: > From 1dd2f32e20520f7149376bf803aa4cfeb7259e1f Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:44:33 -0500 Subject: [PATCH 097/361] Update my_first_tour.js --- js/my_first_tour.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/my_first_tour.js b/js/my_first_tour.js index ad9f292a10..f3b9e6c081 100644 --- a/js/my_first_tour.js +++ b/js/my_first_tour.js @@ -63,7 +63,7 @@ var tour = { }, { title: "Product Manuals", - content: "Learn about Docker products and tools, such as Docker Hub, UCP, Docker for Mac, or Docker for Windows.", + content: "Learn about Docker products and tools, such as Docker Hub, UCP, Docker Desktop for Mac, or Docker Desktop for Windows.", target: "top-nav", placement: "bottom", width: "570px", From 07da89eccefce50374ec59725f848c00d56051db Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:45:34 -0500 Subject: [PATCH 098/361] Update configure-your-notary-client.md --- .../2.4/guides/user/access-dtr/configure-your-notary-client.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datacenter/dtr/2.4/guides/user/access-dtr/configure-your-notary-client.md b/datacenter/dtr/2.4/guides/user/access-dtr/configure-your-notary-client.md index aee56a291b..7edd727e2f 100644 --- a/datacenter/dtr/2.4/guides/user/access-dtr/configure-your-notary-client.md +++ b/datacenter/dtr/2.4/guides/user/access-dtr/configure-your-notary-client.md @@ -28,7 +28,7 @@ you're using: ## Download the Notary CLI client -If you're using Docker for Mac or Docker for Windows, you already have the +If you're using Docker Desktop for Mac or Docker Desktop for Windows, you already have the `notary` command installed. If you're running Docker on a Linux distribution, you can [download Notary From e277c7641f64d977df07fd45728acee9a30b608e Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:47:11 -0500 Subject: [PATCH 099/361] Update configure-your-notary-client.md --- ee/dtr/user/access-dtr/configure-your-notary-client.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/dtr/user/access-dtr/configure-your-notary-client.md b/ee/dtr/user/access-dtr/configure-your-notary-client.md index 780221be88..c8bb256a43 100644 --- a/ee/dtr/user/access-dtr/configure-your-notary-client.md +++ b/ee/dtr/user/access-dtr/configure-your-notary-client.md @@ -28,7 +28,7 @@ you're using: ## Download the Notary CLI client -If you're using Docker for Mac or Docker for Windows, you already have the +If you're using Docker Desktop for Mac or Docker Desktop for Windows, you already have the `notary` command installed. If you're running Docker on a Linux distribution, you can [download From b53e24442c79f8ef692068b0fa6dbda78002b6b4 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:48:41 -0500 Subject: [PATCH 100/361] Update kubernetes-mac-win.md --- _includes/kubernetes-mac-win.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_includes/kubernetes-mac-win.md b/_includes/kubernetes-mac-win.md index e4b895d95e..acd4c55dc4 100644 --- a/_includes/kubernetes-mac-win.md +++ b/_includes/kubernetes-mac-win.md @@ -10,7 +10,7 @@ Usage: {% include kubernetes-mac-win.md platform="mac" %} {% endcomment %} {% if platform == "mac" %} - {% assign product = "Docker for Mac" %} + {% assign product = "Docker Desktop for Mac" %} {% capture min-version %}{{ product }} **17.12 CE Edge**{% endcapture %} @@ -29,7 +29,7 @@ Usage: {% include kubernetes-mac-win.md platform="mac" %} {% assign kubectl-path = "/usr/local/bin/kubectl" %} {% elsif platform == "windows" %} - {% assign product = "Docker for Windows" %} + {% assign product = "Docker Desktop for Windows" %} {% capture min-version %}{{ product }} **18.02 CE Edge**{% endcapture %} From 695bc2a1b2251d87cbe026f72ebf14fc983bcef2 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:50:25 -0500 Subject: [PATCH 101/361] Update wordpress.md --- compose/wordpress.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose/wordpress.md b/compose/wordpress.md index 77868adbb1..eab73ab851 100644 --- a/compose/wordpress.md +++ b/compose/wordpress.md @@ -120,7 +120,7 @@ If you are using [Docker Machine](/machine/index.md), you can run the command `docker-machine ip MACHINE_VM` to get the machine address, and then open `http://MACHINE_VM_IP:8000` in a web browser. -If you are using Docker for Mac or Docker for Windows, you can use +If you are using Docker Desktop for Mac or Docker Desktop for Windows, you can use `http://localhost` as the IP address, and open `http://localhost:8000` in a web browser. From 3a6868732bbc57feef9f68b6077e13d5a2b34ed1 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 14:59:38 -0500 Subject: [PATCH 102/361] Update toc.yaml --- _data/toc.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/_data/toc.yaml b/_data/toc.yaml index d152fa9140..27154602b2 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -3475,16 +3475,16 @@ manuals: title: Sample apps with Compose - path: /release-notes/docker-compose/ title: Docker Compose release notes -- sectiontitle: Docker for Mac +- sectiontitle: Docker Desktop for Mac section: - path: /docker-for-mac/ title: Getting started - path: /docker-for-mac/install/ - title: Install Docker for Mac + title: Install Docker Desktop for Mac - path: /docker-for-mac/kubernetes/ title: Deploy on Kubernetes - path: /docker-for-mac/docker-toolbox/ - title: Docker for Mac vs. Docker Toolbox + title: Docker Desktop for Mac vs. Docker Toolbox - path: /docker-for-mac/multi-arch/ title: Leveraging Multi-CPU architecture support - path: /docker-for-mac/networking/ @@ -3503,12 +3503,12 @@ manuals: title: Stable release notes - path: /docker-for-mac/edge-release-notes/ title: Edge release notes -- sectiontitle: Docker for Windows +- sectiontitle: Docker Desktop for Windows section: - path: /docker-for-windows/ title: Getting started - path: /docker-for-windows/install/ - title: Install Docker for Windows + title: Install Docker Desktop for Windows - path: /docker-for-windows/kubernetes/ title: Deploy on Kubernetes - path: /docker-for-windows/networking/ @@ -3786,10 +3786,10 @@ manuals: - path: /release-notes/docker-engine/ title: Docker (1.13 and earlier) - path: /docker-for-mac/release-notes/ - title: Docker for Mac + title: Docker Desktop for Mac nosync: true - path: /docker-for-windows/release-notes/ - title: Docker for Windows + title: Docker Desktop for Windows nosync: true - path: /release-notes/docker-compose/ title: Docker Compose From 670a052b5246d9c855cd34f011002ce229fc43df Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:03:24 -0500 Subject: [PATCH 103/361] Update part4.md --- get-started/part4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/get-started/part4.md b/get-started/part4.md index 58caacc205..fbbea8ac25 100644 --- a/get-started/part4.md +++ b/get-started/part4.md @@ -12,7 +12,7 @@ description: Learn how to create clusters of Dockerized machines. - Get [Docker Compose](/compose/overview.md) as described in [Part 3 prerequisites](/get-started/part3.md#prerequisites). - Get [Docker Machine](/machine/overview.md), which is pre-installed with -[Docker for Mac](/docker-for-mac/index.md) and [Docker for +[Docker Desktop for Mac](/docker-for-mac/index.md) and [Docker Desktop for Windows](/docker-for-windows/index.md), but on Linux systems you need to [install it directly](/machine/install-machine/#installing-machine-directly). On pre Windows 10 systems _without Hyper-V_, as well as Windows 10 Home, use [Docker Toolbox](/toolbox/overview.md). @@ -491,7 +491,7 @@ with the given command. This disconnects the shell from `docker-machine` created virtual machines, and allows you to continue working in the same shell, now using native `docker` -commands (for example, on Docker for Mac or Docker for Windows). To learn more, +commands (for example, on Docker Desktop for Mac or Docker Desktop for Windows). To learn more, see the [Machine topic on unsetting environment variables](/machine/get-started/#unset-environment-variables-in-the-current-shell). ### Restarting Docker machines From a887def492917436bc8223209dcf387f15f89d96 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:04:49 -0500 Subject: [PATCH 104/361] Update index.md --- config/daemon/index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/daemon/index.md b/config/daemon/index.md index a306442449..4ea6b8f65b 100644 --- a/config/daemon/index.md +++ b/config/daemon/index.md @@ -186,8 +186,8 @@ Run `sudo systemctl daemon-reload` before attempting to start Docker. If Docker successfully, it is now listening on the IP address specified in the `hosts` key of the `daemon.json` instead of a socket. -> **Important**: Setting `hosts` in the `daemon.json` is not supported on Docker for Windows -> or Docker for Mac. +> **Important**: Setting `hosts` in the `daemon.json` is not supported on Docker Desktop for Windows +> or Docker Desktop for Mac. {:.important} @@ -291,8 +291,8 @@ The Docker daemon log can be viewed by using one of the following methods: Linux systems - By running `Get-EventLog -LogName Application -Source Docker -After (Get-Date).AddMinutes(-5) | Sort-Object Time | Export-CSV ~/last5minutes.CSV` on Docker EE for Windows Server -> **Note**: It is not possible to manually generate a stack trace on Docker for -> Mac or Docker for Windows. However, you can click the Docker taskbar icon and +> **Note**: It is not possible to manually generate a stack trace on Docker Desktop for +> Mac or Docker Desktop for Windows. However, you can click the Docker taskbar icon and > choose **Diagnose and feedback** to send information to Docker if you run into > issues. From 92e6fb20391580686b89f25a0ca2eb06bd054068 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:05:51 -0500 Subject: [PATCH 105/361] Update django.md --- compose/django.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose/django.md b/compose/django.md index 794abb1079..334cce96f9 100644 --- a/compose/django.md +++ b/compose/django.md @@ -181,7 +181,7 @@ In this section, you set up the database connection for Django. ``` At this point, your Django app should be running at port `8000` on - your Docker host. On Docker for Mac and Docker for Windows, go + your Docker host. On Docker Desktop for Mac and Docker Desktop for Windows, go to `http://localhost:8000` on a web browser to see the Django welcome page. If you are using [Docker Machine](/machine/overview.md), then `docker-machine ip MACHINE_VM` returns the Docker host IP From 5eb125fcfdec50a3337c1417d3a106bece455644 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:06:56 -0500 Subject: [PATCH 106/361] Update dev-best-practices.md --- develop/dev-best-practices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/develop/dev-best-practices.md b/develop/dev-best-practices.md index c7101b1bcc..0835eb6d71 100644 --- a/develop/dev-best-practices.md +++ b/develop/dev-best-practices.md @@ -125,5 +125,5 @@ updates. | Development | Production | |:--------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Use bind mounts to give your container access to your source code. | Use volumes to store container data. | -| Use Docker for Mac or Docker for Windows. | Use Docker EE if possible, with [userns mapping](/engine/security/userns-remap.md) for greater isolation of Docker processes from host processes. | +| Use Docker Desktop for Mac or Docker Desktop for Windows. | Use Docker EE if possible, with [userns mapping](/engine/security/userns-remap.md) for greater isolation of Docker processes from host processes. | | Don't worry about time drift. | Always run an NTP client on the Docker host and within each container process and sync them all to the same NTP server. If you use swarm services, also ensure that each Docker node syncs its clocks to the same time source as the containers. | From cfe37959566ff86b9adbf42ad34b11cb74114097 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:07:55 -0500 Subject: [PATCH 107/361] Update index.md --- develop/sdk/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/develop/sdk/index.md b/develop/sdk/index.md index 2280ecca8a..ac2d5ddb5f 100644 --- a/develop/sdk/index.md +++ b/develop/sdk/index.md @@ -131,7 +131,7 @@ You can specify the API version to use, in one of the following ways: ### Docker EE and CE API mismatch If you use Docker EE in production, we recommend using Docker EE in development -too. If you can't, such as when your developers use Docker for Mac or Docker for +too. If you can't, such as when your developers use Docker Desktop for Mac or Docker Desktop for Windows and manually build and push images, then your developers need to configure their Docker clients to use the same version of the API reported by their Docker daemon. This prevents the developer from using a feature that is not yet supported From 2788fa1bf0a02bc2c108b2ea89ddb4c5726235b0 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:09:13 -0500 Subject: [PATCH 108/361] Update rails.md --- compose/rails.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose/rails.md b/compose/rails.md index d3f071f78a..11c4894dd8 100644 --- a/compose/rails.md +++ b/compose/rails.md @@ -190,7 +190,7 @@ Created database 'myapp_test' That's it. Your app should now be running on port 3000 on your Docker daemon. -On Docker for Mac and Docker for Windows, go to `http://localhost:3000` on a web +On Docker Desktop for Mac and Docker Desktop for Windows, go to `http://localhost:3000` on a web browser to see the Rails Welcome. If you are using [Docker Machine](/machine/overview.md), then `docker-machine ip From 77077e06a394356d24203fec32c11aba30e8ac39 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:10:34 -0500 Subject: [PATCH 109/361] Update index.md --- storage/storagedriver/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/storagedriver/index.md b/storage/storagedriver/index.md index ec7ea38565..9b3cbd51ea 100644 --- a/storage/storagedriver/index.md +++ b/storage/storagedriver/index.md @@ -329,7 +329,7 @@ To verify the way that copy-on-write works, the following procedures spins up 5 containers based on the `acme/my-final-image:1.0` image we built earlier and examines how much room they take up. -> **Note**: This procedure doesn't work on Docker for Mac or Docker for Windows. +> **Note**: This procedure doesn't work on Docker Desktop for Mac or Docker Desktop for Windows. 1. From a terminal on your Docker host, run the following `docker run` commands. The strings at the end are the IDs of each container. From 9410403796adf92ee64a3bd1b497309dfcac5610 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:15:44 -0500 Subject: [PATCH 110/361] Update release-notes.md --- docker-for-mac/release-notes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-for-mac/release-notes.md b/docker-for-mac/release-notes.md index 633b024085..45e7261055 100644 --- a/docker-for-mac/release-notes.md +++ b/docker-for-mac/release-notes.md @@ -1,6 +1,6 @@ --- description: Change log / release notes per Stable release -keywords: Docker for Mac, stable, release notes +keywords: Docker Desktop for Mac, stable, release notes redirect_from: - /mackit/release-notes/ title: Docker for Mac Stable release notes @@ -16,7 +16,7 @@ Release notes for _stable_ releases are listed below, [_edge_ release notes](edge-release-notes) are also available. (Following the CE release model, 'beta' releases are called 'edge' releases.) You can learn about both kinds of releases, and download stable and edge product installers at [Download Docker -for Mac](install.md#download-docker-for-mac). +Desktop for Mac](install.md#download-docker-for-mac). ## Stable Releases of 2018 From af3a5a96d50e5a588576dc25703c0ece60d5d6f0 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:19:34 -0500 Subject: [PATCH 111/361] Update docker-toolbox.md --- docker-for-mac/docker-toolbox.md | 64 ++++++++++++++++---------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/docker-for-mac/docker-toolbox.md b/docker-for-mac/docker-toolbox.md index 7d900c8611..126dee365e 100644 --- a/docker-for-mac/docker-toolbox.md +++ b/docker-for-mac/docker-toolbox.md @@ -1,13 +1,13 @@ --- -description: Docker for Mac and Docker Toolbox +description: Docker Desktop for Mac and Docker Toolbox keywords: mac, windows, alpha, beta, toolbox, docker-machine, tutorial redirect_from: - /mackit/docker-toolbox/ -title: Docker for Mac vs. Docker Toolbox +title: Docker Desktop for Mac vs. Docker Toolbox --- If you already have an installation of Docker Toolbox, read these topics -first to learn how Docker for Mac and Docker Toolbox differ, and how they can +first to learn how Docker Desktop for Mac and Docker Toolbox differ, and how they can coexist. ## The Docker Toolbox environment @@ -29,24 +29,24 @@ This setup is shown in the following diagram. ![Docker Toolbox Install](images/toolbox-install.png) -## The Docker for Mac environment +## The Docker Desktop for Mac environment -Docker for Mac is a Mac native application, that you install in `/Applications`. +Docker Desktop for Mac is a Mac native application, that you install in `/Applications`. At installation time, it creates symlinks in `/usr/local/bin` for `docker` and `docker-compose` and others, to the commands in the application bundle, in `/Applications/Docker.app/Contents/Resources/bin`. -Here are some key points to know about Docker for Mac before you get started: +Here are some key points to know about Docker Desktop for Mac before you get started: -* Docker for Mac uses +* Docker Desktop for Mac uses [HyperKit](https://github.com/docker/HyperKit/) instead of Virtual Box. Hyperkit is a lightweight macOS virtualization solution built on top of Hypervisor.framework in macOS 10.10 Yosemite and higher. -* When you install Docker for Mac, machines created with Docker Machine are +* When you install Docker Desktop for Mac, machines created with Docker Machine are not affected. -* Docker for Mac does not use `docker-machine` to provision its VM. +* Docker Desktop for Mac does not use `docker-machine` to provision its VM. The Docker Engine API is exposed on a socket available to the Mac host at `/var/run/docker.sock`. This is the default location Docker and Docker Compose clients use to connect to @@ -56,22 +56,22 @@ Here are some key points to know about Docker for Mac before you get started: This setup is shown in the following diagram. -![Docker for Mac Install](images/docker-for-mac-install.png) +![Docker Desktop for Mac Install](images/docker-for-mac-install.png) -With Docker for Mac, you only get (and only usually need) one VM, managed by Docker -for Mac. Docker for Mac automatically upgrades the Docker client and +With Docker Desktop for Mac, you only get (and only usually need) one VM, managed by Docker +for Mac. Docker Desktop for Mac automatically upgrades the Docker client and daemon when updates are available. -Also note that Docker for Mac can’t route traffic to containers, so you can't +Also note that Docker Desktop for Mac can’t route traffic to containers, so you can't directly access an exposed port on a running container from the hosting machine. If you do need multiple VMs, such as when testing multi-node swarms, you can -continue to use Docker Machine, which operates outside the scope of Docker for -Mac. See [Docker Toolbox and Docker for Mac +continue to use Docker Machine, which operates outside the scope of Docker Desktop for +Mac. See [Docker Toolbox and Docker Desktop for Mac coexistence](docker-toolbox.md#docker-toolbox-and-docker-for-mac-coexistence). -## Setting up to run Docker for Mac +## Setting up to run Docker Desktop for Mac 1. Check whether Toolbox DOCKER environment variables are set: @@ -81,11 +81,11 @@ coexistence](docker-toolbox.md#docker-toolbox-and-docker-for-mac-coexistence). DOCKER_TLS_VERIFY=1 DOCKER_CERT_PATH=/Users//.docker/machine/machines/default - If this command returns no output, you are ready to use Docker for Mac. + If this command returns no output, you are ready to use Docker Desktop for Mac. If it returns output (as shown in the example), unset the `DOCKER` environment variables to make the client talk to the - Docker for Mac Engine (next step). + Docker Desktop for Mac Engine (next step). 2. Run the `unset` command on the following `DOCKER` environment variables to unset them in the current shell. @@ -105,11 +105,11 @@ coexistence](docker-toolbox.md#docker-toolbox-and-docker-for-mac-coexistence). > **Note**: If you have a shell script as part of your profile that sets these > `DOCKER` environment variables automatically each time you open a command -> window, then you need to unset these each time you want to use Docker for Mac. +> window, then you need to unset these each time you want to use Docker Desktop for Mac. -> If you install Docker for Mac on a machine where Docker Toolbox is installed.. +> If you install Docker Desktop for Mac on a machine where Docker Toolbox is installed.. > -> Docker for Mac replaces the `docker` and `docker-compose` command lines in +> Docker Desktop for Mac replaces the `docker` and `docker-compose` command lines in > `/usr/local/bin` with symlinks to its own versions. {:.warning} @@ -117,10 +117,10 @@ See also [Unset environment variables in the current shell](/machine/get-started.md#unset-environment-variables-in-the-current-shell) in the Docker Machine topics. -## Docker Toolbox and Docker for Mac coexistence +## Docker Toolbox and Docker Desktop for Mac coexistence -You can use Docker for Mac and Docker Toolbox together on the same machine. When -you want to use Docker for Mac, make sure all DOCKER environment variables are +You can use Docker Desktop for Mac and Docker Toolbox together on the same machine. When +you want to use Docker Desktop for Mac, make sure all DOCKER environment variables are unset. You can do this in bash with `unset ${!DOCKER_*}`. When you want to use one of the VirtualBox VMs you have set with `docker-machine`, just run a `eval $(docker-machine env default)` (or the name of the machine you want to target). @@ -129,13 +129,13 @@ machine. This setup is represented in the following diagram. -![Docker Toolbox and Docker for Mac coexistence](images/docker-for-mac-and-toolbox.png) +![Docker Toolbox and Docker Desktop for Mac coexistence](images/docker-for-mac-and-toolbox.png) ## Using different versions of Docker tools The coexistence setup works as is as long as your VirtualBox VMs provisioned -with `docker-machine` run the same version of Docker Engine as Docker for Mac. +with `docker-machine` run the same version of Docker Engine as Docker Desktop for Mac. If you need to use VMs running older versions of Docker Engine, you can use a tool like [Docker Version Manager](https://github.com/getcarina/dvm) to manage several versions of docker client. @@ -149,9 +149,9 @@ created with Docker Machine can cause problems (client can't talk to the server or host machines). If you already have [Docker Toolbox](/toolbox/overview/) installed, and then -install Docker for Mac, you might get a newer version of the Docker client. Run +install Docker Desktop for Mac, you might get a newer version of the Docker client. Run `docker version` in a command shell to see client and server versions. In this -example, the client installed with Docker for Mac is `Version: 1.11.1` and the +example, the client installed with Docker Desktop for Mac is `Version: 1.11.1` and the server (which was installed earlier with Toolbox) is Version: 1.11.0. $ docker version @@ -164,7 +164,7 @@ server (which was installed earlier with Toolbox) is Version: 1.11.0. ... Also, if you created machines with Docker Machine (installed with Toolbox) then -upgraded or installed Docker for Mac, you might have machines running different +upgraded or installed Docker Desktop for Mac, you might have machines running different versions of Engine. Run `docker-machine ls` to view version information for the machines you created. In this example, the DOCKER column shows that each machine is running a different version of server. @@ -181,9 +181,9 @@ There are a few ways to address this problem and keep using your older machines. One solution is to use a version manager like [DVM](https://github.com/getcarina/dvm). -## Migrating from Docker Toolbox to Docker for Mac +## Migrating from Docker Toolbox to Docker Desktop for Mac -Docker for Mac does not propose Toolbox image migration as part of its +Docker Desktop for Mac does not propose Toolbox image migration as part of its installer since version 18.01.0. You can migrate existing Docker Toolbox images with the scripts described below. (This migration cannot merge images from both Docker and Toolbox: any existing Docker image is @@ -235,7 +235,7 @@ it](https://docs.docker.com/toolbox/toolbox_install_mac/#how-to-uninstall-toolbo ## How do I uninstall Docker Toolbox? -You might decide that you do not need Toolbox now that you have Docker for Mac, +You might decide that you do not need Toolbox now that you have Docker Desktop for Mac, and want to uninstall it. For details on how to perform a clean uninstall of Toolbox on the Mac, see [How to uninstall Toolbox](/toolbox/toolbox_install_mac.md#how-to-uninstall-toolbox) in the From d361e4407b1ca6af46a2fd0b727c0f9b2746ca59 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:20:47 -0500 Subject: [PATCH 112/361] Update faqs.md --- docker-for-mac/faqs.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docker-for-mac/faqs.md b/docker-for-mac/faqs.md index 0ffb5a9a5d..0a93ba013f 100644 --- a/docker-for-mac/faqs.md +++ b/docker-for-mac/faqs.md @@ -6,23 +6,23 @@ redirect_from: title: Frequently asked questions (FAQ) --- -**Looking for popular FAQs on Docker for Mac?** Check out the +**Looking for popular FAQs on Docker Desktop for Mac?** Check out the [Docker Success Center](http://success.docker.com/){: target="_blank" class="_"} for knowledge base articles, FAQs, technical support for subscription levels, and more. ## Questions about Docker.app ### Stable and Edge channels -**Q: How do I get the Stable or Edge version of Docker for Mac?** +**Q: How do I get the Stable or Edge version of Docker Desktop for Mac?** A: Use the download links for the channels given in the topic -[Download Docker for Mac](install.md#download-docker-for-mac){: target="_blank" class="_"}. +[Download Docker Desktop for Mac](install.md#download-docker-for-mac){: target="_blank" class="_"}. This topic also has more information about the two channels. -**Q: What is the difference between the Stable and Edge versions of Docker for Mac?** +**Q: What is the difference between the Stable and Edge versions of Docker Desktop for Mac?** -A: Two different download channels are available for Docker for Mac: +A: Two different download channels are available for Docker Desktop for Mac: * The **Stable channel** provides a general availability release-ready installer for a fully baked and tested, more reliable app. The Stable version of Docker From 014f7899f3028f81906584afcf0c56690b8eeae2 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:22:13 -0500 Subject: [PATCH 113/361] Update edge-release-notes.md --- docker-for-mac/edge-release-notes.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-for-mac/edge-release-notes.md b/docker-for-mac/edge-release-notes.md index 38c298a28a..3c4298b7b6 100644 --- a/docker-for-mac/edge-release-notes.md +++ b/docker-for-mac/edge-release-notes.md @@ -1,7 +1,7 @@ --- description: Change log / release notes per Edge release -keywords: Docker for Mac, edge, release notes -title: Docker for Mac Edge release notes +keywords: Docker Desktop for Mac, edge, release notes +title: Docker Desktop for Mac Edge release notes --- Here are the main improvements and issues per edge release, starting with the @@ -107,7 +107,7 @@ for Mac](install.md#download-docker-for-mac). * Upgrades - [LinuxKit v0.4](https://github.com/linuxkit/linuxkit/releases/tag/v0.4) - Linux Kernel 4.9.93 with CEPH, DRBD, RBD, MPLS_ROUTING and MPLS_IPTUNNEL enabled - - [Kubernetes 1.10.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.10.md#v1103). If Kubernetes is enabled, the upgrade will be performed automatically when starting Docker for Mac. + - [Kubernetes 1.10.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.10.md#v1103). If Kubernetes is enabled, the upgrade will be performed automatically when starting Docker Desktop for Mac. * Bug fixes and minor changes - Fix VPNKit memory leak. Fixes [moby/vpnkit#371](https://github.com/moby/vpnkit/issues/371) From 0abd45205f01f72cce6559e78774f423535ce136 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:24:42 -0500 Subject: [PATCH 114/361] Update troubleshoot.md --- docker-for-mac/troubleshoot.md | 54 +++++++++++++++++----------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/docker-for-mac/troubleshoot.md b/docker-for-mac/troubleshoot.md index 1b02df8f75..4e412092c4 100644 --- a/docker-for-mac/troubleshoot.md +++ b/docker-for-mac/troubleshoot.md @@ -7,12 +7,12 @@ title: Logs and troubleshooting --- Here is information about how to diagnose and troubleshoot problems, send logs -and communicate with the Docker for Mac team, use our forums and Knowledge Hub, +and communicate with the Docker Desktop for Mac team, use our forums and Knowledge Hub, browse and log issues on GitHub, and find workarounds for known problems. ## Docker Knowledge Hub -**Looking for help with Docker for Mac?** Check out the [Docker Knowledge +**Looking for help with Docker Desktop for Mac?** Check out the [Docker Knowledge Hub](http://success.docker.com/) for knowledge base articles, FAQs, and technical support for various subscription levels. @@ -20,8 +20,8 @@ technical support for various subscription levels. ### In-app diagnostics If you encounter problems for which you do not find solutions in this -documentation, on [Docker for Mac issues on -GitHub](https://github.com/docker/for-mac/issues), or the [Docker for Mac +documentation, on [Docker Desktop for Mac issues on +GitHub](https://github.com/docker/for-mac/issues), or the [Docker Desktop for Mac forum](https://forums.docker.com/c/docker-for-mac), we can help you troubleshoot the log data. @@ -39,7 +39,7 @@ Desktop](https://docs.docker.com/docker-for-mac/faqs/#how-is-personal-data-handl ![Diagnostics & Feedback with ID](images/diagnose-feedback-id.png){:width="600px"} -If you click **Report an issue**, this opens [Docker for Mac issues on +If you click **Report an issue**, this opens [Docker Desktop for Mac issues on GitHub](https://github.com/docker/for-mac/issues/) in your web browser in a "create new issue" template, to be completed before submission. Do not forget to copy/paste your diagnostic ID. @@ -49,9 +49,9 @@ copy/paste your diagnostic ID. ### Diagnosing from the terminal On occasions it is useful to run the diagnostics yourself, for instance if -Docker for Mac cannot start. +Docker Desktop for Mac cannot start. -First locate the `com.docker.diagnose` tool. If you installed Docker for Mac in +First locate the `com.docker.diagnose` tool. If you installed Docker Desktop for Mac in the Applications directory, then it is `/Applications/Docker.app/Contents/MacOS/com.docker.diagnose`. @@ -89,7 +89,7 @@ documentation](v17.12/docker-for-mac/troubleshoot/#logs). #### In a terminal -To watch the live flow of Docker for Mac logs at the command line, run this from +To watch the live flow of Docker Desktop for Mac logs at the command line, run this from your favorite shell. ```bash @@ -127,7 +127,7 @@ ways, and create reports. ### Make sure certificates are set up correctly -Docker for Mac ignores certificates listed under insecure registries, and does +Docker Desktop for Mac ignores certificates listed under insecure registries, and does not send client certificates to them. Commands like `docker run` that attempt to pull from the registry produces error messages on the command line, like this: @@ -145,9 +145,9 @@ As well as on the registry. For example: For more about using client and server side certificates, see [Adding TLS certificates](index.md#adding-tls-certificates) in the Getting Started topic. -### Docker for Mac does not start if Mac user account and home folder are renamed after installing the app +### Docker Desktop for Mac does not start if Mac user account and home folder are renamed after installing the app -See [Do I need to reinstall Docker for Mac if I change the name of my macOS +See [Do I need to reinstall Docker Desktop for Mac if I change the name of my macOS account?](faqs.md#do-i-need-to-reinstall-docker-for-mac-if-i-change-the-name-of-my-macos-account) in the FAQs. @@ -165,10 +165,10 @@ Dockerfile and volume. ### Incompatible CPU detected -Docker for Mac requires a processor (CPU) that supports virtualization and, more +Docker Desktop for Mac requires a processor (CPU) that supports virtualization and, more specifically, the [Apple Hypervisor framework](https://developer.apple.com/library/mac/documentation/DriversKernelHardware/Reference/Hypervisor/). -Docker for Mac is only compatible with Macs that have a CPU that supports the +Docker Desktop for Mac is only compatible with Macs that have a CPU that supports the Hypervisor framework. Most Macs built in 2010 and later support it, as described in the Apple Hypervisor Framework documentation about supported hardware: @@ -189,15 +189,15 @@ If not, the command prints `kern.hv_support: 0`. See also, [Hypervisor Framework Reference](https://developer.apple.com/library/mac/documentation/DriversKernelHardware/Reference/Hypervisor/) -in the Apple documentation, and Docker for Mac system requirements in [What to +in the Apple documentation, and Docker Desktop for Mac system requirements in [What to know before you install](install.md#what-to-know-before-you-install). ### Workarounds for common problems -* If Docker for Mac fails to install or start properly: +* If Docker Desktop for Mac fails to install or start properly: - * Make sure you quit Docker for Mac before installing a new version of the + * Make sure you quit Docker Desktop for Mac before installing a new version of the application (![whale menu](images/whale-x.png){: .inline} → **Quit Docker**). Otherwise, you get an "application in use" error when you try to copy the new app from the `.dmg` to `/Applications`. @@ -216,8 +216,8 @@ know before you install](install.md#what-to-know-before-you-install). * If you use bash, use the following command: `unset ${!DOCKER_*}` * For other shells, unset each environment variable individually as described - in [Setting up to run Docker for - Mac](docker-toolbox.md#setting-up-to-run-docker-for-mac) in [Docker for Mac + in [Setting up to run Docker Desktop for + Mac](docker-toolbox.md#setting-up-to-run-docker-for-mac) in [Docker Desktop for Mac vs. Docker Toolbox](docker-toolbox.md). @@ -226,13 +226,13 @@ know before you install](install.md#what-to-know-before-you-install). incoming connections so that the VM can get an IP address. -* For the `hello-world-nginx` example, Docker for Mac must be running to get to +* For the `hello-world-nginx` example, Docker Desktop for Mac must be running to get to the webserver on `http://localhost/`. Make sure that the Docker whale is showing in the menu bar, and that you run the Docker commands in a shell that - is connected to the Docker for Mac Engine (not Engine from Toolbox). + is connected to the Docker Desktop for Mac Engine (not Engine from Toolbox). Otherwise, you might start the webserver container but get a "web page not available" error when you go to `localhost`. For more on distinguishing - between the two environments, see [Docker for Mac vs. Docker + between the two environments, see [Docker Desktop for Mac vs. Docker Toolbox](docker-toolbox.md).

@@ -249,12 +249,12 @@ know before you install](install.md#what-to-know-before-you-install). ## Known issues -* IPv6 is not (yet) supported on Docker for Mac. +* IPv6 is not (yet) supported on Docker Desktop for Mac. A workaround is provided that auto-filters out the IPv6 addresses in DNS server lists and enables successful network access. For example, `2001:4860:4860::8888` would become `8.8.8.8`. To learn more, see these - issues on GitHub and Docker for Mac forums: + issues on GitHub and Docker Desktop for Mac forums: * [Network timeout when top two DNS servers in /etc/resolv.conf are IPv6 addresses](https://github.com/docker/for-mac/issues/9) @@ -264,7 +264,7 @@ know before you install](install.md#what-to-know-before-you-install).

-* You might encounter errors when using `docker-compose up` with Docker for Mac +* You might encounter errors when using `docker-compose up` with Docker Desktop for Mac (`ValueError: Extra Data`). We've identified this is likely related to data and/or events being passed all at once rather than one by one, so sometimes the data comes back as 2+ objects concatenated and causes an error. @@ -280,13 +280,13 @@ know before you install](install.md#what-to-know-before-you-install).

-* Docker for Mac uses the `HyperKit` hypervisor +* Docker Desktop for Mac uses the `HyperKit` hypervisor (https://github.com/docker/hyperkit) in macOS 10.10 Yosemite and higher. If you are developing with tools that have conflicts with `HyperKit`, such as [Intel Hardware Accelerated Execution Manager (HAXM)](https://software.intel.com/en-us/android/articles/intel-hardware-accelerated-execution-manager/), the current workaround is not to run them at the same time. You can pause - `HyperKit` by quitting Docker for Mac temporarily while you work with HAXM. + `HyperKit` by quitting Docker Desktop for Mac temporarily while you work with HAXM. This allows you to continue work with the other tools and prevent `HyperKit` from interfering. @@ -340,7 +340,7 @@ know before you install](install.md#what-to-know-before-you-install). and roadmap](osxfs.md#performance-issues-solutions-and-roadmap). * If your system does not have access to an NTP server, then after a hibernate - the time seen by Docker for Mac may be considerably out of sync with the host. + the time seen by Docker Desktop for Mac may be considerably out of sync with the host. Furthermore, the time may slowly drift out of sync during use. To manually reset the time after hibernation, run: From 0035e29e893aff94e1b3c31bf3e16a9319bdd997 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:26:05 -0500 Subject: [PATCH 115/361] Update install.md --- docker-for-mac/install.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/docker-for-mac/install.md b/docker-for-mac/install.md index 984d434f27..120ca6cfdb 100644 --- a/docker-for-mac/install.md +++ b/docker-for-mac/install.md @@ -1,10 +1,10 @@ --- -description: How to install Docker for Mac +description: How to install Docker Desktop for Mac keywords: mac, beta, alpha, install, download -title: Install Docker for Mac +title: Install Docker Desktop for Mac --- -To download Docker for Mac, head to Docker Hub. +To download Docker Desktop for Mac, head to Docker Hub. [Download from Docker Hub](https://hub.docker.com/editions/community/docker-ce-desktop-mac){: .button .outline-btn} @@ -13,21 +13,21 @@ To download Docker for Mac, head to Docker Hub. > README FIRST for Docker Toolbox and Docker Machine users > >If you are already running Docker on your machine, first read -[Docker for Mac vs. Docker Toolbox](docker-toolbox.md) to understand the +[Docker Desktop for Mac vs. Docker Toolbox](docker-toolbox.md) to understand the impact of this installation on your existing setup, how to set your environment -for Docker for Mac, and how the two products can coexist. +for Docker Desktop for Mac, and how the two products can coexist. -* **Relationship to Docker Machine**: Installing Docker for Mac does not affect +* **Relationship to Docker Machine**: Installing Docker Desktop for Mac does not affect machines you created with Docker Machine. You have the option to copy containers and images from your local `default` machine (if one exists) to the - new Docker for Mac [HyperKit](https://github.com/docker/HyperKit/) VM. When - you are running Docker for Mac, you do not need Docker Machine nodes running - at all locally (or anywhere else). With Docker for Mac, you have a new, native + new Docker Desktop for Mac [HyperKit](https://github.com/docker/HyperKit/) VM. When + you are running Docker Desktop for Mac, you do not need Docker Machine nodes running + at all locally (or anywhere else). With Docker Desktop for Mac, you have a new, native virtualization system running (HyperKit) which takes the place of the VirtualBox system. To learn more, see - [Docker for Mac vs. Docker Toolbox](docker-toolbox.md). + [Docker Desktop for Mac vs. Docker Toolbox](docker-toolbox.md). -* **System Requirements**: Docker for Mac launches only if all of these +* **System Requirements**: Docker Desktop for Mac launches only if all of these requirements are met. - Mac hardware must be a 2010 or newer model, with Intel's hardware support for memory @@ -41,7 +41,7 @@ for Docker for Mac, and how the two products can coexist. - At least 4GB of RAM - VirtualBox prior to version 4.3.30 must NOT be installed (it is incompatible - with Docker for Mac). If you have a newer version of VirtualBox installed, it's fine. + with Docker Desktop for Mac). If you have a newer version of VirtualBox installed, it's fine. > **Note**: If your system does not satisfy these requirements, you can > install [Docker Toolbox](/toolbox/overview.md), which uses Oracle VirtualBox @@ -51,7 +51,7 @@ for Docker for Mac, and how the two products can coexist. [Docker Engine](/engine/userguide/), Docker CLI client, [Docker Compose](/compose/overview/), [Docker Machine](/machine/overview/), and [Kitematic](/kitematic/userguide.md). -## Install and run Docker for Mac +## Install and run Docker Desktop for Mac 1. Double-click `Docker.dmg` to open the installer, then drag Moby the whale to the Applications folder. @@ -80,13 +80,13 @@ for Docker for Mac, and how the two products can coexist. Preferences and other options. 4. Select **About Docker** to verify that you have the latest version. -Congratulations! You are up and running with Docker for Mac. +Congratulations! You are up and running with Docker Desktop for Mac. ## Where to go next -* [Getting started](index.md) provides an overview of Docker for Mac, basic +* [Getting started](index.md) provides an overview of Docker Desktop for Mac, basic Docker command examples, how to get help or give feedback, and links to all - topics in the Docker for Mac guide. + topics in the Docker Desktop for Mac guide. * [Troubleshooting](troubleshoot.md) describes common problems, workarounds, how to run and submit diagnostics, and submit issues. * [FAQs](faqs.md) provides answers to frequently asked questions. From bccca852e25f1524735d481b59555fb228ada645 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:29:19 -0500 Subject: [PATCH 116/361] Update index.md --- docker-for-mac/index.md | 60 ++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/docker-for-mac/index.md b/docker-for-mac/index.md index 7c72f64381..a3e88804e0 100644 --- a/docker-for-mac/index.md +++ b/docker-for-mac/index.md @@ -11,14 +11,14 @@ redirect_from: - /engine/installation/mac/ - /docker-for-mac/index/ - /docker-for-mac/osx/ -title: Get started with Docker for Mac +title: Get started with Docker Desktop for Mac --- -Welcome to Docker for Mac! Docker is a full development platform for creating -containerized apps, and Docker for Mac is the best way to get started with +Welcome to Docker Desktop for Mac! Docker is a full development platform for creating +containerized apps, and Docker Desktop for Mac is the best way to get started with Docker _on a Mac_. -> See [Install Docker for Mac](install.md){: target="_blank" class="_"} for +> See [Install Docker Desktop for Mac](install.md){: target="_blank" class="_"} for > information on system requirements and stable & edge channels. ## Check versions @@ -119,7 +119,7 @@ General settings are: manually by choosing ![whale menu](images/whale-x.png){: .inline} → **Check for Updates**. -- **Include VM in Time Machine backups** backs up the Docker for Mac virtual +- **Include VM in Time Machine backups** backs up the Docker Desktop for Mac virtual machine. (Disabled by default.) - **Securely store Docker logins in MacOS keychain** stores your Docker login @@ -167,11 +167,11 @@ settings-advanced](images/menu/prefs-advanced.png){:width="400px"} Advanced settings are: -**CPUs**: By default, Docker for Mac is set to use half the number of processors +**CPUs**: By default, Docker Desktop for Mac is set to use half the number of processors available on the host machine. To increase processing power, set this to a higher number; to decrease, lower the number. -**Memory**: By default, Docker for Mac is set to use `2` GB runtime memory, +**Memory**: By default, Docker Desktop for Mac is set to use `2` GB runtime memory, allocated from the total available memory on your Mac. To increase RAM, set this to a higher number; to decrease it, lower the number. @@ -190,7 +190,7 @@ the existing image or replace it. ### Proxies -Docker for Mac detects HTTP/HTTPS Proxy Settings from macOS and automatically +Docker Desktop for Mac detects HTTP/HTTPS Proxy Settings from macOS and automatically propagates these to Docker and to your containers. For example, if you set your proxy settings to `http://proxy.example.com`, Docker uses this proxy when pulling containers. @@ -234,10 +234,10 @@ Select **Basic** to configure the daemon with interactive settings, or select #### Experimental features -Both Docker for Mac Stable and Edge releases have experimental features enabled +Both Docker Desktop for Mac Stable and Edge releases have experimental features enabled on Docker Engine, as described [Docker Experimental Features README](https://github.com/docker/docker-ce/blob/master/components/cli/experimental/README.md){: -target="_blank" class="_"}. If you uncheck **experimental mode**, Docker for Mac +target="_blank" class="_"}. If you uncheck **experimental mode**, Docker Desktop for Mac uses the current generally available release of Docker Engine. > Don't enable experimental features in production @@ -288,7 +288,7 @@ changes when asked. ### Kubernetes -In Docker for Mac [17.12 Edge +In Docker Desktop for Mac [17.12 Edge (mac45)](/docker-for-mac/edge-relese-notes/#docker-community-edition-17120-ce-mac45-2018-01-05) and higher, and [18.06 Stable (mac70)](/docker-for-mac/release-notes/#docker-community-edition-18060-ce-mac70-2018-07-25) @@ -323,7 +323,7 @@ experience conflicts, remove `/usr/local/bin/kubectl`. `/usr/local/bin/kubectl` command is installed on your Mac. When Kubernetes is enabled and running, an additional status bar item displays - at the bottom right of the Docker for Mac Preferences dialog. + at the bottom right of the Docker Desktop for Mac Preferences dialog. ![Installation complete](images/kubernetes/kubernetes-install-complete.png){:width="400px"} @@ -343,7 +343,7 @@ experience conflicts, remove `/usr/local/bin/kubectl`. Kubernetes containers are stopped and removed, and the `/usr/local/bin/kubectl` command is removed. - For more about using the Kubernetes integration with Docker for Mac, see + For more about using the Kubernetes integration with Docker Desktop for Mac, see [Deploy on Kubernetes](kubernetes.md){:target="_blank" class="_"}. ### Reset @@ -362,12 +362,12 @@ Reset settings are: reset to factory defaults (which would cause you to lose settings). * **Reset to factory defaults** - Choose this option to reset all options on - Docker for Mac to its initial state, the same as when it was first installed. + Docker Desktop for Mac to its initial state, the same as when it was first installed. - * **Uninstall** - Choose this option to remove Docker for Mac from your + * **Uninstall** - Choose this option to remove Docker Desktop for Mac from your system. -> Uninstall Docker for Mac from the commandline +> Uninstall Docker Desktop for Mac from the commandline > >To uninstall Docker from Mac from a terminal, run: ` >--uninstall`. If your instance is installed in the default location, this @@ -389,13 +389,13 @@ registries) to your Docker daemon. ### Add custom CA certificates (server side) -All trusted CAs (root or intermediate) are supported. Docker for Mac creates a +All trusted CAs (root or intermediate) are supported. Docker Desktop for Mac creates a certificate bundle of all user-trusted CAs based on the Mac Keychain, and appends it to Moby trusted certificates. So if an enterprise SSL certificate is -trusted by the user on the host, it is trusted by Docker for Mac. +trusted by the user on the host, it is trusted by Docker Desktop for Mac. To manually add a custom, self-signed certificate, start by adding the -certificate to the macOS keychain, which is picked up by Docker for Mac. Here is +certificate to the macOS keychain, which is picked up by Docker Desktop for Mac. Here is an example. ```bash @@ -412,12 +412,12 @@ $ security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychai See also, [Directory structures for certificates](#directory-structures-for-certificates). -> **Note:** You need to restart Docker for Mac after making any changes to the +> **Note:** You need to restart Docker Desktop for Mac after making any changes to the keychain or to the `~/.docker/certs.d` directory in order for the changes to take effect. For a complete explanation of how to do this, see the blog post [Adding -Self-signed Registry Certs to Docker & Docker for +Self-signed Registry Certs to Docker & Docker Desktop for Mac](http://container-solutions.com/adding-self-signed-registry-certs-docker-mac/){:target="_blank" class="_"}. @@ -427,16 +427,16 @@ You can put your client certificates in `~/.docker/certs.d/:/client.cert` and `~/.docker/certs.d/:/client.key`. -When the Docker for Mac application starts up, it copies the `~/.docker/certs.d` +When the Docker Desktop for Mac application starts up, it copies the `~/.docker/certs.d` folder on your Mac to the `/etc/docker/certs.d` directory on Moby (the Docker for Mac `xhyve` virtual machine). -> * You need to restart Docker for Mac after making any changes to the keychain +> * You need to restart Docker Desktop for Mac after making any changes to the keychain > or to the `~/.docker/certs.d` directory in order for the changes to take > effect. > > * The registry cannot be listed as an _insecure registry_ (see [Docker -> Daemon](index.md#docker-daemon)). Docker for Mac ignores certificates listed +> Daemon](index.md#docker-daemon)). Docker Desktop for Mac ignores certificates listed > under insecure registries, and does not send client certificates. Commands > like `docker run` that attempt to pull from the registry produce error > messages on the command line, as well as on the registry. @@ -483,7 +483,7 @@ topics. ## Install shell completion -Docker for Mac comes with scripts to enable completion for the `docker`, +Docker Desktop for Mac comes with scripts to enable completion for the `docker`, `docker-machine`, and `docker-compose` commands. The completion scripts may be found inside `Docker.app`, in the `Contents/Resources/etc/` directory and can be installed both in Bash and Zsh. @@ -521,10 +521,10 @@ ln -s $etc/docker-compose.zsh-completion /usr/local/share/zsh/site-functions/_do ## Give feedback and get help To get help from the community, review current user topics, join or start a -discussion, log on to our [Docker for Mac +discussion, log on to our [Docker Desktop for Mac forum](https://forums.docker.com/c/docker-for-mac){:target="_blank" class="_"}. -To report bugs or problems, log on to [Docker for Mac issues on +To report bugs or problems, log on to [Docker Desktop for Mac issues on GitHub](https://github.com/docker/for-mac/issues){:target="_blank" class="_"}, where you can review community reported issues, and file new ones. See [Logs and Troubleshooting](troubleshoot.md) for more details. @@ -535,16 +535,16 @@ options at the bottom of each docs page. ## Docker Hub You can access your [Docker ID](/docker-id/index.md){:target="_blank" -class="_"} account from within Docker for Mac. +class="_"} account from within Docker Desktop for Mac. ![Docker ID](images/docker-cloud.png){:width="550px"} -From the Docker for Mac menu, sign in to Docker Hub with your Docker ID, or +From the Docker Desktop for Mac menu, sign in to Docker Hub with your Docker ID, or create one. ![Docker ID sign-in](images/menu/sign-in.png){: .with-border width="250px"} -Then use the Docker for Mac menu to create, view, or navigate directly to your +Then use the Docker Desktop for Mac menu to create, view, or navigate directly to your Cloud resources, including **organizations**, **repositories**, and **swarms**. Check out these [Docker Hub topics](/docker-hub/index.md){:target="_blank" From 9f59812fc582188e2f28cc4325cb5a79c19a7858 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:32:40 -0500 Subject: [PATCH 117/361] Update advisories.yaml --- _data/advisories.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/_data/advisories.yaml b/_data/advisories.yaml index f69a8b7ca1..cc8e6b0a03 100644 --- a/_data/advisories.yaml +++ b/_data/advisories.yaml @@ -10,13 +10,13 @@ texts: experimental: "The functionality described on this page is marked as Experimental, and as such, may change before it becomes generally available." rc: "The Swarm mode feature included in Docker Engine 1.12 is a release candidate feature and might be subject to non backward-compatible changes. Some functionality may change before the feature becomes generally available." - docker4mac-beta: "Docker for Mac is currently in public beta. Some functionality may change before the product becomes generally available." - docker4win-beta: "Docker for Windows is currently in public beta. Some functionality may change before the product becomes generally available." - toolbox: "**Legacy desktop solution.** Docker Toolbox is for older Mac and Windows systems that do not meet the requirements of [Docker for Mac](/docker-for-mac/) and [Docker for Windows](/docker-for-windows/). We recommend updating to the newer applications, if possible." - kitematic: "**Legacy desktop solution.** Kitematic is a legacy solution, bundled with [Docker Toolbox](/toolbox/overview/). We recommend updating to [Docker for Mac](/docker-for-mac/) or [Docker for Windows](/docker-for-windows/) if your system meets the requirements for one of those applications." + docker4mac-beta: "Docker Desktop for Mac is currently in public beta. Some functionality may change before the product becomes generally available." + docker4win-beta: "Docker Desktop for Windows is currently in public beta. Some functionality may change before the product becomes generally available." + toolbox: "**Legacy desktop solution.** Docker Toolbox is for older Mac and Windows systems that do not meet the requirements of [Docker Desktop for Mac](/docker-for-mac/) and [Docker Desktop for Windows](/docker-for-windows/). We recommend updating to the newer applications, if possible." + kitematic: "**Legacy desktop solution.** Kitematic is a legacy solution, bundled with [Docker Toolbox](/toolbox/overview/). We recommend updating to [Docker Desktop for Mac](/docker-for-mac/) or [Docker Desktop for Windows](/docker-for-windows/) if your system meets the requirements for one of those applications." swarm: "See [Swarm mode overview](/engine/swarm/) for the orchestration features introduced in Docker Engine 1.12. Only refer to the Docker Swarm documents below for information on the standalone Swarm product." swarm-standalone: "**You are viewing docs for legacy standalone Swarm.** These topics describe standalone Docker Swarm. In Docker 1.12 and higher, [Swarm mode](/engine/swarm/) is integrated with Docker Engine. Most users should use integrated Swarm mode — a good place to start is [Getting started with swarm mode](/engine/swarm/swarm-tutorial/), [Swarm mode CLI commands](/engine/swarm/index.md#swarm-mode-cli-commands), and the [Get started with Docker walkthrough](/get-started/)). Standalone Docker Swarm is not integrated into the Docker Engine API and CLI commands." - engine: "This site contains documentation for the v1.12 release candidate version of Docker Engine. For the Docker Engine v1.11 docs, see [https://docs.docker.com/v1.11/](https://docs.docker.com/v1.11/). Docker for Mac and Docker for Windows are currently in Beta." + engine: "This site contains documentation for the v1.12 release candidate version of Docker Engine. For the Docker Engine v1.11 docs, see [https://docs.docker.com/v1.11/](https://docs.docker.com/v1.11/). Docker Desktop for Mac and Docker Desktop for Windows are currently in Beta." # URL based advisories From 548c172240204334b0694c248f717fd0064394f0 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:35:47 -0500 Subject: [PATCH 118/361] Update toolbox_install_mac.md --- toolbox/toolbox_install_mac.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/toolbox/toolbox_install_mac.md b/toolbox/toolbox_install_mac.md index d80f8df579..98e55287a5 100644 --- a/toolbox/toolbox_install_mac.md +++ b/toolbox/toolbox_install_mac.md @@ -7,7 +7,7 @@ title: Install Docker Toolbox on macOS Docker Toolbox provides a way to use Docker on older Macs that do not meet -minimal system requirements for [Docker for Mac](/docker-for-mac/index.md). +minimal system requirements for [Docker Desktop for Mac](/docker-for-mac/index.md). If you have not done so already, download the installer here: @@ -32,7 +32,7 @@ attach to a small Linux VM on your machine. This VM hosts Docker Engine for you on your Mac. >**Tip**: One of the advantages of the newer -[Docker for Mac](/docker-for-mac/index.md) solution is that +[Docker Desktop for Mac](/docker-for-mac/index.md) solution is that it uses native virtualization and does not require VirtualBox to run Docker. @@ -51,12 +51,12 @@ software. To find out what version of the OS you have: If you aren't using a supported version, you could consider upgrading your operating system. - If you have macOS 10.10.3 Yosemite or newer, consider using [Docker for + If you have macOS 10.10.3 Yosemite or newer, consider using [Docker Desktop for Mac](/docker-for-mac/) instead. It runs natively on the Mac, so there is no need for a pre-configured Docker QuickStart shell. It uses the native macOS Hypervisor framework for virtualization, instead of Oracle VirutalBox. Full - install prerequisites are provided in the Docker for Mac topic in [Docker - for Mac](/docker-for-mac/#what-to-know-before-you-install). + install prerequisites are provided in the Docker Desktop for Mac topic in [Docker + Desktop for Mac](/docker-for-mac/#what-to-know-before-you-install). ## Step 2: Install Docker Toolbox @@ -245,7 +245,7 @@ you created with Docker Machine. In some cases, you might want to keep machines created with Docker Machine. For example, if you plan to re-install Docker Machine as a part of -Docker for Mac you can continue to manage those machines through +Docker Desktop for Mac you can continue to manage those machines through Docker. Or, if you have remote machines on a cloud provider and you plan to manage them using the provider, you wouldn't want to remove them. So the step to remove machines is described here as optional. @@ -271,7 +271,7 @@ To uninstall Toolbox on a Mac, do the following: This step is optional because if you plan to re-install Docker Machine as a part - of [Docker for Mac](/docker-for-mac/index.md), you can import and + of [Docker Desktop for Mac](/docker-for-mac/index.md), you can import and continue to manage those machines through Docker. 3. In your "Applications" folder, remove the "Docker" directory, @@ -284,9 +284,9 @@ To uninstall Toolbox on a Mac, do the following: ``` 5. Remove the `docker`, `docker-compose`, and `docker-machine` commands from - the `/usr/local/bin` folder. Docker for Mac and Brew may also have + the `/usr/local/bin` folder. Docker Desktop for Mac and Brew may also have installed them; in case of doubt leave them, or reinstall them via Brew, or - rerun Docker for Mac (no need to reinstall it). + rerun Docker Desktop for Mac (no need to reinstall it). ``` $ rm -f /usr/local/bin/docker From c2cef4bc02da9db74d5b086f6f9170bf7163b623 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:39:50 -0500 Subject: [PATCH 119/361] Update index.md --- release-notes/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/release-notes/index.md b/release-notes/index.md index d86253c4e5..92ee971e5e 100644 --- a/release-notes/index.md +++ b/release-notes/index.md @@ -9,8 +9,8 @@ Find out what's new in Docker products! - [Docker Enterprise and Community Engine](/engine/release-notes) - [Docker Trusted Registry](/ee/dtr/release-notes/) - [Docker Universal Control Plane](/ee/ucp/release-notes/) -- [Docker for Mac](/docker-for-mac/release-notes.md) ([Edge Releases](/docker-for-mac/edge-release-notes.md)) -- [Docker for Windows](/docker-for-windows/release-notes.md) ([Edge Releases](/docker-for-windows/edge-release-notes.md)) +- [Docker Desktop for Mac](/docker-for-mac/release-notes.md) ([Edge Releases](/docker-for-mac/edge-release-notes.md)) +- [Docker Desktop for Windows](/docker-for-windows/release-notes.md) ([Edge Releases](/docker-for-windows/edge-release-notes.md)) - [Docker for Azure](/docker-for-azure/release-notes.md) or [Docker for AWS](/docker-for-aws/release-notes.md) - [Docker Compose](docker-compose.md) - [Docker Machine](docker-machine.md) From d46c74430432072ade46bd8650006ed1663b40c3 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:43:15 -0500 Subject: [PATCH 120/361] Update networking.md --- docker-for-mac/networking.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docker-for-mac/networking.md b/docker-for-mac/networking.md index 0376286d58..c7f8d2110b 100644 --- a/docker-for-mac/networking.md +++ b/docker-for-mac/networking.md @@ -3,19 +3,19 @@ description: Networking keywords: mac, networking redirect_from: - /mackit/networking/ -title: Networking features in Docker for Mac +title: Networking features in Docker Desktop for Mac --- {% assign Arch = 'Mac' %} -Docker for {{Arch}} provides several networking features to make it +Docker Desktop for {{Arch}} provides several networking features to make it easier to use. ## Features ### VPN Passthrough -Docker for {{Arch}}'s networking can work when attached to a VPN. To do this, -Docker for {{Arch}} intercepts traffic from the containers and injects it into +Docker Desktop for {{Arch}}'s networking can work when attached to a VPN. To do this, +Docker Desktop for {{Arch}} intercepts traffic from the containers and injects it into {{Arch}} as if it originated from the Docker application. ### Port Mapping @@ -26,7 +26,7 @@ When you run a container with the `-p` argument, for example: $ docker run -p 80:80 -d nginx ``` -Docker for {{Arch}} makes whatever is running on port 80 in the container (in +Docker Desktop for {{Arch}} makes whatever is running on port 80 in the container (in this case, `nginx`) available on port 80 of `localhost`. In this example, the host and container ports are the same. What if you need to specify a different host port? If, for example, you already have something running on port 80 of @@ -45,18 +45,18 @@ See [Proxies](index#proxies). ## Known limitations, use cases, and workarounds -Following is a summary of current limitations on the Docker for {{Arch}} +Following is a summary of current limitations on the Docker Desktop for {{Arch}} networking stack, along with some ideas for workarounds. ### There is no docker0 bridge on macOS -Because of the way networking is implemented in Docker for Mac, you cannot see a +Because of the way networking is implemented in Docker Desktop for Mac, you cannot see a `docker0` interface on the host. This interface is actually within the virtual machine. ### I cannot ping my containers -Docker for Mac can't route traffic to containers. +Docker Desktop for Mac can't route traffic to containers. ### Per-container IP addressing is not possible @@ -72,7 +72,7 @@ The host has a changing IP address (or none if you have no network access). From 18.03 onwards our recommendation is to connect to the special DNS name `host.docker.internal`, which resolves to the internal IP address used by the host. -This is for development purpose and will not work in a production environment outside of Docker for Mac. +This is for development purpose and will not work in a production environment outside of Docker Desktop for Mac. The gateway is also reachable as `gateway.docker.internal`. From c12f6206ffeb1774cdbd6f1710859422536a4f98 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:46:04 -0500 Subject: [PATCH 121/361] Update osxfs.md --- docker-for-mac/osxfs.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docker-for-mac/osxfs.md b/docker-for-mac/osxfs.md index 5df2636310..02e3bfac3f 100644 --- a/docker-for-mac/osxfs.md +++ b/docker-for-mac/osxfs.md @@ -6,14 +6,14 @@ redirect_from: title: File system sharing (osxfs) --- -`osxfs` is a new shared file system solution, exclusive to Docker for Mac. +`osxfs` is a new shared file system solution, exclusive to Docker Desktop for Mac. `osxfs` provides a close-to-native user experience for bind mounting macOS file system trees into Docker containers. To this end, `osxfs` features a number of unique capabilities as well as differences from a classical Linux file system. ### Case sensitivity -With Docker for Mac, file systems operate in containers in the same way as they +With Docker Desktop for Mac, file systems operate in containers in the same way as they operate in macOS. If a file system on macOS is case-insensitive, that behavior is shared by any bind mount from macOS into a container. @@ -31,7 +31,7 @@ on case-insensitivity to function. ### Access control `osxfs`, and therefore Docker, can access only those file system resources that -the Docker for Mac user has access to. `osxfs` does not run as `root`. If the macOS +the Docker Desktop for Mac user has access to. `osxfs` does not run as `root`. If the macOS user is an administrator, `osxfs` inherits those administrator privileges. We are still evaluating which privileges to drop in the file system process to balance security and ease-of-use. `osxfs` performs no additional permissions @@ -160,7 +160,7 @@ between macOS userspace processes and the macOS kernel. With regard to reported performance issues ([GitHub issue 77: File access in mounted volumes extremely slow](https://github.com/docker/for-mac/issues/77)), -and a similar thread on [Docker for Mac forums on topic: File access in mounted +and a similar thread on [Docker Desktop for Mac forums on topic: File access in mounted volumes extremely slow](https://forums.docker.com/t/file-access-in-mounted-volumes-extremely-slow-cpu-bound/), this topic provides an explanation of the issues, recent progress in addressing @@ -176,7 +176,7 @@ mentioned. We want to surface it in the documentation for wider reach. Perhaps the most important thing to understand is that shared file system performance is multi-dimensional. This means that, depending on your workload, you may experience exceptional, adequate, or poor performance with `osxfs`, the -file system server in Docker for Mac. File system APIs are very wide (20-40 +file system server in Docker Desktop for Mac. File system APIs are very wide (20-40 message types) with many intricate semantics involving on-disk state, in-memory cache state, and concurrent access by multiple processes. Additionally, `osxfs` integrates a mapping between macOS's FSEvents API and Linux's `inotify` API @@ -207,7 +207,7 @@ haven't implemented all those improvements yet (more on this below in [What you can do](osxfs.md#what-you-can-do)). A second approach to improving performance is to reduce the number of -roundtrips by caching data. Recent versions of Docker for Mac (17.04 onwards) +roundtrips by caching data. Recent versions of Docker Desktop for Mac (17.04 onwards) include caching support that brings significant (2-4×) improvements to many applications. Much of the overhead of osxfs arises from the requirement to keep the container's and the host's view of the file system consistent, but @@ -310,7 +310,7 @@ can be easily tracked. #### What you can expect We continue to work toward an optimized shared file system implementation -on the Edge channel of Docker for Mac. +on the Edge channel of Docker Desktop for Mac. You can expect some of the performance improvement work mentioned above to reach the Edge channel in the coming release cycles. @@ -330,7 +330,7 @@ We hope this gives you a rough idea of where `osxfs` performance is and where it's going. We are treating good performance as a top priority feature of the file system sharing component and we are actively working on improving it through a number of different avenues. The osxfs project started in December -2015. Since the first integration into Docker for Mac in February 2016, we've +2015. Since the first integration into Docker Desktop for Mac in February 2016, we've improved performance by 50x or more for many workloads while achieving nearly complete POSIX compliance and without compromising coherence (it is shared and not simply synced). Of course, in the beginning there was lots of low-hanging From 5213464c900d2394da624225b914e47fdeb97cf8 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:47:00 -0500 Subject: [PATCH 122/361] Update multi-arch.md --- docker-for-mac/multi-arch.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-for-mac/multi-arch.md b/docker-for-mac/multi-arch.md index 80b4d504ce..52e218d1e1 100644 --- a/docker-for-mac/multi-arch.md +++ b/docker-for-mac/multi-arch.md @@ -7,7 +7,7 @@ title: Leverage multi-CPU architecture support notoc: true --- -Docker for Mac provides `binfmt_misc` multi architecture support, so you can run +Docker Desktop for Mac provides `binfmt_misc` multi architecture support, so you can run containers for different Linux architectures, such as `arm`, `mips`, `ppc64le`, and even `s390x`. From b6ed815c32fb45fef3af1f0b258d5481678a2bf1 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:49:15 -0500 Subject: [PATCH 123/361] Update osxfs-caching.md --- docker-for-mac/osxfs-caching.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-for-mac/osxfs-caching.md b/docker-for-mac/osxfs-caching.md index a7c990565a..5e0943756d 100644 --- a/docker-for-mac/osxfs-caching.md +++ b/docker-for-mac/osxfs-caching.md @@ -9,7 +9,7 @@ Edge](/edge/index.md#docker-ce-edge-new-features) adds support for two new flags to the [docker run `-v`, `--volume`](/engine/reference/run/#volume-shared-filesystems) option, `cached` and `delegated`, that can significantly improve the performance -of mounted volume access on Docker for Mac. These options begin to solve some of +of mounted volume access on Docker Desktop for Mac. These options begin to solve some of the challenges discussed in [Performance issues, solutions, and roadmap](osxfs.md#performance-issues-solutions-and-roadmap). @@ -191,7 +191,7 @@ visible to the host, but there may be a delay before writes performed on the host are visible within containers. >**Tip:** To learn more about `cached`, see the article on -[User-guided caching in Docker for Mac](https://blog.docker.com/2017/05/user-guided-caching-in-docker-for-mac/). +[User-guided caching in Docker Desktop for Mac](https://blog.docker.com/2017/05/user-guided-caching-in-docker-for-mac/). 1. Implementations **_must_** obey `delegated` Semantics 1-5. From 1e96404f09b76de94b7e3af9c33b8ba29b513696 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:50:11 -0500 Subject: [PATCH 124/361] Update kubernetes.md --- docker-for-mac/kubernetes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-for-mac/kubernetes.md b/docker-for-mac/kubernetes.md index 1e2cdbce58..bc81d6f078 100644 --- a/docker-for-mac/kubernetes.md +++ b/docker-for-mac/kubernetes.md @@ -1,5 +1,5 @@ --- -description: Deploying to Kubernetes on Docker for Mac +description: Deploying to Kubernetes on Docker Desktop for Mac keywords: mac, edge, kubernetes, kubectl, orchestration title: Deploy on Kubernetes --- From 7d79c203d20a81ca1b69caf66ff72ca42e7f61ef Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:55:08 -0500 Subject: [PATCH 125/361] Update install-cni-plugin.md --- ee/ucp/kubernetes/install-cni-plugin.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/ucp/kubernetes/install-cni-plugin.md b/ee/ucp/kubernetes/install-cni-plugin.md index 4929cb30af..554c754969 100644 --- a/ee/ucp/kubernetes/install-cni-plugin.md +++ b/ee/ucp/kubernetes/install-cni-plugin.md @@ -49,7 +49,7 @@ Use the following commands to get the YAML files for popular CNI plugins. CNI_URL="https://cloud.weave.works/k8s/net?k8s-version=Q2xpZW50IFZlcnNpb246IHZlcnNpb24uSW5mb3tNYWpvcjoiMSIsIE1pbm9yOiI5IiwgR2l0VmVyc2lvbjoidjEuOS4zIiwgR2l0Q29tbWl0OiJkMjgzNTQxNjU0NGYyOThjOTE5ZTJlYWQzYmUzZDA4NjRiNTIzMjNiIiwgR2l0VHJlZVN0YXRlOiJjbGVhbiIsIEJ1aWxkRGF0ZToiMjAxOC0wMi0wN1QxMjoyMjoyMVoiLCBHb1ZlcnNpb246ImdvMS45LjIiLCBDb21waWxlcjoiZ2MiLCBQbGF0Zm9ybToibGludXgvYW1kNjQifQpTZXJ2ZXIgVmVyc2lvbjogdmVyc2lvbi5JbmZve01ham9yOiIxIiwgTWlub3I6IjgrIiwgR2l0VmVyc2lvbjoidjEuOC4yLWRvY2tlci4xNDMrYWYwODAwNzk1OWUyY2UiLCBHaXRDb21taXQ6ImFmMDgwMDc5NTllMmNlYWUxMTZiMDk4ZWNhYTYyNGI0YjI0MjBkODgiLCBHaXRUcmVlU3RhdGU6ImNsZWFuIiwgQnVpbGREYXRlOiIyMDE4LTAyLTAxVDIzOjI2OjE3WiIsIEdvVmVyc2lvbjoiZ28xLjguMyIsIENvbXBpbGVyOiJnYyIsIFBsYXRmb3JtOiJsaW51eC9hbWQ2NCJ9Cg==" ``` If you have kubectl available, for example by using - [Docker for Mac](/docker-for-mac/kubernetes.md), you can use the following + [Docker Desktop for Mac](/docker-for-mac/kubernetes.md), you can use the following command to get the URL for the [Weave](https://www.weave.works/) CNI plugin: ```bash # Get the URL for the Weave CNI plugin. From 4bc888a9c26f6f1f1a6e23bd990fa105405979f8 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 15:59:42 -0500 Subject: [PATCH 126/361] Update bind-mounts.md --- storage/bind-mounts.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/storage/bind-mounts.md b/storage/bind-mounts.md index db7c2708b0..c8d69fd266 100644 --- a/storage/bind-mounts.md +++ b/storage/bind-mounts.md @@ -66,7 +66,7 @@ syntax separates them. Here is a comparison of the syntax for each flag. `private`, `rshared`, `shared`, `rslave`, `slave`. - The [`consistency`](#configure-mount-consistency-for-macos) option, if present, may be one of `consistent`, `delegated`, or `cached`. This setting - only applies to Docker for Mac, and is ignored on all other platforms. + only applies to Docker Desktop for Mac, and is ignored on all other platforms. - The `--mount` flag does not support `z` or `Z` options for modifying selinux labels. @@ -383,9 +383,9 @@ $ docker run -d \ ## Configure mount consistency for macOS -Docker for Mac uses `osxfs` to propagate directories and files shared from macOS +Docker Desktop for Mac uses `osxfs` to propagate directories and files shared from macOS to the Linux VM. This propagation makes these directories and files available to -Docker containers running on Docker for Mac. +Docker containers running on Docker Desktop for Mac. By default, these shares are fully-consistent, meaning that every time a write happens on the macOS host or through a mount in a container, the changes are From 4fae447532010e592502bd33b7d3866f157e18b0 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 16:02:53 -0500 Subject: [PATCH 127/361] Update release-notes.md --- docker-for-windows/release-notes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-for-windows/release-notes.md b/docker-for-windows/release-notes.md index 4bae94eab3..397a685377 100644 --- a/docker-for-windows/release-notes.md +++ b/docker-for-windows/release-notes.md @@ -1,9 +1,9 @@ --- description: Change log / release notes per stable release -keywords: Docker for Windows, stable, release notes +keywords: Docker Desktop for Windows, stable, release notes redirect_from: - /winkit/release-notes/ -title: Docker for Windows Stable Release notes +title: Docker Desktop for Windows Stable Release notes --- Here are the main improvements and issues per stable release, starting with the From b47ac9ae3b943808749503abb723c3678d6dd93e Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 16:10:52 -0500 Subject: [PATCH 128/361] Update index.md --- compose/compose-file/index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/compose/compose-file/index.md b/compose/compose-file/index.md index 7aadd71548..d03635548a 100644 --- a/compose/compose-file/index.md +++ b/compose/compose-file/index.md @@ -1794,13 +1794,13 @@ services: constraints: [node.role == manager] ``` -#### Caching options for volume mounts (Docker for Mac) +#### Caching options for volume mounts (Docker Desktop for Mac) On Docker 17.04 CE Edge and up, including 17.06 CE Edge and Stable, you can configure container-and-host consistency requirements for bind-mounted directories in Compose files to allow for better performance on read/write of volume mounts. These options address issues specific to `osxfs` file sharing, -and therefore are only applicable on Docker for Mac. +and therefore are only applicable on Docker Desktop for Mac. The flags are: @@ -1828,7 +1828,7 @@ services: ``` Full detail on these flags, the problems they solve, and their -`docker run` counterparts is in the Docker for Mac topic [Performance tuning for +`docker run` counterparts is in the Docker Desktop for Mac topic [Performance tuning for volume mounts (shared filesystems)](/docker-for-mac/osxfs-caching.md). ### restart From b932ce75e92d4fc888dc1cd510139636d64041ce Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 16:12:33 -0500 Subject: [PATCH 129/361] Update edge-release-notes.md --- docker-for-windows/edge-release-notes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-for-windows/edge-release-notes.md b/docker-for-windows/edge-release-notes.md index fd234c5f34..af505fbc56 100644 --- a/docker-for-windows/edge-release-notes.md +++ b/docker-for-windows/edge-release-notes.md @@ -1,7 +1,7 @@ --- description: Change log / release notes per edge release -keywords: Docker for Windows, edge, release notes -title: Docker for Windows Edge Release notes +keywords: Docker Desktop for Windows, edge, release notes +title: Docker Desktop for Windows Edge Release notes --- Here are the main improvements and issues per edge release, starting with the From 7b95f9ad5e427d27d139085cd1b86b651c322358 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Fri, 11 Jan 2019 16:15:17 -0500 Subject: [PATCH 130/361] Update secrets.md --- engine/swarm/secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/swarm/secrets.md b/engine/swarm/secrets.md index 3f91419388..e52c644220 100644 --- a/engine/swarm/secrets.md +++ b/engine/swarm/secrets.md @@ -274,7 +274,7 @@ real-world example, continue to This is a very simple example which shows how to use secrets with a Microsoft IIS service running on Docker 17.06 EE on Microsoft Windows Server 2016 or Docker -for Mac 17.06 on Microsoft Windows 10. It is a naive example that stores the +Desktop for Mac 17.06 on Microsoft Windows 10. It is a naive example that stores the webpage in a secret. This example assumes that you have PowerShell installed. From 594f9e1b1a8bd6672d1b0d8c39e350352b2c809f Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 11 Jan 2019 23:18:39 +0000 Subject: [PATCH 131/361] Fix ubuntu installation instructions for EE Was point to a non-existent $DOCKER_EE_VERSION repository, and still had installation instructions for s390x and ppc64el which we do not support with the latest EE release. Signed-off-by: Eli Uriegas --- install/linux/docker-ee/ubuntu.md | 42 +++---------------------------- 1 file changed, 4 insertions(+), 38 deletions(-) diff --git a/install/linux/docker-ee/ubuntu.md b/install/linux/docker-ee/ubuntu.md index e37300f8bd..ff73108186 100644 --- a/install/linux/docker-ee/ubuntu.md +++ b/install/linux/docker-ee/ubuntu.md @@ -137,13 +137,13 @@ from the repository. 4. Temporarily add a `$DOCKER_EE_VERSION` variable into your environment. - > ***NOTE:*** If you need to run Docker EE 2.0, please see the following instructions: + > ***NOTE:*** If you need to run something other than Docker EE 2.0, please see the following instructions: > * [18.03](https://docs.docker.com/v18.03/ee/supported-platforms/) - Older Docker EE Engine only release > * [17.06](https://docs.docker.com/v17.06/engine/installation/) - Docker Enterprise Edition 2.0 (Docker Engine, > UCP, and DTR). ```bash - $ DOCKER_EE_VERSION= + $ DOCKER_EE_VERSION=18.09 ``` 5. Add Docker's official GPG key using your customer Docker EE repository URL: @@ -173,47 +173,13 @@ from the repository. > Ubuntu distribution, such as `xenial`. > - -
-
- ```bash $ sudo add-apt-repository \ - "deb [arch=amd64] $DOCKER_EE_URL/ubuntu \ + "deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu \ $(lsb_release -cs) \ - $DOCKER_EE_VERSION stable" - + stable-$DOCKER_EE_VERSION" ``` -
-
- - ```bash - $ sudo add-apt-repository \ - "deb [arch=s390x] $DOCKER_EE_URL/ubuntu \ - $(lsb_release -cs) \ - $DOCKER_EE_VERSION stable" - - ``` - -
-
- - ```bash - $ sudo add-apt-repository \ - "deb [arch=ppc64el] $DOCKER_EE_URL/ubuntu \ - $(lsb_release -cs) \ - $DOCKER_EE_VERSION stable" - - ``` - -
-
- #### Install Docker EE 1. Update the `apt` package index. From 282d81f63deda7cf786827a10e1b61986b706d36 Mon Sep 17 00:00:00 2001 From: Olly P Date: Sat, 12 Jan 2019 00:16:03 +0000 Subject: [PATCH 132/361] Updated for January Patch --- _config.yml | 23 +++++++++++------------ _data/ddc_offline_files_2.yaml | 30 ++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 12 deletions(-) diff --git a/_config.yml b/_config.yml index 5cd0eb10b6..1e85bce456 100644 --- a/_config.yml +++ b/_config.yml @@ -95,7 +95,7 @@ defaults: - scope: path: "install" values: - win_latest_build: "docker-18.09.0" + win_latest_build: "docker-18.09.1" - scope: path: "datacenter" values: @@ -105,34 +105,34 @@ defaults: values: dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.6.0" + dtr_version: "2.6.1" - scope: path: "datacenter/dtr/2.5" values: hide_from_sitemap: true dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.5.6" + dtr_version: "2.5.7" - scope: path: "datacenter/dtr/2.4" values: hide_from_sitemap: true dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.4.7" + dtr_version: "2.4.8" - scope: path: "datacenter/dtr/2.3" values: hide_from_sitemap: true dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.3.9" + dtr_version: "2.3.10" - scope: path: "datacenter/dtr/2.2" values: ucp_version: "2.1" dtr_version: "2.2" - docker_image: "docker/dtr:2.2.12" + docker_image: "docker/dtr:2.2.11" - scope: path: "datacenter/dtr/2.1" values: @@ -148,30 +148,29 @@ defaults: values: ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "3.1.1" + ucp_version: "3.1.2" - scope: # This is a bit of a hack for the get-support.md topic. path: "ee" values: ucp_org: "docker" ucp_repo: "ucp" dtr_repo: "dtr" - ucp_version: "3.1.1" - dtr_version: "2.6.0" - dtr_latest_image: "docker/dtr:2.6.0" + ucp_version: "3.1.2" + dtr_version: "2.6.1" - scope: path: "datacenter/ucp/3.0" values: hide_from_sitemap: true ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "3.0.7" + ucp_version: "3.0.8" - scope: path: "datacenter/ucp/2.2" values: hide_from_sitemap: true ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "2.2.14" + ucp_version: "2.2.15" - scope: path: "datacenter/ucp/2.1" values: diff --git a/_data/ddc_offline_files_2.yaml b/_data/ddc_offline_files_2.yaml index dc493531a0..27614cb9ba 100644 --- a/_data/ddc_offline_files_2.yaml +++ b/_data/ddc_offline_files_2.yaml @@ -6,6 +6,14 @@ - product: "ucp" version: "3.1" tar-files: + - description: "3.1.2 Linux" + url: https://packages.docker.com/caas/ucp_images_3.1.2.tar.gz + - description: "3.1.2 Windows Server 2016 LTSC" + url: https://packages.docker.com/caas/ucp_images_win_2016_3.1.2.tar.gz + - description: "3.1.2 Windows Server 1709" + url: https://packages.docker.com/caas/ucp_images_win_1709_3.1.2.tar.gz + - description: "3.1.2 Windows Server 1803" + url: https://packages.docker.com/caas/ucp_images_win_1803_3.1.2.tar.gz - description: "3.1.1 Linux" url: https://packages.docker.com/caas/ucp_images_3.1.1.tar.gz - description: "3.1.1 Windows Server 2016 LTSC" @@ -25,6 +33,14 @@ - product: "ucp" version: "3.0" tar-files: + - description: "3.0.8 Linux" + url: https://packages.docker.com/caas/ucp_images_3.0.8.tar.gz + - description: "3.0.8 Windows Server 2016 LTSC" + url: https://packages.docker.com/caas/ucp_images_win_2016_3.0.8.tar.gz + - description: "3.0.8 Windows Server 1709" + url: https://packages.docker.com/caas/ucp_images_win_1709_3.0.8.tar.gz + - description: "3.0.8 Windows Server 1803" + url: https://packages.docker.com/caas/ucp_images_win_1803_3.0.8.tar.gz - description: "3.0.7 Linux" url: https://packages.docker.com/caas/ucp_images_3.0.7.tar.gz - description: "3.0.7 Windows Server 2016 LTSC" @@ -90,6 +106,12 @@ - product: "ucp" version: "2.2" tar-files: + - description: "2.2.15 Linux" + url: https://packages.docker.com/caas/ucp_images_2.2.15.tar.gz + - description: "2.2.15 IBM Z" + url: https://packages.docker.com/caas/ucp_images_s390x_2.2.15.tar.gz + - description: "2.2.15 Windows" + url: https://packages.docker.com/caas/ucp_images_win_2.2.15.tar.gz - description: "2.2.14 Linux" url: https://packages.docker.com/caas/ucp_images_2.2.14.tar.gz - description: "2.2.14 IBM Z" @@ -171,11 +193,15 @@ - product: "dtr" version: "2.6" tar-files: + - description: "DTR 2.6.1 Linux x86" + url: https://packages.docker.com/caas/dtr_images_2.6.1.tar.gz - description: "DTR 2.6.0 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.6.0.tar.gz - product: "dtr" version: "2.5" tar-files: + - description: "DTR 2.5.7 Linux x86" + url: https://packages.docker.com/caas/dtr_images_2.5.7.tar.gz - description: "DTR 2.5.6 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.5.6.tar.gz - description: "DTR 2.5.5 Linux x86" @@ -191,6 +217,8 @@ - product: "dtr" version: "2.4" tar-files: + - description: "DTR 2.4.8 Linux x86" + url: https://packages.docker.com/caas/dtr_images_2.4.8.tar.gz - description: "DTR 2.4.7 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.4.7.tar.gz - description: "DTR 2.4.6 Linux x86" @@ -224,6 +252,8 @@ - product: "dtr" version: "2.3" tar-files: + - description: "DTR 2.3.10" + url: https://packages.docker.com/caas/dtr_images_2.3.10.tar.gz - description: "DTR 2.3.9" url: https://packages.docker.com/caas/dtr_images_2.3.9.tar.gz - description: "DTR 2.3.8" From c73473e9b340bf0c0188fd4153dc57a42dcf1246 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 11 Jan 2019 17:28:39 +0100 Subject: [PATCH 133/361] Remove jessie and wheezy from installation docs These are no longer supported by the current version. Signed-off-by: Sebastiaan van Stijn --- install/linux/docker-ce/debian.md | 57 +++---------------------------- 1 file changed, 4 insertions(+), 53 deletions(-) diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index 231fa7b199..861eba0591 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -27,13 +27,10 @@ and distributions for different Docker editions, see To install Docker CE, you need the 64-bit version of one of these Debian or Raspbian versions: -- Buster 10 (Docker CE 17.11 Edge only) +- Buster 10 - Stretch 9 (stable) / Raspbian Stretch -- Jessie 8 (LTS) / Raspbian Jessie -- Wheezy 7.7 (LTS) -Docker CE is supported on `x86_64` (or `amd64`), `armhf`, and `arm64` architectures for Jessie and -Stretch. +Docker CE is supported on `x86_64` (or `amd64`), `armhf`, and `arm64` architectures. ### Uninstall old versions @@ -49,20 +46,6 @@ It's OK if `apt-get` reports that none of these packages are installed. The contents of `/var/lib/docker/`, including images, containers, volumes, and networks, are preserved. The Docker CE package is now called `docker-ce`. -### Extra steps for Wheezy 7.7 - -- You need at least version 3.10 of the Linux kernel. Debian Wheezy ships with - version 3.2, so you may need to - [update the kernel](https://wiki.debian.org/HowToUpgradeKernel){: target="_blank" class="_" }. - To check your kernel version: - - ```bash - $ uname -r - ``` - -- Enable the `backports` repository. See the - [Debian documentation](https://backports.debian.org/Instructions/){: target="_blank" class"_"}. - ## Install Docker CE You can install Docker CE in different ways, depending on your needs: @@ -104,13 +87,6 @@ from the repository. 2. Install packages to allow `apt` to use a repository over HTTPS: - -
-
- ```bash $ sudo apt-get install \ apt-transport-https \ @@ -120,20 +96,6 @@ from the repository. software-properties-common ``` -
-
- - ```bash - $ sudo apt-get install \ - apt-transport-https \ - ca-certificates \ - curl \ - python-software-properties - ``` - -
-
- 3. Add Docker's official GPG key: ```bash @@ -160,7 +122,7 @@ from the repository. word `stable` in the commands below. > **Note**: The `lsb_release -cs` sub-command below returns the name of your - > Debian distribution, such as `jessie`. + > Debian distribution, such as `stretch`. To also add the **edge** repository, add `edge` after `stable` on the last line of the command. @@ -201,17 +163,6 @@ from the repository.
-5. **Wheezy only**: The version of `add-apt-repository` on Wheezy adds a `deb-src` - repository that does not exist. You need to comment out this repository or - running `apt-get update` fails. Edit `/etc/apt/sources.list`. Find the - line like the following, and comment it out or remove it: - - ```none - deb-src [arch=amd64] https://download.docker.com/linux/debian wheezy stable - ``` - - Save and exit the file. - > **Note**: Starting with Docker 17.06, stable releases are also pushed to > the **edge** and **test** repositories. @@ -248,7 +199,7 @@ from the repository. ```bash $ apt-cache madison docker-ce - docker-ce | {{ site.docker_ce_stable_version }}.0~ce-0~debian | https://download.docker.com/linux/debian jessie/stable amd64 Packages + docker-ce | {{ site.docker_ce_stable_version }}.0~ce-0~debian | https://download.docker.com/linux/debian stretch/stable amd64 Packages ``` b. Install a specific version by its fully qualified package name, which is From 5047fdee863cb65c5da45a49897868154ec07403 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 11 Jan 2019 17:33:45 +0100 Subject: [PATCH 134/361] Remove trusty 14.04, add cosmic 18.10 Signed-off-by: Sebastiaan van Stijn --- install/linux/docker-ce/ubuntu.md | 52 +++++-------------------------- 1 file changed, 8 insertions(+), 44 deletions(-) diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index 4d45d2e4b7..3db26b449a 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -32,13 +32,12 @@ To learn more about Docker EE, see To install Docker CE, you need the 64-bit version of one of these Ubuntu versions: +- Cosmic 18.10 - Bionic 18.04 (LTS) - Xenial 16.04 (LTS) -- Trusty 14.04 (LTS) -Docker CE is supported on Ubuntu on `x86_64`, `arm64`, `armhf`, `s390x` (IBM Z), and `ppc64le` (IBM Power) architectures. - -> **`ppc64le` and `s390x` limitations**: Packages for IBM Z and Power architectures are only available on Ubuntu Xenial and above. +Docker CE is supported on `x86_64` (or `amd64`), `armhf`, `arm64`, `s390x` +(IBM Z), and `ppc64le` (IBM Power) architectures. ### Uninstall old versions @@ -58,45 +57,10 @@ networks, are preserved. The Docker CE package is now called `docker-ce`. Docker CE on Ubuntu supports `overlay2` and `aufs` storage drivers. -- For new installations on version 4 and higher of the Linux kernel, `overlay2` - is supported and preferred over `aufs`. -- For version 3 of the Linux kernel, `aufs` is supported because `overlay` or - `overlay2` drivers are not supported by that kernel version. - -If you need to use `aufs`, you need to do additional preparation as -outlined below. - -#### Extra steps for aufs - - -
-
- -For Ubuntu 16.04 and higher, the Linux kernel includes support for OverlayFS, -and Docker CE uses the `overlay2` storage driver by default. If you need -to use `aufs` instead, you need to configure it manually. -See [aufs](/engine/userguide/storagedriver/aufs-driver.md) - -
-
- -Unless you have a strong reason not to, install the -`linux-image-extra-*` packages, which allow Docker to use the `aufs` storage -drivers. - -```bash -$ sudo apt-get update - -$ sudo apt-get install \ - linux-image-extra-$(uname -r) \ - linux-image-extra-virtual -``` - -
-
+For new installations on version 4 and higher of the Linux kernel, `overlay2` +is supported and preferred over `aufs`. Docker CE uses the `overlay2` +storage driver by default. If you need to use `aufs` instead, you need to +configure it manually. See [aufs](/engine/userguide/storagedriver/aufs-driver.md) ## Install Docker CE @@ -170,7 +134,7 @@ the repository. > Ubuntu distribution, such as `xenial`. Sometimes, in a distribution > like Linux Mint, you might need to change `$(lsb_release -cs)` > to your parent Ubuntu distribution. For example, if you are using - > `Linux Mint Rafaela`, you could use `trusty`. + > `Linux Mint Tessa`, you could use `bionic`.
    From 3f370fb51285b42036eca87809bc8cca193cd37c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 11 Jan 2019 17:35:36 +0100 Subject: [PATCH 135/361] Remove Fedora 26, 27, and add Fedora 28 Fedora 26 and 27 are no longer supported, and no new packages are published for them. Signed-off-by: Sebastiaan van Stijn --- install/linux/docker-ce/fedora.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/install/linux/docker-ce/fedora.md b/install/linux/docker-ce/fedora.md index 00642ac815..b8da3b32f9 100644 --- a/install/linux/docker-ce/fedora.md +++ b/install/linux/docker-ce/fedora.md @@ -25,9 +25,8 @@ and distributions for different Docker editions, see To install Docker, you need the 64-bit version of one of these Fedora versions: -- 26 -- 27 - 28 +- 29 ### Uninstall old versions From 1f6e2aec0d2b9af791665dcd9f19d60ff3ec6886 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 12 Jan 2019 02:01:58 +0100 Subject: [PATCH 136/361] Mention docker.io package as old name Signed-off-by: Sebastiaan van Stijn --- install/linux/docker-ce/debian.md | 4 ++-- install/linux/docker-ce/ubuntu.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index 861eba0591..ca6e6f94a7 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -34,8 +34,8 @@ Docker CE is supported on `x86_64` (or `amd64`), `armhf`, and `arm64` architectu ### Uninstall old versions -Older versions of Docker were called `docker` or `docker-engine`. If these are -installed, uninstall them: +Older versions of Docker were called `docker`, `docker.io `, or `docker-engine`. +If these are installed, uninstall them: ```bash $ sudo apt-get remove docker docker-engine docker.io containerd runc diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index 3db26b449a..3fc9e39d5f 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -41,8 +41,8 @@ Docker CE is supported on `x86_64` (or `amd64`), `armhf`, `arm64`, `s390x` ### Uninstall old versions -Older versions of Docker were called `docker` or `docker-engine`. If these are -installed, uninstall them: +Older versions of Docker were called `docker`, `docker.io `, or `docker-engine`. +If these are installed, uninstall them: ```bash $ sudo apt-get remove docker docker-engine docker.io containerd runc From 6c77747b8e5662c47d78feeda00238769c9d396a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 12 Jan 2019 02:13:03 +0100 Subject: [PATCH 137/361] Align instructions and wording between Ubuntu and Debian Signed-off-by: Sebastiaan van Stijn --- install/linux/docker-ce/debian.md | 41 ++++++++++++++++--------------- install/linux/docker-ce/ubuntu.md | 21 ++++++++-------- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index ca6e6f94a7..aa38d8ce9b 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -77,7 +77,7 @@ from the repository. #### Set up the repository -{% assign download-url-base = 'https://download.docker.com/linux/debian' %} +{% assign download-url-base = "https://download.docker.com/linux/debian" %} 1. Update the `apt` package index: @@ -89,17 +89,17 @@ from the repository. ```bash $ sudo apt-get install \ - apt-transport-https \ - ca-certificates \ - curl \ - gnupg2 \ - software-properties-common + apt-transport-https \ + ca-certificates \ + curl \ + gnupg2 \ + software-properties-common ``` 3. Add Docker's official GPG key: ```bash - $ curl -fsSL {{ download-url-base}}/gpg | sudo apt-key add - + $ curl -fsSL {{ download-url-base }}/gpg | sudo apt-key add - ``` Verify that you now have the key with the fingerprint @@ -146,18 +146,20 @@ from the repository.
    ```bash - $ echo "deb [arch=armhf] {{ download-url-base }} \ - $(lsb_release -cs) stable" | \ - sudo tee /etc/apt/sources.list.d/docker.list + $ sudo add-apt-repository \ + "deb [arch=armhf] {{ download-url-base }} \ + $(lsb_release -cs) \ + stable" ```
    ```bash - $ echo "deb [arch=arm64] {{ download-url-base }} \ - $(lsb_release -cs) stable" | \ - sudo tee /etc/apt/sources.list.d/docker.list + $ sudo add-apt-repository \ + "deb [arch=arm64] {{ download-url-base }} \ + $(lsb_release -cs) \ + stable" ```
    @@ -199,7 +201,7 @@ from the repository. ```bash $ apt-cache madison docker-ce - docker-ce | {{ site.docker_ce_stable_version }}.0~ce-0~debian | https://download.docker.com/linux/debian stretch/stable amd64 Packages + docker-ce | {{ site.docker_ce_stable_version }}.0~ce-0~debian | {{ download-url-base }} stretch/stable amd64 Packages ``` b. Install a specific version by its fully qualified package name, which is @@ -232,8 +234,8 @@ from the repository. container runs, it prints an informational message and exits. Docker CE is installed and running. The `docker` group is created but no users -are added to it. You need to use `sudo` to run Docker -commands. Continue to [Linux postinstall](/install/linux/linux-postinstall.md) to allow +are added to it. You need to use `sudo` to run Docker commands. +Continue to [Linux postinstall](/install/linux/linux-postinstall.md) to allow non-privileged users to run Docker commands and for other optional configuration steps. For Raspbian, you can optionally [install Docker Compose for Raspbian](#install-docker-compose-for-raspbian). @@ -279,15 +281,15 @@ a new file each time you want to upgrade Docker. container runs, it prints an informational message and exits. Docker CE is installed and running. The `docker` group is created but no users -are added to it. You need to use `sudo` to run Docker -commands. Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md) +are added to it. You need to use `sudo` to run Docker commands. +Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md) to allow non-privileged users to run Docker commands and for other optional configuration steps. For Raspbian, you can optionally [install Docker Compose for Raspbian](#install-docker-compose-for-raspbian). #### Upgrade Docker CE -To upgrade Docker, download the newer package file and repeat the +To upgrade Docker CE, download the newer package file and repeat the [installation procedure](#install-from-a-package), pointing to the new file. {% include install-script.md %} @@ -331,5 +333,4 @@ You must delete any edited configuration files manually. ## Next steps - Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md) - - Continue with the [User Guide](/engine/userguide/index.md). diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index 3fc9e39d5f..b8992657f6 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -81,9 +81,9 @@ You can install Docker CE in different ways, depending on your needs: ### Install using the repository -Before you install Docker CE for the first time on a new host machine, you need to -set up the Docker repository. Afterward, you can install and update Docker from -the repository. +Before you install Docker CE for the first time on a new host machine, you need +to set up the Docker repository. Afterward, you can install and update Docker +from the repository. #### Set up the repository @@ -102,6 +102,7 @@ the repository. apt-transport-https \ ca-certificates \ curl \ + gnupg2 \ software-properties-common ``` @@ -213,7 +214,6 @@ the repository. [Learn about **stable** and **edge** channels](/install/index.md). - #### Install Docker CE 1. Update the `apt` package index. @@ -250,7 +250,7 @@ the repository. `docker-ce=18.03.0~ce-0~ubuntu`. ```bash - $ sudo apt-get install docker-ce= + $ sudo apt-get install docker-ce= ``` The Docker daemon starts automatically. @@ -259,7 +259,7 @@ the repository. image. ```bash - $ sudo docker container run hello-world + $ sudo docker run hello-world ``` This command downloads a test image and runs it in a container. When the @@ -305,7 +305,7 @@ a new file each time you want to upgrade Docker CE. image. ```bash - $ sudo docker container run hello-world + $ sudo docker run hello-world ``` This command downloads a test image and runs it in a container. When the @@ -313,9 +313,9 @@ a new file each time you want to upgrade Docker CE. Docker CE is installed and running. The `docker` group is created but no users are added to it. You need to use `sudo` to run Docker commands. -Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md) to allow -non-privileged users to run Docker commands and for other optional configuration -steps. +Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md) +to allow non-privileged users to run Docker commands and for other optional +configuration steps. #### Upgrade Docker CE @@ -345,5 +345,4 @@ You must delete any edited configuration files manually. ## Next steps - Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md) - - Continue with the [User Guide](/engine/userguide/index.md). From 79857767c1013f858d832852615a461ef9f5be1a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 12 Jan 2019 02:20:18 +0100 Subject: [PATCH 138/361] Use consistent wording for s390x and power Signed-off-by: Sebastiaan van Stijn --- install/linux/docker-ce/ubuntu.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index b8992657f6..c1a22df99d 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -143,8 +143,8 @@ from the repository.
  • arm64
  • armhf
  • arm64
    • -
  • IBM Power (ppc64le)
    • -
  • IBM Z (s390x)
    • +
  • ppc64le (IBM Power)
    • +
  • s390x (IBM Z)
From 63e54ff85d309ce61ab07c6d23ef5c8dd409ad80 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 12 Jan 2019 02:23:03 +0100 Subject: [PATCH 139/361] Fix instructions for arm64 being listed twice Signed-off-by: Sebastiaan van Stijn --- install/linux/docker-ce/ubuntu.md | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index c1a22df99d..e329e83702 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -140,9 +140,8 @@ from the repository. @@ -157,17 +156,7 @@ from the repository. ```
-
- - ```bash - $ sudo add-apt-repository \ - "deb [arch=arm64] {{ download-url-base }} \ - $(lsb_release -cs) \ - stable" - ``` - -
-
+
```bash $ sudo add-apt-repository \ @@ -177,7 +166,7 @@ from the repository. ```
-
+
```bash $ sudo add-apt-repository \ From d75ee56ee7f94528bde3b4c647589b5f06a95d1a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 12 Jan 2019 02:53:37 +0100 Subject: [PATCH 140/361] Simplify instructions to install a specific version Signed-off-by: Sebastiaan van Stijn --- install/linux/docker-ce/debian.md | 20 +++++++++++--------- install/linux/docker-ce/ubuntu.md | 21 ++++++++++++--------- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index aa38d8ce9b..4842d88465 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -201,13 +201,15 @@ from the repository. ```bash $ apt-cache madison docker-ce - docker-ce | {{ site.docker_ce_stable_version }}.0~ce-0~debian | {{ download-url-base }} stretch/stable amd64 Packages + docker-ce | 5:18.09.1~3-0~debian-stretch | {{ download-url-base }} stretch/stable amd64 Packages + docker-ce | 5:18.09.0~3-0~debian-stretch | {{ download-url-base }} stretch/stable amd64 Packages + docker-ce | 18.06.1~ce~3-0~debian | {{ download-url-base }} stretch/stable amd64 Packages + docker-ce | 18.06.0~ce~3-0~debian | {{ download-url-base }} stretch/stable amd64 Packages + ... ``` - b. Install a specific version by its fully qualified package name, which is - the package name (`docker-ce`) plus the version string (2nd column) up to - the first hyphen, separated by an equals sign (`=`), for example, - `docker-ce=18.03.0.ce`. + b. Install a specific version using the version string from the second column, + for example, `5:18.09.1~3-0~debian-stretch `. ```bash $ sudo apt-get install docker-ce= @@ -252,10 +254,10 @@ If you cannot use Docker's repository to install Docker CE, you can download the `.deb` file for your release and install it manually. You need to download a new file each time you want to upgrade Docker. -1. Go to `{{ download-url-base }}/dists/`, - choose your Debian version, browse to `pool/stable/`, choose - `amd64`, `armhf`, or `arm64` and download the `.deb` file for the Docker CE version you - want to install. +1. Go to [`{{ download-url-base }}/dists/`]({{ download-url-base }}/dists/){: target="_blank" class="_" }, + choose your Debian version, browse to `pool/stable/`, choose `amd64`, + `armhf`, or `arm64` and download the `.deb` file for the Docker CE version + you want to install. > **Note**: To install an **edge** package, change the word > `stable` in the URL to `edge`. diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index e329e83702..a3e695bb31 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -231,12 +231,15 @@ from the repository. ```bash $ apt-cache madison docker-ce - docker-ce | {{ site.docker_ce_stable_version }}.0~ce-0~ubuntu | {{ download-url-base }} xenial/stable amd64 Packages + docker-ce | 5:18.09.1~3-0~ubuntu-xenial | {{ download-url-base }} xenial/stable amd64 Packages + docker-ce | 5:18.09.0~3-0~ubuntu-xenial | {{ download-url-base }} xenial/stable amd64 Packages + docker-ce | 18.06.1~ce~3-0~ubuntu | {{ download-url-base }} xenial/stable amd64 Packages + docker-ce | 18.06.0~ce~3-0~ubuntu | {{ download-url-base }} xenial/stable amd64 Packages + ... ``` - b. Install a specific version by its fully qualified package name, which is - package name (`docker-ce`) "=" version string (2nd column), for example, - `docker-ce=18.03.0~ce-0~ubuntu`. + b. Install a specific version using the version string from the second column, + for example, `5:18.09.1~3-0~ubuntu-xenial`. ```bash $ sudo apt-get install docker-ce= @@ -270,12 +273,12 @@ to install. If you cannot use Docker's repository to install Docker CE, you can download the `.deb` file for your release and install it manually. You need to download -a new file each time you want to upgrade Docker CE. +a new file each time you want to upgrade Docker. -1. Go to [{{ download-url-base }}/dists/]({{ download-url-base }}/dists/), - choose your Ubuntu version, browse to `pool/stable/` and choose `amd64`, - `arm64`, `armhf`, `ppc64el`, or `s390x`. Download the `.deb` file for the - Docker version you want to install. +1. Go to [`{{ download-url-base }}/dists/`]({{ download-url-base }}/dists/){: target="_blank" class="_" }, + choose your Ubuntu version, browse to `pool/stable/`, choose `amd64`, + `armhf`, `arm64`, `ppc64el`, or `s390x`, and download the `.deb` file for the + Docker CE version you want to install. > **Note**: To install an **edge** package, change the word > `stable` in the URL to `edge`. From ffab79562746bef66ff95491b7cf9cef5d07b628 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 12 Jan 2019 02:55:01 +0100 Subject: [PATCH 141/361] Remove armhf/hello-world, because hello-world is multi-arch now Signed-off-by: Sebastiaan van Stijn --- install/linux/docker-ce/debian.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index 4842d88465..b235e41cc7 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -220,18 +220,10 @@ from the repository. 4. Verify that Docker CE is installed correctly by running the `hello-world` image. - **x86_64**: - ```bash $ sudo docker run hello-world ``` - **armhf**: - - ```bash - $ sudo docker run armhf/hello-world - ``` - This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits. From 2e78ea36503abe96bbd9fc5e9ce645cc3c355c51 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 12 Jan 2019 02:56:42 +0100 Subject: [PATCH 142/361] Remove note about daemon starting automatically The next step already verifies that it's working, so this line is redundant. Signed-off-by: Sebastiaan van Stijn --- install/linux/docker-ce/debian.md | 2 -- install/linux/docker-ce/ubuntu.md | 2 -- 2 files changed, 4 deletions(-) diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index b235e41cc7..c3ed76d624 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -215,8 +215,6 @@ from the repository. $ sudo apt-get install docker-ce= ``` - The Docker daemon starts automatically. - 4. Verify that Docker CE is installed correctly by running the `hello-world` image. diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index a3e695bb31..2c5bec661d 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -245,8 +245,6 @@ from the repository. $ sudo apt-get install docker-ce= ``` - The Docker daemon starts automatically. - 4. Verify that Docker CE is installed correctly by running the `hello-world` image. From a68622b754fc60918229ad16877734724ca180a6 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 12 Jan 2019 03:15:51 +0100 Subject: [PATCH 143/361] Remove installation instructions for hypriot compose This page is meant to install the Docker Engine, not compose, and we should not direct users to non-official (and possibly outdated) versions of Docker Compose. Signed-off-by: Sebastiaan van Stijn --- install/linux/docker-ce/debian.md | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index c3ed76d624..d6d08b026a 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -229,8 +229,7 @@ Docker CE is installed and running. The `docker` group is created but no users are added to it. You need to use `sudo` to run Docker commands. Continue to [Linux postinstall](/install/linux/linux-postinstall.md) to allow non-privileged users to run Docker commands and for other optional configuration -steps. For Raspbian, you can optionally -[install Docker Compose for Raspbian](#install-docker-compose-for-raspbian). +steps. #### Upgrade Docker CE @@ -276,8 +275,7 @@ Docker CE is installed and running. The `docker` group is created but no users are added to it. You need to use `sudo` to run Docker commands. Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md) to allow non-privileged users to run Docker commands and for other optional -configuration steps. For Raspbian, you can optionally -[install Docker Compose for Raspbian](#install-docker-compose-for-raspbian). +configuration steps. #### Upgrade Docker CE @@ -286,24 +284,6 @@ To upgrade Docker CE, download the newer package file and repeat the {% include install-script.md %} -## Install Docker Compose for Raspbian - -You can install Docker Compose using `pip`: - -```bash -$ sudo pip install docker-compose -``` - -[Hypriot](https://hypriot.com/){: target="_blank" class="_" } provides a static -binary of `docker-compose` for Raspbian. It may not always be up to date, but if -space is at a premium, you may find it useful. To use it, first follow Hypriot's -[instructions for setting up the repository](https://blog.hypriot.com/post/your-number-one-source-for-docker-on-arm/){: target="_blank" class="_" }, -then run the following command: - -```bash -sudo apt-get install docker-compose -``` - ## Uninstall Docker CE 1. Uninstall the Docker CE package: From 654d4c5ce26de8990a349427b6f0551ba16a9eea Mon Sep 17 00:00:00 2001 From: markfirmware Date: Sat, 12 Jan 2019 11:09:20 -0500 Subject: [PATCH 144/361] Update overview.md --- machine/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machine/overview.md b/machine/overview.md index 16c63c3485..a940d29ac8 100644 --- a/machine/overview.md +++ b/machine/overview.md @@ -51,7 +51,7 @@ Docker Machine has these two broad use cases. ![Docker Machine on Mac and Windows](img/machine-mac-win.png){: .white-bg} - If you work primarily on an older Mac or Windows laptop or desktop that doesn't meet the requirements for the new [Docker for Mac](/docker-for-mac/index.md) and [Docker for Windows](/docker-for-windows/index.md) apps, then you need Docker Machine run Docker Engine locally. Installing Docker Machine on a Mac or Windows box with the [Docker Toolbox](/toolbox/overview.md) installer provisions a local virtual machine with Docker Engine, gives you the ability to connect it, and run `docker` commands. + If you work primarily on an older Mac or Windows laptop or desktop that doesn't meet the requirements for the new [Docker for Mac](/docker-for-mac/index.md) and [Docker for Windows](/docker-for-windows/index.md) apps, then you need Docker Machine to run Docker Engine locally. Installing Docker Machine on a Mac or Windows box with the [Docker Toolbox](/toolbox/overview.md) installer provisions a local virtual machine with Docker Engine, gives you the ability to connect it, and run `docker` commands. * **I want to provision Docker hosts on remote systems** From 2292bf707d3c564bfa6e3f5295b5e51d7a40a066 Mon Sep 17 00:00:00 2001 From: Anower Jahan Shofol <30428153+Shofol@users.noreply.github.com> Date: Mon, 14 Jan 2019 12:21:51 +0600 Subject: [PATCH 145/361] Update index.md The first image looks smaller and unbalanced. --- get-started/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/get-started/index.md b/get-started/index.md index 36328a270f..13275f3c03 100644 --- a/get-started/index.md +++ b/get-started/index.md @@ -82,7 +82,7 @@ Containerization is increasingly popular because containers are: - Scalable: You can increase and automatically distribute container replicas. - Stackable: You can stack services vertically and on-the-fly. -![Containers are portable](images/laurel-docker-containers.png){:width="300px"} +![Containers are portable](images/laurel-docker-containers.png){:width="100%"} ### Images and containers From 59b9141edf07daefd09226a35b47071c4feb7a87 Mon Sep 17 00:00:00 2001 From: Bryan Heden Date: Mon, 14 Jan 2019 10:33:07 -0600 Subject: [PATCH 146/361] Fix link in security.md Format for "Content trust in Docker" was incorrect. Also updated the link itself to be inline with the rest of them (at the bottom of the page). --- engine/security/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/security/security.md b/engine/security/security.md index f4a761f6e2..7985f5bbb4 100644 --- a/engine/security/security.md +++ b/engine/security/security.md @@ -212,7 +212,7 @@ This feature provides more insight to administrators than previously available w the CLI for enforcing and performing image signature verification. For more information on configuring Docker Content Trust Signature Verificiation, go to -(Content trust in Docker)[engine/security/trust/content_trust]. +[Content trust in Docker](../security/trust/content_trust). ## Other kernel security features From c3914bafd979d71eb0615c10e3e53c4c0392ac0f Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 11 Jan 2019 11:33:04 +0100 Subject: [PATCH 147/361] Remove Engine "Edge" command line reference from navigation Signed-off-by: Sebastiaan van Stijn --- _data/toc.yaml | 388 +------------------------------------------------ 1 file changed, 2 insertions(+), 386 deletions(-) diff --git a/_data/toc.yaml b/_data/toc.yaml index e2045e2984..ba17968190 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -96,9 +96,6 @@ guides: section: - path: /edge/ title: Overview - - path: /edge/engine/reference/commandline/docker/ - title: Docker Edge CLI reference - nosync: true - sectiontitle: Docker Toolbox (legacy) section: - path: /toolbox/overview/ @@ -909,389 +906,8 @@ reference: title: docker volume rm - path: /engine/reference/commandline/wait/ title: docker wait - - - sectiontitle: Edge - section: - - path: /edge/engine/reference/run/ - title: Docker run reference - - path: /edge/engine/reference/commandline/cli/ - title: Use the Docker command line - - path: /edge/engine/reference/commandline/docker/ - title: docker (base command) - - path: /edge/engine/reference/commandline/attach/ - title: docker attach - - path: /edge/engine/reference/commandline/build/ - title: docker build - - sectiontitle: docker checkpoint * - section: - - path: /edge/engine/reference/commandline/checkpoint/ - title: docker checkpoint - - path: /edge/engine/reference/commandline/checkpoint_create/ - title: docker checkpoint create - - path: /edge/engine/reference/commandline/checkpoint_ls/ - title: docker checkpoint ls - - path: /edge/engine/reference/commandline/checkpoint_rm/ - title: docker checkpoint rm - - path: /edge/engine/reference/commandline/commit/ - title: docker commit - - sectiontitle: docker config * - section: - - path: /edge/engine/reference/commandline/config/ - title: docker config - - path: /edge/engine/reference/commandline/config_create/ - title: docker config create - - path: /edge/engine/reference/commandline/config_inspect/ - title: docker config inspect - - path: /edge/engine/reference/commandline/config_ls/ - title: docker config ls - - path: /edge/engine/reference/commandline/config_rm/ - title: docker config rm - - sectiontitle: docker container * - section: - - path: /edge/engine/reference/commandline/container/ - title: docker container - - path: /edge/engine/reference/commandline/container_attach/ - title: docker container attach - - path: /edge/engine/reference/commandline/container_commit/ - title: docker container commit - - path: /edge/engine/reference/commandline/container_cp/ - title: docker container cp - - path: /edge/engine/reference/commandline/container_create/ - title: docker container create - - path: /edge/engine/reference/commandline/container_diff/ - title: docker container diff - - path: /edge/engine/reference/commandline/container_exec/ - title: docker container exec - - path: /edge/engine/reference/commandline/container_export/ - title: docker container export - - path: /edge/engine/reference/commandline/container_inspect/ - title: docker container inspect - - path: /edge/engine/reference/commandline/container_kill/ - title: docker container kill - - path: /edge/engine/reference/commandline/container_logs/ - title: docker container logs - - path: /edge/engine/reference/commandline/container_ls/ - title: docker container ls - - path: /edge/engine/reference/commandline/container_pause/ - title: docker container pause - - path: /edge/engine/reference/commandline/container_port/ - title: docker container port - - path: /edge/engine/reference/commandline/container_prune/ - title: docker container prune - - path: /edge/engine/reference/commandline/container_rename/ - title: docker container rename - - path: /edge/engine/reference/commandline/container_restart/ - title: docker container restart - - path: /edge/engine/reference/commandline/container_rm/ - title: docker container rm - - path: /edge/engine/reference/commandline/container_run/ - title: docker container run - - path: /edge/engine/reference/commandline/container_start/ - title: docker container start - - path: /edge/engine/reference/commandline/container_stats/ - title: docker container stats - - path: /edge/engine/reference/commandline/container_stop/ - title: docker container stop - - path: /edge/engine/reference/commandline/container_top/ - title: docker container top - - path: /edge/engine/reference/commandline/container_unpause/ - title: docker container unpause - - path: /edge/engine/reference/commandline/container_update/ - title: docker container update - - path: /edge/engine/reference/commandline/container_wait/ - title: docker container wait - - path: /edge/engine/reference/commandline/cp/ - title: docker cp - - path: /edge/engine/reference/commandline/create/ - title: docker create - - path: /edge/engine/reference/commandline/deploy/ - title: docker deploy - - path: /edge/engine/reference/commandline/diff/ - title: docker diff - - path: /edge/engine/reference/commandline/events/ - title: docker events - - path: /edge/engine/reference/commandline/exec/ - title: docker exec - - path: /edge/engine/reference/commandline/export/ - title: docker export - - path: /edge/engine/reference/commandline/history/ - title: docker history - - sectiontitle: docker image * - section: - - path: /edge/engine/reference/commandline/image/ - title: docker image - - path: /edge/engine/reference/commandline/image_build/ - title: docker image build - - path: /edge/engine/reference/commandline/image_history/ - title: docker image history - - path: /edge/engine/reference/commandline/image_import/ - title: docker image import - - path: /edge/engine/reference/commandline/image_inspect/ - title: docker image inspect - - path: /edge/engine/reference/commandline/image_load/ - title: docker image load - - path: /edge/engine/reference/commandline/image_ls/ - title: docker image ls - - path: /edge/engine/reference/commandline/image_prune/ - title: docker image prune - - path: /edge/engine/reference/commandline/image_pull/ - title: docker image pull - - path: /edge/engine/reference/commandline/image_push/ - title: docker image push - - path: /edge/engine/reference/commandline/image_rm/ - title: docker image rm - - path: /edge/engine/reference/commandline/image_save/ - title: docker image save - - path: /edge/engine/reference/commandline/image_tag/ - title: docker image tag - - path: /edge/engine/reference/commandline/images/ - title: docker images - - path: /edge/engine/reference/commandline/import/ - title: docker import - - path: /edge/engine/reference/commandline/info/ - title: docker info - - path: /edge/engine/reference/commandline/inspect/ - title: docker inspect - - path: /edge/engine/reference/commandline/kill/ - title: docker kill - - path: /edge/engine/reference/commandline/load/ - title: docker load - - path: /edge/engine/reference/commandline/login/ - title: docker login - - path: /edge/engine/reference/commandline/logout/ - title: docker logout - - path: /edge/engine/reference/commandline/logs/ - title: docker logs - - sectiontitle: docker manifest * - section: - - path: /edge/engine/reference/commandline/manifest/ - title: docker manifest - - path: /edge/engine/reference/commandline/manifest_annotate/ - title: docker manifest annotate - - path: /edge/engine/reference/commandline/manifest_create/ - title: docker manifest create - - path: /edge/engine/reference/commandline/manifest_inspect/ - title: docker manifest inspect - - path: /edge/engine/reference/commandline/manifest_push/ - title: docker manifest push - - sectiontitle: docker network * - section: - - path: /edge/engine/reference/commandline/network/ - title: docker network - - path: /edge/engine/reference/commandline/network_connect/ - title: docker network connect - - path: /edge/engine/reference/commandline/network_create/ - title: docker network create - - path: /edge/engine/reference/commandline/network_disconnect/ - title: docker network disconnect - - path: /edge/engine/reference/commandline/network_inspect/ - title: docker network inspect - - path: /edge/engine/reference/commandline/network_ls/ - title: docker network ls - - path: /edge/engine/reference/commandline/network_prune/ - title: docker network prune - - path: /edge/engine/reference/commandline/network_rm/ - title: docker network rm - - sectiontitle: docker node * - section: - - path: /edge/engine/reference/commandline/node/ - title: docker node - - path: /edge/engine/reference/commandline/node_demote/ - title: docker node demote - - path: /edge/engine/reference/commandline/node_inspect/ - title: docker node inspect - - path: /edge/engine/reference/commandline/node_ls/ - title: docker node ls - - path: /edge/engine/reference/commandline/node_promote/ - title: docker node promote - - path: /edge/engine/reference/commandline/node_ps/ - title: docker node ps - - path: /edge/engine/reference/commandline/node_rm/ - title: docker node rm - - path: /edge/engine/reference/commandline/node_update/ - title: docker node update - - path: /edge/engine/reference/commandline/pause/ - title: docker pause - - sectiontitle: docker plugin * - section: - - path: /edge/engine/reference/commandline/plugin/ - title: docker plugin - - path: /edge/engine/reference/commandline/plugin_create/ - title: docker plugin create - - path: /edge/engine/reference/commandline/plugin_disable/ - title: docker plugin disable - - path: /edge/engine/reference/commandline/plugin_enable/ - title: docker plugin enable - - path: /edge/engine/reference/commandline/plugin_inspect/ - title: docker plugin inspect - - path: /edge/engine/reference/commandline/plugin_install/ - title: docker plugin install - - path: /edge/engine/reference/commandline/plugin_ls/ - title: docker plugin ls - - path: /edge/engine/reference/commandline/plugin_rm/ - title: docker plugin rm - - path: /edge/engine/reference/commandline/plugin_set/ - title: docker plugin set - - path: /edge/engine/reference/commandline/plugin_upgrade/ - title: docker plugin upgrade - - path: /edge/engine/reference/commandline/port/ - title: docker port - - path: /edge/engine/reference/commandline/ps/ - title: docker ps - - path: /edge/engine/reference/commandline/pull/ - title: docker pull - - path: /edge/engine/reference/commandline/push/ - title: docker push - - path: /edge/engine/reference/commandline/rename/ - title: docker rename - - path: /edge/engine/reference/commandline/restart/ - title: docker restart - - path: /edge/engine/reference/commandline/rm/ - title: docker rm - - path: /edge/engine/reference/commandline/rmi/ - title: docker rmi - - path: /edge/engine/reference/commandline/run/ - title: docker run - - path: /edge/engine/reference/commandline/save/ - title: docker save - - path: /edge/engine/reference/commandline/search/ - title: docker search - - sectiontitle: docker secret * - section: - - path: /edge/engine/reference/commandline/secret/ - title: docker secret - - path: /edge/engine/reference/commandline/secret_create/ - title: docker secret create - - path: /edge/engine/reference/commandline/secret_inspect/ - title: docker secret inspect - - path: /edge/engine/reference/commandline/secret_ls/ - title: docker secret ls - - path: /edge/engine/reference/commandline/secret_rm/ - title: docker secret rm - - sectiontitle: docker service * - section: - - path: /edge/engine/reference/commandline/service/ - title: docker service - - path: /edge/engine/reference/commandline/service_create/ - title: docker service create - - path: /edge/engine/reference/commandline/service_inspect/ - title: docker service inspect - - path: /edge/engine/reference/commandline/service_logs/ - title: docker service logs - - path: /edge/engine/reference/commandline/service_ls/ - title: docker service ls - - path: /edge/engine/reference/commandline/service_ps/ - title: docker service ps - - path: /edge/engine/reference/commandline/service_rollback/ - title: docker service rollback - - path: /edge/engine/reference/commandline/service_rm/ - title: docker service rm - - path: /edge/engine/reference/commandline/service_scale/ - title: docker service scale - - path: /edge/engine/reference/commandline/service_update/ - title: docker service update - - sectiontitle: docker stack * - section: - - path: /edge/engine/reference/commandline/stack/ - title: docker stack - - path: /edge/engine/reference/commandline/stack_deploy/ - title: docker stack deploy - - path: /edge/engine/reference/commandline/stack_ps/ - title: docker stack ps - - path: /edge/engine/reference/commandline/stack_rm/ - title: docker stack rm - - path: /edge/engine/reference/commandline/stack_services/ - title: docker stack services - - path: /edge/engine/reference/commandline/start/ - title: docker start - - path: /edge/engine/reference/commandline/stats/ - title: docker stats - - path: /edge/engine/reference/commandline/stop/ - title: docker stop - - sectiontitle: docker swarm * - section: - - path: /edge/engine/reference/commandline/swarm/ - title: docker swarm - - path: /edge/engine/reference/commandline/swarm_ca/ - title: docker swarm ca - - path: /edge/engine/reference/commandline/swarm_init/ - title: docker swarm init - - path: /edge/engine/reference/commandline/swarm_join-token/ - title: docker swarm join-token - - path: /edge/engine/reference/commandline/swarm_join/ - title: docker swarm join - - path: /edge/engine/reference/commandline/swarm_leave/ - title: docker swarm leave - - path: /edge/engine/reference/commandline/swarm_unlock-key/ - title: docker swarm unlock-key - - path: /edge/engine/reference/commandline/swarm_unlock/ - title: docker swarm unlock - - path: /edge/engine/reference/commandline/swarm_update/ - title: docker swarm update - - sectiontitle: docker system * - section: - - path: /edge/engine/reference/commandline/system/ - title: docker system - - path: /edge/engine/reference/commandline/system_df/ - title: docker system df - - path: /edge/engine/reference/commandline/system_events/ - title: docker system events - - path: /edge/engine/reference/commandline/system_info/ - title: docker system info - - path: /edge/engine/reference/commandline/system_prune/ - title: docker system prune - - path: /edge/engine/reference/commandline/tag/ - title: docker tag - - path: /edge/engine/reference/commandline/top/ - title: docker top - - sectiontitle: docker trust * - section: - - path: /edge/engine/reference/commandline/trust/ - title: docker trust - - path: /edge/engine/reference/commandline/trust_inspect/ - title: docker trust inspect - - path: /edge/engine/reference/commandline/trust_key/ - title: docker trust key - - path: /edge/engine/reference/commandline/trust_key_generate/ - title: docker trust key generate - - path: /edge/engine/reference/commandline/trust_key_load/ - title: docker trust key load - - path: /edge/engine/reference/commandline/trust_revoke/ - title: docker trust revoke - - path: /edge/engine/reference/commandline/trust_sign/ - title: docker trust sign - - path: /edge/engine/reference/commandline/trust_signer/ - title: docker trust signer - - path: /edge/engine/reference/commandline/trust_signer_add/ - title: docker trust signer add - - path: /edge/engine/reference/commandline/trust_signer_remove/ - title: docker trust signer remove - - path: /edge/engine/reference/commandline/unpause/ - title: docker unpause - - path: /edge/engine/reference/commandline/update/ - title: docker update - - path: /edge/engine/reference/commandline/version/ - title: docker version - - sectiontitle: docker volume * - section: - - path: /edge/engine/reference/commandline/volume_create/ - title: docker volume create - - path: /edge/engine/reference/commandline/volume_inspect/ - title: docker volume inspect - - path: /edge/engine/reference/commandline/volume_ls/ - title: docker volume ls - - path: /edge/engine/reference/commandline/volume_prune/ - title: docker volume prune - - path: /edge/engine/reference/commandline/volume_rm/ - title: docker volume rm - - path: /edge/engine/reference/commandline/wait/ - title: docker wait - - sectiontitle: Daemon CLI (dockerd) - section: - - title: Daemon CLI (dockerd) - Stable - path: /engine/reference/commandline/dockerd/ - - title: Daemon CLI (dockerd) - Edge - path: /edge/engine/reference/commandline/dockerd/ + - title: Daemon CLI (dockerd) + path: /engine/reference/commandline/dockerd/ - title: Machine (docker-machine) CLI path: /machine/reference/ nosync: true From 5d747c01f301e969f091dc3001c4d8d477c32a41 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 11 Jan 2019 11:55:06 +0100 Subject: [PATCH 148/361] Remove edge/stable sub-heading from navigation Signed-off-by: Sebastiaan van Stijn --- _data/toc.yaml | 748 ++++++++++++++++++++++++------------------------- 1 file changed, 373 insertions(+), 375 deletions(-) diff --git a/_data/toc.yaml b/_data/toc.yaml index ba17968190..48440f8132 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -530,382 +530,380 @@ reference: section: - sectiontitle: Docker CLI (docker) section: - - sectiontitle: Stable + - path: /engine/reference/run/ + title: Docker run reference + - path: /engine/reference/commandline/cli/ + title: Use the Docker command line + - path: /engine/reference/commandline/docker/ + title: docker (base command) + - path: /engine/reference/commandline/attach/ + title: docker attach + - path: /engine/reference/commandline/build/ + title: docker build + - sectiontitle: docker checkpoint * section: - - path: /engine/reference/run/ - title: Docker run reference - - path: /engine/reference/commandline/cli/ - title: Use the Docker command line - - path: /engine/reference/commandline/docker/ - title: docker (base command) - - path: /engine/reference/commandline/attach/ - title: docker attach - - path: /engine/reference/commandline/build/ - title: docker build - - sectiontitle: docker checkpoint * - section: - - path: /engine/reference/commandline/checkpoint/ - title: docker checkpoint - - path: /engine/reference/commandline/checkpoint_create/ - title: docker checkpoint create - - path: /engine/reference/commandline/checkpoint_ls/ - title: docker checkpoint ls - - path: /engine/reference/commandline/checkpoint_rm/ - title: docker checkpoint rm - - path: /engine/reference/commandline/commit/ - title: docker commit - - sectiontitle: docker config * - section: - - path: /engine/reference/commandline/config/ - title: docker config - - path: /engine/reference/commandline/config_create/ - title: docker config create - - path: /engine/reference/commandline/config_inspect/ - title: docker config inspect - - path: /engine/reference/commandline/config_ls/ - title: docker config ls - - path: /engine/reference/commandline/config_rm/ - title: docker config rm - - sectiontitle: docker container * - section: - - path: /engine/reference/commandline/container/ - title: docker container - - path: /engine/reference/commandline/container_attach/ - title: docker container attach - - path: /engine/reference/commandline/container_commit/ - title: docker container commit - - path: /engine/reference/commandline/container_cp/ - title: docker container cp - - path: /engine/reference/commandline/container_create/ - title: docker container create - - path: /engine/reference/commandline/container_diff/ - title: docker container diff - - path: /engine/reference/commandline/container_exec/ - title: docker container exec - - path: /engine/reference/commandline/container_export/ - title: docker container export - - path: /engine/reference/commandline/container_inspect/ - title: docker container inspect - - path: /engine/reference/commandline/container_kill/ - title: docker container kill - - path: /engine/reference/commandline/container_logs/ - title: docker container logs - - path: /engine/reference/commandline/container_ls/ - title: docker container ls - - path: /engine/reference/commandline/container_pause/ - title: docker container pause - - path: /engine/reference/commandline/container_port/ - title: docker container port - - path: /engine/reference/commandline/container_prune/ - title: docker container prune - - path: /engine/reference/commandline/container_rename/ - title: docker container rename - - path: /engine/reference/commandline/container_restart/ - title: docker container restart - - path: /engine/reference/commandline/container_rm/ - title: docker container rm - - path: /engine/reference/commandline/container_run/ - title: docker container run - - path: /engine/reference/commandline/container_start/ - title: docker container start - - path: /engine/reference/commandline/container_stats/ - title: docker container stats - - path: /engine/reference/commandline/container_stop/ - title: docker container stop - - path: /engine/reference/commandline/container_top/ - title: docker container top - - path: /engine/reference/commandline/container_unpause/ - title: docker container unpause - - path: /engine/reference/commandline/container_update/ - title: docker container update - - path: /engine/reference/commandline/container_wait/ - title: docker container wait - - path: /engine/reference/commandline/cp/ - title: docker cp - - path: /engine/reference/commandline/create/ - title: docker create - - path: /engine/reference/commandline/deploy/ - title: docker deploy - - path: /engine/reference/commandline/diff/ - title: docker diff - - path: /engine/reference/commandline/events/ - title: docker events - - path: /engine/reference/commandline/exec/ - title: docker exec - - path: /engine/reference/commandline/export/ - title: docker export - - path: /engine/reference/commandline/history/ - title: docker history - - sectiontitle: docker image * - section: - - path: /engine/reference/commandline/image/ - title: docker image - - path: /engine/reference/commandline/image_build/ - title: docker image build - - path: /engine/reference/commandline/image_history/ - title: docker image history - - path: /engine/reference/commandline/image_import/ - title: docker image import - - path: /engine/reference/commandline/image_inspect/ - title: docker image inspect - - path: /engine/reference/commandline/image_load/ - title: docker image load - - path: /engine/reference/commandline/image_ls/ - title: docker image ls - - path: /engine/reference/commandline/image_prune/ - title: docker image prune - - path: /engine/reference/commandline/image_pull/ - title: docker image pull - - path: /engine/reference/commandline/image_push/ - title: docker image push - - path: /engine/reference/commandline/image_rm/ - title: docker image rm - - path: /engine/reference/commandline/image_save/ - title: docker image save - - path: /engine/reference/commandline/image_tag/ - title: docker image tag - - path: /engine/reference/commandline/images/ - title: docker images - - path: /engine/reference/commandline/import/ - title: docker import - - path: /engine/reference/commandline/info/ - title: docker info - - path: /engine/reference/commandline/inspect/ - title: docker inspect - - path: /engine/reference/commandline/kill/ - title: docker kill - - path: /engine/reference/commandline/load/ - title: docker load - - path: /engine/reference/commandline/login/ - title: docker login - - path: /engine/reference/commandline/logout/ - title: docker logout - - path: /engine/reference/commandline/logs/ - title: docker logs - - sectiontitle: docker manifest * - section: - - path: /engine/reference/commandline/manifest/ - title: docker manifest - - path: /engine/reference/commandline/manifest_annotate/ - title: docker manifest annotate - - path: /engine/reference/commandline/manifest_create/ - title: docker manifest create - - path: /engine/reference/commandline/manifest_inspect/ - title: docker manifest inspect - - path: /engine/reference/commandline/manifest_push/ - title: docker manifest push - - sectiontitle: docker network * - section: - - path: /engine/reference/commandline/network/ - title: docker network - - path: /engine/reference/commandline/network_connect/ - title: docker network connect - - path: /engine/reference/commandline/network_create/ - title: docker network create - - path: /engine/reference/commandline/network_disconnect/ - title: docker network disconnect - - path: /engine/reference/commandline/network_inspect/ - title: docker network inspect - - path: /engine/reference/commandline/network_ls/ - title: docker network ls - - path: /engine/reference/commandline/network_prune/ - title: docker network prune - - path: /engine/reference/commandline/network_rm/ - title: docker network rm - - sectiontitle: docker node * - section: - - path: /engine/reference/commandline/node/ - title: docker node - - path: /engine/reference/commandline/node_demote/ - title: docker node demote - - path: /engine/reference/commandline/node_inspect/ - title: docker node inspect - - path: /engine/reference/commandline/node_ls/ - title: docker node ls - - path: /engine/reference/commandline/node_promote/ - title: docker node promote - - path: /engine/reference/commandline/node_ps/ - title: docker node ps - - path: /engine/reference/commandline/node_rm/ - title: docker node rm - - path: /engine/reference/commandline/node_update/ - title: docker node update - - path: /engine/reference/commandline/pause/ - title: docker pause - - sectiontitle: docker plugin * - section: - - path: /engine/reference/commandline/plugin/ - title: docker plugin - - path: /engine/reference/commandline/plugin_create/ - title: docker plugin create - - path: /engine/reference/commandline/plugin_disable/ - title: docker plugin disable - - path: /engine/reference/commandline/plugin_enable/ - title: docker plugin enable - - path: /engine/reference/commandline/plugin_inspect/ - title: docker plugin inspect - - path: /engine/reference/commandline/plugin_install/ - title: docker plugin install - - path: /engine/reference/commandline/plugin_ls/ - title: docker plugin ls - - path: /engine/reference/commandline/plugin_rm/ - title: docker plugin rm - - path: /engine/reference/commandline/plugin_set/ - title: docker plugin set - - path: /engine/reference/commandline/plugin_upgrade/ - title: docker plugin upgrade - - path: /engine/reference/commandline/port/ - title: docker port - - path: /engine/reference/commandline/ps/ - title: docker ps - - path: /engine/reference/commandline/pull/ - title: docker pull - - path: /engine/reference/commandline/push/ - title: docker push - - path: /engine/reference/commandline/rename/ - title: docker rename - - path: /engine/reference/commandline/restart/ - title: docker restart - - path: /engine/reference/commandline/rm/ - title: docker rm - - path: /engine/reference/commandline/rmi/ - title: docker rmi - - path: /engine/reference/commandline/run/ - title: docker run - - path: /engine/reference/commandline/save/ - title: docker save - - path: /engine/reference/commandline/search/ - title: docker search - - sectiontitle: docker secret * - section: - - path: /engine/reference/commandline/secret/ - title: docker secret - - path: /engine/reference/commandline/secret_create/ - title: docker secret create - - path: /engine/reference/commandline/secret_inspect/ - title: docker secret inspect - - path: /engine/reference/commandline/secret_ls/ - title: docker secret ls - - path: /engine/reference/commandline/secret_rm/ - title: docker secret rm - - sectiontitle: docker service * - section: - - path: /engine/reference/commandline/service/ - title: docker service - - path: /engine/reference/commandline/service_create/ - title: docker service create - - path: /engine/reference/commandline/service_inspect/ - title: docker service inspect - - path: /engine/reference/commandline/service_logs/ - title: docker service logs - - path: /engine/reference/commandline/service_ls/ - title: docker service ls - - path: /engine/reference/commandline/service_ps/ - title: docker service ps - - path: /engine/reference/commandline/service_rollback/ - title: docker service rollback - - path: /engine/reference/commandline/service_rm/ - title: docker service rm - - path: /engine/reference/commandline/service_scale/ - title: docker service scale - - path: /engine/reference/commandline/service_update/ - title: docker service update - - sectiontitle: docker stack * - section: - - path: /engine/reference/commandline/stack/ - title: docker stack - - path: /engine/reference/commandline/stack_deploy/ - title: docker stack deploy - - path: /engine/reference/commandline/stack_ps/ - title: docker stack ps - - path: /engine/reference/commandline/stack_rm/ - title: docker stack rm - - path: /engine/reference/commandline/stack_services/ - title: docker stack services - - path: /engine/reference/commandline/start/ - title: docker start - - path: /engine/reference/commandline/stats/ - title: docker stats - - path: /engine/reference/commandline/stop/ - title: docker stop - - sectiontitle: docker swarm * - section: - - path: /engine/reference/commandline/swarm/ - title: docker swarm - - path: /engine/reference/commandline/swarm_ca/ - title: docker swarm ca - - path: /engine/reference/commandline/swarm_init/ - title: docker swarm init - - path: /engine/reference/commandline/swarm_join-token/ - title: docker swarm join-token - - path: /engine/reference/commandline/swarm_join/ - title: docker swarm join - - path: /engine/reference/commandline/swarm_leave/ - title: docker swarm leave - - path: /engine/reference/commandline/swarm_unlock-key/ - title: docker swarm unlock-key - - path: /engine/reference/commandline/swarm_unlock/ - title: docker swarm unlock - - path: /engine/reference/commandline/swarm_update/ - title: docker swarm update - - sectiontitle: docker system * - section: - - path: /engine/reference/commandline/system/ - title: docker system - - path: /engine/reference/commandline/system_df/ - title: docker system df - - path: /engine/reference/commandline/system_events/ - title: docker system events - - path: /engine/reference/commandline/system_info/ - title: docker system info - - path: /engine/reference/commandline/system_prune/ - title: docker system prune - - path: /engine/reference/commandline/tag/ - title: docker tag - - path: /engine/reference/commandline/top/ - title: docker top - - sectiontitle: docker trust * - section: - - path: /engine/reference/commandline/trust/ - title: docker trust - - path: /engine/reference/commandline/trust_inspect/ - title: docker trust inspect - - path: /engine/reference/commandline/trust_key/ - title: docker trust key - - path: /engine/reference/commandline/trust_key_generate/ - title: docker trust key generate - - path: /engine/reference/commandline/trust_key_load/ - title: docker trust key load - - path: /engine/reference/commandline/trust_revoke/ - title: docker trust revoke - - path: /engine/reference/commandline/trust_sign/ - title: docker trust sign - - path: /engine/reference/commandline/trust_signer/ - title: docker trust signer - - path: /engine/reference/commandline/trust_signer_add/ - title: docker trust signer add - - path: /engine/reference/commandline/trust_signer_remove/ - title: docker trust signer remove - - path: /engine/reference/commandline/unpause/ - title: docker unpause - - path: /engine/reference/commandline/update/ - title: docker update - - path: /engine/reference/commandline/version/ - title: docker version - - sectiontitle: docker volume * - section: - - path: /engine/reference/commandline/volume_create/ - title: docker volume create - - path: /engine/reference/commandline/volume_inspect/ - title: docker volume inspect - - path: /engine/reference/commandline/volume_ls/ - title: docker volume ls - - path: /engine/reference/commandline/volume_prune/ - title: docker volume prune - - path: /engine/reference/commandline/volume_rm/ - title: docker volume rm - - path: /engine/reference/commandline/wait/ - title: docker wait + - path: /engine/reference/commandline/checkpoint/ + title: docker checkpoint + - path: /engine/reference/commandline/checkpoint_create/ + title: docker checkpoint create + - path: /engine/reference/commandline/checkpoint_ls/ + title: docker checkpoint ls + - path: /engine/reference/commandline/checkpoint_rm/ + title: docker checkpoint rm + - path: /engine/reference/commandline/commit/ + title: docker commit + - sectiontitle: docker config * + section: + - path: /engine/reference/commandline/config/ + title: docker config + - path: /engine/reference/commandline/config_create/ + title: docker config create + - path: /engine/reference/commandline/config_inspect/ + title: docker config inspect + - path: /engine/reference/commandline/config_ls/ + title: docker config ls + - path: /engine/reference/commandline/config_rm/ + title: docker config rm + - sectiontitle: docker container * + section: + - path: /engine/reference/commandline/container/ + title: docker container + - path: /engine/reference/commandline/container_attach/ + title: docker container attach + - path: /engine/reference/commandline/container_commit/ + title: docker container commit + - path: /engine/reference/commandline/container_cp/ + title: docker container cp + - path: /engine/reference/commandline/container_create/ + title: docker container create + - path: /engine/reference/commandline/container_diff/ + title: docker container diff + - path: /engine/reference/commandline/container_exec/ + title: docker container exec + - path: /engine/reference/commandline/container_export/ + title: docker container export + - path: /engine/reference/commandline/container_inspect/ + title: docker container inspect + - path: /engine/reference/commandline/container_kill/ + title: docker container kill + - path: /engine/reference/commandline/container_logs/ + title: docker container logs + - path: /engine/reference/commandline/container_ls/ + title: docker container ls + - path: /engine/reference/commandline/container_pause/ + title: docker container pause + - path: /engine/reference/commandline/container_port/ + title: docker container port + - path: /engine/reference/commandline/container_prune/ + title: docker container prune + - path: /engine/reference/commandline/container_rename/ + title: docker container rename + - path: /engine/reference/commandline/container_restart/ + title: docker container restart + - path: /engine/reference/commandline/container_rm/ + title: docker container rm + - path: /engine/reference/commandline/container_run/ + title: docker container run + - path: /engine/reference/commandline/container_start/ + title: docker container start + - path: /engine/reference/commandline/container_stats/ + title: docker container stats + - path: /engine/reference/commandline/container_stop/ + title: docker container stop + - path: /engine/reference/commandline/container_top/ + title: docker container top + - path: /engine/reference/commandline/container_unpause/ + title: docker container unpause + - path: /engine/reference/commandline/container_update/ + title: docker container update + - path: /engine/reference/commandline/container_wait/ + title: docker container wait + - path: /engine/reference/commandline/cp/ + title: docker cp + - path: /engine/reference/commandline/create/ + title: docker create + - path: /engine/reference/commandline/deploy/ + title: docker deploy + - path: /engine/reference/commandline/diff/ + title: docker diff + - path: /engine/reference/commandline/events/ + title: docker events + - path: /engine/reference/commandline/exec/ + title: docker exec + - path: /engine/reference/commandline/export/ + title: docker export + - path: /engine/reference/commandline/history/ + title: docker history + - sectiontitle: docker image * + section: + - path: /engine/reference/commandline/image/ + title: docker image + - path: /engine/reference/commandline/image_build/ + title: docker image build + - path: /engine/reference/commandline/image_history/ + title: docker image history + - path: /engine/reference/commandline/image_import/ + title: docker image import + - path: /engine/reference/commandline/image_inspect/ + title: docker image inspect + - path: /engine/reference/commandline/image_load/ + title: docker image load + - path: /engine/reference/commandline/image_ls/ + title: docker image ls + - path: /engine/reference/commandline/image_prune/ + title: docker image prune + - path: /engine/reference/commandline/image_pull/ + title: docker image pull + - path: /engine/reference/commandline/image_push/ + title: docker image push + - path: /engine/reference/commandline/image_rm/ + title: docker image rm + - path: /engine/reference/commandline/image_save/ + title: docker image save + - path: /engine/reference/commandline/image_tag/ + title: docker image tag + - path: /engine/reference/commandline/images/ + title: docker images + - path: /engine/reference/commandline/import/ + title: docker import + - path: /engine/reference/commandline/info/ + title: docker info + - path: /engine/reference/commandline/inspect/ + title: docker inspect + - path: /engine/reference/commandline/kill/ + title: docker kill + - path: /engine/reference/commandline/load/ + title: docker load + - path: /engine/reference/commandline/login/ + title: docker login + - path: /engine/reference/commandline/logout/ + title: docker logout + - path: /engine/reference/commandline/logs/ + title: docker logs + - sectiontitle: docker manifest * + section: + - path: /engine/reference/commandline/manifest/ + title: docker manifest + - path: /engine/reference/commandline/manifest_annotate/ + title: docker manifest annotate + - path: /engine/reference/commandline/manifest_create/ + title: docker manifest create + - path: /engine/reference/commandline/manifest_inspect/ + title: docker manifest inspect + - path: /engine/reference/commandline/manifest_push/ + title: docker manifest push + - sectiontitle: docker network * + section: + - path: /engine/reference/commandline/network/ + title: docker network + - path: /engine/reference/commandline/network_connect/ + title: docker network connect + - path: /engine/reference/commandline/network_create/ + title: docker network create + - path: /engine/reference/commandline/network_disconnect/ + title: docker network disconnect + - path: /engine/reference/commandline/network_inspect/ + title: docker network inspect + - path: /engine/reference/commandline/network_ls/ + title: docker network ls + - path: /engine/reference/commandline/network_prune/ + title: docker network prune + - path: /engine/reference/commandline/network_rm/ + title: docker network rm + - sectiontitle: docker node * + section: + - path: /engine/reference/commandline/node/ + title: docker node + - path: /engine/reference/commandline/node_demote/ + title: docker node demote + - path: /engine/reference/commandline/node_inspect/ + title: docker node inspect + - path: /engine/reference/commandline/node_ls/ + title: docker node ls + - path: /engine/reference/commandline/node_promote/ + title: docker node promote + - path: /engine/reference/commandline/node_ps/ + title: docker node ps + - path: /engine/reference/commandline/node_rm/ + title: docker node rm + - path: /engine/reference/commandline/node_update/ + title: docker node update + - path: /engine/reference/commandline/pause/ + title: docker pause + - sectiontitle: docker plugin * + section: + - path: /engine/reference/commandline/plugin/ + title: docker plugin + - path: /engine/reference/commandline/plugin_create/ + title: docker plugin create + - path: /engine/reference/commandline/plugin_disable/ + title: docker plugin disable + - path: /engine/reference/commandline/plugin_enable/ + title: docker plugin enable + - path: /engine/reference/commandline/plugin_inspect/ + title: docker plugin inspect + - path: /engine/reference/commandline/plugin_install/ + title: docker plugin install + - path: /engine/reference/commandline/plugin_ls/ + title: docker plugin ls + - path: /engine/reference/commandline/plugin_rm/ + title: docker plugin rm + - path: /engine/reference/commandline/plugin_set/ + title: docker plugin set + - path: /engine/reference/commandline/plugin_upgrade/ + title: docker plugin upgrade + - path: /engine/reference/commandline/port/ + title: docker port + - path: /engine/reference/commandline/ps/ + title: docker ps + - path: /engine/reference/commandline/pull/ + title: docker pull + - path: /engine/reference/commandline/push/ + title: docker push + - path: /engine/reference/commandline/rename/ + title: docker rename + - path: /engine/reference/commandline/restart/ + title: docker restart + - path: /engine/reference/commandline/rm/ + title: docker rm + - path: /engine/reference/commandline/rmi/ + title: docker rmi + - path: /engine/reference/commandline/run/ + title: docker run + - path: /engine/reference/commandline/save/ + title: docker save + - path: /engine/reference/commandline/search/ + title: docker search + - sectiontitle: docker secret * + section: + - path: /engine/reference/commandline/secret/ + title: docker secret + - path: /engine/reference/commandline/secret_create/ + title: docker secret create + - path: /engine/reference/commandline/secret_inspect/ + title: docker secret inspect + - path: /engine/reference/commandline/secret_ls/ + title: docker secret ls + - path: /engine/reference/commandline/secret_rm/ + title: docker secret rm + - sectiontitle: docker service * + section: + - path: /engine/reference/commandline/service/ + title: docker service + - path: /engine/reference/commandline/service_create/ + title: docker service create + - path: /engine/reference/commandline/service_inspect/ + title: docker service inspect + - path: /engine/reference/commandline/service_logs/ + title: docker service logs + - path: /engine/reference/commandline/service_ls/ + title: docker service ls + - path: /engine/reference/commandline/service_ps/ + title: docker service ps + - path: /engine/reference/commandline/service_rollback/ + title: docker service rollback + - path: /engine/reference/commandline/service_rm/ + title: docker service rm + - path: /engine/reference/commandline/service_scale/ + title: docker service scale + - path: /engine/reference/commandline/service_update/ + title: docker service update + - sectiontitle: docker stack * + section: + - path: /engine/reference/commandline/stack/ + title: docker stack + - path: /engine/reference/commandline/stack_deploy/ + title: docker stack deploy + - path: /engine/reference/commandline/stack_ps/ + title: docker stack ps + - path: /engine/reference/commandline/stack_rm/ + title: docker stack rm + - path: /engine/reference/commandline/stack_services/ + title: docker stack services + - path: /engine/reference/commandline/start/ + title: docker start + - path: /engine/reference/commandline/stats/ + title: docker stats + - path: /engine/reference/commandline/stop/ + title: docker stop + - sectiontitle: docker swarm * + section: + - path: /engine/reference/commandline/swarm/ + title: docker swarm + - path: /engine/reference/commandline/swarm_ca/ + title: docker swarm ca + - path: /engine/reference/commandline/swarm_init/ + title: docker swarm init + - path: /engine/reference/commandline/swarm_join-token/ + title: docker swarm join-token + - path: /engine/reference/commandline/swarm_join/ + title: docker swarm join + - path: /engine/reference/commandline/swarm_leave/ + title: docker swarm leave + - path: /engine/reference/commandline/swarm_unlock-key/ + title: docker swarm unlock-key + - path: /engine/reference/commandline/swarm_unlock/ + title: docker swarm unlock + - path: /engine/reference/commandline/swarm_update/ + title: docker swarm update + - sectiontitle: docker system * + section: + - path: /engine/reference/commandline/system/ + title: docker system + - path: /engine/reference/commandline/system_df/ + title: docker system df + - path: /engine/reference/commandline/system_events/ + title: docker system events + - path: /engine/reference/commandline/system_info/ + title: docker system info + - path: /engine/reference/commandline/system_prune/ + title: docker system prune + - path: /engine/reference/commandline/tag/ + title: docker tag + - path: /engine/reference/commandline/top/ + title: docker top + - sectiontitle: docker trust * + section: + - path: /engine/reference/commandline/trust/ + title: docker trust + - path: /engine/reference/commandline/trust_inspect/ + title: docker trust inspect + - path: /engine/reference/commandline/trust_key/ + title: docker trust key + - path: /engine/reference/commandline/trust_key_generate/ + title: docker trust key generate + - path: /engine/reference/commandline/trust_key_load/ + title: docker trust key load + - path: /engine/reference/commandline/trust_revoke/ + title: docker trust revoke + - path: /engine/reference/commandline/trust_sign/ + title: docker trust sign + - path: /engine/reference/commandline/trust_signer/ + title: docker trust signer + - path: /engine/reference/commandline/trust_signer_add/ + title: docker trust signer add + - path: /engine/reference/commandline/trust_signer_remove/ + title: docker trust signer remove + - path: /engine/reference/commandline/unpause/ + title: docker unpause + - path: /engine/reference/commandline/update/ + title: docker update + - path: /engine/reference/commandline/version/ + title: docker version + - sectiontitle: docker volume * + section: + - path: /engine/reference/commandline/volume_create/ + title: docker volume create + - path: /engine/reference/commandline/volume_inspect/ + title: docker volume inspect + - path: /engine/reference/commandline/volume_ls/ + title: docker volume ls + - path: /engine/reference/commandline/volume_prune/ + title: docker volume prune + - path: /engine/reference/commandline/volume_rm/ + title: docker volume rm + - path: /engine/reference/commandline/wait/ + title: docker wait - title: Daemon CLI (dockerd) path: /engine/reference/commandline/dockerd/ - title: Machine (docker-machine) CLI From f0e552f8dba3bb30b88de06fea4ff52becad9193 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 11 Jan 2019 11:55:42 +0100 Subject: [PATCH 149/361] Add SEO redirects for edge commandline reference Signed-off-by: Sebastiaan van Stijn --- engine/reference/commandline/README.md | 2 +- engine/reference/commandline/attach.md | 2 ++ engine/reference/commandline/build.md | 2 ++ engine/reference/commandline/checkpoint.md | 2 ++ engine/reference/commandline/checkpoint_create.md | 2 ++ engine/reference/commandline/checkpoint_ls.md | 2 ++ engine/reference/commandline/checkpoint_rm.md | 2 ++ engine/reference/commandline/commit.md | 2 ++ engine/reference/commandline/config.md | 2 ++ engine/reference/commandline/config_create.md | 2 ++ engine/reference/commandline/config_inspect.md | 2 ++ engine/reference/commandline/config_ls.md | 2 ++ engine/reference/commandline/config_rm.md | 2 ++ engine/reference/commandline/container.md | 2 ++ engine/reference/commandline/container_attach.md | 2 ++ engine/reference/commandline/container_commit.md | 2 ++ engine/reference/commandline/container_cp.md | 2 ++ engine/reference/commandline/container_create.md | 2 ++ engine/reference/commandline/container_diff.md | 2 ++ engine/reference/commandline/container_exec.md | 2 ++ engine/reference/commandline/container_export.md | 2 ++ engine/reference/commandline/container_inspect.md | 2 ++ engine/reference/commandline/container_kill.md | 2 ++ engine/reference/commandline/container_logs.md | 2 ++ engine/reference/commandline/container_ls.md | 2 ++ engine/reference/commandline/container_pause.md | 2 ++ engine/reference/commandline/container_port.md | 2 ++ engine/reference/commandline/container_prune.md | 2 ++ engine/reference/commandline/container_rename.md | 2 ++ engine/reference/commandline/container_restart.md | 2 ++ engine/reference/commandline/container_rm.md | 2 ++ engine/reference/commandline/container_run.md | 2 ++ engine/reference/commandline/container_start.md | 2 ++ engine/reference/commandline/container_stats.md | 2 ++ engine/reference/commandline/container_stop.md | 2 ++ engine/reference/commandline/container_top.md | 2 ++ engine/reference/commandline/container_unpause.md | 2 ++ engine/reference/commandline/container_update.md | 2 ++ engine/reference/commandline/container_wait.md | 2 ++ engine/reference/commandline/cp.md | 2 ++ engine/reference/commandline/create.md | 2 ++ engine/reference/commandline/deploy.md | 2 ++ engine/reference/commandline/diff.md | 2 ++ engine/reference/commandline/docker.md | 3 ++- engine/reference/commandline/events.md | 2 ++ engine/reference/commandline/exec.md | 2 ++ engine/reference/commandline/export.md | 2 ++ engine/reference/commandline/history.md | 2 ++ engine/reference/commandline/image.md | 2 ++ engine/reference/commandline/image_build.md | 2 ++ engine/reference/commandline/image_history.md | 2 ++ engine/reference/commandline/image_import.md | 2 ++ engine/reference/commandline/image_inspect.md | 2 ++ engine/reference/commandline/image_load.md | 2 ++ engine/reference/commandline/image_ls.md | 2 ++ engine/reference/commandline/image_prune.md | 2 ++ engine/reference/commandline/image_pull.md | 2 ++ engine/reference/commandline/image_push.md | 2 ++ engine/reference/commandline/image_rm.md | 2 ++ engine/reference/commandline/image_save.md | 2 ++ engine/reference/commandline/image_tag.md | 2 ++ engine/reference/commandline/images.md | 2 ++ engine/reference/commandline/import.md | 2 ++ engine/reference/commandline/info.md | 2 ++ engine/reference/commandline/inspect.md | 2 ++ engine/reference/commandline/kill.md | 2 ++ engine/reference/commandline/load.md | 2 ++ engine/reference/commandline/login.md | 2 ++ engine/reference/commandline/logout.md | 2 ++ engine/reference/commandline/logs.md | 2 ++ engine/reference/commandline/manifest.md | 2 ++ engine/reference/commandline/manifest_annotate.md | 2 ++ engine/reference/commandline/manifest_create.md | 2 ++ engine/reference/commandline/manifest_inspect.md | 2 ++ engine/reference/commandline/manifest_push.md | 2 ++ engine/reference/commandline/network.md | 2 ++ engine/reference/commandline/network_connect.md | 2 ++ engine/reference/commandline/network_create.md | 2 ++ engine/reference/commandline/network_disconnect.md | 2 ++ engine/reference/commandline/network_inspect.md | 2 ++ engine/reference/commandline/network_ls.md | 2 ++ engine/reference/commandline/network_prune.md | 2 ++ engine/reference/commandline/network_rm.md | 2 ++ engine/reference/commandline/node.md | 2 ++ engine/reference/commandline/node_demote.md | 2 ++ engine/reference/commandline/node_inspect.md | 2 ++ engine/reference/commandline/node_ls.md | 2 ++ engine/reference/commandline/node_promote.md | 2 ++ engine/reference/commandline/node_ps.md | 2 ++ engine/reference/commandline/node_rm.md | 2 ++ engine/reference/commandline/node_update.md | 2 ++ engine/reference/commandline/pause.md | 2 ++ engine/reference/commandline/plugin.md | 2 ++ engine/reference/commandline/plugin_create.md | 2 ++ engine/reference/commandline/plugin_disable.md | 2 ++ engine/reference/commandline/plugin_enable.md | 2 ++ engine/reference/commandline/plugin_inspect.md | 2 ++ engine/reference/commandline/plugin_install.md | 2 ++ engine/reference/commandline/plugin_ls.md | 2 ++ engine/reference/commandline/plugin_push.md | 2 ++ engine/reference/commandline/plugin_rm.md | 2 ++ engine/reference/commandline/plugin_set.md | 2 ++ engine/reference/commandline/plugin_upgrade.md | 2 ++ engine/reference/commandline/port.md | 2 ++ engine/reference/commandline/ps.md | 2 ++ engine/reference/commandline/pull.md | 2 ++ engine/reference/commandline/push.md | 2 ++ engine/reference/commandline/rename.md | 2 ++ engine/reference/commandline/restart.md | 2 ++ engine/reference/commandline/rm.md | 2 ++ engine/reference/commandline/rmi.md | 2 ++ engine/reference/commandline/run.md | 2 ++ engine/reference/commandline/save.md | 2 ++ engine/reference/commandline/search.md | 2 ++ engine/reference/commandline/secret.md | 2 ++ engine/reference/commandline/secret_create.md | 2 ++ engine/reference/commandline/secret_inspect.md | 2 ++ engine/reference/commandline/secret_ls.md | 2 ++ engine/reference/commandline/secret_rm.md | 2 ++ engine/reference/commandline/service.md | 2 ++ engine/reference/commandline/service_create.md | 2 ++ engine/reference/commandline/service_inspect.md | 2 ++ engine/reference/commandline/service_logs.md | 2 ++ engine/reference/commandline/service_ls.md | 2 ++ engine/reference/commandline/service_ps.md | 2 ++ engine/reference/commandline/service_rm.md | 2 ++ engine/reference/commandline/service_rollback.md | 2 ++ engine/reference/commandline/service_scale.md | 2 ++ engine/reference/commandline/service_update.md | 2 ++ engine/reference/commandline/stack.md | 2 ++ engine/reference/commandline/stack_deploy.md | 2 ++ engine/reference/commandline/stack_ls.md | 2 ++ engine/reference/commandline/stack_ps.md | 4 +++- engine/reference/commandline/stack_rm.md | 2 ++ engine/reference/commandline/stack_services.md | 2 ++ engine/reference/commandline/start.md | 2 ++ engine/reference/commandline/stats.md | 2 ++ engine/reference/commandline/stop.md | 2 ++ engine/reference/commandline/swarm.md | 2 ++ engine/reference/commandline/swarm_ca.md | 2 ++ engine/reference/commandline/swarm_init.md | 2 ++ engine/reference/commandline/swarm_join-token.md | 4 +++- engine/reference/commandline/swarm_join.md | 2 ++ engine/reference/commandline/swarm_leave.md | 2 ++ engine/reference/commandline/swarm_unlock-key.md | 2 ++ engine/reference/commandline/swarm_unlock.md | 2 ++ engine/reference/commandline/swarm_update.md | 2 ++ engine/reference/commandline/system.md | 2 ++ engine/reference/commandline/system_df.md | 2 ++ engine/reference/commandline/system_events.md | 2 ++ engine/reference/commandline/system_info.md | 2 ++ engine/reference/commandline/system_prune.md | 2 ++ engine/reference/commandline/tag.md | 2 ++ engine/reference/commandline/top.md | 2 ++ engine/reference/commandline/trust.md | 2 ++ engine/reference/commandline/trust_inspect.md | 2 ++ engine/reference/commandline/trust_key.md | 2 ++ engine/reference/commandline/trust_key_generate.md | 2 ++ engine/reference/commandline/trust_key_load.md | 2 ++ engine/reference/commandline/trust_revoke.md | 2 ++ engine/reference/commandline/trust_sign.md | 2 ++ engine/reference/commandline/trust_signer.md | 2 ++ engine/reference/commandline/trust_signer_add.md | 2 ++ engine/reference/commandline/trust_signer_remove.md | 2 ++ engine/reference/commandline/unpause.md | 2 ++ engine/reference/commandline/update.md | 2 ++ engine/reference/commandline/version.md | 2 ++ engine/reference/commandline/volume.md | 2 ++ engine/reference/commandline/volume_create.md | 2 ++ engine/reference/commandline/volume_inspect.md | 2 ++ engine/reference/commandline/volume_ls.md | 2 ++ engine/reference/commandline/volume_prune.md | 2 ++ engine/reference/commandline/volume_rm.md | 2 ++ engine/reference/commandline/wait.md | 2 ++ 174 files changed, 349 insertions(+), 4 deletions(-) diff --git a/engine/reference/commandline/README.md b/engine/reference/commandline/README.md index 442020068a..244a8ba282 100644 --- a/engine/reference/commandline/README.md +++ b/engine/reference/commandline/README.md @@ -21,7 +21,7 @@ The output files are composed from two sources: # Updating the YAML files The process for generating the YAML files is still in flux. Check with -@thajestah or @frenchben. Be sure to generate the YAML files with the correct +@thaJeztah. Be sure to generate the YAML files with the correct branch of `docker/docker` checked out (probably not `master`). After generating the YAML files, replace the YAML files in diff --git a/engine/reference/commandline/attach.md b/engine/reference/commandline/attach.md index 6b1076c5c8..000bba80a4 100644 --- a/engine/reference/commandline/attach.md +++ b/engine/reference/commandline/attach.md @@ -2,6 +2,8 @@ datafolder: engine-cli datafile: docker_attach title: docker attach +redirect_from: + - /edge/engine/reference/commandline/attach/ --- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} - -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/build.md b/edge/engine/reference/commandline/build.md deleted file mode 100644 index a88ffa16c8..0000000000 --- a/edge/engine/reference/commandline/build.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_build -title: docker build ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/checkpoint.md b/edge/engine/reference/commandline/checkpoint.md deleted file mode 100644 index e8c255dc10..0000000000 --- a/edge/engine/reference/commandline/checkpoint.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_checkpoint -title: docker checkpoint ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/checkpoint_create.md b/edge/engine/reference/commandline/checkpoint_create.md deleted file mode 100644 index eec8867bd7..0000000000 --- a/edge/engine/reference/commandline/checkpoint_create.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_checkpoint_create -title: docker checkpoint create ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/checkpoint_ls.md b/edge/engine/reference/commandline/checkpoint_ls.md deleted file mode 100644 index 48a9d19f31..0000000000 --- a/edge/engine/reference/commandline/checkpoint_ls.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_checkpoint_ls -title: docker checkpoint ls ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/checkpoint_rm.md b/edge/engine/reference/commandline/checkpoint_rm.md deleted file mode 100644 index 948bd83832..0000000000 --- a/edge/engine/reference/commandline/checkpoint_rm.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_checkpoint_rm -title: docker checkpoint rm ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/commit.md b/edge/engine/reference/commandline/commit.md deleted file mode 100644 index 7d492041a6..0000000000 --- a/edge/engine/reference/commandline/commit.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_commit -title: docker commit ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/config.md b/edge/engine/reference/commandline/config.md deleted file mode 100644 index 6fbcb4e683..0000000000 --- a/edge/engine/reference/commandline/config.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_config -title: docker config ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} - -## More info - -[Store configuration data using Docker Configs](/engine/swarm/configs.md) diff --git a/edge/engine/reference/commandline/config_create.md b/edge/engine/reference/commandline/config_create.md deleted file mode 100644 index 933d7c1793..0000000000 --- a/edge/engine/reference/commandline/config_create.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_config_create -title: docker config create ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/config_inspect.md b/edge/engine/reference/commandline/config_inspect.md deleted file mode 100644 index bf13a1a57a..0000000000 --- a/edge/engine/reference/commandline/config_inspect.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_config_inspect -title: docker config inspect ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/config_ls.md b/edge/engine/reference/commandline/config_ls.md deleted file mode 100644 index 6e3b84a864..0000000000 --- a/edge/engine/reference/commandline/config_ls.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_config_ls -title: docker config ls ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/config_rm.md b/edge/engine/reference/commandline/config_rm.md deleted file mode 100644 index f44dbefa08..0000000000 --- a/edge/engine/reference/commandline/config_rm.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_config_rm -title: docker config rm ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container.md b/edge/engine/reference/commandline/container.md deleted file mode 100644 index 4ec88e4f94..0000000000 --- a/edge/engine/reference/commandline/container.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container -title: docker container ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_attach.md b/edge/engine/reference/commandline/container_attach.md deleted file mode 100644 index e7c3950ca6..0000000000 --- a/edge/engine/reference/commandline/container_attach.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_attach -title: docker container attach ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_commit.md b/edge/engine/reference/commandline/container_commit.md deleted file mode 100644 index 34f73597cb..0000000000 --- a/edge/engine/reference/commandline/container_commit.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_commit -title: docker container commit ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_cp.md b/edge/engine/reference/commandline/container_cp.md deleted file mode 100644 index 122fc596cc..0000000000 --- a/edge/engine/reference/commandline/container_cp.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_cp -title: docker container cp ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_create.md b/edge/engine/reference/commandline/container_create.md deleted file mode 100644 index 8c5e270f9b..0000000000 --- a/edge/engine/reference/commandline/container_create.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_create -title: docker container create ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_diff.md b/edge/engine/reference/commandline/container_diff.md deleted file mode 100644 index 81c648bec3..0000000000 --- a/edge/engine/reference/commandline/container_diff.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_diff -title: docker container diff ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_exec.md b/edge/engine/reference/commandline/container_exec.md deleted file mode 100644 index 98a70fb84e..0000000000 --- a/edge/engine/reference/commandline/container_exec.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_exec -title: docker container exec ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_export.md b/edge/engine/reference/commandline/container_export.md deleted file mode 100644 index 8355a03223..0000000000 --- a/edge/engine/reference/commandline/container_export.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_export -title: docker container export ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_inspect.md b/edge/engine/reference/commandline/container_inspect.md deleted file mode 100644 index e008cab9c0..0000000000 --- a/edge/engine/reference/commandline/container_inspect.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_inspect -title: docker container inspect ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_kill.md b/edge/engine/reference/commandline/container_kill.md deleted file mode 100644 index 9d4af291fe..0000000000 --- a/edge/engine/reference/commandline/container_kill.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_kill -title: docker container kill ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_logs.md b/edge/engine/reference/commandline/container_logs.md deleted file mode 100644 index 859a4d586a..0000000000 --- a/edge/engine/reference/commandline/container_logs.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_logs -title: docker container logs ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_ls.md b/edge/engine/reference/commandline/container_ls.md deleted file mode 100644 index d97d1ffffe..0000000000 --- a/edge/engine/reference/commandline/container_ls.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_ls -title: docker container ls ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_pause.md b/edge/engine/reference/commandline/container_pause.md deleted file mode 100644 index 6e57c5bdaa..0000000000 --- a/edge/engine/reference/commandline/container_pause.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_pause -title: docker container pause ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_port.md b/edge/engine/reference/commandline/container_port.md deleted file mode 100644 index 7ab1477480..0000000000 --- a/edge/engine/reference/commandline/container_port.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_port -title: docker container port ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_prune.md b/edge/engine/reference/commandline/container_prune.md deleted file mode 100644 index 99e0992921..0000000000 --- a/edge/engine/reference/commandline/container_prune.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_prune -title: docker container prune ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_rename.md b/edge/engine/reference/commandline/container_rename.md deleted file mode 100644 index d7b0342111..0000000000 --- a/edge/engine/reference/commandline/container_rename.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_rename -title: docker container rename ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_restart.md b/edge/engine/reference/commandline/container_restart.md deleted file mode 100644 index 0b9e846c8d..0000000000 --- a/edge/engine/reference/commandline/container_restart.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_restart -title: docker container restart ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_rm.md b/edge/engine/reference/commandline/container_rm.md deleted file mode 100644 index aefa4ea1a2..0000000000 --- a/edge/engine/reference/commandline/container_rm.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_rm -title: docker container rm ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_run.md b/edge/engine/reference/commandline/container_run.md deleted file mode 100644 index 7b935492bc..0000000000 --- a/edge/engine/reference/commandline/container_run.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_run -title: docker container run ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_start.md b/edge/engine/reference/commandline/container_start.md deleted file mode 100644 index 7b110dc577..0000000000 --- a/edge/engine/reference/commandline/container_start.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_start -title: docker container start ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_stats.md b/edge/engine/reference/commandline/container_stats.md deleted file mode 100644 index dfd8d455ff..0000000000 --- a/edge/engine/reference/commandline/container_stats.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_stats -title: docker container stats ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_stop.md b/edge/engine/reference/commandline/container_stop.md deleted file mode 100644 index 7992950121..0000000000 --- a/edge/engine/reference/commandline/container_stop.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_stop -title: docker container stop ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_top.md b/edge/engine/reference/commandline/container_top.md deleted file mode 100644 index 3ccbd83c68..0000000000 --- a/edge/engine/reference/commandline/container_top.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_top -title: docker container top ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_unpause.md b/edge/engine/reference/commandline/container_unpause.md deleted file mode 100644 index 93d058d4b9..0000000000 --- a/edge/engine/reference/commandline/container_unpause.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_unpause -title: docker container unpause ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_update.md b/edge/engine/reference/commandline/container_update.md deleted file mode 100644 index 26e2868795..0000000000 --- a/edge/engine/reference/commandline/container_update.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_update -title: docker container update ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/container_wait.md b/edge/engine/reference/commandline/container_wait.md deleted file mode 100644 index 99f9520620..0000000000 --- a/edge/engine/reference/commandline/container_wait.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_container_wait -title: docker container wait ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/cp.md b/edge/engine/reference/commandline/cp.md deleted file mode 100644 index 97b7df8667..0000000000 --- a/edge/engine/reference/commandline/cp.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_cp -title: docker cp ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/create.md b/edge/engine/reference/commandline/create.md deleted file mode 100644 index afb494ac26..0000000000 --- a/edge/engine/reference/commandline/create.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_create -title: docker create ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/deploy.md b/edge/engine/reference/commandline/deploy.md deleted file mode 100644 index 5169194035..0000000000 --- a/edge/engine/reference/commandline/deploy.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_deploy -title: docker deploy ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/diff.md b/edge/engine/reference/commandline/diff.md deleted file mode 100644 index 88e5361bb0..0000000000 --- a/edge/engine/reference/commandline/diff.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_diff -title: docker diff ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/docker.md b/edge/engine/reference/commandline/docker.md deleted file mode 100644 index a0c383aa36..0000000000 --- a/edge/engine/reference/commandline/docker.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker -title: docker -redirect_from: -- /engine/reference/commandline/ ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/events.md b/edge/engine/reference/commandline/events.md deleted file mode 100644 index c473779811..0000000000 --- a/edge/engine/reference/commandline/events.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_events -title: docker events ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/exec.md b/edge/engine/reference/commandline/exec.md deleted file mode 100644 index f16f1f45f6..0000000000 --- a/edge/engine/reference/commandline/exec.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_exec -title: docker exec ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/export.md b/edge/engine/reference/commandline/export.md deleted file mode 100644 index c7ff31be8c..0000000000 --- a/edge/engine/reference/commandline/export.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_export -title: docker export ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/history.md b/edge/engine/reference/commandline/history.md deleted file mode 100644 index 983ed58434..0000000000 --- a/edge/engine/reference/commandline/history.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_history -title: docker history ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image.md b/edge/engine/reference/commandline/image.md deleted file mode 100644 index 26c9d5a1d9..0000000000 --- a/edge/engine/reference/commandline/image.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image -title: docker image ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image_build.md b/edge/engine/reference/commandline/image_build.md deleted file mode 100644 index 1531d0aa96..0000000000 --- a/edge/engine/reference/commandline/image_build.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_build -title: docker image build ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image_history.md b/edge/engine/reference/commandline/image_history.md deleted file mode 100644 index a38dd6372e..0000000000 --- a/edge/engine/reference/commandline/image_history.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_history -title: docker image history ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image_import.md b/edge/engine/reference/commandline/image_import.md deleted file mode 100644 index 87784aa0a3..0000000000 --- a/edge/engine/reference/commandline/image_import.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_import -title: docker image import ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image_inspect.md b/edge/engine/reference/commandline/image_inspect.md deleted file mode 100644 index 462810a644..0000000000 --- a/edge/engine/reference/commandline/image_inspect.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_inspect -title: docker image inspect ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image_load.md b/edge/engine/reference/commandline/image_load.md deleted file mode 100644 index 21e30ae8b6..0000000000 --- a/edge/engine/reference/commandline/image_load.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_load -title: docker image load ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image_ls.md b/edge/engine/reference/commandline/image_ls.md deleted file mode 100644 index bf7a7d44ca..0000000000 --- a/edge/engine/reference/commandline/image_ls.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_ls -title: docker image ls ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image_prune.md b/edge/engine/reference/commandline/image_prune.md deleted file mode 100644 index 414fc30fda..0000000000 --- a/edge/engine/reference/commandline/image_prune.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_prune -title: docker image prune ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image_pull.md b/edge/engine/reference/commandline/image_pull.md deleted file mode 100644 index 7471c11805..0000000000 --- a/edge/engine/reference/commandline/image_pull.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_pull -title: docker image pull ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} - diff --git a/edge/engine/reference/commandline/image_push.md b/edge/engine/reference/commandline/image_push.md deleted file mode 100644 index ce244a7704..0000000000 --- a/edge/engine/reference/commandline/image_push.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_push -title: docker image push ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image_rm.md b/edge/engine/reference/commandline/image_rm.md deleted file mode 100644 index 758acbfa06..0000000000 --- a/edge/engine/reference/commandline/image_rm.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_rm -title: docker image rm ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image_save.md b/edge/engine/reference/commandline/image_save.md deleted file mode 100644 index 765c36ac4e..0000000000 --- a/edge/engine/reference/commandline/image_save.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_save -title: docker image save ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/image_tag.md b/edge/engine/reference/commandline/image_tag.md deleted file mode 100644 index 03af17a8e4..0000000000 --- a/edge/engine/reference/commandline/image_tag.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_image_tag -title: docker image tag ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/images.md b/edge/engine/reference/commandline/images.md deleted file mode 100644 index 32d22d6de7..0000000000 --- a/edge/engine/reference/commandline/images.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_images -title: docker images ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/import.md b/edge/engine/reference/commandline/import.md deleted file mode 100644 index dbb8a4aa40..0000000000 --- a/edge/engine/reference/commandline/import.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_import -title: docker import ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/info.md b/edge/engine/reference/commandline/info.md deleted file mode 100644 index ba2c04c10f..0000000000 --- a/edge/engine/reference/commandline/info.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_info -title: docker info ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} - -## Warnings about kernel support - -If your operating system does not enable certain capabilities, you may see -warnings such as one of the following, when you run `docker info`: - -```none -WARNING: Your kernel does not support swap limit capabilities. Limitation discarded. -``` - -```none -WARNING: No swap limit support -``` - -You can ignore these warnings unless you actually need the ability to -[limit these resources](/engine/admin/resource_constraints.md), in which case you -should consult your operating system's documentation for enabling them. -[Learn more](/engine/installation/linux/linux-postinstall.md#your-kernel-does-not-support-cgroup-swap-limit-capabilities). diff --git a/edge/engine/reference/commandline/inspect.md b/edge/engine/reference/commandline/inspect.md deleted file mode 100644 index deedc6fce5..0000000000 --- a/edge/engine/reference/commandline/inspect.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_inspect -title: docker inspect ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/kill.md b/edge/engine/reference/commandline/kill.md deleted file mode 100644 index 782bcb0755..0000000000 --- a/edge/engine/reference/commandline/kill.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_kill -title: docker kill ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/load.md b/edge/engine/reference/commandline/load.md deleted file mode 100644 index 0d0d0b9796..0000000000 --- a/edge/engine/reference/commandline/load.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_load -title: docker load ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/login.md b/edge/engine/reference/commandline/login.md deleted file mode 100644 index 9f0b2f30d5..0000000000 --- a/edge/engine/reference/commandline/login.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_login -title: docker login ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/logout.md b/edge/engine/reference/commandline/logout.md deleted file mode 100644 index 1c9364c97f..0000000000 --- a/edge/engine/reference/commandline/logout.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_logout -title: docker logout ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/logs.md b/edge/engine/reference/commandline/logs.md deleted file mode 100644 index a23a6e0c28..0000000000 --- a/edge/engine/reference/commandline/logs.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_logs -title: docker logs ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/manifest.md b/edge/engine/reference/commandline/manifest.md deleted file mode 100644 index e1a1ca420e..0000000000 --- a/edge/engine/reference/commandline/manifest.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_manifest -title: docker manifest ---- - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} - -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/manifest_annotate.md b/edge/engine/reference/commandline/manifest_annotate.md deleted file mode 100644 index 7dc2bd04ca..0000000000 --- a/edge/engine/reference/commandline/manifest_annotate.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_manifest_annotate -title: docker manifest annotate ---- - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} - -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/manifest_create.md b/edge/engine/reference/commandline/manifest_create.md deleted file mode 100644 index 69f1eb2454..0000000000 --- a/edge/engine/reference/commandline/manifest_create.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_manifest_create -title: docker manifest create ---- - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} - -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/manifest_inspect.md b/edge/engine/reference/commandline/manifest_inspect.md deleted file mode 100644 index 0492f5b503..0000000000 --- a/edge/engine/reference/commandline/manifest_inspect.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_manifest_inspect -title: docker manifest inspect ---- - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} - -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/manifest_push.md b/edge/engine/reference/commandline/manifest_push.md deleted file mode 100644 index c6d0120abe..0000000000 --- a/edge/engine/reference/commandline/manifest_push.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_manifest_push -title: docker manifest push ---- - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} - -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/network.md b/edge/engine/reference/commandline/network.md deleted file mode 100644 index 65d8c6dd2d..0000000000 --- a/edge/engine/reference/commandline/network.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_network -title: docker network ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/network_connect.md b/edge/engine/reference/commandline/network_connect.md deleted file mode 100644 index 750f932b8f..0000000000 --- a/edge/engine/reference/commandline/network_connect.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_network_connect -title: docker network connect ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/network_create.md b/edge/engine/reference/commandline/network_create.md deleted file mode 100644 index 4e58e608b7..0000000000 --- a/edge/engine/reference/commandline/network_create.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_network_create -title: docker network create ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/network_disconnect.md b/edge/engine/reference/commandline/network_disconnect.md deleted file mode 100644 index 1c5897e0e0..0000000000 --- a/edge/engine/reference/commandline/network_disconnect.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_network_disconnect -title: docker network disconnect ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/network_inspect.md b/edge/engine/reference/commandline/network_inspect.md deleted file mode 100644 index 3a305aafde..0000000000 --- a/edge/engine/reference/commandline/network_inspect.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_network_inspect -title: docker network inspect ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/network_ls.md b/edge/engine/reference/commandline/network_ls.md deleted file mode 100644 index 81784abe77..0000000000 --- a/edge/engine/reference/commandline/network_ls.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_network_ls -title: docker network ls ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/network_prune.md b/edge/engine/reference/commandline/network_prune.md deleted file mode 100644 index a5cd5492e8..0000000000 --- a/edge/engine/reference/commandline/network_prune.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_network_prune -title: docker network prune ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/network_rm.md b/edge/engine/reference/commandline/network_rm.md deleted file mode 100644 index 91c250c632..0000000000 --- a/edge/engine/reference/commandline/network_rm.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_network_rm -title: docker network rm ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/node.md b/edge/engine/reference/commandline/node.md deleted file mode 100644 index 7580f757e9..0000000000 --- a/edge/engine/reference/commandline/node.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_node -title: docker node ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/node_demote.md b/edge/engine/reference/commandline/node_demote.md deleted file mode 100644 index 5badd982c4..0000000000 --- a/edge/engine/reference/commandline/node_demote.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_node_demote -title: docker node demote ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/node_inspect.md b/edge/engine/reference/commandline/node_inspect.md deleted file mode 100644 index 2f44af404f..0000000000 --- a/edge/engine/reference/commandline/node_inspect.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_node_inspect -title: docker node inspect ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/node_ls.md b/edge/engine/reference/commandline/node_ls.md deleted file mode 100644 index 8e7c94cec3..0000000000 --- a/edge/engine/reference/commandline/node_ls.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_node_ls -title: docker node ls ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/node_promote.md b/edge/engine/reference/commandline/node_promote.md deleted file mode 100644 index ab6944e652..0000000000 --- a/edge/engine/reference/commandline/node_promote.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_node_promote -title: docker node promote ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/node_ps.md b/edge/engine/reference/commandline/node_ps.md deleted file mode 100644 index b639063955..0000000000 --- a/edge/engine/reference/commandline/node_ps.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_node_ps -title: docker node ps ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/node_rm.md b/edge/engine/reference/commandline/node_rm.md deleted file mode 100644 index c13a0dfc68..0000000000 --- a/edge/engine/reference/commandline/node_rm.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_node_rm -title: docker node rm ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/node_update.md b/edge/engine/reference/commandline/node_update.md deleted file mode 100644 index 6d5e1c882d..0000000000 --- a/edge/engine/reference/commandline/node_update.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_node_update -title: docker node update ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/pause.md b/edge/engine/reference/commandline/pause.md deleted file mode 100644 index f0a7fac4e0..0000000000 --- a/edge/engine/reference/commandline/pause.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_pause -title: docker pause ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/plugin.md b/edge/engine/reference/commandline/plugin.md deleted file mode 100644 index f02cdec42d..0000000000 --- a/edge/engine/reference/commandline/plugin.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_plugin -title: docker plugin ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/plugin_create.md b/edge/engine/reference/commandline/plugin_create.md deleted file mode 100644 index e6a75be90b..0000000000 --- a/edge/engine/reference/commandline/plugin_create.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_plugin_create -title: docker plugin create ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/plugin_disable.md b/edge/engine/reference/commandline/plugin_disable.md deleted file mode 100644 index 543580e646..0000000000 --- a/edge/engine/reference/commandline/plugin_disable.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_plugin_disable -title: docker plugin disable ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/plugin_enable.md b/edge/engine/reference/commandline/plugin_enable.md deleted file mode 100644 index 7ea12d555f..0000000000 --- a/edge/engine/reference/commandline/plugin_enable.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_plugin_enable -title: docker plugin enable ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/plugin_inspect.md b/edge/engine/reference/commandline/plugin_inspect.md deleted file mode 100644 index bdd3743689..0000000000 --- a/edge/engine/reference/commandline/plugin_inspect.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_plugin_inspect -title: docker plugin inspect ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/plugin_install.md b/edge/engine/reference/commandline/plugin_install.md deleted file mode 100644 index eeb883e96a..0000000000 --- a/edge/engine/reference/commandline/plugin_install.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_plugin_install -title: docker plugin install ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/plugin_ls.md b/edge/engine/reference/commandline/plugin_ls.md deleted file mode 100644 index d8342b860d..0000000000 --- a/edge/engine/reference/commandline/plugin_ls.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_plugin_ls -title: docker plugin ls ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/plugin_push.md b/edge/engine/reference/commandline/plugin_push.md deleted file mode 100644 index 162228fcfc..0000000000 --- a/edge/engine/reference/commandline/plugin_push.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_plugin_push -title: docker plugin push ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/plugin_rm.md b/edge/engine/reference/commandline/plugin_rm.md deleted file mode 100644 index 37db766f93..0000000000 --- a/edge/engine/reference/commandline/plugin_rm.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_plugin_rm -title: docker plugin rm ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/plugin_set.md b/edge/engine/reference/commandline/plugin_set.md deleted file mode 100644 index 858fb3c293..0000000000 --- a/edge/engine/reference/commandline/plugin_set.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_plugin_set -title: docker plugin set ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/plugin_upgrade.md b/edge/engine/reference/commandline/plugin_upgrade.md deleted file mode 100644 index 4d70887e9e..0000000000 --- a/edge/engine/reference/commandline/plugin_upgrade.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_plugin_upgrade -title: docker plugin upgrade ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/port.md b/edge/engine/reference/commandline/port.md deleted file mode 100644 index dece5dc0fe..0000000000 --- a/edge/engine/reference/commandline/port.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_port -title: docker port ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/ps.md b/edge/engine/reference/commandline/ps.md deleted file mode 100644 index c6addac8ff..0000000000 --- a/edge/engine/reference/commandline/ps.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_ps -title: docker ps ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/pull.md b/edge/engine/reference/commandline/pull.md deleted file mode 100644 index 620e2e2e0b..0000000000 --- a/edge/engine/reference/commandline/pull.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_pull -title: docker pull ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/push.md b/edge/engine/reference/commandline/push.md deleted file mode 100644 index 6e161b70af..0000000000 --- a/edge/engine/reference/commandline/push.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_push -title: docker push ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/rename.md b/edge/engine/reference/commandline/rename.md deleted file mode 100644 index bf1817f969..0000000000 --- a/edge/engine/reference/commandline/rename.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_rename -title: docker rename ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/restart.md b/edge/engine/reference/commandline/restart.md deleted file mode 100644 index 041baa6d68..0000000000 --- a/edge/engine/reference/commandline/restart.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_restart -title: docker restart ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/rm.md b/edge/engine/reference/commandline/rm.md deleted file mode 100644 index 4ce0c98d46..0000000000 --- a/edge/engine/reference/commandline/rm.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_rm -title: docker rm ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/rmi.md b/edge/engine/reference/commandline/rmi.md deleted file mode 100644 index fd83f762dd..0000000000 --- a/edge/engine/reference/commandline/rmi.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_rmi -title: docker rmi ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/run.md b/edge/engine/reference/commandline/run.md deleted file mode 100644 index cdf1f5bfe1..0000000000 --- a/edge/engine/reference/commandline/run.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_run -title: docker run ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/save.md b/edge/engine/reference/commandline/save.md deleted file mode 100644 index 2841b92807..0000000000 --- a/edge/engine/reference/commandline/save.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_save -title: docker save ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/search.md b/edge/engine/reference/commandline/search.md deleted file mode 100644 index 85d93ade11..0000000000 --- a/edge/engine/reference/commandline/search.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_search -title: docker search ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/secret.md b/edge/engine/reference/commandline/secret.md deleted file mode 100644 index 05953296ec..0000000000 --- a/edge/engine/reference/commandline/secret.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_secret -title: docker secret ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/secret_create.md b/edge/engine/reference/commandline/secret_create.md deleted file mode 100644 index 7cd8f003d4..0000000000 --- a/edge/engine/reference/commandline/secret_create.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_secret_create -title: docker secret create ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/secret_inspect.md b/edge/engine/reference/commandline/secret_inspect.md deleted file mode 100644 index 66476c7ede..0000000000 --- a/edge/engine/reference/commandline/secret_inspect.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_secret_inspect -title: docker secret inspect ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/secret_ls.md b/edge/engine/reference/commandline/secret_ls.md deleted file mode 100644 index 855f5c9033..0000000000 --- a/edge/engine/reference/commandline/secret_ls.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_secret_ls -title: docker secret ls ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/secret_rm.md b/edge/engine/reference/commandline/secret_rm.md deleted file mode 100644 index 45d1c2e014..0000000000 --- a/edge/engine/reference/commandline/secret_rm.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_secret_rm -title: docker secret rm ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/service.md b/edge/engine/reference/commandline/service.md deleted file mode 100644 index 4edc76efce..0000000000 --- a/edge/engine/reference/commandline/service.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_service -title: docker service ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/service_create.md b/edge/engine/reference/commandline/service_create.md deleted file mode 100644 index b258ee19bc..0000000000 --- a/edge/engine/reference/commandline/service_create.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_service_create -title: docker service create ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/service_inspect.md b/edge/engine/reference/commandline/service_inspect.md deleted file mode 100644 index 2bc2e1b695..0000000000 --- a/edge/engine/reference/commandline/service_inspect.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_service_inspect -title: docker service inspect ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/service_logs.md b/edge/engine/reference/commandline/service_logs.md deleted file mode 100644 index 53b2b1ea67..0000000000 --- a/edge/engine/reference/commandline/service_logs.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_service_logs -title: docker service logs ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/service_ls.md b/edge/engine/reference/commandline/service_ls.md deleted file mode 100644 index e7987b951f..0000000000 --- a/edge/engine/reference/commandline/service_ls.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_service_ls -title: docker service ls ---- - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/service_ps.md b/edge/engine/reference/commandline/service_ps.md deleted file mode 100644 index 4e77b43fe7..0000000000 --- a/edge/engine/reference/commandline/service_ps.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_service_ps -title: docker service ps ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/service_rm.md b/edge/engine/reference/commandline/service_rm.md deleted file mode 100644 index 0e6d195ba8..0000000000 --- a/edge/engine/reference/commandline/service_rm.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_service_rm -title: docker service rm ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/service_rollback.md b/edge/engine/reference/commandline/service_rollback.md deleted file mode 100644 index afc2eeea99..0000000000 --- a/edge/engine/reference/commandline/service_rollback.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli -datafile: docker_service_rollback -title: docker service rollback ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/service_scale.md b/edge/engine/reference/commandline/service_scale.md deleted file mode 100644 index 1e18021f67..0000000000 --- a/edge/engine/reference/commandline/service_scale.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_service_scale -title: docker service scale ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/service_update.md b/edge/engine/reference/commandline/service_update.md deleted file mode 100644 index e3534c5388..0000000000 --- a/edge/engine/reference/commandline/service_update.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_service_update -title: docker service update ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/stack.md b/edge/engine/reference/commandline/stack.md deleted file mode 100644 index 62632cd540..0000000000 --- a/edge/engine/reference/commandline/stack.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_stack -title: docker stack ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/stack_deploy.md b/edge/engine/reference/commandline/stack_deploy.md deleted file mode 100644 index afc0cbd63c..0000000000 --- a/edge/engine/reference/commandline/stack_deploy.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_stack_deploy -title: docker stack deploy ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/stack_ls.md b/edge/engine/reference/commandline/stack_ls.md deleted file mode 100644 index bf972e2e9a..0000000000 --- a/edge/engine/reference/commandline/stack_ls.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_stack_ls -title: docker stack ls ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/stack_ps.md b/edge/engine/reference/commandline/stack_ps.md deleted file mode 100644 index 81107403e6..0000000000 --- a/edge/engine/reference/commandline/stack_ps.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_stack_ps -title: docker stack ps -redirect_from: -- /engine/reference/commandline/stack_tasks/ ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/stack_rm.md b/edge/engine/reference/commandline/stack_rm.md deleted file mode 100644 index 025d540d37..0000000000 --- a/edge/engine/reference/commandline/stack_rm.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_stack_rm -title: docker stack rm ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/stack_services.md b/edge/engine/reference/commandline/stack_services.md deleted file mode 100644 index 3ef8e8c02a..0000000000 --- a/edge/engine/reference/commandline/stack_services.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_stack_services -title: docker stack services ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/start.md b/edge/engine/reference/commandline/start.md deleted file mode 100644 index 8e8579f708..0000000000 --- a/edge/engine/reference/commandline/start.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_start -title: docker start ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/stats.md b/edge/engine/reference/commandline/stats.md deleted file mode 100644 index ce0dcd7769..0000000000 --- a/edge/engine/reference/commandline/stats.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_stats -title: docker stats ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/stop.md b/edge/engine/reference/commandline/stop.md deleted file mode 100644 index 69cc341485..0000000000 --- a/edge/engine/reference/commandline/stop.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_stop -title: docker stop ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/swarm.md b/edge/engine/reference/commandline/swarm.md deleted file mode 100644 index fa39ef4304..0000000000 --- a/edge/engine/reference/commandline/swarm.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_swarm -title: docker swarm ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/swarm_ca.md b/edge/engine/reference/commandline/swarm_ca.md deleted file mode 100644 index b2a78f5336..0000000000 --- a/edge/engine/reference/commandline/swarm_ca.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_swarm_ca -title: docker swarm ca ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/swarm_init.md b/edge/engine/reference/commandline/swarm_init.md deleted file mode 100644 index 141da38d26..0000000000 --- a/edge/engine/reference/commandline/swarm_init.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_swarm_init -title: docker swarm init ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/swarm_join-token.md b/edge/engine/reference/commandline/swarm_join-token.md deleted file mode 100644 index 2a12012646..0000000000 --- a/edge/engine/reference/commandline/swarm_join-token.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_swarm_join-token -title: docker swarm join-token -redirect_from: -- /engine/reference/commandline/swarm_join_token/ ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/swarm_join.md b/edge/engine/reference/commandline/swarm_join.md deleted file mode 100644 index 7f448b72ed..0000000000 --- a/edge/engine/reference/commandline/swarm_join.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_swarm_join -title: docker swarm join ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/swarm_leave.md b/edge/engine/reference/commandline/swarm_leave.md deleted file mode 100644 index 7fcbe12b93..0000000000 --- a/edge/engine/reference/commandline/swarm_leave.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_swarm_leave -title: docker swarm leave ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/swarm_unlock-key.md b/edge/engine/reference/commandline/swarm_unlock-key.md deleted file mode 100644 index 521e5d8815..0000000000 --- a/edge/engine/reference/commandline/swarm_unlock-key.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_swarm_unlock-key -title: docker swarm unlock-key ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/swarm_unlock.md b/edge/engine/reference/commandline/swarm_unlock.md deleted file mode 100644 index 67ce9f84cc..0000000000 --- a/edge/engine/reference/commandline/swarm_unlock.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_swarm_unlock -title: docker swarm unlock ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/swarm_update.md b/edge/engine/reference/commandline/swarm_update.md deleted file mode 100644 index 8fc4f3e075..0000000000 --- a/edge/engine/reference/commandline/swarm_update.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_swarm_update -title: docker swarm update ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/system.md b/edge/engine/reference/commandline/system.md deleted file mode 100644 index 3e1f34fc06..0000000000 --- a/edge/engine/reference/commandline/system.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_system -title: docker system ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/system_df.md b/edge/engine/reference/commandline/system_df.md deleted file mode 100644 index ab14e2ee7a..0000000000 --- a/edge/engine/reference/commandline/system_df.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_system_df -title: docker system df ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/system_events.md b/edge/engine/reference/commandline/system_events.md deleted file mode 100644 index 061f73aae2..0000000000 --- a/edge/engine/reference/commandline/system_events.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_system_events -title: docker system events ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/system_info.md b/edge/engine/reference/commandline/system_info.md deleted file mode 100644 index 223ce5e3db..0000000000 --- a/edge/engine/reference/commandline/system_info.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_system_info -title: docker system info ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/system_prune.md b/edge/engine/reference/commandline/system_prune.md deleted file mode 100644 index 2519d1e298..0000000000 --- a/edge/engine/reference/commandline/system_prune.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_system_prune -title: docker system prune ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/tag.md b/edge/engine/reference/commandline/tag.md deleted file mode 100644 index aaff464367..0000000000 --- a/edge/engine/reference/commandline/tag.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_tag -title: docker tag ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/top.md b/edge/engine/reference/commandline/top.md deleted file mode 100644 index bac5a6545a..0000000000 --- a/edge/engine/reference/commandline/top.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_top -title: docker top ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust.md b/edge/engine/reference/commandline/trust.md deleted file mode 100644 index ca8f86a17c..0000000000 --- a/edge/engine/reference/commandline/trust.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_trust -title: docker trust ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_inspect.md b/edge/engine/reference/commandline/trust_inspect.md deleted file mode 100644 index af7bb4255b..0000000000 --- a/edge/engine/reference/commandline/trust_inspect.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_trust_inspect -title: docker trust inspect ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_key.md b/edge/engine/reference/commandline/trust_key.md deleted file mode 100644 index 6e9875a38a..0000000000 --- a/edge/engine/reference/commandline/trust_key.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_trust_key -title: docker trust key ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_key_generate.md b/edge/engine/reference/commandline/trust_key_generate.md deleted file mode 100644 index 42f188378a..0000000000 --- a/edge/engine/reference/commandline/trust_key_generate.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_trust_key_generate -title: docker trust key generate ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_key_load.md b/edge/engine/reference/commandline/trust_key_load.md deleted file mode 100644 index b2880bae0d..0000000000 --- a/edge/engine/reference/commandline/trust_key_load.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_trust_key_load -title: docker trust key load ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_revoke.md b/edge/engine/reference/commandline/trust_revoke.md deleted file mode 100644 index 8b6895241a..0000000000 --- a/edge/engine/reference/commandline/trust_revoke.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_trust_revoke -title: docker trust revoke ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_sign.md b/edge/engine/reference/commandline/trust_sign.md deleted file mode 100644 index 526e63d60c..0000000000 --- a/edge/engine/reference/commandline/trust_sign.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_trust_sign -title: docker trust sign ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_signer.md b/edge/engine/reference/commandline/trust_signer.md deleted file mode 100644 index 38c9f3d056..0000000000 --- a/edge/engine/reference/commandline/trust_signer.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_trust_signer -title: docker trust signer ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_signer_add.md b/edge/engine/reference/commandline/trust_signer_add.md deleted file mode 100644 index dc29f9daee..0000000000 --- a/edge/engine/reference/commandline/trust_signer_add.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_trust_signer_add -title: docker trust signer add ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_signer_remove.md b/edge/engine/reference/commandline/trust_signer_remove.md deleted file mode 100644 index 06ef4213f9..0000000000 --- a/edge/engine/reference/commandline/trust_signer_remove.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_trust_signer_remove -title: docker trust signer remove ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/unpause.md b/edge/engine/reference/commandline/unpause.md deleted file mode 100644 index 8ce49f37bc..0000000000 --- a/edge/engine/reference/commandline/unpause.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_unpause -title: docker unpause ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/update.md b/edge/engine/reference/commandline/update.md deleted file mode 100644 index 32bf17b4c3..0000000000 --- a/edge/engine/reference/commandline/update.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_update -title: docker update ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/version.md b/edge/engine/reference/commandline/version.md deleted file mode 100644 index 4bd0bacf52..0000000000 --- a/edge/engine/reference/commandline/version.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_version -title: docker version ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/volume.md b/edge/engine/reference/commandline/volume.md deleted file mode 100644 index 4901e3a9bc..0000000000 --- a/edge/engine/reference/commandline/volume.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_volume -title: docker volume ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/volume_create.md b/edge/engine/reference/commandline/volume_create.md deleted file mode 100644 index 31a4557bb6..0000000000 --- a/edge/engine/reference/commandline/volume_create.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_volume_create -title: docker volume create ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/volume_inspect.md b/edge/engine/reference/commandline/volume_inspect.md deleted file mode 100644 index 10cd58231d..0000000000 --- a/edge/engine/reference/commandline/volume_inspect.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_volume_inspect -title: docker volume inspect ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/volume_ls.md b/edge/engine/reference/commandline/volume_ls.md deleted file mode 100644 index 12817904a4..0000000000 --- a/edge/engine/reference/commandline/volume_ls.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_volume_ls -title: docker volume ls ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/volume_prune.md b/edge/engine/reference/commandline/volume_prune.md deleted file mode 100644 index e79321197e..0000000000 --- a/edge/engine/reference/commandline/volume_prune.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_volume_prune -title: docker volume prune ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/volume_rm.md b/edge/engine/reference/commandline/volume_rm.md deleted file mode 100644 index 0a3c59c07d..0000000000 --- a/edge/engine/reference/commandline/volume_rm.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_volume_rm -title: docker volume rm ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/wait.md b/edge/engine/reference/commandline/wait.md deleted file mode 100644 index b337135098..0000000000 --- a/edge/engine/reference/commandline/wait.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -datafolder: engine-cli-edge -datafile: docker_wait -title: docker wait ---- - - - -{% if page.datafolder contains '-edge' %} - {% include edge_only.md section="cliref" %} -{% endif %} -{% include cli.md datafolder=page.datafolder datafile=page.datafile %} From 048b1595a1218f0baeeb29f6b1bc141d70427edb Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 12 Jan 2019 03:48:01 +0100 Subject: [PATCH 153/361] Remove Engine Edge commandline YAML docs Signed-off-by: Sebastiaan van Stijn --- _data/engine-cli-edge/docker.yaml | 121 -- _data/engine-cli-edge/docker_attach.yaml | 166 -- _data/engine-cli-edge/docker_build.yaml | 580 ------- _data/engine-cli-edge/docker_checkpoint.yaml | 21 - .../docker_checkpoint_create.yaml | 31 - .../engine-cli-edge/docker_checkpoint_ls.yaml | 23 - .../engine-cli-edge/docker_checkpoint_rm.yaml | 23 - _data/engine-cli-edge/docker_commit.yaml | 133 -- _data/engine-cli-edge/docker_config.yaml | 23 - .../engine-cli-edge/docker_config_create.yaml | 31 - .../docker_config_inspect.yaml | 32 - _data/engine-cli-edge/docker_config_ls.yaml | 42 - _data/engine-cli-edge/docker_config_rm.yaml | 14 - _data/engine-cli-edge/docker_container.yaml | 64 - .../docker_container_attach.yaml | 39 - .../docker_container_commit.yaml | 50 - .../engine-cli-edge/docker_container_cp.yaml | 40 - .../docker_container_create.yaml | 852 --------- .../docker_container_diff.yaml | 12 - .../docker_container_exec.yaml | 89 - .../docker_container_export.yaml | 22 - .../docker_container_inspect.yaml | 32 - .../docker_container_kill.yaml | 23 - .../docker_container_logs.yaml | 70 - .../engine-cli-edge/docker_container_ls.yaml | 90 - .../docker_container_pause.yaml | 12 - .../docker_container_port.yaml | 12 - .../docker_container_prune.yaml | 116 -- .../docker_container_rename.yaml | 12 - .../docker_container_restart.yaml | 23 - .../engine-cli-edge/docker_container_rm.yaml | 43 - .../engine-cli-edge/docker_container_run.yaml | 879 ---------- .../docker_container_start.yaml | 57 - .../docker_container_stats.yaml | 49 - .../docker_container_stop.yaml | 23 - .../engine-cli-edge/docker_container_top.yaml | 12 - .../docker_container_unpause.yaml | 12 - .../docker_container_update.yaml | 142 -- .../docker_container_wait.yaml | 12 - _data/engine-cli-edge/docker_cp.yaml | 116 -- _data/engine-cli-edge/docker_create.yaml | 971 ----------- _data/engine-cli-edge/docker_deploy.yaml | 126 -- _data/engine-cli-edge/docker_diff.yaml | 49 - _data/engine-cli-edge/docker_events.yaml | 424 ----- _data/engine-cli-edge/docker_exec.yaml | 124 -- _data/engine-cli-edge/docker_export.yaml | 39 - _data/engine-cli-edge/docker_history.yaml | 105 -- _data/engine-cli-edge/docker_image.yaml | 38 - _data/engine-cli-edge/docker_image_build.yaml | 291 ---- .../engine-cli-edge/docker_image_history.yaml | 50 - .../engine-cli-edge/docker_image_import.yaml | 31 - .../engine-cli-edge/docker_image_inspect.yaml | 22 - _data/engine-cli-edge/docker_image_load.yaml | 32 - _data/engine-cli-edge/docker_image_ls.yaml | 69 - _data/engine-cli-edge/docker_image_prune.yaml | 214 --- _data/engine-cli-edge/docker_image_pull.yaml | 41 - _data/engine-cli-edge/docker_image_push.yaml | 22 - _data/engine-cli-edge/docker_image_rm.yaml | 33 - _data/engine-cli-edge/docker_image_save.yaml | 22 - _data/engine-cli-edge/docker_image_tag.yaml | 12 - _data/engine-cli-edge/docker_images.yaml | 370 ---- _data/engine-cli-edge/docker_import.yaml | 88 - _data/engine-cli-edge/docker_info.yaml | 236 --- _data/engine-cli-edge/docker_inspect.yaml | 104 -- _data/engine-cli-edge/docker_kill.yaml | 62 - _data/engine-cli-edge/docker_load.yaml | 62 - _data/engine-cli-edge/docker_login.yaml | 107 -- _data/engine-cli-edge/docker_logout.yaml | 16 - _data/engine-cli-edge/docker_logs.yaml | 119 -- _data/engine-cli-edge/docker_manifest.yaml | 133 -- .../docker_manifest_annotate.yaml | 46 - .../docker_manifest_create.yaml | 32 - .../docker_manifest_inspect.yaml | 32 - .../engine-cli-edge/docker_manifest_push.yaml | 32 - _data/engine-cli-edge/docker_network.yaml | 30 - .../docker_network_connect.yaml | 126 -- .../docker_network_create.yaml | 343 ---- .../docker_network_disconnect.yaml | 29 - .../docker_network_inspect.yaml | 34 - _data/engine-cli-edge/docker_network_ls.yaml | 132 -- .../engine-cli-edge/docker_network_prune.yaml | 98 -- _data/engine-cli-edge/docker_network_rm.yaml | 38 - _data/engine-cli-edge/docker_node.yaml | 29 - _data/engine-cli-edge/docker_node_demote.yaml | 19 - .../engine-cli-edge/docker_node_inspect.yaml | 73 - _data/engine-cli-edge/docker_node_ls.yaml | 93 - .../engine-cli-edge/docker_node_promote.yaml | 19 - _data/engine-cli-edge/docker_node_ps.yaml | 163 -- _data/engine-cli-edge/docker_node_rm.yaml | 60 - _data/engine-cli-edge/docker_node_update.yaml | 79 - _data/engine-cli-edge/docker_pause.yaml | 26 - _data/engine-cli-edge/docker_plugin.yaml | 35 - .../engine-cli-edge/docker_plugin_create.yaml | 47 - .../docker_plugin_disable.yaml | 50 - .../engine-cli-edge/docker_plugin_enable.yaml | 48 - .../docker_plugin_inspect.yaml | 145 -- .../docker_plugin_install.yaml | 78 - _data/engine-cli-edge/docker_plugin_ls.yaml | 120 -- _data/engine-cli-edge/docker_plugin_push.yaml | 39 - _data/engine-cli-edge/docker_plugin_rm.yaml | 42 - _data/engine-cli-edge/docker_plugin_set.yaml | 89 - .../docker_plugin_upgrade.yaml | 97 -- _data/engine-cli-edge/docker_port.yaml | 32 - _data/engine-cli-edge/docker_ps.yaml | 472 ----- _data/engine-cli-edge/docker_pull.yaml | 263 --- _data/engine-cli-edge/docker_push.yaml | 63 - _data/engine-cli-edge/docker_rename.yaml | 16 - _data/engine-cli-edge/docker_restart.yaml | 27 - _data/engine-cli-edge/docker_rm.yaml | 113 -- _data/engine-cli-edge/docker_rmi.yaml | 108 -- _data/engine-cli-edge/docker_run.yaml | 1542 ----------------- _data/engine-cli-edge/docker_save.yaml | 53 - _data/engine-cli-edge/docker_search.yaml | 154 -- _data/engine-cli-edge/docker_secret.yaml | 23 - .../engine-cli-edge/docker_secret_create.yaml | 102 -- .../docker_secret_inspect.yaml | 89 - _data/engine-cli-edge/docker_secret_ls.yaml | 157 -- _data/engine-cli-edge/docker_secret_rm.yaml | 28 - _data/engine-cli-edge/docker_service.yaml | 33 - .../docker_service_create.yaml | 952 ---------- .../docker_service_inspect.yaml | 71 - .../engine-cli-edge/docker_service_logs.yaml | 139 -- _data/engine-cli-edge/docker_service_ls.yaml | 160 -- _data/engine-cli-edge/docker_service_ps.yaml | 207 --- _data/engine-cli-edge/docker_service_rm.yaml | 31 - .../docker_service_rollback.yaml | 87 - .../engine-cli-edge/docker_service_scale.yaml | 90 - .../docker_service_update.yaml | 920 ---------- _data/engine-cli-edge/docker_stack.yaml | 43 - .../engine-cli-edge/docker_stack_deploy.yaml | 181 -- _data/engine-cli-edge/docker_stack_ls.yaml | 75 - _data/engine-cli-edge/docker_stack_ps.yaml | 265 --- _data/engine-cli-edge/docker_stack_rm.yaml | 70 - .../docker_stack_services.yaml | 122 -- _data/engine-cli-edge/docker_start.yaml | 61 - _data/engine-cli-edge/docker_stats.yaml | 188 -- _data/engine-cli-edge/docker_stop.yaml | 29 - _data/engine-cli-edge/docker_swarm.yaml | 31 - _data/engine-cli-edge/docker_swarm_ca.yaml | 156 -- _data/engine-cli-edge/docker_swarm_init.yaml | 238 --- .../docker_swarm_join-token.yaml | 33 - _data/engine-cli-edge/docker_swarm_join.yaml | 144 -- _data/engine-cli-edge/docker_swarm_leave.yaml | 54 - .../docker_swarm_unlock-key.yaml | 33 - .../engine-cli-edge/docker_swarm_unlock.yaml | 22 - .../engine-cli-edge/docker_swarm_update.yaml | 83 - _data/engine-cli-edge/docker_system.yaml | 22 - _data/engine-cli-edge/docker_system_df.yaml | 79 - .../engine-cli-edge/docker_system_events.yaml | 357 ---- _data/engine-cli-edge/docker_system_info.yaml | 22 - .../engine-cli-edge/docker_system_prune.yaml | 159 -- _data/engine-cli-edge/docker_tag.yaml | 66 - _data/engine-cli-edge/docker_top.yaml | 12 - _data/engine-cli-edge/docker_trust.yaml | 24 - .../engine-cli-edge/docker_trust_inspect.yaml | 173 -- _data/engine-cli-edge/docker_trust_key.yaml | 18 - .../docker_trust_key_generate.yaml | 21 - .../docker_trust_key_load.yaml | 22 - .../engine-cli-edge/docker_trust_revoke.yaml | 61 - _data/engine-cli-edge/docker_trust_sign.yaml | 60 - .../engine-cli-edge/docker_trust_signer.yaml | 18 - .../docker_trust_signer_add.yaml | 21 - .../docker_trust_signer_remove.yaml | 24 - _data/engine-cli-edge/docker_unpause.yaml | 23 - _data/engine-cli-edge/docker_update.yaml | 225 --- _data/engine-cli-edge/docker_version.yaml | 74 - _data/engine-cli-edge/docker_volume.yaml | 27 - .../engine-cli-edge/docker_volume_create.yaml | 134 -- .../docker_volume_inspect.yaml | 45 - _data/engine-cli-edge/docker_volume_ls.yaml | 193 --- .../engine-cli-edge/docker_volume_prune.yaml | 45 - _data/engine-cli-edge/docker_volume_rm.yaml | 31 - _data/engine-cli-edge/docker_wait.yaml | 40 - 173 files changed, 20234 deletions(-) delete mode 100644 _data/engine-cli-edge/docker.yaml delete mode 100644 _data/engine-cli-edge/docker_attach.yaml delete mode 100644 _data/engine-cli-edge/docker_build.yaml delete mode 100644 _data/engine-cli-edge/docker_checkpoint.yaml delete mode 100644 _data/engine-cli-edge/docker_checkpoint_create.yaml delete mode 100644 _data/engine-cli-edge/docker_checkpoint_ls.yaml delete mode 100644 _data/engine-cli-edge/docker_checkpoint_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_commit.yaml delete mode 100644 _data/engine-cli-edge/docker_config.yaml delete mode 100644 _data/engine-cli-edge/docker_config_create.yaml delete mode 100644 _data/engine-cli-edge/docker_config_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_config_ls.yaml delete mode 100644 _data/engine-cli-edge/docker_config_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_container.yaml delete mode 100644 _data/engine-cli-edge/docker_container_attach.yaml delete mode 100644 _data/engine-cli-edge/docker_container_commit.yaml delete mode 100644 _data/engine-cli-edge/docker_container_cp.yaml delete mode 100644 _data/engine-cli-edge/docker_container_create.yaml delete mode 100644 _data/engine-cli-edge/docker_container_diff.yaml delete mode 100644 _data/engine-cli-edge/docker_container_exec.yaml delete mode 100644 _data/engine-cli-edge/docker_container_export.yaml delete mode 100644 _data/engine-cli-edge/docker_container_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_container_kill.yaml delete mode 100644 _data/engine-cli-edge/docker_container_logs.yaml delete mode 100644 _data/engine-cli-edge/docker_container_ls.yaml delete mode 100644 _data/engine-cli-edge/docker_container_pause.yaml delete mode 100644 _data/engine-cli-edge/docker_container_port.yaml delete mode 100644 _data/engine-cli-edge/docker_container_prune.yaml delete mode 100644 _data/engine-cli-edge/docker_container_rename.yaml delete mode 100644 _data/engine-cli-edge/docker_container_restart.yaml delete mode 100644 _data/engine-cli-edge/docker_container_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_container_run.yaml delete mode 100644 _data/engine-cli-edge/docker_container_start.yaml delete mode 100644 _data/engine-cli-edge/docker_container_stats.yaml delete mode 100644 _data/engine-cli-edge/docker_container_stop.yaml delete mode 100644 _data/engine-cli-edge/docker_container_top.yaml delete mode 100644 _data/engine-cli-edge/docker_container_unpause.yaml delete mode 100644 _data/engine-cli-edge/docker_container_update.yaml delete mode 100644 _data/engine-cli-edge/docker_container_wait.yaml delete mode 100644 _data/engine-cli-edge/docker_cp.yaml delete mode 100644 _data/engine-cli-edge/docker_create.yaml delete mode 100644 _data/engine-cli-edge/docker_deploy.yaml delete mode 100644 _data/engine-cli-edge/docker_diff.yaml delete mode 100644 _data/engine-cli-edge/docker_events.yaml delete mode 100644 _data/engine-cli-edge/docker_exec.yaml delete mode 100644 _data/engine-cli-edge/docker_export.yaml delete mode 100644 _data/engine-cli-edge/docker_history.yaml delete mode 100644 _data/engine-cli-edge/docker_image.yaml delete mode 100644 _data/engine-cli-edge/docker_image_build.yaml delete mode 100644 _data/engine-cli-edge/docker_image_history.yaml delete mode 100644 _data/engine-cli-edge/docker_image_import.yaml delete mode 100644 _data/engine-cli-edge/docker_image_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_image_load.yaml delete mode 100644 _data/engine-cli-edge/docker_image_ls.yaml delete mode 100644 _data/engine-cli-edge/docker_image_prune.yaml delete mode 100644 _data/engine-cli-edge/docker_image_pull.yaml delete mode 100644 _data/engine-cli-edge/docker_image_push.yaml delete mode 100644 _data/engine-cli-edge/docker_image_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_image_save.yaml delete mode 100644 _data/engine-cli-edge/docker_image_tag.yaml delete mode 100644 _data/engine-cli-edge/docker_images.yaml delete mode 100644 _data/engine-cli-edge/docker_import.yaml delete mode 100644 _data/engine-cli-edge/docker_info.yaml delete mode 100644 _data/engine-cli-edge/docker_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_kill.yaml delete mode 100644 _data/engine-cli-edge/docker_load.yaml delete mode 100644 _data/engine-cli-edge/docker_login.yaml delete mode 100644 _data/engine-cli-edge/docker_logout.yaml delete mode 100644 _data/engine-cli-edge/docker_logs.yaml delete mode 100644 _data/engine-cli-edge/docker_manifest.yaml delete mode 100644 _data/engine-cli-edge/docker_manifest_annotate.yaml delete mode 100644 _data/engine-cli-edge/docker_manifest_create.yaml delete mode 100644 _data/engine-cli-edge/docker_manifest_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_manifest_push.yaml delete mode 100644 _data/engine-cli-edge/docker_network.yaml delete mode 100644 _data/engine-cli-edge/docker_network_connect.yaml delete mode 100644 _data/engine-cli-edge/docker_network_create.yaml delete mode 100644 _data/engine-cli-edge/docker_network_disconnect.yaml delete mode 100644 _data/engine-cli-edge/docker_network_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_network_ls.yaml delete mode 100644 _data/engine-cli-edge/docker_network_prune.yaml delete mode 100644 _data/engine-cli-edge/docker_network_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_node.yaml delete mode 100644 _data/engine-cli-edge/docker_node_demote.yaml delete mode 100644 _data/engine-cli-edge/docker_node_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_node_ls.yaml delete mode 100644 _data/engine-cli-edge/docker_node_promote.yaml delete mode 100644 _data/engine-cli-edge/docker_node_ps.yaml delete mode 100644 _data/engine-cli-edge/docker_node_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_node_update.yaml delete mode 100644 _data/engine-cli-edge/docker_pause.yaml delete mode 100644 _data/engine-cli-edge/docker_plugin.yaml delete mode 100644 _data/engine-cli-edge/docker_plugin_create.yaml delete mode 100644 _data/engine-cli-edge/docker_plugin_disable.yaml delete mode 100644 _data/engine-cli-edge/docker_plugin_enable.yaml delete mode 100644 _data/engine-cli-edge/docker_plugin_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_plugin_install.yaml delete mode 100644 _data/engine-cli-edge/docker_plugin_ls.yaml delete mode 100644 _data/engine-cli-edge/docker_plugin_push.yaml delete mode 100644 _data/engine-cli-edge/docker_plugin_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_plugin_set.yaml delete mode 100644 _data/engine-cli-edge/docker_plugin_upgrade.yaml delete mode 100644 _data/engine-cli-edge/docker_port.yaml delete mode 100644 _data/engine-cli-edge/docker_ps.yaml delete mode 100644 _data/engine-cli-edge/docker_pull.yaml delete mode 100644 _data/engine-cli-edge/docker_push.yaml delete mode 100644 _data/engine-cli-edge/docker_rename.yaml delete mode 100644 _data/engine-cli-edge/docker_restart.yaml delete mode 100644 _data/engine-cli-edge/docker_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_rmi.yaml delete mode 100644 _data/engine-cli-edge/docker_run.yaml delete mode 100644 _data/engine-cli-edge/docker_save.yaml delete mode 100644 _data/engine-cli-edge/docker_search.yaml delete mode 100644 _data/engine-cli-edge/docker_secret.yaml delete mode 100644 _data/engine-cli-edge/docker_secret_create.yaml delete mode 100644 _data/engine-cli-edge/docker_secret_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_secret_ls.yaml delete mode 100644 _data/engine-cli-edge/docker_secret_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_service.yaml delete mode 100644 _data/engine-cli-edge/docker_service_create.yaml delete mode 100644 _data/engine-cli-edge/docker_service_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_service_logs.yaml delete mode 100644 _data/engine-cli-edge/docker_service_ls.yaml delete mode 100644 _data/engine-cli-edge/docker_service_ps.yaml delete mode 100644 _data/engine-cli-edge/docker_service_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_service_rollback.yaml delete mode 100644 _data/engine-cli-edge/docker_service_scale.yaml delete mode 100644 _data/engine-cli-edge/docker_service_update.yaml delete mode 100644 _data/engine-cli-edge/docker_stack.yaml delete mode 100644 _data/engine-cli-edge/docker_stack_deploy.yaml delete mode 100644 _data/engine-cli-edge/docker_stack_ls.yaml delete mode 100644 _data/engine-cli-edge/docker_stack_ps.yaml delete mode 100644 _data/engine-cli-edge/docker_stack_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_stack_services.yaml delete mode 100644 _data/engine-cli-edge/docker_start.yaml delete mode 100644 _data/engine-cli-edge/docker_stats.yaml delete mode 100644 _data/engine-cli-edge/docker_stop.yaml delete mode 100644 _data/engine-cli-edge/docker_swarm.yaml delete mode 100644 _data/engine-cli-edge/docker_swarm_ca.yaml delete mode 100644 _data/engine-cli-edge/docker_swarm_init.yaml delete mode 100644 _data/engine-cli-edge/docker_swarm_join-token.yaml delete mode 100644 _data/engine-cli-edge/docker_swarm_join.yaml delete mode 100644 _data/engine-cli-edge/docker_swarm_leave.yaml delete mode 100644 _data/engine-cli-edge/docker_swarm_unlock-key.yaml delete mode 100644 _data/engine-cli-edge/docker_swarm_unlock.yaml delete mode 100644 _data/engine-cli-edge/docker_swarm_update.yaml delete mode 100644 _data/engine-cli-edge/docker_system.yaml delete mode 100644 _data/engine-cli-edge/docker_system_df.yaml delete mode 100644 _data/engine-cli-edge/docker_system_events.yaml delete mode 100644 _data/engine-cli-edge/docker_system_info.yaml delete mode 100644 _data/engine-cli-edge/docker_system_prune.yaml delete mode 100644 _data/engine-cli-edge/docker_tag.yaml delete mode 100644 _data/engine-cli-edge/docker_top.yaml delete mode 100644 _data/engine-cli-edge/docker_trust.yaml delete mode 100644 _data/engine-cli-edge/docker_trust_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_trust_key.yaml delete mode 100644 _data/engine-cli-edge/docker_trust_key_generate.yaml delete mode 100644 _data/engine-cli-edge/docker_trust_key_load.yaml delete mode 100644 _data/engine-cli-edge/docker_trust_revoke.yaml delete mode 100644 _data/engine-cli-edge/docker_trust_sign.yaml delete mode 100644 _data/engine-cli-edge/docker_trust_signer.yaml delete mode 100644 _data/engine-cli-edge/docker_trust_signer_add.yaml delete mode 100644 _data/engine-cli-edge/docker_trust_signer_remove.yaml delete mode 100644 _data/engine-cli-edge/docker_unpause.yaml delete mode 100644 _data/engine-cli-edge/docker_update.yaml delete mode 100644 _data/engine-cli-edge/docker_version.yaml delete mode 100644 _data/engine-cli-edge/docker_volume.yaml delete mode 100644 _data/engine-cli-edge/docker_volume_create.yaml delete mode 100644 _data/engine-cli-edge/docker_volume_inspect.yaml delete mode 100644 _data/engine-cli-edge/docker_volume_ls.yaml delete mode 100644 _data/engine-cli-edge/docker_volume_prune.yaml delete mode 100644 _data/engine-cli-edge/docker_volume_rm.yaml delete mode 100644 _data/engine-cli-edge/docker_wait.yaml diff --git a/_data/engine-cli-edge/docker.yaml b/_data/engine-cli-edge/docker.yaml deleted file mode 100644 index cfed41624a..0000000000 --- a/_data/engine-cli-edge/docker.yaml +++ /dev/null @@ -1,121 +0,0 @@ -command: docker -cname: -- docker attach -- docker build -- docker checkpoint -- docker commit -- docker config -- docker container -- docker cp -- docker create -- docker deploy -- docker diff -- docker events -- docker exec -- docker export -- docker history -- docker image -- docker images -- docker import -- docker info -- docker inspect -- docker kill -- docker load -- docker login -- docker logout -- docker logs -- docker manifest -- docker network -- docker node -- docker pause -- docker plugin -- docker port -- docker ps -- docker pull -- docker push -- docker rename -- docker restart -- docker rm -- docker rmi -- docker run -- docker save -- docker search -- docker secret -- docker service -- docker stack -- docker start -- docker stats -- docker stop -- docker swarm -- docker system -- docker tag -- docker top -- docker trust -- docker unpause -- docker update -- docker version -- docker volume -- docker wait -clink: -- docker_attach.yaml -- docker_build.yaml -- docker_checkpoint.yaml -- docker_commit.yaml -- docker_config.yaml -- docker_container.yaml -- docker_cp.yaml -- docker_create.yaml -- docker_deploy.yaml -- docker_diff.yaml -- docker_events.yaml -- docker_exec.yaml -- docker_export.yaml -- docker_history.yaml -- docker_image.yaml -- docker_images.yaml -- docker_import.yaml -- docker_info.yaml -- docker_inspect.yaml -- docker_kill.yaml -- docker_load.yaml -- docker_login.yaml -- docker_logout.yaml -- docker_logs.yaml -- docker_manifest.yaml -- docker_network.yaml -- docker_node.yaml -- docker_pause.yaml -- docker_plugin.yaml -- docker_port.yaml -- docker_ps.yaml -- docker_pull.yaml -- docker_push.yaml -- docker_rename.yaml -- docker_restart.yaml -- docker_rm.yaml -- docker_rmi.yaml -- docker_run.yaml -- docker_save.yaml -- docker_search.yaml -- docker_secret.yaml -- docker_service.yaml -- docker_stack.yaml -- docker_start.yaml -- docker_stats.yaml -- docker_stop.yaml -- docker_swarm.yaml -- docker_system.yaml -- docker_tag.yaml -- docker_top.yaml -- docker_trust.yaml -- docker_unpause.yaml -- docker_update.yaml -- docker_version.yaml -- docker_volume.yaml -- docker_wait.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_attach.yaml b/_data/engine-cli-edge/docker_attach.yaml deleted file mode 100644 index 9497cb5cb4..0000000000 --- a/_data/engine-cli-edge/docker_attach.yaml +++ /dev/null @@ -1,166 +0,0 @@ -command: docker attach -short: Attach local standard input, output, and error streams to a running container -long: |- - Use `docker attach` to attach your terminal's standard input, output, and error - (or any combination of the three) to a running container using the container's - ID or name. This allows you to view its ongoing output or to control it - interactively, as though the commands were running directly in your terminal. - - > **Note:** - > The `attach` command will display the output of the `ENTRYPOINT/CMD` process. This - > can appear as if the attach command is hung when in fact the process may simply - > not be interacting with the terminal at that time. - - You can attach to the same contained process multiple times simultaneously, - from different sessions on the Docker host. - - To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the - container. If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to - the container. You can detach from a container and leave it running using the - `CTRL-p CTRL-q` key sequence. - - > **Note:** - > A process running as PID 1 inside a container is treated specially by - > Linux: it ignores any signal with the default action. So, the process - > will not terminate on `SIGINT` or `SIGTERM` unless it is coded to do - > so. - - It is forbidden to redirect the standard input of a `docker attach` command - while attaching to a tty-enabled container (i.e.: launched with `-t`). - - While a client is connected to container's stdio using `docker attach`, Docker - uses a ~1MB memory buffer to maximize the throughput of the application. If - this buffer is filled, the speed of the API connection will start to have an - effect on the process output writing speed. This is similar to other - applications like SSH. Because of this, it is not recommended to run - performance critical applications that generate a lot of output in the - foreground over a slow client connection. Instead, users should use the - `docker logs` command to get access to the logs. - - ### Override the detach sequence - - If you want, you can configure an override the Docker key sequence for detach. - This is useful if the Docker default sequence conflicts with key sequence you - use for other applications. There are two ways to define your own detach key - sequence, as a per-container override or as a configuration property on your - entire configuration. - - To override the sequence for an individual container, use the - `--detach-keys=""` flag with the `docker attach` command. The format of - the `` is either a letter [a-Z], or the `ctrl-` combined with any of - the following: - - * `a-z` (a single lowercase alpha character ) - * `@` (at sign) - * `[` (left bracket) - * `\\` (two backward slashes) - * `_` (underscore) - * `^` (caret) - - These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key - sequences. To configure a different configuration default key sequence for all - containers, see [**Configuration file** section](cli.md#configuration-files). -usage: docker attach [OPTIONS] CONTAINER -pname: docker -plink: docker.yaml -options: -- option: detach-keys - value_type: string - description: Override the key sequence for detaching a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-stdin - value_type: bool - default_value: "false" - description: Do not attach STDIN - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: sig-proxy - value_type: bool - default_value: "true" - description: Proxy all received signals to the process - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Attach to and detach from a running container - - ```bash - $ docker run -d --name topdemo ubuntu /usr/bin/top -b - - $ docker attach topdemo - - top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355560k used, 18012k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221740k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top - - top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355244k used, 18328k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - - - top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355780k used, 17792k free, 27880k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - ^C$ - - $ echo $? - 0 - $ docker ps -a | grep topdemo - - 7998ac8581f9 ubuntu:14.04 "/usr/bin/top -b" 38 seconds ago Exited (0) 21 seconds ago topdemo - ``` - - ### Get the exit code of the container's command - - And in this second example, you can see the exit code returned by the `bash` - process is returned by the `docker attach` command to its caller too: - - ```bash - $ docker run --name test -d -it debian - - 275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab - - $ docker attach test - - root@f38c87f2a42d:/# exit 13 - - exit - - $ echo $? - - 13 - - $ docker ps -a | grep test - - 275c44472aeb debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_build.yaml b/_data/engine-cli-edge/docker_build.yaml deleted file mode 100644 index 9955ac989b..0000000000 --- a/_data/engine-cli-edge/docker_build.yaml +++ /dev/null @@ -1,580 +0,0 @@ -command: docker build -short: Build an image from a Dockerfile -long: |- - The `docker build` command builds Docker images from a Dockerfile and a - "context". A build's context is the set of files located in the specified - `PATH` or `URL`. The build process can refer to any of the files in the - context. For example, your build can use a [*COPY*](../builder.md#copy) - instruction to reference a file in the context. - - The `URL` parameter can refer to three kinds of resources: Git repositories, - pre-packaged tarball contexts and plain text files. - - ### Git repositories - - When the `URL` parameter points to the location of a Git repository, the - repository acts as the build context. The system recursively fetches the - repository and its submodules. The commit history is not preserved. A - repository is first pulled into a temporary directory on your local host. After - that succeeds, the directory is sent to the Docker daemon as the context. - Local copy gives you the ability to access private repositories using local - user credentials, VPN's, and so forth. - - > **Note:** - > If the `URL` parameter contains a fragment the system will recursively clone - > the repository and its submodules using a `git clone --recursive` command. - - Git URLs accept context configuration in their fragment section, separated by a - colon `:`. The first part represents the reference that Git will check out, - and can be either a branch, a tag, or a remote reference. The second part - represents a subdirectory inside the repository that will be used as a build - context. - - For example, run this command to use a directory called `docker` in the branch - `container`: - - ```bash - $ docker build https://github.com/docker/rootfs.git#container:docker - ``` - - The following table represents all the valid suffixes with their build - contexts: - - Build Syntax Suffix | Commit Used | Build Context Used - --------------------------------|-----------------------|------------------- - `myrepo.git` | `refs/heads/master` | `/` - `myrepo.git#mytag` | `refs/tags/mytag` | `/` - `myrepo.git#mybranch` | `refs/heads/mybranch` | `/` - `myrepo.git#pull/42/head` | `refs/pull/42/head` | `/` - `myrepo.git#:myfolder` | `refs/heads/master` | `/myfolder` - `myrepo.git#master:myfolder` | `refs/heads/master` | `/myfolder` - `myrepo.git#mytag:myfolder` | `refs/tags/mytag` | `/myfolder` - `myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder` - - - ### Tarball contexts - - If you pass an URL to a remote tarball, the URL itself is sent to the daemon: - - ```bash - $ docker build http://server/context.tar.gz - ``` - - The download operation will be performed on the host the Docker daemon is - running on, which is not necessarily the same host from which the build command - is being issued. The Docker daemon will fetch `context.tar.gz` and use it as the - build context. Tarball contexts must be tar archives conforming to the standard - `tar` UNIX format and can be compressed with any one of the 'xz', 'bzip2', - 'gzip' or 'identity' (no compression) formats. - - ### Text files - - Instead of specifying a context, you can pass a single `Dockerfile` in the - `URL` or pipe the file in via `STDIN`. To pipe a `Dockerfile` from `STDIN`: - - ```bash - $ docker build - < Dockerfile - ``` - - With Powershell on Windows, you can run: - - ```powershell - Get-Content Dockerfile | docker build - - ``` - - If you use `STDIN` or specify a `URL` pointing to a plain text file, the system - places the contents into a file called `Dockerfile`, and any `-f`, `--file` - option is ignored. In this scenario, there is no context. - - By default the `docker build` command will look for a `Dockerfile` at the root - of the build context. The `-f`, `--file`, option lets you specify the path to - an alternative file to use instead. This is useful in cases where the same set - of files are used for multiple builds. The path must be to a file within the - build context. If a relative path is specified then it is interpreted as - relative to the root of the context. - - In most cases, it's best to put each Dockerfile in an empty directory. Then, - add to that directory only the files needed for building the Dockerfile. To - increase the build's performance, you can exclude files and directories by - adding a `.dockerignore` file to that directory as well. For information on - creating one, see the [.dockerignore file](../builder.md#dockerignore-file). - - If the Docker client loses connection to the daemon, the build is canceled. - This happens if you interrupt the Docker client with `CTRL-c` or if the Docker - client is killed for any reason. If the build initiated a pull which is still - running at the time the build is cancelled, the pull is cancelled as well. -usage: docker build [OPTIONS] PATH | URL | - -pname: docker -plink: docker.yaml -options: -- option: add-host - value_type: list - description: Add a custom host-to-IP mapping (host:ip) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: build-arg - value_type: list - description: Set build-time variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cache-from - value_type: stringSlice - default_value: '[]' - description: Images to consider as cache sources - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cgroup-parent - value_type: string - description: Optional parent cgroup for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: compress - value_type: bool - default_value: "false" - description: Compress the build context using gzip - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-period - value_type: int64 - default_value: "0" - description: Limit the CPU CFS (Completely Fair Scheduler) period - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-quota - value_type: int64 - default_value: "0" - description: Limit the CPU CFS (Completely Fair Scheduler) quota - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-shares - shorthand: c - value_type: int64 - default_value: "0" - description: CPU shares (relative weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-cpus - value_type: string - description: CPUs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-mems - value_type: string - description: MEMs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image verification - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: file - shorthand: f - value_type: string - description: Name of the Dockerfile (Default is 'PATH/Dockerfile') - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: force-rm - value_type: bool - default_value: "false" - description: Always remove intermediate containers - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: iidfile - value_type: string - description: Write the image ID to the file - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: isolation - value_type: string - description: Container isolation technology - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label - value_type: list - description: Set metadata for an image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory - shorthand: m - value_type: bytes - default_value: "0" - description: Memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swap - value_type: bytes - default_value: "0" - description: | - Swap limit equal to memory plus swap: '-1' to enable unlimited swap - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network - value_type: string - default_value: default - description: | - Set the networking mode for the RUN instructions during build - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-cache - value_type: bool - default_value: "false" - description: Do not use cache when building the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: platform - value_type: string - description: Set platform if server is multi-platform capable - deprecated: false - min_api_version: "1.32" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: pull - value_type: bool - default_value: "false" - description: Always attempt to pull a newer version of the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Suppress the build output and print image ID on success - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rm - value_type: bool - default_value: "true" - description: Remove intermediate containers after a successful build - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: security-opt - value_type: stringSlice - default_value: '[]' - description: Security options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: shm-size - value_type: bytes - default_value: "0" - description: Size of /dev/shm - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: squash - value_type: bool - default_value: "false" - description: Squash newly built layers into a single new layer - deprecated: false - min_api_version: "1.25" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: stream - value_type: bool - default_value: "false" - description: Stream attaches to server to negotiate build context - deprecated: false - min_api_version: "1.31" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: tag - shorthand: t - value_type: list - description: Name and optionally a tag in the 'name:tag' format - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: target - value_type: string - description: Set the target build stage to build. - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ulimit - value_type: ulimit - default_value: '[]' - description: Ulimit options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: "### Build with PATH\n\n```bash\n$ docker build .\n\nUploading context 10240 - bytes\nStep 1/3 : FROM busybox\nPulling repository busybox\n ---> e9aa60c60128MB/2.284 - MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/\nStep 2/3 : RUN ls -lh - /\n ---> Running in 9c9e81692ae9\ntotal 24\ndrwxr-xr-x 2 root root 4.0K - Mar 12 2013 bin\ndrwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev\ndrwxr-xr-x - \ 2 root root 4.0K Oct 19 00:19 etc\ndrwxr-xr-x 2 root root - \ 4.0K Nov 15 23:34 lib\nlrwxrwxrwx 1 root root 3 Mar 12 - \ 2013 lib64 -> lib\ndr-xr-xr-x 116 root root 0 Nov 15 23:34 proc\nlrwxrwxrwx - \ 1 root root 3 Mar 12 2013 sbin -> bin\ndr-xr-xr-x 13 root root - \ 0 Nov 15 23:34 sys\ndrwxr-xr-x 2 root root 4.0K Mar 12 - \ 2013 tmp\ndrwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr\n ---> b35f4035db3f\nStep - 3/3 : CMD echo Hello world\n ---> Running in 02071fceb21b\n ---> f52f38b7823e\nSuccessfully - built f52f38b7823e\nRemoving intermediate container 9c9e81692ae9\nRemoving intermediate - container 02071fceb21b\n```\n\nThis example specifies that the `PATH` is `.`, and - so all the files in the\nlocal directory get `tar`d and sent to the Docker daemon. - The `PATH` specifies\nwhere to find the files for the \"context\" of the build on - the Docker daemon.\nRemember that the daemon could be running on a remote machine - and that no\nparsing of the Dockerfile happens at the client side (where you're - running\n`docker build`). That means that *all* the files at `PATH` get sent, not - just\nthe ones listed to [*ADD*](../builder.md#add) in the Dockerfile.\n\nThe transfer - of context from the local machine to the Docker daemon is what the\n`docker` client - means when you see the \"Sending build context\" message.\n\nIf you wish to keep - the intermediate containers after the build is complete,\nyou must use `--rm=false`. - This does not affect the build cache.\n\n### Build with URL\n\n```bash\n$ docker - build github.com/creack/docker-firefox\n```\n\nThis will clone the GitHub repository - and use the cloned repository as context.\nThe Dockerfile at the root of the repository - is used as Dockerfile. You can\nspecify an arbitrary Git repository by using the - `git://` or `git@` scheme.\n\n```bash\n$ docker build -f ctx/Dockerfile http://server/ctx.tar.gz\n\nDownloading - context: http://server/ctx.tar.gz [===================>] 240 B/240 B\nStep 1/3 - : FROM busybox\n ---> 8c2e06607696\nStep 2/3 : ADD ctx/container.cfg /\n ---> e7829950cee3\nRemoving - intermediate container b35224abf821\nStep 3/3 : CMD /bin/ls\n ---> Running in fbc63d321d73\n - ---> 3286931702ad\nRemoving intermediate container fbc63d321d73\nSuccessfully built - 377c409b35e4\n```\n\nThis sends the URL `http://server/ctx.tar.gz` to the Docker - daemon, which\ndownloads and extracts the referenced tarball. The `-f ctx/Dockerfile`\nparameter - specifies a path inside `ctx.tar.gz` to the `Dockerfile` that is used\nto build - the image. Any `ADD` commands in that `Dockerfile` that refers to local\npaths must - be relative to the root of the contents inside `ctx.tar.gz`. In the\nexample above, - the tarball contains a directory `ctx/`, so the `ADD\nctx/container.cfg /` operation - works as expected.\n\n### Build with -\n\n```bash\n$ docker build - < Dockerfile\n```\n\nThis - will read a Dockerfile from `STDIN` without context. Due to the lack of a\ncontext, - no contents of any local directory will be sent to the Docker daemon.\nSince there - is no context, a Dockerfile `ADD` only works if it refers to a\nremote URL.\n\n```bash\n$ - docker build - < context.tar.gz\n```\n\nThis will build an image for a compressed - context read from `STDIN`. Supported\nformats are: bzip2, gzip and xz.\n\n### Use - a .dockerignore file\n\n```bash\n$ docker build .\n\nUploading context 18.829 MB\nUploading - context\nStep 1/2 : FROM busybox\n ---> 769b9341d937\nStep 2/2 : CMD echo Hello - world\n ---> Using cache\n ---> 99cc1ad10469\nSuccessfully built 99cc1ad10469\n$ - echo \".git\" > .dockerignore\n$ docker build .\nUploading context 6.76 MB\nUploading - context\nStep 1/2 : FROM busybox\n ---> 769b9341d937\nStep 2/2 : CMD echo Hello - world\n ---> Using cache\n ---> 99cc1ad10469\nSuccessfully built 99cc1ad10469\n```\n\nThis - example shows the use of the `.dockerignore` file to exclude the `.git`\ndirectory - from the context. Its effect can be seen in the changed size of the\nuploaded context. - The builder reference contains detailed information on\n[creating a .dockerignore - file](../builder.md#dockerignore-file)\n\n### Tag an image (-t)\n\n```bash\n$ docker - build -t vieux/apache:2.0 .\n```\n\nThis will build like the previous example, but - it will then tag the resulting\nimage. The repository name will be `vieux/apache` - and the tag will be `2.0`.\n[Read more about valid tags](tag.md).\n\nYou can apply - multiple tags to an image. For example, you can apply the `latest`\ntag to a newly - built image and add another tag that references a specific\nversion.\nFor example, - to tag an image both as `whenry/fedora-jboss:latest` and\n`whenry/fedora-jboss:v2.1`, - use the following:\n\n```bash\n$ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 - .\n```\n\n### Specify a Dockerfile (-f)\n\n```bash\n$ docker build -f Dockerfile.debug - .\n```\n\nThis will use a file called `Dockerfile.debug` for the build instructions\ninstead - of `Dockerfile`.\n\n```bash\n$ curl example.com/remote/Dockerfile | docker build - -f - .\n```\n\nThe above command will use the current directory as the build context - and read\na Dockerfile from stdin.\n\n```bash\n$ docker build -f dockerfiles/Dockerfile.debug - -t myapp_debug .\n$ docker build -f dockerfiles/Dockerfile.prod -t myapp_prod .\n```\n\nThe - above commands will build the current build context (as specified by the\n`.`) twice, - once using a debug version of a `Dockerfile` and once using a\nproduction version.\n\n```bash\n$ - cd /home/me/myapp/some/dir/really/deep\n$ docker build -f /home/me/myapp/dockerfiles/debug - /home/me/myapp\n$ docker build -f ../../../../dockerfiles/debug /home/me/myapp\n```\n\nThese - two `docker build` commands do the exact same thing. They both use the\ncontents - of the `debug` file instead of looking for a `Dockerfile` and will use\n`/home/me/myapp` - as the root of the build context. Note that `debug` is in the\ndirectory structure - of the build context, regardless of how you refer to it on\nthe command line.\n\n> - **Note:**\n> `docker build` will return a `no such file or directory` error if the\n> - file or directory does not exist in the uploaded context. This may\n> happen if - there is no context, or if you specify a file that is\n> elsewhere on the Host system. - The context is limited to the current\n> directory (and its children) for security - reasons, and to ensure\n> repeatable builds on remote Docker hosts. This is also - the reason why\n> `ADD ../file` will not work.\n\n### Use a custom parent cgroup - (--cgroup-parent)\n\nWhen `docker build` is run with the `--cgroup-parent` option - the containers\nused in the build will be run with the [corresponding `docker run`\nflag](../run.md#specifying-custom-cgroups).\n\n### - Set ulimits in container (--ulimit)\n\nUsing the `--ulimit` option with `docker - build` will cause each build step's\ncontainer to be started using those [`--ulimit`\nflag - values](./run.md#set-ulimits-in-container-ulimit).\n\n### Set build-time variables - (--build-arg)\n\nYou can use `ENV` instructions in a Dockerfile to define variable\nvalues. - These values persist in the built image. However, often\npersistence is not what - you want. Users want to specify variables differently\ndepending on which host they - build an image on.\n\nA good example is `http_proxy` or source versions for pulling - intermediate\nfiles. The `ARG` instruction lets Dockerfile authors define values - that users\ncan set at build-time using the `--build-arg` flag:\n\n```bash\n$ docker - build --build-arg HTTP_PROXY=http://10.20.30.2:1234 --build-arg FTP_PROXY=http://40.50.60.5:4567 - .\n```\n\nThis flag allows you to pass the build-time variables that are\naccessed - like regular environment variables in the `RUN` instruction of the\nDockerfile. - Also, these values don't persist in the intermediate or final images\nlike `ENV` - values do. You must add `--build-arg` for each build argument. \n\nUsing this - flag will not alter the output you see when the `ARG` lines from the\nDockerfile - are echoed during the build process.\n\nFor detailed information on using `ARG` - and `ENV` instructions, see the\n[Dockerfile reference](../builder.md).\n\nYou may - also use the `--build-arg` flag without a value, in which case the value\nfrom the - local environment will be propagated into the Docker container being\nbuilt:\n\n```bash\n$ - export HTTP_PROXY=http://10.20.30.2:1234\n$ docker build --build-arg HTTP_PROXY - .\n```\n\nThis is similar to how `docker run -e` works. Refer to the [`docker run` - documentation](https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file)\nfor - more information.\n\n### Optional security options (--security-opt)\n\nThis flag - is only supported on a daemon running on Windows, and only supports\nthe `credentialspec` - option. The `credentialspec` must be in the format\n`file://spec.txt` or `registry://keyname`.\n\n### - Specify isolation technology for container (--isolation)\n\nThis option is useful - in situations where you are running Docker containers on\nWindows. The `--isolation=` - option sets a container's isolation\ntechnology. On Linux, the only supported is - the `default` option which uses\nLinux namespaces. On Microsoft Windows, you can - specify these values:\n\n\n| Value | Description |\n|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| - `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the - `daemon` does not specify an isolation technology, Microsoft Windows uses `process` - as its default value. |\n| `process` | Namespace isolation only. |\n| - `hyperv` | Hyper-V hypervisor partition-based isolation. |\n\nSpecifying - the `--isolation` flag without a value is the same as setting `--isolation=\"default\"`.\n\n### - Add entries to container hosts file (--add-host)\n\nYou can add other hosts into - a container's `/etc/hosts` file by using one or\nmore `--add-host` flags. This example - adds a static address for a host named\n`docker`:\n\n $ docker build --add-host=docker:10.180.0.1 - .\n\n### Specifying target build stage (--target)\n\nWhen building a Dockerfile - with multiple build stages, `--target` can be used to\nspecify an intermediate build - stage by name as a final stage for the resulting\nimage. Commands after the target - stage will be skipped.\n\n```Dockerfile\nFROM debian AS build-env\n...\n\nFROM alpine - AS production-env\n...\n```\n\n```bash\n$ docker build -t mybuildimage --target - build-env .\n```\n\n### Squash an image's layers (--squash) (experimental)\n\n#### - Overview\n\nOnce the image is built, squash the new layers into a new image with - a single\nnew layer. Squashing does not destroy any existing image, rather it creates - a new\nimage with the content of the squashed layers. This effectively makes it - look\nlike all `Dockerfile` commands were created with a single layer. The build\ncache - is preserved with this method.\n\nThe `--squash` option is an experimental feature, - and should not be considered\nstable.\n\n\nSquashing layers can be beneficial if - your Dockerfile produces multiple layers\nmodifying the same files, for example, - file that are created in one step, and\nremoved in another step. For other use-cases, - squashing images may actually have\na negative impact on performance; when pulling - an image consisting of multiple\nlayers, layers can be pulled in parallel, and allows - sharing layers between\nimages (saving space).\n\nFor most use cases, multi-stage - are a better alternative, as they give more\nfine-grained control over your build, - and can take advantage of future\noptimizations in the builder. Refer to the [use - multi-stage builds](https://docs.docker.com/engine/userguide/eng-image/multistage-build/)\nsection - in the userguide for more information.\n\n\n#### Known limitations\n\nThe `--squash` - option has a number of known limitations:\n\n- When squashing layers, the resulting - image cannot take advantage of layer\n sharing with other images, and may use significantly - more space. Sharing the\n base image is still supported.\n- When using this option - you may see significantly more space used due to\n storing two copies of the image, - one for the build cache with all the cache\n layers in tact, and one for the squashed - version.\n- While squashing layers may produce smaller images, it may have a negative\n - \ impact on performance, as a single layer takes longer to extract, and\n downloading - a single layer cannot be parallelized.\n- When attempting to squash an image that - does not make changes to the\n filesystem (for example, the Dockerfile only contains - `ENV` instructions),\n the squash step will fail (see [issue #33823](https://github.com/moby/moby/issues/33823)\n\n#### - Prerequisites\n\nThe example on this page is using experimental mode in Docker 1.13.\n\nExperimental - mode can be enabled by using the `--experimental` flag when starting the Docker - daemon or setting `experimental: true` in the `daemon.json` configuration file.\n\nBy - default, experimental mode is disabled. To see the current configuration, use the - `docker version` command.\n\n```none\nServer:\n Version: 1.13.1\n API version: - \ 1.26 (minimum version 1.12)\n Go version: go1.7.5\n Git commit: 092cba3\n - Built: Wed Feb 8 06:35:24 2017\n OS/Arch: linux/amd64\n Experimental: - false\n\n [...]\n```\n\nTo enable experimental mode, users need to restart the docker - daemon with the experimental flag enabled.\n\n#### Enable Docker experimental\n\nExperimental - features are now included in the standard Docker binaries as of version 1.13.0. - For enabling experimental features, you need to start the Docker daemon with `--experimental` - flag. You can also enable the daemon flag via /etc/docker/daemon.json. e.g.\n\n```json\n{\n - \ \"experimental\": true\n}\n```\n\nThen make sure the experimental flag is enabled:\n\n```bash\n$ - docker version -f '{{.Server.Experimental}}'\ntrue\n```\n\n#### Build an image with - `--squash` argument\n\nThe following is an example of docker build with `--squash` - argument\n\n```Dockerfile\nFROM busybox\nRUN echo hello > /hello\nRUN echo world - >> /hello\nRUN touch remove_me /remove_me\nENV HELLO world\nRUN rm /remove_me\n```\n\nAn - image named `test` is built with `--squash` argument.\n\n```bash\n$ docker build - --squash -t test .\n\n[...]\n```\n\nIf everything is right, the history will look - like this:\n\n```bash\n$ docker history test\n\nIMAGE CREATED CREATED - BY SIZE COMMENT\n4e10cb5b4cac - \ 3 seconds ago 12 B - \ merge sha256:88a7b0112a41826885df0e7072698006ee8f621c6ab99fca7fe9151d7b599702 - to sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb\n - \ 5 minutes ago /bin/sh -c rm /remove_me 0 - B\n 5 minutes ago /bin/sh -c #(nop) ENV HELLO=world 0 - B\n 5 minutes ago /bin/sh -c touch remove_me /remove_me - \ 0 B\n 5 minutes ago /bin/sh -c echo world >> - /hello 0 B\n 6 minutes ago /bin/sh -c echo - hello > /hello 0 B\n 7 weeks ago /bin/sh - -c #(nop) CMD [\"sh\"] 0 B\n 7 weeks ago /bin/sh - -c #(nop) ADD file:47ca6e777c36a4cfff 1.113 MB\n```\n\nWe could find that all - layer's name is ``, and there is a new layer with COMMENT `merge`.\n\nTest - the image, check for `/remove_me` being gone, make sure `hello\\nworld` is in `/hello`, - make sure the `HELLO` envvar's value is `world`." -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_checkpoint.yaml b/_data/engine-cli-edge/docker_checkpoint.yaml deleted file mode 100644 index 970f801688..0000000000 --- a/_data/engine-cli-edge/docker_checkpoint.yaml +++ /dev/null @@ -1,21 +0,0 @@ -command: docker checkpoint -short: Manage checkpoints -long: Manage checkpoints -usage: docker checkpoint -pname: docker -plink: docker.yaml -cname: -- docker checkpoint create -- docker checkpoint ls -- docker checkpoint rm -clink: -- docker_checkpoint_create.yaml -- docker_checkpoint_ls.yaml -- docker_checkpoint_rm.yaml -deprecated: false -min_api_version: "1.25" -experimental: true -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_checkpoint_create.yaml b/_data/engine-cli-edge/docker_checkpoint_create.yaml deleted file mode 100644 index c21eac46c2..0000000000 --- a/_data/engine-cli-edge/docker_checkpoint_create.yaml +++ /dev/null @@ -1,31 +0,0 @@ -command: docker checkpoint create -short: Create a checkpoint from a running container -long: Create a checkpoint from a running container -usage: docker checkpoint create [OPTIONS] CONTAINER CHECKPOINT -pname: docker checkpoint -plink: docker_checkpoint.yaml -options: -- option: checkpoint-dir - value_type: string - description: Use a custom checkpoint storage directory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: leave-running - value_type: bool - default_value: "false" - description: Leave the container running after checkpoint - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -min_api_version: "1.25" -experimental: true -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_checkpoint_ls.yaml b/_data/engine-cli-edge/docker_checkpoint_ls.yaml deleted file mode 100644 index 4f37970d31..0000000000 --- a/_data/engine-cli-edge/docker_checkpoint_ls.yaml +++ /dev/null @@ -1,23 +0,0 @@ -command: docker checkpoint ls -aliases: list -short: List checkpoints for a container -long: List checkpoints for a container -usage: docker checkpoint ls [OPTIONS] CONTAINER -pname: docker checkpoint -plink: docker_checkpoint.yaml -options: -- option: checkpoint-dir - value_type: string - description: Use a custom checkpoint storage directory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -min_api_version: "1.25" -experimental: true -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_checkpoint_rm.yaml b/_data/engine-cli-edge/docker_checkpoint_rm.yaml deleted file mode 100644 index 95bcadddd4..0000000000 --- a/_data/engine-cli-edge/docker_checkpoint_rm.yaml +++ /dev/null @@ -1,23 +0,0 @@ -command: docker checkpoint rm -aliases: remove -short: Remove a checkpoint -long: Remove a checkpoint -usage: docker checkpoint rm [OPTIONS] CONTAINER CHECKPOINT -pname: docker checkpoint -plink: docker_checkpoint.yaml -options: -- option: checkpoint-dir - value_type: string - description: Use a custom checkpoint storage directory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -min_api_version: "1.25" -experimental: true -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_commit.yaml b/_data/engine-cli-edge/docker_commit.yaml deleted file mode 100644 index f3f4ffc39a..0000000000 --- a/_data/engine-cli-edge/docker_commit.yaml +++ /dev/null @@ -1,133 +0,0 @@ -command: docker commit -short: Create a new image from a container's changes -long: |- - It can be useful to commit a container's file changes or settings into a new - image. This allows you to debug a container by running an interactive shell, or to - export a working dataset to another server. Generally, it is better to use - Dockerfiles to manage your images in a documented and maintainable way. - [Read more about valid image names and tags](tag.md). - - The commit operation will not include any data contained in - volumes mounted inside the container. - - By default, the container being committed and its processes will be paused - while the image is committed. This reduces the likelihood of encountering data - corruption during the process of creating the commit. If this behavior is - undesired, set the `--pause` option to false. - - The `--change` option will apply `Dockerfile` instructions to the image that is - created. Supported `Dockerfile` instructions: - `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`LABEL`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` -usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] -pname: docker -plink: docker.yaml -options: -- option: author - shorthand: a - value_type: string - description: Author (e.g., "John Hannibal Smith ") - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: change - shorthand: c - value_type: list - description: Apply Dockerfile instruction to the created image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: message - shorthand: m - value_type: string - description: Commit message - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pause - shorthand: p - value_type: bool - default_value: "true" - description: Pause container during commit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Commit a container - - ```bash - $ docker ps - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton - - $ docker commit c3f279d17e0a svendowideit/testimage:version3 - - f5283438590d - - $ docker images - - REPOSITORY TAG ID CREATED SIZE - svendowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB - ``` - - ### Commit a container with new configurations - - ```bash - $ docker ps - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton - - $ docker inspect -f "{{ .Config.Env }}" c3f279d17e0a - - [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] - - $ docker commit --change "ENV DEBUG true" c3f279d17e0a svendowideit/testimage:version3 - - f5283438590d - - $ docker inspect -f "{{ .Config.Env }}" f5283438590d - - [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true] - ``` - - ### Commit a container with new `CMD` and `EXPOSE` instructions - - ```bash - $ docker ps - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton - - $ docker commit --change='CMD ["apachectl", "-DFOREGROUND"]' -c "EXPOSE 80" c3f279d17e0a svendowideit/testimage:version4 - - f5283438590d - - $ docker run -d svendowideit/testimage:version4 - - 89373736e2e7f00bc149bd783073ac43d0507da250e999f3f1036e0db60817c0 - - $ docker ps - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 89373736e2e7 testimage:version4 "apachectl -DFOREGROU" 3 seconds ago Up 2 seconds 80/tcp distracted_fermat - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_config.yaml b/_data/engine-cli-edge/docker_config.yaml deleted file mode 100644 index 3689f3b235..0000000000 --- a/_data/engine-cli-edge/docker_config.yaml +++ /dev/null @@ -1,23 +0,0 @@ -command: docker config -short: Manage Docker configs -long: Manage Docker configs -usage: docker config -pname: docker -plink: docker.yaml -cname: -- docker config create -- docker config inspect -- docker config ls -- docker config rm -clink: -- docker_config_create.yaml -- docker_config_inspect.yaml -- docker_config_ls.yaml -- docker_config_rm.yaml -deprecated: false -min_api_version: "1.30" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_config_create.yaml b/_data/engine-cli-edge/docker_config_create.yaml deleted file mode 100644 index afb9df737f..0000000000 --- a/_data/engine-cli-edge/docker_config_create.yaml +++ /dev/null @@ -1,31 +0,0 @@ -command: docker config create -short: Create a config from a file or STDIN -long: Create a config from a file or STDIN -usage: docker config create [OPTIONS] CONFIG file|- -pname: docker config -plink: docker_config.yaml -options: -- option: label - shorthand: l - value_type: list - description: Config labels - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: template-driver - value_type: string - description: Template driver - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -min_api_version: "1.30" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_config_inspect.yaml b/_data/engine-cli-edge/docker_config_inspect.yaml deleted file mode 100644 index 015af0db13..0000000000 --- a/_data/engine-cli-edge/docker_config_inspect.yaml +++ /dev/null @@ -1,32 +0,0 @@ -command: docker config inspect -short: Display detailed information on one or more configs -long: Display detailed information on one or more configs -usage: docker config inspect [OPTIONS] CONFIG [CONFIG...] -pname: docker config -plink: docker_config.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pretty - value_type: bool - default_value: "false" - description: Print the information in a human friendly format - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -min_api_version: "1.30" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_config_ls.yaml b/_data/engine-cli-edge/docker_config_ls.yaml deleted file mode 100644 index 100f632f72..0000000000 --- a/_data/engine-cli-edge/docker_config_ls.yaml +++ /dev/null @@ -1,42 +0,0 @@ -command: docker config ls -aliases: list -short: List configs -long: List configs -usage: docker config ls [OPTIONS] -pname: docker config -plink: docker_config.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print configs using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -min_api_version: "1.30" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_config_rm.yaml b/_data/engine-cli-edge/docker_config_rm.yaml deleted file mode 100644 index 991ecfc9ec..0000000000 --- a/_data/engine-cli-edge/docker_config_rm.yaml +++ /dev/null @@ -1,14 +0,0 @@ -command: docker config rm -aliases: remove -short: Remove one or more configs -long: Remove one or more configs -usage: docker config rm CONFIG [CONFIG...] -pname: docker config -plink: docker_config.yaml -deprecated: false -min_api_version: "1.30" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_container.yaml b/_data/engine-cli-edge/docker_container.yaml deleted file mode 100644 index 3c501b4487..0000000000 --- a/_data/engine-cli-edge/docker_container.yaml +++ /dev/null @@ -1,64 +0,0 @@ -command: docker container -short: Manage containers -long: Manage containers. -usage: docker container -pname: docker -plink: docker.yaml -cname: -- docker container attach -- docker container commit -- docker container cp -- docker container create -- docker container diff -- docker container exec -- docker container export -- docker container inspect -- docker container kill -- docker container logs -- docker container ls -- docker container pause -- docker container port -- docker container prune -- docker container rename -- docker container restart -- docker container rm -- docker container run -- docker container start -- docker container stats -- docker container stop -- docker container top -- docker container unpause -- docker container update -- docker container wait -clink: -- docker_container_attach.yaml -- docker_container_commit.yaml -- docker_container_cp.yaml -- docker_container_create.yaml -- docker_container_diff.yaml -- docker_container_exec.yaml -- docker_container_export.yaml -- docker_container_inspect.yaml -- docker_container_kill.yaml -- docker_container_logs.yaml -- docker_container_ls.yaml -- docker_container_pause.yaml -- docker_container_port.yaml -- docker_container_prune.yaml -- docker_container_rename.yaml -- docker_container_restart.yaml -- docker_container_rm.yaml -- docker_container_run.yaml -- docker_container_start.yaml -- docker_container_stats.yaml -- docker_container_stop.yaml -- docker_container_top.yaml -- docker_container_unpause.yaml -- docker_container_update.yaml -- docker_container_wait.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_attach.yaml b/_data/engine-cli-edge/docker_container_attach.yaml deleted file mode 100644 index 95b4d3ede8..0000000000 --- a/_data/engine-cli-edge/docker_container_attach.yaml +++ /dev/null @@ -1,39 +0,0 @@ -command: docker container attach -short: Attach local standard input, output, and error streams to a running container -long: Attach local standard input, output, and error streams to a running container -usage: docker container attach [OPTIONS] CONTAINER -pname: docker container -plink: docker_container.yaml -options: -- option: detach-keys - value_type: string - description: Override the key sequence for detaching a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-stdin - value_type: bool - default_value: "false" - description: Do not attach STDIN - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: sig-proxy - value_type: bool - default_value: "true" - description: Proxy all received signals to the process - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_commit.yaml b/_data/engine-cli-edge/docker_container_commit.yaml deleted file mode 100644 index 8524a53a5b..0000000000 --- a/_data/engine-cli-edge/docker_container_commit.yaml +++ /dev/null @@ -1,50 +0,0 @@ -command: docker container commit -short: Create a new image from a container's changes -long: Create a new image from a container's changes -usage: docker container commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] -pname: docker container -plink: docker_container.yaml -options: -- option: author - shorthand: a - value_type: string - description: Author (e.g., "John Hannibal Smith ") - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: change - shorthand: c - value_type: list - description: Apply Dockerfile instruction to the created image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: message - shorthand: m - value_type: string - description: Commit message - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pause - shorthand: p - value_type: bool - default_value: "true" - description: Pause container during commit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_cp.yaml b/_data/engine-cli-edge/docker_container_cp.yaml deleted file mode 100644 index e308f4068a..0000000000 --- a/_data/engine-cli-edge/docker_container_cp.yaml +++ /dev/null @@ -1,40 +0,0 @@ -command: docker container cp -short: Copy files/folders between a container and the local filesystem -long: |- - Copy files/folders between a container and the local filesystem - - Use '-' as the source to read a tar archive from stdin - and extract it to a directory destination in a container. - Use '-' as the destination to stream a tar archive of a - container source to stdout. -usage: "docker container cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-\n\tdocker cp - [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH" -pname: docker container -plink: docker_container.yaml -options: -- option: archive - shorthand: a - value_type: bool - default_value: "false" - description: Archive mode (copy all uid/gid information) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: follow-link - shorthand: L - value_type: bool - default_value: "false" - description: Always follow symbol link in SRC_PATH - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_create.yaml b/_data/engine-cli-edge/docker_container_create.yaml deleted file mode 100644 index e3f2a6790a..0000000000 --- a/_data/engine-cli-edge/docker_container_create.yaml +++ /dev/null @@ -1,852 +0,0 @@ -command: docker container create -short: Create a new container -long: Create a new container -usage: docker container create [OPTIONS] IMAGE [COMMAND] [ARG...] -pname: docker container -plink: docker_container.yaml -options: -- option: add-host - value_type: list - description: Add a custom host-to-IP mapping (host:ip) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: attach - shorthand: a - value_type: list - description: Attach to STDIN, STDOUT or STDERR - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: blkio-weight - value_type: uint16 - default_value: "0" - description: | - Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: blkio-weight-device - value_type: list - default_value: '[]' - description: Block IO weight (relative device weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cap-add - value_type: list - description: Add Linux capabilities - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cap-drop - value_type: list - description: Drop Linux capabilities - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cgroup-parent - value_type: string - description: Optional parent cgroup for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cidfile - value_type: string - description: Write the container ID to the file - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-count - value_type: int64 - default_value: "0" - description: CPU count (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-percent - value_type: int64 - default_value: "0" - description: CPU percent (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-period - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) period - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-quota - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) quota - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-period - value_type: int64 - default_value: "0" - description: Limit CPU real-time period in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-runtime - value_type: int64 - default_value: "0" - description: Limit CPU real-time runtime in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-shares - shorthand: c - value_type: int64 - default_value: "0" - description: CPU shares (relative weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpus - value_type: decimal - description: Number of CPUs - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-cpus - value_type: string - description: CPUs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-mems - value_type: string - description: MEMs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device - value_type: list - description: Add a host device to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-cgroup-rule - value_type: list - description: Add a rule to the cgroup allowed devices list - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-read-bps - value_type: list - default_value: '[]' - description: Limit read rate (bytes per second) from a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-read-iops - value_type: list - default_value: '[]' - description: Limit read rate (IO per second) from a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-write-bps - value_type: list - default_value: '[]' - description: Limit write rate (bytes per second) to a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-write-iops - value_type: list - default_value: '[]' - description: Limit write rate (IO per second) to a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image verification - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns - value_type: list - description: Set custom DNS servers - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-opt - value_type: list - description: Set DNS options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-option - value_type: list - description: Set DNS options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-search - value_type: list - description: Set custom DNS search domains - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: entrypoint - value_type: string - description: Overwrite the default ENTRYPOINT of the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env - shorthand: e - value_type: list - description: Set environment variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env-file - value_type: list - description: Read in a file of environment variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: expose - value_type: list - description: Expose a port or a range of ports - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: group-add - value_type: list - description: Add additional groups to join - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-cmd - value_type: string - description: Command to run to check health - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-interval - value_type: duration - default_value: 0s - description: Time between running the check (ms|s|m|h) (default 0s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-retries - value_type: int - default_value: "0" - description: Consecutive failures needed to report unhealthy - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-start-period - value_type: duration - default_value: 0s - description: | - Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-timeout - value_type: duration - default_value: 0s - description: | - Maximum time to allow one check to run (ms|s|m|h) (default 0s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: help - value_type: bool - default_value: "false" - description: Print usage - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: hostname - shorthand: h - value_type: string - description: Container host name - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: init - value_type: bool - default_value: "false" - description: | - Run an init inside the container that forwards signals and reaps processes - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: interactive - shorthand: i - value_type: bool - default_value: "false" - description: Keep STDIN open even if not attached - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: io-maxbandwidth - value_type: bytes - default_value: "0" - description: | - Maximum IO bandwidth limit for the system drive (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: io-maxiops - value_type: uint64 - default_value: "0" - description: Maximum IOps limit for the system drive (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ip - value_type: string - description: IPv4 address (e.g., 172.30.100.104) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ip6 - value_type: string - description: IPv6 address (e.g., 2001:db8::33) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ipc - value_type: string - description: IPC mode to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: isolation - value_type: string - description: Container isolation technology - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: kernel-memory - value_type: bytes - default_value: "0" - description: Kernel memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label - shorthand: l - value_type: list - description: Set meta data on a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label-file - value_type: list - description: Read in a line delimited file of labels - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link - value_type: list - description: Add link to another container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link-local-ip - value_type: list - description: Container IPv4/IPv6 link-local addresses - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-driver - value_type: string - description: Logging driver for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-opt - value_type: list - description: Log driver options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mac-address - value_type: string - description: Container MAC address (e.g., 92:d0:c6:0a:29:33) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory - shorthand: m - value_type: bytes - default_value: "0" - description: Memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-reservation - value_type: bytes - default_value: "0" - description: Memory soft limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swap - value_type: bytes - default_value: "0" - description: | - Swap limit equal to memory plus swap: '-1' to enable unlimited swap - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swappiness - value_type: int64 - default_value: "-1" - description: Tune container memory swappiness (0 to 100) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mount - value_type: mount - description: Attach a filesystem mount to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: name - value_type: string - description: Assign a name to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: net - value_type: string - default_value: default - description: Connect a container to a network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: net-alias - value_type: list - description: Add network-scoped alias for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network - value_type: string - default_value: default - description: Connect a container to a network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network-alias - value_type: list - description: Add network-scoped alias for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-healthcheck - value_type: bool - default_value: "false" - description: Disable any container-specified HEALTHCHECK - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: oom-kill-disable - value_type: bool - default_value: "false" - description: Disable OOM Killer - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: oom-score-adj - value_type: int - default_value: "0" - description: Tune host's OOM preferences (-1000 to 1000) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pid - value_type: string - description: PID namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pids-limit - value_type: int64 - default_value: "0" - description: Tune container pids limit (set -1 for unlimited) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: platform - value_type: string - description: Set platform if server is multi-platform capable - deprecated: false - min_api_version: "1.32" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: privileged - value_type: bool - default_value: "false" - description: Give extended privileges to this container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: publish - shorthand: p - value_type: list - description: Publish a container's port(s) to the host - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: publish-all - shorthand: P - value_type: bool - default_value: "false" - description: Publish all exposed ports to random ports - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: read-only - value_type: bool - default_value: "false" - description: Mount the container's root filesystem as read only - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart - value_type: string - default_value: "no" - description: Restart policy to apply when a container exits - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rm - value_type: bool - default_value: "false" - description: Automatically remove the container when it exits - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: runtime - value_type: string - description: Runtime to use for this container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: security-opt - value_type: list - description: Security Options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: shm-size - value_type: bytes - default_value: "0" - description: Size of /dev/shm - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-signal - value_type: string - default_value: SIGTERM - description: Signal to stop a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-timeout - value_type: int - default_value: "0" - description: Timeout (in seconds) to stop a container - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: storage-opt - value_type: list - description: Storage driver options for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: sysctl - value_type: map - default_value: map[] - description: Sysctl options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tmpfs - value_type: list - description: Mount a tmpfs directory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tty - shorthand: t - value_type: bool - default_value: "false" - description: Allocate a pseudo-TTY - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ulimit - value_type: ulimit - default_value: '[]' - description: Ulimit options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: user - shorthand: u - value_type: string - description: 'Username or UID (format: [:])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: userns - value_type: string - description: User namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: uts - value_type: string - description: UTS namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volume - shorthand: v - value_type: list - description: Bind mount a volume - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volume-driver - value_type: string - description: Optional volume driver for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volumes-from - value_type: list - description: Mount volumes from the specified container(s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: workdir - shorthand: w - value_type: string - description: Working directory inside the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_diff.yaml b/_data/engine-cli-edge/docker_container_diff.yaml deleted file mode 100644 index 48c1ccf5d3..0000000000 --- a/_data/engine-cli-edge/docker_container_diff.yaml +++ /dev/null @@ -1,12 +0,0 @@ -command: docker container diff -short: Inspect changes to files or directories on a container's filesystem -long: Inspect changes to files or directories on a container's filesystem -usage: docker container diff CONTAINER -pname: docker container -plink: docker_container.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_exec.yaml b/_data/engine-cli-edge/docker_container_exec.yaml deleted file mode 100644 index 7f6a1a5ea0..0000000000 --- a/_data/engine-cli-edge/docker_container_exec.yaml +++ /dev/null @@ -1,89 +0,0 @@ -command: docker container exec -short: Run a command in a running container -long: Run a command in a running container -usage: docker container exec [OPTIONS] CONTAINER COMMAND [ARG...] -pname: docker container -plink: docker_container.yaml -options: -- option: detach - shorthand: d - value_type: bool - default_value: "false" - description: 'Detached mode: run command in the background' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: detach-keys - value_type: string - description: Override the key sequence for detaching a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env - shorthand: e - value_type: list - description: Set environment variables - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: interactive - shorthand: i - value_type: bool - default_value: "false" - description: Keep STDIN open even if not attached - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: privileged - value_type: bool - default_value: "false" - description: Give extended privileges to the command - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tty - shorthand: t - value_type: bool - default_value: "false" - description: Allocate a pseudo-TTY - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: user - shorthand: u - value_type: string - description: 'Username or UID (format: [:])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: workdir - shorthand: w - value_type: string - description: Working directory inside the container - deprecated: false - min_api_version: "1.35" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_export.yaml b/_data/engine-cli-edge/docker_container_export.yaml deleted file mode 100644 index e45c77d971..0000000000 --- a/_data/engine-cli-edge/docker_container_export.yaml +++ /dev/null @@ -1,22 +0,0 @@ -command: docker container export -short: Export a container's filesystem as a tar archive -long: Export a container's filesystem as a tar archive -usage: docker container export [OPTIONS] CONTAINER -pname: docker container -plink: docker_container.yaml -options: -- option: output - shorthand: o - value_type: string - description: Write to a file, instead of STDOUT - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_inspect.yaml b/_data/engine-cli-edge/docker_container_inspect.yaml deleted file mode 100644 index c27e4a4506..0000000000 --- a/_data/engine-cli-edge/docker_container_inspect.yaml +++ /dev/null @@ -1,32 +0,0 @@ -command: docker container inspect -short: Display detailed information on one or more containers -long: Display detailed information on one or more containers -usage: docker container inspect [OPTIONS] CONTAINER [CONTAINER...] -pname: docker container -plink: docker_container.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: size - shorthand: s - value_type: bool - default_value: "false" - description: Display total file sizes - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_kill.yaml b/_data/engine-cli-edge/docker_container_kill.yaml deleted file mode 100644 index 44c184add6..0000000000 --- a/_data/engine-cli-edge/docker_container_kill.yaml +++ /dev/null @@ -1,23 +0,0 @@ -command: docker container kill -short: Kill one or more running containers -long: Kill one or more running containers -usage: docker container kill [OPTIONS] CONTAINER [CONTAINER...] -pname: docker container -plink: docker_container.yaml -options: -- option: signal - shorthand: s - value_type: string - default_value: KILL - description: Signal to send to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_logs.yaml b/_data/engine-cli-edge/docker_container_logs.yaml deleted file mode 100644 index 4bfb043e3a..0000000000 --- a/_data/engine-cli-edge/docker_container_logs.yaml +++ /dev/null @@ -1,70 +0,0 @@ -command: docker container logs -short: Fetch the logs of a container -long: Fetch the logs of a container -usage: docker container logs [OPTIONS] CONTAINER -pname: docker container -plink: docker_container.yaml -options: -- option: details - value_type: bool - default_value: "false" - description: Show extra details provided to logs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: follow - shorthand: f - value_type: bool - default_value: "false" - description: Follow log output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: since - value_type: string - description: | - Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tail - value_type: string - default_value: all - description: Number of lines to show from the end of the logs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: timestamps - shorthand: t - value_type: bool - default_value: "false" - description: Show timestamps - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: until - value_type: string - description: | - Show logs before a timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes) - deprecated: false - min_api_version: "1.35" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_ls.yaml b/_data/engine-cli-edge/docker_container_ls.yaml deleted file mode 100644 index 59f445b59a..0000000000 --- a/_data/engine-cli-edge/docker_container_ls.yaml +++ /dev/null @@ -1,90 +0,0 @@ -command: docker container ls -aliases: ps, list -short: List containers -long: List containers -usage: docker container ls [OPTIONS] -pname: docker container -plink: docker_container.yaml -options: -- option: all - shorthand: a - value_type: bool - default_value: "false" - description: Show all containers (default shows just running) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print containers using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: last - shorthand: "n" - value_type: int - default_value: "-1" - description: Show n last created containers (includes all states) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: latest - shorthand: l - value_type: bool - default_value: "false" - description: Show the latest created container (includes all states) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Don't truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display numeric IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: size - shorthand: s - value_type: bool - default_value: "false" - description: Display total file sizes - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_pause.yaml b/_data/engine-cli-edge/docker_container_pause.yaml deleted file mode 100644 index dd28f672aa..0000000000 --- a/_data/engine-cli-edge/docker_container_pause.yaml +++ /dev/null @@ -1,12 +0,0 @@ -command: docker container pause -short: Pause all processes within one or more containers -long: Pause all processes within one or more containers -usage: docker container pause CONTAINER [CONTAINER...] -pname: docker container -plink: docker_container.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_port.yaml b/_data/engine-cli-edge/docker_container_port.yaml deleted file mode 100644 index e211a449a3..0000000000 --- a/_data/engine-cli-edge/docker_container_port.yaml +++ /dev/null @@ -1,12 +0,0 @@ -command: docker container port -short: List port mappings or a specific mapping for the container -long: List port mappings or a specific mapping for the container -usage: docker container port CONTAINER [PRIVATE_PORT[/PROTO]] -pname: docker container -plink: docker_container.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_prune.yaml b/_data/engine-cli-edge/docker_container_prune.yaml deleted file mode 100644 index b26f0e296e..0000000000 --- a/_data/engine-cli-edge/docker_container_prune.yaml +++ /dev/null @@ -1,116 +0,0 @@ -command: docker container prune -short: Remove all stopped containers -long: Removes all stopped containers. -usage: docker container prune [OPTIONS] -pname: docker container -plink: docker_container.yaml -options: -- option: filter - value_type: filter - description: Provide filter values (e.g. 'until=') - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Do not prompt for confirmation - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Prune containers - - ```bash - $ docker container prune - WARNING! This will remove all stopped containers. - Are you sure you want to continue? [y/N] y - Deleted Containers: - 4a7f7eebae0f63178aff7eb0aa39cd3f0627a203ab2df258c1a00b456cf20063 - f98f9c2aa1eaf727e4ec9c0283bc7d4aa4762fbdba7f26191f26c97f64090360 - - Total reclaimed space: 212 B - ``` - - ### Filtering - - The filtering flag (`--filter`) format is of "key=value". If there is more - than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - - The currently supported filters are: - - * until (``) - only remove containers created before given timestamp - * label (`label=`, `label==`, `label!=`, or `label!==`) - only remove containers with (or without, in case `label!=...` is used) the specified labels. - - The `until` filter can be Unix timestamps, date formatted - timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed - relative to the daemon machine’s time. Supported formats for date - formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, - `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local - timezone on the daemon will be used if you do not provide either a `Z` or a - `+-00:00` timezone offset at the end of the timestamp. When providing Unix - timestamps enter seconds[.nanoseconds], where seconds is the number of seconds - that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap - seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a - fraction of a second no more than nine digits long. - - The `label` filter accepts two formats. One is the `label=...` (`label=` or `label==`), - which removes containers with the specified labels. The other - format is the `label!=...` (`label!=` or `label!==`), which removes - containers without the specified labels. - - The following removes containers created more than 5 minutes ago: - - ```bash - $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' - - CONTAINER ID IMAGE COMMAND CREATED AT STATUS - 61b9efa71024 busybox "sh" 2017-01-04 13:23:33 -0800 PST Exited (0) 41 seconds ago - 53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 12 minutes ago - - $ docker container prune --force --filter "until=5m" - - Deleted Containers: - 53a9bc23a5168b6caa2bfbefddf1b30f93c7ad57f3dec271fd32707497cb9369 - - Total reclaimed space: 25 B - - $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' - - CONTAINER ID IMAGE COMMAND CREATED AT STATUS - 61b9efa71024 busybox "sh" 2017-01-04 13:23:33 -0800 PST Exited (0) 44 seconds ago - ``` - - The following removes containers created before `2017-01-04T13:10:00`: - - ```bash - $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' - - CONTAINER ID IMAGE COMMAND CREATED AT STATUS - 53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 7 minutes ago - 4a75091a6d61 busybox "sh" 2017-01-04 13:09:53 -0800 PST Exited (0) 9 minutes ago - - $ docker container prune --force --filter "until=2017-01-04T13:10:00" - - Deleted Containers: - 4a75091a6d618526fcd8b33ccd6e5928ca2a64415466f768a6180004b0c72c6c - - Total reclaimed space: 27 B - - $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' - - CONTAINER ID IMAGE COMMAND CREATED AT STATUS - 53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 9 minutes ago - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_rename.yaml b/_data/engine-cli-edge/docker_container_rename.yaml deleted file mode 100644 index 088cfe0119..0000000000 --- a/_data/engine-cli-edge/docker_container_rename.yaml +++ /dev/null @@ -1,12 +0,0 @@ -command: docker container rename -short: Rename a container -long: Rename a container -usage: docker container rename CONTAINER NEW_NAME -pname: docker container -plink: docker_container.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_restart.yaml b/_data/engine-cli-edge/docker_container_restart.yaml deleted file mode 100644 index 74d8bbac86..0000000000 --- a/_data/engine-cli-edge/docker_container_restart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -command: docker container restart -short: Restart one or more containers -long: Restart one or more containers -usage: docker container restart [OPTIONS] CONTAINER [CONTAINER...] -pname: docker container -plink: docker_container.yaml -options: -- option: time - shorthand: t - value_type: int - default_value: "10" - description: Seconds to wait for stop before killing the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_rm.yaml b/_data/engine-cli-edge/docker_container_rm.yaml deleted file mode 100644 index 0dbfa786f0..0000000000 --- a/_data/engine-cli-edge/docker_container_rm.yaml +++ /dev/null @@ -1,43 +0,0 @@ -command: docker container rm -short: Remove one or more containers -long: Remove one or more containers -usage: docker container rm [OPTIONS] CONTAINER [CONTAINER...] -pname: docker container -plink: docker_container.yaml -options: -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Force the removal of a running container (uses SIGKILL) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link - shorthand: l - value_type: bool - default_value: "false" - description: Remove the specified link - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volumes - shorthand: v - value_type: bool - default_value: "false" - description: Remove the volumes associated with the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_run.yaml b/_data/engine-cli-edge/docker_container_run.yaml deleted file mode 100644 index 37c5e48681..0000000000 --- a/_data/engine-cli-edge/docker_container_run.yaml +++ /dev/null @@ -1,879 +0,0 @@ -command: docker container run -short: Run a command in a new container -long: Run a command in a new container -usage: docker container run [OPTIONS] IMAGE [COMMAND] [ARG...] -pname: docker container -plink: docker_container.yaml -options: -- option: add-host - value_type: list - description: Add a custom host-to-IP mapping (host:ip) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: attach - shorthand: a - value_type: list - description: Attach to STDIN, STDOUT or STDERR - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: blkio-weight - value_type: uint16 - default_value: "0" - description: | - Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: blkio-weight-device - value_type: list - default_value: '[]' - description: Block IO weight (relative device weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cap-add - value_type: list - description: Add Linux capabilities - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cap-drop - value_type: list - description: Drop Linux capabilities - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cgroup-parent - value_type: string - description: Optional parent cgroup for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cidfile - value_type: string - description: Write the container ID to the file - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-count - value_type: int64 - default_value: "0" - description: CPU count (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-percent - value_type: int64 - default_value: "0" - description: CPU percent (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-period - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) period - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-quota - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) quota - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-period - value_type: int64 - default_value: "0" - description: Limit CPU real-time period in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-runtime - value_type: int64 - default_value: "0" - description: Limit CPU real-time runtime in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-shares - shorthand: c - value_type: int64 - default_value: "0" - description: CPU shares (relative weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpus - value_type: decimal - description: Number of CPUs - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-cpus - value_type: string - description: CPUs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-mems - value_type: string - description: MEMs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: detach - shorthand: d - value_type: bool - default_value: "false" - description: Run container in background and print container ID - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: detach-keys - value_type: string - description: Override the key sequence for detaching a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device - value_type: list - description: Add a host device to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-cgroup-rule - value_type: list - description: Add a rule to the cgroup allowed devices list - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-read-bps - value_type: list - default_value: '[]' - description: Limit read rate (bytes per second) from a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-read-iops - value_type: list - default_value: '[]' - description: Limit read rate (IO per second) from a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-write-bps - value_type: list - default_value: '[]' - description: Limit write rate (bytes per second) to a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-write-iops - value_type: list - default_value: '[]' - description: Limit write rate (IO per second) to a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image verification - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns - value_type: list - description: Set custom DNS servers - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-opt - value_type: list - description: Set DNS options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-option - value_type: list - description: Set DNS options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-search - value_type: list - description: Set custom DNS search domains - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: entrypoint - value_type: string - description: Overwrite the default ENTRYPOINT of the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env - shorthand: e - value_type: list - description: Set environment variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env-file - value_type: list - description: Read in a file of environment variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: expose - value_type: list - description: Expose a port or a range of ports - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: group-add - value_type: list - description: Add additional groups to join - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-cmd - value_type: string - description: Command to run to check health - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-interval - value_type: duration - default_value: 0s - description: Time between running the check (ms|s|m|h) (default 0s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-retries - value_type: int - default_value: "0" - description: Consecutive failures needed to report unhealthy - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-start-period - value_type: duration - default_value: 0s - description: | - Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-timeout - value_type: duration - default_value: 0s - description: | - Maximum time to allow one check to run (ms|s|m|h) (default 0s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: help - value_type: bool - default_value: "false" - description: Print usage - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: hostname - shorthand: h - value_type: string - description: Container host name - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: init - value_type: bool - default_value: "false" - description: | - Run an init inside the container that forwards signals and reaps processes - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: interactive - shorthand: i - value_type: bool - default_value: "false" - description: Keep STDIN open even if not attached - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: io-maxbandwidth - value_type: bytes - default_value: "0" - description: | - Maximum IO bandwidth limit for the system drive (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: io-maxiops - value_type: uint64 - default_value: "0" - description: Maximum IOps limit for the system drive (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ip - value_type: string - description: IPv4 address (e.g., 172.30.100.104) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ip6 - value_type: string - description: IPv6 address (e.g., 2001:db8::33) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ipc - value_type: string - description: IPC mode to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: isolation - value_type: string - description: Container isolation technology - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: kernel-memory - value_type: bytes - default_value: "0" - description: Kernel memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label - shorthand: l - value_type: list - description: Set meta data on a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label-file - value_type: list - description: Read in a line delimited file of labels - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link - value_type: list - description: Add link to another container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link-local-ip - value_type: list - description: Container IPv4/IPv6 link-local addresses - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-driver - value_type: string - description: Logging driver for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-opt - value_type: list - description: Log driver options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mac-address - value_type: string - description: Container MAC address (e.g., 92:d0:c6:0a:29:33) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory - shorthand: m - value_type: bytes - default_value: "0" - description: Memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-reservation - value_type: bytes - default_value: "0" - description: Memory soft limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swap - value_type: bytes - default_value: "0" - description: | - Swap limit equal to memory plus swap: '-1' to enable unlimited swap - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swappiness - value_type: int64 - default_value: "-1" - description: Tune container memory swappiness (0 to 100) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mount - value_type: mount - description: Attach a filesystem mount to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: name - value_type: string - description: Assign a name to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: net - value_type: string - default_value: default - description: Connect a container to a network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: net-alias - value_type: list - description: Add network-scoped alias for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network - value_type: string - default_value: default - description: Connect a container to a network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network-alias - value_type: list - description: Add network-scoped alias for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-healthcheck - value_type: bool - default_value: "false" - description: Disable any container-specified HEALTHCHECK - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: oom-kill-disable - value_type: bool - default_value: "false" - description: Disable OOM Killer - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: oom-score-adj - value_type: int - default_value: "0" - description: Tune host's OOM preferences (-1000 to 1000) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pid - value_type: string - description: PID namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pids-limit - value_type: int64 - default_value: "0" - description: Tune container pids limit (set -1 for unlimited) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: platform - value_type: string - description: Set platform if server is multi-platform capable - deprecated: false - min_api_version: "1.32" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: privileged - value_type: bool - default_value: "false" - description: Give extended privileges to this container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: publish - shorthand: p - value_type: list - description: Publish a container's port(s) to the host - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: publish-all - shorthand: P - value_type: bool - default_value: "false" - description: Publish all exposed ports to random ports - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: read-only - value_type: bool - default_value: "false" - description: Mount the container's root filesystem as read only - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart - value_type: string - default_value: "no" - description: Restart policy to apply when a container exits - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rm - value_type: bool - default_value: "false" - description: Automatically remove the container when it exits - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: runtime - value_type: string - description: Runtime to use for this container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: security-opt - value_type: list - description: Security Options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: shm-size - value_type: bytes - default_value: "0" - description: Size of /dev/shm - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: sig-proxy - value_type: bool - default_value: "true" - description: Proxy received signals to the process - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-signal - value_type: string - default_value: SIGTERM - description: Signal to stop a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-timeout - value_type: int - default_value: "0" - description: Timeout (in seconds) to stop a container - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: storage-opt - value_type: list - description: Storage driver options for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: sysctl - value_type: map - default_value: map[] - description: Sysctl options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tmpfs - value_type: list - description: Mount a tmpfs directory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tty - shorthand: t - value_type: bool - default_value: "false" - description: Allocate a pseudo-TTY - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ulimit - value_type: ulimit - default_value: '[]' - description: Ulimit options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: user - shorthand: u - value_type: string - description: 'Username or UID (format: [:])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: userns - value_type: string - description: User namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: uts - value_type: string - description: UTS namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volume - shorthand: v - value_type: list - description: Bind mount a volume - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volume-driver - value_type: string - description: Optional volume driver for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volumes-from - value_type: list - description: Mount volumes from the specified container(s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: workdir - shorthand: w - value_type: string - description: Working directory inside the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_start.yaml b/_data/engine-cli-edge/docker_container_start.yaml deleted file mode 100644 index a14deea297..0000000000 --- a/_data/engine-cli-edge/docker_container_start.yaml +++ /dev/null @@ -1,57 +0,0 @@ -command: docker container start -short: Start one or more stopped containers -long: Start one or more stopped containers -usage: docker container start [OPTIONS] CONTAINER [CONTAINER...] -pname: docker container -plink: docker_container.yaml -options: -- option: attach - shorthand: a - value_type: bool - default_value: "false" - description: Attach STDOUT/STDERR and forward signals - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: checkpoint - value_type: string - description: Restore from this checkpoint - deprecated: false - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: checkpoint-dir - value_type: string - description: Use a custom checkpoint storage directory - deprecated: false - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: detach-keys - value_type: string - description: Override the key sequence for detaching a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: interactive - shorthand: i - value_type: bool - default_value: "false" - description: Attach container's STDIN - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_stats.yaml b/_data/engine-cli-edge/docker_container_stats.yaml deleted file mode 100644 index d8f081e8b5..0000000000 --- a/_data/engine-cli-edge/docker_container_stats.yaml +++ /dev/null @@ -1,49 +0,0 @@ -command: docker container stats -short: Display a live stream of container(s) resource usage statistics -long: Display a live stream of container(s) resource usage statistics -usage: docker container stats [OPTIONS] [CONTAINER...] -pname: docker container -plink: docker_container.yaml -options: -- option: all - shorthand: a - value_type: bool - default_value: "false" - description: Show all containers (default shows just running) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print images using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-stream - value_type: bool - default_value: "false" - description: Disable streaming stats and only pull the first result - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Do not truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_stop.yaml b/_data/engine-cli-edge/docker_container_stop.yaml deleted file mode 100644 index 80fa23dc99..0000000000 --- a/_data/engine-cli-edge/docker_container_stop.yaml +++ /dev/null @@ -1,23 +0,0 @@ -command: docker container stop -short: Stop one or more running containers -long: Stop one or more running containers -usage: docker container stop [OPTIONS] CONTAINER [CONTAINER...] -pname: docker container -plink: docker_container.yaml -options: -- option: time - shorthand: t - value_type: int - default_value: "10" - description: Seconds to wait for stop before killing it - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_top.yaml b/_data/engine-cli-edge/docker_container_top.yaml deleted file mode 100644 index c35656326d..0000000000 --- a/_data/engine-cli-edge/docker_container_top.yaml +++ /dev/null @@ -1,12 +0,0 @@ -command: docker container top -short: Display the running processes of a container -long: Display the running processes of a container -usage: docker container top CONTAINER [ps OPTIONS] -pname: docker container -plink: docker_container.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_unpause.yaml b/_data/engine-cli-edge/docker_container_unpause.yaml deleted file mode 100644 index fcd8612ee6..0000000000 --- a/_data/engine-cli-edge/docker_container_unpause.yaml +++ /dev/null @@ -1,12 +0,0 @@ -command: docker container unpause -short: Unpause all processes within one or more containers -long: Unpause all processes within one or more containers -usage: docker container unpause CONTAINER [CONTAINER...] -pname: docker container -plink: docker_container.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_update.yaml b/_data/engine-cli-edge/docker_container_update.yaml deleted file mode 100644 index cb09c7a05f..0000000000 --- a/_data/engine-cli-edge/docker_container_update.yaml +++ /dev/null @@ -1,142 +0,0 @@ -command: docker container update -short: Update configuration of one or more containers -long: Update configuration of one or more containers -usage: docker container update [OPTIONS] CONTAINER [CONTAINER...] -pname: docker container -plink: docker_container.yaml -options: -- option: blkio-weight - value_type: uint16 - default_value: "0" - description: | - Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-period - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) period - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-quota - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) quota - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-period - value_type: int64 - default_value: "0" - description: Limit the CPU real-time period in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-runtime - value_type: int64 - default_value: "0" - description: Limit the CPU real-time runtime in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-shares - shorthand: c - value_type: int64 - default_value: "0" - description: CPU shares (relative weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpus - value_type: decimal - description: Number of CPUs - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-cpus - value_type: string - description: CPUs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-mems - value_type: string - description: MEMs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: kernel-memory - value_type: bytes - default_value: "0" - description: Kernel memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory - shorthand: m - value_type: bytes - default_value: "0" - description: Memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-reservation - value_type: bytes - default_value: "0" - description: Memory soft limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swap - value_type: bytes - default_value: "0" - description: | - Swap limit equal to memory plus swap: '-1' to enable unlimited swap - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart - value_type: string - description: Restart policy to apply when a container exits - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_container_wait.yaml b/_data/engine-cli-edge/docker_container_wait.yaml deleted file mode 100644 index 9edf8772ba..0000000000 --- a/_data/engine-cli-edge/docker_container_wait.yaml +++ /dev/null @@ -1,12 +0,0 @@ -command: docker container wait -short: Block until one or more containers stop, then print their exit codes -long: Block until one or more containers stop, then print their exit codes -usage: docker container wait CONTAINER [CONTAINER...] -pname: docker container -plink: docker_container.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_cp.yaml b/_data/engine-cli-edge/docker_cp.yaml deleted file mode 100644 index 01bdd2205f..0000000000 --- a/_data/engine-cli-edge/docker_cp.yaml +++ /dev/null @@ -1,116 +0,0 @@ -command: docker cp -short: Copy files/folders between a container and the local filesystem -long: |- - The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`. - You can copy from the container's file system to the local machine or the - reverse, from the local filesystem to the container. If `-` is specified for - either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from - `STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container. - The `SRC_PATH` or `DEST_PATH` can be a file or directory. - - The `docker cp` command assumes container paths are relative to the container's - `/` (root) directory. This means supplying the initial forward slash is optional; - The command sees `compassionate_darwin:/tmp/foo/myfile.txt` and - `compassionate_darwin:tmp/foo/myfile.txt` as identical. Local machine paths can - be an absolute or relative value. The command interprets a local machine's - relative paths as relative to the current working directory where `docker cp` is - run. - - The `cp` command behaves like the Unix `cp -a` command in that directories are - copied recursively with permissions preserved if possible. Ownership is set to - the user and primary group at the destination. For example, files copied to a - container are created with `UID:GID` of the root user. Files copied to the local - machine are created with the `UID:GID` of the user which invoked the `docker cp` - command. However, if you specify the `-a` option, `docker cp` sets the ownership - to the user and primary group at the source. - If you specify the `-L` option, `docker cp` follows any symbolic link - in the `SRC_PATH`. `docker cp` does *not* create parent directories for - `DEST_PATH` if they do not exist. - - Assuming a path separator of `/`, a first argument of `SRC_PATH` and second - argument of `DEST_PATH`, the behavior is as follows: - - - `SRC_PATH` specifies a file - - `DEST_PATH` does not exist - - the file is saved to a file created at `DEST_PATH` - - `DEST_PATH` does not exist and ends with `/` - - Error condition: the destination directory must exist. - - `DEST_PATH` exists and is a file - - the destination is overwritten with the source file's contents - - `DEST_PATH` exists and is a directory - - the file is copied into this directory using the basename from - `SRC_PATH` - - `SRC_PATH` specifies a directory - - `DEST_PATH` does not exist - - `DEST_PATH` is created as a directory and the *contents* of the source - directory are copied into this directory - - `DEST_PATH` exists and is a file - - Error condition: cannot copy a directory to a file - - `DEST_PATH` exists and is a directory - - `SRC_PATH` does not end with `/.` (that is: _slash_ followed by _dot_) - - the source directory is copied into this directory - - `SRC_PATH` does end with `/.` (that is: _slash_ followed by _dot_) - - the *content* of the source directory is copied into this - directory - - The command requires `SRC_PATH` and `DEST_PATH` to exist according to the above - rules. If `SRC_PATH` is local and is a symbolic link, the symbolic link, not - the target, is copied by default. To copy the link target and not the link, specify - the `-L` option. - - A colon (`:`) is used as a delimiter between `CONTAINER` and its path. You can - also use `:` when specifying paths to a `SRC_PATH` or `DEST_PATH` on a local - machine, for example `file:name.txt`. If you use a `:` in a local machine path, - you must be explicit with a relative or absolute path, for example: - - `/path/to/file:name.txt` or `./file:name.txt` - - It is not possible to copy certain system files such as resources under - `/proc`, `/sys`, `/dev`, [tmpfs](run.md#mount-tmpfs-tmpfs), and mounts created by - the user in the container. However, you can still copy such files by manually - running `tar` in `docker exec`. Both of the following examples do the same thing - in different ways (consider `SRC_PATH` and `DEST_PATH` are directories): - - ```bash - $ docker exec CONTAINER tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH - - ``` - - ```bash - $ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i CONTAINER tar Cxf DEST_PATH - - ``` - - Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive. - The command extracts the content of the tar to the `DEST_PATH` in container's - filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as - the `DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`. -usage: "docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-\n\tdocker cp [OPTIONS] - SRC_PATH|- CONTAINER:DEST_PATH" -pname: docker -plink: docker.yaml -options: -- option: archive - shorthand: a - value_type: bool - default_value: "false" - description: Archive mode (copy all uid/gid information) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: follow-link - shorthand: L - value_type: bool - default_value: "false" - description: Always follow symbol link in SRC_PATH - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_create.yaml b/_data/engine-cli-edge/docker_create.yaml deleted file mode 100644 index dac8c8f7f5..0000000000 --- a/_data/engine-cli-edge/docker_create.yaml +++ /dev/null @@ -1,971 +0,0 @@ -command: docker create -short: Create a new container -long: |- - The `docker create` command creates a writeable container layer over the - specified image and prepares it for running the specified command. The - container ID is then printed to `STDOUT`. This is similar to `docker run -d` - except the container is never started. You can then use the - `docker start ` command to start the container at any point. - - This is useful when you want to set up a container configuration ahead of time - so that it is ready to start when you need it. The initial status of the - new container is `created`. - - Please see the [run command](run.md) section and the [Docker run reference](../run.md) for more details. -usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...] -pname: docker -plink: docker.yaml -options: -- option: add-host - value_type: list - description: Add a custom host-to-IP mapping (host:ip) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: attach - shorthand: a - value_type: list - description: Attach to STDIN, STDOUT or STDERR - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: blkio-weight - value_type: uint16 - default_value: "0" - description: | - Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: blkio-weight-device - value_type: list - default_value: '[]' - description: Block IO weight (relative device weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cap-add - value_type: list - description: Add Linux capabilities - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cap-drop - value_type: list - description: Drop Linux capabilities - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cgroup-parent - value_type: string - description: Optional parent cgroup for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cidfile - value_type: string - description: Write the container ID to the file - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-count - value_type: int64 - default_value: "0" - description: CPU count (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-percent - value_type: int64 - default_value: "0" - description: CPU percent (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-period - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) period - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-quota - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) quota - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-period - value_type: int64 - default_value: "0" - description: Limit CPU real-time period in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-runtime - value_type: int64 - default_value: "0" - description: Limit CPU real-time runtime in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-shares - shorthand: c - value_type: int64 - default_value: "0" - description: CPU shares (relative weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpus - value_type: decimal - description: Number of CPUs - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-cpus - value_type: string - description: CPUs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-mems - value_type: string - description: MEMs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device - value_type: list - description: Add a host device to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-cgroup-rule - value_type: list - description: Add a rule to the cgroup allowed devices list - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-read-bps - value_type: list - default_value: '[]' - description: Limit read rate (bytes per second) from a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-read-iops - value_type: list - default_value: '[]' - description: Limit read rate (IO per second) from a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-write-bps - value_type: list - default_value: '[]' - description: Limit write rate (bytes per second) to a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-write-iops - value_type: list - default_value: '[]' - description: Limit write rate (IO per second) to a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image verification - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns - value_type: list - description: Set custom DNS servers - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-opt - value_type: list - description: Set DNS options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-option - value_type: list - description: Set DNS options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-search - value_type: list - description: Set custom DNS search domains - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: entrypoint - value_type: string - description: Overwrite the default ENTRYPOINT of the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env - shorthand: e - value_type: list - description: Set environment variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env-file - value_type: list - description: Read in a file of environment variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: expose - value_type: list - description: Expose a port or a range of ports - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: group-add - value_type: list - description: Add additional groups to join - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-cmd - value_type: string - description: Command to run to check health - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-interval - value_type: duration - default_value: 0s - description: Time between running the check (ms|s|m|h) (default 0s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-retries - value_type: int - default_value: "0" - description: Consecutive failures needed to report unhealthy - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-start-period - value_type: duration - default_value: 0s - description: | - Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-timeout - value_type: duration - default_value: 0s - description: | - Maximum time to allow one check to run (ms|s|m|h) (default 0s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: help - value_type: bool - default_value: "false" - description: Print usage - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: hostname - shorthand: h - value_type: string - description: Container host name - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: init - value_type: bool - default_value: "false" - description: | - Run an init inside the container that forwards signals and reaps processes - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: interactive - shorthand: i - value_type: bool - default_value: "false" - description: Keep STDIN open even if not attached - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: io-maxbandwidth - value_type: bytes - default_value: "0" - description: | - Maximum IO bandwidth limit for the system drive (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: io-maxiops - value_type: uint64 - default_value: "0" - description: Maximum IOps limit for the system drive (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ip - value_type: string - description: IPv4 address (e.g., 172.30.100.104) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ip6 - value_type: string - description: IPv6 address (e.g., 2001:db8::33) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ipc - value_type: string - description: IPC mode to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: isolation - value_type: string - description: Container isolation technology - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: kernel-memory - value_type: bytes - default_value: "0" - description: Kernel memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label - shorthand: l - value_type: list - description: Set meta data on a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label-file - value_type: list - description: Read in a line delimited file of labels - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link - value_type: list - description: Add link to another container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link-local-ip - value_type: list - description: Container IPv4/IPv6 link-local addresses - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-driver - value_type: string - description: Logging driver for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-opt - value_type: list - description: Log driver options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mac-address - value_type: string - description: Container MAC address (e.g., 92:d0:c6:0a:29:33) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory - shorthand: m - value_type: bytes - default_value: "0" - description: Memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-reservation - value_type: bytes - default_value: "0" - description: Memory soft limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swap - value_type: bytes - default_value: "0" - description: | - Swap limit equal to memory plus swap: '-1' to enable unlimited swap - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swappiness - value_type: int64 - default_value: "-1" - description: Tune container memory swappiness (0 to 100) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mount - value_type: mount - description: Attach a filesystem mount to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: name - value_type: string - description: Assign a name to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: net - value_type: string - default_value: default - description: Connect a container to a network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: net-alias - value_type: list - description: Add network-scoped alias for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network - value_type: string - default_value: default - description: Connect a container to a network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network-alias - value_type: list - description: Add network-scoped alias for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-healthcheck - value_type: bool - default_value: "false" - description: Disable any container-specified HEALTHCHECK - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: oom-kill-disable - value_type: bool - default_value: "false" - description: Disable OOM Killer - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: oom-score-adj - value_type: int - default_value: "0" - description: Tune host's OOM preferences (-1000 to 1000) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pid - value_type: string - description: PID namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pids-limit - value_type: int64 - default_value: "0" - description: Tune container pids limit (set -1 for unlimited) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: platform - value_type: string - description: Set platform if server is multi-platform capable - deprecated: false - min_api_version: "1.32" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: privileged - value_type: bool - default_value: "false" - description: Give extended privileges to this container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: publish - shorthand: p - value_type: list - description: Publish a container's port(s) to the host - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: publish-all - shorthand: P - value_type: bool - default_value: "false" - description: Publish all exposed ports to random ports - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: read-only - value_type: bool - default_value: "false" - description: Mount the container's root filesystem as read only - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart - value_type: string - default_value: "no" - description: Restart policy to apply when a container exits - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rm - value_type: bool - default_value: "false" - description: Automatically remove the container when it exits - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: runtime - value_type: string - description: Runtime to use for this container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: security-opt - value_type: list - description: Security Options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: shm-size - value_type: bytes - default_value: "0" - description: Size of /dev/shm - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-signal - value_type: string - default_value: SIGTERM - description: Signal to stop a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-timeout - value_type: int - default_value: "0" - description: Timeout (in seconds) to stop a container - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: storage-opt - value_type: list - description: Storage driver options for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: sysctl - value_type: map - default_value: map[] - description: Sysctl options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tmpfs - value_type: list - description: Mount a tmpfs directory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tty - shorthand: t - value_type: bool - default_value: "false" - description: Allocate a pseudo-TTY - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ulimit - value_type: ulimit - default_value: '[]' - description: Ulimit options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: user - shorthand: u - value_type: string - description: 'Username or UID (format: [:])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: userns - value_type: string - description: User namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: uts - value_type: string - description: UTS namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volume - shorthand: v - value_type: list - description: Bind mount a volume - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volume-driver - value_type: string - description: Optional volume driver for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volumes-from - value_type: list - description: Mount volumes from the specified container(s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: workdir - shorthand: w - value_type: string - description: Working directory inside the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Create and start a container - - ```bash - $ docker create -t -i fedora bash - - 6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752 - - $ docker start -a -i 6d8af538ec5 - - bash-4.2# - ``` - - ### Initialize volumes - - As of v1.4.0 container volumes are initialized during the `docker create` phase - (i.e., `docker run` too). For example, this allows you to `create` the `data` - volume container, and then use it from another container: - - ```bash - $ docker create -v /data --name data ubuntu - - 240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57 - - $ docker run --rm --volumes-from data ubuntu ls -la /data - - total 8 - drwxr-xr-x 2 root root 4096 Dec 5 04:10 . - drwxr-xr-x 48 root root 4096 Dec 5 04:11 .. - ``` - - Similarly, `create` a host directory bind mounted volume container, which can - then be used from the subsequent container: - - ```bash - $ docker create -v /home/docker:/docker --name docker ubuntu - - 9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03 - - $ docker run --rm --volumes-from docker ubuntu ls -la /docker - - total 20 - drwxr-sr-x 5 1000 staff 180 Dec 5 04:00 . - drwxr-xr-x 48 root root 4096 Dec 5 04:13 .. - -rw-rw-r-- 1 1000 staff 3833 Dec 5 04:01 .ash_history - -rw-r--r-- 1 1000 staff 446 Nov 28 11:51 .ashrc - -rw-r--r-- 1 1000 staff 25 Dec 5 04:00 .gitconfig - drwxr-sr-x 3 1000 staff 60 Dec 1 03:28 .local - -rw-r--r-- 1 1000 staff 920 Nov 28 11:51 .profile - drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh - drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker - ``` - - - Set storage driver options per container. - - ```bash - $ docker create -it --storage-opt size=120G fedora /bin/bash - ``` - - This (size) will allow to set the container rootfs size to 120G at creation time. - This option is only available for the `devicemapper`, `btrfs`, `overlay2`, - `windowsfilter` and `zfs` graph drivers. - For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers, - user cannot pass a size less than the Default BaseFS Size. - For the `overlay2` storage driver, the size option is only available if the - backing fs is `xfs` and mounted with the `pquota` mount option. - Under these conditions, user can pass any size less than the backing fs size. - - ### Specify isolation technology for container (--isolation) - - This option is useful in situations where you are running Docker containers on - Windows. The `--isolation=` option sets a container's isolation - technology. On Linux, the only supported is the `default` option which uses - Linux namespaces. On Microsoft Windows, you can specify these values: - - - | Value | Description | - |-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| - | `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value if the - daemon is running on Windows server, or `hyperv` if running on Windows client. | - | `process` | Namespace isolation only. | - | `hyperv` | Hyper-V hypervisor partition-based isolation. | - - Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. - - ### Dealing with dynamically created devices (--device-cgroup-rule) - - Devices available to a container are assigned at creation time. The - assigned devices will both be added to the cgroup.allow file and - created into the container once it is run. This poses a problem when - a new device needs to be added to running container. - - One of the solution is to add a more permissive rule to a container - allowing it access to a wider range of devices. For example, supposing - our container needs access to a character device with major `42` and - any number of minor number (added as new devices appear), the - following rule would be added: - - ``` - docker create --device-cgroup-rule='c 42:* rmw' -name my-container my-image - ``` - - Then, a user could ask `udev` to execute a script that would `docker exec my-container mknod newDevX c 42 ` - the required device when it is added. - - NOTE: initially present devices still need to be explicitely added to - the create/run command -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_deploy.yaml b/_data/engine-cli-edge/docker_deploy.yaml deleted file mode 100644 index 0ec01f06df..0000000000 --- a/_data/engine-cli-edge/docker_deploy.yaml +++ /dev/null @@ -1,126 +0,0 @@ -command: docker deploy -short: Deploy a new stack or update an existing stack -long: |- - Create and update a stack from a `compose` or a `dab` file on the swarm. This command - has to be run targeting a manager node. -usage: docker deploy [OPTIONS] STACK -pname: docker -plink: docker.yaml -options: -- option: bundle-file - value_type: string - description: Path to a Distributed Application Bundle file - deprecated: false - experimental: true - experimentalcli: false - kubernetes: false - swarm: true -- option: compose-file - shorthand: c - value_type: stringSlice - default_value: '[]' - description: Path to a Compose file - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: prune - value_type: bool - default_value: "false" - description: Prune services that are no longer referenced - deprecated: false - min_api_version: "1.27" - experimental: false - experimentalcli: false - kubernetes: false - swarm: true -- option: resolve-image - value_type: string - default_value: always - description: | - Query the registry to resolve image digest and supported platforms ("always"|"changed"|"never") - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: true -- option: with-registry-auth - value_type: bool - default_value: "false" - description: Send registry authentication details to Swarm agents - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: true -examples: |- - ### Compose file - - The `deploy` command supports compose file version `3.0` and above. - - ```bash - $ docker stack deploy --compose-file docker-compose.yml vossibility - - Ignoring unsupported options: links - - Creating network vossibility_vossibility - Creating network vossibility_default - Creating service vossibility_nsqd - Creating service vossibility_logstash - Creating service vossibility_elasticsearch - Creating service vossibility_kibana - Creating service vossibility_ghollector - Creating service vossibility_lookupd - ``` - - You can verify that the services were correctly created - - ```bash - $ docker service ls - - ID NAME MODE REPLICAS IMAGE - 29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 - 4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 - 4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa - 7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 - 9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe - axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba - ``` - - ### DAB file - - ```bash - $ docker stack deploy --bundle-file vossibility-stack.dab vossibility - - Loading bundle from vossibility-stack.dab - Creating service vossibility_elasticsearch - Creating service vossibility_kibana - Creating service vossibility_logstash - Creating service vossibility_lookupd - Creating service vossibility_nsqd - Creating service vossibility_vossibility-collector - ``` - - You can verify that the services were correctly created: - - ```bash - $ docker service ls - - ID NAME MODE REPLICAS IMAGE - 29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 - 4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 - 4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa - 7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 - 9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe - axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba - ``` -deprecated: false -min_api_version: "1.25" -experimental: true -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_diff.yaml b/_data/engine-cli-edge/docker_diff.yaml deleted file mode 100644 index 4fd4fd4fa0..0000000000 --- a/_data/engine-cli-edge/docker_diff.yaml +++ /dev/null @@ -1,49 +0,0 @@ -command: docker diff -short: Inspect changes to files or directories on a container's filesystem -long: |- - List the changed files and directories in a container᾿s filesystem since the - container was created. Three different types of change are tracked: - - | Symbol | Description | - |--------|---------------------------------| - | `A` | A file or directory was added | - | `D` | A file or directory was deleted | - | `C` | A file or directory was changed | - - You can use the full or shortened container ID or the container name set using - `docker run --name` option. -usage: docker diff CONTAINER -pname: docker -plink: docker.yaml -examples: |- - Inspect the changes to an `nginx` container: - - ```bash - $ docker diff 1fdfd1f54c1b - - C /dev - C /dev/console - C /dev/core - C /dev/stdout - C /dev/fd - C /dev/ptmx - C /dev/stderr - C /dev/stdin - C /run - A /run/nginx.pid - C /var/lib/nginx/tmp - A /var/lib/nginx/tmp/client_body - A /var/lib/nginx/tmp/fastcgi - A /var/lib/nginx/tmp/proxy - A /var/lib/nginx/tmp/scgi - A /var/lib/nginx/tmp/uwsgi - C /var/log/nginx - A /var/log/nginx/access.log - A /var/log/nginx/error.log - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_events.yaml b/_data/engine-cli-edge/docker_events.yaml deleted file mode 100644 index fd42f278c5..0000000000 --- a/_data/engine-cli-edge/docker_events.yaml +++ /dev/null @@ -1,424 +0,0 @@ -command: docker events -short: Get real time events from the server -long: |- - Use `docker events` to get real-time events from the server. These events differ - per Docker object type. - - ### Object types - - #### Containers - - Docker containers report the following events: - - - `attach` - - `commit` - - `copy` - - `create` - - `destroy` - - `detach` - - `die` - - `exec_create` - - `exec_detach` - - `exec_start` - - `export` - - `health_status` - - `kill` - - `oom` - - `pause` - - `rename` - - `resize` - - `restart` - - `start` - - `stop` - - `top` - - `unpause` - - `update` - - #### Images - - Docker images report the following events: - - - `delete` - - `import` - - `load` - - `pull` - - `push` - - `save` - - `tag` - - `untag` - - #### Plugins - - Docker plugins report the following events: - - - `enable` - - `disable` - - `install` - - `remove` - - #### Volumes - - Docker volumes report the following events: - - - `create` - - `destroy` - - `mount` - - `unmount` - - #### Networks - - Docker networks report the following events: - - - `create` - - `connect` - - `destroy` - - `disconnect` - - `remove` - - #### Daemons - - Docker daemons report the following events: - - - `reload` - - #### Services - - Docker services report the following events: - - - `create` - - `remove` - - `update` - - #### Nodes - - Docker nodes report the following events: - - - `create` - - `remove` - - `update` - - #### Secrets - - Docker secrets report the following events: - - - `create` - - `remove` - - `update` - - #### Configs - - Docker configs report the following events: - - - `create` - - `remove` - - `update` - - ### Limiting, filtering, and formatting the output - - #### Limit events by time - - The `--since` and `--until` parameters can be Unix timestamps, date formatted - timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed - relative to the client machine’s time. If you do not provide the `--since` option, - the command returns only new and/or live events. Supported formats for date - formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, - `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local - timezone on the client will be used if you do not provide either a `Z` or a - `+-00:00` timezone offset at the end of the timestamp. When providing Unix - timestamps enter seconds[.nanoseconds], where seconds is the number of seconds - that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap - seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a - fraction of a second no more than nine digits long. - - #### Filtering - - The filtering flag (`-f` or `--filter`) format is of "key=value". If you would - like to use multiple filters, pass multiple flags (e.g., - `--filter "foo=bar" --filter "bif=baz"`) - - Using the same filter multiple times will be handled as a *OR*; for example - `--filter container=588a23dac085 --filter container=a8f7720b8c22` will display - events for container 588a23dac085 *OR* container a8f7720b8c22 - - Using multiple filters will be handled as a *AND*; for example - `--filter container=588a23dac085 --filter event=start` will display events for - container container 588a23dac085 *AND* the event type is *start* - - The currently supported filters are: - - * config (`config=`) - * container (`container=`) - * daemon (`daemon=`) - * event (`event=`) - * image (`image=`) - * label (`label=` or `label==`) - * network (`network=`) - * node (`node=`) - * plugin (`plugin=`) - * scope (`scope=`) - * secret (`secret=`) - * service (`service=`) - * type (`type=`) - * volume (`volume=`) - - #### Format - - If a format (`--format`) is specified, the given template will be executed - instead of the default - format. Go's [text/template](http://golang.org/pkg/text/template/) package - describes all the details of the format. - - If a format is set to `{{json .}}`, the events are streamed as valid JSON - Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . -usage: docker events [OPTIONS] -pname: docker -plink: docker.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: since - value_type: string - description: Show all events created since timestamp - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: until - value_type: string - description: Stream events until this timestamp - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Basic example - - You'll need two shells for this example. - - **Shell 1: Listening for events:** - - ```bash - $ docker events - ``` - - **Shell 2: Start and Stop containers:** - - ```bash - $ docker create --name test alpine:latest top - $ docker start test - $ docker stop test - ``` - - **Shell 1: (Again .. now showing events):** - - ```none - 2017-01-05T00:35:58.859401177+08:00 container create 0fdb48addc82871eb34eb23a847cfd033dedd1a0a37bef2e6d9eb3870fc7ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1f5ceda09d4300f3a846f0acfaa9a8bb0d89e775eb744c5acecd60e0529e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - ``` - - To exit the `docker events` command, use `CTRL+C`. - - ### Filter events by time - - You can filter the output by an absolute timestamp or relative time on the host - machine, using the following different time syntaxes: - - ```bash - $ docker events --since 1483283804 - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - - $ docker events --since '2017-01-05' - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - - $ docker events --since '2013-09-03T15:49:29' - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - - $ docker events --since '10m' - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - - $ docker events --since '2017-01-05T00:35:30' --until '2017-01-05T00:36:05' - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - ``` - - ### Filter events by criteria - - The following commands show several different ways to filter the `docker event` - output. - - ```bash - $ docker events --filter 'event=stop' - - 2017-01-05T00:40:22.880175420+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:41:17.888104182+08:00 container stop 2a8f...4e78 (image=alpine, name=kickass_brattain) - - $ docker events --filter 'image=alpine' - - 2017-01-05T00:41:55.784240236+08:00 container create d9cd...4d70 (image=alpine, name=happy_meitner) - 2017-01-05T00:41:55.913156783+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) - 2017-01-05T00:42:01.106875249+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=15) - 2017-01-05T00:42:11.111934041+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=9) - 2017-01-05T00:42:11.119578204+08:00 container die d9cd...4d70 (exitCode=137, image=alpine, name=happy_meitner) - 2017-01-05T00:42:11.173276611+08:00 container stop d9cd...4d70 (image=alpine, name=happy_meitner) - - $ docker events --filter 'container=test' - - 2017-01-05T00:43:00.139719934+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:43:09.259951086+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:43:09.270102715+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:43:09.312556440+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - - $ docker events --filter 'container=test' --filter 'container=d9cdb1525ea8' - - 2017-01-05T00:44:11.517071981+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:44:17.685870901+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) - 2017-01-05T00:44:29.757658470+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=9) - 2017-01-05T00:44:29.767718510+08:00 container die 0fdb...ff37 (exitCode=137, image=alpine:latest, name=test) - 2017-01-05T00:44:29.815798344+08:00 container destroy 0fdb...ff37 (image=alpine:latest, name=test) - - $ docker events --filter 'container=test' --filter 'event=stop' - - 2017-01-05T00:46:13.664099505+08:00 container stop a9d1...e130 (image=alpine, name=test) - - $ docker events --filter 'type=volume' - - 2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) - 2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562f...5025, destination=/foo, driver=local, propagation=rprivate) - 2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562f...5025, driver=local) - 2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) - - $ docker events --filter 'type=network' - - 2015-12-23T21:38:24.705709133Z network create 8b11...2c5b (name=test-event-network-local, type=bridge) - 2015-12-23T21:38:25.119625123Z network connect 8b11...2c5b (name=test-event-network-local, container=b4be...c54e, type=bridge) - - $ docker events --filter 'container=container_1' --filter 'container=container_2' - - 2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) - 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) - 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8) - 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) - - $ docker events --filter 'type=volume' - - 2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) - 2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate) - 2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local) - 2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) - - $ docker events --filter 'type=network' - - 2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge) - 2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) - - $ docker events --filter 'type=plugin' - - 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) - 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) - - $ docker events -f type=service - - 2017-07-12T06:34:07.999446625Z service create wj64st89fzgchxnhiqpn8p4oj (name=reverent_albattani) - 2017-07-12T06:34:21.405496207Z service remove wj64st89fzgchxnhiqpn8p4oj (name=reverent_albattani) - - $ docker events -f type=node - - 2017-07-12T06:21:51.951586759Z node update 3xyz5ttp1a253q74z1thwywk9 (name=ip-172-31-23-42, state.new=ready, state.old=unknown) - - $ docker events -f type=secret - - 2017-07-12T06:32:13.915704367Z secret create s8o6tmlnndrgzbmdilyy5ymju (name=new_secret) - 2017-07-12T06:32:37.052647783Z secret remove s8o6tmlnndrgzbmdilyy5ymju (name=new_secret) - - $ docker events -f type=config - 2017-07-12T06:44:13.349037127Z config create u96zlvzdfsyb9sg4mhyxfh3rl (name=abc) - 2017-07-12T06:44:36.327694184Z config remove u96zlvzdfsyb9sg4mhyxfh3rl (name=abc) - - $ docker events --filter 'scope=swarm' - - 2017-07-10T07:46:50.250024503Z service create m8qcxu8081woyof7w3jaax6gk (name=affectionate_wilson) - 2017-07-10T07:47:31.093797134Z secret create 6g5pufzsv438p9tbvl9j94od4 (name=new_secret) - ``` - - ### Format the output - - ```bash - $ docker events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}' - - Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=attach ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=start ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=resize ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=die ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - ``` - - #### Format as JSON - - ```none - $ docker events --format '{{json .}}' - - {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. - {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. - {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_exec.yaml b/_data/engine-cli-edge/docker_exec.yaml deleted file mode 100644 index 93602aeb0e..0000000000 --- a/_data/engine-cli-edge/docker_exec.yaml +++ /dev/null @@ -1,124 +0,0 @@ -command: docker exec -short: Run a command in a running container -long: |- - The `docker exec` command runs a new command in a running container. - - The command started using `docker exec` only runs while the container's primary - process (`PID 1`) is running, and it is not restarted if the container is - restarted. - - COMMAND will run in the default directory of the container. If the - underlying image has a custom directory specified with the WORKDIR directive - in its Dockerfile, this will be used instead. - - COMMAND should be an executable, a chained or a quoted command - will not work. Example: `docker exec -ti my_container "echo a && echo b"` will - not work, but `docker exec -ti my_container sh -c "echo a && echo b"` will. -usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] -pname: docker -plink: docker.yaml -options: -- option: detach - shorthand: d - value_type: bool - default_value: "false" - description: 'Detached mode: run command in the background' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: detach-keys - value_type: string - description: Override the key sequence for detaching a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env - shorthand: e - value_type: list - description: Set environment variables - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: interactive - shorthand: i - value_type: bool - default_value: "false" - description: Keep STDIN open even if not attached - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: privileged - value_type: bool - default_value: "false" - description: Give extended privileges to the command - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tty - shorthand: t - value_type: bool - default_value: "false" - description: Allocate a pseudo-TTY - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: user - shorthand: u - value_type: string - description: 'Username or UID (format: [:])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: workdir - shorthand: w - value_type: string - description: Working directory inside the container - deprecated: false - min_api_version: "1.35" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: "### Run `docker exec` on a running container\n\nFirst, start a container.\n\n```bash\n$ - docker run --name ubuntu_bash --rm -i -t ubuntu bash\n```\n\nThis will create a - container named `ubuntu_bash` and start a Bash session.\n\nNext, execute a command - on the container.\n\n```bash\n$ docker exec -d ubuntu_bash touch /tmp/execWorks\n```\n\nThis - will create a new file `/tmp/execWorks` inside the running container\n`ubuntu_bash`, - in the background.\n\nNext, execute an interactive `bash` shell on the container.\n\n```bash\n$ - docker exec -it ubuntu_bash bash\n```\n\nThis will create a new Bash session in - the container `ubuntu_bash`.\n\nNext, set an environment variable in the current - bash session.\n\n```bash\n$ docker exec -it -e VAR=1 ubuntu_bash bash\n```\n\nThis - will create a new Bash session in the container `ubuntu_bash` with environment \nvariable - `$VAR` set to \"1\". Note that this environment variable will only be valid \non - the current Bash session.\n\nBy default `docker exec` command runs in the same working - directory set when container was created.\n\n```bash\n$ docker exec -it ubuntu_bash - pwd\n/\n```\n\nYou can select working directory for the command to execute into\n\n```bash\n$ - docker exec -it -w /root ubuntu_bash pwd\n/root\n```\n\n\n### Try to run `docker - exec` on a paused container\n\nIf the container is paused, then the `docker exec` - command will fail with an error:\n\n```bash\n$ docker pause test\n\ntest\n\n$ docker - ps\n\nCONTAINER ID IMAGE COMMAND CREATED STATUS - \ PORTS NAMES\n1ae3b36715d2 ubuntu:latest - \ \"bash\" 17 seconds ago Up 16 seconds (Paused) test\n\n$ - docker exec test ls\n\nFATA[0000] Error response from daemon: Container test is - paused, unpause the container before exec\n\n$ echo $?\n1\n```" -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_export.yaml b/_data/engine-cli-edge/docker_export.yaml deleted file mode 100644 index 1959106442..0000000000 --- a/_data/engine-cli-edge/docker_export.yaml +++ /dev/null @@ -1,39 +0,0 @@ -command: docker export -short: Export a container's filesystem as a tar archive -long: |- - The `docker export` command does not export the contents of volumes associated - with the container. If a volume is mounted on top of an existing directory in - the container, `docker export` will export the contents of the *underlying* - directory, not the contents of the volume. - - Refer to [Backup, restore, or migrate data volumes](https://docs.docker.com/engine/tutorials/dockervolumes/#backup-restore-or-migrate-data-volumes) - in the user guide for examples on exporting data in a volume. -usage: docker export [OPTIONS] CONTAINER -pname: docker -plink: docker.yaml -options: -- option: output - shorthand: o - value_type: string - description: Write to a file, instead of STDOUT - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - Each of these commands has the same result. - - ```bash - $ docker export red_panda > latest.tar - ``` - - ```bash - $ docker export --output="latest.tar" red_panda - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_history.yaml b/_data/engine-cli-edge/docker_history.yaml deleted file mode 100644 index b4e86cf854..0000000000 --- a/_data/engine-cli-edge/docker_history.yaml +++ /dev/null @@ -1,105 +0,0 @@ -command: docker history -short: Show the history of an image -long: Show the history of an image -usage: docker history [OPTIONS] IMAGE -pname: docker -plink: docker.yaml -options: -- option: format - value_type: string - description: Pretty-print images using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: human - shorthand: H - value_type: bool - default_value: "true" - description: Print sizes and dates in human readable format - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Don't truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only show numeric IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - To see how the `docker:latest` image was built: - - ```bash - $ docker history docker - - IMAGE CREATED CREATED BY SIZE COMMENT - 3e23a5875458 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B - 8578938dd170 8 days ago /bin/sh -c dpkg-reconfigure locales && loc 1.245 MB - be51b77efb42 8 days ago /bin/sh -c apt-get update && apt-get install 338.3 MB - 4b137612be55 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB - 750d58736b4b 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi : 4 weeks ago - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image.yaml b/_data/engine-cli-edge/docker_image.yaml deleted file mode 100644 index c094b25a6f..0000000000 --- a/_data/engine-cli-edge/docker_image.yaml +++ /dev/null @@ -1,38 +0,0 @@ -command: docker image -short: Manage images -long: Manage images. -usage: docker image -pname: docker -plink: docker.yaml -cname: -- docker image build -- docker image history -- docker image import -- docker image inspect -- docker image load -- docker image ls -- docker image prune -- docker image pull -- docker image push -- docker image rm -- docker image save -- docker image tag -clink: -- docker_image_build.yaml -- docker_image_history.yaml -- docker_image_import.yaml -- docker_image_inspect.yaml -- docker_image_load.yaml -- docker_image_ls.yaml -- docker_image_prune.yaml -- docker_image_pull.yaml -- docker_image_push.yaml -- docker_image_rm.yaml -- docker_image_save.yaml -- docker_image_tag.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_build.yaml b/_data/engine-cli-edge/docker_image_build.yaml deleted file mode 100644 index 8621343da4..0000000000 --- a/_data/engine-cli-edge/docker_image_build.yaml +++ /dev/null @@ -1,291 +0,0 @@ -command: docker image build -short: Build an image from a Dockerfile -long: Build an image from a Dockerfile -usage: docker image build [OPTIONS] PATH | URL | - -pname: docker image -plink: docker_image.yaml -options: -- option: add-host - value_type: list - description: Add a custom host-to-IP mapping (host:ip) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: build-arg - value_type: list - description: Set build-time variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cache-from - value_type: stringSlice - default_value: '[]' - description: Images to consider as cache sources - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cgroup-parent - value_type: string - description: Optional parent cgroup for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: compress - value_type: bool - default_value: "false" - description: Compress the build context using gzip - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-period - value_type: int64 - default_value: "0" - description: Limit the CPU CFS (Completely Fair Scheduler) period - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-quota - value_type: int64 - default_value: "0" - description: Limit the CPU CFS (Completely Fair Scheduler) quota - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-shares - shorthand: c - value_type: int64 - default_value: "0" - description: CPU shares (relative weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-cpus - value_type: string - description: CPUs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-mems - value_type: string - description: MEMs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image verification - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: file - shorthand: f - value_type: string - description: Name of the Dockerfile (Default is 'PATH/Dockerfile') - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: force-rm - value_type: bool - default_value: "false" - description: Always remove intermediate containers - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: iidfile - value_type: string - description: Write the image ID to the file - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: isolation - value_type: string - description: Container isolation technology - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label - value_type: list - description: Set metadata for an image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory - shorthand: m - value_type: bytes - default_value: "0" - description: Memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swap - value_type: bytes - default_value: "0" - description: | - Swap limit equal to memory plus swap: '-1' to enable unlimited swap - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network - value_type: string - default_value: default - description: | - Set the networking mode for the RUN instructions during build - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-cache - value_type: bool - default_value: "false" - description: Do not use cache when building the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: platform - value_type: string - description: Set platform if server is multi-platform capable - deprecated: false - min_api_version: "1.32" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: pull - value_type: bool - default_value: "false" - description: Always attempt to pull a newer version of the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Suppress the build output and print image ID on success - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rm - value_type: bool - default_value: "true" - description: Remove intermediate containers after a successful build - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: security-opt - value_type: stringSlice - default_value: '[]' - description: Security options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: shm-size - value_type: bytes - default_value: "0" - description: Size of /dev/shm - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: squash - value_type: bool - default_value: "false" - description: Squash newly built layers into a single new layer - deprecated: false - min_api_version: "1.25" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: stream - value_type: bool - default_value: "false" - description: Stream attaches to server to negotiate build context - deprecated: false - min_api_version: "1.31" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: tag - shorthand: t - value_type: list - description: Name and optionally a tag in the 'name:tag' format - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: target - value_type: string - description: Set the target build stage to build. - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ulimit - value_type: ulimit - default_value: '[]' - description: Ulimit options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_history.yaml b/_data/engine-cli-edge/docker_image_history.yaml deleted file mode 100644 index 265accf096..0000000000 --- a/_data/engine-cli-edge/docker_image_history.yaml +++ /dev/null @@ -1,50 +0,0 @@ -command: docker image history -short: Show the history of an image -long: Show the history of an image -usage: docker image history [OPTIONS] IMAGE -pname: docker image -plink: docker_image.yaml -options: -- option: format - value_type: string - description: Pretty-print images using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: human - shorthand: H - value_type: bool - default_value: "true" - description: Print sizes and dates in human readable format - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Don't truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only show numeric IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_import.yaml b/_data/engine-cli-edge/docker_image_import.yaml deleted file mode 100644 index fd63cfcf51..0000000000 --- a/_data/engine-cli-edge/docker_image_import.yaml +++ /dev/null @@ -1,31 +0,0 @@ -command: docker image import -short: Import the contents from a tarball to create a filesystem image -long: Import the contents from a tarball to create a filesystem image -usage: docker image import [OPTIONS] file|URL|- [REPOSITORY[:TAG]] -pname: docker image -plink: docker_image.yaml -options: -- option: change - shorthand: c - value_type: list - description: Apply Dockerfile instruction to the created image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: message - shorthand: m - value_type: string - description: Set commit message for imported image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_inspect.yaml b/_data/engine-cli-edge/docker_image_inspect.yaml deleted file mode 100644 index e79573128a..0000000000 --- a/_data/engine-cli-edge/docker_image_inspect.yaml +++ /dev/null @@ -1,22 +0,0 @@ -command: docker image inspect -short: Display detailed information on one or more images -long: Display detailed information on one or more images -usage: docker image inspect [OPTIONS] IMAGE [IMAGE...] -pname: docker image -plink: docker_image.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_load.yaml b/_data/engine-cli-edge/docker_image_load.yaml deleted file mode 100644 index 61d47dab9b..0000000000 --- a/_data/engine-cli-edge/docker_image_load.yaml +++ /dev/null @@ -1,32 +0,0 @@ -command: docker image load -short: Load an image from a tar archive or STDIN -long: Load an image from a tar archive or STDIN -usage: docker image load [OPTIONS] -pname: docker image -plink: docker_image.yaml -options: -- option: input - shorthand: i - value_type: string - description: Read from tar archive file, instead of STDIN - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Suppress the load output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_ls.yaml b/_data/engine-cli-edge/docker_image_ls.yaml deleted file mode 100644 index 0e341e81fa..0000000000 --- a/_data/engine-cli-edge/docker_image_ls.yaml +++ /dev/null @@ -1,69 +0,0 @@ -command: docker image ls -aliases: images, list -short: List images -long: List images -usage: docker image ls [OPTIONS] [REPOSITORY[:TAG]] -pname: docker image -plink: docker_image.yaml -options: -- option: all - shorthand: a - value_type: bool - default_value: "false" - description: Show all images (default hides intermediate images) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: digests - value_type: bool - default_value: "false" - description: Show digests - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print images using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Don't truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only show numeric IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_prune.yaml b/_data/engine-cli-edge/docker_image_prune.yaml deleted file mode 100644 index 7271fc8cb8..0000000000 --- a/_data/engine-cli-edge/docker_image_prune.yaml +++ /dev/null @@ -1,214 +0,0 @@ -command: docker image prune -short: Remove unused images -long: Remove all dangling images. If `-a` is specified, will also remove all images - not referenced by any container. -usage: docker image prune [OPTIONS] -pname: docker image -plink: docker_image.yaml -options: -- option: all - shorthand: a - value_type: bool - default_value: "false" - description: Remove all unused images, not just dangling ones - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: filter - value_type: filter - description: Provide filter values (e.g. 'until=') - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Do not prompt for confirmation - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - Example output: - - ```bash - $ docker image prune -a - - WARNING! This will remove all images without at least one container associated to them. - Are you sure you want to continue? [y/N] y - Deleted Images: - untagged: alpine:latest - untagged: alpine@sha256:3dcdb92d7432d56604d4545cbd324b14e647b313626d99b889d0626de158f73a - deleted: sha256:4e38e38c8ce0b8d9041a9c4fefe786631d1416225e13b0bfe8cfa2321aec4bba - deleted: sha256:4fe15f8d0ae69e169824f25f1d4da3015a48feeeeebb265cd2e328e15c6a869f - untagged: alpine:3.3 - untagged: alpine@sha256:4fa633f4feff6a8f02acfc7424efd5cb3e76686ed3218abf4ca0fa4a2a358423 - untagged: my-jq:latest - deleted: sha256:ae67841be6d008a374eff7c2a974cde3934ffe9536a7dc7ce589585eddd83aff - deleted: sha256:34f6f1261650bc341eb122313372adc4512b4fceddc2a7ecbb84f0958ce5ad65 - deleted: sha256:cf4194e8d8db1cb2d117df33f2c75c0369c3a26d96725efb978cc69e046b87e7 - untagged: my-curl:latest - deleted: sha256:b2789dd875bf427de7f9f6ae001940073b3201409b14aba7e5db71f408b8569e - deleted: sha256:96daac0cb203226438989926fc34dd024f365a9a8616b93e168d303cfe4cb5e9 - deleted: sha256:5cbd97a14241c9cd83250d6b6fc0649833c4a3e84099b968dd4ba403e609945e - deleted: sha256:a0971c4015c1e898c60bf95781c6730a05b5d8a2ae6827f53837e6c9d38efdec - deleted: sha256:d8359ca3b681cc5396a4e790088441673ed3ce90ebc04de388bfcd31a0716b06 - deleted: sha256:83fc9ba8fb70e1da31dfcc3c88d093831dbd4be38b34af998df37e8ac538260c - deleted: sha256:ae7041a4cc625a9c8e6955452f7afe602b401f662671cea3613f08f3d9343b35 - deleted: sha256:35e0f43a37755b832f0bbea91a2360b025ee351d7309dae0d9737bc96b6d0809 - deleted: sha256:0af941dd29f00e4510195dd00b19671bc591e29d1495630e7e0f7c44c1e6a8c0 - deleted: sha256:9fc896fc2013da84f84e45b3096053eb084417b42e6b35ea0cce5a3529705eac - deleted: sha256:47cf20d8c26c46fff71be614d9f54997edacfe8d46d51769706e5aba94b16f2b - deleted: sha256:2c675ee9ed53425e31a13e3390bf3f539bf8637000e4bcfbb85ee03ef4d910a1 - - Total reclaimed space: 16.43 MB - ``` - - ### Filtering - - The filtering flag (`--filter`) format is of "key=value". If there is more - than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - - The currently supported filters are: - - * until (``) - only remove images created before given timestamp - * label (`label=`, `label==`, `label!=`, or `label!==`) - only remove images with (or without, in case `label!=...` is used) the specified labels. - - The `until` filter can be Unix timestamps, date formatted - timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed - relative to the daemon machine’s time. Supported formats for date - formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, - `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local - timezone on the daemon will be used if you do not provide either a `Z` or a - `+-00:00` timezone offset at the end of the timestamp. When providing Unix - timestamps enter seconds[.nanoseconds], where seconds is the number of seconds - that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap - seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a - fraction of a second no more than nine digits long. - - The `label` filter accepts two formats. One is the `label=...` (`label=` or `label==`), - which removes images with the specified labels. The other - format is the `label!=...` (`label!=` or `label!==`), which removes - images without the specified labels. - - > **Predicting what will be removed** - > - > If you are using positive filtering (testing for the existence of a label or - > that a label has a specific value), you can use `docker image ls` with the - > same filtering syntax to see which images match your filter. - > - > However, if you are using negative filtering (testing for the absence of a - > label or that a label does *not* have a specific value), this type of filter - > does not work with `docker image ls` so you cannot easily predict which images - > will be removed. In addition, the confirmation prompt for `docker image prune` - > always warns that *all* dangling images will be removed, even if you are using - > `--filter`. - - The following removes images created before `2017-01-04T00:00:00`: - - ```bash - $ docker images --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt}}\t{{.Size}}' - REPOSITORY TAG IMAGE ID CREATED AT SIZE - foo latest 2f287ac753da 2017-01-04 13:42:23 -0800 PST 3.98 MB - alpine latest 88e169ea8f46 2016-12-27 10:17:25 -0800 PST 3.98 MB - busybox latest e02e811dd08f 2016-10-07 14:03:58 -0700 PDT 1.09 MB - - $ docker image prune -a --force --filter "until=2017-01-04T00:00:00" - - Deleted Images: - untagged: alpine:latest - untagged: alpine@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 - untagged: busybox:latest - untagged: busybox@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 - deleted: sha256:e02e811dd08fd49e7f6032625495118e63f597eb150403d02e3238af1df240ba - deleted: sha256:e88b3f82283bc59d5e0df427c824e9f95557e661fcb0ea15fb0fb6f97760f9d9 - - Total reclaimed space: 1.093 MB - - $ docker images --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt}}\t{{.Size}}' - - REPOSITORY TAG IMAGE ID CREATED AT SIZE - foo latest 2f287ac753da 2017-01-04 13:42:23 -0800 PST 3.98 MB - ``` - - The following removes images created more than 10 days (`240h`) ago: - - ```bash - $ docker images - - REPOSITORY TAG IMAGE ID CREATED SIZE - foo latest 2f287ac753da 14 seconds ago 3.98 MB - alpine latest 88e169ea8f46 8 days ago 3.98 MB - debian jessie 7b0a06c805e8 2 months ago 123 MB - busybox latest e02e811dd08f 2 months ago 1.09 MB - golang 1.7.0 138c2e655421 4 months ago 670 MB - - $ docker image prune -a --force --filter "until=240h" - - Deleted Images: - untagged: golang:1.7.0 - untagged: golang@sha256:6765038c2b8f407fd6e3ecea043b44580c229ccfa2a13f6d85866cf2b4a9628e - deleted: sha256:138c2e6554219de65614d88c15521bfb2da674cbb0bf840de161f89ff4264b96 - deleted: sha256:ec353c2e1a673f456c4b78906d0d77f9d9456cfb5229b78c6a960bfb7496b76a - deleted: sha256:fe22765feaf3907526b4921c73ea6643ff9e334497c9b7e177972cf22f68ee93 - deleted: sha256:ff845959c80148421a5c3ae11cc0e6c115f950c89bc949646be55ed18d6a2912 - deleted: sha256:a4320831346648c03db64149eafc83092e2b34ab50ca6e8c13112388f25899a7 - deleted: sha256:4c76020202ee1d9709e703b7c6de367b325139e74eebd6b55b30a63c196abaf3 - deleted: sha256:d7afd92fb07236c8a2045715a86b7d5f0066cef025018cd3ca9a45498c51d1d6 - deleted: sha256:9e63c5bce4585dd7038d830a1f1f4e44cb1a1515b00e620ac718e934b484c938 - untagged: debian:jessie - untagged: debian@sha256:c1af755d300d0c65bb1194d24bce561d70c98a54fb5ce5b1693beb4f7988272f - deleted: sha256:7b0a06c805e8f23807fb8856621c60851727e85c7bcb751012c813f122734c8d - deleted: sha256:f96222d75c5563900bc4dd852179b720a0885de8f7a0619ba0ac76e92542bbc8 - - Total reclaimed space: 792.6 MB - - $ docker images - - REPOSITORY TAG IMAGE ID CREATED SIZE - foo latest 2f287ac753da About a minute ago 3.98 MB - alpine latest 88e169ea8f46 8 days ago 3.98 MB - busybox latest e02e811dd08f 2 months ago 1.09 MB - ``` - - The following example removes images with the label `deprecated`: - - ```bash - $ docker image prune --filter="label=deprecated" - ``` - - The following example removes images with the label `maintainer` set to `john`: - - ```bash - $ docker image prune --filter="label=maintainer=john" - ``` - - This example removes images which have no `maintainer` label: - - ```bash - $ docker image prune --filter="label!=maintainer" - ``` - - This example removes images which have a maintainer label not set to `john`: - - ```bash - $ docker image prune --filter="label!=maintainer=john" - ``` - - > **Note**: You are prompted for confirmation before the `prune` removes - > anything, but you are not shown a list of what will potentially be removed. - > In addition, `docker image ls` does not support negative filtering, so it - > difficult to predict what images will actually be removed. -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_pull.yaml b/_data/engine-cli-edge/docker_image_pull.yaml deleted file mode 100644 index 0b70ac118e..0000000000 --- a/_data/engine-cli-edge/docker_image_pull.yaml +++ /dev/null @@ -1,41 +0,0 @@ -command: docker image pull -short: Pull an image or a repository from a registry -long: Pull an image or a repository from a registry -usage: docker image pull [OPTIONS] NAME[:TAG|@DIGEST] -pname: docker image -plink: docker_image.yaml -options: -- option: all-tags - shorthand: a - value_type: bool - default_value: "false" - description: Download all tagged images in the repository - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image verification - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: platform - value_type: string - description: Set platform if server is multi-platform capable - deprecated: false - min_api_version: "1.32" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_push.yaml b/_data/engine-cli-edge/docker_image_push.yaml deleted file mode 100644 index b4f5f22b86..0000000000 --- a/_data/engine-cli-edge/docker_image_push.yaml +++ /dev/null @@ -1,22 +0,0 @@ -command: docker image push -short: Push an image or a repository to a registry -long: Push an image or a repository to a registry -usage: docker image push [OPTIONS] NAME[:TAG] -pname: docker image -plink: docker_image.yaml -options: -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image signing - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_rm.yaml b/_data/engine-cli-edge/docker_image_rm.yaml deleted file mode 100644 index c60a498429..0000000000 --- a/_data/engine-cli-edge/docker_image_rm.yaml +++ /dev/null @@ -1,33 +0,0 @@ -command: docker image rm -aliases: rmi, remove -short: Remove one or more images -long: Remove one or more images -usage: docker image rm [OPTIONS] IMAGE [IMAGE...] -pname: docker image -plink: docker_image.yaml -options: -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Force removal of the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-prune - value_type: bool - default_value: "false" - description: Do not delete untagged parents - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_save.yaml b/_data/engine-cli-edge/docker_image_save.yaml deleted file mode 100644 index 1fbdbb1a05..0000000000 --- a/_data/engine-cli-edge/docker_image_save.yaml +++ /dev/null @@ -1,22 +0,0 @@ -command: docker image save -short: Save one or more images to a tar archive (streamed to STDOUT by default) -long: Save one or more images to a tar archive (streamed to STDOUT by default) -usage: docker image save [OPTIONS] IMAGE [IMAGE...] -pname: docker image -plink: docker_image.yaml -options: -- option: output - shorthand: o - value_type: string - description: Write to a file, instead of STDOUT - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_image_tag.yaml b/_data/engine-cli-edge/docker_image_tag.yaml deleted file mode 100644 index 3830ef1b8d..0000000000 --- a/_data/engine-cli-edge/docker_image_tag.yaml +++ /dev/null @@ -1,12 +0,0 @@ -command: docker image tag -short: Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE -long: Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE -usage: docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] -pname: docker image -plink: docker_image.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_images.yaml b/_data/engine-cli-edge/docker_images.yaml deleted file mode 100644 index 1777872ac9..0000000000 --- a/_data/engine-cli-edge/docker_images.yaml +++ /dev/null @@ -1,370 +0,0 @@ -command: docker images -short: List images -long: |- - The default `docker images` will show all top level - images, their repository and tags, and their size. - - Docker images have intermediate layers that increase reusability, - decrease disk usage, and speed up `docker build` by - allowing each step to be cached. These intermediate layers are not shown - by default. - - The `SIZE` is the cumulative space taken up by the image and all - its parent images. This is also the disk space used by the contents of the - Tar file created when you `docker save` an image. - - An image will be listed more than once if it has multiple repository names - or tags. This single image (identifiable by its matching `IMAGE ID`) - uses up the `SIZE` listed only once. -usage: docker images [OPTIONS] [REPOSITORY[:TAG]] -pname: docker -plink: docker.yaml -options: -- option: all - shorthand: a - value_type: bool - default_value: "false" - description: Show all images (default hides intermediate images) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: digests - value_type: bool - default_value: "false" - description: Show digests - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print images using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Don't truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only show numeric IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### List the most recently created images - - ```bash - $ docker images - - REPOSITORY TAG IMAGE ID CREATED SIZE - 77af4d6b9913 19 hours ago 1.089 GB - committ latest b6fa739cedf5 19 hours ago 1.089 GB - 78a85c484f71 19 hours ago 1.089 GB - docker latest 30557a29d5ab 20 hours ago 1.089 GB - 5ed6274db6ce 24 hours ago 1.089 GB - postgres 9 746b819f315e 4 days ago 213.4 MB - postgres 9.3 746b819f315e 4 days ago 213.4 MB - postgres 9.3.5 746b819f315e 4 days ago 213.4 MB - postgres latest 746b819f315e 4 days ago 213.4 MB - ``` - - ### List images by name and tag - - The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument - that restricts the list to images that match the argument. If you specify - `REPOSITORY`but no `TAG`, the `docker images` command lists all images in the - given repository. - - For example, to list all images in the "java" repository, run this command : - - ```bash - $ docker images java - - REPOSITORY TAG IMAGE ID CREATED SIZE - java 8 308e519aac60 6 days ago 824.5 MB - java 7 493d82594c15 3 months ago 656.3 MB - java latest 2711b1d6f3aa 5 months ago 603.9 MB - ``` - - The `[REPOSITORY[:TAG]]` value must be an "exact match". This means that, for example, - `docker images jav` does not match the image `java`. - - If both `REPOSITORY` and `TAG` are provided, only images matching that - repository and tag are listed. To find all local images in the "java" - repository with tag "8" you can use: - - ```bash - $ docker images java:8 - - REPOSITORY TAG IMAGE ID CREATED SIZE - java 8 308e519aac60 6 days ago 824.5 MB - ``` - - If nothing matches `REPOSITORY[:TAG]`, the list is empty. - - ```bash - $ docker images java:0 - - REPOSITORY TAG IMAGE ID CREATED SIZE - ``` - - ### List the full length image IDs - - ```bash - $ docker images --no-trunc - - REPOSITORY TAG IMAGE ID CREATED SIZE - sha256:77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB - committest latest sha256:b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB - sha256:78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB - docker latest sha256:30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB - sha256:0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB - sha256:18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB - sha256:f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB - tryout latest sha256:2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB - sha256:5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB - ``` - - ### List image digests - - Images that use the v2 or later format have a content-addressable identifier - called a `digest`. As long as the input used to generate the image is - unchanged, the digest value is predictable. To list image digest values, use - the `--digests` flag: - - ```bash - $ docker images --digests - REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE - localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB - ``` - - When pushing or pulling to a 2.0 registry, the `push` or `pull` command - output includes the image digest. You can `pull` using a digest value. You can - also reference by digest in `create`, `run`, and `rmi` commands, as well as the - `FROM` image reference in a Dockerfile. - - ### Filtering - - The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more - than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - - The currently supported filters are: - - * dangling (boolean - true or false) - * label (`label=` or `label==`) - * before (`[:]`, `` or ``) - filter images created before given id or references - * since (`[:]`, `` or ``) - filter images created since given id or references - * reference (pattern of an image reference) - filter images whose reference matches the specified pattern - - #### Show untagged images (dangling) - - ```bash - $ docker images --filter "dangling=true" - - REPOSITORY TAG IMAGE ID CREATED SIZE - 8abc22fbb042 4 weeks ago 0 B - 48e5f45168b9 4 weeks ago 2.489 MB - bf747efa0e2f 4 weeks ago 0 B - 980fe10e5736 12 weeks ago 101.4 MB - dea752e4e117 12 weeks ago 101.4 MB - 511136ea3c5a 8 months ago 0 B - ``` - - This will display untagged images that are the leaves of the images tree (not - intermediary layers). These images occur when a new build of an image takes the - `repo:tag` away from the image ID, leaving it as `:` or untagged. - A warning will be issued if trying to remove an image when a container is presently - using it. By having this flag it allows for batch cleanup. - - You can use this in conjunction with `docker rmi ...`: - - ```bash - $ docker rmi $(docker images -f "dangling=true" -q) - - 8abc22fbb042 - 48e5f45168b9 - bf747efa0e2f - 980fe10e5736 - dea752e4e117 - 511136ea3c5a - ``` - - > **Note**: Docker warns you if any containers exist that are using these - > untagged images. - - - #### Show images with a given label - - The `label` filter matches images based on the presence of a `label` alone or a `label` and a - value. - - The following filter matches images with the `com.example.version` label regardless of its value. - - ```bash - $ docker images --filter "label=com.example.version" - - REPOSITORY TAG IMAGE ID CREATED SIZE - match-me-1 latest eeae25ada2aa About a minute ago 188.3 MB - match-me-2 latest dea752e4e117 About a minute ago 188.3 MB - ``` - - The following filter matches images with the `com.example.version` label with the `1.0` value. - - ```bash - $ docker images --filter "label=com.example.version=1.0" - - REPOSITORY TAG IMAGE ID CREATED SIZE - match-me latest 511136ea3c5a About a minute ago 188.3 MB - ``` - - In this example, with the `0.1` value, it returns an empty set because no matches were found. - - ```bash - $ docker images --filter "label=com.example.version=0.1" - REPOSITORY TAG IMAGE ID CREATED SIZE - ``` - - #### Filter images by time - - The `before` filter shows only images created before the image with - given id or reference. For example, having these images: - - ```bash - $ docker images - - REPOSITORY TAG IMAGE ID CREATED SIZE - image1 latest eeae25ada2aa 4 minutes ago 188.3 MB - image2 latest dea752e4e117 9 minutes ago 188.3 MB - image3 latest 511136ea3c5a 25 minutes ago 188.3 MB - ``` - - Filtering with `before` would give: - - ```bash - $ docker images --filter "before=image1" - - REPOSITORY TAG IMAGE ID CREATED SIZE - image2 latest dea752e4e117 9 minutes ago 188.3 MB - image3 latest 511136ea3c5a 25 minutes ago 188.3 MB - ``` - - Filtering with `since` would give: - - ```bash - $ docker images --filter "since=image3" - REPOSITORY TAG IMAGE ID CREATED SIZE - image1 latest eeae25ada2aa 4 minutes ago 188.3 MB - image2 latest dea752e4e117 9 minutes ago 188.3 MB - ``` - - #### Filter images by reference - - The `reference` filter shows only images whose reference matches - the specified pattern. - - ```bash - $ docker images - - REPOSITORY TAG IMAGE ID CREATED SIZE - busybox latest e02e811dd08f 5 weeks ago 1.09 MB - busybox uclibc e02e811dd08f 5 weeks ago 1.09 MB - busybox musl 733eb3059dce 5 weeks ago 1.21 MB - busybox glibc 21c16b6787c6 5 weeks ago 4.19 MB - ``` - - Filtering with `reference` would give: - - ```bash - $ docker images --filter=reference='busy*:*libc' - - REPOSITORY TAG IMAGE ID CREATED SIZE - busybox uclibc e02e811dd08f 5 weeks ago 1.09 MB - busybox glibc 21c16b6787c6 5 weeks ago 4.19 MB - ``` - - ### Format the output - - The formatting option (`--format`) will pretty print container output - using a Go template. - - Valid placeholders for the Go template are listed below: - - | Placeholder | Description| - | ---- | ---- | - | `.ID` | Image ID | - | `.Repository` | Image repository | - | `.Tag` | Image tag | - | `.Digest` | Image digest | - | `.CreatedSince` | Elapsed time since the image was created | - | `.CreatedAt` | Time when the image was created | - | `.Size` | Image disk size | - - When using the `--format` option, the `image` command will either - output the data exactly as the template declares or, when using the - `table` directive, will include column headers as well. - - The following example uses a template without headers and outputs the - `ID` and `Repository` entries separated by a colon for all images: - - ```bash - $ docker images --format "{{.ID}}: {{.Repository}}" - - 77af4d6b9913: - b6fa739cedf5: committ - 78a85c484f71: - 30557a29d5ab: docker - 5ed6274db6ce: - 746b819f315e: postgres - 746b819f315e: postgres - 746b819f315e: postgres - 746b819f315e: postgres - ``` - - To list all images with their repository and tag in a table format you - can use: - - ```bash - $ docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}" - - IMAGE ID REPOSITORY TAG - 77af4d6b9913 - b6fa739cedf5 committ latest - 78a85c484f71 - 30557a29d5ab docker latest - 5ed6274db6ce - 746b819f315e postgres 9 - 746b819f315e postgres 9.3 - 746b819f315e postgres 9.3.5 - 746b819f315e postgres latest - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_import.yaml b/_data/engine-cli-edge/docker_import.yaml deleted file mode 100644 index b80b96792a..0000000000 --- a/_data/engine-cli-edge/docker_import.yaml +++ /dev/null @@ -1,88 +0,0 @@ -command: docker import -short: Import the contents from a tarball to create a filesystem image -long: |- - You can specify a `URL` or `-` (dash) to take data directly from `STDIN`. The - `URL` can point to an archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) - containing a filesystem or to an individual file on the Docker host. If you - specify an archive, Docker untars it in the container relative to the `/` - (root). If you specify an individual file, you must specify the full path within - the host. To import from a remote location, specify a `URI` that begins with the - `http://` or `https://` protocol. - - The `--change` option will apply `Dockerfile` instructions to the image - that is created. - Supported `Dockerfile` instructions: - `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` -usage: docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]] -pname: docker -plink: docker.yaml -options: -- option: change - shorthand: c - value_type: list - description: Apply Dockerfile instruction to the created image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: message - shorthand: m - value_type: string - description: Set commit message for imported image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Import from a remote location - - This will create a new untagged image. - - ```bash - $ docker import http://example.com/exampleimage.tgz - ``` - - ### Import from a local file - - - Import to docker via pipe and `STDIN`. - - ```bash - $ cat exampleimage.tgz | docker import - exampleimagelocal:new - ``` - - - Import with a commit message. - - ```bash - $ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new - ``` - - - Import to docker from a local archive. - - ```bash - $ docker import /path/to/exampleimage.tgz - ``` - - ### Import from a local directory - - ```bash - $ sudo tar -c . | docker import - exampleimagedir - ``` - - ### Import from a local directory with new configurations - - ```bash - $ sudo tar -c . | docker import --change "ENV DEBUG true" - exampleimagedir - ``` - - Note the `sudo` in this example – you must preserve - the ownership of the files (especially root ownership) during the - archiving with tar. If you are not root (or the sudo command) when you - tar, then the ownerships might not get preserved. -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_info.yaml b/_data/engine-cli-edge/docker_info.yaml deleted file mode 100644 index 39af472a3e..0000000000 --- a/_data/engine-cli-edge/docker_info.yaml +++ /dev/null @@ -1,236 +0,0 @@ -command: docker info -short: Display system-wide information -long: |- - This command displays system wide information regarding the Docker installation. - Information displayed includes the kernel version, number of containers and images. - The number of images shown is the number of unique images. The same image tagged - under different names is counted only once. - - If a format is specified, the given template will be executed instead of the - default format. Go's [text/template](http://golang.org/pkg/text/template/) package - describes all the details of the format. - - Depending on the storage driver in use, additional information can be shown, such - as pool name, data file, metadata file, data space used, total data space, metadata - space used, and total metadata space. - - The data file is where the images are stored and the metadata file is where the - meta data regarding those images are stored. When run for the first time Docker - allocates a certain amount of data space and meta data space from the space - available on the volume where `/var/lib/docker` is mounted. -usage: docker info [OPTIONS] -pname: docker -plink: docker.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Show output - - The example below shows the output for a daemon running on Red Hat Enterprise Linux, - using the `devicemapper` storage driver. As can be seen in the output, additional - information about the `devicemapper` storage driver is shown: - - ```bash - $ docker info - - Containers: 14 - Running: 3 - Paused: 1 - Stopped: 10 - Images: 52 - Server Version: 1.10.3 - Storage Driver: devicemapper - Pool Name: docker-202:2-25583803-pool - Pool Blocksize: 65.54 kB - Base Device Size: 10.74 GB - Backing Filesystem: xfs - Data file: /dev/loop0 - Metadata file: /dev/loop1 - Data Space Used: 1.68 GB - Data Space Total: 107.4 GB - Data Space Available: 7.548 GB - Metadata Space Used: 2.322 MB - Metadata Space Total: 2.147 GB - Metadata Space Available: 2.145 GB - Udev Sync Supported: true - Deferred Removal Enabled: false - Deferred Deletion Enabled: false - Deferred Deleted Device Count: 0 - Data loop file: /var/lib/docker/devicemapper/devicemapper/data - Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata - Library Version: 1.02.107-RHEL7 (2015-12-01) - Execution Driver: native-0.2 - Logging Driver: json-file - Plugins: - Volume: local - Network: null host bridge - Kernel Version: 3.10.0-327.el7.x86_64 - Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo) - OSType: linux - Architecture: x86_64 - CPUs: 1 - Total Memory: 991.7 MiB - Name: ip-172-30-0-91.ec2.internal - ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S - Docker Root Dir: /var/lib/docker - Debug mode (client): false - Debug mode (server): false - Username: gordontheturtle - Registry: https://index.docker.io/v1/ - Insecure registries: - myinsecurehost:5000 - 127.0.0.0/8 - ``` - - ### Show debugging output - - Here is a sample output for a daemon running on Ubuntu, using the overlay2 - storage driver and a node that is part of a 2-node swarm: - - ```bash - $ docker -D info - - Containers: 14 - Running: 3 - Paused: 1 - Stopped: 10 - Images: 52 - Server Version: 1.13.0 - Storage Driver: overlay2 - Backing Filesystem: extfs - Supports d_type: true - Native Overlay Diff: false - Logging Driver: json-file - Cgroup Driver: cgroupfs - Plugins: - Volume: local - Network: bridge host macvlan null overlay - Swarm: active - NodeID: rdjq45w1op418waxlairloqbm - Is Manager: true - ClusterID: te8kdyw33n36fqiz74bfjeixd - Managers: 1 - Nodes: 2 - Orchestration: - Task History Retention Limit: 5 - Raft: - Snapshot Interval: 10000 - Number of Old Snapshots to Retain: 0 - Heartbeat Tick: 1 - Election Tick: 3 - Dispatcher: - Heartbeat Period: 5 seconds - CA Configuration: - Expiry Duration: 3 months - Root Rotation In Progress: false - Node Address: 172.16.66.128 172.16.66.129 - Manager Addresses: - 172.16.66.128:2477 - Runtimes: runc - Default Runtime: runc - Init Binary: docker-init - containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531 - runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2 - init version: N/A (expected: v0.13.0) - Security Options: - apparmor - seccomp - Profile: default - Kernel Version: 4.4.0-31-generic - Operating System: Ubuntu 16.04.1 LTS - OSType: linux - Architecture: x86_64 - CPUs: 2 - Total Memory: 1.937 GiB - Name: ubuntu - ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326 - Docker Root Dir: /var/lib/docker - Debug Mode (client): true - Debug Mode (server): true - File Descriptors: 30 - Goroutines: 123 - System Time: 2016-11-12T17:24:37.955404361-08:00 - EventsListeners: 0 - Http Proxy: http://test:test@proxy.example.com:8080 - Https Proxy: https://test:test@proxy.example.com:8080 - No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com - Registry: https://index.docker.io/v1/ - WARNING: No swap limit support - Labels: - storage=ssd - staging=true - Experimental: false - Insecure Registries: - 127.0.0.0/8 - Registry Mirrors: - http://192.168.1.2/ - http://registry-mirror.example.com:5000/ - Live Restore Enabled: false - ``` - - The global `-D` option causes all `docker` commands to output debug information. - - ### Format the output - - You can also specify the output format: - - ```bash - $ docker info --format '{{json .}}' - - {"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} - ``` - - ### Run `docker info` on Windows - - Here is a sample output for a daemon running on Windows Server 2016: - - ```none - E:\docker>docker info - - Containers: 1 - Running: 0 - Paused: 0 - Stopped: 1 - Images: 17 - Server Version: 1.13.0 - Storage Driver: windowsfilter - Windows: - Logging Driver: json-file - Plugins: - Volume: local - Network: nat null overlay - Swarm: inactive - Default Isolation: process - Kernel Version: 10.0 14393 (14393.206.amd64fre.rs1_release.160912-1937) - Operating System: Windows Server 2016 Datacenter - OSType: windows - Architecture: x86_64 - CPUs: 8 - Total Memory: 3.999 GiB - Name: WIN-V0V70C0LU5P - ID: NYMS:B5VK:UMSL:FVDZ:EWB5:FKVK:LPFL:FJMQ:H6FT:BZJ6:L2TD:XH62 - Docker Root Dir: C:\control - Debug Mode (client): false - Debug Mode (server): false - Registry: https://index.docker.io/v1/ - Insecure Registries: - 127.0.0.0/8 - Registry Mirrors: - http://192.168.1.2/ - http://registry-mirror.example.com:5000/ - Live Restore Enabled: false - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_inspect.yaml b/_data/engine-cli-edge/docker_inspect.yaml deleted file mode 100644 index 675803b038..0000000000 --- a/_data/engine-cli-edge/docker_inspect.yaml +++ /dev/null @@ -1,104 +0,0 @@ -command: docker inspect -short: Return low-level information on Docker objects -long: |- - Docker inspect provides detailed information on constructs controlled by Docker. - - By default, `docker inspect` will render results in a JSON array. -usage: docker inspect [OPTIONS] NAME|ID [NAME|ID...] -pname: docker -plink: docker.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: size - shorthand: s - value_type: bool - default_value: "false" - description: Display total file sizes if the type is container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: type - value_type: string - description: Return JSON for specified type - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Get an instance's IP address - - For the most part, you can pick out any field from the JSON in a fairly - straightforward manner. - - ```bash - $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $INSTANCE_ID - ``` - - ### Get an instance's MAC address - - ```bash - $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID - ``` - - ### Get an instance's log path - - ```bash - $ docker inspect --format='{{.LogPath}}' $INSTANCE_ID - ``` - - ### Get an instance's image name - - ```bash - $ docker inspect --format='{{.Config.Image}}' $INSTANCE_ID - ``` - - ### List all port bindings - - You can loop over arrays and maps in the results to produce simple text - output: - - ```bash - $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID - ``` - - ### Find a specific port mapping - - The `.Field` syntax doesn't work when the field name begins with a - number, but the template language's `index` function does. The - `.NetworkSettings.Ports` section contains a map of the internal port - mappings to a list of external address/port objects. To grab just the - numeric public port, you use `index` to find the specific port map, and - then `index` 0 contains the first object inside of that. Then we ask for - the `HostPort` field to get the public address. - - ```bash - $ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID - ``` - - ### Get a subsection in JSON format - - If you request a field which is itself a structure containing other - fields, by default you get a Go-style dump of the inner values. - Docker adds a template function, `json`, which can be applied to get - results in JSON format. - - ```bash - $ docker inspect --format='{{json .Config}}' $INSTANCE_ID - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_kill.yaml b/_data/engine-cli-edge/docker_kill.yaml deleted file mode 100644 index cb12ba7d1d..0000000000 --- a/_data/engine-cli-edge/docker_kill.yaml +++ /dev/null @@ -1,62 +0,0 @@ -command: docker kill -short: Kill one or more running containers -long: |- - The `docker kill` subcommand kills one or more containers. The main process - inside the container is sent `SIGKILL` signal (default), or the signal that is - specified with the `--signal` option. You can kill a container using the - container's ID, ID-prefix, or name. - - > **Note**: `ENTRYPOINT` and `CMD` in the *shell* form run as a subcommand of - > `/bin/sh -c`, which does not pass signals. This means that the executable is - > not the container’s PID 1 and does not receive Unix signals. -usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] -pname: docker -plink: docker.yaml -options: -- option: signal - shorthand: s - value_type: string - default_value: KILL - description: Signal to send to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Send a KILL signal to a container - - The following example sends the default `KILL` signal to the container named - `my_container`: - - ```bash - $ docker kill my_container - ``` - - ### Send a custom signal to a container - - The following example sends a `SIGHUP` signal to the container named - `my_container`: - - ```bash - $ docker kill --signal=SIGHUP my_container - ``` - - - You can specify a custom signal either by _name_, or _number_. The `SIG` prefix - is optional, so the following examples are equivalent: - - ```bash - $ docker kill --signal=SIGHUP my_container - $ docker kill --signal=HUP my_container - $ docker kill --signal=1 my_container - ``` - - Refer to the [`signal(7)`](http://man7.org/linux/man-pages/man7/signal.7.html) - man-page for a list of standard Linux signals. -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_load.yaml b/_data/engine-cli-edge/docker_load.yaml deleted file mode 100644 index 6c78f498e0..0000000000 --- a/_data/engine-cli-edge/docker_load.yaml +++ /dev/null @@ -1,62 +0,0 @@ -command: docker load -short: Load an image from a tar archive or STDIN -long: |- - Load an image or repository from a tar archive (even if compressed with gzip, - bzip2, or xz) from a file or STDIN. It restores both images and tags. -usage: docker load [OPTIONS] -pname: docker -plink: docker.yaml -options: -- option: input - shorthand: i - value_type: string - description: Read from tar archive file, instead of STDIN - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Suppress the load output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker image ls - - REPOSITORY TAG IMAGE ID CREATED SIZE - - $ docker load < busybox.tar.gz - - Loaded image: busybox:latest - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - - $ docker load --input fedora.tar - - Loaded image: fedora:rawhide - - Loaded image: fedora:20 - - $ docker images - - REPOSITORY TAG IMAGE ID CREATED SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - fedora rawhide 0d20aec6529d 7 weeks ago 387 MB - fedora 20 58394af37342 7 weeks ago 385.5 MB - fedora heisenbug 58394af37342 7 weeks ago 385.5 MB - fedora latest 58394af37342 7 weeks ago 385.5 MB - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_login.yaml b/_data/engine-cli-edge/docker_login.yaml deleted file mode 100644 index c86ba0b06c..0000000000 --- a/_data/engine-cli-edge/docker_login.yaml +++ /dev/null @@ -1,107 +0,0 @@ -command: docker login -short: Log in to a Docker registry -long: "Login to a registry.\n\n### Login to a self-hosted registry\n\nIf you want - to login to a self-hosted registry you can specify this by\nadding the server name.\n\n```bash\n$ - docker login localhost:8080\n```\n\n### Provide a password using STDIN\n\nTo run - the `docker login` command non-interactively, you can set the\n`--password-stdin` - flag to provide a password through `STDIN`. Using\n`STDIN` prevents the password - from ending up in the shell's history,\nor log-files.\n\nThe following example reads - a password from a file, and passes it to the\n`docker login` command using `STDIN`:\n\n```bash\n$ - cat ~/my_password.txt | docker login --username foo --password-stdin\n```\n\n### - Privileged user requirement\n\n`docker login` requires user to use `sudo` or be - `root`, except when:\n\n1. connecting to a remote daemon, such as a `docker-machine` - provisioned `docker engine`.\n2. user is added to the `docker` group. This will - impact the security of your system; the `docker` group is `root` equivalent. See - [Docker Daemon Attack Surface](https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface) - for details.\n\nYou can log into any public or private repository for which you - have\ncredentials. When you log in, the command stores credentials in\n`$HOME/.docker/config.json` - on Linux or `%USERPROFILE%/.docker/config.json` on\nWindows, via the procedure described - below.\n\n### Credentials store\n\nThe Docker Engine can keep user credentials in - an external credentials store,\nsuch as the native keychain of the operating system. - Using an external store\nis more secure than storing credentials in the Docker configuration - file.\n\nTo use a credentials store, you need an external helper program to interact\nwith - a specific keychain or external store. Docker requires the helper\nprogram to be - in the client's host `$PATH`.\n\nThis is the list of currently available credentials - helpers and where\nyou can download them from:\n\n- D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases\n- - Apple macOS keychain: https://github.com/docker/docker-credential-helpers/releases\n- - Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases\n- - [pass](https://www.passwordstore.org/): https://github.com/docker/docker-credential-helpers/releases\n\nYou - need to specify the credentials store in `$HOME/.docker/config.json`\nto tell the - docker engine to use it. The value of the config property should be\nthe suffix - of the program to use (i.e. everything after `docker-credential-`).\nFor example, - to use `docker-credential-osxkeychain`:\n\n```json\n{\n\t\"credsStore\": \"osxkeychain\"\n}\n```\n\nIf - you are currently logged in, run `docker logout` to remove\nthe credentials from - the file and run `docker login` again.\n\n### Default behavior\n\nBy default, Docker - looks for the native binary on each of the platforms, i.e.\n\"osxkeychain\" on macOS, - \"wincred\" on windows, and \"pass\" on Linux. A special\ncase is that on Linux, - Docker will fall back to the \"secretservice\" binary if\nit cannot find the \"pass\" - binary. If none of these binaries are present, it\nstores the credentials (i.e. - password) in base64 encoding in the config files\ndescribed above.\n\n### Credential - helper protocol\n\nCredential helpers can be any program or script that follows - a very simple protocol.\nThis protocol is heavily inspired by Git, but it differs - in the information shared.\n\nThe helpers always use the first argument in the command - to identify the action.\nThere are only three possible values for that argument: - `store`, `get`, and `erase`.\n\nThe `store` command takes a JSON payload from the - standard input. That payload carries\nthe server address, to identify the credential, - the user name, and either a password\nor an identity token.\n\n```json\n{\n\t\"ServerURL\": - \"https://index.docker.io/v1\",\n\t\"Username\": \"david\",\n\t\"Secret\": \"passw0rd1\"\n}\n```\n\nIf - the secret being stored is an identity token, the Username should be set to\n``.\n\nThe - `store` command can write error messages to `STDOUT` that the docker engine\nwill - show if there was an issue.\n\nThe `get` command takes a string payload from the - standard input. That payload carries\nthe server address that the docker engine - needs credentials for. This is\nan example of that payload: `https://index.docker.io/v1`.\n\nThe - `get` command writes a JSON payload to `STDOUT`. Docker reads the user name\nand - password from this payload:\n\n```json\n{\n\t\"Username\": \"david\",\n\t\"Secret\": - \"passw0rd1\"\n}\n```\n\nThe `erase` command takes a string payload from `STDIN`. - That payload carries\nthe server address that the docker engine wants to remove - credentials for. This is\nan example of that payload: `https://index.docker.io/v1`.\n\nThe - `erase` command can write error messages to `STDOUT` that the docker engine\nwill - show if there was an issue.\n\n### Credential helpers\n\nCredential helpers are - similar to the credential store above, but act as the\ndesignated programs to handle - credentials for *specific registries*. The default\ncredential store (`credsStore` - or the config file itself) will not be used for\noperations concerning credentials - of the specified registries.\n\n### Logging out\n\nIf you are currently logged in, - run `docker logout` to remove\nthe credentials from the default store.\n\nCredential - helpers are specified in a similar way to `credsStore`, but\nallow for multiple - helpers to be configured at a time. Keys specify the\nregistry domain, and values - specify the suffix of the program to use\n(i.e. everything after `docker-credential-`).\nFor - example:\n\n```json\n{\n \"credHelpers\": {\n \"registry.example.com\": \"registryhelper\",\n - \ \"awesomereg.example.org\": \"hip-star\",\n \"unicorn.example.io\": \"vcbait\"\n - \ }\n}\n```" -usage: docker login [OPTIONS] [SERVER] -pname: docker -plink: docker.yaml -options: -- option: password - shorthand: p - value_type: string - description: Password - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: password-stdin - value_type: bool - default_value: "false" - description: Take the password from stdin - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: username - shorthand: u - value_type: string - description: Username - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_logout.yaml b/_data/engine-cli-edge/docker_logout.yaml deleted file mode 100644 index 2c4f41b645..0000000000 --- a/_data/engine-cli-edge/docker_logout.yaml +++ /dev/null @@ -1,16 +0,0 @@ -command: docker logout -short: Log out from a Docker registry -long: Log out from a Docker registry -usage: docker logout [SERVER] -pname: docker -plink: docker.yaml -examples: |- - ```bash - $ docker logout localhost:8080 - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_logs.yaml b/_data/engine-cli-edge/docker_logs.yaml deleted file mode 100644 index 8750eee686..0000000000 --- a/_data/engine-cli-edge/docker_logs.yaml +++ /dev/null @@ -1,119 +0,0 @@ -command: docker logs -short: Fetch the logs of a container -long: |- - The `docker logs` command batch-retrieves logs present at the time of execution. - - > **Note**: this command is only functional for containers that are started with - > the `json-file` or `journald` logging driver. - - For more information about selecting and configuring logging drivers, refer to - [Configure logging drivers](https://docs.docker.com/engine/admin/logging/overview/). - - The `docker logs --follow` command will continue streaming the new output from - the container's `STDOUT` and `STDERR`. - - Passing a negative number or a non-integer to `--tail` is invalid and the - value is set to `all` in that case. - - The `docker logs --timestamps` command will add an [RFC3339Nano timestamp](https://golang.org/pkg/time/#pkg-constants) - , for example `2014-09-16T06:17:46.000000000Z`, to each - log entry. To ensure that the timestamps are aligned the - nano-second part of the timestamp will be padded with zero when necessary. - - The `docker logs --details` command will add on extra attributes, such as - environment variables and labels, provided to `--log-opt` when creating the - container. - - The `--since` option shows only the container logs generated after - a given date. You can specify the date as an RFC 3339 date, a UNIX - timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Besides RFC3339 date - format you may also use RFC3339Nano, `2006-01-02T15:04:05`, - `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local - timezone on the client will be used if you do not provide either a `Z` or a - `+-00:00` timezone offset at the end of the timestamp. When providing Unix - timestamps enter seconds[.nanoseconds], where seconds is the number of seconds - that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap - seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a - fraction of a second no more than nine digits long. You can combine the - `--since` option with either or both of the `--follow` or `--tail` options. -usage: docker logs [OPTIONS] CONTAINER -pname: docker -plink: docker.yaml -options: -- option: details - value_type: bool - default_value: "false" - description: Show extra details provided to logs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: follow - shorthand: f - value_type: bool - default_value: "false" - description: Follow log output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: since - value_type: string - description: | - Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tail - value_type: string - default_value: all - description: Number of lines to show from the end of the logs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: timestamps - shorthand: t - value_type: bool - default_value: "false" - description: Show timestamps - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: until - value_type: string - description: | - Show logs before a timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes) - deprecated: false - min_api_version: "1.35" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Retrieve logs until a specific point in time - - In order to retrieve logs before a specific point in time, run: - - ```bash - $ docker run --name test -d busybox sh -c "while true; do $(echo date); sleep 1; done" - $ date - Tue 14 Nov 2017 16:40:00 CET - $ docker logs -f --until=2s - Tue 14 Nov 2017 16:40:00 CET - Tue 14 Nov 2017 16:40:01 CET - Tue 14 Nov 2017 16:40:02 CET - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_manifest.yaml b/_data/engine-cli-edge/docker_manifest.yaml deleted file mode 100644 index 82249e3c7b..0000000000 --- a/_data/engine-cli-edge/docker_manifest.yaml +++ /dev/null @@ -1,133 +0,0 @@ -command: docker manifest -short: Manage Docker image manifests and manifest lists -long: "The `docker manifest` command by itself performs no action. In order to operate\non - a manifest or manifest list, one of the subcommands must be used.\n\nA single manifest - is information about an image, such as layers, size, and digest.\nThe docker manifest - command also gives users additional information such as the os\nand architecture - an image was built for.\n\nA manifest list is a list of image layers that is created - by specifying one or\nmore (ideally more than one) image names. It can then be used - in the same way as\nan image name in `docker pull` and `docker run` commands, for - example.\n\nIdeally a manifest list is created from images that are identical in - function for\ndifferent os/arch combinations. For this reason, manifest lists are - often referred to as\n\"multi-arch images\". However, a user could create a manifest - list that points\nto two images -- one for windows on amd64, and one for darwin - on amd64.\n\n### manifest inspect\n\n```\nmanifest inspect --help\n\nUsage: docker - manifest inspect [OPTIONS] [MANIFEST_LIST] MANIFEST\n\nDisplay an image manifest, - or manifest list\n\nOptions:\n --help Print usage\n --insecure Allow - communication with an insecure registry\n -v, --verbose Output additional info - including layers and platform\n```\n\n### manifest create \n\n```bash\nUsage: docker - manifest create MANIFEST_LIST MANIFEST [MANIFEST...]\n\nCreate a local manifest - list for annotating and pushing to a registry\n\nOptions:\n -a, --amend Amend - an existing manifest list\n --insecure Allow communication with an insecure - registry\n --help Print usage\n```\n\n### manifest annotate\n```bash\nUsage: - \ docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST\n\nAdd additional information - to a local image manifest\n\nOptions:\n --arch string Set architecture\n - \ --help Print usage\n --os string Set - operating system\n --os-features stringSlice Set operating system feature\n - \ --variant string Set architecture variant\n\n```\n\n### manifest - push\n```bash\nUsage: docker manifest push [OPTIONS] MANIFEST_LIST\n\nPush a manifest - list to a repository\n\nOptions:\n --help Print usage\n --insecure - \ Allow push to an insecure registry\n -p, --purge Remove the local manifest - list after push\n```\n\n### Working with insecure registries\n\nThe manifest command - interacts solely with a Docker registry. Because of this, it has no way to query - the engine for the list of allowed insecure registries. To allow the CLI to interact - with an insecure registry, some `docker manifest` commands have an `--insecure` - flag. For each transaction, such as a `create`, which queries a registry, the `--insecure` - flag must be specified. This flag tells the CLI that this registry call may ignore - security concerns like missing or self-signed certificates. Likewise, on a `manifest - push` to an insecure registry, the `--insecure` flag must be specified. If this - is not used with an insecure registry, the manifest command fails to find a registry - that meets the default requirements." -usage: docker manifest COMMAND -pname: docker -plink: docker.yaml -cname: -- docker manifest annotate -- docker manifest create -- docker manifest inspect -- docker manifest push -clink: -- docker_manifest_annotate.yaml -- docker_manifest_create.yaml -- docker_manifest_inspect.yaml -- docker_manifest_push.yaml -examples: "### Inspect an image's manifest object\n \n```bash\n$ docker manifest inspect - hello-world\n{\n \"schemaVersion\": 2,\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n - \ \"config\": {\n \"mediaType\": \"application/vnd.docker.container.image.v1+json\",\n - \ \"size\": 1520,\n \"digest\": \"sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57\"\n - \ },\n \"layers\": [\n {\n \"mediaType\": - \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n \"size\": - 972,\n \"digest\": \"sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28\"\n - \ }\n ]\n}\n```\n\n### Inspect an image's manifest and get - the os/arch info\n\nThe `docker manifest inspect` command takes an optional `--verbose` - flag\nthat gives you the image's name (Ref), and architecture and os (Platform).\n\nJust - as with other docker commands that take image names, you can refer to an image with - or\nwithout a tag, or by digest (e.g. hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f).\n\nHere - is an example of inspecting an image's manifest with the `--verbose` flag:\n\n```bash\n$ - docker manifest inspect --verbose hello-world\n{\n \"Ref\": \"docker.io/library/hello-world:latest\",\n - \ \"Digest\": \"sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f\",\n - \ \"SchemaV2Manifest\": {\n \"schemaVersion\": 2,\n \"mediaType\": - \"application/vnd.docker.distribution.manifest.v2+json\",\n \"config\": - {\n \"mediaType\": \"application/vnd.docker.container.image.v1+json\",\n - \ \"size\": 1520,\n \"digest\": \"sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57\"\n - \ },\n \"layers\": [\n {\n \"mediaType\": - \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n \"size\": - 972,\n \"digest\": \"sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28\"\n - \ }\n ]\n },\n \"Platform\": - {\n \"architecture\": \"amd64\",\n \"os\": \"linux\"\n - \ }\n}\n```\n\n### Create and push a manifest list\n\nTo create a manifest - list, you first `create` the manifest list locally by specifying the constituent - images you would\nlike to have included in your manifest list. Keep in mind that - this is pushed to a registry, so if you want to push\nto a registry other than the - docker registry, you need to create your manifest list with the registry name or - IP and port.\nThis is similar to tagging an image and pushing it to a foreign registry.\n\nAfter - you have created your local copy of the manifest list, you may optionally\n`annotate` - it. Annotations allowed are the architecture and operating system (overriding the - image's current values),\nos features, and an archictecure variant. \n\nFinally, - you need to `push` your manifest list to the desired registry. Below are descriptions - of these three commands,\nand an example putting them all together.\n\n```bash\n$ - docker manifest create 45.55.81.106:5000/coolapp:v1 \\\n 45.55.81.106:5000/coolapp-ppc64le-linux:v1 - \\\n 45.55.81.106:5000/coolapp-arm-linux:v1 \\\n 45.55.81.106:5000/coolapp-amd64-linux:v1 - \\\n 45.55.81.106:5000/coolapp-amd64-windows:v1\nCreated manifest list 45.55.81.106:5000/coolapp:v1\n```\n\n```bash\n$ - docker manifest annotate 45.55.81.106:5000/coolapp:v1 45.55.81.106:5000/coolapp-arm-linux - --arch arm\n```\n\n```bash\n$ docker manifest push 45.55.81.106:5000/coolapp:v1\nPushed - manifest 45.55.81.106:5000/coolapp@sha256:9701edc932223a66e49dd6c894a11db8c2cf4eccd1414f1ec105a623bf16b426 - with digest: sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b\nPushed - manifest 45.55.81.106:5000/coolapp@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f - with digest: sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a\nPushed - manifest 45.55.81.106:5000/coolapp@sha256:39dc41c658cf25f33681a41310372f02728925a54aac3598310bfb1770615fc9 - with digest: sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8\nPushed - manifest 45.55.81.106:5000/coolapp@sha256:f91b1145cd4ac800b28122313ae9e88ac340bb3f1e3a4cd3e59a3648650f3275 - with digest: sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62\nsha256:050b213d49d7673ba35014f21454c573dcbec75254a08f4a7c34f66a47c06aba\n\n```\n\n### - Inspect a manifest list\n\n```bash\n$ docker manifest inspect coolapp:v1\n{\n \"schemaVersion\": - 2,\n \"mediaType\": \"application/vnd.docker.distribution.manifest.list.v2+json\",\n - \ \"manifests\": [\n {\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n - \ \"size\": 424,\n \"digest\": \"sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b\",\n - \ \"platform\": {\n \"architecture\": \"arm\",\n \"os\": - \"linux\"\n }\n },\n {\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n - \ \"size\": 424,\n \"digest\": \"sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a\",\n - \ \"platform\": {\n \"architecture\": \"amd64\",\n \"os\": - \"linux\"\n }\n },\n {\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n - \ \"size\": 425,\n \"digest\": \"sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8\",\n - \ \"platform\": {\n \"architecture\": \"ppc64le\",\n \"os\": - \"linux\"\n }\n },\n {\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n - \ \"size\": 425,\n \"digest\": \"sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62\",\n - \ \"platform\": {\n \"architecture\": \"s390x\",\n \"os\": - \"linux\"\n }\n }\n ]\n}\n```\n\n### Push to an insecure registry\n\nHere - is an example of creating and pushing a manifest list using a known insecure registry.\n\n```\n$ - docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 - \\\n myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \\\n myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 - \\\n myprivateregistry.mycompany.com/repo/image-linux-arm:1.0 \\\n myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0 - \\\n myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \\\n myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0\n```\n```\n$ - docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag\n```\n\nNote - that the `--insecure` flag is not required to annotate a manifest list, since annotations - are to a locally-stored copy of a manifest list. You may also skip the `--insecure` - flag if you are performaing a `docker manifest inspect` on a locally-stored manifest - list. Be sure to keep in mind that locally-stored manifest lists are never used - by the engine on a `docker pull`." -deprecated: false -experimental: false -experimentalcli: true -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_manifest_annotate.yaml b/_data/engine-cli-edge/docker_manifest_annotate.yaml deleted file mode 100644 index c1491c2e6b..0000000000 --- a/_data/engine-cli-edge/docker_manifest_annotate.yaml +++ /dev/null @@ -1,46 +0,0 @@ -command: docker manifest annotate -short: Add additional information to a local image manifest -long: Add additional information to a local image manifest -usage: docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST -pname: docker manifest -plink: docker_manifest.yaml -options: -- option: arch - value_type: string - description: Set architecture - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: os - value_type: string - description: Set operating system - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: os-features - value_type: stringSlice - default_value: '[]' - description: Set operating system feature - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: variant - value_type: string - description: Set architecture variant - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: true -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_manifest_create.yaml b/_data/engine-cli-edge/docker_manifest_create.yaml deleted file mode 100644 index 9bee33d6bd..0000000000 --- a/_data/engine-cli-edge/docker_manifest_create.yaml +++ /dev/null @@ -1,32 +0,0 @@ -command: docker manifest create -short: Create a local manifest list for annotating and pushing to a registry -long: Create a local manifest list for annotating and pushing to a registry -usage: docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...] -pname: docker manifest -plink: docker_manifest.yaml -options: -- option: amend - shorthand: a - value_type: bool - default_value: "false" - description: Amend an existing manifest list - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: insecure - value_type: bool - default_value: "false" - description: Allow communication with an insecure registry - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: true -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_manifest_inspect.yaml b/_data/engine-cli-edge/docker_manifest_inspect.yaml deleted file mode 100644 index 8da0a57b6f..0000000000 --- a/_data/engine-cli-edge/docker_manifest_inspect.yaml +++ /dev/null @@ -1,32 +0,0 @@ -command: docker manifest inspect -short: Display an image manifest, or manifest list -long: Display an image manifest, or manifest list -usage: docker manifest inspect [OPTIONS] [MANIFEST_LIST] MANIFEST -pname: docker manifest -plink: docker_manifest.yaml -options: -- option: insecure - value_type: bool - default_value: "false" - description: Allow communication with an insecure registry - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: verbose - shorthand: v - value_type: bool - default_value: "false" - description: Output additional info including layers and platform - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: true -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_manifest_push.yaml b/_data/engine-cli-edge/docker_manifest_push.yaml deleted file mode 100644 index e286da6aee..0000000000 --- a/_data/engine-cli-edge/docker_manifest_push.yaml +++ /dev/null @@ -1,32 +0,0 @@ -command: docker manifest push -short: Push a manifest list to a repository -long: Push a manifest list to a repository -usage: docker manifest push [OPTIONS] MANIFEST_LIST -pname: docker manifest -plink: docker_manifest.yaml -options: -- option: insecure - value_type: bool - default_value: "false" - description: Allow push to an insecure registry - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: purge - shorthand: p - value_type: bool - default_value: "false" - description: Remove the local manifest list after push - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: true -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_network.yaml b/_data/engine-cli-edge/docker_network.yaml deleted file mode 100644 index 01efb3d902..0000000000 --- a/_data/engine-cli-edge/docker_network.yaml +++ /dev/null @@ -1,30 +0,0 @@ -command: docker network -short: Manage networks -long: |- - Manage networks. You can use subcommands to create, inspect, list, remove, - prune, connect, and disconnect networks. -usage: docker network -pname: docker -plink: docker.yaml -cname: -- docker network connect -- docker network create -- docker network disconnect -- docker network inspect -- docker network ls -- docker network prune -- docker network rm -clink: -- docker_network_connect.yaml -- docker_network_create.yaml -- docker_network_disconnect.yaml -- docker_network_inspect.yaml -- docker_network_ls.yaml -- docker_network_prune.yaml -- docker_network_rm.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_network_connect.yaml b/_data/engine-cli-edge/docker_network_connect.yaml deleted file mode 100644 index 9c2fd43962..0000000000 --- a/_data/engine-cli-edge/docker_network_connect.yaml +++ /dev/null @@ -1,126 +0,0 @@ -command: docker network connect -short: Connect a container to a network -long: |- - Connects a container to a network. You can connect a container by name - or by ID. Once connected, the container can communicate with other containers in - the same network. -usage: docker network connect [OPTIONS] NETWORK CONTAINER -pname: docker network -plink: docker_network.yaml -options: -- option: alias - value_type: stringSlice - default_value: '[]' - description: Add network-scoped alias for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ip - value_type: string - description: IPv4 address (e.g., 172.30.100.104) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ip6 - value_type: string - description: IPv6 address (e.g., 2001:db8::33) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link - value_type: list - description: Add link to another container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link-local-ip - value_type: stringSlice - default_value: '[]' - description: Add a link-local address for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Connect a running container to a network - - ```bash - $ docker network connect multi-host-network container1 - ``` - - ### Connect a container to a network when it starts - - You can also use the `docker run --network=` option to start a container and immediately connect it to a network. - - ```bash - $ docker run -itd --network=multi-host-network busybox - ``` - - ### Specify the IP address a container will use on a given network - - You can specify the IP address you want to be assigned to the container's interface. - - ```bash - $ docker network connect --ip 10.10.36.122 multi-host-network container2 - ``` - - ### Use the legacy `--link` option - - You can use `--link` option to link another container with a preferred alias - - ```bash - $ docker network connect --link container1:c1 multi-host-network container2 - ``` - - ### Create a network alias for a container - - `--alias` option can be used to resolve the container by another name in the network - being connected to. - - ```bash - $ docker network connect --alias db --alias mysql multi-host-network container2 - ``` - - ### Network implications of stopping, pausing, or restarting containers - - You can pause, restart, and stop containers that are connected to a network. - A container connects to its configured networks when it runs. - - If specified, the container's IP address(es) is reapplied when a stopped - container is restarted. If the IP address is no longer available, the container - fails to start. One way to guarantee that the IP address is available is - to specify an `--ip-range` when creating the network, and choose the static IP - address(es) from outside that range. This ensures that the IP address is not - given to another container while this container is not on the network. - - ```bash - $ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network - ``` - - ```bash - $ docker network connect --ip 172.20.128.2 multi-host-network container2 - ``` - - To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network. - - Once connected in network, containers can communicate using only another - container's IP address or name. For `overlay` networks or custom plugins that - support multi-host connectivity, containers connected to the same multi-host - network but launched from different Engines can also communicate in this way. - - You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks. -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_network_create.yaml b/_data/engine-cli-edge/docker_network_create.yaml deleted file mode 100644 index 799e4b3228..0000000000 --- a/_data/engine-cli-edge/docker_network_create.yaml +++ /dev/null @@ -1,343 +0,0 @@ -command: docker network create -short: Create a network -long: |- - Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the - built-in network drivers. If you have installed a third party or your own custom - network driver you can specify that `DRIVER` here also. If you don't specify the - `--driver` option, the command automatically creates a `bridge` network for you. - When you install Docker Engine it creates a `bridge` network automatically. This - network corresponds to the `docker0` bridge that Engine has traditionally relied - on. When you launch a new container with `docker run` it automatically connects to - this bridge network. You cannot remove this default bridge network, but you can - create new ones using the `network create` command. - - ```bash - $ docker network create -d bridge my-bridge-network - ``` - - Bridge networks are isolated networks on a single Engine installation. If you - want to create a network that spans multiple Docker hosts each running an - Engine, you must create an `overlay` network. Unlike `bridge` networks, overlay - networks require some pre-existing conditions before you can create one. These - conditions are: - - * Access to a key-value store. Engine supports Consul, Etcd, and ZooKeeper (Distributed store) key-value stores. - * A cluster of hosts with connectivity to the key-value store. - * A properly configured Engine `daemon` on each host in the cluster. - - The `dockerd` options that support the `overlay` network are: - - * `--cluster-store` - * `--cluster-store-opt` - * `--cluster-advertise` - - To read more about these options and how to configure them, see ["*Get started - with multi-host network*"](https://docs.docker.com/engine/userguide/networking/get-started-overlay). - - While not required, it is a good idea to install Docker Swarm to - manage the cluster that makes up your network. Swarm provides sophisticated - discovery and server management tools that can assist your implementation. - - Once you have prepared the `overlay` network prerequisites you simply choose a - Docker host in the cluster and issue the following to create the network: - - ```bash - $ docker network create -d overlay my-multihost-network - ``` - - Network names must be unique. The Docker daemon attempts to identify naming - conflicts but this is not guaranteed. It is the user's responsibility to avoid - name conflicts. - - ### Overlay network limitations - - You should create overlay networks with `/24` blocks (the default), which limits - you to 256 IP addresses, when you create networks using the default VIP-based - endpoint-mode. This recommendation addresses - [limitations with swarm mode](https://github.com/moby/moby/issues/30820). If you - need more than 256 IP addresses, do not increase the IP block size. You can - either use `dnsrr` endpoint mode with an external load balancer, or use multiple - smaller overlay networks. See - [Configure service discovery](https://docs.docker.com/engine/swarm/networking/#configure-service-discovery) - for more information about different endpoint modes. -usage: docker network create [OPTIONS] NETWORK -pname: docker network -plink: docker_network.yaml -options: -- option: attachable - value_type: bool - default_value: "false" - description: Enable manual container attachment - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: aux-address - value_type: map - default_value: map[] - description: Auxiliary IPv4 or IPv6 addresses used by Network driver - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: config-from - value_type: string - description: The network from which copying the configuration - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: config-only - value_type: bool - default_value: "false" - description: Create a configuration only network - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: driver - shorthand: d - value_type: string - default_value: bridge - description: Driver to manage the Network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: gateway - value_type: stringSlice - default_value: '[]' - description: IPv4 or IPv6 Gateway for the master subnet - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ingress - value_type: bool - default_value: "false" - description: Create swarm routing-mesh network - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: internal - value_type: bool - default_value: "false" - description: Restrict external access to the network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ip-range - value_type: stringSlice - default_value: '[]' - description: Allocate container ip from a sub-range - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ipam-driver - value_type: string - default_value: default - description: IP Address Management Driver - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ipam-opt - value_type: map - default_value: map[] - description: Set IPAM driver specific options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ipv6 - value_type: bool - default_value: "false" - description: Enable IPv6 networking - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label - value_type: list - description: Set metadata on a network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: opt - shorthand: o - value_type: map - default_value: map[] - description: Set driver specific options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: scope - value_type: string - description: Control the network's scope - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: subnet - value_type: stringSlice - default_value: '[]' - description: Subnet in CIDR format that represents a network segment - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Connect containers - - When you start a container, use the `--network` flag to connect it to a network. - This example adds the `busybox` container to the `mynet` network: - - ```bash - $ docker run -itd --network=mynet busybox - ``` - - If you want to add a container to a network after the container is already - running, use the `docker network connect` subcommand. - - You can connect multiple containers to the same network. Once connected, the - containers can communicate using only another container's IP address or name. - For `overlay` networks or custom plugins that support multi-host connectivity, - containers connected to the same multi-host network but launched from different - Engines can also communicate in this way. - - You can disconnect a container from a network using the `docker network - disconnect` command. - - ### Specify advanced options - - When you create a network, Engine creates a non-overlapping subnetwork for the - network by default. This subnetwork is not a subdivision of an existing - network. It is purely for ip-addressing purposes. You can override this default - and specify subnetwork values directly using the `--subnet` option. On a - `bridge` network you can only create a single subnet: - - ```bash - $ docker network create --driver=bridge --subnet=192.168.0.0/16 br0 - ``` - - Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` - options. - - ```bash - $ docker network create \ - --driver=bridge \ - --subnet=172.28.0.0/16 \ - --ip-range=172.28.5.0/24 \ - --gateway=172.28.5.254 \ - br0 - ``` - - If you omit the `--gateway` flag the Engine selects one for you from inside a - preferred pool. For `overlay` networks and for network driver plugins that - support it you can create multiple subnetworks. This example uses two `/25` - subnet mask to adhere to the current guidance of not having more than 256 IPs in - a single overlay network. Each of the subnetworks has 126 usable addresses. - - ```bash - $ docker network create -d overlay \ - --subnet=192.168.1.0/25 \ - --subnet=192.170.2.0/25 \ - --gateway=192.168.1.100 \ - --gateway=192.170.2.100 \ - --aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \ - --aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \ - my-multihost-network - ``` - - Be sure that your subnetworks do not overlap. If they do, the network create - fails and Engine returns an error. - - ### Bridge driver options - - When creating a custom network, the default network driver (i.e. `bridge`) has - additional options that can be passed. The following are those options and the - equivalent docker daemon flags used for docker0 bridge: - - | Option | Equivalent | Description | - |--------------------------------------------------|-------------|-------------------------------------------------------| - | `com.docker.network.bridge.name` | - | bridge name to be used when creating the Linux bridge | - | `com.docker.network.bridge.enable_ip_masquerade` | `--ip-masq` | Enable IP masquerading | - | `com.docker.network.bridge.enable_icc` | `--icc` | Enable or Disable Inter Container Connectivity | - | `com.docker.network.bridge.host_binding_ipv4` | `--ip` | Default IP when binding container ports | - | `com.docker.network.driver.mtu` | `--mtu` | Set the containers network MTU | - - The following arguments can be passed to `docker network create` for any - network driver, again with their approximate equivalents to `docker daemon`. - - | Argument | Equivalent | Description | - |--------------|----------------|--------------------------------------------| - | `--gateway` | - | IPv4 or IPv6 Gateway for the master subnet | - | `--ip-range` | `--fixed-cidr` | Allocate IPs from a range | - | `--internal` | - | Restrict external access to the network | - | `--ipv6` | `--ipv6` | Enable IPv6 networking | - | `--subnet` | `--bip` | Subnet for network | - - For example, let's use `-o` or `--opt` options to specify an IP address binding - when publishing ports: - - ```bash - $ docker network create \ - -o "com.docker.network.bridge.host_binding_ipv4"="172.19.0.1" \ - simple-network - ``` - - ### Network internal mode - - By default, when you connect a container to an `overlay` network, Docker also - connects a bridge network to it to provide external connectivity. If you want - to create an externally isolated `overlay` network, you can specify the - `--internal` option. - - ### Network ingress mode - - You can create the network which will be used to provide the routing-mesh in the - swarm cluster. You do so by specifying `--ingress` when creating the network. Only - one ingress network can be created at the time. The network can be removed only - if no services depend on it. Any option available when creating an overlay network - is also available when creating the ingress network, besides the `--attachable` option. - - ```bash - $ docker network create -d overlay \ - --subnet=10.11.0.0/16 \ - --ingress \ - --opt com.docker.network.driver.mtu=9216 \ - --opt encrypted=true \ - my-ingress-network - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_network_disconnect.yaml b/_data/engine-cli-edge/docker_network_disconnect.yaml deleted file mode 100644 index 507b305660..0000000000 --- a/_data/engine-cli-edge/docker_network_disconnect.yaml +++ /dev/null @@ -1,29 +0,0 @@ -command: docker network disconnect -short: Disconnect a container from a network -long: |- - Disconnects a container from a network. The container must be running to - disconnect it from the network. -usage: docker network disconnect [OPTIONS] NETWORK CONTAINER -pname: docker network -plink: docker_network.yaml -options: -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Force the container to disconnect from a network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker network disconnect multi-host-network container1 - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_network_inspect.yaml b/_data/engine-cli-edge/docker_network_inspect.yaml deleted file mode 100644 index b29c872a26..0000000000 --- a/_data/engine-cli-edge/docker_network_inspect.yaml +++ /dev/null @@ -1,34 +0,0 @@ -command: docker network inspect -short: Display detailed information on one or more networks -long: |- - Returns information about one or more networks. By default, this command renders - all results in a JSON object. -usage: docker network inspect [OPTIONS] NETWORK [NETWORK...] -pname: docker network -plink: docker_network.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: verbose - shorthand: v - value_type: bool - default_value: "false" - description: Verbose output for diagnostics - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_network_ls.yaml b/_data/engine-cli-edge/docker_network_ls.yaml deleted file mode 100644 index 6688affca9..0000000000 --- a/_data/engine-cli-edge/docker_network_ls.yaml +++ /dev/null @@ -1,132 +0,0 @@ -command: docker network ls -aliases: list -short: List networks -long: |- - Lists all the networks the Engine `daemon` knows about. This includes the - networks that span across multiple hosts in a cluster. -usage: docker network ls [OPTIONS] -pname: docker network -plink: docker_network.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Provide filter values (e.g. 'driver=bridge') - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print networks using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Do not truncate the output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display network IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: "### List all networks\n\n```bash\n$ sudo docker network ls\nNETWORK ID - \ NAME DRIVER SCOPE\n7fca4eb8c647 bridge - \ bridge local\n9f904ee27bf5 none null - \ local\ncf03ee007fb4 host host local\n78b03ee04fc4 - \ multi-host overlay swarm\n```\n\nUse the `--no-trunc` option - to display the full network id:\n\n```bash\n$ docker network ls --no-trunc\nNETWORK - ID NAME DRIVER - \ SCOPE\n18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 - \ none null local\nc288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 - \ host host local\n7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 - \ bridge bridge local\n95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd - \ foo bridge local\n63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 - \ dev bridge local\n```\n\n### Filtering\n\nThe filtering - flag (`-f` or `--filter`) format is a `key=value` pair. If there\nis more than one - filter, then pass multiple flags (e.g. `--filter \"foo=bar\" --filter \"bif=baz\"`).\nMultiple - filter flags are combined as an `OR` filter. For example,\n`-f type=custom -f type=builtin` - returns both `custom` and `builtin` networks.\n\nThe currently supported filters - are:\n\n* driver\n* id (network's id)\n* label (`label=` or `label==`)\n* - name (network's name)\n* scope (`swarm|global|local`)\n* type (`custom|builtin`)\n\n#### - Driver\n\nThe `driver` filter matches networks based on their driver.\n\nThe following - example matches networks with the `bridge` driver:\n\n```bash\n$ docker network - ls --filter driver=bridge\nNETWORK ID NAME DRIVER SCOPE\ndb9db329f835 - \ test1 bridge local\nf6e212da9dfd test2 bridge - \ local\n```\n\n#### ID\n\nThe `id` filter matches on all or part of a - network's ID.\n\nThe following filter matches all networks with an ID containing - the\n`63d1ff1f77b0...` string.\n\n```bash\n$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161\nNETWORK - ID NAME DRIVER SCOPE\n63d1ff1f77b0 dev - \ bridge local\n```\n\nYou can also filter for a substring - in an ID as this shows:\n\n```bash\n$ docker network ls --filter id=95e74588f40d\nNETWORK - ID NAME DRIVER SCOPE\n95e74588f40d foo bridge - \ local\n\n$ docker network ls --filter id=95e\nNETWORK ID NAME - \ DRIVER SCOPE\n95e74588f40d foo bridge - \ local\n```\n\n#### Label\n\nThe `label` filter matches networks based - on the presence of a `label` alone or a `label` and a\nvalue.\n\nThe following filter - matches networks with the `usage` label regardless of its value.\n\n```bash\n$ docker - network ls -f \"label=usage\"\nNETWORK ID NAME DRIVER SCOPE\ndb9db329f835 - \ test1 bridge local\nf6e212da9dfd test2 bridge - \ local\n```\n\nThe following filter matches networks with the `usage` label - with the `prod` value.\n\n```bash\n$ docker network ls -f \"label=usage=prod\"\nNETWORK - ID NAME DRIVER SCOPE\nf6e212da9dfd test2 bridge - \ local\n```\n\n#### Name\n\nThe `name` filter matches on all or part of a - network's name.\n\nThe following filter matches all networks with a name containing - the `foobar` string.\n\n```bash\n$ docker network ls --filter name=foobar\nNETWORK - ID NAME DRIVER SCOPE\n06e7eef0a170 foobar bridge - \ local\n```\n\nYou can also filter for a substring in a name as this shows:\n\n```bash\n$ - docker network ls --filter name=foo\nNETWORK ID NAME DRIVER - \ SCOPE\n95e74588f40d foo bridge local\n06e7eef0a170 - \ foobar bridge local\n```\n\n#### Scope\n\nThe `scope` - filter matches networks based on their scope.\n\nThe following example matches networks - with the `swarm` scope:\n\n```bash\n$ docker network ls --filter scope=swarm\nNETWORK - ID NAME DRIVER SCOPE\nxbtm0v4f1lfh ingress - \ overlay swarm\nic6r88twuu92 swarmnet overlay - \ swarm\n```\n\nThe following example matches networks with the `local` - scope:\n\n```bash\n$ docker network ls --filter scope=local\nNETWORK ID NAME - \ DRIVER SCOPE\ne85227439ac7 bridge bridge - \ local\n0ca0e19443ed host host local\nca13cc149a36 - \ localnet bridge local\nf9e115d2de35 none - \ null local\n```\n\n#### Type\n\nThe `type` filter - supports two values; `builtin` displays predefined networks\n(`bridge`, `none`, - `host`), whereas `custom` displays user defined networks.\n\nThe following filter - matches all user defined networks:\n\n```bash\n$ docker network ls --filter type=custom\nNETWORK - ID NAME DRIVER SCOPE\n95e74588f40d foo bridge - \ local \n63d1ff1f77b0 dev bridge local\n```\n\nBy - having this flag it allows for batch cleanup. For example, use this filter\nto delete - all user defined networks:\n\n```bash\n$ docker network rm `docker network ls --filter - type=custom -q`\n```\n\nA warning will be issued when trying to remove a network - that has containers\nattached.\n\n### Formatting\n\nThe formatting options (`--format`) - pretty-prints networks output\nusing a Go template.\n\nValid placeholders for the - Go template are listed below:\n\nPlaceholder | Description\n-------------|------------------------------------------------------------------------------------------\n`.ID` - \ | Network ID\n`.Name` | Network name\n`.Driver` | Network driver\n`.Scope` - \ | Network scope (local, global)\n`.IPv6` | Whether IPv6 is enabled on - the network or not.\n`.Internal` | Whether the network is internal or not.\n`.Labels` - \ | All labels assigned to the network.\n`.Label` | Value of a specific label - for this network. For example `{{.Label \"project.version\"}}`\n`.CreatedAt` | Time - when the network was created\n\nWhen using the `--format` option, the `network ls` - command will either\noutput the data exactly as the template declares or, when using - the\n`table` directive, includes column headers as well.\n\nThe following example - uses a template without headers and outputs the\n`ID` and `Driver` entries separated - by a colon for all networks:\n\n```bash\n$ docker network ls --format \"{{.ID}}: - {{.Driver}}\"\nafaaab448eb2: bridge\nd1584f8dc718: host\n391df270dc66: null\n```" -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_network_prune.yaml b/_data/engine-cli-edge/docker_network_prune.yaml deleted file mode 100644 index 251d0f3444..0000000000 --- a/_data/engine-cli-edge/docker_network_prune.yaml +++ /dev/null @@ -1,98 +0,0 @@ -command: docker network prune -short: Remove all unused networks -long: |- - Remove all unused networks. Unused networks are those which are not referenced - by any containers. -usage: docker network prune [OPTIONS] -pname: docker network -plink: docker_network.yaml -options: -- option: filter - value_type: filter - description: Provide filter values (e.g. 'until=') - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Do not prompt for confirmation - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker network prune - - WARNING! This will remove all networks not used by at least one container. - Are you sure you want to continue? [y/N] y - Deleted Networks: - n1 - n2 - ``` - - ### Filtering - - The filtering flag (`--filter`) format is of "key=value". If there is more - than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - - The currently supported filters are: - - * until (``) - only remove networks created before given timestamp - * label (`label=`, `label==`, `label!=`, or `label!==`) - only remove networks with (or without, in case `label!=...` is used) the specified labels. - - The `until` filter can be Unix timestamps, date formatted - timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed - relative to the daemon machine’s time. Supported formats for date - formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, - `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local - timezone on the daemon will be used if you do not provide either a `Z` or a - `+-00:00` timezone offset at the end of the timestamp. When providing Unix - timestamps enter seconds[.nanoseconds], where seconds is the number of seconds - that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap - seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a - fraction of a second no more than nine digits long. - - The `label` filter accepts two formats. One is the `label=...` (`label=` or `label==`), - which removes networks with the specified labels. The other - format is the `label!=...` (`label!=` or `label!==`), which removes - networks without the specified labels. - - The following removes networks created more than 5 minutes ago. Note that - system networks such as `bridge`, `host`, and `none` will never be pruned: - - ```none - $ docker network ls - - NETWORK ID NAME DRIVER SCOPE - 7430df902d7a bridge bridge local - ea92373fd499 foo-1-day-ago bridge local - ab53663ed3c7 foo-1-min-ago bridge local - 97b91972bc3b host host local - f949d337b1f5 none null local - - $ docker network prune --force --filter until=5m - - Deleted Networks: - foo-1-day-ago - - $ docker network ls - - NETWORK ID NAME DRIVER SCOPE - 7430df902d7a bridge bridge local - ab53663ed3c7 foo-1-min-ago bridge local - 97b91972bc3b host host local - f949d337b1f5 none null local - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_network_rm.yaml b/_data/engine-cli-edge/docker_network_rm.yaml deleted file mode 100644 index 9feeccce5e..0000000000 --- a/_data/engine-cli-edge/docker_network_rm.yaml +++ /dev/null @@ -1,38 +0,0 @@ -command: docker network rm -aliases: remove -short: Remove one or more networks -long: |- - Removes one or more networks by name or identifier. To remove a network, - you must first disconnect any containers connected to it. -usage: docker network rm NETWORK [NETWORK...] -pname: docker network -plink: docker_network.yaml -examples: |- - ### Remove a network - - To remove the network named 'my-network': - - ```bash - $ docker network rm my-network - ``` - - ### Remove multiple networks - - To delete multiple networks in a single `docker network rm` command, provide - multiple network names or ids. The following example deletes a network with id - `3695c422697f` and a network named `my-network`: - - ```bash - $ docker network rm 3695c422697f my-network - ``` - - When you specify multiple networks, the command attempts to delete each in turn. - If the deletion of one network fails, the command continues to the next on the - list and tries to delete that. The command reports success or failure for each - deletion. -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_node.yaml b/_data/engine-cli-edge/docker_node.yaml deleted file mode 100644 index ca3e52bf5f..0000000000 --- a/_data/engine-cli-edge/docker_node.yaml +++ /dev/null @@ -1,29 +0,0 @@ -command: docker node -short: Manage Swarm nodes -long: Manage nodes. -usage: docker node -pname: docker -plink: docker.yaml -cname: -- docker node demote -- docker node inspect -- docker node ls -- docker node promote -- docker node ps -- docker node rm -- docker node update -clink: -- docker_node_demote.yaml -- docker_node_inspect.yaml -- docker_node_ls.yaml -- docker_node_promote.yaml -- docker_node_ps.yaml -- docker_node_rm.yaml -- docker_node_update.yaml -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_node_demote.yaml b/_data/engine-cli-edge/docker_node_demote.yaml deleted file mode 100644 index 9d671e42a4..0000000000 --- a/_data/engine-cli-edge/docker_node_demote.yaml +++ /dev/null @@ -1,19 +0,0 @@ -command: docker node demote -short: Demote one or more nodes from manager in the swarm -long: |- - Demotes an existing manager so that it is no longer a manager. This command - targets a docker engine that is a manager in the swarm. -usage: docker node demote NODE [NODE...] -pname: docker node -plink: docker_node.yaml -examples: |- - ```bash - $ docker node demote - ``` -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_node_inspect.yaml b/_data/engine-cli-edge/docker_node_inspect.yaml deleted file mode 100644 index d0790e0617..0000000000 --- a/_data/engine-cli-edge/docker_node_inspect.yaml +++ /dev/null @@ -1,73 +0,0 @@ -command: docker node inspect -short: Display detailed information on one or more nodes -long: |- - Returns information about a node. By default, this command renders all results - in a JSON array. You can specify an alternate format to execute a - given template for each result. Go's - [text/template](http://golang.org/pkg/text/template/) package describes all the - details of the format. -usage: docker node inspect [OPTIONS] self|NODE [NODE...] -pname: docker node -plink: docker_node.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pretty - value_type: bool - default_value: "false" - description: Print the information in a human friendly format - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: "### Inspect a node\n\n```none\n$ docker node inspect swarm-manager\n\n[\n{\n - \ \"ID\": \"e216jshn25ckzbvmwlnh5jr3g\",\n \"Version\": {\n \"Index\": - 10\n },\n \"CreatedAt\": \"2017-05-16T22:52:44.9910662Z\",\n \"UpdatedAt\": - \"2017-05-16T22:52:45.230878043Z\",\n \"Spec\": {\n \"Role\": \"manager\",\n - \ \"Availability\": \"active\"\n },\n \"Description\": {\n \"Hostname\": - \"swarm-manager\",\n \"Platform\": {\n \"Architecture\": \"x86_64\",\n - \ \"OS\": \"linux\"\n },\n \"Resources\": {\n \"NanoCPUs\": - 1000000000,\n \"MemoryBytes\": 1039843328\n },\n \"Engine\": - {\n \"EngineVersion\": \"17.06.0-ce\",\n \"Plugins\": [\n - \ {\n \"Type\": \"Volume\",\n \"Name\": - \"local\"\n },\n {\n \"Type\": - \"Network\",\n \"Name\": \"overlay\"\n },\n {\n - \ \"Type\": \"Network\",\n \"Name\": \"null\"\n - \ },\n {\n \"Type\": \"Network\",\n - \ \"Name\": \"host\"\n },\n {\n - \ \"Type\": \"Network\",\n \"Name\": \"bridge\"\n - \ },\n {\n \"Type\": \"Network\",\n - \ \"Name\": \"overlay\"\n }\n ]\n },\n - \ \"TLSInfo\": {\n \"TrustRoot\": \"-----BEGIN CERTIFICATE-----\\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\\n-----END - CERTIFICATE-----\\n\",\n \"CertIssuerSubject\": \"MBMxETAPBgNVBAMTCHN3YXJtLWNh\",\n - \ \"CertIssuerPublicKey\": \"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==\"\n - \ }\n },\n \"Status\": {\n \"State\": \"ready\",\n \"Addr\": - \"168.0.32.137\"\n },\n \"ManagerStatus\": {\n \"Leader\": true,\n - \ \"Reachability\": \"reachable\",\n \"Addr\": \"168.0.32.137:2377\"\n - \ }\n}\n]\n```\n\n### Specify an output format\n\n```none\n$ docker node inspect - --format '{{ .ManagerStatus.Leader }}' self\n\nfalse\n\n$ docker node inspect --pretty - self\nID: e216jshn25ckzbvmwlnh5jr3g\nHostname: swarm-manager\nJoined - at: 2017-05-16 22:52:44.9910662 +0000 utc\nStatus:\n State: Ready\n - Availability: Active\n Address: 172.17.0.2\nManager Status:\n - Address: 172.17.0.2:2377\n Raft Status: Reachable\n Leader: - \ Yes\nPlatform:\n Operating System: linux\n Architecture: x86_64\nResources:\n - CPUs: 4\n Memory: 7.704 GiB\nPlugins:\n Network: - \ overlay, bridge, null, host, overlay\n Volume: local\nEngine - Version: 17.06.0-ce\nTLS Info:\n TrustRoot:\n-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END - CERTIFICATE-----\n\n Issuer Public Key:\tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==\n - Issuer Subject:\tMBMxETAPBgNVBAMTCHN3YXJtLWNh\n```" -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_node_ls.yaml b/_data/engine-cli-edge/docker_node_ls.yaml deleted file mode 100644 index 6e36337428..0000000000 --- a/_data/engine-cli-edge/docker_node_ls.yaml +++ /dev/null @@ -1,93 +0,0 @@ -command: docker node ls -aliases: list -short: List nodes in the swarm -long: |- - Lists all the nodes that the Docker Swarm manager knows about. You can filter - using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section - for more information about available filter options. -usage: docker node ls [OPTIONS] -pname: docker node -plink: docker_node.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print nodes using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: "```bash\n$ docker node ls\n\nID HOSTNAME STATUS - \ AVAILABILITY MANAGER STATUS\n1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready - \ Active\n38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active\ne216jshn25ckzbvmwlnh5jr3g - * swarm-manager1 Ready Active Leader\n```\n> **Note**:\n> In the above - example output, there is a hidden column of `.Self` that indicates if the\n> node - is the same node as the current docker daemon. A `*` (e.g., `e216jshn25ckzbvmwlnh5jr3g - *`)\n> means this node is the current docker daemon.\n\n\n### Filtering\n\nThe filtering - flag (`-f` or `--filter`) format is of \"key=value\". If there is more\nthan one - filter, then pass multiple flags (e.g., `--filter \"foo=bar\" --filter \"bif=baz\"`)\n\nThe - currently supported filters are:\n\n* [id](node_ls.md#id)\n* [label](node_ls.md#label)\n* - [membership](node_ls.md#membership)\n* [name](node_ls.md#name)\n* [role](node_ls.md#role)\n\n#### - id\n\nThe `id` filter matches all or part of a node's id.\n\n```bash\n$ docker node - ls -f id=1\n\nID HOSTNAME STATUS AVAILABILITY MANAGER - STATUS\n1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active\n```\n\n#### label\n\nThe - `label` filter matches nodes based on engine labels and on the presence of a `label` - alone or a `label` and a value. Node labels are currently not used for filtering.\n\nThe - following filter matches nodes with the `foo` label regardless of its value.\n\n```bash\n$ - docker node ls -f \"label=foo\"\n\nID HOSTNAME STATUS - \ AVAILABILITY MANAGER STATUS\n1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready - \ Active\n```\n\n#### membership\n\nThe `membership` filter matches nodes based - on the presence of a `membership` and a value\n`accepted` or `pending`.\n\nThe following - filter matches nodes with the `membership` of `accepted`.\n\n```bash\n$ docker node - ls -f \"membership=accepted\"\n\nID HOSTNAME STATUS - \ AVAILABILITY MANAGER STATUS\n1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready - \ Active\n38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active\n```\n\n#### - name\n\nThe `name` filter matches on all or part of a node hostname.\n\nThe following - filter matches the nodes with a name equal to `swarm-master` string.\n\n```bash\n$ - docker node ls -f name=swarm-manager1\n\nID HOSTNAME STATUS - \ AVAILABILITY MANAGER STATUS\ne216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready - \ Active Leader\n```\n\n#### role\n\nThe `role` filter matches nodes based - on the presence of a `role` and a value `worker` or `manager`.\n\nThe following - filter matches nodes with the `manager` role.\n\n```bash\n$ docker node ls -f \"role=manager\"\n\nID - \ HOSTNAME STATUS AVAILABILITY MANAGER STATUS\ne216jshn25ckzbvmwlnh5jr3g - * swarm-manager1 Ready Active Leader\n```\n\n### Formatting\n\nThe formatting - options (`--format`) pretty-prints nodes output\nusing a Go template.\n\nValid placeholders - for the Go template are listed below:\n\nPlaceholder | Description\n-----------------|------------------------------------------------------------------------------------------\n`.ID` - \ | Node ID\n`.Self` | Node of the daemon (`true/false`, `true`indicates - that the node is the same as current docker daemon)\n`.Hostname` | Node hostname\n`.Status` - \ | Node status\n`.Availability` | Node availability (\"active\", \"pause\", - or \"drain\")\n`.ManagerStatus` | Manager status of the node\n`.TLSStatus` | - TLS status of the node (\"Ready\", or \"Needs Rotation\" has TLS certificate signed - by an old CA)\n`.EngineVersion` | Engine version\n\nWhen using the `--format` option, - the `node ls` command will either\noutput the data exactly as the template declares - or, when using the\n`table` directive, includes column headers as well.\n\nThe following - example uses a template without headers and outputs the\n`ID`, `Hostname`, and `TLS - Status` entries separated by a colon for all nodes:\n\n```bash\n$ docker node ls - --format \"{{.ID}}: {{.Hostname}} {{.TLSStatus}}\"\ne216jshn25ckzbvmwlnh5jr3g: swarm-manager1 - Ready\n35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation \n```" -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_node_promote.yaml b/_data/engine-cli-edge/docker_node_promote.yaml deleted file mode 100644 index ddb6a70264..0000000000 --- a/_data/engine-cli-edge/docker_node_promote.yaml +++ /dev/null @@ -1,19 +0,0 @@ -command: docker node promote -short: Promote one or more nodes to manager in the swarm -long: |- - Promotes a node to manager. This command targets a docker engine that is a - manager in the swarm. -usage: docker node promote NODE [NODE...] -pname: docker node -plink: docker_node.yaml -examples: |- - ```bash - $ docker node promote - ``` -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_node_ps.yaml b/_data/engine-cli-edge/docker_node_ps.yaml deleted file mode 100644 index 1d1dd220ca..0000000000 --- a/_data/engine-cli-edge/docker_node_ps.yaml +++ /dev/null @@ -1,163 +0,0 @@ -command: docker node ps -short: List tasks running on one or more nodes, defaults to current node -long: Lists all the tasks on a Node that Docker knows about. You can filter using - the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more - information about available filter options. -usage: docker node ps [OPTIONS] [NODE...] -pname: docker node -plink: docker_node.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print tasks using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-resolve - value_type: bool - default_value: "false" - description: Do not map IDs to Names - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Do not truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display task IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker node ps swarm-manager1 - NAME IMAGE NODE DESIRED STATE CURRENT STATE - redis.1.7q92v0nr1hcgts2amcjyqg3pq redis:3.0.6 swarm-manager1 Running Running 5 hours - redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 29 seconds - redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds - redis.9.dkkual96p4bb3s6b10r7coxxt redis:3.0.6 swarm-manager1 Running Running 5 seconds - redis.10.0tgctg8h8cech4w0k0gwrmr23 redis:3.0.6 swarm-manager1 Running Running 5 seconds - ``` - - ### Filtering - - The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more - than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - - The currently supported filters are: - - * [name](#name) - * [id](#id) - * [label](#label) - * [desired-state](#desired-state) - - #### name - - The `name` filter matches on all or part of a task's name. - - The following filter matches all tasks with a name containing the `redis` string. - - ```bash - $ docker node ps -f name=redis swarm-manager1 - - NAME IMAGE NODE DESIRED STATE CURRENT STATE - redis.1.7q92v0nr1hcgts2amcjyqg3pq redis:3.0.6 swarm-manager1 Running Running 5 hours - redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 29 seconds - redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds - redis.9.dkkual96p4bb3s6b10r7coxxt redis:3.0.6 swarm-manager1 Running Running 5 seconds - redis.10.0tgctg8h8cech4w0k0gwrmr23 redis:3.0.6 swarm-manager1 Running Running 5 seconds - ``` - - #### id - - The `id` filter matches a task's id. - - ```bash - $ docker node ps -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1 - - NAME IMAGE NODE DESIRED STATE CURRENT STATE - redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds - ``` - - #### label - - The `label` filter matches tasks based on the presence of a `label` alone or a `label` and a - value. - - The following filter matches tasks with the `usage` label regardless of its value. - - ```bash - $ docker node ps -f "label=usage" - - NAME IMAGE NODE DESIRED STATE CURRENT STATE - redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 10 minutes - redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 9 minutes - ``` - - - #### desired-state - - The `desired-state` filter can take the values `running`, `shutdown`, or `accepted`. - - - ### Formatting - - The formatting options (`--format`) pretty-prints tasks output - using a Go template. - - Valid placeholders for the Go template are listed below: - - Placeholder | Description - ----------------|------------------------------------------------------------------------------------------ - `.Name` | Task name - `.Image` | Task image - `.Node` | Node ID - `.DesiredState` | Desired state of the task (`running`, `shutdown`, or `accepted`) - `.CurrentState` | Current state of the task - `.Error` | Error - `.Ports` | Task published ports - - When using the `--format` option, the `node ps` command will either - output the data exactly as the template declares or, when using the - `table` directive, includes column headers as well. - - The following example uses a template without headers and outputs the - `Name` and `Image` entries separated by a colon for all tasks: - - ```bash - $ docker node ps --format "{{.Name}}: {{.Image}}" - top.1: busybox - top.2: busybox - top.3: busybox - ``` -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_node_rm.yaml b/_data/engine-cli-edge/docker_node_rm.yaml deleted file mode 100644 index 7133baa84e..0000000000 --- a/_data/engine-cli-edge/docker_node_rm.yaml +++ /dev/null @@ -1,60 +0,0 @@ -command: docker node rm -aliases: remove -short: Remove one or more nodes from the swarm -long: When run from a manager node, removes the specified nodes from a swarm. -usage: docker node rm [OPTIONS] NODE [NODE...] -pname: docker node -plink: docker_node.yaml -options: -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Force remove a node from the swarm - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Remove a stopped node from the swarm - - ```bash - $ docker node rm swarm-node-02 - - Node swarm-node-02 removed from swarm - ``` - ### Attempt to remove a running node from a swarm - - Removes the specified nodes from the swarm, but only if the nodes are in the - down state. If you attempt to remove an active node you will receive an error: - - ```non - $ docker node rm swarm-node-03 - - Error response from daemon: rpc error: code = 9 desc = node swarm-node-03 is not - down and can't be removed - ``` - - ### Forcibly remove an inaccessible node from a swarm - - If you lose access to a worker node or need to shut it down because it has been - compromised or is not behaving as expected, you can use the `--force` option. - This may cause transient errors or interruptions, depending on the type of task - being run on the node. - - ```bash - $ docker node rm --force swarm-node-03 - - Node swarm-node-03 removed from swarm - ``` - - A manager node must be demoted to a worker node (using `docker node demote`) - before you can remove it from the swarm. -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_node_update.yaml b/_data/engine-cli-edge/docker_node_update.yaml deleted file mode 100644 index a5ba4451fd..0000000000 --- a/_data/engine-cli-edge/docker_node_update.yaml +++ /dev/null @@ -1,79 +0,0 @@ -command: docker node update -short: Update a node -long: Update metadata about a node, such as its availability, labels, or roles. -usage: docker node update [OPTIONS] NODE -pname: docker node -plink: docker_node.yaml -options: -- option: availability - value_type: string - description: Availability of the node ("active"|"pause"|"drain") - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label-add - value_type: list - description: Add or update a node label (key=value) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label-rm - value_type: list - description: Remove a node label if exists - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: role - value_type: string - description: Role of the node ("worker"|"manager") - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Add label metadata to a node - - Add metadata to a swarm node using node labels. You can specify a node label as - a key with an empty value: - - ``` bash - $ docker node update --label-add foo worker1 - ``` - - To add multiple labels to a node, pass the `--label-add` flag for each label: - - ```bash - $ docker node update --label-add foo --label-add bar worker1 - ``` - - When you [create a service](service_create.md), - you can use node labels as a constraint. A constraint limits the nodes where the - scheduler deploys tasks for a service. - - For example, to add a `type` label to identify nodes where the scheduler should - deploy message queue service tasks: - - ``` bash - $ docker node update --label-add type=queue worker1 - ``` - - The labels you set for nodes using `docker node update` apply only to the node - entity within the swarm. Do not confuse them with the docker daemon labels for - [dockerd](https://docs.docker.com/engine/userguide/labels-custom-metadata/#daemon-labels). - - For more information about labels, refer to [apply custom - metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/). -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_pause.yaml b/_data/engine-cli-edge/docker_pause.yaml deleted file mode 100644 index 49714e66c0..0000000000 --- a/_data/engine-cli-edge/docker_pause.yaml +++ /dev/null @@ -1,26 +0,0 @@ -command: docker pause -short: Pause all processes within one or more containers -long: |- - The `docker pause` command suspends all processes in the specified containers. - On Linux, this uses the cgroups freezer. Traditionally, when suspending a process - the `SIGSTOP` signal is used, which is observable by the process being suspended. - With the cgroups freezer the process is unaware, and unable to capture, - that it is being suspended, and subsequently resumed. On Windows, only Hyper-V - containers can be paused. - - See the - [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) - for further details. -usage: docker pause CONTAINER [CONTAINER...] -pname: docker -plink: docker.yaml -examples: |- - ```bash - $ docker pause my_container - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_plugin.yaml b/_data/engine-cli-edge/docker_plugin.yaml deleted file mode 100644 index 23b9087eef..0000000000 --- a/_data/engine-cli-edge/docker_plugin.yaml +++ /dev/null @@ -1,35 +0,0 @@ -command: docker plugin -short: Manage plugins -long: Manage plugins. -usage: docker plugin -pname: docker -plink: docker.yaml -cname: -- docker plugin create -- docker plugin disable -- docker plugin enable -- docker plugin inspect -- docker plugin install -- docker plugin ls -- docker plugin push -- docker plugin rm -- docker plugin set -- docker plugin upgrade -clink: -- docker_plugin_create.yaml -- docker_plugin_disable.yaml -- docker_plugin_enable.yaml -- docker_plugin_inspect.yaml -- docker_plugin_install.yaml -- docker_plugin_ls.yaml -- docker_plugin_push.yaml -- docker_plugin_rm.yaml -- docker_plugin_set.yaml -- docker_plugin_upgrade.yaml -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_plugin_create.yaml b/_data/engine-cli-edge/docker_plugin_create.yaml deleted file mode 100644 index 4d666debcb..0000000000 --- a/_data/engine-cli-edge/docker_plugin_create.yaml +++ /dev/null @@ -1,47 +0,0 @@ -command: docker plugin create -short: Create a plugin from a rootfs and configuration. Plugin data directory must - contain config.json and rootfs directory. -long: |- - Creates a plugin. Before creating the plugin, prepare the plugin's root filesystem as well as - [the config.json](../../extend/config.md) -usage: docker plugin create [OPTIONS] PLUGIN PLUGIN-DATA-DIR -pname: docker plugin -plink: docker_plugin.yaml -options: -- option: compress - value_type: bool - default_value: "false" - description: Compress the context using gzip - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - The following example shows how to create a sample `plugin`. - - ```bash - $ ls -ls /home/pluginDir - - total 4 - 4 -rw-r--r-- 1 root root 431 Nov 7 01:40 config.json - 0 drwxr-xr-x 19 root root 420 Nov 7 01:40 rootfs - - $ docker plugin create plugin /home/pluginDir - - plugin - - $ docker plugin ls - - ID NAME TAG DESCRIPTION ENABLED - 672d8144ec02 plugin latest A sample plugin for Docker false - ``` - - The plugin can subsequently be enabled for local use or pushed to the public registry. -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_plugin_disable.yaml b/_data/engine-cli-edge/docker_plugin_disable.yaml deleted file mode 100644 index d77ce27dc2..0000000000 --- a/_data/engine-cli-edge/docker_plugin_disable.yaml +++ /dev/null @@ -1,50 +0,0 @@ -command: docker plugin disable -short: Disable a plugin -long: |- - Disables a plugin. The plugin must be installed before it can be disabled, - see [`docker plugin install`](plugin_install.md). Without the `-f` option, - a plugin that has references (e.g., volumes, networks) cannot be disabled. -usage: docker plugin disable [OPTIONS] PLUGIN -pname: docker plugin -plink: docker_plugin.yaml -options: -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Force the disable of an active plugin - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - The following example shows that the `sample-volume-plugin` plugin is installed - and enabled: - - ```bash - $ docker plugin ls - - ID NAME TAG DESCRIPTION ENABLED - 69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true - ``` - - To disable the plugin, use the following command: - - ```bash - $ docker plugin disable tiborvass/sample-volume-plugin - - tiborvass/sample-volume-plugin - - $ docker plugin ls - - ID NAME TAG DESCRIPTION ENABLED - 69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker false - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_plugin_enable.yaml b/_data/engine-cli-edge/docker_plugin_enable.yaml deleted file mode 100644 index 30fa394e18..0000000000 --- a/_data/engine-cli-edge/docker_plugin_enable.yaml +++ /dev/null @@ -1,48 +0,0 @@ -command: docker plugin enable -short: Enable a plugin -long: |- - Enables a plugin. The plugin must be installed before it can be enabled, - see [`docker plugin install`](plugin_install.md). -usage: docker plugin enable [OPTIONS] PLUGIN -pname: docker plugin -plink: docker_plugin.yaml -options: -- option: timeout - value_type: int - default_value: "30" - description: HTTP client timeout (in seconds) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - The following example shows that the `sample-volume-plugin` plugin is installed, - but disabled: - - ```bash - $ docker plugin ls - - ID NAME TAG DESCRIPTION ENABLED - 69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker false - ``` - - To enable the plugin, use the following command: - - ```bash - $ docker plugin enable tiborvass/sample-volume-plugin - - tiborvass/sample-volume-plugin - - $ docker plugin ls - - ID NAME TAG DESCRIPTION ENABLED - 69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_plugin_inspect.yaml b/_data/engine-cli-edge/docker_plugin_inspect.yaml deleted file mode 100644 index acc6c74794..0000000000 --- a/_data/engine-cli-edge/docker_plugin_inspect.yaml +++ /dev/null @@ -1,145 +0,0 @@ -command: docker plugin inspect -short: Display detailed information on one or more plugins -long: |- - Returns information about a plugin. By default, this command renders all results - in a JSON array. -usage: docker plugin inspect [OPTIONS] PLUGIN [PLUGIN...] -pname: docker plugin -plink: docker_plugin.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```none - $ docker plugin inspect tiborvass/sample-volume-plugin:latest - - { - "Id": "8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21", - "Name": "tiborvass/sample-volume-plugin:latest", - "PluginReference": "tiborvas/sample-volume-plugin:latest", - "Enabled": true, - "Config": { - "Mounts": [ - { - "Name": "", - "Description": "", - "Settable": null, - "Source": "/data", - "Destination": "/data", - "Type": "bind", - "Options": [ - "shared", - "rbind" - ] - }, - { - "Name": "", - "Description": "", - "Settable": null, - "Source": null, - "Destination": "/foobar", - "Type": "tmpfs", - "Options": null - } - ], - "Env": [ - "DEBUG=1" - ], - "Args": null, - "Devices": null - }, - "Manifest": { - "ManifestVersion": "v0", - "Description": "A test plugin for Docker", - "Documentation": "https://docs.docker.com/engine/extend/plugins/", - "Interface": { - "Types": [ - "docker.volumedriver/1.0" - ], - "Socket": "plugins.sock" - }, - "Entrypoint": [ - "plugin-sample-volume-plugin", - "/data" - ], - "Workdir": "", - "User": { - }, - "Network": { - "Type": "host" - }, - "Capabilities": null, - "Mounts": [ - { - "Name": "", - "Description": "", - "Settable": null, - "Source": "/data", - "Destination": "/data", - "Type": "bind", - "Options": [ - "shared", - "rbind" - ] - }, - { - "Name": "", - "Description": "", - "Settable": null, - "Source": null, - "Destination": "/foobar", - "Type": "tmpfs", - "Options": null - } - ], - "Devices": [ - { - "Name": "device", - "Description": "a host device to mount", - "Settable": null, - "Path": "/dev/cpu_dma_latency" - } - ], - "Env": [ - { - "Name": "DEBUG", - "Description": "If set, prints debug messages", - "Settable": null, - "Value": "1" - } - ], - "Args": { - "Name": "args", - "Description": "command line arguments", - "Settable": null, - "Value": [ - - ] - } - } - } - ``` - - (output formatted for readability) - - ### Formatting the output - - ```bash - $ docker plugin inspect -f '{{.Id}}' tiborvass/sample-volume-plugin:latest - - 8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21 - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_plugin_install.yaml b/_data/engine-cli-edge/docker_plugin_install.yaml deleted file mode 100644 index 255f44cedb..0000000000 --- a/_data/engine-cli-edge/docker_plugin_install.yaml +++ /dev/null @@ -1,78 +0,0 @@ -command: docker plugin install -short: Install a plugin -long: |- - Installs and enables a plugin. Docker looks first for the plugin on your Docker - host. If the plugin does not exist locally, then the plugin is pulled from - the registry. Note that the minimum required registry version to distribute - plugins is 2.3.0 -usage: docker plugin install [OPTIONS] PLUGIN [KEY=VALUE...] -pname: docker plugin -plink: docker_plugin.yaml -options: -- option: alias - value_type: string - description: Local name for plugin - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: disable - value_type: bool - default_value: "false" - description: Do not enable the plugin on install - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image verification - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: grant-all-permissions - value_type: bool - default_value: "false" - description: Grant all permissions necessary to run the plugin - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - The following example installs `vieus/sshfs` plugin and [sets](plugin_set.md) its - `DEBUG` environment variable to `1`. To install, `pull` the plugin from Docker - Hub and prompt the user to accept the list of privileges that the plugin needs, - set the plugin's parameters and enable the plugin. - - ```bash - $ docker plugin install vieux/sshfs DEBUG=1 - - Plugin "vieux/sshfs" is requesting the following privileges: - - network: [host] - - device: [/dev/fuse] - - capabilities: [CAP_SYS_ADMIN] - Do you grant the above permissions? [y/N] y - vieux/sshfs - ``` - - After the plugin is installed, it appears in the list of plugins: - - ```bash - $ docker plugin ls - - ID NAME TAG DESCRIPTION ENABLED - 69553ca1d123 vieux/sshfs latest sshFS plugin for Docker true - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_plugin_ls.yaml b/_data/engine-cli-edge/docker_plugin_ls.yaml deleted file mode 100644 index dc5e399f56..0000000000 --- a/_data/engine-cli-edge/docker_plugin_ls.yaml +++ /dev/null @@ -1,120 +0,0 @@ -command: docker plugin ls -aliases: list -short: List plugins -long: |- - Lists all the plugins that are currently installed. You can install plugins - using the [`docker plugin install`](plugin_install.md) command. - You can also filter using the `-f` or `--filter` flag. - Refer to the [filtering](#filtering) section for more information about available filter options. -usage: docker plugin ls [OPTIONS] -pname: docker plugin -plink: docker_plugin.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Provide filter values (e.g. 'enabled=true') - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print plugins using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Don't truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display plugin IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker plugin ls - - ID NAME TAG DESCRIPTION ENABLED - 69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true - ``` - - ### Filtering - - The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more - than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - - The currently supported filters are: - - * enabled (boolean - true or false, 0 or 1) - * capability (string - currently `volumedriver`, `networkdriver`, `ipamdriver`, `logdriver`, `metricscollector`, or `authz`) - - #### enabled - - The `enabled` filter matches on plugins enabled or disabled. - - #### capability - - The `capability` filter matches on plugin capabilities. One plugin - might have multiple capabilities. Currently `volumedriver`, `networkdriver`, - `ipamdriver`, `logdriver`, `metricscollector`, and `authz` are supported capabilities. - - ```bash - $ docker plugin install --disable vieux/sshfs - - Installed plugin vieux/sshfs - - $ docker plugin ls --filter enabled=true - - NAME TAG DESCRIPTION ENABLED - ``` - - ### Formatting - - The formatting options (`--format`) pretty-prints plugins output - using a Go template. - - Valid placeholders for the Go template are listed below: - - Placeholder | Description - ---------------|------------------------------------------------------------------------------------------ - `.ID` | Plugin ID - `.Name` | Plugin name - `.Description` | Plugin description - `.Enabled` | Whether plugin is enabled or not - `.PluginReference` | The reference used to push/pull from a registry - - When using the `--format` option, the `plugin ls` command will either - output the data exactly as the template declares or, when using the - `table` directive, includes column headers as well. - - The following example uses a template without headers and outputs the - `ID` and `Name` entries separated by a colon for all plugins: - - ```bash - $ docker plugin ls --format "{{.ID}}: {{.Name}}" - - 4be01827a72e: vieux/sshfs:latest - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_plugin_push.yaml b/_data/engine-cli-edge/docker_plugin_push.yaml deleted file mode 100644 index 5cbf90b008..0000000000 --- a/_data/engine-cli-edge/docker_plugin_push.yaml +++ /dev/null @@ -1,39 +0,0 @@ -command: docker plugin push -short: Push a plugin to a registry -long: |- - After you have created a plugin using `docker plugin create` and the plugin is - ready for distribution, use `docker plugin push` to share your images to Docker - Hub or a self-hosted registry. - - Registry credentials are managed by [docker login](login.md). -usage: docker plugin push [OPTIONS] PLUGIN[:TAG] -pname: docker plugin -plink: docker_plugin.yaml -options: -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image signing - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - The following example shows how to push a sample `user/plugin`. - - ```bash - $ docker plugin ls - - ID NAME TAG DESCRIPTION ENABLED - 69553ca1d456 user/plugin latest A sample plugin for Docker false - - $ docker plugin push user/plugin - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_plugin_rm.yaml b/_data/engine-cli-edge/docker_plugin_rm.yaml deleted file mode 100644 index e6222f4a78..0000000000 --- a/_data/engine-cli-edge/docker_plugin_rm.yaml +++ /dev/null @@ -1,42 +0,0 @@ -command: docker plugin rm -aliases: remove -short: Remove one or more plugins -long: |- - Removes a plugin. You cannot remove a plugin if it is enabled, you must disable - a plugin using the [`docker plugin disable`](plugin_disable.md) before removing - it (or use --force, use of force is not recommended, since it can affect - functioning of running containers using the plugin). -usage: docker plugin rm [OPTIONS] PLUGIN [PLUGIN...] -pname: docker plugin -plink: docker_plugin.yaml -options: -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Force the removal of an active plugin - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - The following example disables and removes the `sample-volume-plugin:latest` - plugin: - - ```bash - $ docker plugin disable tiborvass/sample-volume-plugin - - tiborvass/sample-volume-plugin - - $ docker plugin rm tiborvass/sample-volume-plugin:latest - - tiborvass/sample-volume-plugin - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_plugin_set.yaml b/_data/engine-cli-edge/docker_plugin_set.yaml deleted file mode 100644 index b8da2b11cb..0000000000 --- a/_data/engine-cli-edge/docker_plugin_set.yaml +++ /dev/null @@ -1,89 +0,0 @@ -command: docker plugin set -short: Change settings for a plugin -long: |- - Change settings for a plugin. The plugin must be disabled. - - The settings currently supported are: - * env variables - * source of mounts - * path of devices - * args -usage: docker plugin set PLUGIN KEY=VALUE [KEY=VALUE...] -pname: docker plugin -plink: docker_plugin.yaml -examples: |- - ### Change an environment variable - - The following example change the env variable `DEBUG` on the - `sample-volume-plugin` plugin. - - ```bash - $ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin - [DEBUG=0] - - $ docker plugin set tiborvass/sample-volume-plugin DEBUG=1 - - $ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin - [DEBUG=1] - ``` - - ### Change the source of a mount - - The following example change the source of the `mymount` mount on - the `myplugin` plugin. - - ```bash - $ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin - /foo - - $ docker plugins set myplugin mymount.source=/bar - - $ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin - /bar - ``` - - > **Note**: Since only `source` is settable in `mymount`, - > `docker plugins set mymount=/bar myplugin` would work too. - - ### Change a device path - - The following example change the path of the `mydevice` device on - the `myplugin` plugin. - - ```bash - $ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin - - /dev/foo - - $ docker plugins set myplugin mydevice.path=/dev/bar - - $ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin - - /dev/bar - ``` - - > **Note**: Since only `path` is settable in `mydevice`, - > `docker plugins set mydevice=/dev/bar myplugin` would work too. - - ### Change the source of the arguments - - The following example change the value of the args on the `myplugin` plugin. - - ```bash - $ docker plugin inspect -f '{{.Settings.Args}}' myplugin - - ["foo", "bar"] - - $ docker plugins set myplugin myargs="foo bar baz" - - $ docker plugin inspect -f '{{.Settings.Args}}' myplugin - - ["foo", "bar", "baz"] - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_plugin_upgrade.yaml b/_data/engine-cli-edge/docker_plugin_upgrade.yaml deleted file mode 100644 index 7a5baff06d..0000000000 --- a/_data/engine-cli-edge/docker_plugin_upgrade.yaml +++ /dev/null @@ -1,97 +0,0 @@ -command: docker plugin upgrade -short: Upgrade an existing plugin -long: |- - Upgrades an existing plugin to the specified remote plugin image. If no remote - is specified, Docker will re-pull the current image and use the updated version. - All existing references to the plugin will continue to work. - The plugin must be disabled before running the upgrade. -usage: docker plugin upgrade [OPTIONS] PLUGIN [REMOTE] -pname: docker plugin -plink: docker_plugin.yaml -options: -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image verification - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: grant-all-permissions - value_type: bool - default_value: "false" - description: Grant all permissions necessary to run the plugin - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: skip-remote-check - value_type: bool - default_value: "false" - description: | - Do not check if specified remote plugin matches existing plugin image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - The following example installs `vieus/sshfs` plugin, uses it to create and use - a volume, then upgrades the plugin. - - ```bash - $ docker plugin install vieux/sshfs DEBUG=1 - - Plugin "vieux/sshfs:next" is requesting the following privileges: - - network: [host] - - device: [/dev/fuse] - - capabilities: [CAP_SYS_ADMIN] - Do you grant the above permissions? [y/N] y - vieux/sshfs:next - - $ docker volume create -d vieux/sshfs:next -o sshcmd=root@1.2.3.4:/tmp/shared -o password=XXX sshvolume - - sshvolume - - $ docker run -it -v sshvolume:/data alpine sh -c "touch /data/hello" - - $ docker plugin disable -f vieux/sshfs:next - - viex/sshfs:next - - # Here docker volume ls doesn't show 'sshfsvolume', since the plugin is disabled - $ docker volume ls - - DRIVER VOLUME NAME - - $ docker plugin upgrade vieux/sshfs:next vieux/sshfs:next - - Plugin "vieux/sshfs:next" is requesting the following privileges: - - network: [host] - - device: [/dev/fuse] - - capabilities: [CAP_SYS_ADMIN] - Do you grant the above permissions? [y/N] y - Upgrade plugin vieux/sshfs:next to vieux/sshfs:next - - $ docker plugin enable vieux/sshfs:next - - viex/sshfs:next - - $ docker volume ls - - DRIVER VOLUME NAME - viuex/sshfs:next sshvolume - - $ docker run -it -v sshvolume:/data alpine sh -c "ls /data" - - hello - ``` -deprecated: false -min_api_version: "1.26" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_port.yaml b/_data/engine-cli-edge/docker_port.yaml deleted file mode 100644 index 7ee8782a83..0000000000 --- a/_data/engine-cli-edge/docker_port.yaml +++ /dev/null @@ -1,32 +0,0 @@ -command: docker port -short: List port mappings or a specific mapping for the container -long: List port mappings or a specific mapping for the container -usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]] -pname: docker -plink: docker.yaml -examples: |- - ### Show all mapped ports - - You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or - just a specific mapping: - - ```bash - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test - $ docker port test - 7890/tcp -> 0.0.0.0:4321 - 9876/tcp -> 0.0.0.0:1234 - $ docker port test 7890/tcp - 0.0.0.0:4321 - $ docker port test 7890/udp - 2014/06/24 11:53:36 Error: No public port '7890/udp' published for test - $ docker port test 7890 - 0.0.0.0:4321 - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_ps.yaml b/_data/engine-cli-edge/docker_ps.yaml deleted file mode 100644 index 248e20a8aa..0000000000 --- a/_data/engine-cli-edge/docker_ps.yaml +++ /dev/null @@ -1,472 +0,0 @@ -command: docker ps -short: List containers -long: List containers -usage: docker ps [OPTIONS] -pname: docker -plink: docker.yaml -options: -- option: all - shorthand: a - value_type: bool - default_value: "false" - description: Show all containers (default shows just running) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print containers using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: last - shorthand: "n" - value_type: int - default_value: "-1" - description: Show n last created containers (includes all states) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: latest - shorthand: l - value_type: bool - default_value: "false" - description: Show the latest created container (includes all states) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Don't truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display numeric IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: size - shorthand: s - value_type: bool - default_value: "false" - description: Display total file sizes - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Prevent truncating output - - Running `docker ps --no-trunc` showing 2 linked containers. - - ```bash - $ docker ps - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds 3300-3310/tcp webapp - d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db - ``` - - ### Show both running and stopped containers - - The `docker ps` command only shows running containers by default. To see all - containers, use the `-a` (or `--all`) flag: - - ```bash - $ docker ps -a - ``` - - `docker ps` groups exposed ports into a single range if possible. E.g., a - container that exposes TCP ports `100, 101, 102` displays `100-102/tcp` in - the `PORTS` column. - - ### Filtering - - The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more - than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) - - The currently supported filters are: - - | Filter | Description | - |:----------------------|:-------------------------------------------------------------------------------------------------------------------------------------| - | `id` | Container's ID | - | `name` | Container's name | - | `label` | An arbitrary string representing either a key or a key-value pair. Expressed as `` or `=` | - | `exited` | An integer representing the container's exit code. Only useful with `--all`. | - | `status` | One of `created`, `restarting`, `running`, `removing`, `paused`, `exited`, or `dead` | - | `ancestor` | Filters containers which share a given image as an ancestor. Expressed as `[:]`, ``, or `` | - | `before` or `since` | Filters containers created before or after a given container ID or name | - | `volume` | Filters running containers which have mounted a given volume or bind mount. | - | `network` | Filters running containers connected to a given network. | - | `publish` or `expose` | Filters containers which publish or expose a given port. Expressed as `[/]` or `/[]` | - | `health` | Filters containers based on their healthcheck status. One of `starting`, `healthy`, `unhealthy` or `none`. | - | `isolation` | Windows daemon only. One of `default`, `process`, or `hyperv`. | - | `is-task` | Filters containers that are a "task" for a service. Boolean option (`true` or `false`) | - - - #### label - - The `label` filter matches containers based on the presence of a `label` alone or a `label` and a - value. - - The following filter matches containers with the `color` label regardless of its value. - - ```bash - $ docker ps --filter "label=color" - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 673394ef1d4c busybox "top" 47 seconds ago Up 45 seconds nostalgic_shockley - d85756f57265 busybox "top" 52 seconds ago Up 51 seconds high_albattani - ``` - - The following filter matches containers with the `color` label with the `blue` value. - - ```bash - $ docker ps --filter "label=color=blue" - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - d85756f57265 busybox "top" About a minute ago Up About a minute high_albattani - ``` - - #### name - - The `name` filter matches on all or part of a container's name. - - The following filter matches all containers with a name containing the `nostalgic_stallman` string. - - ```bash - $ docker ps --filter "name=nostalgic_stallman" - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 9b6247364a03 busybox "top" 2 minutes ago Up 2 minutes nostalgic_stallman - ``` - - You can also filter for a substring in a name as this shows: - - ```bash - $ docker ps --filter "name=nostalgic" - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 715ebfcee040 busybox "top" 3 seconds ago Up 1 second i_am_nostalgic - 9b6247364a03 busybox "top" 7 minutes ago Up 7 minutes nostalgic_stallman - 673394ef1d4c busybox "top" 38 minutes ago Up 38 minutes nostalgic_shockley - ``` - - #### exited - - The `exited` filter matches containers by exist status code. For example, to - filter for containers that have exited successfully: - - ```bash - $ docker ps -a --filter 'exited=0' - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago Exited (0) 2 weeks ago 127.0.0.1:5000->5000/tcp desperate_leakey - 106ea823fe4e fedora:latest /bin/sh -c 'bash -l' 2 weeks ago Exited (0) 2 weeks ago determined_albattani - 48ee228c9464 fedora:20 bash 2 weeks ago Exited (0) 2 weeks ago tender_torvalds - ``` - - #### Filter by exit signal - - You can use a filter to locate containers that exited with status of `137` - meaning a `SIGKILL(9)` killed them. - - ```none - $ docker ps -a --filter 'exited=137' - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - b3e1c0ed5bfe ubuntu:latest "sleep 1000" 12 seconds ago Exited (137) 5 seconds ago grave_kowalevski - a2eb5558d669 redis:latest "/entrypoint.sh redi 2 hours ago Exited (137) 2 hours ago sharp_lalande - ``` - - Any of these events result in a `137` status: - - * the `init` process of the container is killed manually - * `docker kill` kills the container - * Docker daemon restarts which kills all running containers - - #### status - - The `status` filter matches containers by status. You can filter using - `created`, `restarting`, `running`, `removing`, `paused`, `exited` and `dead`. For example, - to filter for `running` containers: - - ```bash - $ docker ps --filter status=running - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 715ebfcee040 busybox "top" 16 minutes ago Up 16 minutes i_am_nostalgic - d5c976d3c462 busybox "top" 23 minutes ago Up 23 minutes top - 9b6247364a03 busybox "top" 24 minutes ago Up 24 minutes nostalgic_stallman - ``` - - To filter for `paused` containers: - - ```bash - $ docker ps --filter status=paused - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 673394ef1d4c busybox "top" About an hour ago Up About an hour (Paused) nostalgic_shockley - ``` - - #### ancestor - - The `ancestor` filter matches containers based on its image or a descendant of - it. The filter supports the following image representation: - - - `image` - - `image:tag` - - `image:tag@digest` - - `short-id` - - `full-id` - - If you don't specify a `tag`, the `latest` tag is used. For example, to filter - for containers that use the latest `ubuntu` image: - - ```bash - $ docker ps --filter ancestor=ubuntu - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 919e1179bdb8 ubuntu-c1 "top" About a minute ago Up About a minute admiring_lovelace - 5d1e4a540723 ubuntu-c2 "top" About a minute ago Up About a minute admiring_sammet - 82a598284012 ubuntu "top" 3 minutes ago Up 3 minutes sleepy_bose - bab2a34ba363 ubuntu "top" 3 minutes ago Up 3 minutes focused_yonath - ``` - - Match containers based on the `ubuntu-c1` image which, in this case, is a child - of `ubuntu`: - - ```bash - $ docker ps --filter ancestor=ubuntu-c1 - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 919e1179bdb8 ubuntu-c1 "top" About a minute ago Up About a minute admiring_lovelace - ``` - - Match containers based on the `ubuntu` version `12.04.5` image: - - ```bash - $ docker ps --filter ancestor=ubuntu:12.04.5 - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose - ``` - - The following matches containers based on the layer `d0e008c6cf02` or an image - that have this layer in its layer stack. - - ```bash - $ docker ps --filter ancestor=d0e008c6cf02 - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose - ``` - - #### Create time - - ##### before - - The `before` filter shows only containers created before the container with - given id or name. For example, having these containers created: - - ```bash - $ docker ps - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 9c3527ed70ce busybox "top" 14 seconds ago Up 15 seconds desperate_dubinsky - 4aace5031105 busybox "top" 48 seconds ago Up 49 seconds focused_hamilton - 6e63f6ff38b0 busybox "top" About a minute ago Up About a minute distracted_fermat - ``` - - Filtering with `before` would give: - - ```bash - $ docker ps -f before=9c3527ed70ce - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4aace5031105 busybox "top" About a minute ago Up About a minute focused_hamilton - 6e63f6ff38b0 busybox "top" About a minute ago Up About a minute distracted_fermat - ``` - - ##### since - - The `since` filter shows only containers created since the container with given - id or name. For example, with the same containers as in `before` filter: - - ```bash - $ docker ps -f since=6e63f6ff38b0 - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 9c3527ed70ce busybox "top" 10 minutes ago Up 10 minutes desperate_dubinsky - 4aace5031105 busybox "top" 10 minutes ago Up 10 minutes focused_hamilton - ``` - - #### volume - - The `volume` filter shows only containers that mount a specific volume or have - a volume mounted in a specific path: - - ```bash - $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" - CONTAINER ID MOUNTS - 9c3527ed70ce remote-volume - - $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" - CONTAINER ID MOUNTS - 9c3527ed70ce remote-volume - ``` - - #### network - - The `network` filter shows only containers that are connected to a network with - a given name or id. - - The following filter matches all containers that are connected to a network - with a name containing `net1`. - - ```bash - $ docker run -d --net=net1 --name=test1 ubuntu top - $ docker run -d --net=net2 --name=test2 ubuntu top - - $ docker ps --filter network=net1 - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 9d4893ed80fe ubuntu "top" 10 minutes ago Up 10 minutes test1 - ``` - - The network filter matches on both the network's name and id. The following - example shows all containers that are attached to the `net1` network, using - the network id as a filter; - - ```bash - $ docker network inspect --format "{{.ID}}" net1 - - 8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5 - - $ docker ps --filter network=8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5 - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 9d4893ed80fe ubuntu "top" 10 minutes ago Up 10 minutes test1 - ``` - - #### publish and expose - - The `publish` and `expose` filters show only containers that have published or exposed port with a given port - number, port range, and/or protocol. The default protocol is `tcp` when not specified. - - The following filter matches all containers that have published port of 80: - - ```bash - $ docker run -d --publish=80 busybox top - $ docker run -d --expose=8080 busybox top - - $ docker ps -a - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 9833437217a5 busybox "top" 5 seconds ago Up 4 seconds 8080/tcp dreamy_mccarthy - fc7e477723b7 busybox "top" 50 seconds ago Up 50 seconds 0.0.0.0:32768->80/tcp admiring_roentgen - - $ docker ps --filter publish=80 - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - fc7e477723b7 busybox "top" About a minute ago Up About a minute 0.0.0.0:32768->80/tcp admiring_roentgen - ``` - - The following filter matches all containers that have exposed TCP port in the range of `8000-8080`: - ```bash - $ docker ps --filter expose=8000-8080/tcp - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 9833437217a5 busybox "top" 21 seconds ago Up 19 seconds 8080/tcp dreamy_mccarthy - ``` - - The following filter matches all containers that have exposed UDP port `80`: - ```bash - $ docker ps --filter publish=80/udp - - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - ``` - - ### Formatting - - The formatting option (`--format`) pretty-prints container output using a Go - template. - - Valid placeholders for the Go template are listed below: - - | Placeholder | Description | - |:--------------|:------------------------------------------------------------------------------------------------| - | `.ID` | Container ID | - | `.Image` | Image ID | - | `.Command` | Quoted command | - | `.CreatedAt` | Time when the container was created. | - | `.RunningFor` | Elapsed time since the container was started. | - | `.Ports` | Exposed ports. | - | `.Status` | Container status. | - | `.Size` | Container disk size. | - | `.Names` | Container names. | - | `.Labels` | All labels assigned to the container. | - | `.Label` | Value of a specific label for this container. For example `'{{.Label "com.docker.swarm.cpu"}}'` | - | `.Mounts` | Names of the volumes mounted in this container. | - | `.Networks` | Names of the networks attached to this container. | - - When using the `--format` option, the `ps` command will either output the data - exactly as the template declares or, when using the `table` directive, includes - column headers as well. - - The following example uses a template without headers and outputs the `ID` and - `Command` entries separated by a colon for all running containers: - - ```bash - $ docker ps --format "{{.ID}}: {{.Command}}" - - a87ecb4f327c: /bin/sh -c #(nop) MA - 01946d9d34d8: /bin/sh -c #(nop) MA - c1d3b0166030: /bin/sh -c yum -y up - 41d50ecd2f57: /bin/sh -c #(nop) MA - ``` - - To list all running containers with their labels in a table format you can use: - - ```bash - $ docker ps --format "table {{.ID}}\t{{.Labels}}" - - CONTAINER ID LABELS - a87ecb4f327c com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd - 01946d9d34d8 - c1d3b0166030 com.docker.swarm.node=debian,com.docker.swarm.cpu=6 - 41d50ecd2f57 com.docker.swarm.node=fedora,com.docker.swarm.cpu=3,com.docker.swarm.storage=ssd - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_pull.yaml b/_data/engine-cli-edge/docker_pull.yaml deleted file mode 100644 index 7b9768e9cf..0000000000 --- a/_data/engine-cli-edge/docker_pull.yaml +++ /dev/null @@ -1,263 +0,0 @@ -command: docker pull -short: Pull an image or a repository from a registry -long: |- - Most of your images will be created on top of a base image from the - [Docker Hub](https://hub.docker.com) registry. - - [Docker Hub](https://hub.docker.com) contains many pre-built images that you - can `pull` and try without needing to define and configure your own. - - To download a particular image, or set of images (i.e., a repository), - use `docker pull`. - - ### Proxy configuration - - If you are behind an HTTP proxy server, for example in corporate settings, - before open a connect to registry, you may need to configure the Docker - daemon's proxy settings, using the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` - environment variables. To set these environment variables on a host using - `systemd`, refer to the [control and configure Docker with systemd](https://docs.docker.com/engine/admin/systemd/#http-proxy) - for variables configuration. - - ### Concurrent downloads - - By default the Docker daemon will pull three layers of an image at a time. - If you are on a low bandwidth connection this may cause timeout issues and you may want to lower - this via the `--max-concurrent-downloads` daemon option. See the - [daemon documentation](dockerd.md) for more details. -usage: docker pull [OPTIONS] NAME[:TAG|@DIGEST] -pname: docker -plink: docker.yaml -options: -- option: all-tags - shorthand: a - value_type: bool - default_value: "false" - description: Download all tagged images in the repository - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image verification - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: platform - value_type: string - description: Set platform if server is multi-platform capable - deprecated: false - min_api_version: "1.32" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Pull an image from Docker Hub - - To download a particular image, or set of images (i.e., a repository), use - `docker pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a - default. This command pulls the `debian:latest` image: - - ```bash - $ docker pull debian - - Using default tag: latest - latest: Pulling from library/debian - fdd5d7827f33: Pull complete - a3ed95caeb02: Pull complete - Digest: sha256:e7d38b3517548a1c71e41bffe9c8ae6d6d29546ce46bf62159837aad072c90aa - Status: Downloaded newer image for debian:latest - ``` - - Docker images can consist of multiple layers. In the example above, the image - consists of two layers; `fdd5d7827f33` and `a3ed95caeb02`. - - Layers can be reused by images. For example, the `debian:jessie` image shares - both layers with `debian:latest`. Pulling the `debian:jessie` image therefore - only pulls its metadata, but not its layers, because all layers are already - present locally: - - ```bash - $ docker pull debian:jessie - - jessie: Pulling from library/debian - fdd5d7827f33: Already exists - a3ed95caeb02: Already exists - Digest: sha256:a9c958be96d7d40df920e7041608f2f017af81800ca5ad23e327bc402626b58e - Status: Downloaded newer image for debian:jessie - ``` - - To see which images are present locally, use the [`docker images`](images.md) - command: - - ```bash - $ docker images - - REPOSITORY TAG IMAGE ID CREATED SIZE - debian jessie f50f9524513f 5 days ago 125.1 MB - debian latest f50f9524513f 5 days ago 125.1 MB - ``` - - Docker uses a content-addressable image store, and the image ID is a SHA256 - digest covering the image's configuration and layers. In the example above, - `debian:jessie` and `debian:latest` have the same image ID because they are - actually the *same* image tagged with different names. Because they are the - same image, their layers are stored only once and do not consume extra disk - space. - - For more information about images, layers, and the content-addressable store, - refer to [understand images, containers, and storage drivers](https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/). - - - ### Pull an image by digest (immutable identifier) - - So far, you've pulled images by their name (and "tag"). Using names and tags is - a convenient way to work with images. When using tags, you can `docker pull` an - image again to make sure you have the most up-to-date version of that image. - For example, `docker pull ubuntu:14.04` pulls the latest version of the Ubuntu - 14.04 image. - - In some cases you don't want images to be updated to newer versions, but prefer - to use a fixed version of an image. Docker enables you to pull an image by its - *digest*. When pulling an image by digest, you specify *exactly* which version - of an image to pull. Doing so, allows you to "pin" an image to that version, - and guarantee that the image you're using is always the same. - - To know the digest of an image, pull the image first. Let's pull the latest - `ubuntu:14.04` image from Docker Hub: - - ```bash - $ docker pull ubuntu:14.04 - - 14.04: Pulling from library/ubuntu - 5a132a7e7af1: Pull complete - fd2731e4c50c: Pull complete - 28a2f68d1120: Pull complete - a3ed95caeb02: Pull complete - Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 - Status: Downloaded newer image for ubuntu:14.04 - ``` - - Docker prints the digest of the image after the pull has finished. In the example - above, the digest of the image is: - - sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 - - Docker also prints the digest of an image when *pushing* to a registry. This - may be useful if you want to pin to a version of the image you just pushed. - - A digest takes the place of the tag when pulling an image, for example, to - pull the above image by digest, run the following command: - - ```bash - $ docker pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 - - sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2: Pulling from library/ubuntu - 5a132a7e7af1: Already exists - fd2731e4c50c: Already exists - 28a2f68d1120: Already exists - a3ed95caeb02: Already exists - Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 - Status: Downloaded newer image for ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 - ``` - - Digest can also be used in the `FROM` of a Dockerfile, for example: - - ```Dockerfile - FROM ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 - MAINTAINER some maintainer - ``` - - > **Note**: Using this feature "pins" an image to a specific version in time. - > Docker will therefore not pull updated versions of an image, which may include - > security updates. If you want to pull an updated image, you need to change the - > digest accordingly. - - - ### Pull from a different registry - - By default, `docker pull` pulls images from [Docker Hub](https://hub.docker.com). It is also possible to - manually specify the path of a registry to pull from. For example, if you have - set up a local registry, you can specify its path to pull from it. A registry - path is similar to a URL, but does not contain a protocol specifier (`https://`). - - The following command pulls the `testing/test-image` image from a local registry - listening on port 5000 (`myregistry.local:5000`): - - ```bash - $ docker pull myregistry.local:5000/testing/test-image - ``` - - Registry credentials are managed by [docker login](login.md). - - Docker uses the `https://` protocol to communicate with a registry, unless the - registry is allowed to be accessed over an insecure connection. Refer to the - [insecure registries](dockerd.md#insecure-registries) section for more information. - - - ### Pull a repository with multiple images - - By default, `docker pull` pulls a *single* image from the registry. A repository - can contain multiple images. To pull all images from a repository, provide the - `-a` (or `--all-tags`) option when using `docker pull`. - - This command pulls all images from the `fedora` repository: - - ```bash - $ docker pull --all-tags fedora - - Pulling repository fedora - ad57ef8d78d7: Download complete - 105182bb5e8b: Download complete - 511136ea3c5a: Download complete - 73bd853d2ea5: Download complete - .... - - Status: Downloaded newer image for fedora - ``` - - After the pull has completed use the `docker images` command to see the - images that were pulled. The example below shows all the `fedora` images - that are present locally: - - ```bash - $ docker images fedora - - REPOSITORY TAG IMAGE ID CREATED SIZE - fedora rawhide ad57ef8d78d7 5 days ago 359.3 MB - fedora 20 105182bb5e8b 5 days ago 372.7 MB - fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB - fedora latest 105182bb5e8b 5 days ago 372.7 MB - ``` - - ### Cancel a pull - - Killing the `docker pull` process, for example by pressing `CTRL-c` while it is - running in a terminal, will terminate the pull operation. - - ```bash - $ docker pull fedora - - Using default tag: latest - latest: Pulling from library/fedora - a3ed95caeb02: Pulling fs layer - 236608c7b546: Pulling fs layer - ^C - ``` - - > **Note**: Technically, the Engine terminates a pull operation when the - > connection between the Docker Engine daemon and the Docker Engine client - > initiating the pull is lost. If the connection with the Engine daemon is - > lost for other reasons than a manual interaction, the pull is also aborted. -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_push.yaml b/_data/engine-cli-edge/docker_push.yaml deleted file mode 100644 index 519980cc25..0000000000 --- a/_data/engine-cli-edge/docker_push.yaml +++ /dev/null @@ -1,63 +0,0 @@ -command: docker push -short: Push an image or a repository to a registry -long: "Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com)\nregistry - or to a self-hosted one.\n\nRefer to the [`docker tag`](tag.md) reference for more - information about valid\nimage and tag names.\n\nKilling the `docker push` process, - for example by pressing `CTRL-c` while it is\nrunning in a terminal, terminates - the push operation.\n\nProgress bars are shown during docker push, which show the - uncompressed size. The \nactual amount of data that's pushed will be compressed - before sending, so the uploaded\n size will not be reflected by the progress bar. - \n\nRegistry credentials are managed by [docker login](login.md).\n\n### Concurrent - uploads\n\nBy default the Docker daemon will push five layers of an image at a time.\nIf - you are on a low bandwidth connection this may cause timeout issues and you may - want to lower\nthis via the `--max-concurrent-uploads` daemon option. See the\n[daemon - documentation](dockerd.md) for more details." -usage: docker push [OPTIONS] NAME[:TAG] -pname: docker -plink: docker.yaml -options: -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image signing - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Push a new image to a registry - - First save the new image by finding the container ID (using [`docker ps`](ps.md)) - and then committing it to a new image name. Note that only `a-z0-9-_.` are - allowed when naming images: - - ```bash - $ docker commit c16378f943fe rhel-httpd - ``` - - Now, push the image to the registry using the image ID. In this example the - registry is on host named `registry-host` and listening on port `5000`. To do - this, tag the image with the host name or IP address, and the port of the - registry: - - ```bash - $ docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd - - $ docker push registry-host:5000/myadmin/rhel-httpd - ``` - - Check that this worked by running: - - ```bash - $ docker images - ``` - - You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` - listed. -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_rename.yaml b/_data/engine-cli-edge/docker_rename.yaml deleted file mode 100644 index c57ea4b5b8..0000000000 --- a/_data/engine-cli-edge/docker_rename.yaml +++ /dev/null @@ -1,16 +0,0 @@ -command: docker rename -short: Rename a container -long: The `docker rename` command renames a container. -usage: docker rename CONTAINER NEW_NAME -pname: docker -plink: docker.yaml -examples: |- - ```bash - $ docker rename my_container my_new_container - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_restart.yaml b/_data/engine-cli-edge/docker_restart.yaml deleted file mode 100644 index 90ff107560..0000000000 --- a/_data/engine-cli-edge/docker_restart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -command: docker restart -short: Restart one or more containers -long: Restart one or more containers -usage: docker restart [OPTIONS] CONTAINER [CONTAINER...] -pname: docker -plink: docker.yaml -options: -- option: time - shorthand: t - value_type: int - default_value: "10" - description: Seconds to wait for stop before killing the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker restart my_container - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_rm.yaml b/_data/engine-cli-edge/docker_rm.yaml deleted file mode 100644 index 889a62aca8..0000000000 --- a/_data/engine-cli-edge/docker_rm.yaml +++ /dev/null @@ -1,113 +0,0 @@ -command: docker rm -short: Remove one or more containers -long: Remove one or more containers -usage: docker rm [OPTIONS] CONTAINER [CONTAINER...] -pname: docker -plink: docker.yaml -options: -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Force the removal of a running container (uses SIGKILL) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link - shorthand: l - value_type: bool - default_value: "false" - description: Remove the specified link - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volumes - shorthand: v - value_type: bool - default_value: "false" - description: Remove the volumes associated with the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Remove a container - - This will remove the container referenced under the link - `/redis`. - - ```bash - $ docker rm /redis - - /redis - ``` - - ### Remove a link specified with `--link` on the default bridge network - - This will remove the underlying link between `/webapp` and the `/redis` - containers on the default bridge network, removing all network communication - between the two containers. This does not apply when `--link` is used with - user-specified networks. - - ```bash - $ docker rm --link /webapp/redis - - /webapp/redis - ``` - - ### Force-remove a running container - - This command will force-remove a running container. - - ```bash - $ docker rm --force redis - - redis - ``` - - The main process inside the container referenced under the link `redis` will receive - `SIGKILL`, then the container will be removed. - - ### Remove all stopped containers - - ```bash - $ docker rm $(docker ps -a -q) - ``` - - This command will delete all stopped containers. The command - `docker ps -a -q` will return all existing container IDs and pass them to - the `rm` command which will delete them. Any running containers will not be - deleted. - - ### Remove a container and its volumes - - ```bash - $ docker rm -v redis - redis - ``` - - This command will remove the container and any volumes associated with it. - Note that if a volume was specified with a name, it will not be removed. - - ### Remove a container and selectively remove volumes - - ```bash - $ docker create -v awesome:/foo -v /bar --name hello redis - hello - $ docker rm -v hello - ``` - - In this example, the volume for `/foo` will remain intact, but the volume for - `/bar` will be removed. The same behavior holds for volumes inherited with - `--volumes-from`. -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_rmi.yaml b/_data/engine-cli-edge/docker_rmi.yaml deleted file mode 100644 index e21b2d3d46..0000000000 --- a/_data/engine-cli-edge/docker_rmi.yaml +++ /dev/null @@ -1,108 +0,0 @@ -command: docker rmi -short: Remove one or more images -long: Remove one or more images -usage: docker rmi [OPTIONS] IMAGE [IMAGE...] -pname: docker -plink: docker.yaml -options: -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Force removal of the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-prune - value_type: bool - default_value: "false" - description: Do not delete untagged parents - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - You can remove an image using its short or long ID, its tag, or its digest. If - an image has one or more tags referencing it, you must remove all of them before - the image is removed. Digest references are removed automatically when an image - is removed by tag. - - ```bash - $ docker images - - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - - $ docker rmi fd484f19954f - - Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories, use -f to force - 2013/12/11 05:47:16 Error: failed to remove one or more images - - $ docker rmi test1 - - Untagged: test1:latest - - $ docker rmi test2 - - Untagged: test2:latest - - - $ docker images - - REPOSITORY TAG IMAGE ID CREATED SIZE - test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - - $ docker rmi test - - Untagged: test:latest - Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - ``` - - If you use the `-f` flag and specify the image's short or long ID, then this - command untags and removes all images that match the specified ID. - - ```bash - $ docker images - - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - - $ docker rmi -f fd484f19954f - - Untagged: test1:latest - Untagged: test:latest - Untagged: test2:latest - Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - ``` - - An image pulled by digest has no tag associated with it: - - ```bash - $ docker images --digests - - REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE - localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB - ``` - - To remove an image using its digest: - - ```bash - $ docker rmi localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf - Untagged: localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf - Deleted: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125 - Deleted: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2 - Deleted: df7546f9f060a2268024c8a230d8639878585defcc1bc6f79d2728a13957871b - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_run.yaml b/_data/engine-cli-edge/docker_run.yaml deleted file mode 100644 index 15d4a20ada..0000000000 --- a/_data/engine-cli-edge/docker_run.yaml +++ /dev/null @@ -1,1542 +0,0 @@ -command: docker run -short: Run a command in a new container -long: |- - The `docker run` command first `creates` a writeable container layer over the - specified image, and then `starts` it using the specified command. That is, - `docker run` is equivalent to the API `/containers/create` then - `/containers/(id)/start`. A stopped container can be restarted with all its - previous changes intact using `docker start`. See `docker ps -a` to view a list - of all containers. - - The `docker run` command can be used in combination with `docker commit` to - [*change the command that a container runs*](commit.md). There is additional detailed information about `docker run` in the [Docker run reference](../run.md). - - For information on connecting a container to a network, see the ["*Docker network overview*"](https://docs.docker.com/engine/userguide/networking/). -usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] -pname: docker -plink: docker.yaml -options: -- option: add-host - value_type: list - description: Add a custom host-to-IP mapping (host:ip) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: attach - shorthand: a - value_type: list - description: Attach to STDIN, STDOUT or STDERR - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: blkio-weight - value_type: uint16 - default_value: "0" - description: | - Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: blkio-weight-device - value_type: list - default_value: '[]' - description: Block IO weight (relative device weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cap-add - value_type: list - description: Add Linux capabilities - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cap-drop - value_type: list - description: Drop Linux capabilities - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cgroup-parent - value_type: string - description: Optional parent cgroup for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cidfile - value_type: string - description: Write the container ID to the file - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-count - value_type: int64 - default_value: "0" - description: CPU count (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-percent - value_type: int64 - default_value: "0" - description: CPU percent (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-period - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) period - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-quota - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) quota - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-period - value_type: int64 - default_value: "0" - description: Limit CPU real-time period in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-runtime - value_type: int64 - default_value: "0" - description: Limit CPU real-time runtime in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-shares - shorthand: c - value_type: int64 - default_value: "0" - description: CPU shares (relative weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpus - value_type: decimal - description: Number of CPUs - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-cpus - value_type: string - description: CPUs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-mems - value_type: string - description: MEMs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: detach - shorthand: d - value_type: bool - default_value: "false" - description: Run container in background and print container ID - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: detach-keys - value_type: string - description: Override the key sequence for detaching a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device - value_type: list - description: Add a host device to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-cgroup-rule - value_type: list - description: Add a rule to the cgroup allowed devices list - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-read-bps - value_type: list - default_value: '[]' - description: Limit read rate (bytes per second) from a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-read-iops - value_type: list - default_value: '[]' - description: Limit read rate (IO per second) from a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-write-bps - value_type: list - default_value: '[]' - description: Limit write rate (bytes per second) to a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: device-write-iops - value_type: list - default_value: '[]' - description: Limit write rate (IO per second) to a device - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: disable-content-trust - value_type: bool - default_value: "true" - description: Skip image verification - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns - value_type: list - description: Set custom DNS servers - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-opt - value_type: list - description: Set DNS options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-option - value_type: list - description: Set DNS options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-search - value_type: list - description: Set custom DNS search domains - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: entrypoint - value_type: string - description: Overwrite the default ENTRYPOINT of the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env - shorthand: e - value_type: list - description: Set environment variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env-file - value_type: list - description: Read in a file of environment variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: expose - value_type: list - description: Expose a port or a range of ports - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: group-add - value_type: list - description: Add additional groups to join - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-cmd - value_type: string - description: Command to run to check health - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-interval - value_type: duration - default_value: 0s - description: Time between running the check (ms|s|m|h) (default 0s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-retries - value_type: int - default_value: "0" - description: Consecutive failures needed to report unhealthy - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-start-period - value_type: duration - default_value: 0s - description: | - Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-timeout - value_type: duration - default_value: 0s - description: | - Maximum time to allow one check to run (ms|s|m|h) (default 0s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: help - value_type: bool - default_value: "false" - description: Print usage - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: hostname - shorthand: h - value_type: string - description: Container host name - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: init - value_type: bool - default_value: "false" - description: | - Run an init inside the container that forwards signals and reaps processes - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: interactive - shorthand: i - value_type: bool - default_value: "false" - description: Keep STDIN open even if not attached - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: io-maxbandwidth - value_type: bytes - default_value: "0" - description: | - Maximum IO bandwidth limit for the system drive (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: io-maxiops - value_type: uint64 - default_value: "0" - description: Maximum IOps limit for the system drive (Windows only) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ip - value_type: string - description: IPv4 address (e.g., 172.30.100.104) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ip6 - value_type: string - description: IPv6 address (e.g., 2001:db8::33) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ipc - value_type: string - description: IPC mode to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: isolation - value_type: string - description: Container isolation technology - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: kernel-memory - value_type: bytes - default_value: "0" - description: Kernel memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label - shorthand: l - value_type: list - description: Set meta data on a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label-file - value_type: list - description: Read in a line delimited file of labels - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link - value_type: list - description: Add link to another container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: link-local-ip - value_type: list - description: Container IPv4/IPv6 link-local addresses - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-driver - value_type: string - description: Logging driver for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-opt - value_type: list - description: Log driver options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mac-address - value_type: string - description: Container MAC address (e.g., 92:d0:c6:0a:29:33) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory - shorthand: m - value_type: bytes - default_value: "0" - description: Memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-reservation - value_type: bytes - default_value: "0" - description: Memory soft limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swap - value_type: bytes - default_value: "0" - description: | - Swap limit equal to memory plus swap: '-1' to enable unlimited swap - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swappiness - value_type: int64 - default_value: "-1" - description: Tune container memory swappiness (0 to 100) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mount - value_type: mount - description: Attach a filesystem mount to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: name - value_type: string - description: Assign a name to the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: net - value_type: string - default_value: default - description: Connect a container to a network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: net-alias - value_type: list - description: Add network-scoped alias for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network - value_type: string - default_value: default - description: Connect a container to a network - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network-alias - value_type: list - description: Add network-scoped alias for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-healthcheck - value_type: bool - default_value: "false" - description: Disable any container-specified HEALTHCHECK - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: oom-kill-disable - value_type: bool - default_value: "false" - description: Disable OOM Killer - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: oom-score-adj - value_type: int - default_value: "0" - description: Tune host's OOM preferences (-1000 to 1000) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pid - value_type: string - description: PID namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pids-limit - value_type: int64 - default_value: "0" - description: Tune container pids limit (set -1 for unlimited) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: platform - value_type: string - description: Set platform if server is multi-platform capable - deprecated: false - min_api_version: "1.32" - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: privileged - value_type: bool - default_value: "false" - description: Give extended privileges to this container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: publish - shorthand: p - value_type: list - description: Publish a container's port(s) to the host - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: publish-all - shorthand: P - value_type: bool - default_value: "false" - description: Publish all exposed ports to random ports - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: read-only - value_type: bool - default_value: "false" - description: Mount the container's root filesystem as read only - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart - value_type: string - default_value: "no" - description: Restart policy to apply when a container exits - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rm - value_type: bool - default_value: "false" - description: Automatically remove the container when it exits - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: runtime - value_type: string - description: Runtime to use for this container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: security-opt - value_type: list - description: Security Options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: shm-size - value_type: bytes - default_value: "0" - description: Size of /dev/shm - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: sig-proxy - value_type: bool - default_value: "true" - description: Proxy received signals to the process - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-signal - value_type: string - default_value: SIGTERM - description: Signal to stop a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-timeout - value_type: int - default_value: "0" - description: Timeout (in seconds) to stop a container - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: storage-opt - value_type: list - description: Storage driver options for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: sysctl - value_type: map - default_value: map[] - description: Sysctl options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tmpfs - value_type: list - description: Mount a tmpfs directory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tty - shorthand: t - value_type: bool - default_value: "false" - description: Allocate a pseudo-TTY - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ulimit - value_type: ulimit - default_value: '[]' - description: Ulimit options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: user - shorthand: u - value_type: string - description: 'Username or UID (format: [:])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: userns - value_type: string - description: User namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: uts - value_type: string - description: UTS namespace to use - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volume - shorthand: v - value_type: list - description: Bind mount a volume - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volume-driver - value_type: string - description: Optional volume driver for the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volumes-from - value_type: list - description: Mount volumes from the specified container(s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: workdir - shorthand: w - value_type: string - description: Working directory inside the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Assign name and allocate pseudo-TTY (--name, -it) - - ```bash - $ docker run --name test -it debian - - root@d6c0fe130dba:/# exit 13 - $ echo $? - 13 - $ docker ps -a | grep test - d6c0fe130dba debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test - ``` - - This example runs a container named `test` using the `debian:latest` - image. The `-it` instructs Docker to allocate a pseudo-TTY connected to - the container's stdin; creating an interactive `bash` shell in the container. - In the example, the `bash` shell is quit by entering - `exit 13`. This exit code is passed on to the caller of - `docker run`, and is recorded in the `test` container's metadata. - - ### Capture container ID (--cidfile) - - ```bash - $ docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" - ``` - - This will create a container and print `test` to the console. The `cidfile` - flag makes Docker attempt to create a new file and write the container ID to it. - If the file exists already, Docker will return an error. Docker will close this - file when `docker run` exits. - - ### Full container capabilities (--privileged) - - ```bash - $ docker run -t -i --rm ubuntu bash - root@bc338942ef20:/# mount -t tmpfs none /mnt - mount: permission denied - ``` - - This will *not* work, because by default, most potentially dangerous kernel - capabilities are dropped; including `cap_sys_admin` (which is required to mount - filesystems). However, the `--privileged` flag will allow it to run: - - ```bash - $ docker run -t -i --privileged ubuntu bash - root@50e3f57e16e6:/# mount -t tmpfs none /mnt - root@50e3f57e16e6:/# df -h - Filesystem Size Used Avail Use% Mounted on - none 1.9G 0 1.9G 0% /mnt - ``` - - The `--privileged` flag gives *all* capabilities to the container, and it also - lifts all the limitations enforced by the `device` cgroup controller. In other - words, the container can then do almost everything that the host can do. This - flag exists to allow special use-cases, like running Docker within Docker. - - ### Set working directory (-w) - - ```bash - $ docker run -w /path/to/dir/ -i -t ubuntu pwd - ``` - - The `-w` lets the command being executed inside directory given, here - `/path/to/dir/`. If the path does not exist it is created inside the container. - - ### Set storage driver options per container - - ```bash - $ docker run -it --storage-opt size=120G fedora /bin/bash - ``` - - This (size) will allow to set the container rootfs size to 120G at creation time. - This option is only available for the `devicemapper`, `btrfs`, `overlay2`, - `windowsfilter` and `zfs` graph drivers. - For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers, - user cannot pass a size less than the Default BaseFS Size. - For the `overlay2` storage driver, the size option is only available if the - backing fs is `xfs` and mounted with the `pquota` mount option. - Under these conditions, user can pass any size less than the backing fs size. - - ### Mount tmpfs (--tmpfs) - - ```bash - $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image - ``` - - The `--tmpfs` flag mounts an empty tmpfs into the container with the `rw`, - `noexec`, `nosuid`, `size=65536k` options. - - ### Mount volume (-v, --read-only) - - ```bash - $ docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd - ``` - - The `-v` flag mounts the current working directory into the container. The `-w` - lets the command being executed inside the current working directory, by - changing into the directory to the value returned by `pwd`. So this - combination executes the command using the container, but inside the - current working directory. - - ```bash - $ docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash - ``` - - When the host directory of a bind-mounted volume doesn't exist, Docker - will automatically create this directory on the host for you. In the - example above, Docker will create the `/doesnt/exist` - folder before starting your container. - - ```bash - $ docker run --read-only -v /icanwrite busybox touch /icanwrite/here - ``` - - Volumes can be used in combination with `--read-only` to control where - a container writes files. The `--read-only` flag mounts the container's root - filesystem as read only prohibiting writes to locations other than the - specified volumes for the container. - - ```bash - $ docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/static-docker-binary:/usr/bin/docker busybox sh - ``` - - By bind-mounting the docker unix socket and statically linked docker - binary (refer to [get the linux binary]( - https://docs.docker.com/engine/installation/binaries/#/get-the-linux-binary)), - you give the container the full access to create and manipulate the host's - Docker daemon. - - On Windows, the paths must be specified using Windows-style semantics. - - ```powershell - PS C:\> docker run -v c:\foo:c:\dest microsoft/nanoserver cmd /s /c type c:\dest\somefile.txt - Contents of file - - PS C:\> docker run -v c:\foo:d: microsoft/nanoserver cmd /s /c type d:\somefile.txt - Contents of file - ``` - - The following examples will fail when using Windows-based containers, as the - destination of a volume or bind mount inside the container must be one of: - a non-existing or empty directory; or a drive other than C:. Further, the source - of a bind mount must be a local directory, not a file. - - ```powershell - net use z: \\remotemachine\share - docker run -v z:\foo:c:\dest ... - docker run -v \\uncpath\to\directory:c:\dest ... - docker run -v c:\foo\somefile.txt:c:\dest ... - docker run -v c:\foo:c: ... - docker run -v c:\foo:c:\existing-directory-with-contents ... - ``` - - For in-depth information about volumes, refer to [manage data in containers](https://docs.docker.com/engine/tutorials/dockervolumes/) - - - ### Add bind mounts or volumes using the --mount flag - - The `--mount` flag allows you to mount volumes, host-directories and `tmpfs` - mounts in a container. - - The `--mount` flag supports most options that are supported by the `-v` or the - `--volume` flag, but uses a different syntax. For in-depth information on the - `--mount` flag, and a comparison between `--volume` and `--mount`, refer to - the [service create command reference](service_create.md#add-bind-mounts-or-volumes). - - Even though there is no plan to deprecate `--volume`, usage of `--mount` is recommended. - - Examples: - - ```bash - $ docker run --read-only --mount type=volume,target=/icanwrite busybox touch /icanwrite/here - ``` - - ```bash - $ docker run -t -i --mount type=bind,src=/data,dst=/data busybox sh - ``` - - ### Publish or expose port (-p, --expose) - - ```bash - $ docker run -p 127.0.0.1:80:8080/tcp ubuntu bash - ``` - - This binds port `8080` of the container to TCP port `80` on `127.0.0.1` of the host - machine. You can also specify `udp` and `sctp` ports. - The [Docker User Guide](https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/) - explains in detail how to manipulate ports in Docker. - - ```bash - $ docker run --expose 80 ubuntu bash - ``` - - This exposes port `80` of the container without publishing the port to the host - system's interfaces. - - ### Set environment variables (-e, --env, --env-file) - - ```bash - $ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash - ``` - - Use the `-e`, `--env`, and `--env-file` flags to set simple (non-array) - environment variables in the container you're running, or overwrite variables - that are defined in the Dockerfile of the image you're running. - - You can define the variable and its value when running the container: - - ```bash - $ docker run --env VAR1=value1 --env VAR2=value2 ubuntu env | grep VAR - VAR1=value1 - VAR2=value2 - ``` - - You can also use variables that you've exported to your local environment: - - ```bash - export VAR1=value1 - export VAR2=value2 - - $ docker run --env VAR1 --env VAR2 ubuntu env | grep VAR - VAR1=value1 - VAR2=value2 - ``` - - When running the command, the Docker CLI client checks the value the variable - has in your local environment and passes it to the container. - If no `=` is provided and that variable is not exported in your local - environment, the variable won't be set in the container. - - You can also load the environment variables from a file. This file should use - the syntax `=value` (which sets the variable to the given value) or - `` (which takes the value from the local environment), and `#` for comments. - - ```bash - $ cat env.list - # This is a comment - VAR1=value1 - VAR2=value2 - USER - - $ docker run --env-file env.list ubuntu env | grep VAR - VAR1=value1 - VAR2=value2 - USER=denis - ``` - - ### Set metadata on container (-l, --label, --label-file) - - A label is a `key=value` pair that applies metadata to a container. To label a container with two labels: - - ```bash - $ docker run -l my-label --label com.example.foo=bar ubuntu bash - ``` - - The `my-label` key doesn't specify a value so the label defaults to an empty - string(`""`). To add multiple labels, repeat the label flag (`-l` or `--label`). - - The `key=value` must be unique to avoid overwriting the label value. If you - specify labels with identical keys but different values, each subsequent value - overwrites the previous. Docker uses the last `key=value` you supply. - - Use the `--label-file` flag to load multiple labels from a file. Delimit each - label in the file with an EOL mark. The example below loads labels from a - labels file in the current directory: - - ```bash - $ docker run --label-file ./labels ubuntu bash - ``` - - The label-file format is similar to the format for loading environment - variables. (Unlike environment variables, labels are not visible to processes - running inside a container.) The following example illustrates a label-file - format: - - ```none - com.example.label1="a label" - - # this is a comment - com.example.label2=another\ label - com.example.label3 - ``` - - You can load multiple label-files by supplying multiple `--label-file` flags. - - For additional information on working with labels, see [*Labels - custom - metadata in Docker*](https://docs.docker.com/engine/userguide/labels-custom-metadata/) in the Docker User - Guide. - - ### Connect a container to a network (--network) - - When you start a container use the `--network` flag to connect it to a network. - This adds the `busybox` container to the `my-net` network. - - ```bash - $ docker run -itd --network=my-net busybox - ``` - - You can also choose the IP addresses for the container with `--ip` and `--ip6` - flags when you start the container on a user-defined network. - - ```bash - $ docker run -itd --network=my-net --ip=10.10.9.75 busybox - ``` - - If you want to add a running container to a network use the `docker network connect` subcommand. - - You can connect multiple containers to the same network. Once connected, the - containers can communicate easily need only another container's IP address - or name. For `overlay` networks or custom plugins that support multi-host - connectivity, containers connected to the same multi-host network but launched - from different Engines can also communicate in this way. - - > **Note**: Service discovery is unavailable on the default bridge network. - > Containers can communicate via their IP addresses by default. To communicate - > by name, they must be linked. - - You can disconnect a container from a network using the `docker network - disconnect` command. - - ### Mount volumes from container (--volumes-from) - - ```bash - $ docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd - ``` - - The `--volumes-from` flag mounts all the defined volumes from the referenced - containers. Containers can be specified by repetitions of the `--volumes-from` - argument. The container ID may be optionally suffixed with `:ro` or `:rw` to - mount the volumes in read-only or read-write mode, respectively. By default, - the volumes are mounted in the same mode (read write or read only) as - the reference container. - - Labeling systems like SELinux require that proper labels are placed on volume - content mounted into a container. Without a label, the security system might - prevent the processes running inside the container from using the content. By - default, Docker does not change the labels set by the OS. - - To change the label in the container context, you can add either of two suffixes - `:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file - objects on the shared volumes. The `z` option tells Docker that two containers - share the volume content. As a result, Docker labels the content with a shared - content label. Shared volume labels allow all containers to read/write content. - The `Z` option tells Docker to label the content with a private unshared label. - Only the current container can use a private volume. - - ### Attach to STDIN/STDOUT/STDERR (-a) - - The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` - or `STDERR`. This makes it possible to manipulate the output and input as - needed. - - ```bash - $ echo "test" | docker run -i -a stdin ubuntu cat - - ``` - - This pipes data into a container and prints the container's ID by attaching - only to the container's `STDIN`. - - ```bash - $ docker run -a stderr ubuntu echo test - ``` - - This isn't going to print anything unless there's an error because we've - only attached to the `STDERR` of the container. The container's logs - still store what's been written to `STDERR` and `STDOUT`. - - ```bash - $ cat somefile | docker run -i -a stdin mybuilder dobuild - ``` - - This is how piping a file into a container could be done for a build. - The container's ID will be printed after the build is done and the build - logs could be retrieved using `docker logs`. This is - useful if you need to pipe a file or something else into a container and - retrieve the container's ID once the container has finished running. - - ### Add host device to container (--device) - - ```bash - $ docker run --device=/dev/sdc:/dev/xvdc \ - --device=/dev/sdd --device=/dev/zero:/dev/nulo \ - -i -t \ - ubuntu ls -l /dev/{xvdc,sdd,nulo} - - brw-rw---- 1 root disk 8, 2 Feb 9 16:05 /dev/xvdc - brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd - crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo - ``` - - It is often necessary to directly expose devices to a container. The `--device` - option enables that. For example, a specific block storage device or loop - device or audio device can be added to an otherwise unprivileged container - (without the `--privileged` flag) and have the application directly access it. - - By default, the container will be able to `read`, `write` and `mknod` these devices. - This can be overridden using a third `:rwm` set of options to each `--device` - flag: - - ```bash - $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc - - Command (m for help): q - $ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc - You will not be able to write the partition table. - - Command (m for help): q - - $ docker run --device=/dev/sda:/dev/xvdc:rw --rm -it ubuntu fdisk /dev/xvdc - - Command (m for help): q - - $ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc - fdisk: unable to open /dev/xvdc: Operation not permitted - ``` - - > **Note**: `--device` cannot be safely used with ephemeral devices. Block devices - > that may be removed should not be added to untrusted containers with - > `--device`. - - ### Restart policies (--restart) - - Use Docker's `--restart` to specify a container's *restart policy*. A restart - policy controls whether the Docker daemon restarts a container after exit. - Docker supports the following restart policies: - - | Policy | Result | - |:---------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| - | `no` | Do not automatically restart the container when it exits. This is the default. | - | `on-failure[:max-retries]` | Restart only if the container exits with a non-zero exit status. Optionally, limit the number of restart retries the Docker daemon attempts. | - | `unless-stopped` | Restart the container unless it is explicitly stopped or Docker itself is stopped or restarted. | - | `always` | Always restart the container regardless of the exit status. When you specify always, the Docker daemon will try to restart the container indefinitely. The container will also always start on daemon startup, regardless of the current state of the container. | - - ```bash - $ docker run --restart=always redis - ``` - - This will run the `redis` container with a restart policy of **always** - so that if the container exits, Docker will restart it. - - More detailed information on restart policies can be found in the - [Restart Policies (--restart)](../run.md#restart-policies---restart) - section of the Docker run reference page. - - ### Add entries to container hosts file (--add-host) - - You can add other hosts into a container's `/etc/hosts` file by using one or - more `--add-host` flags. This example adds a static address for a host named - `docker`: - - ```bash - $ docker run --add-host=docker:10.180.0.1 --rm -it debian - - root@f38c87f2a42d:/# ping docker - PING docker (10.180.0.1): 48 data bytes - 56 bytes from 10.180.0.1: icmp_seq=0 ttl=254 time=7.600 ms - 56 bytes from 10.180.0.1: icmp_seq=1 ttl=254 time=30.705 ms - ^C--- docker ping statistics --- - 2 packets transmitted, 2 packets received, 0% packet loss - round-trip min/avg/max/stddev = 7.600/19.152/30.705/11.553 ms - ``` - - Sometimes you need to connect to the Docker host from within your - container. To enable this, pass the Docker host's IP address to - the container using the `--add-host` flag. To find the host's address, - use the `ip addr show` command. - - The flags you pass to `ip addr show` depend on whether you are - using IPv4 or IPv6 networking in your containers. Use the following - flags for IPv4 address retrieval for a network device named `eth0`: - - ```bash - $ HOSTIP=`ip -4 addr show scope global dev eth0 | grep inet | awk '{print \$2}' | cut -d / -f 1` - $ docker run --add-host=docker:${HOSTIP} --rm -it debian - ``` - - For IPv6 use the `-6` flag instead of the `-4` flag. For other network - devices, replace `eth0` with the correct device name (for example `docker0` - for the bridge device). - - ### Set ulimits in container (--ulimit) - - Since setting `ulimit` settings in a container requires extra privileges not - available in the default container, you can set these using the `--ulimit` flag. - `--ulimit` is specified with a soft and hard limit as such: - `=[:]`, for example: - - ```bash - $ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n" - 1024 - ``` - - > **Note**: If you do not provide a `hard limit`, the `soft limit` will be used - > for both values. If no `ulimits` are set, they will be inherited from - > the default `ulimits` set on the daemon. `as` option is disabled now. - > In other words, the following script is not supported: - > - > ```bash - > $ docker run -it --ulimit as=1024 fedora /bin/bash` - > ``` - - The values are sent to the appropriate `syscall` as they are set. - Docker doesn't perform any byte conversion. Take this into account when setting the values. - - #### For `nproc` usage - - Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linux to set the - maximum number of processes available to a user, not to a container. For example, start four - containers with `daemon` user: - - ```bash - $ docker run -d -u daemon --ulimit nproc=3 busybox top - - $ docker run -d -u daemon --ulimit nproc=3 busybox top - - $ docker run -d -u daemon --ulimit nproc=3 busybox top - - $ docker run -d -u daemon --ulimit nproc=3 busybox top - ``` - - The 4th container fails and reports "[8] System error: resource temporarily unavailable" error. - This fails because the caller set `nproc=3` resulting in the first three containers using up - the three processes quota set for the `daemon` user. - - ### Stop container with signal (--stop-signal) - - The `--stop-signal` flag sets the system call signal that will be sent to the container to exit. - This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9, - or a signal name in the format SIGNAME, for instance SIGKILL. - - ### Optional security options (--security-opt) - - On Windows, this flag can be used to specify the `credentialspec` option. - The `credentialspec` must be in the format `file://spec.txt` or `registry://keyname`. - - ### Stop container with timeout (--stop-timeout) - - The `--stop-timeout` flag sets the timeout (in seconds) that a pre-defined (see `--stop-signal`) system call - signal that will be sent to the container to exit. After timeout elapses the container will be killed with SIGKILL. - - ### Specify isolation technology for container (--isolation) - - This option is useful in situations where you are running Docker containers on - Windows. The `--isolation ` option sets a container's isolation technology. - On Linux, the only supported is the `default` option which uses - Linux namespaces. These two commands are equivalent on Linux: - - ```bash - $ docker run -d busybox top - $ docker run -d --isolation default busybox top - ``` - - On Windows, `--isolation` can take one of these values: - - - | Value | Description | - |:----------|:-------------------------------------------------------------------------------------------| - | `default` | Use the value specified by the Docker daemon's `--exec-opt` or system default (see below). | - | `process` | Shared-kernel namespace isolation (not supported on Windows client operating systems). | - | `hyperv` | Hyper-V hypervisor partition-based isolation. | - - The default isolation on Windows server operating systems is `process`. The default (and only supported) - isolation on Windows client operating systems is `hyperv`. An attempt to start a container on a client - operating system with `--isolation process` will fail. - - On Windows server, assuming the default configuration, these commands are equivalent - and result in `process` isolation: - - ```PowerShell - PS C:\> docker run -d microsoft/nanoserver powershell echo process - PS C:\> docker run -d --isolation default microsoft/nanoserver powershell echo process - PS C:\> docker run -d --isolation process microsoft/nanoserver powershell echo process - ``` - - If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, or - are running against a Windows client-based daemon, these commands are equivalent and - result in `hyperv` isolation: - - ```PowerShell - PS C:\> docker run -d microsoft/nanoserver powershell echo hyperv - PS C:\> docker run -d --isolation default microsoft/nanoserver powershell echo hyperv - PS C:\> docker run -d --isolation hyperv microsoft/nanoserver powershell echo hyperv - ``` - - ### Specify hard limits on memory available to containers (-m, --memory) - - These parameters always set an upper limit on the memory available to the container. On Linux, this - is set on the cgroup and applications in a container can query it at `/sys/fs/cgroup/memory/memory.limit_in_bytes`. - - On Windows, this will affect containers differently depending on what type of isolation is used. - - - With `process` isolation, Windows will report the full memory of the host system, not the limit to applications running inside the container - - ```powershell - PS C:\> docker run -it -m 2GB --isolation=process microsoft/nanoserver powershell Get-ComputerInfo *memory* - - CsTotalPhysicalMemory : 17064509440 - CsPhyicallyInstalledMemory : 16777216 - OsTotalVisibleMemorySize : 16664560 - OsFreePhysicalMemory : 14646720 - OsTotalVirtualMemorySize : 19154928 - OsFreeVirtualMemory : 17197440 - OsInUseVirtualMemory : 1957488 - OsMaxProcessMemorySize : 137438953344 - ``` - - - With `hyperv` isolation, Windows will create a utility VM that is big enough to hold the memory limit, plus the minimal OS needed to host the container. That size is reported as "Total Physical Memory." - - ```powershell - PS C:\> docker run -it -m 2GB --isolation=hyperv microsoft/nanoserver powershell Get-ComputerInfo *memory* - - CsTotalPhysicalMemory : 2683355136 - CsPhyicallyInstalledMemory : - OsTotalVisibleMemorySize : 2620464 - OsFreePhysicalMemory : 2306552 - OsTotalVirtualMemorySize : 2620464 - OsFreeVirtualMemory : 2356692 - OsInUseVirtualMemory : 263772 - OsMaxProcessMemorySize : 137438953344 - ``` - - - ### Configure namespaced kernel parameters (sysctls) at runtime - - The `--sysctl` sets namespaced kernel parameters (sysctls) in the - container. For example, to turn on IP forwarding in the containers - network namespace, run this command: - - ```bash - $ docker run --sysctl net.ipv4.ip_forward=1 someimage - ``` - - > **Note**: Not all sysctls are namespaced. Docker does not support changing sysctls - > inside of a container that also modify the host system. As the kernel - > evolves we expect to see more sysctls become namespaced. - - #### Currently supported sysctls - - - `IPC Namespace`: - - ```none - kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced - Sysctls beginning with fs.mqueue.* - ``` - - If you use the `--ipc=host` option these sysctls will not be allowed. - - - `Network Namespace`: - - Sysctls beginning with net.* - - If you use the `--network=host` option using these sysctls will not be allowed. -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_save.yaml b/_data/engine-cli-edge/docker_save.yaml deleted file mode 100644 index 5a23a1236b..0000000000 --- a/_data/engine-cli-edge/docker_save.yaml +++ /dev/null @@ -1,53 +0,0 @@ -command: docker save -short: Save one or more images to a tar archive (streamed to STDOUT by default) -long: |- - Produces a tarred repository to the standard output stream. - Contains all parent layers, and all tags + versions, or specified `repo:tag`, for - each argument provided. -usage: docker save [OPTIONS] IMAGE [IMAGE...] -pname: docker -plink: docker.yaml -options: -- option: output - shorthand: o - value_type: string - description: Write to a file, instead of STDOUT - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Create a backup that can then be used with `docker load`. - - ```bash - $ docker save busybox > busybox.tar - - $ ls -sh busybox.tar - - 2.7M busybox.tar - - $ docker save --output busybox.tar busybox - - $ ls -sh busybox.tar - - 2.7M busybox.tar - - $ docker save -o fedora-all.tar fedora - - $ docker save -o fedora-latest.tar fedora:latest - ``` - - ### Cherry-pick particular tags - - You can even cherry-pick particular tags of an image repository. - - ```bash - $ docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_search.yaml b/_data/engine-cli-edge/docker_search.yaml deleted file mode 100644 index 1244637a86..0000000000 --- a/_data/engine-cli-edge/docker_search.yaml +++ /dev/null @@ -1,154 +0,0 @@ -command: docker search -short: Search the Docker Hub for images -long: |- - Search [Docker Hub](https://hub.docker.com) for images - - See [*Find Public Images on Docker Hub*](https://docs.docker.com/engine/tutorials/dockerrepos/#searching-for-images) for - more details on finding shared images from the command line. - - > **Note**: Search queries return a maximum of 25 results. -usage: docker search [OPTIONS] TERM -pname: docker -plink: docker.yaml -options: -- option: automated - value_type: bool - default_value: "false" - description: Only show automated builds - deprecated: true - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print search using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: limit - value_type: int - default_value: "25" - description: Max number of search results - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Don't truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stars - shorthand: s - value_type: uint - default_value: "0" - description: Only displays with at least x stars - deprecated: true - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: "### Search images by name\n\nThis example displays images with a name containing - 'busybox':\n\n```none\n$ docker search busybox\n\nNAME DESCRIPTION - \ STARS OFFICIAL AUTOMATED\nbusybox Busybox - base image. 316 [OK] \nprogrium/busybox - \ 50 [OK]\nradial/busyboxplus - \ Full-chain, Internet enabled, busybox made... 8 [OK]\nodise/busybox-python - \ 2 [OK]\nazukiapp/busybox - \ This image is meant to be used as the base... 2 [OK]\nofayau/busybox-jvm - \ Prepare busybox to install a 32 bits JVM. 1 [OK]\nshingonoide/archlinux-busybox - \ Arch Linux, a lightweight and flexible Lin... 1 [OK]\nodise/busybox-curl - \ 1 [OK]\nofayau/busybox-libc32 - \ Busybox with 32 bits (and 64 bits) libs 1 [OK]\npeelsky/zulu-openjdk-busybox - \ 1 [OK]\nskomma/busybox-data - \ Docker image suitable for data volume cont... 1 [OK]\nelektritter/busybox-teamspeak - \ Lightweight teamspeak3 container based on... 1 [OK]\nsocketplane/busybox - \ 1 [OK]\noveits/docker-nginx-busybox - \ This is a tiny NginX docker image based on... 0 [OK]\nggtools/busybox-ubuntu - \ Busybox ubuntu version with extra goodies 0 [OK]\nnikfoundas/busybox-confd - \ Minimal busybox based distribution of confd 0 [OK]\nopenshift/busybox-http-app - \ 0 [OK]\njllopis/busybox - \ 0 [OK]\nswyckoff/busybox - \ 0 [OK]\npowellquiring/busybox - \ 0 [OK]\nwilliamyeh/busybox-sh - \ Docker image for BusyBox's sh 0 [OK]\nsimplexsys/busybox-cli-powered - \ Docker busybox images, with a few often us... 0 [OK]\nfhisamoto/busybox-java - \ Busybox java 0 [OK]\nscottabernethy/busybox - \ 0 [OK]\nmarclop/busybox-solr\n```\n\n### - Display non-truncated description (--no-trunc)\n\nThis example displays images with - a name containing 'busybox',\nat least 3 stars and the description isn't truncated - in the output:\n\n```bash\n$ docker search --stars=3 --no-trunc busybox\nNAME DESCRIPTION - \ STARS - \ OFFICIAL AUTOMATED\nbusybox Busybox base image. 325 - \ [OK] \nprogrium/busybox 50 - \ [OK]\nradial/busyboxplus Full-chain, Internet enabled, busybox - made from scratch. Comes in git and cURL flavors. 8 [OK]\n```\n\n### - Limit search results (--limit)\n\nThe flag `--limit` is the maximum number of results - returned by a search. This value could\nbe in the range between 1 and 100. The default - value of `--limit` is 25.\n\n### Filtering\n\nThe filtering flag (`-f` or `--filter`) - format is a `key=value` pair. If there is more\nthan one filter, then pass multiple - flags (e.g. `--filter \"foo=bar\" --filter \"bif=baz\"`)\n\nThe currently supported - filters are:\n\n* stars (int - number of stars the image has)\n* is-automated (boolean - - true or false) - is the image automated or not\n* is-official (boolean - true - or false) - is the image official or not\n\n#### stars\n\nThis example displays - images with a name containing 'busybox' and at\nleast 3 stars:\n\n```bash\n$ docker - search --filter stars=3 busybox\n\nNAME DESCRIPTION STARS - \ OFFICIAL AUTOMATED\nbusybox Busybox base image. 325 - \ [OK] \nprogrium/busybox 50 - \ [OK]\nradial/busyboxplus Full-chain, Internet enabled, busybox - made... 8 [OK]\n```\n\n#### is-automated\n\nThis example displays - images with a name containing 'busybox'\nand are automated builds:\n\n```bash\n$ - docker search --filter is-automated busybox\n\nNAME DESCRIPTION - \ STARS OFFICIAL AUTOMATED\nprogrium/busybox - \ 50 [OK]\nradial/busyboxplus - \ Full-chain, Internet enabled, busybox made... 8 [OK]\n```\n\n#### - is-official\n\nThis example displays images with a name containing 'busybox', at - least\n3 stars and are official builds:\n\n```bash\n$ docker search --filter \"is-official=true\" - --filter \"stars=3\" busybox\n\nNAME DESCRIPTION STARS - \ OFFICIAL AUTOMATED\nprogrium/busybox 50 - \ [OK]\nradial/busyboxplus Full-chain, Internet enabled, busybox - made... 8 [OK]\n```\n\n### Format the output\n\nThe formatting - option (`--format`) pretty-prints search output\nusing a Go template.\n\nValid placeholders - for the Go template are:\n\n| Placeholder | Description |\n| - -------------- | --------------------------------- |\n| `.Name` | Image Name - \ |\n| `.Description` | Image description |\n| - `.StarCount` | Number of stars for the image |\n| `.IsOfficial` | \"OK\" - if image is official |\n| `.IsAutomated` | \"OK\" if image build was automated - |\n\nWhen you use the `--format` option, the `search` command will\noutput the data - exactly as the template declares. If you use the\n`table` directive, column headers - are included as well.\n\nThe following example uses a template without headers and - outputs the\n`Name` and `StarCount` entries separated by a colon for all images:\n\n```bash\n{% - raw %}\n$ docker search --format \"{{.Name}}: {{.StarCount}}\" nginx\n\nnginx: 5441\njwilder/nginx-proxy: - 953\nricharvey/nginx-php-fpm: 353\nmillion12/nginx-php: 75\nwebdevops/php-nginx: - 70\nh3nrik/nginx-ldap: 35\nbitnami/nginx: 23\nevild/alpine-nginx: 14\nmillion12/nginx: - 9\nmaxexcloo/nginx: 7\n{% endraw %}\n```\n\nThis example outputs a table format:\n\n```bash\n{% - raw %}\n$ docker search --format \"table {{.Name}}\\t{{.IsAutomated}}\\t{{.IsOfficial}}\" - nginx\n\nNAME AUTOMATED OFFICIAL\nnginx - \ [OK]\njwilder/nginx-proxy - \ [OK] \nricharvey/nginx-php-fpm [OK] - \ \njrcs/letsencrypt-nginx-proxy-companion [OK] \nmillion12/nginx-php - \ [OK] \nwebdevops/php-nginx [OK] - \ \n{% endraw %}\n```" -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_secret.yaml b/_data/engine-cli-edge/docker_secret.yaml deleted file mode 100644 index 9ec8a70621..0000000000 --- a/_data/engine-cli-edge/docker_secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -command: docker secret -short: Manage Docker secrets -long: Manage secrets. -usage: docker secret -pname: docker -plink: docker.yaml -cname: -- docker secret create -- docker secret inspect -- docker secret ls -- docker secret rm -clink: -- docker_secret_create.yaml -- docker_secret_inspect.yaml -- docker_secret_ls.yaml -- docker_secret_rm.yaml -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_secret_create.yaml b/_data/engine-cli-edge/docker_secret_create.yaml deleted file mode 100644 index cece92e299..0000000000 --- a/_data/engine-cli-edge/docker_secret_create.yaml +++ /dev/null @@ -1,102 +0,0 @@ -command: docker secret create -short: Create a secret from a file or STDIN as content -long: |- - Creates a secret using standard input or from a file for the secret content. You must run this command on a manager node. - - For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). -usage: docker secret create [OPTIONS] SECRET [file|-] -pname: docker secret -plink: docker_secret.yaml -options: -- option: driver - shorthand: d - value_type: string - description: Secret driver - deprecated: false - min_api_version: "1.37" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label - shorthand: l - value_type: list - description: Secret labels - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: template-driver - value_type: string - description: Template driver - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Create a secret - - ```bash - $ printf | docker secret create my_secret - - - onakdyv307se2tl7nl20anokv - - $ docker secret ls - - ID NAME CREATED UPDATED - onakdyv307se2tl7nl20anokv my_secret 6 seconds ago 6 seconds ago - ``` - - ### Create a secret with a file - - ```bash - $ docker secret create my_secret ./secret.json - - dg426haahpi5ezmkkj5kyl3sn - - $ docker secret ls - - ID NAME CREATED UPDATED - dg426haahpi5ezmkkj5kyl3sn my_secret 7 seconds ago 7 seconds ago - ``` - - ### Create a secret with labels - - ```bash - $ docker secret create --label env=dev \ - --label rev=20170324 \ - my_secret ./secret.json - - eo7jnzguqgtpdah3cm5srfb97 - ``` - - ```none - $ docker secret inspect my_secret - - [ - { - "ID": "eo7jnzguqgtpdah3cm5srfb97", - "Version": { - "Index": 17 - }, - "CreatedAt": "2017-03-24T08:15:09.735271783Z", - "UpdatedAt": "2017-03-24T08:15:09.735271783Z", - "Spec": { - "Name": "my_secret", - "Labels": { - "env": "dev", - "rev": "20170324" - } - } - } - ] - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_secret_inspect.yaml b/_data/engine-cli-edge/docker_secret_inspect.yaml deleted file mode 100644 index e0b3a6c01a..0000000000 --- a/_data/engine-cli-edge/docker_secret_inspect.yaml +++ /dev/null @@ -1,89 +0,0 @@ -command: docker secret inspect -short: Display detailed information on one or more secrets -long: |- - Inspects the specified secret. This command has to be run targeting a manager - node. - - By default, this renders all results in a JSON array. If a format is specified, - the given template will be executed for each result. - - Go's [text/template](http://golang.org/pkg/text/template/) package - describes all the details of the format. - - For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). -usage: docker secret inspect [OPTIONS] SECRET [SECRET...] -pname: docker secret -plink: docker_secret.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pretty - value_type: bool - default_value: "false" - description: Print the information in a human friendly format - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Inspect a secret by name or ID - - You can inspect a secret, either by its *name*, or *ID* - - For example, given the following secret: - - ```bash - $ docker secret ls - - ID NAME CREATED UPDATED - eo7jnzguqgtpdah3cm5srfb97 my_secret 3 minutes ago 3 minutes ago - ``` - - ```none - $ docker secret inspect secret.json - - [ - { - "ID": "eo7jnzguqgtpdah3cm5srfb97", - "Version": { - "Index": 17 - }, - "CreatedAt": "2017-03-24T08:15:09.735271783Z", - "UpdatedAt": "2017-03-24T08:15:09.735271783Z", - "Spec": { - "Name": "my_secret", - "Labels": { - "env": "dev", - "rev": "20170324" - } - } - } - ] - ``` - - ### Formatting - - You can use the --format option to obtain specific information about a - secret. The following example command outputs the creation time of the - secret. - - ```bash - $ docker secret inspect --format='{{.CreatedAt}}' eo7jnzguqgtpdah3cm5srfb97 - - 2017-03-24 08:15:09.735271783 +0000 UTC - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_secret_ls.yaml b/_data/engine-cli-edge/docker_secret_ls.yaml deleted file mode 100644 index 9fba65db2f..0000000000 --- a/_data/engine-cli-edge/docker_secret_ls.yaml +++ /dev/null @@ -1,157 +0,0 @@ -command: docker secret ls -aliases: list -short: List secrets -long: |- - Run this command on a manager node to list the secrets in the swarm. - - For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). -usage: docker secret ls [OPTIONS] -pname: docker secret -plink: docker_secret.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print secrets using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker secret ls - - ID NAME CREATED UPDATED - 6697bflskwj1998km1gnnjr38 q5s5570vtvnimefos1fyeo2u2 6 weeks ago 6 weeks ago - 9u9hk4br2ej0wgngkga6rp4hq my_secret 5 weeks ago 5 weeks ago - mem02h8n73mybpgqjf0kfi1n0 test_secret 3 seconds ago 3 seconds ago - ``` - - ### Filtering - - The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more - than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - - The currently supported filters are: - - * [id](secret_ls.md#id) (secret's ID) - * [label](secret_ls.md#label) (`label=` or `label==`) - * [name](secret_ls.md#name) (secret's name) - - #### id - - The `id` filter matches all or prefix of a secret's id. - - ```bash - $ docker secret ls -f "id=6697bflskwj1998km1gnnjr38" - - ID NAME CREATED UPDATED - 6697bflskwj1998km1gnnjr38 q5s5570vtvnimefos1fyeo2u2 6 weeks ago 6 weeks ago - ``` - - #### label - - The `label` filter matches secrets based on the presence of a `label` alone or - a `label` and a value. - - The following filter matches all secrets with a `project` label regardless of - its value: - - ```bash - $ docker secret ls --filter label=project - - ID NAME CREATED UPDATED - mem02h8n73mybpgqjf0kfi1n0 test_secret About an hour ago About an hour ago - ``` - - The following filter matches only services with the `project` label with the - `project-a` value. - - ```bash - $ docker service ls --filter label=project=test - - ID NAME CREATED UPDATED - mem02h8n73mybpgqjf0kfi1n0 test_secret About an hour ago About an hour ago - ``` - - #### name - - The `name` filter matches on all or prefix of a secret's name. - - The following filter matches secret with a name containing a prefix of `test`. - - ```bash - $ docker secret ls --filter name=test_secret - - ID NAME CREATED UPDATED - mem02h8n73mybpgqjf0kfi1n0 test_secret About an hour ago About an hour ago - ``` - - ### Format the output - - The formatting option (`--format`) pretty prints secrets output - using a Go template. - - Valid placeholders for the Go template are listed below: - - | Placeholder | Description | - | ------------ | ------------------------------------------------------------------------------------ | - | `.ID` | Secret ID | - | `.Name` | Secret name | - | `.CreatedAt` | Time when the secret was created | - | `.UpdatedAt` | Time when the secret was updated | - | `.Labels` | All labels assigned to the secret | - | `.Label` | Value of a specific label for this secret. For example `{{.Label "secret.ssh.key"}}` | - - When using the `--format` option, the `secret ls` command will either - output the data exactly as the template declares or, when using the - `table` directive, will include column headers as well. - - The following example uses a template without headers and outputs the - `ID` and `Name` entries separated by a colon for all images: - - ```bash - $ docker secret ls --format "{{.ID}}: {{.Name}}" - - 77af4d6b9913: secret-1 - b6fa739cedf5: secret-2 - 78a85c484f71: secret-3 - ``` - - To list all secrets with their name and created date in a table format you - can use: - - ```bash - $ docker secret ls --format "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}" - - ID NAME CREATED - 77af4d6b9913 secret-1 5 minutes ago - b6fa739cedf5 secret-2 3 hours ago - 78a85c484f71 secret-3 10 days ago - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_secret_rm.yaml b/_data/engine-cli-edge/docker_secret_rm.yaml deleted file mode 100644 index 1f5f500508..0000000000 --- a/_data/engine-cli-edge/docker_secret_rm.yaml +++ /dev/null @@ -1,28 +0,0 @@ -command: docker secret rm -aliases: remove -short: Remove one or more secrets -long: |- - Removes the specified secrets from the swarm. This command has to be run - targeting a manager node. - - For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). -usage: docker secret rm SECRET [SECRET...] -pname: docker secret -plink: docker_secret.yaml -examples: |- - This example removes a secret: - - ```bash - $ docker secret rm secret.json - sapth4csdo5b6wz2p5uimh5xg - ``` - - > **Warning**: Unlike `docker rm`, this command does not ask for confirmation - > before removing a secret. -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_service.yaml b/_data/engine-cli-edge/docker_service.yaml deleted file mode 100644 index 918bd3b6b9..0000000000 --- a/_data/engine-cli-edge/docker_service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -command: docker service -short: Manage services -long: Manage services. -usage: docker service -pname: docker -plink: docker.yaml -cname: -- docker service create -- docker service inspect -- docker service logs -- docker service ls -- docker service ps -- docker service rm -- docker service rollback -- docker service scale -- docker service update -clink: -- docker_service_create.yaml -- docker_service_inspect.yaml -- docker_service_logs.yaml -- docker_service_ls.yaml -- docker_service_ps.yaml -- docker_service_rm.yaml -- docker_service_rollback.yaml -- docker_service_scale.yaml -- docker_service_update.yaml -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_service_create.yaml b/_data/engine-cli-edge/docker_service_create.yaml deleted file mode 100644 index c980fd5038..0000000000 --- a/_data/engine-cli-edge/docker_service_create.yaml +++ /dev/null @@ -1,952 +0,0 @@ -command: docker service create -short: Create a new service -long: |- - Creates a service as described by the specified parameters. You must run this - command on a manager node. -usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...] -pname: docker service -plink: docker_service.yaml -options: -- option: config - value_type: config - description: Specify configurations to expose to the service - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: constraint - value_type: list - description: Placement constraints - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: container-label - value_type: list - description: Container labels - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: credential-spec - value_type: credential-spec - description: Credential spec for managed service account (Windows only) - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: detach - shorthand: d - value_type: bool - default_value: "false" - description: | - Exit immediately instead of waiting for the service to converge - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns - value_type: list - description: Set custom DNS servers - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-option - value_type: list - description: Set DNS options - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-search - value_type: list - description: Set custom DNS search domains - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: endpoint-mode - value_type: string - default_value: vip - description: Endpoint mode (vip or dnsrr) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: entrypoint - value_type: command - description: Overwrite the default ENTRYPOINT of the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env - shorthand: e - value_type: list - description: Set environment variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env-file - value_type: list - description: Read in a file of environment variables - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: generic-resource - value_type: list - description: User defined resources - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: group - value_type: list - description: Set one or more supplementary user groups for the container - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-cmd - value_type: string - description: Command to run to check health - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-interval - value_type: duration - description: Time between running the check (ms|s|m|h) - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-retries - value_type: int - default_value: "0" - description: Consecutive failures needed to report unhealthy - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-start-period - value_type: duration - description: | - Start period for the container to initialize before counting retries towards unstable (ms|s|m|h) - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-timeout - value_type: duration - description: Maximum time to allow one check to run (ms|s|m|h) - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: host - value_type: list - description: Set one or more custom host-to-IP mappings (host:ip) - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: hostname - value_type: string - description: Container hostname - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: isolation - value_type: string - description: Service container isolation mode - deprecated: false - min_api_version: "1.35" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label - shorthand: l - value_type: list - description: Service labels - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: limit-cpu - value_type: decimal - description: Limit CPUs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: limit-memory - value_type: bytes - default_value: "0" - description: Limit Memory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-driver - value_type: string - description: Logging driver for service - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-opt - value_type: list - description: Logging driver options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mode - value_type: string - default_value: replicated - description: Service mode (replicated or global) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mount - value_type: mount - description: Attach a filesystem mount to the service - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: name - value_type: string - description: Service name - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network - value_type: network - description: Network attachments - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-healthcheck - value_type: bool - default_value: "false" - description: Disable any container-specified HEALTHCHECK - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-resolve-image - value_type: bool - default_value: "false" - description: | - Do not query the registry to resolve image digest and supported platforms - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: placement-pref - value_type: pref - description: Add a placement preference - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: publish - shorthand: p - value_type: port - description: Publish a port as a node port - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Suppress progress output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: read-only - value_type: bool - default_value: "false" - description: Mount the container's root filesystem as read only - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: replicas - value_type: uint - description: Number of tasks - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: reserve-cpu - value_type: decimal - description: Reserve CPUs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: reserve-memory - value_type: bytes - default_value: "0" - description: Reserve Memory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart-condition - value_type: string - description: | - Restart when condition is met ("none"|"on-failure"|"any") (default "any") - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart-delay - value_type: duration - description: Delay between restart attempts (ns|us|ms|s|m|h) (default 5s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart-max-attempts - value_type: uint - description: Maximum number of restarts before giving up - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart-window - value_type: duration - description: Window used to evaluate the restart policy (ns|us|ms|s|m|h) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-delay - value_type: duration - default_value: 0s - description: Delay between task rollbacks (ns|us|ms|s|m|h) (default 0s) - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-failure-action - value_type: string - description: | - Action on rollback failure ("pause"|"continue") (default "pause") - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-max-failure-ratio - value_type: float - default_value: "0" - description: Failure rate to tolerate during a rollback (default 0) - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-monitor - value_type: duration - default_value: 0s - description: | - Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h) (default 5s) - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-order - value_type: string - description: | - Rollback order ("start-first"|"stop-first") (default "stop-first") - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-parallelism - value_type: uint64 - default_value: "1" - description: | - Maximum number of tasks rolled back simultaneously (0 to roll back all at once) - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: secret - value_type: secret - description: Specify secrets to expose to the service - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-grace-period - value_type: duration - description: | - Time to wait before force killing a container (ns|us|ms|s|m|h) (default 10s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-signal - value_type: string - description: Signal to stop the container - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tty - shorthand: t - value_type: bool - default_value: "false" - description: Allocate a pseudo-TTY - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-delay - value_type: duration - default_value: 0s - description: Delay between updates (ns|us|ms|s|m|h) (default 0s) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-failure-action - value_type: string - description: | - Action on update failure ("pause"|"continue"|"rollback") (default "pause") - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-max-failure-ratio - value_type: float - default_value: "0" - description: Failure rate to tolerate during an update (default 0) - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-monitor - value_type: duration - default_value: 0s - description: | - Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 5s) - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-order - value_type: string - description: | - Update order ("start-first"|"stop-first") (default "stop-first") - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-parallelism - value_type: uint64 - default_value: "1" - description: | - Maximum number of tasks updated simultaneously (0 to update all at once) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: user - shorthand: u - value_type: string - description: 'Username or UID (format: [:])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: with-registry-auth - value_type: bool - default_value: "false" - description: Send registry authentication details to swarm agents - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: workdir - shorthand: w - value_type: string - description: Working directory inside the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: "### Create a service\n\n```bash\n$ docker service create --name redis redis:3.0.6\n\ndmu1ept4cxcfe8k8lhtux3ro3\n\n$ - docker service create --mode global --name redis2 redis:3.0.6\n\na8q9dasaafudfs8q8w32udass\n\n$ - docker service ls\n\nID NAME MODE REPLICAS IMAGE\ndmu1ept4cxcf - \ redis replicated 1/1 redis:3.0.6\na8q9dasaafud redis2 global 1/1 - \ redis:3.0.6\n```\n\n#### Create a service using an image on a private registry\n\nIf - your image is available on a private registry which requires login, use the\n`--with-registry-auth` - flag with `docker service create`, after logging in. If\nyour image is stored on - `registry.example.com`, which is a private registry, use\na command like the following:\n\n```bash\n$ - docker login registry.example.com\n\n$ docker service create \\\n --with-registry-auth - \\\n --name my_service \\\n registry.example.com/acme/my_image:latest\n```\n\nThis - passes the login token from your local client to the swarm nodes where the\nservice - is deployed, using the encrypted WAL logs. With this information, the\nnodes are - able to log into the registry and pull the image.\n\n### Create a service with 5 - replica tasks (--replicas)\n\nUse the `--replicas` flag to set the number of replica - tasks for a replicated\nservice. The following command creates a `redis` service - with `5` replica tasks:\n\n```bash\n$ docker service create --name redis --replicas=5 - redis:3.0.6\n\n4cdgfyky7ozwh3htjfw0d12qv\n```\n\nThe above command sets the *desired* - number of tasks for the service. Even\nthough the command returns immediately, actual - scaling of the service may take\nsome time. The `REPLICAS` column shows both the - *actual* and *desired* number\nof replica tasks for the service.\n\nIn the following - example the desired state is `5` replicas, but the current\nnumber of `RUNNING` - tasks is `3`:\n\n```bash\n$ docker service ls\n\nID NAME MODE REPLICAS - \ IMAGE\n4cdgfyky7ozw redis replicated 3/5 redis:3.0.7\n```\n\nOnce all - the tasks are created and `RUNNING`, the actual number of tasks is\nequal to the - desired number:\n\n```bash\n$ docker service ls\n\nID NAME MODE REPLICAS - \ IMAGE\n4cdgfyky7ozw redis replicated 5/5 redis:3.0.7\n```\n\n### Create - a service with secrets\n\nUse the `--secret` flag to give a container access to - a\n[secret](secret_create.md).\n\nCreate a service specifying a secret:\n\n```bash\n$ - docker service create --name redis --secret secret.json redis:3.0.6\n\n4cdgfyky7ozwh3htjfw0d12qv\n```\n\nCreate - a service specifying the secret, target, user/group ID, and mode:\n\n```bash\n$ - docker service create --name redis \\\n --secret source=ssh-key,target=ssh \\\n - \ --secret source=app-key,target=app,uid=1000,gid=1001,mode=0400 \\\n redis:3.0.6\n\n4cdgfyky7ozwh3htjfw0d12qv\n```\n\nTo - grant a service access to multiple secrets, use multiple `--secret` flags.\n\nSecrets - are located in `/run/secrets` in the container. If no target is\nspecified, the - name of the secret will be used as the in memory file in the\ncontainer. If a target - is specified, that will be the filename. In the\nexample above, two files will - be created: `/run/secrets/ssh` and\n`/run/secrets/app` for each of the secret targets - specified.\n\n### Create a service with a rolling update policy\n\n```bash\n$ docker - service create \\\n --replicas 10 \\\n --name redis \\\n --update-delay 10s \\\n - \ --update-parallelism 2 \\\n redis:3.0.6\n```\n\nWhen you run a [service update](service_update.md), - the scheduler updates a\nmaximum of 2 tasks at a time, with `10s` between updates. - For more information,\nrefer to the [rolling updates\ntutorial](https://docs.docker.com/engine/swarm/swarm-tutorial/rolling-update/).\n\n### - Set environment variables (-e, --env)\n\nThis sets an environmental variable for - all tasks in a service. For example:\n\n```bash\n$ docker service create \\\n --name - redis_2 \\\n --replicas 5 \\\n --env MYVAR=foo \\\n redis:3.0.6\n```\n\nTo specify - multiple environment variables, specify multiple `--env` flags, each\nwith a separate - key-value pair.\n\n```bash\n$ docker service create \\\n --name redis_2 \\\n --replicas - 5 \\\n --env MYVAR=foo \\\n --env MYVAR2=bar \\\n redis:3.0.6\n```\n\n### Create - a service with specific hostname (--hostname)\n\nThis option sets the docker service - containers hostname to a specific string.\nFor example:\n\n```bash\n$ docker service - create --name redis --hostname myredis redis:3.0.6\n```\n\n### Set metadata on a - service (-l, --label)\n\nA label is a `key=value` pair that applies metadata to - a service. To label a\nservice with two labels:\n\n```bash\n$ docker service create - \\\n --name redis_2 \\\n --label com.example.foo=\"bar\"\n --label bar=baz \\\n - \ redis:3.0.6\n```\n\nFor more information about labels, refer to [apply custom\nmetadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/).\n\n### - Add bind mounts, volumes or memory filesystems\n\nDocker supports three different - kinds of mounts, which allow containers to read\nfrom or write to files or directories, - either on the host operating system, or\non memory filesystems. These types are - _data volumes_ (often referred to simply\nas volumes), _bind mounts_, and _tmpfs_.\n\nA - **bind mount** makes a file or directory on the host available to the\ncontainer - it is mounted within. A bind mount may be either read-only or\nread-write. For example, - a container might share its host's DNS information by\nmeans of a bind mount of - the host's `/etc/resolv.conf` or a container might\nwrite logs to its host's `/var/log/myContainerLogs` - directory. If you use\nbind mounts and your host and containers have different notions - of permissions,\naccess controls, or other such details, you will run into portability - issues.\n\nA **named volume** is a mechanism for decoupling persistent data needed - by your\ncontainer from the image used to create the container and from the host - machine.\nNamed volumes are created and managed by Docker, and a named volume persists\neven - when no container is currently using it. Data in named volumes can be\nshared between - a container and the host machine, as well as between multiple\ncontainers. Docker - uses a _volume driver_ to create, manage, and mount volumes.\nYou can back up or - restore volumes using Docker commands.\n\nA **tmpfs** mounts a tmpfs inside a container - for volatile data.\n\nConsider a situation where your image starts a lightweight - web server. You could\nuse that image as a base image, copy in your website's HTML - files, and package\nthat into another image. Each time your website changed, you'd - need to update\nthe new image and redeploy all of the containers serving your website. - A better\nsolution is to store the website in a named volume which is attached to - each of\nyour web server containers when they start. To update the website, you - just\nupdate the named volume.\n\nFor more information about named volumes, see\n[Data - Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/).\n\nThe following - table describes options which apply to both bind mounts and named\nvolumes in a - service:\n\n\n \n \n \n \n - \ \n \n \n \n \n \n \n - \ \n \n - \ \n \n \n \n - \ \n \n \n \n \n \n \n - \ \n \n \n \n \n - \ \n
OptionRequiredDescription
types\n

