From 18f36cbc8e426eda75ae0493f7fe8cde0d94ab72 Mon Sep 17 00:00:00 2001 From: boyamurthy <92081029+boyamurthy@users.noreply.github.com> Date: Tue, 14 Dec 2021 13:30:37 +0530 Subject: [PATCH 01/52] Update _index.md (#115) --- content/docs/replication/_index.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/content/docs/replication/_index.md b/content/docs/replication/_index.md index 515872d1de..d3dea5438c 100644 --- a/content/docs/replication/_index.md +++ b/content/docs/replication/_index.md @@ -68,10 +68,11 @@ You can also use a single stretched Kubernetes cluster for protecting your appli the objects still exist in pairs. ### What it does not do -* Replicate application manifests within/across clusters -* Stop applications before the planned/unplanned migration -* Start applications after the migration -* Replicate `PersistentVolumeClaim` objects within/across clusters +* Replicate application manifests within/across clusters. +* Stop applications before the planned/unplanned migration. +* Start applications after the migration. +* Replicate `PersistentVolumeClaim` objects within/across clusters. +* Replication with METRO mode does not need Replicator sidecar and common controller. ### CSM for Replication Module Capabilities From f62aa325435f5ab02e0f092cc3fcb9addf8220a3 Mon Sep 17 00:00:00 2001 From: Trevor Dawe Date: Fri, 7 Jan 2022 11:15:14 -0400 Subject: [PATCH 02/52] Updated supported versions of k8s for observability (#122) --- content/docs/observability/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/docs/observability/_index.md b/content/docs/observability/_index.md index 2ef8f3f6da..074a8acdb6 100644 --- a/content/docs/observability/_index.md +++ b/content/docs/observability/_index.md @@ -46,7 +46,7 @@ CSM for Observability provides the following capabilities: {{}} | COP/OS | Supported Versions | |-|-| -| Kubernetes | 1.20, 1.21, 1.22 | +| Kubernetes | 1.21, 1.22, 1.23 | | Red Hat OpenShift | 4.8, 4.9 | | Rancher Kubernetes Engine | yes | | RHEL | 7.x, 8.x | From e2c3a991157fc0b68eeec89b4af83c1c565bc58b Mon Sep 17 00:00:00 2001 From: shanmydell <82038610+shanmydell@users.noreply.github.com> Date: Tue, 11 Jan 2022 20:10:26 +0530 Subject: [PATCH 03/52] Kubernetes 1.23 support documentation (#116) --- content/docs/authorization/_index.md | 2 +- content/docs/csidriver/_index.md | 2 +- content/docs/csidriver/features/powerflex.md | 2 +- content/docs/csidriver/installation/helm/powerflex.md | 2 +- content/docs/csidriver/release/operator.md | 8 +++----- content/docs/csidriver/release/powerflex.md | 3 ++- content/docs/csidriver/release/powermax.md | 7 ++----- content/docs/csidriver/release/powerscale.md | 10 ++-------- content/docs/csidriver/release/powerstore.md | 8 ++------ content/docs/csidriver/release/unity.md | 8 ++------ content/docs/csidriver/troubleshooting/powerflex.md | 2 +- content/docs/csidriver/troubleshooting/powerstore.md | 2 +- content/docs/replication/_index.md | 4 ++-- content/docs/resiliency/_index.md | 2 +- 14 files changed, 22 insertions(+), 40 deletions(-) diff --git a/content/docs/authorization/_index.md b/content/docs/authorization/_index.md index 329e6065a1..b55f6145ea 100644 --- a/content/docs/authorization/_index.md +++ b/content/docs/authorization/_index.md @@ -33,7 +33,7 @@ __NOTE:__ PowerScale OneFS implements its own form of Role-Based Access Control {{
}} | COP/OS | Supported Versions | |-|-| -| Kubernetes | 1.20, 1.21, 1.22 | +| Kubernetes | 1.21, 1.22, 1.23 | | Red Hat OpenShift | 4.8, 4.9| | RHEL | 7.x, 8.x | | CentOS | 7.8, 7.9 | diff --git a/content/docs/csidriver/_index.md b/content/docs/csidriver/_index.md index a778a41266..2e6c6424dc 100644 --- a/content/docs/csidriver/_index.md +++ b/content/docs/csidriver/_index.md @@ -16,7 +16,7 @@ The CSI Drivers by Dell EMC implement an interface between [CSI](https://kuberne {{
}} | | PowerMax | PowerFlex |   Unity| PowerScale | PowerStore | |---------------|:----------------:|:-------------------:|:----------------:|:-----------------:|:----------------:| -| Kubernetes | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | +| Kubernetes | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | | RHEL | 7.x,8.x | 7.x,8.x | 7.x,8.x | 7.x,8.x | 7.x,8.x | | Ubuntu | 20.04 | 20.04 | 18.04, 20.04 | 18.04, 20.04 | 20.04 | | CentOS | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | diff --git a/content/docs/csidriver/features/powerflex.md b/content/docs/csidriver/features/powerflex.md index c92a4d993c..5915eaafb7 100644 --- a/content/docs/csidriver/features/powerflex.md +++ b/content/docs/csidriver/features/powerflex.md @@ -7,7 +7,7 @@ Description: Code features for PowerFlex Driver ## Volume Snapshot Feature -The CSI PowerFlex driver version 2.0 and higher supports v1 snapshots on Kubernetes 1.20/1.21/1.22. +The CSI PowerFlex driver version 2.0 and higher supports v1 snapshots on Kubernetes 1.21/1.22/1.23. In order to use Volume Snapshots, ensure the following components are deployed to your cluster: - Kubernetes Volume Snapshot CRDs diff --git a/content/docs/csidriver/installation/helm/powerflex.md b/content/docs/csidriver/installation/helm/powerflex.md index 06354ccfcb..8964632996 100644 --- a/content/docs/csidriver/installation/helm/powerflex.md +++ b/content/docs/csidriver/installation/helm/powerflex.md @@ -103,7 +103,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller ``` *NOTE:* -- When using Kubernetes 1.20/1.21/1.22 it is recommended to use 4.2.x version of snapshotter/snapshot-controller. +- When using Kubernetes 1.21/1.22/1.23 it is recommended to use 4.2.x version of snapshotter/snapshot-controller. - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. ## Install the Driver diff --git a/content/docs/csidriver/release/operator.md b/content/docs/csidriver/release/operator.md index b351182618..06f5f4a65d 100644 --- a/content/docs/csidriver/release/operator.md +++ b/content/docs/csidriver/release/operator.md @@ -3,21 +3,19 @@ title: Operator description: Release notes for Dell CSI Operator --- -## Release Notes - Dell CSI Operator 1.6.0 +## Release Notes - Dell CSI Operator 1.7.0 >**Note:** There will be a delay in certification of Dell CSI Operator 1.6.0 and it will not be available for download from the Red Hat OpenShift certified catalog right away. The operator will still be available for download from the Red Hat OpenShift Community Catalog soon after the 1.6.0 release. ### New Features/Changes -- Added support for OpenShift v4.9. +- Added support for Kubernetes 1.23. ### Fixed Issues There are no fixed issues in this release. ### Known Issues -| Issue | Workaround | -|-------|------------| -| A warning message will be listed in the events for cluster scoped objects if the driver is not upgraded after an operator upgrade. This happens because of the fix provided by Kubernetes in 1.20 for one of the known [issue](https://github.com/kubernetes/kubernetes/issues/65200). | After an operator upgrade, the objects will get updated automatically after 45 mins in case of no driver upgrade. | +There are no known issues in this release. ### Support The Dell CSI Operator image is available on Dockerhub and is officially supported by Dell EMC. diff --git a/content/docs/csidriver/release/powerflex.md b/content/docs/csidriver/release/powerflex.md index c9dbd901ec..6278635a4f 100644 --- a/content/docs/csidriver/release/powerflex.md +++ b/content/docs/csidriver/release/powerflex.md @@ -3,7 +3,7 @@ title: PowerFlex description: Release notes for PowerFlex CSI driver --- -## Release Notes - CSI PowerFlex v2.1.0 +## Release Notes - CSI PowerFlex v2.2.0 ### New Features/Changes - Added support for OpenShift v4.9. @@ -15,6 +15,7 @@ description: Release notes for PowerFlex CSI driver - Added support to update helm charts to do a helm install without shell scripts. - Added support for volume health monitoring - Removed support for Fedora CoreOS +- Added support for Kubernetes 1.23. ### Fixed Issues diff --git a/content/docs/csidriver/release/powermax.md b/content/docs/csidriver/release/powermax.md index 278d297ab0..f92842fce9 100644 --- a/content/docs/csidriver/release/powermax.md +++ b/content/docs/csidriver/release/powermax.md @@ -3,13 +3,10 @@ title: PowerMax description: Release notes for PowerMax CSI driver --- -## Release Notes - CSI PowerMax v2.1.0 +## Release Notes - CSI PowerMax v2.2.0 ### New Features/Changes -- Added support for OpenShift v4.9. -- Added support for CSI spec 1.5. -- Added v2 suffix to the module names. -- Added support for CSM Authorization sidecar via Helm +- Added support for Kubernetes 1.23. ### Fixed Issues There are no fixed issues in this release. diff --git a/content/docs/csidriver/release/powerscale.md b/content/docs/csidriver/release/powerscale.md index c70d9f111f..794fe343b6 100644 --- a/content/docs/csidriver/release/powerscale.md +++ b/content/docs/csidriver/release/powerscale.md @@ -3,17 +3,11 @@ title: PowerScale description: Release notes for PowerScale CSI driver --- -## Release Notes - CSI Driver for PowerScale v2.1.0 +## Release Notes - CSI Driver for PowerScale v2.2.0 ### New Features/Changes -- Added support for OpenShift v4.9. -- Added support for CSI spec 1.5. -- Added support for new access modes in CSI Spec 1.5. -- Added support for PV/PVC metrics. -- Added ability to accept leader election timeout flags. -- Added support for Dell EMC PowerScale 9.3. -- Added support for volume health monitoring. +- Added support for Kubernetes 1.23. ### Fixed Issues diff --git a/content/docs/csidriver/release/powerstore.md b/content/docs/csidriver/release/powerstore.md index 173d236038..fefaab1310 100644 --- a/content/docs/csidriver/release/powerstore.md +++ b/content/docs/csidriver/release/powerstore.md @@ -3,15 +3,11 @@ title: PowerStore description: Release notes for PowerStore CSI driver --- -## Release Notes - CSI PowerStore v2.1.0 +## Release Notes - CSI PowerStore v2.2.0 ### New Features/Changes -- Added support for OpenShift v4.9. -- Added support for CSI spec 1.5. -- Added support for new access modes in CSI Spec 1.5. -- Added support for PV/PVC metrics. -- Added support for volume health monitoring. +- Added support for Kubernetes 1.23. ### Fixed Issues diff --git a/content/docs/csidriver/release/unity.md b/content/docs/csidriver/release/unity.md index 62fcf772e0..c77cbfcd4f 100644 --- a/content/docs/csidriver/release/unity.md +++ b/content/docs/csidriver/release/unity.md @@ -3,15 +3,11 @@ title: Unity description: Release notes for Unity CSI driver --- -## Release Notes - CSI Unity v2.1.0 +## Release Notes - CSI Unity v2.2.0 ### New Features/Changes -- Added support for OpenShift v4.9. -- Added support for CSI spec 1.5. -- Added support for new access modes in CSI Spec 1.5. -- Added ability to associate a tenant with storage volumes. - -- Added support for volume health monitoring. +- Added support for Kubernetes 1.23. ### Fixed Issues diff --git a/content/docs/csidriver/troubleshooting/powerflex.md b/content/docs/csidriver/troubleshooting/powerflex.md index 4d701a1f19..4e59836ff3 100644 --- a/content/docs/csidriver/troubleshooting/powerflex.md +++ b/content/docs/csidriver/troubleshooting/powerflex.md @@ -14,7 +14,7 @@ description: Troubleshooting PowerFlex Driver |CreateVolume error System is not configured in the driver | Powerflex name if used for systemID in StorageClass ensure same name is also used in array config systemID | |Defcontext mount option seems to be ignored, volumes still are not being labeled correctly.|Ensure SElinux is enabled on a worker node, and ensure your container run time manager is properly configured to be utilized with SElinux.| |Mount options that interact with SElinux are not working (like defcontext).|Check that your container orchestrator is properly configured to work with SElinux.| -|Installation of the driver on Kubernetes v1.20/v1.21/v1.22 fails with the following error:
```Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"```|Kubernetes v1.20/1.21/v1.22 requires v1 version of snapshot CRDs to be created in cluster, see the [Volume Snapshot Requirements](../../installation/helm/powerflex/#optional-volume-snapshot-requirements)| +|Installation of the driver on Kubernetes v1.21/v1.22/v1.23 fails with the following error:
```Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"```|Kubernetes v1.21/v1.22/v1.23 requires v1 version of snapshot CRDs to be created in cluster, see the [Volume Snapshot Requirements](../../installation/helm/powerflex/#optional-volume-snapshot-requirements)| | The `kubectl logs -n vxflexos vxflexos-controller-* driver` logs show `x509: certificate signed by unknown authority` |A self assigned certificate is used for PowerFlex array. See [certificate validation for PowerFlex Gateway](../../installation/helm/powerflex/#certificate-validation-for-powerflex-gateway-rest-api-calls)| | When you run the command `kubectl apply -f snapclass-v1.yaml`, you get the error `error: unable to recognize "snapclass-v1.yaml": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"` | Check to make sure that the v1 snapshotter CRDs are installed, and not the v1beta1 CRDs, which are no longer supported. | | The controller pod is stuck and producing errors such as" `Failed to watch *v1.VolumeSnapshotContent: failed to list *v1.VolumeSnapshotContent: the server could not find the requested resource (get volumesnapshotcontents.snapshot.storage.k8s.io)` | Make sure that v1 snapshotter CRDs and v1 snapclass are installed, and not v1beta1, which is no longer supported. | diff --git a/content/docs/csidriver/troubleshooting/powerstore.md b/content/docs/csidriver/troubleshooting/powerstore.md index 5f9f9e74c8..2de1b8de02 100644 --- a/content/docs/csidriver/troubleshooting/powerstore.md +++ b/content/docs/csidriver/troubleshooting/powerstore.md @@ -7,5 +7,5 @@ description: Troubleshooting PowerStore Driver | --- | --- | | When you run the command `kubectl describe pods powerstore-controller- –n csi-powerstore`, the system indicates that the driver image could not be loaded. | - If on Kubernetes, edit the daemon.json file found in the registry location and add `{ "insecure-registries" :[ "hostname.cloudapp.net:5000" ] }`
- If on OpenShift, run the command `oc edit image.config.openshift.io/cluster` and add registries to yaml file that is displayed when you run the command.| | The `kubectl logs -n csi-powerstore powerstore-node-` driver logs show that the driver can't connect to PowerStore API. | Check if you've created a secret with correct credentials | -|Installation of the driver on Kubernetes supported versions fails with the following error:
```Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"```|Kubernetes v1.20/1.21/v1.22 requires v1 version of snapshot CRDs to be created in cluster, see the [Volume Snapshot Requirements](../../installation/helm/powerstore/#optional-volume-snapshot-requirements)| +|Installation of the driver on Kubernetes supported versions fails with the following error:
```Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"```|Kubernetes v1.21/v1.22/v1.23 requires v1 version of snapshot CRDs to be created in cluster, see the [Volume Snapshot Requirements](../../installation/helm/powerstore/#optional-volume-snapshot-requirements)| | If PVC is not getting created and getting the following error in PVC description:
```failed to provision volume with StorageClass "powerstore-iscsi": rpc error: code = Internal desc = : Unknown error:```| Check if you've created a secret with correct credentials | diff --git a/content/docs/replication/_index.md b/content/docs/replication/_index.md index d3dea5438c..36122192ce 100644 --- a/content/docs/replication/_index.md +++ b/content/docs/replication/_index.md @@ -30,7 +30,7 @@ CSM for Replication provides the following capabilities: {{
}} | COP/OS | PowerMax | PowerStore | |-|-|-| -| Kubernetes | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | +| Kubernetes | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | | Red Hat OpenShift | X | 4.8, 4.9 | | RHEL | 7.x, 8.x | 7.x, 8.x | | CentOS | 7.8, 7.9 | 7.8, 7.9 | @@ -91,7 +91,7 @@ The following matrix provides a list of all supported versions for each Dell EMC | Platforms | PowerMax | PowerStore | | -------- | --------- | --------- | -| Kubernetes | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | +| Kubernetes | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | | CSI Driver | 2.x | 2.x | For compatibility with storage arrays please refer to corresponding [CSI drivers](../csidriver/#features-and-capabilities) diff --git a/content/docs/resiliency/_index.md b/content/docs/resiliency/_index.md index 6aaa5551fb..8345a56c8e 100644 --- a/content/docs/resiliency/_index.md +++ b/content/docs/resiliency/_index.md @@ -38,7 +38,7 @@ CSM for Resiliency provides the following capabilities: {{
}} | COP/OS | Supported Versions | |-|-| -| Kubernetes | 1.20, 1.21, 1.22 | +| Kubernetes | 1.21, 1.22, 1.23 | | Red Hat OpenShift | 4.8, 4.9 | | RHEL | 7.x, 8.x | | CentOS | 7.8, 7.9 | From c6b27d7b7719d9e928f4a07266ff6b86d5fee4a5 Mon Sep 17 00:00:00 2001 From: shaynafinocchiaro <66699024+shaynafinocchiaro@users.noreply.github.com> Date: Wed, 12 Jan 2022 16:24:03 -0500 Subject: [PATCH 04/52] Observability upgrade for installer scripts (#123) * Kubernetes 1.23 support documentation (#116) * added upgrade for observability online installer * update to obs upgrade * fixed wording * Revert "Kubernetes 1.23 support documentation (#116)" This reverts commit 84414e2f0ccc53d950caf3ed6190dfb914889430. Co-authored-by: shanmydell <82038610+shanmydell@users.noreply.github.com> --- .../docs/observability/deployment/online.md | 1 + content/docs/observability/upgrade/_index.md | 62 ++++++++++++++++--- 2 files changed, 53 insertions(+), 10 deletions(-) diff --git a/content/docs/observability/deployment/online.md b/content/docs/observability/deployment/online.md index 8beca80c6a..3714c064c6 100644 --- a/content/docs/observability/deployment/online.md +++ b/content/docs/observability/deployment/online.md @@ -59,6 +59,7 @@ Usage: ./karavi-observability-install.sh mode options... Mode: install Installs Karavi Observability and enables Karavi Authorization if already installed enable-authorization Updates existing installation of Karavi Observability with Karavi Authorization + upgrade Upgrades existing installation of Karavi Observability to the latest release Options: Required --namespace[=] Namespace where Karavi Observability will be installed diff --git a/content/docs/observability/upgrade/_index.md b/content/docs/observability/upgrade/_index.md index b8eafe9dc9..60b38c2850 100644 --- a/content/docs/observability/upgrade/_index.md +++ b/content/docs/observability/upgrade/_index.md @@ -6,24 +6,24 @@ description: > Dell EMC Container Storage Modules (CSM) for Observability Upgrade --- -CSM for Observability can only be upgraded via the Helm chart following the instructions below. - -CSM for Observability Helm upgrade can be used if the initial deployment was performed using the [Helm chart](../deployment/helm) or [Online Installer](../deployment/online). - ->Note: The [Offline Installer](../deployment/offline) does not support upgrade. +This section outlines the upgrade steps for Container Storage Modules (CSM) for Observability. CSM for Observability upgrade can be achieved in one of two ways: +- Helm Chart Upgrade +- Online Installer Upgrade ## Helm Chart Upgrade +CSM for Observability Helm upgrade supports [Helm](../deployment/helm), [Online Installer](../deployment/online), and [Offline Installer](../deployment/offline) deployments. + To upgrade an existing Helm installation of CSM for Observability to the latest release, download the latest Helm charts. -```console +``` helm repo update ``` Check if the latest Helm chart version is available: -```console +``` helm search repo dell NAME CHART VERSION APP VERSION DESCRIPTION dell/karavi-observability 1.0.1 1.0.0 CSM for Observability is part of the [Container... @@ -33,8 +33,50 @@ dell/karavi-observability 1.0.1 1.0.0 CSM for Observab Upgrade to the latest CSM for Observability release: -```console -$ helm upgrade --version $latest_chart_version --values values.yaml karavi-observability dell/karavi-observability -n $namespace ``` +Upgrade Helm and Online Installer deployments: + + $ helm upgrade --version $latest_chart_version --values values.yaml karavi-observability dell/karavi-observability -n $namespace + +Upgrade Offline Installer deployment: + + $ helm upgrade --version $latest_chart_version karavi-observability dell/karavi-observability -n $namespace +``` + +The [configuration](../deployment/helm#configuration) section lists all the parameters that can be configured using the `values.yaml` file. + +## Online Installer Upgrade + +CSM for Observability online installer upgrade can be used if the initial deployment was performed using the [Online Installer](../deployment/online) or [Helm](../deployment/helm). + +1. Change to the installer directory: + ``` + [user@system /home/user]# cd karavi-observability/installer + ``` +2. Update `values.yaml` file as needed. Configuration options are outlined in the [Helm chart deployment section](../deployment/helm#configuration). -The [configuration](../deployment/helm#configuration) section lists all the parameters that can be configured using the values.yaml file. \ No newline at end of file +2. Execute the `./karavi-observability-install.sh` script: + ``` + [user@system /home/user/karavi-observability/installer]# ./karavi-observability-install.sh upgrade --namespace $namespace --values myvalues.yaml --version $latest_chart_version + --------------------------------------------------------------------------------- + > Upgrading Karavi Observability in namespace karavi on 1.21 + --------------------------------------------------------------------------------- + | + |- Karavi Observability is installed. Upgrade can continue Success + | + |- Verifying Kubernetes versions + | + |--> Verifying minimum Kubernetes version Success + | + |--> Verifying maximum Kubernetes version Success + | + |- Verifying helm version Success + | + |- Upgrading CertManager CRDs Success + | + |- Updating helm repositories Success + | + |- Upgrading Karavi Observability helm chart Success + | + |- Waiting for pods in namespace karavi to be ready Success + ``` From ffceb7d7d8c849481a9ca50671d649d7cbc98244 Mon Sep 17 00:00:00 2001 From: Trevor Dawe Date: Thu, 13 Jan 2022 13:36:07 -0400 Subject: [PATCH 05/52] Updated references about the CSM Installer (#124) --- content/docs/FAQ/_index.md | 7 ------- content/docs/deployment/csminstaller/_index.md | 6 +++--- content/docs/observability/deployment/_index.md | 3 +-- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/content/docs/FAQ/_index.md b/content/docs/FAQ/_index.md index b7584f0534..8ce5794566 100644 --- a/content/docs/FAQ/_index.md +++ b/content/docs/FAQ/_index.md @@ -15,7 +15,6 @@ weight: 2 - [Should I install the module in the same namespace as the driver or another?](#should-i-install-the-module-in-the-same-namespace-as-the-driver-or-another) - [Which Kubernetes distributions are supported?](#which-kubernetes-distributions-are-supported) - [How do I get a list of Container Storage Modules deployed in my cluster with their versions?](#how-do-i-get-a-list-of-container-storage-modules-deployed-in-my-cluster-with-their-versions) -- [Does the CSM Installer provide full Container Storage Modules functionality for all products?](#does-the-csm-installer-provide-full-container-storage-modules-functionality-for-all-products) - [Do all Container Storage Modules need to be the same version, or can I mix and match?](#do-all-container-storage-modules-need-to-be-the-same-version-or-can-i-mix-and-match) - [Can I run Container Storage Modules in a production environment?](#can-i-run-container-storage-modules-in-a-production-environment) - [Is Dell Container Storage Modules (CSM) supported by Dell Technologies?](#is-dell-container-storage-modules-csm-supported-by-dell-technologies) @@ -39,7 +38,6 @@ Please see module and the respectice CSI driver version available for each array | Observability v1.0| ✔️ | ❌ | ✔️ | ❌ | ❌ | | Replication v1.1| ❌ | ❌ | ✔️ | ✔️ | ❌ | | Resilency v1.0| ✔️ | ❌ | ❌ | ❌ | ✔️ | -| CSM Installer v1.0| ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ### What are the prerequisites for deploying Container Storage Modules? Prerequisites can be found on the respective module deployment pages: @@ -88,9 +86,6 @@ Or if you know the namespace: kubectl get deployment,daemonset -o wide -n {{namespace}} ``` -### Does the CSM Installer provide full Container Storage Modules functionality for all products? -The CSM Installer supports the installation of all the Container Storage Modules and Dell EMC CSI drivers. - ### Do all Container Storage Modules need to be the same version, or can I mix and match? It is advised to comply with the support matrices (links below) and not deviate from it with mixed versions. - [Dell EMC Container Storage Module for Authorization](../authorization/#supported-operating-systemscontainer-orchestrator-platforms) @@ -99,8 +94,6 @@ It is advised to comply with the support matrices (links below) and not deviate - [Dell EMC Container Storage Module for Resiliency](../resiliency/#supported-operating-systemscontainer-orchestrator-platforms) - [Dell EMC CSI Drivers](../csidriver/#supported-operating-systemscontainer-orchestrator-platforms). -The CSM installer module will help to stay aligned with compatible versions during the first install and future upgrades. - ### Can I run Container Storage Modules in a production environment? As of CSM 1.0, the Container Storage Modules are GA and ready for production systems. diff --git a/content/docs/deployment/csminstaller/_index.md b/content/docs/deployment/csminstaller/_index.md index f7b0e7f6d3..814978f866 100644 --- a/content/docs/deployment/csminstaller/_index.md +++ b/content/docs/deployment/csminstaller/_index.md @@ -5,6 +5,8 @@ description: Container Storage Modules Installer weight: 1 --- +>>**Note: The CSM Installer only supports installation of CSM 1.0 Modules and CSI Drivers in environments that do not have any existing deployments of CSM or CSI Drivers. The CSM Installer does not support the upgrade of existing CSM or CSI Driver deployments.** + The CSM (Container Storage Modules) Installer simplifies the deployment and management of Dell EMC Container Storage Modules and CSI Drivers to provide persistent storage for your containerized workloads. ## CSM Installer Supported Modules and Dell EMC CSI Drivers @@ -21,8 +23,6 @@ The CSM (Container Storage Modules) Installer simplifies the deployment and mana | CSI Driver for PowerFlex | v2.0 | | CSI Driver for PowerMax | v2.0 | -**Note:** The CSM Installer supports installation of CSM 1.0 Modules and CSI Drivers in environments that do not have any existing deployments of CSM or CSI Drivers. The CSM Installer does not support the upgrade of existing CSM or CSI Driver deployments. - The CSM Installer must first be deployed in a Kubernetes environment using Helm. After which, the CSM Installer can be used through the following interfaces: - [CSM CLI](./csmcli) - [REST API](./csmapi) @@ -186,4 +186,4 @@ helm upgrade -n csm-installer \ 1. Delete the Helm chart ``` helm delete -n csm-installer csm-installer -``` \ No newline at end of file +``` diff --git a/content/docs/observability/deployment/_index.md b/content/docs/observability/deployment/_index.md index b446d71974..b8b9750569 100644 --- a/content/docs/observability/deployment/_index.md +++ b/content/docs/observability/deployment/_index.md @@ -8,7 +8,6 @@ description: > CSM for Observability can be deployed in one of three ways: -- [CSM Installer](../../deployment) (*Recommended installation method*) - [Helm](./helm) - [CSM for Observability Installer](./online) - [CSM for Observability Offline Installer](./offline) @@ -438,4 +437,4 @@ In this case all storage system requests made by CSM for Observability will not 2. Copy the `powerstore-config` Secret from the CSI Driver for Dell EMC PowerStore namespace to the CSM namespace. ```console $ kubectl get secret powerstore-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - - ``` \ No newline at end of file + ``` From 3a9ea86c8a9f7d3c3881efa89e7269753ea22ce1 Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Thu, 13 Jan 2022 13:05:06 -0500 Subject: [PATCH 06/52] Update Observability with Authorization helm deployment and other minor fixes (#121) * fix mountEndpoint references * add docs for auth with observability --- content/docs/FAQ/_index.md | 2 +- content/docs/authorization/_index.md | 3 - content/docs/authorization/cli.md | 55 ------- .../docs/authorization/deployment/_index.md | 9 +- content/docs/authorization/design.md | 5 +- content/docs/authorization/troubleshooting.md | 150 ------------------ .../csidriver/installation/helm/isilon.md | 1 + content/docs/observability/deployment/helm.md | 19 ++- .../docs/observability/deployment/offline.md | 17 +- 9 files changed, 28 insertions(+), 233 deletions(-) diff --git a/content/docs/FAQ/_index.md b/content/docs/FAQ/_index.md index 8ce5794566..b1b0768381 100644 --- a/content/docs/FAQ/_index.md +++ b/content/docs/FAQ/_index.md @@ -65,7 +65,7 @@ Prerequisites for deploying the Dell EMC CSI drivers can be found here: No, all the modules have been designed to work inside Kubernetes with Dell EMC CSI drivers. ### Should I install the module in the same namespace as the driver or another? -It is recommended to install CSM for Observability in a namespace separate from the Dell EMC CSI drivers because it works across multiple drivers. All other modules either run as standalone or are injected into the Dell EMC CSI driver as a sidecar. +It is recommended to install CSM for Observability in a namespace separate from the Dell EMC CSI drivers because it works across multiple drivers. All other modules either run as standalone or with the Dell EMC CSI driver as a sidecar. ### Which Kubernetes distributions are supported? The supported Kubernetes distributions for Container Storage Modules are documented: diff --git a/content/docs/authorization/_index.md b/content/docs/authorization/_index.md index b55f6145ea..52defa1dfa 100644 --- a/content/docs/authorization/_index.md +++ b/content/docs/authorization/_index.md @@ -58,9 +58,6 @@ CSM for Authorization supports the following CSI drivers and versions. | CSI Driver for Dell EMC PowerScale | [csi-powerscale](https://github.com/dell/csi-powerscale) | v2.0,v2.1 | {{
}} -__Note:__ If the deployed CSI driver has a number of controller pods equal to the number of schedulable nodes in your cluster, CSM for Authorization may not be able to inject properly into the driver's controller pod. -To resolve this, please refer to our [troubleshooting guide](./troubleshooting) on the topic. - ## Authorization Components Support Matrix CSM for Authorization consists of 2 components - the Authorization sidecar and the Authorization proxy server. It is important that the version of the Authorization sidecar image maps to a supported version of the Authorization proxy server. diff --git a/content/docs/authorization/cli.md b/content/docs/authorization/cli.md index eedaf0957d..8005183c46 100644 --- a/content/docs/authorization/cli.md +++ b/content/docs/authorization/cli.md @@ -15,7 +15,6 @@ If you feel that something is unclear or missing in this document, please open u | - | - | | [karavictl](#karavictl) | karavictl is used to interact with CSM Authorization Server | | [karavictl cluster-info](#karavictl-cluster-info) | Display the state of resources within the cluster | -| [karavictl inject](#karavictl-inject) | Inject the sidecar proxy into a CSI driver pod | | [karavictl generate](#karavictl-generate) | Generate resources for use with CSM | | [karavictl generate token](#karavictl-generate-token) | Generate tokens | | [karavictl role](#karavictl-role) | Manage role | @@ -112,60 +111,6 @@ redis-commander 1/1 1 1 59m -### karavictl inject - -Inject the sidecar proxy into a CSI driver pod - -##### Synopsis - -Injects the sidecar proxy into a CSI driver pod. - -You can inject resources coming from stdin. - -``` -karavictl inject [flags] -``` - -##### Options - -``` - -h, --help help for inject - --image-addr string Help message for image-addr - --proxy-host string Help message for proxy-host -``` - -##### Options inherited from parent commands - -``` - --config string config file (default is $HOME/.karavictl.yaml) -``` - -##### Examples: - -Inject into an existing vxflexos CSI driver -``` -kubectl get secrets,deployments,daemonsets -n vxflexos -o yaml \ - | karavictl inject --image-addr [IMAGE_REPO]:5000/sidecar-proxy:latest --proxy-host [PROXY_HOST_IP] \ - | kubectl apply -f - -``` - -##### Output - -``` -$ kubectl get secrets,deployments,daemonsets -n vxflexos -o yaml \ -| karavictl inject --image-addr [IMAGE_REPO]:5000/sidecar-proxy:latest --proxy-host [PROXY_HOST_IP] \ -| kubectl apply -f - - -secret/karavi-authorization-config created -deployment.apps/vxflexos-controller configured -daemonset.apps/vxflexos-node configured -``` - - ---- - - - ### karavictl generate Generate resources for use with CSM diff --git a/content/docs/authorization/deployment/_index.md b/content/docs/authorization/deployment/_index.md index 8a4ab73dd2..0b4ed5a67d 100644 --- a/content/docs/authorization/deployment/_index.md +++ b/content/docs/authorization/deployment/_index.md @@ -45,7 +45,6 @@ A Storage Administrator can execute the installer or rpm package as a root user ```json { "web": { - "sidecarproxyaddr": "docker_registry/sidecar-proxy:latest", "jwtsigningsecret": "secret" }, "proxy": { @@ -225,8 +224,7 @@ Create the karavi-authorization-config secret using the following command: >__Note__: > - Create the driver secret as you would normally except update/add the connection information for communicating with the sidecar instead of the backend storage array and scrub the username and password > - For PowerScale, the *systemID* will be the *clusterName* of the array. -> - The *isilon-creds* secret has a *mountEndpoint* parameter which should not be updated by the user. This parameter is updated and used when the driver has been injected with [CSM-Authorization](https://github.com/dell/karavi-authorization). - +> - The *isilon-creds* secret has a *mountEndpoint* parameter which must be set to the hostname or IP address of the PowerScale OneFS API server, for example, 10.0.0.1. 3. Create the proxy-server-root-certificate secret. If running in *insecure* mode, create the secret with empty data: @@ -270,7 +268,9 @@ Please refer to step 5 in the [installation steps for PowerScale](../../csidrive 1. Update *endpointPort* to match the endpoint port number set in samples/secret/karavi-authorization-config.json ->__Note__: In *my-isilon-settings.yaml*, endpointPort acts as a default value. If endpointPort is not specified in *my-isilon-settings.yaml*, then it should be specified in the *endpoint* parameter of samples/secret/secret.yaml. +*Notes:* +> - In *my-isilon-settings.yaml*, endpointPort acts as a default value. If endpointPort is not specified in *my-isilon-settings.yaml*, then it should be specified in the *endpoint* parameter of samples/secret/secret.yaml. +> - The *isilon-creds* secret has a *mountEndpoint* parameter which must be set to the hostname or IP address of the PowerScale OneFS API server, for example, 10.0.0.1. 2. Enable CSM for Authorization and provide *proxyHost* address @@ -294,7 +294,6 @@ CSM for Authorization has a subset of configuration parameters that can be updat | certificate.crtFile | String | "" |Path to the host certificate file | | certificate.keyFile | String | "" |Path to the host private key file | | certificate.rootCertificate | String | "" |Path to the root CA file | -| web.sidecarproxyaddr | String |"127.0.0.1:5000/sidecar-proxy:latest" |Docker registry address of the CSM for Authorization sidecar-proxy | | web.jwtsigningsecret | String | "secret" |The secret used to sign JWT tokens | Updating configuration parameters can be done by editing the `karavi-config-secret` on the CSM for the Authorization Server. The secret can be queried using k3s and kubectl like so: diff --git a/content/docs/authorization/design.md b/content/docs/authorization/design.md index 8d9cd34138..07bc29c172 100644 --- a/content/docs/authorization/design.md +++ b/content/docs/authorization/design.md @@ -66,7 +66,7 @@ methods supported by the Storage Array itself, e.g. Basic authentication over TL ### Sidecar Proxy -The CSM for Authorization Sidecar Proxy is a sidecar container that gets "injected" into the CSI Driver's Pod. It acts as a proxy and forwards all requests to a +The CSM for Authorization Sidecar Proxy is deployed as a sidecar in the CSI Driver's Pod. It acts as a proxy and forwards all requests to a CSM Authorization Server. The [CSI Driver section](#csi-driver) noted the limitation of a CSI Driver using Storage Array supported authentication methods only. By nature of being a proxy, the CSM for Authorization @@ -86,9 +86,6 @@ Inbound requests are expected to originate from the CSM for Authorization Sideca The [*karavictl*](../cli) CLI (Command Line Interface) application allows Storage Admins to manage and interact with a running CSM for Authorization Server. -Additionally, *karavictl* provides functionality for supporting the sidecar proxy injection mechanism mentioned above. Injection is discussed in more detail later -on in this document. - ### Storage Array A Storage Array is typically considered to be one of the various Dell EMC storage offerings, e.g. Dell EMC PowerFlex which is supported by CSM for Authorization diff --git a/content/docs/authorization/troubleshooting.md b/content/docs/authorization/troubleshooting.md index eef3c64a87..0a47cb4ec8 100644 --- a/content/docs/authorization/troubleshooting.md +++ b/content/docs/authorization/troubleshooting.md @@ -6,9 +6,6 @@ Description: > Troubleshooting guide --- -- [Running `karavictl inject` leaves the vxflexos-controller in a `Pending` state](#running-karavictl-inject-leaves-the-vxflexos-controller-in-a-pending-state) -- [Running `karavictl inject` leaves the powermax-controller in a `Pending` state](#running-karavictl-inject-leaves-the-powermax-controller-in-a-pending-state) -- [Running `karavictl inject` leaves the isilon-controller in a `Pending` state](#running-karavictl-inject-leaves-the-isilon-controller-in-a-pending-state) - [Running `karavictl tenant` commands result in an HTTP 504 error](#running-karavictl-tenant-commands-result-in-an-http-504-error) --- @@ -26,153 +23,6 @@ For OPA related logs, run: $ k3s kubectl logs deploy/proxy-server -n karavi -c opa ``` -### Running "karavictl inject" leaves the vxflexos-controller in a "Pending" state -This situation may occur when the number of vxflexos-controller pods that are deployed is equal to the number of schedulable nodes. -``` -$ kubectl get pods -n vxflexos - -NAME READY STATUS RESTARTS AGE -vxflexos-controller-696cc5945f-4t94d 0/6 Pending 0 3m2s -vxflexos-controller-75cdcbc5db-k25zx 5/5 Running 0 3m41s -vxflexos-controller-75cdcbc5db-nkxqh 5/5 Running 0 3m42s -vxflexos-node-mjc74 3/3 Running 0 2m44s -vxflexos-node-zgswp 3/3 Running 0 2m44s -``` - -__Resolution__ - -To resolve this issue, we need to temporarily reduce the number of replicas that the driver deployment is using. - -1. Edit the deployment - ``` - $ kubectl edit -n vxflexos deploy/vxflexos-controller - ``` - -2. Find `replicas` under the `spec` section of the deployment manifest. -3. Reduce the number of `replicas` by 1 -4. Save the file -5. Confirm that the updated controller pods have been deployed - ``` - $ kubectl get pods -n vxflexos - - NAME READY STATUS RESTARTS AGE - vxflexos-controller-696cc5945f-4t94d 6/6 Running 0 4m41s - vxflexos-node-mjc74 3/3 Running 0 3m44s - vxflexos-node-zgswp 3/3 Running 0 3m44s - ``` - -6. Edit the deployment again -7. Find `replicas` under the `spec` section of the deployment manifest. -8. Increase the number of `replicas` by 1 -9. Save the file -10. Confirm that the updated controller pods have been deployed - ``` - $ kubectl get pods -n vxflexos - - NAME READY STATUS RESTARTS AGE - vxflexos-controller-696cc5945f-4t94d 6/6 Running 0 5m41s - vxflexos-controller-696cc5945f-6xxhb 6/6 Running 0 5m41s - vxflexos-node-mjc74 3/3 Running 0 4m44s - vxflexos-node-zgswp 3/3 Running 0 4m44s - ``` - -### Running "karavictl inject" leaves the powermax-controller in a "Pending" state -This situation may occur when the number of powermax-controller pods that are deployed is equal to the number of schedulable nodes. -``` -$ kubectl get pods -n powermax - -NAME READY STATUS RESTARTS AGE -powermax-controller-58d8779f5d-v7t56 0/6 Pending 0 25s -powermax-controller-78f749847-jqphx 5/5 Running 0 10m -powermax-controller-78f749847-w6vp5 5/5 Running 0 10m -powermax-node-gx5pk 3/3 Running 0 21s -powermax-node-k5gwc 3/3 Running 0 17s -``` - -__Resolution__ - -To resolve this issue, we need to temporarily reduce the number of replicas that the driver deployment is using. - -1. Edit the deployment - ``` - $ kubectl edit -n powermax deploy/powermax-controller - ``` - -2. Find `replicas` under the `spec` section of the deployment manifest. -3. Reduce the number of `replicas` by 1 -4. Save the file -5. Confirm that the updated controller pods have been deployed - ``` - $ kubectl get pods -n powermax - NAME READY STATUS RESTARTS AGE - powermax-controller-58d8779f5d-cqx8d 6/6 Running 0 22s - powermax-node-gx5pk 3/3 Running 3 8m3s - powermax-node-k5gwc 3/3 Running 3 7m59s - ``` - -6. Edit the deployment again -7. Find `replicas` under the `spec` section of the deployment manifest. -8. Increase the number of `replicas` by 1 -9. Save the file -10. Confirm that the updated controller pods have been deployed - ``` - $ kubectl get pods -n powermax - NAME READY STATUS RESTARTS AGE - powermax-controller-58d8779f5d-cqx8d 6/6 Running 0 22s - powermax-controller-58d8779f5d-v7t56 6/6 Running 22 8m7s - powermax-node-gx5pk 3/3 Running 3 8m3s - powermax-node-k5gwc 3/3 Running 3 7m59s - ``` - -### Running "karavictl inject" leaves the isilon-controller in a "Pending" state -This situation may occur when the number of Isilon controller pods that are deployed is equal to the number of schedulable nodes. -``` -$ kubectl get pods -n isilon - -NAME READY STATUS RESTARTS AGE -isilon-controller-58d8779f5d-v7t56 0/6 Pending 0 25s -isilon-controller-78f749847-jqphx 5/5 Running 0 10m -isilon-controller-78f749847-w6vp5 5/5 Running 0 10m -isilon-node-gx5pk 3/3 Running 0 21s -isilon-node-k5gwc 3/3 Running 0 17s -``` - -__Resolution__ - -To resolve this issue, we need to temporarily reduce the number of replicas that the driver deployment is using. - -1. Edit the deployment - ``` - $ kubectl edit -n deploy/isilon-controller - ``` - -2. Find `replicas` under the `spec` section of the deployment manifest. -3. Reduce the number of `replicas` by 1 -4. Save the file -5. Confirm that the updated controller pods have been deployed - ``` - $ kubectl get pods -n isilon - - NAME READY STATUS RESTARTS AGE - isilon-controller-696cc5945f-4t94d 6/6 Running 0 4m41s - isilon-node-mjc74 3/3 Running 0 3m44s - isilon-node-zgswp 3/3 Running 0 3m44s - ``` - -6. Edit the deployment again -7. Find `replicas` under the `spec` section of the deployment manifest. -8. Increase the number of `replicas` by 1 -9. Save the file -10. Confirm that the updated controller pods have been deployed - ``` - $ kubectl get pods -n isilon - NAME READY STATUS RESTARTS AGE - isilon-controller-58d8779f5d-cqx8d 6/6 Running 0 22s - isilon-controller-58d8779f5d-v7t56 6/6 Running 22 8m7s - isilon-node-gx5pk 3/3 Running 3 8m3s - isilon-node-k5gwc 3/3 Running 3 7m59s - ``` - ### Running "karavictl tenant" commands result in an HTTP 504 error This situation may occur if there are Iptables or other firewall rules preventing communication with the provided ``: ``` diff --git a/content/docs/csidriver/installation/helm/isilon.md b/content/docs/csidriver/installation/helm/isilon.md index 966de5509f..783fec1271 100644 --- a/content/docs/csidriver/installation/helm/isilon.md +++ b/content/docs/csidriver/installation/helm/isilon.md @@ -141,6 +141,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller | skipCertificateValidation | Specify whether the PowerScale OneFS API server's certificate chain and hostname must be verified. | No | default value from values.yaml | | endpointPort | Specify the HTTPs port number of the PowerScale OneFS API server | No | default value from values.yaml | | isiPath | The base path for the volumes to be created on PowerScale cluster. Note: IsiPath parameter in storageclass, if present will override this attribute. | No | default value from values.yaml | + | mountEndpoint | Endpoint of the PowerScale OneFS API server, for example, 10.0.0.1. This must be specified if [CSM-Authorization](https://github.com/dell/karavi-authorization) is enabled. | No | - | The username specified in *secret.yaml* must be from the authentication providers of PowerScale. The user must have enough privileges to perform the actions. The suggested privileges are as follows: diff --git a/content/docs/observability/deployment/helm.md b/content/docs/observability/deployment/helm.md index 46c9947d7c..07708c86f7 100644 --- a/content/docs/observability/deployment/helm.md +++ b/content/docs/observability/deployment/helm.md @@ -17,7 +17,7 @@ The Container Storage Modules (CSM) for Observability Helm chart bootstraps an O $ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.crds.yaml ``` -## Copy the CSI Driver Secret +## Copy the CSI Driver Entities Copy the config Secret from the Dell CSI Driver namespace into the namespace where CSM for Observability is deployed. @@ -27,6 +27,20 @@ Copy the config Secret from the Dell CSI Driver namespace into the namespace whe $ kubectl get secret vxflexos-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - ``` +If CSM-Authorization is enabled, perform the following steps. + +Copy the driver configuration parameters ConfigMap into the namespace where CSM for Observability is deployed. + +``` +$ kubectl get configmap vxflexos-config-params -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - +``` + +Create the `karavi-authorization-config` Secret by following step 2 in [Configuring a Dell EMC CSI Driver](../../../authorization/deployment/#configuring-a-dell-emc-csi-driver) but use the [CSM_NAMESPACE]. + +Create the `proxy-server-root-certificate` Secret by following step 3 in [Configuring a Dell EMC CSI Driver](../../../authorization/deployment#configuring-a-dell-emc-csi-driver) but use the [CSM_NAMESPACE]. + +Generate a token and apply it to the [CSM_NAMESPACE] by following [Generate a Token](../../../authorization/deployment/#generate-a-token). + __Note__: The target namespace must exist before executing this command. ### PowerStore @@ -76,6 +90,9 @@ The following table lists the configurable parameters of the CSM for Observabili | `karaviMetricsPowerflex.volumePollFrequencySeconds` | The polling frequency (in seconds) to gather volume metrics | `10` | | `karaviMetricsPowerflex.storageClassPoolPollFrequencySeconds` | The polling frequency (in seconds) to gather storage class/pool metrics | `10` | | `karaviMetricsPowerflex.concurrentPowerflexQueries` | The number of simultaneous metrics queries to make to Powerflex(MUST be less than 10; otherwise, several request errors from Powerflex will ensue. | `10` | +| `karaviMetricsPowerflex.authorization.enabled` | [Authorization](../../../authorization) is an optional feature to apply credential shielding of the backend PowerFlex. | `false` | +| `karaviMetricsPowerflex.authorization.proxyHost` | Hostname of the csm-authorization server. | | +| `karaviMetricsPowerflex.authorization.skipCertificateValidation` | A boolean that enables/disables certificate validation of the csm-authorization server. | | | `karaviMetricsPowerflex.sdcMetricsEnabled` | Enable PowerFlex SDC Metrics Collection | `true` | | `karaviMetricsPowerflex.volumeMetricsEnabled` | Enable PowerFlex Volume Metrics Collection | `true` | | `karaviMetricsPowerflex.storageClassPoolMetricsEnabled` | Enable PowerFlex Storage Class/Pool Metrics Collection | `true` | diff --git a/content/docs/observability/deployment/offline.md b/content/docs/observability/deployment/offline.md index 67d4948c4d..22fd1f1e3f 100644 --- a/content/docs/observability/deployment/offline.md +++ b/content/docs/observability/deployment/offline.md @@ -125,6 +125,8 @@ To perform an offline installation of a Helm chart, the following steps should b [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl get secret vxflexos-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - ``` + If CSM-Authorization is enabled, perform the additional steps at [Copy the CSI Driver Entities](../helm/#copy-the-csi-driver-entities) to create the required Secrets and ConfigMap and fill in the authorization parameters in the values.yaml. + CSI Driver for PowerStore ``` [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl get secret powerstore-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - @@ -145,17 +147,4 @@ To perform an offline installation of a Helm chart, the following steps should b TEST SUITE: None ``` - -5. (Optional) The following steps can be performed to enable CSM for Observability to use an existing instance of Authorization for accessing the REST API for the given storage systems. - - **Note:** CSM for Authorization currently does not support the Observability module for PowerStore. - - Copy the proxy Secret into the CSM for Observability namespace: - ``` - [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl get secret proxy-authz-tokens -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - - ``` - - Use `karavictl` to update the Observability module deployment to use the Authorization module. Required parameters are the location of the sidecar-proxy Docker image and the URL of the Authorization module proxy. If the Authorization module was installed using certificates, the flags `--insecure=false` and `--root-certificate ` must be also be provided. If certificates were not provided during installation, the flag `--insecure=true` must be provided. - ``` - [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl get secrets,deployments -n [CSM_NAMESPACE] -o yaml | karavictl inject --insecure=false --root-certificate --image-addr --proxy-host | kubectl apply -f - - ``` \ No newline at end of file + \ No newline at end of file From 2b1cda93dfd0bf55ec6070890e1ee8ff01d25e6b Mon Sep 17 00:00:00 2001 From: Randeep Sharma <92301596+randeepsharma@users.noreply.github.com> Date: Fri, 21 Jan 2022 14:56:44 +0530 Subject: [PATCH 07/52] Operator upgrade steps improvement (#120) Co-authored-by: shanmydell <82038610+shanmydell@users.noreply.github.com> --- .../csidriver/installation/operator/_index.md | 9 +++++-- .../csidriver/upgradation/drivers/isilon.md | 27 +++++++------------ .../csidriver/upgradation/drivers/operator.md | 17 ++++++++---- .../upgradation/drivers/powerflex.md | 8 +++--- .../csidriver/upgradation/drivers/powermax.md | 9 +++---- .../upgradation/drivers/powerstore.md | 11 ++++---- .../csidriver/upgradation/drivers/unity.md | 22 +++++++-------- 7 files changed, 49 insertions(+), 54 deletions(-) diff --git a/content/docs/csidriver/installation/operator/_index.md b/content/docs/csidriver/installation/operator/_index.md index 468761f0f6..5c11ccaad5 100644 --- a/content/docs/csidriver/installation/operator/_index.md +++ b/content/docs/csidriver/installation/operator/_index.md @@ -293,8 +293,13 @@ The CSI Drivers installed by the Dell CSI Operator can be updated like any Kuber # Replace driver-namespace with the namespace where the Unity driver is installed $ kubectl edit csiunity/unity -n ``` - and modify the installation -* Modify the API object in-place via `kubectl patch` + and modify the installation. The usual fields to edit are the version of drivers and sidecars and the env variables. +* Modify the API object in place via `kubectl patch` command. + +To create patch file or edit deployments, refer [here](https://github.com/dell/dell-csi-operator/tree/master/samples) for driver version & env variables and [here](https://github.com/dell/dell-csi-operator/tree/master/driverconfig/config.yaml) for version of side-cars. +The latest versions of drivers could have additional env variables or sidecars. + +The below notes explain some of the general items to take care of. **NOTES:** 1. If you are trying to upgrade the CSI driver from an older version, make sure to modify the _configVersion_ field if required. diff --git a/content/docs/csidriver/upgradation/drivers/isilon.md b/content/docs/csidriver/upgradation/drivers/isilon.md index 76ef431580..228d8123a8 100644 --- a/content/docs/csidriver/upgradation/drivers/isilon.md +++ b/content/docs/csidriver/upgradation/drivers/isilon.md @@ -8,34 +8,25 @@ Description: Upgrade PowerScale CSI driver --- You can upgrade the CSI Driver for Dell EMC PowerScale using Helm or Dell CSI Operator. -## Upgrade Driver from version 2.0.0 to 2.1.0 +## Upgrade Driver from version 2.0.0 to 2.1.0 using Helm **Note:** While upgrading the driver via helm, controllerCount variable in myvalues.yaml can be at most one less than the number of worker nodes. **Steps** -1. Verify that all pre-requisites to install CSI Driver for Dell EMC PowerScale version 2.1.0 are fulfilled. Note that change in secret format should be implemented. - - Delete the existing secret (isilon-creds and isilon-certs-0) - - Create new secrets (isilon-creds and isilon-certs-0) - Refer Installation section [here](./../../../installation/helm/isilon/#install-the-driver). -2. Clone the repository using `git clone -b v2.1.0 https://github.com/dell/csi-powerscale.git`, copy the helm/csi-isilon/values.yaml into a new location with a custom name say _my-isilon-settings.yaml_, to customize settings for installation. Edit _my-isilon-settings.yaml_ as per the requirements. -3. Change to directory dell-csi-helm-installer to install the Dell EMC PowerScale `cd dell-csi-helm-installer` -4. Upgrade the CSI Driver for Dell EMC PowerScale version 2.1.0 using following command: +1. Clone the repository using `git clone -b v2.1.0 https://github.com/dell/csi-powerscale.git`, copy the helm/csi-isilon/values.yaml into a new location with a custom name say _my-isilon-settings.yaml_, to customize settings for installation. Edit _my-isilon-settings.yaml_ as per the requirements. +2. Change to directory dell-csi-helm-installer to install the Dell EMC PowerScale `cd dell-csi-helm-installer` +3. Upgrade the CSI Driver for Dell EMC PowerScale version 2.1.0 using following command: `./csi-install.sh --namespace isilon --values ./my-isilon-settings.yaml --upgrade` ## Upgrade using Dell CSI Operator: - -**Note:** While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. +**Notes:** +1. While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. +2. Upgrading the Operator does not upgrade the CSI Driver. To upgrade the driver from version 2.0.0 to 2.1.0: -Note: It is highly recommended to take *Backup of existing storage class definition and volumesnapshot class definition, yaml files* before the upgrade. - -1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). - -2. Execute `bash scripts/install.sh --upgrade` . This command will install the latest version of the operator. ->Note: Dell CSI Operator version 1.4.0 and higher would install to the 'dell-csi-operator' namespace by default. - -3. To upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). +1. Please upgrade the Dell CSI Operator by following [here](./../operator). +2. Once the operator is upgraded, to upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). diff --git a/content/docs/csidriver/upgradation/drivers/operator.md b/content/docs/csidriver/upgradation/drivers/operator.md index 2a4bf38b68..78ab08b226 100644 --- a/content/docs/csidriver/upgradation/drivers/operator.md +++ b/content/docs/csidriver/upgradation/drivers/operator.md @@ -7,16 +7,23 @@ weight: 1 Description: Upgrade Dell CSI Operator --- To upgrade Dell CSI Operator from v1.2.0/v1.3.0 to v1.4.0/v1.5.0/v1.6.0, perform the following steps. +Dell CSI Operator can be upgraded based on the supported platforms in one of the 2 ways: +1. Using script (for non-OLM based installation) +2. Using Operator Lifecycle Manager (OLM) + ### Using Installation Script -Run the following command to upgrade the operator -``` -$ bash scripts/install.sh --upgrade -``` +1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). +2. git checkout dell-csi-operator- +3. Execute `bash scripts/install.sh --upgrade` . This command will install the latest version of the operator. +>Note: Dell CSI Operator version 1.4.0 and higher would install to the 'dell-csi-operator' namespace by default. ### Using OLM The upgrade of the Dell CSI Operator is done via Operator Lifecycle Manager. -If the `InstallPlan` for the Operator subscription is set to `Automatic`, the operator will be automatically upgraded to the new version. If the `InstallPlan` is set to `Manual`, then a Cluster Administrator would need to approve the upgrade. + +The `Update approval` (**`InstallPlan`** in OLM terms) strategy plays a role while upgrading dell-csi-operator on OpenShift. This option can be set during installation of dell-csi-operator on OpenShift via the console and can be either set to `Manual` or `Automatic`. + - If the **`Update approval`** is set to `Automatic`, OpenShift automatically detects whenever the latest version of dell-csi-operator is available in the **`Operator hub`**, and upgrades it to the latest available version. + - If the upgrade policy is set to `Manual`, OpenShift notifies of an available upgrade. This notification can be viewed by the user in the **`Installed Operators`** section of the OpenShift console. Clicking on the hyperlink to `Approve` the installation would trigger the dell-csi-operator upgrade process. **NOTE**: The recommended version of OLM for Upstream Kubernetes is **`v0.18.3`** when upgrading operator to `v1.5.0`. diff --git a/content/docs/csidriver/upgradation/drivers/powerflex.md b/content/docs/csidriver/upgradation/drivers/powerflex.md index 626538f5f9..73c9683784 100644 --- a/content/docs/csidriver/upgradation/drivers/powerflex.md +++ b/content/docs/csidriver/upgradation/drivers/powerflex.md @@ -25,10 +25,8 @@ You can upgrade the CSI Driver for Dell EMC PowerFlex using Helm or Dell CSI Ope - The logging configuration from v1.5 will not work in v2.1, since the log configuration parameters are now set in the values.yaml file located at helm/csi-vxflexos/values.yaml. Please set the logging configuration parameters in the values.yaml file. ## Upgrade using Dell CSI Operator: -1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). +**Note:** Upgrading the Operator does not upgrade the CSI Driver. -2. Execute `bash scripts/install.sh --upgrade` -This command will install the latest version of the operator. ->Note: Dell CSI Operator version 1.4.0 and higher would install to the 'dell-csi-operator' namespace by default. +1. Please upgrade the Dell CSI Operator by following [here](./../operator). +2. Once the operator is upgraded, to upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). -3. To upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). diff --git a/content/docs/csidriver/upgradation/drivers/powermax.md b/content/docs/csidriver/upgradation/drivers/powermax.md index 82d68f6759..18d169dace 100644 --- a/content/docs/csidriver/upgradation/drivers/powermax.md +++ b/content/docs/csidriver/upgradation/drivers/powermax.md @@ -22,11 +22,8 @@ You can upgrade CSI Driver for Dell EMC PowerMax using Helm or Dell CSI Operator - To update any installation parameter after the driver has been installed, change the `my-powermax-settings.yaml` file and run the install script with the option _\-\-upgrade_, for example: `./csi-install.sh --namespace powermax --values ./my-powermax-settings.yaml –upgrade`. ## Upgrade using Dell CSI Operator: +**Note:** Upgrading the Operator does not upgrade the CSI Driver. -1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). +1. Please upgrade the Dell CSI Operator by following [here](./../operator). +2. Once the operator is upgraded, to upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). -2. Execute `bash scripts/install.sh --upgrade` -This command installs the latest version of the operator. ->Note: Dell CSI Operator version 1.4.0 and later installs to the 'dell-csi-operator' namespace by default. - -3. To upgrade the driver, see [here](./../../../installation/operator/#update-csi-drivers). diff --git a/content/docs/csidriver/upgradation/drivers/powerstore.md b/content/docs/csidriver/upgradation/drivers/powerstore.md index 96be7e3630..7cf72e6c59 100644 --- a/content/docs/csidriver/upgradation/drivers/powerstore.md +++ b/content/docs/csidriver/upgradation/drivers/powerstore.md @@ -33,12 +33,11 @@ Note: While upgrading the driver via helm, controllerCount variable in myvalues. ## Upgrade using Dell CSI Operator: -Note: While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. +**Notes:** +1. While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. +2. Upgrading the Operator does not upgrade the CSI Driver. -1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). -2. Execute `bash scripts/install.sh --upgrade` -This command will install the latest version of the operator. ->Note: Dell CSI Operator version 1.5.0 and higher would install to the 'dell-csi-operator' namespace by default. +1. Please upgrade the Dell CSI Operator by following [here](./../operator). +2. Once the operator is upgraded, to upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). -3. To upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). diff --git a/content/docs/csidriver/upgradation/drivers/unity.md b/content/docs/csidriver/upgradation/drivers/unity.md index 60b7f33440..16e11131fa 100644 --- a/content/docs/csidriver/upgradation/drivers/unity.md +++ b/content/docs/csidriver/upgradation/drivers/unity.md @@ -9,6 +9,11 @@ Description: Upgrade Unity CSI driver You can upgrade the CSI Driver for Dell EMC Unity using Helm or Dell CSI Operator. +**Note:** +1. User has to re-create existing custom-storage classes (if any) according to the latest format. +2. User has to create Volumesnapshotclass after upgrade for taking Snapshots. +3. Secret.yaml files can be updated according to Multiarray normalization parameters only after upgrading the driver. + ### Using Helm **Note:** While upgrading the driver via helm, controllerCount variable in myvalues.yaml can be at most one less than the number of worker nodes. @@ -22,22 +27,15 @@ To upgrade the driver from csi-unity v2.0 to csi-unity 2.1 3. Copy the helm/csi-unity/values.yaml to the new location csi-unity/dell-csi-helm-installer with name say myvalues.yaml, to customize settings for installation edit myvalues.yaml as per the requirements. 4. Navigate to common-helm-installer folder and execute the following command: `./csi-install.sh --namespace unity --values ./myvalues.yaml --upgrade` - -**Note:** -1. User has to re-create existing custom-storage classes (if any) according to the latest format. -2. User has to create Volumesnapshotclass after upgrade for taking Snapshots. -3. Secret.yaml files can be updated according to Multiarray Normalization parameters only after upgrading the driver. ### Using Operator -**Note:** While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. +**Notes:** +1. While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. +2. Upgrading the Operator does not upgrade the CSI Driver. To upgrade the driver from csi-unity v2.0 to csi-unity v2.1 : -1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). - -2. Execute `bash scripts/install.sh --upgrade` -This command will install the latest version of the operator. ->Note: Dell CSI Operator version 1.4.0 and higher would install to the 'dell-csi-operator' namespace by default. +1. Please upgrade the Dell CSI Operator by following [here](./../operator). +2. Once the operator is upgraded, to upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). -3. To upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). From 99c8a72420de50bcbc1bba621907d268233573cf Mon Sep 17 00:00:00 2001 From: Bahubali Jain <66621574+bpjain2004@users.noreply.github.com> Date: Thu, 27 Jan 2022 09:33:36 +0530 Subject: [PATCH 08/52] documentation for driver enhancement- allow volume creation from snapshot with different isi path (#129) --- content/docs/csidriver/features/powerscale.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/docs/csidriver/features/powerscale.md b/content/docs/csidriver/features/powerscale.md index 98536afa97..0a82876765 100644 --- a/content/docs/csidriver/features/powerscale.md +++ b/content/docs/csidriver/features/powerscale.md @@ -192,6 +192,8 @@ spec: storage: 5Gi ``` +> Starting from CSI PowerScale driver version 2.2, it is allowed to create PersistentVolumeClaim from VolumeSnapshot with different isi paths i.e., isi paths of the new volume and the VolumeSnapshot can be different. + ## Volume Expansion The CSI PowerScale driver version 1.2 and later supports the expansion of Persistent Volumes (PVs). This expansion can be done either online (for example, when a PVC is attached to a node) or offline (for example, when a PVC is not attached to any node). From 1d0e5f25f29dbd3cb56b3264f5fed576e0254875 Mon Sep 17 00:00:00 2001 From: shaynafinocchiaro <66699024+shaynafinocchiaro@users.noreply.github.com> Date: Thu, 3 Feb 2022 16:19:09 -0500 Subject: [PATCH 09/52] Update Observability installer with Authorization and troubleshooting (#131) * update auth info in observability, add troubleshooting * update wording --- .../docs/observability/deployment/online.md | 25 +++++++++++-------- .../observability/troubleshooting/_index.md | 10 ++++++++ 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/content/docs/observability/deployment/online.md b/content/docs/observability/deployment/online.md index 3714c064c6..294b834627 100644 --- a/content/docs/observability/deployment/online.md +++ b/content/docs/observability/deployment/online.md @@ -30,9 +30,8 @@ The Container Storage Modules (CSM) for Observability installer bootstraps Helm If the Authorization module is enabled for the CSI drivers installed in the same Kubernetes cluster, the installer will perform the current steps to enable CSM for Observability to use the same Authorization instance: - Verifies the `karavictl` binary is available. -- Verifies the appropriate Secret exists in the CSI driver namespace. -- Queries the CSI driver environment to get references to the Authorization module sidecar-proxy Docker image and URL of the proxy server. -- Updates the CSM for Observability deployment to use the existing Authorization instance. +- Verifies the appropriate Secrets and ConfigMap exist in the CSI driver namespace. +- Updates the CSM for Observability deployment to use the existing Authorization instance if not already enabled during the initial installation of CSM for Observability. ## Online Installer @@ -64,8 +63,6 @@ Options: Required --namespace[=] Namespace where Karavi Observability will be installed Optional - --auth-image-addr Docker registry location of the Karavi Authorization sidecar proxy image - --auth-proxy-host Host address of the Karavi Authorization proxy server --csi-powerflex-namespace[=] Namespace where CSI PowerFlex is installed, default is 'vxflexos' --set-file Set values from files used during helm installation (can be specified multiple times) --skip-verify Skip verification of the environment @@ -98,7 +95,7 @@ To perform an online installation of CSM for Observability, the following steps ``` [user@system /home/user/karavi-observability/installer]# ./karavi-observability-install.sh install --namespace [CSM_NAMESPACE] --values myvalues.yaml --------------------------------------------------------------------------------- - > Installing Karavi Observability in namespace karavi on 1.19 + > Installing Karavi Observability in namespace karavi on 1.21 --------------------------------------------------------------------------------- | |- Karavi Observability is not installed Success @@ -121,17 +118,23 @@ To perform an online installation of CSM for Observability, the following steps | |- Creating namespace karavi Success | + |- CSI Driver for PowerFlex is installed Success + | |- Copying Secret from vxflexos to karavi Success | - |- Installing CertManager CRDs Success + |- CSI Driver for PowerStore is installed Success | - |- Installing Karavi Observability helm chart Success + |- Copying Secret from powerstore to karavi Success | - |- Waiting for pods in namespace karavi to be ready Success + |- Installing CertManager CRDs Success | - |- Copying Secret from vxflexos to karavi Success + |- Enabling Karavi Authorization for Karavi Observability + | + |--> Copying ConfigMap from vxflexos to karavi Success + | + |--> Copying Karavi Authorization Secrets from vxflexos to karavi Success | - |- Enabling Karavi Authorization for Karavi Observability Success + |- Installing Karavi Observability helm chart Success | |- Waiting for pods in namespace karavi to be ready Success ``` diff --git a/content/docs/observability/troubleshooting/_index.md b/content/docs/observability/troubleshooting/_index.md index 55a7939213..4c094c212d 100644 --- a/content/docs/observability/troubleshooting/_index.md +++ b/content/docs/observability/troubleshooting/_index.md @@ -13,6 +13,7 @@ Description: > 4. [How can I debug and troubleshoot issues with Kubernetes?](#how-can-i-debug-and-troubleshoot-issues-with-kubernetes) 5. [How can I troubleshoot latency problems with CSM for Observability?](#how-can-i-troubleshoot-latency-problems-with-csm-for-observability) 6. [Why does the Observability installation timeout with pods stuck in 'ContainerCreating'/'CrashLoopBackOff'/'Error' stage?](#why-does-the-observability-installation-timeout-with-pods-stuck-in-containercreatingcrashloopbackofferror-stage) +7. [Why do I see FailedMount warnings when describing pods in my cluster?](#why-do-i-see-failedmount-warnings-when-describing-pods-in-my-cluster) ### Why do I see a certificate problem when accessing the topology service outside of my Kubernetes cluster? @@ -233,3 +234,12 @@ error registering secret controller: no matches for kind "MutatingWebhookConfigu ``` If the Kubernetes cluster version is 1.22.2 (or higher), this error is due to an incompatible [cert-manager](https://github.com/jetstack/cert-manager) version. Please upgrade to the latest CSM for Observability release (v1.0.1 or higher). + +### Why do I see FailedMount warnings when describing pods in my cluster? + +The warning can arise when a self-signed certificate for otel-collector is issued. It takes a few minutes or less for the signed certificate to generate and be consumed in the namespace. Once the certificate is consumed, the FailedMount warnings are resolved and the containers start properly. +```console +[root@:~]$ kubectl describe pod -n $namespace $pod +MountVolume.SetUp failed for volume "tls-secret" : secret "otel-collector-tls" not found +Unable to attach or mount volumes: unmounted volumes=[tls-secret], unattached volumes=[vxflexos-config-params vxflexos-config tls-secret karavi-metrics-powerflex-configmap kube-api-access-4fqgl karavi-authorization-config proxy-server-root-certificate]: timed out waiting for the condition +``` \ No newline at end of file From a453180d2e8a3f82c5664749dfd143fff415e5c9 Mon Sep 17 00:00:00 2001 From: sharmilarama <72404078+sharmilarama@users.noreply.github.com> Date: Fri, 4 Feb 2022 14:36:19 -0500 Subject: [PATCH 10/52] add powerstore malka (#134) --- content/docs/observability/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/docs/observability/_index.md b/content/docs/observability/_index.md index 074a8acdb6..3eb2af6d47 100644 --- a/content/docs/observability/_index.md +++ b/content/docs/observability/_index.md @@ -58,7 +58,7 @@ CSM for Observability provides the following capabilities: {{}} | | PowerFlex | PowerStore | |---------------|:-------------------:|:----------------:| -| Storage Array | 3.5.x, 3.6.x | 1.0.x, 2.0.x | +| Storage Array | 3.5.x, 3.6.x | 1.0.x, 2.0.x, 2.1.x | {{
}} ## Supported CSI Drivers From a846779b91f2992a90f5f472d60189fc580cc18d Mon Sep 17 00:00:00 2001 From: Jooseppi Luna Date: Tue, 8 Feb 2022 09:06:47 -0500 Subject: [PATCH 11/52] Add documentation for extended version check in Helm chart (#136) * adding install note * add troubleshooting note --- content/docs/csidriver/installation/helm/powerflex.md | 1 + content/docs/csidriver/troubleshooting/powerflex.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/content/docs/csidriver/installation/helm/powerflex.md b/content/docs/csidriver/installation/helm/powerflex.md index 8964632996..7a9dadc36b 100644 --- a/content/docs/csidriver/installation/helm/powerflex.md +++ b/content/docs/csidriver/installation/helm/powerflex.md @@ -248,6 +248,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller - This install script also runs the `verify.sh` script. You will be prompted to enter the credentials for each of the Kubernetes nodes. The `verify.sh` script needs the credentials to check if SDC has been configured on all nodes. - It is mandatory to run install script after changes to MDM configuration in `vxflexos-config` secret. Refer [dynamic-array-configuration](../../../features/powerflex#dynamic-array-configuration) +- If an extended Kubernetes version is being used (e.g. `v1.21.3-mirantis-1`) and is failing the version check in Helm even though it falls in the allowed range, then you must go into `helm/csi-vxflexos/Chart.yaml` and replace the standard `kubeVersion` check with the commented-out alternative. *Please note* that this will also allow the use of pre-release alpha and beta versions of Kubernetes, which is not supported. - (Optional) Enable additional Mount Options - A user is able to specify additional mount options as needed for the driver. - Mount options are specified in storageclass yaml under _mkfsFormatOption_. diff --git a/content/docs/csidriver/troubleshooting/powerflex.md b/content/docs/csidriver/troubleshooting/powerflex.md index 4e59836ff3..ce0720d18e 100644 --- a/content/docs/csidriver/troubleshooting/powerflex.md +++ b/content/docs/csidriver/troubleshooting/powerflex.md @@ -18,7 +18,7 @@ description: Troubleshooting PowerFlex Driver | The `kubectl logs -n vxflexos vxflexos-controller-* driver` logs show `x509: certificate signed by unknown authority` |A self assigned certificate is used for PowerFlex array. See [certificate validation for PowerFlex Gateway](../../installation/helm/powerflex/#certificate-validation-for-powerflex-gateway-rest-api-calls)| | When you run the command `kubectl apply -f snapclass-v1.yaml`, you get the error `error: unable to recognize "snapclass-v1.yaml": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"` | Check to make sure that the v1 snapshotter CRDs are installed, and not the v1beta1 CRDs, which are no longer supported. | | The controller pod is stuck and producing errors such as" `Failed to watch *v1.VolumeSnapshotContent: failed to list *v1.VolumeSnapshotContent: the server could not find the requested resource (get volumesnapshotcontents.snapshot.storage.k8s.io)` | Make sure that v1 snapshotter CRDs and v1 snapclass are installed, and not v1beta1, which is no longer supported. | - +| Driver install or upgrade fails because of an incompatible Kubernetes version, even though the version seems to be within the range of compatibility. For example: `Error: UPGRADE FAILED: chart requires kubeVersion: >= 1.20.0 < 1.23.0 which is incompatible with Kuberneter V1.20.11-mirantis-1` | If you are using an extended Kubernetes version, please see the helm Chart at `helm/csi-vxflexos/Chart.yaml` and use the alternate `kubeVersion` check that is provided in the comments. *Please note* that this is not meant to be used to enable the use of pre-release alpha and beta versions, which is not supported. | >*Note*: `vxflexos-controller-*` is the controller pod that acquires leader lease From 1431df4b13e6c2ce5c0ea6ff7934e7850cc1224e Mon Sep 17 00:00:00 2001 From: shanmydell <82038610+shanmydell@users.noreply.github.com> Date: Thu, 10 Feb 2022 11:33:10 +0530 Subject: [PATCH 12/52] PV/PVC metrics feature for PowerMax (#137) --- content/docs/csidriver/features/powermax.md | 4 ++++ content/docs/csidriver/installation/helm/powermax.md | 3 +++ 2 files changed, 7 insertions(+) diff --git a/content/docs/csidriver/features/powermax.md b/content/docs/csidriver/features/powermax.md index 315786176c..8ba6274b70 100644 --- a/content/docs/csidriver/features/powermax.md +++ b/content/docs/csidriver/features/powermax.md @@ -458,3 +458,7 @@ To update the log level dynamically, the user has to edit the ConfigMap `powerma ``` kubectl edit configmap -n powermax powermax-config-params ``` + +## PV/PVC Metrics + +CSI Driver for Dell EMC PowerMax 2.2.0 and above supports volume health monitoring. To enable Volume Health Monitoring from the node side, the alpha feature gate CSIVolumeHealth needs to be enabled. To use this feature, set controller.healthMonitor.enabled and node.healthMonitor.enabled to true. To change the monitor interval, set controller.healthMonitor.volumeHealthMonitorInterval parameter. diff --git a/content/docs/csidriver/installation/helm/powermax.md b/content/docs/csidriver/installation/helm/powermax.md index 8c79c2077b..a72e338f39 100644 --- a/content/docs/csidriver/installation/helm/powermax.md +++ b/content/docs/csidriver/installation/helm/powermax.md @@ -192,11 +192,14 @@ CRDs should be configured during replication prepare stage with repctl as descri | snapshot.enabled | Enable/Disable volume snapshot feature | Yes | true | | snapshot.snapNamePrefix | Defines a string prefix for the names of the Snapshots created | Yes | "snapshot" | | resizer.enabled | Enable/Disable volume expansion feature | Yes | true | +| healthMonitor.enabled | Allows to enable/disable volume health monitor | No | false | +| healthMonitor.volumeHealthMonitorInterval | Interval of monitoring volume health condition | No | 60s | | nodeSelector | Define node selection constraints for pods of controller deployment | No | | | tolerations | Define tolerations for the controller deployment, if required | No | | | **node** | Allows configuration of the node-specific parameters.| - | - | | tolerations | Add tolerations as per requirement | No | - | | nodeSelector | Add node selectors as per requirement | No | - | +| healthMonitor.enabled | Allows to enable/disable volume health monitor | No | false | | **global**| This section refers to configuration options for both CSI PowerMax Driver and Reverse Proxy | - | - | |defaultCredentialsSecret| This secret name refers to:
1. The Unisphere credentials if the driver is installed without proxy or with proxy in Linked mode.
2. The proxy credentials if the driver is installed with proxy in StandAlone mode.
3. The default Unisphere credentials if credentialsSecret is not specified for a management server.| Yes | powermax-creds | | storageArrays| This section refers to the list of arrays managed by the driver and Reverse Proxy in StandAlone mode.| - | - | From c7704ed91cbee62480c1189e01e93ada0af2208d Mon Sep 17 00:00:00 2001 From: shanmydell <82038610+shanmydell@users.noreply.github.com> Date: Thu, 10 Feb 2022 16:16:00 +0530 Subject: [PATCH 13/52] RWOP powermax (#138) --- content/docs/csidriver/_index.md | 2 +- content/docs/csidriver/features/powermax.md | 25 +++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/content/docs/csidriver/_index.md b/content/docs/csidriver/_index.md index 2e6c6424dc..16ad233589 100644 --- a/content/docs/csidriver/_index.md +++ b/content/docs/csidriver/_index.md @@ -39,7 +39,7 @@ The CSI Drivers by Dell EMC implement an interface between [CSI](https://kuberne | Create VolumeSnapshot | yes | yes| yes | yes | yes | | Create Volume from Snapshot | yes | yes| yes | yes | yes | | Delete Snapshot | yes | yes| yes | yes | yes | -| [Access Mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) | RWO
(FC/iSCSI)
RWO/
RWX/
ROX
(Raw block) | RWO
RWO/
RWX/
ROX/
RWOP
(Raw block) | RWO/RWOP
(FC/iSCSI)
RWO/RWX/
RWOP
(RawBlock)
RWO/RWX/ROX/
RWOP
(NFS) | RWO/RWX/ROX/
RWOP | RWO/RWOP
(FC/iSCSI)
RWO/
RWX/
ROX/
RWOP
(RawBlock, NFS) | +| [Access Mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) | RWO/
RWOP(FC/iSCSI)
RWO/
RWX/
ROX/
RWOP(Raw block) | RWO
RWO/
RWX/
ROX/
RWOP
(Raw block) | RWO/RWOP
(FC/iSCSI)
RWO/RWX/
RWOP
(RawBlock)
RWO/RWX/ROX/
RWOP
(NFS) | RWO/RWX/ROX/
RWOP | RWO/RWOP
(FC/iSCSI)
RWO/
RWX/
ROX/
RWOP
(RawBlock, NFS) | | CSI Volume Cloning | yes | yes | yes | yes | yes | | CSI Raw Block Volume | yes | yes | yes | no | yes | | CSI Ephemeral Volume | no | yes | yes | yes | yes | diff --git a/content/docs/csidriver/features/powermax.md b/content/docs/csidriver/features/powermax.md index 8ba6274b70..02543d24b1 100644 --- a/content/docs/csidriver/features/powermax.md +++ b/content/docs/csidriver/features/powermax.md @@ -462,3 +462,28 @@ kubectl edit configmap -n powermax powermax-config-params ## PV/PVC Metrics CSI Driver for Dell EMC PowerMax 2.2.0 and above supports volume health monitoring. To enable Volume Health Monitoring from the node side, the alpha feature gate CSIVolumeHealth needs to be enabled. To use this feature, set controller.healthMonitor.enabled and node.healthMonitor.enabled to true. To change the monitor interval, set controller.healthMonitor.volumeHealthMonitorInterval parameter. + +## Single Pod Access Mode for PersistentVolumes- ReadWriteOncePod (ALPHA FEATURE) + +Use `ReadWriteOncePod(RWOP)` access mode if you want to ensure that only one pod across the whole cluster can read that PVC or write to it. This is only supported for CSI Driver for PowerMax 2.2.0+ and Kubernetes version 1.22+. + +To use this feature, enable the ReadWriteOncePod feature gate for kube-apiserver, kube-scheduler, and kubelet, by setting command line arguments: +`--feature-gates="...,ReadWriteOncePod=true"` + +### Creating a PersistentVolumeClaim +```yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: single-writer-only +spec: + accessModes: + - ReadWriteOncePod # the volume can be mounted as read-write by a single pod across the whole cluster + resources: + requests: + storage: 1Gi +``` + +When this feature is enabled, the existing `ReadWriteOnce(RWO)` access mode restricts volume access to a single node and allows multiple pods on the same node to read from and write to the same volume. + +To migrate existing PersistentVolumes to use `ReadWriteOncePod`, please follow the instruction from [here](https://kubernetes.io/blog/2021/09/13/read-write-once-pod-access-mode-alpha/#migrating-existing-persistentvolumes). \ No newline at end of file From f3827c511b5edc94ccab712116fa87cfb2191414 Mon Sep 17 00:00:00 2001 From: jai kumar <8251914+nb950@users.noreply.github.com> Date: Mon, 14 Feb 2022 07:14:14 -0500 Subject: [PATCH 14/52] Update powerflex.md (#126) --- content/docs/csidriver/features/powerflex.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/content/docs/csidriver/features/powerflex.md b/content/docs/csidriver/features/powerflex.md index 5915eaafb7..0f51077d65 100644 --- a/content/docs/csidriver/features/powerflex.md +++ b/content/docs/csidriver/features/powerflex.md @@ -84,10 +84,9 @@ spec: This feature extends CSI specification to add the capability to create crash-consistent snapshots of a group of volumes. This feature is available as a technical preview. To use this feature, users have to deploy the csi-volumegroupsnapshotter side-car as part of the PowerFlex driver. Once the sidecar has been deployed, users can make snapshots by using yaml files such as this one: ``` -apiVersion: volumegroup.storage.dell.com/v1alpha2 +apiVersion: volumegroup.storage.dell.com/v1 kind: DellCsiVolumeGroupSnapshot metadata: - # Name must be 13 characters or less in length name: "vg-snaprun1" namespace: "helmtest-vxflexos" spec: @@ -103,7 +102,7 @@ spec: # - "pvcName1" # - "pvcName2" ``` -In the metadata section, the name is limited to 13 characters because the snapshotter will append a timestamp to it. Additionally, the pvcLabel field specifies a label that must be present in PVCs that are to be snapshotted. Here is a sample of that portion of a .yaml for a PVC: +The pvcLabel field specifies a label that must be present in PVCs that are to be snapshotted. Here is a sample of that portion of a .yaml for a PVC: ``` metadata: name: pvol0 From ce558ab7b6536d951446c32134c22cd917779f55 Mon Sep 17 00:00:00 2001 From: Sakshi-dell <75004921+Sakshi-dell@users.noreply.github.com> Date: Mon, 14 Feb 2022 17:45:34 +0530 Subject: [PATCH 15/52] PowerScale added doc changes for session based and basic auth support (#127) --- content/docs/csidriver/installation/helm/isilon.md | 1 + content/docs/csidriver/troubleshooting/powerscale.md | 1 + 2 files changed, 2 insertions(+) diff --git a/content/docs/csidriver/installation/helm/isilon.md b/content/docs/csidriver/installation/helm/isilon.md index 783fec1271..69de6acd17 100644 --- a/content/docs/csidriver/installation/helm/isilon.md +++ b/content/docs/csidriver/installation/helm/isilon.md @@ -111,6 +111,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller | ***PLATFORM ATTRIBUTES*** | | | | | endpointPort | Define the HTTPs port number of the PowerScale OneFS API server. If authorization is enabled, endpointPort should be the HTTPS localhost port that the authorization sidecar will listen on. This value acts as a default value for endpointPort, if not specified for a cluster config in secret. | No | 8080 | | skipCertificateValidation | Specify whether the PowerScale OneFS API server's certificate chain and hostname must be verified. This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret. | No | true | + | isiAuthType | Indicates the authentication method to be used. If set to 1 then it follows as session-based authentication else basic authentication | No | 0 | | isiAccessZone | Define the name of the access zone a volume can be created in. If storageclass is missing with AccessZone parameter, then value of isiAccessZone is used for the same. | No | System | | enableQuota | Indicates whether the provisioner should attempt to set (later unset) quota on a newly provisioned volume. This requires SmartQuotas to be enabled.| No | true | | isiPath | Define the base path for the volumes to be created on PowerScale cluster. This value acts as a default value for isiPath, if not specified for a cluster config in secret| No | /ifs/data/csi | diff --git a/content/docs/csidriver/troubleshooting/powerscale.md b/content/docs/csidriver/troubleshooting/powerscale.md index 06ed1754b4..191cc65982 100644 --- a/content/docs/csidriver/troubleshooting/powerscale.md +++ b/content/docs/csidriver/troubleshooting/powerscale.md @@ -16,3 +16,4 @@ Here are some installation failures that might be encountered and how to mitigat | If the hostname is mapped to loopback IP in /etc/hosts file, and pods are created using 1.3.0.1 release, after upgrade to driver version 1.4.0 or later there is a possibility of "localhost" as a stale entry in export | Recommended setup: User should not map a hostname to loopback IP in /etc/hosts file | | CSI Driver installation fails with the error message "error getting FQDN". | Map IP address of host with its FQDN in /etc/hosts file. | | Driver node pod is in "CrashLoopBackOff" as "Node ID" generated is not with proper FQDN. | This might be due to "dnsPolicy" implemented on the driver node pod which may differ with different networks.

