From c3ebbbe00ff58fdb96ea7a9820008d1947c57681 Mon Sep 17 00:00:00 2001 From: Bowei Du Date: Tue, 27 Jun 2017 00:38:14 -0700 Subject: [PATCH] Add documentation for DNS stub domains (#4063) * Add documentation for DNS stub domains * add additional prereq * fix image path * review feedback * minor grammar and style nits --- _data/tasks.yml | 1 + .../dns-custom-nameservers.md | 151 ++++++++++++++++++ .../dns-custom-nameservers/dns.png | Bin 0 -> 28795 bytes 3 files changed, 152 insertions(+) create mode 100644 docs/tasks/administer-cluster/dns-custom-nameservers.md create mode 100644 docs/tasks/administer-cluster/dns-custom-nameservers/dns.png diff --git a/_data/tasks.yml b/_data/tasks.yml index e3e4c8dd95..8beb20b7e6 100644 --- a/_data/tasks.yml +++ b/_data/tasks.yml @@ -136,6 +136,7 @@ toc: - docs/tasks/administer-cluster/highly-available-master.md - docs/tasks/administer-cluster/configure-multiple-schedulers.md - docs/tasks/administer-cluster/ip-masq-agent.md + - docs/tasks/administer-cluster/dns-custom-nameservers.md - title: Change Cluster Size path: https://github.com/kubernetes/kubernetes/wiki/User-FAQ#how-do-i-change-the-size-of-my-cluster/ diff --git a/docs/tasks/administer-cluster/dns-custom-nameservers.md b/docs/tasks/administer-cluster/dns-custom-nameservers.md new file mode 100644 index 0000000000..dbdf56fb99 --- /dev/null +++ b/docs/tasks/administer-cluster/dns-custom-nameservers.md @@ -0,0 +1,151 @@ +--- +assignees: +- bowei +- zihongz +title: Configuring private DNS zones and upstream nameservers in Kubernetes +--- + +{% capture overview %} +This page shows how to add custom private DNS zones (stub domains) and upstream +nameservers. +{% endcapture %} + +{% capture prerequisites %} +* {% include task-tutorial-prereqs.md %} +* Kubernetes version 1.6 and above. +* The cluster must be configured to use the `kube-dns` addon. +{% endcapture %} + +{% capture steps %} + +## Name resolution in Kubernetes + +The diagram below shows the flow of DNS queries specified in the configuration +above. With the dnsPolicy set to “ClusterFirst” a DNS query is first sent to +the DNS caching layer in kube-dns. From there, the suffix of the request is +examined and then forwarded to the appropriate DNS. In this case, names with +the cluster suffix (e.g. “.cluster.local”) are sent to kube-dns. Names with +the stub domain suffix (e.g. “.acme.local”) are sent to the configured +custom resolver. Finally, requests that do not match any of those suffixes are +forwarded to the upstream DNS. + +![DNS lookup flow](/docs/tasks/administer-cluster/dns-custom-nameservers/dns.png) + +## Configuring stub-domain and upstream DNS servers + +Cluster administrators can specify custom stub domains and upstream nameservers +by providing a ConfigMap for kube-dns (`kube-system:kube-dns`). + +For example, the configuration below inserts a single stub domain and two +upstream nameservers. As specified, DNS requests with the “.acme.local” suffix +are forwarded to a DNS listening at 1.2.3.4. Additionally, Google Public DNS +serves the upstream queries. See the [ConfigMap options](#configmap-options) for +details about the configuration option format. + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: kube-dns + namespace: kube-system +data: + stubDomains: | + {“acme.local”: [“1.2.3.4”]} + upstreamNameservers: | + [“8.8.8.8”, “8.8.4.4”] +``` + +The diagram below shows the flow of DNS queries specified in the configuration +above. With the dnsPolicy set to “ClusterFirst”, a DNS query is first sent to +the DNS caching layer in kube-dns. From there, the suffix of the request is +examined and then forwarded to the appropriate