The - type of mount, can be either volume, bind, or tmpfs. - Defaults to volume if no type is specified.\n

    \n
  • volume: - mounts a managed - volume\n into the container.
  • bind:\n bind-mounts - a directory or file from the host into the container.
    • \n
  • tmpfs: - mount a tmpfs in the container
    • \n

\n
src or sourcefor type=bind only>\n
    \n
  • \n type=volume: src - is an optional way to specify the name of the volume (for example, src=my-volume).\n - \ If the named volume does not exist, it is automatically created. If no - src is specified, the volume is\n assigned a random name which - is guaranteed to be unique on the host, but may not be unique cluster-wide.\n A - randomly-named volume has the same lifecycle as its container and is destroyed when - the container\n is destroyed (which is upon service update, - or when scaling or re-balancing the service)\n
    • \n
  • \n type=bind: - src is required, and specifies an absolute path to the file or directory - to bind-mount\n (for example, src=/path/on/host/). An error is - produced if the file or directory does not exist.\n
    • \n
  • \n - \ type=tmpfs: src is not supported.\n
    • \n
\n - \

dst or destination or target

yes\n

Mount path inside the container, for example - /some/path/in/container/.\n If the path does not exist in the container's - filesystem, the Engine creates\n a directory at the specified location before - mounting the volume or bind mount.

\n

readonly - or ro

\n

The Engine mounts binds - and volumes read-write unless readonly option\n is given - when mounting the bind or volume.\n

    \n
  • true or 1 - or no value: Mounts the bind or volume read-only.
    • \n
  • false - or 0: Mounts the bind or volume read-write.
    • \n

\n
consistency\n

The - consistency requirements for the mount; one of\n

    \n
  • default: - Equivalent to consistent.
    • \n
  • consistent: Full - consistency. The container runtime and the host maintain an identical view of the - mount at all times.
    • \n
  • cached: The host's view of the - mount is authoritative. There may be delays before updates made on the host are - visible within a container.
    • \n
  • delegated: The container - runtime's view of the mount is authoritative. There may be delays before updates - made in a container are visible on the host.
    • \n
\n

\n
\n\n#### Bind Propagation\n\nBind propagation refers to whether - or not mounts created within a given\nbind mount or named volume can be propagated - to replicas of that mount. Consider\na mount point `/mnt`, which is also mounted - on `/tmp`. The propation settings\ncontrol whether a mount on `/tmp/a` would also - be available on `/mnt/a`. Each\npropagation setting has a recursive counterpoint. - In the case of recursion,\nconsider that `/tmp/a` is also mounted as `/foo`. The - propagation settings\ncontrol whether `/mnt/a` and/or `/tmp/a` would exist.\n\nThe - `bind-propagation` option defaults to `rprivate` for both bind mounts and\nvolume - mounts, and is only configurable for bind mounts. In other words, named\nvolumes - do not support bind propagation.\n\n- **`shared`**: Sub-mounts of the original mount - are exposed to replica mounts,\n and sub-mounts of replica mounts - are also propagated to the\n original mount.\n- **`slave`**: similar - to a shared mount, but only in one direction. If the\n original mount - exposes a sub-mount, the replica mount can see it.\n However, if the - replica mount exposes a sub-mount, the original\n mount cannot see - it.\n- **`private`**: The mount is private. Sub-mounts within it are not exposed - to\n replica mounts, and sub-mounts of replica mounts are not\n - \ exposed to the original mount.\n- **`rshared`**: The same as shared, - but the propagation also extends to and from\n mount points nested - within any of the original or replica mount\n points.\n- **`rslave`**: - The same as `slave`, but the propagation also extends to and from\n mount - points nested within any of the original or replica mount\n points.\n- - **`rprivate`**: The default. The same as `private`, meaning that no mount points\n - \ anywhere within the original or replica mount points propagate\n - \ in either direction.\n\nFor more information about bind propagation, - see the\n[Linux kernel documentation for shared subtree](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt).\n\n#### - Options for Named Volumes\n\nThe following options can only be used for named volumes - (`type=volume`):\n\n\n\n \n \n \n - \ \n \n \n \n \n \n \n \n \n \n \n - \ \n \n \n - \ \n \n \n
OptionDescription
volume-driver\n

Name of the - volume-driver plugin to use for the volume. Defaults to\n \"local\", - to use the local volume driver to create the volume if the\n volume does not - exist.

\n
volume-label\n - \ One or more custom metadata (\"labels\") to apply to the volume upon\n creation. - For example,\n volume-label=mylabel=hello-world,my-other-label=hello-mars. - For more\n information about labels, refer to\n apply - custom metadata.\n
volume-nocopy\n By default, if you attach an empty volume to a container, and files - or\n directories already existed at the mount-path in the container (dst),\n - \ the Engine copies those files and directories into the volume, allowing\n - \ the host to access them. Set volume-nocopy to disable copying files\n - \ from the container's filesystem to the volume and mount the empty volume.
\n\n A value is optional:\n\n
    \n
  • true or 1: - Default if you do not provide a value. Disables copying.
    • \n
  • false - or 0: Enables copying.
    • \n
\n
volume-opt\n Options specific to a given volume - driver, which will be passed to the\n driver when creating the volume. Options - are provided as a comma-separated\n list of key/value pairs, for example,\n - \ volume-opt=some-option=some-value,volume-opt=some-other-option=some-other-value.\n - \ For available options for a given driver, refer to that driver's\n documentation.\n - \
\n\n\n#### Options for tmpfs\n\nThe following options - can only be used for tmpfs mounts (`type=tmpfs`);\n\n\n\n \n \n - \ \n \n \n \n \n \n \n - \ \n \n \n
OptionDescription
tmpfs-sizeSize - of the tmpfs mount in bytes. Unlimited by default in Linux.
tmpfs-modeFile mode of the tmpfs in octal. (e.g. \"700\" - or \"0700\".) Defaults to \"1777\" in Linux.
\n\n\n#### - Differences between \"--mount\" and \"--volume\"\n\nThe `--mount` flag supports - most options that are supported by the `-v`\nor `--volume` flag for `docker run`, - with some important exceptions:\n\n- The `--mount` flag allows you to specify a - volume driver and volume driver\n options *per volume*, without creating the volumes - in advance. In contrast,\n `docker run` allows you to specify a single volume driver - which is shared\n by all volumes, using the `--volume-driver` flag.\n\n- The `--mount` - flag allows you to specify custom metadata (\"labels\") for a volume,\n before - the volume is created.\n\n- When you use `--mount` with `type=bind`, the host-path - must refer to an *existing*\n path on the host. The path will not be created for - you and the service will fail\n with an error if the path does not exist.\n\n- - The `--mount` flag does not allow you to relabel a volume with `Z` or `z` flags,\n - \ which are used for `selinux` labeling.\n\n#### Create a service using a named - volume\n\nThe following example creates a service that uses a named volume:\n\n```bash\n$ - docker service create \\\n --name my-service \\\n --replicas 3 \\\n --mount type=volume,source=my-volume,destination=/path/in/container,volume-label=\"color=red\",volume-label=\"shape=round\" - \\\n nginx:alpine\n```\n\nFor each replica of the service, the engine requests - a volume named \"my-volume\"\nfrom the default (\"local\") volume driver where the - task is deployed. If the\nvolume does not exist, the engine creates a new volume - and applies the \"color\"\nand \"shape\" labels.\n\nWhen the task is started, the - volume is mounted on `/path/in/container/` inside\nthe container.\n\nBe aware that - the default (\"local\") volume is a locally scoped volume driver.\nThis means that - depending on where a task is deployed, either that task gets a\n*new* volume named - \"my-volume\", or shares the same \"my-volume\" with other tasks\nof the same service. - Multiple containers writing to a single shared volume can\ncause data corruption - if the software running inside the container is not\ndesigned to handle concurrent - processes writing to the same location. Also take\ninto account that containers - can be re-scheduled by the Swarm orchestrator and\nbe deployed on a different node.\n\n#### - Create a service that uses an anonymous volume\n\nThe following command creates - a service with three replicas with an anonymous\nvolume on `/path/in/container`:\n\n```bash\n$ - docker service create \\\n --name my-service \\\n --replicas 3 \\\n --mount type=volume,destination=/path/in/container - \\\n nginx:alpine\n```\n\nIn this example, no name (`source`) is specified for - the volume, so a new volume\nis created for each task. This guarantees that each - task gets its own volume,\nand volumes are not shared between tasks. Anonymous volumes - are removed after\nthe task using them is complete.\n\n#### Create a service that - uses a bind-mounted host directory\n\nThe following example bind-mounts a host directory - at `/path/in/container` in\nthe containers backing the service:\n\n```bash\n$ docker - service create \\\n --name my-service \\\n --mount type=bind,source=/path/on/host,destination=/path/in/container - \\\n nginx:alpine\n```\n\n### Set service mode (--mode)\n\nThe service mode determines - whether this is a _replicated_ service or a _global_\nservice. A replicated service - runs as many tasks as specified, while a global\nservice runs on each active node - in the swarm.\n\nThe following command creates a global service:\n\n```bash\n$ docker - service create \\\n --name redis_2 \\\n --mode global \\\n redis:3.0.6\n```\n\n### - Specify service constraints (--constraint)\n\nYou can limit the set of nodes where - a task can be scheduled by defining\nconstraint expressions. Multiple constraints - find nodes that satisfy every\nexpression (AND match). Constraints can match node - or Docker Engine labels as\nfollows:\n\n\n\n \n \n - \ \n \n \n \n \n - \ \n \n \n \n - \ \n \n \n - \ \n \n \n \n \n - \ \n \n \n \n - \ \n \n \n \n - \ \n \n \n
node attributematchesexample
node.idNode IDnode.id==2ivku8v2gvtg4
node.hostnameNode hostnamenode.hostname!=node-2
node.roleNode rolenode.role==manager
node.labelsuser defined node labelsnode.labels.security==high
engine.labelsDocker Engine's labelsengine.labels.operatingsystem==ubuntu - 14.04
\n\n\n`engine.labels` apply to Docker Engine labels - like operating system,\ndrivers, etc. Swarm administrators add `node.labels` for - operational purposes by\nusing the [`docker node update`](node_update.md) command.\n\nFor - example, the following limits tasks for the redis service to nodes where the\nnode - type label equals queue:\n\n```bash\n$ docker service create \\\n --name redis_2 - \\\n --constraint 'node.labels.type == queue' \\\n redis:3.0.6\n```\n\n### Specify - service placement preferences (--placement-pref)\n\nYou can set up the service to - divide tasks evenly over different categories of\nnodes. One example of where this - can be useful is to balance tasks over a set\nof datacenters or availability zones. - The example below illustrates this:\n\n```bash\n$ docker service create \\\n --replicas - 9 \\\n --name redis_2 \\\n --placement-pref 'spread=node.labels.datacenter' \\\n - \ redis:3.0.6\n```\n\nThis uses `--placement-pref` with a `spread` strategy (currently - the only\nsupported strategy) to spread tasks evenly over the values of the `datacenter`\nnode - label. In this example, we assume that every node has a `datacenter` node\nlabel - attached to it. If there are three different values of this label among\nnodes in - the swarm, one third of the tasks will be placed on the nodes\nassociated with each - value. This is true even if there are more nodes with one\nvalue than another. For - example, consider the following set of nodes:\n\n- Three nodes with `node.labels.datacenter=east`\n- - Two nodes with `node.labels.datacenter=south`\n- One node with `node.labels.datacenter=west`\n\nSince - we are spreading over the values of the `datacenter` label and the\nservice has - 9 replicas, 3 replicas will end up in each datacenter. There are\nthree nodes associated - with the value `east`, so each one will get one of the\nthree replicas reserved - for this value. There are two nodes with the value\n`south`, and the three replicas - for this value will be divided between them,\nwith one receiving two replicas and - another receiving just one. Finally, `west`\nhas a single node that will get all - three replicas reserved for `west`.\n\nIf the nodes in one category (for example, - those with\n`node.labels.datacenter=south`) can't handle their fair share of tasks - due to\nconstraints or resource limitations, the extra tasks will be assigned to - other\nnodes instead, if possible.\n\nBoth engine labels and node labels are supported - by placement preferences. The\nexample above uses a node label, because the label - is referenced with\n`node.labels.datacenter`. To spread over the values of an engine - label, use\n`--placement-pref spread=engine.labels.`.\n\nIt is possible - to add multiple placement preferences to a service. This\nestablishes a hierarchy - of preferences, so that tasks are first divided over\none category, and then further - divided over additional categories. One example\nof where this may be useful is - dividing tasks fairly between datacenters, and\nthen splitting the tasks within - each datacenter over a choice of racks. To add\nmultiple placement preferences, - specify the `--placement-pref` flag multiple\ntimes. The order is significant, and - the placement preferences will be applied\nin the order given when making scheduling - decisions.\n\nThe following example sets up a service with multiple placement preferences.\nTasks - are spread first over the various datacenters, and then over racks\n(as indicated - by the respective labels):\n\n```bash\n$ docker service create \\\n --replicas - 9 \\\n --name redis_2 \\\n --placement-pref 'spread=node.labels.datacenter' \\\n - \ --placement-pref 'spread=node.labels.rack' \\\n redis:3.0.6\n```\n\nWhen updating - a service with `docker service update`, `--placement-pref-add`\nappends a new placement - preference after all existing placement preferences.\n`--placement-pref-rm` removes - an existing placement preference that matches the\nargument.\n\n### Attach a service - to an existing network (--network)\n\nYou can use overlay networks to connect one - or more services within the swarm.\n\nFirst, create an overlay network on a manager - node the docker network create\ncommand:\n\n```bash\n$ docker network create --driver - overlay my-network\n\netjpu59cykrptrgw0z0hk5snf\n```\n\nAfter you create an overlay - network in swarm mode, all manager nodes have\naccess to the network.\n\nWhen you - create a service and pass the `--network` flag to attach the service to\nthe overlay - network:\n\n```bash\n$ docker service create \\\n --replicas 3 \\\n --network - my-network \\\n --name my-web \\\n nginx\n\n716thylsndqma81j6kkkb5aus\n```\n\nThe - swarm extends my-network to each node running the service.\n\nContainers on the - same network can access each other using\n[service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).\n\nLong - form syntax of `--network` allows to specify list of aliases and driver options: - \ \n`--network name=my-network,alias=web1,driver-opt=field1=value1`\n\n### Publish - service ports externally to the swarm (-p, --publish)\n\nYou can publish service - ports to make them available externally to the swarm\nusing the `--publish` flag. - The `--publish` flag can take two different styles\nof arguments. The short version - is positional, and allows you to specify the\npublished port and target port separated - by a colon.\n\n```bash\n$ docker service create --name my_web --replicas 3 --publish - 8080:80 nginx\n```\n\nThere is also a long format, which is easier to read and allows - you to specify\nmore options. The long format is preferred. You cannot specify the - service's\nmode when using the short format. Here is an example of using the long - format\nfor the same service as above:\n\n```bash\n$ docker service create --name - my_web --replicas 3 --publish published=8080,target=80 nginx\n```\n\nThe options - you can specify are:\n\n\n\n\n \n \n - \ \n \n\n\n\n \n \n \n \n\n\n \n \n \n - \ \n\n\n - \ \n \n \n \n\n
OptionShort syntaxLong syntaxDescription
published - and target port--publish 8080:80--publish - published=8080,target=80

\n The target port within the container - and the port to map it to on the\n nodes, using the routing mesh (ingress) - or host-level networking.\n More options are available, later in this table. - The key-value syntax is\n preferred, because it is somewhat self-documenting.\n - \

modeNot possible to set using short - syntax.--publish published=8080,target=80,mode=host

\n The mode to use for binding the port, either ingress or - host.\n Defaults to ingress to use the routing mesh.\n

protocol--publish 8080:80/tcp--publish - published=8080,target=80,protocol=tcp

\n The protocol to - use, tcp , udp, or sctp. Defaults to\n tcp. - To bind a port for both protocols, specify the -p or\n --publish - flag twice.\n

\n\nWhen you publish a service port using - `ingress` mode, the swarm routing mesh\nmakes the service accessible at the published - port on every node regardless if\nthere is a task for the service running on the - node. If you use `host` mode,\nthe port is only bound on nodes where the service - is running, and a given port\non a node can only be bound once. You can only set - the publication mode using\nthe long syntax. For more information refer to\n[Use - swarm mode routing mesh](https://docs.docker.com/engine/swarm/ingress/).\n\n### - Provide credential specs for managed service accounts (Windows only)\n\nThis option - is only used for services using Windows containers. The\n`--credential-spec` must - be in the format `file://` or\n`registry://`.\n\nWhen using - the `file://` format, the referenced file must be\npresent in the `CredentialSpecs` - subdirectory in the docker data directory,\nwhich defaults to `C:\\ProgramData\\Docker\\` - on Windows. For example,\nspecifying `file://spec.json` loads `C:\\ProgramData\\Docker\\CredentialSpecs\\spec.json`.\n\nWhen - using the `registry://` format, the credential spec is\nread from the - Windows registry on the daemon's host. The specified\nregistry value must be located - in:\n\n HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Virtualization\\Containers\\CredentialSpecs\n\n\n### - Create services using templates\n\nYou can use templates for some flags of `service - create`, using the syntax\nprovided by the Go's [text/template](http://golang.org/pkg/text/template/) - package.\n\nThe supported flags are the following :\n\n- `--hostname`\n- `--mount`\n- - `--env`\n\nValid placeholders for the Go template are listed below:\n\n\n\n - \ \n \n \n \n \n \n - \ \n \n \n \n - \ \n \n \n \n - \ \n \n \n \n \n \n \n \n \n - \ \n \n \n \n \n - \ \n \n \n \n \n - \ \n \n \n
PlaceholderDescription
.Service.IDService ID
.Service.NameService name
.Service.LabelsService labels
.Node.IDNode - ID
.Node.HostnameNode Hostname
.Task.IDTask ID
.Task.NameTask name
.Task.SlotTask slot
\n\n\n#### - Template example\n\nIn this example, we are going to set the template of the created - containers based on the\nservice's name, the node's ID and hostname where it sits.\n\n```bash\n$ - docker service create --name hosttempl \\\n --hostname=\"{{.Node.Hostname}}-{{.Node.ID}}-{{.Service.Name}}\"\\\n - \ busybox top\n\nva8ew30grofhjoychbr6iot8c\n\n$ docker service - ps va8ew30grofhjoychbr6iot8c\n\nID NAME IMAGE NODE - \ DESIRED STATE CURRENT STATE ERROR PORTS\nwo41w8hg8qan - \ hosttempl.1 busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 - \ 2e7a8a9c4da2 Running Running about a minute ago\n\n$ docker inspect --format=\"{{.Config.Hostname}}\" - 2e7a8a9c4da2-wo41w8hg8qanxwjwsg4kxpprj-hosttempl\n\nx3ti0erg11rjpg64m75kej2mz-hosttempl\n```\n\n### - Specify isolation mode (Windows)\n\nBy default, tasks scheduled on Windows nodes - are run using the default isolation mode\nconfigured for this particular node. To - force a specific isolation mode, you can use\nthe `--isolation` flag:\n\n```bash\n$ - docker service create --name myservice --isolation=process microsoft/nanoserver\n```\n\nSupported - isolation modes on Windows are:\n- `default`: use default settings specified on - the node running the task\n- `process`: use process isolation (Windows server only)\n- - `hyperv`: use Hyper-V isolation\n\n### Create services requesting Generic Resources\n\nYou - can narrow the kind of nodes your task can land on through the using the\n`--generic-resource` - flag (if the nodes advertise these resources):\n\n```bash\n$ docker service create - --name cuda \\\n --generic-resource \"NVIDIA-GPU=2\" \\\n - \ --generic-resource \"SSD=1\" \\\n nvidia/cuda\n```" -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_service_inspect.yaml b/_data/engine-cli-edge/docker_service_inspect.yaml deleted file mode 100644 index 98bd4741b5..0000000000 --- a/_data/engine-cli-edge/docker_service_inspect.yaml +++ /dev/null @@ -1,71 +0,0 @@ -command: docker service inspect -short: Display detailed information on one or more services -long: |- - Inspects the specified service. This command has to be run targeting a manager - node. - - By default, this renders all results in a JSON array. If a format is specified, - the given template will be executed for each result. - - Go's [text/template](http://golang.org/pkg/text/template/) package - describes all the details of the format. -usage: docker service inspect [OPTIONS] SERVICE [SERVICE...] -pname: docker service -plink: docker_service.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: pretty - value_type: bool - default_value: "false" - description: Print the information in a human friendly format - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: "### Inspect a service by name or ID\n\nYou can inspect a service, either - by its *name*, or *ID*\n\nFor example, given the following service;\n\n```bash\n$ - docker service ls\nID NAME MODE REPLICAS IMAGE\ndmu1ept4cxcf - \ redis replicated 3/3 redis:3.0.6\n```\n\nBoth `docker service inspect - redis`, and `docker service inspect dmu1ept4cxcf`\nproduce the same result:\n\n```none\n$ - docker service inspect redis\n\n[\n {\n \"ID\": \"dmu1ept4cxcfe8k8lhtux3ro3\",\n - \ \"Version\": {\n \"Index\": 12\n },\n \"CreatedAt\": - \"2016-06-17T18:44:02.558012087Z\",\n \"UpdatedAt\": \"2016-06-17T18:44:02.558012087Z\",\n - \ \"Spec\": {\n \"Name\": \"redis\",\n \"TaskTemplate\": - {\n \"ContainerSpec\": {\n \"Image\": \"redis:3.0.6\"\n - \ },\n \"Resources\": {\n \"Limits\": - {},\n \"Reservations\": {}\n },\n \"RestartPolicy\": - {\n \"Condition\": \"any\",\n \"MaxAttempts\": - 0\n },\n \"Placement\": {}\n },\n \"Mode\": - {\n \"Replicated\": {\n \"Replicas\": 1\n }\n - \ },\n \"UpdateConfig\": {},\n \"EndpointSpec\": - {\n \"Mode\": \"vip\"\n }\n },\n \"Endpoint\": - {\n \"Spec\": {}\n }\n }\n]\n```\n\n```bash\n$ docker service - inspect dmu1ept4cxcf\n\n[\n {\n \"ID\": \"dmu1ept4cxcfe8k8lhtux3ro3\",\n - \ \"Version\": {\n \"Index\": 12\n },\n ...\n }\n]\n```\n\n### - Formatting\n\nYou can print the inspect output in a human-readable format instead - of the default\nJSON output, by using the `--pretty` option:\n\n```bash\n$ docker - service inspect --pretty frontend\n\nID:\t\tc8wgl7q4ndfd52ni6qftkvnnp\nName:\t\tfrontend\nLabels:\n - - org.example.projectname=demo-app\nService Mode:\tREPLICATED\n Replicas:\t\t5\nPlacement:\nUpdateConfig:\n - Parallelism:\t0\n On failure:\tpause\n Max failure ratio:\t0\nContainerSpec:\n Image:\t\tnginx:alpine\nResources:\nNetworks:\tnet1\nEndpoint - Mode: vip\nPorts:\n PublishedPort = 4443\n Protocol = tcp\n TargetPort = 443\n - \ PublishMode = ingress\n```\n\nYou can also use `--format pretty` for the same - effect.\n\n\n#### Find the number of tasks running as part of a service\n\nThe `--format` - option can be used to obtain specific information about a\nservice. For example, - the following command outputs the number of replicas\nof the \"redis\" service.\n\n```bash\n$ - docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}}' redis\n\n10\n```" -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_service_logs.yaml b/_data/engine-cli-edge/docker_service_logs.yaml deleted file mode 100644 index d6a75a07bb..0000000000 --- a/_data/engine-cli-edge/docker_service_logs.yaml +++ /dev/null @@ -1,139 +0,0 @@ -command: docker service logs -short: Fetch the logs of a service or task -long: |- - The `docker service logs` command batch-retrieves logs present at the time of execution. - - The `docker service logs` command can be used with either the name or ID of a - service, or with the ID of a task. If a service is passed, it will display logs - for all of the containers in that service. If a task is passed, it will only - display logs from that particular task. - - > **Note**: This command is only functional for services that are started with - > the `json-file` or `journald` logging driver. - - For more information about selecting and configuring logging drivers, refer to - [Configure logging drivers](https://docs.docker.com/engine/admin/logging/overview/). - - The `docker service logs --follow` command will continue streaming the new output from - the service's `STDOUT` and `STDERR`. - - Passing a negative number or a non-integer to `--tail` is invalid and the - value is set to `all` in that case. - - The `docker service logs --timestamps` command will add an [RFC3339Nano timestamp](https://golang.org/pkg/time/#pkg-constants) - , for example `2014-09-16T06:17:46.000000000Z`, to each - log entry. To ensure that the timestamps are aligned the - nano-second part of the timestamp will be padded with zero when necessary. - - The `docker service logs --details` command will add on extra attributes, such as - environment variables and labels, provided to `--log-opt` when creating the - service. - - The `--since` option shows only the service logs generated after - a given date. You can specify the date as an RFC 3339 date, a UNIX - timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Besides RFC3339 date - format you may also use RFC3339Nano, `2006-01-02T15:04:05`, - `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local - timezone on the client will be used if you do not provide either a `Z` or a - `+-00:00` timezone offset at the end of the timestamp. When providing Unix - timestamps enter seconds[.nanoseconds], where seconds is the number of seconds - that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap - seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a - fraction of a second no more than nine digits long. You can combine the - `--since` option with either or both of the `--follow` or `--tail` options. -usage: docker service logs [OPTIONS] SERVICE|TASK -pname: docker service -plink: docker_service.yaml -options: -- option: details - value_type: bool - default_value: "false" - description: Show extra details provided to logs - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: follow - shorthand: f - value_type: bool - default_value: "false" - description: Follow log output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-resolve - value_type: bool - default_value: "false" - description: Do not map IDs to Names in output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-task-ids - value_type: bool - default_value: "false" - description: Do not include task IDs in output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Do not truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: raw - value_type: bool - default_value: "false" - description: Do not neatly format logs - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: since - value_type: string - description: | - Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tail - value_type: string - default_value: all - description: Number of lines to show from the end of the logs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: timestamps - shorthand: t - value_type: bool - default_value: "false" - description: Show timestamps - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -min_api_version: "1.29" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_service_ls.yaml b/_data/engine-cli-edge/docker_service_ls.yaml deleted file mode 100644 index 0407b5088f..0000000000 --- a/_data/engine-cli-edge/docker_service_ls.yaml +++ /dev/null @@ -1,160 +0,0 @@ -command: docker service ls -aliases: list -short: List services -long: |- - This command when run targeting a manager, lists services are running in the - swarm. -usage: docker service ls [OPTIONS] -pname: docker service -plink: docker_service.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print services using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - On a manager node: - - ```bash - $ docker service ls - - ID NAME MODE REPLICAS IMAGE - c8wgl7q4ndfd frontend replicated 5/5 nginx:alpine - dmu1ept4cxcf redis replicated 3/3 redis:3.0.6 - iwe3278osahj mongo global 7/7 mongo:3.3 - ``` - - The `REPLICAS` column shows both the *actual* and *desired* number of tasks for - the service. - - ### Filtering - - The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more - than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - - The currently supported filters are: - - * [id](service_ls.md#id) - * [label](service_ls.md#label) - * [mode](service_ls.md#mode) - * [name](service_ls.md#name) - - #### id - - The `id` filter matches all or part of a service's id. - - ```bash - $ docker service ls -f "id=0bcjw" - ID NAME MODE REPLICAS IMAGE - 0bcjwfh8ychr redis replicated 1/1 redis:3.0.6 - ``` - - #### label - - The `label` filter matches services based on the presence of a `label` alone or - a `label` and a value. - - The following filter matches all services with a `project` label regardless of - its value: - - ```bash - $ docker service ls --filter label=project - ID NAME MODE REPLICAS IMAGE - 01sl1rp6nj5u frontend2 replicated 1/1 nginx:alpine - 36xvvwwauej0 frontend replicated 5/5 nginx:alpine - 74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 - ``` - - The following filter matches only services with the `project` label with the - `project-a` value. - - ```bash - $ docker service ls --filter label=project=project-a - ID NAME MODE REPLICAS IMAGE - 36xvvwwauej0 frontend replicated 5/5 nginx:alpine - 74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 - ``` - - #### mode - - The `mode` filter matches on the mode (either `replicated` or `global`) of a service. - - The following filter matches only `global` services. - - ```bash - $ docker service ls --filter mode=global - ID NAME MODE REPLICAS IMAGE - w7y0v2yrn620 top global 1/1 busybox - ``` - - #### name - - The `name` filter matches on all or part of a service's name. - - The following filter matches services with a name containing `redis`. - - ```bash - $ docker service ls --filter name=redis - ID NAME MODE REPLICAS IMAGE - 0bcjwfh8ychr redis replicated 1/1 redis:3.0.6 - ``` - - ### Formatting - - The formatting options (`--format`) pretty-prints services output - using a Go template. - - Valid placeholders for the Go template are listed below: - - Placeholder | Description - ------------|------------------------------------------------------------------------------------------ - `.ID` | Service ID - `.Name` | Service name - `.Mode` | Service mode (replicated, global) - `.Replicas` | Service replicas - `.Image` | Service image - `.Ports` | Service ports published in ingress mode - - When using the `--format` option, the `service ls` command will either - output the data exactly as the template declares or, when using the - `table` directive, includes column headers as well. - - The following example uses a template without headers and outputs the - `ID`, `Mode`, and `Replicas` entries separated by a colon for all services: - - ```bash - $ docker service ls --format "{{.ID}}: {{.Mode}} {{.Replicas}}" - - 0zmvwuiu3vue: replicated 10/10 - fm6uf97exkul: global 5/5 - ``` -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_service_ps.yaml b/_data/engine-cli-edge/docker_service_ps.yaml deleted file mode 100644 index 1b61790b9d..0000000000 --- a/_data/engine-cli-edge/docker_service_ps.yaml +++ /dev/null @@ -1,207 +0,0 @@ -command: docker service ps -short: List the tasks of one or more services -long: |- - Lists the tasks that are running as part of the specified services. This command - has to be run targeting a manager node. -usage: docker service ps [OPTIONS] SERVICE [SERVICE...] -pname: docker service -plink: docker_service.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print tasks using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-resolve - value_type: bool - default_value: "false" - description: Do not map IDs to Names - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Do not truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display task IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### List the tasks that are part of a service - - The following command shows all the tasks that are part of the `redis` service: - - ```bash - $ docker service ps redis - - ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS - 0qihejybwf1x redis.1 redis:3.0.5 manager1 Running Running 8 seconds - bk658fpbex0d redis.2 redis:3.0.5 worker2 Running Running 9 seconds - 5ls5s5fldaqg redis.3 redis:3.0.5 worker1 Running Running 9 seconds - 8ryt076polmc redis.4 redis:3.0.5 worker1 Running Running 9 seconds - 1x0v8yomsncd redis.5 redis:3.0.5 manager1 Running Running 8 seconds - 71v7je3el7rr redis.6 redis:3.0.5 worker2 Running Running 9 seconds - 4l3zm9b7tfr7 redis.7 redis:3.0.5 worker2 Running Running 9 seconds - 9tfpyixiy2i7 redis.8 redis:3.0.5 worker1 Running Running 9 seconds - 3w1wu13yupln redis.9 redis:3.0.5 manager1 Running Running 8 seconds - 8eaxrb2fqpbn redis.10 redis:3.0.5 manager1 Running Running 8 seconds - ``` - - In addition to _running_ tasks, the output also shows the task history. For - example, after updating the service to use the `redis:3.0.6` image, the output - may look like this: - - ```bash - $ docker service ps redis - - ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS - 50qe8lfnxaxk redis.1 redis:3.0.6 manager1 Running Running 6 seconds ago - ky2re9oz86r9 \_ redis.1 redis:3.0.5 manager1 Shutdown Shutdown 8 seconds ago - 3s46te2nzl4i redis.2 redis:3.0.6 worker2 Running Running less than a second ago - nvjljf7rmor4 \_ redis.2 redis:3.0.6 worker2 Shutdown Rejected 23 seconds ago "No such image: redis@sha256:6…" - vtiuz2fpc0yb \_ redis.2 redis:3.0.5 worker2 Shutdown Shutdown 1 second ago - jnarweeha8x4 redis.3 redis:3.0.6 worker1 Running Running 3 seconds ago - vs448yca2nz4 \_ redis.3 redis:3.0.5 worker1 Shutdown Shutdown 4 seconds ago - jf1i992619ir redis.4 redis:3.0.6 worker1 Running Running 10 seconds ago - blkttv7zs8ee \_ redis.4 redis:3.0.5 worker1 Shutdown Shutdown 11 seconds ago - ``` - - The number of items in the task history is determined by the - `--task-history-limit` option that was set when initializing the swarm. You can - change the task history retention limit using the - [`docker swarm update`](swarm_update.md) command. - - When deploying a service, docker resolves the digest for the service's - image, and pins the service to that digest. The digest is not shown by - default, but is printed if `--no-trunc` is used. The `--no-trunc` option - also shows the non-truncated task ID, and error-messages, as can be seen below; - - ```bash - $ docker service ps --no-trunc redis - - ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS - 50qe8lfnxaxksi9w2a704wkp7 redis.1 redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 manager1 Running Running 5 minutes ago - ky2re9oz86r9556i2szb8a8af \_ redis.1 redis:3.0.5@sha256:f8829e00d95672c48c60f468329d6693c4bdd28d1f057e755f8ba8b40008682e worker2 Shutdown Shutdown 5 minutes ago - bk658fpbex0d57cqcwoe3jthu redis.2 redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Running Running 5 seconds - nvjljf7rmor4htv7l8rwcx7i7 \_ redis.2 redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Shutdown Rejected 5 minutes ago "No such image: redis@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842" - ``` - - ### Filtering - - The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there - is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). - Multiple filter flags are combined as an `OR` filter. For example, - `-f name=redis.1 -f name=redis.7` returns both `redis.1` and `redis.7` tasks. - - The currently supported filters are: - - * [id](#id) - * [name](#name) - * [node](#node) - * [desired-state](#desired-state) - - - #### id - - The `id` filter matches on all or a prefix of a task's ID. - - ```bash - $ docker service ps -f "id=8" redis - - ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS - 8ryt076polmc redis.4 redis:3.0.6 worker1 Running Running 9 seconds - 8eaxrb2fqpbn redis.10 redis:3.0.6 manager1 Running Running 8 seconds - ``` - - #### name - - The `name` filter matches on task names. - - ```bash - $ docker service ps -f "name=redis.1" redis - ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS - qihejybwf1x5 redis.1 redis:3.0.6 manager1 Running Running 8 seconds - ``` - - - #### node - - The `node` filter matches on a node name or a node ID. - - ```bash - $ docker service ps -f "node=manager1" redis - ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS - 0qihejybwf1x redis.1 redis:3.0.6 manager1 Running Running 8 seconds - 1x0v8yomsncd redis.5 redis:3.0.6 manager1 Running Running 8 seconds - 3w1wu13yupln redis.9 redis:3.0.6 manager1 Running Running 8 seconds - 8eaxrb2fqpbn redis.10 redis:3.0.6 manager1 Running Running 8 seconds - ``` - - #### desired-state - - The `desired-state` filter can take the values `running`, `shutdown`, or `accepted`. - - ### Formatting - - The formatting options (`--format`) pretty-prints tasks output - using a Go template. - - Valid placeholders for the Go template are listed below: - - Placeholder | Description - ----------------|------------------------------------------------------------------------------------------ - `.ID` | Task ID - `.Name` | Task name - `.Image` | Task image - `.Node` | Node ID - `.DesiredState` | Desired state of the task (`running`, `shutdown`, or `accepted`) - `.CurrentState` | Current state of the task - `.Error` | Error - `.Ports` | Task published ports - - When using the `--format` option, the `service ps` command will either - output the data exactly as the template declares or, when using the - `table` directive, includes column headers as well. - - The following example uses a template without headers and outputs the - `Name` and `Image` entries separated by a colon for all tasks: - - ```bash - $ docker service ps --format "{{.Name}}: {{.Image}}" top - top.1: busybox - top.2: busybox - top.3: busybox - ``` -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_service_rm.yaml b/_data/engine-cli-edge/docker_service_rm.yaml deleted file mode 100644 index 8d1e623d94..0000000000 --- a/_data/engine-cli-edge/docker_service_rm.yaml +++ /dev/null @@ -1,31 +0,0 @@ -command: docker service rm -aliases: remove -short: Remove one or more services -long: |- - Removes the specified services from the swarm. This command has to be run - targeting a manager node. -usage: docker service rm SERVICE [SERVICE...] -pname: docker service -plink: docker_service.yaml -examples: |- - Remove the `redis` service: - - ```bash - $ docker service rm redis - - redis - - $ docker service ls - - ID NAME MODE REPLICAS IMAGE - ``` - - > **Warning**: Unlike `docker rm`, this command does not ask for confirmation - > before removing a running service. -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_service_rollback.yaml b/_data/engine-cli-edge/docker_service_rollback.yaml deleted file mode 100644 index 29e80c391e..0000000000 --- a/_data/engine-cli-edge/docker_service_rollback.yaml +++ /dev/null @@ -1,87 +0,0 @@ -command: docker service rollback -short: Revert changes to a service's configuration -long: |- - Roll back a specified service to its previous version from the swarm. This command must be run - targeting a manager node. -usage: docker service rollback [OPTIONS] SERVICE -pname: docker service -plink: docker_service.yaml -options: -- option: detach - shorthand: d - value_type: bool - default_value: "false" - description: | - Exit immediately instead of waiting for the service to converge - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Suppress progress output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Roll back to the previous version of a service - - Use the `docker service rollback` command to roll back to the previous version - of a service. After executing this command, the service is reverted to the - configuration that was in place before the most recent `docker service update` - command. - - The following example creates a service with a single replica, updates the - service to use three replicas, and then rolls back the service to the - previous version, having one replica. - - Create a service with a single replica: - - ```bash - $ docker service create --name my-service -p 8080:80 nginx:alpine - ``` - - Confirm that the service is running with a single replica: - - ```bash - $ docker service ls - - ID NAME MODE REPLICAS IMAGE PORTS - xbw728mf6q0d my-service replicated 1/1 nginx:alpine *:8080->80/tcp - ``` - - Update the service to use three replicas: - - ```bash - $ docker service update --replicas=3 my-service - - $ docker service ls - - ID NAME MODE REPLICAS IMAGE PORTS - xbw728mf6q0d my-service replicated 3/3 nginx:alpine *:8080->80/tcp - ``` - - Now roll back the service to its previous version, and confirm it is - running a single replica again: - - ```bash - $ docker service rollback my-service - - $ docker service ls - - ID NAME MODE REPLICAS IMAGE PORTS - xbw728mf6q0d my-service replicated 1/1 nginx:alpine *:8080->80/tcp - ``` -deprecated: false -min_api_version: "1.31" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_service_scale.yaml b/_data/engine-cli-edge/docker_service_scale.yaml deleted file mode 100644 index f1208dbc24..0000000000 --- a/_data/engine-cli-edge/docker_service_scale.yaml +++ /dev/null @@ -1,90 +0,0 @@ -command: docker service scale -short: Scale one or multiple replicated services -long: |- - The scale command enables you to scale one or more replicated services either up - or down to the desired number of replicas. This command cannot be applied on - services which are global mode. The command will return immediately, but the - actual scaling of the service may take some time. To stop all replicas of a - service while keeping the service active in the swarm you can set the scale to 0. -usage: docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...] -pname: docker service -plink: docker_service.yaml -options: -- option: detach - shorthand: d - value_type: bool - default_value: "false" - description: | - Exit immediately instead of waiting for the service to converge - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Scale a single service - - The following command scales the "frontend" service to 50 tasks. - - ```bash - $ docker service scale frontend=50 - - frontend scaled to 50 - ``` - - The following command tries to scale a global service to 10 tasks and returns an error. - - ```bash - $ docker service create --mode global --name backend backend:latest - - b4g08uwuairexjub6ome6usqh - - $ docker service scale backend=10 - - backend: scale can only be used with replicated mode - ``` - - Directly afterwards, run `docker service ls`, to see the actual number of - replicas. - - ```bash - $ docker service ls --filter name=frontend - - ID NAME MODE REPLICAS IMAGE - 3pr5mlvu3fh9 frontend replicated 15/50 nginx:alpine - ``` - - You can also scale a service using the [`docker service update`](service_update.md) - command. The following commands are equivalent: - - ```bash - $ docker service scale frontend=50 - $ docker service update --replicas=50 frontend - ``` - - ### Scale multiple services - - The `docker service scale` command allows you to set the desired number of - tasks for multiple services at once. The following example scales both the - backend and frontend services: - - ```bash - $ docker service scale backend=3 frontend=5 - - backend scaled to 3 - frontend scaled to 5 - - $ docker service ls - - ID NAME MODE REPLICAS IMAGE - 3pr5mlvu3fh9 frontend replicated 5/5 nginx:alpine - 74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 - ``` -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_service_update.yaml b/_data/engine-cli-edge/docker_service_update.yaml deleted file mode 100644 index 2769d0c3e2..0000000000 --- a/_data/engine-cli-edge/docker_service_update.yaml +++ /dev/null @@ -1,920 +0,0 @@ -command: docker service update -short: Update a service -long: |- - Updates a service as described by the specified parameters. This command has to be run targeting a manager node. - The parameters are the same as [`docker service create`](service_create.md). Please look at the description there - for further information. - - Normally, updating a service will only cause the service's tasks to be replaced with new ones if a change to the - service requires recreating the tasks for it to take effect. For example, only changing the - `--update-parallelism` setting will not recreate the tasks, because the individual tasks are not affected by this - setting. However, the `--force` flag will cause the tasks to be recreated anyway. This can be used to perform a - rolling restart without any changes to the service parameters. -usage: docker service update [OPTIONS] SERVICE -pname: docker service -plink: docker_service.yaml -options: -- option: args - value_type: command - description: Service command args - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: config-add - value_type: config - description: Add or update a config file on a service - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: config-rm - value_type: list - description: Remove a configuration file - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: constraint-add - value_type: list - description: Add or update a placement constraint - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: constraint-rm - value_type: list - description: Remove a constraint - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: container-label-add - value_type: list - description: Add or update a container label - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: container-label-rm - value_type: list - description: Remove a container label by its key - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: credential-spec - value_type: credential-spec - description: Credential spec for managed service account (Windows only) - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: detach - shorthand: d - value_type: bool - default_value: "false" - description: | - Exit immediately instead of waiting for the service to converge - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-add - value_type: list - description: Add or update a custom DNS server - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-option-add - value_type: list - description: Add or update a DNS option - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-option-rm - value_type: list - description: Remove a DNS option - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-rm - value_type: list - description: Remove a custom DNS server - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-search-add - value_type: list - description: Add or update a custom DNS search domain - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dns-search-rm - value_type: list - description: Remove a DNS search domain - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: endpoint-mode - value_type: string - description: Endpoint mode (vip or dnsrr) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: entrypoint - value_type: command - description: Overwrite the default ENTRYPOINT of the image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env-add - value_type: list - description: Add or update an environment variable - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: env-rm - value_type: list - description: Remove an environment variable - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: force - value_type: bool - default_value: "false" - description: Force update even if no changes require it - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: generic-resource-add - value_type: list - description: Add a Generic resource - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: generic-resource-rm - value_type: list - description: Remove a Generic resource - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: group-add - value_type: list - description: Add an additional supplementary user group to the container - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: group-rm - value_type: list - description: | - Remove a previously added supplementary user group from the container - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-cmd - value_type: string - description: Command to run to check health - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-interval - value_type: duration - description: Time between running the check (ms|s|m|h) - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-retries - value_type: int - default_value: "0" - description: Consecutive failures needed to report unhealthy - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-start-period - value_type: duration - description: | - Start period for the container to initialize before counting retries towards unstable (ms|s|m|h) - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: health-timeout - value_type: duration - description: Maximum time to allow one check to run (ms|s|m|h) - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: host-add - value_type: list - description: Add a custom host-to-IP mapping (host:ip) - deprecated: false - min_api_version: "1.32" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: host-rm - value_type: list - description: Remove a custom host-to-IP mapping (host:ip) - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: hostname - value_type: string - description: Container hostname - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: image - value_type: string - description: Service image tag - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: isolation - value_type: string - description: Service container isolation mode - deprecated: false - min_api_version: "1.35" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label-add - value_type: list - description: Add or update a service label - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label-rm - value_type: list - description: Remove a label by its key - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: limit-cpu - value_type: decimal - description: Limit CPUs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: limit-memory - value_type: bytes - default_value: "0" - description: Limit Memory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-driver - value_type: string - description: Logging driver for service - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: log-opt - value_type: list - description: Logging driver options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mount-add - value_type: mount - description: Add or update a mount on a service - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: mount-rm - value_type: list - description: Remove a mount by its target path - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network-add - value_type: network - description: Add a network - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: network-rm - value_type: list - description: Remove a network - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-healthcheck - value_type: bool - default_value: "false" - description: Disable any container-specified HEALTHCHECK - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-resolve-image - value_type: bool - default_value: "false" - description: | - Do not query the registry to resolve image digest and supported platforms - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: placement-pref-add - value_type: pref - description: Add a placement preference - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: placement-pref-rm - value_type: pref - description: Remove a placement preference - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: publish-add - value_type: port - description: Add or update a published port - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: publish-rm - value_type: port - description: Remove a published port by its target port - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Suppress progress output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: read-only - value_type: bool - default_value: "false" - description: Mount the container's root filesystem as read only - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: replicas - value_type: uint - description: Number of tasks - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: reserve-cpu - value_type: decimal - description: Reserve CPUs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: reserve-memory - value_type: bytes - default_value: "0" - description: Reserve Memory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart-condition - value_type: string - description: Restart when condition is met ("none"|"on-failure"|"any") - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart-delay - value_type: duration - description: Delay between restart attempts (ns|us|ms|s|m|h) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart-max-attempts - value_type: uint - description: Maximum number of restarts before giving up - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart-window - value_type: duration - description: Window used to evaluate the restart policy (ns|us|ms|s|m|h) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback - value_type: bool - default_value: "false" - description: Rollback to previous specification - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-delay - value_type: duration - default_value: 0s - description: Delay between task rollbacks (ns|us|ms|s|m|h) - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-failure-action - value_type: string - description: Action on rollback failure ("pause"|"continue") - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-max-failure-ratio - value_type: float - default_value: "0" - description: Failure rate to tolerate during a rollback - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-monitor - value_type: duration - default_value: 0s - description: | - Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h) - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-order - value_type: string - description: Rollback order ("start-first"|"stop-first") - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rollback-parallelism - value_type: uint64 - default_value: "0" - description: | - Maximum number of tasks rolled back simultaneously (0 to roll back all at once) - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: secret-add - value_type: secret - description: Add or update a secret on a service - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: secret-rm - value_type: list - description: Remove a secret - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-grace-period - value_type: duration - description: | - Time to wait before force killing a container (ns|us|ms|s|m|h) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: stop-signal - value_type: string - description: Signal to stop the container - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: tty - shorthand: t - value_type: bool - default_value: "false" - description: Allocate a pseudo-TTY - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-delay - value_type: duration - default_value: 0s - description: Delay between updates (ns|us|ms|s|m|h) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-failure-action - value_type: string - description: Action on update failure ("pause"|"continue"|"rollback") - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-max-failure-ratio - value_type: float - default_value: "0" - description: Failure rate to tolerate during an update - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-monitor - value_type: duration - default_value: 0s - description: | - Duration after each task update to monitor for failure (ns|us|ms|s|m|h) - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-order - value_type: string - description: Update order ("start-first"|"stop-first") - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: update-parallelism - value_type: uint64 - default_value: "0" - description: | - Maximum number of tasks updated simultaneously (0 to update all at once) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: user - shorthand: u - value_type: string - description: 'Username or UID (format: [:])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: with-registry-auth - value_type: bool - default_value: "false" - description: Send registry authentication details to swarm agents - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: workdir - shorthand: w - value_type: string - description: Working directory inside the container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Update a service - - ```bash - $ docker service update --limit-cpu 2 redis - ``` - - ### Perform a rolling restart with no parameter changes - - ```bash - $ docker service update --force --update-parallelism 1 --update-delay 30s redis - ``` - - In this example, the `--force` flag causes the service's tasks to be shut down - and replaced with new ones even though none of the other parameters would - normally cause that to happen. The `--update-parallelism 1` setting ensures - that only one task is replaced at a time (this is the default behavior). The - `--update-delay 30s` setting introduces a 30 second delay between tasks, so - that the rolling restart happens gradually. - - ### Add or remove mounts - - Use the `--mount-add` or `--mount-rm` options add or remove a service's bind mounts - or volumes. - - The following example creates a service which mounts the `test-data` volume to - `/somewhere`. The next step updates the service to also mount the `other-volume` - volume to `/somewhere-else`volume, The last step unmounts the `/somewhere` mount - point, effectively removing the `test-data` volume. Each command returns the - service name. - - - The `--mount-add` flag takes the same parameters as the `--mount` flag on - `service create`. Refer to the [volumes and - bind mounts](service_create.md#volumes-and-bind-mounts-mount) section in the - `service create` reference for details. - - - The `--mount-rm` flag takes the `target` path of the mount. - - ```bash - $ docker service create \ - --name=myservice \ - --mount \ - type=volume,source=test-data,target=/somewhere \ - nginx:alpine \ - myservice - - myservice - - $ docker service update \ - --mount-add \ - type=volume,source=other-volume,target=/somewhere-else \ - myservice - - myservice - - $ docker service update --mount-rm /somewhere myservice - - myservice - ``` - - ### Add or remove published service ports - - Use the `--publish-add` or `--publish-rm` flags to add or remove a published - port for a service. You can use the short or long syntax discussed in the - [docker service create](service_create/#publish-service-ports-externally-to-the-swarm) - reference. - - The following example adds a published service port to an existing service. - - ```bash - $ docker service update \ - --publish-add published=8080,target=80 \ - myservice - ``` - - ### Add or remove network - - Use the `--network-add` or `--network-rm` flags to add or remove a network for - a service. You can use the short or long syntax discussed in the - [docker service create](service_create/#attach-a-service-to-an-existing-network-network) - reference. - - The following example adds a new alias name to an existing service already connected to network my-network: - - ```bash - $ docker service update \ - --network-rm my-network \ - --network-add name=my-network,alias=web1 \ - myservice - ``` - - ### Roll back to the previous version of a service - - Use the `--rollback` option to roll back to the previous version of the service. - - This will revert the service to the configuration that was in place before the most recent `docker service update` command. - - The following example updates the number of replicas for the service from 4 to 5, and then rolls back to the previous configuration. - - ```bash - $ docker service update --replicas=5 web - - web - - $ docker service ls - - ID NAME MODE REPLICAS IMAGE - 80bvrzp6vxf3 web replicated 0/5 nginx:alpine - - ``` - Roll back the `web` service... - - ```bash - $ docker service update --rollback web - - web - - $ docker service ls - - ID NAME MODE REPLICAS IMAGE - 80bvrzp6vxf3 web replicated 0/4 nginx:alpine - - ``` - - Other options can be combined with `--rollback` as well, for example, `--update-delay 0s` to execute the rollback without a delay between tasks: - - ```bash - $ docker service update \ - --rollback \ - --update-delay 0s - web - - web - - ``` - - Services can also be set up to roll back to the previous version automatically - when an update fails. To set up a service for automatic rollback, use - `--update-failure-action=rollback`. A rollback will be triggered if the fraction - of the tasks which failed to update successfully exceeds the value given with - `--update-max-failure-ratio`. - - The rate, parallelism, and other parameters of a rollback operation are - determined by the values passed with the following flags: - - - `--rollback-delay` - - `--rollback-failure-action` - - `--rollback-max-failure-ratio` - - `--rollback-monitor` - - `--rollback-parallelism` - - For example, a service set up with `--update-parallelism 1 --rollback-parallelism 3` - will update one task at a time during a normal update, but during a rollback, 3 - tasks at a time will get rolled back. These rollback parameters are respected both - during automatic rollbacks and for rollbacks initiated manually using `--rollback`. - - ### Add or remove secrets - - Use the `--secret-add` or `--secret-rm` options add or remove a service's - secrets. - - The following example adds a secret named `ssh-2` and removes `ssh-1`: - - ```bash - $ docker service update \ - --secret-add source=ssh-2,target=ssh-2 \ - --secret-rm ssh-1 \ - myservice - ``` - - ### Update services using templates - - Some flags of `service update` support the use of templating. - See [`service create`](./service_create.md#templating) for the reference. - - - ### Specify isolation mode (Windows) - - `service update` supports the same `--isolation` flag as `service create` - See [`service create`](./service_create.md) for the reference. -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_stack.yaml b/_data/engine-cli-edge/docker_stack.yaml deleted file mode 100644 index ed80ae2518..0000000000 --- a/_data/engine-cli-edge/docker_stack.yaml +++ /dev/null @@ -1,43 +0,0 @@ -command: docker stack -short: Manage Docker stacks -long: Manage stacks. -usage: docker stack -pname: docker -plink: docker.yaml -cname: -- docker stack deploy -- docker stack ls -- docker stack ps -- docker stack rm -- docker stack services -clink: -- docker_stack_deploy.yaml -- docker_stack_ls.yaml -- docker_stack_ps.yaml -- docker_stack_rm.yaml -- docker_stack_services.yaml -options: -- option: kubeconfig - value_type: string - description: Kubernetes config file - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -- option: namespace - value_type: string - default_value: default - description: Kubernetes namespace to use - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: true -swarm: true - diff --git a/_data/engine-cli-edge/docker_stack_deploy.yaml b/_data/engine-cli-edge/docker_stack_deploy.yaml deleted file mode 100644 index 270f677c74..0000000000 --- a/_data/engine-cli-edge/docker_stack_deploy.yaml +++ /dev/null @@ -1,181 +0,0 @@ -command: docker stack deploy -aliases: up -short: Deploy a new stack or update an existing stack -long: |- - Create and update a stack from a `compose` or a `dab` file on the swarm. This command - has to be run targeting a manager node. -usage: docker stack deploy [OPTIONS] STACK -pname: docker stack -plink: docker_stack.yaml -options: -- option: bundle-file - value_type: string - description: Path to a Distributed Application Bundle file - deprecated: false - experimental: true - experimentalcli: false - kubernetes: false - swarm: true -- option: compose-file - shorthand: c - value_type: stringSlice - default_value: '[]' - description: Path to a Compose file - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: prune - value_type: bool - default_value: "false" - description: Prune services that are no longer referenced - deprecated: false - min_api_version: "1.27" - experimental: false - experimentalcli: false - kubernetes: false - swarm: true -- option: resolve-image - value_type: string - default_value: always - description: | - Query the registry to resolve image digest and supported platforms ("always"|"changed"|"never") - deprecated: false - min_api_version: "1.30" - experimental: false - experimentalcli: false - kubernetes: false - swarm: true -- option: with-registry-auth - value_type: bool - default_value: "false" - description: Send registry authentication details to Swarm agents - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: true -inherited_options: -- option: kubeconfig - value_type: string - description: Kubernetes config file - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -- option: namespace - value_type: string - default_value: default - description: Kubernetes namespace to use - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -examples: |- - ### Compose file - - The `deploy` command supports compose file version `3.0` and above. - - ```bash - $ docker stack deploy --compose-file docker-compose.yml vossibility - - Ignoring unsupported options: links - - Creating network vossibility_vossibility - Creating network vossibility_default - Creating service vossibility_nsqd - Creating service vossibility_logstash - Creating service vossibility_elasticsearch - Creating service vossibility_kibana - Creating service vossibility_ghollector - Creating service vossibility_lookupd - ``` - - The Compose file can also be provided as standard input with `--compose-file -`: - - ```bash - $ cat docker-compose.yml | docker stack deploy --compose-file - vossibility - - Ignoring unsupported options: links - - Creating network vossibility_vossibility - Creating network vossibility_default - Creating service vossibility_nsqd - Creating service vossibility_logstash - Creating service vossibility_elasticsearch - Creating service vossibility_kibana - Creating service vossibility_ghollector - Creating service vossibility_lookupd - ``` - - If your configuration is split between multiple Compose files, e.g. a base - configuration and environment-specific overrides, you can provide multiple - `--compose-file` flags. - - ```bash - $ docker stack deploy --compose-file docker-compose.yml -c docker-compose.prod.yml vossibility - - Ignoring unsupported options: links - - Creating network vossibility_vossibility - Creating network vossibility_default - Creating service vossibility_nsqd - Creating service vossibility_logstash - Creating service vossibility_elasticsearch - Creating service vossibility_kibana - Creating service vossibility_ghollector - Creating service vossibility_lookupd - ``` - - You can verify that the services were correctly created: - - ```bash - $ docker service ls - - ID NAME MODE REPLICAS IMAGE - 29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 - 4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 - 4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa - 7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 - 9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe - axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba - ``` - - ### DAB file - - ```bash - $ docker stack deploy --bundle-file vossibility-stack.dab vossibility - - Loading bundle from vossibility-stack.dab - Creating service vossibility_elasticsearch - Creating service vossibility_kibana - Creating service vossibility_logstash - Creating service vossibility_lookupd - Creating service vossibility_nsqd - Creating service vossibility_vossibility-collector - ``` - - You can verify that the services were correctly created: - - ```bash - $ docker service ls - - ID NAME MODE REPLICAS IMAGE - 29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 - 4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 - 4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa - 7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 - 9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe - axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: true -swarm: true - diff --git a/_data/engine-cli-edge/docker_stack_ls.yaml b/_data/engine-cli-edge/docker_stack_ls.yaml deleted file mode 100644 index 830b1d16a1..0000000000 --- a/_data/engine-cli-edge/docker_stack_ls.yaml +++ /dev/null @@ -1,75 +0,0 @@ -command: docker stack ls -aliases: list -short: List stacks -long: Lists the stacks. -usage: docker stack ls -pname: docker stack -plink: docker_stack.yaml -options: -- option: format - value_type: string - description: Pretty-print stacks using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -inherited_options: -- option: kubeconfig - value_type: string - description: Kubernetes config file - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -- option: namespace - value_type: string - default_value: default - description: Kubernetes namespace to use - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -examples: |- - The following command shows all stacks and some additional information: - - ```bash - $ docker stack ls - - ID SERVICES - vossibility-stack 6 - myapp 2 - ``` - - ### Formatting - - The formatting option (`--format`) pretty-prints stacks using a Go template. - - Valid placeholders for the Go template are listed below: - - | Placeholder | Description | - | ----------- | ------------------ | - | `.Name` | Stack name | - | `.Services` | Number of services | - - When using the `--format` option, the `stack ls` command either outputs - the data exactly as the template declares or, when using the - `table` directive, includes column headers as well. - - The following example uses a template without headers and outputs the - `Name` and `Services` entries separated by a colon for all stacks: - - ```bash - $ docker stack ls --format "{{.Name}}: {{.Services}}" - web-server: 1 - web-cache: 4 - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: true -swarm: true - diff --git a/_data/engine-cli-edge/docker_stack_ps.yaml b/_data/engine-cli-edge/docker_stack_ps.yaml deleted file mode 100644 index 843816ca78..0000000000 --- a/_data/engine-cli-edge/docker_stack_ps.yaml +++ /dev/null @@ -1,265 +0,0 @@ -command: docker stack ps -short: List the tasks in the stack -long: |- - Lists the tasks that are running as part of the specified stack. This - command has to be run targeting a manager node. -usage: docker stack ps [OPTIONS] STACK -pname: docker stack -plink: docker_stack.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: true -- option: format - value_type: string - description: Pretty-print tasks using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-resolve - value_type: bool - default_value: "false" - description: Do not map IDs to Names - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Do not truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display task IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -inherited_options: -- option: kubeconfig - value_type: string - description: Kubernetes config file - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -- option: namespace - value_type: string - default_value: default - description: Kubernetes namespace to use - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -examples: |- - ### List the tasks that are part of a stack - - The following command shows all the tasks that are part of the `voting` stack: - - ```bash - $ docker stack ps voting - ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS - xim5bcqtgk1b voting_worker.1 dockersamples/examplevotingapp_worker:latest node2 Running Running 2 minutes ago - q7yik0ks1in6 voting_result.1 dockersamples/examplevotingapp_result:before node1 Running Running 2 minutes ago - rx5yo0866nfx voting_vote.1 dockersamples/examplevotingapp_vote:before node3 Running Running 2 minutes ago - tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 2 minutes ago - w48spazhbmxc voting_redis.1 redis:alpine node2 Running Running 3 minutes ago - 6jj1m02freg1 voting_visualizer.1 dockersamples/visualizer:stable node1 Running Running 2 minutes ago - kqgdmededccb voting_vote.2 dockersamples/examplevotingapp_vote:before node2 Running Running 2 minutes ago - t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 3 minutes ago - ``` - - ### Filtering - - The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there - is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). - Multiple filter flags are combined as an `OR` filter. For example, - `-f name=redis.1 -f name=redis.7` returns both `redis.1` and `redis.7` tasks. - - The currently supported filters are: - - * [id](#id) - * [name](#name) - * [node](#node) - * [desired-state](#desired-state) - - #### id - - The `id` filter matches on all or a prefix of a task's ID. - - ```bash - $ docker stack ps -f "id=t" voting - ID NAME IMAGE NODE DESIRED STATE CURRENTSTATE ERROR PORTS - tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 14 minutes ago - t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 14 minutes ago - ``` - - #### name - - The `name` filter matches on task names. - - ```bash - $ docker stack ps -f "name=voting_redis" voting - ID NAME IMAGE NODE DESIRED STATE CURRENTSTATE ERROR PORTS - w48spazhbmxc voting_redis.1 redis:alpine node2 Running Running 17 minutes ago - t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 17 minutes ago - ``` - - #### node - - The `node` filter matches on a node name or a node ID. - - ```bash - $ docker stack ps -f "node=node1" voting - ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS - q7yik0ks1in6 voting_result.1 dockersamples/examplevotingapp_result:before node1 Running Running 18 minutes ago - tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 18 minutes ago - 6jj1m02freg1 voting_visualizer.1 dockersamples/visualizer:stable node1 Running Running 18 minutes ago - ``` - - #### desired-state - - The `desired-state` filter can take the values `running`, `shutdown`, or `accepted`. - - ```bash - $ docker stack ps -f "desired-state=running" voting - ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS - xim5bcqtgk1b voting_worker.1 dockersamples/examplevotingapp_worker:latest node2 Running Running 21 minutes ago - q7yik0ks1in6 voting_result.1 dockersamples/examplevotingapp_result:before node1 Running Running 21 minutes ago - rx5yo0866nfx voting_vote.1 dockersamples/examplevotingapp_vote:before node3 Running Running 21 minutes ago - tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 21 minutes ago - w48spazhbmxc voting_redis.1 redis:alpine node2 Running Running 21 minutes ago - 6jj1m02freg1 voting_visualizer.1 dockersamples/visualizer:stable node1 Running Running 21 minutes ago - kqgdmededccb voting_vote.2 dockersamples/examplevotingapp_vote:before node2 Running Running 21 minutes ago - t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 21 minutes ago - ``` - - ### Formatting - - The formatting options (`--format`) pretty-prints tasks output using a Go template. - - Valid placeholders for the Go template are listed below: - - Placeholder | Description - ----------------|------------------------------------------------------------------------------------------ - `.ID` | Task ID - `.Name` | Task name - `.Image` | Task image - `.Node` | Node ID - `.DesiredState` | Desired state of the task (`running`, `shutdown`, or `accepted`) - `.CurrentState` | Current state of the task - `.Error` | Error - `.Ports` | Task published ports - - When using the `--format` option, the `stack ps` command will either - output the data exactly as the template declares or, when using the - `table` directive, includes column headers as well. - - The following example uses a template without headers and outputs the - `Name` and `Image` entries separated by a colon for all tasks: - - ```bash - $ docker stack ps --format "{{.Name}}: {{.Image}}" voting - voting_worker.1: dockersamples/examplevotingapp_worker:latest - voting_result.1: dockersamples/examplevotingapp_result:before - voting_vote.1: dockersamples/examplevotingapp_vote:before - voting_db.1: postgres:9.4 - voting_redis.1: redis:alpine - voting_visualizer.1: dockersamples/visualizer:stable - voting_vote.2: dockersamples/examplevotingapp_vote:before - voting_redis.2: redis:alpine - ``` - - ### Do not map IDs to Names - - The `--no-resolve` option shows IDs for task name, without mapping IDs to Names. - - ```bash - $ docker stack ps --no-resolve voting - ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS - xim5bcqtgk1b 10z9fjfqzsxnezo4hb81p8mqg.1 dockersamples/examplevotingapp_worker:latest qaqt4nrzo775jrx6detglho01 Running Running 30 minutes ago - q7yik0ks1in6 hbxltua1na7mgqjnidldv5m65.1 dockersamples/examplevotingapp_result:before mxpaef1tlh23s052erw88a4w5 Running Running 30 minutes ago - rx5yo0866nfx qyprtqw1g5nrki557i974ou1d.1 dockersamples/examplevotingapp_vote:before kanqcxfajd1r16wlnqcblobmm Running Running 31 minutes ago - tz6j82jnwrx7 122f0xxngg17z52be7xspa72x.1 postgres:9.4 mxpaef1tlh23s052erw88a4w5 Running Running 31 minutes ago - w48spazhbmxc tg61x8myx563ueo3urmn1ic6m.1 redis:alpine qaqt4nrzo775jrx6detglho01 Running Running 31 minutes ago - 6jj1m02freg1 8cqlyi444kzd3panjb7edh26v.1 dockersamples/visualizer:stable mxpaef1tlh23s052erw88a4w5 Running Running 31 minutes ago - kqgdmededccb qyprtqw1g5nrki557i974ou1d.2 dockersamples/examplevotingapp_vote:before qaqt4nrzo775jrx6detglho01 Running Running 31 minutes ago - t72q3z038jeh tg61x8myx563ueo3urmn1ic6m.2 redis:alpine kanqcxfajd1r16wlnqcblobmm Running Running 31 minutes ago - ``` - - ### Do not truncate output - - When deploying a service, docker resolves the digest for the service's - image, and pins the service to that digest. The digest is not shown by - default, but is printed if `--no-trunc` is used. The `--no-trunc` option - also shows the non-truncated task IDs, and error-messages, as can be seen below: - - ```bash - $ docker stack ps --no-trunc voting - ID NAME IMAGE NODE DESIRED STATE CURREN STATE ERROR PORTS - xim5bcqtgk1bxqz91jzo4a1s5 voting_worker.1 dockersamples/examplevotingapp_worker:latest@sha256:3e4ddf59c15f432280a2c0679c4fc5a2ee5a797023c8ef0d3baf7b1385e9fed node2 Running Runnin 32 minutes ago - q7yik0ks1in6kv32gg6y6yjf7 voting_result.1 dockersamples/examplevotingapp_result:before@sha256:83b56996e930c292a6ae5187fda84dd6568a19d97cdb933720be15c757b7463 node1 Running Runnin 32 minutes ago - rx5yo0866nfxc58zf4irsss6n voting_vote.1 dockersamples/examplevotingapp_vote:before@sha256:8e64b182c87de902f2b72321c89b4af4e2b942d76d0b772532ff27ec4c6ebf6 node3 Running Runnin 32 minutes ago - tz6j82jnwrx7n2offljp3mn03 voting_db.1 postgres:9.4@sha256:6046af499eae34d2074c0b53f9a8b404716d415e4a03e68bc1d2f8064f2b027 node1 Running Runnin 32 minutes ago - w48spazhbmxcmbjfi54gs7x90 voting_redis.1 redis:alpine@sha256:9cd405cd1ec1410eaab064a1383d0d8854d1ef74a54e1e4a92fb4ec7bdc3ee7 node2 Running Runnin 32 minutes ago - 6jj1m02freg1n3z9n1evrzsbl voting_visualizer.1 dockersamples/visualizer:stable@sha256:f924ad66c8e94b10baaf7bdb9cd491ef4e982a1d048a56a17e02bf5945401e5 node1 Running Runnin 32 minutes ago - kqgdmededccbhz2wuc0e9hx7g voting_vote.2 dockersamples/examplevotingapp_vote:before@sha256:8e64b182c87de902f2b72321c89b4af4e2b942d76d0b772532ff27ec4c6ebf6 node2 Running Runnin 32 minutes ago - t72q3z038jehe1wbh9gdum076 voting_redis.2 redis:alpine@sha256:9cd405cd1ec1410eaab064a1383d0d8854d1ef74a54e1e4a92fb4ec7bdc3ee7 node3 Running Runnin 32 minutes ago - ``` - - ### Only display task IDs - - The `-q ` or `--quiet` option only shows IDs of the tasks in the stack. - This example outputs all task IDs of the "voting" stack; - - ```bash - $ docker stack ps -q voting - xim5bcqtgk1b - q7yik0ks1in6 - rx5yo0866nfx - tz6j82jnwrx7 - w48spazhbmxc - 6jj1m02freg1 - kqgdmededccb - t72q3z038jeh - ``` - - This option can be used to perform batch operations. For example, you can use - the task IDs as input for other commands, such as `docker inspect`. The - following example inspects all tasks of the "voting" stack; - - ```bash - $ docker inspect $(docker stack ps -q voting) - - [ - { - "ID": "xim5bcqtgk1b1gk0krq1", - "Version": { - (...) - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: true -swarm: true - diff --git a/_data/engine-cli-edge/docker_stack_rm.yaml b/_data/engine-cli-edge/docker_stack_rm.yaml deleted file mode 100644 index 2e95860df7..0000000000 --- a/_data/engine-cli-edge/docker_stack_rm.yaml +++ /dev/null @@ -1,70 +0,0 @@ -command: docker stack rm -aliases: remove, down -short: Remove one or more stacks -long: |- - Remove the stack from the swarm. This command has to be run targeting - a manager node. -usage: docker stack rm STACK [STACK...] -pname: docker stack -plink: docker_stack.yaml -inherited_options: -- option: kubeconfig - value_type: string - description: Kubernetes config file - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -- option: namespace - value_type: string - default_value: default - description: Kubernetes namespace to use - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -examples: |- - ### Remove a stack - - This will remove the stack with the name `myapp`. Services, networks, and secrets associated with the stack will be removed. - - ```bash - $ docker stack rm myapp - - Removing service myapp_redis - Removing service myapp_web - Removing service myapp_lb - Removing network myapp_default - Removing network myapp_frontend - ``` - - ### Remove multiple stacks - - This will remove all the specified stacks, `myapp` and `vossibility`. Services, networks, and secrets associated with all the specified stacks will be removed. - - ```bash - $ docker stack rm myapp vossibility - - Removing service myapp_redis - Removing service myapp_web - Removing service myapp_lb - Removing network myapp_default - Removing network myapp_frontend - Removing service vossibility_nsqd - Removing service vossibility_logstash - Removing service vossibility_elasticsearch - Removing service vossibility_kibana - Removing service vossibility_ghollector - Removing service vossibility_lookupd - Removing network vossibility_default - Removing network vossibility_vossibility - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: true -swarm: true - diff --git a/_data/engine-cli-edge/docker_stack_services.yaml b/_data/engine-cli-edge/docker_stack_services.yaml deleted file mode 100644 index 13d2741388..0000000000 --- a/_data/engine-cli-edge/docker_stack_services.yaml +++ /dev/null @@ -1,122 +0,0 @@ -command: docker stack services -short: List the services in the stack -long: |- - Lists the services that are running as part of the specified stack. This - command has to be run targeting a manager node. -usage: docker stack services [OPTIONS] STACK -pname: docker stack -plink: docker_stack.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: true -- option: format - value_type: string - description: Pretty-print services using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display IDs - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -inherited_options: -- option: kubeconfig - value_type: string - description: Kubernetes config file - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -- option: namespace - value_type: string - default_value: default - description: Kubernetes namespace to use - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -examples: |- - The following command shows all services in the `myapp` stack: - - ```bash - $ docker stack services myapp - - ID NAME REPLICAS IMAGE COMMAND - 7be5ei6sqeye myapp_web 1/1 nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f - dn7m7nhhfb9y myapp_db 1/1 mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539 - ``` - - ### Filtering - - The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there - is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). - Multiple filter flags are combined as an `OR` filter. - - The following command shows both the `web` and `db` services: - - ```bash - $ docker stack services --filter name=myapp_web --filter name=myapp_db myapp - - ID NAME REPLICAS IMAGE COMMAND - 7be5ei6sqeye myapp_web 1/1 nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f - dn7m7nhhfb9y myapp_db 1/1 mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539 - ``` - - The currently supported filters are: - - * id / ID (`--filter id=7be5ei6sqeye`, or `--filter ID=7be5ei6sqeye`) - * name (`--filter name=myapp_web`) - * label (`--filter label=key=value`) - - ### Formatting - - The formatting options (`--format`) pretty-prints services output - using a Go template. - - Valid placeholders for the Go template are listed below: - - Placeholder | Description - ------------|------------------------------------------------------------------------------------------ - `.ID` | Service ID - `.Name` | Service name - `.Mode` | Service mode (replicated, global) - `.Replicas` | Service replicas - `.Image` | Service image - - When using the `--format` option, the `stack services` command will either - output the data exactly as the template declares or, when using the - `table` directive, includes column headers as well. - - The following example uses a template without headers and outputs the - `ID`, `Mode`, and `Replicas` entries separated by a colon for all services: - - ```bash - $ docker stack services --format "{{.ID}}: {{.Mode}} {{.Replicas}}" - - 0zmvwuiu3vue: replicated 10/10 - fm6uf97exkul: global 5/5 - ``` -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: true -swarm: true - diff --git a/_data/engine-cli-edge/docker_start.yaml b/_data/engine-cli-edge/docker_start.yaml deleted file mode 100644 index a78f25143f..0000000000 --- a/_data/engine-cli-edge/docker_start.yaml +++ /dev/null @@ -1,61 +0,0 @@ -command: docker start -short: Start one or more stopped containers -long: Start one or more stopped containers -usage: docker start [OPTIONS] CONTAINER [CONTAINER...] -pname: docker -plink: docker.yaml -options: -- option: attach - shorthand: a - value_type: bool - default_value: "false" - description: Attach STDOUT/STDERR and forward signals - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: checkpoint - value_type: string - description: Restore from this checkpoint - deprecated: false - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: checkpoint-dir - value_type: string - description: Use a custom checkpoint storage directory - deprecated: false - experimental: true - experimentalcli: false - kubernetes: false - swarm: false -- option: detach-keys - value_type: string - description: Override the key sequence for detaching a container - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: interactive - shorthand: i - value_type: bool - default_value: "false" - description: Attach container's STDIN - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker start my_container - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_stats.yaml b/_data/engine-cli-edge/docker_stats.yaml deleted file mode 100644 index 8940ff9911..0000000000 --- a/_data/engine-cli-edge/docker_stats.yaml +++ /dev/null @@ -1,188 +0,0 @@ -command: docker stats -short: Display a live stream of container(s) resource usage statistics -long: |- - The `docker stats` command returns a live data stream for running containers. To limit data to one or more specific containers, specify a list of container names or ids separated by a space. You can specify a stopped container but stopped containers do not return any data. - - If you want more detailed information about a container's resource usage, use the `/containers/(id)/stats` API endpoint. - - > **Note**: On Linux, the Docker CLI reports memory usage by subtracting page cache usage from the total memory usage. The API does not perform such a calculation but rather provides the total memory usage and the amount from the page cache so that clients can use the data as needed. -usage: docker stats [OPTIONS] [CONTAINER...] -pname: docker -plink: docker.yaml -options: -- option: all - shorthand: a - value_type: bool - default_value: "false" - description: Show all containers (default shows just running) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print images using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-stream - value_type: bool - default_value: "false" - description: Disable streaming stats and only pull the first result - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: no-trunc - value_type: bool - default_value: "false" - description: Do not truncate output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - Running `docker stats` on all running containers against a Linux daemon. - - ```bash - $ docker stats - - CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS - b95a83497c91 awesome_brattain 0.28% 5.629MiB / 1.952GiB 0.28% 916B / 0B 147kB / 0B 9 - 67b2525d8ad1 foobar 0.00% 1.727MiB / 1.952GiB 0.09% 2.48kB / 0B 4.11MB / 0B 2 - e5c383697914 test-1951.1.kay7x1lh1twk9c0oig50sd5tr 0.00% 196KiB / 1.952GiB 0.01% 71.2kB / 0B 770kB / 0B 1 - 4bda148efbc0 random.1.vnc8on831idyr42slu578u3cr 0.00% 1.672MiB / 1.952GiB 0.08% 110kB / 0B 578kB / 0B 2 - ``` - - If you don't [specify a format string using `--format`](#formatting), the - following columns are shown. - - | Column name | Description | - |---------------------------|-----------------------------------------------------------------------------------------------| - | `CONTAINER ID` and `Name` | the ID and name of the container | - | `CPU %` and `MEM %` | the percentage of the host's CPU and memory the container is using | - | `MEM USAGE / LIMIT` | the total memory the container is using, and the total amount of memory it is allowed to use | - | `NET I/O` | The amount of data the container has sent and received over its network interface | - | `BLOCK I/O` | The amount of data the container has read to and written from block devices on the host | - | `PIDs` | the number of processes or threads the container has created | - - Running `docker stats` on multiple containers by name and id against a Linux daemon. - - ```bash - $ docker stats awesome_brattain 67b2525d8ad1 - - CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS - b95a83497c91 awesome_brattain 0.28% 5.629MiB / 1.952GiB 0.28% 916B / 0B 147kB / 0B 9 - 67b2525d8ad1 foobar 0.00% 1.727MiB / 1.952GiB 0.09% 2.48kB / 0B 4.11MB / 0B 2 - ``` - - Running `docker stats` with customized format on all (Running and Stopped) containers. - - ```bash - $ docker stats --all --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" fervent_panini 5acfcb1b4fd1 drunk_visvesvaraya big_heisenberg - - CONTAINER CPU % MEM USAGE / LIMIT - fervent_panini 0.00% 56KiB / 15.57GiB - 5acfcb1b4fd1 0.07% 32.86MiB / 15.57GiB - drunk_visvesvaraya 0.00% 0B / 0B - big_heisenberg 0.00% 0B / 0B - ``` - - `drunk_visvesvaraya` and `big_heisenberg` are stopped containers in the above example. - - Running `docker stats` on all running containers against a Windows daemon. - - ```powershell - PS E:\> docker stats - CONTAINER ID CPU % PRIV WORKING SET NET I/O BLOCK I/O - 09d3bb5b1604 6.61% 38.21 MiB 17.1 kB / 7.73 kB 10.7 MB / 3.57 MB - 9db7aa4d986d 9.19% 38.26 MiB 15.2 kB / 7.65 kB 10.6 MB / 3.3 MB - 3f214c61ad1d 0.00% 28.64 MiB 64 kB / 6.84 kB 4.42 MB / 6.93 MB - ``` - - Running `docker stats` on multiple containers by name and id against a Windows daemon. - - ```powershell - PS E:\> docker ps -a - CONTAINER ID NAME IMAGE COMMAND CREATED STATUS PORTS NAMES - 3f214c61ad1d awesome_brattain nanoserver "cmd" 2 minutes ago Up 2 minutes big_minsky - 9db7aa4d986d mad_wilson windowsservercore "cmd" 2 minutes ago Up 2 minutes mad_wilson - 09d3bb5b1604 fervent_panini windowsservercore "cmd" 2 minutes ago Up 2 minutes affectionate_easley - - PS E:\> docker stats 3f214c61ad1d mad_wilson - CONTAINER ID NAME CPU % PRIV WORKING SET NET I/O BLOCK I/O - 3f214c61ad1d awesome_brattain 0.00% 46.25 MiB 76.3 kB / 7.92 kB 10.3 MB / 14.7 MB - 9db7aa4d986d mad_wilson 9.59% 40.09 MiB 27.6 kB / 8.81 kB 17 MB / 20.1 MB - ``` - - ### Formatting - - The formatting option (`--format`) pretty prints container output - using a Go template. - - Valid placeholders for the Go template are listed below: - - Placeholder | Description - ------------ | -------------------------------------------- - `.Container` | Container name or ID (user input) - `.Name` | Container name - `.ID` | Container ID - `.CPUPerc` | CPU percentage - `.MemUsage` | Memory usage - `.NetIO` | Network IO - `.BlockIO` | Block IO - `.MemPerc` | Memory percentage (Not available on Windows) - `.PIDs` | Number of PIDs (Not available on Windows) - - - When using the `--format` option, the `stats` command either - outputs the data exactly as the template declares or, when using the - `table` directive, includes column headers as well. - - The following example uses a template without headers and outputs the - `Container` and `CPUPerc` entries separated by a colon for all images: - - ```bash - $ docker stats --format "{{.Container}}: {{.CPUPerc}}" - - 09d3bb5b1604: 6.61% - 9db7aa4d986d: 9.19% - 3f214c61ad1d: 0.00% - ``` - - To list all containers statistics with their name, CPU percentage and memory - usage in a table format you can use: - - ```bash - $ docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" - - CONTAINER CPU % PRIV WORKING SET - 1285939c1fd3 0.07% 796 KiB / 64 MiB - 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB - d1ea048f04e4 0.03% 4.583 MiB / 64 MiB - ``` - - The default format is as follows: - - On Linux: - - "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}" - - On Windows: - - "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}" - - - > **Note**: On Docker 17.09 and older, the `{{.Container}}` column was used, in - > stead of `{{.ID}}\t{{.Name}}`. -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_stop.yaml b/_data/engine-cli-edge/docker_stop.yaml deleted file mode 100644 index 3d775e86e3..0000000000 --- a/_data/engine-cli-edge/docker_stop.yaml +++ /dev/null @@ -1,29 +0,0 @@ -command: docker stop -short: Stop one or more running containers -long: |- - The main process inside the container will receive `SIGTERM`, and after a grace - period, `SIGKILL`. -usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] -pname: docker -plink: docker.yaml -options: -- option: time - shorthand: t - value_type: int - default_value: "10" - description: Seconds to wait for stop before killing it - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker stop my_container - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_swarm.yaml b/_data/engine-cli-edge/docker_swarm.yaml deleted file mode 100644 index e5e071d76c..0000000000 --- a/_data/engine-cli-edge/docker_swarm.yaml +++ /dev/null @@ -1,31 +0,0 @@ -command: docker swarm -short: Manage Swarm -long: Manage the swarm. -usage: docker swarm -pname: docker -plink: docker.yaml -cname: -- docker swarm ca -- docker swarm init -- docker swarm join -- docker swarm join-token -- docker swarm leave -- docker swarm unlock -- docker swarm unlock-key -- docker swarm update -clink: -- docker_swarm_ca.yaml -- docker_swarm_init.yaml -- docker_swarm_join.yaml -- docker_swarm_join-token.yaml -- docker_swarm_leave.yaml -- docker_swarm_unlock.yaml -- docker_swarm_unlock-key.yaml -- docker_swarm_update.yaml -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_swarm_ca.yaml b/_data/engine-cli-edge/docker_swarm_ca.yaml deleted file mode 100644 index c4f4cac7dd..0000000000 --- a/_data/engine-cli-edge/docker_swarm_ca.yaml +++ /dev/null @@ -1,156 +0,0 @@ -command: docker swarm ca -short: Display and rotate the root CA -long: View or rotate the current swarm CA certificate. This command must target a - manager node. -usage: docker swarm ca [OPTIONS] -pname: docker swarm -plink: docker_swarm.yaml -options: -- option: ca-cert - value_type: pem-file - description: | - Path to the PEM-formatted root CA certificate to use for the new cluster - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: ca-key - value_type: pem-file - description: | - Path to the PEM-formatted root CA key to use for the new cluster - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cert-expiry - value_type: duration - default_value: 2160h0m0s - description: Validity period for node certificates (ns|us|ms|s|m|h) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: detach - shorthand: d - value_type: bool - default_value: "false" - description: | - Exit immediately instead of waiting for the root rotation to converge - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: external-ca - value_type: external-ca - description: Specifications of one or more certificate signing endpoints - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Suppress progress output - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rotate - value_type: bool - default_value: "false" - description: | - Rotate the swarm CA - if no certificate or key are provided, new ones will be generated - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - Run the `docker swarm ca` command without any options to view the current root CA certificate - in PEM format. - - ```bash - $ docker swarm ca - -----BEGIN CERTIFICATE----- - MIIBazCCARCgAwIBAgIUJPzo67QC7g8Ebg2ansjkZ8CbmaswCgYIKoZIzj0EAwIw - EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAzMTcxMDAwWhcNMzcwNDI4MTcx - MDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH - A0IABKL6/C0sihYEb935wVPRA8MqzPLn3jzou0OJRXHsCLcVExigrMdgmLCC+Va4 - +sJ+SLVO1eQbvLHH8uuDdF/QOU6jQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB - Af8EBTADAQH/MB0GA1UdDgQWBBSfUy5bjUnBAx/B0GkOBKp91XvxzjAKBggqhkjO - PQQDAgNJADBGAiEAnbvh0puOS5R/qvy1PMHY1iksYKh2acsGLtL/jAIvO4ACIQCi - lIwQqLkJ48SQqCjG1DBTSBsHmMSRT+6mE2My+Z3GKA== - -----END CERTIFICATE----- - ``` - - Pass the `--rotate` flag (and optionally a `--ca-cert`, along with a `--ca-key` or - `--external-ca` parameter flag), in order to rotate the current swarm root CA. - - ``` - $ docker swarm ca --rotate - desired root digest: sha256:05da740cf2577a25224c53019e2cce99bcc5ba09664ad6bb2a9425d9ebd1b53e - rotated TLS certificates: [=========================> ] 1/2 nodes - rotated CA certificates: [> ] 0/2 nodes - ``` - - Once the rotation os finished (all the progress bars have completed) the now-current - CA certificate will be printed: - - ``` - $ docker swarm ca --rotate - desired root digest: sha256:05da740cf2577a25224c53019e2cce99bcc5ba09664ad6bb2a9425d9ebd1b53e - rotated TLS certificates: [==================================================>] 2/2 nodes - rotated CA certificates: [==================================================>] 2/2 nodes - -----BEGIN CERTIFICATE----- - MIIBazCCARCgAwIBAgIUFynG04h5Rrl4lKyA4/E65tYKg8IwCgYIKoZIzj0EAwIw - EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTE2MDAxMDAwWhcNMzcwNTExMDAx - MDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH - A0IABC2DuNrIETP7C7lfiEPk39tWaaU0I2RumUP4fX4+3m+87j0DU0CsemUaaOG6 - +PxHhGu2VXQ4c9pctPHgf7vWeVajQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB - Af8EBTADAQH/MB0GA1UdDgQWBBSEL02z6mCI3SmMDmITMr12qCRY2jAKBggqhkjO - PQQDAgNJADBGAiEA263Eb52+825EeNQZM0AME+aoH1319Zp9/J5ijILW+6ACIQCg - gyg5u9Iliel99l7SuMhNeLkrU7fXs+Of1nTyyM73ig== - -----END CERTIFICATE----- - ``` - - ### `--rotate` - - Root CA Rotation is recommended if one or more of the swarm managers have been - compromised, so that those managers can no longer connect to or be trusted by - any other node in the cluster. - - Alternately, root CA rotation can be used to give control of the swarm CA - to an external CA, or to take control back from an external CA. - - The `--rotate` flag does not require any parameters to do a rotation, but you can - optionally specify a certificate and key, or a certificate and external CA URL, - and those will be used instead of an automatically-generated certificate/key pair. - - Because the root CA key should be kept secret, if provided it will not be visible - when viewing swarm any information via the CLI or API. - - The root CA rotation will not be completed until all registered nodes have - rotated their TLS certificates. If the rotation is not completing within a - reasonable amount of time, try running - `docker node ls --format '{{.ID}} {{.Hostname}} {{.Status}} {{.TLSStatus}}'` to - see if any nodes are down or otherwise unable to rotate TLS certificates. - - - ### `--detach` - - Initiate the root CA rotation, but do not wait for the completion of or display the - progress of the rotation. -deprecated: false -min_api_version: "1.30" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_swarm_init.yaml b/_data/engine-cli-edge/docker_swarm_init.yaml deleted file mode 100644 index c1f175d0c0..0000000000 --- a/_data/engine-cli-edge/docker_swarm_init.yaml +++ /dev/null @@ -1,238 +0,0 @@ -command: docker swarm init -short: Initialize a swarm -long: |- - Initialize a swarm. The docker engine targeted by this command becomes a manager - in the newly created single-node swarm. -usage: docker swarm init [OPTIONS] -pname: docker swarm -plink: docker_swarm.yaml -options: -- option: advertise-addr - value_type: string - description: 'Advertised address (format: [:port])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: autolock - value_type: bool - default_value: "false" - description: | - Enable manager autolocking (requiring an unlock key to start a stopped manager) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: availability - value_type: string - default_value: active - description: Availability of the node ("active"|"pause"|"drain") - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cert-expiry - value_type: duration - default_value: 2160h0m0s - description: Validity period for node certificates (ns|us|ms|s|m|h) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: data-path-addr - value_type: string - description: | - Address or interface to use for data path traffic (format: ) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dispatcher-heartbeat - value_type: duration - default_value: 5s - description: Dispatcher heartbeat period (ns|us|ms|s|m|h) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: external-ca - value_type: external-ca - description: Specifications of one or more certificate signing endpoints - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: force-new-cluster - value_type: bool - default_value: "false" - description: Force create a new cluster from current state - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: listen-addr - value_type: node-addr - default_value: 0.0.0.0:2377 - description: 'Listen address (format: [:port])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: max-snapshots - value_type: uint64 - default_value: "0" - description: Number of additional Raft snapshots to retain - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: snapshot-interval - value_type: uint64 - default_value: "10000" - description: Number of log entries between Raft snapshots - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: task-history-limit - value_type: int64 - default_value: "5" - description: Task history retention limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker swarm init --advertise-addr 192.168.99.121 - Swarm initialized: current node (bvz81updecsj6wjz393c09vti) is now a manager. - - To add a worker to this swarm, run the following command: - - docker swarm join \ - --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \ - 172.17.0.2:2377 - - To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions. - ``` - - `docker swarm init` generates two random tokens, a worker token and a manager token. When you join - a new node to the swarm, the node joins as a worker or manager node based upon the token you pass - to [swarm join](swarm_join.md). - - After you create the swarm, you can display or rotate the token using - [swarm join-token](swarm_join_token.md). - - ### `--autolock` - - This flag enables automatic locking of managers with an encryption key. The - private keys and data stored by all managers will be protected by the - encryption key printed in the output, and will not be accessible without it. - Thus, it is very important to store this key in order to activate a manager - after it restarts. The key can be passed to `docker swarm unlock` to reactivate - the manager. Autolock can be disabled by running - `docker swarm update --autolock=false`. After disabling it, the encryption key - is no longer required to start the manager, and it will start up on its own - without user intervention. - - ### `--cert-expiry` - - This flag sets the validity period for node certificates. - - ### `--dispatcher-heartbeat` - - This flag sets the frequency with which nodes are told to use as a - period to report their health. - - ### `--external-ca` - - This flag sets up the swarm to use an external CA to issue node certificates. The value takes - the form `protocol=X,url=Y`. The value for `protocol` specifies what protocol should be used - to send signing requests to the external CA. Currently, the only supported value is `cfssl`. - The URL specifies the endpoint where signing requests should be submitted. - - ### `--force-new-cluster` - - This flag forces an existing node that was part of a quorum that was lost to restart as a single node Manager without losing its data. - - ### `--listen-addr` - - The node listens for inbound swarm manager traffic on this address. The default is to listen on - 0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface's - address; for example `--listen-addr eth0:2377`. - - Specifying a port is optional. If the value is a bare IP address or interface - name, the default port 2377 will be used. - - ### `--advertise-addr` - - This flag specifies the address that will be advertised to other members of the - swarm for API access and overlay networking. If unspecified, Docker will check - if the system has a single IP address, and use that IP address with the - listening port (see `--listen-addr`). If the system has multiple IP addresses, - `--advertise-addr` must be specified so that the correct address is chosen for - inter-manager communication and overlay networking. - - It is also possible to specify a network interface to advertise that interface's address; - for example `--advertise-addr eth0:2377`. - - Specifying a port is optional. If the value is a bare IP address or interface - name, the default port 2377 will be used. - - ### `--data-path-addr` - - This flag specifies the address that global scope network drivers will publish towards - other nodes in order to reach the containers running on this node. - Using this parameter it is then possible to separate the container's data traffic from the - management traffic of the cluster. - If unspecified, Docker will use the same IP address or interface that is used for the - advertise address. - - ### `--task-history-limit` - - This flag sets up task history retention limit. - - ### `--max-snapshots` - - This flag sets the number of old Raft snapshots to retain in addition to the - current Raft snapshots. By default, no old snapshots are retained. This option - may be used for debugging, or to store old snapshots of the swarm state for - disaster recovery purposes. - - ### `--snapshot-interval` - - This flag specifies how many log entries to allow in between Raft snapshots. - Setting this to a higher number will trigger snapshots less frequently. - Snapshots compact the Raft log and allow for more efficient transfer of the - state to new managers. However, there is a performance cost to taking snapshots - frequently. - - ### `--availability` - - This flag specifies the availability of the node at the time the node joins a master. - Possible availability values are `active`, `pause`, or `drain`. - - This flag is useful in certain situations. For example, a cluster may want to have - dedicated manager nodes that are not served as worker nodes. This could be achieved - by passing `--availability=drain` to `docker swarm init`. -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_swarm_join-token.yaml b/_data/engine-cli-edge/docker_swarm_join-token.yaml deleted file mode 100644 index 61a73127df..0000000000 --- a/_data/engine-cli-edge/docker_swarm_join-token.yaml +++ /dev/null @@ -1,33 +0,0 @@ -command: docker swarm join-token -short: Manage join tokens -long: Manage join tokens -usage: docker swarm join-token [OPTIONS] (worker|manager) -pname: docker swarm -plink: docker_swarm.yaml -options: -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display token - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rotate - value_type: bool - default_value: "false" - description: Rotate join token - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_swarm_join.yaml b/_data/engine-cli-edge/docker_swarm_join.yaml deleted file mode 100644 index 8fdbcf5e59..0000000000 --- a/_data/engine-cli-edge/docker_swarm_join.yaml +++ /dev/null @@ -1,144 +0,0 @@ -command: docker swarm join -short: Join a swarm as a node and/or manager -long: |- - Join a node to a swarm. The node joins as a manager node or worker node based upon the token you - pass with the `--token` flag. If you pass a manager token, the node joins as a manager. If you - pass a worker token, the node joins as a worker. -usage: docker swarm join [OPTIONS] HOST:PORT -pname: docker swarm -plink: docker_swarm.yaml -options: -- option: advertise-addr - value_type: string - description: 'Advertised address (format: [:port])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: availability - value_type: string - default_value: active - description: Availability of the node ("active"|"pause"|"drain") - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: data-path-addr - value_type: string - description: | - Address or interface to use for data path traffic (format: ) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: listen-addr - value_type: node-addr - default_value: 0.0.0.0:2377 - description: 'Listen address (format: [:port])' - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: token - value_type: string - description: Token for entry into the swarm - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Join a node to swarm as a manager - - The example below demonstrates joining a manager node using a manager token. - - ```bash - $ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 192.168.99.121:2377 - This node joined a swarm as a manager. - $ docker node ls - ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS - dkp8vy1dq1kxleu9g4u78tlag * manager2 Ready Active Reachable - dvfxp4zseq4s0rih1selh0d20 manager1 Ready Active Leader - ``` - - A cluster should only have 3-7 managers at most, because a majority of managers must be available - for the cluster to function. Nodes that aren't meant to participate in this management quorum - should join as workers instead. Managers should be stable hosts that have static IP addresses. - - ### Join a node to swarm as a worker - - The example below demonstrates joining a worker node using a worker token. - - ```bash - $ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx 192.168.99.121:2377 - This node joined a swarm as a worker. - $ docker node ls - ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS - 7ln70fl22uw2dvjn2ft53m3q5 worker2 Ready Active - dkp8vy1dq1kxleu9g4u78tlag worker1 Ready Active Reachable - dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader - ``` - - ### `--listen-addr value` - - If the node is a manager, it will listen for inbound swarm manager traffic on this - address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a - network interface to listen on that interface's address; for example `--listen-addr eth0:2377`. - - Specifying a port is optional. If the value is a bare IP address, or interface - name, the default port 2377 will be used. - - This flag is generally not necessary when joining an existing swarm. - - ### `--advertise-addr value` - - This flag specifies the address that will be advertised to other members of the - swarm for API access. If unspecified, Docker will check if the system has a - single IP address, and use that IP address with the listening port (see - `--listen-addr`). If the system has multiple IP addresses, `--advertise-addr` - must be specified so that the correct address is chosen for inter-manager - communication and overlay networking. - - It is also possible to specify a network interface to advertise that interface's address; - for example `--advertise-addr eth0:2377`. - - Specifying a port is optional. If the value is a bare IP address, or interface - name, the default port 2377 will be used. - - This flag is generally not necessary when joining an existing swarm. If - you're joining new nodes through a load balancer, you should use this flag to - ensure the node advertises its IP address and not the IP address of the load - balancer. - - ### `--data-path-addr` - - This flag specifies the address that global scope network drivers will publish towards - other nodes in order to reach the containers running on this node. - Using this parameter it is then possible to separate the container's data traffic from the - management traffic of the cluster. - If unspecified, Docker will use the same IP address or interface that is used for the - advertise address. - - ### `--token string` - - Secret value required for nodes to join the swarm - - ### `--availability` - - This flag specifies the availability of the node at the time the node joins a master. - Possible availability values are `active`, `pause`, or `drain`. - - This flag is useful in certain situations. For example, a cluster may want to have - dedicated manager nodes that are not served as worker nodes. This could be achieved - by passing `--availability=drain` to `docker swarm join`. -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_swarm_leave.yaml b/_data/engine-cli-edge/docker_swarm_leave.yaml deleted file mode 100644 index fa9a9f2f3f..0000000000 --- a/_data/engine-cli-edge/docker_swarm_leave.yaml +++ /dev/null @@ -1,54 +0,0 @@ -command: docker swarm leave -short: Leave the swarm -long: |- - When you run this command on a worker, that worker leaves the swarm. - - You can use the `--force` option on a manager to remove it from the swarm. - However, this does not reconfigure the swarm to ensure that there are enough - managers to maintain a quorum in the swarm. The safe way to remove a manager - from a swarm is to demote it to a worker and then direct it to leave the quorum - without using `--force`. Only use `--force` in situations where the swarm will - no longer be used after the manager leaves, such as in a single-node swarm. -usage: docker swarm leave [OPTIONS] -pname: docker swarm -plink: docker_swarm.yaml -options: -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Force this node to leave the swarm, ignoring warnings - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - Consider the following swarm, as seen from the manager: - - ```bash - $ docker node ls - ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS - 7ln70fl22uw2dvjn2ft53m3q5 worker2 Ready Active - dkp8vy1dq1kxleu9g4u78tlag worker1 Ready Active - dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader - ``` - - To remove `worker2`, issue the following command from `worker2` itself: - - ```bash - $ docker swarm leave - Node left the default swarm. - ``` - - The node will still appear in the node list, and marked as `down`. It no longer - affects swarm operation, but a long list of `down` nodes can clutter the node - list. To remove an inactive node from the list, use the [`node rm`](node_rm.md) - command. -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_swarm_unlock-key.yaml b/_data/engine-cli-edge/docker_swarm_unlock-key.yaml deleted file mode 100644 index a714bccf67..0000000000 --- a/_data/engine-cli-edge/docker_swarm_unlock-key.yaml +++ /dev/null @@ -1,33 +0,0 @@ -command: docker swarm unlock-key -short: Manage the unlock key -long: Manage the unlock key -usage: docker swarm unlock-key [OPTIONS] -pname: docker swarm -plink: docker_swarm.yaml -options: -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display token - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: rotate - value_type: bool - default_value: "false" - description: Rotate unlock key - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_swarm_unlock.yaml b/_data/engine-cli-edge/docker_swarm_unlock.yaml deleted file mode 100644 index 1c35a0d596..0000000000 --- a/_data/engine-cli-edge/docker_swarm_unlock.yaml +++ /dev/null @@ -1,22 +0,0 @@ -command: docker swarm unlock -short: Unlock swarm -long: |- - Unlocks a locked manager using a user-supplied unlock key. This command must be - used to reactivate a manager after its Docker daemon restarts if the autolock - setting is turned on. The unlock key is printed at the time when autolock is - enabled, and is also available from the `docker swarm unlock-key` command. -usage: docker swarm unlock -pname: docker swarm -plink: docker_swarm.yaml -examples: |- - ```bash - $ docker swarm unlock - Please enter unlock key: - ``` -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_swarm_update.yaml b/_data/engine-cli-edge/docker_swarm_update.yaml deleted file mode 100644 index b0dcdd2815..0000000000 --- a/_data/engine-cli-edge/docker_swarm_update.yaml +++ /dev/null @@ -1,83 +0,0 @@ -command: docker swarm update -short: Update the swarm -long: Updates a swarm with new parameter values. This command must target a manager - node. -usage: docker swarm update [OPTIONS] -pname: docker swarm -plink: docker_swarm.yaml -options: -- option: autolock - value_type: bool - default_value: "false" - description: Change manager autolocking setting (true|false) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cert-expiry - value_type: duration - default_value: 2160h0m0s - description: Validity period for node certificates (ns|us|ms|s|m|h) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: dispatcher-heartbeat - value_type: duration - default_value: 5s - description: Dispatcher heartbeat period (ns|us|ms|s|m|h) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: external-ca - value_type: external-ca - description: Specifications of one or more certificate signing endpoints - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: max-snapshots - value_type: uint64 - default_value: "0" - description: Number of additional Raft snapshots to retain - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: snapshot-interval - value_type: uint64 - default_value: "10000" - description: Number of log entries between Raft snapshots - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: task-history-limit - value_type: int64 - default_value: "5" - description: Task history retention limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker swarm update --cert-expiry 720h - ``` -deprecated: false -min_api_version: "1.24" -experimental: false -experimentalcli: false -kubernetes: false -swarm: true - diff --git a/_data/engine-cli-edge/docker_system.yaml b/_data/engine-cli-edge/docker_system.yaml deleted file mode 100644 index a1bc57fcf2..0000000000 --- a/_data/engine-cli-edge/docker_system.yaml +++ /dev/null @@ -1,22 +0,0 @@ -command: docker system -short: Manage Docker -long: Manage Docker. -usage: docker system -pname: docker -plink: docker.yaml -cname: -- docker system df -- docker system events -- docker system info -- docker system prune -clink: -- docker_system_df.yaml -- docker_system_events.yaml -- docker_system_info.yaml -- docker_system_prune.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_system_df.yaml b/_data/engine-cli-edge/docker_system_df.yaml deleted file mode 100644 index 99954d3d5b..0000000000 --- a/_data/engine-cli-edge/docker_system_df.yaml +++ /dev/null @@ -1,79 +0,0 @@ -command: docker system df -short: Show docker disk usage -long: |- - The `docker system df` command displays information regarding the - amount of disk space used by the docker daemon. -usage: docker system df [OPTIONS] -pname: docker system -plink: docker_system.yaml -options: -- option: format - value_type: string - description: Pretty-print images using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: verbose - shorthand: v - value_type: bool - default_value: "false" - description: Show detailed information on space usage - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - By default the command will just show a summary of the data used: - - ```bash - $ docker system df - - TYPE TOTAL ACTIVE SIZE RECLAIMABLE - Images 5 2 16.43 MB 11.63 MB (70%) - Containers 2 0 212 B 212 B (100%) - Local Volumes 2 1 36 B 0 B (0%) - ``` - - A more detailed view can be requested using the `-v, --verbose` flag: - - ```bash - $ docker system df -v - - Images space usage: - - REPOSITORY TAG IMAGE ID CREATED SIZE SHARED SIZE UNIQUE SIZE CONTAINERS - my-curl latest b2789dd875bf 6 minutes ago 11 MB 11 MB 5 B 0 - my-jq latest ae67841be6d0 6 minutes ago 9.623 MB 8.991 MB 632.1 kB 0 - a0971c4015c1 6 minutes ago 11 MB 11 MB 0 B 0 - alpine latest 4e38e38c8ce0 9 weeks ago 4.799 MB 0 B 4.799 MB 1 - alpine 3.3 47cf20d8c26c 9 weeks ago 4.797 MB 4.797 MB 0 B 1 - - Containers space usage: - - CONTAINER ID IMAGE COMMAND LOCAL VOLUMES SIZE CREATED STATUS NAMES - 4a7f7eebae0f alpine:latest "sh" 1 0 B 16 minutes ago Exited (0) 5 minutes ago hopeful_yalow - f98f9c2aa1ea alpine:3.3 "sh" 1 212 B 16 minutes ago Exited (0) 48 seconds ago anon-vol - - Local Volumes space usage: - - NAME LINKS SIZE - 07c7bdf3e34ab76d921894c2b834f073721fccfbbcba792aa7648e3a7a664c2e 2 36 B - my-named-vol 0 0 B - ``` - - * `SHARED SIZE` is the amount of space that an image shares with another one (i.e. their common data) - * `UNIQUE SIZE` is the amount of space that is only used by a given image - * `SIZE` is the virtual size of the image, it is the sum of `SHARED SIZE` and `UNIQUE SIZE` - - > **Note**: Network information is not shown because it doesn't consume the disk - > space. -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_system_events.yaml b/_data/engine-cli-edge/docker_system_events.yaml deleted file mode 100644 index 8f584ace55..0000000000 --- a/_data/engine-cli-edge/docker_system_events.yaml +++ /dev/null @@ -1,357 +0,0 @@ -command: docker system events -short: Get real time events from the server -long: |- - Use `docker system events` to get real-time events from the server. These - events differ per Docker object type. - - ### Object types - - #### Containers - - Docker containers report the following events: - - - `attach` - - `commit` - - `copy` - - `create` - - `destroy` - - `detach` - - `die` - - `exec_create` - - `exec_detach` - - `exec_start` - - `export` - - `health_status` - - `kill` - - `oom` - - `pause` - - `rename` - - `resize` - - `restart` - - `start` - - `stop` - - `top` - - `unpause` - - `update` - - #### Images - - Docker images report the following events: - - - `delete` - - `import` - - `load` - - `pull` - - `push` - - `save` - - `tag` - - `untag` - - #### Plugins - - Docker plugins report the following events: - - - `install` - - `enable` - - `disable` - - `remove` - - #### Volumes - - Docker volumes report the following events: - - - `create` - - `mount` - - `unmount` - - `destroy` - - #### Networks - - Docker networks report the following events: - - - `create` - - `connect` - - `disconnect` - - `destroy` - - #### Daemons - - Docker daemons report the following events: - - - `reload` - - ### Limiting, filtering, and formatting the output - - #### Limit events by time - - The `--since` and `--until` parameters can be Unix timestamps, date formatted - timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed - relative to the client machine’s time. If you do not provide the `--since` option, - the command returns only new and/or live events. Supported formats for date - formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, - `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local - timezone on the client will be used if you do not provide either a `Z` or a - `+-00:00` timezone offset at the end of the timestamp. When providing Unix - timestamps enter seconds[.nanoseconds], where seconds is the number of seconds - that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap - seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a - fraction of a second no more than nine digits long. - - #### Filtering - - The filtering flag (`-f` or `--filter`) format is of "key=value". If you would - like to use multiple filters, pass multiple flags (e.g., - `--filter "foo=bar" --filter "bif=baz"`) - - Using the same filter multiple times will be handled as a *OR*; for example - `--filter container=588a23dac085 --filter container=a8f7720b8c22` will display - events for container 588a23dac085 *OR* container a8f7720b8c22 - - Using multiple filters will be handled as a *AND*; for example - `--filter container=588a23dac085 --filter event=start` will display events for - container container 588a23dac085 *AND* the event type is *start* - - The currently supported filters are: - - * container (`container=`) - * daemon (`daemon=`) - * event (`event=`) - * image (`image=`) - * label (`label=` or `label==`) - * network (`network=`) - * plugin (`plugin=`) - * type (`type=`) - * volume (`volume=`) - - #### Format - - If a format (`--format`) is specified, the given template will be executed - instead of the default - format. Go's [text/template](http://golang.org/pkg/text/template/) package - describes all the details of the format. - - If a format is set to `{{json .}}`, the events are streamed as valid JSON - Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . -usage: docker system events [OPTIONS] -pname: docker system -plink: docker_system.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Filter output based on conditions provided - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: since - value_type: string - description: Show all events created since timestamp - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: until - value_type: string - description: Stream events until this timestamp - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Basic example - - You'll need two shells for this example. - - **Shell 1: Listening for events:** - - ```bash - $ docker system events - ``` - - **Shell 2: Start and Stop containers:** - - ```bash - $ docker create --name test alpine:latest top - $ docker start test - $ docker stop test - ``` - - **Shell 1: (Again .. now showing events):** - - ```none - 2017-01-05T00:35:58.859401177+08:00 container create 0fdb48addc82871eb34eb23a847cfd033dedd1a0a37bef2e6d9eb3870fc7ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1f5ceda09d4300f3a846f0acfaa9a8bb0d89e775eb744c5acecd60e0529e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - ``` - - To exit the `docker system events` command, use `CTRL+C`. - - ### Filter events by time - - You can filter the output by an absolute timestamp or relative time on the host - machine, using the following different time syntaxes: - - ```bash - $ docker system events --since 1483283804 - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - - $ docker system events --since '2017-01-05' - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - - $ docker system events --since '2013-09-03T15:49:29' - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - - $ docker system events --since '10m' - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - ``` - - ### Filter events by criteria - - The following commands show several different ways to filter the `docker event` - output. - - ```bash - $ docker system events --filter 'event=stop' - - 2017-01-05T00:40:22.880175420+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:41:17.888104182+08:00 container stop 2a8f...4e78 (image=alpine, name=kickass_brattain) - - $ docker system events --filter 'image=alpine' - - 2017-01-05T00:41:55.784240236+08:00 container create d9cd...4d70 (image=alpine, name=happy_meitner) - 2017-01-05T00:41:55.913156783+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) - 2017-01-05T00:42:01.106875249+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=15) - 2017-01-05T00:42:11.111934041+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=9) - 2017-01-05T00:42:11.119578204+08:00 container die d9cd...4d70 (exitCode=137, image=alpine, name=happy_meitner) - 2017-01-05T00:42:11.173276611+08:00 container stop d9cd...4d70 (image=alpine, name=happy_meitner) - - $ docker system events --filter 'container=test' - - 2017-01-05T00:43:00.139719934+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:43:09.259951086+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:43:09.270102715+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:43:09.312556440+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - - $ docker system events --filter 'container=test' --filter 'container=d9cdb1525ea8' - - 2017-01-05T00:44:11.517071981+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:44:17.685870901+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) - 2017-01-05T00:44:29.757658470+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=9) - 2017-01-05T00:44:29.767718510+08:00 container die 0fdb...ff37 (exitCode=137, image=alpine:latest, name=test) - 2017-01-05T00:44:29.815798344+08:00 container destroy 0fdb...ff37 (image=alpine:latest, name=test) - - $ docker system events --filter 'container=test' --filter 'event=stop' - - 2017-01-05T00:46:13.664099505+08:00 container stop a9d1...e130 (image=alpine, name=test) - - $ docker system events --filter 'type=volume' - - 2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) - 2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562f...5025, destination=/foo, driver=local, propagation=rprivate) - 2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562f...5025, driver=local) - 2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) - - $ docker system events --filter 'type=network' - - 2015-12-23T21:38:24.705709133Z network create 8b11...2c5b (name=test-event-network-local, type=bridge) - 2015-12-23T21:38:25.119625123Z network connect 8b11...2c5b (name=test-event-network-local, container=b4be...c54e, type=bridge) - - $ docker system events --filter 'container=container_1' --filter 'container=container_2' - - 2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) - 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) - 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8) - 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) - - $ docker system events --filter 'type=volume' - - 2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) - 2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate) - 2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local) - 2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) - - $ docker system events --filter 'type=network' - - 2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge) - 2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) - - $ docker system events --filter 'type=plugin' - - 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) - 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) - ``` - - ### Format the output - - ```bash - $ docker system events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}' - - Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=attach ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=start ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=resize ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=die ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - ``` - - #### Format as JSON - - ```none - $ docker system events --format '{{json .}}' - - {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. - {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. - {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_system_info.yaml b/_data/engine-cli-edge/docker_system_info.yaml deleted file mode 100644 index 9662751bf0..0000000000 --- a/_data/engine-cli-edge/docker_system_info.yaml +++ /dev/null @@ -1,22 +0,0 @@ -command: docker system info -short: Display system-wide information -long: Display system-wide information -usage: docker system info [OPTIONS] -pname: docker system -plink: docker_system.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_system_prune.yaml b/_data/engine-cli-edge/docker_system_prune.yaml deleted file mode 100644 index 2cad5d8db4..0000000000 --- a/_data/engine-cli-edge/docker_system_prune.yaml +++ /dev/null @@ -1,159 +0,0 @@ -command: docker system prune -short: Remove unused data -long: |- - Remove all unused containers, networks, images (both dangling and unreferenced), - and optionally, volumes. -usage: docker system prune [OPTIONS] -pname: docker system -plink: docker_system.yaml -options: -- option: all - shorthand: a - value_type: bool - default_value: "false" - description: Remove all unused images not just dangling ones - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: filter - value_type: filter - description: Provide filter values (e.g. 'label==') - deprecated: false - min_api_version: "1.28" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: Do not prompt for confirmation - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: volumes - value_type: bool - default_value: "false" - description: Prune volumes - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker system prune - - WARNING! This will remove: - - all stopped containers - - all networks not used by at least one container - - all dangling images - - all build cache - Are you sure you want to continue? [y/N] y - - Deleted Containers: - f44f9b81948b3919590d5f79a680d8378f1139b41952e219830a33027c80c867 - 792776e68ac9d75bce4092bc1b5cc17b779bc926ab04f4185aec9bf1c0d4641f - - Deleted Networks: - network1 - network2 - - Deleted Images: - untagged: hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f - deleted: sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57 - deleted: sha256:45761469c965421a92a69cc50e92c01e0cfa94fe026cdd1233445ea00e96289a - - Total reclaimed space: 1.84kB - ``` - - By default, volumes are not removed to prevent important data from being - deleted if there is currently no container using the volume. Use the `--volumes` - flag when running the command to prune volumes as well: - - ```bash - $ docker system prune -a --volumes - - WARNING! This will remove: - - all stopped containers - - all networks not used by at least one container - - all volumes not used by at least one container - - all images without at least one container associated to them - - all build cache - Are you sure you want to continue? [y/N] y - - Deleted Containers: - 0998aa37185a1a7036b0e12cf1ac1b6442dcfa30a5c9650a42ed5010046f195b - 73958bfb884fa81fa4cc6baf61055667e940ea2357b4036acbbe25a60f442a4d - - Deleted Networks: - my-network-a - my-network-b - - Deleted Volumes: - named-vol - - Deleted Images: - untagged: my-curl:latest - deleted: sha256:7d88582121f2a29031d92017754d62a0d1a215c97e8f0106c586546e7404447d - deleted: sha256:dd14a93d83593d4024152f85d7c63f76aaa4e73e228377ba1d130ef5149f4d8b - untagged: alpine:3.3 - deleted: sha256:695f3d04125db3266d4ab7bbb3c6b23aa4293923e762aa2562c54f49a28f009f - untagged: alpine:latest - deleted: sha256:ee4603260daafe1a8c2f3b78fd760922918ab2441cbb2853ed5c439e59c52f96 - deleted: sha256:9007f5987db353ec398a223bc5a135c5a9601798ba20a1abba537ea2f8ac765f - deleted: sha256:71fa90c8f04769c9721459d5aa0936db640b92c8c91c9b589b54abd412d120ab - deleted: sha256:bb1c3357b3c30ece26e6604aea7d2ec0ace4166ff34c3616701279c22444c0f3 - untagged: my-jq:latest - deleted: sha256:6e66d724542af9bc4c4abf4a909791d7260b6d0110d8e220708b09e4ee1322e1 - deleted: sha256:07b3fa89d4b17009eb3988dfc592c7d30ab3ba52d2007832dffcf6d40e3eda7f - deleted: sha256:3a88a5c81eb5c283e72db2dbc6d65cbfd8e80b6c89bb6e714cfaaa0eed99c548 - - Total reclaimed space: 13.5 MB - ``` - - > **Note**: The `--volumes` option was added in Docker 17.06.1. Older versions - > of Docker prune volumes by default, along with other Docker objects. On older - > versions, run `docker container prune`, `docker network prune`, and - > `docker image prune` separately to remove unused containers, networks, and - > images, without removing volumes. - - - ### Filtering - - The filtering flag (`--filter`) format is of "key=value". If there is more - than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - - The currently supported filters are: - - * until (``) - only remove containers, images, and networks created before given timestamp - * label (`label=`, `label==`, `label!=`, or `label!==`) - only remove containers, images, networks, and volumes with (or without, in case `label!=...` is used) the specified labels. - - The `until` filter can be Unix timestamps, date formatted - timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed - relative to the daemon machine’s time. Supported formats for date - formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, - `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local - timezone on the daemon will be used if you do not provide either a `Z` or a - `+-00:00` timezone offset at the end of the timestamp. When providing Unix - timestamps enter seconds[.nanoseconds], where seconds is the number of seconds - that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap - seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a - fraction of a second no more than nine digits long. - - The `label` filter accepts two formats. One is the `label=...` (`label=` or `label==`), - which removes containers, images, networks, and volumes with the specified labels. The other - format is the `label!=...` (`label!=` or `label!==`), which removes - containers, images, networks, and volumes without the specified labels. -deprecated: false -min_api_version: "1.25" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_tag.yaml b/_data/engine-cli-edge/docker_tag.yaml deleted file mode 100644 index 969be4c94a..0000000000 --- a/_data/engine-cli-edge/docker_tag.yaml +++ /dev/null @@ -1,66 +0,0 @@ -command: docker tag -short: Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE -long: |- - An image name is made up of slash-separated name components, optionally prefixed - by a registry hostname. The hostname must comply with standard DNS rules, but - may not contain underscores. If a hostname is present, it may optionally be - followed by a port number in the format `:8080`. If not present, the command - uses Docker's public registry located at `registry-1.docker.io` by default. Name - components may contain lowercase letters, digits and separators. A separator - is defined as a period, one or two underscores, or one or more dashes. A name - component may not start or end with a separator. - - A tag name must be valid ASCII and may contain lowercase and uppercase letters, - digits, underscores, periods and dashes. A tag name may not start with a - period or a dash and may contain a maximum of 128 characters. - - You can group your images together using names and tags, and then upload them - to [*Share Images via Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/#/contributing-to-docker-hub). -usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] -pname: docker -plink: docker.yaml -examples: |- - ### Tag an image referenced by ID - - To tag a local image with ID "0e5574283393" into the "fedora" repository with - "version1.0": - - ```bash - $ docker tag 0e5574283393 fedora/httpd:version1.0 - ``` - - ### Tag an image referenced by Name - - To tag a local image with name "httpd" into the "fedora" repository with - "version1.0": - - ```bash - $ docker tag httpd fedora/httpd:version1.0 - ``` - - Note that since the tag name is not specified, the alias is created for an - existing local version `httpd:latest`. - - ### Tag an image referenced by Name and Tag - - To tag a local image with name "httpd" and tag "test" into the "fedora" - repository with "version1.0.test": - - ```bash - $ docker tag httpd:test fedora/httpd:version1.0.test - ``` - - ### Tag an image for a private repository - - To push an image to a private registry and not the central Docker - registry you must tag it with the registry hostname and port (if needed). - - ```bash - $ docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_top.yaml b/_data/engine-cli-edge/docker_top.yaml deleted file mode 100644 index 100de43b61..0000000000 --- a/_data/engine-cli-edge/docker_top.yaml +++ /dev/null @@ -1,12 +0,0 @@ -command: docker top -short: Display the running processes of a container -long: Display the running processes of a container -usage: docker top CONTAINER [ps OPTIONS] -pname: docker -plink: docker.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_trust.yaml b/_data/engine-cli-edge/docker_trust.yaml deleted file mode 100644 index d3219d7407..0000000000 --- a/_data/engine-cli-edge/docker_trust.yaml +++ /dev/null @@ -1,24 +0,0 @@ -command: docker trust -short: Manage trust on Docker images -long: Manage trust on Docker images -usage: docker trust -pname: docker -plink: docker.yaml -cname: -- docker trust inspect -- docker trust key -- docker trust revoke -- docker trust sign -- docker trust signer -clink: -- docker_trust_inspect.yaml -- docker_trust_key.yaml -- docker_trust_revoke.yaml -- docker_trust_sign.yaml -- docker_trust_signer.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_trust_inspect.yaml b/_data/engine-cli-edge/docker_trust_inspect.yaml deleted file mode 100644 index 8e4034ce52..0000000000 --- a/_data/engine-cli-edge/docker_trust_inspect.yaml +++ /dev/null @@ -1,173 +0,0 @@ -command: docker trust inspect -short: Return low-level information about keys and signatures -long: |- - `docker trust inspect` provides low-level JSON information on signed repositories. - This includes all image tags that are signed, who signed them, and who can sign - new tags. -usage: docker trust inspect IMAGE[:TAG] [IMAGE[:TAG]...] -pname: docker trust -plink: docker_trust.yaml -options: -- option: pretty - value_type: bool - default_value: "false" - description: Print the information in a human friendly format - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: "### Get low-level details about signatures for a single image tag\n\nUse - the `docker trust inspect` to get trust information about an image. The\nfollowing - example prints trust information for the `alpine:latest` image:\n\n```bash\n$ docker - trust inspect alpine:latest\n[\n {\n \"Name\": \"alpine:latest\",\n \"SignedTags\": - [\n {\n \"SignedTag\": \"latest\",\n \"Digest\": \"d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478\",\n - \ \"Signers\": [\n \"Repo Admin\"\n ]\n }\n ],\n \"Signers\": - [],\n \"AdminstrativeKeys\": [\n {\n \"Name\": \"Repository\",\n - \ \"Keys\": [\n {\n \"ID\": \"5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\"\n - \ }\n ]\n },\n {\n \"Name\": \"Root\",\n \"Keys\": - [\n {\n \"ID\": \"a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\"\n - \ }\n ]\n }\n ]\n }\n]\n```\n\nThe `SignedTags` key will - list the `SignedTag` name, its `Digest`,\nand the `Signers` responsible for the - signature.\n\n`AdministrativeKeys` will list the `Repository` and `Root` keys.\n\nIf - signers are set up for the repository via other `docker trust`\ncommands, `docker - trust inspect` includes a `Signers` key:\n\n```bash\n$ docker trust inspect my-image:purple\n[\n - \ {\n \"Name\": \"my-image:purple\",\n \"SignedTags\": [\n {\n \"SignedTag\": - \"purple\",\n \"Digest\": \"941d3dba358621ce3c41ef67b47cf80f701ff80cdf46b5cc86587eaebfe45557\",\n - \ \"Signers\": [\n \"alice\",\n \"bob\",\n \"carol\"\n - \ ]\n }\n ],\n \"Signers\": [\n {\n \"Name\": \"alice\",\n - \ \"Keys\": [\n {\n \"ID\": \"04dd031411ed671ae1e12f47ddc8646d98f135090b01e54c3561e843084484a3\"\n - \ },\n {\n \"ID\": \"6a11e4898a4014d400332ab0e096308c844584ff70943cdd1d6628d577f45fd8\"\n - \ }\n ]\n },\n {\n \"Name\": \"bob\",\n \"Keys\": - [\n {\n \"ID\": \"433e245c656ae9733cdcc504bfa560f90950104442c4528c9616daa45824ccba\"\n - \ }\n ]\n },\n {\n \"Name\": \"carol\",\n \"Keys\": - [\n {\n \"ID\": \"d32fa8b5ca08273a2880f455fcb318da3dc80aeae1a30610815140deef8f30d9\"\n - \ },\n {\n \"ID\": \"9a8bbec6ba2af88a5fad6047d428d17e6d05dbdd03d15b4fc8a9a0e8049cd606\"\n - \ }\n ]\n }\n ],\n \"AdminstrativeKeys\": [\n {\n - \ \"Name\": \"Repository\",\n \"Keys\": [\n {\n \"ID\": - \"27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44\"\n }\n - \ ]\n },\n {\n \"Name\": \"Root\",\n \"Keys\": [\n - \ {\n \"ID\": \"40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f\"\n - \ }\n ]\n }\n ]\n }\n]\n```\n\nIf the image tag is unsigned - or unavailable, `docker trust inspect` does not\ndisplay any signed tags.\n\n```bash\n$ - docker trust inspect unsigned-img\nNo signatures or cannot access unsigned-img\n```\n\nHowever, - if other tags are signed in the same image repository,\n`docker trust inspect` reports - relevant key information:\n\n```bash\n$ docker trust inspect alpine:unsigned\n[\n - \ {\n \"Name\": \"alpine:unsigned\",\n \"Signers\": [],\n \"AdminstrativeKeys\": - [\n {\n \"Name\": \"Repository\",\n \"Keys\": [\n {\n - \ \"ID\": \"5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\"\n - \ }\n ]\n },\n {\n \"Name\": \"Root\",\n \"Keys\": - [\n {\n \"ID\": \"a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\"\n - \ }\n ]\n }\n ]\n }\n]\n```\n\n### Get details about signatures - for all image tags in a repository\n\nIf no tag is specified, `docker trust inspect` - will report details for all\nsigned tags in the repository:\n\n```bash\n$ docker - trust inspect alpine\n[\n {\n \"Name\": \"alpine\",\n \"SignedTags\": - [\n {\n \"SignedTag\": \"3.5\",\n \"Digest\": - \"b007a354427e1880de9cdba533e8e57382b7f2853a68a478a17d447b302c219c\",\n \"Signers\": - [\n \"Repo Admin\"\n ]\n },\n {\n - \ \"SignedTag\": \"3.6\",\n \"Digest\": \"d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478\",\n - \ \"Signers\": [\n \"Repo Admin\"\n ]\n - \ },\n {\n \"SignedTag\": \"edge\",\n \"Digest\": - \"23e7d843e63a3eee29b6b8cfcd10e23dd1ef28f47251a985606a31040bf8e096\",\n \"Signers\": - [\n \"Repo Admin\"\n ]\n },\n {\n - \ \"SignedTag\": \"latest\",\n \"Digest\": \"d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478\",\n - \ \"Signers\": [\n \"Repo Admin\"\n ]\n - \ }\n ],\n \"Signers\": [],\n \"AdminstrativeKeys\": - [\n {\n \"Name\": \"Repository\",\n \"Keys\": - [\n {\n \"ID\": \"5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\"\n - \ }\n ]\n },\n {\n \"Name\": - \"Root\",\n \"Keys\": [\n {\n \"ID\": - \"a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\"\n }\n - \ ]\n }\n ]\n }\n]\n```\n\n\n### Get details - about signatures for multiple images\n\n`docker trust inspect` can take multiple - repositories and images as arguments,\nand reports the results in an ordered list:\n\n```bash\n$ - docker trust inspect alpine notary\n[\n {\n \"Name\": \"alpine\",\n \"SignedTags\": - [\n {\n \"SignedTag\": \"3.5\",\n \"Digest\": - \"b007a354427e1880de9cdba533e8e57382b7f2853a68a478a17d447b302c219c\",\n \"Signers\": - [\n \"Repo Admin\"\n ]\n },\n {\n - \ \"SignedTag\": \"3.6\",\n \"Digest\": \"d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478\",\n - \ \"Signers\": [\n \"Repo Admin\"\n ]\n - \ },\n {\n \"SignedTag\": \"edge\",\n \"Digest\": - \"23e7d843e63a3eee29b6b8cfcd10e23dd1ef28f47251a985606a31040bf8e096\",\n \"Signers\": - [\n \"Repo Admin\"\n ]\n },\n {\n - \ \"SignedTag\": \"integ-test-base\",\n \"Digest\": - \"3952dc48dcc4136ccdde37fbef7e250346538a55a0366e3fccc683336377e372\",\n \"Signers\": - [\n \"Repo Admin\"\n ]\n },\n {\n - \ \"SignedTag\": \"latest\",\n \"Digest\": \"d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478\",\n - \ \"Signers\": [\n \"Repo Admin\"\n ]\n - \ }\n ],\n \"Signers\": [],\n \"AdminstrativeKeys\": - [\n {\n \"Name\": \"Repository\",\n \"Keys\": - [\n {\n \"ID\": \"5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\"\n - \ }\n ]\n },\n {\n \"Name\": - \"Root\",\n \"Keys\": [\n {\n \"ID\": - \"a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\"\n }\n - \ ]\n }\n ]\n },\n {\n \"Name\": \"notary\",\n - \ \"SignedTags\": [\n {\n \"SignedTag\": \"server\",\n - \ \"Digest\": \"71f64ab718a3331dee103bc5afc6bc492914738ce37c2d2f127a8133714ecf5c\",\n - \ \"Signers\": [\n \"Repo Admin\"\n ]\n - \ },\n {\n \"SignedTag\": \"signer\",\n \"Digest\": - \"a6122d79b1e74f70b5dd933b18a6d1f99329a4728011079f06b245205f158fe8\",\n \"Signers\": - [\n \"Repo Admin\"\n ]\n }\n ],\n - \ \"Signers\": [],\n \"AdminstrativeKeys\": [\n {\n \"Name\": - \"Root\",\n \"Keys\": [\n {\n \"ID\": - \"8cdcdef5bd039f4ab5a029126951b5985eebf57cabdcdc4d21f5b3be8bb4ce92\"\n }\n - \ ]\n },\n {\n \"Name\": \"Repository\",\n - \ \"Keys\": [\n {\n \"ID\": - \"85bfd031017722f950d480a721f845a2944db26a3dc084040a70f1b0d9bbb3df\"\n }\n - \ ]\n }\n ]\n }\n]\n```\n\n### Formatting\n\nYou - can print the inspect output in a human-readable format instead of the default\nJSON - output, by using the `--pretty` option:\n\n### Get details about signatures for - a single image tag\n\n```bash\n$ docker trust inspect --pretty alpine:latest\n\nSIGNED - TAG DIGEST SIGNERS\nlatest - \ 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo - Admin)\n\nAdministrative keys for alpine:latest:\nRepository Key:\t5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\nRoot - Key:\ta2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\n```\n\nThe - `SIGNED TAG` is the signed image tag with a unique content-addressable\n`DIGEST`. - `SIGNERS` lists all entities who have signed.\n\nThe administrative keys listed - specify the root key of trust, as well as\nthe administrative repository key. These - keys are responsible for modifying\nsigners, and rotating keys for the signed repository.\n\nIf - signers are set up for the repository via other `docker trust` commands,\n`docker - trust inspect --pretty` displays them appropriately as a `SIGNER`\nand specify their - `KEYS`:\n\n```bash\n$ docker trust inspect --pretty my-image:purple\nSIGNED TAG - \ DIGEST SIGNERS\npurple - \ 941d3dba358621ce3c41ef67b47cf80f701ff80cdf46b5cc86587eaebfe45557 alice, - bob, carol\n\nList of signers and their keys:\n\nSIGNER KEYS\nalice - \ 47caae5b3e61, a85aab9d20a4\nbob 034370bcbd77, 82a66673242c\ncarol - \ b6f9f8e1aab0\n\nAdministrative keys for my-image:\nRepository Key:\t27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44\nRoot - Key:\t40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f\n```\n\nHowever, - if other tags are signed in the same image repository,\n`docker trust inspect` reports - relevant key information.\n\n```bash\n$ docker trust inspect --pretty alpine:unsigned\n\nNo - signatures for alpine:unsigned\n\n\nAdministrative keys for alpine:unsigned:\nRepository - Key:\t5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\nRoot Key:\ta2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\n```\n\n### - Get details about signatures for all image tags in a repository\n\n```bash\n$ docker - trust inspect --pretty alpine\nSIGNED TAG DIGEST SIGNERS\n2.6 - \ 9ace551613070689a12857d62c30ef0daa9a376107ec0fff0e34786cedb3399b - \ (Repo Admin)\n2.7 9f08005dff552038f0ad2f46b8e65ff3d25641747d3912e3ea8da6785046561a - \ (Repo Admin)\n3.1 d9477888b78e8c6392e0be8b2e73f8c67e2894ff9d4b8e467d1488fcceec21c8 - \ (Repo Admin)\n3.2 19826d59171c2eb7e90ce52bfd822993bef6a6fe3ae6bb4a49f8c1d0a01e99c7 - \ (Repo Admin)\n3.3 8fd4b76819e1e5baac82bd0a3d03abfe3906e034cc5ee32100d12aaaf3956dc7 - \ (Repo Admin)\n3.4 833ad81ace8277324f3ca8c91c02bdcf1d13988d8ecf8a3f97ecdd69d0390ce9 - \ (Repo Admin)\n3.5 af2a5bd2f8de8fc1ecabf1c76611cdc6a5f1ada1a2bdd7d3816e121b70300308 - \ (Repo Admin)\n3.6 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe - \ (Repo Admin)\nedge 79d50d15bd7ea48ea00cf3dd343b0e740c1afaa8e899bee475236ef338e1b53b - \ (Repo Admin)\nlatest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe - \ (Repo Admin)\n\nAdministrative keys for alpine:\nRepository Key:\t5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\nRoot - Key:\ta2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\n```\n\nHere's - an example with signers that are set up by `docker trust` commands:\n\n```bash\n$ - docker trust inspect --pretty my-image\nSIGNED TAG DIGEST SIGNERS\nred - \ 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943 - \ alice\nblue f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 - \ alice, bob\ngreen cae8fedc840f90c8057e1c24637d11865743ab1e61a972c1c9da06ec2de9a139 - \ alice, bob\nyellow 9cc65fc3126790e683d1b92f307a71f48f75fa7dd47a7b03145a123eaf0b45ba - \ carol\npurple 941d3dba358621ce3c41ef67b47cf80f701ff80cdf46b5cc86587eaebfe45557 - \ alice, bob, carol\norange d6c271baa6d271bcc24ef1cbd65abf39123c17d2e83455bdab545a1a9093fc1c - \ alice\n\nList of signers and their keys for my-image:\n\nSIGNER KEYS\nalice - \ 47caae5b3e61, a85aab9d20a4\nbob 034370bcbd77, 82a66673242c\ncarol - \ b6f9f8e1aab0\n\nAdministrative keys for my-image:\nRepository Key:\t27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44\nRoot - Key:\t40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f\n```" -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_trust_key.yaml b/_data/engine-cli-edge/docker_trust_key.yaml deleted file mode 100644 index c6bee2f411..0000000000 --- a/_data/engine-cli-edge/docker_trust_key.yaml +++ /dev/null @@ -1,18 +0,0 @@ -command: docker trust key -short: Manage keys for signing Docker images -long: Manage keys for signing Docker images -usage: docker trust key -pname: docker trust -plink: docker_trust.yaml -cname: -- docker trust key generate -- docker trust key load -clink: -- docker_trust_key_generate.yaml -- docker_trust_key_load.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_trust_key_generate.yaml b/_data/engine-cli-edge/docker_trust_key_generate.yaml deleted file mode 100644 index 6431db6305..0000000000 --- a/_data/engine-cli-edge/docker_trust_key_generate.yaml +++ /dev/null @@ -1,21 +0,0 @@ -command: docker trust key generate -short: Generate and load a signing key-pair -long: Generate and load a signing key-pair -usage: docker trust key generate NAME -pname: docker trust key -plink: docker_trust_key.yaml -options: -- option: dir - value_type: string - description: Directory to generate key in, defaults to current directory - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_trust_key_load.yaml b/_data/engine-cli-edge/docker_trust_key_load.yaml deleted file mode 100644 index b215aaa98b..0000000000 --- a/_data/engine-cli-edge/docker_trust_key_load.yaml +++ /dev/null @@ -1,22 +0,0 @@ -command: docker trust key load -short: Load a private key file for signing -long: Load a private key file for signing -usage: docker trust key load [OPTIONS] KEYFILE -pname: docker trust key -plink: docker_trust_key.yaml -options: -- option: name - value_type: string - default_value: signer - description: Name for the loaded key - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_trust_revoke.yaml b/_data/engine-cli-edge/docker_trust_revoke.yaml deleted file mode 100644 index 76a3aac27c..0000000000 --- a/_data/engine-cli-edge/docker_trust_revoke.yaml +++ /dev/null @@ -1,61 +0,0 @@ -command: docker trust revoke -short: Remove trust for an image -long: '`docker trust revoke` removes signatures from tags in signed repositories.' -usage: docker trust revoke [OPTIONS] IMAGE[:TAG] -pname: docker trust -plink: docker_trust.yaml -options: -- option: "yes" - shorthand: "y" - value_type: bool - default_value: "false" - description: Do not prompt for confirmation - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: "### Revoke signatures from a signed tag\n\nHere's an example of a repo - with two signed tags:\n\n\n```bash\n$ docker trust view example/trust-demo\nSIGNED - TAG DIGEST SIGNERS\nred - \ 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943 - \ alice\nblue f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 - \ alice, bob\n\nList of signers and their keys for example/trust-demo:\n\nSIGNER - \ KEYS\nalice 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative - keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot - Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```\n\nWhen - `alice`, one of the signers, runs `docker trust revoke`:\n\n```bash\n$ docker trust - revoke example/trust-demo:red\nEnter passphrase for delegation key with ID 27d42a8:\nSuccessfully - deleted signature for example/trust-demo:red\n```\n\nAfter revocation, the tag is - removed from the list of released tags:\n\n```bash\n$ docker trust view example/trust-demo\nSIGNED - TAG DIGEST SIGNERS\nblue - \ f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 - \ alice, bob\n\nList of signers and their keys for example/trust-demo:\n\nSIGNER - \ KEYS\nalice 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative - keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot - Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```\n\n### - Revoke signatures on all tags in a repository\n\nWhen no tag is specified, `docker - trust` revokes all signatures that you have a signing key for.\n\n```bash\n$ docker - trust view example/trust-demo\nSIGNED TAG DIGEST SIGNERS\nred - \ 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943 - \ alice\nblue f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 - \ alice, bob\n\nList of signers and their keys for example/trust-demo:\n\nSIGNER - \ KEYS\nalice 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative - keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot - Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```\n\nWhen - `alice`, one of the signers, runs `docker trust revoke`:\n\n```bash\n$ docker trust - revoke example/trust-demo\nPlease confirm you would like to delete all signature - data for example/trust-demo? [y/N] y\nEnter passphrase for delegation key with ID - 27d42a8:\nSuccessfully deleted signature for example/trust-demo\n```\n\nAll tags - that have `alice`'s signature on them are removed from the list of released tags:\n\n```bash\n$ - docker trust view example/trust-demo\n\nNo signatures for example/trust-demo\n\n\nList - of signers and their keys for example/trust-demo:\n\nSIGNER KEYS\nalice - \ 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative - keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot - Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```" -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_trust_sign.yaml b/_data/engine-cli-edge/docker_trust_sign.yaml deleted file mode 100644 index b42c46e27a..0000000000 --- a/_data/engine-cli-edge/docker_trust_sign.yaml +++ /dev/null @@ -1,60 +0,0 @@ -command: docker trust sign -short: Sign an image -long: '`docker trust sign` adds signatures to tags to create signed repositories.' -usage: docker trust sign IMAGE:TAG -pname: docker trust -plink: docker_trust.yaml -options: -- option: local - value_type: bool - default_value: "false" - description: Sign a locally tagged image - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: "### Sign a tag as a repo admin\n\nGiven an image:\n\n```bash\n$ docker - trust view example/trust-demo\nSIGNED TAG DIGEST SIGNERS\nv1 - \ c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 - \ (Repo Admin)\n\nAdministrative keys for example/trust-demo:\nRepository Key:\t36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942\nRoot - Key:\t246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b\n```\n\nSign - a new tag with `docker trust sign`:\n\n```bash\n$ docker trust sign example/trust-demo:v2\nSigning - and pushing trust metadata for example/trust-demo:v2\nThe push refers to a repository - [docker.io/example/trust-demo]\need4e566104a: Layer already exists\n77edfb6d1e3c: - Layer already exists\nc69f806905c2: Layer already exists\n582f327616f1: Layer already - exists\na3fbb648f0bd: Layer already exists\n5eac2de68a97: Layer already exists\n8d4d1ab5ff74: - Layer already exists\nv2: digest: sha256:8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 - size: 1787\nSigning and pushing trust metadata\nEnter passphrase for repository - key with ID 36d4c36:\nSuccessfully signed docker.io/example/trust-demo:v2\n```\n\n`docker - trust view` lists the new signature:\n\n```bash\n$ docker trust view example/trust-demo\nSIGNED - TAG DIGEST SIGNERS\nv1 - \ c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 - \ (Repo Admin)\nv2 8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 - \ (Repo Admin)\n\nAdministrative keys for example/trust-demo:\nRepository Key:\t36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942\nRoot - Key:\t246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b\n```\n\n### - Sign a tag as a signer\n\nGiven an image:\n\n```bash\n$ docker trust view example/trust-demo\n\nNo - signatures for example/trust-demo\n\n\nList of signers and their keys for example/trust-demo:\n\nSIGNER - \ KEYS\nalice 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative - keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot - Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```\n\nSign - a new tag with `docker trust sign`:\n\n```bash\n$ docker trust sign example/trust-demo:v1\nSigning - and pushing trust metadata for example/trust-demo:v1\nThe push refers to a repository - [docker.io/example/trust-demo]\n26b126eb8632: Layer already exists\n220d34b5f6c9: - Layer already exists\n8a5132998025: Layer already exists\naca233ed29c3: Layer already - exists\ne5d2f035d7a4: Layer already exists\nv1: digest: sha256:74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 - size: 1357\nSigning and pushing trust metadata\nEnter passphrase for delegation - key with ID 27d42a8:\nSuccessfully signed docker.io/example/trust-demo:v1\n```\n\n`docker - trust view` lists the new signature:\n\n```bash\n$ docker trust view example/trust-demo\nSIGNED - TAG DIGEST SIGNERS\nv1 - \ 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 - \ alice\n\nList of signers and their keys for example/trust-demo:\n\nSIGNER KEYS\nalice - \ 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative - keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot - Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```" -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_trust_signer.yaml b/_data/engine-cli-edge/docker_trust_signer.yaml deleted file mode 100644 index b279973d20..0000000000 --- a/_data/engine-cli-edge/docker_trust_signer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -command: docker trust signer -short: Manage entities who can sign Docker images -long: Manage entities who can sign Docker images -usage: docker trust signer -pname: docker trust -plink: docker_trust.yaml -cname: -- docker trust signer add -- docker trust signer remove -clink: -- docker_trust_signer_add.yaml -- docker_trust_signer_remove.yaml -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_trust_signer_add.yaml b/_data/engine-cli-edge/docker_trust_signer_add.yaml deleted file mode 100644 index 4133511d85..0000000000 --- a/_data/engine-cli-edge/docker_trust_signer_add.yaml +++ /dev/null @@ -1,21 +0,0 @@ -command: docker trust signer add -short: Add a signer -long: Add a signer -usage: 'docker trust signer add OPTIONS NAME REPOSITORY [REPOSITORY...] ' -pname: docker trust signer -plink: docker_trust_signer.yaml -options: -- option: key - value_type: list - description: Path to the signer's public key file - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_trust_signer_remove.yaml b/_data/engine-cli-edge/docker_trust_signer_remove.yaml deleted file mode 100644 index bd9109e77d..0000000000 --- a/_data/engine-cli-edge/docker_trust_signer_remove.yaml +++ /dev/null @@ -1,24 +0,0 @@ -command: docker trust signer remove -short: Remove a signer -long: Remove a signer -usage: docker trust signer remove [OPTIONS] NAME REPOSITORY [REPOSITORY...] -pname: docker trust signer -plink: docker_trust_signer.yaml -options: -- option: force - shorthand: f - value_type: bool - default_value: "false" - description: | - Do not prompt for confirmation before removing the most recent signer - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_unpause.yaml b/_data/engine-cli-edge/docker_unpause.yaml deleted file mode 100644 index 284bd5f2e9..0000000000 --- a/_data/engine-cli-edge/docker_unpause.yaml +++ /dev/null @@ -1,23 +0,0 @@ -command: docker unpause -short: Unpause all processes within one or more containers -long: |- - The `docker unpause` command un-suspends all processes in the specified containers. - On Linux, it does this using the cgroups freezer. - - See the - [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) - for further details. -usage: docker unpause CONTAINER [CONTAINER...] -pname: docker -plink: docker.yaml -examples: |- - ```bash - $ docker unpause my_container - my_container - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_update.yaml b/_data/engine-cli-edge/docker_update.yaml deleted file mode 100644 index 23c9bd665b..0000000000 --- a/_data/engine-cli-edge/docker_update.yaml +++ /dev/null @@ -1,225 +0,0 @@ -command: docker update -short: Update configuration of one or more containers -long: |- - The `docker update` command dynamically updates container configuration. - You can use this command to prevent containers from consuming too many - resources from their Docker host. With a single command, you can place - limits on a single container or on many. To specify more than one container, - provide space-separated list of container names or IDs. - - With the exception of the `--kernel-memory` option, you can specify these - options on a running or a stopped container. On kernel version older than - 4.6, you can only update `--kernel-memory` on a stopped container or on - a running container with kernel memory initialized. - - > **Warning**: The `docker update` and `docker container update` commands are - > not supported for Windows containers. - {: .warning } -usage: docker update [OPTIONS] CONTAINER [CONTAINER...] -pname: docker -plink: docker.yaml -options: -- option: blkio-weight - value_type: uint16 - default_value: "0" - description: | - Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-period - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) period - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-quota - value_type: int64 - default_value: "0" - description: Limit CPU CFS (Completely Fair Scheduler) quota - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-period - value_type: int64 - default_value: "0" - description: Limit the CPU real-time period in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-rt-runtime - value_type: int64 - default_value: "0" - description: Limit the CPU real-time runtime in microseconds - deprecated: false - min_api_version: "1.25" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpu-shares - shorthand: c - value_type: int64 - default_value: "0" - description: CPU shares (relative weight) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpus - value_type: decimal - description: Number of CPUs - deprecated: false - min_api_version: "1.29" - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-cpus - value_type: string - description: CPUs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: cpuset-mems - value_type: string - description: MEMs in which to allow execution (0-3, 0,1) - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: kernel-memory - value_type: bytes - default_value: "0" - description: Kernel memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory - shorthand: m - value_type: bytes - default_value: "0" - description: Memory limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-reservation - value_type: bytes - default_value: "0" - description: Memory soft limit - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: memory-swap - value_type: bytes - default_value: "0" - description: | - Swap limit equal to memory plus swap: '-1' to enable unlimited swap - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: restart - value_type: string - description: Restart policy to apply when a container exits - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - The following sections illustrate ways to use this command. - - ### Update a container's cpu-shares - - To limit a container's cpu-shares to 512, first identify the container - name or ID. You can use `docker ps` to find these values. You can also - use the ID returned from the `docker run` command. Then, do the following: - - ```bash - $ docker update --cpu-shares 512 abebf7571666 - ``` - - ### Update a container with cpu-shares and memory - - To update multiple resource configurations for multiple containers: - - ```bash - $ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse - ``` - - ### Update a container's kernel memory constraints - - You can update a container's kernel memory limit using the `--kernel-memory` - option. On kernel version older than 4.6, this option can be updated on a - running container only if the container was started with `--kernel-memory`. - If the container was started *without* `--kernel-memory` you need to stop - the container before updating kernel memory. - - For example, if you started a container with this command: - - ```bash - $ docker run -dit --name test --kernel-memory 50M ubuntu bash - ``` - - You can update kernel memory while the container is running: - - ```bash - $ docker update --kernel-memory 80M test - ``` - - If you started a container *without* kernel memory initialized: - - ```bash - $ docker run -dit --name test2 --memory 300M ubuntu bash - ``` - - Update kernel memory of running container `test2` will fail. You need to stop - the container before updating the `--kernel-memory` setting. The next time you - start it, the container uses the new value. - - Kernel version newer than (include) 4.6 does not have this limitation, you - can use `--kernel-memory` the same way as other options. - - ### Update a container's restart policy - - You can change a container's restart policy on a running container. The new - restart policy takes effect instantly after you run `docker update` on a - container. - - To update restart policy for one or more containers: - - ```bash - $ docker update --restart=on-failure:3 abebf7571666 hopeful_morse - ``` - - Note that if the container is started with "--rm" flag, you cannot update the restart - policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the - container. -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_version.yaml b/_data/engine-cli-edge/docker_version.yaml deleted file mode 100644 index cf6adc7bd7..0000000000 --- a/_data/engine-cli-edge/docker_version.yaml +++ /dev/null @@ -1,74 +0,0 @@ -command: docker version -short: Show the Docker version information -long: |- - By default, this will render all version information in an easy to read - layout. If a format is specified, the given template will be executed instead. - - Go's [text/template](http://golang.org/pkg/text/template/) package - describes all the details of the format. -usage: docker version [OPTIONS] -pname: docker -plink: docker.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: kubeconfig - shorthand: k - value_type: string - description: Kubernetes config file - deprecated: false - experimental: false - experimentalcli: true - kubernetes: true - swarm: false -examples: |- - ### Default output - - ```bash - $ docker version - - Client: - Version: 1.8.0 - API version: 1.20 - Go version: go1.4.2 - Git commit: f5bae0a - Built: Tue Jun 23 17:56:00 UTC 2015 - OS/Arch: linux/amd64 - - Server: - Version: 1.8.0 - API version: 1.20 - Go version: go1.4.2 - Git commit: f5bae0a - Built: Tue Jun 23 17:56:00 UTC 2015 - OS/Arch: linux/amd64 - ``` - - ### Get the server version - - ```bash - $ docker version --format '{{.Server.Version}}' - - 1.8.0 - ``` - - ### Dump raw JSON data - - ```bash - $ docker version --format '{{json .}}' - - {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}} - ``` -deprecated: false -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_volume.yaml b/_data/engine-cli-edge/docker_volume.yaml deleted file mode 100644 index 26aead5194..0000000000 --- a/_data/engine-cli-edge/docker_volume.yaml +++ /dev/null @@ -1,27 +0,0 @@ -command: docker volume -short: Manage volumes -long: |- - Manage volumes. You can use subcommands to create, inspect, list, remove, or - prune volumes. -usage: docker volume COMMAND -pname: docker -plink: docker.yaml -cname: -- docker volume create -- docker volume inspect -- docker volume ls -- docker volume prune -- docker volume rm -clink: -- docker_volume_create.yaml -- docker_volume_inspect.yaml -- docker_volume_ls.yaml -- docker_volume_prune.yaml -- docker_volume_rm.yaml -deprecated: false -min_api_version: "1.21" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_volume_create.yaml b/_data/engine-cli-edge/docker_volume_create.yaml deleted file mode 100644 index cba2d0084d..0000000000 --- a/_data/engine-cli-edge/docker_volume_create.yaml +++ /dev/null @@ -1,134 +0,0 @@ -command: docker volume create -short: Create a volume -long: |- - Creates a new volume that containers can consume and store data in. If a name is - not specified, Docker generates a random name. -usage: docker volume create [OPTIONS] [VOLUME] -pname: docker volume -plink: docker_volume.yaml -options: -- option: driver - shorthand: d - value_type: string - default_value: local - description: Specify volume driver name - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: label - value_type: list - description: Set metadata for a volume - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: name - value_type: string - description: Specify volume name - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: opt - shorthand: o - value_type: map - default_value: map[] - description: Set driver specific options - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - Create a volume and then configure the container to use it: - - ```bash - $ docker volume create hello - - hello - - $ docker run -d -v hello:/world busybox ls /world - ``` - - The mount is created inside the container's `/world` directory. Docker does not - support relative paths for mount points inside the container. - - Multiple containers can use the same volume in the same time period. This is - useful if two containers need access to shared data. For example, if one - container writes and the other reads the data. - - Volume names must be unique among drivers. This means you cannot use the same - volume name with two different drivers. If you attempt this `docker` returns an - error: - - ```none - A volume named "hello" already exists with the "some-other" driver. Choose a different volume name. - ``` - - If you specify a volume name already in use on the current driver, Docker - assumes you want to re-use the existing volume and does not return an error. - - ### Driver-specific options - - Some volume drivers may take options to customize the volume creation. Use the - `-o` or `--opt` flags to pass driver options: - - ```bash - $ docker volume create --driver fake \ - --opt tardis=blue \ - --opt timey=wimey \ - foo - ``` - - These options are passed directly to the volume driver. Options for - different volume drivers may do different things (or nothing at all). - - The built-in `local` driver on Windows does not support any options. - - The built-in `local` driver on Linux accepts options similar to the linux - `mount` command. You can provide multiple options by passing the `--opt` flag - multiple times. Some `mount` options (such as the `o` option) can take a - comma-separated list of options. Complete list of available mount options can be - found [here](http://man7.org/linux/man-pages/man8/mount.8.html). - - For example, the following creates a `tmpfs` volume called `foo` with a size of - 100 megabyte and `uid` of 1000. - - ```bash - $ docker volume create --driver local \ - --opt type=tmpfs \ - --opt device=tmpfs \ - --opt o=size=100m,uid=1000 \ - foo - ``` - - Another example that uses `btrfs`: - - ```bash - $ docker volume create --driver local \ - --opt type=btrfs \ - --opt device=/dev/sda2 \ - foo - ``` - - Another example that uses `nfs` to mount the `/path/to/dir` in `rw` mode from - `192.168.1.1`: - - ```bash - $ docker volume create --driver local \ - --opt type=nfs \ - --opt o=addr=192.168.1.1,rw \ - --opt device=:/path/to/dir \ - foo - ``` -deprecated: false -min_api_version: "1.21" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_volume_inspect.yaml b/_data/engine-cli-edge/docker_volume_inspect.yaml deleted file mode 100644 index 36c69979bd..0000000000 --- a/_data/engine-cli-edge/docker_volume_inspect.yaml +++ /dev/null @@ -1,45 +0,0 @@ -command: docker volume inspect -short: Display detailed information on one or more volumes -long: |- - Returns information about a volume. By default, this command renders all results - in a JSON array. You can specify an alternate format to execute a - given template for each result. Go's - [text/template](http://golang.org/pkg/text/template/) package describes all the - details of the format. -usage: docker volume inspect [OPTIONS] VOLUME [VOLUME...] -pname: docker volume -plink: docker_volume.yaml -options: -- option: format - shorthand: f - value_type: string - description: Format the output using the given Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ```bash - $ docker volume create - 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d - $ docker volume inspect 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d - [ - { - "Name": "85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d", - "Driver": "local", - "Mountpoint": "/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data", - "Status": null - } - ] - - $ docker volume inspect --format '{{ .Mountpoint }}' 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d - /var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data - ``` -deprecated: false -min_api_version: "1.21" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_volume_ls.yaml b/_data/engine-cli-edge/docker_volume_ls.yaml deleted file mode 100644 index 7d843627c8..0000000000 --- a/_data/engine-cli-edge/docker_volume_ls.yaml +++ /dev/null @@ -1,193 +0,0 @@ -command: docker volume ls -aliases: list -short: List volumes -long: |- - List all the volumes known to Docker. You can filter using the `-f` or - `--filter` flag. Refer to the [filtering](#filtering) section for more - information about available filter options. -usage: docker volume ls [OPTIONS] -pname: docker volume -plink: docker_volume.yaml -options: -- option: filter - shorthand: f - value_type: filter - description: Provide filter values (e.g. 'dangling=true') - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: format - value_type: string - description: Pretty-print volumes using a Go template - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -- option: quiet - shorthand: q - value_type: bool - default_value: "false" - description: Only display volume names - deprecated: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false -examples: |- - ### Create a volume - ```bash - $ docker volume create rosemary - - rosemary - - $ docker volume create tyler - - tyler - - $ docker volume ls - - DRIVER VOLUME NAME - local rosemary - local tyler - ``` - - ### Filtering - - The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more - than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - - The currently supported filters are: - - * dangling (boolean - true or false, 0 or 1) - * driver (a volume driver's name) - * label (`label=` or `label==`) - * name (a volume's name) - - #### dangling - - The `dangling` filter matches on all volumes not referenced by any containers - - ```bash - $ docker run -d -v tyler:/tmpwork busybox - - f86a7dd02898067079c99ceacd810149060a70528eff3754d0b0f1a93bd0af18 - $ docker volume ls -f dangling=true - DRIVER VOLUME NAME - local rosemary - ``` - - #### driver - - The `driver` filter matches volumes based on their driver. - - The following example matches volumes that are created with the `local` driver: - - ```bash - $ docker volume ls -f driver=local - - DRIVER VOLUME NAME - local rosemary - local tyler - ``` - - #### label - - The `label` filter matches volumes based on the presence of a `label` alone or - a `label` and a value. - - First, let's create some volumes to illustrate this; - - ```bash - $ docker volume create the-doctor --label is-timelord=yes - - the-doctor - $ docker volume create daleks --label is-timelord=no - - daleks - ``` - - The following example filter matches volumes with the `is-timelord` label - regardless of its value. - - ```bash - $ docker volume ls --filter label=is-timelord - - DRIVER VOLUME NAME - local daleks - local the-doctor - ``` - - As the above example demonstrates, both volumes with `is-timelord=yes`, and - `is-timelord=no` are returned. - - Filtering on both `key` *and* `value` of the label, produces the expected result: - - ```bash - $ docker volume ls --filter label=is-timelord=yes - - DRIVER VOLUME NAME - local the-doctor - ``` - - Specifying multiple label filter produces an "and" search; all conditions - should be met; - - ```bash - $ docker volume ls --filter label=is-timelord=yes --filter label=is-timelord=no - - DRIVER VOLUME NAME - ``` - - #### name - - The `name` filter matches on all or part of a volume's name. - - The following filter matches all volumes with a name containing the `rose` string. - - ```bash - $ docker volume ls -f name=rose - - DRIVER VOLUME NAME - local rosemary - ``` - - ### Formatting - - The formatting options (`--format`) pretty-prints volumes output - using a Go template. - - Valid placeholders for the Go template are listed below: - - Placeholder | Description - --------------|------------------------------------------------------------------------------------------ - `.Name` | Volume name - `.Driver` | Volume driver - `.Scope` | Volume scope (local, global) - `.Mountpoint` | The mount point of the volume on the host - `.Labels` | All labels assigned to the volume - `.Label` | Value of a specific label for this volume. For example `{{.Label "project.version"}}` - - When using the `--format` option, the `volume ls` command will either - output the data exactly as the template declares or, when using the - `table` directive, includes column headers as well. - - The following example uses a template without headers and outputs the - `Name` and `Driver` entries separated by a colon for all volumes: - - ```bash - $ docker volume ls --format "{{.Name}}: {{.Driver}}" - - vol1: local - vol2: local - vol3: local - ``` -deprecated: false -min_api_version: "1.21" -experimental: false -experimentalcli: false -kubernetes: false -swarm: false - diff --git a/_data/engine-cli-edge/docker_volume_prune.yaml b/_data/engine-cli-edge/docker_volume_prune.yaml deleted file mode 100644 index 1b1eabc858..0000000000 --- a/_data/engine-cli-edge/docker_volume_prune.yaml +++ /dev/null @@ -1,45 +0,0 @@ -command: docker volume prune -short: Remove all unused local volumes -long: Remove all unused local volumes. Unused local volumes are those which are not - referenced by any containers -usage: docker volume prune [OPTIONS] -pname: docker volume -plink: docker_volume.yaml -options: -- option: filter - value_type: filter - description: Provide filter values (e.g. 'label=
- > **Note**: Starting with Docker 17.06, stable releases are also pushed to - > the **edge** and **test** repositories. - - [Learn about **stable** and **edge** channels](/install/index.md). - #### Install Docker CE > **Note**: This procedure works for Debian on `x86_64` / `amd64`, Debian ARM, @@ -248,9 +238,9 @@ a new file each time you want to upgrade Docker. `armhf`, or `arm64` and download the `.deb` file for the Docker CE version you want to install. - > **Note**: To install an **edge** package, change the word - > `stable` in the URL to `edge`. - > [Learn about **stable** and **edge** channels](/install/index.md). + > **Note**: To install a **nightly** package, change the word + > `stable` in the URL to `nightly`. + > [Learn about **nightly** and **test** channels](/install/index.md). 2. Install Docker CE, changing the path below to the path where you downloaded the Docker package. diff --git a/install/linux/docker-ce/fedora.md b/install/linux/docker-ce/fedora.md index ff25e52277..10656e1d28 100644 --- a/install/linux/docker-ce/fedora.md +++ b/install/linux/docker-ce/fedora.md @@ -71,7 +71,7 @@ You can install Docker CE in different ways, depending on your needs: ### Install using the repository Before you install Docker CE for the first time on a new host machine, you need -to set up the Docker repository. Afterward, you can install and update Docker CE +to set up the Docker repository. Afterward, you can install and update Docker from the repository. #### Set up the repository @@ -85,9 +85,7 @@ from the repository. $ sudo dnf -y install dnf-plugins-core ``` -2. Use the following command to set up the **stable** repository. You always - need the **stable** repository, even if you want to install builds from the - **edge** or **test** repositories as well. +2. Use the following command to set up the **stable** repository. ```bash $ sudo dnf config-manager \ @@ -95,30 +93,32 @@ from the repository. {{ download-url-base }}/docker-ce.repo ``` -3. **Optional**: Enable the **edge** and **test** repositories. These - repositories are included in the `docker.repo` file above but are disabled - by default. You can enable them alongside the stable repository. - - ```bash - $ sudo dnf config-manager --set-enabled docker-ce-edge - ``` - - ```bash - $ sudo dnf config-manager --set-enabled docker-ce-test - ``` - - You can disable the **edge** or **test** repository by running the - `dnf config-manager` command with the `--disable` flag. To re-enable it, use - the `--enable` flag. The following command disables the **edge** repository. - - ```bash - $ sudo dnf config-manager --set-disabled docker-ce-edge - ``` - - > **Note**: Starting with Docker 17.06, stable releases are also pushed to - > the **edge** and **test** repositories. - - [Learn about **stable** and **edge** channels](/install/index.md). +> **Optional**: Enable the **nightly** or **test** repositories. +> +> These repositories are included in the `docker.repo` file above but are disabled +> by default. You can enable them alongside the stable repository. The following +> command enables the **nightly** repository. +> +> ```bash +> $ sudo dnf config-manager --set-enabled docker-ce-nightly +> ``` +> +> To enable the **test** channel, run the following command: +> +> ```bash +> $ sudo dnf config-manager --set-enabled docker-ce-test +> ``` +> +> You can disable the **nightly** or **test** repository by running the +> `dnf config-manager` command with the `--set-disabled` flag. To re-enable it, +> use the `--set-enabled` flag. The following command disables the **nightly** +> repository. +> +> ```bash +> $ sudo dnf config-manager --set-disabled docker-ce-nightly +> ``` +> +> [Learn about **nightly** and **test** channels](/install/index.md). #### Install Docker CE @@ -149,16 +149,19 @@ from the repository. ```bash $ dnf list docker-ce --showduplicates | sort -r - docker-ce.x86_64 {{ site.docker_ce_version }}.0.fc26 docker-ce-stable + docker-ce.x86_64 3:18.09.1-3.fc28 docker-ce-stable + docker-ce.x86_64 3:18.09.0-3.fc28 docker-ce-stable + docker-ce.x86_64 18.06.1.ce-3.fc28 docker-ce-stable + docker-ce.x86_64 18.06.0.ce-3.fc28 docker-ce-stable ``` The list returned depends on which repositories are enabled, and is specific - to your version of Fedora (indicated by the `.fc26` suffix in this example). + to your version of Fedora (indicated by the `.fc28` suffix in this example). b. Install a specific version by its fully qualified package name, which is the package name (`docker-ce`) plus the version string (2nd column) up to the first hyphen, separated by a hyphen (`-`), for example, - `docker-ce-18.03.0.ce`. + `docker-ce-3:18.09.1`. ```bash $ sudo dnf -y install docker-ce- @@ -183,16 +186,14 @@ from the repository. container runs, it prints an informational message and exits. Docker CE is installed and running. You need to use `sudo` to run Docker -commands. Continue to -[Linux postinstall](/install/linux/linux-postinstall.md) to allow +commands. Continue to [Linux postinstall](/install/linux/linux-postinstall.md) to allow non-privileged users to run Docker commands and for other optional configuration steps. #### Upgrade Docker CE -To upgrade Docker CE, follow the -[installation instructions](#install-docker-ce), choosing the new version you want -to install. +To upgrade Docker CE, follow the [installation instructions](#install-docker-ce), +choosing the new version you want to install. ### Install from a package @@ -204,8 +205,9 @@ a new file each time you want to upgrade Docker CE. version of Fedora. Go to `x86_64/stable/Packages/` and download the `.rpm` file for the Docker version you want to install. - > **Note**: To install an **edge** package, change the word - > `stable` in the above URL to `edge`. + > **Note**: To install a **nightly** or **test** (pre-release) package, + > change the word `stable` in the above URL to `nightly` or `test`. + > [Learn about **nightly** and **test** channels](/install/index.md). 2. Install Docker CE, changing the path below to the path where you downloaded the Docker package. diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index 2c5bec661d..77b5178b49 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -125,11 +125,9 @@ from the repository. sub 4096R/F273FCD8 2017-02-22 ``` -4. Use the following command to set up the **stable** repository. You always - need the **stable** repository, even if you want to install builds from the - **edge** or **test** repositories as well. To add the **edge** or - **test** repository, add the word `edge` or `test` (or both) after the - word `stable` in the commands below. +4. Use the following command to set up the **stable** repository. To add the + **nightly** or **test** repository, add the word `nightly` or `test` (or both) + after the word `stable` in the commands below. [Learn about **nightly** and **test** channels](/install/index.md). > **Note**: The `lsb_release -cs` sub-command below returns the name of your > Ubuntu distribution, such as `xenial`. Sometimes, in a distribution @@ -198,11 +196,6 @@ from the repository.
- > **Note**: Starting with Docker 17.06, stable releases are also pushed to - > the **edge** and **test** repositories. - - [Learn about **stable** and **edge** channels](/install/index.md). - #### Install Docker CE 1. Update the `apt` package index. @@ -278,9 +271,9 @@ a new file each time you want to upgrade Docker. `armhf`, `arm64`, `ppc64el`, or `s390x`, and download the `.deb` file for the Docker CE version you want to install. - > **Note**: To install an **edge** package, change the word - > `stable` in the URL to `edge`. - > [Learn about **stable** and **edge** channels](/install/index.md). + > **Note**: To install a **nightly** package, change the word + > `stable` in the URL to `nightly`. + > [Learn about **nightly** and **test** channels](/install/index.md). 2. Install Docker CE, changing the path below to the path where you downloaded the Docker package. From bc98e5ed16c8af173a2430fdbad2c160e202a589 Mon Sep 17 00:00:00 2001 From: Lee Dogeon Date: Tue, 15 Jan 2019 06:50:20 +0900 Subject: [PATCH 158/361] Update machine/concepts.md to fix #8017 No drivers.md was there. --- machine/concepts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machine/concepts.md b/machine/concepts.md index 680d97a662..7129318707 100644 --- a/machine/concepts.md +++ b/machine/concepts.md @@ -101,5 +101,5 @@ For more information and resources, visit - Create and run a Docker host on your [local system using VirtualBox](get-started.md) - Provision multiple Docker hosts [on your cloud provider](get-started-cloud.md) -- [Docker Machine driver reference](/machine/drivers.md){: target="_blank" class="_"} +- [Docker Machine driver reference](/machine/drivers/index.md){: target="_blank" class="_"} - [Docker Machine subcommand reference](/machine/reference/help.md){: target="_blank" class="_"} From b7c1ac88209ba5a230695267d2ba0405dbfaee7e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 12 Jan 2019 03:57:47 +0100 Subject: [PATCH 159/361] Sync config-authoring.yml Signed-off-by: Sebastiaan van Stijn --- _config_authoring.yml | 88 ++++++++++++++++++++++++++++++------------- 1 file changed, 62 insertions(+), 26 deletions(-) diff --git a/_config_authoring.yml b/_config_authoring.yml index 1bc8186752..f95761ac42 100644 --- a/_config_authoring.yml +++ b/_config_authoring.yml @@ -2,15 +2,16 @@ name: Docker Documentation markdown: kramdown kramdown: input: GFM + gfm_quirks: [paragraph_end, no_auto_typographic] html_to_native: true hard_wrap: false syntax_highlighter: rouge toc_levels: 2..3 +incremental: false permalink: pretty safe: false lsi: false url: https://docs.docker.com -incremental: false # Component versions -- address like site.docker_ce_version # You can't have - characters in these for non-YAML reasons @@ -18,19 +19,21 @@ incremental: false # TO USE ME: # jekyll serve --incremental --config _config_authoring.yml -latest_engine_api_version: "1.32" -docker_ce_version: "17.09" -docker_ee_version: "17.06" -compose_version: "1.16.1" -machine_version: "0.12.2" +latest_engine_api_version: "1.39" +docker_ce_version: "18.09" +docker_ee_version: "18.09" +compose_version: "1.23.2" +machine_version: "0.16.0" distribution_version: "2.6" -dtr_version: "2.5" -ucp_version: "3.0" +dtr_version: "2.6" +ucp_version: "3.1" ucp_versions: - - version: "3.0" + - version: "3.1" path: /ee/ucp/ latest: true + - version: "3.0" + path: /datacenter/ucp/3.0/guides/ - version: "2.2" path: /datacenter/ucp/2.2/guides/ - version: "2.1" @@ -41,9 +44,11 @@ ucp_versions: path: /datacenter/ucp/1.1/overview/ dtr_versions: - - version: "2.5" + - version: "2.6" path: /ee/dtr/ latest: true + - version: "2.5" + path: /datacenter/dtr/2.5/guides/ - version: "2.4" path: /datacenter/dtr/2.4/guides/ - version: "2.3" @@ -56,7 +61,7 @@ dtr_versions: path: /datacenter/dtr/2.0/ tablabels: - dee-2.0: Docker Enterprise Edition 2.0 Beta2 + dee-2.0: Docker Enterprise Edition 2.0 ucp-3.0: Universal Control Plane 3.0 ucp-2.2: Universal Control Plane 2.2 dtr-2.5: Docker Trusted Registry 2.5 @@ -68,52 +73,65 @@ tablabels: kubectl: Kubernetes CLI cli: CLI +collections: + samples: + output: true + +plugins: + - jekyll-redirect-from + - jekyll-relative-links + - jekyll-sitemap + defaults: - - - scope: + - scope: path: "" type: "pages" values: layout: docs - defaultassignee: johndmulhausen toc_min: 2 toc_max: 3 tree: true - scope: - path: "engine" + path: "install" values: - win_latest_build: "docker-17.06.2-ee-6" + win_latest_build: "docker-18.09.1" - scope: path: "datacenter" values: - ucp_latest_image: "docker/ucp:3.0.0-beta2" - dtr_latest_image: "docker/dtr:2.5.0-beta3" enterprise: true - scope: path: "ee/dtr" values: dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.5.0-beta3" + dtr_version: "2.6.1" + - scope: + path: "datacenter/dtr/2.5" + values: + hide_from_sitemap: true + dtr_org: "docker" + dtr_repo: "dtr" + dtr_version: "2.5.7" - scope: path: "datacenter/dtr/2.4" values: hide_from_sitemap: true dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.4.1" + dtr_version: "2.4.8" - scope: path: "datacenter/dtr/2.3" values: + hide_from_sitemap: true dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.3.4" + dtr_version: "2.3.10" - scope: path: "datacenter/dtr/2.2" values: ucp_version: "2.1" dtr_version: "2.2" - docker_image: "docker/dtr:2.2.9" + docker_image: "docker/dtr:2.2.11" - scope: path: "datacenter/dtr/2.1" values: @@ -129,29 +147,47 @@ defaults: values: ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "3.0.0-beta2" + ucp_version: "3.1.2" + - scope: # This is a bit of a hack for the get-support.md topic. + path: "ee" + values: + ucp_org: "docker" + ucp_repo: "ucp" + dtr_repo: "dtr" + ucp_version: "3.1.2" + dtr_version: "2.6.1" + - scope: + path: "datacenter/ucp/3.0" + values: + hide_from_sitemap: true + ucp_org: "docker" + ucp_repo: "ucp" + ucp_version: "3.0.8" - scope: path: "datacenter/ucp/2.2" values: hide_from_sitemap: true ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "2.2.3" + ucp_version: "2.2.15" - scope: path: "datacenter/ucp/2.1" values: + hide_from_sitemap: true ucp_version: "2.1" dtr_version: "2.2" - docker_image: "docker/ucp:2.1.5" + docker_image: "docker/ucp:2.1.8" - scope: path: "datacenter/ucp/2.0" values: + hide_from_sitemap: true ucp_version: "2.0" dtr_version: "2.1" - docker_image: "docker/ucp:2.0.3" + docker_image: "docker/ucp:2.0.4" - scope: path: "datacenter/ucp/1.1" values: + hide_from_sitemap: true ucp_version: "1.1" dtr_version: "2.0" From c48ecb4baddaed869dedab4d3abed12a441332c6 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Mon, 14 Jan 2019 19:36:09 -0800 Subject: [PATCH 160/361] Add screenshot for backup warning, minor edits --- .../disaster-recovery/create-a-backup.md | 22 ++++++++++-------- ee/dtr/images/backup-warning.png | Bin 0 -> 50875 bytes 2 files changed, 12 insertions(+), 10 deletions(-) create mode 100644 ee/dtr/images/backup-warning.png diff --git a/ee/dtr/admin/disaster-recovery/create-a-backup.md b/ee/dtr/admin/disaster-recovery/create-a-backup.md index 90e03e4e9a..39036cf702 100644 --- a/ee/dtr/admin/disaster-recovery/create-a-backup.md +++ b/ee/dtr/admin/disaster-recovery/create-a-backup.md @@ -25,33 +25,35 @@ Docker Trusted Registry maintains data about: This data is persisted on the host running DTR, using named volumes. [Learn more about DTR named volumes](../../architecture.md). -To perform a backup of a DTR node, run the `docker/dtr backup` command. This +To perform a backup of a DTR node, run the [docker/dtr backup](/reference/dtr/2.6/cli/backup/) command. This command backups up the following data: | Data | Backed up | Description | |:-----------------------------------|:----------|:---------------------------------------------------------------| | Configurations | yes | DTR settings | -| Repository metadata | yes | Metadata like image architecture and size | +| Repository metadata | yes | Metadata such as image architecture and size | | Access control to repos and images | yes | Data about who has access to which images | | Notary data | yes | Signatures and digests for images that are signed | | Scan results | yes | Information about vulnerabilities in your images | | Certificates and keys | yes | TLS certificates and keys used by DTR | | Image content | no | Needs to be backed up separately, depends on DTR configuration | -| Users, orgs, teams | no | Create a UCP backup to backup this data | -| Vulnerability database | no | Can be re-downloaded after a restore | +| Users, orgs, teams | no | Create a UCP backup to back up this data | +| Vulnerability database | no | Can be redownloaded after a restore | -## Backup DTR data +## Back up DTR data To create a backup of DTR you need to: -1. Backup image content -2. Backup DTR metadata +1. Back up image content +2. Back up DTR metadata You should always create backups from the same DTR replica, to ensure a smoother -restore. +restore. If you have not previously performed a backup, the web interface displays a warning for you to do so: -### Backup image content +![](/ee/dtr/images/backup-warning.png) + +### Back up image content Since you can configure the storage backend that DTR uses to store images, the way you backup images depends on the storage backend you're using. @@ -71,7 +73,7 @@ If you're using a different storage backend, follow the best practices recommended for that system. -### Backup DTR metadata +### Back up DTR metadata To create a DTR backup, load your UCP client bundle, and run the following command, replacing the placeholders for the real values: diff --git a/ee/dtr/images/backup-warning.png b/ee/dtr/images/backup-warning.png new file mode 100644 index 0000000000000000000000000000000000000000..c4a70e969df6af9a7b1807d6f020b33344a6f43f GIT binary patch literal 50875 zcmYhi19YTY(>C16#GXv-Oq@(?Yht5g+qN^&#I~)8ZB1<3PRDk>oO7P{Uw^OFYxmuo zT~)j4Ds-s4tQaC34jcdgK$H;wsR#f-etrbsfdT()U@K0G|7q;R)g1uhcc zZl7O5J4wihK<|PffBB9{NE9*$01yErehMnPt(>l#>Y?|)vtMqGS#i?x62r0z_yulo zD;7|H{~fket=)m~M-Q{c4-!rAD{dGOQOCoE=LHdIJ>Yn_RMX_Z{i~!v_t72S1N|!> zJMtPQWDR~A;BZbyycw5a;;1%)Bbmod@#}+U%u7G$qY{Cqp6^M1{Bu|sVy8Z+EzqsCi)SwyFi}X$5=>ISFb4%3fZDw`gQ`~W z!6Wn=ZlA`%#!$@lzq3xs;P}A;TFwh5i@jf8-WG}w2x^Ugg=}cbbma5Av>hr^r}=G< zS`$HJg5ZOyQ6FUG?=KyeI2h1?B2E@jfPkcadXe_8=m9jt)fvQ4#I(T>^ZsniMg_Ae z%IN10{;(vwBwJ#m{SkDkLb0gV;BR98W5>G$*dtfGo;C%dHIJolE2oit4xmhkpbD4I zCOLVjdKd4*to%xZ<`6wJzRYMxGkT2IM83GrYXA9x?^V77Vx3x09^tV=w0e&)1VDxL z`uENAl}ib2xWzi03mM5RU#dUuuc^>e+EsQ{sQYPO+bH(p`Iro#{ZKZ0OoBFSSy{=| z>t)5XTo#;iI&|2T_fEM@@~iJ0dIrk;T9XNxlsPJ)%QCzeo9xrES?1S|GF(dYt&cBd zWp;FdC;$N};{=UH?+POtNxPp`tDO~&m?5)_kNI+TGe7>vKz=H~M-YY{-F9+7Qa^F8 zM0&zJYY>aX+`u_Fz^>e=kBX0b{X{{676Tj>g=Tazi-4h|Hof>vo&Wr-Q|zU4Ghd}$ zS#4`;=88GpU2udIAh zrAE0$#%y|~J?WW~&(!ZSwJKRoWX!K}o&0O0C%si0j+^sM&O*)jlxwZ-j)GGW6jhl-Xe#!OB|ADxa*#HvDx1En=Wml^feG^zy7?MV8dBfqDiKkUGkBzEFg~n)KKvBzPmug=yMDB2-sUrE z8{4thVC%YR?_1oip1)AI{vq^G#N36`9Laj3Nbk^7axuckc)eLM{HoBG-u`M#=6H2k zWA5r~yF+{V3xdiYrMPcbzg5T0BnWO{;p$}r8eO& zUpzmV+0&P`x&UZj7UL6Ts{O0oLEW>>4~>TgRK+k5ltv#zK|+!>JaJ%xzd-i_3(?