This parameter is configurable in both helm and Operator installer and the user can try with different "dnsPolicy" according to the environment.| +| The `kubectl logs isilon-controller-0 -n isilon -c driver` logs shows the driver **Authentication failed. Trying to re-authenticate** when using Session-based authentication | The issue has been resolved from OneFS 9.3 onwards, for OneFS versions prior to 9.3 for session-based authentication either smart connect can be created against a single node of Isilon or CSI Driver can be installed/pointed to a particular node of the Isilon else basic authentication can be used by setting isiAuthType in `values.yaml` to 0 | \ No newline at end of file From 0f2c35c4ed9ad8ca6bb5c95f98b534cc8d6ecbd0 Mon Sep 17 00:00:00 2001 From: coulof <49235405+coulof@users.noreply.github.com> Date: Thu, 17 Feb 2022 14:23:45 +0100 Subject: [PATCH 16/52] Realign tables and make access mode support more clear (#133) --- content/docs/csidriver/_index.md | 62 ++++++++++++++++---------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/content/docs/csidriver/_index.md b/content/docs/csidriver/_index.md index 16ad233589..19d7a28219 100644 --- a/content/docs/csidriver/_index.md +++ b/content/docs/csidriver/_index.md @@ -14,54 +14,54 @@ The CSI Drivers by Dell EMC implement an interface between [CSI](https://kuberne ### Supported Operating Systems/Container Orchestrator Platforms {{}} -| | PowerMax | PowerFlex |   Unity| PowerScale | PowerStore | +| | PowerMax | PowerFlex | Unity | PowerScale | PowerStore | |---------------|:----------------:|:-------------------:|:----------------:|:-----------------:|:----------------:| -| Kubernetes | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | +| Kubernetes | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | 1.21, 1.22, 1.23 | | RHEL | 7.x,8.x | 7.x,8.x | 7.x,8.x | 7.x,8.x | 7.x,8.x | -| Ubuntu | 20.04 | 20.04 | 18.04, 20.04 | 18.04, 20.04 | 20.04 | +| Ubuntu | 20.04 | 20.04 | 18.04, 20.04 | 18.04, 20.04 | 20.04 | | CentOS | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | -| SLES | 15SP3 | 15SP3 | 15SP3 | 15SP3 | 15SP3 | -| Red Hat OpenShift | 4.8, 4.8 EUS, 4.9 | 4.8, 4.8 EUS, 4.9 | 4.8, 4.8 EUS, 4.9 | 4.8, 4.8 EUS, 4.9 | 4.8, 4.8 EUS, 4.9 | -| Mirantis Kubernetes Engine | 3.4.x | 3.4.x | 3.4.x | 3.4.x | 3.4.x | -| Google Anthos | 1.6 | 1.8 | no | 1.9 | 1.9 | -| VMware Tanzu | no | no | NFS | NFS | NFS | -| Rancher Kubernetes Engine | yes | yes | yes | yes | yes | +| SLES | 15SP3 | 15SP3 | 15SP3 | 15SP3 | 15SP3 | +| Red Hat OpenShift | 4.8, 4.8 EUS, 4.9 | 4.8, 4.8 EUS, 4.9 | 4.8, 4.8 EUS, 4.9 | 4.8, 4.8 EUS, 4.9 | 4.8, 4.8 EUS, 4.9 | +| Mirantis Kubernetes Engine | 3.4.x | 3.4.x | 3.4.x | 3.4.x | 3.4.x | +| Google Anthos | 1.6 | 1.8 | no | 1.9 | 1.9 | +| VMware Tanzu | no | no | NFS | NFS | NFS | +| Rancher Kubernetes Engine | yes | yes | yes | yes | yes | {{
}} ### CSI Driver Capabilities {{}} -| Features | PowerMax | PowerFlex |    Unity | PowerScale | PowerStore | -|--------------------------|:--------:|:------------------:|:---------:|:-----------------:|:----------:| -| CSI Specification | v1.5 | v1.5| v1.5 | v1.5 | v1.5 | -| Static Provisioning | yes | yes| yes | yes | yes | -| Dynamic Provisioning | yes | yes| yes | yes | yes | -| Expand Persistent Volume | yes | yes| yes | yes | yes | -| Create VolumeSnapshot | yes | yes| yes | yes | yes | -| Create Volume from Snapshot | yes | yes| yes | yes | yes | -| Delete Snapshot | yes | yes| yes | yes | yes | -| [Access Mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) | RWO/
RWOP(FC/iSCSI)
RWO/
RWX/
ROX/
RWOP(Raw block) | RWO
RWO/
RWX/
ROX/
RWOP
(Raw block) | RWO/RWOP
(FC/iSCSI)
RWO/RWX/
RWOP
(RawBlock)
RWO/RWX/ROX/
RWOP
(NFS) | RWO/RWX/ROX/
RWOP | RWO/RWOP
(FC/iSCSI)
RWO/
RWX/
ROX/
RWOP
(RawBlock, NFS) | -| CSI Volume Cloning | yes | yes | yes | yes | yes | -| CSI Raw Block Volume | yes | yes | yes | no | yes | -| CSI Ephemeral Volume | no | yes | yes | yes | yes | -| Topology | yes | yes | yes | yes | yes | -| Multi-array | yes | yes | yes | yes | yes | -| Volume Health Monitoring | no | yes | yes | yes | yes | +| Features | PowerMax | PowerFlex | Unity | PowerScale | PowerStore | +|--------------------------|:--------:|:---------:|:------:|:----------:|:----------:| +| CSI Specification | v1.5 | v1.5 | v1.5 | v1.5 | v1.5 | +| Static Provisioning | yes | yes | yes | yes | yes | +| Dynamic Provisioning | yes | yes | yes | yes | yes | +| Expand Persistent Volume | yes | yes | yes | yes | yes | +| Create VolumeSnapshot | yes | yes | yes | yes | yes | +| Create Volume from Snapshot | yes | yes | yes | yes | yes | +| Delete Snapshot | yes | yes | yes | yes | yes | +| [Access Mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)| RWO/ROX

RWX (Raw block only) | RWO/ROX/RWOP

RWX (Raw block only) | RWO/ROX/RWOP

RWX (Raw block & NFS only) | RWO/RWX/ROX/RWOP | RWO/ROX/RWOP

RWX (Raw block & NFS only) | +| CSI Volume Cloning | yes | yes | yes | yes | yes | +| CSI Raw Block Volume | yes | yes | yes | no | yes | +| CSI Ephemeral Volume | no | yes | yes | yes | yes | +| Topology | yes | yes | yes | yes | yes | +| Multi-array | yes | yes | yes | yes | yes | +| Volume Health Monitoring | no | yes | yes | yes | yes | {{
}} ### Supported Storage Platforms {{}} -| | PowerMax | PowerFlex |   Unity| PowerScale | PowerStore | -|---------------|:----------------:|:-------------------:|:----------------:|:-----------------:|:----------------:| -| Storage Array |5978.479.479, 5978.669.669, 5978.711.711, Unisphere 9.2| 3.5.x, 3.6.x | 5.0.5, 5.0.6, 5.0.7, 5.1.0 | OneFS 8.1, 8.2, 9.0, 9.1, 9.2, 9.3 | 1.0.x, 2.0.x | +| | PowerMax | PowerFlex | Unity | PowerScale | PowerStore | +|---------------|:-------------------------------------------------------:|:----------------:|:--------------------------:|:----------------------------------:|:----------------:| +| Storage Array |5978.479.479, 5978.669.669, 5978.711.711
Unisphere 9.2| 3.5.x, 3.6.x | 5.0.5, 5.0.6, 5.0.7, 5.1.0 | OneFS 8.1, 8.2, 9.0, 9.1, 9.2, 9.3 | 1.0.x, 2.0.x | {{
}} ### Backend Storage Details {{}} -| Features | PowerMax | PowerFlex |   Unity | PowerScale| PowerStore | +| Features | PowerMax | PowerFlex | Unity | PowerScale | PowerStore | |---------------|:----------------:|:------------------:|:----------------:|:----------------:|:----------------:| | Fibre Channel | yes | N/A | yes | N/A | yes | | iSCSI | yes | N/A | yes | N/A | yes | | NFS | N/A | N/A | yes | yes | yes | | Other | N/A | ScaleIO protocol | N/A | N/A | N/A | -| Supported FS | ext4 / xfs | ext4 / xfs | ext3 / ext4 / xfs / NFS | NFS | ext3 / ext4 / xfs / NFS | -| Thin / Thick provisioning | Thin | Thin | Thin/Thick | N/A | Thin | +| Supported FS | ext4 / xfs | ext4 / xfs | ext3 / ext4 / xfs / NFS | NFS | ext3 / ext4 / xfs / NFS | +| Thin / Thick provisioning | Thin | Thin | Thin/Thick | N/A | Thin | | Platform-specific configurable settings | Service Level selection
iSCSI CHAP | - | Host IO Limit
Tiering Policy
NFS Host IO size
Snapshot Retention duration | Access Zone
NFS version (3 or 4);Configurable Export IPs | iSCSI CHAP | {{
}} From a8180b68cfd2f876683f8bda3575a4d365c406ef Mon Sep 17 00:00:00 2001 From: shaynafinocchiaro <66699024+shaynafinocchiaro@users.noreply.github.com> Date: Fri, 18 Feb 2022 17:00:26 -0500 Subject: [PATCH 17/52] Update CSM Observability Helm Deployment and other Minor Fixes (#142) * refactor helm install steps * add notes about topology and authorization * move prereqs * updates to prometheus docs * link to additional deployment methods --- content/docs/observability/_index.md | 4 +- .../docs/observability/deployment/_index.md | 21 ++--- content/docs/observability/deployment/helm.md | 90 ++++++++----------- .../docs/observability/deployment/offline.md | 20 ++++- .../docs/observability/deployment/online.md | 10 +++ 5 files changed, 77 insertions(+), 68 deletions(-) diff --git a/content/docs/observability/_index.md b/content/docs/observability/_index.md index 3eb2af6d47..7c96d5c737 100644 --- a/content/docs/observability/_index.md +++ b/content/docs/observability/_index.md @@ -14,14 +14,14 @@ Description: > Metrics data is collected and pushed to the [OpenTelemetry Collector](https://github.com/open-telemetry/opentelemetry-collector), so it can be processed, and exported in a format consumable by Prometheus. SSL certificates for TLS between nodes are handled by [cert-manager](https://github.com/jetstack/cert-manager). -CSM for Observability is composed of several services, each living in its own GitHub repository. Contributions can be made to this repository or any of the CSM for Observability repositories listed below. +CSM for Observability is composed of several services, each living in its own GitHub repository, that can be installed following one of the three deployments we support [here](deployment). Contributions can be made to this repository or any of the CSM for Observability repositories listed below. {{}} | Name | Repository | Description | | ---- | --------- | ----------- | | Performance Metrics for PowerFlex | [CSM Metrics for PowerFlex](https://github.com/dell/karavi-metrics-powerflex) | Performance Metrics for PowerFlex captures telemetry data about Kubernetes storage usage and performance obtained through the CSI (Container Storage Interface) Driver for Dell EMC PowerFlex. The metrics service pushes it to the OpenTelemetry Collector, so it can be processed, and exported in a format consumable by Prometheus. Prometheus can then be configured to scrape the OpenTelemetry Collector exporter endpoint to provide metrics so they can be visualized in Grafana. Please visit the repository for more information. | | Performance Metrics for PowerStore | [CSM Metrics for PowerStore](https://github.com/dell/csm-metrics-powerstore) | Performance Metrics for PowerStore captures telemetry data about Kubernetes storage usage and performance obtained through the CSI (Container Storage Interface) Driver for Dell EMC PowerStore. The metrics service pushes it to the OpenTelemetry Collector, so it can be processed, and exported in a format consumable by Prometheus. Prometheus can then be configured to scrape the OpenTelemetry Collector exporter endpoint to provide metrics so they can be visualized in Grafana. Please visit the repository for more information. | -| Volume Topology | [CSM Topology](https://github.com/dell/karavi-topology) | Topology provides Kubernetes administrators with the topology data related to containerized storage that is provisioned by a CSI (Container Storage Interface) Driver for Dell EMC storage products. Please visit the repository for more information. | +| Volume Topology | [CSM Topology](https://github.com/dell/karavi-topology) | Topology provides Kubernetes administrators with the topology data related to containerized storage that is provisioned by a CSI (Container Storage Interface) Driver for Dell EMC storage products. The Topology service is enabled by default as part of the CSM for Observability Helm Chart [values file](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml). Please visit the repository for more information. | {{
}} ## CSM for Observability Capabilities diff --git a/content/docs/observability/deployment/_index.md b/content/docs/observability/deployment/_index.md index b8b9750569..4f4eaf5877 100644 --- a/content/docs/observability/deployment/_index.md +++ b/content/docs/observability/deployment/_index.md @@ -12,25 +12,21 @@ CSM for Observability can be deployed in one of three ways: - [CSM for Observability Installer](./online) - [CSM for Observability Offline Installer](./offline) -## Prerequisites - -- Helm 3.3 -- The deployment of one or more [supported](../#supported-csi-drivers) Dell EMC CSI drivers - ## Post Installation Dependencies The following third-party components are required in the same Kubernetes cluster where CSM for Observability has been deployed: * [Prometheus](#prometheus) * [Grafana](#grafana) +* [Other Deployment Methods](#other-deployment-methods) -These components must be deployed according to the specifications defined below. +There are various ways to deploy these components. We recommend following the Helm deployments according to the specifications defined below. **Tip**: CSM for Observability must be deployed first. Once the module has been deployed, you can proceed to deploying/configuring Prometheus and Grafana. ### Prometheus -The Prometheus service should be running on the same Kubernetes cluster as the CSM for Observability services. As part of the CSM for Observability deployment, the OpenTelemetry Collector gets deployed. The OpenTelemetry Collector is what CSM for Observability pushes metrics so that the metrics can be consumed by Prometheus. This means that Prometheus must be configured to scrape the metrics data from the OpenTelemetry Collector. +The Prometheus service should be running on the same Kubernetes cluster as the CSM for Observability services. As part of the CSM for Observability deployment, the OpenTelemetry Collector gets deployed. CSM for Observability pushes metrics to the OpenTelemetry Collector where the metrics are consumed by Prometheus. Prometheus must be configured to scrape the metrics data from the OpenTelemetry Collector. | Supported Version | Image | Helm Chart | | ----------------- | ----------------------- | ------------------------------------------------------------ | @@ -38,7 +34,7 @@ The Prometheus service should be running on the same Kubernetes cluster as the C **Note**: It is the user's responsibility to provide persistent storage for Prometheus if they want to preserve historical data. -#### Prometheus Deployment +#### Prometheus Helm Deployment Here is a sample minimal configuration for Prometheus. Please note that the configuration below uses insecure skip verify. If you wish to properly configure TLS, you will need to provide a ca_file in the Prometheus configuration. The certificate provided as part of the CSM for Observability deployment should be signed by this same CA. For more information about Prometheus configuration, see [Prometheus configuration](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#configuration). @@ -116,7 +112,7 @@ Here is a sample minimal configuration for Prometheus. Please note that the conf On your terminal, run the command below: ```terminal - helm install prometheus prometheus-community/prometheus -n [CSM_NAMESPACE] --create-namespace -f prometheus-values.yaml + helm install prometheus prometheus-community/prometheus -n [CSM_NAMESPACE] -f prometheus-values.yaml ``` ### Grafana @@ -155,7 +151,7 @@ Settings for the Grafana SimpleJson data source: | With CA Cert | Enabled (If using CA certificate) | -#### Grafana Deployment +#### Grafana Helm Deployment Below are the steps to deploy a new Grafana instance into your Kubernetes cluster: @@ -272,6 +268,11 @@ Below are the steps to deploy a new Grafana instance into your Kubernetes cluste helm install grafana grafana/grafana -n [CSM_NAMESPACE] -f grafana-values.yaml ``` +### Other Deployment Methods + +- [Grafana Labs Operator Deployment](https://grafana.com/docs/grafana-cloud/kubernetes/prometheus/prometheus_operator/) +- [Rancher Monitoring and Alerting Deployment](https://rancher.com/docs/rancher/v2.6/en/monitoring-alerting/) + ## Importing CSM for Observability Dashboards Once Grafana is properly configured, you can import the pre-built observability dashboards. Log into Grafana and click the + icon in the side menu. Then click Import. From here you can upload the JSON files or paste the JSON text directly into the text area. Below are the locations of the dashboards that can be imported: diff --git a/content/docs/observability/deployment/helm.md b/content/docs/observability/deployment/helm.md index 07708c86f7..141ffe94ab 100644 --- a/content/docs/observability/deployment/helm.md +++ b/content/docs/observability/deployment/helm.md @@ -10,60 +10,61 @@ The Container Storage Modules (CSM) for Observability Helm chart bootstraps an O ## Prerequisites -- A [supported](../../../csidriver/#features-and-capabilities) CSI Driver is deployed -- The cert-manager CustomResourceDefinition resources are created. +- Helm 3.3 +- The deployment of one or more [supported](../#supported-csi-drivers) Dell CSI drivers - ```console - $ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.crds.yaml - ``` +## Install the CSM for Observability Helm Chart +**Steps** +1. Create a namespace where you want to install the module `kubectl create namespace karavi` -## Copy the CSI Driver Entities +2. Install cert-manager CRDs `kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.crds.yaml` -Copy the config Secret from the Dell CSI Driver namespace into the namespace where CSM for Observability is deployed. +3. Add the Dell Helm Charts repo `helm repo add dell https://dell.github.io/helm-charts` -### PowerFlex +4. Copy only the deployed CSI driver entities to the Observability namespace + #### PowerFlex -```console -$ kubectl get secret vxflexos-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - -``` + 1. Copy the config Secret from the CSI PowerFlex namespace into the CSM for Observability namespace: -If CSM-Authorization is enabled, perform the following steps. + `kubectl get secret vxflexos-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f -` -Copy the driver configuration parameters ConfigMap into the namespace where CSM for Observability is deployed. + If [CSM for Authorization is enabled](../../../authorization/deployment/#configuring-a-dell-emc-csi-driver-with-csm-for-authorization) for CSI PowerFlex, perform the following steps: -``` -$ kubectl get configmap vxflexos-config-params -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - -``` + 2. Copy the driver configuration parameters ConfigMap from the CSI PowerFlex namespace into the CSM for Observability namespace: + + `kubectl get configmap vxflexos-config-params -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f -` -Create the `karavi-authorization-config` Secret by following step 2 in [Configuring a Dell EMC CSI Driver](../../../authorization/deployment/#configuring-a-dell-emc-csi-driver) but use the [CSM_NAMESPACE]. + 3. Copy the `karavi-authorization-config`, `proxy-server-root-certificate`, `proxy-authz-tokens` Secret from the CSI PowerFlex namespace into the CSM for Observability namespace: -Create the `proxy-server-root-certificate` Secret by following step 3 in [Configuring a Dell EMC CSI Driver](../../../authorization/deployment#configuring-a-dell-emc-csi-driver) but use the [CSM_NAMESPACE]. + `kubectl get secret karavi-authorization-config proxy-server-root-certificate proxy-authz-tokens -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f -` -Generate a token and apply it to the [CSM_NAMESPACE] by following [Generate a Token](../../../authorization/deployment/#generate-a-token). + #### PowerStore -__Note__: The target namespace must exist before executing this command. + 1. Copy the config Secret from the CSI PowerStore namespace into the CSM for Observability namespace: -### PowerStore + `kubectl get secret powerstore-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f -` -```console -$ kubectl get secret powerstore-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - -``` +5. Configure the [parameters](#configuration) and install the CSM for Observability Helm Chart -__Note__: The target namespace must exist before executing this command. + A default values.yaml file is located [here](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml) that can be used for installation. This can be copied into a file named `myvalues.yaml` and either used as is or modified accordingly. -## Add the Repo + __Note:__ + - The default `values.yaml` is configured to deploy the CSM for Observability Topology service on install. + - If CSM for Authorization is enabled for CSI PowerFlex, the `karaviMetricsPowerflex.authorization` parameters must be properly configured in your values file for CSM Observability. -```console -$ helm repo add dell https://dell.github.io/helm-charts -``` - -## Installing the Chart + ```console + $ helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] -f myvalues.yaml + ``` -```console -$ helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] --create-namespace -``` + Alternatively, you can specify each parameter using the '--set key=value[,key=value]' and/or '--set-file key=value[,key=value] arguments to 'helm install'. For example: -The [configuration](#configuration) section below lists all the parameters that can be configured during installation + ```console + $ helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] \ + --set-file karaviTopology.certificateFile= \ + --set-file karaviTopology.privateKeyFile= \ + --set-file otelCollector.certificateFile= \ + --set-file otelCollector.privateKeyFile= + ``` ## Configuration @@ -114,22 +115,3 @@ The following table lists the configurable parameters of the CSM for Observabili | `karaviMetricsPowerstore.zipkin.uri` | URI of a Zipkin instance where tracing data can be forwarded | | | `karaviMetricsPowerstore.zipkin.serviceName` | Service name used for Zipkin tracing data | `metrics-powerstore`| | `karaviMetricsPowerstore.zipkin.probability` | Percentage of trace information to send to Zipkin (Valid range: 0.0 to 1.0) | `0` | - - -Specify each parameter using the '--set key=value[,key=value]' and/or '--set-file key=value[,key=value] arguments to 'helm install'. For example: - -```console -$ helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] --create-namespace \ - --set-file karaviTopology.certificateFile= \ - --set-file karaviTopology.privateKeyFile= \ - --set-file otelCollector.certificateFile= \ - --set-file otelCollector.privateKeyFile= -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example: - -```console -$ helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] --create-namespace -f values.yaml - ``` - -__Note__: You can use the default [values.yaml](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml) \ No newline at end of file diff --git a/content/docs/observability/deployment/offline.md b/content/docs/observability/deployment/offline.md index 22fd1f1e3f..01818b08bc 100644 --- a/content/docs/observability/deployment/offline.md +++ b/content/docs/observability/deployment/offline.md @@ -8,6 +8,11 @@ description: > The following instructions can be followed when a Helm chart will be installed in an environment that does not have an internet connection and will be unable to download the Helm chart and related Docker images. +## Prerequisites + +- Helm 3.3 +- The deployment of one or more [supported](../#supported-csi-drivers) Dell CSI drivers + ### Dependencies Multiple Linux-based systems may be required to create and process an offline bundle for use. @@ -125,7 +130,15 @@ To perform an offline installation of a Helm chart, the following steps should b [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl get secret vxflexos-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - ``` - If CSM-Authorization is enabled, perform the additional steps at [Copy the CSI Driver Entities](../helm/#copy-the-csi-driver-entities) to create the required Secrets and ConfigMap and fill in the authorization parameters in the values.yaml. + If [CSM for Authorization is enabled](../../../authorization/deployment/#configuring-a-dell-emc-csi-driver-with-csm-for-authorization) for CSI PowerFlex, perform the following steps: + + ``` + [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl get configmap vxflexos-config-params -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - + ``` + + ``` + [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl get secret karavi-authorization-config proxy-server-root-certificate proxy-authz-tokens -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - + ``` CSI Driver for PowerStore ``` @@ -134,7 +147,10 @@ To perform an offline installation of a Helm chart, the following steps should b 4. Now that the required images have been made available and the Helm chart's configuration updated with references to the internal registry location, installation can proceed by following the instructions that are documented within the Helm chart's repository. - **Note:** Optionally, you could provide your own [configurations](../helm/#configuration). A sample values.yaml file is located [here](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml). + **Note:** + - Optionally, you could provide your own [configurations](../helm/#configuration). A sample values.yaml file is located [here](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml). + - The default `values.yaml` is configured to deploy the CSM for Observability Topology service on install. + - If CSM for Authorization is enabled for CSI PowerFlex, the `karaviMetricsPowerflex.authorization` parameters must be properly configured. ``` [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# helm install -n install-namespace app-name karavi-observability diff --git a/content/docs/observability/deployment/online.md b/content/docs/observability/deployment/online.md index 294b834627..8c478f8751 100644 --- a/content/docs/observability/deployment/online.md +++ b/content/docs/observability/deployment/online.md @@ -33,6 +33,11 @@ If the Authorization module is enabled for the CSI drivers installed in the same - Verifies the appropriate Secrets and ConfigMap exist in the CSI driver namespace. - Updates the CSM for Observability deployment to use the existing Authorization instance if not already enabled during the initial installation of CSM for Observability. +## Prerequisites + +- Helm 3.3 +- The deployment of one or more [supported](../#supported-csi-drivers) Dell CSI drivers + ## Online Installer The following instructions can be followed to install CSM for Observability in an environment that has an internet connection and is capable of downloading the required Helm chart and Docker images. @@ -92,6 +97,11 @@ To perform an online installation of CSM for Observability, the following steps The following example will install CSM for Observability into the CSM namespace. A sample values.yaml file is located [here](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml). This can be copied into a file named `myvalues.yaml` and modified accordingly for the installer command below. Configuration options are outlined in the [Helm chart deployment section](../helm#configuration). + + __Note:__ + - The default `values.yaml` is configured to deploy the CSM for Observability Topology service on install. + - If CSM for Authorization is enabled for CSI PowerFlex, the `karaviMetricsPowerflex.authorization` parameters must be properly configured in `myvalues.yaml` for CSM Observability. + ``` [user@system /home/user/karavi-observability/installer]# ./karavi-observability-install.sh install --namespace [CSM_NAMESPACE] --values myvalues.yaml --------------------------------------------------------------------------------- From d3ae5775bda5a610b4ffe07847c030a2e7a7f22d Mon Sep 17 00:00:00 2001 From: shanmydell <82038610+shanmydell@users.noreply.github.com> Date: Mon, 21 Feb 2022 13:32:04 +0530 Subject: [PATCH 18/52] Updates for operator changes for powermax (#143) --- config.toml | 6 ++-- .../csidriver/installation/helm/powermax.md | 6 ++-- .../installation/operator/powermax.md | 34 ++++++++++++++++--- content/docs/csidriver/release/powermax.md | 2 ++ 4 files changed, 38 insertions(+), 10 deletions(-) diff --git a/config.toml b/config.toml index 2629cb9574..d9cf38ed7c 100644 --- a/config.toml +++ b/config.toml @@ -172,15 +172,15 @@ enable = false # icon = "fa fa-envelope" # desc = "Discuss development issues around the project" [[params.versions]] - version = "Current(v1.1)" + version = "Current(v1.2)" url = "https://dell.github.io/csm-docs/docs/" [[params.versions]] - version = "v1.0" + version = "v1.1" url = "https://dell.github.io/csm-docs/v1" [[params.versions]] - version = "Previous" + version = "v1.0" url = "https://dell.github.io/csm-docs/v2" [[params.versions]] diff --git a/content/docs/csidriver/installation/helm/powermax.md b/content/docs/csidriver/installation/helm/powermax.md index a72e338f39..6b1d29ec76 100644 --- a/content/docs/csidriver/installation/helm/powermax.md +++ b/content/docs/csidriver/installation/helm/powermax.md @@ -160,7 +160,7 @@ CRDs should be configured during replication prepare stage with repctl as descri **Steps** -1. Run `git clone -b v2.1.0 https://github.com/dell/csi-powermax.git` to clone the git repository. This will include the Helm charts and dell-csi-helm-installer scripts. +1. Run `git clone -b v2.2.0 https://github.com/dell/csi-powermax.git` to clone the git repository. This will include the Helm charts and dell-csi-helm-installer scripts. 2. Ensure that you have created a namespace where you want to install the driver. You can run `kubectl create namespace powermax` to create a new one 3. Edit the `samples/secret/secret.yaml file, point to the correct namespace, and replace the values for the username and password parameters. These values can be obtained using base64 encoding as described in the following example: @@ -253,11 +253,11 @@ Starting with CSI PowerMax v1.7, `dell-csi-helm-installer` will not create any V ### What happens to my existing Volume Snapshot Classes? -*Upgrading from CSI PowerMax v2.0 driver*: +*Upgrading from CSI PowerMax v2.1 driver*: The existing volume snapshot class will be retained. *Upgrading from an older version of the driver*: -It is strongly recommended to upgrade the earlier versions of CSI PowerMax to 1.7 or higher, before upgrading to 2.1. +It is strongly recommended to upgrade the earlier versions of CSI PowerMax to 1.7 or higher, before upgrading to 2.2. ## Sample values file The following sections have useful snippets from `values.yaml` file which provides more information on how to configure the CSI PowerMax driver along with CSI PowerMax ReverseProxy in various modes diff --git a/content/docs/csidriver/installation/operator/powermax.md b/content/docs/csidriver/installation/operator/powermax.md index 0ebcd1ac23..77f934c5d9 100644 --- a/content/docs/csidriver/installation/operator/powermax.md +++ b/content/docs/csidriver/installation/operator/powermax.md @@ -198,8 +198,8 @@ metadata: namespace: test-powermax spec: driver: - # Config version for CSI PowerMax v2.1.0 driver - configVersion: v2.1.0 + # Config version for CSI PowerMax v2.2.0 driver + configVersion: v2.2.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 @@ -208,8 +208,8 @@ spec: dnsPolicy: ClusterFirstWithHostNet forceUpdate: false common: - # Image for CSI PowerMax driver v2.1.0 - image: dellemc/csi-powermax:v2.1.0 + # Image for CSI PowerMax driver v2.2.0 + image: dellemc/csi-powermax:v2.2.0 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. @@ -299,3 +299,29 @@ Note: only present with `dell-csi-helm-installer`. - `Kubelet config dir path` is not yet configurable in case of Operator based driver installation. - Also, snapshotter and resizer sidecars are not optional to choose, it comes default with Driver installation. + +## Volume Health Monitoring +This feature is introduced in CSI Driver for PowerMax version 2.2.0. + +### Operator based installation +Volume Health Monitoring feature is optional and by default this feature is disabled for drivers when installed via operator. + +To enable this feature, add the below block to the driver manifest before installing the driver. This ensures to install external health monitor sidecar. To get the volume health state `value` under controller should be set to true as seen below. To get the volume stats `value` under node should be set to true. + + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + node: + envs: + # X_CSI_ENABLE_VOL_HEALTH_MONITOR: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_ENABLE_VOL_HEALTH_MONITOR + value: "false" +``` \ No newline at end of file diff --git a/content/docs/csidriver/release/powermax.md b/content/docs/csidriver/release/powermax.md index f92842fce9..85005ceb48 100644 --- a/content/docs/csidriver/release/powermax.md +++ b/content/docs/csidriver/release/powermax.md @@ -6,6 +6,8 @@ description: Release notes for PowerMax CSI driver ## Release Notes - CSI PowerMax v2.2.0 ### New Features/Changes +- Added support for new access modes in CSI Spec 1.5. +- Added support for PV/PVC metrics. - Added support for Kubernetes 1.23. ### Fixed Issues From 833f624e72ed12be1f3f94d21f3c9a6d6e98f9d6 Mon Sep 17 00:00:00 2001 From: Randeep Sharma <92301596+randeepsharma@users.noreply.github.com> Date: Mon, 21 Feb 2022 16:13:45 +0530 Subject: [PATCH 19/52] Update doc to reflect v2.2.0 for powerscale (#144) --- content/docs/csidriver/installation/helm/isilon.md | 6 +++--- content/docs/csidriver/release/powerscale.md | 2 ++ content/docs/csidriver/upgradation/drivers/isilon.md | 6 +++--- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/content/docs/csidriver/installation/helm/isilon.md b/content/docs/csidriver/installation/helm/isilon.md index 69de6acd17..9499b5f041 100644 --- a/content/docs/csidriver/installation/helm/isilon.md +++ b/content/docs/csidriver/installation/helm/isilon.md @@ -75,7 +75,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller ## Install the Driver **Steps** -1. Run `git clone -b v2.1.0 https://github.com/dell/csi-powerscale.git` to clone the git repository. +1. Run `git clone -b v2.2.0 https://github.com/dell/csi-powerscale.git` to clone the git repository. 2. Ensure that you have created the namespace where you want to install the driver. You can run `kubectl create namespace isilon` to create a new one. The use of "isilon" as the namespace is just an example. You can choose any name for the namespace. 3. Collect information from the PowerScale Systems like IP address, IsiPath, username, and password. Make a note of the value for these parameters as they must be entered in the *secret.yaml*. 4. Copy *the helm/csi-isilon/values.yaml* into a new location with name say *my-isilon-settings.yaml*, to customize settings for installation. @@ -212,7 +212,7 @@ The CSI driver for Dell EMC PowerScale version 1.5 and later, `dell-csi-helm-ins ### What happens to my existing storage classes? -*Upgrading from CSI PowerScale v2.0 driver* +*Upgrading from CSI PowerScale v2.1 driver* The storage classes created as part of the installation have an annotation - "helm.sh/resource-policy": keep set. This ensures that even after an uninstall or upgrade, the storage classes are not deleted. You can continue using these storage classes if you wish so. *NOTE*: @@ -238,5 +238,5 @@ Starting CSI PowerScale v1.6, `dell-csi-helm-installer` will not create any Volu The existing volume snapshot class will be retained. *Upgrading from an older version of the driver*: -It is strongly recommended to upgrade the earlier versions of CSI PowerScale to 1.6 or higher before upgrading to 2.1. +It is strongly recommended to upgrade the earlier versions of CSI PowerScale to 1.6 or higher before upgrading to 2.2. diff --git a/content/docs/csidriver/release/powerscale.md b/content/docs/csidriver/release/powerscale.md index 794fe343b6..256ab9e3e7 100644 --- a/content/docs/csidriver/release/powerscale.md +++ b/content/docs/csidriver/release/powerscale.md @@ -8,6 +8,8 @@ description: Release notes for PowerScale CSI driver ### New Features/Changes - Added support for Kubernetes 1.23. +- Added support for fsGroup policy. +- Added support for session based authentication along with basic authentication for PowerScale. ### Fixed Issues diff --git a/content/docs/csidriver/upgradation/drivers/isilon.md b/content/docs/csidriver/upgradation/drivers/isilon.md index 228d8123a8..0b7db6180b 100644 --- a/content/docs/csidriver/upgradation/drivers/isilon.md +++ b/content/docs/csidriver/upgradation/drivers/isilon.md @@ -8,12 +8,12 @@ Description: Upgrade PowerScale CSI driver --- You can upgrade the CSI Driver for Dell EMC PowerScale using Helm or Dell CSI Operator. -## Upgrade Driver from version 2.0.0 to 2.1.0 using Helm +## Upgrade Driver from version 2.1.0 to 2.2.0 using Helm **Note:** While upgrading the driver via helm, controllerCount variable in myvalues.yaml can be at most one less than the number of worker nodes. **Steps** -1. Clone the repository using `git clone -b v2.1.0 https://github.com/dell/csi-powerscale.git`, copy the helm/csi-isilon/values.yaml into a new location with a custom name say _my-isilon-settings.yaml_, to customize settings for installation. Edit _my-isilon-settings.yaml_ as per the requirements. +1. Clone the repository using `git clone -b v2.2.0 https://github.com/dell/csi-powerscale.git`, copy the helm/csi-isilon/values.yaml into a new location with a custom name say _my-isilon-settings.yaml_, to customize settings for installation. Edit _my-isilon-settings.yaml_ as per the requirements. 2. Change to directory dell-csi-helm-installer to install the Dell EMC PowerScale `cd dell-csi-helm-installer` 3. Upgrade the CSI Driver for Dell EMC PowerScale version 2.1.0 using following command: @@ -25,7 +25,7 @@ You can upgrade the CSI Driver for Dell EMC PowerScale using Helm or Dell CSI Op 1. While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. 2. Upgrading the Operator does not upgrade the CSI Driver. -To upgrade the driver from version 2.0.0 to 2.1.0: +To upgrade the driver from version 2.1.0 to 2.2.0: 1. Please upgrade the Dell CSI Operator by following [here](./../operator). 2. Once the operator is upgraded, to upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). From 79ad0072082ae352341bbd5a73a2aa4e8d3f506c Mon Sep 17 00:00:00 2001 From: Max Sklyarov Date: Mon, 21 Feb 2022 15:50:17 +0300 Subject: [PATCH 20/52] replication hostAliases documented (#140) --- content/docs/replication/deployment/configmap-secrets.md | 3 ++- content/docs/replication/deployment/installation.md | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/content/docs/replication/deployment/configmap-secrets.md b/content/docs/replication/deployment/configmap-secrets.md index 22e4048c83..677a309e7a 100644 --- a/content/docs/replication/deployment/configmap-secrets.md +++ b/content/docs/replication/deployment/configmap-secrets.md @@ -15,7 +15,8 @@ You need to create secrets (using either of the two methods) in each cluster inv the respective CSM Replication Controllers. >Important: Direct network visibility between clusters required for CSM-Replication to work. -> Cluster-1's API URL has to be pingable from cluster-2 pods and vice versa. +> Cluster-1's API URL has to be pingable from cluster-2 pods and vice versa. If private networks are used and/or DNS is not set up properly - you may need to modify `/etc/hosts` file from within controller's pod. +> This can be achieved by using helm installation method. Refer to the [link](../installation/#using-the-installation-script) >Note: If you are using a single stretched cluster, then you can skip all the following steps diff --git a/content/docs/replication/deployment/installation.md b/content/docs/replication/deployment/installation.md index 8ff0a997b5..43dc7ce3c7 100644 --- a/content/docs/replication/deployment/installation.md +++ b/content/docs/replication/deployment/installation.md @@ -47,6 +47,12 @@ kubectl create ns dell-replication-controller cp ../helm/csm-replication/values.yaml ./myvalues.yaml bash scripts/install.sh --values ./myvalues.yaml ``` +>Note: Current installation method allows you to specify custom `:` entry to be appended to controller's `/etc/hosts` file. It can be useful if controller is being deployed in private environment where DNS is not set up properly, but kubernetes clusters use FQDN as API server's address. +> The feature can be enabled by modifying `values.yaml`. +>``` hostAliases: +> enableHostAliases: true +> hostName: "foo.bar" +> ip: "10.10.10.10" This script will do the following: 1. Install `DellCSIReplicationGroup` CRD in your cluster From e277fe81cca24020d6653fd28a405ecfcb13ca0a Mon Sep 17 00:00:00 2001 From: alikdell <52920355+alikdell@users.noreply.github.com> Date: Mon, 21 Feb 2022 11:25:26 -0500 Subject: [PATCH 21/52] Update Resiliency documentation for pod affinity and kubelet failure (#141) * Update Resilienct documentation for pod affinity and kubelet service failure * PR review changes --- content/docs/resiliency/_index.md | 6 +++--- content/docs/resiliency/deployment.md | 7 +++++-- content/docs/resiliency/usecases.md | 2 ++ 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/content/docs/resiliency/_index.md b/content/docs/resiliency/_index.md index 8345a56c8e..056c7f96d9 100644 --- a/content/docs/resiliency/_index.md +++ b/content/docs/resiliency/_index.md @@ -17,7 +17,7 @@ For more background on the forced deletion of Pods in a StatefulSet, please visi CSM for Resiliency is designed to make Kubernetes Applications, including those that utilize persistent storage, more resilient to various failures. The first component of the Resiliency module is a pod monitor that is specifically designed to protect stateful applications from various failures. It is not a standalone application, but rather is deployed as a _sidecar_ to CSI (Container Storage Interface) drivers, in both the driver's controller pods and the driver's node pods. Deploying CSM for Resiliency as a sidecar allows it to make direct requests to the driver through the Unix domain socket that Kubernetes sidecars use to make CSI requests. -Some of the methods CSM for Resiliency invokes in the driver are standard CSI methods, such as NodeUnpublishVolume, NodeUnstageVolume, and ControllerUnpublishVolume. CSM for Resiliency also uses proprietary calls that are not part of the standard CSI specification. Currently, there is only one, ValidateVolumeHostConnectivity that returns information on whether a host is connected to the storage system and/or whether any I/O activity has happened in the recent past from a list of specified volumes. This allows CSM for Resiliency to make more accurate determinations about the state of the system and its persistent volumes. +Some of the methods CSM for Resiliency invokes in the driver are standard CSI methods, such as NodeUnpublishVolume, NodeUnstageVolume, and ControllerUnpublishVolume. CSM for Resiliency also uses proprietary calls that are not part of the standard CSI specification. Currently, there is only one, ValidateVolumeHostConnectivity that returns information on whether a host is connected to the storage system and/or whether any I/O activity has happened in the recent past from a list of specified volumes. This allows CSM for Resiliency to make more accurate determinations about the state of the system and its persistent volumes. CSM for Resiliency is designed to adhere to pod affinity settings of pods. Accordingly, CSM for Resiliency is adapted to and qualified with each CSI driver it is to be used with. Different storage systems have different nuances and characteristics that CSM for Resiliency must take into account. @@ -28,7 +28,7 @@ CSM for Resiliency provides the following capabilities: {{}} | Capability | PowerScale | Unity | PowerStore | PowerFlex | PowerMax | | - | :-: | :-: | :-: | :-: | :-: | -| Detect pod failures for the following failure types - Node failure, K8S Control Plane Network failure, Array I/O Network failure | no | yes | no | yes | no | +| Detect pod failures for the following failure types - Node failure, K8S Control Plane Network failure, K8S Control Plane failure, Array I/O Network failure | no | yes | no | yes | no | | Cleanup pod artifacts from failed nodes | no | yes | no | yes | no | | Revoke PV access from failed nodes | no | yes | no | yes | no | {{
}} @@ -54,7 +54,7 @@ CSM for Resiliency provides the following capabilities: ## Supported CSI Drivers -CSM for Authorization supports the following CSI drivers and versions. +CSM for Resiliency supports the following CSI drivers and versions. {{}} | Storage Array | CSI Driver | Supported Versions | | ------------- | ---------- | ------------------ | diff --git a/content/docs/resiliency/deployment.md b/content/docs/resiliency/deployment.md index 3710f604a1..34fd8c6bbd 100644 --- a/content/docs/resiliency/deployment.md +++ b/content/docs/resiliency/deployment.md @@ -29,6 +29,7 @@ podmon: - "--csisock=unix:/var/run/csi/csi.sock" - "--labelvalue=csi-vxflexos" - "--mode=controller" + - "--skipArrayConnectionValidation=false" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" node: args: @@ -55,7 +56,7 @@ To install CSM for Resiliency with the driver, the following changes are require | mode | Required | Must be set to "controller" for controller-podmon and "node" for node-podmon. | controller & node | | csisock | Required | This should be left as set in the helm template for the driver. For controller:
`-csisock=unix:/var/run/csi/csi.sock`
For node it will vary depending on the driver's identity:
`-csisock=unix:/var/lib/kubelet/plugins`
`/vxflexos.emc.dell.com/csi_sock` | controller & node | | leaderelection | Required | Boolean value that should be set true for controller and false for node. The default value is true. | controller & node | -| skipArrayConnectionValidation | Optional | Boolean value that if set to true will cause controllerPodCleanup to skip the validation that no I/O is ongoing before cleaning up the pod. | controller | +| skipArrayConnectionValidation | Optional | Boolean value that if set to true will cause controllerPodCleanup to skip the validation that no I/O is ongoing before cleaning up the pod. If set to true will cause controllerPodCleanup on K8S Control Plane failure (kubelet service down). | controller | | labelKey | Optional | String value that sets the label key used to denote pods to be monitored by CSM for Resiliency. It will make life easier if this key is the same for all driver types, and drivers are differentiated by different labelValues (see below). If the label keys are the same across all drivers you can do `kubectl get pods -A -l labelKey` to find all the CSM for Resiliency protected pods. labelKey defaults to "podmon.dellemc.com/driver". | controller & node | | labelValue | Required | String that sets the value that denotes pods to be monitored by CSM for Resiliency. This must be specific for each driver. Defaults to "csi-vxflexos" for CSI Driver for Dell EMC PowerFlex and "csi-unity" for CSI Driver for Dell EMC Unity | controller & node | | arrayConnectivityPollRate | Optional | The minimum polling rate in seconds to determine if the array has connectivity to a node. Should not be set to less than 5 seconds. See the specific section for each array type for additional guidance. | controller | @@ -79,6 +80,7 @@ podmon: - "-mode=controller" - "-arrayConnectivityPollRate=5" - "-arrayConnectivityConnectionLossThreshold=3" + - "--skipArrayConnectionValidation=false" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" node: args: @@ -104,6 +106,7 @@ podmon: - "-labelvalue=csi-unity" - "-driverPath=csi-unity.dellemc.com" - "-mode=controller" + - "--skipArrayConnectionValidation=false" - "--driver-config-params=/unity-config/driver-config-params.yaml" node: args: @@ -135,7 +138,7 @@ This is a list of parameters that can be adjusted for CSM for Resiliency: | PODMON_NODE_LOG_LEVEL | String | "debug" |Logging level for the node podmon sidecar. Standard values: 'info', 'error', 'warning', 'debug', 'trace' | | PODMON_ARRAY_CONNECTIVITY_POLL_RATE | Integer (>0) | 15 |An interval in seconds to poll the underlying array | | PODMON_ARRAY_CONNECTIVITY_CONNECTION_LOSS_THRESHOLD | Integer (>0) | 3 |A value representing the number of failed connection poll intervals before marking the array connectivity as lost | -| PODMON_SKIP_ARRAY_CONNECTION_VALIDATION | Boolean | false |Flag to disable the array connectivity check | +| PODMON_SKIP_ARRAY_CONNECTION_VALIDATION | Boolean | false |Flag to disable the array connectivity check, set to true for NoSchedule or NoExecute taint due to K8S Control Plane failure (kubelet failure) | Here is an example of the parameters: diff --git a/content/docs/resiliency/usecases.md b/content/docs/resiliency/usecases.md index bacefca590..daac595325 100644 --- a/content/docs/resiliency/usecases.md +++ b/content/docs/resiliency/usecases.md @@ -36,3 +36,5 @@ CSM for Resiliency's design is focused on detecting the following types of hardw 2. K8S Control Plane Network Failure. Control Plane Network Failure often has the same K8S failure signature (the node is tainted with NoSchedule or NoExecute). However, if there is a separate Array I/O interface, CSM for Resiliency can often detect that the Array I/O Network may be active even though the Control Plane Network is down. 3. Array I/O Network failure is detected by polling the array to determine if the array has a healthy connection to the node. The capabilities to do this vary greatly by array and communication protocol type (Fibre Channel, iSCSI, NFS, NVMe, or PowerFlex SDC IP protocol). By monitoring the Array I/O Network separately from the Control Plane Network, CSM for Resiliency has two different indicators of whether the node is healthy or not. + +4. K8S Control Plane Failure. Control Plane Failure is defined as failure of kubelet in a given node. K8S Control Plane failures are generally discovered by receipt of a Node event with a NoSchedule or NoExecute taint, or detection of such a taint when retrieving the Node via the K8S API. From ebebe91cc58cfa466f3c99fe1dff75ec933a7859 Mon Sep 17 00:00:00 2001 From: shanmydell <82038610+shanmydell@users.noreply.github.com> Date: Tue, 22 Feb 2022 18:45:26 +0530 Subject: [PATCH 22/52] adding application prefix details (#148) --- .../docs/csidriver/installation/test/powermax.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/content/docs/csidriver/installation/test/powermax.md b/content/docs/csidriver/installation/test/powermax.md index 916c07d51b..9f942be999 100644 --- a/content/docs/csidriver/installation/test/powermax.md +++ b/content/docs/csidriver/installation/test/powermax.md @@ -70,3 +70,16 @@ Use this procedure to perform a volume expansion test. - Writes some data to the PVC - After that, it calculates the checksum of the written data, expands the PVC, and then recalculates the checksum - Cleans up all the resources that were created as part of the test + +### Setting Application Prefix + +Application prefix is the name of the application that can be used to group the PowerMax volumes. We can use it while naming storage group. To set the application prefix for PowerMax, please refer to the sample storage class https://github.com/dell/csi-powermax/blob/main/samples/storageclass/powermax.yaml. + +```yaml +# Name of application to be used to group volumes + # This is used in naming storage group + # Optional: true, Default value: None + # Examples: APP, app, sanity, tests + ApplicationPrefix: +``` +>Note: Supported length of storage group for PowerMax is 64 characters. Storage group name is of the format "csi-`clusterprefix`-`application prefix`-`SLO name`-`SRP name`-SG". Based on the other inputs like clusterprefix,SLO name and SRP name maximum length of the ApplicationPrefix can vary. \ No newline at end of file From daf7a3d634edeeaf864d07cd13a26d4103ad7e36 Mon Sep 17 00:00:00 2001 From: coulof <49235405+coulof@users.noreply.github.com> Date: Wed, 23 Feb 2022 08:19:38 +0100 Subject: [PATCH 23/52] Fix path to csi-unity/samples & align table (#145) --- .../docs/csidriver/installation/helm/unity.md | 23 ++++++++----------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/content/docs/csidriver/installation/helm/unity.md b/content/docs/csidriver/installation/helm/unity.md index 1c7c5122fc..41e1ed3939 100644 --- a/content/docs/csidriver/installation/helm/unity.md +++ b/content/docs/csidriver/installation/helm/unity.md @@ -118,19 +118,19 @@ Procedure maxUnityVolumesPerNode: 0 ``` -4. For certificate validation of Unisphere REST API calls refer [here](#certificate-validation-for-unisphere-rest-api-calls). Otherwise, create an empty secret with file `helm/emptysecret.yaml` file by running the `kubectl create -f helm/emptysecret.yaml` command. +4. For certificate validation of Unisphere REST API calls refer [here](#certificate-validation-for-unisphere-rest-api-calls). Otherwise, create an empty secret with file `csi-unity/samples/secret/emptysecret.yaml` file by running the `kubectl create -f csi-unity/samples/secret/emptysecret.yaml` command. 5. Prepare the `secret.yaml` for driver configuration. The following table lists driver configuration parameters for multiple storage arrays. - | Parameter | Description | Required | Default | - | --------- | ----------- | -------- |-------- | - | storageArrayList.username | Username for accessing Unity system | true | - | - | storageArrayList.password | Password for accessing Unity system | true | - | - | storageArrayList.endpoint | REST API gateway HTTPS endpoint Unity system| true | - | - | storageArrayList.arrayId | ArrayID for Unity system | true | - | + | Parameter | Description | Required | Default | + | ------------------------- | ----------------------------------- | -------- |-------- | + | storageArrayList.username | Username for accessing Unity system | true | - | + | storageArrayList.password | Password for accessing Unity system | true | - | + | storageArrayList.endpoint | REST API gateway HTTPS endpoint Unity system| true | - | + | storageArrayList.arrayId | ArrayID for Unity system | true | - | | storageArrayList.skipCertificateValidation | "skipCertificateValidation " determines if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate. | true | true | - | storageArrayList.isDefault | An array having isDefault=true or isDefaultArray=true will be considered as the default array when arrayId is not specified in the storage class. This parameter should occur only once in the list. | false | false | + | storageArrayList.isDefault| An array having isDefault=true or isDefaultArray=true will be considered as the default array when arrayId is not specified in the storage class. This parameter should occur only once in the list. | false | false | Example: secret.yaml @@ -206,11 +206,6 @@ Procedure Use [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/deploy/kubernetes/snapshot-controller) for the installation. - **Note**: - - The manifests available on GitHub install the snapshotter image: - - [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) - - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. - #### Installation example You can install CRDs and default snapshot controller by running following commands: @@ -360,7 +355,7 @@ Upgrading from an older version of the driver: The storage classes will be delet >Note: If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. **Steps to create storage class:** -There are samples storage class yaml files available under `helm/samples/storageclass`. These can be copied and modified as needed. +There are samples storage class yaml files available under `csi-unity/samples/storageclass`. These can be copied and modified as needed. 1. Pick any of `unity-fc.yaml`, `unity-iscsi.yaml` or `unity-nfs.yaml` 2. Copy the file as `unity--fc.yaml`, `unity--iscsi.yaml` or `unity--nfs.yaml` From 6145d64956d31254a95b347fa1d617564a868828 Mon Sep 17 00:00:00 2001 From: coulof <49235405+coulof@users.noreply.github.com> Date: Wed, 23 Feb 2022 13:48:48 +0100 Subject: [PATCH 24/52] Fix typos, broken link & better prometheus conf (#132) --- content/docs/FAQ/_index.md | 6 ++-- content/docs/authorization/_index.md | 7 ++-- content/docs/csidriver/features/powerflex.md | 6 ++-- .../docs/observability/deployment/_index.md | 24 ++++++------- content/docs/resiliency/_index.md | 35 ++++++++++--------- 5 files changed, 40 insertions(+), 38 deletions(-) diff --git a/content/docs/FAQ/_index.md b/content/docs/FAQ/_index.md index b1b0768381..c0b9758624 100644 --- a/content/docs/FAQ/_index.md +++ b/content/docs/FAQ/_index.md @@ -9,7 +9,7 @@ weight: 2 - [Where do I start with Dell Container Storage Modules (CSM)?](#where-do-i-start-with-dell-container-storage-modules-csm) - [Is the Container Storage Module XYZ available for my array?](#is-the-container-storage-module-xyz-available-for-my-array) - [What are the prerequisites for deploying Container Storage Modules?](#what-are-the-prerequisites-for-deploying-container-storage-modules) -- [How do I uninstall or disable a Container Storage Module?](#how-do-i-uninstall-or-a-disable-a-module) +- [How do I uninstall or disable a module?](#how-do-i-uninstall-or-disable-a-module) - [How do I troubleshoot Container Storage Modules?](#how-do-i-troubleshoot-container-storage-modules) - [Can I use the CSM functionality like Prometheus collection or Authorization quotas for my non-Kubernetes storage clients?](#can-i-use-the-csm-functionality-like-prometheus-collection-or-authorization-quotas-for-my-non-kubernetes-storage-clients) - [Should I install the module in the same namespace as the driver or another?](#should-i-install-the-module-in-the-same-namespace-as-the-driver-or-another) @@ -49,7 +49,7 @@ Prerequisites can be found on the respective module deployment pages: Prerequisites for deploying the Dell EMC CSI drivers can be found here: - [Dell EMC CSI Drivers Deployment](../csidriver/installation/) -### How do I uninstall or a disable a module? +### How do I uninstall or disable a module? - [Dell EMC Container Storage Module for Authorization](../authorization/uninstallation/) - [Dell EMC Container Storage Module for Observability](../observability/uninstall/) - [Dell EMC Container Storage Module for Resiliency](../resiliency/uninstallation/) @@ -108,4 +108,4 @@ Yes! All Container Storage Modules are released as open-source projects under Apache-2.0 License. You are free to contribute directly following the [contribution guidelines](https://github.com/dell/csm/blob/main/docs/CONTRIBUTING.md), fork the projects, modify them, and of course share feedback or open tickets ;-) ### What is coming next? -This is just the beginning of the journey for Dell Container Storage Modules, and there is a full roadmap with more to come, which you can check under the [GithHub Milestones](https://github.com/dell/csm/milestones) page. +This is just the beginning of the journey for Dell Container Storage Modules, and there is a full roadmap with more to come, which you can check under the [GitHub Milestones](https://github.com/dell/csm/milestones) page. diff --git a/content/docs/authorization/_index.md b/content/docs/authorization/_index.md index 52defa1dfa..7091ff0224 100644 --- a/content/docs/authorization/_index.md +++ b/content/docs/authorization/_index.md @@ -27,7 +27,7 @@ The following diagram shows a high-level overview of CSM for Authorization with | Ability to shield storage credentials from Kubernetes administrators ensuring credentials are only handled by storage admins | Yes | Yes | Yes | No | No | {{
}} -__NOTE:__ PowerScale OneFS implements its own form of Role-Based Access Control (RBAC). CSM for Authorization does not enforce any role-based restrictions for PowerScale. To configure RBAC for PowerScale, refer to the PowerScale OneFS [documentation](https://www.dell.com/support/home/en-us/product-support/product/isilon-onefs/docs). +**NOTE:** PowerScale OneFS implements its own form of Role-Based Access Control (RBAC). CSM for Authorization does not enforce any role-based restrictions for PowerScale. To configure RBAC for PowerScale, refer to the PowerScale OneFS [documentation](https://www.dell.com/support/home/en-us/product-support/product/isilon-onefs/docs). ## Supported Operating Systems/Container Orchestrator Platforms {{}} @@ -58,6 +58,9 @@ CSM for Authorization supports the following CSI drivers and versions. | CSI Driver for Dell EMC PowerScale | [csi-powerscale](https://github.com/dell/csi-powerscale) | v2.0,v2.1 | {{
}} +**NOTE:** If the deployed CSI driver has a number of controller pods equal to the number of schedulable nodes in your cluster, CSM for Authorization may not be able to inject properly into the driver's controller pod. +To resolve this, please refer to our [troubleshooting guide](./troubleshooting) on the topic. + ## Authorization Components Support Matrix CSM for Authorization consists of 2 components - the Authorization sidecar and the Authorization proxy server. It is important that the version of the Authorization sidecar image maps to a supported version of the Authorization proxy server. @@ -96,4 +99,4 @@ Tenants of CSM for Authorization can use the token provided by the Storage Admin 4) Tenant Admin inputs the Token into their Kubernetes cluster as a Secret. 5) Tenant Admin updates CSI driver with CSM Authorization sidecar module. -![CSM for Authorization Workflow](./design2.png "CSM for Authorization Workflow") \ No newline at end of file +![CSM for Authorization Workflow](./design2.png "CSM for Authorization Workflow") diff --git a/content/docs/csidriver/features/powerflex.md b/content/docs/csidriver/features/powerflex.md index 0f51077d65..9a8a8db3c1 100644 --- a/content/docs/csidriver/features/powerflex.md +++ b/content/docs/csidriver/features/powerflex.md @@ -93,9 +93,9 @@ spec: # Add fields here driverName: "csi-vxflexos.dellemc.com" # defines how to process VolumeSnapshot members when volume group snapshot is deleted - # "retain" - keep VolumeSnapshot instances - # "delete" - delete VolumeSnapshot instances - memberReclaimPolicy: "retain" + # "Retain" - keep VolumeSnapshot instances + # "Delete" - delete VolumeSnapshot instances + memberReclaimPolicy: "Retain" volumesnapshotclass: "vxflexos-snapclass" pvcLabel: "vgs-snap-label" # pvcList: diff --git a/content/docs/observability/deployment/_index.md b/content/docs/observability/deployment/_index.md index 4f4eaf5877..f3d484c384 100644 --- a/content/docs/observability/deployment/_index.md +++ b/content/docs/observability/deployment/_index.md @@ -57,24 +57,22 @@ Here is a sample minimal configuration for Prometheus. Please note that the conf enabled: true image: repository: quay.io/prometheus/prometheus - tag: v2.22.0 + tag: v2.23.0 pullPolicy: IfNotPresent persistentVolume: enabled: false service: type: NodePort servicePort: 9090 - serverFiles: - prometheus.yml: - scrape_configs: - - job_name: 'karavi-metrics-powerflex' - scrape_interval: 5s - scheme: https - static_configs: - - targets: ['otel-collector:8443'] - tls_config: - insecure_skip_verify: true - ``` + extraScrapeConfigs: | + - job_name: 'karavi-metrics-powerflex' + scrape_interval: 5s + scheme: https + static_configs: + - targets: ['otel-collector:8443'] + tls_config: + insecure_skip_verify: true + ``` 2. If using Rancher, create a ServiceMonitor. @@ -187,7 +185,7 @@ Below are the steps to deploy a new Grafana instance into your Kubernetes cluste 2. Create a values file. - Create a Config file named `grafana-configmap.yaml` The file should look like this: + Create a Config file named `grafana-values.yaml` The file should look like this: ```yaml # grafana-values.yaml diff --git a/content/docs/resiliency/_index.md b/content/docs/resiliency/_index.md index 056c7f96d9..09ae138961 100644 --- a/content/docs/resiliency/_index.md +++ b/content/docs/resiliency/_index.md @@ -10,7 +10,8 @@ Description: > User applications can have problems if you want their Pods to be resilient to node failure. This is especially true of those deployed with StatefulSets that use PersistentVolumeClaims. Kubernetes guarantees that there will never be two copies of the same StatefulSet Pod running at the same time and accessing storage. Therefore, it does not clean up StatefulSet Pods if the node executing them fails. -For the complete discussion and rationale, go to https://github.com/kubernetes/community and search for the pod-safety.md file (path: contributors/design-proposals/storage/pod-safety.md). +For the complete discussion and rationale, you can read the [pod-safety design proposal](https://github.com/kubernetes/design-proposals-archive/blob/main/storage/pod-safety.md). + For more background on the forced deletion of Pods in a StatefulSet, please visit [Force Delete StatefulSet Pods](https://kubernetes.io/docs/tasks/run-application/force-delete-stateful-set-pod/#:~:text=In%20normal%20operation%20of%20a,1%20are%20alive%20and%20ready). ## CSM for Resiliency High-Level Description @@ -26,29 +27,29 @@ Accordingly, CSM for Resiliency is adapted to and qualified with each CSI driver CSM for Resiliency provides the following capabilities: {{}} -| Capability | PowerScale | Unity | PowerStore | PowerFlex | PowerMax | -| - | :-: | :-: | :-: | :-: | :-: | -| Detect pod failures for the following failure types - Node failure, K8S Control Plane Network failure, K8S Control Plane failure, Array I/O Network failure | no | yes | no | yes | no | -| Cleanup pod artifacts from failed nodes | no | yes | no | yes | no | -| Revoke PV access from failed nodes | no | yes | no | yes | no | +| Capability | PowerScale | Unity | PowerStore | PowerFlex | PowerMax | +| --------------------------------------- | :--------: | :---: | :--------: | :-------: | :------: | +| Detect pod failures when: Node failure, K8S Control Plane Network failure, K8S Control Plane failure, Array I/O Network failure | no | yes | no | yes | no | +| Cleanup pod artifacts from failed nodes | no | yes | no | yes | no | +| Revoke PV access from failed nodes | no | yes | no | yes | no | {{
}} ## Supported Operating Systems/Container Orchestrator Platforms {{}} -| COP/OS | Supported Versions | -|-|-| -| Kubernetes | 1.21, 1.22, 1.23 | -| Red Hat OpenShift | 4.8, 4.9 | -| RHEL | 7.x, 8.x | -| CentOS | 7.8, 7.9 | +| COP/OS | Supported Versions | +| ---------- | :----------------: | +| Kubernetes | 1.21, 1.22, 1.23 | +| Red Hat OpenShift | 4.8, 4.9 | +| RHEL | 7.x, 8.x | +| CentOS | 7.8, 7.9 | {{
}} ## Supported Storage Platforms {{}} -| | PowerFlex | Unity | -|---------------|:-------------------:|:----------------:| +| | PowerFlex | Unity | +| ------------- | :----------: | :------------------------: | | Storage Array | 3.5.x, 3.6.x | 5.0.5, 5.0.6, 5.0.7, 5.1.0 | {{
}} @@ -56,10 +57,10 @@ CSM for Resiliency provides the following capabilities: CSM for Resiliency supports the following CSI drivers and versions. {{}} -| Storage Array | CSI Driver | Supported Versions | -| ------------- | ---------- | ------------------ | +| Storage Array | CSI Driver | Supported Versions | +| --------------------------------- | :----------: | :----------------: | | CSI Driver for Dell EMC PowerFlex | [csi-powerflex](https://github.com/dell/csi-powerflex) | v2.0,v2.1 | -| CSI Driver for Dell EMC Unity | [csi-unity](https://github.com/dell/csi-unity) | v2.0,v2.1 | +| CSI Driver for Dell EMC Unity | [csi-unity](https://github.com/dell/csi-unity) | v2.0,v2.1 | {{
}} ### PowerFlex Support From 06e7090117b7bc5584ebf838d5e984da75738957 Mon Sep 17 00:00:00 2001 From: shaynafinocchiaro <66699024+shaynafinocchiaro@users.noreply.github.com> Date: Wed, 23 Feb 2022 08:43:22 -0500 Subject: [PATCH 25/52] Update Authorization Proxy Server Deployment Steps (#146) * clarify proxy server steps * fix json syntax, comply with RFC naming guidelines, add insecure deployment * address comments * remove vi command --- .../docs/authorization/deployment/_index.md | 51 +++++++++++-------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/content/docs/authorization/deployment/_index.md b/content/docs/authorization/deployment/_index.md index 0b4ed5a67d..8593f4ced8 100644 --- a/content/docs/authorization/deployment/_index.md +++ b/content/docs/authorization/deployment/_index.md @@ -27,20 +27,20 @@ The CSM for Authorization proxy server is installed using a single binary instal The easiest way to obtain the single binary installer RPM is directly from the [GitHub repository's releases](https://github.com/dell/karavi-authorization/releases) section. -The single binary installer can also be built from source by cloning the [GitHub repository](https://github.com/dell/karavi-authorization) and using the following Makefile targets to build the installer: +Alternatively, the single binary installer can be built from source by cloning the [GitHub repository](https://github.com/dell/karavi-authorization) and using the following Makefile targets to build the installer: ``` make dist build-installer rpm ``` -The `build-installer` step creates a binary at `bin/deploy` and embeds all components required for installation. The `rpm` step generates an RPM package and stores it at `deploy/rpm/x86_64/`. +The `build-installer` step creates a binary at `karavi-authorization/bin/deploy` and embeds all components required for installation. The `rpm` step generates an RPM package and stores it at `karavi-authorization/deploy/rpm/x86_64/`. This allows CSM for Authorization to be installed in network-restricted environments. A Storage Administrator can execute the installer or rpm package as a root user or via `sudo`. ### Installing the RPM -1. Before installing the rpm, some network and security configuration inputs need to be provided in json format. The json file should be created in the location `$HOME/.karavi/config.json` having the following contents: +1. Before installing the rpm, some network and security configuration inputs need to be provided in json format. The json file should be created in the location `$HOME/.karavi/config.json` having the following contents: ```json { @@ -51,7 +51,7 @@ A Storage Administrator can execute the installer or rpm package as a root user "host": ":8080" }, "zipkin": { - "collectoruri": "http://DNS_host_name:9411/api/v2/spans", + "collectoruri": "http://DNS-hostname:9411/api/v2/spans", "probability": 1 }, "certificate": { @@ -59,30 +59,36 @@ A Storage Administrator can execute the installer or rpm package as a root user "crtFile": "path_to_host_cert_file", "rootCertificate": "path_to_root_CA_file" }, - "hostName": "DNS_host_name" + "hostname": "DNS-hostname" } ``` - In the above template, `DNS_host_name` refers to the hostname of the system in which the CSM for Authorization server will be installed. This hostname can be found by running the below command on the system: + In an instance where a secure deployment is not required, an insecure deployment is possible. Please note that self-signed certificates will be created for you using cert-manager to allow TLS encryption for communication on the CSM for Authorization proxy server. However, this is not recommended for production environments. For an insecure deployment, the json file in the location `$HOME/.karavi/config.json` only requires the following contents: - ``` - nslookup + ```json + { + "hostname": "DNS-hostname" + } ``` -2. In order to configure secure grpc connectivity, an additional subdomain in the format `grpc.DNS_host_name` is also required. All traffic from `grpc.DNS_host_name` needs to be routed to `DNS_host_name` address, this can be configured by adding a new DNS entry for `grpc.DNS_host_name` or providing a temporary path in the `/etc/hosts` file. +>__Note__: +> - `DNS-hostname` refers to the hostname of the system in which the CSM for Authorization server will be installed. This hostname can be found by running `nslookup ` +> - There are a number of ways to create certificates. In a production environment, certificates are usually created and managed by an IT administrator. Otherwise, certificates can be created using OpenSSL. ->__Note__: The certificate provided in `crtFile` should be valid for both the `DNS_host_name` and the `grpc.DNS_host_name` address. +2. In order to configure secure grpc connectivity, an additional subdomain in the format `grpc.DNS-hostname` is also required. All traffic from `grpc.DNS-hostname` needs to be routed to `DNS-hostname` address, this can be configured by adding a new DNS entry for `grpc.DNS-hostname` or providing a temporary path in the systems `/etc/hosts` file. - For example, create the certificate config file with alternate names (to include example.com and grpc.example.com) and then create the .crt file: +>__Note__: The certificate provided in `crtFile` should be valid for both the `DNS-hostname` and the `grpc.DNS-hostname` address. - ``` - CN = example.com - subjectAltName = @alt_names - [alt_names] - DNS.1 = grpc.example.com + For example, create the certificate config file with alternate names (to include DNS-hostname and grpc.DNS-hostname) and then create the .crt file: - openssl x509 -req -in cert_request_file.csr -CA root_CA.pem -CAkey private_key_File.key -CAcreateserial -out example.com.crt -days 365 -sha256 - ``` + ``` + CN = DNS-hostname + subjectAltName = @alt_names + [alt_names] + DNS.1 = grpc.DNS-hostname.com + + $ openssl x509 -req -in cert_request_file.csr -CA root_CA.pem -CAkey private_key_File.key -CAcreateserial -out DNS-hostname.com.crt -days 365 -sha256 + ``` 3. To install the rpm package on the system, run the below command: @@ -101,6 +107,7 @@ The storage administrator must first configure the proxy server with the followi - Bind roles to tenants Run the following commands on the Authorization proxy server: +>__Note__: The `--insecure` flag is only necessary if certificates were not provided in `$HOME/.karavi/config.json`. ```console # Specify any desired name @@ -167,6 +174,10 @@ Run the following commands on the Authorization proxy server: After creating the role bindings, the next logical step is to generate the access token. The storage admin is responsible for generating and sending the token to the Kubernetes tenant admin. +>__Note__: +> - The `--insecure` flag is only necessary if certificates were not provided in `$HOME/.karavi/config.json`. +> - This sample copies the token directly to the Kubernetes cluster master node. The requirement here is that the token must be copied and/or stored in any location accessible to the Kubernetes tenant admin. + ``` echo === Generating token === karavictl generate token --tenant $TenantName --insecure --addr "grpc.${AuthorizationProxyHost}" | jq -r '.Token' > token.yaml @@ -174,8 +185,6 @@ After creating the role bindings, the next logical step is to generate the acces echo === Copy token to Driver Host === sshpass -p $DriverHostPassword scp token.yaml ${DriverHostVMUser}@{DriverHostVMIP}:/tmp/token.yaml ``` - ->__Note__: The sample above copies the token directly to the Kubernetes cluster master node. The requirement here is that the token must be copied and/or stored in any location accessible to the Kubernetes tenant admin. ### Copy the karavictl Binary to the Kubernetes Master Node @@ -314,7 +323,7 @@ Copy the new, encoded data and edit the `karavi-config-secret` with the new data Replace the data in `config.yaml` under the `data` field with your new, encoded data. Save the changes and CSM for Authorization will read the changed secret. ->__Note__: If you are updating the signing secret, the tenants need to be updated with new tokens via the `karavictl generate token` command like so: +>__Note__: If you are updating the signing secret, the tenants need to be updated with new tokens via the `karavictl generate token` command like so. The `--insecure` flag is only necessary if certificates were not provided in `$HOME/.karavi/config.json` `karavictl generate token --tenant $TenantName --insecure --addr "grpc.${AuthorizationProxyHost}" | jq -r '.Token' > kubectl -n $namespace apply -f -` From 039d0cc2bdfbf68f42e431d2c5cbdd74c086597f Mon Sep 17 00:00:00 2001 From: hoppea2 <33433874+hoppea2@users.noreply.github.com> Date: Thu, 24 Feb 2022 13:55:12 -0500 Subject: [PATCH 26/52] Fix csm resiliency version (#155) --- content/docs/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/docs/_index.md b/content/docs/_index.md index 4b5895125c..a819454690 100755 --- a/content/docs/_index.md +++ b/content/docs/_index.md @@ -23,7 +23,7 @@ CSM is made up of multiple components including modules (enterprise capabilities | Authorization | 1.1 | 1.0 | - | - | | Observability | 1.0 | 1.0 | - | - | | Replication | 1.1 | 1.0 | - | - | -| Resiliency | 1.0 | 1.0 | - | - | +| Resiliency | 1.0.1 | 1.0 | - | - | | CSI Driver for PowerScale | v2.1 | v2.0 | v1.6 | v1.5 | | CSI Driver for Unity | v2.1 | v2.0 | v1.6 | v1.5 | | CSI Driver for PowerStore | v2.1 | v2.0 | v1.4 | v1.3 | From 5fe7e108ebea2700f28085c5edb806757fa44867 Mon Sep 17 00:00:00 2001 From: karthikk92 <92289639+karthikk92@users.noreply.github.com> Date: Fri, 25 Feb 2022 12:21:09 +0530 Subject: [PATCH 27/52] Update installation example - Installation helm page of unity XT with supported K8s (#119) --- .../docs/csidriver/installation/helm/unity.md | 50 +++++++++---------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/content/docs/csidriver/installation/helm/unity.md b/content/docs/csidriver/installation/helm/unity.md index 41e1ed3939..0effda6310 100644 --- a/content/docs/csidriver/installation/helm/unity.md +++ b/content/docs/csidriver/installation/helm/unity.md @@ -228,7 +228,7 @@ Procedure A successful installation must display messages that look similar to the following samples: ``` ------------------------------------------------------ - > Installing CSI Driver: csi-unity on 1.20 + > Installing CSI Driver: csi-unity on 1.22 ------------------------------------------------------ ------------------------------------------------------ > Checking to see if CSI Driver is already installed @@ -236,52 +236,52 @@ Procedure ------------------------------------------------------ > Verifying Kubernetes and driver configuration ------------------------------------------------------ - |- Kubernetes Version: 1.20 + |- Kubernetes Version: 1.22 | |- Driver: csi-unity | - |- Verifying Kubernetes versions - | - |--> Verifying minimum Kubernetes version Success - | - |--> Verifying maximum Kubernetes version Success + |- Verifying Kubernetes version | - |- Verifying that required namespaces have been created Success + |--> Verifying minimum Kubernetes version Success | - |- Verifying that required secrets have been created Success + |--> Verifying maximum Kubernetes version Success | - |- Verifying that required secrets have been created Success + |- Verifying that required namespaces have been created Success + | + |- Verifying that required secrets have been created Success + | + |- Verifying that optional secrets have been created Success | |- Verifying alpha snapshot resources - | - |--> Verifying that alpha snapshot CRDs are not installed Success + | + |--> Verifying that alpha snapshot CRDs are not installed Success | |- Verifying sshpass installation.. | |- Verifying iSCSI installation - Enter the root password of 10.**.**.**: + Enter the root password of 10.**.**.**: - Enter the root password of 10.**.**.**: + Enter the root password of 10.**.**.**: Success | |- Verifying snapshot support - | - |--> Verifying that snapshot CRDs are available Success - | - |--> Verifying that the snapshot controller is available Success | - |- Verifying helm version Success + |--> Verifying that snapshot CRDs are available Success + | + |--> Verifying that the snapshot controller is available Success | - |- Verifying helm values version Success + |- Verifying helm version Success + | + |- Verifying helm values version Success ------------------------------------------------------ > Verification Complete - Success ------------------------------------------------------ | - |- Installing Driver Success - | - |--> Waiting for Deployment unity-controller to be ready Success - | - |--> Waiting for DaemonSet unity-node to be ready Success + |- Installing Driver Success + | + |--> Waiting for Deployment unity-controller to be ready Success + | + |--> Waiting for DaemonSet unity-node to be ready Success ------------------------------------------------------ > Operation complete ------------------------------------------------------ From f88ef0a43b3515959f1c4393c634ab23d4ef4440 Mon Sep 17 00:00:00 2001 From: Harish P Date: Fri, 25 Feb 2022 14:06:16 +0530 Subject: [PATCH 28/52] updated document for fsgroup (#156) --- content/docs/csidriver/installation/helm/powerstore.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/docs/csidriver/installation/helm/powerstore.md b/content/docs/csidriver/installation/helm/powerstore.md index 37e9ae55da..3514c04717 100644 --- a/content/docs/csidriver/installation/helm/powerstore.md +++ b/content/docs/csidriver/installation/helm/powerstore.md @@ -171,6 +171,7 @@ CRDs should be configured during replication prepare stage with repctl as descri | node.healthMonitor.enabled | Allows to enable/disable volume health monitor | No | false | | node.nodeSelector | Defines what nodes would be selected for pods of node daemonset | Yes | " " | | node.tolerations | Defines tolerations that would be applied to node daemonset | Yes | " " | +| fsGroupPolicy | Defines which FS Group policy mode to be used, Supported modes `None, File and ReadWriteOnceWithFSType` | No | "ReadWriteOnceWithFSType" | 8. Install the driver using `csi-install.sh` bash script by running `./csi-install.sh --namespace csi-powerstore --values ./my-powerstore-settings.yaml` - After that the driver should be installed, you can check the condition of driver pods by running `kubectl get all -n csi-powerstore` @@ -252,4 +253,4 @@ cd dell-csi-helm-installer ./csi-install.sh --namespace csi-powerstore --values ./my-powerstore-settings.yaml --upgrade ``` -Note: here `my-powerstore-settings.yaml` is a `values.yaml` file which user has used for driver installation. \ No newline at end of file +Note: here `my-powerstore-settings.yaml` is a `values.yaml` file which user has used for driver installation. From c52c15278edd8ecd7dc45f330426e3841fb6de0b Mon Sep 17 00:00:00 2001 From: Andrey Schipilo Date: Fri, 25 Feb 2022 11:39:21 +0300 Subject: [PATCH 29/52] [replication] Added PowerScale replication section (#139) --- .../replication/deployment/installation.md | 4 +- .../docs/replication/deployment/powermax.md | 7 +- .../docs/replication/deployment/powerscale.md | 185 ++++++++++++++++++ .../docs/replication/deployment/powerstore.md | 10 +- .../replication/deployment/storageclasses.md | 3 +- content/docs/replication/disaster-recovery.md | 9 +- .../docs/replication/replication-actions.md | 25 +-- 7 files changed, 212 insertions(+), 31 deletions(-) create mode 100644 content/docs/replication/deployment/powerscale.md diff --git a/content/docs/replication/deployment/installation.md b/content/docs/replication/deployment/installation.md index 43dc7ce3c7..3a30e17f5e 100644 --- a/content/docs/replication/deployment/installation.md +++ b/content/docs/replication/deployment/installation.md @@ -71,9 +71,9 @@ After the installation ConfigMap will consist of only the `logLevel` field, to a The following CSI drivers support replication: 1. CSI driver for PowerMax 2. CSI driver for PowerStore +3. CSI driver for PowerScale -Please follow the steps outlined [here](../powermax) for enabling replication for PowerMax & [here](../powerstore) for PowerStore during -the driver installation. +Please follow the steps outlined in [PowerMax](../powermax), [PowerStore](../powerstore) or [PowerScale](../powerscale) pages during the driver installation. >Note: Please ensure that replication CRDs are installed in the clusters where you are installing the CSI drivers. These CRDs are generally installed as part of the CSM Replication controller installation process. diff --git a/content/docs/replication/deployment/powermax.md b/content/docs/replication/deployment/powermax.md index 34133572fb..07ee1641fa 100644 --- a/content/docs/replication/deployment/powermax.md +++ b/content/docs/replication/deployment/powermax.md @@ -8,7 +8,7 @@ description: Enabling Replication feature for CSI PowerMax Container Storage Modules (CSM) Replication sidecar is a helper container that is installed alongside a CSI driver to facilitate replication functionality. Such CSI drivers must implement `dell-csi-extensions` calls. -CSI driver for Dell EMC PowerMax supports necessary extension calls from `dell-csi-extensions`. To be able to provision replicated volumes you would need to do the steps described in the following sections. +CSI driver for Dell PowerMax supports necessary extension calls from `dell-csi-extensions`. To be able to provision replicated volumes you would need to do the steps described in the following sections. ### Before Installation @@ -84,8 +84,7 @@ You can create them manually or with help from `repctl`. #### Manual Storage Class Creation -You can find sample replication enabled storage class in the driver repository -at `./samples/storageclass/powermax_srdf.yaml`. +You can find sample replication enabled storage class in the driver repository [here](https://github.com/dell/csi-powermax/blob/main/samples/storageclass/powermax_srdf.yaml). It will look like this: ```yaml @@ -197,7 +196,7 @@ your Kubernetes clusters with `kubectl`. (using a single storage class configuration) in one command. To create storage classes with `repctl` you need to fill up the config with necessary information. -You can find an example in `repctl/examples/powermax_example_values.yaml`, copy it, and modify it to your needs. +You can find an example [here](https://github.com/dell/csm-replication/blob/main/repctl/examples/powermax_example_values.yaml), copy it, and modify it to your needs. If you open this example you can see a lot of similar fields and parameters you can modify in the storage class. diff --git a/content/docs/replication/deployment/powerscale.md b/content/docs/replication/deployment/powerscale.md new file mode 100644 index 0000000000..9bf7369dc6 --- /dev/null +++ b/content/docs/replication/deployment/powerscale.md @@ -0,0 +1,185 @@ +--- +title: PowerScale +linktitle: PowerScale +weight: 7 +description: > + Enabling Replication feature for CSI PowerScale +--- +## Enabling Replication in CSI PowerScale + +Container Storage Modules (CSM) Replication sidecar is a helper container that is installed alongside a CSI driver to facilitate replication functionality. Such CSI drivers must implement `dell-csi-extensions` calls. + +CSI driver for Dell PowerScale supports necessary extension calls from `dell-csi-extensions`. To be able to provision replicated volumes you would need to do the steps described in the following sections. + +### Before Installation + +#### On Storage Array +Ensure that SyncIQ service is enabled on both arrays, you can do that by navigating to `SyncIQ` section under `Data protection` tab. + +The current implementation supports one-to-one replication so you need to ensure that one array can reach another and vice versa. + +##### SyncIQ encryption + +If you wish to use `SyncIQ` encryption you should ensure that you've added a server certificate first by navigating to `Data protection->SyncIQ->Settings`. + +After adding the certificate, you can choose to use it by checking `Encrypt SyncIQ connection` from the dropdown. + +After that, you can add similar certificates of other arrays in `SyncIQ-> Certificates`, and ensure you've added the certificate of the array you want to replicate to. + +Similar steps should be done in the reverse direction, so `array-1` has the `array-2` certificate visible in `SyncIQ-> Certificates` tab and `array-2` has the `array-1` certificate visible in its own `SyncIQ->Certificates` tab. + +#### In Kubernetes +Ensure you installed CRDs and replication controller in your clusters. + +To verify you have everything in order you can execute the following commands: + +* Check controller pods + ```shell + kubectl get pods -n dell-replication-controller + ``` + Pods should be `READY` and `RUNNING` +* Check that controller config map is properly populated + ```shell + kubectl get cm -n dell-replication-controller dell-replication-controller-config -o yaml + ``` + `data` field should be properly populated with cluster-id of your choosing and, if using multi-cluster + installation, your `targets:` parameter should be populated by a list of target clusters IDs. + + +If you don't have something installed or something is out-of-place, please refer to installation instructions in [installation-repctl](../install-repctl) or [installation](../installation). + +### Installing Driver With Replication Module + +To install the driver with replication enabled, you need to ensure you have set +helm parameter `controller.replication.enabled` in your copy of example `values.yaml` file +(usually called `my-isilon-settings.yaml`, `myvalues.yaml` etc.). + +Here is an example of what that would look like: +```yaml +... +# controller: configure controller specific parameters +controller: + ... + # replication: allows to configure replication + replication: + enabled: true + image: dellemc/dell-csi-replicator:v1.2.0 + replicationContextPrefix: "powerscale" + replicationPrefix: "replication.storage.dell.com" +... +``` +You can leave other parameters like `image`, `replicationContextPrefix`, and `replicationPrefix` as they are. + +After enabling the replication module, you can continue to install the CSI driver for PowerScale following the usual installation procedure. Just ensure you've added the necessary array connection information to secret. + +##### SyncIQ encryption + +If you plan to use encryption, you need to set `replicationCertificateID` in the array connection secret. To check the ID of the certificate for the cluster, you can navigate to `Data protection->SyncIQ->Settings,` find your certificate in the `Server Certificates` section and then push the `View/Edit` button. It will open a dialog that should contain the `Id` field. Use the value of that field to set `replicationCertificateID`. + +> **_NOTE:_** you need to install your driver on ALL clusters where you want to use replication. Both arrays must be accessible from each cluster. + + +### Creating Storage Classes + +To provision replicated volumes, you need to create adequately configured storage classes on both the source and target clusters. + +A pair of storage classes on the source, and target clusters would be essentially `mirrored` copies of one another. +You can create them manually or with the help of `repctl`. + +#### Manual Storage Class Creation + +You can find a sample replication enabled storage class in the driver repository [here](https://github.com/dell/csi-powerscale/blob/main/samples/storageclass/isilon-replication.yaml). + +It will look like this: +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: isilon-replication +provisioner: csi-isilon.dellemc.com +reclaimPolicy: Delete +allowVolumeExpansion: true +volumeBindingMode: Immediate +parameters: + replication.storage.dell.com/isReplicationEnabled: "true" + replication.storage.dell.com/remoteStorageClassName: "isilon-replication" + replication.storage.dell.com/remoteClusterID: "target" + replication.storage.dell.com/remoteSystem: "cluster-2" + replication.storage.dell.com/rpo: Five_Minutes + replication.storage.dell.com/ignoreNamespaces: "false" + replication.storage.dell.com/volumeGroupPrefix: "csi" + AccessZone: System + IsiPath: /ifs/data/csi + RootClientEnabled: "false" + ClusterName: cluster-1 +``` + +Let's go through each parameter and what it means: +* `replication.storage.dell.com/isReplicationEnabled` if set to `true`, will mark this storage class as replication enabled, + just leave it as `true`. +* `replication.storage.dell.com/remoteStorageClassName` points to the name of the remote storage class. If you are using replication with the multi-cluster configuration you can make it the same as the current storage class name. +* `replication.storage.dell.com/remoteClusterID` represents the ID of a remote cluster. It is the same id you put in the replication controller config map. +* `replication.storage.dell.com/remoteSystem` is the name of the remote system that should match whatever `clusterName` you called it in `isilon-creds` secret. +* `replication.storage.dell.com/rpo` is an acceptable amount of data, which is measured in units of time, that may be lost due to a failure. +* `replication.storage.dell.com/ignoreNamespaces`, if set to `true` PowerScale driver, it will ignore in what namespace volumes are created and put every volume created using this storage class into a single volume group. +* `replication.storage.dell.com/volumeGroupPrefix` represents what string would be appended to the volume group name to differentiate them. +* `Accesszone` is the name of the access zone a volume can be created in +* `IsiPath` is the base path for the volumes to be created on the PowerScale cluster +* `RootClientEnabled` determines whether the driver should enable root squashing or not +* `ClusterName` name of PowerScale cluster, where PV will be provisioned, specified as it was listed in `isilon-creds` secret. + +After figuring out how storage classes would look, you just need to go and apply them to your Kubernetes clusters with `kubectl`. + +#### Storage Class creation with `repctl` + +`repctl` can simplify storage class creation by creating a pair of mirrored storage classes in both clusters +(using a single storage class configuration) in one command. + +To create storage classes with `repctl` you need to fill up the config with necessary information. +You can find an example [here](https://github.com/dell/csm-replication/blob/main/repctl/examples/powerscale_example_values.yaml), copy it, and modify it to your needs. + +If you open this example you can see a lot of similar fields and parameters you can modify in the storage class. + +Let's use the same example from manual installation and see what config would look like: +```yaml +sourceClusterID: "source" +targetClusterID: "target" +name: "isilon-replication" +driver: "isilon" +reclaimPolicy: "Delete" +replicationPrefix: "replication.storage.dell.com" +parameters: + rpo: "Five_Minutes" + ignoreNamespaces: "false" + volumeGroupPrefix: "csi" + accessZone: "System" + isiPath: "/ifs/data/csi" + rootClientEnabled: "false" + clusterName: + source: "cluster-1" + target: "cluster-2" +``` + +After preparing the config, you can apply it to both clusters with `repctl`. Before you do this, ensure you've added your clusters to `repctl` via the `add` command. + +To create storage classes just run `./repctl create sc --from-config ` and storage classes would be applied to both clusters. + +After creating storage classes you can make sure they are in place by using `./repctl list storageclasses` command. + +### Provisioning Replicated Volumes + +After installing the driver and creating storage classes, you are good to create volumes using newly +created storage classes. + +On your source cluster, create a PersistentVolumeClaim using one of the replication-enabled Storage Classes. +The CSI PowerScale driver will create a volume on the array, add it to a VolumeGroup and configure replication +using the parameters provided in the replication enabled Storage Class. + +### Supported Replication Actions +The CSI PowerScale driver supports the following list of replication actions: +- FAILOVER_REMOTE +- UNPLANNED_FAILOVER_LOCAL +- REPROTECT_LOCAL +- SUSPEND +- RESUME +- SYNC diff --git a/content/docs/replication/deployment/powerstore.md b/content/docs/replication/deployment/powerstore.md index 5541b01e88..1a65c8457a 100644 --- a/content/docs/replication/deployment/powerstore.md +++ b/content/docs/replication/deployment/powerstore.md @@ -7,11 +7,9 @@ description: > --- ## Enabling Replication In CSI PowerStore -For the Container Storage Modules (CSM) for Replication sidecar container to work properly it needs to be installed -alongside CSI driver that supports replication `dell-csi-extensions` calls. +Container Storage Modules (CSM) Replication sidecar is a helper container that is installed alongside a CSI driver to facilitate replication functionality. Such CSI drivers must implement `dell-csi-extensions` calls. -CSI driver for Dell EMC PowerStore supports necessary extension calls from `dell-csi-extensions` and to be able to -provision replicated volumes you would need to do the steps described in the following sections. +CSI driver for Dell PowerStore supports necessary extension calls from `dell-csi-extensions`. To be able to provision replicated volumes you would need to do the steps described in the following sections. ### Before Installation @@ -84,7 +82,7 @@ You can create them manually or with help from `repctl`. #### Manual Storage Class Creation You can find sample replication enabled storage class in the driver repository -at `./samples/storageclass/powerstore-replication.yaml`. +[here](https://github.com/dell/csi-powerstore/blob/main/samples/storageclass/powerstore-replication.yaml). It will look like this: ```yaml @@ -179,7 +177,7 @@ your Kubernetes clusters with `kubectl`. (using a single storage class configuration) in one command. To create storage classes with `repctl` you need to fill up the config with necessary information. -You can find an example in `repctl/examples/powerstore_example_values.yaml`, copy it, and modify it to your needs. +You can find an example in [here](https://github.com/dell/csm-replication/blob/main/repctl/examples/powerstore_example_values.yaml), copy it, and modify it to your needs. If you open this example you can see a lot of similar fields and parameters you can modify in the storage class. diff --git a/content/docs/replication/deployment/storageclasses.md b/content/docs/replication/deployment/storageclasses.md index b0eaaaffb2..df85a44833 100644 --- a/content/docs/replication/deployment/storageclasses.md +++ b/content/docs/replication/deployment/storageclasses.md @@ -29,8 +29,7 @@ This should contain the name of the storage class on the remote cluster which is >Note: You still need to create a pair of storage classes even while using a single stretched cluster ### Driver specific parameters -Please refer to the driver specific sections for [PowerMax](../powermax/#creating-storage-classes) & [PowerStore](../powerstore/#creating-storage-classes) for a detailed -list of parameters. +Please refer to the driver specific sections for [PowerMax](../powermax/#creating-storage-classes), [PowerStore](../powerstore/#creating-storage-classes) or [PowerScale](../powerscale/#creating-storage-classes) for a detailed list of parameters. ### PV sync Deletion diff --git a/content/docs/replication/disaster-recovery.md b/content/docs/replication/disaster-recovery.md index 26abda105a..42ed6e2a96 100644 --- a/content/docs/replication/disaster-recovery.md +++ b/content/docs/replication/disaster-recovery.md @@ -20,9 +20,8 @@ This scenario is the choice when you want to try your disaster recovery plan or b. Execute "reprotect" action on selected ReplicationGroup which will resume the replication from new "source" ./repctl --rg rg-id reprotect --to-cluster new-source-cluster-name -

- ![state_changes1](../state_changes1.png) -

+ +![state_changes1](../state_changes1.png) ### Unplanned Migration to the target cluster/array This scenario is the choice when you lost a site. @@ -41,9 +40,7 @@ This scenario is the choice when you lost a site. ./repctl --rg rg-id reprotect --to-cluster new-source-cluster-name -

- ![state_changes2](../state_changes2.png) -

+![state_changes2](../state_changes2.png) >Note: When users do Failover and Failback, the tests pods on the source cluster may go "CrashLoopOff" state since it will try to remount the same volume which is already mounted. To get around this problem bring down the number of replicas to 0 and then after that is done, bring it up to 1. diff --git a/content/docs/replication/replication-actions.md b/content/docs/replication/replication-actions.md index f472a99830..35208c4460 100644 --- a/content/docs/replication/replication-actions.md +++ b/content/docs/replication/replication-actions.md @@ -28,28 +28,31 @@ Any action with the __LOCAL__ suffix means, do this action for the local site. A For e.g. - * If the CR at `Hopkinton` is patched with action FAILOVER_REMOTE, it means that the driver will attempt to `Fail Over` to __Durham__ which is the remote site. -* If the CR at `Durham` is patched with action FAILOVER_LOCAL, it means that the driver will attempt to `Fail over` to __Durham__ which is the local site. +* If the CR at `Durham` is patched with action FAILOVER_LOCAL, it means that the driver will attempt to `Fail Over` to __Durham__ which is the local site. * If the CR at `Durham` is patched with REPROTECT_LOCAL, it means that the driver will `Re-protect` the volumes at __Durham__ which is the local site. The following table lists details of what actions should be used in different Disaster Recovery workflows & the equivalent operation done on the storage array: -| Workflow | Actions | PowerMax | PowerStore | -| ----------- | --------- | -------------- | ---------- | -| Planned Migration | FAILOVER_LOCAL
FAILOVER_REMOTE | symrdf failover -swap | FAILOVER (no REPROTECT after FAILOVER) | -| Reprotect | REPROTECT_LOCAL
REPROTECT_REMOTE | symrdf resume/est | REPROTECT | -| Unplanned Migration | UNPLANNED_FAILOVER_LOCAL
UNPLANNED_FAILOVER_REMOTE | symrdf failover -force | FAILOVER (at target site) | +{{}} +| Workflow | Actions | PowerMax | PowerStore | PowerScale | +| ------------------- | ----------------------------------- | --------------------- | -------------------------------------- | ---------------------------------------------- | +| Planned Migration | FAILOVER_LOCAL
FAILOVER_REMOTE | symrdf failover -swap | FAILOVER (no REPROTECT after FAILOVER) | allow_writes on target, disable local policy | +| Reprotect | REPROTECT_LOCAL
REPROTECT_REMOTE | symrdf resume/est | REPROTECT | enable local policy, disallow_writes on remote | +| Unplanned Migration | UNPLANNED_FAILOVER_LOCAL
UNPLANNED_FAILOVER_REMOTE | symrdf failover -force | FAILOVER (at target site) | break association on target | +{{
}} ### Maintenance Actions These actions can be run at any site and are used to change the replication link state for maintenance activities. The following table lists the supported maintenance actions and the equivalent operation done on the storage arrays {{}} -| Action | Description | PowerMax | PowerStore | -|-----------|------------------------|-------------------|-------------------| -| SUSPEND | Temporarily suspend
replication | symrdf suspend | PAUSE | -| RESUME | Resume replication | symrdf resume | RESUME | -| SYNC | Synchronize all changes
from source to target | symrdf establish | SYNCHRONIZE NOW | +| Action | Description | PowerMax | PowerStore | PowerScale | +|-----------|--------------------------------------|----------------|------------|----------------------| +| SUSPEND | Temporarily suspend
replication | symrdf suspend | PAUSE | disable local policy | +| RESUME | Resume replication | symrdf resume | RESUME | enable local policy | +| SYNC | Synchronize all changes
from source to target | symrdf establish | SYNCHRONIZE NOW | start syncIQ job | {{
}} + ### How to perform actions We strongly recommend using `repctl` to perform any actions on `DellCSIReplicationGroup` objects. You can find detailed steps [here](../tools/#executing-actions) From f7e8793c4ff8968a442f3e455a604a519383e728 Mon Sep 17 00:00:00 2001 From: panigs7 <92028646+panigs7@users.noreply.github.com> Date: Fri, 25 Feb 2022 15:42:17 +0530 Subject: [PATCH 30/52] Operator docs changes to update versions references (#161) --- content/docs/csidriver/installation/operator/_index.md | 10 +++++----- content/docs/csidriver/release/operator.md | 2 +- content/docs/csidriver/upgradation/drivers/operator.md | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/content/docs/csidriver/installation/operator/_index.md b/content/docs/csidriver/installation/operator/_index.md index 5c11ccaad5..8ceab18249 100644 --- a/content/docs/csidriver/installation/operator/_index.md +++ b/content/docs/csidriver/installation/operator/_index.md @@ -50,21 +50,21 @@ If you have installed an old version of the `dell-csi-operator` which was availa #### Full list of CSI Drivers and versions supported by the Dell CSI Operator | CSI Driver | Version | ConfigVersion | Kubernetes Version | OpenShift Version | | ------------------ | --------- | -------------- | -------------------- | --------------------- | -| CSI PowerMax | 1.7 | v6 | 1.19, 1.20, 1.21 | 4.6, 4.7 | | CSI PowerMax | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | | CSI PowerMax | 2.1.0 | v2.1.0 | 1.20, 1.21, 1.22 | 4.8, 4.8 EUS, 4.9 | -| CSI PowerFlex | 1.5 | v5 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI PowerMax | 2.2.0 | v2.2.0 | 1.21, 1.22, 1.23 | 4.8, 4.8 EUS, 4.9 | | CSI PowerFlex | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | | CSI PowerFlex | 2.1.0 | v2.1.0 | 1.20, 1.21, 1.22 | 4.8, 4.8 EUS, 4.9 | -| CSI PowerScale | 1.6 | v6 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI PowerFlex | 2.2.0 | v2.2.0 | 1.21, 1.22, 1.23 | 4.8, 4.8 EUS, 4.9 | | CSI PowerScale | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | | CSI PowerScale | 2.1.0 | v2.1.0 | 1.20, 1.21, 1.22 | 4.8, 4.8 EUS, 4.9 | -| CSI Unity | 1.6 | v5 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI PowerScale | 2.2.0 | v2.2.0 | 1.21, 1.22, 1.23 | 4.8, 4.8 EUS, 4.9 | | CSI Unity | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | | CSI Unity | 2.1.0 | v2.1.0 | 1.20, 1.21, 1.22 | 4.8, 4.8 EUS, 4.9 | -| CSI PowerStore | 1.4 | v4 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI Unity | 2.2.0 | v2.2.0 | 1.21, 1.22, 1.23 | 4.8, 4.8 EUS, 4.9 | | CSI PowerStore | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | | CSI PowerStore | 2.1.0 | v2.1.0 | 1.20, 1.21, 1.22 | 4.8, 4.8 EUS, 4.9 | +| CSI PowerStore | 2.2.0 | v2.2.0 | 1.21, 1.22, 1.23 | 4.8, 4.8 EUS, 4.9 |
diff --git a/content/docs/csidriver/release/operator.md b/content/docs/csidriver/release/operator.md index 06f5f4a65d..037e24091f 100644 --- a/content/docs/csidriver/release/operator.md +++ b/content/docs/csidriver/release/operator.md @@ -5,7 +5,7 @@ description: Release notes for Dell CSI Operator ## Release Notes - Dell CSI Operator 1.7.0 ->**Note:** There will be a delay in certification of Dell CSI Operator 1.6.0 and it will not be available for download from the Red Hat OpenShift certified catalog right away. The operator will still be available for download from the Red Hat OpenShift Community Catalog soon after the 1.6.0 release. +>**Note:** There will be a delay in certification of Dell CSI Operator 1.7.0 and it will not be available for download from the Red Hat OpenShift certified catalog right away. The operator will still be available for download from the Red Hat OpenShift Community Catalog soon after the 1.7.0 release. ### New Features/Changes diff --git a/content/docs/csidriver/upgradation/drivers/operator.md b/content/docs/csidriver/upgradation/drivers/operator.md index 78ab08b226..0add7dac64 100644 --- a/content/docs/csidriver/upgradation/drivers/operator.md +++ b/content/docs/csidriver/upgradation/drivers/operator.md @@ -6,7 +6,7 @@ tags: weight: 1 Description: Upgrade Dell CSI Operator --- -To upgrade Dell CSI Operator from v1.2.0/v1.3.0 to v1.4.0/v1.5.0/v1.6.0, perform the following steps. +To upgrade Dell CSI Operator from v1.2.0/v1.3.0 to v1.4.0/v1.5.0/v1.6.0/v1.7.0, perform the following steps. Dell CSI Operator can be upgraded based on the supported platforms in one of the 2 ways: 1. Using script (for non-OLM based installation) 2. Using Operator Lifecycle Manager (OLM) From 10787cd775f8c002c6b8e89ad03572bf9d8dda7f Mon Sep 17 00:00:00 2001 From: shanmydell <82038610+shanmydell@users.noreply.github.com> Date: Fri, 25 Feb 2022 15:48:39 +0530 Subject: [PATCH 31/52] Static provisioning for powermax (#130) --- .../csidriver/installation/test/powermax.md | 90 ++++++++++++++++++- 1 file changed, 89 insertions(+), 1 deletion(-) diff --git a/content/docs/csidriver/installation/test/powermax.md b/content/docs/csidriver/installation/test/powermax.md index 9f942be999..d44dcf3d73 100644 --- a/content/docs/csidriver/installation/test/powermax.md +++ b/content/docs/csidriver/installation/test/powermax.md @@ -82,4 +82,92 @@ Application prefix is the name of the application that can be used to group the # Examples: APP, app, sanity, tests ApplicationPrefix: ``` ->Note: Supported length of storage group for PowerMax is 64 characters. Storage group name is of the format "csi-`clusterprefix`-`application prefix`-`SLO name`-`SRP name`-SG". Based on the other inputs like clusterprefix,SLO name and SRP name maximum length of the ApplicationPrefix can vary. \ No newline at end of file +>Note: Supported length of storage group for PowerMax is 64 characters. Storage group name is of the format "csi-`clusterprefix`-`application prefix`-`SLO name`-`SRP name`-SG". Based on the other inputs like clusterprefix,SLO name and SRP name maximum length of the ApplicationPrefix can vary. + +## Consuming existing volumes with static provisioning + +Use this procedure to consume existing volumes with static provisioning. + +1. Open your Unisphere for Powermax, and take a note of volume-id. +2. Create PersistentVolume and use this volume-id as a volumeHandle in the manifest. Modify other parameters according to your needs. +3. In the following example, storage class is assumed as 'powermax', cluster prefix as 'ABC' and volume's internal name as '00001', array ID as '000000000001', volume ID as '1abc23456'. The volume-handle should be in the format of `csi`-`clusterPrefix`-`volumeNamePrefix`-`id`-`arrayID`-`volumeID`. + +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pvol + namespace: test +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 8Gi + csi: + driver: csi-powermax.dellemc.com + volumeHandle: csi-ABC-pmax-1abc23456-000000000001-00001 + persistentVolumeReclaimPolicy: Retain + storageClassName: powermax + volumeMode: Filesystem +``` + +3. Create PersistentVolumeClaim to use this PersistentVolume. + +```yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: pvc + namespace: test +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: powermax + volumeMode: Filesystem + volumeName: pvol +``` + +4. Then use this PVC as a volume in a pod. + +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: powermaxtest + namespace: test +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: powermaxtest + namespace: test +spec: + selector: + matchLabels: + app: powermaxtest + serviceName: staticprovisioning + template: + metadata: + labels: + app: powermaxtest + spec: + serviceAccount: powermaxtest + containers: + - name: test + image: docker.io/centos:latest + command: [ "/bin/sleep", "3600" ] + volumeMounts: + - mountPath: "/data" + name: pvc + volumes: + - name: pvc + persistentVolumeClaim: + claimName: pvc +``` + +5. After the pod becomes `Ready` and `Running`, you can start to use this pod and volume. + +>Note: CSI driver for PowerMax will create the necessary objects like Storage group, HostID and Masking View. They must not be created manually. From 9a5ebe8fb5e85ca4bba7f33301aeaaf115e6a61e Mon Sep 17 00:00:00 2001 From: coulof <49235405+coulof@users.noreply.github.com> Date: Fri, 25 Feb 2022 11:19:37 +0100 Subject: [PATCH 32/52] Change `fsType` to `csi.storage.k8s.io/fstype` (#150) --- content/docs/csidriver/features/unity.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/docs/csidriver/features/unity.md b/content/docs/csidriver/features/unity.md index b24ad1c022..14b3b977eb 100644 --- a/content/docs/csidriver/features/unity.md +++ b/content/docs/csidriver/features/unity.md @@ -190,7 +190,7 @@ provisioner: csi-unity.dellemc.com reclaimPolicy: Delete allowVolumeExpansion: true # Set this attribute to true if you plan to expand any PVCs created using this storage class parameters: - FsType: xfs + csi.storage.k8s.io/fstype: xfs ``` To resize a PVC, edit the existing PVC spec and set spec.resources.requests.storage to the intended size. For example, if you have a PVC unity-pvc-demo of size 3Gi, then you can resize it to 30Gi by updating the PVC. @@ -353,7 +353,7 @@ To create `NFS` volume you need to provide `nasName:` parameters that point to t - name: volume csi: driver: csi-unity.dellemc.com - fsType: "nfs" + csi.storage.k8s.io/fstype: "nfs" volumeAttributes: size: "20Gi" nasName: "csi-nas-name" From 28a16d35b444a023d0f1c133f66c947a48ae6624 Mon Sep 17 00:00:00 2001 From: karthikk92 <92289639+karthikk92@users.noreply.github.com> Date: Fri, 25 Feb 2022 15:51:59 +0530 Subject: [PATCH 33/52] Unity docs changes to update versions reference. (#158) Co-authored-by: shanmydell <82038610+shanmydell@users.noreply.github.com> --- content/docs/csidriver/features/unity.md | 2 +- content/docs/csidriver/installation/helm/unity.md | 4 ++-- content/docs/csidriver/installation/operator/unity.md | 4 ++-- content/docs/csidriver/upgradation/drivers/unity.md | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/content/docs/csidriver/features/unity.md b/content/docs/csidriver/features/unity.md index 14b3b977eb..2e61e95408 100644 --- a/content/docs/csidriver/features/unity.md +++ b/content/docs/csidriver/features/unity.md @@ -643,7 +643,7 @@ data: CSI_LOG_LEVEL: "info" ALLOW_RWO_MULTIPOD_ACCESS: "false" MAX_UNITY_VOLUMES_PER_NODE: "0" - SYNC_NODE_INFO_TIME_INTERVAL: "0" + SYNC_NODE_INFO_TIME_INTERVAL: "15" TENANT_NAME: "" ``` >Note: csi-unity supports Tenancy in multi-array setup, provided the TenantName is the same across Unity instances. diff --git a/content/docs/csidriver/installation/helm/unity.md b/content/docs/csidriver/installation/helm/unity.md index 0effda6310..2735a7f04b 100644 --- a/content/docs/csidriver/installation/helm/unity.md +++ b/content/docs/csidriver/installation/helm/unity.md @@ -38,7 +38,7 @@ Install CSI Driver for Unity using this procedure. *Before you begin* - * You must have the downloaded files, including the Helm chart from the source [git repository](https://github.com/dell/csi-unity) with the command ```git clone -b v2.1.0 https://github.com/dell/csi-unity.git```, as a pre-requisite for running this procedure. + * You must have the downloaded files, including the Helm chart from the source [git repository](https://github.com/dell/csi-unity) with the command ```git clone -b v2.2.0 https://github.com/dell/csi-unity.git```, as a pre-requisite for running this procedure. * In the top-level dell-csi-helm-installer directory, there should be two scripts, `csi-install.sh` and `csi-uninstall.sh`. * Ensure _unity_ namespace exists in Kubernetes cluster. Use the `kubectl create namespace unity` command to create the namespace if the namespace is not present. @@ -130,7 +130,7 @@ Procedure | storageArrayList.endpoint | REST API gateway HTTPS endpoint Unity system| true | - | | storageArrayList.arrayId | ArrayID for Unity system | true | - | | storageArrayList.skipCertificateValidation | "skipCertificateValidation " determines if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate. | true | true | - | storageArrayList.isDefault| An array having isDefault=true or isDefaultArray=true will be considered as the default array when arrayId is not specified in the storage class. This parameter should occur only once in the list. | false | false | + | storageArrayList.isDefault| An array having isDefault=true or isDefaultArray=true will be considered as the default array when arrayId is not specified in the storage class. This parameter should occur only once in the list. | true | - | Example: secret.yaml diff --git a/content/docs/csidriver/installation/operator/unity.md b/content/docs/csidriver/installation/operator/unity.md index f11b998c2f..96a390db2e 100644 --- a/content/docs/csidriver/installation/operator/unity.md +++ b/content/docs/csidriver/installation/operator/unity.md @@ -19,7 +19,7 @@ The following table lists driver configuration parameters for multiple storage a | password | Password for accessing Unity system | true | - | | restGateway | REST API gateway HTTPS endpoint Unity system| true | - | | arrayId | ArrayID for Unity system | true | - | -| isDefaultArray | An array having isDefaultArray=true is for backward compatibility. This parameter should occur once in the list. | false | false | +| isDefaultArray | An array having isDefaultArray=true is for backward compatibility. This parameter should occur once in the list. | true | - | Ex: secret.yaml @@ -118,7 +118,7 @@ data: CSI_LOG_LEVEL: "info" ALLOW_RWO_MULTIPOD_ACCESS: "false" MAX_UNITY_VOLUMES_PER_NODE: "0" - SYNC_NODE_INFO_TIME_INTERVAL: "0" + SYNC_NODE_INFO_TIME_INTERVAL: "15" TENANT_NAME: "" ``` diff --git a/content/docs/csidriver/upgradation/drivers/unity.md b/content/docs/csidriver/upgradation/drivers/unity.md index 16e11131fa..90ca6507cd 100644 --- a/content/docs/csidriver/upgradation/drivers/unity.md +++ b/content/docs/csidriver/upgradation/drivers/unity.md @@ -20,9 +20,9 @@ You can upgrade the CSI Driver for Dell EMC Unity using Helm or Dell CSI Operato Preparing myvalues.yaml is the same as explained in the install section. -To upgrade the driver from csi-unity v2.0 to csi-unity 2.1 +To upgrade the driver from csi-unity v2.1 to csi-unity 2.2 -1. Get the latest csi-unity 2.1 code from Github using using `git clone -b v2.1.0 https://github.com/dell/csi-unity.git`. +1. Get the latest csi-unity 2.2 code from Github using using `git clone -b v2.2.0 https://github.com/dell/csi-unity.git`. 2. Create myvalues.yaml. 3. Copy the helm/csi-unity/values.yaml to the new location csi-unity/dell-csi-helm-installer with name say myvalues.yaml, to customize settings for installation edit myvalues.yaml as per the requirements. 4. Navigate to common-helm-installer folder and execute the following command: @@ -34,7 +34,7 @@ To upgrade the driver from csi-unity v2.0 to csi-unity 2.1 1. While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. 2. Upgrading the Operator does not upgrade the CSI Driver. -To upgrade the driver from csi-unity v2.0 to csi-unity v2.1 : +To upgrade the driver from csi-unity v2.1 to csi-unity v2.2 : 1. Please upgrade the Dell CSI Operator by following [here](./../operator). 2. Once the operator is upgraded, to upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). From 536bb903119a883002eac18d9da7d7a9385231af Mon Sep 17 00:00:00 2001 From: Shanmugapriya M <97021994+spriya-m@users.noreply.github.com> Date: Fri, 25 Feb 2022 16:13:15 +0530 Subject: [PATCH 34/52] POSIX and NFSv4 ACL support (#162) --- content/docs/csidriver/features/powerstore.md | 24 +++++++++++++++++++ .../csidriver/installation/helm/powerstore.md | 3 +++ .../installation/operator/powerstore.md | 1 + 3 files changed, 28 insertions(+) diff --git a/content/docs/csidriver/features/powerstore.md b/content/docs/csidriver/features/powerstore.md index d05d280695..291499bb25 100644 --- a/content/docs/csidriver/features/powerstore.md +++ b/content/docs/csidriver/features/powerstore.md @@ -638,3 +638,27 @@ spec: ``` >Note: The access mode ReadWriteOnce allows multiple pods to access a single volume within a single worker node and the behavior is consistent across all supported Kubernetes versions. + +## POSIX and NFSv4 ACLs + +CSI PowerStore driver version 2.2.0 and later allows users to set user-defined permissions on NFS target mount directory using POSIX mode bits or NFSv4 ACLs. + +NFSv4 ACLs are supported for NFSv4 shares on NFSv4 enabled NAS servers only. Please ensure the order when providing the NFSv4 ACLs. + +To use this feature, provide permissions in `nfsAcls` parameter in values.yaml, secrets or NFS storage class. + +For example: + +1. POSIX mode bits + +```yaml +nfsAcls: "0755" +``` + +2. NFSv4 ACLs + +```yaml +nfsAcls: "A::OWNER@:rwatTnNcCy,A::GROUP@:rxtncy,A::EVERYONE@:rxtncy,A::user@domain.com:rxtncy" +``` + +>Note: If no values are specified, default value of "0777" will be set. diff --git a/content/docs/csidriver/installation/helm/powerstore.md b/content/docs/csidriver/installation/helm/powerstore.md index 3514c04717..e60827d549 100644 --- a/content/docs/csidriver/installation/helm/powerstore.md +++ b/content/docs/csidriver/installation/helm/powerstore.md @@ -141,6 +141,8 @@ CRDs should be configured during replication prepare stage with repctl as descri - *isDefault*: defines if we should treat the current array as a default. - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, None, or auto). - *nasName*: defines what NAS should be used for NFS volumes. + - *nfsAcls* (Optional): defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. + NFSv4 ACls are supported for NFSv4 shares on NFSv4 enabled NAS servers only. Add more blocks similar to above for each PowerStore array if necessary. 5. Create storage classes using ones from `samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f ` @@ -156,6 +158,7 @@ CRDs should be configured during replication prepare stage with repctl as descri | externalAccess | Defines additional entries for hostAccess of NFS volumes, single IP address and subnet are valid entries | No | " " | | kubeletConfigDir | Defines kubelet config path for cluster | Yes | "/var/lib/kubelet" | | imagePullPolicy | Policy to determine if the image should be pulled prior to starting the container. | Yes | "IfNotPresent" | +| nfsAcls | Defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. | No | "0777" | | connection.enableCHAP | Defines whether the driver should use CHAP for iSCSI connections or not | No | False | | controller.controllerCount | Defines number of replicas of controller deployment | Yes | 2 | | controller.volumeNamePrefix | Defines the string added to each volume that the CSI driver creates | No | "csivol" | diff --git a/content/docs/csidriver/installation/operator/powerstore.md b/content/docs/csidriver/installation/operator/powerstore.md index 8fb2f30f95..6fc98a126e 100644 --- a/content/docs/csidriver/installation/operator/powerstore.md +++ b/content/docs/csidriver/installation/operator/powerstore.md @@ -67,6 +67,7 @@ Kubernetes Operators make it easy to deploy and manage the entire lifecycle of c | X_CSI_FC_PORTS_FILTER_FILE_PATH | To set path to the file which provides a list of WWPN which should be used by the driver for FC connection on this node | No | "/etc/fc-ports-filter" | | ***Controller parameters*** | | X_CSI_POWERSTORE_EXTERNAL_ACCESS | allows specifying additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries | No | " "| + | X_CSI_NFS_ACLS | Defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. | No | "0777" | | ***Node parameters*** | | X_CSI_POWERSTORE_ENABLE_CHAP | Set to true if you want to enable iSCSI CHAP feature | No | false | 6. Execute the following command to create PowerStore custom resource:`kubectl create -f `. The above command will deploy the CSI-PowerStore driver. From fbc84869e6cd028c61a18547ebea35374b09d112 Mon Sep 17 00:00:00 2001 From: Harshita Pandey <88329939+harshitap26@users.noreply.github.com> Date: Fri, 25 Feb 2022 17:21:51 +0530 Subject: [PATCH 35/52] NVMe/TCP Documentation (#166) --- content/docs/csidriver/_index.md | 1 + content/docs/csidriver/features/powerstore.md | 6 ++++++ .../docs/csidriver/installation/helm/powerstore.md | 13 ++++++++++++- .../csidriver/installation/operator/powerstore.md | 2 +- 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/content/docs/csidriver/_index.md b/content/docs/csidriver/_index.md index 19d7a28219..74ea38d918 100644 --- a/content/docs/csidriver/_index.md +++ b/content/docs/csidriver/_index.md @@ -59,6 +59,7 @@ The CSI Drivers by Dell EMC implement an interface between [CSI](https://kuberne |---------------|:----------------:|:------------------:|:----------------:|:----------------:|:----------------:| | Fibre Channel | yes | N/A | yes | N/A | yes | | iSCSI | yes | N/A | yes | N/A | yes | +| NVMeTCP | N/A | N/A | N/A | N/A | yes | | NFS | N/A | N/A | yes | yes | yes | | Other | N/A | ScaleIO protocol | N/A | N/A | N/A | | Supported FS | ext4 / xfs | ext4 / xfs | ext3 / ext4 / xfs / NFS | NFS | ext3 / ext4 / xfs / NFS | diff --git a/content/docs/csidriver/features/powerstore.md b/content/docs/csidriver/features/powerstore.md index 291499bb25..144ee76079 100644 --- a/content/docs/csidriver/features/powerstore.md +++ b/content/docs/csidriver/features/powerstore.md @@ -662,3 +662,9 @@ nfsAcls: "A::OWNER@:rwatTnNcCy,A::GROUP@:rxtncy,A::EVERYONE@:rxtncy,A::user@doma ``` >Note: If no values are specified, default value of "0777" will be set. + + +## NVMe/TCP Support + +CSI Driver for Dell Powerstore 2.2.0 and above supports NVMe/TCP provisioning. To enable NVMe/TCP provisioning, blockProtocol on secret should be specified as `NVMeTCP`. +In case blockProtocol is specified as `auto`, the driver will be able to find the initiators on the host and choose the protocol accordingly. If the host has multiple protocols enabled, then FC gets the highest priority followed by iSCSI and then NVMeTCP. diff --git a/content/docs/csidriver/installation/helm/powerstore.md b/content/docs/csidriver/installation/helm/powerstore.md index e60827d549..4d88325371 100644 --- a/content/docs/csidriver/installation/helm/powerstore.md +++ b/content/docs/csidriver/installation/helm/powerstore.md @@ -61,6 +61,17 @@ To do this, run the `systemctl enable --now iscsid` command. For information about configuring iSCSI, see _Dell EMC PowerStore documentation_ on Dell EMC Support. + +### Set up the NVMe/TCP Initiator + +If you want to use the protocol, set up the NVMe/TCP initiators as follows +- The driver requires NVMe management command-line interface (nvme-cli) to use configure, edit, view or start the NVMe client and target. The nvme-cli utility provides a command-line and interactive shell option. The NVMe CLI tool is installed in the host using the below command. +`sudo apt install nvme-cli` + +- Modules including the nvme, nvme_core, nvme_fabrics, and nvme_tcp are required for using NVMe over Fabrics using TCP. Load the NVMe and NVMe-OF Modules using the below commands. +```modprobe nvme + modprobe nvme-tcp``` + ### Linux multipathing requirements Dell EMC PowerStore supports Linux multipathing. Configure Linux multipathing before installing the CSI Driver for Dell EMC PowerStore. @@ -139,7 +150,7 @@ CRDs should be configured during replication prepare stage with repctl as descri - *username*, *password*: defines credentials for connecting to array. - *skipCertificateValidation*: defines if we should use insecure connection or not. - *isDefault*: defines if we should treat the current array as a default. - - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, None, or auto). + - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, NVMeTCP, None, or auto). - *nasName*: defines what NAS should be used for NFS volumes. - *nfsAcls* (Optional): defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. NFSv4 ACls are supported for NFSv4 shares on NFSv4 enabled NAS servers only. diff --git a/content/docs/csidriver/installation/operator/powerstore.md b/content/docs/csidriver/installation/operator/powerstore.md index 6fc98a126e..2d68a940de 100644 --- a/content/docs/csidriver/installation/operator/powerstore.md +++ b/content/docs/csidriver/installation/operator/powerstore.md @@ -30,7 +30,7 @@ Kubernetes Operators make it easy to deploy and manage the entire lifecycle of c password: "password" # password for connecting to API skipCertificateValidation: true # indicates if client side validation of (management)server's certificate can be skipped isDefault: true # treat current array as a default (would be used by storage classes without arrayID parameter) - blockProtocol: "auto" # what SCSI transport protocol use on node side (FC, ISCSI, None, or auto) + blockProtocol: "auto" # what SCSI transport protocol use on node side (FC, ISCSI, NVMeTCP, None, or auto) nasName: "nas-server" # what NAS should be used for NFS volumes ``` Change the parameters with relevant values for your PowerStore array. From 76cc2fe883800c809ae8770e59622053aca30161 Mon Sep 17 00:00:00 2001 From: Randeep Sharma <92301596+randeepsharma@users.noreply.github.com> Date: Fri, 25 Feb 2022 17:22:51 +0530 Subject: [PATCH 36/52] add-fsgroup-policy-helm (#164) --- content/docs/csidriver/installation/helm/isilon.md | 3 ++- content/docs/csidriver/installation/operator/isilon.md | 1 + content/docs/csidriver/installation/operator/powerstore.md | 1 + content/docs/csidriver/release/powerflex.md | 2 +- content/docs/csidriver/release/powerscale.md | 5 +++-- content/docs/csidriver/release/powerstore.md | 3 ++- content/docs/csidriver/release/unity.md | 2 +- 7 files changed, 11 insertions(+), 6 deletions(-) diff --git a/content/docs/csidriver/installation/helm/isilon.md b/content/docs/csidriver/installation/helm/isilon.md index 9499b5f041..4ec523a17b 100644 --- a/content/docs/csidriver/installation/helm/isilon.md +++ b/content/docs/csidriver/installation/helm/isilon.md @@ -93,6 +93,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller | verbose | Indicates what content of the OneFS REST API message should be logged in debug level logs | Yes | 1 | | kubeletConfigDir | Specify kubelet config dir path | Yes | "/var/lib/kubelet" | | enableCustomTopology | Indicates PowerScale FQDN/IP which will be fetched from node label and the same will be used by controller and node pod to establish a connection to Array. This requires enableCustomTopology to be enabled. | No | false | + | fsGroupPolicy | Defines which FS Group policy mode to be used, Supported modes `None, File and ReadWriteOnceWithFSType` | No | "ReadWriteOnceWithFSType" | | ***controller*** | Configure controller pod specific parameters | | | | controllerCount | Defines the number of csi-powerscale controller pods to deploy to the Kubernetes release| Yes | 2 | | volumeNamePrefix | Defines a string prefix for the names of PersistentVolumes created | Yes | "k8s" | @@ -122,7 +123,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller | sidecarProxyImage | Image for csm-authorization-sidecar. | No | " " | | proxyHost | Hostname of the csm-authorization server. | No | Empty | | skipCertificateValidation | A boolean that enables/disables certificate validation of the csm-authorization server. | No | true | - + *NOTE:* - ControllerCount parameter value must not exceed the number of nodes in the Kubernetes cluster. Otherwise, some of the controller pods remain in a "Pending" state till new nodes are available for scheduling. The installer exits with a WARNING on the same. diff --git a/content/docs/csidriver/installation/operator/isilon.md b/content/docs/csidriver/installation/operator/isilon.md index 62c7f1309a..70ab9f5ba3 100644 --- a/content/docs/csidriver/installation/operator/isilon.md +++ b/content/docs/csidriver/installation/operator/isilon.md @@ -115,6 +115,7 @@ User can query for CSI-PowerScale driver using the following command: | Parameter | Description | Required | Default | | --------- | ----------- | -------- |-------- | | dnsPolicy | Determines the DNS Policy of the Node service | Yes | ClusterFirstWithHostNet | + | fsGroupPolicy | Defines which FS Group policy mode to be used, Supported modes `None, File and ReadWriteOnceWithFSType` | No | "ReadWriteOnceWithFSType" | | ***Common parameters for node and controller*** | | CSI_ENDPOINT | The UNIX socket address for handling gRPC calls | No | /var/run/csi/csi.sock | | X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION | Specifies whether SSL security needs to be enabled for communication between PowerScale and CSI Driver | No | true | diff --git a/content/docs/csidriver/installation/operator/powerstore.md b/content/docs/csidriver/installation/operator/powerstore.md index 2d68a940de..790fd8355d 100644 --- a/content/docs/csidriver/installation/operator/powerstore.md +++ b/content/docs/csidriver/installation/operator/powerstore.md @@ -62,6 +62,7 @@ Kubernetes Operators make it easy to deploy and manage the entire lifecycle of c | --------- | ----------- | -------- |-------- | | replicas | Controls the number of controller pods you deploy. If the number of controller pods is greater than the number of available nodes, the excess pods will be pending state till new nodes are available for scheduling. Default is 2 which allows for Controller high availability. | Yes | 2 | | namespace | Specifies namespace where the drive will be installed | Yes | "test-powerstore" | + | fsGroupPolicy | Defines which FS Group policy mode to be used, Supported modes `None, File and ReadWriteOnceWithFSType` | No | "ReadWriteOnceWithFSType" | | ***Common parameters for node and controller*** | | X_CSI_POWERSTORE_NODE_NAME_PREFIX | Prefix to add to each node registered by the CSI driver | Yes | "csi-node" | X_CSI_FC_PORTS_FILTER_FILE_PATH | To set path to the file which provides a list of WWPN which should be used by the driver for FC connection on this node | No | "/etc/fc-ports-filter" | diff --git a/content/docs/csidriver/release/powerflex.md b/content/docs/csidriver/release/powerflex.md index 6278635a4f..cf0c58f45a 100644 --- a/content/docs/csidriver/release/powerflex.md +++ b/content/docs/csidriver/release/powerflex.md @@ -29,4 +29,4 @@ There are no fixed issues in this release. ### Note: -- Support for kurbernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. +- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. diff --git a/content/docs/csidriver/release/powerscale.md b/content/docs/csidriver/release/powerscale.md index 256ab9e3e7..43e40b4845 100644 --- a/content/docs/csidriver/release/powerscale.md +++ b/content/docs/csidriver/release/powerscale.md @@ -8,7 +8,7 @@ description: Release notes for PowerScale CSI driver ### New Features/Changes - Added support for Kubernetes 1.23. -- Added support for fsGroup policy. +- Added support for fsGroupPolicy. - Added support for session based authentication along with basic authentication for PowerScale. ### Fixed Issues @@ -21,7 +21,8 @@ There are no fixed issues in this release. | If the length of the nodeID exceeds 128 characters, the driver fails to update the CSINode object and installation fails. This is due to a limitation set by CSI spec which doesn't allow nodeID to be greater than 128 characters. | The CSI PowerScale driver uses the hostname for building the nodeID which is set in the CSINode resource object, hence we recommend not having very long hostnames in order to avoid this issue. This current limitation of 128 characters is likely to be relaxed in future Kubernetes versions as per this issue in the community: https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/issues/581

**Note:** In kubernetes 1.22 this limit has been relaxed to 192 characters.| | If some older NFS exports /terminated worker nodes still in NFS export client list, CSI driver tries to add a new worker node it fails (For RWX volume). | User need to manually clean the export client list from old entries to make successful additon of new worker nodes. | Delete namespace that has PVCs and pods created with the driver. The External health monitor sidecar crashes as a result of this operation.| Deleting the namespace deletes the PVCs first and then removes the pods in the namespace. This brings a condition where pods exist without their PVCs and causes the external-health-monitor sidecar to crash. This is a known issue and has been reported at https://github.com/kubernetes-csi/external-health-monitor/issues/100| +| fsGroupPolicy may not work as expected with "root_squash". | To get the desired behavior "no_root_squash" has to be enabled. | ### Note: -- Support for kurbernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. +- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. diff --git a/content/docs/csidriver/release/powerstore.md b/content/docs/csidriver/release/powerstore.md index fefaab1310..8196d92255 100644 --- a/content/docs/csidriver/release/powerstore.md +++ b/content/docs/csidriver/release/powerstore.md @@ -8,6 +8,7 @@ description: Release notes for PowerStore CSI driver ### New Features/Changes - Added support for Kubernetes 1.23. +- Added support for fsGroupPolicy. ### Fixed Issues @@ -21,4 +22,4 @@ There are no fixed issues in this release. ### Note: -- Support for kurbernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. +- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. diff --git a/content/docs/csidriver/release/unity.md b/content/docs/csidriver/release/unity.md index c77cbfcd4f..1eeefd7487 100644 --- a/content/docs/csidriver/release/unity.md +++ b/content/docs/csidriver/release/unity.md @@ -22,4 +22,4 @@ description: Release notes for Unity CSI driver ### Note: -- Support for kurbernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. +- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. From 1790bac6c6722952790dcf8f11d61f7a99ac2bf3 Mon Sep 17 00:00:00 2001 From: Harish P Date: Fri, 25 Feb 2022 17:45:30 +0530 Subject: [PATCH 37/52] Feature/fs group doc (#167) Co-authored-by: shanmydell <82038610+shanmydell@users.noreply.github.com> --- content/docs/csidriver/release/powerscale.md | 14 +++++++------- content/docs/csidriver/release/powerstore.md | 9 +++++---- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/content/docs/csidriver/release/powerscale.md b/content/docs/csidriver/release/powerscale.md index 43e40b4845..b7dc8276e6 100644 --- a/content/docs/csidriver/release/powerscale.md +++ b/content/docs/csidriver/release/powerscale.md @@ -8,7 +8,7 @@ description: Release notes for PowerScale CSI driver ### New Features/Changes - Added support for Kubernetes 1.23. -- Added support for fsGroupPolicy. +- Added support to configure fsGroupPolicy. - Added support for session based authentication along with basic authentication for PowerScale. ### Fixed Issues @@ -16,12 +16,12 @@ description: Release notes for PowerScale CSI driver There are no fixed issues in this release. ### Known Issues -| Issue | Resolution or workaround, if known | -| ------------------------------------------------------------ | ------------------------------------------------------------ | -| If the length of the nodeID exceeds 128 characters, the driver fails to update the CSINode object and installation fails. This is due to a limitation set by CSI spec which doesn't allow nodeID to be greater than 128 characters. | The CSI PowerScale driver uses the hostname for building the nodeID which is set in the CSINode resource object, hence we recommend not having very long hostnames in order to avoid this issue. This current limitation of 128 characters is likely to be relaxed in future Kubernetes versions as per this issue in the community: https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/issues/581

**Note:** In kubernetes 1.22 this limit has been relaxed to 192 characters.| -| If some older NFS exports /terminated worker nodes still in NFS export client list, CSI driver tries to add a new worker node it fails (For RWX volume). | User need to manually clean the export client list from old entries to make successful additon of new worker nodes. -| Delete namespace that has PVCs and pods created with the driver. The External health monitor sidecar crashes as a result of this operation.| Deleting the namespace deletes the PVCs first and then removes the pods in the namespace. This brings a condition where pods exist without their PVCs and causes the external-health-monitor sidecar to crash. This is a known issue and has been reported at https://github.com/kubernetes-csi/external-health-monitor/issues/100| -| fsGroupPolicy may not work as expected with "root_squash". | To get the desired behavior "no_root_squash" has to be enabled. | +| Issue | Resolution or workaround, if known | +|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| If the length of the nodeID exceeds 128 characters, the driver fails to update the CSINode object and installation fails. This is due to a limitation set by CSI spec which doesn't allow nodeID to be greater than 128 characters. | The CSI PowerScale driver uses the hostname for building the nodeID which is set in the CSINode resource object, hence we recommend not having very long hostnames in order to avoid this issue. This current limitation of 128 characters is likely to be relaxed in future Kubernetes versions as per this issue in the community: https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/issues/581

**Note:** In kubernetes 1.22 this limit has been relaxed to 192 characters. | +| If some older NFS exports /terminated worker nodes still in NFS export client list, CSI driver tries to add a new worker node it fails (For RWX volume). | User need to manually clean the export client list from old entries to make successful addition of new worker nodes. | +| Delete namespace that has PVCs and pods created with the driver. The External health monitor sidecar crashes as a result of this operation. | Deleting the namespace deletes the PVCs first and then removes the pods in the namespace. This brings a condition where pods exist without their PVCs and causes the external-health-monitor sidecar to crash. This is a known issue and has been reported at https://github.com/kubernetes-csi/external-health-monitor/issues/100 | +| fsGroupPolicy may not work as expected with "root_squash". | To get the desired behavior "no_root_squash" has to be enabled. | ### Note: diff --git a/content/docs/csidriver/release/powerstore.md b/content/docs/csidriver/release/powerstore.md index 8196d92255..501d4ad331 100644 --- a/content/docs/csidriver/release/powerstore.md +++ b/content/docs/csidriver/release/powerstore.md @@ -8,7 +8,7 @@ description: Release notes for PowerStore CSI driver ### New Features/Changes - Added support for Kubernetes 1.23. -- Added support for fsGroupPolicy. +- Added support to configure fsGroupPolicy. ### Fixed Issues @@ -16,9 +16,10 @@ There are no fixed issues in this release. ### Known Issues -| Issue | Resolution or workaround, if known | -| ------------------------------------------------------------ | ------------------------------------------------------------ | -| Delete namespace that has PVCs and pods created with the driver. The External health monitor sidecar crashes as a result of this operation | Deleting the namespace deletes the PVCs first and then removes the pods in the namespace. This brings a condition where pods exist without their PVCs and causes the external-health-monitor sidecar to crash. This is a known issue and has been reported at https://github.com/kubernetes-csi/external-health-monitor/issues/100
| +| Issue | Resolution or workaround, if known | +|--------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Delete namespace that has PVCs and pods created with the driver. The External health monitor sidecar crashes as a result of this operation | Deleting the namespace deletes the PVCs first and then removes the pods in the namespace. This brings a condition where pods exist without their PVCs and causes the external-health-monitor sidecar to crash. This is a known issue and has been reported at https://github.com/kubernetes-csi/external-health-monitor/issues/100
| +| fsGroupPolicy may not work as expected without root privileges for NFS only
https://github.com/kubernetes/examples/issues/260 | To get the desired behavior set "allowRoot: "true" in the storage class parameter | ### Note: From 50c3aba26b2df4d728fcc444c46ddb79f9bf1189 Mon Sep 17 00:00:00 2001 From: karthikk92 <92289639+karthikk92@users.noreply.github.com> Date: Wed, 2 Mar 2022 10:34:22 +0530 Subject: [PATCH 38/52] Standalone helm installer changes for complex K8s version (#169) --- content/docs/csidriver/installation/helm/powerflex.md | 4 +++- content/docs/csidriver/installation/helm/unity.md | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/content/docs/csidriver/installation/helm/powerflex.md b/content/docs/csidriver/installation/helm/powerflex.md index 7a9dadc36b..b452df67cf 100644 --- a/content/docs/csidriver/installation/helm/powerflex.md +++ b/content/docs/csidriver/installation/helm/powerflex.md @@ -182,7 +182,9 @@ kubectl create -f deploy/kubernetes/snapshot-controller format and replace/update the secret. - "insecure" parameter has been changed to "skipCertificateValidation" as insecure is deprecated and will be removed from use in config.yaml or secret.yaml in a future release. Users can continue to use any one of "insecure" or "skipCertificateValidation" for now. The driver would return an error if both parameters are used. - Please note that log configuration parameters from v1.5 will no longer work in v2.0 and higher. Please refer to the [Dynamic Logging Configuration](../../../features/powerflex#dynamic-logging-configuration) section in Features for more information. - + - If the user is using complex K8s version like "v1.21.3-mirantis-1", use below kubeVersion check in helm/csi-unity/Chart.yaml file. + kubeVersion: ">= 1.21.0-0 < 1.24.0-0" + 5. Default logging options are set during Helm install. To see possible configuration options, see the [Dynamic Logging Configuration](../../../features/powerflex#dynamic-logging-configuration) section in Features. 6. If using automated SDC deployment: diff --git a/content/docs/csidriver/installation/helm/unity.md b/content/docs/csidriver/installation/helm/unity.md index 2735a7f04b..d6f04645c9 100644 --- a/content/docs/csidriver/installation/helm/unity.md +++ b/content/docs/csidriver/installation/helm/unity.md @@ -51,6 +51,8 @@ Procedure **Note**: * ArrayId corresponds to the serial number of Unity array. * Unity Array username must have role as Storage Administrator to be able to perform CRUD operations. + * If the user is using complex K8s version like "v1.21.3-mirantis-1", use below kubeVersion check in helm/csi-unity/Chart.yaml file. + kubeVersion: ">= 1.21.0-0 < 1.24.0-0" 2. Copy the `helm/csi-unity/values.yaml` into a file named `myvalues.yaml` in the same directory of `csi-install.sh`, to customize settings for installation. From af2db53742d8760107516931b66069a4418b7a78 Mon Sep 17 00:00:00 2001 From: shanmydell <82038610+shanmydell@users.noreply.github.com> Date: Wed, 2 Mar 2022 13:58:32 +0530 Subject: [PATCH 39/52] Common doc PR for all the modules and drivers (#170) --- README.md | 26 ++++---- config.toml | 2 +- content/docs/FAQ/_index.md | 65 +++++++++---------- content/docs/_index.md | 28 ++++---- content/docs/authorization/_index.md | 17 ++--- content/docs/authorization/cli.md | 4 +- .../docs/authorization/deployment/_index.md | 10 +-- content/docs/authorization/design.md | 6 +- content/docs/authorization/uninstallation.md | 2 +- content/docs/authorization/upgrade.md | 6 +- content/docs/contributionguidelines/_index.md | 2 +- content/docs/csidriver/_index.md | 8 +-- content/docs/csidriver/features/powermax.md | 8 +-- content/docs/csidriver/features/powerscale.md | 8 +-- content/docs/csidriver/features/powerstore.md | 4 +- content/docs/csidriver/features/unity.md | 6 +- .../csidriver/installation/helm/isilon.md | 14 ++-- .../csidriver/installation/helm/powerflex.md | 31 ++++----- .../csidriver/installation/helm/powermax.md | 28 ++++---- .../csidriver/installation/helm/powerstore.md | 32 ++++----- .../docs/csidriver/installation/helm/unity.md | 8 +-- .../csidriver/installation/offline/_index.md | 6 +- .../csidriver/installation/operator/_index.md | 11 ++-- .../csidriver/installation/operator/isilon.md | 2 +- .../installation/operator/powerflex.md | 8 +-- .../installation/operator/powermax.md | 18 ++--- .../installation/operator/powerstore.md | 2 +- .../csidriver/installation/test/powerflex.md | 4 +- .../csidriver/installation/test/powermax.md | 4 +- .../csidriver/installation/test/powerscale.md | 2 +- content/docs/csidriver/partners/redhat.md | 2 +- content/docs/csidriver/partners/tanzu.md | 2 +- content/docs/csidriver/release/operator.md | 2 +- content/docs/csidriver/release/powerflex.md | 12 +--- content/docs/csidriver/release/powermax.md | 6 +- content/docs/csidriver/release/powerscale.md | 6 +- content/docs/csidriver/release/powerstore.md | 2 +- content/docs/csidriver/release/unity.md | 3 +- .../csidriver/troubleshooting/powerflex.md | 2 +- .../csidriver/troubleshooting/powerscale.md | 2 +- .../docs/csidriver/troubleshooting/unity.md | 1 + .../csidriver/upgradation/drivers/isilon.md | 8 +-- .../upgradation/drivers/powerflex.md | 8 +-- .../csidriver/upgradation/drivers/powermax.md | 6 +- .../upgradation/drivers/powerstore.md | 8 +-- .../csidriver/upgradation/drivers/unity.md | 4 +- content/docs/deployment/_index.md | 10 +-- .../docs/deployment/csminstaller/_index.md | 6 +- .../docs/deployment/csminstaller/csmcli.md | 12 ++-- content/docs/grasp/video.md | 4 +- content/docs/observability/_index.md | 16 ++--- .../docs/observability/deployment/_index.md | 14 ++-- content/docs/observability/deployment/helm.md | 4 +- .../docs/observability/deployment/offline.md | 2 +- .../docs/observability/deployment/online.md | 2 +- content/docs/observability/metrics/_index.md | 2 +- .../docs/observability/metrics/powerflex.md | 2 +- .../docs/observability/metrics/powerstore.md | 2 +- .../docs/observability/uninstall/_index.md | 4 +- content/docs/observability/upgrade/_index.md | 2 +- content/docs/replication/_index.md | 65 ++++++++++--------- content/docs/replication/deployment/_index.md | 2 +- .../docs/replication/deployment/powerscale.md | 3 + .../docs/replication/replication-actions.md | 2 +- content/docs/replication/uninstall.md | 2 +- content/docs/resiliency/_index.md | 16 ++--- content/docs/resiliency/deployment.md | 4 +- content/docs/resiliency/troubleshooting.md | 2 +- content/docs/resiliency/uninstallation.md | 2 +- content/docs/resiliency/upgrade.md | 2 +- content/docs/snapshots/_index.md | 2 +- content/docs/support/_index.md | 2 +- content/docs/troubleshooting/_index.md | 2 +- 73 files changed, 318 insertions(+), 316 deletions(-) diff --git a/README.md b/README.md index 8e8a6db74d..df2f79694a 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,9 @@ You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 --> -# Dell EMC Container Storage Modules (CSM) +# Dell Technologies (Dell) Container Storage Modules (CSM) -Dell EMC Container Storage Modules (CSM) is an open-source suite of Kubernetes storage enablers for Dell EMC products. +Dell Technologies (Dell) Container Storage Modules (CSM) is an open-source suite of Kubernetes storage enablers for Dell products. ## Table of Contents @@ -27,19 +27,19 @@ Dell EMC Container Storage Modules (CSM) is an open-source suite of Kubernetes s * [About](#about) ## Container Storage Modules - Components -* [Dell EMC Container Storage Modules (CSM) for Authorization](https://github.com/dell/karavi-authorization) -* [Dell EMC Container Storage Modules (CSM) for Observability](https://github.com/dell/karavi-observability) -* [Dell EMC Container Storage Modules (CSM) for Replication](https://github.com/dell/csm-replication) -* [Dell EMC Container Storage Modules (CSM) for Resiliency](https://github.com/dell/karavi-resiliency) -* [Dell EMC Container Storage Modules (CSM) for Volume Group Snapshotter](https://github.com/dell/csi-volumegroup-snapshotter) -* [CSI Driver for Dell EMC PowerFlex](https://github.com/dell/csi-powerflex) -* [CSI Driver for Dell EMC PowerMax](https://github.com/dell/csi-powermax) -* [CSI Driver for Dell EMC PowerScale](https://github.com/dell/csi-powerscale) -* [CSI Driver for Dell EMC PowerStore](https://github.com/dell/csi-powerstore) -* [CSI Driver for Dell EMC Unity](https://github.com/dell/csi-unity) +* [Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization](https://github.com/dell/karavi-authorization) +* [Dell Technologies (Dell) Container Storage Modules (CSM) for Observability](https://github.com/dell/karavi-observability) +* [Dell Technologies (Dell) Container Storage Modules (CSM) for Replication](https://github.com/dell/csm-replication) +* [Dell Technologies (Dell) Container Storage Modules (CSM) for Resiliency](https://github.com/dell/karavi-resiliency) +* [Dell Technologies (Dell) Container Storage Modules (CSM) for Volume Group Snapshotter](https://github.com/dell/csi-volumegroup-snapshotter) +* [CSI Driver for Dell PowerFlex](https://github.com/dell/csi-powerflex) +* [CSI Driver for Dell PowerMax](https://github.com/dell/csi-powermax) +* [CSI Driver for Dell PowerScale](https://github.com/dell/csi-powerscale) +* [CSI Driver for Dell PowerStore](https://github.com/dell/csi-powerstore) +* [CSI Driver for Dell Unity](https://github.com/dell/csi-unity) ## About -Dell EMC Container Storage Modules (CSM) is 100% open source and community-driven. All components are available +Dell Technologies (Dell) Container Storage Modules (CSM) is 100% open source and community-driven. All components are available under [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0.html) on GitHub. \ No newline at end of file diff --git a/config.toml b/config.toml index d9cf38ed7c..466c9152a3 100644 --- a/config.toml +++ b/config.toml @@ -57,7 +57,7 @@ anchor = "smart" [languages] [languages.en] title = "Dell Technologies" -description = "Dell EMC Container Storage Modules documentation pages" +description = "Dell Technologies (Dell) Container Storage Modules documentation pages" languageName ="English" [markup] diff --git a/content/docs/FAQ/_index.md b/content/docs/FAQ/_index.md index c0b9758624..ec7d2051b3 100644 --- a/content/docs/FAQ/_index.md +++ b/content/docs/FAQ/_index.md @@ -1,7 +1,7 @@ --- title: "CSM FAQ" linktitle: "FAQ" -description: Frequently asked questions of Dell EMC Container Storage Modules +description: Frequently asked questions of Dell Technologies (Dell) Container Storage Modules weight: 2 --- @@ -32,49 +32,48 @@ The umbrella repository for every Dell Container Storage Module is: [https://git ### Is the Container Storage Module XYZ available for my array? Please see module and the respectice CSI driver version available for each array: -| CSM Module | CSI PowerFlex v2.1 | CSI PowerScale v2.1 | CSI PowerStore v2.1 | CSI PowerMax v2.1 | CSI Unity XT v2.1 | +| CSM Module | CSI PowerFlex v2.2 | CSI PowerScale v2.2 | CSI PowerStore v2.2 | CSI PowerMax v2.2 | CSI Unity XT v2.2 | | ----------------- | -------------- | --------------- | --------------- | ------------- | --------------- | -| Authorization v1.1| ✔️ | ✔️ | ❌ | ✔️ | ❌ | -| Observability v1.0| ✔️ | ❌ | ✔️ | ❌ | ❌ | -| Replication v1.1| ❌ | ❌ | ✔️ | ✔️ | ❌ | -| Resilency v1.0| ✔️ | ❌ | ❌ | ❌ | ✔️ | - +| Authorization v1.2| ✔️ | ✔️ | ❌ | ✔️ | ❌ | +| Observability v1.1| ✔️ | ❌ | ✔️ | ❌ | ❌ | +| Replication v1.2| ❌ | ✔️ | ✔️ | ✔️ | ❌ | +| Resilency v1.1| ✔️ | ❌ | ❌ | ❌ | ✔️ | ### What are the prerequisites for deploying Container Storage Modules? Prerequisites can be found on the respective module deployment pages: -- [Dell EMC Container Storage Module for Observability Deployment](../observability/deployment/#prerequisites) -- [Dell EMC Container Storage Module for Authorization Deployment](../authorization/deployment/#prerequisites) -- [Dell EMC Container Storage Module for Resiliency Deployment](../resiliency/deployment/) -- [Dell EMC Container Storage Module for Replication Deployment](../replication/deployment/installation/#before-you-begin) +- [Dell Container Storage Module for Observability Deployment](../observability/deployment/#prerequisites) +- [Dell Container Storage Module for Authorization Deployment](../authorization/deployment/#prerequisites) +- [Dell Container Storage Module for Resiliency Deployment](../resiliency/deployment/) +- [Dell Container Storage Module for Replication Deployment](../replication/deployment/installation/#before-you-begin) -Prerequisites for deploying the Dell EMC CSI drivers can be found here: -- [Dell EMC CSI Drivers Deployment](../csidriver/installation/) +Prerequisites for deploying the Dell CSI drivers can be found here: +- [Dell CSI Drivers Deployment](../csidriver/installation/) ### How do I uninstall or disable a module? -- [Dell EMC Container Storage Module for Authorization](../authorization/uninstallation/) -- [Dell EMC Container Storage Module for Observability](../observability/uninstall/) -- [Dell EMC Container Storage Module for Resiliency](../resiliency/uninstallation/) +- [Dell Container Storage Module for Authorization](../authorization/uninstallation/) +- [Dell Container Storage Module for Observability](../observability/uninstall/) +- [Dell Container Storage Module for Resiliency](../resiliency/uninstallation/) ### How do I troubleshoot Container Storage Modules? -- [Dell EMC CSI Drivers](../csidriver/troubleshooting/) -- [Dell EMC Container Storage Module for Authorization](../authorization/troubleshooting/) -- [Dell EMC Container Storage Module for Observability](../observability/troubleshooting/) -- [Dell EMC Container Storage Module for Replication](../replication/troubleshooting/) -- [Dell EMC Container Storage Module for Resiliency](../resiliency/troubleshooting/) +- [Dell CSI Drivers](../csidriver/troubleshooting/) +- [Dell Container Storage Module for Authorization](../authorization/troubleshooting/) +- [Dell Container Storage Module for Observability](../observability/troubleshooting/) +- [Dell Container Storage Module for Replication](../replication/troubleshooting/) +- [Dell Container Storage Module for Resiliency](../resiliency/troubleshooting/) ### Can I use the CSM functionality like Prometheus collection or Authorization quotas for my non-Kubernetes storage clients? -No, all the modules have been designed to work inside Kubernetes with Dell EMC CSI drivers. +No, all the modules have been designed to work inside Kubernetes with Dell CSI drivers. ### Should I install the module in the same namespace as the driver or another? -It is recommended to install CSM for Observability in a namespace separate from the Dell EMC CSI drivers because it works across multiple drivers. All other modules either run as standalone or with the Dell EMC CSI driver as a sidecar. +It is recommended to install CSM for Observability in a namespace separate from the Dell CSI drivers because it works across multiple drivers. All other modules either run as standalone or with the Dell CSI driver as a sidecar. ### Which Kubernetes distributions are supported? The supported Kubernetes distributions for Container Storage Modules are documented: -- [Dell EMC Container Storage Module for Authorization](../authorization/#supported-operating-systemscontainer-orchestrator-platforms) -- [Dell EMC Container Storage Module for Observability](../observability/#supported-operating-systemscontainer-orchestrator-platforms) -- [Dell EMC Container Storage Module for Replication](../replication/#supported-operating-systemscontainer-orchestrator-platforms) -- [Dell EMC Container Storage Module for Resiliency](../resiliency/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell Container Storage Module for Authorization](../authorization/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell Container Storage Module for Observability](../observability/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell Container Storage Module for Replication](../replication/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell Container Storage Module for Resiliency](../resiliency/#supported-operating-systemscontainer-orchestrator-platforms) -The supported distros for the Dell EMC CSI Drivers are located [here](../csidriver/#supported-operating-systemscontainer-orchestrator-platforms). +The supported distros for the Dell CSI Drivers are located [here](../csidriver/#supported-operating-systemscontainer-orchestrator-platforms). ### How do I get a list of Container Storage Modules deployed in my cluster with their versions? The easiest way to find the module version is to check the image tag for the module. For all the namespaces you can execute the following: @@ -88,11 +87,11 @@ kubectl get deployment,daemonset -o wide -n {{namespace}} ### Do all Container Storage Modules need to be the same version, or can I mix and match? It is advised to comply with the support matrices (links below) and not deviate from it with mixed versions. -- [Dell EMC Container Storage Module for Authorization](../authorization/#supported-operating-systemscontainer-orchestrator-platforms) -- [Dell EMC Container Storage Module for Observability](../observability/#supported-operating-systemscontainer-orchestrator-platforms) -- [Dell EMC Container Storage Module for Replication](../replication/#supported-operating-systemscontainer-orchestrator-platforms) -- [Dell EMC Container Storage Module for Resiliency](../resiliency/#supported-operating-systemscontainer-orchestrator-platforms) -- [Dell EMC CSI Drivers](../csidriver/#supported-operating-systemscontainer-orchestrator-platforms). +- [Dell Container Storage Module for Authorization](../authorization/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell Container Storage Module for Observability](../observability/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell Container Storage Module for Replication](../replication/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell Container Storage Module for Resiliency](../resiliency/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell CSI Drivers](../csidriver/#supported-operating-systemscontainer-orchestrator-platforms). ### Can I run Container Storage Modules in a production environment? As of CSM 1.0, the Container Storage Modules are GA and ready for production systems. diff --git a/content/docs/_index.md b/content/docs/_index.md index a819454690..0e9b502a81 100755 --- a/content/docs/_index.md +++ b/content/docs/_index.md @@ -1,14 +1,14 @@ --- -title: "Dell EMC Container Storage Modules (CSM)" -linkTitle: "Dell EMC Container Storage Modules (CSM)" +title: "Dell Technologies (Dell) Container Storage Modules (CSM)" +linkTitle: "Dell Technologies (Dell) Container Storage Modules (CSM)" weight: 20 menu: main: weight: 20 --- -The Dell Container Storage Modules (CSM) enables simple and consistent integration and automation experiences, extending enterprise storage capabilities to Kubernetes for cloud-native stateful applications. It reduces management complexity so developers can independently consume enterprise storage with ease and automate daily operations such as provisioning, snapshotting, replication, observability, authorization and, resiliency. +The Dell Technologies (Dell) Container Storage Modules (CSM) enables simple and consistent integration and automation experiences, extending enterprise storage capabilities to Kubernetes for cloud-native stateful applications. It reduces management complexity so developers can independently consume enterprise storage with ease and automate daily operations such as provisioning, snapshotting, replication, observability, authorization and, resiliency. CSM Hex Diagram @@ -16,16 +16,16 @@ CSM is made up of multiple components including modules (enterprise capabilities CSM Diagram -## CSM Supported Modules and Dell EMC CSI Drivers +## CSM Supported Modules and Dell CSI Drivers -| Modules/Drivers | CSM 1.1 | [CSM 1.0](../v1/) | [Previous](../v2/) | [Older](../v3) | +| Modules/Drivers | CSM 1.2 | [CSM 1.1](../v1/) | [CSM 1.0.1](../v1/) | [CSM 1.0](../v2/) | | - | :-: | :-: | :-: | :-: | -| Authorization | 1.1 | 1.0 | - | - | -| Observability | 1.0 | 1.0 | - | - | -| Replication | 1.1 | 1.0 | - | - | -| Resiliency | 1.0.1 | 1.0 | - | - | -| CSI Driver for PowerScale | v2.1 | v2.0 | v1.6 | v1.5 | -| CSI Driver for Unity | v2.1 | v2.0 | v1.6 | v1.5 | -| CSI Driver for PowerStore | v2.1 | v2.0 | v1.4 | v1.3 | -| CSI Driver for PowerFlex | v2.1 | v2.0 | v1.5 | v1.4 | -| CSI Driver for PowerMax | v2.1 | v2.0 | v1.7 | v1.6 | +| Authorization | 1.2 | 1.1 | 1.0 | 1.0 | +| Observability | 1.1 | 1.0.1 | 1.0.1 | 1.0 | +| Replication | 1.2 | 1.1 | 1.0 | 1.0 | +| Resiliency | 1.1 | 1.0.1 | 1.0.1 | 1.0 | +| CSI Driver for PowerScale | v2.2 | v2.1 | v2.0 | v2.0 | +| CSI Driver for Unity | v2.2 | v2.1 | v2.0 | v2.0 | +| CSI Driver for PowerStore | v2.2 | v2.1 | v2.0 | v2.0 | +| CSI Driver for PowerFlex | v2.2 | v2.1 | v2.0 | v2.0 | +| CSI Driver for PowerMax | v2.2 | v2.1 | v2.0 | v2.0 | diff --git a/content/docs/authorization/_index.md b/content/docs/authorization/_index.md index 7091ff0224..0310e936d6 100644 --- a/content/docs/authorization/_index.md +++ b/content/docs/authorization/_index.md @@ -3,18 +3,18 @@ title: "Authorization" linkTitle: "Authorization" weight: 4 Description: > - Dell EMC Container Storage Modules (CSM) for Authorization + Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization --- -[Container Storage Modules](https://github.com/dell/csm) (CSM) for Authorization is part of the open-source suite of Kubernetes storage enablers for Dell EMC products. +[Container Storage Modules](https://github.com/dell/csm) (CSM) for Authorization is part of the open-source suite of Kubernetes storage enablers for Dell products. -CSM for Authorization provides storage and Kubernetes administrators the ability to apply RBAC for Dell EMC CSI Drivers. It does this by deploying a proxy between the CSI driver and the storage system to enforce role-based access and usage rules. +CSM for Authorization provides storage and Kubernetes administrators the ability to apply RBAC for Dell CSI Drivers. It does this by deploying a proxy between the CSI driver and the storage system to enforce role-based access and usage rules. Storage administrators of compatible storage platforms will be able to apply quota and RBAC rules that instantly and automatically restrict cluster tenants usage of storage resources. Users of storage through CSM for Authorization do not need to have storage admin root credentials to access the storage system. Kubernetes administrators will have an interface to create, delete, and manage roles/groups that storage rules may be applied. Administrators and/or users may then generate authentication tokens that may be used by tenants to use storage with proper access policies being automatically enforced. -The following diagram shows a high-level overview of CSM for Authorization with a `tenant-app` that is using a CSI driver to perform storage operations through the CSM for Authorization `proxy-server` to access the a Dell EMC storage system. All requests from the CSI driver will contain the token for the given tenant that was granted by the Storage Administrator. +The following diagram shows a high-level overview of CSM for Authorization with a `tenant-app` that is using a CSI driver to perform storage operations through the CSM for Authorization `proxy-server` to access the a Dell storage system. All requests from the CSI driver will contain the token for the given tenant that was granted by the Storage Administrator. ![CSM for Authorization](./karavi-authorization-example.png "CSM for Authorization") @@ -44,7 +44,7 @@ The following diagram shows a high-level overview of CSM for Authorization with {{}} | | PowerMax | PowerFlex | PowerScale | |---------------|:----------------:|:-------------------:|:----------------:| -| Storage Array |5978.479.479, 5978.669.669, 5978.711.711, Unisphere 9.2| 3.5.x, 3.6.x | OneFS 8.1, 8.2, 9.0, 9.1, 9.2 | +| Storage Array |5978.479.479, 5978.711.711, Unisphere 9.2| 3.5.x, 3.6.x | OneFS 8.1, 8.2, 9.0, 9.1, 9.2, 9.3 | {{
}} ## Supported CSI Drivers @@ -53,9 +53,9 @@ CSM for Authorization supports the following CSI drivers and versions. {{}} | Storage Array | CSI Driver | Supported Versions | | ------------- | ---------- | ------------------ | -| CSI Driver for Dell EMC PowerFlex | [csi-powerflex](https://github.com/dell/csi-powerflex) | v2.0,v2.1 | -| CSI Driver for Dell EMC PowerMax | [csi-powermax](https://github.com/dell/csi-powermax) | v2.0,v2.1 | -| CSI Driver for Dell EMC PowerScale | [csi-powerscale](https://github.com/dell/csi-powerscale) | v2.0,v2.1 | +| CSI Driver for Dell PowerFlex | [csi-powerflex](https://github.com/dell/csi-powerflex) | v2.0, v2.1, v2.2 | +| CSI Driver for Dell PowerMax | [csi-powermax](https://github.com/dell/csi-powermax) | v2.0, v2.1 ,v2.2 | +| CSI Driver for Dell PowerScale | [csi-powerscale](https://github.com/dell/csi-powerscale) | v2.0, v2.1, v2.2 | {{
}} **NOTE:** If the deployed CSI driver has a number of controller pods equal to the number of schedulable nodes in your cluster, CSM for Authorization may not be able to inject properly into the driver's controller pod. @@ -68,6 +68,7 @@ CSM for Authorization consists of 2 components - the Authorization sidecar and t | Authorization Sidecar Image Tag | Authorization Proxy Server Version | | ------------------------------- | ---------------------------------- | | dellemc/csm-authorization-sidecar:v1.0.0 | v1.0.0, v1.1.0 | +| dellemc/csm-authorization-sidecar:v1.2.0 | v1.1.0, v1.2.0 | {{}} ## Roles and Responsibilities diff --git a/content/docs/authorization/cli.md b/content/docs/authorization/cli.md index 8005183c46..f1ef1bb5aa 100644 --- a/content/docs/authorization/cli.md +++ b/content/docs/authorization/cli.md @@ -3,7 +3,7 @@ title: CLI linktitle: CLI weight: 4 description: > - Dell EMC Container Storage Modules (CSM) for Authorization CLI + Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization CLI --- karavictl is a command-line interface (CLI) used to interact with and manage your Container Storage Modules (CSM) Authorization deployment. @@ -47,7 +47,7 @@ karavictl is used to interact with CSM Authorization Server ##### Synopsis -karavictl provides security, RBAC, and quota limits for accessing Dell EMC +karavictl provides security, RBAC, and quota limits for accessing Dell storage products from Kubernetes clusters ##### Options diff --git a/content/docs/authorization/deployment/_index.md b/content/docs/authorization/deployment/_index.md index 8593f4ced8..ca15cb03da 100644 --- a/content/docs/authorization/deployment/_index.md +++ b/content/docs/authorization/deployment/_index.md @@ -3,12 +3,12 @@ title: Deployment linktitle: Deployment weight: 2 description: > - Dell EMC Container Storage Modules (CSM) for Authorization deployment + Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization deployment --- This section outlines the deployment steps for Container Storage Modules (CSM) for Authorization. The deployment of CSM for Authorization is handled in 2 parts: - Deploying the CSM for Authorization proxy server, to be controlled by storage administrators -- Configuring one to many [supported](../../authorization#supported-csi-drivers) Dell EMC CSI drivers with CSM for Authorization +- Configuring one to many [supported](../../authorization#supported-csi-drivers) Dell CSI drivers with CSM for Authorization ## Prerequisites @@ -188,7 +188,7 @@ After creating the role bindings, the next logical step is to generate the acces ### Copy the karavictl Binary to the Kubernetes Master Node -The karavictl binary is available from the CSM for Authorization proxy server. This needs to be copied to the Kubernetes master node for Kubernetes tenant admins so the Kubernetes tenant admins can configure the Dell EMC CSI driver with CSM for Authorization. +The karavictl binary is available from the CSM for Authorization proxy server. This needs to be copied to the Kubernetes master node for Kubernetes tenant admins so the Kubernetes tenant admins can configure the Dell CSI driver with CSM for Authorization. ``` sshpass -p dangerous scp bin/karavictl root@10.247.96.174:/tmp/karavictl @@ -196,11 +196,11 @@ sshpass -p dangerous scp bin/karavictl root@10.247.96.174:/tmp/karavictl >__Note__: The storage admin is responsible for copying the binary to a location accessible by the Kubernetes tenant admin. -## Configuring a Dell EMC CSI Driver with CSM for Authorization +## Configuring a Dell CSI Driver with CSM for Authorization The second part of CSM for Authorization deployment is to configure one or more of the [supported](../../authorization#supported-csi-drivers) CSI drivers. This is controlled by the Kubernetes tenant admin. -### Configuring a Dell EMC CSI Driver +### Configuring a Dell CSI Driver Given a setup where Kubernetes, a storage system, and the CSM for Authorization Proxy Server are deployed, follow the steps below to configure the CSI Drivers to work with the Authorization sidecar: diff --git a/content/docs/authorization/design.md b/content/docs/authorization/design.md index 07bc29c172..564ac3c4e0 100644 --- a/content/docs/authorization/design.md +++ b/content/docs/authorization/design.md @@ -3,7 +3,7 @@ title: Design linktitle: Design weight: 1 description: > - Dell EMC Container Storage Modules (CSM) for Authorization design + Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization design --- Container Storage Modules (CSM) for Authorization is designed as a service mesh solution and consists of many internal components that work together in concert to achieve its overall functionality. @@ -56,7 +56,7 @@ The mechanism for managing this storage would utilize a CSI Driver. ### CSI Driver -A CSI Driver supports the Container Service Interface (CSI) specification. Dell EMC provides customers with CSI Drivers for its various storage arrays. +A CSI Driver supports the Container Service Interface (CSI) specification. Dell provides customers with CSI Drivers for its various storage arrays. CSM for Authorization intends to support a majority, if not all, of these drivers. A CSI Driver will typically be configured to communicate directly to its intended storage array and as such will be limited in using only the authentication @@ -88,7 +88,7 @@ The [*karavictl*](../cli) CLI (Command Line Interface) application allows Storag ### Storage Array -A Storage Array is typically considered to be one of the various Dell EMC storage offerings, e.g. Dell EMC PowerFlex which is supported by CSM for Authorization +A Storage Array is typically considered to be one of the various Dell storage offerings, e.g. Dell PowerFlex which is supported by CSM for Authorization today. Support for more Storage Arrays will come in the future. ## How it Works diff --git a/content/docs/authorization/uninstallation.md b/content/docs/authorization/uninstallation.md index 4b8fad3b53..fcbcb37aa2 100644 --- a/content/docs/authorization/uninstallation.md +++ b/content/docs/authorization/uninstallation.md @@ -3,7 +3,7 @@ title: Uninstallation linktitle: Uninstallation weight: 2 description: > - Dell EMC Container Storage Modules (CSM) for Authorization Uninstallation + Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization Uninstallation --- This section outlines the uninstallation steps for Container Storage Modules (CSM) for Authorization. diff --git a/content/docs/authorization/upgrade.md b/content/docs/authorization/upgrade.md index ba9a487365..4c31e3a926 100644 --- a/content/docs/authorization/upgrade.md +++ b/content/docs/authorization/upgrade.md @@ -3,12 +3,12 @@ title: Upgrade linktitle: Upgrade weight: 3 description: > - Upgrade Dell EMC Container Storage Modules (CSM) for Authorization + Upgrade Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization --- This section outlines the upgrade steps for Container Storage Modules (CSM) for Authorization. The upgrade of CSM for Authorization is handled in 2 parts: - Upgrading the CSM for Authorization proxy server -- Upgrading the Dell EMC CSI drivers with CSM for Authorization enabled +- Upgrading the Dell CSI drivers with CSM for Authorization enabled ### Upgrading CSM for Authorization proxy server @@ -29,7 +29,7 @@ k3s kubectl version >__Note__: The above steps manage install and upgrade of all dependencies that are required by the CSM for Authorization proxy server. -### Upgrading Dell EMC CSI Driver(s) with CSM for Authorization enabled +### Upgrading Dell CSI Driver(s) with CSM for Authorization enabled Given a setup where the CSM for Authorization proxy server is already upgraded to the latest version, follow the upgrade instructions for the applicable CSI Driver(s) to upgrade the driver and the CSM for Authorization sidecar diff --git a/content/docs/contributionguidelines/_index.md b/content/docs/contributionguidelines/_index.md index 19b639c316..e02b519065 100644 --- a/content/docs/contributionguidelines/_index.md +++ b/content/docs/contributionguidelines/_index.md @@ -3,7 +3,7 @@ title: "Contribution Guidelines" linkTitle: "Contribution Guidelines" weight: 12 Description: > - Dell EMC Container Storage Modules (CSM) docs Contribution Guidelines + Dell Technologies (Dell) Container Storage Modules (CSM) docs Contribution Guidelines --- diff --git a/content/docs/csidriver/_index.md b/content/docs/csidriver/_index.md index 74ea38d918..854b8d65ea 100644 --- a/content/docs/csidriver/_index.md +++ b/content/docs/csidriver/_index.md @@ -2,11 +2,11 @@ --- title: "CSI Drivers" linkTitle: "CSI Drivers" -description: About Dell EMC CSI Drivers +description: About Dell Technologies (Dell) CSI Drivers weight: 3 --- -The CSI Drivers by Dell EMC implement an interface between [CSI](https://kubernetes-csi.github.io/docs/) (CSI spec v1.5) enabled Container Orchestrator (CO) and Dell EMC Storage Arrays. It is a plug-in that is installed into Kubernetes to provide persistent storage using Dell storage system. +The CSI Drivers by Dell implement an interface between [CSI](https://kubernetes-csi.github.io/docs/) (CSI spec v1.5) enabled Container Orchestrator (CO) and Dell Storage Arrays. It is a plug-in that is installed into Kubernetes to provide persistent storage using Dell storage system. ![CSI Architecture](Architecture_Diagram.png) @@ -39,7 +39,7 @@ The CSI Drivers by Dell EMC implement an interface between [CSI](https://kuberne | Create VolumeSnapshot | yes | yes | yes | yes | yes | | Create Volume from Snapshot | yes | yes | yes | yes | yes | | Delete Snapshot | yes | yes | yes | yes | yes | -| [Access Mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)| RWO/ROX

RWX (Raw block only) | RWO/ROX/RWOP

RWX (Raw block only) | RWO/ROX/RWOP

RWX (Raw block & NFS only) | RWO/RWX/ROX/RWOP | RWO/ROX/RWOP

RWX (Raw block & NFS only) | +| [Access Mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)| RWO/ROX

RWX (Raw block only) | RWO/ROX/RWOP

RWX (Raw block only) | RWO/ROX/RWOP

RWX (Raw block & NFS only) | RWO/RWX/ROX/
RWOP | RWO/ROX/RWOP

RWX (Raw block & NFS only) | | CSI Volume Cloning | yes | yes | yes | yes | yes | | CSI Raw Block Volume | yes | yes | yes | no | yes | | CSI Ephemeral Volume | no | yes | yes | yes | yes | @@ -51,7 +51,7 @@ The CSI Drivers by Dell EMC implement an interface between [CSI](https://kuberne {{}} | | PowerMax | PowerFlex | Unity | PowerScale | PowerStore | |---------------|:-------------------------------------------------------:|:----------------:|:--------------------------:|:----------------------------------:|:----------------:| -| Storage Array |5978.479.479, 5978.669.669, 5978.711.711
Unisphere 9.2| 3.5.x, 3.6.x | 5.0.5, 5.0.6, 5.0.7, 5.1.0 | OneFS 8.1, 8.2, 9.0, 9.1, 9.2, 9.3 | 1.0.x, 2.0.x | +| Storage Array |5978.479.479, 5978.711.711
Unisphere 9.2| 3.5.x, 3.6.x | 5.0.5, 5.0.6, 5.0.7, 5.1.0, 5.1.2 | OneFS 8.1, 8.2, 9.0, 9.1, 9.2, 9.3 | 1.0.x, 2.0.x | {{
}} ### Backend Storage Details {{}} diff --git a/content/docs/csidriver/features/powermax.md b/content/docs/csidriver/features/powermax.md index 02543d24b1..8fb4bd840b 100644 --- a/content/docs/csidriver/features/powermax.md +++ b/content/docs/csidriver/features/powermax.md @@ -122,7 +122,7 @@ When challenged, the host initiator transmits a CHAP credential and CHAP secret ## Custom Driver Name -With version 1.3.0 of the driver, a custom name can be assigned to the driver at the time of installation. This enables installation of the CSI driver in a different namespace and installation of multiple CSI drivers for Dell EMC PowerMax in the same Kubernetes/OpenShift cluster. +With version 1.3.0 of the driver, a custom name can be assigned to the driver at the time of installation. This enables installation of the CSI driver in a different namespace and installation of multiple CSI drivers for Dell PowerMax in the same Kubernetes/OpenShift cluster. To use this feature, set the following values under `customDriverName` in `my-powermax-settings.yaml`. - Value: Set this to the custom name of the driver. @@ -140,7 +140,7 @@ For example, if the driver name is set to _driver_ and it is installed in the na ### Install multiple drivers -To install multiple CSI Drivers for Dell EMC PowerMax in a single Kubernetes cluster, you can take advantage of the custom driver name feature. There are a few important restrictions that should be strictly adhered to: +To install multiple CSI Drivers for Dell PowerMax in a single Kubernetes cluster, you can take advantage of the custom driver name feature. There are a few important restrictions that should be strictly adhered to: - Only one driver can be installed in a single namespace - Different drivers should not connect to a single Unisphere server - Different drivers should not be used to manage a single PowerMax array @@ -459,9 +459,9 @@ To update the log level dynamically, the user has to edit the ConfigMap `powerma kubectl edit configmap -n powermax powermax-config-params ``` -## PV/PVC Metrics +## Volume Health Monitoring -CSI Driver for Dell EMC PowerMax 2.2.0 and above supports volume health monitoring. To enable Volume Health Monitoring from the node side, the alpha feature gate CSIVolumeHealth needs to be enabled. To use this feature, set controller.healthMonitor.enabled and node.healthMonitor.enabled to true. To change the monitor interval, set controller.healthMonitor.volumeHealthMonitorInterval parameter. +CSI Driver for Dell PowerMax 2.2.0 and above supports volume health monitoring. To enable Volume Health Monitoring from the node side, the alpha feature gate CSIVolumeHealth needs to be enabled. To use this feature, set controller.healthMonitor.enabled and node.healthMonitor.enabled to true. To change the monitor interval, set controller.healthMonitor.interval parameter. ## Single Pod Access Mode for PersistentVolumes- ReadWriteOncePod (ALPHA FEATURE) diff --git a/content/docs/csidriver/features/powerscale.md b/content/docs/csidriver/features/powerscale.md index 0a82876765..ca7675ee27 100644 --- a/content/docs/csidriver/features/powerscale.md +++ b/content/docs/csidriver/features/powerscale.md @@ -426,7 +426,7 @@ For a cluster with multiple network interfaces and if a user wants to segregate ## Volume Limit -The CSI Driver for Dell EMC PowerScale allows users to specify the maximum number of PowerScale volumes that can be used in a node. +The CSI Driver for Dell PowerScale allows users to specify the maximum number of PowerScale volumes that can be used in a node. The user can set the volume limit for a node by creating a node label `max-isilon-volumes-per-node` and specifying the volume limit for that node.