DNS. In this case, names with +the cluster suffix (e.g. “.cluster.local”) are sent to kube-dns. Names with the +stub domain suffix (e.g. “.acme.local”) are sent to the configured custom +resolver. Finally, requests that do not match any of those suffixes are +forwarded to the upstream DNS. + +Below is a table of example domain names and the destination of the queries for +those domain names: + +| Domain name | Server answering the query | +| ----------- | -------------------------- | +| kubernetes.default.svc.cluster.local| kube-dns | +| foo.acme.local| custom DNS (1.2.3.4) | +| widget.com | upstream DNS (one of 8.8.8.8, 8.8.4.4) | + +{% endcapture %} + +{% capture discussion %} + +## Understanding custom DNS upstream servers and stub domains + +### Pod DNS policies + +Kubernetes currently supports two DNS policies specified on a per-pod basis +using the dnsPolicy flag: “Default” and “ClusterFirst”. If dnsPolicy is not +explicitly specified, then “ClusterFirst” is used: + +If dnsPolicy is set to “Default”, then the name resolution configuration is +inherited from the node the pods run on. Note: custom upstream nameservers and +stub domains cannot be used in conjunction with dnsPolicy: “Default”. + +If dnsPolicy is set to “ClusterFirst”, then DNS queries are sent to the +kube-dns service. Queries for domains rooted in the configured cluster domain +suffix (any address ending in “.cluster.local” in the example above) are +answered by the kube-dns service. All other queries, such as +www.kubernetes.io, are forwarded to the upstream nameserver inherited from +the node. + +### ConfigMap options + +Options for the kube-dns `kube-system:kube-dns` ConfigMap + +| Field | Format | Description | +| ----- | ------ | ----------- | +| stubDomains (optional) | A JSON map using a DNS suffix key (e.g. “acme.local”) and a value consisting of a JSON array of DNS IPs. | The target nameserver may itself be a Kubernetes service. For instance, you can run your own copy of dnsmasq to export custom DNS names into the ClusterDNS namespace. | +| upstreamNameservers (optional) | A JSON array of DNS IPs. | Note: If specified, then the values specified replace the nameservers taken by default from the node’s /etc/resolv.conf Limits: a maximum of three upstream nameservers can be specified. | + +### Additional examples + +#### Example: Stub domain + +In this example, the user has Consul DNS service discovery system they wish to +integrate with kube-dns. The consul domain server is located at 10.150.0.1, and +all consul names have the suffix “.consul.local”. To configure Kubernetes, the +cluster administrator simply creates a ConfigMap object as shown below. Note: +in this example, the cluster administrator did not wish to override the node’s +upstream nameservers, so they didn’t need to specify the optional +upstreamNameservers field. + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: kube-dns + namespace: kube-system + data: + stubDomains: | + {“consul.local”: [“10.150.0.1”]} +``` + +#### Example: Upstream nameserver + +In this example the cluster administrator wants to explicitly force all +non-cluster DNS lookups to go through their own nameserver at 172.16.0.1. +Again, this is easy to accomplish; they just need to create a ConfigMap with the +upstreamNameservers field specifying the desired nameserver. + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: kube-dns + namespace: kube-system + data: + upstreamNameservers: | + [“172.16.0.1”] +``` + +{% endcapture %} + +{% include templates/task.md %} diff --git a/docs/tasks/administer-cluster/dns-custom-nameservers/dns.png b/docs/tasks/administer-cluster/dns-custom-nameservers/dns.png new file mode 100644 index 0000000000000000000000000000000000000000..b048875f5346b1303f94772fac2f99168e6e525c GIT binary patch literal 28795 zcmbTeAxI=OG;x0v7v;-?