&%0>1 zD%bv*8fmc8cVoy+01&I>E-F+i7VfQF*>AJ47j9);Q;p-O!lW*Q*^ly!d$Q4D8Yf@0 zyBy_pFV`}&hx+L9D$t>#I^KK5I;*$R^CWlLW;>rxMSYRKx`N6w7hXuP{V;0aSU=jZ z*{f>XukfEA97V={_Z$2wt;;~$O$NwKK$Q%t^7|>4NT01$|KD40A&3GqL7WmK+a?aS?Qef->1! zqZJ*U+#{)cOlqq2WLD#Klz$%%hnG}y9Xi_P;%vSlOLVgYY64u z5Ah2tp}I&T2)56HA8lZM-B0*L0HWscmhlz>m5%n5)@3O<{87-{p@(on)s_?2pj?W4 ziv!tcy~%ji&7)y7RDdd>viBQfcS7xCNThs9FQ@NO&qiyd@9nTWP=VtRP(T_G^7Vg8 z>GNWI^kV73#cUDXL_-l&Ih#XKXmxCw};7Q_-$A{+O+9hZlR-Dtu!` z5~NO|XSKg7(n}0>x!mjgc90qSqut5jxwj&yVh7t!7L97`i28w7(|Em&-sgSzGI^AA zA+*6IL9R4eYs5TV>!BoFiU$D*9vL0MQD?22l~}M;LQY^Tetn=u!8gKm_ z&qC0pQlAV$hB7{dtZxIClL6s ze*h^>N%NmQMtL5D&;wh<{^AwsOnED-(6zQR zj&!Lx!i^?5dtH%u+(TQ8C@L<5bsV3k@ft?UNM>iUx8+YDqlBN8R*~h==uN9BR7Vh< z_3GpH;WG<3ZC%g$b21}-HsN|kcxTbYS_V$Fu47|`+Zm&N*f^-mG3`54U7CFhx_Tr* z?83j!f{f#`?BG0AAb^7keAJG%GzbO{LjmXoz4qkQ(-5~9MmMg8bl&#XG9->ZJ_pw1 zj}AoZILV72o6j*O`mc13)+3AYz5FT{0#R(9yz3R)20wV}SC&m%$XvMZbehQVxIVBO z@@1Kb_g%=C5vrhJeu9cUWUQnulhok#)=A%|im$`jJnQU^dqY0-kxDG4}DGc-)_I5?9W6NCP0m6@Gc* z!p9^ij+8*4_#t-vYk*;LeGz5~M=KURD%|TZ=sV^v%G_ZA8>ApFGh7>FQv zaNN6s@_l~1crz%nXy=NYMf5h(jmLUeP*HJK*Jd(`ubERpb{1&RpC~Vu~JbPHHo6b zYHc%ssH})lGVJ_Nv)&fM&vCRC5+$z;C;z7;mDTJHW>cw>xq2f2P-a2>HQ1b41c*gK zWW8G3f+AGXS~-%T|KY=W{$zVzA(~QTKO6INnkC2&tryVLS2tO3rtgP2y=49|2?_*%ij>0*RM!ivaa21#{%j@LKY0zrtwMD*|1r<- zy?!-Ngu8il1V9ux-$_JTgI;IXT2G@|*O*$I``a}8H`kaDK^iaQ^qvh%Z1l8be{Q%3 zt;1I_lUYq7Ud?PPzyIh1R+(lii#V(@A^7E~w}xRx)XUuL81_K`VqK+etw#S1Z?w#k3}~r|Z#0D=<1C zSgq4&8o*^|_2Li85g0H4Rp29h;ZJN5BFGP0GTG$O`6B1=xO%|%+FH0TJAu*7cF|K|gl06G^CtvC*c6XVI)jyHZhX(?AG zv|BDBwdd3SPuB(`cB@7`5T0O!U;j~%@ab-v&6QlOu$BXX{osQC8|Wq;eh^8|Cl6%(!P9P)%JeDJ z^o)#OU-&nzdV70)pNz-WS{&iw;Jo+6|u z`xO2^8XOhntgR6e(xd&41HOd!cA{9H_T?dX3ciDc;rYKMZYR0YlK}ull(9aTFPDWE zkig64|9YJAsVqjmOG^rpZq%T^p>sfC{U0wSdzDdx`~BYAz|w`!_?Y@s)-iy%P7jBD!RdT%p>;Q~MKq z(hnW4>p7|cwf-=4&)cJ{gaj7%>xB0=of>OgWTUG-NEDXY2@45{WKk|=$UtwOKM=-5 zPuaNaf+fI|{o?Id8=wPs8-p4(*XzfSGmLqvIv)-33dwu$8*y3LQWBZJJh*SOpioM0 zcP-}v=RbtY?aDM>rjX0}qt!CgAj=I)j7oVQ)S0RvIXg3hM94Q&Bx4B#O4UnB%+NQT zsXpILj*WS^c5?^ozcysem!GAR3lbm6|A1%N8>pdbLGa+~^DFOGG7j2If+ zj-N9nVaEB}e2*&~%ks=blvNU9fWTQ68GThwJY|J>gUL_5L;2)AprU;Dxus`4H(o;aY&{@2yoC7Gq$=X>KTSf;~fv{Dhx4!)Y^X8nF{% z{f`9Mi<*yTuKBDoFZtEKC=A)@Wq@5coYx`K`E_-5QaDNP3~vYf`yICtH5GoZq-w>drFglj9cs&=ZHZRZHzHl|#Uf6N;_Vsbs+Y)}meJNJF zl@a|_@OPUO2_MGqfZpu|@xvV2nH#pjJD-n^=MO_uJPM!;B_x0&^QS6(pls%6y9oI0 zKy0zXS&RfRGAHf;C_Ie9D^;vmn|6QGXlSW$t=d5DV9io^wBB!iA#83kO{QDV!t z4BuB8iP$Avo8NgCWQGNh?X2~T({C<6-|eSP>?o+F(NK6TKa~2ufda0QEyCTK#X5@C z3B0ORC(nfsO}N(Y>mNSmLFb;HPUl<}+dc5<#l_K?W$Lt|s6}OEWenf~sd;55L6ov7 zc_n3K)X72*`|twO;Bfgu!HbnjGOA`hEpMX_MqEyb3W~RMBI%SX;KtHGAkdi3RVZ_h zgD%YaMhKgwq$AC`SlydlsDElCO4G8!R<>Sy_#+0CqcnLz_0;DfqkmP_C2H^KIR}TOTiT ztA_tRVHAeqMum+GyYE;TAq)%EVeuCg34wCvVC??JX&mR{;&VPUeP0T&oTItVq(EQ4 zjP_yly|&RPb>1nS98Y0rvIuD_>o+%*&2Uhy!iUa?f9*RKtuxVo7jpUF4j{DEiTpMK znP6=<_*;~hWZhqow^c^%{wTdk#E}@x&*9_njX(U@QFn(J91yg6$jj*j%r6_3CdRZx zRmeDo=U>lnAiTf3L4fF*vZD=N%cuLoYG#Fy^#Z;kGp*Up9 zQk~WFiEv9{9Pa0UEU4Vbn__DT8gXg!xeo0h66jgfxN@Z;j8h$kJwJ^?k>ZJl(Sz(I zZrfv%Dje5UZS8m-9_!H)pl9>}bSCYES(;C8r8Z+0gS}b*=|1%2fU=c~*q{bijSGEx z=;)}L zVe&$?hq)rXy?3rcvq>Rev`4QxkhWoQG&`-R<5jZj*Dr9PA>N1kxNF5Ob*i7s4*TR$ zAN>~(y0)OOTBqgOwY9Y!>=cwd5ZB>->mA6}dhz_3#Eps!8ymYqqp|(beI${F-T0am zAVeAe>&1(Y=Tf!B?Q0g!m5pzWx6lHJKRI&>S|}K_jvd>;;jA9ile4=IJ53AR$;+MB z{JBrD3#EeK#m;c!jJm117fJIwlOypU>$`MtP|z_P7!ie>(Sq%A0=z--1;=3-3U*P} zIB(rUQ>3L+o5>lD0@A@{AU8nm^3>jT@2u2baRnfd;^Wol%85vTr3N~}g(d|AvYxbf zEqK@Qdz%Q?@Xq6z4j^WF5N%JbNIWHK@Ls*&Xe+}4^g@2|#dUZ*&m>4vIV*iDAY%#f zaa&AtW-eMVd%+_HB&3QpK7WtXk_Cx-_^ej)?mETQSS)Dx&IBMgEc0C~-gz2mF76FF znl};f3adk#$fnG{lzP677FUkYdOvi~M*Yd`GO|=YTncFWQuuOvYyinY#)ASQ4y*Y4 z=)~HiQTltDO;D`~{f2szW7F@~FS7$$u=TMk_0jG;pYd zZY6i;kl$2o=;t|oHq+uOH@wfGb;ZdZ)Bp9Xm1~*RgplxfZqHo#mm0O3WY1(Xx$13K z*+_OzYxil833!ytluLc+yRh)_gP3>nc0%t!RbsT-ji;bklKlMq_gR3I`a<0#&)W*f zwt4;BwhP<&>2_2R*uZ}}Fve*+S516~M+dQ$_hG%%JX|}r(qLgf@j*E|Iy5x&`s;Ov zYV+{sOLx8btmQ&kVw$214Bn$oM8e;FB75UZR>d6Yhjv0Shu;8d^`C!GkpUR`fx%=Y z_F-rOPLaTp?Gk164>!A#7XbEKCkAT|w~ziFJhGHYW7`c9Re=%YptlEmG<9i*x2A?y zWScXA^!d{Ub1J9iK_m`i!}3_J_YbhJc(0coZdM)q>HOL)Hh_F_%kJn`=w~_4&`h4f z6WL;LpVixEYn@m2aFirZyXdY{kg(|D?H+>HN#eeHW}E0&De&mhr*&1^J-kiU+kUZ= z4wm=3sA+QOZ1zbIYZM{3U=A2?EK+k;YSFe7RcabfAyy&Q!^~S$aH{KJarouuRK(D5 z0!lf@+Vr$Sl5?9fd0_l7*xVgVv6m1<(@dH#H5|ldHob2LRaRG5=Y2ZY1l%rGC-ui! z403mKXgrtwUz160f`}Jv)l=!;aGT}QC>(U$gH4~e%T51K0(#C!ivJEDPK*~4LGY)W zgzp}@v`$58tm2&&fG&TZ0EHu<$e73&AmX~ z7%Wc9=*YcTBuF7PPuL19Vn16bvs8%G{*VW5mDLIL?}g1<`1)9^2QVk`Z5B2aokXs# z&)0h|7JKp}(p^YT@OMzK*IFjR#4H1d1SP4g!{P)RMffz~h@L zXf|5i$K8~GhfQD8g5a*q?_7ycU^oQFX=x-PQkQ*uzaMecWX zx+uOU8o4?{|-NlYF~3Pm)WlTgWG2DBsD*_Q%Ac>{n);-!nN%5GsiuRG!FdM6skb`5H(hm^hQu#D z-tL?glRLyPI>fXHWgWZK_GEIHakX8=ji^$YCZQ)Z|6Zz6==HZU5i|)orl;>RmG{^6 z+>NbjHV=q52@h#s#`Z7p<{xB;*xMVCN~Zm=yBvf@#*2vfU0vlm5gm!hPCu{|jF=AP zduvaG@?)FY*Nae(_@{-%NpZH%>nFh0^?Zxe&-T4vEXp!Ss9dd{2GLqA)Js@dSq;CO ze`Y}5yZt|}{OhOAPbre1a&FOTu$VvjjI+BzZ;U0NO1_|7*gLDiVOreo!CWk`T z>Wa;VI9wmYo4O?Em2vL8ZrU&{V_tWuTDUMmxovjg+RJ5S}bF z*-y!mmCE!EtDZHg_}}HqgO!DS+TFiftoPf&`_|vHY$U>B@I9e0C$m}XeT5u$D`gZT zzR_Tgt>WfIX~?W{vCbbmp`c`yz}LbH+^bY%0j;TZF;XC z5}w`l5Wh1gD5=;2JfyqNdzvMe5F4w|9t}*VNS;{PhAy;N*EAq;%18tI7vt^05UVdQ zf95|A9-dYk&3PT~GuGO9sun>mZB=PRFfg!gpvd%uJj!@-IY~KwAJ@q&SyQ111(880Yp$#nYGAAd|ezs&6<|0`j9+wj(JGS?j=V7ugfej})K4KwQh!u!XmCAq>}+z%zg(cPX~T7i-{ZnZHcP%((nFHfu+4Lz_Q5=96bGCh2B za}LAKCtdL}PxapzyZkW8ct*>Ofq_99i$y`n*ah+r%}ypJrgq?HlB)SzT%0%^Y@dHO z`zhqto~qfbpD@EiLmWOkKl`8%-!Gwr4{6k3H`QQL;}j7k8O|Rx3KAHnr$u~UgPaQ! zfMv=pk7Erp^weBhGYnvWf*8RsFkr*Rly1lK;l4D~DM<_gGe5ZgG$QCctJlboy#18T zB(L!MGQN>mm3VbT?FSK~LaE$tN#7LFy|3*p+%r|!M{&9n60SKAME7H-*Pyq#-V+lO zC0FlilS4oF*CD$w+R&P@NP^>39^Y&2V^!`}BgY361Pp_u)heA2&3F6UDrSJ+UXpXE z*m(b$-ReQ|y{=k+8E;bs{Jf%;R>@L2c(?KD&;Klw>FWJilk-<0@t7oI%QP3wWZA%& z^7}VZR9sve3&oMY|GxNROQe>-U*)JFKjU{#+p5k0DUHR~ZM`tbW@9NpFH2C$!bd9K zVPGj-0+A^y&^Rebd;edu+i(b>paA@6yV)J|T5RAib(e{tws1jxyFUQ`ZhthuZ%G!{ z7Zg>9<;Ms}#$!v`&_jm^|1b2lzGPYv2jhPe@g1T2zermyuKe^5Aqdh~)O`A0fEV_6 zyKajAg`cLd-|uu2@q`(viNi$v{sB^-I`_yV2SR8`C+zif6qL4U;dZi5`y`{@ZX@%kzoIefCZxT0{*{#eSqkHry>qy_`hH!iV&9H|8hDo z#Q%3{;=n0>G5}44{B;*4BzT#S&Cr)W40+Un@2*kIg=DnsL0<>n*9L$=D8DwR%1M01 zBHt!KP{cV5*O>ROa`?+}s&%**(1Jj^7l|L#ykU#9|8DS30j380J?j0grLy>YRHgue zs%M`__DwFEZ>90o-bG&{_zu$`dQ?!W@}`{gR?0W|GU8RB^=X+NGR@=5K}G4PcYyDY zrD~d?_w#rYQT<8VfyH?EkIOVjOa}W{+l@4VVPQx^1}Cfct1e~iFldV8bhM7r-tK*J z5px;+zx(9Z+37xDaP2z*gx7_SAVMJ+PUqB%-E6qVGxm24>~G*fe0&}*`b4CXork8i zr~13_(b+Xp@1mZ*%>1~jdKw=UB%&~ARece?orVKL!$HAR9~u=eZFFmDNqAh9dYg zIJkiD>2Spy2ujF-oFky5fWG`(PHf_!X+`zo850$ls6UEc{{rtvOr~$`(RRPr-Q&v> ztA|Ojv>+7^7emvraB7-^d15$4IHsyTnpq9)hl`>YGg*OIvI`X8Xulj&x9~9@E`SDA zZyMWfS_*Ts^(Y?0J7b4i?zoVm3aHXAHy#dG{1~60)3_?4Nx9O8t{Lf{|BD;x+E1`@ zNz*|;HSa^w!$&UczU9&W>8%spS`s+ixjqC9i!8qghl1(pX;O-w<~}@VfbP`gD&K4R3W287aUq41Pe||BgrrmZp!d#4 zhOAEIdDNK;G&fv`bKPd;TVv#-+biPfpq{F$Fiuz1ap+pLq~9USiD`YJh@W$~`KBn6 zmqYm%6NQ9aCuy=$gMEqh1j?}5C;94rv8O{!BsY6#bAB(JFt-F%r*RT9sQ{vpkfoTe z#sMCprFsc{lW4!!HA#o#1bg}ZDD|LJ`sHD>VTW6Qjz<^?p26I3|3)9ntuj=bSPfIyYyG$s5lgW!T#7wT7gRYS|&C-eJ1wq75D0d|gWNbh+dG-3 zQJV5Ft@a*iNm6IUJO52LVWr}Pw9&@K@g(3CdO=-f$n% z_IJ#UQczj;T$#P7&=VNgU(74%tK^l%l_#LLzTH3bnxsFE9Hsh8VMniG|;J775S&Q^fB<-#35V1q&xj6av$~04O8I)X$JzXVuHU zjIxEqjVeTkfA#ASi_AWNnA}@prLhc&(u_}jPG59Fkz6=MuvxZTC@Cn+to6yj=Wtjn zQvw<%jH%;aLOyOgSzd|eD>%zYPAN0__(!9DQl;4^S)r>8DxulAR?pjRy2)Sbbat2oU<5nZ)}Q>LRnuN|0UjE&61{T-F_m7vwZ z(hdYxr(ecrUeh&2!FJA=WX)!wtgL)j3(p11I5L(f7$UmLx?uVP8IPNaDqz*dJ}N_5 zts!HjrG=Sflz@4)>nul|Mjc33FKbDS&Aq5v_~&}mD_cmy08g`?n88_HUQ(f^9uBaE z!9RXgwT1(inkV$jV%1;_Z}SA-q*NRgy$9~iYbQ^@3F4K9!tS3OB$0OeWJ1I#&I{gq+QAJ!H#(&rJPxc{%3qB)A1<0CMxrQ?~w9^)i zRi_dpDI%yqEc_SLy`9K`B3{w)5gfyxszYPI z&rt|{TT~Kd374Z@y5o{3O|#yx3a80I{&mYcvD~-h4J^f?0~0s&n+89diRm=1p!@%d zycf(^y}tUz7z_%I*8g3}6mbr)-oQ<(Wx>Km3az0QH+P&aD9TD5Z6aU*560sjB!sz6 zfGbP*)B>;ejlPG(j*I%En0udc4B$xaJFH>`0S)07u-|h^lvT(8p3%WR+IU(`qX>?I zLJ{Bq?9}@u_xHOtndAVpXZ<^uo0@Z38RGmR4_?_F=mrW ztZWkZ@TeXADXBu{(<~M%@*QUyC@m$4ZjV|K__WlSRwEVQ=L|&DhCjqPO?sYvQV8kKuTSZjn4hr#85?YOv z>~;z26rA6NBph$8KDNJ^Sj3HB5kp}7L6p}0x+hdXYVIF{$4s$Q8LQI~S8L^Hw|pSq z0C#e0Y!aaCvRB~z*sM(}!Ai?%T-r4?882z6xYK3!FF5fPc#>18R2FsS9Iouk6TzRY z7jJ=3tDkl{QU;3eJ484>npjYhg^ueCyAsxPx{;WSD3YAjPbtSK2M>tG5*tQ5V)gA7 z@Jl0)K`_aU5qSa6ad- z^5q|QYYrdXHBl65AU%7h8>u(Wg@rdBG|>oRI!U!EH|_EY5ycLGg&))94})=>j`l@x zw%n&gmlKtRYp^V7Dmx^?#3?E%kZV^hF?Z?}0=+buXO=zh_2+t34L$V8)m=A6gr~Nx z)LWV94A$(%a6T4y3pcfFU;~>C!sn~GJdOM~Z$+kaQ>8xDS4utU?KX1H66MKV-&`SN zx$kdImzCBBXWL{9t7Y;Q_vk09s>>>hbXFQ@E*94gwzbWUNS&>39UEhxJo_^q&#V%N z;iYMDjk>#som*C5fc<>h5tyzxy_H@nI1863m2-^kusQuo2sPlv$Mz9&tkOnqby6bW zkJ;Mb^3E};);i1+LoOvU+mB0|*z?+8Qe0GN$~Uq4k{%IVv^fbA=`JT4JpHu`hgmfU zuDxF7%h{qxZr`BD6GT!XeGxr746$rxgsz^ zYlCvF?^L(LJ8uK5kil|r4(Sj=1}BO)i_z-G%{S=M`qdWc9WT`!@wC3&#C+b2J4aNW zD~jb>JknZ}vYET|JZMjATN#O(BK=G(yaBG(```f4;ZtDGLnnOH(FL3J(-VDe!Hi@J zgz-C<<)#8Cx2?}7>l;@*Nj&QDv2@FsAFIB+bctGBNy1bo<7(?>9QeX%^|@J}3m!@m z@xu9D74PYf%g_*Lw7-M$RQhA58La$&Dd8XiB0>7Q0ZPf(EkUFWal6S+os)w>Tx?1@ zcssry=F5dabs(uH|Ck6Qib2`Y37O0$o@~QZmNj9Y4D7TI;{@|z+afIfN!WhTnN8U+ z+hRx(-dn3Et(q3S^TnD^N-kWW8t<6p>dI;x1h$1HFj%K@UXk>d#`ArFqe&`yk9jrL zIe*SJIIM!F-RS;iSen4#5nN-K$7Sk#IlrANY5YlnAlbJW_E>l<-oEOe42;1=rbDOT z7pu`?Ubl`td;KamTu#>p%p{t84k4yPOIs0%q9%0HtV{LjU%E5qP3kl>n*7}%gGkBa zB2w|wp3MseWxBHUCv;6Sc;LUhia)=3%4%2zwv-6z-%1;TIQB1LL5D3S z4~^ex1G=7rCijW937Bj;_wA;r_Y>NlF?k%TI!!{H$u$u?IZtOc93DL+DSJOxwvomi zIZ>GxlZAy6CN&D9k{SyQP;U<5dS2mFxYW1yU@70<35xgO8`B>&_F z?m6=C_BVv+_(BzBeq2l(_RZgRvm_LS^f17YX$pQAma0Cs(_dkQ^UX&$K>I;r%X4ZP zKB$37_8YkVP{->zP6mYSyY!|e2adbZ;4<4KYo3SFDtCM~---r@^r!Lk=}%nP>@F%P zvhV@lr9Zq^yK<8arAQ;#ncSS=F!|Md)oJqU%N*y`Ql<@^fYNrGc`!R*4+HDEPN6(( zxwi6V)%;WV3f%E;qA=k!=9E;7M}ezwo!&GSBd8zMSGfy_%i+S{-WPSAt}d9~t{Aom zog8!QKJpwWfS6Xvd%}I1#-(u!P%trc1e`2BDiW6OzYdh-7XJx&g?WL5jK^z4O5^t! zlyNRrrN%Q%OIIwUNM*Y6K+hvT3N1v%xia*lR&6#0d8{Lxr{~D(D&1%X+9}q@k}A^y zQw7FYquq^|UKqo}L)WjU8y;i4*5XdPX(L4)_se+PW-)E6+&b=4){e`$rFGWA-W$J% z?2u`=K=6TkHyz&{;Qod(UoK^S!lcSRo;E-c60Gj4vl9{J!Z`yK*+@{kuSm2CV2Bp2 zE?DG^g<>k>0LerOvPT&_IRa`Gf`XG^c?jf(z0yuY;9e^8{| z6C>DKKSlB5nkJ#Xw2G~=5|2;to)E4S?uZNf&SWXMN;HEooKjG~z}(t-U@9ed%u8_=6vLat#Dkx*Koiag1-XmWSE;Qy! z!N{XgT3r4(!PC4IvxsBbk3Wjee)zLGeAC|UW~w@xU>4j{GC~>|rZ=rM~_~V2> z#m4k-xM#8jBQoOYbpP@R^rgk!$*rqeJzES&H5nZFz~$VFwYDsp&CNt!$|50=7v33Z zJ}W;=3(+@8MP|G^oI#)WvT+C(sQ1@WpC1WflIkyMflu)Ewz};yycF0@!7iV?NsHTgZ3C{hbf<4F}wIFeX&r!o|`0~2Kl#71wHOW4>)#Y+;l~i zs`ytf8A!ou4K-8V_b^vBBGPNqngQi}pKUs9fUH~@e>SbVZVU?0ri#-IX9lMgwv!8W zfyA?_5Qh0V+QJns=&fgdJc;J>e+oLUtLtRZ8?<<|Tjr~`8yaw)u@V9MwPLNV- zbqOc;25~boug;&evzwQ*xbci!J4DtE*k6=AFffI<_YNvXFai|Q|&2<%;k~J=-cDpt{Vl>6ZQobnH9o70x%Oy}1z#ttf zzgW~bNu^cr5TAGaNh1m3p(x=Ze$v)PgTR=H@kHUlr|7y*&?(O^GCH&eN3x2n(Gt`y z1z%Q%M*1^o`Wkiw{hOG(7OBy&9eXa?gwd*&pZVzc%NPthizKiBB7M}PVIBtg3t$uq z98fei_6;f0En}{ccueFiH}97pPGah;AQdF+mJ2EX#!*2#D1}ml#zU7X{NDOdA0*9o zv6i7AWQ|l4i)K|KuR*nOS`VtWzW{Bhmm?;BDG1y_R8$mF<^Y37-7V1(|n`qDgCzkOL1D#AGtY3P*@G)&#JNV4`EQDJW+Q`dts-_ZB!$o;x85> zom_dW=FGqK#N@xwJjjTNAm*gWw+SSvU|_%M0}_6^nFZofl6?M$!4H$061BT@^ifSj zfl{1-)@*SIoe=RXd-&Z#@u>erTl8|KH_%UsA_-Ap`!5JRWOhua%G2}@0w+EZ849?% z`}Y}{Or!x$G$7P~UcbtVQxS@m&L0N|BCH)uXgevY-8@PdyA!>Xsk}AF6wv#=*N!n#J(S|Gdc%3yOnnKe^|`3v%TK?+m+Kdu%%*Z-5nb!f-yHd# zsLa&Xa>0`2xkU)?!(Q~#ygxKMuWmYoz`?42G%tPYIhe|ibfJ!?S2K0)5Qz-cb6gA# zj2XA&zG+vKTymY`@(Fe|&njUCssL| zl2&h}VzF*H@x|`a#cR`RZKg_noe`Ueh>Y5LjCq>Lo&0B>kv{*b|#r{4xqO# z+a_wfP?+in;`?A_SLkigq%=AZ?69a;KwKaKF0wjom9Sc?A4LxGsE&D)lKCYl3KcTV zmG)igb|`GmVfv*d0%4iPAmcHhNB^bR1S)?P;-$fI*&^D}=DGhXV??egvCf`(6$#79$m|N6vb_QKBF^*10f4((86dr=b#bz(9v3E8# zmzf~mL|Cgi?d;>&ZW^7)^e)GC2no6@S8iX{KEZv;E9Q@hcfzOjf8_s09n`SkF+6MFn>K8bB zJNIz4Y4Jpc8p&835i>8fM`dX!aK=nnDz|#U6hZ*(+RVmB5*VL{@ab#?N+Ny+eUl;M zABSCEQOn?>;AWeL_Q6f5qgL*y?Rd+1J6EdAbK!T$h49tw?Y9LZrPr21ChCT|Z?izalG^ED$h}YXjt^;eVW!)|F-fmMUX6SUuhu zPJ&2Yy+hF6Z*7dMNZ|vA_WIwo#r}jB=9C%TM(7d23{DOOvmSlw{*fb!$ubk!r|LeCQEC`?D3u3h^6tlVd9wuQlDO@u6vzwaaQ5>V4e>1fvo zBang-W;$zjhpxI43I{4=lqZNAzGpUJtgtvG$myxO|57N)F55#73u$WwCx%HqtV(ac zj*)_6JQ@_Z;X3J$9SbIVadPfr8l&MbS5(>uC#Oe(AtpG+xZg~t!~HiQ1$CLdfg8f8 z(FVtCJzeCl1lL^HxdT74n$BI}=XGQM(3$@l>mM|3p#W@=oM^{_pv&6F{MfCf#E!F% zt+pwCyjBIhvwIsJJWlLghK37kz0wWpxT(>Lcs>cf6{{b_WCtLx6|t39cxK#YAw3uL zFSI-7(p8ig>oSLEvN>6tlxYR?-DgcQh@_;Wi6qF5X9V#r=h20SD=Pb&wlWongThYGC9YI7XM;o9sD%e1Wiz%X*FZUeJl;))=N2!0 z)14*_u!jQZ*Smhz-sUPF^x&4R8X}hNTJ>U@s*#eX4fJpRFY;{hs1LdImZR$ExiU#_vFSX_ddw9J<8 z;Pt4u`-`o+Zwf&(&t4{dgn+oui%9{>PONK(H~&@UNUai$#T(&5vQ_m9B0L_aev+Jg zm-{NSWg_Qgx!$2p3(o7*@u+o@^L*F6Tc7GdFyTGI}H)!?eHNb28Zgn^>>}@I#oz!_wJxv_L}w2 zRbn8r@!^^7NEjf%KABdaqRrLJmVW9ynvQ+?g=AK&;}mu^RIsN@D8=FPT#S~QUBUO3 zJSIZZakvqF$0vY0qtvl`T##4&iw9M6Km)X_-f=bUMzpo*Zr)t9(dJ=r`p`rnDV1Ot za+1zmk>eP}uJiKO^ELAC7QqE{2E7_ zP@gyLFw57Iy2#;dZgw72UYnGO-#B^iGQQEePGV~;eUR}c zw04+bEv2@)-R_AExV^E7EK>ab_9ZM~uBIUk-N1eMkEN#!-2Wr(t%KrRg1%9boRC0* zL(o8Q3+|raE{nUn%i@+paCe8`?(PJF!xD6HhXodQSmfJ;^Zs$`R(L%B*qCXNc#F7bI3 z$Z4|D(hE+D*B1DnP2Z8RzRz0WhqoL+*4gsD5X7(VPW<{avBKkzN=~q||3@eJv5;^5 znaO6{Sut@1=Ut}Nq5v9XW$c}1R^8M+wI41oHds=#!o|QEWRx$d6czyMCK~Chmd;NQ zQ9vp3lw8nZoadj;fT4 zNn<|KuRfgnki`LFD0Vyn;FL{d8OW~?$1rM>yAP)tOK2L>!?E8!IRmzCSq)f>5@aRi zj60cJA~9GBW3XKga2onN_NV;DTm**j&R-+x@AEERfg@cg^H)nsW9(R03odMDTKl=< zLlfS=_F$zGVHXOv^kx_H`DTyqGXm3P+|g<2ANai$>3hMG$jQjKm9Xt zaz-qUL4I`}Q|aEMn$PY+#0+5vn_YwsuiDeHqv3ebMdKtn7$>a9R{im&)-nG$zJ!g; zN#G|Bb#4U^$DmWBk^U7`ICWr&vl#g}<#_V4e97bWa%zAV0R`<|Oqw85RQ*f-#3f$S z+MJpM@|TFz@)0yy33o}*VMi`=OF7dt`JsFYsiYx5qd~;`%z^mH=~SqUvbiui#Dou^ zOlvyg->2MoL8-}Gr)#*!Z#Y8o5F0U&U&%7|W2bCnIu#-Vj^9(DG&a%v{NbD-V1%LQ zbBEJiv^E{3T>LGu>Z~U{m%I8BA#5aYCk2BP98XbD_^>wo20jG+J23s9-Xv8zf;uR3 zOLXE!K{4Yi8M+BY2lfG3i2vIBzS&=YHJZ-!o=p}eh0Q##lsxlcyX2{vRAj!3S{Nwc zaX~_W%B$$HRw_IGbUBh&a*!CE>-NZogX#p1f7MzyU^h5lmaPsdIhUGYTFvCy{bHO= zf-0>(FBi?x&Nd@t_114KnrBa+{f|B{SVihC?fH&P&(-`jzJY#{$lfpGOl1ASCl#yF zU5U7r#}33_#@U=EY#Ubp&`y`1uS%HV-=~dR%&?W0V_iNcfdJ#5eJDYm{*%@Q{yI4S{hHvpi0=R5e_yyl#8It&qCurgiu$Wm5&V5pnJjek z#_?XBJjxD-N|;>HeR+xar$T=pK7uXg;M()4e^%~0wp!V8TlsSJ02K)!6v*U*AGiGxv4-A2{yQ)lZ- zf1dwyIS8(m>#U!xkPmsE2?Qy1Rh{2`unMW&o62wHGelF545r+%U9N|GT-f|+AyL>G4Xr0U(6?f9@M9}`KhUkDx)Shv|%JUXjgZ zin_HE!{gE^&j_@g_;z8)etLzAjBRlXxu_bns*~01Xf>seI^^O#UnQB{`SbC5^4DcR zuQOf7CSMxl8d;4>RMC{WLzAz*!EyX#w4lMRiQo2uuwfPKHQ4<;e!Rxz(f-|j=j4qE zkfzlog}<|P^zCjXDir{630pTR#ODPR{kzexdY`y?VTa1+8%I}n!fa$9n(c`*-YSu# zG}|-s1wu%>x?guZPNA^*_1pRp#b`#3ard^$Lm@i5Y~mRlaZyUc%M}bwh0h@hT4^@f z1w^y6&G+#^>0M!4TK5r0FUW?OZ|G$($@MCwY~T_7_;H>lgVVskf_XY)Y{hxwcSg34 zHMBo!9>wm;MlkC}GM~!p_=J>{KH`E=k%f4LTrZ0vx0Rm8gTL#3B`}AkwHq?2`l)YP zA(zRAbdIYn^H=O8Fuo8m6rC^BR73|8_#5_=5wult$~^Od!7hjH2q7=2k-&$c2aBn)YN0tTofPi zsd0f}Os%uR6+e#;ZDcpL3+P@loZ`19f%4)oS(``qYk}r|yEHX;LzKO3NvgG$m$p`R zg;Jd|H&RKcoK0O)JmG8$=an#WUKQsYa?z`EcCx$8?&=sPv5sV7Rr;O5XfRbeQO#jZ zx{c#bLTiEqQ0mE_C^DqbzS`$&CxxyduQ?rcWZnCKqHvblOqTiv;u^8(75?v-*Gg@1KP2Pl-ay((h8^YE`B%TSx^8Wvsd`KSX`Q5DM=JsZ2+{y`=JP zz|2s8!l&F#KFxQf8F4XZr)kq?p3xzmI2Nm5j~9`BL^<>adx57q;ax69M{q7Nm0gDH zM(xR26Fgj0bR}P-6{M^Axmbvslz#pwH%0&UGyte0HIHbG11QDv35F*_#%CeBS9@~dr2=Fd5nD-8DHId+mnA|dpc@;V z$Mve|`}NHriKx*|qc1c+YJ_|jG?LLph47|iAP0%@PPKBr*P|gZ*t42nO!uxJF67Ph zyR(L=4`J-ImWB;e37GJ;?~f(MPW>P8s#UJQmU2~o*}u72ng4dVd!?sUNVR6uS|&F@ z=AtNiZ2na4QILt#(QbO-n^f3__Rb469(-gOYBhxzCR52xC5e1O8(q?ZeAxgAq8z6W zZj)HIfV-m&|NhBMen?6?6{&1uOQ*{}uT>ju|8e!Ug#8Mkh%Jfh(O60(jdT=OlGsPy zLv{{i$EKo0BBQ0<9_jH1WS>oG^6p8?m?9T7(-&pyRu}%{dkVPo?Q`EiMSMe)`ogz^xEG(yXC_4v5YiJAm; zDmzF3?un$HK?Zx$j@lAd1$2ypcS$Se(;tvwQcpI2n}jeo<=Q&0q&i0%4^5-ST8P>s zJcJLcCGw%D!)`Vqy>Ex9o3;82MJ2U_g`5KXTvXer3HwD&WaM|xp4q*^!3BSJM6n>H zyjR)P-A{Zt!?G(sQTXU3rPZ_FYHC`&S@aDZ!~)o)B8IRv7TvvK6L%W1E6Bg-p2(=v z&v4}0lTtS1i<4KCpPF5az%V;~_8sSnUOMo;sw%!_y!r9yPjngfm_vN4HMd4c{urm_ zW|b-c3^=@tYjn9-uDOtrNYrZiAfrH_gMp(AUTn+$rkvIObW#p8mmqJ95pDS(R5~r` zSzkV@t8{E@F0z>HN0@ax*sdWWeV|C`q$BxE2$&IqU1K?@Z7l#%KaOH3ls0418FJ*3 zYo>yKE|49~$9!^->n;NL4m5+++6DpeaXmg%h1_=L|NE&b^qsEZA!}j^Ial93+#_u5 z=`3^P5^X1n$3;w3MbYC`avN6T6!-CyIcJhWCM=f=;%yiuUgS7g+23lHgU_C2gohWX zR&geAr&+X>@SFq7!$QYr3ot89L_gN4E+)gRMZMj(eEKd8`?k)De;SaT6%?mq2|J9wSO5cXCvW{`3xgUt32fHy0EX;_U)=Qqo#m^#f!Q2#c<945*o!jP zrAgXk%&Psrz}xat8nnnXEibl%ey;Q2fIK<^z>}}?1`b3VYq+u9^n8{miyAFO z$g(Y4{qTIL`1Mh0Y-#iA(ob%IC&fFet)UStQw)2hNLU{)Ob80dlOD6D%M_c5Dma1D z-3R#+W+rx&hR=~ma?osD>DlM62-dl*tDWvP@=*|vw( zyTOSXarYwebZk>mNM%!pS>M z6olqQS!H*jr$=NS(IRMxtorMr^}D-`uZ>|MpQYx;bw>c)*Qdt)_1^THUF>=+tTNi& zkB57SR-2M6u*T)-D6HAuay0oYV5S6%Pn)NZwWy~bPve>QZ@c-V7Xd_p7}VksHVU&8 z_aa(^aN@Y^5G^c}huq3FPGhU3pTKY|mz`!bw?WmMW?6k`gGz(|BcFIT@$2s5sKT1D z-=h&J3DaAH$JWbJt*?`&n;*h1dVWmON>JwN-7bWA+FNF(o6}~*_NNZd=h$9^kdsHf zx3Wye*D2-Lp(Gwk4aq{VG zd<)1!5;<-n)-r5y6R^eR90dzX%&cAfL{R z0(uS(l6%={oS(mMwT0z>-!K>~5knxcHxLi(JJS7eD!eNv|Q#xehT2ji%*BT_J zl(!Kf7(AUiYR9&;K@_>UpGY)pR4DJKJNfR}$N}6V{+ z8skkPF>Eb3*wwzHvG#QFvcWCO>9;>2_2r>PwYTxZC{7}7)UNBjz;PC9{m2py4)vww zb@cUz3%Vf>V-NxO)U2wUSVzl!R_L*pCtg@k$aelfyMO87>OKLwt$o)$*;6EV@2UaG zrA#Ma@;$4olOW>WdAu%K^&AfA>R4o9O2FZ4YZ@kADZnFnHi>hzU6J@U^L~DVk1#8~ zPDluOwl=nUimb<3Y)cK5_R-*@GI2$*+fxSx?e+3$6`t|wcea~Gu5jnxrbyzO^$nC$ z4XeXK#GP<1NaX}h7C!sR?IsI2^Y?KFPZ^}DL=9y-vrJr<%dK{y9$D`Kz>A)E_W!Q?Vm1l4#)AxkfgiV}4$%XLAWNW?Dl|=fjow(Bt92~Jq*Iixroou$_Tq=|gR+Hxy z3?o@Fjnx0P)*kM}(U`RvipW&`IMK%wZe!Uq(e(6$n;eJ+B8ciQjqkY})!*N#2bv5k z=v!ehbZ01;E_JPk7v@u+GxPzt-sH*#IQM7iCP>}_q@^MGj4caZWpN~x^1!i)J6!0h zS_=`zjh~EqN~MLU=_KaL`Ovf4&XH6G^@~jD0_^OOr}rI#P9&IUc9uJU9TIOth!23MiyKCRL;) zku4Hj91;CYkr!5<&Grj->PaT0IRo4)6gj;t75sP5a@|4zCV;a~wCz3R)Yiwknc9$5 z4s`}pT5E!i-i5T=7X`XOt+l|Bn-7M=w6a@tRsUAU&l3l-JoCMrT!}xt)|6 zU_%SjByWP$xZK&e7RVRymDEAYCUC!x=@8e`)RN3dCUKMExt4AwYmB@vSg{mw+IA2* zG}lBsINs|+xwVu2eQN5dkc1O0{578uTGUIFznuDQ)NrBnW6JT`e9Go-XvY_{2fv5x znWhNcQ6g`Q{@#Z01>srP{{I&KF?g=e-zVD&hS^X(9v`Q|NV%@_2lqwj?i{}=FcHG? zo2%W&wlaSj?9R0<{J^fF^6a%A^nOnmDa8ysW1A1=i3&$vP-~LJ($<*Tb30vSHqF6q zVs0ME?~($66-z%~o_q7Edeegg2ow$(9^OwdE(>c-9>!ImP!VH!Z_EdMOUk{P40GbE zgnFz*XVuHbvjovUH{IYE(Lhf14a&jOLzwDEzWOOuxr5B8-x)RPt0_x4K5coZB&SpV zNQy?()Ls%2`+G ztgI_b0PIL4ruyazI@M{rxJ-lsT?r;08X0@A8=911T-Y6)c)35lxRVR@qG>`vENS1o1@mtajs=m9UW}uF%DBx zE*+q$o*hV#?MpJm;{kS|hHct6tlC;h!s@PQ__Z?{R{1Y2Yaz6GLVz zwO0%CO}LJGI&SZv`3dhjAC3y7s;&=bHh&Iec|Qc2_vHNE2J4LDVF}AVSoH^7FO|^T zN1QWx?q;=xA)hm4IgH)E4j0Z@3p#TmThQpV91R^n`N(?Hs~`x2XX60jyY+WY(`rf2 zSGh6u7Z?Bd#KdLpC)ov%CjCb+w+m_UYW#03C>t}5{~KxsUnC3QHjC)a0<7h~-RQP; z*V&bBTM;QIH{Qic%f?2I8QNN@uD|-jAuBO;9hNHsa|K9}ik5AViLC>MQEeAXN`*yR zT6pAQ3ms@uR*)d=Kq-1s(N6}IwBbiykd^C)&JIr`(yREABEf7P1y$^Rmfz|!xC(_@ zI9pdot_Y=nbjX@{fw#xQbYb*tVH_vx2?$C1eu?;78Dh|k0QNgqAa;SR$c-KDc7eJ+ ziRa0WpAWF{3^up11>pSreB)+w)Bp}~_`uWvpb7PcVk$U6_;GhG;=F?CIQ**2Zah}Q z`(mQ^G?i9*W$S;|0zApNZ)^`e57ehIn6+|tgZAWQRkk36CRJLBG-UAFdjRNI@>e{+$S4wC7Tg<>lO25O2UJS7dX;Zy@POpa#b~!j z=bh>4=%>)?>S}|~_)OgFUSbPR&w{Drht$NxDxrukU#wo2Sz8C9^Jr?qle>ixDEwmU zF{CvmOO;jlmM%#Jl-tapjvI2I!H(>I`6Ar;$TRC0mSp(D>nGZHnj-c#mrK=-Hi?4R zyA%69EGC6clY6}BKPs?$+)q;r-OEMq{bjW^k$xv9ZqpjF&>duO;E1yhZFusB{KxZxEOTKHYv7kSC1wz`Ovm)TcuKwlS#qh z!FB|&Diy_R;0I1_j1uH+jSLo}h}zGU^xDDcs1~y8CRU$KsxQ7w^L!XbIk^a#j!+63 z!U3JVT$gtT7kH9f0(a+3UrPOCrrP|(^ znWQ9z!}svC6o9Bc)j(5i9aTIG+KgHTkY535jjE2}Gc_3AP^al{qSDVQ91**lDz)F< z8uO-dp$vsIvu=mU2-)%H<~cf1Lo;YE2Y_{U#0e}%@R>Jx_QyoF^{M{8L{yC1e;Ea7 z4sOqG0Ouo4kSnINN_+z1Wm@#>U;Bv1wb2Bu0p4dr9_dEDV4VgkM)`DrI?4Hf3);Ph zWKd;wZHU{I*QFfNQ%#;zE5xc)THoH~@y4+?@qulYy=8nfT*y=O1BQT~&Jp=L<8dD> z*nrZ!h_s9NLFUX*TW6RF-oY)Fvp!7F@uB;~QF;G}IPG*E5w^ZJ;r!;G@%;}s%L#WO z48Do2ujiD;n!JkuC7H{!*FNLtSCTAoL;0KBd)ujO=A0ZHiHV678Z|Ge-~J)W6^b=M z`#5;fj{qIS&LzPqXXwXIb3b_^_(04N8yiMs zrDbJhB_(?c4fLgdhT;#(7}3I>%G-9w^_IW^SJo*7x`?n>!-Jgt-O3lm)SCdi@^b>6 z`3^}TX6-g}y^B`goEF4%mnvj8?|931p?EyN6E)pF-?s9Q{0p1)s@2UJd7?UzA<^D~fZVym4%9u1M)i)xu6niW@ZN8JO7CwGN{)Os5%_FWvMDEhxcZ;<+HaDy?cmgfr(>Pbe>_Vb z9UW~uYF%W$D9ZBOhgWzwTd`={wCuVW$pz2admex$*u3`dJMjoSC2ei5r-y5G6%`%e zjH(apDpEWTe&1pc3L&xk+BbMUUcRH|y!Q6{opgK4)z0O2OzkI+uw(dvF<0;pdnI#D zA)%*Bu)fgkR(v3OJhcKmA=-f-tYb}Ld=2t&~zxFAKHS3Khw)HmAwq zt^B~#3*FA3o)wMQ=3=*MQp&<|$t3{_V}}~Y?c~VCl~=N&Qu)m*TdSw#djqF%S3gYmm$Ba5Y;DG~F z;2L6LPN`fX0}|q*XCv<@YdOai&#PIuyNiz!5TClR_{{6QODcNNO&%Tj(Z>kZXzQBK z59jheJh%7HHzfD7+V&4eZe6hXQBKRre7@uM^Rp3n!hWZ%YQtVuHn!uAYrS4(kRa>; zSKs>-o-dc@>HeIl<6@Ex#Jw3SL5zeL0LgF$E!ubaECazECq3_QaB!0KAA{lC+dLl^ z@;ht*@9*zVzWE4ePqX8uUF%+<@55bS@4DAfOK?bK*W+EM4{XI3cBro7C}wDwQwfb0 zdc1+3cd$^ZS{5(QyVnBAg282gN-hmMyiaSv5(P1UI@|lK?YPrAZD+42J1aK!bP7lo zI|%=ewz6`3C*pT>0nZCO9w&;wA*gOWoXM0DR?yt^%+S8?&$u7C%sY2yIkyvh!6p%h zM1#zKqVKCZaVbh>`tAlNnH(i)h!eZRpEG?rKx$1b<1;F$4Fv^FWK=5}iTC>#|K4)g z$@@R8=LLn(hwdKr)@r@sF+ZqzU1I`}zo&9tUDw2M6k1#>k}I*!ENB~h2=v+#GNt#5xu@sGjW5tBlO{amwU|G|9JCh;76%mEv6Y4%c5vy;7k`**^)Q2p$d^Ccdse>j~me_5-xk=CC zF->TdA1)6XE;rblWa+k{Pr)jr-q&TF}YR z-x4|g!l2G{nQQ>-@!8B(C%HQLtirq4dHmE=($2=pDlc$3-L&EfSMx*H5Aer{eQ(xp z6#p2`1JxIiAMXGSG5Jo?EoaSA4H<(t0L+dWZWdEbR{CE?QmIaq=Ir+IQ^)$MSuq}8 z1vmPv#Pe9;BmngfXQhUoa$4ln=&lxqXcXyN{YR#3}DvCFGNkSm^ zh5ZI=LPByh!K;5D?fJzqA!km`i}j52oDY~v!B>YWs$*}1<)+Yu?>aRa%nk>#eH?#k zZn{?UpYM!8!Cgp7`8p4q*#pK zbKkoWnkronCE=%~pwvyZxM+IdJ&*~@_jO3fr^f=#0&Nru$+Xd0ZDZku+;si3*J8>> zix2Ew7@*yyZ$If_-}UuVBY4i#%eCP{ig@+f>ze;0*BRcd3{K}AG(EFlAsDfCyB(e` zLg&*Hjhn@#Y4RW;l+-a}35mQK2X6OXRji}b8wWbmuKSBkK8-AOz1!=zX#aKMTfbz!d{KR*9zf+n;p53Sf z2}~b-NanfH@?;o^nA1N77D{kT!!5lfoPV6!NYrEz6$7}h$m@Ky^rf5Eahe69=jowm zC(n%TAaHyl63kl(%kypMM4#%)VuK&)(_m^Uf<|nUY8HK@3ne5#+h27X7-4hVc;a9} z!)G-aj3M3IzOd-GEVNv49Qe3L@yGaMPB1hr)gH+1^uQ^drFU}&ttv=>dw~}d z5+uv*3)=P_4P!-V%f2w%F|=`BX!+^pxU}DNK|;VAv@BLr>GQI9DmhHyLdccxPO7;M zc*fP{$H7wp+*h%+wpm2JPZh$VdwfD@ls{p>G>RGi?Z(z_R47CXeK3QCf-&JkifmCObU-L=~1HWr&)`=>%SY@ zcujtH3ksl?mzN$*bU^WoqU42mjCM%_&_1tto0&H8VjtD08N;PD%YgsSQj){2zuJmFPIhmN!-PL}}Z9#c? zhObW=*hcwmlTcdZrvVM#=g)%*Lb4QbK$J^1$Y{q}#wkNPW`2Uc-vbBZUvz4YBPd9U z-Ibh&UUuFYWdQDfKxwLqZ;b9D-W;`a;JvLs$u*iK`O}iQkFT`%8mWP=SLxl-&{?Md zVIs&cneQ8cM;Z$)#^QISatmdh7*U@CX7NDH;lnrPTiRYWU)27C zBK{z+S6s+ zE5y}nC8RDSU}S8B;@f99nSsQa$j!W|q_~uBvAU*&CD&3~$V9lZ#3phGDRifWXFD=oBKZ#aV;B!l~Bgt5r2HG#4DtPE5bnne9d&p+Hu2|I;f#j9&`?SclSwKr<@KIZ zl$+8SC(o5H_^1PZxN7U$#!1)0!8z7CGl`H(uQQO-Y0`8WTUD?DFr_FUR9t_4yvR_?r(ku zH~llwx<&I#OAom-*j85;;CWv<(S=pr9(Dj<0frGFcuH#A9-TD#XpSO zW)nGp^s|**F1E_5hqQU9Rh5=EW~Z#Z%xa6Ven?4OCz6Jl zt2mzS4gMGLgH=duzj(1gXsXJ%$5@>n0WUlI;O7&W*pzI5qYxaqd#w3oLJvtI;B z=BtC{E5gs5YuN--1^Fz}3N0^=X6Jv`Yreykk=pxK6_Nt6wX-GW{c#|lTR+{d>@t-2)B#1OMHG50y$`a0YmABP?$R^|ige|`OPa}Oou(ysLOBe}Z z?a9%V@7e>{K~fJP+WF6m6A|VFqn@K72nhcZYWZIl=KSUw1LiCKw#Wbtp!B*rUC;fp z0e)_c6G%o{E0T~;T={xbjANrYp8D}H>gTJw0W2g^Q*Jy_)#u>NkwMgE?uV;40Aw*G zY_a)GFF{!Dh+357{;a&~E+Ml)<)<9ne&%1ls6!?2-Flt;RO7Au8Uvo>L{}n{-Sx&XFWYzBl&lr@M6A{6G?T8pqTOiJ zXKgQs4{LiDVllbZgeK%W`U68^)nVjgtVKeIJpcItcr}gHeXE$MGtF_XIKK1F^8?1i zLy5UO_d~e}YoPL9Dj~e>uBNWgs@nm;&t{d#zF%O~}PUs%!(i>N{}VSEO77WMpXgjP+lDIj!WlvNlvQ?m+oR;&+_s!A@!9 z4X?usD$LNp@J{0lA=q_rsKxvl4vJhPMAx+d;!)%NZ;1CQ$?q;E^MhYX@Zk3DL}B3| zJZ=Nx2FiBVwi5rgoXxmx;hC3+BsvB2JzarXErahOG8wVGbd5w#t6B(N@`5S)4n=cZNOUqUW1#TS7hE9W?X$>TtPEH+`0S@9*F` z2|yTaiop8*BESI5T{(iUuDU%A)&;KPsG|_F?xrCn>-zNSGqv5de(4?_1GT`CgxLBC z2nZF3-9TLW^jvk-;fd|^7dn?`=@pcC6J0Iz^p$7qbWwL_O`&#eE=LJ^gCk?`xTF-*o6lul z$*&p(JkPB}U9Nux7q(xoe|>dF{$E@i?rI`)Lk2$jn5dcU=n2KeaOwGM7n4VS$$Zv? z3OVmC9*vHH-=2-L1yAGDYl3rxX9dvh`{Koa;pzYPW+Pt_S37JAaTWY)A^l_K#!D&M z5}Lti8+-Scmq>qkf&ddm_#o=1A9LfL*H4t2CX<=zq9Xw>^iGu(3Ir+j}Ji`m!3iWJEWOKLiFeIrsNkeSMt!(%% zf-|{;9=)IZWv?j>;F>&;C#q>Pow?sd*O5qHy51~4p|-p|&iTIduQEpH(xRgs9_Mg5 z^!w<~5V_1ozc1r?HW=|a;0^nS*_$Sgqf3491+$Yt)sG z8tJdTzDkDc#O}snXFuT>8p~l>x_$dkR=LGSl-`@Zi?)*5joG%N&d1U+X+D?kf_^;f z)mFU!*)A3I5v4oALMgJ1bYGjU%~rgeXRDuRf?NUSls8rO#RsUlu_aGs{A(VBlWX&E z7fvlZI64?2ng>6^CR*rBalrK>o_XO<_{2Am=^x`!X6*6AAdpV>v=ZUV!1 z^oSHgI%IPFIOwn|9OXS+mQkJ2`0U!(0PcLepQ26XAD?1ZRhN>Kp6`T5-&8 zsDW=#@M2OEQ=@*jf+&>ewq&c1C! z0xv15>pwl5ZObGvobw+~P-orPoyMIr!ZwTaz1QEJUO11F2)Qm%s_SVt`gT;7RVnyF zuiB2iPG{5yvi%%2HRp5tWUQ>AA-jjyD1&SmG*-wc8!w6Tvi$_6Vq{J=Dv+w-kvzs~J zcpWaf;=yb5&omv^@{-3xX0TCy_~!5ziRX#_D1NJGeiZ4;^Fs%pvmdroJ%V24{}I8p zFDPpU!VJaI-aZy!r(Zva@^}hs+ZR}Lm*T;Je25pW<-rL~E4hJa0*@;E7{~K@5@M#? zmt0R*`7C)%Ee<`AO)HJwePI^toQD-nTy`toN2#0o8QgmfTq`#=N4QN7>y`2SQ39S@ zvFbW7XxQ+ux?bk}&xq8fRqu1dU{twNSd-0Sqr=38B*n&c(OXhR-lz6QO3HY>^t)-c zab4%zZOf8x?-*OyiK6V7nEWmqz&lJD?vryh6Ykz1T>bjS#!8KbeI_{MICTj|<8#^V zQ`b{f)qNP~T7kpKhg_>Fii!riylsD_=f2*1QRD}d9F#<*{iKDE-a4o-F@W7>p4cCR z)BLZaYD(_FK?m`tnSAf#0JOY`-Mykr-uvGo$yGY|$bn{lcO?mF1Do?&S_@VAqO`y< z9Cb<3EbpCpQ+l;>-7Xd(q2v6CyugIBHmfDjXDG(rZ)!1E<)9 z(jICo@t%C|QZ?AEG}XjRO{<6nb{I8I;HgsWjQ%Xw`Gg=P`csL{V=Vp3;-~8?Dj<6-i|RaNS9c^xdZz+5DVCEHPdcPnA~;>B#-?fJ=}~Hb+pm| z%?InjW>B~UFK@`xrWe$v9WzWiph3h@q5{NIjy5BW4|>_?J?toQQ$*(AnaD&%;%Lam zJCFinm$TtI)|2O2{P@lT^pu*h^*(HfsUv0My6*aqLhgQn*PZ#YmHb!VF~^=hpGB)g zP%H#|{&1JO|BE5GKttYZR)m)F``z*w*Jug{j3ipnb9n~ray)w&JCKFPxAR@K46NgO z%7ij?;l6~c=PRb9lzex0mnR;%ucyQBc(%28+}Xx~hb;|v&#&MMRwBfW7<*4V1wf$r z;*SGEBgbnrz(a;Eq4j3t%9i_DnX1m6tG35_xV$fwmm3DZzjp_j3nRrIxKe&cKXt!v zuN(J#EJ)VRywj@65?Hxi3sBGU*hwR_+tZ&Mhg@2vQ5Beg{|q|+><tIMYd2)qj%^QwGeZw^lfOfC1so+Z6b~%*5nvCU0f?xwG9%nB zgE5D2?n7UE+7&`w@QnsKf6^<*FC^J&GmP-UBH*Yl+obed;Oo~9($ckTbxyU;<)ZEStDV6_-VRT3 zacK(+ah*QL&4+5qi%=R>jo&qXQlXY#r_N^IQE2fe&4{ zyqIop2L=YhN$>G>AWEnu??<9yVdb9A^q(!3-QPfswzdj~^!I8LM14 z+h;@h{q3SvH=8P9dW9T{EA!F8h{Od`qqxW{aT2qw^F?0m9C3181?2>`s&I(MqH&T4 z!lplS9{W|c>iW~Qowio_h#6-iOlvX<6O9RJtV;e~viEU7>q`3J30j!o1b+j(TCI(h z&*Qe~=f>gk>PrWLZqrBeL@G(VJ-y#|Xi~}ZO2YsqRD4G_QnKBM!;idXK<>9~;IMe| z@Kr>fKnL1AmKU&FEK2j&*Ef*aG%+0ZU9KaMa59!DG`pnUGYggRUybZVMt`C!bL1VC$Wpx6)4*SlW>8>Kaz@$VmKCjM{lJnKySoUD1WbeVYr!%i%5QT zefL7kI-$*B(u>13KaY{L!`s9fc>gYyIGjc5m#r(LYMRN^2*lQ80qA?=-x-pGqgw4g^mNI!&t*0MfO_nJm z5^;b_~Pd}N90@WP)H#ZLeg0y=au~WAb(doxS zE$I-UQQI0K)h)J&Ooh|&?TQg=%p#ZTDEhOvq-mS`KPf9XNTKC=owCtpR)Dwvr@ilv zYHHj1#p5{#EEEBygHaKY-aB|eMX3tX2~~QN5<-t2DGCBAO}c=9w9o^DD!mAy2M8oU z=m`nEm$%{E@4a!~xZi#E-hbYBV?6%Z>}2hgwboo~t~r16x90xzY*u^I7|uD3+Fn5w z(g@|hH-9n9mE`2=TDqv;c4(7$YDyolGWG$%lOH|?OJm~K5|c-2oCt0@&BlyA3Z_GI zF)q!a&CHm51KdkQoukR5RYu{H@_dM9ssy57an355G4mEtzWN?>)d=_T(Z%v!8^|aF zpRvDP5}JDJ3dqciizSWhXYVeIE5^y*p@X(kmnUal+BS+KAphXy%{js!#asNWv3>Sc z`m0cpx{p^)q2K_sC!DzGX3}!VMA-q^u7);zBAGLr>bVscRtfU1+f-Ll#{b&$womWk zQN7rQciAU3{1r7a?hoG_PNp@~HrN}R-YAaDYrLxMB6lBOdOagcuEyM$LGca>;!$ch z8`?=+Esa6?Y2Dvwb>2Q$u(x~wbJg2RF~eqEnNoh2U$VK|_D6QBTiCB2^|dr4DwA1+ zcCz-$a)Cox!+!QKByjC@kkHX$X%g~)L5l-M+B0{aKo*r)chK4f#3si~RaW1V<0DM% z=Bk6)JSRnz-|?jTTUw+yOd+9xCvi_lMkIKmWJsNsEu(PUUQ;6{rozVQv>{MSex|yT zAfzxZlT)mI!!!iq-)N88ZDUX8or|ZQ!qlR zEyWjOwJbO;qY3lWeL0%5B+#N`=MqibEq3_wi%XA@Aq$uJEE{e}t|7Myb@0xFLC7`A z@2ZTaf8mI}C!*COYDhzc<|ial0GL2gOGH0Ab!U@;Ea&T$aT$TUk3Eizt^0k0H21K# z2Y-^KlqI4;F{j^g7n6_r%y2`vLY!gpJsM_I@n!Dxg(E1NB9@&kjf^C3#!E>)Vu+Gn zEIP1gC8b)1@^gngQ@#X>N;Zvg?37PGnVub$!DMCC`nY}>sLsUZ+gFlLGv`s};!sVA ziL^HT*(C$Vi%2i_^{3-e?hDH%R+RH!YRpzs&;)*NH4}btcONej^|4n(j?rCjw}OhK@R8C!XOyYT%dL&{cPb;~x_;p=`F!;WrMT*TIw5+=`+;5N6ba zFwCASx9*Q{U)HU7k>K666`J%_EVBu+?oX{L0>K?kCmrm45lqvJM67;qf9Jtcc5f{k zI@3Bb!>43lAuuvfjH?yiJ1Xn1hNr1A{f3*O*OZ=xa!F|#F>rpgF+H+vS=3wqQq-=M z*9#o@a&_67Lr&%1SYw%uDfc+ed4Y3O`lS3Wy!(E3tR-_qf}q^#U;!|VKBl8BR}Z$i z`cmR>BIFF!^miS2o9l6>0mLpr@Z|(S6VkRHEtllh3c<~&HmGI6#l!{EMeYZQ-Oj2g zBsTNGSwxOXdQA|=+dp7ylD|?=?4@n@NU|lbR!ORcd3%sqL7#3p%CK;{Jd5&uk#YC~ zKNLcjh4eK8Gr*(ea=ka>5o5(J;ZgU!suXTn@@@9yq8>Bc?=i_mpE8W|`Uk)=x;G_CHX7U1r zugfSd)uE)4c?eEelK==3eLlO|S?#AGDP@)`Gm&MiPWrn|}`fQz9L+F>Ja&B+6_io^~*}Niw z{uS!T^@*gl{wPu{%@rz;pB>AmYR^Y7*iU^1sfQZilgxsS>>fbHxhaVQ+O=0KDcs{j z9OONJ`bpQ$*z?p$PF=--7f3oQSG|CpQG25T@Y0YQCw+hR7ZcXxYQ;%`DSoF)|8L7G za@DO>a=)6Pw{7?gIQ+IQWjx!1O5r|!N`pI0lw_!!_@T)mbeNu=vmovkTD+)+yV_$r z2}DWTN9YF?tAvd{^TF(F#4^H+eA~WQN7wAWfu;E`EazBG`l14tS(cL#u0vj{tGh~d z_;}n}JYbgWDbD*;Uf}3$3>?@XGl*hbKVTe{(_?cJ^q^Old=-x)@`3$$(yW1Ju_}sh z9Vz~4aTIIF)SI*ISHCLD7;qot}8&-9YVft)lN$^lHa`Pb_vu$3pMc#+)9?X?>(fe-6cDA zZCQt^v~(b;0rWW`lUDGRgHE+LZ^$b);L|ci_mx;Af#wQ(JlW3;{E#Xm)}HMT4uwj= zj)F)s-sAB~!z1*n0WyCI8H6TZ_EKB`T-26~5U3?b5YPNrcX}Y%t6SP=k=(#fK z2&}1TjBtF= ztGAEUa4=yPu>YHO$@y<}(o9%aYCKbH?Hl-7vLI{SjgcC#y$Flu=eHvil;35(RxIlb z^o9b9yqd)6S-zBBPq3c5)P}9mdylb`Ox2rJ-&(7NjC1QXu74bE3>b9g6UoUnpjuxm zWq}=3?_+%hP?24-cRJ+Bkq73q)JswQ*-NRGcldTc$|rzq?qrbCF`r9D_JSI+u9)H$ zM{m9^)!wK}!U^RTMrhnyuP>3El<4W)cI436RzkTn1U;E1p-lRgmLVm}E9Yb!el>cs!BerQ*vl`}#6&0g-W8d*9;SnI@kLss zWs?z$?3y_=&kOHZW30Wx==f$fx6fQfufFDs>w8;&YD|@m@J$!Aa)`hdER4;1UI zeVmgjTiQo|YkF`+r4MOa;MC+ZKUX-#AiEC@4%&yWZof~ap&3?9Wdz>`DL-HQWK$Fd z@e;Zpnd;|tFpxS4OC6Fg=g)DnasVH7F^H8-`YUwQ(s$#%t47Fuki89Z{_yu}Eya!7 zyLoTUB3VgE$!y63T%teC$Kia2wuBc-;UJCoLH zs-m#LR?^ zH1dO(M9rIs{2+~{hf5@-aq=Gt!`~y>mNb~*zb#5+p8!1u9`Oh zdprq;{4N`0TAHhxBa+`=|6TSZ+V=+o(*LS1o6&UNhGTZ`Xx0^#z_Q4U5K_k?rIJ9z zvB&F1mGGb^lm@mBPEmi3?n*wSB@j6=ZPv>hT${#NQ?A~f<*>OLMSafRNeZ>mr|;W-FvW*SN*eP(c1J@~pG5jfY zvbNYWUi;ME(`$C6e|HnS*%&~NEAd)^g0FFg*od#PH|MI)ra!+5CLP_O1>xwsY?gCJ1ND zg1i6kv0K-bU+C*mny7?v$%;$y*p23h*!nqmW7^$_ehw=Y3Ry=dYv?Ky5d*#(zCBx16wF#2C5;E%Q7U@tRL zv`^S!#wiK_8JbX4fiL)P3~ej0lM72BYaE~a_jO&|II*O~V^UC-n+nF9@8+X$^^;)p zvwUyUl>4#WRBNc#U8P?>kT*scC7$QLO;EBp1EI`MD}GW5zoPi0^Q;lLZNkoqo#(Q9 zO>rJ~nSM~pguXB;UQ|~m`l)0`x;B!&S$ONuqoZOo2}Yni0AlG=@MT|Z0bc3IySsC)i< zJ#MF8k0?Iat`y55vw+luMzwQGDt4Py3;MDHWzh{8C@9f(}pRPrAku_7d z#$f6DuNItJgp-nz@aqp9jB0F*-aoX$?3CpvCFLivcDS>57b4;PkqCO`@t+i{fK zNeNR;p#!4K$#DgsjwJ$wj=BNy$nN}=*-XLI%d$bqSy7FoENw;I?wYOUEA*Gt(G}NP z!lr`I=|a-}N5yUpfhV(V5)zdmzj44ILq!~$vhpXxE&AZVmiJnx%FbRNn z4out<^j^sCEivRq%B}Aw@D!O1${MRMWiJ|M0Ju#wUqDZg% z0Xy06wHxoNH1Y~VR4b0Uca#+@N{!BV&9hon|?CzXfZvDFcA@x z6B}nRxA0O*T>LVKAHymCwNa-T;gZlZd90&B9jUo{bev(wb(-LUDX!ngc8@su?JNPv zKK(lI+5=UYsB%JI+{g&fojdgLI^BeIX|?^p1|pHar|dY$-05CQT%s?&xVUChX!kxh zsczM_xT8f8a1kjeD2*uy$Ofyn6?^gfXG=A$>ec#lRZd0N%x+-W!=$aDM=!?)O^9EHO{K0rRVg6V+cn;~=|zwJ9XIQ+K1e~LWiOh*aD`nb;) zkTnvSqaI>?76U=S&#a;^P9pH8o_GOT>?Thm4##@A_sek?11(M{7$E65C{t<1L~Ukw zWr~RoO1WT-O^3NzBPS54?4w!>UM9MpY8c57c;7W?mge{Ye_n!bl{T`;AMWp`;i6 z^v)6*c({q%HRWJsOH~==cRu{3wyQ{JE-GbbwD#@qJ4)oAVjdozB;RSv4g^5O4yG$L zptmb3O)Dl zlMV=h24(@z@3G%dp7fY1CN=Dmr)sYQr*zUh1`WaJTLWW#6yC}iuRPV)qLfZ6zghNK5+D(I%#cgA!m3|y|?j(_jwYcM2?O;o%+#;)=Erw+X0_P0{9 zX8OP+y9V~h;${?^*hE?3j%|HmUV*lz=6bb47fUh(tR2O3y5B%4C`(S6&FoWthdW&_ z26!93k01MiRRXnarsw*bsIBZi#8nG+`p!o|Ahc50rXjR^kvEh`M)a@bJ3x>SF77K@*VfND$ZnoK0 zrC;D=%WA05Q zA~g;#oyfA>*B3@^n41gy7HgEqq5(VK9F+w8MSeL_foI1$jlwbd`q=D}uh8POI_K3U zsxz+K>vYw_Bh6}yE`gbSQyGI&kVPP-zME^ZJ? zbgNc@jB%d&O`X=JYNWvoo2sn&N~6=$ZpTkxxTV#k)u=#L zhyzQdT85@E155RK^D|t)6j2UAOBe|iUy9{Ej8TM!88PVL-tN&1Slcy zZr>xB_O9}_riAa=kfqp1#{*Hh0#%%eet&4=RMbt<%_e2P0fzkjf#s4WcLpczmHF}E zm(Zso2QSMofJr#rga-W8gUxt`TK|hVll@lO#w-or)5$w3L$U|nAKuFsxZywfZ9<7N&Ci|^U8?JtY<+*~Hgt72 z{)?Xn!h|8L?iojEhzYLrNJ3Lz*nYQLJO($RR#&d*u{*GA=d~%{D0s9IUZR??D?p{_ z;S9KY3PXs8r_!~{Tcn1Lh2PQ@Wt<*1r~}AIo1}zDe$!?X6>afZ2r=mHfnDMy&Ea6; z1LQg}d^BzRaf5dH+8=nmi^nY+rm#dNQ!JfSNS)=An^W9wNmEA$yha7Ag#=r1MISFe zvIf3vIg&O~4dvwoXz4GW1fE{Dw>zD`RG~jAQ}tYf{&c`jIs)%F3N&=QlYup3>$|k% z#99;K`-c&@QUAw8c;6S3etko+Ub4!QNU=IK&}x*+S0Ko0H|>%M7cvHf@i2PpVE)%bo8nCf|oqqG{_ z;Yqc4B4Mi3AButCKK>UMKzk%zQH0>OX-oqvwT)JF0>+Jk@>{w80T5Dgj|I@XbYbB~ zRHX>TYfr!LkF0Z#tS4x7BCRaCv&j;Sxh(UMqe*uOBio<&8+RW0PI|N^{my69sQhkM zN);_>Bo_2Zp|0OWPA$R1&!GaeqQM#i@t`F?a+A8+C!&CqFQ_7uRli*V1wrkn=Ldk( z-kST1bzkW-#qA}6p{a}2-$e%;^WIyF=BDh`j|yG*5LgNCn$S=7nf|hMsXlNf7=Ld- ztmTXDjp(tJ&3qqBU)`aWz^*N=+dG+vZakVs%c1sBLgqa^SfFmJ{%mjWb6ut=dKK9( zVu+4gh@?`1q=gZhK1qm5(DQ3p>H~ARq9D%XeOO!5)IjpSw zwDA$l1=U)a)d~`o5*M-dFTDHGT%uq-FAfxaR{|6+8i|&Ccq8_)o9vzKq3*HI6RrL1 z1{jY~NyFT&wacI=-dAlLmX5RdjXi|z;YMPln{zl(+DG@YN=)co<#<0w-=$FPq;zwR zc;$fOd;!Y&x|`Gbm#oBH`#xQ3>@T}S{fOUAjKh@ovoiV^ytq5k(%4;CSi)Y zfdRB`;o9XK++HkN_dvn7AKuIOym%#8z(%h5TBZd240(ACo(mn*P?5F zTzf>ia(IXe%u@W?!s#W?N2mw~eC9bb5gEg9L3nC!gMu+s|4xSmXosk>}+a6NG&AkB>Gz zF`PaxGYFl{g~cf_*eiGqX|Qe%jiy<<0;&s5kx}G<$2u+UZTzTND7zw8F;xb99ZXko zM%xV1pF}bb^d5JY^&i@;?tK7qJhtjEZS5#j7H-e96&bk}-LgGh?jK&Cs;|;;W1VWb z9kP_<7*L|P(bG_ywBIQR-^4jCEe(xI7@H-0FkWeHI2q7&60JiTFh#~A@gJLB2Y9X| zz4H9YGClylR*_p6{d26rdP{2N-CSNo7vGm4Q%>_|EU0z0Dv;d47TNP{r%%dlWf*66 zK06q|4D58zma!67ue;ueBUBTusd*VBDQ@f=q%i$?`?;NqO0)Mv_oM;duU9~$!#uJ% zOAf9@cW1>PrNCL*`!c{8!DACvE)HdfFB2_$mSZz(y^J`#N2Tt5`v@M|isJR_)Zufa zcU7V3lQ2M=j9B_VgB!7VAnlm1gD?d>{KbgUu9YO)V0uTrz+1L?vtC)A7N<<%I`?lx zEF=G*U}*aF+=jVW8+c+zA$IA;SyQL&-uwk8&^4XiQvB_5#Q%%oWy>XG?B~eygb30W z7Y#38d*7y*-guMw^1yl7*B2#Uhr|MgWhumD*`G_x?)Lea37ScY8_fu3Fgk=@he)6* z$#KZ3A+T!ZI0)yTGc@*||5_63F?THtdY_-!bFx(Jd!Xt2HuVIsPh0V4YUiZ(HS3Pi z5veD<)GflADrjioH#ot?g+E&Z`^S(t=;20MSMj-XJ(hlFy>Q&f zHpo39;Ixatjc*LjVUrTo$A_GVBCo^6%>{K{bfF1!ZTb&|T8Q2uwDRh44sL2Z%fAZr zmQv8X(tE65B`shlWN_7{gF|8kKnji)17YCWpkvSCI@yhPGvEl>QxeHv&2RVq@>D?? zGRJP$weI`j^E<3~d#|(MR$|N!#>@{^9LI34Ub5hR;cElr3IM#Fq3-+lk=L14hh{of z3UaUUW&3#%WMMxt-L18lMUI3q-kgW1At=sU-BZ21V^y&DJEJl?Z20>Xl$<)%K(^=1 z#z=vdjJubyvEwbv(g>nz%7-&6a+*@}^KngucO(U$rHK{>8nt?_Qu|_)U;-a&Bq9*N zcQObDrU5f+Dzy9C0#zKMK5N?s;4>UV^hN|1Z0mW=xDmh{N|n8C7+(~NT={GsB)S;k zDOBUwJZ^V18|zNIb@-`c)#~R;|3q1K5mSb515H- zL>^)f!8wF|9xe$0l(-5Cwp^l>-xvc(okhXhhsm%OQ0-a8uN6M8`&hYgWyKx@VE^pS z&!4M0<7RRAKHP|%-YE`?4b9-;$B1vuz3I(y7(>LQSjm1W`3!y6#^9RZVC20KYmGsK z(B(J)j-txa+6biJv21L?yu^Y^Q+EI z;G`aJTuNiU%Z-9LrYJly2!KWARuT1lUX2?M&e}%N09Ux(q)Y`yV=@hREB&KpJKkTj zIQv2=dS@JWyNU6f)IOctX2CF>%uOGk#Xf*tu9VOeyJ{Ux*<}(xFTL6r8b2)FA}pSx zaK?suKw*swQJyj6M?_y40B{O{Z9Z!D$oA%$HAO)qwZ!=N90&1pec?86*ZG%#w?6WM z!DAgxd~#8n+q~VG14|7;M!a#R=e$k2rm@^QjlSl3^2I`za^I?_X^&69{O4HV-^f-M z{yI!{;c5Wt%gFh;pbH->bxzcI60Zjo_>LEiI={9I*bpRpO-gNH z0_7F?et5)&gbAYZkp9P6pMkb3q20jNJ+mW(xU9>bo;&D|E`B#Hn2jM|{DF&&d5zy$ z(*bR^cVR_}IUGJwp-1)H^b1Z#$$*%&%jU097u7frcMvSfW6Xx;N!f^7$V$MAY3giz(0pd7z-PmuUg<(#5_^Ywa* zXU*1G)qYd12{n!J4ogV5!xWNn?xpa~nd@oMC^Giz7?av1F#7jhlI7CGNz!k!Jhv4_ z$ey*P!{<{4=!0NR1{wDo5-f-~J5=@hI6~#?xoSP%C(Z`stYQCkp?pYzLFnol*d;wS zdSs(6-03aNSrm`BEo%kz12+NYgso-mdRyvlqYd{$ZTQMBr01%^{5;ji>9d`JIQiu3Zk{$URn%PqJlwtfqGP@NDCH zJvH%Pi<69vq)^QqSe>5-M?{o~iG{@G^ZqzfSlwB?I z2g0ek>gs_iS(Z!hgGWZ&5iSHk9E0wFLMT^C7V~*=0aVy9gX^5a)5<*@VBM2V}FJvvP3=x=OiYlP7M!>!v;QAR17b~ z#{+4}<`)+9U+D2TtE-JiU8wI~N&0b-@>_Ox&bMz~g8X%W#w)HNe%`96cqJ{mT#43J za3F3LYXAXT0D+B?a~v)g(ljmcdAbX4vr7+}U?bNxdhM&Fqx?yUxpp=$HBt@$O2JfU zBv2Zlklqk5vSmJqV>0iY8CUA-ykmYgO#;$)Tf!ik3={m>E_gr=Nc5V!D}}5 ztfMafs`L8}8M@$*dlqM&&F;YgFsO@^8T5b`e{wjfuG1}r3q1XP4M1QQa2iRnMaY~5 zWPu>x(w9c7ZC2%T(4~awf;00$CU+0gYvoSx$0RRy6Ez1T1pZ!!yPr21;XQRwuh1sm zMOd%f_}Pe3#8+G?uJfLaMWd7mTQZvqa#4OZ-NV5C9?2$lwl(Ey`15f_6ObfP&2%(j zb6;^k0G>sJDIF65Xn16DkUyLF;@QXKnAP>_&CQL2?PVZTfxH39D{#AWjtWuuyHi!* zzyJKOg<9xSI9bZ_-zA;^=rd;mALAujF28qoD}`?GFMUiVNNf4uHyz^dQQTOw%zDfo zG?=)U=DyOEnrlMG2 zez!ios+~lvR%lWcva6ycK*2iU>Z^dTfSgu>uU#;T_We!2Mci=X6IjI-5ytS*4wrtv z$a^6>#Ue3RQ|p(Fh&5v{G}OMHGCK$l0=g=Ec#=E|-Y z)NyJXJ358~uXOAF*=bl75CV5%N|8AEa7B<4u<6W-s|FlN#=~vcMBGkaO-P*1YTC>`-om;J*AVHAaTAk8GZ-=PId-DmZQUA)CoHV=s&@9YUv^p^1kMpIUZVbSBJvUb& z6l}VUX0Z6Ii{bN2r zvXJ8-B_Yngc19&b3K*JsnEQOrSTs_Wtm93=W@2Z8YdXn3Cm8=vP5k$I`TuO~nS&{#+{};sk zw<7;qr@Ho4bTQi%SEPw-7f;mg1L$#`wf;oVnJ;kS=e^Ry}} zM>4fIu08q<$M{=_{gt+G(HAxkBUGOMarxJ7>#s$>`ZCbpp?%U!vW1fIyK=|YF&{13 zf3MVhjk4S5u=OO7Pe|j3D5=HCazOu{FX;1`cRq^ed%|B6_6tjEGksJMY0r%pQabsP zg*x28byT0o@$|xmRF(G7OhNmeQd3C#SFgT5m)ww-ngZnD>}K|Wg6YvoQBScC;m`fz zq$;w)={^pRBRYy(UF}H=aC9y-iqF0T$ZWceqe-OwdO=zPz_6J}?MseQT)_poTT^8e z6u9>>H3p2iUs3e#vqLHE4k;*1-35@n*Q>gvl^H2*J;l`<(-�k7^A<>C%iFz@zGen`Y8gYz z!E^z8K(y=i>gcHJ8%}ms*@Mp8EBSDMEJTpvf)P<}bq?(`LzH*7bEzA5?`4;?Y&kIa z`)l$6wPTXU94o6FO+OgLyG$;ow0)U30_V~xgVAhZ^S+V|51nnRq#C_eXh0QUwB*s`4F&09>!h`<~eUjd{Fwn(K3+h}}Bg1_Wd< z0;74khbYgaFYvmYAL~U}#hsAiR<-O7VtI2@JvM$&Hst8)+0p?c#uQS7`-OwcKcI_1 zt1#!EAQ*7!kJ_8uXEKH1g(5PkKri$vU0;41aV+9uvM!k7Jk|P8I_~UpPz(%Ri6*0v zy;tqjB~YCeiIfn8cj{=EkG)N+R0v;*PW2=SmP3sjtVYaJ*88TsvHNIR1+O1cH~OXm z`-Zz>XchJ<4ZwlDG($OsW{1RF#hp*!6MK>1ejO3^@fAuznO`t^m`4nX4@~hu~zl1>CT9WTp2a`Da{JLyIz0v|l^0&yV^E)1)q8+f}7gBVP$M9OdDTZZv65Kol^Wk z({FTfeme0so6!mfEnKH_7Y@lx%462MGPDXu_F2zKbwg1M{yg8$I~8{}S3T^@M_5@{ zs6q2a*r6eCybTqoU0PiHXt?{jE{`_QM>=Z_UTPX@g>pY&baNpRtlC9}i8@IlfyUa} z(G=KFo%~IC)aK+1pp8PyJ5PIU#ZVDS_g=%o_q`lDs;t z)c4~BssN`MVQ}`kv=W6*jWd(^U)SwtEXjXW2meEbYF2iE9nZCWV%1sY6}^6HA-F+= z)$9+#&O+RE?7vk1#JB(Q0TgSaVZw^=*lbZmIQ$Lw>C&KEgy=Sl=W(xEnWZJOd;NE zpSFP2=BL#=kvWkMx%O9Q)T?M|s|IsyWU(zGp|`HEVWgvgjLAx0JDc0X=G((=FY6*VH8~X(z3~DebdM(-+MXz!p!wl2 zWF)HgWT(t$vur^u3-#L?k1J;qY-FYC_*E|p8Xoux64$m?f7l_3eOzi;BOOX7Wh&;X zvz**u2n+(E#)=T;%~bkHfyw6>EE4QHX_LE@snmZb5I8y5V5NE+l7K|Vc24@WD^G~)rMu>*&gO|i9EAunx47UagsKq}8dm4Hj2_dq{ZH(Z@$1RbxxZ8CW$Rp*_E*SttJ-QdAT4#$yQxHDPg zS&DCqMQZcsA1eyzqIxG^|6J@*Jz7C-OhfysetLt=t76`HJ0@yueOZhNC9o!aKK=G; zBH)eJ(Ygq`RIdAA8kjs*wK!0j`Y}Y5Hd4OMRe%32rK(Ci*k^ame?e0kI?(T43xTX0 zyk?oF)~*QWr;!}8*`$oZRz7bXBLgBz)c7sJ*nbSDo=~WSXc{6@t zm&V()*QsL?P59IUUW82un-g{A# zl|QWvC3MoEKBq@DV6?(S-P+QL6ltP5;75~0^oL3e%KZB(?`)V`zz$dmd>C@de6VF1 zh{u%ZQVrdm%Uu-%p=Reu#I6k42+Pq{;@jfXY6}!e#hX72vz)^-afq^i0SR0xY-e(1 z>%ROO5Edy}t$!`hA1Pn4!l--|qz7?q-DZ)m)%i|XoY|B{~3owEenICCEr*mo69sT4@v%#+1i?R3f`PwhCx*Qb=gwTBO|q;Iqw!-rBz zu$^t3(MWzXAh-z^9mKlELbl2Xi$PJMA}C!>hAeTzBPmQeU-RM}5#+)(z8QSNbU9s#5~Fe2BV-^PV37v{YLZD>g_bu&NlDX3swAZ2s`as1l8F@j%?E}sNc@&;Sc7|k!|I# zkRw$68pb#Q2^V4Xb%y9mv<_BRb<#h-?Ud1l~WtM_wP2ulocf-aY1; z%dB$EI!@;*hz}^(E?32Goy!n@%S#rh`gtqT&$Y$Fs8!3ZTyxBZ1+)6XHbV`B0z8F$ z;DH|Nf*30wQeMw3eZ9_dVMQ5Ci?(dGEDEqy>X$E2yiO>I)hQqUxj9QqZDID)?Uyrq zqOS0ww3ytv4RG#lox6tr$nW~!eY$_a7-=HoVHD-Y@43o9JPHJUg5v2Tt%q=Bi$DJd DT)R-+ literal 0 HcmV?d00001 From 4c5b491d3148b80abf1a8a09e9cba6a0b5d50a13 Mon Sep 17 00:00:00 2001 From: Josh Sleeper Date: Tue, 15 Jan 2019 15:37:17 -0500 Subject: [PATCH 161/361] chore(typo): fix incorrect storage driver reference --- storage/storagedriver/select-storage-driver.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/storagedriver/select-storage-driver.md b/storage/storagedriver/select-storage-driver.md index f488b2a736..9e574d2f35 100644 --- a/storage/storagedriver/select-storage-driver.md +++ b/storage/storagedriver/select-storage-driver.md @@ -103,7 +103,7 @@ removed in a future release. It is recommended that users of the `overlay` stora migrate to `overlay2`. ²) The `devicemapper` storage driver is deprecated in Docker Engine 18.09, and will be -removed in a future release. It is recommended that users of the `overlay` storage driver +removed in a future release. It is recommended that users of the `devicemapper` storage driver migrate to `overlay2`. From e515aa26d2cadd4468db7c75992e0c1f5ae7eee7 Mon Sep 17 00:00:00 2001 From: Heath Stewart Date: Tue, 15 Jan 2019 16:59:52 -0800 Subject: [PATCH 162/361] Fix default directory path for Windows As previously stated, the entire `%ProgramData%` directory would be ignored. This also uses a PowerShell syntax for which most people may not be familiar, but most often PowerShell users know how to translate from supported environment variables. The main point is to limit the directory to ignore to just docker. Many, many other applications write to `%ProgramData%`. --- engine/security/antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/security/antivirus.md b/engine/security/antivirus.md index 7fba98d866..326103fb78 100644 --- a/engine/security/antivirus.md +++ b/engine/security/antivirus.md @@ -8,7 +8,7 @@ When antivirus software scans files used by Docker, these files may be locked in a way that causes Docker commands to hang. One way to reduce these problems is to add the Docker data directory -(`/var/lib/docker` on Linux, `$Env:ProgramData` on Windows Server, or `$HOME/Library/Containers/com.docker.docker/` on Mac) to the +(`/var/lib/docker` on Linux, `%ProgramData%\docker` on Windows Server, or `$HOME/Library/Containers/com.docker.docker/` on Mac) to the antivirus's exclusion list. However, this comes with the trade-off that viruses or malware in Docker images, writable layers of containers, or volumes are not detected. If you do choose to exclude Docker's data directory from background From c82c0b89aa2a1fd1d30e83ebf4a821002a016a50 Mon Sep 17 00:00:00 2001 From: Jenkins-pr-release-docs Date: Wed, 16 Jan 2019 13:35:37 +0000 Subject: [PATCH 163/361] Docker for win stable relnotes 2.0.0.2 Signed-off-by: Jenkins-pr-release-docs --- docker-for-windows/release-notes.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docker-for-windows/release-notes.md b/docker-for-windows/release-notes.md index 397a685377..abe812086e 100644 --- a/docker-for-windows/release-notes.md +++ b/docker-for-windows/release-notes.md @@ -20,6 +20,22 @@ for Windows](install.md#download-docker-for-windows). ## Stable Releases of 2018 +### Docker Community Edition 2.0.0.2 2019-01-16 + +[Download](https://download.docker.com/win/stable/30215/Docker%20for%20Windows%20Installer.exe) + +* Upgrades + - [Docker 18.09.1](https://github.com/docker/docker-ce/releases/tag/v18.09.1) + - [Docker Machine 0.16.1](https://github.com/docker/machine/releases/tag/v0.16.1) + - [Kubernetes 1.10.11](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.10.md#v11011), fixes [CVE-2018-1002105](https://github.com/kubernetes/kubernetes/issues/71411) + - [Kitematic 0.17.6](https://github.com/docker/kitematic/releases/tag/v0.17.6) + - Golang 1.10.6, fixes CVEs: [CVE-2018-16875](https://www.cvedetails.com/cve/CVE-2018-16875), [CVE-2018-16873](https://www.cvedetails.com/cve/CVE-2018-16873) and [CVE-2018-16874](https://www.cvedetails.com/cve/CVE-2018-16874) + - Windows 14393 is marked as deprecated ; it will not be supported anymore in the next major stable release (2.1.0.0 and further) + +* Bug fixes and minor changes + - Rename Docker for Windows to Docker Desktop + - Add 18.09 missing daemon options + ### Docker Community Edition 2.0.0.0-win81 2018-12-07 [Download](https://download.docker.com/win/stable/29211/Docker%20for%20Windows%20Installer.exe) From 5bfb37cb8405a7fe709c7338fb1aeea0b71b3041 Mon Sep 17 00:00:00 2001 From: Jenkins-pr-release-docs Date: Wed, 16 Jan 2019 13:57:48 +0000 Subject: [PATCH 164/361] Docker for mac stable relnotes 2.0.0.2 Signed-off-by: Jenkins-pr-release-docs --- docker-for-mac/release-notes.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docker-for-mac/release-notes.md b/docker-for-mac/release-notes.md index 45e7261055..5c39ac30c2 100644 --- a/docker-for-mac/release-notes.md +++ b/docker-for-mac/release-notes.md @@ -20,6 +20,20 @@ Desktop for Mac](install.md#download-docker-for-mac). ## Stable Releases of 2018 +### Docker Community Edition 2.0.0.2 2019-01-16 + +[Download](https://download.docker.com/mac/stable/30215/Docker.dmg) + +* Upgrades + - [Docker 18.09.1](https://github.com/docker/docker-ce/releases/tag/v18.09.1) + - [Docker Machine 0.16.1](https://github.com/docker/machine/releases/tag/v0.16.1) + - [Kubernetes 1.10.11](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.10.md#v11011), fixes [CVE-2018-1002105](https://github.com/kubernetes/kubernetes/issues/71411) + - [Kitematic 0.17.6](https://github.com/docker/kitematic/releases/tag/v0.17.6) + - Golang 1.10.6, fixes CVEs: [CVE-2018-16875](https://www.cvedetails.com/cve/CVE-2018-16875), [CVE-2018-16873](https://www.cvedetails.com/cve/CVE-2018-16873) and [CVE-2018-16874](https://www.cvedetails.com/cve/CVE-2018-16874) + +* Bug fixes and minor changes + - Add 18.09 missing daemon options + ### Docker Community Edition 2.0.0.0-mac81 2018-12-07 [Download](https://download.docker.com/mac/stable/29211/Docker.dmg) From 3c9355e4c23ffe3e0545a987b3b208962346f85f Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Wed, 16 Jan 2019 13:26:29 -0500 Subject: [PATCH 165/361] Update faqs.md --- docker-for-mac/faqs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-for-mac/faqs.md b/docker-for-mac/faqs.md index d45dff3e97..091f000c39 100644 --- a/docker-for-mac/faqs.md +++ b/docker-for-mac/faqs.md @@ -60,7 +60,7 @@ below.
#### How to save and restore data The following procedure can be used to save/restore images and container data, -for example if you want to switch between Edge and Stable, or reset your VM +for example, if you want to switch between Edge and Stable, or reset your VM disk: 1. Use `docker save -o images.tar image1 [image2 ...]` to save any images you @@ -83,7 +83,7 @@ disk: [This procedure](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes) -explains how to backup / restore data volumes. +explains how to backup and restore data volumes. ### What is Docker.app? From 8bff9ec97e5782d1cc841a69c8d07f9a49cdf6f4 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Wed, 16 Jan 2019 13:26:54 -0500 Subject: [PATCH 166/361] Update faqs.md --- docker-for-windows/faqs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-for-windows/faqs.md b/docker-for-windows/faqs.md index 2d5fb0968a..c400001af8 100644 --- a/docker-for-windows/faqs.md +++ b/docker-for-windows/faqs.md @@ -57,7 +57,7 @@ below.
#### How to save and restore data The following procedure can be used to save/restore images and container data, -for example if you want to switch between Edge and Stable, or reset your VM +for example, if you want to switch between Edge and Stable, or reset your VM disk: 1. Use `docker save -o images.tar image1 [image2 ...]` to save any images you @@ -80,7 +80,7 @@ disk: [This procedure](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes) -explains how to backup / restore data volumes. +explains how to backup and restore data volumes. ### Feeback #### What kind of feedback are we looking for? From ce5b20e35bf7f945c45b394af94cc4d41fe10cdd Mon Sep 17 00:00:00 2001 From: Mark Church Date: Wed, 16 Jan 2019 10:41:38 -0800 Subject: [PATCH 167/361] Update ucp-configuration-file.md --- ee/ucp/admin/configure/ucp-configuration-file.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ee/ucp/admin/configure/ucp-configuration-file.md b/ee/ucp/admin/configure/ucp-configuration-file.md index 02f5bf16e1..d14aa2b3a6 100644 --- a/ee/ucp/admin/configure/ucp-configuration-file.md +++ b/ee/ucp/admin/configure/ucp-configuration-file.md @@ -188,10 +188,13 @@ components. Assigning these values overrides the settings in a container's | `ipip_mtu` | no | Set the IPIP MTU size for the calico IPIP tunnel interface. | | `azure_ip_count` | no | Set the IP count for azure allocator to allocate IPs per Azure virtual machine. | | `nodeport_range` | yes | Set the port range that for Kubernetes services of type NodePort can be exposed in. Default is `32768-35535`. | -| `custom_kube_api_server_flags` | no | Set the configuration options for the Kubernetes API server. | -| `custom_kube_controller_manager_flags` | no | Set the configuration options for the Kubernetes controller manager. | -| `custom_kubelet_flags` | no | Set the configuration options for Kubelets. | -| `custom_kube_scheduler_flags` | no | Set the configuration options for the Kubernetes scheduler. | +| `custom_kube_api_server_flags` | no | Set the configuration options for the Kubernetes API server. (dev) | +| `custom_kube_controller_manager_flags` | no | Set the configuration options for the Kubernetes controller manager. (dev) | +| `custom_kubelet_flags` | no | Set the configuration options for Kubelets. (dev) | +| `custom_kube_scheduler_flags` | no | Set the configuration options for the Kubernetes scheduler. (dev) | | `local_volume_collection_mapping` | no | Store data about collections for volumes in UCP's local KV store instead of on the volume labels. This is used for enforcing access control on volumes. | | `manager_kube_reserved_resources` | no | Reserve resources for Docker UCP and Kubernetes components which are running on manager nodes. | | `worker_kube_reserved_resources` | no | Reserve resources for Docker UCP and Kubernetes components which are running on worker nodes. | + + +*dev indicates that the functionality is only for development and testing. Arbitrary Kubernetes configuration parameters are not tested and supported under the Docker Enterprise Software Support Agreement. From cb44c59f5ac3b1e2b6bc7aa348a2926bf5118dc9 Mon Sep 17 00:00:00 2001 From: Trapier Marshall Date: Wed, 16 Jan 2019 15:41:01 -0500 Subject: [PATCH 168/361] daemon: windows stack indicate pid retrieval lifted from https://docs.microsoft.com/en-us/virtualization/windowscontainers/troubleshooting#obtaining-stack-dump --- config/daemon/index.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/daemon/index.md b/config/daemon/index.md index e564f61145..8a1b11cfcf 100644 --- a/config/daemon/index.md +++ b/config/daemon/index.md @@ -271,6 +271,8 @@ by sending a `SIGUSR1` signal to the daemon. - **Windows Server**: Download [docker-signal](https://github.com/jhowardmsft/docker-signal). + + Get the process ID of dockerd `Get-Process dockerd`. Run the executable with the flag `--pid=`. From 2c04f909c9f2c95aea59c77dce0c6465ff194b64 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Wed, 16 Jan 2019 13:49:32 -0800 Subject: [PATCH 169/361] Moved dates under version headers --- ee/ucp/release-notes.md | 100 ++++++++++++++++++++++++++++++---------- 1 file changed, 75 insertions(+), 25 deletions(-) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index ece49789d0..9088ead3e7 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -21,7 +21,9 @@ upgrade your installation to the latest release. # Version 3.1 -## 3.1.2 (2019-01-09) +## 3.1.2 + +(2019-01-09) ### Authentication and Authorization * SAML Single Logout is now supported in UCP. @@ -40,11 +42,15 @@ enable this feature in Admin Settings -> SAML Settings. * Now upgrading Interlock will also upgrade interlock proxy and interlock extension as well (escalation/871) * Added support for 'VIP' backend mode, in which the Interlock proxy connects to the backend service's Virtual IP instead of load-balancing directly to each task IP. (docker/interlock#206) (escalation/920) -## 3.1.1 (2018-12-04) +## 3.1.1 + +(2018-12-04) * To address CVE-2018-1002105, a critical security issue in the Kubernetes API Server, Docker is using Kubernetes 1.11.5 for UCP 3.1.1. -## 3.1.0 (2018-11-08) +## 3.1.0 + +(2018-11-08) ## Bug Fixes @@ -136,7 +142,9 @@ The following features are deprecated in UCP 3.1. # Version 3.0 -## 3.0.8 (2019-01-09) +## 3.0.8 + +(2019-01-09) ### Bug fixes * Core @@ -155,11 +163,15 @@ The following features are deprecated in UCP 3.1. backend service's Virtual IP instead of load-balancing directly to each task IP. (docker/interlock#206, escalation/920) -## 3.0.7 (2018-12-04) +## 3.0.7 + +(2018-12-04) * To address CVE-2018-1002105, a critical security issue in the Kubernetes API Server, Docker is using a custom build of Kubernetes 1.8.15 for UCP 3.0.7. -## 3.0.6 (2018-10-25) +## 3.0.6 + +(2018-10-25) ### Bug fixes @@ -194,7 +206,9 @@ The following features are deprecated in UCP 3.1. * Fixed an issue that prevented "Per User Limit" on Admin Settings from working. (docker/escalation#639) -## 3.0.5 (2018-08-30) +## 3.0.5 + +(2018-08-30) ### Bug fixes @@ -210,7 +224,9 @@ The following features are deprecated in UCP 3.1. This issue is fixed in 3.0.5. Any upgrade from 3.0.5 or above should work without manually pulling the images. -## 3.0.4 (2018-08-09) +## 3.0.4 + +(2018-08-09) ### Bug fixes @@ -222,7 +238,9 @@ The following features are deprecated in UCP 3.1. * You must manually pull `docker/ucp-agent:3.0.4` in the images section of the web UI before upgrading. Alternately, you can just pull `docker/ucp-agent:3.0.4` on every manager node. -## 3.0.3 (2018-07-26) +## 3.0.3 + +(2018-07-26) ### New platforms @@ -244,7 +262,9 @@ The following features are deprecated in UCP 3.1. * Add support for bind mount volumes to kubernetes stacks and fixes sporadic errors in kubernetes stack validator that would incorrectly reject stacks. -## 3.0.2 (2018-06-21) +## 3.0.2 + +(2018-06-21) ### New Features @@ -319,7 +339,9 @@ Azure Disk when installing UCP with the `--cloud-provider` option. * `ucp-interlock-proxy` may fail to start when two or more services are configured with two or more backend hosts. [You can use this workaround](https://success.docker.com/article/how-do-i-ensure-the-ucp-routing-mesh-ucp-interlock-proxy-continues-running-in-the-event-of-a-failed-update). -## Version 3.0.0 (2018-04-17) +## Version 3.0.0 + +(2018-04-17) The UCP system requirements were updated with 3.0.0. Make sure to [check the system](https://docs.docker.com/ee/ucp/admin/install/system-requirements/) @@ -467,7 +489,9 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. # Version 2.2 -## Version 2.2.15 (2019-01-09) +## Version 2.2.15 + +(2019-01-09) ### Bug fixes * Core @@ -476,7 +500,9 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. * UI * Fixed stack creation for non admin user when UCP uses a custom controller port. -## Version 2.2.14 (2018-10-25) +## Version 2.2.14 + +(2018-10-25) ### Bug fixes @@ -494,7 +520,9 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. * UI * Fixed an issue that prevented "Per User Limit" on Admin Settings from working. (docker/escalation#639) -## Version 2.2.13 (2018-08-30) +## Version 2.2.13 + +(2018-08-30) ### Bug fixes @@ -502,7 +530,9 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. * Fixed a critical security issue to prevent UCP from accepting certificates from the system pool when adding client CAs to the server that requires mutual authentication. -## Version 2.2.12 (2018-08-09) +## Version 2.2.12 + +(2018-08-09) ### Bug fixes @@ -512,7 +542,9 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. https://success.docker.com/article/upgrading-to-ucp-2-2-12-ucp-3-0-4/ for proper implementation of this fix. -## Version 2.2.11 (2018-07-26) +## Version 2.2.11 + +(2018-07-26) ### New platforms * UCP 2.2.11 is supported running on RHEL 7.5 and Ubuntu 18.04. @@ -534,7 +566,9 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. * Fixed an issue that causes UI to not parse volume options correctly. * Fixed an issue that prevents the user from deploying stacks via UI. -## Version 2.2.10 (2018-05-17) +## Version 2.2.10 + +(2018-05-17) ### Bug fixes @@ -572,7 +606,9 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. bundle on a cluster that is running thousands of services. -## Version 2.2.9 (2018-04-17) +## Version 2.2.9 + +(2018-04-17) ### Bug fixes @@ -585,7 +621,9 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. * Fixed an issue that causes container fail to start with `container ID not found` during high concurrent API calls to create and start containers. -## Version 2.2.7 (2018-03-26) +## Version 2.2.7 + +(2018-03-26) ### Bug fixes @@ -593,7 +631,9 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. leading to non-default values causing `ucp-controller` and `ucp-agent` to keep restarting. -## Version 2.2.6 (2018-03-19) +## Version 2.2.6 + +(2018-03-19) ### New features @@ -647,7 +687,9 @@ default server configuration is not chosen, then the last server configuration is always used, regardless of which one is actually the best match. -## Version 2.2.5 (16 January 2018) +## Version 2.2.5 + +(16 January 2018) ### Bug fixes @@ -667,7 +709,9 @@ and are planning on upgrading UCP, you can skip 2.2.5 and wait for the upcoming 2.2.6 release, which will provide an alternative way to turn on RBAC enforcement for volumes. -## Version 2.2.4 (2 November 2017) +## Version 2.2.4 + +(2 November 2017) ### News @@ -698,7 +742,9 @@ for volumes. * Docker currently has limitations related to overlay networking and services using VIP-based endpoints. These limitations apply to use of the HTTP Routing Mesh (HRM). HRM users should familiarize themselves with these limitations. In particular, HRM may encounter virtual IP exhaustion (as evidenced by `failed to allocate network IP for task` Docker log messages). If this happens, and if the HRM service is restarted or rescheduled for any reason, HRM may fail to resume operation automatically. See the Docker EE 17.06-ee5 release notes for details. * The Swarm admin UI for UCP versions 2.2.0 and later contain a bug. If used with Docker Engine version 17.06.2-ee5 or earlier, attempting to update "Task History Limit", "Heartbeat Period" and "Node Certificate Expiry" settings using the UI will cause the cluster to crash on next restart. Using UCP 2.2.X and Docker Engine 17.06-ee6 and later, updating these settings will fail (but not cause the cluster to crash). Users are encouraged to update to Docker Engine version 17.06.2-ee6 and later, and to use the Docker CLI (instead of the UCP UI) to update these settings. Rotating join tokens works with any combination of Docker Engine and UCP versions. Docker Engine versions 17.03 and earlier (which use UCP version 2.1 and earlier) are not affected by this problem. -## Version 2.2.3 (13 September 2017) +## Version 2.2.3 + +(13 September 2017) ### Bug fixes @@ -750,7 +796,9 @@ for volumes. `/`. -## version 2.2.2 (30 August 2017) +## version 2.2.2 + +(30 August 2017) ### Bug fixes @@ -785,7 +833,9 @@ for volumes. include `external: true`, otherwise the deployment fails with the error `unable to inspect secret`. -## Version 2.2.0 (16 August 2017) +## Version 2.2.0 + +(16 August 2017) ### New features From 20c54d6498d38f9a62e8b95e9f2745706ce91577 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Wed, 16 Jan 2019 17:18:41 -0500 Subject: [PATCH 170/361] Update release-notes.md --- docker-for-windows/release-notes.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-for-windows/release-notes.md b/docker-for-windows/release-notes.md index abe812086e..13527bfb0a 100644 --- a/docker-for-windows/release-notes.md +++ b/docker-for-windows/release-notes.md @@ -18,7 +18,7 @@ notes](edge-release-notes) are also available. (Following the CE release model, releases, and download stable and edge product installers at [Download Docker for Windows](install.md#download-docker-for-windows). -## Stable Releases of 2018 +## Stable Releases of 2019 ### Docker Community Edition 2.0.0.2 2019-01-16 @@ -36,6 +36,8 @@ for Windows](install.md#download-docker-for-windows). - Rename Docker for Windows to Docker Desktop - Add 18.09 missing daemon options +## Stable Releases of 2018 + ### Docker Community Edition 2.0.0.0-win81 2018-12-07 [Download](https://download.docker.com/win/stable/29211/Docker%20for%20Windows%20Installer.exe) From 64509ff37b3f6621d5dfa30930717fdf0dd298bd Mon Sep 17 00:00:00 2001 From: ollypom Date: Thu, 17 Jan 2019 10:59:44 +0000 Subject: [PATCH 171/361] Found old DTR CLI Link Signed-off-by: ollypom --- ee/ucp/admin/configure/use-your-own-tls-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/ucp/admin/configure/use-your-own-tls-certificates.md b/ee/ucp/admin/configure/use-your-own-tls-certificates.md index c58171aa95..7c4e5d58cf 100644 --- a/ee/ucp/admin/configure/use-your-own-tls-certificates.md +++ b/ee/ucp/admin/configure/use-your-own-tls-certificates.md @@ -53,7 +53,7 @@ web UI and [get new client certificate bundles](../../user-access/cli.md). If you deployed Docker Trusted Registry, you'll also need to reconfigure it to trust the new UCP TLS certificates. -[Learn how to configure DTR](/reference/dtr/2.5/cli/reconfigure.md). +[Learn how to configure DTR](/reference/dtr/2.6/cli/reconfigure.md). ## Where to go next From ebea690ba01030ef31cd28996c39f19142484501 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Thu, 17 Jan 2019 07:17:48 -0500 Subject: [PATCH 172/361] Update release-notes.md --- docker-for-mac/release-notes.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-for-mac/release-notes.md b/docker-for-mac/release-notes.md index 5c39ac30c2..52d6f3fd16 100644 --- a/docker-for-mac/release-notes.md +++ b/docker-for-mac/release-notes.md @@ -18,7 +18,7 @@ notes](edge-release-notes) are also available. (Following the CE release model, releases, and download stable and edge product installers at [Download Docker Desktop for Mac](install.md#download-docker-for-mac). -## Stable Releases of 2018 +## Stable Releases of 2019 ### Docker Community Edition 2.0.0.2 2019-01-16 @@ -33,6 +33,8 @@ Desktop for Mac](install.md#download-docker-for-mac). * Bug fixes and minor changes - Add 18.09 missing daemon options + +## Stable Releases of 2018 ### Docker Community Edition 2.0.0.0-mac81 2018-12-07 From c40952926082dc7b7098b8c80f8af3d90b07fb2b Mon Sep 17 00:00:00 2001 From: Cheng Zheng Date: Thu, 17 Jan 2019 20:42:17 +0800 Subject: [PATCH 173/361] Fix error --- registry/deploying.md | 1 - 1 file changed, 1 deletion(-) diff --git a/registry/deploying.md b/registry/deploying.md index 4e8fe13bf4..fde6241b67 100644 --- a/registry/deploying.md +++ b/registry/deploying.md @@ -64,7 +64,6 @@ as `my-ubuntu`, then pushes it to the local registry. Finally, the ```bash $ docker image remove ubuntu:16.04 - $ docker image remove localhost:5000/my-ubuntu ``` 5. Pull the `localhost:5000/my-ubuntu` image from your local registry. From 6f742babc720d43eb44535da33263787b44cacfe Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Thu, 17 Jan 2019 09:06:01 -0800 Subject: [PATCH 174/361] Adding known Ubuntu upgrade issue --- engine/release-notes.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/engine/release-notes.md b/engine/release-notes.md index a6ac3c2595..bb46be7767 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -60,6 +60,9 @@ consistency and compatibility reasons. * Add socket activation for RHEL-based distributions. [docker/docker-ce-packaging#274](https://github.com/docker/docker-ce-packaging/pull/274) * Add libseccomp requirement for RPM packages. [docker/docker-ce-packaging#266](https://github.com/docker/docker-ce-packaging/pull/266) +### Known Issues +* When upgrading from 18.09.0 to 18.09.1, `containerd` is not upgraded to the correct version on Ubuntu. [Learn more](https://success.docker.com/article/error-upgrading-to-engine-18091-with-containerd). + ## 18.09 2018-11-08 From 8f62147bed65b955ed7f6e4393ec6a9f0a48a1ec Mon Sep 17 00:00:00 2001 From: L-Hudson <44844738+L-Hudson@users.noreply.github.com> Date: Thu, 17 Jan 2019 13:52:54 -0500 Subject: [PATCH 175/361] Revert "Fix error (small change, only 1 line)" --- registry/deploying.md | 1 + 1 file changed, 1 insertion(+) diff --git a/registry/deploying.md b/registry/deploying.md index fde6241b67..4e8fe13bf4 100644 --- a/registry/deploying.md +++ b/registry/deploying.md @@ -64,6 +64,7 @@ as `my-ubuntu`, then pushes it to the local registry. Finally, the ```bash $ docker image remove ubuntu:16.04 + $ docker image remove localhost:5000/my-ubuntu ``` 5. Pull the `localhost:5000/my-ubuntu` image from your local registry. From 385708f221db656341093ea99600fb520bc04e0c Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Thu, 17 Jan 2019 11:23:12 -0800 Subject: [PATCH 176/361] remove outdated ambassador pattern #7845 --- .../thirdparty/ambassador_pattern_linking.md | 179 ------------------ 1 file changed, 179 deletions(-) delete mode 100644 config/thirdparty/ambassador_pattern_linking.md diff --git a/config/thirdparty/ambassador_pattern_linking.md b/config/thirdparty/ambassador_pattern_linking.md deleted file mode 100644 index 91fd169722..0000000000 --- a/config/thirdparty/ambassador_pattern_linking.md +++ /dev/null @@ -1,179 +0,0 @@ ---- -description: Using the Ambassador pattern to abstract (network) services -keywords: Examples, Usage, links, docker, documentation, examples, names, name, container naming -redirect_from: -- /engine/articles/ambassador_pattern_linking/ -- /engine/admin/ambassador_pattern_linking/ -title: (Obsolete) Link via an ambassador container -noratings: true ---- - -This content is out of date. Docker now includes better ways to -manage multiple services together, as well as a mix of containerized and -uncontainerized services. Consider using one or more of the following: - -- [User-defined networks](/engine/userguide/networking.md#user-defined-networks) - allow you to connect services together, including managing DNS resolution - among them. - -- [Overlay networks](/engine/userguide/networking/overlay-security-model.md) - allow containers running on different Docker hosts to communicate in a - seamless, encapsulated way. - -- [Configs](/engine/swarm/configs.md) allow you to plug configuration details - into swarm service containers at runtime instead of baking configuration - details into your Docker images. This allows you to change configuration - details, such as IP addresses to reach services external to Docker, on the fly. - -- [Stacks](https://docs.docker.com/get-started/part5/) allow you to group - multiple swarm services together, including defining networks, storage, and - dependency relationships among the services. - -Consider using one or more of the above solutions rather than the content below. - -## Obsolete: Ambassador linking model - -Rather than hardcoding network links between a service consumer and -provider, Docker encourages service portability, for example instead of: - - (consumer) --> (redis) - -Requiring you to restart the `consumer` to attach it to a different -`redis` service, you can add ambassadors: - - (consumer) --> (redis-ambassador) --> (redis) - -Or - - (consumer) --> (redis-ambassador) ---network---> (redis-ambassador) --> (redis) - -When you need to rewire your consumer to talk to a different Redis -server, you can just restart the `redis-ambassador` container that the -consumer is connected to. - -This pattern also allows you to transparently move the Redis server to a -different docker host from the consumer. - -Using the `svendowideit/ambassador` container, the link wiring is -controlled entirely from the `docker run` parameters. - -### Two host example - -Start actual Redis server on one Docker host - - big-server $ docker run -d --name redis crosbymichael/redis - -Then add an ambassador linked to the Redis server, mapping a port to the -outside world - - big-server $ docker run -d --link redis:redis --name redis_ambassador -p 6379:6379 svendowideit/ambassador - -On the other host, you can set up another ambassador setting environment -variables for each remote port we want to proxy to the `big-server` - - client-server $ docker run -d --name redis_ambassador --expose 6379 -e REDIS_PORT_6379_TCP=tcp://192.168.1.52:6379 svendowideit/ambassador - -Then on the `client-server` host, you can use a Redis client container -to talk to the remote Redis server, just by linking to the local Redis -ambassador. - - client-server $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli - redis 172.17.0.160:6379> ping - PONG - -### How it works - -The following example shows what the `svendowideit/ambassador` container -does automatically (with a tiny amount of `sed`) - -On the Docker host (192.168.1.52) that Redis runs on: - - # start actual redis server - $ docker run -d --name redis crosbymichael/redis - - # get a redis-cli image for connection testing - $ docker pull relateiq/redis-cli - - # test the redis server by talking to it directly - $ docker run -t -i --rm --link redis:redis relateiq/redis-cli - redis 172.17.0.136:6379> ping - PONG - ^D - - # add redis ambassador - $ docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 alpine:3.2 sh - -In the `redis_ambassador` container, you can see the linked Redis -containers `env`: - - / # env - REDIS_PORT=tcp://172.17.0.136:6379 - REDIS_PORT_6379_TCP_ADDR=172.17.0.136 - REDIS_NAME=/redis_ambassador/redis - HOSTNAME=19d7adf4705e - SHLVL=1 - HOME=/root - REDIS_PORT_6379_TCP_PORT=6379 - REDIS_PORT_6379_TCP_PROTO=tcp - REDIS_PORT_6379_TCP=tcp://172.17.0.136:6379 - TERM=xterm - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - PWD=/ - / # exit - -This environment is used by the ambassador `socat` script to expose Redis -to the world (via the `-p 6379:6379` port mapping): - - $ docker container rm redis_ambassador - $ CMD="apk update && apk add socat && sh" - $ docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 alpine:3.2 sh -c "$CMD" - [...] - / # socat -t 100000000 TCP4-LISTEN:6379,fork,reuseaddr TCP4:172.17.0.136:6379 - -Now ping the Redis server via the ambassador: - -Now go to a different server: - - $ CMD="apk update && apk add socat && sh" - $ docker run -t -i --expose 6379 --name redis_ambassador alpine:3.2 sh -c "$CMD" - [...] - / # socat -t 100000000 TCP4-LISTEN:6379,fork,reuseaddr TCP4:192.168.1.52:6379 - -And get the `redis-cli` image so we can talk over the ambassador bridge. - - $ docker pull relateiq/redis-cli - $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli - redis 172.17.0.160:6379> ping - PONG - -### The svendowideit/ambassador Dockerfile - -The `svendowideit/ambassador` image is based on the `alpine:3.2` image with -`socat` installed. When you start the container, it uses a small `sed` -script to parse out the (possibly multiple) link environment variables -to set up the port forwarding. On the remote host, you need to set the -variable using the `-e` command line option. - - --expose 1234 -e REDIS_PORT_1234_TCP=tcp://192.168.1.52:6379 - -Will forward the local `1234` port to the remote IP and port, in this -case `192.168.1.52:6379`. - - # - # do - # docker build -t svendowideit/ambassador . - # then to run it (on the host that has the real backend on it) - # docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 svendowideit/ambassador - # on the remote host, you can set up another ambassador - # docker run -t -i -name redis_ambassador -expose 6379 -e REDIS_PORT_6379_TCP=tcp://192.168.1.52:6379 svendowideit/ambassador sh - # you can read more about this process at https://docs.docker.com/articles/ambassador_pattern_linking/ - - # use alpine because its a minimal image with a package manager. - # prettymuch all that is needed is a container that has a functioning env and socat (or equivalent) - FROM alpine:3.2 - - RUN apk update && \ - apk add socat && \ - rm -r /var/cache/ - - CMD env | grep _TCP= | (sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat -t 100000000 TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' && echo wait) | sh From c9666bc05f9198662e14d01ca9bed9230c5b065b Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Thu, 17 Jan 2019 12:50:48 -0800 Subject: [PATCH 177/361] Update create-a-backup.md --- ee/dtr/admin/disaster-recovery/create-a-backup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/dtr/admin/disaster-recovery/create-a-backup.md b/ee/dtr/admin/disaster-recovery/create-a-backup.md index 39036cf702..1796ec0477 100644 --- a/ee/dtr/admin/disaster-recovery/create-a-backup.md +++ b/ee/dtr/admin/disaster-recovery/create-a-backup.md @@ -26,7 +26,7 @@ This data is persisted on the host running DTR, using named volumes. [Learn more about DTR named volumes](../../architecture.md). To perform a backup of a DTR node, run the [docker/dtr backup](/reference/dtr/2.6/cli/backup/) command. This -command backups up the following data: +command backs up the following data: | Data | Backed up | Description | |:-----------------------------------|:----------|:---------------------------------------------------------------| From 3df2f644f86614d848b93c1421a24b6f3dda3ed7 Mon Sep 17 00:00:00 2001 From: Shaker Gilbert Date: Thu, 17 Jan 2019 19:15:54 -0500 Subject: [PATCH 178/361] spelling error "modes" instead of "nodes" --- .../monitor-and-troubleshoot/troubleshoot-configurations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-configurations.md b/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-configurations.md index 957abe239c..31afa597f2 100644 --- a/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-configurations.md +++ b/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-configurations.md @@ -10,7 +10,7 @@ components and trying to bring them to a healthy state. In most cases, if a single UCP component is in a failed state persistently, you should be able to restore the cluster to a healthy state by removing the unhealthy node from the cluster and joining it again. -[Lean how to remove and join modes](../configure/scale-your-cluster.md). +[Lean how to remove and join nodes](../configure/scale-your-cluster.md). ## Troubleshoot the etcd key-value store From a362adfb2b1bfba1da029896d197b0229d37efe2 Mon Sep 17 00:00:00 2001 From: Olly P Date: Fri, 18 Jan 2019 09:48:56 +0000 Subject: [PATCH 179/361] First go at Docker Trust --- engine/security/trust/content_trust.md | 514 ++++++++++++---------- engine/security/trust/trust_delegation.md | 4 +- 2 files changed, 279 insertions(+), 239 deletions(-) diff --git a/engine/security/trust/content_trust.md b/engine/security/trust/content_trust.md index 6f27039a8f..f162bc2b58 100644 --- a/engine/security/trust/content_trust.md +++ b/engine/security/trust/content_trust.md @@ -7,27 +7,28 @@ title: Content trust in Docker When transferring data among networked systems, *trust* is a central concern. In particular, when communicating over an untrusted medium such as the internet, it is critical to ensure the integrity and the publisher of all the data a system -operates on. You use Docker Engine to push and pull images (data) to a public or private registry. Content trust -gives you the ability to verify both the integrity and the publisher of all the -data received from a registry over any channel. +operates on. You use Docker Engine to push and pull images (data) to a public +or private registry. Content trust gives you the ability to verify both the +integrity and the publisher of all the data received from a registry over any +channel. ## About trust in Docker -Docker Content Trust (DCT) allows operations with a remote Docker registry to enforce -client-side signing and verification of image tags. DCT provides the +Docker Content Trust (DCT) allows operations with a remote Docker registry to +enforce client-side and signing and verification of image tags. DCT provides the ability to use digital signatures for data sent to and received from remote -Docker registries. These signatures allow client-side verification of the -integrity and publisher of specific image tags. +Docker registries. These signatures allow client-side or runtime verification of the +integrity and publisher of specific image tags. -Once DCT is enabled, image publishers can sign their images. Image consumers -can ensure that the images they use are signed. Publishers and consumers can -either be individuals or organizations. DCT supports users and automated processes +Through DCT image publishers can sign their images. Image consumers can ensure +that the images they use are signed. Publishers and consumers can either be +individuals or organizations. DCT supports users and automated processes such as builds. -When you enable DCT, signing occurs on the client after push and verification -happens on the client after pull if you use Docker CE. If you use UCP, and you -have configured UCP to require images to be signed before deploying, signing is -verified by UCP. +When you use DCT, signing occurs on the client when you use `$ docker push` or +`$ docker trust sign` and could happen on the client through `$ docker pull`, +through the engine on `$ docker run`, or through Docker Enterprise's Universal +Control Plane. ### Image tags and DCT @@ -41,9 +42,9 @@ A particular image `REPOSITORY` can have multiple tags. For example, `latest` an `3.1.2` are both tags on the `mongo` image. An image publisher can build an image and tag combination many times changing the image with each build. -DCT is associated with the `TAG` portion of an image. Each image -repository has a set of keys that image publishers use to sign an image tag. -Image publishers have discretion on which tags they sign. +DCT is associated with the `TAG` portion of an image. Each image repository has +a set of keys that image publishers use to sign an image tag. Image publishers +have discretion on which tags they sign. An image repository can contain an image with one tag that is signed and another tag that is not. For example, consider [the Mongo image @@ -62,38 +63,19 @@ push replaces the last unsigned tag `latest` but does not affect the signed `lat The ability to choose which tags they can sign, allows publishers to iterate over the unsigned version of an image before officially signing it. -Image consumers can enable DCT to ensure that images they use were -signed. If a consumer enables DCT, they can only pull, run, or build -with trusted images. Enabling DCT is like wearing a pair of -rose-colored glasses. Consumers "see" only signed image tags and the less -desirable, unsigned image tags are "invisible" to them. +Image consumers can enable DCT to ensure that images they use were signed. If a +consumer enables DCT, they can only pull, run, or build with trusted images. +Enabling DCT is like wearing a pair of rose-colored glasses. Consumers "see" +only signed image tags and the less desirable, unsigned image tags are +"invisible" to them. ![Trust view](images/trust_view.png) -To the consumer who has not enabled DCT, nothing about how they -work with Docker images changes. Every image is visible regardless of whether it -is signed or not. +To the consumer who has not enabled DCT, nothing about how they work with Docker +images changes. Every image is visible regardless of whether it is signed or +not. - -### DCT operations and keys - -When DCT is enabled, `docker` CLI commands that operate on tagged images must -either have content signatures or explicit content hashes. The commands that -operate with DCT are: - -* `push` -* `build` -* `create` -* `pull` -* `run` - -For example, with DCT enabled a `docker pull someimage:latest` only -succeeds if `someimage:latest` is signed. However, an operation with an explicit -content hash always succeeds as long as the hash exists: - -```bash -$ docker pull someimage@sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a -``` +### Docker Content Trust keys Trust for an image tag is managed through the use of signing keys. A key set is created when an operation using DCT is first invoked. A key set consists @@ -121,222 +103,280 @@ to create new repositories, it is a good idea to store it offline in hardware. For details on securing, and backing up your keys, make sure you read how to [manage keys for DCT](trust_key_mng.md). -## Survey of typical DCT operations +## Signing Images with Docker Content Trust -This section surveys the typical trusted operations users perform with Docker -images. Specifically, we go through the following steps to help us exercise -these various trusted operations: +> Note this applies to Docker Community Engine 17.12 and newer, and Docker +> Enterprise Engine 18.03 and newer. -* Build and push an unsigned image -* Pull an unsigned image -* Build and push a signed image -* Pull the signed image pushed above -* Pull unsigned image pushed above +Within the Docker CLI we can sign and push a container image with the +`$ docker trust` command syntax. This is built on top of the Notary feature +set, more information on notary can be found [here](/notary/getting_started/). -### Enabling DCT in Docker Engine Configuration +A pre-requisite for signing an image is a Docker Registry with a Notary server +attached (Such as the Docker Hub or the Docker Trusted Registry). Instructions +for standing up a self hosted environment can be found [here](/engine/security/trust/deploying_notary/). -Engine Signature Verification prevents the following behaviors on an image: -* Running a container to build an image (the base image must be signed, or must be scratch) -* Creating a container from an image that is not signed +Secondly to sign a Docker Image you wil need a Deletegation private key, and a +x509 certificate public key. Instructions on creating this can be +found [here](/engine/security/trust/trust_delegation/#generating-delegation-keys). +Alternatively if you are using Docker Enterprise's Universal Control Plane, a +user's [Client Bundle](ee/ucp/user-access/cli/#download-client-certificates) +provides adequate keys for a delegation. The `cert.pem` being the public +delegation key, the `key.pem` as the private delegation key. -DCT does not verify that a running container’s filesystem has not been altered from what -was in the image. For example, it does not prevent a container from writing to the filesystem, nor -the container’s filesystem from being altered on disk. +Firstly we will need to add the delegation's public key to the notary server, +these are specific to a particular image repository (In Notary known as a GUN). -It will also pull and run signed images from registries, but will not prevent unsigned images from being -imported, loaded, or created. +``` +$ docker trust signer add --key delegation.crt jeff dtr.example.com/admin/demo +Adding signer "jeff" to dtr.example.com/admin/demo... +Enter passphrase for new repository key with ID 10b5e94: +``` -The image name, digest, or tag must be verified if DCT is enabled. The latest DCT metadata for -an image must be downloaded from the trust server associated with the registry: -* If an image tag does not have a digest, the DCT metadata translates the name to an image digest -* If an image tag has an image digest, the DCT metadata verifies that the name matches the provided digest -* If an image digest does not have an image tag, the DCT metadata does a reverse lookup and provides the image tag as well as the digest. +Next we will need to add the delegation's private key to the local docker trust +repository. (By default this is stored in `~/.docker/trust/`) -The signature verification feature is configured in the Docker daemon configuration file -`daemon.json`. +``` +$ docker trust key load delegation.key +Loading key from "delegation.key"... +Enter passphrase for new signer key with ID 8ae710e: +Repeat passphrase for new signer key with ID 8ae710e: +Successfully imported key from delegation.key +``` + +Finally we will use the delegation private key to sign a particular tag and +push it up to the registry. + +``` +$ docker trust sign dtr.example.com/admin/demo:1 +Signing and pushing trust data for local image dtr.example.com/admin/demo:1, may overwrite remote trust data +The push refers to repository [dtr.example.com/admin/demo] +7bff100f35cb: Pushed +1: digest: sha256:3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e size: 528 +Signing and pushing trust metadata +Enter passphrase for signer key with ID 8ae710e: +Successfully signed dtr.example.com/admin/demo:1 +``` + +Alternatively, once the key's have been imported an image can be pushed with the +`$ docker push` command, by enabled the DCT environmental variable. + +``` +$ export DOCKER_CONTENT_TRUST=1 +$ docker push dtr.example.com/admin/demo:1 +The push refers to repository [dtr.example.com/admin/demo:1] +7bff100f35cb: Pushed +1: digest: sha256:3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e size: 528 +Signing and pushing trust metadata +Enter passphrase for signer key with ID 8ae710e: +Successfully signed dtr.example.com/admin/demo:1 +``` + +Remote Trust data for a tag can be viewed by the `$ docker trust inspect` +command: + +``` +$ docker trust inspect --pretty dtr.example.com/admin/demo:1 + +Signatures for dtr.example.com/admin/demo:1 + +SIGNED TAG DIGEST SIGNERS +1 3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e jeff + +List of signers and their keys for dtr.example.com/admin/demo:1 + +SIGNER KEYS +myteam 8ae710e3ba82 + +Administrative keys for dtr.example.com/admin/demo:1 + + Repository Key: 10b5e94c916a0977471cc08fa56c1a5679819b2005ba6a257aa78ce76d3a1e27 + Root Key: 84ca6e4416416d78c4597e754f38517bea95ab427e5f95871f90d460573071fc +``` + +## Runtime Enforcement with Docker Content Trust + +> Note this only applies to Docker Enterprise Engine 18.09 or newer. This +> implementation is also seperate from the `only run signed images` feature of +> [Universal Control Plane](/ee/ucp/admin/configure/run-only-the-images-you-trust/) + +Docker Content Trust within the Docker Enterprise Engine prevents a user from +starting a container from an image of an unknown source, it will also prevent a +user from building a container image, from an unknown base layer. Docker can +provide this enforcement on its Official Docker Images, found on the [Docker +Hub](https://hub.docker.com/search?image_filter=official&type=image), or on +User Signed images, assuming they are stored in a private registry with signing +data stored within an attached [Notary Server](/engine/security/trust/deploying_notary/) +(Such as the Docker Trusted Registry). + +Engine Signature Verification prevents the following: +* `$ docker container run` of an unsigned image. +* `$ docker build` where the `FROM` image is not signed or is not scratch. + +DCT does not verify that a running container’s filesystem has not been altered +from what was in the image. For example, it does not prevent a container from +writing to the filesystem, once the container is running, nor does it prevent +the container’s filesystem from being altered on disk. DCT will also not prevent +unsigned images from being imported, loaded, or created. + +### Enabling DCT within the Docker Enterprise Engine + +DCT is controlled by the Docker Engine's configuration file. By default this is +found at `/etc/docker/daemon.json`. For more details on this file head to the +[reference](/engine/reference/commandline/dockerd/#daemon-configuration-file) + +The `content-trust` flag is expecting 2 variables, a `mode` variable instructing +the engine to enforce signed images or not, and a set of image signatures +contolled via the `trust-pinning` variable. + +`Mode` can take 3 variables: + +* `Disabled` - No Signature verification +* `Permissive` - The engine will check the image signature, however the +container will still run. The results of the signature verification is displayed +in the Docker Engine daemon logs. +* `Enabled` - The engine will check the image signature, with a failure resulting +in the container not starting. ``` { - ... - “content-trust”: { - “trust-pinning”: { - “root-keys”: { - “myregistry.com/myorg/*”: [“keyID1”, “keyID2”], - “myregistry.com/otherorg/repo”: [“keyID3”] - }, - “official-images”: true, - }, - “mode”: “disabled” | “permissive” | “enforced”, - “allow-expired-trust-cache”: true, + "content-trust": { + "mode": "enabled" } } ``` -| **Stanza** | **Description** | -|--------------------------------|----------------------------------------| -| `trust-pinning:root-keys` | Root key IDs are canonical IDs that sign the root metadata of the image trust data. In Docker Certified Trust (DCT), the root keys are unique certificates tying the name of the image to the repo metadata. The private key ID (the canonical key ID) corresponding to the certificate does not depend on the image name. If an image’s name matches more than one glob, then the most specific (longest) one is chosen. | -| `trust-pinning:library-images` | This option pins the official libraries (`docker.io/library/*`) to the hard-coded Docker official images root key. DCT trusts the official images by default. This is in addition to whatever images are specified by `trust-pinning:root-keys`. If `trustpinning:root-keys` specifies a key mapping for `docker.io/library/*`, those keys will be preferred for trust pinning. Otherwise, if a more general `docker.io/*` or `*` are specified, the official images key will be preferred. | -| `allow-expired-trust-cache` | Specifies whether cached locally expired metadata validates images if an external server is unreachable or does not have image trust metadata. This is necessary for machines which may be often offline, as may be the case for edge. This does not provide mitigations against freeze attacks, which is a necessary to provide availability in low-connectivity environments. | -| `mode` | Specifies whether DCT is enabled and enforced. Valid modes are: `disabled`: Verification is not active and the remainder of the content-trust related metadata will be ignored. *NOTE* that this is the default configuration if `mode` is not specified. `permissive`: Verification will be performed, but only failures will only be logged and remain unenforced. This configuration is intended for testing of changes related to content-trust. `enforced`: DCT will be enforced and an image that cannot be verified successfully will not be pulled or run. | +### Official Docker Images -***Note:*** The DCT configuration defined here is agnostic of any policy defined in -[UCP](https://docs.docker.com/v17.09/datacenter/ucp/2.0/guides/content-trust/#configure-ucp). -Images that can be deployed by the UCP trust policy but are disallowed by the Docker Engine -configuration will not successfully be deployed or run on that engine. +All official Docker library images found on the Docker Hub are signed by the +same notary root key. This root key has been embedded inside of the Docker +Enterprise Engine. Therefore to enforce that only official images are used. +Specify: -### Enable and disable DCT per-shell or per-invocation +``` +{ + "content-trust": { + "trust-pinning": { + "official-library-images": true + }, + "mode": "enabled" + } +} +``` -Instead of enabling DCT through the system-wide configuration, DCT can be enabled or disabled -on a per-shell or per-invocation basis. +### User Signed Images -To enable on a per-shell basis, enable the `DOCKER_CONTENT_TRUST` environment variable. -Enabling per-shell is useful because you can have one shell configured for trusted operations -and another terminal shell for untrusted operations. You can also add this declaration to -your shell profile to have it enabled by default. +There are 2 options for trust pinning User Signed Images: -To enable DCT in a `bash` shell enter the following command: +* Notary Canonical Root Key ID (DCT Root Key) is an ID that describes *just* the +root key used to sign a repository (or rather its respective keys). This is the +root key on the host that originally signed the repository (i.e. your workstation). +This can be retrieved from the workstation that signed the repository through +`$ grep -r "root" ~/.docker/trust/private/` (Assuming your trust data is +at `~/.docker/trust/*`). It is expected that this canocial ID has initiated +multiple image repositories (`mydtr/user1/image1` and `mydtr/user1/image2`). + +``` +# Retrieving Root ID +$ grep -r "root" ~/.docker/trust/private +/home/ubuntu/.docker/trust/private/0b6101527b2ac766702e4b40aa2391805b70e5031c04714c748f914e89014403.key:role: root + +# Using a Canonical ID that has signed 2 repos (mydtr/user1/repo1 and mydtr/user1/repo2). Note you can use a Wildcard. + +{ + "content-trust": { + "trust-pinning": { + "root-keys": { + "mydtr/user1/*": [ + "0b6101527b2ac766702e4b40aa2391805b70e5031c04714c748f914e89014403" + ] + } + }, + "mode": "enabled" + } +} +``` + +* Notary Root key ID (DCT certitifcate ID) is an ID that describes the same, but +the ID is unique per repository. i.e `mydtr/user1/image1` and `mydtr/usr1/image2` +will have unique certitificate IDs. A certificate ID can be retrieved via a +`$ docker trust inspect` command and confusingly is labelled as a root-key. +This is designed for when different users are signing their own repositories, +i.e. there is no central signing server. As a cert-id is more granular, it would +take priority if a conflict occurs over a root ID. + +``` + # Retrieving Cert ID +$ docker trust inspect mydtr/user1/repo1 | jq -r '.[].AdministrativeKeys[] | select(.Name=="Root") | .Keys[].ID' +9430d6e31e3b3e240957a1b62bbc2d436aafa33726d0fcb50addbf7e2dfa2168 + +# Using Cert Ids, by specifying 2 repositories by their DCT root ID. Example for using this may be different DTRs or maybe because the repository was initiated on different hosts, therefore having different canonical IDs. + +{ + "content-trust": { + "trust-pinning": { + "cert-ids": { + "mydtr/user1/repo1": [ + "9430d6e31e3b3e240957a1b62bbc2d436aafa33726d0fcb50addbf7e2dfa2168" + ], + "mydtr/user2/repo1": [ + "544cf09f294860f9d5bc953ad80b386063357fd206b37b541bb2c54166f38d08" + ] + } + }, + "mode": "enabled" + } +} +``` + +### Using DCT in an offline environment + +If your engine is unable to communicate to the registry, we can enable DCT to +trust cached signature data. This is done through the +`allow-expired-cached-trust-data` variable. + +``` +{ + "content-trust": { + "trust-pinning": { + "official-library-images": true, + "root-keys": { + "mydtr/user1/*": [ + "0b6101527b2ac766702e4b40aa2391805b70e5031c04714c748f914e89014403" + ] + }, + "cert-ids": { + "mydtr/user2/repo1": [ + "9430d6e31e3b3e240957a1b62bbc2d436aafa33726d0fcb50addbf7e2dfa2168" + ], + } + }, + "mode": "enabled", + "allow-expired-cached-trust-data": true + } +} +``` + +### Client Enforcement with Docker Content Trust + +When DCT is enabled, `docker` CLI commands that operate on tagged images must +either have content signatures or explicit content hashes. The commands that +operate with DCT are: + +* `push` +* `build` +* `create` +* `pull` +* `run` + +For example, with DCT enabled a `docker pull someimage:latest` only +succeeds if `someimage:latest` is signed. However, an operation with an explicit +content hash always succeeds as long as the hash exists: ```bash -export DOCKER_CONTENT_TRUST=1 +$ docker pull someimage@sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a ``` -Once set, each of the "tag" operations requires a key for a trusted tag. - -In an environment where `DOCKER_CONTENT_TRUST` is set, you can use the -`--disable-content-trust` flag to run individual operations on tagged images -without DCT on an as-needed basis. - -Consider the following Dockerfile that uses an untrusted parent image: - -``` -$ cat Dockerfile -FROM docker/trusttest:latest -RUN echo -``` - -To build a container successfully using this Dockerfile, one can do: - -``` -$ docker build --disable-content-trust -t /nottrusttest:latest . -Sending build context to Docker daemon 42.84 MB -... -Successfully built f21b872447dc -``` - -The same is true for all the other commands, such as `pull` and `push`: - -``` -$ docker pull --disable-content-trust docker/trusttest:latest -... -$ docker push --disable-content-trust /nottrusttest:latest -... -``` - -To invoke a command with DCT enabled regardless of whether or how the `DOCKER_CONTENT_TRUST` variable is set: - -```bash -$ docker build --disable-content-trust=false -t /trusttest:testing . -``` - -All of the trusted operations support the `--disable-content-trust` flag. - - -### Push trusted content - -To create signed content for a specific image tag, simply enable DCT -and push a tagged image. If this is the first time you have pushed an image -using DCT on your system, the session looks like this: - -```bash -$ docker push /trusttest:testing -The push refers to a repository [docker.io//trusttest] (len: 1) -9a61b6b1315e: Image already exists -902b87aaaec9: Image already exists -latest: digest: sha256:d02adacee0ac7a5be140adb94fa1dae64f4e71a68696e7f8e7cbf9db8dd49418 size: 3220 -Signing and pushing trust metadata -You are about to create a new root signing key passphrase. This passphrase -will be used to protect the most sensitive key in your signing system. Please -choose a long, complex passphrase and be careful to keep the password and the -key file itself secure and backed up. It is highly recommended that you use a -password manager to generate the passphrase and keep it safe. There will be no -way to recover this key. You can find the key in your config directory. -Enter passphrase for new root key with id a1d96fb: -Repeat passphrase for new root key with id a1d96fb: -Enter passphrase for new repository key with id docker.io//trusttest (3a932f1): -Repeat passphrase for new repository key with id docker.io//trusttest (3a932f1): -Finished initializing "docker.io//trusttest" -``` - -When you push your first tagged image with DCT enabled, the `docker` -client recognizes this is your first push and: - - - alerts you that it is creating a new root key - - requests a passphrase for the root key - - generates a root key in the `~/.docker/trust` directory - - requests a passphrase for the repository key - - generates a repository key in the `~/.docker/trust` directory - -The passphrase you chose for both the root key and your repository key-pair -should be randomly generated and stored in a *password manager*. - -> **NOTE**: If you omit the `testing` tag, DCT is skipped. This is true -even if DCT is enabled and even if this is your first push. - -```bash -$ docker push /trusttest -The push refers to a repository [docker.io//trusttest] (len: 1) -9a61b6b1315e: Image successfully pushed -902b87aaaec9: Image successfully pushed -latest: digest: sha256:a9a9c4402604b703bed1c847f6d85faac97686e48c579bd9c3b0fa6694a398fc size: 3220 -No tag specified, skipping trust metadata push -``` - -It is skipped because as the message states, you did not supply an image `TAG` -value. In DCT, signatures are associated with tags. - -Once you have a root key on your system, subsequent images repositories -you create can use that same root key: - -```bash -$ docker push docker.io//otherimage:latest -The push refers to a repository [docker.io//otherimage] (len: 1) -a9539b34a6ab: Image successfully pushed -b3dbab3810fc: Image successfully pushed -latest: digest: sha256:d2ba1e603661a59940bfad7072eba698b79a8b20ccbb4e3bfb6f9e367ea43939 size: 3346 -Signing and pushing trust metadata -Enter key passphrase for root key with id a1d96fb: -Enter passphrase for new repository key with id docker.io//otherimage (bb045e3): -Repeat passphrase for new repository key with id docker.io//otherimage (bb045e3): -Finished initializing "docker.io//otherimage" -``` - -The new image has its own repository key and timestamp key. The `latest` tag is signed with both of -these. - - -### Pull image content - -A common way to consume an image is to `pull` it. With DCT enabled, the Docker -client only allows `docker pull` to retrieve signed images. Let's try to pull the image -you signed and pushed earlier: - -``` -$ docker pull /trusttest:testing -Pull (1 of 1): /trusttest:testing@sha256:d149ab53f871 -... -Tagging /trusttest@sha256:d149ab53f871 as docker/trusttest:testing -``` - -In the following example, the command does not specify a tag, so the system uses -the `latest` tag by default again and the `docker/trusttest:latest` tag is not signed. - -```bash -$ docker pull docker/trusttest -Using default tag: latest -no trust data available -``` - -Because the tag `docker/trusttest:latest` is not trusted, the `pull` fails. ## Related information diff --git a/engine/security/trust/trust_delegation.md b/engine/security/trust/trust_delegation.md index 65803ed669..f33c59cded 100644 --- a/engine/security/trust/trust_delegation.md +++ b/engine/security/trust/trust_delegation.md @@ -15,8 +15,8 @@ Collaborators can keep their own delegation keys private. The `targets/releases` delegation is currently an optional feature - in order to set up delegations, you must use the Notary CLI: -1. [Download the client](https://github.com/docker/notary/releases) and ensure that it is -available on your path +1. [Download the client](https://github.com/theupdateframework/notary/releases) +and ensure that it is available on your path 2. Create a configuration file at `~/.notary/config.json` with the following content: From dfeff27d45aea884d69f8fdab342977f72d83daf Mon Sep 17 00:00:00 2001 From: Olly P Date: Fri, 18 Jan 2019 10:41:56 +0000 Subject: [PATCH 180/361] Updated e-2-e install --- ee/end-to-end-install.md | 27 ++++++++------------ ee/images/try-ddc-1.png | Bin 127843 -> 0 bytes ee/images/try-ddc-2.png | Bin 123669 -> 0 bytes ee/images/try-ddc-3.png | Bin 89882 -> 0 bytes ee/images/try-ee-1.png | Bin 0 -> 44701 bytes ee/images/try-ee-2.png | Bin 0 -> 143269 bytes ee/images/try-ee-3.png | Bin 0 -> 116030 bytes ee/ucp/admin/install/system-requirements.md | 4 +-- 8 files changed, 13 insertions(+), 18 deletions(-) delete mode 100644 ee/images/try-ddc-1.png delete mode 100644 ee/images/try-ddc-2.png delete mode 100644 ee/images/try-ddc-3.png create mode 100644 ee/images/try-ee-1.png create mode 100644 ee/images/try-ee-2.png create mode 100644 ee/images/try-ee-3.png diff --git a/ee/end-to-end-install.md b/ee/end-to-end-install.md index 4c7379146c..def8911379 100644 --- a/ee/end-to-end-install.md +++ b/ee/end-to-end-install.md @@ -10,21 +10,16 @@ redirect_from: The best way to try Docker Enterprise Edition for yourself is to get the [30-day trial available at the Docker hub](https://hub.docker.com/editions/enterprise/docker-ee-trial/trial). -Once you get your trial license, you can install Docker EE on your -Linux servers. Make sure all the hosts you want to manage with Docker -EE have a minimum of: +Once you get your trial license, you can install Docker Enterprise's Universal +Control Plane and Docker Trusted Regsitry on Linux Servers, Windows Servers +can be used as Universal Control Plane Worker Nodes. -* [Docker Enterprise Edition](/engine/installation/index.md) 17.06.2-ee-8. -Values of n in the -ee- suffix must be 8 or higher -* Linux kernel version 3.10 or higher -* 4.00 GB of RAM -* 3.00 GB of available disk space +Learn more about the Universal Control Plane's system requirements +[here](ucp/admin/install/system-requirements.md). Also, make sure the hosts are +running one of the supported operating systems from Docker Enterprise's +[Compatibility Matrix](https://success.docker.com/article/compatibility-matrix). -Also, make sure the hosts are running one of the supported operating systems from the [Compatibility Matrix](https://success.docker.com/article/compatibility-matrix). - -[Learn more about Docker EE system requirements](ucp/admin/install/system-requirements.md). - -## Step 1: Install Docker EE Container Engine +## Step 1: Install Docker Enterprise Container Engine [Select a platform](/ee/supported-platforms) and click through to install the Docker Enterprise Edition container engine on all hosts you want to manage. @@ -58,7 +53,7 @@ Now that UCP is installed, you need to license it. In your browser, navigate to the UCP web UI, log in with your administrator credentials and upload your license. -![UCP login page](images/try-ddc-1.png){: .with-border} +![UCP login page](images/try-ee-1.png){: .with-border} [Get a free trial license if you don't have one](https://hub.docker.com/editions/enterprise/docker-ee-trial). @@ -67,11 +62,11 @@ license. Join more nodes so that you can manage them from UCP. Go to the UCP web UI and navigate to the **Nodes** page. -![Nodes page](images/try-ddc-2.png){: .with-border} +![Nodes page](images/try-ee-2.png){: .with-border} Click the **Add Node button** to add a new node. -![Add node page](images/try-ddc-3.png){: .with-border} +![Add node page](images/try-ee-3.png){: .with-border} Check **Add node as a manager** to join the node as a manager to provide replication and make UCP highly available. For a highly available diff --git a/ee/images/try-ddc-1.png b/ee/images/try-ddc-1.png deleted file mode 100644 index e53149b17a92ef022183c21e2305c9ee73a92c74..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 127843 zcmeFZ^cz$69f2Bo{Z2BcfMyJ28p$bn(z zJ=uES&-4BV-yfdq^MM(LD_0)tSnHg?S4z?ZcgXMH;NTF*%1El>;NXF`fBkjq8hFWj z{q*YPFZ1V$&v9@{!|>6@SO2|jFQemxgLCia)ekNSlbj#;@R2h_+gZ)d%-PM@(GIP7%V2#2Y$9vzw&6tLF%t) zrROa-Af^A%5nE=cH;0zigN@QY^p*Onx|bO(K83FXo% zl0$FN#y6Kn!T0XYx;Z=rcLJ_sT<&&(Hd@9uFn;>`#jU5{7iL7q78*R9&i0oy@-^8F>YRIH*wd0pNl3cQwOk~##T-|=mfM3TijAo6-+!8VF570< z-qDdF?sI;!JA;RZhs?zuqtADWZCC@cvetviI9FGo>W?2&w!6K=WGKu_N{fhyY;0`w zruxb$_<%h+SpR^0(XkthR#|!n`mfHe74%ZD}Py>i?NqBfTdWcb{(rPS> zvl)oV(cbw1bquPK8=^1>rI_bYPF$1aNLId9aZnaH6%}-Uv1Ke@ z%WketL)~I12U1S*aYDvvZ?^XA%)RvIR|8K$M|M1It9Q zVwXX${BHj?GOVs7XQTbn2d31frlvISpdhdFqb*1Uhoi9&%aF);Of$1T&k6sbwpXe1!OrjBpw?v5_M~9`UqA>6DuVcAA95 zt!;0!c#d{QGPaYqMLqv`BQQnOW}0^>zSy9iAuHek6)~~%V)Ofgf`WQCM9^*!Y2lrl z@AHjuNj=W?jj3aszykxZ`xqF&&L@l6{>MIJXr)5~*5i|s8eX?tQ?V70rzOv|5Fuhv z*grirs=xXOy}`Db{NzP^9({0KfK z?|x3u2{rw%yJ9LOrKLG_D=dJXffbYTxr`U+T)%m*!D%COvzo_zK-3i;$J7BlkLa^& zvmb7&KOxzi%UVx#RaKRVwx?&^!_Ado$3+9#zU771aWiL-;?z30a)^{rf*h z^Xz(60cGS5AI3#R5kG$X7=#Aho%h#oJ|H4G-JPj6X}>enBo*?I%LBPuQNasL6lcg0 z;z8QZMoathNNo>xC3|}iP-ZM9xKNQCd~IQoEynj zP8IVqdpA)&d+|a`{C}Aeh+>Gz(l^K3W94T34>Gl)l7Q2G`TRMsgU@!h#%87}(6G*W zid)5~Q;zn0FoEw~Qc{wrsHmhgrMP!ZPG#CAh)H@12dAgh!p=EN&3e_g$s%rhn?vak zT+$Ip?%qr_0=U1bs_Koq51$A}PcHxbj8Dd<{p8MmhHRvXi3#x6C!S^6V?SQ{+b%Ti zZf&9VmtK}aOKXpgod5M<0{oJ*vj!h;swl%#)~1KcTh)(mV$QGW>+7>MiQWIC{`UdQ zw9IS#cNS1p0V;Q0`uX|k%P)W7;RPZef$i_VOB~naRNiGPCjO2Nu^a|0clM9AMt~F> z+z^ICcG4japZ4s7C%-{JPB(6km=`M@1$LpFEKDy~{IJC5!c`@aQ6cUL`DpX|>sZW% zT`9(8XBXe%N(iA6!zS{zL&gDF~$f0aCUtR>NDZ z9ZN?-O4`tS*WG<#Y|xb1f+~)fedE)2B~tFIZ&E%+`TvU<&2&{!Qdv%J&aq zJLF?Ic4uqVj{1P>&o+8#DFg-w6S=&M(o^vSLGlFX2s~uK$y4D$AQnkJl0p~6d?T<~ zWktoWK|#V$^jVQXecN){(_mA(`34Z7cLGB~8i3OSmm|5}c5X`4+S=M~q+=TP=FOY* z^z^}G5yp;yuR-i)Z{M!2uFk@IvA=%2+!#z%mY4t6WdJ%@j@FD?UN%A1P?H?sMtdz9 zD0p9-6r#Jy)>-jOEcljZo)ijwQjcqEYh%?a%IOlj{`+|*=p`hKPO7Dcgh<%so##N3 z=E}^;kr9o)WDb7Fc^($v{+$D#v_x{79ISq;m7 zt2!(%FWb)5wZr1?{{dRZ-VV5=it8Y}gY1WdzU(rO3=enMovv(alSGjP{0EO^g55%a z-0`$4$UR`poPn0{u{1pVVlsM;A~svQ6@|u@6GrA4KDM`!MoK_#!0>tutA2EWtR*Q> zl$Vi_VLxK|`;sycRM|B);XVKW3}H}qJN{HUTArQlox6xg=5rCXF#*PW8wFzCDmn^; z9Dz_QIVtNpQM5cT4FCYt)YR6D(uax3$RynNpRlpPp&F6}a%dEMs+`)_OZfK%x|G8? zS(|}Z10yKj+_&>I8?W=SloC-Jt;&$gLu6$v2r%4Pe!sdEQ^9|s8Y(Uy8^(|q)z#J2 z8Ai=&a62hB)(wSR^E%z@Cby1W1^5Rj97*s;5;F1LI=J`n@x2a~KR1kcC-oH+P!f(* zR%hqfD5%avO}O1a-5j6G+%20aD|<1V_qaSW ze=X(0$Rk9Eoe$DvT)H(%Jvuz1rZxgQGc<{}M9xJ?vT>%eDKGDZ+jJ&*vruJ5S0nFo z9V`fviShAiIL{>|Jw}0(r=`)T=oA~lIChFOB7n4|BqiQWDkBv)X@$sQ+tqQyxxs2X@JFre^?BW~rR2laEy@`cB`}RDZGfQ2@!f z5EpV(+hj;#C*7T@$$#oUkvEqco9L`1rj_Eu3?2x5!{}@COG2IzHFHl7yINKu9kK0` zDhcWinT-zk_M7_UH28r4gjhF|2p6OTabMH3mzF(Lf02f@PvrIxUIVE6aIW4BY4aa_ zShDE(L9}iIjT~);H}rcaRrD1w|H$3eQyt}(4chw^{D`R7l%wX*^`x-6(`aqmCbDw* z(*i#o|8!JNExYMyI`Uqr+?|q*&}`;m#z$P7w#pR(DK1CPGbwfjNMB>uCa|?rhDMg- z4y}r)NIONdqh2xxW+TrE6sD%5&Ue0e)9A)3o^}DcKRDK5_~q0Od1p`SM%v`W`_u=b zS!s?&TW`(Gs08g_1MHG^)RRR=Pp_E3yVVoTT9&;gb+^fW>E}$f-I@`zCGzkPAw$bq ztZ~1zDj?ui=1Acm1e#HXC&uxDpO)&1x_Tut8Vb#2pa=`?lU7vPsE z+dBLFY^d5)Hq5uyd_!~VD7aLom;_JoynAeyVgMrVFIEp#=$o&)_~-4141$i&sY3P} zQz#;T*S*?gx_C}SAw0pu_FaloBYHy#dYy~#Naf+SJloXxY2}v^ucyBdY?!hV!l3G9 zNU@t~Z&`gk&li);&BLf?D^HcIM=vj9sXiNtH$uujyt&_Pf~OO|l^biD6zTzWYW?z3 zc{u`MD2Nr*M0!T18pMQ5mn?05B^&lkIN#rF`5JNCe1R#oLthD(G`|sjD$eDJ2!v^R zQ95^aK7m6=~3dCyaAQ~w|~njE_RcJkene;k#|MpjONfbFb12`B5) zquWEJ%v)Q52c?05vRkQ*#_^l+EiEmF8-rnB3ki8F0Y&Giq>DSb@#;{4biO^tiqeuJ zS5dpF{|=TRI&Os#pypXz?@yeXn)a(tJD+LMu?VS|zf=845b*}4q63*& zIppkIZ|q?bJr+i2m<^>zeR#>~XcLxUMn;SX>x%b0EM)3l8_id~V?P_rGl%|Y$e0O9 zN*yWsd=ZK-Q0#9=zCG-^Ub9?z1& z`j?$L=C<=_r{hAFJxxXV)PAD?9ffZ7 zI;V;w+zKZL@tdL9lLF|mGwI~NCs()=6o?);3tFBC)xyK?c)?C%E4lN7_|3w@&+ zY0-1rCGg}WA-$B<0{3rXC|yk{LkD-=rJxcw@+YN0*(++B@X zpSC*YAWF$Jg;3ooLmDLRFL@hwGym$viY|1P9a49u25daKt$e-Sb&8rns3D%}GN;}H z8_8vvhV!n{D9<}XRn@Paq7q@kYJwslA-l}3^eJ94_oi0F`t#L^CrWT#>{u3!N?Js z&{J!^?e`5uO-T!B;lq5*rb_QQ*qbfyi>xb#eWO0>_q<$Oj^9~|f0Tyf|E06bm6nG+ z6CK>xyFOd%1S(EYW~ZV$!^^t6x@uf@G}YCk(82UyH(LSk08n{E>_lDwQ!~x77wf`} zKR8Fd3VwPmch?Tue)*M3(dJO7KU|8OkT=O!=dOC&-Es;MoIfIatN^tjj}n~n*ItHi@?_hzPQ)D zkaYtF)ka}0>o0Wjn3|=WurY=D#IKW^3p4xqY%|?f!aGxC?(D}I5~gJqXI9{tXEDsq z3uUEzN%?Wg-Q6-3_l6(4flV)D)G7V(!_dHHZqBVYC9%-^FG2Jfwc>eUV5|h|27~q* z@!~!at+ZVrv)HwiedKtqlN&c3-r3#`@zfsH30Fx$A&T;X;NCsJKh-UJE)H&h0wQf^ z9q>yqz2WljfF>$3Y}BpPx@H7}iamY$youm9kh+ztfJNPNP}y$la?Z-J zrl?PD?KEk_Oqn?~bj;b4Cjscw_q(C$%jAm{n=d0T!i?N_*tZnz_kXEzu10eT!Tr8; z`z7AinTXL7gSOvxL%fbJ0 zw?Kp=th+{_$Y(~+ROuH+um?}@pd%)$aUB+A!zAWtJ1F-USE-@Ys?D*zvF1%{adOkq zKc0WpfE3HZVg;Wp1>_MZ4Wca))2LZ|1Lrut&A0!6`1pG~@J#LWC z0w{^~Cx4ho$#7qe=I-upK#`#PmW=MJBz#Fx)|g?d?T^lZrR@btn9_L|MeG;l3?5W0 z2n3uY=9JQVtj!^(4dSmQrTi^4Uj4DN;`&gUv00YUtng?<>%LcD#6q*dL%6UNmQv+3 zf|j$cdfRb7d{uqPOTTmbM!G%ev7Kcj3j>c$CoyBTkn~$S)bZs-CZhr?vYW4&`Tk1%R+zpc zJv%E8e3I=r0c(_b4Q=gTpE)7E#XKDJ&QFcQCK-nABIssNrBSk;!K}KJfp{VZid)mk za`Qn@RhdfMVNVhFKuS6=`f8zzUNLodv4-}s%~FStY`vDdJ_OD5 z_no0uAPnOyR$_$3ixwDlhK@%Z*-v|OHNc0)I{mX`%w3WjR?C)6rZ!6?E`(*WT=nhg zSXuX8`)wFS1pAiLa3CCaCl3bwP4MDxuDiw*4STF~Gn(WN4k#SYxXIT!$7j$NCJSYx zd(VttXJiXe?yf2GS-~VC$)Fd%mNk6EzlnPbzO)|jJfW3!>zfsju0qZyDvOZ}wkj*1 zEV$_jD|p^b!Sw`ZR9XEFHJrY1j6hT ztSe-RU(4RqoJlHx(VBJ_Rt%;nTrS+kJL8d+m#=p}Fp-lBLgzCm8XGUAONX^-DH$5( z(*QD%WQT30;txP)NgO0u1f)AKVdmtma}-^M>8^X+{MM@=aPwahBOnMHCTqFz$p{l) z-s8>kqtUW#K5TX*=>;5afGW)G%Jw*c$E)&@ghfV10`@`cDiYT^e%3SoQ>06ZYxz-2 zKp#_4aUfWumCQ89cUJp=P_8Rw3qDqK6^;?zwC=$$Zpm)3IBv$Ovw%(j$dos6uf`KR@S<1XP|kW+LnsDki|y69YcB72^78Wy#_vg~|znLqv zAJ_*_upS!&lpfMgSL^AYK3xK=7-(=H?Wq1_d+%x{vPD2KN{3M;OZbXk;W3q4DBIs~ zVH|+Cw$raG|7n^a$YpU2U0%;-4$p$Z5s>u2bYjSeUo<(Xs;RYWDG@J%7DEs0^PgrB zl9Jo^)DQb^VyYI&@h1sB{e+e-NB{c!zg?$qSm=M6GJn5Nry*V(q!$wt140k~QZ!7C(`vO^%h>u&y1|B`5K3nmX9|F|9FCA`vcI_06Z0Vh|5^vXJDrWZxlBTODirHcL$M~>mo)>hEySf$+BAOzro07*!K#l-1M+b6F`01Ly@qcffgb+_#BTW^rrljN*=08M_++i4=AOkZ4 zi}<$7&vyq;c=CVFm_it(V4-0TXd_jz{lbd4MbB6?{6LqZZMW%CLQ zQ#qR-#Xo}Xi0LWuYzx+p&9l}I^9--?h=)F`x?EmYI-IUZGHcj_=M5gMB9e>QngOf> zDu5oYe?@zc& z4ndkvK3hBs-uPUxlFHZ}PMFdGorBF0Gl=7RQ6>M({?|#6)Jm?dSIq{9ikzZiv~r#x zR@?8Rz=fR{j9G|Y2+&=Cj1uS#j>8;nsSUjsNYW|49L}<1Yc{Di?@s`or0uP(N1!>A zs#|-->QVgNKHS;40jNE|g&}h_h*cI=mX{@Oh6V(j#Y6|6?CkD}S&im^{y;z-tEY>z z^AVt%FE1}4L@B(M5%u*KKn`o^tTLu|?0?RTQt3(a8%#=jh3~xYB$Hc>l!#r1XGBV` z&u|=a>26zAIIjj)+(m`>@})92mkN+g?M@vOHN5*292_jp2EvHCx_Z3ZBDLB#;wH<> z6af@6njV9%pqHPe$Y;7$zAt$oJ;PcDv-zIc-zHFt+{k1OYH+fDof@jE zn>ElHBd+Amn2N^ubR^y!@!72iNx0c35~W**Xn&+ak^NWPqb&i%cGJZ<#agVo>SK>L zcK;NQd!9?ByqRbi2uGO8Dj^Rv-Uw^QZB|vq*I#%l{diltyjp$_nH-&EIntr1Uu+(w z^F|hv&hu{0t72%lY(KGyo#ACuRYQo@^~Z@(O~1^DwB|1NPhz8pR~d>7YZi@FtGt6~ z=u7>p_msN2>Q6U*5|GhGyEZs>*H-#W?eQ4nMeEeiVY*^=izA&@mH+k0F6D^*eS4Ky zNw2#E1XoH1E|b>s86qkpudG*Y_O-Io#s40qa10sORdfI}yu70PSH*yEPIRTLva(Uh z>-U?^X)#c88v1nbk7^a&;y4cH_0PIRK~EV z_t~$(!9k4#7Ut&2LEFbZj;5-v=Ybm&Ut>L_Gdp|D)xV{EXsb>9;Dyj_KnyRKzfj&2 z^V!7AC|mWx!i$-j>D%LbCql(yk{G-a$emi9_8RP`BJE^l56XYF=7)avolJypBx>5p zcCopq9;AItnUCXR#Kx@uY@ICQV;4Y`+U0i;RNiPhuL)l>6HVmib?@IhJl!)g;F``) z-rb+D!*4rUj`GJ9D_~%kaNQZ7l6aixc274vg>yXC&F?V;@!6bfNcCyb5 zKI%8pl}-;fVW_UpCG}eCr`2P7To{e2I3s(fnHRA8_{wuNZijuOZu#TSMW_NUIlDc4 z46BNV*{CllUkvLQ!y}}S}*de zxZE`u1K4Wicy3eBQ30CaWMPR=E_{M@Ct|y=GAlW_J)9W~lKmSG2Uk~8N_P<8G{$Iv zb1EeX9xS$e zZH;7u$qOxG+`Uql)nkD$)3ADLa#t>73fuwWLFSe=7^K5BMG|vEMYm^{J(`)Pj7yG| zwfwsbJ-+=^B?(zOLHtT3r;r9e*U6fZ=LmxYJ2T4prudw{BV&)Mew>r@%Cj&xKyntSnh_ejdMe77?ZM$ zB=dGdI59U3yE4i*q^zj$II(K$;4pnog1s5Ve4#any@+3J#|B)}{|0qlS$-2nznl7R zs#ZT-U0Z8(KUkh`^a3Lg!uE@PVPS)y`}p(cPs!SuMz88P_lpx7uEn`}LPmKO)%a^{ z%LoL_ zq*(YQtsv;e1;`b^X`w1NLqkID-oC9<=bVf7uxt~qwwYnLgWexb67^6OFaF@&gk!$i zWZ-c5eeXf_cUpWi{YjclPKQ$o-VL)pB2)k}BGNf`aCs>`9SUE|1y^^D&?~Wh22RmG0U0jSq#O$VOvM0q8{f2MFd4lr?ONfA8#MkQTm$4 zrhL?kqO3O^8vgZA_G5o=qv>$lq1AXcXQm)(kAEZOxd0|%Wb}z-E>5hXis80>=YR-x zb`xh%;*^5TuOR{CBg6vdF|Wa+b6t#N%7!IQIxiH1C?j;!d%jt{6^E!W&RRFHCNsk_x%VoF05(W>7lt+2AVN?ty8 zTM4kY^{QDoWb~gFW}6(wK{ckabO06Ng6PiCjU0o2{eT>=!51ZNMDz- zsQ5uNh%4nqHG`O((-;Q;p~3qWb#38sX(~u9jjp>1+Awd`HPxwW4fabf4zdFN0-NTy zt6_=sReW`tt781EW)$d)1z%%BLSp%X4*)v{{*0C2{OUde0#=)Oalqyz(t|`2{_#u= zQ|cSRs$z^?U{1yiu7=7@7g0W;Rxy+da*~uDOGbz-9ifsw5Ps&lXd&G=K148Pn3|fm zi_e(XTa2bhB`w2imUbFuPYnY4ySy(rSjB1cGoBps;Az_&Y~pn)%_;{d^!C?6Ek125 z5pg|=*RfM8#`0CQ#zb2pKYm}^IK-z6aSw}lFHhqGVkJMDZ0tA)hTKY!Y2(Mdxf0-+7o-^X8# zG=Fzt+-UbNmREioLnpCv+-&H>zaXnzFN{6J6Ws04eMb?N(}zCICG^UjFoIsR;!WyF zO@>S#4oMiUW=py2Y$}Vysy^>#^)9nZ(ky>E=p>$Cq#9SxT~mH~enH)sXlF$DOhDgR zXqU%_3%y9knmQFftoEGB(HG~lk5=oB z%Lw=yybfNWS*4rqlzp-@2lf~kdh z-RF`kVS%U*_z3{#&#ONk+JYpKupdz;T1|<9Q409RP`dQmAnYl?Ok}hORt=*^n!$N>yy=X(DJw)CPq7@Zbz+O8uq;pIH%wXf}-GwK0DQHdBbwl#`da`_rMPf>`G zK#On$k|jh`b?JiDs72WAQ(PfcRlnYx^1JB?a?@No5u6?3O}^gkah}?$fq2ND-oQ(a zd@RV$5gMC(jXmDb^G*et{Iw-6m5a`Nr{ne~J7R>D z1Hi4%;aYCOm57>cw0t+KY)$@D&V0)TwIMR*zK#EG4W}=%iH`ALs%&Xbyqs_~+Ur|6 z6Jjf~Fx1tD@RMmzwoGK|BQN)*?}p-$L}l_bwY&5d@l`qM~`?50^<7_m{Hdv|YZ;4f`;?>XzI1eUN`tLEj z(u>fWjC~;Bbi$|Mq}FaYuUWQQbvw}7i1qr*eLPef zUCs5|WNadnlN-ULjk2=x&I-vMTamFo=SrUq!sq zG1nTG)XRIl?-3zk*li+)w$9GpY-n{rEHM=o=Imf4BZCf=(L)cYTQIc+rdlE-I5|Ng z&+CH`c~@U!lYMTu9-QsJyY9Z{5swt-g!Yw*7tOd?i#p|u26kHNED??$PrIVi>;Lwx z!r8HIVtU6a6i#+*R{vEZOMB+W*I16MRd4m~D3JWD^J{L$Fg0JiOd^zcK!`2HvGY1v zx;tM_mUWJH`B73MNQ-G1jlS%Q`6~o-=pM9OQ_M#H`Bd3%#u3$O+!0Zsw==%0(9LY# zsoJVcu_J7x*xy*rRg>KLL0i`2LIHQ6zRcNva6Y|ARQ_9I=&4<5Ex&CEdfk7}t@l>_ z79-8uu*lTplHF0Cy`_4cRQ=Das;c`Zznl?DdqlR9SuvLrf#{Iz*10+YonyBbSx6Wk zJQXgsSAy0(P>yi2_z-s3>|s2#wdRA+vx}W+mm+HIK&;jCi%n+p`G`d988(@9Lbmku z9ymE%Y#YS(TxkEx2FM(L-E0IiUM@~fYNJWBv-;H3siwU#fj7&TQ`du)-Ydz<-lx=N zPMZyM1(S7f7EwH5etv#lUUg!rQcIxBHGJC-^p598mSEToj37!&N%b)L_y@QtRu~OQ zusW4is!FP)g6JY66L6Na8rdV+Ai}7ea)d-aFf|m-PFr?GBRLNdN4-JN^f&=rxRRq>)+T z=h|+s2^;8vrb;mW&wGWl9^0i2WzeMAvx`C($^ohNzfN}3zebMsoE z(@;C3vWqN}_emK$_`R?jXQSD8HG%>jgL!KkX;GNt5C4K_^j}j|HZ!0_jzl6QUA*@f z-@88pxESy&zUzj+0D}SPesCYpeXhV3!+94mDCOaUn zhvXJ>QVgP3!V9uw@$LO>yfQ9OP0vnDQc;E%Ms$IS#AID=bn6(a3HJK=XjIEo#mx%= z%DN~$&#wAsyY1U3*4E*kg@cXG_3cR|*#S-&MJ3|YEH-6KQby6P*RJUc*Ld;-6tbrH zB4@H%ZihK^mSS=ms!(<$CfCGYT&}U0*q3%XRZ7byQdpDu z5QwoA*E{HM_~YmOU??<}O{dJH9ZVOU2M$*NF73+Gp&5eA=Ob73%Ud&jd_qNKWyAsu zmYHb^2E6N|0j*(B@0!SOC#R_VHK_Q*$6SCiLBAbL7i4YDBW0s|V@Y1?NZth2L8=Gn zk+gu5iz~WI6jpcH=9 zo8_u$1^X~|{u&fZNdD#T?bihA+gtq$C^uk}{)v1SC~&qZNOu-uz&}lpW;*&=5XApHy&CRbL!ZQ+Y|0AOuB}~ zT-Iy()^hG_)L3EA5?aSby!L(3`$(_1mQ7&%`-b<~WL#CS`G7F=$y1){XDb>ojlIyF zSVeJ94Og;)z*tKt?2dUh*1N2!%n!=8_rEr{S+-K@RqY-d zJHFcg9=Wvabf3AYzUybtJG=P9vS8Yi8+wy>JtH-|O?R8K*y~QQC6(_-LgkfOp*6nl zi;JaB8-3)PV}&kSgS{%Igodmni)j@8qYb{(Hp1nd+sUA6-cM=HPP$i^X?6RF!fOAoVi_}z1Wepy{#?|~9) zqAQ)Sm`mTwV=a(15|1#0mX>lbYvfZ9oO~wg?dnSQOh@IX1}Qb7a&mGuYXo)%3a8zn zie}>im*gdrGl16(5<5jA&(rE(1$rx91ujw&qY61x28-N_7eA}3jqaEFpCT5h1#FYf z{7kE}_a=%{-9M7D>mF?(u4_dNk}bl~NxP@Y>@es*-6I)Hr~pSb)wl@s`Sa0_y(-41 zZ)hMkQOab63<9+1{`6iI!aXTzvlz^SLMHjG?r?#0s!vj4K{B$jnhDDxt6dZ-gtmz$T`XkH&Jz=FQ_p?dGB88?bblaBZKIENW8RTQ0bDT{1dWSglDJ==0cibY zhoAzrk62Qu$3fo5Vd|FXdu#&|l`dn+HDN(UP}l895dkn|Y=6Ao zIKgZuF*o z4ETC&bdaC~EsJJrBBQmE5~+L`;igbo2eYFUd9thAeyM^CNlVCL;?vaMHIjY4qGx3Pr6$Y6>gf%1J!19$acR&T7={g3}m zkKa=1!KfK%8faHp$1{Ch=EQ;(NNK({vo$IT#Ft9qn~~@@xF-vXmO?WoGi!=zeyjLay*hz>Y<6 zoRY9#4ZH#T7A}FM18#KF4zb{4=}*-wymxypJSK%9^}vCfo4d+je)dgn<-^*w;Txz? zyDmVPL1&qNu|$9g9IOIn?V1AAUe)L^W@mKQU)fMn6n(K63UP{^4Po&L`Q2zl-#m=R z_c=teh;|%=3A6+Sgt`->Ub){VQcHGdv3F5~%58SPOcb!0Eiqmh_-JmJ>7dN|yC8vLN^#_&Yg%%m-;`N6)2^Gp zmG$?TK@BcEykq}aCHKE8%2L;<@%INwz=!``o}w;F{92>?svXD8y-F?ezuR%JOLNaW zWu|5l25xR7XsUevj9$k7y@TW$m}&(*RX4EK46Fk2kUmGf1Rb@j6=zhUHA=r5YESbL zI4}98tf=nnZ_tQu0iJN^(|`JTV>Hv>8ptoT{@eNb`+u!)yQLEN--Sz`awO^S+?P&_ zL5CLiYMtGpg!KtO7TdcL#({m8bNlL}X5YzgpHGNi|9(%6_wee?_XkYPSFbqH|KQ%Z zdd>Ok&as_t)-Teemk`??e6MzT;fK`au2K|DEFhWbuD?0bJq#eB}S) z1u%pEf9yQ_0aY2XnwuIgDvnjqVw^bFm6Ce{!tm);q+RsSo07Sh>>feLM<&GBnpvjv zg7E82cok!zOjjWoOM3NNf*1r@KVST--_&_hw7ay77!DSW7+ED*u5x(6{~VMzY$wb> zIzFfCy3O(CS5IDG;OFJs?^$+v3&W}h6%hX-mxN8$!oU7=jXYIOfz-H~v(+f|_)Gt= z&}3n?1NHrF>N2N==j|gKoQClgm72OBZ=6wGB?$FQadBJ^4-^vLdjTflviI}IBY0Ig z6_{v^sqQc`^Hw3e8Er86qVlC7O0 zUfRuC=a}d50zs=&UCASF^qQIm$)$lTwy)@Th?J8fBBBs*KRTP8B~-(RdqJlg zAV|jHzwVMlk5-vcVB98Zl$S?75i9{y3-=F8&5KRhP5KtaRty8}J13=)3Juzi>tFBo ziK`{z;`~#4B`)vC1~j1-x}&3=5c3ADrGK5xvlxxKI1Nkr#Cpdb`ux3j9`6)bRe0MM zvuRmlzq5B)E3au0U!@AalDO!V>=st*Nf&2M_j2s35CO>7|%jJeQhTNFu+U*=AfIE3MLStQ2mOz0l~-xaEYg}78j!UV0M0}9<4SGq=VyO)1#gA*>|Od>S#GlI0=fLQsV40U+Y=z# z?)t4$WnE7x0ds*&A7C*?K>)=xla27%oub!RJ;W|C@xtb~{=T?4XRcSa*rYwjaGpJ2 z@NHrQ5g!o|5ota!W|LQ30g%oj>lG3@Bgg$H4c4OddTqPOukHvG3Ln3k2DW%6{O{pX z>;%cI6SiGm+o!VD-Y+O9>aPrqp8%Zs-j&RXN7KWkJ*Bc53N>9)8r?1DMszHL!MXMR zJ-1vX#SVv2eJNNUIIok>Wb)aZQ-9oc{>vK}uyyu-RjRDG;5@VE1JQ8fve)%I4?)S3 zZ^yIP+yVw6@~^!}Mvb}Xxq=>dFDqOtGb3Ylu09Dim?BVKk(*nTUI7g275%@`&Y%8z z{6gxh*JF&rk+w(rWkf?@;9M=@b(lDnTt4^`35{SNs((n%Ad30n@8f;D_Ol0R9336O z7YMBFoF|o2>=9AGm9?oKYI#AB5Xe)v79g7Xow|#AE z?*#TlypQ%viDHWl$snh{hE{HdQ7tsQ8T??Hf8!oD-Kki7`%8ax47lt9$(5WC%Vd0o z!iq;b{CsDM6B+NT9Okl?OT{Nnui@--Ub!sT{$B*1(Q4`8u5(#8K$MM6)~+v2iDNPY zZ>j^EUbzN65DPv@_BtN2otLr{243{#N)OQ^qZye-UC-RG?}7GvvI0(KW<*{u?hh4; z%&>gn$iYnc?F2ZGQnedL?vRdDlNQUeNgbu}dpy z8MAIyVW(2E(7Pqog>S||ADe;CXAK&`_o(T-bc?oi{MrZH2_CL)3;c6+7c8Myr+}nA z4qBe>ZmNb`%J1xrtaCi*P)r=F(2<{#6u`b8S!cIe=r=s6&<9J$^C|erINQt@UuSNC zXAlHN_YX#j*BfNZ*9pk^io)OPD7x5y zu-oFR5Xb9O^vrd-z;?jaMUInwPr_LpYn*;@_E&&SVC_nF|MnhyzR9atg(y4FCNTQ$ zL;kwJz=p_R1DmPbixP*(cDAQ)SG8NmDWmGDWkq(viLwUtOWyXtQE#&P9t#-HycPFSP~2H*+L^Jd5RF7+@p99_N8+RDy5ciYc~|f328yD<>=e@C7?ml;8OEV{p#0 ziFf4i%W-Z+McotU;{&kv9R-cE1m%>+!Yr!N5`sF@ zf_pd!$GL6zpwn>h1Y^U$*ug5zS`t%@0%-@|EpjW}G@RZ$16 z57ez~*FVrxS|>wQBK7N8H3glPhH+b^f*)|K2ki-4!&gD_;wX?vU5^2U&hDEi}+5e?PGP>PV6qp(C05D`S`5ne%Qe z0|uLq9&!WF;xJ-{En*cSoo*Rdi840l#J2c`kdbK3C=3%`zY!K!X`ky3zQv-i#_bZ$sm`ohBz`fodNKq6w#D5V#*9 zyVhg1{%}hj(@>lpK`+^&37eV94NfcS8v%K!&ecch3`%Mv0+EXM*(<7Jv3+>*!m^0x z2B>QVS#~U2!@devxokltv;`@8B_V-@XD zCv#qbom99jm3+=5tsu?eKNfZDf#b0YcVS_LaSynyW}}4gLuPb?v!gkiVOEa_0Q$>_ zcltWx97RBC#Xqe1SWnZ!)|9r9+#>*<`$Z*qC^9QJkCUn^3s}0U>)(3){}}e-{;}6> z5Z1)sv_#}Ok;dut4C;|qj!X~esQ>CN-=L`4dy+WW)ocxborxSk^5gujHuWd)`I))- zF}=GSdVUn!e3A189!=@lb~^)AF>{o4rw+vMYX4&ok z0@0+Rs+97Xb%i@ieR$OIqtddx&oAsQ)TnQo0}uJeCKI-!P8ZSiLF_ zuYz>irZXsz5Ha>A2so^ZnsZ8kudQGuq!MyH%Ggqr_wDJb%RU5>hP1>KmZW68*Io)Z zP$oz6 zm>*@dvy7b>W0a76pTQVpXY9<_hB>#szjMxC=k@#dyk6&c`O9m}=l^vnl6>==YaS~q zh;ll(?U&heR4-Pq?_d6@W_@zqM^JVlUpFRn{UdJBUiEbcPHb2^l^8PWGE`vAx)8Hs zDZ9r;xF@Lhrj9-ab?1tCZ;!H&x}3n!81MW<Z8L4c7~7b~3-G;=UTHpGf}ICEQYg8~V>r5fHzy6e|izc1|2qF3(fQ}}ZdztXyC0S`f8=MN13B1}Q&UV01P=LO zs_t5|)t(x4&YzM`n&EG0z9h17F+rk>Z0j3+oXeUH^5>wJL zkHuf>KUT{(lsB-a7V=BWU_0(y;<<9{^~R4sKmXoKIJNk}oSTKl6td>?b~8y#?jpu% zz+td<%l6nNX%}{%AUUh}+{H{|_4kS_{A{&m&X=wo|o4S0=SM}=2T=o@eTl1tH3 zQ@1=Rmm-A(l0?JSz6Csi^~wnx;7|Ud^(Bl%D>-)$H^NSMr+uMC9c4AM`-;K}p9(3u zH8|21=U7Mn(&qEwphtexLS3@=9Y3ZFh4I+tYmL+UcMG@FrltB2*QSx>)r|!fdGByj ze6#XdNMpfnjZcn~Jyn{)CG}xReQ0PlHPuW9$k-l>y>y{IeT-l%3e|;d&(I7pq~V#md%YbJ)2yd_15;L2FB8&&T}3DQEMT0w>Bj009+a5~sNH z%Dt5fkaAOb7Xx%V*Wx|VYHyBzWt^Vb?j{ZGY8da`xNkj}Dj1J9KovO-Kc8$`1!@GQ z96HHwa*ya32NIf46Y6CqN-xYCEl^gBkTOH**Iq#iAu;Wdkip{q3KZk)ZT35=W1=QI z&#j$G6J2?%$7EkkzSXOea2s7se6w+>mJQ~CybHxAP0bRc>sD{dwn1<|T((Bq9P=Xu zjI$j7Ls{zBLMq{0jO;6kMZHo7rw?2gc*h-Bdou?c659&-mN8Bi1N?4Q1F^ps1$i_H zEA{(q(m@S-P{9=Wuay~l&Nc4I8-5jS9o-iM{b{2z(MEOQVuX4D6Vd7EVXgH!%R-MR zuNOB$_yo;_*_#5}cBm1ii5=vGa>14YQ<{#uQxWey3&#z_DCVu=^fAu@je^;i8;%&c zMBKJsB`ogTtxfZxH-ZaDYVL@^q44Ng&x@C~VudY+Ft!8BGuf@BAJwgOQ}|9#=L-|b zkrEAi_VRptCwXg#u8~W&mvA1xz}wPL{<&#i{KLE4?Ej=$C-C zPGl3!N*ne+p7*rxY4a}$#j)~b*TFmD()tUVyZP_wmzI6IDJ-!=x*|O5NJD}G9~>DCZOZ1b(znAx1k z`mY`O7hSRr2M7Di8H_Xh6Vo#jB%wt*!}`q~nYZVeBQ$lYR3;*a+Y5%i@5ZR@%h+pV zGS)UlzdzZj)~xp2<#7%1YO=ycw%I18aqhcm*H>+#^>Aj^;Fdxg*ENeM(9cIgUwhVE3;{se6(V$9#}OGg*K` z<-Ofk^h@SKbqU?;Q`5XC>*+T2_BxY|ixiZSxF&8X`Om&-V|Ro(?v|SOnw-~xw^x$Y zxwaM7wlvS>iXN_W0iO^U@4ny4l8UnoLLdJ@BVCB44|cIPP@HjsQ*ZX$DzS{-g2!`u zM!a(y`5$~1XMe+#H-AR#FPj>X%et3Hr_k-y_b0tQ`C=X$TB_zbv%Gv!%m}v4mZc9$FI9b_t70Q&aJ>Da# z1(l7&abV2$>gV;EG&47g4Jy_@>Xf$ynCWf_kul>yBMM{>mV=~L2$xcGudv@f??_|M zu{orqVkJAl%=EDTMJVSURh<2;e3{hQ|P4jNcA9h|tbE56pG4?r-!mm%xrQ1Z6 z`lr@w-@xbywba(8GRR&|GB(lvlr291gq4gbt~Q};R_9#v37RnB3l zYu>%317#0-q#`8TGE1BMDNjZki>vD`S0~;sj4N3g85Z9*;=1RT@ccr*02lUgm3^5J zoBu3BijVlysy8{wA!*BMQ(Rw-R)>-&Rj`ho+kskEk)DW+&$c<1x@xAS>PSS=d+c7W zt73z|T{wBE#y?;BCZOC+Edn+Giwvr!+K+!*_4GDNVIt;#YSsFNiL{A#GN4CI!b zlbYozvLAJEup1lP^sp-UZ1{y@Q{d-$D0S8zc$<%}zTzgI7v-tK@FJ0?M2xK0{TQA> zE~FiER*awb-;vSuS^LxgNn`*DCP>Ve!+U4Oo!Kf;mo z95+-hcz?&e6Kgdc_4UCY?P7V=ONp9F=RXMuT1JFNgv;SF zBU~V{91`RGiwTY)#s?d)|4ui|O=9JsSy6!&-09S~AJ5L+>x#}CrtG2_j)zL{??<=~p(TqV*>~koFd0MfKKwmhgCe)Ngt$@c3vz6h+GZ?NrSdag>LENyw@RgFLALjkEj1PV#{ZxX;g%ullU= zS^3|Q-Jf_6-L$6q!oTk@p2-(AKSH=_e=j%aq<0%!tX#lHf6FfD9!$0X{$}|UwqRNh zEcThX@$j?#xpRXT7EI1f`nA8mv!XgcE9{c-`JuZPyGZp;bc+Og-Bz8I0V%DmRp|~& z>2+6CWPHi5NRfK)k`az0JNwOWVznTtkD! zYtQFJrAj4P1^w!qm8r$o>L{;^uVo&u#kPkfkmQHsxkzv zL+j_)kjX1-?(MYOrUl8T`EtFkR)dyfjw=u}y*}URk6}O@cTNI~EFNa2Vw3o3KAGa5 zFF$Vb#m8;u^5Nnc8E0`-YTZLqmt~&zk!Om}q3eh7owS^vtP6SX4u199fKEUT~` z$nVOkaMTU$2N4kuMaBUE*xqOLPP5a%G}+zgj+TvBc@mv zZPYe{*gai?JQujo50)hkoAx9kJaYjZnnYGq)F|K7^AF+oqwe#qIHY5lY4YR_DK4PO zgmb6p#O@#E?>Lfgk~@oU!MV7og~BhH7Ml7el|KX@H&``1Ww&VD3$2j{zI#(36G7UZ zVeH~>(H8V)$Y@wO=skE*sjnKbGt{?fh-olo_X`?+km)X|w5Fw{(H_Z~*(CMemN5yc zYcg>nX|5YA%P7M--PDv9CW!kK;IO|h(2{h?c8-Vk(T*2oVwHB7Tu_lFJkh z#dmBZlIOMESCcmIVjqokpQ%Fz_23&clYXw>u9?SPU!R*&SP@Gi8tcgV6&``o70Th& zp{vR+vxGJ6qcPi5;N+~$)v>shJ1WAdH;^+C)ot|HH@~3}SG^`IM$0yt#+CU&ozb6m7 z1$-X!*D_n=db5N31!~4Kg`g=0#3m2gZ^T%|&Y?_#YExB3+&t(k88&_a=RJ{}wk=Fb z3Rrk83)|(6i${M}o;DcNg)?lCu|tl*n`?#!uN~tPSZ99imZXV~mgZvp7sgrR=X(8A z2{dvhulc>M%kcA?Kb)KV3zC$tIbIfxkrN)r4 z4qG}>{^N9#cB}>vPi}M~{cUvsBc|IuUj3P=q43FDdngy`KVuKq>Kt~*2}to$5GMKRt6oxuK5iZfwqqgMZ`m6a>yUiP)!1(>&0nOGPAt}fcnpuY@Vn@;=koL*2$HX!xeW%u zAR!n_F{DAINoCiznjgt~^;?z2uzxx{uym#8k#DT_Xe`%0EVZ0;-_YwEEq=c_8x{cl zqzM_`Ht;kaa@-lN|G1@lQ7A^6I?3)zmCQZ0k?{C2V;s(oU+BDx#LCC{P*om9R|)ls z63F+&1Zy%VflkKp#WP&xd*N{WI_HHTQ`)(GCLX95cMjUJP&4RIbv*g%jL){uu@Nlr zx1%L@y&m6%JoJkI&!r;&{9$wzmE&~`q(`viD}LpgYI$Vyx96tf`H4&8cAc!{H`nby z)GlDjMtawQf1qH8hz>P*4_Mkwou{?^5PH8Nt`3ST-qQ&_j)o-&-fiiRIfQ>UC~l%D zJ(NGTFR$j|YTs33uVIjv`r9P8GMg~e8V}TrJT(PKS}zKz&b4Tsb>xn=gwZsqV^s*O zV&Uz*&glxg<@kWr!IE!lfvWT{^Dq1JBUJ_dT&In~I=G+S`?*)Q>xn;nDscrzr@W>n zMTI!)!_KfFe(BxK%}j%%b0YsnA|cUvaa0l)lDu# z4eC=xyw$H_HQF3u7FMA74so9%y0UO{=BYX;!S!cXh;vXiABBV7F^BoCkmSC#hZ4z* zh#xfMrHE4@_<|d0xkSq!y-?2Ig6@|V#6RuC%iD@+fmSQaYN_5Z=iX0K@HNxt^Aqxc zjwO!#X0GS>_fv41rgDwj3ZsYdGy>0c$#c~i>(HzGYmy6(KhE1GO)v3I?b^HK7|iq2 zZ*dVg@y#-IL7Qw*^8{80$CQ{cw}te1T)dAz{CKFXHZ4l-3-95DPgd<=!q+E^ADGz< zwcBaPnZNb40C?ow>vyify3kn>hhD%R=Gn_Vd>E-Nhf#I zHI#PdkUm_Y=*}dQPyDA(Gg!TClB1$`WOI5$lI7LA;%Yzq@VV|@`H%bdiXUw}f++x+ znQ~TgGI&~lyu0R)^gWYLxFu8d>^Ns9=0)-FTke=0>*G|4 z(9U53;dMWg4iAs4grJAlm`m{~f4uXiQ$lrmzJO)-pp* z@E?17<%2TTH(BcD>P&QRTuUgp&3D&gu9Qk0mb)V~GcsDWJ;la$7xf+!cGapd-9)}& z@3R>#@QyazYK7IVw}Z0#H5=tCbVLsKl#Yy?k-f71=4O7(ckgz+@NIA={Y_+4&JK#8 zDgBD~oJoWXCG@L#y5OwZCfV4IfW#na+FwxmX}JnGiXxXFcj=JuF$^nEzBK-AJsR}; zyMaA1sqovK!^6=lFzHjH#rw@$iL_(i`r9M>JwD0j#!v2j<}N9eka(znR5#+}Fx1o? z%e`-znB;42aQS$x@7tT`T6s?MIAP(IRAP-Fov>v5ox_~Og1kGwSKhx;?mn*|t`gk> zK~P}_95||0pCa}$Kg{3toiLXw$)OP#8FUhI72pJ|1g^ukYTQ^HFe2zQxp`o+9SbB^uKljSl)&x=%RC z!AxOXm+dOqb!?*8I7gau^?0PUiB=o)@*YE_59atDN%{zHX8tS6ZsfJWEc)b#v+wU! z`7Cw9^Amwsfc}ywm)x8M6G)s29TEF(Ys(sVr>oc#{d7$FaxQdQ_ za8+vA`XpTxJ3lPt92wSQ1ph`qv7c`}(dYQiN}i8ASgX?!)C~VdBi7T{z>xOPrK>0Q z$s56%d7mM~MNj3-Y$ltiG#PyVbob+vl2g=qs+Y27&3;9kazdc{Agk-_sJ!S;cWt2U zSr1_`-Pw`z^mQ;L!K-I3zQsog^m}CapYbiW(*Nh<=Y^XC*V_{bOQGXue>f02>tp~w z|37`>{|!g$U?KiraKQh+9mUL&j*jV)1P9X-nU|@c^)eXTfJ8mR2U-~G-a{naQePzL`z+_uA3z9-zmds#QwBJfBr=_Cg_l$XpN9xV zc==aPr>;imi4DYkJT%pT)QwO^YF6#9N9u_UiF_^m-Y^Nea*sh#pryZ1iQ5_4y0{uD z=ujMl5Cs|{CG548KKt9mm6fp$ylZfpPO>=&oVah1kwK4xbE_i@&4XCOIMEWA;#}Mh zk*pxDeRwoX*5Atk-`O@j+*TP=VytP)2)~={8{W}EoTpDtIW?kE zm&uyQeDi@|xjq+|iHUyz?O#WY-fN5VBOPs>t**hD$=QfJQwitInK`cIp+Zgb%*W-; z8d0?kg{+_zIT|>Ft%O6p?jq1vi<%64Cv*uGH2ifdaIydDj8y3QIXYV7Ys(*mOsBIF zBf|>gqHP3qa9KBl&M9y|s4NIol|aw9IQJ4FXl{u9$VOFuHc(JN=SBv(Wf|+Jud_vY zc}Ypp()x*y4wTxuEUj8$v%;;MYuVU|7q3|jPpTLNhc!xjBMK3wIvqb8TV~)cbqpi5 zj-vL9Gwkyg!#SaK`I;&(9X+d4Ej(9`oK4Q}t=r^3$^%{NFBkp{+}_fX4@qTEU!~Z?f)*4;3ok-h(f*# zTfr<7Lkhi7w`s@9A<`?py+^%BhKm;lut^9L^^)kMaPQqZLFxUy8<&ULCJpq118T&Q zdPeWN?=gC>-jRNd%gVLQQr_2R<1ke?e~>1Y?AkXrA(oe!Fl*%mZ2F$^*+%$?O49^w zoZY>JO0?*Ay2jP{9W$pkT&yz)xmJJURC0N?z93#7e{^*I(!~oGuFo$`RBKtbMo*oD zF>qYHJT`4!KxsJ@!spSB^*{DT)YecTy6Z zp-B5pKfwk?cd_chFyzJ8Y!?ilZ)|?0maHs&34#O8tdn}pp?+EX}LiOG?{>HcbL zdDMIed)@M6fgb(J-2wO!kb#`m09|yr3dpOVayfOcJ%=JyDerxF2uL(h;a<)_hFo90 z6o3A_uY+iuDFok8vW;(UaTabZ3#_;LXMuu(zXxwkZFY2qbi**cJtTF-$Q&UIsb zAOlE6Huy1}x)R~+E zmetICmSS3gf3Fc1e=n|s z`!z~ZL$8&W;j)wKgR)AH$*z<)ur=ff=9#ev>oQO^POW7SJlEG?*B1g@ckzsavf;t+L7(8^V69;U{M9@#wqPZA(p<+voJH1hzNN{8u zaV<7iRxtLa-1|ptT}u7-FhOjze7tDyr=^(S__GJ!lDuYx9gHltQ+M)fK(k?a$t^Ac zjDVrOe@~shrEHtFnAqN`7>0#VjvL8JBENI!bWn43%hyAO8-zP$);fqKxgx~t(cqfM zKbQjk(A)?h2CAD1f9%-QygY;JthJd+_l!{T{}?lLeb7br)CUcBP9PVlig?eG^|G(* z;+sy>bS;{B2{6}uN-Q>&pL6lXwjhL0QM%|-U%9r$#-oK7&o0ebP8WKAa0cC(rD zZHeX#5R&||E`>#Ca2Qlq2Lxv-glHC=t*zw$*nb7pzQpK=&Wl47G&42}u3qcKtaA!I zL!Dc#e`5cxAT2oRIfir787;GsHPw|1Lqd$vROn!E4gq7>+p|8GTDSTeBRqheo(8wa z967|_txZk!_8^fM{@&Z(v2(WBLx;Af%QP7qe?I;1x~s(;zB~Rm%2z5k7= z6%}wYfzgo3C+SYom_$zJ)84VJGKeiVI~IOQjVVhz$tiGkS=yMJMr-!>DVd%D+Zj60 zJl3L_8x@s4(42-smDGdQ_M4nFn^S7yC?#%H9wD`_RM?l;;nkUcC#TgEbRhK#n^}*` zN$V3UqOQ~VG5rJ7LQx}PLBL<#n8((sONS(-`yanQcw~gt7pWj!a(7?Lw#5`ceXytB z&wXSde&nG0=CuhBM0G*49_3c+In#AQvExa3rQ&qfWrBY12u_Oj{Grdr*b{VqEecB& zgv}s|)v%>PIUm{CnJ;mMmPxN%yJkRQxVX3BXfrs`R8ox$Qn`7y!N`}-yrR9==K9pw z7}*DJ^IY_!kr&jXY*5A6zNvLSQks9{at)#M^+Z_R;UhHh2F~b9=y`{EUkaDS2 zqbS@2-Lc=^E^)*zXSXD!H~6xvsVx2en-J$RBb69NM~vO%grLdZ12L8Dj{4PA(ZPCmx35`Lj2_DlIE0Qw zwl$K(W;8T$_iMrViN$qepE|~H4FqD}{oLEHSYj~kKwk=OF8{$`CuXPmtq;dJO_ zcTt)x<%t3v!`3FIwz}DVS1PJz)z0u6-NCZMYTEvu+saTe(l$6hF8eiK@?%zld6e{r zczoAEtDG0<`UEQRYwDerb0%!6g`yAFS+36SAos4iym34mE#n^_*A8Kxi9t{&=?p)t zCUQ!(4Cm-M3MR0mvS8kXoc};0U^D7qF)}umqi7p2optNY6oM@^6%YZY@Pqhj*VcBa)TB$dPJtSioK$Kf z#nE9y>QyYPP+!c7f6!^^`on>qmX{tEyzHqFCD{ZE zg<5q~`^)REaUD9|!pp+)G^O~7hMm4$>| zq<5<>FBI}tLcT6Bdvog~z-z;5q`jctwIb8F|7dk6?NuVn3`J~6tag+2#`18T^D#!& zgznPysmwof`1hID0&_Ss4NVgp5lNIq6j5PaCfcV;Vq6kD;Kcf*Btt$v9|=uYWo2Bu z6t8&S#(FP9+g@k^Cfdc!CBsY>X&gCwuVBQ^X{5cct#`O%bhK@<=cRYgVUW7fSYv>f z9j+?Ww{)u1)11+(u&P zG+Ze*p}MQfz%jL%=rSe_r=|_^?{&y;)>*cz1t4D~G`+Gci~-NN58B=)7t? z5jb6Qdj;?es$vi}PrFwg+3E-mn`;ZMb2I-rl-)r+KL=o#vppWR#l?hi9(Uhb-bSCw z!N?=mw_lBh3bNO&fAl>pjtuE08rNG|%%RR-JW^Cw`!s*4P6NEW^Re#-xzZYd2C1k< zL6wJMNEBs2J|eBJbG(|WG!|sQr>;tYKe4TfIZl*XYeLEa^W%o(>3%hl zLZ9>@f*|5nu^;>$Bby$Cbu6&P9DQ%?u!ulXT0ZvlR48l0haX%iDFalGiI35JyVCS1H%LJFY%!AG7&mQGOgdl2XSyPacbO#M?sL^g zMxkP(&`&IoA`lA;6^)e{&A%6i%|$}u06lENd*$%qDzW?59a%u9dJRou^YZjafX)Cq zeMH-tLW!>N)mP-7@KJE%*_iqWKHHL4$PneSbgBTTrtKQMII)l%MU~O zcOp}h5Ps5hjMEw<7MDomEuScYcf>f{=r8ZezcS@MB#$AKJWCL${c1$e~c@Opb^?Zkzih zBnghsqvDQWTLO-CDN|uTw8nFFVKF^1T^2U=U*)+fY71Mio5Oqm0i@{JuNH>jQBzw?_e_KX^{Db#Rn zY_Jv5TJ+umFhZ$<9X`-}ba*}j5rgRvGWsrUoU9%Bi;0W-koJQ9JzdjYhIX2!LeoGN zw*_7qn8?*ID@6{dTk@BL$?9@QB3Yx{;I(UcFmMtimnmS%WV)DN{%Ovy@u;=W(@=FQ zzNe8KN$^5=UH0ONN`G0QJej8Mrc}Br?TtV#J=zDB+eN z=Q;??ASZ#nuBy>}Y2yd8qeeRNW@EiY@SV;@4kU?`ns!KXT&A3|2bdYrW85 zh}2lf2oo@>glaBaflH!c?b=|AHH0QoJ_svzR~l$TP(2oVLfwvDfjDyylf@_GhNJi+OYK5fQW0k=;QXRd~2YPJw6BUK{)Rj ztMSF!!eZ_j+iXq81%575F6Oc$;BPkU&tyAu^#hk67wLP8RJc|V?X6M8VdpZsz*@^V z{KtDR0q-I0AUfoNY4+@Ij#smN-*SsPCR6VCV5NE{&QeU>I5FVw`lLn;){bVt5q?hR z1Qsw8eM1UpCX5#Y;bn{WWm5YC;*Np=lapPGpsG5k+g1#`*4;+O@$b*S$ed)LeR(iz zOrrBE)k_xRoG3ijd0Y;5I$ITBG0~jhMCWwl2s1RG_ks@0%}e!{!P~i`x>$RMp{le! zx&YH7B5Rb-a5TPtQ`Vr-AI8MAfHS#!2)OYOKfb3(y1!&2eSeF%seqzSXsSM#6yPOi z-4#$aEF8!bpS63^TP66WD1+xUj%}}a>R>WIGSQdC#w2_Ves)973kt5|17F~vjh>V@ zT7*jxuYrt(742AOxA}_rAQ%l*@wp54;delg1fJ3=`8c8(h?!byW-7l(71ONg@`yQt zcYRY=9+Xeic!$W(4p>>O1ws}dMw0~dFIX%9H4=~qFvkcYrI$rraaB4#<1Atyd)iI| z{o8Bb7EOXlt|kx`*#EoWmRDf!I5^dIso$_^ZOfeRDpHX2{W~hN^c(>QiWuDZKaGY_ z+kAMSM;qSYIuok}oM00x$&RoAJ6~1`cu-rmBlbDdqn)Ew0mAuA*|3nXsiuHw*_%Z$ ziDR|}s68x_bcwUMad917VCXQ`_1ryHUuI*SV=E<7*kc7NzqXyg36mi|4Ml(a=-}k! zGB*QOM~5jP2>=ru(!V=&^ixK*Ab-nx;{-p;|Fu-y%k?!i>vOkKv(thG+Sid_ts9(( zM=Tt-lV|Qlm0o19^i*a<^YXG-^F`E#E1^KB0c2A}RzYdCf{cPE{mo{wrl{Jq`YU=S zb@rgx463%J{*M9|4|apIbIVPTgQ$8W<)&7!xx|Pg<~!!ADXVH5@#4k9-2>I}-^;11 z@yHk57u=T2g#K471lAm=EH+Xzve#=>uS{a#6u0e+IA-MHkoIe=jdJGE^hJCC4pjEY z_tVKg=7VaA$FS3#L;xqA;|;Qb+(Qu(1TTS7q~o>P`}U6OGrw`U^~$p93i)x?QE5_y zU)$)mMKWEKFEjDT$CL>Kr6jz6xFLEa^$W^(ymMGn25?WMC*T_hqcih4Wd_3$&e5x@ ztYmtxbM+|%{RU`kH2E!=?N7NtQv>bF%*%k+v&*wMiTLlNBq{Drj?aetXS9>&q;c6}LX;k&ABMRbJ?wiZs zb31^dL^sQfe)gj~7r`xBrOQ0wxl zfIhUxX^BJjrV?!XV}OiKX>VOj;Tq9;gW`6}bY z*qGRWxJwas&G08Z4(M*op(jA8511D2(YIfS17=NQ=*I8ypn>$`*SpCGC*ZHx`>XT~ z8sG^{RE*aT$!*=!;1uz#Uk3s}8!#j zY;RwTkTzBS`~dQ)(_`}`5&EorV;oyzc&t%{C@HXAU0Xndcl!V-pCr@47u);HtpH$? z-siYl{wrwUgRuTpANK1)sx-DE9hwuw%?GGKn3CbYxPK@2FE;Df^TT%2)hM z0uYCI4AlzOO0=r?PZ|_+EgXTWPZ-Gul50S)wdRA<4+f;wR@eCuPffAU#PdVSa>33? zr+Xc#U%Fzqq{~D1W}j243Yf@tM4&<_9(EbzK_l(o^MN>ckFP3AwMheD26{VqjTj}>L`+AZ4c=Gv(f6ctNAVuZYzNFa&uq7iQBUqmnfH45+7X;tC z%&*c}oa;BogHE-Jil!}WyH0LdoXs~y2+Vi4>OaQgpsJ~{m$3LZCk+J(WiRX6V~1rkItgvGTww>GfMab_oUlKw~6Yie|*SWK^5 z)V4d9DO$2h0|R&1_Ar8OxUXZJ=?N~t8(jtWT{ko&My(MMQ{VKwW`fA3Jb&K$!rAke zqXea)kV(b{n8X58_AxC3-e=ivy4gLK!D*-`^b5^Zw849ET;y$iUD*W~Z?h zl2B;wsg?%NpEc{Dvj5^b$0Q6~e#|N3|IqT(f=@UIq=;Bo`~!PO{AefWOleaSsjks# zGKgupJeU-s94(0CJR8GV)mg9HMF*yJ#X9}vCxyXl)+k-2?o#MjE?>K|Tw^E+C-%Vp zZUmz7wdc4F5FR@HECV3MF~C1n_zL%B+{@{jhhc9C;)C@S8@$rd>sPLkfgTg^h9ra> zDCL=;VTB;OcO3kUgVsW7%paIJJ#E?=Ak<$)Yk*P@Rn}1!)g02U$aX@_{Xs=?(73cb zRvT+rZBHmzM>6XagCvNfg!7W=jpKV8ElvYNJLH7{$;jkxZw0r#E$7j3QvHyzQc&@m zx=OH-L1CA<79)G};CDhHNQZN#*=jf37LL>hD;2K;9SUS*NTfxtHw?8WDA1M(Y7DNp z>Y$OIU!OaI6Bnwj@?5I9fWe23W#6uSQ+AEd#Z3)$wBt zJ^&zSaFv5};L0jd>3lp*={4?RkB*E!hogcj$56!%ZzB7alvI0GV!lPk+0y9Joq2wc z)lGnzyQdIg<<#~2o>qFGPF;|8gnVHPz2i}tvrCZ6Dc)QCD z=|TbmCvt)0k$iIsC>|&|OPMu!=z%mPhp)TuJworuvjfUTfI_{P0c^yhZRRk-s8vvH z0WA}X)a^dH$jbRC-73TwPP(P2H%y^9hbKcaNY#6K@!suwMWBRS3v<;%TkDhtkmTHt zOonaBK)GJp_uyWi^XbJwSAbVU2gF(UAGi!}1F?nX@2vs>k3Mv;3Yni_(2pyVB{9ID zwA>S=$eWG5KlPnVWw_-0CQ3~UtIp~|RAeN;+s$n3Y0}^J6PUZrTu#oS@i6=K&+pC9 zcOCL9tn|Q2tuOyBnI76<73&-Z`EM9S>aJ9oU2#r&YE9+FD?;8_e${QC%GHITDji0K zR+b2(lJU~f+```=?Ki@WrPkCodl4IpHZ0u6r>TWXTy#PJvbAX0fwD7l$eN`DxSWN) zg9m2=d6wYhGOp-8ISQO;Qt13x>1R35@A0{O8l!f)ZMIJ$#p($T0BV0d$mfY^iIv{x zyd(4!@fBfOSZT)Hx|rH)B<_e+CEqP#7Y70o=%mKzoTDx~3D@1_m1<6uY>$9+n&E`W zMHB|$yX~hR)naTSQw5D&1Q|@Vn#%kikvw+eOuy(E(Q1fZ(2)#ce^8v*OeE9S6 zW@BMPY8DU=JEJ30>o#v39!2>YdAlV7W3&S<9>|ncF@&!MobKpRVt-qA=*DL#9v{bW zO8XsLuibcsA3p4PueOd<6>xF^wZgXr?`sX_l+ZfY;!d_DYBHbHy2e!J^8L&Xs6Gr0s z)v!z;q;+;)b4^Dzw5-$x+=jj?Q2|oHK`2Nf$G+=(gjRJw>cve=a@C6CnWcY z95dtcKRbu}JBRndmP3-bj`X@!?9-IP}TLuu@ z%Rp9>$YIX&49UX3IXhNgx2N9&lIcsFvQynC^YI6nkovF9jjwn6P)CzN2V-E5@Pc|p z$z{RDHD}bCDGE=fJ0EjR#DAy;Na(msR386GEJ;R~Q3#tNzyY`YY?t;8{LXT=41pk7 z4KxP_vpyBjtEO7sA9V-cAosn?hYbLKEf;8@H5|c`>8*hn*YaRTYm)+GTqhF)f2IshB8GJ}Ptkz>qmRKMrNCJ9B?u(Q8 zC0MTG;};!^Isri1Y}A;ok=EWTieOhp6SmlDgHr^n&M~L zDE(HTFGY5jloQvLaUq9MqJH(i_KSy>KY+v-IE;W8k#XUPzz{!R%3hB=l_@K<_dQ%? zpgie<(0~HqZPIX_DWBFzK*QlLZ_Q;~IhvAnrJ7YRfSG8thhrv)b4s52Xg^;CN{FC3 zD(BPbF+KAdps{X^5|Gy58X#PipAyR~nJnqG!hstQls@?5{!@Yb577ET0>uv?`oWtM z9T6TC)ys_SmGV0TWv`bKPFILhN75VuW!RC&Uamm0M4sLWU%mg;lhs-p^rPsGSZe)R z&);|U258D{myu1(ePUJJSTjSCb$dt8Lc7ZDOjnOkzfnUVj0PEW1!|>H$1F=H&`5*v0G1g3!_eCWoc!nTcP&P^ zn3#9Fk#ej{#GR5(WV929LEd^)rV&{OqP1gcofPcU;#ZM7i2Fyh3>;E6v-5_#tYs!h zM@lwWN7F`s*}bD)z*<9$*FeWUhvUDP0_COp%1YE#|K9Jd*owq6;2xAIySXYcP!|(c zs@45LNYJ6qR|}+?ZJDoQGC;bd+XGsT{v^6uZ8a~9ameQyw^{TCMyhrTYxS=Vx@hb$ zWxua8^^cf3*xF`-Ds+Z-=^;Q-nuPb4^goy&5zYZIeH|VjBU+)96@M6NK8y*VjbZz7X0g##2V9zR7pTm1Y z`jJ=9v-~){d>~K<>eCYFH=w=)Kb;)~AT9)maMeYUmp;h%7l*aB4G{1F$Vd&x*ZB3G zw(cA%A0O}XuR@0UFPwl7klEYxNLx$GU3rRBgYUvbRpg&~joh7N| z@F{xa^EI|z(S2#{&hUKWX5Mb_v$$vZAwo~%)z+qNeN8b6%lzlQ_K1FeB~xK>YWohN z5%vo2$F^GqF*{yKHot{vs+MS*5jyt3dA}cg({B{!x|9LCJo9fF9gWN#RVQMYR*(wR zdib-*lF+Z(q%p^T{yhHgx6695R7~}4Ezja6R&CCqV{v=r*-IUe?4MGFT;s2PNw$Ta z4xYSG`fz*l(S5lWK~}#fi0tQi3Omevk8j&7lm*VMQw}=hOY;}j>GEA8q)m2Ll7w%y ze3g7Z6*1vFyxv5rxz!8E@e6|8HpJwZ=S#vDl_cHN zcw62~v_skDV2ke;DzCeQ!QJi45^TwPyTY|)b4aGmVujU?7vz~-%?m{FPg!-1^_!Eu z7%FLnI2CLg%YHno`RP%bYZ$%j*lPIAjhnYy{&JW9ar_?>m<7~d|GvuUcuacaNYo$c ztX=FYkY&BTE|50Ju`D2^t6ewAoTz#~;5XCO==@rsS%z`zl~NE9hW3zeM86p@nd?gka4LpmNLrAxX&K)ORxKm_UT?nXemySw|_ z-h0kH_q*>H4*%5Ov-e(W%{Av-dv~GzA}*F2Q2kU}iXUTn4tKALPNraZ$jXQ>>E^}8 zfMxBvejRLfhJVUF4->U3ljyB+Jvf$WR)eSMwmUBg@!VT@_6k|JBd_JrM6$FPS=BMX zf~?haIPFS(!g(47tT@^K{@)A6`Z2T$h6X=Sin#9Dk-xI*kw6j2_9qBr$L!OU;B65s z{l>hbK|(KPS35OSU|Fd5?6GaL8lqK8PLotf^|0=u&*M6JukiJ$b9JMnd4@#~D}#=R z$BLT>x*Czb>n2}8;T*#WNb5_Ah!c$gHDGfym_=&rMBQZus|F zzhfXcl19kH(mEd6qL=gePxQqc%A3gd4jMko9FVMO*S#oK)(bq$E_08};BT_ru!u6p zx4w09vA*fwN@$5m(57UXBogwq5_qNb4fR}&vbo7*Au0|{&&#iN4J>l!1JZw;v6SOq zdGGHdQ@cE1F3Up(+hZ_-gb*o_HePVV8fk07YxB%`8c{{BY?LQ=Pc3>K?HvdNeqRjH z&VoT~7AQBrXed^6G_|X9>twKLei%d@KtF6f;A9;+}H95_4kV1awmC4<9SN{X~hvi@2q2|6-6TpI|%Gi8L;d8#!}`c!3zU#KQ-Yw(pMC85Oy68J`)d~AbraXG4{-Ca~jwr zOiUkmC2q4+Wx5b3cS2mmc8C_NTx0sw26k3cZ5&DIh?Vt%>G&i!rAHydpT;j7(ITaJ zq3WvDIf&GC^{dxO4T)wlnHwB3tJr+xadR(-r`IgLa7o)qxbJ+s2<)_$!HHU@=O>E9 z>&3P7dNhnkM8;{(gzQF?J}{WjTN04ny!{9~H~dv^2khDbd=O zrP^zp-;93{l0T-9&hb>@eRr2hA!$rSt;g+G>;Atxj4TY+c=g@@KL&*tCcZD`9s|)a znxjCfBk)URTAJ~mFl`jFZE3aHh_3`{hMtze+2SWgbxQSvS?A?0bv+(e|ES}+Nbro= z^C;RE2?_Cf-xl4Mf5i}}7rJ;}I7>!8obK6t^BR18n}}}5@_z!Fhn4nSAuC_fIE;UR z<)19t@jQuEIXSiYqkIL=@9dp^;xQ4iJXXDyi?KwtbU{yqAVPR^yC{-w_kQ;HOkRiMOptV5$6L~;`>mRWD{v?Fz$&WT*NWu|mYOW< zg-B~TtQyS!UHsa9iEL%bkQ_zL&5Xqm{+t;;+B*NHh*qT0i8n2_Z<-2lpG3Eex9R+2 z$CWTlTfW)d$3eXB9-@0P#8#0qKPP5H$1w#(gS4g3*b>k?;$qJ09a7o4jXbDx zd|i*8GMwIUe8$p3BJ5;v;cn3_`_=XQ`W^1T+v*;jf8+r0k@Pb6*o;=hhhZ3u76^s_vJ(;YNb zRG{Y#o4z%0^C}Zk47RkDubcF^yA+U4H9SR_DKfnIxVBlebci;|_0uZ-5+_qKbla{5$ z%2nh&rIA6|6uSJ~J<@!v_B$NgS&&}-PdG2@$wj-)52P^PKaM=zh&-KnKi+viZnZq! z)r1B?l2n=eV0i>RH!_}dPN$6?sf1Q{FrW4^TDW-PPR4`vF#jtJ#XX+*=~O|(^i_@% z7VgR(-_jsC$b>QG3h2ZtX^f4hg}8|3#!}tThAbp^;N=g~kA2?NZhktE9{+6in2%7V zgXg}2l)3I7DLhkcs4o6PHh*jldzz7ik{c8A`H@ugYg(0Wj|EHG4x94<8D2LV$7O3a z%{Ab{&>6h!xqkB(RylY8wAg;&X3w_%7^Gr4yz}z$8ckEndNi&MRe0vSE;p;V!fXZ3 zjt6YrP~L+B%hTFZ>dh)%_75pW2F6p_`}4u2$Gt>P<{W<2AF?A1*kG_G@f@vAIZWK> z&HbmWsgD1Y)n&vqayml#(9jA8IC^ayHn#C>!EU9O*puvbA!mn zv%z8n*aND)8qOwa7Ilx;S4Y>VCES#FJ+zCta-~pR=Lk^Ga0!?_A&bB02UWx`wuCR& zC5d?4`z-`gV&wj{uZv+-tD)YHE#8_tBMSZfp)n~tFL<0sVIa-)6MSwb{i^X3nNsq) zGjUxd&9{?xB~2%{=aQRE*SB-o1$M3rDkaU6xT*Ksr!{)+cMpjWFSc(yUHBxK*0-ne z14Z&O5yNHcRjN3GR-t-ccU3h@+GY1M>=JAu9HS}A|EY?{utTh3_%+)ECMhLVpSZuE zaB#Z8Fs4k9k|a-7?HCLqXUvFyF>|l1JRHao47|hQ!edEG1}RZk-@9{m7l;vPF0v9uVeZLb z?g9?&1s>`9>`|TCLZtN;yp*lVtGHO-Qba4pIkyq{Mcr|fD0;BdQzbnGnj1&t6 z`=YiM^OV-=n8V5qk1FJCbeq@7-N4rXsyvP6;qvBGmK;Fia;mdBH|Hfk$mn%0{V()$)~fo$f{9BEV^!}+Y1$E~Mk>eeUsrHULn zsS&zkZqNJ3r<D9 zI-Wm|qTIFLf&=CE!g)8dRDVK>r^j6vlYIz!+Ruxq--EHaBM}+GTW2NJBqEOW@NRVg+#JqOw5gDX06?X96O*dew2EU-$BPAD2Lk3yYt1*w zAN&dv)tXL*lL5$;GcZ{^;DHzWgacwpb|ZBQf5-xV{VgXi8wU-!ZdS3j%TC6V=^exE z9?bn>^wV9g;TwLThE8Fx4`EPGduL+>&(fQQ_H4j9T#Wi*CkTI-d4Y7y3#t>^e+32^ z$&0V-I!RVcOr|E=CFZ}Tn;PkQUjFKWX&O=|RFa;yiJ^Srj>k+~BZaeM<-^Bi9#nDC zz0T?ydFT;&yczL+xC2E)QSV6p= zM4kkNhHS9PM2G4^3`S}zyzg2B^ct93U2%9G9=snev&O&T*S(&o)gNzpN=bovI2svn zd(|3guECFNdlYo_h8lG3Zpf6am{?hYIUFvIxezJC;@Rn$Z?unXx|Vk2nD)tynb%=+ z=+|LH#<&T#vBi8ZeWiJKkNtRJB?h#~u74p+CRq%}Riz z*WHzfm%v?H0RySK`A(MlBuU-rNQ>UQmd$$ynABogi2M4;lbzYoYCzu&gw7dXog zEtIXEr2lk;B3P{=4igC0N#`ai5gd$~4S25s2RQ+qR^vs-Ib@;qiG98)l`~?~uX+=~0<#=W~ZD!S- zrCa?2fMwALOa%NVq+?^9@&3IfTy^j>!(~VNyl1&BPkWH3+pCtRlbUSpscWWwDctSZ zH(Op$4}CXl(M$^>AJ#@Q9v>sUA0Mt51e`n`OP(H%a#U<@?mN71&H~4j)#4iL4s4zp zdolg0wwqeO%aq&o$^i@>;NNT(IoieDE|XchIY^AP%1laq&Eo&hR(fXmzRQ|M53)4I zdpC2_DEQJ=DwJi=KEEh^4%0czyP=1fZ}Ur@;|QV|PWfqSrnwqS*z7XKdVY9c42&QJ z%T|#uJ(bCZF@8dA2NxmyuD;cHfXtFQXLVgWmx;~CE{g)1;Zz>kr~vH(ChNs2IJ-oE zZ8j)P2e8Me?6NH1deq}Sg@>ocY|?xw$DxAX3CN}y$=FlvUmK@F{#t&*;&GetbTe+r zQp_ZUWlHl7MT3tnrjb`k-d?uv*>|Zy`GmL9p#(B9$K=WBF=_sT&xWYo82;(Q4%g7+ z8pzk#_noB%nHvOSD$aD3n!?bY6`&J$8y!9axywzRZfo&n>5{hEWb~__WHq#^TD*)* z7OhrOQEMwoKgGX}?XrOOL@S6iKF(qg-~0M_bnO~(Z+ZP3IykE*!_({joUbp&Belx` zZ?{N7g@g1(7fT4)AtPn$6)ZfRaun$eQS2~A#YFg>*W=VuN$OmU#mI06!Q4)Z(O%jG3fZGg4QBf z*?HWtj>q`BRF-o>d4t2Z7XVxyj3_s+NvXPpckoCv8XpAaZ(1;Y41rxD-n;})^4uiO z{uu0~nWS^q@38rm-Ap;sLY`oB`Duo0fN)_S{J?QTGYzr%SG8j`Gf5 z7IpN5yF_Adx%BUmwXOsv2q9wF7oF^fGNjPRS0K_~6tiz0gI%bjdYd-BB%;@Piq%OR z1Xqh0^{OvaK6W?+M+Up%RJnM_i29cGzZS+HO%`_}K8dVJRv@j7UTI4nHDG{NvEq6V zAd*bkzJXsVwiL9V?hYbk(_4|EKPT2Dk}2(mFj-scxM^tNzZlwOA?2~UEN;51vt%i9 zTRWi|$^LNSqw^|V-RfdJAHC+O09x!5(*N{!wIyt1O5e-e>x^sOD(Kg;rX&Wz_V;v| zI>8mZU9A2lo{NgkJ>0~%982*=S#NVuBAR>*iLVR6>5IuIAH{$VMC;=AQDTWsPTojS zdx41C#?`tjzt`m`+#&r0lUUn~Pwq4IA@={UW6Q#CJl+;}IdiS68kv&CR)lJ(@KQ0b zv8h%ks&?jV9kZXuW&Zryh0n9Ki1spnu=s;n+S|ol^j4cHjFvv4vFWCFGxn9T>$%YW zo?R9;heEbr+!H|0n^LE*bT_TfM=vytaj-BVHQ(~T4gDPk7-6uUVX6d8{9MUdz)x80 zH(CvmefeDkB-FjDpo7ismqYUxdd?b=E_lvMuCAYPFE_jfmow$yS4EBD9= zMhtGM?$qHG9S|lb|EzY?Fp1^iy}leg03@DS-J4;3JccM(dD^L@hN$C3SRDOJ!UO7r zf=}`-MTM&u&Wqkh9g!=S63QHilqgGX-d1l6i4v_ewA4(LkY6a$ssOU0rnHDn>=WYu zutvw8-BEF2(XZZxREkonL;sXcEUDN|i*9o2kxkh8hE))}gGoJj zaNIMzal4D4=ut=)^7gg6o(=|N-0A_>-lB&MdJoZ&*YPxm47ji!QIYYznwgUmz9heP zrZHQki&R70v0gx%ZZ|S3?4qzvR1+Y)NWJT4h>LxfwC+~`5yNp19q`dMpwH|auIQ0f z7*lRwKZA_3egLqy4gX93)T%=*yojRpn{WT|Hsm|lq+m@~?406X`VI&MFje79IJt7( z>t%q;YFMqBuxWZCm$keb76RlVzuoTOmB{_|o=uBC#Ov;$J?DrJSa12=Rw<{Qj~f(f zJnB{|Sa`YpMp`r)yw=L&ONu-miWIm#BjTpfAf7mE>%AM-?)U4U!`JvK@^C-EQagIo zLdtKy|0_B>rP|{Hps*wF%Exf$smAO6y|WAr!L{g~?vbQ9b~CrqVmhIgq^qzd!U~p7 z9R2Qoo<+TK%dT%mY;Lc~R4lJ8W#-livjnN664o6;eMddr)Xj9L>d+2w1dFChshGyid3W&+fZqqUM&K&bL|~ z4~}RQG6LeP=gKS|evIgOZ#@8l^R#zuWKa{lhgOIBV^9-{!6JJAp)>K#y1Ud+#$F1h!afbpof;my01V&P6ACc?;(`pV* zCoy33$POj{=_@>(KdjYLe2$5JMF;oJ>H_3)q8_#odVzpCXt-=V8Agm0 zxoe+)qac?qL^`uOOASaGgRb(s*5<;;QUM+R5nD_3yccwe0^c!AoQwHq&s&Gow7m|Dw~x4F4Z0byamQt&+4O~D!SMG~d> zRFa^Wx~xBxZ=wImoSb%ZDz5{HbL~k5i$}cUJUJp9;K__OTp0Gy582Cf99s&#sSh#V zQsThbWwhPl|4ZNi^wnGrq!Fq+rGVS~WwXAn!&#>pct=U+bTveQ+Z#NSR|oNWKyP+F zT&3DR6tI{Ss{5ol@O|f(xb66g&h*dR#^Gm$<<}i-W#R8~??#{YUA*ZN~x({XT($o28BXv0MB#?v(g5pTec zX7|XcJwE^y;l2MJ@`4b8WkbDQtRYdc1o=XdE! zHZb@AArgKFMb9#oq(psZ3~d$vica+IjQ!8T{P}YtDF)-AEh>Qb7IFO`o@eRNWa|(} zbfV5IUfzTmU|EXb6_~!Vn~DMcZN)llFIiCRqXu9Al2wpU;Q?4Z*{SOoD^KdYj3f}% zbj7RXu~kMxx3AC4ux%3-gm8sI98M2UtkJmV$uojH$)!|s+MQmDmXLVao9 z2Q7ow(`11rW3n==LFQRJIEacW^8~^fN%1|0?37d;&+^3AEcO>a4>s;$60uyH^c3%I z?h!qC)mb$#ydNUAH^Mh(d_4Bq9yG0t)F>{OMEq>Wa?M=?NAZ`w2~?NkA{=DTb!5x? z{ZODUu;h-UEuD9%hvJK<&+(IMOuZyt-WW*FZJZ>`548B|NgmJ_UBHcEgd%3Gq~nG` z)M9*mXiwTE1oPYOyA%vVg2mul1uT0c2B!dvBo8MfEk;1#Z7I@N%_{XAnI z1cjOMimtWlMoY$WN$6!_LeZ~sv#na)vWW-D2bX{E7Wf+x`Irf&!O8>oq54ES;b9I{+|a0t0so%q0lEA2Hu-&0hTe{+jU}1 zCY@Bs+CHNF_nZwQgK4qhx zQa(1%g2fv)3akKqP-v9~m1z%GpkYLp)AzIL4&|b{_B=JHB>YQv1iJ7tK-}!+x3)U7 zrIn1)IzL(Y3m@$((@SEGI*hr(+v+!iIkr46h9Ve59z3>t%RsXF>?$qASTcAx&Z4K! z68ie-U!rf+E2if$$!%&+Sq7j2o2MYk3wU+UKLlYs9X&lBH6dbHJ+2mvG|##nw&(nj zkh|qFhBz0uky~S-h0)~SZCOJv*JI}}Yya#z2+3BK1M1ShL#7EDds&;DT!q_abey2& zDbsb8b30te!gm-Q=QaM`sXaCid;%{g7Y9==5E&==?=9)sBLmA~Ng${9#h!@ZEx0St zNUu9pn%X!oBeRP37~`AAQJa=iX56J^_3DcpFGRbBrr$oEVybL1>O1CHzC0UeX}RAh z@lLBaewSdtP#`s;jwxHexZ?t?Xx}^>ljP`_k!ujj5K~cUpm>TN^Y?dlHUSXdBbqhX z{HqR?Aj96s5v zSEht-#I}|O2oUHcZ~C}Qn4et{$HZh-yS>Ms0?ve%>q^NCFYftYF>y>HZmZw>h-iOl zW{+17jOaGjemF}2vpH>1I29XZDl>@GA#m*QdrIQr^&nGVAy+8VKOJdzT9YbnkZup+SDjoDLBbWm|eb`faGqQX?k#cmBkYCen~ zJ|IdL5V@#3qW^xscbpjo(^U09mnq8zwCV!2mI@%^6~2-yr+n)C$?;2z`HyemrEmYZ z=}6m19YjdKy3U*;Oe-mOeJB7y)@NZQInxZ_-@lR~q6Ex5hrTghwzfB5`uuVek{a9Q zG$W-y;ee%MVFoPMc1X7>!ef45U1)m!r<)+K!S$r1p*YLpP2tYc#!d&b4NnC&&7Sr< z<#;7UZ*R)6*S!>~rGfi&ua2b8p176|jqjNET76|h21i3#L3@JwcE#c|)^;F~QtUMG~w*FS|kFLkWTe5W$E58)M< z1NB=ThwpGqh96wkHvNMlk444K6Ep`5{!lVE0w)I@`bBy02yjx74t~odI6Et)8G{0Zu*$zinmk% zDi#i_5jyx4E2|RR6CBVNSF%9CCQB&LcSgJZ4w!gFO&xHMCwH9T3g%Z{U?{j+F#;Na zGWDlEliMNK)$4Gz1pj#Whnrd=E_x!%QX@mJLNRFA5tX(3-xQ-li&1bRpmTM9^9}ZS4FJ| zzP|t~*@^jYw&!$>i8&pq<7c4^Z)-p^OIuO;*?szQnZAMtTaI7N=VU*_y9!UMz&XB1 z>tPtEO)M_==X>$&aE#X9+d`E+DU0uH_hOmotx0q3Ru{v zSrlbe>Dw9%h#Zw7_}-k#xUi~z8s$m`rlrzb$9rixQk_370}_bR!>9MFnxY%yFJQi| z1|&ij%1n=F%i=6(NowI1g6r8 z_v7p&j&s$9Q-Dm^z$J>Iy3s`~B~x!R|3dQr2aJaU*&9GbxPPRch~_eOqr00NPswh-XCwo|<<%=mPo>n58J<$F81xZ%B( z7$i&kw~@DXbHWTlWz6jTV48{)ZDK8$P_kiTg115#ui^csWQtSoAzIK^@M211o^7l>nAoy~s2!eClm0NbA7b@~n045_ryR#~+`;g(6ra~HD z=&l{1!A>)j1DY&0CV@#L?mL`{b*%mVZZ?-!hm3%1`gg$0OGZIS`ixN;ZMMk}`}Uu3 zYzo$_#{V()G-US->(#oPp3kJYUwPl}n6fmV-VVZto>t-a5*?jt=zr>f(*&NPG9CD- z0G;^hCP1ZA_r3n&`)NI_3CpoGKA~r`&R_IdW^I(YX=(o|D)8?Zgc8w)Md(zKSA2u} zE`>U7kFruMG0v_;cyFAt>O@-m>JZ*xGiQkoo8wG>t@cf38~z+B@P}=+ew+s2{L$%Z zvG!bt8CLSi1)7NFs2QqayXNbgyftG!6K(K)(h1+es z-Y*@7rR)BUo!y=&4SR4fS0akZ2|^kuYqe^;ho#0&R1I&rp0E;*v9hacY+uBeEt;mM zD5y*s@LkM8=|-$?$3LbMuvx6yf=J8nuC3Um8Q*jeV_d?_vJ9L$n|-6twbAeV<{ctSfr z0COL{U>%(2(7+72i>prN?lkf=SVq)zt;U>L!d`NYThpW}SL zA}9*;GBF)C{H1{7r23M_U9QN}#@GfanF#A5fGz_>S~H6Iv#S7zd|r7?P!baK!x%t? z0EC7<9LDNeWy+hzXZpO)Wy4(673>fSW+Q0`wka~x?I+&G39{BB+8909eyYSbJ=*s< zAeQ{Wopt&Kfr#Z{7&{G#m{314|GaDm(DU5&p)J@smqX4XE*C{t1{_e-tqOt-`@lld z^7N4L#OKhq#%k)6U+-!;{`u#DJ0(7K>pT_N8|BiCJuA8~Kg$58$?Ql{Avd~5EkLh!KH!?4pWN{LpZrq##_QJUe$Z zQ7wNQH`OLPb{3jh0?x$(soI<2w!R$zQqTPgR$nBhcf2K@gB|6n?ML~9UpI;73P|Mc zDzt0WCpfX-3D~Jsx#DiRX_kK3XuYNVEidRue?)@5quan5zz=CEvNaWOUYeqQcW8LE zVI~`zAlR~6#bcF(fH$>RKMdZ44mM*+OAW>VTUGE`s5Z4c<^)#>fH(x& zEoHYIWuBj}q(6L;1-$dX)ST_*0j99W2 zSu1|~bCvyVbc9iaV#R*Mn|qABAlwjhzl*#~bW+&~hvypQ_lOXss?m!ZWno6=M{lq= z>Tdc9HubU`rFT&(`m^({HPl??b^Aw;N<6d#8A(HXoXqg_*2bQU$Nhnlx(ZnzK((rl zf2PxUW%$vYy58`N00OB!2jo*l<_Rz-Y{SmtoDn!c;oK-UfknX*$5Dc~d0OC$k`6UAVkAq1+E4&^z)Fn$#FMHlg zhP)DZ=rq+KUjN98^(R9I7-@1F4&KpUJ_1w}wbBC7@B(co_5c*e`@&B(f5o;*6|d@xgH zYSS_O?j28eG)WvKkg-p`vO9g5g3`JJ7S*dmky@vR?y=p#>G(NWAHa#|W`gH{|LH7j zZ=0b&{heBJeL60~A%wrT3bOY7Uf7E^7i~Z%@Y$fvYV7Q$tgybXl`>jL(d-n#mAnKr zK>RTAi~Y9%W=)?j%BJ%6sOSO0^2-9%b}`J3YVymE-p@CYR?s_!HQ&7W4qMdm)LFs8 z=z3yYtxRwb{2Iv?m`N3pcw69XdZlG%f5XuHH zG{ACVP)F~CoBUr`J{*i0gZQ?M1XL^_xvi9|Q=KpIv9|tn6hE}D2i}qy8a}(i{W|+u zJcf!VjPvbpX8uU^z2g&VsVl8-z!%S7AR?kUO`w0a24u{9*9&T zFQ;}=VW?Z9YjsA^LrxMCegEp+zPQVh66k+OFV8AF03cu_a5*KWb46 z)0jdQT%10duOCnP7y~P#TpYYIF^0_O|Bs?$7uE2la1 zQP8r`#u*7`+4r4+`+J|ZgGQRa`fIUyVNV^OP_)a0;Bl5G7kEETSz96VQ6`md6|==d zr+9s;U@Bx+TsM|Lwe}MBH-fW~@5uu@QtGSV+MMAX@9Sy;t*bB4pe5<-pTkBbISjK7 zUN0!bz#CL+9sFn)+e-CFxgP0KgM z?^(NhC4chY%Z9Nt0E2erBO#x}b_GtRZKhaF&E2zXQBw|g3Clj~;@RHLO>X$-;u~}& zDw;Zt_8L(%&b60LKQxv&*ik7Oc+B>N^=^g8*ce8Li%--h9YkIMMvDOalrWI26(PQ| zY|4yGzviOsQDM*)AD27Eb`gp?rYNAh5lt3+{)rEb+j1xgm7&FDu*TjM4mCoGe5^Zx zqAE3k!`Y%lT{?*B1qUa3VT!Ivz32B<^`G4xrsD<;kGp2hC~=gGVE({ponxy(t_ zrjb)mP8Gt_KNl#_E~g~L-7a(q2tm6Pz>W|9dovHm6XAiu3H$UaJ3IyAvElfI;b@-; ziXx!?^{U{Tsbq6vuQ;2_z{7z->;W#D4QxzzF(uJ9k7FK-E~3 zYu(>&njoKc_c3}@INyErH!rl>a|(AZXm0oy6GU;8-KhGf2t&S!U`W4EdwH5GZUy-vD9YQYr zk0$W@|BB!f{jo&&=Wn6+c->Barv@m9v;6tW=b;mjVn?vT=u%ki+KSC%`}?v!(dqO| zp9#ewa}9D4(wK;w1}Yt^QRB<>Yd3hP0UJemdqW&1C*KE80-v7Qr5nH}tpK_{IhEo~ z45+t4k0w3LMGHZK-$ZSQQd5Tq#>v-A2Q^Pu2Y|Gj;;_R9t>*NqH7qDgHX|fV2)s|%VSgggX4!;Z{9zW%bKIZr}N=<9Q}`0nQfaG zQ(3NDPNehf)oO00JGmL&Ga`CX3ED<11+M{>;CknKbs0t?Un#&~A#l&zpe)vmm2 z{Z)z4ouia2RXoJ1ROeTcMT~IM{yMuPaNwI$nxeNGS{`;3z>py!`L3v#dw*%A ztYm4vD5;W~yibLIW}1Lb5_*PRK)$Q^0Cb9~w$LvUYwHTdAELfDTBwPLWJIA^aA}5j zm{;O&b0l$bN7`jtcq&Pu1JB$0!1zf$R8@NlV57^Y2V{L_0{mmT=qtum^g;#cD=egT z(UodlKND#!>fSwLDf~q6c{h3KaajWL37IFgv2%CDxRoI;DcWeG-UvmcI?wBrE??-l7wsMw;W>HIl zX~6B}i&P~IgOebN7yGC{irYQ}BLW62K>_71CYH3d73y8Y#WSU@s4Qg?%M-xt^Cz7G z>VOvCd61DY7~R3q>UT|?BSXhJddQioqOsT^DV9{&KU+`;C879%08Hbz+^@ygS0g*W z_o2{Uz4DgT=*?sQ<<|X%%rP*{Fow0p&!_<8R1oS;h{0`xp6; z(Ap#}(2CjhZksZjpd{2JLyCLM13gfTQ9@bJnmj=GsWqSA>qSl%x9#~RI0u*?57WvG zXPRjq2n;V{SUxz>utfKKqhw2NC(M7#7s=xKn2nyo=>(~)EFe^j{l4!J%7RH>PzchuEAlqn?FAdE5BDY zbFxSECuF?@)&3{_t5#N{VvWC`Js7F;RP%Y`D(%wcz@W$HaM(COdZ_4wNRtaPcd0Zl zCTxapP5GjVp6N*tIlba4fc%zgOSK=rnN&|$nZlrr&{fweiJQyUsM+^d;p4_6xT{(y zDTFVCCW9GAJJ;4P77@9u{QR*uB3M;i<%o);aMKzpP6);%&oJ@WjP2^-vYIWp)Nd5^p`Q`>6n<5CEv$yP@p5 zE6E0-7T=}(Mi^1fCzK%G(|Gw}TR@MPIfqk2eCxXym<0?T|Ng0~#bZ72*MKt>@;q$p znks`bWvGnO;Jze!6I;Lyn43~uz(lLy_Qp@HNSH+Hz>9n+?}y_x&*#~f=LGbR+K%p& zDVH-kE^5se)gGgF!pe$>%QL5UK(|z`$WuD}E*(sKZT^imM()0S~L7dY!0+VM)WWca7rEj2`JI1<%-jDJVMM z)nNXujz84bf1*CY;%P>;D3LZEnT7inakoQ0Q`8B$1H|=ZZ9fw?Fkbz;mUJ$xwc+V= zzb|NJ<7O!rLR%fX?Lqyu(mOo{A$bH7_$U!W5xwB*DFIEh{oQKp)~$gcc4 z&*#ZmwbyyvC3H}B^-tmK1Qyfl%VP>AKS^G4HdlNLP-2S)w{^7epf%%1g-HVU#sKo4 z3gZp$-MrbkJe5rY59 zC5PCa5Felw8Gb^XMYa7TTlL<`?rdxh))369;u0PlZby-QqAHMzO^QcU7wgYU(vA2g zbo@&4TlvHK9J4-jF#@F?#119)^CvrPIF7eSRD-RV3b58X>9;+8mme6k<|1nsiC)3% zM?UApRL@J+)){KGINnx~;m6ev%*~SjVE#B%Ed{9gH|r70(;<(>5klo=EJ zo#YR8Dqzsee6>98cQ#q7t<*L7zjULmfEg01Y9f;t&d^~WKbrsO-w#1UP~&R#Qfj8q zz$@SZ96&0VPdl)gg0~c8WmD%AE)28V(dh8IRnz8?=C;QXA z+XpUllvotrIH-;2(luqS2qwX`_BOY zIH$00H=IyYFqbDcEp@*n9jvc5b70I94XK3E?f#v}20Rf8slsQ!#|VJ0o0*1^(5h<# zdj9?%Q1xjQzX=Oh!?pgl2iWCqgB{!n&}D^A$p6$>0i^~;UWtA4wOQZQqM%Oim5`)q zzHg8J#widzJ?^RV6-uJs04H-MigS^18?e&A?QO(e+h5C9@6Bts6TLiruywmA6O#QQ zPfYc!mWri#y4hkRKEu22`e6f8__p(ft{+ju2}^Qu#j~}x(X@gn2hl94{NF1VqCr~s z8_&=qWajEUb7eg{65-!u+WHIlST>INISySIQVW6cOkh-dIF1eH5Ap`%rP7@3nv5>q z8cN_im_T~fw1&ka{`0GPz_~1RNN8tHf*PpWyi7oK^yLzpv$mSYhX1jFKQln@5q|+v za2!JRB;P}^?U0n+hzSe_w6%?znm1oQ59>SJlwMiP{7HA}eiVDWk8r?JmGC@+yaQ5+ z_GQ1g@E7|S>TgCiHU^tGjeY~+1+h44nzO!(6k%{1{L<;vVk)blwWb_}a)^M|W_Z0L zFB0Qal3@k9H2#3JtP8(UH_^ofj{q(;q5v1G5@o*%XhTxDY6n2`GQ9#p7>mXcQe6=I z!(-{3odkjj4q-4L3B-3se;O0?o8{gTqG-pi{iwe(%NGH8Qha?8IDh2QvH7+vo$t82 zR#EsGgh%hMd1! zdivZQN-NCu@z?Lc_hui`yNy0cZbnsX{K|{ZZN$hJ{f2j*pkYNulpdzptM|@Qy>Xec^V?0BQwk|HQ45^!mtYVNk9jb@*NWe##rn(;`OS21 zzKo(ZkSS@45W4G@PYdvh&OeWSzKrK+V#7+Oy(l8~h2UG0QctrMEqAu)A6Xqt>8@P= zxk&F$+<5$Xs7RQF9lk>NAT4=GXQ!_C-;8Wp&Ik%C5w;P`V2bV_bgZvE@aNZ1>!S4% z31TI1NvFbQSH!EHbH1+N=g&hGSj~~7Dw!T%iwsbuR_d1X6oqqU z%r1gv7LIsnC-+h5hKlF0DJVtw1iU{hViUpc|3G`!=Oa`M$mQR4ky)*_5_^F|+5o#< zCec+Wy6O?EMLit0!iJKhp;8 z*d{+w`%O6SJE!Bw$H_ImkKX1bV+mxpK>>Fa4czU^ghdv;Z_e>;Xlvs((|S@?7i1!1 zuH@y1NUZfik~siiP|*_~9wMpLWfQHeMl8U6zl!>|0)N*sh&+;&$ ztTKb0ID=dw-q!pq5i;U!z&1cVsA5luKpFDVw|915LlL7hX#jRQN|-`%?l-HG^4aH~ zKwq~HDye2=Oa?pjv z*Jz9xDjQYEnnc4@1bKjx^7_@6ZolSquYqqE63Xl`P|-j$HTLZ@!?iFkhMvA z2SoqYZ=ReimlR#M3L@IqgUSgsPBi)JPMJkymD>W$u(0R>DvC>e6~D zvkuFOrPavokdLKjCXoN6HB(nIxaV)-=2ndLOAq|y7MBkq8^zXNw$bPG^~oG1gXbTEOSF8CxG)(=I>ok0lThB4BuwZx}-t5b$)NK_%q#4 z8;mA2vbOV3K}_EW0XkWaUs8-y!maIM_ac(uBXKkq1S?k?DOZq82{(g$K<%UBsCYd> zO=&{Hno}Oad)Hs#%FZKFy@P?jH}1&y(M8RPl8q!b-wCrXe9{fRNOvPg+erjPiWtyJ61=nGgSe?oy1mP?Xex&6()OxFPJ29mn z$7|ZAA|sz6)B>hb$4Ola%gxXdY3f~LtU64!KdwRkYQt)I&h4PRRyNcl(*!31p!~sD zh9y;L_aTw34Z(*W1bHj+>8G=oq4Io+RMRCK8pI8Wn2ixb3taUB^)8&Les@&Hec&36 z%dj-xF`bncY2z8WYz}SV?nEy5u{_&ost#^5B~a7@L-vS$A?dOv%6lW zb>M}L18>tIeis&n7^N4xfgx7Y_k916ZRd%AK9M2p+-w1j0LCm>MQNqMROv{90fyYb zCximUci}^G7g!d>vtR1Ftm#9g%dKoaeCi0em$Qamrx$8@{$mU2J-8ZFq1z9Ug>xE* z{Y)_fTrgCFMjtF0IPQec5<=4oRfJe$`bgKSLYCw0$4aj9BeI#COk?ghyV4Y7lrd z-){ybOSs}7;-Ah@PaNhYv?(C(29@JXrVd5|n(0dEvITtRTp4z)`7QoT1(lzq`xT)F z#*{s{eES6^xmFx!P{JoyOh?8Dc`Z(Yl*9qJ%pZ(*g^)?$#_hL(MLPDzReBQ*d{ync1u z0g*bGG=%O+*g!O^cNMi^z(O*F|4Ygcj(%-UA5NJf?Z+Uy>OWT>4C$%0RVf4G1(*}C z2Bu{&Nz3f@!PWlqf~gz~cs@{Sjt1jHyl?F+rq(MZwyOb7DN~F8H8ICTKo)&2>jDuAR5FCxbN$*P zYnAX7&)4QZN^c>sL`eCCMF&nU_hTZkt>kI!2Dc!+ld}0RoASzhMCdmRmqF3)ei?d& zC*>I6qKPm#sYOjwPW-@edDOJApdw|3pF{aeCLMyJr*1|oAGnzkHr&K`VScBSwTF2M zrcl5{WR5K}-P!k(qIu#gz$S0$R+jIEZkJKz2_-bG^yor!P4y!Y5hg-A3{BhS+X8BS zA+YAl!gS$vvwzVe^=%_A(P-lXeEI30j5h?4EWWqpCis-PUhKU@120lf@E#~A=!bk( z>uI}Ase~>;1chx(-=&A>qVVvtsywI{D%5B+`(%OU#Q&Bndn7P1T1$R?L-6%j?sA1l<<$87x*1&KROvScsc0*Se^SK-*Eg&qq-6!*r z#Np^mp-3?~kyNrUrerYwOfQo|5rd*2^>RMb*<-HEp#`7GHRY8d`ws@R{)aR^lXNOBQU9?3e^kGo?#vNxd0+#G3N$i;fn=Y(329ur`9Y1_7o z`Lfpa0_wahL(PKqxWpO$ZrPYGyV!1`4G#qbDJTeLc|i?soI9X*KH3W?oz`MwML0+t zUNd1UY^fnv+GG={3%-i`fBwMDZ-^ph+l5rV=hGzlbtv?^#O&Ryd_tK!t|ai|f?&(K zt~@w&)W8wOJ%gw_!ELQOFGpob23I@$?*{m^-;w4 zgg6oWf$9n&5pqK$qISLTZ8Vpg=}x8?{1dc5OZ*KH%jeJ64`f}6wWg*N@$o37{uYjH z#>@qv5xiTQ->5l%ONqt%&KZhBt;u7bz+G=|wy{StyvqtYW{y6b`GH>|5P1`R`cW%y z9qyudX15&rosL3`mB00)Megz z(BFvKLQ*)$%!y5GR{r50>iw{%3)FgV_98Yj)vhsEP;!F?)HC<*vglRKlj|>&X_VuM z|BW{(4?=9UoUL0vKl>PD6U0jY&_O}bvuJdcpqBu~T-7Q*XC!okhpK$ta!+-7mttM+ zZ%E6$pbB?!RXNz*L~*YP&Mo6mRc9y*oLypTw>|)vjc?g6XOM!T8=6=bgnWB8uI6s^ zsNmIzA82f8Dqv+8pu)w2L)B}Za>jM-cuAwajp?E$%c~a=BBR?(ZbA_6@%elI9LeqM zz4w(n4=$XnOW4YMG%`mIx&D@W;EIMJMCx5ugPil@&&~3wf}h((4eAx0+#Xb*8NqPV ziEP=SC9o35*PO<8pBj&&oZsXyL~xBPnt|s9?Zuqd@8u?nANi6IdpFW_sq5KNqes2p z6NbXPkdKwzR@LaZ;ozuXhyUf?O;u2kkm#6}J|v<>x?LVO1H+=W)Vqv+sL+=)e4JWY z!Di20CpgcX0Dp%0;>8N6g}mJ=TR+1{X_JBpTP^ zr#NcSSqK;mY8O|L-^68!<<@!@+vFonrq%r;eriXH^;}?*=LYG<1&W zlu^ZqK`4ZzHUcg|*1C4h^F>Fp2t-y@|h$lln5ErJ{fa=6!o&khZYB)``Cz(AcUb+S5H`Ou66%@capY^ zfxSAYq4rs1huBZmq}*%<8I*=zTy7cDE51A!p;w1BK>p~llMJ!zq`TS7e?PG%Z1ZOO z?zX$=+l8Y$#4HR7&(balGBC;beYU&RA4E(U%Tg7mMlJpAU_N_unB1zMizI(Nm@P!g z4XL=Jh{neKVxked;$cb@TYc3u`xOxht#cbq{ID?_{V0gRZ5J!)_09d?mu;m9!oO^>y}vpBYSqOj?Bb1d^H$*}Y6UFQvhX{mZ2<;hmXi zTf-SZY1lju*QRW4EMQ&)J;AiAqR0Q&i&rb^6B*>85UgDbtbV^g1F`zP&70`_yVmlv zm>f?-``&>w?HwE~A2$}~DMCk`!X0*MPImfKY)5Kz4(gQWqkf>!kS8*{@}qllWT+1Y zpWG=wTySaK(Y;7&Y$U4W<)WD1#pXmn1*a=n+5ltIgB8*bG=R0NJ}~iiNSG{(ne{n* zMXcvj`DI<)cu=Qg6KEk&*q072EB3}`iN)fP*+)Fma(Q;cF4o6ZNQlYLY1fnxytlRc zOYQ)SlrVOxY%3@`Ysm5&UnF+tm%I67!MR^dO9U3( zFXcn+W&lKb-{*YSI$mrv3<3tfN4ni2O4NOUx?6OB#dEx;C6!1N$JE;=!qQ6>5Pfn>KKI~BGVb#5*oC6?=yF+h@V<$ z(y{k-oKu8x-CIF+Hcec1-d7t-@c2Q2Vn*xWGz;#X1gTE}f|74TFpAluzQ2mOi@`-q zYSZW$kPZ9nr+(o^X0`3#bu+rDL0wMD__lcQB&mmNbujAo#?o7;lNuY>+fSK21k(%g zmj0Z7{xehS{wGV3b-4(QGMXXq{JN^0uy==LMeiD6Qr;s3ZE^MuLH)j0efoMYcXUC| z^C1S)_X+yjOE;_jU2pHTDoBJUr-Fi5ZOAaa+;>DN|< zEpm`&FMGAEVjPjvq#3bgWZIISl#jmb^E!ZgtW=W3-m5yNb^LhDvwnJ9@ZVcU25%h{ z=pYE=S4{N*#lHdRFd^_o->DQn!kE8haHHsz*RoC1M4PbdqfO!uYDUL3665WkG2H$j z)68BHg(BIfZedTW+@UC0n@#N$(TTQYF6d@ZI%{(@sKVgZ;W?aP()aU{&~e`v<}hD= zr_;qbECs86$KQ#er1ku6CIa!m{sV?VC{`h}>)>czRVWk{p=QXNh^vo>*gIJPU2772 zn_cUY+?xE7*E8V#kE>a#LguQPKrWPGY2Qe^9}8P+e=oC)Uv%x%cb1ft3bAIoKxVSsTxk2s9SNs)knQxyA}~ z>FTAZehigw;Dyc_tWNz!)q*8bp1i1u)atiV9_);C@!S4l(wGgzDs@$eA%KP0Bpn}n zY7!>GK$hd&>e++K8bJ4U<6&f@s>t{EURbo}fV_{HNvLlINmL=ccq=adgnlU1RQswk zdn0}49UVopefBu^P(w+o+MnBhx6X~Z?3f1tZnZ!iI|Dl|_d2^#rjzxFtRKQyY$W-5 z9+vx@!xVu<+70eC)KbI)qt$*Cz)Ef}n0c?ckE~>;*{LctymSI`8oIf1|gA z>z4~^Vb6f&;0dThu08a{=M%aWxrpShW8G|D@IGq%sJnJ_T2T0?Z=N36 z>%~z!-BKiS)#=er*ViG9DD5@?X^rZzwS{EOT^$}y<~PP4HH4sPEb@0b-7ULKJJ}&S z_hJc8iXbgirPO#y&DR5_fa!-^mA7(daK|NFfL8FNYKf$p&+}Ec8FPW(dDBtnY&q3S z#4TwVVYw(>>C{-(KPJZ;KQR{vRo&0ulg8c)mj3Mh%{FdYy1@6J&_NGWWj`~N8S$j^ z`mQ8H)Qf!3Zoe2pzVmUNpiF$}f5ySHCe*S0WD${w*sAbV6w1}GCzMaE03qOeyU{$( z7K#=4`-pLU(6)%#?Z=)9ZM*zZN?T7G+16trvh((fmh zjoX{CPTJaXKL9!aqe78bvfd*VgL{KQ(1$C#4^QX60?-i-G^9w;GUk1AeY@W#$3$7e zEyt;Q&X_>S)@wmjIb2^{cmSnR33r?1nY2Vw*bTCxa zB-1MhJD&G{XOa7_3MYc@Sm#cp0bH{=_U`*XVkg})=ybozBLpi&-rnf01VD`idx3%V zBao0wkSxa9g@Dp|STK<+VKn1L`*TpdRLt!lwYejUWQ|h=Z#jM&a=#fXB0wj~CYl?5 zxPW7bsPoVa+yIP>+7F(w1YKtFj2%=~FE}GJjgM??fjORT0&UwnrC}qan8F!WMUQx>L|S z5VSMBEO7nB;-CnCmt})^jj`5d-Vo5%u%}lGeYCTC_6nq~T3Um%_FM7(wwVkSwu+4j z0r*QwFS$uW=-@cQksokLn6$ZC*#SYezNu(G{$8)$&5PfFaOd+UF^VYPoxj7@Kd5E_ ztJaEDpp0y=dTDK(NLm}$E2A z4=+`*-5nm@tJ+blTJd^LKldKvOEytZ&(cagTc52)qHl4v#TP&@`zU*SZ4Kixo}<#lfR#$pIMgD0 z)4nAYbu_Hiuis0UTT(ozVb;4d@fOhP4d7C4*xF&hkIdo`et30Kp1)pNnwvgsQ2{WZ zZv}A{`;Rg?!yDbs(m$7@ih4gtowZOsh!w2PGeJUI)Lyw zyCsUcQR!2w@f~ZM>1aG zRTAOtA9pVi-^XF|aeeo{)1^CGb;f5%8;@k%0GRI!x%E z-D=w&f~xn4M_(|t{KgM#N6|dg4R&ebH9`@9$KuXcAbb2vT^sfWQDUaLvw<@chyRQ6 zMXHn+cH6gxeC#13+~-X4gD~&HoWmaO2KErJ5_;(R)EwSKN7G26#^{U-`1D@vOq5@l zwnQqU_g*gdDt>Pl&Rrt_o=F1|Xv=;N49-`d&LaHRXFdkwLW{)Dv3 z^%y+2gIw;nzzA#4ffa`)^=a6Wf+wl7x6D18QMkU<&=?NC<058xd&Dw7rzofdgJX%X zS~jpW*mSMWz}>K%sv~Eft^wBf&G-B~q?E0@n1Yhy0dIv9DF%>|mK!Y)x*rZbf#K3* zeopCAKRP*zeH#E6)UJK*PyBOdu4dSPnQIF3hZ>K8>hV-ZpIQT~YUgz9p8q&ksh6V) zv%B8_Jtjk-X^VAwmDlh!-)y;KK(6;~mVSIg%}PhyXUEV0l~JIvfL9xfJa9YZO_~5N z7@gRV{{7o$Z^41pG10v;1$)E?pmyQlUzoOQ%M^3w&NCE$YB{Ar#giDxz0t*B2Sat+ zaAd1s?J|_Q=uZE~)%8@P=o!d4`K~{WLa5;8sEsQKFmB)x)Q*bX6XDIDPr7l;_GZRs zK)#xIk2rykhxeFBLTC|D^QJsJ)j{Mti6Z_09W^7!pQbqvk#= z>rz^BIOpkQm@4?89)L#9ZzVIF@cssfl)kvpX({IL#lNweJ^I04;`s684KWNBL9$(} z-vWD)-MRXG1r*%BKp6DQT(Du8EywVCSD8-tP8x7g$hg)qKJ`PHbmM--#hHC;;}Ox^ z&Ewczj@+ph3=ZURI702{;|mhed*tk@KYeuyS9+eY&^eC|O-^=}DtZ^w z>e|*?oez1o&jZRCH=iUlA6@npEM3-GWmT^P>*Ir`x*S;^!mEX$8I>1Pb&Hz>YqH*q?ltk%?h1;ajyV|8 z`QiE%HPae((AKq&Q!e!z&SZ@QFUI8hp_@!tMfz{*lE%Wjr}RiuywAKjFEBWjNKD8W zn~-SU+xzdKmrN`NAYq!`^oHqhNxxNrFl)61c;uFjW#K3nS1L&EM7B<;xnpe6@?F@y zJZ{|MslYM7GTO0=Y68iS;dU*yr10H3!i7$}HuLMe;P4Un9>HZT`L*o&{%Mr>?|^y% z`%-%FY)h`Qd07Eb4Ns(stvZ(jA=tZ2Qo(OJO)~Wcrjz|JS>Fn{!Sf7OW;FDk1s%9Q~p4KIi9YfT+5yF$L>mY`>GQJBcs16APln;kz5 zCuVpWv+QDr2#xV~fEJ~iU(pbd+VB$^D5o8@{~&v^OX;mPE7Gkw$%pXLza4{n{lSm9 zGHCKjibDwz(TI9u+k>X1QLh&q->1rlHZhhwVcxRnZ9njH%XxU@zWuP88bXFNCfGor z{j-G`LE)Ch4vl0~Z_D=vUMLrVM67qQK=W_(n>KQW;t{BX_&bHec_9X$9uCLvv?p$8 z_glCsLn)jPQ`K)LQT8L>8GIM7@`a1z=z8!D=ris+(=WSLa3zy!L_}dNIlROc(3vau zIoQk0fhOJaYaB_m9(oG!ub@j(nH#Ta=@xt%9T%@1tDL9M8(;oD^$rI=L6mt#oEm(Q z?Sioj4i&z7w4PGGa9_(e2&uK7?o~gWR#$zKif7>1 zbTg#Zs=eo{x%`4y$EKQ^ESTd;st%7oSJ?rbCz$iyvwP}`B&9k*vDYadxK9a|hi~Qa zc)n^1yY6%ql7FDrwWug}b-puhccC}wRY((LRykW^C;j`*pZLHVQJyYuoHJN=@O#bS z<&!FjzP@3KB_9Ve1=zk7AofepmGZU#obF2^djE~89t@7Tw_nXR=@N1uVF9qf_Xtr~ zQeHFGa>~*zCiuw)O+0bAjaCS5g1fW*z0T+{tn6usiFmEuehPcR@YUY1&Tg+6XaLiQ z(|X?5nNRihCe=(-MA+U34LPxh85Nw_IGR}br-&@foSnrtgHwPP zEF?KzTAExx1afjY2h@V#9Nk4(H_#M@MMhvP3Lp<4t-zTcgHKuD{8QR#T;6;Y=W$Or zGiR;DcwD40Ab4QYn#$uO8#`lQOB-8O=b73;Wz~$oKYt&uQ5b!K*OjJasVAFVOv;?i z!+YVI;+qt{*8-#iVcP~2R-BIO z4Q!g6?cN+BRSe%KhY; zc9>Vegtb`0?30`?CbPexdkvsXA}GwBf@G+*KncOF!_vHEqKr`MIg;xQ4#Vte419Qz zDHz}45Sv_MGonA*2r}6pA-7?(jcJ3oiBWVpAJkFd92 zWg%t6Ad#sW?Jc*)_z!vRo8wRzi-M4%HasDU@}cKaJuNv%NasPLc}bt z`e`G+XtpGj0?Kj__q7xRol2Fb3c6E{FY)q*NPU`Z{L@k-t^e;1TfrHHDO8?q8mLY{ zxzu=hZUxIRR?L##U84|M>D%OplF$9J$_uSu#$h+0bc!ILPD^XKWpq$A1&R7+Jgb@5 zZ8S92yC-29v&Z&%Ey!;#0zAdT>qg);?pwF@OpBLbq-VKr_Pj_D+2K+D&Ohox@DAYT_kuWmquPt7VRM zq;2E$TA*75jkIP1G^SF?-WWv)QB}vwy`>V*OtxOfn6D1W!D+Lg`tCDPU)9FWJ(Waq zj{{2V)w|A36VKGRN!PL71zKf3wJg=6RyoN_E%uL;EP?~d)R;`_J-&KTyZhJrSSd*{ zb^bSm9at9M@{g=1I3ZFb4Ly|d%maRYK;Xh;JhZolWB){DeG36 z_Eqo5H+mq^1~crhs|@@%okJ7BLu84x6R!aDDDX==(Keac+vP!-ztVOJ3NUF2AzTFo zbLSL$rWQP!syDX|o{zPr8V@ZH2r#k5GJHg|=n!!QohLi5%?CZ}56lhn>`GNVj*e)Bt27SMWLN#y36q z?b#pVCUV2~GDh!K#3d3>hzM`Kju6_6_d;f_+xPiDkjrDb-M#)8t8(BNlW&U8ELg^r?v~ z$wIg_NJ-LdQwQfYm4+hPZolKl%eO9$iu&57Ow;b+UGx=AbAUl9e2wV@N9vYP@?F-~ zbgEi@E-^Y7!f_0hr1g{fs`_7rn({3pn#*t!+RZwCG1;vWZE1$#7`b%3GFr~=2A1E) zFHg7CG<9HLE-U}*(~TR)j~+{jKSx({+A3XgEF(;Yt^d|$s0vJwZ@vs6&^V0v^+p`> zk;-6l=6gA|HNIcO>4gX@F^D>;U#$J__dtT*gEBcDW6LT{;QQpF4;8oR{n`4wM^LY< zohrUY=eRmAxI1Xc%1QLx3oO7A^@fRkuNV=2GSGD${k+vv~BC_)V$2=p`ZeZe`;mc=}Bz2sZ~ z#E=KOikcs0y`Ta^Jn^@jQ!&%sSI?@D@LL%31QG_3AU-64?;h_l&Y*J>3UzUt2yk-D z4uh5&fp{I(S#^CvuOv?#mOkfyBkcvH#wt){Dsc4Glrh*8dz&)EfO#8QP@Tzl`aA@h zhi(iswIp2~BNL4pHu$Hb8C>T+4T{MRPhJN=Bsmj9QcM!}^ZAZ-MULfV2@GuXzv|d8 zRD%I`Thx3_BKII?1QJ9BwX_yg2>tnCGoG1|@>%XaS;rc(fTD3{hK_Xvy%v&)g(v^MHmYq@(WO%z;ja1KmIHJaU9X> zwfw@n*bO}UGWVD$uA90k#(k!!vD8;Es7S5JH1!~vfrOyw@+w#F!nK?YVs*Z%QVEBf zXKM=c1e&3oZcMI|>BK-YD0__j-z)iok^sSsw&I!;yu$psUCY?~mOGS?V3daYfu&;? zJ45VIN!WlPRPyHqr0MlAjD~`~UjGssw5ZW22!m=m^SBrQ%S*8fMc!g9^^76Op?HA_ z_4dtHBqyT?te+9}z)Lxi*l$#couWNV75wsxNe`9s@w8`a-ThSnNF~IpbZ2i6>{x5v z#yCW7EGC{Vo4nX&$r0M$M4Lr>qtW^n|lE{It-89#rwq~3(KiCO2X zo}cn_FiYcrcpA?j@jGaci_8q(YFM8gqM89-W44b;Dg9zb%0efxfbYw?C9XF{T15Zd z+OQ{q;;k*3G-bE(acE}qmeEJvV{Od|!x_BvDXEf+ckhLp`)v zoQ?cQ7UYD^y-4}$_~2S67X{zlPcLrN*~DrHaXh}{_`erecU}C}671@w9Cs_GVXby^ zjF0XIOoHjc4U3AEc!?`&;Xd8#)v42OXi?YPXZ##VXmBrns-Yd3|BI)O#dF}%dTVH{ zgQ!P+(~F0tsC}_xdl;Tdb>_mYLZc^9Boaw?H71`=^W>B{K80$WyPzp@K~>9rKr5pu zDafiK7-Asn$!So)QJWssh-|KjZlR}L>N$d?+4DoxXP?t?YXreCnNoSD&V zRxfy5fAGG-6ICxY^aFL?k81>-X5n=5YJno~#v_Er7_=#wc0UUpXpbm{8Mjq`=EMU< znT)!sAKUr5F#2=+*0`zpj=x*RYh)yK_-?>B70DJW)jVmv_U)NSX0-HGKzcpN*t+|3 zLYIz4CD`5A!O3fvo$|ITb+bM|A_&!0nAd!XHtQwAAw0}hsqOC{?%3s_gnS2_!D6;wK^+XiPmOm2 zeiI=JOxOdvuwN^?!z;e6icv0pj-wXv>I0KnMk;Up4i$z8ITZ# z)GG)eu+r{=%PEz*6^X|3>1=-!b;82NvKbdQSgt(0v!{Es&ra zeebQpepNC^M^yBbH#NarIgDONj(3DdZ(;I|zJ-;w*p4LE`TS2_h5@P`cjEPGO^fCq z3$c0#>E3m9iFN#LK>NWTD`sy-KAmHE|5s%sgN$#xyIJqh#h2Z9&Jb41Gdm5ouu?22 zJXMW;e93{mU<6?nvQD>OIpfnPgwR`Pdr*X?-p1I%LJNox?{NzIkxGhT5_S|!lw$=` z?1Y8t9u^iu`PMv33U+4Bwig*Sc;Dci5HwR?UFu`o5oC{iyzznK4mO4>WvriMfKHgkB6%)fi4=;#K9gI5!&S1rUs5;r$T z;6{g0Vk4Hne8Y8fY}etV>9AJS&fdp;kt|0K~21Dd9gEdf2>kIf+CV&gV-4IXzO<$ zH)G9sJQPY>wX|@yifqV{-k`)FEQ}NlDiM096GQ{7~VotVZl?{-M*d`=Q)t~4)F zJhd$sqo=;}@FpKMY-|gtEdP0lPEyfi{b*7FJ~-15bUjnP#`vEQE=>JC$vo*_n@~tNXykTAD zF)j3wq0aX6b@wItjF#;9E{a|+vWJCM4)b$kR@RWkG7;)BkD5ZG&B%-*12`b;hbviw zAm0rzpGqut`c!5*b7A^<#LxPh3<_@uzlvj__hxrnu-BK)ALArmdyRe74{W3_uXH&f zJwUVCu&8I`aP^?_(>lEIL8#j1-#UHKV-O6*-I_f{|5Hi}0_zT`J6Fd#>4E(+h!-Fx zuH5wqEBqnLAp5#Y1@}>9%pLVP?{)vjcf;Aa7)il8OoKwV#8Q~39y?B@0Lt7Pu|!oO zb?;yn(osP)Qrc)nh{dwO)sE`T;e;)$xr{oyQb^0hMV;ZO=+2BY+(adxe5!8 zY{JBHfepFJS1wS1wU`bzRNZ2`0s@!L`EQ)(+*#>&CWHO*f}UC5VyO9lktVL9)LcfPnr#x4bZLBVsd;Nz;tsi8xtFP^S0*;Vt|*& zzRTr2zJJceL^_-9rn7!GfZ|z*%N-{ua}#_XBEA8O6u}xJH|CRJC2|3RK2?~cX7lnR zH$mQH{Ql+2vCdcG@yA+7!hzWgBHFZ;qu#+~bX%bX4UTHWd5=&C^P5gc0 zcUm16ch;6+&?#F=u&=#qhr$XdLs%%R-2V*v2A|0goXPA*qR6XH@|8kv9l&`=I~9!HL%*W7A}YhDtTfaA#Pg~-bq)2dxj z^whYH!WvZF4RNlOMe35zv@dB~gxD278-ZWSLC!?1rhOXw@4t2EcaVI zk)qOx*w5u+AHQOTshZ^ieLqOYD6hzlEf?&IN@OD<*XQwxoB!bF_4CEM%3B_uUSv@DZNahp@BTP6kU;dNc&+(6@o@s%9}b^$n*~PH zexf?p(qg5`5qy}9I;tec3`P)q?-}<;OC`GMF9RzAu&Eoc#PUZ` ztVs2tW&&Q>!EfA$Y}&t)nRT#VY?vZ#5-WPLYQKr(qS?6q!CiAXgP<=RZm#(h+Ya0JO3`8K3TaY3j$;schq4jyq$i z5^Rm?F)T5dCI<^EDN$#gnXW(KCp;JP>S^*1*$bu7 z%|)Z|a1z&hb1tS7Or3pSg~1t8`e~$;UGU!|-%!@?^Vf&so9JqdkX-Y@=E~dQ(JUgY zmC#Fyt~-tikfhWAI8IfxA~)X>YeQsh>lGl{F z<3;d~>;t-V4k5@#iJQ#SMzKl>V=a!5;N{NVOnw#uy;fc|=Y>RAGt*tOhM*=62Q@@L z@^hvg=jZ2BSZ9b729@~A;N10d|gL=301(1C@)cE(EP?Oni z-(ex;s>>{uPt1+@-ILB8$kj3RsoZUM;bL~*R|qoVVZaT}rH0aTjivt0n6rmkzQ4Md zLG!1{S;y*TqIXX{Ga(7-8~ew`-wuxUsHEidgMi2Q<)A~lKk!%S^STKE;{aRASf%p4 zfGep{`!j)QUp$Y&z39&u*UeDtN>@A1s-WBsPn)J z2ztBd)d)n_kYLoUpeH-25ArH|$XdQTWL$RI+V@$>l&3gRzu|sPr@A%jw7+G+L5V@w14RDn&)Q4GXt(Bzv^9FSUeAs`2tj%>F1+nZ~|NJ zUqSjsdJ~vnAodwtFi)`{XaS4J2noTMQHhIh#rz00X~Ts1u47`&;}K6%e3x$haV3iq z8tKH`z}&4=pO5aMu7Ys8VoX*<6j)J`31Uvtuq3$sGklbW8J?`SpOe$Z2j@abBsEW$q!Pjo+ye5Fh+ zbgQu(dWO!xMY&ym6VS6DLcn!93$za>n>1Vqg(tjs_-yl?%Fz;MQR zuf;o%YYkSaza7@-?UWLb2HS~#Yh4<~BO(>rL?Bza1?49h!D$~i9#L!^zWW8~&5_zz z{FI2uAOCYAlJ5ehxX&$iDFwKRy99{PIplEoE53A61&@iBB!S`sOE0m%E*&bR6!p3?sMgVoI#5{<`2Ht#kmc9P+@`} zX(DHH@G+`7Ny0k_n1KcxXieGR?M!>{!VYHUAU@Lj))EOZMpYNjVGXKKn&!GGFD~e% zz6Fso*Q{K9yIDPW+l(TlV9R2=uA?;{t@?a)0PzJ4L{WA7amYvhb$RYN!(n+eoHynV z1xed(;L{`sOYcf+{9yO%t@ciz;SuUGHy)WAx+C_4%z8blRf<5Pa`JmnNin5#wyaQV zJ?2d4dUd(t9j9Xr8;$lPWhbvz?CJnDPWLcEdYE=~roL4Dk*!R&9|3$)2b=7kk&es> zyS4`YMl$W6ZZcp;r{?aN&RJ_QRP(XhV91jA=S^1B6xWafLK$KHQEiKo zpzUO3iJgyIAgN6tX^Bo?)BiQu{QEZy(^=o;6!a??>fLMO+b2PoA>qeddL3Cg)?GA+pdc@?_|kia!0k7g=x!%=k`{#*kMtSi<$-D{Sf$ilEcjH$@!DY z=Wq<`$-$k)RT-mBfJQp8i!DxDlx?`lh7*&hVk0Igo+9|e6z~n2KHt7r@(f-DELwhl z@Y>OKClGQaE}*oM2nE4nzL+^|fZAn^eH(5Fe2JWL*#s4U4YA9+Rh!zutq+`kN<}Yl zDSz&DhfOZnqzQmrG`&hWzwRo3uKBtEBbG5TJ#5naTSbppdzK&zKs#*f;DV{Y(7Zm2 z6bi5N!^_pLi+?UR9(~Yz`;zrGVff+BP4#j~4;*|lg;0_*eU= zY|Y=<8$a%ir^TJaGF_ROT5Gigih{12yPjZ;oTbyxg6*U#S8OsOoJsx^5rnvD!X!%_ zZ`T}7CPvjQLyM8-TN++fud;VyxXaj;LmBn0#p%Ma_%_Xx(-P5#fQyCakNT|%$%Xes-Fb;vEI;fW7b4gjS6{- zJl?}$kY`XCtBAS)NT$XaeaeFm7gN_CaaM~__zuy{-S-iI`lB# zmeJlu@icCYhRO$IY!t0bc}_BhU9;4VEliFWCc=Cv(6*S|ZJgSU>Q+rdtX_hWsZ=Wa z>r~^Mg2;S^<7F(+ehog#f6E=Kiuw#=EaMHooHis$*MVI;bK0)~vv<{b-EX(oT079{ zo4$kraHo^!s%5`dZgZg*&&=0VY>B~X8*>vrFT`lW1tz001XN7Ike)0fmeM*)menLe z4U-B8htVw!YWC-lqZD-;g;2To%^q7R@9WJUo(Jk!_rOxp2sIG4Hgg0Wnc?64Z<0I7 z&(mJp)qcHulJH*SSYSz7`2D%!cc1cbvgADul7YKhI}#+1)j`)0ZVayjx2GOR}JyxpeP;G zG7^gKFW>?(_xX89-=GWz@!s&_we_`z&!JC-NK)SdNImlDUoPdQ?TI{s&-Jdn475|X ziScK)b6O- zftiy_9I<2|Y@`Ut+KCQT&&Y(8N!G%TVxxHg;Hd4OM`~x`7*Y_!P#aJ6pg%{5c(ZVB z?M7LMl!nW$(nokt+1i-GS?vt#zsJJpw&o^o+qeT%M*|~=3mQocFT@@#SE%`VmUf_w zto7p;g%LdO*B`$D3csIL8Lgeug>9Q4*%?kOanVc4dw7&E)nKFN!oomgTJ}B2(KOz|E)z|FGzm4y%h53TAF}w^1~&K`$W<- zYIjD+ZKjaqm`WS;>u>lV!l1ww0_K+AJ<(6(vDO2ER!yl`4osC#;wLGEJ-7R8XEU62 zXohpQE&7>o`1&zxc`sf;W-kLXzieM8p`(ULNqsx71CyObO<5^6qm1GWs-;Lg?meOw z^7+6X{Nhk~6Db1GW|)$-GSR;Cu;<}Pl^&qkW~eoC(QZ$C464CJI<#Q7OmC5z>N1=? z*2zS=-tI6X9^wZDMRrw%36cI}a|lzyTparyXykz7gT7c5b`EkyQ;A--dOE#u zxQX3o%PZp8*#P-*%uo3PgZHq;@Ud%Le)X1bu(t(*6S#kqO>)4n4F+l;CX?l_lrM=7 zHl8$F1lry^{wY4wPLLn}aahZ3fApqWA1LJ2zP35SW8_>Z)DwPgRMx9xj zX(?;M(spU62%J9#jyEXL`{ZI|B!t={jU|Pi#MRwSd1QPBTnU2=2W2Ah{EHIH&ImX^ zVH(WPMVJqcVekk-bFudsq zUF55s+54F zQ-=0es#%R(6uS3X$!q|EsdJyvf}w)U?gSLU!0ZxoS)Iz~Uvxxf^0b$wxvk zKv*e&nH0zmeKCCJyUST!zQ4X#Ls;ko!}U1`ZFAn<6*SLd`lOo#ew;PPiStBiBQF_% zc?)1U9^CI{4Wl@0H}{i>U6<`}Sk$=Hwvik!%aha1RwGxWlyf5*;P!3c=~PTo!dVp* z6|(D55vGhO85+4Yle*F^Q*Wk^9;I${);6yE_zq(sp_UzcfnU1TZ^KH~BYeN!UAPJj zM_>eRkX7$gL~@Gh%WQ8E^m*l0@1yG4S25G`@b%0|JIRY5?$*$VuPM=XYj<0S~kA z7AkcEtgOE`ZRqQ{!to37nZDjV#}-5Z1%<`7MvyJBX%si@nPOb!(KWp8!EA7)vflq^ zDeDI@+si+{)Mu9tK;gZ}y$qBL@ZkLZhQdSrcNI7HV(-cI0+jsi%(v*lQWJu_3`q!V zX@a&EJUtY`u0(~;z;0r{)EKSz`cW7URWNE+`A+4Rn@AXdP9P&dz# zB&7d9QE!==HCIWia8k(IhU)zw`Z)hA5@AU_ynx}1100@+0+{2g&%~}*xVDHc%K4*f z`Pd*)%UHN+%wARVoG77lS#m8SnE_i()5eWa9;bGqE!u^^zV?wAm!@*GN#%He8Rv_D zVkK8gRmpU|+xP1rB}iQp_gBcEWoF8rgq&xPpGYLhzzUAKyj6(=Ponx+`(AMYiu<;yl#!B*FJO)EO?0rZAzC$<^s&n$A2XmiOwi?jV!}@;~6> zAuh7o=c{?m6G%mz*o?J7Z|2yq%8``Jz&x4g{){@3bX>Bt^@imV+-%^5cmcr?x9bxU znsNQ?_he&CWaVV8JLK8_mgR3QWc;YYf?ciyTIEum`xg4TpII2ByX;o=xNxD|r?NXA{&t12pizCgC0 zF)HFjqR$aSZb#@!4RU=Wzugx`QstN({7A6{rorlB8yn+qjrivM@8J+)Z*Dq282Q%x z=hx5%n~u(pb>U(qLM_SsF_L*x*$+I{l=adeiX2N)H{O9Av*1hPf@Zx!G57J&8TNrLC0qaA z|1;lhTzY`FNXeLHDL)K;!FG!0kaI ziF}%vl+-cpi;9)Eunof^k_%O_Dj>@TLliJHR-oR5(6fv6dTRi`1QLL!~(v~?%jQ! zr2BnjsxfB5A#SC;Qp((aA*?`*zbiT>Qo4?-rVlC-i-&>7IU`lDfq6w%-ZD6Bsh5Nm z8*vU1(97pUM8u@)zs5#QcOLvYxehjF`*Q&9dho%LudT*OsZnp_op|6WdVYr#QpL0f zn5w~-<(d-?Hd(^M9W6)l{~u9b*^uShHBE!GfOLz1bazV$lG5EF-Q6W6Al)T`(kb2D z-QC@t@8RD2x!)h)2fWT>#muZ3;EzoSF3Q#_>30~tTMS2<-;_3oeg}Ffo}9`|k$Pwy zVj%C`X+?L6_9)XiqV0@5GY(I*mDK{x97UVF4MODjVF($#wYu}xb4aa zUj-u$`QY^sfX1lPj68IzGP#X)03x;%L=0(Zd&pqoiw9ua`SRM$ToPx5au88!W|!O* zuuA;5={@h~0D$v!IZz71;_-O+-4{2((MoPUU1b@Cn8s)}0<%TXaB?Fg!!xTxhFVdc z{&LW@5G)MtF^cvGT?E~+7@7QW@BF-lLfi>t?dt}{6b4nRK*as@7^fB{XIIOK+xKM? zAVp7efqpjdI&gmpU?Vj zeC{Wj16GFIFYS_8>G;3v{-T{+XdH9uDu821<}q#iw)7B&%zOZj$>SZpATy13j8`x`Uu`kgZ*`P-YHPv}E0fd#5xH7^0SI0tC3XY=zLdfK1CP5#nlfpX==|xUFcJy&nRJP{CDicYr&+8;GSU zpSgDXD^>ex0vy=RpC5$&Q&aui!`h1Nk`UZkW-wKo^Cdy890-g_lZ(RHQ^`V~9(`4G=FVBjC}dCO zLK!D6Fc0LbEK}p|3O;m(>hn#PimMk%pMstu;l-0<2FxcICexV&d>oIv!+9vv;T)IJjzB(Bj#ke*9?%WO?M6)4^a?Sv! z9Kjek;orw z;^Q@Q$FhO@VIwDpyhBK980bSl9?DqkPBiYc|MzQT^lY#gIXG!-F*|b@Ee6F)&MmSH zGnAcPdCzs>@%-yx#1K8u2{09aXV8gO(OFgOGR|b8SXP2}4g53I9`!+P(9oH3-L(H; z?eCw)gcR7z54*9_%dR&8HZDg^z;PSEIn7tk^I)v}U7T@{XhyEd0Py$VwT)>R%%1>z z2DW0G2?HHMA%Fee8^^Z!B7XsprScwRAId8o&S}DxCbaz4-%o=r1Y`HH+YXr9wc0A+elSMwdGhGWh!(j7g5Wl7 zoR6Q~A5eh?{LVIO}cyBY1l{Sa)Go^4WB_ z*ww0AZ7Ml5eon@c8yJM#4^}PY|KbBk?ySW-nb(2ks_AsrpkDw zW~t>;jq=&yW4UZUij_8B9W%B(J6}JFT|RW;IkZ)Rj17+$$VTKupT-K$DS}?0B;Tm+ zQ!zWm(~i3C)C@5-3h0JPHUP$gYxgGC{rtVFEpI?NJ0P(B2P$Z8=pfm?xVB}PN$z;8 zHX*CQXxX*JhJ!gq)2PZ}PhLina^VO3GSu0stY6ilNPO2;X}tg`VKPwn0$*W(sMSjO z4foe{1l6}{&VFT};HW_tS9B(}HadsH=BsvH3YK|5^>+DZk;!;)p2_$N7B8NwngAC{ zzM9|Wbo;=0TR|gq2)NsvS0`N0PZOKfbZ>Vl^W?9rBMI+=Xa!plT&#UUYqMY0#F|Tl zud0=q>)Go)U9_+$z5)5C#uOW+(#oK-puaJ&s79LPSg!<~MO7XC&^R7o;~MzlYqbjH zUFoHj&iMvJx zfO}2{`zlS2~i7_Wq0HjZUsBqjplUpQ%3sVL31h zZ;d@)E`(36{by@~#xVc#pDWH7>v0Uk#>y{Xcn^#-J+_+&%aCR#fe|J)z4y1sQmETv zS|wPqwT@y$4cP&$j9Ml+;7i1k6B5Hm2-<~(om<`#WkH#i zp?K1r9#fK{3* zWS;h2RMMu@_`m7q;98?4d=NltOG%-hRKNvmPDUg0A2|FpZl?R!M5+aU(!s?SI2(Uo z?oNS7&x3Vja~3qZ>NckR6Cf`HmMyq(=SbADe1_vrjM5_d(~ehMz0o5ddKjb%EY;o+qE z=om05IJ-;K9MP_IeO}K)N&U0BH>n~gJBUD^#>66Zh_uFh*68}h)dn1$73hT?-LtG( z11G+mjvm=hz>*P2l+)LvqF1!76{@^K`IcAvgz$n1&CFD8(HQ37mzLy)WS z1?E3!U6js6+V?DK4DhE7SmOW!@Bjw;(_oqs8;cf!_;xl2+CGTHD=s2`(kL_b`vgh* z*G03-P{#yUP?lKRv71hDOSL^LNyh zPq$2ptDD$9wV-<{^#Cv)bt^uJd|@A(03_8M4(O^20v|^b@AJLT&-pLsGcC_YHa;(V zJG#xh_J;vc0_rvAQ=km6;+cpBhl7p)CM4iX1TJUyHK^iLIMqC}uh+7U@jyh>Hhu%zYB=1ar~&&**%RX?IIsO})x;x(tU)D%HqD+Ln)S7u zy8&%p|1qM@74q+@3*7mfIgIhAj}Vm|IImPD&si?9l#*mh7+7Y3A?$TUnBdbLBM65g z&Id#(0!RJAo1$(q9b7(*=4t<)NgmHyUW&A*d8lr=Ooy}at-qCK3-}doJvosS8tO>< zzvUrK;|1g_+y7zo5xnnP(Zp(4Fn}1UaYOTV85KPWSYP?L97!B9iD{gIj?M}E4j;_a zK%~ppgG&kQ3_ufrgd$)HBO;>LCI8lXR)#{gO`97fxN}}=Kzr?rQGf&XZZVxbBe=*H z@C1*-0geVZ_<{{Y#E)mei%Qk1^}R$HjnWDRfbQW60p$3>J+Zm!9GGyO()~T>^gO%; zZ?@)SvC@1%)k1K&?8_A|2m;4v;Va*~3z8G$b!a0;pqfNtzf_(CS&TLGN7}H6s#%p^ z4t1ujYkBt});y1jU0hBUUI0z$?Q%J*c~TlQe@0Ab511oxYXxX^OXM1-abzxApy=-- z5FJ_zS1UD;Y_C6!k80=FD0Us*nQ=c5)03ZscD;L3#d8lJJ-+-W>=k0|P>!muE&D*|X_5-q<0*Vw%egWtoV@~AC zUl|16*r!@D&3;e0Zwf&b^gah>H$FU1b2zte`r#V_g77oHUei=76cCV{1l?5lpk#eA z3MSZqom7Pwm*5bc>+WEbBx&#(c{W|~Y`9rn^If%lj&7mBTF$Uk!%CrI;O{X$^_%$V zH)@Y$oNtuVZWa^Z((3ba@*<45ze=zAHh@ml=76l?0;5tUNz^a9%*)CXu_RnTKO>3? zMXp_ShoRuD;aL(HQ95$$$*#7;)AUiM&)ru0R^dB#r%KCDNBLLX=g)ixEkjzTJvaZG z$#5dHd|!5!_D+{uKBYg5%x%;Loq$k?OSwM!d7oRu*~9rrO&msbI4jrN+mAc_)ePi# z1JD~+alf-n<+*NgDX@iH9%?LG>>g0ltTLKX$>~^VxIg5DbD+X*1m)WJ^00g(`HhdC zjxgdUy@4h9tyB>uDo7AsqO)9x!@Du>C^$I%i)~v)F{**zKl{VJi`&)_t1d$QE?6#9FFD2 zG|fT084)THUZ?t!x+zAc&Re=k6qS?xQX%%$(@!jGX{XDi+7X3nekK}R9yyutmpYII z(Dta)ca`XoV*iX^PAuOK_?qbwj+Reg;26yIJxSm z?MXwkN1P>E{&M5u8;Ced!Ny5H-HbxoyVN&?Aedw^kLeY9s{(KOjIjy4wKOzDnv}BALQ`PEvmjEB5 zxp`cO5Z@O~QZI=d$twv8CB)l03=^kwHQ8fv&qnDl_jH~5`E!u!H@dD1{kyrR{n5`o5*6tv;? zz3xO-c$^rzrYxh0>vTY3`kbCJ*Tb?iAFJ88+2&+N7BCUK8X>{|9t4-oUSP@R4Zct< zv2&l79iNz8y7ink>c~h>Z1|w^@b&0`sK6&q$S6Eo_yR{}3Av1#Ggs!XMEDVp9LL^@ zkqIbWas#v_1r|J)XXU_A{0^LS^WG54f60{$c)0lcfJU@#r{j|S(b)c5E{F7Sp&ol~ z>fWWl2w1GaUj(htQ4#1=WYrwUpUd;>?8GUx4(X-3Ho5H_FIN1HTWtTfJXLN!$BM(< zPMd}j0--e{_e=jkLzwgcK&M-}FBrc>=Ek_4OXTAUHj%A7!*WYuc!tK?9Hl*a9n3x% z7)*y}H-1cG5#xU7i@@Q88x^6_eSZme46m$Wo~!-zrW+5JiBMDSHJdUK9!X{fK}<9y zQYfyy2XUJ5&en*V$tUtl7G_p7e+s0r3rt^y7kb{C)*E0d4V}oLi?45CR^cO$`#W+v zZzr*}cHTn;IQzrxyWZ_zHPbI#z0xX}xTTA;IiU}JSks_OL5yX4bRiA3atY)sU>(L! zzPW~P8ZsJ(;UFegdcRn<&AOi}Cy6vEK2u$#-DrOVe)~#k8r!&$hz3lnq>;4mp94Mg zpHV*+h`U;{$UaWlcLcm$2kgGYqC2A-(=kFA25c~CYD*ZV9^ac&E0Um;uAIosu-dA_ zCU`-N#}E3=xetVziOJz&cn{-y%G>g%~NIV2!JO+ro z#hAcEo^V9!x2QRu_qcfu*je%PI3G0ansSQ%Qd_=C=lEU&r6X#j*I3&x_ycUV8%OXd zdzs@}f-pAjVUn+bf|Ztt8m$epwXo$Ej(P;MI^|~QI|lp97*UF!UY?JWz(2BKrpVdRi_bjWgDOz%XBQv_5xQMv5{?__^-T;Y!H#y2! zxkTbFn!xC3`E@>;36j9se;n^jk}&Ko+R4!EM4URK3(^W%vNe;Uw#b(+I