`kubectl label node max-isilon-volumes-per-node=` @@ -443,7 +443,7 @@ Similarly, users can define the tolerations based on various conditions like mem ## Usage of SmartQuotas to Limit Storage Consumption -CSI driver for Dell EMC Isilon handles capacity limiting using SmartQuotas feature. +CSI driver for Dell Isilon handles capacity limiting using SmartQuotas feature. To use the SmartQuotas feature user can specify the boolean value 'enableQuota' in myvalues.yaml or my-isilon-settings.yaml. @@ -496,7 +496,7 @@ kubectl edit configmap -n isilon isilon-config-params ## NAT Support -CSI Driver for Dell EMC PowerScale is supported in the NAT environment. +CSI Driver for Dell PowerScale is supported in the NAT environment. ## Configurable permissions for volume directory @@ -533,7 +533,7 @@ Other ways of configuring powerscale volume permissions remain the same as helm- ## PV/PVC Metrics -CSI Driver for Dell EMC PowerScale 2.1.0 and above supports volume health monitoring. This allows Kubernetes to report on the condition, status and usage of the underlying volumes. +CSI Driver for Dell PowerScale 2.1.0 and above supports volume health monitoring. This allows Kubernetes to report on the condition, status and usage of the underlying volumes. For example, if a volume were to be deleted from the array, or unmounted outside of Kubernetes, Kubernetes will now report these abnormal conditions as events. ### This feature can be enabled diff --git a/content/docs/csidriver/features/powerstore.md b/content/docs/csidriver/features/powerstore.md index 144ee76079..5aa7cbc028 100644 --- a/content/docs/csidriver/features/powerstore.md +++ b/content/docs/csidriver/features/powerstore.md @@ -604,14 +604,14 @@ kubectl edit configmap -n csi-powerstore powerstore-config-params ## NAT Support -CSI Driver for Dell EMC Powerstore is supported in the NAT environment for NFS protocol. +CSI Driver for Dell Powerstore is supported in the NAT environment for NFS protocol. The user will be able to install the driver and able to create pods. ## PV/PVC Metrics -CSI Driver for Dell EMC Powerstore 2.1.0 and above supports volume health monitoring. To enable Volume Health Monitoring from the node side, the alpha feature gate CSIVolumeHealth needs to be enabled. To use this feature, set controller.healthMonitor.enabled and node.healthMonitor.enabled to true. To change the monitor interval, set controller.healthMonitor.volumeHealthMonitorInterval parameter. +CSI Driver for Dell Powerstore 2.1.0 and above supports volume health monitoring. To enable Volume Health Monitoring from the node side, the alpha feature gate CSIVolumeHealth needs to be enabled. To use this feature, set controller.healthMonitor.enabled and node.healthMonitor.enabled to true. To change the monitor interval, set controller.healthMonitor.volumeHealthMonitorInterval parameter. ## Single Pod Access Mode for PersistentVolumes diff --git a/content/docs/csidriver/features/unity.md b/content/docs/csidriver/features/unity.md index 2e61e95408..ebec864d44 100644 --- a/content/docs/csidriver/features/unity.md +++ b/content/docs/csidriver/features/unity.md @@ -443,7 +443,7 @@ For any additional information about the topology, see the [Kubernetes Topology ## Support for SLES 15 SP2 -The CSI Driver for Dell EMC Unity requires the following set of packages installed on all worker nodes that run on SLES 15 SP2. +The CSI Driver for Dell Unity requires the following set of packages installed on all worker nodes that run on SLES 15 SP2. - open-iscsi **open-iscsi is required in order to make use of iSCSI protocol for provisioning** - nfs-utils **nfs-utils is required in order to make use of NFS protocol for provisioning** @@ -452,7 +452,7 @@ The CSI Driver for Dell EMC Unity requires the following set of packages install After installing open-iscsi, ensure "iscsi" and "iscsid" services have been started and /etc/isci/initiatorname.iscsi is created and has the host initiator id. The pre-requisites are mandatory for provisioning with the iSCSI protocol to work. ## Volume Limit -The CSI Driver for Dell EMC Unity allows users to specify the maximum number of Unity volumes that can be used in a node. +The CSI Driver for Dell Unity allows users to specify the maximum number of Unity volumes that can be used in a node. The user can set the volume limit for a node by creating a node label `max-unity-volumes-per-node` and specifying the volume limit for that node.
`kubectl label node max-unity-volumes-per-node=` @@ -462,7 +462,7 @@ The user can also set the volume limit for all the nodes in the cluster by speci >**NOTE:**
To reflect the changes after setting the value either via node label or in values.yaml file, user has to bounce the driver controller and node pods using the command `kubectl get pods -n unity --no-headers=true | awk '/unity-/{print $1}'| xargs kubectl delete -n unity pod`.

If the value is set both by node label and values.yaml file then node label value will get the precedence and user has to remove the node label in order to reflect the values.yaml value.

The default value of `maxUnityVolumesPerNode` is 0.

If `maxUnityVolumesPerNode` is set to zero, then CO SHALL decide how many volumes of this type can be published by the controller to the node.

The volume limit specified to `maxUnityVolumesPerNode` attribute is applicable to all the nodes in the cluster for which node label `max-unity-volumes-per-node` is not set. ## NAT Support -CSI Driver for Dell EMC Unity is supported in the NAT environment for NFS protocol. +CSI Driver for Dell Unity is supported in the NAT environment for NFS protocol. The user will be able to install the driver and able to create pods. diff --git a/content/docs/csidriver/installation/helm/isilon.md b/content/docs/csidriver/installation/helm/isilon.md index 4ec523a17b..0431487181 100644 --- a/content/docs/csidriver/installation/helm/isilon.md +++ b/content/docs/csidriver/installation/helm/isilon.md @@ -3,7 +3,7 @@ title: PowerScale description: > Installing CSI Driver for PowerScale via Helm --- -The CSI Driver for Dell EMC PowerScale can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerscale/tree/master/dell-csi-helm-installer). +The CSI Driver for Dell PowerScale can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerscale/tree/master/dell-csi-helm-installer). The controller section of the Helm chart installs the following components in a _Deployment_ in the specified namespace: - CSI Driver for PowerScale @@ -18,7 +18,7 @@ The node section of the Helm chart installs the following component in a _Daemon ## Prerequisites -The following are requirements to be met before installing the CSI Driver for Dell EMC PowerScale: +The following are requirements to be met before installing the CSI Driver for Dell PowerScale: - Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) - Install Helm 3 - Mount propagation is enabled on container runtime that is being used @@ -27,7 +27,7 @@ The following are requirements to be met before installing the CSI Driver for De ### Install Helm 3.0 -Install Helm 3.0 on the master node before you install the CSI Driver for Dell EMC PowerScale. +Install Helm 3.0 on the master node before you install the CSI Driver for Dell PowerScale. **Steps** @@ -167,7 +167,7 @@ Create isilon-creds secret using the following command: - For the key isiIP/endpoint, the user can give either IP address or FQDN. Also, the user can prefix 'https' (For example, https://192.168.1.1) with the value. - The *isilon-creds* secret has a *mountEndpoint* parameter which should only be updated and used when [Authorization](../../../../authorization) is enabled. -7. Install OneFS CA certificates by following the instructions from the next section, if you want to validate OneFS API server's certificates. If not, create an empty secret using the following command and an empty secret must be created for the successful installation of CSI Driver for Dell EMC PowerScale. +7. Install OneFS CA certificates by following the instructions from the next section, if you want to validate OneFS API server's certificates. If not, create an empty secret using the following command and an empty secret must be created for the successful installation of CSI Driver for Dell PowerScale. ``` kubectl create -f empty-secret.yaml ``` @@ -199,7 +199,7 @@ If the 'skipCertificateValidation' parameter is set to false and a previous inst ### Dynamic update of array details via secret.yaml -CSI Driver for Dell EMC PowerScale now provides supports for Multi cluster. Now users can link the single CSI Driver to multiple OneFS Clusters by updating *secret.yaml*. Users can now update the isilon-creds secret by editing the *secret.yaml* and executing the following command +CSI Driver for Dell PowerScale now provides supports for Multi cluster. Now users can link the single CSI Driver to multiple OneFS Clusters by updating *secret.yaml*. Users can now update the isilon-creds secret by editing the *secret.yaml* and executing the following command `kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml -o yaml --dry-run=client | kubectl apply -f -` @@ -209,7 +209,7 @@ CSI Driver for Dell EMC PowerScale now provides supports for Multi cluster. Now ## Storage Classes -The CSI driver for Dell EMC PowerScale version 1.5 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A sample storage class manifest is available at `samples/storageclass/isilon.yaml`. Use this sample manifest to create a storageclass to provision storage; uncomment/ update the manifest as per the requirements. +The CSI driver for Dell PowerScale version 1.5 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A sample storage class manifest is available at `samples/storageclass/isilon.yaml`. Use this sample manifest to create a storageclass to provision storage; uncomment/ update the manifest as per the requirements. ### What happens to my existing storage classes? @@ -235,7 +235,7 @@ Starting CSI PowerScale v1.6, `dell-csi-helm-installer` will not create any Volu ### What happens to my existing Volume Snapshot Classes? -*Upgrading from CSI PowerScale v2.0 driver*: +*Upgrading from CSI PowerScale v2.1 driver*: The existing volume snapshot class will be retained. *Upgrading from an older version of the driver*: diff --git a/content/docs/csidriver/installation/helm/powerflex.md b/content/docs/csidriver/installation/helm/powerflex.md index b452df67cf..59f709c077 100644 --- a/content/docs/csidriver/installation/helm/powerflex.md +++ b/content/docs/csidriver/installation/helm/powerflex.md @@ -5,22 +5,22 @@ description: > Installing the CSI Driver for PowerFlex via Helm --- -The CSI Driver for Dell EMC PowerFlex can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerflex/tree/master/dell-csi-helm-installer). +The CSI Driver for Dell PowerFlex can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerflex/tree/master/dell-csi-helm-installer). The controller section of the Helm chart installs the following components in a _Deployment_ in the specified namespace: -- CSI Driver for Dell EMC PowerFlex +- CSI Driver for Dell PowerFlex - Kubernetes External Provisioner, which provisions the volumes - Kubernetes External Attacher, which attaches the volumes to the containers - Kubernetes External Snapshotter, which provides snapshot support - Kubernetes External Resizer, which resizes the volume The node section of the Helm chart installs the following component in a _DaemonSet_ in the specified namespace: -- CSI Driver for Dell EMC PowerFlex +- CSI Driver for Dell PowerFlex - Kubernetes Node Registrar, which handles the driver registration ## Prerequisites -The following are requirements that must be met before installing the CSI Driver for Dell EMC PowerFlex: +The following are requirements that must be met before installing the CSI Driver for Dell PowerFlex: - Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) - Install Helm 3 - Enable Zero Padding on PowerFlex @@ -33,7 +33,7 @@ The following are requirements that must be met before installing the CSI Driver ### Install Helm 3.0 -Install Helm 3.0 on the master node before you install the CSI Driver for Dell EMC PowerFlex. +Install Helm 3.0 on the master node before you install the CSI Driver for Dell PowerFlex. **Steps** @@ -41,7 +41,7 @@ Install Helm 3.0 on the master node before you install the CSI Driver for Dell E ### Enable Zero Padding on PowerFlex -Verify that zero padding is enabled on the PowerFlex storage pools that will be used. Use PowerFlex GUI or the PowerFlex CLI to check this setting. For more information to configure this setting, see [Dell EMC PowerFlex documentation](https://cpsdocs.dellemc.com/bundle/PF_CONF_CUST/page/GUID-D32BDFF7-3014-4894-8E1E-2A31A86D343A.html). +Verify that zero padding is enabled on the PowerFlex storage pools that will be used. Use PowerFlex GUI or the PowerFlex CLI to check this setting. For more information to configure this setting, see [Dell PowerFlex documentation](https://cpsdocs.dellemc.com/bundle/PF_CONF_CUST/page/GUID-D32BDFF7-3014-4894-8E1E-2A31A86D343A.html). ### Install PowerFlex Storage Data Client @@ -51,17 +51,17 @@ currently only Red Hat CoreOS (RHCOS). On Kubernetes nodes with OS version not supported by automatic install, you must perform the Manual SDC Deployment steps [below](#manual-sdc-deployment). Refer to https://hub.docker.com/r/dellemc/sdc for supported OS versions. -**Optional:** For a typical install, you will pull SDC kernel modules from the Dell EMC FTP site, which is set up by default. Some users might want to mirror this repository to a local location. The [PowerFlex KB article](https://www.dell.com/support/kbdoc/en-us/000184206/how-to-use-a-private-repository-for) has instructions on how to do this. +**Optional:** For a typical install, you will pull SDC kernel modules from the Dell FTP site, which is set up by default. Some users might want to mirror this repository to a local location. The [PowerFlex KB article](https://www.dell.com/support/kbdoc/en-us/000184206/how-to-use-a-private-repository-for) has instructions on how to do this. #### Manual SDC Deployment -For detailed PowerFlex installation procedure, see the [Dell EMC PowerFlex Deployment Guide](https://docs.delltechnologies.com/bundle/VXF_DEPLOY/page/GUID-DD20489C-42D9-42C6-9795-E4694688CC75.html). Install the PowerFlex SDC as follows: +For detailed PowerFlex installation procedure, see the [Dell PowerFlex Deployment Guide](https://docs.delltechnologies.com/bundle/VXF_DEPLOY/page/GUID-DD20489C-42D9-42C6-9795-E4694688CC75.html). Install the PowerFlex SDC as follows: **Steps** -1. Download the PowerFlex SDC from [Dell EMC Online support](https://www.dell.com/support). The filename is EMC-ScaleIO-sdc-*.rpm, where * is the SDC name corresponding to the PowerFlex installation version. +1. Download the PowerFlex SDC from [Dell Online support](https://www.dell.com/support). The filename is EMC-ScaleIO-sdc-*.rpm, where * is the SDC name corresponding to the PowerFlex installation version. 2. Export the shell variable _MDM_IP_ in a comma-separated list using `export MDM_IP=xx.xxx.xx.xx,xx.xxx.xx.xx`, where xxx represents the actual IP address in your environment. This list contains the IP addresses of the MDMs. -3. Install the SDC per the _Dell EMC PowerFlex Deployment Guide_: +3. Install the SDC per the _Dell PowerFlex Deployment Guide_: - For Red Hat Enterprise Linux and CentOS, run `rpm -iv ./EMC-ScaleIO-sdc-*.x86_64.rpm`, where * is the SDC name corresponding to the PowerFlex installation version. 4. To add more MDM_IP for multi-array support, run `/opt/emc/scaleio/sdc/bin/drv_cfg --add_mdm --ip 10.xx.xx.xx.xx,10.xx.xx.xx` @@ -109,7 +109,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller ## Install the Driver **Steps** -1. Run `git clone -b v2.1.0 https://github.com/dell/csi-powerflex.git` to clone the git repository. +1. Run `git clone -b v2.2.0 https://github.com/dell/csi-powerflex.git` to clone the git repository. 2. Ensure that you have created a namespace where you want to install the driver. You can run `kubectl create namespace vxflexos` to create a new one. @@ -258,7 +258,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller ## Certificate validation for PowerFlex Gateway REST API calls -This topic provides details about setting up the certificate for the CSI Driver for Dell EMC PowerFlex. +This topic provides details about setting up the certificate for the CSI Driver for Dell PowerFlex. *Before you begin* @@ -336,13 +336,10 @@ Deleting a storage class has no impact on a running Pod with mounted PVCs. You c Starting CSI PowerFlex v1.5, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. There is a sample Volume Snapshot Class manifest present in the _samples/_ folder. Please use this sample to create a new Volume Snapshot Class to create Volume Snapshots. -*NOTE* -Support for v1beta1 snapshots is being discontinued in this release. - ### What happens to my existing Volume Snapshot Classes? -*Upgrading from CSI PowerFlex v2.0 driver*: +*Upgrading from CSI PowerFlex v2.1 driver*: The existing volume snapshot class will be retained. *Upgrading from an older version of the driver*: -It is strongly recommended to upgrade the earlier versions of CSI PowerFlex to 1.5 or higher, before upgrading to 2.1. +It is strongly recommended to upgrade the earlier versions of CSI PowerFlex to 1.5 or higher, before upgrading to 2.2. diff --git a/content/docs/csidriver/installation/helm/powermax.md b/content/docs/csidriver/installation/helm/powermax.md index 6b1d29ec76..60d6796a62 100644 --- a/content/docs/csidriver/installation/helm/powermax.md +++ b/content/docs/csidriver/installation/helm/powermax.md @@ -5,10 +5,10 @@ description: > Installing CSI Driver for PowerMax via Helm --- -CSI Driver for Dell EMC PowerMax can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, see the script [documentation](https://github.com/dell/csi-powermax/tree/master/dell-csi-helm-installer). +CSI Driver for Dell PowerMax can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, see the script [documentation](https://github.com/dell/csi-powermax/tree/master/dell-csi-helm-installer). The controller section of the Helm chart installs the following components in a _Deployment_ in the specified namespace: -- CSI Driver for Dell EMC PowerMax +- CSI Driver for Dell PowerMax - Kubernetes External Provisioner, which provisions the volumes - Kubernetes External Attacher, which attaches the volumes to the containers - Kubernetes External Snapshotter, which provides snapshot support @@ -16,12 +16,12 @@ The controller section of the Helm chart installs the following components in a - CSI PowerMax ReverseProxy (optional) The node section of the Helm chart installs the following component in a _DaemonSet_ in the specified namespace: -- CSI Driver for Dell EMC PowerMax +- CSI Driver for Dell PowerMax - Kubernetes Node Registrar, which handles the driver registration ## Prerequisites -The following requirements must be met before installing CSI Driver for Dell EMC PowerMax: +The following requirements must be met before installing CSI Driver for Dell PowerMax: - Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) - Install Helm 3 - Fibre Channel requirements @@ -34,7 +34,7 @@ The following requirements must be met before installing CSI Driver for Dell EMC ### Install Helm 3 -Install Helm 3 on the master node before you install CSI Driver for Dell EMC PowerMax. +Install Helm 3 on the master node before you install CSI Driver for Dell PowerMax. **Steps** @@ -43,23 +43,23 @@ Install Helm 3 on the master node before you install CSI Driver for Dell EMC Pow ### Fibre Channel Requirements -CSI Driver for Dell EMC PowerMax supports Fibre Channel communication. Ensure that the following requirements are met before you install CSI Driver: +CSI Driver for Dell PowerMax supports Fibre Channel communication. Ensure that the following requirements are met before you install CSI Driver: - Zoning of the Host Bus Adapters (HBAs) to the Fibre Channel port director must be completed. - Ensure that the HBA WWNs (initiators) appear on the list of initiators that are logged into the array. - If the number of volumes that will be published to nodes is high, then configure the maximum number of LUNs for your HBAs on each node. See the appropriate HBA document to configure the maximum number of LUNs. ### iSCSI Requirements -The CSI Driver for Dell EMC PowerMax supports iSCSI connectivity. These requirements are applicable for the nodes that use iSCSI initiator to connect to the PowerMax arrays. +The CSI Driver for Dell PowerMax supports iSCSI connectivity. These requirements are applicable for the nodes that use iSCSI initiator to connect to the PowerMax arrays. Set up the iSCSI initiators as follows: - All Kubernetes nodes must have the _iscsi-initiator-utils_ package installed. - Ensure that the iSCSI initiators are available on all the nodes where the driver node plugin will be installed. -- Kubernetes nodes should have access (network connectivity) to an iSCSI director on the Dell EMC PowerMax array that has IP interfaces. Manually create IP routes for each node that connects to the Dell EMC PowerMax if required. -- Ensure that the iSCSI initiators on the nodes are not a part of any existing Host (Initiator Group) on the Dell EMC PowerMax array. -- The CSI Driver needs the port group names containing the required iSCSI director ports. These port groups must be set up on each Dell EMC PowerMax array. All the port group names supplied to the driver must exist on each Dell EMC PowerMax with the same name. +- Kubernetes nodes should have access (network connectivity) to an iSCSI director on the Dell PowerMax array that has IP interfaces. Manually create IP routes for each node that connects to the Dell PowerMax if required. +- Ensure that the iSCSI initiators on the nodes are not a part of any existing Host (Initiator Group) on the Dell PowerMax array. +- The CSI Driver needs the port group names containing the required iSCSI director ports. These port groups must be set up on each Dell PowerMax array. All the port group names supplied to the driver must exist on each Dell PowerMax with the same name. -For more information about configuring iSCSI, see [Dell EMC Host Connectivity guide](https://www.delltechnologies.com/asset/zh-tw/products/storage/technical-support/docu5128.pdf). +For more information about configuring iSCSI, see [Dell Host Connectivity guide](https://www.delltechnologies.com/asset/zh-tw/products/storage/technical-support/docu5128.pdf). ### Certificate validation for Unisphere REST API calls @@ -80,11 +80,11 @@ If the Unisphere certificate is self-signed or if you are using an embedded Unis There are no restrictions to how many ports can be present in the iSCSI port groups provided to the driver. -The same applies to Fibre Channel where there are no restrictions on the number of FA directors a host HBA can be zoned to. See the best practices for host connectivity to Dell EMC PowerMax to ensure that you have multiple paths to your data volumes. +The same applies to Fibre Channel where there are no restrictions on the number of FA directors a host HBA can be zoned to. See the best practices for host connectivity to Dell PowerMax to ensure that you have multiple paths to your data volumes. ### Linux multipathing requirements -CSI Driver for Dell EMC PowerMax supports Linux multipathing. Configure Linux multipathing before installing the CSI Driver. +CSI Driver for Dell PowerMax supports Linux multipathing. Configure Linux multipathing before installing the CSI Driver. Set up Linux multipathing as follows: @@ -193,7 +193,7 @@ CRDs should be configured during replication prepare stage with repctl as descri | snapshot.snapNamePrefix | Defines a string prefix for the names of the Snapshots created | Yes | "snapshot" | | resizer.enabled | Enable/Disable volume expansion feature | Yes | true | | healthMonitor.enabled | Allows to enable/disable volume health monitor | No | false | -| healthMonitor.volumeHealthMonitorInterval | Interval of monitoring volume health condition | No | 60s | +| healthMonitor.interval | Interval of monitoring volume health condition | No | 60s | | nodeSelector | Define node selection constraints for pods of controller deployment | No | | | tolerations | Define tolerations for the controller deployment, if required | No | | | **node** | Allows configuration of the node-specific parameters.| - | - | diff --git a/content/docs/csidriver/installation/helm/powerstore.md b/content/docs/csidriver/installation/helm/powerstore.md index 4d88325371..8005137c86 100644 --- a/content/docs/csidriver/installation/helm/powerstore.md +++ b/content/docs/csidriver/installation/helm/powerstore.md @@ -4,22 +4,22 @@ description: > Installing CSI Driver for PowerStore via Helm --- -The CSI Driver for Dell EMC PowerStore can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerstore/tree/master/dell-csi-helm-installer). +The CSI Driver for Dell PowerStore can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerstore/tree/master/dell-csi-helm-installer). The controller section of the Helm chart installs the following components in a _Deployment_ in the specified namespace: -- CSI Driver for Dell EMC PowerStore +- CSI Driver for Dell PowerStore - Kubernetes External Provisioner, which provisions the volumes - Kubernetes External Attacher, which attaches the volumes to the containers - (Optional) Kubernetes External Snapshotter, which provides snapshot support - Kubernetes External Resizer, which resizes the volume The node section of the Helm chart installs the following component in a _DaemonSet_ in the specified namespace: -- CSI Driver for Dell EMC PowerStore +- CSI Driver for Dell PowerStore - Kubernetes Node Registrar, which handles the driver registration ## Prerequisites -The following are requirements to be met before installing the CSI Driver for Dell EMC PowerStore: +The following are requirements to be met before installing the CSI Driver for Dell PowerStore: - Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) - Install Helm 3 - If you plan to use either the Fibre Channel or iSCSI protocol, refer to either _Fibre Channel requirements_ or _Set up the iSCSI Initiator_ sections below. You can use NFS volumes without FC or iSCSI configuration. @@ -35,7 +35,7 @@ The following are requirements to be met before installing the CSI Driver for De ### Install Helm 3.0 -Install Helm 3.0 on the master node before you install the CSI Driver for Dell EMC PowerStore. +Install Helm 3.0 on the master node before you install the CSI Driver for Dell PowerStore. **Steps** @@ -43,23 +43,23 @@ Install Helm 3.0 on the master node before you install the CSI Driver for Dell E ### Fibre Channel requirements -Dell EMC PowerStore supports Fibre Channel communication. If you use the Fibre Channel protocol, ensure that the -following requirement is met before you install the CSI Driver for Dell EMC PowerStore: +Dell PowerStore supports Fibre Channel communication. If you use the Fibre Channel protocol, ensure that the +following requirement is met before you install the CSI Driver for Dell PowerStore: - Zoning of the Host Bus Adapters (HBAs) to the Fibre Channel port must be done. ### Set up the iSCSI Initiator -The CSI Driver for Dell EMC PowerStore v1.4 and higher supports iSCSI connectivity. +The CSI Driver for Dell PowerStore v1.4 and higher supports iSCSI connectivity. If you use the iSCSI protocol, set up the iSCSI initiators as follows: - Ensure that the iSCSI initiators are available on both Controller and Worker nodes. -- Kubernetes nodes must have access (network connectivity) to an iSCSI port on the Dell EMC PowerStore array that -has IP interfaces. Manually create IP routes for each node that connects to the Dell EMC PowerStore. +- Kubernetes nodes must have access (network connectivity) to an iSCSI port on the Dell PowerStore array that +has IP interfaces. Manually create IP routes for each node that connects to the Dell PowerStore. - All Kubernetes nodes must have the _iscsi-initiator-utils_ package for CentOS/RHEL or _open-iscsi_ package for Ubuntu installed, and the _iscsid_ service must be enabled and running. To do this, run the `systemctl enable --now iscsid` command. - Ensure that the unique initiator name is set in _/etc/iscsi/initiatorname.iscsi_. -For information about configuring iSCSI, see _Dell EMC PowerStore documentation_ on Dell EMC Support. +For information about configuring iSCSI, see _Dell PowerStore documentation_ on Dell Support. ### Set up the NVMe/TCP Initiator @@ -73,7 +73,7 @@ If you want to use the protocol, set up the NVMe/TCP initiators as follows modprobe nvme-tcp``` ### Linux multipathing requirements -Dell EMC PowerStore supports Linux multipathing. Configure Linux multipathing before installing the CSI Driver for Dell EMC +Dell PowerStore supports Linux multipathing. Configure Linux multipathing before installing the CSI Driver for Dell PowerStore. Set up Linux multipathing as follows: @@ -140,7 +140,7 @@ CRDs should be configured during replication prepare stage with repctl as descri ## Install the Driver **Steps** -1. Run `git clone -b v2.1.0 https://github.com/dell/csi-powerstore.git` to clone the git repository. +1. Run `git clone -b v2.2.0 https://github.com/dell/csi-powerstore.git` to clone the git repository. 2. Ensure that you have created namespace where you want to install the driver. You can run `kubectl create namespace csi-powerstore` to create a new one. "csi-powerstore" is just an example. You can choose any name for the namespace. But make sure to align to the same namespace during the whole installation. 3. Check `helm/csi-powerstore/driver-image.yaml` and confirm the driver image points to new image. @@ -201,7 +201,7 @@ CRDs should be configured during replication prepare stage with repctl as descri ## Storage Classes -The CSI driver for Dell EMC PowerStore version 1.3 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `samples/storageclass` folder. Use these samples to create new storage classes to provision storage. +The CSI driver for Dell PowerStore version 1.3 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `samples/storageclass` folder. Use these samples to create new storage classes to provision storage. ### What happens to my existing storage classes? @@ -240,11 +240,11 @@ Starting CSI PowerStore v1.4, `dell-csi-helm-installer` will not create any Volu ### What happens to my existing Volume Snapshot Classes? -*Upgrading from CSI PowerStore v2.0 driver*: +*Upgrading from CSI PowerStore v2.1 driver*: The existing volume snapshot class will be retained. *Upgrading from an older version of the driver*: -It is strongly recommended to upgrade the earlier versions of CSI PowerStore to 1.4 or higher, before upgrading to 2.1. +It is strongly recommended to upgrade the earlier versions of CSI PowerStore to 1.4 or higher, before upgrading to 2.2. ## Dynamically update the powerstore secrets diff --git a/content/docs/csidriver/installation/helm/unity.md b/content/docs/csidriver/installation/helm/unity.md index d6f04645c9..b27c31d3d0 100644 --- a/content/docs/csidriver/installation/helm/unity.md +++ b/content/docs/csidriver/installation/helm/unity.md @@ -4,7 +4,7 @@ description: > Installing CSI Driver for Unity via Helm --- -The CSI Driver for Dell EMC Unity can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-unity/tree/master/dell-csi-helm-installer). +The CSI Driver for Dell Unity can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-unity/tree/master/dell-csi-helm-installer). The controller section of the Helm chart installs the following components in a _Deployment_: @@ -298,7 +298,7 @@ Procedure ## Certificate validation for Unisphere REST API calls -This topic provides details about setting up the certificate validation for the CSI Driver for Dell EMC Unity. +This topic provides details about setting up the certificate validation for the CSI Driver for Dell Unity. *Before you begin* @@ -336,11 +336,11 @@ For CSI Driver for Unity version 1.6 and later, `dell-csi-helm-installer` does n ### What happens to my existing Volume Snapshot Classes? -*Upgrading from CSI Unity v2.0 driver*: +*Upgrading from CSI Unity v2.1 driver*: The existing volume snapshot class will be retained. *Upgrading from an older version of the driver*: -It is strongly recommended to upgrade the earlier versions of CSI Unity to 1.6 or higher, before upgrading to 2.1. +It is strongly recommended to upgrade the earlier versions of CSI Unity to 1.6 or higher, before upgrading to 2.2. ## Storage Classes diff --git a/content/docs/csidriver/installation/offline/_index.md b/content/docs/csidriver/installation/offline/_index.md index a6dd5941fa..b29dcd237e 100644 --- a/content/docs/csidriver/installation/offline/_index.md +++ b/content/docs/csidriver/installation/offline/_index.md @@ -1,10 +1,10 @@ --- -title: Offline Installation of Dell EMC CSI Storage Providers +title: Offline Installation of Dell CSI Storage Providers linktitle: Offline Installer -description: Offline Installation of Dell EMC CSI Storage Providers +description: Offline Installation of Dell CSI Storage Providers --- -The `csi-offline-bundle.sh` script can be used to create a package usable for offline installation of the Dell EMC CSI Storage Providers, via either Helm +The `csi-offline-bundle.sh` script can be used to create a package usable for offline installation of the Dell CSI Storage Providers, via either Helm or the Dell CSI Operator. This includes the following drivers: diff --git a/content/docs/csidriver/installation/operator/_index.md b/content/docs/csidriver/installation/operator/_index.md index 8ceab18249..22600a15e3 100644 --- a/content/docs/csidriver/installation/operator/_index.md +++ b/content/docs/csidriver/installation/operator/_index.md @@ -6,7 +6,7 @@ description: > Installation of CSI drivers using Dell CSI Operator --- -The Dell CSI Operator is a Kubernetes Operator, which can be used to install and manage the CSI Drivers provided by Dell EMC for various storage platforms. This operator is available as a community operator for upstream Kubernetes and can be deployed using OperatorHub.io. It is also available as a certified operator for OpenShift clusters and can be deployed using the OpenShift Container Platform. Both these methods of installation use OLM (Operator Lifecycle Manager). The operator can also be deployed manually. +The Dell CSI Operator is a Kubernetes Operator, which can be used to install and manage the CSI Drivers provided by Dell for various storage platforms. This operator is available as a community operator for upstream Kubernetes and can be deployed using OperatorHub.io. It is also available as a certified operator for OpenShift clusters and can be deployed using the OpenShift Container Platform. Both these methods of installation use OLM (Operator Lifecycle Manager). The operator can also be deployed manually. ## Prerequisites @@ -126,8 +126,7 @@ For installation of the supported drivers, a `CustomResource` has to be created ### Pre-requisites for upstream Kubernetes Clusters On upstream Kubernetes clusters, make sure to install * VolumeSnapshot CRDs - * On clusters running v1.20,v1.21 & v1.22, make sure to install v1 VolumeSnapshot CRDs - * On clusters running v1.19, make sure to install v1beta1 VolumeSnapshot CRDs + * On clusters running v1.21,v1.22 & v1.23, make sure to install v1 VolumeSnapshot CRDs * External Volume Snapshot Controller with the correct version ### Pre-requisites for Red Hat OpenShift Clusters @@ -251,8 +250,8 @@ Or {driver name}_{driver version}_ops_{OpenShift version}.yaml For e.g. -* sample/powermax_v140_k8s_117.yaml* <- To install CSI PowerMax driver v1.4.0 on a Kubernetes 1.17 cluster -* sample/powermax_v140_ops_46.yaml* <- To install CSI PowerMax driver v1.4.0 on an OpenShift 4.6 cluster +* samples/powermax_v220_k8s_123.yaml* <- To install CSI PowerMax driver v2.2.0 on a Kubernetes 1.23 cluster +* samples/powermax_v220_ops_49.yaml* <- To install CSI PowerMax driver v2.2.0 on an OpenShift 4.9 cluster Copy the correct sample file and edit the mandatory & any optional parameters specific to your driver installation by following the instructions [here](#modify-the-driver-specification) >NOTE: A detailed explanation of the various mandatory and optional fields in the CustomResource is available [here](#custom-resource-specification). Please make sure to read through and understand the various fields. @@ -443,7 +442,7 @@ Note - The `image` field should point to the correct image tag for version of th For e.g. - If you wish to install v1.4 of the CSI PowerMax driver, use the image tag `dellemc/csi-powermax:v1.4.0.000R` ### SideCars -Although the sidecars field in the driver specification is optional, it is **strongly** recommended to not modify any details related to sidecars provided (if present) in the sample manifests. The only exception to this is modifications requested by the documentation, for example, filling in blank IPs or other such system-specific data. Any modifications not specifically requested by the documentation should be only done after consulting with Dell EMC support. +Although the sidecars field in the driver specification is optional, it is **strongly** recommended to not modify any details related to sidecars provided (if present) in the sample manifests. The only exception to this is modifications requested by the documentation, for example, filling in blank IPs or other such system-specific data. Any modifications not specifically requested by the documentation should be only done after consulting with Dell support. ### Modify the driver specification * Choose the correct configVersion. Refer the table containing the full list of supported drivers and versions. diff --git a/content/docs/csidriver/installation/operator/isilon.md b/content/docs/csidriver/installation/operator/isilon.md index 70ab9f5ba3..35e693d674 100644 --- a/content/docs/csidriver/installation/operator/isilon.md +++ b/content/docs/csidriver/installation/operator/isilon.md @@ -6,7 +6,7 @@ description: > ## Installing CSI Driver for PowerScale via Operator -The CSI Driver for Dell EMC PowerScale can be installed via the Dell CSI Operator. +The CSI Driver for Dell PowerScale can be installed via the Dell CSI Operator. To deploy the Operator, follow the instructions available [here](../). diff --git a/content/docs/csidriver/installation/operator/powerflex.md b/content/docs/csidriver/installation/operator/powerflex.md index 65851cd8fb..a55c33e3d5 100644 --- a/content/docs/csidriver/installation/operator/powerflex.md +++ b/content/docs/csidriver/installation/operator/powerflex.md @@ -5,7 +5,7 @@ description: > --- ## Installing CSI Driver for PowerFlex via Operator -The CSI Driver for Dell EMC PowerFlex can be installed via the Dell CSI Operator. +The CSI Driver for Dell PowerFlex can be installed via the Dell CSI Operator. To deploy the Operator, follow the instructions available [here](../). @@ -66,13 +66,13 @@ Kubernetes Operators make it easy to deploy and manage the entire lifecycle of c ### Manual SDC Deployment -For detailed PowerFlex installation procedure, see the _Dell EMC PowerFlex Deployment Guide_. Install the PowerFlex SDC as follows: +For detailed PowerFlex installation procedure, see the _Dell PowerFlex Deployment Guide_. Install the PowerFlex SDC as follows: **Steps** -1. Download the PowerFlex SDC from [Dell EMC Online support](https://www.dell.com/support). The filename is EMC-ScaleIO-sdc-*.rpm, where * is the SDC name corresponding to the PowerFlex installation version. +1. Download the PowerFlex SDC from [Dell Online support](https://www.dell.com/support). The filename is EMC-ScaleIO-sdc-*.rpm, where * is the SDC name corresponding to the PowerFlex installation version. 2. Export the shell variable _MDM_IP_ in a comma-separated list using `export MDM_IP=xx.xxx.xx.xx,xx.xxx.xx.xx`, where xxx represents the actual IP address in your environment. This list contains the IP addresses of the MDMs. -3. Install the SDC per the _Dell EMC PowerFlex Deployment Guide_: +3. Install the SDC per the _Dell PowerFlex Deployment Guide_: - For Red Hat Enterprise Linux and CentOS, run `rpm -iv ./EMC-ScaleIO-sdc-*.x86_64.rpm`, where * is the SDC name corresponding to the PowerFlex installation version. 4. To add more MDM_IP for multi-array support, run `/opt/emc/scaleio/sdc/bin/drv_cfg --add_mdm --ip 10.xx.xx.xx.xx,10.xx.xx.xx` diff --git a/content/docs/csidriver/installation/operator/powermax.md b/content/docs/csidriver/installation/operator/powermax.md index 77f934c5d9..60d01fe9cc 100644 --- a/content/docs/csidriver/installation/operator/powermax.md +++ b/content/docs/csidriver/installation/operator/powermax.md @@ -6,7 +6,7 @@ description: > ## Installing CSI Driver for PowerMax via Operator -CSI Driver for Dell EMC PowerMax can be installed via the Dell CSI Operator. +CSI Driver for Dell PowerMax can be installed via the Dell CSI Operator. To deploy the Operator, follow the instructions available [here](../). @@ -313,15 +313,17 @@ To enable this feature, add the below block to the driver manifest before instal # true: enable checking of health condition of CSI volumes # false: disable checking of health condition of CSI volumes # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - node: - envs: - # X_CSI_ENABLE_VOL_HEALTH_MONITOR: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + controller: + envs: + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "true" + node: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage # Allowed values: # true: enable checking of health condition of CSI volumes # false: disable checking of health condition of CSI volumes # Default value: false - - name: X_CSI_ENABLE_VOL_HEALTH_MONITOR - value: "false" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "true" ``` \ No newline at end of file diff --git a/content/docs/csidriver/installation/operator/powerstore.md b/content/docs/csidriver/installation/operator/powerstore.md index 790fd8355d..c16c68db4a 100644 --- a/content/docs/csidriver/installation/operator/powerstore.md +++ b/content/docs/csidriver/installation/operator/powerstore.md @@ -5,7 +5,7 @@ description: > --- ## Installing CSI Driver for PowerStore via Operator -The CSI Driver for Dell EMC PowerStore can be installed via the Dell CSI Operator. +The CSI Driver for Dell PowerStore can be installed via the Dell CSI Operator. To deploy the Operator, follow the instructions available [here](../). diff --git a/content/docs/csidriver/installation/test/powerflex.md b/content/docs/csidriver/installation/test/powerflex.md index d5c3d106b9..60890928ed 100644 --- a/content/docs/csidriver/installation/test/powerflex.md +++ b/content/docs/csidriver/installation/test/powerflex.md @@ -6,7 +6,7 @@ description: Tests to validate PowerFlex CSI Driver installation This section provides multiple methods to test driver functionality in your environment. -**Note**: To run the test for CSI Driver for Dell EMC PowerFlex, install Helm 3. +**Note**: To run the test for CSI Driver for Dell PowerFlex, install Helm 3. ## Test deploying a simple pod with PowerFlex storage @@ -91,7 +91,7 @@ The `snaptest.sh` script will create a snapshot using the definitions in the `sn *NOTE:* The `snaptest.sh` shell script creates the snapshots, describes them, and then deletes them. You can see your snapshots using `kubectl get volumesnapshot -n helmtest-vxflexos`. -Notice that this _VolumeSnapshot_ class has a reference to a _snapshotClassName: vxflexos-snapclass_. The CSI Driver for Dell EMC PowerFlex installation does not create this class. You will need +Notice that this _VolumeSnapshot_ class has a reference to a _snapshotClassName: vxflexos-snapclass_. The CSI Driver for Dell PowerFlex installation does not create this class. You will need to create instance of _VolumeSnapshotClass_ from one of default samples in `samples/volumesnapshotclass' directory. ## Test restoring from a snapshot diff --git a/content/docs/csidriver/installation/test/powermax.md b/content/docs/csidriver/installation/test/powermax.md index d44dcf3d73..01b87aca59 100644 --- a/content/docs/csidriver/installation/test/powermax.md +++ b/content/docs/csidriver/installation/test/powermax.md @@ -6,9 +6,9 @@ description: Tests to validate PowerMax CSI Driver installation This section provides multiple methods to test driver functionality in your environment. The tests are validated using bash as the default shell. -**Note**: To run the test for CSI Driver for Dell EMC PowerMax, install Helm 3. +**Note**: To run the test for CSI Driver for Dell PowerMax, install Helm 3. -The _csi-powermax_ repository includes examples of how you can use CSI Driver for Dell EMC PowerMax. The shell scripts are used to automate the installation and uninstallation of helm charts for the creation of Pods with a different number of volumes in a given namespace using the storageclass provided. To test the installation of the CSI driver, perform these tests: +The _csi-powermax_ repository includes examples of how you can use CSI Driver for Dell PowerMax. The shell scripts are used to automate the installation and uninstallation of helm charts for the creation of Pods with a different number of volumes in a given namespace using the storageclass provided. To test the installation of the CSI driver, perform these tests: - Volume clone test - Volume test - Snapshot test diff --git a/content/docs/csidriver/installation/test/powerscale.md b/content/docs/csidriver/installation/test/powerscale.md index 7d47368830..96dedccdbf 100644 --- a/content/docs/csidriver/installation/test/powerscale.md +++ b/content/docs/csidriver/installation/test/powerscale.md @@ -6,7 +6,7 @@ description: Tests to validate PowerScale CSI Driver installation This section provides multiple methods to test driver functionality in your environment. -**Note**: To run the test for CSI Driver for Dell EMC PowerScale, install Helm 3. +**Note**: To run the test for CSI Driver for Dell PowerScale, install Helm 3. ## Test deploying a simple pod with PowerScale storage diff --git a/content/docs/csidriver/partners/redhat.md b/content/docs/csidriver/partners/redhat.md index 1a5408788b..28299fe9d4 100644 --- a/content/docs/csidriver/partners/redhat.md +++ b/content/docs/csidriver/partners/redhat.md @@ -5,7 +5,7 @@ weight: 3 description: > Installing the certified Dell CSI Operator on OpenShift --- -The Dell EMC CSI Drivers support Red Hat OpenShift. Please see the [Supported Platforms](../../#features-and-capabilities) table for more details. +The Dell CSI Drivers support Red Hat OpenShift. Please see the [Supported Platforms](../../#features-and-capabilities) table for more details. The CSI drivers can be installed via Helm charts or Dell CSI Operator. The Dell CSI Operator allows for easy installation of the driver via the Openshift UI. The process to install the Operator via the OpenShift UI can be found below. diff --git a/content/docs/csidriver/partners/tanzu.md b/content/docs/csidriver/partners/tanzu.md index a6d903c580..393f5b398f 100644 --- a/content/docs/csidriver/partners/tanzu.md +++ b/content/docs/csidriver/partners/tanzu.md @@ -3,7 +3,7 @@ title: "VMware Tanzu" Description: "About VMware Tanzu basic" --- -The CSI Driver for Dell EMC Unity and PowerScale supports VMware Tanzu and deployment of these Tanzu clusters is done using the VMware Tanzu supervisor cluster and supervisor namespace. +The CSI Driver for Dell Unity and PowerScale supports VMware Tanzu and deployment of these Tanzu clusters is done using the VMware Tanzu supervisor cluster and supervisor namespace. Currently, VMware Tanzu with normal configuration(without NAT) supports Kubernetes 1.20 and higher. The CSI driver can be installed on this cluster using Helm. Installation of CSI drivers in Tanzu via Operator has not been qualified. diff --git a/content/docs/csidriver/release/operator.md b/content/docs/csidriver/release/operator.md index 037e24091f..4451adff9d 100644 --- a/content/docs/csidriver/release/operator.md +++ b/content/docs/csidriver/release/operator.md @@ -18,5 +18,5 @@ There are no fixed issues in this release. There are no known issues in this release. ### Support -The Dell CSI Operator image is available on Dockerhub and is officially supported by Dell EMC. +The Dell CSI Operator image is available on Dockerhub and is officially supported by Dell. For any CSI operator and driver issues, questions or feedback, please follow our [support process](../../../support/). diff --git a/content/docs/csidriver/release/powerflex.md b/content/docs/csidriver/release/powerflex.md index cf0c58f45a..ac0c49be27 100644 --- a/content/docs/csidriver/release/powerflex.md +++ b/content/docs/csidriver/release/powerflex.md @@ -6,16 +6,8 @@ description: Release notes for PowerFlex CSI driver ## Release Notes - CSI PowerFlex v2.2.0 ### New Features/Changes -- Added support for OpenShift v4.9. -- Added support for CSI spec 1.5. -- Added support for new access modes in CSI Spec 1.5. -- Added support for PV/PVC metrics. -- Added support for CSM Authorization sidecar via Helm. -- Added v1 extensions to vg snaphot from v1alpha2. -- Added support to update helm charts to do a helm install without shell scripts. -- Added support for volume health monitoring -- Removed support for Fedora CoreOS - Added support for Kubernetes 1.23. +- Added support for Standalone Helm Charts. ### Fixed Issues @@ -29,4 +21,4 @@ There are no fixed issues in this release. ### Note: -- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. +- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. diff --git a/content/docs/csidriver/release/powermax.md b/content/docs/csidriver/release/powermax.md index 85005ceb48..52c67cf950 100644 --- a/content/docs/csidriver/release/powermax.md +++ b/content/docs/csidriver/release/powermax.md @@ -7,7 +7,7 @@ description: Release notes for PowerMax CSI driver ### New Features/Changes - Added support for new access modes in CSI Spec 1.5. -- Added support for PV/PVC metrics. +- Added support for Volume Health Monitoring. - Added support for Kubernetes 1.23. ### Fixed Issues @@ -20,6 +20,8 @@ There are no fixed issues in this release. | Delete Volume fails with the error message: volume is part of masking view | This issue is due to limitations in Unisphere and occurs when Unisphere is overloaded. Currently, there is no workaround for this but it can be avoided by ensuring that Unisphere is not overloaded during such operations. The Unisphere team is assessing a fix for this in a future Unisphere release| | Getting initiators list fails with context deadline error | The following error can occur during the driver installation if a large number of initiators are present on the array. There is no workaround for this but it can be avoided by deleting stale initiators on the array| | Unable to update Host: A problem occurred modifying the host resource | This issue occurs when the nodes do not have unique hostnames or when an IP address/FQDN with same sub-domains are used as hostnames. The workaround is to use unique hostnames or FQDN with unique sub-domains| +| GetSnapVolumeList fails with context deadline error | The following error can occur if a large number of snapshots are present on the array. There is no workaround for this but it can be avoided by deleting unused snapshots on the array| +### Note: - +- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. diff --git a/content/docs/csidriver/release/powerscale.md b/content/docs/csidriver/release/powerscale.md index b7dc8276e6..0fb6696c90 100644 --- a/content/docs/csidriver/release/powerscale.md +++ b/content/docs/csidriver/release/powerscale.md @@ -7,6 +7,7 @@ description: Release notes for PowerScale CSI driver ### New Features/Changes +- Added support for Replication. - Added support for Kubernetes 1.23. - Added support to configure fsGroupPolicy. - Added support for session based authentication along with basic authentication for PowerScale. @@ -21,8 +22,9 @@ There are no fixed issues in this release. | If the length of the nodeID exceeds 128 characters, the driver fails to update the CSINode object and installation fails. This is due to a limitation set by CSI spec which doesn't allow nodeID to be greater than 128 characters. | The CSI PowerScale driver uses the hostname for building the nodeID which is set in the CSINode resource object, hence we recommend not having very long hostnames in order to avoid this issue. This current limitation of 128 characters is likely to be relaxed in future Kubernetes versions as per this issue in the community: https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/issues/581

**Note:** In kubernetes 1.22 this limit has been relaxed to 192 characters. | | If some older NFS exports /terminated worker nodes still in NFS export client list, CSI driver tries to add a new worker node it fails (For RWX volume). | User need to manually clean the export client list from old entries to make successful addition of new worker nodes. | | Delete namespace that has PVCs and pods created with the driver. The External health monitor sidecar crashes as a result of this operation. | Deleting the namespace deletes the PVCs first and then removes the pods in the namespace. This brings a condition where pods exist without their PVCs and causes the external-health-monitor sidecar to crash. This is a known issue and has been reported at https://github.com/kubernetes-csi/external-health-monitor/issues/100 | -| fsGroupPolicy may not work as expected with "root_squash". | To get the desired behavior "no_root_squash" has to be enabled. | +| fsGroupPolicy may not work as expected without root privileges for NFS only
https://github.com/kubernetes/examples/issues/260 | To get the desired behavior set "allowRoot: "true" in the storage class parameter | + ### Note: -- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. +- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. diff --git a/content/docs/csidriver/release/powerstore.md b/content/docs/csidriver/release/powerstore.md index 501d4ad331..68e3e546d3 100644 --- a/content/docs/csidriver/release/powerstore.md +++ b/content/docs/csidriver/release/powerstore.md @@ -23,4 +23,4 @@ There are no fixed issues in this release. ### Note: -- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. +- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. diff --git a/content/docs/csidriver/release/unity.md b/content/docs/csidriver/release/unity.md index 1eeefd7487..87517e3703 100644 --- a/content/docs/csidriver/release/unity.md +++ b/content/docs/csidriver/release/unity.md @@ -8,6 +8,7 @@ description: Release notes for Unity CSI driver ### New Features/Changes - Added support for Kubernetes 1.23. +- Added support for Standalone Helm Charts. ### Fixed Issues @@ -22,4 +23,4 @@ description: Release notes for Unity CSI driver ### Note: -- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode introduced in the release will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. +- Support for Kubernetes alpha features like Volume Health Monitoring and RWOP (ReadWriteOncePod) access mode will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. diff --git a/content/docs/csidriver/troubleshooting/powerflex.md b/content/docs/csidriver/troubleshooting/powerflex.md index ce0720d18e..be6b3b8fb4 100644 --- a/content/docs/csidriver/troubleshooting/powerflex.md +++ b/content/docs/csidriver/troubleshooting/powerflex.md @@ -18,7 +18,7 @@ description: Troubleshooting PowerFlex Driver | The `kubectl logs -n vxflexos vxflexos-controller-* driver` logs show `x509: certificate signed by unknown authority` |A self assigned certificate is used for PowerFlex array. See [certificate validation for PowerFlex Gateway](../../installation/helm/powerflex/#certificate-validation-for-powerflex-gateway-rest-api-calls)| | When you run the command `kubectl apply -f snapclass-v1.yaml`, you get the error `error: unable to recognize "snapclass-v1.yaml": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"` | Check to make sure that the v1 snapshotter CRDs are installed, and not the v1beta1 CRDs, which are no longer supported. | | The controller pod is stuck and producing errors such as" `Failed to watch *v1.VolumeSnapshotContent: failed to list *v1.VolumeSnapshotContent: the server could not find the requested resource (get volumesnapshotcontents.snapshot.storage.k8s.io)` | Make sure that v1 snapshotter CRDs and v1 snapclass are installed, and not v1beta1, which is no longer supported. | -| Driver install or upgrade fails because of an incompatible Kubernetes version, even though the version seems to be within the range of compatibility. For example: `Error: UPGRADE FAILED: chart requires kubeVersion: >= 1.20.0 < 1.23.0 which is incompatible with Kuberneter V1.20.11-mirantis-1` | If you are using an extended Kubernetes version, please see the helm Chart at `helm/csi-vxflexos/Chart.yaml` and use the alternate `kubeVersion` check that is provided in the comments. *Please note* that this is not meant to be used to enable the use of pre-release alpha and beta versions, which is not supported. | +| Driver install or upgrade fails because of an incompatible Kubernetes version, even though the version seems to be within the range of compatibility. For example: `Error: UPGRADE FAILED: chart requires kubeVersion: >= 1.21.0 <= 1.23.0 which is incompatible with Kubernetes V1.21.11-mirantis-1` | If you are using an extended Kubernetes version, please see the helm Chart at `helm/csi-vxflexos/Chart.yaml` and use the alternate `kubeVersion` check that is provided in the comments. *Please note* that this is not meant to be used to enable the use of pre-release alpha and beta versions, which is not supported. | >*Note*: `vxflexos-controller-*` is the controller pod that acquires leader lease diff --git a/content/docs/csidriver/troubleshooting/powerscale.md b/content/docs/csidriver/troubleshooting/powerscale.md index 191cc65982..0ebc2487ee 100644 --- a/content/docs/csidriver/troubleshooting/powerscale.md +++ b/content/docs/csidriver/troubleshooting/powerscale.md @@ -10,7 +10,7 @@ Here are some installation failures that might be encountered and how to mitigat |The `kubectl logs isilon-controller-0 -n isilon -c driver` logs shows the driver **cannot authenticate** | Check your secret's username and password for corresponding cluster | |The `kubectl logs isilon-controller-0 -n isilon -c driver` logs shows the driver failed to connect to the Isilon because it **couldn't verify the certificates** | Check the isilon-certs- secret and ensure it is not empty and it has the valid certificates. Set `isiInsecure: "true"` for insecure connection. SSL validation is recommended in the production environment. | |The `kubectl logs isilon-controller-0 -n isilon -c driver` logs shows the driver error: **create volume failed, Access denied. create directory as requested** | This situation can happen when the user who created the base path is different from the user configured for the driver. Make sure the user used to deploy CSI-Driver must have enough rights on the base path (i.e. isiPath) to perform all operations. | -|Volume/filesystem is allowed to mount by any host in the network, though that host is not a part of the export of that particular volume under /ifs directory | "Dell EMC PowerScale: OneFS NFS Design Considerations and Best Practices":
There is a default shared directory (ifs) of OneFS, which lets clients running Windows, UNIX, Linux, or Mac OS X access the same directories and files. It is recommended to disable the ifs shared directory in a production environment and create dedicated NFS exports and SMB shares for your workload. | +|Volume/filesystem is allowed to mount by any host in the network, though that host is not a part of the export of that particular volume under /ifs directory | "Dell PowerScale: OneFS NFS Design Considerations and Best Practices":
There is a default shared directory (ifs) of OneFS, which lets clients running Windows, UNIX, Linux, or Mac OS X access the same directories and files. It is recommended to disable the ifs shared directory in a production environment and create dedicated NFS exports and SMB shares for your workload. | | Creating snapshot fails if the parameter IsiPath in volume snapshot class and related storage class is not the same. The driver uses the incorrect IsiPath parameter and tries to locate the source volume due to the inconsistency. | Ensure IsiPath in VolumeSnapshotClass yaml and related storageClass yaml are the same. | | While deleting a volume, if there are files or folders created on the volume that are owned by different users. If the Isilon credentials used are for a nonprivileged Isilon user, the delete volume action fails. It is due to the limitation in Linux permission control. | To perform the delete volume action, the user account must be assigned a role that has the privilege ISI_PRIV_IFS_RESTORE. The user account must have the following set of privileges to ensure that all the CSI Isilon driver capabilities work properly:
* ISI_PRIV_LOGIN_PAPI
* ISI_PRIV_NFS
* ISI_PRIV_QUOTA
* ISI_PRIV_SNAPSHOT
* ISI_PRIV_IFS_RESTORE
* ISI_PRIV_NS_IFS_ACCESS
In some cases, ISI_PRIV_BACKUP is also required, for example, when files owned by other users have mode bits set to 700. | | If the hostname is mapped to loopback IP in /etc/hosts file, and pods are created using 1.3.0.1 release, after upgrade to driver version 1.4.0 or later there is a possibility of "localhost" as a stale entry in export | Recommended setup: User should not map a hostname to loopback IP in /etc/hosts file | diff --git a/content/docs/csidriver/troubleshooting/unity.md b/content/docs/csidriver/troubleshooting/unity.md index 4091313390..447b218737 100644 --- a/content/docs/csidriver/troubleshooting/unity.md +++ b/content/docs/csidriver/troubleshooting/unity.md @@ -12,4 +12,5 @@ description: Troubleshooting Unity Driver | Dynamic array detection will not work in Topology based environment | Whenever a new array is added or removed, then the driver controller and node pod should be restarted with command **kubectl get pods -n unity --no-headers=true \| awk '/unity-/{print $1}'\| xargs kubectl delete -n unity pod** when **topology-based storage classes are used**. For dynamic array addition without topology, the driver will detect the newly added or removed arrays automatically| | If source PVC is deleted when cloned PVC exists, then source PVC will be deleted in the cluster but on array, it will still be present and marked for deletion. | All the cloned PVC should be deleted in order to delete the source PVC from the array. | | PVC creation fails on a fresh cluster with **iSCSI** and **NFS** protocols alone enabled with error **failed to provision volume with StorageClass "unity-iscsi": error generating accessibility requirements: no available topology found**. | This is because iSCSI initiator login takes longer than the node pod startup time. This can be overcome by bouncing the node pods in the cluster using the below command the driver pods with **kubectl get pods -n unity --no-headers=true \| awk '/unity-/{print $1}'\| xargs kubectl delete -n unity pod** | +| Driver install or upgrade fails because of an incompatible Kubernetes version, even though the version seems to be within the range of compatibility. For example: `Error: UPGRADE FAILED: chart requires kubeVersion: >= 1.21.0 <= 1.23.0 which is incompatible with Kubernetes V1.21.11-mirantis-1` | If you are using an extended Kubernetes version, please see the helm Chart at `helm/csi-unity/Chart.yaml` and use the alternate `kubeVersion` check that is provided in the comments. *Please note* that this is not meant to be used to enable the use of pre-release alpha and beta versions, which is not supported. | diff --git a/content/docs/csidriver/upgradation/drivers/isilon.md b/content/docs/csidriver/upgradation/drivers/isilon.md index 0b7db6180b..56bf93061e 100644 --- a/content/docs/csidriver/upgradation/drivers/isilon.md +++ b/content/docs/csidriver/upgradation/drivers/isilon.md @@ -6,7 +6,7 @@ tags: weight: 1 Description: Upgrade PowerScale CSI driver --- -You can upgrade the CSI Driver for Dell EMC PowerScale using Helm or Dell CSI Operator. +You can upgrade the CSI Driver for Dell PowerScale using Helm or Dell CSI Operator. ## Upgrade Driver from version 2.1.0 to 2.2.0 using Helm @@ -14,8 +14,8 @@ You can upgrade the CSI Driver for Dell EMC PowerScale using Helm or Dell CSI Op **Steps** 1. Clone the repository using `git clone -b v2.2.0 https://github.com/dell/csi-powerscale.git`, copy the helm/csi-isilon/values.yaml into a new location with a custom name say _my-isilon-settings.yaml_, to customize settings for installation. Edit _my-isilon-settings.yaml_ as per the requirements. -2. Change to directory dell-csi-helm-installer to install the Dell EMC PowerScale `cd dell-csi-helm-installer` -3. Upgrade the CSI Driver for Dell EMC PowerScale version 2.1.0 using following command: +2. Change to directory dell-csi-helm-installer to install the Dell PowerScale `cd dell-csi-helm-installer` +3. Upgrade the CSI Driver for Dell PowerScale version 2.1.0 using following command: `./csi-install.sh --namespace isilon --values ./my-isilon-settings.yaml --upgrade` @@ -25,7 +25,7 @@ You can upgrade the CSI Driver for Dell EMC PowerScale using Helm or Dell CSI Op 1. While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. 2. Upgrading the Operator does not upgrade the CSI Driver. -To upgrade the driver from version 2.1.0 to 2.2.0: +To upgrade the driver: 1. Please upgrade the Dell CSI Operator by following [here](./../operator). 2. Once the operator is upgraded, to upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). diff --git a/content/docs/csidriver/upgradation/drivers/powerflex.md b/content/docs/csidriver/upgradation/drivers/powerflex.md index 73c9683784..0611b63233 100644 --- a/content/docs/csidriver/upgradation/drivers/powerflex.md +++ b/content/docs/csidriver/upgradation/drivers/powerflex.md @@ -8,14 +8,14 @@ weight: 1 Description: Upgrade PowerFlex CSI driver --- -You can upgrade the CSI Driver for Dell EMC PowerFlex using Helm or Dell CSI Operator. +You can upgrade the CSI Driver for Dell PowerFlex using Helm or Dell CSI Operator. -## Update Driver from v2.0 to v2.1 using Helm +## Update Driver from v2.1 to v2.2 using Helm **Steps** -1. Run `git clone -b v2.1.0 https://github.com/dell/csi-powerflex.git` to clone the git repository and get the v2.0 driver. +1. Run `git clone -b v2.2.0 https://github.com/dell/csi-powerflex.git` to clone the git repository and get the v2.2.0 driver. 2. You need to create config.yaml with the configuration of your system. Check this section in installation documentation: [Install the Driver](../../../installation/helm/powerflex#install-the-driver) - You must set the only system managed in v1.5/v2.0 driver as default in config.json in v2.1 so that the driver knows the existing volumes belong to that system. + You must set the only system managed in v1.5/v2.0/v2.1 driver as default in config.json in v2.2 so that the driver knows the existing volumes belong to that system. 3. Update values file as needed. 4. Run the `csi-install` script with the option _\-\-upgrade_ by running: `cd ../dell-csi-helm-installer && ./csi-install.sh --namespace vxflexos --values ./myvalues.yaml --upgrade`. diff --git a/content/docs/csidriver/upgradation/drivers/powermax.md b/content/docs/csidriver/upgradation/drivers/powermax.md index 18d169dace..1f2ba76421 100644 --- a/content/docs/csidriver/upgradation/drivers/powermax.md +++ b/content/docs/csidriver/upgradation/drivers/powermax.md @@ -8,12 +8,12 @@ weight: 1 Description: Upgrade PowerMax CSI driver --- -You can upgrade CSI Driver for Dell EMC PowerMax using Helm or Dell CSI Operator. +You can upgrade CSI Driver for Dell PowerMax using Helm or Dell CSI Operator. -## Update Driver from v2.0 to v2.1 using Helm +## Update Driver from v2.1 to v2.2 using Helm **Steps** -1. Run `git clone -b v2.1.0 https://github.com/dell/csi-powermax.git` to clone the git repository and get the v2.1 driver. +1. Run `git clone -b v2.2.0 https://github.com/dell/csi-powermax.git` to clone the git repository and get the v2.2 driver. 2. Update the values file as needed. 2. Run the `csi-install` script with the option _\-\-upgrade_ by running: `cd ../dell-csi-helm-installer && ./csi-install.sh --namespace powermax --values ./my-powermax-settings.yaml --upgrade`. diff --git a/content/docs/csidriver/upgradation/drivers/powerstore.md b/content/docs/csidriver/upgradation/drivers/powerstore.md index 7cf72e6c59..ac77be452a 100644 --- a/content/docs/csidriver/upgradation/drivers/powerstore.md +++ b/content/docs/csidriver/upgradation/drivers/powerstore.md @@ -7,14 +7,14 @@ weight: 1 Description: Upgrade PowerStore CSI driver --- -You can upgrade the CSI Driver for Dell EMC PowerStore using Helm or Dell CSI Operator. +You can upgrade the CSI Driver for Dell PowerStore using Helm or Dell CSI Operator. -## Update Driver from v2.0 to v2.1 using Helm +## Update Driver from v2.1 to v2.2 using Helm Note: While upgrading the driver via helm, controllerCount variable in myvalues.yaml can be at most one less than the number of worker nodes. **Steps** -1. Run `git clone -b v2.1.0 https://github.com/dell/csi-powerstore.git` to clone the git repository and get the driver. +1. Run `git clone -b v2.2.0 https://github.com/dell/csi-powerstore.git` to clone the git repository and get the driver. 2. Edit `helm/config.yaml` file and configure connection information for your PowerStore arrays changing the following parameters: - *endpoint*: defines the full URL path to the PowerStore API. - *globalID*: specifies what storage cluster the driver should use @@ -26,7 +26,7 @@ Note: While upgrading the driver via helm, controllerCount variable in myvalues. Add more blocks similar to above for each PowerStore array if necessary. 3. (optional) create new storage classes using ones from `samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f ` - >Storage classes created by v1.4/v2.0 driver will not be deleted, v2.1 driver will use default array to manage volumes provisioned with old storage classes. Thus, if you still have volumes provisioned by v1.4/v2.0 in your cluster then be sure to include the same array you have used for the v1.4/v2.0 driver and make it default in the `config.yaml` file. + >Storage classes created by v1.4/v2.0/v2.1 driver will not be deleted, v2.2 driver will use default array to manage volumes provisioned with old storage classes. Thus, if you still have volumes provisioned by v1.4/v2.0/v2.1 in your cluster then be sure to include the same array you have used for the v1.4/v2.0/v2.1 driver and make it default in the `config.yaml` file. 4. Create the secret by running ```kubectl create secret generic powerstore-config -n csi-powerstore --from-file=config=secret.yaml``` 5. Copy the default values.yaml file `cp ./helm/csi-powerstore/values.yaml ./dell-csi-helm-installer/my-powerstore-settings.yaml` and update parameters as per the requirement. 6. Run the `csi-install` script with the option _\-\-upgrade_ by running: `./dell-csi-helm-installer/csi-install.sh --namespace csi-powerstore --values ./my-powerstore-settings.yaml --upgrade`. diff --git a/content/docs/csidriver/upgradation/drivers/unity.md b/content/docs/csidriver/upgradation/drivers/unity.md index 90ca6507cd..23ee1340e1 100644 --- a/content/docs/csidriver/upgradation/drivers/unity.md +++ b/content/docs/csidriver/upgradation/drivers/unity.md @@ -7,7 +7,7 @@ weight: 1 Description: Upgrade Unity CSI driver --- -You can upgrade the CSI Driver for Dell EMC Unity using Helm or Dell CSI Operator. +You can upgrade the CSI Driver for Dell Unity using Helm or Dell CSI Operator. **Note:** 1. User has to re-create existing custom-storage classes (if any) according to the latest format. @@ -34,7 +34,7 @@ To upgrade the driver from csi-unity v2.1 to csi-unity 2.2 1. While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. 2. Upgrading the Operator does not upgrade the CSI Driver. -To upgrade the driver from csi-unity v2.1 to csi-unity v2.2 : +To upgrade the driver: 1. Please upgrade the Dell CSI Operator by following [here](./../operator). 2. Once the operator is upgraded, to upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). diff --git a/content/docs/deployment/_index.md b/content/docs/deployment/_index.md index 75eee043ba..23b93beb33 100644 --- a/content/docs/deployment/_index.md +++ b/content/docs/deployment/_index.md @@ -6,8 +6,8 @@ weight: 1 --- The Container Storage Modules and the required CSI Drivers can each be deployed following the links below: -- [Dell EMC CSI Drivers Installation](../csidriver/installation) -- [Dell EMC Container Storage Module for Observability](../observability/deployment) -- [Dell EMC Container Storage Module for Authorization](../authorization/deployment) -- [Dell EMC Container Storage Module for Resiliency](../resiliency/deployment) -- [Dell EMC Container Storage Module for Replication](../replication/deployment) \ No newline at end of file +- [Dell CSI Drivers Installation](../csidriver/installation) +- [Dell Container Storage Module for Observability](../observability/deployment) +- [Dell Container Storage Module for Authorization](../authorization/deployment) +- [Dell Container Storage Module for Resiliency](../resiliency/deployment) +- [Dell Container Storage Module for Replication](../replication/deployment) \ No newline at end of file diff --git a/content/docs/deployment/csminstaller/_index.md b/content/docs/deployment/csminstaller/_index.md index 814978f866..f1405f266a 100644 --- a/content/docs/deployment/csminstaller/_index.md +++ b/content/docs/deployment/csminstaller/_index.md @@ -7,9 +7,9 @@ weight: 1 >>**Note: The CSM Installer only supports installation of CSM 1.0 Modules and CSI Drivers in environments that do not have any existing deployments of CSM or CSI Drivers. The CSM Installer does not support the upgrade of existing CSM or CSI Driver deployments.** -The CSM (Container Storage Modules) Installer simplifies the deployment and management of Dell EMC Container Storage Modules and CSI Drivers to provide persistent storage for your containerized workloads. +The CSM (Container Storage Modules) Installer simplifies the deployment and management of Dell Container Storage Modules and CSI Drivers to provide persistent storage for your containerized workloads. -## CSM Installer Supported Modules and Dell EMC CSI Drivers +## CSM Installer Supported Modules and Dell CSI Drivers | Modules/Drivers | CSM 1.0 | | - | :-: | @@ -150,7 +150,7 @@ helm install -n csm-installer --create-namespace \ When a new version of the CSM Installer helm chart is available, the following steps can be used to upgrade to the latest version. ->Note: Upgrading the CSM Installer does not upgrade the Dell EMC CSI Drivers or modules that were previously deployed with the installer. The CSM Installer does not support upgrading of the Dell EMC CSI Drivers or modules. The Dell EMC CSI Drivers and modules must be deleted and re-deployed using the latest CSM Installer in order to get the most recent version of the Dell EMC CSI Driver and modules. +>Note: Upgrading the CSM Installer does not upgrade the Dell CSI Drivers or modules that were previously deployed with the installer. The CSM Installer does not support upgrading of the Dell CSI Drivers or modules. The Dell CSI Drivers and modules must be deleted and re-deployed using the latest CSM Installer in order to get the most recent version of the Dell CSI Driver and modules. 1. Update the helm repository. ``` diff --git a/content/docs/deployment/csminstaller/csmcli.md b/content/docs/deployment/csminstaller/csmcli.md index 7e21ffcb1c..3711351969 100644 --- a/content/docs/deployment/csminstaller/csmcli.md +++ b/content/docs/deployment/csminstaller/csmcli.md @@ -3,9 +3,9 @@ title : CSM CLI linktitle: CSM CLI weight: 2 description: > - Dell EMC Container Storage Modules (CSM) Command Line Interface(CLI) Deployment and Management + Dell Container Storage Modules (CSM) Command Line Interface(CLI) Deployment and Management --- -`csm` is a command-line client for installation of Dell EMC Container Storage Modules and CSI Drivers for Kubernetes clusters. +`csm` is a command-line client for installation of Dell Container Storage Modules and CSI Drivers for Kubernetes clusters. ## Pre-requisites @@ -83,7 +83,7 @@ To change password follow below command ### View Supported Platforms -You can now view the supported Dell emcCSI Drivers +You can now view the supported DellCSI Drivers ```console ./csm get supported-drivers @@ -192,9 +192,9 @@ See the individual steps for configuaration file pre-requisites for CSM Observab
- CSI Driver for Dell EMC PowerMax with reverse proxy module + CSI Driver for Dell PowerMax with reverse proxy module - To deploy CSI Driver for Dell EMC PowerMax with reverse proxy module, first upload reverse proxy tls crt and tls key via [adding configuration file](#upload-configuration-files). Then, use the below command to create application: + To deploy CSI Driver for Dell PowerMax with reverse proxy module, first upload reverse proxy tls crt and tls key via [adding configuration file](#upload-configuration-files). Then, use the below command to create application: ```console ./csm create application --clustername \ @@ -208,7 +208,7 @@ See the individual steps for configuaration file pre-requisites for CSM Observab
CSI Driver with replication module - To deploy CSI driver with replication module, first add a target cluster through [adding cluster](#add-a-cluster). Then, use the below command(this command is an example to deploy CSI Driver for Dell EMC PowerStore with replication module) to create application:: + To deploy CSI driver with replication module, first add a target cluster through [adding cluster](#add-a-cluster). Then, use the below command(this command is an example to deploy CSI Driver for Dell PowerStore with replication module) to create application:: ```console ./csm create application --clustername \ diff --git a/content/docs/grasp/video.md b/content/docs/grasp/video.md index 618fd7ca22..19408b2f6b 100644 --- a/content/docs/grasp/video.md +++ b/content/docs/grasp/video.md @@ -3,8 +3,8 @@ title: Quick video lessons Description: Short videos to quickly grasp the concepts --- -## Getting started with Kubernetes on Dell EMC Storage +## Getting started with Kubernetes on Dell Storage {{< youtube id="vjuLhau5vBY" >}} -## Dell EMC CSI Operator deployment in OpenShift +## Dell CSI Operator deployment in OpenShift {{< youtube id="l4z2tRqHnSg" >}} diff --git a/content/docs/observability/_index.md b/content/docs/observability/_index.md index 7c96d5c737..6b3ff27be8 100644 --- a/content/docs/observability/_index.md +++ b/content/docs/observability/_index.md @@ -3,12 +3,12 @@ title: "Observability" linkTitle: "Observability" weight: 5 Description: > - Dell EMC Container Storage Modules (CSM) for Observability + Dell Container Storage Modules (CSM) for Observability --- - [Container Storage Modules](https://github.com/dell/csm) (CSM) for Observability is part of the open-source suite of Kubernetes storage enablers for Dell EMC products. + [Container Storage Modules](https://github.com/dell/csm) (CSM) for Observability is part of the open-source suite of Kubernetes storage enablers for Dell products. - It is an OpenTelemetry agent that collects array-level metrics for Dell EMC storage so they can be scraped into a Prometheus database. With CSM for Observability, you will gain visibility not only on the capacity of the volumes/file shares you manage with Dell CSM CSI (Container Storage Interface) drivers but also their performance in terms of bandwidth, IOPS, and response time. + It is an OpenTelemetry agent that collects array-level metrics for Dell storage so they can be scraped into a Prometheus database. With CSM for Observability, you will gain visibility not only on the capacity of the volumes/file shares you manage with Dell CSM CSI (Container Storage Interface) drivers but also their performance in terms of bandwidth, IOPS, and response time. Thanks to pre-packaged Grafana dashboards, you will be able to go through these metrics history and see the topology between a Kubernetes PV (Persistent Volume) and its translation as a LUN or file share in the backend array. This module also allows Kubernetes admins to collect array level metrics to check the overall capacity and performance directly from the Prometheus/Grafana tools rather than interfacing directly with the storage system itself. @@ -19,9 +19,9 @@ CSM for Observability is composed of several services, each living in its own Gi {{
}} | Name | Repository | Description | | ---- | --------- | ----------- | -| Performance Metrics for PowerFlex | [CSM Metrics for PowerFlex](https://github.com/dell/karavi-metrics-powerflex) | Performance Metrics for PowerFlex captures telemetry data about Kubernetes storage usage and performance obtained through the CSI (Container Storage Interface) Driver for Dell EMC PowerFlex. The metrics service pushes it to the OpenTelemetry Collector, so it can be processed, and exported in a format consumable by Prometheus. Prometheus can then be configured to scrape the OpenTelemetry Collector exporter endpoint to provide metrics so they can be visualized in Grafana. Please visit the repository for more information. | -| Performance Metrics for PowerStore | [CSM Metrics for PowerStore](https://github.com/dell/csm-metrics-powerstore) | Performance Metrics for PowerStore captures telemetry data about Kubernetes storage usage and performance obtained through the CSI (Container Storage Interface) Driver for Dell EMC PowerStore. The metrics service pushes it to the OpenTelemetry Collector, so it can be processed, and exported in a format consumable by Prometheus. Prometheus can then be configured to scrape the OpenTelemetry Collector exporter endpoint to provide metrics so they can be visualized in Grafana. Please visit the repository for more information. | -| Volume Topology | [CSM Topology](https://github.com/dell/karavi-topology) | Topology provides Kubernetes administrators with the topology data related to containerized storage that is provisioned by a CSI (Container Storage Interface) Driver for Dell EMC storage products. The Topology service is enabled by default as part of the CSM for Observability Helm Chart [values file](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml). Please visit the repository for more information. | +| Performance Metrics for PowerFlex | [CSM Metrics for PowerFlex](https://github.com/dell/karavi-metrics-powerflex) | Performance Metrics for PowerFlex captures telemetry data about Kubernetes storage usage and performance obtained through the CSI (Container Storage Interface) Driver for Dell PowerFlex. The metrics service pushes it to the OpenTelemetry Collector, so it can be processed, and exported in a format consumable by Prometheus. Prometheus can then be configured to scrape the OpenTelemetry Collector exporter endpoint to provide metrics so they can be visualized in Grafana. Please visit the repository for more information. | +| Performance Metrics for PowerStore | [CSM Metrics for PowerStore](https://github.com/dell/csm-metrics-powerstore) | Performance Metrics for PowerStore captures telemetry data about Kubernetes storage usage and performance obtained through the CSI (Container Storage Interface) Driver for Dell PowerStore. The metrics service pushes it to the OpenTelemetry Collector, so it can be processed, and exported in a format consumable by Prometheus. Prometheus can then be configured to scrape the OpenTelemetry Collector exporter endpoint to provide metrics so they can be visualized in Grafana. Please visit the repository for more information. | +| Volume Topology | [CSM Topology](https://github.com/dell/karavi-topology) | Topology provides Kubernetes administrators with the topology data related to containerized storage that is provisioned by a CSI (Container Storage Interface) Driver for Dell storage products. The Topology service is enabled by default as part of the CSM for Observability Helm Chart [values file](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml). Please visit the repository for more information. | {{
}} ## CSM for Observability Capabilities @@ -67,8 +67,8 @@ CSM for Observability supports the following CSI drivers and versions. {{}} | Storage Array | CSI Driver | Supported Versions | | ------------- | ---------- | ------------------ | -| CSI Driver for Dell EMC PowerFlex | [csi-powerflex](https://github.com/dell/csi-powerflex) | v2.0,v2.1 | -| CSI Driver for Dell EMC PowerStore | [csi-powerstore](https://github.com/dell/csi-powerstore) | v2.0,v2.1 | +| CSI Driver for Dell PowerFlex | [csi-powerflex](https://github.com/dell/csi-powerflex) | v2.0, v2.1, v2.2 | +| CSI Driver for Dell PowerStore | [csi-powerstore](https://github.com/dell/csi-powerstore) | v2.0, v2.1, v2.2 | {{