&+zIaP?yjY{7k4<<{k-q< z2b{A%1b!qWTV`g@tTih?loX^e(1_7MAP|O(^d}V%2;nF2`y&_;c$`Z!dkg$Pau%0S z1B1cK8;XBGAP7k2lbD)E+EKc@4=$9XKXcLR$!Wh)O&l>72L?hw%#wA$&*g!lV3RNe zzE7MFMZvE42vHG#-70-bgJ6{v9DKRPe7uzC`LclZ9@*9qX9eze`^C*-cjtP?PvBzY zLNJK64?;ynHBI`PxEX<+{U#thJbY?OC89Tw?So8JWh&K$I~Fu{*Aqsq&X5on7pD(z zZ;fQsVjoTYs9Bzyo4d8U`zBCSIbJr;m=Kk6X5koiH~f{C2ZdN=iS|(|z|QvKAH= z#DY*~(_tub`Pxo*=iBi1XRm>ul(Dg~s6ko4w44nF1_!m9T&zSzI|gE@@~El|2RTKU z^_nj4b~DG*1?HERn=6;!JNp-vmp`90pLTV1dEJ~~fIgYjOG)m)V>2^FZ01VuE_R2l zuM9+UCI#>Ja{6N^#s>yK+7+fL1f>0=zt}cQ;B8J{zgiyE3Gyx+yNO{vSNx(2cWZvi z92w+|-t>Hi>u(<)li}bv?Tip9$@LJkI|19?rwz#l`m}^Vdg<7nl3f=GEHxjLGIm{f-3+=?ClW{w6$I zVw=4L1}km84;1)va&oC$HX34Lo$KBN!4nZIZ4Fk_`6($W?OtU;K|u-y!-IpdPr%$U ze*E}hw^TD}T^qIf^A!drCT5};0)&g}>S(cAugRsTv~*;2G%7lJZr^2hJX29ok%IRt z1gZ>D($~-U`BO<*na%A;YyW$%@nVx}$)M@MbU{pJ=KAp!g|H7VA77)xdfVFC8so5W z+M%@(NI9P>uo|pLaU35jRx(0^}Nx2Jw2qtK77 zr}BWwMXiRv!pfQCHR+2~El@z{n8=b~!XF+<=FqLPO^%NbX7k$!ApreuXz*CBvjhFs zC_zF(LV$2{*8!%(#Z_xDo}p95&C03-pLbZQDe@cDD7ngs5k?HaXVTeo;RkvA{Xwgu zs!FSvfewm}jusXc2C@1-`zYg5_+Bc5_Es9J!@|OV?HV2~F;JJ6AFZ*P-oj4&TrGwR z-REO;b}-Vu-WrT+f4)Bi-nGec@_mT77*?=O*$2Q)EmKef_+wU}5%}_Hyl1+Lkpm{H;{zO`S@%8_ z($t)vnwok;z$|#P;{5H~H{biq#Rf+cd3pKuHeVSSIvQGW$)~R2;Wr?_NqD2D_g$QK zMi#3rVw#&D9`7#j&_d|K>uaVbCzZ*K202OS!eJyo{3`YiZc@Jtm^tm|Utb?@ z&)nC2dAPX&BVZL0@&#T_Pfy?Mb_@%b3Cd9vzN6;gP_44)?dg%ezgl)^2Lh18LWS5= zbEQc?TA(P*6!4)xok1c`m#UGDIyyRfG*|uF*>uK{$8HZc@K#{&xb0VX-QC?mKN;`q zA#V~RNBqfP)U(#LadFeYNrhpM)R_$@D(6TtX;*D+#)zB%yR|!(KAtI}h=nXp$H_U< z+q)e?pijrbV$kB@*zWh_k@51c8`EMm1qGxBOmwxmUZ$_{mc3Az)SrhJBGl5~1jgtwr)|iC=+_1biW# z%VsX&qh_7$BD>$C2M zLLo!2(YO~ab#!h41Bl{QIGlQ&Ra%TdsJnlDIE5RuuPxa9@864yihjhz0I`_&>z{yC zdxxW)0pLxA)ogn^9#;&Pq?(?vBw;8^B9t(yuU$_{M`tO2R2M}I+0v=L zNxAd8C>vR}iHQkGGY$JF=%7C6)w<^n5lKInn;h}`_t}-YAdo0_PexBqU{{y_do2`{ zyKj<}QeQa7d5Ukj*{}kKic{2e6;|JM@;hA)Oqq%N2!x2>oxCPAc_sBUlB9pd>Ba4) zYn^2YGt9z&g&C<)$&zQ=PE!H0)zB;a|SZgGkbbG{;Y7L z{Gazhz?Cn1Fq2R>!+U(9y%GvV1Vx^Syl@G3e81UyHUxDLlHck^VSz$L?&zT%gzF^; z*zd8%FWg9I!RM+QPgkZ^t)fg+P3 z;%~OzNgch(iW(@2`bzIbI6W%Ep1Z{EDW&x;goY~g=IojSk)>3-wY8~_z0jaEwZ4Dj zi58RWp{%q;JVzs>=8R&dy+pPQS$U2z**la`OCCtS0+AU5A&7mVSfanzTNBZZkP)a6 zKvVP)i%mY;bJG@ZA6ADZ*|K7$&o}`H$Ox>c!2yumMtUsMV=*i0-Zwlb(W3iAp76HH zfK8Opyd!RMkeBP}&k84D85l|Zi9xd?3lyfB=@W01%p~yEY#Z0@lsLin@#v$2k0bm3 z-wLr+MH-r2JlvNC)05!IAaK!t>0983!5Wd0(55wmz2+^ zsj7;Yj{V8&daacf1OmsWr&Cb0n~bKAg`o6`Vi6^Kl5n4jct0P+Zdz1AKw?|l_+?S+ zjW+W}C9|m1R@IA&w0a|BBZ_jPI&D5CMq+H^XHqd~YjsxvjeRQXwIS5t@ND5yOZDVnbqa77oX+0+fsKkU;E zgkT{fretGX9?ljSWR9KsT|NmoXLJ%a^O7)XEWevxTWvqKfk8kZlgbb{Hpuuv_-yRR z!mAJJpw}!~G>_Ons4D*dtx5K$sgu)Efx+|nZMU!62cJfo=L`Hc$?D#riJIy-Bq$E3 zgB>08J-fkvbFI#(OyAe2>%l?jp}juCj40o^zb@$B^%!T`?IxdQc6MhnZa0#I&rt4h zx0#3Kwe{@ZeWDjCnW;f#ioMf|?rfg+2dB3nUgFDF?mhy$3AE9ff-Gz0jD#Q)ENHqy z&b&1Ugar;ovn(Nkk6|9)-bzU1A3t2t zC9b|PJ)u7bm(Yv-uDMJrO$%(S&gb=Rym6nv@F;wfrEJuK2|5@r0|$DzSij)LdG8EIbHM5UQwg}Zd^YW%j6?O z-)C7&gr4P?8%5HMMd0UzO zzT9FoQyqvpywHvYGtoMsL1pVUQ$+S^etc<5BE^y1&M ztWbtw)bt6amMLb0fe=tYHXY3{10GtQcqcphBxjmD7!g6Vu?UB*xFJ_i*htY$HlNN| zxhIS&!g7yV>iong?iC8qu%Vp?kc7n80# zdA@WYSg7eTspE&f$dnCVn+#5!D8Q(v3j_%lv0eDZe2BnIX7R_pj0 zWjHat)$1x@FmAcdJ_-S!(I6u>iO2VH590rF9QM|ijKZO~G?%{Ey+9!@6m#CDHtG@S zUC&!(O0lx1wg>vo;k`tUohge5jWmHeodVUQ1kIx*?-e!WTEA&w5Ek-A-n__1Mh5Sb z{r)hFgNzC@e+@STL}c)ofvjG$<2VqxK!5u2Qt{BZS=v2T`&!2Z&%W!F)hzQ_+0t0W zQ;Yt!3k*RhnH^#hz?|1A-QG^{#{6Jzx?}g{?