({&S6E&0^SdNDX8QLHq=m&-h?f^pBeX!OM4b$)I`!HPIyf$}-1$QIuIYf|8362fuTWxz=Pj?5~ zD}GLY15al}w-Gt0!FI3zce4z%Y z5x>R5{mgX#)PfiV+Vd62fqC$or`GmFoX|6kIqbh8a2<{$(KZlTPPMp7GkJ`Q&3WNp#XXACo~A`jp1cqfxVHRf(z^39uR zP&IRdN=Oahfp5>(4ZGO>xk4Ats6%nBJXiP@dlK$THbU;A%UKSkYI-4wH`>0ti7cbk zn6G54FOUBf9oV{XLuaX&A<42am8Y=il7Q4j7B5l6fH z%Mq9Xr@HeHzMYe5I)1@!ym@)@d1(od_$Ex$C9ID=51JmeOBTm`x0xi9Xbeg;oFzXK z_F)&&5w)QwS7j3k`pWAPsFUz8|hJtlc;gppF#i~knn;cFcjnsxvaBeyS z+Mwp&a|hLKn5D1M88&XU^@cv0HB?F-zeVddbh~bU_Xi>`Q!xP9R+X30XVKa*E`amT z!x*`XU;*Q>;+{doiQ!Gkl{9a|oi1ekye{lpIm3xEyEmcY;p4U{qKZ5j9~X%%I5Xj+ zh$p_aZFfMm`#jqYzclhL-Cq2c=I5I3O4hoF-F!0gcyQ?!`vplCb5LUwD>i`$I~DL4BEfp!+==k8oymm}O3D^n%NYGG~oZqLPqrOphQn8y7h?2k%06o!cF7NIMG? zcCgfr(~q&7cuT!ixwEpFIMb>aZB0jptSRS1%|LMYJ5uf}8m7Gg#w{zRSqf#7i6N38 zGa?O{K|CcTDDG<@+l{Y~;SL_Uk#A$RpBeseP*D3zc5XNJ7XfrvttOYH-~&#Z58W^l zkoXwMadt=D#nP&!VDx5dDN0e5;Mm4afPLDY9EknQh^zWZ3Y!9N&x~l3Q1+WhkyahO zClv-2Noc7^q|OjEHEdrnu}QfLQpc`EbL3B9S?bF$<%8qJ2DFzDL61KFD!WAvF$k9l znIf%S3cm1c7Gx9DDCuqsJNcyaL|5?TW_n)3X23Lx=Y)tFA8jAt;9}sXe;sx_kI(T? zpAojcvu_1O1)I^l3yDwidf6aUV}Os3y8$Aqq=ja1-mHH!_Hn%~ec@5I@&elkAUSWs+Z|UM!t;o~;dn`m?@$Qo%l{j%@Se9ISefu_>e0eDzCo7B&2dFOdh@VxyPo z$Az%R^ZnF6C)lb}XA=gHzrp;BIw{sso#nqPK1l*qgb*dlN@gCK?6!CJuKd^BcfH~0 zNLZ(|GUmX=54ji^Ea$6DV2}i@vI3o-V!C@NY6MQ34LOoH7_P&kGMu)V%j5Vlk9JB% zdhE+}6mpdUeh$HD$r`f|oE`d~5!+}1xOK1nK~t&`PX@F|A=TVgQZG8$z)O*U7)4)r=+|A=d3d8mDEV7$x14-;#cmOCFpk*xPs z{}+Ng?xs;gSAo(-k+3_9 ziH`OI_$<-cCwZ7@GYNRpzxVMu2yNhFC_!t`DqCQBN0Q_?kYh}c{!LH}L94W+CWP{N z9^ZP~Bj+xulu`gwyHcI{hh{%T-n5yGxVMFa0X7ek4W`(n#(d|!VxV|yWOf^qVnJ3e z=bxpqBm89MW4r?c2>Pix7_+@3ikoG34QI8J^wlJI)&dt2I&Hg9cF z7GqbeRJ}C7nug2i$2e=r5@H3Lo{YujgY7TLeq&kKOZ#yPT7}?9jM#VFc7{Q>X*deC zbphT6o^RpNK{n~tr&}A=?H2YRsQ>&7N}*%5eNEN4=^U@qtOmr&XN8PCLlZ;x$!u;l zR$h>v*0+sqWuIq)WQmi-j6v^S^f+ZAe}8nnJ@l= zS_r>a3nzO;E~!aU&aUplqoZ#x31?v)Lfb~E8j~O`kYxi&q}b~r^CQ}QNUL-zNRzBU zRpJf0(^RumRI;bk`H-jARpyROLkKy_CzvNrkT_Uq!}LcbfiUHW{QJg?Rl_wAmuFlk z5AyYMheZ69be2As0uf%KvXb}KeB}JLu>fMVT{$1!54_|!)Vn~;;GTE94^qiSB6VVZ zWX$iAx&FG%AVgN(U|b;bxO;B4t(AX#m8{j9s7+2vy{LTI5M65Sje>wykC6o77%o6& zwUYf7d>n$_`=934gX7Z37a2FIdqxYv6D*VGV|B$3xMYUhKLt;kkjH&-S#z)?$Xh;8 zEN5c$Wl^T@y{PI&vXSu8>Fg!|L{^$!R(Jd4z$|8qbV}Oy;ZoiUv-_KAD8EQ=M9B4l z0}f2`4sY#9xkIx4ks051CKJ5bX@djZ3y;?_$#U*c?7!2Vjy`2IM2Dn)3)DbR^Up1u zj+Ik>@8;ZwRWpYNMCvd*sVs*2nz}1M8TcA5)_TD+gxS1+HFy-GG08+G;J%xRw zE%F8i?IS7HYeu>>{!*=$R|J81ty{Oq&@5RH7feTiYqPFj)qH1ewH^`E9*t6{tv7U? zrKDuZ2>U!aF(DX(tlKu{)@Oqe9GvxBu`uomKfHivByEA;{B-PL#zBa2ovN+XrmKX9 zovf_neAYkpvqm;FWnnx4K1hwnL%pF%ZG3L{GgeG=g1Q>q__Bc+Amj(_#O7yWZfK>11&_b1_o0-xRe z=h-U>i6|Tu2H8IPFxg=&_>l7NG8<&duQyFX{hyHU43WhR7I$TMEpwu{Ho3lg*7Y`T2d5IRaiW+|kFHySV1Y+3srx;c zDdj;YC1x-`SZsRHGf}|9NPqfq-&rMg-0X0q5fxr| zK>EgV@b{}(jOGs*sVT6^sNo+27w>7X%!#PM?6D8mL z4wqZQ$wCd4I*o(NK7ir&%Ku*VxdK1{*_q7<9K~*dYJetts>Wn z(^)VBA`HeVP2XG)z;eJPsY!c*FAw>28~RoC#pTU<4VSD@_WWznfb8byVCQ$HI9aEc zkKa#cjec<5Ny2bTL?lD%b8Kl6V!`$4jyJClH$C8#Y8`3SQPNSq3Zq4u+Awp~VzDXS zt@`^+xE`4u6Mxw#I{Wc_UpNelR0QZ_wNr7U>(>08w5m$ULN9S0fGJ6W<{x`oz^qpZ zk>)lq%un#=2+IhaX{C*5wB znDOY?smKHD9QwE4!Cbo?)1IiO{(%Nhk4)D{wzs!S9ReERI(-j0m{ z^%y69Ey<{yfy zbYi@}@Eq7nU)J~$|MLWEg!-finNdIL?3erCtJ@>?TVBldhh4vxhblHYTps%sI{h>H z2R!0BgQ=C?ICkHv~e`P)Si-%n-eVt}{lHFk{@N&MsRakh>A)Hrb*B7n7 zK}uhQX8+AW0n(c8auvg3YyT}GvY!GK?zEzRSO-(~D0Hyr!$h_F(o;y3^>Q=x0|udp zjVX4Vx7+n2SoECi-UF(O8vpI9>6~P116ZAgubZPx*zb+UG^)tIFVs+B9m6kn_3L@j zee3>d@=(|g_gP&qkCKmr`+Ydl9XTt-q69G?^MDkz1t-a6aZp>}*@PxGA%1!-r)Ie{9`=@<0CY|=c-1J_`;WP_2y~oX0tKS?Mro9>cGmx z@fDvN035+@uGqzmcdfD_rSH}c>(1*bg@eh~pxPHl&Bj;tFOIbeT}K=F0-`xTEbl29inelkvDSsM3l4&e15O8@=}Z4*s6+ip@d+xp9a=jG;mHbbyf zga`fG+VHJdG~+{wdf8 zlr@k>`vlaz-}l|QeiY}ocnFcgOpQt8Oo|in*<)b`76$g@wYsKz`Yc%WcIgf~B5ipL z1X;+d*SpSn*j0Lh{IBG^9@EX=Z#NX60%fAzm_|tkl>D5^V1rk z25tC1rl1D)EFWQAGXfSOygeRSNL%F*gvlHIVg1%9#FVRV*HMGI6K~zF7spiq@qi)7 zDS?i9~Zb#B6Bss=Ah@C;Hr^2&jdf-MBs? z`t`m4b$k7AGH{Tx+KR)d8{}k`vmVpzeZe6~R{_3$-f*K{WZKiX-z7_pZ!qG~@naEk zeMb<)^T?yp6LEu*zCDT1xsY%<9=E@%kwG2g;N!rfT6a`IK$g!7_xt?o?FI>-JF-HQ z%)mG45xYyT@@;G-!khuA&%t8rT3lp;1DwpPjC7Q*gQ7_7!M1&Oet5Uvjg1q7TrBjW z)nG?kSg@!D#s7}Raf~X{yWDC<$Lx*f@E4{eh=C8}v!(J9kDD-R6b_fK%(~q-gva0CDow(ye!G3o=4m`? z6RLhEd4q)f+VMT~pErL3o&rS}Pjs$8t$2A}dEtN9UhpCzYNO|1Yh)7Om&lpU5xQoI zz@SylH0$75Agzqn99qyMrt39CW(ea%n&hM=$L6|w;yBI{bU3V4hXd`1!SdpVpj@8s zzdlx-M*80o%c={bNP~J*f1!rTGRfYJG9kLhG_3G>a3YzG?04sxyS?kyU0EXo=p-OI zGQH2HrnNoDh(Vv?v{@N?|7(z;WVXgb7vQ`E_XE*EyNo(@HO?E@a^~okDB^9{Yz7i% z?Q?Q)S2De>%s7)U#kB630xxhhUoqFJ=4-J+ybC|R)y9nXMHHnp)@pI$PKgCAZH5dn3kD_=xntppyGg#Yr4`KKFl z6}UoPzszsACJ`aZI_Q>wy@e0Xi5}gBxh@nSLlGovU9QlRGz6nLLF*yS_YL%v)|@to z?d{iDon*hnLk5IHsk{qVJC-K|NvZi*n2Dw!*2?ScoOlPo6gdnDSKGYLFY$iU^meH2Zt9=VW5WjhzGQBT zv4da?Ufe=jePSQz4$TBHc_SVU#V;HVZ3`rW&m{AFq5nLU^*m74a93(z-}4Q7FZ${? z-r8m#{R3szDrd!ztnAIPC^SnA0SIcbQ>!x`GCW{)O-xkrK9@?)LAnqCY9HtBZb(4R z{lo~T)xs-%Ff}c>-E9;Vq>kC(RV3}rC5T3K3!kha;dE1VVZ>Czg?n~JHyR4B8v zW%51Yh11Y>5T>u(j29-D8INvL`RQ2rR9JcORbY&=5p3zKRZeK(gwmK`F3d>)rlPD(;fee=WVe ztk8#73otRP_qMVs?V<)J@4BZjS?jWA%qln-=H8NyI+LPtVyvPIjP*}7ywDieN*qJ> z7yLlJw!z}#ShMSs#1pRdmOQ=e&fh5up=hXGpHBC9D)oP8?p+#Tl*hz+JusPwqqm49 zY=Q}}mUR6sp?~_$bI#4S#*^{v^a9ugUT$JUL1FsH5{Q7WcbX1I#6hME(Qs|UvWKxow|PSt5nPCAQ|L+y*Rv(GJ$2fAFa zZ$1!hW~Z%J&|FF2=Y*Iv+z%)u|ExicLw>5cx-^w|3TU6*BF7jnLK#4ag3uyj_bZ0o zGbmZAooo7uhMgZN?I(MHIX-G`e%B?JDTo#&v)zQco|2-9ocFT3`^w1nP2b-i1cx>T ze#)e!g1gmu@w!DA3Niu4Vl5$T6hZPQ3mpw;qEtC7rz4mCir&~~oxW6%L>P$~9h00C zG|QiJSYG=(U&rRi!9WeJa>%hf8n*XO^+;p~i*2a4YfJYtfGWAvDTRsFN^N)gYBhuc zOJypf$@bL=)&}xo@F#nxEQWbCFFe2cq}N5f{3FX&HIb~affB6`7e#;R(gl)Xvj5Pv zBt6O#LOo%`zfZ-H7T)tnc8FFnPz>hUsI>mJ?^6L|hZu!v{j#pFUsJvyjKFKOPsia32jDfxdUvQLdKhJa zLpAKEvrsvKtgRfx_*#; zx#z5b0Etmp84tz)Psmc))PhsjJ5o1PyeHEbf7k;>nx}&m+P?#^TzhwUv@YPzVxgay9wh(frZ~N6dN!kLu$I$WAUA<%8SL_Zx?_#wNYqD3Kon zZ`Nt#b~6wsx)SRM4xlasy?M5dIDccW{ea>DXQo8aE2Cne+j2=_xq zszB-1gF0M&mtcMgfa#)Vz|y!rHW~@nBKbeC5Z8vi>1%n8`dMIqmH|z&*4I<)f`*_3 zKFtVKU&RN5vL~~olU0F*ZZ{s3NMZq|HJ`zXtm^+xR4IKw(zMjQ!M&wnCu%CB-A@IhHBQ|_xo=WlWnz?;*Bw~+0Ftgkr?O|D#)FJm zG2;_h`6?x`boOPe$1P9U-%;FL=IO$wC7?aqR$F8rG;`?cu_A+jHG0)t0oSp`d*cq+;b2Rxe7b}@9G*eMUkzDsSleOJVy!9o?=?e{BaI%dFy9vmUR?bU^Jk_-j|fvSRNHvSvP?$_5-WN*XHF=<5XPI$!I-XsE`?UYwC@Y zw5^Kr2L}L*7Ui5Du7~l%3y3KAr||(e8l*iSo{9IJkAD4;2K9sMq3^c-3jPW${G*7m zh#^MlN<9j!7`Jna^&U)@K}XrfxPv8}Mg_uEPn|72rS`GGyEuYfcut!~(K&3*a16rqKOqP!S1|RUdi- z6rijFC4@+=sl&E%o8=Fp0S7>Bq-l%YT3l{_hW%-Xh}JV6|9TZ*d@jZ6Ex&DITkU05 zNw6rXhdfVJ-uz&y^(`w#0@WJ=3E{6o=8_{Z7J-vN%op62xk>Y5&#V0C)*KfMpP0s@#kdD=lby-A-i~Jd zuO7+3sL>NL!^E8P-_>k`ap+d+h%0&&ANoMLp9W#v0Z9T9p^P*DY+C0Wv!}9YP-5V+ zqiwhez9M{JO)O)4<)=k^nts<*q%=TPXD6p)bajT-%OM!U3co~U+#1b1e^9;}@~rnQ zZn#dn-TdsFEo8;^0|~Cdeo6c*Vne5ID+W;`^s1|B$&#;SF5zD3RR|#qr0g(5plmKM z9vN3@R9O?XMqBvd_|xbXFEybUA>8)VJG+?=aA7b>@G`!=z_M|p$p3u*uK@$@8~qqC z?lWK%j#(|$?X1Taa`oHTvEed(GKz(G zhxhK|8AauUos)3z^Pr1krXd1?+&fHSftR!)sCHIZl9hiQhB|HC%%L9FL>BO-zkyP= zeUrLAPA+!$&;r!rlV;5TslkbXA2N4IsQ3WZt%R)_~_(i z?+iH^jItbLOK`!OVB-~$@ath z52J#f9EP@1vLExxp>Il-Mk}2^C@5QLX$=2j&BWua%v7v2e<&%OvB}x&{edjtB{cih zV)8TbJ-L#FjT!=emd)L2u@p`KmTnM!_rTU&6GR8qLx>yfm>!!7aer3{?3`~?Vhal$ z3mGfg4Jx;t=Gxk~?Jg6U01SE4OZxfVdv%=5ek&Zlv@Ay-aXj>zv(wlDC+@uXLGQMi z9Y*Y#$qR2@io+OI_(sOjrg8bEvq=L7@ade~%yA5Vray!sLFkMw%O3MdVUa#1ll@n$ zk~AWU#PsJ!WqgOPwB{>c3?Yk<#q_TEAx;1;@Z?9z`Mth_4PG@>vWFx5lrx=jF}0}s zrv9Nd8>lHtj~4>%4JIm{pxDWk%>b86H$OilL5%$x^ww1R0^NGgo@MCM!p3nLF58ZZ z>u1zPfcSzntxTE;vKt8}rqM}^(K9OVMglMy!JH?&jz%vMB)Mq-_y@b*gRL>lOx#pfm|B~G zYcL^XJ?_SR0>8lexI;9Gb683TA6d@hbX&7jKW25epvg`)6^+Ck8q@M}q zL-YjU_H5m7nKK0@=-I>N_XkyOHVQ)js{ajcKczv)h1|^7q3$(xtJU3exx$xu`F?^> z_a}7k^KUo!PTH~mmFp|IVEzoDUfnOZuBc3b2JZvsU;2@S!^_qCy*QfakXleCT?0q; zGMcJ@Skc)@P--QXE*ZAd;y?5*=U8lUXk?E>csGGZQ`e;!&_ND%f^CI6)Yf>DY781Yj zGQxP5DCN)W1~r?q*2AO%M%&kY0C0cwA;C4nSrIb~uhxg~?iIZ5;@J@K_0}e>(`CHm z#z=EJbwKOF3>^*5|(f!?@ z6%i>ra_{z$xi_&6h@`Wg$xur5xJqzGVln~(-ZZ&oSSdY)uNhmBwV2-*3K1k8=1(HK z2pbZ(Sl6;(u69pIOqKS$Ua#IVH>RoGPNqm6iML?yC}nSB`9TSPn)8 zJQd~2MYgXPf6=hKCz_J&@0Yk?F%(U#z-5P-mBtUm((%ns+2yHiYH~XU%>bzp>&wyW zR{Az}cX<-CMk#_JU8rLDy&O#Bj>fb3!58)jT-uINGd~>$`rMrE@PGMiMVk; zqzU#Ct^t5^7|pKY1a?tORaceIJiQ8+@rTfCxc78Aegtp`sYWA22Sy~U8cyOmJsO9@ z+#2LrT)`~0SubDZ3eXJs-0tN!7cV5^ZkU0YX?JrlqnaRt&*NM8&u#3~WQms9}PjX-gQkuX+Lm(K<^p}Uz69ia-GE< z77q?^WbCV=(7T-0GOMJC8?S$fz*2pKV<5HM0mO~YshbFLU)){za=PK&&Myba|17FL zF(v%dPR+5Mfs%Ttnxyy!(buU=EaEgTt&b*rv0Yojq$PaOEBPLA+%I1#{I|l6N*(+bJ*Yqog`W)7)X%?rs=LCzQ6T4|`YC zR#|e;0RFeey#reX742M&%VW;<>#BE|u&M4IsDFPSh1uTv=Ol!>u+7H9pl*t9%V$FN zvie8gjlm{s1l0({`9MmJS8ND1Xl8yQ;CZ-tBlwu~Sur_5HNqMP%K#ZuuSNwMM)T)b z_Iv@&>E|yw-&w|yHECgCLMpA2qmN4w1NwtS?WB#EA-~BC5g*d@MiJoP5(gc31x2f8 zMh7!=)e(Oe(&Fb%O@&A^!?Go2a2@}FPb8Y+#Ln;|Qu-PJ!6<~HO~Vo2B{UR6&v*GW z!9icmNvV-Xsvt`!F{vBrw4!AB0gXhA(iGtwIhaj}QOzF-?RNtOx&d7;H)%oAS)E~* zmd8voK%QR%X29F@-t+%hP~_fO1g7Tvb`Kf4JpjwUX0o|OGisgw%$5@5P`ufq_i{e$(9i1aZ2j{ga-$WzTBWVh+%_ zf+_Qp7a+D1yw0w;H9th)-(^p8&B){2ZIA`-Jld4y|~~Ky}evW^7+c2QFA9ipI5R{4;E`D!v|QDf%!4$mxq;?>!PE8 zoe$fvLAZu=t?OB~l8g-52;oN6?4kj6!eeHVp6=E{@?6q?E-qb|B8p6)knad>v#KS0 z6*Hq#+9x^xNMh$m7|T;;Lgv-o_Kk8=le8+tx9H4&vYoKYRTtdI7Z8~0Dr@B`$w7$x zG&pD)(%Oko7MYqEB|=2_8c1I|5h7&}Lq7(-BG5E5vgcuJ)h?V_YINY_W0>O#cm*}7 zfdqoZ=h`NA$rRpKoBU#g{yjKMgm&u2GBfN{A0My^9fFI&K*~3>&p5IDB-euG_0JOU zl`~o46_e(;dRfp31^oOWjS8JTiR%A-kgg2~ zh_pcnNQy`!(hY)0cXxMp-o-iRyLa4w)p5qz`+fHNtToqf&ShyQr8(HbmpY%cE0=XO zHnx%x5c@&&%hs&)ygzh>E4u|H@2?p%G1rM`Z1eQPkK!=e*%cW$+0m)b&^sFQ?O&Uuj zT&QiD1tt(7SOJ=S8e|PwdC0DqM~ZI{ywgK_R8Tdn4>>NcIQr1XiKpQ<8g{m06aJmo zzu}uIHN!SDU`c7SAY9t6HOJRpztP~8DEZb*uiiVZU`pwKE*>r}Nz|`q>q5>VvsJTL z9!+(3#Uq;0R+*Xe>~=oq>k?ec&OaoD#kQca5b_l}iD$VDST}R#O?Uc=)s8_+0C%CU z@HPTpbF|uh5^7(KierXwFj)bc_6mf{kF`$7$G3>0quOU;L2?5L&M%fc^X*MaXI*mY zUf!FljMo>Gs5qFpxJ2%8^NK;rpGu~7PYe1{8=0=;;Ht*R3EtM9yP`fQn?n`efT74o zIY;#iNFuOacGYf~_SuS~Uh9+j!8ilBi1h{T?VqN$j~GglZ?yF){g9v$R=QC>sD`{# zHy!bMP9jSxg;+T$cGWPM4}3b0$(t-y zgWoPO+z``m&i-o_5I+lh509XUys1i8b&kUyV=HG3WdoL&=)p3XE)HKmx~Lrg#yhI( zCN)wEQ&YP$?L4UY$Sr(}KiA1da781rd&T`Gfl%+*I|jp4z?2QjzxOd^BNw_$rvLaG z*3;qQj$LZqhnq%fqaOKsh(fAwCiI;GQ>e+zq|AC$!kBgtLJ0z;5SW<6pl_0UHsRGSS-#^rA}!p#Xws{ z%;)}#shSua-M-+#qA7v5VMNU_(NMVO@EnZYsQiFCqBuN z)K$Rm;Ot;#US3l7TyJ6*D89uLrSh_RaY|n^oGkeqTCo6>O;KCyfXeK`K(Uv-zo1_rRW#N&uSJj1Y;5WEMnM%|yMr-D@Ajq$ z-gwo4y7XS46Y-HGMCqF{&JjEIHZe&B#pZ=!zKITgoQ@s*h&FxE;VC6K&9`8s;~aTj zd%HnfdJ!5B+lvve42(s;&=J~zw=0;WAwIMhh&eG;sWB#>u`f~*((NDS6Hq8T_M6%j zg`IE|io~`i_I!KBey$AdS=Q0-;`B8Rxm^@14WTz+yj?F#?oO*~FlzCz&dIK6R|ET} z3GT)1|2!NM`1fkZK6G#vZ+WVKBUj(&g+vPXIR?3!)YC^iqCLT6fbl_P;JLf*JZ>>i z7*q$kN0*-BOOH2lOguyG$Gi!CEJkFi5Nom17uz{pYV=yI#>oARJ<}srsMd3_Z_Q#5 z$sK@K3Lu$|7M|TB$B^XV$NE!`qJ(aD-G65U&ac-*aW1bxCy5`1H;6ThcqH>I9u;0(PQqGq!IB0<61*F#bowY0#eG52qRDib8hUf(!Fj|jHkkE@2}8$G!Zdvivh|`LIF&ck+*$)l{1w)6k$Kj z#}E=UyU)y1Ny|>RH$O%C97Z?38?YBN765UyMa)>U@_(l1335!rDYA)E^QYVVsObHQ z*<3UeW3=S<64Hv7A{-3&@pgA^8!zN&m298nfYm|_J~|Hzt1e|COyGzUzcvJi2HxiC zp^L>J2?p56bEUU){EXy&i2-*T6!RGsaYEjT}lD9^6A~_EBduQ=8S@< zyi8>zoPy%Z7e6GkiIk5(^-(MuZoao(Mghtx3m>7L>pPkqmfoc!lH`4yAIv_D8GmrF zI13V=e>5MeTsgX%s8i$03QnqS!hL@fdEW*_{E`I>a#2npJ_Hqke56^*42GnzRwl)l z*mHrByd$t%Q)rGJOK~a;O=W3y3FirY|FzPF0l+cqf)k<**c@d;hmMU58f(dn*vn3T&A< z)Vh9l9e(<=(^%6tZ{y~lo-?S4bltC0R#N(r=`gQxwzi~=X7SK*f%l!k`EzS*?%evU z^qfHK4b;IF_M8WHC%wXl8&dq!?rY4~TmEupc^#a^!I6ATrdpfF@UiDOxkhwnQb7Fu zlXl72vmk^m?&vkL512{q_pE-2FGk2-iIA+>Y98AyMKDB`lvC_|ZkRkT0h8fjEL2h3 zIc9Vh*TZ`fn1)Gzs96W6dP?7mBLU}bLWDfkLxkvdGYBM8`)Y6(u+5n+z%$_gl3Hf?%%suoJzsDC@9- z){8ke_f-39Y1+HAy}2>T33pffmdw2%GeizQt*hGGDOxFGgZY)&d#{-BH3?XYo())| zZ9Wk&0B@bbcjVSP7w53~#P1#dgHG~T<5B)ZwSqOP+IV~7qBbw-q3|fMnZX;&^Bwc-w?bQo_|=3X{`J`K7%vc=9*S z10gRW8ZSC8Tdhdo&UdccJffnEB{sVU7J}B=Wlm_;f7i&~&$GK1bnwnaU`V6#sf{Ro zMdk20qwfyl(ut3YQl%n_MX7o%XNIqFBO(6p>K+W}6RK=)_*&U;c^iJ7_vx1!p|8Ed z{ZIo8aCpdjhbx>`bE~ojY~nsi>`jy%2i;x5-wZ~HX>47izu#RDL9^36DpKr=K7^$`w(N^ee zD3yv4CX4^~YCz5%Oi96hcIWq@V@yca;|b_^2*68a#xM&U&q+hLSkCCLoYL}Zm`i!M^CUNEDAR(6f%XAr z>+ue>u(V>HaHwq(Mcgl-=GxC*H(bHf%SWxNvD(Emd+iV;@%$C47%!>nBZsj@xz7S% zIH7%o85umC-Y4_m1byht?Ll}#V6$qnPkdntyja4h#9YCTO6Q5+N|+r^&4rDRI#F#R zhJFMr1XF-GZwyM_WMx(Ex14WP!c2GYNSf}%pt#GuT+`rSD0_J>j4C5YftR19pOwaq zl|cCUlO2Q^z@fOQ+CME>YT=PKPIdN)f~oeRW~0+m)HJC?D<_O<9ch9J4yJwi(HImM zULE#w)+`Y{kG!_8*uuh=t<}~yNbZL@xS+}wfWmlpGo?W~r5k60g(?5df&I?s7Rh~I z$u#ad?^5aq-lIEtQ(*KVkVlS|zhYOf zMj!&BQiADfQ6;81bLa2k;fK#*kOS5Iv3d1>1C;XMoM71z`v?d8Y z8Ik2I-|b2i_a}bnfeL!7^gGWozz|Yd6h`loOA*Bm-CU+kZ|~xyIP!%(?oLZ4#>8l1 z<<3feY1)N_QEZS9bK8*>4>=z7!vtv_kras=1-?Y$NEwT1krCyj>e6YAlV+(el(2vYbryf2!3y*yA63=yshih1}r9b8Rf?H@m8} zlQ6KNccek}VSSbBxwAG5*uWPJ;h*nYVCu$q!w$-oR;g0ELZMdGKy8iZ3_OOFh% znkQij9Im{U)IS})v@4X+QH7ucflFI+vIo;jD%_va355n$bF>BCsV)A>;2iXvUv#DQ zU1u{uTJYt1wH`q7z?^C&`IgA-coa%poS-LEK9~(Fp_9Vr1-1v0*QdB?ls#|FOxf05 z#x=#29ppkB#CHv4ahIV=!OoLBkOa2RV_*MkhpJ4eltAEn^2;K(wMBSX9?}U>O;}KE z`ajx^Bf5oV)ykTqG15()7Vfhu$ry>f?5krvQoRZx6T0yaOW-k28{U;OU%^;?CeaY@ z@vWo!d9%Z%qVt(b@(-CA+$0?^9|37mjmuvdt!=?IB-v%FF-z29LD{KYxi>%TPTFkLY3w5Hnu=_Ex;#Ho7&V)ZlX0|Rv|56uh^)*z$ z*+TYHaujcP8K|heel8>7+731R>B`vgyWe~lHRRI;j5qY4VIkJ@?zd^^!$Ma*jL7^n zlEJOM+=3pY?y6`--M-EW)8jRT zx#Sf_3o*0RWNRc<_~CFNt0fDZHiWzK-`r0Ni}PK*g68GYCd)3Tyf06^zjt`(l$X-q zujq0y*wRZ9f5#xUFL=K~oGkG@F?D4l^Q(w5v1>X8ub=X)ts1s{DDD711I@!@oDl{g zfBo5oI2~nkwqHrP->k;da|ox1zl-^gIqiL6t!;g^$F{zfYh~?^!fB@2-8WEHX`aVS7;%4 zw%Z?B8yNp+dfs9wleQXXRXwoMC~+Mvc<~(`BwM}~@#~vWIC6&Ke*E3rmb5zgqzCJh23ChUh7Tuw*Z=NMkZ~-zy_V<-)8_S*epC7MM5)Pmx|B-0zQA^mHEZy0v zVj8c%_c4GTH5}cG!YX`{iH2D8*#Soe1laWUOsI?xJy)5m{FPeaFi%1H!r$*9ECL+e z@N_j&0mK20n>AX_?%dkl&w(<(zZvniBJ{bRaCmW&R#OlOrHR~T5ZEv2y*1oOGJ3e? z4e2#6ECN6N#fSpE!k3N<#%HTxSMeZ9o+tO`oEkHWfHNh><9hn&x_FH0zE!4$wUzli zdW=!S9liPp9UUZnRJOY;OKs_me2YCUHVCM))Sbg7+@l9go*?Q#>X(x^5qG=#X}dO$>hQcda?%^ ze`%p_JQEkS%vUaum9DUP{q@HdMg(N0TVf`f7e*r@|KX+Y{&vDU5(RU$kit}zxSe#(uxEM=*N-xB)3W`%L`uR9$^fgU$7P zt8koFe*cZ><(0IR5AAAG8cv*V36)50BI^JpnN;(Ud*R>;B zbf#KSKlBDHKQefu{+?Syj4=&#J`Ry@4SK9FcsH$H9)s!r!W5CIp0S;)zLAxKJ6WOb z7BKz?o_htru0+Hna5B4!OB#OU>&7`ps}B}AJ1Y556c--NrpDigT)e=)&td2rYqBZe z5ZU_@PxxOK9ANJ@im}rFp)E}8Hc=?TC+Om`x-NOag4I9q_L|6lXvC?$YG-g))}?jb z(mPn9$9dF2uPW`US^s6gYUBhAe8JIqPJ6lf8@K81d?y@+_oOdQ!?^^eHFr+4i}mT` zq&p{L-Y@ghujidL$E29S2#oL7u}3n3mG~#F2jOg8X&wu~d2R7%_yU_lRmQVX^W&_m zUo?l4Ax=WYGmfrmO%;2q=P8G%mRgyRhyaT+<+{<4a{~ZnD_QvA02)f_r-5W7YF`wm zhI%?)U{bS6$F0Kz3O9ZF4lZ_|3^!^M4xc?+Kq${pLNu5_l<}~d%D~4w!p+DU_IG*x*h>6FfOj3#3eHS8*hnc!oznc;$8R8-$D;B3@6AiWUkSgE7f&5f23G|M(G!Mt^jXU6qY4vYa^&p|B zV-aB_p30B89sl{0cI~E+e{1px_;JSMe);A!;Sb1Qe|4grNd!97F1XWPd{{ataWcZ2UqGTO_t@<(pl zzO17srYmITN=vFdnOg=E@Z|!OG*_K@spK3{;ZEuc9>?t;Bc-puX3T}ee9HdaR@pZ; znS(b@yTms}^wVv9A*VQ3M~S6GcH1^czI8ew3TI1j681t2E<#-dmu;ORoY!dQJgpKl z)((vdJNePPZoQjB983+CgF2L?A_8?W?2wM5+mbYJVzxqrodl`E+$bO{5D4##zTi63Aiwg zt#|6d1b-z8n2}LxaCu_H6Jzd`M#LuF?}iIwB;&>=eVd^OtA0;CpgEAg^cLd_bXpY- z*%Ps%mpLr|eTg&kyASZTBpXPp2V|lUT4%4n5|Jnj33a14f zMqKeGB!w{N^R_5lbzb%%wd%|eaN)EF%%B)jG=^gW1gk6Gag zk{>X1{FSYrL{vU*Y4P5hGkat};oX9)o$0bct<#V=(Mx(wTBX#^{=t7K)aHRsuwO&y zJQqE0$!j~bFOz)(b%=WCYh$J78L_cpFa%?MynCd0W1qh}^lRuK!G+UPo}wC|&xM<1 zE}Jx;;jQKN)LLET)pjuZCmr;+r?EM)Q=a!+7M~hlfrGmck_6UPvf@_*;FU=K&$_}H zIjD>zm=NCTd4&QeR^|TjwaVmfB#`zVH_d}I$UetMMycX&BJ9lW`;3?tBYRDe5v@{t zaG+t}QSNv+QFVI#I<4?Sz2Z8U)fwz zEu+#Q_n>Z>g=szXSZ_cE^)+? zQ!BK?!<|m8bE&FyR~gK7tijzf|I`KaebgP(cd1H9Urh#KECQvr7S#aReckbUbj)jz z^9yNc=*#Cg_~DZGzcdR;oFK(LA=~P?J^1(ko?|u4CgUnwxJthkzX`uH-r$yd@IoTM zT#8Cr8A-D&G{%%G$xqP9-PTCLX!pCWAGKhYuq=q=298;1>j<1h2%7sYc7E1cGU@5P zz0(h&P>0#;t6F84#+uIt`?@PIYjTJ4j{#K#JKQ;#zG}`d0^#yrh!RBk0^f$GdFLi(vMqP)r@hEQhAFd4C!JEmhaCODW2g^ zHw`%b;z&)p`CeF0oc#N5lX(K6sWP$3b6;AolQMnvz^iZl)2rB9VKT)TpW3o#$W~e( zw^P5tyVDzY_ZA~TH{L{Z9%(>wH%BiEoh8i`oxB_9(Cqc^*B(^4gRuOSR;VnmFg0`6 zkAo+NAN6MIL-FN%JkFF8-G29uoBM4G!JEAjKx#^_wLMGx{Ti*aP{7NscOY2q;+~LOQbMCjQQK3y9QW%qI;9?sgmK#8zw3@vkR?<6=q`VE zNL;#$+_ZOhI4VuGyMueCd|<9@GgeHjsM%j)rf#BS#p}%Rak@D7GqZlfK!OWF1nr2{ zvy$6++4mqdiK5L(e&ssbuXMBJB1%EfB7LRMc+yZDp6Pm8+B<<3R1G{fG3o26x^MLM z2%NR+8)i;Vq@_KHX$f^G zvBBj^7CA<8#Cp4Kq~o*2rkIP%=0yX%J8pg&6gmxcx_y8I!6rG$5_=Ddc@WD4(oha_ zNA)C;sy0KF=I1iS(p-Gxv4D>eKxH@5cVgh42LByp#29&A@^1?POPPS8xMBe|?Q7Kh zb~R8$muyS~KkXn)yB>f8-XWr_eY+oJ($HficLy~&gkYh|8YSOAoKxa6b10BQ15TK0 zt?}i9CV66HwC1aRU4BL7{;qnwtuRk45aYsbN_?$rW@hGRuRZzQw^!feE3rZx9m&`% zM$Uw&2c@#^^yIT~wcn|h@E`=4-6ULyTjNJ&K zW4THr37F+dFb@q#&CRjyf50pY{><6xg^@(@JTx~YcNtc==z4it!+;*-v<#=$1}7V6 zvUDgIR?2RgTr_inN@A zyDG?wpRTt`7pD(gW2&Vr-pJsOfA=EFp5CCrxL&a}DSL+yP`oji@df0J9*+kFycS0_ zHq0UBvG3iLuQwpV8a7thfpKAY2_4K?_2nuoUUWv ztgO?$zA#+T?ly~7|F5Os*!%YWovR!Y1D@>`>@CT=O023j7A4$UI)+IcgnB@;GOgW6 zdb1x5T4jK)A2sGJbK%HZ_h$rFT00X`vas&gYiVhFX-+{cc3a`)YwUqPG{TN2V6O)^ z=(UF7xxaj+axi8jp0W_M(XR4x;6e>Z;@H$F(q|RS9R7up%2!$236;}e$uD~9ML1Fu z-4zt7s89w-K zRYSa_4$o)1yK$KJVZw}<Q|ZTTi_c!18j9 z_^bZ<*0f|YRrN&v=UnC$`Ku%M`}XUfc=`HfSp`9dUr=^tml*A~KiXAL9Y1MTmo%#^ z*xdu0nzefM%-*8z*W;P20g@_00SOwz2-*kEXMM}zVP7A&vfFRbP!dFC6xlv?VOgWN zhR^TcPO-{NMY4hy*GO-i?}F;zK(BM9w+mA0Y$5OmY=$TLMhdKZ1>!qM{WE#9Z??+~ zRT>Jm3XrQ1w0FHsuX`%`fjBWpYJi`ZYB?S~FvOT!JyXGIPn@|H82m)dO z_sN-)lPWQvyFmgNWyyxPBE6Y{ghe!)pMy2mn&mH}MICHSpuscuDI>qTTha1tA;t#! zTXpub*DchV$~cfHoa;*)T4m|g->jZ!F79l6W*ZvqneZnXqMD-rkzw&(u{{81veffW z|C){g7wXgIwqOMXNJM=KMPlF*hTnAiTVlQOW(=X!j1cuZe5EPYPb^e9gE1-jVn*-Y zTCQ}(RVz-3CYx#;LWa&IvpEKrK?JC@y9Y)tXgc>dxGR5_TPbCjEDjUs#ihUZroxO1j#&Z zZuS$0i*Nquu1SkUTm(b2AyY?n&q_cPXSHaFVdn)nVTkc$WBoK}OY}!OAPW>;S7hep zm4Q~T`l^i41jos&$10rAb~RB5WDEw)tz+JJqXul$JE}i@iWII8_Ubot;T*;M@vUmq z1J&4axU3?re8T0?Uc^vo%@7uOtyhEL$H3LjCUK<73AxXBtdg-^nK&mH-t~%?6pV|< zEl$lfN94>Y(1&XwX&M?5P@uZHXMOSgo~fx*g6knzDX6opoh65eiuwa!Yn}#QlIR=m zKoD=Dsowg6#qvz35=xy(y#k|&w3-w+^C3quWSlp#mvep_X0DnhA@WC{$ zt+e*XJW2M9VjKWi_-~9cbSfY{=js|hEM5$`zV~G`z;H4Vg}xh6_4?DGK+!Mf^9O=1 z7K1DM{EDsUu5JSd+lVt5NLfu5>O$*4SNr3*acfBbsszx~01|?P?{z7(5;CLM~0x##V{zTCjMa@&9D^JCC<`xgekSX4zAom>J&Ey;I*S+4HFRTNn z0cI2O@UlO^lR&*5ou?DX0#othTwi>tnJH@J!JdQ0;a!LzzOuW!cbcD#l-XOo&j8^5K z!{0yO?Yo~={g0odQlpXzwdqhps`8LvU+3%D&lTV)$E)3S<=vx?PY**-#J;7MRjopJ z@u<`K{)Y^7Sw%Eyh~l|_ejE)X#aooa?C~ydBV!tP$lz93aN59NBU`{kU5M`UMLDz@ z?zqN{nrmZb7}%ElGxu-%WZyeGEE@o{MeoPGm<;jl(esQC7jePIP$MSc%opDM%S!1s z&SJ{70c>90%4lDHHd@df{{5<&Yab^n4G)3$Oq_q171Ft)B<<-SFMGJNp<<=Y+S;aR z>L&g(m=!&T997P0FXA$CTH&Z28{5wn%IPa7N9O%uDE;ymvPvsw1AOI-$l5n z*U8#(hbNZ)cdmY@R2K(q#aM9xA<*|}>t9>0y$jnOlPWhcsE9z1fAugRVZlZwtM^IEiw3X(WbCD8?1YcExy7 zcA2%B$5BK(7dz&?UTMY44{H1tc$+;>t?T^_y$f%Bmx+wzZWz44CuLj5AU%2R;{A0W z;?KY3c>dc;_1}_3ZHn#_bb4aK%aUUT_j`$*93bqis(BDQ{scmdvxknlhKRDm&yRlp zfU-$tfD=Ye*kK1)6XXdWj=>-e;nLq>uixf<7xFLfTby%rIyWuRVPL#xzx#IELfgT@ zWb;eEXWR$@VyxU?{s_kwU=1K)iSOOj{qgc2!EaKse-FnD;v{AlklZ)*+&K%x*8>`x zqmmKxj`FYetA+%x(n2RMk5cK-`bzYNcZzjWtDAnkd4tDuJs8}g609<{rUS->_S;Q= zS}6_cAs-D4+SS>~-O7^yXNmt;L#@^g;pNj$tV(a|IAmm40okb?vBdIhKI$b9Hm6WI zWirm7%l;w6;hi%aL`pY|YQH(rI+SzTaS=C;v2TC<(_B(qfTq;PW{N#=# zc%tVER$Z!RS_8ukM3kDNkU0J)80xPrjwozY7$B|lXP@D(Xht1|K1E7MxQ3>NKe|Qp zIp&yQg)$+2`39lTl+Y-AXskRGpOIK47pWMat+{ai%cd_4fw!ups{V1y*{o#GBiC;)Apc)AKwhdc6;+&1!E@w}9F}wx-%m34E zQb593?c;Z_OH5JT)AwCzih?JC5rlu27Kd#f($|2N#1DH{M7{9%*{%;31VMN>9-Mv4 z8nl@31`m7?tE)j2^ukBmpSI%sfi-WFB-bpc;jXE?EyK$^aTLrzct+sHfCR6 zs-q{R3P9NvyX7mLAHZ5`Yk8z&lrprqt4WGSCF->^(ysZKQ+w>)HNoWS5Vr;%4Mrv=e$B3k8(i7#SqcqSU-z2Y z2)|y97~-$`4Bb6YYybBW_X_brsrjpU6!xKfVc;vjr|%;gat(1?7f2)Tnu1i-cb_OE z0=R#x+*WF9JDpi|P_-Fj%T^Q7Ywjb*vhJ}T3F=L}Se?8qvprrpczCLxW4jNX(Qt7s zq&Iwy$F>;0JirTGwc><+hKMzQv zXRM9CEXK#PP^E=l32#x532Yk=45=V|II(OihlTg@`=l=3zxD1Q@&@jfq*T7Y=1AtG zvvR$MUJzK{F@g}5W1h)%71ur9K)5v|vRq^;!>2}{(A0S0z24N`S@R(7)91~ZyTq>v zr&c%vhbJm7w}y9Z!s3OBtPVvvRw}~qFa|lMQ>tMZ3*=)-r__b2Zc~g66n(Hl@*zl!i^ggBbgr?vzVGz%?ys60jwL zbqHD2=^8_!_LS2syJY7M#q&_Gupcr0BU+$uKj5}R75MFL_GFQ}wyB-Wt2Db%HbRtc z>}g@-c2_;fyTv(6jwF9EZZ#3ws4IK9wqHfrKX8VTF-i(^Go5(KK<-37YzXoy1L2dS zLG%gy7FKkszFN)U$y%+itdEwXEpzn`kc?e>f(#ATsnU0t%|rVhi^AyH@QNeKLIW8q zEp-_|d?#$8 zi}~PS=Cj3>Spw4aEWm}0XyunMIwz7iUU;FV!fM)xeO1Wse8zRNw=6K0N}UX`dJ9pX zg+)JQ((9mPMcw~)9{SJE+hv_w6-ltIqcLL6=7W@&{xb3aW0?s#D1FOGzTEcM+{vyi zP+x4+uD($T^M1|cR`;K~PnU_GQ!8*h2`zqf$0WYWb~_N(w9NH#I;}lKVe$V{?6|)} zF;-=K-n3p3QC)8HVt0q^=Lj&nJ>A#$<)h7Qe)BSB~)4HS^MtM+wDZ&HkwZq*&X(mSB1?PafNQX&Ef=*fuWxdQtCs%4&i!D z!`>lBqvy=C@_@?aqe&+Dn zf3&fCUFjGwVZoy*b^T*~^QTv<)6;x{hD?mPPcOd+IB^9a*6!eu4#DI8Zj7_n6Em}N z0*<^1N6L_XGAbeay;~)$yN63yzns-g!fS053oA_=|1t}pc5wW-`O5%Z9H}Vw)Ubn+ zobYQ|v)#%R#o2^bR*6{rF4p`1>NFcS$JJ+dk z98F69F)R4x=Kfw}7X3F^3p`rj?42(<@YbFY^6b|@gSwKOhl8V?*2RAFm0I*an0T37 zVL?FbH(dbljN>`_3X=mT0qTraY53Sv3 zyUWC`nG}tmVWVOwKe*zE*dH%Ato^(yc)7pn?S0W-_T^4%L}6OG*D%y<)iY-6E7HeJ z(Uhdi{@;9Gg`j}xEs63jz6ZpXRdS>1%U)TGeUV&!hv2vAMw3^qlHi8-^tTF>;uqd+hfVNfqRuoA_uk-zwDY(nV56JMLwV>)qU+Z;~&R zVtU+ikLw|E44K|Dy?0Yxw%acPu%Y(=CosAj4qU_aW~z8iA~utb8$I(dmWS#sdenVj z3sY007umsgFiNlf)1%Q8U5LNrssu~wk-;msn}Hr&@b}xrk%|tDIXb4%peG20P{Z;*@otiM2;XiZ!5#wlEnZ6&#&QG3eCfN_`Cnj*Rvjg%PP2l{6mmg3 z;Z$PBbIXM=vraS5!TAf^)?T*y<+}5vZjGx2#1FIGtaNKI_Cj#+m8Lqkr(gYwoo1uJ zZ<^*;t&35rukH>#oU-oOgV%kk;wnbJjLO|gm9RHJq6YJ6A z?r!3xzpw=&P*=aQM%YLQF*Z{4v$)KP?*I>mni$Y$^mHXJnkkV-aZKb@VRjZe$63#B zZBSjgIWNJ@dGq2Q0dNLXj;Xhq-Pcg>$e^HG&JIuyOV9i6-C(>Px&(HE)sBbchT^uR zQ%mHCI50T6s{>#u1u4md&|;D5RnR7 z^9{M8tGx_CpKs>+xt}|Vz16d1>$Lobb^?%H;b{@d8X zUyGBF5+MX+nYtbw{RKv#a&c;UCH-5a|IQ~40afT)9Y6I8;5?;8wOhV_b$TJaK8aHI zLEb99e#Ry~YvAD`=y2O-Rtxnt3UR0ZzYib+rG}4AFTeWN7=y%#DRT4pUcc}mwFhu@ zKRakLsB;;bd0#=&-RjKq>Icr#U>oBSmVmay{2q&r5Xec zA1k+H21J3tj;PqI~V3-995e<;TU`D3Im1z|q5`@vn~1)Lt) z>wPa1BX9#NopuLyaz9_m;!t;ZRT#{V!0!d)=g4M+_iF<;V~HQ`klG5#HqT-K-V4@P z7u~v%`A6D0)Cm()e&m7sK(=m;(JAP>(N1p$Zxt(3aPuq5r+(zMdWd;JhH|1ymdL|| zU?b?hQU-W%Tf5M*ylW~p1FVE$ymkTiS^1lFx5F>hL=7<}XyTnv8iD3on_aXY@fewvJAOZS@K`D)9=-5 zI9u{)2AJ1Fp8O?B3x{g5Yw4|0&C$w)Um(UjzhPEgzAP-x_$;=296jlAO8v_T95iRo z0OeOmZRO1SVQu;Bt<2UlQ_bs<3~W1D4rJ9Z)dSMhai)_2;bdyCfaSPZ zc101p)u_`Z8sP#oz#eYuR>W+oQ&lK;1dDQ*^Qe!#YS5l57YOmNXm>^3m=bCBjD1_F zA(fh3U1+71e&$tMcnnm@b>kQR#tFO|Bq5rL#eEv`olbdN4F}2aeV* zFRTm0Fu`}NKzXalN*GMO7UUO?Ch3FZS_oevxdRX(QMhZ?k3amxYgzpg#kRO0wtG-< z*fkAa0dIJfgMCeBu!o6D35C|$dXp#nYgL}RqOK#O;GI$rI#ivJZtead9>~JLyj@c% zlNiHf+L0ghgyN&D9RoM|+qn0v~2mVC5Z#qqOW#N!LEpjt3V4Zzkd@3RRYnE zzM-OCz{CM8ixMX;Q$S*|W|ey$PAuvs^f!GM3Tu8yRr&iOGoK`DK-BeQZLG0XSr*d9 z_=u9`c1C0%{8h(HWqAfu#bqyo^%=}GJT;xqpmBl-{~Cu$iS#;9KagdiDo4@JUX23c zbW@8uBpD^^SGQyx<=d^&IT%`ke$iBXZHRM8y%lF`A)x|_)oI`wUkxs4g~tR>|3qssMP#Q2>n8H9l&AmlK46iL_;2t$Wvcy50#j= zsME(`G|(H1sp*|=P_g>7gb~GTjnY2<-}A=0dfw-1E6jzQ64tt==ZS1g*OOs?HghxF|$8nAPu8gdf#g9vW&!4&1Al9>0& zSsXBxM!|+YaJV7H9-T(m!2C;;`RoU~oD0?K;ZG=tQJWNRVoxBKh3NUrw)B!Ni>sGZ5OLnLt49ld=rFxGoNx8|GIsq3+|v<)w9T36f4uG~Dy^R;6^h>_TO zT}ST#29hXtYnO}llKj>2)9c(=AkR4;u2kQ!^yH%hDl`H_I543;W>4k2v5lxB zCZvg`N{rMT?=#4*2AC>K(9&&hZu#o^ab2XDHLF@c)7Pm?a|GrOHu{bfyW42Xj~+F8 zN$4A~TmKT^Q17apPU&gHzb`YT;=?-~ee<7gcw&Wh3bsRDxI&CnrJ&SS;M@O>wa-7t zS`^A(ajQ>so(9TqWwHS^j7q3b0kR#zU|q{*gD1H&p(NwEt;obgvJP>4e}(W3$T%trw@1p|o1!E+=PVo?NHbH~$Mi zd8dm1&*_~4!<;_CcMqqbqgOY*`zjIjE<94#gGw+KPPCHR!kJx!KLT4=TG%`19cnr! z^AIMUi$958G*zA8z5DZham@W_t9$nQspx}xnMXFmWmptrJ>C2*L3Q8I*s&fmAuMM( zC=`&6I6sa__z7C0D6?!VR68LP6w1MxPW#;qc}TIw_f>~et3Or z5ej=8B3XR521dI4U+L5J^Q>ZLd%fFA9b3VMbxRN2UWE(Yj8{=(QcJS1L?3F^B|eXX z^%t`|_L-D%abDVsxA;o()L=nXsAkDk!;&}ole(qFq~l&Lq0nN4xLog!+|*EZ1Z)(D zy0)KVtyONf`gH7%Q9@OdJ9ap}7PEColL#L9dF86AKX)v>$Yh=80>k%c{;6S)Aq{m1 z&`Y1{#Q#T|_&s;^yVGB#ht%pn?W4{B?tRKA@=YZU`u@lfY^FEJN;DBQ_1_HF&s0tlbPA*esUh6yp@*y0T+f)R;dURdmKsqJH<{3H|W@) zEP^!#Fsx7>?lSOb!Dh}@i~pi3f_Zv=&6k<$Wmjn4LpC~*u`BfyE=*{?v0plT*zE|x zu<;fO{0}@=ki07UwyN@DenU5P34+=2LdB-0usbk(oOdYJvXm#Q-8)}o5~amGflS3H zYIpRY21Je%?5h!c?hp)VyiM+G$=2`z&tN^{#a?jUvGNwo%T#kFhq%u8Q^4;QLPq;4 zKsHndN$mk!eLy8#`|$o`Qt8lYd1=IRs!K`i(*AVfyuL-lFcDBdEpP$AzSpz+waTk+ zL(VRU?T8C^pfy_?@itvgw^AWsZy0%OCa(Mqe0tm1XFEsD{ctNvO&MdyRk`+9YG!Pv zJmDF4Mn5x*Y838W{C_KN6d0~PDO?WF4~Yvv#LRHx{CBa_ot4lyM|LZ(mTqf#VXfbp z`GMgy!W3qU`M?Gh8uV*Oq{NDQj{knI=V@ta?)3PjZ(-ic2%pG^ucv?^!6uU9qu+Nu zm|cKCgrQBhA;>>Ibl7YVDp-Y5@qP{`))i*#O)H~-aP4-CgY4>lbhJF8sG0iWt%K?C z?dg_)JM8P@!O_2>`eJ?#_`Yvk#`t#QNxcgj?%#X&HZ=;pW{b5UYlXb(WZ|=l)b~HO z1zD&#p--r`y)|_xv$Z@i@vu9cZ4<3#ccu}VK1$W)XQA*X>B-&yOu`f}uRim&2~=9@ zhd0u~RRGPD<}nd7d;Rl?J_#t5qH z@aa4rExj7x5`7)N3ajRpIqfdMoXe(<*xHie6Gd#ij`}3N9|pg?2F8PyX4ahdPuo{? zA8W}xwNSO$EGGa@fQ;BUS=#)iK%R@156Y}HuG>y~nzy)1Sk5XIo~6!sMjlQnax3H* zSoAwbjF0}IdAK95+O)N*-=|^^3}!bLSyV90Q^9dASWy307NYBS=ZANrbG5QEG@2dKcPPd37uDSxu(i<`>`fcJWyV-fc(W*1gxu6$r%Tg45MTdEO`#PQuPfE(Q7 zY;O1mZ{qeShRsAlMU`_=EMp4m%9l#-brq&sFl$tM>_VV0gt)>8=y;z0%uQ8U_vPm3 zX7%aGStD3IeUA3A>SHxEw1J?g`Bml6KLX+z9KXu;l)1V1`im7xC??w5kF<4%yQm^# zjE69no$m>2!5GlcTkN0jLTT>OSqCRus}fX1#lm0S&S71Yx?&fi4%3OCF+tmU(OK~; z^xx=nVgk5l8oD(rH@j{ei~!TLkOy&F8Na%78DfJUlg54VJgEN$ldpb(k}x3w3#R-Q z00e{$Py>R^86ZUQ9O$+#z0zA6+(WO8wJ_Qhfa!kt;PkHy*WxYTgioI@Ayo$K@6hoX zB;M{Sas2Z$%-Uz;8g@t|2|o{N@h)NVAAmaTIG8hFv!3w5+T}$cZK8;07!Aze$kZmG zRD2Fu!m<8QeS9wkIo8$6ik;U30*uzdzkNQK1QY2g2w7Ac?V

)jlS~@;yRzc>1}T zdR#=T;Dq5<3~}UomF!V|Rg_xANn5eqS9AT#X~ZbYt`*azd8c8$n6dhqRg*7N7n)mw z|0a(cXkFb)a2tVgW*U#6+>641NLN^>7WUxyv0UbAhjyh0a3(348dNZ{40tPZH~wUg zceXz{pb>URZ}pne2j)-CWR8sW$hkg#yPaeTlP|VMWN}dh(^Ti!YMf?W@a6+}_5eU{ zr*+|G3tKqM&;(;Nv7-3ms>;$gkm$XMthvW0`Y`$jXKHDt_4tAn%q?8NUkWP<9_`0% zSRk0Kb&l~+7g+MFGSz?ns?6o)&tslZjg;w#|IiZl*&@oxi7|l_6_VC))1AEW29IT!R05`@`re}s^xpxEO@PMvB95N%V;|F|BL6fA!XipmYVE#QS;QzY2E z_bXAON#V@Q&dJbZP+7Hn_^2hn`FHji*!td`W2aQ3`5HW%f?Cn*u;Dtmi93Y1K)EVc z&CBC0)3%i~rg=&m1tFBJj30SmIcmsyNm9xJEUq|#HRH~Is?oNd6Zd*z{idtsZ+iaa zpM7T%_q%_@!jB1b11QLNaOGh@^Xo7dkoFBRMY13d9ODlS?W`SC)>eOT9YK<`nH0~~ z_5|zo)514|;JfOY5@e+l`8X;P#P?6W-a9*gxX!2ZaQ!oJh+Or8U|wm;MMgmSm)i3- zs3;sd)o$>!82cc{xvVDRH{0uQKqG=re={xaFEj;Rq!JAIhdbb};jr2?-&FssslmUn z8$0Zci)dgFc2fnGWeExySf9SY?*h0jj9n0$^DIAp9AYbo!p`=Xm$W)IX)}ys&)UB<)9V1sME19Tz|92zLJuwc54x6WdN-?p!on7};&DPKqe#|Tc@a)rT?jesAO7_Y5m_z?hQP&+$_5b~^S!PA{-m*8@ zWkew=TduvcXPHUd>^%}PQZ`u`7ZKS}Au>vKva`bPTt45&@85d6_kCZl^E$6Hp6B_T zNJ>g}DM1^m%mJS*43ck;yl4bgoS!r6kg|u&rmHL8c?dJ6FufIcy?le^OA`=g``y0_ z3iWz!kaQ50$cS8Rm!eY>dF6@a5lw(Z_ zYk-x3mdo)vqy3p@v?Sna)hS4z(IX|I|E?a&MV2h^&}*9W+RtFcb$^Ow=717D<*wW| z;Fd`(zkdP}O(pL|Zg<<&-79sl`(xDXY{ixc;!p(&-!*KiFPTz3&tiCqf z{B=$}4E?<*9)V~$_+WDhZ0B7;ax%#+SFuhz%ly7vk&wl|T!qyl0&=N>%LRxXU5C7N z1l{fy9k#p?m6UH^h4*FY)d=4_?DsP;75l$Dtnz0VV)oWope)COMoR1+z<@rFePMoT^buLmLrmAxqr%%>r z^=${~!XHC0`K6-z{!A;d5#taF1(L)>%#Qlm0NkG*B-LXTj;p;E82uu$)&!7OxmxWo zU^?Iz@K-GpXe+_$1P-9v>N(60Gw+*BRk~}gJex}To{L3g8>4pfMmF8w;|FG;xuTK1 zcnyvk*FIQC{q1mCcfnEsVQ3sga-NOY;V~Lw)sd|^bK_tdY757snL^hKgqsBUJ{$^;3>eGo)?=BAYuqO zkuPMjQ}lmB+31&KICSu}BbbLYis+2A0uJ86*aWu_ZZ5_16uB9HGfR5l3w{QC+i~AC zuDrhjzA9Zc{NH>;!%eyX7=rtw;NQU?Q{ypM{u0nz0kfBeKp4>-Vs1QYL4S&jv@d*? zJNzXEAi>iK=t&T?Y7!7o(Z>3X;7u8ouON3xNk0#d(hBZ^mJpzN$ZAG><<=!} z9rck!T!YZ%jZ(PZg_7i9{)eHR$`FZss(O|dir`-~6Z-l-P{Mv)3a8g$#psHf7&)Ls zQpF-7@xxVs&tI0K2(CHMu|=Z2oAVpWf)>Au!HDW0Z!sBrhWhUE4v2dZ@<0S|PE<0; zsOpBInbn<#P=Rpw4lxsYE9{-c%4Aq^uQcp{^j5C6jknu}QW+nZ+3&@r2AHBPKz1P3 z(g4Vk3@Bs!VyPwrZ`v@?O(<^^N-HC&^wM{rtBwmq~f?7L&R@9G*R?0rX0{lwvV7&PV5-;F;E^15nAlp;N^dE|5;E%2wqxs(4*@~O72oI`V;7nBZ)_KP~L~qsv zyDY!AA*^2EZIv*~lK`jhbhr*K`1*_0q*nkAUEdQS8MGN+yh|^&&3gG?F}}-KgQdN# z&jXJYAWi~gP)I|2N~mY0yF3vn|MIg)tS9pP!KJUY-mb-g~&dYe;k=;w7L-aH=h9VUC07lxw_mk81g0R55aFlCC51|%9TuY-uLaP z0I*`LdiMdKN?;&(s>*VZvOU7iSVKj2QDdR3@07Fo*>q@G5+4;)sNJo^7MZ8-T@7!vX|R`jO_J z%TrBVFe%PhgVuVm?G{x1OOf{E$6b7p(2BgVbv8akEjLdn)H>RjKB85vv2CDZP+4Dv zHjI(h~eteUoMNhZ8%j^RgtS27laD~A=r=G0nGdsCc7ymbASENvXLOkxKKXzZnt%| zaFCSoYOVPSOmAQ;!rln~@ILg6AxLJF^}qMI{>wj=BF*y^tWlBOTaz)3B-%xRK30bv$N_0$>R=TEV7^FgpV$f{7rt}NGZwR z4DAjoz>Z~(Uoze~Tj&1C9!UL*4(5|GucM53KQG2%jnZo3 zf{eCKL8Ne&EabW=_f1SEzGom!<;;zlK-c7^k|(J=TV~s|Ug$T7z`3v1IKKpep3zaZ*pE9-iCd`C=j_rF>xt!XBX9 z5JWZ}e@jK$Ql`*^aeyk2oc>dlO)e1tYqLD-(#k>~&isIChS>nVb7<{c9eJZdM)_m)7@OM66R>ah|u>iBLO<&EEAS=MwjuPR(q9WDg@o1vtJzl zjtn|FRJd{5KQ~&F(n|DP2qL_b^W}JFq|LQ=Fcu94bvam#&sqb>CKnutmfRM=(A7E;gWe-8VXbhI+Q*a`2PeTsy=Xn8av+U~%kUc|y z5HF(4a0#SgHWKg&D8qP445E}eugnKu|Neo{Fk%Xzax8T~Uhy&XR?bb(QKhn?7UsUn z&hz7YSTDrVgM!6RU&NHGPvc5)Vg~btXUXQ9W)u5hJM zF+0xTRSif3sfj-vvG-;?mg1Ebf9vU{1Oy(xzP~59i`2X)%Sa(JC~5b?)=@tjFNP7S z?ReQw%Ei8aTI{}j@l*;0(-;gtU6S(_CDh3X(RDA^tWdhrSaFk-S|4kQ6aum?f*VXI zq?uZUyxyy!cM(=#?~rY>1Oh8bN){3`dFzXMFnI)OqA(Nt&TC-`b$bA2ReQePyYMkP9y@Dcq~?#T|yeuL(n{XU2KRlN9a znkIA72oYJbn0}v(Vl`83owvT-RS@6L+PBU|n|mH18d+O9`=A`(p7o*H+SNGiRVf3DV`(5_|auutv9vRxIzl1^t)`yEYw5?ehYl zrh+4M+XF8CMe8{ES53873hUord_>=SZHTS&_M3P&QL~`CCTjLjN(K2CP;Fjfh*BvM zGQCo>aRq9nFtXeIE(}LC6eQR{R&v^&uQofw_}-nnOzE--*S@f^sWGiMrxo?r{oKLN zwg);jBnHNCXQb!gup|r!-k*OtRbz}GFzdrj6LyRzNAnS)uaV&lH$M!p&_gr3VMC9v z)jpKX;$_>#`)=C40k!ofSJq*+p-jfpaQ5|C0tKZi>1LUgNB$36 ziJ@sKha`|n+ON;#*EUa?r}#}yKIT&~lVjHbCbcujcN%x6K`<7YZ=lMp7OsJ(7GBe@ zpx1HjX9q&qW1Z~QR}--`QC=p3x>}4b$`Bi#LO4a%s^RAawhNs^j|778c}XJGH9qzwI(XXEM5+k@uP;C!?>)UCeb{`(G7IRg zA=b0G7H}AVZgz_@R@`HH%Xcj6C7|-(&oS#X4W& zLXn12_baFM+#!z`bZc-j_y|U9D3TXab(eG~=xLZXD=gIiE_`~65Yzo)y_|}jcvIX8i&@<37Y6HlTIzFk!`dlZs zJZX`sA-lleX`u&7voP;oOq($)>VE&975PX(eOz&i?A6AcD)d$0W8e0i#)=P9Iq#Hs zi8hg&=xd&$3HA$ulP{eGzmj!-glwGOoBU^d0d>>$4>j3)l4jCuc8^jn1TWRvRd0cO z^s5kpSOaJd2fdJw{qK;Ze%vDzvV2-I>wnH?*bHlY?3Xy5grtBYlhg3;Cs;#|U&V~k z?FM*u_#Rm$&2s7~Wf)CX*&_ zseOcc_w`3GO{IK^5u^++zK)*POW*Vzy3d%B+ za#l5#Zk_@P;(knnSbf=1pdCo@|9Oo!!K~Zeb*hNd4!FhR^z&FYilJ~cj2h$dPoBad z%*)vZat;uo$Dg=ji|zV1(SG)hD(CB3##~^Ov?$kk3<)*60a2zuvX8ZP>lbGi7)1C7 zcIkt(nx&zLYd_+YOp1$M(s)1n!w}p1?GZ}1Ve#1kN4?J)B7B@~77ei;IjWr~cn zLoMm;9BNEkPytTJ|2}Rh_z<7t9IhjH>i4PigS}6dSHU;Sp#RX#Q2n>6Hj?eM5s6Zjm~!-qL1E{ ziJGVZbtMQRMRT<&2mQpH57sOE{4MM}9F|G6^t6f8`H^myjwI?2#5>2o+J=N4dOkad z!NFjKTm%Z+0Cs^iDJlA*%nT&-YA+{d6ht$j z@bhRvlV-L2Z4A;=4hR;P zIoRnf<@T@Xe!0s)gEXAZOt?EE(Ew_47Hdm`Jx}~^iZ=l47VaqXRb`5td2ce(*jq6- zyVV5wGzGb@m1i)KkVdN~Ic(2XDt%?|c;D^VkUV>j=ttp2VLgp>mn{(8g5>=Vw4>U6 z4@19+9iH9E>K|@Vnsov*IYepI8r8zbAuPZ`SPo>Se4K7gN1t@rQ=zG@EV^XWEC4LO zadw=a6ig&}u8N9DyIF`C&`{!$z`KKCQJ0%cGQBQm6=MZPhQ|8q^p`oMq@U(|joX5Y z6v*#f4C7`N;}oAqhe>eq%Ru*pzh&$qiI%YZ7p4MD(`>%E7|HSt!6-zPRx6Q2ugdBqmnc-x8wPgTf7#spm8_b zkX&{n*u5hLGgJ!zt!qCkDt5{8(g|q%SmHOdW?TM|32^B;M)EiUGgHp=(awb{6>hIx zzWr3Sq8?r3b}p6>z1@uVfP7@#Liu(b&6^(3<@;-T6_P| zR&P<4H#QH@da30TUt-VbesfzPya|98z~rbwPD2GIcs@D}LE^nm37DCbQHl9~fpWIH z2y2a-dXTuwvqWcS$S~%(+6DPPjFDz_7Lzf%64a7dAtBEp&n5}WE5Sb@^@59C`Wj^s z(+Ky9K8Dry^v;>>O2VuCPuvK*mmvWIf*(mrhfA~blyd$jIac zNdcf-WF#{`PSH`q#)=vIs5vNz((Gk)+OYLAz^xMfG|O*<}zD>Ow_cgDW%bx-i)6OzYhcsgR=6kOzivDixeNyKuJf? z@Y6~uTCZ#h#E1)xub!6|i>Q1Yc`#tS4WJfmB!fb|+>UNI^+lFB*cu?v~PGNg-JWt4eumgZyGOC{Kn%AEbam z4q7T`!W!k$FqPP8ZVM2KV3%f*5GPt?7~M(lBD7U7jFXp;m(w?|?%7_vrt{~R5D@IC z_rgY}1(Ku4V)E3jm^I-eq(|KTu)BD2TMifz(7^{4ln(QLI zyw)ReERzov8lGfjbQi@WBGsbLt>59c1MuigD$!ax(wB)Z(Sd{{OaxTtD6bD0XBzYL(d>elew0HuT`?BBz)|Iv&l^nyuqd6xdq z7x5^pd{H?frXsq~9k_SrX`wQQlr*iYM{_=px@�nzPe!6Czxh3-@)+->LFdOuWVf zoeP+x$IZs+pcaAA4nPlRNbFFwKFInXKwhw$R-?M6cztD)E;82Ser^2*P%Pvo ziuOgt17ZUD$B#SOT&Z}WF))p`MQRY%AqpWp=zpLU^`HMV+)ge+gxbbDY4dmb@7J?^K?7Ej*qT@vEB^YRIs0o9_?z3M`j?i%*Ogt_N~;UVOc# zuwa0`zRVj;bpG?a`l%aD>vv>rZLQF#ej6srPkw|ASb70@YZxSh)^FOF@YvL?l9&k5 z<_3}9#kH973J$o#`88@{2Cu(~C|&cPITe-TRlbVa^&+y*wr&TMG>`i7tI9FkSt@G# zniy%pq}sh8VvkBB3$#bu4#wJkrhwFXe&0XP zxh-;bqWKos0>rznHgAkTMTSw|*yC^F^*wTtO(4l7omHTqEL#!K`}qurSb<}5X3r2z{@Cte5sA*yJ6?f>NeJ~ug^9fZ*su|3J0 zJ6}oq4;2m!=u-KlezE@aURhGer=d*&&8`Q#0Mn+;6p)fO$w7n4id{vjn3}5{@ikr$ zf_~uS4vIgpQ^d2C*iiBXmk0VlAmS7*T=UQ~30jO%j(z^a7OTrRJ0A}9*JC(4<9rqj znzy8j%7Xzkvl6@Z*~sv8_s;vt;iUtBe!|otw*oVB@N3VU`r}9qG5XiQ4-Jay)*DI6XqW}IX@gRl{!uNonsazkMregp` z^Zys_n0Ku3K}BmM2Kuvj)3wtEzh#dsKUV?J{Oi=)o)1E-<9Eqk4}Vyvfz%LYeRWMo z*>xPdl-hIrDv;ngQDHASanHGc%BKOi4FUPD{YVxmX%YWlZ4kjX>|OTV8S^HUG?eBh zo{N1TyPw=jyX?3oG1;TDKETl#w>!^&05Z#o{y}+eVf`05$xj-7%R+sNu70nxWy=54+WQGGHy&MR`%J%urUGj z3Ot4LXzmeTBSC3J+#cM}4~u@Vkh8yTiZYU!$+}Z6>8l{%x}9dOxhxX{u{O>Q#n{aA zKI6MKMh0u?eHDF3jx_^-}QR;g^6Z31}5r%pQ+$@EaS*a_Raysr)Z@G;p zGKC&Az{c=mCblsWyT71SHFazzK@xrT3W<_x!G3lDe2m6E3WgErM>`MS80}Wk_kn;R z0r7c4kL~!V?7%!L$siRC2R$c;T9D9arZKnmjHu(|mJq*{9oO?f^q`moh#N|S z-zz448`U%5LEk=9A15ou3d&N_9OOUw*NuT91jMOW*e)n^c?XJkj;dhtovErB$(sSC zB*upWRV+IUH!z4T2t&nY{F44HLGGk3+m5t$3N}`S-h@%t0K19F|u!#z`=-^m>KQ%;gh_b@ej25`a#EDby>z) zXy=GmC7>$?iSr)D7X{BaBuJRC=F=PuILC*-O*Bl8`dIuFR=#QNs#9rhQ8BYPX0fnT z9y2r2^-QxD2GgvBe^gSqKqU)G3HS2oTne(CFr|Y^ua^)?W9?76m1$<|4z6#y72E!NrFzUeOmL`5$F6iK_)sM1^u9R_wqssZjU#6JQ%}oxn`c* z8YgKRihR9>ePeeCLP*eYl*l~LqUfRCAp7xD)dS1?N4D-+jwH(7swDLFu`!e5OExis zz2@vRUr0Hc^RGR9@#Hb5u`5OA3O^C)c|xBp{U#R6ERy9FVaxc$nfppnENg?tm?L_k zaY(0WaV%y%!t}qFRAI)Fh9DBr~1wF zkM=F(%1>+9Ga09V(?|s`#15zP4)RQWo`N0vm99bLoZr>z)&}(Jy2gh?Ad^H_Orz) za#^^W1&dJvQw<((9FAD*4lXq>X7|H%m(qRDby752U%L}MuoF$Q<+Su$uDA1lVUc4e$*Y}A=oqOimjPu;}70YISxFP~593o!dXvHmU=6qx$ltC@{#=t!y=eqnbEkE%++XLcKGsPj&}+Y8P|NSd2KJ%fs)v zdD#wU;|_$191f+~cYp@&5dl{Hnm_PAYB($%(E1xm6l*_ZX zT3!(I&1x>L;Vq5bNvL$&g-)Z|r0dqNL1UWy&LvelmfiqsYSNS$Rm_c*?_YN}`zxB8k z{cjH=Ao_lzy1<(74GjeW*qu!CIW^3D(%l@iDA<(T6z6HLIb!q@*$m1oCHigH+tixk zPjV3iozT9m2#p`mWoOb3jbG$Ra9dI16)QhVv&AG75?YUKlg|oF53YfQn~#mB{^Gdbez?K`%Ddefr}I;vmdLgoa+52|GJ*aT zt$#6>(e+5#7Ke)0f~B4+m>9NPn7x&}2e5j6e=+`sVXqWYp0A5db8SGiCv!WfUDo_X zs@UR=9`Y8||4hBEW{sZr*#X*}Iu{KbGt6gqz!4yW38283=D4N`C&sh>DB9{8Afz?M z^j`wfkw~OT>(tG=r9+WkCgz_E7bH!MjQ47NXVSVzJ`|)GwT%6jwsJqo0`l4$FBiQA^jEZ`PR88 zxA#3C&MnJK4qscJxn%jV5y~JT7(Yn?PU62WBqy6uZ^Pj4GN?787|sd=_N`lc8*SGo zb{F^`+IC`x=$(E`<`$UOSqJUsiObr6H=X__PLzVuL`qD}Sc2NE?;R@aHDgArwT)a@ z?(w*7CLDfG*(F1nuQ8h2{8?a)&B!epOjyqPQ~UgK@#_nFSPKYS`&+qof!v!&+epNS ziZJKH8m`cd+1#DH=PpSjQx6CUK8_h}ZMZQ~(keqU;Rn4W*(L)sz^O_cs~Ci#Kd zLDD7T0-dJCN1`0XIV~xxNaAnfR0zaJ#PM3oU4cz)K`vw@v5h<>8d>GH#$Wr}9cL?ucK1=f(XQ3DQob_j>1Xp3TK|(OOy4NrmUg16SgAMNEXsq&)wgGwLNX2WQN_# zowwDIv(>A?@EV9`x3T!jC_3iu#}be9Nd>G^8ppTY{EN8WK(W+l`L#}3uZnLtwKPDJ zZFtvx5qu$mN#%R#o#I>F2q z5Pdg)?c?3RK`aE~-*pnRH=-!#$5F&1J?y-l$_r5_d6#d;90q^BO}~~F36LROa->d2 z6Z_#K5Xjv*M2a&0h4-15hmCJI&Rf37^FI-8QgChe@alNyOg-?y@Ag&l>mCpON@61r z)2ohHd|oenspor=S(oSLpZgvu<7cD(t+V+1dT!RZQ|Bm$+6xSL^?bW<&}i`$*0ia! z4#!}*VT0R7KE?F={!`(heop!Cc1Md=`7U7{>7~6SgZO6;w(a6qxXO_pPW7>diq8uA zM4_Cs;8jc&8unH9>veL?s~6v)+;c;Zl@F>~E+G)U&-HOD?nR+UsmV)I-5zGfdYQ@V zk@sC-O6-5+>|2&ZA=t0esm|~(Pe;|;K zp0X(Rui_r!Hr;OiCcfmDL5X=dhuDSKOxz7ncZWx%9>_2UU?CI@1G$3>vYyAaHC(!q?36X1txGAEVrB%*bz5|h=CdI8a&DVKVS zz}{Xfs$==z>+9OQD`LR=!M|iqo+DH|an*h~T1Rrq+b|19}Y)_*7Vq^6WAGHv;>| zN}eYlk5#{3;>t9aT9dAHmwr4y?(J&5kFk8IkRogY3ytch%E2gNy>a5?3?})`3$ck& zy3>Rtd6oy8_2u?zNCd+5=2!fRFIx#Z)!JoxI)X0fbg04^-}(BiG+=aXa$nW&L?l8})@AqwTFoRPA_kJ54+A>=OEzKu;V8OP>Q31vsb#7<|GRg!T`}mx z2>Q1RE&{RaF^ou&PF&~wnAB_d#W6unL;o;SCO0Te1Nl@|ze`Imz@@XO+)eqwG!A0} z&f>Tg> zS?P#EjYKDwCX!g@B3UMy_eu`*y0!EquXT=~JFg7;EN<4rQhvJ8kHxpsL}QujHOpVS z^f&D5OgZ_I%>C7_?B++@k!sUzVq5{yZ2AGy0e^YV!ONH$;hvq3sC@$?n!*dm!lB8_ zp>a&|xW#hDhk9LErOt&V2N{I{J{n*=Scu>hPXe>0&uNQKh(|t3HD{Oo{gy?1%sw3y zF%tWI-Go8Lkfhyj6qUS%BQ{za%G=9@`I~`lLX7uN#usI}#S1R;uswbH62EES-uj}I z<6QqWlp0bg9+sx{yfl7AN17dpW|dcypLF|Vg7QJ<3Kthw0I$`D-mK@`3s`n#0g?|+ zpQS%IeReYH^CQV=_7x8r@&JwL8(h=eYdAN>o>9Uno&G3=Iji6=(o}X4DG%W+#MX`V z)ehbikU*(TTW$UBSDz+Ct$9t~4q^=e_6?k2%(EY(5R`EGU(Tj2-fwU;!yl{# z79VhPM4o8@Z{T;@0Be&UQY4oz#iDicu85&B|-#3 zEI1x~V$4>h0SU&3ay{po^}f}!%k-*PZpoNoLykei1J1IC$<9s^k`94D%!^0`6V1j6 z57BPUPgrf4qBP{J8>!;axf98$!DN$KZ%K_0GhPKqQkvxlIZc%f_escvVuC?neF^#S#$$L0iOv#dp~<_b5qt$SB?FLYsT)s%g?* z2{;$-;n8lxozhRtnLd+yg_Q?#Ve^>N`pK!E!0Zh*xtz5|wQ1*4yPLe;k!9{ec+15{ua(6gm7V(rtO0Pg_upt^ ze6=4zVp$a6ufgy7i-`so46xIx5Y5pt?6_}gR`~_>5K{(?I34mGo6K=tLzVbm8Q$d@ z9u;#BVw(u7X3Aq)TYa*qEO%jBj%&Nzv-4ts4_rDw59g^_vA-rwzxv%fg#| z_`O?|O*C7T)vUQ+kWR&qgrp|r6Vb_4i4;qYxqlfj%Q7%(h+E+)hw9jorYWJg^!oFm zQmvqeMztC;=p9=?G5F{SW^yF=94~%<&FV~jP5FT%Y}Sl_rVirP3j+9P(W^12JU&`=?HH-3zzk8JKT|)yn!0p@}A+ z&3-A}lPf(In1f%j?3kIN3HJ-ap9*`gx4~JKc;O}^LX%^7_beLveHsnz1>&xcMqpyB zjDGOC!=s81Feh(j=lqNd{JsLczR)&1TDN=C_}|12>C#o5SBo=yV7=Dm&d;p52lT;; z|vs-ke?vLEI{`l6u40C#d2`{#C)SGLFRllWGi3Hcz#j`zH^)HeIV|CgD z*!A?IiP}~|Ta`ID>1d}_$4twEsv6AqhMk`g>E1W65?Y3pLud1ZbHLx7?H=y=nN0|@ zE)FD%VDVUU6{8gzvtVVZPuD2v{7jK&(8*V>mUkR<}n4=(d6}$fWhcr7E ziD%U0(KjQun+d80*zb_a+G*tro|+M`>6T?;>@ClP6?kX04rp(@DtD)ZP_VW8Vk;M` zQ31FCOL@vbwRrUBrm^wex0b}xj?;LsDzFY;q7m{}I+bVpJIqCi7xK&9#(h4YT^tBc zMa1Zg6sNTQCjQ-ylK^Lu|j|3nHwbtHMsnFV~(ywrNK8Qx-V zh<4w3N?y+x9w12b!Ab~icA5X-RMb&)6q{DzslDYCLb$zup@lq%t88rCJIAE^2QGML zM&eGv65nrJ0VEw5FN4T96b~-AB~s7%LfwojRgPc5UbdPRs~hV!28cCNp2{bjm5E=?GTwsm&lZ&zX7Yon=Crtg!x8rEo-z6e zyX?C4aeGy|aucQGArfG?1G^>k#Rm@)z@lf{W@s^IK`)WG-7kC_jy%S6%<3V&_3ZX9 z$?)VHGRsJ8nxSgtX$>bzJr^WZUYrD7`8301)qU= z=T9bc5HShRr^o6>uBfxS-?A6_GIw_F*Iu2PkeDe1r%iNHQK+(8U8r+EGN0$JSa9^V ziM3=Y_bg!d2aJQwy`{nIXW=hI3N`utJPQrak7r_td(b8+ToANT;5!Zk~;&icFugd5k zh<-NQwG#4C9?jjd*AUyP4E(}vK<^Bo85Y%7A^3LIpn8Y5M(0 zbdEpl*vK310r+WgTHwp$+bA#KkLIm(v_}XJl?y$il9M!t1e1RP6Nn+!jdw8C!`-RO zJ6a+Y4QtSsw&+svb1phN0o`f;7Gu=Gf^Xnr^|5l*R31eU&&MnZ9wed3hew4l28}@H z9>bnv+=R)w__n%hs`w|@n<(l&XX+wnBgj9_eY~s12amP7ERliXPoU}pIYJ$EqEK1$ zwpndI=caLKj1OrG)uvybE;YhGQ5B1?nNFjOPo$oaflGc+c<3j`h4!X)lEGJ(xCq@E zvbJpdaj@qJTm zkvP`vaG75^zuf-+{mDAM5$wn5=`o3Ir&Fj&z_(c!%Gmv`?1|n?czG4$S`Z5FgAplk z4yoeXLhU^|m1A>N;?dd78g^yY`&3G2k94FVD5ps1Md}6ab5YWibmSWI-D0qmU8g+r!_>Iw8etwG8`wcFxDMRmQID)H(1f| z)7v1Pg@zAvuYrwdMPjT-5l@2zvc`&fZ9Rb(ZiM5psM^G@nsM>4W7C@Ia9JSkb^J!8 z2!spJm|zYF>)kqH%B4qiRxi}^|5bl7nIIj*1i^@8hwF%2scfnH1~nIHWYgxQqfnFz z?aY1PK2OiHRLDGT1+zd-r0@`IKgOILduLb!3g7L~BxMt3kWY{Bp8op6;n#?iDH2Yw z^+>f(I{wT12JLo3ZV*<)?qwxlHbbfaA0M;M#$ZJUQ@_P5bHjf$EpYZ^lOCOZ(`yw= z90MMav~!^=t^xGq_a_;K^qPJ*5I`EnhK@ZowB_M-%uj;vxBEec@zd wA;=$RgNf&aH|@t;7bf^T?Yxuy>FE=u{o4+2KX19bf`3A&t7s{gT{nCDe?HkgVE_OC diff --git a/ee/images/try-ddc-2.png b/ee/images/try-ddc-2.png deleted file mode 100644 index 0b009046073d2dbef0dc3b4083470f13aa0d1e5b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 123669 zcmc$GWmr^U*Y3~)0*Zu^Dj?D&T}pR%cX#IusECMwfOH86NDke@AP7izcXz|kGiR&s z`<-+CoWEyZ7uVjyZ1#R?t!J(Kz84W{DzXH46nG#Ih(KOWN&^JK0xmHz@1X;yBC}_I zPMEfDl;40r6*2g?=6}A$b(7Qg1c3|M(HSlJ$wIIFNtYStoDSBf2SE<3unltrEFDRcp(Kj&2xo?x?A_<*@>ha^pl$63eJnif-wEgj(9tCA(Wmi||u$@)X z!ai~kbtMj;?evA;%ui42`@n?P3k$OH4+#)G*u7K(RfA%VoR6n=n?nEfB?P0YzJ6GFawx8KmRlh$_B)71z zU}k0x3JL=5h>^!Y?b(W3a?C${{(NNs=jiwEElpK%NmEutBXvwyAfjP2{KE&Jo$vqK zPE9qnFKKB_<>g1nn?v~ZPO(nxAi)F~>LK=HZbf z*b^Y^TXxF?Z|Glt;?Z?Q`_GafyzgyqX-U_yxjkCIB*x_K=-_~kj{ZZd&>J_5o#CZ4 zhqarg<|w&o&>P?E_5S|;&4G;EadxBn*Jw(LcESS#1J&H?ENrg!_Sq6Xo}Rf3G&D3` zDHGXgCIQj5jti`jH|mBxHvxeVM{zdvbE}Rlynp5f^3GK64ki z7jzFJ`Sa(`BB-`Vpod+nu*(s}x}d$J|5*c?Mn+2OOvDklx3@1{9_{~-EA(MEZamva zbM5@~3lkfA$E&fty!;WPij|dBUw=OgdA+NmqB1%<$^pOS#yXvvngWdNM^2%~BKT$> z80q!(^@~MF7Pp_fdn}&>%TTV!X&(=;9ynSqS9W%G*4EZopv@B9u z?d>sP_@f68miG7OXJ-{tc9xfq7XlB@&(GBt8=IPv5)(BZhrfTXHq>%+(3BO7cv9o& z=XaSKBc@Q?ZN+V1`aHJzbU-*p6fp&i+z(^Z;B#%}wX-uXgXMQbV&53FdbQN-?d?^? zuINiWug~n+lPD=Du9w4U8ygy!Nbmxl8bnbHj*gz5toH)$sJ*?N19nDy&M5jEOVFCR zsVUIe+B&Q!NSJ|vVK2b`Hps>mI8qii`u$|h-Py4y2p;84X*!c z6#vHNW}yMF7JyO4H@I3)GHvlYem*Zni8>oqHT7G@YNXSCwO$qzLo_eS$@zsjm0Lhu zT%3D7~7LRqjq~55=$Xu0tWl|E7GXx@2#NWfp>V2&$5o3J!)I6-1 zx($@iu~-a+@l_)mO|Lt@71w!ET~1(3SyT-94&HC&+wy&KntA@$ThB7Fu{k?A-CnN7 z45kZ89yb6EX2Q@lEIeFuqOra{=z6&qby*OkV27KmY*#of zSk4ge$KL{tTY?%I8&h+VbmWwk^PF0|wuwo{0uN!j+S<~yF%c0@sHyX`^51@nipu+u z%ccp^yx3S<8FKwZ2~ty2UzQOQ6R)hU zK6>k@j$WxvjA7|s_c-sm0Ei&XA z+S_h1mnxwJQDsgb=NIqhab_=9X;FTg7?(8!U0{9+8XEBa`K0T9aDyvX2m!Vv;2N_A zbsebez>Y>Vbv90Vdho*A3!%^g@2xl657#{!bc(5|s90aVw6nAOqL8GX+7j#P={uOG~@fME}MJOA|nVu`x}@ zTaa7%!+YF;myIi}-z(vYq)RWpS8J|Q8n`YIQN{w`S%&ZZ7}^5CZC_)8Kz zK6g-U*XnUVK){i!&EK!xmVBsNwYY(ekBTsSpE88Hd;KIjnlSWrD;VQnOhfg>7>6^a zD;JbsWPW4Af?k;8|0a`@o?s^d`$8c;JTF7hV_W4Sq-naXO+r_9vNOq9z^=x?VHNhA zEb=&i^zU2BGv={4d6iUE2S-MT4f*)LuzcNDJke$85LZbGVo^Vf@=n*I)SX*r%6)3X1|i zFXF;b>E^Jvc?Q90$ zA0yVp5l)kb4EbLwo9rboY{{!IQ%r9UjMg!Y<6LUo1=&PCdJY3Ut|`+gwuZ;=_1W++ zINI7Wj+O=Hz~K-Z8*H4=zjLxA({#_QC%Ln;b02xF&LMjY)hAXkdJ$}oe36JUfi)+& zUdk82!uJa#A$00zaur_c)!OIBwpmxBw8+c8i1@XHq=kT+)vZfHw7}VZJ;IxU!_JF2 z4UnP^TkDY=Hi_nLNr{jvIQ`hx-!<(;~Wl9s77jaO|oi#`2*$l>xA8z;`$-{!rZ zhv=~`TqP{i`A`y}k6K^*%$&Y!ou8kli24xxFHR2e=BI4!>*bY|m7Pv)$kfXAa)=LN zk-v??G~5D@(8K4lk9IZv5kGo1y~P#Gi;_{0Rm?@D2SNPO>4J^p&vXnySxRXSW}&|u zs$fZ3mkqMrL(1g)&e%t3*%_v$wHeDO4^<=nz;z!c0naLtW0x2{B9lu5Q6zTVO%fVk zi2Z7Bm8Zx}_FnBbT9LRpTexcc5r#bjW}Ii!6~~R_c8)weJZUO*|FVGkY0!j24G?n@N4zgh**&K3!NGHe z-rRvJkI1*%)^MG-o6B^~erJyOlu{tS&>`iEjuxw=3LhC5EFZ3hLA4ZWx5jqSr)-Ma z4%dmEhaswhq0>A2k;% zvC1VDW`{Uip404>v;>^EqOL?QzJAro)Zo@P6m0$#^w2soc>ZgNv9a-KvC{kAt8~%| zr5Ad}5AVINq+TrlEOdHzv3PNQ4t#H{r&sTHyaI$JzJ9*1I=8mAZf`|y*sNt!8k?Kv z#>ReC?`A%xpx8M$&?z3@v;2>(&pUxM*PMJWlUP5Ih|7^7ozwTH4s%B48XWBOhX;F= z#}%*r!~C_JSd+&^4OrDF*&28ZHeE=iPsseeB|)b)ja+94Bv;+V zoAKX0I?OikA)Y()V{bc=q0)wN+%EUc!b+y@`duNrO~>QaS39FI^M<0`>uf6drq{zz zBkrcA0w>Br@OoyT=x$>Ze!Dn$--6jW=;>Vw-2WU_ozsc@*^&3*8|rkbICP*PV?LvB z0E#-PL-LShJRcA~L~Zd-mK+?Im&x^|qqAk&H=#_$dJif^)s(cJtlL9EZ+Z`LynVc_ z8${eto`sWHmB9SzUfmtns6Lu)6h3ViM;@T=1}RlSP1Xifzh~ZriwCToAqGD2r=yD+ zrER6@@$v8oi%(}JBn!$@mwi$4s`m1_D8uU@u27?IMjT@BYrG@@Vh-DZba!|6?CZO& z+?b6GzKqW>tkBm(6BD)DSdBs%Wx2Vzb#+PmlQ2$BP9WX zGG!k=DTH)2A)MP$A&s*rf?B&k+2MKk_;&ovcX#KhFV_y?8fA4#3d-i~sSr7m zIVBKufOr04Ksb`6x8)F$$R?_BUYoQzil)pY}B zrY+d@K>nH~5=|C%5^iQ%{ft~+Tqs;qUgfI2WGCQN)CS~0%|CH^1q*x`jE#0Vs%@9Js>HBnZmQj4q)Q!s6^jP33a>P9P?&K&5g@`QT zYPsXKJQ{^x@0#9Sna`Gq1>{>8&}T3~ZYOQSr;IXA@7DSGVc34{Ohdb9tQqpB?iuDp zx6DZ&QXPaDNj>nEYUSChDDevYcF6->wMk_{iTM61|Wp!Kpg5eKh+50d2^(Zr{q}apiFiH;g9LI zC^eoyJ=H%dm0G@tyX1e=I#)3_xZu9RstP+n;Lp#U)1;N5x?Ef4T1jmnNBf)cf&5OL zWUZ(hSFr!HrZoNEX+N&k2ay}$;#b|O-7%0OQ`F*OzN*5@5Xg#t!NXzb>AZ^C_D#_w##_qr*X5!t03m zqF>I%OH$o*RnoNL;llav=1|CR+Pkyy2eUu*UA8e$+u{(EY%KxmtU&zQbP;84gX;9G z;-^K+WJT@Jn#LGdL!FOb=ow-jS#^+`zHpz62|3*iDB8VQs|6jH67w{n&e2#O+)K8E zAHq>B#l^*|=dHqqCMNk4ypQkiT_oPI+Lh|eE-bXvK`{^Z_SR0X{_CiKrK(w6T~p)U zAPn>7)GfJmj$WG-v}oy+cxlhaWmqCnx;|_HSd_R<&?6{Xq6c1CizipUA+r$}b*EZn zJH7UZVDqkB95&mp>+>GDv;9p6@iae*E#$6Jk>+lC)V(I2#CIeNxhNi3X6k0VuK_~6 z`W6jaDZc?FvY#P0Qcf}2cKKA$Zco1jY;a>8`DWqjnITk#c29qa=bztmMhn_b;VQec zoV#ToYHs7FZMw)*D+^j`qXkb^Eo1KQIun|`(H-&4Jj<}8k*i(0yHut^BlD6DqS^7| zI7sM@PThER^KdDRU9smAQvN>iopP zEZ_J-!PS+65dCj39nwCDQ!YmjIQNC+BaUpl>+f$)qNHYLjnt7E2P2S_3jL}R-i^)P zJP5h$Im=}@y}BPt$Gh%Xi1lsQX#wi?lOjzxp5`-01?1Wy@^(6;6~XUzw+PvGa-m(% zw9DT91*Pqyt;t{(`I0Ht(}JxxknuZc1CHd&_Ww{ze1jAvYW`|3ysX#5=KT1}v?)fA zFq%mGc_&;n$wjz~#V`tds7jRayD}q%Z9Q>}Xrz-L>j;7}UA$nT)qa`R-;#B^wX9fW zapM@`de7`&%P#zGKes-C9OdVVsryXXGhpKh)M7((AtlXG+1yYmwEyfE4=GdOs^arMPiGFPdKe_N)0b1v7&M0HRr39PHdR+1lOBePK)cZ>x-k zL2=EBCV||dqXUXEtf}!l$+GG}32LVE=Ngaey?Q}WY~-r1mh53$eX$;iO5B+QUtSPh zRd$b;dKgp(osUi)Hf)-t$!5wsrOx?zd6%?ygGVKG-x*MGB(C2lhh2Vk-WCOSC@^rK zO5?3-$x+O<2HYl%o0&NeXF{G2-hgjjWJN)#3S={iyuow@UEo84?`?J$F^A@~Hwzc+ zSI|%ErG>{0^Lsc8h7TUAzp{c0tjG}gLN|YuQj-dr^mS$_mSle0jpx-}?Axw^+K6La zpWnMEw%ytY6gxK{n@Kfg*FTSG;_j-0VB+b2sI#5E?CJ3vkFedN?GP2SR618k%o#|p zbiP~&Y^UJQL@DJ<(16{7RS$!o6}}^j@TVhJ8P36hpY(R022I25b)F^V2L$MFa`5R8 zHq7}huEvBbF zf5;O?hGjJUI)|ct*j3y0@$s2aA=HyivKI{F(q@^328PmvNo4%T#S1L>;F(2sjLgrA z^73{_^-dD^el_KjZ%KNNw0XOQ>cmCzsT}zpzjb|~2AZX~q>RX+Er@s*@Lf1lDfr?w z=hRb8kh}-XVo@TRR2qHre>HzNb#gSJx}v_jD0(k zm`7!-E=WJZ6X=mQm=A&GkJ5icK9j$diui7&@M7A};M7>Tkz0Fmu!Wa&&d$NXK{Iv4 zI#v$Y!{C4~b#Zp?Ff{*{&`vXjbai&VU}T&&X|Tu3^N{~8N0HcKNCz&GI#Vj#Y8P@p zs8@O^{30B@od2<7Wn;spRHqkQH?3Yc;!DlzW@~FZX=3N-NJ&G}+4~QK4{@Swb*O2q zs8D}d4fp44HPL)Yf`NfSM@P5EpPn)9Fur?!X52MT2RJYa%7WMbrfOO!gz51QrR(c! zALOnqsP5fPb$0ffQk|+rAD=UrENftRZKn&xU(<`OE5*>u9e%~fhlfdtoMLSi+uGmH z$jFe+{llz)TB*yuL4*DM0E$@=gt&qX-BHfJQiz zgap$i^#%q62nh*o-4JyBODoMxr_lwTA4;4y9vmD1&{bX@1D_fQkpiIiu7Y?=2!s!! z>A~M8n$cd`wA|2g?=(-7{TozJyXz6QA}K92i_ozA*;3?9za-G8Rd2M4ETF7F%^_GeDB}Oy9UR` zzP^5HM!d})0$L#ZPa~rRF^}BcOVFpRxGR$W-8d2K4Dt+{>lp7~KoT3Py{rpvVvP=| zs&15X#ACoo8NIjUOkE5DJZI-@@ZXkGJpv##R=gStU*`Q{Q4%B_d{W?6L3=p$V5-?ZaQ>IH;)-{5^*nUkQP86i9U$E*~>AM@P(F@A#YCyP5svsV#JY`a}AzAu{=*b9(h%Nv?-8C!`=#m;n*SJg`ALE=2 zXw)Up&#(DxM3GT76F@Qn_9`8~r9?qt>yA*^#KHo5QtxzL;QNyd0RF=m?CYBw=qv;S zSmbz>?I0lmf%<`luBSkHPfrj3Vo{%eKDQl zX{Uwwf)kl#D+#BG%21esO!25eQl2Ar%S|ridce1(*KYyd<}tsTf}^=`vx3|zd~v=t|yS#_N1aCAIbe>OQ96MSfkx=vILwF+KjJL&K%s6(#XiX$h( zRjhp2U6Ef(62r>&>N0QpW5Bmn@te7c)q5reH903AJt4?(@w+2_B0pOn2j$u(eJO9% z3Sq~KjKiQCTGO4cu2VVVoCcJ^E3u2kB_g!wo>iPZQ z!-shq#}@f&{ZHewf`m$oPtMlA58m_UXtJCC{rfkiYx8m3d?x16c;h7pOM94ueuvlQ zprncM*V0OUr*N~Ou1okh_qfhubs>Le*RfIDSoxqZcV)4gP1?IHBQ5I$jj(xTxv-=Z+#Q^-2xn^8W)OR(~-Jq>d#nF?_LidzsQhvfMK#F||L#K6{hVVJ=PQ3a$kqNBT;IrYR!jAoS!36BCB3G?V zvD`P=KBUmQP`JorT_YQ~Y5(u^kSnLh(((4$WgH^shp4->3!k#0yv;wt(LG8M+T|^tG|cVch;*31Nc5j=I)s{p zjI8CPhefHG(*%6AzO`kC*q9&MJ+G>&0yg0B@o|7qfx-|5mX@nWN1PqTHa0KV_V)Ml zNMEHoGAarI328jwOL@4sVpH7}dwY9<%@E)u_hxW5Z7={X_qZ(#AMn)x=%1CI{(Z15 zD!-tB`jFe3=cO0J>^HrvOn@Lj`VyE@VA>uQQfWY3!WgMgWkY2UKQuR zb#y$s23siGr;J|A(I`@A8b(!q`t(Kf=b<>sH6rrZT@-!RyoY*^sx{`jjL!Hk@Z-DV zLzszQ-8UtRSG)d_jH}|ewWE?KDxZy?-pkpN%$VJ#8*~ocFrP-I*VbPP2dN=BvXgt-hzBcG z+H5qSRw!u`jf6jv2c2ZK&n8Z>uv(^dWg)M|)1706i$9p$P52VyOj$1NmUt!{KrV!d z!~zq{^_j#kTH{?T=4(xHO3l`Onu;59lm~y0E1bj0Y+8D`ul#wZmeJ*&+4jh5H?1dC zEEv++f>9aX9rnZ7U^MgXs^;;QncMoQ->*$km6`teqXc*^@-h;7QeJv)YDVUfa*{FD z>u1_mGFpUQx{MuN?=des$Z8e#6KqH1(oTu#+H!K}-nKo8)cvY-qmLPHEFb&q*+X@8 zcl{b_Yccf%nH#268HPF`#_8JQFGFKHGyp*DqthFtYi~CI(ry`l-a{DiI1?bKPn+ZB ztZ!U4RTFKbWTl5;ZHlQfQ=<=XI9Q(sA_-(;-}C668GS2zbp27E7k#VqoinOo%L4=KCFKY0Pw zqp=)d<0XN8<9wls7i6|NC-UVkC;E28f1B5j>hl$ldVjdO1R_MY z{)TA~;^Lw}70-XSv~FRc^N&6vcS?8;lQ3K|wjl$EUGdB+i<5XquM1SO0L79m6q>6l z1n`Pb7zQt2;4GgV?G}75=?=RzvK`g2-GcHu&s08b+VY*|t+lAJD^!PU-R$J0VwcAH zD>&uSC*%SsnUksE+dqTr|l zRq#pLO(p^BUUk-QC(AD!u#2_Rh+uB}ro#a=*8NW{7ooajq#t;@f5$IgrwuJQGJc^C zMz&6u>>`ibo~8(%7t=P4MM7_|+@kD7Hrp=1$H&!(#@W&r#+Nr2a0+3+d0Wkzvjh0u zt8dl?b;7BA@RNc`5mJQaH!O^9)b%3j0tg~cZ?b}f3%uP&lU#a1G=(2oXqLH>a6X|M zz2heTju)k{U`o8czN$S{lQUuGSLOW11Q%b%(5=uP17lPqPo`MM15YAYp~;2~0YZ3P zFgd2>ulI}}+nElw9ca(kCb(I?Cr<;&L^`t&kyjA@eimrf4njX`)r!F z6r4a{rmrnw<$PEok*m!lrOXuS-@l504Cz-TpOJPC&m(j>X3+(vSeON}A<ymw4o*Ft^E#4VF4PEc%+xDj71@v_Ct`+6+JU8=&e&SBk! zm0veQSa=( zPcc@Cx>yREXZ4#>nT9#zttVg0pXRuFtlBy2yw)4Ykt!T7!ir}@(i|W_wRoMWk~xt{ z^mst>FEq15`#_N0kf&bKWziDIGM5gdJ1zlSS?#NaHn-{+AQ9Um zXqukH=FC>OkBgg~z!Y4lPJoS}+29rG@+l%BdkCN^A4Ev?T~p2nfdGM!%hhw8{7@JS zb^+jklHW>)!%qQ4)&69fSxs$i3!tegP|3i%e_v?A&*r$un5skdUljKp>tkTOlTM+z z>5-hi%8PeK*!#6#BvdnqxfY)2wuq%ixt>`8_zrw^x511^KGJIM3EbA$Af>b>fskHo z57qJ6sQ`UJFa$zO&2FjE#k>2iYB0U9j#{8bPbWq5n{%%{?+w$?o@2;9T2O7+K9`26 z+eYrSO1zH8v*WYv%39L(30aAn-e9z!g^`mg5Wbqt&awUqoW64pu%}~}8bnnkXHgT5 zOtLK_o0=KTVLlI7Z!f2)vR1AQ1{t#Dhat{vk#4F|?dkh;%NLM~G?XypdL}&m?CMZV znbHbcqF?j2@XMe|GZ4lu2C39#=!*}h-=0}=Y!I+aG5BD2C}g9;Ra<-#pe9hyro7ts zS>o$e^Z38mWcKZ>f73z0IZo-KFhe>DSNmO>Em!#y>5^^O81}~9dfb%goLcz@>3O`fxf`X+EIqBpDR(LB z?&7En_KV|EOCyQXhgOl7f0!gr)63_ZqG=^-Z8_+u9UXS|(^NKj820Ee_}bpgodB*GxBa*=E`A+~~`YS*_; z9k-zU9dTn1g%`8v?aoBD?Nn$q)(}NK8|LP= z_`;E}Q)jSw$0x@{!J?CUS&dv}`gGl&5YSBDThEvZ(Vsqe)!ikI12G?=RAxSA9@RXZ zUBwo9HU=d`_o66`AIyRkfqk%*D|g%hK+6h`#gLb)z(({bS22lwSo>4P*qD}rvc#3F z;>%xt&5o+gb-6mlfGDppu~4EgFeU6oJQD{;3>mk1AM4!O18mMPdTXZOy|Zsx(R(9l zo>gc{fkuXgH-JuUXfxQ`JHfcobxSg5GxRKh3@>aiCk@cbUINlTY)s7Z$vO>V<6s_? zO1UeVljRtT4I>`ysZa_pqsb^V6W<@1H&%T)^Y*;(aXd3)xJ9NC6a1j?FdFUl-LDrL z_627>FuVdq;GXCtjy%X5+UZi1QXxsYm9_%9TO10etnOuG2BbGs@&KV52`iJ z*^PvtE})mCTTVB1!Ju8kcj5uJ4OOL@x97TZDzLMCIKh4k;#~RqmTU6UlZ{HdqLtwr z|Nm2E_3z>WAc$i%FO@2kqZ%dNLp@LG1FH0z{vS04A{pnU-}&cj=TLFko$ z2s3X}^-GpHrj}`k@mDWof9aU8$ZtD@XNiXBHsQg7ESR?q9gH`BH+R=!%+ywYS&5e3 zXs@P4Bh30zj+&_$(p-9!(6#Wh%+;=2ZV_Ga9quyPn`N$A%du*Laj)-?-}eq@CiQq{ zR}N|6CG$)nu-wtSUDVph*QHU;LxHSmnKtJOf{*r27PLuTUNJ@ejzZfO<{HTmH9sBe zy3{LSGcrqCd5MFgYxw6GjC$|8E_dhb9yWTgw)xuqL`?EC*W0A{*tjpv1Nx<(v$kjj z3vJ;zxTh3mxo?)L-o%_sjbmkkg>=1k}Q+(HA-N~N2Bck&gioV zUODF|2T4LaZOXBC`m_%bgjZ!ujEq6O_6 ze}m$iAsH#rllgU#tGgHi9>0z?txEgAhf2YWl&55)BYyjg=Fnzs9Y=Ap-`v|$(_9f% zMUGuvAMo2oi|fEmX7f8suHZ|p`R5n=vt^-fEELaBke0xGz%y{SSoot2_cCHltH|Pt?=B=K(7D%IIG<4xh_NRuEQO1F?AAHVT zm0#`T&Py$v18TD&IL3kfOU2O%^oA3Z-38l z)6<5^x+>P4ey{E#h;?e``(a*wGP!tE6Bz^ZIDQwSDMDVn@8<>2Vu zHAtsl>Jl5lHf1r!n(^t}dsZ;SF-O#qJei}q=*7h9C$^B%5o8c_=sPLaDT8hueFYS) z_9Y{oXt2YF#FW8ob&iMk5*&3#tz&3>k`Yc_xH$T zPxVIdujYsjmAt_A*QU9yyZi&biOQ;GZR@j(>K^Xx85tOOq&N1NMVGi-yaFo%>IWh` zJUo2-z`OHFrqtWJJ4p$NA2EE+{<#?#dSzdHm1@=BYyLnT$3TL%vcqW>@Yqmyhmfo< z$xmbD$#gH4%$UR5y9WjU5-%TNLq4AlXm8(900y8G)5AVPcXpnZoc!&idHvcNpqhqg zz$e{|QBhG}M*-YVQc{wMi3v#1|4=^L%uNf?K$u^f7mL~nLgioQU1{#!>`@r1_phOP z4%fTT#cu?z+tNZAQE^m1)o0=3UcH&_hYN?O1Vi%`+lPm+v@FIt(J20?ny^L6%blj~ zhoKDWww^^l*vC8*RB@VbEsS29B~FIDnoMdoS$G~YIq~Y$no+_8BGfin_i`m8AIi$>g2X-E(tUjPd65#D zIQFu?mLI2)>SnviUj3*4GgnLq373c?p95uOyYnHsGYPp2HeVV1`PW*pMMIi&+Z)G5 zLdA>*+Lnv3;+W063zO@*MUfQ#6~AXM9Ra13j!MQL2ly%|Yv>o7FLL$}HJj!N-#l^; z$Z{q)Ejo0(m`BaX9+cVAUiTlirzYAv2AC|ugDw~$g2(JlJAsG69>bP0Rz`OBFDKza z6&7Q@m?Ed*5b&WrLgwU+lzEZ~-QC_c1T`N&NtWf0YVVQHUuV5TgI|vp?h));q;!K( zxbp;mCAp0d54auOwcjwn2K3~#b zT7yQu3%!##N2#@SPx&}sWj9wo=V9O%-El#R@n@!kYO{5N-e}D> z!wB7V0LQZ?O-kB$5iXtIUsys?6A}7mnt_y*p&>TbJ;P{r{+!vxTte=(l!mppzlN8c zlS@?(_|<~bgM?0;%dot!38XLR*BH96ou9OlWmNNVa6RR0E-z`!d0Jrq*4CJZ<6KJ? z^QOa^OgnKyT1u*xZL~nnh=MHrtFfN3Hq|3ieLnhXyChAFw@qa*iQrjK{@__qpuV2m z>wq`*{_;M0Qd<7}F;^-RZr7`A7;W*M%q)11;uJr{iSE0;t+7eu*kF{!!tP4Y)wca5 z-LZByvMJ4_@%S-?uDZ77mxr_|dhBy2i@LzZ1ae6QSoMLz{DKTX;|7$H(E_-2FX94{ zpJ=1o_;V8bXnX1rZWNbiq-S52@XWx<%Jc9#Doxslix2YD7A8zF@?qx)M82rF_s&?^ zLfEG{1rSeHDAREv^R#r}`@zjc@E!3?JAi}Zld}(zC;JEPOqxP6#NMExq46Vwm-Yet z+2I|ZcezkCkL#$?J#qjVv*L}AR+NmCWQ%NnH;2_D<0GgYr6SfKGE*rqHmI*wLW{^L z*ySFUxL8q}UD^7qXQN6HX;eK_BQRDa!lK#BDEJ7W8*V^ax$c7WcK!Wby@YV)K!AJT zk;}Qp#O~gMR%`}ash4J|ziJKY+ful=(&S_^oc!$T<9VP}8Db9Fiivi*I9MaRfuI7_ zEdiECXR(CPqba(4ohrTRp(cT`76BoauhWNCvADWAzbLk?6wRbs?qZf^bgLg1#nWB; zO@?K?VS948>)_<%bV#E|TM+xl$wNR zkyWIU=4MFl(aOgW{gNs8I5rs^s=Y#be4Vl;0}D!Fv@~I~;HAV8VfSpEwiqk(NF*aq zlEy1lsP9XfQc)Tz{!W$Y6l_SwkX6O3HPxbE^UloL-`qWdQQc8{B~KeMU)5jzklooT zf>8&LoZ@cPAqA8V%`$3M;AdqYPIQJ0%JFJbWXyh>_j_AE{&MZ4no?DyHq|=lVCA_e zp=?eiPVsnsi#Ool~RRW(p`*W9*v39KcRYUD9H?8Q(vs(eP%RSdRy0;$KxW`pIBMh zJ+UZmaIASb70D6>ig%!QPyR6emqGwv2W>u4kdwP7O(%L)XHYt3dJF)SU#_E#x3Ntr zTU|RdZgV%G8V1BK9eo98SYqWRm@&Yc$I!9XI@(sCx@&A7V3V4Us~0oo0kiQ5EV&wp z@3#8-Q&3Qli;D~3s(=c^rkTwQjN~_iM*RH`Ya~I7cmPbaO}Sus<*26|KR>?SK8c*} z&dFqEw%2m@d&1xpv8bytA<`lkdnghKt`-r>w(+{dL@0mGO%TjjeM@({Uj0}$Rnc(c zxZoquiKTlif6Kq-&OA(uLV)eH1keXu69DQ3afRSbj-L=P{aR*8?W;nio&`722BXZ8 zxJ$VsShbCYCsorKA5em{*r53>CL#@Ysi_kUhm%UWZTPk_^=Cw3O83vol3yUy4|lZd zKMI?rqnYKfmH^mlNo{`%Lb=>VfF~E9?p4)X%D#tIwpO28e%D^HJ64mhy}v7)ofMUO{7P1g!><)<{ko_FGef5>@I;DIB?6hargFG)Tn zZJ3Rn$g*ENzi>5Jhl|!+YDwDq=N=G<|9S=_X7HeOR^mT3hg{(xF?OJ~Z_NWS@A6No z6P*p{&}LCQqTx8`eue;j0Mwqnc!a!s@%IT-!aBv;&`F>WFS5g;Ha1!e^QhK}dwOU{ zjq&gIt?o6m@E3unS`a#rVmd^jHfIBlLPFwYpIH1Mk{7-%NpHp{IsAPTJnkJ?|r`YwrnSsQ1@#LzvGhYF9^db8~BJ={yZ*JhP1>=ufk6w9HX5l41XbIh;ULx4?F9tW}r_ zQwD@lPDW1NV04g(rX((L_D)J%-7D1iPdPsb6pl;EA!<3f?Iqk?!-oDiBN|E?>8JG=ya;uP>IuX@ClUIz2?#q zx-EFMVT@hAV0JI!6aKx(5xeTW=OMH2{tkk`z{?QSq5xMQ7GZp#0%@0M$o4yZJ%h{) z)2aPz%aDCwc7Xwm=D|G5_MXB>rjakyIK`5nF)e3)z^u)Tz!uI>86=-^A-*T=1t`=b zq?kwTs;iOArmtB(GH56~oC(a9Q_{767rhEQd!Uh$ex1VpAjPOm?WMC}t@saTWwz-1 z?FVzbXihb#`l`R-$ijp8Tgk7A3A=G_5{Fw+Hnu_1xo_O_{7FA4D_~~0pSK5*-i~?9wIz99)ws()b;p! zLxXE5NbcfCQAL`9S@HPy(QW0~GKaAprL>Db z9%|{}JxHvYFc8G@wP$h7zWyY72?JE{@F5K!jMRUs)?hZ>QJ3`lH_pvd?dCxhmaZ8oB zlpM(tbvTKHcYlc7h@fuqq3I&tJ8Kb} zS;51+rSkSuD~xU}XFIDgVhDe!Fds|X)N%h7)64+TH@{34N!_QmZ&bo37JtpQ>+1+T zQib{DN9UT8J6Y6BNP$nz7>|nsZmEEE(K_$C3F3RqD$+lp`sqxlH@&R{hWrvf4X|Lz z1?wAFVfy_vuH{E-wG5QD>fY_y4=gJ1w8^^O;N>oGSG6EZ05w^>LU96=bC3mE>SS5n z*V9j&>l`a%xnbv|dfy&p&&a=^n{6|x?#LENDfX&Ire&n0qRjrhc3;3J;Yp!;zgcyk zF?{G)T~CQDdqgQvxR|rIE&$P#p&ixX`I=?iH8?5vjKYk0leAplhC?IY0Pg6*CF00GogIpvXyx zF5)uEH@t=+*p%k z>=E=B(%FFR6=G2(?%NNe#WR}~9{W5|-ZxA;%)ss{uk2<+7t9;>T$a{H#J`B7K7-%d z8#?aM=geD5mV3adt#v_&w?Y?pwDs;S^EwOrQwSl&@u`bXIYfPFYF1Qh5dC4T;o+ zBU<7#gvAq-hbNK?yRcG$&-I3BIttz#io)^a2b%AtEVVc`WZs1BOAOiY2qw{aRLBfG zojfeHu~9O;vWfgH)E*38P^yam&=L5U%=pgLF|I0w37GMUp5uWjs=Mu*JviJ}wvc?w z)5=OIae5@k2Zt5ECD=kU{P)`0j^OGN&0l3fUvpo2zi%CK!m7fa3tKK2T7RFl@a~CG zB|mxjtsSXDT|rKMiu5GD=iK*V6P`r-UCOuP9`6&F!`qD;s_wz9S1zOF8!uGz_XB@I z2wLO?Po^(&^nF%FSj2B_HY30$Hn=7eK2VbGyTiRBMa}AVPToy?xrcS?oV-1=MH;-;&^ zsnz%;FZ)mA$eCuXuY_=$%do6UwF+bxb6GkgoH*f?McP*vhRgY1^LaEYwX*!0mYl2O z(&Qe>s=e>xug?7~2h%ZVw&v7Vw|J2HxK{4Gm@bNPg&%c1N|)v+iF<8pb4aHeOY72W zJ<4nFsju>;JZCTLhj$m{;8PxqUvBr?uA>;z70O9Z>mXHw(KZ)UBpjjC#co!W#}Yi6 zW7a4-*~YGc4_C4@bkwfcq+h_xeTMlP`RetK;f}HUf&Jq&&%>5a#P+ZC3r>YPLe`u6 zN1mDRkllVUj8ZU0s#NBf`rL=Xa)ZClYm&cS@b~*fNLpIz#eRsD+fPXS#?dZn?=5>J z&tn+mL5MB0zX(;O7Ps5Imd>`h@8-6Od6QS8=7%$4KiwVM3weHBHQtR&<2hWxitt|2 z&8nX_`;2-TjBi)P`JmyVEh}AIH96sDUNY)3)}uc(Xp2U1svU5=4r( zICw~mdxD$vUtDjM@B024sJCnM9pyTNj}@brXj0LAI&$BJ=KSP8m`^T#e%VJv5ys)D zWjpW@t-tAX>%u|!!W0qGE_yAUBbVlVofR?bbuf~XE^tqgwdHBC=dAAVxmsS*_AcwC12K?6_bwUv466-JO6G`_F)_{U|2!n|^= z7^GPN`U(EIVW6w&7{K9##wOElrnrWIET`vURp|D656txYSm-I3RX&bJuvt-e3_pB- zUS~F%oXBV;seCR!ITC(WATooPI($X314&Cr;`5pa=>FjGJWOqq=>FGRK!E5u(4LhE zn=NG!jy%l|VnHQ#4Q)yV0rwr15tLoK@7_5q(=MST;e+-I+=fmRYc8u{%K#br2aMUC z&DV#alw1x~HN}GdKS{I(u!%gLpa0^>Lvx&JCeDQJ`_=|#;%#+RAIPJ&3}WzbVYDUY73JzWeppi(OqjgH8LUgGKo!ZSKck($QnhyH3iL zSsEAn2Q)@9OZ(HBcek_OTtsBLWW3l(q)q?6O*km-tQDqI)<#&+%sS5Qu)}iVlgQVt zhith}BR!)8(Pr;?8sBk9^M2W~cB%Zu@o(Km(QCQ1!=L5ZM9Hy*Wba>l&0zVs-7$bq zSbBMos9$nOK%^@po=WQFD#hT?2{C@2RW7RAsW9|{bmHafcgJu`T1T+)=Gjwn(x}=H zws6rWYFrR$`3=Zicxa=Lv7EiC8)l=OwC=3#)rvL?I85h&QjXHouQb*I-sdcMv)A9T>|m8lWj)267_9PUDh}_3 z_<+Cw9&Om#0jVMxSx+-dbKe{Mv=|@Nu0nXZ+#2D_X>R40agukTf1KBNZ0KgulYCN0 ziNeit(Qx`Br!;J{S(H&(EG^>sk>SMWmvstz8$KsNl^o3yj2v78@`A@2!ZY90nzIiT zDQ7P}d!gUxspptouu!ZCEUu!M3-A3Xm)QK}zi^vx|Lo|hgjiO@scszQXmzBFw#{O(y;+vkmV{OT4)c9=c+&hX=1xCoF^EkuG$MT~oJ8 zwy8g$h3Kz#(~iVVVa}0x^f&ae;R|o5350sMO2+eNHw{1Y8E~r-P9mKWf6UE_cG^@2m(tSqpAr)o=*6 zRW?fci@n2GxzCEzg1}(w$tD(%Z=!T)Z zP?k4nH7TeyZ!TlMRzbK^`(j3SuL#UjXEQbRy9}%Hc{gseXQxJOrfJy;M`W;SnVfHm zJGDlyh>*7&K9eT1)pW5zGMZvXZNr?h^4DLe=uKBvq#3N%M$7WG>ZV7ggr4)u3FPn) zYw_1%1WH)QCvwHtGH~I@TH;)grPfs!mV3Edr@SDZBw2PavrF$1-L}pMt8h6Y9$WlC z4=v9r&I+<^T-SMPWOuEH)?gZCrptTQMruX`Od3^7XoMQShc-<4IQnGqYD{Z=l=TG&=9KD~T7b`|_`+A5mMm zYtoQN`t8i(Q-_XSL83;o$*tg@Fzxw|wubCdPb|oEU7j0;A4H!tJ?v@fM7H^8(Y35b zu^vqnqKj$xS*ZILNkUid=PRgQ)}U4seGG5d`j|ep)v_!@8l&3BvEp5Nf3cyBbhB=8 zm8u+5t>EK5XN!T2Kw9`FiZwSWGhsI-3DnMYYL?zK2LfA(SxZC2Ts=;`3w&hr!flUz zzGI*4!gnUiXcPMZR=c7u7wag^dYaPP z`-(A_xTbsi6Y*Ri9BW^Rw~jVTt8JVZTHcO#Li9LJ#2a0H2IJA5C0{S>90A7sGfTbS z>GVNPv3RZbS(KnZlc(4cR6Xr^^ppDIMZ=xmBfqV;wE6J`R&jg96ivHQk1s;dNH-e} zqQRE!P50HW64M7>JXbK&*Dx&orjx6Lo!;hJMw<7|wb!7O^Rt0~*$j_gJG!aiqzO(f zaJhlhg7TgNmg+iz4#)EIZH}S*B*I+ZWai}QUt_k^Pev%CpyVVyh?tE|izqKlW8b6w zP-s~?RMK0#_|hXC82O0t9mdbkb@HE4s5B+h`jo!vZ5rb=67;7l#ndwPi+{vSIDTxl z3W3E2T`XNwh2NdyDp&J+ti2CsOq6b%&J#V3=IlB{nF++RfYK5v~ z`#h80@8?sB*Qzyxf^XCik@{{sCD*RWUP;R0>ilNEiGUMKamhLgq*z85xNgduK)fO=&4 zQR`~a#|P8rsm+#6;kGW|Dj$gA%C;aJh<*l-DehSt)7cuVIkD6#_R}`1)!F6BHM)Mc z8MlOS{U+7=GB`)kjFDnkXJgb@ZoL?;Z^*ffXYRR`^Y9>mzgmynX;g1F2KLH&Ds0`t z29fgC7IrD0I;)UnYGfM$lSAw@y|OBxDBUiUj(}Ou+WS;$1$J`sk!3AL2Ha1b>W~+U z?{In9Q+?Tp4_C`)Asgg%vnX=5qJMzHLlHO;HEAq32ED3Ru{b;(Ej9q8)>b1(&SXKqP2Y1fg7f8_ejtf4N*!7};+O@kPamw6Ir4yvJi9Mk(n*AWG)A!*W1OLWqHx%pG zz6zLF(AfoOJU4iaE=ptkX}_qkbXGibej&Hbx#)LY?*`#?%J|%P8~5?d;Mgd_(?M5H z_)B_oda>VYJFpljOkY+5tMxMk^}&$>iJqwmxf>9nbp+LV#anMhyBZnsM{X*`LX;NAx> z%g{vvB3Cz_f-LQa?iT?PLRdxBse{NxZ?7%_q13v0@pQX)F1(r@Qa*BxUKTG)dIxmj zrF`vYv2Ljnzc79ve-|52M@+X^TV@4(fs5kWZ1-+b@|)?be=GJ_i;%vk@$G|~r~7o* zAcO|-CfQ4B30zpv6&vlQqa_(&!i);GBlZk%=K<|?O#C+=7rjxKrNjZ~xOe*xuvL5o{RYs&$^6BfA;eWl^`-%2{Zp#dK=JL?LyL*!9-Z8*7CHm*qfJG%nFk}3EL+Af}!%ae| zScRvsNIC+`FmdU0>_$DPS}3*B3OmN)zYpR9L6M1^7#~zq(rj#-x7CrWoR}Gt?^%67 z#KZj4_Eh+drmBsD2cay$4nOBuRX1TSO|ET97S@hQZVKk2I)-Ahx@x`ybKi-XcFBpI zPq6MwKP6S~F!<+P#!zmR=wuw;#k@F$OVcItk>ZtNwi{aZ0mjE-bIX-+`VGu%wW)4{ zj#&FVw4hm8yK=5w6nn=OqpHh+s;IhH!lL5w_ua;y+6X$HgSp(4-o zjvV9fvE4gYDC)ZqT6ukv>mT1ub}%b#J>|Yqs~7jP@YkN-dI~dB#JDZi0b1e=i~=%E zlqN#H*I-B5>KHG~n$ZbSO7f4bxfr0Nq}pLk{u&p}SJry=S4gh=ZEpF%?C5Y5>9AE)v z*oq`+txSP2qZ21QB({6mxijuquDIo|m6{@8a6Vr?zM)=^8alB+&8j8xRME764>AJ4M+iie`N=RkZqUu@?3h zh@W7FdL>>qYdmr((iP?6hI~xZ*2vat-21}dgn4*6d>4~hbEzUvI@>S+b@22ZJZ%~qCBy*#e=;UEX$YyKz z`;~W3=J^_DJINrLyjAkA>;Yy9bs4=-oD~`Z$x#JjJ+LAY#I$Ooy{$^JVjTw%=2W@ zlr`9S`NiY&ipsGKJJTgM-|%>`$2z2TDW zdP0ZDSm1X1=5HrySyTYv3qUVo6jO z;-5v-qKB5Wnoo$z(MwC@{Z%2l?`HW8;5 zqHk$7maCtR+@+Yx*5eqVJy*rHAAzG~lzKd8l5529r$R%<=G&+@@%@;`zi={&___^t zFH(kk;`1^^G|LZ-521zX4UX*(F63d7iRpjcS14~QMYk_E?H!C+P@fdkOk7GIdR|9Q zAQ>}R==%W$f=iBcT4Z1YwpP-)>pAbOtg7qiERiKerzNFmOb}DX^A&N9kKTgtP9x{Y{?QGbFx5vJw~Qfd z!w^+J3~h%)EfjYiKkUJz^2=CPdR=QP=#Paj(iloRS`c^@qVn_0ueHJBrSXJs8S`I0 zS_f+lsYMaY&{WuAL*^8eNeYX(p7q}}8=nim0YC{pI0j;VMauSp3PygeCWP-1wAWd%`z`KCo}*^R$)t}uQXd>#2h5dLn*mTNthFJmWwiUFhD(%4`9Yr>#$)ps=- z@5Xmp=v&9VNoN{AfApb4<+w-*(x^u)>lucGH~A2Spkh6d-?4Aag@kQ8oPQhH7=*Na z*}~!N-a`*D>Mn=*w-zqKm62LN1v)#%!^y@V^yKNYO5f?06kHoNPy<9K!nRm=DgQwF0@>hXQaC8@Bl6<3@+mIGE?O2MMA z(bC;O6C*B?Lr;9K5$oZur}t~Mnnxm7AuSn5hvAR*_69y)kb_z4Y>UL2JC&SSB*Y9S z0oG<;fea>`B$1+-qn12OZl6Tyu|huP6%_ug@D5UZrrL-mf*R>Qv`;Rcr-mh(*-qWZ z9>j28dTj$nXzL4H=KO#|?=j`Qm0UdVumFPQsJ)oCUcnTVpfn{4# z;0ho^k8rSU>blqrgNHdDW!Gd{g3Fq|v6vX4{nA)(HnhJTi20n4W2$S22h@i-`LD|A z-JHBuVJ_U^T3Oqa6abhaRHY8Xcl2T#6D#?36*Wx^L@Pw;O>EnzeUL9Yj*moFyng|h z0BTP>Pk*OGlg84jE_Wp7J{=*!>4iaH%ZK^^kMXd@TdXya77rF0<~cXMo~UQlb}A@$ zNYa`rc0X0%W>BRMP@*FUHF4y&wMgikbQg{9Ssbt}E+}Hx-lQaPIKj!rHZ7u$p%4Dl zxOK{Mu;%Qs$Xg}Dz-l$ftLDo1m8=Ts$G3vfp=Xhf9+QYjkDo8VDr}jVZ$Wi;cm5rf ztnT5m4WJp&26Q@x%x;`_WFHm)gs^c=qn-|-@kf86XrnBB{p+>sD+fbQwO1DHzXu(? z)a5PJn01+o^A}Cca;w~_PEU+y2&JIfnVpRuy)X`Cy?J6^2%yd)& zY+*0z96bxdF5dG!{WBLFjvPl%RjIu$e~5t5m?p=i@#oTFA~XQyef>v=nAl8=g$Cgs zgMLG02PqA|J911P#KmPTL<BvRI19jHrr7a)^`6QonxmWov?%6!&h6m(Cd18O zEi?3Xp?EUDdOFTW*1J0yvV`&Ksf|lyv7dznWzaXbmWk4n3z4Kk0#;ybr|&8Qs+)`I~C~_%k!ndJv*~1D{$1uHrHjzW8+IPGR*R? zd$GeqbTw8OojhD*nGWCbx?(uFBcpN&?H`v31|bhm5KXww^P-a9$HS#iULoPNq1Ozf z39X6EZp)+c$?1hBBL!6c{Q~toRaHYKAyfNF{Fv%e5-ap3PR8E%#kPPI*RxVf;;ATU z%3jJ$NU4*HxaH+rIUn8qg%_G{W2vXPJf%JgHC~!=hCnTaYnw*u7A1!s-G*gEZ>50wuiA13}8vmNVHg z!}9DgSM)+jW!7d{ay*q4Pt)BvCVxTil?M+JlXIVg$^z?cYl|u@gX@yloopl9sN-xZ zg>Ub%&9mJ_jr{0JNB_9CwlE9Y7@e3gz!v7}CgCp)w@g^(1VswHyP^vv;~)HgJ)3Nt z%dOdZXV~c_HFP^oU1-UM@S z^Z9(8@Ue6a*K|^S^kuTa2nA%RO6*Pz?}aT=OA>C?c`rte+n{Q6=rkrm;ur{qt1H8L zQ(_656l%a37wDeOT6}yQUW<;1#}AQ?C=IE1Yk6BUgd$U$tgf;_dVijGOR{wl3oJw_ z1}kGnkCz(8mTI_6_kyWoU2ybu9B0QMX(@^1$tjuJKd6+VhcNj9+ARyK%nW{oT-u=y zIVSCOt*gHMJer=EoU>ddgw7bxpt?~dH|5cTKg4lAQ3g5+I(RsFz=sjbTrQU)RGi8j z<(SZ@7fcnjF>Q{}sGh|D(as@T-kngs=YQM>VA2|?_bvM(@6J(VtmBE5InV(MoHMT< zLSc-Y?6b5rx0tH=ywAcU@ROET=SgfY3-bUbK_aLSMecRQbYGCPRP@!tZR2Me*YAN5 zC5TgH^}DT6IKWx$rsH^!xvW0zvsNnJNo!uK1eNOh{$khKOK2ljfgc!Nw0ThfRLl6{pQ zkqYn&O158ZqE39g)jSWtXO#eX3lE3Z#pZ`)%qjieMzpL^bGim7JDd51T31hg$JeR)YY^!kJmuG*J2#q(}5`R!sU;#wuvT-L}7xeftwzP)dV6_wSG^ z0PYm&Ta6$;+l>S!riSdyjfYFKD**_iH3(9tF~S`|F4X?VDB9)kIq<4O5t zKz1E0t|kV%-+wMHoOw!pE-;oY$o{_;3@VCujs#SV#i3@%>0qeb3FJB68Rm;;BMBle zkPu!Fc}mAW=;HtK1H}gOFKNRGRqm4xyvXAkc5wfbMd0%}d2UD^M6T;2M^pC?48D1u zh41Jkeb!KNW?lA@G2nsB|E0%T(s&(FWWcERBo85VY5(J^KW6^&A1du1yZ=9Z@R4lj z5~_pjS>rE&{V&hv^{r9=Kq__c-OcC!;orQz;oP_ul>hwZA7As|&;AVK7iFmNLk{E! zW#RniHy6Mc!Tiuw|CQIUiUgls5qFU!KlDp7+E;&*tW>Qe6#D z3P#omq@X$(*;vW8-wbeXB!I_l$+G#0LX!_k!*5lzEyksy)1Of zc_Ybc_0d_QmV{CxumDcOykQ~E{j%f}RXlx?;+7vE-e}cWa3S{oxC-~eSL?%Yq|vpI zyFySJ5V{U~xUXe;QWBC9(~|9Mcda)!6s;m47c| z9}tnQGi!Tr;qv~|*n|MHnJvgVZZbprM<9>B2$BFAK>1#TjaHFDo|-${a+35yweF?* zvJ|y$T=xi-8p*+ z`JeZLHpj~}=<%hql@bg5+$-$N6ROCf69CEBfSBJ$7d9m~O@P35To~_#w7;Dn$WU~U ziVdmiU&JCf7R=7*)Lq89WyrQ2E0vX@8$}lb9A2uRPx(P8ePz-M%*ociS>Ha)hzY++ zwI1zd>E->icIwHly*!J~QPv=*V*!7{>C%@%>A9J49=LYCwtZ^#4{Vfe8>9^!e=ezL zN_|u}t)I2#Vsfj$kZ{4RKtGlEbhp<^&B)F~+N5h|0V!tYu zrlEX&Jm4^KCU(z3(zXc&z%FN^?t!@QB8Ht8!RwluX8~y_k2TT75FUME%c`&Lv2pI@ zJrpyE<-+N8h9}z@$i0!&RSpf@scn+x!C;-y_&M#llRq`QMMhmwude{WjT64^(OpdG z*S%i`^)$4a7Iw(V9!f`~#ihCpj8M@(4xor+rp-1@sH{|P zH_JXw@D~?uG2Ru0-WRt^s-7@EDl)NMa&ah@deY5>vW&c8zid%;Lw{Cszb;z2a4pujFKYrPZ1&!Zh$@8_Qx z4+9asF0%Yv76dos(;g-^)I2*arhA!9GVjg6UPVe=jr#=>oE@*jg4ZWPnbUf=Q!BVI z=lc8f0Z>+&kZY(~w)M1q;gYvKRPsj10!Y%5z=Thp0eqB-cKWXT_Hy0eG4bTP!Ts|1 z)OBX(L|a*@et@7du?Sk?ryFuxO&kLngV19Z4!azlKUgX0y}~H5ZkeI-R{O$99L8yS zfiE(zbfJ18^LFAY+CpWe{q}910!Fu``p!!8(E=t5Uuwbf!ildBaTc}S4;Y)ueZ+w9 zg6%cPoE@wli)Y7y;+@LuPJlWN>}XR~nvCBfXaW9#0S-sVGQfW`P`oHiosof4F_3UkUt3*Rn(Mc6$y(j&@TiI6(blQ68O!*crFe$4{(!^`IVZpV24rRnLE zUx{oNVKoS#|*#{lIzYf`UL8gE!D<&fLuAW?Y=1h2Drf?I1#d6snfN|E%h>rSZ48EkzHvNM^5n zr-|=04hRyB!PLD(>DT=Y-_5ItIlrk074Or1-Oy=mFOh0R*67uEOaleHPS1_GvpXen zTyX+uhMn!*oiV)V0D-%bmVq$Rs4j~zTBSLMG!_|2sJ0)WB_zI`SF~(zUpA4F zg6SqMJ7I;crc85_p&T#ok5jcczgfIDcbMYcd2cSM115b;)dI44XCeyymT9pfh4UbB zrRDr#63jV}0cv9zc(%nL$asFf%+Qc&mnP!(^aKcaUhwk08)?ho+hMLs-f&2c$?93a z!ku69seqU1ab9ls7i|g=46CIY5`vmZR!na%C3Tyij(_s5eOEANN%uNmzmIbY3N2Ah$jGBoj}iD|K+1=Sz~=r5&ei| z`rNOD5X+U(_1ZI#FV^E2oWIP(S57=AwMbu|H$O=jVGXiBKH+K!O#G{Q?yV~HGNkCy zINaS(m3H}-hnFhLRK5m-F7Eze-U{&+LqTDp`}*6rIQaL&9N8Z|k%tbQj2Yij13ct^ z`JbJ&9hbdhd71uhI>z9S@^u^QR(`uCg@~&MYG5T2q$GL-pv)^0>5Rt@OroAfl>-lI zt7zf+YEMkPIKNK34hz2}ex?DG9=hS1xxN;u>zY$QNbtdSbHibOAJjFT73YCUQrCB; z?4xxUDOwHOZY~pUrsqHhtyFT^USq&-As7Uxph5`X;AcA8lLCnlT=i3srmY<@o`6p3L5XcbVqt+5-XT(_J7#`p?lv}6S>Ne68#BtQ83iY)itJS_ zw8}{WHxC3+7px}h92eie-{*Hh3>d&Y^6C0%p<=e09HgA+!4B=If?a!iy**kNalo*- zkT`|xBibE{uVFy&^$&jr(F-Ib6<VY+NFgcWhiis&z3H z=Ts9ev>|<>m1(KvH^mgJ(y?4P=*wP=Qe1g-?Df6 z`4R{XMeEKE4JyT>^|fXP2P`h`6g98E{`8trvJdg_VfuIlnUgtkD~kQarw7`Q)m|hB zpOX_H0l1Vb3JLS3n>?V2s5S5HjEgDnAw5k!;35BJ>TQ2kOh0JReMfaXHE8tmKsXGE zcI~tOMW}Pf_yA*4?M0*8NU<<)rLSs}O4{|_JRe#Ee! zfA{%42zfC_3K)1wVU)v;6I4J zn#El7LM8THR#nMZ1YqR<=i{;1k3VS9L5{|>LlA?1C4Z_Yy=wkQavbG;c!af>wBjt6ZuU??UTOuO@~Mo4wH^`BI|)~lJd+DIhi2|GW&}ge4>EM z=;XTj226p`N&QrK0QN*Rf4GO?c^{_TqQxLU;q(rzs$4j_ ze@Q-l@#+mal#snv*yYk<1i&aAK{{SQH=zN)032mU4vc*Bhxqzia~|_zGAs-8_z#9` zGhqLMRmG$%=&kf5wkt6xD|t=i3l}KjIx*nPh;IJ)(Xk#~vWJ$<1#0fN5#a)HtRg7h zfQRwkpKN-AYl(c|zm00S1+}ITzM2mXFKPKJz#LgG{_&s%<#FWQF0idjF0F~vquqqw zYg*|UE_OuCIfmZRVdKX9CgES~psLwJ7YlYuZ6=MkekX{NT-WS+$oHg_myzbG97`S0 zfc59M9>l~c7qD;s0Kzkpd^P!NWKcJ)Y&XF*VG{gHkZdOP_%od<=59l#(v;(cY&)Uq z;YUym9t@Y0k?iRMm2Nd{4Xyd5^-k|c6+smymPeq@S@14%?E}H2u#_6}!2sKP$cx`d z+NH(^rFAkV!T@p-EaUeq%H{4aX$pXv0g{5f_#`a{6bev7?9j^8J-E^o|7XY6~S*`Wp`^Ip?y@G{YgsoNvu*{-NkJ{{IJ(f3o+(5!1_v;Ki0J6 zo*GNZMv4k+Gvwt?y2r#OlA^ZJYC`pF!WN7D32HFzoJl)fe@*y zu)*^z8mrx%+NBLHL7q;= z9BQzA4%i1^eOiSQ_&pZC8q@d#dOw=O>D?2<4^P;bV!j){_&T5HfgV#s&~iTy0jehj z`Ef5^VjBGXY+tIfG5*fT+^OYL0l4 zG6mJ=`=0>yw?}y7AMm6Ub^r||vy zq%=FXAxc=?#|ILxIwoc8h2JvV2$EKWl|OuggwDSfncx6!_QyHMvJ#Zb$lZ)ld7sjU zYo+eAYt9b{1MY7DDKL;)-yzP|Um;jK<-GMv5m`ZP*+v#IT3*!-0oG+xz|)hC%8cj% zIhI5xZ9iWvcv;q*mpR7EtP-AdQb3)aM@;w1>o!KQ=Q*<@FG4pLBaaa1CCpRjzK<_` zBBPPYE28@Za^%>9F^m!wW)?&JygPXu3iB)w~vl-{+HT8NKYSMEr%j~WS4N};&0(6z)8|6G`|1#gpP#}Q)>Bl zlw1>a$mu6i;Z(R%$NL)9N=y zM@I@r$G>Sq2eM686%UW`Z~#pcDB2E$J*>r(+oWVKc9+s3)n8xy7@wRS9?bxF9|F_% zfO~iEeq+~m9P&+bbB&OeBPAiI{FNE*dbFHez9m3(zdd`yNkY8xez!kmrRT`u_ero?Sz(hLr&_*-e{ zKjrL<=B{YrTOfRotH`JrSpU5b|KrPqtg7dVd3PuV%8-=ooj(P80sNK+h1ri7sNuGQ z-*v{Y;0K_IqY;&IDA7|ySN?< z=zUNYFoOzdnMZCK_ecBltZt9|U7VO+JdUKhhk|kpQM+sEt@GZ?xXLC;MD!lg?3-TvEJ&sGiv$Xuv=&6gbyC@2Q25%wC9Xg1Ns1$?iW80%YG@j{cDxnGT>{- zM8q4R0SV0in%)c0`Q}VCOx>Pdy@)5-CH3L_)k8t8P}Pzj&U7`On8(%F@-Y9XHby^D zRZhGD#ZJ{!Nw!ibRqLyJeC%OWS)6=jVg^4+Akz8n^Myh34I3l?UxF5@=d zCuVihPw$T=u3|&CY#{cePdzuCMnZllX5;GI#AU2M$_*fzts3NBZ*tYTxHo4THesl; zpM}=wgh7oFt=Yi21@@HD8CKgV$w{0A9x=jQ^3Ude$&`vusiu+4emAj2_n&$^s7X<* z@>G`1&mFrZ5MK3MGw%)==uGer<}d$QjH2hZ%>^{(rdP)BW;X+OLrVh#1=r1r$TPZ1 z;yS5l5$R5sQLa$QpP%E&l2TSE6Zx4ttbiC9BulnW2eiR9S?`Hp{6&!Lu-@c0waS3# zVM~@d9!lFTpvig#RmeZ0Ie%ypulR6?f79;Vx|G-gJ#4n7U7i)PMFB37&8near0hHH zd3fcI53<8QuTG9-0O8eulk}vAE{~91co0Ke|7VUCez$0He-l-+8Y0wZkMm!X4iwZz zAYJ1@Hrbd)|3?ap%qZu@|JNmg?*#{=x{LeH$n%pq{qOJiiy~1I-UT({BKtAaF#Mwx zn@h;8yj^nNPZOIPNwQ9(-_-j-4x_tLz{unjU>K~EmmR8ahCI&s0o?wJsh2@dBsT zHf)&~8{{|sMo;YY{Op2t0w94nGNYA4Vck3=v08Pv0KgkUx%CUkCeeu^&R5iGmGTtw z+Q2`IqZ`gKsZWAM3*Rh8$K`U7kkqwcm)p0>YHc5Bn+9@|-X~mLr<7@jE99>|2100e z>r9Zsh|(L4zNuOy?lc8T3IGh&^^(yYb+U5(gUc!3qFR2fne2442W=7(B&BITA_ygvg4(@4Rae&q*f37r-9}e% zHB~TalAlcbO9l>&nd$8hVm6*krJ^(kxR_z`y$X3;pq`L1uos@yNyy~_w7t9xU@I#x zGoRoi#wdz-=EX;>D;+mOcE@1+KGLLf1^gkf5;Ee4M|hzP8|&H{YM{Q|lMSQtkEI9g z8O)8O1) zH9k>&jq(B59508J2q^+Ot;hcBFvM@+^e?QzpM07bOhxYp2l)XFHg4f3NXPU(@(qGd zv{llp;P+Zekdz4+y*UUB$d~Kqwn}Rn8rb~7uz(Hu7I)18Xyc?37l4KU_Aoi2Zf@(v zbM8`y`L(t-kg^MSov*Q@m&n`m&ZIIA!GOH`ua<;lfFoMi-a-PIkUUa&9ayN$5j@Yi zn-IF1gm+dSJOJJw?OWzk_K6M%sMsIi1g}w2fLlXjYa3LzWp9^AWl8pZhrzZtHgg1u z3ifXYN#waNDzPV&ZLjSBDnXE)`*Cy+Ap5|k^x~Q+RE?|=(`7=y-v4NlG;#dRWq=3+ zfq|Ds&rTt2Q;C#uOBI6gkAdtwB(7UqaOfJ@3<<*1y%QX+yupCBtlkae)3O+>VJghUMRs*d8y*wA$tx+*+a?_`^;?DP9x_Vwf^l#+f3uhNa_mpz;_qR@D&!d^9(2 zx5E^98@OqVCXq?Ae8T5AeK;T<Y+44hZa? zG!!WKl{uV%lpEBM!2xziKm8Wzr+GCLwXbv-`%?zW$52N9Ouq;Tz?Sn!n{X(}EyGV|6s(LaGA{W;6Yky^2~uI7s=Xmk8#!3kw;hrsP4(C~+Zw$p!GP@3wm5TQj!^jcq~fGhbVxy3(dUa&v* zZVS57d3_VC`8H6jHMKdk3yHB!S1q)-X7%Zd_1Ubo!oM0E+i9tVH8X$iW#~mdVuBBe zr&bN6)9D`$R1Xc?p6my{1Lj;uY^(2mqLvxaOi;aetyX4k03h^M1lSeS=BVzufoG2Z zM+t*b+wly0t_|Ti0DjjkeAL({Pi=iP=gmLA`-z{DtEE%|2b^_RvuV=5PDvk)7ra-F zZNHkpXvOT4L`zS&xPiOAmQ|2l9+F%9sK8Q?lQ?PUF6vO@(H9Q9Xv`s2=2VNN-!Ig=gh$C zO)D-c9lST$KfO!tMGi5b1b^p>f&yOk6wiXPP~jIRFCP9}xYEPI2-RoIC+0Gz^JxA^ zN#-~@(iGOflWFB-E>pNe=}bEd%&vg;JBxFIomM$9e~(ftgPH7UI@roLH&E=+ApCd`Ib9WW zwLsN*rXT+Oxem>>O~%%wkOo?dA{ejn0G}7A)}y%)h;>zQ z6FqNx1#+`ms-J>In&qZ8az_l?X+`pQ2uqS^_%Ml}9v8ZOy|d}&D)|OLA4ub|`HnLR zZuyEz>zE%xhK?M$8V;}rTFU9k-7M?! zQmRKv_uXK58M`57_d*nw>B#9pFr*qC_z)gRt1{nVm}iz^m)>pvEC44;us}vuXeweR znc^f|IBXzr9VPVBovuRI&j(VhSwW6oYCHS()md+z1Dj@}$k%&`!qB=}*2hK4#@bG# zmW`5`qq`^HD>0ybA19hK`hUUt`AqSGa(?*yc;=I-Qt?P>RK8$1%;?xElZ4irK8P(L zOCXJ~6|eK;>Up*R%p>3RQ~kOCSvhU=AY1wRQ20bntBFzlGp461@`34VC zu{`{oxKBv+O)n!zn_Aht*ngh0I}NRpmCGMUk7Wj-!EOEA9dRxi4oU!I-}(kL0PVy2 zv0DWC)C#2L7pCRgw1bbd?;ah|r;iMo#M(2rfcE~KX-n24EVLK5s}bKTy4PDik_D)Z zsi#utl($XSK^@WxoXtI&X)A0IPh3-e2_}j2>432-Ib_x#iy^q51&5V4x50_GgKtMSOu;xSgU#cQ@J*&XLt9D-RA{J z!z?LAVch6F|NYMDwV^4fM)_b)5w)qo9rCjfJuLZO@|mgWdGjmM1<5BZNeX-R`?r*| zMiJsR7M8-MvOY4_hN~fcO>B@FG4}UIl^DxVTP~!-@yb#>PKyXX#2rYehc?W$qVnZd>2T-SPh)-u^NuuI`H-gn{6Y;2wgzG){0Q!L=KA_uv-X zg1ft01C4v|1c%@bNpKJD%zb|Uck2B*AEt)tqN=MXy6?T`?6cS2Ypu-+psFjkn|50n zj+a_AxV4-;JA5Pes_Q!<>p&U+Ho-7ZjX%=vM?!jGX?gA@H(&E=)t_or(*$GjNa452 z+OBMr=UKpa3QusK5E1UmruT-dxg2aipsd!&{`F`*W!Wt}VEJhn;TH}UE>&b?{s07y z6Z-jxnhd{8M=JjW;9qQy{}Ca{8fsQrJ7T8l6{|8!75%L`ByCYt zD*XJO_=CaXQo~NUlaVvT%byAdFkU-$U$O$eA*Nzlvu738tIDeZ7=*J#TXYe3?GknY=C?II6(~xX;&Ax8_%+ zTBd?3fF>*^AbC@>bNqM4MH3hVq@r)E8lVQp5V3EwCqRc8<-q{Tp*`d?E*dk5%U%0u zmdG0L;WZn@cNgGKd|-ym-RGlBIzWvqUu@4!OHG3foYFJkJ^=P&b*pdVV*CM0P(ewK z=;sc3igIn{+^kIU+>H16Il4MK++%2d)BtDwCq4Z^*+`~Nq^2wjVBnxljU7c_R(7xe z*vZAF`NgZ!110h?0hX@%5hkDgA&bc}^rR7j56xE zkjR6QXQq*US#^_`+ouPRE2!h~uEc@D+G0ft@jN#aZX>hLUMX|owM_iRZrp#;3By9? zE<5=@Ni{L6-CoBWR>~+Iz59qpMt5cr(m>4G*ApkZ58Nr50HTnszW3Ci%AQ%|#F~=U zbBOJ-(*sJ-asVGYA^;{?SyH{03MM)Wto|ShAR~YlPzz`w+GbpeM^chf6?g%BOGHZk zIuBk1nor5g_87)kt7!A=8!y26qe`qdTE=1;BWS7Ngg@Rs@LXOO;t*b8;ke347MgFM zX|b_d`}zjd=^gQtemX?Z_Z}-Yjx*oxa5ZH-2jE)(gz6U)wWejj?#)NKqq(^_+JjZ7 z=NoQ%OMa%7GzNePGDRZ4DHLHeaa(}|XadiO5zi<0Zw~-gB}H>3`tCK54eHk7fYg!T z0?mTU>$}v;*RGuUGFEdU#{1G4yx$a#x zZQlv|6;BE-!F`8S`jTHR`jYmRbamWxB|ma`hIN0JkadIy)A>EIRDVU^8t;-E)x6;o zq7O8~)gT{3lKe%dwQ4iv2BHtdQ|EraBXy)vNpE4UMh`SPzIrcPxS1xkN2*TG_yM}! zr6V%Tcky|yF4;MG?uZ=CO@FH;Ddv_HCIRZuICuu2mfnX|qizZ9R-k;j%Q&6)*?D=( z3&RA>{O7>+agB9>H*s=ilK=Z=(SI@V7y8ihJNL7HcX)v)B>$~gERDkKjz!M+@gJwZ znWnFT2vSmvzWmb$X7nk|TQ}ip%+e8nfuel{Y=@A>ZkTaV6;obE)L!2f{%$?=-M`~^1nmk#unD$5x_?!$&AyJ?-B(=)KTAh)XTP#wT zI%Ux9ftZ2d6**vW*3z=Dwjf7AYD8&X_t&7{>|+-)K&1f46r#ehrBP;HjdIr!)XN%R z^hME$Z`-F|m3;xl^S0%>0!HPl!+D1m!t4B27*^V))8!N;;P@&pk1n$+q?@VOgdk&S zpn>6v=Qpi}HWCNt!I7m15J~}3zDw92ON5V{Y_n>jTqHN_;{=QmMKqaXaW9xVQKM=cMY@Cr$c9!Tk=$u~L z6B~f~|9xu+{g`g+^p$tS!-)LQS+x0CYXzxRjFjo@MEvh*3L()gIC|!2Q9VJgDYwA@ zineoL@4s^4X|Pi)YA=Z)xnTgp<33}6bn0?*;dzT;Iw@rdsQ^T^qAMc@BpsuOFhi&5 zL${m9y`Vu%5cBJ`|3^pFDbO^pDd>9tSl=-%G>0wvJ66 zA7xKPjSQSiUw_b+%F(J@B9+P$kdk`>o})b_!XgZt6Z{;s%xU4G03rFTAzRDMR37Xg z1$1H^O4_=j)b}hAmV_9`Cm1M&dKj5#9s%B6Q_k07kfv5vx&d~t z=Q!}o;WgmqMMyA?RpdC_FYfiulD6j9Y&mHm$*?>BX(g=(d{Jwpu#rl4BA;eKMw{Wf zn~*&6n}Y#PdQxC7M~Y@I$8}%!U97BUvFl{zxyU@&nnyeVk=PP${8DI&s@ieA1MFUX zTJzwJboJKM`2YUt;_P^c7=6?p>edj#s`-85WbV%&Xyx~c@Z|sN&~3ajGjfE9xy*7G zQ8IC;K~4)_e&?fWgVPr;Yx9^^X1E>$-QC_F+2gy*_ekg944#i%f<0~0>vmx)00Djv zBQy>j7{;#36##}~LN3M$FI4<;2C&4x7yhnX7C7{;dy^>5CD<2g8u968`&ZF9-qd$V z!mTiXbC19&B2=zkS#Gt*OM2l10_s`2b4`Xl&YwsFNz%32V2&{S-EAJIz*55{#*bkX zB#IzeY(xp*mGC?Uk8g~4|D^zq1~r%xcn!ZGArVV>z@u~g?=5QZv5{&Zjyci)`+v~4 zfn!`8wYZ{f1Ocz|aM;1rPtp=DEvxP9sOr5#&3r1^qL;?AvQ`>KSE|_4OrKR!R^5tf z(>fYPvkqIR!u)4t)t1J?3n#-9=VNDMqjM1cZq z$g{K&OL0|MQDsCOr$(etX`p?4YV*7SD_w3&kZi-;5}bw|v65f4t}jbtrWFISZFZL3 z@h@R6t1`WMZbT;!n5l8t2O3UAH~z(|ar-7&>v&{$BTqX8kV14%7Zu8TvWR&-VCDj3 zRhVvWMvnej+em1+?XWX#TbB7(kle_bjT3u_PE|HCVaXNAWL5r$V`I&QlzE;B)TUMa zo7$R6Y3_M8JfCu#0k<=mO^DWf9iagk2scj!H8T4IJawKOm+?=Nty=$x2)DG?)jNnh;_{ixj~uN z(whN4p8ZRf!fdys#$JhX&pVR4c4z02QU`99{@*QJSesjEOac;1Wj@TpPk&eG(~<2O z4W)Nb=Ro<*_5&7)o_Tkz|M=*eOMBWbmx_%w|60c)@5rarJ-(SLaK_06_JKeAfBT?s z1KT)QO!fDNjPID}owCE)HIDv~-14jXN{ZGJWbXXhtuv<-i8M1=U{epf#n7a2YfZa- zqo2HHF$`2A!l~fC?DKz0rj^4EzrI-ozcCHp&Tg@DnBX!bCBx0%-^JsmE&(AaR_B5Y z??nAhHN=Vw)fb>iSExNiQ-;#1z@9@Psdl69UF`9YN1GTg`#pI7n1(sl#2W4^9hcG3 zT&?>JJ?^~`SnsOp`$is;K$A!{q_p&EftmQrEgBi%sElmk_*MJhfBH!>#wpud^6YorZ6{!PZ&-~4)Ehqo7oxJR@ta`{#k zUN*rG<^Kd0s$M=n4Z|WQrf5fKRv31E0dm>5#q>Qqjo!3udrP*)&b#Hm(;ksOOy|&s znD?v-m2CaxwN))q$Z(gty+Ieq`xL|14OeXiq3rd3q5Y$$mFK7|TO z-q@E;SnevdJa+o-VqT(F%P=R}=B|WHlvIvHp|QMQ&|PHp0egE$x z`BJDC`IlmWit1&NztU73`nUH4YASjO2*O>$*`)8+xIkfq9dlWG*_!+-86p2YakpS^ zqq79~$8JO8dZu~q4)G!ai!dYtx5+FhU+fo7q0uuP%ZO!D@L1^;0~>U=@^|gbpZ=`` z*nSdxsl`MI@x{CG1nY{;>Te@)!M-E8HzuUnhB+T_GM3qBQDr2&RChk++h#i0z|$2c zH=|Kyo-|HtgSk%(gKW%bP8=C~Q5&!%fahQU<3EKXTgA}ui_W}~X)_2U%cO4Wa%7gf zd=~|%W8^BU(61sbM)o&{$d_1wIqSm(f8cZ1BLxO53`kDeBE;Qc5FwKG#qX zlOLTp++0WPCnb31GQp?WxeYl>(9Lr3dd`dqS!x!VOBVrQNy@!W^8RoVmnNP}u8e&+j$wVZ(`sU4myl)z& z4@6wN<9r^0Rqw-v8wT?MIiSz39*y+Ro0k!haUj~V_-&u7rx-R_VaKA3W}?WnEBIf+ zA{LAgL)mHUgbMSn;2L8oOMF1*rZTy|L-u5!#XJ=M+7ZHgJfc|(|j@H#ibND z7PqvKn<6V`wr6rA(XiqLUS4z#mn}8+t9IXrn9*aJ&<;VtkKavm1a}<>t$i1GpY219 z2Ja5boJv;59}0g6=ZA9LDD=p|^A)#n{1Wp^aO{UOnb)F?_(T9%$~H8RFkGPNapSu` z!ei@2Kh21D`by?HC&c44qzF?BObm$w*W+%V8E`6f^Er{5(LT^G{EBB-h05Y-R~2&7 zF*e#cW}j8AX4XXho3hokNiXgy{)s=wB0Z?>m-Pu}R#cH&KbJT`Uy-+aX2#TW>YE{F zJF$G=TV{!`pS_j`6(yy=<`0+r7b%|6{ue2_se0`$Mr3b$+ek>7v{x_0Q?mm`yL^fd zR>ns=wqeAwJ$=YTJM_(QU%zC+NQ9#QK1V;KAY(vlx|{24q@yLit39i8H+>aw8l2)b z(cfEQH|-E)Z>z9+9#NF+wRgRYHDyB81u83S@dpP7w}V1Z2buP8gqSBdN}inkK)4^@ zP_ts>xX#Xw^h9e5%KJ2{Bf;6*cs~lKM1eod{Mn*S^7R=1@gS1)>!T3khx~T8V2u^RNP^zQEm* zX3P>SBMJ?V=R-HG5HoF+?wA#v%EeIEnq%0azT;a6a2eU)bK1V)J&zlhA?x8nBb8o96|El zTL)*k8_-7V|3ZOEP%`MhyPN_fdS95PfjE+Q5Arc;>#$1<`NO(8+fcS?m+DdlC~XIzKi8N+{0R>n|povHIKI_en9n59Fb@b2=; zOmSrpI(-M7d1$#gJ-rB4Jlh|Cks+y^@@zVd37qQ zFqQ^lHlK;zG6t;!CBAH(%7lwH;dfe;smbvcs;Lm%sx%!60_=DP1RTQ@T0~-l z1X*zSsukOqHHp!(bxIR3w6uV#GPqE&ly^oc)V?1bK7R^tlqXzi&#o9!s_L{4iqrvt zdq)zds~7cJ=V{Yfu5R!uChP<8N^NF$;DRY119Q>8_$vU_jo#k7pr11{Gaqn_{|7Ju zjOj6^jP$X(PlXcS#Q3S#4DhK066^m1KW~_X2#miX0>?r3B`VMV4{%a;{(pr)|33h^ z{|`Rm{CfmtK_hoI+v>GD1#FIgkGX1|*ABgZ2q{`NcjN*zXvs6v<6Q8_X;>RVJ)R19itT-})-$Lazk{4ludjpV>*Ty6|qWGfzI7cASM zSu~RkGwQvaEUQr$Q#|D6tNm=)5;6m?RaHt4RQ0Jr(z{tkq-M!&DPwN8^X;e+n6cQB z4U{X2R762-9uTkYb?Nd4B2cdh)K)MeUZ)$kY8tbn6=M>Uf&(n_?A*j=7*UPh3cd zNztBvi*kFJM4!Sjs+ZxjrG?6!1bNZK(FlG!dWn|HThxW5Z;h9PFh$@C9G$1X3?YR~@mtV+;U{=3FNMX%2nlLGV^ zWWE_L&42A{4&)-#*Nv`S6p(wI)3f!*OkRpo%@ zI^U5PRYu&XCGG)lwV=w<6G84m0+k`ej(F7Ebh|wE$!{?Sn}u+fG)Mc?mfX(CZ!Isu(xp)uVwm~6MRmybu`14ZkN}mv?h3_ zN51-f8{iu`LnDKI@O-X9MUEJPA$rI1~V)FeUxv0K= zbBVItpJ@wk^gN0`j%j=c$Li`yaZH(i?^EhBX+(nUqb@_6% zy6pTHJ)^U^<@EJ?t~+DXjgIoVm?&-ZGuSPDu4E!=afx^o%Z-xp{!Z9q zE~lHyT(9;??iT*PFEdAaj5%Ljd>q%T4QW`5`*&V>N1o84z5V>D61wp_#!XfOz@Em9 z8F^DmlHsqsBG310n1i`UHy5%Y^pI49ML9zAJ2bnvw`hl8BErk5vb|@*^4FZ9E8I$| zSkT_}(-r5pB%ZZ8Ew=FAvK&`G76{>Avc9IHopifoo`Y0m6*{8b|)pTQ34z4^0&%RKZLstR|nn+08F)Z*r;A?em)g=XVb_g=ZH8MAJ0v%3rORfx$X9f;d zsi$-44YULl^V*FC?1}_VUX2-FJbdBl%NTfjLMz>E3lpa=-qsRC8F8erarN8Mj6(!@ zO#iks4;gW%G@I)EOgJR6h}vWI^NmMOQ)g|lB`C|DFBl{(gzr?{o(P0Pk&z~p4lUtR z6!PcdtVTL;cHW7hzIBIh(TS0-{NkU5=J3S^Y!7SYsa9jajl4RFchYu4w+_)eB~C`j znPilETa%4FBgawvRZxVwh?bdog{n7HsV-@9N|8$^nT0wmvg3x%p1D%mX*$~5o-kRU z5mv;fJ??Wo+CMjl=;|l~)`WIc#YAmB(m#rcPCTk8BS5joUuFlOn|`XAJZwR{)l5~-|4yJrgV)s) zdLU)A?8^Fv)7KaJ$IT57R1Vb0EH(()#23?gKqjd;VJM<=a#9*M;0Dw8-sH z&(na5imW8PJ)f+A3#G{r%hPNv0*PaU_enp$y;CCgd@xZET}(^J*4ia+V($%=D<}My zR_I(`wio8|cK+B6y;59RtX^Vi9Jl_wln(*ny|!4tC+!OK@U*KSBgy0OFIFgoKFMx) zmfeK6+Pp}op_^+jU90d}($WgPg;-OvP`h~3?fwcGp59)t)XgM|7Z}0WJq)%zK9bdL zW=8U~d6#v6_5M>~X@Db*@q~F%`@u-%2os+Z0k#6cjeFAp@5PQzgOnMDc^SDF#H4ZG zH7%VqMK^h(Y>wHWOdP_XaE)9n;b)R{y_c+^!xj6>vJn?CbQU>5d%WyZBQ#%8`Nzl{ zhY+GZ{KpGzHsn`<@xn?$5Nxqu&>fltt%RJiEDg;7^@7jomW! z!eBF_Swiu70hjyt>*XI13cuySS|FQi9((meQjWlLVoMucMoX zh7n}618#L&VV&gPzxjz=KN0f#$`Ly9OIhnh`nNP}lyuyk4d0vV>N;uZ*y(GUpscOm zYs%}Yc|}+mTP+7Sw$XN6v}7giWz2kyj8xqHb-y~sYTG&S&Wr?ZB^2fKBgjfwdESmI zI+;uVC`vl5o|sv_+uDlLS>_`jgh0CrPmi2)$M5?FTKN&R+qljbTN_^Xb#%^{?=hpT zVXvLPSf{Bpt{D04J5LtY3{%Ejq;6>^f;@=Jz3jctyfnNA^#`#SM|)U)0VZxcy`Mvz zhCAT&w2-Svz)F68&$+QXg@yk_6y!}~v6bDCWy_TmhV_yg?q3orV&s0M@e{P5a}?+w zzPpyo*6K@ide4f^?3mTE1kEYj%?LeCI~CpkNNQL0xXe6!fNk6;tDlOOZNLv*eVV;K zLed@}SCCV#b2>XYJF|1DJs{R?>Xpylaj@8NpCEsJetv6_`5VomTGs`SuCW^@Qo!I1 zUNYV@l3X8-&W_n^^t6rjokk`a)6T^D^K`vAExxDn_aVI&+nQkft&s!zZfCVg_)j8T zy?Kz~YMFl9O8tK`5dtxmvnMvYz-~l7hpd(+ku=Y0y|FJ_*jdh3QXT?LIO1$geH^7D z*h^>K^?nymXZ%VRy~CoeJ3${Za?lUA%(+<(H*nz+CEw>lCGMG?c7oNh%2ZwDUNSWf znywTw%i-NQB^xv%nEvbG=Hn;*)x{Q)cMw9(_>YMsUbyR0ev~zP9#yfjr0AhO0?T}< zXh-aQli)g`*;;u4TmU5y3)^V%Q$kVFv1$`eLZ{=?WGv^EnXPPdJ_OOTe);vuLnG9q zaEPDUSq5#-Qu60PeB?KhozLkV3Pmp2ntG=l#7ILgeKC-mmWTp_!0J%g>NtJ3?3x-j zLHcqDUrl!>T;1}w1*&<_7=FNj>eDUPP`%G}!wAO7Sn`G_#fMdmMX0s z-O8tY@F+(bj#zwH7jh?@)o1Wp()oEFoj|5^hEJ5)p{&U86k`mxG~zx`ohAHuNQm9*@ln|>}3ub)7=>adu~RB z85#_qk2mpiI8kA>z0=>A>VL8Kp7s%#-TeI6=i(du)Q#>-I4m@eSZJJvGH5a42I;3{ ziN#WK%H&E+A z%(co!)ZW;<`Gke>vTw3+wmBk-vk4s5hPl{Dk9AH2wAV_{7bXk&zFOs$b1!}CPX$@E ztD<4An<)1If7F(nDwdYzX~aGQYhm-_7)2dw>?pSNuxo+NaLn8I++@_Or}qe$D9vF$ z<{_}kjwH#3vCQc<)N02zVRouUwc6ilLt%UzLm+bdRaBT-a}ME6ktfn5>3kRSRu~Zx~)aa9+^CN={w&neiSvXK4uP4K6Igm(AXINkI9{n6if7kT{T_(}It4 ztR<$vSO2{suxP`AIl`-ojpw@rk~gZ9m7}WjURSp(4Ueg%%s`}FiLe0JnkH|4Bl zV^0me_D6pwUznorFDokpGEAR=yiiP~;l;+o#OD&rL@@b6<06jp5~K~yS8jM2+um-b z`<}9<7|cNQ^h|r%k84D2EQFY$dj5hEec#xg+L7A+I&Nxc^hZBG^J#uufBE81T^aqW zt?flWuGZbm0R8aMy(ki~u`5K<><@+a9e%o&K)|*tCGIDBTCp#eqac%G2!kwxcKlj* z`;*dbtVCc4wb@?{Zm~6`t>HFW4v)<()OJZZhUFl&&4h2hDk9W>lKe9$To4~)V^j>? zI|h0J{yRWb5yl}pX+jOAE@ao1*>Wuz*topC{QH)wZ>CUp*^m{Y!3}85?im}n7OO$*LlV( zQ^<()SFfj}@nJG|+%4Yz3XK|bpr%|u!i1sh&n^80KJb==r&-+AuAa(#WP=m+WCcl(X;M_*U} zIbw4c(c>c4@;4zoB+fG*!}R^_=xe;E%L^5ZzRf|+&Op!d-RnBdg~i{^PQAOPuCZ(H zNsuI|h#5)Gqr*mX=%H9=^0QWbH)+?oj3IERTrJ5N__?6I5J~K`wnS zOlO9rr=fdgKbY0uaLJLKUD~=vfZ{2ZGtj2YyRp|Y=cp7+PnRIPaAk`K%n{;m zX>iDiZp~|b$XV=`w!l_tL6n(KMu6&kzJ6PIVx|5(@ih0@G}QMQ)7#UhTzkTxYpBPB z^VQzArSApPl8QHbzT zMF;vNa>iQScT)LfuX6ca?g+IZkj&4~nt2ntk*WjRl_^%_6*vqpEjA9A7N*LrPA4ax znC!S9lF#4cj#JKb0!_S)KcSb}Msp`rmoBoT$ZN9++Wb704m4447wnd=30Jk_nS@~4 zAuwrnct5Z1+}O@Y@%_}CRbW9zcn?rPx5Lf=BaK{hs~mxYQ?hMxeBd^7bm|tDLd5I% zKOU}|b7}A^@UC1}hR0S0E}J?l27_Jl%sEKGwvSoWys94&#}$-<4XWo4E7~cu%|0wq zGY*>8tFye}mJE~1^bs)-P<5J&rX2fKlWrCmjsDX%+n8`~K3pm)3z3)ahq=i0Rkogf zaA_d5`oSYU{ub6?2V7m|{N(}sh=$Ah=og329t>^A;c$2ms%kcR9>LBolY#)_w#FZF zfs0pM9xf$LUXbd;9Tm~#?YDhF_sw{#-`CBEwi=Maa96%<7`q9BE0Ps|B0J$2&uadP zL&|_HxG_qYf|`y>WLJgnn5F);?u@>RyFbz$+Du^)UYU0`ILro@G#EN)?!}SumGs%N z9MB=%jeVf;rufG3X$k4>0CoMVJ#u3Jd1a^J-z^*-dTuI>3 zn)_9bx2Yyl<{O58Y?#}rPz)G&h$0$QK3j{#icI701&Vu1GjIw+*9x=RD%!fL(!Re0 z<)uYoN5Bo>Fy<+to<~pF{j$GZ=G6^cM4fk2`mETYYL;dF8FZ=(!y!X}5-1J!pw?L* z0aPv8;+~%J@&KKZvQxNLc2yAeG=gxifmk;1nYtVwaJEEG-Lj*&H4pMu3c`3%;NQjO zVgCY=zJVMl+FNUj>Dj1GmW7v2FnTTv@?mfob5^Y!>WX2o_hfIZ|C)Y5@oac8_}n>j z&|o-5^03pY)8kt=EYc{zT75%tn%I~hT~(Jw?~C7W%Sk-p6Ji6cduC{D^gm-N_5>>| z*^@R$(IkBXCj5^7q1a?%G>&pa+fFp6V-UxF@n*xB6UF0_}TLkZFm%vG-{skZie_nwzjHno|Zmx6h@=M?;bk;V=2HoF6(=!w$6UMOJ_4#IA?lkAKDXEC(n0xLGu z9Z;si`IQpFug=VD><|#krs4s{pxmwEO19QE7;#Z7H5K7cFoCJACqTpv`0g7YE+JxE zZ2BF(Bg0KiK;Xr?zXknQ`-%YKjhU64q%B4xyI7&4JbLnb1bc`J?!Z@KnycmMwwV*0 z4=NZinRTP2G(Cu3()$gr$#pmW)WMFWEYcKx>KUgMJAAzjcn@R9zoeqCS$nzmi&baC zN>R+_r~6v(bML*`K2{}B6)H!kwdtyxhCI3(Eik?VFBR+mV?oZmQwaal=#lFZ3nTu` zgJP!=!^In*Rd%--OPU%6laJM6rpgA$-y5(}x|3H^#+UE9ycPkSHh6>zw#gSgT2=I# z3or2Mff^qP7l@g9HPb>F27W8=Z5eJa>^(uaZF5-L$>1rhgZqT@N@ODu((dEZ3Af>|Sz#(~smJ5j7soiy@}+{+rR~&%zWj}mhnmNs z)Umko5!B`J^UaMB0lnV2s+4@h-Irgp4WfM)(Gl%E?mfZxS#|r=Vqf?Wy_5zhq9c_l zKAg#au1rc6Lk2F(B=?LF4V^`QUVZP=y0PvzsleuHKq;-p=I&h|Sz0}Jbd?Q!JBNo~ zqoLn&WMc_-H?gLZ$oW;6=RZ2v`86S9<@n%7tI-*>bbj+_pEqlDx1J5qJN-s46_(ycHF8o1*n~D>dB#U+%mbIo+FGJh- zQZ`$M5b?nH`g>tcre3XKnd$a~T)6OyZZwXFG2ipG*?+YlFB*3}FeR>-+pSAU2u$GA z{4^9OTdUF{57kuJg-SE(6slg_Rl{~Tm}pwz?B7B#XVTLI3cM-Z3j|dq3I=cUePtQS zqUhAIf3blc5GZ?%lK^Y@c%wVP4e{`xy$$%kP`QM!5pZO&^b2z_>ZQP8ZyX{QK17?u zZ;6JWc(KZG3V6NaR^pe*n{&NRR}6=mk5(4=hs*vn2{TDjtPMm6p*F2pt%BJU6eOSu zxj6dcAQJ17&JpbfgMD^S#Dw|avoSD~CPu>?G#OK2Z5?G0ZGCymTFJ`b4q#e+_v75( z`iQB)ZJwC^G|5tldeRy~F3;}99wt}@ z9Rq5j@i*Jf~Sj2iE2Ex!?a0-XFTe|UQxb6M-(IR~k#c!YU(;U}`N;zx@8>zqI zv7itja~})!n(}3yc!nC$_1ZxkJS`;^J)#vqO_-+DVg8H=cVl~P{0w^KhN62E&+t>sYxIn{0JK3b{sBQ6b-oxhDE{!?}Apt`I@cp`zuVe&U#Q@SKo z-p%q}-ALMNoN-ErR}R>Zu^EnIm;Y|!2hG>vQ?&ZzqH*y5~OehEy9h$Dw2X9Z>r>LGlLDvh3E#ML4 zX*HWP<;Bu0r(KLugB&BGei1*RM5(=o>xOX7Xkz1&E_c#WrEk&p5@sm+_kKmUFkcqTBf4jRTr8RYarkBUaIE4l%Kf6jE| zq%@V{+X%+JqQ8}}6*>3PONtw6C#Pf@(u6JXktDXmK~jl6GtVXy*|kn$)quIsZ#&`CL?kjd7vEF{p}oc(85EwbnlEwBnR4xhq#v;PBE@*VNHZA;Ag%k#OL7_ zjCTFz0|uQc0%ivQdfefLfT&Y!3-=OsT}}wki=CW83S<#)GNkagGBd%GpZ#sBe&5oCg z45P@UicZh*2A6N-!pp`(-QLtzj-26Apb}kPeUPik&M`T6EV3n4Vo=#{{ zPEXJOZemqzs*y$$Aw(}Z=|Sof_G`5+iO|j+)neT8J-M-I-%EM?ONS({#P=cl?96$6 zD6I_9?sK^(%*tJU5qYBFd1#9_S77Zsg6c3suHdgS z3z}j297L~)vOI;G8@5w}lDO;GPX$UBlTUMlO;6!vKQ0=I8g^HfG_j4Nv-p!pKdf>y z&}Fll=vxEHOI5l9AvcixYt$)A-}|P#LqAsfDisKy>lKukosvnYmmEG#_BgmRbqWP(bK6t7|<;zUblFLNp}jMyL)RbD zaqhaA`>%Dk4eUe{E7{Gd++259SR+Is5+NaiA6LIG2T{^0BVf`TPa*)*(jvi!_4Ge! zrbDCn(+G%?bkx^1jSMu^XNSMNf#=hmz^iGm&tyY?oJErzQdid0T+c9WvRg8&th8$C;6=jB`Z# zc*nm-ODQa7bju@v<3NmyteUc=smsO|^xK6wXCpgzPg_fUdwmNv18=)U=o=zSg#o4C zzyHN_gm=ixdb`V*7{k%^y4)CRel|AM_3@!6X_rZDl)S*gCrf2%MzTRW@FoDKT38GT z=u8ylHZcY>>f{xkP7D4Fqr+i*fu;nw`dp}-Fa?MT+=sHH=-Q))+~MDQhA=dy=w>E) zdL&&l9JxMETqy>MS8a4HO`O54QYj8?Z^Gx*swH=Z!m_y1N1RM0T6%JIi07RAz94&x z6fkdQ!-ePxMxW;XbQFG!oduj|_uRf!W(wG*<(>nuMhw2rcl$RUF%I_+^PnbG?=nlv zzCXCL4FLSm3_KI@{>_q@AkuDg0xh?k-w7H+~~#+jl-VO9^?4k z(xWE2CZ)FE+X9O< zb)9~H9`-H`kM(x2M6kpmvj@GZzg04{gpI_8nxRACR4jE9^?2^w@Go?8$VlJIBlE6{ z!&NUA==O9p^ugZihH6&+k|GP;ARt9DpSE_3Lvh?1jd{PmrcD{I`zatO7^c%qdi}5| zM?Ef>3+eo~!NDV!nqyxM7zJ0Ci#{n5yD|TL;8a{KK#pJtal z5WZ~->tLDY0VGwBZ8-+5c!M&9#d2g>OUqoa)PGiQ&azkn&O-3?`!Xv~dkX^TtL?Ww z&pM(uyfX=HY4+z?DTp1I$MAc+45fkhNcV! zjIj%_ooD}jM$My&X2Iu&TrhfnNx90-mkY2OgHfe?IfIx2inthjH2O#GH~QOY zTl4NAPPEMDxy_F){dA#GtQ73-BaOnDH7{ojLl0FTdMt76Q<+vU?_){?mAw~9jv6S5tyek}% zmr3N?AH!LBg+EV*x1)$&`T#rJ$qfWD)?{G(R)hGwI6~jfhYs%`vDxI@rBpaFC3@_k zwW5Zc{+YWJOxwtJ@PL-pIE0}2dTzozLwB&k%^&dri~wCEGZtyYkgp&y!7a}67bTGe z280J#n;Saoc%JoAXTRxp0tG%niH7;^waWM~$l&OX^#e_=3!VVgX!K>B+R?EEe7InQ zpyK4PiPA*ZSho>6pjrf!ad8q%##1UOrPAhF?}Wa~hENU%g{n@JhJ|vi$RetTeH;5= z&mN7cLb`Q&juk+If|pPbLf^aP-bk(0PtS5B*t9-dsp zZ^{p$_y3~qtHR>imTqa>0tp@n7A&|0cM_c7u8q69TYvz;g1ZN4+?@u3yK9i(7ToQw zoPGBG_y66e`*@$b*Ia9Q)u^g5B5+U({LEFX9eLf!I8aL9tnv1Z)nU;A(XXyw!aAYi z15~gWAiecdks58jmZD}rDy_0UGa$zf2VACxcA%-bB>YLKcqU3Bn_Sz*C_b#9x7oj?}mcKK;!nkaJM8y)oUnSdx>^GjS@7u_K2xA#`H{g|)+ z)6dEm6dTyl0^Z(%T>#QV>4XVOo1UWll7tT-6!lk6AmY$bw zpU08sEr7k@LVRoQs3YyE=kR*CP8+m+rrt@}1}j?JkqZyFVGqEJRS?_|7H?1lZhaG@(0a-#U<(ZqL>1(+odKTl_0KcvEY@d zsjJQbN-Yw(iv+rKM|Z^)q9xBzN;3m@7?Sd0ur%f zxxhfjO;FuTif?drtw8;}^jl_=7)VR~>-8~@Xn#s3VE@%&;C=l}|Ern*AOCQu;*Yi@ z%790Y*o(vj^OI$%+w?FQQU5zxF>NS1RYZ~E5j|(Tpk6osSMcr$Fdv2jaB3FNZ3e(B!g->9 z4eLwe3eeoXeGkUmk^QA@M|Ut#OI5MW0V^wj@FMxYe}P|sDBvGeG(V#Knc)!#JVE8N z??+1(*?-!wgH=DQsM3c477LJ33WeGF`$Gc{9d_w&j{Zzi>KxkNJtMm(2BtCRf95vm z1<>p9|5-nsh<{oFio5=*EZ77CC46M>|LMMC<)23h|5*w=^M4-w)5c#T_r@A{^z)xK z{^|h+C-A7~pEmv)KP006$Jd`5{JAa#c-Zet08$5MLHGr@e|_wBH!8r;uk6dZp-PSu zwe2aK|~P0hmY=`m{Fz(pGazQ^(Z{{P7&o0+NYx@ykU-kvvK2-z&9(gLv4%c}~$ zw_CV7dxwpH5Q3$SblU)6GyDe@-HscayPc*&iiE9 z3G5y}8gR(^ugL{Qcb2v5S-==E;kqT({RVV=Tlc+71!_I+r4=@g53bSh;IAGCvh%1oJ)ez+QeE{D7 zBAm)!u@2Pl1aMRpx?=i`RXD-62CM=!q-uzGifXF#K%zaOtSP&-skbGy?BF1?*7|9& z^Seqv^L#)f#rnGyBC6fdZh5&~t_}ugiJv_|JuBdI4I0bIeRw+!W9=T;R$F`c0C1S> z7s98Af?SYs5e_)H*$`DF63tibi^2h(kN&LG3?vzTaPF7?S+{AJ^w4(lS9#bB<0VN0 zv|jmRkT!d8)Vo5f!6h1Rf#ep% z%Q9PY*ag6U)zw`^4%R50eZZOo1M#Wu4J?4d7Pub)z?xx#ovikYqULbXXR1IarEAEg zr;n&sA`o-)rG?w%KMIu=`g)8@QCx zIEWA~PJXaIBpnc{P(+~x$UtK-urf2X*M1Yh?`vynlfFvY{Y}Izz=v57PzmTUBYYNn z{q^E}rgD69csXX*T{?{Y3>B^`572W4M4qP{&lZO02_y0NubSkA0j}C%qKsr-9sxkD zZcFvDu7}M3FTsvtMLEa7C|GSSm5o= zi<5coegjRD7wD~T)?8FCBU!RliuXKR{biY=zsSJa!K3JC7%Mx)iU92_R3WDA+VTzk=;|qu6ytgb-p}s~(&SBe0 zhz~%A%t8=2;js)R09%!1DEScyK@y2vezgA-Gg7HUB_5_b)f#UtJ*Mad=xKZ6JT-*6 zCZ(NfWlHF#|0j_vwkqKRnuZN$%nATuSQZLbCDgqj8=%+86fHhG!35OA>c&28uku}4 zu@I;ScSU|!w^`tWMd!=tURUTt{OcfbTuX^d`(2N^YhKl76;ce^S!aB`GIvrRc5IbQ zXirja)}N^|o^WPxqX2tIjI&LI^@@-fle5l7AuiJkNp@s-;`|VuWdIN#8&^N!sx&{5 zieZ&R0wG508afqO3;Q@NIobKuX?=(k&!NP7l2XP z&a*r9eVr>1vdv7<&c*|Qmax#9Z8;lU0)6k_*VcA=^2(y~l)I5z2A#BFf)oMcEJf znzJeQJ4wB>qvsWIq{A_C<$$qamB#A5<$v#*)fYjALqIsB<6XT(tbiW7>~Q`<8i411@C83d|{E-Zv=dc!Xu#~#n7^>#dkAkuxUFajKw4;aiw!vl=kwe)}A4l&0F(*Ayonr9AJpXZ+{HjO-|Sx@$z zB?hA=-4w_;_K_u;DR!>*j+?iI=wtI>I-&sXL5bfhfRJ^zK*cL?h8`)vK=%f>PaoG` zFHjdJF@bLtga}eA;e;n(-~xpG%-@TcB4x*CCxLTbuIZ|nN-`7|d2UElf-nD|^&Yp1 zTt!DtszJ>%CXUU{d>HEi4=lW_JP0Ar(^Ht1ScwD~$%J@uyAM3&fExs0@IiS-OQ`lr z;`KE!NIWPkI2c%HA?Q}(1qvrOutj6v>*bP%+Qr{15GH^SH&GE7hDK;$EG-&VPklQG zB71?n|EKj=(w;MfHh_P%IlQ!r1QcZdWx=%LBlc`(B@OsR;)tC}g#C&pKkVLw-kr=| zT!Pqs#y0BSCBD{A_)W0#E=F3PblxVQLfQ?TkBuA4PmRHeXnGRZq4TS-0Q;Dr$GY|u zKtc-A(_0s`KRjQ`RM-#`c=xzU-H?NVbknvC#Z@Yx%Py6C><^k&c zaie)&X@9_Url$x2P3xKhrxvFVAJ=UDZcaj6?TNo(=yPQLAYAFiC^HjEWbhkd3?~rJ{M8W{MT{ zfMW*{A^LAkFRa<(uSb2cfCVs?o({xF-l?uZz88wU0p{x9A!Unx0oH~}WHHqlj*@J$3=GF_`T;AQ z5|zROo_9#3&0Y;|*Ikv83|Anvt{-iY7XS=t;Kr2K zyGc}2>Gtg66g3g8idk7+kt(CK=Ext~JPR%`(ZE(<<1|CSG9Z}D@h7 zi6z=*YxBFr1fD!TH2)g4ptnl?7MQXxebbRecyh)Cn|U$_v!{wdh0b*6;vql3cc`p= zznB|t405*gmn%d}pOgY6{#FNFVW7g<7|DI=5d8IR3UJ@S`XaGaz|=$4bG%O)){3~_ z!Czp0Zx{C$p#;Qs$o(W$bif~F-K`Dv98&x=rU8%PEc#O=8C*Z(rr$a#I^G~YG8ija z)os;3&CMTxUL@aZYN?4-h3cOWArQdiMM_Cuz6i^ z@~LdPM7)lt25!AuCFmi zs<76a+MYov)P~$P6B`o7)pax-4Y{VHb zLxt7tI%e)TGn>r*@l@LJB|%KFu_TRCFAu>tWkxi?9hZT6>T6@D1-6g(%KmxS%8#NH zo#gtY;GpveYtKwB5F#>f;mlsXW0Q*bN}9`qA}Ne@r#YJsPLkX)CB5^YKLSF$i!YltMen>TL0f8bGr`42k%wHV!gY0r+32o*@pnJf8uD8 z7%mFk_?PP*ALBSrhIIbq9FnW{8f22VI|@DOM;5O16$J3%+c(;fD?7~x-xZ_C(@PFA zM-S1KSslyJmdY{}`TOIFQ7ie=Vt(E5 zdxI&$L%#ao-Ow;pdEk5x9on0Q$#`19|M+4)bPx12hS~!>c}9H71PeGjEul1sG~Wp# ziFvjz5jT3XtX#+EITR+Ad3YM8*}J@N!<^0jzQTMJVqkR`s0CP}o)zCj6V9{U^&$u%9%4d0vkq;els9vpfAapjx!ItU_NNjG*JifY^`AjZld|GXlf%1oU^s>dO8XC> zD{LPZoIH^wJm1r{`ZWn|L}Sh3$J3M`fJkWY;rBWcWSPF`sIeV$aoWThCCk_#JRHO~ z{-MiRCAMRP!i!u)Rtq~bUcJ6VH1ahua3Y)R5Iznv?3#{1P=4l zOmfj$4_ll@8*-sOI3SY3ySwWxmQ*u3s0vAid}N}9T0RQ(+WW>+L~W$z^A5Fk{yUXoM^IA}i^{FH#S+iR{Mh z9M5L4HfsxI`A+XPdDH6;z-$gIfDt?y^ksh6! zME+;~E!`2nOg$INL8>$|SsR}@Q@k2KKx)fa z#VI>9E7Vd;eO0?wW%O<>;-n3!l9kDzL}+&oyqNHfHi2HHGI^{^fvLeAuiC1apsfl~ zVhnT7su;)D-N8u(XMRV`HT4k8>KMV=u5a#1!DB_kM)%TW?mrFlzQ;ONI3 zd~ZIH`_0^MuHA6ScH#~uW8KUHV%x@d*OFuRA7l>L+v@LKsJGdnUd0n(DZxd2ft%bV-c2z52Kd$!_Dlcu^J*nkYpnEk{|a?j;3gIQS(%XV={Vc*|l@`4tM03nUT zlDy0LiMY!0(4nnL7kBB4iy!jrRVHdnZn%ihLDKf%Z>3r~SUlX3Ku<9HiVP}m`jsu^ zcZE{1Xk)M=k(2aAUUDR?U%EJ|{lWZT-{}KPyIAq`W7dTWhzUpj^_O(P)9BsdWlxSy z<5N2a2GoE+trWim#@*SMbsN8;Q>V3R7+Yobwa5b-Q4FoCZcLPXWkP%qI71pJpBR#& z|7?y|z~(?{GAZ++z(~t5b26%y#wm&H0DtEqoC=5VBJ~w1_H*-$VaU_F(4V z8Zt79ZI8kR=ny}A|EIT+y8gGM5;f$4;cquCyGi?;mXjDc17pk?trLPFHCkWlUe}*t zZY(UY1-A7UvYVCHm)LwY(44LogHAo{T#EL)`AdOT-ktPW=(NB%fp4yBe#inU(=={* z@QpfMtgl{Wz)Ea0&{oy<%f~GyEhs3)|^^AXc#tv^}l zxDKPiT~tnO11>@0kkdiJ6yOs4=elXY1B)AZ8MvGemc-n_*Q(jUFxwmwk_n;OP+TBx zKyOr(M4Dtp+Q;o`7T~co#gu7=&zNA*zsik><>Si^GjIzEyg;aKf+(f{f`k+*sDHr* z)z>))1e7e6dlX(!s8xs`pA?HB+4r4<6(3Z(U+#D{ozDCj8>2OJH%fHp(bZ~RKK zT+)dYo&;$_%kXRao)V3O*xS5BUy8WZTxx`yhNT(Lye(_iB1^sil&jqYxXf-#(13kb=+M zdb3>pr8Y40)i%U-;2W0hA-4c%r$K4aU5Nc22+-KVu1Avp{Ide%8vv(VnyH`$*ao0Ubt4{^s|(=Hg&tXl#4L zwC<_GFzF4N=L`(4(9nAGW&f`9Ez2KQVPwe%IE^wKd z^fQ_5sXk=|Jo7iSz#q67pNz;Y`@kX*9p-AX=A{tFsm897+0?GI#*Xz`vJ(3pP#+8Y zAJfGRINp?HnHgyCRa&=~MsdI$xqltJgm-xA5jqQT|p7?e+%cW2LWqqp({GAb$4fxZHkr$VOo zPaoKH$$nIbF+JR)k7k)LJkxuH_+>Oc6s8!bu-qU2U{GT33ViarLU;`G5qXaG5$V8d zy74P;e0sxXR{lU4`N*8N3tNmZ(OoeQTz93w4EMYJ;6t^SIkvZU9bnTZOQ81$&DY9vTDb70frM6*h~NX?!PgnE6RMB9Y;Zo ztoz+iVxbW&*MmP~b;qCGaKJEc8k@|D%svm`ONU!&vrAjzsowxgm#hu)cHm9g5)ZfO z`;^_~itRRJmh2fKz_yFGd?66^U-L`~5g{aN31R*>wB}`0z%>Ut+-UbS^qw#Tv}0ho z#u#!0%aB9A)h&!_FK6VhLf!p`^a`lud~0Ml>8ck+@(t~;{pwEXk&~APL z-b)nXm)dkVd%2Fl4LHJZ8v-aNUh4vX2X(5iL7*o)o*~kug3~+&uS5Gkqs`H3^Xr~? zCH-bf_R5VMdRx{B@JauP7s|-U{O#)WyNzWFKd(B@lZMLq!M|b?d%AaQt#FoTy+&wr z3J@C6a6EV`ly|-^4C;ku17xLth0SjDU_ehEqu=6SmPTR-kyEM*+Pm@)gHlSuaF3)B;TN7PGbr*fbHdI_1# zz}8P_?*;}~b#H7o<3sO$vs%y z0W8Ugy>2-Fbnm(=yZ_-FYanYA)o<-oy~nV@m*cOshmOvB6$O(vvfa}o_JAh-*M1dx z`5kwb=!g*gOTGo%zyJ4NVr=9yz!CfRNQnFiAQBKb{{y7-{|QjS1!4Rv0_iRMXN@}s zD-|mpywIkx2}^165O>MY$^*#4XI^~jHp2D{GLXsC4VEo`8U8~Xi^zRNJJ63u; z!-~w!l3XMC)@4{# zM-TT^QvR$t@oN^Am48R*fCl+Heq6l>`yxL=U{c-qph|GG52V|yd>i3e(e+PJo>B~> zRee>X4&i;hSHBpG87Gsh0p%Lb0`UAC% zLz^o#FhIB~%k%b+P`DRb1EgUUNK$ERt!{6^{m8|`E>TW)ykJWYL^Iz~v2)RpH{}#C zGSUczdb zC>fpQflpxf`s)52b;o%BTk&9V8B`lD^$H*qCh7c!r#NST?;S&7<;T34K;6DVQ_6f3 z&N>%iPgA`d$+tPPr2p4vM}K7}^}6}Ws;NCmPN|e)29~rkOOmSyRm4czdHqspX*zdR z&YxWVgUo$|KNtY^*n((6KlT7>BLUfgNrLBBNK=SS!Pe793jkOQl&{_1QH)~%aZzpe z?IW)DoN@yv!w-RJc5A!vO`c>>%w>Kco_FPl{-W$?tnIPsVMaCJb*@djk~vv1q>pMCXzB z@!tP{_U|e)3tgeA7pnmR<$$ycz}zD0Yf0CON&Yur@^TY=o{8Y@XnJ*umKBxR4t!4x zK%fnzlPKg7mND^A5IN(wUYmf_id4W&nIQ68s;^zuj$c}TRfi;U1}ovFealQw*?5;2 zZiAo!nZswL1G1ueuxJx7Y9xM86&UYWy70bSgMJ}MNcE)x0B@E0?JK$CY!)C{Z~KbL z8|elK>)-nl*aanf*l#iuGb*&6XX7cLky&2%%uG&2iV0f8aq+1!nFX`v`gmZ1{$YA} z&0y;&zTFH%BQf8 z-$^1}kx$N0=SH|H+gjA~W<;JQP=Mer^x}|z69DMDbt+3@UL$4;uddl^Akks=cK-XE zYXuB2n7uMPTQ4B8B%Yd@fuEJShf5&s15M!&*dWErh)GP)?*amL43H9ppx}!n1cFWF zf(idwPs9*F@csJ^-sg{h$|{AMRhY&Y>4GmV(jW3K4)ecS$1L6UP>sR#rzk5bGbc(D z!^+|bvcL}oVpXGt1Dh~ysm1x~LLCJt6~l-MAL?ghfRv&D;VhW}dw!8fhsuBME#S01 z*7qlO_H0w3)?YvE^jb*A&Cw{GiRCiwlr%x@IYV`eZ9~u8bN~8UN1Y*|Qw2FpcKhZY zs@0}PnaEJh^Afgdo*a@r0_5GG26Pn*aig;beit1?wZly;S11M}6b)aoZOIJL%M87- zH`>Qz{VZLUIFBzK8R!*3iFLM8+e!9KI*B_S;fhWFopULAZvf`MuZfqy%`zYTuZ;)f zq5!wlzZO4`rxGCY@8j-&-;6PTl4TGPiT|}oMgE^}t85q}@c93yAK`8VqDGF0{UI7n zfn3dJJd#5mu<*$e5-E2hlB+@Z6%(BSEVX<3V%TX5p_5fA&QKu3zm@*8w~Md2xttr= z_o!C$sE~Z)ipZFwo3dsr$hNGNgW)|3M9*Y_v@E$aR$Ud}(Z1@PM>mC$Xh9gsYPd%| zsCj+(byI+x@GLTdpM`O90bAUote>v9y?uXRU}nAFtpaT6)B$-tWxFnN4;C`O#6?96 zxAEAkjSMg*zAl$~ei$w`f}Ub?9ed4G=TGC*>Ev=8t?@!FW2EzYk1xVI-@n=MySq6h zA_<#}gb01mo}Srgcu1TU=LIc*4x6?6^tTteeCVZl`!F$7;fwctF?ra-$?-XbKNQpgka`?>X!s zn27O^^w2?!;tk~Pt6-z~Z<80@ste`h)*NBi(V5(Hy$jcf#*_WL(!bidF*A4vZXwrB zX(0)So-L)~s&*E`m*<58ann^B`hsDH`tjVUdA7wHXFW0o9&n~5TMNUC#d?KNS?+{N zc{S}h6YcOqTQ`bHd=qb{0QozJqQFl@puSV4?})?kt_#1)B*>GfY7yUc8%H&`k9p;0 zn5)_T8$Cro?|8#UJs#g>8;$zY^Ei_n#Oeaq)7{gyh~NZl7mV4 z(DPSawbe)}5#QMIo+7ETa6ej)mj^1u(R#_EJv<(usR*275UXY8r!Vm{cs5iq>202 ztic?`Bjn=8?PV@ zgil_|a9_WvLdsciiHv;VGE@9&J@VX9vSA;uTc|^s{S!t9$(He6;VM7jFAE@H40Z|} zKc|Sl<_zw+@Ej|&!{9qUOWApgdSa_kvs7~U(d%ab>ZSBMY6-$c1fgZi+7VUCEFR|@ zTXQuZT^B{ui#lbAG2bIDdcViAp&%wGr?O1*byYV_G%?@ng=$%vc6ihiqE}zz^_?7= z)-zyrnZ#CGH_I>xMF$P)og?X2do!;Au41y8gM+-jv0F-<_wTv5I5_eVg!tDzml;d6 zEGTD@r_4Rq!i);_e{2CZ$E-R#)<#~lsmVof)yQ%dw*B33Q?Dj&0(gQE!PoO)b0CgJ z&`+>p{)o8JhYb2zQ4@Q^q4)BJ_;`NbliPbge98z55-NOkD-a-|8!dn#38|=H9*Vr* zKb$z{^47q@PJfdoI@;98PvVTX)+D`qg3Z@>akJ9H7W>*YkpCy?d4+EFR5nTJuVlWf zO=glBT%<$m0vjLi`|*JYR*$bCcb?(~cjwHaxBRs*Fu!i4K8mP}k?^=tlz7Y99n+$- z$;o^5g-@+45BuVPrPh0DnD9GB%Sy{CAoK&D8l4_Dt7P14bZw4ITZK8GhZ& z)1N<8^Uur*yyXJeyerVdWbpvV?Ip?2#f6_UTre0q3QFY@mNQy5roQX_@J=#M834-A z>xSKe5B71o(Zo**g;Q##snaau3}iXL#m4On)g47LQ?IM5i>ww2vhgf%c5rOW$tCNk zEVXi$E2dy>K}WUKJUQy#VWLTxt*djX5wpxwdp|xq+u@sHrC8?bQX4&Nzjk5Geh_SJ z>SSUe=PD($$|9fZp{-7aaC1?$!BwsgR3)jAYFi!OaRQaIvnWYB&Aj_)HE5PZElE8W z#Qbr_?PWDt^of-;p05!+R2d)nQ&zHZqFko8w{hQJRvD*W_Jv#H1)FED*szuzvwo zm2z-#V%E;DS~Z42&Qoh=nN`-)LEeji4R-PAYVTr#hDO8B3`2XdIj0o1&6q;V<0He0 z1`rdB9g7NcxhtC6odRe$rrc6E0U}yM9Hvio)A4vobCIJCE?)N`lX8{2@HuYsnJ!~! zJ`U@fN6tA@h$-)tw!vN=4i0lC56%*uxPO=y>f)E?w3O8p`8aFlH!oxGzz_>p!|Xyk zk%CvzE;HLnwf#B1)_4WRCPi(W%nh|h?$RZQm*lLL##0nOzjl@84u(9P@+5S^wtR%V ztn}1IJ$ID0($-{uVEcY};&As8vfF~wZkP3%D|@5V*(rn9xEnF5)nt98Eq0rKQZTrhW;h94lyQA9$(=)s=f3TX>^2j$Nq*Jc0f(wa>=i&hYQFN*o>0_IVL+H+4U@!1xidj%k0sc*rdQZ3iyi)E5?G2KlQxJZ|R5 zlNKVsKUk8@tRG0IMLQ|pt#;UrBa2o2ee}zbyBUtoU={6TkD`38Tvxz{-NofGn{zl( zm&bE`RJ|_)fq>U+Rzbo-L`2|FA#8DlYY9hYBctsRHrCxUyR9+1D97t#DXTeUYv%Xx z)>by|CdjNC>&24NZ$mR9RXtyivGM#L6KJ&RUVKY7yk z?LTQM+WLy^j5i8f%)bSws64AH%B=jU<`#xl^5zld9Ue_<2JyT)+P!}b0RGNbp4*$?;~$&x6k>%mq`E+UPV+6I>%|3aymaWGw8_~m z6{lA)Bv|&~mK>Tp;5-_xl^39B24oOkvIUD4D|NEq3~S>G%Q5+>hGI$@wK^T@`Iimn z_A!w)n|wH+QHD|{{|>uu-}>dapW~-uXlOX|&M&f3Ho-IF@j}Gi+S~cd&H^?KNhmH| zS9o#B$sDa@%8rY6Ese{@vWg~q_-Ui*+-D5mq2~2p)hP9NeILU7 zR76D&BfPk>w$R&cCMS%E|~5)k^t~gewA~gw04|)V&fbZH{Nd zpRQlsyX1OOK8~*g*#^xX2UY4HW0tl)l&jkcoqJ!*7*(t(tRfZaMz5TXB#HXTXe#=ef?Hvh@*~m zmX}|Zl)r&<^{x|s62#=nrYfBJ;dq7H>1YW0HTdSh@=H5oqVBxHORyA_XPeCEan~OOAFKauP zf-SyByUj54JaD#InLG~L;$W5hxkqg-`7GX#D3wyUTP`~nuQ8b$D#rA0FVLcm%UAk| z%A4Ib4hyf_u;UDW`+07ihZ?X0Tpj&qZ9;sGmvSGy4Ruu3k{UW}bYl*v*q_{(Gg@xR zcm-MM=Fj(Ej5+l9mMp2GoM?ol4NVYTllt7Ah=D(5FZIMRsUIUT(UyJgQAk>M0>n-o zn!bhy-Y}0gzqy@k$@WpOVpIR|P2R>iF0l|0vv53&up{-o4Ays#zYb!KYI<`mcUXm1 zn;;bLw-e{2FK{U%{iVs}@)y4CtB4BUFOMySyiY{);ki;~9%PL+uR<}1FPUFgYra?Q zTqWUgU@bEklywo8E5h3sX#D%5M#R=SD0IE_E^6w z?3B05YIA=NNvq>;6kH$vkQp{P%CC++tGdqiU`c-e^z!@qVUYQ~N`kTFhMkM}(< zB0_EDJMN|h$QafJ@Fk+tJyRFue;cNm6w%%GE*R4B_qZcDa`u zY8`IBc~B0BTt%vXWPNwbWmf)%-odjG4VLz5aWc|fl96`FUN6ofOG zfyMTv*~;z3F3qZ3_{HZ>Q`^4BCtG7J+|tRSFMmMbHSESs5PW6Pu6XO_$T>5xX z0oVE>nfgSg{lS-mxl(YXP%l-Jv5i0y8R=5k`ao{rWg+`l;w;?*ZjRE!}smY z7W-Exs^$sH<^U78NVIKc^TTa2)O;2h?l?opjlx^eA|yd~Usk~9OvQO-)A!ECKFJyj zT=c7;7b1ZvBy~(iDqKx_o=NQ1wkuRtXDI~|^ggtu)HbTr82%M@mR25G{==1M4q5F~ zd5$8BEg7rGIZhAj{A726dCH*gkn0`D^^$H^7Z=qG@u0oU`EIa5a0nG!$EEJ`vZH`c zUdRBKb}4nCd|{2VAG|&KEHI6XeM#=N#p|u_L{PBQZ9!=oLXS8iTB(vo8HJD zY1U~lc1@(A&Gw_s(m!PBG57e!d_?cO6Z+p(hE`i>tmsFe{z zNvt+>MN)YsbepHK%J|{E!QwBLjv?J z^G+-W$&cyYolT%#3|h9&{iMgY^90BR$HgkH%!v6sIdcNVgc?sCKWyHANP2KLJV&xX zmOEen5ZW$j{?=~K-YZjA(C_djY-ud_zEFJ)oXuXQ>7^vd=Qv^|{YfY@Py2VP=hbFS zKW|&lViLan@}<%_mJ2UnkB^hj$$O(AXthm%C%>2;ukw3rS!GetUH}ng5j$!-dLS6J z<=y!O$2CxH^z`xSVlP78^m@F{@ynTlI(`yT_oNMQZurZG;G-9*(CzIzpFK{M_u17| zimYFCz+~~N&rLiGEKIeh_)y1a4Q&1#GW!{4IV98}j>eK>gYk6NAI!{`ly9G&maw7M zhq?N-y#8fAObZF`g^hE;sCj*|7|&Q#Q)8niF1tZrT+0p7+!TJ$d^1N}>XyU8<#4xi z`zSi`(4gdLk8-(u9^ng4E&php#u=y<0xOHQ4K}VpA7<0`*O+Ut>hhBv6Y<@HSi)J` zqv%sLOoautOcV*vgN+WZb1Vjkb3Z>PIx16;6j6ZvBAq&@^XcO^U4P8gy^|~Y z+(g=3ZBNcUnOi0xy}0WhDEYqHU|_})&dpYAguY8vaR%Qu3Ln?^S;Ly*-g8~dtWTvG zfe?(e$AOn!)(V|7R2~V%Hec-dT=zwLYJVlbmJ)iv7beepMn2-e%}v}NRMq{FCMaN| zqVMDSL#7}`hQ&7t#9sggDW9P3sQ3aC49b1<5L^;WorbD9xKaW(egJ;|pjI+tSp0Qp zE{}!s4FA4<%wSh-48V_Hymrr1q`-5uR#Jg{jIWHv!2ng)(?Z~0yy1SG^kv$8{ z?QPrp`<@44UHQp}{**r_n3(2bkm_BqDm6y&TMnk+c@C2isCcbmJO!uQDHsW&UH06Dn`SqICR`D<`g(}LV zn=BS;54J7oO)>pkw9>X&PEF4Ad8M$HrOnNg*PV4ALP=|`R_U``K_Sf=JLmYcvQdxJ zd2(yFTQf5HLfgf=R~*WuUdugHZaAEiX$49%C^vidOi?hfPtXzkq6C0S{RmZ!5YPx`Pl^wHhg{zN;4`yyjo2DcC;|=P% zOui&4rWH&3twj{&p#n-)vqDAZZAJrEpE>+`mnRiVYXf2Q!;1^bCF*i-7k|~7>8HC1 zcwRXuOy)jj5T~VIo^%!Wv8p2ObBJ`YDdBnS-<%GYo8%4j6PLjUcw~y+VNpSuXoRdZ zI@%~QZ5thix8!E~xBGUEV7)n#Kk(FR#_jrDPu~tHPrH#{!`FWk<_;1dR8=sm`~>(n zm%nKAS6eP`7qBIwb=wov_>3tdcgc|L?*si$AG&%9C$QQ)iWxT^!iHv?9u~)D5j0x% zPj9!T)P+VEA(YYQsY=oEm`%%{5*CJCL4sKet&+rN83Q!g%63`+<+_-)!JD_*7A0y}8OKHT@a!KIk^@R2lXC_7cbCik2J@d|iolvQ@!8)yACB{8Epj zeLdbQ33z0J6e+aGi`MDWklXXcF}rb zTtE?dBK+#p@a6Pvpwu4Z7=|8=Uoc4dtAw%E)E%uU>FJYDAi{60)#YuVG-4ZDLr0G` zVTkRIdmT$G}=t^#88LC8^8!qK~{F#t@3+4Eeb?u zAO6Z+J4kYU2W<{^0a34>v6rFGcrHI*4DZG5*sYWqwEryB_kRHji6AlkG@WA9_gKU0 z$<91ZTr~1t?UQ~Zo=!^6S<0lM%+i6YzJWEX#J1G?V{g}u10FiC?P6Zbe?bg%` zm#$8f-z7kDze@TRI@UKw)7H8H^V}1b1n{dZW%=D!S{Yss+K--7n3b#6d{(fChw(C- zR>U7S&EUQX7}`6}8Df*$yq#j&Dfha$i{-%EJ>EIq*uaM_`(cVqx%vCZNZ^!g-5~Wv z>tUo!edAkstKaH#zD%n0<$;fXY})w68M)Hn-RybM!9)dVlj7wX=^7f6 z{Ap!OstKu~fvR|>vw-u%^g;wBezq7XuXo#56s>IAMyH=!lNpMy9v@1kBr4sjXfRur zL(vpU%F_h{P4L&SRqpHZ0Cm5?o~?fTXs*<>EO|qb$We5Rx7H)kx4*iY;%MZ2Z{LPV ztn634#(g9H?YK_HOfG}}nzC8?@+_~)i{S3nZu%?s+j;?%1UVG@83t9F*`_-dX@48F z4`%hpDRE{G%Gva2&92*}Ugf$=^{>|Eaqow%Og*mJ#sHPh5e}dAeaE{guTfo1L$R^D zmV;FxlUH0iIywhiRSPB-AOmZ%D{oj;O@n?~e<_ zP7?|=nWaWrSv7)fRU^8lRZ$=L#hJ7ZY}4N)s{Ab6Y;FC@R+nnccNZfDWYB2DIiV|1 zvKfK>k3$-e>4Df!6bT)>x+*F_P+5L?0Bb28161FS*Z#D580Lhpf3pyMF6^f-M4ILQ zO;yXE8Q-~F!NmZ7ZHd_X%v~FQErJXRIf_*v-}AZB?*<77?ceoaH!R=Mu~R{>^_{sN zeX|*Su4Wd9R!5Oq(RVx78tJ3~A>AvbDVFr!7q@j& zg>riBTN7hJ6w3f|h>^wZv;E_gqG3bps#{;$3();xFSypl$dKIsrD=SwuP1aqIm(FJ zN(tp`dq1}GwBVFvCv+yq{4UJL`JkT&;0nvdt-~$NGUUfe<$L54fM3LGjK3N! zeCA+`=K~5r)6%Kv0Mv%neHsBzL_Pe+Bw&WR4&NbkjOoZVCVaqb7W2nnVjCrP_0V}Q z?Rut$yRm{Fsz(pyaxCInMqZcfEZzvE1%0nfsjcx*#S{|Qx|3qKW^5s(0foT21nOK9 zNihAq^7TyL7ar+49b-ywJ?+;Q*1IcxO>@5fqn;i#8!k?g>C$wlUGe?w5yoB9KeGDP zEGw(&mSw%?hzJneUMm_H%m>chBBi)T*u|n$ABU-}!z3OPZDG-#cS`ftHE%J z51PL6>zqbMpR#VB@kgp2&dp5SRMt-b-0Y3T%Iaq73omq*gS9qj5GMhA_;Sl*ev>;n zjmYr#74q`wt=jYBi;LpoPDZ0g%1m5uwO?2zo*v5UMy(WO6!3*_ji#U1!VrbGVzi{6 zX3j2Fpp`9JR@{%e`DY-^7o}b`t~oB2J*YCD6K*c|I(O7C^?k7XzDL>hT`Pk=%G+~t zOXK759mj$1n#(ba9S!tHs*Ov$!_IP9@^D~RSMF#m0>x#+cc5Zfi~Rhz%N&tB>gE!` zR3^BUdi#d~enUJ--#N!;P2JZIGdUYcG9k12zjgcSCtV+s56<%~^Yk*dobH#!DiCl5 z(n5Y-^hhPyy$vtQ!+9%oL7x`VlDQVEp2S={m(O*$k^a_XN>_iX8O_OICS0V3FHV;=f0x4dtkPJ5;U)4nZ6V`TB1IUMLpoAKiP_QHnxvHTb3N+%zo7RRe0iOmSfw1v0O>XdzX zUET7&hS*Vgf|d>MsCJ-HbVohq5TSI#KnV5fPUZvD`yJ@JA=vl=D8&vPa=`<)bt-7i z-E;}LTe`~Ss05NoQ0M!@blW={S~{AJ4#B3izDi~1{-&GcXtTEAwYoOZo%E%-9rfOZXpodgG=MCfzUVv zcXyl0`+e^}*YnI=OkH+A)zx*X&e{8{z1G^$tkqG&`}z7>jGO!F3Vig20)HQ+ZYdjs zY=V+1#x@H^nX0skcy#xO)u%{ZeMSiv4sJppx|SD|s@9?2dq#)|`XAa}oF_>a@nltf zo`DpNMRKgf7$#WHxvGk9gwaIme+WjC9{YP7qfz#y&+umwU8|9xC-dwp?yO#|Y%mmB z&C@H)ZI+4_kk6~(@Q)ATe@E>Tn3Y`4Pg}Oaii_1VK0I^MCpr|Wh;WXoTqmc5wd@x^q2a+ws}AA z|GeAM+SDk)$4g6(XFuO&{w2+HFnPo8yX~&9nDJToV!QmPd9kl?0cSU)(JoTI+g@jB zzlZg>O&Oiyk-Kc{HVKryEw9|&=6txs*NGw#t3|V?d;`|J48$}pvIlmI^3@DA{aUDM zkqO=wwx;3=(?ReydQgVHS$P9Iu7?+w6V1l3TdWQ8tRHV@qmqp}3q&b?H7{Zs_u8^X z1$qz9-we+W;i#?BL(#KV{v{ZS%R^%!Q&nf6n9W5O3WFo%T=MPh#2}ql5*HM7@?bqOGs>@Em7V`^E zwAJMra>1bLA$Mu>h6eRM8||tg85yYDe@b=#b9N+YbxJT|4fR@*{IjV%t*@)i_i|}9 zaE&~OXoMZimmh!iQLW6lq-OVlFFl@Ah$w4a=9OJKLsyC%K-SPWNDS6n$9`{58vIsD zB@^?%_pvP+4TNGgNegm?>?Aj`#~N}FOg;wsJxl}5o~A6h(+||g-5+iwBVh>5{C+z5 z(*W%wa=Qmn86atKj$Z4OujRqm8>g@0pBAh=0Mn%HqRHEM0lM9_epfS6ZE)kFC;le(KsXT!l z-@{Nn4RSpjF)l`eqSFA^?ddYRg_?(8c$CbZyJ`S%ewlM+mr~spR+FWk z4&zz)dD1X!Jz6sk+#_Tl8S^eb<4Dm>6?Ff&pZJ6j#8U_aUMyMV2cD9UdR~m106oM< zi*euDhYaEkJAnIjA`gF96ZN<8gZhHaTak?PiZPWZ~*6xk`kk$M?@@_gIp*UVwma?aS8AoD`j7ywNNo?MZm2nQ%1 zG6fDLJ+mtNKg!10*<~h!e7k?x^_Z?Eg8DL)IP>7Q|X#M}DDL0Rx-8d`cp> zP7-cgCbo8V0auT}AP{(2uI=5E^7Yv21fBaz!0 zlAW%Fr!aMa*jPUu&-AU|Z^dfzK9B7+15b?fCuPK-8ul%@eBRHf3y6 zeXnLUXg6E;cl&Gg&=*kl^`*vHg%x{%>se12M|Ey@;8>^2XN9%20$9kaRf2m*wah}C zK?liHlhc^t06X}d%%oxKLqAJPZEEYqd6Vqt>|L)HVSNcTp*uOxJ!oCB$9dNHn)vp- zV4O%j=?0}=Nrx{xiA6(Q&%2Y_&8Gv>2&7^`7aq`+mcB;q-VdYc*Gz*nzH%M;qS_C6 za4kXBw7`bBu(-;~xU{kU5pXVbRAnNp(P6$qiH%WG$kfyMY|N3qFei3%d2~RLlaYfS zFCPk+mr{+z*8EeKCk69CNwbPLJrcn*3;6sysTJG)= zqyr??UQ?V4bk0Gc!Be;l&ZA$*Q3*p^uC4z3tY}JiWif(u`BPgp$aCAjgiPkj`~8RM zRcx;Dla)$Tmc+7U^WMA5Ei%WC8Q~qBETFw_5NF3pp!gYMu{riIPBAMwJIJGUT(N|?9j|I z6MSAU*4mLM1829OHfCO)+)xlIC+WtSi%b-uo4>_evKHzlTFpgZ-@^* zRfUTDh9gI|csLHvi~4)rjk=vaR)KvXyDBL$bZXK+ccJrx1^(onn1I(I&mCiNkL5Ho z)qo*X_zUK*?sBEL#cSqb{lf2l-1YBrB|e@aotA$ptY0`Ghlyh>);C|TfY!N+?Z)~5 zK^2VErw$1V9@>*%V930YlW|hstW@>MI0*DZ?)+wG_R7Qq(s4& z$Mtrmde9ib zwx_RSS8b(mbBnvPyF!^(7_DT}vzqk!^!Yxl9pG>7L&=cSDIRZf`;09u<5iZbN_9YhUonquxFs z<-ZbNgMv?mGb#@Ew0qpO`e8IFIndP5O)B_O0?oy_MyC>-co*Kq0Nw(^uay$%+p$lZ zO1Dd>%s=4~_M-FTuPufek?T>G>QPzbw!8Uab*rvYGdYzYtZl#0bkCQidHFqH=bJIT ze~sXcx!u0g7YK_2V@3go%z2r|IrRsBaIl|1(@UOgU9{c|JC31$=+Cv%X=fxO);6Vt zPJ~-uvA_k;w6@O0W=Anse`io00Ws8nk5NzE)Xa4Db0h(2KD$i98TtQ5^kFj-laL8Z zd0OmWpR1()*Z6N6j5X2nA3E}22bpL-2D-wFh|B-T8)3!Ku~jYB|M7?uLgGLCuW|;^ z#ZZL&KUL2B|BZ`G3WA4+mynbsAptyZadQ6&`75u)VRfuHztYaqO^#k4uN*&9r+1fY zlr?Sp#23yVz{?B*!KLYk8R_wKp9y{1I2-Ha_ymy23U&h8;#K(n2)OEjrc{jg_gnFA z4`Oe7=S~U=sN$H{u)uKkPXc_>^MpT>j(`jSkeO6I|Gl4!`I#5k2_vajf5Mr@pOg36 zv(O%^Q26z$JabL8pBG#&M22h7`~hAD43(B?w2eo&G&^$>hXDGYOV!LAxOd+VaJ(*x zJz2d`2n9V41=+vPKCl4ZGNuUHziOqDL0Kj0P2)i2YqYdj)~v5l23 z)3VFehuaMehWe#d5h^Q4mWnRgS6UsdJQl7?>IfrHXg=JOX!@?VR9c=L`inaUrnU3|u5*qwC7?GaCzJ_Z8=n0PTGL(zH2WDUWW;XvqHKZ}|&{N>l_ z7~-(tw%i}k(_Z<|bmf?R-+7+J3;6$D-?v|oM=#OryHm>g`t~EWu&XiRQamE?mWx99 zK8Ic8!Rb&Z17rn2w-Bn}mPjELFv4Y$kQvO!Z z!Zw)F-vm!xScJ7nh&3DfmqHE&*F)#$=Sxc&TX2hp?m*6jKYsq4nwXf`IzuHj0KRcH zEF4--%gf8Vyu3WySPAYh`k`iHXIJr&x=^}DR!~UD?mdjqf@vLiXJBp)H%3cCqp`Ue zc$&8OR+M!$H8u71*q81e9u77_%&Fz=?RxadGh5403tXHum3SguO(pZTGBPq1<>dtm zI+}a3=mkzWxw#QEM3)~dhf*>13E9}$)sBSUy)%DDTy~8C`)(>O4xK$+J{D-K;{d5} z4%^+ed2P*Glu6G8wF*|K_H09Sy@?zUH4&Zxj8xR<0!le$`HR` zkeJUUEe8jOfWX6IgB9Qr22o^UVnRVd;Z$&VMObnnMYl3H-{uu_k@&K-^m%`=;BwRb zyzr@+Z73cFayAXWX#ZZMi%2J^l;v^5HSQbM|dseoS;%va~QM%2@^rIK!$~u(F9z67Vf0Z$aL~wUjubS z_9t@MnLxg^nVCe8DCb&nhSq@{V~5Qj7)Q#tl%558ML(-x9J;Hj(B3ByNA&%wu11eT zkdZ-)MU1;WyY#Y!FzQfO3TW=(){55VIk}8L74t%TT6-i0zJ!N&ta@NIBH~BybbL`! z4GRmK3}7M+@9XQUT`)cacjMsTOnZqdO5CWm!^CYqJoxON9}um@0xJdJ#syeVHF@0F z%SM7w*jU-_(9!dAGV!7Y9_Ub~z|(k7Z0*46^fYDkk?sd8o11q`@dUTk|Xe-JrDjLCQfQ#DRVV7H5(hIAAQ9>mX`GT?BE?s zU0otnr`EL4w4~%@m<5Ds>Vk#P&A)$50Kd^g(gxy{YZ?ORJC1L3u>tG7((fH%I-k%=dq zduVXb)XdDpkdd^*V$6ao1tXR~Fubgc36d%$C8ct2_gHa8(Bl3rCMJAL&Y2ui`1aT6 z83iKfyJQJa=-Br+T{FuQ?oc%7Ng>YR-EzU{>FH*srW+d}qmd~35Uk0(+rY)!dnih> zLo{>)CnqO<)cv^$6$F8I3MxkY9qQ5rZuMdAG17l?$2NJvZ^`psAK4Q7!N3pt!Q6egY-jToTJu6fyn z)%w;36(WSq!z@G?zzanm#%-(*4odUy0-vp-4Lzqti$w)vWFo;Z`la5ax zh--r1_cAu7CnaI)$T>N2WQci$D=RC9m8;4>I|ly>MXxF@9%zjc=Of3$sw>7=N1B92 z1uJiMZ;Ip1eViU zA>*n7x3KD`RgU6dU~(0t1E%eRy2*eV^tkyLTACqau2hE^#*U4V4ZyGG)Pc8hZ0-jD zkvV4%>{!HVr5k+clIo}my+uX!fe-&iH_Hb7JiUrSuj;dlpPuLQB>7#38IA=|uNJ@} zrQM7R6?i%80Mb-Y`x897i&m-bU}m!ME?`S$!Fg*54!Q3Co!;5CFh{KDtYI%J^~=!- z#ku~+8J|pk@S`At^|_QMdJ9+XK_3hW;s=B(6~+x*B@bEWw$Lu@Hd_8Z)kV;uJ;H%r z8_B0g^(-1PxnOpPk2K?YB6MFZWeagIlC_tW@}=4rZKeJq`+Pd4-|a@2+1-O776HI0*{5b_7+x? zB@!SOj*>ellCL!&B5cDJTuFX0CW$P0aWTBG715IHc zlaGZZY24_dzc=f1>%@FGoDwL>=CM-JD#?~|u5ylpQbiX*OCXq$jY-(~UPxL$`b1{= zw(7MmHDL;+a2+OgANDVKTse_hdSHzTAf>m^k;RFi`3?3kcWtxN5*RSXuYVmk zt{)v8wZ@d73jbLutro41)XZoSh;&n^)ZORYc0=(Dl^PdgQbaW7f}-<2 zwPJc`!XWU75A9@qecJo*#~G9XKY!A{ZU?bT zfCz96#+mo{^SqFCN#0l#Q}$M*#^@(9)YbJOLF6JX$b#=z1pNvVvKE|D-SNP`JZ=c0 zYbw_}91hBV33I!T-+wDFXN7uR`^vR>G(lQ?cS_|L&5oxo@lg2?tzEO;UuV9Pb$Lk3I4syiue|uQB+-MvU!<$7Ej#nfAYo8;_l_%%bDEddjstGmntFn22j`X=c~T- zLCdmrXMejMzV~yu(l_vg(#=6{udD4|$p{I0d%L@iD=mpRQL!Nbq4L~6jiD688GmBZ zE9H0}&Xr+ywD>*WyEF-oKFDTCX@v~O@M)Jvtgm6gE`IxJSBMpA(7axufNV@mMTB-E z+q2jqtN6((5`#jCV)(N}-o!5PU2HPuPT7bK;$!2W^57@K-q&}g{fOm>hjp4>U1vnF zE^WEb-mqiGE3L_|JhyNt__YMw;roUdwKPeZIE!2ZKV*|t5Ep8Utfml~is7h*<{=Wb zoI;rG93K0G5jvL}Jz*V*&9yVQfHRw(vNzh>eW*b!X9z=-KWW6`3ui)?i-gMlYtnt}IjmlV9X{8rOobBOQwY}ztMd! z!Rw#(M?Js0(^y+tu(BysO!G9CoHJ?@e3DJhw~*R!-T0miRD^~t_{^U|FClpSTf$Ns zQtx4pR3!w-{|eAcX(lb08m5t7VVm;4&{A2>MNJo^ptQ8s8@o_i{|;BIWf38R}aTR7oPFNhU;5?su_#3TG2VfBGWS@n#{!}R>%4`T z9^9FowSo+t(GJTs%kbX%%gE~(=z_X;3|LKVzFpQ9nxU;A*K4fb%5)!y+t= zk4{6&LZPVk?suM@rZy?d23=#KKeyv|gD@_!R=`M5Hv*I|D-F2L)N z3+=6Nnv%7&-LKsG z-!-REUASY#5&2SRu0DNTJVrWVls;_OQCEs75}ij(x6h|)tD{f}(N7LYKM8M9`1*sa z36g+hA$X~n1WowlHd5ge4jJ9bnMTk2von@18NeRZ1kCsnCiyg<2;AEt@v=)h*86l7e_VAM~4R zR#$^@tGEv}w9Q-zrmd*dm)7Qj!b~jl9j2p$WCAaOlt`vUH!R9*_vV?#|XJu2JD>zic#{ zpSVAbrm}Qi=OA1-gi0cE$P)5jpfzuYTOz3_uL=#0);d&1@%bpnUwb&89bc~ zg17v)8q!|u!_sHjitEkda>ZIP^+RhI-~0IZu%eANJfC|c;sxys_*rLY6Ua67b1M8H6S2~F&&cc@+Gj%v zI$P_c71K5NE^3!N+3-o1e=~W?Ia-|S>EYo45}r&6hScb~pprHZ)h+JU!pk2FC(_uj z7)bVm#2GRbzl`)+sX$2+!*ZILQyzaY*UG^GAMoILCtUokQ(zaO$wbZOy~!L^ddPl& z&Cp|g<8MmVFO<@4)!1T3!$umRjj9$V(Kh3t!TJUxRp13R?rXxg>9MJWZJ&(`o*SBw zcr!{0#Qzt*lPxDlaz)z@H;XFu_~adnbiUOXqNK;$+A=8R|1#epPO&Cgw1ja-lPH(!EP5(+Ul3s(&%K(1zw6z*+G zk^a$*T2xO0QNez1o5jVMN?$GZT#ozWXGvOW2{wbalt8CSLC-OKAAlxgMCGt(r<=V%{)BA&o)A`;#KAgk0c$0y>7!5i zj1RJ;BBdGwoU^x0aNRX^FcAll+8_8uye2ewa%jFLx=2e3WU>v0Y--||D;8{|ff@R0CdBYg3AWGaVhZx5-_xGk^H}FGVP_mhT=}){ zczPK)<5gcp1&sS!8Q=0A4k~vjG5C`bl^&JS0MP8zu-~}-=qCa`H^0%^iy~|uSsr0bU<62F^O){ zio)je3B;li&d`tvgIuJh@1g6mD1%Jk+?sWkSHyZC%@eaKi{4i=YCX7}F2* z60oGs)^)4;>n&w)8P1;6v$-S#++Qr{z*-E&P39iQ&9V03{v3XW~RkY$DGZT6^ z6r7>qP>Ilsr0WLI?uWnVWIQI5-z@-AM~i{)-Qz^k*2B+)GRAQ!7OjblW=xAQx=Rn8 z$?(4{+CD!RpjIGr9hSe-W^jI{tT62)e*Zh>ghBSp?yV=1mlrNViiSatl=WapN>1 zX*woM7W#EQyQ9~9Hm=v<-#eG7V6F9QPZ0hyh{C32af|`{cCnjOx(4dohZH0Jp~A*; zK{UA-l(zf;j|0n@4a*&-BWW*z|God~M@XbWI9jmY2g02kovF1!%c)73hJMk!zf$(7 z_7xx3R5D`|hQ~xd)<-aYS9DBt8i39aO(47E=Z$i=&;0#U`6qNgke7af&MH>2PLqa& zEe;T&z=-EZ7LZDqtAT#gdHSxQT*q!GeOXEd?Ut=|`x0+RT{z)bQ$%16PSQoJd~eQS zfa9#4sFgBlo0b)%;Ev*?u9U+c2!nikq4y8OrnDn^h9)F|M>$Vk<5urk7S> zQX<#;VXk^B$|RR!BZp49x$Ci~3GvaHK4YG!s=^;`4I*HWAHQe#+7sj)?{l>q@s2v! ztUCjQ&Z(G^{5<2TRkP3L!}frtK3LAMh0&c`2=IuNc^0T1`g#@YGOj}k2%sdfm7P&e z(`i|YS)s;15Ml{%anS~bb>|1qyPx(XM*+U-1%M8WDBOOY^pDK{01y}3E91dQlqLMEb z7#wyFgMz6ZiETfuHu0#5$k8iD)w!FL&yOmfml`J$HQ2xHxLQwfFc9R64Mq)dO`~n& ztArkp@ZH9T8KQ$|ChEbmc%ps(eX`u_11ocw9$#*lSA7vV9RlZUuma!Ez&j+Q9h}hH z!FiCQo`(zO(!GcbNKTL!g7xY6x_}j)sVjlZ(d)ihrVV=8K2i9{y5=n3wBgNzRu>v| zM5j=fs*uB<_{uZG`kWvYZorCYY)sYgUH3SJ^J!cNeY_pAQA-GqG!KtE7;07jC&{dE zSsb*LAI@*8^i}LbNl#o<)V@^)2R{D{$;1i)RL*!bqDw!r(z)9oT(nDR!v&8!BxHfb zz8@gzb!-s{!4xS>aD{eFNxuD2W6t$#df^)!Co^uRpu=e>kRCr6U*A&|4WdnCV!o=f zXSw#&r&7d_M>f>;Dh&~+2aV)NnTO$mMrJOM;eob%-&15kHxK? z#g7w-dj7p<;)&bI&EgO6+>JM$clEl8Gidzsyt_E-XHm#BcRYNN?2WZ|gBB}vd%Sld zITS;|?Mphf*7*h^`(?Sc>m#2w0DXTsf7Caq^dqt(Vr#pMM=|Q{9R!HgzdSrx7M#qP zGk?qS?55NQc$Qu1|BKYKf3he#Qj&2yFE02d0|HKpPTy3ly8HGYse=Wmvd$oNVU$vs zm8GS|-3-`ucT*W$Vf(TssCv*{O%Sz z9P;}{${wLP!Vy$H9G$~M-lNs?oxb97FbZ(`zrccAQhihc&a>; zaKXdaYlK-R5d@gv#waKv=u6RO*Q|vZoY_Rq98f$>Oc{QVD%vbn@P%L!OpN5`!B3f9 zYNY`7;l-esrJ=8%v-s{aWFQQ*ib8TbZ4&H#AZ&&jI4?vP!kaz5M07lcXbe_q;d+qE7-FsEtW9yA-2N&dFgadt zQSyBjD)`_?3!Ko2HP$fW1Y1@4v%h^bnPQAH@nM zq0FhBA^tBz*5T%$57zZ{r(~TyXT>`|F>i~}T=aD&*@gB~>pjxxxH!6(jgtpOt&3t_ zZ;OrFD?{@?$8o>jBL9xmg~;~NO`8zY{@FxA4BiMY{aP*m`fFPK`9QxeGw6-)MKC2Wr&b+Cu52xH&G8o>?vNf?;O-kirS8PUe%haJ%8($AUua#j*Z z;;BA`!uq{k0Z+rue~}GLeh|h6f7nYdArx?>Wg+Vs1eFaY=*}Fw)583qV?`dl;JR(` zu0v&15a)o-kW$pnjH~s4*NJ*IuZVRMp5=s(UdR4p_yH6N@YDMC-Uw+mzEZh<*=BB= z% zqFT~}&>2jWCdg4(9HtAhfzYIHld13GETeim-^mLXlZ?}ofYj3RWcaW#i)6k2I)v5X z#F;@UNPGy)iCI{^>;R%%vfV7d4VNEw%~oemIpgiL5~|3@*8#LyqT4xKMC0+X@h`9` zG8wF%{2g&_$nD6+hw76`3a+wLT`~Zo(D!(AG$r~3Bg{orcqVujCI>R3NW(s)Ui5j+ zpV>^)6@X0*dxQNxt6&-#Ih1b?x*fp=_Y@~jD&(?4<=7`{M~a>!Hl*FKs$@o4+UjHj z;c0XvGNT6*XbDnMQxV)F8vYA%2i;@sPA<_!l14})5ys^&81p!wPgUR|OG6u!LyMq9 zNCl8LJz4D{=&3BR({;{-N$@N-bX`s987p$+moU&Sc@)_9Vou?nlZTL2&$^!2S>mLy zQZ1>e-V+JBGakYflBZf44^Pnr>nfsh(pG{)izg_9T|U#l0Ek$nV@IN(@MMB+Lmh*P zgsTFrm1?B3jF|2WZP&<6^a7SttHM&gAzZezY*^>Ggi%46DDnm*h|m}^CLyp|l-wfM z0?S-!*h!3IBB_tEb{(4Qz-C3in)m;_&#L!~zS z#Xx~F=qJhKeP;!f#Y&6^&8CP{_DOR4BOAD32c>EU+C#54U@FrS9xzXPCwqM^v6jS7 zXC2g1hB5h^W?6lcR)U%02#9(6wBpcQ*aDNL&IL*NH3(Jqr8%Gpw{RW_?X@&|%%bGQ zC%A3@SSsg(hPt;8r9d#Pn0{OW%9oN6g!+hLg<_jYeDxrga^nX~PaO{3T-ZNzLjday ze_vpasyy6h`-fc^7Yt*th_I;c5CFwEDCdut3tk+cNMd$=TJH`#J$m!&;S1c`{aden z{|4e|17PI8Snd3>oY_Q&1QwrkFkGQ^<*_B1WqD)1d_$pNt*ya)l8zz73d-qaxxBg> zar)}+b+%>^FTA$XofoMC`pr$1&6><8i!UL856k(4(+XFZhI}1K<(!_IIxOD+>*(sT z7PvEtXDGu^QBi^Q&0Y+bn;PDAf0}9uwebBHr9458Z+w@OY{`36my3h@?;XK}i{!ph zc_Djv;15BZh)yQfpAZG71Qy}T`J0%@EPn_O$I0`RPSM#|J36w9pze}|PuBrAL62KQ zV>Wnv98DM!Ww{|d`3aa4F<;0azF}n63GQr&#!K5C_c{|Y{3U6DWCABNM7V;4zxVMm$0C|y+^WC6S)_`*@M#-ng_hwVrU>%G* z`7{*z*#wOzgNe)mKYGg!+EMn|ygtt# z>o}$}k}y&9z)3Bvv%nuAx=L$>Z}O3kJlsL9ImnxOV(#=dK_%Iv9enSJ=OwZ^q?=!1 zuEpd*L$7`AwKk^I{@H=tcJ?2}ElURtc2f!_oP%*td)32z|45Zy`5q7lWmvDk`*F)a z1k$1*_(qEGbjHEhIzTjA`djWPFl)Jj2LHX$(4RtP(^!6sPDh+NpI+E2#;&qL(H}j;AL!Vl8 zm}E1&4yS|g38EuP7z=Y;;A*}$Oo38~%(zi{egVadG}c1&FR@R3bk!tF{k`U&I=;FJ zj(p!;tSznc%m}?Fcn7sKB<1t|74D%!33a%+=wEs;iM*0QA^M?(D>70H4TVKQ@n1Lk=<2ismA zA*sm%_d@1_g0D`~HR+HsK4N*LMJ2%#%-SdQjKnG`_8(&Qu2I{;d2VUk^juWeyqV3YnGYK?F*MlQLT&j@vy zc^fB=1(zY}Z?cofd2%AMPQl~8onm;?ypA+n z(A9vO_>~!ntoLb!3_7OZd&^^fev#jeaN#1jw?!nlhpAw?2c?-Df0Te922(Xk=NfZy zvnza@Fee}QLcaX|+0gIiaGuKQ2ze)iy^?ZCwz>ciL%L7*83(12(@NUI*Uc z{dTZwV^e^d5~{9z%s~*qGO)Vrpp#ECmo3_+$+u2|LD~x4f85$Pn{ZrKNORYN@?{P> zF~2EK5A^JuSD#ozI{D!K5>xt4b?wBbWb~>teLEGFFQ@2tn#C(MAIak7&Y0{wNxRtC z*wR0Ni>rnOkreXQINy&@FDx##{4Z^XeGN)zDAq$nwfs7-=SI4&g@sXOJf^PemRO4H zg6idZ={_z@P05RjI=i3fEF@K57o$^_|5VN=@4EbhLb3e06g1<=CuH>oVz0CujM^*}M4&Z>J^(fwGF z|MtB15Vc>tJs3*@SS5`-xTi9NE3w09rWS&TNc6Ph} z!{u6csW3zZRr~aLHAPsfAiA9EN{O`0x_ae~k`B!wf+JC2gYE%7xb2-Xj z0J+!G)?Qdz`UZcB`9HtU70~eS>TddD!SL)H95w&*@f?>$Up_N%H-ho!c>9l!kGHqC zKmYwZ>LfwSd!*VShR0IC545bxF7TPZ;u#M84efvb;lW-IObl`6JG04ezetF)vg#du zysytxHD8=xXYu~++0%Gj{$A_S6&LH`<=y>vJhJ}>wBIUGFsgS|lq`aVn1TLnbBZe# zVsnLGE`J?)ov!J1xGJ7rFKS{?SZexJ|DR!oR{^=Lu(lc)>T3G$EcF2Hs0NJXf!C$= zkDH5E5&DK5{>9aWRKl9;)6VVJrxzXSk#V^#zAu*gueBw+y#w-*@c=A%`uvN8uV%eP z^QDx2uG@EuKJ{uc$4^Cqh|Z%HoK{W znXUKst5}V87xQ)v_^gXveiTEsbvS$u>x*+M`l^~D9+S@x@@X{gHs^L{XnLI{JlM@8 z)s7EYH(Ni)A+2ZNOI{M`m@z=I#T-j25a@c}61D7kvfBAJJ*#P_Opp`rx0BelwG^Ap zxK_dE_+>0>sf`Qg=c$&ecgIx1WpZ%Yy0`rP=ULAnYTea*ZH`AwGy^fd;NAOLQP^7xN?TW&I`ZKwPMoznm`{i8b z0E>2!M+Jq5pwHvDAC0SH%1ViZl;+J>msUS?Qi;XtykDU2|L(9jVUXaxC9l#jT!w+9M~)#4PJ@Oa%tTyh0|g6YzE+ZX8C&4=UvNo90CIFtvdJEaj7!m^M>uL?d|Pt%blz@3OcTS)Ll_vtG5J>-DY0lGX<;r&&~6V z8@9OLelG^9a2MgZes>sTJg<|he!BB{NB?IbSl|d|si08G6mjZp)Fo*;%@Fi^?VuZT zqgOpmJP(I&yi@8VN7s>B~o^5Pg5QF|)<-kUsU_M_rN+=X|v_lsf-u zVe&1EfLBdbS5wc3!jbnqucn6P1&{t8zIU!fqCcw2s#ush{kHy`AmHHvkV>g(_~{{9 zc0!BA9feBlR_}l*?A84E`t+fFYx$w&2pKsO3r9^^MbWvc!^x_j#e!4X3VWyC&ACZ3 z#akEDP+wM7(yZDpX^{5=kv0$>J|SB>Ia$fu+u21|OMRpj7em>26~uhMRWi=+e*95i z&Go0d^<+59LiG?GIr)p71Uf?%gKy~m1u>k2Bp6~ z-QqoPh_&UaoG0qGXSfK=ZfV5~Zm)~_rMCSmbBy@F|Ge*)vU^uR6g3(>XIsBy>%JiA z-i)KCP8y)Z1OEe15#q^>ntWG*K?Y`|H|v?kYJ-!ypEqj%zj>Re{0=A+JyxwhR#DuC zP~7hrz3v#j%p1LA2VFTeH8n}!0r9bK0}lv^HTT{CPHVG^Sz1}C-(;_AW@hFtf@p1P zyHsn^2Y}^8c0Ob)t!`E`-=$bb_8%3YXD$I^UR+$VnR(7`E z!Ig2a(yh4;wOI4#&!2s{4~CRRjX_X3+1XF)Z%;vQv*}&$T(^gvo|>GFWI^g(j;n%N zM0*)Kn|+ZrGwDmq%Px7^4G-Ms1a2C~VSes6n1buci3l)-%K=e%J=~}aZGre!-okBx z@aQlz0~<7_o(ohwgYgCf!t=>YZA$OxMr`xlYsUejqc{q&wfT>?4!$9KH3>f~2xpe__uembyBf!}E=#;X; z&m=;@^sYmX*D?6I&GY25J6lZ{37;c?_SaQcv$wtWOOQ*8ayhQ>OXJExHnb~sxVDIZ zO3Bp7h;D~B7cbCUD3NZPNFR73?v585bg`nIHvmKlNMMSf=S$T!G;kSM8l4a4n21@K zn2_iU3Y7u_UsIUWfpm%pFW{bP2BY&G(0*~cI4|(#!&E$}0JrTNo#{RCro~Vk*>%n$LZdt3hkXI&Q;aCN(9SVoS zDSA~O^cEPmO^x!!yvN5D-fPk8Y}c$O}QRL1vwL!7bj3Lvi;b^7v7 zhLLQ*n9M}Hzd+`9-uPf0`-+jYo>|D}>s7SoxNDr}+iuk6uL_|pE zY>Gd_Msrb*ZUO`)ZxlLKSazEb#tGu%k>7@N$2TA0+lFE|4V6yUI!U~e=40cz#=ZGB z%LrKqyC_({Fr8x}bHO=WB1R~P>{N1$){)?aG6A$HNjptV&5XaAj(Vt>`{7S?R%za% zK9}a-#obq}YC$g8p?<$5Nbx_-(ko<~oBCiuc^>_#8X=!0UXywxU`N`jWMUofHUFy< zkddfurrZ=Sn@o?joGFAHH8|pFNcf+mvjZB+|L4t2JbwHe$zIoMcka_?fB&Hf3@u^d zyKA&p;d?VU&WnKGC5rzSZEyV+Wz@d?4m~ssE!{Q10Mb3QASFn{&<0WxgES1?At4Qd zC`d~SLxY5Xf*?qDhji`R=Xu}nyZ3SIWB<1Q0AlXB*IL(gouBhut90Y1C+NCt3D>~+ zcvB2nT8&7M8bhUJYkC|(G(8~#LfCND=d_sbdL2l)s=IZ-!{hbqYgN!m46r$*{!WPmMAE?HqOn(Kni?ZQsFGNlFroQdrG*B*WZlW;Vq^n zCIir*4WB^n;@JIwwD+JsF6^(BqIbt*(07F&W;WuL;AHnTvVc1sQRo_%_RbqCTZHRxd zH1iAmr_^<~nkeh8z}WpyWh-lGrktO6GHU4%+*g>i)r35ROgdFX zc8biwbt8>-)fM{cChEgcwR_z-{b=naD; zhPKq~LjCg}CJxxI<8&XEo}}SnX!}O(sV6cy%q;sACTA%9rxyVfgKU}KfjjF(@BhXp z9`HWU|NT2F<|}5@kbN08W9WlIlx6(%V-B`~XPW7H5?y%$XCW(~Q0V zdcD#d;5AGto=bv>fEVEenobmd$W}x@Bc3e%Qxnj>9>U)jivavrUC21*ENu1+ zc-8))Bj;smte?XjpXX~4_%ezPkdZLU59^N3oJkhCpE*8Qsyzw#ULfDfXct{6>W9lq za{GZEs6y-pk$(j0>9q0MLZ{;o!NPKLoJKL$O6wsrTLNn~nX;-ldCM-elwL5dwfgSE zkKdERzRc8Z(dODuHF1zT<%0!CA+(apV72ZxBGi0@d0et#9J%`_?I1ZFJTOo`+ORCq z^$^O7b29q*ko+k$c;=?sWI#xHWRW8Wg%isw$?eN|uyM4=9fslDW(9fP;6dliShvyHe|>Wbhhr+vK+}L&R=eJkL&5B@%t%UAKc*z1_Sa|QY;Zl# z+z{Gumk*+>O-rH!@MZjs3;MqPP7x{vCfq2{rZ?a7^pEc&6`i9qxYxARc{Vy-fJsE> z&+j=>saXUexA}KJg05!12Z|3pz;K2TB3?|`T;U^eo(%ifBy1i6l?Kmy60OWGq+VR8 zmLo?+zsXY@&EIj1(bAb2FNPmff$f~Aqlo?{6{vrTM}mcO@`nj4GkrY~HcU>#nM!)` zfb?#_CS8-3v{nNe4HXtNt;H_)5P3eqQADg1rw?Om%f)LIyLcHHSnIKp$$${_-k;Od z25S{_g9nJ{ipRm<2qJBEcYaklwLKh&u?sBz6ox;6^+t<3x_=|Qao`VrXF zvnxrjBxBJ|^q=z{5kf8!Wnoiy;6w24Tl+~Dp6P^y{Cs<(+$RY%OgfF@%`vb!y|2Ep zSGNF;YhQtk*+y6HM)rg!sfYcg8f;op<}zMz9c9@fl8JDScWiSMZBZQ`baDx1arM1` zA=35v!G@(_G3FNe-WX=aAefc~^Pd#ASi+Gk8;V`xSFiT8Q#>rHgezc00JRGcprQ`X z_=;GsavXh8j0s7P*>5;hQp%64JRDMBA}L9Jy)Z=)QSb20t8UUkELz^jOSlhJ->Bqn zTKSAobX@_H$4%CNzKFO`px|f{Mv@2olR2L*r#Q|OiM!4ZpD6|o-jPQ{2hfW6MDJ!s zEsb$qIE-R;CiUHsJv)>{(}p5RBir8#L)wrYp1EudsINI3akAv5$h&DZf{&c z2JC@+Hzfj(4Xo?%H=|*2cUR$FFXP0~h=uYt5_n=agYCTZ* zrAV!pztl}h+PB9?9Bas?LYVBSSj3)l&lRECg~cj5^^Q}1am5d(3U2{An{p z9`B^zUn^Vw$q59KuA?4d0cl)AD7LP-ViMx$CoDJ zssgNfW!uLRwFVm)p<65$i^Jnym~Udc|HGHblU)rKgn}Fwk&ITItF=bLhZTE{Fhy-d zd3=x&IYNw_AQOjLe#I72OwSxHHrlc-7{VyQVj=2{4f~ud4s(z5sV2_yh4Szq%vl*~ zT1?*%!R83^vP!(@C{uMlpeE4sNI3H0#BEdC0F*!Qe1a zW*P6eaBVS*49K@Fspa%=^zO>nRl~H!L15KDPc=m~o@;z<3J;k6VftBx)}Ae0ZO>o}C{H4pA`|H02hRl!l5@dv90HUO~}Y#=I<(nCcH;)i1%FHr*^N z5mg%G&EQz~l*c)o$GBc;s9#>U1P^B+rtGIPd3BIy(#my8Vi;@KDsQ?PdblY2sJd~{ ze<}nN&|JS_LF?4M<|0-;IK?$f$(URc`r^3SF`T~X1&O9j@0F|~XIdTiJY~vy$YzoS zkJ^VcfD&nFp6s`ikUE(G?LJ#}R_toIwT!l)T_@(>80-huwxlHVthLlxoq3P)C0yqj z3^+d}LsO(zbRB#n3XT-DB;=)7;kBC1x{=sfXXWZ!ncK?p^9VJY~9pF^!qK|`yIaEERouB zVY@z-oWrvuuU`Al3mG41Foqv}II-Lt{#5wgU25e|N6>u)F+CjH{Og<37%Kh&a^G}X z$ji1$1Vs^c>cpgEoV0(q5RwIhAc%`(F{>if#E(MI?WdL1Q5Pb8;cjo??u+&Hm!v;vdR4;zR{wcEYdU`Kg7#2{3VhZdc-p&DjU~`Sf36soxP+>JmSPz(n>2ekkfDjl6zo%pS!2J= zv1Ne2_f?lf?1mmW{&oG}00ysm038SbaSG`_ylKzV%0VsFxi6Z~dgKx7 z{UNU z(E%a8zlt29gEhhfIQUzX2HKHFY?f^5tekAKAh=bIV%-QC*-RF^4qHWBAdig;5k@<_IkNXH9#&?qps<)E#Lpb4x%N?5 zFlkSmc9mlkJEuY+Ts_%WlyN%#t9Vw5$LOIumNsSL1NJ0uyGGcxbKj<5>09b&A7)Wr zuwXyH^>P#hFqy7Bi>ORt??2E?&jo#kfk`z^x| zD==B8QU=}kx!$OG-V))?eg<)MaP##&(KY1g^XOXM)&v38Y6Eb9q}2`dHHyCvxa-pv zDR!$lO1_V}t&w7aOZlm{P2*waUX}i^?KyGvpUZ+Z32L}#JpJqYlkw`kvQn=yD(ArJ{k{<>NgW*n@IR1&16B{5cAu!?!E#LLi zM=hUd$yn4Txt3^!ArU;dYnNq(4U3ha8^kYs_Wa#4cX{v>XhEY?I3$A-t&Q!1U$3nB zbVW$*1IVhy>2KIE0coPd4I-Je4AeemaRy9S>O5Wj+pHTz|5J5gAI^XE10eh5B)6U| zk{S^(;uHCJ)NW5_R~LMleLTJ?EMR(Tuz6hVzZC%;wHqMS-Fr030cWtEujUuKazjbP4 z83cLjxg-<(xMWvP=)t5tLO*eLBgK@|8F$m4hkT$3(*ymWgIK%?m$p6cwV4JV@swsB z0UB{oN=KmM_(--yqPZkUT=$!}!D|uG^(b|Xfi8`#mu96iuv3gU?fu>rxstl7Twr-V z8FpJf@WDA$oD05b6`B!s2?MS%F5aP`LTkdr1i!`Xi_<#dBettokNRLrJa|uEUOZ$m z)TmqtECe=OpC!i&WzSsDL07Ep7qtbGw<_@6;M|jwla+Z}&1HjMAy439+9PS}Re3m0VPhem>7oxUhT`8JmVRy~R& z_b`{-HggPZ*YU=sUz`Ba)z>BP6q~qqg(VW1)VYkX%(y9!Os*XodlhPLm==6#yKVY& zDJ2Akb9B|qOshIoRUa(=Q8UvPpUew@DOFY|YeV|jPQ<#dioXAizl(&lM5f1PfSyFi zj$RQwtW$G@=nA?=FiLqZj&V&P77H=mVzpQ#3r3#ht18tOitP2rIw*GTLhJL|G2?MG z=#%+P(>+D#h2P|jQAOP{n0cnCjn%cWEq2_!*X|$lt3+po|*O`q%d)O5J*q zhPCA&T#ql&6x?TQUbK{3l1rI6P~KqHH!pGf;KQ7S_;&A6i~z;EihXpbK>f)^xX3rD zsx9}G9pE}Dbhnk*$YeAccGwJxx>nr$5V>1Gbdo9<9HN;o{^~)taC*;7wQMnavBNW3 zhH3-n*9eIcR4yqVVr3YDz98*Z-!Gbii;!c#{-vD&VLIsLw-S=WM?ju%ktfDiiUtl0 z+g6%9J0=fa#q5%wHkEW$`b_Ppeu->pH;LH56>DRA5BTwCa~2=8UtPe)6U&mg2M+{73N zf`1pCRJ@~os~kxp+*jF&7s^gP0=p=Hppo+9nVMUlG%;;{B;KYsv!hcWKm~&Hsmj~| z@{oz1u9H|74Q+b~10y2P^~*_r75Kiz;gE7G;AcQ7LJf}U?pt{jS!*6%(hD+VGD_u$ zo@zg<9ifE=Q`#?9By@5GH)~ymh%E;*6r{!p-sOpt9ExCOs%?UjR#8p>f)^^lnlY;K zE2}3lp1p!=x9?N56F2@-&PvDIgeL3%h}{4-jc5Xl%c90yK`%Si+rhWz1d&w%o_B9= zB{bqH0n8Qs_%8`4>IJq)t?q<1U#bAPjdF{!*n1K`qH6~Y-lm~EB{RjB zKUsgVPII1TD?)>xr~ZvHU38z|ItE1NXI3hdT)riZ=qWfi9j1)*$npFbbnk?X?@%(E z8WQ^M=aOj;DBM(33xDgub76r)!;4Z|XfU0f?!sX7Qpu7;Mg8zBo%6t|hBtX7nW5kx zyDEn`8+O*T)K9jnFzxv+Ag2XmSk_hzmsUH(VLD(&th+<5xbcD%pPI||VwlFKSyhVE zn+jduO(a6dL6I%~%C<$=@M4ZDFW{kgqTQ-)4#;sp(n%yA!7@#}P|THxP0PN9{0#)x zxIpf7}Zwu755%w-KI9a9O^Sdd($pVx|49uIAUj zSC}bFC7qjef^%E6O!7U5F%Sncvsb5w#lH6dCx>JI2B>UJo_QwrS6MW}xw{W~O`-wE z_8bv=9aGp%H%nXSs3=cFm=XX^lP`K@N%&J}e|t06<||q`ASF~HMl`gON%GB??`&Fc zG#1|QxJvI}u7qKwZX&h#!emp5By0m#xo|VG5cdIhK>gpy-~ZweC=eYvliT*2vE57x zIX<=}j20WJCos@q!vgvm;$rn9t@{_L?7LAvj`Q4mDs8BHq+E=*U2G$o71Np4#ekYivmc!dLVs1pyd%Wod~Y`Tf6eagiKB(Zb;W*-?=#d33rR%tGGWUMwvBW{4Nx^9=W@{R&LV*>ibX; zI>=l6w6+9P7-+;w)mZaQ)VgOxK&;joj8cCNN)Y3yc?WL)iQ$n!c2TB{tB5E;xvN(B zs8Trn+uF|P&b39Bhh>UG1djgzP^b`Cg4@JwYi9Tm_v|Xi#bXbYyUFzKSZ{p|rGa=n%kJCLFP#?y!rGpjm>PDx}b0nQ{5>9_CW0 z2G_Sbu5ivcen+e0$A^<-ozLP+9=#_f51!%XC1o0##ivYLDR1&2^Fw|4r^6&{a*)5> z+WCzXIz-&iC!Npx9h6(&^1X`CI_?5?q^RE78*HZ?z!;AjP8ql1>0)1wY>GcvB27bd zAA;pNiQS~Od&=|7E8ax(iEN~}RHsY4`mIuxDWc;ho7Yu7*cM&%GjZ>`C)BJS?6ZbS zUSD6gtsL8Z9r7v*$Es7KduRG79L2p2d2ZKCXo{IR*tKCAtjUZv>aw&IDU`9YE_*CJ zY_Y;oc>4=SDKoH$86Jtn8dLk+fT`$VYQoHs?mGFjW{pC5#Gf2}^+X3nq40EJupLoH zd!YzLyd0fKUHab|W71aHA8EVdO!PUTM4~F7^;obPYblz)j9NCecNEg6S&hX`V2b_H zz9)(tY4;37$P4*}ZBOnTv0-Ecv{0|6AO7wB zpquB-^5$~p=#%`#W4NA9-&$qHxG7gPL

21I4RQc?Tb6t5j9Za!Sp>AQ<#0(|&0h z-_xV3&&pww#$mo9>&aElH4?EO4tb-RYcE!iGe!g~=buDA-SjKcgC|x6I-72D@rvtP zi58At_}QpHN4~R*iHZ-kf^~ePkd`yx;kAsCIf@Q()^2;g;;uw%8h?n<#pSk)M?3tI ze`M`)*AnP&{JD9+>jOQXx}t!*`}zmic>E27IW~={=D|^>J&@ zS4l&aUyC@T7`CzdcOI-NZ)$kUOSzd1uITjDnR7g2C9R_6QCnKuD$0j)}BQ{6lLW_xNe;S1;I4^r2Trcw_*K$hBi4kj5_TKHZZE>)a!Ej=~aT8h_yj>$LHU2&0h zI#KB+!9>%&N>!MX7uhr}@Za6l;U5L{zN5+S+~o!z2DNB9w7xA5I^F5G+sVJ(b!vPy ztAcnb}7eQV@@t1+3+SkdBto*mBVKxHju*t})nU~yc7w|8^>%IMzX_2l05 zOrxx<)iBHWj>ABHuB%@JBUGcUqiD53kFA3hx+5d1m0KjK_@bqSLd;2~h@YI^2 zQl$vh_41rA5aBS1^2e!G?_l(+T7GVH@2EAIa`Lum%IT@$eOJV`R>{o&9sjwbLEj@E zpPoa@??yQ%`3d>EX`ZwaEG|#P2=u;{sWN2qT!AOdI#9J%8SXb(n0j)XgI>dLUuEz= z7pM$6SLzLUNtGSTPij@(R&E%WnlN!q|fpvs`>Z?h*$}7378C;GgS@X*x&GZ zdVBG1yGw?OUB~cl@zJ*Ne2|`d>HCvnJCxoWMWV!#q~}+UqswnqjFnf(lal5}gX$f6 zhi(6Zu@a?$)OrF}G$wuQ+uy!9%>uQb7c46rz>l6t#)8XJ8A zaTX5*KHp`X8qo^|oaE{*5ZxskzSMAMUSk6kL}k; zKYzNa5i^R~6Xn#;W^(=QzU1ATL24AfkYfMm&Hn==Wp|LU*uD9oqMT@ahmHZFV>SYN zU7gFXW=sYxX)Bd)<9U zFC`)@JAPdz`UUwvKJ5zq=6-2(kMKP`IQYyra`SOxiJPzEwfkuXsaN3FOXEgEufRPi z_TYoLs*8IP&rh2|d!OI=mL7j6eR@|ulAF((I9Luuq#NxBKCSF9ITGEGxeuPwx|678 z$}g~Uuvz>5xr)iX=tMVkMJnG^|Mthr^3nFWUyA@)V+O=BnwpxLo10r(Cqn+qIzAMB z^&|iE14xj!{9+L~85){+qqP1-^=*)U0pFd18KH}Dn^*m|!a?Pgkl&}ioSXIgouRr^ z9izKnaz^(D`=40*%S-br8S)n{Ndua_$}4Pb133+{KHSaDf68flggQzX${jI)-zq4W zcwM~tnb4o@meX!@blPo%9HQ|t4tTCh_26PH=+=F0dlKMZ(las?-uwj<|A*^l0UFB*Ac6!01oV@mqGW*`6!Kr_PnwV#dNCAqDHJr+=s#qA z$sgn}*W?aRdhsp*u8xaSt%3UY=j6w$!vpqT=U;0DZ3*4F(zT!abu@ndEYQNu#zqG` z7;=KeUpSYhzP^_QA~LxjD=PefSTg{8!`i(EGQ=ca%gF~^)fX4Dw`^kY`8((4Z4TAR zO>TW;fH(TJ$k1-~Rx{6DwrhWTxiMa>PQj&p!F<0G1ORjHTN5SE7N@4BHs{rCpzdjQ z&#H{M@n(-jTbMMg)-7eh4Jw*?>hzhkDT2SI_|4<;cn!$^@Q5uu z(H+qNsG+lq3kemby`e0GNQ*R;jw!c)M%;NC{rPdWxR|)O znnYeF(2_|}D8z;r(}$5>oqeeacm?$TFQ+Pe&;R(`|F*tQ}gPs4t$a?iu1$@$u>x{^%Eo5puC@)_7YLM{jbtzHcOg@qODRZ*mY(IVU$`Z&0rN0t$Nvv+0Um zQw5+#xqvHAkLPyEj;wTA?mD<#6*l&P>l+&s#ZhOd@WrgAWgxNeddJv{0FfMJ%n}St zY;`Ln|L)Pu-|zgFz58vgaQ?+r;G(bNYfZuXFWC&|BTE2)7n1o3I_i^8h$+Y_rp4+H zC0OiKl*V@R^OM2K0v;O>sT4L1YH+L7_6S9PeDYy^BwL+Y^%8jdfqY49`;CE2Agj+_ zfH)_WfP)7pDp61oLxYy2;Ti*EFYu1lm}_ckmgS>z!aU=9%IfRW&dB{CpihMhdw}Zf3vETgT04p z-sHaPh9mSYNGE|6<$ZH;WZvkql&)lDfN}2k7E;CylmBBku=$XhWaojzs2L5JtxkR5 zXkLj(xFLH3Oz?(#fHf}o+p_?JOAxBf0IXMr+fGs7MjLH^#7=b3?Oze#AYii!0p*zlZr<}C3AeIk$-3|N`$Eq? z{NcvK!YIrVhCGah_VkmbOz#bZkj1DR>Jc}o;;)%5MM$p(xl2t>KT9Q@2(;+h8R#qE z?*69(0e4CzwfA;3IT#Gcf@4*>o5(-uN4^_$^kp}tWL$BgrSSrPBxRB<_+o!Zj6kif z)YEzQY(Ri9nFO3x>js0mm5D#s9X(8geN)|Z2bnD7Z?+m7KkX@^%SW*xN^4HJVb zV24u#=Q=?LhmZu-FlAu4z?pLhRS1*QYhmC)j6f}d>Cd2u z)jBBiyw*EfL9A)Aop9+K>vn%%fVr`uw!Ow0hxnp(M>R3Fx^hnGGI`