}} ## Topology Data diff --git a/content/docs/observability/deployment/_index.md b/content/docs/observability/deployment/_index.md index f3d484c384..582e8d90c0 100644 --- a/content/docs/observability/deployment/_index.md +++ b/content/docs/observability/deployment/_index.md @@ -3,7 +3,7 @@ title: Deployment linktitle: Deployment weight: 3 description: > - Dell EMC Container Storage Modules (CSM) for Observability Deployment + Dell Container Storage Modules (CSM) for Observability Deployment --- CSM for Observability can be deployed in one of three ways: @@ -281,7 +281,7 @@ Once Grafana is properly configured, you can import the pre-built observability | [PowerFlex: I/O Performance by Provisioned Volume](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/powerflex/volume_io_metrics.json) | Provides visibility into the I/O performance metrics (IOPS, bandwidth, latency) by volume | | [PowerFlex: Storage Pool Consumption By CSI Driver](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/powerflex/storage_consumption.json) | Provides visibility into the total, used, and available capacity for a storage class and associated underlying storage construct. | | [PowerStore: I/O Performance by Provisioned Volume](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/powerstore/volume_io_metrics.json) | *As of Release 0.4.0:* Provides visibility into the I/O performance metrics (IOPS, bandwidth, latency) by volume | -| [CSI Driver Provisioned Volume Topology](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/topology/topology.json) | Provides visibility into Dell EMC CSI (Container Storage Interface) driver provisioned volume characteristics in Kubernetes correlated with volumes on the storage system. | +| [CSI Driver Provisioned Volume Topology](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/topology/topology.json) | Provides visibility into Dell CSI (Container Storage Interface) driver provisioned volume characteristics in Kubernetes correlated with volumes on the storage system. | ## Dynamic Configuration @@ -398,7 +398,7 @@ In this case, all storage system requests made by CSM for Observability will be ``` #### Update Storage Systems -If the list of storage systems managed by a Dell EMC CSI Driver have changed, the following steps can be performed to update CSM for Observability to reference the updated systems: +If the list of storage systems managed by a Dell CSI Driver have changed, the following steps can be performed to update CSM for Observability to reference the updated systems: 1. Delete the current `karavi-authorization-config` Secret from the CSM namespace. ```console @@ -414,26 +414,26 @@ If the list of storage systems managed by a Dell EMC CSI Driver have changed, th In this case all storage system requests made by CSM for Observability will not be routed through the Authorization module. The following must be performed: -#### CSI Driver for Dell EMC PowerFlex +#### CSI Driver for Dell PowerFlex 1. Delete the current `vxflexos-config` Secret from the CSM namespace. ```console $ kubectl delete secret vxflexos-config -n [CSM_NAMESPACE] ``` -2. Copy the `vxflexos-config` Secret from the CSI Driver for Dell EMC PowerFlex namespace to the CSM namespace. +2. Copy the `vxflexos-config` Secret from the CSI Driver for Dell PowerFlex namespace to the CSM namespace. ```console $ kubectl get secret vxflexos-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - ``` -### CSI Driver for Dell EMC PowerStore +### CSI Driver for Dell PowerStore 1. Delete the current `powerstore-config` Secret from the CSM namespace. ```console $ kubectl delete secret powerstore-config -n [CSM_NAMESPACE] ``` -2. Copy the `powerstore-config` Secret from the CSI Driver for Dell EMC PowerStore namespace to the CSM namespace. +2. Copy the `powerstore-config` Secret from the CSI Driver for Dell PowerStore namespace to the CSM namespace. ```console $ kubectl get secret powerstore-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - ``` diff --git a/content/docs/observability/deployment/helm.md b/content/docs/observability/deployment/helm.md index 141ffe94ab..6d76f8216f 100644 --- a/content/docs/observability/deployment/helm.md +++ b/content/docs/observability/deployment/helm.md @@ -3,7 +3,7 @@ title: Helm linktitle: Helm weight: 3 description: > - Dell EMC Container Storage Modules (CSM) for Observability Helm deployment + Dell Container Storage Modules (CSM) for Observability Helm deployment --- The Container Storage Modules (CSM) for Observability Helm chart bootstraps an Observability deployment on a Kubernetes cluster using the Helm package manager. @@ -11,7 +11,7 @@ The Container Storage Modules (CSM) for Observability Helm chart bootstraps an O ## Prerequisites - Helm 3.3 -- The deployment of one or more [supported](../#supported-csi-drivers) Dell CSI drivers +- The deployment of one or more [supported](../../#supported-csi-drivers) Dell CSI drivers ## Install the CSM for Observability Helm Chart **Steps** diff --git a/content/docs/observability/deployment/offline.md b/content/docs/observability/deployment/offline.md index 01818b08bc..076921deb0 100644 --- a/content/docs/observability/deployment/offline.md +++ b/content/docs/observability/deployment/offline.md @@ -3,7 +3,7 @@ title: Offline Installer linktitle: Offline Installer weight: 3 description: > - Dell EMC Container Storage Modules (CSM) for Observability Offline Installer + Dell Container Storage Modules (CSM) for Observability Offline Installer --- The following instructions can be followed when a Helm chart will be installed in an environment that does not have an internet connection and will be unable to download the Helm chart and related Docker images. diff --git a/content/docs/observability/deployment/online.md b/content/docs/observability/deployment/online.md index 8c478f8751..60e83ef3a9 100644 --- a/content/docs/observability/deployment/online.md +++ b/content/docs/observability/deployment/online.md @@ -3,7 +3,7 @@ title: Installer linktitle: Installer weight: 3 description: > - Dell EMC Container Storage Modules (CSM) for Observability Installer + Dell Container Storage Modules (CSM) for Observability Installer --- Proxy |---------------> Authorization |--------------> Storage | +| +---------+ +---------+ | | Server | | Array | +| | +---------------+ +---------+ ++-----------------------------------+ ^ + | + | + | + +------------+ + | karavictl | + | CLI | + +------------+ +``` + +**NOTE:** Arrows indicate request or connection initiation, not necessarily data flow direction. + +The sections below explain each component in the diagram. + +### Kubernetes + +The architecture assumes a Kubernetes cluster that intends to offer external storage to applications hosted therein. +The mechanism for managing this storage would utilize a CSI Driver. + +**Architecture Invariant**: We assume there may be many Kubernetes clusters, potentially containing multiple CSI Drivers each with their own Sidecar Proxy. + +### CSI Driver + +A CSI Driver supports the Container Service Interface (CSI) specification. Dell EMC provides customers with CSI Drivers for its various storage arrays. +CSM for Authorization intends to support a majority, if not all, of these drivers. + +A CSI Driver will typically be configured to communicate directly to its intended storage array and as such will be limited in using only the authentication +methods supported by the Storage Array itself, e.g. Basic authentication over TLS. + +**Architecture Invariant**: We try to avoid having to make any code changes to the CSI Driver when adding support for it. Any CSI Driver should ideally not be aware that it is communicating to the Sidecar Proxy. + +### Sidecar Proxy + +The CSM for Authorization Sidecar Proxy is a sidecar container that gets "injected" into the CSI Driver's Pod. It acts as a proxy and forwards all requests to a +CSM Authorization Server. + +The [CSI Driver section](#csi-driver) noted the limitation of a CSI Driver using Storage Array supported authentication methods only. By nature of being a proxy, the CSM for Authorization +Sidecar Proxy is able to override the Authorization HTTP header for outbound requests to use Bearer tokens. Such tokens are managed by CSM for Authorization as will +be described later in this document. + +### CSM for Authorization Server + +The CSM for Authorization Server is, at its core, a Layer 7 proxy for intercepting traffic between a CSI Driver and a Storage Array. + +Inbound requests are expected to originate from the CSM for Authorization Sidecar Proxy, for the following reasons: + +* Processing a set of agreed upon HTTP headers (added by the CSM for Authorization Sidecar Proxy) to assist in routing traffic to the intended Storage Array. +* Inspection of CSM-specific Authorization Bearer tokens. + +### CSM for Authorization CLI + +The [*karavictl*](../cli) CLI (Command Line Interface) application allows Storage Admins to manage and interact with a running CSM for Authorization Server. + +Additionally, *karavictl* provides functionality for supporting the sidecar proxy injection mechanism mentioned above. Injection is discussed in more detail later +on in this document. + +### Storage Array + +A Storage Array is typically considered to be one of the various Dell EMC storage offerings, e.g. Dell EMC PowerFlex which is supported by CSM for Authorization +today. Support for more Storage Arrays will come in the future. + +## How it Works + +CSM for Authorization intends to override the existing authorization methods between a CSI Driver and its Storage Array. This may be desirable for several reasons, if: + +* The CSI Driver requires privileged login credentials (e.g. "root") in order to function. +* The Storage Array does not natively support the concept of RBAC and/or multi-tenancy. + +This section of of the document describes how CSM for Authorization provides a solution to these problems. + +### Bearer Tokens + +CSM for Authorization overrides any existing authorization mechanism between a CSI Driver and its corresponding Storage Array with the use of JSON Web Tokens (JWTs). The CSI Driver and Storage Array will not be aware of this taking place. + +In the context of [RFC-6749](https://tools.ietf.org/html/rfc6749#section-1.5) there are two such JWTs that are used: + +* Access token: a single token valid for a short period of time. +* Refresh token: a single token used to obtain access tokens. Typically valid for a longer period of time. + +Both tokens are opaque to the client, yet provide meaningful information to the server, specifically: + +* The Tenant for whom the token is associated with. +* The Roles that are bound to the Tenant. + +Tokens encode the following set of claims: + +```json +{ + "aud": "karavi", + "exp": 1915585883, + "iss": "com.dell.karavi", + "sub": "karavi-tenant", + "roles": "role-a,role-b,role-c", + "group": "Tenant-1" +} +``` + +Both tokens are signed using a server-side secret preventing the risk of tampering by any client. For example, a bad-actor is unable to modify a token to give themselves a role that they should not have, at least without knowing the server-side secret. + +The refresh approach is beneficial for the following reasons: + +* Accidental exposure of an access token poses a lesser security concern, given the set expiration time is short (e.g. 30 seconds). +* The CSM for Authorization Server can fully trust the access token without having to perform a database check on each request (doing so would nullify the benefits of using tokens in the first place). +* The CSM for Authorization Server can defer Tenant checks at refresh time only, e.g. do not allow refresh if the Tenant's access has been revoked by a Storage Admin. There may be a short time window in between revocation and enforcement, depending on the access token's expiration time. + +The following diagram shows the access and refresh tokens in play and how a valid access token is required for a request to be proxied to the intended Storage Array. + +``` + +---------+ +---------------+ + | | | | + | | | | +----------+ + | |--(A)------------ Access Token ----------->| |------>| | + | | | CSM | | | + | |<-(B)---------- Protected Resource --------| Authorization |<------| Storage | + | Sidecar | | Server | | Array | + | Proxy |--(C)------------ Access Token ----------->| | | | + | | | | | | + | |<-(D)------ Invalid Token Error -----------| | | | + | | | | +----------+ + | | | | + | |--(E)----------- Refresh Token ----------->| | + | | & Expired Access Token | | + | |<-(F)----------- Access Token -------------| | + +---------+ +---------------+ +``` + +* A) CSI Driver makes a request to the Storage Array: + * request is intercepted by the Sidecar Proxy to add the access token. + * The CSM for Authorization Server deems the access token valid. + * The CSM for Authorization Server permits the request to be proxied to the intended Storage Array. +* B) Storage Array response is sent back as expected. +* C) CSI Driver makes a request to the Storage Array: + * request is intercepted by the Sidecar Proxy to add the access token. + * The CSM for Authorization Server deems the access token is invalid; it has since expired. +* D) The CSM for Authorization Server responds with HTTP 401 Unauthorized. +* E) Sidecar Proxy requests a new access token by passing both refresh token and expired token. +* F) The CSM for Authorization Server processes the request: + * is the refresh token valid? + * is the access token expired? + * has the Tenant had access revoked? + * a new access token is sent in response if the checks pass. + +### Roles + +So we know a token encodes both the identification of a Tenant and their Roles, but what's in a Role? + +A role can be defined as follows: + +* It has a name, e.g. "role-a". +* It can be bound to a Tenant +* It can be unbound from a Tenant. +* It determines access to zero or more storage pools and assigns a storage quota for each. + * Quota represents the upper-limit of the total aggregation of used storage capacity for a Tenant's resources in a storage pool. +* It prevents ambiguity by identifying each storage pool in the form of *system-type:system-id:pool-name*. + +Below is an example of how roles are represented internally in JSON: + +```json +{ + "Developer": { + "system_types": { + "powerflex": { + "system_ids": { + "542a2d5f5122210f": { + "pool_quotas": { + "bronze": 99000000 + } + } + } + } + } + } +} +``` + +This role says _Allow Tenants with the Developer role access to the bronze pool on PowerFlex system 542a2d5f5122210f, and cap their total capacity usage at 99000000Kb (99Gb)._ + +### Policy + +CSM for Authorization leverages the [Open Policy Agent](https://www.openpolicyagent.org/) to use a policy-as-code approach to policy management. It stores a collection of policy files written in Rego language. Each policy file defines a set of policy rules that form the basis of a policy decision. A policy decision is made by processing the inputs provided. For CSM for Authorization, the inputs are: + +* The set of roles defined by the Storage Admin. +* The claims section of a validated JWT. +* The JSON payload of the storage request. + +Given these inputs, many decisions can be made to answer questions like "Can Tenant X, with _these_ roles provision _this_ volume of size Y?". The result of the policy decision will determine whether or not the request is proxied. + +``` + +----------------+ + | Open Policy | + | Agent | + | | + JWT | +--------+ | + Claims ------\ | | Policy | ----------> Allow/Deny + -----> | (Rego) | | + Storage -----> +--------+ | + Request -----/ +-------^--------+ + | + | + | + Role + Data +``` + +### Quota & Volume Ownership + +Policy decisions based on the current request and set of roles alone are not enough. CSM for Authorization must maintain a cache of volumes approved for creation and deletion in order to know if a Tenant has already consumed their quota on a given storage pool. + +A Redis database is used to store this volume data and their relationship with a Tenant, Storage Array and Pool. The use of composite keys provide fast, constant time look up of volumes, e.g. `quota:powerflex:542a2d5f5122210f:bronze:Tenant-1:data` is a Redis hash with volume data as its values. + +## Cross-Cutting Concerns + +This section documents the pieces of code that are general in nature and shared across multiple packages. + +### Logging + +CSM for Authorization uses the [Logrus](https://github.com/sirupsen/logrus) package when logging messages. + +## Observability + +Both the CSM for Authorization Server and Sidecar Proxy are long-running processes, so it's important to understand what's going on inside. We use OpenTelemetry (otel) to help with that. + +The following otel exporters are used: + +* `go.opentelemetry.io/otel/exporters/metric/prometheus` +* `go.opentelemetry.io/otel/exporters/trace/zipkin` +* `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` \ No newline at end of file diff --git a/content/v2/authorization/design1.png b/content/v2/authorization/design1.png new file mode 100644 index 0000000000000000000000000000000000000000..89c748d0b56803d0c3a34370548e12fba176bf8f GIT binary patch literal 22497 zcmbrm1zeO{7dL9qNQcrXT>_E=NOyNjDBU%HfC58Ehafc|-AE%LGAbz@N(>?0Ln9&I z1DxaWocFx)d;^8R2Y3LgfW{v_e7GvOAtfaR z6auepZEcd0lE4Gd0H^}`0^dLhP<#D-U4Gq5LP7#4mzI|Py%1=2-3uTB)LxGcv zkO`m)9c`!_z#_z5Lq+ojIyNpYE*4fp=)AN~Mz;oaO36F}7iHV6#e3kS%H6t@KGb=YQudt}N zqT+33Lqik5(}xcqKX>-@^!N9VjE;^^&CJYvpI=Z*elN5w51 zBk)4cNL)#ansyYUO%(KbGdqayYl*EQGhOQnuPhK{LFuRgOvdi%xm>HIe0hLNzu-

poZaTX8^u3<2$S+M&XeqFeKwg?)T-RACjG8cnUl^^2HpECW!92GsoiMKVwKN2iagBS4ic1SW|_ldHo7`j3~zgsYbSq(EbF z_DDPxAS&oAkOBNFSEdFA+Kga8LjQW{_9Dzh|HsgmukFY2fAH=s^pGYv*5C~Smm6Hi zhQ06&)~=wR;yS`}O3bv(-#=d3B_5mp+}=piHQi?UVR)@Fy`0U+2PV*bseSrn94pU+ zQ1#1)GMWta?8~kgt1gG|*Uq+L+wd8yh!J0l+vr0iwgi-w;<>JoHJ^ysB3))-JO|C~ z`l4Rcx=$ZlyJ>=V*_9OrFlOy0`ON7&(gs(;--3akyB-vp_h8`; zGbk4$_XqaSrvl_-BK=lcoh_%GUGkb`b+Fu?b$x&@3FgxTy84mCt}gV=73;|w8s~BM ztTrf&=U(oQR9s5^)|~Sb2e#!mh}fTWNwoy-9VB^81a{pExl_IOSACSpZi%ftHqD(z z_2XE06t`q20shhu)6>rU(HC{on~-t{WFEYV+sfACm{>xSFzgaGFErymf!knTfQV&@ zT~g#f=q9l_wH8j9V8$~@^*W!D`^ zV-E9cDeM`}^=^IaYvSZ}^vhL62h$4W5J!V?a%tf-R77OtKFNa&rHv{4rg$-1hY&;I z;f18H{i`2oyW;8|Emwb6>WA2~I-_Qzqf^M zX+2%JrG7VwmhJQ`XFeVSR$c5^V9&`}R>H)zrNj+OV4c!w4E#u(Zhz8TgQQC)k~8{N zK53In?~$P0PosEWZTa%X>TVy_E<``Z&?lPqL;=%4k_2-_9_6jXBXk<~tia*Ou@M-& z`_-q$Ai}&jzkM0CDG@(|@QWgPL_ zZ)K$&@{VDz(cfnW{eU^-Eyf3Z8=u%2(aza@CX-wM_K;su5shx=!LOX6Ypl4b*k}M%k~QQ_m(BxD+BdH zUqa55K{{X8##dT*TkldXJ9_G@`(Pjpg~f}KGn!-q*zZ_vhu{VEPoU2?%Nm$8PFLw1 zPQ^WRmGQ)K57K^=iCHn>s9{%9VSH=cG0pgMZX$(#;`dD@xyjfh4E7ucZz37U7maa*~5yy?j%{FbC@9rLxp zw{Fcwc;sZbI;p8`*CVRw7K2`BTvz% zr+FQ0b6mz}y6tWoo<`6JNaFDZIV87E<0s{v!_^aRWXhCwIAF^X;!C>MKTV?3Zcf4P zQ+2A}ui*dQ1?dqIX(0SQs=Sv5VOY*%4nXD>;dJp46AfbnJpA{B-5Lol5$14-i{u z_bnB*h~3ZwfA;l_ig)&FAbZp8YK^cMKA$_RoJI9XH$v-}<|Uep+YPnP30NG zAE)fn%2R31OePtG`MHo{W*<7JQN!6N&z@tJy;IY6JUt+q7v}xY$q5yq$25uv6n6F% zjRAgrK?e;1`Pd%bHo_2T*65eO@x+GNIbczk=3`MD)W+?GqKeZ>T@`UJz5ffq%RmEma%BvBf}c+V~B3T z&sXOOW2V=q51KS(UGZRENlS{aptivq6185F!X~U0sYP}erRFvd4qv_HV8#h*1C4~R zziBe0jrvy6N`hCr6Pm2${D8enh1K|(`76(IgThO*(Is#&61f3l6@`1r&?qwL60#Sj z372j$1z68j|FA>0iJxUK65@htO)ppm2^D&oe4OD}>od!v6nNL+n(GMqeEwEj#Gb8q z{RgDwT&T?#+7L}4?}ZIzET_~l7u;V2g-0mb?rs`&;&&5CW3D|79i^xx3=oqy2&=(K zHSi?~H!FT;`|&=WL9EOX-;$mOk4Ot5I7%FsyUACBUww_%krV#;)Yv?4^*nEX*0Gbk z8$A?ni1lH@^qTZ!L3|KqmkT3wZYWi`-<>S5NRjr*oXOdO>R~pnMr5s~xd94WQDj#c zd3{$`qqx0L9*gT8W9E9_qE~C+@zb*Xr~+(Kfq<^Y(AK>>%Zzd%T;|WeR3$j{9lQJF z{j7b_g{?~)1FYp$d2R4qnbuDfC;3<9kX0H9!CkLrXG?B=jlTO8 zob=0!io2y5Ld#D(nCcjgpO>OBQa@JzIRNX*E`1kM`wrIt$X>?!8&YgvI^r~ung7%) zBKY`xsXx`hmK-M42`B5G7SqOZoha)wQ(tqRtjB8B%g=udAo z^>;7rf6k9koy@izgGmVL@wMx&RZ>hg6eubvCR6hViYt|w*Qs=S2wF-{ki2CIkQfY3 zlyw?2-rzKME$Wc6t!fn6a14W3Jc*7RpGdF2pvGrwdriS-Sla?m4@x85mS4lbn zztEPbUKeMNdrW6aQu^Fp#nis>7=4VgyRGVh*)K8P82%v zo5gi<)7v<^Gu3!$FtfTXykwA-`cxw)g}iKgoi26Tsh2`$QHNM1)Nwvkt6KOvVJhu< za@)IqPm~Cxp7Pdp^kA3p>k9=y{8~xBOT4q35gwoQjx@r+yOrF`2G~I}+ee9cRiZ>?fV^`9|`e=(gB;y~qWVlC& zLpm66x4zsW#>&U8g$&21|Fmpg_RhqB7AhGPiG5g09B#jtK%knOg=b+!ffFP_tZyT@ z4`xOkk?u-mhty!(Q1RAIJ3`vV9tm;y+NnvRDN{^{v<~6Z_%O;HtM=;-ntSv;8uQOZ zW92hGL$bqJ%=Lmc4Cz&JGzr~a7=F!shx|c% zq6oA3^QYhU(u}x;W!nP5s%w<^{z0oIngcFj`$~coC}e3yiK4A)g_a1$d6E88ErisQ z?+O;$sH7Xgk}bpcS3r!VL;%O@u5z>w-`!vYnPAuu$>-!-)vm;!4n*6$^Lpn^T4~&B>@0Zd%z!C4L_<}eyz0Z3JJ}s%wW1m*gXiLCK(S2JM z=Dx#hxDSDRv>5NKNaVR=ai@{J+9DrGpG4uUta=iLpnE}9)Cpf^S4HU^>4c({#V;wa z0d+q_#T3~Z2JzxDzhGC2kv7~EOOFu)Nm8e65K?(pj_3Azm290@u7BB0YB>8aYy+3T zNPWj-QB`b*o2Fhvm2qnM#NZf|g6|$WYv$8yloTuJg*{O?v5u-XMLMJ)A>4?vk7qFX zbts$}&D!nI>K}(i1{a}}=$eIkEbvrvdvJ)atPVT+5bccF~cCAT++;J77zw9TSiS(=m zx;H720fF|KRgqP-c3HL8>l{>tDclBfr&sZ7j7lPVc@OT2 zyEaf;KKLA!KRJn8XPR$4Bq||{vBeR9>SQbEjaV}OKw8toS+=#i%Bh&5EjK~-cxZ#~ z@vHam;*B+f#zH2dieIo!``H@X_g+qpI_a)#2*mZRePmgUu=vGIPcNs$blpaz1M^;M z#_WP8W*;^kkJNw4ZQT-3eWk^e8cQ3T*?9B4o92fFCC5)z4~3i*W!teB1?1gYd8mDb zT3uLohH19m;};5BcF;_{7)0IN3p6{T*F{>FW&3uZkYWyVz+v)uca8wQ7*e^MBQo89^^O z7))sXL&-eV{E(}Umf^0yh`M=Ih&AXPI!9xU$o-AiXW15r+o1yD{^aIeKJ=+_{-P=Y z=-;p(wh<9+drud{b5TcD+}VPD3Rc^8M=y#@>+x~3PPL&BAZIy{bS{*+G(@gnd;@E~ zjhG*We^{Z3#Es;L&N>eq&}~@7 z0*mk^PHv^A#g5(5ydS)e-1yLjzeY{M2Nj-LlZL{+FARWIv1?g~SkK`sh-+3%Y|x8n z=?N@IXza9j2kmAEOj2$;%OcJbz|3;J1}f#6Yz8C(vZ$5Oim)+o{vt(Yz(ms$ z#hwWCtY_E^Ayxo-8YW!Q_16FpFbxU-IB_JcQBx^kSa|$5ngFUbB)p=R3kRUFRSI{u zAx8jT+s76nw&BMzSdqQN#zw{GX#S!piFqI3rcA!+4Fn(PIhG3_kU$4|+FcGXkjW}X zAW<9ylblcvBJKuoJMue!qX__iKByECHDnk#0MmfDK(od-|Eo-|XUbIX>+|PWYhFMn zqO&u4pBVB(Uh%{;P8fJ88V)iiziwY6p+|G!Wda2hT@sDvhTVqi6U&cJzsw#iHWYcW z$Wtt2D4eaDWRrv-kEx5L{WO?`xCHo6CDG@0&NFxz1Zl;D>wNGh2Rl!M?Bey}TC0PX z2_c~iS(l1>i5c@XBTwBjy9!_0t_~EP!0^PogB}1TUjkTWt`{LOl*h!&QkPLc6Cz8G z-tU=|G?pXB8}_T7h!PLCf*fhONb~c7T?o70lhz!)2)ZlZZT5y z*2GAhfSday_{>P)n?X%&BT`Rx z(n!!Vprp$4($Sl2+9F${%Mli1T}rG@T`k3MCepp2^XJltl9n;rtBk-!cyhtV}A z48=dpV5W#t!XL|V$k1s?*;=5_pzBAP8{g+y*#B_PHlaM;(=$3Idp^le7Q1CT*I~%? z(nX>rfX)O(!~#iqnb{fSY0Q4zK8%WrIqXV|xJ&p@cCQbkaSG7{&?icUdJ_ZaZt)pZ zw&Yxw_LrrZ!&@D9-OGNpX>AzaGt`AwHXbIk?jK~uF(-J}feNREgb}pemnDA58|cC6+)`jhcXDpV-E}m%mdVqXVHrg*;hAqXQ4ak!&abW&#CzgC8zs8ETb)lrpl9%+T!L* z*~{!9jMCy@sobgO@KhDkEX19wNt6?euvR$u*lRnSEFx{p2QRfGNAOs zxlG_$!WyE}z;DGuEMoS(#%Azx1DnFwCXXkf;Pb@+_7Wf5A9ki319ZiY29HpcgL*HL zuc8^#eb7k?SzPdwBT4720}4a5)?;G5NkZlDI=&j+c}NFC)n>YZ=o3jt*3^#y3l7FZ z6K)1#1wNL(myBE*>~HbwKVuEA^&7I^!{(a3?FlN)sN}!K%U`h#=yi3-poIzvt+|Sq zIk)P6#zo2Da&w9WE`CA2jJfJB4CzvVg171KuI4%m9wj|m3Mycr+o3SYwR|4f9v-rd zgq(*OSPt$k1IEC?#FtnK1gd~Y-T48)vl}mu2%MQfxtB5Y4mk!+(WQlc^_Ks=HyRD< zZAj?IrSdNiMLd8%%h^lHKpZ9!Af(jb&%lFHG5rxuFGs&T1tGt4Sp!TW6zqTP46yY+ z=Z|Pwl-7raLj#2S|0`qne`gFhDFGIu|5++YG{JlSD)E(4igdvnHf2>FPf1D`-V&A3 zJjCg!2O^V>1=v6|^b?YbwBfFkR^hE6V8Q78U?T^XV%4d1OqYOF<4X%0rai>y@3zj& zW&*hlkj(wCy5e$#9Te8No@3pS$Dk$$RvCX`O9=Ig$VPk-udFMsc+&A!nErCfQh#AV zBp`(!_cdolAl`zI5X!U52`P{yv@1C=@Vs+5=_HY(wP$gQ!pNlyVo7td5GyWBAc|}~ z!_lu*7JwbJL0_rVay}P+sKg+rC5o%hK$JR353Z1pmD@*W4=%kVfNB=aE4=Nn3|6mM z5>~8oHRfivGr`hXL>nAyWZ=&keECykk&>~@eoJcbklE|?!``L4x9Y|=n`@rg3cvK^ z+eEV)9NQ%spH$K8)5X;C06lzJw>Yp`N-|fOp{5X@L0J6`gRO>bY($Qr3Jq<-@5V!e zNDT6l4>TGu3lZoO^m$=Jd?>%iXmR`brgaSu14vPLFy!3$E2GeIb{x{)V%$b8hw!$& zLzx6vDnZ5-2@hlZy#;O7Zm!|}Hx^gYlNh_Acn9GekiV5kvi7S;_Ho%GlIgP``WHL=ijLrAtr~}b{uCp58Rb;R+|Y>y)6s%a2j8vgV#WBc!BYED zt`+vO!n;--QWC*!MJcz16?fJfzt-(PPU7EWdlIoWy8CV)grZI;vTQV#h$!Sz(635{ zHukH$oG_}K3a-IN+7x|G$}WTKXgrH+0@jhzrkAKVUep|v^Cd5rq>h7^DbomgFxict z$B}pB1!RkaMlNocolzGl&cr#ZnK`=9euof^$Vr;(nz}D@;L36FyF=TABprvSv@HtVwlB`ns zyC_1lArn=4y0VQjDq?+7!ta~n@hR0AhiUzuTawl1IF!2HHiMCfz&b_ByQmAEXCQM* zD0Un)#FC1<+#n9_$WY+3Qvjc>WDzpIT&PZvK%pb-QI=!U>q-9WL z@ahH+WoLJ;6)5{*&Ra8YMj^NMUQ#(sRa#E$xPtjfmC34p@CTn0_XWbKKD!+DxbO`g zs9&(v;pJkSp!VT$u=zVyAeSq?^{01V#t@+)%xpqO@1;^cGe*~bZzLj$F9|A`F_tbO zg^PpH@6C&|>AvU0C!~yeK4U%q(q4^)JoxU$4}FJIwEhu&hu5mWxnX<)K>o`T%iDpf z%g91)eROlg`T>h`>8;RCMTK3;n2<#WUpkqYrjb`EM_?ohez!Km6JnJcTE;^#I}r^$(@`#cf6& z@}4!M?W^(19vV6&S7v%y-WI&#!+h>z%ZJxX$H*D?|rMS5f}cSN~U$eT6O@ zD#Xt2y_yCRo68KLALokG&K`H%>eHJnEjZVy2c<;utzGVn77_YJ93W@HyHrP5*YFzz zAtdevA&~T-pqlTxGl8VdEU6(thSB!oHHZR3Rs9}`91Xx(rdBM2B_3`yUw@{TdZRwJhs}5PIorz$1YC z3Q}ma$SyChtYG-)4H}C}jjDl*Z%vN@Jb44)2L@?jLKa5Z@<3$*gHSS5zt`ffxLIOB*C3-tM~X&aJloZ4F8`( z8MtO!$bDrL$-ttvRJt@4hN||5NkCjK93bCq)dI|5ouv}UQWGzqos$mD6()p|6GD+6 zL0E2IGr1B8Y}Y-80Vd}ML~uk`rIzovKE zri_&hQ4tQI_D`?SNUr=Crb&dT1BUu?8&aTir5$S=FR^1ZspX&HC)`B;o!0G(?7lq4 zE!6;sgXljcy|hg$lbqLGUNu1Tsf-8NDlUWS|I$iT?9r9^^z)TXS&<~#-JfFg2TZQx zh~*>LZn0>Q{FAk41u0p;3Vlj*;$OB<38B(|spOa4deu@^m;mWgB*C#OqJ+@T|I+4w zz+@za&#LjV-Q{flPc0Ot=yR?m-u$O`Tq<725K#O>jT7k%l7BHD<@=6d-a-jww*BnB zJO32|^Ql3K z1v>9~JbfPf;4*YFfq*c<+F|#VQ+DvxdINI{u}vvL3J)I@^?Gt(A+K%)qOkNHtO#j* z%`TA}MJ`rDMm_(BBu^UhauDsKhK)*dMK_wDSDt7S@83r@_#}7jmbPA^P(g+A@5a>$ zu^U|cI(<4DbmVB{>6J$a#mGW1>1ON3?l$jLxtCYGdtZAmbz;h6hQx=lvD8b{$tWhf zhfm_D&2X^R>l0`XH3d`449|dC2;+B~A#F3A|X9}Xtk z4Sjr{kKxANNNn8VDR^(TXRznc$$fF+RVV#=*~;2t&)4#)x4p>XMBPL9f1f+|8{#70 zn?{*Pvj8(210%*fr$N_b47--5p3l~7+vuVGyQhlv3l-}_Mq}lNQ7cuRp3@Db{NnK! zFXa-WZrnxIW|D++u6_AE^6A`qhu$m17cw#3$YByNPaMoBB9&c@2eS@aNSGY%`C3*H z+(xjUwS=tw`f_gf6XiBxk`{vMP4KGKcix%tdG?<0j`a|;H-;>WR!Hma_miD0k3CUp z_Sa6P*2;TCgfaZ#AO7=dwuPxNmBh>qW)VcIOZ)E0s7DG-JQry;4Q$ADn{*Y7hN6lw z{U#e@57_mtqFQG`z#mO$qBwfsVXsNIm! zyUX|&4y7DrKk1bVa+G)&^AHdKy9=hM{lHIkvC>$Ip3Z^_&sn}G2mN!Lm-QP-gxe?L zV3T(E3YOdX7hL&!SnoU!YH=Km&<&-W&SvEw{90pfZH!6(M9+mRQ#?%j`sMql>01Zr zsvrMJGXBV9R9B9Uk&^**Xs=sexNa3H$Iu#YCX&eo)hk4Db_w2NO_oe=s&s3 zAG2AuQY<1~1L4lX&|D3<3gEv2GrrM|A6Y<Un8aR>6 zRW_S*r`c`3ilmoJegEaY-E@;JJT0--D7j?u&KA)i^^d)zO|@_Yxlo9dL=O=7Z~kqH z^0jrw;ZusepgxL}MeheY8hK0aLb{L%p@f8#bSbQ}4Bsbfo~_cYFRaznhS82UfdYH` zTh~O%^&ki!OTyR4^82UB0+Wpi)ygLwiqKU(bqt?|EhJsI5M|iRI%(aff-pjm4KHVp z_04Ht=}_~E$FN+va8a!0HUGOD4(vsfRHr&8wYu7cEV$67%yGE#bl1DnpR$(vQUxAv z`A2_?S%HS%mpB!T8uG+avv=Bpmqk{)!`9b@MXOkZr2>z@Qk9PKAJpU<^StV+qG9vu z@YP%d$WILaGQDXaohr*n3-HoN*z{AkLb+ZB^RQrhL(|H+i5o+0FEF%Gn#=BN&pw1Q zHQI}i5I}KEnm~t(x5T8fb7*ucx;*s}Wb~{M#?OpIxx$~fws^w#fs8F&d-gR}@g~&q zC_)H2oFJC`kFb97u68B$6iOVt9CTztY~wv1P{J-EMJrs0(qfM}p*qxGH$J(HiP`^# z#FS+<65&qlyR?;u3anZCXH@Qu)u*k7Wd>q?%7m`*=X8IhPW`viYi=UlxXdjBu|q%^ z<->zsmCij;{)1UHe7k2p4konB!Y; zDdRHW#u%y}vtnlLF@XV-u+J+B!x3Wdx@*b3%ELALF|Sg;JYVRvA8uD*7=oT(4oFYT zi3I5HN@O9x*xsUZ?}4&}3s8WOKy%(hdo{}>;$%0|w`#P{*Dr35s{KqD zx%287X{|qg@*KKRvMgmA1oleU8$Wqh+-UN2yJNI{v~`)1w*zjSshZWM;8o^a1<3=F z#KfnN<(Td5&6W#UMv$*>e``zq(bit${#izgSOfX?Rtv|4=*5yl*YU|-W!V#Un3 z?}fB7=PefZegbo=2(*}FN+2N|-1Dj$ev6=XL<^&zuk;6fqZ2|8()qY$&i1r;{ZSd$&6a?@=2eW*@2dx=cKr}N-0WUq}QS15aUiZ8o5F zIS7|0Jie>)p*G!l-qCC8r@7G(87Ytw={KT2RNqpDOJ$9~87^@rEd zbh0+>qky4j5wx!a7c8w#jNdmMc)tHm{%H#K14f`4{Fr^n4F^cd=&LjzNK1-+4|y)f zO}W0uUsR-*iGIic;((%az?35nLOf~+dHpp7(wg_>a83r97k`+RI@Sg;P^>@th_MT| zN-s6~iHezW6L2nNjD80)nQGCs6 z%Iipe6d&Eplk>i~$}Q+8QTz0W0;=G8kN74{i#zzc#<_Qma{E7>T0`}>)3~A;mjPHCO+KF7U3uccbW*J5ia?p1A7-pCqt^D zHUUuZ+s+$0n*wv{P8^*#(fSpAXZw_cTQ#OWsS~2V<;Qz+H){_@r#r@&j%ZFaaK-VO zp7NcnYYrH0C`)5$aBm+9>NEcub$2NvhfMA;byA?m7`WcLX1()ahJ!9t2l5!`@U z(O@|H#L;6EK^G@bctA28|0Ah6dE@bL z*j`7=QRZooZ^L}O01F}IYPG;BGbbon#YYkXjAAKU zmY>y18IuqDj~@lB$2X&am0D4;AoCH-ZKDQ`sP!HxyNAjOidUNPxf=-MQSsL?)B#UV zpAJ(LC^>DzJp+L#u%T9oU}J~x$?4C%6Bc2)E z0V5OC>e$-g(&Mj(u-$+8B%tGB;W3FCvYEt8{$`HjX92xAZ_3J@82+Qft>%(0{-fy; zBF@LSTgd#wN2)-Sg!@mLFRlAlT+AI#Z;Gi9KbyrwGm^N7xc6Sgq>sWzg>H|13D zDOYi64qzEAX|Cb>5UMVXcZjg(xdAux*e-PfR)l}^%`Esi zVg@B*KlZ0bS6(VapMRV6IGr2(Ixthm2~7raWR)~o_)C|!uz4R)|2peFzf;;+vvmcp z=#i}c{Lk*jKEZ^A1N!s!A=62Hw83R6FA$)kp(a|93gIFW0?K!UCV{5lVV{sB zGbY&Zm#j{uD=g${X0x6UsF-W(#rVF`oqDO8&8iakOm{hIrI`KIZSB|cI5Kc-4X{Zf zH8agNG8MHn$3D~;HNvq+xoIj=tU~{OYjN0Gn0tT}I6XQyU$aSCP>ZhwyQ+ox=x`Nv z^>h$*&IVtrkbBl4VsK164(SRfBL2t$asDw;GGRenQl&nXTYrY)Z;!CGY|Y_lesaY3 zl}2*$5z!JYi3h7-MX5fv4EUB0>sIT`cj$3*Aw}xlL&ppGym_3)SurPOMOr0VkfTjJ z!m@gTC+6t9cw7xkeESkZnl!KRR{JD=xd9(A&pjDL36?GGBu*G%?Fy2nct9rXysTQ$3t-I6Ea?~t3;Vr+o;&8-VIl1-l^r*HJ5xhlMj=`AG7mvqJn5|T|qJt52V5EKA@orY<(xWndOHw7tE-| zYQd`R?jxIzgHf4fcf;B=oVL!}kYr_hw^r;#S5*nW5JHg*S&gAehH{0Ze12=q zT;rvddkuqKQr)fRsV|qR=%k2RUkK}hH#UBY^w)aBWK8Z+A`W&Hf!;lut|LL=Kl+J? zcaRU3PoV*=miDiHO+HWNUVi?I*_`tr+UspoJMUZ<)@<=g*zv6XT}pe2SsUSJL+YYa(r( zlJhWci}2lEpQrRK=#cMNXJNe>0K2B8@H@}4CM8C{d6vYhn?UHXp~)8ci}jLjrJ-cU znAI<=`4V;Hs}}9MSs0iDDeCp4!Lqq+tsNFQ<^kWDEJQMde};aUo@vUkpV0+Z>6

zT&$(r_B-LSAm{`Am`J9DKj!_1_h6~+K#w1iHKRRKY{@{{H z_u=py!kBQ7e~J;f?`sreOZ+ExRd;V#Ldq9K8VE%frPOfafk(=Ss_iF0q|rbZ~=a`KZ}~Kx3!y$oUgqLn-u73%-IP8@-oZ-LVLcdxBWBuw~#J zwbmn1e}bTE`CH;~0K{O*`X_vd9ehe>FoB~aLtl|OgEx}b;xaf-4S!wWSnn@7l2*aXiWo!i>ywMI1X7QtN&J4Tiz=Ldi1R0;O>nHv-;vk-D)e_M zzd-htJNGJO9A_Y zp@ag~j7gc_HF|jt60{Z1k1h{zE)Qu=K5AZ2qMMTo z;r0SQg%t#V*%$YwuTMz!Lt4WuJiWQe!@(M)8srXQ2cC;LD2Iw_h2VKta@>!gSodnLsVn?%;2W zMGz{wr$;ZSG{Go0g+T0=1BfE5E~@c64pG<9Qh*qLxGzx0tE(vt2<$VyeVjq&_p0RCY&Ik z1){kn18}g0fzhu9oE@$KSEn@8z#+GQQ)=L_@v0SYrsf0u0T*}PJep(v0>G|aQh&YQ zDbVZ>z8Z@JgAfW+13v|>U*-Wf;*c>^&6q$ue-MNPL|*vjriQ?Vss8Hw1^7w&FJ}HW z3~-I?PbxS?lo&Y7$Pgrl_yZ7ZNg!E&4V+Lh5d7k|fD5=7LGY_3hU8od`Y!<> zZxCPpE0aHgYn)2IYAH2D{$Hr$H$GL(1WFwKQYB%?_RhbL2??OO5Y$kXoLjv-;JsEn zVF--pH|9Ui%>TyyZ|eVTy#J~fEMyyQ;E?zam0YEqNL-pl_L;`Gtn6?4HGz_rZFFoatL9Erf3UE2VC1jqUT^0zPXUEBMz%^yyE)sgvH zPZFJ?AkvE%xj4b=nU6LO9D14^SEB(_0T}BKSGX*_vJ8#oWmE#9+!gi9DERkAz}(L8 z0n`tW{Uvv7>hZ*p|6$2Y`@)AGn-%_tEfsUw{Njwk%aW!68%3sK5v+XV(DMV$nDfz4 zXDqZ;;mp%HM0&G2^n7mFdDX7qHf-;6=1?IaL^l;c`?#CAkR}cT4D9(Vxk9rTtMbE}L1Lp5)oOXx?5e4rj zRh%(Iw_ez=#Tp#%AI%^0o3=@`0B+S7_3Yfs<*Y2m!Yu6BnW4*BQ-#HgSm-Xl%UJ>^ zwX*FzrdarVt9UB?nFG1l33F~}cL8P8e5-V7tO;%7o&&vn*|W56p6Hdn85%*$pU`ee zpI+VX$5e6j5BFkRroLDk`u^}CzqlR$af#~t>l}yN`ez&b8{51c_46~lydSgjo-KLp z%+LwC|K#}DpKkW(q}yvglUkZ|mT|``t~h3!Nv=MsH@cD!nzW1#`}|4!_sEea7Q(c zHrEtHws)Q(^TYj&O`~?uWbVhn_B>5%Yr^vU&i0Q3@*&yx#25I?L%6Mx>pvY0eId&g z-%Y8d6HT4X$yV>rM6`wz+JprV1mF}k9=`~5ZvwOZMA4A?fl_cc)?~N(xI`{4zES&4Y_{=c3 zvw8>dUbcmbsytu`o#r8Khg@v?V=^Q#vnwJn)vve4(dy7L#Eg`=#25bd*YMSEtYi% zw7cncss(s+-g@a58|jNrAC)CmSM$CCHk!!6%P@V(hqEU24B}2qT40Vfl=)^hnxe!y z3c>P3@L+e#%9f$g?M$y;CE(gQ_8|e~GM$%*v&+$UJVli}yg8ShJR}q5Xi@t5j-*ro z4cEayi;0=_%9v>>tj96yRmUT#)Fq;1l!xINKQdr;5LP@2x6}`!^ae3OIX+?l5$#Kx z{T$xc_X3I>OTRHS8@c09l`U3=#+tKaQJuKAWBY#GYlKki)Y!5ehc?Efj zi(*_PGwH={UBX~$UMSVqB;9#2Gugy+3mCzc^jmj{n3T!|zc&uCCfu0_kmIylG76BT z`}7{s-`j=~6{(dynA>Tb=l_<7^zO%qUvuUUy|aNWX+IDv-jC*mnqEhK{S-F9kjD)f z(o3<}#vtEA8jlS)rWGe;FBCp#j85URvUk)NKQu^}M@U=LxJct?QmSFS%*@|Wmup}# zC-IUWzC&iO5O@~H1G2lR!q1WbSuPcZa7iVEw%u2g0aH4k?~IVn%nP2xHkrk<9pym^ znm5Cc!J62GJ2M622h-;H2ut zWE=7`deZsW#n+kB|L{56H+3Ych|O=V>x?QDAD4tG4@&nb*+SWk->&#;nZH>0LOC=~ z8$M+xT8?bluM(Zz!nQi_4Vvv%7eU7k(kO;-uxlzLAP1mSS-zkjq_A&TZ-(#))|j9e zr8~rCpX8ocn?bPJA@pIZ zu~}V^718;!8KEaXoqa8c$sAtAyZ!@d_lSlPueO}KpDRBdHE#uDeecD$S#+F9dbEPn zfP6Q?!E&KfKjS4msNC#a^iG~4v0%gojR*}`F0nH+Lx!UMu`i{HT~rKSNJcj#i_oXE z8V!SyqcdENhDPBS3qO8Ai`^Q%N)tm@BtW2kVZ>GAiz`|H=UwdIShOe+(vGl zqdEAVUT~skA9^@__u25<`W`{HNalt^eivg|p=0q}Iw=9Uv) zbX6U}m+|DM^6+RQp3n(34X#y^0X{j-6kTxc4F0pvTQ`Tdn7la^(41j8L2z)bsu71D zVOxj!krWjr<+Huc!Bh9Z7i`7|r^leuQ!AWR7vIy2YAY{7_#M+{OZLN; zlllMY=G@XEn36J4q*aD7onV?VFw?2rRBnp<>a#uD->_fL=RD_po^$y;@7Fo!bKszA z3JmS*du%h+c~4mE{TY{T=ezCxS+vG#uIZ_w4tNPzAV2=Y#R6Ga;K>^zc6?3s&Fe{L8zzIn*G}Ze|4zHh1`(MhK=xZcBK+#kCUR9h-_SJXr@|obZ7wI?%(=(Rh?0z8$_f`LL+HdWNCv- z@fm~))apr)SBDpG2M2#464kn4ftTx@=9B0c94q0a6vy-xIuq&b0m!l?52}WQtQ|*IgqmNcFNx(hafxV0CgsQBl6xhNE zSizgaSIX`=oIF#>zxuR)MXA$LrFeTjWXTO^jez*7``P??Cs^ifn&(qv*@Jez_OwyK zNY5oAzYUIf85Q`LAd-^Vu#ySRF0N#9()dLBetHVRk(nIjekgDg>Q*=XQ}L;-hkad{ zXYWkrB{}XAgYLdz`k@L>3fQ`ObxpK&^m%n(=<>jVJ#P=y2-F+9n;6lVDY2B)G8vz3 zOMaFl!&hOfAZAE^Nw0HdKuY~!q59fl7*5Qb+NrFouN$VVgm(yb`0ZtNn_s@gk0KgU zS(`jv>OhcVZ}o;mkXJeDFPuHXn&%ZyKWNR?KB^faiq0I=ALXle!ICO}lLbNpe|^2; z{9t458)nXj$}g=OK1S{xmro@R2B9vjYYE6uulbP+ep=;~4+PrXncKN3StEd#Pq2b1 zQP$GX-OLIZ@C@q&bBR~bqYdU8DKEDup-It(KUovCOm3&Fr`=0XXOf!KO&ctg)d+R74b<2F_}7vUYDr*JfG5eI@CFpSN! zBY7Z8R}1WsM_zlV;`6xS3r$f`^hdx{qS;q}&E}t_CH$y_gh7GnU9E&Fda6#=IWea% zPddNM5qu`SK_ z2Ac+8A7L-~`*iWj{b!pS{N)&63j}AX+nVmjY9qxo zDMIoj`_{gy2^8_&PGdsZKzPeo3y_X+!fHSCJdmWYsyhdj>qM_y-}R3euuo4c=iTcG zb~XI`Jw5WX7jb3ijhE*e(o&9_jan6Ll}g0p{uFZBUKvh3DC}EBBrnC#fz$HLk@|ih z_WrG-W$_(+X`j z!5G3X0CIw2iWd1OOBc3CPLw}1zAUwdkisBpd%{Ofx3-0T8Tf`8R#y@6_(yD`0_z?)C zuT-(Vc(jLv6wNBn(KRD&_AIVl+e!%s%W`6hnSL>_kzRXQVw?BE+v{b^FeO5UdmP#z zFlowtb^>R0qtdl_+^|Vb`Gew*Cy&0+QP4#JTiRffgL`_F(Xz~ve(6_VyS2xzbV3sZ4>g~aLX-8jb%ogs#lOOGxC1(RiCYE+h$ui^W#l- r=;^t0vk4f0g{1G{q=%1M7VOw|dC`$c>aT&HPM6_h_D47FKA!g%l__CC literal 0 HcmV?d00001 diff --git a/content/v2/authorization/design2.png b/content/v2/authorization/design2.png new file mode 100644 index 0000000000000000000000000000000000000000..8c0009c8ea5f6608a81bbae1fdc96d5f9289a223 GIT binary patch literal 8977 zcmb7p1z1$yyY2uE2t!B>f|L>>jC6N8AQIAplr(~LNVkY|BaKLRBaMKB(%muS&`9Um z_`B!-zvrBLpXc6ro|(1xTI+qkcYW(y-`cZwu(Bc?4~GH=1Onm7$x5q$K$sBVdiFjB z@auZ@wiPJQ98}lRXo5!R9)h^(K_Us$a1M~BFi10d!9o^fU5<291Nk+s z2kU`iI#G${psfC#TnAA3*nYJKsBz}7{UfMr>1Z$lG_-ayy>&L12tw{(Y<~r9A736{ zTmwdLZ*LW9bMyeEtd1&*s-OoCh-qn`u(7iXi;KThR@O2wFtfFF_VEdfh=@;5&nqph zYiap4FfhBYu)DX{hY^bnAhB&_5e^^_8R6X*t(WnS7zp&(R!&+%?StOV9G?D2_cW%h zo{pWwkY`5;6AR1duhkfFPbwz;N#*4&x=(L;2Y!pV4AUzNS1FiIuUy>r`_@zyWpg<& z{D~+1UoQNADST2yW<^N8Hn-&OiFlW^V1UE}h4Vu$+S;NXxTEGBUT4A4KpB$bTYmlb zc(<0nTxm!_K_ImO;_^}(Vd9`emI@Fk!!K>C`LW!nrUrh%x8cR9%m+c$POg@!qt2V< zeb@DFp=p=4rL5ua4&kVNuJZyZClxdh=$D1mhUgOo-Yu-^zPLCMyQ()rL_wUmyfRJA z4X4s+e4{Rw4R8`Ff~`Y~%jL)l1Ep(mG5kB2(x;30KX}c#m!ICnq94L5d>2S0uWg%l zJ!8ZKGOj+n$c1pyQTGa6w#lM_d>B*<3&S(BM8>{4Ku5uInIFAleiCZ%;vf6o`cCS& zGKHVjcpN?s6S#~(1GU<_ebspQsa`C?T#E0uerbUO>!QE6y)Vgad9Bx>T%KU?o?50N z$u}uM8xY86wfbf|^1_V?a zljnXB!Fjt;S1cH7{z3U~KRoKE^O|CU!vkQz{IT?XZIv25V)$W0zu$g}iYS}%R?LLO zwic$8t>QBgm#h*!z+LikH5<$Oi{hW^ld!6up^Pm1m>}k^Q`Xn!`X*>|Q^Zaegd#3V z8-FkXr7x?@cx?C|N8E04vuB)UC==L1i>$UGc4}|DUl@Vi2ym#SG~AWX-1UGMsowtl z)C0&81#6jUs#SWWMxTH%sK8gl8cJ(k24+`n#BJw+)V+TNV43v0DkCVeE2q3U1phV2 z$K-TdT#&@+xNpYalcK7F2pIChh6<&sY6CYqNF19M0vZl1^)B7tB{DKaS%S6h`@%ld zxzM97DoU^nJxf{l2J7Y0o)_1y6^OhRD$lDv=Kk%&?K3<>dfeUlISQ;SngyF&>?2iA z_NK+(sv^v4Z1Q5FDcylo6I|vfyPO0}o6FpMDE-(pm3f4MyGQw_eS?9t^s-?5U#Xyc z=E=@qz=vCcx>?mPgerg89CjtUZOyG8JvkzjAQdKbKlJv1OF_lY&k*|oY(J}VwcVRv z5|f_mI`!FjEi;M*_Xh$B!0(zC8JS5qDuGo@Rw!GRZ0arL4?WV&t%_GnZ++XgC*$4+Y@#=_S2 zgWAm4qoGY0f58Ywy(k(CTMU9fn&(rMOMTy@t%QPJG+GP}6+g~nnJg7vAzoe_W3l9} zsbS3%JH{TvO$Co;R!P*N#lN712uHytF(*wt1C4n1n}4 z8q&I+LkRI}xjgDJoh#UV-GFD2;KRD0&%9J;w2%x#-lNfAvm*ulwrGOrI;^-tv@V}h z@EAsXSUPyXPn7{3v4}^exLf$0k+Htpn(;25Jk%RG;R`VR^w)MLhoY zf0PpVM$gM#BA78NKrc;V!Btp+R`X-c#BDHTNN8tsl3^c4HxcRSv1ijEZbsF~_1h{s zS4-~H`v?$7nVcX{7=74zY~z4B_2CDHmr=k*roOK;@I-}obc5r4fAv#TH#*1%wTMj` z@FK#ZC77ZU1f;tEpAWO~@eoEc7-Xjm&)BBEzFrE6oWBmMz<+?{bg$Run3U9hhbGq1 zhiQ~B&!<@YnP$zo9cXZSJgT~jZQkQ*)|^|k#rw}8huHnd+EiH%vSqd#Y!DOgR`>Ks zMA&6y?QNGBdiRLFQ75GtCP)Gb)Njc?FfYAbOvhMRm3YNLhJKw1qIP$pe~cYFaYf>j za@Ectw5@;h45U>^7a``*PLq2On+}c)g6ouJ*&2c}5QTI-Pr($5crW|6Q+!*#>%g0q z(=pUivjrOa5HPZA98r9S3^jD?2%(x~Jb*qYZnkJe8W#O5|$obem-s zL(5pMdlAY~5pMh$J%v0rHcSA6piV8qy<-5B$1CKt!lQXDH-GpiQ@ZFkxhw^g*f1m= zP5HeBsvA;r7V~xvu{rsLtE@NMjgpZFjfof4O+&2h?}Mq48W&P5fYFWav`z>9))URgv^l(Sor1>cav}f0 z(*>_X-H*Z942E|7;=`>EKZc`mBb`>1O7>p2D4w-=ICn*uKjdJ-D|EoTSzRXmc>M_^ zoU_#}U$RSB`*eA0py4vvM$%(FsEY4OP|MkQ9k-)D?Z$5e9Tc%C7|q^r)xiIK_0jT2 z>oUw1{P@&W0gM@)8h__AGi8`g={teMVmdipY00Zxn_27wsRcvtLzcJS5$Rm)qTC;S zjficV3Rd4%h0`CAFQj4H4Du&|+0Nq1W~0||BWH*Yl5O6}{3f4VTJCFJENTS-eEEq* zbi@-Bb1y1Ek6y=04r6CJGe1Encc=Km+d`Zg+ZCld+m8$4!`cKn%SX=O#*K?NTrEWL z+CNgz6udTuU`(d{ttTv=$?Aaob!lKXy8l7V`3OamdDQ;Tdl{IFYMt+qQ{Wwlk2n ztuKGSE7J4orIxA1*6-$!$^|6CM*!m&-bA6FW4>7!-&2m)J}@T#SfdX8gZu>7V#@ba>`nh?<#hbUM9l2FCFyfrd>~c zF*_%Nyl;M1Ab%{nsmpg;QOSKVxseJDBW2~+dgHepP*!~eA;f$#Nd*b zgbF-5tvhP2v5XKRZLFIPaP)Sro)6His-!e*J&6b-Lg!O zoavpEnfya01t|S*@ zHOsE`f>Y_nM{e6WNb{GFVPlEj@~@m}VAVeIPshRXHqQJU-7?F9l{AtmbG>XHF8AD( z5QYumulS{L-@S5e1w67_qFXz$+5MtL!9|Gk{)K1IUT+ZA(f)zmFBvGk>_UuzFl234 zYJT~L5T4E^j3C%u>H3USY^4s?`hvuHvXoBg`@L7Z@6$PIRb990{c|q7mg*8v$y>_) z-mCSf-{Pidp1E*JV~NHy0gSW*SmGtl=1BSt&H-BsbS=tjnI-`|>F_%ooJWUn56%(g zU2$eMd+#FqI%E1G^U7`K7~5&i^1OQQq!A0VU9^H$BFX`C`IQiJj>po(58>ek3}gk! zzsngWNhQ~WU%!VO)%`iExN6m{D>Yp9R5f#buEo~<&~oAZh|8FaV<1dcWhKRzU$rmp zk3lB_KN9@QkPy|a9q-?s|ztLR8?4>Ew;+Z=Yb-s-D;H2Yp01EY`Pg)$rxZ^4@A*yn4&8?6T38 z68j8-lfw1DD857)CfYA^L7m<07g)~ZWISBWsyD!y8#$Bj;WR6{aLCn5`SMM=Ig@n(H_9sj?^C5e8=aHxML!lbOx2SGpReR7+E6ut^XJ&m(BLwY8MzO}j zx^@TGH$1lhatF|Cfs+iFy!bM5j|F!v!K?qy$Ep3F!3A`|xtL*mT&FNBV=y2xpD zP)Y5NQmV9+D*+-hCrApDBFfjRrYd2Qa%I`?o4 zH84xXKz93#&u(C>J)Enl>E9|}w05zF>v zE?ntUWPGxeRga+xc+qTr(teGcd={Um^4 zr15=Hk${XNQUBe1moeH$h!vA7)si!_O`qtF0^eZQc!7-5oR{|^>iuWOKWuyXjat89 z`vdnVMUIy09c`$u$kJtQ958=cIpn8O*W@PaqvlmP5bUS(s_g#J6NG@bCw2wid48D~ zP;}R5@DvHnNcI*T*XxEobi%Q_k2_kM<3`;0!q5%ik=q4$uKKd$Uuj$1hPM#oK3r)% z`WH_xT>@;wo-BboBk$dJd_1adht#E_IT-+_-VERZK3i`nhT3K?E`S`^n@&l7XRJ5{ z0Ew^rF@&|j*K$Xvpg2|=<5)bI7x5ndIwcYRwsSoanc|zLthte(ED&B!Od;KV;wZr0 zaEIOgPb{U&hLT70+r_$Q)GSIF`aAS?IpmpRSh!0}jqa3dC*OTcTzdoOy=RFMQ(O0I zRac{=pmqMH1Ns8bvodBj1>aGR25y~PT_5Lkc^`C=Fi({-#{U^)qQJyGG;sVcsH3EJ z!6~9x=9>~LP+iZRm#L3&--l9>u~u!4pLEz$i|Vc|pgC}S|1aW34GtLCxb`msr>lNv z$W>-hzCnV)IDMbBQnmWq3$57=A|Vd$N^P)SJ$PLzb3{tTVqI>6qRVV}y^F`v0Chd( zZ+@#*?}I>+X~(Vhj`!0pKMD`*M3Qw9XWVg2l`jN;07-o%4y+IqFB{PhaqF6J>uY1U zHUQ>IUpCY4npsMKU}yN4;1-$~li!qUfSFxNH>;?y#LV8sxbae<{RlrR<{K-_awzjO zg~j7fFZ!7L=t&nON$Pwf4j=8d{#tdp<{UJM3K<2+W-YzOnxQ>!$x9T7k zm2qG%q20Xtc(_$}d4Aa48h=(IcVyzy{8hy5a=DfM1IFQMf$u4BL8bEv`qouzPOgem zl8!_z*^pv73GjGAm44rjn)AA~%SH$HM?o;7i9`YA$yE;*Bndx^P$zF`nfiU<=r&0u zR_AzwAuqr8vCU7yLRn4oczbFTu0oRr{PkYRH(cPsh@(dIo69DdHrx-Vm~H0SUi3`< zcFA1L70m)Ru)mUgyj?b`nJ0BB57Cq~miJd4SSx(BDqOYAxtgv&+rUz|46M!cB17~Ny^{6~MF74*4OiSB zWi#{Tmq||+bc0EOr1=yd@uJv(Zq2?a=)3lzT-3o9zR2-csXVNYB_tzJQA2{(J)s-jl{meA4)EjQtzw#s-PZ5B zxWpxyl+`+j46#eeN?LgeX){SPruEGJ!2sWK!v)>%q;-JxB`QXuk&FyMBIAtaeZ!5( zzt%-aG2E8afm0UICrQSmsxGXKI8~c4KNt6`Tq1IkL-CfZ+_jA_$rqvGp6>-?(K!i? zb2i$vlX_y>I8A&{r^r&k#3PGnVqqSU1jf(SZ(4MN8#LfUd-$~Q8*8Zp3*}c-*qkc* zS7986^9;4B2%h}62?{(;lN}~#+4qWnqYla>7n;67^pH_SPhRkfl-%$iOE4nh!bgT4BrDmdh*|YA9*jXq`0~Yl4fBvP{-E6-s zxq&8tM-5bG`h7ELMs^z0!5)jHI#og9la(c2#t2KGeK^^z9i&r}5n)FV3j2bbr8As9pH8711B=<^mYp4>`c z%dwk4tKbe-o9L}>NoIVHAwL{m!V!a%7sd6Vgx9gMQ0cW;XfjxLx2)cF!;1bn#8H1d z^o)(#=u%Yz5y^o4B-wf>*eb_9t(vPU&jl+ot2maPsWJQ>skVL%ag0GP?EdzkYqs_o z%LK4SD777E-*{4sqOY_JXj}BTn1m-L}GY*=M z34>`NzD&mP$HZ1paW_9zp3bz_H09G_e@1# z^S5h8!BH*!!X{xUM60{9vizfN^yw16?u7igc{j2{Tq)5lotqkHI@N{C*60r=Da>V~&!K^>13#}xmZePtmQXN1pWhw?Z(7vcrBoR) z<&tsgmJfdp9I}Sau5S8%bzRX;s{D(K_3I_2Ol3xP`rsoyw{;;-(a~1F<|;g!k|?y> zPBKMvtygKf7bAiYeC4M4_piTv}<0O6vh@TRmr%WbuHN(`vG4V+^~s6Htctk6ZJ zGt?TG0Opp{sMpB7=k|dPaudRqvX}{>`ECqb_kBJmWO}std z_c`f5(9u2f#erw<1>dc{c?FeS7je4Ds5E#$`Gh?QEYrt2wCYyH`CP4EENalH5#H&x z9s^sQimz&;w=CDJ#dRG}0+00S{~bd9!jO6K7wQ+|2=OdXRl^H+S>nK?5~PW53rmb4 zD+DK1x1y<%n5ih!zJwq^G6pFb#DCu}rKo9jfTs`c#raV4gifGJn&6b|? zJ=*uO6-W}DyV&))A${NU7}G?;z$MHfm6Y3G%}hd`E!!HO@|<23Vc_W8qqa(U81)Rt z*0hYNR}&D_Tfh@5F-X&`A-wgfSF7TDwYW52y>H|QF&Nu3s+zFvV(#|9M8ei3tVF1B z*U^;)?=)#VNnj4YxRN&x{Lw6d76SXwN3%h1bAE21zFL{FHylq?jHXnc9yLKw%Ic}a zcgW=l?XGEBud8UASZ9g_XU_3V&r_2eu0@`}RNR&Kd!nLX>>>^K5C-#*8~&&5^_4Qp z$FK}V2NSFHkDF&k6%IFP4=as*$$>{v--9WJZgk{L;yyVRcNxkGO-%&Sf9{4+z?0jb z>b&5D<>=wDnqg(^cM^2|IU0jxpb)glADVWUwhF9|A0LzH)`dIFHLb8j>lQ?fueDMY zSUZi?x#*ZpZo1NSw!tFbi|*|)ri<;@F9}uM3)OJI6L7|v&K-RS{0aE=bDPN6*COKF zKeYbRj=5vg+r=Z{ZQmEqxB4kRfcFr?H`~E+<-+CYBKD0YkPq}JrxpiVzv_5}~M~6B77-CE}mpO)3 zU~!7+g>~4iuhg{8g)S(xKkSQ{(ysaSV4SS(0w!6yy^QqUE2*~)oyXS(m{ogIgI~sj zolSwz!FBJUG3+3C>{Yl|D|rPc_%Oe})kpZ18^GBzSb!TY&HA^LHUAdSh9axv= z-Jo62MOVT5iApY!`3v;j_rn~^UEp*c+$JvH8k}HX;tivhuS;NM+;>x{^&@3T)h@>- z#g$LXUmt56IJ2Lq=t)2()f5JSzo|o)SSQLVKfOikCk3B?k zk97JTtH}3lJne72-H8DXAEN8=Mre5)!HL^Drj9n?e+alv0 zfv~QWzvFw)cN}xGyg>KXr_E>v2+2k>p1o1V8BbRwHr|IOzO^Od^FR{VSU2rKpZAx< zll${JmDc-f^PnqXyWxS@IU`cj?|C;mOOogO0jodIZ+JU;L2}mPmbnA*&9(a< zPX-st8ee%MlSB2fYk*W{ei|eUijoPgptW%BAz*!vl=|%2$0`AsABTUFA$w@BJ;`hA z3w}S*BN!~p{2EH%$NIXdt7Ui3rvE2C^v}D;z?d0!Ub#3gE0Fxrq~+RHG<#HGuoTAx zi4KRhc&|>aagzLqdHILpwKTw4hPGt>=!unVm2D&#QVP8DiFq!4)&WA4r9?9lq`M}o z{~9H*QM-u#s|~6bT;Wsb`I+k=&W6KlwGpsXe9%Sa9gOXhk&dgKDd_5jd>XK(Z z_$*UfuK^f>m(cR(GL{VwxG z^aKdV=^pOO6kYpVvxI;InxzY{{LVA)Pcd&(r=9>d{fq8&*3w$C5w69s-Ww%k?-}1F zigkEIwDth*(ZN|6=p%^EIQ3UcyLS8roCJ0s=+rxW*GcH^wC=yu$P<}C$|gSf$@mJQ zn@)YX6Y>jLg@^sb@GKiNQrby=L{j8Qc|MQoq`MlgEWYQG=qdR zC@@lI&3!-5bM`*}bI#tMz2EE?_X}OKKCHObwbr_>@9!HcMqgKxoP?PK2M34zzLwe} z92`7P;P(L0P2m5LpM7tD1+M2KO%auzp)w9mZ6fIflmJ*KcGG$W?7_2% z{f8TFL%@oIqc(M4P1(@TVmFVl#jqE1je?UK-rIVpuO=8SP-JXiBLwy_7=J%*Y*Pfj zqTYE=Rhwx=E6Gg7G9!PJj^%wQ*Frcg0Y1KRZx!a;|N8XPXwB@Wolm~Lv-Rhf3Zn{T zquCPn1HOydvi7g9uXI2vM4XYJm^B7EZD6TFlzfk89lPYDjz{KVmulh3Sv1&y41>=KUu*od9{YOAaOF>M*bwmy=_(s{nuUem|y6e;EW zJ(65{e(WR!^CPn``0@{Q!F#&0#roUDK@TPL>H<^fj_&he3!aK}?Yfj2%9cPOlw}SH zn-BX~VDBF0L^n>El&=oWcL({cyLMvuUN($t6zb;5(P>5sxCCDuYHGJ1uMd+hg)KA(w7e64ubw{l|fe!QBAH9TS zc6FCY{(ZQI{qPm!ajnIXkY%Sr#{q&A+MmR^QkrQ&QvK=V4V{{>NdpmZR+4MXXoyal z!DrhWQHyo9g9y5(W>j)MI}X#|N;rB7)Z^%*x+4f-nz#IU<^%RWt+a0Blcw@LtUG9Q zUFtMa0n-qDC#K-iXm8Q*o{$UE*{vM|bzA!@eK(P*>cc24lf_x%5l8)3C z{y*pjJ?C7zKE;fwsG?JAhO@xjFPmoV_(IY4yca;X+xh+cP$s10sBc8D>Nb=GZsHkv zijp8U*h_nzRUGQE;(;LM&zf_p{#21vO7JjD;|{wvTcxAP*3S8AoG1brLsQA2L6&e! z@w*zwwjr(Sr{6|?t1vq>>Y>F(qp-#L-q0{Z$}GDd?5VZo^ju7{zLX zxtXl?ho3xkQR0WK(4p}=t@AYk=DTZm7@n;~8C9ChHh%EWzIg4%lL$5MdG&kNz973m z#9F`!T=q5&k~E6NsD;gU zew>6u$bi;^6=k61F)!?6@fLVPE{)zl%#-^@a+}1>WYH@}Ur@i_XLGFk!a5I;G9}6t zLlPBW=`(BVqer5*r`>%&Zo1u5z~Mur0Ii^a;3SpDnX0nhj2ltgL#bJ$+PqDoqTR~# zJOslwM+QQEzvFA02hrTlY<;B%mkuT5q6RbCItsb&P^2*;Lt1BwnD6)>kLTS{6H!(e zZ{hspT0bns7YuSL@jL?ihfC&(h%Wgq1!aUdOmb9#gz`1}zeD zcOMa{EghHhZsT;5lOvqkVnj1(m2yBs7vTmHJ-9mGH*FC-ozYa_p1DcE>aZW?5$*Rj zca1fXol|X3kR?E7l^7*MN1{c-hEGetzi`|511m`pV^eDeUX|y@$V%E{U1H$%t7()8 zIN5O|Sk#r@eNHe3V-IFLSq#{Bo4C*a4EM{K0*S22c)(t3*|Vjl8SA*3Z$_rJcj=?T zv+&N~+zDcL@V9A;B4f_kgU?p%Z1GLDXpexWy*+QPOpo0O^HuI9i7Vm~1-TmEdsw(o ztV!t^$)9k8GnQ&X(LYoJW}2cXYQt29i&WyjD|%!4>!z|!vfjypujQcj8uaLhLVm|e zh3Bz_1|yr-n6iMR{jYPdjs^&@iS6XLjrKDlw9dyYO|5)-c2fBCJ#gL?$dC^FRg zT0Srcr&aq_oT&5y6Dgw1tenpf+7VA6Y;Mt)qMli_ku%w$ql6%dKEMD2nG?CdkJ4b_} z&Bw0oyHYeo#+=W@MKU>ALx7tjL{YOo4pPH^^p0a*;HjTRh{$SOfPSZb0*7Qwy`i?! zhG!*&bo9rML=aa<+QZ$4oN8eYRy0Y|@uI7UNj&&i_5D!#SsoNod{G<(l9fgzpK)*8 zG!DCe$`|Y=62(ZsQW-!pzFpNm(xyity9S!mTiGS>^M1Pw`8B56lm67gF<5*#pzHFa z{$SZs=rgF?E5?em#PqZ%PDK394Ukf^7D=+9Ru>#RA-<4eJoKduF5kw)^y+hGmW(KO zZ2#jqmv-mP>1xZCv(>m^>OMx9kuQ9r+*Kc6oauMYzuK-$&j_qA1IC#87(IN(Q{0Pt zGPSQ&^;?s;$y@~aAz$J02cK{B+?_VFp%;&&C)de^uw$00dzpQ^2^b=QNok7D$bjAr zl20>u`BpgsF)Y3G(mJD${Rg8h&vbi;%v7PAt>(i)IZm}}?_UnCqHwPU!WIZJbt*a#33&G8I?8fhkiXZ@y-ef87ZqNE7j)hG0w_y zY5UTbHfF25o&TWw4ikx8n`zdr25v5i3K`^+2h>dWbZ?=OU|5Eg&$VVv<`m6ZtpKWs z|6=3z8yH_*2_$U(yeE>0#_0_qd3u}R;;o9+OHeBJM3g4nIzm#f?Hx<%g^q>YjsPaB zqxEA)d?>f;)zbB4!D|~{%bLVKYX2V@rY_(WH4E+G!8N7|$2D#tH?lClqc8kV>u#oW z)x1mHpvsfv`eJE3C7=p2jxR0N#DVs@+pQh7f)Mpv?{Z9LzAT-oH}kI8WD#Vjz_tE4{PCJ zO@q!S@}+_7Bm{|s2j+NZnDr>Z_kYySQ)R@bs``zS4}NNaOoQw$Y`5mlNY94-Z{14p z6rH+c9YKXzj=FbADN*d`ed4322XURIrDu5xnB}&N9lp29@fJ;cbc$&b{c653*Qv9B zYN{?v*_)pX(*3yfB#*SV;6sVLCES`Iy&2v2$_hz5#yhUS4 znM-5IPIJywfWGPr#wb;U8K30`ojjv)GCr&wgPI?EKCX6Ob%vmz@?S9@u1YOfXbMt) z7J#^#(@KGQ1zw_BJSprL$}8OTo|toh@ZSYWu`=1;HH=+)hAh*b+Qisd?nRNfG7ot= zana-#f%TbT9bVtV5?o-WWEWl2CGc}G$mU3i9>6ycF%(=sizHkEua-u{c-c%>_wL6kO( zlHG+}{F`s3N8A8@GOZyW+@tsb7}bR**z#<{>Boy%xOF5?eD8ZK?l*qyc6|30-F&OM zZMYT*aDvuaVAE-&Y?Nisfhj%Re9;U?&=Emku&Uahz~wMPL$?jwbYd>S_d1{-8b*RS zL-+U&N^{M?tujHeh_~X(Ratq!g}A)W=K8DDv-;mD^|-1_^k?FFm zP5zd6q71oB-y1ve0;;bNSMs*u4XZeD@k@M~jX|)Cb+*n0H$WKCd)~#k*(ffvonXfGVzLL~c8)#WU<_wZ*3~VDQ)P3cduk zmzsA|m4|I>!DVwpbmjfx;FF z;9S!$&K-w+CuF&)dw*UEGJ{cR7Y-&c0@{(Y~*rdFjR@MP8=`sddcbfV<` zN(7}6Q98jCOhwMA52c8Q-`p+tdYB{Ch@Paf(0kr)X5JDwU>Bp>A#Bzn76^>I z=@iLv{i^3~xh>t+)1}&(HNY4h4WM+BT>sOTe6cD+?xKG>&wp*%T>b#c=9=@0JqF$v z6klRb&xZtC)jk7%?S&e|$aYNwf2oeobi2sA<-eBPWZsWG5#-+|Lf$ox0?^>oEIIEN zn*iXR0WkOw9_+m*&vG4i#&dWJP;ZGT0Pq{SGgDiLEi{04q*>(WWP@3nU{0pUQ)XTG zn|on>Gc4@Shy18pC)_&p7Ry5(sqiq2mi<+X|Niz=6_}MD-m^(oRVWvEujHOf1!I%* zs*x!zrz_t8D35%pecDo6-OBfC#lIfEq7}~<%y@qw+Hs)5B9Hi_oUY<=_%ZqyVy0kF zq+Mv6vf79toj5AYH}>}?fC1~k9ye~1)jZ3N-I!N-6^wo@t#W;JsamF+hh;;cMx!$O zT0=1%Z~uMZ76!Bfl_#yqVRM$+(Q;m!Ixctv?ZCU9LV6gVwLRBd{W`f57=3pZZs&WF z9_q+yDM%D71BBCg0dW+yCzq(eW!kNBbRO3_2V*CpOySHC{mTr7WN|Yt?YoFb zVj4sbC4^PuHM8w@ASlyCg}7}9B#oqUSI?#LMRIN<1>Ln-?Ww)~rsdv)m8#n-A7ZgdUwezMY}a z+;FIKC2EwPZofVob7M7JhSLSky&5aSy$4raO_BLwa`A;$^xr2UBI{&71D>rpQCW=n zv`G67b%N5LO}EdugfkG0Ext9&l8c|)n2iETZjE@N=B3~OMmewd=BGf-G6z;l8PwZ4 z6#aTu!*g%O|7L!a{pzfr#(&OhgCuuXGo!Lcvbk%SQI`QgCmWe-S0DS=Q?Z#B`yKmq z_$hoPfRD`pOo4Dh!0Dbdd;4#9i+(cJYZvvb8suRsdGko?w}DLKI=A@7k^m}{JaR>p z=0)Hm@+yEaOc%LT{AB{QQ1=U*)9FRL23^ZGZi`APHJzHL(x5Ce{SGH&Jq$%NQzpW` zW=0kiY#cLX{+_m6V!al#--50!p2hue`L#LTG+e*|hj~eK^RBB|=>HK^{H3ezj9sq! z*=GrBAzOmK6ruJD;3VgT9$e6cv-dVTjB|NyP4u>b zo^2>1Md{8SdKrZ~qeJyHgh&E+m3fdRlFnUYo(hKKy`pYLy7N8Hrtw$aD*H7iPuGZD9{BZ% zYff8jjO6v)3fO@zloQ=jBj=EqKg6BKPP~bbs~I8vK<#0|Ywk2=Ne8QGuC#g1EH@(F zMd(M*6_ofl<)7j-BCu84kLc{6?4KZ0oTC&oD3DteW$(z8EJHfsL|JqJH-b(q^`EIkb5&uHQqWb+zUTypY(_M}y z(a)23`LY73@wJg@deQLS3{o)!gZzbeSJ0OAKop%LkB z496m02T?OH`A6$PE+;dzGlXjQhsM3WpnSVoEmM%bop7uepTw-O*ZR>fBkR9^l>0Rm zP+TH;S#fNq_Fw#4yinF*>lDC9@+B%i?si74l_%_8PpN#gHvf9yv&VHY|D~CMy`Dna z;*}Au^*YTI*;8Lv5EPH5gXFyx`4&eSENFl|N?&629a?fYyDt&F?^cDC3#RDKSJXJC z*Zg?tmdM_BosCsb8%SW^?UBltEt3aG=<9+)(0`GK{!=qNFc|{RB!@-lcqWwHtKY3R zGm1K2d7Se25WQD-SpSap$O0HokUt~k66A71QWt&ZoL8nyUC9BcN$U5D)E%j_SJHbzT4Sd)r>L@?+%k z8EGyc6EMnpl<S1?^x zP6+lnIE}H-_wW1pDp*(w7(&kjiQUM<$(?K5RuI>i9b(AU#&sDmCszlZCL9wJuI`P< z?>8)^yOV1px?y1-a+Ux!=wRM+^jQnZ!!L2N!836aF5ep*XKXXghYsto*Z}3v3751; zEgrD9`xx^!TLApu6HY){aW@Rp5^{aDlB7yeYtM0^FpcFKLve4Y0Mlnrs-BV~ zf+7TXY~a?PA=(IgW$|i@ zmvkcwY$J4N7I@g35lUnlSbefPXUfQmfxA!4?Ipl3Lt$(_ zL}dlRZ5YDIU0{xsC?@P_93!|;O%LhAYYPv!>oE5A$kc;KbtLALF18Nj38;QjgI@vo z>q3$2HSdnf{@nBOPr2pg?U#+;j0yn^$rlKy)lMq=nOzs9F#;JxvXM-p)C7B?1M0U# z6EopNJ>oDGlurA!ML;&3d)%E(rN#!8u&xz-O1{Jr4v9!={-e|^G&2?dN85ZT^ z#hNgzDr^RbgXtR7NVDy!%1ZmhS5!8HtHZ*+q5a2;72nKt)1tCe?}5*w7{aN`;!-lh z9ad})to0}1O!)L%lm<6hj~OzBjhky4puJfArt;gp@Se!HA0oPB#yeNPt3#p|KLx-R ze3uk2F84#4k)PcW5e}+q@1n!hdi-$zY_(>Hn5hXYw8xW{l+(o(@C)H{SW|a!akI|f zpaIYApe#8b5KP>S680~kmo^udacy{>y7;BtxK@zC$Q~*jd3Npp=1+E8$CGj+Bh5#Y zy16prYV$4b=!$ZQoL4z*clYdU^InZBQ(9&D0}O=lHTND)SF3b1D;f7>p3E;KIuYXX z$tjH`szeCMDvCP)?tUdtVS&FIJ1f#5&^O9iRg+QJx0TVGHsH>1uT!TtFw@6NMGVv%Z2 z5nw+GJNt?x1)6LeT+Lo2$D@2olsmfwhnnC$CFsRAlYK7L)d37LBV){L5>HbKR=eV3 zui@EGg_$qcjwl@ws4{efuD2ARYlbmr5om?exZg9bODD(k5X8^z;HrH+Z;I`+mD3+` z%WZyL=RNLAqbbg(5}oWQ0qqMD){Q^jx!h`;Zx^{Q!IJR8`|!IAPvfJ?G)b};`)696 zs#^Qh@<=6oKWI=*-5-?P6Cgccfktz12c3JvrJ`lV=YI6jofNZE$SmX3{{$Q5acW1B zlHMvx^dz}IJN3Oot4+sX0WR=PfcxX7&vSP3oJ7Twtk=qD-qb9C`7Oqm%zhM(Cp1qCStG+bXwQO?;OvPq#bs|R^YW_WaalNz$585 z^@R@lA+#g3lYyzR3SUYDZ<8~tpKaH?4oRa6bc!ux9rEE0G3ZY{J!`w4Y0}lxdS@ns!&=2EFFnB6MeDlt+}?WBP;p+)aY1 zj57}jz9=51K6rg@FhZr#_s2uT=zdk%5T}S=#-tljvgrG2(94o1KdTE>VI~ZBK3Oo@ zY|^VwCSUj8(6M{oPy5L=-oMzwX|AdA+aMA6;7=Doz8GC!o-bWXX)=Wp6gV+zkED2J zRSsmy^>uhc`exA#=UH#HF7F3(Cf@Q}4x?XGiEF(ZJd)(-$rHuI)bg?G*G6pM0%?dK z{EVLLK{mrrQ5qRtsP>8)G`2ME(9=uNx^|Ty*+EMH&Ue%J5u-;gL#(A5d(;ZR(71dI zUJ5#GjJ*ND&{KTP0Ao@(91Ywksqvu*Jqx*18aKe~(hPRaO1iZ8wMFAX&6rLqVJ{Hb z%3%J1NRNZnOjBLmHdFx3INC3fMD-p7-{4MEm_X>2szs?V3U2!Q?8S-c@GF$73YHY8 zd=4m9Szj1u8c9^r1D6zK#|ULnPRlZKo8 zS5%ri_A^B8>i*#&3N*Ilwj`&V&d^f(6ZTWSi}+;Tg~K63r8K>#=HBVADc_~2{(9u| zh~7;vKQnuuNKuGZ=d-nri}&KEjmMp!P{y@|b@@wLuF4FF)`7Ao-HKY}GRthMUGfR% zvO*s+(WgUl=RpgJ$+udgOVPmr3lu_^a#QZP=(#;gBI0boPxN@}l5RZ}TF%0TX~TQ^F;W5=r1~iZ+KWBfF3t zOJ{-fU#YG{@~bS`w~eTT?n?5wDLe)%w{dky28Q0mbJ$4MGf*+s?#999Y=lnI7Q!1z3? zi3iluXI~^ zZ&A<*{B%#>9XigPfN`s9)}4K~TxNwLQ65yt6u2}bhrYW*9w&lU*vvq!D#uYc5vAMK zMimr=|BCD-JR`d&Qqi(?5I_YPx_H-K!?&O2*N5;1Y(v@o9!}H?JjPuhXrM3EHp5f^ zv&_8HsN$*Qwk#s*Cdks?o=;&_ATOz#UC51yyCP&UJr>>*t2<3e&R5}})33s49cEi0 zWF+1e1qwRrX@yfFnWvOG^VCh0{j4#?h!T0&Wh9|;v=#RSkyu4o;1YFh|1sAP9Ckbk zSwcj4zuxFQ>KlSoxWjMl!Hm@>IiFLR8vllS_FanaM4~%R4YxI={FHi+zIaZkr|e!bw$cNe-UMDtkZ0grvK~%pf~|55bXKK-Ga3XYQ+&IfY-3zv zHpE#Y9wQrV$PvC7YYV?|#ZkBUqE`iV&oSEm;0{NHsqqfz0bD+ktpIGz%0g2#W7k4( z+Fhg}Q^PaC7WY=QWc>9Yh)hkeD1N&}K>UiLwtt_{krfaW3%6+pdBT$iGF_i=EyAB> zz*Q?!;p#_}=b&sP-D=W#ibV_qqVMWWtnA+Fw-+0b>+I9NuX|Fez(euCV%6KK-FWfo ziy4xKQr@|L6JXihj}TcreaHIak5=>zY}C6~m0O&wG5ylFMv2(1YTP=P1W&ncz4)Vh zSaur>!?CVlG!p6j4d;yqm&6Cz1~NswtJOa&=ZItmTKjm3D&rjh^GAIsreq@7xZwM$ z6Q%G*^24alJ&#bXu$G(2@LsZQ*$fXgHuSL;W$vi)^q^?hd|%~?wE265)Tdr#iyHl4 zir0J3)p%dy;R}-EO&wBh?*oQ0XL>6JPqRe*l5@H{ybDMLn&4GRddWV#iEpuE=%5Xi zp=3SckirSdwPTAPI?hLeJ$N+&+&}NPOL8!dgwmxGYo;Z~9i;!zX%xY^A z*T|=wF~<}oao9qggbc0C_!W63aMjVBC5V56?k-bWl^cV1@1{V5`&Pn_?@ykJmD~ss z_pas4Vw8B$%p^b^YZP_*OtQhQ-ew6AQNtI4@ow(L1 z^2eC#r{5@%CO#WI`E61)8U!U6rmAKA3Bjdd+ZQi45q%!frNBVP9v+X5jH?pi)8asG z{#jL$o_C7~I)V?tozMqKd+)_srRl9%mp-g5dPN+`D_?NrU*so=h?L)$K9?UULn}qK zJ(X>LQ$nb;o@iBkVI#zEnYKKtK15X3t&NU;HcJ!|dF$LwQUfF{gU^|Oe(5=M+PhIZ z(ij{c^x>*5|HYg&OW~KZM|~0!Q0fbSuSJ_I*|DMI&R50iA)U?D8+gzDqHMpAnL8Vs zzURT1vzj{?R`lvpFA4Ut1lO*aRL`?PbfJTC`(c2SgX8?JNVrU*Ei1jyvv^xowNi?m z#L*unqR8&c-`>lt%b42L@o%w=HbYKySBi*Y#!IYN32Bej=f^l5L+~TbHFlgML_h@9XB_ z0S!e(n-}NTP3!k~Mgexop04=(V1je@VOZC^yE>>RUp2N^`2`lzH)#ps-iQb9#X=$&vB3WxFA@h(u!ZWJ<(*Qp| zR)m_L3`5td*hC((@k;2H$Ou)DR8m5}s3dC^?`s?zJ1NA?K^av#kl9d`Mj-Tq-Gw09 zlnM%$s6dsNMzf0{aSLHu2m}hr#jHZ6{25P+StAWROX$S(nl4&)nLYS$i#b}-if)Y& zBo)aa@g*BNg5={P;}VjE@#3X)N%>!OPmJi}?+p%lB6)))jM4*p#3=U$8{zr`ac16g zAL*%z?&-^jxh+V5nQ|UHO1C*GG|g~%!UtMg4O%6nVXW%>^J06?keRCVCQU+??a0^- zrDXL)f{Z(TwJD3A4nq%=$2cdmIHEaJg$y#ppNG}r4-x%R5`(h3Sq{(rZD8JgA11!4RFh7B zeLa-*SST>JCz1#8`k>@Iy~Z<0xTC;ZyL%ODzyd{SQP&F zZpmpRO~i&zUjIJ((`)azXi|yJ?1~#D{<)-gGC-zqLDj8=do7303IU3JHi@v0mph~7 zCMQ8{NarwE$Rn^Pner94*es=2BG)gX)KOZ^O>ie&GW^?OfKkg$XiQZ8o^e|eRY>3w z%ziCDGRLF9zVMvR9i`|Q^;fIN05`C0-wcU(JxC>uJ6>Kjkh7#l*FcFY%etH3mo-N| z$nYvhP7P!|p!^(q*M^#!CXBH?wqIojdRa7Yi(ukP48X~d<0CsX6=UscQA^@%Yk{2F zcu-w&O1YEyf2O>+!4M2Krp^}Yo>Ah{J7nT&?p%RPsaAL!pMWA-RjhU4c*?lSPKmX* z8kPklBSA&;_Z-HZ2M+N0D8#y9*_X!MXBpfJ?}%jj1`O$&=WF=o>>nEWaRc@ z)Z;}SA|f^sCa6|cw0we&#qy0s=qvnQ>z|M5u{~aD^*Z$H$sw(^2_e+Y?GscIe7^Vy<@9?5G+E-zzbv zO#8&kD&fBcMgbXsmH@2|w+qj1oCoFb&h1^WLMT3L)Vy9s7Yqe*JqMiUd?jZ&v5C-Q zrxwUII9Q?YwADu5CzxX7@^?+mTI!uZIRf0ApT5q2M;FxYuNDoUrh5_PNp5-!-mUZ= z9DnPrDLql9LPbWfBu@n)3{k}YLg3*)jQ0P?O7mXoD&QkF$iNiGD_6M25QpNKg1zR*aQ4@OL}`^bhN(@P8_yy`u29=J043}I7xz z#qR?l0zc#wGh296Ngw9QfE9p3hQ18>L$EBD`g@bJX-9@^_&s&$mos8Ca!lcd;_+O7}W;<2I$tu@6(p*Vh7Nee)r^Z*PvvkP$H2LNHvY3;hTnk{9?BrQnLj5IrWFD{}8 zTr&Gl*VTNNX@Kb)uXsQk*SLgu78`BRi2Y)!dSysKZ7A)w#DR#BV z@%+B<%klR8Feih5kS6#T0WhzKwJ)i{doy|q_cDL)weR10Bkk(q*!*z=aJvvPg+KDJ zitRI#^E+6^TF{^D2s?kw$^NMNh{PqPb;rQg>=j_BAe=-aAsKwpvsR9806_$6MahzO z&Huz8q;I^*_(Dy3M}x(=A*I~1tCPHWH4hpS%eJ5N2cMz3dH~aY%6tCVn-F@!dtT>$ z*jn+p50zlgOOYXJc`F0pyHko;(pQX-G@kgI-7f%A7tooVHpdE89j2@DdMOXrMxW8C z^R5p>ajHfe#jKD8FWJM;mJzB6iXp3pfI`4xVIhR-csU-_1& z-4*=!%e^o{wSi+D5Q?A+FyoRev9Pxopa+DUIgZST4k-X$cUQmKLXpO2Z$|Ua;okQd zOy|dpLphMh9!lJz`UR8x5=w$&e!kMU7IBii-oj2Xt|8ke!7+)Ir|GqSh6y*%PqdZF zE)h6*56H)~ehWpKx!iwX!rP-gWD8pw+e=S_auB_-jelKAF1^TnM};X+^A;_gnE09`W7sj&cce>qcA zDBE;6-2;ki{t1`Sw06160nRi{Nih<9&a++@VI5<%`{{JiDXNX3gA0>n@xK4h$*vQ9 z>>ER~a+TjtJ=};>9PhV&X;+)%+!SE2hQZ^SW!asW967wR+bC4qFVh1*4xG+r z5H||T*F7wFl9yR6nI8*S1BwI+LBEV@%^YPHoeFQu0$wWiY}PG)mQ0b|C#ce6i9Brv z4c{nW+W!9tmHkhTu^?i;!;sJ{d0&?-aoY#IM&f<|UEG7!Ua+hz@Vg-P)0el}nIeUN z_C#me8+L_b!1(J)P%>?rk$P*gANcgwS3MYuYe%j19i~7aA%+z@NPyTB#cSrfA7^sN zMgVtJ4PY*O@{*2_+A~U-u0)IEL3z=R8g80NLuD_{y;3loVQwZ7AUl@Kys-=X0Q;l!$|so?TOS zC8n%xz;^h&V9yPLo#}HfWdlxLw!g!wTv!3`FUMt1it~wQ?r3@-;3Hd!;m;>RvH9kj zhX7g|3<$W*Ub5}QV8_iCKx*2Rl{q~`u~S-xTsC5QbVTfQ^S!5@`NT7I0r?w?Gr$3k z719t%oT@^%#C7ccf+i{g+F+O!kOOGm*(VLeKb?H6*NA%sxJV0v#-!QIP_;m?@w-P~ zJky;RPUJiyiu9q-@7+1+3m|z%0a)dlV%lCyeHRciZ<7QZm9u+sL^m>C))$}ww$$7Y zz%4prS0~L~vUfjYuS?eQ#TLb_8sHu^7wGxQ96+SN0h2}Un5eMux zW)jz)E`=;*0KN;|O+drh1O%2dAgu$%6KhJawZ?`Lb6h+9H)m>#TOUd@CyN~lTpu}V~#cR~rK;uB<0wxjUi zymX@Ih0P*l(GQ!2kJiAPyRw$5M*(B?fVW~Z9~EH3HN!<=(?z#W>gc{;G($9Du5Yp1J0io%zDnlnQ`)fomx~hAh%Ua-W4JtbtI|PHQ|1E zADegWC!qGEvr_jgjNmA0Prpxnfp`JE5O9y%;i2?XGN9)8o;Xwx2!+6=a$zdE(@vMEP zPP+vVfL~60w!HrHlm!9{HKBux@3-}~>U(PX@~>`V0a-FORr~Z-&kK}H=Ti&+-bm(+ zhXqOtb|ZZ@>osf6fPCr0&Zp0TQ~Rd_=nW{~$l|-;)5)^pO4u_S;bs-0f)&*qEIJ6q zGfDIbHJ9)TdHx05J(Oo-WYuWW1@?gSDOto#^151g0M`|HKWuVcT8yNIsB|5V$nSpT z7*#lq_m1Hj0Xf_z0goif~bO^));6>^lrco$s8cq=E+V`S$U<`JqNWXKI;KHH3A;t zCa*3kCpcKhEtnh;|EwXBVI_(ebhx>l3nN-K;ZxmdK_^VHZM%=A_;&m6Y?!+Xn|H|X z)I`KQJdt+(KH26m+jp&aGSgGljpzsGC)>>GFZhY@^rjgRlP=7A&3-jcNa8n>Br~?} zJH#bqwKA_P=MHS-6toQoVW%Hs^oCl24-TCXLEC0aj(hd@9Z1{gfXlve719I?@kFomBIQdGisB{AfpIA-!?f$;QLH^FHA!5inu!{-kY+0fAsjIJV_!bxyck z;UOQ7xC872Zu!hWr}D5s)9`9C-;%ul{>BXVv1$IK@I0H(i+0*5-FNy_8g0=}k_v#4hOh6egK(Q$Gl2|^N|eS$$p+>mP!a%Pi|wh0aKLjuhfQPe%G+YC zGY{)G+C7Xfu#kcCp0$W(3-3(>l;y3nU-;;jnj+2}0MWG60QRZ5*7!0si)J`%q!C!NAl#%!O)^7xH5*&Y=tIx4bb=30#{BQBu|*IKB|ge=3COV?=LVWSWa0 zW>D-*n9aKcOv?-SJ{r5Ioaa$Sv?r;zZB%RGHHi29~1NFI`%2d_%^Y*rsdIRUANb4H)HdkqTy2vEpjmi>3 zqt38nrKe10(C%Ebv=du_1O`w%91CQjf#!fg{!Y6!_Nbh!f)OU+Z+ql6MugqKxv4)N zouZIerSc-!4qL%K4akf*88e~Jk9v)NzUm{%`-9QAXr0G@5iF3hki0x({g);?W(gZ&BtU;yLF4Y|UcVA8C) z1Rd{g{hd(2B2&1m(&xeE8MWX8%e4DL>7udr{{h!1c502pTb0@Q1feAp?Y{eCA0C&* zD)xr`CuZ^_jU|S`6CcvU4Oh^QFVHgRHvd=RC)R`eP;jm{%53GY8x;#nad=lk!|H)? z$KG!Nk>{RRfcQW4g^K^u2mdRdx%kgPrq1?94J)dVfR~jP_$)(?8-Tcg9QPR~;BHdH zexCyR`tHaeUW4V7}|`7XY65?;<(4*gi8=SwMEB@i}%-h=sia~l8Xs(5sQDVfpz>kdi`blJd19sf2|Xx@xA>lDvVy`{rm4kpnj8kVFli=2sHoN z9yqc7n^3&2hWNNl?Ee2Wd*Gjv^PeL8A6nucqUImQ=pPR4A6D@np7sAg=K1UzN86J~$cFz@#(&GQ|6kfv B-0T1V literal 0 HcmV?d00001 diff --git a/content/v2/authorization/troubleshooting.md b/content/v2/authorization/troubleshooting.md new file mode 100644 index 0000000000..c7d27b9fc7 --- /dev/null +++ b/content/v2/authorization/troubleshooting.md @@ -0,0 +1,174 @@ +--- +title: "Troubleshooting" +linkTitle: "Troubleshooting" +weight: 4 +Description: > + Troubleshooting guide +--- + +- [Running `karavictl inject` leaves the vxflexos-controller in a `Pending` state](#running-karavictl-inject-leaves-the-vxflexos-controller-in-a-pending-state) +- [Running `karavictl inject` leaves the powermax-controller in a `Pending` state](#running-karavictl-inject-leaves-the-powermax-controller-in-a-pending-state) +- [Running `karavictl inject` leaves the isilon-controller in a `Pending` state](#running-karavictl-inject-leaves-the-isilon-controller-in-a-pending-state) + +--- + +### Retrieve CSM Authorization Server Logs + +To retrieve logs from services on the CSM Authorization Server, run the following command (e.g proxy-server logs): + +``` +$ k3s kubectl logs deploy/proxy-server -n karavi -c proxy-server +``` + +For OPA related logs, run: + +``` +$ k3s kubectl logs deploy/proxy-server -n karavi -c opa +``` + +### Running "karavictl inject" leaves the vxflexos-controller in a "Pending" state +This situation may occur when the number of vxflexos-controller pods that are deployed is equal to the number of schedulable nodes. +``` +$ kubectl get pods -n vxflexos + +NAME READY STATUS RESTARTS AGE +vxflexos-controller-696cc5945f-4t94d 0/6 Pending 0 3m2s +vxflexos-controller-75cdcbc5db-k25zx 5/5 Running 0 3m41s +vxflexos-controller-75cdcbc5db-nkxqh 5/5 Running 0 3m42s +vxflexos-node-mjc74 3/3 Running 0 2m44s +vxflexos-node-zgswp 3/3 Running 0 2m44s +``` + +__Resolution__ + +To resolve this issue, we need to temporarily reduce the number of replicas that the driver deployment is using. + +1. Edit the deployment + ``` + $ kubectl edit -n vxflexos deploy/vxflexos-controller + ``` + +2. Find `replicas` under the `spec` section of the deployment manifest. +3. Reduce the number of `replicas` by 1 +4. Save the file +5. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n vxflexos + + NAME READY STATUS RESTARTS AGE + vxflexos-controller-696cc5945f-4t94d 6/6 Running 0 4m41s + vxflexos-node-mjc74 3/3 Running 0 3m44s + vxflexos-node-zgswp 3/3 Running 0 3m44s + ``` + +6. Edit the deployment again +7. Find `replicas` under the `spec` section of the deployment manifest. +8. Increase the number of `replicas` by 1 +9. Save the file +10. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n vxflexos + + NAME READY STATUS RESTARTS AGE + vxflexos-controller-696cc5945f-4t94d 6/6 Running 0 5m41s + vxflexos-controller-696cc5945f-6xxhb 6/6 Running 0 5m41s + vxflexos-node-mjc74 3/3 Running 0 4m44s + vxflexos-node-zgswp 3/3 Running 0 4m44s + ``` + +### Running "karavictl inject" leaves the powermax-controller in a "Pending" state +This situation may occur when the number of powermax-controller pods that are deployed is equal to the number of schedulable nodes. +``` +$ kubectl get pods -n powermax + +NAME READY STATUS RESTARTS AGE +powermax-controller-58d8779f5d-v7t56 0/6 Pending 0 25s +powermax-controller-78f749847-jqphx 5/5 Running 0 10m +powermax-controller-78f749847-w6vp5 5/5 Running 0 10m +powermax-node-gx5pk 3/3 Running 0 21s +powermax-node-k5gwc 3/3 Running 0 17s +``` + +__Resolution__ + +To resolve this issue, we need to temporarily reduce the number of replicas that the driver deployment is using. + +1. Edit the deployment + ``` + $ kubectl edit -n powermax deploy/powermax-controller + ``` + +2. Find `replicas` under the `spec` section of the deployment manifest. +3. Reduce the number of `replicas` by 1 +4. Save the file +5. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n powermax + NAME READY STATUS RESTARTS AGE + powermax-controller-58d8779f5d-cqx8d 6/6 Running 0 22s + powermax-node-gx5pk 3/3 Running 3 8m3s + powermax-node-k5gwc 3/3 Running 3 7m59s + ``` + +6. Edit the deployment again +7. Find `replicas` under the `spec` section of the deployment manifest. +8. Increase the number of `replicas` by 1 +9. Save the file +10. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n powermax + NAME READY STATUS RESTARTS AGE + powermax-controller-58d8779f5d-cqx8d 6/6 Running 0 22s + powermax-controller-58d8779f5d-v7t56 6/6 Running 22 8m7s + powermax-node-gx5pk 3/3 Running 3 8m3s + powermax-node-k5gwc 3/3 Running 3 7m59s + ``` + +### Running "karavictl inject" leaves the isilon-controller in a "Pending" state +This situation may occur when the number of Isilon controller pods that are deployed is equal to the number of schedulable nodes. +``` +$ kubectl get pods -n isilon + +NAME READY STATUS RESTARTS AGE +isilon-controller-58d8779f5d-v7t56 0/6 Pending 0 25s +isilon-controller-78f749847-jqphx 5/5 Running 0 10m +isilon-controller-78f749847-w6vp5 5/5 Running 0 10m +isilon-node-gx5pk 3/3 Running 0 21s +isilon-node-k5gwc 3/3 Running 0 17s +``` + +__Resolution__ + +To resolve this issue, we need to temporarily reduce the number of replicas that the driver deployment is using. + +1. Edit the deployment + ``` + $ kubectl edit -n deploy/isilon-controller + ``` + +2. Find `replicas` under the `spec` section of the deployment manifest. +3. Reduce the number of `replicas` by 1 +4. Save the file +5. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n isilon + + NAME READY STATUS RESTARTS AGE + isilon-controller-696cc5945f-4t94d 6/6 Running 0 4m41s + isilon-node-mjc74 3/3 Running 0 3m44s + isilon-node-zgswp 3/3 Running 0 3m44s + ``` + +6. Edit the deployment again +7. Find `replicas` under the `spec` section of the deployment manifest. +8. Increase the number of `replicas` by 1 +9. Save the file +10. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n isilon + NAME READY STATUS RESTARTS AGE + isilon-controller-58d8779f5d-cqx8d 6/6 Running 0 22s + isilon-controller-58d8779f5d-v7t56 6/6 Running 22 8m7s + isilon-node-gx5pk 3/3 Running 3 8m3s + isilon-node-k5gwc 3/3 Running 3 7m59s + ``` \ No newline at end of file diff --git a/content/v2/authorization/uninstallation.md b/content/v2/authorization/uninstallation.md new file mode 100644 index 0000000000..4b8fad3b53 --- /dev/null +++ b/content/v2/authorization/uninstallation.md @@ -0,0 +1,21 @@ +--- +title: Uninstallation +linktitle: Uninstallation +weight: 2 +description: > + Dell EMC Container Storage Modules (CSM) for Authorization Uninstallation +--- + +This section outlines the uninstallation steps for Container Storage Modules (CSM) for Authorization. + +## Uninstalling the RPM + +To uninstall the rpm package on the system, run the below command: + +``` +rpm -e +``` + +## Uninstalling the sidecar-proxy in the CSI Driver + +To uninstall the sidecar-proxy in the CSI Driver, [uninstall](../../csidriver/uninstall) the driver and [reinstall](../../deployment) the driver using the original configuration secret. \ No newline at end of file diff --git a/content/v2/concepts/_index.md b/content/v2/concepts/_index.md deleted file mode 100644 index 58986bae87..0000000000 --- a/content/v2/concepts/_index.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: "Concepts" -Description: "Concepts" -weight: 9 ---- -## Volume Snapshot Feature - -The Volume Snapshot feature was introduced in alpha (v1alpha1) in Kubernetes 1.13 and then moved to beta (v1beta1) in Kubernetes 1.17 and generally available (v1) in Kubernetes version >=1.20. - -In order to use Volume Snapshots, ensure the following components with appropriate versions have been deployed to your cluster: -- Kubernetes Volume Snapshot CRDs -- Volume Snapshot Controller diff --git a/content/v2/contributionguidelines/_index.md b/content/v2/contributionguidelines/_index.md new file mode 100644 index 0000000000..19b639c316 --- /dev/null +++ b/content/v2/contributionguidelines/_index.md @@ -0,0 +1,112 @@ +--- +title: "Contribution Guidelines" +linkTitle: "Contribution Guidelines" +weight: 12 +Description: > + Dell EMC Container Storage Modules (CSM) docs Contribution Guidelines +--- + + +CSM Docs is an open-source project and we thrive to build a welcoming and open community for anyone who wants to use the project or contribute to it. + +### Contributing to CSM Docs + +Become one of the contributors to this project! + +You can contribute to this project in several ways. Here are some examples: + +* Contribute to the CSM documentation. +* Report an issue. +* Feature requests. + +CSM docs reside in . + +CSM project resides in . + +#### Don't + +* Break the website view. +* Commit directly. +* Compromise backward compatibility. +* Disrespect your Community Team members. +* Forget to keep things simple. + +#### Do + +* Keep it simple. +* Good work, your best every time. +* Squash your commits, avoid merges. +* Keep open communication with other Committers. +* Ask questions. +* Test your changes locally and make sure it is not breaking anything. + +### Code reviews + +All submissions, including submissions by project members, require review. +We use GitHub pull requests for this purpose. + +### Branching strategy + +The CSM documentation portal follows a release branch strategy where a branch is created for each release and all documentation changes made for a release are done on that branch. The release branch is then merged into the main branch at the time of the release. In some situations it may be sufficient to merge a non-release branch to main if it fixes some issue in the documentation for the current released version. + +#### Branch Naming Convention + +| Branch Type | Example | Comment | +|--------------|-----------------------------------|-------------------------------------------| +| main | main | | +| Release | release-1.0 | hotfix: release-1.1 patch: release-1.0.1 | +| Feature | feature-9-olp-support | "9" referring to GitHub issue ID | +| Bug Fix | bugfix-110-remove-docker-compose | "110" referring to GitHub issue ID | + +#### Steps for working on the main branch + +1. Fork the repository. +2. Create a branch off of the main branch. The branch name should follow [branch naming convention](#branch-naming-convention). +3. Make your changes and commit them to your branch. +4. If other code changes have merged into the upstream main branch, perform a rebase of those changes into your branch. +5. Test your changes [locally](#previewing-your-changes) +6. Open a [pull request](https://github.com/dell/csm-docs/pulls) between your branch and the upstream main branch. +7. Once your pull request has merged with the required approvals, your branch can be deleted. + +#### Steps for working on a release branch + +1. Fork the repository. +2. Create a branch off of the release branch. The branch name should follow [branch naming convention](#branch-naming-convention). +3. Make your changes and commit them to your branch. +4. If other code changes have merged into the upstream release branch, perform a rebase of those changes into your branch. +5. Test your changes [locally](#previewing-your-changes) +6. Open a [pull request](https://github.com/dell/csm-docs/pulls) between your branch and the upstream release branch. +7. Once your pull request has merged with the required approvals, your branch can be deleted. + +### Previewing your changes +- Install [latest Hugo version extended version](https://github.com/gohugoio/hugo/releases). + > Note: Please note we have to install an extended version. +- Create a local copy of the csm-docs repository using `git clone`. +- Update docsy submodules inside themes folder using `git submodule update --recursive --init` +- Change to the csm-docs folder and run + ``` + hugo server + ``` + By default, local changes will be reflected at http://localhost:1313/. Hugo will watch for changes to the content and automatically refreshes the site. + > Note: To bind it to different server address use `hugo server --bind 0.0.0.0`, default is 127.0.0.1 +- After testing the changes locally, raise a pull request after editing the pages and pushing it to GitHub. + +### Community guidelines + +This project follows https://github.com/dell/csm/blob/main/docs/CODE_OF_CONDUCT.md. + +### Best Practices + +#### Linking the URLs + +Hardcoded relative links like `[troubleshooting observability](../../observability/troubleshooting.md)` will behave unexpectedly compared to how they would work on our local file system. +To avoid broken links in the portal, use regular relative URLs in links that will be left unchanged by Hugo. + +#### Style guide + +- Use sentence case wherever applicable. +- Use the numbered lists for items in sequential order and bulletins for the other lists. +- Check for grammar and spelling. +- Embed the code within backticks. +- Use only high-resolution images. + diff --git a/content/v2/dell-csi-driver/Architecture_Diagram.png b/content/v2/csidriver/Architecture_Diagram.png similarity index 100% rename from content/v2/dell-csi-driver/Architecture_Diagram.png rename to content/v2/csidriver/Architecture_Diagram.png diff --git a/content/v2/csidriver/_index.md b/content/v2/csidriver/_index.md new file mode 100644 index 0000000000..64cfee9115 --- /dev/null +++ b/content/v2/csidriver/_index.md @@ -0,0 +1,67 @@ + +--- +title: "CSI Drivers" +linkTitle: "CSI Drivers" +description: About Dell EMC CSI Drivers +weight: 3 +--- + +The CSI Drivers by Dell EMC implement an interface between [CSI](https://kubernetes-csi.github.io/docs/) (CSI spec v1.3) enabled Container Orchestrator (CO) and Dell EMC Storage Arrays. It is a plug-in that is installed into Kubernetes to provide persistent storage using Dell storage system. + +![CSI Architecture](Architecture_Diagram.png) + +## Features and capabilities + +### Supported Operating Systems/Container Orchestrator Platforms +{{}} +| | PowerMax | PowerFlex |   Unity| PowerScale | PowerStore | +|---------------|:----------------:|:-------------------:|:----------------:|:-----------------:|:----------------:| +| Kubernetes | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | +| RHEL | 7.x,8.x | 7.x,8.x | 7.x,8.x | 7.x,8.x | 7.x,8.x | +| Ubuntu | 20.04 | 20.04 | 18.04, 20.04 | 18.04, 20.04 | 20.04 | +| CentOS | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | +| SLES | 15SP2 | 15SP2 | 15SP2 | 15SP2 | 15SP2 | +| Fedora Core OS| no | 5.x | no | no | no | +| Red Hat OpenShift | 4.6 EUS, 4.7, 4.8 | 4.6 EUS, 4.7, 4.8 | 4.6 EUS, 4.7, 4.8 | 4.6 EUS, 4.7, 4.8 | 4.6 EUS, 4.7, 4.8 | +| Mirantis Kubernetes Engine | 3.4.x | 3.4.x | 3.4.x | 3.4.x | 3.4.x | +| Google Anthos | 1.6 | 1.8 | no | no | 1.7 | +| VMware Tanzu | no | no | NFS | NFS | NFS | +| Rancher Kubernetes Engine | yes | yes | yes | yes | yes | +{{
}} + +### CSI Driver Capabilities +{{}} +| Features | PowerMax | PowerFlex |    Unity | PowerScale | PowerStore | +|--------------------------|:--------:|:------------------:|:---------:|:-----------------:|:----------:| +| CSI Specification | v1.3 | v1.3| v1.3 | v1.4 | v1.3 | +| Static Provisioning | yes | yes| yes | yes | yes | +| Dynamic Provisioning | yes | yes| yes | yes | yes | +| Expand Persistent Volume | yes | yes| yes | yes | yes | +| Create VolumeSnapshot | yes | yes| yes | yes | yes | +| Create Volume from Snapshot | yes | yes| yes | yes | yes | +| Delete Snapshot | yes | yes| yes | yes | yes | +| [Access Mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) | RWO
(FC/iSCSI)
RWO/
RWX/
ROX
(Raw block) | RWO
RWO/
RWX/
ROX
(Raw block) | RWO
(FC/iSCSI)
RWO/RWX
(RawBlock)
RWO/RWX/ROX
(NFS) | RWO/RWX/ROX | RWO
(FC/iSCSI)
RWO/
RWX/
ROX
(RawBlock, NFS) | +| CSI Volume Cloning | yes | yes | yes | yes | yes | +| CSI Raw Block Volume | yes | yes | yes | no | yes | +| CSI Ephemeral Volume | no | yes | yes | yes | yes | +| Topology | yes | yes | yes | yes | yes | +| Multi-array | yes | yes | yes | yes | yes | +{{
}} +### Supported Storage Platforms +{{}} +| | PowerMax | PowerFlex |   Unity| PowerScale | PowerStore | +|---------------|:----------------:|:-------------------:|:----------------:|:-----------------:|:----------------:| +| Storage Array |5978.479.479, 5978.669.669, 5978.711.711, Unisphere 9.2| 3.5.x, 3.6.x | 5.0.5, 5.0.6, 5.0.7, 5.1.0 | OneFS 8.1, 8.2, 9.0, 9.1, 9.2 | 1.0.x, 2.0.x | +{{
}} +### Backend Storage Details +{{}} +| Features | PowerMax | PowerFlex |   Unity | PowerScale| PowerStore | +|---------------|:----------------:|:------------------:|:----------------:|:----------------:|:----------------:| +| Fibre Channel | yes | N/A | yes | N/A | yes | +| iSCSI | yes | N/A | yes | N/A | yes | +| NFS | N/A | N/A | yes | yes | yes | +| Other | N/A | ScaleIO protocol | N/A | N/A | N/A | +| Supported FS | ext4 / xfs | ext4 / xfs | ext3 / ext4 / xfs / NFS | NFS | ext3 / ext4 / xfs / NFS | +| Thin / Thick provisioning | Thin | Thin | Thin/Thick | N/A | Thin | +| Platform-specific configurable settings | Service Level selection
iSCSI CHAP | - | Host IO Limit
Tiering Policy
NFS Host IO size
Snapshot Retention duration | Access Zone
NFS version (3 or 4);Configurable Export IPs | iSCSI CHAP | +{{
}} diff --git a/content/v1/csidriver/archives/_index.md b/content/v2/csidriver/archives/_index.md similarity index 100% rename from content/v1/csidriver/archives/_index.md rename to content/v2/csidriver/archives/_index.md diff --git a/content/v3/features/_index.md b/content/v2/csidriver/features/_index.md similarity index 66% rename from content/v3/features/_index.md rename to content/v2/csidriver/features/_index.md index b8f14e3466..6089280f02 100644 --- a/content/v3/features/_index.md +++ b/content/v2/csidriver/features/_index.md @@ -5,5 +5,5 @@ weight: 4 tags: - pod-deploy - csi-driver -description: Code samples for various drivers +description: Description of CSI Driver features --- diff --git a/content/v2/features/powerflex.md b/content/v2/csidriver/features/powerflex.md similarity index 65% rename from content/v2/features/powerflex.md rename to content/v2/csidriver/features/powerflex.md index c06487bce6..73c4fb6d7e 100644 --- a/content/v2/features/powerflex.md +++ b/content/v2/csidriver/features/powerflex.md @@ -1,47 +1,43 @@ --- title: PowerFlex linktitle: PowerFlex +weight: 1 Description: Code features for PowerFlex Driver --- ## Volume Snapshot Feature -The Volume Snapshot feature was introduced in alpha (v1alpha1) in Kubernetes 1.13 and then moved to beta (v1beta1) in Kubernetes 1.17 and is generally available (v1) in Kubernetes version >=1.20. - -The CSI PowerFlex driver version 1.5 supports v1beta1 snapshots on Kubernetes 1.19 and v1 snapshots on Kubernetes 1.20 and 1.21. +The CSI PowerFlex driver version 2.0 supports v1 snapshots on Kubernetes 1.20/1.21/1.22. In order to use Volume Snapshots, ensure the following components are deployed to your cluster: -- Kubernetes Volume Snaphshot CRDs +- Kubernetes Volume Snapshot CRDs - Volume Snapshot Controller ### Volume Snapshot Class -Before PowerFlex driver v1.5, the installation of the driver created default instance of VolumeSnapshotClass. -API version of this VolumeSnapshotClass instance was defined based on Kubernetes version, as below: +Installation of PowerFlex driver v1.5 and later does not create VolumeSnapshotClass. You can find a sample of a default v1 +VolumeSnapshotClass instance in `samples/volumesnapshotclass` directory. If needed, you can install the default sample. Following is the default sample for v1: -Following is the manifest for the Volume Snapshot Class created during installation, prior to PowerFlex driver v1.5: ``` -{{- if eq .Values.kubeversion "v1.20" }} apiVersion: snapshot.storage.k8s.io/v1 -{{- else }} -apiVersion: snapshot.storage.k8s.io/v1beta1 -{{- end}} kind: VolumeSnapshotClass metadata: name: vxflexos-snapclass driver: csi-vxflexos.dellemc.com +# Configure what happens to a VolumeSnapshotContent when the VolumeSnapshot object +# it is bound to is to be deleted +# Allowed values: +# Delete: the underlying storage snapshot will be deleted along with the VolumeSnapshotContent object. +# Retain: both the underlying snapshot and VolumeSnapshotContent remain. deletionPolicy: Delete - ``` -Installation of PowerFlex driver v1.5 does not create VolumeSnapshotClass. You can find samples of default v1beta1 and v1 -VolumeSnapshotClass instances in `helm/samples/volumesnapshotclass` directory. There are two samples, one for v1beta1 version and -the other for v1 snapshot version. If needed, install appropriate default sample, based on the version of snapshot CRDs in your cluster. ### Create Volume Snapshot -The following is a sample manifest for creating a Volume Snapshot using the **v1beta1** snapshot APIs: +The following is a sample manifest for creating a Volume Snapshot using the v1 snapshot APIs: + ``` -apiVersion: snapshot.storage.k8s.io/v1beta1 +apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: pvol0-snap1 @@ -50,8 +46,8 @@ spec: volumeSnapshotClassName: vxflexos-snapclass source: persistentVolumeClaimName: pvol0 - ``` + Once the VolumeSnapshot is successfully created by the CSI PowerFlex driver, a VolumeSnapshotContent object is automatically created. Once the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_, it is available for use. Following is the relevant section of VolumeSnapshot object status: @@ -86,10 +82,36 @@ spec: ## Create Consistent Snapshot of Group of Volumes -This feature extends CSI specification to add the capability to create crash-consistent snapshots of a group of volumes. -PowerFlex driver implements this extension in v1.5. -This feature is currently in Technical Preview. To use this feature users have to deploy csi-volumegroupsnapshotter side-car as part of the PowerFlex driver. -More details can be found here: [dell-csi-volumegroup-snapshotter](https://github.com/dell/csi-volumegroup-snapshotter). +This feature extends CSI specification to add the capability to create crash-consistent snapshots of a group of volumes. This feature is available as a technical preview. To use this feature, users have to deploy the csi-volumegroupsnapshotter side-car as part of the PowerFlex driver. Once the sidecar has been deployed, users can make snapshots by using yaml files such as this one: +``` +apiVersion: volumegroup.storage.dell.com/v1alpha2 +kind: DellCsiVolumeGroupSnapshot +metadata: + # Name must be 13 characters or less in length + name: "vg-snaprun1" + namespace: "helmtest-vxflexos" +spec: + # Add fields here + driverName: "csi-vxflexos.dellemc.com" + # defines how to process VolumeSnapshot members when volume group snapshot is deleted + # "retain" - keep VolumeSnapshot instances + # "delete" - delete VolumeSnapshot instances + memberReclaimPolicy: "retain" + volumesnapshotclass: "vxflexos-snapclass" + pvcLabel: "vgs-snap-label" + # pvcList: + # - "pvcName1" + # - "pvcName2" +``` +In the metadata section, the name is limited to 13 characters because the snapshotter will append a timestamp to it. Additionally, the pvcLabel field specifies a label that must be present in PVCs that are to be snapshotted. Here is a sample of that portion of a .yaml for a PVC: +``` +metadata: + name: pvol0 + namespace: helmtest-vxflexos + labels: + volume-group: vgs-snap-label +``` +More details about the installation and use of the VolumeGroup Snapshotter can be found here: [dell-csi-volumegroup-snapshotter](https://github.com/dell/csi-volumegroup-snapshotter). ## Volume Expansion Feature @@ -221,7 +243,7 @@ For additional information, see the [Kubernetes Raw Block Volume Support documen ## Custom File System Format Options -The CSI PowerFlex driver version 1.5 supports additional mkfs format options. A user is able to specify additional format options as needed for the driver. Format options are specified in storageclass yaml under _mkfsFormatOption_ as in the following example: +The CSI PowerFlex driver version 1.5 and later support additional mkfs format options. A user is able to specify additional format options as needed for the driver. Format options are specified in storageclass yaml under _mkfsFormatOption_ as in the following example: ``` apiVersion: storage.k8s.io/v1 @@ -306,9 +328,9 @@ If you are using the Dell CSI Operator, the value to adjust is: ``` replicas: 1 ``` -in your driver yaml in config/samples/ +in your driver yaml in `config/samples/` -If you want to specify where controller pods get assigned, make the following edits to your values file (helm install): +If you want to specify where controller pods get assigned, make the following edits to your values file at `csi-vxflexos/helm/csi-vxflexos/values.yaml`: To assign controller pods to worker nodes only (Default): ``` @@ -317,15 +339,21 @@ controller: #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/master: "" nodeSelector: # node-role.kubernetes.io/master: "" - + # "controller.tolerations" defines tolerations that would be applied to controller deployment - # Leave as blank to install the controller on worker nodes + # Leave as blank to install controller on worker nodes + # Default value: None tolerations: # - key: "node-role.kubernetes.io/master" # operator: "Exists" # effect: "NoSchedule" + ``` To assign controller pods to master and worker nodes: ``` @@ -334,16 +362,20 @@ controller: #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/master: "" nodeSelector: # node-role.kubernetes.io/master: "" - + # "controller.tolerations" defines tolerations that would be applied to controller deployment - # Leave as blank to install the controller on worker nodes + # Leave as blank to install controller on worker nodes + # Default value: None tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" - ``` To assign controller pods to master nodes only: @@ -353,17 +385,24 @@ controller: #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/master: "" nodeSelector: node-role.kubernetes.io/master: "" - + # "controller.tolerations" defines tolerations that would be applied to controller deployment # Leave as blank to install controller on worker nodes + # Default value: None tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" -``` -For configuring Controller HA on the Dell CSI Operator, please refer to the Dell CSI Operator documentation. +``` +> *NOTE:* Tolerations/selectors work the same way for node pods. + +For configuring Controller HA on the Dell CSI Operator, please refer to the [Dell CSI Operator documentation](../../installation/operator/#custom-resource-specification). ## SDC Deployment @@ -375,31 +414,43 @@ The CSI PowerFlex driver version 1.3 and later support the automatic deployment Refer to https://hub.docker.com/r/dellemc/sdc for supported OS versions. - There is no automated uninstallation of the SDC kernel module. Follow PowerFlex SDC documentation to manually uninstall the SDC driver from the node. - - ## Multiarray Support -The CSI PowerFlex driver version 1.5 adds support for managing multiple PowerFlex arrays from the single driver instance. This feature is enabled by default and integrated to even single instance installations. +The CSI PowerFlex driver version 1.4 added support for managing multiple PowerFlex arrays from the single driver instance. This feature is enabled by default and integrated to even single instance installations. To manage multiple arrays you need to create an array connection configuration that lists multiple arrays. ### Creating array configuration -There is a sample yaml file under the top directory named `config.yaml` with the following content: +There is a sample yaml file in the samples folder under the top-level directory called `config.yaml` with the following content: ```yaml - - username: "admin" # username for connecting to API - password: "password" # password for connecting to API - systemID: "ID1" # system ID for system - endpoint: "https://127.0.0.1" # full URL path to the PowerFlex API - skipCertificateValidation: true # skip array certificate validation or not - isDefault: true # treat current array as default (would be used by storage class without arrayIP parameter) - mdm: "10.0.0.1,10.0.0.2" # MDM IPs for the system - - username: "admin" - password: "Password123" - systemID: "ID2" - endpoint: "https://127.0.0.2" - skipCertificateValidation: true - mdm: "10.0.0.3,10.0.0.4" + # Username for accessing PowerFlex system. +- username: "admin" + # Password for accessing PowerFlex system. + password: "password" + # System name/ID of PowerFlex system. + systemID: "ID1" + # REST API gateway HTTPS endpoint for PowerFlex system. + endpoint: "https://127.0.0.1" + # Determines if the driver is going to validate certs while connecting to PowerFlex REST API interface. + # Allowed values: true or false + # Default value: true + skipCertificateValidation: true + # indicates if this array is the default array + # needed for backwards compatibility + # only one array is allowed to have this set to true + # Default value: false + isDefault: true + # defines the MDM(s) that SDC should register with on start. + # Allowed values: a list of IP addresses or hostnames separated by comma. + # Default value: none + mdm: "10.0.0.1,10.0.0.2" +- username: "admin" + password: "Password123" + systemID: "ID2" + endpoint: "https://127.0.0.2" + skipCertificateValidation: true + mdm: "10.0.0.3,10.0.0.4" ``` Here we specify that we want the CSI driver to manage two arrays: one with an IP `127.0.0.1` and the other with an IP `127.0.0.2`. @@ -407,16 +458,41 @@ To use this config we need to create a Kubernetes secret from it. To do so, run `kubectl create secret generic vxflexos-config -n vxflexos --from-file=config=config.yaml` +## Dynamic Array Configuration + +To update or change any array configuration property, edit the secret. The driver will detect the change automatically and use the new values based on the Kubernetes watcher file change detection time. You can use kubectl command to delete the current secret and create a new secret with changes. For example, refer yaml above and change only the password. +```yaml + - username: "admin" + password: "Password123" +``` +to +```yaml + - username: "admin" + password: "Password456" +``` +Below are sample command lines to delete a secret and create modified properties from file `secret.yaml`. +```bash +kubectl delete secret vxflexos-config -n vxflexos +kubectl create secret generic vxflexos-config -n vxflexos --from-file=config=./secret.yaml +``` +Dynamic array configuration change detection is only used for properties of an existing array, like username or password. +To add a new array to the secret, or to alter an array's mdm field, you must run `csi-install.sh` with `--upgrade` option to update the MDM key in secret and restart the node pods. +```bash +cd /dell-csi-helm-installer +./csi-install.sh --upgrade --namespace vxflexos --values ../helm/csi-vxflexos/values.yaml + kubectl delete pods --all -n vxflexos +``` + ### Creating storage classes -To be able to provision Kubernetes volumes using a specific array we need to create corresponding storage classes. +To be able to provision Kubernetes volumes using a specific array, we need to create corresponding storage classes. -Find the sample yaml files under `helm/samples/storageclass`. Edit `storageclass.yaml` if you want `ext4` filesystem, and use `storageclass-xfs.yaml` if you want `xfs` filesystem. Replace `` with the storage pool you have, and replace `` with the system ID you have. +Find the sample yaml files under `samples/storageclass`. Edit `storageclass.yaml` if you want `ext4` filesystem, and use `storageclass-xfs.yaml` if you want `xfs` filesystem. Replace `` with the storage pool you have, and replace `` with the system ID or system name for the array you'd like to use. Then we need to apply storage classes to Kubernetes using `kubectl`: ```bash -kubectl create -f storageclass.yaml +kubectl apply -f storageclass.yaml ``` After that, you can use the storage class for the corresponding array. @@ -478,24 +554,50 @@ When creating ephemeral volumes, it is important to specify the following within ## Dynamic Logging Configuration -This feature is introduced in version 1.5, CSI Driver for PowerFlex now supports dynamic logging configuration. - -To accomplish this, we utilize two fields in logConfig.yaml: LOG_LEVEL and LOG_FORMAT. +The dynamic logging configuration that was introduced in v1.5 of the driver was revamped for v2.0; v1.5 logging configuration is not compatible with v2.0. +Two fields in values.yaml (located at helm/csi-vxflexos/values.yaml) are used to configure the dynamic logging: logLevel and logFormat. ``` -LOG_LEVEL: minimum level that the driver will log -LOG_FORMAT: format the driver should log in, either text or JSON +# CSI driver log level +# Allowed values: "error", "warn"/"warning", "info", "debug" +# Default value: "debug" +logLevel: "debug" + +# CSI driver log format +# Allowed values: "TEXT" or "JSON" +# Default value: "TEXT" +logFormat: "TEXT" ``` -> *NOTE:* To see the available options for LOG_LEVEL, consult: https://github.com/sirupsen/logrus#level-logging -If the configmap does not exist yet, simply edit logConfig.yaml, changing the values for LOG_LEVEL and LOG_FORMAT as you see fit. +To change the logging fields after the driver is deployed, you can use this command to edit the configmap: +` kubectl edit configmap -n vxflexos vxflexos-config-params ` +and then make the necessary adjustments for CSI_LOG_LEVEL and CSI_LOG_FORMAT. + +If either option is set to a value outside of what is supported, the driver will use the default values of "debug" and "text" . + -If the configmap already exists, you can use this command to edit the configmap: -`kubectl edit configmap -n vxflexos driver-config` +## Single Pod Access Mode for PersistentVolumes -or you could edit logConfig.yaml, and use this command: -`kubectl apply -f logConfig.yaml` +Kubernetes v1.22 introduced a new `ReadWriteOncePod` access mode for PersistentVolumes and PersistentVolumeClaims. With this alpha feature, Kubernetes allows you to restrict volume access to a single pod in the cluster. -and then make the necessary adjustments for LOG_LEVEL and LOG_FORMAT. -If LOG_LEVEL or LOG_FORMAT are set to options outside of what is supported, the driver will use the default values of "info" and "text" . +To use this feature you need to enable the ReadWriteOncePod feature gate for `kube-apiserver`, `kube-scheduler`, and `kubelet` by setting command line arguments: + +``` +--feature-gates="...,ReadWriteOncePod=true" +``` + +Then you can create a new PVC with the access mode. This allows only a single pod to access single-writer-only: + +```yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: single-writer-only +spec: + accessModes: + - ReadWriteOncePod # Allow only a single pod to access single-writer-only. + resources: + requests: + storage: 1Gi +``` diff --git a/content/v2/features/powermax.md b/content/v2/csidriver/features/powermax.md similarity index 83% rename from content/v2/features/powermax.md rename to content/v2/csidriver/features/powermax.md index d1ae8e89a2..315786176c 100644 --- a/content/v2/features/powermax.md +++ b/content/v2/csidriver/features/powermax.md @@ -1,28 +1,34 @@ --- title: PowerMax linktitle: PowerMax +weight: 1 Description: Code features for PowerMax Driver --- ## Multi Unisphere Support -Starting v1.7, the CSI PowerMax driver can communicate with multiple Unisphere for PowerMax servers to manage multiple PowerMax arrays. -In order to use this feature, you must install CSI PowerMax ReverseProxy in the `StandAlone` mode along with the driver. For more details on how -to configure the driver along with the ReverseProxy, please refer the section [here](../../installation/helm/powermax/#sample-values-file) +Starting with v1.7, the CSI PowerMax driver can communicate with multiple Unisphere for PowerMax servers to manage multiple PowerMax arrays. +In order to use this feature, you must install CSI PowerMax ReverseProxy in `StandAlone` mode with the driver. For more details on how +to configure the driver and ReverseProxy, see the relevant section [here](../../installation/helm/powermax/#sample-values-file) ## Volume Snapshot Feature -The Volume Snapshot feature was introduced in alpha (v1alpha1) in Kubernetes 1.13 and then moved to beta (v1beta1) in Kubernetes version 1.17 and was generally available (v1) in Kubernetes version >= 1.20. - -The CSI PowerMax driver version 1.7 supports v1beta1 snapshots on Kubernetes 1.19 and v1 snapshots on Kubernetes 1.20/1.21. +The CSI PowerMax driver version 1.7 and later supports v1 snapshots. In order to use Volume Snapshots, ensure the following components have been deployed to your cluster: - Kubernetes Volume Snapshot CRDs - Volume Snapshot Controller - Volume Snapshot Class +To use this feature, enable it in `values.yaml` + +```yaml +snapshot: + enabled: true +``` + >Note: From v1.7, the CSI PowerMax driver installation process will no longer create VolumeSnapshotClass. -> If you want to create VolumeSnapshots, then create a VolumeSnapshotClass using the sample provided in the _helm/samples_ folder +> If you want to create VolumeSnapshots, then create a VolumeSnapshotClass using the sample provided in the _csi-powermax/samples/volumesnapshotclass_ folder ### Creating Volume Snapshots The following is a sample manifest for creating a Volume Snapshot using the **v1** snapshot APIs: @@ -112,13 +118,13 @@ Where is the name of the iSCSI initiator of a host IQN, and -*`) or the `nodeNameTemplate` if it was specified. +Also, a new setting, `modifyHostName`, can be set to `true` if you want the driver to rename the existing Hosts/IG for the host initiators on the PowerMax array. The new name uses the default naming convention (`csi--*`) or the `nodeNameTemplate` if it was specified. For example, if `nodeNameTemplate` is _abc-%foo%-hostname_ and nodename is _worker1_, then the host ID is created or updated as _abc-worker1-hostname_. This change will happen for all nodes in a cluster with the respective node name. @@ -303,7 +314,7 @@ controllerCount: 2 > *NOTE:* The default value for controllerCount is 2. We recommend not changing this unless it is really necessary. > Also, if the controller count is greater than the number of available nodes (where the Pods can be scheduled), some controller Pods will remain in the Pending state -If you are using the `dell-csi-operator`, adjust the following value in your Custom Resource manifest +If you are using `dell-csi-operator`, adjust the following value in your Custom Resource manifest ``` replicas: 2 ``` @@ -334,7 +345,7 @@ controller: operator: "Exists" effect: "NoSchedule" ``` -* Set the following values for controller Pods to be only scheduled on nodes labelled as `master` (*node-role.kubernetes.io/master*): +* Set the following values for controller Pods to be scheduled only on nodes labelled `master` (*node-role.kubernetes.io/master*): ```yaml controller: nodeSelector: @@ -418,6 +429,32 @@ allowedTopologies: In the above example, if you remove the entry for the key `csi-powermax.dellemc.com/000000000001.fc`, then the PVCs created using this storage class will be scheduled on any worker node with access to the PowerMax array `000000000001` irrespective of the transport protocol -> A set of sample storage class definitions to enable topology-aware volume provisioning has been provided in the `csi-powermax/helm/samples/storageclass` folder +> A set of sample storage class definitions to enable topology-aware volume provisioning has been provided in the `csi-powermax/samples/storageclass` folder For additional information on how to use _Topology aware Volume Provisioning_, see the [Kubernetes Topology documentation](https://kubernetes-csi.github.io/docs/topology.html). + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for PowerMax version 2.0.0. + +### Helm based installation +As part of driver installation, a ConfigMap with the name `powermax-config-params` is created, which contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` attribute in my-powermax-settings.yaml during driver installation. + +To change the log level dynamically to a different value, the user can edit the same my-powermax-settings.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace powermax --values ./my-powermax-settings.yaml --upgrade +``` + +Note: my-powermax-settings.yaml is a values.yaml file which the user has used for driver installation. + + +### Operator based installation +As part of driver installation, a ConfigMap with the name `powermax-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level the user can set this field during driver installation. + +To update the log level dynamically, the user has to edit the ConfigMap `powermax-config-params` and update `CSI_LOG_LEVEL` to the desired log level. +``` +kubectl edit configmap -n powermax powermax-config-params +``` diff --git a/content/v2/features/powerscale.md b/content/v2/csidriver/features/powerscale.md similarity index 81% rename from content/v2/features/powerscale.md rename to content/v2/csidriver/features/powerscale.md index 1b7c651ee0..2c40376a85 100644 --- a/content/v2/features/powerscale.md +++ b/content/v2/csidriver/features/powerscale.md @@ -1,6 +1,7 @@ --- title: PowerScale Description: Code features for PowerScale Driver +weight: 1 --- ## Multicluster support @@ -9,7 +10,7 @@ You can connect a single CSI-PowerScale driver with multiple PowerScale clusters **Pre-Requisites:** -1. Creation of secret.json or secret.yaml with credentials related to one or more Clusters. +1. Creation of secret.yaml with credentials related to one or more Clusters. 2. Creation of (at least) one Storage class for each cluster. 3. Creation of custom-volumesnapshot classes with proper isiPath matching corresponding storage classes. 4. Inclusion of cluster name in volume handle, if you want to provision existing static volumes. @@ -109,7 +110,7 @@ spec: ## Volume Snapshot Feature -The CSI PowerScale driver version 1.3 and later supports managing beta snapshots. +The CSI PowerScale driver version 2.0 and later supports managing v1 snapshots. In order to use Volume Snapshots, ensure the following components have been deployed to your cluster: @@ -122,11 +123,11 @@ In order to use Volume Snapshots, ensure the following components have been depl ### Volume Snapshot Class -During the installation of CSI PowerScale driver version 1.6, no default Volume Snapshot Class will get created. +During the installation of CSI PowerScale driver version 2.0, no default Volume Snapshot Class will get created. Following are the manifests for the Volume Snapshot Class: -1. VolumeSnapshotClass - v1 +1. VolumeSnapshotClass ```yaml # For kubernetes version 20 and above (v1 snaps) apiVersion: snapshot.storage.k8s.io/v1 @@ -142,28 +143,11 @@ parameters: #IsiPath should match with respective storageClass IsiPath IsiPath: "/ifs/data/csi" ``` -2. VolumeSnapshotClass - beta -```yaml -# For kubernetes version 18 and 19 (beta snaps) -apiVersion: snapshot.storage.k8s.io/v1beta1 -kind: VolumeSnapshotClass -metadata: -name: "isilon-snapclass" -driver: csi-isilon.dellemc.com -#The deletionPolicy of a volume snapshot class can either be Retain or Delete -#If the deletionPolicy is Delete, then the underlying storage snapshot is deleted along with the VolumeSnapshotContent object. -#If the deletionPolicy is Retain, then both the underlying snapshot and VolumeSnapshotContent remain -deletionPolicy: Delete -parameters: -#IsiPath should match with respective storageClass IsiPath -IsiPath: "/ifs/data/csi" -### Create Volume Snapshot -``` -The following is a sample manifest for creating a Volume Snapshot using the **v1beta1** snapshot APIs; The following snippet assumes that the persistent volume claim name is testvolume. +The following is a sample manifest for creating a Volume Snapshot using the **v1** snapshot APIs; The following snippet assumes that the persistent volume claim name is testvolume. ```yaml -apiVersion: snapshot.storage.k8s.io/v1beta1 +apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: pvcsnap @@ -226,7 +210,7 @@ metadata: provisioner: "csi-isilon.dellemc.com" reclaimPolicy: Delete parameters: - ClusterName: + ClusterName: AccessZone: System isiPath: "/ifs/data/csi" AzServiceIP : 'XX.XX.XX.XX' @@ -365,7 +349,7 @@ We support CustomTopology which enables users to apply labels for nodes - "csi-i When “enableCustomTopology” is set to “true”, the CSI driver fetches custom labels “csi-isilon.dellemc.com/XX.XX.XX.XX=csi-isilon.dellemc.com” applied on worker nodes, and use them to initialize node pod with custom PowerScale FQDN/IP. -**Note:** Only a single cluster can be configured as part of secret.json for custom topology. +**Note:** Only a single cluster can be configured as part of secret.yaml for custom topology. ### Topology Usage @@ -431,6 +415,13 @@ has workloads scheduled, there is a possibility that it might lead to backward c Also, the previous workload will still be using the default network and not custom networks. For previous workloads to use custom networks, the recreation of pods is required. +When csi-powerscale driver creates an NFS export, the traffic flows through the client specified in the export. By default, the client is the network interface for Kubernetes +communication (same IP/fqdn as k8s node) by default. + +For a cluster with multiple network interfaces and if a user wants to segregate k8s traffic from NFS traffic; you can use the `allowedNetworks` option. +`allowedNetworks` takes CIDR addresses as a parameter to match the IPs to be picked up by the driver to allow and route NFS traffic. + + ## Volume Limit The CSI Driver for Dell EMC PowerScale allows users to specify the maximum number of PowerScale volumes that can be used in a node. @@ -447,10 +438,6 @@ Now user can define in which worker node, the CSI node pod daemonset can run (ju Similarly, users can define the tolerations based on various conditions like memory pressure, disk pressure and network availability. Refer to https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/#taints-and-tolerations for more information. -## Dynamic log level change - -Log levels (debug, info, error, warning) were controlled only in my-isilon-settings.yaml which required restarting of csi-driver. Now the control has been transferred to secret definition (secret.json or secret.yaml). Changing the Log level in secret dynamically changes the log levels in controller and node logs. - ## Usage of SmartQuotas to Limit Storage Consumption CSI driver for Dell EMC Isilon handles capacity limiting using SmartQuotas feature. @@ -474,3 +461,69 @@ Let us assume the user creates a PVC with 3 Gi of storage and 'SmartQuotas' have - The user tries to add 2Gi more data. Now the total size of data is 4Gi. - Driver allows the user to enter more data irrespective of the initial PVC size (since no quota is set against this PVC) - The user can expand the volume from an initial size of 3Gi to 4Gi or more. The driver allows it. + + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for PowerScale version 1.6.0 and updated in version 2.0.0 + +### Helm based installation +As part of driver installation, a ConfigMap with the name `isilon-config-params` is created, which contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` attribute in values.yaml during driver installation. + +To change the log level dynamically to a different value user can edit the same values.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace isilon --values ./my-isilon-settings.yaml --upgrade +``` + +Note: here my-isilon-settings.yaml is a values.yaml file which user has used for driver installation. + + +### Operator based installation +As part of driver installation, a ConfigMap with the name `isilon-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `isilon-config-params` and update `CSI_LOG_LEVEL` to the desired log level. +``` +kubectl edit configmap -n isilon isilon-config-params +``` + +>Note: Prior to CSI Driver for PowerScale version 2.0.0, the log level was allowed to be updated dynamically through `logLevel` attribute in the secret object. + +## NAT Support + +CSI Driver for Dell EMC PowerScale is supported in the NAT environment. + +## Configurable permissions for volume directory + +This feature is introduced in CSI Driver for PowerScale version 2.0.0 + +### Helm based installation +The permissions for volume directory can now be configured in 3 ways: + +1. Through values.yaml +2. Through secrets +3. Through storage class + +``` + # isiVolumePathPermissions: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + isiVolumePathPermissions: "0777" +``` + +The permissions present in values.yaml are the default for all cluster config. + +If the volume permission is not present in storage class then secrets are considered and if it is not present even in secrets then values.yaml is considered. + +>**Note:**
For volume creation from source (volume from snapshot/volume from volume) permissions are inherited from source.