#JrbkL>RVM{ec1K7!Xah>uM-;o~tjfuBN^G3tMdw1<%g>;^}iZ!CkI2`}iVog&&@MeY9Y~ zz=J`-hx-D3M=m~KUwyh%vAnlG*```^gy8+geV{g*7t z1VUuaePo9MEHbp~Z3v`$K|fty2e>qTXA_q`m<9(xz>$@ll0U6W3}B+)Azpb)lrL zJ|9+^sP2rlrX}KUonnHj2^epE?wqP;mj)DCv-hlB^qxlr0t}brD4ucJea{NuwQnzz zIo-Z`SpJz8DSh$ibi(AZpp|+Bqh9wpmZ|RLcbYm1>u>~r zuZi0`Q%ypY;%9f##nP@V$ymm_iH#-VK z{u@h&7x=#IwyLQbeqrvu1!^xy?iE0J)jaCL|ZKwNZ)gG||4c+3X|1G~)5wC(k` zk{Sj%%!GomfjgFGcpgqd38MyyVg=hIsmRF<0WTX^sux8T?}?KAE}(JV;arc64~2y( zWaiTsJAe9AH0W}+#FZzGO+@NLNB_f&FhSh$dI(P>hmD>3Q;u5Vug@|7oN#wXoB+H! zI4oi~SuTk=KOgn>Hm%L2NIn7|c$zqYfrEvGlXYT!_^|$?CUZfaXJfNejs5Z8Jvw6_ zdYbLOwKlWn&Nd?L6?0|kXwbjC5ey;XSiKSR+wL18)38u{0y>LFCF3&6BvaVkI49lH09vvH^eEt3-m2Qy=YTfIJeb*gg z=Y!cpvph3}v1lg5#~EVR&9$HY$<43v<)@w7A7S~05+W~YdP=ODL70fXJ{rE~GA{+0 zr~yW;Ug{c}rvjemtwbF8QN&mKiXz7XuEhqnM<*uz!a(VgK;iELSW?DrOa|Y(Kbtv* zzbMCrOO#7WY^*g#GyUo4_qSt2$k&>08cQ^(mTK;H%Ibl*ED%jfG+kFVIeT@7Df~;o z^`JUOO61|BnG0Xe)^uz3^3quo9!<_$(a`c}?bRe(Bv|26q*0dG=CI$`{U*?|c8RZC zPf4kLVc|AiAj$t9Lf^vr@Eh!&G?X{|!67mns$#ejh)7R@Lj7&mOC@o%VE{JMZZlue zA&NXP;Aue@uSMg%o@H-JR#*g#knsm*eBmTy@= z0b!GPpdfknWRr>odwu)1tPgG{<`}Maf9_D1LfNzqdj}(~mXJUiB%>4G${wvzPC7%3 z7H8sXh!k5mjfNI9I=?xL->*NsS+l~!)lyS>JPO_wxj*+um!J^xSoyQ}d)7wtxyEa1 zdefxIb)~{wNZGs0x92JJ0AsxzmKJ(@>y}-nPY47 zj_LMg6w&40uQ1)3OF6*|+&N~Kg9yd`mzI;6v+4Ba-cp^W5BwjjyHrhx67NoX5MRDw z$mOU^;-Y|%#ds}i8S-!_OC^EU3bZV|I zF1U$T)6yT@kDJ`)%PEDtg@ueiDHu_L1bMtJe>dM4EY67uce=;r8)nzrF&j*jN&i)LbA^1Z#=MG?DoTWc|>v-dUG z5EsM6=KLeZWL&CRaz!kEoS98HSFBFr|1zG)^k6e(zpey;tdmBBGN`g`!$bvRzcb>RAu=V;YcG*8+8@w&jqy&TPQmHoi?;t2ckqXod11ZX*Rn7o$3&|{!^ZuX zftktIswauu~~mE2oBz|nMae8o35(v)~yu>r9oT(oa^6Nthse30)k&#+Zby1 zs;*6)&gk4yzc6YCp~(G&1T-)2)aOb)$?e!OybF|IUR{v7OaK7SCzt!0Q_}>D2G5r* zo=?qguI9g9CX!e#>J15Z{GEmWdY+8l7|_aOBfM~d#ITyL!qtn^!QblP^J`=eF%*Jh zRYwJ3y#Ct=kVqaGJqv8t3Co!t}^vXe9ZGVteMLv=MxBpF#}=6$dXjOK%C(csqK zqc6(pD4>j!6SA&u6DlgWnR)qI<>n@Z-`APL&FmZ-&BeoHR1~q_bZ8*2-kug#`!7&+ zJQ>*9$%zAC=1$9XA=MV{;om*3TW`+8!$Ba{d>I^2?lxg!zF5m9v7i_hGPDw$XKqF& z;$7$dIZ{mls3UZQd`EuS0YKo>aXoNj;UJ%N-(NZ7GY%}Y3Y4ms%soFhhJ^Hwr@zay zMV2=L;21E%HxMP(Sv!xcI0*T5z=nf>4-Ocd&3$x+&}&`EtX&7$mOapgw_FVGn898r zK){ID$YOs;kUp36GL$J8p)(FMsG*5rB{CXVvgxv-!l<=SN@fa2)w!sl{Ji|&Y&zLV zlz=<03r80d*9ZtWgW#{1>#DDluD#pZftgJv>D@@81PLiA+4F&p>BV+=Nig9@yzm^0 zvB$KZ6_W}3Npy8IbD>F5z;X|I}2CLTzrH7IYsCp?>`(8NEDMX5kUc~<{~b1 zRwv65EFTPPAY^2Ls8u>VU$;&yCYk(~jvupWO8m4NF)Rihl+0N|#^LN-K4Mub%@+vdjiqghX@ zy-pLw0@LAu97(0-8rfB-zyI3wgym(KYR5ybFMG}`#3O{DlMIg9!EO+dX-*f z3mVCmEe!%8BFLP(y+y*pMFDT`;@K~In)dt?M!(oy`G8%ueDq`Y!q`OM#b|MB%an(Q z$HHP)0I$L8ioqDF$&>VO`A00kBYJ#v?2YC0)So@9MN0NFEtO@rEJ>D47Lig}K|g-l zkF>=Srk2Zw5xob1vF#+Tv=^QbF+_34l4cBN?3`wh0BQc*o z{IAEFeLWC}nv(MYhA}!$(g<0s5Em^Ff}GJ0BJKY{Sk1}A7qiHxfQ38=PtV^!9~x4L z`;ld(NlP1=O{@mcWYSI#lR3ia{7|Um^RYKjzhkHF8;@tO`7=P-#c61^Gkx!dhg=0R zQ#c>X}DgGL+Lc{gOgcN&?zfLu{*LJmK zQ%TH-9tvZ6j09jV`8KDgS{{P(r#q_J`1Kt{pQ+-ZgI*EZF|Xro5k?XU3JP-awS4(h z0lbA8&v#R2!1Z`DzK&z^MOi;f?IYmlpm^Mb!Wo8I$@I7cn{u{?y9XUcjXYVS>Ltq* z?gZcNYi1O2UG_lzY%oOtQKWdUN^|kXKT$7Ko8Q{@-4JZ`3j@?(S0Q3SKSX>_Qa=q16>S81-xMGPU=? zxQrir?`4xzseiEL%czv8%+^O>BWJ16&B*5I6sc7K5R~A!+&X19D_UYgJ}se1Xg*C| zH^?n|x=_t8BSTVC69zfS)rbm_E%NZNj7bn_nJYKu%T@4OJ|+o zV{}fhxfrQ8Z%8rQ+cUqIT?tV5Wx`SxY4Yt9^e1&+9-3N8 z{|jTb)%Zn(OC=DGg zL|m5fbm0Nt%;{Q#qJcbOS8wG@V0WOPpwM&B;ONW3 zo}b)GX!@oCTvtjpKG4YCGkVqU;eeuXxTu-5@#$)`0VWXNGJGcD)1Qyn$B^)zpPlf} zO&iI3`{^Nv)$NKNB%t2k_ zYiZ=D?PabHa290fP0`Af`$UcVU_>MzFPDfZ>lwGPw!PF^$I95}=QUUNg!}<2+A(ro zSiFx@nK=CHf^E#>Dz0>;E5rcqXZ-jRA;>!*ox`hP?dhpSw0eaOC{WudNYeqr;B&+uaE?B7(+bBY%5sL1##vRwF&ZzPqx zpa3>}wrdw>q{zeI$c9*{$LpUp_XKOt+pAAU24!0c>)E*L&fd!h%wZ&C5e@Fk^(!RA z)>X2D%=hM_OH$@^xQx))81!RTAu0kBR*$B@MQheQV-u>6Lm!Xa#w=Z8^D_~i^*QB@ z#MDX>Xv{t+<7$>J`fV*})BhP9pU;_-)ZcZL$MU@EEz`MYs9~sZW@Zl6KoHI|%fF0l zIm z312u)=(Muw@Dq~+_;^`4^_11kii@+Qr+O!2^9%3Wtzi(LtN>aLbcz6m3^ttR5-vJ0 z=9u>(E@~6V2ZQttUiQCX0pXwK!#hv|A-Zg$osudzu&}&{zN8Qo`~@8~Puwvg|5tG_ zLrJk^ikrg#^LMPjyye+VIt7!