%z`i$*?0dIBOrK7}uxS)RUWnk={j?(8bAZ;USTR7pa*Zspa_# z;4!1n55a|GWn`a(dCeP~@#R*zKgz~({@n6OVPr3>Z5qv2U>2-HkOTW+LIMs(+>;vi zq|nHv6;h>3x2{b$);I0$D{4B`e54|%X}u~MpuMK!R@drDVRr=DP)TjiBO*+~KploY z;x5-%lK`y@!M&@C0?fL)=AL=lNTJfaG9<7-++q=`M9n~3Tt;2sw$v4V;oro;(%-S& z6?cTHwTDZk<8#?s+OcgXArWl;@<08>sw;p531w;}*VMd0cGiBvj#i8|PHJ?M9ByX> zQf#e07}WmelrKXz6bJr9QUTSEH5g942{@81b0~^xY?=rQ-Q(hZ^c|(=l4PIPr^?g( z+cHC_(T(QJ0qe_~&{KMnhlj_JPQ`Dqw4+>9*it-}!K^8$V}NbP_7nt!=Vp3aAhe(x zky^mO2xlULD%Z;)4;KM6o7d?;!E2imgECpuWVo&HgsNv5ILY)=7ga5aMfQ>uQ4i$^ z*$~j+=$F7ASSX*AOLiJH1mw~(0;rp1uAHCuK>RZ&AdI8XR41yJ5|S{3i;PJ)N^Og& zh$V9US*CAcAi%H09Yryh`uw5YLc=S1;deDBEaqk+c01Gt!-s0pVZ^>Gz|7TW?>CjL z4-i0JI`sYf2Bi7~IN_pCquBVI)TAirQ=Hv1#&iu5a<}+a*hK9t{w7)3P&|4@@G{l$ z$PoGb=Iw7KOeu-n{^}f2cTbt=R4oJIK6qfTrhDR8(0ahh`iRX=FNOx=KzFq)Ru7k? zG8vk712}z5pkEs0vq!&`>)AWVg*;J(=!0j(4VdRwun zQnH~Z7#sbPtl(;G;A&@zfe_qZCHH>>HP>TZs`m#5!a$DIJw;6--5k&#K}FQrTwz5h z%6y(kJ~eT>)Joi-Jy=*=QF*9?03{_QYAZHIq@%gp&Qv`v_j6J*le~ZC=lqWhDCHe| zu4Kk^R?r>80bvDYsQnFnJV-c|rxOCs0H$);r<0=Fbt5%K`teh4tcGlTohogZ87z=? zTZ)=@0N#TV6MyPRK{#e(@s7!0w32)ovSug`I4i|47H}iFEe)!8pOlihYI@Of3Fr5Y zIv`Q6chUQCO4Z8iBe~voB~G6!fDE9c$Z3rhS{F_r>!boYujVK*Jvdx z>tzicjuV`2DXitdv|GOU)o{Q47-0)c+o0ay#5!*GL6|Q9aQqgQnS?vxVhuAYgYUw= zSG$Y&pXmz%q(WF9`+{n9P5Jn1s2VFZc*;&!bu6VsKfZOh;QdP^BX!>z+-w+~Mf0GO z#jrbXw=-uEjU*>Q&vvimGCp_+geqqF+%%iNjU}c-9x<_wX_0{;% zpex8#ga(<{35G;l#&Mw0xCl$PF3tl7aeT(M4C5SypuFgnNsgd2marrL(e4;6o2`zagSzxNTx9<348wC~Kzgii>0~&DL@xM2x@W-8P}17Of%LoI52FKFJy-ZD zrdU2~8C8^j3=0DulFj}b_kj$&4InLn?EsDs;~kH8I`sBu5=MVE0o8561oH@1Yy*#8 zH^@qV=jw`Ca-X^05K)`?XOU@y0hy&X+et4EHPnR6C%dfobM+|-!onxAI^8`Jlx$Td zGg<>NC-Ni1p!n6h$7@6JLH_0Y@@OP)cwufxgbkz#DYgTgl_vjiitj+_wJx#S>|FI% zYEv@~P3z0R4$~GNOG?Ma&}PNJDDL&6VDDvtGKAtk9%m`fJF*4xgy)$)jZ?;ke_Ik6 zYX$X*u2|-bhV z6^|aHyB@+-N=YkIAepK7saDPYq zwhkLsOmeU$5LW`Ig2tNH%ib;F?|MAhWUvzdM6`u~9w(??PgC2#UaxDP!GX+}8fbLn zp!p^%MW@Mtm~uPSHZ}%>Za>f;!VGf;Qg~CU{?2zB6Gd<)bKZB4nn3(S&X$L*la-vu zY$Apcnu04XqC9OlGK-+y(!nYck?{*sX*`=@U!MLSWf5}SyP{jpC&NNd(7WercHe)& zfj3-fDMXT)R@8w)d#lA_x?-k`;@-kr(=pk?j%+gCKtYqI)M`{7TmLsmc2Df;}X%S|L1EW(Y zPgw%CHT>)`=O}&mvMqw0cLYj{N+Nk=n@AjS{5(yOkvAJ(RX!!vgnO)qABvF;3g_O3 zTVI3=1#D?~LII-U?|IPuxx(p3-L=(KAoLTlOsiE5>~NwhOLa4P@fUrZ++V>6zLmbX z3@81I8uf8bkGaDw!Nt{GnoP#9x+G;*@tzSF`DgOMx}4?(n|%|pHj)uQnz}|1t+NF< z1#z&5#+ZPxzD4dQM~T+qkucB#f@XSQ4uSJWBs;r<7YmAv6pWC?c-gc5<||B)NNYEK zBo9SiE5EjIZ)tdu4GT}(`>BwG)p~K&s0u*cHA(eMfTSh!PZ}3bZ zEsiMdBhbD2pPCPKj>0q>Kr_vW`I<0ncm8X(NyrK8pkD3TB$ygTe%AR&Tbd*|x|;N9 z*PE(7mA~=9x}Ovm_lS1rOg<@Yt^?^+TXuA{Ev8`_YlpGOJco<8ckpyR8OoI|5#UK| z|2rI=FesAIhu}TDMvMlkqL&lZz)~qy7|IaZm~rFRBtvJO1G|?th8;)O-&h-9{7GJM zk3og*f8cWa`Q*THYyRS5`SY6oSB!}98gq)zaDdk%>l(0xtFYt5;lMOGFe6xWoY|1c zuPA{3@{$uH&5~IoZXgW*9Q&!QDL7oVR|k#n2QsDEC=|)YCQm{IQ=*XZ2Fob}fLEUkNl<}rH2K?MuTl)Qc&w!#clf2kQ&83DSBR&1tN}P2&Nwv^C6AYJH zDG4M)?@k>>68+;@`Ry3Q8zi$=slpzE?4&JX-EF+r(`-bp--Au?-)g<1y1`pfCzZYa zL1Pk4r*gpQK>zWwOuu;AJ?r+cm5PN?NdX32!RL;3gK9;uU={LT;XubegZfyA@;?s0 zQzr^-L{&+tsQ&4+{LN9L6}TB`cP^ufDg}u#u5D6qJy_FAh@+Ii)GDlk8 zu-Y{BO0(G#>9K?Z5MV6W2`vG4(+c(D*!v!J$UrS~gm=x&+_}yQMh$VSWd-?m+K0D7 zO(L@Jx%s20f_b{`!<=gCpGOXKYYnQbAbVR)u8*o#ugI5&b#H&_+T3hj(e+FmT(=)w zFEQUORgi{cHM!uxw8XMjCRhaACSpOjT;X_G85aU3_%9VFGMk=6%@>k!D~T>v_DGi| zf)bSbm^q0V+A;znS)Bs#f#&F=?x3d6&sWSPxAO@v*J%$F6ohOcwddG)9%>`jfRc#i|P+74=AVD z+1L?dW>P)=t+)Wc!NAoy?BUOR>A}sC+-*$fY>n+EA_O;!{FCzwCmTe)dF4mlr2(K& zYu&qtE&qA>Jw+50@_oj;D|r2E{!Ki0$$$i5q zNuf;n7|9_s><41^hvUFTfs2w1xZ=VcqPk)AWo1r>Y<$IRMLY6@2(-%uN5jZ5TN|a5 zGCoX3PKq`)wzUW&GvjctRd2Lz)db1KNXQ8^9esE$1PDyYEwe^>GHRNvm$W1bfO8@) z1s{WKr?=bQX5wQ)=^ZDPN}X3br@S+#-ptJG=L6y z4dgrHNK;rkEvfE!u7BRf-(%0lEu8O0&NrrWQL?Q#%}wZN0}N}ix2N^D#G@r0?OB|K zVK07`0hSBxe0e!Prp~^4L`6)yK8hQixQ7R~@V^*d@ zM<7yipb~5|r#hNErPt*cj9@P$ia%EYnsE21l4_?h;h%QL6pP3X)<+Z2fSnT42@+47 zx!P9V<;g7k1Zo$BBNfPyIN3zi0^5D8;kM zA*p3NPiRT`{5fLjc>6ydro$8?5`%0BzI}`c+F$6%e{Jzlc1S9ais-GgEFn}I^j-(a z5upag(bS|Xc+l7dM|*nm8X`g>FD@+(C3nChYIAl3MH9mkTmv#4NAa#?THTQX!iIi= zz+E`LbKoUuZf|EB0(v^u5pz*C=DvzwHowiS_34QXMEX7Bdq)_OR zmD^nOHKT0$Fa`yAx^-6c;XGg#2uHO`_VmJ5FX$QK5;zxraHEeJWdT$#IB}dfN-Kp- z@EPA|&$Ar41RUBoRL9uIS(Vf)$%z2r8L_79>_q)94S88jsKyY`wvGs}4^v6=i$Xf? zm&@)&Px4suFGdN{cjDgyQ|{8oR^(qrlsB2Ou@!t{u6FT& z1mRg<*-w8M+tTKX4r@S9*}{nE`4UB6FgYbIrLelivgj~3^~4dS?(s2kiF3brA^_lo zvBFQBOWXs4kAQaZfoseKsdAsobWAk+EwNY@yRi(m^33v`keL-D^+8u^`neTvo92Ip+Z7V`bjfM&NkRJr}CD+^r+!O_8|HMC(4 zYql5`f(i=EVb%4Tg@-0wIJ$(mA(b(q>OA)0wwki3`@+!=b)*cEN)Nri3Cj<1uCbD! ztb>5o7-wY#v~(~d`%4_P&qlkRuB~KHVaQB0=3tZfn(+`Bu7g!gZ9yndvO=HFz!Q`2)$k>utl#4CkA z3(2z0!0$xa*e2Cw-M^68k$4=2$G{~akpa#kvPQ{p#Wve{i54!+j(6J8;g~BFvO7Pl zP%=Z8o2sDtt7mK7VC3Yqq@B<4afV%GZxBV*P0z@N5X=>*&rL*LxM@kffJI%(i4tlK zzXDDg)8-z<{n~dt_H@gW6+TlmeZY-E{KY{sIIvr%EL2XCGqw*9?pjA!EpA%3G{k61 z<}3^@&yI?`6=o6t@DWKq&bbc>cY{l7ig6_r)~qT#1&Im~iSL4kCHKbY*28f$5C_kx z{}oDAiXc3f21B7Bq&NJs(DW_0j`)0F?{T=BGEcOGE3TF{$98zD3ISYqx-Ob!m0;B$ zh#=HcRm7hxQ%qW>_9F@v5acEzZ%C0&rH!${w>NY&Uz4RP#+uF{4!fXj;Q2)UZN?c~ ztWr%0+~Rtc}@$a9xcUX|8u z5!uhj@!U~yVcDBIXn`|KvJE4qy4F}i?qFhnMau{gD#MJTw1Oe8Yt17P8{H&;+1IdH z?Su5rXYW7fh`xwZ{v9J+LnS|q61mQldp|Ut-tTwmb+8kz53^UJv{VqK410vj;2-Rd zxu6lsu8*fIY(h==I9U-T){D97vb&AJ_aw8PBTreTjZrjZ_6Q101AYCfX>)B}i9EJA zW_iKaCXM!U7w6)+w4&CL?NwYMN-`gQKG1@jfG9cq(+s+GdQ2{uVu_h9o16H!Gp5up zj`3c*h2SY?LAViv496@6F00S`$J^=+NL)vv$rL>Z8?855uk0Hc1`oGd_&{G>VGhX{ z-S(4^QM=ceylYMF#$JD9R-@d1I=mQAT4^75p2Jh4>3R-QV10v^zskLlhT=)97x-Fo zvh;to_uWxVZu_?XMzq#g&s&5TGB*Yp1 zgyV~yKrN3>vkJ5GBx$R`@Gs#7Vlmg4dypQmem;@EtTzPU;9SdY||muCc{-vo(At|nItsJGv?i@bijcSYIvHB5rj zjgzgVYs}+}&V%~L=Uwa@WT8^7xd+%Mia+)~rDJ;iAr+r{{#h=o(+R()(jRK?n|Jgx zGT!%+r}Ko8?j8ozVe;3T*2)K~&CcY@uRc9_C;5HX)2m%^bZl?GMVyC@S7b)pVGP$V zzmk*0 zEPJ$Ezt>9Y9X;GQKkGk|}1mbdN`J9$#O$ryb}A*?to(%3qvY;4&^${bpTUDm>ZS6MO|T~9-+B^=jqd@YxlU$o+a0S86nVT z23}5Rdu(l(5w*MT`-C>*lSD$oyMTznc^E8NoN9UR-k_t5b0V0`JwihhLTJI#W1B zjpW=WAK_J~Ss}Om_67RBL%h4%u6S9I#gN#a>XaODC$YLcTzo=ui(r>WiTeu8bbIB~H8Gw1rOQ@MU4MUkTqvC}%c=AaOCIUc9*5 zK7I4$v8oG$+hyF|6Ub2VFI^~XgWQV?L3&XV49&h#?e1=z*=ji$JFY{b&}>JQ!bjw{U%3OJm8i}i)= z+d3!=vlJ&Knn3)Z4_={AuT7M^<1#iZ%oJe;El1_AsZ`eUpjul^!%a{Bbs=n))TvX0 zte=a~3h@(a$~*5&RE_J?&F$g5iV&im%Ko0uX)k8j^1Wp#2!*Eh~o zqZLhmzp;>TOld8#&%jeT0N)!8eb&5_Pzz)!D`q>URz`NF*zw`QGxj$r&}tR+7%5yK z5(x#erhn>`wp=?n7P&Rpjyi?Bf@@!4my#&z(e0AAu<&SXg+*_ytQUr@u)d~hsy)|i zQc=9R6n)xUz7ZU%%BhvI`IX2i-Bth<0>ou#E!lhCCUjNav^^TMXmOV%Tmcp;qU z3g$< zIBOJcWNY#c1Cz@@6g^u?i#s7TIlJ=ZH+Jpr+vZ*30_E&WV7=`uf>07 zi8@{3u)Ky>n{p&sJ)&Fb_4V7;Gz=f*757^HRht~>`I=}#zoM_C@`pcD$Z6;(cLe@> z{IRF9$Oa~-Ijk9ypE&OyY0M{1dbY}rfzq!GDgl!eCe-&U{60Z>tFWmGSL#pj+dR;S zz_3chg7i!sUX9*fE&6#zFAE^_au%$H<~Y@Tb{(;Qg2^Lc%b^6njCr{lei= z8IPaAbB>&nl1?A(8fZW902@U6aH?JAx{)3w!clC~8ARJZ#b?3UJw@s34l7S)s}WHV zQ}l-4VY#uTp;Xr=RanBkz$@>WCxYHat7Q`V#YSPSWLb)t3*CzDD36@eI$^17%X^9Z zRNr;!&fRFxc7Yw5<4w3c^!7^%=JW?K!;*o%K1uh95TMU#Jy;kXCfj2>)c7eNrat8) z?TKguJ#F@wSHNEC6p{k|n~YhxvU8Yc&W*TU|DimmLdJTvQ7Z1DyOc%k5K8gH_V;q} zdk|DXfm)0#ygoHIvIuu5RK~iWve~A=9F~=c2Ya9b>e-xn@C)lH*=eeAEPdEesblK| zyH#-5b#g$gT>hk*g%dgIuN!|{$nuw9611v+6WwLGB z&WGk<;Ruk;{S=;4P+0i9(pmoG_Q~Oe*ANU*s12Cm#N89)F!t8c|0KB1M`Fqhot9m%C@D(Xd3GUN$kCyJMFz!bwt z7||>c_U^P#wed?^Z<1SWxiX(0m$5bvnSEB6W~iq}5p32j6JeiGK3Qo>f}VNr0hNFX z1*fi!NCDNB788e*cny>5k&`8Kmj&w7rqNPPrmLY=<2u3Mmw_0u8U{G^mBEfZP)`XTzsW)ue1)?j%F{%TAJ)_9+>T{dUt!<2U*B|d^sYdosgT4R{g3zL$Ze|CfpWo2b3sn8<~+;fEGndOgF8k5Uu zix;nNmsQtg_WwwdT9wK8CF6`}2YIeeJ-T7ABynxzfbZx@xl3tbh>P7E+8@I&S)fte>)hT!Sk*Bn|6xXH*H`HdfIqP(^yA@E) z^~b7s)MGi0b9i~xGbV~XTf2^+Z*&CdJq5!NRS#3JCobloVe;DtFVngKaZnrR)^URi zH^?1Yl!)7`qe5k^SwQ>~h{7TkO(~@s%C;JLVczl}SZv*z%rqz)2kuIdDBL$W5AX4$ zrUKyW-D4wf{OD$j?58mC0%%fDQTVx~r6rKwa2Y^G?(dS=K&$z{n%zh?5xJJKWwOB? z0Nx#7ov>BzV9}l#7f7tYnOgHnrO%4(e z>g|$|d}HZjX;|<~N*oF_nW_g$OX-_*qRSo}KX;{tM*@*KcO>lP_r%0Wa7U=HunmgEnvP+{4f{E@DQTpxX{UrdfaM6t+y|W#|u>+xCu(Vh}Op*Bveg(z0sv7AtQV^ z=(uv5cJYgku(d1v@Wo70`_^X1t97Uh(A{$1u(Yt419aY|zop@G&iDIQQVsyMUd4+9 zcJn`Fyd{1ZzvS4a+rLEt*i(#qaeH?(y%)*+0c3k)?``~zdA+YQ&hcR{H~@9>KY81K zYMLvb-Ai`2{!aV`pSde&{-5;`PE2D`zUN)um#>C|?0wPu|3=!Q*qdCs$6LP{3xUne zuB^CK2L=Zp`};$FTpa~ZNr3;oQu&vBOz>#`v6XBQI#xAki=y~eY>d0LbsY`;cI#fC?UUgRC!_tAMF&DpKnYt^duGJFUo?%YH|H(`>Q0O^Q}=( zi`uA?PvJIwr3uMJ(xoD6Kz8UK1z}GBD-!pl8a-&ZJi3-T$r^Xv(Kt z7GR@~^*aYH!r|Sno-Q^m(3JL4= znu(^AR*w6zWj|Iro{#JRo%mBbhk4V|y^EhMy#w`pg@W~QOA>IcY=%y;1@3o(A&|=6 zzE#Ia%dKInGMz0`%v2q$GCMiG1pj43p!c!2rx#27*4?EqFu9Hu4+ieXukJ1%NY#^E z0`=iC)G4vBQ0h{PUEFMk%sang7wn5-gF^4lSTC$XmxZRIL^#mc$ELAurySjt{~j&G zJsB5}Tysv}P2@>Ux@oW7c*7))K9vXcw`GiiabH`T+oapbZXs()nk?@$%P~T~d_x)V zsIHwbEUA-j*sUDT^=d22N~^hQ^ws{p zp!SlMCH14#v3eV`zCB$e<4?T27p$7Ja6%$kSwg+G*IEKjfwTXC1VZ-;7u-v!dWXMm zS=R17zP2`b+yrzshPUtZlNmxzU3FL-9yhTKADKGEa*FpQsCGkeFwc-OlJ>@VY+uT9r1bH3oc90Bb7gSQ`5cc7o!x6Q~$gM8kD_z%dg*i`{sI@7z`-z z3~yz-tsltXC4)tee<`7@Xl?C5RLbCs7RD{0Y1BH}+h2ZH&hg$Dj^q54^T2^XXmIrn zyqJ?}P-?jZ`djXk+-711c~9m(0%!H8p){c$TQ~4K9UXbz_#&{O{bMda@9--r=`=%n z)vthyj)hMhACgY{Xw(BIg=(OZ2I7DvQitIpC4iP7^>SVLfCTPop%m7bT}A$05^i1y^g3M2?!Yx@<)CCax86egcT&O4arP@!P^W@X3a|5 z?udI=&+2^ZHbKslvh#>!DH;Lf;2qfEkejr8@QWj%=}wsY?TB z!+b2xJDi`QXuDvJxfqA{9h~e2avh~c?3~{+lorM ziJg5l&8Mf2*YVaQpnkUAQ&PeXDL0L92jMBV19EWzC-Tj=K~ZiQKX^UoFn0y6Ey%9F zy*<}!OEH~CHi)xJ1IY9PG$-*bcY_+Bam z;6o52$OF3<-FMy2z%}lF0WjhJ<&ugC`0$|$LWYrcIhm-0_`Gy*XWjjp>5+sz=@sxl z2!SaipWfS8VYDMkc){&~(TC3uAWee%wecJSje+s#g9mP_i`&04vA_%+U~pbXt7iSd zG{9?PnDw3C$*rHWtGK{Zkx&!NoFn}uGeqd#pKtk2U~)QA1<>VTp)%@ z5uTuYZ@hHU`*QKU9w?cQ&dy3-UwfmvF?~K0tD$P6qM|ZNzd}fp;Ew!u<6vV%*eI`D zI-#-q!9()O(R8;3i~;~$OC6SO0iA~nGwi+a&_ysNTL>6dQJ?JY>M26O;(jfAMGL3| z#Fjg5iDtcRJX^6le*GKNL_X~U`U^3`%EwxsvJ1ub8IvWIw9&__e7t$VFl}>q=X3E? zs5bcCEyj5h!0#+|XiLR^*mZ?*>cXIxZ$LTBK^PX)IOu}&dSGNv=xYG2V(alJw4Q?p zHOK@2(n3B-V*875n#kl72C=n*$AU4g9l0TC6barhVkf+rwajKnpmqEVUN}MVEi(ya(~fZuM4$-A+-nVDR1Be zwjcv9M4=pAr%5$YZ^}^jaFsC2MPO$ofWnn;{H%ZVEB--@vX>I}qtvc%S$kXG3HA@` z{}^GPrIA1HIv-uOWsV;q@04xvc!Kd{vJJFEnIC-rnKghghxPOTgE}x2Z25{x1>Zb5 zdHRmT4Ce8V;`CC`bAaVObF7p&&L03ua^NhKGn(f`3W;FxA0<7}OBCGOnbXhdSAO!> z;b5t=a~C`wjJVQ}x?L4dh+8g#cU1wtGw3uviW&yM)YY+batvX zHY0QSg6h$8Q&)}Ma(wF12x^T8C+V|9~_vUUx@tnEq~deAD9a2>IQZs zpL7Ukvy_&U?$FY@Gl|{rNy3j+owfLv18Tt;`Hvx(|5T+I2_6<$!UfDk%ekLLhhstL z0*+y`G(p$*_fL5UBs()(5x5b)Ui%mmu*2H;AB&qvrm@=E^WJCOL3n->tjP2v9Yi=} z!la9^{Nu;^0Js7Mm6r`%ngGlNTpd%hGCpO)UUqf$a2S{L>`IZ4$9>i10lKo@lB;Hp5b4@93)cvn=`K~mct5OHY4)_L!>gp(SiqX{e7ud|~ zPRBtUj*n-B-8?jd`HCN@j{=Y*Ko3`jkAmS^tEk6{k3O)qbVGLaD>OrmLde2{6%wyBjbJPAb* z!Q66M#At+=iN6jJdsOJ*Wv{D`(=#oUgLT)s0Bh4b|V1z&A56YS!~2EurG5Y*TM0AJpQcxC0;w z$g`)nkHx(9eO(@P)k|l*X5#zK=eNK))S%Rzht^|!O!g&V+Mp5mtCg;_Le>{gy`I&lqdhHnHV<_R7_1}d>aHYDgp}Tk5GugEt3<7&T@MmP=7of07xdB&J19DLiG0j#6|z!xW(cpy(=r zP%iMz-o{OH|8+0ix*P>yunnRrM#F$H#Y#p_V8QX=7|0M?i!cHx9Kht9p6lRj1;GBU z|9scf(<6No8y4+xRRu!b*2nRW^LBTAKcJg6`X)FtZ3$@FgCRoO6|9&+`5V8REDqi{ z?-|tl84;t+jWhgVnFjhAdT+Zt38{bFk+oj@eNQ+0A>QDr#!Q*0Ve$(@Lvry&3E+=9 z($V3*WyJOEv&#h)$-`Ug%Cw&UbSuTUTgC@C-a!C_ca=$pO zdA1Au;km<{alnkg`eJm2#5bro~qX&+xdUNnHeCI!OR z*+fcBTD>t_Jo2v;GvVg-S|q#P$^)_`nn$Zy8->8djB4#il`pCRm*JJsjfHr@*FHBP zzz$P@avUWjV;fd3;kn+uAafN4Amy(gG=HIyhiTm!GZCQfXo5M~V&b0zbli36)(o73 zDC(1u&Q~cTZni~v?Po;^X1}MK#d6>`EyH0xr2`Tx%*x@HrRHViY5i<_Ue(|^#8Ox_ z+PUBDFGVC|IShz^06fpJa`xB&eDjw;?yV(5h#-}b2D-Jf0^h4jD<}ERe_xb?OhK_@Kk{#R;K}!q$++*3ZA5M4w40YovZ5?mE5dm zZ<}ssS1{;g4-&dveZ^gD>1jxtKQsV3olvWrIqZfmKPwMPhx>w8rUCV+Z4%6SWSt7| z`3qHmQ8dCU_mP5wI!Ow;KJFO}NgiZNX-yv7VdcxpOmCcbncuI^uAlR%=KERdN~QT` z1E^lt->i%Jz)nagQe5m)ATgH_*rI3<#cmh#cx>Vq$!035HZv#$cyyFC?i08<35ZFh zUMZ5capm#BYrw|H_sa{+^~$he1-=(21YlXZH{Q zC)RrGl@d*GgShRbm5gn+0U%Qp58>Z(CUnRg*hk-;z>Nh!KynB5TM6^qC|B>VvYxw+ zz}K~PV4jkuUB!So*O6UZI^1ZE_7$~!olEA@Ipl;^VqxE^G1ys06`B2Q;9D# z(XuKC5W_GdG>OHM9|%gtRk;t~-y%AE!+%I($R9oBZP+A`>-BI0V(-`SMz=-TPeRos4Ak9#Fu1Ra9Kt|75>Ww>^ni9coO_<@^L2HfaddwXB zw!mh$!URVFIqsCAcd#6wf+lRuUIQ$-p=gvFLfhHd?Nq;x)13HP=o)Z%UU4J9J|e=1 zJgqkk4ZX-w%1xZdWBsu3^ql>gvQ?6vL#1IYX56ufSEo^`Lze_*61Yclc+%)Nle{8c-`iS**! zG{p7*iyrk8e9ZdiThL&EQp)5|K|#?oI-{=sB#V4NCv_)UU+)-OUuoRnjs`Md2b6eP zp>K&SC`-!)4pDt}cSSIt8z?1aLAP!W$4D~=sbl||C_y>8OvA|H0*)ne(u9$hE#=PTCtRZ)bSi=h}r$9!#KCkC??iRDTw_Ily4V2;Q zEaLKXWEx~o3UWG$?#JzKdp*E^bLbH~tQ}wt1F}?LRQ8&|tIP)ut|{Xt88sniJp2ASY-ln`N%TPM`N$~m^w ziU53yX-tM~KfQd;xfWZGi_N)aTX$@5te_%&{j|}1?;9|dT3^6-6rjNp{5I}7Vm6JPO z1wX&{?j)`u=`!R(cDtY)m5G4a;~Bot7)6mX>KMRc>hS6?z;?X99HPK*xRWJ7UjPL= zq2LW7;q}qlD3G0iwLEC|{QdnsHu*p&;|>Dl)OASfSCsk8$bns^DF%${XCZ+?e_c)( zy`3)c9;6c!##8nSJ*MD5ngnePuVQ*yM#e5_yPzK*o}<^A>$Fh{Vi%u65U@M~t0XZk zN*dUyu2YRsv~BbQcm$fb%m4rh!fLw_`mpfCc=3KZ{{U4iUp2PV{vX>>0oxeYda%7kiUH zOG}t9<7Hm;^Im{r zL0xeI^fubg8xgOVRn(`W>tTj&X@pe?n?rzi3-YI>xw&7q#LA+7q(JHdK%zd?=<)(% zJ(*)#S~{zzX%$Pu{!uF-F4FjY^;}ClP}s%{kTi{@m**~iP&PWW_j16`g@gAQUH>1A z82%|(=zp94{xOR9_XCQ4sgLExlPoHGJR=fQ!RD#RpIX)@G6^=STphFyVO3YOX5R~itN%uDGc54N@T zs!`asmex7=iM@b_uRSsq}XcpoQEWhmK>q9&xJB%~i4fW~ly$te0~pNrm) z72JY8IXW`PUP3wek_QvvnD!3z7g;K$86igfgD@Liii`M4#Z(3-7X_r=ez>nbUT#lI zP_t=5>pfl<<6x)kgocM5*ZMv4sWqHBAB@3|KJvbj{%vf*!#2)equxqXM_HM#Zn!jz z*u&YY!5TSeai;XM?mnbZew4O2Jxye5vf`lNvRZ=>)C2w0VcL_JmdBRl`~_c$P`s$A zD1}}edi{smRR{GUW)Tvp9MAY9AU4W5yEKi(d7xutP~~U&D(7@GH6g1vVPR$lmMuz2 z>z`Rpdue=Te_3xaj!iTss|PNT-0`E)pJ6-e!N>Gq!t{xV?=M5~X0d%-{;{rwp5__NPWnV~PjI#B9n> z-VLsE4QK+-a7L^C1`X-X&Ap92!bn4!wcm+Ttkqv|)v=OvL-{B9UCoTp zuk8{BmbfT6#usW=IbwunRy#_=sDsnG51+O+%Tp z`Z02!7x}2VhTV_Eus;Gvvi ze2kY(Ys)~`=1N%I63^`xus8U4x1m_PH@rF&*U-XBdm>4Wx_BUl$rbH5)Bx*qSh}uc z<+gdywN-(z(;7q0UPTxWd*yH1dpv~jXZ0GTlNQ${VAA>dbP68pYD;1wSNV9y3A&${ z)x*2_-I<%X(eREmV||@<_37ikU441W*+v8^_LqE)v+6?Cqsq$3RYUBW^l@EwUFqR0 zt2^GarFp5x+IJEpFv4XIa;Z8kNCQp3`D8HX>BKh`@0dtn99(-hRE!N=r#em4z3qpm z-ZhWD=XF^*9KYr0$fU!rZHp#e#xFKR_wv=y5?q$B)Pl`5@KTk?%M}`(o0D^e^V570 zE`MB9oLGsjMp;pxZDrw3c&yc##gwi7kj2^Z{EE~~NLAsxsNkMrdv~NlNkA&Xwy|!1 zY;%#b>h^E-=LP2IQ|O`s#wl(ovL7)_5O#HAJ+M`t8;RnwAk__KYx2<;=!_Cs9q>r+ zk!=G1XpbNdG7tMl@J3&BsgQOH)x2>ISvqz@*+jp1uw%r2+55o2Ng9$;r<%IFJ&qwc zic-e5MjcGfST%k_=}68PRZxUeTfUwCxm~i+sHC-y?6(tO90PB$^^T`5@%WHE(-@z)QLwS+lrAWf^m2yc%QhK&s#Vh15!(9_^(y& zCNWC%Dx%zerqGvhtTm@%sHm`-}Zq}0&)c{#&-jR z7Usi7jkdZtvMD_;*Z=65NEnFSffz#l>OE!*uAXrWzF5J2GH7Ohu=7yVXB?I(ig}nX zW=Coa{?(W~tKX<+kZDdD!ZEV2X(AJQDrES)sFRv7aq^*=78@R_`<-!DKLuGS zbSBOGP!YW;{!p62|ET=gXv;U`)$QZM*A6+Btb5jg6R?w|9nRFmjYup`pUbKc z;Qp8qqey;0L)z6d{@Yw!l}NvW-3*`>Z4WS0MP`w?v%hLSs`d9XGY%t5idWz>QKZ}m zGnh=u7*4fb<*jYS+GWp74}3conVWj#EeR{pN@*T?g@&HNd7PhymmBab8zK8hcsvFl zAN$pL(`<&rv$wb$*P`H@8-L}Z&(no&3{JZ9a9&AT7Pi%8WXu_y35%1YpJ^#Dh0V!6 z6W3UIuXKp_u7LgSzq#{dK)CEFBoXsIU8qgWBlltXCZ`i5s*yVDxm_ql1RQygc7t;! zmI{x|cBTl-{0{$S#fxH_w4?-aI#PxHvX6;i%Q%u&dlqg#vzFor|ej={E+=D*D5J8L)4~>c$tK{4>BN?+<32v8MdY# zkQBJLb}igzeBw&emegH`X0hPJuJ>VJ2!6F%JGdAD7c^g-O?FUq=1P^L;}nb5%yj&NGmYImIs2xRiS&zSm%GEp?JliS4pxx2nLKlmFE$Q@<1o7p#>y!v0Q2FY#! diff --git a/ee/images/try-ddc-3.png b/ee/images/try-ddc-3.png deleted file mode 100644 index d6237294b9a170dff568fbde32b1269f4bc60345..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 89882 zcmZ_0XIN9|_caVCpduhDpwdPWQE3X&+bAN^RiuO#0clb~uYrIHC3UB(FFQKM-M``(t1aHgprv#1>0iNr->`km z5EDZae1VSsJzbaVGPf@uK|fyFgf>{U0#AnS2Ah=_l#xubi!r$q{&=)6WAr#1E}!ps zMNRo=FgkEI_s`S*(F5BVj5L+&#EkRNnd|Q_0Dqb=2ZXenv>bn4Z;{mKg#UTt{e>2` zr$HgVj{#oG(4DRL^Yo0`U;jIN?##{R|61Y>K5g`GqjSO&z|Z7l8S~uD|K9&V)>2VX z0f9j3>gr}@(`Nd5=ipzz*10Wd7#MI|bIkWrv9eka+4%tHxcKVdGiwbv#oyc4H&bOB zjYgxRqxP}UdG{G zbpI;SJEl-{(q*2TnmR`17;UeQS1qp$=H{wJ>*(lYKCr*Yq7^7K1(#$^rBTt)ILG3s z%-Gl2>3f(E_^EEZ@znnfKZ7~YkKxd$EBEORAG=2L$m0lv$fEiBpp~32PsOfrb8zg< z_!C{vtQP8KQ8$0EcJ6I;@bNe2J?jJdP{(FBVOPSo@72#L+x}bD8&k-}TdWNX=dT2* z@hCx)FFy5M&hXw`Op&mi?^*885~M%NC-3Fx;^N}zNm}YoD&marYEhYGd=@mf3T5R}vTFb2Fj~&cEpx%5$&a))kgf8~PI$izF{7cY+uzs6 zEA7mEEj=Yg{rc-KiH7FB0yl5w!A_|3^z^`5c*n^41X)#CIpedy>>({Hd)O?nQ;X(R^xb|vHPYWt9JkF9Fi};d zKkV-6nh7KmmNWgG*T=rq;eXGm#ojdOI19?bR^F@bE58b~)6Ah;s@tEg+`l0$?LA&; zO>Erh1Li|Xaq-s=jxsZizB@|f^{O%xM0;Bs^ObuvCwWiab8FYM5FEC*x9{z2jGDNs;iUvgkOkOo~f`nWxj^TM>GX4(w%^iZc9S&Msc6bSKOZ4i=B2NIpnnx zc&xbF;?Iwl1aCCsN8#X#SKrA*bTmy|)XRM$7DlBU=I7@FtF680>tJ`c!`6J;nayhZ zVK;a8Q>RXCy$+v1`Fp>7`Rns_m2y+$qr;bm&!1a_kZW+XmtTcK#<(D@GY3;*m)`Y? z?QkFT(btugMUKbacr5KAB7p^o{jqShLV?oF zl7JrgY@tBuNs-vgGCjJs^X2TlAG@t_y1;4~%jl2D%gZaw^4*KdI)z2jNJ#SY^Girb z?7Uw&9hZ>OB~X-~-+fLs9L zG-T$JEdwJXa9%0#K=*i@LaO@pXDMeTC;QB`(666b?(FM(qWuj+m_(>OejJ~WU~OZ= zE9YU?ohZT`b=}?Z_3N8q&vc$VX-B#*1IuRpd_3eLufX1vxoy6TQ?-OwtmF=HF>N4`(x4fl%kLAca(+ZGV%@ zEZWPKV-g-7-j}I}|4cmpFEa3cqNf)JQk+k(wVtc5sj11UuC1-Kr%Hb2JE1lA$@6*L z9)CLw28wy1M1L*&jlKOhp-Mi&M95e)N9WXR3%5WM!_-F_35gpwZfIy|^gLkCVYIZg zJa_I~X%YV)M6w?(&oU3E#nP~z@rYob`>-TjYu z!F-0iG5VmHVYYd^7SM$uOq^57wHA6{a5UFGJFps$hV1`ED386TGHDj>af+Gubahqs z6kJNsA6c%v8^$Agyo#$NmWmu2JY!SFni+0Kh*&S^Cblho1It7K_yO1{5)u+X!z&B~ z0>M?(^62f@m=RT5N2h5YtSk8M#U5z5_|ut!Kv&t=2B#OW;l*qEgG(EkLvqlN^?LTv9q%q z(Eq_|bM1t)E~ciYZ{8FyJ&@MZH$$yzw6RJj1`2&WFmVWP`gp{^ar`P^3y$zmV8oH6 zM?I1^`=ye2GzopdC0!bt;gDy>fepp!4I7vbCMDg=ITi#5=P5yaAG37^2y`JSG){7>$x!qxA zkT5D{BGz^3?m6i79|2F)p zLea?sb#l-L^EZ((8$$Z**6yJ!Cf>+}-nEqHTzlr7o`l}%?TM=HA3b<6`bYS!CqV#0 z$W*=>*cL)od1WqI;I-QK|eYA0K4Ar#IeEzyFLFxvzc* zQnq?w`lCfcRtDS{T4XcRma4MKtUUgzv~Cl|$PwVLJ-9C&?;J^7V{-_jVI7Y*TATRV zqaAs)9s=%}=9_fLJ&vVQa09iL^-8r6m3hy8s+MXJ)|a&}I?P9qt7UNuVS$a(1r6Bq zMs!+p<3;v|fxt_j0J2$t2_l9ZSXx?Q`PTe#q0ub_T zsx*IcU%O_kr)Q;ohf`ZyJIT~&dxGcBD zHpVfOg@elzi!f%KAP;L(JoN7CeVo(tHXgE>$Mt6YqUW5JLlHNkyyBaPE{|kYRe4UJ z2i`EbH#Vf@pF1LY!k2$s9=NgkC_0wB_-B86 z>Z^{gGIhAYRRN5z^HU7T?YH*ET+LrIw%=p%-1#Zk^^yESYr{R_xwWS&lVV|FlGvCKY;A9U^5h8ygE98}lLNkwm^pVZc6fRL{8PB-Xz*wr zc6QxoFAX$(?fHPmE%<#@<&vF&m7l%?)P85=rG*9)N2jVvOJQ=4;ci+v& zDsorsyQzD6u18tG{9kWu{rrg%y2V1aGxN39@4<|s?|baFPiH6PO326m8UO(uwby&~ zaKO8X&m(?5I?88bFjpOUn4+GheB4R2b&mX`wQ(Cto>k+`@V+7L7L9!`tu+30ZZHje z*j{lzZ7hU=#Dd5`_g`;2ZfA><=O@vyb8 zE~+DqU3N?NWP|VnxpZcemD=60qi!8WqkOz`;x`ZSnagh@Ti%sF?X&yz#HC8vXX79m zVTKDi=2+=^`#vUGxd|U$vbip#OR?FFp}3ts2!ol~oal3}e6mN}sM%upVv!-NC%Wu9c2eEU>BT zC!BHdc~O2gx45wy&+6ac4q*6fl`tTq%?SfX)#-siz5qP$>CtkqL^g*3C|V~=$*I!; z97Jjm)aF zS66rxYuyB0dX~%Ls4{t3?A(bm?@X#`D9s7mF*ig7|MQ#1T#ZuAJGIthH`=d)UK6K{EURx`jnh88~P}!1S?_mzKqId6#_XlwELze2am8bTu7PSIr)@Ns z^p;(5K2*TTQEiFAc1*8df`s9Dkmm@*rsY`_xyR}pz-;X7`Tt?7GifGFE&%@kpb^$+7_EJ(Pw~2mgM1V2+_9?n;V8w!1%;|8 zC)KDdom~5H%n{&i_7S^OzTT%DBy>(f>Dm_JyTm*9dp*VB6{JhBeMIM=Di7?`sKZoH zk-S*8zraGl^|B-U&k880qEd_Y^uu*G?gIKAe=BNioZ8IC*_O#Q)5uGBBAqdBfqwqRJ?{ zdELyT2Q|M)S7&wT(z*CxGbGY;WSH_{cP(a&XUc2UZxNWUzPJXMI zBs#bFKe*lD&P3a8E@oQyImH)`*7sK^+qN|kf}v_2$mBPDDK9Gz$=d5`ul-b` zO}Kl^xjsrd*hhQm-(>g59~KxN7G#Dk#;D2r;1X&q)Hieu;TxHA6Qsr6eA{)_Zd@yY zaPmTJjXz>v-*B0DO>*&7M;NR`ug~%7=1+cq__M$DH{YTg!q+)HWP*+3qG42AR7831 z^ldSgWQjSpk`1*E=$igBV_z?;fxf3DbI%)+4v3MSs7CR$HQo$P>|B(-JT9#TZ07$U zhLC49thVvN&DtGB?^kz{zG^jo{4?)xyp5+13^JHymk}u&7nZ zZYabH@)3*&i z_C#ZSP?PISR$1jP%3W%}p0-&8-wBsLY)^s{o2kY}}(C z930%*+A1q6GvN7?9NGRJEq8!{^W&GYP8iv_(ba@1-_5RR1GbT)wd`%`^(EbnJLI+k z%f@~1sfea=3$!X0WLPg+-q?Yz*pZyW_0vS8HG2ZPlH3fp%PI4?s4G@wiReB0UvIyf z{D-;HwRP#HFc^-jS5wl{9rFOpVek^oXR!Bm}soms|wK5P^f}lU+iep?DkT3{HpWBpX=!u zilZ^q*UwN2m{`atSJX2y|DEkwHE5!%%6HQoG&W}-+f@aN4R{Uk7`Rp$nbULZ)C+d# z+KJUQt!+xx@VF%_JFcSbYxd%W8xZlDj&E*`SJ{&EjsCR1q8U2Z z^mcP|6QIok&i~O6Xs6G)I5{~1REg_1eD}MM6$c=126!g8Dbi9~h7-t}BO@bw>Zg=$ zC@b@IU`)RJ$vFmUX!y@3cLJ=Z9~H0m2zs?*Sg%lL1VFpPee~|E6Gto>RpEcs4wed+uK}wLxpfG9#x`I6+{nlW*OL+& z%HV)I`|lyGW&*Z=UuBd1UtUPh;ly){txY$2h5Yd6e`mHNt;aXc z{-*=HzW|2)N3fr{4(Km+f_LxU4UdS3_!9|ReBymC#dojfWjgoHBx?gwzTD?#ZY(B=aclq9W~ss1$kVAJ%Jq)m3Doy zy`m;sgfa~4qqG%YqAL1qPvcnVW%&860Pc2td>rG&_x#0+*o1_(S4NZIx5dSGH2{gl z6d)0ER3mB~$K3$ta(mmYD(QM7^sv%*n&-dkXdR6;Yw#*FYrssb#F(GioJETs9G7oq zEU_OL$V!b00NDOvhoPbZQQ074le|rro|wpS<;oQxS~S3NR&`FxNJ^68bd`MZWe9-q zD$P^Msi?T8q?Fk{@X%n0=ldMM*8_BG*X;Lqf?CO&b76b{aq2bO99(77TMy`G=H@eR z>6zZXdsj9!J)lWj4smWYNYyhnv2cP(u09NMh_GbMH+P8PVHzBb&uh)&j7ON5{IhiT zKL9FSzY_WU^SeSqRk8KUiF69igrB5BOniJIKw6qL`rNM+daA3X)f#*%8b0OY*PC?t zRZAw&D?zlULeF1~O-ZrO-;0{$cy;%0VXV(WB!I{C4GfHn0!|-gW@Sa6D$L7+rnG#+ zTKovr&XALolH!0X%7z~#r^93pAmUkW4oo5PO> z{Quq@8JH1%J^3brm1weCO5{@Bzq;+7wg0F~sElVnf%mkG*bo`%l(trX^vT7<1kc$~ zjX>1a?sdLsLdw|pt~rfsV{WzbO?yZ+Q2g}f(rr(UP{aW2W~$-SNo`V1yW^Feqz>h7 z=Zad$K&q?#X!0oU;dj=+X-I7UNQ<1%;Ss58eGJ5(N&emslXx??QOWfUp>M;`dxgZO ze6kA33i&9r`;fkg&nET>7^4)Wqa|3w-~c!P z2Rn?|fIuM5w~gm&4m4cL5-f)^5w^#emaZobI}h{o#l432awQ{q70LQJa`H+py>sR$ z+plUl2+;{osqB%7dXa0Q8Qdti*oDBzll*26k0kmPerGfzceyczIvMrTw!NtLmN6rM{*avV-DQa12cF>Z zPROvl@er4G%5?W5jjl4=F4Y1(KN0@ffepRMlL&H+AlW&%55ARLFrTh`-LcBw@q-nj zTq|Et5Z6A%y770=G~Qb*a8-(5M})b@TD z^>DlsB-xvXNHD)j>H!yu$h&OKe`GbM_F_9k;dVKV#k1;G?foEkrM<3?PCF;N?@o4E z#G2F@#iLPD2ZS2(qXp3{v)#QaWhgFg*LY7_&3V($J$!VKX)vZ^l=%qH*Wny4K;1hk z)w^ZD*{#I8ImuQsb&L>RSZ^RUpxvW{60j3_YiT%KQejPjo!aNo)lwxcvJ`nzRYA%oK7`&R9Mz{eqC{NBo>XxgP)>^og6bHCsGM?rJnrG%u0956ai z#^u?wXJF9lz`($#PoFwEt`j(XxaiUo5+tp=E>CScE08_Iq^7pqU)5)ROTTCF$j`4H zm<#|%3aYZX59v9*c8NC7=GdQY+^`ofh|xON{Xq)ekSnUZShM8r?$BUHsoGq3BaElf z7j-VgR7o>F5~CkORo7xDXLrIjZr_pk=xfgi6Lhv6QM$I$LVn>Wsav^WiYFOaQ9BoA_i7VE8StHNGy?|51bJr? zgQ^iv4wbfkzTeu6qZv+jvDki`B;+ms&Eqr#uY`O4INzH}bf7h-+8&sZIdz?3nZF z9er`|W38^e?8IV}Hq5CzK{N{5vD`0Z`AAIjHmw_cnYl`o+{ydLlHqf243N!%_z~H7 zg@J|p%7qKB2u(cKxVQi)+Jdh6++Qp*a%a#M9p%?1(1KESb{9M~8g9bFS}sta%~oT5`cWC&yBtKIWd>8CRt ze^#YnIU1eB!rcJbS|9MFP&`(@#563c;cgkp*5@=G>^f-P%IaLD1kYjWx=lLBpJ2Zr z>+YJi8&A7jQ6aUcS{Ye8Y-4cKLgp@?yxs73Tzi*wTDy*1j6)RC+|&AC{=2`P!~MEV zy&YKH-dONEiNJegq^F_7WSY>UN6@gNPyTM>CdcpS#5g<^3f6-&=?_vOg`&7kj&+*f zEBC_!b~oNx_m)K-ep7in<7?L*hc;K*`{=1Om|a3$lURgl!KnR0f(mTVdXyagqc!{} z1iUpVgUUJ?L;FXXd2BrLl(=5a@j4V%?>6rqxWEfiu+jF=aL_z1B6J_`2~Kz#7V??Y ztUh&8!?74U>|lJ!@0Y!J`A?s5dK|8N8`Gk(&hqL6hRy~osFDJ7ixW0^`C{o&<7{?v5KYs|X|AvNL05cqDd z`iDD}G=~hq6l9AK2g0J!G7Z()ldfOI>bG0@%#}dD28SvaGosN)-<&3RAB={g2h@YQ zt8xMicpqdxCYsgqKbUWA(x&a^@E60Tr-EHp56YWIgc60f<$Uf>`}pbUZ%{=X63L9h z`=D!e%UbF@o;Ay+a+N<%Ts#&BJs*}pQJnA@_u46IUlGrx!gr%bV&JQ@=wA>*Q{$V3 zKqpmoPE6S*i3CQ9yG(BFFmjeFOs%_B;?|~e_WZ%y>N>NB-G-%Sj8@Uxj~^+qNgFPO5ln~(%a9W{tO#R&qLfGci@2;h z+wS57Aw$s}P(6R`*W9lx6WzJBj0|Ct0|i~@v29fBe!U1; z+X)*l?JpGDGpl(sLVdfphj;S)XscpSX8MpO5WjzOkwm&=`#T5lU=@|KYCoUH8S?!T zke(E3r`bFhJH^dhRl|Z0Z){W`kEzGq3fS%x#7$SOi~;GZGI?EM@l1^k@wXR(!CztM z(XR8I=F1^8x#4!4aK*n@Hd_IEmeo%TE%@5}6dHB{yt;$cSmQylzY-G@lcNU=3?u{T zPdxG*(UmMK^nl|1)W+Ks<;PANI(cLyaj5p`itEb2bq6wohaaE>TS4AgnUL#)uN;hC z+tW$!{X|CFDC_~NxpiTAE@;pos@x7z((xSDXg5~ap)(?#Cg93g^9_GgW_}sSr_D?< zk{TC4#G50J1WNIuY{2x7{Ov^V?>kjaE{UsVZLe8&BXw??hTZ2R8=4o{sM* zbZ%Hp;?%ajqXIh_P7%~>0PP}ft{)sQqElVUs0GIa5$3=Js*H;!_g3uY>E5~a5ym0dGoYzDnhU_DA^%=$1+y@ZVCR{TCwQ*9_xASRlBFF0@yYswzIO5o+N$t zkd9H|WaqOkZ84HUQEK@HBO{|P6W%)+U4+VgCoyHK_w@f7=po|Oq2B^NgeaW#C$Fm zT++*5(!Y{8ZJbz5D-Rtz7WQ~g`}9%hg%Dx3OPu=B)h`!S#nKSFj>hUvW&vi}p4uuq zq=I68lT%)*HU@)gBdUV6W#$2YeOvMy*`gr^6fQWd;T`U3?r1`wm5up6%iC>&J!#Qq zbnECjmq1_b0H>w4SKutquwvtK1ct-O4C#VTd2p^2UeXseB>`DY{dDn`uRCSSX{Ouz zb)x?0=qQIk##X9)hd?ty)liqru-<*Qq!>vW>!j)io|?vpLDKH8ducH^%B4j1D|A(SJT1lZ>{fDqz`7a`dVq)V~UiU#*t9 zRrNXaWdg@K^X^$B#uX$Kp~#kIW~#~Eb|=`JX;Q-?$N;07H47oN7$=%lzV z(FnQq_@OnkVgh?pw?i97?Co!=q}7bU3Q9!ne|}LqB>d~Q*U-&K7uZ081OU+>_A06E zd0J}fr={(;zm2nxc5!_fCNExCZZ{13)6Ud;IwbK~O0qP*`u?`*;;YoZ?H?>hO3&1p zfZuxVt&dA%q3$aK*_w&MAT0AIZRZUq=$Dj-y&JsgylHKZAoj%@tsNbgmZ`_&GJ@E{ zemd?%wuS5_+_G|FbcLITre1q~1_U06_l{5+OZ`0Y{$8~{#9Z;9lhD9&Go&F<2ZglT zEGTWEl>R`2tM7FjM`RlNU7RI~q$bT>?5wRUfeUX)@08vVq5Qo&QP?=6S+vp_bn8X25ud zgW4yVE18DVq_}~jb`*}WT?Q3ALeSbMmHm~^ug`TP&(qiQ0+M?YYV;sM@a z{*ZrtIJa8ZE*BKmImHVeQt>eBf|*wd#Z7x+P*$R1y>vv z{QLu+R}vQ=LVB2-*SEQXjkzxA!eNI<>UURtgYbxg;zmVtV&g&kZp#Fh*TxMYXs?*L z@z^wD>trf^ft9SZgWzPjWdtFX3#rRo;=LMh*i%nWJRv2q23+yM5D)@pXI%m&j87yF zrJGcQ{D`qN7OMqcV@n6?YqWNVzd-w&>6_Kh5EXmYAX7>OwVT|O-!1^vCxZvVZ|Fy_TvjOlb0{f zhE`XEL>Q(=Xo^4P11~p_Ucc)O!f*GNn)_F9Al9zL#1bNK>v$h|KgPpOi=E^Bo3~Qm zm1mBvG+6E++iM%0W@b7>ZyHV#86ZM4-+tk>EW;Ah2)jFE4zWo?3?`1I->6Q!WGa>8 zY?xuGQi9*YCd->}_@Ri|C11(!zj%CIa+4q~>JCn0sRC&#eMtrlFcU+6(2IkM=%_Wh zd%8gjWhIYIG=4(SBqKjpzk~TDa&c3#tYjF4GqWyr(%7(8q#18le~iz>xjV?s&`l3b zxcDW(2IlN8{rv*kS{$;YGJn@tT-Q&G=~Mr0LY>A~H70Yc0!sEZWPM<;Zj5?8Nl#v_ zz788sKlHy*p7QSQC2w;1*{FuKyRutrF+3$n>kYUrFBGz=_%CH?g7LZyk)BJ}=JPa( zV+Dj086YqVOd5zzT(j}id|~>P_y}8q6#wn|p67iI2A>=*XD#?#x}{a;N4o2_yIPo4 z`ElKGs*Y{s^ltR!$HK}d5h32*zc84i!$XU1quVnM7fp08X z?d20JqYT~60&S=mkS$V7C@MImkWOD&?Ak9HqDNg+c7Q}139WQD$YdlJ)fw;wCH zp02dMpop<;lYfpT4@)0Kg03X#4UW)MFQxBLe@Mh>;L#uQ;%E@IS!d3lSF(*T-ZjUf z?jvnV9xSi7=y&uk$Ct|r3IWeuu##xGG5)G&6m;`LD z_=i>z*JD$4$m*FdO3*lB(@si3O1WTj;79AkXV#`uC>QGr&!7m+Z=hbS;L>Etz!}YB z15btAf={UqLXA-PBJ6&g@&sADwpBc*Ee+#5JT(p(-k z;2$#@{zdznFUDn*J^x5#GJbL^Z{JVT^ZPYyKBuO_EgfnBz2=SBvP%;3jw7+nB85}N zoSA>`nC$csK}|g!FjDC3w7j8Mdez?F9iy>GCKpY8^Dq55y=v1@3Y?%{_Rhaq`1y@s zSc=%aYf8|%WBsNv_%X*4z~_7(%Bb^VAhsnkvT)lu=%}ci;vnGh-Ar*qDU*Io9`^Qk zSk`IX)IRUvdhtIHe=jdBg@lFie|qU8K#H0?xF{^+wSL9yq*E{p5Rr}4y=ncJ$!*I1 zI~ESC7f68dG>T6-)3q{o>WlYpzSm>r*{wK$SoGEplDC7%yF!i8JW1u!oV_M9u%9uf zqpcm^w4{a|OJk;YPuKai;kNjrUmK-aCmo5nU7BTH)^f9QJ|J>5T~42g+wyCkuLU6W zyvY~98rJgB889w*trSW#ZH5c&fqn)0kdwa&@(ZUx96B{*lw1#IpEE``WYQZ~KZth( z*GSdiB9^UO8;+&;2uJw0T<0vQ2Mb9$uW?NyCm;W*l=0d^L5_!ECnpqT*5lbj6&nVqe!R$%aE3|U^&?gWC^ES?%y2;96(u3%3QmJ29D&!Hg>*eR zW|=0F*6ZS}UPy>-q>o>3CfQ2E&x`?X1|3j)C%q`GXoO;g-RguRd2o|Cb=xXQgjox< z^>YeP&e=zu6_R_y74P}$+ev$k#JdYTX!hSIaHn^QTzwdkXsT7C>^*IMCE!=LEoZL2 zi*s-BbYU-Ccw*96$9b1JFVS358;@O?+ezcxKn}`=hEuvVIUsk|k95rt`mbA^KuZMF z(#2B)rWxNXMsQ;7Ib5`TnrA>)e1`JBhT^L5jnS>P(gy5hCi7hS7W<%Kq$iVnCXMtc z-}GXQY;l@$$uA?%)t|M8RZz<=xrs!-z>cGP_L2@_l|Wv3`yE?|`D%4(K?(+lw=&`~TX4ORi_sNzgiX$#5k)1;l9i`{UPotqMX5 zs(v*#E@xyN_V$;3GiVR7H!L`GzJidRM@VOm?F>Q;obD2Tj`ouw>-US?bs%iLBUq5qISvJ>;cuF^|pX;*nE*}r5pKIqQCT{;?kD$zV zHLy@7g6Wn0yq>7*xr5Z%a_ygv$rI$2xm}gYDlkq+aDtaz>z5*5N#3PuYeyJ9S`4~! zv|Wf7SmvZ2!y(p&HRkZ%wC$u03Q$&YulC*BstDN5`qX+9 zQsKfU!~B=R>-~nk4aSP8adc*2Rt!(1Ajhu1g=3I^gu>~%+e@YU_4oGoS7(fa99~d3 zMUe4>*K^C3I!icvH$Xwr^gZ&K77X>cu{Gqd-03a8?)pI^}qNl6J!fGRLbP+ z+ZsbUEUUEnq@)ws*$u%E2=ZdR;_O%a@v|G)v4>18L#16@J1^YVuH?6Kfjg%? z?E6!fIfCN-$}+;P75+uyUDGmZ=&t>rlXBk7s1k*Hsp8Ltn^TjQV=ABnI;Z$e^sXb3-STWo0<1p`bKJxatclZvk#`5vV^= z6c@j^51_XW!r2O1MqtGijcBa#UqQFFKJM9xB8r5^OFGYmnt^pv6ZE{fzl**ZWw_}wF7`gWG%5;ev|Sa7z;f4~7SRTizOK~jHtp`#$d&Z5&*mg*~!y6<23`Te?{H5-L4aEN37wv%z6*lR39 z9KL@laKD4|9ej-Mbd3w(OZD&j7=k_`I3$IexUmLM#gr-2KN0O?T4T^6el>^hInumj zG8eHgMUvF1O!f6OlFFCFfsdkzC+n*ZbIVGt+O;UJoi)_mpM2eiWCn`Ckz0-XLMI0i zYHCLE7L6yFOp%^TabRkH7?^UycfHP=Meu5pL&N$p8O<_HZS(hnBk~>j_Q@UC&T?mY zu6sCtbiffo>-Y zMt|TJ@M~j4GqFt8L*_L;G$YM$=1~w33_*2c-pj#1CZ)>Esw@)lXYXBo^8*3j-8Ku@ zT$wB5!Z<57b~nQ zMQ8@CY9TqI7#*emWHpvM&*x|Xg53AvgRCK{TRmJ(L|uiM)eZN5Yr$QcYj zONr-!-ICaI(|Ixy*y2PHP*BezQ>lZpX_~C4V zKKpn~h;+bpJv04>S{=cL7q=rCj&9?%cmHbE9+5Q+k0_P4L?D(p3Qa|7E*BxQZ-@$s z-Vj7(FA#DGHP)c_*YsWnP75@rUE*@vzG!c6YTiU@twz;U-{ik5v1e)ned8K}|56)1 z-`F@*znv$cN%2Nf&y)*UnG6q-s7c$9i|B%h%J-U_k5p9pRiD@ zD*bjter;$Z6}Q)3sm0>D{E2jL$IspDFyU*JZ43X%VEF`%#HVv)IG+|OQ&u>|#9Q*PrO74}4IzjuC zsa~p~-$KS>Z)C#wAv@0f2BEB1^$>{*b~kYkc&KAwW8BxPJGHq4g@vAAIL+cunWIl)ci;}?!hIs%ip)(j&l2On9`1_Fs=l%*SFeJ` zkt56n{*!OI&1h|H*b_(VZ2V1}>>sMxr-10K^_>V#vV$EQaHfXUQ>!A(NLdh=qBtA6 zT{`ua3v4uE;GWx@b8a8;4k2y8>3umZLk~3iQZHWbg+0N^p}g1jvAB4Zd&HV)O`kM3~y-Q>RU!G6<6qCngkv!w#a`nszYg;`wg1D3S_wkp;pEYH9c>EX0%M+=^ zJC*W&wbk{t55x*9ex1v$$rdl!-_zuW5`Gz^HG0Fo;vw}PGH*9lpUkelC!d&>m))m6YfiP= zlAdYac<4@<<6%3i3Z9#DbZBxrYEIcDAM*TUwnl!JkMiCb_xP<=eK2tc+*Jbu&!VHr zmbAc_0=1!4werBO6X?A#sY|91u42_{Lm+qIw-H`bTGrM}p%M;RTfXt>cpXOLBJkVw z^>zP!4!f`cE?Vk@OBTHml>JT=)^pQH%hFBbMbCF92NcTS*5zqk<;(vVu@r}YFa~gO z5xi@B-2h*OMyLA6{<;?3H_jT~a>n{*39;^kVj&afK?2Gi35lWcj>tVdMinJBWtY3m z_vuC%W8dCvDtN#Vx`9OkMX#@BQ=P~<%P+Af%LD&3pVN=br}3sFfJa%yO7qH_gM~`W z#+#$o=%ii=m_w z2}M>G;Pah7e*#_)JNv_V_{TpUzV|A2fMvzV)Wn^|0c&;R*z6f9^SB+;PSk*Z=kythLwYGv|Eg`#$gUJg?OMx>LsgPG7zpTu@qSdwX-; z)6)Z-C+h0zDk>_Dk3H=5;r}{Mgm^EqK6!EpSaSPt_Yt5}(o>!;rvnmus)e&&z(V}u z=$iSjA;GfrBXGm!htpnMF5DU!7y!C+9q>H}1WF$7%bohI-@m_5FAF66^K!f2Df#*N zd3&FEwH{>y&xe4O-Wc$$f}l*+2eRZH()zf63`Xc_4S-ZM`r_vF_GTd*m#Wyh&6w!l z{UX+|JzKw*d$XB)vqX2Z1S}59K7Opw>Y<^(Tk3t%Eo@{wNlYZNuWtYpSg^%uJo?|C6v9+~NB+)eVhMkG zHKL=iMna;e>@+dO|4r>v^#< zVSUuy>U5*3>se0TcW%3#4mPI?*l~PQ)iiZ9DEVsk*KaCHfYUdVEP|aC*4v9nO`XT$ zmh6&*zB|o0-bHIDZEVc1EFG*@031#&niNl#_84__YCjg|Phi!S!~j@=ILJ4qJ_A~2 zpkbe?Yf%5sYqp8aYTO3^zc;$mxy?ajt~fs{1L9L{S5d2Vfmtri`Mk3+<-tb0R~?SST)j-KdES+TiY&uMw9`UZ376q2UDB89U znizo_f|0zrlsxB)r7o98y)o)T`uNl(44&emzguGb;;ydJxzNbKECT*f?34k3pH zKBan%*^+K|PC60Ik$=6IcdD}HB*P7bz}5(!jQ{Vb5b_3>~r`8f9X9h=^@{I9_0?V_wQ*r|l6 zo}>9(CpX*pY=6tSP3YoX)%VBMWP8^)jOCoO71fQ6MP+3iS6bU~x#TAI_diT#w%u;n zS6@$M)ITw9&A5uP4nKL=-ryAAy7?`ID&TBpi;m0a=h)aXef#~Fjvu7T^UA<`Wp!4u z8qU3p>oBiAit0Z^4Hfq?3E076GUi&LN3^~l{SJa>du4lB8-Nf zCGcXk9UYlU-}!c{_U?Xh?fWYViRCTUNQ>fKZI?=`PCJ#CIe+|GmdQJPy8aYjn1*7= zh`r`E#8%Sx+wG+Nl>5Z5rVFz9n|3Uh=k7z63zx>xs(gN1R26Uv0KF>vSStI- zx4F{Yt_}n%4jX*@^0gAZp|aF=v2at@-azYsnbxMt@Cx z(2=z#dGV_}H*n=?dCSlUS1wJY%ZF@^va%QaujBADgLV-Q^aAk+nP_<}iwPGqnl9Go zGcIP+6bjc@Gh5V$ILu2pT8ohC>+8cqvTx5JvPS;vNiaBye$eP12t*ek5M}fYVwC4` zbibQY=w$*m7P6du;3J_Y@4Q@hUTdjy)Wb%rN0OH@zhjVOeKl?Z|Iob~zuDNk2EVT3Dus&8r3W!r zRz`!4AWLIdPgX`8e*ayfpmsBP)MaK6s6Z|#;lg{x@)VB`2ovM3ylD@qi9B-*zfy`& z+H~G2F}lTN|9Y9yg?SCz2d2a~@IW=YmtRv>m%AH3=1M{=HYW4{AEj^D=xWVfcA(mK zwiUNo7DFTJCdxXD9GThL!l5&;mG{t#tEKUc`98v5asJAM(-*Fate`fHMt3zpjLL0v zsao;X(n9j4w;NnIaO=6)q02a2e`mzg9P$Pspuw1`)8FRkWQq7)P$Auv$yFnCUulB6|$%Qk-Jl$ zm%aFj$R>3E_s-?^so3LqjdT5a8-GB{8b_-;CJVQBhqnW&Zy) zRl6<`MHZNtoXl@MKR<_7oO1*Hg}#D9m;}Zf{r~dl=JP0qI|@L?_3~w^GW+AlDr#zS zUPp(AKzHy;Q#1J54U5u&hRgR~<2d?V$$rPlA@IfNu--_hoobr}^?$2)Etj8N^J^7UX$D)O9VUGA_w(ds{ z2RK!Kl}g>y8Ebwl%KuvNy}AB3We)j2xgPm{=Q;TQZ6#GQ{?q-* zOas3E$Of0lb&)cADr$L2W2I5H4Wds4`1mH8KNA17qMgVU$CkJb_7$~4q{C7u+s}k1 zg_nen8qp>iKK@6QclQ_klS`enCkI#qXfBg^UhyDD^iKjuP0LfD=c<52Q_1SPm^7*0B$t(JyH zZ0+T4`|I2Br;`4_IBz6J+|T*V<*xJ<5M0Fy?% z&F%z7#UDN3mw%CU075ST+zOfN zQXcP8f~!PRQ*%ns^$DPqz$~g`?*O!2!N2$CsZ@}C#w*30=9BeyX!CLPj>>_dzlENb z)*;Zgi2ZtC^ZP#6w;++Q(9k~vncwE& zsI)I|u(KW4+|4Tn5=9a3{Y69H=32Bf+Aef7U`8`nz{v&X^vhPQkd=x4D z=P4d96*Dsi(u?it5r+7eW8(Ru$iqWJ{^x6H$~AR<$gli>@R-cV8+q2}&!mp^a25p- z5zyJjCntLxEXxN5-U1#&=I)2DxKsizC6#zvqO{b=%tXJ=F1E_8EiLtwy<&jQ3K^D^-jhn;VZ(fi5 zq`_fbNBJ{f<)^OU8>jT;ksvPwQn@f~oAcWJBP5m^~~|i1~e`U=u6ice3rb*Ai|49BIse zi6>})v9hz*csA!9;nRr7VchdUq+9pKP@N8gWdOcH&7M0|)4LOHU@OK+-av`sSHW3T zgL0b!7s0|z904HGTy^ni8Vs5))9*9Ft5Mx$ZwKk=c(FQ!Zka~JgY_I2%XN^^6JGE08}^+t0htw*>}1Cj_>lS;X+~tG`nl8XAB>0r79} zmG5H)WY@iZiXia)*wUvrH#cEuhvQnnIF|Fst5_5{HYSEi;1%E#TQkk6xw`U9^6UaB zEdv6m(Rue~D&H{^j{uhm^(zlH!w#HHrwl@tqEBj1+mzH<$CB&0x9g#V66;65nkv;ZF%^TBfEU;X10Dq} ztrHWl8geyPizC`k0t|9J`4{F zTlQXkMD?c={4aa;l%ITDYh2GMKqHncaK2Z#6V2|!8sdJ^g)doXLHsy||3L@1bJS>) zVr0QfWYK1(zgCm17?3I{D)LctfbiA4-H!;)y1IlxMt(TYUGKKP+eL%Y7x&H7`d@m+ zso=6`WIfdQWq*<7YVF<|O>vAdXVdi7iLdji4jKlAXF$JN6zmxhWCaUx%4>5Z?k(B` zK)`Z>f9@!wpwmaGH|6N-KUdeoCCKbE+jO7i4u9zm82Y;BZP;J-dzr9O6h9fMAWxS# z>dmaN7}T=c&zr=6)Z$4q~pTbD_~*xnGCo13dCO{wYyoLDQOaNt>_?7C7)(0QN} zejguSK|}2Z)SfkO#k!r*phWvcw&TS;y}e^Py5cQOc9W0sO8UfT;|lcoQoZ*FfWZeZ z87Zk*5O7SUmwXSWRM+^#sHDOibbNdatQ9Uo$UwKv!&XfV$0s6*va7Q*B1yB=`{2W- zIFX}11m&B}C_@;PtSF$JV&H+(%gp`V;@N+k8D8L7Fas7U^o-)p_c$T^fJxg8I9jKB zT*QPyn?OFHE*y=%>Cqp>)!JY^Lc45Dlo+Go2TY@d?2b1^X#=6(VRS$^_9~JO-) z7rBU$DOOAGbm5L|m*bTcwjFx}NxRF~|IVBm+fc4hbCtZ1@wNy|wwkjE7qiNfk=#e+ zl5{VIT$<2mw0cSr3Io2@xv`WjQb&%egADYznL?%_%a9Q}^c_NAf z(UT`nh9K)k0T|G8NWhi1%E`fjD_P=hyD}?vFi#sg5@UO^)FWV3U81Vqggd8XZB`eu zI?5;NU__2wOr1PHs)HH~*of~8>E7%I&zVP)wMcW@6o#h&pN|hl$)2nIgaT{;4_t}f z?0!!yu7VLa+A%9!*F1tmgM*bcE~?1T~e)Q*qL*KNgRt?;;C5s{U@6k{lY7%r@)CY18g#q$)975 zZ+OPB633I0CIA=r$AeWauC`58%(3xtkW#+*%jbCA2spSdsWpVF1kpr+dIRoR61fl0!@5fWkcyJg&>Mr&V>s9lWjc= z%d`EZljP_fdh7sky)NNEi(WF zUD*GL)$&1?k(eq$n`+S!wP)ZQ3>7qjfddk^S4Zp{dQ*YF-VY?PR9E#ia~gfKQ3=w& z$K62up6`Bw`JFKuFDIwtiWURz- z*=?#0$N{HwUZRpmA;T!qWP}(3H#e7inWL`jJM|09g}^et=M73~vFWxA$9s=U;KkA1 zy>aE_2(}Se?4)#arq^%l3QI~DLqNuN2FeGlu-{>LG~a_;NEYF6IH(zd4QUsKthycq z#eQg4&lLFCmvO$bzCL}PeZK`b=2+RKzXau>uJYHTwY4;v*?l1*V=igxk$>0I$s8tsT^e4h4+YEiqI|xmD zN5pRB9AK}+Ko=NX$6a449v+vf0s{h@TSMv%ji6FNQPIp=34|4G1TH0?O@BN+;xg&u zu{42+Sq`ulXBx>AEEin%_&veKJI(-`Dx5)quR)H$MypA^0aogfDH9LCo#S0KyMXLj zQjL_9t3qLh2BU;({FwB_&s;jYIvRPO>b(d~1r8qGiFfKO6>_gb^Y#;>gE#QZj}fFC z7I_K1poBflKn1@(Jv|-ak2oo@6E_KiYP#R9dX5~G2m+pHh1C!xio)|9o>y%F;%q=w zm~&aq5sfr{4pRV4W0Ydl(uhidxMksYXC$tAS0Fl7)>n|sL9}Imvh+Mk1bo{DHvrGiHV8t-@gysyo66cqZ6zB-NSY@ z7EqBKo+3El6U%#hPszQrcLYv#f<{%t?j9B_JXKFszBA7($f}PFzoQ9Q!N}j%cm`r4 z7h@j_YpJILUvn&cd=?~xDX{*w-U9fs@O~W{)DX~ff`X9z>forz8Y(KC@^^7|+#GSL z*zE)Ig;Qp7s_AXRaSF1C)Mcs;lp#X*f51yxau(cb+>aDF{fTlSUc^tXZDWpBR zfiOpc%;Zi=lD!Yk!$Q?S19fO7_x3|SQj;t?OEYJ$Jp@0&?asY@z{9r@o$|n>!z~iQ z*Z`3Y)NCKhCC(O6_0M;8gD5QD=GTBk|7WVbyM8WmaSWP5z^Ncra~H<~4qCPqogY3L zG~eg;`jny=*fnYH0m-_F5a1g zPCf;yP)#tRp_Zu{k{s9!60uk+!Pvx6O%2Q>?`H09Fww=G&i+V#p>T%I&9ej(*-C-F z2+L)?Ejcqgdv47-sM270?{KRR$dZP)nW6!+1tcNx%^__HemfHPc9j+u6dYiZ4x*lU z9dHkYjDz(F9X56beZUV9<2RFu!NGXg*ru#JMwj0T9w4Ik&+gCO;cRIx)gZwm1$bxU zDGGez*U8TTSU9SAj&2~+nce$lRP%0#hUJaUGuX=3N?p&w1>oRm1`z_+8?Be?AXk-l z({;h8;6-z;gpkK;9o>upD+DGM7X4CAR(cK&Twzz^DKGFY2|h&3gW9~qQ^2JEjlVx3 zlBW;WelRK~7PK3DiJmei!DC{4xK>cqH*|>uo&35WH(?ee?2T=GDNqo0)YtbfJkg=Dz4QR;9-F48M6vhq@B#o1LCzLeJ_jHU94Y~ahuodAXMNEW&jVJt zAhR=gq4#AxKZ=l^V^K=Qknn=U zB8&dfBMSg_f*mL8TJJckph=4ojhj(kSR8qWXPBMt%$|-a(wPzpDRZ@<-3Lrt<-&P@ zbZVjG`OxAoi*&_wzcH=dr1o_NgKYSy69Se($u{`5lfU-EV8!_oq2@{#QXJH|i zxgEelvK&AQn8*5?M##kk6!izq_qpX16^X@OkIwSl0#H}ZQc#kIhft@`wkDJkM3@@O zK~gI$p64X58|?+)kUQYil#*B=9h8K#jUtTge31jPACDnB3<1pKjKjeIcm_T|)o#ss z1itNATxt(~nT5H5xg!o*luWvM|CjaDFDJPjf6K*QU$+@GDM_Iw0;V5OCm8xf2^P$o zBYR>(OqYf~h;efh=pT90Zs64=Wo1P>RvFdfd3MN9H_EJ&qd&0+8w}@edXI}h!9A%u zfNy0<_)~VYAB&+uRmu&U!}2ww2Jo@Q089gn(i842?}5~ut1igymAu%+1{i+i%+}s+ zh~{$xvMRAxF|MW_XV@)vmakV*QE)bfz+@p!TH;m4Ryi>hly=wJ!_%{_yuAGK8PO4_$3_o_t50*Vxrgrj4f@|_c%Cb` zGPbK}oM51#ag);IH+zE(ybenrU(<}1@%9$#TIEUR%U#;I>U9H`S*-kjf_rGnvN-AD z@-IX#XVgXR(a7ylXM`7Cu|R!5zJAdk4t&hs2G49dqO6H?;!avP6|#cP2AxPBD$!<> z5haS@5dEEl^>DViZ7flyr0t4RX1fbCQG6_z#Nh3k1k++ThzJfD4&N3#=gtXK3R1yv z3%k{Y$jEyI*39Hy{>!@K3P~L_uuot#2N=ghk_d$=(b_9=Eh==XqyJ$r!BZ5A2=^5Y zw|kf!_6(iymGYd_0LcSz@l}F@&khhxKU6irrjiEpj0H;;)ORui#Vx>2d*trykj66L z`Qc`S9U}sCXYE6)kl+WO!TzC(bE$p!(+EU}Ixz6VlKazItUBYx#XtHCta% z#G1!kE?~K2U7Yua3oo?Z<+%yCgT2h9m$cQRzU<8Q;YfRBJIE^CH&}3y04OUb<{VbV zxoEow)`4-eXUy5Adsyj_$Ll^dqVZr4iIp{;WNS8kOo~IE9TUoO$&vzB!#v1eKx+gu8F@|EKM~m}V6$Hzin%dgOcMS_LcM3S@{nkpE zL!VK(n_Y5&_jjdMM0YAyO+{T8j)E?x?e>l9((q4gn3iR8zZvcjE`!l7# z*Lu0z>VFAX;l4K+8xau^;26IFyWAk}%cHxtz}`Rj3g+Jp&2H3)|8qN<3yCKuCv{FH zI)HL-WyS1ov$o5~%FV$M(^=&sqB?K2RJa)Y)-xMurrRL;-PL7jfp#SF5G8i_PT6<92W$?PW`@3riw@*WK z^;K;hok@cgxFv}yYWopLPE>Q{{j9z|P8mBHr|M zrpi(kxGU8Mf`1dE-{%ycErOy3OgsCsvkN?L^+C69zQqq1V-wKO_*)AS6?Xt+9FIoi zcr7ilrLds^3_A+t;o-s4u5CuXrXV1w0L?lu;$miI#!ny?A1@*}Ese~&V>&>ga>}5_ zMiT@|;3_xe*zC0@;eT;F?RE@UDZu^3%J7Y|)k3SkvDPJE$TmhZrcRx_yXSrh5R9Ys zkwB?{(WLlzskRr|+Pbry2`*0HR(9W-DyzTzOz>43blQG?^MR;7d$K7(|4$#gm8oIF zlI)8ZkPO!X?XgkC`){r*ZF?wp6R{pVc?qp-UMXq|M}klQuB@vL-N;EJ60xxAt*B8a z(cMTUa&`Ml)vmGqoYDyF05AZ`s{i7XYTK(fwP?VOb_HBJUIOAx#3rd=@=ZR-fhz0T zjDF~Vp%4fyFeXm`{32o&4XFAs|E}fBR?+3)2PVw!VB!<5V0A`d+dK*^W)EBxFbn%j z0kHVE*w~GRxLdKn`3B?$wuT<6pjJvB0jAfAvDA%wd-{KaK?z8wv|kTFhoz5bPG?5w zw?ByqX(&4|VADTk+M}brbM*|%o}c7@nR}m`*c({pejzE_nGF%8n}a4MnmGmvZ;XI; zottsnN($Vu<74GBeNZm1SEa0qwaTEtyiMCKPj;HCH%GIPL@|Alu(!Kty-m=`F=rcG z%^e)Rq)%R5{vllimdPKqzNmqa8$A9SjBNtI&DIlSg_1_LMfs_^jWAKtMNBZT@jvVY zm%UAmATXV9d3pI{Z{cp!gBgh8ekWiYmR_@=>JvOuvWN1!&G4n~cRdL_mRV5i=pIz` z)}lj^@8RQ@e7GBC_OmK9g-+0qa~!BrdoTJ240B)Ua`0rZqX1;CzYz!+zOTO3z>elG z?=W(AKLZIj7U!$-)wjbwKKZf?8@&;W!ykX7&#Nh-RY zW$@d>mR8Y7rIPn{cGTrNIy$s1IvI&xWhW`1m1`bA83URpkCf#F(UtQt&#BDzZHEYr& z3bD5>u{Nyz!hVc^#y>2On4aF1VFm?eq`^ShUy1YiIzIjxV9~+0(ajL-)q^$kkZ|s7 z)}%x1#G?qG&X0sdNvRa7v%)L=K5O3}_`VzKA6eylfXt|YUlBzV5poXWL;-Hb)IGeY zwvq0Fm9CDUk-f3jv!xxGJ-2>`y{otwH7ZWV2VMbild6t|47#tGo4`Kv8ZIN(Z1nzx05rYUp) ze7IY?ud%(5;nDDY&M*&}0$J?iG0;I}TS)!^$wr6ngGO??Te6yd!rq~y$RhS56 z4;B%XCeH%7o^KAD+-g>xmCeVV}GT{sZa{&4bni^lHcj>B_Lh}maYvAnhBdeP018yc=>2D zRn7{@BR$;(x~SnU`HYY6l)#`{tQP$dRI0F(zzw+3^?vd47i|7Ufgk#94I9TtI zx71ZuB23qv*!1D{$+Bq@~&7%<9y+6 z5xEpHNZ*Q+ghf9lkB@gN7{8{_&y@vM=Y4?t#A;B{@KPnn5A_t)2?kc!kL8q}^bLHw z(cbO;YO&3(^6}$(aXe{BU5G1{`KSXIibKPq8~$QyuVIqRkH@JhU;Ltxs?+qj)+%Bx z%A!+U$V|yz#HagV^ShC)V{~zZbT;-8V>CCQx{@tn$cmT`y^4gL7^b_fV+?!K7YSg+tj58r8EB;p=4KGEWGv|f{z?}pjG z45^7o)O)3g*DE9JfwvYv1ScDi;zlH}t0P*K@T3(~{jhV;i6P;%1*B6VIJoNOTrESz!lLA9po^VF0?E^s z7Go#g*|av9AmudZSMIp~$~5_XMQLb@8u>jIZ!@G~0@F;ybG#O5ZSC%0z8J)_0z#9E zn1{CL!Gw>9+tF;lKYHw&Sztr+1j6ePvW!s+A^sROwjsq#yN<$NWykXB*YF`=FMWUr zw?WC71IDS2KW(BNK1botFvJPgBds2QR;iWPF(V~~%Q1`HSAqOsXSJoo)WTY4Q+*m) zA%>=2K}zYmw1KjK||Ot8Uo39O6Pj;FX+!r#xs+ zjz@0F-HxkHD2c4O^Uw?UW(p)KjSvv6W$s6Whd~GV6_@InW!&dS8FWrPqJ?Cwb|1o? zsxTArB^p)rMaW>KL=g?;t9`|}Qq@Kq;YU7zOe34P@gBWTe{6#e8NV4a@p{I5K1ASt zy+lyV7mj4uQNe2+5y|}Hh?eYy$vm&8l?z+Q`2Y!TIOGW2u~N70?0(pZ?G)Fb9o91Gl5RTNYfkE>}O3v5oP3h!>wV`MPVd`2^Z94E_;!#Klo_&*B&C?pq3eNAgm zSzS>O^X2i!PP`lhH?9p~!cj&RUsi3z&n@I9NX#7PJNfzP?1^eh-6PWr+LL>9J*yD8$$*uNGTC{DwGvQxwu|O`=0n zKF>XXWq~@utyh!ei7ndvjfT*T<)RJ0C6O@Ayx}aanz@GQX}v1Bjp(3(SzeUdJ<}gl zLhlU;!S0{o$@DO>5ps0JF?!CvV-{?aHj+2q^<{5}nZt5m@TW?9HWywNiUGC5b#?wd z{UAN*DuflGt>1&C1AG5J# z1DZW+!o9cm;RVZ8Fl@8o>)~~-r~qdC&2Lsa8XA{o{SV!4DBqcV82hYH5ezQhEIh06 zu+jXYO2IaCN=L?$?6=O(lGBqA$4fG!uKRzs)R2Bz4oiDI;}uze8wbg3_-F}nc@K3j zegT6jv*uXcGLELT?Z(&6qu!2<6uLMs8&qJ1a;_aOQL1{wd2J#LTm6Mf;)I_LG5;DM zS&NkoX6`XrFPW^#rd{MW|1P{1aKfWtAUT)$6el`Oc$B-H0%Ao_*!QS1-!Mx~&9Hhv zliEJ57k3a~rh)HMeczA6Rf239FVc;vke|nXPMu>dMuv0`!)bO6hjgJvMFc94wh3Tw z{?1=$PG$#@c1RtH1PO!|S#kXoqG^zxU1~HZ>%89^rOL@DqcKIaTb&jqNjz%^!t+-F zzw~_%Mjj~iJk34#t2re>Ca5W8w+Hh|BhF3mH|E~Ge}wD_y4B&GDWRVq>o8#Nb1az+ z8OAh+`s*OQ#DJeS+y^$Dp+c(Zpxbbf8k*-L5+WvLU_c!eJ?v#bx&|+qD~d&FB!;5j z+cKPrh4ZV^e=*c0s91!YRu7}7Wqt9}wT@5nBl41Pm);{rM$`@MeD_zD4oK~vkQso> zG*r6Q*EL6oeg^;#;5y8S;_B{?N}YNor;}t1*cTLsm}USD8N?RrCu@AIyqa3H-VsF; ziHXw;ZP~+YeIZr4?-p!Q9L%UaP4~IiQSSSzaA!)5^!iAEKz8C#7?ht8njHD6ZCNyeBI`7R2qfB98JykD+j<2;92 zGr7H66Bn`gL!_5GI3H^LS2|ktLLup!tf_mPhU+XghE=zA)3V{> zsfaJ?gGSb5jKK&pVOdzLAKv=_nx;pUvS8ayg+8Vl{!!k*t_U-E=}a*T&SC{r>Dk0^4@AM?P9AbAs%oP5ew14!6XGKGjkNE zyx4HN{blcWxRsm@ZxPSM@ng)4c?b)Z*~;h@xDcYMOXsAzN<;T&sHmx7u*#@4H0X;KW4&;oW& zC*X)|GX=OeTNFvRcoc8So?7CFw|{KBU*Xr5kbAx<5%EnRDdeFz8uan@%*-H8ev^oZL-95U0caNs6+`YEu%U3|a_O;NUxpB?Ct#YY20{52}9;!V` zwMc!PGZ5MB@&P(FBG&9d0OF+;AYOi(V<6C()otR z+{8%ImcH>$q(2nGaBC85%~Q#=r6s*_#8K@oI(k=Y(4kE>LQ!I;5+&9)LOaX4ZdzDn z6(@5z!8{Q#W&2AjWM+Q=UXWO#uToN`{yB!owg+FSwz+Ek(5xdGf54hMM2nq5Apy(fT#4$1&zXy$l zAAh!A+$f(H4U@B)#GtLSR(2k=+Q3ZSY5i1 zswWmmRh{XE&5ZJWSM(Cj)FlS#FdL#am`yGU&hlU#CBxB6B7s0`WlI7+w?yBLc*NjP zjU580j=ev30xnRKlFkvX=O~;gh3*G6bnBxy`!)}`8 zMOJ(N`%qrlcD{x72k%O4EO*chJB)_$?ADoklFchv7mg+QtGG?_uygDw4>G@2nkCtg<$B!n8C58M(8Zy!p?EQZO5^;9THasB>P_{zMZ={haO- z>&Vo&xP8>{h5{tk_)!rV**WbAi%QbZ!dI z`Nb6k-O>)uXyis*NOVlBvc>(dXT*>NGNsHZcn^Qv?lPjoC^``^{(4lmu#gaLo(d82j1eeP4Y(-a=m@BaOyCR6$wxh=~U z$m?J-cM+0%xf${*Z5{3!fT4Q~cN!ck3b|FSjr_2<&-L!P+aEWyov^n9d>AYG(uli! z?s-HiG)C!%C#lP>{|0@#oQ&d6-*$SqlOuAmpb$LZ2_ubJK#`*t*{KPh_4|?F;*Wq) zTA*7`m^r7~{>YTK;>KjnqPz))^6Slq*}@8hRl`tX#yYDBJ{wzisgE+koU&mnQ~= z^SMX!ITK!if*_?h#IN!ta~YvYF{gADo;&_n4!ISv_t026mUz=!d0K(~dn5j5dDTe7 z7%YUQ4eN!vdGuKm(dEi~pS3_ea{SKF*~y7>D1Th&M_~|lj(f1%1}m@y6>e(~0%SZI zLO5$AnaBMtrDhgfPmD!=9U_?zTAi~y7Y2gJnLhn&8trpV3p9-R`^owl+B2~x-XrxsI7CzM~&Q1){ zxX9O3oF}FYrvh?va@-^752j9rWUXXPj)mO^wwD*ctDRo@%0=Y0u=RMdT9?y9?eQyX zfdMJ{UJM`g*T6hP>N(rgx~4YR&BB|3VKe@Q(jVA5uIxDd)@C#yz>nwl}sj0bHYEipA+Kd@AY>{15|J(FGLER@|Fn2=kQyRnI{dn}Z#qYeJ9 zVG+uP94&hKoKoh|H>>ZiyED&ewh>AF+FpCO-1RbkKZee2L_hgi+3^Wt+0UYv6-e$F zTK zrg^3RVe-?{b4xN=>S>BR)D&Img5!XkLfWFSogv8ku9#M&KxVEUef3gFyMrT1lpzz~ zqHZv^@E#FiJ-dc_GTo7UO!#MAk&2u=YNuSQ+6ld&;7gu!Ta<+ARkNa=w*&AMkijf> zR5p@Tsja%$Rc5Nue?e@j`Ob(@n=8wS)N>k*>wfsaiZLh~H1IBmkd}!X4gO2d1)|05 zR;?n1B$U-ct-(Sd;NO1{O}_DBc3H?3B;a@@kj*#0Kj06Ih07_VOIWKrlnY=@ehW@@ z&38$KveRr&5?z~oH{HN~r^)CLXB>)D0FpGR$}dW~MWgpFB47SU_h7`-LVyC{RmVlx zYx>)ae0qVbcyiV(G9YPrRIL}AB-3mKgGx`Q%SU61v*-D!uTm@F|M0Yukd;zA$S@3% z)*--1is^N;s)QHXF}818s>4*$CTXAJ*~I!Z$qO^PA@CJPRblRs9mknM&FK5#fN>yN z`=cJG2+&3dapi(_Ni!pXID>*sW|%j*6FZK+pi2)B9Id#Pcus{DeySR4;#o74F$VbM z#o#~Z8dSgNFreO`)2N?+bH4^V=O}FqI-6BNJM>8AZHY+J+u*!=M^^VdD`k2rcU)Jc zIx__vDaYqwY8u2DUD!PXGQw&OO`prrpuD9SDLiv#C%#fU;Hsz3vQfj}41-Z91S4%Q zxf6PZXQ`R{=FI203q=k{O&Xv^Xd@i)b$nb zvu!YS5drfL`I9`Nvj|GJ|tN^+itueCBmEBdi?AABIM9!Nl@;Vac zaeq!p=SO(qcuTj#^191KQZrKD@++yLIwVxtUfUixLRTR~m8qnV(1gMIt*cOFWg1)G zx3y?S8TXVt-LDQXHI#>vU31k)5KL$df&}9`OG1L->f1AQ0g;&Vkvsw%NN@qU4X1>~ zBEjOZpfx5xuPt^Q!kwlVwXwl9*A_eX>Od_+wW&<0w7Shu(sx!h z;8Bz=*ZHXAUh$LKXN)vss>sC*yJ4%VBzX+J(8#-Qo$CZ5dF+~!9FIFv?BJyQ;V zA?Sedr0Lbx2Er?kuZ&@=y z#G0-dx+pqAadcon&j+Tuy1g@^lzpJ}QqY-E_x)y7?~U8ddAFj}f?xShvR^fy$vtAtdS=OfVKe01BCGLdetGTP8&k*U3M%+buXM1++lG{VvFF|iMZ(A@Vl8LoT3f3fYHgTmHPeFV$M@>xRA*&NTM^3;n=CNxS6w$ZteEjrGQlbmbGfwwBC@C(##4jIPqTlcR3*wuk zull$Q!}R0SvrJm`~^yN}y>5tTmpwZFkz^$FaoR#VT- z!`wW*xBi`xAIXB(^80(q-=5(KVae6LzKCttsQZ<$YdtWh&vuO__ZBO)na=;y*0zlG(8 zjNgP7yKoQ2}UtM=h%pN*uAg2vmM&sj{1D~hYQoZJsc=jneAU;OTu*iBL{n}+m!ZA%3 zhco2LEoK0V7-~u3&dp|gx7yoDa9p{8d?`WMzd4y15*0y+w>7EZjr9r`J6vj|>>)F6 zd!j!G$j8ED`kCyRbMjB&<6F3#4{47%saY?`#Bi-@spTrS)}DqREU_9nx>8huRk&Qmk~Hvs?;I`pMIX>=+iZV^^b3*Y&}|=b!K2X6}q-v zbca1&Am7+Z{1dfY|C!RmnW}2rBWrUEwJI`=dWo?UwyXG z69|p}Xt`F3Ml>n2m|NW4zf!Vd{?Vq~!_4QNG%{ije+MuzaxqeCF z2DwNZxvr^KLrkv@BCf%Y+g;!q`hRH0WJUVG6k`jsz>~MC0k>UG){mtL*e}dkJqILD zAkyWuJ?B=N34j1O-N^2f(!%?@(QjqljEv^MNa;yLK+CsrEb9k{M4tdDdcGPd@pQ>DGI43koJ#oq!*xDezjL;XQ`c?Sm9ny1Zlh|MK$KdQ{*zH$VUS8j#Pb ztEss^@$BgA99u+LNCF-Dm94_|_I5BeXR^j+eYPdg*vLrJL>AKUX-2|*8<;Zp8xZ%~ zxLka!1$=bowjPd?yX`}-L?8dycYfD{9eTmVxG(1a!~rC4QU5Qg_cKv^}ryd0aD zXk{bfZqHlezB_lcIbm@EzO`biu&$b#$>usXjU$ku0Xomo=bTuBGBtjqA0L1M^>Hq> zT-JPB7~ADQZ19QryX1f59}-wzY=D8q{Lh$ic`K`RpcCDx0nQCHLY~f-nt|5f=e@S4 zcq_6mUjjB#?+xvVA`w9<5)#8iC%}cPa+n7b(z}-4;U1?qH8nkdhikaXf&SJ<6V5kAH*Nmkt&$CB& z?;3zLn7X=9?>Er}F4s;@PIjj$vp_`${y-<qL1mK@Auhq_4$Hl|rx;b94F;!uuVQ85C><7)phZevqE(6C&Xg$#6 z$`ltA050up)2n>-WH9Ewgne~u<`baqG=k~q6;oHAK6zbgG6{+tC}7@11%LjguQKhm zFApeMK+_B?MmI-G<`3cesazJMiB=;8hEBi|CLiAhZKb{1K}-u(Spvr8u8Ht*ftRwg=PW04+Y#t1R{Ud(az_+9g0>?qko4V_(v29qQ~1!UFVa+1@zu%NWG`yJcsleZ_!J!KEy>?n7v3 zD-WRBBqt|_tll~neWs8q9AaW5ydlwLZN~vr-9}%iq=A_#AQl0>PsGd_K-B0s&N6EjKP5OPIPp%=7avHCdlJ$rbIADxL=Du zKHzR^RDgd197JDE@5hklexDu^jYXQqJkS)kHu0Mhyn!?bWG*Kh^;gJ+W6 zjNwO8p{H?HgE+#EK>nSex`s#SLeVjLgO*Xazsl z$2}_EZNI#Q;|-ZKQ3K7{_d=}4EkC{;htBCp^ztNpKrmw9Ltr94*Q-QuEWE+T3MJ4K`OZP{Rkh-a6@>#@I^G4B zb)dFi<97P^BG1Wm1K(HI`S!=Iz~gC1uTLhQ5GRn)HP3Jh1y~z*nh~*cb;+slD=L88 z^*>lm*Cfl^$RXwrcy9jDl`@ z42yPfp@;A2jTWGeB2n0*A_UW@MdOL?@cBC25)%_UJKj!BPVSxt-ya+d5k{`xfxv^g zL$F&9jJE{`_73Yn$g6wPWWUPeg}wQU+q=$7WL*O-T3H?61|q{#e*n8=Fm8bLb?J|K zY8zn3$1e2677*pjhki|fh`aQ?ux1SN8?f&OEddyAB_$Q@77*W1erWVL0zpWpyE-bN_$>|;}{^Y}aCVx|aslB0kZ=2 z3A;QdQrm%Sle71LBI^0#2fs;7VO;Ady&ItW%OX$Oa0(9H#+yB4b#Z?>oF!2#QPosjASP@t5&bQ8p;y84`X zQ!3Ozj=E%Z3zMd@h3b~>!SS*A24LapK{mO69EMP*Y4!>ut<}{jPVF>&pN$CSa{z%10EI@8{k9pmC<^-ZfxuE_}li(P(TLG zrWcYE!OEtPi;mfvu21v?WNyh2+D6m6)N{+I2bw?<+-050V*`}A7djV1-@&vdJ+EDf zg&3k7^NnN3l~<$sZ-1`qU1NVGmnvNEL=L1I^obq`HUZhPH)ep>#fPVbo9pnKq@*jZ zPWb2^;5-G)Ac9xH;R=p|H$Wm3ZwJJ)24;J=e?EvyO1k63SO5Knc7Ihi-pk;twVy8i zT9ZQmmTFbJR1k3FwS#3W(br21EdNTP9-uN1$;f1&kAHQ<+y>DE6p-XUdM`Zg`YUM} z7^Jlss}SSkF1GSGi0yMLUs}iX(?pgLE|`YxEJE@#(Qf4@eY z=h}ZgWaLwKOjJ~# zE|s0BX%=(jrM)P1JwKRJ1*pyjKe-k_bTB6S_y7ZMa3UI|O(fSL1_A|wxR@_`zsM78FM zA`ccA0CBREXlFZCn$;O%!kUU(yT2d z6i_mg7?@eVe0dFPW7k`uZtJ=4m<|X9a5&q9RnT8|9kVmW9j|iVH5xY}*a5M>**M!Z z4f3MPDa8u#$#Q;;a{!zP`ac2Quv-?M&CE3CB_;LSoUD#y)Rg(B!2KhXmB5;$R+0w_2j|BO3=F_w01Q16{9sH;*`1bl*O_Q6 zje3mw#tmPRe%O*GwPQvH&?+%e&)f%<`@!z+clPRy(%3zYWmXZvJLKg4d_d=v=~_q2 zYkOy}YgD-t6t>fz>xFOHHfByz~B%a2Pq7wOg91onYmK+X1RyTnri~qf^@&$k; z<6wHKY_NwlTbW_P_uSWhW?At41bqiktF*9d)S~uo8h0pv$O?a@^`mI2)-5tp_c~#{ zC3c*coK%160X6dy;V6(kn}t3q)~e{JzZPnwVTXMJyvKL;_vasGWT;qv@4CfY^A-bG zbSWsS{Sf_TLBO6!2R-ND;N$|Q$aRVqd49Z%K5%xMTaFFBi#aMq1A)+oVxj+`?0H-C zx(rv~r-9*EscAz)LmciI=E?}LeUN@0(TzytIGe?M22>>9fImzreU~);MVM>p$Ne-X zU{Cea>6aOe{gpe!{?t!R@XrEuX3N#glde$-zoZs$eF7QtuPlM%v-fZUvEKc)DK`Wm z0RaQfE%9N=Fxrs1{;$&n>@h(uP8-;iYA>WsT6fL56C~8`M_>{%loY4%4(Pt;2MY28 z9-|-lmc*bKMwuKL&0u0;mfLp4abSz$4Uhwj(y#wB(Adt_98j6@nfKh;7~ja?=l?YD z<`=ji0$HaVk8^B&)SWwbz^ z>cTTeC2%<T!>JiC@%f3$YLyFT*W+mCrtPC>N_;@-r#$qi|@P!Tj@_t&Im-FPZ+T)ledC}PXu zZsK*AcNB73PyKmi3bM`XDn(%2r!K13NS(mM)(AhiX!{LP(znMHWMpyjKmtU?ZK(z% zFCJZf!LjkULcNNY#Q`w8{Ktp#+uaz9V>wsXBan)__l2(9e&eQ-n&IP_k)_KGnSY3pp<6AhBdBA&x3SYql*p>xmUT(S`sFK#@g^Bjh+e-V|$#{62 zejdTLr)S~@zxS|?{`dex3U>EDJYCJI;#d;u~TGjnq=Ez{J*SDv0p}7I_`4s9-PbklSDzE`?nG2NsK|YzrQ~|`v}ai zC17S|CXz|f%+$1E>bwYE%yG~J)D%FU!k!Q0#zPYm5WoZimvy1Wbd5EBKq&$LRRE|xD1Lo>eCX-vOD|0gGI;;}O^~akAGR^4*Sp+e2JAV_SFp{Gnx+D1 zv+W8)Cf;A^Ug2}~ximO*`}e#3p3}j1^Y2adfBCu(b~jko|6>yR|C<%~iEr=iEp!xg z#kl$M$pO_pCIqv~Qxj{03m9X7zZDl3x3OVa7E!w#jR9&)49&Ar+@j)QbD^%hQ7t+G z^GiNd(we-yJU+X5!>K%##-*Plc&~<|f6Q>F(ZKEYHmSj~(VeP(oaM%U0_285(-U9Q z#!Iuc68t{%=Ra{FkNl<@lB$ft>lEecCuS;=81CB|QIpG}r_; z!3i?}=KScYwkR4KXGRYVsAy}z!v}^;Y!IKi3N|d9D6k8re)*}Z@N#i;$FB+cOj@D$ z-b=k8Rg_e(tYG=`KD@vi_nyGf2Ksw3dgns_!Z1Bd-&_0&Gf1Y}4d|=P%KaRSy)4!C zy94O$LbwQpb*fhS#?$rro5CjtnZ3(8@^Yn)&Wf?n zw4@ivRSq^U^@4=;#r?4)oW`?#W7%^J?}O7x76CUm;g|nBd;D2@aLdKUL_r&o^HAjC zHoDEthi|q;u|%I3v#20%j}ZTSib3(>#0^TzW%(q++N-oQ?`$7O@6CQ$F(Hv=?QAM) zGe^>QjQS=e0{UYm^?a)r>a*wXqFo88W4mqYFF)}v*J!9#HP6bD?-OOC*GYf(#Je$x ztNC!dv-WND`h`WA`|djW3^^`8Asi>1h?VMIjb4o7yD4h%daMga?*l8I54*Rzp|bL; zSBHu7Ox{Ry^sXWTIfmZfr1P0aqEX3Ebobk=&chqOQyKoOANJ_SyG<)|I&7(dsa~`$ zf}T&yi;8+EW)cz-a#OuS>Cvknm-VRFHxfloxmzL3{1h@N%ZuV?Y^VcREG{8aI9w9U z()fXzQw;n3)O8O}@tFFg5qc2BO${@uQ1|8?tuxjL#88ZTOUui{U3gs!9Y%a%vNADm zWog;j(W!supj8AtvpnIpty}qM1uA@S6AMy=?lae?YhG^@+*eVs)pL+p_2rd9cM?N6 z7786&+7wRUbm%p^fDZu5Pa8OdAVHk>-NNVNN|`3kDJG&)&5^Gr#fN_r_gO z(p&E_!k=TMKOqZO+OU;jae0h^+S(dqjRiM%j@Eh4t@ZjBhqwqNh=vlf4~ubxcyJi16tMWcT0M!p&z zmR?MqI-ZGmW%apjKD*}t5B=@+?~tb7kj4-QC&spaAz`}cWLGZERWx>E%I@S1gD%0R7J=Y2>lFX(R^g0k}Kn|Mg**UGOl-Qjwz>kH_oMmK~S1AWM8!m!G(iFlA*czsG z_0h{xAEqm(roGFYj?t&5+dhY}QrEP->7C**j*!%WVX1O2Uo5oZbgHX#_LbZOs3J)d z2+Y*$R2)Q>ic1>n}kENLM%>2ozSf0nELL5fG zJd+}HITq@^x*6Kr(0`PVK#!rs0}~Sxu(mOv%S=;9VtVQW{A)AZ)I1V4V@Jc=7aNO} z$;5O5hL+E~S*z~j{U?Zh67oNwx%3)>#+#ZHuQ8PTlb&*ZJG_20}(O<(|PdzZ$oFLSZuRGelej&(92(tzGI=PYyjhNOcM&3f`X80FaqaR0c*x3f3mieG^8tI>NV1Gj(_*{D4 z7JGrorN~3?#*=+<^lm)}uwR4Esy)Eyg25%$`@Jw9ij(*Iil`kp6gi`vwoh;^JXik$ z)%&>{>VCqUlJFGbv(9S_zURVLo(nZ|;6Zgz?CysLzUW15k@Nm-v>1!DmF4qK@S%|g z0e9@x`>5U793SM2ahM=_ZE>J!qW|}SjK5oQ8Nu%vWbB;RDxJ1{_6L^tSwb|CW;t7S z&KoiD$+9oS#amigCfrX|CKN6L!xVbEcq}W6ifoTEvWm;s2dw&bh7N)`B6Gr0xVp9V zdkZt>I*l3SA=Nfa1HwsvikVZ-cB18Jf0yjkL*QWgs7j@eC-Zv*jX#DCfH1k`t8Cm_CeqUmgb~v!n^l+qgAhgiR(YP z!prjhrGLfmG6?Ic!JnUUISua5Y4Xn`fm5mq+S>_24Q%PjPpr!GyV=rY{tQ^V9OrcT z*Sy{`E}E9n*uU%c8*{B7a)_?ZK&(hF=lX!RntXiUmnINJ6 z)*90hVCKWagO{>Mam)4uff_nXESr*l;F8|luBh;msKGK_G^LOs+KdaP#O&tbA3efN zImD&>v%9JS19ed0X zG0R_$)fOZ6;Z_P=UQQH31UW{g2BFKIenvmG(rFCYRYIY)$sg5K`1Ajnr*JZPxp2HU zn|^ifny)ujOjpbp3AqjCC;E_XqWT%#v|fp}*fuO6TRk<}#9i37axa!V;gy2=DLJcw ziIe);%WDyu=3F}&L4*shW2WsJN_UyQYwHI&r_<_BYA4QGKIP7EMAGcvt~k|S*J&J| zd!{p&^NTR#)bvsMuJewN3M7&*(@*%X64x#BDS%sWT(J?~$ z<+K(COlC*@teD)R_`*~wB-%YABdc=ttg4J~`_7R%uii3$!`F{X4pxQ?j@}wc9+QBxoDeC{S{0|bKT1Fb?Q{pA^P>}khBM!k7BLvvpzaN7v+U^>@L3ib&X;$z3{i!#E06c@Q1%H&zaDj}n}i|p*|=~!$EtgN>j?kn}ARzg}+ zc3tHQkg>x>bT6vIqR!|-^G{*iMGRRXZ&vYKv0pGU7X_H5WKish)aT>+pN{yA_vh4u zcF|PAGN%pE{0LT+Y6fg~%|&tk5N}?Xtcg-r0|7-}Ff%u}MXn_lJDh?U#4cZ+!qm;e zFD^VNy;r8km)5fg;XaKlI|j=wdX7sYdKV+OZaRiHJu>!hqbW3kNRM>ur_t^gXu<}1 zFY*7jAoRZd<@#aH7hYvKlM{kFRg_t0jp}NdJe})_Q0n>9ZE5)GUMoB1dH12M^Xe4= z%Ns?8SSM}$TW=E>2bkBO#RXgLUs*ec52ix=j(u**V%Z^hxGKt@Y08pM5y1~d)B~p_ z4I-DV!ddsAR`miCQ)J;|qNjpL(Sqevjas8UFTvN#c1MVv%;8jj49OL}MilCFEgxMn za+r=0T3v!6SuRppR@n^gp70W?&RZNmJa!}F34cRAJ^nZURB3>H9;%H$6VMtXHD}dO z+Uk-viq`ZZG&(Ww-=ed1Y@<9uTP3ffHd7*Mme?`n=E`cV`sxYTMidou?O1%7c^aD9 z7#b(%LLcwY8$m06I{l>1^O4UElcEjHe;qZlqexOTEwvtl%bLf$PsfnQtG{Kvb?z<9hsh8*agfT~5MZP=Jp6ycg z$v3UgbyMQAw}$0EI34W3c&on7QLpPpS-ixb2jAGyrE_PHFhm2vRshtD1*gV1J7_Is zAyiWF>A1_a=Ymk7rw2G%yqy1$GeMl5^qDrEMovM4zow+9G(K%P?j>RU!OljR!##9n zch^_OYh9G3=76bxYXmFqQ+5{ii$em4r9w0>3SJ{RoBJJRU(G%Dg%We@$iPOzdw<&) zODh%+UD~3mGjSeBMf^& zYIDOCW}8}7qJeXGG@wJBFI3-KS?SF{Mb})bLP=5Zjx}4UHKn@x&=Jszd3NxHa%$p1 z32RZ4;+3WBkwM?sqY=+{Xhjt&7=y1>A{IjRu+^_d;|T68G%%$FyxE?4zd;-$c(G2H z`e_er1}l!2znty#qB{NDyomKJW_Jru{n);btM?6^exnQzCiPi2NMrb)A4*j#{Jc4( zDKV*WYR!S03*zO+Yvyqp)V<|sH-lcPPsa#gZpYNMq->JhzG%s73QWz(9)jbbC+?{o zTug|Z+c}an-R$+~Mhn(4AQbuipU4xOZ@1(>#nOlRJ5H;v6c^Z`w5ukPOahOoR=M3NqmW@{euRGL&_DH`hN?D9Yf{a| zcAL4Fp(y8N^GI^0Wy`bS*Y1~|SJbh1QkY54y99z+WTeKYe{7=vx$vOJ^s$O5O} zp9xPlnn|Spj;OtyxAmt;0%MT<{uV?3Oep?8FK=olsj{++94yV4BYvU@Gd;@tdTPa6 zj3_xCIz6z2F-3|0zHRTCN?~bwy*&4UR!nRjxhEthip!)j9}*I>!fGpfAnOCUQ=7TF zLqn4pw-_D?W=a2q(csh4U|VZT z%a{BPpQ83UUPdk(KXW;n6!8JWZR=0?=QyLBodjtW&!;biiscyTcu!uwX8 zMZatd(TE)MX_4aP;(D)Q_aYgNbe!lZuH2qG^c0t&%gPw{KO>B6aMiAKfXKX-cnJFw zC!Imq-)_E!S#*kc&m(`qbM&oL^+@`Bgj0*f!-T&i@p+FdoN6j0pJHS22{0W~LVZ4* zw<=XaAxl{WNt1n>>UVu(3neko3lvzRi>`y?H8nLUR{~tu1*kB+_PVOU&9-loc(m^E z_kkK^2P7MLv`%h84;$-L&GP5y2HS}gCEGt6D3%i3`QKuozy*5dF#^>OMa?W*Wo9HM zB(`ANtE#H%JvVF){{rBEBpC%TCxV+eBGhuK9z9bMnL~V^HvNVyM&$BAHJR-LMjEyn z9nvE|69!-CK`oN)OI9j>;yJiIpHH~?lp35qy0*ZoLa|xnw2k_a*~S_hwP$UGDaT?S z(YrnAHq(da(UX(yy(!gr-ou98nbN-?K?3}RNFdgcUeoYHbEn2q@szci?ZS}|cg1vR z$66$_g+$gOp>V1$_4>QMKUb_(P>$cjpFy9adTWpA_Ciw6&l;psd)S^_yV*1`=XP;c z9ER$I`AB!bq37#vXGD2LuHg-A^tp|}R z>PRYT>zP++!*`g6o9My4fcis1CY6CMmW`Pb&UEv?;j03|_rodv!Q_KZyb#*34jOKU zyf#(it250Rb0Wg$WS_`vK2mt^E%M6f-!3UC&0C9ykEbaI279n^te$A=dVUTCCcuIK z{CVyVzybG)PV$?z`y$YteTDinUak|dL+`u3jbQfji?)r?Iw1;|3$T!8Z9PICCIDQL z5zoxB`Xkpt)$Fcmsz*J`;wa9}+M)7?%_48y2-;e!ZJ5u|1YDp&JdrInM)+cF0_u5i zYonTXynj#0o9?swUeW^x4u*i`f={0m`Ih#1w-otprp8Oq(kr+Ah9ub~428YZyhySd z|9WMB?)<2isVB+Xth0YJ7di@AIGtW`MmS6Z2EASE@F#6o}=tg2c1YdNiav3 ztYN&NbL|jx%BK7rf{kB-{jGO7 zQP66-5!D;U-#F0-Q8G#4b1|EbvC%(03e#Kfs}MeEgS9E7oGmFr_fKT)HlBUnIiy3c zfp}(RW_}>_n2C}m2!pjoXRpi31_eN$7t|sL8;^;Fkb8&}kJUm}AuWQLOZ?EROZ%Wn zmF;|n7b@($pb0phuRUwER8#Xgh+1C57ehz#Ry z7%vke4KMVHj=FMx*0C=X*`qjO9W1FFxPxRC)YQg6A~3cU`GS9VANa$s1+iV?S|_f7 z#Xj5S6K-3KP)YS85O=lu(`b9wtp`YfCIAX%5E8@|i$x;7ohK?AAW5GXYaid)JEfi{ zVjR0!Qc&02$N4*Ld|+cH1!y;`uSYdE52_JLc7l4u;G3VX3*fD{RW$sr&Ep}7P;_79 zulbcY8d^p9L^sb}1LT%Bk6jpmxpJVW)?<>Ut%QV8UC8CSo(yIx+65t8&JV_1loLx5 zug>rn!`gh)qeM(cyo%wq&cj;RJM(PyC8ko70^WGuAiLNi>Ul4dgxjXT&Sf0CK_Nz9 z!+|G~z5}4%Q@ev0JF5&gnsS1vpX141?<#Pen&w7eU9=#k!YB%hiM{UdbF*CZQ|d7+ANzPCx^RNfJ3Ep128#0X z?|NYlos|folPcx@%ixDwk2-T=c6A1=#slEEUm`eMrr>!)fXiINXo^-JjW6%c#U4AL#^=npCU~BGX_Oy+PJRMnOJLU zl{di%ZUfR1mCzkNaePN4R_pa9(cjZ?+e~J%Iu;PD_K**h3q{=v2_qF^ss)*%Y89kTU zpKZ|#@^G6Wr~;f;7Gr~zP2M^Ddgo1#G8pg;7jluG#nT8UQ;xA1z zJswu%eT>yCVu}jX7L<5dDezgWLDwI}{kp-??rXxuPoJmOUAxuZ>13$(eXh-4$K8sB zsSXW3;-O(;Rh>A`Lg;a1>$@lR#hC>ao<$$>T6lg2n^NEIu&ZhYvaQnshu5NyJJyZ@ z>zvrmYVRDO8ea_~bhdrAlk8eO5MjI?4Rni)4i*8>!K_xpoZG1K`c|((XY~BxKI>UY zcn-DRsP^&vn_h6MzxYu!UY(12&a{T+Xg-_@*}A%Xd+E#BG@mB#Y*MdDYj*Onw{bmW zB^P(!@mKqq`SDQ1*mUK8VQBxXDL@};?~gbf11vm9fuApE)H0*J7itdM%S40Xk#k@;AY8>>=sxf4w?Ef+mE-cbRLd2U14Ei>bwoD zevl@Crq4LjSFf##b7??D^mQ{AqmEQ~ zPt@m%8(U2giff$nOzsN2{S^zEW>qhGc+~OYVt<&WacqtGSeL-m8}0oP$04VusUzLtg|4N6rZ;B#Nzr?m8sJFuOELHZC3zvZ1vaKq~w8(-qfo-YRo#;oZVdA zidQJBg`7LG7>#a4>FJC7SjaJ<3bhv{U)%&pPkv%bZc1YG*3Ce?p}M;JhuKzefd`(O z-DUr|VJ=r8{_Id1u9z|P6;XvH@@Y$Zed?j68tb^rE6ElS3AM=0{*wf>&NBbasH#b^ zZsD^0fK=kPVYOlCL*M>d8{(0S7)m|sv?N5EyI@0%c==NB z$FW?CBe>J3ITlJiK=Bu;OADa_y=COxkqy zAd2kTq;syrWHs&(_Y`>HxCbIrz{)D&U!a2b5^@Y9Z$f|TI0OhTG}NB{d0@&;hOz#* zHZqKaRjmkClBJ7vE01^aY$=N;?KmKHZ!e0Z>FY?2>u?%v&V9H@J!nSk3(1RwxT5cN zByZY!+UT>W@HF&MM&EQ-JW1zMtcIO-UsRy0NBnoCwOm9o5_u!rcM=N$i0O;Lh-3J% z>H=WQ&)e$LiS-a460aH*T+p+9;?1gA6qVtmQ{VxgFRkdg7ZnY>Qim%Nl6Uqy>%=*#(nTjzt{&Q#ab5oK;BK@ z8<=p8xN|G5YQU$;lm8wYlMg^MrEL>`#v}I-O>?WS9y&E!ZI@_1#9U0$RGrcUW;=qM zC1SgOF5KGklQ?rS`mkFPgRN%N{_Bsha->fbk}`2h62lI(A9C>F8Y9@kY$4aPL6Wls zm?nzj9(XLSuRX;R-}%9k(RKApMz2IM(8${wCY9T7a?#cvnU7D1*!@LdwM&SRs?W*Q z-?ztVZozIe5x0)0ofTJ87i*jqr7P=;C}~W&7mh-@hpD7D;#MRI?!86`PXmIsH z3mZ<)02myC!RTb;G$S+%BgPeeXp3#{zpWL{yA!h=`j*ktu>OkRMcwx7$+*b&*XR4x z07G=^h8}uWi0s6a)*BlB=jk#TiZPwE4tdgmJNrqF209Ydz>Vep-117s@dWi0bbRZ3 z1MMxP#Qy3A3p)Inn%0=3tC$Yb{8%S1UK=OAs}S7V@Ai}G>%v!C*adj68&4J5#l_{| zfxfuv3_(d%CHA*dlL`=74JAKqkkm6*&DWLVghGcL*3BlxFrX|0F4?7vXGlLg*vnko z(r>A!6X%5N9t|*#v}vZClZ2vreHAESx~(u4O)|WSi(%*4TBd0? zLX*xDkFPo}Yu%8IbR6z@k<6f{#*Y4bXy@S>zcMm*G zuSx)WNU8Raw@IQxzHwshG^~QF*Ia8NK^xz|+Cy@tv-lhLSO~gwoIITTWL@9d!Lx~p zxD5x@5F1;~t@BC1oayW1^-(viksDAX`Ht5$HS zIOpQuVd+y-UZ{8NcR4hXxcl>r+MtMF4GStJxMV$}arLP3^?!T%S{RuYpyT3HTHpXJ zp}RVMXs;X6=;2*S?7)YTn^E*iolsR(yLooQQN?0DbC-MbrX}SU9>E*hWs54(v8*yy zC+kGLk+qiDAU}L-8Qf%_gcp z{Z5FLa$PI!$6}dW>jeib$8xTnN;|ofur`ZVE%L&6-T-(UXsG#8YBpq@_`XSltI;8C zOVeY&zjTT62p6@_qypZGT7M{Nw%RlIXl-{dhMwsPbh)cA`ZY?GoW;18$Nu8zxt+@E z&Xmq>Clzm|M_MCG*yRUwmBSm4Eix8B#o2!e;Msao#$d>P7& z@0Cu;rv0CX1;F9YpNT(SyIr!>oA(Sx(FC&qJwLLmanV-vg~ntqw0UY_>*N~Ob+j_ zhHo*eHSN&d`@i9gD$c(j3+RFW+xz0bAqFtd*)&K>4k#q*H3}YG_mY#ZYKpq}XIq(%ZSX z`j4F%u3fq`LXcNOb;JFSd49Ii$US<*Oz`K%GpEM@>iuAhqtgpiYin4=k9l)#f|;eI zrPl21z98Z^mX`N~4(2*T+vcAoIyUsIXLY6|B%B2V^o2mA`WGXTWIfU;d0rMrnJz6% z52qWhDC$e6!Wh#a+7r#c3RkO7d*Z48xp&M31%o>SJJtygPJ8&xWq@MLbv_teX2~na zyH;;&@m!uQL^Cllmd^7+;%y2T5(=%v+E|Ep61kYa0+=JyXJ_fgOxBa7EY6wagoK1E zEqy_??FBfpXGApQo`%N5H6h7}O~j}><;3Th$VU6A81^YE*aPayMatL!$KO0C2QU}J z^^O~>?;vMc3N+tad3UjIJ%)nJ3@&^{ktyfB9yI)`Yqg|&l9ux8Tb>uM4XzseU=b;f ziVd{&B5Op5xb7XCzisYYuWhdl+~%ay$>Jey(19I5A8N{ zvYM)#a(ngu&j$-!mOZsBzEdd)o4d6X#X9vyn`chTY;ngT0FLONaDDQ+!VK~K$JyBq z@pU9MwPLEg9z_X-fakf%x}8GC=b&5hZ=QV$nJDYk)`u>fd@KVq)pfZ>w=VD$QwfIj zG&Cq1%|*sy3iaGJhE_ZB9zD9~yxH3w*Z2l-#S+G~_)|1Asj4jqJdW;2zd4y1>;#Os z!Lm~2N^qNZgw|$vmV`g;f^{(J$1e3_g+N~swHbEeKVCh2f({aVS)+C#&)|Y$@;^1J#9PYLFt4V z=i%}9Eiyv_Z-(3>w;Zc^ZKh~S6v|NBC< z3Ps-z-?GZ{?`wpKZ`uP`ILtn**XhjiTZ5-MG8B2 zy&nsTA*2ukbhyPm}de&7+rf3O1C>ly>7>h$r- zASdM$$;ShAfUP-+K5-&@YwNYu?fOot(fl^2(fI;is!s{P&hVRK$6Y;-LMrWCRyizM zlX9IX`o8>HVL4)aja5}yv~?J|t@PB>apdg-K%y$==J7!dkQckTFLzZ(jSJMhxD`64g1XQ;itS5^xP0=Ja6GFu88M=?ruoPZbQ$< zO!FBwQxmeMr;svj%Xji^Y%2c%gTsY9=-< z;DyK3G_^LPbrpa+MJ#+lnj%$Eq}dO-g^9cki?9jb=UVT8&@W#fFOpNT zX3r;q2V^@&0tXbc?uq%ewL0&BU~7Ps@zZG>Q1jyn6`+e~HYI;};_e;Wh6s z4HZIGPtvON)j)kV#s|^$SiFu`wsOS`P7>!zP<(Rb>>JXTemE1->^*o?wfo{4tma^6Xeh3>PYYu(;%ngqo%@=9R{jV@Y*bwD)d?JSZ)^CbZj$l& zHy+FVF!YYbSr7(lSfBQ?mqalcVZZRurTQKJcQ9@5GnK7 zUEhR13mT)00L;Ig!*CH0QYkDI5)8xM0UY7{YoD|uQ45dlIOMp@w9mJWrjXa~aPaW5 zp~v78PoqFXEHNx-e50dL| zcuM|*qke!~Vr^B_SX3qNtvSKpbSCPX#{BZ-6i z+D0`;WH$YYg`VlFXkCmQyS8RK-?|yAJ6Nc5rEP6HAon*N8ea`YEyZliRs02D%detClO4sDd2p+=Kx9FCYNFh&2ei!7{fO>*a1M3O{;y z;BD~v;svo?7-BIuSIBGQ1ibnVqi?w06{*m50c)~*-$1RQyH;4NU+*(0Yr~(xu4{XI z*3E%9U8K9w#LZm+A-eO3x&AGyP?GbUUyhz!!{>zf70PthrtxcDEf;)`n0mN>PJI}?$6-) z3@p9PFdA6>)pl(L^ga|DM{pl(@4CA$goO$EA3UI0WI+Bks~Gp^v&` zFB9Q~+}>$m3S=<=i*KjfB)JAOcB@wQ7W4AfzTC{Qx6?8kiC-YQ>`Yu16?~4?5~jm` zKNw81-+hz{n*yi)>u2f5y)4b;TWf^^#Hk9esmmr(s*ZoP|LxUp(Od%MJvi)lKQFQB zg?gTYe018QSNo9K3^3gHxym=D(uC}D0qh|C#Zl#HtvaOY!=dS=oE z0j%%z8?l`iTQek}6SRvE+*x_2*jVnfubzrP^!2fu9to~_gF@t&LitMbV*VEN{2A>F zu~dQoi@moDtFnFj1?g^(?gr^aH%N$-gfvJ=cS(sL-5>~S0n#BUDc#*E-Hn8lNb0`$ zKhHaJ?0M(g%>FR@n6I$bz3#fs>x^Gy*%|RV4ULFIr@($-U_|ee4<*?zw!5u_alJ#y zt{63z)>{R6;zFa3r{^k&f)iFJI21w$VD|MPPU{*(_I(7VuX@dyQ4_5s5WYz;!S{MN zUPx8S39Ti2@CW3BcFA9|uBT$9>jPDU#=f}HhiR$OcYB=rYW+SXYZH?fDP_<`Q}hFG zPy3^>wZF&cQ%jzQt)>el=+lVryH$b{H}}n^5*vnfzEViIvLkqphN*t`{dM6j%a{4> zjpduSM++q5FNO1x{OJTXo=-i?*_D`W^ZVIy|KU7pi25P?{s%X1()k?A>+FYQ=NFY< z+!`6a^%xqwz5ByZw|d(Utfcco`~HvUPen=Le^GM($uIqx5#|HSWV`DAI6xNTFDw6w zk!;B2{z_co0T^}BuXFx$XQN-fer1Vo-7)zndCO8fF|nRU-+p|U=G~*LWB47-;=Fd& z?QO(3iN}EA-y$QszA~#VVqg5iQz_ymTkal&z3`hJX$pit_YFAb*=Hp?KAJConZ4n& z3xaq2g{?=-^ybN=7;e}*V)FEQX5YKEZr1IWlK&L0Ctwa5w*?{Ukk#YA_Sg53U%F!E z0-UkVMNUu~_JDGbqmkh15bobk(}7QSqpf2eEYw>pd9nN-V5c_9$0+(?b4tE6&v|WD zu0JgEkwy%1?1*;j|G(J(|90nL-ZeSpm0bTx^SkJkbW+f67!R$@xW5jups@H2HV~4m z1P@-ZuZ@i&9_s%*axrO8R1p!Sa_Bv&d-pr%*iUkG)*&i3ViDh0)1P3%A)vjzxR~wo z_9wi7a=M|t>U8S3Oz192YDMgVfZr=^X!&Z>h33Ya$bSeEuHlcZDTY92tr1EQ*NQqg z0NgsCnOQ8LD)>G#d;1WZGnZRX0Ca(3@`=2~`l+&ymcrotueJY82y7}zR!?4P`-@yQ z6%@3!{rTJ$3^MS?R>0}qL-7F_Xf@=_Ws&F(4ZS}PZ+D7cqw;+y{&L|9I8bxz7p}+U zUuk#)&WGwK$SHmfag##{ny;w6H+O^{y9OU6*Jl>oACn5uCjn<8T`=6rVHZBxbTKQZ z=(JYjql@s(>ae1*R0wuiKvAFiDlFRlpC#x-1L~PG7~1;YnjH;uVDlB3_bnz{AZBz_ z^Dhb`6W6zEtq!Bs^npog8NS7;MWEups0Nkc3EPd|)4+I^*BONP1Wn;;xi=K0D*^(Z ztBXyyj(0fe!0ARqQLSjXRjA`Xx1lGM`ro?ALTfq_VhyUgrSi3GP%%{))pzdw77`Q$ zx#1sB2K~Gw6ZXH)k15NjTzpzuvd3XEd$aNfL{$ngA722vnTW-ehUYSBD*+kWaZ{_< zX6v9+y!B*M1W0pXZa*l<`_$9x%#^XXHK(V-<6sl5YwK|mw`0(DRtOOJTgR8WU3qvc zcfBwDlDE!g%HmfS%bl}*p7pDt`R5Aj^@7|+w|t4m`phkDvdu5+9eU&)E>*zWQ#7ru zop`}WUtB7QS?BqEuodQS`QcKZ-#z5(YU_*|x3s+by()2wYuw`Y%YwVDjm-+xF`ds( zGJt2CnNsNouPLkX*jOvST~{(dIbH5cZFl4_co!Fbt5`ebb@jW7O&3k_opW5A0#v1+ z54Uag&6kwozW#%ss%7%}zs4@AjA>aX-Qm()sIAEyH~ltg5brX4t)8@hbn2Sq;s)|a z7w`Ej8i>MSE>Px@3L*Cqlwdg3_))mKdr@rL8XnVe@vKiJ`z!@+Y-o^5*v+Uv^BqbI zX*0k1F-R-J;Jp0oZgD6+xoq!)9NL!7!q`NkQ%g8U`6v9Lpkqbp#pZZz%!t_*GqOUC z^%~$NH>_lWo*L-SywQ0%S?Nk>2*#GjelbJFm0rr9mXb2lrG(6<@9WZ)hn`|84>btB zopV}xm%0k~C|eVPr}ns@L6^k8F(1q=vX+_{sPWTNV4f%U$d>b<0|X#QL#x4&p}oDB zDdoP~H@cXP;|O-Ar&U`bspnHQ)oVYNEq-JmUrDhPA~6yUaqe{WmMtp}l5ph;0=!G) zDWp~UPfmqynf_0=<|QvbA$mTH)+lmu-+RU=eo!PnQYe{43bMbD7K^)geiRaWE0yH` zN7JP9{CgtkESOuVafQC@b*Axm*js(bS1gOaU3iD9xf>dNP;5))?DZp#9@~Bj=FSF^ z@N9s4Z}(Z}#o#UXZQT+R|CIWg$8Tc_V7uy)A;W0JbeTIYA`rhAvRs`tr;NG z)_kouY;jYS(a`AH$a{oi0x+X^UEO%=0(CJNVKW3G_S?<&Aa@7xgh8Bb>``UgSAx%{`s9b7nXxxkE1Yi&r?Q&tXg0W-TL zr&ftf^1j2~dNDrMn^5_^v7)xgDheDKxaQ?dfND$QvtKQ^N9e;ZcmOCv>AFp`w8s{~ z+Y>SARDd<~#iiyo?IG|8;J>60BtHvwaQCyTcE6y0e-MipjuS2rn2Ie)^U-0piwTrt^=*H;ac}95 zGrbQ~Lu~dv6DTlDhZKD|jlPvsmkhDfyt@Ydl3j+0?_6`B#X|L5+}x?r=!9hTN2QH? z$mBd&2J0U@}z%P^Y0ZB-`DD<+g?E` zLL3%YGtqhQ+8;7_BQ3+|5-AtfmuyYH0T_~2006C?!wPhVY~1zbk?z%M$2b?_#M`PF(nl)+7n~m#N0Y}s3!HP{27Iy@C zpa7oxCI51$;sMpfZaUJfL0*F*w_fsg)1Js}b3{Lc3u9Ki*IVNBGCBoL!7AN%vOdP@ z{6?F7hd9m`AQ`_bgGf3CVo)w0KZayhJUWldb^}T_wyr>%W?zKNY z_RDI1h}G5Zs8}??UnqFYM?fdS{z8qr8BVRye$8}HZo83)kq^z#{FffqZOy#hq3Jw(1>jRn=U0m z&5>}D*9s7@&hJjhhlZXe%sRh4m;~Wn(AaNM&?qX|ajv!gOz^w@dqfqA1{Xi^UHwDn zKwA+Uao^2+B}JCMN9wqem&;GBT;Bh#@1OkckwG?Pzs^Gq6Sp_9)h81vwx8)Kj&D7^ zU7!5gPW&{|NQi$4BD+A1?HL`msi2 z&Rl2vq&z{E#QV+`IrU6ck@)O)HCn%inV3L%?Dc2r(-#iRyQRSA3^V7;y~Cgc#dm=0 zasse2=zjh^ODu|3mOR(ZLo*%XZ~anSEbqhhn$XsXE&}G(&_z0fey;W>XAKF6X4?B%_7Wu$KMZ|tO zR!HCYwXVK&C9?6mOSJ}j=w$2PgsG=*B(tPIaL)RB;Os4F{!aV!;mY^?rSW~{gL=z7 z3W9fkg+zS&W!Nw%VOhrgK_R|XrB$RV+V*bu*EiO`FF&nc!1}cOth{gp&P|<6B-!}y z+yyg|~wx0;-)UNqh0QQgxh8B*qQz;A8q2F2Hu2klmsp>hlA<;<)fJf$ssS z|JS6U>Nh}{{`u!eJmB0)P%m~ceCY&;c9*Jk@3bYZ4jd5CF z>Q&J?a^m;*rD*GAM;+Gb<@H1LM-lCRBmXm0`$*77Rp&syoCYEdpfLM(B~J8rK(H%KeG6I_-S|{|#~|Ac9A))CqwE9DUmQ?STZ`@mr8J#Kx`o;!uA3X=;A?ZC-=0 zaGNCH`lQMS)f=ogFmfsy(?6YX2i@nZ#CG_wI*Po+XpqN5uGP@o7#JUmdR)%G&hnR} z=L18hL@-RD6#$6r7EK*V5H+C<#)|408G_cGgxu}=FSS)R!B#SEQcJX;U_lU1{T?ib z$LZJUsYcpd-EZl)r|-tpFL6%Ou+tN&_Xk1$8BAmz9)aC(Tf`*++l{(&@{XXn8`K3* z${neuXJ})ql|F~S{bx*nz5Q<`G%-JuoCyov zmygR;n~d7UmiRgsO)nqKWm0E#anv9y(a#Cl|&@2j&$Qwy$um(IZRm z_jx`(F($d<)y*1zyLqXfX8N(xkOutU62%pY5X46|z z*kw3PRVHJS41RMx6nv|S%?+t`rx$Xh!*yFcMju?9-qVcP3{6X0gf@Hzg`JU>tgnus z@6w;&wYBeG%Wi&*r~^>*p`k{P?Rh0Rwu9{)-delf#b0}4ud{iPL*;i9?NTwr=ht$6 z`5xl8^2fx1$<8Yc{e$0kN^Gnc5(sD-TC{3jjS}JU0Ez`_Jaq8}a_6!IqME$QhWQv~ zc9OjW7{c45MXgs)Y}%1;eJX)^rPlDcd{adllJU*v!IXJ`RN=gDL zjiwFadaQC9=g$Z&Z8GMi`LjNfY(h_SJdNvV6K=Mu*Lb=|say1$HmvF;ZGB0%F@^`D zXU78^Y){e*Jbr$}UfL~>6KqP2W;(3zr4}}L=={q5@B8r2@94l`p24(q^gkyWCVb3{ zbnbY$7ZvV5-60%xRYy0wzGFi>1+{&pe9<*B^bOr-6{k01AS^<09pSE?)&fin62FV2PLx6WQ(Ui-aNf$l)0J~bf$ z&-cOBEI&6d5C1A>?k#pnc5X{c%f#V$-1+(WySuA*Kk%ePM10;RNcdgl7ZwI+M#kM5 ze{&#nL~Cu6fNlfvT2^*;0JA~f8YU2a|L4B-6)n(pS5{WWY_&oDVGm^9h3-Oe4uIUV z3|5HAUx|)}p5ERS2P3^L;hvBE4)#ELa%^-|fLls{!?JLV<(3L#I=HdQb*t}LI8If_ zvtmJ3N1#tW;^;;#>=M{W)O4m~s-uMr5x=}u?gt{e^9fQ*YbHR+bgLE!Xo1rX?djKi^W{v`YF@ zEEB6JC%62^IfCr7akCfD3lB9}6V#TG&x*Xp4b~&vxGm0`zrOa?Mgpz|Wc>p6vpn=U ze)Tf1UVXnjn3kGk2poxviD~)uH3U2=sPk_@mz>aof`S~9@>6edpm5m&+r#hR<>kF* zdF*!9+-&ddf%h^Q$nFA_XM=V-Gdv*bIkE}v9{z4Uh1K_(1lQz(QfJf>lV&f@vG#>F z8CxJ7FXD5~NCw?-D9WM8Lee3|_^b8T?jU;nY^%TCc`aZMp`p6k4cucZBuoqpoie@7 zDV};s8Yt|^lP5VO@AoSAc&fln%&w^5;^I1Szm`A#++p$=3Z3`;z3##D6ujZP2`nNa z3%AB7ewan&jek5|(k5k4tzV7f7xKFH771^L;+cUR1|Ny%Y~cekCI%*^&tMARyMO=w zT```TsewhOQVqH5O>XVO-EZqRZyXnE2hmK|PuE|HcpX7+K8v#L?Cj*93X62-D&RaH z!^NO$<9FV{k8q*I52caxpQkM4N{yak&GGD!X6!jgPe=&7%1+dw$4%q=eY9YKZd$*j z$~~c$>U^ zx|8-L?E14Z;&eQ9GKRFYWzd0LW_i5CGI&&7#&$Ve%5aG9gsNy;*RceDu53uFz4TQr z(3bfF9GurxN`0&X2P{w`&dEqx6jMchm9Kw1FOJC0N+8GG;#ySLYRm>AsHs;n8(4*8 zg_y!gwDD(5kOM1(1X<4+<>5hvC;96N5UyFj^V+1oY2>t!tb-3LoN^W5DM9A8^X*lP zFE)@d_GJ8f^Q#pICqg`e*rBTc%Fut>2=m^iL$r`9^&Z@62yF~kw?W~K+>45iwncxJ z&pk7&Jp7~s%BP`};}Vst@FKfL+pLe=nFoWJl`*uLXc*bi>IF~RE^)j|wAUtaSZ0Mr zo{v&h3=tXh)F|C#zA7G#1atyp8_iH60(gc!!o7WRnQX#wkGW zWPi6Tr$!yjh*)F8c#HQ15MQL9QJC;?@u}sB_Jw9nJ@+4**-Xn!>tv!J3=Dt`T4mC+ zB%u~*P(eCXOtTXk(lU;o0}!fm3P%+&`6mMesN6JWVf_J#fF`-)H)muNgEs#gw|o*u zK}@o$7pa2|It7DaLZtShq1I)E2u#zmUb-a^NLI5|d@gpOPd-3>gk#f7o#nfVL5P3C zq6QQOv7Tb{B>ezJCovIcEO7<%(ypAG!27T^p;7L&i-Vr}**93zE^T%(k#c~&F_fr! zQWnx?C7BQ&1~Y)d&DgM;BTUOSjSIxr=8iwROaSiu+U*rY}djYP*fe9oC*7 zFk_qg^5ofItq6TOpT170%Er75&G1Otoy2$A;F_`}=r;3=RfEL}IV5#nTs?mKLp9JW}RBg>(=0`FBfsN5)MP5GQ&9qTJ%zs2k_LG}qc&n_a1HyI8hU;RPG1ovkFGdOyWZoF@RWrB?I@dbz>pRf^(= zt~*1YC=ZhZm0|Ui>O{(lM>U^|yi*8B-%X2&SwXhB;$H&t=UL@xHBR zg5nQnUEgQ%$Ahi#^~1A$W+~6aNoSGiLO_B@xRGEnZH+6xScP0858e!S^Y10EkW?~U zj4H#c8Qd9ZeFwX5V&yUf?1}w^4vuP&2#No+W}Lvno7hIe@}55#WM1nh-Z zik-$XL|V3=ua8JG!ys6{#GF^fUod|@c_{!BsoxiS$VIvh6|#A}4Hr)lskSPE=I5zT1G*S4#2xuR-(CYlK0Txyl6ruQmp zP3knoaXMu1BQkNRBj}2BGhJ2TsHX%)lCReFGSt6o6{+p$<0#|EHmN5ySOuOE+^{9V z=aMu;3+nYlUh#am*c-QYdWlA2g;%_iaX3OK-iHUhmliBlN>))jA$T^yeZdiD{$kxn zRNkUN4CD_OW_G-IXr6=uQwDBnoyPS}pCz0So8eGoX%-b=wNV<~x|ax5QO{1PanpR1 zwPi-+`Xh7kI*7(1cr34z#6!4iQ?i7y>(>bv)qlHUCL-04=iOT2Ndx$C@9Cse^F?V;>PU=-sM~`V_H7`m*cwVuzMTl&lS> za^S9pK=2q=zM^n{40Gs&w*h8y;CpY3ESFKdmsF4-EdI!hGW}WdclnrQFZt3@!exFs zu?E7nJ>cuc{qycPTyE96Z3N?Thxy09kgpRjK(Rbh3e!Tx1Ma;?I7?x0a3+70V6rO&9uUz^iG_iUYC2u5nL{mp}2f}%PCSprX(lF`JXodjA42!I?z_X>m zHZ7ST*hO(KbfJ>v);D_D75}@^h>i$nx|{2)$uo50$&&FpSD=CsN+vFcIz2 zs*O4b=@%}N#YOssSeFoVwFOVyo3E5~3SpXf%U44@&{vjiStCB0X-X|r$>WN)1Br!g z#~=g`PAu}{=$dI=*{p>~^6v@4<%?J`~*$0};~M$z4R zHN^YN4S{bXmZw{)fyf!Mc@1l$VBr~cL5NgA=}XHR{Gm;YXHO0O zhFy)7EgV%ROkDQsnH1s+3f2W}&JeU`pcbf{tJ!mNa@BShue7c9bn7G@w;i%I!%-Vk z{-z=5i-Y@3d(4*LW)QvSYV_Nf)-ENJl$d0s9I3;y!&;D?fmsx?m%EoE4kC^=0)jhF zjn*{#7-BX2UVUWN2m{K+M-+EqS6N*h9XD|ocBotvARJjoiu5Y6;KnNQxn|&f(qxGA zi1HO#RIRipSMd`@6Jc)rww|zs1^K1PvBKZ0iJ&Ofi{g%)ZE~`yP%$`;Y!-#ypXew& zdjBHbHOsGbBMq&u99J)tF;FQOj^q|~eUzSI> zbY~B$aJc(tVJH@VU?PS)$E$TE2&(s>R&7WgkyN_m=F>QLWn;M2$~3vE8F{!MDb)z) z^FU)b!uLFvj8n)s4r87fO3S8A9nUBAwG5*zv@JJD7p0%{xGdK- zIRGx^2$B^?1UGPmU-zO%xuE?_&sV645;5O(Ld=)Pui{Vk!VVcRWUcJa6!$Ki3_8h( ziNBhVPlmqgwd{t@jYo>iwv0kbVAvJZka?50CV3bC3dW>h;X?EsnfebLVH7Xxb%^&s z@;HZi1RE?Hk7UEgKhA@0 z&HlXMKKHL`0;QYN~sX?L!1}=QhROl-Z-BSf2DrJ0WL+fd_3M~WI z0h;h5q3HdpqNFV8Zu=x!D>fpC*y}RWY$nyLHj!lJ)IHzJ^ixPzdD{3cX4?{M5s&%# zVsb3Wq5W)Ry6dmFx{xZ#>|3na-}Gq~-*^%{jfmSqf()`{$e1xFj8(ctD~&Ptou1L+ z^mh|QT)=p&j(IE{Fh@`;uw&SobB*mM1AOH)j4n7nq)^Rs;2}};ejM26DQ#S5JNX!H zUs5S38rE^7Ycx&0Xgj6Kd2cyblg%0nlOD9vTY$OZkM$&dF^6zjNdi^Wc*5U?QC$t6 z%Y#u#IP^?Y&|$W83uOWDY8D7Q*bRN?z(NIFLMy~Q9^d*WeIfxV!<|1Za%vip0W}Fp ze{y#G^>P`*5A#7S?pHiz%q-=(^ff*P2&CZ?@1_~5c~ehuA+c)uk;$f_XpEXv?of89 zo7Ic;XS*?j-61_UjC|N-0%{Cw6DLS~(`>sGB;KD)YS;(E{#gEUHQVVaRe=@VTFjrd9j6pueBZ$C3%_Je|w1#|mGVVk0B7!r3wHlg40zzEH);l-uXqXe=a~ z>GJK-b=bP@A7N@5)T0QBA|!q3hTx>=I3+IbphNhQL9OpEe5qVq7!$FwuA&}0>Y@yjMCR$la6%Si6U#;p_|T1 zW(rLMb5&kV*?IhURG`z}z3-xmVkAdhVarMQvF;fPd)+r~x}H(MW}#PrtNC87U(;Iy zt3Gi5l1{iN3YlNiKIZMNlBkse@J9&HHbVM@timZR zLX-`YsLgriN>c==cURXkb}O1rPe)Fi4QWo!*%K)?3^e2~UDPfUD4G#iWtCw>MsmZk zhIq0ghFiq;92_>BBC+PRxx`{v@Kibe7`)DrJjHsnwLu-pUYe3q9~L7|ZCGAadb!~L z$=6GPV^GdkDOCx&4x-DGFiNjeKyi;=cw(z?c}x)w=JgzpVqK2nfIU@?NshgpRT3V07sO2|BON46>ymRRGOXzp%P`AR*Pz!B@hHE##c@6Jal zzKruj7n#oO7?(`4dXxS@G%;s&82W%h(TKte!~u&dUX1+V7|DXOWc`;|^qECPmvd!C zrd%2b)3|f^$q=7;e?3|Uwis^AC?9i@juA~wZ#=~+%ZcYkm9O|LEwkrTH0c!|UkM4lq(1mn6@=R1# zL)@wSwH334jJ0jiuXG(+T+Ducbk^{Kpsyp!Q?@*#f){ILzSH(vp@S%3)}l-L8b)A4 z3QXBxH*i+6C^Xp8R=ZE$@xB$w!TVcF7HQsx8O}509n3yqp`x1>^7PBV5&C5pLC369 zm^xJU8da*&EUn8Hk+3_hyF=1h(}v|w5#HT4l9j-8utr-b+%7`?(! zQ-tS~YtSU}na5KhVU49TJtD*;fCjizvhtR!4 zg)OApEDQY_K7IkYQs83rwl_BBXRYltDW5@?`W3OghL*$pHe+uYrskIjPe-d}n6Zko zN%i0CATo0Io-KG~xEiI+r(rQo(7}d?Nq(-}yH4^DJfTOWmCEncd)4&_)*|7kMG;RL z4V*t!V!E5w9DmFzU(PVQ-^N@HACwCYBI_!9R}rnZBUBKlnZ-O5+pDG&cUaUmb& z>N7QS!l&{_YqKcVLM~N_!4%7%davgBp%h z0Dwi4^cU+lc_bm`9?M*Twgk^cjO`!NY#qXLN%r6MrIQ3d__(6=C z*F}UK$s?M*&dGhoVPQqy%TeX}l?rf>vJv=;23v6p>+_JHTv|>3X7~wwloj8v6uMhJ zSJ)*TH(!vg3Sn^4Nh*Ss^;xNx5ikY%Ijk=SViyT16D<=L0s>cWlm#iBka+BqGIqI; z(LrE@MCU~cDN zr&zG1ux4%WV6QW+4h#?HrDr{dtNAoZP{9U6C=N|ku`nVc9iW|Mhs)@YGw*r!`-2!t zBnackX;r4aNnIcLRSQUf4gm*JUxXmEONmzmS+WqvoXIW~G_Ui__r;wlPySn zpRLQ+dU>Q9LfIw_;A%u|=$;OXw#UE;zTq2^`HM^|RbeWl(J+Y47*GahwccR_>13T< zlnykRAZdoPl84$4|K%XQS7?*1P#k^o@FB4&1IxiIt6tpsy-Kc=L>NE(LCv zMHy=j))c7ZWYl9RIF3Q*6b9NMW~Fb&1q{n4tAJ&q1;Z|rl*oo~$wFcz$->ECht&)I zKHk9q)r_D3T5|?OmZ}>H>I$C_1QCe0k|5XoetCBoQ5+dP;uyQr8BvZP>PNsLL)*Zw z4kB-4p3J8ZHjQvop%DHX;j!?raHzz{L7SKqM%X2%Tey>~F1jGRdw@VDOll*7O^aJM zVT!?+xD}P5E#pAM960DqPr(O0jdN=d-1uxmXunPzEzD z9)YWuCNt=nNV#U?cZd&1J{Oh^;7f>w2J397YYs%N?}_)(ArbcAF=`@|GkFNglZ~fO zpM@bn!xCZQM8hJEeZ54o>fNA=@toOiTV@LVrwXc122A=`JKSMlU;waQRGzDP^2g+Q zFB3V*G+52xx8*K)cY8yFATkio4dRU8XJ3-#HX%)LwMgMwY_ACC&p1dJ2{!O|CK!i! zopO+tyH;M7({vaQ`9^P|!%z5e*Z2V$_sXv9%bKKca3 zfh#s79+O^qxu|6(8;gZiS-5GGzGMeWt4ZFA$l%683C6S$6cc*weGX1k=2hS_HK<^9 zuY%Yh9q>{>%}P$CzzQcpN;^uG1g7}dlJF){Q~vNuAdJ(pdP9gI5MAB2-4=y2--H>x zAQasc!>ptxs%6BBL2MSOEh|XJsSot6xDUI9Jz7_jxABD5w(!Hm}-pSp1Ha4Jsmg_ z;r}#p8OIJJiP#cSpuA1sRsNtb_1a)8Sh(MWjqPZ=jC*R-xO$QVJd@d3crU+)U7g7@n#fJr!a3Ha{11e2GQ0|a&?doGtRkl|l{XuQdQHT*FNMr(? zz3kp-U8!Z1v#C!#`)zH%M;22@&-&&SG7n7T#ehl;TL?9LJkLZ7TP&(3;CVP$rTQ#) zNOsh0(|ukE)9;^m9gVVBJcT54@1rUJPk1iST!zpUr`jqg2fi4zJ%_{WxzC)bO+w&= zkJ*Ev^l_FM(NjjzBeEq+(^IfL^db&;8_CcgTgK>RT0%U}rW+zgJ7*%?zrE&WwdZB9j6y0^g;qBsGK!#}LK&aH+tlIw)dTvuIE$vMD075V9Fv z2#buK+0sJHC|NLgQTtIsUE~(PLEgHXxaDfmx)?w`Os)6!nUMC7Hb0z;9>s;95lvxu9X+W6W2eeJ}-mSxu8y6 z!hn3-xs~JJnfKW}dMh?%YYJ>m=PpJXRPl(h`Nhn*>(=BJ_evKLXyEFj2UJXD#LlQm zu&}v$VZsyJ{eP3C1?fp|yAGbCIBmEGe2i@iLB=E2mJv-v-I?H_=B=WdKp}Ug!99)ua$5E>YWImGYO>8zsNq>dTv8OHM}VcLUm!?C3DS&tH( z&U>~DIePKKSdNlDzuFKKm(*{Q_@c_ci_@5-gTXS^;xp+LsYQYk6f$IK!zF#_;F*pW zJQX%XlF8h$%)?_1KQJrFK2@g+^og>9lo>&GY(zlYT|6!iLA46qluzqJU5dUK()-$= z{?U8h8*DH^s!i(LWU1I?!p=sb-e&sFt5TaH*J3vcFW&b8{R#dhVme%O#Qn%BxU)ar z&`qMZ_I5 z%J#)GlpsDi4t*eiBJOg%su`|wvsJK%cMy#xj2Vwz&VAf<^C8^_0-;;smCp2Vi+$4W zmrylc)+3(T7;`-()GKK#s?j{AvP~X%teFpRg72(xYK|uyDn{Gn>}?^|PnmcwIUZ5J zVNmqQ=n+Q#2}}dEg55bJ74a?Bw0=4pt3qUK)3Nk|eo9&?F&^qX?EIIBu78d(P16*` z$Y^Wc2HnWRac-xDk$v5yxB9x^Mfy?;;bpUD&z9kp&!U1wS&{6`2Si6fE@qZsw`cGw z)CObP=sJGE44HLSi;?xP+8FZHY~mIxo$4&-q9$n9KqgNoiY%gt*WPBVY6+Of%Re`WXT%*@$teLL6C=)0;v{J}pT- zc~{lkgNRpM*v(dELwj6v%LVi%X@AnNi1VS%g_Nbd`Aemc03JsO8Alnx^`Jngo=-zx z=`P!gT`p*D$Es^J{97L-(K*XXlz|g$u|mBq48LwPh6r32tNl9c^J(h!E+Wj@jEy|a zX+}*ITO&O+xDy2S=%ghN3^cX~QWX?L9~+TVj=9;b4uON2H~vpvJeWqPmL7dNPcqz1 zGpyet&WL4 z%|!O%wwfv$SD1)%LPwYhgy9pi_P@@iJtl;QENkkAOwzu0Rm$$wW89&MZoNrO2e#SIZeta&q8oZySkV@f2Bu_7&$vqMO{T5 zZi>C3o*1M!Lix>lHw|G_Kz-piQj$%lvDR15Ig>bB_FGgc`&Adj9v<_h%f%Vl+*efN zQ^@YBxvu!wm3(^HABee49R8Lw`HbAxX22Oi3trF*d{C;V4Ml<4Yc;Vb zLQvinyb}uAWV;2(FxYde53sIs1XUCJo6>!N_k_Z|=7jO(I(Bbl$6K zm_F%c*oHqbP*3cv&62xt;BjV!NR2B0X9|b6S?KcI8Q3TLf8b5NgnbBDsx(8)L7Agm zy8G}N_+m#Ic1JketqaL_`F1A`EJ*Vt*~z(j8qt{0RvO0q}_GYQ5L2ym$SQy(@6#&CY9Wz!iAw z0=V0j8`iIGoC6GnQKe~TljmWV4k@?%MxT6Q2J~@Ky7!GqXO^ z?&oj#U@FW>gO+?O&|xjYsNhi0Sfni)E0S0)tpDd9FqK`TCBJP;RvcoG{RBOS8@BxC zI~f)P9bG{97|89XfCD@pN2DK6L4n~I5Ci3SJSg~^dmJD)hyhmVGX%Z={17-ECD4%a z`j4$p<-fl%A_7Fg9(~tv&`tk6A(*=gg5LZiHHDz#zfN)wid0$oC|Sf9_+KYJ#*1!h z_Gp6izvje_qOE?8zJ8^1P~tYXJQ0_nhCclM?!TSu0?BB}iU8A_Pl{t1iih96)$ulW zpRcw3w=2Jrhh(+8F12-!dr)6$7r~EvkP%s_zoowRz6+SQIKB;&xUTxYJ2+kkKy1ry z#-+7#92|ub4w5+Ah~ZMbFPMv{w03sKRFzdQ_ zl-Bt_Z+n{!ICV*y|LM8@Paj-+We+jEuRMre!l9%|33zsRv6>;1L?XW8W2)Dra`oFr z-IILc{bmb%(yqj0&incD^o1H@)EXq;`1D`Tmn6;VEno8;3c4*O6i1u<;9brfIO)$g z5HdTlIKEq${#hdNdu&}s3!&!ZY`jWSzbGduOwI7p_os&00Ur$5W%TX^gLn0s2*G=% z?9Cp;Ez-VwN@{iyH_hdT|Lq4)!_R~()!hJtJ3f_ z5{0nOpU@HIkVtU6h0(IPc^H>^d2``O-BO%u|EQr-L$@rgFi!Iup>NrMJbQGXyIp(4 zgUodIVLs*wMfG_!X`U9z)Y=ar!6UA|@|05DRK?>;mfQe|IumtAABEua06^aHFSjL^+g*)Q{(&u_Cye&tLMto^5{- zUI!$_nbwFDVlA(C+rKErP^i;rFL*3|{lx<5bl&G_e1@b{z@L)JONzymmGJpQse0O@ zg^FO@tQQ+E8$Xlxk7BbXEgcQ82pCkG9ur%R1N-7MLjx|$T`w|0pV^^U&sCJ&m`{#Q zavpWfR+G0-->fVKm`ivMVBd?^S^S-p2wD?(Gb?BR*U)e|YF z!_1yEQSLhLA1xtajBU3k1E0g=wv-4CFqID=Mws!n$17eP*A2n_cCEjX)wQyYyr=6; z4t`}1UPLBUpuEdW^DI6*Wi#_RnJ_sKp}*>w1l;L*8j(6Oo;cTK()PcTru$b4S(82d zM}i>7vwOr})2$@fMyuuL1C6rH)w$IN=z=oGs^2n4mvF8l(cDc;22LUDx-o9u%D(WT1_ud1Nn!jhS{n zjZjX(cp_PnDALnhOwT@H;IJKj-q!Vv9pG;JP-}&dJ-GLE!2#VA<#Xo>X+4e4mD~8n zK_jxxU?1sW`oq-K8O{Uo*Lc_OGko&EY9c;M*>PHG;-liyFSBtDc24VeuBAgeFhcxZ z^Y;h?qO4eHA*4vW5$MBxIf32!n zt~2?@_H<`fVa)VGc4eg9e`mB!==xPCuXu;kf#c~U!FvnBJ7}w&1tJUgmtTS$(Tirw zz3e9VRQ)d7Pg1Mb_?EBC-h}VLk@KACv@2OBS(m|N;ok}fR%MB=m1qvL-tWUONop>- zrfgAeM*~DDCH&|(;#WwUi>cDZ(%sE`X5!Keoc~6;AHz5)c-`43xUC6? zMUHf!ztVYx>QAdhj$DSz-!JsHP)RwzGEk!?40z??Kff~j&GUB-q?pX}7d8_0+w(}2 zjIc%PhBFpq`l763J}BF0RN;Jj~L+KVB6XO zD{v9p|Lgem!cWeKb<@Jvh%BQ&C7iBGTNO}{T!Nh!s|Sk2u%$P1(^hfXXymsi*MAc- zwSRZ!K!A2jGBNzNLV%KnqMpHh_pxgg8nz+}@-|Qlco&Q-qG&qfKB96li;B-^Z@skI zgN~`oQuL--ysmco&-&;2!&b#NChWAAbb`Gi&rb~HSmdyp3Dk`SMyMdxB4$igetO=w z@|Br+*4s}$m92d9Tbz2HOypW=%&n?l9d~nDg>W6)W`QPDDp7Ya>wu$@i9$oL|0$E9 ztD1~q{Y27^oN#cy%hT{|FRi?}Arwc(hBs|jr=Kn<=0&@^Up3(;wR(2rI*~X9u9z5f zuqhH4e5(kU$`$Cd@cua%_mFicdOa~{nTFqb zxIXfP0*_~e>`=(2yO8^8#%B*$m7ot$kf-GgpR&#Bxy{Yl_!gA$p(SF)Jp9BIq+|un04BAxm6-GjEyvWJzOc0ds4&eA#bXyLDXg^%3%7 z?5~L1u2wM|N?4P}%1$+gS4`W_&{Ycc(Wc~-&+o$#per$wX=7~=w?)oB2JpD~`Fjov zpLskMH@Eh6y4RKt8iX9Bi8UTA5#0}mDlDCh-H(mU{F;M86LOTCMU z!PKwX$*-Dr%Om?>e+mn`i!_~fy{s5o3*mRZSL~*gmI}UaffMxNefkpz*#&I4!IO(Y zMWV<7lQDHP;z7uv7@sR?&2OuJ0aF*~jliXG-P``L&FuF%OE1w)U3DK*yLz_3*FSh; zM$@!57JnV;el@mGRDg5G`9&_4^sK6}ac8m4{wR#WnoD3a<$mcm4P6X_lnncZWMm2) zvmUIDFKP-W>qWq~VcN0s8+$?2HMkbFhDJKCtQ$^l)SA*lE-UBU=5HrIzT0QyA&C}B z2=V8u{n^pHh?`xQ84x&Ac zE+ZUq=V#A`zn6Zg29Z#@kI0y;7bQfuf*LgOiGPn=a$_t6z zNhMBdAt1Lr1SFV3zLKP-5Y|ep*sdQ%sAjm&%+JrLWX}p-&qgr?lBLZfD#fe}?F;)x z?QasDZS~pDp?wG+*E@f{v+F82-vPfrWE2s=iI{U|sry2_R**XHNNS7ZlobF1tnRU2&+D|d&W1_)u!P?cf+i=+kLx@? zJ$c14UX)J9Y-O%8y6j!{PRhzwN&k(ht3dsch<{fI)z+TkM02SOTDk(#@{;v#RBRas zzto?f;tqU}Bq%P`0KK_pEOx^!!zV7i`cJ)e{#p*7mbzUm_eeY`2_pU?1mNIcaI&#B ze*B~>*G~E&fN(c0z9=^e7T|nE@hp=%uTbb3@nW{)qjk%3kR}hjQ&bla6bN-PYB$j{ zP;2Qr7vjd`dTk~|Tf}=CTEZAt#5D5dSJmA-_BgIS8!w|rtWO|UlWG&NzSr3cK< z9PkajQc`sB8S83|B;0oWKMi+3uZmC@HyI1oej!Mnl96JpwRbEQAh;=2ls&&6UL=aW zoa&KwVD_FOL(W|5{;%73M^PDmhl9-SBH!ZRvcg{FNO3A3Scfm-@mNG|dUwm6uj+&Q z$H9;A=^gnMJb9&}dppL!MkeAMaJki4*10uE;<^aJ>IGk=>SxLE7mV&+GQ6Eah#{Nw z9dF!C;~ZB%cc_c5I&Sk@O)f{MeyZqT&Fh)B+eZlHiJtg7K;R|l#5)R7Y1P}(pK+Gf zm`6cDy@q3}Hp_oxf9I6(we%48jWZo0YG!;I^Rx-6cwJOe8r)7oD)tsRib|sg4UEPD ziu+x5?Y=}D&ONA(ZtWrm6!p>a$v-Qe`#MdP!g%mp@td6ZINH=ejB@Dl2hFIRqpO+F zK~e;dAB$NYDB(3-%&cY(A>gLF$tcY}1Jpp=pe7Tw*gAT7CQX_Q)Y zcc*|L-6D$xhK7qh!*LUE91Dnp@8^kT&NM^g3$8+PRTd_6YT~#rwiU{OLBEDrE6`8a=nl zETXvxDJ&h9{UgGagNbB3_r9i=i|yl&kliUiIBXFLU2z^{1hLbqAjD+6sb1`7FNY+W zjE49u^juNn6%)s6B)*&nR5>*fb75oU(wd>@OJAQH=ymU;u6+gDY?9#aJ0})Jh*3B+ zAI1S4$mjQq6@f# za=a!7D&F1f+cvQmoVcTndJwMt7SS^}iqa!5Zd=5UPImA!GGn4*VirRjOlF3EMVEjr z@Hyq4ON?bl&J6aTGBHGin!;e!}VT|NZ0rt@d6J9Q2Erz&a zi(Ti|wq-~5;%~!yUS>YA3R^dsuYw^7RUeu$?D3mHz29lwa$A3fWjeq-C~YSHV~()x zfc6_08z!C4J0rKEC|?u+dByKs$Wh&E1x-vhVHFX1ys)b<+L;2!MbESWPij#G%D^9H zI<)EfE#a?ww|mWfV>35`5SVLC?vL6*<$R}+EqjZQUK*s>N6OQVopJzI}Hk2#xG@lUaks?L!(0M4vy9Q)5vfZ0#t$C6--!gF-g`P#~ zw16sj*ey+1?fQdPi1eVQ6y9KU-2$})3PuvC*BzUCJTSBux4`&GQnna!PR|nke$n{3 zRy~~ujR>JeraUel`3B`zatSv$dtaKKD{GDnDZ1ch)klyu1`HTEw#Cgn6I}@P*3vV0+h|Bk70Ai) za9;DK3uhR+i<_%RYa5*~ct-C^CrEx<)I8OCnZ zG3J)Cz2<1sjj1MXUVs^;+<=|KXH=WQBl9^a=@o4!6PH0~)yG$5W*d$hN+kGa=5w`u z*Qu(QvX~2A9`>UZH)v8nx66nrlr1UoDUxL4KHC58Wk;V!*2h(a8`gfW|()l0ZgEmVwqgw2`W;zNj) z5&_qj@cJ$jqU-Z+*ZX&}5d(&%CzYtfpC3=;sK`jgHWd`!Kf$|^Hd#Vai0>VjWuD&7 z`@q}WLvK+-Pr_VbQRrm9bz|G6$g?;2B1Q0)F~&R!N?zj;UwWufBntHkO4cY)EmY(C z-P6ctqn%m-Rp8;YzlrPlY^P{t*E~^`hsAQzhKgT#PT6HHO@(NZcUT>%86_Due^Jw6 zD%X7W4UK7PD2d;1+@L6-HjFB0rgtZF3c9|=U(ba6Mn{5B@~1g(c-7Bz9&%oH{AuBa zwd%>d{<$)i?@(0ko?&yo2W@m7QY|Id&oRRJ#1iBB9iA8=XJ*+-*cwj$FI^@ zV-Un&^0|>lnTCD_qwzVCPd}{rJYmq3P)gi(mV3=X{5F*|_G$7=4+3w3W6e;)6Ce_>{9ykDu?GnxlucDp++{VsWq{r!Zf8@>W4(N$G)b^xV;y zrSqh!9fKNo?{)Mxg~~9S2t(S`lGzWs-@>oSra4*&OA_P+UlpywACh4|*=3C}pTJeQ z{2t#DN;{WuQ;S|nF2uRqm|wB-?j#>CiMo2)@U@Vy#aA$$!JCOxZ)TU@v1FDr>bp~hHGZqTP?7P^ssm$;l}(*OHymUR#E zZf2e~yX!2~)2O38KbV7ohEYSpG{9OqBVhp@(jy=X!aHeH2Aa;pV|5KMED=JoAMyv# zzxtJ=p?g`YgmgH?)saU_JC83e-`=uy!gTMq7COM^l_CZ+#?l^y;0Q4^&h@+|(cvcbwbJa{d{4E4=(+nXzOMOJ!(QCQP zFlbJf`xPU<9Ze^R+zV_Z!s@B*B2f?DdLP#ce;j}r{Sf?X{h$YM7CyB!ckzk!ZuxNb zmM;<#a+PtEU4E8O-!`wOIR0jsdTjF6C2rkrm4&cI^elQ7<9q|fv`cyV7uVmAW5si_JH_RDi+xiQE{$Txa9G*9!v>u(V zZGN2`Td!Xyf;<)PhC(J?-OgqT6RX^j%k~a`uTzgwtY^|e(n_UGQKL9X=VjZHE6T^J z)m8Hq3EA&o9`ge9^SQM*F;c_z#_aycH(v^JVM+W>Y!pL=3JZt$;D~Dyjsen#8Vt=7 zU-Puy-h$g^D-ZXo@h*Hh*F3?28uY=MAlU2 z(l7THS@@mjNl5fnRVXKmcLVq|q@MVAUm&V{&~j9#^9qzivge0#Fvcl}QC^F1jWd3p zt$J>zWMf21+GsTD{-DMwji~eZAZ|tZuMoP>$f;5G!n;|qc;Un^ISF|@+9Z`dLyXj7 zo(X3A8vTXH;yp=5^*kq!WXqn5OSj4+P$XEC{j7!uPWTct%m|;xy4#fF90Ik`a^#ToC1zLTln0IEvj{aoG~{>BPeB6_fjV|fOPYSC zY*`Xj{Ar202=Pkzc64%j_eEcd7xV+IYSoBEGWHu4ADlabCJ{WLxHLo(_Gn_s)m>Sg z5!8~N)M+0St`pLGO9i@#L0LwFZ)=;(k6>bj;fG2^eun@tAbThdTX8?;wd1YXmYyQx zBiS>x#M?D{sCOW{~UMb{Hw z$=(0}{dqi=%$1oLA?%Fyxmxij66Z%|rcgPW$7Rdi+1yU2itV_^f~Zx?r0okgXbeF| z3X4vuPlE7WqP`7$LHh*zV=l#*HNESnzzOXNs*cqYJG_SFLk)8i;qOLWXOY#hN|HSM zOCwUiUk|e#U15!0&aHzmWy5sNul5FF=ddRXM|Vc6HDAbi`8Xh9y&DQrlll1K9<)>X zVqj;4LQFYrZf{6n>^NskCxnSHMhH1gW)GR_H=;2(JAAX?dG6*UdCrtzeWEgfUpntS%0J6A%tH zk78;fVJru++J}UgCehO2>bbWi))O9NnYu5V#eNo)4(iP*=0-kpVkpK&S3LP9CV5shPOj-V4)#bOD3j$6+xytXJE~&iQrf8UkjV)+GB!t z{a#J>%BwpP@e3(b-0aD2uKSyG0(b7o(>4V>0(iqGZdC|jSFV~cOiffwvJ2~@D|k+Z z0`4P%4nq4WsHohp1IgmhSF*7jvM3w&n&W;4+}~Ydnh87Nb!H0nSaKpByFB!5S=AFf zf6vBtncWoM1y?7M&vg4?Mlx^#kd*1&=}6BB%N+urDKA0o*jL({bqC)#kVc!#Bm*tT zkkiuQfM1``Ue@V)AB7vAfWB+Vr|r^8W@fq+u7ffScC{1!wli`O1PjAmqY$)VeG$ho z1U-9)xvUS>L z7^jQ5+}j`SY|#s*Q+OFz2I&{Jh|G&NkUgKW8(#qQK`Is(gM7r$o+QFxbVUw}Sx?+u zQbIzAMqOT%Cy#XtMiUG}!BoU}4cBE_1_53at_){dbR6J6??E5NE~J%v7Y)9N7)0;&j71}rt~dvyjQ zfgg2&D4yOg?Nmozy_s|{*^3cI;XdVkZv8Ic3Y{Z~$S(?#>hrxd)ZzSS!yY}l*c8Kn zKSP<$%f88H=A~tB!mKa3tByU0c0~jd<+z7s14z9mIE=QK(_F9POIJ4v_tT`c?4YS^ z=1~x@5^meTjp>{u;L%?qss{1(59p6YD&&by!0)s*^T3y4;F!}iI+hsr^TC@@Jfsff zjtolMjvlw1Kxj@T)TC7R>n`tUQivbQOaTw;>%BJOJPkD>fDODf4=}Q!fSnofp4kf%`WgjybP+#eT z{LMN;QnZk_dZquBZ40qPIT^{O?UO}>0cnXmP_{kV^F4f@4v>sd)|H)-x@iCeG^qRL^vTVDaY&SXNY$s!oW z%Z4pbs(5UU`P~Q>N3Pcz(2C5rXd}mHX5RgIbRs4@ZZz7>JX_;Y^Ux&vEMh-3uqjC- z?)4~FGB;C!^J7&p4lynfjwqe-mFh&)Ia@WWZ@jSa$|xETR(6KuIWJYxr)Gj~f`UIG zOoL>{pWQTaAGzy{Dk0-!JUChyUY6UYsEJU0F8o&&iVz~z7t}lZS|K~2FZ{TMb5ea= zQBbqr;_QcPaNVK3bY6yC3M6(uQK_oyt%&Qk!uPxpY%;3f1;}Ym54|-L0hrVCbtA3D z!L?>?2;Qu7xoWU$j3mo3A`~pqZ)Zn?GU2h=>3EbytTgA5C!ViaXw` zP?zjxb1KFCL@IQrSpc$Cx1b7b2c%)@OC~^e=E0QKaq(l2S@b-k$&BIkbx~Gu1RR2B ztQF_0jJS#`;W^M+2d%*VAYyGGtrXdNf^5mk7yXJ8)5OCGM@d74QieYoWutSk{ZGV; z$T=#kHBB27SCqR5r)H=YX_R3k^WH*<{s<|#LJVyX>5sl2vSW(5B0-ZTVTuZd8PrEo z9_hhFiXRcSi@SuFYl;hK_g{V<-9y#URA6Z(s59zHDi5xd%hZD9=!8udS9&OW%%LAl zb{?~Yu`?C4z#-Z7c6S?tq+6nf+*)CI5h|rwcuU)*@}K?Q(gYiI_;YEuT{i01;yDt% z;j9a^=9ZA>{YV1ZAq996XpJIfBI26*v}~mIBxIiCDenZT_y|5jn@Z>$$1qt?%M6nh z?zkR`C(8=8V&$m(&TmfOjQdmHbSSx}82Qhi*+;0{(02j(qah!74?OksIt_n?J=ab2p<3Qo2 zcmcYcG z2SY85kNFmiyw)DO_UTT!p5luzPO;4rT{p>p9ht+Y=Oa6mH@#GYcv3X;IMB$Rtb|}J zkm>d9i-6(XxA`o$Gl!J_O1MC6T$3?qzCmA1ckT?`@5;DQYT6smjKaGIX7R)TxR*$= zA1x9Qcmh_y>Km9nNuvOgETK%_4%4Di&=vsr-F&NxZ5A3lp9mZ43joVE=#z`yIusrBMG3~0SE~OyPkN&FY9h=s4 z4hH_3knE{XTjzE=+{~Yh6T9)}W;^|;y zAc;JhBu-Ez`R@Q3943g^1KA1Z{t|?5RYYT_o^7M8#>r=_Xfh-_Nv$yP_K%PvBsHj` z6U-&zoKzxfez54L`M`aNdcKIhFl82uylQ3>3u?!p8)~dW5V+TPeZU-oS5KAMgEM6K zTZC)w^wp%ZFnU8xo9o*tgDH3g5aP(k>Dax0lGF^k*TtqNebQyqx^!b{y;^ii!QpxYziGO!jFBVSS#q?84g1soEod1yx_ji*0RRp4 zv9aF9K3z7OwnqvOLOdrEr?CWC#xc_#O~OUgvxce}0#*XPBQ^2y3-h~2+!+GvsLcE} z@KBm2`IFwCou)(9!({y)nsmVP(!u9Kek+Fm;kuI}X1&1tb@W_yB1!hdpnv%#ki+7{ zn(fZ5_+K&NV~U7~mjHUJr)*+<1G`rg~qZcPksML@;XuBD+37J7?2 z9bzL5ER%HhJ_1CcwSzU?QkOMl43VT+KS6(pX`Uz!jBw1!jsi(dO?pZC*1OkF$x-%D zGWL5bJ&F;zq4YsL4gWf5La~_F)<~IL3Q>?z(}{>ZgL*PB;`HAMMGUcgY}#fUXYT)m zfn{>m2!cq%pX^kAb>IwQ5IN4@xCF^&qX4LxS3-Y)EX<;)Sqyv5nz%(WoD%u$?90lQ zxI5k5mq^#ymZI`U`y*EyVStNtW=Kw#&Pj`dYic$Tr{x8AxZ^frSa-Qd?>k57zxR!F zWXajfxpqDE6FsQd{{9NMAP9%zvy9bJ^%=s-4?I!YRj^*E(e=g(Z=EJ%6(J(;!8jY4 z!Mbj6(sHo(IK_*N?3dEIxBL_SG+3HjFSARxlEV&Kc*gm)Ewbaw(+|S9^KUg{v()7+ z>wyBJ6K7t5+DuXKAy}#FN3go#p;HL9)6<`*FYAk-_F?l#R11N-C)Ivw{C#d{uXmBw z84?!qvx>-jICV61W5}HUH?XK}Yd_xp!eC=(XJh6;CNg#^?#pxLqW|Q_cYen6oP;V3 zOguPWR47G+a<7i#vh_mHKzhdOw0BllK*d4uXtQFg)(*>3^;rkJX&@p~sa@~*%y4wv zl3$%ph_LhJd%Y*TM%8rZlcdq`p{?TWB)d-vDYr8O6J=u;>JET0A##o_p^S_i4qbA6R<4Jk8*ev7FjaOI-C65$xt=y{dl=noSRr zDa=*O8+?s7n@{^O3f)ew^cf1k)q*5$+GR71CK?r}*AdOz)1{!|u4b}BJZ}C={||JY znV@s@Vqr}P0>3oiS*jC+3ArO~*YQ3{y79sZj{t-_-|nSs==A}WAWhKzwsq1H+rJo3 zhkx19de@j!UZ`4vx5zT&m;_C*pxqmh+ zx)lzAeVTUR<$J0^YOQ&+mV2dNiv%!<@d;}Vyt!9%!N-VU9^7Wu$?hUFcv9+zF6IWLix7cH3~5@TwNbx+cM3|Lk^ zg~qJnv~|W6U>I6)9mT#7z0g974UKeR$)qMjS_(8d=SWjO0Dd~K-NK(EAZC8Gdf5!LmLJRce#rSmZ zp_}cU)%<@?eBAx4AsAc2>xY)ck~wfO+N;$Dyy_KB>gq5sF zpH%e`DyHKmX}ttUj|K(~V}MIM9@7U93({KbZNAdXobX<)O!`>3raUg0JfF*LNjR7g z^=BuYJr!|7m1PSyj?I1Nz?%nLEjUFij6%N%iacoqVmedZkRMKaLIKlhsHnEx`teEs z#9Zv1V*Rn0S-a2o8eT%9H7B+w@B5&Q&ZC*zmfC#EUCcEMf^a8FvdDb3-f7FR?Z@9 z07#&ecyj2WhiTBKdC*kFK3=CCinJ;qmy^DCuFbd{Bh3c~&@N)xkqBoN=v_p4U1oVJ zA|E=7$zI!3Cb00|IGjeqYv?5!Xz#!9&C)wWvOGS8RN9tjR zYSh%`8XNp!NY5y0qLdu2qMyJHnK<9b4u;UE8TOOrOS{)oBMinUlBwRQ)xuB}{3iIR zg&c`(2Zp2RgfYv%JaKO&^mk+uKR=u4({viT z-pn@*_PA&9UP;%Xd9m+THED*1_(`Q4iIIfDtL&VAeZgIMSQpJ%77?pDg0nS{RsvgP z@PA>BO&BLvzm4Ce&%@pLAT6_hbfBP^41T;L`t@=E>1qBZe4VJ9 zvi?u~Ug3|P(K4K*l=PuI=&?m1AN`U=CA7W@WmNa|@|QX5u^Y41><(Cs$eTUZv*FhH zLAA6FkB8gOg%t^=+2^L|Zv;#>#9h4*dHRxvD?`Db7@WJm7AC+f^I1INGW;_G2KiB{ zzO~A#-t)NXrcq(4x42Kx5vsaT@ddP}jqe=|lH{akLB3rIy{np(^hE?I|i>v}UFu)zen$zOX}Lv!bQ++qrp1hW2ZU+ghV0co@*73y7dW?1=k{laZGSasI1 zXPq+kg){n+KwZNXYt^0_Ig(2y00|z52>e3CUeG!$a1yF1 z@jJ_4*EF&6rOsyJ`?WvGW^E1ZzMog;evjye)PUrit_E;c&I0zU_JeUD8JKGon0^vr z-V;X^w3(~1rNTsrXY;Xsat9L0DY8 zCO^Q4`&(1VGtlC$?cYj&Dc8-QeQvLfFx1bOn?R}s*7PXA4@bivud* zwm^SizXFDS8eaF0a7f$0M1A1YuODPR{AN2^Y*~#?b$8R_)h(8B^$-1sG4i7q0aJD3 zdH1*=XE1FBx{G%2*awu@UD=1iCg+FSi6rGm#8;K~g#l9h|5rT;{|#n|r6Nc`t8B+b z=!%%rp_+HH?eIn&6XH*=H_#ft$u?+FHzdEdT9owfpJ-3Z(mkpGqkr@q!5?5*(0NgQ z1dIY^xRh;LFJ2v$4h=u06tN|H5`QoE?mp|ShN#zuoqV0IMlaJXL-|ocy}!|(pxa9N zUiXLUt@Fcyg-gDDu3x0op0xWa76RdxMr@QkuBEKMVSnkP(c`i{_Ot1#ZNPIB`&;~`%LSj zAw+6^zo%Q*aen_(=@DN*{jZm4zbGY^w@VE{3p9Fe_4CGFpl;=!a0gKCR8*2CQ{o1{ zz@4aU$z}eSNNR=dWgjSN;e{5i^n#PdiKpPaR-R+MRM`PCGReSAKxip5Z-dk89e)l+ zfhg4x8tYrrqdC4T^t|^#Z64p1y>i(m!t$M?1y}#>!{4SRf2@Dt0_GcvwM!DYD{=}j zj{+_HVMQsGfUUmXO`6D4yv`_kDD}0KPg)(-)ym#u-8a0%YSR(VG9J#r0;xr}KLBJJ&6LiW~M zzy#w-CAqyf|B!gbfrvLQ7bbM9VrAnn@4Qy>B$6Ya3}cxswRogzh^Y|t99L|>e=uS} zY?|#?U{B*P8RUGXGaqPtVm^T6jGj3B`3;Z()DZk*pUUa}yWstmIM#3*C+nKslJ;v! zO!jc!@tiCxB{4_a3yytpJ}c<)W7xn^R&``%Cnbfi6ds{@Fq`#o&G}51u3LS*n9E!* zaCULwc@^l-f%yMHpxF#A zYv3Z%yNS8n_;qbRy<-}!D_-sX()Qx#Ers8GAw|8^ z0_Qo&9>`>cT76X)!+n00H<n^qpq)$s{{SfmRUR;ySOkCM*o9FQ*R97!A@x)tYpTNESVloT+Z^_If6?U$*8AFwxs5$5-1PEq6KAKg;#01lbZZLjPS3;24g8{UDKQkv<-j=v3eo_2pX5sm6dOV)dgUmZtRdW&{afIG%@+5h}paq*&S z)_!%fw46c`8ku~3bie8HkV{BVK>k=%7@!N-_)!{yo{uXQ7rrhVp}vmAQDMX=KM``&n-BPfdOv8{?_q}g4&fSE<-c$sKSi&B~<^}wZZzR!I zE>?gHO{d6f383b+DIb#@;uAE1<3Ntsi+8h$QB+Q{7** z^L&<8!2Oqm!UVUcW%<(HnNaq`Xx++N!|H&=8QX7zvr{et0tZ^aelq!fX}R_GOPxux z{P}q3PC^AkQLfA9C4sw@hyLy4b%zz@54RtN#0OME|5#8oWXPzk-!Y+J3B`$nLYFYT zn{aLgJ(#d1)MPU52xu!U4IeG>`J4c(H_Df@w>Z>NQDzO2A7h>y10{!{KK|zg(Y(eE%3V{qo|Z|M8HT2Y&nerTBl%`1#+^Wc}M3`TvVmHov6SuCGY%ABXNJ zW=fVW>Hjtj|ChTO57d)?>UJSYYu#d_+kSWnkX6$BHR6aooCLBfVWq(dNR5D4uv$O8x@o;C;x0#U;2 zgg_vS7$)G80EHWT{^!^K^JM;W2>$bW{O2b4AA3ix@&B}L@&;}?PA}a&%w4QVtR0;k ztaw~4T&%1dU2UA)RxdP2k&xUY0X&n{^-NyEc$okphb?Pc7(?EBq1WDI<`>wm*cCXG zf6<8>aU|G{*yXy77wTAYh%m%hccIM z-}qzpXJB#1bDN|~61#VhJiFWCC0##(kVl#L@5}~uWA6~DJAEQ}rPB17eE+=8S$C?@ zy|I$aZ(rFZg*BlKvTU`fzk2R(zgM3ErPB{DkkU^4I#70<`&B%|YCGR^%WYE>+lJlf zV7e^e5&pL?Nq*DCJEois69`e)xz@+-O9s;g)~WjUuCx69&vK_skg5>bg8QNXjyTG{?W3w2?qwIh#0@rlDj4lgMW7PYfsXLk3nt2+e zua|shcTZB&($Z4v({M0X&)@qP5fWzv47(}z>RF^9i{#%~Nd&ant?$BMJf)kr7^vXd zk=XR^CFaG8f7`!3+g!%L#>U_y6;7a(y{6`7PF7Z6v9q({fWF=!CqNqv7SGAf)$@z1 zfxyZgG4}xr;|D`;cZ)|I)?;q2{~d-zDaysQV&RL07#G~HMr^BNxK`c{T_m0P=^>Y0 zEGgN1UfJd{elkph1;9~I06f=SS!@wg>J=Kt-8S%>S#A+EcOzKh25;Wj3cDzSyC}W; zaN#eKO9JsS{OoDne28vD=8MSoj=E0Mn`bl9BR7{vJ%$1mqxwcF`lDDAi1dQN@^@{Q zM{UQ39sy-FtiC+}sKi-v3KIShbj65-FiYw2yr4AGy)3iw)ev4%l^pU)lxi`eFSV|T zb4X{4U+!$^?K!tP;lFN^Z8dP*g) zwaNBZGN@d^t(zLFA1x4Z$D;R zMA7x&z)PnCeEZzqiGkMpd2?`Z6n7oCuXdqJW~CF@X4){-$YweTl_&c70S)6oJN!Gp z>hhs4^FfT~f3sh|dkc=)@ky*9`@5P2xA`8~P-qqB6vP^K~`hdpMd&ZQLlH+$?n{flHo#f z@q6@HPBgt2PM7wZy-(L%+Y0nHm<&!RjTsmqg*WLG0Orh|kjcdzO!oX(HmfTwSEa2o zql&r20=UAPM4BrC>3wvAE^0|)o`$6J9z969zVD1rVDpOM8Ond24i2v7rhUS{qM;6z zXO)tRv^FQt7geIJ6tZ%&dKg!n=qk1Hp zR;jRW>U#L7Fm<`G--mKMi}j%-jM=pMUHMN^SEyf&I~dJt*2T71IwdBxQe(y>;T%EX zkC)34?OL8M@!FW1<2?g!Ab^#Pjq}l?&;E2o!n>y=5HAZk;+v*`GP20qNg6{w<^{nYp zkr{G2PVQ@9gmAt#NK-!NTuzfX3WhXwE$y%xx{n_mDe-+mJNtUH0P|93bT70+Uu?23*o!dVIB| zGBA(b8T(%4mI)DHfH>isx~qW26i=d=Zz7}L6dS=+MZ5m-gs(cEZ?*2-Yknb)C>`rD zw>(FhDRDqm(g(xjSLbn~oYvTsemw(IsF2;9!KsJn(1Z>S|C4UbYAw2ZGwu5&8Gbt3!Q z^vCk0DKy3dmMI{GI;$pr;p5BrFH+U8NESqibXsn~k!d+mTSa@|Zyy>+dJ-TI{$YuF4Cro2UgwoAC_>UJ+hwXH;KK-7CtK zcB@&(*D^{W??1~Q%R_si7hlUdWWSLpaD9`V30}r7)&z{hapJp+=ot`6w>IrAXjxyEI4%gf0s?Fk6I zxP{4N*pfu-1wB*}!xszA)FJ|;s$^DrD{My+;5kzaoUin#{VI1CJhm3I#=Cz6TtzLu z39>JQ>_3CW&BzE>wS2os!#bMACZui1=8UW1l*?m53!7xB;Mtr;M*llyy4 z`@y=ztYMzOe9;#?8KQ|bfR*3A1k`-l`chDLF5XvG4t^iLesOu%D^KHfdIm19d7)p; zs(N~~PI0iRw8pz4x_-38a3^ZS8;k4o5Go+dTN7T*=6|mDoB5TL9&EO!Ih<#fMSgEDbQH>o~A9h2HFBYo5g!KZQ#>1Jn~0@I*`5m5R!E3JGM=gKKM?`QOM*) zs+y`%@_`Taehb_fgN?A}lwDQS1T_T3vnmPSfU3=6?IkrIkm{H9BV4PfL1Jnf)Kv37 zTm#6NlCQuasz%6rxXX5hz1ZL5%3nMa7y}&2OM*d}6j1CA)sk)opHU0NVpgi@SQOM0 z+cY>(jIn_(LE8epAN(&`?WN^UD zZy709^xgI70_DKAI1i7SzKOq=PR!pkV}pu0rC0lTS%~_ph1cef)_2KSpBY#c8?XSV z0YNN{`~%E`xvt_>G1x2flTEDczcx6ZzpMO`Ol7oco59!!4HkAJ+>PT^10g^mITWLI zqj|Y+R&y6t>upl-Js0Rq{qA*bayzVTBMG=rx2b-?NZYy`nW&oa93!!a-Ul9fpy-x@ znd(8XvZ|g@Sq#vGr6A%S^E*N1j|(18tMThs;TvX|6oh0$4ZoI!b^mMl8PkA)-Hbe3 z^4hdOiQ-fF4=zKyPj9ae>=}O0PBWK;s!a@DCe#T-^0(U!pa=f=Ct;caum3^_^~ntxL2{id|Y19C@{7y(l9xNYOK0f;1+QRfkGqbFy9bqO}c^n55RQmK~aF>6&Csyk!3OfE;un9rCN^zRO z@fYq1B2mC*$bkxZc5`*7v8-8G-y!xtI0S=FC}*H zcfTvtVd4p-BSs(J$0QD3^jMwWo6Ev5_;KjR4mtnZLwNM-u!ZBR^kbZ2|T|<-az$6px z&l`sUYia5k9+;WBsM;Tha}K2gJK{Qc5Fs0bcD;AfY`eNy7u;tpO(#48M1C{oN*`uq zIquF&VNkoIDHBZv4jX1@{CjosI-lf-;fC&ay&Q@7UcYK!JZ@jsVFpjlJ~6DAM>s%= z>rdUo9L_^V{Fh6sk0w{VcbFP)>v%1-91UQ)q`|+w3c2`Pi;2b#{(kg!pq%+m(Sk2D zR6oAnHl#rRLfb+wukvbVfFXji+C(z>;>gNUQLkTQVe^l)@j-lKC`!1q0JAaPt8y*p zFyK(G2?;|ihZ1^S5JU$l&iK7i6;#tDo2!|ljrNBfJK*BoGW%W^R=tkkWCt;rwToZs z`$@5*pTcfv#Vs7un!c?nWkradU;ZqsSP5>F?%osEVOhIBx`(L=RjTo(-p;pxe~p^R z$UDgy+Mbbu&}zl`&TwASM=;GiNLWwtMSYdLyvl1(Xn7o0MJvK44=5B0{QiL^ z+zwPE>#*>|rLlmf!Z_krH)PczO~s`Z!wJM;)cbzs@ea;23R*;26eU4zuk_>bVJ#4> zdRj7vDP$L;<91MR1-MMu-vZ)tZ{Dchl8n5K(#G)CYUB|l(^F?2Rr^fcG(G6i zN!*oV!U&Il8@b+I}da6}y3648)fOh3D{-6%1L= zce`$Z{bgg6L$6wv8n85K%0!X1S;d`or!w-I#+_A zcSXO&?tGC{r>SaetPWofs9d$jSR=VVkPsRnvu1Jt*`Hp=?5F0Y&PwecDkg-Bjy@fq zgCXkJ3N{Jee`%U@Zba$_1+Wm$>`fv(-kSp=lI3O3nBb6BYiA{Ygzk-v)=z5Zl62e~ zVa^P-)ujQ+nGD(DHvYrXwFpp5ZrMA}wi@{ar@F$Nh-tT$=NlI#CZATG`CcTQ4~WhH z3vEz_O|bkC{nTK-K;F2aac-D{wya?j_9L(D^ANY*N5w=}t5B@@2S1|#?8PkKk(rZU zjlB4luKHaxNLb1xT3y9{W#lit4IbucMdaUlvzYslv{6qPN`tc0&f2ymt0zaetQ=a; z2^qh2zw|1`w$(#~-kj)wpLKYr{#N^LeE*FiF%p4u)(`3%6)x|R%ild~4NRoFy)I(f z^$K+^{YoW0`4L6%3q1J)&$H%x_yvY_18(Xj1;zKJ)FkHAcN;xu&f5IBh;2VBK77VF zUbE&Q`SHuKf+IuT-ZlQO*}44M`@IBjybjL`%w*BUlZe7gKc2Ip`OU&Hp!P5{fgppEs|u;LH5wDid;0KEt=(PB4;_SxP}m zi5d-i6aw;1~jzz&@&xtNe;iMXpcc6RMKXo%{-lNgvw`t`Mo8!H5*89(0 zi(&&yq>*Lm$jsMK%hKV*n(PUQr>PVC#K4aWB3|<>ctLXAJ;IzKVOHcQyCEH;>N z5u0_pF8}VD{-$s%b_-TJ279jaPCSU&kb83V?@O=n1=9@0<}{pKeDUbT*pAtlMs=1O zV3XbnnzRW-U&(qd?$`DI?D>AGA@|+{6_a;-x_N$Cp-J53(51~ks*{^*zao(mu2pgN zotlHqf}DoH!qf{s;F<0I0iFz4m*n2qSN!PMWiNj@Vi2?cqJ(w|$mnc&-&UVVPEh%@ zx8J6nyo&pfY9-Bw78EvxlP3u&QHO4Nb+E{VxL20(TYR27+(u?TcrjoB_D~C0_aZD~ zgf0D;$O}77NuEBSA#2ys8yvIx%i>o`Iaae*N#8QtE`BeFhK#FO#7aoW58Bie_THe| z4Xzh6cVlW|QQ)cqg>>z77|7>T$C`eXM@vB7njNf%f5Q8fUEWhlee*`r`}d?G)uan< z^3v)x4-cf#SDRvAvouojCB%mhAJ}lE**~)kOR+XO?&U5Oj?vQd`g`unsA9Q9g%q#E z7h{fqzDrM}dbf)$A}XcNGoDcwNbA|&J{u7tktxLJHK%p3__3g*hQX-x74pqt`qV5C z_al7$BAMtlWnH}`t#TAANVY2Mv7Aro24P!Ar_96ewPV%f-1QW-jjML8I<$XoQ?F<} zed;Sx1C5?w(lqp{qPFICh)TEK2}#5EaUlvShjc7_1{Va|jp`I84*tA7^lY*+s_}nY z|7C+f3@n9A=efZ)-Yv+hH& zRlgq&M;o`@ut3!>zvm>(Eglx`L8iXmLSZY%nWajvGX2_qme!RB@6GD!*_r-PL#;XV zGm&$j_tKU8Cb>j-b66iym zQS2%gu;+67Tr9U<()tz^cp%WR`Xyc_b~{@LK1Ic3)mtXqfDX7*2>gbNc@tFlJ+R%+ z-_)Z6X(ZsG^`RU3W6Y@@zP+>TLG(<1l(2OdVRneoKA+WUohw&(e)IzCo;`bJ^XJ>4 zOO**RGHghbE6l~q+slQ}`-Syrdyieryw(i7C=nI&STmfAPhB z#v;(0nj2WSp1PMEL@lz&_3kem+J|^qP z-ph4~#GCNkFSA`$@T=PH;7?9)Yj1l9+?T-p{8|PwZB<-f8c9L4QEK$2*7-z+1m!-L&JYU6l=DTfA zqFwfwIFg|yo>VqRt6cNOz4rV}At)+l7;dpZL0=76LYp!_v|f(&QAXNn6d#KEO)NI5iRG9=+WA@n2r_Ym7V*0VGAdPYWj-kaBZigKRd_xJC6-7eUUF%u*FIs`MVEn-DM`^HDRPos=* zKe?J=Al>EBy_RKEyC{g$VuNvc!;|Wj0@P~HOw9RN0MbK6JE7dl7tW_=56n<>X(}81 z)Qg3JbmOFav5K*qj9DF|7s18Ufcd6hg!WOb`=K>R zG4gt)fO@|-q)3VFtF%^k2|KqU7n=}qc8bNu%ZesNHHSj7b<^3VrEIvUy$#5Y@e#@j z7gcN*$7Z_!jyrmMpsbe%xj=wHT2x>$`rK8cgdW3yY7LJt)z2|7!>zHLJ9ixQ%*;Rf zMhuE=7KRFly)2MAa7h@v;~6{T731hVV-~KAIy_heZA>mm4P_Le4!ao>3azCi%dK6A=xvXjajmU9FG20nUNa0n`CK%%}VK-jw zz=>BX&u3>XTgmC~UV#s`_b2O1^{z1+f1RD8@;R;- z9_=kFUwe$@vJsq#2ML9$74ufS8Bfp5GFd=ngon+fSLY&Qo4}vL(no&EgFD(g*H=d# z2KPhLyES{5Vo*-K6%$=3c>EY$&=Wf`BF2ajGXN*|SXRTBGuk{7;Mi|ODeVbT+6579 zCNT!TSQkLFO>vgI=&#ek@3N2f-<$_%w@}z3{r%T2PD9o%hSO5Lvibh}01Mv3VPi{1 zmlyh~Tv0+q8BoXJqO!-vOk!ivCKK3rPzl}jb){aokL{52N0(S9t!Bzld_&b*^=2U+ zdWi=zZ; zg^I%i7P%V2MhR63zD7}}%a+SxOJn!XFjinqW7c~I0~!=a|+f`-F);H_jRZzkB3SpPIa%s_ws|3Qt{s7w1t0a0)9@GSenC$po0*ik;!? zYu-A_;h>Z#nkH56PjEh-klQe54DqmALwhGTVHf>CW1(%+8axHcW$#1+nAH8AQmU@x zoa=94$MFk#z-IRsq2g14ev}Zn{{golR>N2IA*)0GooA*&}t`iVs04ia7AKdW>zq@Do8hi|pM95uJykp=I7{k%>E>L0FK0i35YbL*f&iqtW?+;+C{rooR>l zLgRcx!>SSNB78970z$r^e0DizB(=~rBJ^`eIlILnqT36#LhfCEYSaQJ9%h|et>8L{ zLMp#rPcMArZn!LT@om(8(7K8W5?N_-i(|%a z*#%j1n#=L{i0aw7yQ~1ddOXzMtg2+;Ne!k*(q~g3oh~U;TO4K_Yy&6=nW!*4GAss+ z#umBnNmn$n6+mF1v|H2HM`0r>EBO%&nXEYlu6DR^;Q%d#E}8IhA6>^#U9eH&NHYKo z^iuT*Z>WD+R$^sZ-X0B}`Gfmg3$R7=srKoqud|v6rnYn9$UGRH$QODu(j~j*tOnUU8N-FiI4suzsy_jiWqMX z)Cynypw1)f`8S_0u#)R~AJTUwl|Qo+PyhrM?0mj)DJ=j4L2noV{oS#0)f=@TA6{xI zA_l_)0En&{*~l>aAurt^2?$0d%QKo9vBADPQ!KVK6oPaXDWT_v>J8G$d`p-@51%He!@baM8^{?h>Wgl9ZK|l~HX#b@}CZl?%ID@*Ux2wZs>MfM56ZJhq8pu^1~U8+-i->*Im4PGYTf6hO{^yb;OirX~xOc zp`PG${I)iY+gHX_F6_DK>{X61VkO{RYn&MxmyjYq%NzZ}g%1h|U_^&c3!`KARosOE zzBMZz<0P(dCB$$9LX%dQtpA}P1x-H2hqVb1H*gKIg-XNqJ)Gn4`mtD@4mK)z?2t@| z$*tY28^ltzVqd|=9cTz zN)8~Q`}WU~qLbQ}@Y z;%#DhA;hT{TlmBY`55KvBW+8;qipfIc4mF- zyts7RdQN2j#ePQgHrTGcl{V`qRNLLQX}>e7F{AckX)Hue7!vs@tPl%XtOIfE1T`$I z-4biXr4$4gB|%!RCaYs*1x11SBYOIsgaUC13J*r)c*pMg(Jl<`JiDyFAu64j_*Z-0 zuzNsCn>-NkPR|Dcn~hj58KDn}C|mq#CTR&! z8~hR5VfD{>mu>sU`{&voGEA&)^C!m&_%G3fGl{ctJ20`&xaI&!C3&W%pl^sSZ;}FDI`J56F$Z(OFq|J0iZ~8P->3n83A(!s_Oja+UFR7nD&5 z<~8fISj5b=>bU!d_4W4$9K?^5fcbwF8B*e^Aa4m<6^#8HtgE;*r@}av<&JpG5dBh^A&>!@Fl(bDu3XAp|u0&;5jQfFBYqv7iuU%yY zr1oiB!OgPJW&tWXxso|D_tIfSwW`j}gyi!}*X_%9Cw`QbZC-jWP6q!q4pp-&DXXe1T8_G{X+HRr$22-iZBc)r zqx*5p9Td>7fBEscFc=4=cNni%87-->sd;!W{)zJD6t~}>J{50Ci+Il5&UN+-m6i*+ zU|3aWCWV;AD?5inPblMoO)52CS5KrgmF|1`xVS90-phIZo=Y0uzcE!twIXuTzY<}E zCGA3fMq3Se_+9Ibvh83EVgUfo=<_RRGr4Qqkf6#f#nkK$&_rbeLj|?8vmMfXydS$K zM`^K&PFzP=Ew~Va)3H*j6=MPhJA9Ja=nCax4u%-bS|z7C0e!9#Jv%~(JMK_(e!e(A7HFP@kBs`^D8VBLNV+&9EU7|3qG#W2g={siKB ztlx@rghkjcqgVya+8CqRRIF~ux8v*r|@oD9;IUrp5W%yw4q zCQ4$tI#V}LvU|@I6y_JC&5D@ck}^66xYwAPr5*hdU-4LzzhmPwPO&^zr4uz!;p9YE z?l+DimhHqAi^!#Q?wSAq06OW-Rs~wrZ8&3NF#BF8nV+O<>}`~?pQ4Ap&sIjcKE0LB zXa8OE@~e_UP30?vrCqeSn-p!>HdNw{9X_RnYxq7@TA#jk@+VFX7*x?>Pt1WEoMDE$ z0&$GKKd=|k0`Xb%^Tzc8yeF`q#OuSWw-$3)0NRD>bw^&9qo32>YfV0QK*o%tu)!^# zluXCHJU&-;jWqQdISp!YRBlT_^-+Sj0Q=L&AyClU3!`go3=@FHhbie=br!LNG;2Y= zwa0bNW=)BLJl)l5@pX`TvjA{Wm)DZFq{t%>WrKTUQQ}H8eQ$_Uzx=~yfx`%T=t~Y$ ziz0>`1fxHI@0Yk@cZ$9TMv!6G2%-^=`s!oWbD*I*7#fMm6z;%)g||&4g&Z=y6$dOF zvM&ty^BF_8(u+p+)q<$)S8|Sn0`+Z?w}+-gcJuwGo@zE&$Fx5AFVPw)YMaR8*!(h z?`#I7eA$_rr8Yd=j;U6oh5=2h-TIs*eQf4G$+`^5#UrSEl!>N+=mXl?7L4yb z4~pY8%_Sbj9CSvAQFgH6IK|Gs|8YqhHj)X}%2ut1?D#J?c3uJbb-D&kn49aWo+`-z z>Lj7cmz8LYGFlWS(h2banRoc?Y2Q#cc83X~*#@>swAVCN7iV*LAcwIJ3o?%G2Eooa z_Pe4PjBID18lIm#170I3tPWosi5}&Ei=pI(Dqu<$G3HfAyY@~Im&@~*UdSaT%9twAYHVq#x*dw5yM5I#s6KKD6WJ*5v-pyT}o z3N~x*LbY>%Gt^CQE{u`7Ud7aL>zj9hdB!Rg_iE1#XBx4K9$2ObO8_HY!p>3{+YY5h z@RHHH^^D!GwZ#aUPZxEmmQDB?LA-6BI$!EoTE?)1o<9sUx$!y5y!G|3bs|fAT*vDPvlnON`*m4yCo86}~yFBhd{y<0aa$v9TQWRx0w% zEbRB&;g`3ZEDlrHi1{tGMq*y)@sAv0He-(WZ=FV14? zZ}xKI^>21In^$mg-p|B|2_zPAor&5vEoka$NY?!aPamt@^_OqmxNA`{${AFBoJ{$3 zzwI9GKNSQ#jrpGXCYNAM_dRs8mxRuzYFbp6Puzo{I6d5AYNZ<5>&$2;$zCMhSN)qL zrcYV$RJ8x!Gd90)UpsJLxvpPs#Zt0gCnKJnf85bM(A8pC)?e|-+y~;t1&D5CmF@h{Pb`7frRAN{h7bXG!p)dw}UeY1YF@<{(m}? zK<3>|(&z%1Zm*jNu5Ge$9hbtNK7@^FG-z-;2{-ch6B5-ApZ=zkNWQ(hOe~&1d;V=W zX2icNIf28!VE7jdCqOv<^)DFy1;f8!`2R=@_N9Hcm>7U5*qtL(!-C74DzJW3*XpHC zET)YT{f?jI(`$hbVISN!V8LOk(Kq7hH8pMClivMFxD>% kiaej%KPJB+{QM-Ua6 z(D{(dw`k;AX>K-uDofGz76anRfS5$%k>#z(eJBeMz{u}Qv|GR|s21s0U{~C`;iSH+_V+Sno^>-JC zlR=JuQ9o<_j~Db@_MOE4g9bdo^R!as0QX*B==i7U^eQ0DtJC+3=mG>ED^`s8>ik55 zrFNd}Z8G(g>`~(uL3>6&Ey`C%-~%xYJ=;#R^1cT@T2S7l+slWXCqqt!oOo8>fDb$@ z%l#|ydqm=Q$M;4mjsoK*JP`Im#y>46>Rfd#TK0hhk0@>*y*ceK_*U}73p4l;pK{1R z$akdJE(tF6DFN?jOO`JL?=}n9JIhZWuT3T(J^I9Xd%^!=o1e$DRugovpdTy#SkZN* zT0hNy*S5Cfm`kr1vd;Q_U1@6}pb$bwe7fVH@V@SfBh`TQhXFUS(Btt;x=;N-gCF{0 z2jUA_82Uf4j9n3Pe5FAgSiWEnPeS16lpLc^kN zTfzrK3ZnWRKn$`AvJ5SG*tP0^o1i*wEsebN&9&wrvLYq#nTv6xVN$A-1lko}Fw zgni*s0k0_@?^iof9}o?O`{gU9yK;iQ`&t8ZPSp;HVE-LJFjo6$szFgwiurrSs`^2> z|6#xpXu#r_+UNJKpOl2kP#!k?qga8^Nai=ola_#GOCLS)o8{`&9&gIUC`TWaSfd3ZZ*Mq2HkLbIb`Hu6Vd{zb>vCBG5EPCa?=R}1(AE=G&_ z9w%s>88)Vh3MC*lsn;K}*1)_0NrVX)(l& z#$b6#gt++D5^C?^QI!Vvc-b-npada@k@%!?dlWV;fEiG2+czT;{|~Y0+d}rxXh|oQ4`qU&gz|HJvTSFS% zm9~mvI{Xvt8Gnr3-*oaP+)1A}z@;79)~e75ob+lC7HS{;V|M`Uf~hpT$4n3xbNami z2XJ0r6Nc3i;=3d!mrjKSU&Gh1|9G60EF`4;n$ga@^v_d8f-XQb*Bo~wL8od+?{OdZ zz?%7rj$iFsmbI)FIwE2`K#_|4B2YrMyVeS@6tsZ0ZL^B=D9ntzkr$cmpb zJ?3iQBK@g$^uM!@S;dbYZAW^>KYD&RYo9PKx@lJ1aXkF1ln1Aqdr!HeecJR#;5NRr z+wJHAY|8W`Ds+lr8k!bq5vtXjq(7(a(75R8UC+~U?Nbd%+HBn5`EZ;SU$dp|n;x*A zm)3H+vQMY#_IaS^U4M8f_E2!#3ZK*wf1!Hyb@18vWoJ_P+<$$+ZjCnsw13#IL8$vt z1Hn}^gnMut)7TSqs`mm#J?Fo2a`OGG3FBJd(~w3jRe3CexVl8wb3=+EcBa(y_7@$!>6Z3y!t$+ zispjj4pfoQ0YWv^gndcj;OT$2x*x87q(TJ1vB(AHpKdH!z;J?n*$!n5+vfnw+@J^^Zg3Fr?XqCGG zQ0c?9$g}?5XAJD|b*tCbS+|C*|7d8ci4lSj%np8k4;FMbs+ST2(XP52FYMmSvxT8r z?%3g%6DInr?+DF@^3{JZW@xa*;{pyEb?7`s1(t^^(pDIb--z2dGj6|kH=2kPH!(R4 zewPbIF1*f3JWOeO>w@W)J~CNN+qb4-@KkZCCzL0ux@s1k)cam|eZp;-F<;+eg=;Iu zxn)EvXX=WzX&zW*@10#j+m(@uJ5e{l-v(1~ZP!c?7PpV5yv}z@4nuYfy$ z>|JFx8qxx^f;w}b#p@8YOhB%a|3*WrC_c$WGK9nv>T7hOT(4svK<_5 zr9n5NH3t4H21ITdAJY^lD|;f{zoAw^PoWz^`CX&eSGA8@enU4okmH4-Qi(Vq=nWKx=e#HPu>i0@$2AnQiz@YzLY0_eoU{vLs zx;J55BEr>Nv;&xNb3ua>Q~4aQbh;8)EfOs7Wad?6tbP1~_)dk>1SE4K)hb@`)h}}(&M+_LWGuW8!d2K z&NRrwQXMFps>Z}Hj?msv2v7M0pG=)2ff2@ZTBJ20nvau(!S-h5j(AXc5k$9LnxW+9A1JNu!(K{-y^b zYyOQ?m}65&f~GzZ$lr;xKxDUWbxVBY(UqkjJzj@baN40HIS$qBK8t0!%h>cS*=L<4#vMsel z$p^+C&0mLbw7n8Zx{&>c`o3|9V*&)`Vye(lOk}x(OJ%aMQpezJ4QOBF9oqn_ywJPE z?{iVlu^!LHm)Wy^@fS2JjO9q8XRNr{Un1CVWplKa-mK0De};_Up)F!z^?58{6{izX z=i}Bs;cPP;<$}e8C@OS_qVJuaa=g!B)jCNo8R6+GiIxd52nx~a$IT_>1_$U%3YFfUZ4Y!S z5VcqeYU2<#^)9_kbLiUs6$WqY(_sFe#0yM8;c0?ZqGOi_(zMoIKY>zqWSb=D#7Z;E z<8I}G3;CYXJm7FP2s)3AwDH)6*aH$DbAb$t$U2jm6A0F2HH|~=R%&T*4qJ8dZa`mw z#}6^ErOxgQpi|IPA~W+XLrb02pzf@<@DZpJ^Qzn! zk_E;9IqtPhx^z$-MoG$9^e<_rE4NU1Fl=F_ft@~#RxcID?iQeTr%&>E|Ivw$1K_^r z02Fyq#ux6?7`O2P&LI|zY9x+zRzg%G+|6ULZKeFc6S^qQI~lk1X$A(A_uTB~oB<*= zqL!51hrQXqiYh&}gcg@TTZ)*1TQFmWZpF$dt@7lxSQJz%sxi9nQJ8IS?K4v}_QLCQ zRlrq&eBM4z>(}YLDpBT(*ONv1v}4#gG?{YPoZix@2_BIx^-dTU{v}iBtI6@*z*lN^ z6iy}d?yNpbVzZP%?{7}3e7y)Xokl;4G;S*ZL{-STup!@x9!6vYcVzqnc&sfzEScA1 z2$qW?qot_HUWsEb?U?0fxrn0q5M}TV;3kyE5`Taxl%>XZSSx>|sJXeU?U(nhS-|*5 z@?}*(5bZp({ld`Q=~rTjX^`;2U%1cXZ`D5XU}-5JW5#)u{~_+ou2d4`;FmzfO$^|1 zJJ?vv`VF+mcK(&g?-y_B9#+QA13s&eKbGv=+x*8D$*|RGyKLz^6l?#?PVJFZViYZp znk|!>T-fHc&p;I73x?6YJXeQY5)E!yqQH8c}uU@63NKnn-EA zUi_?HW(Q9^PqyWWGA>$md;V1cQs1lWRuyYs(dITvyu7U;mv_$i5VH2pOw@BSWYG@1 zV?pls`tf@cC)#!G^o(S(!CNqbrXOdq7PD&AwNP{T3GDC{ zG`ncY&MYWLw32BRb~HrrWpT8{LbW8&vx_XE613~jL~|kC z%>DXV)m%J$r1iU-iG4m@1uuHmqaTrxe{`#Z{W)D0<*7y&(*#Y&bI5&U%p= z@HxdUoF`&7`yW7f{hUn3TTQrn>Q+aLY2!l;VB8azlF3&i7DjJ6_4RVZbRPFL+bDPS ztaPu%FV4v8xMbT*IdCl0UW}MzgmZYU%t;0--@jyd&}Cdixv19mIpgCKh1OeZ?n5&n zE@{=5-{0nErB(O3|K3J_`sAC%uHQK`vy=;V12(zr!~86uw+orPlc@9sZym!%GTN){ z`mP*PTJ>9z^VxQZY~I=eR(h`$cJ|kI&V!>em?>&Zc=K)oVVKbf=*FP5=|3Hi`AXx9 z(K<0w%%JxPD1(ca6ntDx4&TPr(C~u%60GSU`>dOvO6H0Ah-^3wJ}wD z`^%i;v1$Xft~a7OyU$Pl>P$E~{}&6Zw{{Fox%(H|Kd{{w4rtzV_Vck#BMuRRKWm8x zBJCK)^5IAvEQ-%J{W+XsnOkrAU2nUZiq>Fj%-{p6KVAg$;VUW7T7gOi?(f$|8lL29 z-BREpUg)0@$cq}CczwR!2#DUcpy$qBm?p0COSZGEqt$FxENfdKWqw%+!CQawWMBB_ z>mNIel<^5W3`2=-%hM>g{_HmAlZ&>2grS*NVzZwLWbWn5%qxp2*&m-Pl^%tmyzP~w z0{$#q5wv%&GI4JsYbX1MYJPF~^4*8m2?wS*CuT&ZVefbAWciVqZ?~`5Nzer!{OSB* z&=+wJZ^lLKFbl%mknHWN?bz^YHZ$o+*VyqBfw`~(TRRC`9h)K&k~+oz>(Jx>eX#QX z_iua){A$}C+Mo%N0{JE&HpP8f*3eFDqpfiyunS15vS(o?XGgcHLvCelk; zkfTs>$o7!~s@dzo%mlIc)h3XnU&Ebp3KAj5u9DA zJ#Aav^9BI;`M28ag{_bly%c|!upqqGKRPXp`*Cwi*9aECuZ&3wJf<+kmzAu5#$Y(m zV%US=X_$NxHYFuF39xuSj0?KmnDI}%+!bC9Q69M}uV~#$CGdJme})5MVF#`V?39qW zKkxJHfnb0LIl#BF$fJ$Xdgwt#6h^2ZtotI7$RbH@G|{&Wlzs9u7QP?Lw|KDSzVLB0 zYRZ&?pMR-h;Ul^nylU403FR4YGKqW&tv47w>?s67$WJbB7pa{@y3)JVr37VN-AToz zY-wCXl9k;=XI-pq#)#t9Neg$jHLrP5SpwF`6ZMC9@tZ{gTT zJCIT?LXR-+iS9KP3Qv+Sy0XSQ?R}>@UD8e;tWmp2oPdOsrUOZIv7TRlr+aWn!Lv8c zkk~*-=Bw1$| z=-&P6M?JVk@{(WI<9jhL-iIlh0fwAqRBZN>oeSRm&n!Zx%hCfTLSlOSdlvnq+OA8^ zT4aq>Jj}MZ&>2^}v>`CWBIBfKbyH;xh%){0*QThjCQLJ`C_~X}Yr$Y(kXGmM%&1sX zuIVQ+yYst?40GD(+%q9{zlTG2hEhLBvWUZ$g<{pV8pD@L)K}HZo5QA1onpKYL*uHR z$BFVEpC7*(mJ9u*uzV{VT2&xFvU)Wm@08F4Mu(1(<%T9o_!gh>&CZ)Nt>Y*i=jE!g zL$&>n3%>`ig2oxtu9Ocp6q&vRgh}!wGtb7vqTD$2Rqg5Un;P5Q8oX0+?k!L1dfycs zej?TPK9}RUV)`Wb*C-}7UnhAgTxDD>z;%U9lT`TGct>NRHdky_6ZuC$uhsi8e&eL| zV2|Go?3jCIm7XyvYiAFP)O`m&Bjy+Hh*eiTBGEk^T>Ilg6ALD_3{4&aI+SMmL8oz* z(L=2mii(PJ~nN4X%b77?)2-M)eeZe{%5hMoD>-I9%*4rMAH`F=e%E^An`boC4w18Xinh^F$EMt>^SPW-=AU?WyFIzEmRba@ z*>~haii{;Fx!C8Nu}$bD7f;(xYNmOMHZ$#+|Ve3&z&&fer4LlpfDl1cuusl#F5R~*_^YeU9QZg zCAA!AI4&%B;ty9-JhS`I3Hk~*5d{^)!xCp3ZGn{j;?_1J`mplDz)KgFPl44%2GHS` zOuhB{dv!-V2$`!Cy8XNRsWz&&Z05y*Lb|0cfLQkjk)t!Uk#X0v%y%e0zY5zV6v%|z zdQx=vvu=RbDXh|AdXs}lYF3{#1e5~;gpcaIH5ryYtf^*U0?OhEmU>cjMawI?fN1?* zmw3s2Z5djVyZVQ*J22C>QI_Srz;FMjDXV=c)lW?(-RG4RtD_Pp>pZ4bnrbAMoxLQ= zy)I}rTJfk7O+$No+QyWZrwQuyJ1@FUK*U~1Woe>ZPQ)BouI15tOGqYT8TW!9{H70`g%tove#@s!#07jk^g zcILSTADa?xUrpgVv$W6g#fK8Ao>Z)A@k%GLVBv>c(eE|Go%Q=yW14Ch{f|ySQa=Z^ zFYwebVyH?Q%FLbfLg$;rGO8%v!)>XJk>Z5I;-*o<*;%l0WB99eRCuAvgVQ06_DVW? z5FhdjWz{0plCd5AvZ>0cj|~~Y?kgWIqY57-%nkCU8R195TN9P(E<%%y*M4m!n|=Ni z20GYRDQl9I?6?7p*K^lzI^~*?huNV~@^G}*kteb)ATUy|KP9_rCJ$CoX7SYe;FUZ1 z3;#H-e-$rwP`n%NYLa3ELQltYH$_9vrCmVB=XB+Bm-qNiL zO`cH7VtSiu1Lwb6#2AHSM1+SpHep2MEFQQd7jvuR^YxgU6HR5C>vpv6CN;UeR2k|W z$P5R`@QZ`1q{os!G{lvg&3&SLPG5$29=~`dB+Xc^x~jJ=CfN^fj6#O)fYBR&1{1q| za5Jtkv1?PgAKDAetjFFrK3~|%y9H9z;fE5;=3Wh^`1RyW=0jGZI-xXL_eTG(>U)El zhBK34aaYMABjtMnvK3jt;h?f}$)R)7w-#KnN@G*Z-o>}NHAsuf*krS! zugw+(5<0mG)ixfU=cgk>3f!k2wk+eC$JbqzbQJ7+Kny_ ze?c))PThV2x08zXnmQi8yciqwNWl!={AhyjYJX*d)X?5<3GGGOy_@N3(DF0lg_yAH zb5pmeF5WxDfoMXdEMZi>Hdxe?O}19dfg$dj#6aKHA}!*XsY4&j*$LlWk%FY#(AIyR z`cu_jQ6kQwyfdegMr`OWM(V9-x58g-2v zRd?L#|I^v|<3|2Y@j(+JG(Ya!IW!|8-|V)(Vk%1YVBJ18Rk9!nosM$88;}U?{SeDm zr{#Gpkbzd2E5!QzgPk#K?1@>b&`_*5a(hExuqMxCCi^cuA8kydTN!Gxjdu|ZEFXT& zqv@KAId*(w4!1Wisj@9JmGMp#Yr4vGWc9p&?*SJg2+nPXbIY+|;e5wm$I=3&(DO5*GUY(iIt5O+eOmP9SE9 znOACqu&xv}v6Ddoq)?-axaL=$G*pLeM-2AGnK1j1497!s{71+{+Wro=o zGHT&Zf&=@UoIg5F8-_-hb&}j#k-y~2I@Je!cDQ2($7y<~nnTNJeC|`FKyt*EF{~VAYj|m9VA;j9 zCbz0C>$cBgY?5=R+4d;b8dHIphaK@sg`?v1X5)4Xojg2txqBn~Q zM^8L|#{4MNESg)UQ?|Lm|Ko47`o$H^dHdY~*aKpOx0SS-g0A$`2q8R}G+h1k1cdzM zhAeI+J~q4Bu}p8K$c(0OU=|co8|)+H#ujpPUWxLgERV7xh8Y7KXYuoYZ??|%rN(xn zPEnmgPt|0=X|MO6jxMkk=OJ#y;@l~o^K8Y?(0*fY-;7F_+t&fQ=O3W)AA$|78t*lD zpA0eEeu=D+TEPE-9OpJzm zIlO%O1Vs0jWS@|S6Y?1C#CMAJR^j3LQ(c(^N6ELS&0$UVkdw+5W2Ac$B#}je6LFF$YY~ z>!N3CHz=d29Ok8UC&q{a%m0G3R`i@Gg5|!u9^CX(zL8+{L{Lw2(Us}_zS03{$WG0w z_1js2vha0TLqw6w)}%7{EL4ovSAM!Dxq)GJHz&M3uBQ`KIz$iRN81(+rj6Hc`Wt#> zIWx2RUcR+(gVas&N=nr`1=$onA&;$v?mLo{({F0j9C^JE78pC+jl}O=*|9}z$1Jtm z${~JvtKzT}SZF-cV79ReG3$G)xExF*6H1(xoa0U5v#&2Vris1ou00NkSqJNTN34R) z8tv}Dseg5MNk5LTUJ-3M?;WBXnGJc#^aABvK*(nMc7`lMFrK7x%Rfr`nP#N>^viD_ z%tqUfJr-_1I$spJa&|nhQ{_TvdNvrHSy2he>TkMpGV18Dr;;}~(J+=hYJpcXd(A(d zh>2t2-migzWnP|mvrkG z9>(< zUvQ+jmApmdrfzS2%@55lrLG95ELD8KUW|hm%N%) z=I+48sAhKItH(;Go<)22T8D>JUZMjTF$cEe2Zi&wFMp2d@q%1R?>1U8EnQ6GefrDm zq$Q&_m!AczgY$V}ZT&+m;J9Lw5j$4#j5a?;GuNbD(aFlb0_72NE2vy&L&@1P2ZO7$ z;+qN1-DiqoB&8+tk66D~*h!;?(J+;v?K-$Y zjc|N=&H_gF#E{uAbL+}=vsC3ri8gWze$vv0;|>B5(I)LC?d(@AIK2x;lXv@^(-o5Q z#z^HOpfcq0JF{{2%bTI<9dfU?dy_Ev<6=M>zpZTV+sfw#QR#UpKe*}qaHsc~su}u? zJGkz}lae(!ae$0n8vi4WRMJ@DE+k`9JU|{7NssN9%Dm*M4^9B6PU9$(H^zK9zgvi; z*zFm=((+xso-39{Eir`_=iBSx(~1;=ilU5C*+t4#f9hr1GZ1m>2m>*u!HXxSK4t`VOl85);ZG;WN}Fu>?gJ4tJCaRR&gaOm6qbJ zmuuc!3QKGkr-v)6n+vRbk1>?92vJBZK1}A5Y=I12RyYSR{S`u|w+kTczxKZW&i`!1 z4S=8g7ZdcTOS&)Jvb~9TPUm4^9NZ#euRKKdSCdqywM-9yboqC$6Bf*_H&1Q zUJ;jQ8dN-M)f%L!R$F!!`a3lGjCt&nwt>a{jSU~~v1Z)^X`~)9b9v*!PV`8EZYQhq zb}mBZn>Diie36sk^e@$il;1ze2^E!3PXMt~ygF+=B6!opv8XWw`JCX0cy3R@&4*Fc zbc1S(p2uH4cQr#YF20uiK?00+58WI~`@Ppkw#y&SfEzf6&p5he3rw-N4BwWTnwnqhHo$i>VqmUcJZ%k2@#`^=BEBy8jj zBO`bO@$svp7v-)0ifdAv{lSzr`k+ue)@ywU{BEOOWy&VsDntG+KkO#~XGSJQ+afP+ z-!iYli%X?ScP8k}spa!6#j>4PyA-+TH&!Lfzu+m+r=PmhiFYc>KN{i^K-Ms-aG4Pn zTus0Ac&-$DWjX~XphxT(NpH4M4y0a@MHbgn55hKO%cg@1e6@8?n%%i3_#?pF%v$Sk zD9`7+pJL4076zG}uF0{KP_{-sLu6M37&rjWRrG|!J2(%~bARY9+q=CA>Z`j%k}qP#H;n z-l8+v4}8leIJvVd(~|ejxg9w_W%Z!OcUZf1??2xui@0@;^VQ5Zh{a?nTj*03J)c>7 zj?X_{&)iY}lQI~s0sp9e_}8Cfl`FR%mw&ZGhK`DGVg~CK{w9g){Ro!t)1Iy*DJNf8 zv3zwDY*1kV^N!2ZGkWVH66dGl^4d32t_ASDK@1MeE}hHBg5}@BwpctYLFvCe_9+TB zjm(?nv94VmV#-|=HG92c?paXXbmG^o*S?RO?g&&YkF&XANCb1V?&r2z3J!p&m+yb5JIax;Y52a9BkGRd+|`$DF+T&gr+1IB3n888GeYLc zl`*@hS>}|yhN5S`Qw2LA6;G_A3nbOnO!`xMj6T-%oH4m>mSp<+X^wy|oNM{G=eU zb0hjnv83X|I{6GY^P-voYfs*E7mXU`J>>6-f2I9&(Hd<0D8G|bRJrCK={g-T|9%Ki z9M4zyzwt^L~Yt{`V=VuM6Sgxsiz>`{oqP}5rb-+qedckite^ZIU!Z97S z`Qr9#Gq4+9e|kdMydlJ>)lx{(@co7UIZw;I56vSoypEAOuhYN)*b>4M^`JxDT9C}o zR}xe$q(2C~tv_9}dVQ!jXW^at=U=6!%m#5`*^}uFAKp)tmzVqoZ9XIM7jsWB;7sl9 z3J}gqO4_`#E`z^Z@A^sgRnec9x0?Ra#OXwRZmfzVHA1SVIAMaP&i&m5H0XiJx*fnw zuub*1KC?DAJXkNKYw`;YT9){(Mwm6pV~h&bm3(L(vc0QnFZ`zt{~RXhc_Sx-g6l9z z_Z!SNUSY1DrWbUL=tHK9+4i+%D=_W8VwVYxbrNHB{MG^Edzf2b=k52iV>@@I&Yt@z z+hMKbM8PfiuhBwJm66-sn@mOihjJsHo~Py*@CTXQ4h^<-+ewU3-6a5Gc!bz=@c)j} zoPS@1UmCKIcrd>;&YvOfYd9M5RQA`!Py~av2ruyxQ87>3czIzS|_)-p~~6+-uXuIRS6Jm0~cu)}F_q$)>J8xA*&r z1f}48+cKnogHOY6nO|g(zw~@&QT+`E8dE>4l1%oT%EtZVynaG74>#lV1?gBY?TP0n zd@`bhQf^s-^=&D{GEPNEHcCTHe$#kBE5aUhUZCQGs#k+Xak7yeQwQ}IT|10TA0LR= zn&Ax`UYT7fQPP0AZIivgS2T`%$|mYf3TNz*53<{}z|wugBO@L@NmqDTWuaed z3DycSUiiNfvhO>f{cn#kYIm|xIo$GcBa_X-%u7`>AJaUCSLWi&bWa9((VxJ^ruB`F z%9X9Bu79$5pXKY**G~3L68*d>d+G5$L2+lJk)VFKZV!qlr>X*G!}FE?e@E<>dQK*G z?yN{4QPYcz2iDltAJ%9&FC}c>F9=NSyfe|r&IH`k3DP#K=Ae5grAa`fQSx%wFKK`U zT>i7mqKjv}v{(1=cJWf%h0y#$(7oS8+;*x&Bv)#Al2-l{)4}r#_m#8OP3HFki#PUR zV@gT00o{v1Qe*Sxzg-6x?({n)>^FaT^ytEbaQ||%U8s9N;91D896IHLp5kyS-1;Y} zya9rAjZ9#*eP;Z4bLSgTojqw(@nL>Mco+^izwdePCv|>1qnqmE^vFJ3Z=UZNsrCgN5)5ikRh4;+?93Mqwbs+~_*qEkSB;$7IM^l3dAasE^Y!SH z-C33QJj0ZWKb9H;EL@Cz%Xh(1w&x3f0twhn>#}|^D+|`F|Fzu#Y4uumZunm$F&N!J2gQMM{L|!1TFGIAxwpffc6b?CWDCPN;3ZQ&qp)LtXIu$oaIjDf z5S5~xE0Hf`_(7*>Q&e={dh?Ey+tJ}=pO}of;rfksJ)`@pSAR%4G6-Z7D`4_kdA~hf z3m5qTeJ+OKe9n0e>r7sJsjocKVsDcgYw@A~PzW!gBEBqOxT6ake0OH;BldHf0H`q0jwTPGwmjOK1i@?RAoZs-N|l(Qz8e6Z;O0OXt<}X zIP~*IN#%4&94VVz$vsiaY`dAx9zm6@(#r;=!_S0_@9Ek1MYrJW-lC-k@cYCGbX}7z z%IHgm`4YyL^akLCkvz%BppiQ0Qf%QLL0cbM!rg1ibvXf5-l%0Wp_MqwkH=5StZT91 zR_Yw2ZB2;2D-i}R943vt^PR~ZLPA!Y9JZ0y!G^~`lAy2yJbVVhE)x~OW4!PwH($M` zD`47UD_?N=KYG-4Ve1;!VB9DWvFe=eJx(*qK-6UTsFQW;;(VIc#0Vl|QpWabf zt|}UN?%?t3Prti!-mx{dvduB9?xr)os_d-`SZjbicUA?{PN>>yCsF6yxDPd27#i84 z=YD4l&=1z8;$g=di($;v2z8MokAnx7Q_e0&+|J(XDr6k+d4;?GfJ;>y&`3IaBqTV# z3E%6Dn#tx1XI3!Qcn{=5ViKWHdL*4vp?xg4M~gf3!Lb_Y;>faP^6l_jkfSe!jM%tC zbN2pRnVR1V)u2*OPh2?3cOjg9JakBqo-%|>?u3iBF!9>G4%&z9tKnZzk~^;SNZ&;W zYK_W>MeSK2mWK`*({+-ly&gKrP~>1rWN$}pu?r_cnP440)!K_k#cPl5N^w}1RBW*Z zy*Y4|bi9R*j=l;>Xg&hbGiKuft9Gau%=qxyDs0FsO@mrISfGlvn;L6!GC_~~Z>Fpk zdt0ZkSjcuy?$g{qLSlnp)O&C^(|acUQX|S%tEL>xP#$sFGm}V-=zbi#jeb{M;)${! z_22mI$qRo|Md`N{c1d5}UUc>G4#=z1KxW%zi!`UqWRq?BZp z!lQNC2m5mU^fphnp)mUZlGSWdsyefqKe5#_qc&gbX&rb(kf1bw9n_Z4z)*Ndm`k%P zd&BgKMk$NT%D|NM*K{}!`QTwouQIthWT#uk$3rhLJUn1)#zKNE;7yu7 z3O~84euC?Ezwq8Vcj57VDrz&4vjX0CMUrdh8-mtCMgIu85I2J^l$$o4cdEY@h#v84WYP^r*#46vZuRo= zn#`^^Ld1P8u4c8riA2Ct_x%31s1&Z}-~IIOvnS3x`j)c5#dYgi{5QYvfBw>YF#opz zk&_#%sSJ|Ofwf1Xm=1023VQYhu$nm~Jh#Y^w>vlx4+WCSX3zbduJm6m{lCjK=*JOOSC z{LDL;ZDR;)hxDN}xtbAWmX$Z?sN(}g#MZ(a;gejmhLCTSb93uf135&{=VD+pvmwFp9v)z;qsPd9I?L615+;22Pa-#ucxbeNkM*BJ zJ(T>~r+Nj0riBV&N+2HfD)$~t&{d&u+F!Z55%_O#{-B_cGCr0Rs z7R;DZvFAA5|4Du({G;?)AN%-|ijiBZFZrNODU|Yw358}_3pEFaXh7^`)(}4$?rb~` zZLFhi76Rd@3(;-e*7|;h?cbe;v&Bpewukf)!#YT4_-1B`9mG#@_@Zq&AOrF?J=|qz`#p z6u5_adnhEZaqVMG;hrjMw4OAl6MnxInd;e0e2tDZuL`6Rqhn(!-O?2Xfq{V-?}-$r z&RCc3BuT5rAa`{Q4RU|~oqkbnE?aXz1wHpyayN!uSr%0Awzk_p;0efMJ&F~nupPgC zC56IN_IAHJo=mM<@6L(OE69lvdHFlPFSj3u0AlkYX5&V(dgW3Yk?^N&d_Uoj1g zPgjZ)cq%i$0kK)z5FT`!RYunoFfGUo!}f2lP9*Y@_zH~eQioqNs=lVArEPWT?6uKG z1PzUi$Uq>!dZRW(vr#seT+z*2LV@nsSQO$4RmidHz5FX^{VSBkj^w}q#?DLHA)S=3 z3O3dwZ`o|&Zo+83Gl_;1e9%uyH)R7UE_hzg0flfow!gl^L+;iz^D^t?ru9Z?Cnu-9 zWs8>d_9#9okj{F)z_6qT7|;MZmPMJON5Fj=X$9L%CgrWe;n(|d=eYc=egu?x2fnnU zL&h!u)}2@k5fN0g#|M&pd)mqTQ&h2C;7N_utgmEjD`VCKyLhxd z-8g%(Zs860fnvb&j3E?6d9T_!{pNHfrTgtQFa20AU4f8_392Cu9v!ot(Z zx=NKqj%uo6JyvMIP@<_US6|X23I>yxAFLZ1Wn{0QLz^Ur zPrDGMqL?mpt2XD`QTtN(?Qw$=t-Zq>q9zW*n3RayE`*D@mzNQM%h*;}tH{m!vub;| z(1XYX13eaws7Mqf+&g}pFg}g?+h+FCT08pgCvq8mkxjNLpviY;uk`o5> zJN3w}(4DQ5X%nW|?#e?@?WcK})p4c)UQ4@U)M)dBXjebCZ5Jpy^aVev*f%pFFB4PO zqUuc*QG+FVCZ4mOee%4A3|!?KOrH)Pu0*5J+nN5l%UxZMVy~)&m$*enMk*);ebv5b zQfNTz_Dsn$m0IM1ur~(I@pAbId|L%=(UFlNdm-)8n(U6OA3?Ff3pqSIz@=4h19ny^ zGFJXBDPl$EuJ$q@zTJsJFTr|6(PUFS#p(dUAHCtqz6>+0x#Up3aYF7`?bASv!!?7LZJQF_*%+y0 zJ;_waD?XAr%Y0U`xT+yO)5|R)-0-(PPrxwJL z`_E+~qzQdI!Rm{D=ll-Ks9i2g&gTsgaP-uSB#Ach8;Ga8kov<-YV_I^~KyHr<2t|;F-3o zjrTqZ(CGMe?~JWhrzXXB?(W`MXy@BgN6C2wTC!wPxKWWN?FMSzQg3RIzb6+a96I)s z7jN}IP`vipRnS1Tvxln+n)*2(Ea@0E`R<{Jv|FmKL%bG+cSPN1aPnAif@DJ|p=qnSPFC*- zQEmw~77#WJ(9AjrHOAM}$hxa(geD0FGMZ+x<0jSRVHMC-#uY+W*QQvau?4bY&e$#m z>ta-3mXIVjU02L4ltlv%G;b^`Wx>YMdr>Ridkq@qF0ljLekpVDsr2&Tr`1rB5un?I z5exCrG1&5KX8_>9IJr9aUR<3xZZDk(*Pp)AA}bPhyc!hDTIhOgY+{pI0B8?$JAC|9 zMwJh#=p^YBd0H)LNIG>fylx0Oft@V}42`CNjBzDGS}KMDR@?fFu4&mP zDV&fyI{~K?sxYrBmWi2AG(y~AuiGMEw)I7+RW;=&10Jq>H-NeMxz~>gs#RgZZL^ZS zW!>G=vr^KRO(UZM@}LeXUNdN@#;E{`o;UZz2=zsLzSY!lCT6j$sK`jFU6)M8D$dMo z*#?V%!d)@tHmPjS6xThoz^eVofMRJ;wSYWDL1Bcr&3W5}tbp^Hi9D)FTNqDk;NxM_ z*qwr-*SrYF!_Kwx|A+;!fk;^>xkj`f%2+liwZ{d!whN+agM1N6$D?&hB@^Yn3CTds z<<6hze!C@Pvva(uWDqC-w!l+sB z*rPp%>A--7=!G>pV&?m}@3|g_)lKbpYkxWH8;7Mj{=`+kYc6A#sjOPAP7U$)_SRxG zkQTe*MH>#*n*xEom>hTHz=}9Bjy=t_QLxh(sKAVyGG*gYtHWd_=a;}N~@=W zdg$B(xr2j)!0n}eU_Z~&3O?N3)W36)tJS3wuv0nj1bnQM2aE#hYKx+hQj&bw+*zoQ zprD|B=ZkfHHDTaI9ggA3!<;xVOIZEFJ+;T4hb-=27;(0q8a#`JHyeYYBWFro~%LF26gR{#9fFPRkAT!}hx4iTiOttz5R0zY~6d67B)JBImhx z;@eOFf1MNq1dQ|i{O7;(JN|j;zjd4v#X~v6JKIT0!Y2l<7?vnfyQPigQXR;F2RyN^ zM|`T#2_k4-3BXxzfEl>$Lm_2koMceYfng(P>=+hG|K8wxu8Qe&!HS;W)XIvAi$e*d zEOS-mx~TxC$VlBPD5~@Bf9w>|O?J@lvltIVxOV-ODqzf&Gn$1-diga<1P=Gq5zncB z82naK`(gSPhHokf!-fXT=rk$Z?w{v6yeyqMv#Wb*XbAJ&DXz;9KveEMRiYGV_}~-p zRK!OBiHP!4!>JgradK+BzLp?Y=I!wPZ5ivDTM+G|?fY@x0fH&P*{%%pwUO}P{NwEx z#vbAjeewkhO1fY=d3@KI?eA3A$KCqMvhvvjAMDPs*96A52JPD zrS1^XJozrer|G8tMf;3J4H068DF2Iy`upFYzniTxH#6IbWNw`R*i6nBr)3_7 zR=H4fWUSN_WfeUWMB61|QwyQ}TP{|?UjTfSY+@$>M$NRXj_-S^z|K+f#S|nJFUb&= zU;hoVilqgFFF%5IGQCCz;-^g{QkE4^djm4rpq1^NQwQgvbYj`qrxJNlG5`u$wfXz6 zVS63qD2Mb4cNg}U2E|!#hBaQIKHZZ#f?I@3t_#D0lzcTI#Oy@IKw945ZF$uS>!b!= z6O+W8?V$CZ$U?r@`5CU~s@VW?$6&q)2$eZgiCF?dLWE=s`!v891%^_#Gghc4Nz$Y$ zh&B)u99)o_>-0hQ6jy!e@4&ur2@mKy(*6!$tBK)ZzE=M0n+T{joQ1|-a*3Rap9d!_ z2khWQO{%;I>64>()6wC`s=2*3)8dtZMn8M=Nd-j{VZ<%%yMABQU}t^0cq~ZWjw9<{ zV?lRc<}MD__2Lu0lrY+g@Twv!U6lsinRVrO4QpL;EfS*QwMOzQQjuj`a>XwzyLYuC z94(;gJmXb){tuS}?s7{=6#1sbOD5|{nLzW3RMeD$wq8V1lnjkR?eD&G0*gDq!nH!k z$wjo4ZiWq}5Sgd0XafMb1i`Jgw2Z*xagaoXT6(vev7HY-ro`1b&&fh%TS%)i+HTDZ zF;XTyU_F(Molu3+=bZI=%o_G69p@a9DwJ9mpAHq9HLR330oWy_B4Ve6W8`bGHzCgB zHI1CnWKAP|r;pa*)Pf8jJzrm6-0l~7qwOw$T)zNtHM2LYHmbS;yQ3rb10#;MoGwXh zB@K+4W;=^vk0j3Od514cV`<|JqI^E9npg-46VAQY%46=__BBP*-x2lDIB|Hd+8ER< zA6GV!5NiVOSshCZkMiwWrbwol>&3d5k6U*a1^INngupU!)3J70w1}1N-YomnfY2&d z-=maX9|IG2i&GC1^TcHp3!OjZiblEC<<(Xuc}qArZ}keeclB#dfc{LnQXRUOoThO2 z40n7~ScO~~9DzEhOVfLi6nVn(*g+M>NeS;J1s)j9T$T{&eu=d2R#m)ImtR|uz?2Xn z=oH4%XHuDUlj(f2xYG_E&wK9Y8{+}6kN{}1)ol@Q0H8R@R5AR=MTHYwa%$hkWxN(j z_dKJ*pc1f-S3_m>YGLkaaBm;9L&mvP;xI8$q=pwp*{r3mPA5kHUoh={X^~h_x&Hj1 zvHCtF{IP2Ky7vmBwFq0SFTpki!5&`G6QXGyA*SzP%8q|A${LT{kjL zPaBS0=p!Qs)Vz(#eTpFJ=OrZbi}JMu)(sBg#dxd9>S_X$SP3L#iWV3U8=GZE%huMG zt%iyTf#gA^YVXz#h|SuC;F;g;%PlUL% zf6tXwc+zs3MO0LxRQhW#8;BhL-CE-=zp z0~OM5boaL@GHKw1qM{1J0I%EJqVg>r_fAOx_J(~v(EZhE>_Mp$2n3?h5R#a<=;#H& z5-UW30And9hd)1JISFrtAS8(4odnUi@A&}|%AUgpd??y>r4wIDFwx+I=z;*RTUg!3 zDpu<~;_?*}>LRGF?2&#b&}&1)YMf1T(rF- zA#F`@ejp{VI+n@{(aI1yl1O>9GF>IdV##!MW7OQUT5gvyE{O|(NjU1(ZU=}a3=Y_K zR6j`YOo!$*dtWn2cXjQq)S<157+Q?vm{JIOCJ5bA9)e`k)F5rtZGf2Qmhic7MM#YV zLB>UATB6GulhPORSylq-{)aWj#XaDMQt}#T=bD6WHJ%gomU{Wd-HQPUndd=fW@c8H zkQ|PtJ^!u80yM&KVKxDA@u@~Kk>bx?2R8kXi~Z zD2UJHi&^!6>2hyUN~38grcfHcl!M+jt;>hGO0FeB^RHvaf@c3xN>21IG?kN3i(vXK zCc=fx9uhSU^dFiC7#iDUEvIUmN)_&BzT~n!$IHvRw-KeC`QYuv{JJ_-_)IuFR!9Rt z@nuD6vot{8X6kWVQmq+N3*+OqL+TnZn2G$RbgHpxtqR^zoewMXPN`Rq9Cz5f7INx5 z%yp%sbE}ncgkPY@+?}}s&23j3tdxKNXhfn>s)z$;5@((U!-Tv22+=jb7d>@gp^cEq zvc%jdGU#ze0cF3YruWfKYg>&7Xfrb&$KIAm8-5I5S1l$N7HZ)gj~(rCXC}rX2arnm z1<4}mmcuJMMVAmPetf#vx4xUrd;GGOI!*{XbFrGlqy%$+v@KPYBlS^uy* zS3p1w?QFd4LAq;O+*1Xpvl_jG0lY7dCzLwOYLSQITsjcAU#=PkJWHz{xX=?gB1G>l zt0uv9LSV)MAng5dH#qdXSwS9RZdGaMsv(?Jbl@9GM!1QQ(ioKBYgKARyP4I6XB_)1ak-uI`4ct-yp3&p@ceA7!U%G;d&2yvS{VKkO>=K zLjoG)uC1A*=V3CVAfcb0$j(9zM0jXq#iMIjX3)jV6jMHU0hT^!noC<>Hr(kRvw93l zV9J8ju-v4jIj_)0P@u0nAsud;ohBbd>2p(4gpzuc%W4I@X8z=zqK;KiT^j4?kEow7 z0Ow+f*Fk0y0lIO&K+Wnl>{?c5K|%fkG>gj~&zwS5mwL~YG%8ZlplG}WZY%lfUB7Fd z!=(-1bNn3~vu56hQB87vsH1aUc(q}n0=N)4O|w2Hsm_j^Fr->j5KyYRChyh7JrQc$ z@ZkobVc<+%Tj1>489-_)B-XR{D@)LBRkyS#hGbQYR`fFVy@BaBKH; zU~rAvaOEAA_CSVUMOx}jfSxym-Fz7yRSjn-BA(g6W3lO~5kU|f>&V#0zTsNg+0=Yx z9U5&it#+kR;XsJs4kk`j@I0^9WDb&xrm;v98yim`*890W$A^3w z3h=0kxBa$n*cM5|p$=>ihsq#o$oaMLcfM=tBpn{if(^@8ZNBv$(;FdmfXSpzDhjO; zQ+B2h`D7qhh&I#5|*YEp6~0`rhCqS8H0S2@o|4Jdf|K1C6Wy-E~k^ zjA1{&$MyJjZtkUNk+PN+ZQVFw!szHI&8ag^q~&L)6I`~zob~wDts{EB_uUiiekZQh zdiB9?DmIWgBXH$P_a)rM>+0B;n3(+ed#wDceE(*wY{mG>>{Rx=cUotDRcU<@8ICWICCzL!8=Bj_k>D36w zwH6}8o|`xZU=F8fxxoJt;QwC>5ctRI{Eyf9fA%^9qQ`muw*yZ8OY-!0RLZ>{2_EUn zoJE+?-M0Sn?{!fB_gTFEc~r}PsgnQCUwSSAVQ8mUXz%-}p!Razvs&*Ipq3b8hfD2y z6ll32;d>&mrELWKP2$XMJyt}TMQrhFCuY}2_+KRY7=(L!D<~yRqc2r6_Bt7GhbGnI z#UgYnx{vh?qg8t|yve?|@2{AwoR`R|h(Nvdi1+K;hb290_pDRHjI1@8E4!!*6LHk{!A_k3BqNV`6VQ zIRV~uV`a5K`tHj^g2;3V>#zhuWkyA)@-ZdAlKIPE0ck@&%c5dE_kldXn_{?n6)04G zzOxUIsZBFQd41}LIG{0(k3ktZriG2R#Ju!z1F2LKDPAc3=-5Wq+;hy1@dDL~ zkN*Z)5EK+91s<~`h~tUSVObFZwdJt36bV=g5lieta;kP}oWsn!DxL?If<)0pt<=_%JF_E3Qnw}}I~ip& zmJtCEbowM4$#P-jI`sI;`S#kN*5Lv4a26G>D?+41t@o%NuZ}SIEhac;%w0xt^b}Xe z$i~~TnXEk6)9F2S{$9n*Bz$;UWeBWLq`K0A@D(nRDsaQ3jn!V29!gGYoNAsiOuqypQ{zMJ2uvN*mR zoxg27DbQy2NS>`p;&O4D7kk-ZfxRB+!1_y0eGRee8Ao|6?qa-_G-!~P3Fg+Q&IRGO)7--^ z=ws}xWe6V*^%bK-D$}BToe49i^uxqhl%MNSAy5m(i!2YPhTeM7JGIY;T{@xcsS4xuIP=hxg|%2 z7Y4=5@&k-u#pzos*l&#y<(MP$6^-J`i6sGHA!0g6)di7bM&#i<%BWaxsL0zsg@rn_ z*jmv>>96k+X27g;>RkN&kIa9RIsaLS*4%8Mn4`?=lL(4w*S6<1= zCZ@7i*AMq3j5;!kjrE2W4T_5l_e{5o1oRyo91`*{nVG61S63g6JWeREYFJ*B7_`k; zxyb$^FzwLi&k8)JhmB8wEkn z$s!ILa`Kq_ll~KFBSrYn+567xZbGS?wG-hr#!*X`E!s2KPFgIHi;LRqW!}BNvcqKI zn#Tqa_1=*2gUG~mcXvBK?{XV0ZNplfF}4Hyn#1n2pRpE+lxqf~;9B!O!0|cn33`v5m#!J8%$_e=qg8J&HlB z>+P|bX;R;*1xH2>Ofa6Ik=wXK+6>!_JyR218kJ;7IJ_I{0yU-3W}U(}9{vuRwme zD7q}~ciN+*&Erwf$D7NsKc4=v;X=*O<#-$AM+?`|6aGc$xA3}6pS{KVg7=qeVu;l5 z7zd!1D>a^aEK2egGJ8M7Ac`cYMO8*K5L@hK)P7fPwY{&aD+P_DH*tcAeNgc5-SW4> zCybdHBb381#e<_~DJ4TPDLq!r{zk-zx~!?-gZ=S-{8gdyX-iAeo;K07MH4-r*gjI> zO`;rnftsuc%Nu^?Z_|!^KpAUUjN~X3NV}OjuDR1XLODR)%}zV=azMg{n})91X(1+> zif3#!nu8QdGP1_1K^fH}!_{{iHFbSgZ;xlUs6$tdN{!avp<<9nL{%$ppVe{c5jl>V zY+`x{ipH_`+I%%<4S*#+d+h7)r_d=O5g1aRK1O$~vjQ3uhFRHJ4OZ-VnXA?qv`1(S z!mP=8zVJVEwtyINz|Zi+rCbW@&@<2$91y}wSPh-S0bG+AG3)8fLzv`{lpN+O&c zjz;aqBV0j&pEA>|dY2bs1;b_t!_%%X%}#jpjKDM$5{ zKMcUJ2o8khS-+H?FTD{OO$1j=Q`*qxqS_(7j?)(hj=%DG?Bd+jEE(5ody-F}R>o0; zYh~t_Eywdlu@uMJ`lTO$7pE0DrS?^6zI*9}asjGIx%4em8ThM?gMB#9>Hi3O{_Q{P z(*LmPuKfqh`CoeFyd2{HC zYi;^u`8V+UvK7S16$9MZ|66tb_q6=~fKpV|g9^F0cp2dPznFd-&;O;V`#)d+{^>N= zf73etM;QLuj{cif!#^VRk4XI^Qh*FR|9@v<{j-k#Sx5h@qkq=XKUfKnf&V}4UAKlY zFS$_8rBT4+(;wjKS~uaa&7tFgXY#j~X=zhF$fM63a^us}zyDj`u*Tdeuhs;C><$kr zb>&0;{r2=52hF|ROf*_9MN!cr8ySoav0eHbq1R`DHg|IacN(BjSJzGYS=J1yr5zvu kIFFA>VPWCO1X24$?We;BDc^ZHasCT_V06FySI6J}2f3RWC;$Ke literal 0 HcmV?d00001 diff --git a/ee/images/try-ee-2.png b/ee/images/try-ee-2.png new file mode 100644 index 0000000000000000000000000000000000000000..d3261ea958256a5a5ad972ddcc56e34ba00b1a63 GIT binary patch literal 143269 zcmcG$Wl&sC&@W5^L4t+g?(S|2B!S=(Ah^4`JAvRH+>>Czoy8p%U)87*r`qF(nuncn=sDxMM{4=U)ay5+$DB z;G8~4eMWq4-iXGb&)@N#KdL(`+nGAM89182nAzIdm@qpTIhvT*I+@!!AH%i@!@!Wi zNQu4w?4EJ3-frIT`r|)6H`zMg z#de4W<2ymTyAI~60MUg17OzawjZ?#eEg%F*L~ zH;0P|FZ$a3pD}aiHa9n8N}x+`sMEvvrZ(zIlKyOk`xCS!a@&%|V?wOto_iHQhD?}}UP1VU4q z7-xvqV#4`utw3_vPD$~%F_ZJ~1ivH0tLvvzjd+zjIK}iZiM9Q;Dcf9)tA;U?`m>LC z3_p`l=s%51kxz}VxVUtBUZI9D?JW>mF;il&|1VCt*z|p1T0t+`SFc{VWZ~lCN)*T! zcK3it74`OK%3;a4xufI@3$e>hju-n!G6i9FCLr})ca@sV^)gsz|I8E$6Pwu*pC!~3 zzsz4ca$Z$;tUr;@EP-`aqSqEpE(#yF%pZj=l7{rIU~)3t-)t{I%GhS5qsoMl&*3H% zzSg6gJZ8dxmZmpo$+X9`+K}Dq6<=J^Ta=&^DD2Jsi`Nm0?k%lJEK+|^-TbBU>C-2> zcG%eGflUTgi4^q;3-fGp-Qs#gM2?;SFH~7s`5&cCq`q9$y)Ev06S=Xp?BuF1Vk8;Y>}MqpPS5m!Ve!7Q+O@XM6`dZ#Rr66(d5$ zB$d3GY=H>bVA7nqN1}A@m9hC3^Mzfj`!%B5&}`pC^ZZ&v|z|h}2JAd*5p9lh7(X zx(mbc*!h|S=L-U&3oe1p%DJ@WsF=_ivZmUw>?Qk>wtVizKTOQU5O9$;*(%B=Xx7$J z?&;}?tMx$$M7S(>TFERq6by}suyPcE5p+A!?~8p86EZwckM0?ag5UitHWavLv$eP} zlEsso{yao$kuOR9&}8wo{^rJ1BcN2d;4_cSeCKoTy)p=57nQ%TPqfio6*iMr-B0Ou zW&Ry{k@6n|52fXExpr0`H7O%{7VD8I*rDQ_o_|Q(q#M^ZQ1Z~DMI%+*u*y_YCalF( zXfW0A8fHV0HCY=)Z}Mrb?(Z76CT&=L){bb%qJnb`zY5~l=&!oUFye6DgvDeFkN@GF z5^QnL2QoYqEv>dR-_CJSAz2#C9^XKTB;4~garF1`#FU75c`LUhC!HlsHv-lEg)JG2 z!hC7w3u8An_Gl5=9tjGV1*a#}K3a`u)gH31D=>O6MAKwA&2WgPzWJF$&E8prgbFoN z-DBLT1)(KVjB}%hKxQ3D*qhl}SL}sD5PP$PEb>fMDkOhtpjjArGC-UYYO`iZ)vW9F z;PSkTWV!U|@w`7WCdn9|u^4QVx}Aq$32Y&83#xt;Z$<11T|2R zDzJS8vz^?Cq8wuN977x2cS1g(CBRi^$*KcxnW(d#J32h|1$Vy?-hO&`OLB8WCJd7v zmD2s0!xP=$-a|QcmY2Sh5(P*h+;sVpL<@uO02@T_XL7Y7&Rvl?+#3XpAhjKhd z*-XuomN{Z!k()z`#|X^BO~@~C89o+{xO|DDeiS>?Vse# zVmBFS+`u@#_j^uR_Y;tz#{2gqjk$Kk=|YBk0$-rE0)Y$|Dzct3iB4a~Z-)cHC+SHn zIoOT6Neep@O}J`$9v>4oSX=L3@AFz4_in`0eKPqYMHJ)X6eMTOE&ZZ>mLdMh89&K* z(ZWoO5eQpj-)GT^wX%wZiHI3U#a@UB($)YuXeS~J9L}z26ktDOaj-A(mD%Y@(=wuN zBp^Z9)>6|OcBewze;gMt3RE;_QcO2Lv1Z+xvuj=7h8<1Dj3qyOu>$38{4y^I<>q|q zX)LsBllwgd7ttNi11AF2r_OiS7k31j>tI~E6e=A2!K~uyGB7M>pwzQ zvNM!ik1d;~M+DV$dzzL=wl)OeVT3u_GCDBrm`uBbdF$uLp`BhH`Rl@yDl6rK-@m}# z-lf~UUr2E$1?<&k0_86U zUJVnUW#wf^f!*153vb2sGH(6#Ce`;VtKvS->^70wl$06rrI^yNIle;rmy=DYP5QjJx}Q8XW#>Q1&>NtNjB~!PhcXX0EHQ1m1z-PV6y}FPs$D$%Oh*G%&REkLP>JDs_ zgDK88BX&Q)f|8qJ0DfGcD1vuwB<%0f_1i_`_<(1K;8OT3HbcXWh7W6J z^vYe(v!F+9Z3D-@(n3yPILj5BTIfkdNP`+iDKC4?8nsykJ zuJ1A#LH$ca2M!1x?o#ZGS2u_R1}rpI+**rB7sM+3&0z+kzfjzLk*y-W4<4nB6f(Fy zV%|@Y4qKovfx8DV9bC)JLIm4K%vjbZ&5CpCm3WEHEDT8`0*KwWNJh zmW&C${226(crY!fQe4t>R0{uOz>){bk}m_RHf^+um5-`9r0jN|#Z1}jFyf(%zrb7Q z+z<5Jhh7E&VDd=umGiP=e1kEL&@29^+tANAr?IsC7QL8Nqx{nWOWGv+pP!N%?+5iU zfvilc@u;?Me;(GjkgNgcS}#kMUyO+gD60u8>G(u+_gn}EkvE*DUT;!n+*{|R0{lsF zDeZj2t?pD?@|_E7EC-XO=A;Ogye@v3C}gG0R?Ky%X+s3;)=Dudc)4Z^DKhC}9zxa_ zAt#Ru$7kgtKAnD`$0*1#p15_(<-=XVafj1*9|jDz3^4I{Y$D@v#Uz>7wZt19tasc{ z&@lLS-@R4glxPf8%p^W=PQP*Wvbb4A{vu+&ik|q0^cC$DpuC)QEfCdqzE_=H%LYZt zMk(M^ekk{oZ_vl1x(wHmig67J`Ufc|V&kRGVU-cBN@K>FefbzXvOIMBy1){xs)lXT z7hX`#2B+SZ3^JO01wh~qfYN1S)#7E~y{%@6BLBvg{-XEtvWLHe9 zcZX98{?Kt7Clmq*5+g)IfVL1?I7;=K z2g7CW{WfNutiLR(`5p@1ywzc))wAx0jOFFYR9#95G!HHvy0DBwvydexn5sAY3PA%>oMk7P4wOvng^;-}CR=dH$=lo^7*7G8zrbH{Lah7v0$%SaecWs2Q&aNEDFf+l z<^rZDiPiMh7v?~9L4EWMApm@ddgWP#ko$n2Zlxi0^5YSZStacsq$-|G2GRM2hF>x9 zz&e5Yg9t#ci;JUn)vNTm?)T*#^NTPdM;G68@W|$Edkr}-9eX)ytCJ0g2{@d(ag`3!OVIuc?{?CzKub-Y`yP*vIkn+G`k+dm_w3j9h{^>BZtuYS;5QoNI}w#d3Gu6 z!^@^e2a??rqNm55S4SRT)UvvZ))U=c)Dl&N0ji^B2YfZ*3oZpFy!IAa(C3D$M}@^3 zYoy%EEZG&QE&`X8$b+*}BEu@w%`yd21MNVXnr{0&Qagk72k`ldmtD?m(z|1)W8;JN z1j?c@Q>W^q9MCP@LQIPeJY~6GtcaZLCWmE1dg^&E)Or@u8xqxB7Fd6Bl+M?KHg)_I zx7cOW5lKr@dg{J4`j0Q{n<;CS>5_EXDO0|FjX>c1UfgqITL}*y>lU>vJ0AQ~8<#q$ zL0y)H4J7~up08xJLLCui`a_aW=WbF*A%1bEKx<4LULf%3I0Pw=-2mwA4o#F@i@UVN${9gQ! z!qJ&CeVB^6cioYnj^S$c9C~v5^6Q5mNi1@IZzb5Nh@}-O6_uGJr(ka1t=RY+%lHSv zaR%$*d6lhe_{08x11A&`xIutFot{6G#(wxmMxNa#N%FrqhlWZr8r$r?q&f@eAbWfl zt4}9MXRMDWE|X04cMK3-eE-)u>rTTu{c6n$btYz=adriAF#8Y$ef9DdYws^$lHK^h z@7c`Xpah@XKBUOf5V;DvrvD6;9Lp4fzlD9#tV{Z18_^8~RyM!y`X8btvISZxc~D?u zW+K3luC)rIYKCu!yh~$7ks@!tcW>BajiCJF(1+fqrOKMDV9)qU_p#BPy0i1ksh7rS zbRNblh!{+Tt1vAzBwT9oDm9md`ier?ubLe$2SCaB$A$V^Q;nG=GzX*ub z{9WT2<5>G~_!0@aqP&E<*+t2{2ez7y8+DsC^pz~lYi|-Zvia@RkUS9%2-GgjwRikF zOc?MqiHvd}!e;G5iaNxsdf6NcjU*Bw&qZju6O9^` zSr}5KfmJhLwSQ1BbjcPnq%Y5xMtZ@qkmyuz$58FF=)(zfc=nsLb;55677xP+V|oFKf6YCTHUtE;lU zeZ4)b)n1hCYxwjC`z&T}F)`CWePmxyd+fupLlB@L$}EQ2w$>g=3zQe2{y60!TXnll ziq0{?7l*MMoy3yg5xr&R!4y-ZY;37R>P&K4 z*49&LD%wux&WHqfcv!?tz1uZ$#xEm45{i|{uKi=qk&YDxhd3o+m3&4v2}DdZW_H5J zxPGA29B{5E6wQD{qwqica})qUE2Q6#9a_5PU3Gm8dcfIFcBY%AXP?pBpXslMvI0LA z6?>u*17b;&SwI_?RmQt#p(8sQ7hN&UH)mEbks?M+8@*Zbj!G8h-{R9jYSnFP`*x7C zAt%=0Qibwz2k1#cLc+-rl(fpQhrybM@NfaxW#D#lyQhH{+%ZZX$Y;0LAoh`aJ7V$! zPl+bz%Zos~#k_p|cF~b&9W0Q^D1R$CsB7@#*tkEy1Pg6{xI!Qr3Gcvgj2C%!qBxJy zqTc9MgJjUiDl&9AB*3Oby*jfM7JhP8zZ_CsyH1+g_**EjKa z63LTd0?y{5PpwPlD=heKF!R*n22qtpGBpM=6$UYGtCIFr%zlh|thWL$DFY`YvQ_V{ zEegbQ9|k&wiiG@N~>{l@8OI{XOlN7laj9+uB&ahE&md~g40 z4Z^+OIc-Mv#(MIW^!W}FV7kbPH>^}x*s~Zk9s9M9=P?##0PR+Umv4`u+73M?2F0~o zaI-DG2+KU8yEw`->=v279}s8K-@8%t#}55BT9iPwxq2Jo%F~f?dL|mSR9U{94EH7K z0}=J^mF%Yk>CIZ za~?aFCFQ!C*?KQ(HYNv0jADzoHv%`#H8`PGNwy-AUlt@rNj@%&(Aw|O2ksKVt{TjY z+ud4T%AYN+hT4En!s78aHNhdr-U?DrQrZGF%rL=z=!A7pb3wkSv*Qp((g;&>AZi=x zlaNy?d!=(>!@a^|`&Tn%_p@}bfu!Jp?R0$fvvROnWlo>G;hhHH=FSGi$@IKu$!{YM zTWhu&h^H*;)tKpyF|*={)HP4y8-fB>ZS_8L(7iLo_KGmv@gCqhs^5Qm2kLrcwOwC_ zI;LD*5o)Ks=zV0Z-vufdHtsT;%32RL@|JJbCC^kAAR3O}IZl%vZ`D<1`dhcwL(z2a z3Y(9ZGv)Ja(iZ#WSZP!$E4`IBOKZ~V(mNM9HH&@Mk4(v z!*v_alQvnm&21OKyBUB0EWhxXJl`CP+$TZju2Fdq(t*~(+*)Tn5hL>+Q-D!%k|T1j zXzhFF9xTvT!6sb+$Lh^4tgmzhr7{uNO||_51guCGg87{^(p>x(KakEYu&>{r`n2l6&^Azv0%z&ld6)L=nHA!DGAEO1)j5fdlDwOzP%6rPAH*8tH1k z1vRKe|8Od;-K_Q)b7RtOi)bdRe;czgbgqzJT-tg%t!M_Db!zZ5J;`1-K672Ym(G7* z!HvMHSYxx%PFzFOcq;L!__wLUrOh^Zats_~)~yVUog;e(6Vd-6gEBalRjg*P14&0f zKlkfS;xb139GrM4+Nt8fv$AY|d}-~$C*4Lywy;UR~o)&l~+Gb@j>Bb0J;ULDdq&$-Xs%T@hMdT>mniaVzf! zAZ`Z8j+Kv<$tMvxh@e$;T_B`;U){PX`N?0ej0|}b)_cu z$%fC&NwQsh%0&o5eNJ&^1}vI@K*uVKNV#^D#pn{iRbC{Vym}JNP(5-Y)>R>a~jlmvJ0DI?lqlxzvc%ypA0-^ze_x|c0Z6(y{wOZ zl4X+96+mrBN%y3l=vC~SzJBUAx)vEZ6*XfMe*AB`7>gSpfQv6-^MdeJ_LF;ffj|tT zS42d-(TI>#_>}5e#QmjcR<>BWr=_qrVMXJwqoz*91+R;nLu@hL!W(47f5rMq({y zqlK(mWIL!bpPBVb99A)q$G$bFu_+0RL{c~Wkic3e&VG_`nqkUn-1Y7F_F@ADqUX#( zf9XpjZCRM-JOqj%0$Dh$x-3Z5Bwo)X2<*G})(R&#f~KEM)!=ed4l@Np_~gEx-`T$0j!1FuHXYl;I~TYX@}WxAAywobZ{D!=(bF54#U;xG6N8I}=Te64 zrJqQ=8$3Bhj3N5G=}50c@!rFtkiihTnFV`@*`761xKq?^pJ04rl^vs%DrSY|K}VMxoumw%k8@(d+EaQxixQ zczNA`wX8JKxD&!ud39y53U_y%BM}%LS+_=MJAT&!+zDs6*-V+6fVO3uZQ#e4TaS!t z*{{HBwXETIuHc15&dNPtL*C_rq_8hlPH^q3V2&bQZRgYU=Bp)YfMa-$w4j~ehEeCl zwL=FR!f19I?ubz*rCw#EV&qTe_~Wz@NSjx**Rk$U7U{%omsUJocFo%rh;whkgZGDI z*rCU5{v?ymo5w9~6a)3Ay3saVgx0&H0weHdK&9xHAI6(QrfZQV*2Zsb_6l!F3y6dt z8~1HjTNwNfuR`h{7RN(P)zwJT!Ct8|IPwruBSPNjvslQ9nMKD~8K=&~Px4aKkLkcu zozHIaJ1PWOR1Lh(dXnWznc%ED*LXDNU?4$^H@)t${pewowX~!(p{h=jy7Fe!tI>&g z=1OjH=-aTZl0sJJ4W{&U>}k`CzJ{JFYj|CSGv|c>1O>i8;|p4bhanEDFEB3i@nSrc zwKj4%alE#Kge`pf#D@6L`E>f8pFO;;(zrVPVoVv&N83V6XCA&E3RX%ojatn}bK0{k znyJdN8<;0@)1LBi+9R~HaY-sZ#h*FT9^WI>3b85a3$Qh!WouO1g;dKdzMnR+L6<50 zZP1U~%iXdFVR0bBiKZ-)v*FJg4PgZ}r!e8**bHG>~MQQ)Ceu{#MOUz2oiAg@=X zuzw&QN-Ub=A(;)}j02e2J4%SBTIjFZl+yNv>3CuIw&U|%)o_3Mo&5vb-?8HTNVn*6T`U&Uld}cjQk3 z5e0INgm=U%Az@~jJ(KkDh`|AP;-S7EV$e@gU%2?fELAJqOuWFJ{hmW~g@^pjGUsp| zsp(~aY}egH`LNm0)A54w75|qXu$~kAt@*%n5+37QNrKU!ubR6Tc*^81Vxp@!H5ndQxZaFc$3 z^~1UaiPwW*-9dkkT|~!z2#*S_Zem!DTotjMJetYyI1N8i^G7UC|1?$F5+x_pjq-vc z2FSE)`G6jwriEPnBst372@$gIGQ3ebM|4`2or%1mHqJ|1))(#YeA=!|?^$(4^pRt$ zZOKfCsJaxE;P@ur#nB8D(uUiQL z@}V~kelhT0!KHfk{pQ576KpXGPcOy_PUmo|`5tPNDaUt+MSlSbKHyh>ZDMPSw}ib9u{AN@Wv9$e zivzPv(o;KvmGAnEQ$7bv=^iey_vq5vjn@7{p2?i0KrpQ3kW5;4$B)apBAJZ<{1_+Q zJRy?`&^K+x0bfL zP!CeiB>{UZ3j0)wM08hq^n<%p^><{?g2)Mz20w%628*Xe57ie|LKe%51N~DKc(D6R z4u6A!pW_UR;qdZO3Nz2ooRSRB4|=kN^!F8}*y3!V!*(5ra2@EB2vL#kzgC;+m{mU89yK2$27R~?S-YW`QBCbP?Jz)kTT%y6umM>a zZXTP&EPPN(KdTs!g6anHL)Xvw^W@0)RZWO-j1F|$;@7*6E+WhK)d{~D-5<==lx{~i zT~TEomZX<~lAh(bF%P?Ze8X{wfs~>lf_c{j-3sQTrq5azw^BB2g ztmOv0IX{yEjZJYwO6C1Tk40-+_XxCZ_fs{vCq2H_hX0NvY@`fDp?lmJUvyXk_4zvX zuh-=L1M$KwU8y&n#Wv*r>mM(s|jwaNG(OJob^4x7|(7J^J=`+HSUQ z->!Aoh%<`@55=)(EBP&{pRu5;789!9*WKMrbYvU&3z09JU_6Oz;TDEyljoYQAq5em zlhrRZ7MNvpKTzpym=AQT6Sz|a=jt4U79#cp(B4qlJ)kqKr1aD=Tix89=N&j)8tMmQ zQ<^aj&X`pCT>HA39O(lEL%WVTHEXiab$wHLlaC6VQ)zjngc?<~ic0s`F?IOPyRWRD zHjzkf-N|K=n6{wVj*P7}+_jnQ9}8wRPIgEeo|gETG^!F_=?xjQ6g10;q(5DA+4;7{ zQX`u>KFNWr1uRgMCHUE{{5qnH6pZH6wFc+I4Ep1F)hr=GtxU*5k@t2U2ic6f4ol3k zeRw^nGntYjgXpK*@}c{aLAgIkJ)m3sCAw{2P>VSW>*eH>yoO_CLB^yS)gmUBzI)}+ z3ifI5a#HEnGZ$eNio=gpEdftkiA@u0s zK=4y&`Il<7y~b&*mCOynE>`5$&88>~Yp^!>=OvWEG$zHck&~-yWaMKuyVVv=-QjG1 zU6hr2bq*lKe0Fxvs-O-W#+)zMlF(gmr+k_R#&`3 zX%E8&5V4Q^4QJOAc*52@7}sXCny0t0m)YvuKwO>nBO$LjpdBd;EW(x9s{bPlTmX3z zi^c#%&s!>;$L3k{#SL>5F{HK9qSKxi=XpbS1?+2$R=b6rqYDq+cU5p+-&%Aqoh{<5 z&$~fNoW#fG;CWP4 zSsEOSS?q@T60(O8?{MzG&BMF_r9gF8TWLuldC5nnrX=0DnSD{T8S=+fTZ7gIYt{I` z)6a34Xg(nOm1-dS5R$mTme;2iViESRCBEDI_>@tR=*y>TRva3=0lyLErRw}c4WRw* z0_1#q!if(uX63QkOGM)PU|Z(Cj9zE{R`6nVl3`GaTi%9S6h6KztDP6UZKw@5tIG*8 zt>dOryHYG%=n&ZmU0J-|3~avGL2cfOB0ucz2MBD4-w6^{@G5b0iwyR%=S8lT#4mX_ zd9#o*p$GItGghK5=}36ma6R!8)Je8doDw37a-=ZOQ)AQ5(?`~`)*A4wm6J|IBx|nw=%{kcg$fc#&0)~GS;)e zRSnfQ{N^3&j$?H`UY2tvzbu&}TDQ$e`3xuUrsxB&PUVUxW?Q}^foC8!O}1YMTT8UHf$7+Kr%%DC=$85N$Y8^pP_cuLeq zPiD7b`!cY0!i`Ul()+rpE>@=_J!OR##2tC`|p-i zk8tQd%gDXS`{%4CsKWKXFh08QJ>J+D3rX{Fxq(g751glZxHd59seeJ$x*@OLP}*?a zkZhIPQKvD_M2-Y+^zlqGMpuYIbugqU>q6$rM>gC2W$NAa5A_&lOpfn)J*>RkSel&0dd5w; zi3Q)n7kfCbJJ-pk_sihcp^8St%@A0XN!4eY|BR3amPR z#6*EZboWVc2Z#aXs9U_;>lh0A5lDwOt65Fi9XeAD&^_u*4~uR*?xvC@Y-to4>TJGw zoQ3&`HKq&v=RQfvdx$lWo%6|Tgm8^3oC>}-B!K(G_Ewv!S2EKrm z|L!FYkB=|6K)SV4m0hcaEOjtfJf7UeO&mYHYwnly;>uQg&{u{-YE1Rzs|EEcW05f( ziBEndt~D{G4bO49|7k>n8Lm(aot0uRTa}+i1SmP^eds5;uTz$J_4Rn!GZNC$S|vQl zs>P^nGa*YBAmw%Pd^s}#w`0P5#mR%;_R^Ii%Q|_CSk{zfhcyqcB@g;Lpe?@heiFuy zBF&^qJ6Me%B-Rb>dhtG;iCahde?kDa0lk`n<3ivK^KI+W8*Y-wvJh` zQi@N9ozEyb>e4XHr-8?U#I!n~Ic(Xp<;(LDZrwETNFhtnOZjvZO3r362CnJYO~cY`c-^FkZ&6+$1x5A+3;*_TC@9W~ zjX6@;(&f~daIA3{aUyUqBe;S9Z7*>mUPa`0g#9ImNEs{VpRb`cA6|R>omoswll=cl zEsq*_oq0cdK+K9Ee@6)oo&0fq3R`sVtKR3-b7U~A8u{-IKi zog4d4rG;27wo>0e31y1$*YunJa1p~I=>IO@|6f=3|M&FMNi5HYJqUUy$6x&cM=~A{ z!&2=zJKv``0++(p*IHyFll+&Ba-+L>4|pk^Bv!&1?|F|0M_$)&O{7S{He|kvf@(;t) zDBrj(sXl}0Si>1PF7jvkae1heCqUB;KJ|)Kgsm-Nfx@l z_wp;f_DCDMnTU6<)vColdkKHr`bH29UcGW+kZ|9pj3`M#&*aNjlgwob zfMSU``)N<{Pz6&6hfpzoge5gmKN^i&%^UP?HwO;--mdxkq%!Hhf*GA~wP_)rL=deZ z*WJW)vA?4~U%}VfK$j&kKFpWaQlF!D_(H)wijV#a>cls7$D)T6ceLd|VH{$V7pwiJ zoN9~&f6xsj!qhyJB~cjF--DkNnSXlIl)1H z1Iz3`9F#k|ih>T!A*TZe)2RC*&X*FTW6k4`bS#hOkJK?GQ4$T%xGrDmr_}k z^6j0BnzH4SE&7C6`mOc12w&B96G)LQjcKXKMV{}%XWa6vJ;RFPz1ny$affq#QuJZ^ z%{(6!QUAKav1U)pNrM>}?WL8$+G8w^>M|jJ!vg?6c~XC69`xeiCeNRD0G1>oNJb%M zqm?D8D@m!z_Y+n&6Z87j<(F`>JTD+!*|A};e+;vr{z(d7K6UcpQ#Eh9sLRs#-U{`U zQE*R<`s(*EpTm+x-gfaVN&7Pg`LaEYp&mUiX;}1#C_&m@M<1vtBc1>zk+#tHgXBQ! zAtrPW0)AVGs`!0`S^qbOSFa@ZaX|4)17)Z;H@Tj}x}>l8Qh65NYxdAicGSFJp$T$1li@?Na9tQUT=A_!_@<*)MrziJi64lG)gz)vUHQ&cOMPb%Nkz+hTg)EG& zpnerKj|^EX-s|hr?)wi}OQmyWf0Pu(@Rk~oHU`Pv!J23WJ#@WVDvXL>mRU#Xm0elL zwc~&v=NRvltGPmoJ1uL5F8?Zf-*qrU5|dN!e1n}fN<4#td$`+K=dKDYi9(*$nVV;- zmRh?J@bsGVxxf|bisf*7e>TTMBTtA8%Gr7^LDqLB%c^&T7>mAI!Qt_l={j%P-mg^E zHua4cT_g;k^$m27F0ZkU-BgM3DU4&P*-!ohmO|ny0Eu1befTG^SW}Jp(Vm8CV2_w4 zQ=%@yOY*A*^auL3vi^iY_SY@A0-Y^?u5lKfLygokV08)%rJ3{a)v0uc14k3fj!aPi03dXmBlsT|# zzflqWtJ5joVzf1;0&*s-ox>O(e%{qnA%n9>Ks|cfGfpZ_NR|8|a3qgAEFSPtm zVYMTf6xd(4XhTiNInQO1mAo835XBq4NDgd*_ei<)+2yd`Ku~M!J=~~cMfTvF`R?4$ zENBtbYB`vgcm{`Bp?jCyw6*x(%v8RgJBMYHX%NO&YdJXtRZyti@NEnk9m zpU=?|o~oxzu5<(n3aKRV!#?Xq{{?VUdNb1ilH#YgzbcamsKriKR#as$7fF1f@)+lq znjAy>kkoQycXQwiMc1qhEKpD-3=MqVynV^_+U0G^qbdufy!2+yhBPR#tvb{|4_b6& z;3T#Y>{^L~2&Ylg-$e@zIJgc{CxK&{l4rVb>`D%5PDYP*Rcsa#ZoJUYw9y`&=#-Hu zMz1-&o{ZD~;nnkS?$|XXdR=ZKC>VHJop-QRhhHZ8Lg`1yE-7{*Gqt(lc)ghJjv;(V zV6kVThh6Qo4dx$ZV1Xu~(zk)$F$pe$XYpDhzb6lD5G<1C?`L^U;(C-7K8I6F7_aKm z3flQh*tTm4skU*Ev#=0;wfqJfvxLc{TA7JQydXiLkwd*Ezur)R$gVX8Vde&3q%#;( zQl^@-Z{3WYM;s{VJbcF8WAZ{__t>hsx%S9n12qlL&yvY4F-R^ekXjpBn~t4mtGE!2 zc9+!Vb>`CyL?<$N-xDp%Y8A48XYtA`AgTigy}HQn`1sOcVd&+ubue>+>;3w6*qKSU zw0CnH{%YrjOhgPYJuI-RGi9FWv>xfS|2|N5Mf1AK)XLZ4T=$l9S*?>(LoxC|;||aW ztj3VIeE4d9FT{*gNh*E4=fLk_@GXp2wZX&HD)s^DJyhhpx5_ddPQB!Ma8*U8E^Hgv zkbb}E=I{pHS)uYRurc@_qmk-BlWDWTCp3Z(L3N34d-MA2=7d*e=BKAyeDVV|`Qxle z(X!LZ{OXTUJNv^^74YFxw)RzG0{pvOhmi75yrl}0ikN5J{0vhN)I^pSrtI;m?745W z9E*ZApiTi;p9s$0nB+CR!co3VtA!E>H&F;Pr%5ne=^&l--WzTweiou-?)NtDuQbM8 zxo-`Y^Mg5{S-0fNXq)Krl0$WG_7%R(n`gq#&d#hwageb6K46{UL!J0CX^+!<&mngs ze{@hrj&@$W`4Dp4 zF#)s8Ff-Zw^l9VRBJ_HDQ~7x_8GazXV6@^A?s#6xL8Jns@t!v+^v8C4k+=kyMD4Ho z1~uyG^u?>-ZBjjoc)5{~s(2hb+;cja_8W)9etAcM_(F_=E_7i1t=cC>&En5C7B)SW zQ`4$;mwTlup0$^%&u4#Gu5_`BakL%sERpEmVukq|pj*A{`1)0rBlTfuQG^BwNowdN z)%&*N8OCxN2mk^A^E;vVWZLfIia z)^`=(P*4n)-muz#6TXi0;eNOk`?@1yp{WExw^QQhWH5{&93_``rw!40o?*ff(ni01 zEaYoVhVdhZaOalQP(EAXv>Vwc#Di1EJFgDcB3{F#*W73Ys|E*cW@QT>(k5OK?F?ov zG69g%K09AeB5=y#lolF|!IN@=XdTZ}dMiMkeTq_xt^D1@TZ#;n2x#=WE!l%JHJsc( z@s+XvR`g1uTL`($JqP%;0*HAnE3DnXa%)L~fUsn+YtM|ti(klR>Kl#BrYQkMy||C6 z`6$)EUz;g_q2(G~>F*3f447<`))r}vg98Z|(W+B;sr}PDj2{?WCmqJLYPGfS!WD2s zg2FJB>KXUnrGE>DeJ}bUIM7=na{iN+o=yv9OY!Z**mTQo;eHm||}zUj>+rtL#mPAuZ~I_l>X*+xeibe3jw+n89Jk*okfKYv1p*e}O(zv*2ylAs?^%O-E7}U@LQQWbs_d{B{>ar@pZ@C(7hdcp`40{fm~I zF;0S3gZ@MdFP+F}Ega^fkn<7}fB*A2)+n<!BeW-+0?jkPp|JR-SIN} z?%$hDAc+gji=0EfIg}`GD>xiJQ(#Ke0_qGUgxbt;n6R*?I9X{E=XP=02l@++OOj*AUNJup}(%UmS@CcK2{_vqOz6orh1FiCwk??U2 zoajw3KoDtE3`k#_69u?vSfnr)%;L|Dg7au;oao=NNv;jRT=cns5XG1xiM9=oDw4ba zUfuxR>FxJAX6p9O#&_nLzAIr9Ecg3u?kkl;$aErFR<<=LDkvjE>@hapeG~&jl{o*$ z-$;lg$dk*#f%dA!pOz@7^Nfx3S-c9keMfveM1X!fJ*2xgvt8tG!q!hes;dyJR+^B= z`&HJdv}58Lt*sN3v7l5Hu}m8_6|i&)7F#v!wDdA$!T(@$Yt|Ti5Tr2Rah zu2W#0 z@`?*l<%sJe8LWiFdG2Kega^LBNH)PCyO<>-_9qOX&n!ZkUFY$E8lxhLbFaN8Qlm7PG$$Eu0&;ZiGIKDp7juyzRusk@^0#^ub_fwN84r$||~6(o-#JiyspoR%9zvgk6cWPhFgeOrGcrMiVf zE_h{vL5L8Mabr2>1&1dWrQ^|lwy!G| z2oDbpLPIY!#>^8w(TUMHf0gd{Z0DX?>dU=Hu7CO=;pz4FuNFd7VuAtLYL}xQcr!n( zMV#%&?0b3PQBe5I3!wx0zH*M3bmBvlRCJaMye7EtMY!8`_v2MQ9@ae^U5c3APkKLI z&q2^3v06xQfj1AnAAX#WXAeTooz}3`oYp73g|)O6cQ<4wHV2ONKsSZAOpp3=zq|omSe9?mwcapI zQFh|%?AUqJjo;%9Uz7A;ipLm=JVElz?gmQNs)(O2W4?vsirw>JLIN-b(VwI6-Z~fN zedkwKWVJqI>bE{|F$#B*t5h%j@wc;Zi}4<0v2(KLz@>s-UhmFa{ttI=85PGCwhQ8f z;1DcW0>Ry_fdmL4XmEE6?ykYz9U4Ng;O_1Y2@Z`rK^u3b^4)WCa_8UuF>7W`FIcsz ztGjF0e(l+>ZB^ygEDxVE;Wt#&WD{=A2lRsLiTr}bcVpTu=L^I@wz7IHInMef3K4;#gHf7~3oF7xhH)t_GIEaR*$RF-8P)CKxjqMg{rme1Z2n92Q!z&_9% zRvDa~Yi)lZoxZbZ*!nOFozs0Jg?SrUFIW+k6+5$umF+GlxdD9 z#aYcAI*V^b>D{9k+EKl!nHM6#INLL|P^;IcEG(ppAoc(O)vlr4`cD(yKveQ0G$=A5 z>5$rEKu;F*Iy&1b;)4847va^@d0_(wa?Kn;q`3McRPy&HBm293BOXZv9BJdJGeSn4 zSF;w1ncE|%$h~`{P*+y_$i2yvi?1F9U;MLFh|SRjmm?6QJx6pC^Jd63uRz^rx9yw8%?)a)x?>mFZ?bdE~oE;hdxTqGUH(tx-2@jR4Or8DM8x&kP#)_!|A_g9hRW`VT%nL_I^`w+5752 zHt^*!9^=-S#}lz{3tPY4ZNlU;B!9+R7uerS>(xEl!uCXNggIu;za6Ff;G)>!@HlVE zW^zs|S!cCV>eCuLy>K~_iz#@C@Rag|gCa{a>%Bw&oA^t8GN7~j{}DSP)>r<=V@+_r zGMaS?$Kk49WI=XX;b)5uPd0Q+5E<-mU;B z&B@U^mFMmJ%m19G_7d)(O;}fJLth7bk`cn~-3I9EqUSvgW}<30-Toj;Cn!1AtjG3Dahnr5oYmnlw5faF~R_s{vgkS z(Ho+RcU_NtGAqh&w7zs{SofH%1ZFe%@tTJ0!3y+DquE-J+^6ZeFS)irx~8|I_T)`| z27hStj?j;ytcj|n`?EY%*oLRf=7!Y_PnfY`;rNKh2iKF>{_Dw=$7q0G(SY<9Qww2a zz3YnX+`RlcUR7w242+iJW8=N;C6^4u=6>xeR6M8jR>)3^?3h`n>(_XA`{vOfgX&mv zC~R{C>#$tDRa@Fg>HPQ^ZQBOJemi{ncYPB7S}MWzZ*k+jD&c4_>O&0nY}2C+=rvf& z6tM1QMJp=0Itvzlx{!*VuW}M-9v+6hUY@Q7rrURF>P6Z8wlvIhq5BYtH*g(ciBR8u z6GG49B6X%Q7bxP+PnOmTM=Qi(Aqs;uKTg1!1UVOlOO4$M>hN)1+oV5*SN zEuG2?gV2yxZwPd^^8#&fo(HB~)+)c}bp7!P=2Ate#tZikBl8!|ijZ+2@i3Qdbjo=l zV4NA8WqD$+9VA~l>`(9)!KHnb5zD32th3&T_PG%tdbooY3p{O9WO^taJu~sSlZ3%< zx#hQ*Ek*8N)p)|KDK075yIaKWuUinV(oZ)_lTjA;cqx+o4t^;&KfmU)4Iz>!5~j6N z=0w$XWv5=uUb0X68B253-o6LVqP-p{4+;hH5q-I5uWouvdE!%cztxQmx3=GqkF{Ik z%L!k}-Fy3_U*$kaYHOWRw)G#8KmGe4Z7S|en`Y;`rb7A5-?tOv^y+7aL&fyn+)^6J z?|3(QAAqG$kj&l1y0lm>2SxrM`09~o%{C>RnKxQSQ&O$c9*;q#%;2F`2Im(pH}>1czkabcs3g34*me<<#%*rBNB~dYUGaEjC8W%m`$#I-7uRJj@WaH# zLo$(=55KM=e=Ta_e~j#%FwdGcH@2O5g=C7}_4)go=iEv=ya$&mhjM_vV;R2_W^TR~ z0cxG@ii%u!D`|LLw(&gAp){onKrMKgz~ZOKKV^&)q^(ud!)$LY{S4@9+#U{+e8=CP1hZCs>7h|u4K9BTHU#)TWAIM zD?)CyVEE=muP=O-2IXury3bhJx;R)y`V}>YOI;r0eA*xF!<|B2j<4DBF0>&30Z`y+ z8j(zK0HyF&{I7nK)Xsu(+{yz?J|! zW6AY%1YK||%@G3GXtl%Yg+zuwVJYim!~$5^;CI$RV7htc zBO!r6NR_6XJe4lc0gUecq4LAR{cUvC;^Nd%?8?a2akQX__|xOk(SBLh(+gD*xW~6& z&8#xF0gYz#%d7zAWVRqve|W}9=1xchih{c0jqE$W(gr8htzM zse8&CdvY^Y_yNzx%d6NsA1GIURZr{-n25JqZAJKZ3|GpP=Q&;ZS<%F)s2zPwnwq6K z)hDGc-%HQx=Cizb5t6fuh_nLU zH3%CP`9W^7Oiv!3MxV#HX#zy)&O1E4t&wr#N)fEQXx~DS8coeub-r$}r=%tiSk@=f z<>1iLo+(a2HsZ^{CGX&Gpcxi!*OkKckZr(BZ2Tf$21ZKXb_2E`N{g4FB{7k^(SZrV zBp!0AE;ln5X61wiPTKT7f<=daFyq4Ew%ow=3ue*je*A*S(akza<=?omjfnD3d1&c!AUnZMO(%6emhQZSBl( zVY8x*y*zrgVzuh5(Gj5_Z>pe#Z=nCa+YOBYw~BPrl&Ar>G#4kQ%T%GJ)I+hz7(+%+ zyb4hS`%z`rFtq(H{_EEJCVnT{tMYbB>eNoXbj&617p? z`Lz0F*?fqwL*CZA?PJdLQbePZrAeHD3j|la;K02c62M_&3t7K%{22rj_~<{r6uKkb zHqmx>$l&&H=u`WB!pvGi1^+C|I}Sif2*(7BR%zBuTwH47H;j^vBSP0h4?y&GN8i+toL;6}tv zeROX3!7f0rTFCxh)|zbN%?h5dAtGDH(D}#Ek--WawD)uu@9p?YBSxy$xVsrkKJN;R z4rYLmkAk@IxEUxpNH&e<2GrI2H}D+41Xije$$tGt;rgj#vhE-|bP+s@H4yO4m33ga zDt4!iqjGMz+qe?{ieo&r2O$|7(_bVe$+8=4P02IgPs-4xWWeh6-Jj$`i(kK)njHtg(iQ+4t2%re8E~wW2n_ge}S_yPeE6b|)qbF&$URWgE9(TUcTxxw$X5e8Eo3>Hk zdY0h_G-8f3EoruIO4m6`*NmIFkipT4*mSk=QsS2rOx-WrKhQCgjj#{c^&H1e>Qk1l z&3k=Ljqd9ET2wurdQJo^(awc7>`C z7e7c6^V8Y`!29UJ*JQ#?&fLZxLm%a&sHpged==#~2c}iEmbdM?gVDEq$bAAna}FJy zwgzdH=)|I~UaH}dtfn9WY+`mys#YGhe3(u|* zAQ1T*E>^1j2K~ma-A!-*=#Qnmn4Rx>RQ=fc%T;~J5BT|6Nh29(3^$YqBgGi?HwGXz zvfKe1niXT3b{}7-Nd1^$S??gkk!OKh(6@#MganiEOiD`E4W`DtI)!Uh4l6Zcr$N-L z4#CNYqe&UIrUD<&f>Z0+J5Gx}gJ|vf2F5G=h_-FQy%@~~U^AHgNz#;Yl#yKx-D8X+H{(M-m7gZ8=HoZpk~_Z8T>)Fn=^ zuYAGEU;#S-;a+Q+6r6p;uLV+n;5g&i3*A?WS@9sd@VBxn|&4^VF zvY&6XvZqkga?UqZr(K+H-I4A|jQNqr+G9`|!(n8bd{?PaN=oK(Ni;b?>di<6sXOZv zcv`OtXR%x`t)3@LNgeDM8F7v-FD>2J3bcWr`z{Y1pX>8l6IjfSCVE`VRY$e< zP4@+ZPP3kIbqir7WfLU&_v?D1irw|IC zmgAZpW^{bH_rAg5-6d!J@MOLy>f95bABYI7pMA3Q<5(I?*etu4?9n%zaV6l9lh|zI zP;|9TK&N4obVi^%c!gVBB7}7UGo=z(2xHq*U}HfybjtJvUUB%Q`^8kxak)SqbXM9W zlOwjR+r0L4)vLY7q#Al+=#$?!S&P%WA`B%k2a)|=Gf_v7y99{S{mc8hG)0?yl1fuG zo|NR4&pF%f^RAmFSo1`|n?}5Z;aN^7KDM)^rB1<_og4F;X*^*OkGT@ z10QQ(*d#G;BT(Mcp}xx;mXv+|1N@vIIFfE2+56nJ`-LTX#n+OJ3!AEH60I~V8jhb~ z5SRk}o49dW$@kjBOr8Fsxkn&V3a^pf*hbJr5BWUcSpnB)p4W^$Y=?>GNDE%P$j@|t zZYup#<4*?|dso`cJ+?}W6>XXtV#1#9hesYZaxs1{X{sl!HkS!!Zwa?B$$=R!{Kt?G-f5^l)Cj!KAlk5H3Z10C-hKO3 zQ(uAO5eu^vL!Ky1;n(4&J4h{s^|zb?VoTkNr=K+Ye!~JY(k^ClOdjkb-h7e~dj5_k za(Mrg4e&#qosNUxa{dja$Ch&hf&}v`Z@WdDzabW3J|`kkVJC$;X$=STdlH3W;Azswf zGFN4#((((;K+^v!qDDe{uVqh+N#8&w<(kTBf%Ss^Hy zE14Dsb#(SpOo3?d4c~tm0yj;QX&^yrNqOZL6)`;YUk1yz?--@Y;yc9PPd?D{kD!jL zCI!=ScY@beC(z(SK2_wX&j%9eE6bpDhvs`bx^3gQ-u zpU8i$mXcxYm=i`*X7nM(0N0kU(Jjuuvb0EtQO05*Au&AxZp;yRGJU)%VLK#PPK>T_ zSBLAPVPeGO&qOCYbiwdcb!Tz1 zAveqohyR-RQWS0O$?tO`)7sL+9oyU9rE*J}OM~(QYhL(kse<%qX)zS+8w4-{>Ar`s zvkl9(q53K7Ki5F`$d+XJEJk?#z0Pmlj9xv4+v^|5nVeX;$F|LKS(%%&*ANFD0Ux~j zgqJ-+-s_*3@yLA&Bd45#^R=ok7mgS(8$8kVRbznt5KvU;fM3!~?k8V|8W215L+qNh zM+C<|n#m+Q=OAlnP%KHnpFMp`w2IDJJ~FlhP#hdLGDjaTSpp!c0k*H-KppqiDk*@3 zxK@=mRBM4gi_vm1DJ9&h{do6Qv5})gpc{~d`OYO%4RvKas$JHURc;ANN$57r`z2z9 zD_0rG`&H-pRIb6mW_n4Du*gAc2G}#K{3rpf@zj4|T}TMbb2oPt+K~;Z))zZetPI2A z*5Zb*l_SE6u)?{K)m%?Ft%E=6s|SQJB3m0+(xEE4*}}_(=rTn@m!K${1rT7tzlfbz zLm^>os?(A#FDc4OHQf0H4-m(MyHwT1AEr*e{XE2rpe}Kpx_A&Evpe4NdL!~t`>Icc9;jnnZ+DElXP9w01+JK{)El$peg{f-*SY2!|_zVB$HePigTsmvYZ`{JK}+FE`W=qK|oWJVpM`dXZGjB%>BfkjV<>P?#E`pG);r+5{@wlkR zUidGTARNio+dr`jzXzkG{Oi92j++CD1Cs?kY6=H5G^o$(0_ix2xeNH*Z0+G1iDXUA zF`-6I9{rlU7M?h>ro^k!pMF)u8akHk427}oo0pU@pq?0|e#Gj~-`F<$xY8la{*>;;qPCQ>Eh;B-HaIt@a*snaLVAnKvdg7 zKRZbBmt770gyW~BicCrc860OnQ9^X}jQsdmGZqXApa8re6Xu%lloReP8IHsl^y=Kc z|2f*C`?;u3`aQE0MZf&`gHX*^N zG8ts?k_Xblo3WaJH24zYIsFtB`s1Slew#!H&@z6)I@s|$b!=>qAwQDHB>zCAhbg(akz-6-{Zlx9d)u}F* zMSftC(%?l>>WH)EAgLvdhg1x^@1rv{r_%0=1Re`(LTU2&w>lf++0PL3UWc^^64o>v zEP{T%!;lZ-xl_ma)mZj#I|+b}xrV?HB`QD?u`9CPRp9%YSL5z_mQkcUpX9N>eRnhD z=!y^2nXpt*AjPLP5lCgHkG;=ejmEoGTem5Q@9t&2K0+Y4VWyqm+gJk^t^W%Zfa9J; zNvoi5IcB_H7_A_rEj5W|0Amy5|jxw5-vq>at)B!8H zKLZVwy%~Q((oIAAoF#YUUorBKb39^DEMu|^yJaGnjP>c$U#bnrR@VrP z>Dzq2{W8=9uPmJUa43DWB7P?;Aya3klJw4G1F2ijM6^Q@0B9aFVrh|5f62k^%hJKg z90Nucj?_eJN@3z>fpoMsZOf67^YOTY=9guTlJUTX1b`?5|H@o zuI`b5XsD=@eRGY73`KG+>Ut5Bb{wgog#Ef7fR4rUCLEG>>M@Avq9qpQ;iA!|2!&BHza%ZcQeb)UBknMKhdh+@_5emca9xUJ@J35jQRiHdEGLZ zFVG#*1&@FLJ|;PNc9`-XIl6IoGn0yWFW~Rl!ZRY|Q&JyHsr%X=r&QV&lEOAJSTD}+ z;lb;b`FGRFy@b{_S{|k{LpQgE`d|uOc_4Rdc^P~Cko2|A+>6!mo!nJtGli0RIwpqwS#vpM>}=MlvbwAo9eVzHPP0j-8qi%$Cpf zYK(8uYDl68w250WR?Bw>19huV?pnD(O(5du^6R` z#qA=AnYb4Cr=D$c<2oLH*BeO$|LUTL#AX_XlDaO_-~ZGh`M8q*ztt~o(*E!DOq;Yu z`-iY0Ap<{$cQ7m5KF|rcBs+{He0)RG1oOT43OY4x!{&JMR-DuWEhlITXxPaTt@5uZ zZWg}>YKSDrD{a?AOvWF&581Xm!6N~3-tY|#0lzFVm3oq>V+)Uw47CfX13rlnI z>!P@br6g?mQyjYp$M~J#l1#$4{|JD@m01%|a3rL+))mO~SkHorAjo$t)~kmM9Au4sg?+G_J8Tu?{8#12s{AIy`L|1Yms^b= ziuEv!zS6-? zSam!fL3Gsfu_Co$*6F*fI_18~a=fPZqPEF2mK{9 zIxrlVFc}EaxfIP{V#iUKBn5UnFkX|{OqLX{c{Bxgx0XM8Eb{lm4J5m7E#(Dt>5Ht{ zPSzFT_S>ze#DaxBT)yI2X}i{1)~t*B=9HdR$KqM5!F~tUu@xeS^FMA z^fl0<)il!`XG464TZRGXv#EA!hnx!EnJ>M#M#ac@c63HO>lc>IRr`}+pU9g~X{uhld7tr-K0!_{l8DR*SS z0s6IA1wN0jbi8GJ}w90|}>+oO&5o8doe{@7*c z)J{Fk|Lf5WMBsR|oaln|Pv&n&1G-~XtaLPL zQb?PJiTD_UEm+z^bVqJ5+EdO*%UbU##7Q^;fJ<%{OH`#%#f2AD^;OTiSsT1(q_t4S z$Qr&SfogSNkkAKqmGI;NW-pm>6_5j8g+%=e>zYiZef&@P;Ayisd?$nF0Id#F@*s<} z<$z?{KNxyg=LQlE1TMSVDxE54|JG&;iJ56#9TDDQIr8_Ndf{FG(WTAY5GjMVY^Qs7 zV&l1D5DNT(zl@SES`LGV5hO|7msR#EHggl}b4~6*p8}5C*kx8PO`FiZZ(wVS=@(Z2 zu)5cROH_C{B?){P8Td!DKi@z!5GDi3P;uG2k}BI2OM<9vtTCa<>#yW&p2;`xbUo?; zR*8z@G*MZnGP?DyNWz{fCT{AqT!!0n3AUpqbYnr#d!Yvkt)mjqup|fcKuCG`B;oaW zP0iHxOHgzB+y`2cql$;N2Qmt5T;GWEDN26se^kmIe*x^uh*MSBkkJ+awh5X;-1hD~ zmoKEciCsu^2woAQi>sC^U@=NvKF2WxUR4aqjcwLPVM(1{QOkZ9vs(eqQ6Rkv36|r&CRDi|Zc1_($N35x0I`TSEMqBUBET_kxw&=Fj^~2uFbT zKc+hSnMC9nzxGz&&12X?_V|_KSpn&nla=0FHzaLoY<1YjebTdpQ;l|JqgZz>5}mstxm@`b_y{$rcaKti&)+uGM)O);^i9dKS?KsUB5 zp`hO&&35g=3gJzP$xeZQ#nHFw{J6LT3GLQsOqDXBfLQ184%mnEt~4rg0xo6hTH~Fg zR?ij_Qka5F-a18#>wgrt#Q5!)9dvJAhY6*^)&hoO<}txaPCKR#j}qL{&d{?o+*-0o zyf(jQW<*u%X)M%Xyw)2&k-A%VRzL2wcx5NpNekkkEFFc(6O@G~V>*@Jj_q=~LyQBld;XNGe0=D101u)ZVKDOAm ztYU7xLJCoW`O}Z_a=cMidClr|=1i*Eo;v9}YIWx5Ft~kD)($?#PM}X8@RvDG7#rVGe{XX#H11V6QI-Xp6)qSM|jgWf-n!)e*P0mlJF?w8w*5K z`(c@1fT#(V0XE$E^%G^Wb`etJwGiW4JJe;xWE!ZUfN$dBmGFABNH-t74i|oz_xqtR z_if{rm}+wW&1Do;xK#HDUuW&G~*l(@YU|kYV=WiK7tQVuFHm6OV_m#10!vfw@i7fjhOo^HFNY970Z&B_( zgZ;;9K!lJ>=!bH{{5T&2t}#W8_5-}w^2|QxzjTW~{t5&=ZsS0*m>o>ICe5H2w3Fq;?(v!I}*Azqe#rf`5D2 zF_PI_;g9BwsW(=V+Vc1qe6UzuKkePknqmvUy)5VFa-gf{cNY7uP;js3-MRx2A7=r9 zIO9JiYLp1S!9D@E9i^NHl^_4`nF6uoc9j;*mDd5)Tui~{n|{;a1!V}o-n@!o-Lv=h z3TQ>}Y`?mhM5BQ`v#zD|&dg?@b?>I;!_8=o5wp+aq)9sV9+b^`d8O$@znDhoNZ$;~ zt=*Uz`(Vk7etnR3Ijcq%XZeYAY60{iTqw~uAjkIZgHXQ7e8XCRtAbg5*G)g~^@SNT zI}YRT`EQhYjYOr90vZ^Lmb0~=rbW&SGP3h19jrCX@H`D1WD$CPa!ED#c`Km%&A#Qf zkh8N*w1}9y#Mmny3!WsbC^5C_%78eqvDVX})W?tftULS0JK#ZvV`k&wF@?GVMk}W% zebK6h^Fv8xs64vwPDd;PV~6epvFIdI~Hv zDtwyqcSZ>Ac9%W|V1Z8;X0Dr`B{Q`N>(!O1@VTZBn{*PGH5XA$^+CavIov~lus2)) zhKP7=bGo#2HdW4&&`{Isj<}Ai4zN;h78qSc*sSketeQ6<>a)&HvF9>g^qT;GhXAyB z^mfLn%_by2KyiSwBAc2*=%6WDjRXBj_*)jm+HzD2@HB zU%`D&0<+a%LqZ--B0mrHyFqhjr7x5W$?Z$A}U-?!VLLzu7j!u)K`%?K%u;uEf?1Bog$b-4Kud?6mBMSA2r($4iRA z+`h^fw1d`Zen@QRsqig)Ews$pKb`RkrcJP9Ne}>EAmlg+6z3go2<&5K-86uB zzUYFJdOVs%dN77eJ=c=n$vQ+rTF|YU>;;!?6AW?Ck`e-c23YE%|E5tnXICgZTGYPj zN&CM4{kEd;&KB=?6!FyB0jY1JT`S|V2HymP4&)dpKqqFt;Va)aMs0F!b)q6YRK(n@ z6=U}M`1zc^M$Xn>ZN<>^Ziy;X(}?}WVLvV>3IvQ&8> zy8~-}khTx|j8r`zd~S%I8m}}#ZlWQ=%XjQqJjVr3Z;sq|XE#-a2gfm&lR-hn#}8aj zcIMT(Va+<*W5hbX7Ma`A#8G_TqmQAR=oj}}UkKEu4J?7K5xp!ohv+mD?(C;J^|@^q-Z*&BCB00JH1-moDUwn9l3ww}ok_*sMap8Ac3w%e2j{ zP`8<&d_v3Rl`3;%rS_!q5f_gfz?&mcr#=Nr3+WMw1_#%Ep26k(AAXASvCOItoS ze`!?~3L`6iRbN>NW=rCHA?CQ{&V9_o$33mL2t#afS(_0jV*w=rmyq)8@sS^)ICQc> zbJw%dMMp@EI?Os+vk*f1R!aeL$VP#qhq_DdDY_c@oR=GTiJDq6!6!S2e1;zvK6yi4TlT`TAe!KMzBSx->@#S5 zzvas3skc4~TJ@_@_pCo!G}yUVELRnMmq6D7$U6`AWDci#eDaOcLLsd=Xa+>cWaj;j zUZq-ym~^IgLkP>IvWw@}e-IOiifW{6M@0w6{zFTn;MDf4;y%2ZuX@hLF@?}Fv5)Ef z=wi|&rI%qtd_+Lf;AsDrK4XV5a_z$-v`m!j?i={^qxQ@7U^nKV{5sE_s?Q%n2yI7q zlaA#wkUTANacy|}f}2IP+cN9x`gN}#KWhy`3-}rD_tPI-x9_J!+nD#%y{I>#L55R7 z1`(3=IALAeFXQhmiD7Y(-RbioV zh+LL?kaD)SmhCL%eSc#knylUG2yak4%LA29)0XRJo)3klCtU5@^~sq7l|+NQib!^+ zdBPh(xQ79k)>N)zEH{(rlZ0R(GCiMVDAyheF+~gbHOz(A&@Q8Js5OSW6uIU1^>PWV59&W-JwuJwL8plN}@PL{x_mYn@n873?63FB< zuf!5;DAV}IT@}?}6D|4bbJrO${9#>cJDo2J+|&3nxc|NKu@8w4?3k}F?JE0cztE)E zJYxeo`drmfdpfR3{ENql84n*biN!8JjzbW&6Pih5e!}IA(R`(E2xuN^fx_ z5PRkIeb=s#$9h=dF~Z?af$gCM$(+ZoJjSj@_%d$BuFkZ@b=LfmD_)OwWo`tbpjG^H&)g4Y?TXLovQ|g$x|>j*|pA`;0=LxDaxr)CLNi=%*bqf zLWW3~@9=%AgrKrS8y-K8MaP<=3O6a;Y9y_$PV}kq;hHB#R@FpdAwgqcjB`=UNgw(_ zfAdH??`41sibA3TDR7VyQ= zD_(U(6T3S*YdjSg2cQhBH$X@yyZ3yg1a?NVRqYzFWl6`omfpRiNUSxSWsb@%(5*PX zP**En=Q36B9@pEt9X+@=X2~ko7;kUa=)El!;7#(Hpo^vw&bqd0zTPZW_PorhJ-Bvb z$zs+WjTMf9{gG!F9PW-zAQD`szqnk^bG0NC6JyfJrA_j`AWE!zo(ltfDY0ACy`D}Z z>4V%BL8YS)bMlSHL~$al1@>a=?HdNnZS3ix4q=LihI}*lBW^}N3jtu*up?2piyGEO#=mIyB@KlvYosr%7 z5Q3(gSXH&26dMP%PZZykWA`iZJC}-OPy6Id8|VkZXWhBie~z`04AB|&@X&-x6_0Wl zhBDNe$dEy@M6&TLCo#D#Ki&U;MIh`PU+wG}6Ixtc=pf(m6QN;Lfs5#EJPYr5((0)G z`s~g?Svi#$YQURV6^SlP9h+g7Lb+!mt3E_Y`p5>Ir?5{G-*th#8zHQB&~lD&-4FCF}>H(`9kG!N0aP& z->U`ptjt25P+q3XKOUE5}jW8G6rGL#Y- zcdEfv!e(ZWh_}Y*LLqnR{A0c3eMh(aHo{5 z2RT#w`O9eSVfIZey-6l{Z&+zN1Sg*3L-Ym5rv;3BonhE>=l4N1!j-4##|{?V%7DJ; zjpd$d%N4YJ82vl}?PSq*$%&vb!AZ6M(#mWhmo2avO?+W6KJ72tUjF0#!j5e!pFwbY z>E7ug8lHn7Z1h5ode`)1^`vkeTVT{na6VmIqJ692+Rf3>ehi%rh1ESKL(xdi=U}m& zm`ITI#=QzCt`GO5IvO(Qttn)bX2p4sW-P}*W5RA>t2P){SeHa{ix7WF)M>yLkIdVz z$heu@T1a%vcpsOr!jW=X9(`y=%yXLK zvYC}-m#&iUK>6&C|2CI@DvircQj$Xx3ghPmy4fhfW5GP(ajoEK#*&L(?~qlowmT^Z zb+LOnmM5HfXS%Gx#1eaqD=XTpf4}q^*hOfKHw?K$AYoYM?L_(gwmC-aMq%${W9T!= zV05Z)-HC6_=VSiO1^7(@(wRkh-vW16V)RQG%(u4jeU5EKf?r^Lg0kS@U;ex)VvyWY z{4Wfg%RikK3!>5{+WnZkt#j?#Io^+I25E3@s@1JV-6Px#L_XO^VXz`5DEP>4mRH+O zBcyX8rSkeP-Bthl78{v|Qh$cb9xQMF%-GJEQb)F64e5hNoyoG_D5Dlv5Sb_`!8~7$ zIhC+(!$jB=U*3mvlEHybzB_PDO!*&V2;Ti87Gk-}g^BMnE&PZpEcNW7Piz!X375xU zIat+wyZublt^H_QpI?MQE~tXZrgUfA>Ys@a2D$8+ zC~6f4-;U2OY9am?hTV))VDJZV-&LUk^h$))7rzA48eLV2EQg#Tt~QpT!}7YvzP$oc*~Na{^;RouARSx~Llud=iaHrv&XZ!W?qAH2O`VM;Z*%hxFQZY_Pt zC?OtaKY}Jn#u*F-VSI#cM!PDjRj8dW^;JZek00ZP%bL?xHH$@6wg!gRC4vIQsc|D) z#u>^Ck4WM5E)E-VpX(J9!#wnRE0eEa7|` zuiwv}et+b0DD11tS&)GS9>GHrE4&rZS!M|a)7J%yshd7+Ff0G{Bf&S$f0lK?LH6kA z#}BeiI(m9IOgRuJ>@B=|F2CDb`B>x^>d+HfowTjYVo&piPqnIGl*ktQ`0|GpDWvNS z#TF7wQn=P#tX*Z%Je+@Z3U(nmQXL!4^hC!t<;~8^6};70)UVG#w0;h-nY+ViXwNui zY_rYF`T1hCE25FTk)qR>|J$QcqV=>qMcfgy5Y^(_aNbvskS}~cojlU&P)o-m{tnQl zO?S=4=hXwdpFOyh$PR7VfB~MY|0V$#y`CKm*~I%3uD#} zr(swWh^Gek{%SoWCiY7J@qcTL`RmpH;rUl2E^QcW?AW1SbCrgF%VFQ=H-Ca{z}i59 zH22m2yXRA1&ygIwBP%oy+0Jrkd?E8IIIYvVmBRmqjD3yvs531tuopB z-wfPKZNy+Wc~YR_Rmrj^s1Z=cDsZePHQ zMsjIu{B`HT-WQvVyAd_yoSDd!QdV_FCmRISsh9dB<y|5GIt3dpnr zikgHnj>Hf24)-+B)dQxM#~Gw1naFJUJ;!adOPaj6xLEYZF98AKwoc#M_YF1J=i+0; z+*P>o4PSNU1KX~PfTPWldmpWu=d+Bn z3&9)gdhgFes9~QF^RuJSiu|O0FZ|;GbLG+xzX7&*H#yUe5q&K(Tdr*uETV7zBRxhEvw}6qK?WQQA_&A zPw`tNF)3U4gXrk!a&vR19NEm@3fzj->2*$sc}uf$oSQ&sNpU;hmG1F93R#CneAWJp zl@x)XGU}e%NNmDZt*E+zL$o&F%nU+MFLykdK+vboDaF0{6G{^z*n-a}J1z zuj4O+AMuNIyk9ATU+$)`B>j;Sg5ysJ z9q-?rWPV2Zm;%GDa=Pvi{*g0?V?8UL2%AVUhRVNZ^emOnf}aQ`d)fi{Fa5|Iq(QXl z_IR^n(e#XK=mptxqqtaOB+GYXluLcWAL?=TT4cbD4(qftk>2S&hoPJ3QC-BmiH^QX za765ugo2co^D;HjoIl&nHQvHxP=7ulZV_r*%Idc!=*Gpxy@CETzHgwyrVvOTiU;;P zd!a-AV47Jm=I?5p6o}l{GJ1ML+|casv~D(0#eH&g50B+7>|hc}F_QGUhC?*#j-WHC z64bnHg^w1#*(r?q;bauoZEG8+fHP>q>b@Io{vHMur#@cn#VlXK9&0*o)9E#GIe(N= zS6A81*~bCQ+;In+lPg+?>B}J}|14nVxdziqYgO{U8b3>vZmCZqVwsBjP>OfNSqb?V zC|ZczcNhq1g9M3w(AIEKSE*lhBHyPN)A4vz&YT~tjJY{{M#x5DH8qakp_hvY2jvr5 zhr&p$<2!=|E(!zC-)xHZe0}smay_`;<10aaM`AJ=^oD21oMH+gWwhbeQ3QEKmmUD` zJ^2Ba&kj0cXm>8cMZOt?*e?9p{fB}=p?P{J7IXpbwd{nuMoz+zP?M0G>xvHjm}_DZ zlj-y_oGLtbvaWSUEW&i5JJ@aguouMUNp7EMPQY$I&K7x^HNT5ATSlia%$3^$omFH1DT@wT_HpO!_Ci3rLT}F9M)ConpQc zuiUXt>mKRS9bCfpy3{Qf$_Zu9x#_1(rFDvY8SwbF^t0#DuPAB|JE?IW#f7VIFk-fB z5hxFX+lS)5Bd9Rl@}R1)Y$q~>yRo#8V}dT8!9x-;$cUiMWUC57{@6J`FPL+FK2u}O z3g=g6#P0~HEOEHLGvs`MTtAY5N^NXqI5st_)+Ru#q4j>pndupZ`8$s%d_qN+__VEG zZ;cZM4LUP0#dCzq!Vh$v=l|1`V&;W_B)~pHMa_{>Bd(w5vx#W02y9GYL@9wJp$CF)0C?)t6gruX~bJH~s)xaWElpV)itwdR_0uKl^T^=wI%(Oc-LuBI)1 z7;1i7y}&~^gcZ$g-R;p@?U|2VcN3l3&YoG|N49c>&ev$O8Ay zc8LZM#Au`r!7*wnR-L`Tu3J&t`DGggJq!Nx^x@F3!)Z)X@6=#Kt`%B<_?_vi79Y<= z(rzz1PgEvdmHE__(Q(b{xu=O32iA0=eHXF|m2RMnv3#glsK6G3k_#<=oxo#T_?%7=V0++@m{ z&0ID9Gp&y;6l z8KN;_Mdvmy)Nb6${}FRUduze`aa|5grwCh##0MHGke$`tt2GAWS)LrkK=* zza-P`)4KxFd2^3Oh9qNS0wtzlgf7)BHWh|zFR$VJXFd_qOd=8#?TC!z9(A%>W4d0w z7Jl8g+`U2v-9k)`(pOZU(RRUHmb8xN9BrWLoGG$%{?C0i zzuk3y(B?;DaT`rQp?>Q~)}Nt}K%3_x;E-8goNrgprN)V#zRr1rC^_R~yX}uBCJSe> zdEfD!iRk++V2PF&PjE8%G%fLFzpVsEex|RwvduE zkM~}R#P$uATFJk;MO0r5|X%8^!iIt@;nObORnzmT%PUrt9L~F2n`naR{y;j zSI#Jl0IyBYFS39^;zt5kqMD%|?Ecg#tkyAA@qZ3TLBh{Inm0-m% z|NVRtN8+J^lhDr7l&7y$B|;Mpwy~M+ESPD#xqUuAzft|;8a3aY#}tPOr`rcOPyUS0 zH9UHmt~D1x=JuK9t@_^)ojQQ-AR{9qEFzM&to@%igkSWD0RjeRPf_tH~$MlLUR%sQ>vU zNv_nx45MXM@Tiat%oo&nZt!*gPrU8GozL;*gepE7r}#1Ri+qt23CbhV7fH)96Re$r&CN z_K?kF=tDDmm-@=e?}F=&BpI(H`d(R2;zG9{KrJdPtl9jNoQTW%dx3uE-G>i_D{R-l zdwRw@9d5KmuzI_k9t1mKy1BXOwS{S2Ui$N2gq48W0S49~&;JGo4qjomOwtw@sJKO{y(8Y5t)db5XGlAEdfJyD=#b4~NN6 z$XW2B$=00t<0)zQfKIh3St7D@qkJ`tLF5pwjQ!RPRa*#3NlpDO z5y^Ikl(ciY&ZD`l?I{DpkK9~_a@+NmkEmz{T{U?G<`w3!oVr7~TDl>N{R$f7i{pt7N0rk(QsauvW z)YQC)U^N!Bwq}XuvauA_I596t`u_d;#X$)Iwchu+@j&J@Y{O$R zGBofU_a;j$_odxCKiN-&k8)r1S$5f}>+^84shUri1T0Nd=U(?|6pM`RCkpu|>vzV` zbr#vKEBEyD2#bl4@$<)0NJM<7zprrn-n~~PX5%Q0`bGz9!}d;2Xnvg?I{v&3!3yfj z)_&p4`j%5QsOrw!ZTR-f&N9juQE85vPuyLPS6Y&@dabd>3R z)9v5Ce@E?{U7T({SIqqg&#L_q9WC+V1<-;e3(1jYGa)KwwVDhZN&MDJw{xlv2oyA2 zSpE4==%MpUUm6jo<(JFz$;)4_Jh1Om=VWQw zPEE<0DAJ4Pf#!T1yD>-?mg(e531CckLg%;vm5~`4+T475I zk$5fl(vOmgojugN`uLk#g{{TWmX>4;k7x7yC(obzRJ)w^6d5a|=#)Fsxx2eB_x!q5 z<#bp)7z{_Vw$>e^Y`u82bbmmF*iTwc?oSYvY*SNHZpp3EjA~y0cUiF^nPR0X=7r<4 z9;B{e#@S^JuBveRMn+DxsH3A}_RHqO}cmto1km14rKlL z^JnNVm`7ef0QLCz*xtcGi-ll))XK^VwW+1$2`z2AYi5sR6o-JaG65$i=l$|z?{#rA z5)7GM)UbovyC*_wow~FUTuIGb4qj+!%X49!r92J4&1X0wZ0>&SlsC1;pQCb!fj>z~ zCM9P{3YRVaHR)n5g*P-bsimR3V1b>KJiEE-UOT1O-qc?3sK0R>k+rmBfJ^`<`>Xg2 znkWitHo?4|+p~>I<b|#YDW0L9wnUp2+_}y4da!qaQ|_+FEp>Ip(vPhwS=@mKIAxLnDRMlzg&& zzaLgp$kvwa?U?;^dUwGbFV^+zak;ra`ugN-H^y$%B)svqUkKMXfMXrJgM0seKu8EW zF1w{-mb{Ft?7D6RM1#XtEynt?*v0yY>xa>y37ofM0ounq^Y)I8cL@kYwX`0GhlgjX zS4ChGa}BwDsfd(RwK_aE5W`?_yKpYISryz}XeaI&-B@4lO(8B;$&#ONSR|IuQOCk% z?|?el6(@kk#LPULuX_su{NRyPvwnJNYSZ!&ih0%k1E?srE2b`cOVW@+C@CpFwAfYa zOGcfatmXjDxmGajn^ zIS?37{fIcV=~LE+$hrN4Y|JdA938o2lg0Bcc`>eC>#lUL>gnwru5@6AEiPs^8(BfS zxVU(Ti4MOjA};=vk1xg?aUKGVEyurmwV4M z$*8Ha#TYV9xbz0{I342568`29RM2C{h4?)73~QH^=W&N0lwT@wa&acfQ0Avq3jI(rVNlUn%tjc= zX|<5+a%u~eX$7~GM#`nqTvr-7jX=G=+sTitV|hA_BQ$OR4k5ktlv?PZsM}9p^Wdrb zhE=DX$6&Xi`ts$=D8J)be|~MY$mQ`0_U-NMOqG%jk~tu2k!a$e5Rw@=ASv}KM@GY* zByU>@)_Mbj7iKYE-KvjoSaJ-RVtcP2jQw|>mK%Rw_+yuCBI`77SPq;=0! znf2N6A-`hv1;&MKiH^GfBqELManV*ifh5vay4@&q-a`f#^U6JH$s&A_f|1LD_T^r>;U1Nq5>2k7Xky?p1=D3>WL&%Q(5rPZ`yhKDrZvu{!bTfw&X=5Cu z<|4nt+|tsbeQ|c2sey>Gn{ewED}JtH{^T z)_&3&LaVd4)E!LMc~6RGIv+#VB_uewK3lBojEsA|to z57uYvaQL4BF2hr||HMA&48a~D$B9!TMC$Uz-yf%}tSnQh;2YGo@5mZ}iiRF^TB0&C zT%fO1W=S3s6H|Gzl5r51Q?ISn=tr#TcD@fad~tE(v|Ez_h7KE@Hmep7Qomli^&r=A z-w5LKA)hk`nV?TDf6mvhU!OjG3I}P!Rtew?Br9#mRhalpf7YGnd97yFAebtlGKID4 z0ofeJPoeRR|u(f$pK(0(+9ZFDv z**Mq5PAEdPi>a}`KDtC}pkd%emDv|-n{wK*w~w? z#O&dx`KwF?qcGZdbD~O;tPpwrE9~eY2|Z$F?xorUs3c-($ppDscW18oK)=(dDBp5k z6iQ$tK%=FBEW$x`C)040l)@_^;O>3lQSOqVpk*Ce#hD0UvGK(`!7O-Ekd5l>?(BKKdugzKYjKJ_fCK^ z4R4h_i%_#@LQ2Xr=%EUY`qO0^RZGl>QNWFWL<5%>hX|-9g)3iedcT$?uQ2U|s2`o4 zY>f}7WlmJ~t~-k%MnCr}zn+Zb>dk4~kK&7Lbz@tnWOkX1%&zOI@unX%wHZ0Ab90+* zB5lOS?QM@=?5M{jBou?g?Hg5*O~7SM`RUWAv$NgKgHAd!GWX5uQ|!d87;FM611$f^;pS$S!65WHB#uju zQ9@`{8a(ekqjR06*Rrs%z`ae<&jN+MuDeIj#ZReK_P;hrH)QdxmgbIeFe+yHqA(h z7tFZQ_yFtH4-SUHao>jH7sY;#tR=AWpJt91Hp>=CJkTBK>FLX@mu1Wn#SM$ojPW3u zKpLdBzc!OyWIXsYI@%YY4}Im;`=5h8bwH2Gyqw!G?b-Di3fh#4t ztq-91eXP~g1T=|Fj6%R-@ZxY|{01iGb7llY0ARsi=9ASm^=X^K1gi9MCt}jjVKF|$ zgsA3TA1%YEw;%JWv^*1Zxa2i^1J_4W0rr9@O#TT=qIYm^sR$FMcrePlem zy!cG-ucM)3qG$q8oe!z)?G2<;D~J5HZ9RW_xLLAE$gGEnqT#ZCAC~^gBdCLbI7SK$ zbv7wi=y?6>sb%@IM5`F#_uqIwxI;wL29-l&VW}g3srp<5*)OLR!Zu&Ybw1uPN)y)8 z*Do+0q`QKKW;j{R%j>uo2So;pkWKD*Xd`{YI9(F;qMB!)zrNR$hkfy$WNbUHl%IBN z&M@W+#KxeNigi*Qn?j{8dP0SItGP$dkP~IQ)@09SF$zPjLc0&jcVFN6yhai-E-vLy zF*l(lozAY5)O@uTvgods2{#GAl?0IgWFtW3k3 zX64IZ9dd7OZPkI4fS2X7UkmUMb#3)d(AWadxdxj`s~gXsgi7%xv$aYH{f50yP9 zM8}I+W%jt8eR7SV{)exJhsSwLi1V|dl~m)wY+5VonV%-cMy1N3`CJorY{iFfAsrzu z)hp=|GnS|4evjn;D)l3|cW+j{D*HM4;NXvuMok9rE)53!{5ext?YGWuWg|iFy5FyG z@AmB)Kmk!P9?;sr;;Z>#7gWu{F3vKcU=5|1ii?U`uDa-D90p+$jSl$0k@ImmS^jzp z?@E0%DK!(p>!^20uFAuXvpI;17RZZ`t#CT|FP(!Y)Dn=|e$q`rUxIqTXU7Ml<^Y%8 z|M`9gcoBv2m%6L(3{=(%6mry&kj!Rvz+y4lPTp!+Ed#mR`W*|5dIlOHnZs?Jr#~Hd z55!{J4CLU6MwhnVU78WS(>txD2@*7!15cE%vTN;1c@iDZa?nO%aL+fl7cdld`Z|}` z-~k$FVV?D-v2!>+cD{#*_FMmb-Q1M=u<}y9+OO2~(q@Rwuxg&~hzRIHi;(C6v4PAJi`6OTU(af!xnHht=)PP<&oNU|&4@L%^Kd|n1 zlDeJMB5P`H7Nih5!jP*SQJi(qKnVjN0otJ8GA?hw$84-L&&4sO2hJ6;v264wElJ7o zd6yx--7Cev z0c1(dxuyU~Uxtn3z+FJ_VE_hdKA|Z=#enyGu3Y#Xaj~DHOLDk1U3Z`ptgaHDZ)s(P z&+p0ue2+F@Mw8KEUuYP27ic!a@9E>?3rnIdCA5>CJC>N>ekzf{=N{QmtC(s;*8 zf5vc?Q%P0FHh>X}xu!ecu!&bJ^)T!vEFM3844tL4qM|Ugv1O}g>%#>e$Wm2f$TC%R zIMF(grE&~_nUTQv{rmSH05m8~wO zUFT}Odnm8Ws_&pkN#UT^ThG?f4{X(!s2rX0x<_{g>c?yNuWoO%?ew4UyYm>AQ2fy0 zt0Q(>mK4y^D$`XvtTRh7J;Wh>y9|vNiWH!u^-sjt9LENsE8D0#R9AOeXIM&;>71++##!or%M1{x0K##f~{h&+>uLDDC-Ll5rV1LwpIKxSiZm*?>O zTO|De&pL)$4qfeVOaq(S$#JqmzC?*kFnTWVQQW44JoX=|uy%$ViASp4;0Snnc_AB2 z0MgYjiLp#%>E{<0t!Dn*`26{Edeq{y2Wc{7|G;NbKVxJ4p{7F5TiU8WKUM2a#ADy3 zr2?RD9cu&D8VA~I=YwH=0IffM{HWO<)aZmZtL$v2b=_f1;@SK^gWLnEBM=h|QasyN zY2-5>QBWkeb&d>tA3$Qgb$FWvI0Xlnhr7E4Qt>u?5ORCQ^*|kLZEcmlPnk)-aX+nBzHoxWe1ZphCKULL8O3)D_QM6?wgll| z>*b!W$c|`#b+Evo`w8@?VQi)Zz&$=hc2}nykQKnzFtxtkzKOUr%V9vrz(4{HICpl^ zpLyQ83|hxqm+x3MV6V4U(j#V<*%$I=G&*PJ6BK;O5g&5~?su-nYP_xaX@yFvGD4og zUWU1&=fwEVkFDOb@N1-X%c&t|m& z`ZTozY)mYyc{u(bh88wAHLAWMuKts)0yudU9i0jG-s75L9?LR?%8-=wpEz^AIZPgy0}Z-fH%baheddsRy-NLr3};Ps}Lmkl== zPu(sL-EMF}i@s@!kk$do(ohlxbS?}H5fG5C* ziUBdB|7(KSa#|@%-r3ptyN}O%psCizD?)*4%GIhvhp=4g&lq&@pEe`zGAgn}LKc9M zhm&rduW)$30Kpc?W|{!#;fsey1?JAsO3FO1H*|6bc3(4UlHlB95wPT9q&4~yHvV}0 zN|nU8FI5`(r7J6W93kpAQXi#-c?}rS$e8c#@9RRN-WJOrOOH7F+0-Nq9WLD;-9Eyb z{|Iph2Z!xY#MxJ12l>wTWRV>Ttb|Pb$M0DRT0pczE1ukY(H_apto8fL&GV_;eS^aN z+f=ml^quM#J?XO%bV(@}`W%yg%x6>npgEuHqhrz~8!1(=ep-u~Y1t**MOcowEggzG zp)>}^yO?R$e+0#%3d0g^CeomSPPz5(~ikZL9%=i{Ahk+@?GE8Y76Eqq8wC{AQv z+&=>YKh1QfZb=SZZeYuQ!pj>CoQhm}8?YKY zJ56Lf$8&+s5Cgy(2XT`}Rdhz-GKY&3aeSz`ptGxIlTZ;B{@yE0M5)ei*x-Y2GEo^0 zF+bwYOsi6i^zsYr!Kx2|`O<@EMUn>T?`VK)Z7v#A7X$Ve z7&}UK^EWFW$%RhVhw{+eYil6Ow_=vo#BP4xiKz$GEg)8dr`skRfPg}S?v+B!1*l!+_~y-<-~IhDyqsoyNcktG`2(B(0AG6y zC5~E-WR$0-nDe(-LA$=jL?L=`Rr0N@0F77bj_^F9TYfB$WptAtO2#K`wBV9;7t@*I3NP9%l3##X40M zLX1KqCIFO1pKM;lkYhfq$msHEBO9wHZTs=u;^OYGek>}-{?9Bw9=kCM4EWo?ZPrZ? zBGMyR47JTOsa8+(pDZV>031eQS(M$y&c!vQ#Z7w^vNK3z>)xsgDKy!opMgkwtEkun z=uyoq1tsm_Xq5`W)g|0_0pu}Mj!nt~;OkFQ`BbU~4yrBt8PlNk0^;iU^i)<+(SRPI z%2Ui$3)P~T@^elU{nD2`{0yHAf9rpJ2T|f^p^^Q(hKti{QXz6V@@B?x0U774PyS1SJ$U*t} z`OwtTGLIj-4hq-5OO{mWIbQKC?jQr$LJHJ209gj}iAw4q#XWB@7gNtehyY5`EK(*e z-W)E#pxlt2U0q!r$O9Z9DJh8^s%DE1;i9)SRf~N&yzs@gB%r;axN8zZez?RuwyqjU zA=_=LLqaZ{{zjO74(fL;`pyH@r`R4iT%uEO2R9@aSN8Gu9@<%Kz zLC`-0LU*EKUZp#!&XigSfswKZm;CovbL?l8Oo)QwK(8K8FAZlv6Cf?r{GCC>MgQ`t zJ|uV)laa#ZN?$z;9FjTG%OebER6rhJa6a1FjX@;9EKFk6HqeceIa`H1hK7a*>fz+W z)r+ERb7g^&bWyO&*@z3rHa+G^=Uw043rKwv{%3D z*@+Pdqexj8kd^S;RBg7LV8bKcilz38;mblcSq@T2w4#d|HLLIi+8_2Cdbp6@0vK1A zV$xjm19cAlBYpMJZ>^y3{YFS49r~b`uU^sc{N`X|D}HHn=#`8JVm0XcNN8Re0Lfwt z^x_#nV7}}V_5vL?Akk_vg%1^*67pXhk%3rhQ)bh(we{gNLIWwu5EPZ#tjf!0Dx%^_ z)!FiaWuOkoF-Xu`t@H@FY0;LH#ciqkS+VlJCJY!JhOrpl1;HEI*|M_@O8fPg6|Q3$TL2^{jNX>JOLgnlQrk{0LZr zaA1`|bh{74A_Q@++ofxqy(sQzWo^HM1YRqRzwcwcG3F@F$i-Zj;gL79<=4d} z(4u#2)`w!ce&~VJr`x^|jafFl@BbM}=}bX?B!?ki9b~TQ!LI#1>0c5KPLIu9^T)JC z!ydcfPjsFKyqMn~NcY>5alt0#YXe$nIX4S34wC9-l}i}e1h(i25Lrl08MN+`gY{cA zAlMIqD8zqx#tf9-6*zK*Cc{7B2w5(5J%&SVI9|>QbYE!etl3a*Z5rbM@MlnrxJ*ug zU{lI}?^#z29s>1T^|+#U&dxl*yj!pIHO~_WA-_8asy^_L98g$2$~Jm?dhA!yQkq&@ z$$(<*O_4&Yx9SG*qJR#OK^>S<2x7ureEepJ)1$3AoNx|{gt`l0bMD@|M_jDtFdvNU z(#~LE+hTYL1Djt%AAjTe^(pA_*G5ZlfVchl3;wWSubL=$4rchey&7ci@h@0kK(W2Jy{Ns)?826hq{Y%k~+ z13}mank_n+HNE9DyD-1H&a7gcjm>OKSVrb9ebwGwkP(r-0043D`96a_xLLU?$?Eb` zMh0+YI5;+#^*i1}iuk9NAqm<%6nQ`iAAw2PJZL!d0=vt@NOp4ya`LahN&f(_IR)o5 z);1S5od*`-KA#zgjBseIja%k-C8kwL_cz8Pf#m(Cm{l^`tNJb(dniMJ-YI5jX=yj6 z?%>=S_MOCKPkN--6bS-6a7Za2U%9rKjh9CsDhdb)0M+k>6m8tjS2Z9TFMiI%e-|6u zm_8ttp==J+3M~k^?4UWdMRSLiSuOUYN|TkesK;)q82$r+{sI#54(u~*_Ym+LE>6%Z zK4jGXGHN^+#pBR3p^}(M8VE%Np7;A1bfnwhE&>ESMz=`j&+`)Y4~zz1UvUt$w<6%VRw@Cr_eZ-qt^x`@~lN;909uzMgEjKn%&CP!|is zM@a9Or|=}bR-38ZU7lUE1iA^zM`fh|7eO7#sbixZQmFNtbl+3A0p14`KYf~)nbT0;+7it>oLp|HSKZ$X70b{YUG$P!TU2jFE#Qcf+{qoXw5P58sf3m_BP z0kx%cY_iZ$7Mb@S(5tse@t?nzk@@K|mk;3vhy9(|A81VQfQ{7!_@{Jg0cun?hj4Vl5H!Am zUe1i2YMQLfO$LCA&}%8?zrUeUVnz-Ua!?R%oISyBC`@+zPtv}?{{yi34R6BvVd`Vu zW;j@gfL@bNn+-3f2t4CO-I_ww@EIyj)<;faEkX4I@f zDQV>af^Q&OO$?OMSeFBQpuKWN9mfA1(uouHr|TsJAR>ePrw+7?)jomb=ScZ#;r~qa z8I54v3AhCSrT2b^PLVPdC1tAhud|ml&!0a9Egk7N!^M?bcsX4p0Iow25TTX_sVJq1 z4L*GmS`0-GQk9^lX51Bh8B?GpfOH3H_AU{TNi1Gf{&JEnxOIrQZ81qnNeNhul5DJ3 ze!z}E-r2PLA|V2;B50YCpi?Fa`i^ZZtIC>mCV{I16%|z(E{SLb4+>bC00b$lZiYui z5dpRP>h0UNMST*`FSqW@x2myq4S0MTK6yk>?+^K+3zS*qOOmc#MF&ff=9$Ub;jj1HX}d(=Xn-SWM+XJfeDHyw*T-U+E1nz|NeVE?t9<$|BsV+|97ek zImPvHhltlU>Q}46&x6xDbjJNZwO*ljXBvJe`t`3HiT?3*(lU(Jg<}FaIV;a=8;Qgv zYk$Ue*3RKhTukXmF3ib^IsVr!3X{{B;1|7nxG}pI&Wt@O8O!-#5tp z1~*+gjp@{pKieZrVLZ7P*KQ5v9#V!3X^TAfEcayeWUO$Qjf|17l@+%gZ%=q!`aEZ zXb@3xoi=4;6xu-+e)Dm_=@3h8KGzKQx!&|-vE`G_;7_y3c}rjMlnz=*6vO zI6Fded0r-$ve~6YNTXLwIJwg&uv$l)>C0C#g&YWeV@vBF+rJ~VQtGni-5OWrlX<5- zHC33Y_OEv=6l7y#vzsfWWot&8+E{3@lHzx0oQWJQ;*F2$Kid8M*&&sVL~p<2Rgy%w z#OaAGb<3=>=#}ke2LoKu5j(7el33&QB#&kb{6Ej0-j2<#ZKwaphg!`s5FpT8b{9HF zOiPxjrKLBEagWL?s0fG^j1l9p+tRNYTWWI(X0q~Zs&R@1TT|jGdA}Zgx!Tj0ZM{P9 z!cJ%K7A|?C1(wFi5tTr+kh3+*b{PS#O>hzAC$-2YO>abc>N&J`)7iOC(7T84G)X*W zdnK?Kqt0>Vjlz@bh@YPX@6>E<3zQCW1aXy=`-qfHE#SR4M9~=2_2bieBC_+>#&&a+ zl~07DlF)KB2Wq?(ma$~I_VrDn>8h|kKfh|!D4UY=uBc{fOvddk%*U>%48yVgG_Qs& zb=kx!2)sMVc2;qYW)~h>VhIKgF`TvgW_J0bFtJL$nL8;to^5$()bS#Di=Z~6by8DO zVcwk3JK^{&3uoxIX(=D}&=l|Nt6~I!YP2{bYey>P!8(uoP0|Ov>}eOT2Wk77osL(X zXs%08vJGW#5&ZdiII)lx!UGZGUt4 z94*gwUue`I%3Oi&@MZ4&VAr(yhITzJxgiGs`)N^yi{e>_qZzD;@jzvl^X%Ru`OrBk zQO(^Q9O#qMr=1e_v}S&mD6ugYaaP^`w-?~WfX-bkqsfUV1m=Ga*yGn?((>}QLVly# zfjrWTc_zchWb^a$C#DciZ86)o&rc4@){hpF{YF}@~v?fMSoO=hOXEf!NZ2ccaHGS8BelP=QagI~8SwM($56_WUkA+fIECd#+m1=WDJd zYoWOTp%b!Q`VFUN3}j)F*>8jH*0#)(=IhpBI8T_9ZQ@9OoV1o-dnh)C=k4I&Pvb4` z((oi_Wggp9e*be((2MDfJH#W3<7@pKsc9BAO%h!yS_wviM){-h926_GyAy?>wZG@pm7`{&HQ^TY=4H9b-Ms>2)$PMKrU84bM71qW|pD ztrzpQ?=JrRH_DDD#NK#+CF$=WNpJk-L?lJB4)=rl2utoyj`d)FyPK959~kMi6>)>o z_opPTmGA^#4yP83rZHN-=r5eYa zE$+5z`Xto##nNQV{MJgfcoehun?RwS;YWlzaBza?IIfftV7<{)P7sQIsf>PmPU=}A zDqR0+^=S#0PQNB80^?n2&&1H^T~#JV`&as#AOsf&d{IOGe7dCDld~lW512 zghx?HbC?gG$QF`Kc+DlFbwzk|LDM{*dNB#T&w(R@z&9 z2RAgR@3cI<^r(0yQsJhGt@=we)rn)Ai7~^cPq~8BntL5q25sK=QDeou(0ZRMDzQ*M z9QXF)%lOjycM9b=Bm#CSmy>sC&Bz?w>f|2~4K=M`Ra`%xA%3Y)taB6ZfI^6 z#h9I4N;75I@UG{f*x?C%e1xF8pe*l6O7?r7#FsY=D0{|EysoJ9dSHgX__Us7u50sH z+8E{Q-8aNv3*S*nqZmnKy}ZfH%VkV)IbIGo)ej6rE~SM};Sc3Zs?q)W`$V(&J_w&H zOHmtZnZR9QneBWYsp{1CZJ|Z*;z)!e-s!IW%HY1XN$|}VZvxWgOHpNKiQw1GH7R^^ zE`g^d!PcaRFoeHGQ%`Tjkz>E$OZKw>{hf;rw@Ct3ojKn$i;@S_-%+bSJbCvCOdNFIM2{0 z_c>Y1&W;>nz7XMClzPT8Lx5XI$`pC1kUiD^NEl~SD6_lXSlqXFoBX}yqYuHG3Z(27 z5~LdFM@=>BKjXy1jW7SLY{RuZry|~vn%rSdsyZeTLfzV?1zEr_8 z@x!Ie@T>bv9WC#Su?EHhuKNGAzBB4iL}Dt^mN-;???_*j($S6<`*@Yn=^OtXv9{Rj z{U1c5Q=VTar*{_2ha*)ErzQLdd3Hb8Mo$s9tm**>d z4o}8$kJr=?-i0a};*<3)?%`A1A;Y}pIX=I;vOGydw*G=1k2hGE)JD~UtQdmsQDc1T zeCX-KYZ2Wjk#x91&sjOk!I?-gy}|MG7roD;9rNkR<36#d=zG6W_!THyrY!gH`w}M> ziljvuSUcFl1}7qf=TuG=FZ#44+rk8ef8hD0HZ@nY4Ch|=YH(@t3RizY6ia{XW32Y- z`i+BMRV6ex-=S}7sT}hp5N+b$!#D88x7h!HxzO*g@zivgpEGY-H<@Iub;}iX4|}IE znrG%-_Ro;0PkMb~nPDot!O^Edq4w)jyOk9?4l%-tO`k1L3l&mJZMonfY&uQ*H>Z2a z-B(o$8s(w|ugz9H4ss!N6WsjOyOb>#FOAOJ)w%SN=i8ay?nT0f7^Pz=5;aTDMLnOm z3ic$m8~Uv)E>VL=443^5$yu+Sw#itn6!+va{hx)S`Z-r-EHhNZjP7fEy+DXH_rU8= zQ4hndwW2$oNHX>hk+}i?yy*a!YpVugqBT31(WJYc`aGO}qvW-FnuXu1i77-Z#!mMl zA!p^Tn4if&mA1P|jpoAXa?8@2&1}(wjbnBp+X2eN9uLM_6N^P}%57}LeKX)vcx(Ag z9L>R%&7ltr5oAu<9QlhSgZHy9zC6rSo2}oIlAk)-*LSYoovd_vi?{T$B%m{Qt^e5P z1M~DBtl*4A?ThNC?xAr1{&B`B%F_Ao!_0kVT@sFK<8Fue#%c;%gZ)m&N9L!l;~O9C zx?WExpYT{Ywm9WJ#fhTSdgq&P^2O5hpgQfT{hGP}YaL z{x}n+*3KCz@&O?M7@`VeV?j3lGK{R)Se(oFxbc6am%S>wO?HJ zGA0Ln@7}$Wlarg8p0>acefoC-=>;eETS{C-<%tPuF3)BJ?aiH2eY|Gj82M&-5hwn8 zcQKP2;%ml7OD3r1UVKW7#Ph@Q^8zr;vOwG#v|1`bfk?5jvfgDflneapn7_O(9Xl$9 zf8#GG3UB&dultG6P8fI52rujX$p88A$6s!|fBJW#fK_}=^HhZ7|Ga{{@Xx;&7l-0oR{8P&^bg3_D1154u7>j8SJPSo!5FEu0zW)9KJEb48EHz~cD3jK_+f^h zbN}sB4FrHd#s{7hsM8ZuAdP2_wr7WihFEl(k?-5x(`0S>-%Y1&D(K`h{xJnlSNX09 zrnh#vC;xa!x&M7h7~xv#ibq2MiSrkj7f{wFswz0W$&st{;9uX-pnG7AFHpCcm}Kv{7R5C1%wzdl>@yc?nO^S zL&nXmvhwa$oJ^V`jQha1u4``gl;S)7Qs;q__?8kz+?ZDt^*f@pz`X>HmZcKIB4v48={X|ed%%k9Yi)D3itklYWehj3<&e z#KgovlxYQp;VpGAMKnE-rd?fc!MDFZdUkde#;Ajyot<4Y16O*$lmrfNh$mLSN(O?( zJi=KL;JBEg;zQ6MbV12OTG%qr->?D`4Stp5RgKFQaNHb$!$Pt2!{Y}J9t4GiMA&3P z0#QEf1!fjxi6*d?DEI3JfnW&+N_x<`e}mN3KEV(6h4a%xFlZ*3_rjYp0`Crk4W7Zl z?_}}HlvFG2k-FRuSTlsAl$6xPmIpse>1K5GU{Z2&K1jo&qN2HZd0OCP*aLH;{1~`i zqznzIfQq(u*R7rmvy@89%$$Q!#VAgzZ)0Ps=e+d;10i5|XE5rcEEqVDNs~iPIKWwl zSK1o|ofL$Lw~4dA_*h7-MhksS(Fj5Qfmta^JUUev8M}>g>(;F+SFVI{SUlO-*eE(+ zOv$oD4AA@|tr*<7$x2@7yu-g%L86<>OUEBvdM3yA>>G2Q4nH690gLJVLsyTtV)E+J z&3%)I))7S2=geIr_uqDY+x!A&jhG ze2a&N=OM2n3z%Pmf`fq^tc~GydYjSDvsHt(Pr?k68FESnWDn$M4hRttvt+O_VEfC5 z`H&cg1^kgBWBpu>ckk|lX0rfUPElDoBAR8rJ5i{rIkGjB9;xqJCM*EqjvVKJRB=l2 z$yl`N^GZhusNz2Z0&2lhwS9Ofl+kZF-*O*0t_UAp3Z5K1FtC65rL(hBA5x-0kuvP0 zJ6M)L{)pnT@d72xk6bL|p|g4@o!SgYQ}pl^KtRKS(aCHLME2$*^-6n2TU%QSHDlOz zFg=pN=qd!BljD~^(cm2W`s)`tn0n*D`OkB{*Sj`}h;3;R4UDzT_OGbmhDqN9u%t@7 z9jSOmLGcZi5UgT42i4^WEMsHiWXWhR@Df6fiQ=~NgQE)-vnTzodINk+*OTREFki8~ zxA%Um)B?11ZFn!`EVB=n+%7rYMnxv$<-r}%+{_L;?~zt#7}kY>mOz1L>mZPoIv+EE zO{lzzeU9Y)3NLss357&CC;(1ToC%XWGI-TGg}t+<7K@I z!`^Y%@ z?_M1kQonn9--0Q@$1E&;22rpP@awc)4ux!0q#6bGh1HV%^-(-nX>=SC69(-RaP}je zOUU6)82%m{b=aJruSdFnVDm9!D%W9Z2)_IK@p79eK9>k^=B#Sa(9!9^`hlH`(QJ$Z z%8bOyT!tY`G}=_l%gDThsdbo>sA+Cao0x@?f*hwt4wHcP2>BEOtR*wQP%wFbCY40V zVzvPb1PkLId%L^4bv->lkrt$g2vJB0tGtUKOC!(A#nJ2u_8APdfffonDj~S>`bZH8 z2}m_@YHh6zDttzc3ItnyU7b5Psy@K5Hi`3AEqV?s;Oue!gN-D2P62t2;nrp0$V;DlRooJ*ghyRYhz`BAkg2t zd-qD%qV(=sly#K7=#l(FI0p@V1pFiMNN}3ZMSDcc?Jsfqd#Lo3lJl4y%g?5u^hCy9z2g>Zq`Kjt&fE>+FsYvr~mmgX8ip;Tc}{-V{-C0{GE<4s12b`PC+5a zAEfq-hQ=G98MtgQlef~SK-|^rxPZYIxZz_Zs(}9=+Gdcl)E&5i;luffO+rEf4C$ME zFban&M_}0K&++ae%-k4nm8%3MU-(#qg{{`=_DdXGDZ!Ctq+*zY(ay4Pd|0k8x;NTTU~&iG$PF z(cuTG=5h%q7Z(%A_{y^RN-8Qa8WR^wgLn*8iJhwmc~tUpb5m`6GBcmU9ROiqe$G5TSd(oo2Z(b4uBk3g-=jR&WlO}0i_c0 zIX@H<5`vmBvh=<`x^i%dPhq?;09LuQtPJ0|q#o86rdpwN627}|3NAauRZtjIzCn_j zy;<&YP2A84xi7G#g8n4qnx7lT?9*^)BlFlyW$O<&Cnq1(CiW%@;lw$zg!z>L&Mi|f znh?T;o?z_WL2``FC9P~B>-))lO8Ae8oPi}Oc+k|;D(T*hkci*x&f+NtF(;*n%rp9o zl1r1@volF^vx6~uJx!?Sqi#F|wH22mHPz<)Q$_v?cL?3ur}i;~_7+#|VjBk%;9aXq)IHaB?}CvKl|!SS|ur?{9w~L&u_Cz@N6*0_;Ryqu19C(gMv^eqZ((90OEEfeC(`p4 zs^K~fV=ZXu+?e37M@~NgWGoag0hQsSgTPzfgwFc19jEg1Pg&jS?&?3(cdy;iG(IVteBN=r+TQ}pf~ zcur1EUnDFYii>UCSMurX=&BMH6Y(!#>3!FLier0 ziBb#qq@<@vVEi(k!H`sKr?byq2ii68dl$tttdEs3U!Ec^Gh(X~sPJOIPmMIVfaVYN zuvfEECT$Mx07a1L8m7T90|516-_GF0i;uO&<%q*?g7h#+A+4$^etFR_Dg>pA91IN5 zjQ|X6ZqIUk`=`CV-JlX?*1$;uW-}K14FG-20MkuOO|b?vZZEX9wY`T{@3}^Glt>^Z zDU-umUL(?^h8zqH=d_~uf3&@ITvcn=HH>jY1>u;Khy^GjNK2a_A|joFiqZ&3H;Q5r ziXsgP(%lUzjR?}xNQX2?ZurLXJoo#Y`~Cj>e&6}a1Dn0q+UvUJHRqUPjJcQPntqd@ zmMe)=?|FGtzfUf9hI(H)GB zi+ceW^q zUePHPp*nqIJ7Y)g>%iAC*Vg!)9+CIDtgrAnd^xHn;&9Ykmg!}5Jde4Gf~`&2wovEQ zjioyB4UJRvTh1&-7IQr~CoASWVIX9qFKMlHWJ5L6myuj{wwXHLZf1sVDRc4ogGTY? zuhko~C6f`qR)@9-WyIg7ZOcwYLz>#bE0vYqMF6i{Ne)K_u%De3B^ z)!Z5yps?|#*`@?r=`nUxo!BZnY9!E)2@x-(0&uMQke23yT%)1L$pMKAXtPX2VvqW4 zp*Hc?K0yf=W~l%@pyZc*~`m|An<`I_Cb-Y zsSOLw?+tt-oog%)Xy!;NfAJ|1BFoxOrhyk#5EL1>VM5&fW-(XcoGQ4o4EL}_h>Ds}f`d@mKQ$$L`SM?Ys|LXX!k4i3)Tww0Z50cU zgEoI>?M6WeP2{;)#XjJS8jauinhPZs)oAwbA1#hZ)mqZ}MmFwc5ZBn*=8H1hNI_CTDyP^u$=hU~gg-={K|I5PcmP1G&= z$HRlXyT1mlfZ@bw=Z6)XP?~H`8X!o%^3B8K33ANnJ z=zW!8-Vgu71<36Hpyw~{QnW5f?uVe)WOgxDkgr+q?(N%h;|8N39TJBF9(y^~wh^-(!h?}0 zR~ND#cp;oM>m_SV))t@@{Ej2TeqrpMnFo9Y9{l|Bm)q!CsVNASggj)VG1~j{8@C1I zuPnebar`$0Rwr_RI1DumP(miv8Ux{nNPX0ZKGr)cx@^V`e7KymB0 z`t|S`kS}H7Xo5r}E;C0|v1d!S{rG7l7!}Y$<{+<`7mOjmym8c}ZNUNaZdYp7IT{n5rY z(op~MV@8d7GT%p+S1yTLsXslBIlJ@43p<0K*CG_sL`jvlS^-{}A`3u-u9sXh(K-b~KhcDtpu`4>L3QAnpY8*$96+^>GVy2>#x;uM{w=j5D=*o-m1S z^mnn9(_b-@Klu1bnDbKKWc8}EvlCm8_vCM9Li7tz9B>2ANim>u;KmY)iCM85qIF9k z;vxqGAZ2W949|w#c#0?5z)Vp{u*ilQKX`D}zr4KM9d#mB>wcuDI5YuYcMn|O+qI9` zO2#+bVW+0Rz31`qrwZ*C`cNL?aKdG}Ai2vm@81TruZ7j~esrURe-h-zG}?~4QAdG5 zn<>-}QJNrxzoG<|3+z=b%UI3rSYl1R;-bgO$f4^%o?kg<1Y+T0VF}PPF){-FFfo+j z+!>WAXNhwdM;kKF*P)@;v8n+6#q)5r2X+?N?FCXzC~kU+oB|-pudS^G=${6*Jilpo z4bpqhq*beUVXI`q1Ov$|@Qtwz0)oMTOi0>c%uoWbnQ(U+MIQwiCJTfgpv?CV59>9| z-}!O_7Jqmiib_hGn!`RPQg3O#?043~+Z!jpJM4qrB5#)0(z<@_8YOabB44RE`c-gjij18@=9v$s|m zG|To`EhKJ8s?8=>(QbH^OMcqAq`dJ%=GwOy-+@upinn)7e(j6l8`Slsd2hPNA(72W zvOm2pRxW&OvvXm2X%l67U4Ui8%8CxBw$4wDOv#7GKYmn_^?nry@5w7WPj%Y1DPEWNU9;Uzl6@*wYhOyew=+JH0{A-cH_v&SQnS`Y4Yy8jM z&j@cO$V-7XH>q319)Uc)V6Ijej{`+W4Zz~F=6zdxV3UBl;TEhgvMo-saM>Kux*ho9 z#ZLUuC1@d_Ujx?o7ELJ}Ow|BR3CM#8y4i1(TIFuGRx)(`4rFXcbSnGu#{i_2wqwYGg$3Dwte?31~!4?lZ{Zwy-k@N;v45tH)a& zBNvflzrY4jg{rFRbm?AMTA3_-O|OE33DKs<^=O@|43}+!0q%w?$0OgO0_u2}gM$E# zaan=+zZvbLQIRMpDV0G~LgrX)Zfq?{6+Lt;2^W>(D?OkBfP#0`Q0*H7E`mb zbg`aenhk41MZdyw=Ne4x&@Ur0EImCv!Z!r6`)8h>_XaB4sUx4Sh|ZMmJ-4vv0zWz$ zPOSlmvavnV?pEy~#n9_mnn)wtB+z`fr@jR6x08ZG5N=wdqoeSi3}U3l5~u&O#9Qy7 zz{Qby#`>3P1T~$1hjOm=xbL5CDsTK@m7a2DJ547BsyxZNgZuBqr+o0dNt!z|-uKJc zQ~dMzFU3Mtdu!(jR#M1YD}iZ-lFY=JQq(jHxgA3E+Bu|b?rz@IV71~y8n<=ae3d4y zH#(nRC;P!hNfTie8<8+s+q|pnQTUyRWSY3RY=<0v7w+&P!Mvcc9UDYN+uQ4UH8LET zW~Pv%#O_c-Fv=yvo|X%3ynxDZo}EsNg6oz0BifAAKjNoU`-GU z%rgdhPKab@WR%v|zXk^UH;iF$o|gct9_=aKV01cqGdpEsf+OLSAq6${FyJ>hzeTjJ0YY!4_(O%1{u)LPksx>Qz3hVn4+R3s{wHNJf z-Qs-LtokM<)i@#1%)+|QUc#%sRl%ie@@K;u*hsgrg5JJ;OL#IM(S;)HjB1LKfIN&( zI9R^TB{CF-OaJbSOS)dYs)lA(N49Cj*RPmca-g?&S|g2DP%u|YXvKP>y$oRixT8ek zYkE{GD+?5t_%hXH?%q8P#Wsq&RtAT;AsHx?FCsmopyA-P%X{mNbxjmi%E||@-EAyQ zLa}NR5)x=dY^NE8D@a!bc2yombfrpen+&F^<7Zi}^(Y1<~nMLw|5T~T) zl!BbcZl|hF;H;L;?b{!U$+hyWJ+VkoDoJ6H%vX&Bj-SL~G8!GQFI!e%;)Rv*POD2Fl(81|Z8gFFix=nfjmB1^q)yUK$am2;WKeXoVH zqj{hvGdo)6rpsb{=+_T#DKXO2jpyp2wTyAY=e+YQGrMzo4~1-cmUN6`#cwQ=H?N5+ zBq%p7t|lxi*3^5T|6l(lb1ZD_71q zGhMrK1ts@b>z4RBm=08Z`)0E6^6%^ekop$DU=LEqAee_Wt*V)J=Ddb(2eq4Ysr;)}Guvp692cs7Tx!5=_;UTbp2l*o#sHU;teyGb`(xurTeZ6NePqPvl)6 z&RZ|HJodNxgD(k3@?P(@$}9mwX~>*Y)7-R3|4(aav_66yP1nuN3_la=_2i%Y7qp8@RKckU*I0EoL^F!fwq6!Dg%$pn0{PbMnY#s#Vv=c_WZ)sVd2{E z#k+*9jD0LJ6;XSxLCuOC#bZCOe~^*UZsfz$D=757f4I1E76Bf%es!pLQL^5j&Vg;} z*|TS1Vxtys5%clm>I0H|=3U5Hg|S?y2LeWVAy+BR9gR;x}}4!CXAcbZaj zb`}G3<*bkpaPm9rPuAj+>f~8P3hbLqE>etRo%x5ZGt5LR7UF(xVZz%X8-$@^N!{G@MwtFC^5 z1Ce;uceQQJjX7F5W}io#$*B$=28RI~0Eiy&DoRv1um+>=GzyQ1NX^LjC>tgw;jLrH zP}bHKfD{ti$6J`C|Z3?FY8MNOtJsr|93~K3I${TCO(FXOSIHCuy!B%gsg-j*GJgjGre8`FFf3>sy z66BjZrX{q@^jq6Ij%V_-7ir1(M`MOk#w06y4S@oM+7FyxFTBS@T|7-QbnW2t?5C$j z+w2~PHR%q{MBD)gC(3i}<~omw!zXu3n#;q`9PBeMr7tULl?JT!5_jKz+t)GSP< zHRD28-bHz*&&el%p{TCInhF$bW9(6g{^ve*$98pV48? zcfgdQWZq#1;F5bRl$EIFnjLNr-+ls`=19Z>TKpd?= z*HMtyqNqs8&entb(YE1lcz2vRX9Wd8MtPsC0Ml*)!i(pdB`j%Bn#-%HNx?<6E@n*l zvVeV>uHHDR=u3pBEeuB6pbt)T+PCvB5F|e8)s4L_1)Bj{(_cxx%gV6N??*Z02%`zg zLn5^Q(8&P(pCxMkdvs#^-a@1dng|AzPl%H@0fV1A-Q#bvGKwLs(8|JU0~|bT%->{tx0uAq!OlQyAC-|BZ)<32QJmz_lwlKVeV>R5bMFl zdl9h}7(N#exstj%YE)#%ichk$4**9w4quC@Dbs02tyWQHvHN+>TDBf($ z6De-~59186LXB_bFQN-PwQ!n(Zo$M3lvBqPT5+?myis6eM0VCD~Pic~A!IaRbRHOi4W7Kkiax5*>R>iE>1 z*a0s+^dNMr-=55j@(YB^1%MhfctU!xz)-mBn3~qXU(4b5RF5p4JD}$kTRpvD^_LH* z=y|te{oogMC>>nKYU9wW$5tTNhRMP%uM?j^lTNq-IsE=r&&h45rzZ)kIa`>zFXL=7 zT|Ee#C<-7FOq$FmI|YfT(3->u8yr@Q5x_I9KdiMF5jW(03S|v`nUa;2#Miozn40LT z9FKm8$=5mG*LOb_iw+D}7LrtM zzgQ6qLu!K}jp1OKjt;6}-~Bk*Pwacaa{6nbRx)xsTgdDMZKn^T_-po#O2=7-eiUI& z)H}MIm(+otC$<3`=ncQmOo5VwByfH_dKAk$6)793*u=zS$IhKcj~_1`X(DYiC!F+#R4Ix=$f%>llXzE@%YJFigRDT5U6T%xkY%De%7;ySkQ0lZOZ zpmA!ccbdH-g!LWAuzKSh>O*47{hsWSMt%-X6`%^YQfV19X17t&Ld??(JbRl} zH=s4xM$CZnIcAoz2a;qmLweecER#RnEZtqH}snp!}; zRrw+3rP~0l>R=}J2wxFk9h0>Bi;G(T6yj6hb+4JYn-4MLTJYJ|Xjsr+OI1=~L^ZFA zTn7v&LLWaSxgaDc$mQ_c7|jDKjTs?%ra*5&qF3bEdQFn)>#XjZBGyZ7yE!##KocX3a=WTqDfR)m)ReX`&W*j zaNo~{7JUya3!ZG(z6S2Kc85DR`z4JOK+3oxRTt$MvY9Elytxk4q_nx6qa%Y}g&`(; z{r+x9o4c{!udlsjw~b$i#>ERt^5qLP2M@OYXh;olh!{Fl)I(sSnd+W}g-(flckf5a z$Ht%{Y~FOz5Iu5&8@*C5VnYBM_$SsMgXLYiQ_>O=+mNwsQ#gmN_iZe(>3J(unK%X! z>8pBViJ=2PM_M@L6BK}XN=fZNMvhFax3~BE-Kl#w!yt0n zALr#@dvoDZbWRQ}ItTKx33I}#@y$4aA62-z{kKTMBsNZ<0P@hyfAiwvzAn8x2+$4f%tPft57=X=6J;+hRPRHFutxB{MN>R#uYEhqOfs`K z?Rn!8)UvQx$KgZh4mxH24?Umk@slS%hlV6T5Ke3*z-WS+2r41IGNK}T_3Ce!PrvsT z1mzmNqk{Pc>Fnl*ECg{szyCV3-Eq=M{QDmXk+~l%F<$^jm;p0`_~zliLPQ{t9p>jP zL8>;lu-Fnu^9&WZ04fL&^#~UU!UV0KY2!zY3LzYLHpKET6~r^$zcF+Ou1hyWm3oj~ z5;=fcTInrIF9bfI3b5JsK*oXk65x|)VEhl_O7zbkC%AY2b5Zp*1i~Qr;BFxooF4L| zBMGI$B_nf(H^u)iy~dG$ee|DOdiMWKfZ^(1u>LzuVrrETzkKoe=UXD~^3T6A4xSdP z;yH5H(t_svfB!1H%wSn6G*t)o0yc_r_qPeMnJvzKssG)gvUka`UfTFdJz3JV4clWb zW37}=3XUDM)tl}3)kyY&?45HVvizS9A>KHAL4QUn)Zsy1R_9s%WX;djZhn=` zYguYP$Lgl#_6CUQ?K$FHJ?0q*V->PpV?!s#86(a|oJ=m__dMD9?$aSzEk_GkIE{uOt+HPueEpK z?^7RF#vC|Sy=x=(q@=H3^0CCY%OH<(&Adry-+w<68@aEtvmT6%otO3H zUo$ALz3Y`*;n97tz3}FolfFvDdZ{# z*>dnw9}hqEvWH;zH_dbZb)kJ!M#P00b@{>m_C_G^%?}bqny^t_{ zhswhXo5tq#slvoc+Hyp0tb8}ARE?sZ;SMBYyXrk;rh0JZWbD9D+^26Ze{XUM;J<%& z!s0lS-bK}&hEHgY>3T%wC%R`eI<)OMa50eO)pBx8l=u2^wxr9K|F)aih?GEEsmD>LI z&-<^ueIeLgt?`>HxkiwNI+gR+9w|FJNT|LwKb^$ia+mt4GkFWS{dlHdt6gx_QQ}aJ zeSN<6_9GFS&5HTvtB+&_*Ph$;W5x6C=a|3OMz2P@p4&!6Cl#g@yCz+ zTPoehfhTgvl_O+rdaAQ(U@5-U=gPIKMLL59Y=++w>8O}P#)G3|&dW7D70I$^lH#-J zSYwQ@C@d}R;rMz~`#)TOpi2%UiCwS5IER+M#Y#Llp`ljT5Y}euR2gRIK`XDlV{pz_ z?|bhB`_{wd2OZt~Y}WINFO>MJ=r)oc7I@^{z2Z96|H8=cyTD_W9*5_GH;s;OZ=jy3 z*wCA*EeS8EE%$bLdhZRf=XZC0KT+z`)9;g4=3mBMo)9JFWYoYbvmzbHYiiOE z_|Y`MV2^^Qxl!l-c>PEE`)Iaq;yYZ;a$+@#vLmHtiaPl9YdZh)`@XMQ+{{f{s!0zX z4k)P!un4mViwrY6Jgys;X~IxE@RDneu5X)uO;_^%Jn!3q8{*GiY>GLa{GKdEVOxB4 z@a0PKuS*L0)+D{`8R_-DjiVcC`G5B?1if%+D`n~?z3b2Z*hA5s7qEZq`I>oIN6n-& zPm27S^qEsdUWtXj&+w&JwCtjf++FZnno6H+ZRy)|(D~4}->c>9Q0T&)BR8a) zs#{f~)XFs|+yg>4=^PK~O>W$DBiCxH%n|z2=a>UN#4oM-b2*A#W{SBn`)S~Ij;Rc* zLfh-^^>s^g1)nh5&$$U#zaLLES!R8EWmn16zot~V)Vt+B zM4mnMynprL{UnP4{^w70Ol$j6vuaL0H*n{UE$8T8r7rK>uBBh~%49=9 zfh}xejZ4EcrabM8mEz^A(mkwacb(YY|I$;I+x)r9-l=(I=8sXn?=2Zhe?>=e#pN?x z6>vFt|FpL~^x`x8jrpfG?V_vS{W0cgSB@WVR?-fht+v~Wa|2C>C88c2dyjUVx}$r>ij;?}xBy zb^~@bk)Y>YN|rn5m51*G_&#B!+tEXos8NQS^+V>w_999Jr7(FrI+}!$7O|g zP+3OKbEt%miL0w{QlfvB(s?YCVN+ml1fFy7#-0kc*bEyQEFxowD{V!TDSim)}^s z+Pu>@SDibwx64$tI+SCRn1qIA)BSUKRYr<;B~tYItsh0~m8xopw&u~bKHyn*JT#B_ z)0V&P-tE4&`(5sWm4q>$Q;xC%gITp~e(o8MhT<^uS0!cS+5&;J16-d?j)pZm+;8#A z{W{>MnzLZSAE~sNS(B3VPT)doy-rO;LE3;+luc{ht*WCXW)6lc^W0RHww8;ZLmKaH zz8m>kev=b>m7ebBCYHt2Iny1}Wcv-Qs{56bMI_Q1s?KOm@wx;GKNk<^Om(f<{67E1 z^E%GHhyJF5(VH?x4|cBzP)%u7^a{STHJY(p;Z+gJ6F$r>6ezlC_+|@-o%8Fh_Wwyn ziKV;fp^QP&{zB%C>05Q3MJ#i)zQ_koJPXs5sIY^bsp|l(ix0^eIiv-dP7ntICH%{ecu@*fz8{eI)N)b6fpB4;CJd1s9? z-`$Mnc&bIAw%{9>shyy!Q|ih0GNbL135h}WvHQ$Vm9R7U`^&G-Zwh6u<2-uo)XU_S zgg5_nNcDx*8@h=s?jq-l@N+C>)9QQ95ZlVl!7T3~UjF9T+bEv+=7^u40!`e>yxFEN zE1%Y`JV)cYIjd;)#Mk~n`5XH=tTvNVuj%fMANCJ8-FJhb_k^{=2U(}6Z=8pz#}Wh; zZ|Ds@Ul7S7=RUsukgY&yC3A;Vv+=GofOZ5G}$^1u3URF9{QS6T=t9p95CPSKO9Gor(*H1zI} zb!2s#t(TPAM_ncQbw0E5U&Iz45Bq93W~VeiI=E|h=EIoB5xWP(`B#U8I9V)5C*59r zY`=9uleS_mnn%N>$4}>(@dLH{4@QcgiPs92OXsJb-}{y3>*5*v$Rf=azqXOi$xSs{ zD?1u>jr$^piw6(7vUoOark&XT>G3%Ss)O-cckZC}j5vCtSK|E@>AU*ZCTiHvjfz*k zimN@ZHXQQp1?!Vh%7U4?f)TSlfoq2yM<%wA@7c6-M+ejAsYmW~GKbh|InRwwy1U7W zubhb8rMbV_toDtom+~It|x2HIL`fkxrH%L=5>9&aa-!s zp7oV`5w~hzy+6E@B6(&ZaLR6QS+7I$J>Z0#nUH^PvP5v6NsNNYTkR&}cps^(b5@93 zMM>T|Og%sQ;c4Enz*4gd7Z!}hf6RUQ;VQx75TF+vcj|~G_0K|UhLI(kNINQ+EpJq z#96%hxG!3wKgo0WQ@M$zvAx{b4Xy#-R)6bxC#rp}EV_JCQ}pH87R@qj7GG4p+HRy# zr?YwwJ)9J?lryNxdFyPU?A0()KBvTGKY6^X}Ry2c~|NXkE8$DHgDhOQe*>D8_)FY zd?dGYoqJPTrcklHzNYVKGE?Nsue70oov%w)DIOYUIZg9d<9y05rjJybfp182Ag4^ zX2Sjb*!h3^E3~r+WN&McE8ewdz+gA?$MVN-==W+(?N{oRUNaw>C}=ZesiiGdF;CTZ zU3+F~C)(G+kSsWN&Q)NC`KSy9i|x0eI@8dhwqo};vdpm+MFXBX*^^D)aw{8F0i_Mm zSr%*Kwi&McGi0a4L~g7G1~CYZ|i~o4ik%nF8=lVV4tMOZ}=HzT>yqii+zv#N| z@|JS>n*)2nJb%!hQy&h8%D9lW1l<=5Gc5n69^QQ1T;wP+FRsr4J1AJxL@th9k7MYi z+q3Vkb#cXT-Qd%S{C2EpX}^}~xBsr(TG%)_i;oRw<{s1AA0@ao#cYOGV)<;VgH-IH z(g;)M^4k60eGWl>quh(4V$OztPg-%io$OlS8V^xQ&`NzKCsX&Aq+bBjOcYI%mIrSLOHu`XA$ zoofPjKRY7*Uiz@9Q)XZ>2d#{0w#HQJA)AeQcG_{BoI0`dRy`#_it7<-1&;ffWOI4s z^o^LAweRzOidbA)%iTIZffdX%uxsD{U{gfG^6bESe?g0=$@pd?Xk0db%9oBlz_Dj- zy^uOU$XrB$RVHV`f@C{#M%WMSN^RHX!Gyon8RL|J>zUidQ>>y>yM)AsQUrSKZ>66U+sTl8v z&SgkYv56EYX4lN>-)9ra3-Wia_t5NgGBY=I6epwMw2D{FF7x3Q&dI4SE6Zy;Ni}Kc zc-rwmCV9-r1M(gwavHv(cVcGb0(q9Eznpz@a`J!nbqncE{8!#hN^0I_=cB;+CfGhV z^5wsCLc+a-EwlQtY`kV z-IS&|_rJGEo9|2#0zDP{7{bpRM(`f;vBsl!2(&KT_w~PS|I#TRut!0*f?|-%7-JMf z!9M^uyXY_JKbUcgL__BPVtg4#(N0d2b0t3vWgkJ-ee%bx=UL0ue}7krmC)vmwr8Fq zrdx)C^*{z;Q!?{E?lH>$e65!l7KeH^WRe3o%?m%ydj%Iy=eeiTC|oJ>d2&5Eee8#} z%RFvuh$d?afq1ItQ zlgwP2roTu*LE$2hczVyFtXe`cfEGA9`rj1OgyW;4+#wywP&bjLiIjg#dC!tHi&Vjx-L8ukY zVYMPhLAXV@n+Syv%mCPU1m=&JTtI6UL}PGnHM+72!{B=H+RslC&9(GUmFPxvvd>vr zS*3?AIxC`kjXzH>mKbt%H3#SFZmx{OwdhZAVz*;JGEbi(9%Y zzP>5uaPZo3ktt>5;Gp^h<4FyRnEKHZr{mwxa*$3KQow8FBIIGjxMwsmPOHB|=*Uo? zFtIY*IfoGPv83xUdeUGMUIzaeQc;3$Bay74q?C%`kP>zMBO{eWXSAdk-~SE@3fSP6 zOdo3j-vzz~T$Up@jE(7;9Q=ZUzJjePB_qQ(=D#pAa~qA;rKKf*QT`)G9zw+3KQ>nF z!z@i-`0gaWO~R-jgnEMC??K1IE@q7$An3%iy>8UpXrr>+EIw_Npfzg1OAqnRC1c}+ z4|_}gY4mY{6{yJOd%5*%WhJ4NtEstGk~P_t56}675H^fWgkkBglUBh=zxHu z+N}mtTKkan~h>1L$ zxkzrtCmd##e^G6|R?nEU#^^5keU<91dd5dFrG<-d<^>#qvRqoB?4FMsJFAx}r$rEgBY_tORHQk15 zs;m1j-tq$^#9J{GJXV1fY_}?mABU!sApAo-@*0*X42&v>5HJ%W!d-cJRMq)L^xg!la-+j8&2CN?%0F6gyPy{su@oYl4?q^E0$&v! zw2IoKpJCGoPXv_&zh$}R@2Z~20#4ZfSlDRU4epOP>4Z1I@89Lvqv-j;5$7|88&o9Ym-bs8vXhePM=c3$D;5z1fGjnsUkM;@iA8vIeVo|DLa3!7<@jwza1hDr`aBxT@ zDl_~}&sx9Yq|eBn$SPy7B}hl6OF-+q8yFTSzTT734wz;<*d4O8Z{5|!t`s%*rxNNmns9iT_ZfN`XXQxs%J z?m%XA=)ZuX0CNjs{xl5wZ^+#y)l_3*NS1Ni1qhBHxjPHeQ`*uGXl_BI{{|uwbmwU+ z?It0S3p)+};`DSLOup8f+rPx|ebf?G9Syk_dSHhnh=~aa1!DVz zx~$tp1bAa_IAXXFf;6|)Sd+w-*u((7Fu^D^;k}?M_>L7IWHom8M>oj-SPDPTT*kL` zr?2$6duzgSQZ7U^knRvOP<*eJ!6=MS;y_3tkRfg*#7L}voH>@5I%)V(ZP14DRfpa-VCgqJ2P-9MGAZ78hum&Ghkt zhSUT51JQNb1M|x-k4Ng!{eJ#J`Z!Or^?-_j-Cqvgm!?Uf7fV^Aw@imQiRkFo=%b3pF~#+7 zc=O;Kl-n7W2g0Fe)Huz70|Z%>U(W?E#hJAr@myI+$sAfdunEC*y3d<=4I^;DmnAHw z;7=kkm7fS3H?C#J_tuJc@hMfi+g28Tw!BWkF4in^#7?Pw_4e)E-%h!iT5y32@%N{N zt3~6;3I(z(P>ljK=RP3BU~VJv39_;RYQH;jt)&r6py%lw9H1I%NsD1tB%|%EOVD@($ z6ib8Ikqr=(L93{c<}AFsKs}5U0vwYPES<@A`%Q^YG8e9j)8~Wcu%HEzeNep^kz@VM z!0=K%F-hQJ1jLdU=<^)zHzj)V7_bF}uO4iq7RFjIIcR!uQJ}r}NVbCPB_~Y!io)6h z+o*4F@CgVFm_32`L5?$g1A`!^vTBnz5?Z1a8uGD(@h;?s!s`To6ZTL4C@))uWo2Y` z;Q{E1mmotVJPJSBG)$S^zj=hTjy1oaB`qTp3D!Nl`#!DkzsN1-dUD}Bj>p)fB>qkZ zjV8^Wd(>h}@8!q~wV;OGQi0IwnWZszGr~oC!QdEZR)k5xim@={R1j=j3*e5F8Z2gl z3XYiAy+$Gt;+kCV>(LPj36x;0b>zX$XCFQoRIZ}WWZt2Ce-Z(sB>T-#9iO69JAS{i zzmuCKdRGmlWf$qtTQdc*GHj+s zO0Y76s*d1$7q88Nk)nCV-U+e(T8NM@Lf;-58ohb-VrLRW1`p*bEI_>_nAjj`k{Mb! zB_n?TA8h6e1t;x95LlszFLWZdDfQk&07anJZIXjD>=PCRW@f&UqeD$`7BLmp3<)Y( z-Gv>_LZ7g6z@C>PsI?K-BayfLM{(| zltU!uv&RU`z5u;YqHuw+1VhUrF|YC4`m6Y)q#=y6K8yj15D|8cWPoy$|Nw|}rFmdbs+!DQ!^i`2Kwq^t4Lsc8MWo1nqStxz*2VSTTzmPyV-6T5c zymMA$wKlqx<>T~_g?GyIPiQDk2s*7FopLVnGNSLVeOsvQ{ORE|Pr-7w>2gnG-5HzN zD`anfmus)4?l@_@ovQzX+n};1KUI0?+oqe#=zYe}GLD+{9 z>(;)3T;MJs@w>mSCL?khyfg9glL}F^-TfeL?>%rp0?WD3>zpf2Oz7u{5ooy5sHmv& zf$;Gg9l2RBio#nH?ig|v8lc1@r~G4f>VIYvE)b#)!WR{OPI{vakqfhP8Ws~RpFV&7 znN??wyMI2904apY6>bbitS)XWd!db6r<{^QyXYEX402lcDQ^M?fc^pcFoooZ>u?~X zp+S;ReB1p+rpa3fBMGK3>bK9B2@PwO2yhrdg-p^atcFgkW3BzR&8+DS@kWTx^Sh1S zwUCn>uqlm~g5zRh&LptfASA=x0FOu#xD3Y6xKKib;lZr+rEIvQ@B$SGpGdwtyfUsOt4UXqmdA=6Usg;Q*ne6oZP)%i(?1?D&?GQ<**(3HE=~zrE!$r*-NCZ&rX5Z&$K3Wl~n@46>q6HGCM40$DGEIRxz!@CmRmKLnmrCNGsxG#v2v+OLjfK^vBvJ zhVF!s@$>IoUsyMi=yVnm`xRNGT`_d6icL!_`P z{0U(TlC4={r`|Y0HUdNuo=&_NVWyTY9-W^E`3qr< z0`e{t=DRvzQEYBy6$zWAU~!jFoUA3(uVMR3c5%fM3Py~J^gzmnH^{jC@c}#niLuz= z%n}}+*d#6E`#}0VNYrD{gBYa*19`&b5?fT%fghO5nS!WhLqWhN1alrLdH2OwtXx7X z4cQ!|{Bl5KT0R=}oFcrg&3ekwXA5#cNuF zd`)(dgydmcK{yv;6XE-!J8O0rl3@2+H&KNUhdH7Q;ZRo>YU2OdN*o?R^w^I&n0V_x zuQxQJCx}=~jJhkaMie4|K_nv#6P0iUk4Q_~BOo9^_~HV}xXr5&kDQ7ace$`_rL$V| zpR+U~RJG$jXK5M>S^>`v>{of)ozcHD$XZilpZ(Eou6nvMaf|J}WE=JmsiaR%Oe~Qo z=EhAp*^*3t31;$$(%%?VWVmvoAjzP?YLVm^=ry5K6TlnZZREDH#C`TtSZ~R0caeft z-pGT(dn*QZyLoIDY5C6N_u67AVNu?%xY(so?(K@>4^3UNK3^N%1wG&CPu~Bh^h=|pl zCLF#2#6pQj42cXU@$m4#tM4-cZlBJ3e$Hipq=GQ8#-@qP%cD0nol?%cv4kHI;Mr@* zLk3ENh7`E|QTX{lGy%vQ+VAJcM$ekX$Qs;9x+o!Dt=$t#B(f;W2*4CJ7)T0Wlu(T* zqndA>ctrp1=t9{9Ar8+jCY=UcIDiSn-1$8KlVO^E2e+1RGr#4Rkb_Kf(oJC;%M0hD zhg5}=0s0ejtzo|n9R;K!I-| z)AlJQhH-nEUfm&hSP(U_NhHk#{Mvx*0sJ5=PYDMqY+rP&B>ec@i&1MjPt^tsy)JX8<(uIIUQ=XPe3bwnPSC zYWXg4J%IK2aWnW&9YWv3d1JLF-MEdLMJDhPFh+pm1{s}0W8O_q-?biGC~fCY$@~ND zzERHpv*y2l&X;-^>PnTUQ##xADpV=RsI8~M(lx?J&&DVDu9{PKXjfB?P%D#NbE=aG zxs#Lu=`ZU|FQluhv1r$%kgnWdx%_i_QzeS? z<2U|s4u?Ka9E@SD)@O2xmIZ2o1U$~h3v*;Gg&0v3VemHX=4&hUn(sOlG+^x~iKYb< zzR))_9C$w2mL7fN3gOBX@&0;O)7BNa@}Y*Ak?ip~jaDU_#DfY1SQq;qN~ucBT^*Z1 z^{jK}P7bD)7Pju+`J{@fxID>;6WtdA;sUnUG*<35iGW4;w4n9TtU(jc1&m=BgQ=s@ zOagL8q#0QI1k4Fp5MLly%O0d(g4VxiiT@R(IPZ@ZN!h#88ZcA33!uw`mg^BfKw@Su zHf4_G=pJaiOwX7_O~vpF%t;g%-hcWVJ}VwjF5zf{6ZO8Bn^Q)Jf6zY??n3eMv(KVB zp!LMTx>?`sT_QwGbs}?={}>9*K(ahjD?G)kA&AwY%^5>2pfIA^ZmnN~wJmk^D&fiv z+b?1c1oscZj03|M2s4>#I|{#(%;Uo0vWUq2Q5H+$q{4AROvoiX)v(IpZ&roe6*1%*Pp4eR zK8Vrm?S+78Kf3&oAELQ83wH3?fu+OV{rk&+Gc#OEj+`=9!KnpHe~B&C0KqF@Vet&E zoIE^@##igg|Ez4Q{68x@^q-~uPuJqW{@$U+jKkhRvi<)Lb8j7$<-WCzswftS9U!0! z0cmL^6%|B5loq5!x}-Z4#UfM$q(Mr$L0Tl05-DjFq`RAQ-D~Z=zxVz2`S*-*_85EY z?OLeMbI1J6dDRr`rki<@()S^&szhFU%dG?HjHsUJG{odICkaD#vNLl-fX?CqF$P|bLD69 zLWI&H`(bM<`k8<$i8Y;yJa65L^2EQ}j<%A+;)C80rrr3qt)#ZK9l-$1QG3zemRD728yVdIs0lDE8hs6*;&aGILRrDyjG)^i+tw|4112|G z=WfKRbI0M7$6gK$iBfpY;i8%s7@%_0a6}$mM&>UU$|KI`W>IydY?ymS;6B8W-}5c9 zy}8~JlPzp&gqsMzN{)MbR3Su`pTC*s8PQ{)- zMWcuk9027*)R6aYU;86Ay>NLT7zf7hk&zd8T9IJ~27((=_tUIz8BJu~_8OIl#U<=3Ca*BFkOm{_Xv)YeIJ@-(I7+B@5S_mujv z@ayjHzAl1Vl7tt<)2axdcw?|Hb@$Y) zRv%+YSy5S?$1fmV#$Ap-MrK|Ffoqwt!Rn` zbV7_es!`#7zUZ9+lU}=a?NeJ@+mv=5LiUId(tnb(w|KS+eB1oQcclDb$DD|!OXR!< zS_7(9X99CU#?K#uRoK%p)Y}HwmM3U)-9;WwXw0nW=DBJsxd!p<5kvq&wbJz)|3YIM z6hnq20zCQzgo}^(GP%z8%^NWo>1qUZ7D@^eVc~sI(tBxwIB|AkQg5V zMAZ@XV(|S8fzG^qX>_hSYV$5{zzeyO_13pRw>kr5b1z?wYcj`_h?P0?<2`Da4PM-g z>qDV7v+Bhu54!Uc#zC*vYJHPh=PD8eEmPa>;0Z71z~TZqM}aM^{=00V5m$>kyciI_r;l*R&n4T=eobEWThpQQYakS0&t#Q zB67~1Xz#xFkFH$Ojn(y0k%I&v>!#P=BP6+6*>{i^zLozXFPg0;ciLBfb*sDlH~s&U zn)&u<~$jl1-Rv)Z14}mez8keG_G;wP2Btu-%+u@ihQ^?+LB_d@5YRu zaf-nRG&%y*gY2;p78d1E+9vL)5&<3AI`8{@DTO8*KWKbNN%_^ns7txSZp)kR!TcKQ z>jVGfwR0ga6C=#Cq9S2B!8oag)a3U`+Yxo(c894gcpI2All9TYV#t*hQLTK0m%g}d`LUb6X}@E14aq68>X-^5@u(H&89(v zNzATb@3`{PR@PH+jmOCL0AnXcjPcsVsi_DQt1}EiVR=FC-aWe>!#QWz5+kxHYIobx5rs16y>G*85|_^w9eP0nD#L5v_Y zq{76S5tL2<7~Di|&A9FIj1CGsRY-+4ddpr(lL<2^(TMlFJ8LIm36p=Hk0=+`!+>@* zuS$t(8YYlrl>HbS51;A+KdB_QrfJyQFAH;*6)?>)?UG(^D{&p4Ob3?BiQh)>!b8i* z;fKP-V6Na3!ou*Z1(}eHY!;i5hwx<+#H$)*BBOuK!(=TpV$AK>H#uwcQKw7R@dI!gwxQ#gS4g}&f*RHq8=sMOJknWmU~@%4IfJLPx%yvKyRKpWMX zh-`*Q9OvIsORCFNOtJ`a;u^!zTt#Fs5b+GppBu~-g1y9?dI;e+sg@tIvfgUA7))1Q z&IEN5h3*Eh2e>8etOr(@NKqt+q;>FJzeY!mvIZ`~(>nAcoem13dEHq8>_x@}F!9?j za$}L7aSu>5L9h|ztPKctl$i_GBZqNR=309>N@GR_QE(+jmUl@z%hXM8`getHn^J;f z4<>rb9T%yB+7$szp{}sAvjfp?T%pQ~#ODKVm6=&dNq}*Ghc<6YhpMaw_F%psei^kk ziKY;XUB0}}KvMy}^j;QHE{(28NaQZJyCVJ>>xg_ujc|Tr)4CatZ>hX6NH#F_uLA=m zW#3GHdImWY5*c@qkr`W2!|ToJvNkP&mVGp)r>3rso{ul5y;bKxHeFA)3LAihe&pHH zA-D|$@`*=Fxj-F=X4iVOHC?CXXpj9MHTpn%gy_^D=@4g?@9WoE&3UBR+_xISMa^bD z67Vbj4x|raeat<8__%FI@G;K1WrLh6)C1j;K30<`0y{t}j-*F@3&lspA=aCf6Y~wH z<-$*I!QlTBa4m#3vF&P6lm+L!Sr*ixGt&N;aT7FC(S002>q<#jFUfm=wq`( z4eGZeliSjokeHgKV%qMsc!c)1%#F=T^LeL@%xT^g9+$`af3q8=TK(?tD#;uxFS%ex z-!bMw0nN=Up}Dbl^{U=A*6DlakjDY1^N)`8Y>E!ZP91xIy)7-esxdi zbApD9nZU>MnYvXzb3+{`dQ%Kh;>&2#j7ys%NgTLchDegSj!UT{+hE^BL(7;`aj)~U z&qkCRlN71P$2XT33+`n0otlmH><@Q!$}Y7O6>(-QeJYasI~h$6DNxLF?n4ayQ>NKl92v=yJ+Xsc_y9umI$zLdOi182@T3?vbJ!o;qaB^2oz5PdL`pFvhIMnt5S z-^3fwx^n5;(V=h|JWV1ZBIgCEQaM^MBoSNB@B;o#uhjw3KpTSDkhFMtfN-jNL2HDm z6Cm6x)PEH4(a=mL8stG>@H13C25fULT5Fg2M2&QpbqC@%!Qrl3UEng_!3#8hsJmd% zIghjk;}6lievg(UkIe+jD2xdSxrH^x62?RhHkNroQmcL+?J}0{%v4gDZ6P-I0D}am z^Qo+i1ZWo$P$6bIgYX@&&WB`#%vBdHF%W{4tUyW(A^tKQz3b1+#-@X$UMLLw+0_h} zUYjPcqQQcW>;&dMsG|(tWoJP&MWn|e?Eq{>G0UG~ux9Tr%E}%DN3M-Az@sD+iCg4%0KLi)NSY8bL}vXJ z7ZL$T`8~By5rFVIG?b`u6e4z;wF$*?xGqR(tg0FuQ1NvIaxvUpz+bXHZq}ZmbE8Nb z)Fh})e$St_HZ}w3<%^AUioxCP2a0Iik@XykoL@sj*Dz$_Vnu=D= z6!p@r!nRYp#}dPZfe`! zowM2h;psgQ-_-r@>9dst(skF&c1em}uJ+Uaz32Ngmg|fW?)+O#MWjj^WV5mW^1`&CzjGm_TRfdR>%N&S zPP3(EcCLRMa;VQ&4s6nF{iHhnWrQMt%f9?nlyhgIA&D9FUCK#)#j}T<76bT|(`|P4 zPVUxO_4(z&CCX>QN?W*an7zJ|y8wUnT9)nwGuM3oY(dv6s&@n*{kUY%K=pE9+qVJ< zrDD6qBR#5l4`XUdNIxn3DPN0^vYTvSJh9$9$y#iCdlU!=p9V+?#{dL%K`0yqa^=*~MXBx!A;!EaW5YY9mR!s&>AgM(*BvyI{oQqqG6(8loD zAn59AdkHrUIiqLz`P=#*b)Zq>^*o*2zVwy40Y#g)NV@m!-NsmN%-3xCeh7%Lu31*dcoIj7Rf_z-Qiam@s8KdFuyh2m zE)*^wbbaydyLM$~l7r~xO$ zxTJ@Q_6#?7Ryt7?me&zD@8+9BahBrapp-k0}n5!Yn=*Qyi?uJ=H>KQ~kfc^|z!Kq!_f>XEi#e#WiTEV9i@{CYCco$<~-k zl0;5PM}Zgn&%nKXOSUXy@|;UBGQ3t4uJCR9>bzdX3)`5)-|`UM2@lnp)0ZNsW%)?j`Py0dMt0QWFI5Y*(WiL9n@D14H}h zrE#$u9QRhh<-ZmjjD@g(SRN4-2xC|=fl?5Nq(}WX=w*9cH=QBi(Uxy}iN#A$G7@L$ zxc6e`ZFDg}D}jD-Uzm;Mh1vwvU)`-iX=j@*itx)`&K_B3@E!yCKzBl3e|SGR+CdLK z8ysg;PX1mk;HQ5N4cWD|3A|o;pm#@3CP^nj{Z8jXn!IW}A$vaS_qEg1jIr&D{LDzr zOC5%W^;2fOgKNU?x3{GAW{z}A>gr{@+c?=K8xklkcJHqfM@;92{>X$+nDQtciug;^ z%hLS$efbZp=WRnX4zrk>D>X5ma${%TvLmFMS}Ho{U~ks>`V9-Z>b`-piyTKHPWQ=D z+F$1-DF{}1r+m3G=E^~Kz1w3Eu|6fD&V^DtUKlpW{TlE|Ejak1>6y?G36F)=nRoeZ zSL!QbUcXM=VauPtv^0B>Tja*+^7TvD8`}M1>xmpbzPXQeTTkM+fReS#KvU1CCPJi@ zaV;x1Gke4(Vj*m;u&&``T6TJ=D%+*T)=zk5emkpLlrH5&gBkJ2I?h%K-FDBmg7?dT zqZf%?2dKHWXO0_cYg=|^J`DQYT=b6RrAVl%8XzZ+X5Ga-2u<@{bV#h+#S6-h&)eP?r=?_7U0fP?rKj^m?=lwH3;fM_7`XZ6{IW zg&m3~c$4Lssi-g7iaPDf9w^blz~49+q5lqy)zSq%MOu{^;s5K-HLt77z=zvV^ZV08 zlm3+M^qXPD80N%}CqHY5C|`Z>e!7+<#^G$L(-cj^Vu@G%yBAk-T&8GPymhFO$@@jd zu8O$Wp1y24EO<`oX!GoyT}bEJ<%m1y#giIr>m;Qc zC4Z{?GUEjmh5Ck=H`4A24({=k8K+q~L+dhiFv{zztYcW8ujl}GxaP)`_4z<+vx_Z0 z61~noqTb1!%gPsjyvVh8wLO^2uAMmN`g*dB{VngKe|fNei*N(bM_;;(WxF5NHpjYc zmES5Ye43uTMf&>0Ug?Vl+g|*jvq`7As{OL@jN!fJ4__EYP2Wi0v6bsG?z%76rExbC z_SJ=Q|Fh3cwD)RWdJEd%+M(^k-=A`oh&~V(_h3Fc=M+}O_$xUe(00H%Z?MPm`VAt) z8v&f~pCDXT+`%DVBn?Cx1R9Rjb#+%`WQo=rNS+;1r6*?12q)IFRq01U6a|H6z12uh zu5flGZe7(Oo!FjF8Ffu%j-28GL1PK9aVWs zE)IzU3Dc1~*{#&G-2)$npZi5yYUQfUT_e#=c9F@5;>w>VY=eIETcgjD4akJoX+8GY zJF<4=FN&0bsMOr4m3!ogZG~b!oupTFXx3gSy=9kj=<5|~={>}#Ai{K7a7n-YXby+! z%|);9bHln1&i;wBwbxT(?$%rPtJo+S8cPtfWb=EMcFMa^X4}8LYtzq0fKs4)*vc$7 zPc7}&} zG+kfN%hnmo@LQ{sId=ATqxRgkV(aYR!}h%yhApQV*0s-&*X5`l%<<;9yyrpi#%_(; zg}lI&+J`iKy?^@3YlJcl_!Gs#be8L8#Z6V}UbC`zl$5;r6J;h{keO}XxbqroGc&6x zU%6PkSaM1OYt$7R*Ao{D6F6>^ti6)VZ*MV_A#K=rY^IRPIX~O&lw(9Ws@LUz^sGk3 zM~;A5T{AUyC!?D2^KJTOL5#EaR*Qt@)Z!s&7@2b43yZMDDjpnnQ zi})jY^*+0VWBpH0GMrBZpkKiMSV{=i=r|SOpn8|}2hnbsj2xq#7X7-ay34%g>J>(( z$4bZ&)DN97I^&$u^x-*~tiQ#A=6a zdG(oPj+*ao-!is2V}ivcD!$hlF6thoce^V2mwCLK%(1SZeDC}BSk2w!lmZM(8MZWs zS=m0M%O6ijv3$U%-g_-R$%b|D1Z@V-7_Ugjye-4YyH%$)4QfM0_Gwg&T>5)Y{C_-# z?~Cs%##v~6 zdsRv{G7@2SL!H{hfX9oJTr)C>>BswWF?%DyGKK3SwC~L|zl*j`*Cgb=Yv21T5Ei-8=PJ8{*49=Ut|V|685z43CaqEORWowa-r_yeq9*|O$aJfhrYZfO#@SudX}*C%6vD^Emu$D*YcJ$` zwjzDfJksaog)`#&wXL3B`HMrx{j2Z9K5`Qu-q50shYT;8ZqL6Xy?;B9%d33Xy`cOs zuN%h%SWf?OI((wCRZsjt;GXLZ?7Y#*MkljJ_YbUV^RmPVUjBXBMkB?M_J4i#-!=#P z?YDni<@m|8vs!3rcWTleewuIRetvrPrRdh5r)f5AI;K9!_qV5L&+4R2Q`JO>*Ipd{ zC3=uQqrE6WWccgdr)d(Z7Qs7b0iskfQ($EiQV?Rm