Create myvalues.yaml/my-isilon-settings.yaml and storage class according to csi-powerscale 2.0 + +### Operator based installation + +In the case of operator-based installation, default permission for powerscale directory is present in the samples file. + +Other ways of configuring powerscale volume permissions remain the same as helm-based installation. + diff --git a/content/v2/features/powerstore.md b/content/v2/csidriver/features/powerstore.md similarity index 87% rename from content/v2/features/powerstore.md rename to content/v2/csidriver/features/powerstore.md index c6966234b8..abb045b355 100644 --- a/content/v2/features/powerstore.md +++ b/content/v2/csidriver/features/powerstore.md @@ -1,6 +1,7 @@ --- title: PowerStore Description: Code features for PowerStore Driver +weight: 1 --- ## Creating volumes and consuming them @@ -28,7 +29,7 @@ kubectl delete -f tests/simple/simple.yaml You can use existent volumes from PowerStore array as Persistent Volumes in your Kubernetes, perform the following steps: 1. Open your volume in PowerStore Management UI, and take a note of volume-id. The volume link must look similar to `https:///#/storage/volumes/0055558c-5ae1-4ed1-b421-6f5a9475c19f/capacity`, where the `volume-id` is `0055558c-5ae1-4ed1-b421-6f5a9475c19f`. -2. Create PersistentVolume and use this volume-id in volumeHandle in format in the manifest. Modify other parameters according to your needs. +2. Create PersistentVolume and use this volume-id as a volumeHandle in the manifest. Modify other parameters according to your needs. ```yaml apiVersion: v1 kind: PersistentVolume @@ -41,7 +42,7 @@ spec: storage: 30Gi csi: driver: csi-powerstore.dellemc.com - volumeHandle: 0055558c-5ae1-4ed1-b421-6f5a9475c19f/unique/scsi + volumeHandle: 0055558c-5ae1-4ed1-b421-6f5a9475c19f persistentVolumeReclaimPolicy: Retain storageClassName: powerstore volumeMode: Filesystem @@ -86,9 +87,7 @@ spec: ## Volume Snapshot Feature -The Volume Snapshot feature was introduced in alpha (v1alpha1) in Kubernetes 1.13 and then moved to beta (v1beta1) in Kubernetes version 1.17 and was generally available (v1) in Kubernetes version >= 1.20. - -The CSI PowerStore driver version 1.4 supports v1beta1 snapshots on Kubernetes 1.19 and v1 snapshots on Kubernetes 1.20/1.21. +The CSI PowerStore driver version 2.0.0 supports v1 snapshots. In order to use Volume Snapshots, ensure the following components have been deployed to your cluster: - Kubernetes Volume Snapshot CRDs @@ -96,7 +95,7 @@ In order to use Volume Snapshots, ensure the following components have been depl - Volume Snapshot Class >Note: From v1.4, the CSI PowerStore driver installation process will no longer create VolumeSnapshotClass. -> If you want to create VolumeSnapshots, then create a VolumeSnapshotClass using the sample provided in the _helm/samples_ folder +> If you want to create VolumeSnapshots, then create a VolumeSnapshotClass using the sample provided in the _samples_ folder ### Creating Volume Snapshots The following is a sample manifest for creating a Volume Snapshot using the **v1** snapshot APIs: @@ -126,7 +125,7 @@ status: CSI PowerStore driver version 1.4 makes the snapshot feature optional for the installation. -To enable or disable this feature, specify the following in `values.yaml` +To enable or disable this feature, change values.snapshot.enable parameter to true or false, specify the following in `values.yaml` to enable this feature ```yaml snapshot: enable: true @@ -253,7 +252,7 @@ Raw Block volumes are presented as a block device to the pod by using a bind mou The driver does not format or check the format of any file system on the block device. Raw Block volumes do support online Volume Expansion, but it is up to the application to manage to reconfigure the file system (if any) to the new size. -For additional information, see the [kubernetes](https://kubernetes.io/DOCS/CONCEPTS/STORAGE/PERSISTENT-VOLUMES/#RAW-BLOCK-VOLUME-SUPPORT) website. +For additional information, see the [kubernetes](https://kubernetes.io/DOCS/CONCEPTS/STORAGE/PERSISTENT-VOLUMES/#raw-block-volume-support) website. ## Volume Cloning Feature @@ -325,7 +324,6 @@ spec: fsType: "ext4" volumeAttributes: size: "20Gi" - arrayID: "unique" ``` This manifest creates a pod and attaches a newly created ephemeral inline CSI volume to it. @@ -395,7 +393,7 @@ This Topology support does not include customer-defined topology, users cannot c ### Topology Usage -To use the Topology features user must create their own storage classes similar to those that can be found in `helm/samples/storageclass` folder. +To use the Topology features user must create their own storage classes similar to those that can be found in `samples/storageclass` folder. The following is one of example storage class manifest: ```yaml @@ -425,7 +423,7 @@ For any additional information about the topology, see the [Kubernetes Topology ## Reuse PowerStore hostname -The CSI PowerStore driver version 1.2 and later can automatically detect if the current node was already registered as a Host on the storage array before. It will check if Host initiators and node initiators (FC or iSCSI) match. If they do, the driver will not create a new storage class and will take the existing name of the Host as nodeID. +The CSI PowerStore driver version 1.2 and later can automatically detect if the current node was already registered as a Host on the storage array before. It will check if Host initiators and node initiators (FC or iSCSI) match. If they do, the driver will not create a new host and will take the existing name of the Host as nodeID. ## Multiarray support @@ -546,7 +544,7 @@ This means that we allow for NFS Export created by driver to be consumed by addr ## Array identification based on GlobalID -CSI PowerStore driver version 1.4.0 slightly changes the way arrays are being identified in runtime. +CSI PowerStore driver version 1.4.0 onwards slightly changes the way arrays are being identified in runtime. In previous versions of the driver, a management IP address was used to identify an array. The address change could lead to an invalid state of PV. From version 1.4.0 a unique GlobalID string is used for an array identification. It has to be specified in `config.yaml` and in Storage Classes. @@ -558,7 +556,7 @@ However, to provision new volumes, make sure to delete old Storage Classes and c ## Root squashing -CSI PowerStore driver version 1.4.0 allows users to enable root squashing for NFS volumes provisioned by the driver. +CSI PowerStore driver version 1.4.0 and later allows users to enable root squashing for NFS volumes provisioned by the driver. Root squashing rule prevents root users on NFS clients from exercising root privileges on the NFS server. @@ -575,5 +573,36 @@ parameters: allowRoot: "false" # enables or disables root squashing ``` -> The 1.4 version of the driver also enables any container user, to have full access to provisioned NFS volume, in earlier versions only `root` user had access +> The 1.4 version and later of the driver also enables any container user, to have full access to provisioned NFS volume, in earlier versions only `root` user had access + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for PowerStore version 2.0.0. + +### Helm based installation +As part of driver installation, a ConfigMap with the name `powerstore-config-params` is created, which contains attributes `CSI_LOG_LEVEL` which specifies the current log level of CSI driver and `CSI_LOG_FORMAT` which specifies the current log format of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` and log format to `logFormat` attribute in `my-powerstore-settings.yaml` during driver installation. + +To change the log level or log format dynamically to a different value user can edit the same values.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace csi-powerstore --values ./my-powerstore-settings.yaml --upgrade +``` + +Note: here `my-powerstore-settings.yaml` is a `values.yaml` file which user has used for driver installation. + + +### Operator based installation +As part of driver installation, a ConfigMap with the name `powerstore-config-params` is created using the manifest located in the sample file. This ConfigMap contains attributes `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver and `CSI_LOG_FORMAT` which specifies the current log format of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `powerstore-config-params` and update `CSI_LOG_LEVEL` to the desired log level and `CSI_LOG_FORMAT` to the desired log format. +``` +kubectl edit configmap -n csi-powerstore powerstore-config-params +``` + +## NAT Support + +CSI Driver for Dell EMC Powerstore is supported in the NAT environment for NFS protocol. +The user will be able to install the driver and able to create pods. diff --git a/content/v2/features/unity.md b/content/v2/csidriver/features/unity.md similarity index 81% rename from content/v2/features/unity.md rename to content/v2/csidriver/features/unity.md index f78cd3d98d..304fd93271 100644 --- a/content/v2/features/unity.md +++ b/content/v2/csidriver/features/unity.md @@ -1,6 +1,7 @@ --- title: Unity Description: Code features for Unity Driver +weight: 1 --- ## Creating volumes and consuming them @@ -10,7 +11,7 @@ Create a file `sample.yaml` using sample yaml files located at test/sample.yaml The following command creates a statefulset that consumes three volumes of default storage classes: ```bash -kubectl create -f tests/sample.yaml +kubectl create -f test/sample.yaml ``` After executing this command 3 PVC and statefulset are created in the `test-unity` namespace. @@ -24,7 +25,7 @@ The pod should be `Ready` and `Running`. To delete volumes, pod and statefulset run the command ```bash -kubectl delete -f tests/sample.yaml +kubectl delete -f test/sample.yaml ``` ## Consuming existing volumes with static provisioning @@ -99,22 +100,18 @@ spec: ## Volume Snapshot Feature -The Volume Snapshot feature was introduced in alpha (v1alpha1) in Kubernetes 1.13 and then moved to beta (v1beta1) in Kubernetes version 1.17 and generally available (v1) in Kubernetes version >=1.20. - -The CSI Unity driver version 1.5 supports v1beta1 snapshots on Kubernetes 1.19 and v1 snapshots on Kubernetes 1.20 and 1.21. - In order to use Volume Snapshots, ensure the following components have been deployed to your cluster: - Kubernetes Volume Snapshot CRDs - Volume Snapshot Controller ### Volume Snapshot Class -During the installation of the CSI Unity 1.5 driver, a Volume Snapshot Class is created. This is the only Volume Snapshot Class required and there is no need to create any other Volume Snapshot Class. +During the installation of the CSI Unity 2.0 driver, a Volume Snapshot Class is not created and need to create Volume Snapshot Class. -Following is the manifest for a Volume Snapshot Class created during installation: +Following is the manifest to create Volume Snapshot Class : ```yaml -apiVersion: snapshot.storage.k8s.io/v1 #For beta snapshots the apiVersion will be snapshot.storage.k8s.io/v1beta1 +apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotClass metadata: name: unity-snapclass @@ -127,7 +124,7 @@ deletionPolicy: Delete The following is a sample manifest for creating a Volume Snapshot using the **v1** snapshot APIs: ```yaml -apiVersion: snapshot.storage.k8s.io/v1 #For beta snapshots the apiVersion will be snapshot.storage.k8s.io/v1beta1 +apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: pvol0-snap @@ -138,7 +135,7 @@ spec: persistentVolumeClaimName: pvol ``` -Once the VolumeSnapshot is successfully created by the CSI Unity driver, a VolumeSnapshotContent object is automatically created. Once the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_, it is available for use. +Once the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_, it is available for use. Following is the relevant section of VolumeSnapshot object status: @@ -148,6 +145,8 @@ status: creationTime: "2020-07-16T08:42:12Z" readyToUse: true ``` +Note : +For CSI Driver for Unity version 1.6 and later, `dell-csi-helm-installer` does not create any Volume Snapshot classes as part of the driver installation. A set of annotated volume snapshot class manifests have been provided in the `csi-unity/samples/volumesnapshotclass/` folder. Use these samples to create new Volume Snapshot to provision storage. ### Creating PVCs with Volume Snapshots as Source @@ -458,11 +457,40 @@ The CSI Driver for Dell EMC Unity allows users to specify the maximum number of The user can set the volume limit for a node by creating a node label `max-unity-volumes-per-node` and specifying the volume limit for that node.
`kubectl label node max-unity-volumes-per-node=` -The user can also set the volume limit for all the nodes in the cluster by specifying the same to `maxUnityVolumesPerNode` attribute in secret.json or secret.yaml file. +The user can also set the volume limit for all the nodes in the cluster by specifying the same to `maxUnityVolumesPerNode` attribute in values.yaml file. + +>**NOTE:**
To reflect the changes after setting the value either via node label or in values.yaml file, user has to bounce the driver controller and node pods using the command `kubectl get pods -n unity --no-headers=true | awk '/unity-/{print $1}'| xargs kubectl delete -n unity pod`.

If the value is set both by node label and values.yaml file then node label value will get the precedence and user has to remove the node label in order to reflect the values.yaml value.

The default value of `maxUnityVolumesPerNode` is 0.

If `maxUnityVolumesPerNode` is set to zero, then CO SHALL decide how many volumes of this type can be published by the controller to the node.

The volume limit specified to `maxUnityVolumesPerNode` attribute is applicable to all the nodes in the cluster for which node label `max-unity-volumes-per-node` is not set. + +## NAT Support +CSI Driver for Dell EMC Unity is supported in the NAT environment for NFS protocol. + +The user will be able to install the driver and able to create pods. + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for unity version 2.0.0. + +### Helm based installation +As part of driver installation, a ConfigMap with the name `unity-config-params` is created, which contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of CSI driver. ->**NOTE:**
To reflect the changes after setting the value either via node label or in secret.json/secret.yaml file, user has to bounce the driver controller and node pods using the command `kubectl get pods -n unity --no-headers=true | awk '/unity-/{print $1}'| xargs kubectl delete -n unity pod`.

If the value is set both by node label and secret.json/secret.yaml file then node label value will get the precedence and user has to remove the node label in order to reflect the secret.json/secret.yaml value.

The default value of `maxUnityVolumesPerNode` is 0.

If `maxUnityVolumesPerNode` is set to zero, then CO SHALL decide how many volumes of this type can be published by the controller to the node.

The volume limit specified to `maxUnityVolumesPerNode` attribute is applicable to all the nodes in the cluster for which node label `max-unity-volumes-per-node` is not set. +Users can set the default log level by specifying log level to `logLevel` attribute in values.yaml during driver installation. + +To change the log level dynamically to a different value user can edit the same values.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace unity --values ./myvalues.yaml --upgrade +``` + +Note: myvalues.yaml is a values.yaml file which user has used for driver installation. + + +### Operator based installation +As part of driver installation, a ConfigMap with the name `unity-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `unity-config-params` and update `CSI_LOG_LEVEL` to the desired log level. +``` +kubectl edit configmap -n unity unity-config-params +``` -## Log Levels -The CSI Driver for Dell EMC Unity allows users to configure different log levels using **logLevel** parameter. +>Note: Prior to CSI Driver for unity version 2.0.0, the log level was allowed to be updated dynamically through `logLevel` attribute in the secret object. -The **logLevel** parameter needs to be configured in unity-creds secret created from secret.json or secret.yaml. The supported log levels are Info/Debug/Warn/Error. The default level is Info if logLevel is not configured by the user. The parameter can be changed dynamically without the need of driver re-installation or restart. \ No newline at end of file diff --git a/content/v2/dell-csi-driver/flex.jpeg b/content/v2/csidriver/flex.jpeg similarity index 100% rename from content/v2/dell-csi-driver/flex.jpeg rename to content/v2/csidriver/flex.jpeg diff --git a/content/v2/csidriver/installation/_index.md b/content/v2/csidriver/installation/_index.md new file mode 100644 index 0000000000..90e2b25f9d --- /dev/null +++ b/content/v2/csidriver/installation/_index.md @@ -0,0 +1,11 @@ +--- +title: "Installation" +linkTitle: "Installation" +weight: 2 +description: Methods to install CSI Drivers +tags: + - install + - csi-driver +--- + +Installation information for all the drivers/modules can be found on the individual driver's page in this section diff --git a/content/v2/installation/helm/_index.md b/content/v2/csidriver/installation/helm/_index.md similarity index 72% rename from content/v2/installation/helm/_index.md rename to content/v2/csidriver/installation/helm/_index.md index 595da88df9..4bd95d84b7 100644 --- a/content/v2/installation/helm/_index.md +++ b/content/v2/csidriver/installation/helm/_index.md @@ -3,13 +3,13 @@ title: "CSI Driver installation using Helm" linkTitle: "Using Helm" weight: 2 Description: > - Installation of Dell EMC CSI drivers using Helm installer + Installation of CSI Drivers using Helm --- -This section provides the details and instructions on how to install the Dell EMC CSI drivers using the provided Helm charts and the Dell CSI Helm Installer. +This section provides the details and instructions on how to install the CSI Driver components using the provided Helm charts and in the case of the CSI drivers, the Dell CSI Helm Installer. ## Dependencies -Installing any of the Dell EMC CSI Drivers using Helm requires a few utilities to be installed on the system running the installation. +Installing any of the CSI Driver components using Helm requires a few utilities to be installed on the system running the installation. | Dependency | Usage | |------------|-------| @@ -17,5 +17,5 @@ Installing any of the Dell EMC CSI Drivers using Helm requires a few utilities t | `helm` | Helm v3 is used as the deployment tool for Charts. Go [here](https://helm.sh/docs/intro/install/) to install Helm 3.| | `sshpass` | sshpass is used to check certain pre-requisites in worker nodes (in chosen drivers). | -\ + **Note:** To use these tools, a valid `KUBECONFIG` is required. Ensure that either a valid configuration is in the default location, or, that the `KUBECONFIG` environment variable points to a valid configuration before using these tools. diff --git a/content/v2/installation/helm/isilon.md b/content/v2/csidriver/installation/helm/isilon.md similarity index 50% rename from content/v2/installation/helm/isilon.md rename to content/v2/csidriver/installation/helm/isilon.md index 475a31545b..8f4960f11f 100644 --- a/content/v2/installation/helm/isilon.md +++ b/content/v2/csidriver/installation/helm/isilon.md @@ -1,7 +1,7 @@ --- title: PowerScale description: > - Installing PowerScale CSI Driver via Helm + Installing CSI Driver for PowerScale via Helm --- The CSI Driver for Dell EMC PowerScale can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerscale/tree/master/dell-csi-helm-installer). @@ -19,7 +19,7 @@ The node section of the Helm chart installs the following component in a _Daemon ## Prerequisites The following are requirements to be met before installing the CSI Driver for Dell EMC PowerScale: -- Install Kubernetes or OpenShift (see [supported versions](../../../dell-csi-driver/#features-and-capabilities)) +- Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) - Install Helm 3 - Mount propagation is enabled on container runtime that is being used - If using Snapshot feature, satisfy all Volume Snapshot requirements @@ -37,33 +37,29 @@ Install Helm 3.0 on the master node before you install the CSI Driver for Dell E Applicable only if you decided to enable snapshot feature in `values.yaml` ```yaml -snapshot: - enabled: true +controller: + snapshot: + enabled: true ``` #### Volume Snapshot CRD's -The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. -- If on Kubernetes 1.19 (beta snapshots) use [v3.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/client/config/crd) -- If on Kubernetes 1.20/1.21 (v1 snapshots) use [v4.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/client/config/crd) +The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. Manifests are available here:[v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/client/config/crd) #### Volume Snapshot Controller -The beta Volume Snapshots in Kubernetes version 1.17 and later, the CSI external-snapshotter sidecar is split into two controllers: +The CSI external-snapshotter sidecar is split into two controllers: - A common snapshot controller - A CSI external-snapshotter sidecar -The common snapshot controller must be installed only once in the cluster irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available: -- If on Kubernetes 1.19 (beta snapshots) use [v3.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/deploy/kubernetes/snapshot-controller) -- If on Kubernetes 1.20 and 1.21 (v1 snapshots) use [v4.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/deploy/kubernetes/snapshot-controller) +The common snapshot controller must be installed only once in the cluster irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available here: [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/deploy/kubernetes/snapshot-controller) *NOTE:* -- The manifests available on GitHub install the snapshotter image: - - [quay.io/k8scsi/csi-snapshotter:v3.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v3.0.3&tab=tags) +- The manifests available on GitHub install the snapshotter image: - [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. #### Installation example -You can install CRDs and default snapshot controller by running following commands: +You can install CRDs and the default snapshot controller by running the following commands: ```bash git clone https://github.com/kubernetes-csi/external-snapshotter/ cd ./external-snapshotter @@ -73,70 +69,72 @@ kubectl create -f deploy/kubernetes/snapshot-controller ``` *NOTE:* -- It is recommended to use 3.0.x version of snapshotter/snapshot-controller when using Kubernetes 1.19 -- When using Kubernetes 1.20/1.21 it is recommended to use 4.0.x version of snapshotter/snapshot-controller. +- It is recommended to use 4.2.x version of snapshotter/snapshot-controller. - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. ## Install the Driver **Steps** -1. Run `git clone https://github.com/dell/csi-powerscale.git` to clone the git repository. -2. Ensure that you have created namespace where you want to install the driver. You can run `kubectl create namespace isilon` to create a new one. The use of "isilon" as the namespace is just an example. You can choose any name for the namespace. -3. Collect information from the PowerScale Systems like IP address, IsiPath, username, and password. Make a note of the value for these parameters as they must be entered in the *secret.json*. +1. Run `git clone -b v2.0.0 https://github.com/dell/csi-powerscale.git` to clone the git repository. +2. Ensure that you have created the namespace where you want to install the driver. You can run `kubectl create namespace isilon` to create a new one. The use of "isilon" as the namespace is just an example. You can choose any name for the namespace. +3. Collect information from the PowerScale Systems like IP address, IsiPath, username, and password. Make a note of the value for these parameters as they must be entered in the *secret.yaml*. 4. Copy *the helm/csi-isilon/values.yaml* into a new location with name say *my-isilon-settings.yaml*, to customize settings for installation. 5. Edit *my-isilon-settings.yaml* to set the following parameters for your installation: The following table lists the primary configurable parameters of the PowerScale driver Helm chart and their default values. More detailed information can be found in the [`values.yaml`](https://github.com/dell/csi-powerscale/blob/master/helm/csi-isilon/values.yaml) file in this repository. | Parameter | Description | Required | Default | - | --------- | ----------- | -------- |-------- | - | certSecretCount | Represents the number of certificate secrets, which the user is going to create for SSL authentication. (isilon-cert-0..isilon-cert-(n-1)); Minimum value should be 1.| true | 1 | - | isiPort | "isiPort" defines the HTTPs port number of the PowerScale OneFS API server. | false | 8080 | - | allowedNetworks | "allowedNetworks" defines the list of networks that can be used for NFS I/O traffic, CIDR format must be used. | false | [ ] | - | isiInsecure | "isiInsecure" specifies whether the PowerScale OneFS API server's certificate chain and hostname must be verified. This value will affect the default storage class implementation. | false | true | - | isiAccessZone | The name of the access zone a volume can be created in. | false | System | - | volumeNamePrefix | "volumeNamePrefix" defines a string prepended to each volume created by the CSI driver. | false | k8s | - | controllerCount | "controllerCount" defines the number of CSI PowerScale controller nodes to deploy to the Kubernetes release.| true | 2 | - | enableQuota | Indicates whether the provisioner should attempt to set (later unset) quota on a newly provisioned volume. This requires SmartQuotas to be enabled.| false | true | - | noProbeOnStart | Indicates whether the controller/node should probe during initialization. | false | false | - | isiPath | The default base path for the volumes to be created, will be used if a storage class does not have the IsiPath parameter specified.| false | /ifs/data/csi | - | autoProbe | Enable auto probe. | false | true | - | nfsV3 | Specify whether to set the version to v3 when mounting an NFS export. If the value is "false", then the default version supported will be used (that is, the mount command will not explicitly specify "-o vers=3" option). This flag has now been deprecated and will be removed in a future release. Use the StorageClass.mountOptions if you want to specify 'vers=3' as a mount option. | false | false | - | enableCustomTopology | Indicates PowerScale FQDN/IP which will be fetched from node label and the same will be used by controller and node pod to establish a connection to Array. This requires enableCustomTopology to be enabled. | false | false | - | maxIsilonVolumesPerNode | Specify the default value for a maximum number of volumes that the controller can publish to the node. If the value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. | true | 0 | - | ***Controller parameters*** | Set nodeSelector and tolerations for controller. | - | nodeSelector | Define nodeSelector for the controllers, if required. | false | | - | tolerations | Define tolerations for the controllers, if required. | false | | - | ***Node parameters*** | Set nodeSelector and tolerations for node pods. | - | nodeSelector | Define nodeSelector for the node pods, if required. | false | | - | tolerations | Define tolerations for the node pods, if required. | false | | - + | --------- | ----------- | -------- |-------- | + | logLevel | CSI driver log level | No | "debug" | + | certSecretCount | Defines the number of certificate secrets, which the user is going to create for SSL authentication. (isilon-cert-0..isilon-cert-(n-1)); Minimum value should be 1.| Yes | 1 | + | [allowedNetworks](../../../features/powerscale/#support-custom-networks-for-nfs-io-traffic) | Defines the list of networks that can be used for NFS I/O traffic, CIDR format must be used. | No | [ ] | + | maxIsilonVolumesPerNode | Defines the default value for a maximum number of volumes that the controller can publish to the node. If the value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. | Yes | 0 | + | imagePullPolicy | Defines the policy to determine if the image should be pulled prior to starting the container | Yes | IfNotPresent | + | verbose | Indicates what content of the OneFS REST API message should be logged in debug level logs | Yes | 1 | + | kubeletConfigDir | Specify kubelet config dir path | Yes | "/var/lib/kubelet" | + | enableCustomTopology | Indicates PowerScale FQDN/IP which will be fetched from node label and the same will be used by controller and node pod to establish a connection to Array. This requires enableCustomTopology to be enabled. | No | false | + | ***controller*** | Configure controller pod specific parameters | | | + | controllerCount | Defines the number of csi-powerscale controller pods to deploy to the Kubernetes release| Yes | 2 | + | volumeNamePrefix | Defines a string prefix for the names of PersistentVolumes created | Yes | "k8s" | + | snapshot.enabled | Enable/Disable volume snapshot feature | Yes | true | + | snapshot.snapNamePrefix | Defines a string prefix for the names of the Snapshots created | Yes | "snapshot" | + | resizer.enabled | Enable/Disable volume expansion feature | Yes | true | + | nodeSelector | Define node selection constraints for pods of controller deployment | No | | + | tolerations | Define tolerations for the controller deployment, if required | No | | + | ***node*** | Configure node pod specific parameters | | | + | nodeSelector | Define node selection constraints for pods of node daemonset | No | | + | tolerations | Define tolerations for the node daemonset, if required | No | | + | dnsPolicy | Define the DNS Policy of the Node service | Yes | ClusterFirstWithHostNet | + | ***PLATFORM ATTRIBUTES*** | | | | + | endpointPort | Define the HTTPs port number of the PowerScale OneFS API server. This value acts as a default value for endpointPort, if not specified for a cluster config in secret. | No | 8080 | + | skipCertificateValidation | Specify whether the PowerScale OneFS API server's certificate chain and hostname must be verified. This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret. | No | true | + | isiAccessZone | Define the name of the access zone a volume can be created in. If storageclass is missing with AccessZone parameter, then value of isiAccessZone is used for the same. | No | System | + | enableQuota | Indicates whether the provisioner should attempt to set (later unset) quota on a newly provisioned volume. This requires SmartQuotas to be enabled.| No | true | + | isiPath | Define the base path for the volumes to be created on PowerScale cluster. This value acts as a default value for isiPath, if not specified for a cluster config in secret| No | /ifs/data/csi | + | noProbeOnStart | Define whether the controller/node plugin should probe all the PowerScale clusters during driver initialization | No | false | + | autoProbe | Specify if automatically probe the PowerScale cluster if not done already during CSI calls | No | true | + *NOTE:* - - User should provide all boolean values with double-quotes. This applies only for *my-isilon-settings.yaml*. Example: "true"/"false" - - ControllerCount parameter value must not exceed the number of nodes in the Kubernetes cluster. Otherwise, some of the controller pods remain in "Pending" state till new nodes are available for scheduling. The installer exits with a WARNING on the same. + - ControllerCount parameter value must not exceed the number of nodes in the Kubernetes cluster. Otherwise, some of the controller pods remain in a "Pending" state till new nodes are available for scheduling. The installer exits with a WARNING on the same. - Whenever the *certSecretCount* parameter changes in *my-isilon-setting.yaml* user needs to reinstall the driver. -6. Create a secret file for the OneFS credentials by editing the *secret.json* or *secret.yaml* file present under helm directory. Either *secret.json* or *secret.yaml* can be used for adding the credentials of one or more OneFS storage arrays. The following table lists driver configuration parameters for a single storage array. +6. Edit following parameters in samples/secret/secret.yaml file and update/add connection/authentication information for one or more PowerScale clusters. | Parameter | Description | Required | Default | | --------- | ----------- | -------- |-------- | - | isiIP | "isiIP" defines the HTTPs endpoint of the PowerScale OneFS API server. | true | - | - | endpoint | This is a new way of defining existing isiIP. User can use either isiIP or endpoint but not both. | true | - | - | clusterName | PoweScale cluster against which volume CRUD operations are performed through this secret. This is a logical name. | true | - | - | username | Username for accessing PowerScale OneFS system. | true | - | - | password | Password for accessing PowerScale OneFS system. | true | - | - | isDefaultCluster |Defines whether this storage array should be the default. This entry should be present only for one OneFS array and that array will be marked default for existing volumes. | false | false | - | isDefault | This is a new way of defining the existing isDefaultCluster key. User can use either isDefaultCluster or isDefault key but not both. | false | false | - | ***Optional parameters*** | Following parameters are Optional if provided will override default values of values.yaml . | - | isiPort | isiPort defines the HTTPs port number of the PowerScale OneFS API server. | false | 8080 | - | isiInsecure | "isiInsecure" specifies whether the PowerScale OneFS API server's certificate chain and hostname should be verified. | false | false | - | skipCertificateValidation | This is a new way of defining the existing isiInsecure key. User can use either skipCertificateValidation or isiInsecure key but not both. | false | false | - | isiPath | The base path for the volumes to be created. Note: isiPath value provided in the storage class will take the highest precedence while creating PVC.| true | - | - | LogLevel | Log level of Drivers | false | "debug" | - - The username specified in *secret.json* / *secret.yaml* must be from the authentication providers of PowerScale. The user must have enough privileges to perform the actions. The suggested privileges are as follows: + | clusterName | Logical name of PoweScale cluster against which volume CRUD operations are performed through this secret. | Yes | - | + | username | username for connecting to PowerScale OneFS API server | Yes | - | + | password | password for connecting to PowerScale OneFS API server | Yes | - | + | endpoint | HTTPS endpoint of the PowerScale OneFS API server | Yes | - | + | isDefault | Indicates if this is a default cluster (would be used by storage classes without ClusterName parameter). Only one of the cluster config should be marked as default. | No | false | + | ***Optional parameters*** | Following parameters are Optional. If specified will override default values from values.yaml. | + | skipCertificateValidation | Specify whether the PowerScale OneFS API server's certificate chain and hostname must be verified. | No | default value from values.yaml | + | endpointPort | Specify the HTTPs port number of the PowerScale OneFS API server | No | default value from values.yaml | + | isiPath | The base path for the volumes to be created on PowerScale cluster. Note: IsiPath parameter in storageclass, if present will override this attribute. | No | default value from values.yaml | + + The username specified in *secret.yaml* must be from the authentication providers of PowerScale. The user must have enough privileges to perform the actions. The suggested privileges are as follows: | Privilege | Type | @@ -149,17 +147,14 @@ kubectl create -f deploy/kubernetes/snapshot-controller | ISI_PRIV_NS_IFS_ACCESS | Read Only | | ISI_PRIV_IFS_BACKUP | Read Only | -If user creates secret.json, then after editing the file, run the following command to create a secret called 'isilon-creds' -
`kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.json` - -Alternatively, if user creates secret.yaml, then the secret can be created by running the following command: - `kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml` +Create isilon-creds secret using the following command: +
`kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml -o yaml --dry-run=client | kubectl apply -f -` *NOTE:* - - If any key/value is present in *secret* file and *my-isilon-settings.yaml*, then the values provided *secret* takes precedence. - - If any key/value is present in all *my-isilon-settings.yaml*, *secret* and storageClass, then the values provided in storageClass parameters takes precedence. - - User has to validate the JSON/ yaml syntax and array-related key/values while replacing or appending the isilon-creds secret. The driver will continue to use previous values in case of an error found in the JSON / yaml file. - - For the key isiIP/endpoint, the user can give either IP address or FQDN. Also user can prefix 'https' (For example, https://192.168.1.1) with the value. + - If any key/value is present in all *my-isilon-settings.yaml*, *secret*, and storageClass, then the values provided in storageClass parameters take precedence. + - The user has to validate the yaml syntax and array-related key/values while replacing or appending the isilon-creds secret. The driver will continue to use previous values in case of an error found in the yaml file. + - For the key isiIP/endpoint, the user can give either IP address or FQDN. Also, the user can prefix 'https' (For example, https://192.168.1.1) with the value. + - The *isilon-creds* secret has a *mountEndpoint* parameter which should not be updated by the user. This parameter is updated and used when the driver has been injected with [CSM-Authorization](https://github.com/dell/karavi-authorization). 7. Install OneFS CA certificates by following the instructions from the next section, if you want to validate OneFS API server's certificates. If not, create an empty secret using the following command and an empty secret must be created for the successful installation of CSI Driver for Dell EMC PowerScale. ``` @@ -171,13 +166,13 @@ Alternatively, if user creates secret.yaml, then the secret can be created by ru ## Certificate validation for OneFS REST API calls -The CSI driver exposes an install parameter 'isiInsecure' which determines if the driver -performs client-side verification of the OneFS certificates. The 'isiInsecure' parameter is set to true by default and the driver does not verify the OneFS certificates. +The CSI driver exposes an install parameter 'skipCertificateValidation' which determines if the driver +performs client-side verification of the OneFS certificates. The 'skipCertificateValidation' parameter is set to true by default and the driver does not verify the OneFS certificates. -If the 'isiInsecure' or 'skipCertificateValidation' is set to false, then the secret isilon-certs must contain the CA certificate for OneFS. +If the 'skipCertificateValidation' is set to false, then the secret isilon-certs must contain the CA certificate for OneFS. If this secret is an empty secret, then the validation of the certificate fails, and the driver fails to start. -If the 'isiInsecure' or 'skipCertificateValidation' parameter is set to false and a previous installation attempt to create the empty secret, then this secret must be deleted and re-created using the CA certs. If the OneFS certificate is self-signed, then perform the following steps: +If the 'skipCertificateValidation' parameter is set to false and a previous installation attempt to create the empty secret, then this secret must be deleted and re-created using the CA certs. If the OneFS certificate is self-signed, then perform the following steps: ### Procedure @@ -191,27 +186,27 @@ If the 'isiInsecure' or 'skipCertificateValidation' parameter is set to false a 3. It is highly recommended that ca_cert.pem file(s) having the naming convention as ca_cert_number.pem (example: ca_cert_0, ca_cert_1), where this number starts from 0 and grows as the number of OneFS arrays grows. 4. The cert secret created out of these pem files must have the naming convention as isilon-certs-number (example: isilon-certs-0, isilon-certs-1, and so on.); The number must start from zero and must grow in incremental order. The number of the secrets created out of pem files should match certSecretCount value in myvalues.yaml or my-isilon-settings.yaml. -### Dynamic update of array details via secret.json +### Dynamic update of array details via secret.yaml + +CSI Driver for Dell EMC PowerScale now provides supports for Multi cluster. Now users can link the single CSI Driver to multiple OneFS Clusters by updating *secret.yaml*. Users can now update the isilon-creds secret by editing the *secret.yaml* and executing the following command -CSI Driver for Dell EMC PowerScale now provides supports for Multi cluster. Now users can link the single CSI Driver to multiple OneFS Clusters by updating *secret.json* or *secret.yaml*. User can now update the isilon-creds secret by editing the *secret.json* or *secret.yaml* and executing the following command (replace secret.json with secret.yaml based on need) +`kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml -o yaml --dry-run=client | kubectl apply -f -` -`kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.json -o yaml --dry-run=client | kubectl replace -f -` -  **Note**: Updating isilon-certs-x secrets is a manual process, unlike isilon-creds. Users have to re-install the driver in case of updating/adding the SSL certificates or changing the certSecretCount parameter. ## Storage Classes -The CSI driver for Dell EMC PowerScale version 1.5 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `helm/samples` folder. Use these samples to create new storage classes to provision storage. See this [note](../../../../v2/installation/helm/isilon/#storage-classes) for the driving reason behind this change. +The CSI driver for Dell EMC PowerScale version 1.5 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A sample storage class manifest is available at `samples/storageclass/isilon.yaml`. Use this sample manifest to create a storageclass to provision storage; uncomment/ update the manifest as per the requirements. ### What happens to my existing storage classes? -*Upgrading from CSI PowerScale v1.5 driver* +*Upgrading from CSI PowerScale v1.6 driver* The storage classes created as part of the installation have an annotation - "helm.sh/resource-policy": keep set. This ensures that even after an uninstall or upgrade, the storage classes are not deleted. You can continue using these storage classes if you wish so. *Upgrading from an older version of the driver* -It is strongly recommended to upgrade the earlier versions of CSI PowerScale to 1.5 before upgrading to 1.6. +It is strongly recommended to upgrade the earlier versions of CSI PowerScale to 1.6 before upgrading to 2.0. *NOTE*: - At least one storage class is required for one array. @@ -224,13 +219,17 @@ It is strongly recommended to upgrade the earlier versions of CSI PowerScale to In case you want to make such updates, ensure to delete the existing storage classes using the `kubectl delete storageclass` command. Deleting a storage class has no impact on a running Pod with mounted PVCs. You cannot provision new PVCs until at least one storage class is newly created. +>Note: If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. + ## Volume Snapshot Class -Starting CSI PowerScale v1.6, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. There is a sample Volume Snapshot Class manifest present in the _helm/samples/_ folder. Please use this sample to create a new Volume Snapshot Class to create Volume Snapshots. +Starting CSI PowerScale v1.6, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. Sample volume snapshot class manifests are available at `samples/volumesnapshotclass/`. Use these sample manifests to create a volumesnapshotclass for creating volume snapshots; uncomment/ update the manifests as per the requirements. ### What happens to my existing Volume Snapshot Classes? -*Upgrading from CSI PowerScale v1.5 driver* + +*Upgrading from CSI PowerScale v1.6 driver*: The existing volume snapshot class will be retained. -*Upgrading from an older version of the driver* : -It is strongly recommended to upgrade the earlier versions of CSI PowerScale to 1.5 before upgrading to 1.6. +*Upgrading from an older version of the driver*: +It is strongly recommended to upgrade the earlier versions of CSI PowerScale to 1.6 before upgrading to 2.0. + diff --git a/content/v2/installation/helm/powerflex.md b/content/v2/csidriver/installation/helm/powerflex.md similarity index 53% rename from content/v2/installation/helm/powerflex.md rename to content/v2/csidriver/installation/helm/powerflex.md index 259e66312e..697c8c786b 100644 --- a/content/v2/installation/helm/powerflex.md +++ b/content/v2/csidriver/installation/helm/powerflex.md @@ -2,7 +2,7 @@ title: PowerFlex linktitle: PowerFlex description: > - Installing PowerFlex CSI Driver via Helm + Installing the CSI Driver for PowerFlex via Helm --- The CSI Driver for Dell EMC PowerFlex can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerflex/tree/master/dell-csi-helm-installer). @@ -21,7 +21,7 @@ The node section of the Helm chart installs the following component in a _Daemon ## Prerequisites The following are requirements that must be met before installing the CSI Driver for Dell EMC PowerFlex: -- Install Kubernetes or OpenShift (see [supported versions](../../../dell-csi-driver/#features-and-capabilities)) +- Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) - Install Helm 3 - Enable Zero Padding on PowerFlex - Mount propagation is enabled on container runtime that is being used @@ -48,20 +48,13 @@ The CSI Driver for PowerFlex requires you to have installed the PowerFlex Storag SDC could be installed automatically by CSI driver install on Kubernetes nodes with OS platform which support automatic SDC deployment, currently Fedora CoreOS (FCOS) and Red Hat CoreOS (RHCOS). On Kubernetes nodes with OS version not supported by automatic install, you must perform the Manual SDC Deployment steps [below](#manual-sdc-deployment). -Refer https://hub.docker.com/r/dellemc/sdc for supported OS versions. +Refer to https://hub.docker.com/r/dellemc/sdc for supported OS versions. -#### SDC Deployment - -The CSI Driver for PowerFlex requires you to have installed the PowerFlex Storage Data Client (SDC) on all Kubernetes nodes which run the node portion of the CSI driver. SDC could be installed automatically by CSI driver install on Kubernetes nodes with OS platform which support automatic SDC deployment, currently Fedora CoreOS (FCOS) and Red Hat CoreOS (RHCOS). - -On Kubernetes nodes with OS version not supported by automatic install, you must perform the Manual SDC Deployment steps [below](#manual-sdc-deployment). -Refer https://hub.docker.com/r/dellemc/sdc for your OS versions. - -**Optional:** For a typical install, you will pull SDC kernel modules from the Dell EMC FTP site, which is set up by default. Some users might want to mirror this repository to a local location. The PowerFlex KB article (https://www.dell.com/support/kbdoc/en-us/000184206/how-to-use-a-private-repository-for) has instructions on how to do this. +**Optional:** For a typical install, you will pull SDC kernel modules from the Dell EMC FTP site, which is set up by default. Some users might want to mirror this repository to a local location. The [PowerFlex KB article](https://www.dell.com/support/kbdoc/en-us/000184206/how-to-use-a-private-repository-for) has instructions on how to do this. #### Manual SDC Deployment -For detailed PowerFlex installation procedure, see the _Dell EMC PowerFlex Deployment Guide_. Install the PowerFlex SDC as follows: +For detailed PowerFlex installation procedure, see the [Dell EMC PowerFlex Deployment Guide](https://docs.delltechnologies.com/bundle/VXF_DEPLOY/page/GUID-DD20489C-42D9-42C6-9795-E4694688CC75.html). Install the PowerFlex SDC as follows: **Steps** @@ -77,27 +70,23 @@ For detailed PowerFlex installation procedure, see the _Dell EMC PowerFlex Deplo Applicable only if you decided to enable snapshot feature in `values.yaml` ```yaml -snapshot: - enabled: true +controller: + snapshot: + enabled: true ``` #### Volume Snapshot CRD's -The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. -- If on Kubernetes 1.19 (beta snapshots) use [v3.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/client/config/crd) -- If on Kubernetes 1.20/1.21 (v1 snapshots) use [v4.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/client/config/crd) +The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. Manifests are available here: [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/client/config/crd) #### Volume Snapshot Controller -The beta Volume Snapshots in Kubernetes version 1.17 and later, the CSI external-snapshotter sidecar is split into two controllers: +The CSI external-snapshotter sidecar is split into two controllers: - A common snapshot controller - A CSI external-snapshotter sidecar -The common snapshot controller must be installed only once in the cluster irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available: -- If on Kubernetes 1.19 (beta snapshots) use [v3.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/deploy/kubernetes/snapshot-controller) -- If on Kubernetes 1.20 and 1.21 (v1 snapshots) use [v4.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/deploy/kubernetes/snapshot-controller) +The common snapshot controller must be installed only once in the cluster irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available here: [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/deploy/kubernetes/snapshot-controller) *NOTE:* - The manifests available on GitHub install the snapshotter image: - - [quay.io/k8scsi/csi-snapshotter:v3.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v3.0.3&tab=tags) - [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. @@ -113,68 +102,85 @@ kubectl create -f deploy/kubernetes/snapshot-controller ``` *NOTE:* -- It is recommended to use 3.0.x version of snapshotter/snapshot-controller when using Kubernetes 1.19 -- When using Kubernetes 1.20/1.21 it is recommended to use 4.0.x version of snapshotter/snapshot-controller. +- When using Kubernetes 1.20/1.21/1.22 it is recommended to use 4.2.x version of snapshotter/snapshot-controller. - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. ## Install the Driver **Steps** -1. Run `git clone https://github.com/dell/csi-powerflex.git` to clone the git repository. +1. Run `git clone -b v2.0.0 https://github.com/dell/csi-powerflex.git` to clone the git repository. 2. Ensure that you have created a namespace where you want to install the driver. You can run `kubectl create namespace vxflexos` to create a new one. 3. Check `helm/csi-vxflexos/driver-image.yaml` and confirm the driver image points to a new image. -4. Collect information from the PowerFlex SDC by executing the `get_vxflexos_info.sh` script located in the top-level helm directory. This script shows the _VxFlex OS system ID_ and _MDM IP_ addresses. Make a note of the value for these parameters as they must be entered in the `config.yaml` file in the top-level directory. +4. Collect information from the PowerFlex SDC by executing the `get_vxflexos_info.sh` script located in the top-level helm directory. This script shows the _VxFlex OS system ID_ and _MDM IP_ addresses. Make a note of the value for these parameters as they must be entered in the `config.yaml` file in the samples directory. -5. Prepare the config.yaml for driver configuration. The following table lists driver configuration parameters for multiple storage arrays. +5. Prepare the samples/config.yaml for driver configuration. The following table lists driver configuration parameters for multiple storage arrays. | Parameter | Description | Required | Default | | --------- | ------------------------------------------------------------ | -------- | ------- | | username | Username for accessing PowerFlex system. | true | - | | password | Password for accessing PowerFlex system. | true | - | | systemID | System name/ID of PowerFlex system. | true | - | + | allSystemNames | List of previous names of powerflex array if used for PV create | false | - | | endpoint | REST API gateway HTTPS endpoint for PowerFlex system. | true | - | | skipCertificateValidation | Determines if the driver is going to validate certs while connecting to PowerFlex REST API interface. | true | true | | isDefault | An array having isDefault=true is for backward compatibility. This parameter should occur once in the list. | false | false | | mdm | mdm defines the MDM(s) that SDC should register with on start. This should be a list of MDM IP addresses or hostnames separated by comma. | true | - | - Example: config.yaml + Example: `samples/config.yaml` ```yaml - - username: "admin" - password: "password" - systemID: "ID1" - endpoint: "https://127.0.0.1" - skipCertificateValidation: true - isDefault: true - mdm: "10.0.0.1,10.0.0.2" - - username: "admin" - password: "Password123" - systemID: "ID2" - endpoint: "https://127.0.0.2" - skipCertificateValidation: true - mdm: "10.0.0.3,10.0.0.4" + # Username for accessing PowerFlex system. + - username: "admin" + # Password for accessing PowerFlex system. + password: "password" + # System name/ID of PowerFlex system. + systemID: "ID1" + # Previous names of PowerFlex system if used for PV. + allSystemNames: "pflex-1,pflex-2" + # REST API gateway HTTPS endpoint for PowerFlex system. + endpoint: "https://127.0.0.1" + # Determines if the driver is going to validate certs while connecting to PowerFlex REST API interface. + # Allowed values: true or false + # Default value: true + skipCertificateValidation: true + # indicates if this array is the default array + # needed for backwards compatibility + # only one array is allowed to have this set to true + # Default value: false + isDefault: true + # defines the MDM(s) that SDC should register with on start. + # Allowed values: a list of IP addresses or hostnames separated by comma. + # Default value: none + mdm: "10.0.0.1,10.0.0.2" + - username: "admin" + password: "Password123" + systemID: "ID2" + endpoint: "https://127.0.0.2" + skipCertificateValidation: true + mdm: "10.0.0.3,10.0.0.4" ``` - After editing the file, run the following command to create a secret called `vxflexos-config` - `kubectl create secret generic vxflexos-config -n vxflexos --from-file=config=config.yaml` + After editing the file, run the following command to create a secret called `vxflexos-config`: + + `kubectl create secret generic vxflexos-config -n vxflexos --from-file=config=samples/config.yaml` Use the following command to replace or update the secret: - `kubectl create secret generic vxflexos-config -n vxflexos --from-file=config=config.yaml -o yaml --dry-run=client | kubectl replace -f -` + `kubectl create secret generic vxflexos-config -n vxflexos --from-file=config=samples/config.yaml -o yaml --dry-run=client | kubectl replace -f -` *NOTE:* - The user needs to validate the YAML syntax and array-related key/values while replacing the vxflexos-creds secret. - - If you update the secret, you will have to reinstall the driver. + - If you want to create a new array or update the MDM values in the secret, you will need to reinstall the driver. If you change other details, such as login information, the secret will dynamically update -- see [dynamic-array-configuration](../../../features/powerflex#dynamic-array-configuration) for more details. - Old `json` format of the array configuration file is still supported in this release. If you already have your configuration in `json` format, you may continue to maintain it or you may transfer this configuration to `yaml` format and replace/update the secret. + - "insecure" parameter has been changed to "skipCertificateValidation" as insecure is deprecated and will be removed from use in config.yaml or secret.yaml in a future release. Users can continue to use any one of "insecure" or "skipCertificateValidation" for now. The driver would return an error if both parameters are used. + - Please note that log configuration parameters from v1.5 will no longer work in v2.0. Please refer to the [Dynamic Logging Configuration](../../../features/powerflex#dynamic-logging-configuration) section in Features for more information. -6. Create the config map for use by the driver. The config map controls the level and format of the driver's logging. To create it: - `kubectl create -f logConfig.yaml` - To see possible configuration options, see the 'Dynamic Logging Configuration" section in Features. +6. Default logging options are set during helm install. To see possible configuration options, see the [Dynamic Logging Configuration](../../../features/powerflex#dynamic-logging-configuration) section in Features. 7. If using automated SDC deployment: - Check the SDC container image is the correct version for your version of PowerFlex. @@ -185,52 +191,109 @@ kubectl create -f deploy/kubernetes/snapshot-controller | Parameter | Description | Required | Default | | ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | -| volumeNamePrefix | Set so that volumes created by the driver have a default prefix. If one PowerFlex/VxFlex OS system is servicing several different Kubernetes installations or users, these prefixes help you distinguish them. | No | "k8s" | -| controllerCount | Set to deploy multiple controller instances. If the controller count is greater than the number of available nodes, excess pods remain in a pending state. You can increase the number of available nodes by configuring the "controller" section in your values.yaml. For more details on the new controller pod configurations, see the Features section for Powerflex specifics. | Yes | 2 | -| enablelistvolumesnapshot | Set to have snapshots included in the CSI operation ListVolumes. Disabled by default. | No | FALSE | -| allowRWOMultiPodAccess | Setting allowRWOMultiPodAccess to "true" will allow multiple pods on the same node to access the same RWO volume. This behavior conflicts with the CSI specification version 1.3. NodePublishVolume description that requires an error to be returned in this case. However, some other CSI drivers support this behavior and some customers desire this behavior. Customers use this option at their own risk. | No | FALSE | -| **controller** | This section allows the configuration of controller-specific parameters. To maximize the number of available nodes for controller pods, see this section. For more details on the new controller pod configurations, see the [Features section](../../../features/powerflex/) for Powerflex specifics. | - | - | -| nodeSelector | Defines what nodes would be selected for pods of controller deployment. Leave as blank to use all nodes. Uncomment this section to deploy on master nodes exclusively. | No | " " | -| tolerations | Defines tolerations that would be applied to controller deployment. Leave as blank to install the controller on worker nodes only. If deploying on master nodes is desired, uncomment out this section. | No | " " | -| **monitor** | This section allows the configuration of the SDC monitoring pod. | - | - | -| enabled | Set to enable the usage of the monitoring pod. | No | FALSE | -| hostNetwork | Set whether the monitor pod should run on the host network or not. | No | TRUE | -| hostPID | Set whether the monitor pod should run in the host namespace or not. | No | TRUE | -| **podmon** | Podmon is an optional feature under development and tech preview. Enable this feature only after contact support for additional information. | - | - | -| enabled | | No | FALSE | -| **vgsnapshotter** | Volume Group Snapshotter(vgsnapshotter) is an optional feature under development and tech preview. Enable this feature only after contact support for additional information. | - | - | -| enabled | | No | FALSE | - - -11. Install the driver using `csi-install.sh` bash script by running `cd ../dell-csi-helm-installer && ./csi-install.sh --namespace vxflexos --values ../helm/myvalues.yaml` +| version | Set to verify the values file version matches driver version. | Yes | 2.0.0 | +| certSecretCount | Represents the number of certificate secrets, which the user is going to create for SSL authentication. | No | 0 | +| logLevel | CSI driver log level. Allowed values: "error", "warn"/"warning", "info", "debug". | Yes | "debug" | +| logFormat | CSI driver log format. Allowed values: "TEXT" or "JSON". | Yes | "TEXT" | +| kubeletConfigDir | kubelet config directory path. Ensure that the config.yaml file is present at this path. | Yes | /var/lib/kubelet | +| defaultFsType | Used to set the default FS type which will be used for mount volumes if FsType is not specified in the storage class. Allowed values: ext4, xfs. | Yes | ext4 | +| imagePullPolicy | Policy to determine if the image should be pulled prior to starting the container. Allowed values: Always, IfNotPresent, Never. | Yes | IfNotPresent | +| enablesnapshotcgdelete | A boolean that, when enabled, will delete all snapshots in a consistency group everytime a snap in the group is deleted. | Yes | false | +| enablelistvolumesnapshot | A boolean that, when enabled, will allow list volume operation to include snapshots (since creating a volume from a snap actually results in a new snap). It is recommend this be false unless instructed otherwise. | Yes | false | +| allowRWOMultiPodAccess | Setting allowRWOMultiPodAccess to "true" will allow multiple pods on the same node to access the same RWO volume. This behavior conflicts with the CSI specification version 1.3. NodePublishVolume description that requires an error to be returned in this case. However, some other CSI drivers support this behavior and some customers desire this behavior. Customers use this option at their own risk. | Yes | false | +| **controller** | This section allows the configuration of controller-specific parameters. To maximize the number of available nodes for controller pods, see this section. For more details on the new controller pod configurations, see the [Features section](../../../features/powerflex#controller-ha) for Powerflex specifics. | - | - | +| volumeNamePrefix | Set so that volumes created by the driver have a default prefix. If one PowerFlex/VxFlex OS system is servicing several different Kubernetes installations or users, these prefixes help you distinguish them. | Yes | "k8s" | +| controllerCount | Set to deploy multiple controller instances. If the controller count is greater than the number of available nodes, excess pods remain in a pending state. It should be greater than 0. You can increase the number of available nodes by configuring the "controller" section in your values.yaml. For more details on the new controller pod configurations, see the [Features section](../../../features/powerflex#controller-ha) for Powerflex specifics. | Yes | 2 | +| snapshot.enabled | A boolean that enable/disable volume snapshot feature. | No | true | +| resizer.enabled | A boolean that enable/disable volume expansion feature. | No | true | +| nodeSelector | Defines what nodes would be selected for pods of controller deployment. Leave as blank to use all nodes. Uncomment this section to deploy on master nodes exclusively. | Yes | " " | +| tolerations | Defines tolerations that would be applied to controller deployment. Leave as blank to install the controller on worker nodes only. If deploying on master nodes is desired, uncomment out this section. | Yes | " " | +| **node** | This section allows the configuration of node-specific parameters. | - | - | +| nodeSelector | Defines what nodes would be selected for pods of node daemonset. Leave as blank to use all nodes. | Yes | " " | +| tolerations | Defines tolerations that would be applied to node daemonset. Leave as blank to install node driver only on worker nodes. | Yes | " " | +| **monitor** | This section allows the configuration of the SDC monitoring pod. | - | - | +| enabled | Set to enable the usage of the monitoring pod. | Yes | false | +| hostNetwork | Set whether the monitor pod should run on the host network or not. | Yes | true | +| hostPID | Set whether the monitor pod should run in the host namespace or not. | Yes | true | +| **vgsnapshotter** | This section allows the configuration of the volume group snapshotter(vgsnapshotter) pod. | - | - | +| enabled | A boolean that enable/disable vg snapshotter feature. | No | false | +| image | Image for vg snapshotter. | No | " " | +| **podmon** | Podmon is an optional feature under development and tech preview. Enable this feature only after contact support for additional information. | - | - | +| enabled | A boolean that enable/disable podmon feature. | No | false | +| image | image for podmon. | No | " " | + + +10. Install the driver using `csi-install.sh` bash script by running `cd ../dell-csi-helm-installer && ./csi-install.sh --namespace vxflexos --values ../helm/myvalues.yaml` *NOTE:* - For detailed instructions on how to run the install scripts, refer to the README.md in the dell-csi-helm-installer folder. -- This script runs the `verify-csi-vxflexos.sh` script that is present in the same directory. It will validate MDM IP(s) in `vxflexos-config` secret and creates a new field consumed by the init container and sdc-monitor container -- This script also runs the `verify.sh` script. You will be prompted to enter the credentials for each of the Kubernetes nodes. +- Install script will validate MDM IP(s) in `vxflexos-config` secret and creates a new field consumed by the init container and sdc-monitor container +- This install script also runs the `verify.sh` script. You will be prompted to enter the credentials for each of the Kubernetes nodes. The `verify.sh` script needs the credentials to check if SDC has been configured on all nodes. -- It is mandatory to run the first installation and installation after changes to MDM configuration in `vxflexos-config` secret - **without** skipping the verification. After that, you can use `--skip-verify-node` or `--skip-verify` . +- It is mandatory to run install script after changes to MDM configuration in `vxflexos-config` secret. Refer [dynamic-array-configuration](../../../features/powerflex#dynamic-array-configuration) + - (Optional) Enable additional Mount Options - A user is able to specify additional mount options as needed for the driver. - Mount options are specified in storageclass yaml under _mkfsFormatOption_. - *WARNING*: Before utilizing mount options, you must first be fully aware of the potential impact and understand your environment's requirements for the specified option. +## Certificate validation for PowerFlex Gateway REST API calls + +This topic provides details about setting up the certificate for the CSI Driver for Dell EMC PowerFlex. + +*Before you begin* + +As part of the CSI driver installation, the CSI driver requires a secret with the name vxflexos-certs-0 to vxflexos-certs-n based on the ".Values.certSecretCount" parameter present in the namespace vxflexos. + +This secret contains the X509 certificates of the CA which signed PowerFlex gateway SSL certificate in PEM format. + +The CSI driver exposes an install parameter in config.yaml, `skipCertificateValidation`, which determines if the driver performs client-side verification of the gateway certificates. + +`skipCertificateValidation` parameter is set to true by default, and the driver does not verify the gateway certificates. + +If `skipCertificateValidation` is set to false, then the secret vxflexos-certs-n must contain the CA certificate for the array gateway. + +If this secret is an empty secret, then the validation of the certificate fails, and the driver fails to start. + +If the gateway certificate is self-signed or if you are using an embedded gateway, then perform the following steps. + +1. To fetch the certificate, run the following command. + + `openssl s_client -showcerts -connect /dev/null | openssl x509 -outform PEM > ca_cert_0.pem` + + Example: openssl s_client -showcerts -connect 1.1.1.1:443 /dev/null | openssl x509 -outform PEM > ca_cert_0.pem + +2. Run the following command to create the cert secret with index '0': + + `kubectl create secret generic vxflexos-certs-0 --from-file=cert-0=ca_cert_0.pem -n vxflexos` + + Use the following command to replace the secret: + + `kubectl create secret generic vxflexos-certs-0 -n vxflexos --from-file=cert-0=ca_cert_0.pem -o yaml --dry-run | kubectl replace -f -` + +3. Repeat step 1 and 2 to create multiple cert secrets with incremental index (example: vxflexos-certs-1, vxflexos-certs-2, etc) + + +*Note:* + +- "vxflexos" is the namespace for helm-based installation but namespace can be user-defined in operator-based installation. +- User can add multiple certificates in the same secret. The certificate file should not exceed more than 1Mb due to Kubernetes secret size limitation. +- Whenever certSecretCount parameter changes in `myvalues.yaml` user needs to uninstall and install the driver. +- Updating vxflexos-certs-n secrets is a manual process, unlike vxflexos-config. Users have to re-install the driver in case of updating/adding the SSL certificates or changing the certSecretCount parameter. + + + ## Storage Classes -For CSI driver for PowerFlex version 1.4 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `helm/samples` folder. Use these samples to create new storage classes to provision storage. See this [note](../../../../v2/installation/helm/powerflex/#storage-classes) for the driving reason behind this change. +For CSI driver for PowerFlex version 1.4 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `samples` folder. Use these samples to create new storage classes to provision storage. ### What happens to my existing storage classes? -*Upgrading from CSI PowerFlex v1.4 driver* -The storage classes created as part of the installation have an annotation - "helm.sh/resource-policy": keep set. This ensures that even after an uninstall or upgrade, the storage classes are not deleted. You can continue using these storage classes if you wish so. - -*Upgrading from an older version of the driver* -The storage classes will be deleted if you upgrade the driver. If you wish to continue using those storage classes, you can patch them and apply the annotation "helm.sh/resource-policy": keep before performing an upgrade. +Upgrading from an older version of the driver: The storage classes will be deleted if you upgrade the driver. If you wish to continue using those storage classes, you can patch them and apply the annotation “helm.sh/resource-policy”: keep before performing an upgrade. -> *NOTE:* If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. +>Note: If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. **Steps to create storage class:** -There are samples storage class yaml files available under `helm/samples/storageclass`. These can be copied and modified as needed. +There are samples storage class yaml files available under `samples/storageclass`. These can be copied and modified as needed. 1. Edit `storageclass.yaml` if you need ext4 filesystem and `storageclass-xfs.yaml` if you want xfs filesystem. 2. Replace `` with the storage pool you have. @@ -251,4 +314,15 @@ Deleting a storage class has no impact on a running Pod with mounted PVCs. You c ## Volume Snapshot Class -Starting CSI PowerFlex v1.5, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. There is a sample Volume Snapshot Class manifest present in the _helm/samples/_ folder. Please use this sample to create a new Volume Snapshot Class to create Volume Snapshots. +Starting CSI PowerFlex v1.5, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. There is a sample Volume Snapshot Class manifest present in the _samples/_ folder. Please use this sample to create a new Volume Snapshot Class to create Volume Snapshots. + +*NOTE* +Support for v1beta1 snapshots is being discontinued in this release. + +### What happens to my existing Volume Snapshot Classes? + +*Upgrading from CSI PowerFlex v1.5 driver*: +The existing volume snapshot class will be retained. + +*Upgrading from an older version of the driver*: +It is strongly recommended to upgrade the earlier versions of CSI PowerFlex to 1.5 before upgrading to 2.0. diff --git a/content/v2/installation/helm/powermax.md b/content/v2/csidriver/installation/helm/powermax.md similarity index 74% rename from content/v2/installation/helm/powermax.md rename to content/v2/csidriver/installation/helm/powermax.md index efea35867a..4145ceca62 100644 --- a/content/v2/installation/helm/powermax.md +++ b/content/v2/csidriver/installation/helm/powermax.md @@ -2,10 +2,10 @@ title: PowerMax linktitle: PowerMax description: > - Installing PowerMax CSI Driver via Helm + Installing CSI Driver for PowerMax via Helm --- -The CSI Driver for Dell EMC PowerMax can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, see the script [documentation](https://github.com/dell/csi-powermax/tree/master/dell-csi-helm-installer). +CSI Driver for Dell EMC PowerMax can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, see the script [documentation](https://github.com/dell/csi-powermax/tree/master/dell-csi-helm-installer). The controller section of the Helm chart installs the following components in a _Deployment_ in the specified namespace: - CSI Driver for Dell EMC PowerMax @@ -21,8 +21,8 @@ The node section of the Helm chart installs the following component in a _Daemon ## Prerequisites -The following requirements must be met before installing the CSI Driver for Dell EMC PowerMax: -- Install Kubernetes or OpenShift (see [supported versions](../../../dell-csi-driver/)) +The following requirements must be met before installing CSI Driver for Dell EMC PowerMax: +- Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) - Install Helm 3 - Fibre Channel requirements - iSCSI requirements @@ -33,7 +33,7 @@ The following requirements must be met before installing the CSI Driver for Dell ### Install Helm 3 -Install Helm 3 on the master node before you install the CSI Driver for Dell EMC PowerMax. +Install Helm 3 on the master node before you install CSI Driver for Dell EMC PowerMax. **Steps** @@ -42,7 +42,7 @@ Install Helm 3 on the master node before you install the CSI Driver for Dell EMC ### Fibre Channel Requirements -CSI Driver for Dell EMC PowerMax supports Fibre Channel communication. Ensure that the following requirements are met before you install the CSI Driver: +CSI Driver for Dell EMC PowerMax supports Fibre Channel communication. Ensure that the following requirements are met before you install CSI Driver: - Zoning of the Host Bus Adapters (HBAs) to the Fibre Channel port director must be completed. - Ensure that the HBA WWNs (initiators) appear on the list of initiators that are logged into the array. - If the number of volumes that will be published to nodes is high, then configure the maximum number of LUNs for your HBAs on each node. See the appropriate HBA document to configure the maximum number of LUNs. @@ -58,7 +58,7 @@ Set up the iSCSI initiators as follows: - Ensure that the iSCSI initiators on the nodes are not a part of any existing Host (Initiator Group) on the Dell EMC PowerMax array. - The CSI Driver needs the port group names containing the required iSCSI director ports. These port groups must be set up on each Dell EMC PowerMax array. All the port group names supplied to the driver must exist on each Dell EMC PowerMax with the same name. -For more information about configuring iSCSI, you can refer [Dell EMC Host Connectivity guide](https://www.delltechnologies.com/asset/zh-tw/products/storage/technical-support/docu5128.pdf). +For more information about configuring iSCSI, see [Dell EMC Host Connectivity guide](https://www.delltechnologies.com/asset/zh-tw/products/storage/technical-support/docu5128.pdf). ### Certificate validation for Unisphere REST API calls @@ -77,7 +77,7 @@ If the Unisphere certificate is self-signed or if you are using an embedded Unis ### Ports in the port group -There are no restrictions around how many ports can be present in the iSCSI port groups provided to the driver. +There are no restrictions to how many ports can be present in the iSCSI port groups provided to the driver. The same applies to Fibre Channel where there are no restrictions on the number of FA directors a host HBA can be zoned to. See the best practices for host connectivity to Dell EMC PowerMax to ensure that you have multiple paths to your data volumes. @@ -92,6 +92,15 @@ Set up Linux multipathing as follows: - Enable multipathing using `mpathconf --enable --with_multipathd y` - Enable `user_friendly_names` and `find_multipaths` in the `multipath.conf` file. +As a best practice, use the following options to help the operating system and the mulitpathing software detect path changes efficiently: +```text +path_grouping_policy multibus +path_checker tur +features "1 queue_if_no_path" +path_selector "round-robin 0" +no_path_retry 10 +``` + ### (Optional) Volume Snapshot Requirements Applicable only if you decided to enable snapshot feature in `values.yaml` @@ -102,26 +111,35 @@ snapshot: ``` #### Volume Snapshot CRD's -The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. -- If on Kubernetes 1.19 (beta snapshots) use [v3.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/client/config/crd) -- If on Kubernetes 1.20/1.21 (v1 snapshots) use [v4.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/client/config/crd) +The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. For installation, use [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/client/config/crd) #### Volume Snapshot Controller -The CSI external-snapshotter sidecar is split into two controllers to support beta Volume snapshots in Kubernetes 1.17 or later: +The CSI external-snapshotter sidecar is split into two controllers to support Volume snapshots. - A common snapshot controller - A CSI external-snapshotter sidecar -The common snapshot controller must be installed only once in the cluster, irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available: -- If on Kubernetes 1.19 (beta snapshots) use [v3.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/deploy/kubernetes/snapshot-controller) -- If on Kubernetes 1.20 and 1.21 (v1 snapshots) use [v4.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/deploy/kubernetes/snapshot-controller) +The common snapshot controller must be installed only once in the cluster, irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available here: [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/deploy/kubernetes/snapshot-controller) *NOTE:* - The manifests available on GitHub install the snapshotter image: - - [quay.io/k8scsi/csi-snapshotter:v3.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v3.0.3&tab=tags) - - [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) + [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. +### (Optional) Replication feature Requirements + +Applicable only if you decided to enable the Replication feature in `values.yaml` + +```yaml +replication: + enabled: true +``` +#### Replication CRD's + +The CRDs for replication can be obtained and installed from the csm-replication project on Github. Use `csm-replication/deploy/replicationcrds.all.yaml` located in the csm-replication git repo for the installation. + +CRDs should be configured during replication prepare stage with repctl as described in [install-repctl](../../../../replication/deployment/install-repctl) + #### Installation example You can install CRDs and the default snapshot controller by running the following commands: @@ -134,8 +152,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller ``` *NOTE:* -- It is recommended to use 3.0.x version of snapshotter/snapshot-controller when using Kubernetes v1.19 -- When using Kubernetes 1.20/1.21 it is recommended to use 4.0.x version of snapshotter/snapshot-controller. +- It is recommended to use 4.2.x version of snapshotter/snapshot-controller. - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. @@ -143,34 +160,43 @@ kubectl create -f deploy/kubernetes/snapshot-controller **Steps** -1. Run `git clone https://github.com/dell/csi-powermax.git` to clone the git repository. This will include the Helm charts and dell-csi-helm-installer scripts. +1. Run `git clone -b v2.0.0 https://github.com/dell/csi-powermax.git` to clone the git repository. This will include the Helm charts and dell-csi-helm-installer scripts. 2. Ensure that you have created a namespace where you want to install the driver. You can run `kubectl create namespace powermax` to create a new one -3. Edit the `helm/secret.yaml file, point to the correct namespace, and replace the values for the username and password parameters. +3. Edit the `samples/secret/secret.yaml file, point to the correct namespace, and replace the values for the username and password parameters. These values can be obtained using base64 encoding as described in the following example: ```bash echo -n "myusername" | base64 echo -n "mypassword" | base64 ``` where *myusername* and *mypassword* are credentials for a user with PowerMax privileges. -4. Create the secret by running `kubectl create -f helm/secret.yaml`. +4. Create the secret by running `kubectl create -f samples/secret/secret.yaml`. 5. If you are going to install the new CSI PowerMax ReverseProxy service, create a TLS secret with the name - _csireverseproxy-tls-secret_ which holds an SSL certificate and the corresponding private key in the namespace where you are installing the driver. 6. Copy the default values.yaml file `cd helm && cp csi-powermax/values.yaml my-powermax-settings.yaml` 7. Edit the newly created file and provide values for the following parameters `vi my-powermax-settings.yaml` | Parameter | Description | Required | Default | |-----------|--------------|------------|----------| +| kubeletConfigDir | Specify kubelet config dir path | Yes | /var/lib/kubelet | +| imagePullPolicy | The default pull policy is IfNotPresent which causes the Kubelet to skip pulling an image if it already exists. | Yes | IfNotPresent | | clusterPrefix | Prefix that is used during the creation of various masking-related entities (Storage Groups, Masking Views, Hosts, and Volume Identifiers) on the array. The value that you specify here must be unique. Ensure that no other CSI PowerMax driver is managing the same arrays that are configured with the same prefix. The maximum length for this prefix is three characters. | Yes | "ABC" | -| controller | Allows configuration of the controller-specific parameters.| - | - | -| node | Allows configuration of the node-specific parameters.| - | - | -| tolerations | Add tolerations as per requirement | No | - | -| nodeSelector | Add node selectors as per requirement | No | - | | defaultFsType | Used to set the default FS type for external provisioner | Yes | ext4 | | portGroups | List of comma-separated port group names. Any port group that is specified here must be present on all the arrays that the driver manages. | For iSCSI Only | "PortGroup1, PortGroup2, PortGroup3" | | storageResourcePool | This parameter must mention one of the SRPs on the PowerMax array that the symmetrixID specifies. This value is used to create the default storage class. | Yes| "SRP_1" | | serviceLevel | This parameter must mention one of the Service Levels on the PowerMax array. This value is used to create the default storage class. | Yes| "Bronze" | | skipCertificateValidation | Skip client-side TLS verification of Unisphere certificates | No | "True" | -| transportProtocol | Set preferred transport protocol for the Kubernetes cluster which helps the driver choose between FC and iSCSI when a node has both FC and iSCSI connectivity to a PowerMax array.| No | Empty| +| transportProtocol | Set the preferred transport protocol for the Kubernetes cluster which helps the driver choose between FC and iSCSI when a node has both FC and iSCSI connectivity to a PowerMax array.| No | Empty| | nodeNameTemplate | Used to specify a template that will be used by the driver to create Host/IG names on the PowerMax array. To use the default naming convention, leave this value empty. | No | Empty| +| **controller** | Allows configuration of the controller-specific parameters.| - | - | +| controllerCount | Defines the number of csi-powerscale controller pods to deploy to the Kubernetes release| Yes | 2 | +| volumeNamePrefix | Defines a string prefix for the names of PersistentVolumes created | Yes | "k8s" | +| snapshot.enabled | Enable/Disable volume snapshot feature | Yes | true | +| snapshot.snapNamePrefix | Defines a string prefix for the names of the Snapshots created | Yes | "snapshot" | +| resizer.enabled | Enable/Disable volume expansion feature | Yes | true | +| nodeSelector | Define node selection constraints for pods of controller deployment | No | | +| tolerations | Define tolerations for the controller deployment, if required | No | | +| **node** | Allows configuration of the node-specific parameters.| - | - | +| tolerations | Add tolerations as per requirement | No | - | +| nodeSelector | Add node selectors as per requirement | No | - | | **global**| This section refers to configuration options for both CSI PowerMax Driver and Reverse Proxy | - | - | |defaultCredentialsSecret| This secret name refers to:
1. The Unisphere credentials if the driver is installed without proxy or with proxy in Linked mode.
2. The proxy credentials if the driver is installed with proxy in StandAlone mode.
3. The default Unisphere credentials if credentialsSecret is not specified for a management server.| Yes | powermax-creds | | storageArrays| This section refers to the list of arrays managed by the driver and Reverse Proxy in StandAlone mode.| - | - | @@ -189,7 +215,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller | maxOutStandingWrite| This refers to maximum queued WRITE request when reverse proxy receives more than _maxActiveWrite_ requests.| No | 50 | | **csireverseproxy**| This section refers to the configuration options for CSI PowerMax Reverse Proxy | - | - | | enabled | Boolean parameter which indicates if CSI PowerMax Reverse Proxy is going to be configured and installed.