`SdkMiq6i8bi&Dl#@#$sCH05jPkpzeL#rU7h|h)mhMzbN^x?EAidPl)RYi2 zBATEEtyMn#oLr^J9xjAtw(z?SnIJ=j_*^sS!biQtzhmKe06jc9CDXF8W$p|bs(L|e zbCz8GlDJsnT0MmSGSQ#92~%xGsAU-9{hgipn$xR)G4Z#aIDA>|vC^ubg9&CP)&bde z60JM~yilvg$;?gc+jqxyWwScf#i3?q!`$|t z2L~#gzW~t6=F`JGbPFV^<94n1`gKTN9-g{70Bch$RTn%Zk{PiH`|eNG+su!p^VfzX z%`+KG;q)9FFFT{X0TSVQBp_O@)Ru;F_S0~9l|3mowsfm z&%29d}F>~ zdu>pEe0FwazkYXWY6Ahk7veG*zxGwlNPYYRJ?1oYkpiphGA?71g{I!iALIq zjj{dmO~Gc`iDuH_$e>Sr>jtQV+L@8;-IqgAHP#r2k-Y^9?4M|OklreyT4xBG#M_vozo1<4zN zwu=>K0HIJ>a1MxxiOAU;>kgwhT&}mmsQOeHlDVrI7h0l*mL7Bh4yS zNBrrMSt@~}!lt4;Vz>yKpwjE#KLe6{1&fPEb!uhvlo9X|CibuawiHhSCpbty z0-UW0SHRvV%cH06`$d2pnok=^-otu%{Dw-NB1*&VtJ6a5)%;v%85#OpSCe<4Mq?k+ zmuuYQ3X^ECv~&gA&Pm^ zJPS6)=~@fhalcjU_vAB={uq%JtbLv#A>_==04mBI?fq0#;6}>FZnZN~!EaWqPp()uvotqzFui^+41cv z&dMbsnz^iykjG|jbGkrNT~m=%_|Yv2>k}I{Lvc&C@j;7c-0p}YHzBI~Df1nLVdSjr z_Dn35|60v{(PDL&eCG3gJpC1|FDH~t$a$xJILRP`_w1U}NjC9mooC(UbRr92mGlUa zS-=1wSVq#rMK29gvQYz5Vj=aFkL;310zKv)?!4|a0r3UhhM%M_4+gsFQ1 z4Qe+=`XA{+%!(>Daadb!uYiW~(eApJLCfl+ghpo-nuhH4Zx#C0l{7VLn(xMTe(sU! z=@_W=6!?7*u)^5eF=kZQd-@a=I;}ua>!@OEhZzyEB9*tq!hd$7ez!dUsM|;AfBj5gqggt?U*i>2 z-Zq4VtgNklHKht?z&+|I=-=7h_CFun@9`lW*IT-^?Wcp=jR7_Euyrn0zQGVd&fY_|cJ~KgcYW*W2`^?yP@zY0!%Ikv_S;U_EYVO;9SwvST4@Rc)tQXb zV!nJ5++h87JIPxyt&rsP_iREu+{?qsocv-2lwt11L4Q5(udTO_sF=?uyenVqOJ9DR zXg!aaQQM!*I2ay=e{frWCM7fp5yvLRe*Z*26OkrVv8$x@X|Fpc6rtm>_f+#219OIa zVpE)lbDZ5L_hXau;pz);oD=~OJb*{^X5T(OoU;5!Z@^p4H+jRU-6;g>tWMW#1l%mSQZCcdfcrN!G5y$>)leCi zP1x}yEj4a>dAfk)@?LDUSuu^Hz(!5Y((pH3cnf6Y<*dJmN=ku(0~Or0*lE=Fa7v+H z*`>o$mn>RXSmSa$mJa`%AxOvk*5q+B6ywnSG#dSFqTqbV$PS9gOUvJ!n5KFMOk6x3 z^O362REtQW?lVD&X^!1-2Lc=?dZuG*Nl9hx#W5-=9S_e*Tqq=7RjI;!cdR@%mgMH7 z^(V|ph<0}%nInCvZuZcHQ~ph0$AuuL*N1iyq;H^!(Fx1J_AR$@^kC~vSK`Q=L^t!^ zul=UpDui|4ZA=1wXVrT^EEi9L5Ns-?9s* zX~$<4XUL_A>x`^stx5V{XValD0f+$<8-$Ang}QQ~RxBQWH-jph5=vI#$0BDLYY)2i z7}qjrX<#8o$wDF2;qN7;RTQ9NSRP^!toJf72$(S(ELx%>gNoa{%53(l%m)2ExI-&t zkI%9;5CYD&tX-y|Knc&54#Z;nfGk!pxnRp3S(&~G4kVnaE{HG6FRYm{uH7LZhyZf2 zY&|T?aAFQiB_kOb0LXRp^mLV%7nAvszKboM05pHUeUhgLq+?(#D=t5C*r3@iq8g2dz9fiq3STNfK*#veWrl4$kP(w^ipsK+_L?`X10)-k4$qpfB z)GyjXLwc$DgxF68C->($3Iv}c{pCawBx$z!-CUht$Dlv_8@~CZJTf@a>c)jfnf)A~ z<|VMt)weJ?$i^dJQ1v${Db=ak>FO=Nltur_QA=TTtXrz@c(ku1OU#cL!MnTq3xPhj zKb~zBzYCv#|H_pP#&VZ)>)RPA3k+d1C;HIQzdNx%4b&_Ee?_7w@-%s~o|FP~Z>R&L z!prlj`^Vy9;oFmDgw-b3ACc&X!RRJr)vsQb-fhE>d(#`KL3}3TTZw6 zu9xY~PxV^>%p}{!M%K4)?c@T9KF3RP?>(1o6|VC44>iK-X#A)d$;@n>cdl{sJs(vZznaFc+x`VVgGu)u^v#wl(eu=Q znYraEI8m6#HH?~l+8N)!xh}u&^G{RxsO{eUobE2&`5_E(0+u|#wp)S(ab+c~C64l^ znSGNE>xWem?7hccn~Sv<^NmMMB+?r5h~wtG*BAQ!vSoM9S%IVY!AfROv#yj;q_C?) z(s`@RC8pOUJbcakaP2nka!t+f_ny&I^i%WeyB!(b=)=_MysA1Xp=@a{$6b{{w36~Z zY1PXpVqZC$)HT%71$>_;+NdPR$!6Mze=@HMczSr*YPZYhsazi|uUgm2^tF)7@jy_i{PQUaMorz~fu}??Exq z2Mpp)6%yfj+55Ix5d9&=W<;fsR3=smleGQcaxZOxqV>_T=eVU|FwHjZ=*TD&Ba`dI zetrzmJ5oXqIyU8kSwA5M{pR1li6eRe$Rp1xNa1F7r4is|@2~bIMGe+pcZU+`>0Lxb z%rf91U~Qegj9u<8za?Ms+>-w6aT{R2suikSSsE9F1et-`Xx7TszHG_pmTmC0os&-N;(ZA6iG%#3)diBu+i6&&al)}J4&{feI#PD|5VuRsG~?# zr`Bs6Q>5k}fOwC)vk_VXP`N%XG;o)!X6Z~KtT;hd8J8#=CQf`T$dbIVlAgY~R4)ZK zQqIK-FMEZlK*m=!s13J&l{IqoI8489B6a-=(JXIQ_+^Qfq@MhCCxWkinCt!D)dvNg zvTJP?c@>65c$-1J(RACy??f=A=zwjV&%b>|qfUhBe8I#d&6UdC;Qr7nH#e>oPPy1m zR*rWMnU4)7H*CtdAQK7}p3tmoazQRrtyA4<29dA-1T*6jhR=MIEDtf;Jb3)>bgCCu z$~2DxHlE&|@O@ELmzcf;IP`f&;1g&2#A49X*nO)aQmbP!>sR~Aw8<4Ae@pNp09X>2 z03VZB7_vQ8OOELpvwk;xpYU28Zx(xU14#0zWSj=5kXEAXwR(`n)HKu>5@f^kmx62D zT-Y0$8p{`2E&;R26ifk#WtXFOIqKHizc-$U61CeI#7d^yt~SzsPjIi7-CI8mVG#HU ztUqO)z}v1=TwSA@CxvS4z|cwa>c-rL+)9V7*4%Hl7+}iiU4n8gY+|el9&U{x;jTA< zrcF^;?twW3P`i3i5y5lJcOuWU})5`Dk2T`B-X1;C}g7Z+CHX zeKMIPp+{Gx_W52_rzH;2U9aNlsCAikVe{f~vN;HIeYq$c90Sub}lSOTc6vJvysO=BvPnqiJmA z@=9_bUcbkqVpoB6ZGA{PZ%hg9X4UI-CXjer3~rf())vmkGZK41j)~jE8_# zj3U{_-+&R+Nxpo8Vw+&g>Hhgj8sm7(f{28V5-S>f`K$AN;`J)F!