Rok&3qW(tzTq&FJp6i!eCfPQ)I`TP7V$`Sf zESCf_X|>n$e+~?}1v$yGk7GZ${@bvInYV+~)aw6v9`R(B)4>DlvukggWK!4Amx=7r zA6Dl==p5;-kFU{-5w^xJpEVwHw+luO(;7l z>4nu*>Ky`FobreF7nFEw7Py2SF4OcfS9~ z+kD!V%S%mf45C>(OBY-V>uoN!Po}P|CSwMkCb-!g}s zOs3-Bd!5G-`wz%_;()qiP8b^-n-F{XKR=qSDokeAV-6nj6-<0@Nq_q4<|YS62n)A8 zje;T7&gS{B=TYUYjeppiWAeU;J@GYKcb7QIx9?+HhYh` zdflt`byGJS+$+f7F6fp1AB9qk=TTnXvf70d;-kM0eDyz^-;ej#`DSO&|L5O5u&~Jg zzkaWnx%o8yee-|W+5bQPLjS+L(*Lg?OvrF1=>_2BurKk-+chwmqg`TAX1`*T)I#>4V<6wePjqA6sw zrX1B6u@3LRR+9g7YKlF}zxHZSE5Pv2!3XZ`Q; zzTfN2rLd=JhOA7KX~V+rX|~dkGij;*piy`ctMpgopu*X$Z(FSvEIz&e>Tlo1ekkDG z_3OGK#5-oc@VPs7fG*%Z!$Hdnua|0_-Wu-ga&{Urj!LrMxo-ddSjGt?RZ~#FwIB!$Alp zJCalum1k%3$-&0`g=2TryMxu1wX2m_cje`M)uJ5DDH5Y_t34&Mu1Vin)D>BmLT@Xyv|ia#YnhxkY|j`lyY^-amy=6XZuoN7-JptJ z4Lt)zYKXSVDf&KpwKX+VaxjSEKS8=eQ-p&T_&enP`7Z6i{)x2wuC6ta94X?vP*Cnh z|90}}x%4)}dXJ?3Y_EN+;oXTI7k%E8nkDt+-dVNNSx_qXT450_Zk*KpByMj+OJx*d z?2taRp6)p`{@mB=P2ud*r7?Hc4A%+^zWG$jkCHl_Z*rGe@49z>=$(!mULP8ZIKwf| zrN_ZEoy_*h(uFsbb@!>V**l8tjxXx@=_Hs$i)sW5WQRpYQ&|@#uj(ls2{MW=f4sxo z)8*jLe?O#+V{CUnemnJvWdFf~M1+5!sOyHaq2J$^`wA}i(1ml(UphlJni$76SFFX& zM!)>H)AVjswEWcii7iK&o0)ZVUhv8PNKg>>9xO|ua3ZrE74R-$-7_%tUDNxC4rfCP zrP~|d#ASiPEfSkPcS@qeMQ+_U>T`2!3sSvnVIY{gZm^e=y-9hweVc>4f!H6DEgLZ9GEUfaC3;R>iuyDY)jVJDwpnxVx|DWFL?~gj1dn^@lg1<qploIY=KLtpaWwa;e%$EeNPfMPrIlB6$ zK5f(R_+aLt=U;Drj!WiN>&!owbJ?u&f~ZYNFk`~mR{gWA#jXbyt6!QIE)P@ItKIy@ zG1?o&tx;ICg`aWNfjTPfVFZ5Z4p$cfXyr{;PK7#J7`$Iii)7W)?7?$%_}PVS>RjS3+?L@(GSns;rU^&F`=7 z#m_CnC#Rfm#l)hRqzSVx_5(QBR*wKCi)z#-6L3Ft=n$^NUa)p%ij%h$6^~+BLJ8rS z$DeF6wE-1IA1Wl2j-&2^Y${orKR-PLf3aOot|``Z##upKy*{_s1&(G)!q+B{#X$)15G4hqg8TDtUPOFeQ< zQRmNs8ng@|C2XcePD5k*UcONzM@O9giuz8LQ`fZR`jP7|S9sZUJ1y?Ly)Iv#VQ;eE zSLFD;Xz6`YD^&udp`zs-UaCKe#x+=f6}1*XL|Y6SQW5)VNdk%fh8k>RJ!`2&N3 zu;J-5Tsi+*p)rW34-YH9p?Kvum?&t%qVQx&f9r5$1hNah+F>V4!gpuB+S=N8aOFYd zarnp)B02-kAt}(#nS1P7s^ByGQg8Z0Y7wd%_T4xEwrDp+68bLUVdD^_#&E zw~2PxL$BAPBNOQN=x#ijyphT&{NS`vnfvodnoD7`iS~oDWzlvbH6sm2f2vx?)-C@T z>!dPy;FP`RTfeW;wr09-QFBf&{KBQ_EGt+Fix&^|Ob&keI$gPOP5xe|^+~f0?UNkz z+tW>23|mQ^D?$P?mR;($3AAy4IP=)@BhZ*O13sE?Jct`zfIWZ zRtY%wQ=Pk)~RC6D4Aq*h7uB&4tjf*E_>G7k{e04161+iBB|y6MG)nuj>}z@S2~mg&fHmZV=RqhJf5O*F z$HViMQ@gUcU9#scp;uU2GDj0oiG-n%qF&qzY$59>f@(g$&#;Wap+p#?i5M98J7sCN z>kkzTL!AjrA0e^@EerPT4^-ZSW(_{+Eq;@;0E&kICxf$+o-^cemA3YIwWu`2GZ&b{ z+3=~d+S+>Ynsk^%(4Jt@+G3x*dl_k1#A}1KkN?~{lcMw5Ag!Fzwk;rnf?BJ_2V=7ocP!%XeMJ6*e4WvF=5)}#FLSju1?`e*+(@6Fu$Ek5;L z-~Un<-RLdodcU*k$;ZSH0o&IvUW`O(Mcwl~Z$0r>MbOBy5eI$rgORSQUrldhT1Q2^ z@_o%|+-~`{SFGW6pk>*R{oa>1h#%c?wPH(jv|hTk>nYWRlk{|*OCkal^prP43$9&} zx|?l%!G6c~unP@~j@}0yHZmG>+N>usW-M}Ocf|$=B#L~B;x@b}BT!(gS;HYQX}8^6 z(tt^iqcYRPb-yFYWyx!KE)rD*ZAb@$;iFmRAqO+_U!0ujl`5yu=RvzfNj;oOl^z}t zP=%2O0{8^W`ya5X1#7hlFFjN_H*b13juU4y(<7Y7sB5QjXMgtR7<4(mdv{u zGPR>jB2X|I>)t&*Jq3Ka5e4He>R}DxHROXW-sUhrL0VzI(5^>-?7p5Gy;xR_?gT=i ztkSBzyLUsonALjmTUm5uo8N?B%a|u;Y#_|1r*Yc4w*?YR(i-gF!(uGI279QOh({h$&qG+U1rv349|9TR z&J19kxi8HI#)vUj1L%B zSa^4{fZrDL31P4#5=4IeYK(A(?GH%;jXSqkVb?AGU;Kh_^D9T+3Fnp=FCJdrWSd$% z4=EZY^$a1R687ce0Z6asFfxc$?0om>Syey4wPo^Ds=?87o*151Q z?)#nGTQOqEkJpUi@4LNj7p9zHo=sD@aO<#98>yw^`PhQZ{U>dAq?xst>bmglURNqAckHXh7Adk{ZA-^QlA?D!hcn&XRiPAE>^_$sa4BtSpY^_POE} zR#$TJSBc=hw8hbwxgjf~`~I<6p7Ae5&y=LSQy}PIsVWm1Abli(Q@RVkO2+ z4HA$6F}z4=J+%@N&l)DYyNQ|lmH8I~spa+F_L*VT^0>Q$MMtQROGkEmJ!j*P zaVI71lVm0~?G49GiJ!x>POG`1$CEmbKX_-WWPDN1AyNBVa*;60=8B+$eeZ~8!f2Pl zoeTE|x-^^-gXJ1^sTK^)gv$U*Xe(B8avXz+z{((ku z69tp-`2vdRwdmJg0vd8ej0T-h+ws>>Hkx0&nk{ib)hZkiK4#Nch>yn8r zGcauJr=~VZD})6F&B}q8?^Ab(oppp9CZal1ERtw>2|voIx+e4yNFMk}oCjE6hh@nm ze$<}iB+9CY9aJrIeMJG-sTob*g$Dv*(-TD{`TBs7rEE|L+U`EI1X&E$ioo`V}&q#1tAL*FKMK07 zc#e@5rJyf$``Xw67MFDN;6Y}ih8AAOU+4#Ms!#pUt_=49ox2NL_k@M1@!C5JlTuO9 zRovPN4G5780J%u$APv4VWO(H`+j}E9D2XNVm~Dx98&_U0Z2~bVTJs|ItZS(93_VK^1q3;iLH{4iL*(nA7uicxD)B+M>C^UZQC z^_Iim=?QZ&MEMUP6F@zKgX+N1qm_i2?m-d?7c@gs@U^`>%9dc0gaaG*WvHh}@YZr@ z4)mlDrT|kZE_FV~z~F(byKiwawChQs3E}CT?h&XfS;p;e&@1rw>o{qyqlLmm&SgK- z??C?72SitRBTtDCR(@wca`^D8*RO96N*$oqUSv>;BpruGIlw4ajWe-vmB* z(H(4Kso1hZf=tkbHJ|+_$HwWx{6!6+P1)^Dj1;j292obTox~ zdC6;6*oMTGNvEEGNwe0$-5bXHH1rm-+4Tuo)f~q0{B= zMj9j}LJEtHhaU-Db}pFirQW$q;E>M#{@ntWVQZi7$+M}Zf$g~TYEVU-FI_TTidOJS ziE&*$Nnyb~Iv3~snZX_0Q@rd0$smt82Za8UB5`qmp7fePbmy_4%+MGqqjr$768 zQhs}hynwr*V_rGgh3_9JiLOvc$b@SDDd3o0icpQRYn>D+4-asyYHlR4?|Z^%o@G)K zKO11z7v4KF7QA`Jt}m{|aH!d8B7*z&7At){p+_!Q{@cv6-(a~p!xTEc6-2@Vn98xQS>fW z+@7ko?5iY4Q!_{Bx0SGSVlUV*><%!sR05sFQd$gVm3XrVjHva%E@+2uVty-oN)ZPe zERN9QZ29~ALXEI@^AsPSKQb~;SQS3;@R-3;l2@E^|Gx!++0ZP@*{KQedD-ccZdGZKBb>Fe^5QL<=p*lCwJKY}*zzUMa?oxdP!EA7cT0NG z0*7$G>0llsf&+0=v`kE-0Rf`s0ZfhV;11#B?GCn@v{qLS+i*;Xj=rMd*oP+s4HRYz z545ciC!=PG9-gcTHGJW?ohUbPkqueo-95+iQYJzmCb2MVD_u&+d0=eDBax7DD<`I) zcXFxby(F1U5~WVI?)NvjyVWv6+@xLgN*ONl`nyg#Q>nHEI;{=z^k^LT)DaV>yf?y7 zBK&r0`pV)y=?~l0M<(IUdmcaXly)t41|V zb-$*k>ANh}CW|gCZuj`D-{#*);yBw>+V|GqPuo;+`P3mN?p<7kW`C|#b*+hsY)(iB zg;4*PYv7;fw#m1$8mOUvS^cGEuz=R}&$49H)C0bxCpn|vb}MqI)h6+BDp~D{qekZ?oI9 z<9xjub-qQ9+i{`sj*+)`^R=4A5T61n$ zH14LY=HBoN-Oaye&vM&}+Q;)9ydzH1OuW2)(!qSV)pfubC-u)LC_q$*%mdZl^m|%b zrSCYkA*%WVhabeZBQKMmK7Rbl*S8FbSyMAJ-_1m!pvCh^7~Bb!{<}s(XNjGdaIw37 zpsDWe>N>~EOD`f4hCXLB0DX5;f&vRtfXeaY0Wogd>@hd@GuUUH`3~NV3kZn8V@>?! zv}=agcZx@t2*JbuH0GN18iwA3dG!xkrC4+n**S8E{@K6(A_|KygYX0(tOhUa*}h|tgG4fs&vFq|W5p!W&#ZHZJ= zq{dW(rNZ`P?5lr-SPgVt!!;O+^y)!IMnjxlV3Sw{DL-ni|ySS z$>v^kDMa8Uidd7arb5iEv&tFwcN5?nJ}EXQJ~k^}j+N|0B(A)PzZcL4lo|rqgF7I* zL+X*oEoMKWVxn=OHCIwFT*k1hxS8U&^_^Zv-xP0oxa$Cl5D}0l!wz#psN4@llmqYxDQP%gMKCum zII>M7Mcqel+r%yI0*cU_jGEzPPfCiKK?=UCpEX~kVkTSWlBCFq<>mfAMrpV1^vSDo z(p0@(Ga0|O@h0&4b&(I$C+E1GyCg~~R~l1a*|PbO#qdrjc+U>xtc&l{t^3(d%Vo#+ zD&YEEf6~2vBscjK1VRgsPHF$#7PacVq`6azwoB!=$c9?0&(k-BtX!EhOt%vrSY(Oc z6BOgoxP3v=tCOR^e3h47{#+A&RgNs@0yxQm z0g!K#5rBkzK=faU2Do;N2;RXPcidSTh#ah+MBFOg@!JTshiS}^%#)81&>*6OzGvvv z7?N;Me#P=zj7u1|;OhsEcsN@{t!+vo zKGygs)@!Q%IHc&BqA3j;bgm^%T8J`#9J5lPZQd<#=&Dcs#LArBG?SkJrBH~M?H0Ry z`PkR_Z{Dhys5R76C$c3b#Ki2NBH1@PzOXJuE&M7^F5#G<=Z%{rnxn-R_l50B&FQ%k z`OQo&+%nfh?SyePN0R!M* z>9+OQ^NAnnQ6hgQ(6~oJYufcJCWao+l-aGHW#ID`dmMdm zLg7DinSJQOs&I0X>3Z^FMZy{IHHa$rY-}u=Z~XST$R`0ZDq{OP5%+>PY=oL2b?XVb zcOqC3uzWdk=MBlTh6NIgg6yMI)w3@7W@ctM z(uf#)#M^hPE$=G|K>LnK;NHgCvMrCVAO;I8rl0`|PlOWS)J9Ac41v%oGb05*(9l|y z(!wl=&x8`=Pd`$KKVcj~uRyS3=>7u{T>_5w{{8#sU>L@?bH~SpqxcjTS4M}Xzl0y3`h4!#sF-~q?ow-jv zS&G^BHD$~ec7|U<_Yx2y4y}O4a?kbLw_$#JFB)Y}d%LQgJF~7!nU#>F+Qv0|=qxMq zuT+hcs#s~3g^i=v=ln*t3U)8Ey&b^(BfrXTaZzS%#VR>RLwYbLGbM>BBDm4AAY|?9 zpM_TPRC9CTM6O+pu^w%Em^D)8l2k8|cW>qzD6AS;^JBX6L{0(xFLs+k~=vL9)edL!F^)LWwXW4AW^T0)y^vp+gJM@PAN{XoMIofur2 z#0~_~Y~2eNL@8{M8^ zox>?U3EbRlY;1ve6af4P5MdoSD)f*ngIVqp?S21K4Mpi@y&{NEYQRf1(zSpz*yc7% zK`=_bIZ;e{+u9b4an#Lmd&n~@c)63{O@%YGMK)WZ1)b>nmH=YS0J$vO_AhbL5Sd6g zyEu7yV}QpIYq<&Xg$Oxa*|tz84K5ZM4PBg=wmjAE|JiP@i4behgXR_%@U9*O?)Er9 z!{tPbED_*txaJ+-Q1k^!?fgAg6M0Iq6o4=40h#dOry5zNjO93}!BX4OM z8FilFt`5qK{V4G_9P|oskg=KPT_tG=U1EXF$J9#ep}GZ@Y|&S(S-ny3gX5@7RO8Ph z5QkP*=AP@6fydl*WOjl@^ybIY&P$^KROfA(9zJ{b)%(7hFwMs!ta<8}y(rbjgZ7P6 zp6i~C1y!=K9uP1+ZKb<*1ItF-kBqIan32Xeck~KPd>-yQF1VCV8s2BKkIyet;*Bh~ zXG%#>&^|YlP7mAb!@8m^iVcGfy8EaTqAe`55<~6;nRCCh7R7TwxC}AX%Ye)P2Zemd zxJy;vV*VIZ3v^qk?TpCFy8uuP5en0_+zmWKYZNTqNg*iA=*Qs=CYzX;Sh>lA67sJ# zC(vkYAY^q1wAFj z7*$i&b=^e8WU@yW@akc%M=tb)p})y(H)1=|( zKiZS+==?#!|Hw59Z?rOjT@oF^uYUPi&tdfVx0IEiMMcpeWWT(rsY#R67;Fcy3V75L zRn`R%DTq{d2uIE^Gw(rjAifs6sDwL#3wBb(=^dIQs%~8*YmOmI7wVC}aq>>$JWy7y z1{G?0t6>*&I5+OaS7iE%A&4WC>5fqWKf87_*ACb4Qj{v-Bfr zZ_RxGrtrA1(lUD^DQm;JOY1>*&E555sk0=h|J<7)m(2J0mL0xzg8CeewD6OdC*z= zj;boR{ftkGTEH;iCE;P@82`(>z!b< zBk*+e8D1$RPRm@(etR4pR|PsPH`eSC89|TfklJoa^+{sd-@j z#&{H8?)~LY%eHw}DZ;dhyQ?`^2Y>-plwZ+0M_2i!$73S2YnPC7nA{*c(dX9Inf_s= zZBE=+=m1vDu}oFq5Nk{hHS5 zL(LbwG1)YoUo&o!?jf?Eyz@I#n zVS3B*Q(c`G&NxJ+tC;Y~052&mEhQ8ZXjKIbi7X#N>j_YZo`*-i1dKB^x;^00k`4|l z)S-P^a?p~Yr31W~ZSz=(dcz|@cIdiUW|#2odJ46 z!NQVg7{3CZAO3UwjC|JjGntTj0_A6zEM8^D6|+LbP=~XU1hP$#R7dpp`0w&;_+~A> z;DmW13uI2;^R0~tzFD9x!h&=p&$1;vW{b=Eyb?Z5AR zW0aY&(kN;2P}l`Do_NK*g3{N{8T?b$8HiVEXu-BGP%$Mj=u4py;j~aQ(z$U{YWXc> z9|0sv@^7QJ{#y%BX4o|`y|3tw$ODmNKcCiTWNwlCMq|d^$F6PCgr*y4pJ#UHdL_cD zv3N-5&!06Hf31YQa)%BT+pS*JEt+TQJ6c@D(s1)rO}4OP{BY9xwCj}$hUvwM1_eP~ zZKt)By^pKz{sQqlJU)JjpF^ouN_u%I``EkX);LeqIhxs6@5o>!9cIt|EGch~Fru+% zwKFs>YMAXRKakXG{c6W#>d%TenyRX@Cz;0%E!kALbmS;<=3d`V`twgo@|l(E2ZO%L z>fSuAKAPU^JbcId$yIK>FUJbkYVDi~99}Camrq<~Y(HidG=16mgd#n4*ps{qv}>kE zU;3wf*xYMTP2X1>p#OY({wM6_uU;`wPCX1tH<@OqM56~(TijXLSP($L>Mo$iH z9u_<)Z|>h5O)ViXQoQTLB8pqf5)%kSa0Ax?j8fMt`|$*C_lI`C7&zGHtVygeJP>)m zsI%}_o=D=x;0)OX!71$kV% zWrU`;6L2W8(hIv+kifCcFH{8sBoVLP$g3KZ355jW*O2pbKY2I__|`>naZ*GJ^4gTE zsHkv3GP;G3*`XIVfEJqQ^tS+v1Q-RKu6uGa8y$(LEX3m{5X|aVdQ2{J2YTK?l}v~O9*efZx>9) z;gy4Uqy}=;<5&=~VQB-|A_i4NQLGqk_taqAf}sVN84;IFSk95(is68uRfzEySTbb@ zKmIhF`6}6lSD^;l2;#y8MBmyX?u0ox6#GUX4nRP-gr4Gj_dzVPLC3((o@*!#dOD7n z(L^_2wItTnC-Fo4*O z%nH2pM6wU^WxvNg=Hlfgl8A}GQ1o`b$VR%Qs7Umt0RC3wA1go~ng-5^_&_sX80SgO zI5{~Dp+pmGV_Df{R|;HF9z3B$7$n*8b6YT4V$vjHZ~q_S-a8QMzWpE8rL;(0rHoLQ zQj}zGnk1yCgph1P_NFBbqq4G-YL}-Q)T`-`~H_^W1-R>*{o# zpYuJA<8{0SzI-HRghInT;?<7g9ySQ5)eZzpAc&1?DL@$Cn@S;rV_qw7##m z5DgS#7nA6-l$4Y&U0VTkVJ-@}1q}K_(WSouIw0kIQxknU2bu5}T z(y)O}Ad)&Pxp@<9Q*Rv|ZfueDNzT=A2~}I0V#zgg>H|{z&NIg(f90krlL-STo|;=p znfX@9{9y`B&&I&{A2U%&V;2t9PjC2 z^@8<63{b$rQi(qm0$W~?SE_NV{9;idSnCqbd37ob=vDe~njDmH4n})0zseL0TAV3UKT9r%_57f74HzZwL&}^+e>y4kYwZ!|d z?RGstgmvKS-SWNA2EKOuIr3UVx{sVz#xw7=W_X~@MLGKrHkd@}M^&KCWr8yH$)ug$#ieMF4GSKkfofvh1YRD9tUf+Iw42rAfdKw> z`0&}V_zZRz7Z<{t0mX~mQolb&+ecxNdp7R+4E8?V?OBXoK$`Q15e|J-q|?trH$%hO zNNI0al@R9-1y3rF7uW++JnRw476=hEdxY~bf=?TxHNt~=31cRJ7&<@(ZFm*uG{0Y8 z*k>;$nKiicBKaHRD+0;9ILr&k<~X)DuT)fPZ)|?YiJ?QCp0$YmPo>9 z3v~~AlRteg-_Q#@q-Ab#qJi?}c<@Qou)y5W5kD6Fjyv#^e%*U%-3(DMGGCO{*2ciK zkRqgK0n2;~j{Gw^;VD8^`h3R_;Pv~I983e-2DKylC^*@Ct*D4Ep9xn2QxLARj~}0p z5RdWD8Jks8RK=9xG*Ss@8#Qoj;+O?zLoRUdx-)XP1#H#gtwoh?G+4b?L>w$8W9+{1 zC6gBr?gnod3`9`(hTlvu5@o*LWK{{0AvgnkCM+Y9m`=ighrX)sVa0+Dszkz*W?9%6 zvWPrj02tJkbg9&qmuuo$AvkB@(XIJ6;m!-kGy;Uv>kz#JZWA8XvQfuRo6?9WvFjw8 zXA`++qZArdT6;{|f>5dvJY>Vhk%#nIvxoHKi7vcHJLKAv)v5KD$D7yZoL2#eym!p24bxCFd}yD8uPl>$@J; z7dgcjA_)Oz&z1j3W&b#I{P;Ey!qU=2ZD8_-bSMlk2+1(;ZxBNW>a+Xk>U^syF54L> zYufqPE)!Yk*D_ma`m!C0RQ@ZET!=-^;-0;Gi{NK22^U!$F?h&Z;nIVO0*^vaL@6e` zx~7I8++jLE1btyYz!$U^X_-b08#KgA=^Oo1{;N+8r1B1sqcc|Y(J0s=NTVKBb(FW& z)RfZ=X>i*TTx*z;q6Fx?S-l@G@J;Q)Kcke5t1wW0@ZfV)sGWoB}|p9+=k z{?41JQq+4wxuaJJsB)0Ul>YIWONaTzLoL(y=C3&plPb&aosL~p;gz=Kiu5Osoqguv zeuQ7?aYY@Ysf)|9P=aielEzM5nXByjj?x7O*H#p^=B(IvE6kD=2Yf40B2j;>dp@DQ z-dK9tX7$gld0XwR^4NnYK#;VWBu3Ynf#l$T4 zBV9C6%yD>dRK|u!F+_IVsD9CxjCD_xEU+It_2wmsyS(m!7USge-E;p; zH-EBw+}pchT>9+Mv!M>^tZwt65u4>h9lO_s$wdcZQyBXm+cfQ=)iC^cyI(wTu+#2k z3`G;=C;e?pJx4prZWog{eP)USjh_rQw#A-c@h>QL)j4pujZomcY<$fI~>C}UPoKK`nkh7-`x)UuWFl2w8lp^zS*w{-<;3U$z3$g`{nuK@XpR&H`k(}@y*3-?;NuSSgcL# z!fKzI_U5Ou-)7A(USFGbocS^x@x_Yl3wn6G#k!54-Tted3B)n3#UYncSP9i!sKdm zT1#hE#`27CsFTG3p@Lbvg+{5j1EWubd3=(>94l-#*8VJxPg$}Y;3%yYEiE-QIpjW^ zw^Hs%k(+R){|VpGgSTh*cV5h${mx)I{rwhJt$ta#?BTI{+ltB8j(%qOr&#{IGQ7G{ zDrF9-k=rhHwLhtTpOM&mRb5FpMY+_$o07-+AT9T-a>1}p?MzHT_e)M^tuHR}rIvrn zvb7&@uE;sy=pmE17CozxQnGvI>!~YSE*AaNyp!~`u4R)RP58C$p|LaLvij_-1ylR? z8l6m?r!A>aV($L_u{PV5pMLKB1If+O>~)LludO!ny9Q)gsa^aErcZY3bq;)Q-hFpE zhM6p2Y~>zv`K}1N1#kabUAOadv{J}!7DgN%u5-D+nyYrC+Og@^T9rsCTa4b%#o`^y z0ldcpUrtALNrVj!-mJa*2hFMc)$BrliGLsPzd!p03%1srO+EZ4>cT0mvs;|?$@yk6 zbZ@`lmZ|TNE$OCHxnXWk&q@z*oip^^Hmx~-u(PGrmg=+Wmf~!?*r0l63(>rx2{P!N zRO`bUji=lnw8V`hI?;`7>Fa;3b<2;T;@!~Y>qP@RtxJA$A*H9QnJ+zOJ-N^nVx=>` zle+!Su1)u2!u)A2nD%oertcfR)zv5|fCJeypY z?Ss_5Y@bwDJIw8x5OCk6IwU@L$mG=Hz=$0*4=8xQKiQ{4U(fPrdv@>{b6wWq?4$a; zcHh?3Pe`@L7M6!jFb&X0or}uRxptYdoNT()cFFg%ifZ3C^1j!vxBj5~BhHbo-(|Fh zEcn*cfa;SZ=djNk&YoJGR66tZM@5B>kxiCJwg2;7o_nSOYoh#`^6dv`^ttz5G9BZm zr=pje8w<;M#O2Ap^~`y*q&QyoL{&E1YmRm&I5|RU^BS3_`|I@UWv*x0F4ou9CJ0xn zM#OzE8CyQu_~o?kWu5uLiS@k!^rzhm(pd%L?kA2;TJP%0=g3{`p7c6heK_=Uy6J4! zd#T0V1MfT}j{WzE;ZNT-g{utyJ3Cs)?o}B6pI25R-ho){O9KlEvhDZQPG!C3)6AnC z*4e^#;2B@;*&Wx+mb$ts?<_RkGoqS499%)}B~;simB7s{ZF-L@GsO z-8G+Fi|!xa-k+O4-A4boY&&xJZ10Ei25tA?OxAk3LyG2=zqEbQ9R(|@upTU4PmObB zHn~|p-xM{K3O!iT8mqft((BC5Yw^SP{LXK_tL z*o;!Ap0dz)Mk{sE80VIff_=v*M0DDt&v=n9q&Po6U$@cqJ-7DFzPtxpv?#u}UpsGR z!kVggUQj3hiN~a@srHL>eQ}3%#W$$UbjGlx;EvhS}Q^4X|}NO zwWo#5e2G7O3pUkGO(dLnJJdE~ZO6GLub#gu9=6$~rt%9}`>j-GhLk0$-bOx`ced4} zgDNZ3p5(D(!(#U~F*{Fh3rzQ#BDMK3cb@bbcFgH`IA>I-YxJF8T*!X*sP76{bkeVL zjYA>XJU?sEv=?+QcF@0M6b;Ck5mR?i7@7X>TgRXDnTjzXn$vJxV+3)B%+}h*sF(G* z$U8v+@8CbFVy_Dd3wHP1()fAq{1r*oV!`h5?yI%-90pgJr0tI063K2@^UH{};E^W9 z4o!6b_!@A&I-*AIaQ+3?2*vZ0icY-y1_xd%zW>tl<@rQS=CIQ~WQl*QXEjA`16-%S z!ta#-(?8d$SuQ}caD}+5?5Z~}9-CIlncmQFoRAJEZ@4BToZI_zC_s??wrJk{>?A7l zudQ|EV=_%O6Skc-S^}S2ns-j_uT@dtn-+rw#ecq?ZHGrlA78!x=NCqN>b?K$M}GgM z{{QPefR3ubng71Ax9o^Igbgo&x%TvYB?uXpqYOuNiF2ao6w7Z=?(fg>EcX)fevy4a z2>VKOh|pa`RbfcNe=mS|>l6HMlI8yM!ab*EATJ8oY)giLd~=qW7DM{)Cv0=#pPf+K zMbMxipW8|X1SSd)GTB&XVIfD*Q5@UPa{tw?)SYy(-LP1em~vDVh`1@1rQL7sWkwpnPH}_^W|&C2;R^;+Iw~?U^5P2Hi4!c4fdkyQ zX{g))_jUXU?Ay6yfC3jVO1IBn-<3Yrfly_j3&$iRm_x3R#)w{$aNR(O9?^spCU|}4 zRwth@Qv@VLkPtu(Cg5C`_1Un4BG#0?mx&}I?|G|GIH{h;_|Pq@tMr?+I7Ty}eZGXVqS!vX@CUsf`OJo2T=md0seu3KJF z(St{hpq}`^d;|V+*!YdAp*1rzGZ9eEBhZFo)?&|LVT?vx?J`Bjuly z)vG3if>*?(K3UCPprWCt(xDm2Frjdhzc@7`rP15n;;T`(6fWKBcOy1Vzr-sz*Ht}5 zDx$6}!;RFM?^0)tn5w`z@(uNvn+Z#xct7*-AixZO#Gm`-;7N>6*wEz+jsuZ!?Xdv@ z;{e1Qkufn0B2t8wO4N=ULqW;7d$wb+dF2N;`jJ4jqS@p`=+CeZOF@RK1SKsvj3_DOrwE=kpV#!!s9G5#! z@+GF0g=_N+0HRMjPqO=7CWs73nZRU4|Hm|Dc%aC^OS32|5js%NMs^=N7NatXaiKX} z!MK&b#FMc#x#k*l8U*(n!|{{EE6>bhx<`8j?Jj#9Cq>p2vT$3vYsSKY;;tA_ocs*W)Kn6jfBbfF_w+ z|9iN~sBwFaFQibA2@X@VTBH~aFXdyJkJ0U4Vq)#K?YY_6({2*0@2-`aR*0ReFP)I@$vZvL}tWs4M_dzmD{Rd+<}__yZh+G#HuVu z&~O)5Rv0$guce&-y@9h%>@%#eUHX-YC8zmOR9M1yX!W}Fk*B9~2k)=*ts4j@jJ3r2 z_L#hH9A30tJJn>e{agLlKLiF(8Mhw+Ug3wN1~6?Qvpf^i5Wq--q*ZtXT+d&DYExjl zHrQZ9Z~~y104R7sCL-v}$mWK^9a&+rp`zIxPC&|L8kICOjf^Uh@C3(*qLPxQfT^y8 ziC5#J5E`1Hrlg>9YZz*SQ;eJvcZIlnb&0zlW8-30rkTOR3)V1ZED;KEL=puENJvG4 zF9n?CPeN%Rx;zvCAC>)?5&8O6R$CfFI52T%;o=X5?<)s2*n_z7l5ce z7$4P&ubf1RipR1lq@~0d5kqGEbd`X^b$@`si8lw|j&tCS*c+)P*xf)+7PNUMT#B;n=h$Hbqn$rK zemu~@dCp#pm<3=okoC9v0J8)P-_InOw4KS1#-wL8gR?q6nMmRSeVt%FAu18S0kfdR zIg&=*=p5*#ytZSQ93cP&*tYIgZ%h)KRERYK5fgf1BKH(;b1%|Y0q2_8*a#$(UjJ($ z>RY%5a+hrUqQB@n=Ors@DfVbuBEMw#BC||*%;U;(&K~MXmzuaT+73q(I=4r)iVEs= zP1S#%`=p4Yq6^9Y{7xbZ|8l*Vn%R&HHWD zPjGS$Z7jHKlwueICz5mdAq!YHCp8K%xLF2WT<3NN0!xtZRE{-BL===K278pn6J!ZOFE%wbrIO-+1SG5&oO+t|+lMA6y%gdIK@8N#z2oEU@2x)_ z@W@XNx7WQ06CQw-0^66NoZSh&A-p!E<>ZW~@`;FK3`|Rz9IAdk>;!2XntQ_Z2j5J| z8tm4IfQ%f=Vd9S0%gZ3f&Q?}BV1yC*;m96N`BKOyCKdu_1^lZBthO1{g~zSWa&UcO z>RW}O=`hj(AVVgmg!n4(j0hYa&#$_p5abMb(K)&YcK_xAOkWt~Tik_B0&(I)P?11p ztLqzQ`Rgx8j0WRkLb>SzdV>oCo+-*3ZwM`M9Gro)4oP6jnrH-Plxmx95Xcq{d*V3!_NBr*HOFT>GoG?QrPsVTXP zF#?{D@rNW|Uti3>sA3)byv|A${Oi8uU#K58WuTm*-FL%pc4pYr)Z*m?lhT`Hi;4Oh zmN_kOz1XWDWHZc86WC(+x;HtB_<6jEblQ#UDkaUaw=%{hzLbBE>D#|AK+HthHPFI8 zSz+0s>xh_$*SOoGpBWpQg_Z^~xni#x3F1W#-1Rohzj^ic`%b)K@sR37N#*djXe!a{ldkI1m6I|tEy!GkPu_p zjd0Saw5%-5h1^kdNp2+BB;c$gUf7z~0b_VjHg%;y_|gj!J3wT$AWxeRc)WUbRgYr} zgpw$SxLnU+;sc2lV!#W&Ebqj#CEi8S5;0FkeF=9O5Do&39b`P)Z{i}xf4R80I7Ki< zg~V>iVI&RrjMETk^m1b|gtAEK#L*y>1egclqy$%;zRdUH#Eg3K2P> zE<;|?;X{YQZ%A%Tw&xze#_22fuAY#OyAHwHRU;pP>s#r=ms=*c1=_386(}O>UVStj zgTBB-#RDN%2rCe<-Bb9^7uD8MV_XD2v3sX9CRYS;1D-gfoD2#o`X`usmoLv{IbE5zMN*`{A1r6C1m% zoPgmK7WW>AbRpoPp-JCLRIDHpjjZlE!NCEGf#SC}OFuZPS-Db<207@$B_}#O{DEfC z(@l+GZh^HznV03|1+ur2=IFpsgdl(%S>UU!lY9dca&o@G!Lm3-a4GU_-_P5xt|gfA z^wVqHFwpG;Ic6eU0jZi);ORAwWmxkL)TDrjhQbbqG9kLq-NG4U@AYcd!IaBJO$};1 zWE~-D74>i{M-Pg7ZIynwKlh3fisSl4}%HzA6xqnlxljxRtl;bh(0kv1iid z?)vqH*Q)Y`bA|i-{r09BC7Ct*g?Y^`Sg9UQxh5qQcYSImzBtj@a?^f3;X~f_A8-9) z-ni3Rn&KVo{5X?j^8RDI@EuF@Ua2h0aqW!!zzX(I=ar2;`dFgpSn8(ijfm~NG5y6qQdc+VWSD>s z@5XF}qNQ2l+L;`)PE*l>JN5|~5!o<#!AW`o6MF6b3STl}Q!qO(KHSP=`+4lgDs;ks zv9Q>ofHt!FJ~C%d6kY+69^44LZQHNt^gBIE@K4~=xfMb zMW#)O4i0Bz$CgEUB2G#h#AK-d%8xvF1r-$xABdoP9Q1@mSIIJy%W^~5$m-dsMnhtT zjnhDTX{Mhw#nsKt0{4q|4Fhflzmv-6zztDx9LtD=js&3`P_3bq(j|o>&V>b47p7(^ zVb61DYxJ~80>?Nxsq@w4W3EJZR^m)vh0hd!^fdzm<0P~JxMhB8yfQLOX4X}DO^xM= z4J!E&rFIu`{bo>zlgQ|U^Y3HH;>GE>zOK$9ERPu{1x_NcMI|v+C4(=NE@=S)K%iZ~ z9EZY73zkgQE*)U6^OL)s1z{msDi3>81{Tpo(H*>YBCX~i%reSBZlEEt}8+sBl_$6`E<{{2M(0V zORQ-p`iEa<2b=H^Jk6w-?7nGhpf-g)*&8$#klAY(X`m=M1A-?wwBgGl#^^3lQ%!?m z5Y)C6!G?qY6ul3x^|q!}_jdZt@Y#cPjwkAQfqvtA2Ldfjxe3}QdUBQ8S8~}T+CNMMuVPJCjAj?Kgx`7rl$0>$9RouIKK)08zu; zofE>cQ%m~ZhvcW0Dt&xzbluS_`qFhD|6lTo`1ZJflOaw#%oEG)ZgxiFx~v`t%NS}; z6_F|*`?%j*pLAPuoM|`N@j}LK!Rv$(0d&mbsf1fg$p1WI{J1NhQQn z!fDDSSkUIVm1%yN(_RzL<>stOfsVyr4*P2l*5bc^<|d<5qvqM`yRr0CN_~a-9KVaZ zqFzH=E)`?z?k)pk|DKfTt}uykx1gOt;*PF+)(iIe`s}e?J<05p>uoeFAUIX*aNJkG z=(1zl=x&#d1;5|=7Si^ zOSB;9dx~Gs;6r!y^wh_fLWpOePG+}9y! z-ggNbvK0JHhK^T z!6-s^o|hKZ?|==gKY0XlEJQr9#=}LRM?2WBg^bD zB5AP*pTjBwoJKTZcy@+V<|AdKcfaklKgA8@`8-wP&Qx=r%`h@$rDS;E8?`0oue*yy zMFK8klhiwkiqcQ;lu{4IM8w1;*5B1pUc2+Bxj3@rA`+y8_xt%w*G?{U^$yqgZP--{ zYU!O}mKS%JwZryabgtdQq;Z;@S>DFGcXDlYB%0%y43$oXnkp! z=VUN{&7umbWEbbcpl))q1t)96>9v|-j~cjosU0r8@z7Ay3f~dx{zU^r@!vLcy}uY`g*97 zy88OQAr`E~kYxagsb1pCv8h_cEiHi%He3Vc7FR97A>W@zNktWfdJDOQ>T zCJA>VY-lco?|9QOBGC~nUm{1Yb1(Hz3YeB)w>$#!!+IrH|2EU!z2|X}3?b_sv1aEI z8tFGCA|pq5-JUATqHqSI?;!kVi5O$8sRXzvfaLoYSP!wTaEu#Sy+Gad8gC}3uSP&B zg|wHJ_7W6Su-v?ZJEw$%#Yz|gQ_;Yb-ydj2~kk8>hL3S*c!~B>oNZ~zsV6-N)DJ|N=Z37e>-mZ!vlmUa)M z9C`4Qaq|+MROz}wd_*KI{;ea}iiF$3N!1K^-%%1yIB=P%ir)7U!LSi^Kj<075x|V9 zg0M1$5)r`2Zah9aJ0WPNc!!^T%KWV?&;vadPLkU>IXShKLvf0?doLsmv;|c`(t?yM z+EHa*|976(QCq;j?p=KR3$XQx1Wp5kIIdetcxE_AuK<(;k>lj851$1e%d}nZT;hvl zf|o-d?s@?Vr|{*p)5x%c_vmQ5i{j)SbLUB_IW;BN0?pMFq^74Q@$lKo0a3txGUMg4 zS|qqq3znR`ygXbjG-VZcHZDZs`QfU-k+Ti{5BvdK;BTJ6W7MOZuOrz^|JdfQq zBg=H7{h9;&UxAN$6qqywi;f%(`qDt%A?16s@?p3|x;jJmq@wAoi)XFeCPl(b`%536 zUG1&)VtC9<@ul0pyqxoH^P0DzN6mIxq1`)o9^J#0KAOU7IoA3vJj+M%HCNR^i7MKz zxZ&w74XK|#-04hBE78G;QpU-y+4w%Aaya4YalrOESgyEKW`1gUrMGNzj-B`}pd?S& z763f*UKWDOEsU1G;C0GLB!9rsX?#M_@?p;MTWrH~SSlMDyn#&6xwxZmx~ruHF(Nf_ z7J~p79DJ`0K1SQ&MnpLS69wS3HL=$sswn$i6KC#o1?R%h_OTXYV=Q|iquIy?B;X8{6LhKObUDb`U|!IZjpPx_^*cO zA)=!f`)&^n4cyp@8yaRa_V18@jW23W(Z#OE)xuY>`k;q86Q#iAvcB5-{i}l;{93>Z zB^*m|DZteUJZq1MV7|!XaVI{TzBSOgq}+p}3K}VbsEtP8sDwlq4sWdM#fjWW_p=dx zmb+e-z;}Fr(`9KVc!~Y#B=rP~e1bs>t2}(tN~pj=o|8<-D1tu}D635>CfkIe2uNQ9 zrS{hy0PMg65X@VHs|=D#J)rTrBrkXOZ@5#AOlcD)c<_k(nWjgL_JJraAWKS1s|DlR zeYh2G8Lq}9H8sg~Y>!)lqC0}B*l?zxLijb=Sy;?tjt1KkRAPWrgwZ8Z9WiY9cakvP z52(O|@Ez_XUo_Td4!~sl8=CQnW_xLlYn@9R?Cj^_u78A;JT`wRgyLo3`hQWB7juO` z5>GNVjo0Ld=+)n{Tz$oLHPIlNq3Owbv-*5lI=;6J zua%zVy(t?y>-nf$wk>OY#CrXBe`>gn`Lr)hz7` zk!}ewM+xre>RlA6=m+7GP57PzT!!K%;I!tW<~0C~b+@QfU_^rLMYyNnH>|YIFt+#w z+MC8#!j0tnuqDTieT|>A%m0L7VO8P!94FjIU`;3vco$d-oY!PAPs51fq{^pfxPS;p z;J-DO`yk|?Vh(?-KeP$}3Rg8S>PO|2;8JrkArZSNS*;SlwJpG~5wR=3H%M#d)8rGX zs;%~V3-O5S+*0lEYe;iG^D92X(o7{M0bQl!&Fr`wRZlC69$s{|iiee)4s>|fZXd?R z$KZhW@e1Rdun!Sm^NhcLvad1kke4^fSiid6pknB(<6`x$D;G;n+rMI7k$oJ z%uCAY^c$|vH%kWRTK0S{KYf=;TIURN16gqQViWs`lP3*rbgwWA>=OxUv0G&jo*%!@ zk|MmVF3NLZM|@{WR$ma$fsa(JmN~QIe1fq0hUzt6y_R?uQ(v|Q4pl_vbsEd^ zMB}VM4Gt(!61ZFAY!hIXk6uQ5?E5{F!EA-NZ*_IA*Vk5hM@K7R(^QND5<-Rx3Hb|H z6i^d4;6T-l8iFE>*cN~v(ol@0U9>MIFjJgtzDH&JXd7Ii7JrEefqSR(iU+VKbgl#} z7qW7?DvP&jDEo$;U3R(s)iq@`I9&mh|4T%K!S^!2ovm0-aK&Rd^GMXD442z5Fwe(q zK4eUeQ)i+1uf;pV=+3m!`qO}H*K#Na$~SaZ{Xl1snEXRXkg&`enp?KtX}5qu4s;U0 z8HPwHVat=Pn$+QK(@Ff%|ip{`NSwh3Fhe=J!J9 z2J;FJo^X{4_?jxI+quGu1yi&qz=3f}6yb-6BHqKmu(M5;Ci?2}`(|bazI56PZ=Tkq zK>LEFJT^$!m7$*u2vK%Pi0&YURHjsFO5pyNY|kcptih>?uG*cv z6UAC}M;N|y8FZ<*ze^6uOXcr6S_XFFd%5;b3qg^+=L6H#q`1m51=K`@?hA82m5|7J zaQ<-jX7^t)Y3Jw2Yu7fhEVb$dW$m-^*qPcmCrUYI+ok)VPtxS>!FI_3w+Z+UetthCjy1c;ek@b)r0MyD&G(>Seu zc5dZonk2gbHECpPb8zQlW#cc9>Y~CoCjux~ScV%D4gfv6R}asS$iSIE&Ft>d5Y!p4 z@5gsE1;9&ScyWQfC^495Q?SAB-8%_5u7sHlMn`&ByJ$A)8+3mpTHRUHR8(>{I&apH zqpR8|h4y7s+z}8aCf1J!Lmg_4=xZJSAr2^*pw9PcwT(iw^7nj@PEV_mu#bZaOehXl z*cvtVd=j9*;==tyKzKm#(f`UL=^pY5glEj+st!~mWUCk$Frg`0{}m%a=Wmp*0w1}v ze?u3qjbirT6uf{|%CP@29C`>lUKDLmypB@M&?*f42v$?}*38cS6@4RGWE!|_V9boQi#7&+7SQZ)wqEJk54nbpr(>W0m{-L2Ehrh}i zd>j;=K#M_&NfQ6dQrwudlMkT{fg8ijx4rVP-f{mj6gcMtW(B?PAMp|TRZHXWbr%jv zu9@6wWHc%~Ni)FP|9hBaSY_2eG*pK1FOW-Zjl=0i9io9_-lad24w!+)>BrOFDO zj=s7Q64gWR@LB)u&!3faG(CMyZrXI7uBFiam*oZ7_swe>SqhA_GZW3fuJ78v|1wZF z`N9sdrLI~p?^l84Mq!Bp$}zQ*D^$4$NquXb25b2acauK;_0e;I9dj-QJJ(;sb`}}u zCz%>ITsmac-ibs(JqcC^H$=>s{R=^j77!3Uyf9)<#vg0irvRyCbN^E<+WL&MbK4Tp zarG8iNX1+|K7`^PH5}Hb!quyHxG%R})i}h(^%~y*Jp1Kdc+d-{S2gBua)0=4U^6Ak zA4tebur-Lo+S~j5ojc*>!cS{H;LH@T+h9D4$sh_w7@u{Fm6<(8`Az6naVJ3S`oyg7 zjuF@DapPg?(Li)w#O>O=LCNUco@1p2(G_cYFy*FDqWt(9W>-y;Tlff`k+9xX6bUdD zVHm5jF*AFI&IDO2K~7@g;!L<_0J+fLt0lmN>T2VKi_cnL!c9uuWzCAoe&{e}{tA=X z9e{p`3tuf~AN&{IUs?47>i~cj?^5%7be|~jHFb1~QMD4PazwMhn5;!RAHN4!xW?qk zP#kw=-Cwsr8+R-9?iO4>h?S}A6XUhq)ig)PLm8VDM6N4W_Y(^fj3XfsAkfxk8}rQr z+k^E@G^!N{<{7et_TGx9qa`IE*(8*uE^F54ZQWJUtSTV9qz8J6yaRtvSg|Mv2i>m3 zu&}YkH5s8}9CocUPX3CZ?mGFqT(OX|Bh{ToQ z#Ta6sDy}F=^*%E3(d5EGNaWsDJsX}FsOl=n-@c=;DqBV=K=3Q`iOL|M%40yKVscLe zk-M;nbXsOeyQ&loO02p+4)KtFkvU*%Tchn)6M4WI>C@ea{o!ST zjEM!+q`6667*V2@g_{6QzM{y6;@!`ruUtt^SHsTDKN|}1pGvVZa3r`~LERg$nFF4U z=dqITM3V*NWE77aIkNkJ9{rJ%$bb3kulG&Q65z6eA)iWrR#I_k>DF|WYOGNJSFElP znC{C$(oc+Ej~?9u<)(KaIf@Q~z5ti&#=vStFw1~Bqd8+`>j=~WdJ;79sivh3#T#77620oJx|Ebt0n)< z1&9!)sCFtaHGX*(4<^Zz$OXdubi~Q4g$Q2({i?c&R8duR1h#A1tdFxtVQEf`c+o>% zx^$Y+b~m)z7~;Y~{nlfvaCnp~VK9S^G{rZb6NfVrmp-Ye?Y|ZhFCS6&;coGc4*O9K zJVn~mcg}=dtfSen1<11&oO+1Dh%jV=Znmxarc&C658*&n!B-2i^gBC8`9sFvP(o%C z5dnqmH&7c!2)}{o72{+_0q^~l1P~q3?!uF1K=%lY3D^ zt%mEjz-0w8&uUK!flp}zdWreY)O_OX$Yion|ih7MJrco?b8;(B`@8(S91Q}Ax|UG(zA9=`G=V+nc( zHL8PxyP?_!@yYnleJSzrJzxUCHxM+jL*8p0_G)OA8gn#g@j>@8G7{d1(#zebeBZ#M z-008)40ka<07(2JU?z=4&5e6f1!V1@(Zr9vRqws*hC%TvV7fMFPh1o+yb?`;i~p>art~nynSl#4Hb@!)Oy}VS67Ad!u46Yn+5A!3la)ARe zwdfQXfv_f|6x=1aPId3FvT-VXhqbS6<2{2(ptFE+bTKlSi%x@*doS)FI7T!!@4GKBekGUiY*cGRc4u(wC z@uOQB`7UDIjfV(_?RPiBzudtuK?TsXw8T#$qVhm|e0uI(m#>mKm-8esc%;H`O+2JjfP5}U;8OnPxgL14&QaL~bfMK}Tj&bjSS zh2thp59Pq&K-{u;-#iqLI8L6tg;|k?(;N-a#Wlv?0PqfHJ`XQ1FD@EQIZTPs;lV$| z4$Z0u`4My>bO^2k=J>U=wA7Y56rMD|AsjKec4rXSg$XZN_x=ia4(`^pu&j^}IxzPG6NpGh>LsI!U9s065&L=uWYhYeqbPe`fGG(=YXz_s z0@}0B4~>mIj+x^2ZQD+7uX&rB3@Y>DNJ0wnm#Cm3u!cZUz!!q$S&DxS=e(eUHb8vg zH}S!UbP9h%1Vo{@hE)o_9c-24=0G3D@qd92x##qJ8AoGQw{BIewV1NsTxZ92;Xq_h zXYpQ_W1JI{ci37?8r!SsG*TwM#Y6^08uDaG+&RLW(z)erQ!m%s)Az`7*E?ONJ2s4a zlhT7cDxLB~f3DUg$TBp1R3@Xa=5KObT9BCj{Bm-tO~gp(SL2FcODngDzKiqP0C@*e z3YK(9hk1Pkq{yg;2dmF?Hn9z;_+Kd`agL1ryf2j{L%Om$Q=FTZX0mfMWBpv?WQ5P{ z5aHR(155);Q5J^AJT^1Otv3oc4BI6$KR?^U0!j}nJNpZC#|$EKL}Dc2%Z9EKmZ3;iAH6h4@BN#Rm~2tdj%*s49)M~hXZl*+ZO{@0#Sbh zkpZ!SUT>!eC{vb0R|zsY%x2t2@qlL<^6z1po+s!{z} zMh-&_kc6t=#%DxhBu!8+fqdIe7at%1MSzyzN@J>JU|y}NtjuNqOP?69aeHTop~UF# zxULZdOIr+#^?JTNPaiS)a}Z{88tuQ^W29I&9tzFKiIj6c!c$4j3Abi zCQfWHvYWNlEJ(h9SAgEIpn}wv^g`c@aU?M%ym_Y+SJ|;J$2T}9iR6h(m#pLl3C{ob z^V9)VO!09MYHlxZNsSaPE{m|cOx~Lw>$vZ%4iQSV;?0{j({(vOi7_Ei5pyXV%9?q3 zxvb_yWK8Z(YknK&=*Kr>ScJwYc3iYN6Xm@&9u{!pw#pSl-CgVAawjgStG^q7-CvE` zK>|hGXW(!Hbuyq!6t!}p;|f4^)Kdi53RJ={U&V2RtcKz*U*0LRN$l8}&_LNV7K}&$ zjOwxLG~Wma3kV!wUS(i(l3HXk91@A-7@o7oM;-nV*PzCCKPF!xp%I%{+%Sn#xZh`Q_z>F#+BWKqM zc6N-nIGj7KB);CUQ9Kyx161wRdV|c#bv@BEiS2#)smAT}hlTn7BOM|GHv?wQ{34YW zxMMM>IS5-703S$7yNl(B68>8j5%NdaMseoMW54d$SvNS5(dZxHl*;QB|P;n1ipZ@i%Uo(1N&)B$od1p^Qx$w<9;ac}t zcjc>Y^&cUcnNK1sr;q4qE4Y)li#gKWw$NbZjV!&m*MYBL~RTl7GM^2?dK zs-$ByqqSuo4Xk>WgVRP~Wpbq2vfz@8eMW}$DQ$1~I2f#r*^~rNG8bw~P6*koZ1NdD zG21mq(q7)nY13?-Jo!PQl0&hk_Ip8Ya(c>J@5=8vCP92E$xjZ28Qops5QjsxRmq8U@VjVwZo( zS%li#N+t*MNs#0u4xcw=2yzxtVvjUU^@+H$a+fuP|72-nV`NU7PmFGDnQt0%dAd#T zTjn-VbBC>06?HWv_$+QV4c6zHR2P?;>{L@%wzfHyyZSKi^jPK6m+E6SBl`_&^4Pq2 zj19PsshP{1k}$q+xRb+fVmjBN-FQK}r=MYFJhw#e>Ww$^{n-W;0%=)-!iv#h{(GqA z;y6BOS67srw9gYtFWMsd`_tt~{1W}X<^F?o8jFEBMT_aFD70sa>!}NiN4zZ0 ziT0yht53>a{`HjjiyLbGd%^;OUygX2_j=o9T?q-M^RB5H(!!HxZ!M93`_^LQ zO-9MF**4FIM*h0aT2jlQ=9;Gjt(AuAP0L)f^{<(TTF8&-0j5^I5N<~6U`QiA<+{Y*@m4V421Ro+BMhWJ}NC7HH{CdK=-Xh{tO zZ|~*)YHj@Y=aAoKCq88ORHrIctu|lUO3gWiRr=jwt@$Cxxbn}N^1U#`Lb2IHUlThqKwRp%TG;i)nF*}EEYHsWcN3x8kp z(G!_!#~XF-aM?}QX;hwXMMN}SbSkDi#lJ1e7{mcfzKpOI+LW_-1}E{@}feA2A|C56u6rD{9t;!5e% z!&1K1w~fkoCXkLv4|JMcbk0~IudHsZ*{MQ$GmqeyBJ;UVvmbRU$OFW?$J$7zxd+26 z)N6#&#RF}BKLT5cJu{BqX{;~sJLE47kd!ldHFDRRs+0@F-L>D-)_Zbw-zOzFb<#qxM+{hlsI=$kTX*OPULB zc324+Xsemut4{8BbFa-T6ky%S>~v_MdfjXyPg7I3-R@k8ny`@fm88}PhHby!5Buv^ zZZ>CS2IPVQCr@$q?NxF*kr~_}bjhGHkH%uwyXLU`4k71y_qKX|E`Kq5mx7GQSNmk> zZjoL|+qlU49d<@YLDRe1dK+Rd%&XDQ&SX%0SF2F{$17F+jf2ns5 zbCNI7Sk@y`O#KdkwPvYK)UpZvdFQ$oG#o>@(i!NDSkv{T)&j9 zqqAS!(uK)Dw=z(iWdD1!Q*ZT$&H*fi5Xa8h@eAWHeNk1ZU3{A;fK29y~ zv}k^_ESqg)SVQ+=g-*oS&T#pgyGs^_UK^Kyz^>+2o|cc%*+<#-DXOuLuL+GC+hNL> z)PF8sChAv$^Gm&@&(1R=2@D-G!JrQk_>0i$RMEoui^SXbyq*EWMi60tjV;w&sat9s z;S&MDCrl#}-=*>mwsi7&vqCF_0kHz{V#S&cna|!wiVq6piMzUmT{2P?DpxPLPNOIi zzDQxUuOY>yuIb+I&z5JJpH{Z5BYGysFYhBsq&i^Z`;3ob*t@wL)8BvJH8<4Poqt2@ z4Q~u3;)Fu4o7UCa1n2;$e za!7pp&Re%{VtK21=VSRk&!9ow*5rFmIPJV6o(B5|#kg1h)RNhnbM^PH8ftnXdXOyY zpv&^NDnX~7ho?6G{xQ2B4|HI}|JYx>+WPws;eRwIQ-z=Vl##(S^e6F?2bu5Sa=D_T zc9{B%>+TuiM`v^(-2K;2Vv~}@z8@uiN@iLFhR1wmPEFtM^OG$0%sHmtfAL_)k^lW8 z%kL8hMhfPF@^{_K>nd8wr+u&>QZ7vV_fsa*8y>&^AsNl3GV z^ntgbhBipC#J!qLZ}nmU$ufNO_eXkAVe$RpsRwJO+XEuXoeoE^_r-GA<~6u;GvI9XDqXY%R}*K24O$NL(XoQNJ6TBfAq|Ep;9g#%r?-(c9Sw@2kuWEEvp z6;4K3UU2ecw7&ba(SN?d&*Jy{xqoN7o%mIH^Cs8wq6N{A3`^~$HJia{@09Y`{C-vk z{TeTme13sijr7(5(~VbKCj$bW&K3k4^txGz4aV4MCWkp1?a#|&sb11#ay}Hm*CWpz z>7!lL5vo`-J6rIEjpsm=UFL56c>(ImuC&6pYZy1WsYP!F9K;4&?)I$?2s@Ig$iCfi)c zbmdcC@%zTnRR$xxF+$YsEka$=^)d1<^1b~ocGf=fpI?t`I%ZPcuhF?@>X-D|Gl?35 z2zgnxup`Q0{T799*gD&%gU$V_R!5TYg0JZud!A9Q{CwSNB=T2LDety_UDX=(<+Bg# z{mhYJ{Ef?Q@uSNni#G$M1p!-Y7e^hVotYa{1_qPuL=*zV=~i7^d7N%L#VgdzS|nFR znwpGK8s=?;uIi6@2&KP`G{6(e(IN#)oUGj}YvZJ%JwO0iie%8JAwO}s$Xr`q7f7*NVsHU=QU)VZc^;X$%>R6VAh?E70 zNGH7k0##Cqh=9^cuhK-CfYKTQi5?57QW^;g1k#9f(nbl50YX$12u*@?0TL1slF)Y{ z2_YnTTd4Eic;nsi-gtl9`@Zpw`VaQb-g~XN*6e?4&I^T_l?B65c&26B350rM`Zzns zEt2|>+gl!b2Me9rTFhtfW~L-RYnPSil^?OP&P|&pF1U15u*?NnRgS2$hVVzfdgtn2 zoXlw9{ceapU4wupTsq#7CM9Cx-;3ZXIU#TR8#Jg*?OH@5EDytZJgZ@^-3CC6uP2LE zpYgN=>lF(&;>gZWbxZ7FH{+km=KuZqFrn)qPeZ%3j);As?f@`YO+Ls*#~bzCMNs@z zTgJlVHk%~>+9|l_!e)bAd&&=XK$b;G#hYs~wD4CSmy`3RQ=y1*7=+D1jcu9=J9Tq0ldMq2{h=$QbukQHGB1# z?7+d4!==~lt_`lZ;PRwHm(DD0`dY*wa8XP~!nPE9>ewmx#XaWyiFC_oslgoa8gJYy zhn#A~jV?~kTmEZnj^9ykC-@FdXJtlgOYOnDpEK|988&LlA;Gil==X98Fo+g%W z0>%a#EOCE{+h5N4_+6cR#;UazQ*rh>0S|<*)v#Z?Ql2g)t-Qz5_06l(Lbmk*J2Q4Q z>5WiTn&P|GiRaS-Vl`A%;T-*H#3kCs2x}n_N5f_l90jB5F8EU2JWKQL1e4XHpc9b& zY*FCQrz~X_Uki4_7L}nD!#vbjy3q2i_ETimE~TE{E;6|6%ujq=(p6j@1)wGD&g@g| zG)06{_zU|&Rt}Hn?$vPXdd^ep0Gf~U-e!+}K-MkKMi0L?Ui}o1gj7>Chy#fq{sBw+%pfM&x*$TYgdmfzFpei%=Qz}m zPIt_&lh0Tjq!kpDh&O-YYH;0cdawbKi3WJ8Dt4pIBbd7}j(6>R{6_!{q(kVrUul67 zQabMkkWVQsnpK<$@%+v`(&uT3b4^#j1YX(fd>#k3ka4DUwgz+eo1kVhm!VtNPo!H% zaPH3nN+5xQaX5bz>$2nobaKntIH=HI^tOQU!ZWh9fkt+mIC*Az1f!w6(niK7^xt`#%IR*JrgcHR82zY*v)Vf^MnxLe z4fA+U9871L#YlhY9S?_Lv&ItNlcjE_N)icz?oeo`gAY>$==no{bW}#cXh8O%7AD{w zMXXOq3xE3Zy=zEjU8w6fDQ6Q!Nf5F*#hV-gKqeG|M-hy6=H-*6QI3YmoOe%V^Ya@e zRW2J0@)dKZ<3lAb6%I}DTjO2-^wLjd>#v`8{bS2^*|Edz$K%_!=YRSoi<{!Tj(BP3 zy%#$_?VK3O*y*<=QkD^g+5a-OzW!hBum6Xas`yOqzpw!R!yr_ReYW?GrN3k$XOq4Q zDw!cJNQx#aSJByzX2jQFhqlPO{PxO~A$Dp!qyXa#Xq0>&C0+eil*>g4nwR_%tN||{TMc^G6 zWG<85({9QKYF@yCj{<2xY$J z#x2RF(2kOK*g4|$fnkPf%(W+tvQeM)e)f|+WxiR`Bac9VUDfE=h!rrQX0?v{Ds(bt zVX|L$Yvk5fo1mQnBEMTA_H5i`V#hf4q=F4bX^@pJT7#cE^Tw}c7g9W*f*8lLD(N=5 z9h*)|8q~Kb$CNkV?)E4oGR`4~Q1L{u83h!!3djm|*eiMOZX7-NqW_-$3!^&y-pyT( zUJP$-Bz>Dsi_;Bz7*$utUkUiXD4dTUmQ(id|G-D}9HwpFLP(GntLdr8f^xhLSLz(m znOB&~lPlyOS=M}W(8P3wmGmqew-GF*#hpLu6Zg!2(lM<2`HbgO6RXH5N~ z8qN6V(i}I2NzgS87}8h+?b)mMVeptwZjH*wA=FvalYyqhU>vL!R6P_2YAw{SA4*9c zbfxK3dIC)~3;Mm?v+wQSuRNGQU#YHC5uBZk-n@GQ)zI=XA{6K6=d^ntE$_H#c~}%R zM#sm+F91JQQ5?6hYE@qas@5)Dy4!RV8R1tUzH(05RBFY1Z4^HC2sE3wvG2&`iwp`i z$4aoQ4y#~g-E&Nbg?tdv%3S<1mI9I|#^94*0f%Fna~rH;7>7vn6TE#**UpDvd>SF^FE!A_H)X2!`3^K~~+TlGw#Y?csDihnl&2h+V!u}|~`~rPN*fDMV<42{AJ(9Lrm+|2zDdO?`f@3Xa zNRL)9GC}gG#?;IPO>iXHICH01r)6nJJzXz+gKZA7s9kTM!YV?7^eKU1=NXJ*i(c65 zM>J`XmO=_0>oAHPemxjp0b@U*q8sY+vh_)txp=cP^(i@4;`MRTVguZ0Wp%$q5=y80QkCo}xuUu~0t@UIuK z*6`7>D5r&6Uu`R{afe2$Y<{i+64O4pTkB^KG&VC3z61JV>ZVRivPR|~QS6`wm1bDj_=FQG7;42ziJ-j`5q@1Z2SNL4agpk<)sXSF88p#4d z-n~xymmx5Isc|37B5Ei{BNh4D(>nGheKQPd2aqEJ5N#lZsDKeYWA0C-$awX-KBKt9 z`Q~5t;F|SK=6cN>)Twb`^XHltSm@Xza&~D)G(*W-)E&4RYgX%;+j9UwXwG&PLt)?7 zux>+xc{Xwvmm_Fn@w9h2b=q|n6&?7!c}_xe!qxUmKQvaW@Z!GPok^VrpGCRs-hWav zlse`_kk1!65cTc&X~ZLha7$8ZCLhdW;+dtf%Xo*f#Z$w7Vjpnx<~EeqEomPAp&GAn}2CfCwC^yaglG zg0xOt{UWaKF23-IU!6ab$?vN;23v2>PXn*?MVyN2HKv5oklpAUSYrFZW?xVtPs@ro4OmA4iJ zw@C0sCg8%6ljTwV$5R;8fQpKS@so|vr5^3v0dFUllf@O6FI;bQjvN1!bYtrGqa37o z*WPl({qKrrg%3w;nGHu!Zo%{;-+XAom_+~TWYG{psd5JgCAG@PQCyLOvlCQskR*6u zLobIo(in)rCkaAAij3z>m%AN7ATNiEOBa&kr(+KQeHoQkk9ll`<(C&{aCJN`XGSyt4^5t}(Td3WKh>MCg_DFqLcIqYz|%)490@*T=FFtuD< zJ>>n0d8P~=c9Co(=x>V|2BclGKmm4CG=RjtQN3m7*Qh-XO3v;}$0Y4-l<~mDT$;QO zenn(?xpO7EG{nVrsbzh6khQiR$rpV0jkZRp-jZHVD9xb2pWs@qZcr7;p2PBwc%IPa zz6fkcwQ`RG)#%#~WWy?i3*--$o?XuZGcI(cOGb}D6fGU$?oW-@T(e{7u(I-e z^#KEFzGkaV{;oNYmP4Z9XZfLA>wCtZ?=N3Eu7fy zg)tO#qGvTAE@-sN&+i8t;F~CX*0O_R3)!v@!h% zHdE=OX0@IdW9^ZyfB%zTTth4xw)^R&eZa5qi!;d0Z z|HRq29&Q#fHcWMmxk_Lyk7gFzWs2+O6RHx|GX$_j+S3HnDdxc=E>D|$t)O9JrS#5u zI|{n;m?MgFZv2?+x7uhe9wp!P=Z*C6EBAxY(x z591+&+<(p(yTUm=Ea7x!3?C{;7(aC^D>L&5eoVH;##Ye&*Hn&pW9r5AK;s(0$1^}u zQSyXH3>jnfkR-J|_AWn&xSP`r`EHb_^$&&0Zh{NPFhZeKKPf-|pwVK*A0!sc>QJ~{ zU(DLlfxrKYApc>$r@T_3D9P|$weemZ6P>^UwqR|@csM*wibXJMqQ>*rtWT1pk4gp^ zB1C3ovQiz8hl+9drle_&DVTnqe6lPK>frszv^<$8@GcOXbpW}4aM=*)mCiz+NHd^F z&UX*X^`E-Pn$7`^M+1oP9SnP8_(3FbFza7Upb>T=X9EDkTdg2WSgBhjq+2a@oyGY&qSR+J|qhl9YeI>X7l$YIUE$- zH~)$#&M@&yO+I^N-DsdJb7iSZZP_@|e6m zaN8$6<<+<}HF~`ZDY;y_nX9BaZM601j;54{(|;yjp6UEo1wH=j!z}+*Uwn4|KV%KG)7%)Z z1$DOKk?D+9(ciY7W*0}Qt|qOlcoIX}a{l>U#(7PIr0nqnh%yQ{w3j*Z>@ zrVnb1BUN@u1L?1PvSTA=5{qQ@)nD$)rxOlzl_48d;>1FRiIKbJeSj)#$f!m)#Rfi5yM6hX zRrPDZ2F9K1D_XB4&G8FXbG7DYd8EcyU>$EW{#?<4Ui?wAP9I31<{dMTU0~Eu^VqhD zT3{{sB=ceoYiT9VEcR@=_1@Fpj;Fo2Jg%`ZJ=+jm(BI!`YA$k7>r zKl((^C&5plz>PmS2o&Y~$Fc^sF8cs=MlcpFT}>w?-elAtNQ)k>inQ;4?3|W(|85x> zM6ZspzbI55L^e7V5A&=TgDBBfxPS%q2jCQ=E&LYXYGbXoK^4@#!lAr6ymMt|d_h5R zTwI|4g>exa3cEhqZ`Is{+4lp+&^F9vh>hZVG!!?rTGzW%b?64Yu5|M9o&mPaVrfBrSUV-d6$@`!_ID+Fw7*2JQ zBPe3Fmo^PlA3oN4LJ>S%QM}l)xiG(?JUHV&H)*^&s*=NdZ2*1@w|2kS{{%Kr%FEbQ zSzE)Be3cwMsC_U->K@l;T1rn2;`2xPfBCXYdI^y;Msfm@jSGlk<(DJ- zRGaQJC?}3lXYjek{Ec#0M4UvpN2H4RD6}W7P^|{I;WufYJ3LD+Ph(B=dY=zrm!1lG z`rDtl=6-B*U=oIkqssM*3`mAzB*aP1T~Xtgahk!oN;*>?b{R(x6zRdOnYft7B{ICC;^&l*i}C&U%e6cQsR z!I=D6u&Y zI&y&ND^`~Mm01MOV?N`rV&)+VPam_^9ADP0<*yR&GhBQ6zBXPJCnOn8?mkT90ZptU z-@V2pejH>q7n2-58Qom}wAR}VfLjJ=;RIc;Cw!OOk7empdm+`}uvM0+Wn_&X4pNZa zYU?y#o5J)L5*(n0+Ku(Wbj0&EqmXy6lOroVjv86mRwguG6~7uh0i=o3rYTHvYn<{` z0BWWOcsP6`=x~|gXHuDG-ogi z-xxtdPJg#nb#oNMCA8!i#*t%gw>1Pk4|Fg>{Nl6d^-5a{QAfXbCnb5-e5%JcnGf{Y z+xVlW0BlY?tlNXlHR#>kTgtqF$lm+^)BQ<510uGwItXJ?PQrxag4wIF<5_^vhgw}glxf(JiKZS!=l@8&2FCIE-d z&jPbwB`?vtNyuoPO2!trVLGEJSc~4DYtDZ)q>7H+d@FIT-@{c3Z%8hczdf$KcBxdC zJrcb6^pSaKUkuaB+Ol0_sXYbTn{nI1*)GCiYZy5?A;p)WWz>4f7C*n4|EpSx}YFZ%D!TmTS@h5Wkki$vI74V!2rEZkoDqrM>K z0wHMi)BOa*H{k3J#ylvV8)Xg|FRfPgVnP#2=AK{nV-4>dDF3#U^Y~i{xdp@bsOov% zkz3|#tQ(jyjv!VX$Nzx1+Liujb?_kNkL zRkH*2?eA-uSkMl7yw+WrUzyYvy zo3w(Iec<3*525L3#d0>x&@SZta+6c|_bwOu$A)uiGNIkir99qf!d%HSl`-)2w|}}S z=Hs;=N=BOPTCL_Ee=$%bgEkGNeU)~osl$2%Zc*x54?lD6$XL?E>-&Q7fSj0dR66Wa zF7ux_5u+hwln~IZSa(h>9ck`>%MZXCtp;q2O`V7K(d;{pVaEWt-}k6tARXQE>D6Ws z_raPCx7{~7f)5gcLOZWZ7K;SNHmSiZ?fcDDS55E4p8xJ}h`h)^tHe0E-w<1t(fNBm z2~E6qzNShIzc-`W9^T!hilCsFzpooZ(uvc;*LLqC9VCFUrO;MGRDOv zMS(G>sm`&?W1mp|9FC#_L)o0El=MHoFW9mY(XWzRLv%S$EEUsz7}J-QDHa3*xn6T_ zY^>j3zcj#6d&pfXfz9O;OMNdu6)qw{(cR=b!lC{D=S*|i^k$eaA8Uh@(+y@@u~u*a zK#(bRyC_M3b{y?54~OuK3!*>U!QC$b(Q@~pl0lDLb~9gCO?@Mt58blU-^e|#9Ct>s z68j4QXTj7sCu$5<4auD1Wgh_Fb>DW|S{hI3PlcWoUL4?CM?dS{dTz&=XY5g4)b`&; z|Ng%N(ESIPy1y>{ZvcmX5$FGkI0Kiu0nGJ}JM4e`#qB@BZ~p(4oN@!WSgj}y_6e?t z$&Yr9Zs99II&VLC|5g8O`_vbKvp0Tv{N3``)4OjuzfFEpnru=VebM2c!T0-xS~_8m zg72s9KbHRw$8v~Lo@-vjJ*#tOzjRJ^o*%q$-$}{nL|eq)Ce_4wv5`)RIGY{Z#=9qd zg~D$%ZXuC9Lh_Q70OL35@AyXJPoT#e*#B-{%PA=`1#(if3E7^ z{`eChyXzl+VoLsc(O)$BqDcPQM}M)%mwoV;82L*=e%S|?|6gm7>A76^jvWEPz}Z}@ zxmQ3XMZ_QKTPE?vz!OSuf@2#Vt8cqt_;XWVz3y?^Z}GP+Nq)=v*JF2e-mJX*^ETfB zxPA8Dw^sE{%HRL5)LsCEwR6Y%DM_YcrDAU@&l$PlnsF4gx+`r9mwghA{%f!Ne`l{~ zF|+L;)_FDe4hE>?T&&OMv!O;!qNYdQqG-j%QWdU2oD z@a|elqn7l*zT(1qa3D}}8I^EX^YdHdAw`_Xibi5iFsy| zI%_}aMcW?!y3u!sU?`1rtk?3J^$6Gvh*>o!dzXWS^O-Yw;}q|FJ4S2Pec?farc+46 znCl+8`AK8*&jv*y(-k6MGsP#?Tn%Wzj*5s%LiJAyAcXx0N$5+F3qGcTduMtF%X z3@<{dRjF#!Djy4@Qg3>poIQ_7hJ*#`DQ_FGNs@M%%xdr-E$-&R`WnNC& zG5BVxkcY)(W@pU6K4sAMIiuW+l7j3?)92S~aX)OW^(T#hX4cNvXNF8XQG;{k`&E-m zL_E=ajTVEB5!rtNt!&ySI9`ac?h!%3_?9NPPr?EI*rkHx&+|Cf`k+h9mqAP2UUDXG zP+wTI^}-##znxX5Upv6acB=@rYVhz5a7NCOEQ;*Ruo6^5RFE60btf4#ma;LB@M*HR zKWC0f6B6@{0;%d~w$bBiX9YB}fP6Yrp2?^USlC`0{URfP47hof3;og1^GD&KFZ`Wd z>`M}J!YhVM+<*-&8;QUqhIO31!X=swh2kD-F~}%|d}JK$wqVZ?Wb$k{umm1q(TSr8 z`*CZKclWvmP0cW0ftLoehYKuh#^C^TBnXkoQ zb{r*9@BY)MkoG6e=ATG%(bu896iD~1<0$fNVQGH*?8{=@pn)iBdzJM283y7Vw42u; z!!`1g>GltHO9v8O+9Z?7FoI&TINGsQR#XC8t!Z%8pY3eXz6-C2?bB=u~6lYV^6xSAw>&!Gf}Hsjy~LGnfR?GDlU zpF(GKGu3kO^`xT8pJ-;6u?Zl{>(%80!N>Yb4Bb>ZC+;Pl($iB$v>HRhWTQ5hoo(wi z)t&a*3kMGRh3C)E^r7fVot zLD{XdLQ@L_R-t#=D(P0f2!bW zJ)2HN(shsXn8Z6bqdfGlV(Q6yqy))B-5-3&FYqovYlW+XGJgeYC-25lHh}SznKXMZ z(vSh>=7F?$wlsW|A@HZ|!6!Mjxj@6ZmUD8_lr2rgJ?I>jeCL*DI6Wn2dfPY__Su{s za(bhZ%_-Gv$}~JA>Pd!roO~Is#jJS0rAd z%fUWGQGK;nW26hBHsW?jT1zzBW^0)))V%JDF_Vq1u6@>>tC?ad;U{u8FkaP`K8?as zwwH5s$*&LD0AEUjSc8`qM)UPlnu*h;Ux%LQIFue(26@|(anQfKEUM!nixL#xltZ8n z-hN~(_ccFLcCnoWGT$2s;&Kb+^S+dyGRZH&nR+kEY7;|C>;32HTc5w{K)Bm!oQLf` z%zp*FFB#7C;G!+PoveN5=uGm?(1@ANY2E;#MwL|{+c}i>12ev>*5_&9coA;w9PP5@ew_uyKGTx2mmI4LHH$0(RW4Z*gzo{YsF5hB zKvfG%b4>Q_4+^0Fe1yp~etx`Mm6bgnB`V7a%eQObK6nKMF~S0EQ{e&{8@IOK-FUW1 zl%_lyd-0@lCsU=lwi%&O1Q+ub5;A*}!os@uR}bxNVcfnys#pZfr)xjfyY-K-P=>0i z$}7s<&#_bEH4)RwIR$ERL`Z!+WR6!8L2&G>+e@-LrEGZnx;(Ng9CnL|o1e9B&m=#d zqubg#v?Il%Rpt6UVjL4)=FytJ;_Pfa2{DR&Z7xkrTzxxH3=4v{1K_fCP|?7(4fYbX zb*HR+h`tI_67mL!o{R`!RJYAFY)D8%HoKtGt7u!V?FV=#kl#w1oNr49gHAP#UD%VC|_)O zCOHohX^H0wW=BaYLr1G(L)dzHq}I5z-sX|i2T&P09?}g7K%g$3uQSn9z5reRn*n)8 z(GmtfI;SuTZ*H#TE>C4sZ0m7V0SzYI0hSV?gK+Fp@~14T+Yo6ehtaC4v)Z>>(_(yU zb#6$TK9!J}>0moMs$fC{p9D<7+j6=)+0X$&`ias}rIcst{&$0#ZXz;K9XH0QERizi3rIT{cs} z$%E(i(!rBs{bxoB7Q*qpu5)U=G9jLiKOBd%YL}a@5;YA%5>D{{;10wjJ7|_;&N%Qc z#Dg18H~X9j`q)*19%Q51*C1k^J8WLE01F#6j}h!88h!rFFv`33bazuFNq7%ZJ1wH6 zz1SDT$uNb@lLCU|&oc%6vn1t#zN|eS6cjw(s(_N12&qx55QsOrUj4gkx&J3JYTp9Y z)j_V^T#;QHBpFxce8heG^xm3qzL%ydQ@-5|Tg-HW1GSKnp3J^3M-O65Oq}U;4K-Ec z>tP}e%=vskAK%kCK=CuGbf4m^=TbO*(5HqvCWI5`df)c6E)0mHWRrV|RhA@#hy(f9 zLrV*_-$-l{%yBDgCrByf?!!StUmMfIqG~#24o%T7XWCiP5wUSxgipTlV7-LEkDE6(7P~Cb_rS$LeCbfy;X7N5a)uWU=n#kpUCz<#W%1da z*O*mS#G9v!v-MkUp#QvuyCcsJ7=Ot){q3#}YN}gV-v*g>IQ9+)v#myVscRjC5z(sZq!E4$M zB|`&fe3dU|)Vx0UPN3%gbf_|t@mco=b6p{Dj6(1m`~X>U!y_JvxdIex0w$neRG<@j zGlIH5!3qTl2`EUUmsTxWTgZwEU*%79u8p5u9C>W{Ob6ZndSMEa$A?2&K%#i0GHhpg3sgRxq`ldapj5w4vCFH!l*sg()>rKc_L$3 ze+$@E%fDdXB2|Q&BnX4%GL*7Qzee94t9qJqDZf8wP#nTwZ)kVa&<0_|4B7+Gql^5( zOBQ-4li;4tB8MzhtBH@CQ5LpMa=w&4e+H`j((qtMiK!YN%Ya8)>reYTLY4g-tw&l; z%(2NM^&b<7ag#pfjh8ypXwJFMQ~*d>4V?m+YhT=l<#vrpEr~OYKD9IEDy!W?fV{|D zq(L7wt^Oh`kbIov(DNQ0{V1t0@o=$sQE03V65-5`;;7;I0S?6^He~ooc=o-;i1C>D z`upR6E$`OuNKcFDX%9U*nlqgAM6Z$&#Gi1bIB#v(<#L@EQp4MzH4H=`K+9nBt$1Dl zJ|I6X&@+hE=^(MK>H2-xm>@8%AZtEt$!fj7lj`V5y&NSHYn9JaXVna>7jidjWitDW z;`lqKsb7n$>iE12SJ5EoTugZPOxBO~CBPtUjwkI4Qryc#Y4~{R(sZq4jfi}}LICPYpv@#$#nM~{F<2m>Q!r|5k~Y%t z`gvZG*b;5gFk@`(x<#(mu$rFE0Ym~WkAa@B$9b)K$U~^ZRY^&Xk=CttJ(^eSxw^8F z!inj78=qdGzY`{g2{nc;9yw(PiNnN}HPDip^_0gG$FfWi=YP9-hWVqD@txRx_D5(Y zqKiI}*uI=JutVHBMjX}>8tK2G=1NQ!bbB=~4p}MQi&~a9)6v4B6t7!8Ovu0eo){m+ zLMfqw=)l>3I+`{^d!V`#9osQ8Q7sf{2_EgS0IG``x2z;_2o4Yq8;3c%YfiaBtK7{M z)P3LFt)g5*xk3$Iv}dkdQ+WlAPtXipOf*v%-F7ysh8u>PQ!pL=aF7nOEaWXpg1$Wt zTSRW*7T@5>KxC+R)!yVL=JjcM54(Ug7eKS6D}w#K2Vq}H1%s|C7EF}q{f?h#Gn81u z&}=#6>XFJ0M4^9q=_^!ma3bzb;`s*wokhMzLna>CZWht>+7h&gbc1n@UHM8cd(j(X zZ_E!7^9~aefpgd!e@JG!A9>woq9Nxr?Zd`LUoI56SuE1%htq6ig32Xo*EvdOO*)}; zDZ{JGpwJWA^*b+yrFdjgr{xo%I9a|K94QMzlK^RPvEMRp%&XLK|IqGCnj9oot?(Gg zD>l1@=pHw%iw_Y!r}ZG7X%!6DP-oM91S2i%K?G^`AM~4BzQHp$Pae)nt9MgJdYaj6$6;j=rHT@!If@my_o?`1kO+%wn}*>A-_r>rg7j~qJ$spI^e5FHd~k`kECw7#-HeyzRJ?F zA2Z^wq>$=2t~BVw%?b|SZoS}+?Q`xIZ{P+HFn_q;@{@R5TLad(fyT=ISimpSqWT=S1KR znwq&AT-&`}7a?Gm=X5j_(r2MZw~_-~`*GMxxc0peJdqzm4DX zBwk<2GT~T*8*xQ0CM*;1z*tjlyq#yf{Du0Y!6@4SUxJerFoL)Rc8cT|6!YXg8-ib! zQbE4X6$=9bLGWH<`QWQe%u}tUakMmGy<@X?CxzaEo-{5soq;1EW>w?)39}3y?py+- zN9(XjaQk!8sL2w(_Bxfd*1PFc8edmzcz=c|JskljYBT=AM8+yJ~U6Z;&@7x93v1m?hiL!6& zPjhAp*JEsq2H>ICWHaLRcx?quOhGJ zpxr=pUN3hwS*KHouiA! zkBYVr)PBlS-0DzG*u)Qo5A!;+6j%*X{Ci|mkL||M2fGItHjgj5`aB5e8}k6-VF!vm zpw!<5 zR7>SZMZn_mE%x6L@D-5k8U^xVPBcBGhzlGDc4GsG7EKqj6iMP-!;Ncz#@*gQzt#tyAWZ>cddi^+oU z(U*ZgW-s2f=-35CCoZvi&KUmNkcgM-@I7Aw4qqK?{~9(^lVgxLxHZn73u|6-$MoOy z{VXCkn@bO1U+?vEm8KaPN z6dsE6r8JUd_E<&`qutXWDYU*lgVi{_xOpxkh%*PLy^Pq_k8iGU&*Rvht9>nMyh5SO z9%XCkF(no7_~oi)=P^YO;;XvEJlSdIg&)?}>Ua9APGgp)6dQ|5f;KHgerm2&oLd=_PLw z^)8{#rl2!>_-ph>kggC2ZgQ8kJHiMhmD0&C-qPT3k->sb<0(IxCu9Rv;&u8JxJ~6$ z=*>ua-8lziLg3W{k%*NwDdyv~cxaMdsty)yxH1Bq@ya%?jJbMX@s4J*LGkK7VTi0N zSKwdMRqfjTCuZ%9mrU|2&Lp@WJLyurIqyX&L9c%}n@>4eqfwC4*-o6Hk~fTw?G%iHaJy zk%fIfenCZC>W_V_d@wU5yO2G<*=w59F_^KAqIRnqXy}Q6G=I9278=Y!{-mDj zBie++#n=3gDRem*`g{*=Nm9Q|Q8YNl**saMkL#Hp?10TRvRlR#7cIt4Ng%=6k0}1V zYxHVR++tfxYqw>jf6HT?$~}Uy%Y0l1IWAVr>wNEtmLSZ`n>R#AlcQV2dSjNZ4D%oa zC(e##ICS9P=IW^lzDUCYc}Xy)^hivC6xy1%?ROkdT9Am{_fqo7jf3c zSwdmD26bS;c@S1?;pNq()}0Xjti%)w)dO8#g6&uYdLDWO1UNf%zfH{CBG7!>*qAp^ zN;bbhZQ*+?N8!s#lz)1E7`Zh%v>>N z(K{4YKT|-^nzh=lHN8XWb8}2~xksgAuf35u90buy`4ftHK0ZGBrx;>xwuU3~aAIPj lFKv4_^*sZc8+$M%hjU74!}_E{TQ;rzIj3K1&R+ZHe*>R6clZDR literal 0 HcmV?d00001 diff --git a/ee/images/try-ee-3.png b/ee/images/try-ee-3.png new file mode 100644 index 0000000000000000000000000000000000000000..aff654781258dc9e007219fd986bd8fce28b087e GIT binary patch literal 116030 zcmeEu_gj-o*DmU|3#c?f0hK0I0qIRez|eajG^LYJr1xTjO_$K5_ZmW^gg_vmA|N20 z5C{a677_?ZmwuvK_WPb6&Uc+Z;CrqMl0124X3d&4Yu38wo|R#=+Ii z#ZK7M#>39e)zi_!EGr>wxfo$Nq|{Jx-U&p1Ft!xkPwo6~ofD&0RK z@8&#r-z)a`S(?&Mc0hBUmMKJ)q#ib9)p(WB~$k^Sz>X{2} z&ckWwZp#hk=Euc3`T5o^os(CqLiP{C)XjPD%`O>(X2^1B*D4ck_KCy@cE96F9w`4E z9i2SId2Za65!RN!u&^*QsAKd@yM8Y+GAFph%kZMi@Td$V+u$~j@!+d%$X^#9hw%`fHKs4WM_h=EY$t4*2k@!Dst#WolG zM=C7}6oUi!3%mt`58G@3ziLzYAnxVE0i(w2SFHW5W)B17$s#w^xdg?J8+xGfhUSI=@jtiM-jaxF3>)Q#o^AWAZyjs(>p`m)C`1{;xb`FHeVVVc|A{I|44Qq3$8cZDce#_7vH{*;$C zZfF?C)~HDp6>{VJCMPjFpyufkRfe@$*C|UU`fO^?%Y6~cOo1DZgBt37*1tnrp8WRL zWloj?%+B6*^rho!zSlYpsVa$>>rx=!pWA*g;2_^?|CtJF)VUh0SP~!;zI+agl5HIwxJFI@ zzBxE!cZ0+OQ0u|-(+5!B7Ex_QMP#%Qvj1 zf0mdcWNPfG&~c3ypik^Afl$o=RBdZo6h{1!Te9Dzi`_A^s)=-iylDSoEsCSOeDbyV znd%=~4rBPTdLglEkF50cX)>ays08P9muf$D6p7Y*wzAjggeOSYj_VVk%tfrC&I4%D z?E6x;bPHhS{BW4zo*s_IktX5i&((xqzLk3Eo`$vE4!wD~u1-5G@gbH6 z``iAhlZK{$fr*JpP(;Mo7_#|HH5e}s?Vi*3^78t;Cu2F25U2db=9+%wRR4+t6WIM( zZOqd$p|vl%x{AtcyF3vRH>2g(1WR>lC|x3VhGEKA8Eqs;pVPk@RAeT1BP$7r>*%+a z{g5+6COlZl;*{)X$>+k?H_6CtM{T0gB4zI^f8`6395B+JCU9EJ3hw?YZ zD+dCspCxRi?AoE;*}AiUtFCTrOj|1i*xzvv15POgAvrP{tt?27|?BM8!u3HX-(XoFrv(6gBqKyQR z;N&}jr+_bijHA6F%Bg=u&P|{?aAOY-v4dfQ&&t^<{+7X2lU#|Nu&|e4RvW#T){3ic zx|DR2VVQy3C0Op7&cX-%x=uH9uQ53do>69TkR3*-xKxD!RodFtknELeD`;K7URq_t4x^1|h; z7!kGEy@z6@3}p}7&D}iX7kR(sB zH}?G$q0FpL8}2nK~myzYyv7rG^_P7>_HAi)22qdr*-tJeWNg zrYY9R@K*kWGHNSkApB%Y2%a(odzG=UwL-T*+|Ny!-;K*7ns{S&*s^5Suk@rQ3|a}@SX%Mt8w6omgV_E>9wZz_4Cw;L@lVRfDP zE^hwwDpeEB>TArfdKHNp&nAgjxQQIFa%6daW;0c8Pr!JucDDw%f#}GQ9_`B$&!FGQ z;ApH)UV<)lmUZaPXwThPTK~AFSki>p=0qzuas+76XJv7h?Lq`QcMR!U>K{~b9aWrX zkw}g5b;`jsE#S!)DWn{s$_6sdqrtpu_u0d?stQi#g$nVr!j`KSmoA2sNJeC>@AqISb~QQ| zvqSab50Wb7j#hJf`K>Gw(i%s*;8a<{kEUf-OXh3dl$-DydtuEPD1%fhV;_(+tXa0i zA)ZY`YUIek=I&32wiYdNshpy}X(~ruQVz!7Dr=~vBFmDZ0P@2AWp_}olWOJR*dDD= z)}Y-jE%ZdTolS6atfdjU+@#uvk+K+buquIFm!fP7e`kGrEBa%j`&6u z$wOTaEygZoS8&d2h>@teGQJ@A|nkFv*3V`0~ymtv1iCTdA(9JcR4Dis4Oqug%y7$Rkvsc~4 zLqae0VMK&f6JX__p0d@y1hjtBCB9!>(^R(wkok*F8Z1| zBjx;@GWssjpWA$7)q=Nz5i)n>;WbD8qnaE5MU};`jaI`w76MiVb%yvW-6_~nfFN?E zKQCRuzuY>pN5o$PY)%wzl2EUXU|TYT=85)&jSKr+d_fRU>%R4h5K;=6aO#e#E50F1k*m2QOIA+gby&>x=g4 zs99NnPt{?!R+L62rk~?*KQTw&Lj_J|XN3B`ay=x_$}WC=L7mYrCXaq7(OPi)>0|B* zl_1_eBlfKHx-#89ArUhu+;eciV%h8T=1BQf465A3xCZbr&2B5ud(LS!&$o7k1#a5> zsA{cT+AT38Q`ATtm|Qxv8NZm4eYW+*=)+wK0#B|3(31}5QQ)AnjXt&*MC3&Z+fQ7T zEajUFFkW-WB9UW|fL5KMdPhQ|&dwGG8-88aH*PirO(bO?*NcH0UlOx6x2C8;%0B)s z=ZF=h1-tN2m~oL%lG$Xk$w|-=Ui6p|X!opt?7fhdSO1pniBYQYz^?7#ctFb(l59Oy zlC{;#Hnu(r7Wzq2O8;qB6<|M#lv=dGAa%(H9ahPNMqP?|AwaOH%aLGSCD2cnI1Lpx zaQ6Xh-J5Jp{7`Mz9glxivQM<@PFYNcg%EU$jx#_u6RKe=_E6CIH3ponJ_~54(`@*W zvY|xb>NG9vB9NSotho%R|j=8>sA+N?p&|+^PRm9&#Yq)%f zhb)G+%397yFjLG{)~w6kZQ<8}I6h$jS$i*Y9#$m8YY&HVpn*Jfykswul|-QfSrqG7 z(@;AfP25na)Y-C6lU+SW77{-bdatn4a>2l(YjQT&~GAHHmPwj66())-=S_cuL(~Y9QzUx-r;cN69p$ow!Bq_b%Cmh%PRx@ zZMoT!#HDkA87s}(*@flXi^l`>xE(HK!MT$r&zs2TAVo^Pcy;6J;8iXB)5Jd8#C^*$ zq4|Vc(I=T3E5d;`<9^;&D}S|(KJg7}4|{(0kIZbUpOrZPVwaRfB@;O~F2laF`UE$9 zgty5R1}|6R64~{q?vtX1rX_A-E!|@yo#g)%qoFa96}i>-{aH_#VW7%e2C{_o72Aa< zls!2rT;x@EI@oKH_`&;NP6M8MNRyUv8{B^$<|X`$GfaL(r3F+y-Nh@6C%UaEV7 zJ@HNYJ#I$a`E}mZ^V;JsmR4xriYMspi9u+z&FRbtO0D1D1-D*0p3&!8-YRn>b{778 zxA0`-ps4*s%nWR>|?O6PY%+as*HPEXwjO-L$_ee9#9H1q_>f_V*c^b!n%C34Si z?#!(QocBH++ba&&!cU%1e(^xpGDn9u5kS{y;d5Q@ap7|Zokxl-Rvhubk26=6uZ7!+ zsWfx`DfA(-Bz)y>+Sa$@GYPoG6nws>G&FU!XgI-N7 z*2*ap9vkZ-G%FwGTEWeb#^aK#Y#{@>ZEfx9P{lp#>h@UH;I9W)j*$@>wo|F&1)~e4 zHsG1EP(^rX(~qW#DoMCiz4pUU-N?0aukZFdC&QQa)MrI}_{W#ty5*>akLy13Y0eHL znKHTJOXOTJ3YrB@CMk66vho`+y;MVPhe)mIPa}T*9}INgTlq9vw1!(!p@7BPat^Qw zSCkJ051;SJ=w$oelVx1759pIudZ>gjEl~(ur<%~*`VP|9ty$7_SH+WPSEjOVzZ)`1 zzZJm;O-bd;R>vN6=mTwPPMLXC+BkKR{v zS*z9U=H;6g2-{gq1#gCw3_|n4^5Nz^0c3YA$z90P@PfSP^JAU+LOSzRSe3%%SKoVw zbd)N9PU;#w_|_rbzJG$V+<@?BUu?y?t;?pYZ3K-G{XM=@0;eyriWxSwJeDlc0`PWD zZ)35P4WNH=dX(YA4bWJbLgGYB-hx7fT@5NVqb+FPL5$|ic zlhcO~De=7k89)6-g-J>0U~2YD&#a96H-M&d{@Fthw?cHe(bS~E=FD`FN1!~Y*3ap& z!^T&up9PbCixz-E6&AXI{#&n-GYy&3XIBLKW729idQelOIpEYevm6dL!q#_wVPR~j z(t&w*3jA%4y}|l?&+L1-``&Y2tl@dh!2wPaqZ&+1MyYrCqHA5-*eH|%4a~S9)1~_4 z7MBS1X>qLVt)!Xnc0cPN15G>vWE|iCEPbZ4pROlILdT!|IvU!a^|f!!mcz{A@rL4! z(R@1?s$3&}5_~;;o^3vjJ!h)upDFNtdNsffg}s|!PokIV^vpGU$aNIA~iWC(z z8jxE_ffIe_=4QOx>}&*2asbq|)rS#xIZG-nWFz1@Ia7CA&mHVvP1Wer@iUb%Ly^!B z#Gq%Nd|u#DP^w7N^S@(W(F$8uYySG0M+7)Zz8@ra->pjulu4u~`PJ{NkMMU4nX`-A zP;IQ8WE+ygw?0bF7bQf5mu~tU{6R#|v9#VJBOhUp?6vi_vU{SO*osE&2Rw=&ccv}r zI$Jm43;D`bq8Ytc2DN)Kc)I6O(|J@o*&wOH1H5Jo8B6EsWYVRPMbB%RO*gduQst#p zJZh?L>64SXP2m(-qB@DC9^8zMBJAMJ8@|UM3@YUpB4=Z=N#YKj#BG=_f&=}0;hR98 zKM_M;3*JnBze(CYOZGZ+$kBn0&kg1*H!A}oBdP27(ZPneuw_%lpns$9%1Fo2j-k}V zbBj^1i*yLZyiqGVsTs^-HY9pqn{T~FKCQ!;C6=UkzZmq-a?55+T|D4%Gua&w_MiE)d6aLoDBZ z5;aBb4{Aw#v=piPOEYXz_O(>6#lGbOyE^ig_?XtOOGS3Uv@WQKoAl|H(OLPUomugo zo^;NX=C0GRPrneC2^k2xZsP@d6rrN<)!wr6WRr^0{`>b`>%dA-QD!E*>x(11HT?;S z>FyiL3@h%`{G@jyS}f+nX7H>C%f7VL@Iz5$XgXYXyD_!8AOFtzA%`t&zZyxGMX<)EDiNGv@HMeX!ZB zR_}2GdaxgwE}Ju;2Z;@?B`;$?;<5wG5kZ(ojq+7s!jZ=T>BV)rEi;_^jRPSYqf)F@ zXhB=U*(s@%J4nYV4U5c%U8fm3is$LsCr*gJ=rdve0PW3XTq%g#y7QyuXJEkD!oWxJk(jcMFgc_TeX+80Nb^&fty z{9LOo>-OaVGB)|rl)YBS%=OdZ6S-CF-G}0OyF=WVsymjclYTEiKr@Xz$=)1T1yauN z^4oj{9o+j>2N)b)w>qNhaIWuX>6C;-418%*0VE2kV|MLL)zAZ{Prns>D&sZNY78+I zHkwM@mG8q(dKw*w&{8n}#DV>nPk!ugnG!)g9Sb_$6TZLJZC!n5@(L_hs`Q;>1RCjd zi%X(3j#b!BEQ6b?l=-|KzAgZ^A4vDbUP^F5oN?o<-B!kZhhAqw@EqaFwXs!(k+&uC z-x3O6zC73+!ffLLw7}8x0c%wep9YVpQA1g2sr2kRfg?Ue$Sm)n1Kl}|qn*7i02E)> zS-Q4qWhJTI((G(*vMa!HDZJTuTnA>{4MvtL?`<)4P=S2BoxM8L!_#wa%W!gvNX)^F z+?q|WPWK(k6^G9Ka2}fWS0abjFnACB{WVGowEIC+R;u;3=~9%=+gaFry*iT17j;s& zZ=iH&X4aR|-^H2gILL^oyr!hvvn4W8dwOqpqbd4+#T(_rlc_gWq5IIdOhOV$FGHb| zoROxxUIk|FkB^_IXbH+F9B2vE+(sbUJ&Tsf?-#*QURE?;fI0zda3x+L8v7#XFe&A$ zzKR9w`aX{BN>7ne%9pJ-S^4_tUkYb0i3p3Q60 zu?XbrG~lb`*tNuqe)c%r85`pQ>80~e&neJTPX98UU_GrMQD;Li?IAvPb=h%^Dt3v} z@ADKH^xwJ-H`{nsthol+XL1lkj`Tftl0YWK?!<^kkemEEXQ~AUj3=#v$rayOfqUj) z4l@n2$dR6R6=VMVWdFk_$g0NLK!OK*6uQ+E))*eBPf)1X3DzS7R(5}kAumi7-D<}D z6Irl@=|!xdx(}LsVozr0eswoagEOCg1>Fx{)6hU-MhjqjS$Ry?J?$hlh+ZqX2%zim zr-`7k9{ba$9%`J+FX3Z!iNFzeVKPI`*&1WIl+R(EpA2VDB9_Lln z564TTD*pW8AlyrWB^am5r`#!Wur0NFS!h3p^BSo)6HpTzm$dIr9Mqs(1uGh}+w?hO zD-;gv*NwOxglCSo7i0KK_*}`!k1_XFX?kP1QQEPEonnZS1d;Q zZk081h@=;M*XirON;`N{0?Tvc3oEwVEawP#`eH5QYyXPU4fq;B@O;+U#h0&?d?7VJ zaR*E}&)A>}p&PPL5JJdMC&+Rh-wTwJb>1*XYs7^4$0d zsg(O1Xmp4V)>&xQ=)RpE;)20TFAHNbykXgF`Y89L2zfOnjp!RaAeam6TA5K)l$7hh zMClfJq-yCRg&U{plG&mhXvnCZkB#JII8*3I)#DPsmIGR}6GHU$_hTVtXkO^G^WpBba`v$Ii;vkK8 z3!LXQBy6I!T>{^8bl$OqyFnaFVoS(90dxmmkN2{rZr1ASi6HKLz*oX8DCHYb=SnCZlC4FoPEgm1 zfOV@C@Pn3SS>jU7Cu3!;mmhQMY#kQ2W1x)A8*j{_+ zt#IJgL(NHS#ju0mP3x;RcB_7~Yi~+I3_Q$=+Ju3IL(Z z?2|-6i+*6>MIN3f#T(t5xa%e4a+d0(fXzL0g|(>|N>V2f(AO*l%vjs%bcjyw;43oB z_VdIThI0e-Snf z8zYww2BM207d?zFJLX%m8Ux+I=m+$Ppnl zo+EV4l!R9{D{)+Y5Rep_rQ<4%pu;jtA~(>aQIp-F}t%CYJjw-1n}_iau|HE z5lefN-IM6|oHN@a{F!6lq{8lUqXKyBw$Z`fHda`Qpu4)uVx_H@Lyc%H%*MvM125rl zA4VP#Ekls9@FUac6p>*ESm+>YK|9zH)@3!pCWiyVV3BC{Iw3Qoj@h^6Up2^WdaW!a zaIdk~#QV$d73^%|4Lnr%18Y4FjXUiPCSQ_3fe=1#AN6)T&TIQsO;W(3)y9OWi|w}d z0E3hctnOqZA;eJ22b)xfHT1mWt)}WSQ@Uo#@zJ{KiR^}OJrH ziMID5$Bm$)mL)vHUP3CJRf=;iqx#+*E;OkCQ+bz+@HP6^*O$5+4g8(tkqTO@ zb@Fz^4t{a*_5PfVVy47rTbhB75Uxvzmf($;GpRxO5lSX}0NM9;uYB6JaLH11#@oGV zaAf5rx+{&R_9Q9kbrQpDzo$V@s=)d!E{xUcSha>y1k$q9U9)Q z7#c>K8c0AAgaZGb`hxRw2{LGdJsDpw_qXD!(`_nxa{BBIDoH|iNhcy)TSgb#PS0Rw!!0}5AQVJep}*c?_f${X4UST@qj#C;RslM5xDWq z2vuqUl9MT5U}T>&bT-eN&d(wb?|3P=&*W?@35O1b^;*o*F>3fI^D2|^&5*xTy@OP2 zl`|QH7u*{OyP}^?#B=j-e_q_3G8YEyF0|y3sn7uMu(|p!z@n%K)aZ(t3_Rjeko(Sa z`s4}1^8*R>C+FPHzXzKLj44! zDa^v43eFHb@QTN~bUGXpaa3X@O=)4^sCOh^C0fD_?+o`&MUjTuk1&PXCH77OO`QQ7 zm64z{uNUof9$!YqwS4Jhba2frJ5S}RKpUS35y9K_EKzxB;IYis)fK!@{b$v(bL#b~4DK6tk zy8|$M()jRnu%itOo<&yVs~g=S<33hqHXIH4LOg0E0+Gc!78MGs>{zKG0e%&Vc)sC# za$sa zMRAKojfXm~&R)`e5CS)^)886R0cQ+=*asPs@x=u`^Ls{bTYxOI@;VGFfseM$gKL}> zGw?`CZuH$I>5~P&5$X`n8TjtT`rY5l5!!tGdz?9%(&>_o(6w~bM&!drabtnKlYD$8R7;iW( zO_cViXblUCm$lnK4G1g2+S`mug{bUijhtQQC@tr_UJROF1?-@5WKf%20vV^rH=$~z_8 zHy(!%#pGAaLN-1Y*#(Z=XJ2)&SRe4i91S|h2Fx=n_&79Y2d$hS+#BE3t|olfB4zzQGX`e7R<}(-!EAE;gV)by*B2dT(J!q5Q zB@C=hZ#VN^09G2XhsTWk?eB?vO7aEGT=;S|tHQ^jP9G>kzE_t%z6#uvNx)|-fw(F> zlO=r7DQAV$H5c>si1daU8QiAW-KFoc9h;bxASnyjNoLdh0&K0nr%_Ae*JsGDN2;(U zC|70jnIgM#|3?Sp`#!y}4so9mG076VrL;Or$5*3~LANe&l^TDuzZnmR9I6AWL>33? zZxc<&11rf>MG~lgwz&G=I@j&0FdhYcHws?M!Flzxr8+M5W`JLdzQ@MOXNzdqR+<)#p>$t;tFC z_g!{1T{?S>m$%r((t61Kd0D*+c$HIUHxhf;nuFk@M&(cMU0d5JDk|EYt+`w4Me?AA z_ef0$KLQ7{@Nb-5-@}&Z+>PawQq}7qSsDrJh)<^LjKBZTz1nO3u~qZsulGz~kR039fDTwScO7Kb(#9llz+ARUnGBa9_T+e&Sej?j6%x zUH`Q|-H;|fmtM@h_=cDh1%Hfwb7Y4K_;^N6^rY#40+CqUF>+`pHvPV|m-!+HHQla|Cp(!C0&{55n z2{f6}Ci&(75nw z4Sz?-|1D4Dlh=%ymyF3nhbt|L@yPBNT_f7=QH-_>)pb-V>&JHVOK1J;8!UL4=?$v) zZ=v%$RsC2>4?Mqv-dOS)12?RFrV2Rl-vT~SB1n?L@_!L*? z+cs-GL&I9`MC!qS8@+cr@7ew(491orGDX!~9}d*31T{$B;H37Yt#XjM0sp(ZG&Ess zZK`UW&XN&GEuB@%9d(UbrBGDUvVH@>l}FO0ytJNMrod({MnPuesmyXW^83$UR^TCP zNZz{d#s8-c8bf|O=~CbaEphnmwzF8{kzPLq3vI<56cQ)+MIxk4nS>zR&QrU~o+ zH33LdLbzkP0Cj`@%Gz<8|5H2v*Pj0W7CBbg|1dKD(U`Q|&Ou0ndF9()?*{X=y@M;2 z=gzVJOPKhUG`s3|A3S`A_PS)nNNxx9NXzK^XKWJSq#(s9_wvi7tpD|>?X_@uj`-^8 z>if>4_ZkSx0)3v11U50DF#lGU=bIgu7&@tjwSU{NvlluCA`Z zF9}@n7Xqle=BjZw$|@>^XgTDm;fi+h5Xm_=>P6Ro6|87|l|5GD0K5>;b?Vm}h9BQv z|5u-ilFurSII{5A5tK_UK_{Udg1qB5)xYXjf7e1bke0$6-danLU zVKN@J)Wb90WJ3w3!N=6@W2vPi0=JxBa%8^!ZxyVCIczPBF`dxa;gHuZNz6UVcmKay z?Ofb6zWyUgkUroHEt}z$4L{7}neuC;G5^&Vb@P)sx(FXul1c4d46FEk$Nrl#H|SWy z-7^JGm)pB69D67l$8&TM%D+aUj|h|e#?Qje4rdj&|Kf`32G7B~Gq3sa9Y3mVDw&}r znIT;0Sx`{GWlpOr_1ilG#nn zwu`^DmCNDUbmTraI}d>NE{`iClnztRRF=9fht4wzn>2%<)O2*XHdITuX14qlN6r)? zI>a-Ao7CQ|wx}buzgv&}?P^Q28~(8`wv0I?x6*Td+@y#iL8OD#!&Amy&gMm~3Novh zKg*1++CLg$*GiXBgC-@6JfdsV`k0%?UsKIiS88+LX8BQ%MQ#2cO3mNk%{ z_w3Z+dy}?GeZXMDL7+g5clx{tD9@^H9=sXeLkC#c7c6QM=dr%EfQ)bM&%#;h5q*r^Mk|1mN1B2- z*WtrcD$uU2T~Yw3*tG#1b7o@!H0Paxnj@2NlQ^gmMDQgnrj{AK*A7d1cNu7t;~Eci z+joFAABH?^Tl1$L^kT=?4Jt@k6ueM?Ei?S;hBosbB`4j*rd(zz$hMFzx3LfB2wBzI z**`(mdagI$G)Sw#LGNWpt=<%cohgu#j zf-Uc7T!>Z|VDIbf8KTfDAsz;!f#W4O;*i@)pr+u6bE&j3hYx&@M@?#C``w{eE5dtb zu0WaNw>!8m`OiZ5+R-=U1+$P94}eX!w55VMdfLXuYvkiSYrL1KO_D)eFnYY{u5~~W7Q4DGji3s`Oukv9C zV-ScrijUYh=wR5KPYgApj&Tyw)(&|PBJHoL^1-tW5l-#^91Z5*of^QcXqKMCTZXJK z%*`%WjMM&_;9;t-e^2mp14qqSB~RZA?O*dhG-c|D$O$awE_+}4cuLqjVAy*lWXq_{ z8+A1AVIk#HI0(A`tD%huNXKG$x2n-NvC8~<)EdvA2x~y)Zsq_0T5F4y4c_V5zGZRr zahAm7vQKIk^lr5)NE#E+A_=EE?f-poV>meUtzlj2fYRh)=`^}YVJBTyP6L{BnFWT* z33-5N^wA$Ge4K@C%s4#QSN4!yGTJgVoE}`{)Piz*D+n9VAFiUJq9aqd?Fx&?X)XJD z(Ao8~8!G@S94X|N**&m%^qXGzdZ9bb?xUKzKEo!(C!lThMM(vU!c~i8t7g5(|(;&%6r4B-E#nLuV<8Db<>jZ9vz4i#Ez{O!(ELscNWzQOW zJ;W=RC38$oIGtAm%1nib-GeB1$1eQ!3R*az+-vNWR5R#(-d&WYv1 zEGwk~RN^0P?CAC|PyZ@|faQ1Nk2dRa|b)t2NYdQWuO^}B=`v7MvV4iyeyOs zfdT6?o%qn)Cw-WmJdVaaW>dN|N=9R7E*!rH(Yb((#(V<6HEerHg}zD|5>v6?pjz_t>8-ai97(n`BfuJ8>9(!Yy*eCrr9*qHM?TK z6~#Si2s zg;o*p3;E}?AFG^ZIx!Y_{`KoiH_zV+T*(Ry4gGBH(RowqFX*Y9?Zvi5ZyBOIQQl!T zGlQ5xlmRsd6u8z0)bYk~h^U=C3+cZ+YE6bx-i^zIWBf+A2QQR-c?nN!B& zxfSq1q$ARPRIW{N3<&Z6bBTeEXztXjm8%6C;w!Dr)^&UO}Nx>rI&DgWsl> zscK`B*o=POeM?2#`YojRNo|3(O1vw&`ug=n^toybK=XCY-z*|WVLRJ2etUWwy&(L!0 zYW2hhrrT>qqDIbq*~(2AJNc8lsMtY(gQ5r_Tshd(jmJAP- zqPY>@nM|@~*Vb@F=ZyCzk3p?{w+OpJc2OH==q-9*l+UerZk6yicX%lEzY1Cy22vM<}dLb zCnqO8yuB%lU>eM)JcJXXrEYZ;(({bgf`ZwliM4GoXE4$-8Oy%? z*RRMbpuDO|k3=HLKK~X*<;Ir${OM=s;4t2Fv8K3Km7kw~cWd0u``d>TMI|M$va&LI zNbJQczvG7fH&knK84G>@Wn^H=d!~HG8@-e~#Ah0auP{d$#cBzEY*SEb>P3IGBDTPp z7VAozs?~Q?cy@nuyKUs~bjw;0(~=YzPQ5z00n6EcqOb8yU+Hvk<}nw*!eIQn2g=;H zXfs&;C}{nZ@XoBp+$>9ZX`!Z7#Z-BR<%>mTG<$6pV}Qz-$;rgC2q`xQ(=wL z;d#QIciTo}6zh$$jCu1)9b-7q#R9_-y2_N{!63p`xu1X4ZjPze?3a!VP(6*RIf${s zLL1gB5rzdKtmSZv81S935T2{P(?zmM=c`BeSc!Ka~0wyI2!vzdiRbb#UOb zxGw}c3faAKu)mdoPrfdD$6Vv^kV>C;yOsD1yEG&e5eSINR6voohl1eZ{`dlAyu8%8QmI3Zy~v>OZ?eu3L(O2dUtI$NferQbcf`dF?Ck6=oIjtC zn3zajTr>iK1UNZ4sWuq2w!ZGYG%EV$&6`f^s)f&y4Aek@N}-cWZG3g{#=qI~x0eYC z2?L}i>Tf&7XDySsPw_EINkIrS_^W>(hR$_nDgkLLhrbaZq$J!d5YpY|OI2_tIP z);2edY`K-s%}m^$Jw~B2w_m<|$;ik!47XE|muI|wJrHj``ukrjg62cme~^v;{o?mn{I5!WtKt9CN-}rRC#6wB%+b^YgZiJF zO2RiS`D30R-jIju21k5`N2sys<1d~koG>y-S}!4Hjm8hh(3=Q1oKomA{$#waWY8z- zFzPK)-WN>I&cZ@eEI&rmujwc&7ih@|zM$V_nC$fAfMnc5QL2vTz(TfxnsR;?)4};$ zeg4bCd1JrDr~V_TT^HOH4~NM0A=#y%*DwFMKT4$}8HGcXLm%m6uMd}z#Qyb+qlkhn zBRpup>hfAsx7|FHMoUrnY_*YK#L%&5pX7Dno*2r2@C0s;n9M4Euo zJ1Wu%C{;qUGm3yxrAw~?5ke#(pfZAhv_KL`2tnxy5Ger(?K}58Gw=8Q0pBm*T90eZ znk53c@2i}%&))kwS1iMBIS;cS@bK(-9ra-yI_1K@k8^IR2JKW3vu{lh9={luer-i` z7gONh{rgUH+9~d!qP-|z;6m1X;>R0mqte=K{~hOE^z^Vo_1AhTrMi3RG@k$DFX5>n zEu|{@?{A(EM>Fg_LUkg~ee%zOR51M*JzV(Ts4c4D!f|MZY&Q)a*MH#Fzdtkdxrh36 z{eJ@l49EYcaRAvSccmW5pHMGiw38GjGJO6!G?v;~m>foyb?FP!uHYJvY6b9QAeEbQLOGS9~&EMsQ6F$c_sWC{5!@cttdBKeBU&uc)T#QA0=5^ z>&+@j=kiOW?J-Hxoej3C%m}=SPk)ecEwj7(m41pt9`c_;gQLG??Nxiz+>yS+1_t^T z*RRgn^k35L{MhjC1Dtb12I8D!7#gE;vp2Y0K+_{bLw^RVsuqZ$3X9LbAiY_iDaK-x@*Ssj%$-=T zgfty1T(YrO#-5x=4|(zRI$^mvgfKmpKEkGJv{apPb7oy@{Ci|C6T|HykXES_+0kj8 zbN_B8=R6sqTd^R&DXXe7R?DzuWqPye>yHF%jIE~+)${(OAJ?C-ryu3x^>`_xVJez9Mk8$~W z2y06;{xvFL;qU55>T2Zrw6}Sq6MIronXY28PxzEM$1>u^spq+%{4@eXm7Mf57$}0PqLhGiuz(D@+yn^SX zT_s-DtI9gysD=l{`!kI{_|4$F-AtVxS&j_$=uyd z`wr~(ahS2jJcc(oCZpigX>7b*Xa{8~wHJ$WwiP$HY-(v73w^JYo!f4vhZuEq*b*c1 zq&zMx(a%JY~!E`QA8%C)=AaR;!lxEYl8*49bl=$^o%v#$Yg@6$MK z+beA{72x#rX>{PwmE73Eg7z+&Ra4YQ_koFMb^F@FLQ7FRSfz|B0PpWpx_0-{uDD+C zE)c>mPxmj)IPO`@XxY=Rrk;_JTk~vq`}Unz?7g2|iW9r;ziu1Xp5-fa^y~?9=Swl> z;o%P~D_O5#0g0UQ%!m2UYZ}%%dFG32TD4jG;Z9};oMrY^@v(Gv&fB)@7wSjnmKr3})!y z5$U3uvZ%)F%Jtcl@zayvZc{xBQz8qy8tn_NHVxAsosAI`#7vdA9ntU7;ywIOIem5{ zWV|VEf!w$*3;Mb~|JL$2@?U(uolgeM~9mhI%e)F7$P=dv8# zg-<71nNKt`BFR3>Plj9AxX5**86O{&UaN9j?6@O8ikGR0b?wTiaLZoJ+zfPIFT~cu zmh9!~($X>pW%Q|`LQkVpSc6?ljmC;kmvRqt{>zsy#a4rN45J4_SQu1onquIatVs5+ z>4Pq?lP0T*vM7m9_AGoJj$^M!Nm8DaCrfzX2gA&w4#trzu?|HPj>^$@EE7)S4|C(# zSe1FFQ2#2+a$7kqCnxle8+E)d`eeJxhVr8I)%$P!{IKomm!(mwLu-VkP6i#_p5-t2 zKXBp8gXaPhQ4!zQym*Ubm-u|<%A%dNMD)j80f~sqttGm9MU<{A4XkU)#dO=%PL?UN zV3xD37KYx7sD-_J{Bb7*hFG^fIkIB)!-bFVSBjOrv_8T8?_c!e)62@X?fk{k%q&4Z zUD-@KcUwvB8w1~lwXC`A+y9A8w013T+D{RM+jK9n?-99uuu!D*tva&`cHfpmnOqM=b{_~7pm3E$Tz^7~a z5I!nqLME;&tEjZKwAfj7G?)(#I;!6}dOp=gEltzKl*n6SMLH!A(}_OBQR%G$+dNlh zNOTg{Zkic+1$jOR!iFQ~4MzptlhCE9pilTpP)kz_e7Ze4nm5MadJR*jF^iRvz3mEX zI`QUKPL&&LO_COnyju6jQ!P?D;^8;P<`;M{n>z@rWWy=VLWgN0igqy=zl=|DqO3^b zb`}IJm#2!LJoD$~=5gQ3DD+x?{LJ#lCfoJFZ$UI0c26FkHyqgw`&LIN*7S~b@uir* zI13q!;W5#MN|^cL{F=)e!CcB`53}-l5fPCZpWglYf=el;Oz(tIv<>c^c;{8>EH}x{-&0>bv|15%cjt|dHq*xZJPE>~4V&u+h z_Gr^|iFBCkLm!&Tv;F7h%CnJ$4wwMw-kx~cdfw~q-}L30k|`95$J!Vc6Y~B-$Hq7- z0A7m_M!k%t6C9QwJ$f2*pj2R{p_*B{zBnK`I_4R=dg#Li-q7Jj3&)6ikj}jH`d&FQ z8pPc}&)xN2;{j#f=dT<3mcM@fyjNZnmf(}tV{K<&Fu$&5hAvJbyIFv{ z_C$>F^UjTk=|E(r8SRFWav@Ew6Kd7{Cjmz4F%alVA}k$0v>h&QBTB#R^mLn^7hgQeO}^kH@$#um60H#8i% z_M;yaY#S=2Pj+tPKf<{^Bem32ho=xCjRM@#Jr1<+zRq ziJ2AKWH@ll3~D!0aWQOf1EQUAy{qJuvdg!R5c+5^x!6@qjM1lRmlk=8$fbxJ(aLm2 zMR^<^uNmR?f=ANSs+(>hELUW+FIv_*I?cr@k5nz$|BL4t+DcnpkkiC zWl*dGM}xs`b!(9r)X)pt z$5zDU$6UjBDte$iEiFO2Bz&y{qi+hC@!Jh&dJ<_S)XHXyg#O&zLQMtd%8hvC#OnWd zd=M0VL`EP%$}qiau|t(m%J%d!*(@pP%UPf<#ZUD|p0i@zi8e|l5Y+WeZ|j$odU=)~ z?3o-H8S_|fQ%Le#c=^WP&%)6$ht5~$g!v16)pOc@;LJI-x{%|?B6MMWE;^{4bLI&=b>E~jgZg~{df@(QEV@Ln`YzsGV@@^y}sNQCa#uTC=jt${8%WOvZht14Ka{1{JbbH+?SG0yXb0Z_-VJ& zt-D4i$;VaHZS8`mOfQW++12i(6z++~yHtu+Wag!eE0{wrrK0J%oN;?BouG~$cw=PR zLV^ykXKTV0-oU1(cGWE}15zZ<{GZ?-odx?oD}AiQ-APwxMV(zY=@`_dN~jead~oPc zdA6PQjs&{Eejgv7?K=doTD$+1mYzn$Wp*`K7kEW{KiuI|a}i)y0zM^0`k5rd<)`k{ z+Vjo*r;i@8k55cbiKM&C&+V{nyZAWxjMmYUubDNqUth#oEmg`zYO#WP)wd@a{s~J{UV2if`d6Vq1?9?z9jyeLgTbQq4fePS2runR&@ZA5-2%M>1i+|g&OI} z<)r2tYwIdhCJz;r*Vi`H`uf z-PNw9p@vVV25lUdwZjN6j{Kj!gy8f7PM!lXtgCZ!Oq3bgu2~!5gZ`3||NZsJq~s*d zoS_^0k=FXxXSG+aUMZWpanj}6&w|lv%kqg6+{ZsNg8y`k zar@#wcFUkNE!_^YIuOW-E00-@PYgO+-K6B0B}dvvS8>PFC9|*57LCx44|sXbICdS@ zPYdNG#Y+LEu-Y%re!UbWMOtjOqpoqvbua1GpGA#wh7ar0tK59??SZuCDmi@>sFf*s zNnz1E;p}h&t&K@$eEx%9qb#hP6iUWhYAj4Dp7f&q2PS&rZ7WipCl9F1!(;?auUW>Q zzIkQk>rCe(BoV**^b1HDXl9k6UC>mb6tlba3Oaso_VX`3^a_&PIQiqpkMxy^%U#O< zlLBw4LkhIIAiO`561nyS46rU1Nym>LPr@v`r22fxciNa)!i=;Q9no*l)WnQEY4L6w zm>o_Z9U6L-F>sdjJuZdP-F@xUhPy3cS5Ws)%oo&mmpmtV-(=lf+ruC7D z!+<+qNRjHV9P~qmF4;oJU!f z{hlJm*l0>;%`TUv0mF@=r`*R%3He)nNm!^&;^EMG%c8j1_|w*#FX>0m&uh|S64ruvYVzxj@^R2l-@kFyoRt=hiB6|KVyKnnA*kz9A5qb95}_JQyO2H5+uNiaiJ1%LckD6o z;I2PN3!fH5m;mS#bX-;;Man^I+%x_9uU)th|M3Y{rCi?&XAjoeh6spgL4?(JL)TEN zKP2};F*-0{kL7mHEzXfi!Go^V<*5Hkzt_S*MLil=xz8tT4{vK~a=5p?PH-Rj#X&7J zxgrBq)_Z9zO0wQ*_>xn8B#Ceiun;bI<2@Z)mH>j$j_~P6*ZS*ZJpNn5?-}xOMnu&h&cxPW* z0e6DC5n{pe9=IteoS!UVPjd`U5^E6MCU@rKl|3zSl!h&{D%#(+LZ(5A;P7CkPxVZe zgjtCjApF{p{_<4Y1$HB^%SzZCsz?JA=5jnT#50X6yO@5%^)r(7)qg_W#;BpX{^td- zatJEH1=A7STemtKw`#zW_>0yeYk9o#Re=?)`0H&xr`n{yK1%lu_rE~BsML|EK~swS zY6oiNf$c|?%Eu!!W7l(d;zxkna;;t_Ms|4msI+%g4huhNdI=>$Vp4*vo15EK{tBaB z`=bOjWG<~JvAAgMo`U*=URqpk8gc&K<}I7|4smID)3wJdi?2kS&skkt-7B{DOWvH$ zM?gF8eu`XPUYrTcN^yFXMz`I%?S~zU)|(EThlQ=BJj@^rO7NEnCp)X6Z}FzEWv$~v z7!qfT)O(%j30}DxjPl}Qb6D0uOe6zlVDi-MAeY%7bXA^iOt*lqyt`^+PR@DZF3%9j zzIhX^5{MfzKya2%iEZ7s?Ne`4oRfoaFp@UWsS+MmkL7-!Q~*xLYnmSupD)=-TwmDQ zu!AfvCU*L$(uWFk;J=Rqg2l(|-?scDe+G+^h&D7>h|=1y00wLOfs^N0+5Se7w126} z2~9+FkUyia#%bhFwOf>ydxp^BK@HA|;DS8FcAN%c_XXg|A%V-D@j9r z{T^sH%lBRZq-R^}o%;0YQ%rsA7J*$8d2yO#0m-menHs^1H>Qo*oZ&u)OC>TG6Ch1h z(DeKzpog-<=AOigsgY?GgjZp6tupFiKW;f$4c8}RWR%Bg@+WHAEzHd`9?*yE>z-#{ zhm&>4M{M7*V})>>n4Q1ghESaDlo5LVha<0v>y)YLLF?Tnoyi)NGz zP(7iV>pz?`&)mL{AY)>QMq?o*t`H1_6Z7+>wh9O=1uA!Hz@az;0|T~SDjXjn%{Ge? z))pE2_U!SG^$d!jzrCFYeko((z!ssiw=B7e!gHs}c`Mx`tqEP}p$2|_Z@@jpCy1QO zZvFfjfwGjqxhV}&-y7Gpa9>=|m~!cB>Y+%hgvWd}c5{vo!7Y(t!&)bKwOjOD>q(hk z?c~?;9}KDw66ZxNdhg79sIoY~dpaMSIC3Mn-+8nHwd=2+-hKKd&y)8#Am`(O-*?_-2S+4JdCksWMPq% ztl(6k!L6S!FOOsr0=EkZ(Y}9e>T2U_+;})|XJbFHpB?ZYJpI>F0r+dw&SXr5WhW;We*S#9BMZfFt*dQ+<<_}4|GV2# zL!U59@U3e%b$MY*LzKlmCEJmP&%J!lXBVGxMo4fW!2EiQ4RKB+$)4Vq7r6et-H(K+ z!*6@b(1g2#24DH^5aEqTnWRtBcHKr5UDt6^7i|&!sXG!5XpMgXR}gwVa$({sc!}Jp z8wdDTrfs*20YFAF<`-Ol#jfR}Q^jz90oFDxvDj&EtIWmc>A@s5>m^1L+KA>@;;QK)nYtnhLY!WY)SUw zM$?5X&DE);{cIx>?=tdIo`bSn-+C5-6kfmSr!~6`pMzWegj05qDS$HDy-7#O%6 z>|JoEW@LESxw`!0jUGHJqO7LoG#IVChTh#v(+nqsg@>CEGoL=)j%GDDgoK35&CQWt zUvENeOkdv!3JSvgC`33qg&4;U94PVVEwqVx0zAOg8#i*(($kY(zAT1IiXi`ab!Mo= z=L7zQdsWJci}hk+Vz%$x*$4Xx9r5BXxIf0#wXlLXLkMCxRo!@W!`WH+#@~Mh&9m9; z8Z<)%PI9&~714nLxF>P`dJ z%nCnsbQp=M`j}t8p3@vBS^4W8X+2MmFDz0h9?W=s@W+QWrIu~l?&K}09-s%o3wfX) zv%|`8#3!4&_5g9!=psS z`^zg)pSS02Y;5SY==9REGG(_;u}4u+W%c#;0zwkzK0X!j#nIv6yxYUgHc{C}<>je` zM(O5PujZga7bhlq^5XN$DhO?KQ7rGy$oP1BPtVnyoSZZjblSjxcVyie=4}*nSsdKe z@$vDeF$?bL&E1wxk!!fswKZjzw!O#lm({ zfx**7E=!@rrT7T=4#9`&31`RRF1*bt!$KI6Uq+E#k|w;g&c~caAo4P7RO8=jP^~zWwcD>gC$T8dYUw5BOyD+ut5`LpmA4(_}M#G0Cfis+>Qc0iQs_mWoq}5$#BEdHhprb zMcK&I)CpBp)pW-sSTJ;$XjrWylanQ&0PPCR0Pi6iZkIX^_tjjv^1L}ll!lc!jHPvz z+fbLGd6qsNaMIJd;2gH7BK-y)CIGh^ZltLGWIxV-|`5bRzacu=>JKdO)TE zg&UvDfb9cY3_OoTM(HYuCli)20d5$>(s-~jYeJWNTyEa{1eF{d6@=MJ=!548Us;@l zby`|kX?5}9L%2!on3WZ+SE4CP{m%DSvEmwqV6@!2bt}@gTzpVigPh*=dgd%=nxs$@ zVb$8zl_CZE*oG@`{rYw4SC`Pa@Zz#@7g=bx4MDjeKfgFX|6)W$MB16#xv;wF*h-Bq zZfC%_SWuvYf!xxP12O2BjEt^@g#{Gc6i5naDl{2NOi6JIr-ouMFuG7<#Q6kgPj{m7 zUcbHq{T(b}2Lf}ny1ELc$Fi$=myV%Or1lk4t1cp+k2xYGH34sPTtNY^S*_6U;|5YS zbBIpC*~B6Zfc!xn5FL@--&<(pW#tO%udThkH<0GwMl$J4S2clXgIt~C;!?0}=O3>i z0=2SOjSkDF>MH2!%;0)URLFk1zb|fF!_Z{uyytSNfsv7gkx|SAZEa;(*J@|Z)a($m zf{4+YAcKUFUw{1-=qOV?y}vHSNnj!Sh-*dIL+ZDL?F-pY8CGpNOF^ds86^T3K@gnWPy8yMwz_)K;n3-rIk3&zS&1cKo1WMekVowtWPcg{@Y2qr;2 z)Kcf+`m)+Fy3#_sTBlKhd!0!=oL&~dJsM0=wOi<~!h94~Ze>yOy>jgr^3JH@uxNC3 z&Cwi74L?zf!E2VqMS1oOE4CvuH_0q{kI90!2g|Oun{pB@C?|qt5^k)DDJ#$|%q~pr z@Y>823t*J`#Yhg7>&o2uvTyN=fBg{;U7tKn4a>?zvTL210UUr|_-{YR+Bs^03K z_mOr``(%ONS-qyYXd8z8KoScuN-SHSMaR^RtGJurO<1SD53)-Unh)q+I4O*L%)JlN zTi>Pzcsw*Do~!CVgg(>r%Hn{ax?}$dVF8cJud5~gn3j*EC1`lRSXi#Ygr_=IW_VU_ zd#mxOxX`6eE3k~)+K>pLtq^erS|RJYrPRqZferrv}qIdu?Xbw0>hM2NTa)V z?|%B^$yG?6gLj4nEi5f<@lf3MPJY>db(}e479LI#6Bi$axClUX>(4(Q{qxUP?b~o| zZ3c4Iug@X9SF*F=-oM;LIPpt!iX<^ZWdMC9W@S|X6tGK5N_zV2Sw#v)BCvVq*&yH7%*0!-t8GdMV! zqZveCe4JNsXC?dr)LjF!6XXIVhpCOUr;C@3_syae@kI)Vr^e++FQE_Ohu(%09Y zX4m+#G~p?{06(kr!mPkI_g%L>h8u8$hU*2vgCQ;aiVU#YL(H9k%wYw^LdP5f?~9C| z1%QHy33oUs-~n05w*F34TAJ}L#h$*te4Xh19vmtbnFm-ZN=iyKH(TR_ViK7oldPHX z(o;o5fxY|pAJ^1$BnC~B9}9{CR?F}1zT)++H%Ay*@ZkAqVFl!xNI+xYF3T0tTD_thD>gZIMo)&T00|)8 zRwNA>xWE6tCO8wL^+xP@R@As|Y{ z#njYvFWmIlk*?Z)LrqP}(9$w_m&93jl5k>T;>2*A7Q)8gxN&2zh)5}dkeI&aTLS>!E+}XL=MWHB z1oNM{_=EQl&@Q>a5C?f0IqD!SeF@+&W@Bv$2b0sA%a#mkS>~`WJN%d- z5y5|F`G27V_VY9PVdcO#!2yhd$B(xqrKB**55qBgE@>$XV8iKvi7Ozc$T>CG+u=dA z!1gjv!AS+&t*;m0rag~O&krKI9ja#p$0f7|(EmxI+EKe8?HR#3?S+D5^y}9gi!w_O zsJr5gH<(>n<33g`Jo8M4Q*fBWwlRVP#wc{MYI+A!Y63<-l38yOvDohhkR$gSvyOC zMOt&?<93~k7bnPu3Ko!if8Vpm0@mqTgH(So6HiHJaZQxfKk1JO?#JqtasAYy^FwKt z6RDY$?Mr@rF1zI+_Y})&%3GM~w|ALD#MtDpwrW187gzq9b`}0-(eM5u+SzdE+wiwn z2OH$(>m6(x_V{$6`^LN(-0#_vWxY;|=99IR?G*Rgi8(ztwU_xU?+UV314`{Pq5lxG zw$z?0MPaY>RPaZwh3d}eWs6}`hza`DhiorA-f-h~4(F9}*Ww!8q!U^je$&&l-u&xB zhj&Bw-;~@nH@Ck9;mwxg=v7H)EYcZkj*-j-ORp+SXqkmql8)u3{)<0vviZ>P^XBWn z{(NEaa(sV83QsNj8Ix;AtYbX&75z?)gG-`en=o4nd}M)Vxk)DSK92` zjH0i&-q+zg6?+{pzx)pO=eg=Ue@{aTmOe+QC+M>AvANk3)_!v+(rUx2l2nLh)E+=>L1G0Gbb53pEnssW(Wf~CXBL`dSA2{X zR!x@;gZKl;9y9VnckiCz@KTSy;;YCi-(2WW=U0$nT$B|yr$1a$1$mDHTZIBiMj3AL zMUMIT;O(-*7gOOXQRlNZvLP)y@9-y!)-dPo0XkxqM^kVB`t#1Bk=hvwMWi$`FfkGO zqxx0J9F0n4&$dXaM)W-sRW+`5>!PkM&qFvJ6_(;J^qK_119(CbZVrXdm>=)5!e9sz zcZTjs_da?^&}wgMtMTqvGDq!}jBYxdhm5%^xr!o1Wlj|_1rX8A4CXPQa0f^yCrP8Y%) zU8TXnLpYY#?_HWfr`rb34A=ndACw;mWh;FQIZi~?!37JJyp^)f-4}$P2pFsFj|vi%dTBOZ-LWj066xeX8+z3VRAZ( z;FD961JODOl22!*hO*y?UgNv;mf@Zck9HtES362R^|hFV+bHCp@~{TaHrz;fZ!X$@m3?1iy( zUlm7?qP$?O0xnZ!&sI1PPv06kH$6~i2ANzjcKrVR&Hdggc{H8z&P?8i9ST3t?R|ab zNC{tLoVk6%K^>AAia(LJ36%5y&e@$0t;9ts zxNl7RM%uxcD-CY2%PMOC@B%pa(>-oa$#BY@QPWWGz#V56gK;))|WLyn_mRZ06@U@qfP*Y zB*GW24!Ivp`09rmtto%sOY2>EN|suy!C2! ze}9obUh%A_WjRoUtahQx;lQ4g8`m_o*xjX}>Lpem`j^k*a!n%{KB{B07FE3r#%S%u zJl)QRpY_nF(L`M`nnW5ej9a8k)}BZ&WPMQ_o+`YUx{$Y95##Azv)+(r$#SsG$r$+s zl`WdbNt^87!(P<1{z^3zE#-}LyOZt&dOueSnLayB&Tjt5$!c)pbPOf_g4zg4T1+M+ zCQM<48d=tPwkf)@Mbe_ED>GeB$UMm`s;HgU!c?lGId{5NmYZni?_)xycntC|t}hn` zN{^#Y%)C{6Fd#9h>tya>A6zyl7P&ZZ>QG0iOo|n|A>wND+!2rFL0cx1R`@YkT2`;Q z@h8#fOn!UJEaC9VR8VS`NRCsO4c1riFRF#x7*n-1cbdhXqNRJBEBXahS8uvJDnBY^ zGcu9W26^iRgu(}f|GthU~^rNy*ctl^$O6LOE1D*Ply#$9776r5515oqllc$LfVDH z9ZgB;>711Pe?mos!Yp({#J+IcWcaid6nmgk?6~t`A?y}hdfMJ@25bdu4-sk^=jLZu z0|Rl;g=u&x6Z$jUm7D+q3Tmnzpsj2_3rM!De{OG2XuY}pk0u0QA}7_aUVS0u+dT|) zo!lbTv-7Xrhc|CNYdRDGIT%Sr9$L$_EyY*!o=M(~M}RCOO-l$nJMP?9`VxeW0gm(- z9DCMFkPh)RhGc34)YY7<3Dm;SSo(T%gviuv7USUGp&Svp!fy0s zO8KqlhOJHB*Z;f#t+irSIklT0Q35l$ zwBvh?D>Hu)mxGLry!XBj*N}*liER_fCPe8j}+*ohyPLTNMQO5Z+ehS=8cVv z{G3nw{Q0vvEQg*QNBUHdmw+-3ido(2c5h>|agFGYzu%ey!m*e@pjW!NokXi~YXj=> zQfg|zYTHE64#%s$?uKS)cjqY(rzV33paGezs;U(f`l^^}T#@6}J#EU4p%seSXglpX z*Ixqj}<4&*O*gq)Qi&39@<^n!#6o!>x+I6Dyri)VE9&i%q%_tmCGkR~7zGiuSN zd}jC=XG4@m-upn?Hyp6~Kvxv!=3e0OcyAcf!Z+`Jhu#IyFz=N~HxL$|ZdCo8FY(Kw zR1H_a_Nd9XM+B`SlTe@Y(mR8zNi{X*2mCH17-efZ^!N7@#?rj{08`yPZPDSu zZk>V6jNp)#I7urTn^a(S%>4u@9A-wtC(w45Zh^kpW+y??1GR^G<*LTrz-?6TE)|t z7z&_O=o2eB&A^*T#OcCNng#{cLIlqP4GVnoj=FIY%FU1G)go5k25|?m@N59rMO4j2 zecJ(6s%lWr4F~lEe^%y27^)UBazW9XsDdV>lsf-$*WQVM1+~kb4k$sFEF_0ev36_Z z2oNBE{O;s7d)ZY+UFdl+&b?+!6na2uAL~4oldLmw6HjF;+=EsL&1vc^Sa5JGkpm(q(D_!tvfqX~lY=Vd#+k{nOIM!#p?G0~PiqXA z8_^G(B+=-`^-6^e-Rv>EBeZ4&x zl3jX+|G8e+Us~@fC-EDW{Fgab(=Ku#r!w=vMgjE*TH&^*0kuDURf{BT9BSAe*!$Tu zhT}sy{2(vTIZjVGcqHs~k)>`~mxSbDa=8dY?)93z*+@4l_zTbDI%(!}?J`f|SLys| zhp(n_XQIEAcStf&-{dwqkN$n}N9_yM)m!Cla#40^q()<>(+0A5eBUv<2cKHM8sMe3 z9?&hax-it>9`|5$@TWdss+H`Up7M_PT^4+SVZM~k(Su40EHY}(iA^h1*V*LZTS*)B z_>?oaiEE@?R)m1uX6zevZjgWWuib?oUs6z= z|H~`TI0(*!eX&N(eL9SE5VEXv#4Zhnnt&H0O+C=F`a!A6-tx0D#u?oR(f9J@A4uO# zxWmFKAfSd?;UM}Nb>G8>$gjP6l!3zm6NZC=0hXdHNL8@)%z(3dXI5>*eD&8~f1Ql* z4!#)fTb{?Z^S^*~GHrJ;1W5?;H?YD856&b8i<&e6!{+1^&PzfzFjPsf_#T^&U$AMU z)9KO=+@ZTLAO~2$`=dW97+DQZifBC&_tfZ59xhczpL-oH!Y1JGg1qUKsi~>E=mFTw zhm&l*It6o(N_N{Wv0?}&Uck^HJSFH%OmEu`D0MmgZrK#rki3t=PVRsKM9$oLRd_k| zPO7KE!LxA_&)CxZ z{+EK!Mifr7>c_5vBNv-z}k9I%X`v&8%h96icGFP-g)2~jaZJQ zY3EFQnh!pSWk!v2Fc&@RI-rYinv%=YipF)YA%7IMeS0ehF?le2h(<6CzPHs(dq+dY zGlLO!PqyOi1uz*{dV80{m|h_0hii5c-!E`zCcwti>qDx+Ia3V7-2U~JJLuErX?cn) zzDm8chZo87M4wlEt)p{oAzH9tS8dTwBZtF!M%;1#o-8~r#~s^a=i zY<<^SOZW2n_dnKF*vG|7zZbq^1hti5i!w02ITl=k0LS{CeNJL4G| z3%|Ov5?tStTl%O}=)fbNFB1`NvL!hsB`U*;s0L!JI&j#ZR!#w_4UiG!{(ri*dQnfH z7QZ;79oIqJ0IySCi)7>gH);S#jtl%*>Mf$mphN?jNtG!{Pe@BEl|W(Kp`t*fe;`?& zRoRJn+T%ql(z)9VLOG!)#VuI$GG&)`=*0ulGD5?EpoK^f@v3klb<_atS08@a9GLj< z;m_h~eo_+%Q3b@gqE8>Z`8ISTX!V;nf54(;?ELLvoBra$wC#PYf){HI-J)cjb}9Su z_~T~hiPM3r4-bJbFx(u|3mi5sY}pS{{2@}E4^{X94KD;GHSK{kJhkl@6gQ`v-_441 zK**xweX|i~m_EC|x(Mj*#O&-!@XrLY`&y4i!sDv=3>0h3yltv1ax&w|i%CgIolbpI z3EFYLgtd6cF3w*Vk!KyQy^t0E;lu%8gKh>?N#wcT8ew0G7vRRZkLlGy;UY8bvA=ny zf9QGUMUZs3XXQzi&rQ#v+;(m#%!FK&4BXI!OQcSov<;8fr2`?!R~ zA=z6sZCKIJJ6n=Cu^J15GqxlpmBBx(bWOXfq6%*^7G^4J1D`90d^g~HE zHSAhD15Hk;`uEn z<)CGBV$;`?%~Ic?>()*^i{B(A6^Klqvx;L0+1ZlhH|3UIdhh>&Mrlxmxr5BNDI2Mv zA^d+zWoA5kwiCK8z!&85d0zUJjwA^14`x!v7N+{mpxxMa;__~Gt^35nWG|bJD`N?b zL$bOn*=B^orDSHxK{L9MpqRKgp-(b{A{|Kxc}gb+S0cUo;A~#wCg*S<88`cVMhafY z%a_)?eZz$cAxpwNCf)$xL9`|VA(@z*>^g-9CK1tP;XO@(F3=mEeRv#Ft+KN6rWRuR zC>dbrnkhMeLp6fZP^efahM`b0J$>`_aB0O_AV+8$KCjS)G{uV>h2wsv$_fE@&$=@q0#f&5tBuW)d- z7R>-z^Jc#EPMl+%y*w1&%8bH?m>8P%(eV%Sl-kF(k6}1UN=prZ0bdM-(yZQSvaM5@ z$Q&H`BR~^MgCrmertz!_L=}K$-J6D2arnV(E@uVWjQYgw_)(> z>YC@vW{jv0w$O!#Wlj?Dn5+0GSWClISz{!Qb##_$pSK0V(&W)(>sIjpW z7xXqGHovrR=a-5I<&5Ay zFcPz2bt6_W7|udUnHByA6UNwUl3Z|HPR;^g0Z^=YfIYTd*6<)pAwFDg!%79H%EeGY zh@&v(u&2Ckzh**eK!hLIm9UHvf(+5*K@&M9-5lBdZjclT=6*!TP!H$VykJBE(R(oF z5tzhE5%U#f190+rsTg%2B`&m)3tydWL40K}>ngs3+=3up2duS-ahgCNJkR<74hq`(+KPp>^-&_TqA5yH@IwpRVrGBB0C>ub1!T;VQ6uA21HhhaG=n%G5 zH+0SsazRD85?j_xXKZ`;#s}-6O$?Yk1SnY9iwZs6MM;^^Iu9{HVx1ZtqxZ{^VG{!q zE=7vdk5Bhq`hE(cFc3~XU<*Vf806#MzP0ur`wWvE7(MDS1(Rrt^GpJ_Iz&Kv+a(Kp(7Ob}m4ffS5Z$8*uWi z2I`}xzYKdRMx+2NAK)?%1!#1dUK_bSpN(+B zaP&8UHT}uo+KcVs1=s>q894`nIr3)z+7!_JZ$5G_-3+aWqWd*?pXdX0KHVQBX!P>r zc|u@vLw(&V6l<6B7Al$?L6V`u1^Mspp0+d2n>#7UD&%l18 z$Yh7*!dF0^Xx1Cu?@2<8uMrz7EX4C-RN-F?m$<13XI0iJ_bKfJM471`NCvkhvZ&Z> zPsAkAB&0RBL5A9zQ&8!- z5UJrAn9rVi6N#_7lr2_HdvP59blOKw!@e?Zi8e`JpcY})I|6SLN*>LIrTxxcY(Oyz zWz}^NQ9CWksp!EzAD|1^9n(P;_=8s#%Q!c1)qfWN4dG?bJO6 z24+c!V2?-X#)a8dh#whL^c)lJ<7}XdEzR>hPnV`!Nb4(vITqaCo)SxYtLzq;xgM&G z^Ojr9zZ|2&N&TwGXT;jB1)y=Y83CoQ$yl7ut~DR$7!cuEKa{I16SAx=b0{rh$7_kW zxxchcu*K$30TnLtTqXV(=!er}zBo=IGw-m452>o7qJQ}wEh5v~6^)wg131s)Kp2Cr zE=DX@+E{{H-t}?9<)1$6nWWz}ya+`&B3~h%vTD~3rL3Xor%%b?zG6%T!`hUG{j^Wk z(w)bqfMm|5l%+_7jO<2quZUh(Fy-b%NsvJS)w;Ag8>EiNCH!RaGMbU;RZHTF3*Z?d<@aISC%5HqE>2Yx)H z8$b5@f7pBPs3x~=U0h`=Zrz9#l&VssW1&|SDWUgXRHPGnhky-GI-yDLoq+TnP*j@q z5_*&l0YVFbQ1V;ZAMEd*``0=5j625tjd3!Dj*)~n@4MPubIs?O^D#U-kRot9+SNvh zb__&hCp~6DfgSfJZB`)a)3`ew3~vzpGBZ6*Vn#P%fp@!mR@lCNRRBN(mPZGB!0?hb zd5~J*(n{~X_>NM-vQ&{m51~y0XhF~a@CFzcDN!bo&UVsP00WLKW1nBVQP+w>6gebWYFpOZdYU8JNT@GP&A@C?4YFG$2n1c!n5p87(K z;p+Yq25=w+K)x=BEZiSk1J8>CRvje&Cvi$}hEI z*eXp6nUI_5U>qI;YM@eB)U2q01o6NbXg`sZwqgzJ`bfBppb;Bx8Qc)W&bxMsDR49( z0{br)^BfpckddWIqK<(49H#KrOb~P~2e-CViV6Plr5pqR7_!BCS2yjI$ zb@jVo3B%!60bK@o72UhO-k8JM8e}!#N!b_0Ha_VIjb_7o2&h~V-@p7A-j&7T&VrFG zEZiR4yud`S^E3;BhDMwz(s`>ViR6%JIxLVOPG}T@NX???)b;Y7g&!OMyp3A$@V#`b&)^EY^yGg&Y`hua}ERHsk^DGrg`%TU)? zi0hw&qwrLKQ3+E>%b77~^n0`dU#CT3?oK{}e zFjG_(0D*90p&Ml>o<+XT?*;ohLW_*YR1tXmV23TdxaYI=S~RoLC(oVqv$?IJVJbdZ zkb33%ilzyc`hiTcIi8`~tOaLNl7GC=0IY5lX{a|8{kDj+4ju+a47XMp70yt{Vr4$G z&P0x{N^JG8#C0OFvYPLWIW7V1QBpJ>qzZt;I@vi!du1?pflnw!^BMKq;pRZ~{E{J< z2OvfPQbMXcOh*I}UFJ5p=j{M{0KlhH{iKZYR;;F$R{N?Ot#IymNA<++?yfeJn4_tw zc~er67XQkr))2&kVms&5eSCbP#FKs4Zv!*_6se}Ep}~|pFgm@nJ|qlq>KL~ zOk}6KR?#G)G;ou>fZs({)k-1?gIPwJopASY8ENTCAvQY$jJGp@bt+M{YzDH9BFP{f z$F|CDA0+Rzy?W@c*`sfLPfENvp+7|+Et_O}0H6axj89VatHxIWYz4p+=w`k-`au$i z7`wb)A6~DN0>@S00sU#^3!=B+5LTwk1*SMALSP68N9BWvqSAg%CMmXsL?Wfe-vC+= zaE(Cpx5~=f^_y@JKdyoW9F9qx6uuW<|1feL((+9OG)@xNn1oSZzInMWZfnphmnW)FO*yM-6a7uqUgOallo3^?s_Zz##X==`?t4Hf4C+N9B5VGb`PxYHJXsV}+SXpGM zRud{Jx-&OL!bM~g50(`Se4HKqt?3xL8ivO0sI}^2EFW>^d^GR*y`vm8_AGgKY0MfS zWLV;<0Y9kn?_@f(g;q+87!<+h-2%rFGxfVJ%qLuc(oaA*;T2Hn6G#jd zsBUbEdOa-SQ#9gn_$`yN56}d!gVMGFly}Dyg8hIOoYT>N z?m2Ew70cEY1JVQEYj!U#E^4DKFX96HoL#$tQXkzbo6wvcdqD6e?S}wB6Yw-m|1HFq zJ{(y!jGs5;B0EY6E_00r;6%iD`S2fk|J$^#AL&O@WE(BEnbvTxMhsbt-y_RZm^$<+ zo~H*}QJ%KsH;3Yd(JKp|caoZDML`k}m{0tGqx`xDkom6zH^IfHw91&WGCM^e8?h=U zI}{vNY|;g#1;;61{hOjceyNyCx_0Z<=yc0Xq^qS}Vrt=*oyNEsAo7y1pR(2rmz@M= z0JhGWvg+PSR?Y<>S1PA)glcy@RGj4BSMo2wK+oKH)9suMa(=-1+wLJKYY&JBTHshn zwyduJH8S{n%Lu;@NzPPSrlZ#%YpU9=cbi6e_9XdQy zY`!VhM}>8wqX@WMmXIBCN#D)8!p%ETNxjGI+&7w_sz1aoY>a9AG#XZpnC9Os4Zj-DPo?SA{r2B=#9xKO8L`1NTr5BLEcB=i9%h@K=J zx|RvH73*W*Q=?jiAUImb9eiESGF1X{Mc*;Y`1?-z6{+wn;GdK523CAfbi5SZ<7*`G zgY(`bn**FyEfbRx;Gawa$CZBP4`Cp?($Ut|ON!xwvl1yf4XhssO=tiMU+1=30BGU) z3UNHtUi_ya{U%47)X5SsedSyYQmO|a^JanD1#GB`UGCNQ0J|*c@%&hxpQUfa!ZsXn|7w#&Yb=={q2)j+-(p& zb*Oc$H6&5_=`IBVk0?P2tp)-b;jJxE#iuTt16}|LE(RH?B+&ri11>Prv-L6nZwG7z znsGcv2}*k=L~T`D z^F0J?+Bir>Z~gQ`Qm~n)T9#=*bZ2)Qke~s?I>CVbq^$RmN_y+Vk@TAfo(>OQ0L{H- zmR7L1=_-~+%NK-=X-_rRJ})1A>NQ4R69KYLK!(iJv7~)F|$0C8aaq?aUH9z%}z+RRC7CTdh7IKsgS>gE&eV9aXH}pNqOv3r{3RrEB5!N zr2k%gxP4Lp`PAc^cmLL{`JYQpo%(;P$AW5lIbUya9(HL^d;Lq97VIvzD|M}2={lz^ zul_HZ0$(pbNl{1wj#}$XZExX8x#<_7-iVr;S7vLU@!L9p0`X|#@dS9?%ZF@||4dGO z?X6f`T0rQfH}uEfEZ(HR);eKtP`~?dvGI(MAh>G6&b`I`)kBDAt_&djbgsGqpRIEy z@&SFH#qmXPOeW1gYy~=BZ64VR7<3;%;VuGcGaDYS1P1)hP?P_C538{QGC>BWe%puf zW&+-1Vn7Lufim)+U*L^`$h>ZS^-yrJaz?G?wn|F{bVB31zf8o!)diampxW<*T~B;K z2TI73OdR?6@;^;C3_A#HzAxyZd$e+>70}xJ{lo1ZmNwM8+zldpNl~?RoXwN`{G(fB z{_%>>Qjhz^P=aQP5=u9+an8Lv$J$1WiW0Bp_~3S%^PkoeOt~*IXE)@if~$4Hd20q7 zy#84JY#8;RjR4 zC7@q-N`DTK>uNL~xoD_(e$(*l+icsdL+r(6zN3>;c54Q;`nOw$Mm zQ84|apylw|IGHAA0&3QOPqFi8f3e}>fqc2!%Npf=`2h|4$+#Cj$3qe^ePo7Qi|x+w zRs}CI(vOR#zs_l$In5)p{f|<~sq<2Q{G+LI3e4Akimt!D|Los_7`Okr@;{dxcklo7 z*#F-r%$KuUxlIlE5cjEE(!U;*k7v5hLdNE}&QTWW1ID9mYHBa7aOc8JW({Lkpr8;Umzy4>|zzaf$urO zuypPHG6FcujCgpfsiKC4hVvAv6am~PlhK43r`qm~u?pp*H)qUn9iTvrHmaf+p0!<^ z|6{>>3(uLWvg5BWe%y#=>44jm6=oQ>uB1mQ8rYh{1|F2{+OF*zVOSY%793oUjB(%f zq3Bu#xXa8)-*V~zYL`oxy|g6`&4BmCh&t6K(ZD8MgTlh#%=8jYio6ZG&IrQG(4er? z-eF!HcJ_^FefyJp`9FzRco-Wwr6t{}0#M$?Y{{c=q`->?5R`aISc^23_F6cktPu2T zQof$5Ssmh{MC11^M-eHlUC95OP>B&(Y#DWq_Dg$w=uB8Xs>f=|=PE08qrnfg=rP)K z)lmRV$H&PUB36%qme*Q!Q?_zDM9J5__w^ACUs}_KyQ@+t=ttN7Ka?6xgEmIJ8GW;G zCY}SslR|FM;5OgwjhlRy+&P4eI3Qj-`K@N~?akC&1$c_*w3@Uo7hzm-Y9JOm9@EEf zRP77RU`30iE19vE^Qqk1NqfP@4bjN27Pk11>QP z#@^juN=V2V-J+6%yJ5TV7dNldaSR&RH*rGbSNrw+4zMOxn4RPw+wkr0aTraX&1hyT z=P3bh-G*n9zH55o8*Neu9tA_&B5hv1wEj(}Iq3Lr!Qx)$9opikw!_#(5ePDava$0`%w4enL=F7QI)VRySm?sg0Dp!UkIc)lYU*n$C?G~3}> zp^01DsZGA^pO96>%1ygiH0|k>^mpV->Ey`bsYWlWJ&ROwqaUe9n*mp@*Uk*Ld*KmF zgguobBj96$Q7T|W?gn4FrLqw4Aajsg+z4J_)5EaJD`e?Y<*T)fEp*gqH*%uPNAO{b)bc+j;AZ(FBz^!J2 z#GzNgA-3+dC;nO7Ip7kM($pIniMS6x3YX-7I0?}ahU|&GEACTX`$iy?qyT3icE2NF z3VAUWl1J(DJ-fM)UbfwDRa`css{=dXW}RA2gbHS>wzSg;xTA5xcfSL zpG{>2@_zfRk}M!>?}7p)&*e>v8S?|1gq6a@x49uxuYZP3){h(cf&i{J7TL1v{UxLP zO|rj2H!?+p#i1yJEm5f)?I%mz`07j;$N2SgUu#u>FE3;Gy{Enk#LZQg96$`J>~w5x zLyja4`CS!MP+z3{y?*CP+Pi!H(?+V}Ho~`)?Zwl6rie2`Qh7}Bd$da;yUZ^VlEwEo zLs3!oDV7ak;lTqneVNP_UwzE3()m@q^9d*QpSjoK*2H8rK-&R&`Zt2ugfMf|UM-pw#S4UgRqRjcb^Gmk)x z`MGV1zhsOac%-R|u+aLcG%TH)!KJqZjvL0V-I^Ta=f?f~B;D?{Tq+Bs0}&F9-nX_+ ztmfmFiYc85z{#Gas5xl8NX(IK!jnPzc})n7RDK8Pe>&7**t$U(0@>K-s_YzX zQjl+GbXQIideMO5M+Bp{!B}6?&HdV9v0&nmr&`jqSDl72*4LhL`J#WP(I(*s`o6Y8 zETVU<(K`lM9|avBb06QHWR17JB^pj;Xf%7W$gPs_RJPc`sxqnV3^ zvWCl+(#%`Czm+_Jg>0S+y-msN**aXimQYw}KIyeO-eiJ3*pdPX7Pm~XyU%2$Zm^mp9a?*=tuF2~l5LPp=b|E8v6BJU9r74Z2=tg`YsM zbZX1NV~ckc!AP>V(;n0v#wNb=&21>_$6~=oHRI}{S&>y0_nqpNRY>EtTUIR1C(HVL z&~3`UB#G@86I>QxzzHVI6qa4(xij7B@S(mU-g^jCFLzaiQMW*!EY}vibS~cH6k+l*nSH)}Za7dG3yJ zq!FC&_Yd0W=ubDdMeE(LTA;@Em5|XgobBi%Z?`Cy7ab=9TjO(|mGZAcXD7bZlzL{! zjhL7+)bKe)XFPp1O^M%rhmC&CtNg0fk$jWGCbSJIMI7ERGqQ~t*Maj92$3?+O@}A; z2(9FdR`$Ngqm3`J`ky@@%?AVO^_JVND0yHmCku%OT?!n+Fny320ro1(qk9V581zxP zR40H#T+y2LwQ&f;Y=RedL{KT)Ix4Gd(@C5dm1;FJFV?l|QB3;L9~OdPx17KHFAoi} zjeS$R=dHSoYIJXe_DAj+x_1o`2;%OTRK~7Bu!)Et9WES5gqMwOV^WVs&aZ5DujG&0 z?9T>aIC1xTNvKu1m)Uaj7pc>oyCtcOc?Q_{oXwyMjfYd@Ui*!d2NFF1Y~(#! zuYHZJYz6gF({+x-j6fsc(PP==Ka3^I+LtmjGx#ikgn-`XUhE-lYe;`gOLvY*{bjQg z6YzJcnk0KN9Cvt+(Z($y&UZuOaCXm61683pBX002OD42ICRpM~4v0nUBpy)`aSD^( zDEgp~3VAq4uiwT>ddOgr{Nk2`GGIO`e7@LDI$~adI1B+63!cKx=4DdS&SFArLE?|l z2S-TEjsdX42}wuAQ_cf#5j2VO;7d@FJ0C1ac+}ON z(Ha4~_%1!dh#13cwKSpUJ3|5KpKpLBI1$O<4X2Zv8a71%ns$RhB4c)znT3_Pq9$ZZ zi|WLQ$zE75eK~`>7B2CuPM{*W{naL>YXIIRSLn5~IJG>NmF=dcZyl%YSHf@ZBi4F; z-7r~H>~{0DHl}vb6qS;nDR+1me4@`D|C)p6?Y4KF+R|p(Nc=%KX&ZK18G|+u5AaRy zr%@M<|LS$`<=HQ0ol7oO-wTF*paHJin)+O#p_$;0r2> zp2myUFM&SQNG+ODQcjJyT$0#|z745+xt_LFc~Xh=)F09jK>k0|<0t{+~JV?Gjfe-90q5j#@W*Dxx80*t2@!y=Tt%|EZ;V z`C0Q+>A~kB8){6Qo4b){U0t58s%FuL*Jn6xUyzTQx)c3)@y{g~>!YoGQ}~}!R~0Qc zI`(m5TSCs*+J%%ykA8>m?TVBCXC)qsaN?(u^f#_KFMFSFW{(jNX+Q>^49mTV~&NThZ#p6G4VCMMuvFSglBKThyp(H)w!Cq*JLEegbHILP;yuMX3pVl}A zt^w!HU=|2*jlM`(4e(T|Q8CMbe1QogU0(Z1mzBn*duO59WuLO_0|Fs%Lx!b(y*;GO z8un_@8>Pc0xT!C|b<&l*i~1he!?ujO&n`T2752Xs}Q@gleLKSbml6C3FuMI{8UsU;KaI)?A-Fh#!EA>R%YKS534ELp` z-kDr+WkkpN(P!dT%EP8!(;v!#!)A4Zb(Ml*!m6{w1%JhH$-bh!fl}xnXri{+k$zD| zuWeE#Jf0n@$CJ%S#bev$xMy^)mM`}}FODMHE4#@E@|%j@uAeF}#aN#?uzpk5EngwA z%!t4lY6#E`x4HfEzY3BAD>0h2><;K7rRH}>=!+m^Swjdlbrjx_^Yhw zUTWiS7Itu;&Hcv|kv1$#eJOY9{GPnQR({v?l-T|32kHJ$R-jZPonIU1Cu7V_qdz46 zqo8>+y{Lz4;LX!&nTqqOn03`IC1Zp-}ykQ*-0R-q&ui>J$!24=_7IX)RF`!7bare_gH&{@li7H8FOT zTUgcY>-_$F-BpNs_|4#)OOylKS6+A($$qvIVN&gC3E8u7cOAd&YUeWT{9Bfqimm6j zTFa>@29+J{CqTcPW?+a1;sw}N0v0+HA;&HFTQ6=`TPE*kv7#y*kpr3;$idzBgx^_Pu;Rtu`0 zEMKu1y4Lvg`pZXF7AXcL2rk0AlhE9+?PqQ8B%`mtP|JL7e|gi}v$8Ye&}>sqgsDHH z>I#+cM1R@4Dd*1qMxxUBM}<~$tH_slmkZjTwL09rw);EalE^d~sc9(EY%G?csHh_U zymg(lK>^py@crhj7aLO@$*yy&VeZHm0#R3KJr)kfmS4gWmsM9^7E0bLY|qM#^N{+) zP^xV-CbIq>Ju}e7qThgKkIJeh=kGO}!+Y#j`^2bzJ8>+B?#@0zZ1b3WwbhgHTy$(^ zhb;HEO^?T!_4#5;gL*Snk`Tj(foJ91QyR5_UJ|1}-EspndPRilQyxs}B>ieqIenI9@2P|!RN?1ISd-U zK(IoEUaek!8zwbPiag;JWn$Zls4RkNwurP@KZ5?*$>^&lXjYw7}> zisw>DD^pAi?~pknoi{jt(=)%*`}amSKFM5LiSbHKcW6VafLT4Cwc8tG1DLIrJg(gs znKTK^4oFB0mHJti8*HSE|A+MoQ`7jf`jvpefL5lndRcyMc$u?Kn$?u+m}1 z!recrUe#~6v)aqKf(LlHGM~vKrDOD%TD7G~NT7Us`StyHrT#S^?1H0d;BB0h;lB0# ze~bo@%+%Hws9@_}JFN4m9l8TqW-!%CleWJ6ygy!zs#dHYH7?HrLD1@7w<+02*}Muq zh2x-9NHH*0&uz5zmDJ6_=}mphmeMrSQo?MqOvKW2X?T_T_0BjbIQKW8Dy%Ix&eGho zMzTVvE6(?3rQboC7CsEAwM}GhtY}ab&Sn5Tk?R#$kd=_X!o7}cz43eO_tnnufqiSB zYJU3^4!^Yw}c7MRCm7=)VYA<=U#bz-9ZVo>s4=m@HoOU0c4sh$5DDyLa7*V=ywz znp@(Dsbh|l9g8-)#lv64xbN*O_LfWiQ`ap1J_?~KKbp-DYNW>up-H)^3O!XW(z2i8 z5?ZyqT=k?Zfw>Su1Cxmulkr$UzVe$h76rS_$oFJ}NO zu7J_weXrSskr*y!jj%Tj&RL7Nbi=#DM29DPNU%ExI13!*4No&wCQAJ(MZkgIEb%d{ zwsJdfHI|NTAU<`DKp$M5h;x#xzxtJ9tJAKJD%6fK?PDUHe&kyJFRQ(>gsifbAV|Qs zalVHSnoCMdlkFYjWuvNu_^g7ZSUuz3aI%}Ea|7c!JL6#=*7~W~Ep*8mFY2}wV#qDQ z<&YmrDR>*#Tca#>vfuh6sB>E@t=fx`tl+Q*A{wj^n27bCK>nPRN2IVYR313odyiC%tdUmk;54=@FftsbshC=-HQQo z2=H(+X}j-#B$|nSe30A8M9%^6!pN7a^CG;VZZ$zYT^};uDLqV76wzFXE#yh$O1_=D z<$er3Hk)*=!IqE<)o3rK&dT50rVk)WQp&zp62H$c-qohZCzk)z z&CCBtNS}Ir8kE^SdHpB9(8GA2%47VOw|#QyFCo=`O}{(o}U|N3+O&lO;F{*z<+f2pq`Dv{);e$9?Y)+w-$11<6~JF~f2z^NtGRB$XU zT^_EDs&ie+I`<+SC$4xrmmbq!-aO^^f_&f+pBce@EWXMBK3L&sS}7-|+Hx+vqoZ5P z>&G3Kq(w0@^^p$3psLrurANb7QBgenSi|*{D(!o*W|P4>ip1^jD0G{3rS(X}m*r7J z@Ykn>+87{9w-hKWY1J~%?d3Y*VI<`9iGWis4!m-*K$hP|kmKe0QA3??o>4^(-o2by)XL!XtA;RM@7H99G!0>1%C<<=%)LY(R@j6XcVCR+ zMXD>hFim>RP*`84Vug%-wkj8}pUg>0GV~7=)U57K9=vuuxCGIwKpUZlLG9q@I9-?g znFb4G-Tg;a>y`p+aKqk=)?*=h){(u2;2y2~|HNq8O^dOoe+_o_^ymQHMeN3)GcUlK zb}KhL#E@HnIE3TtH+A1VC@XUY8h8@i2DS20xyl3nI!1*H#-0ddVBXInTQhSr2>k84 zcSE0_kU`XEbg?Ny{{GTq)x^ii`-d;O#e|cT524#QUaWVy62lMXS?&SSe5;*E z07*ZS?hDYmIbyMf6TTQZGjmUI5N^h)OgIcTA6}_l9>dZZIecdeh0Q1dF$s1yAe1C= zq^L9H5Y@c`i=Eng{xX^HQz$xru29=%z4>%d$cJ@$G?GaRKA35vW5hS@Q>kE`>Dw4J z1m1!u7Z3!RLJ5d9qz5F6>H>6NApPghYY%mfpRoC3s}nT0lr?mwg4q0oR7+-k86)D? zR(s*kQq=O8`2G%NrU$9oQMD@aDJ30LE3g@OMiXhj$x>ohwFd>#)V+uo6a} z6?Pb|ix1LYcB62x-U2_9prhorCO?qHd(XzX10)746uNfC(zvbNrl9u;E9u&y7X|uk z!}h%iI9i`p69SeNxnSkJGfYTgv{pj0Y$s^6%%S;+AwY_#6*}(EX-xKIjj{NqpNiz>kJ!@neQ<#@rtb zm8g_h@AvSs^>Vw1_DyGZ9)$H6tS2IO3A9Q+3renQBfoWXij?WQ*Zswo0w0Fi81u(V zIL9*hPMd%f!yS5qMz=;}$_}EqX7*($Z0#1L|C6ZwKprQrhPGRA3gdnPSTXk?)EboR2(Ww;)Br>|^v1}ioAkByVdX`NO(pBvk17>I@S@b0FQ@IA zD^)^UyG15Xh$jxqpAE;YiavjqqYSU@)M?y0l8vfx))`YPX%}*lqmFN!~bGIHj(19y*uBvJ$8{e z{Mr}hGJwn6#?#tIFhj@6q-h20i-+hGK*`~*(CX#4oF!V}rx&ch7x2TgF0GC)ef`}M z?g=Ky`Udlj8=mhnWEtr)IeBVz7yeo-*&xyvf(qr3&2ge7_UO=Sy)>5@B53FwvsQzn zg7iP?Y09HWv=(e_xj}V+v>8DDyTD>Wn>buFwhi zv`sbC+Zr*y2zcra?dk}<>Zxj9Ef)7qp`xGq9Sc)F~bkyy8hDAvQX#y z;!@6jDWITomVt~(?)rMbP!%T+yPAWlYI5tbF+3&2KN7XTH^1S*>`4~a%1~!gJq1f; zUNYfr$Y9Kcu>dh-P=v+3Yfao6){~i$anSw!nGUl1=e9PMPRyg%or_0ctOVwgS)dS^ zy;{5?>8g`3<%NA`-I|gdWw7<_l4+?fpU>ju)zNBH^@0-GxE;*jbsHU&=MeMiXJ1y8 zWbMNdN`o^9vzKpwG)ZVL-3s)R|N}M+cl>0q*VO{fuA8G!_61+ z7Nn)AzLPNqdKm+_R3O0J>tNCVC#eiG)D0?VmWp4w>Or~25`io z;}w13l3f}Q$j7(Vd0$IMi>%{6rMW?%)+@PrHM;fqHI1ez@o-PB91aHWnhD6Zf_SH1~qg!gF>eRQkCJwbApG*~Y8aC5TPd|)V7V}7fl zGJktWbu9N)FiN$p;yZPVgQbnW2UaOmJbF1_EK;?giNJRnyjR<*w!i1v_Y!1Exnd^v zUj23L__-aES@HE3#zIS)Kaugun8Vt2OOG(|^=r*ZuZddshI zy^MRLHGd{0s9$S^WHkeKm zo6_0cK2&lsF3)t|Ehsot*vj+-)}mwN@cgy##(S;5y4+XO*w?pmVSh({m|w>*r{|tZ zU;0nQNjEH+@4~w?WVn@U#O<@9+*hYvf3I)x!{)g_zlrbsEJs#xU%OUex=_r4_gKqs z<=+fa>*(qnkWKYX50^OniuF;)3oU*B|+oKV5Na+ER$+ z9(e1oz?Wvi7)mEFh)rr)8f;C4u^YTrqBgldofY=ac>3hczDWhz!;{{v=z4rvFCBKvO3UN}ivjk`!!T;98&+Ri zqg-x_8wncuA!y$Frwlrtz#C!VR-kTl$_5t3mRqg}A8h!u^HI8+7(@7_91D^lOjja5 zC|WFR?H$;XPX<(xJj-)j$1E0}dj)J>ym0;2mGlqm0ry^or)1`18p3i0fA<1Ac!Q2E zE3ZxN?AdcE&5;a~CnqA?(#53HhePEC)c*e36m}rNq|$3uVK*4m2Fe zbwYCfH8|eLJBdHoF|cQzJ$=*x9>{Xp{SmBlnjbo$``|&J^~h~Sy-{KL9-*vvOG_Z@ z(|WSZpNGyj1!$IHJO@wA#xmWlO|Syjsi|nMA;#?(5cK)=(Pgkib@yy`R}|0O{5;6p zVB_O^whAB1lST1}luPXs7A2TBRtD$uQt z!v~cweKelJAN2X3)%VW(>An`${RKpA^I&IrCJ7pIhUWw+d$k~M7Bee#*u@PnikLWDn(lITd8jl z!ctRjriqGq&p$>j-} z0d!j99wy-i1{sv+0xeY^8C1fO{$k+)c&64RoivlSN6ZqBCrukt$J6Fd``+pC=O!Df zjno=<;#k-id#!3TIV{N>e4(tsqDU*Q>eApRlTCh`+!ps@#}A_@KbFK|D0LPKc~ad= znPRMWB*4Z1GI}97#w0q+A^6DM?bB0RR^V$Dq~e7R#~751)=uK5erMl{@4z7arNc~vbv5kX!RA$p;A-}7+WdpU z{XdhHYsJ(9%=0tBsNbvn2v7GNek_SY6Kdc-m~EDyyNMYqizvE3&epxhTT}5SrVJQLYJXDr0Ej3NXpI58YIAdE^q?CpfyQ^Dx+5FMc zyL1W?cx&k-VkYZI$`+Uzq>R0BzZe*>)dH)x41oe;+-z` zYT0E}&HTjrxTd|9OwUM1N79mLQbB%AhTpZqB3Aas5riW~-r91`o^S~pzAH6@Kz770 ziPHH(`-3MFDrz78ig$eSNrv?t2}PaNE&So~XMfwbWwQA0K5d-6`ktJvDo%y%&d;JN z9|goGxaIsXm)Rg=8o#uam-0E8^eTGxjmh=09?^PAMg^Q^O}=F|1n?Mu6}pC(vge7F zEK`|oX^C=kHSI8pH+0sma=KuG;%oIkqw=Ha;*g5$LkQ=|C8b}js7?mYR?w_wE6}(BuFexOe^4&~p{8gOC_P9hYdgj^0$ubN1 z5JB#G^_s1AqC@ZwbzP-E`KHdUUVTG)`>2vlv3CA>gL8uAR;td4KUwW}OT`)q*}XL5 zU3D9O*~@KC5!6?I7N$STn@BlR9UFt^uc_6NnrSrMljvI7Pd9-NTh#e<){6J?w^6$c z{&@2=&TYOH7T&)cxK>`>>&=v?SBA>Cy7Uav?#P}w;*FhhoWiG@T*G=J@02ShmK$BD zkZYe?@QNY215A1U!XycAEQm%<>8odpV5(uttL*CxE4$>sAt94R&6|E!PB!Q3)|OtP zB6d%CGEW{VAl0`D{7l~=SXti3!@@uP$|PRXPV_zwXuek4XsXIo4l-g$rnVm#ri+`; zipkfA*3!#n;GQzc5vtc)Whzur1Soq2Cz|#`()dI{+v6y&@A{RykK=Qoyjndsy<=>G zI>fvl3hQcA2}f%!_my`BlK>T(R&6!*>o$UzpKOI=?-jmK<@YZ2snpZc#4jQk#u7B* zb(3z*(PKk21F2TFD5)5hu4J`6CO)6<-jnt%$qhfRfwCkD6U$Kf04=VXuLC1yf7uOI z|M+auw47_7L?Dm#jl5Z*#3_A)q9dh-Et7cToPam1VCoe3MV;av!EF1B-%zMz5y(r@ zQ2IT#<`V~YnW2m)Lp>8O;VCOOGQcW3_no}W7QUIx04vS5me$5N1QP@{rij&z%3V`) zdHp$0dvpt94e6J>#qFy#P)8BoKk+9AZKg~(xvRS2d|$-;6yvPl$Q*^%e3mePhFh*d z3-Yzi^gVB=bOwNZW|8772L}|8Xte9YRn+2TDaaJP(tLVSMy-?&>w4<3J$-8rYT~t6 zJ;_o|&&5a&xM}iWv<$WN`qWB$dJ+`lkR$rbcs3_(#KCz=K6a6s%@_PS&~mZKY)Zix z!kHA&?!N}FiH9Sxz3r-{(Rw|br*dCPrU0X=UxD^sE6SN#PFZ`P-DGoyD<(Ay)23wK zq2*&9SdDlNck#}BZZs(%_uz|p_N#iAy%57y?jphy!9O2#>Q6}%a|Bpghm*ubC#L3h zI2dZf3J!-rJ==f1p1;!EOj8zP$XBS4?)$o;qc& zf>fAn+SWD}>bPi8rXWsQxnH^tC&Cx0)Dh=gXlKP=E$d|^9eGZmGGE0su|upsr^s4hG%{Lm zy05Wm7UO@EZcSx9+)4J;Wi5Ke`dt&tesZ0)w%yRRR*!$o?L!VvRSQ?SnN2>I^P{rc#|r}P z2kI>zoo}8sL9ppw!3xZ;~QTn=Yf5tJ24$J3=kCZXwD|Sf)D0LYS~j---d8FLa>Mu zPdngsdA*3QPOYyW8DgoMpZ+phPlvp{HdX9~F7pj6kI%lJ*p79)`;S{911LVG{Y@X0 zzEIhlg)vj8oX@K=`lvua`UqD$CyWi&MoK4V6d_x)=kBPKDi9tZ=FR$rBCRn$9yixMdz=5S`|ZDD8T2%Z+@hSKw;^F`NhU6X z4-U{1XIu}sQ23kGRarl(?g&Jsu$Mees2|TSDa?N?GD;PTZM;UmLLo)9R!G-k@7>r# zdsc^QXkHSDAHHGZ8X$OBmkx^D{T0ZtlVx*)phB!Rem;dVL_mz zZelE=B@AYOEHVHN+PooM4sai&&n3)8`e+F|x|Q?TUP=4>dIl}G(BP3+a%L$%`}>%V zhjkp(pr(3LoZH3ACq0z;(6@PM9RGvKs?V1w&k$%pBP=e<%fs7W>;v-0?OBu@<0~FE zD#mrS4eh%68K%$f$WapYZ^y}6U$g6z^m;!y;^vobz{`a{2Zhm$ySVN>bZ#x+`N#Ta zJ^=MuCmtO&QqH+}`5i!~m~&DB-$$|gz6@h#hq`!(htKw~lz+>den>K17lb>mKF6g` zKPt3;LdAZ!ZDo96!R0IZm}UA}^4;WqKdi^T2`5tuIeVL(qm6l}rtmVeefGf8&GloG z+njo%v-0Fv``<=x{|BZ&?$-Y!lEeQqVSxX7;NZV`1!>+0RZi`BY(iFvSV2Qa^?h;& zuhIVq;Y&6>26dE!f^!+MJ`p`)z>0Wl@728RqRI1NL z%-y?Ran0iHmLO~K0tn}k5XHIiTM6qMxe1%Ae`T-9Yv@|$ougPR*~cQKKwTHYY;Z}1 z>wXv^XND0Tf?dTDb)|I3B8#fPBzBIN{?1^{?nVvtQV?<~aaH8Af+W zHWUhEM*sj1Dt0>4YT|aAQb}|NjQ34ffzN)Dp>%G>m7R`+12?*^UydVnXQ)H%K=P%8UmkWC~68tDqqUgK=-8R*gGFDL}iwz z48M4rfjk`{1Pk;~bkS1zl-G*wl11BXcX~Mej4GaiE7gpRQ@SnVvaT$UR7xEX zYa~EQ^6;SvK(B%P8^?n?PpHGinv`Q$gX4Gx0JUd>04iJ{!8=!nKZ)9Dyn0r{oDTqM=Y_+JN?HMq+s!%P_SS7_<%Qdo z_QcaL{Gly?;&ebJLsx>pQ1cONs6aZSBoqLd6R8U}T?8B`A*JS$$>wT_HYOwBNl+nT zN))1B|00t)AE1uDtx?`C0CXPDSJTWwZv>${J&!sMaH~U7l1F?h0Hx~x^~Pd|aP+U) z^7_h^&F0H)*{j3Zs4#79x2mx!tIW&ZpUsbiWO)zq6fkkC3;<=s%pRs6rnjc{RhJ`m z#s#3)X{=FMysVfmcgbGR*fso&iz`5G3{evYX^)cZgjED{)9c|AR0uZ4Hv0P@O}Ag&uV?ydd7ty`lDuW-UyX9L|F zh&3HG=AzgSl}~wbCXBg&3Pj>d0jzk@AAmG-)FydEvAsN#Qvx>KhF!^mCKv(R!EcaM z&U_`C8`N=&Gd)fH-&7<~7~UgU!AZw(fJFcvhQ@L+AT_PxUC_zZOUQaVNdmcEsGjru za;8et`bAIWZ%Nc#hDF{CUeD~RWdXF<4~7f#9W~Y4SdA_KMl-X+r`m43*b%F&+WGC7 zf4~^O=a@UqepB`KFv!|%aPARarUS^ykj47_8*$eGzeF3r3z`}^uv}6b{ zw(2LAyk=(q-zXp78Ty9xv~$op9{3rn_(jIAXV0Exe}Js5vYnJa4#vN35_`&U^Q$PM zVl?1K1eq-C64$Wo#hkp~AiKu>X&}_l#y|P!UjiM|uezLJI^efb>r2i1dWs3GK}6*S+^U z_BdmF-x%k|`Lox*r9$#N_dVyl=5@^i)^*l{)af%@Pt5z=_?%oGfZL~hj_KQP=a!iG zM7}YUOBIS+!w14+D^QGeiN+(6!;@THu>h3`?mIU}T=BM*d%pwrNV)|t3d#3!EZ3klOQVh&m5#pGLBpv zEqJ=)RxGfd%q6fHD7-J7V8w4fx7Mh!z7=cNVR}~LS|k0WxYTBi$JX~?^tus#Gelr3 z@)(?c%t0M1a=|NotYVkZ-Ee2eJ!Wm;B3pzGN9(>j&aQHT5v;P4wufAvMZk;cU1$gn zt$X%)GM8eo0uc$>slq%%Y-v&>$ zmY)vtu>l{9ym#nFaXpZeLnt=&{Z}y%ncscIJV|@8(ME{lZn@(QduZb%?egT*46*us zsB^Cw?e2c&DAX0EuoEXyy&?p3@|> z86guUK7)H;_u6}Z>J-(+9={4Fh>Svj@Mu=kOg}Up@QJxn^GOg2e zjfNCQt>bkL*77-zwA%+nLU7XZ*v4T|M}k@7J=^ZZ_m-7`3eP`Q2=zZ;gQUM08+Y}X za954Jajwx-|6mW*-vOlUDYy^yA=;telCS#?9=gfbB~Bk^Z^R0rpT0R>Ipv2y8x`>g zu=a0B{K0+)O()!+oQO0MP>@|uC{U7mfEUlLFv>p(`O~tt)eylb-(ws z?Z?!1|G5s;0z_fEu2n6xS@B?)$%}QSz%uy9@>W@X)S_4(4YBNq_a_w=N445<0@^AE zGskRIM)Wd>BX(s%cB9D$)t#aDK zy2_l|Q^~hJ*y`Z-v#@UKQ~$#7RnuIuuR2ccd6Z(sg^Gyx8RDu3R}Y>f(L> zRZ!iJ*+>*6tes2#{redpwMW_3uP)HjX1u~18>E=&G)HU_MtjA>tZa6yUmZE1bF&?z z>)v7#XO(w!aLIBAEXQKGgn3n>_4Gngcb6(O#`1^0s7)NEGhjD$huc2gKRQL6Nb#2q z?p_yBqxt^L4}MDhsoKa>eQW*7KHGj)*c-9G(J42nr-&~6_U(E_0`2)fC+YLR8Gjso z+wF-DcLKi*lTv)%`}UetpPKzVSxM)b`j1|^c6l(=<;Nted>5=_p4;c>zLl3jI_6>< z)R53oGO)JZI*5c~LD;kyYG`B_79W~o7tdXznjaArcT4`%vXsx?p9A=P>NQb!5T)b- zmduBW0?#`r0-5*~P@Y>kt^@p8Suo#SoJ&EAly_2`QuE43^%Gdiw2t~`np+YmbZG8{F`Gtk4 z#p(3lA?J%7IjpQ;Zsn(%#Im}L?aNiX*GG<&wTDN%Sx{Y^s+n2Z;KP#en*1pz{cOT&`>)>e#ovEY0|d}&&DoVy z8I}5VlT%vABU5u$j5pSa-HQ99^{xY%PSUT?Igh1@Ed9;8Nc|NnEm!TJAT1*al=u$! znJdrTYmsu4asl0J9L#+3EV4lnWnT?6Zq($CN?>CNo)hsbgb`u6hHPYH+}5)iK0p`N zN=^WuKtuD|v5n|Xdg zJHD}G;Xofz68y1eODazX%DLwBMH8#5HW{xE|>lxnh+0N zZOd~8-}?P*YkS;aieMU>p3Og+UKaeZ;BHN`pblcRBpCC2REaH7GQ~Y0+c??Z-%kN1 z3%CCqX>I-OGZTby!u5{jYC%>h={AEjl5#E>h`Mf}u1**!>*%{5l6^crKOjE7x-CHh z;V_!TkFjqU7|=773+yRHj#X4MZSe zFy&84MJ*#7+YR>S#?H>)?y3g04$RcDOr5x+{sME2D;{n?P^(*Og1(P3+IPjP#U&=^ z=X2hsvIYD?s5IyURc9^+nB!0rZ+vYv{%;^ zuJXa!YQW(72&cQdhvllA2Ax(}8{Uvjez4NiHP?)^0aZ{9;@L;`Nj>`J#GsKobb;v` zf8L_c^S9#VIbdLdUdz{V4Kex+rq;(LApee$6ju0b`~A{6M&p@E($)gYSy$KYyNtHq zzxVK5msU&U(Z>1G@NG0U=F+MBcyfDb+G>9~F)TFJU}^QU?GR@wvVexyAgMSl4HJQ2 z=uvRr*-?;04%&Et11q%|GG20ti;EMmyyrt+t}%%(_&L(691<37CVAsSZf@=Y6tWJk zcMH|Uz2lG7fvs>46S=jX550h<-m97W#scPvY;zIx{#mdT#EHhsqmdX9uYo}=t+mDW zlsLn55wz?M^U+6H&#CC(R?qg?C9DFfQP3juMpzw?%2emA8`!keC<%S?II!z^;IGDx(^Sf-6 zJ$;G>?yVhq>~rtzY-j5P+pVr`s0}x|p?1G}OifN(_aoo1Y9Y%uNHxYiGN$!&5uS`4 zp}~RL4~AaA+6(gcuq9ccVM0)9p9f@xiu}_&9cX)8ip7nOk*u~u6>{C??OK+Ph#p(b zqoc;W62kJqQX4sosBN`C1_|~1uX3Gl2x<+v%=ggeSKX4Ybm&)APP~u?h1X<{d5y`Q zx2`_E2g{@!o){b)qLRp$yY^)LsdBu8O4+CzZ0R_urRQEjeN{Ah&S^T!6W^Bpg!yh} zxK~v*=E;f$p)al23sp7ss{=mhm50mkP<^a-3ZvUPU-kC<1EXGCbz5qxH6f=$;gN!N z&pL;BLuG|vo#dFynlj0&F4Dtkbyq=2p=+7>&D7#zdRUmi!rqPrlHe9DJB+dj?I~Lm zWSE+qOwB5u=7a_YNy$-Bk6W@!-h1!=I{H@_6FoxvV2-_EZkI`T_LbaWc8%0pn6v>U z2alxMl1g-XZ7oF|JFBtgPGt!-b(e;Uc;2D+@@GamiN|NheDdJ}gny3ClJO6|3GCJ3 zR`3j){Mq0u83y)M#tdT4pNfk^gRY9D17XlK(yEN|aEWB)Hm)>mc=k-t?H2`xnp#~} zHr?f5FTi`anU=$O^ok)F#Fs9;DId{C+ z9qNcdOZ=`4AKzLtr`7qW{ptwGVMAemccC!``{MlvZ`(`1W`BJ_ z?5=m!9IRBqdGH(5kKt9iXIi=sCHMLTxXZP^+^AWJfxG@BrmxIZCD(W}%lKf+z+JY*zWx^!kb%?Sax}kX?Vc$P1 zCo&@=L?yoOLTG}paxn(e+loJn=i)sOY6X8CI_9Pvda$B0vNfX?lIkOQm{T9f$N@py z#JluSe$`580&4Ekl|b2n{{BqV^VA65n2dyx%08?~q=v?PF>7n=W?_0uT*^)&Pbb8{ z*oXj|p}vc!g^rmpF`?GS%GTR`YVywcTw%$|)@mAK^if&>a`abbq50Ghpn$sMn-W{? zIs$gT`9oOYGeZ-+43G1wNUXF_(Q4r&FVqJDNsA!&E0{O*;~V6HB}fLhCw|Z8L>{h1 zzzSsLZgTHe<`s=e;slHQsS_tU*!gEHN0ZrVxMzOnbozL!wjV6Km+e&y88$T9fS@SA zWu27X8q_tBa(G<_KURNYRmhD?{FdhE@izmGP&ykU>598kTqNMq^QhSD53M70C)U8O zqV6uLPdq$atNJHmq$xid{Z`Sc{Z9HlOoDByzi%hAI(5Vy4kuuE@G|e!qo@=Ma3KqI?+|ASq zgfQW&psb>UrtlFF5i#lyGP?p`9;^+9a zjOhLReF?CmG`uF!-bwq)zmBDRvhA$Q&tP4|E+{l z8)}OFd^|<%secoVbeX09yF!!e-wQ4O_e1{m!v61G7h-+*;(yixJo(>O_kVnK&+)^T zYNrHEzZNN09)NqprV=S%PM>$ZbH4%BgaY`_iMu*AL;Dl!4wAKd|r4Ux2ak7;yGsTBT!eW6`>Ji8t+Y9ZpKLCiHR7or~m|B_{ zYQg-gY^pZ=<)@iby*=D^JV+{L3QKCrl;GLoDHC#f0VI=Bb){=~EE*B$2wrb+zgZIc zEVP)EW3wn1s}17waM@R^|JD2YlIx`DDn)@P1Z2Fj>qvfASJ8ByLT+;KRS3RnPC65> zF9M27$1dWBeFJ#q-4W-Uu0N)dGJriRDiUHVC(kel+=CSTgQTM-7tT0Wgi5maL%t62 zxpXo_6G7(=3W>Ec_Q|QKG+)5PE$_>xNB=m5y|3q1e-#a455H6zd&c9oJ&?JOzW&IB z^&)fd9ESBVUt?0!(+JC*DR-LshqVfCvI!~+kD+Qt51;Eh=}f)W)YP7Zzf@3EsbQVU zy$>`84X+Wi{hP>yZK7obwn9E6;+9F)PJk4?ZA6NwtCZuic%auk^T28*A(2g zcYeyG?QP4Iu1ih4H!a&n{+v3~Rpzri=+zIf`)Ve$q@<+p4wUOdLv$zXX^XtC%zHSa zj4F09f_L+w2#$`70tM4O>8qTHfq2Bd8t+zBE&<;qZ{7T^qB|0svx!sl^Q`isUh7et zi&EDhTx~238KfNUeS+pRbNQ|&t+81pg%7Na0|U?lO?s!$+_b(hxY1hrr;UGmf(4oZ zC}4@zdN08qxEpvE70Ed}2b5;!=J+T(d;5GVCZ#^)(L7r}{qbjM7SFBQM^SVxBiF7} zRVj6={D==@-I(uFb{+O87A*cBUtB%++26#3bP^V{VMw!*c#YVC?iJh z!iHts)*UWztv4p>l@*jE(_lY=udg4WO=`r(p`ILI78IR zhBb1*IncwIsBXH`ZK1xta8@eYKA*9YlueyJw-L|6X3<+I38P*5bWK zu_~j-?E`&m!f?iGx!!}NG7Ccwtzo<>o4oBeX|h#y7m**Pj3>T@Pz0QXf+R{|)5YZ! z^{Fnn2wFozPX!66inj5OElT?Z-YG$h!D{GQZMu&9GHC;YgIjbOxV#Brt8WwOj&i|F zcz9S2W)Astwu6@apNJQSIScAZgv#UDg45f5Q}@=N%6DN<9?{B6BgI%z0Dojh-8rnN3;N5AP80 z*vN>M*en(Ew$ABX=q9L{AIb<_SqVw4rSQ@C$&Y#*cCa;mvEr^6*Y&DEZ`~R-`J=Z}XkW^)y@JQYKKrh(v)@1HmpoXw&O#<#k10lQ61v$)%kjbjr1$TE(I7{J z(3A2c%fVa99;*&Ok>J`Upkq1H`@5aGgM8ujZ$nMrN3^(b&^C&?`_M^pNA(Tmrf_&} zW@d+CesvOzI=xvtrt*|IccTuE5U_O#6E$(dWX1VoW6d9OtG=vB#2FS9)C)u3M=X9Gncd?p{S(LH5)b;G=b?*iOlPm3{JOfPe(esxY%j# zTX#n}xh);M@tC();Syul(J|>Y7IQgFZe;S#fdp4G@K;IU6j9W>mrR(7E%~J0^N~76 ziRr>4aJ~OQZPx5p+FcgKe7Vj~_PX zi0H5F>vKnm^j^Fir}U_&I{0Ik)WMPyP%=b}ZPmj!D^9@4hl`GkC&jfk2==m#UNjH>8E0d~bb$G!)>H(wP}< zlCK7?r-vswH?=;IWyx##^PZPi31Z?bnIKfI+1-@Nk_q;vlXNQ>MG?m^i%yubv0c^u z-AyuyV%?eSo0{FnvvTsJ`H>$}qW)YE+SbQRLV!ub8B}O~wnhJy1gA+SvI*l%wPSM2 z;KGP`OWBTPk!?03@p6Xzh5F|DdRa)v==jGuBzC(Ft=6{CQ&V%DU;cGzAQ9`q89lF_ z`Y4+camy$Pq*chsvMsjk1e>-=Btrj6l&tNaNN0Joe)5$TG~&Y-2#kxns@x5S+45IH z)t*=D2Ys^M(S7Td&6`zy#`u&K!|)fR(t+iN zzmD#0G)W~0Q^hP|iH}D-y3fRjxW0miu)ej`@^-~MSMp%B<7iP~;pfN<|Agqn+gt7zr-?$ zHX-4r3DX*l*4C&4mUXUK3(=CkL~_p$c^u#O4vT)BPbDH(RO}?MHnG+6*9WT4CaTxu zLn6((NPS_r7+|2TplwC*T+Xwp#D~0K`vLPT-5LWn7taIRy(7i5uqltHv&yCxz zuZIT5=3Ua!p_Mr7`Fm=5%4#Y<(M%@)mEYAdKOikb&`$eC6Z_>>0n`j4Flx$mA36D* z#z3l~@^19zAFkKZ`mK1usjcA^cAyD}o9BXOn|l#ZMx~viH2*%7tohU=CIY0g+%yTG z(aIpbFDJ>ovj&Yy)Oq{e=KKh|rM@Hh!Hy&tt*OI|MrP#M)wvO+vW z=^Sp=4~aV5!KpO^Z3|G-l&+&Jf8erIuia&jc<_V-Hzk`u_ZgS>H{`hu2AjLT8!-$% z?99{5!`MSF2pSLvhofa|@wIyU%D&_v!${2AJq{!el3mXk>PxM>4ga*g@T z@gChgmG&5JbvgrFOxlEn03Gs|YRR{uw^oN=EsOVWadJkm*2Rl+WR2tR$pqQUK#
qV+wQP9yr9Z@*scW8B(Kqi!QB zZ%7`79PDpm>2^By>G)Tlc0XBt-zXoFt$(6Q$}FaCA-jO>rZ}MCc-Slm zR3|G?A7(R?nFceD!4m#cg6j$Tzm(vnv~T{q1oy%{D|;ghi^bN>o%tLZi-vGrve%p+ z9+AN8>FEg&KdU_TM~DG56@H_r*rh8Z~8Tr*0a7Y z+I%%Y1coRnU;-?;e8vV1+|$x5e*T*3&0P4?Ep+A~C~-{__?KVuwE5iKkA<+RsI1*i zGD$Qh;4>mO0qs&ID&akuRC%xmu{1~~MO|?4*zvUx@LGNX&h#fZwtU=95CAe8P9lhIt6$Xv zVCjbd9YP5^HObWmy-3y-|JrtH_lXu90P572&;M7BfOMTKOF4 z9MAM1;XSVj>d1$bF7_KCqP?p|XOXwK~l(?Pk3~?Sl<{-n-=&RETZmLmX;ye9?|hEXCF>YVhHMn}qJVrm~Lf>5?K9 zA|b4AzE&a9Hh?63Y-d;9ELUoa{?zwXzsklJd~=_E9#WMHW+Ra~-r_kh%fTXB&*~uu zN5`%&NA|SvR$bpFH@LXksG6ZZ% zA&{&XIi z5zKgz=SEr$VmD8sa{rYa8F3I|f*7V|XEUSv@51nVRmiW;#CIEY*BJXKdQ0L6 zy(zJKUZ{(%cZ|ml3XDZ6D#&z!yw*rS^+7)EMn{xG#7{xFDfg;E4C|lO{hqqVfBor zsa&w8>JzSbdF9?x2C_DO1MHYR&}$XKF5-neDLWG`~J z1U~3XLOdvqd1IL{OG1fPQcO(;W1r8@krg9~$U7era!C;NVW1GFDQeQK_W1E*@}Gi| zHZ?Jko6_)XeX$|&=Iv|ub_zjyN%VG%1Bdbk)WCewF24##3G&nL-xr`#!0OcL)2d$5 ztu$;vvT3;KW*Vc`7{~y_bFsYD=AbTtWrjF7N0)0sFtsL8^ze%N%X$KE+;qQwf`bqCyeO7 zL0{ssUr%RLBv|T&O7QV`*6S`p;8VW5tFtjXs3#;Oq#zoebHKp7Y>Q9n+^B-ud zzWo1#s+T4MK`Kw{$xCm;YV|{J&mwU4$;l>%O{0K5@tbpLKKm2y7~2cxr5|hZ6VuzH zGY(PPg;x46(D#(RCj`%25vUc&wO>lmub$Va-dieL|BcQ^CnrmXOis>bj>{a!>*YTM z?*I-dM${_hhiC6Bmt9V*Y)0&W{GwNobBDv<;z5ZC| zu+K;%*v@Eu6LHuzw1i6aZ}=F>3Q=ixe0ND>NGK_0d0tA%44h@S7oj8}YQ4%T2GR>V zoOijg`%0M=c>S2YdPK~6unz$z6&%7!&V2+S2LfG(v|9WSDp1Qd<`wgQS_(8loLgXF z!FY9w1C53m-M2mkrB1e$Z`sY@u!|k!>=#_9{^=Q>>8m1R0qv5x7uYWdtn5Ux zYQ@Vy1hOg22`DZ$K7dWEyu8B7#J;r9WOJp@`N1loJ^6(*%bxc8a>w6fO!FQXf;DA< z-b5Hlf$?h2I8cd8>q+zmI3D8!M$$pEna4)!;oQWPV$D6`wkq5eLU%ECctpaR8()C< zk_6u8|4sYTq3!mve^Ul!EmO9)qquc|o|to*f$3$6AQ%f6{ORAdv=)K|@&OK{9CuDG zvC!v9X zfq(50agcfighhO2HUJ^;@9kzNDhika*^_+m^Yil;A@Qo;gXv{y=^1FPmo;^KDm?xG z%;F_OuT%O*obd(_7@6_3K`LRLmR>sLi|HfD4+4RbpBz9LIMkfGlCN2Tzvu$#5* z`J-z@$N29c5h^H1vibN(0fZND-yvNNlx0g4Hhkc#L${+?Ze4Whs}7%P5n~`AGf#XH8nS$K0NG|mYPOfkIuHE`TkuRiMK6l8fz~TLI0ulr83uK z7%LG+DZWr2c;h_0T2elUMSq!Ke+JT@8YqBai6+;Cg>~FL-L0TN$eQ*_(sDt^bl#sy zFnQO=e2Tz5w^&u*GUgxu%F1e&D4E+YWmkIs=^&z@coJ_Di~S=QLg=>?*IzY!S|3=I zUxEHZ1yWGNP;meE@`wLb{QkU`|J5%4yompmdjGtL|NoWOuVx!{v?jC5nTgFV&y zyT8y>ALr%nq;oV-RbM|F${4AP4-_Quxphk`yG2<>ZA(?d!-lBcg);rBZH-)gj6!sD zbfCWXR8zR9*WJPOrEJgXqVzoTct|Lqij;>a)G3fN<#CX*PmP&;RwH)AP`@T)reUpS z_sA~=nV(L_NF-vuAd;XNFXB}HdoMZpx^ldz*2>C?GHxM7E?9_ke_x?5Y66^i=8qq5 zZ;TwI>CV&vThsTMMGhvKf}*Ad+Sd8=zhkj<%F|oUHuTp;M99m*U%|>o-rZ94QcCY( zYl4I#mrhcXS0QrjT`_oJ-MP|D!3?lCj$$mGS-J0?{LtkRq`AvU@{l*PzLQj^0ynICz zLGXR^Mm)Kau)=AElY>J(*TA0)MH(Bk)QERo=A*j0`IQdanwq-c0b(k%k%Of$ly7fY zCSJmGv&fE?c4=#S7at-uxTLDcGmX7ao3`cY;VpiMWunLvcq^{+rK-vh)I-bOY%Lm- zLHN>~{QNR$X=$yhV!A25xcAdf|Faf=iqr%s+!gEi?rMP|*@d8cxQJ5%H^ z-utBKJlW#%sHMk-bb;=Y<9g|H0@D@S>f$nMdXA?l_6`OFU5|B$OG`_KMMb6B!u0Ig zmq%KS7<3DBa&FZ%Gzjld{ZPahBhFuNG87T1Xf+BPHxRJNbb1+!Bc6uKMYNuIVq#*= zjg2d>BOAh}YF`~)-Po`yU6`4iYy#FGAt9kv+dsXd5{barjZ{{kUrD`Wkqi3Sw%Ful zQ}b^RWAz^oBk`XPV-#IOlcb&ddXh-YXoYSP)b8e)1LCivl$*pK@9)Cox1U2patxx* zs?VQ44|Ih2v4c1iHY7Ckxv6Q&uU~zHp|bqCn!f>G4Pv)w>+0e))zp&q_V#-7O{Co2 z+@hK^H8m{{4^SW8zgL64WO&j`|NN8L7BANP-eGrAP z9HB36bHZ0!b<4_kZH@V`i-~!Ph>8-XW9@~)KWWb@Goibrm}$e zT3lQNv(TDpiw8=;(jhu3>TwZNeZTKX;{TxhG3wu-GD) z{0@Hox+d2!_U+^2c+uz)F1l~PGr0~s_^Yd{mw4|VH*!*D9~c^norW80xwSX~!wt1S z#J>pl0f*Xc>MWe5+9nju%~?U}lD~1FmJ402#J=3n#Kc6sZRf(7_o1Q1aq&K4JR2w; z3`3-oOv3uQ^TKGg!Idj>Al0odFKa%3{#MkbN?*)nUKLt;{HPhMOM@^7d^R{Qa>6mN z9!M{oZPpx7xjBen6P(Ay3=5^yxP(Dz51ZpxR_Lf=Tak{g$&^>4!UNVpu z71fW9zOuS?wnGqam;yJDjg@uw=VulLc@Y-47#p*lG7#1Z%a?j@jT}w&8)4y&Ck~a_ zM`E$D`eoFeyfu5t8W|yGU^8F7JlP=P+jBPVY5mmjQGB<(?e+ZOcZ|CmMn|gf`!T5kQ@B68UBd2$a-2RDN1&PVea$d!VPMH(2dirmmp@ zMfu4;f1Uut!}M*Ko10s&O}93+w|6Hxt~hy$LvIf(LO_QCX2(X{%7TgfC#d4as*IYNMfJz)2B~E=v>d* zz9aROfs3KSG1dL}F$=b3e#Cae-N@KD4=!6;YTRe&${EBUGI)$CV~mcJj_nA27yRadcFYFjnIeIJR}Bx=eUl_@%Q0-bp6-sp%q~96mcC zIy16&sDhGG z(e|zzM92^C-gRi{7-^X%fSOF`MMI%!HrPaLI!y7L+g+;3U$IezC+bsi@ zWa_cMUl-0+Nkn9Ttatu()F8`#3}^0B+uhNg$K1}|OQ*gGdr;8f5fRq-JR?!3=@I}s zlW@A=O=B5$>-Xxde~KVE+G_?E2QnVVXKz((58E1juvqi+il}L@SgSX7rCqZb{p6}o zOR}M+I0Nk^I+<`m&d>`f@$m5IS9^qilr@c?3IqX^XWtO5ldlHm*;8u!wk?6X(;^X- z4hI<>&JFQfvqu~vwbt=BWv|~Da4|C*Q_=Edu1tKj6tLb|H6xAtBf%O~hf2?hB02T= zE!s4#t+TU+!Jf!|prW!e3j`{&+iw4Huz*mCN5Rg!A^5_dK>(r_^(=j$7;&p_WuigZ z3}hnYY{z{D2@g%hNS^R&lp@CZ5-S8$`7Q|TfRvsA8p(#A;^dY*JNs5gOaWo2< zfc|oAZ2fn`_wO3V-+Y}v;sGb5U-0DB>e^aQx^nqd1_lVRqTIT-YufTG2nPAA;Dr>) zt|}!Z<=eNxn_$dfL>kYY{XWLR`u0A7hPyTYQO*EP4T9+$AQ~FV zcgm06=@<^5?5^2b7(%y8?kd5>Ul?*#eenVT7z<$MWA)zeu>p#`0S<4zUVHQPi6}dL zrO8J85N4pr43<}nUKbV?hS!pMf&H=N=KMf9A2S#z2Eq*8#AztHuu!yx10=)^Wc#&&U&y4;LSw8Z$F9^7v1r6aeQ8<_Ugv)e#U|tFx5VEJ_%jk@75K514m}!^91D z&)u8Xu63+OcEO%i(ne+f>z-b0Q|w(&_i5_p69cmq|{YdSh0%YaXv!_Ex9EG;j8ur|}KBP;6%0qZjs>kqdoCrwc* zzc3H*H}TikH>arWa%*d~$-#cQEglV?BVdS^lT+Q!F5&7`eIPySOZEw>$$VQKewIH; zJk#EQngBad$Jp{i_@o!g!H2LZlHp;gEejbvYN55Qnj^T)&4lfSGvR-@Zr;=dd>&Hc z^OBlLG6x`yuYXw#wf_40n0~Q&ppfn0EwBz>UyPcKO%8l>#HK+u-`1wz!SPQ#iyn3@ zd^RonBtuZ$$Y|uby*)1_r9U11LGMbnGyb`0q-~40(E6U_A-1@1Yo5xT+H!VjxZaC5 zK@yeT=kPT-B?TO^xkCcnH>is*v1n&3o@)qZ>Q0iOBqzefGuxAs&*8e)I>S zqZWk$fs$V%4evpZO@*Jg%Z5Z^92!?dONzU>@3OzpUnoOO9YjW95EdXqrmH@vkJE@G z?4gMX`{dQGPc$F?rd(dKBc*T2iq4(nSP!{Yee(MC6Ccieb#YOV*dNh*EJ5T*U=ULe z8}$rjy!Ln3BWVxz>aCG6re>aj`5Oa~BNUxWGrav(@xr^KEmhIN%CRnm(mt40OvO^! zvmwJrxb8IDyalmbTxsk3cO`Yv;y!A?hTrDn``QxCUuZX?|D&!hi(9Nm@7Zs*)U>px zjUl_?DI7<3EYpp!F3dM?J`z!2k(6YF-NtUeUQvd#+^G+w_g@$)1N?K3Z8$9KIsDMX zXF0}K0RdDLPu6EUw>O9E3w;hHhh4|cKT1<)WoI`ftwz0NAAM1ZwLw8g|5Cbr`h7JtK3ZM7yBR?f11bHs%r8<^Xw20Gv18(ltf-=`yu#oV?hYue7YUZtZpspUW z8WS(>{ugwWai$C@DJvIPb(?SR?rxFPtJtZjSJkR6U7ETqVEK=zsAz%H%wy=`9#8P3 z;V_A*|MBCOKa+PYVB|u}&Sw;>ktZNHyhfv`Xn1jDcsBjPp`n!_dtygV&qqo|w|f9s~ zS65g{>e|{GcwlN16BCNTNbCoq)5`CM;-uLWy2zB~=H`a6gH2&GQ%KS15>cC1f*2(} z0HV(lFP7Y$=Qk{Wai6I6?xmessP_GF9KGmZQ1FBqwly62+58#M0S#F3_Y$jaEm@<3gI#-ADX$Ydl}eQO zN1ZY=FYjwguw-_N{RfMt3MY&38lA|QG@PXddr0H+{$h)>z_#=G9E>!zQ=V~bm~M@Q zj5dic*TdcY>*y#WxGrf`)lUkQ>NmN$zcRQEzhaiT9+t?_WvHhYea9ZK`o)EX1-JRa zhA@^|78aHj@EO0>=eplP3QaXsUw<61y}u^sL#sKha4+W6)4hJB<8$haNOmqR`e3Pp z@}_&QA(3a{;h~0LPcgZ*10fWC_UmkC$`Oi#gM-Zcd^r#@gZYa}8r%KPGRZnQ@dN*q zH{VY$Qr_$wZ-Gqv+2c(oua>m(USwW+(hx;B6ncZ`mbubE-=V*pkKj#Fii z6tOvb@zPB$wnU1`X^SMh>dKLUaH$Rx$s*x2~O!9fju_OJa|_DgTQbYjP{6iM10 z=`D*0v3o-vc^xy)Om;}5amW@dp&ZfpusM>KoqA&Ms#&T6G2R6K8Q-NrkHfMx~N4r)xyKM}8a)jSE1yr8~%)nta3GP(CT5 zJ+zKDh|X2U>c*NPE2amBw`v@R3}apO<4@YgUN~nJ!0&#Le38Xu%sq`=4XRmD&)q$x&TJO94NIQ6ZsZ&Fs) zIdGG&+w9HEj!{uj_4F7@)qEm`hlKnkBO`;U@%8nUxvs`=B-wV@_btZ{@{iI4ga-;A zV`pdo``9sNNl9G$)1#}$b!Ui(Cr>Egl){~Jn)ekSJ$mWyFIS^^{YY(76CF@+5a(kgrpFVvN{mse8cdoS5<+ZW1tK8_5 z3*?Vzh`v8E7n1-N6EeA^5J_um>!%hL`HpdWhegH~CpTp~GqbZk2j6UIZkB=PsQ-8c zeTQ?jr{^MYP(Og#3`;qCsUe7-w%e34_z~-CP0l*FN~(H#zPpQ9m7V01vx&~hMAT>h zr@kbTM`|i7Vh}>lA0hvAGe7iv)_ynr2PlTW6LlV4$!=eE<_;D(d16^7mV+=g^*%jacBD1KG*}8kQrfhGxv-1_$BQrp%sc87De=b~j13n=&BO}X8j%n)Y zg9oWicYb_`?1FRRoP#KROjfqudY94Cp!Dcq?-A$5c2tEQi8CKdSQ6)0#}4j2HtH&S zEoA0mGIV6H&&gMkcDJdafl?hBBV->S5L^ISz$mC8Ge}J{Qb7Qvv%IpR&4I6+W&q-Y zLbX|JKU`L@GmV-xT)|^vsEl&?J=4^ z$=2!mbz6rUXP*w1Sp95j`Ud%HkL;D3np#@uK#yaSX90kDYHAys+(@acl$|JyiI4;y z;kD9@@A)-(>N{1XrPOfdf`Wnt7))K2`&xnbzDJI3;a~8;m-(K()jnI_*QcGDp8h2@ z75-JPrIpp!UbI<3sW#J*lq|J8%d5G1#roWaJNCJM{Tf-=Arc6AxhBT1Dl7F%N=uWo zvgD`k^GZ;U>Ogxw{U0qYt%AbB&hobM(9jEj4B$vRXIlFO zl{JL#+)>vPl8)Tf(bD2}lcHh1p_1@%%-g`9984fvxh(1R_wlogIlXi}(ms(Lg5H8g z2Jj!n>Mnsm_%J)0)L-zl+A+-1z~$z)IR%9Zv9OsN8oG&g7F9!7n(76 zp{1kaA4=-0szKJo!H$Jsvc(;FxxCB_J!jwR17nvPm>O_v-WKb3pm{ zj3Tdm8J$h}SW;N1&BcEaUszo|Gvz8!mxk>OT{SJqr=)lZN=SXVJnMN3?PFP4*-wqB zO|KYERgNBIMpD=&aFA^)yG&F~D_neu3CL&e{dW(p#~b%qg-(O#xfbqnjf3N)h)6br z0<>YE2Jabz87(b)d6A46t)7{t?CkvgGxCQ3AK$CAG`5^v+fRumFF$=!opLyKZ0CiG z3t{CdWC<}bbU&Y~-xbM{nt?2jnT8&SP4y`!RG7cfQs8f4#Hpc<4prN^Ys_X?AtZ&- zs*_1x60V7uM-o#xwVx-n(#eK0ky1Gi0mLT}tt0JfZCyc`@ArR*w#1R^nPrx-ChmoJe0o(K6QVKtFw z91)uS_A1(z)SXV9e%2;-OR221!ey!CV)-HUxeZ#E)qhyepEPfY3IaY8B9q(S$Fl56 z{lNL!9=$gjg~i#q%w$a(1z&it$sUX;DXAS8IO**j!_@y_<1OVGy0;mL-gE#;U#w1Y zu(BH7d-38nB=z04zRGk#*u2g)D030<-^8PHb1&7`#|X1p#^q2yj|yk8ik)QsM49N=@{yPeE2D5H7& zxGhT9-Z-D(G}&f$Gv{y|k{X&lM~@zTYG?QA?c2YVqVF8DvWo2N>+@rl>51Ix^h=Kv zfUNT&JQYkf2>_NN?ykdM6ZL^ar2C0`*mb^VKThneHuG*D>@NLUSa?%eDQbxGx&jOd z(Z$8Tl#{dRh@nYoZiSwts6jVIE0zCYMe5zsvUU96;D?eDf&L+}Uyx@kZ*FSuJoZVu zV6;ee&1Z+tqV4L(EBwdVRT6%HT=Qak`CLnkAl3c*_bDb7OBV()^xWLsj}#T(6c+M9 z9J?0U_{7rk9q`v=0Faq^8JtK{0fyTZv(q|~mV}GYGnz~J*mENuK_5BV75mBKo{GZ- z$9?CMGL{VYVi5yO?TSZ_zF`!0)7i^ivtP`8+|zaa5QW2eTW__%LCh~`S=>IA)QVJZ zk##^KwTKT^*64>bEYP3sXpW6FBbJnh#prt9frRm)I;V?d7y1GSLTZq0%)&V{-;S-JPu{ zEj8LNkqqY_tF%+x_xo@7%`V>_~QN0*k@ z_`#z`Cm>KieL5aIJ$++-xI$w={7*bd{psW9Cy{0_K2Ei>Pg3$3?D@L>%GODXWD|?n zeXN*NBewo-76#ae|9ublR!&|0{N|F>m$-1@D_RT29gSjw`f@I+&TaL z{rjjpW~U&f948XH7mEHL_TDn8%Bb5P-H0eiNp}lKOLs_1N+?K&G@I^Lx6Y&9 z?(XiAuDdw@an5<~r~CEZG439Yp<~P5JkMHl&H0PD)`Rc{fSJVoOy}SFfucWweyTr_ ztH9-U{o(O?9V}>#s5`fvHh>Az)6)To`3cfBA0OXa0)m2Z#Lq%0Px2{za7s$72AM5= zQcVN0va+Fb(&(KwctL1dL1wwTGsVOn*Sc&R9BcK*P3^!5P`)JH8Mey^zgt^b@d7NJ zl!F5s*dFcKvWX`Htiu3K5rUuuGY+7kOm;-E&yjg81#LIc;)0!gBk4^7!UWUuB91dfL{!kJ(?H!^0 z;`xQ)NEXT;r>=_%(e0wo-D4aNCQ7fz{eRfWvUyfpLT%G;ikYCcWXBZ&0k;@e8)R8{ ztcEWlnsH&2bFyyl?$-OFWhyV0`}_JpSHv48Cd*ADu$L8pCPml4U(wNd4suLPOd7Sn z@~rs}k3fk;!b684A+g*vc9sR5bt|BM{A}zGFfry|B~xi>X@RR322%XgGK|%suWX`C zqqQ$c+LgOU!o|RvNm4n5d+R8;xy)BrbNW5@K_*4Ng4q~{O<-emYTNC_V}IsG#;DV}Spj}M}x zOv9ghSI-;_A;BxLrrBF4Kwc_GzCg8v1@17|n@$GEUTf>LQ5;Ak|}nv16dP=miKLAPm<5f8jlt>KE=4Fm>p+4HFd|(kem!T#gpFE1N%MDFVF$#=@d_ zF)U(IncBwD(LX(1A@$O`Mj$xr*cqrUFBut&C4mQRYKaVmrxCdz($emuaOZNrW$Vym z21Pp*EO82Qa>W9imBvjYz#ePr>hk%RFgJ#YBDF53#$z98=k4>JmUhf$G~GX|*KPDZ z_6!Rxk5|8~oAP!k*nZ>82u3Rd*n8ZFVq~mJl_(=bBqZ7Z7bWq#VuLyjj}$fRh8^5_ z0!|ckaKHu@0xUt)4_c^&AVCt0`MB`PW^t+*J4hK7dA zW+Qj5Vh`BWxC8|Hz=f0i^y#C40VS}RBcq}M07ryGG{2i|bmav5%|B~vhv(Hn$@7&kI-Xuulu&CaIU%%uek_WJr-2Utmxva(_z?*a4c6c~o-pnhRc$s8!v2>-iy zgb^|~r-$fV>}f|vNBe@c1-^9k{^p#&YqqTo9W*G2>FSa_Urb_RFfzeZL1P-P%?3Q9 zc9R>_{lEqEagcIz<7sJ4Yro;*=FUh@Ck7cSGb;=3;^Knmi4nT7v9SgmS6~+jeffeF zM#%jW;FOMz5T$RiGk|FVCNl#DF(f1;3VA36Ty921#Y=#DM8W0K($QJpUt34Z>ciZ; zZwIrOUQ>e$%E)^fnpP00qf1N0)i~5aqo%+O=mz}43Pbo~N{iArZ8cNCY~=FgcbD=TXUkRd^d=Ca?z%+JpUdgl-C*Qn&|>{!34 zWR)4ib)e8tU}il_q+GzLI(wv|(h>$I?R3?Mii?x+xxs_h3twPcKpuX}{j=6))RGZ$ zyLXO?jm-oa7nt~fU|v{O*1*017f^;bsY;WlS1zwmh0M(MD-|l6`i6a@>Z@O9_Di}0 zW!@Kvo6k}iXqW*0TE?G0FG1^x0*9gR1gr(zZ7!@G<%V;7YHB#Dz%>MD!TZcIz=L?! zZ-Ko(Q}4(G$iIS`S`bL0_y5Mj!C1ExeygSnpU#&1uB-dQdcBLLKMNQ^fD@B(s%TYR zRpgZh1|ooG^P-WEgoC^Sim>VAx5-H`9M9jwZuS-EPp>B@CjkZ#)zBaWVlSLO^&h0e z@DraHiCfZ0$Ih~Nor3!?$2@g_~VF48ojGwrI0yFTbf`ILtQB{SF zfPiBKx*uhL^XIzLa~1rH=wA;8Wm`Llmn?SOL``XB9q;|M1qK@C-aeA*4DI90u4`M zi57zrjsJ$UcJI6*GBR>*US8|&c#bQP=tSbt9JO%RWF-ol$=Ex9qI7^?^n8OLE?HPu zq7DPq)5Ef!S<(RZ7~@e%Rc*vw@jmTtZ|o9g+9;N?cN*U};clwpx9GILAIa7yVI9bhP` z)}GCqrE=>mH8_L$3zw<^trDtL=6KJa1H<}0XD}fyj#fJ&s8dg)QOyM!RdC-~5E;n~ z3?kPgbYA;CHuHs=k9gVuUdbeKU@7J)uLsN?(W{oe1)60S2;1mWoM7aYXB6iMayt-> z{Q;3$1HwH7GBZ1?4}LF~?N&%%87S4N^j*M8E4AOpz6V{5kna(a1I#94&w-epD_N=g zM|Q#2Z#FtPnTSdz?zst!lx+0{5)#tsUO|cQJ9ORFpT0BImL$O73keHz2oTk)sjb!9 z9m{GAt2t!UNWZmtf;i`Fk7Y@h>32H-+fBUIPV4jMx1gOS|CASybwJ379S&xGfNn=( zhz_7(3Yp?S#YFJ+oz7XSuBgxfTq-#`DEKWdu2(#(5luJ(D#>#WIhZMf1wrAJno0s} z1C^ZRNdgKAeZI>X{h20rf-n+6lz5pp7#K=2sRFPH3VTe}nVJ5254X!`SXf1qJiS1d zm2h_E25nzHVA%`Nb9ni8lLEWQ{ncdUql=Sf>dy`8M(Re z1e_KfVDxmqfB$p!435dMgMqUJ!^W;ja`PZ#2jwTfl+< zK#i8->;I&g?#(6F<7b#%3Y~W_s0HXFxJU8^o$3Doib)tAjI#z{^ZP2#rE|2Y{|3mh zWposcS}sXQV#pUu3)gaD`uf*5i{|YztTe+bw zXjQmAD93_$`4hXSTGj4vZu$Zb2Lc+;T0zG~lyzlQ)viPQ;?jTNkCc%!NfpIBH_Mj* zh=Hb7&}R1n3O#%-77`M?divdt^{5FPH?u%O1a4{@5Ux%JIkjOUwj)6o0R|#CyD1h4CI6L+Pe@U-mjl=>oz{QZyNz!^7AuF$$v&Eb#--m zTLbaaJinCERQ+tH3crCn3HWM#dU4Si&zb`awSu!+5Ln+?@W3B8x8f(z<7osS1s3QQ z5*BWQ17Ysu>blzcnxq3bc9lFiRKPW;;QuY%*}1UMf$4`?>}L%b8IXm1?bXX*?rny&ibzfe^C$K0H6O%05c0x9?&&_Z((Y` zSb?naKK)8Qy|Ix9{6K_cg?2#=z!OA7M6~^h_LBh016;Ccz1RsX7X)BqKg*lf0bsCTpqVXrKEaxLj%S5TaK_8{0lwPY z7$5(UeANAG@(9a6asM1t*Q+BjLqjTJmmRWbE&$CB=BrVGLeU}3)Hq=_TOjLETv7sT zw@Fvx(dtL~XH@-ya|^%kJBxw4P#N_n?cHD07m=wK(M`U4()^OZ*{T{A6XW4vX0Fw} zJ2Fw<#?G(446N$jQ+sV{VIdCgl%9cs9fhm@3wR>JpXQ}LbF#y=N7F>a+T+Gr1*k3b zJXv6FtFdu>?-O8Sz^uKPVh;?bxKbotvIDZ4|G`!XksO^2JerVZu$J=u*ShRoIZBoe9<#9QaVg9a*0{|*&XTz zh+iA%B^`0BsEq|NsMgs#Fi_Zyga2@$*b07d`k(98fC<2gh{T&v9i6l<2|I_?S6{@% zUxBkPCV8A7?~m<0ivsDfgW(#}cJnen!~dTN)e}q~>JQxs9=w= z3dM8{eBSE?^V>pLyX?X9vDVg)RyA{4>R_&#Hl~;Mz6-9|)4{s0BJ z@{a0Xlkx9V`@@cUh1+uT>8wY@g*dbK=z;$(38yLL_b3GS>D&<~WA}5Q{3`Q*?+hmt zDvE3oDK}=v#>?uaez??MR!b2{Cq8?D4DX&U04GU>mJ>{JOmi&nWB-ahF=`em*hxVx{IsMmfBj1AP z268WOC4ki76FNBP*()SkEdZR1?}mo?2hKq8du9NDg^+^gh~sj?0E?&}5lydM_+tYC z0v=tse)|Umyu1NT$G{W|1V^QY5c9txBTMJxmHG)9*I$4pq3hk8R2=}IK;i}H58!r~ z$475w$D`!xdlqH8eQ+j98|X9r3D##^e7s2`BPZHJ|#l79T;m^aAcKRCk=cu6wqNLD^MP zR|kqK3fO1wp}rLO=mHcO1r3dmswxhE9+2ZGhXQt{o)I}%oju=KR8>`5z}dVx2Au&G zl+~uUkF1lnfdK(K!@;g+Z_y&xHb~j?l>E=j7@|jw`X8VF|1aSG10xWzIv567 zRIO%mUp18Y@jr7Jz&3OG(9OyFhONbl>i_GL+MY-R^B-}nsj8l!zi=Ws^G$u1vf)dj z<31%}#$(riE*AXKhF7&~53#8}MU`1gZQrR;kuf!jL;rVpUKQfRGEAAhMjaJui~o;R z#ioONdHMPAZhFwwLQf{Zg6}_<)TkFFc3{-g7K_U1@uuS53vZAlmjfWnS-1 z%eo+jORD_euK3YTOQTA)goqFF!Ew(iBm`;FEKam;Mdm+J#O*lV!D0ISRY~I24(3$E zN-Hip8!lvJe>aR3p_j*3;t$h*CWH(@qB6-p_gDFY_4aSf5Dee*IwK(?*}VytOs&x% z_=7%$=^%}I$BS!pWM9)8`=n5Ea(tz3!lz3qheIn9=Dep(zmnK{fjCo zryh=>-@k9KTb6iEFm0b)*mbK|Hv524xSsZGK8&@!$8x_rqB{X2f0ycsk+m7k$;-oI z?NHIqUoGD{azZ*Ys|pMi1WE&}0C~Cg)$!9FhWCEq{sc`P+XmmaaaPNwmyVemrc=KK zF^l-G3}P+o%h+*ccZ5J74Yg~oNqnB4HfO3+)Waeb(ji{k%UUq{6e0~*XTR0DAIeib zx`#xlPZsY=TH7ZPhMOB-^zMG6?Z(B&U0G)03)(3aBII>NJ9c}dpdX}EecG&tc=<%x zHQX=Z&@SU)6NflHKH?5hX0KJEHc#;gB)q(K(o=PMEBwL@jb(;l3!Sxb%ehR_2W+{) z6{N*)^={O)Gz*=Y;`qLWt=FBt&Sk@+_1Wp%NT%bjnB&U+WMZlFu|j3@Yt+lG`*;kr zy<E!oCTZ(ZiYIfUHs)aI%hMhRu$!9_E4g*WZ4#`M2F10S}_JBaCNi4 z^*>M=zU0$PCc_R^Q2hEsf17cw`tWXaVJzR~KAhwM!$J;)Hg&P=;MlZ#_jh9vJF(UW z0<_l0(&|b-)pu>9SnTb}!~p2**VRCS~z? z2_0oqA)H39)n7~%hUXVcqMmU!>$m7%YIFFtF_o^R8zcBQE@%Xz9S0s!S(uOCJ*?HS$Kd+! zGHK_SCydd804ucKP{u1Z5ivo1-in!>Nbs=ra!<*jpT>(ncfB8||DF&2ndW+SvjmuIdw zoTlND$Tw~kjW(IjFq1yPwhyQ%C`(eEzs<3nK%xy3~yx`C!~(UX;pUE9auOa35u zHDr2Q?zA6};$^bWt^#yCYj|ceuT8~DbT2yF5e+G5*&vXKp(0d@%(j!;@^A+|2w5`wU8#2BgR4~h`r|Xt3+|vW|T`PJ1*h2K^>3_4aXK#G1N-JBhBNb}m64GPk zh&?S)8=m@pe~67sFRO*)hU+Y?h|rN7(V3W-+TVn$jc^@X8cmO(;yu5x^N-I%VASqa zxY2lrzItIq+}hLgd18WnMOcc*jc?(D>xvp z)6E+I1VI1P_GO?|}{W)w+nxZUuEM?4Xe z66YAwl=1~FjA{-kL#t})3G1GgO%Q5VbkPQ@8xdI83P(E#L|nobOy*ng zF8s;qOUQH5zo}Nq^~s6*W^<{RzY8$u(r~at|2<+-+es!%P~P- zE?lfaEvP*qvjBdU4qxQaI^Ep@1o8z+4)rX~CeG|rys$NVsh(V_d&4QC=GtxLqFd!}o zdF+Wv+#25ih8O0*aeXj|^TBnDi;$lvyrV*(J2|h176)I&Exb_8Q`ZY}5I) z1lJf>KxK+f#nRlb*frq@2P>tJfdLG5CX4jy^=vT6 zKVebp4904t1{(&1gl+GC!@ zeVqa76m&Vfqd(r1mGj@~K^Ery`U4YMYE<^YN~C8>kfy&p1OnFBo?8mYJi_$Y>-}E{ zz5p$PwD~$;%kWet5Rc4r)botcW3E&wOQ|@!7$%lcd-R6T>+z@;nwg;sLQmfs!E|*X zg%B2UZT)~U!P#fz58{8NK${Z=Vv))ww|QL(5rnjy+Tuh5U^z0g@bjU29U?S~=Tgo! zGYf%8{c8}->X>->y9-4`!XHz+Wa$qfvewscq4x6|1`%s6d%@n&r~4R!XusVl+kXRa zZcp*$5*d^1Z#iwTd&=v;@m1Ak8wn{K z{s%}~dwT@dWRyhB7E6nV|12Q5yyozRa=6|Q5_wQ+S4_pQhNv~Ww)iC~)Sgu6(N{OS zkGsKWmR;?bRBpaCFJdS&zElngdE?tygp5y+7}}=~j{G5od=mYrY$d>rT)=U($8qnE zGtkvGPrd$7qC&>akBGYH&YK|utE;CM0xB#>1lrqjue9YI=@VGteh6rlmX`@@>QlT4 z?zg%XM&~#XcnPtxwP|^VK_D5cJ$jHa`mrrgVCUDf18h~%8 zIncUq(53D|4(}jUp$2#rLA!V^04Ih)+)kDBja1*s(YByzO5{Cu_Eu9Di8{(HOBblieooeu}R z)jrY!0jc%+e*5BmLE%w*Nn@FzEMagCiALJl>^&X^vuBs+=94XAP}%+D)kIUlUyIs2 znm*bBtF;5M!o?;M(N(DpPLroHmUi+?@e2t`~nG_fAOzZTx=FN-z%0{BbT^b@pG(2>#yY0aiosy5n7ABn}Mi`|Y z(;x58PWOBI=sMP)u6~@UcAlq~gS~Atcl{UfuamF9gG^64B}xQ*?=uwnZf+%LnF2xc z?2_l^C()O8;9FBow)h&SdFdJx5DKS}Sd;`{PzH?bCDx^{~&V2(#yws8bzxW>pi~-6PlH zVM}1sA6>BqVwclpQ~O%&$2*=Rq64eDF&yRMtcYb|;tl_BEq8nzCDxNMPquKar_=T) z?}Fd3#J6|NUt)^wtSh=H5VuKb>EFK6V@4lmIh`y?Jn3SUUS;pWIwy7&TW9^tbg?@7 zyK8mGq`DOVeigd>(z~8d<_qqsS?6l$OeWVOy|zwI`(J2R-|qqb$mK=iv5X>AT_@_f zC%tsL*<6xYTMI`$q}{e)Qk`C043qj;ih{j`&gXKR91$0zHYqs-HMqazS`IgtBi&dxbIdv zv9j%=29LUPEneiH#dnkm^aXSjxTt5r(q-E_CI?(j8k_NkCS}%8% z0zn}9l=u@olbDTv&V?HFS=~HDXb;Z!b>FVyqeNk`c%5^H>E9V%9}A}XCjN$fBi(1U zdxquYTC>{j$>&?J7_wvsEl|@9wa+h)FtS{C9Pdt9QAz}GjugxL+67BJ!%|_JkW!kkVT#$7C>efL(9Gb$l z^E%_Eb?{MKP&tm0F4W)$LZ&~tQz>Ucf_g+$j4vQ%^xAGlB}B@Ny)^H?3QT~e$1nJA z69UA@8y?y+1CS7epzg41jM*)UR>m8HihmHd}vdImq9<$k+YSEe@ zxMBIn3wrR)kumYXtxLqXSXi$>^?t^mmU)#`?4O2*lpZZgJ{AYy5&wvyn+=d}SVH@% zsh)G$n7;ba>AZIH0}Go_U$nWh@)W6YDd$lNJ3>2!@X3LCs&NwB*yO>dbubCctn96x zS}reue4(JE9v&Q9(lRjdG9AX_dbt15>8U{5YQwHUEsh*w$zP2mKz!6Qz~B}9oB!UO z?_?-ATz8l5*mUt@=BM3CmJc1vuN|ho<`(WcdlGcY5L3I}AYyx#eC%t!adjo-<}a9k zaDv>Jr^I7)3Ei(-f{gtJL!SaDFbc=XeEJ#frvoC0pO9}@Z}PEN8WQgTR%`UhNyEs zzWa5|kB0xAM zu&B?qzWKkm!0|{+yQW1+=F2H7uPt$wRykq}gU37Y{u@MFIg3YJEcZ58^!W^kn|2OANm@gjLhv(agm@=V8->JV(63@4ecjqs`{${ z(5U=LLPP|EDug%)VmU~0F5OQznL_PLX~5;ScYm?0WYs7am6YPkK7YB|R0|}rHtxQ7 zX^7SIKZF4I%kFfg?P#WSn3n#Z#Sy3v`1=TvlHUZ{MzS_f5T({iyxKtk$x zhRLReDEEAe)>nm}0+5hD&tDlYm$BAF(Kf5BONg}tU93JVNz`ES;)B_qvNq!qGduP( zjhma}jfnUKdMNzrjpT&wR5_F7+$G!H$u_E~wT47L_I^P^z(+EY;H^9({azaG=3G31 z6pca*YI>p51NV&Tw>2pXm^VQsJUoN<2l*iP16)PkGK~?KrxKyA8qyO1 z;jOs*^m^-FCmxTNO~l_^up_7 z@lXIBn(s!148WPK(%}q0(tp4(Y7GemG^1h<#s~f0#)$NQS{4DogoKRR2FTgk#Eqx{ z&)J2Qh-j%G06f-=r+?=x-zI!LN??ZR#~BneQzu}|{+?ExjwXlV5P*X06CW7ZC6_Yj z8r~vI4g;ZYaR1vv$6y3C2}9MsQLiTAlinI^aktIMEGi;G$isWqphP7h&#>v`tyBJ= z<+@w(hNnT=XCcz*=9JRuvPgbpl@>JJA%#VEDU~&~iZXG$lNw1RJV{bBO%_VersshTZ33NN0oIzvpYVLrZbC zBGYoaDz_N6o(>5F!Q9@xT%-^dRasdz;d~QYtJK{N$oew|s1Hw43_PFF6;Te8ZT#gu zI=b4YkdOeBj%(*yijq>%S~MF)HSEU#X(6@P*l>()r1t)BhE@P3SAn>D#1Te8E;2f? z5Ynyfsy+MB2=F;;&9!P!?cGlMU-=+iwo*U2V1JFlR(%YAO3SK5PHny+Z-afPX#TJW z^y;pBvrrUuvwkgJXG0lWZxGerH*r>EpwdPCwCRE&&-X3hOoC zBt^W=0Nv`2r?g)ihPq`ZM*DI%U0*G)0vDlFNc)}E)UpTs0~rOc_UtUDhjK+jWK86u zKBW{rHr+JClhY=?f&MbM`x3!(cs~gr9iWJwJXp@V@LfFzeDB>h1qCljNkhpTAcWzI zuGBwYyRLWCN?)JMYey%GH>Dh1Uq7X^vZ69{%u45(W@;QlixiaA!d`1TVT2AcfDCs% z%__~z!$UZ(Cl1cAbpaYHqtVv$f?j^yCYd?!HtC>zw{Bxt+=Vk9gl8Led1esy%GEUu ztcb}<`@Sr7OzB#z==|^r0gp@aXIu&h3WcH5yT9kb6NdLYw0t9|S3}9K%2Y#2zCtHV z5z73!s0f3lTL3Cu)iEpjt2`xSXsqM)Y26R>OHoYB=H`BQR$%Ve3Y?CLSOR(W2uCpQkYQrFA*&#dnF0plFPEaU4^g3q`}&2! zlLiwD-wOnIcd-by)y{;o@@qU;>#On&}NHg z>2^!RVvCrL2<|e6L=7JN#VPP0cY{6&1h*&Gb-2)F8io>O*A&bsjl(hx%|>TbKwho8 zqg0=%{q+W$6RJ(;Gvfiv=jm?OF?#(Fx|tjq6t?9&POSq@v2D_7#QWy#o10(k+tG;z z(M9i7Rg zv{Tm;z0=b-2+TsJ2u0|&Sz?NKOP-dt+PVO4kO5O zIL2fht3$zc{=P~Gl70RJBJi_Lrq288lfO+)-&&=WP-{KeW!Y>rW;QZBUUebHInU!B zJW0`N>t^sz}gNZAk(sY7@aR=_IWOILmO5aR|@F|P9Nz! zz5VMEK_l2TN7`q^()-OBEiWdC}=^a|$TvXk0E-#74Y>BMouCejwMQ z=(ZMq0yrD*+PPg0G>orrcE2Z*e@^ps?y{k~(_kFG0!8pX1@0n+I7Ghn%+re)*wF_6EtiqVe&5 zl5+U&&M9{wgN1{o?K!Kge)Ndr)}^l^;mW>Do);HeFTz@;dyNfu>#W-eF81Gy!nMU> zmAc_9@3Ugu!Vi)F=XW_UQ| z4m1SuwA9!+o+eOpUO?O`U4GA1T($jTIpDI(nCA)-C2y#?*Ls!(>cfpwh6Jg22mv;# ziAX9|tcBY^z5796j>yovcaC>NP#~AQh;Ur7ql%WA zyo7!x#Mp6d)Hj*xD66@fyMTp|psL^!;E~;^c@snAI;r#RPrz9bW}9EwL4iK77DQGz zlXh#c3GG8F1Xcp!9veEImyM{sg#rR3t#pG{O>GnFupt8-_));GnmTm8ZI7}(W4mv+ zoLAOTr26w`9q5uD*qNvLJqWxS6t35AlWCs>o!00fEz5UXM{uLs8N#qD#zx*1g?!PY zNzg;0Ytu@%jm-%&rj|NZAWYvM{;0R6%n<^c&_kmsvqK01LDhGwu&L}TOaoxjeE#Y6 zJHu?# z_9v9>dfprEg9E@wSxes1sMxG{LZfoVE9Hn~rQaKFY-ECb@VgtO`y}8k;qi-}T0aO%Jpo&-H~y3f&7w;NZwAw#h2PCM^przE*}NcymdD|jh=y_tlU3H ztgK2xOHJ9KBtv7Bp0>*ioN*k-vN4u3VS!~)v8i!+GOX}W!RmjMk&?J$62wAgN%_bd zSLl%F$+NIVlXZ!=YulZLuH7)7zfeADF|#r&s2^81SDj5V6@2*cfs~~u90>aK1A{eA z>}9jcWkp!TE8gD8$T;ihlj6PGSeRvo`%4_nO~Q>bT|Y@;6coO7B8D%9Cs$&X@G)bE zh`?ggYh)9)q^EIdefctpEBTI($DU9ZMnDFiUGmYX-I|TP(YfJ>c!@+mFDjbA@x3=8 zY4erpb+@+im+21~WN&jy9!FQ>aHVH$H=@)cZ#pJq90*5}zGTT0O!*7kHLb58fYx5T zxwqF}BBVlhmMMhs4!(j=&6dCVke_chVaPW1WJ(F+pI>_Z+0u|AdUxX=~9`dkWL^-yNg7yfj)!vsCf^DH42|Q z&XCXSvfC>(RALHe2PQYzvcvGC(!yVt=g78{mBUI;o11Wqw-jZ>MG_qBXPwq(IaYrL z`ZCN1W{$4{9`!>EofpSanaiQ1sYO#xRhh-jKd_by*efeRlbHDB@u#Z@2-PyXPjT`= zGz{nD@$ahlG<4h5%@$R6dkOd+n&o(2y6zbj#kOa{g>wU^H66-&7>b~UwCl^n8}yeS z-#)I3Mo5fEZ-+UksymR|41R4}rwF%=_0@5l3IUSX_ayGyMZW~{${Ho) z&Hi{8qkb|uBl#FELlhpHs8rtH)j`MexRF^c8`orOz$+K8KR+z;sA29FG*^cn z=p#ge+J$o1U18lG&#a5dN)_^ABeQ{?myO8n(_qhC z)I*10pT>!UZMGKGx?7=P*;YAnCDmL3uA`o5cGpf>62TdsN(}ba;TiE0Tadov(O*Mo z=D>l5%{gLO+24+j1|5z03b3xH|GbrQi;C7Ohp|mxItisnFOH0O*)pqCI<&lh5vQd# zv^-bGQ#mB&weNhU5Eer;_ZY7+Jh+|5DQNIWEm-P2tgFcS_c@5sh&ysh_y@V7^|s@Y z%h@c3Hms=_nWO0f^J=&px;j+z`Q&5=N4V|w_(bl+bxrjKT9pn-HejyJPi@9ZG`olU zLlG!mRhbfr@nlBAx>WIe_$QBzh21k@-CpZKkvi<5R(#q(E;}d2Aht5h{s#Vs+dHnF z@df((btaS~F6nQz4Yo(##~#m_MH^M+zHwvv*e41JZ2zAevy~$dOxnc|M<>FD?~%Ar zk4s!6OkcKIU|<-Sb-%{!=QO8o&W&sMNgh-DkobFB{{ttx!Vr&FRkAuX9Ug`H4`}C+ zO|;$FaHgd#n6Z~!%F8v@W3fPa$Nb^L%8f+M=?3g?)xU;_SA*`}pKP@@&r`pS)T_VO zZn~hi7}A`tSPV*=r)0QjU^Kp2m|wdMb!)n{$GWVVqQ74;;L{-d)}-ryCXhyR!GiZ% zJ}I-X;U{cRTKgbuHsSdg;>#tB?KkQ?|?r-O{NXU~lkc zV`+`g`Zm*eXRB5bqr!2|TafhtV+)zPYR(D9P^1t+S7MF25_|(#tlDsO)dDIfifDnr zRsl=eszcSPdQn=gj~LyQEjxE8u+)GM#^p>FgClUAkg=v%$2G%RD)Fbwr7lH1KlO`P z*6l;l+0xX%t;Qly5Vf0b=o{;NPli+kSyxYE<4+If&F9<$T)R=$%cr+>$0AUW{+ZFS z#D{>aM9(nb{C&@9lYT|Lvo8adr12J$m@%wyxhXu^pAD7|B7l4-tyIIu>~9P(6S!tNarGkaN(J>ph=ASftm{vod!0%9WsM0Tx5rqKS?Cv}ZalB2nq z7zC*@vQVNFiy^hwWL>7*Dp+~GPX*1@AYHut`0qM4GDwBh-h-)eVg6_fqmSJ zYOhh&29~M(bY|QdbiR~uL8kgwa$=5s@)npSmI`@rkVxfqP5lV}J1-?1c8L;uQ(W$+ ziGfdi?6!)(OQsh>bzO7B6jjTtd0RbFM15bq#ljadafUnX-A&>mX^(02pH#%`pv(eC zeU;p|60dEC{ty+mHo=Q*^)O#_#3Yfwu`Q!zb>`C~jDOnj#%Ik{#=~QG&+9SI=&{tl zKz44AE^peie0=eF1Cx`b!QFZr#V}hkOFSwn#w@w6#5kN|Dh7XeH&aNuX*Yq#8Ahw! z&`@fZd}jJLjoMjm^UX~L)ifUOA0`E4qV_j5yVKVO7h4>b;j-<8KN|po!9a1~m{C~6qhCTIitnyBJH?a@f@xeOsYIKzyvh*f;fv^RkPX!S{j3j}UFPbS1kTnQ98Oci^#4bUfM z=h2^79o01BrM&KO=+5!H@8vW>Vn%9%@?p&v=qQ|0{<`PFCHGd@35IGsKMN2>G>C zdJZ9QApR^+k{g>gN5*5S!{m3h->N--NozLyqaiFLFOXS&D5=96L*g8)t^LNup!jMy zv4rW{7*m^FeIV|EQO>cv`tWP4in`-P_iaK?Llqm9V>BFpZ}RmbleDMWCWn*INVMd?+YR6Xpm{>Hq* zlC2E>nSnk)fb3$@|4>@B9=|*y2UR|*wR9wC!jS6go3+1wharJX-Z3m~CX`XRjlIxN z9sN|~;aQN2li^~?Yjn#GB>IynoZ#p@xPCg?o6TX_GnW_z-4Ohl#0%byyzze~bdY8G zZ-a^F#D-@(tun;?aSIJE)_#q1S*;P?&DVyhg$Iy=qYLs%N{m#Oi3=ZH!>2fM?ul|K zp#^80Iv7_A)5Y6o{i%s@tomR-XQdkun;k1+HjRQGbz14<(a<&u9E!jxsjFj?@2J9w z3puWj9g@{0hBUr!r(+=P6Abz@348(u1iFm+$pVh!Cqb}R;Plb%Zww6-_ z6Ei~Z#zK$EE9ZN@h4(ZJ)cn#ZO|7c5n~gYz8(8nP&+D(WI_3xC zx4M>aVxu_D3oYIaHjNjJ>dl*$EJswYcIP%GBlEX;+o^T8cPi);l{-k4r;V)HX9VUj zY0IvSclO_$4I0Js8NR0;>Sp6MJ6MYrEy|3>QVx!-KB=l!w$OqRynn=z)8s(|Nz5sY zsUCmq(!g+gZGSaG1`8)PPRhaq2BdQk5-U1JB3im-EQ7lG;078_XTz%tj|Mya&~kA~ z-u+!)v3_0!<*4$Tn{dmO+(=wX|J@5va}?&??QAus8A3dxp4qMxEdW(j=|V2g!&e_~ z%hl5h~Nby^=M`6M@Ou5|m^&ISiN)-*&FuE!D=S2qh?Ch(Ia)krris*wcH z&?6@MLH2z;-i7+wA`Jg)hyW7}Lr!)TN?s&c?M(vvJSGv%+zXD|B=uVsPWE(wQ9(4$ z0*Qahzyh-ewyla|ju-Z@Xp`O8BKKw3Yxao^E^7gC{Ton*&)@xqSBU>Hid|i>K04R; zlaxdr0``r!P38qpq0or=n<|+Mm=o-Y8zWXcHF>C)vjtfAFoQgj(yw*o74;gLn7gt|jIb+&ANa~^gioaNM z74?NfC*F{bYesdi_aCix#a;Y)4_XVbT#n`S!IaTo>jEnzOoo6n35U2b^(OUxWaDh` zP)Z3ZPaZi!$MP~F=VJ&8;@Yvh#N6N6qA_KHCO`l%N*Hu>N-SPF)#@7?w?ua+I}q`- zHhfcp=@}YD>RAdq_Ls+bcusa`MA(wK&77?sTG!5XEQXTWDXvd+MbO&H<{#2h{dxJt ztsSaCMbTN}UQ!DF@2iE*??g#tHS00AqpHFsrbP;m`O`_^p9CuH?fdY;f(qGh-yqlA z)Td`xRmql6!XJKm>HM*Zda(Yt_Tk~^o^AWoQV{wbu6o9X6vNhKzR z1*$LdwvF_*n^O1nxR|FE!}crfr@A1{l$1{C@L`=xGsFpT30fYTavRHqziorn!frPB z3h6L?JiMeNdH8F`V&6+sSu}BkObxLGju-(v`86X`idW&NxBMpfYhjLr(}&d`O(BFM z!O**Kj(Rr*YntvMtqh~@@DhnMA;o~Me)*_?Kw&sEZbAgq7y&mEl&KhO5E=1jE`=8t z!O}ZxI^oZg)FM0YsPEFgy`U`1(z*VHb~-oi`a3Qq>J|Y1TWgb|D9Jp-Nq88icGexk z?a^m_v<60UfO}W&*FIx7VQJbn6y#%tB6Oh!jO{6}lt{pxx$T+1?gtoo{VOEgGhnIX zv72x?ba0FuCjTmXkhk-5{rUvF-(Be8GvDqn5f=ueH~sDt*z6c6)U!}ZPs z(4YP~>}yel;I`azqn$}UiaM4xTZ+$fM9*2s$)TMxfDa8 zEdKWb+UgA5;`7cK@&tZ~tPCL`Y!X%lLwX7$j?4Q7EDnTxLx8C5k`Vof7JCi0N>^wR z1micIA0)(8ra?JG!0J3SXKVJxIxgbb(@f=9I5=&DJ8a^AKbKUcY&3FfE3HBVg#wu( z4J7qBoU zZe!WRDTmAbc|SAL{Tb&IAMuCu&z_bbuSMsLuUvWxzRNQB6&2IlC(Fys$-0>r{~LFV zIw()yzih?dpl|cv4RTV7J&`4+(L!>)=}Tw6BqErKZ0NLqm09c$(VqbBneOjZWLr-~ z3taj9B)#XQ%r>OmSCLQs@b^JWWz&TT-Z3G!mtu#Kv&5@y4ZV(MMt?aMb{ce?tK=}^ z@4w5@&a5g%0bjovZVd+;C>r0bQ7JC2^$`tJdOZ_ex#0kvTDQQO|{F@e;!vb)!l7hIOqWCs_FViJ>VIE=&SN4aJL1lPvscbF>X#Zx|Wbgw)f_ z_W=aNx$znOK)(Rc7ZWS?*Sx4i0(s~%uxWw5gPBZp5XUOQpWM+&7YGg?!9d%{iRpfn zGc$Qvt`sW=!OZ&;-(xO$H$%tb!xbI5tny0{;o_>RZ6U;LT0NHd^egC>H98Htfbcmi zI~67W4TUbcV&+Arv-plS`_|?mkTjgU)a0E#U$iuvofdv8#cV1#Gc3JcTM8lhFNpnV za6p`veM~L9rCakc&NL@5qc|Zohc5D?M^clOFJQHRpYIUkdsQbkWdGjF)fHQM($SV5 zyfTjCk8wHNa$N|tEyz-ak}?qzr$+gKeS(W3uoEe^jz>~JC&9#w&b2R%j_Kw7Suu%q zVih@EPe)5Lj=vHqNPV1UW)agf>9?;LP_ng6oWE&n8SE;K^p2K30;nM6#+@!-p-aAr zwkpJl4%J)reJ9p4}DeeZtPv5vJ6i6`#oy3Xs2`#E01#H}-OJ1M?qtQC3S+1fX7I^&sLwwBhW z$KIgk#Asn+31!lo}19j z_xZ}U6*K83eeZY4sfjXGBtGwl-!_YTk=kC7n$?Rx1M%-B<&43Lt%+QCa@zrWab)9yl6$V^YlW)(t)RGcJ-IA zX*x$lEUHQz{ia(xjKX%F^0WBfqYaS?oRhzI?yURkvZ^MN#g*xx{+5ubVheds6H;$x z)3xE>5?HZ=MQo0nkV_n~#+myTADDxa%EsO+UI~?s7BI?gD>gd~>{EJ)PZ4w)7>k%A zXmNA>IP;U`=>atUJ~g-0!u$Bo+{zngL2-%g9lE_*OcD1kNX~J{5($*RZj=ei+dyjb+l_wVbuGzp7vcm!=h!3OZVKRiAmMVVqeRo>Yu?Ld#-|`0Va1c zPo{iD-?o`z1}@==bZZg}-9W^!1u~wkGm3B(^(UW1hSo=CrOXwUF4l#2P8lEOJ-ztH z(-f~>azKIG`r>6z1e7cNT~7-Ws(m^RZ{9cJjGbIgci4hpE$>&4LS2&CDG&X8rDz3( zs0&gJqThEMrUh1uW{^9!cC7JJ@GLb|(cUTt{o+gK!%#C?21cm#0Ss7*S>L3#rQdqi z?HFqb#o$%uK#R8g+8)9%m79yqQHcIhss>A5TfTC5=VDZJTD7r&`0Pqb!h3~R;&&3s zXN)^MUdeoHN7dTDi?2T35I0wMz#c|RgWoI){yjbOtq^@^+?VTfD>qphEoixas$}!7 zzNBJK5r-tQ`-I-+!G-=on(;gmfDSN-+esN+GWJyB!B|iA-5O$Yn$2xlj*iSfntfn+B`apUbW<+-0DLA zn#T$RV7IupqJ#{FOB^lico`Ar#H6fcaoas@G(Ep9&KL_0;bxUa%EQZVIQXeRQNE*=~wJ+S_uN!UEt%NWCWi;^Yiuh!>eUW<*5 z=?oLly3G@bZ@a+9^DN_WF*vaSsWhEk_K9oLlZ3otT2Q#|M}P~to34Q2t9fUSoxOTq zTyvWaR(O2H#b)0Gl2u!~-@h^@V@D$cd^J#G_xA;k8)mMXH3lUxys}vL7zYl?gsFl; z(qMC8Y1ea(f#wT+YHlWg`y>~NjBe|n=q<*y+S){5awq5iq`;o0ZSrvW9>MpmKxDW7-w9t>C+OBx4ksi63kq3_pCgK|R!aqemdG0{Q6_kK` zwJc+4$ygf0CSu}f=vIlgl3(nC^ zYm-qdhyJ?q>a|tQDNTOhbE~a!S@!mE12Q#<@ZW zr(0sQLb<#3fw_M|tK#U=jPYBNU42;pg0e@wU(5J+a<8;`Px$lGbm<6ZOgo5q;QVb> z2fUQ-n-kLv3prQb#dnHy+wGY14hRTbyhv4Kwbv<%huI2TCob(XyR z4+w522*ZWKs=^zeq0PF%nfG%Irtj5M_GrNcr2g;l2v(cgBTK?Hp!vZU)^g74yfW|g zn_Qp6Yi_}l1_WP++w7W_?akQ9+4;7rZZRpK6gg-#`UeJo4Sm0-F|?O15Z7;;l$EBS zB&IkSW_9S1C2YLDv61Ihxat!%&p>nkXzmnn=_6BxK-w=G)p>JqfXY%nVNe!>Zmw=mZ=Iwq3iBFwQgZ(IIU-D_#rCmLV^g^=8yi% zEbl~ljvHLlvl4>5Cc6)7UH62hTUJ{1yp((M%)}I-wp3A|46)_E)&ow>%qk+;7k0_2 zN8_bs&{7J>H=1o7n?qYUdqFo$ZY;j+f01L3Yuk9c>&9o+uLpO!rKPQYqMgAYgA(pD z?Fo0uqrG3{Dg5Ie%RF7kS{cwPDC<4dqvHz9wyyksMtpIu&(~t%&yeTO%T5$bb?j@i z=jl-1F)^nZxfB+~?UfBSt1}13WnYVKZ^=E#x$v9`Ev)8}x3{C%9&zHk>su0B-M1dt z)yz&T4*|9b0~3-IDPNFSSJ5j`nFDkETcf=LWwL5(^A?J5FPg&?Cz!c-$YA%sn8&xQ*$l9x3qj@^2E#2m6DCIt&srgoDI`hadgZ%+FRjshCFaqvuj#1yW;|KzY zjODn;yq;B4B5OLoa#xp!9&b>BFur+rNn1&%%uBN*^aHa5+gYZ%c~Z50;*RTptMm6( zpZIPB8uz@oQOk(t>vHcZJa$PWEWy}~TL$#H&{?k*>LaH_@8%;#2v?cJr> zigR?qV82Vu#cyrzs&!7_&s4^*`A?^VI=gkwi?_(`^r~a}M;|c|J869`fcBx847jZ` zkl5#RgO?xhny#F;@_trq)e^ey`YDPu;KXv-(sA>@r{z$$l`TTpVX&*P_G(%`&FV)^ z`UUz^s?qeKh@Pg^!mG^>|c>SmSgY&mGb z_gw`M!mau2^YKNtbX|i@3nm`3bv;*K5=xrI$MW*GDt6wz9Jh-Gnq}T00Bb&vMbGz% zeS*U2Dn+ECtE=c}B~ItWVAz=J(`L4k2`tzAh?tyZ=6(h#o>@^w>QY3YaQFE3;^SqD zmMaq?yl-I=1!E2P546-*@!@6eOx7hcXUH)a%o>)RG=|^xwvU@bvXkK{5TLdFWeqnb zsv^v8J(I7n_@H^r9+A#PZtkMPc_Ztv?;c}}T+;%IYYGI7)3~*!=CPB04}sl{Yzi(0 zLD6~nAdk@E?$stjk+Ne&hm>e-6}mS%mh1}O60#Fg(9m7jX->nzZ#}jny#Za&zlwM( z!b#t?;)SW6B=X)BAg`xZ=Sj=N)T|Vc$MW3Q89b63POm#Q4;1h*baY(5!7<%3Px^Am zB?JVnfx*^}iWvVTe;GaYl3&#V0z8M!DHbX%EnP1LW^~|wg~78h^-`{{#2f+V-*j+6 zs#NQq6^RyIp#2R##a}Zt1Z$HT_|Ty~HWo`Rq26XW84mCNd!8Opl zrQ$i_gKQc>}N~WS5SI@=?1ig)>EiysNI}C#_hn?P%iIAJRacYP4Ts$=%$oGt(}J8mJ7)wY)2c4#9})v>5a)H#L4g ztzuvRV5TuIOR&JXe&2Coi?jg$TEkPRV9@QA!(Y0l2QTG*fC`dN**qDzte*3F? zn!qIeV#D;!dOA0Doq+nx^I}R8T3>5LXtzI^h1KCB5Iisj2+6vZSD| zNerfvb0ltY#y+Bzqq5O)G3GVISzVe>6KK{jn;vJE2jpq?BV+#Iz&j#m|2GEa*fVJjlRI4cy^IW#g@)iYHqIl`3tAPUfqAmI}K`Wik zdV;vAQ}k}V<7E@sf+FY-z~t~2+73DXyd3A4Nuofq^`|LBTnW<0Yi`NM?txlFptW_; z2cq1fjuOG>QpudOtOn>IDk@sCFrl~6Ogn5i(DM1(TQ>S-;NLjb*Cskwwwd@cNI1nn zB<_Yvl0aH_Me4%VeAk2K(AGaNK(X~t&|NSvu*IJlD&9Mnb!X|>;HGjaVDpGL$1poq zl$#Ve%TV{n%s=MjiK5+b;{>!8o(@>zZ|l8ea)iGG{@rF zDNvM-CZ0$IGv3lF-&UKJ_x?D!ByYw#iZo#KJXEmuW*)s{rJ$p}j#d-$T;{d*tesP^ z4q`s#y?XQsNJ&+%qbmS`MRB{$POf%uwM_R{4?AMSLkF}R*ZML8U2B@YQ0Uf!jc2RF z^N~>Ul)?qeZPYw!NR?>pgPp7j49A3yUb-mMfss9|?u%nR<^8Jp<>5||NX_X63GLky z`soQp(ajLx^iDN+si1r-ZNL zx$@`U9uY}!3pU-E$|)@z4m0oeHEP=**)AmN)&-Pa;ppp#cmqWJ7NZeLht1e)DZ z`L5YtKN@o12)-FCSKpB&f`OO^5+6|^GqaeV~b$$KE8Kpsx( z^3bUW06Zo|@h1=+MW-X;@U5xM8}BcZdo``lYDBzCJE(8RKr<$_{-lcMjS4`vk?vzk551U_NB;LXH6dslD&QC2o z3CUy64N8C>BF~ujh^f{)&JJU&%f}-SE@bVVyTEaOcx?BXL3al#}CnQ*DXSv9MTZ)3Q%o*2c4WU=_K2IN;bzJ$2HAr~Pfg$pW(ru{y>xz%-d!$b&To5dDdt{omh!`6yX8 z_*A0Dmh732vi1|sRJ+AgI%Tq$?v&Eppmw$J*imCeHTDiU`SP%k-YMRHKhmp52?Uty z1}-JAP};3dxmuBqhRnPm&+1qXT0#T|`Pt z7hlJztg-ew7!B9Q11%3+z4K-b_sB-cNG7nuE0H;$^UI3|76?fCQ$Y3|5=yLF)gcE2 z!eDH<9hJ*wBP8w@#e}*Sl4la$?uDORkr&^Zj_dA)^)dEdArt*rLkLWlFBT4yFJ5dF z84-z&!{I0S<|rw@eGFEdZ50$Z`|Em-xUKUS_+@C<#(sOvNGZo4k}W^d6D{5>%M^pL z+p%l6;?j|ylF`56<+=ApVL^i5P}?_7z=j*sKh%eg6h`>2%! zMuzG7Cr-F&?wq(z>_uSE{#xD2NTpW06|YnW7dt)`RgXP!VBhG)?4IO#{9U>UOa1K; z#Y1_w$Jka1wXBPc2t7@J3L#lE2QD5tLBxqv=hMkv;UXu{$X;QWG z*o^~W>@Xtafa2`o^XHg+8_Ycd6Y|FaW-`6WT%R)j=!|a11C;N$~t zL|Iuix5q_8SGPOj+eP8w5x}aAfK_Q1#BEpZvUnfd=D+<@Uz>$s=&mhE1gr0sbeRwZtA^x|B6^8fy*GHLCS%G)=_o zHjQFg{hl*fXosf@Ic#hoq^}AZd+};K7Pd`)SuYCN z%1jE>jK)XvyPmq@iG<{dvih@*h!p-ii=*8jueD9zKd9L;Jk;K#7yAB~)Jw%J@WsIw zmtQ@58YM2&=>3W(JKF?~0qWcX?&`l3%M+F@j+8R9z+@-__I!*1&rWif|iiv_$P(#|`6F=rQPS~m}x3BCw~9NO(F z-!jd2YcI>`t&I`>LA(5-7sJ%n;c;qp9kb*0AVqVcJx~q5m6uUlX@gt4iyJOPd#?EY zIMjJm7`Y_+>nnun(O6}_E4Qet1gyn1u&bAQHAsU6TBE{-1S~eIZSf?pmVej9$lADX zkDbrVoK6Vy?|%3k%6rM?Ksj6Ry9$~IyHY)@H&0PFcLCF@q%>?xb`dPE;G|c8j%S>f z2HgFt?I{=4m)MMrcv|2JckCFSx@D(g1tmPzX}NSnGQcsf%oco2j|C=&Jbx}_6zVRO)5+qC>%?g>@)_gUVA75cOF zRhF1&nJqbT%&oH3q&cJR$kElM2%YR1wcR8OT$|$L>RG zOaX5-ejttk6P3qS;66!C08)>a8Ja23N2%^szgzCTJ-M9^DZ-p%i7z~oT{eI1fjf|y z<5u|4TSG940o7QCX?zFBr!Ujeq7_!!JRMcnKng!lHMliz0s$5k^DE#ZU+R2GG^+qsRPoQ#`N|%{I>lA}H#BFd?iL-;Ixhv{N*_>}TMLGmr$G zc&e=0H7sjGaP-VAedbXf?ZWzlr95|f^eM43qIxWWgENnCSl}txedw!iY?OqxERP>ILqV3ce7sMyw$+Ot=FE|=w36Wm@xhrQ~IUd z@r@_S4|I&)l314R1TMJ&`{M{9?{bJh_%qyREf9?#wJ-Pd;yX8&xXt9bx0&pfS zTUjU}+Zh&wC(_D&W2Ok~3gIw|KO;SRP->NhUjbbUUIF%XQ(Yy#@-83|4iGAOhwFm? zgZ8%@-qfrO0+&pQ(UE#tU<-qNPYD|cu|giWGvGl2(%8ZtPqsuC zD92{dTtC^?yvZaX`%Inr!1b+#eaBYdnMO&L7e@trZO!ngJ~CrlnV^<l7-ajXXi)phsf z>@dTw9CZxb+l-V`A0c2=aGHa*h$W7%Tul(TWIzwh=&$8ErH`T(#uC1);LNRI<`KO; z&*h@S!hrp8B7B*puAKq=DdobB;CGX;-4&R2n#lPPTiP4B1OymCF=kez#*7At{CgBQ zN5Dsl(9&8suQ#aQxW?O}xFiJatAX|pALJ7`nFRkMN#xu=IFOM_(U%5rGS#B&`jL)` zN_%(K^uk%o%U4E+T1gAq5EPQy`ZwUn3E@Vpsc&d)N2eShxNF}gKEeVc@a;Vm?doM7 z=%zxj6q0(XO96F5;7?#Th-&;dIe2fDdj2b#X{y+wFW|NM05hVz8@U+~9hA9kgM&@S zVT#x2(>+iUwCiB|SXE#2Irtb4@HPTTMPjaf1IJD1b$!n2awnETO9n23vgPPEMuE zeP>s%zZ`M8SUxfxg zIv&kZs;8Iu)KachMd;H8-pR|zNX;+52z&&1=Du3P8#>LUF2M{_@<;3}?QziuyALT* zVO>#ZQ;Jmty_j1l(DS>G-mfhc4zzVUsXuuCtMo*3eaLG`VNEoF!Bmp* z?HT;q)g`QhGOh9Z>!l~BGTu8fiq_-F1bxT=%LN8kk;3DBc7eJR_UGjvCrzrpau8$w zIv2)IJC$%%hTzC@`=y7FQY#%)l@6SWTIga}Li8U$UrY9;+)mSc!_as(EKc_WJl){` zl21#jdT!-FH@Hz577}(3)}ZH&df7(|$%}L@i=xiQK@|Xc)#lkXX?OPMxL86G2rR1R zML%KBPcCL z8xX)iRL0>r6$@VA*xk3rKf+#gg^S!SH!{yebXn6`xR{rv_10g!XvTesEJW>VO>%Zp zIg#JPFN42wcC`&kO7IPRzQn%rwNda6=LKm6G$Ac%v$%K-T8tw4dMC{_W|X`wgypky zZi0Z=#H4B7b>04@v|Ch!U9wJ@8l7b`I!%>Posa+Ju5xHbW2w;pBOsI1Y6P#;C1eT+ z!b8kmD96O>ACgkC<5@M8Tb2kuNKe@6p?O#8okfcIiLcp}8Yn5PTPcm{+=#E8(MnH= zs%ejyl4^6wA2gPhaFg2cje8y1c<#;#B)S>W63RY+t{CwbR{^IWq@RyBrhPt`r81W& z!_zUU#ru@?&^qw8z`6^j-xU{f6v6-CST%r?B)!!BB}pjdSC)xA%I{lf(^obgD=mcFa%w? zVgN)a0CK(}-MtT)zLXmp6)v<3^ASk&I|sv!Sklo9{zL!Q^>xUxVsUFrqkAF2)ydODqtcYE91&Q1@nbauoU|izVWfjyd8Y*YGt#8(IFKX<>)VweD_weIo zRUrO>R7byhFIDnSM87pmQDy}LDYzh| zRJjelH!(aU-Z?I)QXwGFxa>$X7^0t7!jZ*TwPHoQ@u!I}2;tiOwJOYHZt1L8vFik5 za(*t4Qi1C~^vdLt3F9vxY7@?*HJhlitPBHRJPdYmISw!*W-A#w8GMf54Vx9I)2gv!h9!Cu*u;Iz)S?Na~>2~6|EQ}Z4d z{b{|AIm&miDk@?7(7nUSz$$dhZrTy zU3Ka=1}YZ=efu?muh!Za_oulgB^Ar}&rnR5YEFH0A@v4bY>*Ef|l0xn~`Nlz*%bQs@NP} z9DlR+5OXJ+(<7JD|7T!cIwvUj+SRcwU~eS^Mf<)}N>He^ac0HJKXAzUm;DUjexRll zR<73K6d?=5#S!RKyZa#rZ!EA-zk#sHs+! zRTFIERuU0eDvRnilcgl+DB&5TBX=Raqoq^p??ar=u`uxgFd6Ad9m!r~HtVqc`=qGMK8 zmC)V{2n!(keTKBvw5hda>5_!+LzWk9IuGU;&r8A>3N(&9S6*}hl*d|>1>Y|18 zJvNh4bpn+qwIU2Qe}NfpHEnmwSr;6Ccy5VfZdp=*Li7m~k_uPvF5 zQ7Zef>TCDA&d-i^qlK0Z%TB-<*AB1_utUdZDa$W2_DhDr=~)+G@SiV9=+s%kHo!eq zR7+<&5fwOZTYV8*xq`j^=aSjp3iMTk_`W9xw0VP(!{l4FiLjV~Lw_?9Y-16uru7$% z*KNY0T=KWl^H;}NCKRiBhYerf)LfRxW@26$ zQl6gw^9=(3p>et`g0gBSR!1sxK-J@eK_8%iX?1rc!yfpH4HiQ@VG7O^Gl2tW_;AcT z7{W-(N*eD_=~4d!j-+CK-H#zf5T}|IY)t(ZPf`Dx}m;}MJ2tH86kPS)Kg&z>ZlR+)W{7(~T*H$>S z0gXs86B}ET6aVu#SZt<^v*mlzYYAhJ(sEu7H6u7P0Sqi?e>5I{ptAGpAj)|m=5d_1 z6ly_7%L6(*NPV&}%Y6B6|69`Hs}wg4k`*^Pj2vw!Kf7S$up-F zW7>)9Ey*c1s#@QXyU6DSXCmZ2qn|bS9}3yA08Qk>bH#iDJTqS0ou8pUF9_m!LS<~0 zv8UlafsjsMi31%jyD*!{pn*k|*n`aCyGRRKi9ZQTC7(oE-C|jwOmUHKYaKSP0WngH* zpz*r=TfgJT#Nbz0tDO^W(Ev?!(Hr#X+&Z7ZT?-Nb%w9r}@i<6k?H|m@%9{PCt4at# zul7#%(Fi0_yS#e@*{VL6{rfv!M&?a8YHdBZ2j!ar$~XAn2(viEl#Mh?RjBo2z#oSw zIK6aXYG;4L{!lJgI+vX<-sr7vT+3 za937w4HMX6iX=BJvv$Y%wV3P1hp>w_QUjy-AJkwZD8ET%{%ta_*Rvu};E=2PqQEu@ zvcw1lJ=7}$O%(rh18W2m#PtEKDZnrdjOH0RF$z>$tk{CR)IfguY`Z6a-#KvyMYT+7xPN0W2V} zx@B%^gBS0kn$^z?61Fw`B26{EXUn|VYVXbD)l?mW-(T+m|1r7zTUzM}2SguAh|4`S zD~_E$PrUiZ7hNXeXGQ}%sNbhwv^=!A$M|{zV|fi!IJo`G41Ax!H(-9#4ov4gKCX6) z9gmD;DrXiY9DRW(n)YI{_GIh&O+_dDq+5S6q?X9JiZxVPy0gW&eZ2AI7{*o@UV>ic zpw(I%+Whv{3BOb8sfCrkqy@PBLRUVhSN)Y;t!q4@TZd|dU>~!t;&J!UicsAa$P&O# z1R~QB&vRU@X)4pNTX5vWKnudam{EBi@~}zBu}?+L2(Itflr^3Qf+2e7?I%@BHQD3U zV?4K?qWH6785hBWM7wakt4}QFx@z86^uTa^ZtL(XNQ~u-BQ5P~#yQG`9eSiMn8AKY z*_6*U$MF@Tw1g!?aF)nB&Ckwf?vHfzKU~3}&(U=&X5BeYGxZ*rILI97>*>{%#M2QX zEf8;IEBjpfTx$;d?}?cF<1@>DPe4het#dueMx@k7nTyw*Y+j;A*Bd0dqu-;@eQ`fh z{?>xkmSYZJ%Ycu}i0Ym7#`Sr|wxbfKqg+*t4Slo3)}OFzGAx%*l1oWlqkYoT{kgtX z>IgySo#e$FLaS9MCi{))#RH;PO8WSH9%&+~XAfkrp3*t*XWHs!O;-QCm5DN8ZC#wP z?-xCJby|_A(8SgopOs*4^o}RiZdpc)X_S||W^JZ?eZy%oXN!Dn(22adz^i(DJr~zB zvXVP`GWMO0AinB20)hAxFXa9Tdm-8;D(_}?wdX;}ffXK6wDc>7BG3ed<++rLq|^1- zYs^8{q4E362?hZ?p0%Bi6~?NT6AKm!9yk5&?JdW*=kXPh!Vg2JUI?~0VcdJ@;np14 z8Q0WT#mKZ~XE(W>t{X6|C3-1fq|9Sv5ZBhu9l+Bx1oro#n#msA?8d@mzdR#q^G|Kf z?(+q~Fp=)9&72V0Rb12ma{FnziFG`1y6_*YF6w`BalcdWx6h{Dh->EV1J* z*QFb~nNrmTzf*PD_$Jq_KqjwBQStrlb$M$q(K5H$HnErq&m)6)aW_x*SNQ&Zr@w#L zG+Xx#zIH(u!l5Hn`2=0css8l`#PV?#ioZTB8Pam%uMf^$#sBqx1d*TU-yhujKle+1 zV9h9g9y!dc)|*6A&6g*Czq6bC#`BrvukX-{Ot|Z4s9pWa v3gF6UAk*S-QL_!>Uw`$QMj%E`727qzMj9+IIrHSN%lG7w!o%GAdfxvFWdK4M literal 0 HcmV?d00001 diff --git a/ee/ucp/admin/install/system-requirements.md b/ee/ucp/admin/install/system-requirements.md index c8163adf9a..3822c99c2c 100644 --- a/ee/ucp/admin/install/system-requirements.md +++ b/ee/ucp/admin/install/system-requirements.md @@ -13,8 +13,7 @@ Before installing, be sure your infrastructure has these requirements. You can install UCP on-premises or on a cloud provider. Common requirements: -* [Docker EE Engine](/ee/supported-platforms.md) version 18.09.0-ee-8; - values of `n` in the `-ee-` suffix must be 8 or higher +* [Docker EE Engine](/ee/supported-platforms.md) version {{ site.docker_ee_version }} * Linux kernel version 3.10 or higher * A static IP address @@ -22,6 +21,7 @@ You can install UCP on-premises or on a cloud provider. Common requirements: * 8GB of RAM for manager nodes * 4GB of RAM for worker nodes +* 2 vCPUs for manager nodes * 4GB of free disk space for the `/var` partition for manager nodes * 500MB of free disk space for the `/var` partition for worker nodes From 507b26a44d6b43cc46b68bddca6ca1479c573c8f Mon Sep 17 00:00:00 2001 From: L-Hudson <44844738+L-Hudson@users.noreply.github.com> Date: Fri, 18 Jan 2019 10:06:52 -0500 Subject: [PATCH 181/361] Update end-to-end-install.md editorial crx for clarity, OK'd with @ollypom --- ee/end-to-end-install.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ee/end-to-end-install.md b/ee/end-to-end-install.md index def8911379..16237c4d65 100644 --- a/ee/end-to-end-install.md +++ b/ee/end-to-end-install.md @@ -11,8 +11,8 @@ The best way to try Docker Enterprise Edition for yourself is to get the [30-day trial available at the Docker hub](https://hub.docker.com/editions/enterprise/docker-ee-trial/trial). Once you get your trial license, you can install Docker Enterprise's Universal -Control Plane and Docker Trusted Regsitry on Linux Servers, Windows Servers -can be used as Universal Control Plane Worker Nodes. +Control Plane and Docker Trusted Regsitry on Linux Servers. Windows Servers +can only be used as Universal Control Plane Worker Nodes. Learn more about the Universal Control Plane's system requirements [here](ucp/admin/install/system-requirements.md). Also, make sure the hosts are From cd7f8e5246cb309f9535e1970334d9f8777bfae1 Mon Sep 17 00:00:00 2001 From: Adzim Zul Fahmi Date: Fri, 18 Jan 2019 22:55:50 +0700 Subject: [PATCH 182/361] fixing typo --- compose/reference/port.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose/reference/port.md b/compose/reference/port.md index 96051ba507..1892210b0a 100644 --- a/compose/reference/port.md +++ b/compose/reference/port.md @@ -1,5 +1,5 @@ --- -description: Prints the public port for a port binding.s +description: Prints the public port for a port bindings. keywords: fig, composition, compose, docker, orchestration, cli, port title: docker-compose port notoc: true From e96592a6e5dc18a9191addcbb34aaf12d6f56eae Mon Sep 17 00:00:00 2001 From: Olly P Date: Fri, 18 Jan 2019 16:05:48 +0000 Subject: [PATCH 183/361] Updated Content Trust Automation Doc --- engine/security/trust/content_trust.md | 141 ++++++++++++++-------- engine/security/trust/trust_automation.md | 94 ++++++++++----- 2 files changed, 152 insertions(+), 83 deletions(-) diff --git a/engine/security/trust/content_trust.md b/engine/security/trust/content_trust.md index f162bc2b58..bcbb561ac2 100644 --- a/engine/security/trust/content_trust.md +++ b/engine/security/trust/content_trust.md @@ -15,20 +15,19 @@ channel. ## About trust in Docker Docker Content Trust (DCT) allows operations with a remote Docker registry to -enforce client-side and signing and verification of image tags. DCT provides the -ability to use digital signatures for data sent to and received from remote -Docker registries. These signatures allow client-side or runtime verification of the -integrity and publisher of specific image tags. +enforce client-side signing and runtime verification of image tags. DCT provides +the ability to use digital signatures for data sent to and received from remote +Docker registries. These signatures allow client-side or runtime verification of +the integrity and publisher of specific image tags. Through DCT image publishers can sign their images. Image consumers can ensure that the images they use are signed. Publishers and consumers can either be -individuals or organizations. DCT supports users and automated processes -such as builds. +individuals or organizations. DCT supports individual users / teams as well as +automated processes such as [builds and pipelines](trust_automation.d). -When you use DCT, signing occurs on the client when you use `$ docker push` or -`$ docker trust sign` and could happen on the client through `$ docker pull`, -through the engine on `$ docker run`, or through Docker Enterprise's Universal -Control Plane. +When you use DCT, signing occurs on the client through the `$ docker push` or +`$ docker trust sign` commands and verification can happen through the client, +the engine, or through Docker Enterprise's Universal Control Plane. ### Image tags and DCT @@ -110,39 +109,54 @@ read how to [manage keys for DCT](trust_key_mng.md). Within the Docker CLI we can sign and push a container image with the `$ docker trust` command syntax. This is built on top of the Notary feature -set, more information on notary can be found [here](/notary/getting_started/). +set, more information on Notary can be found [here](/notary/getting_started/). A pre-requisite for signing an image is a Docker Registry with a Notary server -attached (Such as the Docker Hub or the Docker Trusted Registry). Instructions -for standing up a self hosted environment can be found [here](/engine/security/trust/deploying_notary/). +attached (Such as the Docker Hub or Docker Trusted Registry). Instructions for +standing up a self hosted environment can be found [here](/engine/security/trust/deploying_notary/). -Secondly to sign a Docker Image you wil need a Deletegation private key, and a -x509 certificate public key. Instructions on creating this can be -found [here](/engine/security/trust/trust_delegation/#generating-delegation-keys). +Secondly to sign a Docker Image you will need a Deletegation's key pair. These +can either be generated locally using `$ docker trust key generate`, generated +by a certificate authity as discussed +[here](/engine/security/trust/trust_delegation/#generating-delegation-keys). Alternatively if you are using Docker Enterprise's Universal Control Plane, a user's [Client Bundle](ee/ucp/user-access/cli/#download-client-certificates) provides adequate keys for a delegation. The `cert.pem` being the public delegation key, the `key.pem` as the private delegation key. -Firstly we will need to add the delegation's public key to the notary server, -these are specific to a particular image repository (In Notary known as a GUN). +First we will add the delegation's private key to the local docker trust +repository. (By default this is stored in `~/.docker/trust/`). If you are +generating with the key with `$ docker trust key generate` is it automatically +added to the store. If you are importing a seperate key, such as one from +the Universal Control Plane you will need to use the `$ docker trust key load` +command. ``` -$ docker trust signer add --key delegation.crt jeff dtr.example.com/admin/demo +$ docker trust key generate jeff +Generating key for jeff... +Successfully generated and loaded private key. Corresponding public key available: /home/ubuntu/Documents/mytrustdir/jeff.pub +``` + +Or if you have an existing key: + +``` +$ docker trust key load key.pem --name jeff +Loading key from "delegation.key"... +Enter passphrase for new jeff key with ID 8ae710e: +Repeat passphrase for new jeff key with ID 8ae710e: +Successfully imported key from delegation.key +``` + +Next we will need to add the delegation's public key to the Notary server, +this specific to a particular image repository (In Notary known as a Global +Unique Name (GUN)). + +``` +$ docker trust signer add --key cert.pem jeff dtr.example.com/admin/demo Adding signer "jeff" to dtr.example.com/admin/demo... Enter passphrase for new repository key with ID 10b5e94: ``` -Next we will need to add the delegation's private key to the local docker trust -repository. (By default this is stored in `~/.docker/trust/`) - -``` -$ docker trust key load delegation.key -Loading key from "delegation.key"... -Enter passphrase for new signer key with ID 8ae710e: -Repeat passphrase for new signer key with ID 8ae710e: -Successfully imported key from delegation.key -``` Finally we will use the delegation private key to sign a particular tag and push it up to the registry. @@ -194,6 +208,15 @@ Administrative keys for dtr.example.com/admin/demo:1 Root Key: 84ca6e4416416d78c4597e754f38517bea95ab427e5f95871f90d460573071fc ``` +Remote Trust data for a tag can be removed by the `$ docker trust revoke` command: + +``` +$ docker trust revoke dtr.example.com/admin/demo:1 +Enter passphrase for signer key with ID 8ae710e: +Successfully deleted signature for dtr.example.com/admin/demo:1 +``` + + ## Runtime Enforcement with Docker Content Trust > Note this only applies to Docker Enterprise Engine 18.09 or newer. This @@ -201,12 +224,13 @@ Administrative keys for dtr.example.com/admin/demo:1 > [Universal Control Plane](/ee/ucp/admin/configure/run-only-the-images-you-trust/) Docker Content Trust within the Docker Enterprise Engine prevents a user from -starting a container from an image of an unknown source, it will also prevent a -user from building a container image, from an unknown base layer. Docker can -provide this enforcement on its Official Docker Images, found on the [Docker -Hub](https://hub.docker.com/search?image_filter=official&type=image), or on -User Signed images, assuming they are stored in a private registry with signing -data stored within an attached [Notary Server](/engine/security/trust/deploying_notary/) +using container image from an unknown source, it will also prevent a +user from building a container image, from a base layer from an unknown source. +Docker provides signatures on its Official Docker Images, found on the [Docker +Hub](https://hub.docker.com/search?image_filter=official&type=image), or a User +can sign an image with the commands [above](#signing-images-with-docker-content-trust) +, assuming they are stored in a private registry with signing data stored +within an attached [Notary Server](/engine/security/trust/deploying_notary/) (Such as the Docker Trusted Registry). Engine Signature Verification prevents the following: @@ -222,12 +246,12 @@ unsigned images from being imported, loaded, or created. ### Enabling DCT within the Docker Enterprise Engine DCT is controlled by the Docker Engine's configuration file. By default this is -found at `/etc/docker/daemon.json`. For more details on this file head to the -[reference](/engine/reference/commandline/dockerd/#daemon-configuration-file) +found at `/etc/docker/daemon.json`. For more details on this file can be found +[here](/engine/reference/commandline/dockerd/#daemon-configuration-file) The `content-trust` flag is expecting 2 variables, a `mode` variable instructing -the engine to enforce signed images or not, and a set of image signatures -contolled via the `trust-pinning` variable. +the engine whether to enforce signed images, and a `trust-pinning` variable +instructing the engine which sources to trust. `Mode` can take 3 variables: @@ -249,8 +273,8 @@ in the container not starting. ### Official Docker Images All official Docker library images found on the Docker Hub are signed by the -same notary root key. This root key has been embedded inside of the Docker -Enterprise Engine. Therefore to enforce that only official images are used. +same Notary root key. This root key's ID has been embedded inside of the Docker +Enterprise Engine. Therefore to enforce that only official Docker images are used. Specify: ``` @@ -297,13 +321,13 @@ $ grep -r "root" ~/.docker/trust/private } ``` -* Notary Root key ID (DCT certitifcate ID) is an ID that describes the same, but +* Notary Root key ID (DCT Certitifcate ID) is an ID that describes the same, but the ID is unique per repository. i.e `mydtr/user1/image1` and `mydtr/usr1/image2` will have unique certitificate IDs. A certificate ID can be retrieved via a -`$ docker trust inspect` command and confusingly is labelled as a root-key. -This is designed for when different users are signing their own repositories, -i.e. there is no central signing server. As a cert-id is more granular, it would -take priority if a conflict occurs over a root ID. +`$ docker trust inspect` command is labelled as a root-key (referring back +to Notary). This is designed for when different users are signing their own +repositories, i.e. there is no central signing server. As a cert-id is more +granular, it would take priority if a conflict occurs over a root ID. ``` # Retrieving Cert ID @@ -357,11 +381,17 @@ trust cached signature data. This is done through the } ``` -### Client Enforcement with Docker Content Trust +## Client Enforcement with Docker Content Trust -When DCT is enabled, `docker` CLI commands that operate on tagged images must -either have content signatures or explicit content hashes. The commands that -operate with DCT are: +> Note this is supported on Docker CE and Enterprise Engine newer than 17.03 + +Currently, content trust is disabled by default in the Docker Client. To enable +it, set the `DOCKER_CONTENT_TRUST` environment variable to `1`. This prevents +Users from working with tagged images unless they contain a signature. + +When DCT is enabled in the Docker client, `docker` CLI commands that operate on +tagged images must either have content signatures or explicit content hashes. +The commands that operate with DCT are: * `push` * `build` @@ -373,10 +403,17 @@ For example, with DCT enabled a `docker pull someimage:latest` only succeeds if `someimage:latest` is signed. However, an operation with an explicit content hash always succeeds as long as the hash exists: -```bash -$ docker pull someimage@sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a ``` +$ docker pull dtr.example.com/user/image:1 +Error: remote trust data does not exist for dtr.example.com/user/image: dtr.example.com does not have trust data for dtr.example.com/user/image +$ docker pull dtr.example.com/user/image@sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a +sha256:ee7491c9c31db1ffb7673d91e9fac5d6354a89d0e97408567e09df069a1687c1: Pulling from user/image +ff3a5c916c92: Pull complete +a59a168caba3: Pull complete +Digest: sha256:ee7491c9c31db1ffb7673d91e9fac5d6354a89d0e97408567e09df069a1687c1 +Status: Downloaded newer image for dtr.example.com/user/image@sha256:ee7491c9c31db1ffb7673d91e9fac5d6354a89d0e97408567e09df069a1687c1 +``` ## Related information diff --git a/engine/security/trust/trust_automation.md b/engine/security/trust/trust_automation.md index 8f57196193..c2c721eb0e 100644 --- a/engine/security/trust/trust_automation.md +++ b/engine/security/trust/trust_automation.md @@ -4,42 +4,73 @@ keywords: trust, security, docker, documentation, automation title: Automation with content trust --- -Your automation systems that pull or build images can also work with trust. Any automation environment must set `DOCKER_CONTENT_TRUST` either manually or in a scripted fashion before processing images. +It is very common for Docker Content Trust to be built into existing automation +systems. To allow tools to wrap docker and push trusted content, there are +environment variables that can be passed through to the client. -## Bypass requests for passphrases - -To allow tools to wrap docker and push trusted content, there are two -environment variables that allow you to provide the passphrases without an -expect script, or typing them in: - - - `DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE` - - `DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE` - -Docker attempts to use the contents of these environment variables as passphrase -for the keys. For example, an image publisher can export the repository `target` -and `snapshot` passphrases: - -```bash -$ export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="u7pEQcGoebUHm6LHe6" -$ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="l7pEQcTKJjUHm6Lpe4" -``` - -Then, when pushing a new tag the Docker client does not request these values but signs automatically: - -```bash -$ docker push docker/trusttest:latest -The push refers to a repository [docker.io/docker/trusttest] (len: 1) -a9539b34a6ab: Image already exists -b3dbab3810fc: Image already exists -latest: digest: sha256:d149ab53f871 size: 3355 -Signing and pushing trust metadata -``` +This guide follows the steps as [here](content_trust/#signing-images-with-docker-content-trust) +so please read that and understand the pre-requisites. When working directly with the Notary client, it uses its [own set of environment variables](/notary/reference/client-config.md#environment-variables-optional). +## Adding a Delegation's Private Key + +To automate importing a Delegation's Private to the local Docker trust store, we +need to pass a passphrase for the new key. This passphase will be required +everytime that delegator signs a tag. + +``` +$ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="mypassphase123" + +$ docker trust key load delegation.key --name jeff +Loading key from "delegation.key"... +Successfully imported key from delegation.key +``` + +## Adding a Delegation's Public Key + +To automate the addition of a new delegator to the Repository, we need to pass +the passphrases for the workstations Root Key (Notary Canonical Root Key ID) and +the image repositories passphase (Notary Root key ID). + +``` +# Export the Local Root Key Passphrase +$ export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="rootpassphrase123" + +# Export the Repository Passphase +$ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="repopassphrase123" + +# Initialise Repo and Push Delegation +$ docker trust signer add --key delegation.crt jeff dtr.example.com/admin/demo +Adding signer "jeff" to dtr.example.com/admin/demo... +Initializing signed repository for dtr.example.com/admin/demo... +Successfully initialized "dtr.example.com/admin/demo" +Successfully added signer: dtr.example.com/admin/demo +``` + +## Signing an Image + +Finally when signing an image, we will need to export the passphrase of the +signing key. This was created when the key was loaded into the local Docker +Store with `$ docker trust key load`. + +``` +$ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="mypassphase123" + +$ docker trust sign dtr.example.com/admin/demo:1 +Signing and pushing trust data for local image dtr.example.com/admin/demo:1, may overwrite remote trust data +The push refers to repository [dtr.example.com/admin/demo] +428c97da766c: Layer already exists +2: digest: sha256:1a6fd470b9ce10849be79e99529a88371dff60c60aab424c077007f6979b4812 size: 524 +Signing and pushing trust metadata +Successfully signed dtr.example.com/admin/demo:1 +``` + ## Building with content trust -You can also build with content trust. Before running the `docker build` command, you should set the environment variable `DOCKER_CONTENT_TRUST` either manually or in a scripted fashion. Consider the simple Dockerfile below. +You can also build with content trust. Before running the `docker build` command, +you should set the environment variable `DOCKER_CONTENT_TRUST` either manually or +in a scripted fashion. Consider the simple Dockerfile below. ```Dockerfile FROM docker/trusttest:latest @@ -60,7 +91,8 @@ a9539b34a6ab: Pull complete Digest: sha256:d149ab53f871 ``` -If content trust is enabled, building from a Dockerfile that relies on tag without trust data, causes the build command to fail: +If content trust is enabled, building from a Dockerfile that relies on tag +without trust data, causes the build command to fail: ```bash $ docker build -t docker/trusttest:testing . From 790432958ee4caa6f7a3f24377c1737915b00205 Mon Sep 17 00:00:00 2001 From: "Stuart C. Robinson" Date: Fri, 18 Jan 2019 11:26:16 -0500 Subject: [PATCH 184/361] extraneous 'a' in *Build the app*, replace: `if you want to use the a shorter option` with `if you want to use the shorter option` --- get-started/part2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/get-started/part2.md b/get-started/part2.md index 23f9652b25..d2903a4359 100644 --- a/get-started/part2.md +++ b/get-started/part2.md @@ -156,7 +156,7 @@ Dockerfile app.py requirements.txt ``` Now run the build command. This creates a Docker image, which we're going to -name using the `--tag` option. Use `-t` if you want to use the a shorter option. +name using the `--tag` option. Use `-t` if you want to use the shorter option. ```shell docker build --tag=friendlyhello . From 24faf7d265a9da30d0443d43f8e187216dd1dd6f Mon Sep 17 00:00:00 2001 From: Trapier Marshall Date: Fri, 18 Jan 2019 14:27:08 -0500 Subject: [PATCH 185/361] interlock service cluster fixes Technical: - Fix: need four loadbalancer nodes because there are two proxy replicas per service cluster and the proxies publish in host port publish mode - Fix: Interlock core service crashes without `ProxyReplicas` specified in the config - Fix: image `docker/interlock` does not exist - Fix: indicate testing commands should be run with access to swarmkit api for IP lookup - Improve: renamed interlock network to match what UCP default interlock network - Improve: Changed PublishedPort and PublishedSSLPort to avoid conflicts with default UCP and DTR ports Style: - None Signed-off-by: Trapier Marshall --- ee/ucp/interlock/usage/service-clusters.md | 39 ++++++++++++---------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/ee/ucp/interlock/usage/service-clusters.md b/ee/ucp/interlock/usage/service-clusters.md index 7dc8679960..ddeed8076b 100644 --- a/ee/ucp/interlock/usage/service-clusters.md +++ b/ee/ucp/interlock/usage/service-clusters.md @@ -7,7 +7,7 @@ keywords: ucp, interlock, load balancing In this example we will configure an eight (8) node Swarm cluster that uses service clusters to route traffic to different proxies. There are three (3) managers -and five (5) workers. Two of the workers are configured with node labels to be dedicated +and five (5) workers. Four of the workers are configured with node labels to be dedicated ingress cluster load balancer nodes. These will receive all application traffic. This example will not cover the actual deployment of infrastructure. @@ -17,15 +17,18 @@ getting a Swarm cluster deployed. ![Interlock Service Clusters](interlock_service_clusters.png) -We will configure the load balancer worker nodes (`lb-00` and `lb-01`) with node labels in order to pin the Interlock Proxy -service. Once you are logged into one of the Swarm managers run the following to add node labels -to the dedicated ingress workers: +We will configure four load balancer worker nodes (`lb-00` through `lb-03`) with node labels in order to pin the Interlock Proxy +service for each Interlock service cluster. Once you are logged into one of the Swarm managers run the following to add node labels to the dedicated ingress workers: ```bash $> docker node update --label-add nodetype=loadbalancer --label-add region=us-east lb-00 lb-00 -$> docker node update --label-add nodetype=loadbalancer --label-add region=us-west lb-01 +$> docker node update --label-add nodetype=loadbalancer --label-add region=us-east lb-01 lb-01 +$> docker node update --label-add nodetype=loadbalancer --label-add region=us-west lb-02 +lb-02 +$> docker node update --label-add nodetype=loadbalancer --label-add region=us-west lb-03 +lb-03 ``` You can inspect each node to ensure the labels were successfully added: @@ -34,7 +37,7 @@ You can inspect each node to ensure the labels were successfully added: {% raw %} $> docker node inspect -f '{{ .Spec.Labels }}' lb-00 map[nodetype:loadbalancer region:us-east] -$> docker node inspect -f '{{ .Spec.Labels }}' lb-01 +$> docker node inspect -f '{{ .Spec.Labels }}' lb-02 map[nodetype:loadbalancer region:us-west] {% endraw %} ``` @@ -56,11 +59,12 @@ PollInterval = "3s" ProxyArgs = [] ProxyServiceName = "ucp-interlock-proxy-us-east" ProxyConfigPath = "/etc/nginx/nginx.conf" + ProxyReplicas = 2 ServiceCluster = "us-east" PublishMode = "host" - PublishedPort = 80 + PublishedPort = 8080 TargetPort = 80 - PublishedSSLPort = 443 + PublishedSSLPort = 8443 TargetSSLPort = 443 [Extensions.us-east.Config] User = "nginx" @@ -81,11 +85,12 @@ PollInterval = "3s" ProxyArgs = [] ProxyServiceName = "ucp-interlock-proxy-us-west" ProxyConfigPath = "/etc/nginx/nginx.conf" + ProxyReplicas = 2 ServiceCluster = "us-west" PublishMode = "host" - PublishedPort = 80 + PublishedPort = 8080 TargetPort = 80 - PublishedSSLPort = 443 + PublishedSSLPort = 8443 TargetSSLPort = 443 [Extensions.us-west.Config] User = "nginx" @@ -100,14 +105,14 @@ PollInterval = "3s" EOF oqkvv1asncf6p2axhx41vylgt ``` -Note that we are using "host" mode networking in order to use the same ports (`80` and `443`) in the cluster. We cannot use ingress +Note that we are using "host" mode networking in order to use the same ports (`8080` and `8443`) in the cluster. We cannot use ingress networking as it reserves the port across all nodes. If you want to use ingress networking you will have to use different ports for each service cluster. Next we will create a dedicated network for Interlock and the extensions: ```bash -$> docker network create -d overlay interlock +$> docker network create -d overlay ucp-interlock ``` Now we can create the Interlock service: @@ -116,10 +121,10 @@ Now we can create the Interlock service: $> docker service create \ --name ucp-interlock \ --mount src=/var/run/docker.sock,dst=/var/run/docker.sock,type=bind \ - --network interlock \ + --network ucp-interlock \ --constraint node.role==manager \ --config src=com.docker.ucp.interlock.conf-1,target=/config.toml \ - {{ page.ucp_org }}/interlock:{{ page.ucp_version }} run -c /config.toml + {{ page.ucp_org }}/ucp-interlock:{{ page.ucp_version }} run -c /config.toml sjpgq7h621exno6svdnsvpv9z ``` @@ -177,13 +182,13 @@ Only the service cluster that is designated will be configured for the applicati will not be configured to serve traffic for the `us-west` service cluster and vice versa. We can see this in action when we send requests to each service cluster. -When we send a request to the `us-east` service cluster it only knows about the `us-east` application (be sure to ssh to the `lb-00` node): +When we send a request to the `us-east` service cluster it only knows about the `us-east` application. This example uses IP address lookup from the swarm API, so ssh to a manager node or configure your shell with a UCP client bundle before testing: ```bash {% raw %} -$> curl -H "Host: demo-east.local" http://$(docker node inspect -f '{{ .Status.Addr }}' lb-00)/ping +$> curl -H "Host: demo-east.local" http://$(docker node inspect -f '{{ .Status.Addr }}' lb-00):8080/ping {"instance":"1b2d71619592","version":"0.1","metadata":"us-east","request_id":"3d57404cf90112eee861f9d7955d044b"} -$> curl -H "Host: demo-west.local" http://$(docker node inspect -f '{{ .Status.Addr }}' lb-00)/ping +$> curl -H "Host: demo-west.local" http://$(docker node inspect -f '{{ .Status.Addr }}' lb-00):8080/ping 404 Not Found From f6ab0cb105d8052652039233f0f1a69e11127cdc Mon Sep 17 00:00:00 2001 From: Trapier Marshall Date: Wed, 16 Jan 2019 10:23:39 -0500 Subject: [PATCH 186/361] ucp: support dump running version Use a bash shell variable to run support dump at the same revision as the cluster is running. This is a copy-paste convenience for users in offline environments that might not be running the latest version. Signed-off-by: Trapier Marshall --- datacenter/ucp/2.2/guides/get-support.md | 3 ++- datacenter/ucp/3.0/guides/get-support.md | 3 ++- ee/get-support.md | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/datacenter/ucp/2.2/guides/get-support.md b/datacenter/ucp/2.2/guides/get-support.md index dcb0a870a7..084e00372d 100644 --- a/datacenter/ucp/2.2/guides/get-support.md +++ b/datacenter/ucp/2.2/guides/get-support.md @@ -34,11 +34,12 @@ support dump: To get the support dump from the CLI, use SSH to log into a node and run: ```none +UCP_VERSION=$((docker container inspect ucp-proxy --format {% raw %}'{{index .Config.Labels "com.docker.ucp.version"}}'{% endraw %} 2>/dev/null || echo -n {{ page.ucp_version }})|tr -d [[:space:]]) docker container run --rm \ --name ucp \ -v /var/run/docker.sock:/var/run/docker.sock \ --log-driver none \ - {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} \ + {{ page.ucp_org }}/{{ page.ucp_repo }}:${UCP_VERSION} \ support > \ docker-support-${HOSTNAME}-$(date +%Y%m%d-%H_%M_%S).tgz ``` diff --git a/datacenter/ucp/3.0/guides/get-support.md b/datacenter/ucp/3.0/guides/get-support.md index dcb0a870a7..084e00372d 100644 --- a/datacenter/ucp/3.0/guides/get-support.md +++ b/datacenter/ucp/3.0/guides/get-support.md @@ -34,11 +34,12 @@ support dump: To get the support dump from the CLI, use SSH to log into a node and run: ```none +UCP_VERSION=$((docker container inspect ucp-proxy --format {% raw %}'{{index .Config.Labels "com.docker.ucp.version"}}'{% endraw %} 2>/dev/null || echo -n {{ page.ucp_version }})|tr -d [[:space:]]) docker container run --rm \ --name ucp \ -v /var/run/docker.sock:/var/run/docker.sock \ --log-driver none \ - {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} \ + {{ page.ucp_org }}/{{ page.ucp_repo }}:${UCP_VERSION} \ support > \ docker-support-${HOSTNAME}-$(date +%Y%m%d-%H_%M_%S).tgz ``` diff --git a/ee/get-support.md b/ee/get-support.md index 00db9c5bff..d256fc1191 100644 --- a/ee/get-support.md +++ b/ee/get-support.md @@ -35,11 +35,12 @@ To get the support dump from the Web UI: To get the support dump from the CLI, use SSH to log into a node and run: ```bash +UCP_VERSION=$((docker container inspect ucp-proxy --format {% raw %}'{{index .Config.Labels "com.docker.ucp.version"}}'{% endraw %} 2>/dev/null || echo -n {{ page.ucp_version }})|tr -d [[:space:]]) docker container run --rm \ --name ucp \ -v /var/run/docker.sock:/var/run/docker.sock \ --log-driver none \ - {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} \ + {{ page.ucp_org }}/{{ page.ucp_repo }}:${UCP_VERSION} \ support > \ docker-support-${HOSTNAME}-$(date +%Y%m%d-%H_%M_%S).tgz ``` From fbafb4915e0cff95aaaae92145e01e2476b499ce Mon Sep 17 00:00:00 2001 From: justin Date: Fri, 18 Jan 2019 16:15:26 -0500 Subject: [PATCH 187/361] multi-service containers one solution for spawning helper processes that interact with a primary process before ultimately putting the primary process back in the foreground --- config/containers/multi-service_container.md | 35 ++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/config/containers/multi-service_container.md b/config/containers/multi-service_container.md index 885838df2d..3c04a19f8c 100644 --- a/config/containers/multi-service_container.md +++ b/config/containers/multi-service_container.md @@ -83,6 +83,41 @@ this in a few different ways. CMD ./my_wrapper_script.sh ``` +- If you have one main process that needs to start first and stay running but + you temporarily need to run some other processes (perhaps to interact with + the main process) then you can use bash's job control to facilitate that. + First, the wrapper script: + + + ```bash + #!/bin/bash + + # turn on bash's job control + set -m + + # Start the primary process and put it in the background + ./my_main_process & + + # Start the helper process + ./my_helper_process + + # the my_helper_process might need to know how to wait on the + # primary process to start before it does its work and returns + + + # now we bring the primary process back into the foreground + # and leave it there + fg %1 + ``` + + ```conf + FROM ubuntu:latest + COPY my_main_process my_main_process + COPY my_helper_process my_helper_process + COPY my_wrapper_script.sh my_wrapper_script.sh + CMD ./my_wrapper_script.sh + ``` + - Use a process manager like `supervisord`. This is a moderately heavy-weight approach that requires you to package `supervisord` and its configuration in your image (or base your image on one that includes `supervisord`), along with From dd068472d6fb55fcb90299082517cbb3044c76b4 Mon Sep 17 00:00:00 2001 From: Istvan Tapai <997297+itapai@users.noreply.github.com> Date: Sat, 19 Jan 2019 05:09:27 +0100 Subject: [PATCH 188/361] fix typo --- network/overlay.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/overlay.md b/network/overlay.md index 8b476c2d3d..c3e75a04d7 100644 --- a/network/overlay.md +++ b/network/overlay.md @@ -265,7 +265,7 @@ this for each node joining the swarm. ### Attach a standalone container to an overlay network -The `ingress` network is create without the `--attachable` flag, which means +The `ingress` network is created without the `--attachable` flag, which means that only swarm services can use it, and not standalone containers. You can connect standalone containers to user-defined overlay networks which are created with the `--attachable` flag. This gives standalone containers running on From ae12369696ab6d8136b7d7d48e4b6bb989468ac4 Mon Sep 17 00:00:00 2001 From: Olly P Date: Sat, 19 Jan 2019 12:14:40 +0000 Subject: [PATCH 189/361] Updated following Jameson's feedback --- engine/security/trust/content_trust.md | 51 ++++++++++++----------- engine/security/trust/trust_automation.md | 2 +- 2 files changed, 28 insertions(+), 25 deletions(-) diff --git a/engine/security/trust/content_trust.md b/engine/security/trust/content_trust.md index bcbb561ac2..8c70b4cff1 100644 --- a/engine/security/trust/content_trust.md +++ b/engine/security/trust/content_trust.md @@ -64,7 +64,7 @@ the unsigned version of an image before officially signing it. Image consumers can enable DCT to ensure that images they use were signed. If a consumer enables DCT, they can only pull, run, or build with trusted images. -Enabling DCT is like wearing a pair of rose-colored glasses. Consumers "see" +Enabling DCT is a bit like applying a "filter" to your registry. Consumers "see" only signed image tags and the less desirable, unsigned image tags are "invisible" to them. @@ -115,9 +115,9 @@ A pre-requisite for signing an image is a Docker Registry with a Notary server attached (Such as the Docker Hub or Docker Trusted Registry). Instructions for standing up a self hosted environment can be found [here](/engine/security/trust/deploying_notary/). -Secondly to sign a Docker Image you will need a Deletegation's key pair. These +Secondly to sign a Docker Image you will need a delegation's key pair. These can either be generated locally using `$ docker trust key generate`, generated -by a certificate authity as discussed +by a certificate authority as discussed [here](/engine/security/trust/trust_delegation/#generating-delegation-keys). Alternatively if you are using Docker Enterprise's Universal Control Plane, a user's [Client Bundle](ee/ucp/user-access/cli/#download-client-certificates) @@ -158,7 +158,7 @@ Enter passphrase for new repository key with ID 10b5e94: ``` -Finally we will use the delegation private key to sign a particular tag and +Finally we will use the delegation's private key to sign a particular tag and push it up to the registry. ``` @@ -186,7 +186,7 @@ Enter passphrase for signer key with ID 8ae710e: Successfully signed dtr.example.com/admin/demo:1 ``` -Remote Trust data for a tag can be viewed by the `$ docker trust inspect` +Remote trust data for a tag can be viewed by the `$ docker trust inspect` command: ``` @@ -224,9 +224,9 @@ Successfully deleted signature for dtr.example.com/admin/demo:1 > [Universal Control Plane](/ee/ucp/admin/configure/run-only-the-images-you-trust/) Docker Content Trust within the Docker Enterprise Engine prevents a user from -using container image from an unknown source, it will also prevent a -user from building a container image, from a base layer from an unknown source. -Docker provides signatures on its Official Docker Images, found on the [Docker +using container image from an unknown source, it will also prevent a user from +building a container image, from a base layer from an unknown source. Docker +provides signatures on its Official Docker Images, found on the [Docker Hub](https://hub.docker.com/search?image_filter=official&type=image), or a User can sign an image with the commands [above](#signing-images-with-docker-content-trust) , assuming they are stored in a private registry with signing data stored @@ -249,18 +249,21 @@ DCT is controlled by the Docker Engine's configuration file. By default this is found at `/etc/docker/daemon.json`. For more details on this file can be found [here](/engine/reference/commandline/dockerd/#daemon-configuration-file) -The `content-trust` flag is expecting 2 variables, a `mode` variable instructing +The `content-trust` flag is based around, a `mode` variable instructing the engine whether to enforce signed images, and a `trust-pinning` variable instructing the engine which sources to trust. `Mode` can take 3 variables: -* `Disabled` - No Signature verification -* `Permissive` - The engine will check the image signature, however the -container will still run. The results of the signature verification is displayed -in the Docker Engine daemon logs. -* `Enabled` - The engine will check the image signature, with a failure resulting -in the container not starting. +* `Disabled` - Verification is not active and the remainder of the content-trust +related metadata will be ignored. This is the default value if `mode` is not +specified. +* `Permissive` - Verification will be performed, but only failures will only be +logged and remain unenforced. This configuration is intended for testing of +changes related to content-trust. The results of the signature verification +is displayed in the Docker Engine daemon logs. +* `Enabled` - Content trust will be enforced and an image that cannot be +verified successfully will not be pulled or run. ``` { @@ -272,10 +275,10 @@ in the container not starting. ### Official Docker Images -All official Docker library images found on the Docker Hub are signed by the -same Notary root key. This root key's ID has been embedded inside of the Docker -Enterprise Engine. Therefore to enforce that only official Docker images are used. -Specify: +All official Docker library images found on the Docker Hub (docker.io/library/*) +are signed by the same Notary root key. This root key's ID has been embedded +inside of the Docker Enterprise Engine. Therefore to enforce that only official +Docker images are used. Specify: ``` { @@ -288,9 +291,9 @@ Specify: } ``` -### User Signed Images +### User-Signed Images -There are 2 options for trust pinning User Signed Images: +There are 2 options for trust pinning user-signed images: * Notary Canonical Root Key ID (DCT Root Key) is an ID that describes *just* the root key used to sign a repository (or rather its respective keys). This is the @@ -325,9 +328,9 @@ $ grep -r "root" ~/.docker/trust/private the ID is unique per repository. i.e `mydtr/user1/image1` and `mydtr/usr1/image2` will have unique certitificate IDs. A certificate ID can be retrieved via a `$ docker trust inspect` command is labelled as a root-key (referring back -to Notary). This is designed for when different users are signing their own -repositories, i.e. there is no central signing server. As a cert-id is more -granular, it would take priority if a conflict occurs over a root ID. +to the Notary key name). This is designed for when different users are signing +their own repositories, i.e. there is no central signing server. As a cert-id +is more granular, it would take priority if a conflict occurs over a root ID. ``` # Retrieving Cert ID diff --git a/engine/security/trust/trust_automation.md b/engine/security/trust/trust_automation.md index c2c721eb0e..53ae8c4b9d 100644 --- a/engine/security/trust/trust_automation.md +++ b/engine/security/trust/trust_automation.md @@ -15,7 +15,7 @@ When working directly with the Notary client, it uses its [own set of environmen ## Adding a Delegation's Private Key -To automate importing a Delegation's Private to the local Docker trust store, we +To automate importing a delegation's private key to the local Docker trust store, we need to pass a passphrase for the new key. This passphase will be required everytime that delegator signs a tag. From 5e715eabea441c9b8cf8a9e2f69dbf8fbd0752fc Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sun, 20 Jan 2019 13:50:31 -0500 Subject: [PATCH 190/361] Update space.md --- docker-for-mac/space.md | 50 +++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/docker-for-mac/space.md b/docker-for-mac/space.md index 972a4ff270..4a32a5f066 100644 --- a/docker-for-mac/space.md +++ b/docker-for-mac/space.md @@ -1,47 +1,53 @@ --- -description: Disk space +description: Disk utilization keywords: mac, disk -title: Disk space in Docker for Mac +title: Disk utilization in Docker for Mac --- -Docker for Mac stores Linux containers and images in a single large "disk image" file -in the Mac filesystem. This is different to Docker on Linux which usually stores containers +Docker for Mac stores Linux containers and images in a single, large "disk image" file +in the Mac filesystem. This is different from Docker on Linux, which usually stores containers and images in the `/var/lib/docker` directory. ## Where is the "disk image" file? -To locate the "disk image" file, first click on the whale menu and then click on -"Preferences...". When the preferences window appears, click on the "Disk" icon -and then "Reveal in Finder": +To locate the "disk image" file, first select the whale menu icon and then select +**Preferences...**. When the **Preferences...** window is displayed, select **Disk** and then **Reveal in Finder**: ![Disk preferences](images/settings-disk.png) -The preferences window also shows how much disk space the file is currently consuming. -In this example it is consuming only 2.4 GB out of a maximum of 64 GB. +The **Preferences...** window shows how much actual disk space the "disk image" file is consuming. +In this example, the "disk image" file is consuming 2.4 GB out of a maximum of 64 GB. -Note that other tools may display the space usage of the file incorrectly. +Note that other tools might display space usage of the file in terms of the maximum file size, not the actual file size. ## If the file is too big If the file is too big, you can -- move it to a bigger drive; -- delete unnecessary containers and images; or -- reduce the maximum size of the file. +- move it to a bigger drive, +- delete unnecessary containers and images, or +- reduce the maximum allowable size of the file. ### To move the file to a bigger drive -To move the file, open the "Preferences..." menu, click on the "Disk" icon and then click -on "Move disk image". Do not move the file directly in the finder or Docker for Mac will +To move the file, open the **Preferences...** menu, select **Disk** and then select +on **Move disk image**. Do not move the file directly in the finder or Docker for Mac will lose track of it. ### To delete unnecessary containers and images -To check whether you have too many unnecessary containers and images, first list images -with: +To check whether you have too many unnecessary containers and images: + +If your client and daemon API are version 1.25 or later (use the docker version command on the client to check your client and daemon API versions.), you can display detailed space usage information with: + +``` +docker system df -v +``` + +Alternatively, you can list images with: ```bash $ docker image ls ``` -then list containers with: +and then list containers with: ```bash $ docker container ls -a ``` @@ -50,9 +56,9 @@ If there are lots of unneeded objects, try the command ```bash $ docker system prune ``` -This will remove all stopped containers, unused networks, dangling images and build cache. +This removes all stopped containers, unused networks, dangling images, and build cache. -Note that it may take a few minutes before space becomes free on the host depending +Note that it might take a few minutes before space becomes free on the host, depending on what format the "disk image" file is in: - If the file is named `Docker.raw`: space on the host should be reclaimed within a few seconds. @@ -75,7 +81,7 @@ $ cd vms/0 # or com.docker.driver.amd64-linux $ ls -klsh Docker.raw 2333548 -rw-r--r--@ 1 akim staff 64G Dec 13 17:42 Docker.raw ``` -In this example the actual size of the disk is `2333548` KB, whereas the maximum size +In this example, the actual size of the disk is `2333548` KB, whereas the maximum size of the disk is `64` GB. ### To reduce the maximum size of the file @@ -83,6 +89,6 @@ of the disk is `64` GB. To reduce the maximum size of the file, first click on the whale menu and then click on "Preferences...". When the preferences window appears, click on the "Disk" icon. The preferences window contains a slider which allows the maximum disk size to be set. -If the maximum size is reduced, the current file will be deleted and therefore all +**Warning**: If the maximum size is reduced, the current file will be deleted and, therefore, all containers and images will be lost. From b0f67bf5bab51e9ba7f4fb720764bdbedd2785e1 Mon Sep 17 00:00:00 2001 From: Muesli Date: Mon, 21 Jan 2019 16:56:33 +0100 Subject: [PATCH 191/361] Update deploying.md FIX syntax for zsh / mac os x term --- registry/deploying.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/registry/deploying.md b/registry/deploying.md index 4e8fe13bf4..deb64006e5 100644 --- a/registry/deploying.md +++ b/registry/deploying.md @@ -216,7 +216,7 @@ If you have been issued an _intermediate_ certificate instead, see $ docker run -d \ --restart=always \ --name registry \ - -v `pwd`/certs:/certs \ + -v "$(pwd)"/certs:/certs \ -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ @@ -425,11 +425,11 @@ secrets. -p 5000:5000 \ --restart=always \ --name registry \ - -v `pwd`/auth:/auth \ + -v "$(pwd)"/auth:/auth \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ - -v `pwd`/certs:/certs \ + -v "$(pwd)"/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ registry:2 From 3edcdc7ca8be493cb29d3d977f861b6f7d1e7f72 Mon Sep 17 00:00:00 2001 From: Aleksejs Sinicins Date: Mon, 21 Jan 2019 21:00:58 +0200 Subject: [PATCH 192/361] Document registry s3 transfer acceleration option. https://github.com/docker/distribution/pull/2166 --- registry/storage-drivers/s3.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/registry/storage-drivers/s3.md b/registry/storage-drivers/s3.md index 7e20107984..ce1612fb7f 100644 --- a/registry/storage-drivers/s3.md +++ b/registry/storage-drivers/s3.md @@ -153,6 +153,18 @@ Amazon S3 or S3 compatible services for object storage. The S3 storage class applied to each registry file. The default value is STANDARD. + + + s3accelerate + + + no + + + Specifies whether the registry should use S3 Transfer Acceleration. You must enable acceleration + endpoint on a bucket before using this option. A boolean value. The default is false. + + @@ -185,6 +197,8 @@ Amazon S3 or S3 compatible services for object storage. `storageclass`: (optional) The storage class applied to each registry file. Defaults to STANDARD. Valid options are STANDARD and REDUCED_REDUNDANCY. +`s3accelerate`: (optional) Whether you would like to use accelerate endpoint for communication with S3. You must enable acceleration on a bucket before using this option. See https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html on how to use enable option. + ## S3 permission scopes The following AWS policy is required by the registry for push and pull. Make sure to replace `S3_BUCKET_NAME` with the name of your bucket. @@ -228,6 +242,11 @@ from edge servers, rather than the geographically limited location of your S3 bucket. The farther your registry is from your bucket, the more improvements are possible. See [Amazon CloudFront](https://aws.amazon.com/cloudfront/details/). +An alternative method for CloudFront that requires less configuration and will use +the same edge servers is [S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html). +Please check acceleration [Requirements](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html#transfer-acceleration-requirements) +to see whether you need CloudFront or S3 Transfer Acceleration. + ## Configuring CloudFront for Distribution If you are unfamiliar with creating a CloudFront distribution, see [Getting From f3960c3d311ded1ea2fa56647e2e38e118d35639 Mon Sep 17 00:00:00 2001 From: ChaosGramer Date: Tue, 22 Jan 2019 11:55:03 +0100 Subject: [PATCH 193/361] Adding proxy wildcard documentation Wildcard documentation was missing in the official docs --- config/daemon/systemd.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config/daemon/systemd.md b/config/daemon/systemd.md index 16e61df8f4..77d578e7b8 100644 --- a/config/daemon/systemd.md +++ b/config/daemon/systemd.md @@ -109,6 +109,12 @@ you need to add this configuration in the Docker systemd service file. [Service] Environment="HTTPS_PROXY=https://proxy.example.com:443/" "NO_PROXY=localhost,127.0.0.1,docker-registry.somecorporation.com" ``` + + The NO_PROXY variable accepts wildcards. You just need to have a value starting with a dot: + ```conf + [Service] + Environment="HTTPS_PROXY=https://proxy.example.com:443/" "NO_PROXY=localhost,127.0.0.1,.somecorporation.com" + ``` 4. Flush changes: From 62ceba1569734ec06ce924f5eff46672b8dbe328 Mon Sep 17 00:00:00 2001 From: ollypom Date: Tue, 22 Jan 2019 11:09:43 +0000 Subject: [PATCH 194/361] Hopefully Fix UCP App Package ToC --- _data/toc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_data/toc.yaml b/_data/toc.yaml index b2f7a5024c..bcf7084e08 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1277,7 +1277,7 @@ manuals: title: CLI-based access - path: /ee/ucp/user-access/kubectl/ title: Install the Kubernetes CLI - - path: /ee/ucp/deploy-application-package + - path: /ee/ucp/deploy-application-package/ title: Deploy an application package - sectiontitle: Deploy apps with Swarm section: From 206edc4340e006a97791583344a7b9c5ea85f4a7 Mon Sep 17 00:00:00 2001 From: L-Hudson <44844738+L-Hudson@users.noreply.github.com> Date: Tue, 22 Jan 2019 09:25:54 -0500 Subject: [PATCH 195/361] Update service-clusters.md C&P error correction --- ee/ucp/interlock/usage/service-clusters.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/ucp/interlock/usage/service-clusters.md b/ee/ucp/interlock/usage/service-clusters.md index 7dc8679960..74963d7c12 100644 --- a/ee/ucp/interlock/usage/service-clusters.md +++ b/ee/ucp/interlock/usage/service-clusters.md @@ -77,7 +77,7 @@ PollInterval = "3s" Image = "{{ page.ucp_org }}/ucp-interlock-extension:{{ page.ucp_version }}" Args = [] ServiceName = "ucp-interlock-extension-us-west" - ProxyImage = "nginx:alpine" + ProxyImage = "docker/ucp-interlock-proxy:3.1.2" ProxyArgs = [] ProxyServiceName = "ucp-interlock-proxy-us-west" ProxyConfigPath = "/etc/nginx/nginx.conf" From ea7208a88821b0805e6bfd6d348a0587ae7725fd Mon Sep 17 00:00:00 2001 From: Trapier Marshall Date: Tue, 22 Jan 2019 16:45:16 -0500 Subject: [PATCH 196/361] ucp config: custom api headers syntax Example for this table needs double brackets because it's an array. Tested on UCP 3.0.8. --- ee/ucp/admin/configure/ucp-configuration-file.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/ucp/admin/configure/ucp-configuration-file.md b/ee/ucp/admin/configure/ucp-configuration-file.md index 02f5bf16e1..c9d00189fd 100644 --- a/ee/ucp/admin/configure/ucp-configuration-file.md +++ b/ee/ucp/admin/configure/ucp-configuration-file.md @@ -91,7 +91,7 @@ An array of tables that specifies the DTR instances that the current UCP instanc Included when you need to set custom API headers. You can repeat this section multiple times to specify multiple separate headers. If you include custom headers, you must specify both `name` and `value`. -[custom_api_server_headers] +[[custom_api_server_headers]] | Item | Description | | ----------- | ----------- | From dbe3c68ba5beb32019216271adcdc99e9fb34d56 Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Tue, 22 Jan 2019 16:14:09 -0700 Subject: [PATCH 197/361] Update device-mapper-driver.md added comma --- storage/storagedriver/device-mapper-driver.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/storagedriver/device-mapper-driver.md b/storage/storagedriver/device-mapper-driver.md index 031ddffa61..20468d3186 100644 --- a/storage/storagedriver/device-mapper-driver.md +++ b/storage/storagedriver/device-mapper-driver.md @@ -321,7 +321,7 @@ assumes that the Docker daemon is in the `stopped` state. ``` If the output in the `Monitor` column reports, as above, that the volume is - `not monitored` then monitoring needs to be explicitly enabled. Without + `not monitored`, then monitoring needs to be explicitly enabled. Without this step, automatic extension of the logical volume will not occur, regardless of any settings in the applied profile. From 64261850faabf31f281a2b1c2a380cceae919d41 Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Tue, 22 Jan 2019 16:16:38 -0700 Subject: [PATCH 198/361] Update nginx.md Fixed security warning, changed to "anyone who can log on to the server where your Docker Registry is running" --- registry/recipes/nginx.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/registry/recipes/nginx.md b/registry/recipes/nginx.md index 1f039f6114..6673b2a22b 100644 --- a/registry/recipes/nginx.md +++ b/registry/recipes/nginx.md @@ -40,8 +40,8 @@ proxy itself. > ***NOTE:*** Docker does not recommend binding your registry to `localhost:5000` without > authentication. This creates a potential loophole in your Docker Registry security. -> As a result, anyone with access to your Docker Registry can push images without -> authentication. +> As a result, anyone who can log on to the server where your Docker Registry is running +> can push images without authentication. Furthermore, introducing an extra http layer in your communication pipeline makes it more complex to deploy, maintain, and debug. Make sure the extra From e13972fa2848dd4be73dc89ac11d42fae5e98afd Mon Sep 17 00:00:00 2001 From: Alastair Smith Date: Tue, 22 Jan 2019 18:44:03 -0600 Subject: [PATCH 199/361] add new Jenkinsfile - this file sets up builds for CSE in ci.docker.com - master publishes to stage, published to production --- Jenkinsfile | 111 +++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 89 insertions(+), 22 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 310ed40948..34916fbce7 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,25 +1,92 @@ -wrappedNode(label: 'ubuntu-1604 && x86_64') { - timeout(time: 60, unit: 'MINUTES') { - deleteDir() - stage "checkout" - checkout scm - sh "git submodule update --init --recursive" - stage "test" +def dtrVpnAddress = "vpn.corp-us-east-1.aws.dckr.io" +def ucpBundle = [file(credentialsId: "ucp-bundle", variable: 'UCP')] +def slackString = [string(credentialsId: 'slack-docs-webhook', variable: 'slack')] +def reg = [credentialsId: 'csebuildbot', url: 'https://index.docker.io/v1/'] - /* Jekyll creates html files to implement client side redirects. - There are absolute links to docs.docker.com in these htmls - we don't want them to be parsed by the tests for now. - Removing jekyll-redirect-from option will make sure these pages - are not generated when building with Jekyll. */ - sh "awk '/jekyll-redirect-from/{n=1}; n {n--; next}; 1' < _config.yml > _config.yml.tmp" - sh "mv _config.yml.tmp _config.yml" - - sh "docker build -t docs:${JOB_BASE_NAME}-${BUILD_NUMBER} `pwd`" - sh "docker build -t tests:${JOB_BASE_NAME}-${BUILD_NUMBER} `pwd`/tests" - sh "docker run -v /usr/src/app/allvbuild --name docs-${JOB_BASE_NAME}-${BUILD_NUMBER} docs:${JOB_BASE_NAME}-${BUILD_NUMBER} /bin/true" - sh "docker run --rm --volumes-from docs-${JOB_BASE_NAME}-${BUILD_NUMBER} -v `pwd`:/docs tests:${JOB_BASE_NAME}-${BUILD_NUMBER}" - sh "docker rm -fv docs-${JOB_BASE_NAME}-${BUILD_NUMBER}" - sh "docker rmi docs:${JOB_BASE_NAME}-${BUILD_NUMBER} tests:${JOB_BASE_NAME}-${BUILD_NUMBER}" - deleteDir() +pipeline { + agent none + options { + timeout(time: 1, unit: 'HOURS') + } + stages { + stage( 'docker.github.io' ) { + agent { + label 'ubuntu-1604-aufs-stable' + } + stages { + stage( 'build and push stage image' ) { + when { + branch 'master' + } + steps { + withDockerRegistry(reg) { + sh """ + docker image build --tag docs/docker.github.io:stage-${env.BUILD_NUMBER} . && \ + docker image push docs/docker.github.io:stage-${env.BUILD_NUMBER} + """ + } + } + } + stage( 'build and push prod image' ) { + when { + branch 'published' + } + steps { + withDockerRegistry(reg) { + sh """ + docker image build --tag docs/docker.github.io:prod-${env.BUILD_NUMBER} . && \ + docker image push docs/docker.github.io:prod-${env.BUILD_NUMBER} + """ + } + } + } + stage( 'update docs-stage' ) { + when { + branch 'master' + } + steps { + withVpn(dtrVpnAddress) { + withCredentials(ucpBundle) { + sh 'unzip -o $UCP' + } + withDockerRegistry(reg) { + sh """ + export DOCKER_TLS_VERIFY=1 + export COMPOSE_TLS_VERSION=TLSv1_2 + export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot + export DOCKER_HOST=tcp://ucp.corp-us-east-1.aws.dckr.io:443 + docker service update --detach=false --force --image docs/docker.github.io:stage-${env.BUILD_NUMBER} docs-stage-docker-com_docs --with-registry-auth + """ + } + } + } + } + stage( 'update docs-prod' ) { + when { + branch 'published' + } + steps { + withVpn(dtrVpnAddress) { + withCredentials(ucpBundle) { + sh 'unzip -o $UCP' + } + withCredentials(slackString) { + withDockerRegistry(reg) { + sh """ + cd ucp-bundle-success_bot + export DOCKER_TLS_VERIFY=1 + export COMPOSE_TLS_VERSION=TLSv1_2 + export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot + export DOCKER_HOST=tcp://ucp.corp-us-east-1.aws.dckr.io:443 + docker service update --detach=false --force --image docs/docker.github.io:prod-${env.BUILD_NUMBER} docs-docker-com_docs --with-registry-auth + curl -X POST -H 'Content-type: application/json' --data '{"text":"Successfully published docs. https://docs.docker.com/"}' $slack + """ + } + } + } + } + } + } + } } } From 8e73cd0212ff1803b94e72281ddf1d9c83791540 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20B?= Date: Wed, 23 Jan 2019 11:42:46 +0100 Subject: [PATCH 200/361] Update build_enhancements.md with troubleshooting hints Add troubleshooting tips from https://github.com/moby/moby/issues/38303 --- develop/develop-images/build_enhancements.md | 36 ++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/develop/develop-images/build_enhancements.md b/develop/develop-images/build_enhancements.md index ed3f903b53..9e8a60bbd0 100644 --- a/develop/develop-images/build_enhancements.md +++ b/develop/develop-images/build_enhancements.md @@ -189,3 +189,39 @@ Once the `Dockerfile` is created, use the `--ssh` option for connectivity with t ```bash $ docker build --ssh default . ``` + +## Troubleshooting : issues with private registries + +#### x509: certificate signed by unknown authority +If you are fetching images from insecure registry (with self-signed certificates) and/or using such aa registry as a mirror, you are facing a known issue in Docker 18.09 : +``` +[+] Building 0.4s (3/3) FINISHED + => [internal] load build definition from Dockerfile + => => transferring dockerfile: 169B + => [internal] load .dockerignore + => => transferring context: 2B + => ERROR resolve image config for docker.io/docker/dockerfile:experimental +------ + > resolve image config for docker.io/docker/dockerfile:experimental: +------ +failed to do request: Head https://repo.mycompany.com/v2/docker/dockerfile/manifests/experimental: x509: certificate signed by unknown authority +``` +Solution : secure your registry properly. You can get SSL certificates from Let's Encrypt for free. See https://docs.docker.com/registry/deploying/ + + +#### image not found when the private registry is running on Sonatype Nexus version < 3.15 + +If you are running a privatee registry using Sonatype Nexus version < 3.15, and receive an error similar to the following : +``` +------ + > [internal] load metadata for docker.io/library/maven:3.5.3-alpine: +------ +------ + > [1/4] FROM docker.io/library/maven:3.5.3-alpine: +------ +rpc error: code = Unknown desc = docker.io/library/maven:3.5.3-alpine not found +``` +you may be facing the bug below : https://issues.sonatype.org/browse/NEXUS-12684 + +Solution is to upgrade your Nexus to version 3.15 or above. + From d8c1b5c45203563173b7c4c813efa7fe50d1c2b1 Mon Sep 17 00:00:00 2001 From: L-Hudson <44844738+L-Hudson@users.noreply.github.com> Date: Wed, 23 Jan 2019 15:20:53 -0500 Subject: [PATCH 201/361] Update device-mapper-driver.md minor editorial crx --- storage/storagedriver/device-mapper-driver.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/storage/storagedriver/device-mapper-driver.md b/storage/storagedriver/device-mapper-driver.md index 20468d3186..95c5e67df9 100644 --- a/storage/storagedriver/device-mapper-driver.md +++ b/storage/storagedriver/device-mapper-driver.md @@ -50,7 +50,7 @@ However, the addition of the loopback mechanism, and interaction with the OS filesystem layer, means that IO operations can be slow and resource-intensive. Use of loopback devices can also introduce race conditions. However, setting up `loop-lvm` mode can help identify basic issues (such as -missing user space packages, kernel drivers etc) ahead of attempting the more +missing user space packages, kernel drivers, etc.) ahead of attempting the more complex set up required to enable `direct-lvm` mode. `loop-lvm` mode should therefore only be used to perform rudimentary testing prior to configuring `direct-lvm`. @@ -108,7 +108,7 @@ For production systems, see Data Space Used: 11.8 MB Data Space Total: 107.4 GB Data Space Available: 7.44 GB - Metadata Space Used: 581.6 kB + Metadata Space Used: 581.6 KB Metadata Space Total: 2.147 GB Metadata Space Available: 2.147 GB Thin Pool Minimum Free Space: 10.74 GB @@ -135,7 +135,7 @@ For production systems, see Production hosts using the `devicemapper` storage driver must use `direct-lvm` mode. This mode uses block devices to create the thin pool. This is faster than using loopback devices, uses system resources more efficiently, and block -devices can grow as needed. However, more set-up is required than `loop-lvm` +devices can grow as needed. However, more setup is required than in `loop-lvm` mode. After you have satisfied the [prerequisites](#prerequisites), follow the steps From 72a288caa2de626f7d7f832d9c5089d9d92187e5 Mon Sep 17 00:00:00 2001 From: Olly P Date: Sun, 20 Jan 2019 13:13:30 +0000 Subject: [PATCH 202/361] Added managing Delegation Documentation --- engine/security/trust/content_trust.md | 124 +++--- engine/security/trust/trust_automation.md | 36 +- engine/security/trust/trust_delegation.md | 467 ++++++++++++++++------ 3 files changed, 428 insertions(+), 199 deletions(-) diff --git a/engine/security/trust/content_trust.md b/engine/security/trust/content_trust.md index 8c70b4cff1..a9506b5c1c 100644 --- a/engine/security/trust/content_trust.md +++ b/engine/security/trust/content_trust.md @@ -7,27 +7,22 @@ title: Content trust in Docker When transferring data among networked systems, *trust* is a central concern. In particular, when communicating over an untrusted medium such as the internet, it is critical to ensure the integrity and the publisher of all the data a system -operates on. You use Docker Engine to push and pull images (data) to a public -or private registry. Content trust gives you the ability to verify both the -integrity and the publisher of all the data received from a registry over any -channel. +operates on. You use the Docker Engine to push and pull images (data) to a +public or private registry. Content trust gives you the ability to verify both +the integrity and the publisher of all the data received from a registry over +any channel. ## About trust in Docker -Docker Content Trust (DCT) allows operations with a remote Docker registry to -enforce client-side signing and runtime verification of image tags. DCT provides -the ability to use digital signatures for data sent to and received from remote -Docker registries. These signatures allow client-side or runtime verification of -the integrity and publisher of specific image tags. +Docker Content Trust (DCT) provides the ability to use digital signatures for +data sent to and received from remote Docker registries. These signatures allow +client-side or runtime verification of the integrity and publisher of specific +image tags. -Through DCT image publishers can sign their images. Image consumers can ensure -that the images they use are signed. Publishers and consumers can either be -individuals or organizations. DCT supports individual users / teams as well as -automated processes such as [builds and pipelines](trust_automation.d). - -When you use DCT, signing occurs on the client through the `$ docker push` or -`$ docker trust sign` commands and verification can happen through the client, -the engine, or through Docker Enterprise's Universal Control Plane. +Through DCT image publishers can sign their images and image consumers can +ensure that the images they use are signed. Publishers could be be individuals +or organizations manually signing their content or automated software supply +chains signing content as part of their release process. ### Image tags and DCT @@ -111,29 +106,29 @@ Within the Docker CLI we can sign and push a container image with the `$ docker trust` command syntax. This is built on top of the Notary feature set, more information on Notary can be found [here](/notary/getting_started/). -A pre-requisite for signing an image is a Docker Registry with a Notary server +A prerequisite for signing an image is a Docker Registry with a Notary server attached (Such as the Docker Hub or Docker Trusted Registry). Instructions for standing up a self hosted environment can be found [here](/engine/security/trust/deploying_notary/). -Secondly to sign a Docker Image you will need a delegation's key pair. These +Secondly to sign a Docker Image you will need a delegation key pair. These keys can either be generated locally using `$ docker trust key generate`, generated -by a certificate authority as discussed -[here](/engine/security/trust/trust_delegation/#generating-delegation-keys). -Alternatively if you are using Docker Enterprise's Universal Control Plane, a -user's [Client Bundle](ee/ucp/user-access/cli/#download-client-certificates) -provides adequate keys for a delegation. The `cert.pem` being the public -delegation key, the `key.pem` as the private delegation key. +by a certificate authority, or alternatively if you are using Docker Enterprise's +Universal Control Plane, a user's Client Bundle provides adequate keys for a +delegation. Find more information on Delegation Keys +[here](trust_delegation/#creating-delegation-keys). -First we will add the delegation's private key to the local docker trust +First we will add the delegation private key to the local docker trust repository. (By default this is stored in `~/.docker/trust/`). If you are -generating with the key with `$ docker trust key generate` is it automatically -added to the store. If you are importing a seperate key, such as one from -the Universal Control Plane you will need to use the `$ docker trust key load` -command. +generating delegation key's with `$ docker trust key generate`, the private key +is automatically added to the local trust store. If you are importing a seperate +key, such as one from the Universal Control Plane you will need to use the +`$ docker trust key load` command. ``` $ docker trust key generate jeff Generating key for jeff... +Enter passphrase for new jeff key with ID 9deed25: +Repeat passphrase for new jeff key with ID 9deed25: Successfully generated and loaded private key. Corresponding public key available: /home/ubuntu/Documents/mytrustdir/jeff.pub ``` @@ -141,15 +136,19 @@ Or if you have an existing key: ``` $ docker trust key load key.pem --name jeff -Loading key from "delegation.key"... +Loading key from "key.pem"... Enter passphrase for new jeff key with ID 8ae710e: Repeat passphrase for new jeff key with ID 8ae710e: -Successfully imported key from delegation.key +Successfully imported key from key.pem ``` -Next we will need to add the delegation's public key to the Notary server, -this specific to a particular image repository (In Notary known as a Global -Unique Name (GUN)). +Next we will need to add the delegation public key to the Notary server, +this is specific to a particular image repository, in Notary known as a Global +Unique Name (GUN). If this is the first time you are adding a delegation to that +repository, this command will also initiate the repository, using a local Notary +canonical root key. To understand more about initiating a repository, and the +role of delegations head to +[delegations for content trust](trust_delegation/#managing-delegations-in-a-notary-server) ``` $ docker trust signer add --key cert.pem jeff dtr.example.com/admin/demo @@ -158,7 +157,7 @@ Enter passphrase for new repository key with ID 10b5e94: ``` -Finally we will use the delegation's private key to sign a particular tag and +Finally we will use the delegation private key to sign a particular tag and push it up to the registry. ``` @@ -173,10 +172,11 @@ Successfully signed dtr.example.com/admin/demo:1 ``` Alternatively, once the key's have been imported an image can be pushed with the -`$ docker push` command, by enabled the DCT environmental variable. +`$ docker push` command, by exporting the DCT environmental variable. ``` $ export DOCKER_CONTENT_TRUST=1 + $ docker push dtr.example.com/admin/demo:1 The push refers to repository [dtr.example.com/admin/demo:1] 7bff100f35cb: Pushed @@ -186,8 +186,8 @@ Enter passphrase for signer key with ID 8ae710e: Successfully signed dtr.example.com/admin/demo:1 ``` -Remote trust data for a tag can be viewed by the `$ docker trust inspect` -command: +Remote trust data for a tag or a repository can be viewed by the +`$ docker trust inspect` command: ``` $ docker trust inspect --pretty dtr.example.com/admin/demo:1 @@ -200,7 +200,7 @@ SIGNED TAG DIGEST List of signers and their keys for dtr.example.com/admin/demo:1 SIGNER KEYS -myteam 8ae710e3ba82 +jeff 8ae710e3ba82 Administrative keys for dtr.example.com/admin/demo:1 @@ -220,18 +220,15 @@ Successfully deleted signature for dtr.example.com/admin/demo:1 ## Runtime Enforcement with Docker Content Trust > Note this only applies to Docker Enterprise Engine 18.09 or newer. This -> implementation is also seperate from the `only run signed images` feature of +> implementation is also separate from the `only run signed images` feature of > [Universal Control Plane](/ee/ucp/admin/configure/run-only-the-images-you-trust/) Docker Content Trust within the Docker Enterprise Engine prevents a user from -using container image from an unknown source, it will also prevent a user from -building a container image, from a base layer from an unknown source. Docker -provides signatures on its Official Docker Images, found on the [Docker -Hub](https://hub.docker.com/search?image_filter=official&type=image), or a User -can sign an image with the commands [above](#signing-images-with-docker-content-trust) -, assuming they are stored in a private registry with signing data stored -within an attached [Notary Server](/engine/security/trust/deploying_notary/) -(Such as the Docker Trusted Registry). +using a container image from an unknown source, it will also prevent a user from +building a container image from a base layer from an unknown source. Trusted +sources could include Official Docker Images, found on the [Docker +Hub](https://hub.docker.com/search?image_filter=official&type=image), or User +trusted sources, with repositories and tags signed with the commands [above](#signing-images-with-docker-content-trust). Engine Signature Verification prevents the following: * `$ docker container run` of an unsigned image. @@ -246,10 +243,10 @@ unsigned images from being imported, loaded, or created. ### Enabling DCT within the Docker Enterprise Engine DCT is controlled by the Docker Engine's configuration file. By default this is -found at `/etc/docker/daemon.json`. For more details on this file can be found +found at `/etc/docker/daemon.json`. More details on this file can be found [here](/engine/reference/commandline/dockerd/#daemon-configuration-file) -The `content-trust` flag is based around, a `mode` variable instructing +The `content-trust` flag is based around a `mode` variable instructing the engine whether to enforce signed images, and a `trust-pinning` variable instructing the engine which sources to trust. @@ -258,10 +255,10 @@ instructing the engine which sources to trust. * `Disabled` - Verification is not active and the remainder of the content-trust related metadata will be ignored. This is the default value if `mode` is not specified. -* `Permissive` - Verification will be performed, but only failures will only be +* `Permissive` - Verification will be performed, but only failures will be logged and remain unenforced. This configuration is intended for testing of changes related to content-trust. The results of the signature verification -is displayed in the Docker Engine daemon logs. +is displayed in the Docker Engine's daemon logs. * `Enabled` - Content trust will be enforced and an image that cannot be verified successfully will not be pulled or run. @@ -278,7 +275,7 @@ verified successfully will not be pulled or run. All official Docker library images found on the Docker Hub (docker.io/library/*) are signed by the same Notary root key. This root key's ID has been embedded inside of the Docker Enterprise Engine. Therefore to enforce that only official -Docker images are used. Specify: +Docker images can be used. Specify: ``` { @@ -300,7 +297,7 @@ root key used to sign a repository (or rather its respective keys). This is the root key on the host that originally signed the repository (i.e. your workstation). This can be retrieved from the workstation that signed the repository through `$ grep -r "root" ~/.docker/trust/private/` (Assuming your trust data is -at `~/.docker/trust/*`). It is expected that this canocial ID has initiated +at `~/.docker/trust/*`). It is expected that this canonical ID has initiated multiple image repositories (`mydtr/user1/image1` and `mydtr/user1/image2`). ``` @@ -324,16 +321,16 @@ $ grep -r "root" ~/.docker/trust/private } ``` -* Notary Root key ID (DCT Certitifcate ID) is an ID that describes the same, but +* Notary Root key ID (DCT Certificate ID) is an ID that describes the same, but the ID is unique per repository. i.e `mydtr/user1/image1` and `mydtr/usr1/image2` -will have unique certitificate IDs. A certificate ID can be retrieved via a -`$ docker trust inspect` command is labelled as a root-key (referring back +will have unique certificate IDs. A certificate ID can be retrieved via a +`$ docker trust inspect` command and is labelled as a root-key (referring back to the Notary key name). This is designed for when different users are signing their own repositories, i.e. there is no central signing server. As a cert-id is more granular, it would take priority if a conflict occurs over a root ID. ``` - # Retrieving Cert ID +# Retrieving Cert ID $ docker trust inspect mydtr/user1/repo1 | jq -r '.[].AdministrativeKeys[] | select(.Name=="Root") | .Keys[].ID' 9430d6e31e3b3e240957a1b62bbc2d436aafa33726d0fcb50addbf7e2dfa2168 @@ -386,11 +383,12 @@ trust cached signature data. This is done through the ## Client Enforcement with Docker Content Trust -> Note this is supported on Docker CE and Enterprise Engine newer than 17.03 +> Note this is supported on Docker Community and Enterprise Engines newer than +> 17.03. Currently, content trust is disabled by default in the Docker Client. To enable it, set the `DOCKER_CONTENT_TRUST` environment variable to `1`. This prevents -Users from working with tagged images unless they contain a signature. +users from working with tagged images unless they contain a signature. When DCT is enabled in the Docker client, `docker` CLI commands that operate on tagged images must either have content signatures or explicit content hashes. @@ -420,7 +418,7 @@ Status: Downloaded newer image for dtr.example.com/user/image@sha256:ee7491c9c31 ## Related information -* [Manage keys for content trust](trust_key_mng.md) -* [Automation with content trust](trust_automation.md) * [Delegations for content trust](trust_delegation.md) +* [Automation with content trust](trust_automation.md) +* [Manage keys for content trust](trust_key_mng.md) * [Play in a content trust sandbox](trust_sandbox.md) diff --git a/engine/security/trust/trust_automation.md b/engine/security/trust/trust_automation.md index 53ae8c4b9d..ec40980d0e 100644 --- a/engine/security/trust/trust_automation.md +++ b/engine/security/trust/trust_automation.md @@ -5,39 +5,41 @@ title: Automation with content trust --- It is very common for Docker Content Trust to be built into existing automation -systems. To allow tools to wrap docker and push trusted content, there are +systems. To allow tools to wrap Docker and push trusted content, there are environment variables that can be passed through to the client. -This guide follows the steps as [here](content_trust/#signing-images-with-docker-content-trust) -so please read that and understand the pre-requisites. +This guide follows the steps as described +[here](content_trust/#signing-images-with-docker-content-trust) so please read +that and understand its prerequisites. When working directly with the Notary client, it uses its [own set of environment variables](/notary/reference/client-config.md#environment-variables-optional). -## Adding a Delegation's Private Key +## Adding a Delegation Private Key -To automate importing a delegation's private key to the local Docker trust store, we -need to pass a passphrase for the new key. This passphase will be required -everytime that delegator signs a tag. +To automate importing a delegation private key to the local Docker trust store, we +need to pass a passphrase for the new key. This passphrase will be required +everytime that delegation signs a tag. ``` -$ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="mypassphase123" +$ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="mypassphrase123" $ docker trust key load delegation.key --name jeff Loading key from "delegation.key"... Successfully imported key from delegation.key ``` -## Adding a Delegation's Public Key +## Adding a Delegation Public Key -To automate the addition of a new delegator to the Repository, we need to pass -the passphrases for the workstations Root Key (Notary Canonical Root Key ID) and -the image repositories passphase (Notary Root key ID). +If you initialising a repository at the same time as adding a Delegation +public key, then you will need to use the local Notary Canonical Root Key's +passphrase to create the repositories trust data. If the repository has already +been initiated then you only need the repositories passphrase. ``` -# Export the Local Root Key Passphrase +# Export the Local Root Key Passphrase if required. $ export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="rootpassphrase123" -# Export the Repository Passphase +# Export the Repository Passphrase $ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="repopassphrase123" # Initialise Repo and Push Delegation @@ -52,10 +54,10 @@ Successfully added signer: dtr.example.com/admin/demo Finally when signing an image, we will need to export the passphrase of the signing key. This was created when the key was loaded into the local Docker -Store with `$ docker trust key load`. +trust store with `$ docker trust key load`. ``` -$ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="mypassphase123" +$ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="mypassphrase123" $ docker trust sign dtr.example.com/admin/demo:1 Signing and pushing trust data for local image dtr.example.com/admin/demo:1, may overwrite remote trust data @@ -101,7 +103,7 @@ unable to process Dockerfile: No trust data for notrust ## Related information +* [Delegations for content trust](trust_delegation.md) * [Content trust in Docker](content_trust.md) * [Manage keys for content trust](trust_key_mng.md) -* [Delegations for content trust](trust_delegation.md) * [Play in a content trust sandbox](trust_sandbox.md) diff --git a/engine/security/trust/trust_delegation.md b/engine/security/trust/trust_delegation.md index f33c59cded..dba57fd752 100644 --- a/engine/security/trust/trust_delegation.md +++ b/engine/security/trust/trust_delegation.md @@ -4,48 +4,74 @@ keywords: trust, security, delegations, keys, repository title: Delegations for content trust --- -Docker Engine supports the usage of the `targets/releases` delegation as the -canonical source of a trusted image tag. +Delegations in Docker Content Trust allow you to control who can and cannot sign +an image tag. A delegation will have a pair of delegation keys, public and +private. A delegation could contain multiple pairs of keys, contributors, to +allow multiple users to be part of a delegation, and to support key rotation. -Using this delegation allows you to collaborate with other publishers without -sharing your repository key, which is a combination of your targets and snapshot keys. -See [Manage keys for content trust](trust_key_mng.md) for more information). -Collaborators can keep their own delegation keys private. +The most important delegation within Docker Content Trust is `targets/releases`. +This is seen as the canonical source of a trusted image tag, and without a +contributor's key being under this delegation, they will be unable to sign a tag. -The `targets/releases` delegation is currently an optional feature - in order -to set up delegations, you must use the Notary CLI: +Fortunately when using the `$ docker trust` commands, we will automatically +initialise a repository, manage the repository keys, and when a collaborator +gets added with `docker trust signer add` we will add their key to the +`targets/releases` delegation automatically. -1. [Download the client](https://github.com/theupdateframework/notary/releases) +## Configuring the Notary Cli + +Some of the more advanced features of Docker Content Trust require the Notary +Cli. To install and configure the Notary Cli follow: + +1) Download the [client](https://github.com/theupdateframework/notary/releases) and ensure that it is available on your path -2. Create a configuration file at `~/.notary/config.json` with the following content: +2) Create a configuration file at ~/.notary/config.json with the following content: - ``` - { - "trust_dir" : "~/.docker/trust", - "remote_server": { - "url": "https://notary.docker.io" - } - } - ``` +``` +{ + "trust_dir" : "~/.docker/trust", + "remote_server": { + "url": "https://dtr.example.com" + "root_ca": "../.docker/ca.pem" + } +} +``` - This tells Notary where the Docker Content Trust data is stored, and to use the - Notary server used for images in Docker Hub. +This configuration file will tell Notary where the local Docker Trust data is +stored, as well as which Notary server to use by default. -For more detailed information about how to use Notary outside of the default -Docker Content Trust use cases, refer to the -[Notary CLI documentation](/notary/getting_started.md). +For more detailed information about how to use Notary outside of the +Docker Content Trust use cases, refer to the Notary Cli documentation +[here](https://github.com/theupdateframework/notary/blob/master/docs/command_reference.md) -When publishing and listing delegation changes using the Notary client, -your Docker Hub credentials are required. +## Creating Delegation Keys -## Generating delegation keys +A prerequisite to adding your first contributor is a pair of delegation keys. +These keys can either be generated locally using `$ docker trust`, generated by +a certificate authority, or can be taken from a Universal Control Plane's +[Client Bundle](ee/ucp/user-access/cli/#download-client-certificates). -Your collaborator needs to generate a private key (either RSA or ECDSA) -and give you the public key so that you can add it to the `targets/releases` -delegation. +### Using Docker Trust to Generate Keys + +Docker trust has a built in generator for a delegation key pair, +`$ docker trust generate `, running this command will automatically load +the delegation private key in to the local Docker trust store. + +``` +$ docker trust key generate jeff +Generating key for jeff... +Enter passphrase for new jeff key with ID 9deed25: +Repeat passphrase for new jeff key with ID 9deed25: +Successfully generated and loaded private key. Corresponding public key available: /home/ubuntu/Documents/mytrustdir/jeff.pub +``` + +### Manually Generating Keys + +If you need to manually generate a private key (either RSA or ECDSA) and a x509 +certificate containing the public key, you can use local tools like openssl or +cfssl along with a local or company wide Certificate Authority. -The easiest way for them to generate these keys is with OpenSSL. Here is an example of how to generate a 2048-bit RSA portion key (all RSA keys must be at least 2048 bits): @@ -79,137 +105,340 @@ $ openssl x509 -req -sha256 -days 365 -in delegation.csr -signkey delegation.key Then they need to give you `delegation.crt`, whether it is self-signed or signed by a CA. -## Adding a delegation key to an existing repository - -If your repository was created using a version of Docker Engine prior to 1.11, -then before adding any delegations, you should rotate the snapshot key to the server -so that collaborators don't need your snapshot key to sign and publish tags: +Finally you will need to add the private key into your local Docker trust store. ``` -$ notary key rotate docker.io// snapshot -r +$ docker trust key load delegation.key --name jeff +Loading key from "delegation.key"... +Enter passphrase for new jeff key with ID 8ae710e: +Repeat passphrase for new jeff key with ID 8ae710e: +Successfully imported key from delegation.key ``` -This tells Notary to rotate a key for your particular image repository. The -`docker.io/` prefix is required. `snapshot -r` specifies that you want -to rotate the snapshot key and that you want the server to manage it (`-r` -stands for "remote"). +### Using Universal Control Plane's Client Bundles -When adding a delegation, your must acquire -[the PEM-encoded x509 certificate with the public key](#generating-delegation-keys) -of the collaborator you wish to delegate to. +Universal Control Plane manages cli and api access to its clusters through +certificates generated in a Client Bundle. These certificates and keys can be +used as a delegation key pair. Within each client bundle there is a unique +private key (`key.pem`) and x509 certificate containing a public key +(`cert.pem`). -Assuming you have the certificate `delegation.crt`, you can add a delegation -for this user and then publish the delegation change: +1) Download a user's client bundle from the +[Universal Control Plane](ee/ucp/user-access/cli/#download-client-certificates). + +2) Extract the client bundle into your current directory + +3) Load the private key into your local Docker trust store ``` -$ notary delegation add docker.io// targets/releases delegation.crt --all-paths -$ notary publish docker.io// +$ docker trust key load key.pem --name jeff +Loading key from "key.pem"... +Enter passphrase for new jeff key with ID 9deed25: +Repeat passphrase for new jeff key with ID 9deed25: +Successfully imported key from key.pem ``` -The preceding example illustrates a request to add the delegation -`targets/releases` to the image repository, if it doesn't exist. Be sure to use -`targets/releases` - Notary supports multiple delegation roles, so if you mistype -the delegation name, the Notary CLI does not error. However, Docker Engine -supports reading only from `targets/releases`. +### Viewing local Delegation keys -It also adds the collaborator's public key to the delegation, enabling them to sign -the `targets/releases` delegation so long as they have the private key corresponding -to this public key. The `--all-paths` flag tells Notary not to restrict the tag -names that can be signed into `targets/releases`, which we highly recommend for -`targets/releases`. - -Publishing the changes tells the server about the changes to the `targets/releases` -delegation. - -After publishing, view the delegation information to ensure that you correctly added -the keys to `targets/releases`: +To list the keys that have been imported in to the local Docker trust store we +can use the Notary cli. ``` -$ notary delegation list docker.io// +$ notary key list - ROLE PATHS KEY IDS THRESHOLD ---------------------------------------------------------------------------------------------------------------- - targets/releases "" 729c7094a8210fd1e780e7b17b7bb55c9a28a48b871b07f65d97baf93898523a 1 +ROLE GUN KEY ID LOCATION +---- --- ------ -------- +root f6c6a4b00fefd8751f86194c7d87a3bede444540eb3378c4a11ce10852ab1f96 /home/ubuntu/.docker/trust/private +jeff 9deed251daa1aa6f9d5f9b752847647cf8d705da0763aa5467650d0987ed5306 /home/ubuntu/.docker/trust/private ``` -You can see the `targets/releases` with its paths and the key ID you just added. +## Managing Delegations in a Notary Server -Notary currently does not map collaborators names to keys, so we recommend -that you add and list delegation keys one at a time, and keep a mapping of the key -IDs to collaborators yourself should you need to remove a collaborator. +Docker Content Trust handles initiating a repository with trust data for you, +including rotating low level keys like the target and the snapshot key to the +remote Notary server. This is all done the first time you add a delegation +public key to the Notary server. -## Removing a delegation key from an existing repository +When initiating a repository you will need the key and the passphrase of a local +Notary Canonical Root Key. If you have not initiated a repository before, and +therefore don't have a Notary root key, `$ docker trust` will create one for you. -To revoke a collaborator's ability to sign tags for your image repository, you -need to remove their keys from the `targets/releases` delegation. To do this, -you need the IDs of their keys. +> Be sure to protect your [Notary Canonical Root Key](./trust_key_mng.md) -```bash -$ notary delegation remove docker.io// targets/releases 729c7094a8210fd1e780e7b17b7bb55c9a28a48b871b07f65d97baf93898523a +### Initiating the Repository -Removal of delegation role targets/releases with keys [729c7094a8210fd1e780e7b17b7bb55c9a28a48b871b07f65d97baf93898523a], to repository "docker.io//" staged for next publish. -``` +To upload the first key to a delegation, at the same time initiating a +repository, you can use the `$ docker trust signer add` command. This will add +the contributor's public key to the `targets/releases` delegation, and create a +second `targets/` delegation. -The revocation takes effect as soon as you publish: +For Docker Content Trust the name of the second delegation, in the below example +`jeff`, is there to help you keep track of the owner of the keys. In more +advanced use cases of Notary additional delegations are used for hierarchy. ``` -$ notary publish docker.io// +$ docker trust signer add --key cert.pem jeff dtr.example.com/admin/demo +Adding signer "jeff" to dtr.example.com/admin/demo... +Initializing signed repository for dtr.example.com/admin/demo... +Enter passphrase for root key with ID f6c6a4b: +Enter passphrase for new repository key with ID b0014f8: +Repeat passphrase for new repository key with ID b0014f8: +Successfully initialized "dtr.example.com/admin/demo" +Successfully added signer: jeff to dtr.example.com/admin/demo ``` -By removing all the keys from the `targets/releases` delegation, the -delegation (and any tags that are signed into it) is removed. That means that -these tags are all deleted, and you may end up with older, legacy tags that -were signed directly by the targets key. - -## Removing the `targets/releases` delegation entirely from a repository - -If you've decided that delegations aren't for you, you can delete the -`targets/releases` delegation entirely. This also removes all the tags that -are currently in `targets/releases`, however, and you may end up with older, -legacy tags that were signed directly by the targets key. - -To delete the `targets/releases` delegation: +You can see which keys have been pushed to the Notary server for each repository +with the `$ docker trust inspect` command. ``` -$ notary delegation remove docker.io// targets/releases +$ docker trust inspect --pretty dtr.example.com/admin/demo -Are you sure you want to remove all data for this delegation? (yes/no) -yes +No signatures for dtr.example.com/admin/demo -Forced removal (including all keys and paths) of delegation role targets/releases to repository "docker.io//" staged for next publish. -$ notary publish docker.io// +List of signers and their keys for dtr.example.com/admin/demo + +SIGNER KEYS +jeff 1091060d7bfd + +Administrative keys for dtr.example.com/admin/demo + + Repository Key: b0014f8e4863df2d028095b74efcb05d872c3591de0af06652944e310d96598d + Root Key: 64d147e59e44870311dd2d80b9f7840039115ef3dfa5008127d769a5f657a5d7 ``` -## Pushing trusted data as a collaborator - -As a collaborator with a private key that has been added to a repository's -`targets/releases` delegation, you need to import the private key that you -generated into Content Trust. - -To do so, you can run: +You could also use the Notary cli to list delegations and keys. Here you can +clearly see the keys were attached to `targets/releases` and `targets/jeff`. ``` -$ notary key import delegation.key --role user +$ notary delegation list dtr.example.com/admin/demo + +ROLE PATHS KEY IDS THRESHOLD +---- ----- ------- --------- +targets/jeff "" 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 1 + +targets/releases "" 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 1 ``` -where `delegation.key` is the file containing your PEM-encoded private key. +### Adding Additional Signers -After you have done so, running `docker push` on any repository that -includes your key in the `targets/releases` delegation automatically signs -tags using this imported key. +Docker Trust allows you to configure multiple delegations per repository, +allowing you to manage the lifecycle of delegations. When adding additional +delegations with `$ docker trust` the collaborators key is once again added to +the `targets/release` role. -## `docker push` behavior +> Note you will need the passphrase for the repository key, this would have been +> configured when you first initiated the repository. -When running `docker push` with Docker Content Trust, Docker Engine -attempts to sign and push with the `targets/releases` delegation if it exists. -If it does not, the targets key is used to sign the tag, if the key is available. +``` +$ docker trust signer add --key ben.pub ben dtr.example.com/admin/demo +Adding signer "ben" to dtr.example.com/admin/demo... +Enter passphrase for repository key with ID b0014f8: +Successfully added signer: ben to dtr.example.com/admin/demo +``` -## `docker pull` and `docker build` behavior +Check to prove that there are now 2 delegations (Signer). -When running `docker pull` or `docker build` with Docker Content Trust, Docker -Engine pulls tags only signed by the `targets/releases` delegation role or -the legacy tags that were signed directly with the `targets` key. +``` +$ docker trust inspect --pretty dtr.example.com/admin/demo + +No signatures for dtr.example.com/admin/demo + +List of signers and their keys for dtr.example.com/admin/demo + +SIGNER KEYS +ben afa404703b25 +jeff 1091060d7bfd + +Administrative keys for dtr.example.com/admin/demo + + Repository Key: b0014f8e4863df2d028095b74efcb05d872c3591de0af06652944e310d96598d + Root Key: 64d147e59e44870311dd2d80b9f7840039115ef3dfa5008127d769a5f657a5d7 +``` + +### Adding Keys to an Existing Delegation + +To support things like key rotation and expiring / retiring keys you can publish +multiple contributor keys per delegation. The only prerequisite here is to make +sure you use the same the delegation name, in this case `jeff`. Docker trust +will automatically handle adding this new key to `targets/releases`. + +> Note you will need the passphrase for the repository key, this would have been +> configured when you first initiated the repository. + +``` +$ docker trust signer add --key cert2.pem jeff dtr.example.com/admin/demo +Adding signer "jeff" to dtr.example.com/admin/demo... +Enter passphrase for repository key with ID b0014f8: +Successfully added signer: jeff to dtr.example.com/admin/demo +``` + +Check to prove that the delegation (Signer) now contains multiple Key IDs. + +``` +$ docker trust inspect --pretty dtr.example.com/admin/demo + +No signatures for dtr.example.com/admin/demo + + +List of signers and their keys for dtr.example.com/admin/demo + +SIGNER KEYS +jeff 1091060d7bfd, 5570b88df073 + +Administrative keys for dtr.example.com/admin/demo + + Repository Key: b0014f8e4863df2d028095b74efcb05d872c3591de0af06652944e310d96598d + Root Key: 64d147e59e44870311dd2d80b9f7840039115ef3dfa5008127d769a5f657a5d7 +``` + +### Removing a Delegation + +If you need to remove a delegation, including the contributor keys that are +attached to the `targets/releases` role, you can use the +`$ docker trust signer remove` command. + +> Note tags that were signed by the removed delegation will need to be resigned +> by an active delegation + +``` +$ docker trust signer remove dtr.example.com/admin/demo +Removing signer "ben" from dtr.example.com/admin/demo... +Enter passphrase for repository key with ID b0014f8: +Successfully removed ben from dtr.example.com/admin/demo +``` + +#### Troubleshooting + +1) If you see an error that there are no useable keys in `targets/releases`. You +will need to add additional delegations using `docker trust signer add` before +resigning images. + +``` +WARN[0000] role targets/releases has fewer keys than its threshold of 1; it will not be usable until keys are added to it +``` + +2) If you have added additional delegations already and are seeing an error +message that there are no valid signatures in `targest/releases`. You will need +to resign the `targets/releases` delegation file with the Notary Cli. + +``` +WARN[0000] Error getting targets/releases: valid signatures did not meet threshold for targets/releases +``` + +Resigning the delegation file is done with the `$ notary witness` command + +``` +$ notary witness dtr.example.com/admin/demo targets/releases --publish +``` + +More information on the `$ notary witness` command can be found +[here](https://github.com/theupdateframework/notary/blob/master/docs/advanced_usage.md#recovering-a-delegation) + +### Removing a Contributor's Key from a Delegation + +As part of rotating keys for a delegation, you may want to remove an individual +key but retain the delegation. This can be done with the Notary cli. + +Remember you will have to remove the key from both the `targets/releases` role +and the role specific to that signer `targets/`. + +1) We will need to grab the Key ID from the Notary Server + +``` +$ notary delegation list dtr.example.com/admin/demo + +ROLE PATHS KEY IDS THRESHOLD +---- ----- ------- --------- +targets/jeff "" 8fb597cbaf196f0781628b2f52bff6b3912e4e8075720378fda60d17232bbcf9 1 + 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 +targets/releases "" 8fb597cbaf196f0781628b2f52bff6b3912e4e8075720378fda60d17232bbcf9 1 + 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 +``` + +2) Remove from the `targets/releases` delegation + +``` +$ notary delegation remove dtr.example.com/admin/demo targets/targets 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 --publish +Auto-publishing changes to dtr.example.com/admin/demo +Enter username: admin +Enter password: +Enter passphrase for targets key with ID b0014f8: +Successfully published changes for repository dtr.example.com/admin/demo +``` + +3) Remove from the `targets/` delegation + +``` +$ notary delegation remove dtr.example.com/admin/demo targets/jeff 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 --publish + +Removal of delegation role targets/jeff with keys [5570b88df0736c468493247a07e235e35cf3641270c944d0e9e8899922fc6f99], to repository "dtr.example.com/admin/demo" staged for next publish. + +Auto-publishing changes to dtr.example.com/admin/demo +Enter username: admin +Enter password: +Enter passphrase for targets key with ID b0014f8: +Successfully published changes for repository dtr.example.com/admin/demo +``` + +4) Check the remaining delegation list + +``` +$ notary delegation list dtr.example.com/admin/demo + +ROLE PATHS KEY IDS THRESHOLD +---- ----- ------- --------- +targets/jeff "" 8fb597cbaf196f0781628b2f52bff6b3912e4e8075720378fda60d17232bbcf9 1 +targets/releases "" 8fb597cbaf196f0781628b2f52bff6b3912e4e8075720378fda60d17232bbcf9 1 +``` + +### Removing a local Delegation Private Key + +As part of rotating delegation keys, you may need to remove a local delegation +key from the local Docker trust store. This is done with the Notary cli, using +the `$ notary key remove` command. + +1) We will need to get the Key ID from the local Docker Trust store + +``` +$ notary key list + +ROLE GUN KEY ID LOCATION +---- --- ------ -------- +root f6c6a4b00fefd8751f86194c7d87a3bede444540eb3378c4a11ce10852ab1f96 /home/ubuntu/.docker/trust/private +admin 8fb597cbaf196f0781628b2f52bff6b3912e4e8075720378fda60d17232bbcf9 /home/ubuntu/.docker/trust/private +jeff 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 /home/ubuntu/.docker/trust/private +targets ...example.com/admin/demo c819f2eda8fba2810ec6a7f95f051c90276c87fddfc3039058856fad061c009d /home/ubuntu/.docker/trust/private +``` + +2) Remove the key from the local Docker Trust store + +``` +$ notary key remove 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 + +Are you sure you want to remove 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 (role jeff) from /home/ubuntu/.docker/trust/private? (yes/no) y + +Deleted 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 (role jeff) from /home/ubuntu/.docker/trust/private. +``` + +## Removing all trust data from a Repository + +You can remove all trust data from a repository, including repository, target, +snapshot and all delegations keys using the Notary cli. + +This is often required by a container registry before a particular repository +can be deleted. + +``` +$ notary delete dtr.example.com/admin/demo --remote +Deleting trust data for repository dtr.example.com/admin/demo +Enter username: admin +Enter password: +Successfully deleted local and remote trust data for repository dtr.example.com/admin/demo + +$ docker trust inspect --pretty dtr.example.com/admin/demo +No signatures or cannot access dtr.example.com/admin/demo +``` ## Related information From e65f62b894645a928c714d998694b86207789ba7 Mon Sep 17 00:00:00 2001 From: Olly P Date: Thu, 24 Jan 2019 15:50:55 +0000 Subject: [PATCH 203/361] Removing Syslog UI from UCP Docs as this feature has been EOLd --- _data/toc.yaml | 2 - .../configure/add-labels-to-cluster-nodes.md | 3 +- .../store-logs-in-an-external-system.md | 64 ------------------- 3 files changed, 2 insertions(+), 67 deletions(-) delete mode 100644 ee/ucp/admin/configure/store-logs-in-an-external-system.md diff --git a/_data/toc.yaml b/_data/toc.yaml index bcf7084e08..7b27b78e1f 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1190,8 +1190,6 @@ manuals: title: Run only the images you trust - path: /ee/ucp/admin/configure/set-session-timeout/ title: Set the user's session timeout - - path: /ee/ucp/admin/configure/store-logs-in-an-external-system/ - title: Store logs in an external system - path: /ee/ucp/admin/configure/ucp-configuration-file/ title: UCP configuration file - path: /ee/ucp/admin/configure/use-node-local-network-in-swarm/ diff --git a/ee/ucp/admin/configure/add-labels-to-cluster-nodes.md b/ee/ucp/admin/configure/add-labels-to-cluster-nodes.md index db98ffa057..e12b3e0255 100644 --- a/ee/ucp/admin/configure/add-labels-to-cluster-nodes.md +++ b/ee/ucp/admin/configure/add-labels-to-cluster-nodes.md @@ -142,4 +142,5 @@ You can add or remove deployment constraints on this page. ## Where to go next -- [Store logs in an external system](store-logs-in-an-external-system.md) +- [Collect UCP Cluster Metrics with Prometheus](collect-cluster-metrics.md) +- [Configure UCP Audit Logging](create-audit-logs.md) \ No newline at end of file diff --git a/ee/ucp/admin/configure/store-logs-in-an-external-system.md b/ee/ucp/admin/configure/store-logs-in-an-external-system.md deleted file mode 100644 index a6acf0cd9b..0000000000 --- a/ee/ucp/admin/configure/store-logs-in-an-external-system.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Configure UCP logging -description: Learn how to configure Docker Universal Control Plane to store your logs - on an external log system and configure appropriate log levels. -keywords: ucp, integrate, logs ---- - -You can configure UCP's log level and destination for sending logs to a remote logging service: - -1. Log in to UCP with an administrator account. -2. Navigate to the **Admin Settings** page. -3. Set the information about your logging server, and click - **Save**. - -![](../../images/configure-logs-1.png){: .with-border} - -> External system for logs -> -> Administrators should configure Docker EE to store logs using an external -> system. By default, the Docker daemon doesn't delete logs, which means that -> in a production system with intense usage, your logs can consume a -> significant amount of disk space, especially when configured at DEBUG level. -{: .important} - -## Example: Setting up an ELK stack - -One popular logging stack is composed of Elasticsearch, Logstash, and -Kibana. The following example demonstrates how to set up an example -deployment which can be used for logging. - -```none -docker volume create --name orca-elasticsearch-data - -docker container run -d \ - --name elasticsearch \ - -v orca-elasticsearch-data:/usr/share/elasticsearch/data \ - elasticsearch elasticsearch -Enetwork.host=0.0.0.0 - -docker container run -d \ - -p 514:514 \ - --name logstash \ - --link elasticsearch:es \ - logstash \ - sh -c "logstash -e 'input { syslog { } } output { stdout { } elasticsearch { hosts => [ \"es\" ] } } filter { json { source => \"message\" } }'" - -docker container run -d \ - --name kibana \ - --link elasticsearch:elasticsearch \ - -p 5601:5601 \ - kibana -``` - -Once you have these containers running, configure UCP to send logs to -the IP of the Logstash container. You can then browse to port 5601 on the system -running Kibana and browse log/event entries. You should specify the "time" -field for indexing. - -When deployed in a production environment, you should secure your ELK -stack. UCP does not do this itself, but there are a number of 3rd party -options that can accomplish this, like the Shield plug-in for Kibana. - -## Where to go next - -- [Restrict services to worker nodes](restrict-services-to-worker-nodes.md) From 39aa4756cddc0a80c542747bc0998ea2c87df917 Mon Sep 17 00:00:00 2001 From: L-Hudson <44844738+L-Hudson@users.noreply.github.com> Date: Thu, 24 Jan 2019 14:48:31 -0500 Subject: [PATCH 204/361] Update build_enhancements.md editorial crx --- develop/develop-images/build_enhancements.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/develop/develop-images/build_enhancements.md b/develop/develop-images/build_enhancements.md index 9e8a60bbd0..cfcd3a8b9b 100644 --- a/develop/develop-images/build_enhancements.md +++ b/develop/develop-images/build_enhancements.md @@ -193,7 +193,7 @@ $ docker build --ssh default . ## Troubleshooting : issues with private registries #### x509: certificate signed by unknown authority -If you are fetching images from insecure registry (with self-signed certificates) and/or using such aa registry as a mirror, you are facing a known issue in Docker 18.09 : +If you are fetching images from insecure registry (with self-signed certificates) and/or using such a registry as a mirror, you are facing a known issue in Docker 18.09 : ``` [+] Building 0.4s (3/3) FINISHED => [internal] load build definition from Dockerfile @@ -211,7 +211,7 @@ Solution : secure your registry properly. You can get SSL certificates from Let' #### image not found when the private registry is running on Sonatype Nexus version < 3.15 -If you are running a privatee registry using Sonatype Nexus version < 3.15, and receive an error similar to the following : +If you are running a private registry using Sonatype Nexus version < 3.15, and receive an error similar to the following : ``` ------ > [internal] load metadata for docker.io/library/maven:3.5.3-alpine: From ede978834f23d500604e45e6b6a6cfe0b66c789b Mon Sep 17 00:00:00 2001 From: Eric Smalling Date: Thu, 24 Jan 2019 14:12:45 -0600 Subject: [PATCH 205/361] Remove upstream TLS labels Per @ehazlett , upstream TLS labels are not implemented yet in UCP 3.0 or 3.1 --- ee/ucp/interlock/usage/labels-reference.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/ee/ucp/interlock/usage/labels-reference.md b/ee/ucp/interlock/usage/labels-reference.md index 263c055286..51381ce142 100644 --- a/ee/ucp/interlock/usage/labels-reference.md +++ b/ee/ucp/interlock/usage/labels-reference.md @@ -23,8 +23,6 @@ The following labels are available for you to use in swarm services: | `com.docker.lb.ssl_key` | Docker secret to use for the SSL key. | `example.com.key` | | `com.docker.lb.websocket_endpoints` | Comma separated list of endpoints to configure to be upgraded for websockets. | `/ws,/foo` | | `com.docker.lb.service_cluster` | Name of the service cluster to use for the application. | `us-east` | -| `com.docker.lb.ssl_backend` | Enable SSL communication to the upstreams. | `true` | -| `com.docker.lb.ssl_backend_tls_verify` | Verification mode for the upstream TLS. | `none` | | `com.docker.lb.sticky_session_cookie` | Cookie to use for sticky sessions. | `none` | | `com.docker.lb.redirects` | Semi-colon separated list of redirects to add in the format of `,`. Example: `http://old.example.com,http://new.example.com;` | `none` | | `com.docker.lb.ssl_passthrough` | Enable SSL passthrough. | `false` | From 9c8dc628105ebb7af1f0977cab210c9544697455 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Thu, 24 Jan 2019 17:05:48 -0500 Subject: [PATCH 206/361] Update service-clusters.md --- ee/ucp/interlock/usage/service-clusters.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/ee/ucp/interlock/usage/service-clusters.md b/ee/ucp/interlock/usage/service-clusters.md index 837a6c0663..ddceb26a5c 100644 --- a/ee/ucp/interlock/usage/service-clusters.md +++ b/ee/ucp/interlock/usage/service-clusters.md @@ -45,7 +45,7 @@ map[nodetype:loadbalancer region:us-west] Next, we will create a configuration object for Interlock that contains multiple extensions with varying service clusters: ```bash -$> cat << EOF | docker config create com.docker.ucp.interlock.conf-1 - +$> cat << EOF | docker config create com.docker.ucp.interlock.service-clusters.conf-1 - ListenAddr = ":8080" DockerURL = "unix:///var/run/docker.sock" PollInterval = "3s" @@ -115,7 +115,11 @@ Next we will create a dedicated network for Interlock and the extensions: $> docker network create -d overlay ucp-interlock ``` -Now we can create the Interlock service: +Now we can create the Interlock service. + +Important: The `--name` value specified in the following code sample applies to UCP versions 3.0.10 and later, and versions 3.1.4 and later. + +If you are working with UCP version 3.0.0 - 3.0.9 or 3.1.0 - 3.1.3, specify `--name ucp-interlock-service-clusters`. ```bash $> docker service create \ @@ -123,7 +127,7 @@ $> docker service create \ --mount src=/var/run/docker.sock,dst=/var/run/docker.sock,type=bind \ --network ucp-interlock \ --constraint node.role==manager \ - --config src=com.docker.ucp.interlock.conf-1,target=/config.toml \ + --config src=com.docker.ucp.interlock.service-clusters.conf-1,target=/config.toml \ {{ page.ucp_org }}/ucp-interlock:{{ page.ucp_version }} run -c /config.toml sjpgq7h621exno6svdnsvpv9z ``` From a92d1b85c0c6f6277e0cd7492c300d69e1acdea2 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Thu, 24 Jan 2019 17:45:18 -0500 Subject: [PATCH 207/361] Update service-clusters.md --- ee/ucp/interlock/usage/service-clusters.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/ee/ucp/interlock/usage/service-clusters.md b/ee/ucp/interlock/usage/service-clusters.md index ddceb26a5c..6f8010e557 100644 --- a/ee/ucp/interlock/usage/service-clusters.md +++ b/ee/ucp/interlock/usage/service-clusters.md @@ -42,10 +42,14 @@ map[nodetype:loadbalancer region:us-west] {% endraw %} ``` -Next, we will create a configuration object for Interlock that contains multiple extensions with varying service clusters: +Next, we will create a configuration object for Interlock that contains multiple extensions with varying service clusters. + +Important: The configuration object specified in the following code sample applies to UCP versions 3.0.10 and later, and versions 3.1.4 and later. + +If you are working with UCP version 3.0.0 - 3.0.9 or 3.1.0 - 3.1.3, specify `com.docker.ucp.interlock.service-clusters.conf`. ```bash -$> cat << EOF | docker config create com.docker.ucp.interlock.service-clusters.conf-1 - +$> cat << EOF | docker config create com.docker.ucp.interlock.conf-1 - ListenAddr = ":8080" DockerURL = "unix:///var/run/docker.sock" PollInterval = "3s" @@ -117,9 +121,9 @@ $> docker network create -d overlay ucp-interlock Now we can create the Interlock service. -Important: The `--name` value specified in the following code sample applies to UCP versions 3.0.10 and later, and versions 3.1.4 and later. +Important: The `--name` value and configuration object specified in the following code sample applies to UCP versions 3.0.10 and later, and versions 3.1.4 and later. -If you are working with UCP version 3.0.0 - 3.0.9 or 3.1.0 - 3.1.3, specify `--name ucp-interlock-service-clusters`. +If you are working with UCP version 3.0.0 - 3.0.9 or 3.1.0 - 3.1.3, specify `--name ucp-interlock-service-clusters` and `src=com.docker.ucp.interlock.service-clusters.conf-1` . ```bash $> docker service create \ @@ -127,7 +131,7 @@ $> docker service create \ --mount src=/var/run/docker.sock,dst=/var/run/docker.sock,type=bind \ --network ucp-interlock \ --constraint node.role==manager \ - --config src=com.docker.ucp.interlock.service-clusters.conf-1,target=/config.toml \ + --config src=com.docker.ucp.interlock.conf-1,target=/config.toml \ {{ page.ucp_org }}/ucp-interlock:{{ page.ucp_version }} run -c /config.toml sjpgq7h621exno6svdnsvpv9z ``` From 3ac7303c6ab1685e44295eed6e99ae030f0a8300 Mon Sep 17 00:00:00 2001 From: Trapier Marshall Date: Thu, 24 Jan 2019 19:09:06 -0500 Subject: [PATCH 208/361] ucp: auth store reconfigure update output --- .../monitor-and-troubleshoot/troubleshoot-configurations.md | 4 ++-- .../monitor-and-troubleshoot/troubleshoot-configurations.md | 4 ++-- .../monitor-and-troubleshoot/troubleshoot-configurations.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-configurations.md b/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-configurations.md index 0b71cd12b4..0d66fd5452 100644 --- a/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-configurations.md +++ b/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-configurations.md @@ -137,8 +137,8 @@ docker container run --rm -v ucp-auth-store-certs:/tls docker/ucp-auth:${VERSION time="2017-07-14T20:46:09Z" level=debug msg="Connecting to db ..." time="2017-07-14T20:46:09Z" level=debug msg="connecting to DB Addrs: [192.168.1.25:12383]" time="2017-07-14T20:46:09Z" level=debug msg="Reconfiguring number of replicas to 1" -time="2017-07-14T20:46:09Z" level=debug msg="(00/16) Emergency Repairing Tables..." -time="2017-07-14T20:46:09Z" level=debug msg="(01/16) Emergency Repaired Table \"grant_objects\"" +time="2017-07-14T20:46:09Z" level=debug msg="(00/16) Reconfiguring Table Replication..." +time="2017-07-14T20:46:09Z" level=debug msg="(01/16) Reconfigured Replication of Table \"grant_objects\"" ... ``` {% endraw %} diff --git a/datacenter/ucp/3.0/guides/admin/monitor-and-troubleshoot/troubleshoot-configurations.md b/datacenter/ucp/3.0/guides/admin/monitor-and-troubleshoot/troubleshoot-configurations.md index 345d306a0d..90dd46ba0a 100644 --- a/datacenter/ucp/3.0/guides/admin/monitor-and-troubleshoot/troubleshoot-configurations.md +++ b/datacenter/ucp/3.0/guides/admin/monitor-and-troubleshoot/troubleshoot-configurations.md @@ -137,8 +137,8 @@ docker container run --rm -v ucp-auth-store-certs:/tls docker/ucp-auth:${VERSION time="2017-07-14T20:46:09Z" level=debug msg="Connecting to db ..." time="2017-07-14T20:46:09Z" level=debug msg="connecting to DB Addrs: [192.168.1.25:12383]" time="2017-07-14T20:46:09Z" level=debug msg="Reconfiguring number of replicas to 1" -time="2017-07-14T20:46:09Z" level=debug msg="(00/16) Emergency Repairing Tables..." -time="2017-07-14T20:46:09Z" level=debug msg="(01/16) Emergency Repaired Table \"grant_objects\"" +time="2017-07-14T20:46:09Z" level=debug msg="(00/16) Reconfiguring Table Replication..." +time="2017-07-14T20:46:09Z" level=debug msg="(01/16) Reconfigured Replication of Table \"grant_objects\"" ... ``` {% endraw %} diff --git a/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-configurations.md b/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-configurations.md index 31afa597f2..a388121278 100644 --- a/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-configurations.md +++ b/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-configurations.md @@ -137,8 +137,8 @@ docker container run --rm -v ucp-auth-store-certs:/tls docker/ucp-auth:${VERSION time="2017-07-14T20:46:09Z" level=debug msg="Connecting to db ..." time="2017-07-14T20:46:09Z" level=debug msg="connecting to DB Addrs: [192.168.1.25:12383]" time="2017-07-14T20:46:09Z" level=debug msg="Reconfiguring number of replicas to 1" -time="2017-07-14T20:46:09Z" level=debug msg="(00/16) Emergency Repairing Tables..." -time="2017-07-14T20:46:09Z" level=debug msg="(01/16) Emergency Repaired Table \"grant_objects\"" +time="2017-07-14T20:46:09Z" level=debug msg="(00/16) Reconfiguring Table Replication..." +time="2017-07-14T20:46:09Z" level=debug msg="(01/16) Reconfigured Replication of Table \"grant_objects\"" ... {% endraw %} ``` From af29948b200d03f0053680917f1aa39d62dd89b8 Mon Sep 17 00:00:00 2001 From: Ming He Date: Thu, 24 Jan 2019 19:11:21 -0800 Subject: [PATCH 209/361] Update hub auto build doc Hub backend dose not support `Create multiple Docker tags from a single build`. Take it off from the docs. Already received several issues asking about why it is not working according to the doc. --- docker-hub/builds/index.md | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/docker-hub/builds/index.md b/docker-hub/builds/index.md index e97886ae99..e773c20e8e 100644 --- a/docker-hub/builds/index.md +++ b/docker-hub/builds/index.md @@ -292,25 +292,6 @@ You could also use capture groups to build and label images that come from vario `/(alice|bob)-v([0-9.]+)/` --> -### Create multiple Docker tags from a single build - -By default, each build rule builds a source branch or tag into a Docker image, -and then tags that image with a single tag. However, you can also create several -tagged Docker images from a single build rule. - -To create multiple tags from a single build rule, enter a comma-separated list -of tags in the **Docker tag** field in the build rule. If an image with that tag -already exists, Docker Hub overwrites the image when the build completes -successfully. If you have automated tests configured, the build must pass these -tests as well before the image is overwritten. You can use both regex references -and plain text values in this field simultaneously. - -For example if you want to update the image tagged with `latest` at the same -time as you a tag an image for a specific version, you could enter -`{sourceref},latest` in the Docker Tag field. - -If you need to update a tag _in another repository_, use [a post_build hook](advanced.md#push-to-multiple-repos) to push to a second repository. - ## Build repositories with linked private submodules Docker Hub sets up a deploy key in your source code repository that allows it From 61be95d7f6afd5c74997aff23efa7cc017ef2b1b Mon Sep 17 00:00:00 2001 From: "Jan Vaehsen (Windows)" Date: Fri, 25 Jan 2019 13:10:06 +0100 Subject: [PATCH 210/361] add documentation for NO_PROXY var in systemd config --- config/daemon/systemd.md | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/config/daemon/systemd.md b/config/daemon/systemd.md index 77d578e7b8..2cc2608c57 100644 --- a/config/daemon/systemd.md +++ b/config/daemon/systemd.md @@ -96,24 +96,34 @@ you need to add this configuration in the Docker systemd service file. ``` 3. If you have internal Docker registries that you need to contact without - proxying you can specify them via the `NO_PROXY` environment variable: + proxying you can specify them via the `NO_PROXY` environment variable. + The `NO_PROXY` variable specifies a string that contains comma-separated values for hosts that should be excluded from proxying. + These are the options you have to specify the excluded hosts: + * IP address prefix (`1.2.3.4`) or in CIDR notation (`1.2.3.4/8`) + * Domain name, or a special DNS label (`*`) + * A domain name matches that name and all subdomains. A domain name with + a leading "." matches subdomains only. Example: + ``` + Given the domains foo.example.com and example.com. + "foo.com" matches "foo.com" and "bar.foo.com" + ".foo.com" mataches only "bar.foo.com" + ``` + * A single asterisk (*) indicates that no proxying should be done + * Literal port numbers are accepted by IP address prefixes (`1.2.3.4:80`) and domain names (`foo.example.com:80`) + + Config examples: + ```conf [Service] - Environment="HTTP_PROXY=http://proxy.example.com:80/" "NO_PROXY=localhost,127.0.0.1,docker-registry.somecorporation.com" + Environment="HTTP_PROXY=http://proxy.example.com:80/" "NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp" ``` Or, if you are behind an HTTPS proxy server: ```conf [Service] - Environment="HTTPS_PROXY=https://proxy.example.com:443/" "NO_PROXY=localhost,127.0.0.1,docker-registry.somecorporation.com" - ``` - - The NO_PROXY variable accepts wildcards. You just need to have a value starting with a dot: - ```conf - [Service] - Environment="HTTPS_PROXY=https://proxy.example.com:443/" "NO_PROXY=localhost,127.0.0.1,.somecorporation.com" + Environment="HTTPS_PROXY=https://proxy.example.com:443/" "NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp" ``` 4. Flush changes: From e56d0543c860b7f3a30f829a643b7365d8f2eb3d Mon Sep 17 00:00:00 2001 From: Olly P Date: Fri, 25 Jan 2019 12:54:29 +0000 Subject: [PATCH 211/361] Added User Permission note to Promotions --- ee/dtr/user/promotion-policies/internal-promotion.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ee/dtr/user/promotion-policies/internal-promotion.md b/ee/dtr/user/promotion-policies/internal-promotion.md index 36b31da88c..d238e312da 100644 --- a/ee/dtr/user/promotion-policies/internal-promotion.md +++ b/ee/dtr/user/promotion-policies/internal-promotion.md @@ -31,6 +31,11 @@ Once you've [created the repository](../manage-images/index.md), navigate to the repository page on the DTR web interface, and select the **Promotions** tab. +> Only administrators can globally create and edit promotion policies. By default +> users can only create and edit promotion policies on repositories within their +> user namespace. For more information on user permissions head to +> [Authorization and Authorization](../../admin/manage-users/). + ![repository policies](../../images/internal-promotion-2.png){: .with-border} Click **New promotion policy**, and define the image promotion criteria. From d38627d05a70b62e2d51496621ed90f1c404f5cb Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 25 Jan 2019 14:43:49 +0100 Subject: [PATCH 212/361] Update config/daemon/systemd.md Co-Authored-By: ChaosGramer --- config/daemon/systemd.