**NOTE:** If not enabled, then there is no requirement to configure any of the following values. | No | "False" | -| image | This refers to the image of the CSI Powermax Reverse Proxy container. | Yes | dellemc/csipowermax-reverseproxy:v1.3.0 | +| image | This refers to the image of the CSI Powermax Reverse Proxy container. | Yes | dellemc/csipowermax-reverseproxy:v1.4.0 | | tlsSecret | This refers to the TLS secret of the Reverse Proxy Server.| Yes | csirevproxy-tls-secret | | deployAsSidecar | If set to _true_, the Reverse Proxy is installed as a sidecar to the driver's controller pod otherwise it is installed as a separate deployment.| Yes | "True" | | port | Specify the port number that is used by the NodePort service created by the CSI PowerMax Reverse Proxy installation| Yes | 2222 | @@ -204,23 +230,25 @@ kubectl create -f deploy/kubernetes/snapshot-controller ## Storage Classes -Starting CSI PowerMax v1.6, `dell-csi-helm-installer` will not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests has been provided in the `helm/samples/storageclass` folder. Please use these samples to create new storage classes to provision storage. -See this [note](../../../../v2/installation/helm/powermax/#storage-classes) for the driving reason behind this change. +Starting CSI PowerMax v1.6, `dell-csi-helm-installer` will not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests has been provided in the `samples/storageclass` folder. Please use these samples to create new storage classes to provision storage. ### What happens to my existing storage classes? -*Upgrading from CSI PowerMax v1.5 driver* -The storage classes created as part of the installation have an annotation - "helm.sh/resource-policy": keep set. This ensures that even after an uninstall or upgrade, the storage classes are not deleted. You can continue using these storage classes if you wish so. +Upgrading from an older version of the driver: The storage classes will be deleted if you upgrade the driver. To continue using those storage classes, you can patch them and apply the annotation “helm.sh/resource-policy”: keep before performing an upgrade. + +>Note: If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. -*Upgrading from an older version of the driver* -The storage classes will be deleted if you upgrade the driver. If you wish to continue using those storage classes, you can patch them and apply the annotation "helm.sh/resource-policy": keep before performing an upgrade. +## Volume Snapshot Class -*Note:* If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. +Starting with CSI PowerMax v1.7, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. There is a sample Volume Snapshot Class manifest present in the _samples/volumesnapshotclass_ folder. Please use this sample to create a new Volume Snapshot Class to create Volume Snapshots. +### What happens to my existing Volume Snapshot Classes? -## Volume Snapshot Class +*Upgrading from CSI PowerMax v1.7 driver*: +The existing volume snapshot class will be retained. -Starting CSI PowerMax v1.7, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. There is a sample Volume Snapshot Class manifest present in the _helm/samples/_ folder. Please use this sample to create a new Volume Snapshot Class to create Volume Snapshots. +*Upgrading from an older version of the driver*: +It is strongly recommended to upgrade the earlier versions of CSI PowerMax to 1.7 before upgrading to 2.0. ## Sample values file The following sections have useful snippets from `values.yaml` file which provides more information on how to configure the CSI PowerMax driver along with CSI PowerMax ReverseProxy in various modes @@ -242,8 +270,8 @@ global: >Note: If you provide multiple endpoints in the list of management servers, the installer will only use the first server in the list ### CSI PowerMax driver with Proxy in Linked mode -In this mode, the CSI PowerMax ReverseProxy just acts as a `passthrough` for the RESTAPI calls and only provides limited functionality -like rate limiting, backup Unisphere server. The CSI PowerMax driver is still responsible for the authentication with the Unisphere server. +In this mode, the CSI PowerMax ReverseProxy acts as a `passthrough` for the RESTAPI calls and only provides limited functionality +such as rate limiting, backup Unisphere server. The CSI PowerMax driver is still responsible for the authentication with the Unisphere server. The first endpoint in the list of management servers is the primary Unisphere server and if you provide a second endpoint, then it will be considered as the backup Unisphere's endpoint. @@ -269,7 +297,7 @@ global: csireverseproxy: # Set enabled to true if you want to use proxy enabled: true - image: dellemc/csipowermax-reverseproxy:v1.3.0 + image: dellemc/csipowermax-reverseproxy:v1.4.0 tlsSecret: csirevproxy-tls-secret deployAsSidecar: true port: 2222 @@ -280,8 +308,8 @@ csireverseproxy: > primary and backup Unisphere need to be the same. ### CSI PowerMax driver with Proxy in StandAlone mode -This is the most advanced configuration which provides you the capability to connect to Multiple Unisphere servers. -You can specify primary & backup Unisphere servers for each storage array. In case you have different credentials for your Unisphere servers, you can also specify different credential secrets. +This is the most advanced configuration which provides you with the capability to connect to Multiple Unisphere servers. +You can specify primary and backup Unisphere servers for each storage array. If you have different credentials for your Unisphere servers, you can also specify different credential secrets. ```yaml global: @@ -317,7 +345,7 @@ global: csireverseproxy: # Set enabled to true if you want to use proxy enabled: true - image: dellemc/csipowermax-reverseproxy:v1.3.0 + image: dellemc/csipowermax-reverseproxy:v1.4.0 tlsSecret: csirevproxy-tls-secret deployAsSidecar: true port: 2222 diff --git a/content/v2/installation/helm/powerstore.md b/content/v2/csidriver/installation/helm/powerstore.md similarity index 64% rename from content/v2/installation/helm/powerstore.md rename to content/v2/csidriver/installation/helm/powerstore.md index 0feb61fcca..f7a8765508 100644 --- a/content/v2/installation/helm/powerstore.md +++ b/content/v2/csidriver/installation/helm/powerstore.md @@ -1,7 +1,7 @@ --- title: PowerStore description: > - Installing PowerStore CSI Driver via Helm + Installing CSI Driver for PowerStore via Helm --- The CSI Driver for Dell EMC PowerStore can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerstore/tree/master/dell-csi-helm-installer). @@ -20,7 +20,7 @@ The node section of the Helm chart installs the following component in a _Daemon ## Prerequisites The following are requirements to be met before installing the CSI Driver for Dell EMC PowerStore: -- Install Kubernetes or OpenShift (see [supported versions](../../../dell-csi-driver/#features-and-capabilities)) +- Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) - Install Helm 3 - If you plan to use either the Fibre Channel or iSCSI protocol, refer to either _Fibre Channel requirements_ or _Set up the iSCSI Initiator_ sections below. You can use NFS volumes without FC or iSCSI configuration. > You can use either the Fibre Channel or iSCSI protocol, but you do not need both. @@ -49,7 +49,7 @@ following requirement is met before you install the CSI Driver for Dell EMC Powe ### Set up the iSCSI Initiator -The CSI Driver for Dell EMC PowerStore v1.4 supports iSCSI connectivity. +The CSI Driver for Dell EMC PowerStore v1.4 and higher supports iSCSI connectivity. If you use the iSCSI protocol, set up the iSCSI initiators as follows: - Ensure that the iSCSI initiators are available on both Controller and Worker nodes. @@ -74,7 +74,7 @@ Set up Linux multipathing as follows: ### (Optional) Volume Snapshot Requirements -Applicable only if you decided to enable snapshot feature in `values.yaml` +Applicable only if you decided to enable the snapshot feature in `values.yaml` ```yaml snapshot: @@ -82,22 +82,18 @@ snapshot: ``` #### Volume Snapshot CRD's -The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. -- If on Kubernetes 1.19 (beta snapshots) use [v3.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/client/config/crd) -- If on Kubernetes 1.20/1.21 (v1 snapshots) use [v4.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/client/config/crd) +The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. Use [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/client/config/crd) for the installation. #### Volume Snapshot Controller -The beta Volume Snapshots in Kubernetes version 1.17 and later, the CSI external-snapshotter sidecar is split into two controllers: +The CSI external-snapshotter sidecar is split into two controllers: - A common snapshot controller - A CSI external-snapshotter sidecar The common snapshot controller must be installed only once in the cluster irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available: -- If on Kubernetes 1.19 (beta snapshots) use [v3.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/deploy/kubernetes/snapshot-controller) -- If on Kubernetes 1.20 and 1.21 (v1 snapshots) use [v4.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/deploy/kubernetes/snapshot-controller) +Use [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/deploy/kubernetes/snapshot-controller) for the installation. *NOTE:* - The manifests available on GitHub install the snapshotter image: - - [quay.io/k8scsi/csi-snapshotter:v3.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v3.0.3&tab=tags) - [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. @@ -113,19 +109,31 @@ kubectl create -f deploy/kubernetes/snapshot-controller ``` *NOTE:* -- It is recommended to use 3.0.x version of snapshotter/snapshot-controller when using Kubernetes 1.19 -- When using Kubernetes 1.20/1.21 it is recommended to use 4.0.x version of snapshotter/snapshot-controller. -- The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. +- It is recommended to use 4.2.x version of snapshotter/snapshot-controller. +- The CSI external-snapshotter sidecar is installed along with the driver and does not involve any extra configuration. + +### (Optional) Replication feature Requirements + +Applicable only if you decided to enable the Replication feature in `values.yaml` + +```yaml +replication: + enabled: true +``` +#### Replication CRD's + +The CRDs for replication can be obtained and installed from the csm-replication project on Github. Use `csm-replication/deploy/replicationcrds.all.yaml` located in csm-replication git repo for the installation. + +CRDs should be configured during replication prepare stage with repctl as described in [install-repctl](../../../../replication/deployment/install-repctl) ## Install the Driver **Steps** -1. Run `git clone https://github.com/dell/csi-powerstore.git` to clone the git repository. +1. Run `git clone -b v2.0.0 https://github.com/dell/csi-powerstore.git` to clone the git repository. 2. Ensure that you have created namespace where you want to install the driver. You can run `kubectl create namespace csi-powerstore` to create a new one. "csi-powerstore" is just an example. You can choose any name for the namespace. But make sure to align to the same namespace during the whole installation. 3. Check `helm/csi-powerstore/driver-image.yaml` and confirm the driver image points to new image. -4. Edit `helm/secret.yaml`, correct namespace field to point to your desired namespace. -5. Edit `helm/config.yaml` file and configure connection information for your PowerStore arrays changing following parameters: +4. Edit `samples/secret/secret.yaml` file and configure connection information for your PowerStore arrays changing following parameters: - *endpoint*: defines the full URL path to the PowerStore API. - *globalID*: specifies what storage cluster the driver should use - *username*, *password*: defines credentials for connecting to array. @@ -135,22 +143,29 @@ kubectl create -f deploy/kubernetes/snapshot-controller - *nasName*: defines what NAS should be used for NFS volumes. Add more blocks similar to above for each PowerStore array if necessary. -6. Create storage classes using ones from `helm/samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f ` +5. Create storage classes using ones from `samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f ` > If you do not specify `arrayID` parameter in the storage class then the array that was specified as the default would be used for provisioning volumes. -7. Create the secret by running ```sed "s/CONFIG_YAML/`cat helm/config.yaml | base64 -w0`/g" helm/secret.yaml | kubectl apply -f -``` -8. Copy the default values.yaml file `cd dell-csi-helm-installer && cp ../helm/csi-powerstore/values.yaml ./my-powerstore-settings.yaml` -9. Edit the newly created values file and provide values for the following parameters `vi my-powerstore-settings.yaml`: +6. Create the secret by running ```kubectl create secret generic powerstore-config -n csi-powerstore --from-file=config=secret.yaml``` +7. Copy the default values.yaml file `cd dell-csi-helm-installer && cp ../helm/csi-powerstore/values.yaml ./my-powerstore-settings.yaml` +8. Edit the newly created values file and provide values for the following parameters `vi my-powerstore-settings.yaml`: | Parameter | Description | Required | Default | |-----------|-------------|----------|---------| -| volumeNamePrefix | Defines the string added to each volume that the CSI driver creates | No | "csi" | -| nodeNamePrefix | Defines the string added to each node that the CSI driver registers | No | "csi-node" | -| nodeIDPath | Defines a path to file with a unique identifier identifying the node in the Kubernetes cluster| No | "/etc/machine-id" | +| logLevel | Defines CSI driver log level | No | "debug" | +| logFormat | Defines CSI driver log format | No | "JSON" | | externalAccess | Defines additional entries for hostAccess of NFS volumes, single IP address and subnet are valid entries | No | " " | +| kubeletConfigDir | Defines kubelet config path for cluster | Yes | "/var/lib/kubelet" | +| imagePullPolicy | Policy to determine if the image should be pulled prior to starting the container. | Yes | "IfNotPresent" | | connection.enableCHAP | Defines whether the driver should use CHAP for iSCSI connections or not | No | False | +| controller.controllerCount | Defines number of replicas of controller deployment | Yes | 2 | +| controller.volumeNamePrefix | Defines the string added to each volume that the CSI driver creates | No | "csivol" | +| controller.snapshot.enabled | Allows to enable/disable snapshotter sidecar with driver installation for snapshot feature | No | "true" | +| controller.snapshot.snapNamePrefix | Defines prefix to apply to the names of a created snapshots | No | "csisnap" | +| controller.resizer.enabled | Allows to enable/disable resizer sidecar with driver installation for volume expansion feature | No | "true" | | controller.nodeSelector | Defines what nodes would be selected for pods of controller deployment | Yes | " " | | controller.tolerations | Defines tolerations that would be applied to controller deployment | Yes | " " | -| controller.replicas | Defines number of replicas of controller deployment | Yes | 2 | +| node.nodeNamePrefix | Defines the string added to each node that the CSI driver registers | No | "csi-node" | +| node.nodeIDPath | Defines a path to file with a unique identifier identifying the node in the Kubernetes cluster| No | "/etc/machine-id" | | node.nodeSelector | Defines what nodes would be selected for pods of node daemonset | Yes | " " | | node.tolerations | Defines tolerations that would be applied to node daemonset | Yes | " " | @@ -159,7 +174,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller *NOTE:* - For detailed instructions on how to run the install scripts, refer to the readme document in the dell-csi-helm-installer folder. -- By default, the driver scans available SCSI adapters and tries to register them with the storage array under the SCSI hostname using `nodeNamePrefix` and the ID read from the file pointed to by `nodeIDPath`. If an adapter is already registered with the storage under a different hostname, the adapter is not used by the driver. +- By default, the driver scans available SCSI adapters and tries to register them with the storage array under the SCSI hostname using `node.nodeNamePrefix` and the ID read from the file pointed to by `node.nodeIDPath`. If an adapter is already registered with the storage under a different hostname, the adapter is not used by the driver. - A hostname the driver uses for registration of adapters is in the form `--`. By default, these are csi-node and the machine ID read from the file `/etc/machine-id`. - To customize the hostname, for example if you want to make them more user friendly, adjust nodeIDPath and nodeNamePrefix accordingly. For example, you can set `nodeNamePrefix` to `k8s` and `nodeIDPath` to `/etc/hostname` to produce names such as `k8s-worker1-192.168.1.2`. - (Optional) Enable additional Mount Options - A user is able to specify additional mount options as needed for the driver. @@ -168,24 +183,20 @@ kubectl create -f deploy/kubernetes/snapshot-controller ## Storage Classes -The CSI driver for Dell EMC PowerStore version 1.3 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `helm/samples` folder. Use these samples to create new storage classes to provision storage. See this [note](../../../../v2/installation/helm/powerstore/#storage-classes) for the driving reason behind this change. +The CSI driver for Dell EMC PowerStore version 1.3 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `samples/storageclass` folder. Use these samples to create new storage classes to provision storage. ### What happens to my existing storage classes? -*Upgrading from CSI PowerStore v1.2 driver:* -The storage classes created as part of the installation have an annotation - "helm.sh/resource-policy": keep set. This ensures that even after an uninstall or upgrade, the storage classes are not deleted. You can continue using these storage classes if you wish so. +Upgrading from an older version of the driver: The storage classes will be deleted if you upgrade the driver. If you wish to continue using those storage classes, you can patch them and apply the annotation “helm.sh/resource-policy”: keep before performing an upgrade. -*Upgrading from an older version of the driver:* -The storage classes will be deleted if you upgrade the driver. If you wish to continue using those storage classes, you can patch them and apply the annotation "helm.sh/resource-policy": keep before performing an upgrade. - -*NOTE:* If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. +>Note: If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. **Steps to create storage class:** -There are samples storage class yaml files available under `helm/samples/storageclass`. These can be copied and modified as needed. +There are samples storage class yaml files available under `samples/storageclass`. These can be copied and modified as needed. 1. Edit the sample storage class yaml file and update following parameters: -- *arrayID*: specifies what storage cluster the driver should use, if not specified driver will use storage cluster specified as `default` in `helm/config.yaml` +- *arrayID*: specifies what storage cluster the driver should use, if not specified driver will use storage cluster specified as `default` in `samples/secret/secret.yaml` - *FsType*: specifies what filesystem type driver should use, possible variants `ext4`, `xfs`, `nfs`, if not specified driver will use `ext4` by default. - *allowedTopologies* (Optional): If you want you can also add topology constraints. ```yaml @@ -207,4 +218,35 @@ kubectl create -f ## Volume Snapshot Class -Starting CSI PowerStore v1.4, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. There is a sample Volume Snapshot Class manifest present in the _helm/samples/_ folder. Please use this sample to create a new Volume Snapshot Class to create Volume Snapshots. +Starting CSI PowerStore v1.4, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. There is a sample Volume Snapshot Class manifest present in the _samples/volumesnapshotclass_ folder. Please use this sample to create a new Volume Snapshot Class to create Volume Snapshots. + +### What happens to my existing Volume Snapshot Classes? + +*Upgrading from CSI PowerStore v1.4 driver*: +The existing volume snapshot class will be retained. + +*Upgrading from an older version of the driver*: +It is strongly recommended to upgrade the earlier versions of CSI PowerStore to 1.4 before upgrading to 2.0. + +## Dynamically update the powerstore secrets + +Users can dynamically add delete array information from secret. Whenever an update happens the driver updates the “Host” information in an array. User can update secret using the following command: +```bash +kubectl create secret generic powerstore-config -n csi-powerstore --from-file=config=secret.yaml -o yaml --dry-run=client | kubectl replace -f - +``` +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for PowerStore version 2.0.0. + +### Helm based installation +As part of driver installation, a ConfigMap with the name `powerstore-config-params` is created, which contains attributes `CSI_LOG_LEVEL` which specifies the current log level of CSI driver and `CSI_LOG_FORMAT` which specifies the current log format of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` and log format to `logFormat` attribute in `my-powerstore-settings.yaml` during driver installation. + +To change the log level or log format dynamically to a different value user can edit the same values.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace csi-powerstore --values ./my-powerstore-settings.yaml --upgrade +``` + +Note: here `my-powerstore-settings.yaml` is a `values.yaml` file which user has used for driver installation. \ No newline at end of file diff --git a/content/v2/installation/helm/unity.md b/content/v2/csidriver/installation/helm/unity.md similarity index 65% rename from content/v2/installation/helm/unity.md rename to content/v2/csidriver/installation/helm/unity.md index b5aad48b14..43683da46b 100644 --- a/content/v2/installation/helm/unity.md +++ b/content/v2/csidriver/installation/helm/unity.md @@ -1,7 +1,7 @@ --- title: Unity description: > - Installing Unity CSI Driver via Helm + Installing CSI Driver for Unity via Helm --- The CSI Driver for Dell EMC Unity can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-unity/tree/master/dell-csi-helm-installer). @@ -25,7 +25,7 @@ Before you install CSI Driver for Unity, verify the requirements that are mentio ### Requirements -* Install Kubernetes or OpenShift (see [supported versions](../../../dell-csi-driver/#features-and-capabilities)) +* Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) * Install Helm v3 * To use FC protocol, the host must be zoned with Unity array and Multipath needs to be configured * To use iSCSI protocol, iSCSI initiator utils packages needs to be installed and Multipath needs to be configured @@ -38,7 +38,7 @@ Install CSI Driver for Unity using this procedure. *Before you begin* - * You must have the downloaded files, including the Helm chart from the source [git repository](https://github.com/dell/csi-unity) with the command ```git clone https://github.com/dell/csi-unity.git```, ready for this procedure. + * You must have the downloaded files, including the Helm chart from the source [git repository](https://github.com/dell/csi-unity) with the command ```git clone -b v2.0.0 https://github.com/dell/csi-unity.git```, ready for this procedure. * In the top-level dell-csi-helm-installer directory, there should be two scripts, `csi-install.sh` and `csi-uninstall.sh`. * Ensure _unity_ namespace exists in Kubernetes cluster. Use the `kubectl create namespace unity` command to create the namespace if the namespace is not present. @@ -46,7 +46,7 @@ Install CSI Driver for Unity using this procedure. Procedure -1. Collect information from the Unity Systems like Unique ArrayId, IP address, username, and password. Make a note of the value for these parameters as they must be entered in the `secret.json` or `secret.yaml` and `myvalues.yaml` file. +1. Collect information from the Unity Systems like Unique ArrayId, IP address, username, and password. Make a note of the value for these parameters as they must be entered in the `secret.yaml` and `myvalues.yaml` file. **Note**: * ArrayId corresponds to the serial number of Unity array. @@ -60,14 +60,29 @@ Procedure | Parameter | Description | Required | Default | | --------- | ----------- | -------- |-------- | - | certSecretCount | Represents the number of certificate secrets, which the user is going to create for SSL authentication. (unity-cert-0..unity-cert-n). The minimum value should be 1. | false | 1 | - | controllerCount | Controller replication count to maintain high availability. | yes | 2 | - | volumeNamePrefix | String to prepend to any volumes created by the driver. | false | csivol | - | snapNamePrefix | String to prepend to any snapshot created by the driver. | false | csi-snap | - | imagePullPolicy | The default pull policy is IfNotPresent which causes the Kubelet to skip pulling an image if it already exists. | false | IfNotPresent | + | version | helm version | true | - | + | logLevel | LogLevel is used to set the logging level of the driver | true | info | | allowRWOMultiPodAccess | Flag to enable multiple pods to use the same PVC on the same node with RWO access mode. | false | false | - | syncNodeInfoInterval | Time interval to add node info to the array. Default 15 minutes. The minimum value should be 1 minute. | false | 15 | - + | kubeletConfigDir | Specify kubelet config dir path | Yes | /var/lib/kubelet | + | syncNodeInfoInterval | Time interval to add node info to the array. Default 15 minutes. The minimum value should be 1 minute. | false | 15 | + | maxUnityVolumesPerNode | Maximum number of volumes that controller can publish to the node. | false | 0 | + | certSecretCount | Represents the number of certificate secrets, which the user is going to create for SSL authentication. (unity-cert-0..unity-cert-n). The minimum value should be 1. | false | 1 | + | imagePullPolicy | The default pull policy is IfNotPresent which causes the Kubelet to skip pulling an image if it already exists. | Yes | IfNotPresent | + | podmon.enabled | service to monitor failing jobs and notify | false | - | + | podmon.image| pod man image name | false | - | + | **controller** | Allows configuration of the controller-specific parameters.| - | - | + | controllerCount | Defines the number of csi-powerscale controller pods to deploy to the Kubernetes release| Yes | 2 | + | volumeNamePrefix | Defines a string prefix for the names of PersistentVolumes created | Yes | "k8s" | + | snapshot.enabled | Enable/Disable volume snapshot feature | Yes | true | + | snapshot.snapNamePrefix | Defines a string prefix for the names of the Snapshots created | Yes | "snapshot" | + | resizer.enabled | Enable/Disable volume expansion feature | Yes | true | + | nodeSelector | Define node selection constraints for pods of controller deployment | No | | + | tolerations | Define tolerations for the controller deployment, if required | No | | + | ***node*** | Allows configuration of the node-specific parameters.| - | - | + | tolerations | Define tolerations for the node daemonset, if required | No | | + | dnsPolicy | Define the DNS Policy of the Node service | Yes | ClusterFirstWithHostNet | + + **Note**: @@ -80,26 +95,29 @@ Procedure * Host IO Limit must have a minimum bandwidth of 1 MBPS to discover the volumes on node successfully. * User must not change the value of allowRWOMultiPodAccess to true unless intended to use the feature and is aware of the consequences. Enabling multiple pods to access the same PVC with RWO access mode on the same node might cause data to be overwritten and therefore leading to data loss in some cases. - - * Parameters allowRWOMultiPodAccess and syncNodeInfoInterval have been deprecated from `myvalues.yaml` and are removed from `myvalues.yaml` in a future releases. They can be configured in `secret.json` or `secret.yaml` as they facilitate the user to dynamically change these values without the need for driver re-installation. - - Example *myvalues.yaml* - + Example *myvalues.yaml* ```yaml - csiDebug: "true" - volumeNamePrefix : csivol - snapNamePrefix: csi-snap + logLevel: "info" imagePullPolicy: Always certSecretCount: 1 - controllerCount: 2 + kubeletConfigDir: /var/lib/kubelet + controller: + controllerCount: 2 + volumeNamePrefix : csivol + snapshot: + enabled: true + snapNamePrefix: csi-snap + resizer: + enabled: false allowRWOMultiPodAccess: false syncNodeInfoInterval: 5 + maxUnityVolumesPerNode: 0 ``` 4. For certificate validation of Unisphere REST API calls refer [here](#certificate-validation-for-unisphere-rest-api-calls). Otherwise, create an empty secret with file `helm/emptysecret.yaml` file by running the `kubectl create -f helm/emptysecret.yaml` command. -5. Prepare the `secret.json` or `secret.yaml` for driver configuration. +5. Prepare the `secret.yaml` for driver configuration. The following table lists driver configuration parameters for multiple storage arrays. | Parameter | Description | Required | Default | @@ -110,58 +128,41 @@ Procedure | storageArrayList.arrayId | ArrayID for Unity system | true | - | | storageArrayList.skipCertificateValidation | "skipCertificateValidation " determines if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate. | true | true | | storageArrayList.isDefault | An array having isDefault=true or isDefaultArray=true will be considered as the default array when arrayId is not specified in the storage class. This parameter should occur only once in the list. | false | false | - | logLevel | This parameter is used to set the logging level in the driver. Log level can be Info/Debug/Warn/Error. | false | Info | - | allowRWOMultiPodAccess | Flag to enable multiple pods to use the same PVC on the same node with RWO access mode. | false | false | - | syncNodeInfoInterval | Time interval to add node info to array. Default 15 minutes. Minimum value should be 1 minute. | false | 15 | - | maxUnityVolumesPerNode | The maximum number of volumes that can be provisioned to a single node beyond which the driver would return an error on a provisioning request. Default value 0 stands for unlimited volumes. | false | 0 | - - Example: secret.json - ```json - { - "storageArrayList": [ - { - "username": "user", - "password": "password", - "endpoint": "https://10.1.1.1", - "arrayId": "APM00******1", - "skipCertificateValidation": true, - "isDefaultArray": true - }, - { - "username": "user", - "password": "password", - "endpoint": "https://10.1.1.2", - "arrayId": "APM00******2", - "skipCertificateValidation": true - } - ], - "logLevel": "Info", - "allowRWOMultiPodAccess": false, - "syncNodeInfoTimeInterval": 15, - "maxUnityVolumesPerNode": 0 - } + + + Example: secret.yaml + ```yaml + storageArrayList: + - arrayId: "APM00******1" + username: "user" + password: "password" + endpoint: "https://10.1.1.1/" + skipCertificateValidation: true + isDefault: true + + - arrayId: "APM00******2" + username: "user" + password: "password" + endpoint: "https://10.1.1.2/" + skipCertificateValidation: true ``` - - Use the following command to create a new secret unity-creds from `secret.json` file. + + Use the following command to create a new secret unity-creds from `secret.yaml` file. - `kubectl create secret generic unity-creds -n unity --from-file=config=secret.json` + `kubectl create secret generic unity-creds -n unity --from-file=config=secret.yaml` Use the following command to replace or update the secret: - `kubectl create secret generic unity-creds -n unity --from-file=config=secret.json -o yaml --dry-run | kubectl replace -f -` + `kubectl create secret generic unity-creds -n unity --from-file=config=secret.yaml -o yaml --dry-run | kubectl replace -f -` - **Note**: The user needs to validate the JSON syntax and array-related key/values while replacing the unity-creds secret. - The driver will continue to use previous values in case of an error found in the JSON file. + **Note**: The user needs to validate the yaml syntax and array-related key/values while replacing the unity-creds secret. + The driver will continue to use previous values in case of an error found in the yaml file. - Alternatively, users can configure and use `secret.yaml` for driver configuration. The parameters remain the same as in the above table and below is a sample of `secret.yaml`. Samples of both `secret.json` and `secret.yaml` are available in the directory `csi-unity/helm/samples`. + Alternatively, users can configure and use `secret.yaml` for driver configuration. The parameters remain the same as in the above table and below is a sample of `secret.yaml`. Samples of `secret.yaml` is available in the directory `csi-unity/samples/secret/ `. Example: secret.yaml ```yaml - logLevel: "Info" - syncNodeInfoInterval: 15 - allowRWOMultiPodAccess: "false" - maxUnityVolumesPerNode: 0 storageArrayList: - arrayId: "APM00******1" username: "user" @@ -175,59 +176,35 @@ Procedure password: "password" endpoint: "https://10.1.1.2/" skipCertificateValidation: true - - ``` - - Use the following command to create a new secret unity-creds from secret.yaml file. - - ```kubectl create secret generic unity-creds -n unity --from-file=config=secret.yaml``` - - Use the following command to replace or update the secret: - - ```kubectl create secret generic unity-creds -n unity --from-file=config=secret.yaml --dry-run | kubectl replace -f -``` - + ``` **Note:** - - * "restGateway" parameter has been changed to "endpoint" as restgateway is deprecated and will be removed from use in secret.json or secret.yaml in a future release. Users can continue to use any one of "restGateway" or "endpoint" for now. The driver would return an error if both parameters are used. - - * "insecure" parameter has been changed to "skipCertificateValidation" as insecure is deprecated and will be removed from use in secret.json or secret.yaml in a future release. Users can continue to use any one of "insecure" or "skipCertificateValidation" for now. The driver would return an error if both parameters are used. - - * "isDefaultArray" parameter has been changed to "isDefault" as isDefaultArray is deprecated and will be removed from use in secret.json or secret.yaml in a future release. Users can continue to use any one of "isDefaultArray" or "isDefault" for now. The driver would return error if both parameters are used. - - * Parameters "allowRWOMultiPodAccess" and "syncNodeInfoTimeInterval" have been enabled for configuration in secret.json or secret.yaml and this helps users to dynamically change these values without the need for driver re-installation. If these parameters are specified in `myvalues.yaml` as well as here then the values from secret.json / secret.yaml takes precedence and they will reflect in the driver after unity-creds secret is updated. + * Parameters "allowRWOMultiPodAccess" and "syncNodeInfoTimeInterval" have been enabled for configuration in values.yaml and this helps users to dynamically change these values without the need for driver re-installation. 6. Setup for snapshots. - The Kubernetes Volume Snapshot feature is beta in Kubernetes 1.19 and moved to GA in >=v1.20. - - * The following section summarizes the changes in the **[GA]()** Applicable only if you decided to enable snapshot feature in `values.yaml` ```yaml - snapshot: - enabled: true + controller: + snapshot: + enabled: true ``` In order to use the Kubernetes Volume Snapshot feature, you must ensure the following components have been deployed on your Kubernetes cluster #### Volume Snapshot CRD's - The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. - - If on Kubernetes 1.19 (beta snapshots) use [v3.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/client/config/crd) - - If on Kubernetes 1.20/1.21 (v1 snapshots) use [v4.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/client/config/crd) + The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. Use [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/client/config/crd) for the installation. #### Volume Snapshot Controller - The beta Volume Snapshots in Kubernetes version 1.17 and later, the CSI external-snapshotter sidecar is split into two controllers: + The CSI external-snapshotter sidecar is split into two controllers: - A common snapshot controller - A CSI external-snapshotter sidecar - The common snapshot controller must be installed only once in the cluster irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available: - - If on Kubernetes 1.19 (beta snapshots) use [v3.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/deploy/kubernetes/snapshot-controller) - - If on Kubernetes 1.20 and 1.21 (v1 snapshots) use [v4.0.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/deploy/kubernetes/snapshot-controller) + Use [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/deploy/kubernetes/snapshot-controller) for the installation. **Note**: - The manifests available on GitHub install the snapshotter image: - - [quay.io/k8scsi/csi-snapshotter:v3.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v3.0.3&tab=tags) - [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. @@ -243,8 +220,7 @@ Procedure ``` **Note**: - - It is recommended to use 3.0.x version of snapshotter/snapshot-controller when using Kubernetes 1.19 - - When using Kubernetes 1.20/1.21 it is recommended to use 4.0.x version of snapshotter/snapshot-controller. + - It is recommended to use 4.2.x version of snapshotter/snapshot-controller. - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. @@ -296,6 +272,8 @@ Procedure |--> Verifying that the snapshot controller is available Success | |- Verifying helm version Success + | + |- Verifying helm values version Success ------------------------------------------------------ > Verification Complete - Success @@ -315,14 +293,8 @@ Procedure At the end of the script unity-controller Deployment and DaemonSet unity-node will be ready, execute command `kubectl get pods -n unity` to get the status of the pods and you will see the following: * One or more Unity Controller (based on controllerCount) with 5/5 containers ready, and status displayed as Running. - * Agent pods with 2/2 containers and the status displayed as Running. + * Agent pods with 2/2 containers and the status displayed as Running. - The script also creates one or more volumesnapshotclasses based on the number of arrays . "unity-snapclass" will be the volumesnapshotclass for the default array. The output will be similar to the following: - - `[root@host ~]# kubectl get volumesnapshotclass - NAME AGE - unity-apm***********-snapclass 12m - unity-snapclass 12m` ## Certificate validation for Unisphere REST API calls @@ -336,16 +308,8 @@ This secret contains the X509 certificates of the CA which signed the Unisphere If the install script does not find the secret, it creates one empty secret with the name unity-certs-0. -The CSI driver exposes an install parameter in secret.json, which is like storageArrayList[i].insecure, which determines if the driver performs client-side verification of the Unisphere certificates. - -The storageArrayList[i].insecure parameter set to true by default, and the driver does not verify the Unisphere certificates. - -If the storageArrayList[i].insecure set to false, then the secret unity-certs-n must contain the CA certificate for Unisphere. - If this secret is an empty secret, then the validation of the certificate fails, and the driver fails to start. -If the storageArrayList[i].insecure parameter set to false and a previous installation attempt created the empty secret, then this secret must be deleted and re-created using the CA certs. - If the Unisphere certificate is self-signed or if you are using an embedded Unisphere, then perform the following steps. 1. To fetch the certificate, run the following command. @@ -366,22 +330,31 @@ If the Unisphere certificate is self-signed or if you are using an embedded Unis * Whenever certSecretCount parameter changes in `myvalues.yaml` user needs to uninstall and install the driver. +## Volume Snapshot Class + +For CSI Driver for Unity version 1.6 and later, `dell-csi-helm-installer` does not create any Volume Snapshot classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `csi-unity/samples/volumesnapshotclass/` folder. Use these samples to create new Volume Snapshot to provision storage. + +### What happens to my existing Volume Snapshot Classes? + +*Upgrading from CSI Unity v1.6 driver*: +The existing volume snapshot class will be retained. + +*Upgrading from an older version of the driver*: +It is strongly recommended to upgrade the earlier versions of CSI Unity to 1.6 before upgrading to 2.0. ## Storage Classes Storage Classes are an essential Kubernetes construct for Storage provisioning. To know more about Storage Classes, refer to https://kubernetes.io/docs/concepts/storage/storage-classes/ -A wide set of annotated storage class manifests have been provided in the [helm/samples/storageclass folder](https://github.com/dell/csi-unity/tree/master/helm/samples/storageclass). Use these samples to create new storage classes to provision storage. +A wide set of annotated storage class manifests have been provided in the [samples/storageclass](https://github.com/dell/csi-unity/tree/master/samples/storageclass) folder. Use these samples to create new storage classes to provision storage. -For CSI Driver for Unity version 1.6 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `csi-unity/helm/samples/storageclass` folder. Use these samples to create new storage classes to provision storage. +For CSI Driver for Unity version 2.0, a wide set of annotated storage class manifests have been provided in the `csi-unity/samples/storageclass` folder. Use these samples to create new storage classes to provision storage. ### What happens to my existing storage classes? -*Upgrading from CSI Unity v1.5 driver* -The storage classes created as part of the installation have an annotation - "helm.sh/resource-policy": keep set. This ensures that even after an uninstall or upgrade, the storage classes are not deleted. You can continue using these storage classes if you wish so. +Upgrading from an older version of the driver: The storage classes will be deleted if you upgrade the driver. If you wish to continue using those storage classes, you can patch them and apply the annotation “helm.sh/resource-policy”: keep before performing an upgrade. -*Upgrading from an older version of the driver* -It is strongly recommended to upgrade the earlier versions of CSI Unity to 1.5 before upgrading to 1.6. +>Note: If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. **Steps to create storage class:** There are samples storage class yaml files available under `helm/samples/storageclass`. These can be copied and modified as needed. @@ -414,6 +387,23 @@ Deleting a storage class has no impact on a running Pod with mounted PVCs. You c Users can dynamically add delete array information from secret. Whenever an update happens the driver updates the "Host" information in an array. User can update secret using the following command: ``` - kubectl create secret generic unity-creds -n unity --from-file=config=secret.json -o yaml --dry-run=client | kubectl replace -f - + kubectl create secret generic unity-creds -n unity --from-file=config=secret.yaml -o yaml --dry-run=client | kubectl replace -f - ``` **Note**: Updating unity-certs-x secrets is a manual process, unlike unity-creds. Users have to re-install the driver in case of updating/adding the SSL certificates or changing the certSecretCount parameter. + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for unity version 2.0.0. + +### Helm based installation +As part of driver installation, a ConfigMap with the name `unity-config-params` is created, which contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` attribute in values.yaml during driver installation. + +To change the log level dynamically to a different value user can edit the same values.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace unity --values ./myvalues.yaml --upgrade +``` + +Note: myvalues.yaml is a values.yaml file which user has used for driver installation. \ No newline at end of file diff --git a/content/v2/installation/offline/_index.md b/content/v2/csidriver/installation/offline/_index.md similarity index 100% rename from content/v2/installation/offline/_index.md rename to content/v2/csidriver/installation/offline/_index.md diff --git a/content/v2/installation/operator/_index.md b/content/v2/csidriver/installation/operator/_index.md similarity index 83% rename from content/v2/installation/operator/_index.md rename to content/v2/csidriver/installation/operator/_index.md index 495e5728be..713918babd 100644 --- a/content/v2/installation/operator/_index.md +++ b/content/v2/csidriver/installation/operator/_index.md @@ -3,7 +3,7 @@ title: "Dell CSI Operator Installation Process" linkTitle: "Using Operator" weight: 4 description: > - Installation of Dell EMC CSI drivers using Dell CSI Operator + Installation of CSI drivers using Dell CSI Operator --- The Dell CSI Operator is a Kubernetes Operator, which can be used to install and manage the CSI Drivers provided by Dell EMC for various storage platforms. This operator is available as a community operator for upstream Kubernetes and can be deployed using OperatorHub.io. It is also available as a certified operator for OpenShift clusters and can be deployed using the OpenShift Container Platform. Both these methods of installation use OLM (Operator Lifecycle Manager). The operator can also be deployed manually. @@ -11,29 +11,29 @@ The Dell CSI Operator is a Kubernetes Operator, which can be used to install and ## Installation Dell CSI Operator has been tested and qualified with -- Upstream Kubernetes or OpenShift (see [supported versions](../../dell-csi-driver/#features-and-capabilities)) +- Upstream Kubernetes or OpenShift (see [supported versions](../../../csidriver/#features-and-capabilities)) #### Before you begin If you have installed an old version of the `dell-csi-operator` which was available with the name _CSI Operator_, please refer to this [section](#replacing-csi-operator-with-dell-csi-operator) before continuing. #### Full list of CSI Drivers and versions supported by the Dell CSI Operator -| CSI Driver | Version | ConfigVersion | Kubernetes Version | OpenShift Version | -| ------------------ | ------ | --------------| ------------------------ | ----------------- | -| CSI PowerMax | 1.5 | v4 | 1.17, 1.18, 1.19 | 4.4, 4.5, 4.6 | -| CSI PowerMax | 1.6 | v5 | 1.18, 1.19, 1.20 | 4.6, 4.7 | -| CSI PowerMax | 1.7 | v6 | 1.19, 1.20, 1.21 | 4.6, 4.7 | -| CSI PowerFlex | 1.3 | v3 | 1.17, 1.18, 1.19 | 4.4, 4.5, 4.6 | -| CSI PowerFlex | 1.4 | v4 | 1.18, 1.19, 1.20 | 4.6, 4.7 | -| CSI PowerFlex | 1.5 | v5 | 1.19, 1.20, 1.21 | 4.6, 4.7 | -| CSI PowerScale | 1.4 | v4 | 1.17, 1.18, 1.19 | 4.4, 4.5, 4.6 | -| CSI PowerScale | 1.5 | v5 | 1.18, 1.19, 1.20 | 4.6, 4.7 | -| CSI PowerScale | 1.6 | v6 | 1.19, 1.20, 1.21 | 4.6, 4.7 | -| CSI Unity | 1.4 | v3 | 1.17, 1.18, 1.19 | 4.4, 4.5, 4.6 | -| CSI Unity | 1.5 | v4 | 1.18, 1.19, 1.20 | 4.6, 4.7 | -| CSI Unity | 1.6 | v5 | 1.19, 1.20, 1.21 | 4.6, 4.7 | -| CSI PowerStore | 1.2 | v2 | 1.17, 1.18, 1.19 | 4.5, 4.6 | -| CSI PowerStore | 1.3 | v3 | 1.18, 1.19, 1.20 | 4.6, 4.7 | -| CSI PowerStore | 1.4 | v4 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI Driver | Version | ConfigVersion | Kubernetes Version | OpenShift Version | +| ------------------ | --------- | -------------- | -------------------- | --------------------- | +| CSI PowerMax | 1.6 | v5 | 1.18, 1.19, 1.20 | 4.6, 4.7 | +| CSI PowerMax | 1.7 | v6 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI PowerMax | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | +| CSI PowerFlex | 1.4 | v4 | 1.18, 1.19, 1.20 | 4.6, 4.7 | +| CSI PowerFlex | 1.5 | v5 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI PowerFlex | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | +| CSI PowerScale | 1.5 | v5 | 1.18, 1.19, 1.20 | 4.6, 4.7 | +| CSI PowerScale | 1.6 | v6 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI PowerScale | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | +| CSI Unity | 1.5 | v4 | 1.18, 1.19, 1.20 | 4.6, 4.7 | +| CSI Unity | 1.6 | v5 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI Unity | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | +| CSI PowerStore | 1.3 | v3 | 1.18, 1.19, 1.20 | 4.6, 4.7 | +| CSI PowerStore | 1.4 | v4 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI PowerStore | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 |
@@ -45,12 +45,12 @@ The installation process involves the creation of a `Subscription` object either * _Automatic_ - If you want the Operator to be automatically installed or upgraded (once an upgrade becomes available) * _Manual_ - If you want a Cluster Administrator to manually review and approve the `InstallPlan` for installation/upgrades -**NOTE**: The recommended version of OLM for upstream Kubernetes is **`v0.17.0`**. +**NOTE**: The recommended version of OLM for upstream Kubernetes is **`v0.18.3`**. #### Pre-Requisite for installation with OLM Please run the following commands for creating the required `ConfigMap` before installing the `dell-csi-operator` using OLM. ``` -$ git clone github.com/dell/dell-csi-operator +$ git clone https://github.com/dell/dell-csi-operator.git $ cd dell-csi-operator $ tar -czf config.tar.gz driverconfig/ # Replace operator-namespace in the below command with the actual namespace where the operator will be deployed by OLM @@ -94,7 +94,7 @@ For installation of the supported drivers, a `CustomResource` has to be created ### Pre-requisites for upstream Kubernetes Clusters On upstream Kubernetes clusters, make sure to install * VolumeSnapshot CRDs - * On clusters running v1.20 & v1.21, make sure to install v1 VolumeSnapshot CRDs + * On clusters running v1.20,v1.21 & v1.22, make sure to install v1 VolumeSnapshot CRDs * On clusters running v1.19, make sure to install v1beta1 VolumeSnapshot CRDs * External Volume Snapshot Controller with the correct version @@ -264,11 +264,34 @@ The CSI Drivers installed by the Dell CSI Operator can be updated like any Kuber and modify the installation * Modify the API object in-place via `kubectl patch` -**NOTE**: If you are trying to upgrade the CSI driver from an older version, make sure to modify the _configVersion_ field if required. +**NOTES:** +1. If you are trying to upgrade the CSI driver from an older version, make sure to modify the _configVersion_ field if required. +2. The parameter "dnsPolicy: ClusterFirstWithHostNet" should be added as follows: +``` +driver: + configVersion: v5 + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + common: +``` +3. Configmap needs to be created with command `kubectl create -f configmap.yaml` using following yaml file. +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: powerstore-config-params + namespace: csi-powerstore +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "JSON" +``` + +**NOTE:** `Replicas` in the driver CR file should not be greater than or equal to the number of worker nodes when upgrading the driver. If the `Replicas` count is not less than the worker node count, some of the driver controller pods would land in a pending state, and upgrade will not be successful. Driver controller pods go in a pending state because they have anti-affinity to each other and cannot be scheduled on nodes where there is a driver controller pod already running. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity for more details. -**NOTE**: Do not try to update the operator by modifying the original `CustomResource` manifest file and running the `kubectl apply -f` command. As part of the driver installation, the Operator sets some annotations on the `CustomResource` object which are further utilized in some workflows (like detecting upgrade of drivers). If you run the `kubectl apply -f` command to update the driver, these annotations are overwritten and this may lead to failures. +**NOTE:** Do not try to update the operator by modifying the original `CustomResource` manifest file and running the `kubectl apply -f` command. As part of the driver installation, the Operator sets some annotations on the `CustomResource` object which are further utilized in some workflows (like detecting upgrade of drivers). If you run the `kubectl apply -f` command to update the driver, these annotations are overwritten and this may lead to failures. -**NOTE**: From v1.4.0 onwards, Dell CSI Operator does not support creation of `StorageClass` and `VolumeSnapshotClass` objects. Although these fields are still present in the various driver `CustomResourceDefinitions`, they would be ignored by the operator. These fields will be removed from the `CustomResourceDefinitions` in a future release. If `StorageClass` and `VolumeSnapshotClass` needs to be retained, you should upgrade the driver as per the recommended way noted above. +**NOTE:** From v1.4.0 onwards, Dell CSI Operator does not support the creation of `StorageClass` and `VolumeSnapshotClass` objects. Although these fields are still present in the various driver `CustomResourceDefinitions`, they would be ignored by the operator. These fields will be removed from the `CustomResourceDefinitions` in a future release. If `StorageClass` and `VolumeSnapshotClass` need to be retained, you should upgrade the driver as per the recommended way noted above. `StorageClass` and `VolumeSnapshotClass` would not be retained on driver uninstallation. ### Supported modifications @@ -289,6 +312,7 @@ Below is a list of all the mandatory and optional fields in the Custom Resource ### Mandatory fields **configVersion** - Configuration version - Refer full list of supported driver for finding out the appropriate config version [here](#full-list-of-csi-drivers-and-versions-supported-by-the-dell-csi-operator) **replicas** - Number of replicas for controller plugin - Must be set to 1 for all drivers +**dnsPolicy** - Determines the dnsPolicy for the node daemonset. Accepted values are `Default`, `ClusterFirst`, `ClusterFirstWithHostNet`, `None` **common** This field is mandatory and is used to specify common properties for both controller and the node plugin * image - driver container image diff --git a/content/v2/csidriver/installation/operator/isilon.md b/content/v2/csidriver/installation/operator/isilon.md new file mode 100644 index 0000000000..5ecdf25390 --- /dev/null +++ b/content/v2/csidriver/installation/operator/isilon.md @@ -0,0 +1,141 @@ +--- +title: PowerScale +description: > + Installing CSI Driver for PowerScale via Operator +--- + +## Installing CSI Driver for PowerScale via Operator + +The CSI Driver for Dell EMC PowerScale can be installed via the Dell CSI Operator. + +To deploy the Operator, follow the instructions available [here](../). + +There are sample manifests provided which can be edited to do an easy installation of the driver. Note that the deployment of the driver using the operator does not use any Helm charts and the installation and configuration parameters will be slightly different from the one specified via the Helm installer. + +Kubernetes Operators make it easy to deploy and manage the entire lifecycle of complex Kubernetes applications. Operators use Custom Resource Definitions (CRD) which represents the application and use custom controllers to manage them. + +**Note**: MKE (Mirantis Kubernetes Engine) does not support the installation of CSI-PowerScale via Operator. + +### Listing installed drivers with the CSI Isilon CRD +User can query for CSI-PowerScale driver using the following command: +`kubectl get csiisilon --all-namespaces` + +### Install Driver + +1. Create namespace. + + Execute `kubectl create namespace isilon` to create the isilon namespace (if not already present). Note that the namespace can be any user-defined name, in this example, we assume that the namespace is 'isilon'. +2. Create *isilon-creds* secret by using secret.yaml file format only. + + 2.1 Create a yaml file called secret.yaml with the following content: + ``` + isilonClusters: + # logical name of PowerScale Cluster + - clusterName: "cluster1" + + # username for connecting to PowerScale OneFS API server + # Default value: None + username: "user" + + # password for connecting to PowerScale OneFS API server + password: "password" + + # HTTPS endpoint of the PowerScale OneFS API server + # Default value: None + # Examples: "1.2.3.4", "https://1.2.3.4", "https://abc.myonefs.com" + endpoint: "1.2.3.4" + + # Is this a default cluster (would be used by storage classes without ClusterName parameter) + # Allowed values: + # true: mark this cluster config as default + # false: mark this cluster config as not default + # Default value: false + isDefault: true + + # Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. + # Allowed values: + # true: skip OneFS API server's certificate verification + # false: verify OneFS API server's certificates + # Default value: default value specified in values.yaml + # skipCertificateValidation: true + + # The base path for the volumes to be created on PowerScale cluster + # This will be used if a storage class does not have the IsiPath parameter specified. + # Ensure that this path exists on PowerScale cluster. + # Allowed values: unix absolute path + # Default value: default value specified in values.yaml + # Examples: "/ifs/data/csi", "/ifs/engineering" + # isiPath: "/ifs/data/csi" + + # The permissions for isi volume directory path + # This will be used if a storage class does not have the IsiVolumePathPermissions parameter specified. + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + # isiVolumePathPermissions: "0777" + + - clusterName: "cluster2" + username: "user" + password: "password" + endpoint: "1.2.3.4" + endpointPort: "8080" + ``` + + Replace the values for the given keys as per your environment. After creating the secret.yaml, the following command can be used to create the secret, + `kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml` + + Use the following command to replace or update the secret + + `kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml -o yaml --dry-run | kubectl replace -f -` + + **Note**: The user needs to validate the YAML syntax and array related key/values while replacing the isilon-creds secret. + The driver will continue to use previous values in case of an error found in the YAML file. + +3. Create isilon-certs-n secret. + Please refer [this section](../../helm/isilon/#certificate-validation-for-onefs-rest-api-calls) for creating cert-secrets. + + If certificate validation is skipped, empty secret must be created. To create an empty secret. Ex: empty-secret.yaml + + ```yaml + apiVersion: v1 + kind: Secret + metadata: + name: isilon-certs-0 + namespace: isilon + type: Opaque + data: + cert-0: "" + ``` + Execute command: ```kubectl create -f empty-secret.yaml``` + +4. Create a CR (Custom Resource) for PowerScale using the sample files provided + [here](https://github.com/dell/dell-csi-operator/tree/master/samples). +5. Users should configure the parameters in CR. The following table lists the primary configurable parameters of the PowerScale driver and their default values: + + | Parameter | Description | Required | Default | + | --------- | ----------- | -------- |-------- | + | dnsPolicy | Determines the DNS Policy of the Node service | Yes | ClusterFirstWithHostNet | + | ***Common parameters for node and controller*** | + | CSI_ENDPOINT | The UNIX socket address for handling gRPC calls | No | /var/run/csi/csi.sock | + | X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION | Specifies whether SSL security needs to be enabled for communication between PowerScale and CSI Driver | No | true | + | X_CSI_ISI_PATH | Base path for the volumes to be created | Yes | | + | X_CSI_ALLOWED_NETWORKS | Custom networks for PowerScale export. List of networks that can be used for NFS I/O traffic, CIDR format should be used | No | empty | + | X_CSI_ISI_AUTOPROBE | To enable auto probing for driver | No | true | + | X_CSI_ISI_NO_PROBE_ON_START | Indicates whether the controller/node should probe during initialization | Yes | | + | X_CSI_ISI_VOLUME_PATH_PERMISSIONS | The permissions for isi volume directory path | Yes | 0777 | + | ***Controller parameters*** | + | X_CSI_MODE | Driver starting mode | No | controller | + | X_CSI_ISI_ACCESS_ZONE | Name of the access zone a volume can be created in | No | System | + | X_CSI_ISI_QUOTA_ENABLED | To enable SmartQuotas | Yes | | + | ***Node parameters*** | + | X_CSI_MAX_VOLUMES_PER_NODE | Specify the default value for the maximum number of volumes that the controller can publish to the node | Yes | 0 | + | X_CSI_MODE | Driver starting mode | No | node | +6. Execute the following command to create PowerScale custom resource: + ```kubectl create -f ``` . + This command will deploy the CSI-PowerScale driver in the namespace specified in the input YAML file. + +**Note** : + 1. From CSI-PowerScale v1.6.0 and higher, Storage class and VolumeSnapshotClass will **not** be created as part of driver deployment. The user has to create Storageclass and Volume Snapshot Class. + 2. Node selector and node tolerations can be added in both controller parameters and node parameters section, based on the need. + 3. "Kubelet config dir path" is not yet configurable in case of Operator based driver installation. + 4. Also, snapshotter and resizer sidecars are not optional to choose, it comes default with Driver installation. diff --git a/content/v2/installation/operator/non-olm-1.jpg b/content/v2/csidriver/installation/operator/non-olm-1.jpg similarity index 100% rename from content/v2/installation/operator/non-olm-1.jpg rename to content/v2/csidriver/installation/operator/non-olm-1.jpg diff --git a/content/v2/installation/operator/non-olm-2.jpg b/content/v2/csidriver/installation/operator/non-olm-2.jpg similarity index 100% rename from content/v2/installation/operator/non-olm-2.jpg rename to content/v2/csidriver/installation/operator/non-olm-2.jpg diff --git a/content/v2/installation/operator/powerflex.md b/content/v2/csidriver/installation/operator/powerflex.md similarity index 53% rename from content/v2/installation/operator/powerflex.md rename to content/v2/csidriver/installation/operator/powerflex.md index 9339fe798e..d1f42b6a5b 100644 --- a/content/v2/installation/operator/powerflex.md +++ b/content/v2/csidriver/installation/operator/powerflex.md @@ -1,9 +1,9 @@ --- title: PowerFlex description: > - Installing PowerFlex CSI Driver via Operator + Installing CSI Driver for PowerFlex via Operator --- -## Installing PowerFlex CSI Driver via Operator +## Installing CSI Driver for PowerFlex via Operator The CSI Driver for Dell EMC PowerFlex can be installed via the Dell CSI Operator. @@ -18,7 +18,7 @@ Kubernetes Operators make it easy to deploy and manage the entire lifecycle of c - This feature deploys the sdc kernel modules on all nodes with the help of an init container. - For non-supported versions of the OS also do the manual SDC deployment steps given below. Refer to https://hub.docker.com/r/dellemc/sdc for supported versions. - **Note:** When the driver is created, MDM value for initContainers in driver CR is set by the operator from mdm attributes in the driver configuration file, - config.json. An example of config.json is below in this document. Do not set MDM value for initContainers in the driver CR file manually. + config.yaml. An example of config.yaml is below in this document. Do not set MDM value for initContainers in the driver CR file manually. - **Note:** To use an sdc-binary module from customer ftp site: - Create a secret, sdc-repo-secret.yaml to contain the credentials for the private repo. To generate the base64 encoding of a credential: ```yaml @@ -40,24 +40,27 @@ Kubernetes Operators make it easy to deploy and manage the entire lifecycle of c ``` - Create secret for FTP side by using the command `kubectl create -f sdc-repo-secret.yaml`. - Optionally, enable sdc monitor by uncommenting the section for sidecar in manifest yaml. -##### Example CR: [config/samples/vxflex_v140_ops_46.yaml](https://github.com/dell/dell-csi-operator/blob/master/samples/vxflex_140_ops_46.yaml) +##### Example CR: [config/samples/vxflex_v210_ops_48.yaml](https://github.com/dell/dell-csi-operator/blob/master/samples/vxflex_v210_ops_48.yaml) ```yaml sideCars: - # Uncomment the following section if you want to run the monitoring sidecar + # Comment the following section if you don't want to run the monitoring sidecar - name: sdc-monitor envs: - name: HOST_PID value: "1" - name: MDM value: "" + - name: external-health-monitor + args: ["--monitor-interval=60s"] initContainers: - - image: dellemc/sdc:3.5.1.1 + - image: dellemc/sdc:3.6 imagePullPolicy: IfNotPresent name: sdc envs: - name: MDM - value: "" + value: "10.x.x.x,10.x.x.x" ``` + *Note:* Please comment the sdc-monitor sidecar section if you are not using it. Blank values for MDM will result in error. Do not comment the external-health-monitor argument. ### Manual SDC Deployment @@ -75,54 +78,62 @@ For detailed PowerFlex installation procedure, see the _Dell EMC PowerFlex Deplo 1. Create namespace: Run `kubectl create namespace ` command using the desired name to create the namespace. -2. Prepare the config.json for driver configuration. The following table lists driver configuration parameters for multiple storage arrays. - - | Parameter | Description | Required | Default | - | --------- | ------------------------------------------------------------ | -------- | ------- | - | username | Username for accessing PowerFlex system | true | - | - | password | Password for accessing PowerFlex system | true | - | - | systemID | System name/ID of PowerFlex system | true | - | - | endpoint | REST API gateway HTTPS endpoint for PowerFlex system | true | - | - | insecure | Determines if the driver is going to validate certs while connecting to PowerFlex REST API interface | true | true | - | isDefault | An array having isDefault=true is for backward compatibility. This parameter should occur once in the list | false | false | - | mdm | mdm defines the MDM(s) that SDC should register with on start. This should be a list of MDM IP addresses or hostnames separated by comma | true | - | - - Example: config.json - - ```json - [ - { - "username": "admin", - "password": "password", - "systemID": "ID1", - "endpoint": "https://127.0.0.1", - "insecure": true, - "isDefault": true, - "mdm": "10.0.0.1,10.0.0.2" - }, - { - "username": "admin", - "password": "password", - "systemID": "ID2", - "endpoint": "https://127.0.0.2", - "insecure": true, - "mdm": "10.0.0.3,10.0.0.4" - } - ] +2. Prepare the config.yaml for driver configuration. + + Example: config.yaml + + ```yaml + # Username for accessing PowerFlex system. + # Required: true + - username: "admin" + # Password for accessing PowerFlex system. + # Required: true + password: "password" + # System name/ID of PowerFlex system. + # Required: true + systemID: "ID1" + # REST API gateway HTTPS endpoint for PowerFlex system. + # Required: true + endpoint: "https://127.0.0.1" + # Determines if the driver is going to validate certs while connecting to PowerFlex REST API interface. + # Allowed values: true or false + # Required: true + # Default value: true + skipCertificateValidation: true + # indicates if this array is the default array + # needed for backwards compatibility + # only one array is allowed to have this set to true + # Required: false + # Default value: false + isDefault: true + # defines the MDM(s) that SDC should register with on start. + # Allowed values: a list of IP addresses or hostnames separated by comma. + # Required: true + # Default value: none + mdm: "10.0.0.1,10.0.0.2" + # Defines all system names used to create powerflex volumes + # Required: false + # Default value: none + AllSystemNames: "name1,name2" + - username: "admin" + password: "Password123" + systemID: "ID2" + endpoint: "https://127.0.0.2" + skipCertificateValidation: true + mdm: "10.0.0.3,10.0.0.4" + AllSystemNames: "name1,name2" ``` After editing the file, run the following command to create a secret called `vxflexos-config` - `kubectl create secret generic vxflexos-config -n --from-file=config=config.json` + `kubectl create secret generic vxflexos-config -n --from-file=config=config.yaml` Use the following command to replace or update the secret: - `kubectl create secret generic vxflexos-config -n --from-file=config=config.json -o yaml --dry-run=client | kubectl replace -f -` + `kubectl create secret generic vxflexos-config -n --from-file=config=config.yaml -o yaml --dry-run=client | kubectl replace -f -` *Note:* - - - The user needs to validate the JSON syntax and array-related key/values while replacing the vxflexos-creds secret. - - If you update the secret, you must reinstall the driver. - - System ID, MDM configuration, etc. now are taken directly from config.json. MDM provided in the input_sample_file.yaml will be overidden with MDM values in config.json. + + - System ID, MDM configuration, etc. now are taken directly from config.yaml. MDM provided in the input_sample_file.yaml will be overidden with MDM values in config.yaml. 3. Create a Custom Resource (CR) for PowerFlex using the sample files provided [here](https://github.com/dell/dell-csi-operator/tree/master/samples). 4. Users should configure the parameters in CR. The following table lists the primary configurable parameters of the PowerFlex driver and their default values: @@ -133,6 +144,67 @@ For detailed PowerFlex installation procedure, see the _Dell EMC PowerFlex Deplo | ***Common parameters for node and controller*** | | X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT | Enable list volume operation to include snapshots (since creating a volume from a snap actually results in a new snap) | No | false | | X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE | Enable this to automatically delete all snapshots in a consistency group when a snap in the group is deleted | No | false | - | X_CSI_DEBUG | To enable debug mode | No | false | + | X_CSI_DEBUG | To enable debug mode | No | true | | X_CSI_ALLOW_RWO_MULTI_POD_ACCESS | Setting allowRWOMultiPodAccess to "true" will allow multiple pods on the same node to access the same RWO volume. This behavior conflicts with the CSI specification version 1.3. NodePublishVolume description that requires an error to be returned in this case. However, some other CSI drivers support this behavior and some customers desire this behavior. Customers use this option at their own risk. | No | false | 5. Execute the `kubectl create -f ` command to create PowerFlex custom resource. This command will deploy the CSI-PowerFlex driver. + - Example CR for PowerFlex Driver + ```yaml + apiVersion: storage.dell.com/v1 + kind: CSIVXFlexOS + metadata: + name: test-vxflexos + namespace: test-vxflexos + spec: + driver: + configVersion: v6 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + common: + image: "dellemc/csi-vxflexos:v2.0.0" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + - name: X_CSI_DEBUG + value: "true" + - name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS + value: "false" + sideCars: + # Uncomment the following section if you want to run the monitoring sidecar + # - name: sdc-monitor + # envs: + # - name: HOST_PID + # value: "1" + # - name: MDM + # value: "" + - name: external-health-monitor + args: ["--monitor-interval=60s"] + initContainers: + - image: dellemc/sdc:3.6 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.x.x.x,10.x.x.x" #provide MDM value + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: vxflexos-config-params + namespace: test-vxflexos + data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "TEXT" + ``` + ### Pre-Requisite for installation with OLM + Please run the following commands for creating the required ConfigMap before installing the dell-csi-operator using OLM. + + 1. git clone https://github.com/dell/dell-csi-operator.git + 2. cd dell-csi-operator + 3. tar -czf config.tar.gz driverconfig/ + # Replace operator-namespace in the below command with the actual namespace where the operator will be deployed by OLM + 4. kubectl create configmap dell-csi-operator-config --from-file config.tar.gz -n diff --git a/content/v2/installation/operator/powermax.md b/content/v2/csidriver/installation/operator/powermax.md similarity index 60% rename from content/v2/installation/operator/powermax.md rename to content/v2/csidriver/installation/operator/powermax.md index 02f47d6fba..e0fdae7724 100644 --- a/content/v2/installation/operator/powermax.md +++ b/content/v2/csidriver/installation/operator/powermax.md @@ -1,12 +1,12 @@ --- title: PowerMax description: > - Installing PowerMax CSI Driver via Operator + Installing CSI Driver for PowerMax via Operator --- -## Installing PowerMax CSI Driver via Operator +## Installing CSI Driver for PowerMax via Operator -The CSI Driver for Dell EMC PowerMax can be installed via the Dell CSI Operator. +CSI Driver for Dell EMC PowerMax can be installed via the Dell CSI Operator. To deploy the Operator, follow the instructions available [here](../). @@ -25,7 +25,7 @@ Create a secret named powermax-certs in the namespace where the CSI PowerMax dri 1. Create namespace: Run `kubectl create namespace ` using the desired name to create the namespace. 2. Create PowerMax credentials: - Create a file called powermax-creds.yaml with the following content + Create a file called powermax-creds.yaml with the following content: ```yaml apiVersion: v1 kind: Secret @@ -60,24 +60,19 @@ Create a secret named powermax-certs in the namespace where the CSI PowerMax dri | ***Common parameters for node and controller*** | | X_CSI_K8S_CLUSTER_PREFIX | Define a prefix that is appended to all resources created in the array; unique per K8s/CSI deployment; max length - 3 characters | Yes | XYZ | | X_CSI_POWERMAX_ENDPOINT | IP address of the Unisphere for PowerMax | Yes | https://0.0.0.0:8443 | - | X_CSI_TRANSPORT_PROTOCOL | Choose what transport protocol to use (ISCSI, FC, auto or None) | Yes | auto | + | X_CSI_TRANSPORT_PROTOCOL | Choose which transport protocol to use (ISCSI, FC, auto or None) | Yes | auto | | X_CSI_POWERMAX_PORTGROUPS |List of comma-separated port groups (ISCSI only). Example: "PortGroup1,PortGroup2" | No | - | - | X_CSI_MANAGED_ARRAYS | List of comma-separated array id(s) which will be managed by the driver | Yes | - | + | X_CSI_MANAGED_ARRAYS | List of comma-separated array ID(s) which will be managed by the driver | Yes | - | | X_CSI_POWERMAX_PROXY_SERVICE_NAME | Name of CSI PowerMax ReverseProxy service. Leave blank if not using reverse proxy | No | - | | X_CSI_GRPC_MAX_THREADS | Number of concurrent grpc requests allowed per client | No | 4 | - | X_CSI_POWERMAX_DRIVER_NAME | Set custom CSI driver name. For more details on this feature see the related [documentation](../../../features/powermax/#custom-driver-name-experimental-feature) | No | - | - | X_CSI_IG_NODENAME_TEMPLATE | Template used for creating hosts on PowerMax. Example: "a-b-c-%foo%-xyz" where the text between the % symbols(foo) is replaced by the actual host name | No | - | - | X_CSI_IG_MODIFY_HOSTNAME | Determines if the node plugin can rename any existing host on the PowerMax array. Use it with the node name template to rename the existing hosts | No | false - | X_CSI_POWERMAX_DEBUG | Determines if HTTP Request/Response is logged | No | false | - | ***Node parameters***| +| X_CSI_POWERMAX_DRIVER_NAME | Set custom CSI driver name. For more details on this feature see the related [documentation](../../../features/powermax/#custom-driver-name) | No | - | +| ***Node parameters***| | X_CSI_POWERMAX_ISCSI_ENABLE_CHAP | Enable ISCSI CHAP authentication. For more details on this feature see the related [documentation](../../../features/powermax/#iscsi-chap) | No | false | -5. Execute the following command to create PowerMax custom resource:`kubectl create -f `. The above command will deploy the CSI-PowerMax driver. - ->Note: There is a new mandatory env - `X_CSI_MANAGED_ARRAYS` which has to be set while installing or upgrading the driver. +5. Execute the following command to create the PowerMax custom resource:`kubectl create -f `. The above command will deploy the CSI-PowerMax driver. ### CSI PowerMax ReverseProxy -CSI PowerMax ReverseProxy is an optional component that can be installed along with the CSI PowerMax driver. For more details on this feature see the related [documentation](../../../features/powermax#csi-powermax-reverse-proxy). +CSI PowerMax ReverseProxy is an optional component that can be installed with the CSI PowerMax driver. For more details on this feature see the related [documentation](../../../features/powermax#csi-powermax-reverse-proxy). When you install CSI PowerMax ReverseProxy, dell-csi-operator will create a Deployment and ClusterIP service as part of the installation @@ -106,7 +101,7 @@ to if the primary Unisphere is unreachable * **certSecret**: Secret name which holds the CA certificates which was used to sign Unisphere SSL certificates. Mandatory if skipCertificateValidation is set to `false` * **standAloneConfig** : This section contains the configuration of the `StandAlone` mode. Refer to the sample below for the detailed config ->Note: Only one of the `Linked` or `StandAlone` config needs to be supplied. The appropriate `mode` needs to set in the spec as well. +>Note: Only one of the `Linked` or `StandAlone` configurations needs to be supplied. The appropriate `mode` needs to be set in the spec as well. Here is a sample manifest with each field annotated. A copy of this manifest is provided in the `samples` folder ```yaml @@ -117,7 +112,7 @@ metadata: namespace: test-powermax # <- Set the namespace to where you will install the CSI PowerMax driver spec: # Image for CSI PowerMax ReverseProxy - image: dellemc/csipowermax-reverseproxy:v1.3.0 # <- CSI PowerMax Reverse Proxy image + image: dellemc/csipowermax-reverseproxy:v1.4.0 # <- CSI PowerMax Reverse Proxy image imagePullPolicy: Always # TLS secret which contains SSL certificate and private key for the Reverse Proxy server tlsSecret: csirevproxy-tls-secret @@ -143,7 +138,7 @@ spec: # For using the proxy with the driver, use the same proxy credential secrets for # all the managed storage arrays proxyCredentialSecrets: - - proxy-creds + - proxy-creds - storageArrayId: "000000000002" primaryURL: https://unisphere-2-addr:8443 # An optional backup Unisphere server managing the same array @@ -163,6 +158,7 @@ spec: - url: https://unisphere-3-addr:8443 arrayCredentialSecret: unsiphere-3-creds skipCertificateValidation: true + ``` #### Installation @@ -176,10 +172,130 @@ You can query for the deployment and service created as part of the installation kubectl get deployment -n kubectl get svc -n -There is a new sample file - `powermax_revproxy_standalone_with_driver.yaml` present in the `samples` folder which enables installation of +There is a new sample file - `powermax_revproxy_standalone_with_driver.yaml` in the `samples` folder which enables installation of CSI PowerMax ReverseProxy in `StandAlone` mode along with the CSI PowerMax driver. This mode enables the CSI PowerMax driver to connect to multiple Unisphere servers for managing multiple PowerMax arrays. Please follow the same steps described above to install ReverseProxy with this new sample file. ->Note: `dell-csi-operator` doesn't support the installation of CSI PowerMax ReverseProxy as a sidecar to the controller pod. This facility is -> only present with the `dell-csi-helm-installer` \ No newline at end of file +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for powermax version 2.0.0. + +### Operator based installation +As part of driver installation, a ConfigMap with the name `powermax-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `powermax-config-params` and update `CSI_LOG_LEVEL` to the desired log level. +``` +kubectl edit configmap -n powermax powermax-config-params +``` +### Sample CRD file for powermax + +``` yaml +apiVersion: storage.dell.com/v1 +kind: CSIPowerMax +metadata: + name: test-powermax + namespace: test-powermax +spec: + driver: + # Config version for CSI PowerMax v2.0.0 driver + configVersion: v2.0.0 + # replica: Define the number of PowerMax controller nodes + # to deploy to the Kubernetes release + # Allowed values: n, where n > 0 + # Default value: None + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + common: + # Image for CSI PowerMax driver v2.0.0 + image: dellemc/csi-powermax:v2.0.0 + # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. + # Allowed values: + # Always: Always pull the image. + # IfNotPresent: Only pull the image if it does not already exist on the node. + # Never: Never pull the image. + # Default value: None + imagePullPolicy: IfNotPresent + envs: + # X_CSI_MANAGED_ARRAYS: Serial ID of the arrays that will be used for provisioning + # Default value: None + # Examples: "000000000001", "000000000002" + - name: X_CSI_MANAGED_ARRAYS + value: "000000000000,000000000001" + # X_CSI_POWERMAX_ENDPOINT: Address of the Unisphere server that is managing the PowerMax arrays + # Default value: None + # Example: https://0.0.0.1:8443 + - name: X_CSI_POWERMAX_ENDPOINT + value: "https://0.0.0.0:8443/" + # X_CSI_K8S_CLUSTER_PREFIX: Define a prefix that is appended onto + # all resources created in the Array + # This should be unique per K8s/CSI deployment + # maximum length of this value is 3 characters + # Default value: None + # Examples: "XYZ", "EMC" + # Examples: "XYZ", "EMC" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "XYZ" + # X_CSI_POWERMAX_PORTGROUPS: Define the set of existing port groups that the driver will use. + # It is a comma separated list of portgroup names. + # Required only in case of iSCSI port groups + # Allowed values: iSCSI Port Group names + # Default value: None + # Examples: "pg1", "pg1, pg2" + - name: "X_CSI_POWERMAX_PORTGROUPS" + value: "" + # "X_CSI_TRANSPORT_PROTOCOL" can be "FC" or "FIBRE" for fibrechannel, + # "ISCSI" for iSCSI, or "" for autoselection. + # Allowed values: + # "FC" - Fiber Channel protocol + # "FIBER" - Fiber Channel protocol + # "ISCSI" - iSCSI protocol + # "" - Automatic selection of transport protocol + # Default value: "" + - name: "X_CSI_TRANSPORT_PROTOCOL" + value: "" + # X_CSI_POWERMAX_PROXY_SERVICE_NAME: Refers to the name of the proxy service in kubernetes + # Set this to "powermax-reverseproxy" if you are installing the proxy + # Allowed values: "powermax-reverseproxy" + # default values: "" + - name: "X_CSI_POWERMAX_PROXY_SERVICE_NAME" + value: "" + # X_CSI_GRPC_MAX_THREADS: Defines the maximum number of concurrent grpc requests. + # Set this value to a higher number (max 50) if you are using the proxy + # Allowed values: n, where n > 4 + # default values: None + - name: "X_CSI_GRPC_MAX_THREADS" + value: "4" + + node: + envs: + # X_CSI_POWERMAX_ISCSI_ENABLE_CHAP: Determine if the driver is going to configure + # ISCSI node databases on the nodes with the CHAP credentials + # If enabled, the CHAP secret must be provided in the credentials secret + # and set to the key "chapsecret" + # Allowed values: + # "true" - CHAP is enabled + # "false" - CHAP is disabled + # Default value: "false" + - name: "X_CSI_POWERMAX_ISCSI_ENABLE_CHAP" + value: "false" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: powermax-config-params + namespace: test-powermax +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "JSON" + +``` + + +Note: + - `dell-csi-operator` does not support the installation of CSI PowerMax ReverseProxy as a sidecar to the controller Pod. This facility is + only present with `dell-csi-helm-installer`. + - `Kubelet config dir path` is not yet configurable in case of Operator based driver installation. + - Also, snapshotter and resizer sidecars are not optional to choose, it comes default with Driver installation. diff --git a/content/v2/installation/operator/powerstore.md b/content/v2/csidriver/installation/operator/powerstore.md similarity index 79% rename from content/v2/installation/operator/powerstore.md rename to content/v2/csidriver/installation/operator/powerstore.md index 140eba94be..8fb2f30f95 100644 --- a/content/v2/installation/operator/powerstore.md +++ b/content/v2/csidriver/installation/operator/powerstore.md @@ -1,9 +1,9 @@ --- title: PowerStore description: > - Installing PowerStore CSI Driver via Operator + Installing CSI Driver for PowerStore via Operator --- -## Installing PowerStore CSI Driver via Operator +## Installing CSI Driver for PowerStore via Operator The CSI Driver for Dell EMC PowerStore can be installed via the Dell CSI Operator. @@ -71,3 +71,18 @@ Kubernetes Operators make it easy to deploy and manage the entire lifecycle of c | X_CSI_POWERSTORE_ENABLE_CHAP | Set to true if you want to enable iSCSI CHAP feature | No | false | 6. Execute the following command to create PowerStore custom resource:`kubectl create -f `. The above command will deploy the CSI-PowerStore driver. - After that the driver should be installed, you can check the condition of driver pods by running `kubectl get all -n ` + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for unity version 2.0.0. + +### Operator based installation +As part of driver installation, a ConfigMap with the name `powerstore-config-params` is created using the manifest located in the sample file. This ConfigMap contains attributes `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver and `CSI_LOG_FORMAT` which specifies the current log format of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `powerstore-config-params` and update `CSI_LOG_LEVEL` to the desired log level and `CSI_LOG_FORMAT` to the desired log format. +``` +kubectl edit configmap -n csi-powerstore powerstore-config-params +``` +**Note** : + 1. "Kubelet config dir path" is not yet configurable in case of Operator based driver installation. + 2. Also, snapshotter and resizer sidecars are not optional to choose, it comes default with Driver installation. diff --git a/content/v2/installation/operator/unity.md b/content/v2/csidriver/installation/operator/unity.md similarity index 65% rename from content/v2/installation/operator/unity.md rename to content/v2/csidriver/installation/operator/unity.md index 1146cef5f3..f8523f0d01 100644 --- a/content/v2/installation/operator/unity.md +++ b/content/v2/csidriver/installation/operator/unity.md @@ -1,16 +1,16 @@ --- title: Unity description: > - Installing Unity CSI Driver via Operator + Installing CSI Driver for Unity via Operator --- -## CSI Unity +## CSI Driver for Unity ### Pre-requisites #### Create secret to store Unity credentials Create a namespace called unity (it can be any user-defined name; But commands in this section assumes that the namespace is unity) -Prepare the secret.json for driver configuration. +Prepare the secret.yaml for driver configuration. The following table lists driver configuration parameters for multiple storage arrays. | Parameter | Description | Required | Default | @@ -19,43 +19,36 @@ The following table lists driver configuration parameters for multiple storage a | password | Password for accessing Unity system | true | - | | restGateway | REST API gateway HTTPS endpoint Unity system| true | - | | arrayId | ArrayID for Unity system | true | - | -| insecure | "unityInsecure" determines if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface If it is set to false, then a secret unity-certs has to be created with a X.509 certificate of CA which signed the Unisphere certificate | true | true | | isDefaultArray | An array having isDefaultArray=true is for backward compatibility. This parameter should occur once in the list. | false | false | -Ex: secret.json - -```json5 - - { - "storageArrayList": [ - { - "username": "user", - "password": "password", - "restGateway": "https://10.1.1.1", - "arrayId": "APM00******1", - "insecure": true, - "isDefaultArray": true - }, - { - "username": "user", - "password": "password", - "restGateway": "https://10.1.1.2", - "arrayId": "APM00******2", - "insecure": true - } - ] - } +Ex: secret.yaml + +```yaml + + storageArrayList: + - arrayId: "APM00******1" + username: "user" + password: "password" + endpoint: "https://10.1.1.1/" + skipCertificateValidation: true + isDefault: true + + - arrayId: "APM00******2" + username: "user" + password: "password" + endpoint: "https://10.1.1.2/" + skipCertificateValidation: true ``` -`kubectl create secret generic unity-creds -n unity --from-file=config=secret.json` +`kubectl create secret generic unity-creds -n unity --from-file=config=secret.secret` Use the following command to replace or update the secret -`kubectl create secret generic unity-creds -n unity --from-file=config=secret.json -o yaml --dry-run | kubectl replace -f -` +`kubectl create secret generic unity-creds -n unity --from-file=config=secret.yaml -o yaml --dry-run | kubectl replace -f -` -**Note**: The user needs to validate the JSON syntax and array related key/values while replacing the unity-creds secret. -The driver will continue to use previous values in case of an error found in the JSON file. +**Note**: The user needs to validate the YAML syntax and array related key/values while replacing the unity-creds secret. +The driver will continue to use previous values in case of an error found in the YAML file. #### Create secret for client side TLS verification @@ -102,22 +95,45 @@ metadata: namespace: test-unity spec: driver: - configVersion: v5 + configVersion: v2.0.0 replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false common: - image: "dellemc/csi-unity:v1.6.0" + image: "dellemc/csi-unity:v2.0.0" imagePullPolicy: IfNotPresent - envs: - - name: X_CSI_UNITY_DEBUG - value: "true" - - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - value: "false" - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" sideCars: - name: provisioner args: ["--volume-name-prefix=csiunity","--default-fstype=ext4"] - name: snapshotter args: ["--snapshot-name-prefix=csiunitysnap"] +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: unity-config-params + namespace: test-unity +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "info" + ALLOW_RWO_MULTIPOD_ACCESS: "false" + MAX_UNITY_VOLUMES_PER_NODE: "0" + SYNC_NODE_INFO_TIME_INTERVAL: "0" +``` + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for unity version 2.0.0. + +### Operator based installation +As part of driver installation, a ConfigMap with the name `unity-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `unity-config-params` and update `CSI_LOG_LEVEL` to the desired log level. ``` +kubectl edit configmap -n unity unity-config-params +``` +**Note** : + 1. Prior to CSI Driver for unity version 2.0.0, the log level was allowed to be updated dynamically through `logLevel` attribute in the secret object. + 2. "Kubelet config dir path" is not yet configurable in case of Operator based driver installation. + 3. Also, snapshotter and resizer sidecars are not optional to choose, it comes default with Driver installation. diff --git a/content/v2/installation/test/_index.md b/content/v2/csidriver/installation/test/_index.md similarity index 100% rename from content/v2/installation/test/_index.md rename to content/v2/csidriver/installation/test/_index.md diff --git a/content/v2/installation/test/powerflex.md b/content/v2/csidriver/installation/test/powerflex.md similarity index 82% rename from content/v2/installation/test/powerflex.md rename to content/v2/csidriver/installation/test/powerflex.md index 4e05e92b8d..d5c3d106b9 100644 --- a/content/v2/installation/test/powerflex.md +++ b/content/v2/csidriver/installation/test/powerflex.md @@ -54,26 +54,27 @@ spec: storageClassName: vxflexos ``` -2. The _volumeMode: Filesystem_ requires a mounted file system, and the _resources.requests.storage_ of 8Gi requires an 8 GB file. In this case, the _storageClassName: vxflexos_ directs the system to use a storage class named _vxflexos_. This step yields a mounted _ext4_ file system. You can create the _vxflexos_ and _vxflexos-xfs_ storage classes by using the yamls located in helm/samples/storageclass. +2. The _volumeMode: Filesystem_ requires a mounted file system, and the _resources.requests.storage_ of 8Gi requires an 8 GB file. In this case, the _storageClassName: vxflexos_ directs the system to use a storage class named _vxflexos_. This step yields a mounted _ext4_ file system. You can create the _vxflexos_ and _vxflexos-xfs_ storage classes by using the yamls located in samples/storageclass. 3. If you compare _pvol0.yaml_ and _pvol1.yaml_, you will find that the latter uses a different storage class; _vxflexos-xfs_. This class gives you an _xfs_ file system. 4. To see the volumes you created, run kubectl get persistentvolumeclaim –n helmtest-vxflexos and kubectl describe persistentvolumeclaim –n helmtest-vxflexos. -*NOTE:* For more information about Kubernetes objects like _StatefulSet_ and _PersistentVolumeClaim_ see [Kubernetes documentation: Concepts](https://kubernetes.io/docs/concepts/). +>*NOTE:* For more information about Kubernetes objects like _StatefulSet_ and _PersistentVolumeClaim_ see [Kubernetes documentation: Concepts](https://kubernetes.io/docs/concepts/). ## Test creating snapshots -Test the workflow for snapshot creation. +Test the workflow for snapshot creation. +>*NOTE:* Starting with version 2.0, CSI Driver for PowerFlex helm tests are designed to work exclusively with v1 snapshots. **Steps** 1. Start the _2vols_ container and leave it running. - Helm tests are designed assuming users are using the _storageclass_ names (_vxflexos_ and _vxflexos-xfs_). If your _storageclass_ names differ from these values, update the templates in 2vols accordingly (located in `test/helm/2vols/templates` directory). You can use `kubectl get sc` to check for the _storageclass_ names. - - Helm tests are designed assuming users are using the _snapshotclass_ name: _vxflexos-snapclass_ If your _snapshotclass_ name differs from the default values, update `betasnap1.yaml` and `betasnap2.yaml` accordingly. + - Helm tests are designed assuming users are using the _snapshotclass_ name: _vxflexos-snapclass_ If your _snapshotclass_ name differs from the default values, update `snap1.yaml` and `snap2.yaml` accordingly. 2. Run `sh snaptest.sh` to start the test. -This will create a snapshot of each of the volumes in the container using _VolumeSnapshot_ objects defined in `betasnap1.yaml` and `betasnap2.yaml`. The following are the contents of `betasnap1.yaml`: +This will create a snapshot of each of the volumes in the container using _VolumeSnapshot_ objects defined in `snap1.yaml` and `snap2.yaml`. The following are the contents of `snap1.yaml`: ```yaml -apiVersion: snapshot.storage.k8s.io/v1beta1 +apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: pvol0-snap1 @@ -84,16 +85,14 @@ spec: persistentVolumeClaimName: pvol0 ``` -> *NOTE:* apiVersion in both betasnap yamls must match apiVersion in your VolumeSnapshotClass, if version in VolumeSnapshotClass is v1, adjust apiVersion like so: `apiVersion: snapshot.storage.k8s.io/v1` in betasnap1.yaml and betasnap2.yaml - **Results** -The `snaptest.sh` script will create a snapshot using the definitions in the `betasnap1.yaml` file. The _spec.source_ section contains the volume that will be snapped. For example, if the volume to be snapped is _pvol0_, then the created snapshot is named _pvol0-snap1_. +The `snaptest.sh` script will create a snapshot using the definitions in the `snap1.yaml` file. The _spec.source_ section contains the volume that will be snapped. For example, if the volume to be snapped is _pvol0_, then the created snapshot is named _pvol0-snap1_. *NOTE:* The `snaptest.sh` shell script creates the snapshots, describes them, and then deletes them. You can see your snapshots using `kubectl get volumesnapshot -n helmtest-vxflexos`. Notice that this _VolumeSnapshot_ class has a reference to a _snapshotClassName: vxflexos-snapclass_. The CSI Driver for Dell EMC PowerFlex installation does not create this class. You will need -to create instance of _VolumeSnapshotClass_ from one of default samples in `helm/samples/volumesnapshotclass' directory. +to create instance of _VolumeSnapshotClass_ from one of default samples in `samples/volumesnapshotclass' directory. ## Test restoring from a snapshot @@ -105,20 +104,18 @@ Ensure that you have stopped any previous test instance before performing this p **Steps** -> *NOTE:* apiVersion in both betasnap yamls must match apiVersion in your VolumeSnapshotClass, if version in vxflexos-snapclass is v1, adjust apiVersion like so: `apiVersion: snapshot.storage.k8s.io/v1` - 1. Run `sh snaprestoretest.sh` to start the test. This script deploys the _2vols_ example, creates a snap of _pvol0_, and then updates the deployed helm chart from the updated directory _2vols+restore_. This then adds an additional volume that is created from the snapshot. *NOTE:* - Helm tests are designed assuming users are using the _storageclass_ names (_vxflexos_ and _vxflexos-xfs_). If your _storageclass_ names differ from these values, update the templates for snap restore tests accordingly (located in `test/helm/2vols+restore/template` directory). You can use `kubectl get sc` to check for the _storageclass_ names. -- Helm tests are designed assuming users are using the _snapshotclass_ name: _vxflexos-snapclass_ If your _snapshotclass_ name differs from the default values, update `betasnap1.yaml` and `betasnap2.yaml` accordingly. +- Helm tests are designed assuming users are using the _snapshotclass_ name: _vxflexos-snapclass_ If your _snapshotclass_ name differs from the default values, update `snap1.yaml` and `snap2.yaml` accordingly. **Results** An outline of this workflow is described below: -1. The snapshot is taken using `betasnap1.yaml`. +1. The snapshot is taken using `snap1.yaml`. 2. _Helm_ is called to upgrade the deployment with a new definition, which is found in the _2vols+restore_ directory. The `csi-vxflexos/test/helm/2vols+restore/templates` directory contains the newly created `createFromSnap.yaml` file. The script then creates a _PersistentVolumeClaim_, which is a volume that is dynamically created from the snapshot. Then the helm deployment is upgraded to contain the newly created third volume. In other words, when the `snaprestoretest.sh` creates a new volume with data from the snapshot, the restore operation is tested. The contents of the `createFromSnap.yaml` are described below: ```yaml @@ -140,4 +137,4 @@ spec: storage: 8Gi ``` -*NOTE:* The _spec.dataSource_ clause, specifies a source _VolumeSnapshot_ named _pvol0-snap1_ which matches the snapshot's name in `betasnap1.yaml`. +*NOTE:* The _spec.dataSource_ clause, specifies a source _VolumeSnapshot_ named _pvol0-snap1_ which matches the snapshot's name in `snap1.yaml`. diff --git a/content/v2/installation/test/powermax.md b/content/v2/csidriver/installation/test/powermax.md similarity index 81% rename from content/v2/installation/test/powermax.md rename to content/v2/csidriver/installation/test/powermax.md index c7f256cf29..916c07d51b 100644 --- a/content/v2/installation/test/powermax.md +++ b/content/v2/csidriver/installation/test/powermax.md @@ -8,7 +8,7 @@ This section provides multiple methods to test driver functionality in your envi **Note**: To run the test for CSI Driver for Dell EMC PowerMax, install Helm 3. -The _csi-powermax_ repository includes examples of how you can use the CSI Driver for Dell EMC PowerMax. The shell scripts are used to automate the installation and uninstallation of helm charts for the creation of Pods with a different number of volumes in a given namespace using the storageclass provided. To test the installation of the CSI driver, perform these tests: +The _csi-powermax_ repository includes examples of how you can use CSI Driver for Dell EMC PowerMax. The shell scripts are used to automate the installation and uninstallation of helm charts for the creation of Pods with a different number of volumes in a given namespace using the storageclass provided. To test the installation of the CSI driver, perform these tests: - Volume clone test - Volume test - Snapshot test @@ -19,12 +19,12 @@ Use this procedure to perform a volume test. 1. Create a namespace with the name _test_. 2. Run the `cd csi-powermax/test/helm` command to go to the `csi-powermax/test/helm` directory, which contains the `starttest.sh` script and the _2vols_ directories. -3. Run the starttest.sh script and provide it with a test name. The following is a sample command that can be used to run the _2vols_ test: `./starttest.sh -t 2vols -n -s ` +3. Run the starttest.sh script and provide it with a test name. The following sample command can be used to run the _2vols_ test: `./starttest.sh -t 2vols -n -s ` This script installs a helm chart that creates a Pod with a container, creates two PVCs, and mounts them into the created container. You can now log in to the newly created container and check the mounts. 4. Run the `/stoptest.sh -t 2vols -n ` script to stop the test. This script deletes the Pods and the PVCs created during the test and uninstalls the helm chart. ->*NOTE*: Helm tests have been designed assuming that users are created storageclass names like and . You can use `kubectl get sc` to check for the storageclass names. +>*NOTE*: Helm tests have been designed assuming that users have created storageclass names like `storageclass-name` and `storageclass-name-xfs`. You can use `kubectl get sc` to check for the storageclass names. #### Volume clone test @@ -55,7 +55,7 @@ Use this procedure to perform a snapshot test. - After that, it creates a snapshot of that PVC and uses it as a data source to create a new PVC. It mounts the newly created PVC to the container created earlier and then lists the contents of the source and the target PVCs. - Cleans up all the resources that were created as part of the test. ->*NOTE*: This test has been designed assuming that users are using the snapshot class name `powermax-snapclass`. You must update the snapshot class name in the file `betaSnap1.yaml/snap1.yaml` present in the test/helm folder based on your method of deployment. To get a list of volume snapshot classes, run the command - `kubectl get volumesnapshotclass` +>*NOTE*: This test has been designed assuming that users are using the snapshot class name `powermax-snapclass`. You must update the snapshot class name in the file `snap1.yaml` present in the test/helm folder based on your method of deployment. To get a list of volume snapshot classes, run the command - `kubectl get volumesnapshotclass` #### Volume Expansion test diff --git a/content/v2/installation/test/powerscale.md b/content/v2/csidriver/installation/test/powerscale.md similarity index 77% rename from content/v2/installation/test/powerscale.md rename to content/v2/csidriver/installation/test/powerscale.md index 8a4903418a..7d47368830 100644 --- a/content/v2/installation/test/powerscale.md +++ b/content/v2/csidriver/installation/test/powerscale.md @@ -14,7 +14,7 @@ Test the deployment workflow of a simple pod on PowerScale storage. 1. **Creating a storage class:** - Create a file `storageclass.yaml` using sample yaml file located at helm/samples/storageclass + Create a file `storageclass.yaml` using sample yaml file located at samples/storageclass/isilon.yaml. Update/uncomment the attributes in this sample file as per the requirements. Execute the following command to create a storage class: ``` @@ -26,7 +26,7 @@ Test the deployment workflow of a simple pod on PowerScale storage. 2. **Creating a volume:** - Create a file `pvc.yaml` using sample yaml files located at test/sample_files/ + Create a file `pvc.yaml` using sample yaml files located at samples/persistentvolumeclaim/pvc.yaml Execute the following command to create volume: @@ -39,7 +39,7 @@ Test the deployment workflow of a simple pod on PowerScale storage. 3. **Attach the volume to Host** - To attach a volume to a host, create a new application(Pod) and use the PVC created above in the Pod. This scenario is explained using the Nginx application. Create `nginx.yaml` using sample yaml files located at test/sample_files/. + To attach a volume to a host, create a new application(Pod) and use the PVC created above in the Pod. This scenario is explained using the Nginx application. Create `nginx.yaml` using sample yaml files located at samples/pod/. Execute the following command to mount the volume to the Kubernetes node: ``` @@ -54,22 +54,22 @@ Test the deployment workflow of a simple pod on PowerScale storage. VolumeSnapshotClass is needed for creating the volume snapshots. Starting from v1.6, CSI Driver for PowerScale will not create any default Volume Snapshot class. - So the user has to create a volume snapshot class. The required sample files are present under /helm/samples/volumesnapshotclass. Choose the file based on Kubernetes version. + So the user has to create a volume snapshot class. The required sample files are present under samples/volumesnapshotclass/. Choose the file based on Kubernetes version. Execute either one of the following commands to create a volume snapshot class. - `kubectl create -f $PWD/volsnapclass_v1.yaml` OR `kubectl create -f $PWD/volsnapclass_beta.yaml` + `kubectl create -f samples/volumesnapshotclass/isilon-volumesnapshotclass-v1.yaml` OR `kubectl create -f samples/volumesnapshotclass/isilon-volumesnapshotclass-v1beta1.yaml` The above-said command will create a volume snapshotclass with the name isilon-snapclass. - The following procedure will create a snapshot of the volume in the container using VolumeSnapshot objects defined in snap.yaml. The sample file for snapshot creation is located at test/sample_files/. + The following procedure will create a snapshot of the volume in the container using VolumeSnapshot objects defined in snapshot-of-test-pvc.yaml. The sample file for snapshot creation is located at samples/volumesnapshot/. Execute the following command to create snapshot: - `kubectl create -f $PWD/snap.yaml` + `kubectl create -f samples/volumesnapshot/snapshot-of-test-pvc.yaml` - The spec.source section contains the volume that will be snapped in the default namespace. For example, if the volume to be snapped is testvolclaim1, then the created snapshot is named testvolclaim1-snap1. Verify the PowerScale system for the newly created snapshot. + The spec.source section contains the volume that will be snapped in the default namespace. For example, if the volume to be snapped is test-pvc, then the created snapshot is named snapshot-of-test-pvc. Verify the PowerScale system for the newly created snapshot. **Note**: @@ -83,11 +83,11 @@ Test the deployment workflow of a simple pod on PowerScale storage. The following procedure will create a new volume from a given snapshot which is specified in the spec dataSource field. - The sample file for volume creation from the snapshot is located under test/sample_files/ + The sample file for volume creation from the snapshot is located at samples/persistentvolumeclaim/pvc-from-snapshot.yaml . Execute the following command to create a snapshot: ``` - kubectl create -f $PWD/volume_from_snap.yaml + kubectl create -f samples/persistentvolumeclaim/pvc-from-snapshot.yaml ``` Verify the PowerScale system for newly created volume from the snapshot. @@ -99,7 +99,7 @@ Test the deployment workflow of a simple pod on PowerScale storage. ``` kubectl get volumesnapshot - kubectl delete volumesnapshot pvcsnap + kubectl delete volumesnapshot snapshot-of-test-pvc ``` @@ -107,11 +107,11 @@ Test the deployment workflow of a simple pod on PowerScale storage. The following procedure will create a new volume from another existing volume which is specified in the spec dataSource field. - The sample file for volume creation from volume is located at test/sample_files/ + The sample file for volume creation from volume is located at samples/persistentvolumeclaim/pvc-from-pvc.yaml - Execute the following command to create a snapshot: + Execute the following command to create a pvc from another pvc: ``` - kubectl create -f $PWD/volume_from_volume.yaml + kubectl create -f samples/persistentvolumeclaim/pvc-from-pvc.yaml ``` Verify the PowerScale system for newly created volume from volume. @@ -122,7 +122,7 @@ Test the deployment workflow of a simple pod on PowerScale storage. Delete the nginx application to Unattach the volume from the host: `kubectl delete -f nginx.yaml` - + 9. **To delete the volume** diff --git a/content/v2/installation/test/powerstore.md b/content/v2/csidriver/installation/test/powerstore.md similarity index 81% rename from content/v2/installation/test/powerstore.md rename to content/v2/csidriver/installation/test/powerstore.md index 5f8251d7ef..3519534259 100644 --- a/content/v2/installation/test/powerstore.md +++ b/content/v2/csidriver/installation/test/powerstore.md @@ -6,7 +6,7 @@ description: Tests to validate PowerStore CSI Driver installation In the repository, a simple test manifest exists that creates three different PersistentVolumeClaims using default ext4, xfs, and nfs storage classes and automatically mounts them to the pod. ->It assumes that you've created the same basic three storage classes from `helm/samples/storageclass` folder without changing their names. If you've created different storage classes please edit `tests/simple/simple.yaml` and change `PersistentVolumeClaim` definitions to point to correct storage classes. +>It assumes that you've created the same basic three storage classes from `samples/storageclass` folder without changing their names. If you've created different storage classes please edit `tests/simple/simple.yaml` and change `PersistentVolumeClaim` definitions to point to correct storage classes. **Steps** diff --git a/content/v2/installation/test/unity.md b/content/v2/csidriver/installation/test/unity.md similarity index 100% rename from content/v2/installation/test/unity.md rename to content/v2/csidriver/installation/test/unity.md diff --git a/content/v2/dell-csi-driver/isilon.jpeg b/content/v2/csidriver/isilon.jpeg similarity index 100% rename from content/v2/dell-csi-driver/isilon.jpeg rename to content/v2/csidriver/isilon.jpeg diff --git a/content/v2/partners/_index.md b/content/v2/csidriver/partners/_index.md similarity index 100% rename from content/v2/partners/_index.md rename to content/v2/csidriver/partners/_index.md diff --git a/content/v2/partners/docker.md b/content/v2/csidriver/partners/docker.md similarity index 100% rename from content/v2/partners/docker.md rename to content/v2/csidriver/partners/docker.md diff --git a/content/v2/partners/driver1.PNG b/content/v2/csidriver/partners/driver1.PNG similarity index 100% rename from content/v2/partners/driver1.PNG rename to content/v2/csidriver/partners/driver1.PNG diff --git a/content/v2/partners/driver2.PNG b/content/v2/csidriver/partners/driver2.PNG similarity index 100% rename from content/v2/partners/driver2.PNG rename to content/v2/csidriver/partners/driver2.PNG diff --git a/content/v2/partners/driver3.png b/content/v2/csidriver/partners/driver3.png similarity index 100% rename from content/v2/partners/driver3.png rename to content/v2/csidriver/partners/driver3.png diff --git a/content/v2/partners/first.png b/content/v2/csidriver/partners/first.png similarity index 100% rename from content/v2/partners/first.png rename to content/v2/csidriver/partners/first.png diff --git a/content/v2/partners/oc1.PNG b/content/v2/csidriver/partners/oc1.PNG similarity index 100% rename from content/v2/partners/oc1.PNG rename to content/v2/csidriver/partners/oc1.PNG diff --git a/content/v2/partners/oc2.PNG b/content/v2/csidriver/partners/oc2.PNG similarity index 100% rename from content/v2/partners/oc2.PNG rename to content/v2/csidriver/partners/oc2.PNG diff --git a/content/v2/partners/oc3.PNG b/content/v2/csidriver/partners/oc3.PNG similarity index 100% rename from content/v2/partners/oc3.PNG rename to content/v2/csidriver/partners/oc3.PNG diff --git a/content/v2/partners/oc4.PNG b/content/v2/csidriver/partners/oc4.PNG similarity index 100% rename from content/v2/partners/oc4.PNG rename to content/v2/csidriver/partners/oc4.PNG diff --git a/content/v2/partners/oc5.PNG b/content/v2/csidriver/partners/oc5.PNG similarity index 100% rename from content/v2/partners/oc5.PNG rename to content/v2/csidriver/partners/oc5.PNG diff --git a/content/v2/partners/operator.md b/content/v2/csidriver/partners/operator.md similarity index 67% rename from content/v2/partners/operator.md rename to content/v2/csidriver/partners/operator.md index 7dc96ca4dd..d60c9e6459 100644 --- a/content/v2/partners/operator.md +++ b/content/v2/csidriver/partners/operator.md @@ -5,10 +5,10 @@ weight: 3 description: Installing the Dell CSI Operator via OperatorHub.io --- -Users can install the Dell CSI Operator via OperatorHub.io on Kubernetes. The following outlines the process to do so: +Users can install the Dell CSI Operator via [Operatorhub.io](https://operatorhub.io/) on Kubernetes. The following outlines the process to do so: **Steps** -1. Search DellEMC in the storage category in Operatorhub.io. +1. Search *dell* in the storage category in [Operatorhub.io](https://operatorhub.io/?keyword=dell). ![](../ophub1.png) diff --git a/content/v2/partners/ophub1.png b/content/v2/csidriver/partners/ophub1.png similarity index 100% rename from content/v2/partners/ophub1.png rename to content/v2/csidriver/partners/ophub1.png diff --git a/content/v2/partners/ophub2.png b/content/v2/csidriver/partners/ophub2.png similarity index 100% rename from content/v2/partners/ophub2.png rename to content/v2/csidriver/partners/ophub2.png diff --git a/content/v2/partners/ophub3.png b/content/v2/csidriver/partners/ophub3.png similarity index 100% rename from content/v2/partners/ophub3.png rename to content/v2/csidriver/partners/ophub3.png diff --git a/content/v2/partners/rancher.md b/content/v2/csidriver/partners/rancher.md similarity index 73% rename from content/v2/partners/rancher.md rename to content/v2/csidriver/partners/rancher.md index 6e712f0986..a818009ab1 100644 --- a/content/v2/partners/rancher.md +++ b/content/v2/csidriver/partners/rancher.md @@ -3,12 +3,10 @@ title: "RKE" Description: "About Rancher Kubernetes Engine" --- -The Dell CSI Drivers support Rancher Kubernetes Engine (RKE). +The Dell CSI Drivers support Rancher Kubernetes Engine (RKE) v1.2.8. The installation process for the drivers on such clusters remains the same as the installation process on regular Kubernetes clusters. Installation on this cluster is done using helm and via Operator has not been qualified. -RKE v1.2.8 supported with Kubernetes client (kubectl) v1.21 - ## RKE Examples ![](../rancher1.PNG) \ No newline at end of file diff --git a/content/v2/partners/rancher1.PNG b/content/v2/csidriver/partners/rancher1.PNG similarity index 100% rename from content/v2/partners/rancher1.PNG rename to content/v2/csidriver/partners/rancher1.PNG diff --git a/content/v2/partners/redhat.md b/content/v2/csidriver/partners/redhat.md similarity index 94% rename from content/v2/partners/redhat.md rename to content/v2/csidriver/partners/redhat.md index 6ff2feeb12..1a5408788b 100644 --- a/content/v2/partners/redhat.md +++ b/content/v2/csidriver/partners/redhat.md @@ -5,7 +5,7 @@ weight: 3 description: > Installing the certified Dell CSI Operator on OpenShift --- -The Dell EMC CSI Drivers support Red Hat OpenShift. Please see the [Supported Platforms](../../dell-csi-driver/#supported-platforms) table for more details. +The Dell EMC CSI Drivers support Red Hat OpenShift. Please see the [Supported Platforms](../../#features-and-capabilities) table for more details. The CSI drivers can be installed via Helm charts or Dell CSI Operator. The Dell CSI Operator allows for easy installation of the driver via the Openshift UI. The process to install the Operator via the OpenShift UI can be found below. diff --git a/content/v2/partners/second.png b/content/v2/csidriver/partners/second.png similarity index 100% rename from content/v2/partners/second.png rename to content/v2/csidriver/partners/second.png diff --git a/content/v2/partners/tanzu.md b/content/v2/csidriver/partners/tanzu.md similarity index 96% rename from content/v2/partners/tanzu.md rename to content/v2/csidriver/partners/tanzu.md index 04763da6e7..d87473e1b3 100644 --- a/content/v2/partners/tanzu.md +++ b/content/v2/csidriver/partners/tanzu.md @@ -5,7 +5,7 @@ Description: "About VMware Tanzu basic" The CSI Driver for Dell EMC Unity and PowerScale supports VMware Tanzu and deployment of these Tanzu clusters is done using the VMware Tanzu supervisor cluster and supervisor namespace. -Currently, VMware Tanzu with normal configuration(without NAT) supports Kubernetes 1.19 and 1.20. +Currently, VMware Tanzu with normal configuration(without NAT) supports Kubernetes 1.20. The CSI driver can be installed on this cluster using Helm. Installation of CSI drivers in Tanzu via Operator has not been qualified. To login to the Tanzu cluster, download kubectl and kubectl vsphere binaries to any of the system diff --git a/content/v2/partners/tanzu1.JPG b/content/v2/csidriver/partners/tanzu1.JPG similarity index 100% rename from content/v2/partners/tanzu1.JPG rename to content/v2/csidriver/partners/tanzu1.JPG diff --git a/content/v2/partners/tanzu2.JPG b/content/v2/csidriver/partners/tanzu2.JPG similarity index 100% rename from content/v2/partners/tanzu2.JPG rename to content/v2/csidriver/partners/tanzu2.JPG diff --git a/content/v2/partners/tanzu3.JPG b/content/v2/csidriver/partners/tanzu3.JPG similarity index 100% rename from content/v2/partners/tanzu3.JPG rename to content/v2/csidriver/partners/tanzu3.JPG diff --git a/content/v2/partners/tanzu4.JPG b/content/v2/csidriver/partners/tanzu4.JPG similarity index 100% rename from content/v2/partners/tanzu4.JPG rename to content/v2/csidriver/partners/tanzu4.JPG diff --git a/content/v2/partners/third.png b/content/v2/csidriver/partners/third.png similarity index 100% rename from content/v2/partners/third.png rename to content/v2/csidriver/partners/third.png diff --git a/content/v2/dell-csi-driver/powermax.jpeg b/content/v2/csidriver/powermax.jpeg similarity index 100% rename from content/v2/dell-csi-driver/powermax.jpeg rename to content/v2/csidriver/powermax.jpeg diff --git a/content/v2/dell-csi-driver/powerstore.jpeg b/content/v2/csidriver/powerstore.jpeg similarity index 100% rename from content/v2/dell-csi-driver/powerstore.jpeg rename to content/v2/csidriver/powerstore.jpeg diff --git a/content/v3/release/_index.md b/content/v2/csidriver/release/_index.md similarity index 50% rename from content/v3/release/_index.md rename to content/v2/csidriver/release/_index.md index 40e6b4aba9..dd420bc632 100644 --- a/content/v3/release/_index.md +++ b/content/v2/csidriver/release/_index.md @@ -2,5 +2,5 @@ title: "Release Notes" linkTitle: "Release Notes" weight: 6 -description: Release Notes for all the CSI drivers and Operator +description: Release Notes for all the CSI Drivers and deployment --- diff --git a/content/v2/release/operator.md b/content/v2/csidriver/release/operator.md similarity index 55% rename from content/v2/release/operator.md rename to content/v2/csidriver/release/operator.md index 6ece6b904b..0b9c51fc4f 100644 --- a/content/v2/release/operator.md +++ b/content/v2/csidriver/release/operator.md @@ -3,17 +3,14 @@ title: Operator description: Release notes for Dell CSI Operator --- -## Release Notes - Dell CSI Operator 1.4.0 +## Release Notes - Dell CSI Operator 1.5.0 ->**Note:** There will be a delay in certification of Dell CSI Operator 1.4.0 and it will not be available for download from the Red Hat OpenShift certified catalog. The operator will still be available for download from the Red Hat OpenShift Community Catalog soon after the 1.4.0 release. +>**Note:** There will be a delay in certification of Dell CSI Operator 1.5.0 and it will not be available for download from the Red Hat OpenShift certified catalog right away. The operator will still be available for download from the Red Hat OpenShift Community Catalog soon after the 1.5.0 release. ### New Features/Changes -- Added support for Kubernetes v1.21 -- Deprecated support for Kubernetes v1.18 -- Migrated to Operator SDK v1.5.0 -- Deprecated Storage Class Creation and Support -- Deprecated Volume Snapshot Class Creation and Support +- Added support for Kubernetes v1.22 +- Added support for OpenShift v4.8. ### Fixed Issues There are no fixed issues in this release. @@ -25,4 +22,4 @@ There are no fixed issues in this release. ### Support The Dell CSI Operator image is available on Dockerhub and is officially supported by Dell EMC. -For any CSI operator and driver issues, questions or feedback, join the [Dell EMC Container community](https://www.dell.com/community/Containers/bd-p/Containers). +For any CSI operator and driver issues, questions or feedback, please follow our [support process](../../../support/). diff --git a/content/v2/csidriver/release/powerflex.md b/content/v2/csidriver/release/powerflex.md new file mode 100644 index 0000000000..e4fb911355 --- /dev/null +++ b/content/v2/csidriver/release/powerflex.md @@ -0,0 +1,25 @@ +--- +title: PowerFlex +description: Release notes for PowerFlex CSI driver +--- + +## Release Notes - CSI PowerFlex v2.0.0 + +### New Features/Changes +- Added support for Kubernetes v1.22. +- Added support for OpenShift v4.8. +- Added support for dynamic multi-array configuration. +- Added certificate validation for PowerFlex Gateway REST API calls. +- Aligned configuration parameters with those in other CSI drivers in effort to have consistent config experience across drivers. +- Added the ability to configure kubelet directory path. +- Added the ability to enable/disable installation of resizer sidecar with driver installation. +- Added the ability to enable/disable installation of snapshotter sidecar with driver installation. +- Added the ability to use system names instead of system IDs in config files. + +### Fixed Issues + +There are no fixed issues in this release. + +### Known Issues + +There are no known issues in this release. diff --git a/content/v2/csidriver/release/powermax.md b/content/v2/csidriver/release/powermax.md new file mode 100644 index 0000000000..1aa19826ab --- /dev/null +++ b/content/v2/csidriver/release/powermax.md @@ -0,0 +1,30 @@ +--- +title: PowerMax +description: Release notes for PowerMax CSI driver +--- + +## Release Notes - CSI PowerMax v2.0.0 + +### New Features/Changes +- Added support for Kubernetes v1.22. +- Added support for OpenShift v4.8. +- Added support for RKE v1.2.8. +- Added support for consistent config parameters across CSI drivers. +- Added the ability to change log level and log format of CSI driver and change them dynamically. +- Added the ability to configure kubelet directory path. +- Added the ability to enable/disable installation of resizer sidecar with driver installation. +- Added the ability to enable/disable installation of snapshotter sidecar with driver installation. + +### Fixed Issues +There are no fixed issues in this release. + +### Known Issues + +| Issue | Workaround | +|-------|------------| +| Delete Volume fails with the error message: volume is part of masking view | This issue is due to limitations in Unisphere and occurs when Unisphere is overloaded. Currently, there is no workaround for this but it can be avoided by ensuring that Unisphere is not overloaded during such operations. The Unisphere team is assessing a fix for this in a future Unisphere release| +| Getting initiators list fails with context deadline error | The following error can occur during the driver installation if a large number of initiators are present on the array. There is no workaround for this but it can be avoided by deleting stale initiators on the array| +| Unable to update Host: A problem occurred modifying the host resource | This issue occurs when the nodes do not have unique hostnames or when an IP address/FQDN with same sub-domains are used as hostnames. The workaround is to use unique hostnames or FQDN with unique sub-domains| + + + diff --git a/content/v2/release/powerscale.md b/content/v2/csidriver/release/powerscale.md similarity index 52% rename from content/v2/release/powerscale.md rename to content/v2/csidriver/release/powerscale.md index dbc7a7c3ab..3b4fab75e0 100644 --- a/content/v2/release/powerscale.md +++ b/content/v2/csidriver/release/powerscale.md @@ -3,17 +3,20 @@ title: PowerScale description: Release notes for PowerScale CSI driver --- -## Release Notes - CSI Driver for PowerScale v1.6.0 +## Release Notes - CSI Driver for PowerScale v2.0.0 ### New Features/Changes -- Added support for Kubernetes 1.21. -- Added support for Red Hat Enterprise Linux (RHEL) 8.4. -- Added support for CSI Spec 1.3. -- Added support for Volume Limit. -- Added support for node selector functionality to helm template. -- Added support for secret in YAML format. -- Added support for Dynamic log level changes. -- Added support to make dnsPolicy of node component configurable via Helm +- Added support for Kubernetes v1.22. +- Added support for OpenShift v4.8. +- Added support for CSI Spec v1.4. +- Added support for session-based authentication. +- Added support for consistent config parameters across CSI drivers. +- Added support for configurable security permissions for volume. +- Added the ability to enable/disable installation of resizer sidecar with driver installation. +- Added the ability to enable/disable installation of snapshotter sidecar with driver installation. +- Added support to make dnsPolicy of node component configurable via Operator as well. +- Added the ability to configure kubelet directory path. +- Updated support for dynamic logging configuration. ### Fixed Issues @@ -22,4 +25,5 @@ There are no fixed issues in this release. ### Known Issues | Issue | Resolution or workaround, if known | | ------------------------------------------------------------ | ------------------------------------------------------------ | -| If the length of the nodeID exceeds 128 characters, the driver fails to update the CSINode object and installation fails. This is due to a limitation set by CSI spec which doesn't allow nodeID to be greater than 128 characters. | The CSI PowerScale driver uses the hostname for building the nodeID which is set in the CSINode resource object, hence we recommend not having very long hostnames in order to avoid this issue. This current limitation of 128 characters is likely to be relaxed in future Kubernetes versions as per this issue in the community: https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/issues/581 | \ No newline at end of file +| If the length of the nodeID exceeds 128 characters, the driver fails to update the CSINode object and installation fails. This is due to a limitation set by CSI spec which doesn't allow nodeID to be greater than 128 characters. | The CSI PowerScale driver uses the hostname for building the nodeID which is set in the CSINode resource object, hence we recommend not having very long hostnames in order to avoid this issue. This current limitation of 128 characters is likely to be relaxed in future Kubernetes versions as per this issue in the community: https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/issues/581

**Note:** In kubernetes 1.22 this limit has been relaxed to 192 characters.| +| If some older NFS exports /terminated worker nodes still in NFS export client list, CSI driver tries to add a new worker node it fails (For RWX volume). | User need to manually clean the export client list from old entries to make successful additon of new worker nodes. diff --git a/content/v2/csidriver/release/powerstore.md b/content/v2/csidriver/release/powerstore.md new file mode 100644 index 0000000000..f1d454e00d --- /dev/null +++ b/content/v2/csidriver/release/powerstore.md @@ -0,0 +1,24 @@ +--- +title: PowerStore +description: Release notes for PowerStore CSI driver +--- + +## Release Notes - CSI PowerStore v2.0.0 + +### New Features/Changes + +- Added support for Kubernetes v1.22. +- Added support for OpenShift 4.8. +- Added the ability to change log level and log format of CSI driver and change them dynamically. +- Added the ability to configure kubelet directory path. +- Added the ability to enable/disable installation of resizer sidecar with driver installation. +- Added the ability to enable/disable installation of snapshotter sidecar with driver installation. +- Added support for consistent config parameters across CSI drivers. + +### Fixed Issues + +There are no fixed issues in this release. + +### Known Issues + +There are no known issues in this release. diff --git a/content/v2/csidriver/release/unity.md b/content/v2/csidriver/release/unity.md new file mode 100644 index 0000000000..e0311a174c --- /dev/null +++ b/content/v2/csidriver/release/unity.md @@ -0,0 +1,26 @@ +--- +title: Unity +description: Release notes for Unity CSI driver +--- + +## Release Notes - CSI Unity v2.0.0 + +### New Features/Changes + +- Added support for Kubernetes v1.22. +- Added support for Openshift 4.8. +- Added the ability to change log level and log format of CSI driver and change them dynamically. +- Added the ability to configure kubelet directory path. +- Added the ability to enable/disable installation of resizer sidecar with driver installation. +- Added the ability to enable/disable installation of snapshotter sidecar with driver installation. +- Added support for consistent config parameters across CSI drivers. + +### Fixed Issues + + +### Known Issues + +| Issue | Workaround | +|-------|------------| +| Topology-related node labels are not removed automatically. | Currently, when the driver is uninstalled, topology-related node labels are not getting removed automatically. There is an open issue in the Kubernetes to fix this. Until the fix is released, remove the labels manually after the driver un-installation using command **kubectl label node - - ...** Example: **kubectl label node csi-unity.dellemc.com/array123-iscsi-** Note: there must be - at the end of each label to remove it.| +| NFS Clone - Resize of the snapshot is not supported by Unity Platform.| Currently, when the driver takes a clone of NFS volume, it succeeds. But when the user tries to resize the NFS volumesnapshot, the driver will throw an error. The user should never try to resize the cloned NFS volume.| diff --git a/content/v2/csidriver/troubleshooting/_index.md b/content/v2/csidriver/troubleshooting/_index.md new file mode 100644 index 0000000000..9679830c30 --- /dev/null +++ b/content/v2/csidriver/troubleshooting/_index.md @@ -0,0 +1,6 @@ +--- +title: Troubleshooting +linktitle: Troubleshooting +description: Troubleshooting for CSI Drivers +weight: 5 +--- diff --git a/content/v2/troubleshooting/operator.md b/content/v2/csidriver/troubleshooting/operator.md similarity index 100% rename from content/v2/troubleshooting/operator.md rename to content/v2/csidriver/troubleshooting/operator.md diff --git a/content/v2/csidriver/troubleshooting/powerflex.md b/content/v2/csidriver/troubleshooting/powerflex.md new file mode 100644 index 0000000000..451b7ddbcd --- /dev/null +++ b/content/v2/csidriver/troubleshooting/powerflex.md @@ -0,0 +1,23 @@ +--- +title: PowerFlex +linktitle: PowerFlex +description: Troubleshooting PowerFlex Driver +--- + +| Symptoms | Prevention, Resolution or Workaround | +|------------|--------------| +| The installation fails with the following error message:
```Node xxx does not have the SDC installed```| Install the PowerFlex SDC on listed nodes. The SDC must be installed on all the nodes that need to pull an image of the driver. | +| When you run the command `kubectl describe pods vxflexos-controller-* –n vxflexos`, the system indicates that the driver image could not be loaded. | - If on Kubernetes, edit the `daemon.json` file found in the registry location and add
```{ "insecure-registries" :[ "hostname.cloudapp.net:5000" ] }```
- If on OpenShift, run the command `oc edit image.config.openshift.io/cluster` and add registries to yaml file that is displayed when you run the command. | +|The `kubectl logs -n vxflexos vxflexos-controller-* driver` logs show that the driver is not authenticated.| Check the username, password, and the gateway IP address for the PowerFlex system.| +|The `kubectl logs vxflexos-controller-* -n vxflexos driver` logs show that the system ID is incorrect.| Use the `get_vxflexos_info.sh` to find the correct system ID. Add the system ID to `myvalues.yaml` script.| +|CreateVolume error System is not configured in the driver | Powerflex name if used for systemID in StorageClass ensure same name is also used in array config systemID | +|Defcontext mount option seems to be ignored, volumes still are not being labeled correctly.|Ensure SElinux is enabled on a worker node, and ensure your container run time manager is properly configured to be utilized with SElinux.| +|Mount options that interact with SElinux are not working (like defcontext).|Check that your container orchestrator is properly configured to work with SElinux.| +|Installation of the driver on Kubernetes v1.20/v1.21/v1.22 fails with the following error:
```Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"```|Kubernetes v1.20/1.21/v1.22 requires v1 version of snapshot CRDs to be created in cluster, see the [Volume Snapshot Requirements](../../installation/helm/powerflex/#optional-volume-snapshot-requirements)| +| The `kubectl logs -n vxflexos vxflexos-controller-* driver` logs show `x509: certificate signed by unknown authority` |A self assigned certificate is used for PowerFlex array. See [certificate validation for PowerFlex Gateway](../../installation/helm/powerflex/#certificate-validation-for-powerflex-gateway-rest-api-calls)| +| When you run the command `kubectl apply -f snapclass-v1.yaml`, you get the error `error: unable to recognize "snapclass-v1.yaml": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"` | Check to make sure that the v1 snapshotter CRDs are installed, and not the v1beta1 CRDs, which are no longer supported. | +| The controller pod is stuck and producing errors such as" `Failed to watch *v1.VolumeSnapshotContent: failed to list *v1.VolumeSnapshotContent: the server could not find the requested resource (get volumesnapshotcontents.snapshot.storage.k8s.io)` | Make sure that v1 snapshotter CRDs and v1 snapclass are installed, and not v1beta1, which is no longer supported. | + + +>*Note*: `vxflexos-controller-*` is the controller pod that acquires leader lease + diff --git a/content/v2/troubleshooting/powermax.md b/content/v2/csidriver/troubleshooting/powermax.md similarity index 52% rename from content/v2/troubleshooting/powermax.md rename to content/v2/csidriver/troubleshooting/powermax.md index 055c0d9f00..e1e7587300 100644 --- a/content/v2/troubleshooting/powermax.md +++ b/content/v2/csidriver/troubleshooting/powermax.md @@ -6,6 +6,6 @@ description: Troubleshooting PowerMax Driver | Symptoms | Prevention, Resolution or Workaround | |------------|--------------| | Warning about feature gates | Double check that you have applied all the features to the indicated processes. Restart kubelet when remediated.| -| `kubectl describe pod powermax-controller- –n ` indicates the driver image could not be loaded | You may need to put an insecure-registries entry in `/etc/docker/daemon.json` or login to the docker registry | -| `kubectl logs powermax-controller- –n driver` logs show the driver cannot authenticate | Check your secret’s username and password | -| `kubectl logs powermax-controller- –n driver` logs show the driver failed to connect to the U4P because it couldn’t verify the certificates | Check the powermax-certs secret and ensure it is not empty or it has the valid certificates| +| `kubectl describe pod powermax-controller- –n ` indicates that the driver image could not be loaded | You may need to put an insecure-registries entry in `/etc/docker/daemon.json` or log in to the docker registry | +| `kubectl logs powermax-controller- –n driver` logs show that the driver cannot authenticate | Check your secret’s username and password | +| `kubectl logs powermax-controller- –n driver` logs show that the driver failed to connect to the U4P because it could not verify the certificates | Check the powermax-certs secret and ensure it is not empty or it has the valid certificates| diff --git a/content/v2/troubleshooting/powerscale.md b/content/v2/csidriver/troubleshooting/powerscale.md similarity index 75% rename from content/v2/troubleshooting/powerscale.md rename to content/v2/csidriver/troubleshooting/powerscale.md index 77cb8e3c83..06ed1754b4 100644 --- a/content/v2/troubleshooting/powerscale.md +++ b/content/v2/csidriver/troubleshooting/powerscale.md @@ -13,6 +13,6 @@ Here are some installation failures that might be encountered and how to mitigat |Volume/filesystem is allowed to mount by any host in the network, though that host is not a part of the export of that particular volume under /ifs directory | "Dell EMC PowerScale: OneFS NFS Design Considerations and Best Practices":
There is a default shared directory (ifs) of OneFS, which lets clients running Windows, UNIX, Linux, or Mac OS X access the same directories and files. It is recommended to disable the ifs shared directory in a production environment and create dedicated NFS exports and SMB shares for your workload. | | Creating snapshot fails if the parameter IsiPath in volume snapshot class and related storage class is not the same. The driver uses the incorrect IsiPath parameter and tries to locate the source volume due to the inconsistency. | Ensure IsiPath in VolumeSnapshotClass yaml and related storageClass yaml are the same. | | While deleting a volume, if there are files or folders created on the volume that are owned by different users. If the Isilon credentials used are for a nonprivileged Isilon user, the delete volume action fails. It is due to the limitation in Linux permission control. | To perform the delete volume action, the user account must be assigned a role that has the privilege ISI_PRIV_IFS_RESTORE. The user account must have the following set of privileges to ensure that all the CSI Isilon driver capabilities work properly:
* ISI_PRIV_LOGIN_PAPI
* ISI_PRIV_NFS
* ISI_PRIV_QUOTA
* ISI_PRIV_SNAPSHOT
* ISI_PRIV_IFS_RESTORE
* ISI_PRIV_NS_IFS_ACCESS
In some cases, ISI_PRIV_BACKUP is also required, for example, when files owned by other users have mode bits set to 700. | -| If the hostname is mapped to loopback IP in /etc/hosts file, and pods are created using 1.3.0.1 release, after upgrade to 1.4.0 there is a possibility of "localhost" as a stale entry in export | Recommended setup: User should not map a hostname to loopback IP in /etc/hosts file | +| If the hostname is mapped to loopback IP in /etc/hosts file, and pods are created using 1.3.0.1 release, after upgrade to driver version 1.4.0 or later there is a possibility of "localhost" as a stale entry in export | Recommended setup: User should not map a hostname to loopback IP in /etc/hosts file | | CSI Driver installation fails with the error message "error getting FQDN". | Map IP address of host with its FQDN in /etc/hosts file. | -| Driver node pod is in "CrashLoopBackOff" as "Node ID" generated is not with proper FQDN. | This might be due to "dnsPolicy" implemented on the driver node pod which may differ with different networks.

1.This parameter is configurable in the helm installer and the user can try with different "dnsPolicy" according to the environment. (values.yaml).

2. In the case of Operator installation, this parameter is not configurable at present and will be available in upcoming release. To overcome this issue, try to use appropriate "dnsPolicy" ( ClusterFirst / ClusterFirstWithHostNet ) by patching Isilon node pods.

Example : kubectl patch daemonset isilon-node -n isilon -p '{"spec": {"template": {"spec":{"dnsPolicy": "ClusterFirst"}}}}' | +| Driver node pod is in "CrashLoopBackOff" as "Node ID" generated is not with proper FQDN. | This might be due to "dnsPolicy" implemented on the driver node pod which may differ with different networks.