>y*=3{tG&L#t+dWF7+L!>R@7^oK6q>R4)ud-O+ z4XD=c!T0H^$bU=0LI(Dw3g{N*S#OEKHoid%{-nH8wW+i`p#d?jSZx1txg$3o_0B=A zKOE~|q0;W_SI|#WN3pY&o3;ZiqLGzfqm;qu(Ow{}MyHZW^%v~!2ai|xYiSBoGi?$- z29x0J_g%MM>tHvhnF77>#*E}wm~$CH81IQH*!r}3T)lIQE3bceS7T1&_BE8Vf+jd= zp!U+f_>`Yikb%BuY31B4u5dO~bY!s^jBspaUArf+Hmp>$t$h5Y+z;60nb4*;hcm|r z)tx+#Mjm3|^BaG!9&nVbx_j!$IY-;DjL%K=t$8mX6w#{d#9O@YB^LJHt$UI=BE31< znNSE%(?UpR8-EJZ`a`s5~g;tU_5;AgeJ{X^c)(L{yi(YZLd z5mcW~`<&==cZBy-LlFF)<>O0;rikzM-5DB6w{u|nCN;~eJeZkwQ&Zn#=795^07Xow zz|!cZJJXkOhb_440_yO((?5Gx?yLS&gU#rJkKePKpUQty ziz)kebtX`cr8jau7d0MJ1zC&{7R(hL`tbu`^iI+Q=abUT&PNNTz& zgEj=L#0vQlNOoou7il>YY#7N@mwSmOsT0Vzxhx z8K*{hzoZj&mOT};-fl!p_kU?iX|tP;-Cl2tOMtOG979<|c*^x2l(3+X@1-?Ivxjc3 z-_a)dEfFN57R7M}29;k7o4E!!E;fw`>bn=CBnYaKR33tICbwlDJuFAPP%k^FAfi^D3TY_jK5%M zxwyG_cu0?@wPdGKk%=`lA{5ghj?0}RlfEJ~cxc~3>3ahK*Rq9z12#LyX6bSNb)8Bo z63P*gfwKNiohy)a883x>gOntErV^zLmQFEGfeDEZtvWhWB(1~OyV~27uoebV<&%oVjBW6)??~>e^pde%`W-h&!_>{zqQWg4tf`+9^z;#AbqQuHrqC`hMt~Yq|sZ;{%WV%2Uyp2zw81dtdHo-75seHxp z_EVL|>1PpS@qpjoMnz805dWZ1a&WBL?o3TNt4vkVMiQN@cP-o3Uyy3n^T`Fd;skGv zdW;JP;%*pzZRLrc351jz)ET{$OUSR>C5a+;vy%3|Hhy=%y88B;l7{41Km#S9r%hEl zOXcR`x=pNIJwfUZo9i)_ItY5YxLox;@|+ZuT-?OR8%=Y_b??O`rSG_JUl&J z&xXDMl(r5I4vINv?wNVz%WGDV*98w;h(Ec<9+zDXW*YTO)!upL;vh3HFr2LJQl^eB z)!8*$f7H`}x}Hu7@H5C}DH(ogE>J5Q|JwR;^6pZ|2}UUB@fFZ;BBWeSpkPb?2~iYz za5>sL^YinYstb}QxK#9hZp|Y)Md`Wl0d#~K8XCZ(zP`S>xw)SopfW=5-n;UWqNP>L znFPeJqyG*0r8^k442(LD@J)C&`3z^3e+Hm+y}P@+I-F-=V>|2l@vcBI6CXNh$r&0P z{7F(00CaroWAB`X^Xe5{~RQg z<1_yo>&FG3Kd8#c$N)2PbaYfvQStO_T(wWi7R}4dR48!%`t_@ei(1Jn>?a#~&VLC_ zo=%xYk(&I*%^eG?@4d@D6c7&buMYTRrlxvt4<$&1y-i3;LJH7_^AJa6WMnW7Ti5CY zbsDk~K2zQ7`T?r)r(u?MP{&`Ih*xik=|s3*a4^m5|NEG)Ujeaw!*;`{c}Za*Yw~A6 zk(!W@(A(R~$HxZ(nE6@j1i@7q7%&GkD=F_tE?~hqfVA4Hbqx^27I=ehyqZyflT}n4 z*KhSg0Mv@(BLE=!-@r%C%FYG~U|{lU41jtbP#ps+?=-YL`oKdg4Fg2c4V{Ky42-8` zPu%Bf!C!%{v|5R-|1(;j;umeXQ%AYDxB!W~M#-$7iL+4LARyS%i{QZ8{oh^yZEY*= zRK64QCHy>0W9U9eSK0=5-knQ z@nW^qf1GzqYbz2WBB1=;>YQI?BaX_Ei~{IL#Y|y&dx^#mF)Q`f%0+|<<7w|D=m?Fw>padC0u6BCylws0@b&dx3`FaQ0|I6puC_wROIWb{d# zxJeey)(0%dyn4~TUbk!x`1XLK<$4D|1|JA%Xl|C0lKPKzTVHQ?Bv~=t@XWCJt8JG` zU1j)$fGj4htG4FHKu1@2;`&q@VKZM2oDnd{1U*=RuPzW0(!+&@XV>VI!Qt?l-}LhN zq@>n7?QuBmGB4ao1@PGy7LS~qoQ#Z& zh{%eS5FFS*W7i%zk|~8>>Mh}$U^NSLVQ7@uvzSybR#jD@p`kfBJI9a-)VUom9UNHG z7vur8qiwT{LO=`1BMM6ci;%B|i-qc+O_MMh-DhVp{8E2FvVXW7bf5~TlL5FC@LWKf z4~$>Gq+!%;m4~?9tbjiNhkoTXs3NHxU-P@DQB1XtGz74*urN6|;LdQs9G~v50NM9f zQYoz9oSdAJk`mKicfi|RUDbIZ&LG@hhJ0yRX;FR{n9ph;|A4~l>s1^o(T*b zFlF$OTeGRiUr&8mUL)M0d23}rX&RR41piV5{YXF?7Y(-N90Aon~ zoL^eXIEejOC+`Y4e!v>8uF9G<^i|`4OHoE*x~2xr^MSr()|xw&2|r>Kum)QgO49#n z?JJ|A`r>vEJt#3KB}fb?-O?$8pi(+?BT~}cDGVVXpp=M!bcY}yEm8u~Al=>F^=|+7 z+glZ;B5TuZf|D>EE({6y|PmYeZ016$z$m{Cr z;7ER@M+AehoSu9)*k@i>C4un$T^07<>fGlT= zi;Rr?_)W27L?NN{KhydY-a+a@oWv&LO@iIu=y!8{b)kR>JP*ApVGFeP9^oHA;{u_XN;Zh^3Eg9C`W#E|dX+1F-V@`;I_gB_$=r$1~9YCJ_7P zYU#97Kd%!SI@$gk3~w{n6Hg^#)=Z&0urzFB+_ZNz!)pvw;qK^FUML|P2L*o_%fR-P zKAjXJOCcs6O@xo1mzkj8SY1>5s8Nc1`yER_Fk0`+Nf$+%Nx7Jtd+NyM<{vjwxeV0j zT>x0B#0YG%ug!k_+(OLz)E>0M+V+C=?d_HF*nfa%F)MetpEI(NRq`kxGd9Ar3G2$sOK-4St0uNwYh&L)AP<;{|7JjxnV2}L4Lb~( z7W(d;L!8t9F&paY>I2PxvG9lhRmfU;Q&ST!FK=2}T9Ko)I=dWJcujI<7=_G`?*#+S>>OH3>*yYGv$a+$yG42)13 zTS(^~zB~e;B5EO94lXWN(PTjK@mx_+QC|KQ0YM$79p_r@hfGYs9ROS~ z6l7#%z!-o}e0+RD0?6oc9)8G9!okD4I6wFF@~XWhB(F}LWghD10Ei^!0dK+};HDTD zDAXuudKDTOsr>92?AEQ18Wg!|`4jsOjDTqebP+HjBHPQnYl+EPf4U<(Mu~^m(6gxm z@Q@86o}_N@NMH?sb)(=m5cfRH9bAiD|6Fa!zwRswCYfiSq1K10c^{`C++kAI^53T; zh8YW5Utj0a`(Y0#Niv>B?TeSZWC2_WKVmKd4qnsainv_tgX z{!