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/config/daemon/systemd.md b/config/daemon/systemd.md index 2cc2608c57..c46abef54a 100644 --- a/config/daemon/systemd.md +++ b/config/daemon/systemd.md @@ -98,7 +98,19 @@ you need to add this configuration in the Docker systemd service file. 3. If you have internal Docker registries that you need to contact without proxying you can specify them via the `NO_PROXY` environment variable. - The `NO_PROXY` variable specifies a string that contains comma-separated values for hosts that should be excluded from proxying. + The `NO_PROXY` variable specifies a string that contains comma-separated + values for hosts that should be excluded from proxying. These are the + options you can specify to exclude hosts: + * IP address prefix (`1.2.3.4`) or in CIDR notation (`1.2.3.4/8`) + * Domain name, or a special DNS label (`*`) + * A domain name matches that name and all subdomains. A domain name with + a leading "." matches subdomains only. For example, given the domains + `foo.example.com` and `example.com`; + * `example.com` matches `example.com` and `foo.example.com`, and + * `.example.com` matches only `foo.example.com` + * A single asterisk (`*`) indicates that no proxying should be done + * Literal port numbers are accepted by IP address prefixes (`1.2.3.4:80`) + and domain names (`foo.example.com:80`) These are the options you have to specify the excluded hosts: * IP address prefix (`1.2.3.4`) or in CIDR notation (`1.2.3.4/8`) * Domain name, or a special DNS label (`*`) From 46f76f241ec9cbac543c42f5863dbce24848f932 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 25 Jan 2019 14:44:13 +0100 Subject: [PATCH 213/361] Update config/daemon/systemd.md Co-Authored-By: ChaosGramer --- config/daemon/systemd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/daemon/systemd.md b/config/daemon/systemd.md index c46abef54a..d9abe05b62 100644 --- a/config/daemon/systemd.md +++ b/config/daemon/systemd.md @@ -121,7 +121,7 @@ you need to add this configuration in the Docker systemd service file. "foo.com" matches "foo.com" and "bar.foo.com" ".foo.com" mataches only "bar.foo.com" ``` - * A single asterisk (*) indicates that no proxying should be done + * A single asterisk (`*`) indicates that no proxying should be done * Literal port numbers are accepted by IP address prefixes (`1.2.3.4:80`) and domain names (`foo.example.com:80`) Config examples: From 71e41e3d95d6063ce23f219a281e329158d68d80 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 25 Jan 2019 14:44:20 +0100 Subject: [PATCH 214/361] Update config/daemon/systemd.md Co-Authored-By: ChaosGramer --- config/daemon/systemd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/daemon/systemd.md b/config/daemon/systemd.md index d9abe05b62..72038ecec9 100644 --- a/config/daemon/systemd.md +++ b/config/daemon/systemd.md @@ -111,7 +111,7 @@ you need to add this configuration in the Docker systemd service file. * A single asterisk (`*`) indicates that no proxying should be done * Literal port numbers are accepted by IP address prefixes (`1.2.3.4:80`) and domain names (`foo.example.com:80`) - These are the options you have to specify the excluded hosts: + These are the options you can specify to exclude hosts: * IP address prefix (`1.2.3.4`) or in CIDR notation (`1.2.3.4/8`) * Domain name, or a special DNS label (`*`) * A domain name matches that name and all subdomains. A domain name with From 9edcd49141711b6b8c2f1dff3487d6b16945f311 Mon Sep 17 00:00:00 2001 From: "Jan Vaehsen (Windows)" Date: Fri, 25 Jan 2019 15:17:28 +0100 Subject: [PATCH 215/361] resolve suggestion conflict --- config/daemon/systemd.md | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/config/daemon/systemd.md b/config/daemon/systemd.md index 72038ecec9..57d7863603 100644 --- a/config/daemon/systemd.md +++ b/config/daemon/systemd.md @@ -105,24 +105,12 @@ you need to add this configuration in the Docker systemd service file. * Domain name, or a special DNS label (`*`) * A domain name matches that name and all subdomains. A domain name with a leading "." matches subdomains only. For example, given the domains - `foo.example.com` and `example.com`; + `foo.example.com` and `example.com`: * `example.com` matches `example.com` and `foo.example.com`, and * `.example.com` matches only `foo.example.com` * A single asterisk (`*`) indicates that no proxying should be done * Literal port numbers are accepted by IP address prefixes (`1.2.3.4:80`) and domain names (`foo.example.com:80`) - These are the options you can specify to exclude hosts: - * IP address prefix (`1.2.3.4`) or in CIDR notation (`1.2.3.4/8`) - * Domain name, or a special DNS label (`*`) - * A domain name matches that name and all subdomains. A domain name with - a leading "." matches subdomains only. Example: - ``` - Given the domains foo.example.com and example.com. - "foo.com" matches "foo.com" and "bar.foo.com" - ".foo.com" mataches only "bar.foo.com" - ``` - * A single asterisk (`*`) indicates that no proxying should be done - * Literal port numbers are accepted by IP address prefixes (`1.2.3.4:80`) and domain names (`foo.example.com:80`) Config examples: From de08e26a236099476546187ea8611dce0820c9a0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 25 Jan 2019 16:56:21 +0100 Subject: [PATCH 216/361] Add missing stubs for "docker engine" subcommands Signed-off-by: Sebastiaan van Stijn --- _data/toc.yaml | 10 ++++++++++ engine/reference/commandline/engine.md | 15 +++++++++++++++ engine/reference/commandline/engine_activate.md | 15 +++++++++++++++ engine/reference/commandline/engine_check.md | 15 +++++++++++++++ engine/reference/commandline/engine_update.md | 15 +++++++++++++++ 5 files changed, 70 insertions(+) create mode 100644 engine/reference/commandline/engine.md create mode 100644 engine/reference/commandline/engine_activate.md create mode 100644 engine/reference/commandline/engine_check.md create mode 100644 engine/reference/commandline/engine_update.md diff --git a/_data/toc.yaml b/_data/toc.yaml index 7b27b78e1f..419588ec09 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -630,6 +630,16 @@ reference: title: docker export - path: /engine/reference/commandline/history/ title: docker history + - sectiontitle: docker engine * + section: + - path: /engine/reference/commandline/engine/ + title: docker engine + - path: /engine/reference/commandline/engine_activate/ + title: docker engine activate + - path: /engine/reference/commandline/engine_check/ + title: docker engine check + - path: /engine/reference/commandline/engine_update/ + title: docker engine update - sectiontitle: docker image * section: - path: /engine/reference/commandline/image/ diff --git a/engine/reference/commandline/engine.md b/engine/reference/commandline/engine.md new file mode 100644 index 0000000000..e28feb22ef --- /dev/null +++ b/engine/reference/commandline/engine.md @@ -0,0 +1,15 @@ +--- +datafolder: engine-cli +datafile: docker_engine +title: docker engine +--- + + + +{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/engine/reference/commandline/engine_activate.md b/engine/reference/commandline/engine_activate.md new file mode 100644 index 0000000000..bc4a8cc9f6 --- /dev/null +++ b/engine/reference/commandline/engine_activate.md @@ -0,0 +1,15 @@ +--- +datafolder: engine-cli +datafile: docker_engine_activate +title: docker engine activate +--- + + + +{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/engine/reference/commandline/engine_check.md b/engine/reference/commandline/engine_check.md new file mode 100644 index 0000000000..e8de2c9dfb --- /dev/null +++ b/engine/reference/commandline/engine_check.md @@ -0,0 +1,15 @@ +--- +datafolder: engine-cli +datafile: docker_engine_check +title: docker engine check +--- + + + +{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/engine/reference/commandline/engine_update.md b/engine/reference/commandline/engine_update.md new file mode 100644 index 0000000000..79edccf5da --- /dev/null +++ b/engine/reference/commandline/engine_update.md @@ -0,0 +1,15 @@ +--- +datafolder: engine-cli +datafile: docker_engine_update +title: docker engine update +--- + + + +{% include cli.md datafolder=page.datafolder datafile=page.datafile %} From cbb4db6370fc013892e6629afb3fa79e6c19bb0e Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Fri, 25 Jan 2019 09:35:04 -0700 Subject: [PATCH 217/361] Update ubuntu.md Fixed formatting and wording. --- install/linux/docker-ce/ubuntu.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index 5725f9aeb2..f027841a4f 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -55,7 +55,8 @@ networks, are preserved. The Docker CE package is now called `docker-ce`. ### Supported storage drivers Docker CE on Ubuntu supports `overlay2`, `aufs` and `btrfs` storage drivers. -Please note, however, that in Docker EE `btrfs` is only supported on SLES (see [btrfs](/engine/userguide/storagedriver/btrfs-driver.md)). +> *** Note: *** In Docker Engine - Enterprise, `btrfs` is only supported on SLES. See the documentation on +> [btrfs](/engine/userguide/storagedriver/btrfs-driver.md) for more details. - For new installations on version 4 and higher of the Linux kernel, `overlay2` is supported and preferred over `aufs`. From 15c8663f0b644178a662afb6953df5bde375182a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 25 Jan 2019 17:41:09 +0100 Subject: [PATCH 218/361] Fix missing .0 in engine version release notes Signed-off-by: Sebastiaan van Stijn --- engine/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index bb46be7767..2ab6a84992 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -63,7 +63,7 @@ consistency and compatibility reasons. ### Known Issues * When upgrading from 18.09.0 to 18.09.1, `containerd` is not upgraded to the correct version on Ubuntu. [Learn more](https://success.docker.com/article/error-upgrading-to-engine-18091-with-containerd). -## 18.09 +## 18.09.0 2018-11-08 ### New features for Docker Engine EE From a9c6272c4a0e5dd136cbbdd7ad6e14d656c31f0d Mon Sep 17 00:00:00 2001 From: Darwin Traver Date: Fri, 25 Jan 2019 12:03:22 -0500 Subject: [PATCH 219/361] Setting execute bit for calicoctl --- ee/ucp/kubernetes/install-cni-plugin.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/ucp/kubernetes/install-cni-plugin.md b/ee/ucp/kubernetes/install-cni-plugin.md index 554c754969..d91f19981f 100644 --- a/ee/ucp/kubernetes/install-cni-plugin.md +++ b/ee/ucp/kubernetes/install-cni-plugin.md @@ -76,7 +76,7 @@ commands on the Kubernetes master node to disable IPIP overlay tunneling. docker exec -it $(docker ps --filter name=k8s_calico-kube-controllers_calico-kube-controllers -q) sh # Download calicoctl -wget https://github.com/projectcalico/calicoctl/releases/download/v3.1.1/calicoctl +wget https://github.com/projectcalico/calicoctl/releases/download/v3.1.1/calicoctl && chmod +x calicoctl # Get the IP pool configuration. ./calicoctl get ippool -o yaml > ippool.yaml From 333a7600b0f3521c8ad92cdab4680867a9b5fa49 Mon Sep 17 00:00:00 2001 From: L-Hudson <44844738+L-Hudson@users.noreply.github.com> Date: Fri, 25 Jan 2019 13:02:15 -0500 Subject: [PATCH 220/361] Update content_trust.md editorial crx --- engine/security/trust/content_trust.md | 44 +++++++++++++------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/engine/security/trust/content_trust.md b/engine/security/trust/content_trust.md index a9506b5c1c..1ef17a42de 100644 --- a/engine/security/trust/content_trust.md +++ b/engine/security/trust/content_trust.md @@ -12,14 +12,14 @@ public or private registry. Content trust gives you the ability to verify both the integrity and the publisher of all the data received from a registry over any channel. -## About trust in Docker +## About Docker Content Trust (DCT) Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags. -Through DCT image publishers can sign their images and image consumers can +Through DCT, image publishers can sign their images and image consumers can ensure that the images they use are signed. Publishers could be be individuals or organizations manually signing their content or automated software supply chains signing content as part of their release process. @@ -69,7 +69,7 @@ To the consumer who has not enabled DCT, nothing about how they work with Docker images changes. Every image is visible regardless of whether it is signed or not. -### Docker Content Trust keys +### Docker Content Trust Keys Trust for an image tag is managed through the use of signing keys. A key set is created when an operation using DCT is first invoked. A key set consists @@ -92,7 +92,7 @@ The following image depicts the various signing keys and their relationships: >tag from this repository prior to the loss. {:.warning} -You should backup the root key somewhere safe. Given that it is only required +You should back up the root key somewhere safe. Given that it is only required to create new repositories, it is a good idea to store it offline in hardware. For details on securing, and backing up your keys, make sure you read how to [manage keys for DCT](trust_key_mng.md). @@ -108,20 +108,20 @@ set, more information on Notary can be found [here](/notary/getting_started/). A prerequisite for signing an image is a Docker Registry with a Notary server attached (Such as the Docker Hub or Docker Trusted Registry). Instructions for -standing up a self hosted environment can be found [here](/engine/security/trust/deploying_notary/). +standing up a self-hosted environment can be found [here](/engine/security/trust/deploying_notary/). -Secondly to sign a Docker Image you will need a delegation key pair. These keys -can either be generated locally using `$ docker trust key generate`, generated -by a certificate authority, or alternatively if you are using Docker Enterprise's -Universal Control Plane, a user's Client Bundle provides adequate keys for a +To sign a Docker Image you will need a delegation key pair. These keys +can be generated locally using `$ docker trust key generate`, generated +by a certificate authority, or if you are using Docker Enterprise's +Universal Control Plane (UCP), a user's Client Bundle provides adequate keys for a delegation. Find more information on Delegation Keys [here](trust_delegation/#creating-delegation-keys). -First we will add the delegation private key to the local docker trust +First we will add the delegation private key to the local Docker trust repository. (By default this is stored in `~/.docker/trust/`). If you are -generating delegation key's with `$ docker trust key generate`, the private key -is automatically added to the local trust store. If you are importing a seperate -key, such as one from the Universal Control Plane you will need to use the +generating delegation keys with `$ docker trust key generate`, the private key +is automatically added to the local trust store. If you are importing a separate +key, such as one from the UCP you will need to use the `$ docker trust key load` command. ``` @@ -142,12 +142,12 @@ Repeat passphrase for new jeff key with ID 8ae710e: Successfully imported key from key.pem ``` -Next we will need to add the delegation public key to the Notary server, -this is specific to a particular image repository, in Notary known as a Global +Next we will need to add the delegation public key to the Notary server; +this is specific to a particular image repository in Notary known as a Global Unique Name (GUN). If this is the first time you are adding a delegation to that repository, this command will also initiate the repository, using a local Notary canonical root key. To understand more about initiating a repository, and the -role of delegations head to +role of delegations, head to [delegations for content trust](trust_delegation/#managing-delegations-in-a-notary-server) ``` @@ -157,7 +157,7 @@ Enter passphrase for new repository key with ID 10b5e94: ``` -Finally we will use the delegation private key to sign a particular tag and +Finally, we will use the delegation private key to sign a particular tag and push it up to the registry. ``` @@ -171,7 +171,7 @@ Enter passphrase for signer key with ID 8ae710e: Successfully signed dtr.example.com/admin/demo:1 ``` -Alternatively, once the key's have been imported an image can be pushed with the +Alternatively, once the keys have been imported an image can be pushed with the `$ docker push` command, by exporting the DCT environmental variable. ``` @@ -274,7 +274,7 @@ verified successfully will not be pulled or run. All official Docker library images found on the Docker Hub (docker.io/library/*) are signed by the same Notary root key. This root key's ID has been embedded -inside of the Docker Enterprise Engine. Therefore to enforce that only official +inside of the Docker Enterprise Engine. Therefore, to enforce that, only official Docker images can be used. Specify: ``` @@ -322,11 +322,11 @@ $ grep -r "root" ~/.docker/trust/private ``` * Notary Root key ID (DCT Certificate ID) is an ID that describes the same, but -the ID is unique per repository. i.e `mydtr/user1/image1` and `mydtr/usr1/image2` -will have unique certificate IDs. A certificate ID can be retrieved via a +the ID is unique per repository. For example, `mydtr/user1/image1` and `mydtr/usr1/image2` +will have unique certificate IDs. A certificate ID can be retrieved throughz a `$ docker trust inspect` command and is labelled as a root-key (referring back to the Notary key name). This is designed for when different users are signing -their own repositories, i.e. there is no central signing server. As a cert-id +their own repositories, for example, when there is no central signing server. As a cert-id is more granular, it would take priority if a conflict occurs over a root ID. ``` From 111d449d817f26160b3136e778b3bd7b9ad87168 Mon Sep 17 00:00:00 2001 From: L-Hudson <44844738+L-Hudson@users.noreply.github.com> Date: Fri, 25 Jan 2019 13:04:21 -0500 Subject: [PATCH 221/361] Update content_trust.md editorial crx --- engine/security/trust/content_trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/security/trust/content_trust.md b/engine/security/trust/content_trust.md index 1ef17a42de..330a702d57 100644 --- a/engine/security/trust/content_trust.md +++ b/engine/security/trust/content_trust.md @@ -323,7 +323,7 @@ $ grep -r "root" ~/.docker/trust/private * Notary Root key ID (DCT Certificate ID) is an ID that describes the same, but the ID is unique per repository. For example, `mydtr/user1/image1` and `mydtr/usr1/image2` -will have unique certificate IDs. A certificate ID can be retrieved throughz a +will have unique certificate IDs. A certificate ID can be retrieved through a `$ docker trust inspect` command and is labelled as a root-key (referring back to the Notary key name). This is designed for when different users are signing their own repositories, for example, when there is no central signing server. As a cert-id From 72d0db272deefe9f35630696fb0f7acec1163dd0 Mon Sep 17 00:00:00 2001 From: Darwin Traver Date: Fri, 25 Jan 2019 13:11:28 -0500 Subject: [PATCH 222/361] Update Kubernetes and Calico version #s --- ee/ucp/ucp-architecture.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ee/ucp/ucp-architecture.md b/ee/ucp/ucp-architecture.md index 2d4f981269..a662831cca 100644 --- a/ee/ucp/ucp-architecture.md +++ b/ee/ucp/ucp-architecture.md @@ -68,8 +68,8 @@ on a node depend on whether the node is a manager or a worker. Internally, UCP uses the following components: -* Calico 3.0.8 -* Kubernetes 1.8.15 +* Calico v3.2.3 +* Kubernetes v1.11.5 ### UCP components in manager nodes From 923f47c89b270452a10e4c18de9f857feb9ee261 Mon Sep 17 00:00:00 2001 From: L-Hudson <44844738+L-Hudson@users.noreply.github.com> Date: Fri, 25 Jan 2019 15:16:44 -0500 Subject: [PATCH 223/361] Update trust_delegation.md editorial crx --- engine/security/trust/trust_delegation.md | 42 +++++++++++------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/engine/security/trust/trust_delegation.md b/engine/security/trust/trust_delegation.md index dba57fd752..46a48639a4 100644 --- a/engine/security/trust/trust_delegation.md +++ b/engine/security/trust/trust_delegation.md @@ -4,7 +4,7 @@ keywords: trust, security, delegations, keys, repository title: Delegations for content trust --- -Delegations in Docker Content Trust allow you to control who can and cannot sign +Delegations in Docker Content Trust (DCT) allow you to control who can and cannot sign an image tag. A delegation will have a pair of delegation keys, public and private. A delegation could contain multiple pairs of keys, contributors, to allow multiple users to be part of a delegation, and to support key rotation. @@ -18,10 +18,10 @@ initialise a repository, manage the repository keys, and when a collaborator gets added with `docker trust signer add` we will add their key to the `targets/releases` delegation automatically. -## Configuring the Notary Cli +## Configuring the Notary CLI -Some of the more advanced features of Docker Content Trust require the Notary -Cli. To install and configure the Notary Cli follow: +Some of the more advanced features of DCT require the Notary +CLI. To install and configure the Notary CLI: 1) Download the [client](https://github.com/theupdateframework/notary/releases) and ensure that it is available on your path @@ -54,8 +54,8 @@ a certificate authority, or can be taken from a Universal Control Plane's ### Using Docker Trust to Generate Keys -Docker trust has a built in generator for a delegation key pair, -`$ docker trust generate `, running this command will automatically load +Docker trust has a built-in generator for a delegation key pair, +`$ docker trust generate `. Running this command will automatically load the delegation private key in to the local Docker trust store. ``` @@ -70,7 +70,7 @@ Successfully generated and loaded private key. Corresponding public key availabl If you need to manually generate a private key (either RSA or ECDSA) and a x509 certificate containing the public key, you can use local tools like openssl or -cfssl along with a local or company wide Certificate Authority. +cfssl along with a local or company-wide Certificate Authority. Here is an example of how to generate a 2048-bit RSA portion key (all RSA keys must be at least 2048 bits): @@ -117,7 +117,7 @@ Successfully imported key from delegation.key ### Using Universal Control Plane's Client Bundles -Universal Control Plane manages cli and api access to its clusters through +Universal Control Plane (UCP) manages CLI and API access to its clusters through certificates generated in a Client Bundle. These certificates and keys can be used as a delegation key pair. Within each client bundle there is a unique private key (`key.pem`) and x509 certificate containing a public key @@ -141,7 +141,7 @@ Successfully imported key from key.pem ### Viewing local Delegation keys To list the keys that have been imported in to the local Docker trust store we -can use the Notary cli. +can use the Notary CLI. ``` $ notary key list @@ -154,12 +154,12 @@ jeff 9deed251daa1aa6f9d5f9b752847647cf8d705da ## Managing Delegations in a Notary Server -Docker Content Trust handles initiating a repository with trust data for you, +DCT handles initiating a repository with trust data for you, including rotating low level keys like the target and the snapshot key to the remote Notary server. This is all done the first time you add a delegation public key to the Notary server. -When initiating a repository you will need the key and the passphrase of a local +When initiating a repository, you will need the key and the passphrase of a local Notary Canonical Root Key. If you have not initiated a repository before, and therefore don't have a Notary root key, `$ docker trust` will create one for you. @@ -172,7 +172,7 @@ repository, you can use the `$ docker trust signer add` command. This will add the contributor's public key to the `targets/releases` delegation, and create a second `targets/` delegation. -For Docker Content Trust the name of the second delegation, in the below example +For DCT the name of the second delegation, in the below example `jeff`, is there to help you keep track of the owner of the keys. In more advanced use cases of Notary additional delegations are used for hierarchy. @@ -207,7 +207,7 @@ Administrative keys for dtr.example.com/admin/demo Root Key: 64d147e59e44870311dd2d80b9f7840039115ef3dfa5008127d769a5f657a5d7 ``` -You could also use the Notary cli to list delegations and keys. Here you can +You could also use the Notary CLI to list delegations and keys. Here you can clearly see the keys were attached to `targets/releases` and `targets/jeff`. ``` @@ -227,7 +227,7 @@ allowing you to manage the lifecycle of delegations. When adding additional delegations with `$ docker trust` the collaborators key is once again added to the `targets/release` role. -> Note you will need the passphrase for the repository key, this would have been +> Note you will need the passphrase for the repository key; this would have been > configured when you first initiated the repository. ``` @@ -263,7 +263,7 @@ multiple contributor keys per delegation. The only prerequisite here is to make sure you use the same the delegation name, in this case `jeff`. Docker trust will automatically handle adding this new key to `targets/releases`. -> Note you will need the passphrase for the repository key, this would have been +> Note you will need the passphrase for the repository key; this would have been > configured when you first initiated the repository. ``` @@ -310,7 +310,7 @@ Successfully removed ben from dtr.example.com/admin/demo #### Troubleshooting -1) If you see an error that there are no useable keys in `targets/releases`. You +1) If you see an error that there are no useable keys in `targets/releases`, you will need to add additional delegations using `docker trust signer add` before resigning images. @@ -319,8 +319,8 @@ WARN[0000] role targets/releases has fewer keys than its threshold of 1; it will ``` 2) If you have added additional delegations already and are seeing an error -message that there are no valid signatures in `targest/releases`. You will need -to resign the `targets/releases` delegation file with the Notary Cli. +message that there are no valid signatures in `targest/releases`, you will need +to resign the `targets/releases` delegation file with the Notary CLI. ``` WARN[0000] Error getting targets/releases: valid signatures did not meet threshold for targets/releases @@ -338,7 +338,7 @@ More information on the `$ notary witness` command can be found ### Removing a Contributor's Key from a Delegation As part of rotating keys for a delegation, you may want to remove an individual -key but retain the delegation. This can be done with the Notary cli. +key but retain the delegation. This can be done with the Notary CLI. Remember you will have to remove the key from both the `targets/releases` role and the role specific to that signer `targets/`. @@ -395,7 +395,7 @@ targets/releases "" 8fb597cbaf196f0781628b2f52bff6b3912e4e8075 ### Removing a local Delegation Private Key As part of rotating delegation keys, you may need to remove a local delegation -key from the local Docker trust store. This is done with the Notary cli, using +key from the local Docker trust store. This is done with the Notary CLI, using the `$ notary key remove` command. 1) We will need to get the Key ID from the local Docker Trust store @@ -424,7 +424,7 @@ Deleted 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 (role j ## Removing all trust data from a Repository You can remove all trust data from a repository, including repository, target, -snapshot and all delegations keys using the Notary cli. +snapshot and all delegations keys using the Notary CLI. This is often required by a container registry before a particular repository can be deleted. From ce6a19012340bfdddc18fcbda8ada65b977c3b7b Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sat, 26 Jan 2019 15:18:05 -0500 Subject: [PATCH 224/361] Release notes update for orca #16062 Version 3.1, 3.0, and 2.2 information added to release notes. --- ee/ucp/release-notes.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index ece49789d0..ea8e92a00e 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -21,6 +21,21 @@ upgrade your installation to the latest release. # Version 3.1 +## 3.1.3 (2019-01-29) + +### New platforms + * Added support for Windows Server 2019 and Windows Server 1809. (#15810) + * Added support for RHEL 7.6 with Devicemapper and Overlay2 storage drivers. (#15535) + * Added support for Oracle Enterprise Linux 7.6 with Overlay2 storage driver. (#15791) + +### Networking + * Upgraded Calico to version 3.5. (#15884) + +### Bug Fixes + * Fixed system hang following UCP backup and docker daemon shutdown. (docker/escalation#841) + * Non-admin users can no longer create `PersistentVolumes` that mount host directories. (#15936) + * Added support for the limit arg in `docker ps`. (#15812) + ## 3.1.2 (2019-01-09) ### Authentication and Authorization @@ -136,6 +151,14 @@ The following features are deprecated in UCP 3.1. # Version 3.0 +## 3.0.9 (2018-01-29) + +### Bug fixes + * Upgrading Interlock now also upgrades interlock proxy and interlock extension. (docker/escalation/871) + * Fixed system hang issue following UCP backup and docker daemon shutdown. (docker/escalation#841) + * Non-admin users can no longer create `PersistentVolumes` that mount host directories. (#15936) + * Added support for the limit arg in `docker ps`. (#15812) + ## 3.0.8 (2019-01-09) ### Bug fixes @@ -467,6 +490,11 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. # Version 2.2 +## Version 2.2.16 (2019-01-29) + +### Bug fixes + * Added support for the `limit` argument in `docker ps`. (#15812) + ## Version 2.2.15 (2019-01-09) ### Bug fixes From d8b096a7c9706ebcd0a5237d924ef800ad113161 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sat, 26 Jan 2019 16:25:38 -0500 Subject: [PATCH 225/361] Add information for issue 928. Added information to resolve https://github.com/docker/docs-private/issues/928. --- ee/ucp/release-notes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index ea8e92a00e..261bfda7af 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -170,6 +170,7 @@ The following features are deprecated in UCP 3.1. * UCP backend will now complain when a service is created/updated if the `com.docker.lb.network` label is not correctly specified. (docker/orca#15015) * LDAP group member attribute is now case insensitive. (docker/escalation#917) + * Fixed an issue that caused a system hang after the attempted shutdown of the Docker daemon to perform a swarm backup. /dev/shm is now unmounted when starting the kubelet container. (docker/orca#15672) * Interlock * Interlock headers can now be hidden. (docker/escalation#833) * Respect `com.docker.lb.network` labels and only attach the specified networks From dc4a00190c1b2d8677b0137453b04f7464e4aafd Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sat, 26 Jan 2019 16:37:18 -0500 Subject: [PATCH 226/361] Updates for UCP for January patch --- _config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/_config.yml b/_config.yml index 1e85bce456..f7a16f6c9f 100644 --- a/_config.yml +++ b/_config.yml @@ -155,7 +155,7 @@ defaults: ucp_org: "docker" ucp_repo: "ucp" dtr_repo: "dtr" - ucp_version: "3.1.2" + ucp_version: "3.1.3" dtr_version: "2.6.1" - scope: path: "datacenter/ucp/3.0" @@ -163,14 +163,14 @@ defaults: hide_from_sitemap: true ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "3.0.8" + ucp_version: "3.0.9" - scope: path: "datacenter/ucp/2.2" values: hide_from_sitemap: true ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "2.2.15" + ucp_version: "2.2.16" - scope: path: "datacenter/ucp/2.1" values: From 2a32dc2b2981832846a94b722d39e7a78e291221 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sat, 26 Jan 2019 16:45:21 -0500 Subject: [PATCH 227/361] Updates for UCP for late January patch --- _data/ddc_offline_files_2.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/_data/ddc_offline_files_2.yaml b/_data/ddc_offline_files_2.yaml index 27614cb9ba..18a2c0bbfc 100644 --- a/_data/ddc_offline_files_2.yaml +++ b/_data/ddc_offline_files_2.yaml @@ -5,7 +5,11 @@ # Used by _includes/components/ddc_url_list_2.html - product: "ucp" version: "3.1" - tar-files: + tar-files: + - description: "3.1.3 Windows Server 2019" + url: https://packages.docker.com/caas/ucp_images_win_2019_3.1.3.tar.gz + - description: "3.1.3 Windows Server 1809" + url: https://packages.docker.com/caas/ucp_images_win_1809_3.1.3.tar.gz - description: "3.1.2 Linux" url: https://packages.docker.com/caas/ucp_images_3.1.2.tar.gz - description: "3.1.2 Windows Server 2016 LTSC" From 9a47eeceff8da5fffff01651d0bd1d45c689d163 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sat, 26 Jan 2019 17:09:52 -0500 Subject: [PATCH 228/361] Updates for DTR for late January patch --- ee/dtr/release-notes.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ee/dtr/release-notes.md b/ee/dtr/release-notes.md index cedbb61bff..44fa6daf54 100644 --- a/ee/dtr/release-notes.md +++ b/ee/dtr/release-notes.md @@ -21,6 +21,14 @@ to upgrade your installation to the latest release. # Version 2.6 +## 2.6.2 + +(2019-1-25) + +### Bug Fixes + + * Fixed a bug where scanning Windows images were stuck in Pending state. (docker/dhe-deploy #9969) + ## 2.6.1 (2019-01-09) From cb083adca0403f834f26942d657d5f01ef39d85e Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sat, 26 Jan 2019 18:02:42 -0500 Subject: [PATCH 229/361] Updated DTR info for late Jan release notes --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index f7a16f6c9f..7acc9935f2 100644 --- a/_config.yml +++ b/_config.yml @@ -105,7 +105,7 @@ defaults: values: dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.6.1" + dtr_version: "2.6.2" - scope: path: "datacenter/dtr/2.5" values: From 314b9014b5bf2a3c474937495415e5a362b50e84 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sat, 26 Jan 2019 18:52:06 -0500 Subject: [PATCH 230/361] Added information for 7944 Is this information still needed in the release notes since it's fixed in 18.09.01? LInk to issue: https://github.com/docker/docker.github.io/issues/7944 --- engine/release-notes.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index a6ac3c2595..31f0f77b11 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -150,7 +150,25 @@ consistency and compatibility reasons. ### Known Issues -There are [important changes to the upgrade process](/ee/upgrade) that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater. +* There are [important changes to the upgrade process](/ee/upgrade) that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater. +* With https://github.com/boot2docker/boot2docker/releases/download/v18.09.0/boot2docker.iso, connection is being refused from a node on the virtual machine. Any publishing of swarm ports in virtualbox-created docker-machine VM's will not respond. This is occurring on macOS and Windows 10, using docker-machine version 0.15 and 0.16. + +The following `docker run` command works, allowing access from host browser: + +`docker run -d -p 4000:80 nginx` + +However, the following `docker service` command fails, resulting in curl/chrome unable to connect (connection refused): + +`docker service create -p 5000:80 nginx` + +This issue is not apparent when provisioning 18.09.0 cloud VM's using docker-machine. + +Workarounds: +* Use cloud VM's that don't rely on boot2docker. +* `docker run` is unaffected. +* For Swarm, set VIRTUALBOX_BOOT2DOCKER_URL=https://github.com/boot2docker/boot2docker/releases/download/v18.06.1-ce/boot2docker.iso. + +This issue is resolved in 18.09.1. ### Deprecation Notice From 567505275626f57f654afaea6b288a6cef82d28c Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sat, 26 Jan 2019 19:23:20 -0500 Subject: [PATCH 231/361] Added spacing --- engine/release-notes.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index 31f0f77b11..5387ec3ddb 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -153,22 +153,22 @@ consistency and compatibility reasons. * There are [important changes to the upgrade process](/ee/upgrade) that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater. * With https://github.com/boot2docker/boot2docker/releases/download/v18.09.0/boot2docker.iso, connection is being refused from a node on the virtual machine. Any publishing of swarm ports in virtualbox-created docker-machine VM's will not respond. This is occurring on macOS and Windows 10, using docker-machine version 0.15 and 0.16. -The following `docker run` command works, allowing access from host browser: + The following `docker run` command works, allowing access from host browser: -`docker run -d -p 4000:80 nginx` + `docker run -d -p 4000:80 nginx` -However, the following `docker service` command fails, resulting in curl/chrome unable to connect (connection refused): + However, the following `docker service` command fails, resulting in curl/chrome unable to connect (connection refused): -`docker service create -p 5000:80 nginx` + `docker service create -p 5000:80 nginx` -This issue is not apparent when provisioning 18.09.0 cloud VM's using docker-machine. + This issue is not apparent when provisioning 18.09.0 cloud VM's using docker-machine. -Workarounds: -* Use cloud VM's that don't rely on boot2docker. -* `docker run` is unaffected. -* For Swarm, set VIRTUALBOX_BOOT2DOCKER_URL=https://github.com/boot2docker/boot2docker/releases/download/v18.06.1-ce/boot2docker.iso. + Workarounds: + * Use cloud VM's that don't rely on boot2docker. + * `docker run` is unaffected. + * For Swarm, set VIRTUALBOX_BOOT2DOCKER_URL=https://github.com/boot2docker/boot2docker/releases/download/v18.06.1-ce/boot2docker.iso. -This issue is resolved in 18.09.1. + This issue is resolved in 18.09.1. ### Deprecation Notice From 1f8609f1f77282f55e545a76165d4a8315ad0090 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sun, 27 Jan 2019 14:18:48 -0500 Subject: [PATCH 232/361] Incorporate feedback --- _config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/_config.yml b/_config.yml index 7acc9935f2..32db60a773 100644 --- a/_config.yml +++ b/_config.yml @@ -95,7 +95,7 @@ defaults: - scope: path: "install" values: - win_latest_build: "docker-18.09.1" + win_latest_build: "docker-18.09.2" - scope: path: "datacenter" values: @@ -112,14 +112,14 @@ defaults: hide_from_sitemap: true dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.5.7" + dtr_version: "2.5.8" - scope: path: "datacenter/dtr/2.4" values: hide_from_sitemap: true dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.4.8" + dtr_version: "2.4.9" - scope: path: "datacenter/dtr/2.3" values: From bda50ce6e945c75a35a810749c1f673619cffa4e Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sun, 27 Jan 2019 14:21:44 -0500 Subject: [PATCH 233/361] Added platform info --- _data/ddc_offline_files_2.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_data/ddc_offline_files_2.yaml b/_data/ddc_offline_files_2.yaml index 18a2c0bbfc..3c6533aa56 100644 --- a/_data/ddc_offline_files_2.yaml +++ b/_data/ddc_offline_files_2.yaml @@ -10,6 +10,8 @@ url: https://packages.docker.com/caas/ucp_images_win_2019_3.1.3.tar.gz - description: "3.1.3 Windows Server 1809" url: https://packages.docker.com/caas/ucp_images_win_1809_3.1.3.tar.gz + - description: "3.1.3 Linux" + url: https://packages.docker.com/caas/ucp_images_3.1.3.tar.gz - description: "3.1.2 Linux" url: https://packages.docker.com/caas/ucp_images_3.1.2.tar.gz - description: "3.1.2 Windows Server 2016 LTSC" From 646c27d366e293dee9ead6781dc0c6b698471a10 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sun, 27 Jan 2019 14:23:44 -0500 Subject: [PATCH 234/361] Fixed DTR 2.6.1 reference to 2.6.2 --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index 32db60a773..309402b22f 100644 --- a/_config.yml +++ b/_config.yml @@ -156,7 +156,7 @@ defaults: ucp_repo: "ucp" dtr_repo: "dtr" ucp_version: "3.1.3" - dtr_version: "2.6.1" + dtr_version: "2.6.2" - scope: path: "datacenter/ucp/3.0" values: From 136ce4857c893a6dd074f8926b37a95e7ddeb264 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sun, 27 Jan 2019 14:26:39 -0500 Subject: [PATCH 235/361] Added repo info --- ee/ucp/release-notes.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index 261bfda7af..6966fcaf5f 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -24,17 +24,17 @@ upgrade your installation to the latest release. ## 3.1.3 (2019-01-29) ### New platforms - * Added support for Windows Server 2019 and Windows Server 1809. (#15810) - * Added support for RHEL 7.6 with Devicemapper and Overlay2 storage drivers. (#15535) - * Added support for Oracle Enterprise Linux 7.6 with Overlay2 storage driver. (#15791) + * Added support for Windows Server 2019 and Windows Server 1809. (docker/orca#15810) + * Added support for RHEL 7.6 with Devicemapper and Overlay2 storage drivers. (docker/orca#15535) + * Added support for Oracle Enterprise Linux 7.6 with Overlay2 storage driver. (docker/orca#15791) ### Networking * Upgraded Calico to version 3.5. (#15884) ### Bug Fixes * Fixed system hang following UCP backup and docker daemon shutdown. (docker/escalation#841) - * Non-admin users can no longer create `PersistentVolumes` that mount host directories. (#15936) - * Added support for the limit arg in `docker ps`. (#15812) + * Non-admin users can no longer create `PersistentVolumes` that mount host directories. (docker/orca#15936) + * Added support for the limit arg in `docker ps`. (docker/orca#15812) ## 3.1.2 (2019-01-09) From bb47f14adad994c998f8f6ce00063929210f04ba Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sun, 27 Jan 2019 14:51:35 -0500 Subject: [PATCH 236/361] Added platform info per Olly's feedback --- _data/ddc_offline_files_2.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/_data/ddc_offline_files_2.yaml b/_data/ddc_offline_files_2.yaml index 3c6533aa56..c95167596a 100644 --- a/_data/ddc_offline_files_2.yaml +++ b/_data/ddc_offline_files_2.yaml @@ -39,6 +39,12 @@ - product: "ucp" version: "3.0" tar-files: + - description: "3.0.9 Windows Server 2016 LTSC" + url: https://packages.docker.com/caas/ucp_images_win_2016_3.0.9.tar.gz + - description: "3.0.9 Windows Server 1709" + url: https://packages.docker.com/caas/ucp_images_win_1709_3.0.9.tar.gz + - description: "3.0.9 Windows Server 1803" + url: https://packages.docker.com/caas/ucp_images_win_1803_3.0.9.tar.gz - description: "3.0.8 Linux" url: https://packages.docker.com/caas/ucp_images_3.0.8.tar.gz - description: "3.0.8 Windows Server 2016 LTSC" @@ -112,6 +118,12 @@ - product: "ucp" version: "2.2" tar-files: + - description: "2.2.16 Linux" + url: https://packages.docker.com/caas/ucp_images_2.2.16.tar.gz + - description: "2.2.16 IBM Z" + url: https://packages.docker.com/caas/ucp_images_s390x_2.2.16.tar.gz + - description: "2.2.16 Windows" + url: https://packages.docker.com/caas/ucp_images_win_2.2.16.tar.gz - description: "2.2.15 Linux" url: https://packages.docker.com/caas/ucp_images_2.2.15.tar.gz - description: "2.2.15 IBM Z" @@ -199,6 +211,8 @@ - product: "dtr" version: "2.6" tar-files: + - description: "DTR 2.6.2 Linux x86" + url: https://packages.docker.com/caas/dtr_images_2.6.2.tar.gz - description: "DTR 2.6.1 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.6.1.tar.gz - description: "DTR 2.6.0 Linux x86" @@ -206,6 +220,8 @@ - product: "dtr" version: "2.5" tar-files: + - description: "DTR 2.5.8 Linux x86" + url: https://packages.docker.com/caas/dtr_images_2.5.8.tar.gz - description: "DTR 2.5.7 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.5.7.tar.gz - description: "DTR 2.5.6 Linux x86" @@ -223,6 +239,8 @@ - product: "dtr" version: "2.4" tar-files: + - description: "DTR 2.4.9 Linux x86" + url: https://packages.docker.com/caas/dtr_images_2.4.9.tar.gz - description: "DTR 2.4.8 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.4.8.tar.gz - description: "DTR 2.4.7 Linux x86" From e8f846ffc1c9015d01ac2288e0969c2c219e6c3c Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Sun, 27 Jan 2019 14:52:17 -0500 Subject: [PATCH 237/361] Fixed spaces --- _data/ddc_offline_files_2.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_data/ddc_offline_files_2.yaml b/_data/ddc_offline_files_2.yaml index c95167596a..25d4ec2e47 100644 --- a/_data/ddc_offline_files_2.yaml +++ b/_data/ddc_offline_files_2.yaml @@ -11,7 +11,7 @@ - description: "3.1.3 Windows Server 1809" url: https://packages.docker.com/caas/ucp_images_win_1809_3.1.3.tar.gz - description: "3.1.3 Linux" - url: https://packages.docker.com/caas/ucp_images_3.1.3.tar.gz + url: https://packages.docker.com/caas/ucp_images_3.1.3.tar.gz - description: "3.1.2 Linux" url: https://packages.docker.com/caas/ucp_images_3.1.2.tar.gz - description: "3.1.2 Windows Server 2016 LTSC" From 3b078e29fa47bd49f5cf9104fd0c4b60f2150e89 Mon Sep 17 00:00:00 2001 From: Anne Henmi Date: Sun, 27 Jan 2019 22:22:13 -0700 Subject: [PATCH 238/361] Changes --- engine/release-notes.md | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index 2ab6a84992..e6ad2cd15e 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -173,7 +173,7 @@ For more information on the list of deprecated flags and APIs, have a look at th In this release, Docker has also removed support for TLS < 1.2 [moby/moby#37660](https://github.com/moby/moby/pull/37660), Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254), and Debian 8 "Jessie" [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254). -### 18.03.ee-5 +### 18.03.1-ee-5 2019-01-09 ### Security fixes @@ -203,6 +203,33 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d ## Older Docker Engine EE Release notes +### 18.03.1-ee-3 +2018-08-30 + +#### Builder + +* Fix: no error if build args are missing during docker build. [docker/engine#25](https://github.com/docker/engine/pull/25) +* Ensure RUN instruction to run without healthcheck. [moby/moby#37413](https://github.com/moby/moby/pull/37413) + +#### Client + +* Fix manifest list to always use correct size. [docker/cli#1156](https://github.com/docker/cli/pull/1156) +* Various shell completion script updates. [docker/cli#1159](https://github.com/docker/cli/pull/1159) [docker/cli#1227](https://github.com/docker/cli/pull/1227) +* Improve version output alignment. [docker/cli#1204](https://github.com/docker/cli/pull/1204) + +#### Runtime + +* Disable CRI plugin listening on port 10010 by default. [docker/engine#29](https://github.com/docker/engine/pull/29) +* Update containerd to v1.1.2. [docker/engine#33](https://github.com/docker/engine/pull/33) +* Windows: Pass back system errors on container exit. [moby/moby#35967](https://github.com/moby/moby/pull/35967) +* Windows: Fix named pipe support for hyper-v isolated containers. [docker/engine#2](https://github.com/docker/engine/pull/2) [docker/cli#1165](https://github.com/docker/cli/pull/1165) +* Register OCI media types. [docker/engine#4](https://github.com/docker/engine/pull/4) + +#### Swarm Mode + +* Clean up tasks in dirty list for which the service has been deleted. [docker/swarmkit#2694](https://github.com/docker/swarmkit/pull/2694) +* Propagate the provided external CA certificate to the external CA object in swarm. [docker/cli#1178](https://github.com/docker/cli/pull/1178) + ### 18.03.1-ee-2 2018-07-10 From 0d7c91ecf48ac531d5a831db3a2e9404123475ed Mon Sep 17 00:00:00 2001 From: Anne Henmi Date: Sun, 27 Jan 2019 22:53:33 -0700 Subject: [PATCH 239/361] Added release notes for v18.03.1-ee-4. --- engine/release-notes.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/engine/release-notes.md b/engine/release-notes.md index e6ad2cd15e..9385694ef0 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -203,6 +203,32 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d ## Older Docker Engine EE Release notes +### 18.03.1-ee-4 +2018-10-25 + +> *** NOTE: **** If you're deploying UCP or DTR, use Docker EE Engine 17.06. + +#### Client + +* Fixed help message flags on docker stack commands and child commands. [docker/cli#1251](https://github.com/docker/cli/pull/1251) +* Fixed typo breaking zsh docker update autocomplete. [docker/cli#1232](https://github.com/docker/cli/pull/1232) + +### Networking + +* Added optimizations to reduce the messages in the NetworkDB queue. [docker/libnetwork#2225](https://github.com/docker/libnetwork/pull/2225) +* Fixed a very rare condition where managers are not correctly triggering the reconnection logic. [docker/libnetwork#2226](https://github.com/docker/libnetwork/pull/2226) +* Changed loglevel from error to warning for missing disable_ipv6 file. [docker/libnetwork#2224](https://github.com/docker/libnetwork/pull/2224) + +#### Runtime + +* Fixed denial of service with large numbers in cpuset-cpus and cpuset-mems. [moby/moby#37967](https://github.com/moby/moby/pull/37967) +* Added stability improvements for devicemapper shutdown. [moby/moby#36307](https://github.com/moby/moby/pull/36307) [moby/moby#36438](https://github.com/moby/moby/pull/36438) + +#### Swarm Mode + +* Fixed the logic used for skipping over running tasks. [docker/swarmkit#2724](https://github.com/docker/swarmkit/pull/2724) +* Addressed unassigned task leak when a service is removed. [docker/swarmkit#2709](https://github.com/docker/swarmkit/pull/2709) + ### 18.03.1-ee-3 2018-08-30 From fd57d2a703236205c8b6ed5ed349f546646cbcd2 Mon Sep 17 00:00:00 2001 From: gabrielmcg Date: Mon, 28 Jan 2019 08:31:16 +0000 Subject: [PATCH 240/361] Update collect-cluster-metrics.md Port forwarding is used to expose the UI, not the API? --- ee/ucp/admin/configure/collect-cluster-metrics.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/ucp/admin/configure/collect-cluster-metrics.md b/ee/ucp/admin/configure/collect-cluster-metrics.md index 7d14cf7433..069908b763 100644 --- a/ee/ucp/admin/configure/collect-cluster-metrics.md +++ b/ee/ucp/admin/configure/collect-cluster-metrics.md @@ -220,7 +220,7 @@ To configure your external Prometheus server to scrape metrics from Prometheus i prometheus ClusterIP 10.96.254.107 9090/TCP 1h ``` -5. Forward port 9090 on the local host to the ClusterIP. The tunnel created does not need to be kept alive and is only intended to expose the Prometheus API. +5. Forward port 9090 on the local host to the ClusterIP. The tunnel created does not need to be kept alive and is only intended to expose the Prometheus UI. ``` ssh -L 9090:10.96.254.107:9090 ANY_NODE From cfec527a05794f17713f6408c88c2f4443263993 Mon Sep 17 00:00:00 2001 From: ollypom Date: Mon, 28 Jan 2019 14:55:45 +0000 Subject: [PATCH 241/361] DCT Plugin is configured with Enforced not Enabled --- engine/security/trust/content_trust.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/engine/security/trust/content_trust.md b/engine/security/trust/content_trust.md index 330a702d57..c33870d652 100644 --- a/engine/security/trust/content_trust.md +++ b/engine/security/trust/content_trust.md @@ -259,13 +259,13 @@ specified. logged and remain unenforced. This configuration is intended for testing of changes related to content-trust. The results of the signature verification is displayed in the Docker Engine's daemon logs. -* `Enabled` - Content trust will be enforced and an image that cannot be +* `Enforced` - Content trust will be enforced and an image that cannot be verified successfully will not be pulled or run. ``` { "content-trust": { - "mode": "enabled" + "mode": "enforced" } } ``` @@ -283,7 +283,7 @@ Docker images can be used. Specify: "trust-pinning": { "official-library-images": true }, - "mode": "enabled" + "mode": "enforced" } } ``` @@ -316,7 +316,7 @@ $ grep -r "root" ~/.docker/trust/private ] } }, - "mode": "enabled" + "mode": "enforced" } } ``` @@ -348,7 +348,7 @@ $ docker trust inspect mydtr/user1/repo1 | jq -r '.[].AdministrativeKeys[] | sel ] } }, - "mode": "enabled" + "mode": "enforced" } } ``` @@ -375,7 +375,7 @@ trust cached signature data. This is done through the ], } }, - "mode": "enabled", + "mode": "enforced", "allow-expired-cached-trust-data": true } } From 28691ed27e5017711c898db746b32505872136f4 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Mon, 28 Jan 2019 10:49:22 -0500 Subject: [PATCH 242/361] Adding older info to Engine (8083) --- engine/release-notes.md | 56 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index 5387ec3ddb..e339e4ea65 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -188,7 +188,7 @@ For more information on the list of deprecated flags and APIs, have a look at th In this release, Docker has also removed support for TLS < 1.2 [moby/moby#37660](https://github.com/moby/moby/pull/37660), Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254), and Debian 8 "Jessie" [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254). -### 18.03.ee-5 +### 18.03.1-ee-5 2019-01-09 ### Security fixes @@ -218,6 +218,60 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d ## Older Docker Engine EE Release notes +### 18.03.1-ee-4 + 2018-10-25 + + > *** NOTE: **** If you're deploying UCP or DTR, use Docker EE Engine 17.06. + + #### Client + + * Fixed help message flags on docker stack commands and child commands. [docker/cli#1251](https://github.com/docker/cli/pull/1251) + * Fixed typo breaking zsh docker update autocomplete. [docker/cli#1232](https://github.com/docker/cli/pull/1232) + + ### Networking + + * Added optimizations to reduce the messages in the NetworkDB queue. [docker/libnetwork#2225](https://github.com/docker/libnetwork/pull/2225) + * Fixed a very rare condition where managers are not correctly triggering the reconnection logic. [docker/libnetwork#2226](https://github.com/docker/libnetwork/pull/2226) + * Changed loglevel from error to warning for missing disable_ipv6 file. [docker/libnetwork#2224](https://github.com/docker/libnetwork/pull/2224) + + #### Runtime + + * Fixed denial of service with large numbers in cpuset-cpus and cpuset-mems. [moby/moby#37967](https://github.com/moby/moby/pull/37967) + * Added stability improvements for devicemapper shutdown. [moby/moby#36307](https://github.com/moby/moby/pull/36307) [moby/moby#36438](https://github.com/moby/moby/pull/36438) + + #### Swarm Mode + + * Fixed the logic used for skipping over running tasks. [docker/swarmkit#2724](https://github.com/docker/swarmkit/pull/2724) + * Addressed unassigned task leak when a service is removed. [docker/swarmkit#2709](https://github.com/docker/swarmkit/pull/2709) + + ### 18.03.1-ee-3 + 2018-08-30 + + #### Builder + + * Fix: no error if build args are missing during docker build. [docker/engine#25](https://github.com/docker/engine/pull/25) + * Ensure RUN instruction to run without healthcheck. [moby/moby#37413](https://github.com/moby/moby/pull/37413) + + #### Client + + * Fix manifest list to always use correct size. [docker/cli#1156](https://github.com/docker/cli/pull/1156) + * Various shell completion script updates. [docker/cli#1159](https://github.com/docker/cli/pull/1159) [docker/cli#1227](https://github.com/docker/cli/pull/1227) + * Improve version output alignment. [docker/cli#1204](https://github.com/docker/cli/pull/1204) + + #### Runtime + + * Disable CRI plugin listening on port 10010 by default. [docker/engine#29](https://github.com/docker/engine/pull/29) + * Update containerd to v1.1.2. [docker/engine#33](https://github.com/docker/engine/pull/33) + * Windows: Pass back system errors on container exit. [moby/moby#35967](https://github.com/moby/moby/pull/35967) + * Windows: Fix named pipe support for hyper-v isolated containers. [docker/engine#2](https://github.com/docker/engine/pull/2) [docker/cli#1165](https://github.com/docker/cli/pull/1165) + * Register OCI media types. [docker/engine#4](https://github.com/docker/engine/pull/4) + + #### Swarm Mode + + * Clean up tasks in dirty list for which the service has been deleted. [docker/swarmkit#2694](https://github.com/docker/swarmkit/pull/2694) + * Propagate the provided external CA certificate to the external CA object in swarm. [docker/cli#1178](https://github.com/docker/cli/pull/1178) + + ### 18.03.1-ee-2 2018-07-10 From 160d35f3fd75e7658b74a4612401e10682e1ba2c Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Mon, 28 Jan 2019 10:51:29 -0500 Subject: [PATCH 243/361] Added UCP 3.0.9. info --- _data/ddc_offline_files_2.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_data/ddc_offline_files_2.yaml b/_data/ddc_offline_files_2.yaml index 25d4ec2e47..6c430441b2 100644 --- a/_data/ddc_offline_files_2.yaml +++ b/_data/ddc_offline_files_2.yaml @@ -39,6 +39,8 @@ - product: "ucp" version: "3.0" tar-files: + - description: "3.0.9 Linux" + url: https://packages.docker.com/caas/ucp_images_3.0.9.tar.gz - description: "3.0.9 Windows Server 2016 LTSC" url: https://packages.docker.com/caas/ucp_images_win_2016_3.0.9.tar.gz - description: "3.0.9 Windows Server 1709" From 55cddf85dadba282047c82922488c63c1636dfc0 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Mon, 28 Jan 2019 11:07:35 -0500 Subject: [PATCH 244/361] Added 3.0.9. IBM Z info for UCP --- _data/ddc_offline_files_2.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_data/ddc_offline_files_2.yaml b/_data/ddc_offline_files_2.yaml index 6c430441b2..8dab6fd56d 100644 --- a/_data/ddc_offline_files_2.yaml +++ b/_data/ddc_offline_files_2.yaml @@ -41,6 +41,8 @@ tar-files: - description: "3.0.9 Linux" url: https://packages.docker.com/caas/ucp_images_3.0.9.tar.gz + - description: "3.0.9 IBM Z" + url: https://packages.docker.com/caas/ucp_images_s390x_3.0.9.tar.gz - description: "3.0.9 Windows Server 2016 LTSC" url: https://packages.docker.com/caas/ucp_images_win_2016_3.0.9.tar.gz - description: "3.0.9 Windows Server 1709" From 6561564adf000588a1b234d6cd7ffd0bea2f8743 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Mon, 28 Jan 2019 11:09:33 -0500 Subject: [PATCH 245/361] Added 3.1.3 platform info --- _data/ddc_offline_files_2.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/_data/ddc_offline_files_2.yaml b/_data/ddc_offline_files_2.yaml index 8dab6fd56d..6b74cf8067 100644 --- a/_data/ddc_offline_files_2.yaml +++ b/_data/ddc_offline_files_2.yaml @@ -12,6 +12,12 @@ url: https://packages.docker.com/caas/ucp_images_win_1809_3.1.3.tar.gz - description: "3.1.3 Linux" url: https://packages.docker.com/caas/ucp_images_3.1.3.tar.gz + - description: "3.1.3 Windows Server 2016 LTSC" + url: https://packages.docker.com/caas/ucp_images_win_2016_3.1.3.tar.gz + - description: "3.1.3 Windows Server 1709" + url: https://packages.docker.com/caas/ucp_images_win_1709_3.1.3.tar.gz + - description: "3.1.3 Windows Server 1803" + url: https://packages.docker.com/caas/ucp_images_win_1803_3.1.3.tar.gz - description: "3.1.2 Linux" url: https://packages.docker.com/caas/ucp_images_3.1.2.tar.gz - description: "3.1.2 Windows Server 2016 LTSC" From 7df14a27aa17a70bde1bfd5b464093b92be20e4c Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Mon, 28 Jan 2019 11:10:54 -0500 Subject: [PATCH 246/361] Fixed spacing --- _data/ddc_offline_files_2.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/_data/ddc_offline_files_2.yaml b/_data/ddc_offline_files_2.yaml index 6b74cf8067..54c417c600 100644 --- a/_data/ddc_offline_files_2.yaml +++ b/_data/ddc_offline_files_2.yaml @@ -13,11 +13,11 @@ - description: "3.1.3 Linux" url: https://packages.docker.com/caas/ucp_images_3.1.3.tar.gz - description: "3.1.3 Windows Server 2016 LTSC" - url: https://packages.docker.com/caas/ucp_images_win_2016_3.1.3.tar.gz - - description: "3.1.3 Windows Server 1709" - url: https://packages.docker.com/caas/ucp_images_win_1709_3.1.3.tar.gz - - description: "3.1.3 Windows Server 1803" - url: https://packages.docker.com/caas/ucp_images_win_1803_3.1.3.tar.gz + url: https://packages.docker.com/caas/ucp_images_win_2016_3.1.3.tar.gz + - description: "3.1.3 Windows Server 1709" + url: https://packages.docker.com/caas/ucp_images_win_1709_3.1.3.tar.gz + - description: "3.1.3 Windows Server 1803" + url: https://packages.docker.com/caas/ucp_images_win_1803_3.1.3.tar.gz - description: "3.1.2 Linux" url: https://packages.docker.com/caas/ucp_images_3.1.2.tar.gz - description: "3.1.2 Windows Server 2016 LTSC" From c561d29383a0363cc3fc8e08a859be7cdad59fe3 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Mon, 28 Jan 2019 13:21:32 -0500 Subject: [PATCH 247/361] Including updates for 10048 https://github.com/docker/dhe-deploy/pull/10048/files --- ee/dtr/release-notes.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ee/dtr/release-notes.md b/ee/dtr/release-notes.md index 44fa6daf54..4d418339c2 100644 --- a/ee/dtr/release-notes.md +++ b/ee/dtr/release-notes.md @@ -100,6 +100,14 @@ to upgrade your installation to the latest release. # Version 2.5 +## 2.5.8 + +(2019-1-29) + +### Bug Fixes + +* Fixed an issue that prevented vulnerability updates from running if they were previously interrupted. (docker/dhe-deploy #9958) + ## 2.5.7 (2019-01-09) From a291c98fddb630293de0400594904b5dabb593d3 Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Mon, 28 Jan 2019 13:39:14 -0700 Subject: [PATCH 248/361] Update release-notes.md Fixed note per @thaJeztah --- engine/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index 9385694ef0..74f9cda9c8 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -206,7 +206,7 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d ### 18.03.1-ee-4 2018-10-25 -> *** NOTE: **** If you're deploying UCP or DTR, use Docker EE Engine 17.06. +> *** NOTE: *** If you're deploying UCP or DTR, use Docker EE Engine 18.09 or higher. 18.03 is an engine only release. #### Client From 3a1b490dcfa90eb99457bc943ae0f1522dae0114 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Mon, 28 Jan 2019 16:17:18 -0500 Subject: [PATCH 249/361] Latest code for 8083 --- engine/release-notes.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index e339e4ea65..f5b03b4b17 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -215,13 +215,12 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d * Mask proxy credentials from URL when displayed in system info (docker/escalation#879) - ## Older Docker Engine EE Release notes ### 18.03.1-ee-4 2018-10-25 - > *** NOTE: **** If you're deploying UCP or DTR, use Docker EE Engine 17.06. + > *** NOTE: *** If you're deploying UCP or DTR, use Docker EE Engine 18.09 or higher. 18.03 is an engine only release. #### Client @@ -271,7 +270,6 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d * Clean up tasks in dirty list for which the service has been deleted. [docker/swarmkit#2694](https://github.com/docker/swarmkit/pull/2694) * Propagate the provided external CA certificate to the external CA object in swarm. [docker/cli#1178](https://github.com/docker/cli/pull/1178) - ### 18.03.1-ee-2 2018-07-10 From 4129dc0da1abc02d0f9b598538f726d94c28fcfa Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Mon, 28 Jan 2019 16:30:03 -0500 Subject: [PATCH 250/361] Changes for 8001 https://github.com/docker/docker.github.io/pull/8001/files --- engine/release-notes.md | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index f5b03b4b17..1f3e8d8f86 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -25,6 +25,18 @@ consistency and compatibility reasons. ## 18.09.1 2019-01-09 +#### Important notes about this release + +In Docker versions prior to 18.09, containerd was managed by the Docker engine daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd is managed by systemd, any custom configuration to the `docker.service` systemd configuration which changes mount settings (for example, `MountFlags=slave`) breaks interactions between the Docker Engine daemon and containerd, and you will not be able to start containers. + +Run the following command to get the current value of the `MountFlags` property for the `docker.service`: + +```bash +sudo systemctl show --property=MountFlags docker.service +MountFlags= +``` +Update your configuration if this command prints a non-empty value for `MountFlags`, and restart the docker service. + ### Security fixes for Docker Engine EE and CE * Upgraded Go language to 1.10.6 to resolve [CVE-2018-16873](https://nvd.nist.gov/vuln/detail/CVE-2018-16873), [CVE-2018-16874](https://nvd.nist.gov/vuln/detail/CVE-2018-16874), and [CVE-2018-16875](https://nvd.nist.gov/vuln/detail/CVE-2018-16875). * Fixed authz plugin for 0-length content and path validation. @@ -60,9 +72,24 @@ consistency and compatibility reasons. * Add socket activation for RHEL-based distributions. [docker/docker-ce-packaging#274](https://github.com/docker/docker-ce-packaging/pull/274) * Add libseccomp requirement for RPM packages. [docker/docker-ce-packaging#266](https://github.com/docker/docker-ce-packaging/pull/266) -## 18.09 +## 18.09.0 2018-11-08 +#### Important notes about this release + +In Docker versions prior to 18.09, containerd was managed by the Docker engine daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd is managed by systemd, any custom configuration to the `docker.service` systemd +configuration which changes mount settings (for example, `MountFlags=slave`) breaks interactions between the Docker Engine daemon and containerd, and you will not be able to start containers. + +Run the following command to get the current value of the `MountFlags` property for the `docker.service`: + +```bash +sudo systemctl show --property=MountFlags docker.service +MountFlags= +``` + +Update your configuration if this command prints a non-empty value for `MountFlags`, and restart the docker service. + + ### New features for Docker Engine EE * [FIPS Compliance added for Windows Server 2016 and later](/install/windows/docker-ee) From e10f9d5d8e1c334623604e2f872d9479623c9569 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 28 Jan 2019 16:09:19 -0700 Subject: [PATCH 251/361] Update engine/release-notes.md Co-Authored-By: ahh-docker <41210220+ahh-docker@users.noreply.github.com> --- engine/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index 74f9cda9c8..85483f0f2a 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -206,7 +206,7 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d ### 18.03.1-ee-4 2018-10-25 -> *** NOTE: *** If you're deploying UCP or DTR, use Docker EE Engine 18.09 or higher. 18.03 is an engine only release. +> ***NOTE:*** If you're deploying UCP or DTR, use Docker EE Engine 18.09 or higher. 18.03 is an engine only release. #### Client From 2379901ef24fa2d65ee501f5d75f411e09b8a1ca Mon Sep 17 00:00:00 2001 From: Trapier Marshall Date: Mon, 28 Jan 2019 18:09:21 -0500 Subject: [PATCH 252/361] ucp: add "heartbeat failure" node state Also: - Align table columns - Alpha sort table by symptom --- .../troubleshoot-node-messages.md | 21 ++++++++++--------- .../troubleshoot-node-messages.md | 21 ++++++++++--------- .../troubleshoot-node-messages.md | 21 ++++++++++--------- 3 files changed, 33 insertions(+), 30 deletions(-) diff --git a/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md b/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md index 93b51e3b9c..f71f0913a5 100644 --- a/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md +++ b/datacenter/ucp/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md @@ -17,13 +17,14 @@ cluster status](index.md). The following table lists all possible node states that may be reported for a UCP node, their explanation, and the expected duration of a given step. -| Message | Description | Typical step duration | -|:-----------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------------| -| Completing node registration | Waiting for the node to appear in KV node inventory. This is expected to occur when a node first joins the UCP swarm. | 5 - 30 seconds | -| The ucp-agent task is `state` | The `ucp-agent` task on the target node is not in a running state yet. This is an expected message when configuration has been updated, or when a new node was first joined to the UCP swarm. This step may take a longer time duration than expected if the UCP images need to be pulled from Docker Hub on the affected node. | 1-10 seconds | -| Unable to determine node state | The `ucp-reconcile` container on the target node just started running and can't determine its state. | 1-10 seconds | -| Node is being reconfigured | The `ucp-reconcile` container is currently converging the current state of the node to the desired state. This process may involve issuing certificates, pulling missing images, and starting containers, depending on the current node state. | 1 - 60 seconds | -| Reconfiguration pending | The target node is expected to be a manager but the `ucp-reconcile` container has not been started yet. | 1 - 10 seconds | -| Unhealthy UCP Controller: node is unreachable | Other manager nodes of the cluster have not received a heartbeat message from the affected node within a predetermined timeout. This usually indicates that there's either a temporary or permanent interruption in the network link to that manager node. Ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | -| Unhealthy UCP Controller: unable to reach controller | The controller that we are currently communicating with is not reachable within a predetermined timeout. Refresh the node listing to see if the symptom persists. If the symptom appears intermittently, this could indicate latency spikes between manager nodes, which can lead to temporary loss in the availability of UCP itself. Please ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | -| Unhealthy UCP Controller: Docker Swarm Cluster: Local node `` has status Pending | The Engine ID of an engine is not unique in the swarm. When a node first joins the cluster, it's added to the node inventory and discovered as `Pending` by Docker Swarm. The engine is "validated" if a `ucp-swarm-manager` container can connect to it via TLS, and if its Engine ID is unique in the swarm. If you see this issue repeatedly, make sure that your engines don't have duplicate IDs. Use `docker info` to see the Engine ID. Refresh the ID by removing the `/etc/docker/key.json` file and restarting the daemon. | Until resolved | +| Message | Description | Typical step duration | +| :----------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------- | +| Completing node registration | Waiting for the node to appear in KV node inventory. This is expected to occur when a node first joins the UCP swarm. | 5 - 30 seconds | +| heartbeat failure | The node has not contacted any swarm managers in the last 10 seconds. Check Swarm state in `docker info` on the node. `inactive` means the node has been removed from the swarm with `docker swarm leave`. `pending` means dockerd on the node has been attempting to contact a manager since dockerd on the node started. Confirm network security policy allows tcp port 2377 from the node to managers. `error` means an error prevented swarm from starting on the node. Check docker daemon logs on the node. | Until resolved | +| Node is being reconfigured | The `ucp-reconcile` container is currently converging the current state of the node to the desired state. This process may involve issuing certificates, pulling missing images, and starting containers, depending on the current node state. | 1 - 60 seconds | +| Reconfiguration pending | The target node is expected to be a manager but the `ucp-reconcile` container has not been started yet. | 1 - 10 seconds | +| The ucp-agent task is `state` | The `ucp-agent` task on the target node is not in a running state yet. This is an expected message when configuration has been updated, or when a new node was first joined to the UCP cluster. This step may take a longer time duration than expected if the UCP images need to be pulled from Docker Hub on the affected node. | 1-10 seconds | +| Unable to determine node state | The `ucp-reconcile` container on the target node just started running and we are not able to determine its state. | 1-10 seconds | +| Unhealthy UCP Controller: node is unreachable | Other manager nodes of the cluster have not received a heartbeat message from the affected node within a predetermined timeout. This usually indicates that there's either a temporary or permanent interruption in the network link to that manager node. Ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | +| Unhealthy UCP Controller: unable to reach controller | The controller that we are currently communicating with is not reachable within a predetermined timeout. Please refresh the node listing to see if the symptom persists. If the symptom appears intermittently, this could indicate latency spikes between manager nodes, which can lead to temporary loss in the availability of UCP itself. Please ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | +| Unhealthy UCP Controller: Docker Swarm Cluster: Local node `` has status Pending | The Engine ID of an engine is not unique in the swarm. When a node first joins the cluster, it's added to the node inventory and discovered as `Pending` by Docker Swarm. The engine is "validated" if a `ucp-swarm-manager` container can connect to it via TLS, and if its Engine ID is unique in the swarm. If you see this issue repeatedly, make sure that your engines don't have duplicate IDs. Use `docker info` to see the Engine ID. Refresh the ID by removing the `/etc/docker/key.json` file and restarting the daemon. | Until resolved | diff --git a/datacenter/ucp/3.0/guides/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md b/datacenter/ucp/3.0/guides/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md index 93b51e3b9c..f71f0913a5 100644 --- a/datacenter/ucp/3.0/guides/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md +++ b/datacenter/ucp/3.0/guides/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md @@ -17,13 +17,14 @@ cluster status](index.md). The following table lists all possible node states that may be reported for a UCP node, their explanation, and the expected duration of a given step. -| Message | Description | Typical step duration | -|:-----------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------------| -| Completing node registration | Waiting for the node to appear in KV node inventory. This is expected to occur when a node first joins the UCP swarm. | 5 - 30 seconds | -| The ucp-agent task is `state` | The `ucp-agent` task on the target node is not in a running state yet. This is an expected message when configuration has been updated, or when a new node was first joined to the UCP swarm. This step may take a longer time duration than expected if the UCP images need to be pulled from Docker Hub on the affected node. | 1-10 seconds | -| Unable to determine node state | The `ucp-reconcile` container on the target node just started running and can't determine its state. | 1-10 seconds | -| Node is being reconfigured | The `ucp-reconcile` container is currently converging the current state of the node to the desired state. This process may involve issuing certificates, pulling missing images, and starting containers, depending on the current node state. | 1 - 60 seconds | -| Reconfiguration pending | The target node is expected to be a manager but the `ucp-reconcile` container has not been started yet. | 1 - 10 seconds | -| Unhealthy UCP Controller: node is unreachable | Other manager nodes of the cluster have not received a heartbeat message from the affected node within a predetermined timeout. This usually indicates that there's either a temporary or permanent interruption in the network link to that manager node. Ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | -| Unhealthy UCP Controller: unable to reach controller | The controller that we are currently communicating with is not reachable within a predetermined timeout. Refresh the node listing to see if the symptom persists. If the symptom appears intermittently, this could indicate latency spikes between manager nodes, which can lead to temporary loss in the availability of UCP itself. Please ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | -| Unhealthy UCP Controller: Docker Swarm Cluster: Local node `` has status Pending | The Engine ID of an engine is not unique in the swarm. When a node first joins the cluster, it's added to the node inventory and discovered as `Pending` by Docker Swarm. The engine is "validated" if a `ucp-swarm-manager` container can connect to it via TLS, and if its Engine ID is unique in the swarm. If you see this issue repeatedly, make sure that your engines don't have duplicate IDs. Use `docker info` to see the Engine ID. Refresh the ID by removing the `/etc/docker/key.json` file and restarting the daemon. | Until resolved | +| Message | Description | Typical step duration | +| :----------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------- | +| Completing node registration | Waiting for the node to appear in KV node inventory. This is expected to occur when a node first joins the UCP swarm. | 5 - 30 seconds | +| heartbeat failure | The node has not contacted any swarm managers in the last 10 seconds. Check Swarm state in `docker info` on the node. `inactive` means the node has been removed from the swarm with `docker swarm leave`. `pending` means dockerd on the node has been attempting to contact a manager since dockerd on the node started. Confirm network security policy allows tcp port 2377 from the node to managers. `error` means an error prevented swarm from starting on the node. Check docker daemon logs on the node. | Until resolved | +| Node is being reconfigured | The `ucp-reconcile` container is currently converging the current state of the node to the desired state. This process may involve issuing certificates, pulling missing images, and starting containers, depending on the current node state. | 1 - 60 seconds | +| Reconfiguration pending | The target node is expected to be a manager but the `ucp-reconcile` container has not been started yet. | 1 - 10 seconds | +| The ucp-agent task is `state` | The `ucp-agent` task on the target node is not in a running state yet. This is an expected message when configuration has been updated, or when a new node was first joined to the UCP cluster. This step may take a longer time duration than expected if the UCP images need to be pulled from Docker Hub on the affected node. | 1-10 seconds | +| Unable to determine node state | The `ucp-reconcile` container on the target node just started running and we are not able to determine its state. | 1-10 seconds | +| Unhealthy UCP Controller: node is unreachable | Other manager nodes of the cluster have not received a heartbeat message from the affected node within a predetermined timeout. This usually indicates that there's either a temporary or permanent interruption in the network link to that manager node. Ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | +| Unhealthy UCP Controller: unable to reach controller | The controller that we are currently communicating with is not reachable within a predetermined timeout. Please refresh the node listing to see if the symptom persists. If the symptom appears intermittently, this could indicate latency spikes between manager nodes, which can lead to temporary loss in the availability of UCP itself. Please ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | +| Unhealthy UCP Controller: Docker Swarm Cluster: Local node `` has status Pending | The Engine ID of an engine is not unique in the swarm. When a node first joins the cluster, it's added to the node inventory and discovered as `Pending` by Docker Swarm. The engine is "validated" if a `ucp-swarm-manager` container can connect to it via TLS, and if its Engine ID is unique in the swarm. If you see this issue repeatedly, make sure that your engines don't have duplicate IDs. Use `docker info` to see the Engine ID. Refresh the ID by removing the `/etc/docker/key.json` file and restarting the daemon. | Until resolved | diff --git a/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md b/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md index 79383c2522..35ee07c226 100644 --- a/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md +++ b/ee/ucp/admin/monitor-and-troubleshoot/troubleshoot-node-messages.md @@ -17,14 +17,15 @@ cluster status](index.md). The following table lists all possible node states that may be reported for a UCP node, their explanation, and the expected duration of a given step. -| Message | Description | Typical step duration | -|:-----------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------------| -| Completing node registration | Waiting for the node to appear in KV node inventory. This is expected to occur when a node first joins the UCP swarm. | 5 - 30 seconds | -| The ucp-agent task is `state` | The `ucp-agent` task on the target node is not in a running state yet. This is an expected message when configuration has been updated, or when a new node was first joined to the UCP cluster. This step may take a longer time duration than expected if the UCP images need to be pulled from Docker Hub on the affected node. | 1-10 seconds | -| Unable to determine node state | The `ucp-reconcile` container on the target node just started running and we are not able to determine its state. | 1-10 seconds | -| Node is being reconfigured | The `ucp-reconcile` container is currently converging the current state of the node to the desired state. This process may involve issuing certificates, pulling missing images, and starting containers, depending on the current node state. | 1 - 60 seconds | -| Reconfiguration pending | The target node is expected to be a manager but the `ucp-reconcile` container has not been started yet. | 1 - 10 seconds | -| Unhealthy UCP Controller: node is unreachable | Other manager nodes of the cluster have not received a heartbeat message from the affected node within a predetermined timeout. This usually indicates that there's either a temporary or permanent interruption in the network link to that manager node. Ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | -| Unhealthy UCP Controller: unable to reach controller | The controller that we are currently communicating with is not reachable within a predetermined timeout. Please refresh the node listing to see if the symptom persists. If the symptom appears intermittently, this could indicate latency spikes between manager nodes, which can lead to temporary loss in the availability of UCP itself. Please ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | -| Unhealthy UCP Controller: Docker Swarm Cluster: Local node `` has status Pending | The Engine ID of an engine is not unique in the swarm. When a node first joins the cluster, it's added to the node inventory and discovered as `Pending` by Docker Swarm. The engine is "validated" if a `ucp-swarm-manager` container can connect to it via TLS, and if its Engine ID is unique in the swarm. If you see this issue repeatedly, make sure that your engines don't have duplicate IDs. Use `docker info` to see the Engine ID. Refresh the ID by removing the `/etc/docker/key.json` file and restarting the daemon. | Until resolved | +| Message | Description | Typical step duration | +| :----------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------- | +| Completing node registration | Waiting for the node to appear in KV node inventory. This is expected to occur when a node first joins the UCP swarm. | 5 - 30 seconds | +| heartbeat failure | The node has not contacted any swarm managers in the last 10 seconds. Check Swarm state in `docker info` on the node. `inactive` means the node has been removed from the swarm with `docker swarm leave`. `pending` means dockerd on the node has been attempting to contact a manager since dockerd on the node started. Confirm network security policy allows tcp port 2377 from the node to managers. `error` means an error prevented swarm from starting on the node. Check docker daemon logs on the node. | Until resolved | +| Node is being reconfigured | The `ucp-reconcile` container is currently converging the current state of the node to the desired state. This process may involve issuing certificates, pulling missing images, and starting containers, depending on the current node state. | 1 - 60 seconds | +| Reconfiguration pending | The target node is expected to be a manager but the `ucp-reconcile` container has not been started yet. | 1 - 10 seconds | +| The ucp-agent task is `state` | The `ucp-agent` task on the target node is not in a running state yet. This is an expected message when configuration has been updated, or when a new node was first joined to the UCP cluster. This step may take a longer time duration than expected if the UCP images need to be pulled from Docker Hub on the affected node. | 1-10 seconds | +| Unable to determine node state | The `ucp-reconcile` container on the target node just started running and we are not able to determine its state. | 1-10 seconds | +| Unhealthy UCP Controller: node is unreachable | Other manager nodes of the cluster have not received a heartbeat message from the affected node within a predetermined timeout. This usually indicates that there's either a temporary or permanent interruption in the network link to that manager node. Ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | +| Unhealthy UCP Controller: unable to reach controller | The controller that we are currently communicating with is not reachable within a predetermined timeout. Please refresh the node listing to see if the symptom persists. If the symptom appears intermittently, this could indicate latency spikes between manager nodes, which can lead to temporary loss in the availability of UCP itself. Please ensure the underlying networking infrastructure is operational, and [contact support](../../get-support.md) if the symptom persists. | Until resolved | +| Unhealthy UCP Controller: Docker Swarm Cluster: Local node `` has status Pending | The Engine ID of an engine is not unique in the swarm. When a node first joins the cluster, it's added to the node inventory and discovered as `Pending` by Docker Swarm. The engine is "validated" if a `ucp-swarm-manager` container can connect to it via TLS, and if its Engine ID is unique in the swarm. If you see this issue repeatedly, make sure that your engines don't have duplicate IDs. Use `docker info` to see the Engine ID. Refresh the ID by removing the `/etc/docker/key.json` file and restarting the daemon. | Until resolved | From 2cc581a8e7a17be8f5cb0b9418179c799300434e Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Mon, 28 Jan 2019 18:35:27 -0500 Subject: [PATCH 253/361] Update for 16082 --- ee/ucp/release-notes.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index 6966fcaf5f..76940c3ff7 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -35,6 +35,9 @@ upgrade your installation to the latest release. * Fixed system hang following UCP backup and docker daemon shutdown. (docker/escalation#841) * Non-admin users can no longer create `PersistentVolumes` that mount host directories. (docker/orca#15936) * Added support for the limit arg in `docker ps`. (docker/orca#15812) + +### Known issue + * By default, Kubelet begins deleting images, starting with the oldest unused images, after exceeding 85% disk space utilization. This causes an issue in an air-gapped environment. ## 3.1.2 (2019-01-09) @@ -158,6 +161,9 @@ The following features are deprecated in UCP 3.1. * Fixed system hang issue following UCP backup and docker daemon shutdown. (docker/escalation#841) * Non-admin users can no longer create `PersistentVolumes` that mount host directories. (#15936) * Added support for the limit arg in `docker ps`. (#15812) + +### Known issue + * By default, Kubelet begins deleting images, starting with the oldest unused images, after exceeding 85% disk space utilization. This causes an issue in an air-gapped environment. ## 3.0.8 (2019-01-09) From 98e825dd39600905240a5e61d4ff7d04f3ffe714 Mon Sep 17 00:00:00 2001 From: "T.D. Gonzales" Date: Mon, 28 Jan 2019 21:12:09 -0700 Subject: [PATCH 254/361] Adding wordpress environment variable. Wordpress needs to know what db to it's user has access to. Without this mysql throws access denied errors. --- compose/wordpress.md | 1 + 1 file changed, 1 insertion(+) diff --git a/compose/wordpress.md b/compose/wordpress.md index 4e94d08669..0e6714f7e1 100644 --- a/compose/wordpress.md +++ b/compose/wordpress.md @@ -59,6 +59,7 @@ Compose to set up and run WordPress. Before starting, make sure you have WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress + WORDPRESS_DB_NAME: wordpress volumes: db_data: {} ``` From 07a3cfc4c6d82e77d043c99c6c3fe2108f91e9b7 Mon Sep 17 00:00:00 2001 From: zulli73 Date: Tue, 29 Jan 2019 09:13:22 +0100 Subject: [PATCH 255/361] Move this tip to the section below Incorporate the following suggestion https://github.com/docker/docker.github.io/pull/7945#issuecomment-457656389 --- docker-for-windows/troubleshoot.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-for-windows/troubleshoot.md b/docker-for-windows/troubleshoot.md index 349a2b46f8..4113b05273 100644 --- a/docker-for-windows/troubleshoot.md +++ b/docker-for-windows/troubleshoot.md @@ -488,10 +488,6 @@ with Linux containers. Check the settings in **Hardware → CPU & Memory → Advanced Options → Enable nested virtualization** (the exact menu sequence might vary slightly). -* Ensure "PMU Virtualization" is turned off in Parallels on Macs. Check the - settings in **Hardware → CPU & Memory → Advanced Settings → PMU - Virtualization** - * Configure your VM with at least 2 CPUs and sufficient memory to run your workloads. @@ -520,6 +516,10 @@ with Linux containers. executed inside a VM which itself runs inside a VM. CPU utilization is also likely to be higher. +* Ensure "PMU Virtualization" is turned off in Parallels on Macs. Check the + settings in **Hardware → CPU & Memory → Advanced Settings → PMU + Virtualization** + #### Related issues Discussion thread on GitHub at [Docker for Windows issue From 8924d2a9b3b9fb89c1983d682f3ac38e0c291146 Mon Sep 17 00:00:00 2001 From: Comical DERSKEAL <27731088+derskeal@users.noreply.github.com> Date: Tue, 29 Jan 2019 15:39:36 +0100 Subject: [PATCH 256/361] Update links.md --- network/links.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/links.md b/network/links.md index 4badd64c7c..9913a3c2f5 100644 --- a/network/links.md +++ b/network/links.md @@ -12,7 +12,7 @@ title: Legacy container links be removed. Unless you absolutely need to continue using it, we recommend that you use user-defined networks to facilitate communication between two containers instead of using `--link`. One feature that user-defined networks do not support that you can do -with `--link` is sharing environmental variables between containers. However, +with `--link` is sharing environment variables between containers. However, you can use other mechanisms such as volumes to share environment variables between containers in a more controlled way. > From 8d4269ccb53ca982a73faafb3e427116fe4d924b Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 13:41:29 -0500 Subject: [PATCH 257/361] Update release-notes.md --- ee/dtr/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/dtr/release-notes.md b/ee/dtr/release-notes.md index 4d418339c2..f2c50b1e30 100644 --- a/ee/dtr/release-notes.md +++ b/ee/dtr/release-notes.md @@ -23,7 +23,7 @@ to upgrade your installation to the latest release. ## 2.6.2 -(2019-1-25) +(2019-1-29) ### Bug Fixes From 3b8dae6c5dce160ccb7628143b849e7eceebaaab Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 14:59:23 -0500 Subject: [PATCH 258/361] Update release-notes.md --- ee/dtr/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/dtr/release-notes.md b/ee/dtr/release-notes.md index 4d418339c2..f2c50b1e30 100644 --- a/ee/dtr/release-notes.md +++ b/ee/dtr/release-notes.md @@ -23,7 +23,7 @@ to upgrade your installation to the latest release. ## 2.6.2 -(2019-1-25) +(2019-1-29) ### Bug Fixes From a85380aa35e1c7da76e3b6a0d5bf748b633f8d3a Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 15:36:42 -0500 Subject: [PATCH 259/361] Updated 3.0.8 bug info --- ee/ucp/release-notes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index b38fcdd687..d4a68bac59 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -168,7 +168,6 @@ The following features are deprecated in UCP 3.1. ### Bug fixes * Upgrading Interlock now also upgrades interlock proxy and interlock extension. (docker/escalation/871) - * Fixed system hang issue following UCP backup and docker daemon shutdown. (docker/escalation#841) * Non-admin users can no longer create `PersistentVolumes` that mount host directories. (#15936) * Added support for the limit arg in `docker ps`. (#15812) @@ -189,6 +188,8 @@ The following features are deprecated in UCP 3.1. `com.docker.lb.network` label is not correctly specified. (docker/orca#15015) * LDAP group member attribute is now case insensitive. (docker/escalation#917) * Fixed an issue that caused a system hang after the attempted shutdown of the Docker daemon to perform a swarm backup. /dev/shm is now unmounted when starting the kubelet container. (docker/orca#15672) + * Fixed system hang issue following UCP backup and docker daemon shutdown. (docker/escalation#841) + * Interlock * Interlock headers can now be hidden. (docker/escalation#833) * Respect `com.docker.lb.network` labels and only attach the specified networks From 7cf44225b0de6a4646250dad3f6676ebb903daff Mon Sep 17 00:00:00 2001 From: Mark Church Date: Tue, 29 Jan 2019 12:43:39 -0800 Subject: [PATCH 260/361] added component versions for UCP for each minor release from UCP 3.0.0 - 3.1.3 --- ee/ucp/release-notes.md | 123 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index b38fcdd687..83049ece3e 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -41,6 +41,16 @@ upgrade your installation to the latest release. ### Known issue * By default, Kubelet begins deleting images, starting with the oldest unused images, after exceeding 85% disk space utilization. This causes an issue in an air-gapped environment. +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.1.3 | +| Kubernetes | 1.11.5 | +| Calico | 3.5.0 | +| Interlock (nginx) | 1.14.0 | + + ## 3.1.2 2019-01-09 @@ -62,12 +72,30 @@ enable this feature in Admin Settings -> SAML Settings. * Now upgrading Interlock will also upgrade interlock proxy and interlock extension as well (escalation/871) * Added support for 'VIP' backend mode, in which the Interlock proxy connects to the backend service's Virtual IP instead of load-balancing directly to each task IP. (docker/interlock#206) (escalation/920) +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.1.2 | +| Kubernetes | 1.11.5 | +| Calico | 3.2.3 | +| Interlock (nginx) | 1.14.0 | + ## 3.1.1 (2018-12-04) * To address CVE-2018-1002105, a critical security issue in the Kubernetes API Server, Docker is using Kubernetes 1.11.5 for UCP 3.1.1. +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.1.1 | +| Kubernetes | 1.11.5 | +| Calico | 3.2.3 | +| Interlock (nginx) | 1.13.12 | + ## 3.1.0 2018-11-08 @@ -111,6 +139,8 @@ Admins can configure UCP to use a SAML-enabled identity provider for user authen * UCP now stores its configurations in its internal key-value store instead of in a Swarm configuration so changes can propagate across the cluster more quickly. * You can now use the `custom_api_server_headers` field in the UCP configuration to set arbitrary headers that are included with every UCP response. + + ## API updates There are several backward-incompatible changes in the Kubernetes API that may affect user workloads. They are: @@ -124,6 +154,8 @@ There are several backward-incompatible changes in the Kubernetes API that may a * JSON configuration used with `kubectl create -f pod.json` containing fields with incorrect casing are no longer valid. You must correct these files before upgrading. When specifying keys in JSON resource definitions during direct API server communication, the keys are case-sensitive. A bug introduced in Kubernetes 1.8 caused the API server to accept a request with incorrect case and coerce it to correct case, but this behaviour has been fixed in 1.11 so the API server will again enforce correct casing. During this time, the `kubectl` tool continued to enforce case-sensitive keys, so users that strictly manage resources with `kubectl` will be unaffected by this change. * If you have a pod with a subpath volume PVC, there’s a chance that after the upgrade, it will conflict with some other pod; see [this pull request](https://github.com/kubernetes/kubernetes/pull/61373). It’s not clear if this issue will just prevent those pods from starting or if the whole cluster will fail. + + ## Known issues * There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during uprades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade) @@ -160,6 +192,15 @@ The following features are deprecated in UCP 3.1. * **PersistentVolumeLabel** admission controller is deprecated in Kubernetes 1.11. This functionality will be migrated to [Cloud Controller Manager](https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/](https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/) * `--cni-install-url` is deprecated in favor of `--unmanaged-cni` +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.1.0 | +| Kubernetes | 1.11.2 | +| Calico | 3.2.3 | +| Interlock (nginx) | 1.13.12 | + # Version 3.0 ## 3.0.9 @@ -197,12 +238,30 @@ The following features are deprecated in UCP 3.1. backend service's Virtual IP instead of load-balancing directly to each task IP. (docker/interlock#206, escalation/920) +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.0.8 | +| Kubernetes | 1.8.15 | +| Calico | 3.0.8 | +| Interlock (nginx) | 1.13.12 | + ## 3.0.7 2018-12-04 * To address CVE-2018-1002105, a critical security issue in the Kubernetes API Server, Docker is using a custom build of Kubernetes 1.8.15 for UCP 3.0.7. +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.0.7 | +| Kubernetes | 1.8.15 | +| Calico | 3.0.8 | +| Interlock (nginx) | 1.13.12 | + ## 3.0.6 2018-10-25 @@ -240,6 +299,15 @@ The following features are deprecated in UCP 3.1. * Fixed an issue that prevented "Per User Limit" on Admin Settings from working. (docker/escalation#639) +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.0.6 | +| Kubernetes | 1.8.15 | +| Calico | 3.0.8 | +| Interlock (nginx) | 1.13.12 | + ## 3.0.5 2018-08-30 @@ -257,6 +325,16 @@ The following features are deprecated in UCP 3.1. Alternately, you can just `docker pull docker/ucp-agent:3.0.5` on every manager node. This issue is fixed in 3.0.5. Any upgrade from 3.0.5 or above should work without manually pulling the images. + + +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.0.5 | +| Kubernetes | 1.8.11 | +| Calico | 3.0.8 | +| Interlock (nginx) | 1.13.12 | ## 3.0.4 @@ -272,6 +350,15 @@ The following features are deprecated in UCP 3.1. * You must manually pull `docker/ucp-agent:3.0.4` in the images section of the web UI before upgrading. Alternately, you can just pull `docker/ucp-agent:3.0.4` on every manager node. +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.0.4 | +| Kubernetes | 1.8.11 | +| Calico | 3.0.8 | +| Interlock (nginx) | 1.13.12 | + ## 3.0.3 2018-07-26 @@ -295,6 +382,14 @@ The following features are deprecated in UCP 3.1. * Fixes an issue where DTR admins are missing the Full Control Grant against /Shared Collection even though they have logged in at least once to the UI. * Add support for bind mount volumes to kubernetes stacks and fixes sporadic errors in kubernetes stack validator that would incorrectly reject stacks. +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.0.3 | +| Kubernetes | 1.8.11 | +| Calico | 3.0.8 | +| Interlock (nginx) | 1.13.12 | ## 3.0.2 @@ -331,6 +426,15 @@ Azure Disk when installing UCP with the `--cloud-provider` option. * UI/UX * Fixed an issue that causes LDAP configuration UI to not work properly. +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.0.2 | +| Kubernetes | 1.8.11 | +| Calico | 3.0.1 | +| Interlock (nginx) | 1.13.8 | + ## 3.0.1 2018-05-17 @@ -374,6 +478,15 @@ Azure Disk when installing UCP with the `--cloud-provider` option. depending on how quickly `calico-node` gets upgraded on those nodes. * `ucp-interlock-proxy` may fail to start when two or more services are configured with two or more backend hosts. [You can use this workaround](https://success.docker.com/article/how-do-i-ensure-the-ucp-routing-mesh-ucp-interlock-proxy-continues-running-in-the-event-of-a-failed-update). + + ### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.0.1 | +| Kubernetes | 1.8.11 | +| Calico | 3.0.1 | +| Interlock (nginx) | 1.13.8 | ## Version 3.0.0 @@ -523,6 +636,16 @@ from the UCP web UI. You can configure Docker Engine for this. * The option to configure a rescheduling policy for basic containers is deprecated. Deploy your applications as Swarm services or Kubernetes workloads. + +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.0.1 | +| Kubernetes | 1.8.11 | +| Calico | 3.0.1 | +| Interlock (nginx) | 1.13.8 | + # Version 2.2 ## Version 2.2.16 From dd1cae2922b568b357ba3a53e30e3ed2cd5bee70 Mon Sep 17 00:00:00 2001 From: Mark Church Date: Tue, 29 Jan 2019 12:46:50 -0800 Subject: [PATCH 261/361] fixed 3.0.9 because it was missing --- ee/ucp/release-notes.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index 83049ece3e..a60201f83d 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -216,6 +216,15 @@ The following features are deprecated in UCP 3.1. ### Known issue * By default, Kubelet begins deleting images, starting with the oldest unused images, after exceeding 85% disk space utilization. This causes an issue in an air-gapped environment. +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.0.9 | +| Kubernetes | 1.8.15 | +| Calico | 3.0.8 | +| Interlock (nginx) | 1.13.12 | + ## 3.0.8 2019-01-09 From 5c9ae10b15d4a2dc9e792cef6e5153645c1e6c72 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 16:00:46 -0500 Subject: [PATCH 262/361] Update platform info for 3.0.9 --- ee/ucp/release-notes.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index d4a68bac59..e996854c03 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -166,6 +166,9 @@ The following features are deprecated in UCP 3.1. 2018-01-29 +### New platforms + * Added support for RHEL 7.6 with Devicemapper and Overlay2 storage drivers. (docker/orca#15996) + ### Bug fixes * Upgrading Interlock now also upgrades interlock proxy and interlock extension. (docker/escalation/871) * Non-admin users can no longer create `PersistentVolumes` that mount host directories. (#15936) From 5bd4d8ae2b2e2b2a845f9cd8d20f27b885b5296b Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 16:17:41 -0500 Subject: [PATCH 263/361] Update 3.1.3 fix information --- ee/ucp/release-notes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index e996854c03..2860f0166f 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -37,6 +37,7 @@ upgrade your installation to the latest release. * Fixed system hang following UCP backup and docker daemon shutdown. (docker/escalation#841) * Non-admin users can no longer create `PersistentVolumes` that mount host directories. (docker/orca#15936) * Added support for the limit arg in `docker ps`. (docker/orca#15812) + * Fixed an issue with ucp-proxy health check. (docker/orca#15814, docker/orca#15813, docker/orca#16021, docker/orca#15811) ### Known issue * By default, Kubelet begins deleting images, starting with the oldest unused images, after exceeding 85% disk space utilization. This causes an issue in an air-gapped environment. From f412fa29f297d115d91c68528ed46d3aaf656263 Mon Sep 17 00:00:00 2001 From: Darwin Traver Date: Tue, 29 Jan 2019 16:43:20 -0500 Subject: [PATCH 264/361] Update Calico version for UCP 3.1.3 --- ee/ucp/ucp-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/ucp/ucp-architecture.md b/ee/ucp/ucp-architecture.md index a662831cca..110e4b649f 100644 --- a/ee/ucp/ucp-architecture.md +++ b/ee/ucp/ucp-architecture.md @@ -68,7 +68,7 @@ on a node depend on whether the node is a manager or a worker. Internally, UCP uses the following components: -* Calico v3.2.3 +* Calico v3.5 * Kubernetes v1.11.5 ### UCP components in manager nodes From 9d6d88adc5eff0139f377f63c2d200df63bcb27e Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 16:59:13 -0500 Subject: [PATCH 265/361] Fixed 3.0.8 duplicate info --- ee/ucp/release-notes.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index 2860f0166f..804b74f2c7 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -191,8 +191,7 @@ The following features are deprecated in UCP 3.1. * UCP backend will now complain when a service is created/updated if the `com.docker.lb.network` label is not correctly specified. (docker/orca#15015) * LDAP group member attribute is now case insensitive. (docker/escalation#917) - * Fixed an issue that caused a system hang after the attempted shutdown of the Docker daemon to perform a swarm backup. /dev/shm is now unmounted when starting the kubelet container. (docker/orca#15672) - * Fixed system hang issue following UCP backup and docker daemon shutdown. (docker/escalation#841) + * Fixed an issue that caused a system hang after UCP backup and the attempted shutdown of the Docker daemon to perform a swarm backup. /dev/shm is now unmounted when starting the kubelet container. (docker/orca#15672, docker/escalation#841) * Interlock * Interlock headers can now be hidden. (docker/escalation#833) From bcd04bd38a4d78b32b24d4f21fa6410226b61c43 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 20:01:07 -0500 Subject: [PATCH 266/361] Fix syntax --- engine/release-notes.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index 094aeda2f8..08b80de7e8 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -250,7 +250,7 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d ## Older Docker Engine EE Release notes ### 18.03.1-ee-4 -<<<<<<< HEAD + 2018-10-25 > *** NOTE: *** If you're deploying UCP or DTR, use Docker EE Engine 18.09 or higher. 18.03 is an engine only release. @@ -301,8 +301,8 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d #### Swarm Mode * Clean up tasks in dirty list for which the service has been deleted. [docker/swarmkit#2694](https://github.com/docker/swarmkit/pull/2694) - * Propagate the provided external CA certificate to the external CA object in swarm. [docker/cli#1178](https://github.com/docker/cli/pull/1178) -======= + * Propagate the provided external CA certificate to the external CA object in swarm. [docker/cli#1178](https://github.com/docker/cli/pull/1178) + 2018-10-25 > ***NOTE:*** If you're deploying UCP or DTR, use Docker EE Engine 18.09 or higher. 18.03 is an engine only release. From 2d179c873425e1811318663645e981e237c487bb Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 20:06:23 -0500 Subject: [PATCH 267/361] Update release-notes.md --- engine/release-notes.md | 1 - 1 file changed, 1 deletion(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index 08b80de7e8..5163bdb6a1 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -354,7 +354,6 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d * Clean up tasks in dirty list for which the service has been deleted. [docker/swarmkit#2694](https://github.com/docker/swarmkit/pull/2694) * Propagate the provided external CA certificate to the external CA object in swarm. [docker/cli#1178](https://github.com/docker/cli/pull/1178) ->>>>>>> 6292ef3ac708f00e7ba13a706bcb7225c34ddb19 ### 18.03.1-ee-2 2018-07-10 From 49b80a76cc01004cf6588ac0377d0fc144757a33 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Mon, 28 Jan 2019 14:19:08 -0800 Subject: [PATCH 268/361] update install instructions of latest docker-ce to include containerd Signed-off-by: Andrew Hsu --- install/linux/docker-ce/centos.md | 6 +++--- install/linux/docker-ce/debian.md | 6 +++--- install/linux/docker-ce/fedora.md | 6 +++--- install/linux/docker-ce/ubuntu.md | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/install/linux/docker-ce/centos.md b/install/linux/docker-ce/centos.md index 79c52a1a52..eab3e8a39c 100644 --- a/install/linux/docker-ce/centos.md +++ b/install/linux/docker-ce/centos.md @@ -130,10 +130,10 @@ from the repository. #### Install Docker CE -1. Install the _latest version_ of Docker CE, or go to the next step to install a specific version: +1. Install the _latest version_ of Docker CE and containerd, or go to the next step to install a specific version: ```bash - $ sudo yum install docker-ce + $ sudo yum install docker-ce containerd.io ``` If prompted to accept the GPG key, verify that the fingerprint matches @@ -172,7 +172,7 @@ from the repository. a hyphen (`-`). For example, `docker-ce-18.09.1`. ```bash - $ sudo yum install docker-ce- + $ sudo yum install docker-ce- containerd.io ``` Docker is installed but not started. The `docker` group is created, but no users are added to the group. diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index e8840da08c..c546877408 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -171,10 +171,10 @@ from the repository. $ sudo apt-get update ``` -2. Install the _latest version_ of Docker CE, or go to the next step to install a specific version: +2. Install the _latest version_ of Docker CE and containerd, or go to the next step to install a specific version: ```bash - $ sudo apt-get install docker-ce + $ sudo apt-get install docker-ce containerd.io ``` > Got multiple Docker repositories? @@ -202,7 +202,7 @@ from the repository. for example, `5:18.09.1~3-0~debian-stretch `. ```bash - $ sudo apt-get install docker-ce= + $ sudo apt-get install docker-ce= containerd.io ``` 4. Verify that Docker CE is installed correctly by running the `hello-world` diff --git a/install/linux/docker-ce/fedora.md b/install/linux/docker-ce/fedora.md index 10656e1d28..975ee412b5 100644 --- a/install/linux/docker-ce/fedora.md +++ b/install/linux/docker-ce/fedora.md @@ -122,10 +122,10 @@ from the repository. #### Install Docker CE -1. Install the _latest version_ of Docker CE, or go to the next step to install a specific version: +1. Install the _latest version_ of Docker CE and containerd, or go to the next step to install a specific version: ```bash - $ sudo dnf install docker-ce + $ sudo dnf install docker-ce containerd.io ``` If prompted to accept the GPG key, verify that the fingerprint matches @@ -164,7 +164,7 @@ from the repository. `docker-ce-3:18.09.1`. ```bash - $ sudo dnf -y install docker-ce- + $ sudo dnf -y install docker-ce- containerd.io ``` Docker is installed but not started. The `docker` group is created, but no users are added to the group. diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index b67b846e8f..e0eff49f5e 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -206,10 +206,10 @@ from the repository. $ sudo apt-get update ``` -2. Install the _latest version_ of Docker CE, or go to the next step to install a specific version: +2. Install the _latest version_ of Docker CE and containerd, or go to the next step to install a specific version: ```bash - $ sudo apt-get install docker-ce + $ sudo apt-get install docker-ce containerd.io ``` > Got multiple Docker repositories? @@ -237,7 +237,7 @@ from the repository. for example, `5:18.09.1~3-0~ubuntu-xenial`. ```bash - $ sudo apt-get install docker-ce= + $ sudo apt-get install docker-ce= containerd.io ``` 4. Verify that Docker CE is installed correctly by running the `hello-world` From 95c850fcb150108748ed3ac46a27fb29eee5a48f Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Mon, 28 Jan 2019 14:24:18 -0800 Subject: [PATCH 269/361] update install instructions of latest docker-ee to include containerd Signed-off-by: Andrew Hsu --- _includes/ee-linux-install-reuse.md | 4 ++-- install/linux/docker-ee/suse.md | 6 +++--- install/linux/docker-ee/ubuntu.md | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/_includes/ee-linux-install-reuse.md b/_includes/ee-linux-install-reuse.md index 695196bfc6..12f9b20642 100644 --- a/_includes/ee-linux-install-reuse.md +++ b/_includes/ee-linux-install-reuse.md @@ -145,7 +145,7 @@ You only need to set up the repository once, after which you can install Docker 1. Install the latest patch release, or go to the next step to install a specific version: ```bash - $ sudo yum -y install docker-ee + $ sudo yum -y install docker-ee containerd.io ``` If prompted to accept the GPG key, verify that the fingerprint matches `{{ gpg-fingerprint }}`, and if so, accept it. @@ -166,7 +166,7 @@ You only need to set up the repository once, after which you can install Docker b. Install a specific version by its **fully qualified package name** which is the package name (`docker-ee`) plus the version string (2nd column) up to the hyphen, for example: `docker-ee-18.09.0` ```bash - $ sudo yum -y install + $ sudo yum -y install containerd.io ``` For example, if you want to install the 18.09 version run the following: diff --git a/install/linux/docker-ee/suse.md b/install/linux/docker-ee/suse.md index f4f0aa6e6c..71e2ee46ba 100644 --- a/install/linux/docker-ee/suse.md +++ b/install/linux/docker-ee/suse.md @@ -222,11 +222,11 @@ from the repository. `77FE DA13 1A83 1D29 A418 D3E8 99E5 FF2E 7668 2BC9` and if so, accept the key. -2. Install the latest version of Docker EE, or go to the next step to install a +2. Install the latest version of Docker EE and containerd, or go to the next step to install a specific version. ```bash - $ sudo zypper install docker-ee + $ sudo zypper install docker-ee containerd.io ``` Start Docker: @@ -259,7 +259,7 @@ from the repository. and separate them by a hyphen (`-`): ```bash - $ sudo zypper install docker-ee- + $ sudo zypper install docker-ee- containerd.io ``` Docker is installed but not started. The `docker` group is created, but no diff --git a/install/linux/docker-ee/ubuntu.md b/install/linux/docker-ee/ubuntu.md index ff73108186..a99a67e062 100644 --- a/install/linux/docker-ee/ubuntu.md +++ b/install/linux/docker-ee/ubuntu.md @@ -191,10 +191,10 @@ from the repository. 2. Install the latest version of Docker EE, or go to the next step to install a specific version. Any existing installation of Docker EE is replaced. - Use this command to install the latest version of Docker EE: + Use this command to install the latest version of Docker EE and containerd: ```bash - $ sudo apt-get install docker-ee + $ sudo apt-get install docker-ee containerd.io ``` > **Warning**: If you have multiple Docker repositories enabled, installing @@ -222,7 +222,7 @@ from the repository. version string to the package name and separate them by an equals sign (`=`): ```bash - $ sudo apt-get install docker-ee= + $ sudo apt-get install docker-ee= containerd.io ``` The Docker daemon starts automatically. From aa420ff24bed9c43a5485b1ad40b20dbd792c99b Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Mon, 28 Jan 2019 14:33:24 -0800 Subject: [PATCH 270/361] added extra notes section in release notes for installing containerd.io Signed-off-by: Andrew Hsu --- engine/release-notes.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/engine/release-notes.md b/engine/release-notes.md index 2ab6a84992..6070646505 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -22,6 +22,13 @@ consistency and compatibility reasons. > patch version. The enterprise engine is a superset of the community engine. They > will ship concurrently with the same x patch version based on the same code base. +> ***NOTE:*** +> The `containerd.io` container runtime package is now in a separate package from +> Docker Engine 18.09. Users will need to update the `containerd.io` package in +> conjunction with the Docker Engine package. For example, on Ubuntu: +> `sudo apt install docker-ce containerd.io`. See the install instructions for +> corresponding linux distro for details. + ## 18.09.1 2019-01-09 From 96c56dabca9a222e2817fac244b49a7766b996a2 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Wed, 30 Jan 2019 01:25:22 +0000 Subject: [PATCH 271/361] also add docker-ce-cli to docker-ce install instructions Signed-off-by: Andrew Hsu --- install/linux/docker-ce/centos.md | 4 ++-- install/linux/docker-ce/debian.md | 4 ++-- install/linux/docker-ce/fedora.md | 4 ++-- install/linux/docker-ce/ubuntu.md | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/install/linux/docker-ce/centos.md b/install/linux/docker-ce/centos.md index eab3e8a39c..c56e66f070 100644 --- a/install/linux/docker-ce/centos.md +++ b/install/linux/docker-ce/centos.md @@ -133,7 +133,7 @@ from the repository. 1. Install the _latest version_ of Docker CE and containerd, or go to the next step to install a specific version: ```bash - $ sudo yum install docker-ce containerd.io + $ sudo yum install docker-ce docker-ce-cli containerd.io ``` If prompted to accept the GPG key, verify that the fingerprint matches @@ -172,7 +172,7 @@ from the repository. a hyphen (`-`). For example, `docker-ce-18.09.1`. ```bash - $ sudo yum install docker-ce- containerd.io + $ sudo yum install docker-ce- docker-ce-cli- containerd.io ``` Docker is installed but not started. The `docker` group is created, but no users are added to the group. diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index c546877408..1536ec336d 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -174,7 +174,7 @@ from the repository. 2. Install the _latest version_ of Docker CE and containerd, or go to the next step to install a specific version: ```bash - $ sudo apt-get install docker-ce containerd.io + $ sudo apt-get install docker-ce docker-ce-cli containerd.io ``` > Got multiple Docker repositories? @@ -202,7 +202,7 @@ from the repository. for example, `5:18.09.1~3-0~debian-stretch `. ```bash - $ sudo apt-get install docker-ce= containerd.io + $ sudo apt-get install docker-ce= docker-ce-cli= containerd.io ``` 4. Verify that Docker CE is installed correctly by running the `hello-world` diff --git a/install/linux/docker-ce/fedora.md b/install/linux/docker-ce/fedora.md index 975ee412b5..394b29779e 100644 --- a/install/linux/docker-ce/fedora.md +++ b/install/linux/docker-ce/fedora.md @@ -125,7 +125,7 @@ from the repository. 1. Install the _latest version_ of Docker CE and containerd, or go to the next step to install a specific version: ```bash - $ sudo dnf install docker-ce containerd.io + $ sudo dnf install docker-ce docker-ce-cli containerd.io ``` If prompted to accept the GPG key, verify that the fingerprint matches @@ -164,7 +164,7 @@ from the repository. `docker-ce-3:18.09.1`. ```bash - $ sudo dnf -y install docker-ce- containerd.io + $ sudo dnf -y install docker-ce- docker-ce-cli- containerd.io ``` Docker is installed but not started. The `docker` group is created, but no users are added to the group. diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index e0eff49f5e..c2cd6d906b 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -209,7 +209,7 @@ from the repository. 2. Install the _latest version_ of Docker CE and containerd, or go to the next step to install a specific version: ```bash - $ sudo apt-get install docker-ce containerd.io + $ sudo apt-get install docker-ce docker-ce-cli containerd.io ``` > Got multiple Docker repositories? @@ -237,7 +237,7 @@ from the repository. for example, `5:18.09.1~3-0~ubuntu-xenial`. ```bash - $ sudo apt-get install docker-ce= containerd.io + $ sudo apt-get install docker-ce= docker-ce-cli= containerd.io ``` 4. Verify that Docker CE is installed correctly by running the `hello-world` From 128b54cef859a3ff78fa865ed2678ed4af12cd5a Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Wed, 30 Jan 2019 01:53:01 +0000 Subject: [PATCH 272/361] also add docker-ee-cli to docker-ee install instructions Signed-off-by: Andrew Hsu --- _includes/ee-linux-install-reuse.md | 6 +++--- install/linux/docker-ee/suse.md | 4 ++-- install/linux/docker-ee/ubuntu.md | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/_includes/ee-linux-install-reuse.md b/_includes/ee-linux-install-reuse.md index 12f9b20642..bbd1cfa6b5 100644 --- a/_includes/ee-linux-install-reuse.md +++ b/_includes/ee-linux-install-reuse.md @@ -145,7 +145,7 @@ You only need to set up the repository once, after which you can install Docker 1. Install the latest patch release, or go to the next step to install a specific version: ```bash - $ sudo yum -y install docker-ee containerd.io + $ sudo yum -y install docker-ee docker-ee-cli containerd.io ``` If prompted to accept the GPG key, verify that the fingerprint matches `{{ gpg-fingerprint }}`, and if so, accept it. @@ -163,10 +163,10 @@ You only need to set up the repository once, after which you can install Docker The list returned depends on which repositories you enabled, and is specific to your version of {{ linux-dist-long }} (indicated by `.el7` in this example). - b. Install a specific version by its **fully qualified package name** which is the package name (`docker-ee`) plus the version string (2nd column) up to the hyphen, for example: `docker-ee-18.09.0` + b. Install a specific version by its fully qualified package name, which is the package name (`docker-ee`) plus the version string (2nd column) starting at the first colon (`:`), up to the first hyphen, separated by a hyphen (`-`). For example, `docker-ee-18.09.1`. ```bash - $ sudo yum -y install containerd.io + $ sudo yum -y install docker-ee- docker-ee-cli- containerd.io ``` For example, if you want to install the 18.09 version run the following: diff --git a/install/linux/docker-ee/suse.md b/install/linux/docker-ee/suse.md index 71e2ee46ba..dc3ecafe5f 100644 --- a/install/linux/docker-ee/suse.md +++ b/install/linux/docker-ee/suse.md @@ -226,7 +226,7 @@ from the repository. specific version. ```bash - $ sudo zypper install docker-ee containerd.io + $ sudo zypper install docker-ee docker-ee-cli containerd.io ``` Start Docker: @@ -259,7 +259,7 @@ from the repository. and separate them by a hyphen (`-`): ```bash - $ sudo zypper install docker-ee- containerd.io + $ sudo zypper install docker-ee- docker-ee-cli- containerd.io ``` Docker is installed but not started. The `docker` group is created, but no diff --git a/install/linux/docker-ee/ubuntu.md b/install/linux/docker-ee/ubuntu.md index a99a67e062..e46af2efd9 100644 --- a/install/linux/docker-ee/ubuntu.md +++ b/install/linux/docker-ee/ubuntu.md @@ -194,7 +194,7 @@ from the repository. Use this command to install the latest version of Docker EE and containerd: ```bash - $ sudo apt-get install docker-ee containerd.io + $ sudo apt-get install docker-ee docker-ee-cli containerd.io ``` > **Warning**: If you have multiple Docker repositories enabled, installing @@ -222,7 +222,7 @@ from the repository. version string to the package name and separate them by an equals sign (`=`): ```bash - $ sudo apt-get install docker-ee= containerd.io + $ sudo apt-get install docker-ee= docker-ee-cli= containerd.io ``` The Docker daemon starts automatically. From c550b3dee28db2b25792522da8e0d2b551dfe76f Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Wed, 30 Jan 2019 01:57:52 +0000 Subject: [PATCH 273/361] update the release notes note to include cli package Signed-off-by: Andrew Hsu --- engine/release-notes.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index 6070646505..9b86791492 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -23,11 +23,11 @@ consistency and compatibility reasons. > will ship concurrently with the same x patch version based on the same code base. > ***NOTE:*** -> The `containerd.io` container runtime package is now in a separate package from -> Docker Engine 18.09. Users will need to update the `containerd.io` package in -> conjunction with the Docker Engine package. For example, on Ubuntu: -> `sudo apt install docker-ce containerd.io`. See the install instructions for -> corresponding linux distro for details. +> The client and container runtime are now in a separate packages from the daemon in +> Docker Engine 18.09. Users should install and update all 3 packages at the same time +> to get the latest patch releases. For example, on Ubuntu: +> `sudo apt install docker-ce docker-ce-cli containerd.io`. See the install instructions +> of the corresponding linux distro for details. ## 18.09.1 2019-01-09 From 59eec9832bd3598b6c0431ebc599e01fc7f55d95 Mon Sep 17 00:00:00 2001 From: Daniel Compton Date: Wed, 30 Jan 2019 15:20:43 +1300 Subject: [PATCH 274/361] Remove leading whitespace in code blocks from Django docs --- compose/django.md | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/compose/django.md b/compose/django.md index a65bd5d8b4..4eb65148be 100644 --- a/compose/django.md +++ b/compose/django.md @@ -26,13 +26,13 @@ and a `docker-compose.yml` file. (You can use either a `.yml` or `.yaml` extensi 3. Add the following content to the `Dockerfile`. - FROM python:3 - ENV PYTHONUNBUFFERED 1 - RUN mkdir /code - WORKDIR /code - COPY requirements.txt /code/ - RUN pip install -r requirements.txt - COPY . /code/ + FROM python:3 + ENV PYTHONUNBUFFERED 1 + RUN mkdir /code + WORKDIR /code + COPY requirements.txt /code/ + RUN pip install -r requirements.txt + COPY . /code/ This `Dockerfile` starts with a [Python 3 parent image](https://hub.docker.com/r/library/python/tags/3/). The parent image is modified by adding a new `code` directory. The parent image is further modified @@ -46,8 +46,8 @@ and a `docker-compose.yml` file. (You can use either a `.yml` or `.yaml` extensi 6. Add the required software in the file. - Django>=2.0,<3.0 - psycopg2>=2.7,<3.0 + Django>=2.0,<3.0 + psycopg2>=2.7,<3.0 7. Save and close the `requirements.txt` file. @@ -93,7 +93,7 @@ In this step, you create a Django starter project by building the image from the 2. Create the Django project by running the [docker-compose run](/compose/reference/run/) command as follows. - sudo docker-compose run web django-admin startproject composeexample . + sudo docker-compose run web django-admin startproject composeexample . This instructs Compose to run `django-admin startproject composeexample` in a container, using the `web` service's image and configuration. Because @@ -107,18 +107,18 @@ the [docker-compose run](/compose/reference/run/) command as follows. 3. After the `docker-compose` command completes, list the contents of your project. - $ ls -l - drwxr-xr-x 2 root root composeexample - -rw-rw-r-- 1 user user docker-compose.yml - -rw-rw-r-- 1 user user Dockerfile - -rwxr-xr-x 1 root root manage.py - -rw-rw-r-- 1 user user requirements.txt + $ ls -l + drwxr-xr-x 2 root root composeexample + -rw-rw-r-- 1 user user docker-compose.yml + -rw-rw-r-- 1 user user Dockerfile + -rwxr-xr-x 1 root root manage.py + -rw-rw-r-- 1 user user requirements.txt If you are running Docker on Linux, the files `django-admin` created are owned by root. This happens because the container runs as the root user. Change the ownership of the new files. - sudo chown -R $USER:$USER . + sudo chown -R $USER:$USER . If you are running Docker on Mac or Windows, you should already have ownership of all files, including those generated by From 84436bb5c3ef5067bc793edbe12b221d5413a941 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 21:55:15 -0500 Subject: [PATCH 275/361] Update binaries.md --- install/linux/docker-ce/binaries.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/linux/docker-ce/binaries.md b/install/linux/docker-ce/binaries.md index 7f3fe62ca1..f01b50167a 100644 --- a/install/linux/docker-ce/binaries.md +++ b/install/linux/docker-ce/binaries.md @@ -162,4 +162,4 @@ version. ## Next steps -Continue with the [User Guide](/engine/userguide/index.md). +Continue with the [User Guide](/get-started/index.md). From d74425ef51c4aadb0c1e406f8d25198aabb57ca6 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 21:56:09 -0500 Subject: [PATCH 276/361] Fix user guide link --- install/linux/docker-ce/centos.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/linux/docker-ce/centos.md b/install/linux/docker-ce/centos.md index aacf1d203f..d576e62ce8 100644 --- a/install/linux/docker-ce/centos.md +++ b/install/linux/docker-ce/centos.md @@ -279,4 +279,4 @@ You must delete any edited configuration files manually. - Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md) -- Continue with the [User Guide](/engine/userguide/index.md). +- Continue with the [User Guide](/get-started/index.md). From 901c9dd48eec33f62bb28034e48f8ce158d35834 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 21:56:38 -0500 Subject: [PATCH 277/361] Fix user guide link --- install/linux/docker-ce/debian.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index 231fa7b199..cecac0f814 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -381,4 +381,4 @@ You must delete any edited configuration files manually. - Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md) -- Continue with the [User Guide](/engine/userguide/index.md). +- Continue with the [User Guide](/get-started/index.md). From 5f251f611ad78fd570c05d792a2eab5c785456ee Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 21:57:07 -0500 Subject: [PATCH 278/361] Fix user guide link --- install/linux/docker-ce/fedora.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/linux/docker-ce/fedora.md b/install/linux/docker-ce/fedora.md index 00642ac815..cb01148b23 100644 --- a/install/linux/docker-ce/fedora.md +++ b/install/linux/docker-ce/fedora.md @@ -266,4 +266,4 @@ You must delete any edited configuration files manually. - Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md) -- Continue with the [User Guide](/engine/userguide/index.md). +- Continue with the [User Guide](/get-started/index.md). From 41243a2560e99726b6331be26ff13e09810884aa Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 21:57:36 -0500 Subject: [PATCH 279/361] Fix user guide link --- install/linux/docker-ce/ubuntu.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index 4d45d2e4b7..849a2cc240 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -382,4 +382,4 @@ You must delete any edited configuration files manually. - Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md) -- Continue with the [User Guide](/engine/userguide/index.md). +- Continue with the [User Guide](/get-started/index.md). From 4a51ac434ad1582dd3dfb48c0966232e405dbdc1 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 29 Jan 2019 21:58:05 -0500 Subject: [PATCH 280/361] Update linux-postinstall.md --- install/linux/linux-postinstall.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/linux/linux-postinstall.md b/install/linux/linux-postinstall.md index 5f6b1102dc..452db11716 100644 --- a/install/linux/linux-postinstall.md +++ b/install/linux/linux-postinstall.md @@ -485,4 +485,4 @@ and a 10% overall performance degradation, even if Docker is not running. ## Next steps -- Continue with the [User Guide](/engine/userguide/index.md). +- Continue with the [User Guide](/get-started/index.md). From c50e191be5d3ca4e9d4b7774b445abd2e09574da Mon Sep 17 00:00:00 2001 From: ollypom Date: Wed, 30 Jan 2019 09:17:31 +0000 Subject: [PATCH 281/361] Revert back to 18.09.1 for Win Engine Release Signed-off-by: ollypom --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index e7faeadac9..463ec13ade 100644 --- a/_config.yml +++ b/_config.yml @@ -94,7 +94,7 @@ defaults: - scope: path: "install" values: - win_latest_build: "docker-18.09.2" + win_latest_build: "docker-18.09.1" - scope: path: "datacenter" values: From d665c2e0484afe252e3a18e84755e308c3601282 Mon Sep 17 00:00:00 2001 From: L-Hudson <44844738+L-Hudson@users.noreply.github.com> Date: Wed, 30 Jan 2019 11:01:51 -0500 Subject: [PATCH 282/361] Update release-notes.md editorial changes --- engine/release-notes.md | 134 ++++++++++++++++++++-------------------- 1 file changed, 67 insertions(+), 67 deletions(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index 9b86791492..d8934d7e72 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -23,11 +23,11 @@ consistency and compatibility reasons. > will ship concurrently with the same x patch version based on the same code base. > ***NOTE:*** -> The client and container runtime are now in a separate packages from the daemon in -> Docker Engine 18.09. Users should install and update all 3 packages at the same time +> The client and container runtime are now in separate packages from the daemon in +> Docker Engine 18.09. Users should install and update all three packages at the same time > to get the latest patch releases. For example, on Ubuntu: > `sudo apt install docker-ce docker-ce-cli containerd.io`. See the install instructions -> of the corresponding linux distro for details. +> for the corresponding linux distro for details. ## 18.09.1 2019-01-09 @@ -40,7 +40,7 @@ consistency and compatibility reasons. ### Improvements for Docker Engine EE and CE * Updated to BuildKit 0.3.3 [docker/engine#122](https://github.com/docker/engine/pull/122) * Updated to containerd 1.2.2 [docker/engine#144](https://github.com/docker/engine/pull/144) -* Provide additional warnings for use of deprecated legacy overlay and devicemapper storage drivers [docker/engine#85](https://github.com/docker/engine/pull/85) +* Provided additional warnings for use of deprecated legacy overlay and devicemapper storage drivers [docker/engine#85](https://github.com/docker/engine/pull/85) * prune: perform image pruning before build cache pruning [docker/cli#1532](https://github.com/docker/cli/pull/1532) * Added bash completion for experimental CLI commands (manifest) [docker/cli#1542](https://github.com/docker/cli/pull/1542) * Windows: allow process isolation on Windows 10 [docker/engine#81](https://github.com/docker/engine/pull/81) @@ -80,83 +80,83 @@ consistency and compatibility reasons. ### New features for Docker Engine EE and CE -* Update API version to 1.39 [moby/moby#37640](https://github.com/moby/moby/pull/37640) -* Add support for remote connections using SSH [docker/cli#1014](https://github.com/docker/cli/pull/1014) -* Builder: add prune options to the API [moby/moby#37651](https://github.com/moby/moby/pull/37651) -* Add "Warnings" to `/info` endpoint, and move detection to the daemon [moby/moby#37502](https://github.com/moby/moby/pull/37502) -* Allow BuildKit builds to run without experimental mode enabled. Buildkit can now be configured with an option in daemon.json [moby/moby#37593](https://github.com/moby/moby/pull/37593) [moby/moby#37686](https://github.com/moby/moby/pull/37686) [moby/moby#37692](https://github.com/moby/moby/pull/37692) [docker/cli#1303](https://github.com/docker/cli/pull/1303) [docker/cli#1275](https://github.com/docker/cli/pull/1275) -* Add support for build-time secrets using a `--secret` flag when using BuildKit [docker/cli#1288](https://github.com/docker/cli/pull/1288) -* Add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`) when using BuildKit [docker/cli#1438](https://github.com/docker/cli/pull/1438) / [docker/cli#1419](https://github.com/docker/cli/pull/1419) -* Add `--chown` flag support for `ADD` and `COPY` commands on Windows [moby/moby#35521](https://github.com/moby/moby/pull/35521) -* Add `builder prune` subcommand to prune BuildKit build cache [docker/cli#1295](https://github.com/docker/cli/pull/1295) [docker/cli#1334](https://github.com/docker/cli/pull/1334) -* BuildKit: Add configurable garbage collection policy for the BuildKit build cache [docker/engine#59](https://github.com/docker/engine/pull/59) / [moby/moby#37846](https://github.com/moby/moby/pull/37846) -* BuildKit: Add support for `docker build --pull ...` when using BuildKit [moby/moby#37613](https://github.com/moby/moby/pull/37613) -* BuildKit: Add support or "registry-mirrors" and "insecure-registries" when using BuildKit [docker/engine#59](https://github.com/docker/engine/pull/59) / [moby/moby#37852](https://github.com/moby/moby/pull/37852) -* BuildKit: Enable net modes and bridge. [moby/moby#37620](https://github.com/moby/moby/pull/37620) -* Add `docker engine` subcommand to manage the lifecycle of a Docker Engine running as a privileged container on top of containerd, and to allow upgrades to Docker Engine Enterprise [docker/cli#1260](https://github.com/docker/cli/pull/1260) -* Expose product license in `docker info` output [docker/cli#1313](https://github.com/docker/cli/pull/1313) -* Show warnings produced by daemon in `docker info` output [docker/cli#1225](https://github.com/docker/cli/pull/1225) -* Add "local" log driver [moby/moby#37092](https://github.com/moby/moby/pull/37092) -* Amazon CloudWatch: add `awslogs-endpoint` logging option [moby/moby#37374](https://github.com/moby/moby/pull/37374) -* Add support for global default address pools [moby/moby#37558](https://github.com/moby/moby/pull/37558) [docker/cli#1233](https://github.com/docker/cli/pull/1233) -* Configure containerd log-level to be the same as dockerd [moby/moby#37419](https://github.com/moby/moby/pull/37419) -* Add configuration option for cri-containerd [moby/moby#37519](https://github.com/moby/moby/pull/37519) -* Update containerd client to v1.2.0-rc.1 [moby/moby#37664](https://github.com/moby/moby/pull/37664), [docker/engine#75](https://github.com/docker/engine/pull/75) / [moby/moby#37710](https://github.com/moby/moby/pull/37710) -* Add support for global default address pools [moby/moby#37558](https://github.com/moby/moby/pull/37558) [docker/cli#1233](https://github.com/docker/cli/pull/1233) +* Updated API version to 1.39 [moby/moby#37640](https://github.com/moby/moby/pull/37640) +* Added support for remote connections using SSH [docker/cli#1014](https://github.com/docker/cli/pull/1014) +* Builder: added prune options to the API [moby/moby#37651](https://github.com/moby/moby/pull/37651) +* Added "Warnings" to `/info` endpoint, and move detection to the daemon [moby/moby#37502](https://github.com/moby/moby/pull/37502) +* Allows BuildKit builds to run without experimental mode enabled. Buildkit can now be configured with an option in daemon.json [moby/moby#37593](https://github.com/moby/moby/pull/37593) [moby/moby#37686](https://github.com/moby/moby/pull/37686) [moby/moby#37692](https://github.com/moby/moby/pull/37692) [docker/cli#1303](https://github.com/docker/cli/pull/1303) [docker/cli#1275](https://github.com/docker/cli/pull/1275) +* Added support for build-time secrets using a `--secret` flag when using BuildKit [docker/cli#1288](https://github.com/docker/cli/pull/1288) +* Added SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`) when using BuildKit [docker/cli#1438](https://github.com/docker/cli/pull/1438) / [docker/cli#1419](https://github.com/docker/cli/pull/1419) +* Added `--chown` flag support for `ADD` and `COPY` commands on Windows [moby/moby#35521](https://github.com/moby/moby/pull/35521) +* Added `builder prune` subcommand to prune BuildKit build cache [docker/cli#1295](https://github.com/docker/cli/pull/1295) [docker/cli#1334](https://github.com/docker/cli/pull/1334) +* BuildKit: Adds configurable garbage collection policy for the BuildKit build cache [docker/engine#59](https://github.com/docker/engine/pull/59) / [moby/moby#37846](https://github.com/moby/moby/pull/37846) +* BuildKit: Adds support for `docker build --pull ...` when using BuildKit [moby/moby#37613](https://github.com/moby/moby/pull/37613) +* BuildKit: Adds support or "registry-mirrors" and "insecure-registries" when using BuildKit [docker/engine#59](https://github.com/docker/engine/pull/59) / [moby/moby#37852](https://github.com/moby/moby/pull/37852) +* BuildKit: Enables net modes and bridge. [moby/moby#37620](https://github.com/moby/moby/pull/37620) +* Added `docker engine` subcommand to manage the lifecycle of a Docker Engine running as a privileged container on top of containerd, and to allow upgrades to Docker Engine Enterprise [docker/cli#1260](https://github.com/docker/cli/pull/1260) +* Exposed product license in `docker info` output [docker/cli#1313](https://github.com/docker/cli/pull/1313) +* Showed warnings produced by daemon in `docker info` output [docker/cli#1225](https://github.com/docker/cli/pull/1225) +* Added "local" log driver [moby/moby#37092](https://github.com/moby/moby/pull/37092) +* Amazon CloudWatch: adds `awslogs-endpoint` logging option [moby/moby#37374](https://github.com/moby/moby/pull/37374) +* Added support for global default address pools [moby/moby#37558](https://github.com/moby/moby/pull/37558) [docker/cli#1233](https://github.com/docker/cli/pull/1233) +* Configured containerd log-level to be the same as dockerd [moby/moby#37419](https://github.com/moby/moby/pull/37419) +* Added configuration option for cri-containerd [moby/moby#37519](https://github.com/moby/moby/pull/37519) +* Updates containerd client to v1.2.0-rc.1 [moby/moby#37664](https://github.com/moby/moby/pull/37664), [docker/engine#75](https://github.com/docker/engine/pull/75) / [moby/moby#37710](https://github.com/moby/moby/pull/37710) +* Added support for global default address pools [moby/moby#37558](https://github.com/moby/moby/pull/37558) [docker/cli#1233](https://github.com/docker/cli/pull/1233) ### Improvements for Docker Engine EE and CE -* Do not return "``" in /info response [moby/moby#37472](https://github.com/moby/moby/pull/37472) -* BuildKit: Change `--console=[auto,false,true]` to `--progress=[auto,plain,tty]` [docker/cli#1276](https://github.com/docker/cli/pull/1276) -* BuildKit: Set BuildKit's ExportedProduct variable to show useful errors in the future. [moby/moby#37439](https://github.com/moby/moby/pull/37439) -* Hide `--data-path-addr` flags when connected to a daemon that doesn't support this option [docker/docker/cli#1240](https://github.com/docker/cli/pull/1240) -* Only show buildkit-specific flags if BuildKit is enabled [docker/cli#1438](https://github.com/docker/cli/pull/1438) / [docker/cli#1427](https://github.com/docker/cli/pull/1427) -* Improve version output alignment [docker/cli#1204](https://github.com/docker/cli/pull/1204) -* Sort plugin names and networks in a natural order [docker/cli#1166](https://github.com/docker/cli/pull/1166), [docker/cli#1266](https://github.com/docker/cli/pull/1266) -* Updated bash and zsh [completion scripts](https://github.com/docker/cli/issues?q=label%3Aarea%2Fcompletion+milestone%3A18.09.0+is%3Aclosed) -* Pass log-level to containerd. [moby/moby#37419](https://github.com/moby/moby/pull/37419) -* Use direct server return (DSR) in east-west overlay load balancing [docker/engine#93](https://github.com/docker/engine/pull/93) / [docker/libnetwork#2270](https://github.com/docker/libnetwork/pull/2270) -* Builder: temporarily disable bridge networking when using buildkit. [moby/moby#37691](https://github.com/moby/moby/pull/37691) -* Block task starting until node attachments are ready [moby/moby#37604](https://github.com/moby/moby/pull/37604) -* Propagate the provided external CA certificate to the external CA object in swarm. [docker/cli#1178](https://github.com/docker/cli/pull/1178) -* Remove Ubuntu 14.04 "Trusty Tahr" as a supported platform [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254) -* Remove Debian 8 "Jessie" as a supported platform [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254) -* Remove 'docker-' prefix for containerd and runc binaries [docker/engine#61](https://github.com/docker/engine/pull/61) / [moby/moby#37907](https://github.com/moby/moby/pull/37907), [docker-ce-packaging#241](https://github.com/docker/docker-ce-packaging/pull/241) -* Split "engine", "cli", and "containerd" to separate packages, and run containerd as a separate systemd service [docker-ce-packaging#131](https://github.com/docker/docker-ce-packaging/pull/131), [docker-ce-packaging#158](https://github.com/docker/docker-ce-packaging/pull/158) -* Build binaries with Go 1.10.4 [docker-ce-packaging#181](https://github.com/docker/docker-ce-packaging/pull/181) -* Remove `-ce` / `-ee` suffix from version string [docker-ce-packaging#206](https://github.com/docker/docker-ce-packaging/pull/206) +* Does not return "``" in /info response [moby/moby#37472](https://github.com/moby/moby/pull/37472) +* BuildKit: Changes `--console=[auto,false,true]` to `--progress=[auto,plain,tty]` [docker/cli#1276](https://github.com/docker/cli/pull/1276) +* BuildKit: Sets BuildKit's ExportedProduct variable to show useful errors in the future. [moby/moby#37439](https://github.com/moby/moby/pull/37439) +* Hides `--data-path-addr` flags when connected to a daemon that doesn't support this option [docker/docker/cli#1240](https://github.com/docker/cli/pull/1240) +* Only shows buildkit-specific flags if BuildKit is enabled [docker/cli#1438](https://github.com/docker/cli/pull/1438) / [docker/cli#1427](https://github.com/docker/cli/pull/1427) +* Improves version output alignment [docker/cli#1204](https://github.com/docker/cli/pull/1204) +* Sorts plugin names and networks in a natural order [docker/cli#1166](https://github.com/docker/cli/pull/1166), [docker/cli#1266](https://github.com/docker/cli/pull/1266) +* Updates bash and zsh [completion scripts](https://github.com/docker/cli/issues?q=label%3Aarea%2Fcompletion+milestone%3A18.09.0+is%3Aclosed) +* Passes log-level to containerd. [moby/moby#37419](https://github.com/moby/moby/pull/37419) +* Uses direct server return (DSR) in east-west overlay load balancing [docker/engine#93](https://github.com/docker/engine/pull/93) / [docker/libnetwork#2270](https://github.com/docker/libnetwork/pull/2270) +* Builder: temporarily disables bridge networking when using buildkit. [moby/moby#37691](https://github.com/moby/moby/pull/37691) +* Blocks task starting until node attachments are ready [moby/moby#37604](https://github.com/moby/moby/pull/37604) +* Propagates the provided external CA certificate to the external CA object in swarm. [docker/cli#1178](https://github.com/docker/cli/pull/1178) +* Removes Ubuntu 14.04 "Trusty Tahr" as a supported platform [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254) +* Removes Debian 8 "Jessie" as a supported platform [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254) +* Removes 'docker-' prefix for containerd and runc binaries [docker/engine#61](https://github.com/docker/engine/pull/61) / [moby/moby#37907](https://github.com/moby/moby/pull/37907), [docker-ce-packaging#241](https://github.com/docker/docker-ce-packaging/pull/241) +* Splits "engine", "cli", and "containerd" to separate packages, and run containerd as a separate systemd service [docker-ce-packaging#131](https://github.com/docker/docker-ce-packaging/pull/131), [docker-ce-packaging#158](https://github.com/docker/docker-ce-packaging/pull/158) +* Builds binaries with Go 1.10.4 [docker-ce-packaging#181](https://github.com/docker/docker-ce-packaging/pull/181) +* Removes `-ce` / `-ee` suffix from version string [docker-ce-packaging#206](https://github.com/docker/docker-ce-packaging/pull/206) ### Fixes for Docker Engine EE and CE * BuildKit: Do not cancel buildkit status request. [moby/moby#37597](https://github.com/moby/moby/pull/37597) -* Fix no error is shown if build args are missing during docker build [moby/moby#37396](https://github.com/moby/moby/pull/37396) -* Fix error "unexpected EOF" when adding an 8GB file [moby/moby#37771](https://github.com/moby/moby/pull/37771) -* LCOW: Ensure platform is populated on `COPY`/`ADD`. [moby/moby#37563](https://github.com/moby/moby/pull/37563) -* Fix mapping a range of host ports to a single container port [docker/cli#1102](https://github.com/docker/cli/pull/1102) -* Fix `trust inspect` typo: "`AdminstrativeKeys`" [docker/cli#1300](https://github.com/docker/cli/pull/1300) -* Fix environment file parsing for imports of absent variables and those with no name. [docker/cli#1019](https://github.com/docker/cli/pull/1019) -* Fix a potential "out of memory exception" when running `docker image prune` with a large list of dangling images [docker/cli#1432](https://github.com/docker/cli/pull/1432) / [docker/cli#1423](https://github.com/docker/cli/pull/1423) -* Fix pipe handling in ConEmu and ConsoleZ on Windows [moby/moby#37600](https://github.com/moby/moby/pull/37600) -* Fix long startup on windows, with non-hns governed Hyper-V networks [docker/engine#67](https://github.com/docker/engine/pull/67) / [moby/moby#37774](https://github.com/moby/moby/pull/37774) -* Fix daemon won't start when "runtimes" option is defined both in config file and cli [docker/engine#57](https://github.com/docker/engine/pull/57) / [moby/moby#37871](https://github.com/moby/moby/pull/37871) -* Loosen permissions on `/etc/docker` directory to prevent "permission denied" errors when using `docker manifest inspect` [docker/engine#56](https://github.com/docker/engine/pull/56) / [moby/moby#37847](https://github.com/moby/moby/pull/37847) -* Fix denial of service with large numbers in `cpuset-cpus` and `cpuset-mems` [docker/engine#70](https://github.com/docker/engine/pull/70) / [moby/moby#37967](https://github.com/moby/moby/pull/37967) +* Fixes no error is shown if build args are missing during docker build [moby/moby#37396](https://github.com/moby/moby/pull/37396) +* Fixes error "unexpected EOF" when adding an 8GB file [moby/moby#37771](https://github.com/moby/moby/pull/37771) +* LCOW: Ensures platform is populated on `COPY`/`ADD`. [moby/moby#37563](https://github.com/moby/moby/pull/37563) +* Fixes mapping a range of host ports to a single container port [docker/cli#1102](https://github.com/docker/cli/pull/1102) +* Fixes `trust inspect` typo: "`AdminstrativeKeys`" [docker/cli#1300](https://github.com/docker/cli/pull/1300) +* Fixes environment file parsing for imports of absent variables and those with no name. [docker/cli#1019](https://github.com/docker/cli/pull/1019) +* Fixes a potential "out of memory exception" when running `docker image prune` with a large list of dangling images [docker/cli#1432](https://github.com/docker/cli/pull/1432) / [docker/cli#1423](https://github.com/docker/cli/pull/1423) +* Fixes pipe handling in ConEmu and ConsoleZ on Windows [moby/moby#37600](https://github.com/moby/moby/pull/37600) +* Fixes long startup on windows, with non-hns governed Hyper-V networks [docker/engine#67](https://github.com/docker/engine/pull/67) / [moby/moby#37774](https://github.com/moby/moby/pull/37774) +* Fixes daemon won't start when "runtimes" option is defined both in config file and cli [docker/engine#57](https://github.com/docker/engine/pull/57) / [moby/moby#37871](https://github.com/moby/moby/pull/37871) +* Loosens permissions on `/etc/docker` directory to prevent "permission denied" errors when using `docker manifest inspect` [docker/engine#56](https://github.com/docker/engine/pull/56) / [moby/moby#37847](https://github.com/moby/moby/pull/37847) +* Fixes denial of service with large numbers in `cpuset-cpus` and `cpuset-mems` [docker/engine#70](https://github.com/docker/engine/pull/70) / [moby/moby#37967](https://github.com/moby/moby/pull/37967) * LCOW: Add `--platform` to `docker import` [docker/cli#1375](https://github.com/docker/cli/pull/1375) / [docker/cli#1371](https://github.com/docker/cli/pull/1371) * LCOW: Add LinuxMetadata support by default on Windows [moby/moby#37514](https://github.com/moby/moby/pull/37514) * LCOW: Mount to short container paths to avoid command-line length limit [moby/moby#37659](https://github.com/moby/moby/pull/37659) * LCOW: Fix builder using wrong cache layer [moby/moby#37356](https://github.com/moby/moby/pull/37356) -* Fix json-log file descriptors leaking when using `--follow` [docker/engine#48](https://github.com/docker/engine/pull/48) [moby/moby#37576](https://github.com/moby/moby/pull/37576) [moby/moby#37734](https://github.com/moby/moby/pull/37734) -* Fix a possible deadlock on closing the watcher on kqueue [moby/moby#37392](https://github.com/moby/moby/pull/37392) -* Use poller based watcher to work around the file caching issue in Windows [moby/moby#37412](https://github.com/moby/moby/pull/37412) -* Handle systemd-resolved case by providing appropriate resolv.conf to networking layer [moby/moby#37485](https://github.com/moby/moby/pull/37485) -* Remove support for TLS < 1.2 [moby/moby#37660](https://github.com/moby/moby/pull/37660) +* Fixes json-log file descriptors leaking when using `--follow` [docker/engine#48](https://github.com/docker/engine/pull/48) [moby/moby#37576](https://github.com/moby/moby/pull/37576) [moby/moby#37734](https://github.com/moby/moby/pull/37734) +* Fixes a possible deadlock on closing the watcher on kqueue [moby/moby#37392](https://github.com/moby/moby/pull/37392) +* Uses poller based watcher to work around the file caching issue in Windows [moby/moby#37412](https://github.com/moby/moby/pull/37412) +* Handles systemd-resolved case by providing appropriate resolv.conf to networking layer [moby/moby#37485](https://github.com/moby/moby/pull/37485) +* Removes support for TLS < 1.2 [moby/moby#37660](https://github.com/moby/moby/pull/37660) * Seccomp: Whitelist syscalls linked to `CAP_SYS_NICE` in default seccomp profile [moby/moby#37242](https://github.com/moby/moby/pull/37242) * Seccomp: move the syslog syscall to be gated by `CAP_SYS_ADMIN` or `CAP_SYSLOG` [docker/engine#64](https://github.com/docker/engine/pull/64) / [moby/moby#37929](https://github.com/moby/moby/pull/37929) * SELinux: Fix relabeling of local volumes specified via Mounts API on selinux-enabled systems [moby/moby#37739](https://github.com/moby/moby/pull/37739) -* Add warning if REST API is accessible through an insecure connection [moby/moby#37684](https://github.com/moby/moby/pull/37684) -* Mask proxy credentials from URL when displayed in system info [docker/engine#72](https://github.com/docker/engine/pull/72) / [moby/moby#37934](https://github.com/moby/moby/pull/37934) -* Fix mount propagation for btrfs [docker/engine#86](https://github.com/docker/engine/pull/86) / [moby/moby#38026](https://github.com/moby/moby/pull/38026) -* Fix nil pointer dereference in node allocation [docker/engine#94](https://github.com/docker/engine/pull/94) / [docker/swarmkit#2764](https://github.com/docker/swarmkit/pull/2764) +* Adds warning if REST API is accessible through an insecure connection [moby/moby#37684](https://github.com/moby/moby/pull/37684) +* Masks proxy credentials from URL when displayed in system info [docker/engine#72](https://github.com/docker/engine/pull/72) / [moby/moby#37934](https://github.com/moby/moby/pull/37934) +* Fixes mount propagation for btrfs [docker/engine#86](https://github.com/docker/engine/pull/86) / [moby/moby#38026](https://github.com/moby/moby/pull/38026) +* Fixes nil pointer dereference in node allocation [docker/engine#94](https://github.com/docker/engine/pull/94) / [docker/swarmkit#2764](https://github.com/docker/swarmkit/pull/2764) ### Known Issues From 6fc5335abb2d273a36bed8dd8b7f969caab22c0f Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Wed, 30 Jan 2019 09:56:26 -0800 Subject: [PATCH 283/361] Addresses partial documentation gaps in the pull mirroring page - does not cover the Mirrors list and detailed view --- ee/dtr/images/pull-mirror-1.png | Bin 104446 -> 77248 bytes ee/dtr/images/pull-mirror-2.png | Bin 0 -> 56644 bytes ee/dtr/user/promotion-policies/pull-mirror.md | 14 +++++++++----- 3 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 ee/dtr/images/pull-mirror-2.png diff --git a/ee/dtr/images/pull-mirror-1.png b/ee/dtr/images/pull-mirror-1.png index 3b4a89c5cda0496b89f24ffdb281f724a6d713e5..1a9f289240148b41a555192e7b768a1f198ceb20 100644 GIT binary patch literal 77248 zcmdqIWmr^i{5}XG(k0TRAR*n|Qj#Je-ObQ2G^j{-Hz?iRLrCXQ zJSecVp$TwAluMF2j1U%eV`WRcxi##eWPycyfq3GTW}2Q_e>vwqDB!>*cxpdbpR;kf zDTx)??l+EVK8T58)APwR;LjnI$ySIW_V36_Y9q(`cd*dVzx?mH&;RYyYRMWt3*6L^ z*nBgvb?eFY3)jP?3LpO6ZteAO&;Pm~dwrxh-O2loX*rlZn(!^`|L)EcfbOPd#Myf8 zBhYpGZuc2#f0!KKtkz2t6|aDg+%-0morg^H4O{qlo|-dPi=Tu>ClMSG4l?zp!Cj7a zM~B2rmMHBzn181dDFK#h%OH}sB|7ZC!&<%H3l*XDQ8a{Rkl^UYZTRk_wCi&mFMY7% z=j-p!S?NMT733C*6xla8_sjgKMxg%?_nK+oxPqH&%xuzI%aSOUbbYDYN+hRLsLa!I z|1}pE#`)N^*8wDZVCwhLj{C!`S|NL8rZOKAOif+S@#x9_93wqN z{)U-DyZdX63-W%(vjo?N20@;oT+htU2bske5cienL-u#{98D1>y>z-v`wP)$F?d?Y z+ja;=hMLdf=M7fcQKAxR1b@Y*$B>*@UUzpOH*4vyLR3_4c5(hrnFj`4T5XJHUOI@c z27NeZg;_y%QGncNxhCS+%i%+U9(P}bc4na03~7cpQL-W!nBq^wkS$Ci*fIKrf&F%Y zxicr%%*!>o)~zX{4~yw&I_4LE9jDWo*H zPnvJ|Y;b3LEo%@QrDakRFL~vXm`*k^K>{`8XiueBkvdPfKFd`jz_zuvp{8~MFO{|R z-7y2EjcT#fSP<{7+nS&23)PKtm_D|aa4b9hwH720_9Y3Jr<3m3ekOuKQ08x<<-+vB zI*T94xJbCFINx2|Oo|wD$2&+U_}}u%otf*ePah+J7|~Bl&0}HCYz%=hGP14?fEbZZ zyPl=9yaefK5^Y|9kIzD+XWnYo)ujj9sHz?xkPBg?y^`ccE*(6#Ta8d_;z{=57pRQV z!)IL?nB!m#vr$zpuVL;8rFNk?7O!&>g>SFeKeIBY0DN+G4m-z*?aedMSzZj{E~4VZ z@xNZ#q%~X{TbQBw>uz!7l{!(k&`)k;4@V*Y-%|D_#x&p|t5ObC23zb2?EUm>~C2 z2WS0if=XVXuQhd1<>i1uYv4xuM0ydLN?!UuUa@9oVl zgBS5ou}4l$H)D04_4AkVhX+e@3-U0mtMsV-oaG+wd;INu9XG9HAwZIJywfI086WMP zwuxtUc8IvhR~_6sc-?Eh^8Er_WRg(LVm6k1z`|Bi2nXpD%b-)WNonr@Y$9cwz?}*4 z*;7VQKQ;l(F0puTPq--5-C+k-puWZ_cVDWTkf()HGyx&rSrCc;ttD9{?e>H-fXTF3 z4N6z{ax|7l!)L#RxHn}f?jVU9?4B7>PMOCWz%C6&k`7SSxf{Tj4xX~`&koLRQrgcl zV?1iFQMa0}oUG1^eH~q-f68=*mr!M8am!Rb%pm*4E$%L03Y9!PK%!xXbxDkCfm4WV znEL{}@s!p=ZC8;x%8A#97_#IFJ>1aq;PO9ih6T!_1i4Md}U8-J7$`TtE_*s*G#Q^QWave)d%TQ2Putv$h0Vk$+_j1{ zD;Xc86MC0ny?jYYt3kfK;PT(`#1un}#e39A|fqqrBr{h6tkitnYvLtg`D7kJ-uO(d3yF39m zGfVUKjalgQt0HG;hK2aTyj3xJl&m|CZpG~PdWo+)V0j%P=A62H>(w+#eqYNh)vva% zFsN4csA!$fwey84CVwC<=_=9nG6dTid*gX(Ou3wch{ENI*Y34<lotOq&%5=cT7J^YM^A7 zfF@pUOZh6$9*E$sfJ`_GCYA4*ritR&SliRBi%?f@oaZle=6EtkZq#T6XGhXU` ze^q<^CDnVUK{!)rq{vpek=5z3vG&=j=a^zG4p0qsp~ zD8s^C=a9AEo;jSM2ZIqHeEls%bB&I;WcWgIGBze7{zfw2BNqX}$3SRTlQ-9;5noRWPZ;1*{w~ed^IL&`^5?KVo``Mav?GpfldLM*J1rt=+fah*HG(wCbPZ@ zPOV&k+$pl;@=18V%Uz7iO;yz}WxKTT>pniA2{L(p*6Jvc{k^lk3j56f?t?V7)^s8I z_2uYQ{OMtl7FA9dPF&x2CkKm$3nKz1BLWa1e=*Z`p=h#+7f-+>;sVULx5_S>;}2#K z^VBE9127WI$GzaAYr*f%HuOh!z2%HroY-_IqH|X&*MhpqO!(^=grhj#Go&kFNI0Pr z6914JMQHx@{WSt8ZB$62%kKKP1kV28^Tth`>8H*&yWE95H47i}g)}VP)aB$01KGn9 z?}8A&9yL2x_T%y`;DuCFvf4}8#2CdBB*P=ql2@A)t3x9QY^aC>_bq#j8Jh)T9m5ls zneZx0n8ku-wKf}X+YGrP*H{&If(b_-u0pLqeMKfx4t{Db@8gZ)eh;Xz!co z$1mTXpesLn_DKX-i>8f~Y*PnH7IfhBbyIg0MPmBXOY4_h(&bDQ-Ck3w4c;Pg=99)?B*i$c6$J)4`3(Z?|v=$(L=NxGa2l<+4z<> zTm52}*mnVO2zqj|!%v2VM#H=3+4KoTHu!HVU{{&&QS7Z5L8NZd7+CMFznXo`Wu2Ta z(#_C^cHGM4~!48xr8(bjiWiMhnP zb@eW9>2>_pZ%saEP2OphBjXnfulenHnh?ABYYM5inM(4nZKrlTlAIKypTwk=N1>n9mcxg+N32`b3OXV#vS(?+)^0=_HLcj^Q&0X7GP> z;1$lAbFgGJrMmbBUTgY%_oBQ^tZN7|o_$|uMU}?Okmki;)paB6UeIpE#!{D>${rrr zCmdtTenE5Vn(Q-GT+XR{`5r)QKq&;Pc1bW&@GQm8Y?~<_?WB(! zDB7$$#KXgbZN(z?{Z(r9f9EWvWT1+-r!A3^=-|#*Z(WuQbOWs#wJ-L7#h}<=rYTQR zKE8X6u8LZ^TL^xXRX0(<2zje$H#>?sDVtT4!TKr*mDYtCB3p(}YT=8zK(UOf4;8kH zdECH&WPi!Mp9ipTSikkkP7+##{u@hEK;ORHMrc};APe{)W^y$`-CqD73{V`V8R^ihF-L(joDY{&&5hVq{@ z1Cw+G0b+*tW#u#jz1jw&iv^R4ytJblxh*p}YWO39xSUor$PNJGlyP{E9QoD*Wv4EefNQ2D9L!siEYmdBP7Pg4cIS*)y+Zn#@hpV`v$H`1J1;RCYGKdzP79e!}+~=oVltGHJGMc%NXM7iDU*+ z?nGcZW#5b}R|AT#6L@||;u%0m`DM;w2cjeDJYULD^bYFco1z+W4VK}uF~mq6vpIUHB^WoPx3czD=PWD zHNC-{*ZNRl?7vOIJc_--Oi1i2M%)!oZEZAwDvIb(BP-1>^HSLw_yCgg20!qVI?nof zeYv7||A{Dw4$a{(j~khe0_dG z_G*_{1<|6j8EZ$Jy78&U;msJ5WH&Rz$6`r<9huo@!^VkG%F@!djpbSo8i-Y~Cs9w9 zYC20iWj=iGwKSxNpejK>^7c$6p5^^Ixp7T%Hu31l=1l`s#Mb~<9+<-XE%)|s8jgr1 zCM~9yvXI{PTD+*87fWoh#&g@F8lcL{3;N_xiWK17HGxvVqtb89vRu{KCz(;bTc$31 zUgBC+>ZRVjC668k(E8#0*sE`fMJ89bm>9Etb7gao!@4#})JqK8y#)0vHQCb@G z&H+)uEE=@D@Byd6)oax=egn1q$dBI1?_b}0IFxs4eLxY<dZG@-g#Bpdvci}L+y zWp!RM|8I)qa{g@@6jR@0VOK~@9you8c7ig>Slj$%?gpk`fyUe`>*} zz~XEys#2sSjPaHq4vp;{Nc(&23hdZnzq~glQ%#InT6@CK0gOv?B7Ws2j+5;r;3EHD zP2misf2KjDQD<1^KfuiFZ57II`-!-_szOnX;OB3m{MtD(Hy(n; z`PQ%?#MF`EIsP%9&a7tKe|RlNjw1L=akjqoeNG#qS5PC?;QoGx*q-7gN9t^UZ(J0j zf^4agfcG~``UP{{-}>@whFIiNuR$U0AXW-6d6QBahCxf-m>uT7el4y+dRUWIF){{Cl~ zEOR9_<@Z1vBvPmDKBaJIfu`EQ&ff z#>QR&(GXrK$E2+&>uk9S-*I^TA`|XH|7eqA6I!@(dkWsJ33kHy-ml}R{U=p*)qhhU zfZfWCkkA%nNt92@2K+Q7ACgj?-GP`mQBv$&ckQv!67F3@1bsQU8W7mPD&`dV89=C+b+i#xj1l~+6IU&K6nwD^vP`JKgQ|> zgwk8)9r@PRarm#oXSZe{lOin#6(`8j($X+JeHMPug3@J*;f>JjG938_og>b5B$le>gBoZV2%Cdo46Ki9jPiY9a%*wj_fTisxYiHRfqd!e~IW-F@NgIY1`{rdqebV4HJj_5bDFqqIcP!;1-TOUEKdOpCLeAJ%@hi<2UvT2$ z;sD_<_Q`;pVB6g3B0es*l0t|qzF)k5L)|@P#kh91e3nSnl$)5!Mp96xv{rTYaxz!f z6RtzFkTI2)Gp{8Vno_CY^!yp@33v?~^+oT16ty7Z!RPQ}H&4*eP`5>ORAO3KyS`0K z4ZE`4hj)C)$WjV&lpK`xiY56u``6bo@t-3i)8q|AJ$%BBukZJIm|nj^js(t#ddzw0 zE~1n+x1N^XA$-{bTk&j$j9zW7D(s^C5eJj#fihX~S<~V4>QFMB)v1e~(|X~PrEV_z z^xghR3-jG~k#kZ$&k15u&l^`x&RJ#^v5Ow>$yL zf40U(f4^;-DLXq+TzB12NWfYqWI0j1nI0|#ZS)Nex&IItsC6ALWY@}LI?j8!SATlF z8(RC!b{{AHXcJ|S?Ly#mr0{Mt_0j&0#na`Y-2ZB5_V5^RI$&Q=%=Yv>jdjbhh8yv? zQ~Ir4dk&Odv-#PV=WO} z{ww0^{q^L%Gn?lHv1j?;OLcHxGUdYhioW^Q`Whvke!a$>bS*Jnrx@oI z?2}s=n|F9?Ha7MhguH4jMXZ85+opyoE;S}LPaP(G!pj7N7N>CYhcEP)rPv8sF07`i z5*;2K33NUAu)I}pRDw*B_k}CML3#s*)%)UD+JC9br+>R7~PqS9`5e z3Etjl5~JS&X16K0ZON*Nc`{sMion2m)Z)83r#dr_0j%m zE`F{kcvyjAb*Eqb?I7CxwwuMMq_)I5>FJ*rJp2`!uL!@?E}DltFep@>A(_2R?&BGOGJqaod= z(+|;-r}Dai4US`6jf0TEEPZnrTzMQ6n59t?z+oZ`wI9{KEU(N%EbMGcocsoPIONVuBzuS<~^U1mOPe8hrbNH#q_G$qZID~!7;EKq}Z!7VDJ z$|uJ$l&jI-j>UP}jfd8LQd52kWERkoa0)ttHlOp{q2*0BhTwGysif1oUt#HMh_>bl z3bM=D_GV(OEf!yJ(ADH9)6tdBCH}g@X^lg-Ck7U>za979oFh~PRY)IGwJ?_FbmR0l z_RyzK8hz~wf-*zalH+`zENuX@7&L}SWZW1$!JkMf07wBT0#c=861b+>OtDMCvR9+W z9eiw0bTnH;|FTY}O3;e=D=UALhB1)g8^1x1o^{iMO_f=ixP>%prX=cmzWE`<(_g8z6EoiZPTs3$cGS^vNz%J<3|HMyF8on1)navsE(((K;fyc! zgDV*@Tk>}-kvj8`H;RFwq#&IReLT)Ub^I|Z`B!f59 zyBbgQlGYXSmHM%S+fTX$<+C=9(gu=J~=jg*UDwm2dx&r35@1m)0cg_#Wj&2};zDV4onhXrG=!6rpR1H3?TAVG8te0*HbSAW3EYSq2K>ev+4Y&##BBO%>=qn8i(O&kM=7y;`Cc zI*>>N@h+NhlgvC9y1>sIG8sx%V16}%_vNY3-dURyCI#FT825iZx*yvv(rWVi)+S0z z+XQrEX=w|7(Wb6}q~iMeu3bhFzA^W~3oDJv{m&B*fKODKW(7zwjMs7AQc}I#%!hmg zL#-n3)yQ(RlPAut!-G$k&aW@bp@{&BXig_2y0<^ci>#h_VS&2KWzDMdct7Y~o?!V% zBn-vU?c@+F)hvM|?OHblOTBH&)sCYt88JPWwRx$M8qcCCLS`_u?2F6YGyaiK(W zVF2tjEY3@+NHU%v!UZCN>xN_8sB+>loy#=zJk$enFq(vt=6+$XJJD!LM{8h}0$J+T z@Fp9-IortxfFy9BYXTCGQMiuRJ;SQMZEZTDHBze3+MMkwmr+vbz{_5_*4Q`NQcLJ{5Hs7^U7KZWh^wI7*{ZT;| z_X#7PKr-M<#EruH`ubtZX7}0qrAn)rxNP_=C#>==>oVQXnRUF6q0UYhHUJnp}MS*8&bvs>} z*VZS>z|#<3;Mdj8?1!#f0G(gvGlUv@mu$xa$y2{`SX<%IN$cSy1Qd&vndHNc-B39N zKD(=rFR@>SoB+*^5P;J#{3m0T9#`9V0HgV&zP)~%KU#kr1_`Z*zuSK1$@9kqhew!XiIhIb!C^j`VxDk{=A{Z4uEqoM`I|D z8~Jz-R(lF^A54B9ceApYE*#bzZZK#W(GNDZDE+QrWqX3r^lDY#Q^mzo?sH{AJcsyi zUQ_s?b{VlAuf4x?7>=EcsP#lxluK)Kj?UHNOy1>3D!F-M5GfUt&t}Tzv;l&NdWl`G zLH{Z?2EQ8sMIOcQNkk)YT@^x;XEO5*;EnE1nd^4(_=)NGxTLq|KM| zB`xQSfN?Gb@9=?#TB>1b{mRRm^X+0LgePoptvw2CpqkEPlPBqS`mAHZFWs0?@v?MC zGCZ^4WI|@hzO&PNX4T;LQ_GY*fD{e}BpHSsbS5(i^pg#8?>o;sk1PEK5I0Mwxi`Pt zqR`eT#I)E-HQ1MX=pc8X8kE-gxZn}{WILo|JD6(G*t06-C)_awD)%O{txri|y%Ad_ zrp(UXqo*Z*85ofg)02&-{c99Ms7%+&oc`8LuElX8KldnH)A}tyT(X3<)&9^w932c)I zD=zKhpO4~E9;M#C)CagUP}P7?*!?c)zH)vu6&EiFe3Ff#skQr$*nLN8_S9WzA@lO_ z@+6nLYSF!706iQFY*DNX32~Ebzl)j%0G0R-dlfgY{wbKj}%VNya97&T8!L2OgyE7x2wDN80mW{Rx6Q2L{{Pn&QkCYeIRY|IP+o6M>`HjwjWz z$J(?}@Dm!LEx$Ie(-Uy!Z7{_kk3>wa0TnxYC#y2>0I!{5{<)_HT|-S-Ri`z@^^~Uc z=ou#2X3k@IcN8X>vlQQJ!cbP{*6_PJqj&2#IF1Luzm`*{1{8PY78{Fq0Gd zyAl!EJ}aWW#7m6MMrT?A_$B7EOJXcrywqEJDZU?Nc>!FHx3ECKpt8WEx znMwL--~I{b*G=3s6v06<(jmUZmIY@wG_dB=j3Jb~S5o?nwo z>Vs^#2V@>yeZ1%FDJc9>V1AXg!r?n?xK zHCm~PmSnR$@W5rd4}1!q*|4zbX+T6mg9+g?XP5EP7)+^0A@J_QpU;;2=%lCIbf9`j zIzRsI31U2f4BL-wd`7j=(n!(s=B$W>(H%+;-gT~ochiY` zW{)7@H9D>$e^d`&3ob1{K3XX(J-ukr{b9Ko1|yrsIX{&S&@4a$ zxefD3GUZ^a!F%;;d+@1Q0Y~IwHier}WbbpuA0tGXE|8+eZ_a{OJyYokm_x_+Hz$3` zhxnNuRI*7$zPbN4_N_VZ29T;7)y~#m^!3+mY|NU+C5ix&+)W|l=1=N0j=nk1{?Iv( z%X?HZ=NIS@A8Tz0v&9wjJkP&@oFMRXc13no#yS6K;s$)SZe7 z04buA{^hZ5U=6^04#E)M%!V8?14u{KV8%vegpt^ zb()E4ddGK{d4~VF(bIbZrB+A&+tbYRabV}!--%;k<>&lAT~Pn`ec=CN*IxUP$Zkx? z^|&gC%W%K#?3t=$I=GSWCX?HwhvozYOgKAPq&dXkEcA<7*Q0poZ`(?uFKiGNyLd~C zKI;A(arHhiH*7s^)_TV9`bq!#CR56~u;_G(cJ~ATFT?rIi2+dhQB7^Ya!BYJa=`VZ zF}x*YscCr_y!ANW7i&&sPaN$|1&SLleaWWO_1vHQcq{RwwS;E~zkSK_z;*1O|JJXEbmH`C8Z~*O0Op~GdCNOU!zyM(M9Rppd(#8c*={oQbFu1kd z+lmY!5vb^`wwxK5ekwA6!c^@182M2Dr$-T+zXGDn2bGBbi$Y7%FD~qsQZD)=7C!%x z3RZw4is&oaHR%thxT4T7zRNZ~rFR1hAqRwN-CW$htJ9MALn8&0OXH1{`X^dvM~Z=$ z>TT`QH&$icE@8jHl=Y(wGrV6e{6L$hW@tD8T8*G|u835b?CLrL$=U3rR=xJ&`* zP_6jfySfBegK;9_Bs{;b(Dg$n{W805u%1*co6duv8=D^d;KCS)bSyF5C(Sf!I;4N! zB?n_vYuW$170!;A_W?eYSpeC8V+%eBSQ7APB2i-u*x{OV9s2Y`k@+FX~mBzFK6S5mcdKto^AsipD! zq!K7aJ;0)c{vKp2d=tOabbVlT!kzR-UR~CN>*(kwSAZMuJZE4t*|hDx$52#L*2-mg z5_O*z7r^_WE=__kPeOcKrwokQY(p#-?)YW>zJhnDT2ox|K|?&CkJ$}hZytpsko_#6 z{kU6qY}kFYBxF5G_Lnfe$pR_{VHTj^R9Vdjg(lYm_9@aB%?CP7BC8=MXJPCxh5zY5 zf9b*Lwa-t?$vJxjo>ROipt5&g?Dtqtg46rv>=xg9+Z{#Yp%T|i(L?GtqeEJ*_Y5A_t+QD< zZ{f=9&j}yEqx;X_zX6hofX5NhJpWzMY*{2Ai?SZod4Zc(blVd&CI107Q#N5f{3lEQL|kZum9ax2N#a;$lMk5}Sl|{^qyZ&K&8BLo3Gpu=qk3Zz*V=*+R5Z1ia?Fw7r34z9tbx=2r$c zCEIqnsr)mDK`?;s4i~nMpeOqV<%Q2c5+B(Ypnhx7(L5tu{{U*KZW$6dbp$RVCHEo6 z(EkEvkDh+yzi4;-C5a1&9N<^4B5DQ5N+*MRLF8`)(*WK_$PN_|OY)Oq7X|p*77!eO zvGqq{%u}3Z-T~{9rmY!(MAymU_|bdy(90Wj4u^S9ArZ(In25wk9n%?XVel<@Ab~9& zD1!&i^W!Hqhs@8)cfMriJTbb-^Gogm%TxfN0eaC_VUSh&PdF~M)-T_NEA*3u-6H<})kx5Y% zi^k8ss&RkPwS~ohBg_1XoEY6OpM^K~r_*5x-N)6&W2Xy<)}Ta_SNft&V~LIOM^O)c zq~qhRW5INr%jUW(ID4|Yi3c!G>W$%_uV$HNpsT4>RptdGI&8dLIA`imE%XIQSX(5b zu`!NVrXpYqJ?Uv#pyOoyl3HVCF&RT7^*#{a02HimslJfhAE5-EQnM;eWv6L5%s6}W z&kdHln0$ggaqw#0&lJwh(voPK79^T#ItagxoqIQ>03yfi(#1YKJ^$XV=HC)u0#{-3 z6eS0D@Za0@WvQ^|8yq)chBNUwU6?8SQJ2>gDa^++u1m;N1aTSF3lv1xm?L8oMbdQy z0Mqav-^mndx4hw$E^{7wKU0$FegR`3az1lTWU(JCkvX7wMFBGp0bfI%IBep~LqgQ+ z@(wO1gJKJbYKM}I372I7Arj3Zy?gZq^917zQ7{kg#`jD8;(VX!#XpeH-j*by%nWFI zSA_~5D^PuhUxeSgL1^3qhZXUH!ao7*tAN2dopWZyPrm!{h@!~AlbSFy~NKfke= z-xT0AJOH=@hTHfoFtoz##D)b}sLp!ZJs|?QjO+$b1KUN@)l4!_>X3j$2)*9dO)+6> zm&Zr^_5IL04`-=J2NDJ_F#Swj-E*^y(w5sag_gUViDp~wr-1{jylgXEZXL`pR0_$h z0L*H-g)kDEtYD1x%tqRP`lS@$^rlbJE#=BBY486+T!cy3M8CM?cobm+(K#JFxBclR zB4AM+uq3E|)=LVvvE=MJk==n*^Yo-#qZp{iGc{&ibyx_G9*fpQb;Q*GC0QG02+>_6cP}Q)0Wkra^^x&D7MtKw;nM=Z^u4gJI zgXSky#lf06en5hBJ)fpFE8p!koz$^I8Z})nt1OFvka~QVO!rD#%Mt_P^)){7aVyay z6&)MgmsYqi(~~L!&`d=vc6a*w;3AW?!@1te^vBZPv)aFs3O|C8k)o?BCCs+@wmZY7 zBe#@PKyk6+J$t&3)y$mulogoqan+^dYSo32$CTK!!E)w%&qCH)YCDgXW*Eoqu}DA; zO%{Uy8Pc=M#4iVgCE^R8C%*wu4v-A5cPa6X*V-?+W)SlL+2VM|LE-mLPd*r6kHP@3 z`c5DOMzv{qiDE(+4MbFEeA@C5UW%lF=raKLMpWv(5h~RRo!m497FVjQr`u@K0d3J+ z*F6&J{R_itHJZ{qz0(ORz)OJWFRih2&{;La??k_u>ck6JHPzSm2_F9ZnD^oQzq#fJ zzs9%Pi}t!Wf8MstoXTf3dY@O~&cJ8fg$gXI_R1=letcX-cSC4A?|puAxh>yaQ+%Oj zvY*2M>h15|w;##&BzkGdKQps?S_vNI4C?Q*odP*pEGETtJcp6)qn%RM5)B@3j4ROy z9@6dny?O&vW@yS{$z}Bh6E!L(LikdCe<~?{Xuwy7$7)SawP;>S<+YTA25ahU^#lfE zJ|!k1zU7G2eP18lRAhSi=ysO4D%*g`DQqE~%`G|rYs?plrbVu`0R5#N;05a2lyBao zRmB*AIA=-wZ|}T-g(GZKUnv>6H&#pv+Ou)V{=g+%D+fGxD*q>+^++Pj&8*|2PlBX_ zWMnQi7>Uu9RCQo&d%Uhpva-tz=BZ|?L1E(>mw^JKn+ztiVb9#a+rqw+{r~mWc7A(?5oF8FNSR-;KxoS2>H|UgC1}4`ekO2wcPSO{*(cb$fT} zR9XxC{0M?Z1Ny3e7Tk-=-Olg%4lehrrP~wbB)~YZH^bmRXRpWJHG<*1c~_0JE2~R=|LlS{;&X8u?5v=ESW1*~E zte}u-D1k|c&Pkp29kct-zt{rc$~-jaQfgyAwKXTKrU2>njp>6&*x_WUyj~SRLA-Qu z+#4MYM2VrSY#1L9T(sl|3E4u5XHnD|>=|slSiiP*pXHdwgHDja29?ul%_f(IKl^DL zU&Zc`vfzYD^gj5>Uq&jBGd-B`Ge&kP z2UmHFNQNuac^Q(kEA1>vbsw06_a>nE1;_@R$ri2Xnj{tlGM2D0&37V5ApncOhpy?ldFQ)te}?!EWL0Uv(>t>@B}^G%kl8+8-xPv;0m zJ=k}gdzMUvyAN9PPK6DSIF;J1k`hK-Oe}aTc=6}YBT3ypNJ%k0A8}`mmc74c=@piG zhV&Nk#w*R=zt?CZ&3&-x5}M*X$a9&YvaoFX(Kh2%GW6i)T1o<)FqF`n%!XXlXE-l* zPtfs|e>+cOH>mv6C@-xvtZHFrbyLyZs`A8GYPD>!#Cwn!8TdfKF4mHrL%(u%9rQ{R z@y&Nk;8zER{QN9@9R$MWBK*<^;jPovE$scxGh2GL{#fQDLE{s38@PETVswPr3(~BD z8d7I20h3^OZyTl!+2pMTwwa>*)obuADLOG!tZ>|*TqA+m08vmU4OKdX0#&?US>r5JL~V58Qt2fz2sjqqB~)}`}_7qVy)1> zRe$@(B)}hQwLbNdzY&|1s*w6;CovmEY3zT`fp-O{M$y0gpK)U{{{Q{e&erFGS^mi5 ztkS9=%y{lfcz(C~5R*#Zy*6y+@d;pQDSOx#bALeBI7$LjvMc>H#XbZFdcwv}f9Sv7dKrL)~W2tHOR@w)MMq{a*pGa?bmDQE# zLSH}G`Lu=-B0(sE_=Zu56>!Gz8zBDO`1L#V%rW1Hxfg;Vq-h>rAyxjE&%TtIrj-Aj zp&6a>#aywcqzL}!%qK4ezx{vhs|GHvhgt>+!Kp=$!AZH`(W4111s=lx6MPf2{GZ-f!EU}j zI4m0YAf3}?!RG-jx95XVGN|^5Hx$YI7C21ELo0gseVl{++0y#M&{g1yxy!P1wkvB-$}fbFrBG3 z#aOhN@3T7H#3mt_rZaw(%H0}e+@Ijmi6e{8B~PfWrCc1Cv7=#Xf9+h_NQp%8uL4}b zp1D-?YSH@ckXfKXtRR@k#*rkK@Mci6 z(yP@W!uX1Qt&PWnySd!l#NZbe)!L(U_@U}i9z@dH``z!m-B4;R+()fXqUP!ZfcSP0 z$yx(iY%So>RnpR+?IpKUOiiSDmRC~TvWG2U!*reUA~Vq4I!*jXdN}b`|F0diS(^O3 zwF4s4j7jrs5wUQ!DoD(|FWMYG{g>Y31yFyn;q`;PpRc>^V_gLLqQjOLh0JBF;)33r zjvvc``JRX@Jv^@UEb4oWjmO+SUoeErBE|v5WD0~k zA7dgjof&&4ODeQ*K37=UA}^teYx%ikFOqdb+nGeLSrC2Zdx)+-^%vIcqEH}|ZN{oAmQN}q?Il_h(s6vd6fra;jdQ2wD2S`aTZhqS=vINRN< zSF58f8>hEST;O0rLnQ>S_t?-$c)qC?8gDJN&bh6k znN<&BFiU<4Kk59e3t;zet)subJlq35E|Q_@rD9wZ8}5|CuciuYd;g7FN2_n}{+-bp z?#Ts8OKbalad+QGM~cJLNX;HH9nWM*Z!mUc&O@EVl{&rZ!_m$oK4%$I%k8yx{FWUMZlgVG#A4WcQ#h zTB}*jYK~&x*Dc}7@zy)>ZP~EXW$)S!z{Ol|2cj>nCNYa?#)1ml$6;1 zH_F~JDz32E8iWXhBtU`%C%C(NkU;PN!QI{6Ng%i+xD(tVxVr^+8f&a^cbD(seeaz$ zGi&|~YxR$A`e>ipwX14ZJ=X37)lTPov$aHifxPIwk$Dw`A&o@d33CnZ3uo?0L&nZz zl$9or-r5fX>2_TBd?#Je81WeBID`>X=0=dTW>EMDO343$LLi|ByG+LUHJQG={88Hj zCbQ?v3kvsI9+z;s)wB76;@rL#8rA1cmP^$GYIcbDj6CfPGI(Yz$@S|!c(z>lcPHC< z5;9Vx6f|f*h5I7b3@-@y+I+OVVmmTP2=AxL{?6`q^>%&zs`{^#-y?z7B3Dx_Q!4Eq z(r6-sk($QjexY+%adhajckG4D@rO}Pz?OE%_zmjAfz3B%NK{;GZ$7caoySUE0zDRC zofAsSA_CmQ`2pq3o-<+nsry^PgBUPL#=KMcwOq^}g@T|R^bRF-G4wIYtEzh&-Ss&+ zs6_|#iPGdA4dS8t4m ztAefixuGh_&c9+^QYa6SM?UP<{ADCh_1GMtV5WGMRgkEJS7Xb@`XOAbv#m>YV>ls5 z40acNbP+Xj%;Cyn-StV?^PV7fs=7-wz^=EcNJ3)7xbuR4W*m>F)toCBhXN z(Q=O_vm!A1M-tQSPja#k|8x_gBuf5yOgKe9w!0r7jGT2^Zk=z{;z1gWZv3w`e!RJwBy^N1^*7sl^ zvYT}5tO(1nqj+yZam~Uv9u2O>btfh)!oKIe`6sexRc%;i5=GO(=`_&QS6vZyJ@+Fny`{XpsVd`F7z=u967F!t{rXj1k*nTx!PW8J z+_OU5k_A?Z1kkyICJLzB-BDj=H)1lAI=+@1R=3&AFDpG)B6bQ|L#4SytfG}xUYRB) z*eVLSfID5PijGfel>rWrZoS7v>z^6Rf_FVlb%A%iF7we_*c#gtbPW9trR>`#84{&ITit0`u5NDd4 zXaghgi8&~eR-^Rcw7pi`^fNQ5cy_iy}xesjg)xc&JrGExS*3TTJT*9dTt0@q}Xmj|Tm^x+}> zuj!O&-+SF0P4AYiY_GH*qf;K8|E^XOg)F#rvd6@5^M203oC3yOJ9L;APW0K$6g5K` z8QYB7VK*)0WIIU)u5Q~Y+i9FBXfC9qf zkvj+YUi;TUuil6ie683z!bQn5Ik{6r<>eK)jTjv@H9W7?u!9p*L@!9J-;?4Nvom{% zfaQs7v<>>HhRfRg%)1w&I7dJX~XqMgo)*J_SqkU7H=3fDmyn;<`)ndn_ z=;qRVs}z(Lk zRm6mp(1G2b%W$;tD-T_^;!9g1x+GYn%BoBlI_+n5u1F&cY5tNd>Fde=B6oqor4z3+ zJIF{GnCfz!bBB#_QnC)!K)+i3@^auZp7$|eGI=&dtF!Ih z=4P)94*SBnJc2bYd1nW|nnP6-W?=vIUJF@|7@m8v^}NGw0$>nKHuRitk#yHHUWe=s zh6S@M?`GIdK_Oa003E@_+D&w@Svn)$`|bYhu<$=!g6EvK}5QJc$id z{_j@NB(O^Or_ZTP&2t?%zK>(wVAt4-`UKJwONFN=uRev*tbU@s)t}Ivl3D{Q2f= zGvlVxZ{`GRs$XEbZIG>vP5ZsQH>0F1B}-%?_rsZ zXNv)1=)l_H?zYPtgZI!og2(NJ{hrM=S+D(h;5%QoTEj|Pj`#5n4_gp6-^DxTs7f`z z?Ygi1x@1artxIzWW$9(FE&$dPyJRVr@%8A&;ZfZ48^~Q1>#ffXdH&T$X5_y=mAyQ+ zRmW8PxdY;0z+30>zYIC@qYnQLK^H?_IrgyLnBVts zy}w__h*v&J4m{Kal%?rnk%i-6W?&_2R+>mKB=uI|%RoORFil9h*Ry8X0iwra!3g7x z<8>hTvO0L1lr#w3ym?PJ_9Ot@kTT9OT{gRk!GZ;kQztfTnT5;U4XOz{4>OLJNgW%&N|F#)foZeZ_@4es=A(Ta9LyHw>_2&8g*yb%T9At z-Uk!=yKg5vEMeHwNbfP^?=q=PntRC7mkkCRo7Pc+IG}WlKT_uHdZfx{1&a#i8y&>! z%Q$pC4(7e4fya?J^vQ(cLHy<3AJ<4R)5(coKP>|4pY6T*Ya?G}md_45EMeGM`LuFO zjB4LqaKRleCbh)|3jn47+xWSCXEK1)BX+r4-ryCz5%wM&2DZrD?(c4P4NLMw`02*P zFt^NOUBV(MqiTtw|NN}DsZ|gmHDo~&9i9+ZyOB69iGp@_qR4F{Dc^ZwbSK#|W?Dnl z(St2Znk_{cWzZ~m*SzU$uR z(iXx%*raK}wCLECodFJq;n(>W36f6gtN#-B%-L{LA8W(Djhf2RE9XPD=PXaF<8?Ml z=dFdxAmwhm$_Mw?S%6IBYn*RMa+e7I7;Xu&k&y{MC6h1sJ8Lzw$B~(pg)L}J_u$>~ z;_CMJAlZh+U?&z^h9b_ZCMuo(j7e!~%HAk=peLh>PW$dqzh$nDphT=wq;`m$j_j}0 zA-iisV-#&9|E-+1y9Kk1%n;RxYJz@G*BBMX>($H-Eti=>n|kF&lE*6vOAg+#m5eTN zZt?d+b@~`^;;g50UHPm-4fcExSsZcAZ(KYj0fU~K`pxW4$W2E*h)=H=74EY0j%X`h zSadJSb6fI}nAb0()pG;RtqNScq{0ShY@G+iP-QxnwP<>?l+#X| z#m6h%9t1;O_nVF2*plf%lya#Gb)>h_(NfvGYpsEYLv?|^Bv>jvSYnS(MJllJK&`#@ zx$&2`Cr;};WzFJgwotXm+$v-Bu)*lAS>Pd5jqC1MQ#dmx_i5$`nSr}U9mjh8^3KNl znL!pZprT(Gnf0u2a#*+q6Mb8Z@>v7+8S*#Jj{baWTlhX~co7u0EkR21R`hmztN`=v zTPF&7i*OSih2;b0_62sD1fdMVI zjNkLG)Wm}t16^F37}fkQQ|0umYk2-qIrQZIY?P`8n>^HZa=Y`MhOG_#oF3BJy`$2a z)-^lzG1*l^jy&t?m3hjdWIee3+H9e2Q-qvn59^eMukJjwly)~AVsA@Rc{x=T4n5Ys zeG}6La%-zU&bCxgga{=Ma57A^qp)0t>IJ2JlC3EIiAeZ1{#X;H^+{N5C*owYg)r5I zF1|xRl|!H)KmO-+c{;+mxIE%>i+9+3jL;$=0E!ZNY)P(bEw@|Azecw?!YI%wr6gay zK_VulolpFQ(p`FpK zxBR_wDY_#M_nNF;4Vqf36~Er0x5ui4k&Qxb?{EoZ(C{z`@rMjD;o;crL#H*(9HubYfTLCj2l)PxSTDvT-6mYr^E&2+tfU>b#D>MGYe;}n*G4ooHQ*}crH~xQJZ5P zOu9LDZ+lpSG)sdPJ11~&Rb?sa`Vk|q9_&bZ(7dpqVPBl ziHd26?C!1~gd2?&S~Aa{<#$a}9r9?&-3}2i0tD*)K^Cl3p1_CrgZ}8rx}U_I!zogW zWXW2y7J0Em$y0I~>5T6(|Hd}G#^p;RNzW(GKX{2oVjM=(ztk7L{1xhqd7*~(38Z(( zW9ZzkaZw5Hn!dMMvN&J!x2CQQPd|H;f$;J>;p>RFxdgP+PUPffvqjC8>kEzX@yK$+ zS^I-}m~&}5e{#-%;5w&|XMkI!3H-0$v7O8C5({<%cN|Z0d>vN%E2ftDikH6Iih0kN z9s}Ggq2;NUf||m1c1V;`Qvdn}NV%vIBvhpTG-dvv^ttpX#pVrY^ZkU2m%8MNh~V5L zEA>_P-Rqw}8g39Cjy78}ztLPzF%t5da6_3-3voREo{`qfmyTdjDHgVm9;O`wB^8=jPF%*tMke1?QV zM%$VXwcvw7>kc<|69g@A%bHum)}9x5w(c(D^!b;f##+jBsA`nvP5UDP$vuwDkntH0 zJvaR=8ZO3Y$#!9h;u^?QxL(9xroyJQmJW};n)FiLR&kg^dyhuj;<6Q`qUO!58s*v_ zQt0SSR`W9k8{JRbhz3e0heqZ@|Ni<^n#hH~$cQTTb}ukJQYCMmZ~l0HOEqg~JzvduHkqReAH)$6bWFC~O%(ry}l)55BXN5G7p zNL)YJV?XvFg@Uz9IsQKW$h(wFfh%92Vm&!UB!pWIWo*@N@AwSo>fvU0UR7X)&IK>@ z7LUcB5#sF!wKh5N4_1<`Bw$OK8#A=t&--lS;k8f4QA;}*OYclyBB(*1psw~^K z!7djD_h@@7AOA56+}+{z7g-#ivwYQ5{$5a!m`7A!*}G%x!ZlNK`3`W6Xd}!RC1r=q z>>on+tJutc@3+z%2$qH;re>v+nWDOBTQ^LV3E^0K1~95vo6FD1$}IU7tsNs2;BAH? zH?I@rU(^+WMz1@2du$7ZqO0o=y5T(yTFj&Q?e}~F)Ws^7E}w#UK}>lyw8KZy<9;kN z*PR-Yim}>0WBR=B`h4MNQ6AKOPK*W`*e@fI>#1&S54UtVOs0?eb73jPHWZ^GQr=4F z;X@pYNj?v|!%$udeHtiEhG z98?E|?rc1mFTGN_2}o0rb|=wDNjv%7424Z2r|26qgR{uPRre3@%d9i=a}$e0C`zSH z$eHWzO;(hsW9bCH4sU&Vu5E2TsJt0WXlXm0<+L`+%PaMS-LTDRy{H{WPSiKcHcMCy zxf@UxwolK3L3LM(R_z57wfc|_$E;daYcPEK=E0U%(yFdkT%u8}+i?#A`owBgr5FX` z|7rm~RKp)M?lOQ^DaQzTPj96Itkx>+cAYfxXv+^(K}{`Kp`dF7@*%d+>V7cJ_~Go# z#`WY_N4GrT_`=*{ch(|TZga{J+h|K%tJq< zdjx=2?$8Bc)28-8(>ccu-p=v)@#ie%^vaasnwPenDYFYqCeHJy?GpFbN2xC-ryvuf zGePm~zIlPCcnxEu;(xuTK1@zdt^Az_8=65Vgi{Vg&A8{Ci8_pJ=8N!VI3u$Cu@72} zIC681+ql=MnK`0F%+&CQ2Kh;Yvkg}hGR}|=pzJt=byg^hE#(QBt1Pl{F|1x4rXX{c z?6QxTGEs~hCZ_D!+;^T<-ic@rV^`a zyL_;`dJg==Q;n`&?H)@Uf>2xlb4HfcziJaj$u>S2y6gkgJg*@FH>wN$a;YO~1X6C^ z?C>pDtVI7nDcZftnnDrX@20!_(w1kphOBY1c6C>#^k<`-ODSxAwwwo#Q4SR%3_)Uk zFM5IWyUjL$ezuxG7FNN#T#h*lQml7N7@MhQ%J?*!eT??ortbovD+|gtl%Z*j98rh@ zeIx+It$zk<1iaL%nN@SETg|MV<*lVSI*WHJmMh!%CqW84LZsYlz#N1=Bq zS_4tdMsHCZC``Qtq4h2EQT#bg4Sn4GV<5xR^!-`3VNy(Q&X`6(I9-B-A(OK1DH#Y3Mho>2l z@v9Z)U3VSApwLJNinKF--D6XfG9igW#&@3Xmz~Ql^aNJENTdjt|2Q7+Zant*Qx*^0 zK=rBBdkX~+M#mC)gUVTMSGH)MrplO`o(n|{apdih^mNzd%qkZp83LYEEY#YF4^<^L zO#0^5J&*xkF^3gy*T7C8B`d%$8=zVhNl8PK>};!>uqk8t`&0QP)9f)*5MYg&L5Ib) zL`aP*F@1E(P#_A07N%YL)hnA;rkA(|}DeD!~h!s;x=>N>miY7>&MB=`ISkc`*14~%PpalKc!VFZDHIE9N#(|PqFB_pk zx`?-v>N?Hpv+KM`&`Sx5-SI-V;|9|M0(4J_?tqYZ#zQVj|965)%@tgu`L^sX$PTb( zFNzz)f+HR=j?P9{H9jr+cf_8 zCPgZYD;I@a?K~%_{Jt;_--5?_+`e`i;pV-^qeIpC&&iVPCbVkF&%WuLiwJTw7UtA6 z42U0T=+>Gd4re2j=7-b$K;}8h|Y=W+huBNfBrcQ!e0{+&9IMY_Ubved z+bJq4>DfWy8JP27cs2PkDNeu7N+%&WD!NLNFU6(8ilvHrmPCezIt^bZ0T+=rWnzF{`!>Y!B@8EH>+e&8j1o9<^*M!KJ20y&WiBO z7(wk|TF<;x%W}EN!-~6XmNK)$4wvyr!f27v{65MPYgpD~yR8*`#Ibfy#g9SZ?T0>& z=T|Kb3Ua3Zsakxy?2f-pYenZS7n2?VFs9;8ms>=Kn;jPd&Mp-4nU!p?Qe~i)8=tR+ z1QE`L6Vqlyu1%4403Il0wlcg`ZLCxae0Ag;Zzb3=^8yhe!@o4T-;Ckic{bH~9VmfR zA)M){YS2NQ@d;NCGLf|NgB@@|t{yl+2k7HjSsgt0$@$-o1{n`O=X{Hb!Jf~Wc<{EQ z==F$B(SelAk7!t;#2wH&+&4Mu;7I;-&=5Y$g;)ozANT1Q#wPyd#ed;phJ(HH{endL z`8R3|x(5FDu?p=8RGp|iFBP7u+>uXuEW7fp5d*T%YDVmW9w%j`=^8}hKLRM7zEWZHTK>WJWpMRWP%UGWq!*P7IftO{`W&OTy?$BR*ntE%Ex%0EXW^jG zjrRGCaYl|pD0H-;=-k>A;Mjk}O73Y-@~aOr>C2z2Q&~m+FL4uto}}5c|9<7^dt;Jd zFaNWN|GSRQ|Nq_{lL8F0wQ4 z2$GW1-y>R7R#wZni(zf!Bz|!60cD>eNNJ~aymnDn@PME!-(w_%$J4XE`{|-q^PVmz zDBYNni8d5Q>BE=$iHL}?if7-bysYt(K(}K?e!&N_|5kFxXRIIk*X_;FkQQG1^7i)k zz`)+mRv&%}3;k&ol+0NzF4L&A_S0-bqx8nGTeS~*8Q(yps0D7AruyXg3vh&n@e_L> zr^E!kym7Ihf*zJ1WXs}UPhFNz#zz+e-avNc;$m#?43TJZeq^@<*EQC|>(yUh&7CB5&~Wey8Hs|2<(V&# zHWXTzYYINk&dy`~t0M>!_n4TmhU@Fk-w|R-il+aKvqb#%P5F0ha$sX)8obwSrgH5) ztD?M;4Cwe)PmQQDNF+O#B4gzZd=ft75OxnNe_py$1bXc?ny)0jgV!%y~)XuX|v>xlzzaSF$Q5MO0;LeF~cKC)%{4_f| zXJXWpjE5y>{}e3uEE?@L&?13{!Rx7*8M2MXRm_pIN{oq^AO zrN+y-xxLiOAhsILXzGBa&@r?Ft*Jsm+p^wA28!2mBZ^3ctRvxd38o6;6WnpBBCh5% z0*eBowK21E-tMV*=CM&g^`kjoP*|E#+R`#~jDbe!&MTWDC0_m~Yj-O!;w9WUGP0rJ z=AW-zkvYlQOQizPV0fU!DYUQ{GoLivSX+VZcl&zZQ_(V#@^TW{*f1iT?e3cQ4$u9m zY;eSK0S`#f!LQ#>k6_bT7@dGxeMr*}VMiYN^wOIUqx3Qg%2v2k*@6DD77A9%k!#{5 zQ$z6+fk_&2AWorEy?Y-K*Ucbsze+3F-;acZvifC5o~82iYZ3d*zBA}q_K&Kt|3*VD zrQ$gpyov^Xh(kKHkXg%iXlHowf+n4^MY5Na#K1>VN<3dM?@8IaIVzv7 z3FRo*(a|=_D6BSG@s65Ku5DnRtejx(^QIda0fC04Gp}-TWoc2X+DHYXvH@Gt*P?GT zmd=YB6){a6!jrh{crCYSR*lY$HOJe9WvZ3lq~_HjAfKpO<%k0|id4_Zt}0IHPOnNw zQBhHeoHFk=uhy$hH-~`+8+k3oP=y@*?GVO)v|I<~>EL$4DSOw){m4Ye=HsWLEz8dI zb6#w4_>f+rEn=-l%u~WDRO1YD+2eJ^PSx(sEt&ta==08Z?H+Nq+yj-kT?p7|r58k7 z#ol~f#X>8!6Fex!4y@JHPF(oI?7DmO7NV((-asd0!D*dY*w9mLqv5=lS(T~4;24bl zfnL^;`u&s;9oH#O1BSkkkrOf)1=tHT(KDuN&~7PSO@jhn=08n^A(%xih8`!{3kzpt zhrDg#v;qbL!_Y10891#3o7SbBke8{|LgG%_#nJ$-G8+v6E(*hWw+LvmJFzU^VYTMh zC0OLiylm4ikBUy0)7J!=or49w!v@9FsxyPh$!YKa$~bEi)-G~=u#F&`aoJ*eXc54d zkOFGGNE}59_&-yoGrybSfgr7I!P0oE4IU(PnJq{EINxFt;eD3Xh8ICZA)_aa1{(XQ zwBPM@zdQTr|4|ZiY&7lSV=RvhZmaMN1P8C|e-6drH1ASdQq&>w=Z8?8%wSZm zT5mQ?7b8gyCK0XVKpw(pEzMXZO+K}@;7fB$>TA*+Gmn)H?=`8hN(4DQcv7)r5;5A8 zHo7Cg0hRkP&@M2U&wM>|Com5ENlU3Mq^k=@8pv}sQ1qz3SZtw53a@UQUQfF$HNy`)R(nMQ4UYKsCg*Fih zCdTUdw-Q=ZXu)OA7B1fzkmmB%RvV_gG1P#SGtPZ~mW4@s4Sl?SmZKoyYWga@>>43g zmV%tWWP*dMl3|lZ5qRAvwd&3id{|*NRNknV>8qqlP86B7S`vB8gTkvSVqacF4QCTeQ+{fCFxvg{A&JcUKJ+d zfd9)HbDh2fpGIqZ{pYjjm9F<3k;%Br_RM{gEfP*pCq{D9SLx?7M|FasjSY^z%m^-C z_TQ!HQUf%v-te=(6wRAj-G#|~R>EA-%K(+7yZd{s!zpt%;Mh`myw&M9Sb2i9%$}!e zi#vPDL?b{>g(?V zr7Zuw1wP>)&*rU)Xg9@7_Br*pbQkY!sV698KJwFs&gAE#9 zPw=y_s>M8N=$O4EW?+3?uci>GNFBS+vrM4&&~1K0PG&og>>y7Qd*{*aQMxo#e_^g% zq9tzn_1$}~4s71>Yx-*CEWNH@#G2e@o{js+M0`QS&k=0N_Nm^)Gr$(-ZHU_*znSz- zbUtsEmGfS)112S~xJcI3`}=pajJ6&zq{b8GBQTgJlVi&TumD)KZ;g`+7k&c$FoY)d zwefI5&o@PM-pd1n_EmDehh?u}4n8a7SnJf0*FTG*U;I%nV%DIux}4JgJU>2b*P=a^ z19KXNE&lXEL4C7cj(9*^w#=ndw)F3+9JH;P>fTxv$XQ8cjlIJ~8@zW}oIY@xpperC zyN-#8hwbhU-MKmN(A8!+WYO+#8Zo`Y#}KvlCJs~>$L6)K(_BWQWH3*u`@GTMWo0>c-cqs>(My~JY@$Ggg6yWIAN_^q zkVBL_{PjZW=mbF<4wW#%pOWiu%K;<8mypXVD40E05A6;CJtxMMSqjuR9H#He<$uSx z{H>Apv}8-Jv8F7rA%O!^3INK!kVB1>ZCyDC*<0`|R^GfJG3#Y{b#^J9HKxnt`c+%) z^8gyHq2YR+_2%MDNnLVs8ZD)4n|ZZ!opd0bQ1@ng%(8z@RS3Ti`?R`<>4lR^)TnU9cxZv@c!*}p4Zqh`9=_d-hps46@zZ^k1 zXqcX@&zLf2VrQ?9kTDTM#_N9&5zo)hH)ZV>|B_ONZMWKs@dj)%>#_XHVyIx6y_10q z;mi;(MLRz2Ki~kD7(fAT7>nMXseoq7GantIDs%ed@;si^g9B^N>H`f9&r5#gk2_l{0s0NG?V^y*=?d6eO~6k@1E{eQB(n;O>)Je%LDS~&wAa!gQ6k4A*vS) zAozLV+hJMr&mRjIIvA>oih8L{4{Ka|p2s6ViXfGh-g7Ne@;rQFQk@S`QGuFIyK5m4 zQkSMt?vCsQGr-~d*mtg(H5R0u=OE(-jMb1OV=RB(vaHst)r%5NkwQ~QQL)kjno+Zv z_%cT!SRLx@9snL>Lv!IWh>mUEz9rysz!!-}%Ntj|M2ui4(X(#==}CO9VGA8;8JT<~ z8a7piAckVlcYkoGOStnAzD^4mPIuU+ir&|KXhbll64@{Frz&+JuboPt86e zPt88W4Fy?0g_Dz#?6^{PodJZK@9sPeZd|P!v(nyNS>));`^qJbd-scH2ku!agLKI^ z8V`Ooq(2JOc8ceF`8f{sHBczWPRInWi*hJVGBg5ejrff%d1!5&h?0b_7}uvi0u!gLiWh6&e7LwWNjx{qG6|mM)sZln7^Hc#hvbs7-2vsQG8qlaoC21&pNv zxG*fQrnfo5!D2=0J7$WnkX|>CU8)>zP$2Fj0$A$8%o6{5Rv9~t@<%}eG$k7ZTn?6$ z6j_+7U0l<6HZ>=@^n4*Fwi90cPl((g3HqMwaH7miK~ns?v=+_ZdH6}#rCiJ ze!~F6afQ<+L(Rd$)XE`EVWC#2j?~~&@1J+dQ_I_xgd}gAgsiqu?UIUy%19hRqc?`t zkqD%_xA#rS!JZ3=ItV{gidQRgzfwJ+SHU;U7>i@ivc!Wf(Ntx>va(BZ999m?MPY|Z zHCeu=$oE;_GYAMfQj+F)oDZPlreB!O!_Uv8zI-a1kk{50l3lTLR7bu?N1KD*_X5?l zl?qF&(v+(QUeGJ6dcW9bG&Dv3`iDB9S|h$KUh+k9KOuWfp8W%~uihXN(~vYlAAmnD zC@txp==1|>*sg9dbbRbDULwzNX1T#L5_Ln-a9|xBt?~&#fmtF>g7natOi=HCV$z;qXdMrn`4Oa4U|*Ad`eU#vOyv?*mq7 zV#~2z>AZ*r9TrQ41NKa7ddk-74=2Y`jS`M=R#wo65)>J3=FnUJ{}n#UMJhr>K9j4t zT|c!aqTyrD9H>w3o?Gb)yQVYY;)S0bCNIy)DmfuLou32Xgd3(V4^&W`*J6dMfB6#( zdt3p`XUYG{xz_uTilU~Uo+>-LDhvei;OgPN(!_u`J+08C-44_g{!Ez%g-7%(LGp$! zqy`4Y%&OVgaH*;IhL1A*>?U?S*o?b+#X##)&qJs9(fM(Y)?ttDgV#KP2r6fD*W0Ja z;muRzuu7TNk^vvu{iD;k)4clobA^e>a?dFhDs>(`KmaqwOf8cqnQ?*L8@SArt6R+w zps3{S|34zR(#vA#6~QeEp;#WI+-#R4>XOK^R&ZTOsd&CBaisMI7cN#<;{P4(m~rs7 z(l3F~i^%7Kn?jKl3>A05VqB?Ygy>qb>DSJ>UUufNaqwI=SGqfWi?57zYbfD$IiB5N zU&F%6oG2VoA6Xq&0I~6FK^?#+$-zup(X8>h8bxiTpF_r*spL}3$@Fy|bs#e#Rau`n zHwT9OrQAX)7$$dYrYrYCr?A5*CTTFYab~l#i5&Ll$HLx5CT&z<+dm6ms5M6!~KNF2`sc^kzVuq)uaXN}R}L1Rgv=R}Mm~WOsS- z9!gm^tHFB?^peRr=%SF6A~XsgS^sPK_Z=1{mktp&iB4H zoHi@N*PQRMmr;E|QMLD=8AOd0yIw5m6OgbQ8d?O$K(-uyl`>ZEGbke)9UrN z%fbb?r>ey} z#JchL_~;l*C%)jy8+BA32`k12qm4d+lo1?ga*_6JwMn*0q&FTMG7dn&_ib#%>qOul zAOhm`f^D4A`{(&ZHoA+&iDX@3yyzA*`n15CHha8J91tL zsI~Zs_J)pN@>$qha71ZTA)LsQ##)^ zD)f9VEQIeK`^MGnzp($GKIcv2a@7J0Q%CY|a2>b)=26jNyLEE+B%O%@cTpFg;LQ}b)s|b z#Fl9dn@gkiCe5kie}X8JqP*5tM#RW$7UwlvT-AoSC2=SH<|-r-L20%(_1X&RverTZHqDPhQsW&z zv^P^qahG?clw}$8h=~n1H{PRR%vfs#A0LD0^aRX`GMQKP#rw&&uRUp>S`g2$B5Z_e}E`=_4Oq*my++2quRC`Ku$`b-Fx)?(m?&$y4Ij}UMrO*bapjK z*q(tVwy<-P9Tz!+xP8HA(`pl?$HY>kXv}tMlDbRuvt!c;&3d9*%$rh3eZQrmNp+#r zIsRm;;4LcQ%HwR~;TBbYZ8&VnurhhkBjb{x`Es!_D08MUv#j~3@&g8D_u|*`jG)Z? zAPji3ab5-CH}DD)^JI;)(96iS1a_nsWEjl?o3<#40+)Qe$@Qmvm!8ZP976E$njH2C z$F^Dup}8`q)A{d{Ypm8gM_SgB26|)abx=`JYY}yPr-zcuy$6&%y*y3l@`Vyn3rS20 z4K->LhN>*5!w9u_;?zq`APh~X$Bq%%xoEifgE^f6F~^B#x}Ofy96{&k^$z>fKM(3w z=3Yb5e>{6091%idw*(K!f>@(6J&mo-affwfqfF)O{)?9g%6su$_6Jtv*SEKJQwj0_ z*1&kW(AiqS;1$1{bVrR?r;(snX@;cV|5pou%Dc`!$uA-*n*C$s%j@q!cOTT~j89HZ zLy5?w(i_F(0 z8nwzY%4PGuyRKT<=uTf`cZn}CHqS2|xF@{Q_V_9t?Eh|TI$VRFetRi?W@}4fmp4@w zABB=4nsO+aEyK9FFgrKLpgf_Ek*dupgfoKEW;{XAWnb^KX1`|??RWpzMq^|S0!FgO z%bFGo8xkjrskQM8k*)bGJotx)oN2-G;<7SSejb<1{QMx{ZBCu9U;m{yIx7~5GNxA?1m|^HGs=p6_WwCv>%kcniO+9y z8MbbNLp`9QFCaA1b;gxE)0ie!UUMZMjsR{J`JHnysVLa&zDT*257M$_O`C zS~VN1GAlUWnJn(h%o(`88YnZHEk=TehhIPF)MsXOpV4i3utpJB#M=9el1V~>&F;8N z9a*Net2}sZL|E2x3;*5QdriG044?0pf8ERk&q#DCWNBnw`qHi9)R8Au_4L$jABt*Q zuUV%#+NfayWL4KMUp8^xI{>XdwLRDIMa|P~8Z>6qH^_9ogl$ijs`;g9@x<2q=;#oE z=A*tr9%bv1XTK|ni5cQ9z&N0dsz@Z1S05Q$eL3hEGPH`YuH0|`>YXY(A1wM!tb;g; z$$jfntzqxtbHr=62Vr56AAJJ@S!%G=IUdaBvdI!9KknASEVHZtql*9}l-D%pi8$Pb z@6w0w;{L$-R5&m}-QbP)gJrF+aVhvrd z6(s^YW^wLffJYEy;%u$wL9HtvWde1}pteJ&(NAmN#W#pfx3XR5>WU ztZZH+sJ2_dJYP|QLB+0ISx``rhR2<_^$#3lbf2r1!)NYPS+JnW(dqfUxCnVaZ&}6g zdivh!;U@R`{w220Y>t1xi|4=6e)m!846OkTHkA|p_4Reakamu~;m}C$ygs!{9Z{Q$ z;4nF{z;p?A&9|1i;G(ccO2MfML8k*ZWm=HsNsy)(XN_bwn6|XW7epz8iKIwHTvT6Si_(+WpKL?lff5Usq{vTENR^<4DiJJRE$L3+SP}k zClA96^iyO%@LrO|sa-)j{p^Vh<<6JgueRhb_U3!r1ez!F*Hfskai}ZiZSl)c5hz|; zae(10Ut<01Dg-Bt76fVRb<`^Lp8sCaqm;pjJx}BY!v()xc7;&M&bVqZU4|)6B~LuT z${Hw!sC~;)kDVwjkw5u>^8S7Om78l@PG{iBMA<1d4Na*y8WG;W5&ZqgoPa>$F}rhe zDyR+Z+=>h*Z{<_*RGIaeu(ratt!+y{d7Mn=Gq2TVy*J9~T2jslh}+xW-fGB^Ls=b1 zz=+*~m_s9E5%l^iQ|zQ5%~uZtoui`J`j-gcv-kB}N;~tTCnv>wvI|nm&etNqK{?E% z*2OpR?Yg0g3F#3Bq7V_Es!qRj`t7_gQ5>^BXUTCvz?Coe{lBBNgRp5z9<9vPaa+r- zo(E0@gBwdQUroZp(r=aM7Z|11Z2ep|FM3F$cA{BIT=<9Ih}%1biE%KXmL@d5c&eC&wE3Kespe=*&RMO5W*F)r-S*RZ{+0A z1-ID*wB)9SCdJI7$=)otp&D zjl5p}&xoL|uV(zAKm2|ycwbyxFjPx_{rXW{aYD91+UWMC@vwY;kB{|O2sTxuO@aRW z=FAwJ7Dej?0)gP|E8oP*&CyB=6AqjC;qi6at+5=|{rM{W-eD~;2M@2_&CUO30366k z_9wg-v8&fC{?FuB&fn3=Qq6PKI5TCO#*B;x$xt2_T`)ke7+Mz$h!U6|B~?v>1P4lH z8-w>hix}|y($g7mAo?I?ZA$OiZY?n6n#*BXibNTlLCr(5s7DTN5JhLQHI17sWI$h@|y5 z51?$tI_ZZSccRM99O1ZZx?h*Hdv@I-v$KzY9Q;>QlBDUER|Ioaxo(vdH`)K0ryCTc zNk&s*B42_#RiIWvgBAJ#$*!EuVmyD61$k$RoR|SCv^z9us!*ZTdf$Q2cS)sG|LbEb z8VNZv-b{M)EvoI&R~EP>&&TJAi=N4m0=H2#$H(Ai{k0oVwr<{p-DqcPCe(fsplS>hwE3ytcpk z%9@An(bGTDvBlgt?VhZhjks=~*TQkd#dg=>S$A$bj;}`Ly1FH*wYr6Z!p499KKz#4 zRa@KMmI#$f0{=f*$~0t7HiI;*yCJu&kc#8XneO_J}zkZ7_ZufAlmyidpp&5 zsqWQ}_el`ys}-l`_PKN|ZGXcikRlxLlUPy~P=g*E1-4%Cn#C&As%^ zDxhxSJSQ)t=pu@ge<3I1o_I^SFx;NKnmu<8>s@hb%KOg}6~M+dHEHP8V&c-;!RnF! zhKI;Gc#0V9XOYNWk|;5BOYKVJWP4>G!@b9L`QC1#WF6@%vbh(o=s;{yC2@VJX* zzG~ZB|Lh!G+q}NE5#yfY2A~R$!)D!7k_Hi#fP|BA#L7D~HyrvD5|F@V%A*NSV`>*O zWJ}cF?%k?n4s1JCcu!!VkdcG>aPmSEpS}Gl4TfJ@ymM21N6v=2K*869TX^PSqVb7Hp z)5X#0NVsn>gC`M%j6i>}W9i>OCGNo5x>{oG5ht*`4r@jd{!?rKn9Hil7u?97JT2(} zEHgMPj>UXSk)=ekv+Jq)rF*F^Z6JnXa$U#{R&;S_Vmp@s>(OXYEZ9dgKl*K_vp&S} z&enUNeusw#S)bTBxlg`61!fE?*GR?dMaq@7$1H^Pmkb8#lIAp>Wpzo6#=|7QOlG$7 zCnP5gjf}v6tM8GK9#ASDA3;D5sSc?oT9DuD@tbc;4tC<9QNMy*XJojoEN6Yz;t$b7KrVW~B&!73OX6V~A3x;nWwn+H7 zJHe^`b?p=6SuEbOB=k7=oR)U=hxzX9^6sJcAN5!oY4005gSp#uPvg6#EW^uumad+z z<&~B8j85?dca(kJU!r~uPPCq$X=!O^JJUb4p$$wf55g1z_xPbcN#TKkfdW?lYmwh2 zx7E%r^^_?=BRb9TV@06a`r3Nh1W?2CU{}tD_NKXg4;x%Hu;;=b)Tj&EW;Je@!lIE< zIMD;{lZ=5Q0#q?rSR(am=i!fz;6D5^p+At1O^qJNV>N!rf_d4G51buNrPk1E)X7{P z9er&5xU{v-YO_Leu?IC7L`8i=&Py2>Gdamp3no6 z-sO^Qn9|l6@1dPx8d1mWxZmy1IDx;YarBzF=0Tt7B-;hY+v>No+ zuwEO!C8GF0=TNl7IY1f-==1f-=KRJudD4L}Kz?(UXuP#QKN-QC?? zv$pU1|K^*cnS;6JWcKC37B>4=&$HIO?sc!Vs5sFh+Z)G9#_B&XNbw|UjTP9EqB65g zWS{K4&zIwOYXh+!@EG5KpCwOx%?qpKHW*HOq$PyG8uHEC_nmnSuTSMRCmDIIoppCX zaxvf5d4>Jz5Z)4_{#6JOz{ABj&0c!1^`6GcY3ad(QLBL}JI9mB8I#|Jbdz~#8$GGw z|G4N`vgvmPL+W~ti7!CJz-*FhF}o=y zCe`$Qi|X;SxG1fT#yQJ-_leZj*#JS!s(ko{;b%@euYON5wdZjMF$qD2hG6iZ0y2Zt zT7j>LcHqIqMsI%lCwj8vdI>e1Q@*40V)UHcqXJT0Rp@sFWQ;#WAX=6AlZ0G zjTg12r-$^SCZ{qsHon#PCuoHB_1pKH&259FC72mGJ@bAnB~>q}qN=aGX#~UqX&)@_ z+?$%BjwU6tT0T5JIf=F)tL^Ct{L18I_wVfM=7xBg071G4R*pHQHIwS{@Sr5TvG(T8T;d=Gr?!B_tPsSL?bTVY=E&*At3FQqKMv?U;CA1$IYu8KDo?ts)*Z~>hwrFZEj6syR~b_NYp%CrEhGzA zfp;DEk}t zXf5}RH0O*4mgqAtPx(C}>@@4K) zB&S@I8DSO~%GFHXQm;^>M_nZzX{A{Evbjt{h6U$`KAh?w4FOaHq=Ix0Q{JZCFiGF7?DIh@BU6N><%idu%@p9cws1>doE?{%>~!C& zvpa0j8?12UOZ2=Que)bx==<+;wH%KQe5Wrc*uflOORv<1OC%|rzI4a)N+?pNm!fY?aTzu%$0GhoawHFtE-jel?O32pfj+VV=@{D$p>0~W6L(BSxl(LL+6!I*H; z8b7}h_JMI5yaNfR%SP4zWkQ;d=Jqr(`TJ-r+M>>Q=tFOTQPMiDzJj&|4w{CnHmpBM z`bq?g;ji=0B0g2?ROQy|{3s+|ZoSM8k44O6!jO*d5;h@L9m-#pL)@8i^I&@olh2|d znY@qYKYeg3w@!1>;+!Mz1P>Sc6zw9J>tGxukPS|4FYbHP9M8Sd-V0fhHWd5@n zXfdI$X2xnX1tqEO+;WjlhtWVeCB%Vvub#n0Dud+ri)Yzw5w1tHT#=t@FN4f>i&F!c zmQ=}2%TdO06%B1>W#&Wcnexs~OGgJ41x5YiFLW|p#SRGrk^gMy=Aqf-yQdBB^X@*l zr?GxI8TathO&Z(knwkj%o?jzc8??4D{~Cm^YWN*3 z&sgqpRIp(DJI9U2JN4y%EDss=|C!_P@0qsZ6cLfo8i;wt2T1#HMg*-rn6 zkes)uqp5wV#J+ql{i_L=&Gr_a=GIEW#N(%h4|>i{otC=Fu%I_ef=J?Z^q^+fQJ~5y zkM|uBAeXY(DVo7SZDN0K9|zoT%}<<<+HHNR_NnIEqJ`hZ-!2#uSJJ;h6?hZK4vv~r zQ3u_5S6)frKru)@P%>1V_ZwuFK!kGaTk4~UN2j1waU(aj)Z5D^&S1s^sJ@;Qom&k` z@VsWpl41nOEM>$(b7#}>G_J=P245v9Ke@wMX!IHO4Oo4oV)lH=L}*Wu*2#ra7VbrL zRK4?wLHFjagHn4qmmhFGE$syvztz7CNR2{`Q1#)Y$-m#60$w&Kvw3PVZ$abgLo)6t zfbNp7l)@M%2AVu$)VX>Jj24&%CICCaqyFLHzXwCIhnzbhoeOsqoi)^XpTCn8;`aDIcFE zXR(O{1ZYT}lpX^`-~x3Z*wowL&Cf4@wt9&|MH$dQe^j53`a2qGF;dhw#Mt=II*dv7 zkwmhY*83+u0oHkUeY~jcvN1 z1rDmotfmp@nd#S}ULy{`9qA6M=HA0TRNP+3H!^#_)4wL}FfFa?bi%X3W^AcSP4PU; zRx?^W@%o-3ocE;cRXx+t}jLT+?-kNu&NkbGS(xH4H zgiy)zin%K8q&4SRZO-+Qj+q-O)}n?v%6EljWyIPu z6(~O*q*jZo8Mld)SWK&gS5+#pncX?yK7I~6^=cfTZKs1H;YLP2KnJI%E1zUWAcb-l zi?p=q^?7jRIceoN`hk>F0MLOY);ZNq7$_MVOk$eb^iMS1fd)LyMhx7tG-X>;y9{B+ z>u7_{89$LK(*(r&77o^+@v(zT>EK03}!?cJe#xA82d|Z;jxvj-ASm~oXxJ^45sTZcygWr zmjop>xZY*m2RjXIW<#a0mO6R&Uzb&xp09swikVNH5%~n}l*x*p@BaO1SiG@y!hZSs zOH3Y^ByMwd3s^*Nm3U;VazyAxDX>|;V zI+s6CUE|JZVHYDZ9=DgxcHaUM#I)|ADl+Pdkdl%*-dz;kSXWQKPb%ynM1^Hq`<0+%{@01sqxc{VYt}v#YhNU zngZpN&$M#PWE?;5`LvM=i%~6LG<-(wyG2F{dSL#N^t3JE!r#wq@baU>p!T-RLtHB1JV$uMGL=p-O8mVCR0#S#=f5d&>-5 zq-x^b#mD~@HYKq1rx@o1lgeMOC?E1^F6Y*dY$~FWLKw-asdu!sNyy2W1D(P8`jZl}JeDo;vE@ehb-96f@WQ+YhF@07Cp(ba2!XWtwZ z%LOm|fHRJiU4!Sl0;HL>22AfCtm*ZHWc%QAZzgSV{jmDV@xc{}F!HsJMEBSE_`xvh zkNzz6lsn@rf;{V6pn3DaMnQ+d(w+I02W)A4xCP;BT()_3FhGLE2#D5FrkMrk-v&wP zKRMR7fYI@{f9icZvP6cG_q&6&VeHnzE=(MIYdg)Gp&;_MmX00nz1i{r9q;(O1VLA- zaEVM)Poj|?L2tI~6n<=nb>?eFB6eNu*!Dw@gak5>lY_-C8ricmSXKpp1Aaqg)Mdu{ z*b;@~IV4dT95vzZxCfJ8eQr=cfBf_1it$KZVA&4dW%B_#cFVfH86W#Z4~+M1tn2|n zPGM4dZBKXTM9y7Y+K#OVr2X$9)Li>;e9Gp9icK#9DUk}Bztl@YRhmpocE*huy5iR~ zF+YK#z-jjg!)A39UzrJ>w4Ti(}onikQcKL}H?b1kAea^U!Yb z`sB(GAAS{!hRgoVlK7|ep-6lOxlAEzh>1iERXFzy2QvN;#&O!}3nRrMw)QW`fKI*Z?U=1H2hE((jcYxbh=15{b#2 zBD-gI-vne9y97+=fFMA4k!aSr&Tr9Kk-kxh$)9RtV&~ZE-Dq9@g0*(xKU#oyr_Y7d zt%+Ma{WiOMOAaS}6#+6FKgo@)O8c5_hGzzWih%vAXRck9qB~qOu6_SgA z+iT8};-diU?q-yOk4($VnE`jgd%Ane17p##am{dHy?%O!lx>jik|Q8PfEm<06JGU) zR=KKzBU%@{JmGt1ey4{>r}gSRDlH8#7Oq+9n7@90JhQIDgBA4Tg&B+)3*`NCx$(1} z;8T@jE(D~Q8o!gQv*k*Eb`a`})5Hroo6kM3a>V~ehJb))xXAD(zlwuU8D;_{mLOtH zl>2q8Qm2MoeZY)>oX4HT6@@D;O(P?V)<13PgtU&$#6mAM)J>ji>?Dz~8lI=S5_Hzk zX4)!^4L7iULBC}(i-#?DI5=Er+>t$?DQkE*@TsApX?0^mkHTDXalDND&8b2bAmor? z-5QNC-&gmrF+I0;XxHcZs!fc@rRAcO&{>vAbwcoEO2LLCu6?gCE*!B&zk@!T?_cK? zcnjut1xL%qe;6y&$z)_PoxOW7E&xuQ&0{0jm@C!tOn#>IDMroPEg1xuLjwvgpF`^> z-zScJBaz~NFqQ{K)^?U5mR@`(fEX;I?)r)hFU-W+b3)yJuveFWHOVLSgp%y#=pdwMsobJVd-PC%E|q?AztL z#5l^j0qF|u1W(oTym%ZBg3Damm-|E|ZgFd*rp?x+kFXg9X{2hKBqq$PP?GY#?|pIf z_IN=kZwxE{gBK}3vmY_7HOl03Fbqt_HtuYMWS@RMs-b(gu>OjPi8*f`?`_ff9xhvG z!L-h*X#e*o1{>$o2~+OZ+;<=FHahEmI~J#$aeBFzArFV#JZLg(X9#|N>BfyshCVjQ zdJJ>I2!;N_s*{5cB7u#m+ynK_Xg(KGr5DoN++$eo1_n!rJ5qpG- ztX731m9@1myAtvGlD_R?Y_QR*(? z87{EEGq8Vd+(G9wGC32^RkdHsg8-;ES2mKk!e*y#)V^`EDc0{GYk4^R3Y0{aPocQX zpg0IqWOATl6Y)JIMZUD@Te~hh$tKcrda7STPEL2b>A=j4E8~V{tXH<|Hc{&`4sfWi zjm24}D7~;37VvVh@bS$xa(?sqF5Co6dJ~ho)fa1hF4L@L;m=eZ1YBKtCPoD8S*}7& zxEhj-3s@HP1q;ERXnBlX^^LEz7(;U^tjS&|w)lJ>`q@dAUhB@k7y^`^b{! znyE?Z?&;UB=Abr#;F{0(&^@Fex7KoIVQtN%J~yj&QD={6=ir3)x_eV#vR-!%;PrOf zSXbz+<@^kq?i}i)%Z@vQx{%XrO>K>9U)1wenNCqZq33n5v)D+`#G_C7`KJ+bKZy^| zH-BHTDnM=NBf>oxpJ>Ty()$C(kzGpdX@Q6$_-J`)o5T%C$Q0sGi6#UAL(2WSUmfm~ zziO80$DCIreDIkzgI2CyKMafvRa`%kD=xt41TVsPQ9_9rwO;X6vz?o3G>-cSBiak4YACpu-MM532iuugK;~vM{E&q*&@qyN0my-=^gzr9XVAA*o_gt{DZJd;sqB(3+~qi zDxBt}^qyi3jE{`G1o%K}bw%A{J2Sr3UL}T;g0ow$d8M zH70nx_c+d@67GI|Z4X+)vh`Nvr9p_36(^ji;W#YlD4hJ8MM?2>h6T2~#~mCdH|+s1=xL^U-v&TmjWm6rjCW1@N`2EJ2+;$*%L>%@0(vGD{|WKrWEDqW&L=j2ogBo+#B&>M88wXuJUrn_*QB%!Za z#|7=q1N*rmxy%6m`1VGSAYA(D=RJ2}T9e*u{d{Q8ak&evZ2DNWrJ1{NaK$tQDBD*a zo`EspEgzF8!0qp@cde0L;G_tQ^rNU?6oZ}%&@uGLJ59adx}cySWYwo2HP5c`ff95Y zG)1PMD1l%w2&l!EpFbacI3R&-4Ghqz{m$)1OL)pLb}md(+6|T>mkac`ou*lGhs$RDvX`Sou>9-4BQ8;1S@Jhh`~7y0-`1)Y zW>1`kdYoOe2mm%X3gpRAJd>GsgHo#F!gq1U9eIHMpFnpHB&)WL9@c%LHUKZ}w4Hp` zk{Vo^xKJj~>u|!F^ME}B7|1)M9IdUaMyN2p|MW773-0@JSYsLx69Y()qS3D^2r4EZ zivVEoU3(`rJzL`%odJy1)P@Mo&d%;fNK6Ncyr-ezoMRm0n_`=}E#Y`T`WCrQY|2C3 zA;fJokoCL3k4GFZuJX_jh@6AyMr_QF7VlM_Eqm)!yRXMCPE=5nRx`TKOAyK`>1%;r zG)tr8;~83D8pMwiF=MoQoJ~y)OfxgKO9Po`R8mr)>uQEa3PXZ1)+anW`Ru%ZOuj9# zmb5-Il*?>YB&|XH6=P)k>QIFrn9_VBDKh9f050Ti;KI<6iu3Gvh23fVNm|5RDG&&O zVbTU236X?IGVnTurY<7kD`V_a3IO+|92~9#F9O+9X^0NSBabc9ORmS5RxI~r-vXj- z#Aa3d+)PZV{5=lT1OuV8^Lr)t?LOz;M64vv40D-js#e?9%YnGsepEJqdIpvAMgQE~ z(4bo|rP(<0sly!Y_ z|L76aA}ES-M@v$J7UQ>W!97wu)%lTvj$*7PW2W#Mn74RnbCvmsuerMu@mgYsA_bj{ zv!p#UxnZu1yE_|5Y2(wHqryla~eAZGP0)h-^v-f#Qk|$9#_h)*lOmVjQ zvWB=BmndPdoVV+72mWOm)U8^FEZqAZ%bvqN%C7~~z z9hsL}zM*>o#(K>m2O9*uZ7}Qx5)u+1g*04dh-cc(*wuI>fB$t#H~(f)XEhC`0w(M? z^HTGMjIlY05Th17)-=Yb$)=X*f3u~{H320h>~~VHq#^|Y<(BTZB3Z?y;LDRP!$E*` zjsQ3p&=-N})-duZv?a;y)VFTxS5hgQ##gy8V7!4ipFKbKV6jMjh04`7FKx-)K-q27 zYxe5@^;~XLptk>*M!kPfBIMSHE2?e)o&x4$2>cw7>gDLDyNP59bcTxj2)GH<- z90c5nko)EbKwR&4Kr+~DajG8s+bGI?h-2uB`xh8+*vItG1%u!^z1smdIVCyIc+Rj5 zmmz^XQNOQJIUJe&&kjfEPn6?qSuifJAV4f2?xcJFpXzfoh8X85v}lu#Hg(s zn92-yk>od>|0c=Pp9XgqG(&Bl=?oR*v|igO-2gdhW94cT5duW^mr%*i<-T-54Gj|4 ztPy@IIkU>j4t0ja1fw@kpN`h%&JJZwoSX8*MKcJw(;|NSYW{u2cl;3~Ij9~# z{sAO}i~24hko2I%uOdQmPhG11x_DM@Z)+!Mk>)Ur9#6$8Od|0GZw+Zo)y}7DQ zVQ6=;@A5;d320LU%j;m&g}JP(41>s-Be&{|L|8_~$DaH;=5z%IA0Z#jni3e5c%CNMZ4BjqGt z5nia#gAl+k50w^x-0tb97Lz97F<3 zLq)U&t~BfFyFHcHV2$Fr0WhpSStTDX)bA)@ka*YD$8P>`=}p;4XGcea@qR5*o9TRS zqwh04F&91(s{TV%K+G@WphX}0-%ss{IWaUy042h6%iYI36*j*i#_=pRQ7Ut|U2*^5 z@>@p7t~_;BZXO;;4duPvx(~+g_DUaD?xm&PYC7ElyeH{Puwa=C7x_t?kL}B?S6{ol zctkv0%oehDa4@soMP6z=`z*%sNFMx&NecG?HXyuV)8H@9?~sbTJDt<&UH*@q`y>yt zeh@Np{(RG> zp^JbX11%jbk0@FD1_yvNQ-+bSVj;OKDZ~;IkLbt+vj2t*aE|o&8o@1j<-j()Z>sbLEOs|gd z7lGzqXn}zSay2AHM*YtjUcmXm^@7Q}!8g%u{aN>H6RW@_tS)tOd$1&55;fVsxL@sB0pSfOE6zWNhT zVt7+Nvi;UPjKwiAIwATS z|B+d}*4fHfCGJg^?>Tf`1L>MoX{m=a2;)JjO+mx7{Ru-{Md-R&<;kOw^HC9?c+MR5 z-x&RK3Q(U^CAy((l}GdVsrFF@ALM>fq$~kF6&^OwC4WEU-N|0g{zwZjZXD zhfHK@crX|EykOV)F}QewzbdtzO{~uDG!s06qP3TqInMZ&L-I~Ao=(r?WW$9edSKkX z<|T4{sNy0kR&#rb9Qe(}m)?+mIzIU+a$>qVSeDtlTf%o5RzVV_H1!-60VWo!L*hTZ z3x#Y@k^qkI%-m8RF0=BO(@#!prbCSakXC%lkElb#JZu`NUh^;lS}|2E2Rv#qWER%5 z7&@2Bc#dk3qaRM%O^fQLUUd=h!FwtsaL1YGHIZyjwDd2~igNL?rIoecnCS$&OoGtLt#FU7I6y#Q7p`fP zIRi>327+}shY;2k_U4T1%}y>iVfQn z!PD+cv$(iFLUj(-;fyO>B=+0TIP%^-XHtzH6Q05M(0~lIMFBdFboe5mg;3(2B0{$9 zl>|zs!+C53sLZEFIQX`ZSr0(_L3)wQ7;Bp%v5>4svH-dUe8_e|*6->sPEXdAZ2m8s5sL_I9RQ{8n{$fww^%?2^kpQ z^z~~sCPUgrT>&xb9vq-Fo07`|g5Ju|kqsUdeX2J@YL!6W7dsgBH!ccnD6`(h+o!Qk zvo{>~*RT976tMZu$iPLNI$Bb?x6=2yv-;QrCJ%){)21Z#m5@~K;yWg)4{GqQpy+9! zt5A-@6LR zbV6B7+V+XL3I@7FmEu%0nmt0d%eM2yF5z=ITtzCJ{{~S)`z=|Gh2(*W zdEjS~+s+_HWYTL)Ei@VWl&WDD?mv^GbMZSVkVN&hxp}%lq9>+qKPKPhO<>$1{6`CH zk&FLu`wn`N?SZKi*8(-dTJ>^t{; zXMM&v9?7Q|m$9+2=do^L}#osbS5 zVPT;+RVwlzIusDMVkuE`MFj#-B04eQXQ3rz0qh1U4;b`lZ&ok5n8 zH|E%S1)6@nVa5Nudsrqs~eE<6h()9el$_*~Q`@D6q zGgIZ~<*8g`GiwU!K}@{R8uQ?aw;}Mt~S`tBvlPZeqe1Q)g1VS{vtA8n;nulbzfmGO~n? zx?6K6n6~)C2n}eE}&A_K*4BEJ&*dK`NOa8c!1AQ+MmD|)YN}j^;&T% zEX)b!kA&-$o{z2^gB<>{Y>aD!aE!xuKfYL0D?8Xp2jdpBeVGcsm#n7Y)Dxw6V4!@h zVUdh}!Pat;o_<%>w~^ujlfn9(TyaV=Zj8t=$v1Bw0x3y>*s{n2aiCwkRudM^gN~KJ zSiU8T?+wV^s>C$F+0 z;r@l*Ms;Fh8t(J&7i<+vRrg<_EeVo{n#CWO^1tH0OFLP>bIU8?p&<5~UqXRofYiTjRvvZXyN37n_6};0|J=2rq@qgae-kHN{I-ROPHDSp zUh=H_v6zH}?4A%^;k&u__T`R?@71C%Up}4F&zmhH&BLQ_9UD6{8$m;is;>9%OvTcx z`2Jbdvhyh^BK;W^GD^+Y^*KvDjs&Uwe@D%-|Ee^^{Zt6IW)Vvs(mn;P`N*& zg1m%?!rUl?Lqgj+j;{zrEg7OjsAalAu4>q|ccx`QZfDA{wXL=Lqkw0yL3?k#pYV79 zo3JaBG_|Dr%51uMdv)Vy?w$LNTM4{pPWg98coRPTzSdi=jCF?$FFok`Ja)2!kJv+ECYa!r$yI6ZVJv{m={> z3&P$@>NVNp%ZO7WQ5@Q~RRsj%obrp{KWFjmF7Bnj?|$(sUH#`rSKi(G=MBdH)eo)f znSt^rRS!mRcOGj~q<6cK$|la~y4KSG8heT8>zWI^^Nj z)G2xCxn5OdQxDCV$YKEQW)HmFRMI z+@f1x05?sgK-c#vu6Hejmq{X6BHgnsf%3T;JalTMZ%+2tdcqjBuLNJ>hoX+1tLeL8f7S!D%ZO4mx|1p4 zwK3N>Ftr#|LGE6-^hrsx+RltRg>@6p3P>Gns=H(oc zJ8mO{Uh%zUz9H`}X_4{pp#F@Sl@F9qrZ0x=fZ$!aN`+M}+Ym=bTZz?h)Q)FMi5-Vd zW>Cqs#Y^6>Cn21OE`%G&#LNs`7id6eq;6`ObF8ysV{dOy!^|uOG-+syw#;YFBDspj zI-8U7tx&q*O(bsFbFNJF6C2Q4ZrANuE?OxvSuj01Im%E+&NmL~>gpQyS6*8l zs>+1Q?hLSDX;9uvgDvwXr`j3KMOIfK>A*x1TqDIj?<0BY6}5(!J1Zg4f-{ z!*ISWe7NjGs>dB-8t;Y#Ki=clGfjR2-VD`gK|$C&J8jGa&)&LeI4n^L3JK9Xe*7Ai zijZ@rLUwn8pf}6A+N&bn>=RB}S6_Vl_Ko1VdEBQ@pXACcb%^;~)cDSJ15w+LXRlXw zduIpPSL5S@5&it#1(9cI>GO)Ams~chKO;Y46A~JgNZ8qx*4EXrI_&BT3Jb6FDQX5o zCN@Jpvyl+-%Xy*MpIoKJ<&1UUiEN4w0jr_az}g6&Y)!v_JgHnCO|aEsGo$s=kRo!v zJwSqugOjs$^{v83KHZHZoumbt56`$3dzWtbo?9hAVQ_Db{D*7TuItx_ZE@PusC6E! zBp!ab$}_z1zZ*DL5cYRl{$xw|=EqXhT&GRPz z3$&mN8yy?%EpsLmY>FBHHA?DDQs3qeY8N?lA_T0apV&->QkrTxX~Dv5xIPzxrMI-i z%L5x)kG!wQme0LEH*WX9a8OVqSC|@GQK`P7dMX45#R_O zK6&=+4LtgQq@$e$qqZ{3-?kfLol7HLO>1y{#f=4e+v1> ziV7RmTNxDT0xKcI1s85$wbi3XN~9C7TkowUBs(MtsA`>6wo)vq$rV>Rbz=L7Ws|a4ifDItU(m4rf;O$In`pG6k5$0LMenV zF{4~SZ@LMs``&sgB~me6b>R*H&#w9&;bFcZx0=L;@9Aqlck6D~47t`mztckNWvegq zbZS|_x8~CTz)_^Xh*nuXwbQgV9ub9g7qQtV2hbzq;ChvAO{}Z^&%FiN6r+V)M^@|U z=U}f^cEbx)3XR=el%7jL=d{LSP07e~KR$f2C7DfyhtK#KFzwhhH~dd`aS(t;CjIyu zJ3FPoFL{0YCOuUfn%Z%4bkx$-C7qX-=jG!g=T9cMokh;b2o0cb%LYI9ZsPAqQAEV{LB!lg(_r z?IW7`M7hdaD|R%&0J&^Yor;0qFJ6?}5ifZ2T{}D>L_N$*6~TbrlcgRS&Ei5YJh}u^ zDemm?v5E|x9wG3WO#Np@Zzx27m6d5K&OR?*6~$D@(8m+Pxq;s6uhm2;BHhJUj*pjH z&T52@{CxR}Tt=r5)r(}#|1<57t1Q{mO8z_=kM8VbKsyqNz*&o?I3bsBXF=}dpOheop83}N67k{MPf&!VLRX5#z0m6#)~=yBr!OF3(;vXmGq=7@ zB{E!b5yw3`R`j-Ijx^(|k5~7%38^8Ik!oviC(;qreO|{sB_ME9)t#tz=5#%;%#ceb zD;Rpp&dy%(u+gxHhKENTZr1kxzQW6wFJtzg@~}OERjk5xqd$Vxh(bN0Yi4OFy(>}J z2sTV(?D^Trh{=Hzcod*rXZC`f#YIH&9HW2yco@qa}8hA5a@9uPA%+=*d!d89Sr&x~Zw+*hHUEKhm(h7Yq{phJZ}K zQ`{5hG?~0l4!pyCrmCc7x&L*~+MZrE?@3NhHb92Z5pdaL#kd?BXtBLX6!K*;8|SV% zoc0b#vfr6c*KLmg2%-S@jMaKs4#Xr+on0@qk%(v1mXe@bl--V48zNLP8dJw8zz7LuVH3iku zd$r1!=-0&ph=_=KD=h?A%|_qQD&%%W3V0ao_#rB?4$il z%z8SI8Dwm3?NF#6dW}QpWN=;P_3uyUe$NvLFwdwv&wU6v#ztH*t1>PFcYM|dWOI^NQ_0NMt<@hC+Egq)I&i;ObB)es!_uMq5> zn>RFQMuea2%x53Zk8Es@DMSds1}MysU2!@~nVMa#-6Au!=05MV{mDa1VQ z1ow!RhLujjf1x8?`V6W0mWa!ONpZ;6!S#=k!`#}VjEVdzwWw(M^q2N1_^+gqZ^!7o z*%9erd+3?3lFbxO1U+(Cr)KUQ+wZWQ+03R@M{Vp9h8H#AUxzmE)YSzX! zr{%($oiVArJQcK)UYaWHf4A7Xd=+LBj4S50&=|Gx3V~U$A9ZIJ?O8eVAi~YHeawbl z^tE_UyKbOgiEWI|3cE?aaI8y;&P0cdjAg!zY|ko*$5Rmw4vxmp1!vCAYo>hO-#KE9 z&QvS-L;{Sr_ghcOc-SH(x)wT-@AGDtSNb4l@tB;PTrt{pAcR7_6yMfBEypraT~hLU zN0Y{nl9EuhoEcETu7Yz1icMo@yL;oGh&yXx+ZjpA zY_LIy}P%7Do4r;4k$> zn}6sNw-c;{P3`^S?QqNH?ZY|H_D<*n_W;^@c^ud$t}ltgODj5$1}I zz_H6q?YoM=u8+)gI*4)3=*gnHaurd^fZF3tRh%yLB)_6%3pM=LxH%cgd)>iOBF zwO1EmjnU>j`zyZgc-OlHI?P7@j92b2^-Ufij->wydYXQK;b{LwjnI zk-1z;+C9P~QWd)TKoy+U zVENE}6RXwwjboQSLmge+jCW(h8L|cCd87l&w1~-b-2f5X0_Ag;YJg|qP`s8_MCdB* zP321=(j;}BW6gJw5Vn(tPJcIver=?=Y2?JLGjJh6s}L&PAf^n>_48Zq%ZPVFxMnNY zNIR2km=@M(H_!l?oMAuX5s(CQt}~;x2gzEuv`aOwXlL^uD7v+t9kc*GIl~00OQW8V zly_F*9g?A(=rL@&$!;=Os4O8shyoy}`w)_&mR(rL(wC_&tLtgx8tRm|rnaOq19+T~ zQKiy2IUzv{DlyXTWUHpVdHn*AYxdA)0Zg8z18YGOOp|8fts4Nv0#}z|K04dpDk$zGdE*b8rad0U0n(2bFIrr1LoaYBeSJwOrdoBsh2c&@zXwD5GG}F z**vh;$jn6`PUXRDgPZpqz@nCrx3MXvQGA@s1CdF~Im6kSJrnPv7k>NpLf{=77Wpt+ zA&jdySPM;sMpiMK?(aLAL}7MvBxaLDZ(81rFDE7`Pfo60XK-j}Dsb9+^#u(2XPq@^ zmhRgSX~}h_qUpm1XguD*W9Vy|;p+){P#|Au{s`nti+}tRm&Xs3hu~v*YRb+f+TkJD z$6FaE@YrYPRAz82*kqzf9A83SLauoCim0Td0@M;x7}SSJq2Lz~Gmn$r{v;z$q!59~ zb9t`~u{K^IB~PR9r%Q{vH@mY37GP<-mU;4*B#N@qQjqv6U;Fe4dvb$8gcHkNGTLER z8r)NcN^-trEKepq&&l$8HK&*pp5wr8Ag$t*&r#yl91tOuI#iRY+VldSDOV&)xi(lO z>>P8E3)gmd_i|}+nDW(0Qb_O&J5I*UOT{M0PXH9&N(y1nkY6| zQrBm*-R^G`LeQ^XU!1$tIc!1*a4 zOf6$Gn@Hc*5nEX;drZu2^$P4!Uq5k$+{%a(|C;E$;YIP}@iTr%252a1UP2tCDo@b=Ic*TrDbmfbN)I4l)&5D)pKbC~ zNkSqRsQ%ou89C|x$-!n6@AsZ5ZYpa{gMs3-~%Ya@k$ zV)fA4gxG#Fxv_{oYq+j{<3nZC11yfN=q-KcEYh6|9J6WrvXC3O2r!8KBXvSFPdJog zNJ34Of!(JfJl?BA|+HIp*K;fA@qQRW(5%e z4NXeuH6cXl5Q>U`fV4n}bfkw+q=a71jQf4R_ntAnbH8)P_n!O59XDe*aHOm?*P3(w z%JV$G-vWCf9?@I$$gooI67K>VfMcHmyX{Ix+E9Vy3 zwp6BBc1&XQ%*^zh2#5n48ygv@Tuvnm%SU5*1$hxgMMYD8P=RzczHPLwc5|qQ>)^*R z;AQ>F=2!An(ym*h!Cm2xXuK5B@48#?kLOVwWTAX&-7-$5KW`?1xgN`r_rB(aRrSm0xqZCD|x-6DTEI1Uq4S&$V zS1aYF$+^e%yPAMZuywm_Yt>~20!=YT{ER#^gL zWKprqDdTKr3pR1jKxA@k90oreu)*E=o3@sg^lyJm@N72IzI@59PjRnZ=z~BYZ;8o! zz9C0d{HwZsi`M)mfct-kvrTBTUM-Z8l!Qb@t9cl~vbQcCnmb}tHC+i=H6q&cKfmaR<88N^QWA&4qq;RF+OY560qsH%V9wHVq zT%~r-2?eCWZM)i?0>fw3A^@xeR9P(_ZM|ajnoYEI{UW)@cEh>hmAaRYPb~k!!NMCr zrMZq9mbno$h4p%Tdgvr-WCJ++*b=BTXW*v5;?EB#g5gDRL_9tDyEQWH=}ES(#IN31 z8$8yK<1Dx6v6u$q&Nw+z2R+L4Ul2vJ8}ZH4Pp@up3nzn$P9g;TicLJ*+pydB)RB4; z{lYWR!O9hS+Ja3#1)6sm2D}iF-W17$eHIoy+kUa3^j;GifbqVT9eb?Ebs%!65(|PL zm#I0KZO`GO6PMf$+{4zUN)zV>s%k%sxQ9h^g={RZqq7=yDD`;ZQ ziH(I}6nK|A6&$M9?sb>0>72qV0sf#ZWRuEg?B539@XC!uU2Q$RI3Mb*HsFLyECb6{ zCmSmt0mATH+i$yj4?mbayq-8YJDVSdGbU$KOL_|p4@1DoGLItRRGhQaLa<#Sl-Osn zu_`g(Hzo%$(g-z93s!+(1}Y?j)ukoyNwR$)DvXUyxeD1<-YxBO8}cF3-AgevUP2VY zVh-@?A_~(r**f)J@gUX&5oJ8!i`M#AUn38A>N^%J;J}GHHAq;_$2Z#4JZfkj(*_Ly zK*&7g)`v7}_GM(M_a&^}@M9vPy1)6KWb6BY87}9DP-oyt-b7iHe-{xTU6TWcKk`N< zsxuW~U8zRfk2V9iWPEEFR0W6?rzR&0_YLTh7fP={2zAPLfT;sfm+}0IlXGO{Z;u{N z{x7rQA&+_&*iQ6ZZ=ji&0y3^XElo*jNM?*$H?Tz;;V$ZFX`#jg$kbzr`zOq{R%zB6 zZ&s@T>W=5OW-nv!7JVB{6^g!~ngMVGAF6423MMWoDL2Et-pQXI;Q!PDL>ni+zp%2lcGt`6RZ|oX7FFir z^m+C)3O@S>BZdb12UZO`u6J<1Mw>$-_tc0#bcyxgF4&}kG0y;QDj2AA`%rMOTp;s4 z2&RuFNzPcxEPdBI@(hS$Nsgf0xi<4b2M$3=U0GfyHEupq9-*HubLr#nRIr&pc#Tq) zx(Q-RL-*S4OOy*ti)J7{jp4R=LVQhjX{UdCY$*oZ0*L=s)>m4+{cqpTB$0Z+_Dq{0 zgaddN0Di5Vou*Oo$uUp>Q3^}-xadD`*0yscSG7dLf*8igN(bmqk73FYo)jE?$-leO* zE#5xR_*;umsrnN{=D%M5mJI*zBmEcJiq(ruk5_*nRQS$t9QxX`8%JZa$igy&6Ze>y z+=yp?IF{a`I_*r!2wWEJ)ECMyZP5%ILkV?MJuz#zD z;@1WI=lT8PfR07wozj(N8B^;zr+#fl_=jfmRxtr>Q<=FKKima6laH!rKwK^?TyRjC z+Rz*|TB^dUfYME_SgM&@VM&%{2x%ZB5CGA8s#$on7{98xX^T2YUAEi?dZkm3HY#(NhbBnit3`1H`00w-@4$QYS1U z4>7q(063tXxK8`o;?XE1h_h=y_&VHfjFWSVAynjv#ENGi0)nA$-~9FB_aj3ec0QT^ z{*i??xGMSLcg`*lAmf&^!rDeDrr?n-q?ggEprcYy=OclHOW#*!04$`u=w0Z4VN>MXe1%UU2Rv;~Br zCw2UWu=x(_z5^uzJZIc=ZOd$ej-C=V2H74XfC4Fkas43)VM$?miVBZ%@a>rg5?bis zVZWQtRL|uI1<<>C!zX(4H2uWO4>4`6%9!JJkxi;%>Rb-1ZeOxGWqq#K-35b@O$gne?ctcJqV5iB7 z0?AB98CF}Qz5cPwc z2Swd-EPb?v4cx#3w#$WU;HFzq(Fwe%Cg30Qk*e<1)3T%D7MVg9Xt@Ar0oKnHkPtI} z9cEgYqSWpPSZ}{Q0#V@gG~pC)5|$FxIToyV6*3U=^9|Tt>|mohUh3?3ukafcD>%vI zvBPspHS66;PZ#q0c;HQ9-=$>MhDj(Vm)&{$Cp(L9I==qG-So8R0okHFcAA`Mvjg$+ z#tX2&^^n{1=0SVyR>*~61M7f|p0G6CH_;Ud{M5Y)8&i;hTd1zQ(}?0FJpb|q-p4+> zuQ-1E^&3->C8dKGcCGR;c=UuY1i(Pg zU6gmk zVfbV0CS!}ph*=B9Kv>`=x%CLAm>eR-&k3<0!ecV%~BCeL$F{K6$T}uP=<(u zCxR_A;=jjU+k0>x@a%er4>sZ*0_FFy$VMT45db6bQ$II8+InP*@_p9w>6W~FxoDr> z`v8njqnP9J@#7-a#b0E07AF?sa2J@ERwhCuln4j4KX<1NuHBG#ZvFDXmlk`~Mt8I` z+1a!&6LPuCi8LEeKEhNP^eU9??$)taaH@eSPH#fNh26sPq$%EXsyJtIX#$Tq9cEm= z{Y-)PJf5uTZrbcXx4%A|=y@89fA?}~>V;QZZ6!~WLS?&Bj+~5(4U{k3l6qWqjx)rW z`_w7qLa&YFOy`Vwb6R|1W#C{x_>OVCz8=Kr)7W1adG3PeU-%)Us(dE^Sv0#1E)au_ zVc&8R?{rJf00D|V8N2*bW+UeoW+18Fso?tcLUi`GZ@R2NCdl+S5NDH914iDpwq)Y6 z@#Hc{Kw%pht;PMWA|_YN;1%<|1MQ0B4D+BPn_CR4!T`UtqTh?7R%=heuy;IJ{8vL< z28$CvU%u2^4mUV*WLs2RE`b( zvIS+SeSm*qSW7_Nqn5Yw0LGL7U(}iL#Us}?k25kx0DQy(7B+6Q{Rh}kOiW)ZxK5ee zeN&%SXIZ9?ynww5$o-&_$z$eMIpRdkbtB=bS4*}!Qi%^3L<^7h*dnL`0ZhHG&fw;w z6`ooWA)u~LPshO2!lHUNP(o+|giF;PlKM8Osb0QyyIpgDXSFxOudFVA*vSEP@3|*E zJy+J(Vu1{0P8yC=AJvViuTKN0(&QBNEpGTVGY)NpW*?jJBi9M=3$`>2>p7IjkM5*` z)Nyn3(bo2+6~z}YJ4;qR5*vq@JT@Sm?_HYf)UbPL+Qnx3{RhJPk>0=7&4VIwalrk3 z5cT%(05zr|MM!03rO8B1Ucne))7b|xdK@M4odB^&!C(N7=ht56AK-6up!(XO1mqp^ z@4=m6a(fw35;JES^0R0`wevqTrXY%6)JhJqYWj=uosad8!5hC`|9Lp^_hb?pl`&3^`mK+pT%9_HT%_&+3h{XcMjE8*6! zBPbvQ2P_qM4c*}gW%@{Fa3=AEW&#kfbPTmV-BTuI;8DmWl;+wJj^HRFAY-gHin2yC z5Ghd648HVZjKN5KWC7u}hn~UOBbbCzkAXAQ833Vjwek<&DJd)U7Fg3lYTftJ=CVMv zHbLLvi|Q6VoN7!p5|H;`oZI6WAk?g4`aj+3=+Fo93!{eWGIEBV=w2}*>@)`h-?t&! z4Eip{*QXH%%3O;8UZ8{4$3%6#eINv@`*wKSjp`*JD1@6x)mER^qT&tMZ-xiaG+7r)YAqx8I4q!(Z{O1dGMnDI!}Sa=%0lbw1K2+U08J{n z_ZGnJthgkZ~#{x;`-hd1+tzuaVw&iXK46-u?1B5!)*~P5163xwlqB|7$ zGPgoMVAep*bXH#KqZGL#-~t~9aDn{;9%cuHPR*gVWC{Nn6~J$OB0?iX!O)#~>*l8; zPuFgSk8?>n)TksYwSNz84^1PxkLj%VY}{>JnJRT9yC`q0(3(~lD(7DF5sn(GZbow2Gndbk{f^?YCz|E zlXtMxs96@z53%DNoSMt(ckKi6UYGB)A6)wKpGamg6q^iOQIzwW;gj^65QYM`cWb$B z?t6J0Xgk0U0Zo#6R*sBb`PgZIW?UUgg>3uG#@`V555|&UUjb(FrWphJyk>EM4S@ZKeF*|0Xo&{tgMjN&wcUk-Nv;>*9g<6d(n6B~GC z&^a+2sTxvie0BZv5qk&w^Mtc!VtgdUZ7v>p#%}aJ9f)l@?xdE$8MGMt)`N94{|h$e zzP7`unw|}cB&-l3KA*mCpby}kT4a4(nXNu!MZ_-pjDLU{}^Iax4BSqBaKmu?2Y&tL_k(O3W#zD9ufC`sP2 zZW*kh=yx$Fgx!1+QQgv^EUBj9b`LqWiy^+Q=4n6uO%?VhI(_32g9t&fL zi$Dj!w9@V>3-1y=Ajc+_uwU@h0K#}KIj?u13K7c{X~B@kyeMDDMkxAm55|f@Et>UH zVNS{V45bTbP*7k8V6CfsE7Q2vjt-MOjs%&il`=dMDMq(U+n5ee&X zfG9W?(6Z-42mAcjm-_2!=^e+idNTst#VpG#fQjA?{B}jmrre0d($*z}oFltrcP>%cUXv2r z@r?(?5&(d6*mzH^*M>lhjkJq__Ih&cUfKiD*hcu`MMH+i@${{8Pz5j)kPgP;FhCCt zG>t*Aw*Pa{($6Nw={;=6C|yiLY#@jBk3ZO|`HP`4L0Kt#c!D^=g=re_4WK|LklsLU zR0qLQRVzV=f4heQ>KJxR+K<0t-1s3=hOG5OmTF@D*}Tt4u#+4N_Fo@jY&H+uAF|S8 z;yywnq45czY+!rgtDy|mcB6=E^j{S~@k{4_tuYS*sL@%x?WgmPh-2p`+=+4g|Hm4O zdv<>?O$tcLtDiI}f?C}^^X$n^>c6UaIxl#f3SI>MMj6z#_$SqSVQ#}=#s&9ZoM#@| z0FhJo(>NMgu5f{OxnHN(g7w7WaT}LF&A?y3a8o<{h9N_FdTH!b&MWphgjCSx{Go~i z?_*3%^I-q}8tuQQw#Or4K{3$EGDJBa^pZZxm?}RdM!}L>Ms_T0uhKbeoljoe)Y0)M zBQp8tN25`D;t=fJ>ffJ%p*$x3W_S934O9(rJ-3`4>(;R|Y$OS|J1bre)up`n{yR|E zFfkpR1HTO6A9u|*GBP^wR0dj*dgmYopS5>@^7JQ9amyn5fK^6k10PMxLvr7EQz>xi z!F~3GciFc;Jy}^^smwvNzpJ@@e7S{L0UU2%5)A#|E8y^r9>RK6u@emHUebPBZy^Da z8;F-4T{ri9m%*O@S@+CC7GQ^mXJM*Hvs#`?xsBEAppq%cDsF~^&_k*Tt#QGBQB-tOB`wJp3JWdBd}#i?VkFU_14HocmJ~70 ze5b-Cdxw>Ea;`GiyuV+;Yo!zb(yj4VeS2tWimRG>X{A;mH#blk*3j>WY6AL|T!P@$ zzVR*Y*tj^n$$|^5o`8($ca7)AC6ZARvqoLNHj#2uNE{6T@~4 z^ePoK?#Xgq#e%^^hb^5lf%&{PGJ+ca1HY2t4(`jp_{{!;)pqARz^~%o+L3pjF~qzO zLah`Gz*iYFJ9I-MqvCbm-S#30ppOxkkTCcKV9|fgst za6iHju`s+F|6cXd$KbVWvFAUT{{c_0&OkJ)2VKh-S=vY zHTsnOGAunkEwoly&+&2xcUyDN4Fhh=afpYet5XB3wca{ z<$S-vEVqV`S9&HJ~VX}{<2=TU#U|KPa;cFPXi!O7n|8bG*e57?yf zc_0@z1)6ULa(Q8C{pAVH6K`=i97=^N7c^3UpaF@3{Mlt^4g{oEveR3Y?rMXj1L$3V zuS`u(iwFq`W$pjB!K{f;UL{|e+pT2fpt97E4-wi4VwWT&{Av})A@+_l=h}n}tTHpQ z(hRjSn2xajBx{~M>ayaf6Nkazb4K?H!(3va8#e9i=O%Gs@c4w1)q_Fe(lyc6oxO>T zl#y~%U#c}q^EA8SeTnau()S>*xgNZ>jSLqEm#qK7rgLAy@Z}#*{}6e_a$5K|Qh@C} zzy1;Zv{63CMEidGBS(G@sxNBO@$EX88D zL9lP#+}v%2)y+Y2$X(OD=?x0?UFrf=7c2(8iy9nVP1x^aFE!_{;4+rHA z!YvTgSSoRCebba5QZXE48!;$C$S>WuGO{S@jb($N?Mj3%$ZY^t`*H&gi%qUcH96Q1 zg6Kiqih0Kd%|7^M>Gr^)#TV?)HQgEoT|3iTVme*0&(Qo~4MjIU;?UMC6oV^lCVF~z z&nF6NcWRk9L+pD({`~G*JwZu;{}?d!Y3gsDn?GF-Q$J#03jD&RBuFcNf@i)Qfx&9p zwzo=83%Lv>$H0t-Jz}a99}A0#8q^5=*_FeYnwL2~?ojbzFqX>F)6rBb4-sPK7J<0L zCF2oC28|8P1t0?-O75<5io30i_}hw+Ix@d#Wq!`QA0+AbB#QTXextX%=XcMfpM8TT zUVKJpYw_PcHeqRA=bOb}06JiXJ>1Dlk<=p8E2(um>7u3g79?Pn+@&_EOXFwP(n9o$ zgZDQ;(;Hz&W;BJ?2mbUDp)*dj_}h^1``_Pc!32nBCZD9c4?lbTRUc%^TKt;!S|7uzHVXU`!twz83c@a@Um-J?iI7sa6aaU3yoN@~IByR27?%e8*Q4a&<&AWe`|Kaf^`~2f9of|yy zqf3g}JDW7`2_K39;X46IdwPpZJ`$H2?;;k_JRu@12K6#R4=sjfl8wpa6E7OH4fGIe z*^)id#zrQ&vDy6c7=0GSJ)TWUbC z>n=7k)5164zJ-PNs}pUp=(&ob?t9k?i%Ht{4|BnT%}CT6lW1h?tsNpz1@kDqW-M}l zdMcrJAe`#FQT;#(Z#9oUZoKb_x2QK~C0Y+Flq*i|tZpf-Y$@&R@8#pEt~gAY7n?>{{K_%aDR!AtG(Sbm9X`{L(5UMFVo z5l`7U^WT|1-nt9r?9D|ePHy;<#Z?oIf>`XMVZ>X20P_4EOwg>aS@z-rv&E#T42%r; z3qHR6cg)Mgbn>6&;8*`iWxoH9n(_bQOHL*h+UP#_5e+pa#-H5YSpFjAv16#=LrjmG zUVGfQPh$SqEx^OtwzR=Z3WCANv+WxyCjRQ|EKz*5rLp|hN?y;6(7%NR+FAvC{80}A z-kT4AwAygi zO7-Cpw90$n#y)O%4PsBb)%q9ebIV_qkRgv!6_ht~PsU(uMz&9?uhN!>gzp8G z*WD&`O7wQ>f1}K^uqS=M!c_9CIq7XA^?*PX2RxxGWQNlvKwYcACTv%n$WKkNIj>L! zPXe=KZR>`GUEwk%`b3M*Cl|yhNcEQ@9qvE#Zs5xpC^U4m!u53)jpoS-}S)O84B9aQU>w@O2;UN zEdxVBRZklQ7MJU$;c;Ez80e&@H1E*nr@8BTW>$p{qpjJIlC{K4Sjz<>V_te<#e;&Y zrV&Nx28XY9QfvLyC-f|=3ZsL&4T3AI8T+GeuAVvuOTtj7&j2|>- z#0*xLu@IB|J1FUGY|>Uv9E<^-3Onz)si5yGL6+8^XzE@X7mgGqY^oH~_G#m{WuE zf|dPi_bc9O^&iS3?diAon-x4B)c@tr=cnH2sU@$i`yl7KY}{+5@conn`gcB=gNY6L zwl~luM?dhPS#RXuYt~2oe&hBY+=p|^TCe_kpnmecCnUi=@Zd<$b!1>OTU_rQWVd&l z53paQu9|u=bnH{f_Uf$qK4p)>j=8tu5U}iZ(Q6$mXW9p?a(t<7_?nQHeFytyj3Fj# zKSMdJ`|^%Ts=I|{5XxZ%f;^N$Bs)60hnPnNX5+dZ70gz+Jw5Bux-WT*M{K|Sul6eV zV~5dx+h>CU1%|7m+{CWsz!8ZQ9pNsue*gj(@-tBO+#k@ehI)s(?o z=(XS=OI>S|Ot8sg6UIrT1MW<{Q@l6>x23!%2sF%$y}KvPJ)zUN$I*|ut28-)wg?@} zuT;oPm=UOROiPNp!oN=}8GzFonyClY-yv_m*TLC?tnY$O4*i$aq}*wFGN*WO2?Ti! zv^2th+>9~N^NPou`gr#k_co}w-0EaGjB1-joGsm65B@pNYO(Y2?%woTc{R!-YJcgQ zFFLy9g`>6qXg6f_34;Evv4exY!ovEGfMrz>yxsnr=(=Z*;vKhnVdT;{W#=ash*F@?fU z)COht1LyZ$IZV{K_Eh_0&TSzb_T-1ahVBUT3ZHf@yc;_D>DP>bt^8aaI*Q52cy<&U zGCI=wO^Z?}ZyP)jpet2mrqg(xDR60>`86y5m4Wt!Yd$kA__Ep5Ph4av>mTn5R72k9 zbSqF*^5~Al_WXljtzE10y3d6#XsXFL5Tur6IB*idJ{B8y{#YaTiHLnSD!90S#-~rM z(%CJlvn;A0;`EMHIr%z_v0db5^QArKCJu7wghIL6D=#!R#Ttj>Q)ly#(N$huT6Tm~ z7YF~|9VN)AtwTQ`(}%s6kBBSt0q1BO$;NXsGi=0aXSC;Gl;%aaUM-^9(5eWkYtR{ zy3H4WWmZ~tHG5QlFkjThD)qZUh@omd&NkUX#k&-=Y?$1etpHj73DYpW+(>>27;9x1x z&vgZ21KIxk5L*Po>10prT&5@Tn^x(I28Y>398s=-#Xc!~Oq@*yc)GHqM~Nh_N()4M{>pNZ?zA@ z`kgQ!CZC%qn?lVuhz(eA_2#1QmAt4Y@Wf^jPRcrMube5<@uO|B3Zt|6D;iL9-}y#H zv%fvo=?tvfdpx-MR3&k{=XHBhZN}{crFttw&(O9PG-uz(MicX0*m%$KSgDg`nK;Tf z5qQ`P>|I@u2FzAm9)xQV`7xu4Q1`1MeRM(*DL?i6wkzSTtNVuDa6UTeC2DGmJu>mS zUW>h4>>P5Iv~RvWsA)+bX*C*_4vyTO+%h&}@6&|0(zh^s0uTgg2%Vkhh@e!DD|_>0#z=zb!hYSxgl`~U!h3Z?Mu-OxoNEMoE^>b(Iv#gZ47F)$)?(S+@jW0 z^}di?OHNn^HT{7Xcdi$vPt3Zrvp++(9*ViH+_$f4Wi1%i-t|(vU3G6RyQ4sX;1@b# zW09#jGFlkCbx7G;T`rQhV!&di_)!10tMv;;FebWsLI&$t?WUk&aF95B<7ZW+ZTy9I z<%Svg1)|5M%r4&tpUknl0LI|(pGFd@-7Tu`^Q@4k0lXMKPyK8!bhQ5LBYu(vmX zPeRTxZCUv;PE%Inmuef084ZsBC@0hRh|{c^-=39ym`mcq1n)cTE#)|p%aL_uyP&-+ zdBR{%vuEUyUZ|bZBxvcoPh9H#`5;W1h!O4?r95weu8lgTW`;d>c-~;QwO5z5^1aO^ z>qO&t>+wp96r(jgZFtrR^$C+3Uf1F%>g=zQS|MKLl_5R772vp2hXaQXVgvIhxickM*9-ZhYYka)gO01~0RuVd`+ePiWD03$+}jwt z=xrvG@VeXxqHTMy9wDkD%33leA^r>Bf zljoSGc>BzaD~AlKJ2OmLj;R8*2RL72y3@vfeOpW^2s2io^#ONFiF&I>R_$(WGo=NH zBw{~M@L32D*F~?O&mf~#jI6{`{jih_U+SXZt+%oHa(3eSKU6h;l;s!10h)7;T>-5w!B3cOz+9#Oh76f}K}Sl) zTTG9E68YDEm^c^&G2>Hn{H{{Jui-`^)so_Uu2^|z|ngXd&y&}QQzjLRQS)kor}W^y6fxG2GuWQJ0iDczu2|>j)rj!JYfViV-0WxSTIh> z`qAPQfG$`JO6o!RI=8J>>n!*iuJsaUB)O2=&R9IYr+34_X*iT+1*J4Mym}7fHGaH! zaAEDruTy^X^Z4$q(Lg!kbS_}S;b7j#o14I$12+v|&X{NPESeuE}#Y2gs6 z^TENR+aX&sJ*}&gl*xe9c0wPnjY+c`KY(`w%GaRz+06 zP#fTw;D}~vJu&mT+Y_lF8oYxQImiB9$E=wR3OvnJpRaBP^DDF*9pIA2Gze)oT=O}^ z^?PM3%J1g@&S&%rXg}0&&4+HE;55JBM}2V+1(!a<*hSzq+HQ9;;+0=qeqqh+g@IDg z(hO$OGDDZKXr7@LWMT(U!%M5OMEqdWJ}mlR`67PsJ!HlvxNLuQ9JdC@a`5_i%j0`) zM(yUn4J5VK5R5K{zpSIPCmwNxODR3AtYaEK*jtWFZ+eZ}ogdU-Y!^qSNE*Mw+ka=f^0hqtOVso&{&fC|{&LH!)DwIo;vj>w~s zyW9iDMwb8#2g{}i>h?CyU_i>M;FPZ0(~FxBGFuY9Dvss{Kkl=LN2l=TH3;W5KtNAV z#w$=$;|7o9sp+F3J73de=(QW52WXg@xp|_3+s~WB9__}h?&Qk5bZBR7{_DnOb?h zZ353vtPSUj^tf@gepFNK*ST4%pIzVxN=_ajt$5|+<+e_F$q@DJjms{*eR-YKQ)tf~ z7k47`X{%P}n+CT$q2;W9a0NGDbsGQ}e)12q#Umn{^y_d;OvL|C&iubiEBx=l_T%Zt znZ{WmG2H%P@ew`i$?D}Iqu7-4$sPtg73Q-M9@U5|Y#{E;37KC<1Wd~n5MdAZ* z-l+cH<&S<{4&$DT1#pJz42n)*BY6Cq*Ntz%RMV^q%9Qr4&=0j*kAI&8?Zu9QFaJC| z1#V5Ct!#YLT2~l(+XG>?yqy=}*I7(U&Ha3G{Kh~49S z^+D-l@x_Jmrog%~Ke_5%P)&pc)Lx;d~aHf>ymqiOS;t!%H7 zs)H&GYP~Q6hU`6gv<8Or@7TgyBrh?%U3@UHmT@=)wzV3 zuIF$gdNS1*g|vGU#TfJ72UWUWV!?h3>TZR>P7EsIr&P~RmhD?{z8$gVB@Kz$#gP+T z5*#Q7NB!dxQr_LN|T!$hSYMJ^ic(0l7$K26Wj;`0_i)0O5Yvqrk z(Q4cGz3&{PLUCGqxkY@F#s`667xv#StQZW0_R+PrA?vYpUan#tJ2&U^(j%&T%1P9r->p$-x8ja(e}kG)kba=2HNkm|{^`39vQzu@-D>CiFB}Sw!#%k3jFdu0 ztj_dyhHin*l)iV6pLFc!QWv_$WcBx!XbQC-vh}5!bK922rNkhPettS=8=Je1AeMx| zhJVgnt=C)HleTuYQ7bzQ1%PM|u~NF`nU0)ZVJyEu6^nIm8~&`qjX0{obGZT=H6dRg z;TFVfG#^wYI(-_})tu~yh`ITP0_NXnxSbjj&`toVL*=n!mg zKc#wwegZ-g##p1airM;KfARDDX#aKUjmxG{A0T@@z-w__q z+WT4Tvav!=jE)?uubhQSh$ZZSkTJYl!e|4o7pLj9_34yG9^=vscR z==Fg@VP1V{KX&&cbCW%cS* z^u&oi!+#O--^1UnAm$Ix&utsIXjM4FKu9ifmDd{@e$HRniE1 zEk~pu{4P9w$qb<-UQg?3sK+Ss<*hQr49Q`9#P+!Sni~)ZI8ddz)JWJbu$2%Y1&o=rqMv1rJ&Xz?_>5pp{R5;_uAO2=uRC zwoR#!$t0Ak15BGzjlN@Mc-l2k4Aa{!U>cN|C7u{gC_@i?QHZDz8u1R6@GBX#HT%=B zx-<8fYJPcqKeIE^Gd5~qk5he*;!*QrMkpVCv@-68RB7$?q64wx1vMS8dZjS&St|NNbDdGG ztUpg^QwT4NC`~Nl9_x$3RtjD{4tGTAo>xiMpC9WT>kHo_^s`gK;0+>$Q8-|j66i>| z06<2!PkA;!{Y{98iTMZQ&Mnv;Eh62fO1edX6XJropO4g5>mIoWOL{Mz9j9)X^T@S2 zJvV#|91O-w8FdtLd)majp8tNJ z7dxIGg_!6Sjd&`8lcC?+)5<;7r?Iw``|_dIWrZ6^FQJ)3^n~_nlb%}O=&1Rt^+$Jc zR+g<3t!pxfnD~Lk{%t5dSS3fBYLmPYgAl<0| zCvfYu8sL9TD7uzeKOeYvSNinR0N5{{8H`WyQq1l?!1r<{XZ2O7ZbL9dL0Q@|cF@DC zyh%hctZ1`9RE3~xtFzogDdwr8^Q|o3?JLd?+~w-=UVU1<9w~CO*Yux`T$c z+aclGm-764U1npZs;A7NjeBN#B2NcN3!0nnf9Z@UZ{~+?Z(TDed6Ab^mu{E;>1&ZV zebch)6?USPwKRo*5Q{E=qT1ROJk8CJr=c+f7PI=T4xMt^r&I8?{YVxlQG8*d+dk+F z@_EPHv=O1XtqgyusJuWH)7PKl8KG8P<36FFcCw;*jWqjMqc{39m@5iA;`a7rF56Te z-%blAMS<3M0)$vb`ePqgKJyxTDl3)f2YD?3Pzb6gRsZ22w;WzDDwiOn5fJ1HeMO>a zijkk|DT7wIsW(PD*>?`FB**MkZ^n5=2A5e?u&z?yxrSkH=hls!?mobrc{Awt)j=z{ zHFLm>3wq1m%Am7Ad2BDGpNu~?Oh)~DCIW$gxohv|>5~ZEnex<&CBaW#_KUxoC!0anEy z5p|uIQ(wJhPq553mnO*e5`b<3k60iz& z-ERDOXYFAO(DNTpZ%Vs-m5bW$jebON3>rHy%0A~MC7N^gr<+fRCLV}6drr&`pLb$L$#Ujj{Ye>IoT<04&*gASMQxFkDV zsZJ|NUx`^r`XD>B5^0JlsEKWgJe^P2Fg)*iqwl8F26hzY|6r+F+rG>wJ+V3Dm{n-& zvmM*!2ThSJ+UwuBj<~ePTKf)J>#%5 z(T1a|o^+72^cWo7f|+odx}n7+NwWvVg_M%Rvg|`?WT#}|3t2724+a%vXnj85SAfpE zz9%bMSjJ5X%G;#VP6x9aH%=kB`toHV3iWxGGaKKwyEn*9q<2MJrWd0x8%pGhJj9Ch zZYoaV?Jw2>o^t+XrntGe^#p~I@Fn&@%QMR!L_~V=!wLmP75XkU2i$_vEXO$!(JqtT z_S(zmwAasx;1E_Ht3@8paY99qGlNF@XuY^kO$2wbXxgUG*;@~H!Z6)OYTf&KHz$SK7lOuzJeHyw%n9JCDnqrOxyafq5kL z#@P+a;58!L4alR86h<)B#0+sI6n6CPkK9ffYAI+|CG?mck!1Piu43+-=Fk(0ZaUr? zN_v+f3*7!%In!>2XgvL3$BWLM{nGjAjPj#4*ZWTeOF(vvU9(s#-uNEZ{?N8 zw=Hfv#`E#b^~sw)9G>vVvu93r-*wH(x!anz&99BM^@~nAA{ZssqsA4teaVVnAFfHP z=GZ3l<;a<7{XYxj^@08?SYrL6+zr?gd;NB5;$C2d+sYFEzT@RdOUKx&|96Y_>|HWF zdc7W3W@w?$;$5aJ&f#Cbzj&$tddtEs59R-8cO~iev1zR|-MV;HVyn-7U%u!^W|tcyG^sUIs&VLR6{`Ha}%g$doaE-lQ>`{59wWrm- zy}@zmi#)yoFMFoV$s--=c3a)J=>Q3S4o|(9ubrLYSqW7 zpDa}RF9+mC{Q4Z(DWz7<_x)9R@T#xhPEB~FbO|_$a78=)Klj~#Z)NuXvs?9FLQ z`TJC^=AFGOy~W?0r)YKbGT(a1ruywyni4<_Yfmd(Zu~h_m?jqL)3- zwWi7%eEFk#_PW3)izVXj>aY7&Uj6m`&H~^HJxj*f^Y$oY?r&bn{4w_Sx!mdhY6Bhi z&k9?d{+xB{n{6xAl3v{tj4SmiFFpz$JS^w{t`dJTK{Rs(&&;l)v#(vW3^`;79D<0c zyS{JvmN%MtUaDI=1+}ZM8B7#foCK`&y*}T1@^jk6s5?`-vW0>VT-s~4^Nnx3{wiQI z(qzh$e`UE_cB`HEx8>tHsm=dl_;c%JdbUj#axFbv7z}LC&pE@F^(T_Q{pt7L85|k0 zb#;s9`|nCM>@8x^+F`%iGafXemIz8-E>=tYoxRKC?=3RctA3>E_WN|&ii^URzNMHi z3G=+KyKsYK*2jxq%$$4Y1%1nv@en9q;k>B%X4#}y-8{iNK!aq!m8YE_p=T6;7EK@E z?>*SDM|q`uknI;xU#3qFIEePaIeFHWgMwH1fi=Vy(9kw)XwBaKo2l8PM)_>tv~tr z#l^*rjJ+VYC<_6%y?{XimN}R#F-CVqAOTXqCyKcY{PchJ=Y2`njxg HN@xNAlpGVj literal 104446 zcmcF~1yEdFmo0&i;0YcexVyUrcX!ur+}#ODaCdiicMTBS-5r7lcX&6S{r}9HnVNc4 zk1C-1-qZW;bIv|n*4iB;FDr%!hYbe-0f8tXF02Rv0S&x_!iRwb{=Jz!o`!%xATbjX zk{32}u(dRBgMbk4D^qh(jv2tns30LE%z`E&AiX3LkD_C(6_2Buhmj!2>PdXBeAJ)q zXCWZ+n!1`Q`)4pD5tSi*h;JJoO(DghVVD14%KJ|l={J4cdn2687ei^>H_sX!N9tgQOUl716bwBNiuF|Tr z2!SfJg!R&QU9yWl^U_#V0~@(v`XV%6L?}N|pqtq5`o6df48|fpFno@qiu@`(WE8(g zYb09uQHhX`UNR`~t2)%Ch2Uyt`$vBCe!)%uOMd%2nndPK2#CCMj#pXl4+Sh~218+R zqCE=WzRbVxUe2ldZs}ZVNH-WW9EevPF}f=SW#rE&#`IIFT!~^R@B*j0Nu<-{-IC=n zdJh?eYqk~V_gk1i6@qs1kw947Nw+9!eG!C1apMX5(O)S>1S%+KW#e7aHM!k(26&K! z+=eg#Ab3L|G>0lP?NI`DtH7zdNeP2)9=Au|Pa@jtczS5;J^0iZCJ$oo_SJ%!bNnx> z$h^Uo+SUkmB`oA%S8E$KZOdR+JA%>hU=`bL)+tWZY_yNI7VqDv6F@M0MwmrofXan3 zu#oe5_n7wq7V;y(D>L7BmH{N)%qVZfge${dHLcqO-hSd@8uPJ@eP^Hfco?WWvFJD5 zHIdqdg|$xEqd|aX{C%yuOCuZE=4>4{7RKjn^qV%bL0rTWkx?UScckPO4M-6x z8Exc0fj$;m;((fiuD|8@Iq>f0b9-9WrC51&RA9%ReLu!RdT6v*l-EE!KeK$5svTYx z(b#lEll(79tN{!QYFy%}@-YIoLRIe-DtiiC)O@bQTb-s*K`Jq*O)$SG6Eoh^69 z>vc~~HL?MPep@#o2((N%mtZ6YUy}sV(0=6SZdXXX_b_C>;_u;6x>yoTUTGJgFu)H( zg$TT&fGp{9mw!|5hpW#%{}##5ef+hoU(Gs-Db!q-PNQmbr_?z7>KE_V0^%@;S;Sm{ zgogg}1mS@=n_;hs48&QY14)R@0%4*EFCt0BkrhK@374X%w&k{A>`|J0Yl$180>s(R z-`s^7QlQTWUnw{^(j55TXJwhvaG}cxnPfMa@-?H-icpWYnc}*mw0+eTFbhC^Gea%yb8lK^>^2>JZrv^~k% zA@n{cY_yzlJ+gSC`vl%>uEDVQ;dS}13+SVgAy2~8z(9XR`7Zn2;5$~MOEb)AkTB5~ zQvt_s9`sR(vZ+$q0?X3Na+YNEsQ9Q4;v~^X1OD40!6bI#3%QV!qLaFlu!?VsLM{~~ zGzR1c6ez_hB_wiV3zV~K#r7K&116dCysNPnLXQN(NiO;w`b+xbwnfj;?J=7&vSq6> zT@?%|_hWlw6(tdO5O(l(%BriYtEyYhg+W>8L_3N*P=kAM_*6dG=JI7lGzVzKq0Q0F zA&b&&GG0qmy?aRC6Nvg6cT`8sI zCzohuYnHf+)QN?ag3Es>ZWYqXQ>$@jJ1dpRrInv#;uWRmwF`Ph+(TdOVUr*_gndFx z7j6H66sCk7vHxM^>u9#azSPgSOXf>Dne6;;WLnHRHR28#;1X~}y#FjmnQPgC=8k4x zEf>~@?$j=@F_S7I5|cFpU&JK-4tp@a`CVbM0&WhUX~gXH%&rBd`RQDH`IAOK5o%#f zR*h(Z?p`}xxkVYbf=m1f#tL&YZw{-NNBC|y-A6CmOI%*%F->|+oAOnpwjp<~`#1Mp z_l8el_XU?82p`_GzuA9th!BqBh%<@UhWO3@5JB!kyS_Q&Q)1Gv;;tFEA}U=WFlyMe zMWIBYqw1Sos$Ke-_tpa$8Y+8?a*PuhEm>Q>fBr`Pg>;F`X=2pK^6+ag&hTiG7efPs z9D|;@uFdnZ;F6zJl!bzo-B>hu--vUn`ulk@`o!P}RkwMKN(!s_u_bLKT|>L!m&L|; z7%R4=+6cl>JA7hnCC1%++L_rgw!Zqs>nz-Ex?#Gp^3{_W^{FZeqq$IC_Un|k8n1k> zyeFNvhyk!jZb)HBHXqAyo5FX(=Tc2&1!UpVuv2v-YOwn78$ipnCe03w7m9lrdlhu$ zbSMef3D#;#bH;NrNxN~Tiw(~jCkTBiE?1GbblF8b$s682iAZjv(M^qSXnJJg=9pHW`A zpYhf4O7BW{A!rCVG8r;i<%t>SDrtTRMB2$~$~(#1R66`xUf+E$C~n%H9GPP2#g?Gc zdy=-!W$^rUDrKi2;x7+mFmiU_z4-fqaBUnn{y`#h@bpAb zPmluY5IJ9%b6`5A7o9&IGcQ=~?gJDG&N+xn`3^Fd7yR}ABDg_Stb7ZK| zsL?khJ{!XJR2*KEN3k-LZQ2+vP&cGw2@T^_zn{H)hZTj@!t{m-mFdQW5=3f(i)S!Pvfk{+@xd-W2Bv@&wccqbIksW{YzrV z*v_a`k_n5=S!=+>)2@x4FO9ecuzJP@&)>^Mx?_la4}-$~)K+_gHH-)zYPmpspAmt{1-Hmoe-wYHUiZ_PG- zYbQ1uUJ!Q{xA$!OkYiqOGMb&H=Mv=XbP~Sm)jU{NY#y|0C~+i zJwI!?Ha4&42=Orz*Y(WgJcAv{AJ4MLsich4*x7W-;C|yfSFW|Jj!j!;dktY#)>Hpi zV%o6uuz-j~+?5&QX=QKe!};Q^*sZ(1x3b&mKP@oWZ&IbX?;1hwLn}%#vO3(nXO4$S z?e*5pGXs=oD$OL@t=q8D!R+)%AC}+D_Clq8d&Qi zZ1`6K%Iz zK()O^f2qEodzMWYHF^hyr|XS&@$s{vOm*+L++}OE?o#B6*EQp+{Y7X) zEG?pizsZa1hI8Yh=2=5eTu-t?)641+Jg-GJPbq| z;wnBF^(t7%MsoY%@VvvI_ra>N5kek{`;Ikr2BGtn`iNJS)%;M!dR04wlRb8kkVx{u zc44K+H+qckeV;!!+(SgJd+nAO>u360bau{3ieIxqj4-3y2)ade2sA7VDFhfC)7#Ye zK*<}~OVi_|8v$hltgX0)0|W$$Bt6+Rrpp@u0Q&x9WmyzZ&vazBwFt#xS(YadL z0;3@yc=%my4U8;6js%7v6EkaGqSKZRA_6mGULrMC83q|!A&{w=xVt?_$z4|2$lbz- z)0l{#kATOO3lLxhax@@twX(E!;Bw_9`a>=k@cQ>u6?UP4HWyfuW6)BQFu4>7P@uvi(P_wZmV_1S}Z6tAQ;&BOSxHA*_c2IV+1<@;l9BiEIjX)yKAZthBzaM67^v`E)o$M|D zn5nT5J;)Md1q^cl6l477QMRTwjy4XaHvi2${<;0nY;3uN>_G-VEK|0zvHW|Zk&YWDJbVtbdE9{H@ksp8^RRID&YIes3KuBO@&Xt1=S<7Yhd$11Bv5@R#Aw zp)!Cm7#lbm{HMX}%8X20EKFPsO#fl9jjzvwkd38{y^M`9u;$GFeq90p2<&aZW|qK>zkq_@77sien54Lw z1F*erf1M#EklkOeEX@f1Fib83qu=L&m&oY1A%KjD{<>`TUo7tbZW@1zbuk42LjMQb z_;Z+p4cO7ez#b%E0&K+p&H(BEyBRnbIRDT3vly}%Fmp1n(;BcCFwg?OfN_99oU}}A z42BFW?8aagF#F&0|Np1|UkhwxYG7>w0^BS;(f|95{&(j7U+&2NeE|QTcjUjG5&dr$ z`=`Ot|7TnL!4tu1M(0 z%Sro5`Jp%em|RAa!&qu^lP!NLvk6BT5Sy?dUiAp0pC}D4t>FR_3X+!$EVu8>rEu7GLrm4{QASIS8x8j`&a^< zxLyCVpSzG&RB+GPcp>mr*V}bj7V( zFE`_w7T&$bj}fyDQq-bnON$a^`GVAzdrwY2XoZbwbKAc915R!gQ`z_~?LR$X82+3a z1mxo$^li-5auXiYw^5p@MEX^=7E<$VO$W>NjqhGgo>?0~{f&cSy3TNyE=#U$V}Y0+ z1N|sIkHqJ9ccQEPQk%alb(F)Oz0>(9q+Ey;SB`T7Ki<9@smSlCbB1r7swJv(i*GrS zqi|ff1;a-itjA>sc@}ph^eKlLE~CQ^99P^~<>9v8Kipb{!xUlrL_ztqrnfAL$rj8~ zt0>u2_!{FtBK)PQkFM_k3H9l^!>nzB$IyJJ=VWb{2G=4*Z1RcmPiZiCZ}mO2nJ%yd zgWO35W65lu1+Iv&7x!9l(R*wB90M9dI<7K<7(Hsq2xMSlJ@e!pvXbh^5siR zSWWtVn5EbkR$pjjNwd-nPzXRv8M@yTFa=C`OUhg0oVJv;mXiy=6;z2y%~PQrDTv+C z8|?_rQ?SfXUjD}4X`HEQf@9Ic49F{@Gm1z<16+GidNQOv+7_;ZS3?7`AN{?gTj@2(pkS=E}K_peI z(=cM_+dhzh&b^xV_);q!}7K$}@mG2cd$q-zncrVS32%nx2`xJAW z3&YD4p7|AORMcwTV;mRrOh)sG>>FlrYqo^I>HJ$ruafTXS(v1~_NaOW%?TFrrb)?j zi{0ek!bhht#bu^N%ep-Gs=}+UBqy+CNHqk7J`W4yD2AEM$lRIWG;%|tT{01g$?<-I zzT%)vKBAeykxE5nA?YM(lPpWB9(<48Xg?(=w*Yt@z{n0hPa8t9>gBWI!zn#AUf?_H z|Lwun(@@ueh;w+nCB_HZW~S5gp^_W{Z=+N+Mdjy(1@PpU1gn;^#q8oDs6x)84Ns3Qi=A$rerxyt8S#3Pwy+RtEjOvPC`cazeL>W$bFP>Q3OK4Eu zBQDC`E27z*e0u4-;6tE(wGmC!AiVoon#9%V8is2LR)WLg6#15K5>6$bm3@a~gUcw$ zDf4`2q*ZR#fqvNtiNxs9jNIl6eU8EP%}j1fI;Aw(0@0Qsy~dc*X7L!gP7P!#y+LYv z8*(yQ?Ue!Heu?@Bi-S*PwD1aBELN#=@SJC3wd*=3qntI-1FmcOKtL_?c2GEy-Vtem z>c=p7g~6+aZS?vJp&BfeaC(+u`g{kVmtSBI$J z#7meR=9s?GV#PCRej?4jTW=iw%iRNdB3@yW@EYZOX^=bd;j6_lSkza=-GOTElg%C9 zv{zHm!weYj_+9mK_eZtN8`-Iz?Ss(#XkTe7R4o+!vQg9e<{XNb^JJ}32u!UXMr~6` zl(XeQ$^H+}%0fjyhLsYV)6ncx(d8UK<|k?SJEgQIj@muTRHaN4KQL2VXG-t3UoNeG zq2ijkc@iouDNP&zhDSupnz2Xtpij%J@EC)r?KAZAEVP8ly`iWqvXoWIwA8wL?I*Pl z*}O&5bSDs-)if}=?4>5BD>o{d3CY>>6CAnnTO|3{`cs_Z_VKB1M3Z+#oBaib<;1Vwf=o_)%GXj65Pd_GE6S8;(YbX;Wa(^=fAO=K%n)wA5TS4ER^1}nPfnd2N` zMvug+`?GUe1P|a0*%%2Y;1m}sq`-;YT7!2@B(l?3nh8G4OHwo@sdAIWNAf=lWnsOIJV>s0;OKZd`Cz#Z| zXcT)jG=|F|b*MU>ZeR-K$T%dRm>do3H1epEP6<=Ykk|V>x3U=WlL~TFFi)A;d6Zs0 z{mV6*3{lRlP|N=uetA)}$u-l&GsJ_wJjPg!=-5i?%!B+GQ$U__?5Mq+{L504sVGx~ zLxw5LY#1aVgVU8{3N}uhPBxxDMJ5j8hK$Wkc2tf~8dg+cpQ_Uo8c_A=wR91M#z*^E zvH-)Uq2x*X4cUm=r}sw7O{MIvECS~67#-N`hg@bzo|oj(?K_^m8JttNM(N4|8`Z{ywdG*&C|A&XL5ElEYf}=Rk z$wvRI>*(O6JC!nM98Yxjp_qho+M5sj$XFifC|<3(rsXZt#Rk`C;xbfe3yiu#&e&(u zObPR0SQAdw!#PMpvuX>SxQ@Eo1gw)o+eAV=O1u)MhV*Vu7T$?F&dWQi=W3$9{7e0~ z?h2(I?WLFx+vL#)Wc84X42hDO_!x@Jdz!|qELu1FZ>)Q9TQg}yYedW){5$8L6HSY2 zgmVqeKg8t}VDO^ji0PulM4G@RB}+TUd)JS@So)Ij)1Fim+*F|zEXnOE3v13s{nEE6*hER9C3YQ-{I7NT z1~FHQTzUB6#mCk)^Uf3XrVrQWQ$zc550Hs?600~|WL=LMrDO z>MvB6Bj1AdPxkhCmFk9>T*FecNyv$#jmzbo0d|lmlp>qSW zj*O}@oVWb53S;sJ9TY_^YM)qh!EB54w}z-TooK4f~hb`qWsRcu^hKC~iJ zN14BdWR~~KCvnUczY0FJ@jMlos(g9!12UX|ZWTvmpjM~=&N1AtaBj&8G?{+XmGV!D z8oR6eMRbaiP4iOM-*(7WE7&f6=thmF%QT<^_Fm$(y&>lm>-G~BH^^>A=Ml&@Elze% z-ziK!#~MOmF*)h5T69sDefg(GYk`z5mbkASd3o6(*AOHQI#f$(+6H&5g%>aV>R9`+ zRZ8WJQ4+$hJ4V~)kf?lkm)hb2+ zi9Y~^#hk0I1CzR>9KD2mQMw-U3np{-Tzt_qektv6q@U0#9 z7@z7>KycHAI`?#X6Me(rs838>)UOU|s9f&5t82Jqe6(ujY{JgJJjt&Fcm|O>t5&$B zJHSyuk0lU4vr2<^2io9yL031he7a+0=LOS+#jMO<658l*w4}yGo2*(py7H)7c`%!c zdtW+MEsF+J@vL5+ON%v_sqMX*lGJuwc&_)u(&Sfz%^o~BAL0M5qFZwyrJqHg?|MZ~ z#>jiM9?>V7+{?~-yFaUNIdF}wCk>W*@SIoYPQ2!?oo>)G{{oGSXnH*7v7?799EtWUEcYLK+u-oAv$46B<0 zN%E_`-tD}tk9j18x%s#eAqS^M=?a$%q9->?t}4$y=E5SEJhXgxS=AxRI#Ltb!Akfc z^5w0B6*X!=K}ehjzyMSyuJv8zVCg0F(!`m>g^8_mj5cFTzv4QrPkpL@T^Xv?xnf$y z_{7Ie2FDAvFAcVRC|R}FQds#x)EWOM;q}DqSWh_UaHEVjkQ|jjVhOb{=~IcOX})+F zeQt2$Qx(J=^?F`Pwn;%|UeJu+iCD!xu`PEDi;=r@gsw|v;XIJIK3&C`4~Hc`;ltm1 z;M<|%E0uFD3r4#fl4%`dx0i6?U+Z}?XJ%GvXr0kgVr3dw^mr{}1+60&Xq~&yb~}i3 zjLE`9VCnj4ey_H0Rky2f2*|vD)cb8Q=fx=v3Wo@I!rHUDxq*i$SV8bUh)bflf#J%kz<6RGcODV^Zo$;P@3`g#Z9eBYyYQ)0besL*OBTHwB0hv)Q-H8C2B_Ws-D8_%Uep1kvH1)^G=D6F?{YCsZs0~ zRrt=C8H<5ZFky>jYB?9boRTc!N__SRUiBDB(VfI1!J~tw^Mq+m7%_;&#O-WR%l?Lh z7R$BfODMuALZ%{GA8{<=4Sb>6yRTI2YpTN?WI4;u&=mb839bW2L@I!l#p@(wv=r#N zNVW3|FWi*6CWlOOt4PhLZ&O-0%QvnkFLMeQ;S?_)jD7UxlwEl#4NP8s%I)VASUIeP zDf#pl?AG}}**T`VTD>{5M&6j5ODgqfP0gIqRFd}7J=uAMR)kp#Ebn+L5+v7LKVq-} zxJCe%YgJ^iihwI<84z~~m=8HTGVnK+0GYH5m6MraA7d&n4xD<4dh)7p-&fZ@s;=H^ z1z+6Ej3B|tij+ur6_xJ3{T6<90F+%bWdH^_VE)P9`p#)V)n}&;?HGZ5q0gdm2?~uo zXZkoim|_X2#wqC(qg9Hv9*l^hH)dPGQcF&Em~B?ctwWgEH`<{(L3x`538&#H4&LJspU9LLSAH%?Vr}f zdr(b6CFVmW>IJ0k+!10_65M7+!8J!iGCY#D9MW}*dwIy~MRb!bNzHZaJIa@<`lQEq z_QYd!iaR&rE<}pLov52$u%s27h48qo@#?Z`8zoKMn| zb6wis){tRnoa}I18Dmn$-EPsf&)|~o+qvyN8$1`_G!3=xn4A`+;E^z^(O$+@Ieh<@ zo6kVizt7O2H!p14-W9Ss>=qm~ryJNl7F%pL>Cv;KzQ5E%KqbDvWhtxES8532wYP$L@ zrC4_nKA(k|?3D?Dh{V=xDyVo(It{gf z)-+!?E=f#`1T>$Ji;#rvG@NlQ1$p9|t1Zhra*z?>A`VVQ(be;l0i}bLlX_#XoE??s zifM=Kx*KEAp)k4GQulYjlDFg8K1)inZTsb(YS_6^KZir)N%?_qMRwh!R*M!98+4^V z=X23q#@^*x93Fum7r5l@ScAUC^FPBe7xT=hEcVK>Y(~dQHv(=ui(#goJD5?81aQ{L zi*TG4zp``qltVC?%txGzpPgZXno-ed8^~)xt)A(PKEw5GfReeOH%Qq@+pEF2VYB?x4P|6MS z3dO;bAD(?LN}Gy)x@xNvus#Q6_nKcUYMqx1B+m`S6w3gy;2{N4TVqjE`1YSM{=&6XJ$RD zA{%#qDK_tU_O@i}BAw*SSz}=PsC7$DF59yy<>iG;tH55bfZXNp@Hs!qLkb#p?68i*GxnUQ83gX+f2$**ybSdJ6yAgKG5Jnva&M+y{aSfx;pppf{+Q4{P zsA^Fx;1E>M+CFHTmyqiT#CdQ;nXJm6|hxbGSN~ z7^JwwC*?WYvB{Qc>7pGP`Im|oQhZwh;WE{Bn(gVmql+Iy?IJSN zvAh;oPjbA&v#H6Mu6MTW(PsUJ#I4Fzz6d%2IfA3-ME8zLAYIIJK9inq`u3k=fd%(( z9-vc2zO|fCEj$XQ|2#NF9UuD)MJRoNe}*9TU46gpNB zL)5h2>tx7zdZabYQqP&Eb2%9IX=LH3AlG^ft+mm1FCAeIf%jpcF{GK36m_Fz4+T+N;JUx_O@hAmrsN z27m8o`5m#t#?-i8s8L2KE5s&(tb|KC=H#}p;4QVq(dn4Btb`(8^ccd6X+yFS6RX@z zf0~cDnauT0R4J~Tgy2BDZUSb%G%=loHy@?p z3k$=ng5VWN7-o_5tV;`S9uzwIcyUchTD_qy;o!>hAnLlaU)wO zEg9CQj5|gf8!r3lBHKD6*HxV9Q4NmHlPWTrauXdhw(9osbN9HrJU5Tdw|sspq{0mq z2e|d34HqWI>0l|l14bki^ZqV|xbIAacfzsebrDC7wZX~ET?+T}+22U63vy4PdI_~C@$a{4~Pn;t4-xQSaKHo z#%g)%sGz`F=q}Z|4WI(hSCtmo?#(5RU91}6^R=sL8?l)Sc48Ax0N0qvmDF6jXNG)L z;Lz&-7>~4unwy(}hh&%h%O7^jB_C!_&9Ew&ek(N28qN-4??x zWeh7tr_Oq1t0W2sKX=FqIP$4${k?PtcpFv^>PBuV<&wKhn^Ux>EtbmWrC+tRJP$r~ zu{~3|8HSBEF7vq`@2Efez5ab-Uf-tOPz)9BQ-iPWixn#J7w-IdeaaoFN}5@H@>4F2 zW8IrmV%u-=U=*SmrWa`mRGyDf^cF6jRJ}2|C-RrzPL+?9F)1Y;B2M>zo$3*G0&Kjv zD-dY{zQ^KMY~h6%`|pN}76SQZ9`Cm7n$6CFNMXO_(nn-~s7P^8;p$R2AHl#&<7g}T zT6%govK+^5Y)pn$g}Xk=cs0nidFpCu<(MxC?mF^IFf zC9=sl7&XeyqTX@!@mME+6fI-F;h-cEGdHIus2jyd*=-yu*0>1S5tY<)iST6^rWToc zsBIk6KtA6078G8wXHagU_I3NHwlE8V3B8O5n1v(R!%sUvb&Hxt0#qu>4)&aj`_Y9P zrF3}51X=!`^-Sz7IYVJdGYtc#?-SiUv+5`#A3Puu!#2HK|ErVhT zcHF1hp$DG=gXvniu|oG=JU2B^#a9O6rKIMtMpk5ly_<+A(_So@;s9STWp->QSxfyX zik$JDcNU-nT6XHc(@F?&+MFrL2O-joA#mdjIGVxD+0qEASYdYT5Wdp6p56oDa2ysN zU9k4jBEdeSqZZhQ%|)~FA8!L(NP3{+-0}$j#~-PB)iR^!*?J#)fM}3mwf?+Gz^GMv zdpObxE31eiQawA;px4|t(J>Bz8Q9fV0tb%jRD&-K$yc2IM_nl9ZE#3N= zz$w~j;zjw!LIiwXMrcdp5U)c1CMa?X}zh6V6cEC_lu2+=H zMXG!VE|-i8m(}VP(`e@Ca?!CoYZB@CnmaU*i+4Pdyr#kMjmdudd{15b&=GwsmIS86 zaDS$IDhhiQdbCAVT&kDKtZm093ko~Qaa&civPMFO(7DiNlC0xxqVD06$pX?dDtO6;0Qn?1&g8<1y_hX z`Sw(c838KQk%Q`^oq}}2@)td8ComXH?*ej|a)IHiUIXdbFz;8nbX5Mkplkw*&8pnTj$r)Jw z>8l@I6U$2iz|-VI8=sRajDN^-N(Gna@x-(NW#&xT-Ja2miP1F4ac*X5h;zzGf|koZG1lGJ_9vo&-H5Gbfzpo)7iXHT4{1YcKYS01X5Z@jHr41 zB9CwuNKOX1U4caC3w@xKkcx!JJ-8ln?zPq477>?TEdG^x8n55Hrx(}QuQRUQs_i2L z$O9EFR!3M6Op+|wtMa-O{)ggNUifLa`z(W^rpFMcUOtSnxWbXNN2fCj%EtUT~oF|yI|)xyPyM#TeIVq}0St`2AX)tWenZ5Na@ z%MIX3RGPFCi9q8-L^BDPw|f6o*F1G}E)kT886kIJzfz*+N5dbRrYXuM%_*0Mw99nP z*?o{(Lg`VXN23sA7e>eja_sgC0z-#Inxn~^AyuJ>#aE=q5wHbK1Fu7QgWWTb;}(ZL zx`_H-iJp_9Yq-BSM4yFE?ps%b=62i^W0Wmcf0ht%mKt<-sDfXsThQz~Y4ZH^6IKG3 zQPwo&t|$n+IE*o6Y!cyu=?Oay97KhK7E+u5kLsX`7Bd#38IvBjiYOJ%J`>ke@f;%4 zdpYH+Gf$~yZ0Qq=<(eCgeN3QnLhB+mDL$QF?ws9jB2wXU3uogtvf`(GCS{naXj$4O z*7;26%j4spQoD)77j)P^gmMrGG>CjzNF8Mzwl`_6eNs@so)Zt3aY|e#sp_{K5Tsvt zYY}2`yurVX({M-K-mq!HPw$s3iXS}xLKmrCzoQ}JW2 zqfVHQP7*z+v%(&?@$l9KZU>hzM72ypyHRM9&S}2By)1z&olgG3}=!1({gn@-szPy+BBABQs0Rt*UN*0smC4AcNvi;uls~`%`_)#7TG-Qy$>)@zQ1|6 zvt$k4Ci^y8I-ZR6itnNr0zNL^-6Kh2qT*=m{fGUWhIMS_IkhtS1vfPbw!@di3970e z!{w5_NRN1kY6=O9%PNW!PB(CGQc*8r$tHWXgBaP?A{8w&?`f{1pDM!=t{=(f@9?V4 z**ve6C2PT4kz58lh`j}ejR16Ht{I_}eZU4;yo6?gl}5%zsUc{DswFU{WXL5p(ECR5 zNqVEEuFG4-x1dD=a13qL-XCCpC8RXXDYD#LTmlIkpY9OpmKPCQJtvW;if_{!;N*`q z>;U9;wDjn3_`uXl*gKg0Z4B`+<3;?6z4FRSLY=%3OK3R}(R#xpCe1#gL^`4s+Oklu zQvby`ZDUs*-$PpGu{s(DR`AP;+z;JHv+xVL8{xDrmj1<#O@xAv?I3d~Jp~$ra-z9F za@M_;xQvs2S?_YTxx8nTn~8_h%?9E>qxMVU6BE3W)m9w`2}vH7hs36qK--+J#sCrZaD*UuPai4aO3eK$Iqvc@?<9Y<#ce5vCEZ;%~4R~gV2xQK@y zS5q4DgRgBjamRY&{^9kSn6H2v9aeX%W#arwl^S##H zdgScIz^Caa3Nlsn?^7*H@1rBX}IcX~EEpwH-rhm@$-%0pSaO~9sicOQtpTpv*t z3%>ErDA|mUy`7x67W;N%e?`*CT6%|gbD>AMNG3m^AukShGw6-NGZ>5ziH#DOmBV-B zsIA-;tTB`7zWd#aHOUI-&O0F&);a2#o*|TToR->71x_4bB$h(D%>!oO#gVtP-~B=i z!ExBx1t3?lx3772;9tpZVF9K6lHJV=eDvb?Bt2IOX)~6D$e;FL%t%?x0U4mcDC;04 z7g)i}zSpNspbP2|A1bUfC?V94=~D>{v5@U zPM280=74{Zr1VkG^!5&IN<`=b#4y3r60Z&G>e znbA9N|LEO)^=#sIbn}+_8B%UxhU7SkAn;Y8Y&K$ezi z2cVxc!}+}AcvH?LET0ReI)eDeZ&;kLYNytqvZG zHu{L5QhuW{?_ZoAoER_+^dfdpG<_`Kd!LQqb#Ay=pjPZ$lW}g_$fY+Z9;Iy5{`jfp zB;HW3l4`kHI#$`r*)`L^CK+gmdt`RhdO|BOnm)?05U;Jjqm~mbSrDU}Xa^|!$*W-T znD5n2))Ls)`_(}E1*<~Mf}DYq7;<7BF>iZ%eqA#_@Q7{PsF%<)Q%NkemnYLquRe8A zQIWFgonEvOoL}>HNdm1ZE1{S&QZ$oO0fu`zq@=`qmp-Kz-tFTolo&e4L_?oUJwF@h zRoaJSoJ)r$$IhElWf@n%8}}%+Z9&x?$V4E^QZapmQ^JJ-zDda!L%JwZJag)i0fisc37MFCErXHPqF zp@zfqbJwq2-S&q}u(tB?qr4K`vh0y&8BP=FOgcT!b{m6GPTJ2n$*9q)!r+o|9vrOe zpph1|SU3KQ1)cFAIgyqMQo4qSRUh6YTsSi8zP*eqnV6EKWyol_wC~mPT?W5BEdtJJ;b{^Z5K{2 z%O*Ht_dkidM=j{Yx*RywR-1-%KFz*kTj}kX@?)3lB#4+ppy$_7W*VWLz|2Wq-2ZU| zLwA4t>}IL)y6T|JJNUGLsp0K!;?P}3cO*G!UfYhlV^p_m6hcHk|3o^}Jh`OynXfAx zVh5l(7xW4j+g+0iw=-A!G>Y>9bD> zghxL>x3!*^68y2E5YHgUVK|f~I=7>C{h0|{(gE{t$73`%doe_7V$CZ8R7@%f!Xqg3 zZf-*(k-3ckkR%I>9jz;=?Ts_Wrrb24X6@EP7vYEIUR|>dwAx|5g*`5rtaN<7Ff9Ty>9P%F|A$${N%vJB4=Rit}EtS%a)M z%fKTY=bvge{Zrd&ZuAT7zf`oIYMh;X$^*cYJ+rg1f*#$Xy%wKEsKW%Ls=1NB9MZPNC=~0wk{t3=Z-ocq0xu}m zK0Uw^z{*CD!ErjL$}(e0*>dc*627>24Aho!4Vyl7K`s=^bx+}b2n)0dQ^&bKQ)pWO zR{KOE`FSsWq+Rsi+V2`#;aC<(+rQSx zhO?gypcUVJEAqrQ!`(_Mz;eqoFKCv0NJrOe919(({?b`sIE^>32rS4Kxa3l|kfV6ajNOyONgtWw=4hN7rbaQC9TOS{N z-kJN(yfb(1UozwQ)&8x$_gd@wS?i|*RkCN0(lN!^tH`+Bm`j$J{` zV1-n87gD|WT%*n!@&HVBP?J-X5JZ;1yLMC%%5PI=YQ>{b6%u166rpz4)ue+BL2z)|~pozG+e3 z@AXa;)*p3>_hZyb1jyq8b9Mz}Wr>#*zA9s$o>3h!{EGphpau25qYmhCM<0RFUQ zti*geO6)M*HT6iw%bioQ9F=tjXKqj<)R50#?C+o zfy_2<&mQaaUowpdoeUz%)~g%*?5zB0)D1~_{vy3PY;x&;&efv#xP_XU26GN^-BB{2 zsLiOQ6ZfD0*^a$lqHFt%V%qn~!(fJJvFzb_!(UklG_?QA6H>IiVg-Zp`;O7YDE^Ge z|9wP%A578mchtdP{TYV;-p2ntDO506?7s19w)jW3e-52(#M9r^Wy24b_&jRXw}g8{ z{AY0A;9!lLahP*VzHc)cAg*qGY?$Ft+hz2w_0hjK?R_ZaEvYO+GHBk77pFdnSoxP3qeRA&$(G>{YU#-aGer#V1 zW(rE6yqImz<42>hxVMUh^Gl~*tZTGlKE=9}_p@r27u?R5HanZm#A6sssS4}~>=`5Eb*Kew6&qXR?hvQ>Y|_3yEd+pZLjjF67##3m!g?PnQ_Hn}~{bE>87aDG>o&7R-a zFVpi?TqJ+!@a4;KgU{ZCbm*q;v}k)nM6-TFl#cVtD(BYoW|^rbWJ`?BX;#0MfaPFd zHm_@iFpq%4Y6Ep5WJ9C$^;$tY;D;7UR?e^ZbiEm~nr^aNtjpJ(t}s1nGcQ0pJ()?a zcT$nlMYo>0bDf0Uc{D|&)09cw#&MP|UzfPBV9W+l+3t2ZRGFwaM3!I&-?qFXQ$&P! ze{FWotE(%dRFCYk@a*`?zYE5jYRovMb~6rR;lA28?XZ=+?DBeoc3^?uK77NQIbl#z zZr>Ltq@?ZVv0HzyOw;4G>ood#(Wg_cYk*Zbzmk$xwt0D3v3C)+5-Q}n*`9PRV#^&PiN`0Ym{C%mC=`~D0fZa!R4kRI0=B1tGWF*PCUMEDJ za!v|cUksrHPp{k8kzgoMUCOS9<3EVF4?9`+GKYhbZ_q9VB5?%euC;RZ+L(DRPrH3 zM7$7D7m1ROuYNOshnVZOYRCml<$Eu+MWq-`WTMPc^#M1=pP5IBr+-Z?OcA}Rc@CEZ zKlj2C^XQ$=UXCPt1re#%yw(M}V{B1>7bAsza=8;;Kq(k3-VKG08p6HZn}LW%o8Tl4 z9Yaa50Pl~lIG%<)9IKuASn|z`iyXpAj;nvlSR^i=%(H7315ol&<(U4D(i{rffgfI_KW{B=Wvgp8|Bkvo| zUZfB5fOj2<1fh1s*}KmNs-yW_8qrVWO&AjRY`gkBuh9#}($di}WF=n_li#i zA=fK0C{#?#Aj#^}b67s2SJVp>kCz{>_wAI4citc2z5e9yHsWQEQ!=a~&&9&S1FY!` z4@0IszHjN9d#RymFDaK-_db^NA$cifZJ$@Sz|`{Kd~bXH=p~zT|F?kQF>AO+?_y#f z^#gkIFcT(izU5fSM*mP=`wQI6q*}9M#7DcyyMa_eV^%c_>tYi$nHlo&^>4OWBmF{B z`CLw>t_5^O>0j(tqC)%c{wdl5Wv7f7B&gWyPl(0RCG%n7Gg4G+kzGb~N`#XGi#x|2 zkE~;hI@)Y*V!mL}dv>F{XsFFb>3+9S4&fvk7kbqY;05{CTszqfJPkQh<-<+@7XuL9g11ZLOl1KM!l3 z7;!*NeW5pTF%b3PP{bS2=xM=We*Og_eAUmd`Jk7*EM=cmC}vNzR?t86yqw%BQ_+)~ zs&`D7Vqo{1<#y~Y9VH_L9TgK>0*k@^)t}dFai?y{6e%k<+9wD(e@xM0OCX=Bb)W?~ z`Rvd)yZx;?#T6{iUz%l3O0=V|bjqETldso*NlV)DvKp_Fexux5oO$oMZy0+yhvtT! z+HEquXQF1#b%#f$IeO3RvO!0*97K-Jz=dM`t!Cw4k2o#z%SqTOKvPn)shs|LTs8DA zdM#LNzL;98%0=n$?N@RWqYF{kr_V@cErjE@Zw2ewTZ{7YnTp1c(I%<$CE-!a(HhU{ zX%X?B1&1@mUt1Y)5$bQa88+O_r5#|14qT*xOwXVj8;)pP6afIVC zkFhgsn7{Z_$$Gt1boT^e_)w1Gl#NPYcRPTcA2msnEqJz}>VABrNP0CSUR_=LtOL`x zeF_*jrxiSNW8geASqKVS>%ij<8$WtqW}cI$e3CYwZ55X6WLKLIm$d69bV%ODUsp%Y zXP>YN1vk3kO|goe{+7_OpOtB{a_d#&XfoeEkr`z3vC{i|cMru~TV;NZ$0w5^iS63D zHypX0QNE1*a4Xcz{!O~XC41GF^u*3D^VxSMlO5{ZLYVd!$&^m7UFEN-VT_h?BP79h zJzMuZ7vESX)rnLb^4bW)DjF+N>f97IfJ{#Ru#t$Hu(}Y89bILH^CrpXT%k1F)Y=ew zmONp&P4{~x!hHDl$P}~YQ;FG9>mr^7_mYQh=-1=8ug6wH>saD)DH~7C7EJN-fw*GI zsi_& z4WGifvA54bWbJ-u*5lx7%iw)-W1~`jPEBSF?XOijyh*G)OEPG4bZz# z&$mCdxjpH$LsXH?$e(yz%5+hX)RnQ9U_IIEeGC+W|Yxh;H_XEI!s&#krN`}xw< z8FBk|Vxy6$lNE`z?bK_XeAoJvf5WM}`j~U6cl8@}<-K-wD&34|%JB<%Jb&z7q|<6T zt*8_#@OAgeRd{>ni!(p zP!TGN7F;>n#Vf$QLXno1Pc}lo)pS)9!pvvrS|rU^1h0jiHMyPNC|`0+6@C*yMPdG)F1 zU>O$U7!6hCnb_B1a#Ll?p*q)CUEnIt#8Gey&vc-^jhmNCdTT+p>TTdG79b$^tWF85 z^b->sd-V0PY6$H165_0Ub-j9}RSxGSBazchURFdi{E+4x?R>XLt{~My+NVu+?GqiS z?SU)e1>+?uxr%rX@V2Jh?RrNvLMEN9;pvxt8>6RTqU3CUc$uwVjhcRhJ$ylBZ~HI=5dlFLNL z^w~uv4<04wH1C3-`_kn|0NE6N$+{9%xj9N(*!$rrsYfKZ@{W0B{jw^^UA?*}_;UIL`|V4(gcsUUp0wLip-*^2hR&U}A+R5&@cU zp`P-R8Xn|v+ma&sw0oTEEk%>j$mfPM5$|z`g%{1IgSrNkL+T3oV)7^K&a0AXhRd;F zNJvNY&6lWFcgT**+Y?;gABzV-oe^u&~MZbK`Z&Bq!_buQPXBOrB+OCRUL? zv3S?jtNdn0pDjhHNmPO!Ds-+K)SF(q-y!T<+_^*^KSob!bTXbt>Ev^p zBg(XF6^)yoQABr*t8QbphDT;WwKucPZ^mG!;0z4OJEz^3}`>uJ`6 z)k!h|ygLN`JAC~$?e6KP57wN{mTLCFoj17`E_~jX*(NtFziLuVx6L1A#M2*|q#>=V zTpsFSr6{rLUKnvI%fe|cF5CKM?=sLU+T&F)Qvmn=F^3d8$1Xr~Y|8iO>Wc0}Mpnk; z50(sU>w$PHO4em?;$VJP_*}s3W$x=T^@;UjFf+Xs=CK|tsaiB8MYd0ONy zuw}I@0dh7%o7A9vc?wW%YZti_-RKNMKyF%q~aLN%`uLc zYgZ~r*OwD?(+saVQPRlet7osQw=?2lQ~!2ELF%Vr4WnRqWvN(QDP59yNTIuSU90-a zJEF?96W2_F{Aae66JwubvqL?v+8?vtR^G*W*X4-srM#Ifnm?+vAw#qGO>&qKW?g4? z;8v)5NQ`mTg#(j=>rGpfS1TrG8O;_mk!OyYaoJSos#i;nd5Mf^ZA{jVxpb1zxNHb> z7!2*7So2kG3>JUrF~+JOaN{Yj=+JbPWkL+3BTkNk?8dpKEfY{{`raf&l4oLms}xcUs$Gv7+ZhVw;=Y5OOk zYK>k9{EgURxQxwZfvUSTl1W3QTBWn-++Pe4#EhrUXS`Om;YNLJ?cATZ;x+y`1A__v zgu`LoPM^H<q418bY zD(CuzCcdzE$(J{1<|X0{Etm-|C|0Pq0rSgxuvSfRReB9aI+KmfVmH&zx?Z_pI72(+ zs#R3+#7DN`$sCpBCDPrSLF(vP93gNBzuW56){s}DSK`4%_d$YeO5-*++2tu5!(($O zniX0AYj7M$C8{{Oa7EDN+J4U}AKS~!7$Or&Xws*TKO0lA7&D(pL(VFw*5gPR zmCfMK9%V#rUJ)NLhrJE_lmlx>Hog^qOxeCp9gGGRzJr6wO@0IMOpdh?pSm2YLI#+% zW|~~&QnDMSuV3uFS%yTHO;>7v!)#U#^O-{6W3TfWAzAo`ekeySpV}8^XxBT7hh$mP z$u~WVJ6@1n+w{!U&a;RN6&|x1MSV-`$NFpKXO6(i!xL3(hfbUmv9W{9_8e!*fOSt- zW_zv4C7;~Em)1)dXNvh?%AzTUA!CrGYB@r5dxhi1c%3yrteL(AY(cr&)hlfpdmz?T zD>qMkG*3f-=O{h=k&=0)WYJ$U^Aj_~=(I_&~c$!&>t#5%xLUixIV~B^cg*>+S1@3A0*I+BFuvhNzLz3+U^E-`B zpezl2a|$A1X0*>}%&ga(X_2nF;kHk3T~yw2&p#}c%WVH;-fD}&eJ?Ve-H1rWzvJ2< zf*})Mh$u@pDX%&g3-&ZN*sCPwUaML?S`4d{!a5r9?UChs66tT5^j>uiPzcGdIeiRKHv_E z8q{KZ_mt>%Yr3IVdFMm)iw4CI!ke+u8D(X*eR@q*EMK3ae2sXXOu2sBp zW4;YnS#|V_G?(-k9rtL`$-ZwMFUaKLZVc4>6;*$K7rY7iEZs$ixN1dP z)myT0)M`RE+qe^4E|teLHCFE%!F7p5Fxj@PE8VD+Gq2>`dwN)Z=b>t${hAkLht6J8 zbaZlZQjFJNmvjDsE<;fP8k|hHi|oZlLbcUxbM{4i*DaxXC5i`qnhkUQAS!fP?q?wv zg)uU*G#$>OyT)E3^dowN8CnQ6i2Kl$uy!j$I0&3Qp`5?&mx7o zK%1I4@WjPca)xVE_fWtJvxdd9DR>?`d}oc!AQccDe6RLX-#;8tfY zv#-Z~Savrq7j&I&@*F_tOsq_ga@KOmNMal{e=($G23q3So8W8Q1yP}u6;3SKE){<^ zaI~mw_f<_$<)(Ksh1~=^S~9^P_%zebba1xrNoRmOYBB7yApB!7G*1vRL4;zi)GRmmmu*x{&bgK& z1!C9Su{^^|EzZa9wzGp(gcEH59y_K-Mxn61Et zSGcgc2V!4PI4KKOu}CBn73Bu|Su8h={#J6)SRJKOKK@3o>bm*o7uD;NN~+#HV-_41 z-N7Ky`Kq=z*LLFV>S%_@As%s6UQdA|O?20&md5Z8PG&U;9ckhf?F!%;Ii(fPbhWCi z<#L0x1zmL4w)D^Ma-jXx?amMwy>s&r5Nf*`HBhCd)AZHcfAC_r%5&f?J}ETR({+{A zH65XG3LK#Wa^BDe$oIH_M3;51`M!#%uBpuYYoYPukT&(Q%6s>-Qz3Q+*@H`q1WdY( zX)1?8u}ONG3@b602;g0kae1u{DzSDrP_s?EHKdjFIlV8(KEmU^x((G-Zm> zMex0z$^jVi_Wo>PjM*a8?w25WFbnW{9@c@YXnb@u*&Ed+Rw7TcYh6X|<%!mK#U?9WfjphSoKgRN3gL=fa|#X9s4(}hqwLO|B9l} zMzqMeJPyC%@b1a_<0Q^0&=;!5dfv0{ZI6cT8E8Y%p~V*8{mOtXPuY(5j~Kjdi?1I! zZO5i~yrDX6n)pU%{Uu{jkCo3Nv8|MQDtQ8U?!J!UroSKE8?40jnTG<)a%O6hP6tM7zWh!~a0FP0{Z-)18| zKTL(w*XBy*aonnd)(^nopH%e2_9gd$? zy~mfVk@el}+RK-n*-By0UjDu73be#q9gmQrphp3|tAtc=hg#_4YeIx+M`p(MaLU#; z59@&A!jSaUeUotIMZCNA{V=49M8#OL9YJc#+2impEpd6e1GjD_2KUC?rXD65$9j2I~!}<>WNF~{RlL; zAKgPWSJ#g*NrQsV5Bj)tZxeetq2Len^9-yMJGvNkF-ju}pW@M~tv;mXj{ZOunBgza zmWsdXWHS1;lJCBx^6LClP1LO>2^%BjQ7R=f*B69@Tf-i@yXjV$Qu3$NY@DQtXHODY zmA~O7j6A*kTNjA1&@=0EQ;eh{jwTOYTg&;kPUPjG* zuS>CK3w@vBdQz%~*>;z644SAY9-}%C609_fg1Gu@udm4q7xVuhYx?puU?mFK*YaVn zNXRR#6w*3JB5+P=p!7gWXX35#Uuy;VN}v9cZY@poYsCnK*Jb0ulCoshU43&d=j4$flh((IUpICA zgS3~`lb8>gdA&)Gn_d+S6APSw74Q(@(7d8YC%Cb&=)(AfKaBA~K9yo+(0~rx>y&3= zy0Vw~l~>hL>yg?GjyI2_GB=-FED@S+HM~IQA0+z2r=0m?s^@dIEt;*Z-}3;ynR;X& ze|);8AN|ojCaza(K1*vCbUA8*_d0uiVoQ{@=!5S+Zftt_TrnZyhZo~QM!G4m;pF}( zJ*vmzA+m1!JoOaJl!vQ*`f91q(!*;#tJ}0A^qAZdKz|SJxz#?30A)(t9(kSGn4OA` zL^9?M*hkqUjSCE<$IQMH%8%8|ir*Y#iFK6U7}1>9P_vc7`46+=h|$Zp%>s3GWz+@D zb1qCpPkk1PZsZxJ?GDDijCR?U^j;~n46s;wDq*YQ9gTmDD?uv5!TN<}48l09qO+E8 zLKL;hZR_8LDNg;d=EQe8EL5I5QJSqhh@^NXEp~@KUd33}Ny?|8kn&8urO8)*={rm8jaL8mL;ZhsdiIBZgYH*Ccj z1wc36loaftlWixMol5uQ6OucX^7e@epEj$%>1gK{V(u~Hs6D~FDk}Jqz9LG7Nk!V& zqDf+NPJ}E`;&x;gr<%Yyi{4%&z0>;jZAWw(dDYsf>$d{sK2=5XDt){aiRRx%6@$G^ zh+O-te$F;Cwyg6!VSm6hMi6jt{8;C$1nb8Yb9u>tr#zANvtitJmJ{2Qsb(@)(@!p$ zMNO2t(hJV+-x*`kZggFlEWBwW^mJzhJ5x8CwTl(E_Vj9M_BmN~vGyVK?7asp>FmjA zLC@`L^39ePuba}Iei^)xQU9W}b)^m}_trZZRWSI_@#gWu0BW}@Bs7q%TWDtasJ=W`o9uee+}S&L)!j(8{TLl|MPlBT3G5B=)W{( zG_*5ki~?oi2MjNj1H~gP*12P2pef{!d1u+w&UeEH0 zvwknLO3mb;dgN*!TnQxH;OWD@qU{Td1ZPSrLn{Zb6$ZoDQ)k5)eht!3tr%L3*0ZoH z%MU3=lo=wMd@?^Dm954k@j&bs{j7;0;~xdfI<%Cvr`(t0Tm(}r=Er+a*Y|Wol~mpZliLC%g#%7l=iT(ca-pcUFxTF47yGQ)l89F zaGxw?*MU%|$Kvo}?EVz=6VH&Voddf1u+p43c%AzU$cP@IJRw->G-@*O z^&j?}u?~s3Cj^nCNk7vkN3oJnAGAHJR*+<9@1TuBtau@ik=QVh2v&Wi{601BA3OLN z{1jsJF7EwIsaMPofKZZ@-8n`(&4c<2klvsc-#?4S>VoLA*{(faMLe<#2sPVJD3yw# z5L?lh?gv0iTJlgDoUcX8=S`SMug8ut zm7_Dp;^{9J$D7K;O+mL{>>m{p$B}LwcJZ}C)_l6Q6U*Neqk#KiS?ZFBv2Z4)RX1Qq zzJD_dh;jwU#_<%Y*&eQ!KTH_XQFD~hsnM%bY*NlEz_1j!1`{WY&lG(a+~IDIQ>5E$ ze;zaQHMl@6j}}*&4*r-Wwh9k>al`wWDMbFQ#J*);8bhtSYvj)E5k`6!hv5&l{xMd} zIES9@{;s|rQ(6a0j)d`}w$Atg?8ZxqFF*tT%H~WNp{UsCVWZRRd^*^3D*Y%K)p-96 zY#6>}^J)drZV+HJH0666?owGQm=JNXt!pI^+i7|l8Q9a+H`aLOe*C#}wQ(JVLq`%$-pY}9vHUXyf6m^sPRtsco=`9{f?KouARkx- z0$>yZ4%r;FM3|qZTwy0*u?2|5%JnDon;%Off2Md)$(q>0pFx^zec2^Mkbz3TqOEPky6(^#Q7E67dg@I4 z#Oi>CvFytbHm2WuwWHiBpFNe`(VyaWe)Z-w_p$6DgC&P1+>jRJKqWLP*C*?xFVkpQ zwKYo|5dJgg>I^N)HXt#T&8pr}HD_+43-TLkR^th3>Jp1w8%K`5d?7l;I;QuP0`}Aj zHpboWMvvFIrvj0ruzHd@vPVjK#G=w2hjeQM@&wkbQZ2OMh62Iwn`aVcFC1341BMfv zmgNRfNU!9RTNZ=0vE}^3MiFNw$?h^Bty_{4*Y{rLXt}Gr(f=v8vJ#E*tAQ`+fG&`d z4)4MnCSckCtfK9+*>`xB^decsb%z_m77cJt+cUF&R-&JQ-x1DryAAveXgn7`4eEKH ziM4-7YWHH}_P}j;q40T{rj^HB*+HTur>z=83zn}a-~uS9Q4RJ%vaYk^lKljWS-m;} zcD*lm2X3$QScJ$v5WMMKJ^+V9;SD9ZiIYT9fhj@)4P6MCyK?*aZ|g!e!=E^-DYL)fpPv3TSP!_lC|hkq*cW9rjM9Ra&-n^ zU;uaZP{2j;<-VYsG>e){N_~#z{AhZ1FBPevH8gkYTd4|BmAb8QUntoy5HU#$)$8q( zV@OSy)a$lN5W5FjZnp`O!w(j^hLcE7tt8DrTI6|1rJ$DsSS%08slF@plj$y6aE%g2eS*6J@#uF7iaHLvtEMJJ}tn6`}rJfaIP zusxr9#B8$Tq85z+9}lu29JRlD(g(Mi6QS+*I8Y*G6YHkpZuY*Vnmrs1`gmEuD!K6n zGiSa7VviwODjh}?BGzr%?pH|ebvb{wXj$ulzA?CV`$iZ2hT9#p(cDgzVpGFJAn`Tj zsupXet5UtqUBQ7_RI284Hlo(4-@f7iD=<)Zv})}W#nLl-D>V_mj4TJ5kdu>azDx{{ zi?aKKTRC0q6RJkW!W$qtTiH>V^D1mjhyl;II4f^Z3(3M8VT(h=9?trptW&7>o7G5@ z7MMQio1KF_K(=A7N1YUDHr~9`ul)Ioeg=wx3GynE806BLC_5A`d1|yXvj*#}k`V%p zU7zXU9zE7A@{YT8C~`3@9VaK4Mph80D&m744+p|P^6KO3cy5;HuFk%=Q;|ZkE8_BR zlEO2&pJZeSTTJJQ2eAn12sCUD6aE_fvptXmC+fXAPy985J8$GFulAjte$br`ZzVN5 zj1`%WO4$#f*#Kv>0>V z`Y~^ODBRt<&h4GZu=ZEJnjt`tX^8mI+s+6?urkA~x1SAIehdwbXUjJ! zcR{l9D`M>G_H#%3$;Y8OvazM9hP)^V(Ov4?3fC{xFvr0x5=ExyoZNZ6m2Bdg6fdeN zmkHot7Q9&igjDfc>aCtT_`VCY0X!GTpB=6I)7k9eH9Ac*^WByCy^3OS?NF}FXN(bR zDi0OK8i+BpvqevVL0dT20n(bdVpC>GRliomd7@4>_3Rb%5F7QI)rNMkU0ztDFL@}~ zTCPwdZ*4&31 z!w!49&~!Y22?CQ#S2YsoVnLX5#4j;xiAY@%V@xd}n?fdC8okzBCZ?8Ko(?Z5TaV;{ zDtRJ1-YqNbY z3lJ?L$g+^d(5=QVuTa4<310;oSB_TpGBM5od^BCHD_|dp`DU&F3s4h+E=vMle809b zZ>XX-eWtQ`+z*;#3-+z_gQ>Ee9k)&YwOWw-I2(rTa}u-ozky(?(?ptA)*-1>1p3mdbSWR~6$>W>CRo#*wz_3pjEodtrm^CmwP4eASHx0L^w)#TFi z7m5?-fbRl6))o4>o9GvLt?%Raj$aJgRy?NTXi!9CIgK#NKh&(S5JdKn1C!KpUX$&+ zb^Q*bdz5N+I)@5T#X~{k(TK{#arHWv;WaK(k)GvHutSvtf*e z!|zX5lXlpb;)7XJq?sNBnX+nh9e)aO#K=UVO6SH#5BK6E^ zL3fttiCpfBG;6D;Y{BU1E263(_dp>oC}~;v>pi#6 z!?IblO(M_b&~--H&pRv*D>~1!P3`bX+d+*BXHiKvB=g*pl%< z;O#cI=DpM??NYf&G9Pgon(Ua(5#n3y1k6YeogdX$HGm+2ynCV7Wp~!=Dm-G**6-p) z=`Wu`jh?~>DV3ptrlTE_UPuSAG-?YLUHYNvIXPvX?2`y|n|Zt*6xFtwxn~GqrM(7Y zQl{So-kWSJkZY8I#3+Mii59dC(RsV_YNr~H1*9E$RVP57?&Igr7w(6=H2=tOOI_>c zPU!U~@)RXJuU(K{A^-%M0_^i7GdxoLLKLH5&@A4*f1r7$!V$6}_x9C@=}}xAGk=*+ zD$pl`0&DyD&b5nGI>A(k-VAPlG>a6!O;yRepv8Q1N(Rph(Yj5@AK&A-VqYJFR~Wa_ zJ!X6Csh9q|F^2Sf^J;99B^P^oXT>9Y>2D6iRU3+^w_?RNx95WkMiD0;J5R1PeQP_7 znSsDoD*+nnr7iGVO=}niu?gWzHj(PcR?z(pWTWyMjHLyQr3H*{3T9LYBJ**Rbc5AZEDuh-O(a2`Cw_U6D%Q zE7iKWiFZsj|5%ex(WuoOcHksByMf;SCITR_Ijs333Dq95&+L`~w)i@HkborVkc_v# z{|0gw^S((R(&I#@`QH3gV*`L{Y)%jpHHHwY7mpnY^Eq#-6<(&PQcB%7FxQ;?+F5+_ zN$HpFIs*ia&I!&=&E|dFdy8{FL_OO9l?x!W0`uQJf?MhtTQm!Q$Yhk|aW;dmj0Bb& zwc>Rto32=KuNcTrIIx;0e#PjYo8!lU5g0@nvPhEQtp&TygIGI;{vac?Sb5Tj<#^4w zw~e4{9(NdI5CaH@ubki}H!a{u6@)XSMs|9BjA9A5>bN@!U7SRc=Q%Xx?*BMcxf+`C%B7YG)R{zW4ETuQ z+q+&4FLXr;7c2V+Bwbtr@DbE>0HF2;sTTmA;xoyG&w+BzcR<)%HTPpac$bqnDqr{V zM7DX1y@42)%V}x^r{^4;SolJ{`51|p@5qyiLn0Wy5GnidV-la$*@(Q?QNYRSFgA>b z9J=S4xtbQPuwGBqE6b0fhz5Y%?K{YFXD!H+tDCdE$Lsa@I&Ok}UB;0C)I+eu0xyg4 z2KAnF0F@k-#CY0$M*=^M57kp8m7?OO7^W(Q$1>jlr zB94#Fp*3_DUc|+ILqtV?hu6WKvwdx!Nz1p81Q`1%yUK-s?7e-M!7k zJl}F@OFy(CtKBrxg>XN7UN7h`H%=zJ_U6Ftsh-J`XgU?>4-2h@adG*H>h+<$wpvCu zU){{7<`pIZGU+2{=m9W7Da^-^IA@<>$$cj9Z?aKr`vEvwp0OxO?m2+e6HffJklReioIU z=r40I*Z zAGQkcsVfo#7`4gpxG+TgeYOwlS+v z)q4?GiMWAIb8kbmhEAJWNks)B|J8WKLaeL zwiv4+NN$t1Uk6q5xGoQ`YrRqw}a*)GTLP`2)jIW{bj*eOCeEh`-SriMw_u*rcnp;`H1q)uDv@D zkMqcaZlR^P6Gv5`Y!1kD zeB=`;^?^Q*cH2|R$_Kj%i-xi>l2!NcG2d+0bTRWEcK6d~#e#B0FQv+URO7Wwhx6g7 zIeN!f4y)l>=R=_oxHF>a^pjZ6t;J1Vr!w=-&HEqBsEiucNq4=fv_ zWkFy7&4F!aUuEv-izCNBZ!uzc^qTC6i6U@ai7GcVn@qlf;O^A@k+?i;0J_wKsUe%XY+kWaYnlAB#fE0neo|9W#eEk;- z2#DhZY^T#i3UEl~Juc3_+be+r#n9x^;^~Tm?Hj|`L82)_7ocp0NXWhe@qHOo%0Ty& zHbAcCsiO5(+YgTtkMmJb=wXvm-I`ARQFKetBO>E)yX)q$XzP{Eet?U(Oa<3ML|TW) zj29LN!s2+&>sJp#lPYk60tq=x=77_Js3Db@Y?!u?FI?Kta$2c0n0LvO(M_|PE~^C5 z!QPG`{;4GEtvRzg1F@$*f@5L`OlRf(L=8_=`=wTeg+8LVxtFH;#yjE7fAlu)Daa?WO zxrE|8xv_l|zXx!z&!Dd1K-1Y`DD8BjhlQb1H=F&Ch^HeHjy(UM!ac`DC5@g5P6qe>Fr)u)9~Mysr+_+#rfihb~?e)tq|Y12{={KXcQ4 z5{*(5ACQB!g*OWG3I;VwLoUOIqmIVor8PYz+Zr()MgWUa-iUvfNU7GV8~_WF3q)?N zs0eA8AM>cz2EH_>R-rY>UXgH-o+wQy%^v&lQwHjriI}?g!UEwu)KzP)DF1}8R z$YNF3t#_?wCrD18j{t@STS9uRRZp}DNIYeSFeUz}6h#Bev%peWO#){*N~O6RG$7Lr zw4r_fb)#MW_=NOg_keqm_VEM9VyS*{#%x|mGDqjD2>88Oz_f5#!4F!a^Y>H>PMh2s ziM^gz=us#-k@I|hp4bnH=~4u2Z=4HTwK~<82k&nR8Fe1-CrZnWNip4&m5r+`@i;hH z2}@Idn#4iFvpxgJ3)caqa*XqX`ck=RbHE=GhoaL$(;k5&pIO*W}1k(+`35|)`3s8CG3`v=THCr zpS=rh8|V7A6G0aSj=4t)S5S7(Y}11<&`8g~Getsp|J}Ezs+C6x`_D=o&SfY1`LWZc zJ`Fyc4n)Ht6|Qv6PBAJWl;7n)Bpk}!nyu&rpHy<4jSE=FfxM&K3wmFR<$;~1-qo*5 zgI-l7Xu}Z?z_cxH2am5+$t&Ze?qRP^A_4Hxsr|klg1CP=ZT~_Zs#HV}^u!oJM{Q9kWR~>mQt0QVV zcQ8YC=H7gn1NMcFPopKv4@?5BhO%?#W>DHXRVSb1;NKBfrXg-R`!%1y;)$E)N@X7qjrT0<6 zpa7#{i&y_g_ibd{jq#2H)%qTo)f4BMhPs8rdm_WEl|>#Rv!g@Q>29eTeXKgcHk zo26Df9Cn8s6|g(?sMvzqW|YyCA1`2arih58I@&4a$|^4xT@eQq>C|WG;=cMg zc<{|YQOoKHr**+NCpTbeW44G)BO;xEkU~;e=e!^JjgtOXFGd?*pQfN1uOga=<*e^r z$E&vv14+(chG*@v@zqfbck%JKjn;os<4!BwRwE1X7teptL=qnUs~ENjQ?x{h6>$XD zG7&n-RjkBVtyxdR#2Uh_Czjy5RpRgEO7nCe3;DL+zWG;9R_BUk=09$3Vh*=VS;CJD zA0ktH6=9U<0Ei>BL zB8E&FjL0S{&pipZ&n}wjAcDn}H^x=c90@)%+B`hBfKfPcG*FYIX~`8Y9h%yxovzT6 zuiHBxdeI|w<6jZeTbQyXN->+$jV8BhI>r_iZR^U+g@`CV2p2WBbk_8dIuCP=k}~v4 z=nM*#W|<9iy2{>$`{y~KGTsxp4b(J-k^w8+tycOSUW=DW;$6{hh3#n^b-0s$>VI88 zoSXm0b|imP;Quzs`2VFFNsBOD3wGu6q8Ahw$FFiiTB~VW_!@O{6&a(hx1Ev@Ro1;K zkou-ZL-6?SmSYA!{T{WZhdD?QZsTMAhsJxEHP~<)J*GRlG&c<6^W0hM)}y;y_Ea4+ zdM@-4?3717nUBEPh?3gBq!wPcE@vI36*c3C-+=)ZujNwO`!-qw@xu_YO3n1)MlAGD z`GM;nf*XnPkiiy?`M)?_W9o7z+E;5oO(;goS+Qi0j|Cc@eyxK3h{a+5?m)7s$`4as5 z8vyvpE&lxbcUzlZMc3B>P4Ew0@KXc_QW(a+-EIE-_ICppz!CiO+n+xJkN1n0{PpAC z=l^x#e@^<(EcQZC<3_p?=!ZL-vjMY&QABJ`dZ;$Z1$kpkCqRIV&0OTsS{{o<9D|z z(T1-nWPHCW^x!!Arl%6t4Oh1GK?(jr*ssU;zKlU54#~#?(Xg~xciy+`RY68@PndirgqI{*6ww8ue+~Silcci zq7Y5y$o$l6Xpa6~u!8XUxddOU`Z(_U!}K631DNMKb>?5-ypFxw=lVtpV!#oWqw**j9W3 z3Y4(T>Msqw-PkZTNJQCPh7)g?R#mP)++SEzT@_pWf%9Q41k?2r8{ zCJt`HM{9bVc4%n%ruhmU*+oxQKAwE_Bymydai)cwv*~uj9I=U>>Was8Gz`UYxFKLG zDViuzHv3J4k8{uay)kh~BlS%8Bab()xxe0a{l^Qp`{GL5UKm#=$uHx0J8Oy-XiPDY z@_EfF6VgYXd!1YwQNiTG>Gyk=f*TB)iAI$+3c8IHy?(!Ud;y~_Q`0ns3GG0XZSZJz zXDHL_WU;{8rVa1<1eFkdU_uhZGNnJDfkuxFy;DB{ka@Fjy&Tg|z)umnMb^o1q zADvMbISFpQZRoCmCRT5{!_nwF=?xgxtnE)P;24GX^5>1-Bz|#I64Ser&NybTk3*Ne z^4-$;JDZQtf3oZ&6H;2w6pY?s;BL(U7i6|~KaL$Jc*as4cW$1lm)fV6^|)Mi9QDnc zC96Clk;V~vOpIePc%49ZEw3>IK=3K@Ot}lV+dxWM)`&2T(8-s*N#9{|={v!Ajd}9U zGq2ghMyhBseM9Q`DzZqjkn5)kl^21h7Ex%GVOMbB=Jsi;xc76%R&+r3AEux>*z8oyp-vipeK#NjYI?qCi)(rgX8I zXt+g5o849CoGfTz5YB8xTH5rsqM-f|`$y62jD;$fE?!L&LQ3b0AWLczkuG;*g$dnp zQKRPAqs8jK(M!IA(wS5B&!tlYlNjGc^e@`(Eb^W}Ir3D#zEy!^A?NXP z<(|}vUe38UuG>KHzC&XZwd_i(HMBluNaw|sEbCS5Cl+ucpp92Q&L>>`R=;%fHPcDQc_frxxQAzsh3KBguZ?Va0P zSDwo|3eN5`ebK@z_vsOR6C!DnM!`*L$hk~1dGaZXUMH*3V53N~xXE3|v%?{JV%blw z`@B$~+%LKAs8thF9eewSmh&IDPFt6@OsSOryuS%4{FX0mTZ$gS)kwK)qsWub%2fNk z)dD6wofGOfI^M2qy(V$ezET4MI?+Q#|7_hLHxr`Zpb%uFC5)cp>Ji^{9=HuG@KM(I zPn`N{d%xzq%jI<8VBk?Cj}D+|$l4N}n{`c_@q1Wa9((sa#^~A^15{}e1tuouEM0mG zP;GNI)8!o1q5pl7qm@+*xlsNO?(v81w&WW+nAn4@Kl=08Ks8rF>g*n8&0~ID7d`bZ zvpx%yD&4%s2)~M$xnj6I?^9CEL|K!M^a+l;`z+;4W`Ei}qjM4^4t~x{vq?6gFD-z7XvvZ(zZetPsP- zm!oRI#i33Z9+BGc38ZprS}ns}QM3E*`4Vh;fK|WbO`^7qjYftd;RF{^W@y}CoR*a5 zx6H@Qbl|{lMOcXwIz-X3-t6=)i=#(nFr@$?$7FEAekx6Q$)kX*h)KgnoAMX6POTm6 zE!$JEw2{DtE=F^L_uvT3ck%QQtm__Q46^Liv@+JNFG&52Zi|PktGtUfTzM9W(e*{j z0fODe^70{$MKo`|X!qr#vqj9o5t@<~$DiXR(y4>RydZwpp7~^+j?17D{>kDTIq|6| z3GoJu_+1~4tWycI9Sh&Ok>14iUVI4D>oQzCslLwzNa+bKdk(jpF*3zbgObFtnn+@Z z4^J2M_w2_*E&)w%Hlx#nyEugSk-JdFr|qG9Zq;8l|Fg31wh3&%HTM@b<%F?5tol=dBC5mfy(D987y+Xy9} z%mw4_&r6`tsuU|8<txwiG>7urD(tp5G$;MnwPiEFF@)+7UtCQc0EYHm6&%*(MZcgoq zPs&*X_!G!C2P(in3v0fY-o~gd83#*$pJDYpNPm9*{w-@AGjEu~c(GK3hJI@@uYNP- zwW9c1+RKaT6E;3ycSH*JurZRClF-O3mY$ySS_JF%%EyPPyNx&I(yo@3#7LV|I`s!b zln+(wW8FlOL74z?k_RKri!5D_*tEWtKk_jBW0dO1>KZHqF@3(rh8}uQ z-1IV&o8?E|4A6`*@)YAGIeAx07kG`a%>JJ(5Ep`?->^*Y_Z7L>5|3aWXBZ-~h^ z(V8W2rbGHMMt}bUEi)4{*hsWzR z%TdXsUhC&@_*(#}o!;lkZECZ-wjRJ?ZM!ZJjMXvZTd|z_KwPtNz2IRrnI!%EhjPf{ z^HKmN4cM$3G#KTcKXf$hFYk|Aca5tz-^mguhWzo|LTwXvEjeP;W3hOEe4)=(lh+6Q z4_oKuO32A-xa*u?De1cU;do~2v#0^yG>xYA;KgH?Y&J$r4_wb*z|NBgBJTfz>%h%v ziI18X?;{b2Yhb^c%>9aGhaI>(ZT|NQT0&eBv)70u{#u`M|7ulRg5sQ{q$F|oXV{m- zY=&iT{d3zkHg;FCBimyx-(Ng$JYE|YE?%;g>n?ZGP-=a-XxlQcQ+GMdNo*Bq{da>t z6pGZ1KHH6CWiIO0XjbigW;NMOmXw4l-I#QnuJ+xH$v%{fcE9vbi@%zsNljjRX7%H@+s@d+_=Q+}Bb(%`p^ts!OCY3Q+-*PBiOM}W5o5*hT=Aq^wS1M;~I?8&H)0y$! zPC_CxRf-%g0&s88ob3^cO`h->z;b~(d#XP-@v?m*&sRQ_QjpVI%9nx$R6{4RZ-ei` zX{$2r>{$<--s)f15xuk!GqBJSe@FBAju;(R0^WZoPEECdGb$ zFNx>U9a)3v4xucM7tm6|!@krswqZ}EGMr`xC}t4?X1@RAm_K6=r{L@-s%GBL6P6{Q z$R>Y&HdD`XsQfm4T1kjQHB($JN{fLya-i7cN9kT)6UuqE0=LM+>}Ob{&IxGZDcbt< zhe`>*tdN`9W0J{IJ_4n(T)ECGR15-TDau?tL%l@qUHjz$BN>*qF|8;X{YbJgZE>s9 zFTTLOYrQI@S91;Vv5iOUHWT?|PN~4Lsz~+obPHS#ABE2fo(}Pqu?W& zEA?!walGN2H)7uZe=;cJZ)u&~r3-lR>iLRRX(NMEW=HjUiovAe(i9w-%kwemdgkg~Wi{=kwo1Kbj)`pk1EEN%M+&9$UeNXS z#QlNGIV3#=-u1U|ZUi0j1!LxGPLp?wi-BffDTa^n?vJUjc<~FKeRhcUPS>!gDRAU3 zd`rN;QfPxmbZUrjy|p|RKaJ)Uj-RJ5*|j<7SczW~8|omX5mRZE88#sVVs$uu78tsw zy-w2QWK3@#$gndWGM(QNyp+9ZxV(XSSlSQmI-V>nCSC&1B(V08f0d5xR>gKxv(=K+ zh6#b@w`owB!}NPfEFlw`ELK&BK5qqkO8Af2^G55WW|uq$kBPn-&Ee9%;R}MRU3+0Z zOTTWxX@4H?*WL>tA-B3mhNca3>Xlj92y+*?$ zR5Y)yI4_&;a%&!-e9bByz?nKYnD0g=+`nfX{kWsggrGef3yrApXN1xMuw zLngKwb6Z(Cx%p{Gl9SR}8^?~Htz2_qI#Pd^g!qo0b6Uzt@;V=$c9c}dkql7?SPEEU z-BV_Jom!%Sz+t~cbFlUETu&Xhsnz#LkIiiCt>tZoIo1k?25f0XC%Fnq?e>S9dc!sbPXgl?O z;AYYmjf-W=97?ybZ2!skYqbyQ6SmxNv+65FW*orqY3FV1ne@Wt6*?sbA-$vFc>l{RUk`eX^E0#;aVeJxy$c(9 z?TN1=XSk-0zIApmY?%PI<>JpP>*RX3i>_P%kyJ>Qt@qJpaAJLzNBIe2|h2xaH)-JTKR%6c@hjFgdtxS4_IhQZTeMLR4 zc^=9@kI7h0rT6!_AY5(od$SrNSma1dvA`R!-c7r_5ig(J5I=M{T+en0eimLp2z8z; zTwC*LU~xZnLWP?D%SAfj9C~-T6f))JyPrxij9Nzh!}ED0VmhV?`Qgd*2qw9+46^kK z99C5=5RGov;>*>{-LsTXZ-M$r zHj@+4Ssk4P@{iXI#7(E;WiZ?A*u>hK)C3JXcewM+qYuogJCJiqLtP~?qV(Fj@p4UT z*$3N+!0sU9L64j*#3y2E@}JC}C#y1G+g+;o0bEf863KxntpsLfn>8DYzxRO0Fxc#i zd3ASPw5q5D7ugIx&I6kv`Y%f0zyP3VcF2G}PXr>5>5E2b8l$aVzW-?}Evz0-SK91N zb8Qo!D7qNTZJwRSTpesbZ&W%}e>Z}bX_N6cgH#kNrhXiQd_(MJn z9wq#dvz!d{z-DiqA%=&{de9TOo2w?9%ibh7CO_s%W}|1m)!uKPw8iKumjOPvduQyV z{OPfyTGY!)pg&Ay+&vb3m&Cj~Nt3*jLBM|Ir_%Sm1u_WR#{IS9D`Hvi%`v8d(mVVu9&$D^KucStG!e8ITohd%0Hr%i6ClNDMqa z4NtHp$ivOAhXkRGz5CkydHw2eGBDNeKEIL_flq3xEg^uFAcr@e?&SswR+em;q>W@b zOfku7+W%0p=pcN=yJ)90OhGY%tLkKXam^r(EGdk!Y2c`iOE=Qq&F=qnc3`ro6*c=O zd}CQU-J+o;m4B~3zcxo+oky=K+PLhWUkChaU?#^hc;xV>5?i? z;@Z|7@k;npiKi(n7mur*{@ll)y7W#SyvcEBsz7RFI)A}&7rt*4coq!zP>my%H zjw%=~bXT}MDrq}0Avy_BSi!c=r~M>F2zFc7YlaHGT`$H6WgtV4;p+1FU4~?Fc6!~{}_Le zqTl=8It3!H0GF~b8~Z(P39J+o(nL_kvWamg$9MCgsg^g1Awr&zP>(YR5YUioDUE`}!C;_c|$^68Za z^OOqv&{WH2Ga;JJICkA*eLW^n&zerb2*l&}I!|oRPd#KQF_nLT%0#{r8DCaYmF)>C(i+kCNWpht$vJex zZ?j+2%vAfGZ@9o3%AdqfMF(3OIeu39$q3K{1m4oC+BWJ(t=`BqGi$D8-XAmfce z`4i}=8VA_$bVvmyo{EXswwqm!OLfU@F_XH$waFd4hT(RT09e}Y`A;u79R;n$2}O%W z<0a?eC^q(r%5>pFu61S z?QK5vncd@b9Vel)%!9Degdy9H_A!Gcjb?NgKU?x5-U6#wOrar=);y|8vGOoV&%eU0V38*P~$~RMZS_LJ# zvIV)l+UdoQGeO*IMnXi9dZ_xQ`Sp9ku^`lp;azPKsfc-iM^C&4QCc99Qm^=bUA5Ffwv7E`sFUAjytNE^UOqJp5?n zIt?u9xo;YJDq`;9aNG2iglu0D5bJwWH?{5fuvEcei_mF|>gfBF*C#R)?M@F1kieef z*TzFjrS&?z8suU^fAvVAZ#Y19>vc# z!I?VbpHp4^V8q?!@QBm?m1NONeZv~qikAa_MNsd?KA}>B|Fc_;4q2TBbGw)HV*Xj` z;v1iq74ToF`9-~oaThb!t@bFG4h{x*1z>K28BIl+qRzR|Ul?^n*5(xghh!OawC1i) z0pN=H5jMsFCPs7)bE1r#-qqKDKJgo=97d6f8S_NNxl$xE5TT?!^3@h?_f#>vdH~@S zC4_G0o_J;+%Zs$;>U}B{M-V33@xErYn7Y|@^{?{5K!Sdx6IXXG%cE?cYC&<9ltL0UTP~d(F3JKlqXDYtyw8gu zfQice6O5F%-A4$Ynam}|HX<~mvv~;X(p_Y+jArM=)m2ez@nX!yX4B-wLp4#dWO9}c z3`EFyWMogo=i3Frb<0*-lC_{eV_MIq45)oG-Aw-k&!3*u3*{tytVwl=1K{ioKFJ3} z)6)Q$+L;vnE!v<&U0ol+-}A4h2HP16sAfG#L zs(&9kb3eyVl7qu02KW2*d#@urkXHM%y^qt{u$woAd6^-MWeH-bvJr3^`Asi#k4PZR zFn6(1x$GdYuXSv=>q>n(|BHYF)4_(+O0AMXH|2zvi32^h?O)v=x0?r9zAaas3_EqR z9zCBiUp}$tOI?27eyd?7?n2Dr>f`;PV)dK9akR`h%QwhJbFB1BP1N+A0UUB?1Z0$p z{s+?nhV&x(ujd(vY|dkz!6ghyKv<@JT?T~cyz=v;k3D7ZF*;LMfscM| ziFz&EHA`_$6(9!ll7^whevA;|j@TXhU8v*TgctChi~5Rn5fuG_pa?>_VS-`mrz0Up zj5yoB_&PT5ZJvQ#<`}1}tODrf;O2}D!iErjK!iIvIq6`u>seUWt7>v_^fK#p{_(jz zS#A4A((@4fpjQ%VPf!1yV*rEn=$J+4zS1r4E#PCpt5uFM(u@pGifry@pz49U=sX7I z^MN&8txdXq9Xpi+FKOu+@oYvjH@mYlx{zv&TP9}+v=zZv%akmK&)>cmBzGNMjqrua zu>zZb0Jpn``vo@E6MP(LG$0{Cg>b5F1BE(tGsb?_dNoyr6#=H{&6(hi zX3xF^$Tu0d+NVj9GHsH%Z(t<)wrQKJj-St9x!gUwU#-2cu^~kihHIgYD8t<~Raf(u zOKzX{^OduHtumL41~S(i!MHjP{D<6*9T+7aw`z#ucwa@)o)@2^j=tUT?Ds*&^=9uO z2kVXTk;ibLS$K`05b5pWWoEOrl!{Jb^_RW9gbA_DEP&|}HM$gb*9SydhZ)nl*Fa37 znKYqk%^Hi(ef4pYHDHpZn@L@KJA=<`l?{?^{bhzjzxH!IG?F8mwaM)vmeXZ}sFxbU zQS`&8X38HBVbXavem|s}o0FqP=b9+1-ehuQfo@FK)d+{1S?9Ur;dC@1#_)N*Cvr5N zC11Yb^VRAx$HOCnpZ7T-nRcF=n#`{L;{ggES+fOt#Uq5E(;5>ayOQ?E7ZtW}T}oIIMc5wf0Lpsn)yt^&9;>4jU+M3m<^5&!n^ah0 zQWJ>Xwm!R=oS@Ub(+xEhrw*^?2g=xNGLk=jtG9H2rIh0M(Pnv$g%VCE;63m%SClDi zIQItv>&K)06|9d#!lnSfj^WO3?6YL@3lB}VI%iAy(RrjsEJ(`tRGemaM3{OiR~nfP zWPY4Lh*bG7W|fMFWcNT9Y7!1l{I8&vY$s=pahuDKl2X;(E-aB#J5$+N7S=O<&% zq6&pz2d(n?(ws;gB1^=z) zI5t})>2&+ldbm{OW77Rwpch)|GN#~_uRhLePqOv|@dz2q_{|VKd?Y5FTR&~dy_;78 zaU;t1q3*L5cKwfyTmmO6woQQmD?Bb9DrM57Nr-5n*>5;3lUnL|c=+ z!|ztQlDrApD_=8x-i1=Ay5XxLecLEUSlTfCieo|--=>N2>N^%HcGHc@J}q$0GS?_F z_P68;Kdr@jB})>FNEURy!nyPCPu5el$4`d^bF?O7vLPNnfK$H8kCUb+r91$NeiHHr z-w%yPJ<+=5$BH_{Az>@*RSa^gkd_=nuqkF^gq9!@=#iWoT{>2J(!=n21c=olENfBF zb|J2X15Yp3F;wHV)w%odrzyOQ+q`K5kF5J4(O2DK(wG92@YTn7eR-~gSSkIoC&x4y zCUbG{Sw~{J9)j~aZ<>XoHxzb^p)UkOvK8}Xh@3*$mJka1A>?9}yN$fK7zSi*u_*jq)+d(U&$(}SZ{y-({O%qveEh|@2wa? z)yiiV1Ivf!9wBiu?GX!XI8`rKBuo@XHvf`MS(E{vk&vbtL4NGg5aKf6> ztnam7`j|_t-mGm3B_g9-jH#Z(KCW7?ZD}tbG3h5kl!bn%+fEad%5Oa+fdwF~+GfC6Dv+uOgqoqE$*tf#iUQ{4; z5A_E|tf55Cad6(@;^p1Jf(zIlAYOF=ItkvGP;apM2>F^yrz4lKY{Tu2I&lQ*t#3Jd zocOiO;WTk^uoh!6wJ$luz|w2fQr)oM4hW_| z_PS<#Ak+&l_wMNx;q{qZx9=ZX--VN=G{L0X@_lP83lvI>eY#s;Xp@_oPCJz_T1$zs zo!B6-{4udT%cN*b)EV6lB}!hk?gGbBS7P;;B|Ap18q4+=Z~e#cd%cbI5f^cC#eBh~ zx8w-*s{0iwGrQGB&dPVMuLX$;!P;L*i>p_EIi2SOXCm!ZAY5FO+M$pN>Bl$P0?9^b{6IG>$YOkN(D3ey5V{ z?)S5fcwY;@n@#!4=vY!Ak6Z5fPuhtNo}~NqmzgRO{N5k;gC>4Ins?;a#5}Vj(o