This parameter is configurable in both helm and Operator installer and the user can try with different "dnsPolicy" according to the environment.| diff --git a/content/v2/troubleshooting/powerstore.md b/content/v2/csidriver/troubleshooting/powerstore.md similarity index 52% rename from content/v2/troubleshooting/powerstore.md rename to content/v2/csidriver/troubleshooting/powerstore.md index 2bd68bbf8c..5f9f9e74c8 100644 --- a/content/v2/troubleshooting/powerstore.md +++ b/content/v2/csidriver/troubleshooting/powerstore.md @@ -7,5 +7,5 @@ description: Troubleshooting PowerStore Driver | --- | --- | | When you run the command `kubectl describe pods powerstore-controller- –n csi-powerstore`, the system indicates that the driver image could not be loaded. | - If on Kubernetes, edit the daemon.json file found in the registry location and add `{ "insecure-registries" :[ "hostname.cloudapp.net:5000" ] }`
- If on OpenShift, run the command `oc edit image.config.openshift.io/cluster` and add registries to yaml file that is displayed when you run the command.| | The `kubectl logs -n csi-powerstore powerstore-node-` driver logs show that the driver can't connect to PowerStore API. | Check if you've created a secret with correct credentials | -|Installation of the driver on Kubernetes v1.20/1.21 fails with the following error:
```Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"```|Kubernetes v1.20/1.21 requires v1 version of snapshot CRDs. If on Kubernetes 1.20/1.21 (v1 snapshots) install CRDs from v4.0.0, see the [Volume Snapshot Requirements](../../installation/helm/powerstore/#optional-volume-snapshot-requirements)| - +|Installation of the driver on Kubernetes supported versions fails with the following error:
```Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"```|Kubernetes v1.20/1.21/v1.22 requires v1 version of snapshot CRDs to be created in cluster, see the [Volume Snapshot Requirements](../../installation/helm/powerstore/#optional-volume-snapshot-requirements)| +| If PVC is not getting created and getting the following error in PVC description:
```failed to provision volume with StorageClass "powerstore-iscsi": rpc error: code = Internal desc = : Unknown error:```| Check if you've created a secret with correct credentials | diff --git a/content/v2/troubleshooting/unity.md b/content/v2/csidriver/troubleshooting/unity.md similarity index 84% rename from content/v2/troubleshooting/unity.md rename to content/v2/csidriver/troubleshooting/unity.md index 83d5c117dc..83d7909bf7 100644 --- a/content/v2/troubleshooting/unity.md +++ b/content/v2/csidriver/troubleshooting/unity.md @@ -8,7 +8,6 @@ description: Troubleshooting Unity Driver | --- | --- | | When you run the command `kubectl describe pods unity-controller- –n unity`, the system indicates that the driver image could not be loaded. | You may need to put an insecure-registries entry in `/etc/docker/daemon.json` or login to the docker registry | | The `kubectl logs -n unity unity-node-` driver logs show that the driver can't connect to Unity - Authentication failure. | Check if you have created a secret with correct credentials | -| Installation of the driver on Kubernetes v1.20/1.21 fails with the following error:
```Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"``` | Kubernetes v1.20/1.21 requires v1 version of snapshot CRDs. If on Kubernetes 1.20/1.21 (v1 snapshots) install CRDs from v4.0.0, see point 6 [here](../../../docs/installation/helm/unity/#install-csi-driver) | | `fsGroup` specified in pod spec is not reflected in files or directories at mounted path of volume. | fsType of PVC must be set for fsGroup to work. fsType can be specified while creating a storage class. For NFS protocol, fsType can be specified as `nfs`. fsGroup doesn't work for ephemeral inline volumes. | | Dynamic array detection will not work in Topology based environment | Whenever a new array is added or removed, then the driver controller and node pod should be restarted with command **kubectl get pods -n unity --no-headers=true \| awk '/unity-/{print $1}'\| xargs kubectl delete -n unity pod** when **topology-based storage classes are used**. For dynamic array addition without topology, the driver will detect the newly added or removed arrays automatically| | If source PVC is deleted when cloned PVC exists, then source PVC will be deleted in the cluster but on array, it will still be present and marked for deletion. | All the cloned PVC should be deleted in order to delete the source PVC from the array. | diff --git a/content/v2/uninstall/_index.md b/content/v2/csidriver/uninstall/_index.md similarity index 87% rename from content/v2/uninstall/_index.md rename to content/v2/csidriver/uninstall/_index.md index c49645f582..447e5ce894 100644 --- a/content/v2/uninstall/_index.md +++ b/content/v2/csidriver/uninstall/_index.md @@ -2,10 +2,10 @@ title: "Uninstallation" linkTitle: "Uninstallation" weight: 3 -description: Methods to uninstall Dell CSI driver +description: Methods to uninstall Dell CSI Driver --- -## Uninstall a Dell CSI driver installed via Helm +## Uninstall a CSI driver installed via Helm To uninstall a driver, the `csi-uninstall.sh` script provides a handy wrapper around the `helm` utility. The only required argument for uninstallation is the namespace name. For example, to uninstall the driver: @@ -27,7 +27,7 @@ Options: -h Help ``` -## Uninstall a Dell CSI driver installed via Dell CSI Operator +## Uninstall a CSI driver installed via Dell CSI Operator For uninstalling any CSI drivers deployed by the Dell CSI Operator, just delete the respective Custom Resources. This can be done using OperatorHub GUI by deleting the CR or via kubectl. diff --git a/content/v2/dell-csi-driver/unity.jpeg b/content/v2/csidriver/unity.jpeg similarity index 100% rename from content/v2/dell-csi-driver/unity.jpeg rename to content/v2/csidriver/unity.jpeg diff --git a/content/v2/dell-csi-driver/unity_architecture.png b/content/v2/csidriver/unity_architecture.png similarity index 100% rename from content/v2/dell-csi-driver/unity_architecture.png rename to content/v2/csidriver/unity_architecture.png diff --git a/content/v3/upgradation/_index.md b/content/v2/csidriver/upgradation/_index.md similarity index 61% rename from content/v3/upgradation/_index.md rename to content/v2/csidriver/upgradation/_index.md index 9574b4d997..dc05a6bae1 100644 --- a/content/v3/upgradation/_index.md +++ b/content/v2/csidriver/upgradation/_index.md @@ -4,6 +4,6 @@ tags: - upgrade - csi-driver weight: 3 -Description: Upgrade Dell EMC CSI drivers +Description: Upgrade Dell CSI Drivers --- diff --git a/content/v2/upgradation/drivers/isilon.md b/content/v2/csidriver/upgradation/drivers/isilon.md similarity index 62% rename from content/v2/upgradation/drivers/isilon.md rename to content/v2/csidriver/upgradation/drivers/isilon.md index b1d209ae3b..4d6d1c36b9 100644 --- a/content/v2/upgradation/drivers/isilon.md +++ b/content/v2/csidriver/upgradation/drivers/isilon.md @@ -8,23 +8,27 @@ Description: Upgrade PowerScale CSI driver --- You can upgrade the CSI Driver for Dell EMC PowerScale using Helm or Dell CSI Operator. -## Upgrade Driver from version 1.5.0 to 1.6.0 +## Upgrade Driver from version 1.6.0 to 2.0.0 + +**Note:** While upgrading the driver via helm, controllerCount variable in myvalues.yaml can be at most one less than the number of worker nodes. **Steps** -1. Verify that all pre-requisites to install CSI Driver for Dell EMC PowerScale version 1.6.0 are fulfilled. Note that change in secret format should be taken care. +1. Verify that all pre-requisites to install CSI Driver for Dell EMC PowerScale version 2.0.0 are fulfilled. Note that change in secret format should be taken care. - Delete the existing secret (isilon-creds and isilon-certs-0) - Create new secrets (isilon-creds and isilon-certs-0) Refer Installation section [here](./../../../installation/helm/isilon/#install-the-driver). -2. Clone the repository https://github.com/dell/csi-powerscale , copy the helm/csi-isilon/values.yaml into a new location with a custom name say _my-isilon-settings.yaml_, to customize settings for installation. Edit _my-isilon-settings.yaml_ as per the requirements. +2. Clone the repository using `git clone -b v2.0.0 https://github.com/dell/csi-powerscale.git`, copy the helm/csi-isilon/values.yaml into a new location with a custom name say _my-isilon-settings.yaml_, to customize settings for installation. Edit _my-isilon-settings.yaml_ as per the requirements. 3. Change to directory dell-csi-helm-installer to install the Dell EMC PowerScale `cd dell-csi-helm-installer` -4. Upgrade the CSI Driver for Dell EMC PowerScale version 1.6.0 using following command: +4. Upgrade the CSI Driver for Dell EMC PowerScale version 2.0.0 using following command: `./csi-install.sh --namespace isilon --values ./my-isilon-settings.yaml --upgrade` ## Upgrade using Dell CSI Operator: -To upgrade the driver from version 1.5.0 to 1.6.0: +**Note:** While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. + +To upgrade the driver from version 1.6.0 to 2.0.0: Note: It is highly recommended to take *Backup of existing storage class definition and volumesnapshot class definition, yaml files* before the upgrade. diff --git a/content/v2/upgradation/drivers/operator.md b/content/v2/csidriver/upgradation/drivers/operator.md similarity index 72% rename from content/v2/upgradation/drivers/operator.md rename to content/v2/csidriver/upgradation/drivers/operator.md index cb20efa120..77510bfc1c 100644 --- a/content/v2/upgradation/drivers/operator.md +++ b/content/v2/csidriver/upgradation/drivers/operator.md @@ -6,10 +6,10 @@ tags: weight: 1 Description: Upgrade Dell CSI Operator --- -To upgrade Dell CSI Operator from v1.2.0 or v1.3.0 to v1.4.0, perform the following steps. +To upgrade Dell CSI Operator from v1.2.0/v1.3.0 to v1.4.0/v1.5.0, perform the following steps. ### Using Installation Script -Run the following command to upgrade the operator from the v1.2.0 release +Run the following command to upgrade the operator ``` $ bash scripts/install.sh --upgrade ``` @@ -18,5 +18,5 @@ $ bash scripts/install.sh --upgrade The upgrade of the Dell CSI Operator is done via Operator Lifecycle Manager. If the `InstallPlan` for the Operator subscription is set to `Automatic`, the operator will be automatically upgraded to the new version. If the `InstallPlan` is set to `Manual`, then a Cluster Administrator would need to approve the upgrade. -**NOTE**: The recommended version of OLM for Upstream Kubernetes is **`v0.17.0`** when upgrading operator to `v1.4.0`. +**NOTE**: The recommended version of OLM for Upstream Kubernetes is **`v0.18.3`** when upgrading operator to `v1.5.0`. diff --git a/content/v2/upgradation/drivers/powerflex.md b/content/v2/csidriver/upgradation/drivers/powerflex.md similarity index 63% rename from content/v2/upgradation/drivers/powerflex.md rename to content/v2/csidriver/upgradation/drivers/powerflex.md index 6680eaa188..6950dfb9b6 100644 --- a/content/v2/upgradation/drivers/powerflex.md +++ b/content/v2/csidriver/upgradation/drivers/powerflex.md @@ -10,19 +10,20 @@ Description: Upgrade PowerFlex CSI driver You can upgrade the CSI Driver for Dell EMC PowerFlex using Helm or Dell CSI Operator. -## Update Driver from v1.3/v1.4 to v1.5 using Helm +## Update Driver from v1.4/v1.5 to v2.0 using Helm **Steps** -1. Run `git clone https://github.com/dell/csi-powerflex.git` to clone the git repository and get the v1.5 driver. -2. You need to create config.json with the configuration of your system. +1. Run `git clone -b v2.0.0 https://github.com/dell/csi-powerflex.git` to clone the git repository and get the v2.0 driver. +2. You need to create config.yaml with the configuration of your system. Check this section in installation documentation: [Install the Driver](../../../installation/helm/powerflex#install-the-driver) - You must set the only system managed in v1.4/v1.3 driver as default in config.json in v1.5 so that the driver knows the existing volumes belong to that system. + You must set the only system managed in v1.4/v1.5 driver as default in config.json in v2.0 so that the driver knows the existing volumes belong to that system. 3. Update values file as needed. 4. Run the `csi-install` script with the option _\-\-upgrade_ by running: `cd ../dell-csi-helm-installer && ./csi-install.sh --namespace vxflexos --values ./myvalues.yaml --upgrade`. *NOTE:* - If you are upgrading from a driver version that was installed using Helm v2, ensure that you install Helm3 before installing the driver. -- Installation of the CSI Driver for Dell EMC PowerFlex version 1.5 driver is not supported on Kubernetes upstream clusters running version 1.17. You must upgrade your cluster to 1.19, 1.20, or 1.21 before attempting to install the new version of the driver. +- Installation of the CSI Driver for Dell EMC PowerFlex version 2.0 driver is not supported on Kubernetes upstream clusters running version 1.18 and 1.19. You must upgrade your cluster to 1.20, 1.21 or 1.22 before attempting to install the new version of the driver.(k8s-1.19 is still supported on openshift-4.6) - To update any installation parameter after the driver has been installed, change the `myvalues.yaml` file and run the install script with the option _\-\-upgrade_, for example: `./csi-install.sh --namespace vxflexos --values ./myvalues.yaml --upgrade`. +- The logging configuration from v1.5 will not work in v2.0, since the log configuration parameters are now set in the values.yaml file located at helm/csi-vxflexos/values.yaml. Please set the logging configuration parameters in the values.yaml file. ## Upgrade using Dell CSI Operator: 1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). diff --git a/content/v2/upgradation/drivers/powermax.md b/content/v2/csidriver/upgradation/drivers/powermax.md similarity index 63% rename from content/v2/upgradation/drivers/powermax.md rename to content/v2/csidriver/upgradation/drivers/powermax.md index e7f5c7eff3..577c7c1286 100644 --- a/content/v2/upgradation/drivers/powermax.md +++ b/content/v2/csidriver/upgradation/drivers/powermax.md @@ -8,13 +8,13 @@ weight: 1 Description: Upgrade PowerMax CSI driver --- -You can upgrade the CSI Driver for Dell EMC PowerMax using Helm or Dell CSI Operator. +You can upgrade CSI Driver for Dell EMC PowerMax using Helm or Dell CSI Operator. -## Update Driver from v1.6 to v1.7 using Helm +## Update Driver from v1.7 to v2.0 using Helm **Steps** -1. Run `git clone https://github.com/dell/csi-powermax.git` to clone the git repository and get the v1.7 driver. -2. Update values file as needed. +1. Run `git clone -b v2.0.0 https://github.com/dell/csi-powermax.git` to clone the git repository and get the v2.0 driver. +2. Update the values file as needed. 2. Run the `csi-install` script with the option _\-\-upgrade_ by running: `cd ../dell-csi-helm-installer && ./csi-install.sh --namespace powermax --values ./my-powermax-settings.yaml --upgrade`. *NOTE:* @@ -26,7 +26,7 @@ You can upgrade the CSI Driver for Dell EMC PowerMax using Helm or Dell CSI Oper 1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). 2. Execute `bash scripts/install.sh --upgrade` -This command will install the latest version of the operator. ->Note: Dell CSI Operator version 1.4.0 and higher would install to the 'dell-csi-operator' namespace by default. +This command installs the latest version of the operator. +>Note: Dell CSI Operator version 1.4.0 and later installs to the 'dell-csi-operator' namespace by default. -3. To upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). +3. To upgrade the driver, see [here](./../../../installation/operator/#update-csi-drivers). diff --git a/content/v2/csidriver/upgradation/drivers/powerstore.md b/content/v2/csidriver/upgradation/drivers/powerstore.md new file mode 100644 index 0000000000..436fb52f79 --- /dev/null +++ b/content/v2/csidriver/upgradation/drivers/powerstore.md @@ -0,0 +1,44 @@ +--- +title: "PowerStore" +tags: + - upgrade + - csi-driver +weight: 1 +Description: Upgrade PowerStore CSI driver +--- + +You can upgrade the CSI Driver for Dell EMC PowerStore using Helm or Dell CSI Operator. + +## Update Driver from v1.4 to v2.0 using Helm + +Note: While upgrading the driver via helm, controllerCount variable in myvalues.yaml can be at most one less than the number of worker nodes. + +**Steps** +1. Run `git clone -b v2.0.0 https://github.com/dell/csi-powerstore.git` to clone the git repository and get the v2.0 driver. +2. Edit `helm/config.yaml` file and configure connection information for your PowerStore arrays changing the following parameters: + - *endpoint*: defines the full URL path to the PowerStore API. + - *globalID*: specifies what storage cluster the driver should use + - *username*, *password*: defines credentials for connecting to array. + - *skipCertificateValidation*: defines if we should use insecure connection or not. + - *isDefault*: defines if we should treat the current array as a default. + - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, None, or auto). + - *nasName*: defines what NAS should be used for NFS volumes. + + Add more blocks similar to above for each PowerStore array if necessary. +3. (optional) create new storage classes using ones from `samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f ` + >Storage classes created by v1.4 driver will not be deleted, v2.0 driver will use default array to manage volumes provisioned with old storage classes. Thus, if you still have volumes provisioned by v1.4 in your cluster then be sure to include the same array you have used for the v1.4 driver and make it default in the `config.yaml` file. +4. Create the secret by running ```kubectl create secret generic powerstore-config -n csi-powerstore --from-file=config=secret.yaml``` +5. Copy the default values.yaml file `cp ./helm/csi-powerstore/values.yaml ./dell-csi-helm-installer/my-powerstore-settings.yaml` and update parameters as per the requirement. +6. Run the `csi-install` script with the option _\-\-upgrade_ by running: `./dell-csi-helm-installer/csi-install.sh --namespace csi-powerstore --values ./my-powerstore-settings.yaml --upgrade`. + +## Upgrade using Dell CSI Operator: + +Note: While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. + +1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). + +2. Execute `bash scripts/install.sh --upgrade` +This command will install the latest version of the operator. +>Note: Dell CSI Operator version 1.5.0 and higher would install to the 'dell-csi-operator' namespace by default. + +3. To upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). diff --git a/content/v2/upgradation/drivers/unity.md b/content/v2/csidriver/upgradation/drivers/unity.md similarity index 70% rename from content/v2/upgradation/drivers/unity.md rename to content/v2/csidriver/upgradation/drivers/unity.md index 2f21b39011..38017cebd5 100644 --- a/content/v2/upgradation/drivers/unity.md +++ b/content/v2/csidriver/upgradation/drivers/unity.md @@ -15,25 +15,25 @@ You can upgrade the CSI Driver for Dell EMC Unity using Helm or Dell CSI Operato Preparing myvalues.yaml is the same as explained in the install section. -To upgrade the driver from csi-unity v1.5 to csi-unity 1.6 (across K8S 1.19, K8S 1.20, K8S 1.21). +To upgrade the driver from csi-unity v1.6 to csi-unity 2.0 (across K8S 1.20, K8S 1.21, K8S 1.22). -1. Get the latest csi-unity 1.6 code from Github. -2. Create myvalues.yaml according to csi-unity 1.6 . -3. Clone the repository https://github.com/dell/csi-unity , copy the helm/csi-unity/values.yaml to the new location +1. Get the latest csi-unity 2.0 code from Github. +2. Create myvalues.yaml according to csi-unity 2.0 . +3. Clone the repository using `git clone -b v2.0.0 https://github.com/dell/csi-unity.git`, copy the helm/csi-unity/values.yaml to the new location csi-unity/dell-csi-helm-installer with name say myvalues.yaml, to customize settings for installation edit myvalues.yaml as per the requirements. 4. Navigate to common-helm-installer folder and execute the following command: `./csi-install.sh --namespace unity --values ./myvalues.yaml --upgrade` **Note:** -1. User has to re-create existing custom-storage classes (if any) according to the latest (v1.6) format. +1. User has to re-create existing custom-storage classes (if any) according to the latest (v2.0) format. 2. User has to create Volumesnapshotclass after upgrade for taking Snapshots. -3. Secret.json/Secret.yaml files can be updated according to Multiarray Normalization parameters only after upgrading the driver. +3. Secret.yaml files can be updated according to Multiarray Normalization parameters only after upgrading the driver. ### Using Operator **Note:** While upgrading the driver via operator, replicas count in sample CR yaml can be at most one less than the number of worker nodes. -To upgrade the driver from csi-unity v1.5 to csi-unity v1.6 (OpenShift 4.6/4.7) : +To upgrade the driver from csi-unity v1.6 to csi-unity v2.0 (OpenShift 4.6/4.7/4.8) : 1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). @@ -42,6 +42,3 @@ This command will install the latest version of the operator. >Note: Dell CSI Operator version 1.4.0 and higher would install to the 'dell-csi-operator' namespace by default. 3. To upgrade the driver, refer [here](./../../../installation/operator/#update-csi-drivers). - - - diff --git a/content/v2/csm_diagram.jpg b/content/v2/csm_diagram.jpg new file mode 100644 index 0000000000000000000000000000000000000000..f84839f761a99df2a207fd81cae012241d0d387f GIT binary patch literal 275269 zcmeEv2UHYGw{DXq2#SD!;HaPoNX`h1iewQ1B?==sNzQRFAW9TOkRSshNy3PLWJW+F ziAYuu5RjaPJj0~dc*3ve5BGT2U2na+9;2<*-Mg!5f3<5@)vl^tq)();zyVEF4OM^) z{GA~?0|2CPsoN@k4z>WGtqlkO0I(0B2Iv8DFmwvMu_R*#D8Mio_y-^p`}6sIGV$+W z7LcYm+yS8cP6O;~oaX{)z-J8Ly#W9mROOlnL;JvM@3)7*9s+v^>>;p+z#ansUm{@W z;9~9S>v`;oy{nh&F%@eEFISIaVxq#L!eXMLVq(H#(h{WLrg5(oRFj3oLpSTc!l|nojAk8#dTVS|BR@Zq@*N- zPfk%*TtQeuQhYZOGFn<%26_he{rlO)k8>Rt|K%U)4RCND5D505$c_W#2gxW7l9Ap5 z5RhA{UF#AV$n7Qc7AzR!&~|qKc}T zx`w9y)oTWZM#d&q);6|w_70AoUfw>we*OV>?uOk9zyBa2{!zl?#H1(5DbKQ=XXoVR z<-d4UT2}tLqOz*GvFUB|yO!3r_MYCp{(-?ypNGaLCcjNh&&J%rUBIJ_X7$U?^Pn*2~UuGry05M20xMjD;pB9J`HtWM-0iLuo&Wc4aPLs*SBbdJ~cUqp7C5yH*dMO++LkV7R8;czk`i0U3Pi34^7ctm^1k_VOK5xO-7nlfWK}g;> zDlWK1?REZ_AJF;{qwfR_OD}wx{y>ZMz-@M^(?NN0G8eH!V(A8@>1<(VH4kcxgjiiW zwQ;jf#h2qK+&LFE+7T>oZ&2~Vb@`fIszD;#jZ^N?x5cT&Zgrj4olEB&xVh2cdfE71Fh?7O34kyz>Roo=OZcC1P1pc}W1G6cnPO zn=@3^5>p7b&wO|S0yky<`~MDs>hMc)d|z}~auY1% zt$#db@l<>1(NXCy0q^R7kCDgSh+`4>!m9g`@(LAK_oA?|@8LgE_SgSTaw5il3v#9= z{ILukUqM(qy_N%JC=o0?6_EZvB=FnUS#`%s)-qDl-6?6Ezvd0zLa><6JasT zm)~{CHvC@peI$E-gkzU?NI{iEk^I%+I~5z9`=v5!t{LB4+Ag!a^xO(K`qoD&JqzLZ z5yy(e;{qe3ln&sTB| zoy>1BwG@3DQKuNA?d2}Zl!N$aJFef2k1Qtv?+0=Fk$ALDdqz!JMNI$5iE9>72ZvLx zy)^RcO-S(8NV!n1#+xdppyIccbj0$W1aA-J`ca64{gCWY{7fc0&8&-`|3u%$R^mht zlNiLpV&Azh6uo?LX%IK391b5gFU7*IX{iBoBWXz1Yld46b2eDcu^V7zKp4SSZs`W6 zvrDlnR}9z^3Hr}Bv~1gq>)Q(A|JNE>-slgJDN%r!l3R5?^?Gt zdzbCbmeKt#F4Zrc_mPk9q2q5_T*L*YV)22HodrJPz5ZrB{%c`1P(s;4w#-Rh90^Fa z-Y5)<@4zXIEvdV6Y2n@nf4TKejVC7fbi||Lsz7Kbs|>65I^6V;>AZ;v1#4|dv63aL zP6c1AJ2rx`%HsCL=FkoOIWwhqSpiuh&f0>f#HKVd>f@!qWG7JuQ=NGPXSv{+cVE~^4{kb*3X#?{#|8dbqfPV_pmIbJ<-e{Dn#56{Hsm(2S}xU4Nd zbFNc&5k!9ODoH92_b4xTe!EBglepyCV;eb2<}VR-o|0@OsmZO^&PU@s&dK6~1;Z&3 zf?6GGs+%Szs0F=4FXqN?6JC+)WZj8HW~+GzI!R>}`ijrex%uxPK(0^d)*G>cqBKF<{te)XBG>c7@%F76{HKDG zhu>Fx)TuDP@!FX~gWj!EvCy!PPkRaRs*zFRVv zPw*_o zcTv=eh++NvI1&PvUy&jbo5HfEy)K$um@wdiAxk)bRD9+LG2z?$&56IdRQ> zJP_$~T!Dt~EnP~aZdN#v01Xq!`Fm4d{3DC08~yW+a|52R&sy#w3Ki8xPxcK{`GhJ5 za;?W^+dH)Dbvammia%dfjYwN_dS7&MsmBy-)wX&EGTHLiwR}kc6*0TMzvZch>ftu4 zavz3D1;#tegLl%cvhR3J9T^$3b7{%Gn^E9->co6RxFDJS;v3(t?O=P(_|wOoTWRtb zpqLaie1H=*N&?=XzH%czqt|fJS{(6aoNH!L8O-XV;%;OMv2(^cdFOdt0-amrI`+i| zfoc${=T!aLT|r9T`}q5`{*jbrT=TYg45JiRmf%^Xu8O?rz6p4pi|NBJShYB?(^xPs z?!eRcEb^#X)g`Z?6A;|xD%5}p3Fs85hvIL+KPTWss=(@)x%H%|OiON3;{YxDiA-~e z8bX@YFst!q=?NCNVnP(F6$cFo;3`_>Xll|>71o>=@!Qm@HD*CaJoA0Mg2Fxwt{--D zE#eJlYyR2V7;(F#jCx;SR!QTpd(uP=a6;Z{1xl4Nz)Htk!r~BsPaR_XRNzAjG zB2TZjC0%Jb;y(8!@EWbRHNrO~1{bRTu#W75e89k`v}Gg5^=!5cS1i0W#qXp6owiUg z{QU!0=kCZedel6Wx5eQ)>&>tp;b%!#u3mKWskm-cQSq{%$!=3jYFtzMb2+|_K${Mu zyW*+gut2m^F*fO}7`pX9-wR=z&@#{EJfv3dH1BxU10{vcdhe7X^pp3PiqKkT3)gl z?C`8e&kAXZNgf_!{ouo<0Cvbu- z9W7Z2=(ceXO46;paFLaz^iU|!CVAjm#LHtb8G{2O<}K~ULo*pcKXm8x6a_vA#<|6z zo^Yqx8VGQd#5g)f7NTM-!TS*jPU?KS(N0{ zv&jn18SRfJD-)Bu4(Nmg%k5mNJb9RH^?gQI97X7es;Yl6U8TRiM(e1Ao{#EC7e0~= zzS&0tqzjF+54^h`6?LnRF_(LxLOfQ=USzptO|hT#W86AkGIMG^uO)v9Q z4Y#+!BjN=g60q5>GhM!;2oDQDc0!=s9g+rb)3$C|IS41`t(1qo-`=(~YlZqh`1Wq) zddOp@yUc@E(e0z!t}Hq09<5#cmFow@=(1CJL(jsa0S7<3SlZc1V%iN7@R7>#Bbm9_ z>Ls?-tC|_{H?9CHo!&Q~qjPu?u#xCC4O@PN4Y7|s|1s%GqPLEuNyF*;g#v16sJF&% zWZBI=DKNW<=`N%kGSYCSthXv^@QbrEx4Z#d;eGR^%A%LPVIg9hSb|#tN1jZ9Fd|h9 zO?YgH$d6KWuO9x#AYns%Y}*J_QPQkGiq6-h)vQ?(AnA(?BLQX|QVrMb<*}6_E^&9y zgcx(Ezf-JQNZ*{adm`|p__F%C2`;F%d+<&Xr(w8<}MBj*4HN*BUT ziowTPl{z0~*9y0h%B_`{fI-OCNmuN)NF6*GIcS0JSOsfjK(PGM#t|o*a0%YKua>zO zg9!^yIcXjk*quG*_xZt<_hh;?w_0$}V#T((W*ei3$A`Rzua}q>^$g}eK66dB88-rR zi#)$7pUA{r$`H@E?EZmfCU&5B*na5cljNeS0xyS@^IIp=Q8TO^XOa$iO==Jp@SO(Y z2;&f&v4e9d(ch*D4H?wY_YYRr0W5$lH24=BMo1PsF~5%Ui)QqU)RKFeY&P@z|iWqwUUx{O5Z&F zR9fHBX!9)+AlBb};p(^I*YXiXeE7RdBw!%{(do2U@VyVQW>sYy@##@iNolm@dc20^ z`le}vyxQ?=NlqU+DjBgV-@GYkcp`%DA%I@5vq72>>r%C=;c*msF=_&D!n)pPtjSw@ zuz#a)Z338RXWuZ8S@$aL99$SgsHrW!^s6H>>p1h)Uwm5mlg^FRoAto=R6_MFNht5Ublr zKxVm{7N&axo^o~&9Fr99_RBQ~wRvs%d2VaGE@^*v_2|*u@2zKp(~<5CMAdAx$#j4bUlTv7QFyG3}RQ=vlw z&ee3`=0%9Ysall@2-{<*w0P?ne>e{B3L^d^XX(=z(1HA+?g4it4I#ws`kEGpvjC&1M{y zW*Lj6U8&$$Nh!&-e?1uBMNMFK$fD9S8X2^p#J6>|;vX8j1$vQ(3i;U)RkR_*TF}1o zn?h4u6_{D97cyMy-!>H(ukjoniz)BDW!T(njslxL&%-w*5xLVbmmJZ>VmZTH4Ex&| z<+^sq%Up2_2XcHJ5@X{%*U08#MoNhOU41xyxP+43PzzS~6J9vkZk796B=cLP4_S^e zvXjsl3Cv)zVTaYVl52-kzyY`J1~#ysQ)F=6!g#B|$KsTn1)a4Ag{lUwWwf?>zMueN z-QyF8k5%QWMW%u#59e+C7C2l(sgZz)tRHXkr{2LOLuQCpb;4aMBp~#ND{7`3Mc9Gj zul*3@s_dGM{Q?e3MYKx6VbNFW;T7zXD>$r}9eKi;SbOJK9Mq3iTLi=cTBLj_sV z-5M()R1bEIRJg`}>dNtq>R+lDTOS%D5+Fo@SJ{S#u9ed^537M=KJl4-jbFM0u*kLJ z(ZUt`i(c#LJo!+iyuq<^b@(6I@*Xq_7a3`n-hfYgUiqfG{Rr3eBSSxNSLpAK=!ER{ z9Lwi?;BY)J983Zfi@?rFHz0fmtag7Hli)l5Mfa=Ba1e4TfTgzv za{4AVw&Ja5NQ{py>VS_}tm8jjbAn(tAuA~2U8k{w_G$d8hrV^VJV#H5h@VN60hR-i~)@}YnN1V zx#f7s6-^RQ#(wb5n^}I8{UH`Vg_o=8JZd+f{kP?<6d2Q=;DfC~dwYwPEDWWa+t}4c zb=bK@L&^g}=}rUBLcgnluis4+l7&t|yMxKRW#ebBd8f*pdCg6~eArIXIN>OBZ>-~y z{ax%D`GpNje_TU#+?VP8VuVtWGxrE#1LY7s)+#+#t!~6zbNkyeulHD`hbq8(fZm*g z1jOlpwF$`%-5@h50}Lba*T6?P(4DWS_y2v%WpYwV!oYS1v+|J(>4quq-^#3T<-KXK z6n8YT6CHX>X)~l@c8-#95uWY;DSR=TL&yuBc6mtLb2_r83l9!jlDaBE3yw6XWCvoE zCW%4AM4U;-@F4gM9wGfLe4Pg24%)??L4{w$W2X5;+~igMjpr*g9J0i+><0y`odN+O zqE{k)^q9|9Wk*|UsR=Y4TQPsk-E(BvSg806$HYU61TXc?j~CHkQ=2xkN1~~7Vykf^6T~8 zlrAvqi#_waetdPLY+3K@IZcL#@2PvMl1PA!l<>lxflfIRkaGtwXm43?HCB>;ZUL;4 z4ZXL0Jn(>GJ7M@DM1uyShpm9E&!e`%idba0R03TGiB5q^OxOh8i8-hhd`6gA>juX? zLuNau=uyPd)q3Ya{0@=;HZu!X)mY8-+^=q$?#3JPffkmEW|CeY1{)GVwY8bI?t+@> zhp&Jd(F8ec37;7xYJ+swL0exc`iM~fThUsiV~wsBm)55c7UYL)P!(RcCOT;J=ZpBb zzb;t_$?RY)G~0%F`%@)c(D?Kskxn%G0pClCln!mnC1L#~=}e0_zKy%zUi78Yt@uB^yqWFreii$RtYyeL{;5y zD+*4F$y+)(^oQswh3_vuno?JRAI%<7;xCUhE_Uf{Kh(^bsr=zeDGj%K8+%u_X(;RM z2II(=Pa7=7(jh6Ut3~{I#fX_h1C1(co^@k*HisT+y=G-{HQn^bB^l-B+eF0{f*07j zD6_`!U?eu+ab848Hpm(in5|+b{EKFG_}8ZHkn{SJHvBHd@y4t|3e9@bFWuJz2+*#c zv_YBUS;Mx*W{vTX$J}kj#YV%Ph;+m9`;sddTs0oPVf{GUJcI^AKZAWL6(W7!`%Jeg zCwtI9mtYzkvD&O3t6OJBH)Iua`7)YX;vJMJJK$iHN&lyrgm38)-+VnJUzyarv$DOO zps2ROQ=~UbOEt)YRD^zTx*b6vnED^7SXL?NOFsIny0r>+1)QjG?jm@&PF*XfPUbbN zur}5kRn=RFYfz4D$@b{0C^sao5EJxWZ87;X$Z*xRQ1SZlfmod<%!dR(Z)s7 zrG3TerxP1BSf6wpJK1Wk%Knv~eOc$cMJ>!OpWVepimfDZ^a8qxJF2I6QGDuC2JeBE zTV+w38&hXLSZzylgJB)6dhq4Cc*LGy}g_&VESUss<)0ZDKdUo<#mi&gJP7uP&yWhL7vW z%26OM5tF$W4E5Q!-EqnB*(%N+_Rhl2-+VProNVcQtmrENs^8$NpXxU6tVwlh#t0<% zpO|z_uFbxDd3oA%wp3x%4iU3YurjW#3qI2~llIX|jpwL6HtD8!GFQbeDDZi z>}}JhkLzco?yi*1Jh*5@2S7&+@bxBIPsNr$r`X(0eCKB5g@=Ej^6b4QoHnH=EEAIR z>S{LY;oyCbRMw`MUo=mT99ZmLzCV!_tp9X*F1`Xm%EA(pNw*ooO{)*2g0ZFWsRaVm{6Q8=~-a9~p4TU}J zuuxOsn5EV>EuPb88+p=5cW_FLBim_PT5NQpfzRoBv$Tk~jUn(|yt3*|@di0ry zaPcX%eFrGtiD_sSp5*B9iC;r$9n?z@XlQ&^ZL5P9aONR~ETc4`qId633N0W#$O-m5-fXA7T)Z&+107%kuYD=hBbW#%lv#f zjsN_Glvn4kF%S7A6#5<$)&N@4bCt@Y9raW7?iLO{-mbtNQPmKXav!}mh$n~;c0lFY zJ!J;(>H+Hrl2~W6=nh>6+oqEw;I^R@bPBKBUJW+I*VD{wlNr1@2(SIG`(UwCXAMiC8=6I(L7Jgu@7&S8oUl|0=aIpdl#E>K+0lqoA zC5ym0CVO z{tp?tVA?9o=3vWsO*8Zmw>yzVfHn2{rf?nf>zy>A=Wymu)=$<}5QfkG@wL93QA#(X z1$kw9o-JD%-@o#SgEu8&xKZBwaiPz^AZOZ@igpz`XwXM9~Mb+Oaz&phg zzvso**H_qALfF;APDD&jPEJHrTtr-42&545^mp;H@Dp{eB_=CwD`t7( zj|@7y{h9o~gaS+tWJzAx!^Q$!Jbu;H^`_F_S}(33^4HJ)5s%G93ojd`-Q`?DqB26_ zVpsoI;`PHvztJd&>@xQQvr4}`0r3Mvf1(XSf9(IlZ!eKw0(lRvJ-B`efnOrtlde6u zehGnJBHoj(J-B`efnOrtlde6uehGnJBHoj(J-B`efnOrtlde6uehGnJBHoj(J-B`e zfnOrtlde6uehGnJBHoj(J-B`efnOrtlde6uehGnJBHoj(J-B`efnOrtlde6uehGnJ zBHoj(J-B`efnOrtlde6uehGnJBHoj(J-B`efnOrtlde6uehGnJBHoj(J-B`efnOrt zlde6uehGnJBHoj(J-B`efnOrtldk{kaQ$P)hK&ojO~V)5kMZ4eD+M|E?qBdn3I3(p zx9bCyijIbcdLIKF0|PxBJ^g-0<^%f~4>HozA7DFh@DK|tD=P!jVRkkac4ihM3{BCiO(PVc1O^MLc`$(n&I&uHkR{~J> zw?yg((Hk={(QyR6hKM>IHt`K#vM#Gi98mVks1??|{|WED!TJr3e(a>(Yt$!30$?IU zsd>~9)Hjn-a7TGL=ojl~{RKi+c>&>2gS7tK;GlfaQr^3Jrp6|x1gEqb1pK)e2?f}u z2cqnY+fjMnFqf2b=JTE}FIJ53EQx+<=P=hY6fM$udSN9u$#V!gE;taYZHb2ugH9)+ zMerw01_{(6BmfO=sDD>a54zV2pFr$zcq8ykNuZ0d=ieV7cR0#_e}L?TPQd&g<+wxe z`9!-J#44KyVuuWl<=;mB99JwxvmCj@00TW+f!pMxgIGxbJySDmL&6D)fq)4fR>Plx zvcf-h7J?K(D7+bDRiqZARK8CFrgYYsFp+XP1OSCk!pGLZ#{~vZvtn=(a7%LSu~fDYY2A6I{6Lu&=3{5S!{>f@V;CqC$d-lIVNKspV$W8kC`1Yb0RR>z^56#=S*t$i@<{k^s=-=>5_JkPUhg&<1bC z4gL&++RtTMPxn``$oeZMNuwYDnQ!51x!7>LN?I;46h_n{s*R$4h5-6w$x5LO|0)yz z%*EUKRS^Os4+(e-eGi>DGX>osCjo1)HKonJU;viXPbG`IjrwP~0Hys0;m#tS+gNP$RTkBOc5rG0yvefhZOsoAM3 z?e0g8p5JE0_fH%iDB)5Ido#Wu8>rrFKV<0PxC4R5;RO7HO*W5Zw+|1$QibDB26TaX z7W9(x9rIl+jGC3$RcJaysg1+<<2w)nSs@h70c}ho9w0CgLkA!j2E;h17595~?XVLi zKv#ay0R{+xf(ZK-1eP7G`L5R5EmgYjTB{D!S~8&4V%gPN=fN_BWP;V1vxx+dJ;I*` zOC72V3bRx=k%AAS2iA6{bofV5p=o`u`$nSh4JIr+ZhZ#KDA*vlf(-&F`|m&{z6mPv zF;GQ=YArgLh6L;j0n6x|6BC|V2c7j}R@Lyz*Vl>nU^_5u_)fzeFfn)sJ{Iv4tDx>S z1a-IVcioM^JIz8d${Wxf3M2Sead;R69X<=+pneIeM{Cfk*3o7dc*apY0vd#sS^$yd|%>Gbfv6y>R zGXw_I25OyY^A3p7InY%L7NYbsv%5MPxvQf)K^;v6#SDIg|ApUirjKA|_Jf)yw2jCD ze=F4mowXqWV10W6FJy=A(BM(6*mWZFk3|h?<{t~J9>o2}k_Nf`xxkJW`-8252tfqj zM7RNp<45QeQLPK{Gp|3DnbZd4NAZmPsl>iZCkK2EJ`Gu*W+L7K9qp_s1^tE7T}}L> zv?4P|z+ZU%tF-Qk=bm`(iRYg7{IjXp)1H5{^?Ta$-*;^G8uz`%eXsAi*Z2HKFMF@= z`S*u~d)jkPd+uq^J?*)tJ^wpKwLR^*r#<(y=l?G4`Ip%!9gLI(`i*V z(-PU8iZl%Q=1g>|t<;_A&$CR8aNEty?&2Tk4Z zZz{bZuR!DPyW&PvPGx{zy3XB%r^C7X;Y)oX{xO=eFY=w=gO>Vd5rVUqkNu|=Z_h2( z;`vzLu5gdH$9Z7h3tYx5?Pa4V6WApYo#a`oRmr@7e?gezEKuBOJ}U! zlU<}Y>_wnwQ0!jdeBdo`SpJn|#9p9vn+X$$1Z~SZY;3m_*$Qn876bO8+~hM~CNU#Sq_jA}P{6rDE)N&+s7 z#X!;IUEsvr0yw`h-nDyR;0ZmE*uU9|B z+PN0bC00N8=`p!v!kfbS@VH_t1I@S@4PI{H9c1H*7ZgvPa?3t2{HFwVi{zgZ0Kxm2 z0Xih$Wg2`(zyv2a z>5GpvfNyT0b|?nlp~`9Sj|fm=BPhDF`A(|>@HH>dqb2y{rD@oj`UC+o8`Pk}Vz?s? z=cHoU^>zQZE_J()kXK3gPUzMG2`DdEa=isxkV4_CNI>aeGxXoR!A>l6V`WsVHk zjExvuJ3bFJLTy+MKEexu6Wr@sJ8fV!8bzh~brH2L)eu2}n7fI4pG#C>N8kd%6Zq6V z)+dyuCzKPog4lIcKu`bw)0akNK#vPWeg=&$82Vue)w4gARGoefF0qP_iU3#hh@bwx z+Ug2{4`q=pwA2`}1>Z#UvN)$xVhS6>6TcGr`!+`2WpyQt~=XJC5P zAkF_Y1i!~;*ac-leGBRjDFLOh9GO`#gNOjvI5?t=z*AyO1}Eyzz*`fO2tlx&OR>e{ zi0w9b7}0(+HVm?Md=6y{->@GV_bBWDbf1X!knwfVWn;Q9(48U{ZPDFekS>Mw8R&u(N?B0j1uf)moG z#=vRiW<@>{pgw`rLP`>nb?{d3##kK727I3r-mDbre=k~2JEnt1iM!wAlGyCyPK+Bq4MKZjNCvpRxxen?T*lZi#{=X`lAKo8FoC|4(txJ-C zVI*+?Szb>CFB~8NOR>Z*7z^>=y_rd30h1pq0;j-xPZQsayJAnA-aU$FQqji2fh`eb zrSSDX^*6wG6mb}^h)*2N+5~mBDtL}^;}{kqi7G_w2rUdK{W}drbf1J`g~V5IU;~z2 zx+0FivRJ~GR=|^pFYM^`1n3QJxT7up_4>Piw=VC$d`_-!WaEBWvhB!}Yc_cxL^|Xn z0#d7NGieIB2j8D*isXPfuP-Mn2S>4f0Su^oZ+0+$5tz(Zurdv4HJ2M0H(fb^w;1^F zYD^AyMAPy?*Oj}iO4se4A$wlJZBBzLnFu*b0+{&Cs0yE6Z3c6@ldQ|^z}e`61GtVQXA8wDbAYn$hG*8HzHryx~1!KM7!~RT)pNmHFyQtv)cyw|b^gs`e5EgX!%X zTy91cqr?M+9*q0lGzy2xWqWT&5qm#742(#AS-$Nr#Tj29Bg?m3T)lxZ^HGWrKYc@n zf#5J4j;srMiFnzWkYZe$+G2hJ&MxUs99VzXCBZ#-qPKYp-N*aDR?=Y^mZ#eeI{geA#Cz!e}J;_h%dCcG6*gx}a#JK1zHcQj^u~C1R z!Zkidc-V+kNZ0!veP7g+wgzig`|rCK4S(a?3SojMH=J{BV5b0nJ2HNPwLj( zQg%Fe>0P^HefQOihgZsF;{3(m$uH-*WS1>4B0Vy;|GI(Kek zXFzRH3!T_LIKFjjvZTmKB-nTVm;E_y9y!fGrFVNv=`nohjIW+!NI`gvvHYXQFZhRD z+UDSj9Xrz}{L_wKmdP0p#+4(H%JY_A86MqQP%q_8rkj6Pe|?pv5pf^JT`z>WEy6l4 zKX^BY!U9*PG<>=0qD*Lf=DVJD&+@bt%Fy;o4yiXmUIfIWEqC+;W?_6gV)Lo|Jbm84 z#OTD7k*v=f9y%Ehe*=bnR_RoB%7R%YZqF8w4ubZN99OJAd#{^pSP6_aZM)Bpq-woT z8-O3Kl`8h@7#~GG_j5ILrZ=fHYOc@Z>Y`V9z?wRv^TbA(QPHubNr=J#-4eQCCTQL_ zY&ak!)My5iEIOWy#a76?56P*GoeYmcDxAk1y^cxed!$p>=hdmS8eJP^aw=Y(BSCZq zb3Y${FyFir$B{Z%ovzh89+`_%RuAeNz53+rgAc(AkQaSB=|!eP9!o__V-;}~19QQi z$$W6T&iX`@3(>AVnHW}0t#NDEwrULTk-hE*nf_##nSxj2pZU~TmG(o>)*m(40%2{Qr;A75JaaMBd z!;i&zsINR$;m*};o4|Qw&PZ%UX;12O z&P3+Dkn;7hC9_qyIXWnW6YYCvYAxv6gwrio)&>gEcSfhqD^T0skntgly>38-T2!=< zj<4`dS6mguRJK&kcX&wCGCez37nsduk6HT~ynhks zf2B!(#tl>cns7LIQ`n*CL|)qsC?~dS%M_G&ZheDQohB5=h!nVT3@;5%0(wPbgP4Y8AFOOWk*pe1% zg!Z-eZaNk3U01Hc-aF;I;w_XSXZJLhQy@%+|7x|Clk9Txj^H#kaGR;;rP6V~cf;c= zx1~@AM|m_{bB5YHtn}|3*KK6-k%dHC;@L6aQZm{gTD$SjQi0L#U*pwed^sqWJtr&R~pgr3J)4LDs$~Dar2)&*gj)(yf6*Jzc^e$kgWbay#zl3;4wp zYa;{KN|q3e^}MF|ix{&Uzs4R4I&%}rPM6C*>Q#o9wwnrs11DvRX|~icCCDIa^yM0) z-#sIfIq&2f_m22As!?9p$9`gymweIVEh4qZ8*)I29Rr_WYC75Dg&U4Oq@ugE;1DEp z#!WCfs)>?cFB-*1k#+|rO>BhGF4n3%Lq+8bNJTnziWtSSm*Gq^UVBXJ`(S8Pt`YwN5><+aMND(x=&Za(@Dj$`ayTh^!df zg|{SNe=Tg{h*_YvvLE{Tb-~Ct8Hw!Iu9t9(-=XN`8aUWKr*eUH;q(W`IpZ3bQ+<;B z$&`MC!mO^xUGCI6r1N4m;(7&A)Ah;IPgV;sB@EvrYs)*P&#<@E_}s6v9Rzy+dz$cx#k((smbo>;_|F|ZX1zt{GNMX@1?dHmsLbj z(CVsZBb-@52Hnz7Plew9A=Cft&C))+x-I<~-RKvlCnNK0Eysj4U))RQOo~E_W zt}gWFnmCH(+D_HujD2nC<)SrNUR=qUl8?@YXm2jYmKmInn&BCETFKg_iLu+dixHWC zeBOTJTTxHHYF;W5Cj8!~Vkda%-Sq4Cx3c1;&1zK9FWktmCGoT^uZHo)@G#UX;X4!g z9i#JLyOdq|G?K%Go8`Dw`Z+%LnGDI?$L5daKl!h(cRY5mgNtXT4wY-l-uIAIOJ49^ zQwsHGQ=qqLWxuT(1Ti7~lD0fCOF2RE1Dgv-W?)a;ebQjnb z_238}W=_$tqp`s%#-mq@>zpe_3xnFwk&`shwGKEfzkum&*ub-Hsk#e+PrNEn4~OYJ zZ0T+*EDdGTZOoVNa8~ijP1JK%qA$TfTbpCooe-|Oe0Z%5Ex(Zjw>8_@)-eN*PR!u5 zkZ#xk1;dH1h#jUz2&JR=Y=ungslHA1khP2FWohz;B8&urw=(?eLnFgl7lSXB@-R~{M3{Y^Ob-^E3O3z39FJ)bp-e)up3vrk`I2hOZfsd)}#>bpPO#MR*bd9raro-@XqW7k1^ljxJWsc56Kp zWaPnXv)I((%>!vl$3UR^B6suJ>)CSUBQ@r1krizSH7)TpC)Inx2;S$ZCL?EE*VR7S zstj+3Pr@WZMn=yJ;Q7!iP22KprSL2r;TJsd&PsD%ZFK~c%My;oJ!E7IFr+|_y{VpA zdYr!yBD9)Vm+vro@ZM5J?}nMujR@)W*e9&xnzx5N-liL}Hiitq>4TKfcT~GK?&DSR zoQO14)e@g`awd##79XTb7@KW>8wx=9ClwIBLLK(q@A-T3ugMinI!h1Xr2RM&9n9-t z@?~>UG|wI{ZjTOsA}~kY;*58HGlR~jg@gq);DQ_nt7RGpjHdJ*k^H76VV4qnSWbp? zxw)w?J(S&I-B1flevTeZFpFd>k4ohIHboPF4R~Uxv!6kG zkGnZB380@oom~%rJtoYe-Th`BT;-!LFqqmbADjqwue_1g8`M7%+L6Aw&bI_vJ@S@# z43j**a@TxcpQ&1(w-J6sP5=D8+b3unU!P~c=zI3EPAeJ5i|V9BZRh86B6)sxEg?K* zt3eLar!o~keLiz1P4pTAnWB;vSiM;N(H;5kp2|%)uF1_mPVKcGvkqYOl#j{Q^mDvE zf21b6cu9Ds5AVE@Q`TC`MqY1;F~zAaj2>v0YV4;ru@g$Om!9HM*|xy3q6K^;0E7ZhU{o6Fu-vmuvO@L&_c8$5&Bm< z(O>V0!6*kLR*oqWvL)>}vI_Pe;s;aGa}~g84j2|MIEr`9F!C$iLJyW{>y0f1*k-Q^ z1PT@eFQ(rVcMRi};ivK_R6S2=mxt^F4Oo=pgr^vAvtEEZ39zWU2w!TZdL43{$P&W3 zYqn(s-=b#I5qR!-C_YXNe>Qx}2edl{z|p>W;La%(@@nV-6dja~PzO#5xDh{$ZRqF_ z88;zB^(-QH6Yea$TM>#m+Xu&<2n8wq8^8m3;U?yjG4f#lA{~J=`FG!eKr4b9*G98I z^AZc=EdD%2ZZG@f`qEB7fFAMBoPj2>|Ea9~eJ1K;xkJjgw(-n-#LLQW{pP?;5>LA( ziODuZIOk5yq|71(`fwwh2Jczy5JD-PlAf9gGdKAHzv;*{rNv!SEj^HSuj#bxu{$yM z>h=CKHa<*e!k_Tv86?8a%tDkmd%$f-p}!)=IlcL1q3i#ZvG7&B47|164ipn7aG8c; zkQ43-yban*0v7oo#E3)`b1n(sQzl!0w55-Ndq;R*L= z9jIjpF|n(*9sW)C0STx;Z6pNK&uMAQX~DW%8o=FQe|Ns-Z_(`=;g8-9=HGaK6yI}5 zNf@n^&GZH`%+oAy@M@w(ZPj3|$R($-rP^5G(}&4!-(;(uiTbYnRlXGFzN@KUb?y;m z>`RQD9@fejd@Ik%bPh`=4+vG4)4%mt(M_Iz&z*3D|$xYhVIA#Ol@;9`P; zLwe+T+6}8LrpEebWiPAJEcCKrcDlSzdmV-^_QD>lC0Iqa=gLdY1!_9KF6{5$boeq4 zwMPyq>tUQGx)?B~4Fg;9T@T9X!;BY;uce)k8)oJ%tTF!d%}$m+UiAO4_vZ0XwtfFN zskA7SeVvLDl8}^bDls8cvM*CfLXwar<`hX;8cQhKR7kQ+LJG}fCq>rDk}>ur%rF>Z z=InRqy6*eAy6)?K?)&*Y-|y@9Jg;AWbiQ)V%y}H=v3)+r`}6+158Z3HqT`<^xb7T^ z;$80>mh{DNd8at%t9QJf)Doi@7s1l)^YXxWygt%XtnvQH zF|uEb{srOt8wF)n4~pz8!$;t_>55U3g6g~9@!yj2P<{7t(<>XlBiq%}QrEBEa+D=E zK0vipr&IJjb!GL=bP*g~dm5jlo|Ht29P^eVSgDEVX$i>_U?;aXetx|NnWTEe+I@*N zxYvu-cCJQC^d47zg`p(m8@rQR9mon|C4}D2arPsOf=(trjKXNR7NEK1xQ|uLA?#`a z?i=46xWt$kfp5q)816A77whouN9lVDdu?CF&YgNwkwmFG=JEb?T&RSyf2@8jUzH+ZY5ooq#d=3@gFHu*83r|y{-E`eb)*X<|h*uEoeG=mJ?4)3?j(6SB z)>6g$WS&cm8Y<}&wOp<7nZCF5zI~EX+wEfI*}ajY?s)&whaZ$bJ|~@7wAcmf+a_76 zQ$I|e?+pZz=;Rxk3zH-4FjEA5w+tK`-p-EbRr}UOQK_i12ll`{&cgF4OXc-zhK_T; zmcfm8#dZ>25%&fptzrW3vJbgZGa{2_n{N>dO(L{;7%yZbwUbS$8ON?%9uYczy`R-{ zGSn=@?J!rGzth8b7XfPg*xOkG#{1dCC!2PUs)1{aQh^7D6J?|dyS}=P`4L0CiFa|u zb&&x^yB`hO;8*)1PdwD&v9@wdva1Om$~KqTn9%!W%}b$o=ixSVA@L4DfVD5#mO$HG zJiyCm;=wQYYNF)moq>uBxi`(d7MgM4^F}%gr)i2IEY}xcz1vvsEpvOYy|=+5tNF_A zyGpy>aLXN$o?3JL?RIew{Q=%D(;&pNHXcGovHYI=-{p)N=eKrjN zpWNJtq;s}{kcfu=m?jT5O9`O~)hOJ6W_jX2PoP(MOV})UnA}mByvEK`cv>v_v^zT4 z;gKD0Vp)Fs#>LV(n;Th1nveS~3hkG8)l<*O**++-UU+**TKvE@_!Cmd>z(2M)hZU#1gH)eafZdf=siT0wn_&}f8eHu{*`%Q#pqXi=1ip5i{%eHZ zr!}=x1e-(VS7aM%J*PU~iRQRiyS>I|^;)5A>U^9%#B}%aZTE^1J|BOpKY0CW(WTOD zq3Q+kC+2juEWE!kQ;y4=d5~^w`^pv7mEu$Z-FrQmJ`0+b38b>^*Q? zt4~4PKTH-M5a<@V#KOX&+Nmy;Sje-$nEPdPJ(9;vks)*ME7iwVWOVt4y#`oz-@Oam zLBVYtC-73I(!w&jG7}y-ZMh>XCB6pnF->14R$nF#t;N!0#|7w9v+8IQlA^Tv8hj|G zdtYXY^=|eo7o103wwzk>adaQ*16J>)!mR(@vPn!6S4mHH@L>^|j^ z)Z!(}QKVB>TqWRfjMms8&baSeJ{@b5?6AN4;~n$?xlw$>&NPjEt`i9H$xe(g^-^&T zS~)W_HKp)`%@a=jx^_Ct^%LPB=2MbSO_X_KwJ0XXo8m6?B~*}E^KkFAjA)VT%132Z zZ}A(I3h!6t?XnmUs$P4is*cD%?QOz)Y@)X5!xz0a4&S|=K~)7iXa*TCAC6aTRWFZ{ z&PeiUGtxTtz~kWt@BN=Mo06|8Sa(n2pVY#QNp3axZ*es32}iGzGNU6^X_11T%pPL4 zV;P(Lao^-c6~BSNzVdVP*xBI}?11)p5mpc))IX}OO5z}i0!-O0`k^+1wxPD&ZF$tp z+cqtU9;17&_uMzuZ!$Kz6tIS2s#bvuGfxvuK4oWqVpoFc^%&tQ_X}UTEeGeaYcKKB zyj(-;jmC) zaaQe})_Dy(bBNbBS^schd;ghgo;%&|w-^hrT6cKuTWNMGyxTYblNVl;WnEtW*`z`B ze&VHQeGkN<_4$wx^0h1B-S_1p_ZM|+c#({jOpKc|Zq72|@esD2SMs*=H+~9jN_|?M zbV%{bJ_&7vP=H04!G-P%MpqNUZVV3H+jqkgo|e~H;7LRBdjG9ut+j%(T)TIgtKfKU2Kw|V(IZCNRg?H>Xrde%!h>>IiwzQwb~=R(1o06W{0 zXK{tkpUhYtMWAlHA(Hnjha$!fmGf~Sh6#3O-&JV)4Sr~ z+(%VcZ|P)DAC~qHZ&JPN$k5a>xIS8}*Ox$u0LI-ywiW-#!GnJS6-#e5SbU9#CLJmX z!k7=GLRgF>1F|n*gbq{(Gn)=;=G>g`;&b2?7W3`yNtAf$B0}I|9i+lR-s3*Ai_dT4YbbbGzN`VN%X}G77$y3^!;U z;xIG+=#_0cX>rE5<@93l7`=z+ak}v$J5}*Tw*e{6-#;^OS#k)s@9@GOuvyZw5p!{A zP2d&&dAuY$U3*n8%d3?xe?rxl9{234YJ>B3<$IjAZo-ar#>I18dOH&kV#aw+mvhL| zPOVOd{NJQ(GB{v1H03yl;#fpcNms!|Y#HebK~!?JW2aO}$cd5@ zo6|lEIv;%G$6JP-C#2?>4nprY2@T#zbWwDA)25n-^t5#8Bv0;;4n8V=^^BRZGOxHm z{@qK$zAw&>DoCiU*Cx5KzIhrdR2z1;-}W}+9~`|HGoC24)uzYrKz@OaXoAo6RnNJk zSdVeO`-mV_0FT?+rOx2$2u*S)RcSADL2 z^I)9g4C2T?(NQ(baCtD^ZYFc4$G$-Z^UjK-eki4x&p6ZIYRdMsg)%oAs;0@p8j^w{ zfu}j^c>TU_sv@^(A#)UJechKxuqqd6UplVV=5lG6Ps%4Dx<1!q z{1M-5eoig=Ra%zQU=CT3rA+hc+tBX4>XV=AuwTNgip0kcD(_`dGq$Gbsaq%w@_q@k zpiQT^dw=IZH0Lk~`k!BCdAbBV&+8EOQ>sRA?X4(r5)W*N!x=kPLV<20T4i*6opWC?UC6wmY|59oeP$x$UPTxoIFiMBqhu=OR% z{%i+!BS0?J@X#O+b`p+h=nCv$#Z1?ww*KZCHh_P?sPPOTc^{rPc z_O_^;+k-#~*UF>y8S6cs!7ZiDHC(wUY0=PEJy8d2q8sjBz<-_|4-aq4OV8@}YroF2D9Ct$>N86rKO>F=Own>G4#GRx#R^5AoGgf+uN0SAh8D9Q z1j|^=Zjh7T8Z0s>f9q?3{d01GaiXXYbeEuf_Vk;Cc76`-fT?l&I9gr5WGIbz;&sR= zKQH!~I#0`q1mdLImq95+b;gSn@4;Yo(gQN)Bj5+APN}lAasnLQyruR$4?nfHKJ7A7 z;0F2aE9K3$qXd8R2Xl(h1MnpAOejB5#a5@5R)@T#T5kZeJp0 z^e&!tFtKXt;HzUi(NCn=?HBS>h6H+*BF{MpOk>tFgeYh(mg*a-QC@`YxX`_weX0#> zZJrMD%qkC#)E*YDZHc^44jHo(FgpU&=e}ViS*CAV>9W$wyF%GdKb&v2m9&tai_W1p zt2UcRh;-(dC+w(on^DNf>uiMDbgYKwLPgI`P#z2?(nuUu`z2K*RG4sj(69k>AFqLU6*o{>#AEV?#*PDqxy;8NJ3T3{Pw<8)&BF% z5iF-0$zo?p?Q%9mb8ZdRAL39pIU2-&5#f%PQN`@AiOy-5&|0`6vns;BxMrXtr<%$zqHJ#D;d-BG@;>;8-jd0$#LWnalz3o)Fpp zulU)>P4gy8Cql{Wc<_w2V$2|kQk(sqLv~9UnA*UQFmK>{{WnAxoz`9bSCF0L&E?}z z1Ca&zoCOX5Zfw<;pHqX^gP@Jft^wpS;EU5=eITABUdAqg=iehP>~(>d`nxcIDpIi% zpoBx^C_qb1ZH5!9PFeg0)JFdTYX2_)wV8iG2>t&AsQoud`u{2DyN>KdYQ}9LUhE0H zS(|9TkLnX%tjNi@L!B;7cz-qg3})_%xlV#6E_wA_Fou%WL7obPW&l+61^3rW;Uq|eku@mQ-h7-4ouX;Qf z?K*ylbcz2OH$RP@?xtz1Oi;+Ows_rmkub3Tji~SecBETi-xRB6Ak~O}Vo0O%U*PI1 z*!usqe*`~9CXmn?$(hH3)SJA(jcBa^fKSEDon_X6SW_oafaU-nFCtD3fa!WM(1+(c z2f>h~IETs&*aN=CYs3TrgLKi-i6L!%kg@QL4MGb99`ANUB{9{v zqQ>L3^+-O^2Vw~~moz>Yj=d1C=4@>afYQ^gP?fo_1$?Wtj?Ikt&T$`v`KrtrHve(M z;we;FL``IGU?O1--R~ULEg+4rxe`s^3;a_CCoo2Q=yn20;X4No{PsPu9}yjh1{rxc zkOcM~y_Dty$XPZNcjnqj#Nvb^d>F-2bq^(uiRD7%=S0S^zYI$rxgPpl0HUY;tI;eY z1T~iheCA`dVB7|6g=h!f<%4LPHkfs{p!d8vqv$!1x3&>*BLDxhh`e<*3;tvidE2(JMpYvWU)W(L%+$Z7@%;m@z1{&PX^`2PIze=bPtS5yDF zQ-3w}uTlML0r_pE`n7=kTC4wLtbUorUmnOW4`ju${N?QZ@~i*0srcnr|G5QzZDIbr zvG}!H{IxOv9Rc{|SO4;>fBDtFkUfAQ{(_r+!A-y5rvKl81}wvBcYbSM#6mv}d3R%ld2!1!0j&c_ zJ!<_?>T&FcW})OCbsW8y^8Vr1-eChXA+Qz$dRFtCkzS!KMeW1wt?bjtL+igOzBeTI zaf{|%&I+!sg3Lz-JqE^YtV(p(SNvj1576%|ShFZ2fyN>=AT{ucS?#t$0) zKiF-DO+F*San!TTq1uNS=RtISv!yRodm8O3sx^Xh-&GU;wDy(Z#@fugZ>9I_RX!pk z5#^i6+NKB_8&-pJq@EanzBk-EIijVraD$PTKE7zN2s)(P(b2(`&qS-E_Lh(MsoKYd z8U@%5k5}nya>$R98PaH0O5$C>uRZe?kO3Oixh`T#L0;mPKPZ{~>myscy$?o9deh2a z-5exy8O`RL97K1A!1^#qpgj-97X57Tf<^7jl3*@KSDk|B-1sQSg?CAY39)a3k==5J zGytdpLu2Q(9F|miJ`#swYM98+OTpoL@bruDfq%td`orhZ&5x0eic3k*6zMyMt3@|? z6|vJ5S^%^MCww^c&pw%J42OnhI+vjF2hh1|C9D{J48-(EdsS2vVTdkByY?>uUFdRX=I^_ zms+FRi2S@{Jq3`(M#k@kwtQ zHIc5l%Fk0bSAWDKzE;hxLWbUG&_1P_rwybQP0H@TwIfP<)eg?Cmx@_e?|8mqwGaQg zx4OHXF9YV#Nvt);+|0k0g*0QDE*nlH_?vv213CDUZ}w8$Hh{-|@HubZ^n};e02z=*l~&tG=g{ zO(Z+`9-J4F)sQ}r+`oQnNvHVp&h^*Bdtd=l6+VS?tsnq`6zLw8pkpM{Bvf_ z1MeE08PtV}3&hc$Jo1*8VcjPJlKev;@;y)zlH%&?1P5>W&ViBsjaOs&3d`IO))z8i ziC>yme47d#@U#v4xjqPLak&aOCv+{~>udw8At=`h#a^Q`b98>M1>nl`HW8B!=j*_N zC3m2)?c~J)6TtoXQ?Z?U)8XJJi;tNJ@^GNxv=jQ1I0>ly{PY5-Kb1Nucp4OXYWZ`Z zA>d?bXD+JXNA9~u18_Hwf@7{zV>5s~0<5E-%AJn@Or^)q1IM&8!&hii|5nqXKyyQ% z&uY^VXKJA4?7)wcOX*2N|JYVP7yP&O=FJ9u)J_=jX0?2}{ts>SbDzNljtIH{?>p}H zg8wOfgj@K%TZzAS(v#oXo7~$(z}ElXOES+Md-g1X&R6ZMYue;*d9rRjme}Ev-E&jp zVSD-+ENv(0`F9QjYXcSgTR}x=H92$C=}T-lc53T) zj)2n(z&R!C`Rx%KwW}YTg;t)4{qdYmFhtdtKU*zG|5hM>;Ex9tpq5B|!OaD`1Q0(; z`t3pU;m9TeT`=(8p67r`3X1yioZQo}_u}KiZ~D5Z-%47kIDg;;>>U2xn*Y-^o@b5y z$BUSn>t2oAr2abcLHxkLfMJj!&S0tOmvQ3nQQJMF62_xrW77W;5MTJ6Rm^y zle#xet|@)3Rgai$QEAm3j7iN3UkJcjvy$2A$a9bc<`ZyA!1?AO%sbiHW3TsJHM`Oq zWn##ct>H0J%X#>mN>OTKkma(;w?`oB=s;_L_k!Za0E-0jQBu#=qXPof<`!;ki(emm zP9SgiEvIZ)uf6R4@IravVBM5NKh#C4LUzLn9jniL$mkls@#SV&EmwwfOsz-41^$Z{ z! z^Tob|mXc%0(ewZ~`MU1SnM(3)0zX5AV&lG|NBuE% zPP-^h&tcx~oACOXel!;6(peOpwuzP!_E9}FMd#b1$#)JTity?Op6E1;eIkHzLB2rV}Nx%^* zyDx0ONV3hgbzkDePM^=YF(pqb#*Pkc4PLi;i!P^UJ@OK{M}@LDCF>+EYBaNe3K!HO zNg~=M%qbon=~}x?yoY$Mn$_cP*3aV`zjJi!!0RLOedQKRgaY{Am6e5e!L0{&Kg^rY z*|+Yd)ho@9;?Wsl{pTMhMJ#xN{z_tmyjKrqAO{^ohrgM>3XCr<;50h+8NcT0h3z8O z{G(TgaPMe%%-eoUhsUYAd}h$64!sW34D%#crzy7UW)e2oSnJ+-Q~rSGF6CrYU6v+i zN-VePFj4}@f?)69)?p;NCQG%89R{^*%z_#-#!DURp#u(*7e6YWKjN!#=UXs`^g-?Q z3`eT_Kr@TqX21(ppj}E=O$-J!`P+oggFi{wj=*y2mRCG1*XpJ-ADXL|0!P3g%%?YSr>xUs~EU@ zk_1)ubL0?i{5!`2AE0FG8lvx+0zr-^LG#$5W_M+9Gzm&*3>=6w0-yq7OC00#e<6iS zM>~l9fH>j|1dPz^JhW@ThVL9!U~|!fV5bpe|LI4>=6$lD3PhXX?;Ougvu{A?A~FMw!gp~?c98k-9_yBEze3*@a4_XkhCYZeD-!c@?G9;xYz zP=&VdkMaQR9~!bGGF~7lmW*Wh7H&yU5tbv|0gg=~>sW5`(&%CsvoUfC@%B5%qq*jv zs|2j<9}704A4Fv;Npk19{UC=n;_$P1Z znJihTTCRbZ2Khp{Z<<<`aZ5POpWXvx9RwJGR07aALZETbIzUv8|G!)ks4#K^^1oQU z|J6SVgTayjhR+$q9c}3`uU2l)QB)nV5B~%>+E*UVHn%>t7Z{>NxMaX|#N}eEFTtqGm62m3fQ6L-RhH1Eb!V{&4WsLT?SSx_({0e zlA~IAo};{#G^@GI(f$s%V!E~0gZ!tj?XbH*6d(uSjE~0j&CIoY3G0p(&f5#K(vt-qG4$e51JP4T#h&kctN-QVXDH(nVgayYC z;5kyG%?yKiJd+1tTm4`*MIos1lW4jK5hQ?QediEma=}~CyrYONbqqAwg{;H@9l!gx zIb~2U-%rAkIFPTZV><`mK{C-x!2^5wdcgXWv67TF`g8TLKNk|n1s?M($Qb$R0BC8_ zD=1V0-nwZc9JGL7@cika;{WzTxxqs*p`hn(^0L;NfFn+}uzBI2&L597gm>io{eE~} z-GAZrdH?tj6l(_)!RE|GQbmxJSjL^Vqih}`ojAuk9|Fog@}1*<*U4a@}u<>;RCz^u10MZE0YN9)I^y-jUpp=?y=)gz36W< z6HMM})n??FBcqws;0JGna$xjO05iZWFUTVo?F19RbP}B>hcH9?G9TON`*^Ch<+aHb zHQC-O*sN?~Y%*$#s7clCF{B+hZEd6DCQ@uJyJ3w;@1Q1c*05bx1wfJbhez3gC2&yu z=ruRZOXwQYMw-A^l>j|bE@J(?^&_0gazb@yuC!O zuuSzL(-Fg`-~7m|y)%4>rF)3wIRpUiP^`UV;4Pf|&Ov?%(*Ba>A%>Z@2mr6Z8UhW0 zW$ihz_ofs)le>fsT(cFsoBf@`6r6e&0)nlVz@+c)GGTMU>t?YGE5eF-egqI5rSBX7 zsjK`1{E5}g>?Pn{-osn`co1%h>b?x}+6>QunXBkd#fEch>4ZvQ3-)+dL zLeBL=Gb|j-3^Cy@41I>+lU2($U@Sa_DkQ--HmU))hYz_pf?NR$f3CJFSj(v|0+jtN z!ArcJ{oxm7Q%P*Dp1+j*m1I{fE)T?X%(JmAh;kNd5a?eU;m zSygB{?;l@&6ZBb&_}{ChDrlw^2<>0h^VP3<{#)JtKchW0ej1*AyAg9>unvI1`VI{X znA{~6IiZL(}+r{V)}&5i#^zCEna6;$D4T@;px@t7- zP#u*IS-S+n$PMDgw}7~}Q0YSI>h62KnQx;c0v^_$eYyIY{8yAi_!6!X%xV>9uI%ND znsitRZM2hBJTEEYK=b{!d#7b-zMG+88C?_J@x&nXvYgVe(YmfFpal!0^rN~4VGIe3 zMt{1?ZxX;=e?KqGvvyP6j+#SdH?!j6GiXI|)4nAK9;x=RM2__BP2P^6>oxa}V@K`D zLo$nkL{3T?cV4xXe_fzk?Np9y+el#k`II^?yOy(Y@H^fIvzHt2IhqfdZniB$b?h2^ z4%nht*uWvU!4=2r6@H0I0LvKn2fqUsNgZh?p|94O51VzZf$!c4rvE78JI6yPHwO+- zB*L7tX+|Qd^GWD;C*^$` zXV;|vxWGH?+?ksp>{1x>197wxES~)c*`by=w0U4E@=ei?3sfx+cGpLnXvONU-nx31Z zL&mPH@=e<7p!&DK#-QCm=k4;>!muk^uh(D8H=cRG$ZfF^GxG!TD(FjoNB;^HKx?vq zpB^)3_M3tO;m)5z-{Fh`ut&B=&(olBW$m&%5P26Yw3OcYlYoQwb+GaKgMc~_MIkP2 z>j#{SUL^g2ukd${#Zuw`^zgK<0Nv>)Naio#8%~D%3+Th~eSkWWO@vc(7A1+BReu(e z`F!?PVbLJog#}ji;Al)8%>4@J9xFza3Y4&<;O%WgB{zF)4!wWft~q&^vbP~cI;gSC zzyIL6?FqfeV>u%@#-2siBV09dISd-F?YxCh0GumO-X-KJ)-h^+CQZJ&+i78>AanA% zbLT;yTlSs2`-FGR1(cu1dDV%%THCSx;w7R{$Bll@P;t(1M#K+Mn%(39lV!215dD4= zq5tv9!I|q;upqr5i`#Guxqw_X(|x99h;(2s(>KP{jd<5BgiF6#%lL%fWHfdMTcqqbcg(+X23^vcdA2v_f#d$9WBdZ`pyj^Lx{ z9`q)Lj}i5Lgk$>Hf*{jA(Q#XqyOXoj4$FjAQ=O>TXnka4^kU|ZUGGgG^g#NO9SI91IF@8O2T zR&PXL`r9hU z5z=9qNW)7fh>C9-8vE^zo*z>YamjTBbW1qZ4~x3khp$rCdc)R<*HNWT0Bc8m_?2T8$tV`2bLj`g)1!DC`6y*wPf@WknE(Vjx@v9^anm zlP)#t?DldCN{<;i;s0Xv5Ld$X!MBoPPL!E$jloXE{COv;Uc@z@x^*$R^=H)AU>9#Y zAOhMjya(e3@jWVaLiW2ZPZ!IJkhBJ9Zd_q!LhCZ z|FnL|b)@;e=xDeX?!M>_s#8e0(g0#BDr361wB37MIsxl>GJl(3s&K84%r(=LH_hUn zr|LTEF6^WU2D~tT7i-)@l%7{tvfLno5w))<{x}%eQ@mhb22|G0FT48cj$mm*HRkp^ zPFX2tlx{A2ckKxpICnXSjhF+zW$!V_*9=#h>j&56$3iIDYN@Sg&!9-(HP|E9HeXxU zxXK6S1p=8-YS>*gay7ICwJ><4Goe&4QC=Z;kBJ2bQ}mUhWSzu?8PE|BJ;ureH-5cf2|0x(};p@3c4fdv*Y$V3+!InBc|WH z=e#!z@;K~=8CTO5iXmYkQ8!t6+?coRC`oqV@^F(iEjcA7(SPyCh z|3!>r)ylo-h0F}CY)%SM6glJ?2EPMqsE+?6W*t~HOK$$nKf8|p&pw3?50Pil1K@<* z&&w$mth?j>Y4>!X9HhY>_j#vrbjukA`Xl3FK*IobNu=1F$w~$R5K$&~MY*pb3P~Ro zf`jBoXMncWryPhhL}uzs0#%Z#(s#GQ?DDk-+nN;QSf&n9t;*=t*j6`yifWponD5E4z0W z4q`(c)Ce*R+w_yzk%SXo%Q@a=5}rGp%oe0C5MO{p*OlBU55yocb_o{^0!P%dD&0fy$ z?~sryaLx}S>TER>Ffvb=rb+D(e6Mul z>}tU)Q-fM+qI0-#^y|7XmQ?=15Q>o;BRCJx6qOGVh(SQaKBYTG>0!6)?16VdzZf#gE1oP|L4 z<0ABZd&Jy%`SbYh=gU_gPR;E=)~0r?pXqs0<4+b*UD6*!-c3r2rzw+b36j*Wq^i6# z$1ZKjQ3|(GFO++=r@P|La0RzkVe=UIJ^8LEwtD6c6Lr_yPSj0sdi?O6qoL8fORkc} z{ZZ{#M<@2zrE4_waiaK4PMBnNv`vjpcnv&mxcp zKgZp=eu~QBRRCJ#kq3)l^ytV4#MywQA0al}-$HDc1Id*HM=FsO$uwbOK+Ge3P2d6T z845a*VFHhaf9DVy3v}XxBym|2hy5*5SXY7jaH$z4{I=P39JlveA#o@FPU5E9gVJKw zDzaok;(>*2oj+_6Oq^A129p?|U{6r?y|qAWGm91F34D!o5GFWHDsc5F952t#K8pIysSXo4Y{Tfrd||HmF4(RUAnixk2L_uKh%)A7us748cBqW3JoPa+6%0 zj4DsXc;1I1k9xY!^4*Gwi{zOL?<}C1$K?11OqyFq<&7i`KO%IkenFc$9qY6CP~ABC zk^Mee!dse+)hpVKl3mX-U$`(s#?8&ujz?%Ip%O#S_3|vGJ8R#sPFODT{v=fckpHXs zMRv!?)sj4R`kRVt@?xCx6r=mMJc?c`JUDY$qoB?JeiXK$qV2Y$l^oW)t?8@RG)7)q zK6`5SpaH$}D=T?k9oiP)KvRn-R?w*?;kJ}pJ+YqfkED$!nMb^9KazYxL$~_qko4HrD)6T42ip55z#d3&s$46ZK{ThChYoC98(Zn-{P1JqIvY71{oPe}M{L(_XN3{u z>b_-BU9E|XFvo#Zn<@)y?yv)PN_hv~cuOsh4_)ucIA^BM{pnF*5s!M1v5Ng^nhAyX zp7th2*=ebho!`9VjSLK@q^kWjG3Q=K6;z$WCc8Wyjt-8*oa?=5%Df}n-WVS@Z0_$4 zyXwu8Oe?b3PeK>`;>v8h^KQ(|`qRH*f_xVT>TVN+yEEWjol{;FJ1S99f(a*60t)i2 zg6bPM2H$yEYv(!TkH0RxgYy&^4sE|+xo^k0hMilZ-`{_`mblNNsx({KeP}zRM`8SxM>(UyJHfTI}N7 zkJf>EuxgrvYxM6j*Yez7l^}<46{w0y4~@4rJDer)okMMmIT5JGd(X*6K-4UIw$=ud zR-!$_!Ru-Ky#2bI0pnsI73_5W=?v2wx0j%$!+Q15FI?Za%pv){Xm@2spDX_i%8#+GLF^XIb4cV3hzxy?yA8dOkO2CF7hmPI` zfsBeIh|n>A9;6&~r=9w%4cDIzJA0Dzvl{FGVJ}plkjM@|Gf!gkDY(T3C=|Xtj}1l4 z?ieRpL39TTJ6r4@wP5irfChg24U)OY%iblq7RjE*GjJn-P!=fi{$HhWV8kYVS73Di zO@R?#6=e#a+2ONtG79kLrqFNb0^3#R&@BF&@X5LXA$Ap!KIn!vkc|KHy(0;uNh_MJ z#G#%Q%C&=AGaS=J>X`>*^=AhScHi_%WW^pLqL_&N0C)kB(%M^p<);7jy)zaNi0Ak*=7jAd{&8p%82TYS`{_@NI*2wH)AgyTF{=bfr@*3OQujiJWXjvpGnQ zK&a+TC-BgTQvQe<>|kJ24_hhj&lMizxv_ zyL;`-eIW8EL790yQ5cwY=8?@e|BFWVuCAMax{lU@!@3S}k07{NG62S$^26&4G$YWq zm-{xGD>^#xHoRNE{PM|IhIjleg1PtwUyc!SUGC%H*eLgG_ z&HjP{Z(?V{J-Vzce1`wT;HjABl`p6qbo|7I__3kvmdau|vP+=Q1IQesYr<=zkyuhA zBZ|Bv!5W59$bM`Xlea2xvw~Drsja$WWWdyIi6)Q5N7%i6Lvd(LxCK$O2XF8;@GFUFAI~#a>Tg`HacjP zS~TEZreU2nhYmvblIAOmCv6*6myoy~4w~_O+JT%B5kk&4y`3GaihX_lp6&F(SN?q_ z#AhR24~9ir8(%iZ7)%wn%CqX6i7!9hYn^84(+q1#i)xip-hryQ@1>6(y`*^H$)ooi zbD=X+w)wbaRh9;=xXOqcG7#A?U})D`<9>6$m9oZ@v-(?jun*VP2`q4jvK%NTQGJ`r z-?U!6&`B4=D}SI|yw|QK?B#e)EdJ`?6MfA z3x};-gV;7JE33q8DGqv__G@mH>H($Aq5e&LR~xLZlM7K;><22te*-}@HuXUMu+OK7 zN9`;Q_S161r;L8qenz&~QGCwQLF>pbyz<`1uOD)&60`O07mrI~`c&JCw3eUGXny9Z z9!SW{>fP6+FnvlH2jQ=wwg>43Xf5kaI1O05Hvz0%!Sq#))u)>m4v&qRV%V&hn4lx1FC~7)Qk#y=mANi*+~c zXrOI-J{pp{G!Xm1W>Un5uC2#NT~=b0^qUv;9by~}^zHmSJlbj&S*Z7@;S?{E!9F`2 zhJHA!m9^l>&hm1PdM)d4U8=R*jOS)nTf@>NuH5LjjzEhU#Q>_w8?}!aTa%Vd7h>5D z_sO)|3?Qo9RZh~((%Ja~osGlGhMP|oFbyMzyr4zGd`s==PZwT(S#)MUf@7!4nS3^D zY-E#b&IydOpJNK9#sV!fB=4l!3oR?cE&EwlK3^(qPq#q|j)$+AdLz6Ie^ie5Bo*cG zO)s#OaFg#&PDqZNYJ3LvS>-^sgREY$knhW<;qnhA{$aU_f(HZT3|6l4>bTV**|Vv? z6L^N@n8nBr{AY`~=G#O`jZWmU$Kr}S^1eXCn8KbZeFF^(x`hsf_s1Efi!TB}Y_`SO zK95@D^xhi!p|?Ja<|hsXbZ7&}eXIy?#;^h_y+jzhcts@{-DC^)le?aQUwI(uMS-2b zuI>y#vde&-D(p{HqiiP9z(E-`^0M(|j2QXTKM zm~y76Q22B+15Q$HNokhr6ypQ#iE(A06Fs~cD!Vle`utl#wv9F1ju6VtcywlD0H#-o zi3@G?9WI!_oM&uU-r#EKzVq@(_~G=c8%l#S0_B$#l|MQdU#q(CJi9{g;8&fHTvv<*8fBM(ZKp6lMRj4%+pmk%W`l&q`ZBHF=P-4<3wp!tsNjJZ* zKwh449B{r#3-!qkey~q>d0ttGTTe-fThq-2yr^&rzl$ejPtn_p87U=3HmIv%1*RLL z;#GO&%p?RC^^Yuw|2EzrK7HMnsZ9%n-;}IAKe~b zqwyYDh`ggM#t356*^^We{F9xu1X29meI>cV;%}OD?te4Za41IzBAv?EhBXO&8Vv8} zRTQk)(dxc)J4vUEl?yp|H8)@Lyp_C*hDck}q%nU!n|)sI&bHFqyGn12*mW$%e)Ak~(bR|!u;W&b>B@OSXs(}E z?9QnwK?rMa8<*TpMRb)P^+=yM28%_ABpjpZN$Vd!$@@{~1(jDDEq=?s0MLA&#nU3* zFJN}I77E8H+1i}AzA(2(EQWZD_uA1JYxHI>GOsgXZOdb7(bgV@$5g`2Jrwf|4snag zFMC-%v!2bGq!75-97hd>TOpxj(&u}U)kj!_ri)5c1)e%-L%5x zk+Mb3j}e(-BpWIU)-5A5m)+T%^0EK?qoroRwTJ}-4#0%Qg!K*(hfs#?bOSNA74!5D zR0R%Ctc0Daq()4@SAKvdy(^%}XKjFV$C#ji8-9XF=R_lYaj>474NMpTGw}}L78MN$ ztVp)ME(o}7fPJZ>Fv<^$hkFB?0^!jxI(usg>p%m)@|G$og1;$SHfuTw4%Zf#d_t3% zlAw0ZE%-2QWd>MMC0-V{eX9McSF61Pe0SL7hwmI*lmbhqkm|-w>#v`|XOg-SL7HcgR>?vD8|MWDYYPM`@u=DF zOw%GU6Z)*~ua8E1yZ5r6sGs_2stL2{O6rVlE`T4B1*Fwp`gL7St;+?TOi_TQOPv0T3=0tz+ z;lc32Xn!*YTCq~G;;zei{QlC$c0rl9vMy_Uuzu@(<+SlLMe9JntlWP#SpUn8Sx5XcQF@5Jfsd6i}o~?}-f%5m0)M3P|rALZT=jT|hvo zDj*_4M0yP!rS}dY^iDzzq<9|o?3r(7&z|$ndtKj|@0@eJ{t+}!kR+_Eb>H`|9g497 zOZo*Xhd4mg0e1_i9^o=nt3yiK%{@^s1t57erG!X3Vg((?_iRiihR zG9Cj_p+Sq>*UF(gOMuXk$!n`@UFzEeq6f)@63ai8<(VeYW-3>}-r*+6$+qugz+U(6 z2X#<~WO`^ueMhZ)v^Ixsyt=$Hv?*!D)osX9xU?$w^kkJtASVz8KeK?s(mS+foGVb0 z^xlUsp`#TC-`x1Y_zUFPn#gwCy<66$yw6fm6#)>}f@c9jP|{u?&be$hMO~~~+somi z_n~{j_6FbhR$`YoDMh2~$wL#>J#&d2uLd?~K&#P0={@vWzxHVtH`!tT>v#CmV zj;rx;eXgiKh}Ps^7sxj^L-eEzRRwlX&f`|hmTf^o7uTK~e~>ln&Y2+zDHQcJGu#Og zm4kcv8~a!34UYTEI;aR8EPEs5gA;kFLi66*rfKjc=2~pkR9Esq&mjh2%vY-}SolUX zP)=^Mo!&`#WntH=Ewu2ZRY-ND<@TEL*&ccy7#-R%P^(p^uph!_JW`qxz#r={o>)zY3C8}cm1yhvh4uD}*) zJu9eJ-;$8(lAm9?7eFSaN&0;{m7wJKWm~{h0~1(KN-PCF+PL@!q1fn9=88BdU1x4f zW!@O7dwy1Y`mD?xch2UCU6celUddw`dWt{(xQ7E%n6s@^~qDoAgs^l9ryk5bEZ}u zzyBOAHVx&r^}iZ5%LScbN%0F{{yHRahc9tVqV2<-B`pPDJGwlZW8&v%XV7TSCMc85 zDxx#hoj0Ccvc#VHrMKx}=W^EU71pPFm7}~nMVbTo(hf!&Uke^rm%edU&!1!DWq43G z9bN$wM%F8tr%Y46XNS=ibWroN5tS?Ix(6sFyUOrWvh=%3_m?b41+7bO=?sTmdzz%3 ztzCgC@YT+5^Zh^R*-!j&#Iw)xhau3($V69f-@w2}NK=ATzj=>0aIm&j*BNqIgJr7Ud^Is1M~u8(^+&7}q5N=~4$J z&S%z?B{YZ`jD;JeV_v=2@Bm~EK`O|fWxnx%WkCj+w+L0XiiHyRASI9a>tIaF8UfB@ zsTNm~S2Vrs!*UlZy)O1afq?2Y`F4%E1 z^la=#dFYn(N#)(y=C7_!coHtn)qdgm4KPq_;_jjkxMQ&LCOC4g$9)R8+>rqWTf+6PR#F^4-qiFHGI z;VE)M8r>-NV=5GHxe}A1Bo0)*GQgsP#UhvLEnA5r8$UpEjz>SeM(HVVcFfOR%zVew}J4JO(gj%1Q*BRe;s!{sB<&>P3 z-}0r`>A#SKhPwgSB)s-%hIHm>M=!-sZ7m9dcNaHR)h6TRTB)Nmtkf>Kyya%d_Ooeq z8Qs1?n1BD(ux@14U_~W8mvMeZ+4~zsivLTT_`o?oR4V)!zO@DOy`_dBsFr_Z0zaNp4yy1X`Z^;zXXWv-%|kDoLt@!jC{m8{nG~IPwLtw!XbZ$1 z`ZTaQn_@Fc5$pxfk&qJetE!`1yIG|jjd4^T%qS&z%o;4$bZm^UKfM@s&Ir@Zw|2=R z2p}bTn(fx9JYJ#YZmF%oWkeRkxNN`KkDbaqm7Aj(S5!C3Jstf%dit4)FLa%Yc-_Kx z*5pMi_sL3g-j>8{D<{;v$mj!^Z*Kcmphw&6@H~eXUql#o&#kv4|-k6b$zIsYgUA3W4kfQ=TtyIyHTCkGbYV*mL&;q zE?G||@D7|eq{t)sbrHP^dN2kA*Ahp<@ZOtO&ROMQw<~!=#=Zo9`w*1qeF>ChnL3!V zITq8D&fY)V_zT32VEKfamuYnKa{dy3ey~(Q%GsavqwYeF|II8)|JbK|=9YIj8!U5e zyr0)r$z*nNxfzZqiYngL#aV_VH9POpQs ziQUd7l?fvH{NV^%f+cQtIz5JGrE;YsiS=QfdPjko;Ou8cb>Wvbsn<}YO03vjT*gZ& z<@4YUO_?^%>(h_GqSq_PLUl+R*l2_ft~=~1;W?ghlW5rDb22NO|M9hwr);9#y%`rl z5PdGm7D(g}kmuQ0Y2NZ7cd9;T#PrjFvoqiMmT<*Hr85Wj$1iB*TxEQ*Sme}xkS(%4 z-wQU6$J%IQu$#Mk@WoM#@=>b;)rjSVT2t~Ts69V!zA60#jtY`HOWVrQ*KM!V{aw(?lMb|s`9ys}=uBxLFfV}Cw=1^46P1Wt!K)e=m`%SeiV;wFs#-rc>nsb_ zC#M2HMWE#L9PQVYb?(Ahnm6yn&YCEiWBe|6Ln=Ie?p-t(aMk->F05sV-{c5{rB;b` zwACt-jM7l-s^sLWNjBHGYJRdCK;XK5$9p~dF0?=QTu`?Q{2o7cG4(~Wlc-1_-3 z_EIOfQ}q(IN51NtS=$+Y-Mkujm4Q~{~W2ykIfCo^=-?US+zxQwq{jm~!8ov9R z_Ww6&*u7mKk!b6(9UyTXK9cnNY5$fPsC|?fC^U#*-kw%gLJl9r0RqGtKmq#nZ^Rma z1){;{=ZzJ%Os6=_ly}F@w9a?QHM-W#)Vyd! zmz}Da4hZh8y-JYT!aR8SxIpAWTP)G4X^v{wfT~9yGwPJsy_ZU8b&x-A_A}5+*sbhj z{JNvhu^nqtbD(LSEr-o3kq(9QG>6X({;ghT+R*V-uu;Fn$G4;}hqOG@4Ucr(i>o&1 zAW;dm=XIqP$|+35xhD**s_v@=k5eY0w9c0&uS|V#Y(nNG{)`BOn8gegQ`zhdbh{94 z)bIZSy?$QseRI!^VB<*~uUAk=-DvV|dq$yRZiE}*hhLH8@kRIhNZ?GuZ5=%QMzm7N zz{}VbZMHZY-=_CYTWIgoI%*wk>4P(-G#2o;Y~@p;q)voQnOMPtpmd16`aPL>HQkx+ zF^@V6D*OP234bbECMEY4uZVDBR}X209pOcN@%mh(p$*EnyAq)oy8Y!UuNfxX7fKz z!zR6b8&3TVx4C{fizGSZrEH=dS{b1ZBvRW?d<&jGW7Gstb2n}n!AHh_i0FsbVTEL= z`DyCS$yt4aTjQS#*+}M0pFZZCiEhu-tP*wDf&3V%*3Kc=V4L?}6%$UjBt6cqAy>=1 zS4A=2G1phUe(V8gmP%Qu6>Y^phq3o}c?IEL)oHz2ILjF?7tM38{)}Sq%?vo@OwE=c zax8Dg8Wl>S;eVzCVcc$>;)(KXR~GF*nHfegc=~YP@Tq=a*Nui$e{@5}NmL^$6v2g? zb`x42a%<#^=$)eyZ5%0lqMY|GC#3G@SXU--rUV&KHsSfH(DTnNcuN}CT`hp}>qCtf8USKVYk)Jl^azNp5c|Ko zicZ~fIS|7G9&1a1T|$&Qo;BKcKA;CPvYBKLi*`^;xp1)sxCF!s4<$v8m5~EG0saJi zAk}pD0n-lha0mE-H<-8g!vF~B=^%P_!-dS|Fgkpz95378ku|o$XlE!prZ)Pq_9f%q z8g88tbXs2LCL3?g!y$BfwVe85MUe9tfCY6Boi8~(vX#rLa@ta}Dff}49~>}n{VCj+ z_3*uLH}7M;v+Dfcj^;twNRn4NL~gYe^D|?ZpJMTaGiJo6$-ghVvVY9^;M_G6nun@Ct)OS-O-D)+~hwp~GoPrao>J4)Kq)a&Bd%}5BiG-PHAb02@- zEx5AZ+BJKG0nMV_5n6ES-XitD9*h;jY71po;`Dg$V8#oUm|9Q*qLQE8@FM--E$8z= zT_C?&E@6gj}3f9G9!nF$J(R?}` zn>p{#fEMHVkC#1Yx7L4h&CoM_Z{E54XJ)c)$8xVPT;-&WOv$DLO7R`Qo)aX5?mfg8 z5`6H-rWPCGA&y>GP9{zom&Y>bvP1o-1^u|{iQX++T(^dVQtaYprmPs%q@3Bg?*6z0 z6fV05W*F*qxD#Gl=`yZwW3y?QZQSk4gleH_E;YlY7PoVheZHLs6E-^$)7_2NDCd2t zwQv*u!Ckp~uErapMyXX7zo{&RrH4Z$+_inqV{zZ~fc)s1xax#_q@t(eEcUCGpmR2j z+Wtd=`KF7|u9`b_i9(7NDnxAx5ER`1vzGY3CH4RJNXEA}D9nUzfB>=Ki^3y9humcG z%ZG@}q-?+LBO?dLzZyTPS|lt&0q+LmBH%L%6lOi#Xq8#$!MP`Z3fWg4MqC%ujVAzL zGOyk*(C*P#>!Mc#K4wodzO`0jp!zWu%{)nPu|Nl3t_+LsC@a@jxeuBbE7(hM^VqN~BOZ3Y(Ncsasx7S{%m8fxq6mj>@$pyvSgBbSzVjwRw{%cSa$ew!&q?cJ=e5pa zw}cqOCB}mTj{)=f%GTx#8eiR6aIjQ`n3qt#h*L=#JyX1wb6b7Gv27Vy1^o882a(LE z6q4EuH9okduwXS_lRNY4s;P8-Y+}4tv8qm3No7zg$P;XH!%uqWKBmMcBCCJxF~JY3 zET)D_h;(qVlMNGPJXNE2?2ceEE?WN}J#@gf z<)zS!o6pBm6HMPE8=%nan-T+7S&>2LbQ)8&L76Peq4B$MXUhjxPra9DCFmAkR8$$h zB2g1~^Wjh9bt-W~g^#BvFKAZEdxkGjLXRd;RdFdH-GBR%Ik?b`y1Y31>IdZf?~?c?%_6pvr*tc(BaO@7$(6py9?6xM zz6k;3!BCS-CtxrYI(4B3{#z(5P+OOZk(iRZ8<5U8ScBba>!p#Jh-Ug-uT7>tJX1L3EBXk zg7c6w5JCVu>L%op#w?O^rOX?_vMr;T4_F$C=Ye+|*ec!PBp@ntX&tUp3B;?&dWGGX zFpf9S^APEj!Q#sJ^};2eXpGYUd-SZx_=O6lRIZG`ssxHye;~hlQO^$19I90u($F#_ zPRBCT`)W3f>5<@P5QzHmjhG*p7;qt`X>+8k8HW2tVP6>w$;4L4N?gr*D(>?r^ozM_ zCIdU$N!)|k1^pk?E8U}HHo?YAG5!RGJ)i^&vR+P?Htl96@rTnhz?}Lfd|hW0g}(biv~4eL z111uA@?f91n_#3fli?fyVUH4#zWsXv!=a7ck%3Wa7 zc(Dya=-i-%eYT*%*9PNR8@(Zya8r2>Uzhg7YH6#~Wi$O>kcYU=ygq&D#gF$QmWbrm zdAVjQLQ!+2*mDxpFQ4#2ucWs)xnirLzv(YI|>iXZ+3~U9mR4 z9&_?i_4m>WWKopgV@ss3(fYUpi{v@}XH9;gyvI(@QLS!{x$F(&z-#?BB5A;LAE#Wm zqNfgBv*Na&vo`UWyHy=s@#L)j-37ElC`k-O5MYh|CaZ$2QZH&*k_r?Ccl;D(Ai7`N zd)Qit=s@D`JLxtj#S+l7PR$(x?hA{Q^YibbCfmh-2IM|(vx>Wyi`jN>a~Il4YJ{-% zDY1VXvmHD8&LMMIChR+{5Szg@OPGp2h%QcjS84w}LnkHzgHtz+V!)EK_Zz#o}9 zeScN59`doUk$Kyzvw~{>zQW1ax920vTjikN0a-eeVl()pmo)*2|2Y1zx^FFucxgcN zqszL;^%qg`0>`p%Mgz`z(ZSD-qxCuYd9!`N>&nE71pd90KK5Njw~xMGm_}`8IOXc! zDKkE7O#y4ad98-~zGX|B#^1cjY)g?Pzl8_pFDWF{7G_NmbafM__WEw}xeJseec;-D zt@h-!((t0#5iJmKuKpWk&kqx}PLZZGBu(+*w6cKW`!qW2Yr$78gk5px%`2~(`fvG; z3WiV<%+7syZbr3){C&D>^8$Ee!VnZE(SFzi30=+q7Xi}8{;aDwx=%Al*Y4Qje`P3T z4R;21NBh5$r3u4(?*Y&n2>^8?T2L~x2;z!1MJt4A2pX?k-A+-z2+JfhyahH#pjX$P zz47nQdj;qYsrGaLr=c9mByz7LFdrvGep&{Ay2w3$Le9Us@(ZL?ojLXivN@u>m;>M-Kp8C!T+jtLFOk}0pe@VFT!P&*(Y|LwiH6Yq z*-`PIqPvSJ`WE=Kq*L`!F57z80^-xh1H}iG&6no2#4C&*<(=&SmZS)-;fFCe}5%(x#chLw=)##M$U(Gy#-84KFFb$*T#9U+ztNTBs$7p7M1SAHSLd zbnk`JL0>XlI+cTn0}?Iw!<$lUq711#Nr?9~)k{)mS2RXa`lJ{Lrl2j_TqvOD7eLS}WD zi>JI~!biPLjP6gkJ`vISd7?CBn&C9Y!T)8bqmD(8#AInB_X6^h-VjR?5kfK}XNr9s zMDVW`E%^(U$B9US)MNH8gZXSuM0F>z&2bQE8zCog`!Ae26j*|Dmd~f>Sv$r$AFf}d zNS88En2}=xu9en1df;uSKTPyh#+v^~8N8(^j-vk&*rnajw3KrMODs#I)aF^cpN^c| zUj3y0t~xItrF6o@W9cB~ah+q~CI@2){3gy`SG*51H0~uRoYPxY{Rymmu1SLrCs8^@sMQv zu;le_U5n;ZU&+0#qQb|Y;5TtoA3m(~z~eQXxOKf1ik)xs_c){S_u>Z(sKY4S1c#Q` zm&2a)iUw34s!P?+kZIV#!AQg2jwStU4z@$H6-9MLb)?szD)`p0M zSa;iE@+f5_g9i110eG2rLzQ(LDKNLtztfhsZo~4v%Z-n zr^9$2kV0HTRn_LmCYFn|U{}q{_Qd0ri>M{lQr;yh9PN7=P9(}n^lNgNbJjrPg7gyFscoK>U3JoN zqaQu(^R@2yXp1~5ruOQsU!dZgb%E?9Zq~s9sc|sPXom~@<|lE+Mxj(DwG(t3`WEQz z{+{8-&^6SolMcgLr|zuwE9af72OL9kbnexD#C)-24Y$|s*ZpT|Vz4m{Xa+bhZp~jT zR5+@nbe8Y?T^|j_blNH(C5A_Gpfg=j_aUa8CQ(}cQO34?hASI(CW-u#ZkZ+-SEM#} z2gg4a{)F?Bli@-*lzzNv6v_+3c>gRJW|-9Z&ZE(BmNwmQzJgaydi9HPuA7F1vZIRG zor9IOwf*Y^en-W-0;}kSAym&MWO$4B7{TOj!p!JMHeoIpGZ4~5C}h^WLmD6f!=}T zP(E>;9$#*wpFVMFl3VZMmfkuqwKEO#>eJXtg8>H(1|8`Sl?SPW@bgW53G8b`TffbE zWY8gNJ(TuSeAXT7ig*UU&-bWPye@(LVjfAjW6MuF%9o_ezI-ve{=&`0S_W*_Ekw#1VZyGIZX{}2m^nf2r5kS}=&jJ2A z?Y&@mxIa0;3cvV@2X7eUA_9lb#Em<5_5t%w^AFQS&+@ltx%5J2r4z85BZfCpG%L&T z>1DaTnN6(c*oM|W+0K?a!oNnO7V7v;c*l}>vjf$`9geFY<}a>tX+_$qX2*@Avx(qz zZJs*4e8H_8Z_1`AIFUk+zgmR@%5v{~hbu88zI3+qMb+xU0kPTV)-PT3r~`6cX<~i5 zFruQV`T(hjauT>nz%w*(GYvRj9!Swgmk&#~lvEn)Culs8=e{cE$eS8;ns|3fGq7p~ zGYZ2dMZs_S71&R45LI)0iHq-CM0w7RfJz5mU+bd2**$B5J`03^WE_JF4rLFLB;Q9V zK8&Ms>@Vr)2MfQx_ni0J#pnHfwck+}9%tXv$vO3<#9`DWzj7_b2_Ex0yOAy1L_9S< zD{UQ-j1Uo$Y=wIf8I1D>Dq|Wm&Rh7Z?