$mvjg}SiSOx^mxoT`cO>lE_=grm+aX(7x4hjkaURZHS$y3MW24)!0Ijk%!EbQzt%Y$H96z&QrGR0^V+$JId+k!7q z(d%SeztOk8^>zQo5sjGZCQvWVhdY&gP8q+Vn4_;aA(2sOkpEEm!N>}kwJ;MsOlyKdg{N}KM8yJ$dM(ZoS03#qR^} z!N#mzaxr^nGBH_{Z6GfB|Ldx>dfXG0^;Q<8riwrdZyryaqCbE;r?9POv!4o{M)_Tw zQ^V5oYL?q8k`%(bNaceReW?ZU(hf>l)|seW;cz5OIs!l1%ophocO;9ui$lWutdkW* zii3&{lU8_WOEq&R!r}JhODqN$H3vrYEnay;tM8Tuvr=Cw=s6f-;nAa6K8?~o0BF=c zk`7)&2o3M-O?Kj~9575%ZZ`*jYB zK(3x;{(HunSk<<#&tLX_2h@e@wdbCm+2fawXWrI>)e5j{Jh$B+ditkgIdO1$Cw9`| zGV?-lIGb?BwlF`p#%{j;ON5h;9!Vf&3j`|-&DuW>m4-1u7)@HFd&5_B+PKJPJa1v~ z@v(MerCW{MQlJ5bNsIK!nl(ok5*q_U<@q}^-*ByX-IJs9f%&r1-+iiiIXKdr)9fBC zt7*6y(ziI!lsQu!j@Hjnc};KLEK2YZa)h0;!;uv_E;};Dmspn&LOpKyz>I5jZ?L#8 z^yPbvg{6h7tIu?x6+KWU0JPi%rWm0#%v|-0JoaOs%e}~82}R5yat3>}iUjK;VtP7w z6t|b^4i}iWT%XpWM_YPmz9_GZ-CZf;E8}gOL(M(czbg`1P?RU(xT__rE&FoftF1(B z8Hd#&&t>J!8-UNNiqc%MO^%?&jWj;l5`7u1`*k3<_Goo|q^(Ni(QV|L3N64^G{`MZ zLQCel__KfW4*-~a&bN%9m4hC?&pV!-mdSc(N>s}zD0!?R=i2KlLFLp+?k1&(;v_^o zp7ogS5WBCOk;7YUo?z%k=R8USOMBaVjuV7!J5~ygwY(2r#PgREkAskscFUKkLOU#+ ztP1NNg^%B&sETyf;k*Pf9(w~{s#fC26FP-$|9(G-x^bOfO*5wJJ;P>T37wy;T1h_T z9Gs z3Gb0qK1Ydlk2Dt&*7a>!)aiULW<@z!D$cW}GP}5@^9c+C4#9xxFqtgC>XE->dQwF35QPH6N=avaI>~|@eAXAshAQXIx;6H#f1;+9 zmDjAx#U#H}&sGJt%SBL)Tkiy`DXe^8y<25F+Thrs=|;FtJ;eoHT9p0=VG|lYzqF7g zw0hul`_}C++8-BlMvQoayc}Vcl5k}0RNCN1UxiUdF>7*8-Qi*jDvDOTR+A}#1ani+ z%f$KAynsRmQqD=e+CNYqOz|?F{wVUc2?GsxN)}nrGiz+}d7py&mZEK1>K5{)Hmc&N zJvG6%E}g!FXTf{fi>{Z0mFxZcsQ$GI?3mM*A3akaT`#|PN%a{Pp~``K$wrSYGUlNi zve2A(d(%~{neWKuNVHxKFm53pt2UCs(gNx*L#DK~Q9+ckqggVhvRQsbh6%RG?kR2p zv&GUr)`AzgdyGJKB|H8Gm^Zz2B$!lMq%KZy9)jjF0z|}=S)((8z4|FdqM{rO16w%x zGWv!P96pvnKWGK zdqmt|<9$wCy)oJ0w3M}UqVywS<;>3;B^oS?@(Y5`mx`%GWzmVaZ}ycm7U@(nZE2l{ z_BSuyss_GI@=OMyMe|5~Q=IO-LrXzH!s|o(8;C z@a;8s;~7%RgoV7dXG*LJ-!hPw92>zWIzJU?@1m*4U`Rqd2*ezAk- z7oB9eER``E*CGQ2SYCc%<-{gcQQNB_F&gEh?(D%0dNff;^O}AB5L=?6hQ4XO(8wbK z<3s-6OZyY2@0Lv_^G#sigccg4m6q%BQyqZEDEwjgUHohUAI!jEq4KN)G9;Bfz7VBUCKH!!qr5%5? zyHEe=RRkg+#Xt@c*K0&l#oDz~c9A*WKvHWt0rd9wS2k7_M3bz-@~WZ|HVF8t6`2yA z8+I)@vL<0m_fb3JW?a`)3J~XE%=lIp7ym63T7?10j|lRQx!H?9pX2D;h-_Tj5yXO}O_`aC z9CxfRd0lua=nB=GzlQ$`+wZ(>&Lt^%gaS+()4vkwx()cv=M+)S*9+_eKhtw{A0Cxc zWjE6`4qn2M-Hi-Sk+A+%{`>7kSC;jL)P@}Mr;&SGVr{j2;YM23dcIku&){eUin7Z~ zAF4Br{v0%^OTl{g(Qw=_Azkxu5~quRi(6%I1b^3|vc5iP%eBmQm_jHCPLot$@2er9 z2)h^DQCzIaHi8#%0rRRBIqi}>`MghwTj1o8k&zpUC(X&T!_u0!g%3C8K3l3jQPXm+&E3uA zX>cf)!>E6lnF~7W{>)uHE#qEN^jKq!!0!S*!LR@=0}aIMKlHer^i61^dyfH~i3$d8 z(ft|0VHG6tLhmhP+^Z%PsfYePd8 z2mj%n|CpAysb z_ICKKe#3(!tr`tV1}&H+1b815+Bl#(P73^fcm5uDBVbHRIm{{oGN*n=XZhca*RJ2% zv`zZGaMmM5m<*nCO4(g!dF^boRj@IL*7>xb0^8ScdRSl_q9W$@;-h1!$UBC3hc6mA zD63(rWL(4BO32XZuc_zzs$x}J+halx#o4ScTfC$`iTG^>W>7nccq%+Y3B850{i#)n z*8Mb@!H!|l%Y7kvwt7&Ddtxzy*ggmX5vRb&XTNiYiGUM|83|W(R7r10IXM8ld5fFx zB_2A(qo1N9_64oz8|C(1&64c=;@elujS>MB&7X943aWjl&ORpPg zgwH3g8K)(uWu6jc2X2!Nf2T)hv&Dque1N~stBQ?_S8!s)M;LuDVrYY)=?=VLY*89z z;B|Zhb&dhmyBV(;m%BeT&eqGe6Q!0;Z23nEV)zn;+%;y1aUcK((VrI=-f7AgKDNIW zl3H>$KVgg)#fW|)egCBI(`k$Afmx3skC)N;9-tFk0$EjI{?Rr2H!h#QR!Xbz)1!fp zyR1_VI25l};b#>S~D4&Mvm&9Z8m} zL%NKA%Y%;$ZF-YiEGP|Aw~PaUg@LVaZHq9>$YX6dBp4flkzi=jeMF#pQX6lvNeprP;ra*`FRWU!xR{y|Q!7%!?fe&oLW8GETbFbb#;|&}lX(vo#HIg-is$>x zE=tC!%uy<_>H(V|GGmx@*$_XRpyCs!I+=RPG%W;0I4HTi@A<0A7S}C~xQzr9uN#)# zTjTAlah=-|wcAtGGXg?N#nBHRv=t1oano@}F3|_v3ab0Snfc!gIOcyGe|xAYUr1h{ zlM(sC`eYAKY(-|~&?@+?#Ay>W-+AmFa$u=NLcfdoy00O*(O1|CgS^$#$w%8lq?spx zUfy^B4L5-6xx6k7O|C01%#3*TtK)}V<0aPtlDwHOIob5etU$n;3Eb zc)J`|53T^$=%6Dc^?9w?yMRv~dmll(cs)j@viI)iS3y-ekLxUE!^FMuO%Okfu*4}c z-6kZiwm(jvT0UKCx4Ahvw2C8B|31$mE5I4ypk?yLM6uP=ck^HjrL~G+$VtRFVj2` zmYzFoc}}T381xfjN2)=yG>CC(CWs!ju6Xh+gWTE4l+bPwnVA57Kd^IIEw-V3Z{ zy@0unqPKI-VkAdb!-3yUr4^l+_s~lV)`;f0-@*wZuZMUhHwUQzT%22ccl8vb`GSIi zGz1;8N?3CfR~zv4duAbh6(k*-8q?^yv3_rG8aUxT#_`#MmV~hrKNyFp9&mKgjyl;N zoanCj^68HM2{xs~gxWs6VhCekUT|lA0h5ODaj@H1Ga*l2h& zUpoEkhN2^Km3oAayi)T58?vrbE4gPdR ze;=c&VpzhaJRjzy3dbdTh_G>~%m!