H^Hd5o+Q*1Li#5#$G#HT<`4iY7{#O zGrL=@efD{;G`V<-tPq<0t<-(V=OAU?FvAQwbhyJnEaM4upi~ZV-)?`%zSckzOynmi z4u!Rbn!a3-*T|zrE_v4%-jGBTS$%)4qd&mx()jGx_Q@OJP#?TM4|uy7)VOjXWS(l` zANsvd7FxT=W`usa&DD&u4zn`5R*eog91)axgj|)!_hiGgjYAIP0 zFzp%f1n94j@t@wxCg7*#7;UnD{pOm=cEa%h45)`*1;xySAM3N>{Tig zhA~BwwE;!h6psbG)6_H0$_Ra<_^A4FM``8h)Tni$VQy8BJaFO4H2S1}2yk<)fM8BH zgmFxS?m$R?#*2~Y1KJWHEVdWVXUS!KhLpMb8&yLC=WoOSHDGLaN^VZ(tJ7K;A&zxE zSCj3d?|M_^$}uDObklX{`8s|LznXKg;~Dnaln*tQ=q!?~gk-qBaW={9RXel_k+INu z%>D^EuqQeqr{zM(JK)U~o;$X2_ST7)F4trPSdNp6?U)HG2M_o*Bzvoaq%ooanj6-G z>&UC@Xl{g7G)BV%ZA&IVzGv6pfifUH3*ko{$TCCG?LE888IBgfCEP~IinSP#TY&+ke!8m25QUM$tHN&`{V*IOXse$`fGulo z<#m_!Z~$pTY}8oaaaW#yoi?V*$zFD_hCbn{#K=P>ok{TFE~Z9q{HBQWUZ%g$&ddUn z40cij70;I~9)Ec&pH!%FpjV`U%7g<6Bp}mU#P-s*?mtqW;|Fd3+XryDvpEm0zKlIk zfaWi`Qi2`|@<=?kS*K4@@SP$_AZvM?R&|;USQ#1OVqh!Rsfy%YbZK*JpzE%)7=US+ zo~hD)233fMkpV|N*@U{<704B5lIF?4<#YP*;R*~TxMB}cI)7~0_e5ophUYS4sMjSn zSMVGzfAAEj(cY*p4wdzWuVl&ktJ!o~KjNBu?42c48N)5>U};d{)9qxOFrY2P!^vW% z%^zh0+YL_Dz2Q=1T#3=#Ag`O~bnrWc*Ad<%At~vpf}J(w;{>O&~T-h)^U;-84G#lLGQPvUEWjNk_GG@4=jKQRZ2!VcT5BTZzvNN1pTj0vcslRpsSfFu56Q`6@8tLB@PKUB+iY`)nOIP% zd63>XJ9R0H#2C{;Eo1LtB#D8HhHkK6E9#oDuF_#;ecV2o=}*cs2}zDRV*ha=ZE&8j zD`Q+!TvA8a7M-mYUuSBF>JSnCr(`pz>w}r5FVbp*0@S>%*wlcGmoDY}1myL3)EI^| zN;Xd_uO|LXATx||r96!cf&bR6)tW+kjutfIf-2fby*Y&NsCxPsEv)isr?U8&WwR|c zcIm}Kk%7_^dL(=F;GR@?mW$Zm{yy{_rB#H4gf8C9z;;(B6E(ZQgoK3ZVzf5XFhKjfQo0%o!Pzx3SrPprAx5UKC%zY*`B?n_90 z?>s{t1Pkrk$cb`twG-s$pN)=>&_6OP6OVfO%s76Vo0~HhX=5U0A3<4|9~G#x7$_%K zE<&R_3X40PITlpe+1U|FsyA7HlaSoHpJSrq`(9jF%tX`vWz_@)1+B-`QD=Z$Vkc=} zx2T-@TM7uFd?Zi}3_k{>!aiRpvS3cT)ehL{p*)zG zdCiJZUMtB|R=a*;-@F`sd-ecQD_i{mU$fodSZeH@u8*Z!z&S`P7c(oK?g zg@3KGf!z7b!u)Z~f?R>sepM|nVOPKqVJFhg5Wnmd>?cpWritzv-E1;Bj>!cRpbtAh zQ^8S3z1%F%Q9G;EqVg)fG?VCOZaK~eMJVX#S)PYT^P$W~MXTDvSb&b^i2KW){h9d0 zSNz$GEYQm;PswY?ETzDz_MMEW)#vGsr^|?X=C2jU=Pl+S?jRrPC>BzVHwH#q1Q;*B zfc{8^MZaB>O7Hhki95KLfof1asw$rUwHnjypugtaT89I9ULQVr$p%Y%f<}${^^1#H zRN$||Ej;mqnNlA1SwTOTrVX|@HzdD$J3{^}G?SMGd>G9w`O-9ok6eBdaZ%9q=@Q#y zsZgQiByVelxv?$xAznoTm84b{5+}Qpz`D`V>Va`g<7xi}VMY2IGds0r^k1zZrI>U% z?sN)jRus|h%wA|Fs3nH~r@42EuC(dG0AnW|8y(wr(y`S^x?|h6&5n(ZZQHh!j%}NB z(%<*}v*u#fnl%@*=G@i0-c#7`uBu(n-p{TZAa1$a)AOL-gevY{WI%{(@r~md1cEQ=XGJXw<55=NMr1_?q5-^2i z6p8~EVepl$^0ahJDdiRiUVZqrP9Xw)E61MSz`Wv}=KlOf+EbDrPdn-7svtcwHhmJG zQJCrOfFF>CO)%@JIu$7`0J6hIDs*V4oqm#woB9a_fU#gohz}yaUU;z=wgk0Nvrrpk zrw5|VM<0-QG_c5L;wfzObW9rQ502<#wz*=a!*8pM63(|%%n}c4h5ZoZw5({#1Romr z3fOceW+*G~_9rEpsr`=B%KRk#{l@+$K%nWQ+Ql>gfhLgtFrGOn;X(+WED)Gp6e?}T zzJhc%kA^KIzNxL)YLyAE;+E~WyKTaH+|X^;5mJg*I(YMI&T8|eo4DqATieKC@KmN# zvGTwgw~Lrc&Y>~K)F-X4U z=Un>oTt=w07BuuJWr%8dZWPEPK~` zLhFvmuwqzR|bZPe0}uaxfX|FVE8Q4mj+WKIV_h(NUf@@Vf|TIj zrnRG^B_Hp5p-v>S5GGq_dxNH1XV>{%9zIyEYM*kxbFARz@tf50mW4upVngQpvW7O-AtUuV=hONvU9{dh0r(CDnVHr(x|FNEs~58T-~ z(y&a(pKt;u&uWMMmt;;;C|=@lo6`b_=n*$Ehe<=|N!9aqlD@OGNHICNLGD|)x|;H~ z$fKnYwOx7k&&?I*?z@N@n_y+O?qv@87SyRFO`94Pq{@p<^{5PEfOr4BQEmiEyi@NxW2JVNsO_18Mf zbzDn#_?}zBF5fld;#M8pIf;YIIKD4mDBR$C!>WuUiP1P~3le8%TCg&4IWYhU+_`w} zK(9DXH>%MutfU4{E-HI{8c4l&GILdo@X_X}AMxN$*3mQZUUXclFs7WjMEQz+#QvN^ zDTa=Ugd*R#H65y(7v^;)h-dhhkIT{Bhcz>MqFne6-W(aQ~j zA(O^|Rp4$&KalIpb zp)l;;c_H4=t_7*CUa5Q>-1h%*mZ_1gA<>&infLwT8fopxqc_W;txcoi- zdycoOp1WpTs%PZMx~Da6sbSI$h~`we z&HXZ!4tH&G&WI$vT$7U;@R&=*FB7-L$lZ{L~VLo|6S5 zEj4}ye3Bf*cf8b=(;ai=)hoFIJhu?ibqUArHQG367_#MKmmnM*#kI+enj)2l)D*Q- z!g$Qv5G?U+=VA^IsT-raGFoUV&N83*>Y@;oWlexC8&qaKiJc=%%a3hIjk{-bP}x~> z_9-W@F1Enj-YUHh1NQxQ#>l+L)nKm&t0Ibcny(gwd-Cb#TL1=v1g$qhEOy6yShWDnO<(PFY>(I<1f3T@WK~9aPB+D*B#hqX4ZF!>Q^Q7tcF9J1&ocdTv=Tm z`}B`{@<&-U$vHbjRczH`3%r#E=rr$~5k{zjv8hd`Y9U?VKv-@cOa1HBqvfe7WlwL# zFd>|a8PgiG{g=nMXkr+XVlB6g4M7LGa3|nvD4*zV9I}bS!~8R_#G4d~v!`oT50m}jStlqR%45dVkYeWAB#*5#f}_K6u~2KoE_5wb%( zhG4PdXkbeh;F{YE-DERhoC)LdmHbn_f8D+WFxF;FKLAJt+Ddbuncd%>=~?Md!Dl% znOaL-(oxchbQyL&(!s(cCa->)SLh{fN5at6AXHSuA_e)I(EZHPbfA~TV3X3%xrMx& zllX7+LbBABtISucSiC6teA?G`lfX*tC)a=}5&6TkKFB>4AU$Q-4Y!BXn}zl+P1& zM*yJHSx!+37arq4GP+(H;7T`%jBs`phw`LI;OyUZClrj4f4re#*LVljL((5rs=jw2 ztLSBNP~&{D``%=~!|qZ4Et4Lx=FeRLPh5lknJPcwmLf=p_6Gz}oWq|tnys7f4CS!i zzShyyF&S}@IK~}fhvt=ACX&uRkvwJz zq93$*@W#iXM|ACPIT1X~&UfAVQ~vQqpKP+oNiMXMb8rw70IBZUTRO?IiT{1U<_ z-*w1#xbcpS?Y>F5dekw2r2O&}cHe1#*hx$0P889am2iu>Wd3GkifZy8uq;zZ>WuOFOe2u78j1PbN+ec>HFI46GK zxJ4I)b>6ojQAdd$G?Q*W#25Q{pESlWy9CqKyRG|JZr$8z_Xk5)c^N%8%Kbz~(_kzq zC*=}3HaGq(>Ve-$Km@-M6u5dtuQk`uxM%(Tfn3qu6O#WZTRL({2|LwUU(QFL5mdjY zG$?SW@1lY92Ez%nf@@s<|G(=`XCQ<6ohnEm>Z%U-9 zK~IGe`1>Dqne`EbhM813^|EzJWtc_(g^laFnq$1KgGOTP@#rvZIP zsxL>FiNIaighGr+u81o=O)EXY8Vb6uNNRgNx!^&^$Z9Q9a%ZqvRZmAl)6$li1c)q- zqAUtuk7zQL7owddhppZ-zBvy3+Oo9aeFpL>jOb}~$BbSPcUD(tWGuidSC++cbENtb z6lq1;e-yWvT&^51M|o88;X18fw(D!EPL28uP<7psF#MF!1*(!Sh13~9(Q{GYdY~m;~jxFR~R;`7UJ39kFs8CTU+1v+k^ri4{=@D%C8QJ z>^4tNH3&ILN%hpJL#2CLt*q3|U4+NA_3(?+vTPG}b&QRJ(`ze#xqe`$S5uW}w98Js@E?J^&s1LI(Z7d!$F~3Xv36BxMJ~D3u9#8I$ zgM-7t$+`6!2zz;Z8^DZbZ;}jlK3z5r$nCs&d<>(Dp^Ue*P?Bo0mSAk9UfOD4*0|5} zrqy~fDBk+=a3N%2Ff#1=YCXV&+(+)1=;QD2U&lEyJ^jc%Qqm$|VXiDwcRpN7r(WuA zU{*N*_@n#DK%P+!A-l7_6_b9)(k4_@IcpQu0mvc>$m<^ST^><0=6|TsQgJQ(|BxN> z&&aE|uwA|Xp6C=#u>CJ~EE5rcaL7@`hIju97Wrgw{rMk3!|fXYe&Q__r-S$xZ33K5 zEkOTk<`^1K{D0iAKrb1C@q%`@Y`g9sprn6Muw&@IbOykDAx{|Y|CbgLBqQ)Di4#4C z(*SRC^bhwS8~-!JESf4Vyyu^O!lwanuprG34Yz+|<-|URnLDzZ^Up8=tpQ94-9`TY zwS@H9*&?Q9ihsI4RRxG*vtGKJ%s2jviut+;e~z_8nhxflv9eeIkOUm3H~asy3q_oT z6$*lJ+6g2#|1lZhemeeqUknuQ_ixSIX^+?Lxd=vO~;8B^`*>qkb3@7?RZ4 z>6V)+zAfT9s^70&ahU9kByN4!J_sOLYLL(V*wlrRZ$dx#l@YR}k5RndHeD%4zJwYr zsLI0OtwWv@O%03z?x%$h-?@q%?i& zLxX^&k)}=QRy@HC39=))JO4Jg%F!wk-!rRUpmSl0bhyn0mmGzlOO45k$=eM^&G}Yn zaY0r@B;`#b4l}ars<4XGiLgx(Vd_c`jD92V=xt4EOg%qhVDp#KEiNt1J+9^|=NBcb zD1p=4chV){P`#&59h?{Lf|KR_(rKyglVB?%mECoEN1*q8ao?dAM$1!_s7XS72|d!t zAv4&4YjT|09qfGOoD(dPFHg;3Qm(&XSij2G<8r82$(EiCWVS(6XJ7y` z;>_UChK1vD+J$Ca&HV*?zE9RxzV-ez({YZe7qsEGC z--9!z(8)@cd5TKYLnT$W7Qj>$D7{D%)~UY0GU&mAK{cIodh2&4(`R@~sX1N~5& z!&G4p9v2>>-(7u|0_o8|LWkg6tGUcjp5wQRtqC^#rkd3yO86HZ$O|h@j4^kK5v&I< z`i3r99rC({Lgk19NAM)zkm{fyF%V+73L7V^dbe5oBM6jKFM4+QNV#W;eku=}YT-LZ z96~D|0JF)oGujFua=CIQ5vt4TQz;f641y3BY!xQyGXiq_0agKla$+5bLRr~Id_>s^ zJ->yY2ITnN?mGv1hKE!R9OCeG?eHLEV}b%`+a~AiFtBeW@;arzBfC?JT-sO)JH7IX70=`FS|~ch>)%_DqQ;m*5D`4@MQL#7p_6AIv#}DI zxwmZ`xbQHbmk)ADg3tLKSyklDi6gIj3L<(7ig&7Y&+#L;upu&9VK-cUor>O``ieckRJ($G#EdE7P3$%l>^2d?TULt=rOfFB;%GQ$o)^3WW-c4vxCj( z4_64u{JxedM2jUS+@0qLDp!?~01Ik6P5>7oF)^`f9$oa=<~X403%ZK1hAy_M_Sik- z``s)7Cev^8Ek`~8ttWc{u_%$%k^JJ_h2D-5?U}&|Pa;na4T0t;m~{HOiss|q)gpEA z%iHs?H^Bv`2xAx|nj^x#LVC1*T=?2|%7?E8T6OWV(u5sP`&_51EOONL&{5PVw!+@{ zewMNLHOX_2CK46tolS+p9c+*?$CPDI)5qvFAk))nh{)HB$n~RfPbnCY4%*I}ZG4sr zq;Ya*-DxXK_a}{DkP{n;Ihe;45n8_wrYg0e5{SVFrFQLrmpMAhFTIAsc*PfJ#ha@I_YzI&BaGq5@0u1 zSb@5U2JliV*^yWlWr@N>$KP5Vnt!~UYX+2wmE#)fUL#$%4K zl137KdL)qZYLH+M&eiVNM1*U_Vg{MZr`t+yIU7Cfpx8iam`m*pjVv_M*Oj;>I2J}4_fGk2+{X|eS5gDDC z<8v|;GX~Qy4O!}|aAR7Ds-3)m)?mA_woHl?-gL%Tgqx*B`tHRo;4Fg;N7)35rMo?U zb46bB;V}j}d>MQ``%~@Z%F&?slaDvnEHBl;?uEmzuv~ai;G zLer4=5X@Cp8Se6ZB&+oM-ZwVU$7+l_rXhhCy*fL*U}Di;K>VstCH1hJlWD3ksp%1Y zec>T%4Vk#-K(CXtnL)$1gIJV3rr0*Y%1YzpuB zlVsmoBS%}s)_gWbPeT;?jYiYx6+i_QfJdURZKyuJs}8;p@TPds61Wd=ighvT&CfJ`XTNg;AL&JJYKV1|gs=n*c&$07=p?x{W&Y->+e@CvS<3PUY2@+`Xu7s{ds{Vj% zdt0%gD3Ve6hxL`XfUUcMmWF^A+ZSpowYWYxGh#;K)tLaV-KWbR3ARX|B`pPk+V4)| zMB5(52+Ndbs)iPcnt!xDHGQ}mk9vt8xz~-9-1^R;b!P2WGN0%XoL|ljLhkJ+M5vb< z|BMFF@~72(cAxQg6ht-kz%0`RoCod#WMXRgV^~3|Ke}c2l$BPWnD4K86eLz!2vz0Y z>H4?urH(6TjymRUu{gh4y%csU&>EvkkvR>5)z(LXfU$H5>I$Ss1HY`fsp!JM+hX%h ze?JGsL?*L@g5;y3JVVS&0oLk zsZnrYI?Z4v#Zw{Mn(AYYkL#CJEb5>V;{cHaRS?G9|;?MCzc~?8t1>%#wOX? zhS=c2>xGXSMy#ss-}st5)e-#jke*h;Mc?WXAppMvYTU*;cigOGv{Sqm9ci>jpr4TV z0T9$<07gGCWvqJJl}9TXgP=cHc!P-MiXzoWAe`Mu5y!TKwvc;{>uCo&39CpPCq3NmMupmdzfpm+fz`S zMpyyHjZ~@^#0~LPnN`_ssuzrlXgBBU8ll*_gXtBprKsO6*D)3-E|ybmK~lnuiQ13C zvT%^~AKm`l%ulp0C(OZF4nL#m9YF61>W#p%6>#+aWXW9pl`6!EFnT^oNUxd$>}6OL zEeQCUt12I*jXNa~JPrL&5Pbcj0hL({TzvLy{3W7)04tcm@PhQ%;At~hnYkF05r^Kv zIa?K8xrzR%3D;oST)v?WvS%t^@}&|6je%>Xc0sfL>euyphBz<#S%tZAe_ZmbB0GyH zj1k=r|8o>=;zBFvc|baS%%{}veI5)DN(Jt-*!7{Zv4`NvFuPL+kx+wMz_nMJ(A@QL z`t09Mjn&_stW#}=#Rk@-C1&2rEO!5JNo3FpO)I7(a6VHyNWHK@rM@C#tCv<;o-^e^ zN-v1Ykt=0HV$P`Ir_5HoFL@J@c)+!FaEAe9D46MoL!(-MIp`@X!=28Y2uKP0dLHLD z<9#(b;cJ9vweFvcINcv(CE2i|g{>=fa64J9WUHQVp3sY)OY}u)uK3XEaOx;5(q738 znGOAAB zn}Ly2PG7Yth(Mq(K)~>#J1*ntUw4uZe>qb^gaZ?f0r>ekql|3T% zU8Q-)*RLx!Zo@VPo09$%wwTN={0juDM3di5E?7|TaQ41D61&HDtV-DOPp#dX7@7al z;HnGccBM2FhC}{Xgdb?o@qPWV9bkj5lkbu*w88vWi zS#fy%^ll%&iRSnJc#Uokjwvh&xQY%K_I&N(vL~(9R$PA4W-u9P9HZlD4Kb)P$+_x~ za48+(DzIOOJr21@4pi}Esi~)5XF^!WA(tCbklvo`QXP`~J^vJ%<|ZP~ik1nS7Q5gs z-!Kl))1|A_|KE@rsSC0to0V388gITc)z?m#%xK_e`~=vol#xrj>_JZYkmH%56%8rk zGBP5^XBNlb>js;2bWX;ga23`?os5_e%F-gb{TDYOu7>1zWz*iiRWWO=dl;Abz(3EF z8ZUJMWzC9qNFVc%&hB?Tm=u*j9fOdo`Tf90@y9&d=w8AsgU7JPLP2u1iQAoui!RF@ zS3SwAU*G5b5Dv$&h586#J2ou+CD}Sx_^S-~MogeltenAH>Nce+Rn$2KlV2Zi8%5&b zRQj3DpEsE&)51>+a@Nu!ZeecNs!y#h)`FbRiJUL;tHfF=4#)7fVf>7vH|RaW)j8S^ zW9>c|H)BtJnS?U@S?D9ln$B>Hm}JRU3e?1IXyOlrAM45f)k|oC9!2h?T+W0U;oMrP zofwSnK#uMO0lMVvX;~?>$K3d7>$v{q@m9z7Tfu^VVhv)oUh6o!W-8S?8B z!q-orKX_Eno5UsH3=#&>*SH?K+i3ORy&3n^6@FYETZQB=R@M0%mw$bpsxRFR+p0$GoeKdsIsX7L0(*-9 zC)CgT0V)bHU5LEU^GB^=;C4ye<>Lm0CK(-}e+cV`Oxl*w1TS4*dKb?4j_ zsy;l>&?n)h7YSeetJ$uV-y#BewgG7E&cn%#Djd|n@tIPDk>+mN+?FeGScjh}Bf50V zS+pDH4?Iq(sM6}#hE(x}q9jqbmZg))Tgdy2%lpK97kUHWZ}+gUH-mk}f_gZCxMeVg z38vwfIi7HH(cj?)EA|>0jI21=o`iLo%JE*YW!lR&=S|F^WQ##Xn8=?iDbSwDM;&v$l5TSy}VKE;uR}%GBP0RUP?LkOIh}~Sl7LfJ&7^Z zN%EJ-+l)q$nKUXOnaS{?M7DvGxq_TT2N^HYNNmm6t0lp>$T3{(hM$~W^Ti-X@XUGj z57Jk6Hs6gaWXW(Nbv2GSvWzg9u6~VJn_oyWgC$fRJj%QwX4atwqeEbqzhI2Ez|fm~ zPpMlJu&}EOE;V-@(RA8>x~(5Jc&jQ8&>U(WYWP9-;-;ZK79|GN{=jeLUUn<%wVc2G ziG+S9_odTp$wueAJEn1Sy%`ypU=NnWDS?Q96P=9^7oG;P0rET=f!vl-<(T6EK3nWV z$f*q7v*u*Bb`-B{(#)?6Wo4BzS}*&_1;Cy5z5>uh++V-4BE!j}w=9s))(hsn08HFl z&!d(|vpu9P+y7$tlCuD5Rc@H~asPYp9Ts?NZoKBDU9Ijw`oD(^z{CJ_G1BG|`d?tx zw?zs7KdzN?FQoq)$LI42Sc-By2K*P-w?+!+!}$W9`NY3aZC41ODPmlYe<4xn?DNl1 zKVo8Wdy}KpXyI!bPp0IOy2_3;sfo7%dJO-Jd>U3^Z2kAPcy5-cPN3V6D|TU(R--n+3RmbXFrw%TQJ%G?}lG zQWj9H3`SPvr!_kd769sfxe08w+T=?p6eOOtosQ?O9B1VE$#yPsDzq{;S9h1x4rkSs z-7Cf2|IS3ts3;C_e+(kvO}D!{A1S3T&OzlE$e0h}HRNBPujhA`Gw=ha*2Tg5pJ3I}Io@ z`EY0x7Hkr7@?6K01yKaeA{tzeQkC+&7b5)6ZTrWsLaUtpuC!ewZB!Hiz0KWUf$uFrc zusqd8rgMXA=Zp1d5urYeqrOtBzfJxD>)Tfa1ZuV-{B$S#iZnDaAy$~_Z(PzM57exu4JF3Gkj!ZJ&)>iV_LO30cq)oI`xip2@Y(4 z=AwO_DpDX0;dgd+KBA3>387#ObxD|~A$H6VqGxsP_&mQRAPtRd_ zcRs<&J472Bo1*WcnypTOm6g`{1~z)1234ldPtjvmZJLFDQ#d6H^nS*`Zq0KhHQ^&y zRTZt~YAoO0AyQ(5LeEKnB$z`V8^ruHC6oVv3b77ubvjcEgdzJs1p)XtZ(O^`48R=R z+&h4q#AfKLco7h;!Yzq1#3w)d+9KCQgR^(chfW935_Pcj^z^B+pUe~qlIfiG1sd8f zW~QdlF%}1)jSkQ__|lH% zx_?|6^3k8OdoW>CjYtdz7%iQUEoei z{b!Xq#saQ=%XH)2>FfXBnn4Z)ct`d-3ibaoQ+;|yMveLy|F_5o@8J`R2|0k8GIDV5-iG}{|=Odcyt5z;*Wo1R0XEW0x-L66*D4?(=7= zuD4Ppx|l>C%#@n}3N}a~KzOptz`!pkf<<-^fHQEzEPhm9IQwg-fVUO__6^7#Z{E5} zZ@sb;0X!ZAUifbDiV#O^F<2BsOb_T>n-LgD*1lcimcfJ$w(qck!hn`W1s2 zJ$u!;eT?UbCK2C{in=S<`vTxNQo`zkunGdA4p;>OpUxmNVwV z?Q;t4iPmuDm*||QuCFd!ws8tWVbRF~XT)7{CTFE63q>%{m=(D=_^P_-^CTreM~n2p z<*!@oHP9Qk5*0H`L|CoV0n-@;k;qDz(nbMk~Q1r+a2C#rXwB`FY>{B_4Z( zK_py{x)^E?R#S8#a)9FpZ7weEk&O2<-Or!ACx<>V?Fp1gbso`j5#=4>{y3lYnQBr6 z^#_HA_ok|U*#lt;CPrM#9UJJv%Cg5^$yx zzY?dFm~Rwn(GxhhnD31~F(9uZVon^9Lb^K~{A8IJ(Or%2AriLVrPfu`YmXL(73CGx z?5dlw08%?je|S3uH|fPiI|k{)Epo!3Jz`wQVY6(Sh8p(KpJHbufb zdW$Mi8r7xU(_82BuW2Btm-@h!+Q43`l5CM6#uPe@t#O(5ZclKfN4w)@Hm8IBRf8m3 zvFl_U$GB5>=b@XG_EjGySkJc?z*q%qS`k$0G(8%@$Mc=2;gb`B?CniJ6)AW1IX=B~ zbO}mrw}&Y%_#J;-zvCl^OiqXy{3_efUmpHizRqiHYR-zqewYJ-TkJd?rC(c5tW!zX zzi#)HvwsY0_)Q0IuzKDOGl8|fh|d;v;{cu5LIBn8q&QVw zTN_dEK$sZ&rHc81VLRv^By04bdW#z7u@*?|_O+e2trYEYo?2E-=M5&!(L~}lQB>F9?~nM3fN7LN{m2_z4Xc9 z;E9NiP~J|F4%w;&zqPO^Kmh`u34{dhDs z*Pb=ppe5fo#3U1;3|=4zq1;dof|K#;UWS@(Ix_{w8n_U=u=7{iX@MYXip@!o*MsB9 z_TGk!1RtJgHFb6B*t8q-b!D+*T0xs7^DT-mJ~Dh4T7|({8<*IA`wQ+Dy;`(Z!GB&O z?R3|FDa6zeUFl#u(y*n$^K@23br_(^z#fK$htFSM)E_}T6&rz%jE?HUFopt`y=YmX zdC#A*76J0fcMlX~Wh|_^Ra%GU79bmvmoo%826M{e4ZfWVYbj{?mK;+B1O~c_j3uGU z2MZ`FB4dwF785gw3IbCiqM`=mifnt-VVahBK{F8THX^scbu`~;32^CC5akjn$4#9G zp=^LYdH&jfr9+i3_2EM3onPUOI4J{*5G5WnV(w`Cfrx_Q&v2C*&IT?U_A`xGEb1!} z5y-WBcOZxvnvSBX`6Lsa$X6a74bDQX@81ImydC&ZGFVnn7*eFS*}5nKf?6_-D|tag z%aDM{93vg-5_{u2hn_|?MmK;4WP#71F4J3_o>OBKeLzsNeMZ2O=akpG;i3TrAn-ck zuDptj4x_x!0!6kRpn?QvhTdF2K>+YihGO%=N-WCH0!)#HkA&tP-q_`5L0*6xMEZE; z$XrwsQ1Ahv!T|Ks6_T0fvw%7k1r+!H>n4Q^4f98Y3|#(>S^(G*$|kQO(#t6RA1MF> zqyX>0B$W483YMQz$j!nc{VN3%0e}=hGsX}p|4ISpQwoR1q7r|lfQ_i5xF|r*Ec}lY zf&fxrdrndKNAM6}$#bkz!*DVG2%Zoi`2Uwp2Hhjf0zWR=^8p;tvzoc z?}#)}8Gt!#^Ow_dnWM?#d_yX7ezZK){2l2PJ{Sa;sHle|zD_d7hK}Ty7Eeqb>Ni6E zmrg%B{a#f0_`X=WnC^?o3`tD59aPV7j23IQ98B(M9IQ^x_@--Vo+lb#U zAOP$jD?;^``;0w)r^94$@~KwRFJI>lzJ*;nvwmQqAPV-6*{lRWeu6arNf=qmtWndK zvfJe!SJUR0)F*f^Y*ZjTV|HflZ|PtL71wpvCnuTr`Nr*muO-?9=B&yW-FUDuzp5dW zxr}+-#E{Sn?1u^O~u_tcI%;M+rUp?FawbjXobF19D_eN*}~RT+um@sG3-zjXmG=~ zmb8Se?U0XcoURjXo1$Qt!FQz>1pv-j<~LWEDc6)Ew~O=@5bRhnvKF} zRKF7D@qUQ-Uth~8-K~7t1q!A*9)*}o@0w_{T=M>=Ve&O`WrnBiW3IOdrx81i-OGnl zUqx@^&>}w69}co?sl$pf@!f-T!E!z1l)P}ex%I<`HE`m%?ayH;zH8Oh!xl;vjUIxE z#j0O@?Y8ZP=f^iKEkdeeo~Q}6r%$Z_0$)+eUW;{eXIoKSLkNcUAIt;5Ob8`st}eEM z_yu&DL1~JRU%8y1j5?luIZis@vha&~oIf&PBV1r$3!+6eHaH^M-ZmaxmXS3O^^}~D z$h^)ytdRzyQhh_i`MR(F(1~UzGdWv5a4=alp|i04-f@Dphe{3ta9Vf&pXUiqn3x;Y2AE1LXmZD zv|AZCca>s@*X8jVCNfSWu&Qj&1Sv`aSIhijAI9HBa%vrfi_!d#m4xPc!@^8Ht6^HH zk}Sr>#CnwAj?$DS342QPw%*uX8t1K1j9(wxO;p@cE50}$bJIJFgKLNTX2`U7gaa9G z9L2+X?PL#8112YnV6l+w!NnS-mX$kV@5_Uj;tWt9c{B>jd)I?lpM+QSkS8|Y1Ssep zC;|U=MOvV1T-5f0Ila(~j|+h3??WHOA+{39ZZ6Y)ZmBfheV)W|W)>^mz!lO89!n=G zmtjB9Wp&}Ji@eXCxKT1VErb6(Jy^&8fa)FpjUGK~c){-X=V}kIS4|r8=q`k;k7iP9 zIxA|oT-E=)-wo9P5l=>!(7V-1lQ1mi%w{-g%~!yR^ssi_*Sl7=Oh}9p4PM_UeBY9m zSKfXrJ7sk-O$DD7GoqM1K@fvNrbDG3pb0Yk@InoVsejcU9`BFE$q3b6n4RfIM-7Jl zIa=+V1S0h;`xUn%aPutS>~5|Sf8 zyJRibdy{;WU5|K~jqaaM5(9FUIJf6-NXLX=!G;c44|(JIDfWZE05bY_`#%j$PWBf9 zJSv;VDSDD`wyUl`Ni2eZn~bq9S0ihy--D6Uc`~D&_w&O;udl?<7V(BvjYE+h;Amb= zFeItuzFMz+ix8LU4N^SdwBcNUJL7~h{bJGIu1Djge?7}_%0R^FSL17ELR?Hny-PGjKWCjOXN+m&wM*6-FelN4LPRx#%bf+wd zfFV{iJ6~3?;I&g@p2VYvDJfm&8NJJVJ=@OHd=u$9P;ir-dK7D9k%*?I_1M@?Ur$PQ zy}4W=-QiR}IqmZ9i^75(&Ic!0Reg^(4raQB6WYd;eXQn|u%>sW?BGS8_ic6lu6FK0 z-PMq!jFULBo$`-}Qhw6Sb(N?doJI2pncf_3{_YJjEpXQc9>)P5X{nX-<>=Keb4IYh zFlQ~|L($o@Yx!>zvO_P|yq2hyo^wjU9WI-}GKU|x9@3pplb9@~`0E~?bY$xtKZk7p zQ{1W0V*SbCDW|2{P9CxbS-w@6@@3W^3C@h=vwNGOsNIKI+Z8Y23N+_-~FU1rQaLU}Dv*QQ!dY{0*MkwGV69621$Chg#@^=ad_)Y)}<_it)^NfH0 zV+1hJEJcUI{(V1#x+`zJ8E_=}yZy;$kAs1XjO<#9Yy4N=VF}2&27Z2t<;5n{ih{h7zbV8lu<*)MGQ1F!(k3ZMa32y4hyb-Di%lskxHcL zZoTLT_wfNblp#}6k(EV&frUkjJYQ=i=HU2|#uSnIZy&+Ib~$hHxSe#4X7VM!CCMZb b-+h3xNfbAIodg910{kRIWQ8lf>G=I0w*s%x literal 0 HcmV?d00001 diff --git a/docker-for-mac/space.md b/docker-for-mac/space.md new file mode 100644 index 0000000000..972a4ff270 --- /dev/null +++ b/docker-for-mac/space.md @@ -0,0 +1,88 @@ +--- +description: Disk space +keywords: mac, disk +title: Disk space in Docker for Mac +--- + +Docker for Mac stores Linux containers and images in a single large "disk image" file +in the Mac filesystem. This is different to Docker on Linux which usually stores containers +and images in the `/var/lib/docker` directory. + +## Where is the "disk image" file? + +To locate the "disk image" file, first click on the whale menu and then click on +"Preferences...". When the preferences window appears, click on the "Disk" icon +and then "Reveal in Finder": + +![Disk preferences](images/settings-disk.png) + +The preferences window also shows how much disk space the file is currently consuming. +In this example it is consuming only 2.4 GB out of a maximum of 64 GB. + +Note that other tools may display the space usage of the file incorrectly. + +## If the file is too big + +If the file is too big, you can +- move it to a bigger drive; +- delete unnecessary containers and images; or +- reduce the maximum size of the file. + +### To move the file to a bigger drive + +To move the file, open the "Preferences..." menu, click on the "Disk" icon and then click +on "Move disk image". Do not move the file directly in the finder or Docker for Mac will +lose track of it. + +### To delete unnecessary containers and images + +To check whether you have too many unnecessary containers and images, first list images +with: +```bash +$ docker image ls +``` +then list containers with: +```bash +$ docker container ls -a +``` + +If there are lots of unneeded objects, try the command +```bash +$ docker system prune +``` +This will remove all stopped containers, unused networks, dangling images and build cache. + +Note that it may take a few minutes before space becomes free on the host depending +on what format the "disk image" file is in: +- If the file is named `Docker.raw`: space on the host should be reclaimed within a few + seconds. +- If the file is named `Docker.qcow2`: space will be freed by a background process after + a few minutes. + +Note that space is only freed when images are deleted. Space is not freed automatically +when files are deleted inside running containers. To trigger a space reclamation at any +point, use the command: + +``` +$ docker run --privileged --pid=host justincormack/nsenter1 /sbin/fstrim /var/lib/docker +``` + +Note that many tools will report the maximum file size, not the actual file size. +To query the actual size of the file on the host from a terminal, use: +```bash +$ cd ~/Library/Containers/com.docker.docker/Data +$ cd vms/0 # or com.docker.driver.amd64-linux +$ ls -klsh Docker.raw +2333548 -rw-r--r--@ 1 akim staff 64G Dec 13 17:42 Docker.raw +``` +In this example the actual size of the disk is `2333548` KB, whereas the maximum size +of the disk is `64` GB. + +### To reduce the maximum size of the file + +To reduce the maximum size of the file, first click on the whale menu and then click on +"Preferences...". When the preferences window appears, click on the "Disk" icon. +The preferences window contains a slider which allows the maximum disk size to be set. +If the maximum size is reduced, the current file will be deleted and therefore all +containers and images will be lost. + From 9160c9b872f98aa5a237cf72cac4e3927465fe3d Mon Sep 17 00:00:00 2001 From: Guillaume Tardif Date: Mon, 9 Jul 2018 11:38:11 +0200 Subject: [PATCH 011/361] Update save/restore documentation with a specific section we can link to. Signed-off-by: Guillaume Tardif --- docker-for-mac/faqs.md | 28 +++++++++++++++++++--------- docker-for-windows/faqs.md | 28 +++++++++++++++++++--------- 2 files changed, 38 insertions(+), 18 deletions(-) diff --git a/docker-for-mac/faqs.md b/docker-for-mac/faqs.md index cb8f94edcd..e53342ad04 100644 --- a/docker-for-mac/faqs.md +++ b/docker-for-mac/faqs.md @@ -57,19 +57,29 @@ to save images and export the containers you need, then uninstall the current version before installing another. The workflow is described in more detail below.
-Do the following each time: +#### How to save / restore images -1. Use `docker save` to save any images you want to keep. (See - [save](/engine/reference/commandline/save) in the Docker Engine command - line reference.) +The following procedure can be used to save/restore images and container data, +for example if you want to switch between Edge and Stable, or reset your VM +disk: -2. Use `docker export` to export containers you want to keep. (See - [export](/engine/reference/commandline/export) in the Docker Engine - command line reference.) +1. Use `docker save -o images.tar image1 [image2 ...]` to save any images you + want to keep. (See [save](/engine/reference/commandline/save) in the Docker + Engine command line reference.) -3. Uninstall the current app (whether Stable or Edge). +2. Use `docker export -o myContainner1.tar container1` to export containers you + want to keep. (See [export](/engine/reference/commandline/export) in the + Docker Engine command line reference.) -4. Install a different version of the app (Stable or Edge). +3. Uninstall the current app & Install a different version of the app (Stable + or Edge), or reset your VM disk. + +5. Use `docker load -i images.tar` to reload previously saved images. (See + [load](/engine/reference/commandline/load) in the Docker Engine + +§. Use `docker import -i myContainer1.tar` to create a filesystem image + corresponding to previously exported containers. (See + [import](/engine/reference/commandline/import) in the Docker Engine ### What is Docker.app? diff --git a/docker-for-windows/faqs.md b/docker-for-windows/faqs.md index fa0564c111..1ac93d20e0 100644 --- a/docker-for-windows/faqs.md +++ b/docker-for-windows/faqs.md @@ -54,19 +54,29 @@ to save images and export the containers you need, then uninstall the current version before installing another. The workflow is described in more detail below.
-Do the following each time: +#### How to save / restore images -1. Use `docker save` to save any images you want to keep. (See - [save](/engine/reference/commandline/save) in the Docker Engine command - line reference.) +The following procedure can be used to save/restore images and container data, +for example if you want to switch between Edge and Stable, or reset your VM +disk: -2. Use `docker export` to export containers you want to keep. (See - [export](/engine/reference/commandline/export) in the Docker Engine command - line reference.) +1. Use `docker save -o images.tar image1 [image2 ...]` to save any images you + want to keep. (See [save](/engine/reference/commandline/save) in the Docker + Engine command line reference.) -3. Uninstall the current app (whether Stable or Edge). +2. Use `docker export -o myContainner1.tar container1` to export containers you + want to keep. (See [export](/engine/reference/commandline/export) in the + Docker Engine command line reference.) -4. Install a different version of the app (Stable or Edge). +3. Uninstall the current app & Install a different version of the app (Stable + or Edge), or reset your VM disk. + +5. Use `docker load -i images.tar` to reload previously saved images. (See + [load](/engine/reference/commandline/load) in the Docker Engine + +§. Use `docker import -i myContainer1.tar` to create a filesystem image + corresponding to previously exported containers. (See + [import](/engine/reference/commandline/import) in the Docker Engine ### Feeback From b68b6400455693503e78c7deda48308b116b95ee Mon Sep 17 00:00:00 2001 From: Guillaume Tardif Date: Tue, 10 Jul 2018 14:18:23 +0200 Subject: [PATCH 012/361] Added link to docker volumes backup/restore doc. Fixed typo Signed-off-by: Guillaume Tardif --- docker-for-mac/faqs.md | 8 ++++++-- docker-for-windows/faqs.md | 7 +++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/docker-for-mac/faqs.md b/docker-for-mac/faqs.md index e53342ad04..d45dff3e97 100644 --- a/docker-for-mac/faqs.md +++ b/docker-for-mac/faqs.md @@ -57,7 +57,7 @@ to save images and export the containers you need, then uninstall the current version before installing another. The workflow is described in more detail below.
-#### How to save / restore images +#### How to save and restore data The following procedure can be used to save/restore images and container data, for example if you want to switch between Edge and Stable, or reset your VM @@ -77,10 +77,14 @@ disk: 5. Use `docker load -i images.tar` to reload previously saved images. (See [load](/engine/reference/commandline/load) in the Docker Engine -§. Use `docker import -i myContainer1.tar` to create a filesystem image +6. Use `docker import -i myContainer1.tar` to create a filesystem image corresponding to previously exported containers. (See [import](/engine/reference/commandline/import) in the Docker Engine +[This +procedure](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes) +explains how to backup / restore data volumes. + ### What is Docker.app? `Docker.app` is Docker for Mac, a bundle of Docker client, and Docker Engine. diff --git a/docker-for-windows/faqs.md b/docker-for-windows/faqs.md index 1ac93d20e0..2d5fb0968a 100644 --- a/docker-for-windows/faqs.md +++ b/docker-for-windows/faqs.md @@ -54,7 +54,7 @@ to save images and export the containers you need, then uninstall the current version before installing another. The workflow is described in more detail below.
-#### How to save / restore images +#### How to save and restore data The following procedure can be used to save/restore images and container data, for example if you want to switch between Edge and Stable, or reset your VM @@ -74,10 +74,13 @@ disk: 5. Use `docker load -i images.tar` to reload previously saved images. (See [load](/engine/reference/commandline/load) in the Docker Engine -§. Use `docker import -i myContainer1.tar` to create a filesystem image +6. Use `docker import -i myContainer1.tar` to create a filesystem image corresponding to previously exported containers. (See [import](/engine/reference/commandline/import) in the Docker Engine +[This +procedure](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes) +explains how to backup / restore data volumes. ### Feeback #### What kind of feedback are we looking for? From 8bfa9d5c6b1f3109ade8470d5ccd670d249e723b Mon Sep 17 00:00:00 2001 From: Randy Fay Date: Fri, 20 Jul 2018 07:40:37 -0600 Subject: [PATCH 013/361] Troubleshoot.md has incorrect command, missing "/usr/bin/log" before "show" --- docker-for-mac/troubleshoot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-for-mac/troubleshoot.md b/docker-for-mac/troubleshoot.md index b1e21d7b05..b7993e7057 100644 --- a/docker-for-mac/troubleshoot.md +++ b/docker-for-mac/troubleshoot.md @@ -121,7 +121,7 @@ $ /usr/bin/log stream --style syslog --level=debug --color=always --predicate "$ Alternatively, to collect the last day of logs (`1d`) in a file, run: ``` -$ show --debug --info --style syslog --last 1d --predicate "$pred" >/tmp/logs.txt +$ /usr/bin/log show --debug --info --style syslog --last 1d --predicate "$pred" >/tmp/logs.txt ``` #### In the Console app From 2cb3fadb3bcfc2fa072bdcebf2fbfbfc6aeaf81e Mon Sep 17 00:00:00 2001 From: Derrick Miller Date: Thu, 26 Jul 2018 09:49:07 -0400 Subject: [PATCH 014/361] Update suse.md In the **Install using the repository** section, the GPG implied location was identified as `/sles/12.3//stable-/sles/gpg` which does not exist. The correct location is `/sles/gpg`. I introduce a second variable here called `DOCKER_EE_BASE_URL` which will be used to distinguish between the root level of the directory and aid in correctly locating the gpg key for the `rpm --import` command. --- install/linux/docker-ee/suse.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/install/linux/docker-ee/suse.md b/install/linux/docker-ee/suse.md index b79ce16475..012b631763 100644 --- a/install/linux/docker-ee/suse.md +++ b/install/linux/docker-ee/suse.md @@ -172,12 +172,13 @@ Engine, UCP, and DTR). #### Set up the repository -1. Temporarily add a `$DOCKER_EE_URL` variable into your environment. This +1. Temporarily add the `$DOCKER_EE_BASE_URL` and `$DOCKER_EE_URL` variables into your environment. This only persists until you log out of the session. Replace `` - with the URL you noted down in the [prerequisites](#prerequisites). + listed below with the URL you noted down in the [prerequisites](#prerequisites). ```bash - $ DOCKER_EE_URL="/sles/12.3//stable-" + $ DOCKER_EE_BASE_URL="" + $ DOCKER_EE_URL="${DOCKER_EE_BASE_URL}/sles/12.3//stable-" ``` Where: @@ -188,6 +189,7 @@ Engine, UCP, and DTR). As an example your command should look like: ```bash + DOCKER_EE_BASE_URL="https://storebits.docker.com/ee/sles/sub-555-55-555" DOCKER_EE_URL="https://storebits.docker.com/ee/sles/sub-555-55-555/sles/12.3/x86_64/stable-17.06" ``` @@ -203,7 +205,7 @@ Engine, UCP, and DTR). because of the variable you set earlier. ```bash - $ sudo rpm --import "${DOCKER_EE_URL}/sles/gpg" + $ sudo rpm --import "${DOCKER_EE_BASE_URL}/sles/gpg" ``` #### Install Docker EE From ca9775e4aa78d2189b29aae6a2df162d444c425f Mon Sep 17 00:00:00 2001 From: Trapier Marshall Date: Thu, 23 Aug 2018 17:41:54 -0400 Subject: [PATCH 015/361] interlock: augment proxy constraint procedure differentiate between running proxy constraints and core config --- ee/ucp/interlock/deploy/production.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/ee/ucp/interlock/deploy/production.md b/ee/ucp/interlock/deploy/production.md index fb17de7a92..228701b1ae 100644 --- a/ee/ucp/interlock/deploy/production.md +++ b/ee/ucp/interlock/deploy/production.md @@ -52,10 +52,19 @@ The command should print "loadbalancer". ## Configure the ucp-interlock service -Now that your nodes are labelled, you need to update the `ucp-interlock` +Now that your nodes are labelled, you need to update the `ucp-interlock-proxy` service configuration to deploy the proxy service with the correct constraints. -Add another constraint to the `ProxyConstraints` array: +Add a constraint to the `ucp-interlock-proxy` service to update the running service: + +```bash +docker service update \ + --constraint-add node.labels.nodetype==loadbalancer \ + ucp-interlock-proxy +``` + +Then add the constraint to the `ProxyConstraints` array in the `interlock-proxy` service +configuration so it takes effect if Interlock is restored from backup: ```toml [Extensions] @@ -65,16 +74,7 @@ Add another constraint to the `ProxyConstraints` array: [Learn how to configure ucp-interlock](configure.md). -> Known issue -> -> In UCP 3.0.0 the `ucp-interlock` service won't redeploy the proxy replicas -> when you update the configuration. As a workaround, -> [deploy a demo service](../usage/index.md). Once you do that, the proxy -services are redeployed and scheduled on the correct nodes. -{: .important} - -Once you reconfigure the `ucp-interlock` service, you can check if the proxy -service is running on the dedicated nodes: +Once reconfigured you can check if the proxy service is running on the dedicated nodes: ```bash docker service ps ucp-interlock-proxy From d9182d75db8ba73118f03cb5ac8139902ab8a6f0 Mon Sep 17 00:00:00 2001 From: DanHam Date: Sat, 14 Apr 2018 00:08:03 +0100 Subject: [PATCH 016/361] Fix a couple of typos --- storage/storagedriver/device-mapper-driver.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/storage/storagedriver/device-mapper-driver.md b/storage/storagedriver/device-mapper-driver.md index 9dd8d4117d..9c0178dad4 100644 --- a/storage/storagedriver/device-mapper-driver.md +++ b/storage/storagedriver/device-mapper-driver.md @@ -404,7 +404,7 @@ assumes that the Docker daemon is in the `stopped` state. Do not rely on LVM auto-extension alone. The volume group automatically extends, but the volume can still fill up. You can monitor free space on the volume using `lvs` or `lvs -a`. Consider using a monitoring -tool at the OS level, such a Nagios. +tool at the OS level, such as Nagios. To view the LVM logs, you can use `journalctl`: @@ -414,7 +414,7 @@ $ journalctl -fu dm-event.service If you run into repeated problems with thin pool, you can set the storage option `dm.min_free_space` to a value (representing a percentage) in -`/etc/docker.daemon.json`. For instance, setting it to `10` ensures +`/etc/docker/daemon.json`. For instance, setting it to `10` ensures that operations fail with a warning when the free space is at or near 10%. See the [storage driver options in the Engine daemon reference](/engine/reference/commandline/dockerd/#storage-driver-options){: target="_blank" class="_"}. From a2230dac455c2cfdd01ade2dfdd83092a131f8f5 Mon Sep 17 00:00:00 2001 From: DanHam Date: Sat, 14 Apr 2018 00:54:20 +0100 Subject: [PATCH 017/361] Expand on explanation of loop-lvm mode and use as test --- storage/storagedriver/device-mapper-driver.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/storage/storagedriver/device-mapper-driver.md b/storage/storagedriver/device-mapper-driver.md index 9c0178dad4..67998fa5f4 100644 --- a/storage/storagedriver/device-mapper-driver.md +++ b/storage/storagedriver/device-mapper-driver.md @@ -42,10 +42,18 @@ Before following these procedures, you must first meet all the ### Configure `loop-lvm` mode for testing -This configuration is only appropriate for testing. Loopback devices are slow -and resource-intensive, and they require you to create file on disk at specific sizes. -They can also introduce race conditions. They are available for testing because -the setup is easier. +This configuration is only appropriate for testing. The `loop-lvm` mode makes +use of a 'loopback' mechanism that allows files on the local disk to be +read from and written to as if they were an actual physical disk or block +device. +However, the addition of the loopback mechanism, and interaction with the OS +filesystem layer, means that IO operations can be slow and resource-intensive. +Use of loopback devices can also introduce race conditions. +However, setting up `loop-lvm` mode can help identify basic issues (such as +missing user space packages, kernel drivers etc) ahead of attempting the more +complex set up required to enable `direct-lvm` mode. `loop-lvm` mode should +therefore only be used to perform rudimentary testing prior to configuring +`direct-lvm`. For production systems, see [Configure direct-lvm mode for production](#configure-direct-lvm-mode-for-production). From d48551a4955127f89ec56c59cd144682ae343b15 Mon Sep 17 00:00:00 2001 From: DanHam Date: Sat, 14 Apr 2018 01:38:18 +0100 Subject: [PATCH 018/361] Fix step required to ensure the logical volume is being monitored --- storage/storagedriver/device-mapper-driver.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/storage/storagedriver/device-mapper-driver.md b/storage/storagedriver/device-mapper-driver.md index 67998fa5f4..7901ca724b 100644 --- a/storage/storagedriver/device-mapper-driver.md +++ b/storage/storagedriver/device-mapper-driver.md @@ -311,16 +311,28 @@ assumes that the Docker daemon is in the `stopped` state. Logical volume docker/thinpool changed. ``` -11. Enable monitoring for logical volumes on your host. Without this step, - automatic extension does not occur even in the presence of the LVM profile. +11. Ensure monitoring of the logical volume is enabled. ```bash $ sudo lvs -o+seg_monitor LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Monitor - thinpool docker twi-a-t--- 95.00g 0.00 0.01 monitored + thinpool docker twi-a-t--- 95.00g 0.00 0.01 not monitored ``` + If the output in the `Monitor` column reports, as above, that the volume is + `not monitored` then monitoring needs to be explicitly enabled. Without + this step, automatic extension of the logical volume will not occur, + regardless of any settings in the applied profile. + + ```bash + $ sudo lvchange --monitor y docker/thinpool + ``` + + Double check that monitoring is now enabled by running the + `sudo lvs -o+seg_monitor` command a second time. The `Monitor` column + should now report the logical volume is being `monitored`. + 12. If you have ever run Docker on this host before, or if `/var/lib/docker/` exists, move it out of the way so that Docker can use the new LVM pool to store the contents of image and containers. From 5e56e7cd57198ca086b6a7ca643383ba9d9b6502 Mon Sep 17 00:00:00 2001 From: DanHam Date: Sat, 14 Apr 2018 01:42:18 +0100 Subject: [PATCH 019/361] Run command as root user otherwise globs won't work --- storage/storagedriver/device-mapper-driver.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/storage/storagedriver/device-mapper-driver.md b/storage/storagedriver/device-mapper-driver.md index 7901ca724b..16dda2ea89 100644 --- a/storage/storagedriver/device-mapper-driver.md +++ b/storage/storagedriver/device-mapper-driver.md @@ -338,8 +338,10 @@ assumes that the Docker daemon is in the `stopped` state. store the contents of image and containers. ```bash - $ mkdir /var/lib/docker.bk - $ mv /var/lib/docker/* /var/lib/docker.bk + $ sudo su - + # mkdir /var/lib/docker.bk + # mv /var/lib/docker/* /var/lib/docker.bk + # exit ``` If any of the following steps fail and you need to restore, you can remove From ba6bed6f33da7d4004640850bec2c29f211a5a81 Mon Sep 17 00:00:00 2001 From: DanHam Date: Sat, 14 Apr 2018 01:45:19 +0100 Subject: [PATCH 020/361] Commands require sudo --- storage/storagedriver/device-mapper-driver.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/storage/storagedriver/device-mapper-driver.md b/storage/storagedriver/device-mapper-driver.md index 16dda2ea89..0f297b8268 100644 --- a/storage/storagedriver/device-mapper-driver.md +++ b/storage/storagedriver/device-mapper-driver.md @@ -416,7 +416,7 @@ assumes that the Docker daemon is in the `stopped` state. `/var/lib/docker.bk` directory which contains the previous configuration. ```bash - $ rm -rf /var/lib/docker.bk + $ sudo rm -rf /var/lib/docker.bk ``` ## Manage devicemapper @@ -431,7 +431,7 @@ tool at the OS level, such as Nagios. To view the LVM logs, you can use `journalctl`: ```bash -$ journalctl -fu dm-event.service +$ sudo journalctl -fu dm-event.service ``` If you run into repeated problems with thin pool, you can set the storage option From 4f22171ec10f66a5f26fb00a22222e29e3eddd19 Mon Sep 17 00:00:00 2001 From: DanHam Date: Sat, 14 Apr 2018 01:47:23 +0100 Subject: [PATCH 021/361] Fix formatting for bash commands --- storage/storagedriver/device-mapper-driver.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/storagedriver/device-mapper-driver.md b/storage/storagedriver/device-mapper-driver.md index 0f297b8268..031ddffa61 100644 --- a/storage/storagedriver/device-mapper-driver.md +++ b/storage/storagedriver/device-mapper-driver.md @@ -263,7 +263,7 @@ assumes that the Docker daemon is in the `stopped` state. 7. Convert the volumes to a thin pool and a storage location for metadata for the thin pool, using the `lvconvert` command. - ```none + ```bash $ sudo lvconvert -y \ --zero n \ -c 512K \ From 62065e5a8b8dd290070be3fa5e96365903320fb2 Mon Sep 17 00:00:00 2001 From: Sasidhar Vanga Date: Thu, 20 Sep 2018 22:54:18 -0700 Subject: [PATCH 022/361] Add setup instructions for oh-my-zsh --- compose/completion.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/compose/completion.md b/compose/completion.md index 9765cfd2bb..dedd03335d 100644 --- a/compose/completion.md +++ b/compose/completion.md @@ -52,6 +52,18 @@ completion. ### Zsh +#### With oh-my-zsh + +Add `docker` to the plugins list in `~/.zshrc`: + +```shell +plugins=( + docker +) +``` + +#### Without oh-my-zsh + Place the completion script in your `/path/to/zsh/completion` (typically `~/.zsh/completion/`): ```shell From d975264eda1d79ef35a3367915eb346ee1baf87c Mon Sep 17 00:00:00 2001 From: Trapier Marshall Date: Mon, 17 Sep 2018 13:09:47 -0400 Subject: [PATCH 023/361] interlock install: shrink screenshot ~100k -> ~50k --- ee/ucp/images/interlock-install-3.png | Bin 109899 -> 50757 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/ee/ucp/images/interlock-install-3.png b/ee/ucp/images/interlock-install-3.png index c7ea730e55c7f6ecd1008d735a6b8a2bd9beda65..1a8284f56a0489879b5d979ae448db14e0bdf030 100644 GIT binary patch literal 50757 zcmb@tbx@qa*CskZ2<{Ss2Z9Bc;O-JMxCYmt83u>oEVDRAX3^up~8=Qd* zvXkGpf84!wzpdJ>+g0yWy?wgR)2H9lPoI{F(b7=D!=}Ur004L@%JMn@00tBQK)=F7 zL*~2(A6x(cXaKEux(Wyc;_2z><_7-f&;H%r-P!s1#?C&njGCHSb#+Bk)6cQ7F+y5q z%$(z-yz=SkslmZPCOLgB0YS{HL(HT_%&$9`@$<^c%H7?anCY7bunWv@`gwu8$H$l{tC*>4GU2tjSUb8WMpI{Qg;f2oem8T zt*xzPWMqVfhUVtx78e(9ZEb05>r75g78DdfAdsb{rJbFfh=_=}xw%iDKDD;CiWEbw ztgPDF+k1Mt`}_MnJw5mL_h)8il9G}f933kvD$?@G{rvp+`T4J}Z!k0e%r7kb?(J=E z{&jeGsHLU#@#Dvs*x1t2QZzI)J3G6Ji_7Yo+P%HKj*gC$l$6xeR5v#_7Z;ar-@Zjf zMTLZfU|?X3j*Z&b*kopAre$Q9nVDHwSi~nJI5|6CU0suslA4&AU0z-q8yoNL?$p-S zo}8RiR8_64tknJZk)4xMR#pZI3j6*0x2C4%2S?ZOiOG?X5ef-*n(cfrBIxA#xOf9`B;ZQHhPqsK4Pv-6;5e}hJ@R5i6ZMWkg+T!`se zCue3YEUkX7!#OHXdq<~3V-kc*w=(mKPT==^k_t`W_TjOKtqVj=YqzDHy|AvWcXXNy z&`-z7mzkNlqN#(7@r}J3&^b8X%RiV`!y+g$)~oB#)zd3DIfu1qZ*&F{o?gJNY~ltA zP__0l{}g8SYoCaYrE}>|^tWQZ(gVKg)7IYMvIa0+?&h!Vf%>MFpY6Q@-zLbi_NMpF zf3KfXCq=*kfL?%#yo|2T^6^T2>~9{5Zja6EEvo^SOjEFrS_(FUY0?B7;Bk%qX0EVq zD$3*f^D`kLx{b)+cpxhn|nf%2!lCNYWYj#X{}D z#3-4w^W7LA9wdMsW&$O@a&=zp{N)7`j-t?t%_TW-l9`YAt8?wonv%IUYUkzXieuciu=@xHo?{pw=GucCU@)h(>s;my=zbeGtmGFHT+&AgoeH=f-3~y z5F4%RmsWwYAH5P5uU~!g0K+XYS>bb>!i7a;D+Z1PIcq~F0h;i>&woBxSyyw{o4I@P z+@lG)4zy(XfO3A5#f5(Ra1jt0xepte{oX4y>9IOJvQ2MoeDUdx63ju3@Y(d&zeO+@ z=8(jf<+VAulJu3%Xic!aD~Hh>O}$||5jkckee~lj0WjY{RC-Tsc&g|MJvz^mb-!>} zybOjahbDtm0r~~WCGWv^(5^d@9QqiC$l83d;Fk`+^`XF|6~e@m95k;3dxe>M9!SU# z%0DgXgR-vO-zAoUV*L|0#ks)EKp{4>k6UYkr=NA9HtwGzq?%$(rc$IUHwo`?Xh>&> z@oo73T274P=Cxo2%RO?u%paC0hoLHwpFWczd{8n6WsTo9jar^+0O5%V&c)Pf@J5)L zpTkYLjRUKM(cLnIc<9Hi#UCYyflw3siXN#Sz$2dfiXMminN42Fb4a8J_dU%6vB39v zQ=vF`bOgs5Rw(`7#C8~$Yk;c10L3k^%TX|3C)!(Z_^J`+Sb~>zD@mCpUJMiJe=M$R zYCCUe*Q$;-wDB_m-En+*e}=O;MR6ZNZB>#A&et;WL=*b>CLQfDQ9aXD^6jMWoSA!S z)G+ZgnJXG2=)vmm#(YnU8~ zgOj~uO#f~$sP!{*?S7XSADjZxKmwUlQ}Lu!Us)LWY8kUhm<6`mIot|2c!93b8%3W+ z!C|Mu_hI0qk9Z+AADo{BF@4Q+#0~IgyjIqo;)tVHBDg0mFNqv`Jq}4)Bj83qCzM9hiePJKEHt zL2&DnM?K^A=7U-~-m~BZvnd2vGown7aH(?F=$5R^6F{jbVaB;8;;CkWv@PhexL07* z%otz8Oh25}HJFEFn3@{mG+2z1q-Ho1^|0TxygOTF9|4|>K;4Yso!A<&#piNvDny_7 za%o4-r64yt{jPQveAF>@TrYEVq6Dpgm$=>goa{!*oVBQflrF!8i0Xa%Whz1JdQ2tE z>0|M?rUd|3pNLlO+8cvG3}a@>m^PV$i$R^YCneij`>h}w_Dq@wGiYGx z-K*JOA9ZG{1efCU%_RiJT5h}>eBg>hTeXHRSc?13 ze2cwn%~8nD$>PszJSG_& zAV&?Ko4w0){o4OtjUQ4yjs;YF+OOKgx;Cx8-}kOMlrtn$;x9yveS;f46ZIXhIVS!fm{6M2#kcuBWoYD+cKZ-HR1K8MUWk@~!`_NIGx0kx(Gg922b<0w8y0eG~7J z??6I;a!R{E*7ukldZ%hTYn)iI0trk5F6|#oU*Y?@QGqD*evTK*G&jeAy}0O+4)s^H zqgNms>yQ{iEtm2_CHDQ;a~ATjm)W^ECz|1?5CXHcQ;^tk-s~(}A#5Ssm5X1T7JJ-y z9FkadRTuw$pJg)QZA?5=064{7=U+CNWW;~AR=sW!*!g(8`*+m-h)(~s&Mjc2pnRT% z-8r(!8%QS;58#e=NZ`-BMCXXMUX&Fu-x5dhDzEo8(Bp9<*-rdMd2Xsnj}Iv}>AA3c zFiLgFD8T^=9YuXG_xBMNkNYhqBKztQBwMIOdMksD^J?OR`@<5;qe8#cd4I*(4=qsN z+(ETurqZWTmM@1v%uRetx z;+AFJna2ho^+_zC0c$mWtlBe{7fR)3jj79C6IncV6}R)y;^G%#)oo@X&-n8D!0(T$ z?lbSAwleSLflk{iBclEO4+rnt!2Ho=0O=%QHrL(Q7Pe0;aTL_hn^wd*_S#Q?rd~HE z3qZK4<)FIEe-*+P=Mre%qr!q&N~nG@2@Nw8M-dm=iZ%pQ8%mQV7vWcm>&pnH=zH&VbxZ9^ zbz*I9*P(1_b5Imn94%o^ugP_B6w%kdKN=|awJ&}SVepq3rDq)`M@qf z5o?hF(l)qyyo_9vFji57ZjCzB-V@DxF|%f@;o&@(USeu~>tO)PQ;7=6SDiYiKZGhw zN~yCRM61qP+w7iJ^US`IiRNzYkU1UhYzcQc^YYqu`UhpzAzrE{{$$-t)L?(tR(eUP zE-BYfmIX+kHZ1#!mTRWRQbWB9?DA^sUqQ?vKuKzmH$V&7F;v{bDb5>`@ z#c>(9^ngQ0uAUb&;^(0;DDRtrZW8`m#hEZyB{70N&d=UuwMj3=N+C=-mO_QgBcxwgc(sVv!;u7|D0`qUn3qFTfKdBNiE+~7%F32=m7#8c8_P@c*2uD%Ae!$jsE0z|b?B11qDZ-WDkIouqJ{j+&SDg(?whq-^n646YkC6ESrpOZb zOcIm#oeTmsixw@21jF-x(FQQUMxA+%=Ou@kHT!rkpl8{_t+9N5#R9icV2flcXKk+U z5bl76A5ic%%|TaO)%?SAY&-}Jj;VSxk&_U8I7ET>&nLf**(Ddx{xWk=enFLN<_*gh zDY>hAM!Y2s`7_UR4Z>%ql1liB#_)J^tYm(VyVTH-DpDnma@UT9MC%!A+$Y z{U1}QBt)q%B*lmi`FWqHZ1v0rj-T;n#pts7>OqNxHQsV7t~Szr%bF7~EF5=y&qL8y zb$HAvihl1i4t>n^VUn<}ZI3qefQC^Xam}Sw-~S*vIczIzQ9E`0MZ&qFy)e@3?rdwh z3M@GfH1mzGGM7hZHIjwhx>X@aW!bYAB;uy@(!th1qRg{Ft22W`81W~dy4W;+)k65k z$uFBj950cy;!z|{1c~M`@LqI`Eh0e4vtlJE-+W;olJq8<1q2I_F@e5&-OM3%Dyc~& zax}5JpbLKt|5?b!SC{uW0S0~gc}JRQ2w!mm)7P?)vofAbyMd^n zXOfo+;qe^{8g5;%c+VTNIp9Yf5QOqjfBtYyN-A~nq8!qpSvR}iq?w|fKl2rS4#8XY zu*txcA?%~j_HNizf9E)ucvitb2-v83k+~|fk?op;=FhFZ{PmmMhp)E3C?qYpP0lqM z_s920+8EMRO0lVzzVQ1oH6ELz^sB}o16YDQI{u5ThwUoRMw>nN>AeeTb;@>2c00-G zg(!|~C%Kb98sS8THf;K+e=V=^&N`0jFwY{@egvIjPBJ2ndV}f^DCCJfSq_dO6n$RU z)$9^H4q!TFd(eVPZFC{lHl8BlD-q#vfF#~QGue5U#*rcj)c_($geZi01qGX})lNi8 zEgS^uwQzoh=JgoynN;`-qaYUr(H@0!5-GWvnlu=ITRZsW?p(YtpEqg9D1_ZE^-{}E zau*eF3}0llBVU|tKG`$c@U7SNu;@SqEN-gM7)fH~v_=+Gz%sJk!&}5ry|2%Y{3p8` z{5A8}yRPe{0D_Wp(9Q{L-9BT?Cdk=V>&kjmZ_z^bTcTG1?S9IVn8tUvbZ&}*^cf#E&afRmgUNQBl6fy z6%mmgGoSK1g{3mN!Wl-@;@;M==|~cbdkGI3vLEc;4VM&LDRT8TXvsmBpn}39Xtp~? zhq+21{rn+EgK9~wquNDvd!c&)K_&(jU(`3aO3TVK!?$VRQN9je&c_cpmQWm%8h^=% z*FrubBevl&bmWnT$Z1mZH`eA5*utMN|GUp3hAmk4g%pv2;Q1kN&_&V$T3-WR@oorf zu)#Iyo|Flt$FzF4fzK|trFt{lI?L}pTV(4L%S|qO@Tpv@4>60`w50oY=3wgM{_ycu zwNMrzN0e$m*0ww&g=lW-TK=y&{P8Whrny|9-_w#(OF}cLlV@Mi!~cwnu5L)jzi`n~ z2zo<3kFgs zdP?K{+A70E(5OLPM1009dg05kvF-<&86}QEmWCx`fdLJVoQ-ZeFX~az?_odJI3!gG zg#*eX!3Yp!)4?MLp5pQJbr?uza19OOQ;Vd>+>&Ad8oqj)t*$(r!CH3~x2810jvl`L z^noNs{wa_XXn`qLo&}!|l+%AYX-NV>EqyHAGjQ#vV4_OijjxasElEpnS6l|N>n3G@ z1Z%-dLK~w9jI(vYHDLZq3nl{$)9qv{_t-%W$;-@-8qoAR-ouN0k9EYyr~Ap^GO;xv zT^5rUwBTj)pc2==Rq}w`v1WBdC1tvP`2w`bgkY07F!&a$?%UJt&TMaR*NL?S=wXB7 zC8OI8E@i(DMunJ6fbD6bHdSOH0GDcQ$0l0wBdwUI8ml+v=K&wC%o8R#Zu-ys6w5eQ z6aAb_ABwQUa0vFFxX#u7#9;hMUeT~KST=pW3C=#AmMv(90qu4MI&Qf4=jHcv=uQCz z@|Nr@{9fstHiXq}msx6X?uD;vEU_KFEJC#bk3%fRUO)^0C#AKN7z@9rt*ttv)E9Tv zf{{PndScD_Lqs5embLxy@tApM#G$!Gg7izTk_o^MYW0--<9H3<>7lyU!oSgNBW08T zfFfC-#WgDMZ#n=#NLG$`1;w6QD#btn&@*ent=YB8C6HUlyznFQ@6}Y=74M9;umRCv z6S&#Hyjg{y^)eBF@T-gB0?Vl{(7@>^@Tn68u;Hd6x@WRgyYT+#JpjN!i~<0R%0f{9 zhLnf+0E^?59@R8$(rynorAv+OGxo1C9UyJU>b+fx~*ZKnoTaAmp=P6IW|&A&dzP z&@IibQd=$t00b&QX^?6OQ4V1R$Re0pAPgjwd zFUU-@>%E?RXaP^rUuCg-H+oj3;{Viy0w`D%KkQ6>vXeAAkM=kBeJZUKo3S;~Lp$tr zIEguEk#Mx21OQ@dUPGKM=40w!t+&{dVeRidH2APq9YzZOOa>d&YgX7wG*X@#lvyX&ip zPb;$pV7ivJTYK;2e@dR3VIl(^sqpEei${%X9q@^xA(U?Uv~;w+iSaoggaI+W2HkEX z3iqIZp9vPLTVB!9W8uASp=T)Q>@~-o+6<1h$61+}ViI79K zc?f&Ga%GuoKN_X^2ON2%2BCP z#)&0ip)G1>aE>0xz}9xc7*TlRH28SsJNyq~_~U%d$YMaLLsccTa#dSXmr30wat?k% z=T$@bz7Y^IMP?4CrcF8bS1hetHhBR_aI%<@w=>+`y})tSoNONVQd>g-e9l&emUtMi zQhA)8`QDT0b)*TT3|}o9uONLj+?fyfwPD@YB8}Il>-6yf#^^z(2b9xMU|uO~x~WGJ zks-Rzid?x%FC#gkkTU8ICcjtU=s8>hcaHxS)|Gwr=ji}J++m~wdEHH*^3*XbV zPldSWAz}h)O?grC;c7bzU&bOkj3L3AX6|8`a2?#1XWaJhL+BQo z0BakXzH?eT4yd1#fUfjUW&65dwPaiP08E2N6CiPEN!S|ji)qKl$&p}rq%T!uTWq}f0z^h!w&`jlL=J+i!T08UlGYQzDOz}&0havnqCO=$Zbahlr9EH zWc+)pYN)|Pg3o7}rT=@q?J=hzK>>sS2xq1rBTmjSm;it_H0f+8O2GgOIT3&W<@I8K zxkVa)(=k5atv5ypB~m<24VdD?0W|)E%9g8j+Cb(M^KXT-!1ku3A& z!}Ff)mXa>Fi@2Dks67X^fl239i?>hsZ%#)o{1p?&;5S*K3%SwJuG+qOW^SiZ*3g*f zKhM+6PR~zZ)nY_MP-@BX$mr;Dd&zT^MtOPphl>ODE`@(N7Hj8JA7Y}T{q|skRE_Pv zfl+Ig$jZ@wBY`Y`+u9$3CMU^=9yF`Prq_Szs0I%DwiOs|@VP;G%{NS_t6d1EIjx{E z=H2Rzgk@Z{{*^3o9&7X~dww(J-x8)$>h}EsL{Nr>+&}06B{lAcTVTy=8}y04nN?x= zK9NTnTG=gJ@ws_}DF3q%YRT@p$JQ2j#W`KmW1`r}<6C|Y}5b30;>U+ zi|xHj)uEGKr|yYl!{>;r6Nk?DOVr74O-HnEfrE>?7&(6w&wDlJGD*eP#Jy~wa}RaO zdJSJ<;_OLv;C6|a@}DjZK}8eC@^D>^9D=Fa8-cMLkslRDd6BOGlf#kxFBpJ)_NPTw zQI;(sf^UM23*FXSOx~1alvU;bT{^QwVVoneExaMWC1+0`60XUh4hq?e*pxUkbKBs! zPYgpGaIA>TYT?rV#&{4D_oXj#9t4vBZ(g(X42qu1Q46;cJ5Saf(X#F)VCxw}Ej#r} z#zNh%-7(V8lj@Un9j%MiHQFZ6s93a1tN`Qex*w$$++MCY4Lf0fEct46*GjC?(Jm&X zjfc_AQEtE2=1RY;@?FC}@PHQQSCSWxr*^$?X*8;@ zRG_tC$G<_d%~_CeE%gui0rC6h#@JBKlw1*p7ySoZ50f`bNYe=d%8N%N*Z&&7*DDII zXv-LUbT`4*{dobpFuuSOu563epK#|46EPm(3*?m@)#@T1n|V+TTJB!^s(tLdCbXV( zbzv*ss}1e<-nL1pe!|bHQ_92(k1+~kH`#m#*T`X|&1M06SBq&I5D&-zWf0h8SYG1K zH)@j(^OPS4BW6O;Lxz8G!91XGZai(fa*YyiIM;FM50@5592)+X2Rhsg9^u7&poRoG zptO8VP#q6n>2=%A(u*MU#%2I}{?lthW9X3WCq;p_blUW4PYDQrC0imPE1t3J>`e9HZ&eAd`(kvKEW_Y?xk`lEQa@nwG~-9oWl`+QWz6$d z(AqYfbNwV@oZs(DE7hSUDw8F@2TMN_`+5^h&zWT9nzS^+q{aub=YyoEnGL@QyckrGKI-Ff;r1L#>fmZCjG+hf?Q;jL*c=)ZK;z zsAW2T&M{1l;iOE>=D|gC*gOrBRYpxVJ_HQlAf#zR-bGa3(#O_(5k9T)*%b5S4XZzP~RtN^}i4(wK|c;f+qH z5h;9_l01FXJWMPY`<0&m?tBK^3$Zkq_S-J{$Q7vRLU^5QOLz77B>b<&Y|s@#*LdkK z+b`q^9!kh>(-{b{U{ckI4m@}4?EqG*SbkDNVbI@;%FlU7TSS+BbwQx9Hd2t)3;m9) z$}U6r9n{i>d^2Z___QhiGvhwq0HOV1Erf0}&8QzBFLAXyzn}E>iW&(OQQ^Wl`xGEc zHh+x)a6A(_qTN3avP8S#<73Yn`oRBLS;(sZ43tO)n%ITqcm|Zha3m-+BqmM1f%1Ne zgqyLZhmZ7=&}h=?D{p#|x|Da@aD(m~E!wA%mD_;1ZxoGHK|`s(ToW#I!fM&k!(aD6V> z(O{^d<1~BDP5>}C|Kr8Ioe60>Fb)1V8>Rma<2BvXeG{LcunyeFYVFHw$MXyLmbDO_ zI-$|Q4;Y;9`37#^XD@$~mEE-{PNZ+~pX+au+8b11q;3#L9agDm)usP36IjaCKqXMB zPLF-Oom$n)$)6!#6TmIIp@v3}DDpY%=Y=E+6tvd*7U7H^LA%M30|b4(%R)tR3gk0w zP#KzX?AslIOL;p(?EkZ~7fhlzqhIkXg6u`hdxiM#+dBn7d2>HTe(DiMj(@^rtiRj= zj$G-nKCcVju+~LiwguAoBmr3%#OBg;vI&=yk_?m9rFBtCVN5W?K82*NF_IL#+O&*` z{R+MX`pQr<=qPyWU`3*F&=u_$vXkB%c-3NiU>2zgSNjKJ7IR9SvqJDgGJJlZA8F`n zZyx#8xA?6rdkHg&TD=a_-+cbD^^%JUYPKjg18>j3wZ!{3p;ubIeoFX!-sCXJ)rfc@ zacr0-ALktr9sP&2*1{{f>P{bhx-$0_@_Nm`!b7svVh`4J_{hZ^0Py_IWPO`G2GD|x z&Q_6Om@6_m6GBF3RBdS8$T({Q8N9h8gSY=)Oz01M_Y8S=MVj^fgIaBp6c38@e;=Ry zC+Pb>5HFzsIFXIXLN4F`*Cg)mPXC{rou_5Y%K!WHo0b~$KYH%E1VjJt)l~k#z(D<{ zNBXfYq2PbjgN?XuNL3_NM7e*)JNO-^ZC1Ufg{TRoG)&I~N5+{9EuoaGUXhahjdsey zUkoaxaxjUXuYJFVA$H%1&vBBlS~g=C`vV zqCnny+>$h%r(8?MKT8RnREjvlUw%iK5UN5j=j~!Y1>1AG7NlA|AJ0xbdyo>SvZ@s%OKklyEXGCwRTw6$~Z2Me{5c% zNwxWnfrR#k%Bx~hDi#^fq6k-}u%l0uP5;q>9^Waut|FE|Ot{Sbt zj!Iek6;x)UXFrA+1-YK--%zB0baD;>}}*Q z?PGjnHD=!idw2O&%AALFcpW%0VxhVZd+2iR61uj16;2LA33K>Lh;J(c`T3eR{uFnwMnVfBe@U!#%;Lrk<+p2&l*yf_)~hP`o!1|@3wYvs4Z zYd{As(}{+*9btoeru-JzA`RblYLA@sl*nTQ_;POWbIYIE035(G6C74n=YQRs7-kizw)WL83VYUB6D8cpr889U*l6>a_bV zGCKIPVsQoSB;^V>AANKgO7pf__0lL74^TxKK0p`zrPt5*jRwbZBdV*NN;VdE z8=X8KX@OEY^BP^xCFxu5_G2!!m%JM-CwZ=`*L2KmF9A8)8_6w3V@)Wv!z(b8R}_yC zlnoy)7F#!y*5fPz>*P?>bmD|n4U4W`SlnF8;u(uM)je!jdr1pZ^aa}BMN!f#nW)RR zABYOyOBYY;#zhdAjTISniK||wo`GHsetTtRIRD3kt7VL#NLx+GRFc`BieyCRqvXc3 zw2lcq1>Y#+!V7PZQbNph-xtf=LvF2M3nMp$(h<5ajLsrMC->bk`wQjd1^F>Ut;AO| zorsl=eB;Zx!^QxkGz;}G>3D`c@sl8h8p7-I>=hUlD+^@O;g*Nt{o1Ftn=yV$ILGH< z5&_?5gc;3izSCj;`=6|&Fln`0p9@f`r=Q{Rk{cq<>;m)ZQKlS%@E_ArJ^83S=l|wF z2HPTAdvB(9NR;zv5~@9H)kfRVWTZtr^p?0~Yrfi^z-X>puN}XggQs8XsC^$=<(p@2 z(SE74>fOAAh21sW;eWCk4FBcNTQ117U?>y21$awpvZc{-T+8*8A%FA>;hfi%(NZ}5 zSvfNRx5S%(d@l0dk0>BblEuthDsHAG2TcX@`j==zX{@;I@d+wnVLdvsf#ho1Xffgk zftm8|07$f(ip2J+K_)$6>PkH-c3Kohj`t*5eQCx-*~ki%-${*@O=PFx9_Od*P2cSunR4U!?Kr|I>1*4MA2Bk1FzDFz z*utMJ1B0`6%KBn^<-S4(%}%GF+t)z}itm|%thMPJ1fEc6H5swL{vE0reZ^Hn`Z6N+ zXywDjJvCM{R4muKOJ8lhW%R^g0k)>i#+lcP7FK!;I73krPH#Kxj#CtHy!zpPF3x=X z&ZX!ljOeYs+A(cKH_SwuWAxEXYcrtIe}PaiL+dopfB6A3y80`$`A4{R3g7N8|GHZ? zZFzaSz_$ckZB!1PyBG>zG-ezG^cY4Kx_f$;&8CgZ&D@)B4tpgy=@)CRwb@|1&p)OT59H*J276TRx!POlx}M)t{nGD2?>C~*s=niDTuU1DKM?f!nm;y>qc?k zyzdQZ;Cp%&jT}Zae*8l!E5Q*O&%d?TL8FwXgS32Baye=e|KcgxN^bu0PkAmeK#EBm z5Y~a@DdGkfKMI#UL#Q16a|&yybT|do4$IG4gYDAIqpjaC7ARhPhuDL%cfOQh;97J4 z;-^yv>r;ddFrG6^@jcPVxV?ktyAsdJty02ljbt29W@GD!oYfL@nXx)nbUm>xhq)~r9RO&mFg z9_2q=txI+5M?meHOY><%)+aS9oGD9rd)VR@#s}G^1XuC^38loptc!b{I-?n_ER0_{ zbDC>rAEsO%LS{lqUPuigUAn&$Y|W;w;KEPk`u6SRDJ7J|SKAQH^c zF9I8q4MC9P)8y-}QxwjdtPrD|h$bi{Zd;>Vqc< zaBV5V;=O4M&kH(?e+?%}SVXX>8#s76Ln1i+tIx^vDo##6TdtQ;Kbo{z*rO}aYR8az zE>pi>diR~>yv5`GZ)FY?)F=0exLJP^x3#1rWiVi--dtB~R-=Nm_1&p5brs8pSd}QVI4pXr-e;nr1B~KCd`H zkZZv0?CZ_1ngE?8vs%FblnH}1TO^0P&C}o?(El3P-D<;sb)HgUd`L0=CUm^I_w7>M z3vV}!6~;x@lbpP`09@jnUZySquXq0X8eo#nTKdb`WU^k7^Hb&+|q$ zd-$^m2Y_4K3R$eTlR_@0r>HT>v)CIDqFDhP z_V6f$%AxleW+tag;m08bjAfDJK(b|;Wz%BxeMXOt^hF7mMenG;aU;k0?5ca2c;|Ax zy|B5FSrx?A3)3mh1qXq7+vamJ>tjy!^{*7!&(6>n>E$Ut-ip|uNV$`5g+)Qe!Z4?HHjg;@6s9 zDz9hioM68Y=2@sRB5l3AZ*sZzl3N_FKS$J6bhB@bp6M?=6zY|AC8jkag2F!I@2Lur z2UPUI&W_fPq3deKmehmi1f@CLpR_?RyF#EEd-rA^FsyP)==iOX$+PD9lJn%L@62X7T??Arx z?lFk1U)Ro^I(Wae-ZdD3w=LlGsCBvRk~ebn1r5%ZnnUGYSnI}<`i@{bAK!j^m?Db| zv7Oy8*b-VJea zR9R(hMKN(}o5e5VW?LE#cvXu5yPTj>xCN;@O_6S=(()1<8JI8m@i&A!_46fD$tAYN ze_zN;s=^4#9vDct0K>m2jx?Z?ADf_KMGfEeRh=Hp-*g?L5nccMW;npWKzwIIP+SwW zl1{=~xTA0tL1q@INQ}ggSfAD{E9r3Z-QgH}$tzD94~ye#{Hibx@~`E{Qe_5Dqhjds3flV5ZpZ)GkIRqk zu)4z%e=0!t@?s~~p(~Vby`MW^%x`*8bi6g{&m=AZz}ZqOe@E8ehm_rajE^#ZiR*dp zux*Yl8KC>AZE=#rq^{%OOfugp^K#mpV{R!{G2LL=XTq`igZ&&9VB>VPv4LaF3g+HU zHTv#CA}FB2OQ=vi%!7I`c%WR0M|U#Rq*-pIrZ{(H`Cu-gauykVHnUaL3D=7@ZywFv zJvSHg{>EKU#B;?E>ywSV01xV5rG0k(#^-FOC(d!k`(p;!PDAVBY4wr7cP8g=#Oobg zT^IQUo^U{=tP~0Q-H|`^1p`k<5xl}J0HO<;T`pSPk;A@qYlEiyo9=QLO zJ67?2Go9wuKNzb{*^YO=RXcc;&8l%Cjqx{EpMM$V=L8DOqfsqlvHGXpm2gTYQ+?2) zvKl*(!tQPk0HuMYO(?sYB(wge%-+9g?r{CUj%$*nl*(~o+L(|OFn9I7k*4;INI0SERaVr8>5(iV3h}jRZKNYcYkxJuR=C`sF6;+? z-v?i4?~dX(*Ls3(-k)#rHu-em=mHOO*5{unWicTK`#c<|$6_wAsl|3ss@yq=5#bSq zM3|G9H;;7I>-AYFT!fwuWUz zlO2={186X2rof2TD`0fAHlpJMTdbG)Qq@bywe=k)#7)-TYpSchV$Z+g?|r~b-d&-_ z{_xqKU0~vrAL;x zrO-&U_j&Df7G*4X?c;l8Y?!Z1OXJ!@JUim8Be%gOn(q0)><nU6 zo8)9iYXYwC;V)84mxF)8Mr?YhPTIP@!;+kxxyAkATCS@As^L**1a5ESa+X+$dz>oJ&G?r~fH%~Q z@if2M{~+C5K?O?JVko&i@t!!lCobarOu0O6c4thqM>mJ@IK$x(DfC zm%>9$a?a~-I}L)eE$W&itx8P+Nh zazf~O9@im;OM%L{auI5lxS62+tgi7ok@VDU#w2*JA#G6%ih>_(m0&M;4a(Cf$ z?50k6OBZ(cF5o&S80sd>>d1?8!!!wA;kjCFV6c+^UZ~+x^qFtklqRFLM0=+?aWjje zA+6vPedgP?F~}^jVNHHOBLk4&^|3&fgFSL=5Sz8%s=j*hk!8*6ND`O#P37x3%bfu# zX1*rHZ(vD{RBvb-qykasIHROPx*OcEozrEzhI)QZ*>sx`yQ}`fgbsv1_wZNzsr?~t zB0N|huGZGixG7k(1KM+j-9EUz_?WdX^$U5se8uF4WiPXn5#vA}r}?nZSnHzkV%MJ! z&R1>U?}b`mv>tT&AVZI7sOT8ZJ;58gS4AgG0yg8*XEAP0qH2CXi_}ffaElNVBBEonfc>ybi9na;C{rT{Hr-k;S`>q>mNy$m>G0CNgPY!5xi=c}e zX((HxN@H+>0d%R4%Kla;5?UuXi< zu7m1VGD=}baV9&mgTk$Ifx2JY1n{>Bv9dQ^o=U(+4=Wu>qF8tW<&%wc0eOUf%o&to zi|&*5%=1No<3twgv1ib0_M2p?_4Ep{y%`?ovi#09-}#}$iuFm^td^at!x-pGm8w#6 zx`V_voB2vI5|z7rcc{b`EU?30f8ha-m&*2VDYntYD#s92u@3gUs1MhLMh8yX{FXb8 zYK)$P{7c`(RBPt|CSDeb^#vRVI=uE%2Ypc5abWv06aAzEts`oSpeCAM78AoCZ-cd& ztDgntlpfZyB3nsf3g3_EX=z(9%YS9I=_L00AUgHafl5&T9n(_Z%f2;0su(b-;I3&5 zd+6~y%wV0VbKzDZxX&?>Sesff|9oMj8YT6pDmCsk|;c*#xs&S%QFFma4Mwuto!74mR*REG7ng+Sue{I(NTY>ocI8@f+&`IZPa z*AbeRW&kbLL#tNhr0hC-`BQwqqiX27W~P8AM@VW;qQUoauZ|o)m2ik&RR?>Sdp@wS z3r1#W$>3)#z%C!waJYDh<>uWaSz!c3VvVd10^RxpM@T0S(yLK(639Po7L%(cxDZ#zCp|*C)-rT#G}TLL@$Hkz-|x z0SSOfW0NNW7ufE=p^n4f<9pP^l;vNN2jV9>_9f2=zZgIbgnjmn;Swb`plsGuU4_~% zn01#vT$)CaIk(zJiXOIB1;00fjw@=DD%>GYP3{9T;g2m(LC{|5{s)1SLf+w#v8qwx*9mo{4 z(}F{e*2euUR)f1>{wY{P7_G%uy<{Fu=8UOR$PSyYy(B9(gGayrADq2)R9wOLC)ij> zf&~cf79bE@gC)32a1ZWIV~r-kEkJM&?rx1saCd7YI2{_NaklyXX7}uzncbP)`lHY3 zdarKXy6?WKPt}!|vfdH+K=G6K3%ral#%DIu)b&JQRD^!?lbioKnmb(*`Nz;(6=>zw z`xdXcg>!aaZoSL5BvNW`ch)z+BW>A-&jRto^Ll?9tiL}?;T?BpU(;N;FzAV0`Z)$} z5({1r*UGmYc0$p(Kqw3>)HX(lm=0&%+LaE}*Hl19gQBIH(x}VNVGI z&1brDR7I2%eYI^eC0YDz8&1qoZ!pce`^JvFh^(c}3L^0$<+OL}FIAg!*(oH~YNN6W%?fTAXoY=Nr*s!P8$$kC$c78T+Y(v!LF2@0Oaf@M9~wR4>^e> zuSq@K$3!G&{isC0CG1UXn8hc?5_$Erm63#7krin#^ug=gbQ#B}jRrwf>Sm=G_K$YJ zF9-It#_w^YTCmCVdgJ7CqsJvu6k)exy`C?MA9`d8s zx_xc@&b?wil9P=i5V%OUgBVP3j~a_B%~54qLZfoVk<|{~lyt%EBLIM!slkT_W;~LB z+4+%!GK`sh$(c(zgkq3}#*PMq5tQoJnh+M<`G?C>2eGp$g|TQI0jEOc``?hvtG&)E zn}vRgzySRsaJKTAP~8O{i6D8=>ACY_Yn#$mJ0K8q#}Mu#e_%_jyVOaX-?H>@A^@P4 zkqHQ!`)IdnFX?ETCvB#I0T|TSMYz2G&r0B2v3kUqJfIqO_zU6PuL_?=IK>|tkpj^_ zK@{>}fMSph!gn6X9t}pxffXPeV`tlW4zUBl$yn%80==G9ZPdn@mp_Wp$-kwFV#H@`ExIBs@Vu+xT~0TD1B zG$WZVxrIKseXo^jK4|Xw=r%DbDS1H2C+~@is|F5@o;H+}`~@?~b0@;ZEdVVtL8ShN z%dGc(SE-2tkCkrR6@^po&V`mceOsvhv10li;r<2B4Kc)O(gp7gK?cuunNa%_;m~zX ziL6hZU%-)JVZpG!lvNwY%Qb8DpPU|B)p}S6BfVpT2<~fd!bynDSl>-m{escbn&!4r zY+KxOZ?UP=lQCQwQIELXmvUx()BODO-^ftL+uXB&&J66usJR(BtRn*Gb zs5El!sZB1Fwf9lqb(66?apj+-U*l5-*^@2eiE|qw131RteU%)!l)8$02Qhv6>-Mx+3*31Y|T-ur~d|34#W}ulxp)H9b zc5k!16TR0Kp#lkD<}NiNt*NN8rI(;Al)1>N*|NL_MN9?>|&bs$s1EjNb zeACC; zxO>VGp9(;~E#9nPhgkREaE2EmmwBqMJzqtqc>nH>>(OJ({YDR zKnMZ$JUs0kd$(R#l4ZhC9N*a{ z5!FUF`6Z8tl73u(`Ns%$t}w+lM51z=zo@RdTEf4gD3%+Kuk+|&daU;_ws__D>3Ns~ z9gAM;*QBr9s~}XEI$K?}-qNGjjssh?Q6!Z@b7mZbL%9d^98cSmUl3AazRs%5>qAQO zRc>XC?hhI!JNrzx<0%ug{b`(meVLVi;8?3wjNUC0k+4ig`RyB1#Do*)fA#lB`sWdq zv5YNv0j4Elh!dw=DKI!Y{;L1$Xq+%IiyG}glJL1v(eeYc;LOA84zE-UHB?xFBII1w z6AcI|Gw03rJP=`!IV$f8HgzerJEHtBb=GsoN>% z6_=9V2>}}XQ`o;HH1`XY(LPh?=VNQqe9g6!51B4_`#Lo}SN}()GF!xCWu^hDRrk>B zS_seEZ+zmeURgW->$jHv$yjMzSd5taXdk^k%F{~N5qRJQZ$ z)Os8JaOnd8;8h#4e6(Fb0uZ}gO1mhUA%c|h%I8>pc=QofXvWFOof&W7e^Jk{0e%%) zWpiV_E>$9ruT3hJ9r*u|uMG5DY*ur%z6HBeJyj$MKjHe!rT=-A#W|`tU|fPaId=&hP29@FD|Fj1P@& ziDND(;ZH|f&KuHq+*x~NG;Ky0hK-Ta^QmGzJ}n?Y96;w%t635s!ozuMqM&A`chhe0 z=cm^t3Q6M0v}|m+xe^*DSoJdt{NQrQH;P}>5jhg^xp`A`fgdIal#=#c-QmrWK& zPyPlxaPxe!>nX6px1LN|x8lHwJtgmSesmi*fJgr>9$Iw^c}GB@{1-y=*Rt)`1ksDL zkFp7Pwb;01*TCbY;6t2Un9bB*;%H+3QQq5SezyG6rnMewgsf94U|H&^WjtR@cWa`E zws}p4t3T7aQwTZnO)Lz#d3d}t&gM^NS=(7KM_8_fYq`Di$4|=q%SE(Ugy&xX0AG!O zMYW)viS$2TiRnWBwEY?u!VTatx1cfPM*jz9ySzF`MuE8H6tr!MM_#iayg~yJ zDXQ87WZyO_d*~d{YeLe|2oHqs2xaYS_WNxNjN#>^A&4Kn%U1~g9yQ=+7z?2!Q2&B8 zs#*_uM}pTtD=PRQTisw{B&=44b=RB<>O8c4OB2m~5t!r=rGAcRrM>{+SBDsTI*^Qq zi_edonOcS=eLRE({`viIb*`Se!d012MBCXgYA`ZIEV9u`D0XJ`%vYzeXW2YSb+Htp zk>=BDLz0kE*o{Do24t@3$b8=XkzjLfFj=_HxE=~?CPMGCLry9mcC zLwzc1nKS&?pzA&?__B_K{cq z8KS;7Cyy~06Q{vdZ+<^vuEpdtPM;c3hNw*kckVtmoSgM}m^%`PoKH+|yJcv^xa1ln zDiZz;fM3nwh<((*K7EMN2)J=C87pFcBOWHok$ClG3a>Yy36{V}ny5q2o>mC@(3v7c z&M?!g3f&g-NEN?#Tk~(5{hMcyL?nI@{4+fY%OSKZ9GTxa3+&Xe6Tg-F!y zEr`-ob=T|7yEX&5w>6o#^^`%0Av9@}!Z>9&A16h$=jvg?NsG zsSxpg|y4Cqphg>1NNqvz^qd!_??W59%>C1m!4z;>*nO1t-c!Jb?j-7l%Q#QO-;3) z`xhxqtZTr`o)|e~Xhk(@CyrG8&nC|hCdXgB#zqj`ZWkjyX`+c6+0i)|kH_Ih4yu=* zW_v+s0%GVixAHN6g3Vcvcdg0o2yb|O$tuSx&$a#;_ zU{cTQBj;2rd1k&)dDl*Upez~{cT1@{dr4YCrj-tyIArxL4#hWTRnI*50?+jg$MhON z5*s?x=}{7W!BGM=SK>!~D!!wLzY8ZFlFfsOX6iAk(FmeE%ORUJp*ss|w5e@(Zn`*p zLClyVkl>!K8O_E?s0lP?BdVn6IgnIO#hJ1k9(kC2$v;K!$2yGTY69BNvM4?@knh#RC0SeUMg04e2)M@rnud8!{>i`jVn1dpx z&k`6Wwwkho5Dk)5H_ZEm2#45E_t%#SVMJPQ&ZbDGD-jlceU-r6+64QYLS83)U;yXZ zvi-~2YY0^ql_{G8^kza~tZs~D%4sh0|;FT{xacFFjCDqCf?j>ds1Tqq1< zX@+nPy&aYHzy8H86!McJ7OhRVOi)%}d247J#t15vXBEg5)qyJmW&r2kCVfkEpbqrJ z;ghNSjIgHe)A7FZsT4}u&vfx9zRT(tQic8eUJCnMf0p1| zg=sFXMm?Lr_vz$da3jyv^_aMt3u}Ey>;F%^*{?wKQQTmMblM1YxolJp89-R6KjRlk%!_Ly!xrPy7UG9re(*D zwE8gXQ!Ad;)O+PI7cgwR?vRpI?GD_~A$dEg1xKrcRhVIW4rUG>4OvYkI098TfTvoALUbr{m?^_!)XHfo5OM?+FtWKMEEZii~AsF>~Z3<*O_#Kq4U;PQH}Mmf*vV z#dgN~2yjzD6tLw(`;(!M-+mqJDz^~3N~=~3+Oen)cWap{Q`esJqq%C&D@Pza0I@xl zuLzK>>Mm%RaM+VQmEZO(!wYiUoYv6+poVd&Q0)A&iQ>V>V*KaJvBv@(+NED84%DpFbHuR zADXT?FrWjOS!ZZ!NsKRS>IEy8EnoD!7J7r;Y8%$ zxm0)Ii6HQM0ZU-ZYw~h)91tKdwVNQ?<2Bsva>H3S{mYad=4GwJ^<^b zXUv9mb5!HD#|PNctfMjy$>qZWfDIR)=mAA1^;LRsBaKGp@g@#|95utaGj;M*Xgs~O8Y%U4=QVWw*c z6x7L2wayoikB&gFFIMC4>!t8?{SX@pj*Sj^7DAFl`R95Ay0RV4yB%0Y88ad~H_GvD ziTjB|>FTfgNe;xF*AY%Jvzyvi?=S&?d&c=l5|66?xF{j;(f_hImy8~2m1>HT)C~5H zC4uVQED=EZ(^&Ht76$KFR_B#OU%8nVfa{@g$Uh$35H)f!W(GkyB72C=3fpT!_20<0 zxM6xZc;X!X1=JcJkXXgvzyB7rkJWtPq1eV9n)*U4Os_{<`l)kFi2FE$-`mp71Ep^| z1|r6S#R@LU>1rrvsY*;8_0a$TsAD>s2`j@(83~Bp3_*>nDTDw(SZ>J3YeQ_i_OBC? z4(nUqh!h6IrMHdZ1Pk;IEvef3g;WSw-ZzO6yG<}y0AaMT=$v7{&P4=zVT!bD|M|^R zzY9i=_0^4|;70_({k8V$713tL@u4Z{`gKQevtj?`xmQ;^?5OwkyC0nM{QQ%6Ai)0xh7*wAMj1<2J; z@iKqb=MF5K+~5Cl^)Q@HyPE@lKt#Rusc;^h!wFKXoAKrzz6-_6m)%=Z0s>Rsi=AxT z=vj;!=`UpMT|rp79e5GBq2DN|*nY<@cVu|m;x*zifxLqa_!PBcDW7@EX1wpij{w{M zeGyPXQOO?Pe>$Uz!310r{kr9!%W@Pdpc`CB_f+Pa{F0%6ZLl<&@n^7PuEd6-f45%~ z3E({HxXiCy1aZ6COTd!comq1$ImVQ(T;l#1Rf>)V=sF!fTIPL_^SiS?5)~|vJu6!; z!z!ui>Hc&lkJILx>r{E*K5!5#oaR7y>G`L|EkeWB2mm0jk`r^A0Q*<%}__0DyqyNS5(cvH$U3+?Do?dTfSuXE_;; zzsZ}olZon-Eq=gGTmXP^`+MCVhuC6E9IeGj( z-adKZ>`hxF>-y(F@$1Lc3@wG)S#36gxp-n(rPT?RS~E|yprvdSQXTNZTniOW)4CB$ zvgKu&k=W~nDu0(RbbFOY`TYe+m+ky>hDM|~v8o%Ig%(dI<^z(p)VYJ7mXGt=sf9rs zizwN6>x-@FS?}gKqPDaTQw-#Ys@)|_z)b4$dPefz4f#ysN;A$mp8!(AZ!pl5b0`U- zB|E!xGn+5UQZk%83b|FRp^7!}wXObSSYv*7!gV(?vIs-MeawfXYU!A6c$n|xy&dU% zxWqagJJ9bOe}Vp}4vRR|4V*!eu&EYv6a(U}D%vC!E;vqv|HTxRpfYn`x5 z&PbI_tts7l=%JTizBgRJ-_7YQH#;08(@&9Ujg2}&)}cv;?F~-}lVNk6d~n9CL#G!* z`ks$Q{fEp6iT<~~AUNY6TVNADpWkV}vuHElH50;K0!|utdBt?rEO9ve=eI=B{;*ex zzH5q*F#@~bdaWfSo@+#n8mG}SMAnzxsK-YFup@!XQre9S^XHoJd1&cGgn{%nMDpnb zu2nVFI@D#bF13+Q=HJXsmT25a)II%qWpcTr_|Ex=@QBN5tRW+b*$L%)?6Q_7hmSVP zH0+gP>$83h`;l=IfT*A41!tURFT31pWR2b$+Ni_3mN)X=;^H36uSX@4nUF;PC>l?+ zeV}n?YcxliCm18*-WDg76>e&Air1)N909D&3hIThj1XhuLkI27u93bfi3Qv7^9rDD z9KFjFFqqjkxC1B;*3nR(7WA*C2+Hs5GKoz(rjKHOWEE~rW)Y*|mjNh#NKhz*={F2- z2RT@kkE1jT({Wo)jR=CgV&(mKkE0d{^^nLG9kZ(qOA4ds#NC zMnP<{yu5qC2u_!Uo%;vI#P}VEqf6%X>$Xq$dGuxp(NwI!Wbj*Gl|d|kvC}dr7r5|zirjf0ifzErQgsr=G}wVsxJDff}kSCH~f?tS;5i%>lb$H5YJ_t(-1 zxYLm>lQtn&#%6fdMtg`=II@fiJS!#V3Q@` zS3>gYg*`pPy~2XwArx5`7sDv!$kGu~Vw1c-W+5Lpyz_Uk{Gdx)+H)sh^o18x1z};b z+VS?Kx{!RfnJlnHIPz8y`)gDN z>@-n5(4`+kY;wc|IKjn_xo$kwbCR^ZgtEX7IZc63qU zKxZi^Gv8LrMuVXNI0kgu2oo$OGjInwmZEl8TFBLuN!@OdS z#Np%OE`jgy_|W;k>5I@3r`+dGlC=>Arftu$IH+4cGo!yeU(^wUp!cHIDV{JeD@iih&#`zc`m zvqNp*Q{SozJE8tME|M(Ir4Kz z85kh%A5!z#{~M#9!=VwUF=ua310tm!W*$&c_z797oi6du%UkxvsU$XP) zj6@xI6ocBvHM^=^ebFXJlptlob|oO^ibFP9TF(TlS4!DK>_+DAp|7ZGlSkrgX3F*` z)QK8M^c7L&BfGzROrhuIRdeiLcK3Bfsh)o~vIx}4MCJf}O%IaHoI`g&X{I&ieR1oN zLe|j^V|N|3*y?h8Le{-YW__4jVVPJO4Uh$>%WTtroP9tqYpr;)-@yuuJ|?#qjxvDr z{-0vajEZBQdV4B{*Ip&w&sWCB&h-wsgRJ|ZeGNn9aOCw+qz$v*XdjsF3YLTYzSF&1l+u(fWg26b7dcj_RHOE{cps^jVb7yc5rUZD!D zV?O+nZ<*f`vX#glx-P7|<=Lk_N@p#&HLSX?hx`Ad++-UHS=z9??giY>eVf_5e~I2I z_w*?lJ2O*1Kw<%#=)Jkp5H;=MH|Jal1&N`gPg>|Me7baDd1c?(q}`%hIH|uWY0=5CrR9U#zR-eFJh$PrPq z;g&ab-I%j_j(kV~pj=^&`1=(vbjypNMt_u4vXif>uSo9t)Itb`716$CR8yz6F68m} zw6)?@xz6nHr%g+Ueey~G2N3J4!hEC^EFAL?W^6O>O}?;O<-#%6{&{uzpXT{`V!7Rw7}rjWifsX|rJPj`$6?MyI6fa; zhKU_mldn7UM=56!SG2X%&6i`}XP`SSwkAv#enXtlcIM+gZk$}~|6vg1aiIY!lnX_) zelhrMT3XBmBh1r)iWA5w4EknW(2JS;MY|N%&L}N+O=O>@y-q4{ICD zYpG~$!lMe*AY!PoYn0B1TnEF}dRpKGY}cdxk}E2Km2M;%*XXcpyB1$P&!JlUs0LdYoK zd*>lNN8RgMVO|x-Z`Sq=EXmnbAcf9@D>v$&TGBpl4Pf?m+uzuV+{{iWUu^cQ z+etKQ0_JwKHg1X&JlR8LAC?3Q#!Y!fD(=8l3#2a)44FV|{yi8$jy(xNf6WsB-hhju ziijQvpoFbl!`3g}9d1(A7woze!TvDuXhQ}F5`ApeI*EE3prVU^L0=ImvbNRAg`!2& zH{mKHYfruqiWcQx4LiT$lv@^n2B?!}ReR+;W0fGBRUrSnHFbr!Q7oQ?h1Jxj4ep|U zUSedlXH4^%{cBE{rF8^G^WAZ6Novap?}5j5->-J=Foc&JGSf{N;-($H zD+ZN0+&F&C641!9CRQD1gxEZXDBqZDcNm)6FlK@zC6vO*_0Y1-l9W6k6R_Js{DfIKrk(WN8(cH`+MCnEKMGkTJ zP{Jpk`Smb21%h9suQl`+_7{>Ta^|3kudnC8V&n)n%QlM>M?T4Ir9`0ETioz+QC8X} zy{|kK$$b!v^Q7=T{!AV0C>2@L_3a~d$=&aRWIz?avpm)!4eSPl>z2P&rTu%vtuukw4(Dxe!rIi}T8S;! z_XZ>XJa>0%c%dq!ARSmw0lhK@g2&5;>v(FmT zvmVIDmHrw$ic&3YP7~Iq1;=%0fcmT3sBp`(guFi#br=-Z)@V}GUn5PrI7Pr)@6=XU z#pfjqeI8mNfFl0Vx7rrhNdt5XhA?4$IRD&2gNS#jealF3u@Kw)tyW;Hhjtmr^R1*L zHCcH^$o%@*bZ#tNf zJ+0_9g&43pM&>YVaAg(PN&N+Vz&B2d`c3i;2Xg4qhg*^X$rxj6w78<#g+!zB?pURj z)k%_1njbRRd;EPDdL7He;Sz6fy<=Ko=k&yZW@Uqz01!hh$+B{IsL4N3QljuGjPLtT zZX!-C+bthdB#pK!L3yYT1i)Czq>U{)P*bF0C>_`>Nwzxf?)*aRa7@qG!dovZtZm2; zUP5anEze#tsmC8qxL*H;E}qEp^bU5>3HG<*aMHc$7P{}t3~L)UgiFwFZ7$LjeKm-1 z5^J(n5?PH;ryu7(M$BJ`?pgyP{sn#@Z7N#9>vkwM4U)w~)NhNxz*}Lcy-Y&vT-}w| zzusxM$l>`Trk6PQzhn!H5MHDq0@t=~97!@MM*I1`KlyJIE zCc+1jkD5X7E_1{C1SMI%L$!2Qf3h${Dkb*K*y!wPvKW+FFm_`it#(fEIE9|x!1)=1 zMnH)atqG>k2eRj016p?Ci$i;<;`pBDLt|L&AgMs%dC_zD-y_mcSa}wbnTwg~?zepm zkY`jHVppzqf&b;6As;VZn&yr8??PM}!}p(GzSfF)8DW}BZN160TJ?Rb8R_#5x!2fA zAKC`2ot#U1pbEyyEtCfUz>Mu`ho+y7@3{ei=u>ucQsw_&R`vgOW>cB-$Y1#ZeAm>> z!x~|vktOtpdR)|F#=`98u^kJrAzA@*KurzK{X!;QS4$Wn+KXNUA55MKyh zJ0nRP;&LxX5zlBsqrk6G7|BI#Q{ph-!<7GJS^Q2;-kWLgZwCZTan3w49qr#AI)Y1pRoVa3SUyy`HC8tQIEXI#<$} zpWeZ*vE&y9j1Bv|sE48hnshpFNe`DZ_w;tIXTBBxVDIaMFuHaTAg(&;>Y_qBq(U#t zk)C^3hYJa}T1<~it)B9(Q>%LB?Eu%S?#^t>ROz6t&$?g3vtqUXEF5 zk%)Fx!;p50w#^V4I!MgbsLQ!gOnHj+bCG}KG0 z;Aek#doWuW3XvaxvF)2b9Wn`v3HPF8OMZq+Yu7==jY~} zS9M3(!f6Mnb8{9BcRfP=R6EfSrVUR^T|=#2+52`bnKUX1kc=1XIt{Yy2au`^5j{8K zKs2LmG20Lio+943mSh6~_XrJQhu#N+$f1G?frkS z7;VI8!}n1QIFGm5WRo@&xP4wOa0%idH0%}UEqK8jqk}#*bT0!~1tTM_Zb73~Gi!>% zD9Z>bk|%stavEu4&vb(8m?6uRI_Z(JJ2Fhk)Sx^s=|)QFjT#*%(EDvpgfh|h4MHht z+)fHe%$tEKPgf8Xz*+ zh25L)VQZyF{N{*q9Hy`z{FF_7;i1YC{A<}jf$qg`)wkkrFp+S(zwua0Y5deE-cY#i zFv2s_mz9&TLAM)wWV{w2Uxe0yVN`YHe><<3s36s_siB!0&UD0<#ST#)n!3fZV1M?A z1?@-{I=AC%Hvs^eHU&WF7`?g>B9W(=<(T3%4`{ zDN1=ay`RI>Y?%ZdP^~=RoeM6$Yx>+ybwTw6s`pfZE|pvD-b{nVM(=r-yw^v`->R`( zan=0`7#mGS0+d(BfCu`Q=HUVH^rMH~WJuMF)G5U(7Mj;dmk#}UbJ=+B0USSatn4s+ zLrc5DY^ucIZs7$KLt)|W?X3Xe7XGVws1;lYs(*7?%d_X0u8&7co6h|AGgs=x0uP`r zHdG5P+pUV`+W+_W#olh+hdIN@Kc=s+K6z;HSuBItCyx>zXY=1w=vsq6q#@DJ)+W;S z^t;3!r(zpWX+e}?kwWdeJ$^K4z@4EmIwNcRTISTsyVj7fH>pWPkN_P6LRwlO&ew}) z9OzLibubWmNvkV%Gpl}6Q4e^fZ$~<>hBniv;~JI_V7mlCJ6D!$oL2Mn)(ED2lfaE9 zoZ47;t$N_=-r4}ejvdGl)JuzP9PsqIDz-bg=@sHDZUvh6C*Vo!alH}LJ%jKkWf6;l z-iDH_Fy`fn9{eOp6-&6)ho~Eoa;pTsm%zLE0G&V4!GYiIhwS9vG8$`ca`%*iN6PJHO! zv&p&ox5|q(7%H){0-WdzlH@Afy|vXHx;c-87>XiW`FHmO|)A6qxC zRfPTZ+PkF|Np(ZfacwI9*hunjcNG7A?;hds!1ykPD{AYy*Im~C75>hCfxacq2=W-) zhicU~gQcp)=~zi(AyW6+U*77`78m4b&2*J0;mpOq&6AVB;p5A1;^XAxJjl%@lF(Cm zH^*b7DD1^qW8}M=>FK!_Y*-CRDL=iT=c?-+8U2c5Y`JIgM*J6U9*hUMDTHXAW0f;9 z87Q%@lCbAMt!alpH?LL+OQlpSxgH3z5}b~sV>6oL^c%^HnfNJ%hWO+Svj*J8myC{Y z^6k6%pJF3u&0~C2AXH*TLJ)fR9$i~54wD`n`=PM!>&u7pwO13l>p~}4Z*JStLKAK= z-61N}C5P)Sr4c$TlO0F(D?yHD6p~!xzv-z2#t$_I1fNoXR)oy(Oh_pOu{JWrxm#Ss zNw#*SfwK0G>}h@3mo&p6x^TKr73%_QMX)Q{8tILcb_=b{#GXezQx7~5e+YKh(TP~> zanB#CITDH2bL~U|l4-hdLL#N@@Ql9vu@TD+v@gnUD_S$f#VN|zg*+c6#KvUeif0#2 zV2U}g1OcfuHP5YjV;L0Y8XBGirttPdfzFEUUJx8+NPB2te9XXiK7D&MDSg1FrZloI03Hkd{$KpY;!4!xY*p!c`wGsG|z?Hsf`|>cgdH&__s@z>ywY zfS?Q%9l7^I!efq`I7Mhh5n?1a`HmX zOsa5`3xX<;@RL}X)Wp6Fdia;(As0CNS*Y@tNJ97nIx?Z+Q1kiM1NV%z%M?e$Xv)VU68&mf(E-s#e(>{8t5X5%I5Z zg#O2yot|@cR3q$*4x^pQpeQi=^eagmt4Okjq2w<8$32y4N8lcf6m)zb(qkp~ zaP52hHkm5XQDda#bo|O;7Vi+9F8MzFIs62zA$RD|%Q(nVX} zhELxQe#mO?ntNo>h64%y63U-XHytea4V_k?9(Ej}9vTGOjWw^b}$m zZMQ{0x&9BUkziPc_c{umc$lln{DVkhjq-L?hS-ZN?Kv1XwBz{Y$*Y@=Kdb3_Z`W_L zsg~MdbV9T3{;yMvd;>s`JmUG#Llk9PAnJHSkq!jD+|t`w*a@amqxB(~QoPE%anFHq zV|}{#l&1ziDtaI-Z0oM_Dx#K;H`1!vtz8Q@hr*0MPE507>+9>@Jrq@!w)zy@K78qb zS#|u~nJXwL2+jA{Vl^~?r}?E1E`Ii3Z3L&wJYv!7T^HdPbYDn`>VA{$wA>C;`U4#w@)bg&zqLhJCd5_KZx8Y! z>aCjQ{G3uQH|g5b-=Qu^wzDbg^o``lG*$|Yu__}ilJOsQT-L83Id#$g=BAfFlT}Jm zKZ=2Z>-3BK!_@zk2Fxk*A19FJ8dVIT9W}dmkAmDdpe|}qob>Sw8_-X{I7V{!lJn29gCN#JJbJbQWID_bZqUp#8 z-Y5=KafSHRB;PPOraR1vU@6Y-U>3VMFdRkp)E)NF@cgU={3{y?e=}u6z0~B)8Zo6< z4I4d#p*wR}&O`3UjkG5Q4`isq@%BR+-;ACAHK~MI(JpDN|1LjYqOCd~jtz!B3RcD7 zZb6TuNzBk&XCcCePD`(lvI#2gzNbc1Wyd2jzYNE!!SyzNbnd^a7!I)Vw}uLx&opp9 zq>#~17|{=@ibD_~+U29P@b;zRR&UyJG-AdNn$0ktB#OG1ZQ_M{hSeo>HeAs0f2V3W zG_{Ct>X;VCF9-F~%j2~cqO|pEk7_l-8n#;o?bgYFPt^L5Y>b5mD<&7wjH)RL7aA_2-!VmYj`$oYm9{9G7nbgpOh>o6+p1WIQgl=B@b3w zw&tR~m>!U#B!tGmsn{VxMSw^o5yXGVUPwjXi`1rsm}SREd(@1`Uwp*yx2oDyPwO9{ zm#^DKy)TD$$hV9;k^v&9Gf!$+DBR-?8E zb9y*WdL<89{Z8e;x?~M_26ffj)bA578t+$^BJjX{>+Schsc-ALLcc>dui}}8valF8 zZ2R~BeRR700~&wntgbwucw2TyVLBgzSTIDsRXDzIL&Tct4bLDRoW&ki{vnhM zhk{CIA2~0&Wob|1j!W`j?>BKK4djo)C2l2D2h;(p%Ue7ys2G+i7LqpatYs$veFJv_ zc-neKmMO2{5UBcAUEhm%*@Jz`q0Vj&y+3|UyXi7v?P8&Q+<2aLmhmtSs0aDU0 z)%@?lIAfRD#gS@R?M`p)D@#InpcnKh>7@(6iFt=0ovj*FVG*-={Mk&LCaUs)j5LH- zu7jLd3&!{S*|OK!?^N1G(8$uRfBsrlSc5(|XxW{DtqM7`C0H9d&?n3jn)Z70QZlap zM#gz-4Ci^3)jr zzzXBL;2P1R!NyzYNWtt_g0MN7(Q)M$TOIE6}EakqsZ zX~AV;{%Q*O^$&p^U|r-3t^b%tI#Yn!<4-Va7V~E3c2!8#0Al`^)D;M`LODP9eQ{kH zgoIb1tNv%+@jSB5(#lG#vuX44+C=6QTnDV0BU9KG1S&Lm-)y$EeE+azo9uN7F9dka67z%LTip~fq@AFd-wuvvbFBxrN_gTg)!va#%IGPHz1y#8K&FbnUT<;UVeTdH z);B^dRx;eHeuSLR;Dl@IKuT?2u@E}?$52O9%aQDar87iZWlKO%Ldb6E1+h0edp zeg6##@A$E&x!@6;$`j4I?<1}Q2$$&LDBiVmT%F?079J7G6|_~eiX(A{STXCF_Whi1=E9Z3S4bB_$<;!NRiie$93HgpN8;2uV=))bg7C zbjV)a*TB>*8i=ou)r%h}C9T&La**I=eSe3TA3wp7>#?(j^&yOz1o%^qx7Z>&IaEDU zb=nW0q5-E8K}(^dWx0FTd_>?o!e88f@T23ui-(6gs6R(D%E(`I+Yq$HcKXwiIB+CL z77~2j4W`;Xzi}Qy*|;B@r~tL0UURW$Des8LULORlraJmG9|+H->zAESTZ`%z9^(xO z)3`*=8s7Kk!+!IY=VfCW2F*}c-*Q7K;ehNqb7v9KqEMe86QAbaq2%_o5@M!k1N4rF zzSdI^EWgNuCFLPc-kcwf%WY8jHC1LFmw@;m7r;)kkmKoluxHWUs(&Sk51zc$O=E(L z8~%~OR!3O%n=hVIrla6=We?ma4KrbKr3rAckuS8WM(iKZ)4P41lTM#%pfvRVXzr_{ z+IYKlgA^!Uq_~$taVb!W7A?iytxzbgA-I&{P{E74yOUro#jUsoml7aQEKuwYzjMAn z?po)5_uRG4A2*8?CYje}&->1v?Ag!rH2c6#JLW%QIO$A3Y|C4`#yEr<))8b-DXae- zIHrG(@@-f4^rNn7^Aq?&-!VV5c;wwkwFA}f^TwXAQZbz-GQWE+c3CSiDpF2hYgQQ} z7g{uXOqr)0o=At{hvN%q7|7#yA z6^g4ammw9??q`?`#VduqmuP~X5aL?DFv1*F-rJGp zP$L&i2a)t(5|>O%XvuIWFVI+Yke!1DFgPcy{&KHKGJCQRo@(aXfg%P1K(*=62=^oM z1cjo$IH?R}v>p?l=3PEj5TN3zIp`gn^QTtWJ>qDqVNL>^y`#!Fr_Edp z|B~jx-rs4!iNYGGx+-??~9*fxqBHoJEE>~Xp)dTXnOpK}ox0twa zg-gM%k3z1?sHs%9Jz|NZZ`i?>0zzt}plu0Km7j;fyw;I$KRBG$BYKlBVW<@8#<(qT ziV5C&3aC4JcY)|%WkBTZ?@6lgQn-7jtyV0h4daJI1eh*(IH zy~fz(?Gq@y5#+kNKy*3){X36<5_fv?T! z)5_8IVf86XxlYQCz_tPr{j#{spHpPB4$3BRt_Fx@j%xz9lq8?=!F@0T_L7{LMQ#;J zVFnK;p%Q7^5RpT^Sd1g^jbu(3l~VE@tIHZi5`{2^&GBJx55#xLG$KbQG3~QG9;f=h zhhP03g(_}qW+XyI5)2`VK4%{;F}KiWUh1qz?ZLMS-5gCqZ1qpFQ&=3EOFu2XR1{N_ zsyK8WDue&x@Pk}Ae3 zm;Si_Qlo&za&tJu&-xFeUM1}0IhsX=N_STmkO~KdArmFBXP%m9p{|6Ak!%{yrf1s1 zEq@0QT1n^?g}TnhrJRK|J;KkXziG^-yorMv_~l8~PPG?a?5*=arlV$nlQ1-h4k5dc zPWCPg=dt)@hSD@YsKiG+8M#p}{jSX@?ez`%AVgx{7$XyLZ~DkvX*e&kR4mR3eeUyR zAyW12417NMB~fW!41x0E>{gv*kgb!6scENAuTwF??c<)$l&w? z@GQGO?yegQFhp!h!eI(N)&7#m`xY>Mlp(~nIuW{W6B?wywehFa!KyY(EJ+~3vFugV zj&>N;jPFni&$duwj}}UAqj{ZYC6csqR1XEJ(Kr1g+&YqUdD)wE3GdpYCCoPD+<#WK zVS;*Ok+`q0*US19)`^UpyzT@u2<|x#R%Ky0mtMisbWsU)3#-vJ2rH)xlXk1X>hsq1 z{6UX))3Z&RD9Nr#`=ml-WuJKz%zwqSLEIRA6~fRF7mDuBVl5cyL1E}s;}!%Tu>(AYVz8({y9mOJbmf&9BCy$J`X+`WrO!Z2%e9uN zj1at`8zQu!6wQ79B|J6Sw8y2|$xK$S$XZW+H+E`+yz9#_N zfEC=1c3byYu?yxh8$gRAI8B2tV;zmov;$R7yW1#H^9X{Eeew2&KPxHbt4sq|M_Z;e z_+)%_{gnY7E6r5o7}vYJOvBf28B7^=Lh$Ps(2T;1rwk94Os6jg^S~F1o6U%iCFOqS zqBVPLveY=b=Ro*O%u0PROCI`b`s*?e;@2aN5;g z2l`J2GZYD~sdfLT$W;57Njdx5&mTjJrX&J==ze{tpH_!WGtpGA#n=ZElp|PYW6Hq7 z7ra9}lC{=4e}4|$J1b>F#SRz@@*dz9#O6AWw<9~rgf?ihl5GbHq076#wj-E) zF)IN&9TRUsE=sRBFn>Zm8HTFww;H;5_dtdDqffj@2-7qmv-%q<*Nuv*zbQ0w2mO?U z3Plce`N~D=Q)d74R{!LtRCF>*+1rA`fSVh=#!qE(D`;$3R|V;?`7cXBjtPbTjea1xnB0kAH!1b=AH-^)c@|8+eS2nt0T-9TG`s4P(RN_Hn%_*>rF^gV{1t7tb@b8 z0FfWLNue3jNEmRNNW9*BnvGaaE*ZSP8)N!-A#@Em{C8zp_5b;?f3U43;vVxDsH_EX zBPxXv%UmZHAn)q*`<{ZjLBu~NZ0`cvgD)ps8M&FTU>Hy4GruE2N?x`#V$$(&s(r#Q z){y^!uTQ&Wy|7zq#M~JEk3Rrty^!x3qxeAGM~cJi7!*)XtM!)Gik#dFPZX?JDuu>L zWC|blys3;%o#616%>6~U>Acx1j%H7ysIEYuakm zUbN)f=&K0=t#<0wr6l=T@!|rYvDteTfxdg4?A4ZBBmm11399sKMjhznU;CMFSi3Y9 zVQkDN#Cg=}ziG@4NaqD$S7bKsa1nYjJ)e%eehaskuGTv?$yaB3lUJi0!dE}O)(8O) zFWGxHq1E$Aqw_G;t1@PaeT!Tv>IEV)nx(U&zMa-j@O`Py(tba`i?>if9^k%BOLsVp zS34Q+XcL)nc2!o4z9Jz2#o2Ow^YtAOP4ozmt6Q+(z8V35sN_>kQ1TH%ba}Ri9CZf` zf43fty_;R!B}k!b0B~5ie62`jFZ~F1BGV+#(T?Jue3C4$0J85AWm@*r}<|nKT9(evoPc;SOkI;7(5D40>Uj3A^U=l%RiZs&3oo{0u?8qo5iIuq(B;NEL@JbO zZmu0GIZd3O$otPzy=!k4`394!+WC2`m-q?$+vTNfYbBtAw=H4r@Gf`Rr-|5Vq}?bP zx*{cCit12tnaSsOMzyk4>g`OQo$ZD?Z}+@P)KfP$M0B3_iGi+(wmWpk7R=YP2c54R zPaIUZX>|_|dZ+Bp4}Y4s51UU43Xjd`Ghl)E{DcK5tn3qc(Lt$hVxk6-QLU_yHIT*m z&G1rOl!A>ID3}V;l6a%2xv)^OV*~;T9^UG1_Z&8k@(DH*VSrKtMw;`v@S!{9XrLt$ z>=F5~nSU+G|I7cQi2s))fWyK8b|48LCE_8&5%b-L*1nil6%!i?y-Dl&j95yW#UBx| zTTezB+4~oAYJx2E^QB7eDkP-dSH04vG>b*;Au>GvvN9G^!n2QYX(?5jTinmyeH|AC$a8{e)*<5Z$&2@!&sNC_tn*K9FQk3% zanGsfCllB!=*q0wfDAU@1K~snS1%y444P!D4v%AZk-Ta(px5!S4LAq?z?xXu-hO;Q zayJtbbJ7V`FV^}Lw!Y;G_c(;6f9kQ(vJ9CK31zT{^^8$)Gu9JI4AreYRH)pZ3E1Bz$4BVYWvl5HA#S*c_+?=)%s!H-0AP}jh_Pf4t zYr*(5TP@xScX#tQkC%P5gmCLT)Cb8BSq=8NDQxljCBAQ(`etv+b?o3uZ`39Gz$^O< zt=SE4?*|aAby8(|%$PqMI5>PL8I43r5uOh_+UWm%8}e!C>Y-rgQ#zy7)`o3N{lC$@ zGZLIm6{&^FRm(rYQsDIY&)bv$YexB-m-8m)uR z%}gm9nG@G|8%52;-kVcd`Sl~kZh7j3jj302zXCc%bMeX!-++pM-wnN&johYCdv(0H zB;RUu^Cfl&l();{C)xc~TCE`pvHTIp3~7Uw8+_d?TocX^`3@~! zYh_)Fbl>@@%@~BJ2V9yEHdXp#m8-X z8YeE;IVwq2ja0f%Ut&KNQcy+7wNX{Ts7m~z#AD79;lRL~Z}O0r763N_+1`K;*c{Ns zj{L}?FbYCh2O7XN-=U#Vh<`lXi-A^S?MZ&;$|?m|7Ma%&UzEE-1qn;9g8L2xGJ+5L z%l$Hz!grVqP%kUv?-4%7o%;!b(mm^2zo2(TjUNIZ=oPP~@%VxjPcNxWYmgh8ywd>b z;uD>xw^6o+p&PLWFiWs`L+Z2KG0|@yITbsRsz{Z5PIH18cm+Q|TMOVLeE>U|UJ)?Bmb7j=%yXQjDV?U$KxSoMV3s|HC~PiYu~ zv5i6*yZzH4<}e}=-`vTNm@HJb{=zC?zZ6Csm@&O+wedeUq>rk z3@XkYWsd|PL+)R%%b`*D>GMbOmY~4N8CntwsE54#WAYH3m%)r2&x|Sxgbc{Alh7AF ze2C0>%}UK`%82)v)XJoFzplKuG73;ST$gATq{9lIDZ5BI;TmT0@RJ%<@z=)vFXOR) zf?j^pdCC~5m&3pEC3G%dRl?%H8HnDl+g21MIlm7uVTj0%DOl<;U$0x(c|zFrTeezL zJ>THaVukMdqoQ2mfx^wqgk5*LdFRS_U$gHv32JO3_+!-jNp5?DMu0aK&{W5#1a~UO zcg9IG=|PNeD>>_R5be`ymMn$&;cLFYIkIQQCC1T_y-QbTFfi-Dxw8QJB7-VQFXp!p z5JaAOje3odVtO&ME2+)Zaoap$y4(86H{;o3-W_lWF>DOz1C#H`jNl1p4v>%6RD7(B(^K@WQDzv^W>D&H9vH6x^G~anc?s=qC5|W@H zRCDJ$5eHnBHBUwm=u<}-MN4rh-RK$g$(*<5LZt9Y1Df|*uFp#Z@e29QDhkhoY{ez~ z#b%%apR&%6>^CUEzdy}+A!Dbb#$mE&wAY|Xx&*mXN+1AUR&ez?By#5JyBbwEKY%)5 z4^V>=t-sygy$($%p^W<6EGHYe@2JzR~%Z74W%HJ&FRutr` zYwIo=S1#s1ZWgosoGNW-!N||>Df6MsBqtbsN8rSRLM_CH2pRCgpzmrvIjr_8VmFY5 z)ahFsDr8p?@gi8i_6VKV?oj|Cz$o*xV>b{gCpXXi{&H|}CQu8X4gUG5%DSZ+TS>Rh zInsVhVi{jR{5J=&9?M~d5u1%D??YCu3CWddss(AnZkOI)WJI=$3DXnpE^X59VyqsC zG5zK<(AG<$c}XahVDpaI!rp=HS0A>^cX~WIo#=}~v8I;j&@h4Ic1PL;%xC&ty_bm~ zEalA?0}@(knmkyF@da_&Sa=dM`Ci2B?y_ZbpQDRcFBvm{7I0zL z)a`enz-5w4@;qeP!Y?a^jbcG89KO=d7_-4Q9=??Yea;$;uf*f}B~6Y(bJPl36WI_d zYti6_>#H6ru7{dD>6&TTf8ZLzk(}vi?l|q{O8|So9iXz}Db+Wf5AS;zaXlFjmKp?& z;M~a!L$x?ke=5)TFqe+BiFKSm(NMr`2=!54Y064;9yN+PN3I+YWI15cAC|tYUr|D7 z719+3-w)oZi&=54E(q#}m86%UEa-D1lxPWm0<7n&Lcg>`A02gw%_B~HG@O7^GEK*2rG2MC24hVw^N0udOu>m7GLTyhA zV8s&Ku_uB7c;%VC3&W3IoX#m^d)gMsS6~l1mkT%Ka1dpbj4ubk=+@R4 z*1j@xEALZ!NisgIZCL@1E#J?rZ*NxdX3~^sFx={I)u?DnQ`FWONJ0ykiITg4PnG2c z3e$G!3Eo;K#HfR^JopE4e_l@PVd>Sjb7P6YN4y1>$yyPhqu5zHBG9WWR>Vgal409k zih>IC-}K5k_E3~O8#5^U08&cn(IFJnSEv7mMAHrjXZX)!xc76B$2;ltcZZJy=z3Vx^quNso7Dpltt13ph4r9szsg`2Ivv{)zz0bY4AN5BB^0y^KRm^zU!d<3_Dc zob19A{Ccr0zIh=h-X~*+B(Z<0Akw#fv-LE+sq*SIcc~vrpxN3!?o}^UmMHc`Rm&8K zSX!wtO2uBhyd~BJdp#O=LbD7$pO1wuCeN{??3h@N`YRo5EuZOR+3FHxVWl1_UEPOp-t}S159($|9MN@V6B7@^*hV*vD z=$TD9O#4iqdF8;d1Xgp5cR{#iA=pbpB1-1i6Y|y9+$BeeVr24OE2@|YG))ORk?Ji7P`J7#~m<}IrAww{tXTe^Y|1A zKM!GE_9jk=$M`to=Y9q~1c~Zz++<3zuDV=?=_&pMcpkxq{l@H`=ud7Qjg|6FrPobw zhwHCASGkIK+`x=mjW*?RPHUunl+pa``#C`nniec8ztk>@$_a7ki1&JNA zas^RZ#fD9{FVkqETs)2F3}j>ng3x%M&%iO(bB-dGu!TG+!Oh&Y1cmwQW^(YW7&ak_ zs4_paFp;A=8L`;oJkfB1q&};fZ}Mv>6ycPK)}dC)t7vWBYBQ7?W3hc(^Y2Ie!9VB4 zY~A&V%Pq?NXkVLEPL-BiNXVs`Anz8SX>?{+?>jsE&*(){Po$eP`b&kJLZn)M)Vp}2 z6$Fqy4jImI9nwPuJTI6sMT%oSy>ti1@;}ysxIl=*MwG#0K;jH`-3J*$=lonmXYda7 zo*DK)wI3b9fdbq~nU=Z-@2uw+l!CKF^?}&W(4%~*5hN9LG{@&f3+*DdcQhsS0^CjU z)3B)sMu~ivba1wP9#V>CBlD!>tss?eff!bZk6eY}-tDkB!RIn#y4{N;=~cU)Xg!;07W0W?gBtnz!Kl8 zC=#Ri3a-x{RVT|9=m6KUFxYaV;*uO!eWIYJzr}xn`9)Aj&0es~27Z-R;uqBIo&M?y zui;~iw{_)Jogpe$@N~NVFZz!W!s>vA%)vs`OH^oJHx_R7S=x`iWul4dzjOT(WYJB~ z&-ohMmuA0Vv4S*N=vJ|{ST@{`H7`aU+I!$zca>Z{{&EoWA67iygH zdS>G_p)4W`m#4@JkoMS~e)lY7<5pH2yWtD8Ik&`a_@##ZYvJIG-`wKP;sWL%tqxy! zZlC;abHJ}n^tRtny!NuuH; z>T?wCv}tu`iJF(b;Fy3Wcovobk-;u=Uu2*|Ol`o4)+orFbs1v%>2r#`XsINDlKi3wUO)6W9$2;mRi|to~J>_|- zEDExw$VrLc?!17CcK$BtmBB(_`rUP{5##yOlHI&!%>CNQ6mP-KCC&(YGE z`mx%C{_@EAZIn!HtePMgGWrg`+Nce z=AGG0vUuNL0?m6V&0|F@2sOpk;--%Ic|!;DFs#tX7qq$%@WRT{YVYXih3~l*oFyDJ zq3ZNN37}fo8W;QtzN;Ks8mt_9cd>W?Zgy#T&WK&HH`5Fzi#~_0#7jK~9{BMe<#^eb zUbV5Q69CiaF$s5ZEJE(6PxsVE0Uof0*`NG=WSZ`!#FRC>Q~KR}-Ooo;O~X)!XD{3K z%C+Ee?9;11CPeKm!3=ViT=qHQFVosqbA>^2Qsle$<8eTz^$@ z;SQ`=pA#EkF25c(D&q++WWdsmQqLwtvx9qXL3_ECO;WXd*bl{kM+W_c)*5W)GU-)f zp7~!eSC+#OSC`pL*|5XBUz0zj;b=@EhBCRwH?}#O(9#++j)wuS;uGAScpR*O#}aEb z3DNU)ru(6NSmkr8U&ohzuL-%N3BVB{f8w%(hbhK1T-A?3=g>tF@fxoWn~pEA&Y=le zq(n-)fyIT$ok(YDz=;V}ch=W{Qn)vZjdMagTmt?my~NW0di}OmuoX9?-7h9{9>vA~ z)tR?Kz3t;`*>C=S_$q&t{nofMVZ3P7DAye;88zR@@=$&lWrr-8nsP5Q27L+Ase%pPuNMS1( zhEuM79QFzJu%>^=VMU;q@~VZaWp+=dFn~aC*`@7dYKIt3`_WIvO})e^MUYU^G5?rW z5ttPWNi)YiL7YKOQ^fG;aEG-HbSI-xHXM=VBg>m$amPQe(%pP!Gx>WZ1wwnOUYgbK zCH6jYGu*xrI!K-&IUL>0{?t#$O#e=rlDc&8l7vCPmaum8u2sw`Hb6%_QO(LVU_Vde zS@tkp?rNoMz5(jb9}gUI&Ro|(cmM5N;=7tL%&{0{x(W>7V)i*IqCgyT_Vqq-RcMuC)aIF5jZ(KS%+uLVtMif8|FDFq62~uK%gI%TWJC2o^8N7W4 zfH6}fiamJ!V&KJ7Hp^UIMm{d$pT8Eg8VcW*Fg7p|G-+rzFf3q^DO;5{hP^(0U_zA= zKu)?c90J__dK!`pUphT)UBVvi2tywS!{!$RJ?BM^J4Ep)%9^u+B&e$V%Fb_U z9{|A{D*kXNc1wt3W|aaX{#d0cp*Ys#OUx5^t}yYr)05rkCuK(&WKfLJK*VkiQhQ`M zQL+3U7s+G=kT3^}tBJgR{NqM{e`IE`DSIiy$2H#=b>5A0nS1h}MX~OY^3_1VX~pb- zbya-9U4=Pn%(|88Bw?2Y2-@|3`7;G~_FSr{oaVI2wQl$TL}4SMm(!F>P6K{3;Zg|7(QGxxGh!fn$j^h zP;T?b9O4#NA-*1D#;0}A`OW+cvE0S#(b)KNF%znf!pGyYX@}me|Dj>|Vg8TJHcDX+ z@<$~=W3==JaEEZ3BSe<$ie-Zm3s#rc1x~o3VD<*9-MwwjY6mDNQ(2l-;GujfqhtLl zxs4QSHq$^R{zie4FsU+;`cB~aURH4JHry_yGatk7zLHRMO>l^d^~h8JH9gFV{%7_} zPa!=$w?^cSXYwz>Zc3BGR)UQ%eU#YnKS<>KAJ4HQzdqB3Fo-{^U%Rmxzw|t8z+JV6 zR|*7m)$dPBjEM1hwLv=z^92#W!S)u&7h`rWSko0DT~>XplgFf1#XRF?0s?9Rc$WVl z%q&DdW*yb(qZT)*?oG(0MQGlq8f|RdV2+9up@fe4QdUte-j%>IHwk?Se^0jy&*5bs zWZP&L-~C7Vg-tilQH7-xmYAkeShtEKK9_Yr@9#G?w2O9)M!eadE6SAXO)zQ#N3UWD z)bb=S_uoI+ou-qFxMg$e3M6Omy@$=tA|9F2Nts@WSR%3vnOKsn;<--^_^EGG^bsAu zn1cEQ2%EE0p(`Z`qsKN8ecDCHIgW(uqh+Sj`^99^e614C!v@HY1j29ng?Gz%zlo+- z9A;;`3>OS-&bY$At`wF(B3KawEBdp^)U`D`Lsa1W?J3s!$ij|4zyfr?sn9ley2Zgj zo4_)YI34+3ud$t`6jbwrwhDJEVA2v03c9P*=^=K=J$HSHbHDV&v{6GgE#A9*IQJ&| z5j!Q(E&O-k^nQLn9exeB;_AZT@n8TBOu$kBAbBUPS*@#6^?GwZmmUggq4H^W)yK#< z15v&-_hsx95QGk#v$;bI#uFibfNx0IpG$pywDxOP(McDG2S0jr*-cLiJYNJ}mz}~N z%KqI8_v-v`L5{Z9?OHZALHzgc;~dWyrC(-#Mr&excuYW7z(L8E_Tixx6Hbr0(<4vB zQ&IL1{I9fBX`*X5m}y#C6P3-@{pJ&J|4yGsit1ZA%>k6q)V4b+U}1M;Qm>m2|3Cl6 zUP9>aA}YOzI>!}Y$8fiBOUm#+vtc~&j(|0;z(Km($j;sAGph^!2Z+^_)261}vt|y; zs9!UX-o`&WI!(|E^2N*z$xe!7TQtxN0~>-n|2Bq(H; zSgKm|T5Vxd*Mc(KQspC&KbAR8Tqh0=0EJXsCc)isKpMEm2nD9C&_()W$-ByN7@&xI zKPpydM@Y@KqicS7>7qgP<4(AV$-eHXzN7JSBZn5MOZM0~2l*Yw@woT&gGlt79#r*Q z{!4Ug?;{V(Rxfpql@EaB_#YvUIs7Y%DMVtv**)6~)5(%5Dq1ClJ{lnxESAwi{o37< z<8O6+c--Y{W6Rb_-TTIdV4)QtdNBSrpCp*xR_{ePR?Oha1;r6PP~xG;jBsc6utR{~ z9xXe8P_vMWS5FhZq3La>Op~&qnV8zB*$7Zfk1*t9n5#b~b#Up{$m6XSx(@n-s2y3=<{X!|4w3FiCmv2>_2MEoz;w*ftt0;F!W23m#v$kXal_i`+PDiSc-_#zGM?#sWi@H)jN?P}?$=M_*z zPlGUBsVB#X$NoWRzfNf1J5^uy9NA!E6Mmij{fYbf(R=Kv;D1b0<$C)<(s)Y_u|;BQ zg^|2|JrPulTAcUKe)O@^J5@!*G4qv`&0}sSbk6HIrdDGm7H!8DI9o zrZ)#z0q#$Sp$@s2-@ABP9me&r zQEI{inIdFx%T)OIp5d=^S$|raNK>~+R7UuQf;GhDOS##bONdil=7$|;S;R7Pb@gE# zUR?Lu4$agO8|-l{V-w4!0`4O%a5ahipinxk#1fCt6knciD0AEg6|@B%?J>=VMiGM{ zYkr$ac*03g%K1X-21)sU<|-!V;J5OQ8AV%=L)s+h6B`KyC}Y!_lDPPVU}4o(_?g+x z1#U2;b|eC1^S0FxygB>`%s`*9oq5d-f{5alxE9NH4GKt2gLkH)vr=?Vkbk%u^kXao zgg%F`m-jJ&JCkGJK%9qPVPz#?Ubj(#Q1?oAs}>D70>YP#stv(0eH?;d+ccJY(? zwN1eUvreVzbPKa!KuIpu|K%?quV%#{G(Iy_m#Y?wuh7k>xgy#A8&+UpQYNhFCi>V3 zV{#j{g@481ZGYR-(;@$kwRIUrEUR z^DVkX8!}{#FtJ0~nDQ9`Lo=@R{e?4?cx@ive3JSiSV-4sLn1p$T;=!OD)D;DgT*fL39lFp@Y?r$r@(;4QFq} z6DivEfq+z+Y7)yH&%h${AOQV-_to7Jh&&*eT^ zH-O8=oJ``Ca;^N$Lw1CGzO1df!cV-SJ)3QR@X+nBAIcz8AGyhAm~hkCQ1vB-$yj1V zQ=fIo>5`8c!Wbj5pu^$7T2}sw{`x!u51Qe88Kh;Q9pu?EQBYQK6aozrZ9BVkEiY`C zF6AM3fxV4F0&|0OTPC@9S|D>M+DFBWpL2#O>)7EvCv)=Z0taPm8Mt$2;Y`6rT$3lE$hCaL@}(D?)hEAbFipIvd#H|QY-m}+C|^69IsZx{P8xr#eN~Cg5}?+61_h-Y^;2o z1YE={RTAY#%ZWTFACi+&?!YV+BEV@bZ(rXy-VpYE0C!%;L02|ll$S<;1DqgN21^*A zBJx8-F8}h*!twTzz$Em#pr5Bao;u+!i*w#D5ro`;S0oDly2_!kgg`~kR3{uLWc?a~ zJmK%E8OmX0jrc@JdVFq;wa-kKX099@*RY{WCF%O`;yV zU4s>u8uy8IzroWJvE5PJFd2Sb$H@#)DLvb!pA?iEf_|g|)`#D%ebqX~%^ufx`IEf+ z;t%_dT<*>o+ak3DI{_? ziX2xv;I63mY*jftj;ifJN?j7oybGTDV)bCD;rWDPfG696RYTfwCThkShW-9Umv=_B zt%X%QJd}M|G2(C_ymoV`c*nyU6QaXThTG$L#E$)Q7`t?6_N@;o&fhkd?QC>@6ngNp zD47q}hL78p14QJHt7c|)E%XF`u`$K$GccxTSN|H7)C(ceSxnZsV>z z*k;fvgxjt}hD{h1_6m8X#WJr}(=z{f2PeD~Myb z)eUxX%onIp|%7x-P{DFm?L8kJ+rcHN}&N$+8{ui41DsP#Y2{JirU zla8DE=J0eVlg5ZkG$_IDxKku&Hs?8DQ(%4KS)=Z->R`YoI~kyFCd(Xb$sYNE|LA5i z2e;%y-b)VN*U}o8CSIy--&j(R;ro3aR%%0zMA}3 zHr}c&5h0M{3Fu^9o724dx7<6H|Lv0hwi(^IPz<#D9vSau6*T^R(SNs>{CrjVz8O&e zUE?F2e^>I~?+g2H=NIkCL!KW}*jBpri35Q5&7k*> zGNHckuBR9xEYv?W@RvN#sF$d5skNiRKaidJ)0t=4`rJ*zZW#f+!r=Enf@K~cX9z4) zv=ZsEgyV>qJI(DpBuGaZK1~aQ0L1Sr7RIp~NgB852{dOrx*;?$1!f?;5&m#VE7#ex~PF}RU^ObxM*4NV$W-+lxmZd zA1^m>c$E?e$qvNKv`_}eZVqMQP^uXz&~Z;%vu5(3SQmu*;_so zxqZ&7fLi>s!0j8yvWprr0fZoN_p7eB3ct^q@MskS0@p!x9(NVaGM2P`m*5~X>7ABs zC#absHq-YtoOyg^1AIj?I6fx!O30UyT(lIKG12h`)ycVJqxXOP!@aW-HcUHbm!vRO ziq)XzSs zgP8s;tbxnCL-L4q13r2#<7t=d>$MUDBYpjPaoHq$mnN3=^LVO$0X7p8RuvE)ubmav zhJ5B}*&v;MIrE4dlBn>C0sk=HoQ;0Dc$tH1}>QNM? z!_&R6e0!(KxB~@p0Q{T;!JS_s#HRm1$tM@40>mGs?xnqbuUHn$eUST*+3zd#5V$+; zYu2`f3GIEqCcDLO6@~>bjI5>$GED#c=U66e5J;_9hNFS@nRa@s&Id+$_-QrT1(U%- zf@!eB(?M$IHcD^lL`Jk|4}ut9BHS=HjtI!0DsW%W>$jDo^L`{ zkDA`6(-7h?`s<1{(M$aAE!kd{*WXa6s+b+)w&EEzCiWSNE5C0v|xPT!zc3DJ9_lvewNBX{y9;pvVT1#%Cb z-@Sr62vR}1KY&I26aN;{4L_f04|Ou+_HD!u{+{Lvr?QG|Z@9d(A+?BqIr>V(4}&{U z1HvC5_$!*Mkos|@-wtY~;1`&JeV7lF+4?2}^8WM~fB!#@he+yA_WSbEQwR60gKpH6 zj|QY=V^`!jnB~Co3HD_=*j&O&)?j0z?rVh}E3P29wC!UdC~>Y~@{zs*gF*SfjN$=K zamW*)d9$wN2@=Som4@oM^dBP3G!oHDqU;%;i=--XX`(d%Ckk>%uRUT>;Y1;Mx7yE5g@YYI=8#rhn49$Gt3OkXB~yA~ z4-i!`1c~5yJZZ04cUyVOeAKw-U$b(wpWZE4h_e3NA7lSAn};D`!Zt*ZyIzgV~8S5b(-mz7y!tOO0comun{0e6U}O^3 z8Fqg%93RQ0vJG)5yCvAjq#fu;zT^@JNk2~)yK{uctu=@dm^b>+hOdnqdL-`Mertc( zghm`00($y;*GvaL;imX4no-{MfY}ewM_83rbTvFX&uBDh6L@8BE7H~|=M6Pp_XKGg(V(3j<-R z*ALmNb)X9(hwe0BOyc&jRCoGQ~lKgtO`1AJA38!k!Trm>4`JBV8dq9opy+ zV3~6mRG5VS0fs=cu`Lgvj~CD=90d>;!e|q)dY14Ep1=hudAtuu1sQ1%#z+!i8Au$V z0W35FPG8e+X&Cb-1%Cth5N#-Sm)~r!aQ9l5!eXpnt2kIQM?O6l|L^{|RCFvD2XKT@ zdN=wedUE9=}f01(kY2}nNcQdw9`)+P+Y~%Pf2QLF711tAm1pi;xe@*#sr0V}g%E9&@l>gTA zHzhaS9}WIZqkk;dU#(y3#S6tv_pi0*g*qIY!UF){2N3@*pyUR4<_)QbBHZ#xN9YeC z)&wc)_k+oA8%02d1BA#-PC%HSA1`1qtmzfp7!@C{>P8EuiF|7pkP<3D4R7 zKjH^~KSD(efyN5`37 z?Nb-{S!YeWzfyCARs|V+W2Uh>ExN*CiQg4JM&@JJW!crd z39QB@-dRkr15x%~kpUZJbzZ|BnnCiV0n=cjI#C;?a@3|1YWq{rASI=bLxM`sl8#I& z3Jerg2n&l+xs+y;YmtIFsglD=GzQ9Yre>$q;!qQQEN71?BA_V$q&iKFOddiLkQ@)o zS7wA%gHvfSNra7ptx+!zph_6afWm7(k|7{KK!AV%0RaL6Tttk?1v_cAUOXpfHd2&% zr=Ldrb&pDVt}?2nTxB^+`_{#<5t!A}W59%)t{(k)Y z|Hkm&UMVSnzybj~K0ZDY=6JRf|F>a(#Q37heuH>=d0EnZQTw3%0s3!j{_g*eNxIgB zx+dKQkCZO0I_dBm3TEpTe$ix@Nbf2-s!xAIv|W1GEOL7u+aleZXp^qzIk`zV4~ ze=PLF$i@Y^n5_M<(HWihF4c4)?Qu^GC%x~#FJ6#YN~#^N@2(bTxKNe*k6D#eK=$yN z&yL>O3)ZKHNHadnD-e}VR?kC|wH5+9xK3pIlW>(0ow0pdl(4^hrfpa%Q+gb&5UM(T zu3V2=k5hb$qgt=##%G{;NU*W%A^cLV%NeBYuG?j#jEpvY!l}Rlo zCnMHTWWWPP#*%}i2u-1}$d)Rgo{v_sO@G#ytPGX1SaTr?D(vs&bOZJG-1f}oe)Q1+ zl*X7R=$asESFdq(IUY_MTT$F4s`2xhvlkVrS&z3~x*lw(nZ=>Nm%NZHH3^r2_niy# zsIhL;2>t06!yJDip;h7!3 zbYt(&(s6LOT*`=AQM@5RaERnmc!}XMoC&7tB~|At6j%M@^;F?NmJ-&+YbRlqYr~o) znfjgC$5_Wu7p;?7(i`{y@2b zE5TzmEo5sZbCC%n`up4Qhz)e3{Go$|eyi?9rTl;yXF5F3Bt>y)mY7hJInax_s)6bG zVPUNOxOfUke}LquXp8Z%mgMf?F`_@>Ad#xoIA1xYimQ#JVxEc}yb6}iZVv>Ehv^p+ zgTSP%^k;uf62xR?M)7z)$#g&0a+O>)SjI+$=T z`;qsxOXQXj^;E^|m0QtGin)1PK6%V!XFU%iYgC)jNy@p^+}t7aW?1q^%POp>_UoKI z9Uj~?xMUhf_3vi#N6lsnA|ZS@U>gunAew>!ps8yom-0uGv=vciDhTDGPP5yij^rsH zmKM0t`}nx<-PtJlLiLHe2_wqA#mHHmP2GTrG5=O#G{-|) z2SM4t-5@0$(Ejs*(|wwJCEa;t4wtKh{k;a3gM&kCT2lCGKS`0K<~FnC3J5ILoGY|g zmZRz9@%?!sL#xEf^iU7&T?O-YS*n6)%dvu@5nDRPi1&$llhZSjgrwxPUNqiBG7{sL zzvSmYVE1~WUuS*Eb`M9}uOd>iCL+*1vw~_GluJ`?w9-)eS&X$n+1HR*B}dJoz`{0$ z3jI@^H7-A_+5CV*{LtVHb3|&^NHy2;7ennhsy7c)8V5y+!8b+aXi_E;{h+W8zO`hD zF!`a5fPx|i(!)`fS$UFN3p+rnFjW7a$4Jt+YH$;h$KHWyXY8hZGsWwv1Iaa-sFK4~ zmRBG8Dnl{K1fGbkP?!Rt$j=k3z zzi1iG`}D5s>IHbZDb>=`Y56n`w4*|&ISddOpW&69^3PH9h!7eY+BK2Uim+0K>E+%2 zLa%uVyVFrORuTWuadS~Gu-baV#ei0EQ330EpME8YcCCm0Ag%6LPObuSkVh;3kcp2g zIkZ!g=cSZh$S96R^C&-<4JUpQ%z)An-+JlUD-gcFZ*$7)+@<4jE6(T;&X1tgCZ=i#&MJKEQY--rq*aX`!Ronh>cf6P z7RBnf%^%`cv+1B%9DK}k z$Ni9y6HSU$Vk`+x&A;HcF^45TN-S9^39`|yB~~~2^r~;z4>c&HYc0uq=(RCTh&raV zcmcjHV|nL|pW}O2qliUt{`;W1;swftiYfLHQOT*S!GW@Sznf%_PtfR?Y;`{V0nS+m zj?Fa+^J=`Y ze-bg^CIu#?qMnR?Gy2^$MVI<%evA*X9&0|(_MX4Rm&o(Zz*)qQJ4Q-fKXoS6Cd1gL zdTX(`tF{PP0pEX55fz{BQOYlR_N0*HX692D5i_u5eia# za$yf?7ug$)GvV`?k=J`UbFt<-upvAvYlDN^Df|9!KhBkuAkIPNIYefFH+mVccmp=vs7 z1r`RkYQK2Ek5C2e^ddi*??$oI-?f<|2eH;{WGvlib_5rV!aKBX=5nc1ep{MU_XN@q z#@BclV(fe)pXz66t{Db;l`N6Pd!S%Y(<0V3U_x zU@o1B@ZaxknXQ}%hk*R~aDdL3R0A31n2wp$bji+Hp4T|?3JYhA{j?#tb=6{4k^(-h zI11V)I}bf8#?Ug_ZQM;|D7hFnaO#&Ensc6PRHxRu#qujG*lP}cR7rfFpJKUC6D&3n zT?sQ5mcuH^_AtKcUjNPcy4<+*_-4jqJH1n$i*>r{41=SN>h-T%Gkc`p8;jZHsaRsQ zvC_e6t^Ptn5T^e;s)R%$Tw3g%#KAcAT3%93)p@}ZFnFm-f(j&KW)>fb6vfDV-RTfj zlW-}dC3(?{a?&Hf?QfpWr5aIQF;;rCU?%k0E((YNBgW+qy)b}eAf#Hb)!T3yPiF8= zH7T)%VIT`DD-;kz#*}ZTFsSPTn-lfWzAXNM#9MNgkcWSVh4^~Lm216yESGatX-5i`21Mw0XIlBGwJ_#^S%D%$tXs)KmFf1qa|@yhFH#MX%iU zCOcx9)&frxu07XJJT5V_pVN-Eal7y2U9?=@MZkQYLMB$%C~K5}^H%xwOJ>(UDz>Ox zytRJ5FxN7SroB}#iEc%PYaGOwWEGDIvQT=3b@yALfu|x@KGR6+anuTj#qm?2WUWG- z^c0i%uZG^5?eG@t*B1-*G@59PYV&vav8#nFtP2vc{$Xdj@x-foA_TiP&upSL1aBo~ zAm2GleG<;i1Vw_@{5%dv33_*RRaKqIY;p1EeybrTE|*H}R-1WjNm5RXPyD;{^|;MN zR8&m653iDhwfa)k=?ZO4s+PnpQ-`=&?%T*kh5VnNn!x>P?Fd>I#|E>f%+ zKc$=+=$0-Q^Tw~$Rab~gEsjT6JyA?4K$laQtxLX@o|KI~MoV^AmIN)Mv{MJhMwaHG z@Qwple z|G1ups4RBq?iT@62@cwRhzd`>&o>$xVRa!q@b(q#9ud+BM8DD=!&q`%^s9@< zhR7M8Xvd3T`exv;xUs}#3hrRSQ*<@oUb1aPt&{c0W9BioZ=l2F)vQm;DHkKD4Ry6% zML*_spt>h@tNJP*^E2Lx?+07l!R}m`7)&xBIJ%=rwwa%((`ceQ-w5|@A+ct z$GA{Ys7dl|bm*m%uUo}v`A73pA_!wKA)6|`(QRx=1|pXT@kV63X~oFX_vJoI4jxP| zY%Y9(6v=oUDTkNpe&I6@JEkz*u5lEUqZ5le22X6~2Lw;T4g=6;vI51rOpaSxZohGS zz@54lAqQjdjof$4ILf-kURS+89bvtm*O{1Qj)gR|w1AzR3J2hoPl4W-Zoe`6V9=F= z3izFJFm>&i;Oa_r*%}63q-`w*fI?5@OQL@l7B1fUI4;bxd$}_oOJ$K1USwUFMe4gf zoXk}$l%Z4+6C=*kYTKFzz&MQo?Vg!sipkRT%O-f;)>;-g4x?(k_?_!T=z4EZjFl5U zLL0E3(=@_#$z~Oik*@M_F1iUXzG&60RqeGnt187I*$kWf;@T7S<+0@=yIDmEO-S+x z%~GMHuI^l!!yr<-HJ@O4%(%gt)w<24_V{dX|I(QIRa2d<;`rK`E* zACGKLAB|F|U@bRX4ZuRA(@0_`4FsUryq`#X7t+GvKGFI!l9M^*=H_|4a5rMoqG;dG zp6KzSv3h`2v1nuBLX{;|^afJ|VK6^ovSh^v{NhOYu=XyyU-8cg9MCpW9kGcEI|9JN zeFhtzu*`Uy`5G-PqpWvMv?2yZv~3a9t}I6rX|8T>dvl|CM_QNb%#lCtD}A?rl4aU0 zS>K|K$Hv6)XAKf5nZi%gCvZAj5OX}kg@uJ7V3_?L^^(Oqoi7cyTvS^r-%s5c>hN-R z_@+wn{8)FJfFvKywg1F5UJc?nk{KUnYLiTLz@V-;M%~J@w8*qvg;YaC&V}p@{}tsv z0EG7Z_*XtJU4;MRAR*c#Oakxq_eFWmk*NIqWh5lI_cXa#>X=C6$%(PTxL_JljnI#I zpUHj_lBf4M^Yk1eNDimGHu${{v)04!P;|rUx-;^}+2VqZaP?5`+g4ViYR;gqoQDSSSKvA!8*n3K}`uA1Y(sYUQSGc{3^1D|5Xz?^&-IQF!e4X-%yaWwPF?e#mN5Kf&Z7jUM z{c1aK{#xnrguL`35V$vBD%Tmn%OWx0n3J+mawtaYEmePK#~r{pID^EYd$}IM(~Nn7 z8Pjig7k^+wH5Y-?6g#NY?9G(TZeybbnEoTh=E=tbrN`_zi^E1jfD0wPOR^k%i|4LO z56WklQW?ERq?J#;L0J8=0x#N6`wCG&9%x~7X%>`bBim{14 zGWygVVOgGeOaao)0l1^cOIz1H-bpf;U>e>b#MwC6^k+1 zuYIL%}4l;88KU{ zBxkmsF)bBXV^_UD#Rrw6!^2t+unnuuw98jY9yhVsZuFh6_HWSp!mk=F(w~pE_S$>R z-`RXlXjIbkSvwmEvmurp6(HKT&=hc6htj8?u1k1Q(bNIvRBALc|e>-&|OO5h`&on|*n zVEJpx=vy1g5`$obO%{9+lGBE=9){R@P5tSb<*rJT7aUDqoB`wNjYZM$b$kin4)F$y z*J|I)qq(<8;A1IfPtlf7HPC);--C@FUGP)(pTCa3;gEf1wj4%!hW`CdiQ8_HD&bJKNo6929oQQTSN zP<_WWCHG!Zt0#^JMKM)(8>i~e)~I)0_MvqWYsezsd3wmsk zW=Z|&s*DF<$dKGNx9-;YsFpXr9C})-1{MccEp?a>sm35QBVLpeFjVbXWw+*LW7s#d zS!IwO8F^STJ=}H#`Ga;R=dFCVO}E-t#Pq2aj_U)KZ&2zG(+u9WH6knbmppw|%?fFR zXlDu}2CF^}=W8sy?b6NfKqK&5JNt8(*&BYe3Zhw*J54Uh7dtH&@Sfl|V6p<9GCEoD z;Q6O|N}nxR&AcuZ!Ld-ycQcU-Nw zS-Y5T4eq=v3ap#SM>-HixIcSu;?v%)N;ff)GfzWO!b|kelF2i#6VxIXBwWe{m@cg* z?c=qz@-s?}vMxTZiwiS%WU98%si>bwX4$*DH7%h;$TDOE-Q1c^APHfQ1&1CE4JfLq zd&e|`K({TXNuQ{pBc8XUs$JXdMLsJ=mYg<7d%aypt!vi6nl3$5#+Y>&8qcDYWu>AE z>UKhH6YELL!fjOU_=P*+y(v#8aHD#pYg?Lg^gIeqct$g?Wz`V>3a%fafOb4QD#zkI zeJC&E)@ups+CuzpW>qs&6jrV?8wp{trg(Lo?U<<2kg}n=@GKU{f6)A#edM8`$>2if zf1M1m8tA8ZdgOn)Bi8(esVxJl5K65=!$=jIMSSK5VBhK7Qc2YeAU2 zVukZp?g$3*YlB<$da8Uyk%`a!0lIXtQoDW#3AkUFuIKiHr02RroueG@s{u^;02@K&wSL>?b(v6HR%tFxfh}0!V+Bpt`y_3fZw( zuylW=y=X+2&YMp$Kz|)`tzi?11Qr4>2vbjr9$-l@;O$^kzK5t6n}AM-=!04DHy^yn zm8{umtrx;(J#HJ*X~q%o)Z}87gjI8t(3OC5Ti);0Bow!!bo@HugJ_O5eo;zq7S(ZU zb-at@=NbLT>lQ1w`kW=T!ar~W$6cBbZ>T)vJavq1>w8;fUg6?npg%lrOom@Dnh&J! zGMBJRe=gYfQMnyf+7gvid*kE9hxDCSH7AGsIGvRnY$IKcrW4@tjL5Nk56=F{ZRT+$ zQ0mj=Qc>s=x79Kp7-tdH&cT{Zg`GvCH6Ki=O+`*VM3SXuN7ZI5IRexgpi-`p>WtYg zpDWU2zYB)NW@A<0nLAUZFZ3--QiRDvFECdxO%vbRmi;_z+_THvw)rSbJG?A^Ku@I+ z2jKEo6|g2$!*W?O5yQB&qp;ASG>hWA0t*W6iE?w9HRvi%5Cb?X$}d{gjFU~{QbB>g zQrvI$hzN`Guf7+{I9#6i-k-VhDWc@QSQ!~K>Kz7ybFGU)PwuO9+}73 z_LA&~KLE~Koz~v!L^}@AH6O%MbRDk3mlakPgIZaQU7eEy$4)!tOy&WpsVzyY@ss(9->BT_DS?@t1Pt9LRjKt@BSRW4aRK~iCt(W^#3|6luMM_wp zQM-(q)|I&%VF1mQ;pwRy0^+^EqxHtCEJfiukQz!X5D9;xR@~<_V)Aby>bg`LIb9