`9Uy0IaQXIZk+^rza+(^1}J$}O5Hu|n4`JTdE zNe_e51>=T|9tfKCFo0vHP>731=+u)-AA%_3F0Gfp(WeR8!K%nt3;`P@%CP=5mv_l` z?**?t`Z{8F5j8Dg_M`7d;%k183R;FCU}+&tGcR~778TPc1}NiAai=6+awXgj;Mx19 zyMOJx(z(JxJ~L5tSJaCIU04#b8yJ)o( zCr!4czWkpe?>%X9Fhpkv&v!cst`~rj{r_sGpiTIbqB{{cbSx7 z#Ket*gbvKLchS8ni@dx>%8%olZOZ1SAmWd`z-8`u9D{s zIHfJEtahArbD2!4CUO9OaGq+8q|f=Y8IWAArmNPIbeIQ(7a@|zqsCH~yMbfY*E7nT zwwMU?XCHG9x2Auk?I}>D&qZZSdmnT+1>)8EK5^?#oBTAmrdR7~14@s8Ll+dD2ywB{ zrAv4i?GB*yy49cY^zmb;{#)E*m@Mi6`cwDvU1nu)V@rFx)b;7Y2puSOSmH#|Nu_-F zVDwGPgfCH#%kG+H;)Xol)NN-vIXZfFX-QVfpX*<=G_UY57%*+RgipTB7VABlI zlv)nwzs15kzqpuL3;vN9Kkbp7tMMF;T}AC?g%9o^T@w6XUx#RZI(*UNY8))GmvY{F zG(4c>x9~n}-*KqyHqRwzsI+!s!sX?a0F_d~8Fc5diDT;zhXqf-o9?WcHj$3v)R$B4 z|MJjKl%~isj|X622P_9}LH>Z?oBa{{fiNM*y5V~x_|Bq7&VsTK`kWnxK+PsH6{kFF zFJ%dHqy{_U|I78e4wkF{J`C}i(&rO{J>c*p{`VUJBYt-xc-yMZ!$X_2td&~LZ7KdG zNG_yd8yl9~=B7v(gh9FRwU5Wn&<{o0WY`8rm;O~tb`vSE(Ly&h$C&+f`6vCYb{^~T zz2;sCJ|c)-ljXjv81(9r@kRaKHFA0l4M&F31AVJmbsJ0`6Z#?%cRcehgWRWLu2`B8 zJ54=~(^?!nb@+i+Fb)LFz+kgn6gM~PweL}wi=ppzOL>Xs+4&ep{Qkh}kmln4bKf=>PW@_kOI9Flwl6exx*iAPi&&iJ;?I<@GL>q*Z)>&c zjn-rK$BXZ3aif0Re8{Oix%W~>t<+*F-^Gyoc6cb!`_P)fBHQX!Rb-eYlG%5n(XnIx zh2$rPH#c9M^02a=$Bjv;t@15Gq4>8t?ei`xc#0s z^!@0&P~7Bpae6j$(YI)fcQVx!Tx9~*KHmZkYBFaU>bL@qYL~DCSH;l|LHLC!6lkGUZ`=( z8SD%T*Wfm^KHQaGdqkgWLkZC@Oy;qlRZj>OV?mckn<0Ljw=S$(Aw37(0{p;F=yJ8pTRT$9Y7QL-Z6k%U- zYF@nUB)VhA`>=X&PWj>v5}n`K#mD^x-S&zz%0<`UJu6-=V!jjt@0`!mc2^THsdk2R2K9B;cEUV9VJc z&o8YOt-52E!OCtQP_Scxpy=fUEaUmiD?nnq9fz!6yc;ev#AeDWr z##Yg^Iwq2ppu8jfdq*-CBs(X&M6~Zsd7Vi8IH7pKJ(IaeiXy#{zR-&A>ZoyNx_V-( zk&Vm>i&R)0D#~eE^>{O*3^O{Bypo+`>JEngP1<1V>OwN4U-Rqg!eJ5E-F==%8m#-?jQUQMTpT`(LIb}x8IIMN7g#Acr2UP1KBnwrC$f)5;B2EsAd z*VNqPWXo+A9&F@Kd$*{vXHB#j0##9m+Bn zX>l`{yUOlS^n7_PwoC^fN>eQ}*nUgN)F6|CT3{Zx5k!BgH2M%VCAOHTX|_rb{A;p{ z`NjSIdl5dk1aDyow27k#0t7Ii0*nbEAoCZry*+h(#WFd$qo;s7z|-^M{PgTDa(!dn zvFy>WjD`I&?jZEjd;uLK4Bcn>&3fikKSX(o)^}f|$RJAAdUyBo&EJg$CP}WC4(-T_ zp^+868p=^YwW5BJUGxov2FN_AqoLYEjOZTsMT%4Z*pqT%}8rMwDK^f|UdTLpqx;PC3; z2ODu2c7D3vT%^$zysWdBQg|Vr`I3c(=%S`1K9X)6&;@j}OI_JFZLX=unbua?c)Jda zUVhoMYtZ7mnOcjBTl(kO4t326M=l8i1>4s^qs#oB)}HO?cY?yQl(^;Bp9dqBjrP=k z3&qR)qPoqr&-X5zraeUtepTntQB`jjWP$absP_S`IbWjp@V;#0_N0bm)@=P+Z$ccY z!j%~MrLXPr2bqiDsCy-U-+1KQHU6erl~N$M!|Um3#KA|Ps-yP9eOrudDT^SGrl#V_E6OzocJ~fik-RS*pNedf+eAcNKY_wsiG*fu`eNkTe{9AL0QsUvCX5*8c z@yg?Z-W;hDEotTBvLGk(`g27O3kQw1vxxGX7df;tis8R+{U>7N?{9%#GK|J4em>;P zF+RJ;?CJEFkhR7}hN>Z`dNL+(nbjT7JU4yVn)j5L@T_-~+0cDTP2E9si?WFl85@&a zz1Ww3SP@N-6E7L2?C@R$UqV z>cfJ`0A=FP*2fOg5!>3Yhj0i^&zVLJT6#`_jlpAjL9?IwjaX9fsINi)1Mk*0l{f>B z@ZsC1sn@Pc=GPd~z#gd<2t8?k_$O81YAPy0JvOdk@A}tu^R~mNO&3MCKL1Jbjs|DD zR$)njkJt2_8~<0+Yq4#o-1_2PWk3IvP43G&wJW(>&xZ1HbX|TovPt?{*(^7u8J%=A zYpjaXARBup6V&o?;YcTa8);wVoog9j18~x;H(C`Ki;0|Q!&%`p(0y8e&G@mlLi#F%6#ymes?tt zNwSW)$VRlTcZQut>WkO=a2~}IJ=d?zKIHn{y|;VF1u{$AoJ2(UR;jTZusY{Q?iEGY zEU|3yOR%=t@t@HwVd`Y9(+$_fY3ac-awG#38=tu`q8oZP3&G8I3701qMRSWYMDU>3% z>HINY=d$mhU)}utI@`Bf7;zw-HivB-Yf}wU19jj4A7Aq`_510Mcrk3ov=wDr|aXxAsQC|nn zgMj;4Ix*4Klr$KU?b3I6pB<;#@_qcP0A7v!A->&CZFRbqcN`C`L>ml{?t#S6KvcNJ>eK4n1$B; zxA62~>J;z2qiVZ`@2*Q9!}iPeh^2T}w|U!%wvFMpA%6la5&}zV-y23%0}s!1xeSmz zKRL>tqFewr-Uc(!>x3?SkQ#$NOE##B+-G9JB@$`jg}9prQPY9VAoiYAc{-`@IZe$OHD!*i=c)K@Um|LCWTT-(y?5|Ids|?T z*nS030%r*sip-0Mw7Ti9E#cPXPjC~(C8C=W$m*>gv;c}+Leh3L9xG?dRrlb^Wf}tc zrwZpPgCc3Fjc;Rx1W3mqq)u5oPsCvmzred!1ke-M@JNz&Fp5Pzo#mOE#4oyKOZgW= z9Lu6XDy=*bEMXvigOkg)@TkmSBXGk5hRufGxD32D%W2+gnz#|#Z+J%|`p}pI+=Lw2 zdc-1ti>ak+HLs;n)E|}}%4mi=^1-PrvHA4rY8nr6)-4Ni}ZKlfCo2#p1R%{NuqzF5ND7WHA^XXtGdArZj5} ztsfFnFHoi2#s1@PzulpDWMVhyhBw^r#P)LgNYuqMVP%_$+6S=f8HsDUHyv*JAg)`lY@)=&4pDT!)JBm~Py3;& zZvU%OC1=*=i%o@TgezNpW$Co(198d!;+iF*rhtct?I?+JP1j*V!`nMPdyeq~g`8DB xG+ZaNh0_M-6oRjz=d#LAijl7Z{s#xFZ!7=+ literal 0 HcmV?d00001