%k&m;Z}>A3{^g@I1m~C)7dT33-yF>1*dVF zz>C%EmulMH%x=Wki=wN`nvJ zfNROJ3??AXY+s+2m;+A0(+edH4B4h?nqs3%0F@K+HRhiDKFD63zd}RE~9ZhQ&a#`FRb4R*`Eb8P%3vY#XipmF4{}V zC_EXmKuV)xJX8X|`udzMOMy!M0+~tDz^}vHcH1fa+;pvs7ODQG=}1Y{6r#GX0%c3c zRxjWwoSO;!i-glo;kEbAvRo?dY~M4SBLnY^ zRSXrP--JB^R!r%_pAb*@jz5{qP+Y$h^$VoT`%_+3xvMX01J$XXPmx2`OH+9K3gs$s zT_0q62zF9w#y6&~uU@Rbx#JcsD+U`)T!t|q>&>16Nlb1y%n4+(u_FWz-dgm#F>E;( z!6h_{Au&a?(t3CZ-Nr`97cEwn)W&{#F=%N49~ED&IAFi*2hM~R8Lq*m!J|3a>O12% z^9i}}tlT{4NcJvO_Qw`?1SoA=suG>yKY)$Xb&ja^n+Bm!eHEm`TE8j!f&LI&Uw zBfyz0!gOpNTEZH#gJz_3L(g9t+*vi(IxR)JTHd#E#Vgu&ea?68!Ocb?x*&PxgL;4; z6u!9k7kZE~z!}==9`V?OeM0^l9HHMmlmEx9<=^y7egl%7l%Lk6J^PMqCo0NYS{7$# zWi%V5Az4xP;M5VA77r1Idk<9Wf7Z@fDwD7~6u$G`_U+dsHmGmx57^BKcmHXB-;1@S zk9FhH+r54L3Y=~WWOo}H>}hxh-t?PE<7lzu>dLov65LfUIIlgYY4&|Uq~zM2p)zr^ zhDpA#Mk+!$>A!f#zDs?LLPAV{_o517P^2f>TfbUs7f1h?je9{mZ5jv z1kx^Rs4r{4dRy!NtoZzI)1t%xEC&+*J1q*P$xuZw?5G8*#6Q~B;4^4`fhO><88XAy z8JF4q9kQAjpp{=%RY7dQAN`huL6!anRIH=Z^Cy!W;KI=;T*nGH08EZ%z@IT2vVB>< z-4^BI?kZ#m4F835QLFR2y$MnYc*AFFEPP!+T zCOKyaN@ht|1)o9w)i`Si#ZSlvUerSFE>P#HWc#-^WE`B^!F)v@O6MK413KX14&(+u zB{8O|6Fv73D5}elJBeO3%XW%=!#j4k=l^OB^~d}F4^e~oxAfq}y8M@}Xn`OktK zf>4VwXOVM0Zx7MrYs6F{xtn46kk_RzF}^Pm{V^uwpJZ8oiz55@52{ke!fLyt&Y=*f zTjPM{_*AI_XG_MGz$$omS&Z_`p`!y>91h43SZoc$OzR*R;``48{CDs_S!=V93%@`W zGw9|+uyGTnHD~!S`kxTU8uowkLLjq70*%g10P?4qo=0vL*J$bf)#xA(czSNb6^0=s zCSVm8AP;wu#J2G_~9|L zsOGm`rf9k)3;N`?mff|9N!piA?Z6~cx#sjD^KKJnWqcWSjM9nZP`ZihR>Mn2$Kp24 z@R5=$TOIo*W;#l4Twi1u3(Mp{vlE7W^G05V3>NmOHrKYsQ>+6pUm%8ZO$u`1=e(|* zZcipvRhdk(uRWynWSpaL5c1T&5z4SmlA66<#?8eFEw4JBgxrp#kyUgXRz7=-R}Pik zv(bvqhfCviXXY_2G0eWV8zG9g-Qh-tGp(Pm>Df=NFempv?AUgI$Gqb*xv4zZAQJJ}QGrC9Y z$Lgu5)8+4fQDtmwe<$mdTxL-tT&935y{x4hWhYoL^I54Wy~6OnwY_~yqvYVo;My?+H0kD=Z(sBK8Zv& zxrysql971RM>we~;hD@2wL}dZ0PGuE-QiYFy45h~oRY&=kk(Jhh~2F$`@yidtS#~! zCQgW$VW}dj`pzIv!WD-;^(u*EeV3`2abWlEgMsu99+u6;TU zAq~fWr_XEBf|F)*p{y#Zgy!w!XNN~hdm``r%ci=gAiF=lk8Zc5X4@4{R`I0_4~=sn z$G+{k=bfIS$wsUf7w^K;cz&TY=>bC>zG0Po<9AlpkGi;?{os$^G{%0r z(0om{0nSwVi6)dxw#r;2|w@sLh#WBRq4Fd6Y5)T zV+oEN!Tctv1ATUic2D=eAkl2Y2uH}TQe(OszEH9F+L}X^Np6htwt(TX&V=O<*dAjw|;ARx; zFK8~XM}4UA+gxkTwVjfx8b*i_x|>S33F#x!Z*UXOom?_+rwTr6eb$(HVKPL+S$Yy~ z49G45y<7HLRyfBMBlvs^MCKSShMVK`pVxEGpat>ak#<(wk-QFaxu(v}rCWd>6C~n! zo>qx(n|sa1;8b<3jRWpBAnf~_5~2$MSX-9)0cSig!UU`>r9E*rq*vE7u!=?6`(w2q ze)GaG`s*(E_h0|xUKp3NIz^-@%dM+7PT8W8AVMT>JQMfz0jYJC9lId|i4=I2ZO2Bn z_?73Iu`LRQESQT*u5EgRAV==AJdwyNsO-$wPx5r5?(|jQ2+<<-k5}4~gy03kkOn+| zSTW|zvWGoK!hrWs?^zA*oSw6Dhi3>Wty9-iTGNHA2N!Qe2pwY*Mh>>fJ=|@zXo?T- z9I96N;v4P;$w9gyuT4vBv5r%gl!cJkvPP%dGos~*-amScT8IS&rKG|Fe+C2I_aujv z>+D{_>0;+C?g77cynKNh?3Lhc+K}MPz^dBCQbZ^B>F01>uRP3{ihOO#xr5#i@|cyC z&0qxLR*jIsK=l=@)2+TS!tx%gVbpg%+X2=^t{c+<$y0rv1N5BD zhA-i;n%Yu=K0>scXXL zg0}FR>jTRcy{3oYfMtpdZVx3F)N0m`;#cM=t5oOQI#sG)f$F|y6W|wjH_O)Q)|u~x zbXnY|d207@Y0ZO}km6ialJ#0*VfBjY>DTXt#dkaXDhdp~Zy2(hOOF32`uUWEPn9>* zZl?c3qr6LS`-4|%E%L)2oyqUcBPUR=pwk5zTTT>CAUUTLU|-zb6k0zdyr7%`xOi7F zSTvE-3B41&^*p~D__YTCDBI7sBqhM`B8HOc?67QqkVBzq1RiOL+osGw58WzI*`I&Y z$s7?M7SaE8&zZN={_mKoob-g612a*Yf48dp?Qu>DDR&tZ{tG)4qR^}lDZ&7`yN5oc z8g4c(2q)zDGDzLKi)?J>%R;AHIpaUoxZifD=D+lw<&@G=;IC`fI`c2N1ayJ|bCChai zn;aQ=jdaWXufcKLQ4XF7=(c*<@i)Ec*QkD?Z81zgv4HV%O@48@c~|zeQaXmq@?wYd zXq@1IWg`MyiC3+#&KkYC8u9LgErW_hR>lJmACbypo@i<&n}Pj&^Ro8@L|J>Ij)G2e z2c9PL8y^@WUqZjn=vr1RLnezp<^JFyx4BsEyhM|V{RWUHj!;ZfS&(0IE%FxRcPY+OCWD&Ba@N`=PB3=Hr854k@-?M`E*Qzj>3}~$kmUTCd{m3uq2ZFEbb|f?gxXHwe7GNl6V^&mchp}_Q zmn~OvP>#pHXv+z!3XN0veCLb7Fa0+oq~!BA#xNRjlrCN359jv zpx)f2WS{%V@(E`OQ%fR(sx*x=%XO6P2J1-l_<|4k3s_hvTS zQ2g^}3i0L}*nXv9W)t^J9le}tQ|&o_Ci|8exxtV=b=2Ep9V@R)SFXEXqk=!i^A1Hd ze)9Wm;vH4DBLz$XtR9y8_kir^MUVaqUc5^)D+0(zn{f)zK3}qt_E@@u$9f_-L7g4= z!(HOJ+?F-KTh-H+eYf}J7Y*y&p~dif)09(${s)9$Tux&x&)|uprx#~krc<~W!0?9g zE*n*@^knIE6@}t?)yy1`nK5RL!h9`h-r_i<@2SP1q*V()Y?^LsKS>X-Tu_v4GVUwL zmZ_jQBfmLvm@n{3P4(=PSK|tQsEqQ@GZI1jc#~a&62(n zpi^v(wf&*n#x{a5bW5*U39Um%hT$_chj*_@E%b|cuIp$jT#0Q|dVZcW;L#&SGn{0M zuCWIFLxGYn(NQSnsLY5Q{u4VMgJPQ9T8m!NfKQ4*eJDz57%CJf6rEGgTL}Jt!^C8e z-m;0qCe-QVP~PXU<gJBP0_3|C|C#QU&2}m`*xwTlF);+;3Z`ELC`t14I4-WL5 z#rO%+j-a~>VJ~=d+38MC2PqCzytl*X0c5~T-l5mcA2Z{8XTs+Fn0ap)r$vLPa<6__ zR#-?w8As$xP{tpW2wh*=MzRUEEyVy$Snu&nKwF$|{ZGbSN zGgy)jz4_gtQ|oYCyI6-gr!v9vhI-w}x6eC`Lwq-Q)Stv!MGZ()riPrbIu{VBTU2sL z`%czsmk+>fq8g8$$6pYgqb2P+XOsLPoA5$om}A;*EGqw?3@P~7LE`5;bl>#EG?4=+ zG7FX3_9{N8TvcHTXL-E`fInHna*H*WloWx0rzoH#7zSt(OD^Uv_22`RP2}o2dgnxe z#=pLXT2xA*XpjJw&LQ|noEys}rrZ0QeW?mPy$5os z5q5(h2Dos6DK$I*u5=Pko&hr60E<&%%I_AZ$Snb2pW0nM@;E)1ZOk~}T7aN{pe@KE z1h7YFJVd-2|2>8-6C3n5srIcKtIbkBo=t!2JnkgY+N-(EDmNji5qra290-^_g1z29 z0iZ1jYJXt5S2f^~er-b8mbqs|K$dDMvIlrfC)3e>aJCr8%LN(yy)oEO7k2dzN=}QX zHk4UYk_0Jg3CRNae6Zbc1aU7zcMn)8k<2?iM07B`9s3W_bw|FMXm(r%xtp0H)^pf( zm7)yQ9&rDonZr_hU-jZqAtUp9A+uBsFr#?rU<7Syp=pNnlYr?gKv4&Lc>#)g zTea*T$4Xtkz_;*`pv__(n==gi2mY4;p6#y3Lc?$GmB6)Q@ryql{SBMZg`3Tr)Np0o zaD<4G+6=Ao)s?bSdcO)i1Ez374 z+~&Cxb~~!gql>Ft{_^R?tF^&6H1KwxCWvASq{Qg#Oq3g=@}<*K-F~QjcqAF)IMh}0 zetC+o|7m}TDQDol7O(LuB?C|Hjs)bMFx2x9WJZ!wbBYi9LHCSoeWf80VKgEn z-5xxKxA#op^$eU;+m7$qF@ZppCT zQry#C7bR7YZyn%Yv>+BXMGYIZX`TWT5~gdEKjOZtalbL#uC=RL< z*X%Lt>NA=O${y1hO>*-@?GVRZN#U|@QEj|QKV3&Qx0)8Yd?5+Dr*bn#9g?lPGIC9B z2U@#_$mcKI__5+2#9-fEhGPhII?7HzJ!5M?izS^WzuWVYA&8Vy)}qk9i>sabN?jKR zR)!)xqWS}821~XLd*2PTJ znXlesRt?jw9N(+s)Qi)?Kj;74jPakLKqjR_*8*^HD_1bW{A#g=0}(Qp5YjtS@i@!6 z%9ByMpE9r_JbhyabcX6&9~tD?wj$l)&}%y=e)2b^%WlvHBrV`D(Z`=S)oxO3v{pRs z?M5fS6n<)8Dg3%JHS=Il^W(shGfe#tb*r56Jz;Zhv)_DkR7?D$PVrIM!{sP{y0&e>S#3kQ$fy1ill$(=D& z{G~?0%8vrAj$cl3cL?=fB?wF_=KBzxk<_+*E7{d86#>`UCF9f9TWD?4nrx=3j0VJR z=ouy$UbrQ7nWU` zc(40C;l&I~jUTQhU|mD2s>qo1VC;^{8pW8oapR(_AbZS>8<$eQaUbx%0=(2+7zp;r z(`LelT($A^U&R;qU!Ryzs-U)^V&^*C;f3BN_|#2tgO z(AvCrEYFgbyr>*Xy&8Vd4kIkiik;J1^YSSSuDtz3>05>>u@!%{rh{8MtVJy?pm3u* zv73$q`*-tiwBaKtjH5mQ)p;3WIqI@i1I+St$7pR~J2~a6ZJB5bY zaS!&iI*nm-2#46mt_P)$A3ovTD4r*z4u>9z#93OblMDwoyp+*fEmzK6K76f#xWln0 za^ZF%ZvLf#iBpz$Vr-=FLs8KFK7_n_o5^rdF47uqi2pQ7JjEc=@JOn$|KawE;BXtb zM3(eM14=yA3Us2@sJv$Q2cj9p}$TE6q>+h90YEWwNn6(iI4+I=(xps++M~EEEvJ{Z6H6h zx;S35ROI4|7q5m-_;YjuYzQA5EBTn|FVOKtAUbX}lVF9MnIKqF>Ju@C0uG<*QL%|U zCGtOSISJLg+aLJmYrm7*mM_h3UAYB}jkF0Drqg(~gz^HJ@At~gZSyCpbQ8Zeftw5i zIMzYOB6XJ)4W;ju2o|rXSNSN~Vn1UCb8o8kkQDyl4Fe11$RK4wHYsf>$mKD#+bVB< z1OQ_GMqEe$Y=4>iDVpd;% z5*(VbfBqM!KdLiO1SSPYW#qI;k7F9UiLU_mM9V^LLg#Uo-^)b?<^O$#EdN8cFrELG z0o4t_2hTFN({D2hA>->%cbK#1wUflk8ZLn!YvFAF@nb?A#CUpksx(_Q+t0n<&_;%r zS&jCr|Mo-k(IuXw43jN6q+R!^pZm2K7HEwN<;37Cq@DK3yBO)ofg5!5>#4s$mmKov zN1AJ7_qjbiQfo~OVy67FnHMwwWQ(~d&EQTeR5}aO>yU%XXhNPPjHY=8YAIHnbG8lt zF2`MEL=^)!RK73DlUzOBx1*5zl#BGh3v%4au$n?F{e2hhLyadw_x=cBp$DKrSwe(IbZezG|vh6j2EIawf z<+TrRDq~sOccHv_fXw06F6>Z!*AQdl z2m&Lm(9h&2zzfNbsCA01@>3%GDKdbtR>Xai2yA~j?BvV;x!Kpdi`NbfJEs1? z@<4_jndDssx^;JLaphxe za=+B76Tf!p_o85te32QW$HAwV^>3Vc?+tRZI8U@CNe{q1a4lTgs$mO*aHz-LPWW{V zr5oVu*ESmGT?ogTy^$voO1>Vm)WK`c>tgHELoCv)m6njv$4Rym$K&HFy4YOR%6ZVA z9BvM^UsJe8DlnVU9P8eI@@LBRbUJ+LnrKrhTPuV472)$5WdL+dd!|P8P&$sLc=??V z-I~{}AHP8Q*3>vu8ia`uv}#6v3D;$AXQgz1A8=w$kso6!2ZxXlAj1!o0Ss3$lA6Gv zi`z)@W67Dxw?EatUQ9ID=8L>1!}W_=J2;dDT9K(gS z0NqgS1>3UWDaer0mCT#xL+^g;nY+%S=S^N~x>#x|chU7dKGpC&=_KL#48W=|41+NF zVjfT?28#3C{Bl-^-Zh=IhL;cKX6`6=)6vM~qerP*k_}%0W|#g`LmRwa*$s{x>-+S0 zg(8rV|MfEfBq-AZNw>hBx zrsgLC`Z?N@^HCF5xbmH{(B?lI+E;dSwK5kL65b4y)$GR{INA{+ni1CtyZCr>oOUot z4f;|^0Q>QR&cK@LcWUja#@oFx1 z;u)sNb@}5gDlW3U#XGv@F5nH4 z7tf%TucR<^R$%M1#eOs@Wp~NlEihVl4@JzSpf1A-Y3&DjMIO(_2`_wG(kxD>56 zv#*bC?`C|*cXVmonANVKP7b~vrBEyKn49B#(43p*Qo(Lu;Q3`N&b>ugQ(bdAS6#$B zF=AJ~YBQX}Jf}fk$v3L%zPT9jo;3f-=P~X%#HQEfyK(^N4=aFch3?r5DCs&5*9zc2 zl?hGS;mq!`J3W4S=IfUx`VY5%Fxe=+@kE_387`^Ot>f@n+uM>GrVi)SOiNH7e-h0n zwn3Hnn9}A3Q$q|;AOp3hfEs89_nyP^yY|_57uV06Yq76J=8iKcTDIOE9%k05`>KQu z3D?r+_X?~q_`kS&@1Ul-wr>>0TZ$A#sRB`H0s<<%MnynCK)Qkul_rGVOGs1%lokOI z=_+C!@y`fL#!W?>n3O2SdoW3t9f`fi@S6++*NS;npliKTA0l3^;ogq1KDa2 z`{~=$FCkB@^KaQDKT^x|YPB7l)=xg8?c(=J zfPkJguoGbQt)U2DPqMVJSQ4OpDaAJ>#1?P&@yDYpx$8%xuasRYJe6i|5|q%l$n=Cw z&ZWAuFdbrc%i*h`T`7qPTj#^?ch&zZ4zU4oC~K6yCDrH^_OC!74y_0U{E0(2RuUlG z{7)RhYw%BNk|g&!NZ{ALmfXQy(K%9Kkfxhax^cbFbQow>KGRNpl_c4W;L0k$nYWMq z%gQr$hPz4XEOO4X%QGwY(!3LOSF0+jf&|!cGCa^!^tv%gQL}1Lx=1eM{2i;I7F~U< zQ=HKvmK6b@uJ4cHcy@DxsbuEmnfR75Pm}m==5QLUg^dBtP&$i z2*qKSHc?44vb0FI(=O3#f0w+Z1<1*}7@AZs6db04OAUr!VP$AtmZTL8i9xAdX!OAu z`SkDMz{J7Su)9w(c&SiusTFwuDN@t;=|AGPvyY2;4F=e$nO!wDEB zlm)$ex3uZ?c$T@p-YkD(!WOd*<*WOv#;J%LK-fpp1Ok&SY6b`dlits@Z@*i6d)t`= z&)R^`1!n<)K)y4C(2CoP%;X=GF8i@HR#7UF9?n!@+T^NpsBO!f5>I8teVm~6x>MktgzI>XPAboX-~3_FYsL?BV+!6Qh zC%jl3EC4UX4jI_Bfrq|BqQ*WKc(|V5;C4Qj7#>9%3GNAN{lU#v+b>uJVqL2n*YsXlImrU~IREJw zd(;^@s_$fuiB5I5koGrTKodY1z*QaLZn5YhP73Ma418C&Y7HY8~(V*^{X;_b2tQz}6q5TF#1o8LtFBf7Tmqs+6UR*{ef8IxICs)Rg|d63GzLgX-)UWD|H7s>Mjo|(N1WhYw0)M2Z*C-$gc0xBcKKq zEp+2J@(eXf*)MH%)Gj2C+vlruxY>yv-ig4~>dY{~4WX4bp02=ZiRjyhN0Y%q4LGWc z`BhlL!>+W!qRdTv2&8d3c8ZPM?BPk{8PuBC8&TvcY3VgMt7`-<9#hP*h0K-|fR5d|E^6sz1qV9)&aEIP8&w$_4Y4ewm)=|5< z0qrVCe!TqMa(FaX+hR4y8G1Nv?HX*hedX?f=gL%XXA4z|Gi1E~<4P7Au>U&-Gaigf z{Or={Q81JAZQ#;V5t#R_h}l;Hw-Rm?(4@%+Gg&8~RbOHYUFsfV`(48+q#8D}+YikB z-(2l@Fz^@uwyo}wH`#yKfT$f$$WW5b!n<)BN3QJ?>4YV8FY3}R@JO=kH0;X%aDjuq zkyDObpGpB|+&*^HXjaO*QfcF2CI=Jtd;EC~gt*|Lvg>Qom$HWZ?#(B<9HP!Y%}RAN z-@f7~h%oQ%P8HXP)uXDVs)L%Rc{R=gLe8pRZJ_~HZ{b{JRWBp~pp#va$Q71HoD6D* zXJfX9sy(=1zC^KxS`e;hmG9-=yX2vdU;W2*#RKEbSk_I$B5cbWXk%7V5wDNbp>{^a zm||Uz^)GL&TZ$t?R}>YdP;@L=HrNU&(l0uk2TWwWXacZuz#?du zYK?TruRpB986umBE~mI7KVuXxZO!qRX*2!xUg28LE;_Bqc6+ad{BqCY1r+?UinYsK z>|u+a^YEvzfy;YKC^43Hq$7EL7X4Q{F=AVfWRa~HsV3rHEGeM=^0vg8`Idt6=e(!F znS+@F)1~>+^NdT)&+jJ;wO5QEoC$AvveH=S*#9MQKE$R78z~-im8)js#}@D0=MjAbaeW%Fb!amYhZv(Jw~)hT_SI6-FT;`8htt zb&(IYf$jnf^@vjxW4yY=WsOeuq%ZjoN{*GedmAyNzZ3lab#p{Pmm3FHFAcGCV6key zK9W3j;mLc4ZkQXr5)G8&JJc?2itECZdd)#~gvSjIT)SM9b6k=LI%DEKsQl;>XSk@x zngI!IFkm-Wqxf}YKVV8~$S*o=iPlqcr>{wha1ispzW#OniN$#y0_Pfn?j!MpqTqEP z-tmQe&v7&F%9jp%hEZ01v0>ce(^s>-M?W^rOu5r!4~Sf8dUaF3y+}C%O+?F*;B$Fi zY_)3PmI+=pGjMb4W9_qf(MgicTCIk0n}@}5)>b(xfm&95-V4L|CF(kO%XN_%qwuN^ zedQU(Uk2M=_#QE);vKpeS-8W6Pu~#cP;o>9vZeT+BHZW#` zc?Oq)$&k8`pb`0?UGw7F5U(&lrpt_vR5HSc)jjL|dFBFH6o&+lEAG8k_sDj(DeynY zK#cL!J?4j{?zt686{eMMPVA$(0T+eV=QUb6PlJa(RVa?VH8nVvawpo}<-zD&%OD;7 zPxXRsDTJF*cz{*k2&)TT*pU&_|KP_P4nqwR-E&$m9lO;G!o`SnED*OBMppkk-Bfyi zQujhC*V2-(_T|u5JZKXt3MTX!0_fP@zP>y(FL!iS{=?Q=MuC%ND3J8EI928H_AF^u@NCt)?b%4&fmnPFVvWa4mOp`W?w;%t9sL$M;6E;<6eOGMX)=@zib`Ofh+m ztsV6dyc@?8f64>38&{1ksl8sYg3mIR;=vX_8*8QMG9}b2xAXSa9W{+J0_XWDC^Z38 znC;}3KqFmh8Umm@KMXV>toLi8x^s(iE?OR$H$=}R#wifr(+knp3Gd_WOzxW-)(q+n zK;w%tc1w#~AS{X2CSKvX1RX~Ru~L!0oifnU%Eat?NaRQD1lIrFx1h{hd= zX+ETV=>sSMkP%%#G|*AlHGW#;R{XANtP4e?Vz68W1k>wL696!SrvnumGlhCl@7e^O zG_3b^-y6wgo=Lh9@V#FB9GgP!SIM~^6z}J;xs`RN!i=he>`!q)DhXlEx<+dSlYW-V zbKRfHjm8vbi;#s1NdW|b>yiVZai84UVpJl$wqB^d2!-n4?~chtX`EZ-XvfR<%c-^- zv_33(d%cxch(jn3K!Rh9$Ou9=GfaR8(>O^kAbtr|{}@k5Gfy;(Taf&6#pwM*Yz_CY^oKhgI&+52R|Nk@yPZ7)sUclm$o?#$ekzdq(G z(O|kTq$`$fpjZX<&{lbnb5~3G$Pf}M_UD2Zuca^AXW; z6dKN!ULDc9Q%5~xQ@3u~^_^&hp_uK30Y@)!6=p#n^_WJt&4-I#^KTX5S2_!d^sIab zOP6e*w*4^K9D_WU;k`q@mqOQVZ1jp-Y6$Oy*(xckZ;8lOBRcZ7nTmTjK0^b5Yza%1 z{4CLF6?3Uj^h#`jE`rB=ntNQb$`oJLC>J@aU|vzgKR*Ea;GdTEreMjk#h#}`Z#dW# z?L?7x7dP6Qi(d!$$6TygP0@L0{R!d73-DVbo~6Mum9zs zDQ1c?G(TH2*l$s?gbv-S-co@s8gfc#XB09(RVUX&tcNw%q)c0_xT4VymN18fg5c;xL?<`lw@B1#d-igsbia%|!=w0Sf%>Mx5uwl_@J1p;9(Jp5 z1LzZ3k5U zhuP(XYxkp)gus1UXrO~e+j-_;4zMK8S;uc*Ky2FGU6zJmgSXu*MuT4hGAo%V-G|FGKrLV*|dq}fyx<6`@ zOl~#l$Tcbj=M{p+H1WZZz<}Ak_>X$-Mo}K?9?0Z@k;b2@#jQp&;2TpBH8I_E`3`*< z+>dt8 ze~AQes6-IcP6Ix9zfN-}Q;4*y&O#}AGGZ}oO?~LG}==#lu>TA~lEFib!kY%g)4R4Mm7Jp;9@aWBrnK^rV zq{DtEEaX#QYBvG19u5R-4zh~!mmZ2L>L=%3;k=sj#qrC`08sFH%xR|c$P4Cx_cF|o zT!3dElWhUBQqJd(jR6X<`W{{ZCmhukE}k%wMZPJ07sRQ(J~CM^U{TC#m1i;Fc1kl- zw=UA!ddq(zUBOMlET~{AAnS@1ge&>`Zq`5#E36-newB3w&|ZZ!!WrMuTARV=U|IoJ zuG$7!yUjdP2629bj2~;(=*?X!bv7Pnzrvo8 z?R!41x7+>Y%#H@k`=d|7%QI8UffoY!q@pWWKEF>)bCl617m zP{BBP5B2#Wnc4oY1PszguH-6R;+x|!a|yw0*8_{H)D+lV9kF86Y`<71ym?(Cn(HZ6 zh--|iG|x&p3ssx$KBQ>>rZ0JA-g7Q%mh{p%7#<@DJtnZr4AD18Cou$x~NrJD7zO! zx?{}qA1$g`dIwlSBLuY5$w|@9)aculvQ?t&5r_B8o=lQ{hCA{+@p{9~tLEN%@o;h7 z=`8H8J~fBW&Myc}!OcGa9BqZ_3tRgL2L6)R>IjvMn=OG04;-xCnSDkDxT%1*dRKg} zjK!Sw`!wqi8jRi^*Ib(7`fl_(>&y=FC5^3yBwFdnr7&)mQx-DkZx?RP&yo=GM%^Ir zUEwTp43NX(O>P!y^;c=hgL02K5&_$0N8WR+og8;6{gr0uj%i?PFze2tcmyx4+sg9w zd;)^idFzU%DRFQ>QzJ@-(*bxLkPO_E64Z?e*O?uXZ35{kOxn`ScQJ3e`g-sStuHM?-I zFBR&6<16f{o}H92uKt#+UsY2Ug|`+j#ZFGr^Ne5M&lBc<7PusdgE{2~0;eMEYu$Kt ztE1-SuYqy&Cx)zEI1_Pufi^QYxjJ*s^CD6rNg?!>HBb`4gvef>#jqOfE?>vJx>s@U zLH&>8-F{c}Iywq4^k{niH%bgbpxmy{X3oN!isv>*#r7qq7TT|dD=S;LSuq;`d)q7f zvEzYqm8~$#PD~~n;OuU|O1YhNT5i(XJX~#`IK6lG$z=UpQ^_;_%nzPSGwuRVdc4@W zLB1`#8_r8wjF_Xf57-YqDH&Mj6iPgAqW$i)&3)E!vk3lYxXiNIq=9^V?oVCCc9ixW zHtSVRT3-&=>doeyPP92-r8*=~MKi~P_<~6PXsSx$JHdoG_}LoLXSj5~T;BQ&bd#+0 zxSx=qgr^UB)z$tz{a9FwZ2Hyw(-cjQs3~q@Ym~@yDR-H&HKTJuW5T*Qv2BYVM40G% zh6yzBM-Dm>^X9s`;?1hQp~!EuFc@?pDmprP-VKsJwpj8<+R6Xl+N{BUv{|L5{%uZ_ zbrSI->=f;s^B?$+x)N< zFz+3z<0L_7x6A5Q@qj0;{MJKvvhzJcyw`A~`pkLD6F zrIEA*WNHW0G*02Gh;Wu{AI)*{+~h>xhG6+-dZU6@vjaKWIue)4Nke%fe4I{o)cajv znF-0vigi)c+u9scy$1z_?-vWXDqe4966z0p0w#?uH}>xh&KgxKT^m8>&$?Jb92Ci* z%Yo6hH6-owpnMk&UiTvY>dcQikJO*lQ~nAzdWLWcb!y>*StU{1mbrY63E#|~z7jpM z{)3rupCTDXWQ)tZMEVkq(yRVhS*?{6YI)%s@H%dyt1Ye;=U*PnKMtId)ON`-&66TP z>|fIMbmsY06Z<=JOgW?7b-}g3iFTwOANMPHbvflE*Pf3$VhqDygcSY^{WO{Rh{pv=49u7C#d8=u&3HIZW@rM@H%{+Hu zgUZsn8b`7t&zB*W;RDlK##aEz*7G1*>^p1`i|i2An3`8N_vry3Bd8!lJuhXbLnGIM z<}5i8KfWKLI}Seqgg?YSI0xYS9Z)6z@c;h)(T`^nNkn@@Am;bmcQrg>6>-4%ujWQ~ z1Z2w)b`1b!w0ls`mG>{ylz?81A#hnQZMg?zk`{tor3g_|Y98@5IqHYUR(Fbc>!3~( z{$$8@9X&wX9`0xrF?Z~qG&~hE(?B)MD z_v!V~@x*Nd)*tV4cgM`3Q?47?SWFb2n?vgogO07{@#~BlNk3mT;IGC?^p~FE zQXBwJqv>a~vxyMWyJD^k=e7n$+=Pv8%z~WOPf+^=IzDgxG zck0!CZKe)|d!7m*G1_c|?W-4PpJ3<7>@(fZu;*;(8>-}j{YvQo8=8X+8DV;=eV?Cq zsK(My=5t;*twG7)69_0Ejq+`%QbRCs6^G##?5gcM@pw z_CL+M-ZL{;Xeo7~b8Es{nWmHjx~^y#$?)-n7bFG3SN9kkl~t1U3NfonHY!*N9zs5` zx?SD3Rh1MIdgq-ys1`}j(#Ci};74{YpX_dX-1i)Gx5p@g#vGp$n6{QFNUn@uO8wZV zgV(nocT!$rSppAW3RqAk{&bR?RE@)7vrGz0@K3|SzFZWqO{C)fD-vDdO6Mi4G z^2H^i$!Jn^17OdlCMjJDt){YB?3%KkB^|q@J1+OlMBzYd+nCOt$q;SamR`v}oo>k2TGD}x=AGSteMaUiv zrdO<53OK*6UBAfOMOJ4UJV6K>FZY=y_6h9-a8;Zv#$uGYwC~oP*On!FCbrka8eCEup7XZ!NL+ z+dsW1!oDncglxk~lb-|Vx5d{!fZ3307L{*s_o1SpaZ}fI3;z`uh-V=Dp@_I?fMtkV z@$*#4HTKad&cs>6_Z=Uyu0Kxfrj)y^%BX41rh!juewvsVZ7q1n`qQ;dQSqUFy%+=C zE?OIXS}()7&kWr*)s6YFb(JELipD`nL-)iS2~ea1snEA}SGv82V7zhJl9JM@M*a_FB5gRijN=j zaZBglnZo7=llpUlxn@@(?}xHgWPKOD_8!5x&l+*-$>*tlk&-jn5G+f2Jph|LvPS&S z$3b?x5Q_qK@V4nK4HwWJy9bq5z?C*sx5Ysmrg~TYPr!u3(>U5~h|B;b4oyiqHHcUi z8?;%8sCD#{;-U?BIzA_WqT(&Pt)Sj7pI}eQBz=LGDs4Bnem|HO_BdN|=WE zL$m$k&Z2M#$nIfs82lnMlfEj*H+tx~J-GIH3wgT#!Y?`v_SsH&axCu3A_H@oZ7#)H zx}`nRhq;U-zEula>fHs1^@cE}T+;LRRREz(3oY>@1x!79KLgau-(G(c{G`UN6;dLD zGXlBDt|(ebIuCDi^cm%}J(@D|4!dlWH=Z~x&rXpp44{R61#gc3q9get8drxAi(@z% zwGP<-LyGQ^tc7sxsj&~5545sGAmLt0xnt!@?St7)v*@)>0B1UDvo*bRcp=%;kb`#6 zvGrkj%W2*al|)|{%>KGY@iBp&ZG}%7b=C+qUB9>8^3|;5Y6D%I&dHi&8n;Cicz){d z|HP>e5VlHziaYCH&u3#`#95-!Z!Te;mJGL0c_{umn?Wx_DR-}m)n`wY?10vJQkdOs zKlDuslj7t{s_B){db7AlC;+{mu_s%(L9Kb7W&Ie`yG+XBxW0{VMgLBLH-AME{eQ~g=d z52W=VS36uo8wA%=#?C)&xzWW` zIL#BNs6*O}-0-ytF+`g7yVG&p6xH_naUq8D!p?;klI?Y~{?Kvcp?oCu2zU@A*(P<9 z0+fx@0IUhWl7s)ECB~~#TI0WO`%)*o*f=Je&#SCFxX@iQo7Mthl}pPNNi@O^Ucz_@ zD^!KACEVmCe6knkcY5O;yim0YdIo3d!;^fuQtiga19O;NJhcF2bw<~9x>=2*&Z;j(VV3#fvzZ z(>hPskn+)1^%YYN8T~EWw`;jHv$7^K@6czSR2QqSW21nH!k$yz-W zvW+=d?u$YQ_4pcvPYL#@d3_~Ub@koZoqQr6x8);SQfX7!nD~5O=Y|CMButFB_{`MC zfUi&AtMH-x;7m}){*TcKZM@gOPSL6V$)ne8uiO2iga2Moxo}B)H+kUv2iv|}tRLMIit=T{Mnbh918bvoC47jb6WqZ7QJIASUO_(+b-u1k*Rj@_Y3 zLs{LGGYR`=s~YY7E+UiDSvJ&ISoXf!kxFd{RK9;jE=`!ruyvT*BOR~#Ixu-x9^azN ztEcyMQ;Ir_&dp-Ni|{n}$7WX)XvS0XY1aas9uf_UiL1JAptP$4MNj$@^`gY2_%mH9 z7F0bMTLD(%PG^W^W7hFzV)txC_-wAf?ESHPy``&yrtjh-i@jS(Xdw*AAP47tI8=s+NCm^6ZR_0(AF7p616BdZM$nv?7vcxU#q9t_}nZi*J} z3nj8QK6vY8+H7g;?b6omP&ef%hN%sGn6)yzBsnich6{k14@hZ$#h1v``-?Po zYUN>ofVp@ZQAC! z0wDO=X$f6Ad*z8u!(c`aUkLLu_gF>tSG@}FQDZNtSf2;CAjx;-WDZ$I5Hos+ScHz+ zHq)*{g!zXAH;TTchi&BIsVm7twxY&vW$(si$YP1`VGy&sh8RrfyMc6XQTe2_J+>r{ zv;Bvq#FFYgEyjsNFnIwNT(P~;vM+1T(Xld)p)xohZKT`GlYb*HJNPSnug123W0@5kQE zy!j9yl*?HFm=LH8U!cB|p-AOBZ!hx|uBn7qVyZRI%cRwaEAzH?rtaUwQyHCTVhSKK zM-~BC%}ns{@dv>Ek0=6eDME2P3Qf$`Hp3U?d`=t;u6>0{u-Lz%iLCg9@_gtJN&y#tn0WV}M z@dl}C0^gd1ba(WhN;Jc@rKi39em1H<8*?Cd(Q9Vil{QKYj6M=wJz{)ndvoBn&QA{5 zwDd;GVvf&Ya%7FukqX6zq!YKoH?u2%qCA4tru$Jk;xrsrmB9r9niT+dLGMa4&S1^mqlnhxYcezS5!zH^gWjEX?<>_v*yI%my}Zg#L_wom#|#Xx2hQY@UQvAj6zqotDpax z@EP{rI|0fA&tC2M4jNbB0c5m)&sa@7^%QuE2dF0MfBzUG#_@=lpC0;I2MyXvcwF1I6rMPK-ds~Qb(c81(8R0@Yu&AO1fm;G} zs0Sm!zu!m%DI#qA!9O>ISQUjZ7dM%_J=b4*u!*RRr$*cQI^6m?2ec~Mp`oqe&VWY( zLyTW17poW!%mC9ut!iInrx+B{S|7VKYqP(vcQ;?fFniL?q-FzlKithAc1IE|86T^F zKZP3Lu*W`quNm@YHdEn(`-x|W85_x^i}>{uhz=*CZuFQb#Tfy-uPTJ=-{D4_BuGCp z@KNtxR0eu;a#D3;WO=T9(8Vub&&0E~c3e{44f!77$WFcsXC-HukOKC!nvx*Zx4r({Js?KRbK&$cb8WmQm%DrjcSC}Gz|Qj&w)jtwOQvy9PwWo)0=pg{@)Uu0!x$&I*FPTB*3K7UHW&QA=IdHm zAZn%!$|@o|QU#Hrvw#2~mZ9HIQrFdEz3hH=>X@Gd36mmo!V>eJeiL}Cl#4=D*6UC2 zx)vmJ!}Ie3A1ZY%5`^k5RT}|Da#B;kmU0}i#02RYHN2$MecJ2(tFnRbnW;sQOXj&$ zNaT_+&03~%$Lc)w!J+Y;X-}jJEi$>WJ4&YmD+VOs|E0?W7XBZGtsx#SDW=(0WGB5S zH;XoLlOcKgke7emxxpx;#z*rc0_LVV>=_GeWdrV0>oVmFp$kDwMof|Omi;?AkY)Y* z)4-fjLo_Y?9SVUdeXR$vB>VX9$V{cD<~#?s7r>{~Cm&>;U32+GCwUYbB?+RP6=0x+ z{hd~HD55It)RV5@-$@0zeubR^yh7TEx(@YN$UMTUSPLlN8tr}uT*v8jS1c%u5%OURckY7r%g8P>?wx zA%VF6`lvoct~n-rO#L=~snP;?%SuYPa*+jG^(<9-?(7$R?R% z%UK*X0(s&Wus79bV;Ktr; z3BfT|h1C6bv3^$61f-3R_;Na1MV}t0@Q3Mh?0LV#W(ZV)o;LO0 zb1yK@{*+0>RHufUU^^ABYJ;P8Yt{8o`86kMn2B46vz~>4l)R{q~Lvx&lKNkELH;K*3j~YKf zbdY4?rdcVbDA*n1aI*~kNKtA2@>Tf^T3p`=MT=37N+Z%S;Y`3G?3w=zArOOK1UR6t zhpq+&G-%L~7{YdS=WqHIuJ$lqEW1%(9P>tVahM@yR#z?b6flYWe@~(e@ZYtG#-Gtb z0oZ0>5=p?cp5KdcF-%XFGx!<2f_7A%D|b+?GI?vZuM0Q&I6HNjDD!G~FNS)#nyk#?5# z6l$*%`Mca6`i8&49Az$M_z*o=^Da4{;;>-u+r-{}XR?$V=I}R}k z2bpV*rv3A`EUCi~y+bjAXd%A#NmrvxB>Wn22zl+g)LK<~TW8txZ>{0(I-SFDS|;R> zSs8Yi7+KYCw%sPU+jPJoB4|_k<%;dff|lxgmc?Ej*yYWKl^xp*IwH+EufmetHo9;URx4BY>rXjgpypLc$NNxnQoaCG} zvRtD9sxoCq5ubH2B_DgN}GGyKqx1my*gow5r{1# z9K}SH97d(tzOn*5NTGms6QJ}Z=lF~(@k6#;?9_9RB7ABDeEd!~rKzxWX?H1;mn=lw zBH*g*O9Id0yxXO|-rX3x``7!o0)|}%zKAn4z9k4J3`~8Em$a3kLGMIN_3$Qrf2=4LqPUn z(_Hc2)fHzWo@Y~T4AwY9p_ibCpP4-TJRQ7?qRyC|5POQ3Ut-W}XMb&$Piq5)i(3Ka*SIsj_-J z(#|%IbkxeH^AgTZPTiudoY0TefI@v88M@!yY5R1Ub|o=W^>{GzYR%)B!n3Vo{D&HK zD9wE5{!p^x!_wP7ale_Jy&@WKpzOyA?s)J{y(1<;+Ow_grs+?9!IxnT%{ONeFKIl)q$S zxX(&}7LFq0>_{nnP5KL?;EgyBqcPK_vIBy+LY0-Jdw13M#;xGYt}nduKQA{!x)jQX z?V2{~oDdOv@H2_c?1b*K87EZ{<>#A+eRyM7<^*aE*$$M@mq?<>Sp+*pkQ_oVVi<+C zHu8Byo6wf!leFV4uN7QnYMJZ_7l1oze8NT=jkL~M*}k^a{La-t>Hd~+Yo;Co4soX> zju%~P4xYer_AU?)dhGkYPHSz!yQ%4qAVTeHY1c6PY}cX?W5u8QP2cWfE36(AI9CsQ z+Zw6-%)529uMJQqg3gtVw2>5>Vox>Fj#rcHhxhjR?kd!|#65L1DUJPpBT`8uj;_^2 zE0AGbj9>@wH-T2h%eT&@%aXZ99uf~Gt~!}*6ARy{Ts;<9%sKUd20+qIUD@T?he?0AZp<%xk-WhE0UcW*RNE88|y~*oBK6|Q^Ao7{f^j?&o52+S@?k*{_w}) zH-XhDIpip=eoW@sF7o7<^Y9rm!Xm|~3Zs~i(3Qh@5#s>I@2tiJ4?BQfls%pytI0@b za1MpD=07ORXgkP#qQ#uwP&IRT?$Ba@wBt$1XDUO9jq7U3)HGJuKse^b%hF!h>_)r6 zUio=|o~nSuP$Ve;Qbv6(fEj}iCFI5S^PV^K9ItFqNuWbN8`rIh+%x?)AamjB_^O7A z_4w0~M?810WU#ya_(hi#YU6RlLy^E>b?d%~C7f_uwUeT3x}VSVPhPCJIWyyjzC}Vc zX0eiwaAWY-1KKdP*;2%-aC-CF(GEMO*S% zbZe2zkl{6Fk)onu#B(TK)OvRM^)5bIpqDRUM8b!;A?Q;g11vz`eB%~m^S3ih~-4c{#*r4ASg-O)bC@jrNJ37~?=UL_M|MWInKnVRm}JsQsqA<%7tv8lz&u?w>;8&3l#*PsSOy?fCP0nP zw1D~pvJ!zy;_E1{oe{%8I{EzLaEkXA9W0p)S%_o6FODN4VL~;Edrw~w9@Ecn!xkq2 zXJ@bVs+ylR*>6-hN~C$N&cygG%I~3`$*Ho2%ywl#b4PE6x?5?^KhzfRS-{xc7gVBV zPynpCPsXJ|-%u^H_n929FCN;4?=`YhsrxTv^X0Cyu=Nj7{JC5EwBxG1hk5f4GFd>~647;-HbE8WLrcqphxLx!Adz(UKMl zDEm1|rUh9k3)!_PDG7m%Auh0sBu#R4J)il`R!}k&6t60n)01>1wCflJI??^@>Zk0e z54EFkM}F~Cb9Cp6rs_6T2*%7mW!YBq$QbccC7M=eM>DdmfhWxY?n;!zO2q0OnEKah zV>@D6JUDx08<0@41lGA4`wSXLtk;u_H@d}4*1;e_V79zp>0|o|8`L=fPwRnixAcf3qR5#TYy-} zR8;v*0c_6c?_)K`MDKVq%$#3o!M2NZy5LJP3LiTC zlgW~}7S;4XqH98F>_-kbqtf6*~=|4;RzvldOL)-gmAVXI07Lt6=7N94642`7L-T?0fAEIWF zlteTOV&pn-q^ecuOR?-U>AI$*;bOK9t)&_j7vSEjHEW(RE}O8JifkDImv+Z)Y92$hT!NU?0) zIeN#jZ(wRnJVxiAwQn@O(;7^3Q-E*urcz| z^>eJj&_}o7)0t}2&+?mOU|BJgO&aO-Zl;f;M+P#COi%c-PLPP;R-d4vr~05Un6s$8Vns3H(-aso-K6w$^U`dIx2C5g zo}GoFPu>PDUM2a$LBm((tB7SK2~}tDq{lPpewdj=JQYL6xOC!RYuB z=nPEN?*lnar)+2^B&Vq&AfD+A(s9oI>Kg6@-$}sx1^}-O&pw3|r_`=7L!U**#o$30^Udw!!k-H&~=u70`{y;et()h9;0d1D|GzAIC{ zl6*loD6nzJ);>`{Hi6SKTa3dz- zt$&-bAM2s|egcN$9~Hv?o$umhD{dFmR(}iN{;!n$*U+)kTT;Mwc^EjVT4IOr(FQLRXKbkg#F4s62Q&FLc2T?PzSEz4)(JcVIa14Z62qZ9;qr>Sw;1_k>8kYgee4XX| zA4N38@4e)0W81nzuPhCUBL<5hCl^s`6jOxf2~wF)ltz({D)|FAn?rWcb@CpkmIW`^ zyP4{h4(NqWms@{MgQuJ)r>EwRVsmJ3MvdR9Y&|>)hqOSY=c9wlP`K8iZj8 z{VLxt(CzB;RHGmK6Ik`rv1J&aKDM^JdMwVrMP}zXO~|6X1XMUbFZY92KTjWCD`?fYfcV*|^^5MY0kBGMM%1Ls9ML2xvXtIUyNr?;ZgL(? zXArk>WY>p%ME!u}m~d9fX?^XR%V(f5kD1irS>Oc_)06kNLfMC~A8gG`MPqHR$5bap zFbZ9&VPRAFauQRH+P3N49sTk^UmkbFm$nm%?1qM~BvLexqj zO**h`N+ecI2WI9wDY|`-iLg49X`U`kj(`D2h+NLnNZ<9!w1+{r58tY>li9$0v(k0; ziS7B)^@nC3r`?EE@Vw79~r8)A~RPRU`%{WHpTNSckv#$hkqtK61w<~V8jSr z+!@qt+#z~ev?+poXf98TJW~g&7m&BPDn}V4$J;EpC{N344pVU5t?he(Hq?9^MSYRc zf$NAQ5t#KoHb`@;2>!IA^gAVNKoBIMvE+KZx)ROLofC3sp#T@}u+3Eq^M;@Y){2i$s z9m~s?ZG#jR_zkaeaaY3TA?N~ z!1>c+hiUBb3`hwa4#-UeW%^v!s@c(YvVU&7)8Nmg?mcr?#cB1gW)9C0k-w6XZEIIC z(bX|Jlb;=n>1fh8=?f* zr6H?+Qi3B8u@ZssAH<0ty-`Z4vi#trU8tAfyQ@b$`^pn@1vZYY?-V}&Apc&psQZX2X=O8jR04lLxxxjEKZ>Fvw=o=!Zvu5X4TR?Gj zHjUpvP@*1Kycsmb4?UUSlx<;e1iX6t9#*yb%ME0>y^@2lqTrI|Xo%p9N4AhiaCuZTZ! zHL8FRlaXl2oOH_K8E>^*Dq?O_(UNY z><}*$^#RT>M~_vHdQbuOPtOAcjynh?Z-7Yg@b*h~@Vyn_F#ukC5CejcWmkR*a()+? z1R<1dA4GtohZ{yLAeQ_ACxSxD{olVw++Vl&6iU6&OeItCD5y*l6ncFx{DleFBn%zc z*@s3Zz?K645?)WF7`=x;C=k8K_kAevuVC+CsNyhS#Kz4j<@9pK)hehN*FatP@gX(n zdkXp)>*j#f_g(Pp4Mbmg;nJ-M>zY7`oh2aGhaL9gmM7^ITi2x=9L>s?*$e-uvkrgoU z@2knaR9{+U0612VQ43=~J|^zRb>zwVXEf~3$NXU(sh!5bKIi~+1G?jYC7nWV#{c+? z;0*a;mL$i~KRo77Q#8bX4O%=zzXD(RpN063-DZ|gf^-W%IBt18JM$_hI6dk?Bi{-2 ziZRv+n$a1LE6?%NfNwEEOm>mi**vY8>p??1o4T%EuCuqd*C_V1W4AXm2^og-9#*bu zi7u`{YV{3S9_q5V%oOc#jHkAcRa%Uo{+k%~=o1LD-l?V0^k|eRb-2QeuVXKnCt1`@ zXEC_AEj2ZFR&_%yi{Kr}V?S;bj5f6;WtvD2V4$(y1R7trKF?5J4P5D}A=&inq z<#UvfVnubf=oYE5#-9w+kIRL7k%&jG_>O6O{cMUSvt<%#TO;99HgMJudaRYM8~x)S z{L}iHfWF?tw>!a6yf0!H8v%9_LoDI910xhU{v0 zk6@_#pi~Nux=7?2{b`T<^hh*JGj6qfA^zKEc()-iz^Xt|TC2vetbm#mDfq)b?TUZ0 zU9GSO)Q5}}{`wjD*C-&TP$ICWbOrS%bNsWVid-0mN%Zk=pTQY-J{;`&o5Xn#=)Oos zE=*v>|0~m=K|hg7fW0h09R^=o^CMt2w8^L&|IQXA(kXzhMJp+P`+^?gwtyA|r0HSk z4i61F4fA;6r@Q`XP(7u`su_dSmT#ZId6EK-wdY;X$cz7@mVz?Hu3V`CwFmU)J5>^N zxZrVAckjEig4aTWHh6M8e}hYuPx2Rhiwr~&PYs$0l-u|6huOEsp0RXsw^~7>qpowy zu?5Er+idCn)|_&JUqCXGLzma-EuZ zVh*I(gR?Mv3bV+!hDdeDf?%UZa11%z`P%t8|}bxzyAvpP*_`SPj2T(OP@Bziz}^Ss z3!M!j1NBX@4eX@=Fw~AOOv7I>6!Hal8vZq}D)cLYL949=JA7egaf;se&y85}0yl6R zRGOrMDwt(PY0&%YYrtnc{;QyuU=04O5dfbJXi6slKEC51jIsuNfOE-)9z?tc7HsPk z06S~p9Z-dQ6Zl^XN;5z{|1+BZ{~b-kwYBNL0QzO>LxFllZBjXW%JnIa(-ZWvm77fO z*H&rKI$P1-)>6hFYstp-*a?f$mefOEn9OQn?r>dpIk%RP6rBDgyc{M6J6b0ZYyF^9LagyB~CLc*8IU{E-bt?WaD|l^z#Bc=w<*jY3?E zLS8CI&jHSA3%zA>Z7YnZeZYdFc)Th-oAJRkvJ6k%mfa63{vJw6MLQEU28mRz%RmLx zgI)~tfYFRu0ws}(=k&Po(1fl}W|Q#VIDleZ)l9%QQ#*^W^>TbzWbf{y^K%J$GxNLQ zoFSy}Ht|ZrHgKND1tXhwpgW4=mkq$a+k{F$Pwp85sj$^B_o}evoW)^01ri}E<9eH? zG@39`Gay^v^$XJspj}00ku(MlOpV*}de^nmcwYmj#BYJqkvsh>b!M*_2*4NxJK2%4 z-od~htJNp1FkFDeH2MUABoz%Lk4v*1&@e{PHQCB%eT@nR9zHd%j z^H^(V4gPuH6APWYtkrYgG+*3J$Eo7oEP2Z(pS)|>*`WUEeVpv3xk;Ok0*PXdgBe_9 z?Sa;I=j?~=9W&a*PUJRFBJ3W-DR`?wh#se^?Zb8>?Philv9ga{6nyO-O?U?&KV$5J z+6p}zJtc-rbuWkv;WrHQwIc^S#1+cXJgNZ{n{!7eK6f93U3W|&eNYG5q<81)a#-Ik z3fOUY8OM)UiMq$+X)_yNowm1+GMY?2=$tm)Ids}pk}UzBgN^3HaePLxt8Gn$T>WuUsZ{3Bh48&u%i(vwX`7( zpZmfT_UIDG{WE|V$BbrGHfV13=mh*J@G3(OQM`eqagL$*$*9#g@fVlRisg?I*J3b7 z<^Uc4$pOUwot>5$9;zT-j_{nN#b&HoEq;vm(QT0y0lCqHkhfA#;bJ|t(~Tljauoy-y- zvCFaiQ)1^~vw9Y)MSlQQMZ}S?Uj&ge=?jy%+PW!ZZCoF~lA=MB}5e)CcfEM1!|7VEhy*Y8j0Q_hNT4Zt@9#8tfHS6aLve|cG z19Ev@=7W|h7oi?>T|y75Te7F8-PWQ9TEi#K0j8=u#=!PMQ))af%F=wH$ITfu={*0K zFnen_aPQlQ3&XtUT@JiHbdObq=?yU4v0FV44IsNdl=D~nI@(^PT{@o0ujU$`4>L5Z zZ>ovpLnSPU_jIIT??zt_Y1kWL=r@in3?4aKXWl5@s0UKYRZl8K7bmw5A`RD~f_KoM z4Yb-HZJ@<}$VGRnuC$|WTUrY)9I~l}e+Vu#DT4(m_6qE9dm!x0^&AC@U{3((iwgE? z{5a;6vF<5jI0(i5s|cw2gl7L_b8C2kz5*?4@pVLl5?Q*A> z<*dPAuPDF)@==(v4iLi-VFR>(oNuMD4*3(~`r}1l z?yeCe2*h|_CxpXhNW9#uOu8! zDi(t-Afu2fbX`Sq$E(dM=A~dGTbbrU-RUVqzI2>%QU{vBlT!zC(?u$t`n5FOwgUIh z=?N7zcgv2e4osjhnZ#YqtLH2kZ_sRLHYzc-6Lwk2YFW02&;H{wDhosH?dc6 z^zh5C>HFyWXpPVqu2V7qs@{hOZ zUlf`;{Y1!@H3yvr9=Sa)U6RI`^sYacl;SXYWhmAL}a?O6lp?T1NgzDOnTMOcWG7T^M%`3f_E0o@Fd zQ==uNXOvy&fJ0adF*OiV040I9nN`oDizxx;OBy&|V&9xEC*XWxfb*pdoUdyw8q0CV zV5oU5`ZkI*d;yr8&YnO!%Bk;v3rPwC4kquKgBb}N%-WZ@@81fQrUrWw^7;FJ{4Mn0 ze&F05f`D@?4aaZG zS`LD`Try(w<1ekTCEt%rht3YjYM3|%27)9GUs(HRl9@R?(FD<$D2y%0?IETl1hW!_(?T`6*(iKZ5d`lT-5^ z3ZCv04(2ImFJV7c!SX|KN;NQioajN*a<7iBip`ITpE^oh z8E=a8m_eoYLj^^pjU#nRubJN9svWRu9VG_)lO&$jc@zu5!;9>2>W$CscI_r}%6Xsz z_E!-nKqT+^OS&dmPB-u7}RNT++5~s2- zyZ?pFT1%mf4UGrI2emQ#JSo3`hwCVIZ=ky0qyWfFCc?2PE5bw$d0ncecRwRs0f4(4 z?C|?@_c|LPlHMFu4*3YP!m-wcGRJeD%_xDgkBlT$p|^cungvTeNx+&VPx%wP88}aS zdjS9xxCJc+HI?)e9-#+|Efl?F-T53jts{Cp~eD% z_e6&;Ooo>`Lyc)_pf6TuC6xKJnJ$K0o&t+I zWk&b@acXqm-8GRH&~gFD@w1i-n8k@Idn6AEWz&I@C~kG!+*;L9r?y4s^MRn*B85H{ zCWMe&CBT8ClA^m_fu03Wb1IU4(k-&0zpMHzNT!#{vE`U=-BDV8*`JdU;dOB#yav1q(LDmA%E4 zZJM=q+$nMrw|Ea+yr-gAeMZM)2@E7fN?=W9`~5|aamv)FK3Nb__8)>rDb;7!># zl0sOlWyx~JlK3=Oq<=XZRRke2>ENo)Z|KSWNx-F%>HHmTg66dro5mWR;a08N>s_-3 zIr39H?qrfTWLtM@o0?qGKBgI8e`rJ9jBKjru#FQdhquw6lOm}SP)Q)xBSG)mnpW9eBkNduZ!k=oTH zY~<_rs+el~dGw}h-msA${nB9{ol`of_c3W{p}g&${v0M`#bxe_9^C`2)R4Mn@w2U* zXWT*99Ec!1>hoR5*!Q&y9^I%ueP_?E`CIRc6_KqaGZY7|PZZYjV9i8P9i`rj z7cM^#IeYSs8#FyJP>hs+u?O#Ql4U-1F2XOKss7{90Wu zsA1nbO4M_2&J-F&L?eW=CvOPtZ(m^T@!p|#d@TV%5cjvf45)K%0{^C>F|`v8FrJ6J ziSsBc=puU2q;mlWU}~*ZBybHG2l02q0Qimvu*?n|B7YX)ipP2VY6EWn=G!FR3JZi& z84_Yy97zpvfV~QSW(4vj@`;OAQtLjDH9#sJk>S}0go#_P8&Q{@K{aK>HDWA(5ZyaL zldb{Y(|pkLm%rfZ{^lC9?wb5k&I-9iMZi9i6EFTs@B8r@{DKt9sOEyjsK{qzjnxVj zv|f4Qu9;Ix`W)@6gJg|R4{)wreCY`!Z(WjgDec%}P-+V*6q*kIe4cJFBu)=|i(hs5 z!lb1!6~#*Tp8$C42r!gbd(Tb3I8FYRfG~QGVT1mp4m${Vn{jDx^dD!pjnPaT80?x+ z0>d4mozuk);Z`&u|3%A-ePPZCbEl3OEj^|NFMzaJDpFqeYZ6H~@NFXLxahCGO?X`= zNdW-0nkg`e7;$iL$SpVIG3sy>qY-ec9$n*qu8pnKr_{2^z+3?{J5e4a#o==Za;2CU;@)}9__ zpy%cnF>AyeEq_7vSI*{IqRn^6s>J6f;@6Lo0i1bb%n})zkVO^xK>cFyPHKERyyks+ zfAc;AFIml0-dUTy6MquFS>i#Gi?_g#1WO^{;_|h{(L9O-NUH*PG7VT|50%iWzU{Kz z>et#2(;L^nuC;&<(~q-)X0<0C+?|#(kKP&5H_Fo!l$O(SpLf^tuFi2i7kQ~!qsGT3%EbOlacJ?N9nCs`e1J1lEX=B3-)+;5ZLl4iJUQ~&9)RC=OqtG0;6 z)78)~Oq1~WseV#jiG-Z_s@kdftn$s*dU3Csh=Fdb_lVbH<;wGJV{8=ApLQOSaUI;8 zxkDu1%tesFn&UnvTSt1_7H?DX_?AaVZB}a8?Zih!i7D}yLaXw0^s{m|L0UUqU9wSA zIxJw*{!JrXanEq*<0VTo=XcyVcTaIWC})~+;qg$)sq7WYsgLY}GQ6%=CZ@sJpKeg} zD;|Ze@KfdlXf6H&5qp!aJrpQXTEIP;m2PcVpdNnRN87)?)^OiT)1?E|>mNkDnweiB z_@f72VFZhIzNBv;OP41*y-p;@W!~)GD%C>`IT75ec1-zWbHtIV+i_YVOaZ~e=V%w%Djfv>Rzby%}N)=curN zmhBz82&~Fy*GCVdBs|PWzNOHXdV*`cNp4H_=enert`O%c=aanD1iR&PNV6#U1;CF0 z{#%Fy>ha~ex|d$I1Bf-+h&7qKwJ|Y zwvI#c(Szx>vF0o!-c-ALnzc;qAsevO*NI2bH*_gtQqK?%ZS8>Iq$kip_ul5kV&gIU zwo|y05c`ZePnm5ao(&G~;0B0v7UJ>P+(8^Pqu?OuPBxq1&HLa$V4;fdxy?}ba`8L!bJ_z9rc<-&m^Ds9YT0|1U+ zfNa!}W;L2g0;b004+Bp_KQ(+M|DSO$~LA5k~wgo5IEeSon*8aQL*AX|exr ze?)AS`ijs0Mfdq~%q%|9Lx9W#ReBDoeqqu(7T3Sno-()ps2XNB{SrlcNB}8d?c%JY z(~)T5d8|j{V9ZvjEwK%$J2*MCMmpO`GuDnN&E3Z?A=g#$y5;=-yW`7Vybd6XIG`Il zNMOliL(`VUAw13tsQ251noL%cItrLqO|)@T?rNA7S}vI1gypAX4#bx5x2pwH^U_7aokdS<@?u|}cOn6@*$lpTA23f_nB=MgM&2}`Kqci7| zeP<*+hX`A(`A^*-cX_7EZI8XB&27*b7=M&c$h|Y1Vy9uZ&DCG$!?rMm$nB-!F!yz) zyulEgMBf2I;HZGF@2ovSJ$MJqCqE8tfLSSC+GOwCjC5luysdc@=Mg98@S0th_bW0V ztsN6-P40MS@zKp6Ax4N@8vo6n8fP1jxb!xc&|TN7`*JZ2wRI10cRIv;`ZiVEu8Q|Q zE3?7um6X*I)!oH5Yh_=hx`gC404Vm9eMf6>Xbk1iAGzT=q#3+9BR@#?FHpcd|Jj!Q z;9YdtKibk$t3m8)B)gtCi-aSZi|U{ey~iNmhPW8!xn)9IYeE~-QeFBh)Uv5}|62VY z{k&7^pcE7~oU_Ze0mW9J$y zx~p;azp$;=C9O5h$;Q#>zF;G8FTP(TdVAFW^EK!!MGGDV&%#N^HB#akL&EsigRM`T z6NUD(S~EzL_}Y^10Oll7h}dxhuSHxwHU9?QPv(M8nd&mYI!TCMYVd+jF2c~WwLPbZ zdiXcni|JR_C4T^y%{hxZ*P_&mYf)}LcAJa;skUhO)eGSOnsL` zp%hvLy@opV1G+p<)`m424W^K=|EbS56oJRkh!dDU0)P;$QLEQY;LjR#$$4<2B{vsO ze782%|GV!?(sb7fEY64jfjMdDG6XdcEClrO@B%E+hihIG{0cI4cYqcJi-hqv_;Rdo z=@QBS@N4wR6uOohzF1>zO_%Oj?lY=i6`~b zAKODqAe?_nnH^f~#gNerV8Ur~_kK0)-(REeq+|@04@iGft3vJN>9i3ZI&~KTpnL(l}#&%Gcll2%_8UH!WiEJqr-Eh@e`N5I+H_8k;@6Ymd!K-hE!0W z0Q!D#-#WtRiH4Jv0~vMU`U4C05E1JH+22)ES-h4ApKx1TjWkJTye(gjD_NumCv+u6 z+F4p|^4r%*U{kC;D!L*Xs%jf2w0a1xC}Czq&zKiydBL2BowC6SkK{M`M(6YH*)eh= zDehqg>js?Ni+dB*r_2_!x5>j3aQHlC#uA+TtE8lv4MP2ol$Cdp2smCIn@SvG=h<6t z^Hu2@!K2cR%?(HXsD!cnw z4$A7_Q4f`2o!#;R>g<Lp9N}(U@t8SR78Q_o$IbMr=iWDT;;{7l={f`m%usjp|5uwlfvecuoF8dcJuqs3mUyf;UNC6w~8s$~r!3gZ`?0~!E;g>b&A|o}+xn zPKD^Ww~O2SzEp`t#_~@Gx*KD(1bA!qa2fSyQ3C?sp^UA&Nv$ z^-Ko%yKn%$>i(}B-d|tS=UZf*P6WQGE~5af3hPyq0V7(Y9sCg>)g`j--~I@`ds~+t zOY4_r$l|6scmNLEg98DyGjbh<5y4hA%W_S>VuZfGb`&_kTe6%u^$jMR)4ndG8>I~9ROAQ&a3c=Tc=^Tfq#+!YF9)KnJ_9MO{0)SKsUzSG zydkpo0@|SrD*W(`RQN3PBc~vC@Q-)XI=~$FkP2h;L2VZ1UXcFh zYYeqP@zo%4y7oL;0T4Zp+_3S!r&PPc92106R?3HPdw+KQHh`t)&70! zZY0#KefND^s{frxK}-ABtQc5l;)#b@A(9cS4%X~cJ8^N}KMH&O#Zp06Dd2z-rK2lF z=CQlKFhP+o=?_30qrEx$`@Qhj_tdek=!)=Fm#`@BvG5gM8Lh!9W4ci#j>-v+Wr9C& zDub7LNiUiY#}Ce@c8PNPr?}XIgo8Wu zRCjA>Yr36X7ftbk*~Xz^0lLB$CUc8CIJnO!8w(6d_6l7VQ>IyD2PBIi^m0PyjL@-Z zwB0J7@KsF^A(c84XLcx$XiV>=OaKIS1{~^KgOa)&l=1;5&`~;V-gM0+Ck4MWczxneE_hzjO0Nf92-0{T~oOlm15lt$#hS!vyxSL*`m-Kg?K%xkgf<9&V zO_BA|L}t>X_Q!J|4gI4V3E?k-3WAcLG6p7UHI9qXhyS*%_f7t}leazSVSAD0>ZL>K zjVf-Jo>^SA0L)gN>>DZfb#Y04g`yAk^>#gY^FUkS_y&(pq_LC!%YNjDyrE_;)-Q`2yFP^OaYx537fCbm#Wf-py*RylQbuFHy%# z|I(qc2AJqM)Om5EdJ-4<#ND%7r8=z~EB;WOkw2Eii zaZGe$KkvTfxO(luh2|BneSFm~YL?&hGkYiu5jRo{FCi;sD;2Yz*#@LYKP_YTY(4aT zdvG(;aDX8tRqDJ6JDHb1GvHDHaYba|O$k5Q=kf5dqqnkk)VH4M=400t z75Bc$>{b1OfTq+6C+?gkr)Z>R-?6SYU*D^&ap&+$&2kx0OO^#nXEfaCfWGf>o5M>E znc@0OJ+E!X1xdZJErNOe8A;ESVkQ{xS4-v{Z!11^$4V?aOy8E#G@5g0A<;icBcjE6 zX4%esQup{Vvgw!)yvx<0GCI7`Cpgu_dZ+V1(eGsyVNBl5XQK9G!P2focpK!)Kbo4B zIeN@ND1Q#L3pliR0P!AlvhMOKcW~7h>U@-)@&Nn6E}_C=Yx^a7qy>G;c8ZbI#U~%C zEO=APvSTjE&!#Wuz*F(3)sLLZI7cEIYrA~PSVCU`ahvku=4${(9RCwjSy3=RrnuG* z7!ZV&o`+F$gP4Ex2>!>lHWVlHb_l8)h~LS+pC7eLq1?_lk5(iAWQle+2p<};4{^)tCPK@dSk^5@LXUiSaFs_ws80=3 z_;>VbP3I^HxmPLe^nL){oZ?Zs2))g7*&={meIA1^!yzc;YUHbhH)xGP$)5uXx=lsB z*TE##Jw?w3p?3%QSJiUKh=AR8+g*Ln1>Q<>AG>~`{9fsyI8EN#qm#EQPm(1E5X%=c z$vey4b*Bkj7n%}GN@X<1)Jg}NTB^s6CyI=m$nC zB=ruZ)Zi15dwFW_6-w0R+(#vagMG;ZLVK4Sr*!TN4Y5QFOr*+_mw#XN> z&ZXsSF;wI-t`j{?yC!%&#l}qPeUXBwWXhD1b6D$xmb95R`$*;o>O-=Uwb?|kg2-~n z-_1FBpe9;+bDwx*a#wL@J>Q6hT5PqT%%p0wqI?6kEl$Xe2ShE@g91O-d$N<&tFuCm z;2RJfh4!ZC$YBR1S8G?F@g^zLj+O9GXPXiq`Hc4Q!O!}RGlyqJ=04K&`QqOOT0HL1 zOgLLJuFAftW>?V56zlHdAYXH_(Rg>eq>HZ$})PSclDARuxXTutk&ZMn`RjI$jK04>=VCpiX{kh~MQ;*PU-tH|80M|!DoL1!D@#oV0p zDk@rt3U1RFG@Pn~ET*Bd(D%0)t1+Ia7BROR*Q2={N3p0}PN_*wYsPd_!$BjnhY~s0 zTh}&SnA2auSkDclq(AUopf!;HJ)ju;1K{Ogy9UwpAfOWN%mdNg-zYHHYL31XqPkP; zgogE*#rPcP0v>2!f9OP#Z#-G@HOs}*9O!MVOw%Cd+tT!)4E)kOL^D9&tcQADgEW6E z@N$eA;~xEaUZ2}(^u#K{!L+wW!_Jm1GQ#Sq#LJ+B(DG7cgE>DM{Ibm0Y!Ja#{ zc2|-$BVGE;WXW^85R^??h)&_~MZUczjAZ|FVp11U>U6WOrZ)**7n#h?pK)H)Zhn!M z47bN^&MFEKxUgh<#eCP{M0kn0n^mTuZKXtYP?rm= z)YWT}%@^!cdvQYv@^O6YI3v|0DX`DTT9s`8VM+^~>g?%UNATFGRkH5}Ecc!e-y*e3 zw7=>}h%_rRi{!q~cM|aCUVcj;a>vZY*OJ7iAEHyG(|e>qz7^IGUv)Z?&>g;F;@L1m zKR?tcQfjOm9hc)S6c}@DfAB&`^~={xA!iUw&Zvi-VM#Mi1Lb?M<>?308N{1MtUi0X zhPn&}bQsN?+?>@>v?X=Y@J_$0VcAmPqC{bs#goADq+K#&gfmN%C_YN)0FLiM;;Zn~ zi4Pj0SLHK;AE3$(<<;Fhf@WKk=`v*VG0_k(emLc>-CNmpqN&4qa;2^8)!yu>rhw}& z>TQ>9c997F**Jk42^XV`K#DWYP*PGu#YrjHX2p|}ymw2mY@eHiZJxVZ{P)^(;bs){j%XvlNcJ}Ms*Mi>q8%+)z z3dPrSo*ck&X@Dx%6Z|6=y4-Ju$`VfAywcgvzKJe5f(iOuWaU0YDBYRntsEI zSAy|wPHHxd+2~p6`Q(%ViRy@3k}qaT^LF%~1@!Shq8R@>Sm^K#?Mo&2brF+8lCBP3 zqD|Zm6QLI{oXS>+^8O8z(Tn4mj0kjZMYZs?fDll+^aQOGo0PmN_}cGgg#(KD-Bit*9XGmI(L0 zbLVbUN1ISZ`VTm1s~94W)Xi>r8yP~@t_V9?qyQe^V0Q5m4sCJXW}Qi zZ|WD--WHxc&aS1{bSgxZX=SRS=m)49}jt4QO`Qy*`{UB*&Y?s>UQD0gRl;%9t_GMxeWO{R`5E>Sb3PE<&k!(vER*P zKj`V5)1>|)q0s6>yyxfrD{|Eq5~$~$N5p+SgS0dhywBXaJ}2CrjqeMz8m4B1l)atF znrmCyEPBCQS|rtaqxPY9J5&$5Y@Z7{87>!Cqsl#m&*4c{S@w;msOesn%1MccI9n8+ z_t4H6eFDf(-sxOqgrY~Dd;$gQZsL>LAa6@$?+-N{cKf^XFKX0Z!Y)>2^nA?o(YA1> z#?^;X^fZ;&j47jTgC}?Be|3QVdr50LP{7IhBd;UylG7cKaq*`rsw%zUYx*STz#r+8 zt{}d?Qa~Jno&w5q(eiJ#RezjZ|B;f{8~B8x`?nqxWAXqT;|6~pE$EuN^La6IvRLRb zH)g?MYOo0=3ps5`;;P1E;mZ-*F!UqumsGU%Nqw;@Gb6znR=0FA?>6)+VC1l#3uc3> zhV*TiZpmec?0cWZf5U9NwQ!Y{;$|nV)Zatg_dBwEgn6v#Pbr91Pmc=>pBZVG+cm4~ z(A1HF!}FrXhG`<*y;jo=7u&_omcG0$R?Q;#*<|BA6&>$i!^sr-(CX}KeuZhVRWZg)=kLT+>`3M;Y#PuXuYt3IKM&v=?kq`~k{o|r-b*Cg|#!at|Oy^1JlcyRz zMM(Y2g5*fQ-P(XoYqlF`6c^~9x!@jKto4y&C(QB=cWU;PU02osk;Xak!Q*)QFx4XV zc%e@3{Kbgfi)U@dBrL-O89|&<*~GWG)M-z30pHtBSKk;}hq>3&^H7Jo-I=vIxtBeQ z0T5qe`^0&wunL3)nN%)nASpHX4l{tnyBv9vwj25eqp-3fX)#!ZO?XRtcOju zo~awwE%x`#EAWmFM!o6rOT?Vyd*dH1HBP;I;;cue;nkLt+`oYlI}Ju_je|{)8%K0$ z!`JbvAV$^QzMS`tuoT_T$XE*+4dMUpC-nItJoVU835I5Y{3r-`f6j!Iwz~oN}+?CTPyb9H^U~GQ%|ycfrZm#a&Wj(8+r33^$CJ_+Y0)b-4&YQ zM%?fmVye}8B5CqT&ygq7k)>)^H<~^;bG(LX5*#x_*xy!km+W3?n55I{!B!%eALWtP zmY!a|NtO3Ne)l@0dV2pLYneaB$BZlVOn3(kUW~Gv-BedIVt%7p?0C&svgm*%ckE3( zB4W@&+4kIIZkYMTxL6bFO~tEYkD||+-&nFWX|0legyN#BP$sx+a+^nWMR-5yw|@RO zYZRck%SR+gvq?tIZ_sJZyW|+36iycH`YYPp%9e_o>^Y96 z@L;!4{7K^aZC6Pa4~4}^i9JU>QoEM-_f97w*J++J#xsQyfEGIdGU6UR@;jGfb| zBCNQt%$S>3_sQu#!eniXC#0U}=`-FPB6f7sl>O@g_l*WPyQa6zJB=Hk)Av(!hYJk$G;sT-u@%n`!3~l^M(iINvZ_Pna@cW%YC2b zujk0L+noAfwz8+Q@mS1Q<(Ajj-SiWroe$Fzb}Bh2EHfsA_*swz%~?XjFpK1|LC~Oi zXN5FvUX4nXM^6uv<|@nto}KIPxM(Mqn>eESs;gQgWk>E~4V{Dl!CgREon}Q5FLi5* z1Rdx;Ue57KiH98?6H?4PV(RjJw=1WYjb3+I$7xRyx?xb zlq55~tT1>aRK?XXF(Hvq-L(Wf&2N|l9K!#N^xNTsnB0RgoyaZI*8=1;?B1x)Gbu3( z`oDz_untM~rtGXTT_fSOXK+Arp^XXixP(CpEveHqz_9Shg<2 z>KWVfCmVJ1cVXoRO87fU#5}mOgpov2Vs*fx&CRsH<)>Oy)HV* zT7m55(DoD_D_?LGFY}kEbrB<@JU$*}wqnAcJ#_E5Xf*AjeYb0}VX_(8u+U@j)be5< ztP#t2&IoyUnenP4H*!fO#fU8JJ*%vkrxcN#SmOO!JS@|+M?CmWD#tk<#hdqB`R2^d zr(o-hJ<}HYUDYb0lf0#BsfIf(e_Lcqk-WcT9@I5)DYAn2@QB%Aiuq3On@=w=yv>!| z-`2(NnGwjC%xA&PU4Oe3Ih0h1Wa(B*06cN;DDhyyU2V^#TXr(*?wMSzNr;ohVqV!0 z#FNYpo6ei+7B^5|90|F-Dx1|p4fYEYIw^Qb5Dpiz!L5_sAtIL}DOYR){;A>``gZK5YA{SQC_GS#F zalzXm_VHH#r#JWBxgK|1m5GEn&sX=FDQ3Nv2s9M=a4FDycxQQ|e!Xt=P`Pe+^yrYx zk@AK0a#K|{-A?w|S!@ok2l?T;r0kJAX?eVK_)Kw-uyM!>(e%MaVUszVlrRrAA_>Hp zZ(w#%Y<vl;hGhZY+~ktA!lLdTMwefPJVd0I6wT@|99Gx zB$&nKIpal<5MgrbU_U42RL8{}hJ@AbPfP;z-G;?$o3e?87pMa5Ixr0W_EpP= zAXVdN3J6a2!{J=RKo-}E9AfZw0J&N6vDTn=##QV!kEI_(W^aCIoO>sSzO{lluT%wf zf;jBNX+{=66nElbZYlsOm?Lhx|A@!0_jEIAChqj3V3z$T?n5RoMSg#an?5Lq3^#G~ z(^6qt?})y?R^pJo^B`GZa5RdnP|h{p{W3f-h>{fGL8@7|&X>UQKxx};jBa_C_W>eb zBZlH|M%KnLAq|Qciw$~l;H2ma^4{nr4ZYwzWe!=uCI(?8tWeAy*#{+P0x8cLuN$y$ zH-3I6N#gnM2V^$iyynKg(1fX8%#rmQs$LRCUk0p;NnTvS9_z>} z?|)!KgZx3OIdb~%CA-Oc(m%2se{`_8bC+enfbF_FZZZ5zyTdJ9QErsfbJi!CBM#X` zmBdB3#}K$4r`7X2#$XJWfkewGdagoeeScL4c2oQA5bc>Wh$HgR-0pXG_?Bge6KakR zjF3&6AEU1$nJ8WjuGw9OAAbtn`|ObF)QZ5Jb&K4|WS0R3p>oTyqk~1Enw{Cp{g$sQ zWDQC>N?8K#sR~I3;L7`jr-y8QBMW=od2=Fhu81DpzGxl-C5r6ADvfj(`%?>qvi8y#xUeG_J*P% zGv6^)cJ-ctZ8Aqkb$y-fCz07k6|35hDt_0s&d}mR-Zi-_LT2f-B;g09D4Z*Lolb%J zI_{PHPd?rD7#QRd895!ZY^G~*mZ?&BE5!zMCmb5{_b_l!Nr-kP@FyHPF*BOZ#vq;L z@MjF01&JSdw|ev1c$;Zcn0Z6CLG*3gM8-{X-7O{&AtBECw|Ya*R6nCDlPid9ups@n z_tIh@09>}hc`(Xu_@dT@-&K^$3&)2t;DfFwi*~NcxLz+iUpW%}P{HUlmK?1)dI#~A zMVh{`aPASFNvg<-Y+PO;bIG{!W&H?bZQRf#im$&puunfp;`LDx79%b4)L?oNS-bR! z6~F27@1`1VksGzEEcEXS$_SiWh~O2HEQxc9RO9m@uqC@|NrZbu2d2USvIei@$R3`sPuu(2V{Iy+| ztf3Ulb3$0kWE+st5>+uRAiUII#{jbRJS3iMxQKISgifA=1r||= zVanxEjanynYAb4*4Vvz!}r5xYGfcZ_p+V;D%nj4*=+ zPUlRRvARNotfU2F@6}^g9iz&QTRx|wPoImEB^4(H(xsDc7?pbGOq*T25)gll`}Qm^ zGsVc8qA|qkhhpg>_$Xrri`5KUr{{Bx)5GE}-EX^7g!N=xP?0W~R_k$S5WRI$=?uCJ*DzcuVmNRWFD_)F zlJaboKLT?A-Dxv_J}lSJBLlXyjcr8bOVnYj1Z$;#>o*T6U_|HOw)ECJ3?Kx|#_bDd zd3Lh*87U8B#%w!wOYQ6gp4$T=5i4kBfn?$C?p5u!gl*+1T{EVf$9tUb$;isGC6_iI zZe(4)*GXr7RT@v}EH%zF>ry`m_gX)T@Qi2cQZ%!dt*hYFsxya+g(h>mi3v{yAga3>v5J>9h|s>phqZiq0BgxQjdqzb_n6R(Pcq-<2_bec!0QO4}SJo~><-T*G~G zV`O^3R|y`HB-?85l1+^p8uTHXNyE;aoz`_8u()yo|lNaE{Qm$9T788hO(B>%9)&nuYWW)2-*`fk`odN z9l@D`Ei>;m@paRzZJf~7h|tz(W+DX$4MeViIxv&{v>i^f=Ld;D%9Dv1YlKw@7C975 zT}wD8*0+3(+)R!&{y}g2sA2j+RYc?esptUcI92^!$EjJ6IQX^W6z;-L!lIhBnu32; zX5lZGWFUQjMn)SXzYstgbgSL~h%NO^0v!!}1&}Q*G3$PzjQjo?>tIRp7pDE&fW|%Z z)fXn3GoiNjp*lJw5{kPTk%|Kjewqnhg4eNhw@3y6i@BGQy90@4$e zR}c`8-iZiEC(>IWD$<)2L25*L4M?w%8jAELJ%rv9YJiaUF5j>0@9cf|-Q(PI&KT#M zf5=EiMp$dEIiLB==lPX5)9Gm`p4VaWFYC)Nug*aN{m0pM$38FUY-;a&q6tlEx=8dTFdja^d$xckVG6a?BNfG3+dAoe zqpgDX8;3WKu4jGVi{$3WYo)qQ@s+j-fdv{R6^-b~CKe5RxN(?}SbGyK^_`DxoW6xZ zM8Tf-r=6*r@ZBd*T|8ON&Z98U$)N!f4>1Y9cZeYhlC1+ty5gRRWp^fHW=qZGw9g&s zx!=l+dLCo7B3N?S2DiUMq61vj;cMAa}!`VBj0b4_DX z*b|2=ylL48c3z(^VAcNW=-NDXT`x95Z!2XmQ~Rcbda7~UB!-4mn2pzHMc#%hj({=q zjSPGGUtWnBcX;rf_Ps5T@1j3=hT1&Bdt$|HJqZGBT{t02nvHDZ#rxoa4BQD0q?;BM)i!$b#%}%EBhi zqO1ziPCP9%MEqc#hyBWYflo-`s3cglk0rCmMx@9px5OgqtenoOzQy{oOw^s_G_k`$ z-xF1dYS>>u^$Dui5YZMLwV2u?f&={Dw4@Tl)IFUn+L_djx_^OzhuQhkN7?$1n+bC#f`n)!V zKWHQlW1%@3~fAA6C z^(QfsC@QVJ!Vg6T2!3p34Zto1#zdBe7wxr*sV%)lE8-i*Voy8e z-0`jLP#PGy3uk(LN5#b>D^_?l3mkfBdu?$X%)CoEYvt`pN4t`_$&N%jR{UpP z1v*^@vogv-@6R5ov-B<>vE2h8AukXI2pAuMCSo;SwH`-f4g4VQji;{r&vwp|=A6U?k`ZmN7cCEV|_N8k$5W!b}n>cKKfyuMt<=#YMZU} z(aRWvSEozvdCM%X=J+Y!sM{< zDfQ?4=eH0B=ub`c_zl&B)F@-`kaG1rsV#NK&)oGqkC=k@YQ>3&z|@G|5DMz{Ffj&^gs0` z{xd*-xgcCEb3OTUAJVGOU}kR0X>aRQtx|$eE=}!|ZY5_@nc=7EM|gD< zH}}f95jK><_z-HeFLkY6&G0x>S=sc#w@+;Q%L!kBBrqkIE$S^5?(O}o*^rCh^6ZQb zlfHG?B?o2NzCP0Oekt^GgE@)F`cjlNn(O^K|DmFDx?Q%qb6A`jU-g&xI7hzH3N5XX zztj}}duWW#kpDNl$5k*Q@h$LWTy1o1VS090!YaB3nuvqG;zK;CmhYX+kXskzvyOH`i2k~;l9SEKnu&Fgzkp4;;DCGY>n`EI^r&5o z3s1-;Uh(NE#f9|y2_Qys)tz8huQ8qmGA2aS%I00l)zj;Ak7Q2Aiv;n- z3#Ik$ChobRr#)tyM)a(MB{pDmt1=#_H|&nESH>Y93n(4UV`AcZZO4=JQrFa4?0Rj; zN-r$4YCmZ{_gci?x4-)#jF#Q&AN^i7{Js6ZMdSZz02|$<5ups1Sd&)PD3$VeHo5BV zrupsFOL=UoU3hJ^`9%y==d;OLo#+9@_sj^BJ$dgXeyc zDnn!|ll;BYMw^9V6XU2n_5Qbg+lypmHfz0(tI0E1MbBNOnt9JsW^lZGn`UQOLtdNmc!gP6BC|ALK+s&sml$)%k-~h7lNMMEw#G97FA1^8`Yp=Sj^P& z*B167%!uN?{BJP(S6LtvNAEt;04k@&fPB4@*^(LSzayiZGPXjF`R2*@L2(4yQ&Qt! z+-Cn0_`pB#eE<6T?{uy+3ReJ9;V#$?Z2)BcM&r09K}2Ul;u#!z@*=uq9(mM-2qfDa zME@%()dWzo{5zLew6FveT>4Ay8o3OVnf#c4{G-_PpS}8DC#m3z z(NSo}IXa@=CQv4xL_4`V^7oqzZ#zg_lY(su zbJ^rp)p?{BW|B0(&sMMc*)C%S$`SSn&7;KhUX zw1)r>;6uFq-1P%`Jfwpt;$&VCx0!32e2MY!MXs%CUdS}o)4@A{in9yLi&?*Yvm#== z4O(SQqEk>NLe4UZ9TQsM}Z^EiF(6?dphWQ8q=Tv=6aV9*!;1pXXYZ3dXQ#1npt65GT zNaeSfPfff~hY5tSzy%?g(g46zFulu3CzBYIQB$4pxP&{THrDpxV3kT~^KrBZ^?3+z zSjDCSX0>onEaVp4g2+W+eOx_8W?z*FZ2WoK?xxfG9e7&;?|TFD*ym&SL&)dzV-h8f z#@m?Xlxg2rF5~?gv&X|OrXnZGpvp@v!&}FaY#d?%QNc{ylrh93U@A4g0ZU%`UY^)W zzEJmC>%K7ea7kNiI$iCQ8zUd;D%DrYu(PaJ8c)*i-8>e<7Fyq@+mbjxrG4*kF}Tn3yrV<2`Am|iPk^-`SmZ>gLg1jHsSO!Rq<}ad zE#(5(BnFu**?d}bu9+%Fte@m@mMTYk`pnDzl&^#3dAdP>U$l00o2Q3^FNRmftvfaU zN2e71aX5hs%h-V;@~uPwvMaQsB_eRK<%{IW;eiSfj-3R7U)LXR%-xTDRQei_vVT3* z2#-891n%!i!+rckm>gt2gDPCk=WBjN)Qd?2$rsZy=>}~6YwFuSwIfIYK!fJ0GC_5r zI(Q#-i74xbDB(<`&M-9znBA>z!{m{miJ8nMqW`VctKe0XiV#@pYHV8TVe z98u>DZpp(vziZJcsea{_By=W!>I^q==bXi|u|@!d8DhUB*^Xe8v&b`1nm^-v(ST;j z$x6|3|G@Xjc%tROqb29hEyBhL4gmmT_U}9`<$v(B76>Q$Yf#LTlmo&V5rQ{vNx(mw zH&v0E4}F?tC&Yd3F&hO1#knE0#D7po%)1`Ek^P(1_Ft5({E2ZF0FN~LEVV~fY`7tK$wuX`i5(5n`Qf7w%i4(P7M@BT6;QwAlJcKhaZPuMC)+`}__~%R<-CrV;M>_&e^;rI{Q( zAhJA^E2-V0Tu}Iu5yr5~TL^u7hv<@$8H|dks(S`MD%+#}t}HjyD;TRG9$CBeIb1f5 z^g@{%X)^3BFP(|+^#!CsGvOix22`Of@-pAE2zkr9 zQYu(DH_!m1KZEc)HLe|JtG>w{h>#oT#*5 z0ApuGFIC)lm`DYL=B&=!QK)I;=(e%9CjIQ~NQ^T#ay#lGoWs1`puvgZTdO&; zyj)$Qe0bo5T3A~#(#F@QI@XtKnRW^^j|e}|2p>0EiVDcHtNY{dfuJV?L;pie>5a~* zC(ZrfFL#@))0u_d*jR^dtw0;8J2f#QEN2j6AppuS#x56U8xW(n2Gf+eWA7IilYWhG zzMLv`C0TrxxY&5qf}Z44^;(dDgtnmgyD$C(6Yo4nn(;qu;%k5Pz%3I>J;Pm;RWBq@ z72dsy6HuKPHQCzi|7j$!4vhkpsT~DwIk}_H%bk=UnM8QwL}y%C4tRMnI~3%#WAv=V zGUOsa5fr%%HyPuiv3AY$^1du7^Ley3f*!jWYCy5+N?z^L$o3CVg7g%coAFC%h0UI# z1VFNK=-cYwzb$x>cZ}0DA9sJR5&X_MT@ri&^wI@@f3Kn^Gk+kj`E%G#D#pw+0FulK zkA%lq6H<<3uNyhU()T$2U|OGk-Q>pp%+rea>y3ex*#leI?I?$5SIl$Psy!F|BJtxo zwP#s>QoMmMdRahS3+zu=swafAj&t7JOssbCN$CF0u>M$jF_~x^tT9X?(;q-L1#p>} zB!kAmw9a6o;Tc_D=GU?#XC6riemo+Q<0kkL5rs>mR$6MeN8ArYtc9l$0A1t=bQ-(~ z%7k?_QNPMR@Hv-$1C8^ZR-lCiW<;!`7*E&?rGaAq`UwaL6hR*URw?~YsFeTrku23< zHGkLUf&N9RMEoVqGcJu&v!kV6l}RXe5xW@Kka(T$-E&=`_vs|(9aB))rJdV$6KjXR zH6u~d#9j+wGu-RqO_iF-rSXPqiyaP|&o0Vj)zSYH9z%4LZVZtfIP7HnAK_`$0}KtLKgQ zHFkcz3(q`rriyMU&ZI0-NDdHm&~HptSpTF5kh#^dZZ_R}p&*OBgvT{tr}90?ei*2R zWAXMAeR~nDG%2HjEKxVJg$>$mV%2-p(g1X5%EiD8ZCYkE-o=s$9HJZaFanWhv~$xS)SSKLNl5H z+hm9H#=&NaXSEd60dss*>;nA=J0`_wXKeIMqY{Y}Q{6j}!@)6^g(^;>kr zJ}*cI3#hFS2J!;;%^AmSA}s2L-$=cxmA33+f5*o5L99;=J_h3JCTO?f{I9xO2t4cA z!l=5sY51mpBp4*yxm7#c8@u^APOr*wo<8vc+W!Ylq0YAXHY^njH;wJaX7!W(=oa@5 zI(+r5fHacX7JPAFdDOkIt-K-v%dnK?aOWkAuPi8woGcD@+a>{dQ;ywx zzVY=K>|yu%saKfvL$JfA>?iyUpMH4Wan%7JJ&o#zu<-Ot!?&NuwLQZB0gF?)<^6j7 zX>Z3{A8(7iogE`Yp-vg|XMT>Zq40=o5pQJ)cE1Vl<4ujjj~T(A)vb7wjg9?RH(#CQ zHay}EL{-3U*vdGz^0(*B83evBA6PO-^%L7K>F=1M6Gxo)LcADr`Z=D!68Q7c;hw?A zx3jOs3Kzde)@ZrVI=>%lm}*1Zl(WS}QobC5foaVeD;I?*3!#}8scE^6OqDLUEj{y& zj;iqURX$51L9*=+;|$G=z1}IXc`^wteaR8%ciww&a&^CyB$kLP7+j7nZ#Xv5IYu$0 zCHv+S=Lh^0Xn9!Pl-QVDUc330JYvSsG>R&6a67ZmR5i#+H8GybRN`+d>gzUa?ihH^ zO-(l3hg~GLv|`d(zK^^0iyO}5-z%r!)?&)nIwy7KgUo2J$m8!r`}U6f*K7hK8?K#i zp}ROyab9#=W;~2^1+5Wmv=arV&FlR>uJrjpzz{_CGdSN%6iM(evR~$Z^?kaB#>~+1 zzG60SS_)d+xZGpMm*bw7vmWw+E+$a=niQY5XFk)9886T<<$0i6e?ChPfj!a2#@ z(7SY-YzY@`f8JF3S^0AVQK1xEai+JUHdL`?(RSpK>wx}snC{?Q<@}*73cG*7*#KHz z8NNXvmSax7>}HQ|FB&98UGT_zjy+_SMQnX3n!8MT3G~SW&C!ER%tVj@f&JUGSg$** z=EvR*in9$TsmV*%&aKNVH{P?XxrehG2xQiA8__;0=73d9*BP!RY9lv3TU}Py(p-jR z&(v`Q;&&FD-V<0gYlemHHVjw#>Wc6p^Ph6X-@7BqWRc1-4YC7vm|)0laYV4095HV) zak8YOD^X<}Q3GZx?=%*ei@Vk@ofsvlK%!(koC92I8 z_0(D&6iU9hcXGouNMZw5pshTq8K+;Z>LEKvNpc>Lb1r@q!HFJpZ>$eWD^OVMy3@=D zH}XsPI$M0PY=xuLNITKoV1cEI-q+7DaXO^Ss^b z2frFb#5wgO#GA^T!#5_@h-sD15}a4#3k+*&HU@JBX+t54I}Jc9{gw9vjnhOxqGMB> zUA5&Q$%!D8mhjn~Haz2dBnq|o+B|{1bW4}RyqN++q9ElW%^+=vUC&v1KzRpfv#&Br zhy-|_70Uq=>{Si$XIR!~r)?n8=%#C&NsZ3F2O2$ICz>nCEXz}@h^CB0;)bTkgW4Nf zHfDFzXW6ADi$53!xX^kU9N~kR`@H*Aj_#BBZS|UDhTwe8_I{4}c6xKRRS5&COV`760b{e%lOdoXO9B_j%+ipavwtD7+w_RSpG1=dLmFmM# zMEC_qgTkB5d6ZkzBOG=PlaCOfrX|fZAMp*{h?4lKYW3VgVrE-{|4sY>xiU{oC@odd z`q#NPm}f7aUx<4ry>6R+lOV|P5I>77F`6=&oPsJXx6@Ase&T(b_3r1T$DPfqN{wDC z7>!%BAx0V>-JcY+U`{h- z&Tv!j*P}CCr{8NWT{m_C*swV8@WoHWN0=3-HqDs|9o$9uI-<8ko-7>U9Ay7t;L! zB*m|!xha=e**_@?qna416ieepXXh3&?zMY(!blbJUl!O62N!+RAV2ocRB@N$GKs^g z_{JX9v$A}}H`ULg?>!CX6Pns)!6WEMR>O|K{+RZNYqyZ+b!p} zT#?qS@hB<8q>@MGXwM+!%l&72&Wa6f_=90u&hq#?;L_@Dj6cz&5kRT*as|NVSUHVUZ>A~rrM~(eQ z%qVM`RJA>Q9j{f5)F%%nT$1i^k=|Ip=rYG#ApoKCA3$8+-%{kMDNkmweT}G_XP&y? z2@)1H#cbWqnw%vuk0%&#IXhCjJgx!Ny|yRBX@NY!@dzCf>0zuK_Xh_F+}hZZT)ny_ih*J$Qx<6-(G7xKvLr6}vx zb!{WXQuQdQNbLM^bz;7v!K=t{suOO78jrI>};6Pn3M~5=XK;fdYHFzpU2w%UOja5P&Ok3 z6_zN(s@Nsz=QNvRmQA32GE8FR3v1tO)f>)v)p4tbU;G`NqP!}+=LZ#Y^O_mgWf`jXWJxcrS$#hdwffMlo2jMI?#)_a z8-Y)DD#mL_l=y_CERq0zG1S7zNtn}kg2(2)D;N8ZxN)vKwAntteufKlKZt94EnVPC zDpj6RexfY7=BI8XHLcE{Wv)Irv`tn+wIKpf4b1inFm|=fb{C0yk6ZTCrxPZTEBCG( z&q6v24&;s62M?r019rEl?$De5`jr`AQrffIpl6|%a5Z&Z`=gukj&O0; z7Dor_W@zryTg5!g${YUS!-X<)RB(TMVq|68U~x`e*(mpELS1BSWD4bWKJU#}i+?}#l=1BWbGtcQix5?aLvg@mM?~a6-t$)B z+L4@fO|N*75C8Dk{BcKEs^7Gu9vziRdPP(OhCa7zi}co4e+2tIg26N@!$>EsKs)c) zJ8sEY0|gySw{p-0&fV?GrYbU1z7;U9;kMaJ1c~bR2c|9p6AZh@#?Lt|BNH64=hvBD zS+n~I48j#~@?tH?FDBDb-t3X_cVNld9e@BztOkXvne3@b8Ou@Y3&eo4^IF;<0@?A6 zxOJ6?#9>;IS7)~!IlO1ryGB#! z%DOEL+c$>#Qewbr-mQf0mU`|uvJnU?-6=QNuxTjoDyiDp|H(OkUWlG~ng_`#&Y-?kF zo!>nf-ZeGK9=Ni_gAG^XXd#)-n4Xof7;J8B^}M)g_^Dj@Z9{&C23PVL8AQ?r2s#_S zp>DDrpSP-x5BC%;V&(Rw9=oBid}+SvxYkI>M2K=P5^HrIm_L#IM zzikgp#uW%DWMxP=Vv`jDN1Q`35oJ$hh!6~jdf(JqD-1t3la+4K{#Ms3;SVOJeaa1J z?vlVYa*4)WBmAs1JX z<$qGN+uwsLXEzrRU0*tmv5XGI9!6Y$(32KyYaSP|%Vfc7KZdX~4jsle6}*xTU9L7X zxcwfKOlv++3N5i8>6pK-o_>ulTTA!8ZgOlMX|t%_xM15=vtYP5ELlZUZ^_JPy04r# zvjAdH5YC?02#&KeIxl_2-P7lj9M;n6<-sCH%Dc7kTqqV1VWboxCt0}ef&s@kX9Ca6 z&cM{Vx57%xSpEt~z%?Q*H%cHB?|~%v(_UVUS<`Q#Rugr|cvK(Qu_N$`U!9TpPCocJ zPmT+ZG6jku3mq(p;g#~|uw(nxWsQ|Xe4oT$v`EmDjW}X&r=}arZ^-Ex$93su^IhJB zc*d%AO-$qqz?>R;azomM4egGr>y#Y_8qEor7%*=IOMeiVtqUZQc|`D2M|s@@JIj!V13MJpXdOG>HEb@@{)!Av&`0E@4*^nwKt zSJ!=@5pob_5qlVza*G?8C|E-!{o~W#fJez5wz_Q!!J$-S*q?z4c0ZGORefmp_0k)m zy?wSN^(SlTxp!+_9jY(m<4^(FjF&5IpQ^7(!u&;y$=UPH^nOJaMrz8%$-|330d3dG z@eZJP-GGoN3AW8B{@PIGR?)$G_ZGaP1;qzG6Sy|7h-M5#TP2QK56_RjuH2g`+7|r| z-T&~wg|@`UqX2RNvKUJO`iZENowJ*|a1lUf&Nkndd+`*Jm3*{;U2UB-|JH~J$!a1t z)u-yL_nB03tluK_TMU!$+Oj}ed}$f%7zk@dw%^0BMpJp_9N0%40ZSKlDX_ld%(NZR zAUh+QaX~P%iN^eHj*iC&y|868MX=7K@dekGYO^c!D@caPd7ylY47zb&w<>AtV=*Tu zr8l1wPSyp3M`;_=M&=cSdt*NpJUCz6$?=8Kn!T`(-1)=&zMPsa75`^mv^Q^TglWaz zo(#C$C~Ji4XKdI6RIggXk~o+%2fsfeXPfyL##OG+)a|+?^PK5?#HF{79ad5a8)3_v z{<2=k_DQwIodD7maQXRG*6A5#m(n&~e(D&d8cN(&=Y1qwsze$6Iq3RjE~=5eIt+$g+lcTeBZGLYWymYXPrk}zPFbeik=1STO2_t- z^;RDBhY#$j<~5RN+fflvi ziq@FDSMLLY0KM)X(b;Y?!6dGmUacCw{hRFsg%-Wul1F~|nLUCQc8vlB+;Zrp3vG@(3QbrXUavY_?_(xP)-4 zT_aLok&vN&no8mk%xZUzKlL6ne#bsVVtC<;Vyw9J&zn!rb;nFZ)9)Y2*Nyl1a}UEc3jm=j&fpfK%BJW7 zgmqi5v+E6ao3;l_Z#8SX*aQ6on>`O}s+seE7J&Eum`pkY%t=ML@U-XIYX7skvv@K` z|CK*V8>;vs3A3HgkB&n@UrOu`{YE52u9BV;V679C%3EFWCV~@4dlWtMJ z|H1D(lH5#;%!At!J#E>?P`JF6fh=eGc5M05iL%W9K5UisW@A0E<{WDBaD3|PM7^Ik^|M6hl#11EhQ zsH_nYewz5;VS^Su`*VGYPx6H;;m{BkS@>ImM?KDwR)+xkC2WRK3+ou{D*E0t zWL`R@-84Y)RDF6S#rliu`hqjF_I}CSVFdnBVgX!qRODIeqoYZk*SIkp_tim1^G}yC z7hN$WQn-fk*d-l)^U}&}h^^868KXhRDZn|99c0qhC&Aw=Y*4+Y>dJbU+gX9vI15_n z+#0F_tPE|)x0{H8*q$_N-J0^TtsIN&Nz9S(b$!nFirb7e8)j+*4U-yzWXs&g$?ORs zcV|B*D_4>_BemB77v!@$lm)U_{X1_%B_ROG+F!Ye-DzyR^t~OLy4z#qbwt3gr36lC z-Lw)U--5*$AbhpO+U#S99y_?~HuYlO%%bO!SRf^Lst2<~KT&@H_5tpgFO1BxALxg- zgQza$3>1Sz9yK;W1-h<%fe65qDqzZ0xh@>NgEH z3nkpfE=Lm15B+e?gc`mme}b^ORa6$Zo|((syw8M6&QDk}xIB~*9p9M!Jl|EoNN%!N z<~TjVnJIZUK5uf+qkLw{wU9s+T7ka0R*Wc`GhV9-n}SbF-xFGu*C<^H!wCWhz@1>D zz>`TO-1Ar^PCez~<*2)Up5G~`YNZOGEN+O)LgT^iXqF8Pn00n%FHHc&ng@}&`{Fbv zu-}22Bd1{jm)I^s<+bobrZ_5eo?VetWc+O;bC^L&$YT%f@AB1`LKNe(*+oQLiON<@ zPE(eymljYI9h-#WhM_+&^pS;%TIFHYYEyt<9C|Vi_mt?{9Aj%__WjVPcLO8b6v9mNPC4HbI5W;hJJbj|{8U;w+;m}G(`f3MT_jKW=b#7gkfP`K z*okc8^=HVBnW~f@bEfTlZIzOYPNZ@UPwUzIXS1@6ii&$W)0$o!n9>S55N(LJkJxj!kI3iJ<3SQjuMB5wWf z{h5c0-q>)DfxE1^?sr%`NU-87<-P~bboZ$W$75PqsDdm8G6sv5$_*N7FAU_{ewVhk z7(trN6fRjMzIq$4C-z`Du_85I$Fah!xO(|ep2w`x_LTpMuucjZsql4JLO{)~<66(P zFDSuf(?K=r_c6`em+60+0R}|wfsr$3eT^`h#^N4Bm7l1Z7Y!BW&Iw#+sbPDtcUNa` z6C)SqE==|9WE=DeI}9nru_QE8Mk{Lc$oE?K_s`M{9rTBQZdCfI3<<0`94No8QXY}% zFjKx(dchBOKH@|ldeZozr9t<_i^a9!m+_AFm9mDiCrN_tc44Wu*}Vd}OBNFij0EEr zl%LL<&fj+(sZ&?*vjVW zO-qWvE(&-4MSp-Yom&h)bbZ%qZlQ4VBWz+cS|Yn{G^gQEw$yz^w=c~U=wV^Q!!%U% zwv^YP4}4_T0XEKmOA7n{@T|D^f1qc@f93M!yvqN0I*eFNzG{nCYMz|?A#xM`2U00a zglYA|pyPo7RU&sN&&Y!c7py#I5rY92_nkAT$pNlr zU~pp*R~tmU@kec-8^UgRC2;-g)sH^I5D#V@i^pbXUnpLGD*CWSP?`%kWuOMiFj7C- z;Q-X^0?=xTgAw@7BC8=MO4d-AB>yvt{y^aO%18hX52({-B=`SG@yE1&J-O4Ld2kzI zh4`q|ll7~MJDqO$TKyEKpjw4xtaHEo={WFH%|;ETR@nXtlmhZ4z9bHJYK)?roJ^sy zGw#G{9~xKRqO^CWP61Lh;)G=fm?U z3}ov*O01o=!Hllf>sKDw*srA5r775!3;Z$a;AAtC>iv6Y4Eo<&*8+yN|My$h%CBY) zS5g{hu0ei@v_PiN%uAz-Y6CV^4_~k{pErbfpowd7yCnh(bK$g+0Qjg}mv&j)BXh|Y6&wTAnpFcyR2*r2IY0Io2%tX1RsvgAbloNHC5x(~z zN`ky6`U4btw`o@6^P>|sg8G^}c;)OPOiteq+h}@VpCsHM#}c=&UZV|C&cyPHp!;jBVX~ATRBLS@=be3 zB0Lb(ZV+GrO%NlFZiZm6Uu!LdxaP<-mHxS_NTXbUsuhG1GMe5+hjFkF5J3%4cTkjh z1IuDtxv80Syb1N$>f&n8TEP2Z%52{w((Uc>p9FNclk-m>H_?@|H6}o3tMWj1H2Q>Xur6El{Hn|RZjx3z=H`_>1=nT-HbXD-Cthd(196B3 zVnOmTAnq6p*TBK(jf{!l*+WNd zbL;`p*s&r;S6W;G7eGH=h-6%Xg6p=mWMkU>Y)_xvCuW>-5kVa)O;)o>i{VK!pD%dd zS|Lvs=y$x?Sg%cIWT^U#CHr6ql7$)@(r@lY8%(M$p|Nn|p)l!hO{t{%5dhiwzs?G; z`M-d#QgQuf#=k{yAQ}CCSK%iubRc$(tmckr0sgP`tQBPUUK^lfHFu%{4*YG`nvGgr z!2XT0@Rv~BKbdzIa;g>7?d*l0@m0P%PHYG5irLK_97&QRBt8qie#ZHZU-4>br*z32 z#*Avjfu!tmm{6@xm@YR-44Mdex{Z0G=o%$2GcFGRI!daM#}}Z0@*Dz>nipK)|9Nj& zH!ee9Px71JPGj`MTd%s?t;6sQrG<4buI_;#KJ(C)C{ zek=CwNgu@pHcD+fvxmg?1=TmhZYV0HdBvos;7m^!rncM<`dk6~)QT?h_N#NmXYQyI z$~j=W6aWw(e5AX{<9-|@;MNO)x4x=kKl!Cb+pzN429rZ?KkrX&ycz7-d_Yha- z&MBkd1ynV5o-1~lH&!XiW{&T37u#O&st;-ei4WU=?o*A30>$-yG998tpx8AHSa^R@ zoP&}CkhEXk>=(S|*Kd_cpPZf^Oc+O#BrS~M-^RXtS=iH6nGE)bZfO!Gb}bY$>JjuJ znpp6Ck$lMO$$M9LYZIlX+bkjq@Q;6VQmjaz78=Dc{!GN6bRqmuFV2+T9&vZ?aWWz1 z<-EUFz^wxH!S09^k0)IyXE6O3p6XCB187zPSA+&GPyx9KKqN>P5%`=v>i$X0S@e-} zcvvuZv322^Z}o^7hNg48@+hTo8|4NcUJ#<~K!Ui3+#;1)koXXrN7VxEuHK$5v3+g# zP4g%&yv0KF)-jxJ zDgku$-~W9k`KG)*6ASq7*EVaFqFBsqjxV{9?W>fa28M+l8O@pVGpQTqkE(T#dzwBv zjZSw*vBUKUyy3jz=6JFit4>WsD{rpQiTKOKS9QL-&yS-ngM9Mf8i1RmadZHf1AkC) zWX3mEd?2;$w9T7Z3&gQDX4)C8?yv4Y*1AyHh}34zn_ zM{JD(f;9~hIXU+67T{_HTHXUa=g(y2KW~+hMT^f=3NiVHQ1-dJ_ ztmkB+Tr4In*})F6b4CFECg=!qqv;0GU*nqOJ65yZH!)i~#Ui()vZ-D7Vrl(XsF;|T zP&xW7b-#Y!9dH5X(Z7`=E~i(_?Oh(BI;%qy_4OF(lQeUUBH>*5ERo8&%y89`@SlA} z4~F7-t`-RMPfC>S2}fh0As~E11ucu$hwl5YlX#-M9J2I`FaLB3iBLWc5x&9&Y1eJ| z=Zb;eTJyQOp6ry7-}igPypCPIEf~#KR`r}!^=3dHD1!{jhs@KDp;u}DJ__&WP3@7y zxPL5WpWS{j!`v%a7~{ojE-KUcRZTwIE@%4JSf$2B!S*vw{b?3}&UTY1aY1pkK{rz* zs6i}K`7i{)QyBhUG1R}<9~O>KQ@^|JYK&xRU@s!Z;iy{W71YZB?FNCD-Y9PUmz+=W zY^gEnH_O5fcYsLJ;F`G(B3=c!*N^cf6#%yA*54;9O7>JiBI<6MotHk-a6~3kUU!$W z_zA3d8@Bnjsqf`yoheVJ4Py@05-%~My0dJ!JkDU#bYIm^G$R@Ra7$l6s^iKG$^Lkl zB!WGAgE@>Kc!uPb+3efT$lSYAKb>vbV*G)k&nMHJy>JQ*3`y6@b2Lx_)(7Sw1el}1 zf#4ZYjC`PlMEu6&!Zy}%p~!% zADTF;V}BU-+I|1%CKu%z1zx*gok7LMaxkOtLW9A}%$G);^6L7dAb~F~SJc*mR%*2n zD(h1%b#rIuMa~clqy76Ol(<~LHGpNlBB1$u8pp)oLW6ILwB%l7(MQELHm6l3r)T!+ zOr)V4hCm~;Zk^Ay$5!7*q3UTD@4svRp{;g3Y~a!~wKKHA%jz?3 zm(-L+c;I{(DdD$eF;5JjSG^e${oQj(kL@0Np2>i${^k@?&|C7~OfvGK8_k*txynr= zQ%a}oY3;Mk!aH|){c0y7u+9Ty-DSkzwg+_onGdku2;-nv&bnUFH?`83RYVeX8ODL- zd8W;UQenF493Sg*um?sEVc0X6K5-O>W+4WsCAaW^tcDhVo(rUo$+hDq)dH7(CBCH+ z0Zf=dWm0jtO*vM( zj~uVe_XoJo1^r3E+MwnL%Tb@bF;?!(K1A_4%)~p4*5p-1D6!a__!`0tzf2GbsUX5R zeR0vW>-v%Iw%}Bku9{S*mh?;;X-X!(3{+l9OY$HPXB0E`Pk|K_$mOMN{3pfNzwbfx zfW)o+8(nM3ux9BF=LpMG%aVl(lw+Sr;XE#Lb0cfm(XIlmu&hdZow(74W|zCaAmsXo zBN)@2#4sj#%P)wNErUUSd$Ui2@|}`;fGVyp4hN$lSq{j#W)M9PwIj!Hjazg*%KVv*}vKBeUX^2G%zFOPe?d}sMo0%WL zCClUGzt_XZ>*f@GNNiD=5coPYf@XQtSa6fw0=JG*FbpNDD?R?fcRq=QZ8eG695vk` z8spey)vJB$r$WxRU$9tyGn-4fi&BAJ{VOMc;F*Ci9{_9tRWW~G%1a}tB%R`*LN>v~ zQlh?KopP7ko=p7PbqTI5eRNY{8CGVlMP8u;agHSMje4!=?$FlOO7&ifO_ZftHY>%! zg}tcD%z5U-cEY9p7p8#aOG3UY?xHqxO?ZkjC};PFxgsK1o+!oUcLj*_IhE1JlpUumzQiKe5vSoKcfC# z*5@i^miaaF2YXtP&%RY{H1?-AfW8u=Tfj0zREbhXk7#XMottCJOpWkkrmdlxXrR!6 zPXU^4M#wOCWUxT9>2a8OJJ*jq%&zM{x%@^1igqJC2I4(6}vfV{SW z*r)n^8NUbSAb*AVqppVSJC_yB@FCUbS;bZT9xgrCf}MmVhL#+QbxZm|ctjhL(JP?M z!-FNawXpY6i&~4CqVYU`YbA4VPwDLh3U_wI_j&ZxFk$uxGQ)2OOy zNZ<`a^cSKV`R3qM>%NBCepVQu-g&>3p;vTN(6?+-^bx2E7Xu!0) zUtoa^BuMSCzry$Z>?^>_yq4zL4CWhf%a^DgD4De_`X=S6Wno2`ztUs=L#k5>1^@k! zjJqJePJ(}@D8Dm=lFE08vYkC3p#}Dy23LnZiMPAC@9o5OV#6YeMiTPZh%pCnF>S4) zl(fpa!ORtrkV7yRG0_S?rwgSqvpsrX*W`W>@v+?KTX$gsxA2o|^(`9Z;Yl+R3mb$UcNRHFFGkRcbqKVHWnsSx? z9zEHdkBg-T)2Ic)viq%ic#9>AOvlDN_9fijevdd_&+T<8I5GywtwS08?`#;UuK8HE zI_kBWCCQ;Hr*8>mSi~#~d^(5WyKrLt7P}8<(ilTp`vXpbJ{rQ@?F)TFOISpb%)DrwozcKMU#sYbY-@)ncQ^sAQwy`eeQ2zMnuebDNUMtEkTV9z;x!xDg3E4yTeV?(6VHUs3eeV05`|h0k^Esd2_k4ff^ZP!|A0Etm#x?Kv>$@pQ_qD^J40}qN)>f@q8lnS1f=`pUMX6t!z#Z|xIqsp5ny5u6B z!wR;*X9gA;&<4LASqOYFi^cc;SFNHqlg}imQe!D?jnpWyTJ7*dk&cK-6NH&)Frd5o z!~guUI*b1XC$I^$uMOLfwr2ndicv7v=5N8K$H?tdQq6(QXdX;i;@ zEbVrTWL2(c-+4qx)lBW&IiBtz`Lekyq{rWn6`hAMHp$09rc|baTF6r}Qo2`$z8Ngt0#TdTO@N^3KDBg7Prn|*! z`9n4IJX=lpyk8aoP)`rRk+K87J;I%KEcU%CrRTQD%Bln{rv{hsb%uxG{AXpW%Cqr_Po&UB1$0Y<}-uJMGZC zA^I~Dj=st9jLGclM+X$$mfPKx^^9g2x}G(k+9tXXkj20>ZIIPaVxL>s$bE zd-|niL43N9L|MEg9u_Rr{6&t#y_P*<%I9iJegT;ylP(#Lz zd-<<^KH8QsapY33i0x=nn4xH-J~GN z#m;KIeYxsa2)hHQ8Z>}@_{;pLg44ZvmS!SBPVQx!QFiD~WfAJ6z-`*7BeK{(ezGw|_mG$_dny`Lm-tvxSMR`h}0 zsp5!H{aQIq_F!7~d&`AC?S+AJIlUfs z2vEZ#DVMsO3R31I+*YkhKa_;aUT6xWcIa==o4?u=JE8!{i5dMD z!wE)335S{=$=S0si>gxP~yHn%gARF_q;B7WlzzEuKK=xy*pe3e6DQ zGpr6TYtMT)5vVrU+Rhd+MT{r)c^Hs<#`>g=1OHuZ*xN=z*^J(hHs%OfOr`Gh+h|MW7~WeMQlj?Dq7?>#WO2{~l410#dn$3d zYrRQh?SpDFt2{hvm~RS%A$s$ALV20H7w?82D^&kJ7IyWNNU}HU0mxpNaZn%u;4SWN zjxtxyBKZc1`mVY!PpQ*r|Cv&eQodrQbBbJ{)batkmdyXJ|L5v20lhS z2Mvzs$w0T&Z6u5Sn$fc={kM&=qp>Pq-9#1fR^#55pQ-Mxp*jxeI^fRCVyBi+0!O?3 z;p&m9%f*d`w&TtAsd90k2Sy+Yv9?EjMQQ>C)14F>s}nKkDr`>RC8}R4DbEh7Trs~W zLC1r+=~#CgyE@L|SF4+Q_RH&1`{X4+e^4ZQMe6j1zw5)0WE&P*5ATVtxcW(_P070J zWmYe*w@h9>4?QLzmTjA+p1*L?RCx-J9a-aZ5GDt zG^noZe}C9B*XDL`CYMt`{gQ4kY^d=w1X0HJ!+pGnC*IsLJTTP*IpCNiVo1`oX~zgf zRU|}5IrJ5VYh`8(9nQ9r_OM1rDO!;da%^bFscDieaOKXFo`-f${%#M(K1W)iU7?@= zbe9S}xhQ#j`I#KH-jj_29c4af%ib|8k-9jQX+NQ4ckDzozxZ^x$M^~J#7mck>EdS6_8^Yk;A3)Q`aWf?1L^6&M=~ZI^3Y3| zvb#qkz$dGJsLIiv$w1@bjqq!4?_b`lw$59Q_~uG=O(i$eZf4BE zJ!RwU?6STorZP!!#mQt;l=7+)1V(d*YmvTjx1(*zxu&g5wy&)wHZKS%6((DzT{}O0 z?1XuEQIr`OZanL*W-y<4fUwIo@$|~j5Yvr1`Q)%K)XV%&bbCX4i$^xLoF$jgX&$`? z&vodguA`o?b@@iUaM3_IJAWI}cS_6B&a|{uC<5_sfCE1x>E{idr-RDxj#(+z<+}Rb zJ@KKQYv_dP{+fK*88w-Y+B}Sfccpc#T~sO{l0ELsl~YUTSE@YWaK4_3 z^lxUET(N^q8MRZSA2%Gt6SzI}*xq@~h1^!32-IRyPAZs8s`BdpK|qJ}EBvx95x=cV z&Z*!t=0Ojy#oRexv9m7GW2_G0uhtq`xjF`*YhA!o}vRF#;V>HFu>pS z;MfRewCjbqd5{v*VeaVyU`C}nMQjzGg8~d9zabGoPdwrEhxTG#m>TrTX<*3omY`?P z;>EWi%g$(Uz<>_X!ZWSE?+^Wt{-(zd-`a+}2r>b&Xk9e*5@Jcgi^nEuC4vb@7P1Gm zF*ekOH<@%;aJ-Bp53k&Z9mXvk2bZ~Rwr;NdgR8rX<$Gz2;P5&#IHpDBeu!QRZ>=20 z2Ej%mkSlgW{M(THkJF%dZef0Lik#-{kp#j#RW|3*7P$SZ4U{ualD4jSBGo8#B%_f5 ztPk?wbW*h(YiHAFh15jE+ING5upIM9HSOK!^AD{Btw7`huPjb85nTS6kAxv^1J}2!N)nL+Scfy5KLW(*i=dBhN?*J&1 z)lyz!b~)&i^)negdj3d<9-rf*B(0H9bmOa0U=_0g+14U-vOktr!uktF;ycbcQ10TH z8f%5JNQsT0s)ufB9jo(ZPg;>&To>IYuxNJ&gY20|0+bqzfNdFAAoGegfkgi9YT>~| z5At<%6OICSg!0XF!Mv-2xF3xXpiDq23?s8Hq1Qfq!QH_96MfuoD*l_Y{G^ggWE(0@ zJLC3I#DHTty>^+&Dzt2@yz8VYg7zw44`@99t=r!{KUvM$;sZkZt!hs;mu+_Okf$}_ zBaEa6%Lhai<-9OQw=5>7lF&zvm_n^>2xi1fim(ode_UPD$?9XG&)z5xf9iN3-)mZ} z`g-e}?KZ>{@s$$p&eGz>Bc{~Z9Boa}&F{Q=E0NU_dKMdn5+L(X zGzf^;)Ah0TZw90dq}2TnC^&HKy}KrZ{pKlFOOyjqtP{P3v36QoB_BC%PyIl3o;3M< zR%T+YstzP~gUxk$?X`<5AhVj&ExtmW4_d@K`tHwLIqyn2=w%sUR^YDhHnP$$Z9Q0- zwPob|eJiwv*)KuAr?$2CHavya0-77NGx&%&iY|vYT$Yzw9cMU<40EH;|7MQ`7ovZ%Y{3us=8LZ!B>YHA5)# z0!9))R)U+U<$>F_8k$u6PRS~?!P1ESkbZ*|SOr(ZL+S%6N81o7T9W~24mh9GzygzPy zE7W9*<~|{9SNDkrku(d%-%OCt3Nx#UeMHx+5H_a1xmS0$rPp1fQ6^HM^>w-b>akp! zyldY{ddq>0c(hw`*z5H(-63(PPh#a`~c#xjmTsVms z#Mxjt>Lu^h=5>(dF;Y^lI*R7X%fOyGWngTqbir7d=jc&*XhfClvCr~EY`etQxoEjt z=bdL;kA5($>nk&IoO00T`~(n)0C(}H)oGipX`(fT#%{ULO$PbTsqFcBQ%to^zlPxj=P2Xc;o#T)@1yGj>KeJLsKX_m!myqA!jDk=eR zPRDOLMdf8yq{Wff6pbDp+IM1uAwxDLZ+<-8U(46)ylXL>aZ>5fTfXXqr<$n71}c8u zSj1i5{Y%9$z3>iI>h$ExU`>Am9kfLu;CXy_$CHjMi2m9M+$T7)VPy}AjaC4>avx!2 z1(fcey@O6P2KrsVs~E)dZzPlH{c#gP$-o2C8M+>wn)2^R^861wE&z_Feb#~+lGE17 z8LZBB9-4S6;7=Ylvc_LnFc3}E@A}C2`5at^0b_PM_u<>h;^49VTP4NO*BT@raGI!q zzUFVj*T-Q+NJ>ztCG{x~p^~~O$fU*unu25Vy+tuC*l;oNIQ-!LjqZ;*Znp@Li5JsY za!*C!GCMF8b&4+)H&PW#Ft>o21^J);D7VU_)CoJ~8Py{X7mDrTzLIN7#Vi_8us_O{ z28vyNFhE_MvqLSUo7tXN=%k!&NKF0!*VfD!pJwQdi+r<_+w|}9mCCakl56jzS z0&X4ETG1tkXw`AsGF*L;@Pp%r-mpWW8rs3?m&*gn{YXSIC1i=Ia$NoeZLEDFeS(UpK?Vx`h_vJREr07-h{FYb{YIz}7xj|>eVTwt$!{k-#g~E7Ch83yI zQ?$j(=+)u{46UHfv;?4w{_a7z=vxHy?XuuzBcVaC~DO0d;ZszdsS!RF#_rDk8Ece_Wt#@oqm@ZA{q{}wM0+^X=i^!5Swi6GdR}mCe z5891}F%D`CZf)ESsV2UuCAAVrVa3%OvSY}CBz6> zRnb%CUmNogX@&pJ&KLc~&L6Tbb?m4Fz{U4EDP6_hmv$DvOpGojuDAwx5Ig&|iI{?- zqAbQI&O(M4Iq5lh*Ee3x&RZiq8=UQ_hS?prQs<+tU7`;2C z*!R!$9Vm-d-F?_$s02D7Ong962fe$|4>}Z&xn6?rL`nUw`YpzP4P`vbp4~bEkDVOM7^x<$g9SC`5cBN&6uKA zEsyQR^qY--#1hO#?J0a)(7u)pVrzsaEm|NZQLi%DUOrt$ej)7rB|w5Y0WI2CXu$_w zrp9`mwJ}6gx9y!ZOpOg(S`xt)Qg`(Xxtgmq3#SD6yzphXwuR_<>xLBr+*lkrsO!`O z+9?vUhM4rQSIYCyTKc|j9ur-+f&<`}c* zo|Kx|nDQo8w=L=f)ovVgw3$B=>GtFn>QMSa1}XB$P)OWCnVH!v#{GOi)sD=5X zH(&o+3GfS+arp(yq#+C86mY$En9ME(qw+`MF8uE6H37C$KbHZ$w%!3S@V{LH6vSP8 zV0{E=%=&5+%c7Z@TS)GTe3UHk1$OS`@z##-8+nT19z0ytMQo<=nd;WUuvZma9dC7{ zPL>oUDz&b~ zf7qG~e3LWW-$}e*)>&jb%uUj4$}5~tvo2Cl?0bw?aVT}t?&i*B9+h7cu>YccgSY~h z)Fh}gG4e%T?4SEQaoFSVWo!Y?5;t(tS)h|5G9K-ip?b=&-}Z35!NX(EvkFc$-EN|P z)Tlr}#!Y>CC?-@dKOln88plj;EKjthSC3hZpUpWV3~vW#$9t_BaSzWd(#n#24a5$n z`QVZM$k%av|EG<+Cd`YU2>EM9`^p)TO(YQ;!2(^AKE%SCmJ^sq6C8X3)M!xLUzyrj z_*#RvZK2;ewc-W$tJ+7(EcD{%T6}yWRRy}@NSzHy`C^!ItuaqsV|zAhuG~Rtjj`(K zua7_17C$&RvIlaOb7l`JhUt9u{a3a5n=iWVRRX_1a~WFqJ2oKqY1KJJc2SL`7W8+& zar4-#_JRF_0~$htNvd&{=js^5_G-bzhP2zb1M!_Wd#wO3i}2|2W*I#3d*}LI5Ntj7 zeM$hPeA`e!;Yke3$Yl z@H6dDY_*|YqvFY)d*V%##VxirKQ1LHKh%SNQpmFJXC}VytYm9;8O1UWpsh$*Qu~K& z*gh7Vd+YOny6U@6Z#*JWc%;J77)KDzcgdP7j-2BPn+Pyix-V<_Fv)uXG6I2&RR)SR z6Hr$|!YyCs8ETXGhKrlquy3dCiL*YQ6JrW+c|G{Tm2kMk{v9pOAqbrMf2&+xZj1{mKiwyAt;@YcO;hEXFC0T3ij<=Wf^zv zGURebtkQynoS}e)dI}Y?qW62O##JUPy-I22BOV2q_HxVlr)2C zh0@@_-BxonZCNvIBOMX$dH(m-+CTd@q7_}#w$-+uDvFEOTeCn-la03_Ie2Wx{AQhL zs}_ySoHWrEHwN2e2M*L?^jeDNQI4&mE#^tBG$mTDm*1xDe1k_4{P=V5g~9*beEi+} zn{C8T+Yp0MWNPnfaAhbq9)$Cg))U#bOwcmfePE)7@2*l_ts29DY5paNxJ-M2d3W!Z zHkXvlwMJYw_8VHr({=gsxZ$*w6Ib47?NNIcd6*gh*3q%3(S!Rl6)m174ZR-@{|EIV~ z_>b)xzICs*)roCFrI0!3EfHG+k{vdou1>2Iqn?5HK58RR;HtMFlI{(^Z`hCr2MHE` zY0P`9yB9G-kp@CChEhEOX^|LuC~X5l(OLyksSF+YJGr0zt+U5pe!~u~Yi+9d4^yMT z7@b94-(9hF{Q^EtOu4qTa=D3NDgAk~Sg|zyWUU8@({GNejvz)6^-xx05+AXifD2j} z37=Yq6BdbY4@mfZfQQ_4W7Cwa5@Og5y(-t61Db_m78ya^<^h7F;ZT{I19O0mvS6kS z-J4F4y^n79)76HBOL#}#vUjL@^U=e85iIsSI&No@YKHedIM5-x0)Hkp!XG0*ztFQF zJDsd{iCWWBzA;ivIXXRtS>(>chE%OGjb&Z+hYK_rn=@b7<63># zc8R&KjmS-MB+J$9Sx>-F_!ZCTZBnjeDPtwXkDb{)d6yxnET*dJp74ybF>m}$)lF3b zna0>Qj`J}DuKI1r-XaYx!~749@{bH4pd*y}3{f9q+Yk^KRR zW#EE~+I4YKT+b2KVtS678Jk*Uhfw#d&^Riu#g~ZC-mmDwjfJBlV*RIta}D?PR(na_ z(YJlVavXOq|qahwz#l5;w)TI?CS;sIPqqHqc28t?19 zxd-d=8or$RBp7fml*e*uywbMjq2g{@&y)8}lG~7?hp!H>WV-Q3eeQppb#@~Ev?~N5 zHL7n8z{(x3W{Ej3zJT$1cN#WNr1<-S{S8B>qm6kdsT1DkSnNW?M87UM?>y9_3D%CMKxd{5*c*8{d@CatN$Q z;90pHM}Xo%iX+H^Ye(BV7U*;is+CGUh~r^XeKDxlAny@zjp1-_=Gy@~xF3-7l zR>ba<{<~+&kFtUx+6!knH}eS|G)4i3cO>4PjnUp`OH#Naeb-)>9oN>`w;X>UrkIba z`()pw&$y^~+iCJ8;LN@%??_gdN8)`@W}QVEMr!#E4?2dF5qg~t-_E1l8ZYhL^o9u^ z-qkzLWIlli_xc7%F0ejmYmwcCq$n-&MeHuN54{gQ8#SAKe@K&AZBlMjc<%;T{$W{* z0UR2j{_Py)3IUX}gqS$OKjACWKg_jnK)jj+8f$!WE_``^;F1qA5s6pHLtBfnBsNqd z_|YR42@X*9N(R(@YJh!FVLl*AEN98c55DJ-pl{&`Ly#nUF)v?%Wl2(%bV=r^qgM= z=|tEtv<>s7z!sYNbbK4quG8E1-!*Y~rVFA~Z@t$s6K(bq;CzR30DsT5DWDp0?NOv} zI|^Jpu@9REO1%4-w0b0yNP5V_HxT{DS3D!D$MBPnelWQRypiSRmep<8a9B||Zu{ly z<1K?QsD-X_kye&x8$#r(&16xxjlE`e>4Hc4;vPKTP15PHFz+U}(dHfjt;&a5nZZ|O zRyle>%R!#tmC~(Yq6?`rnerHqO4{$m_rA0uQcSdZ%cVAUfASn}904n3CpUAVK7qD^brVs5xeQo8_RvnBk?#EiXAj)eIH?TaldnHqGJ2w67x_G!G17RbjMp=)^=zGh`JD675!`XtWTEh>isu`NB zncTofC2M|&ws68-=)zfH`;m3AFg7VBW~TXGIYrDn&7ORwi}Y>LiUuaFhX`dtbd8&i zp>YizXgm90xd%2;rn99lp>;0z=%Hld7nmA8?S90oiTjbt_r5MXR+XPtaBND+Q9GqwT*|51xTfYMeFRg%hgQZ7zH7>D&D* z#!b0Fv~P8?f^rzG3-k5^MkCFVO$6!dyq^9Y%5m=mTZeYl$q@PW!|h*eNUb2SsV=4I z4O(3D&_i$W3RBo=lGkaK@{i9@Q(^lAxmCNeMjeJHdEybfhf12-+zoh-viVedBH8#i zjkIky-Hl!6x@^0Nh0$1C2JrkHBnf9y9uV$yE*1}1^`s~!XYBb>$0>hm+IP_pqgk=X z3?)KB=1`0Xo|Qhy@IaVC%XpqyQJ{>3>@w}kh72}YQ5Mj} zdD1D*GP;V78f`LCP;9+moiR92thIbOckr3O*N30@EoHIK+q70`Xd$MDP5hB=O=&%! z9wOC6Qx`^a5?AJi9Y-#ltIxAA>B@XJQ?}Dvyj$M;UGQ1X{~&??H6#Gg!h4JV14y7p zi$?t`643iIBvAk7NI>vx?>!?_huauGTX!z1GulB;to15LJ4UJikZoEPO;g$x%^vRt?C)viuJvI5AtMFwO&Q0 zaX0G9IF5lDqx5*E(|J1*S!l)eYPZGPa#OxJMpcKx^Lw7jU^99%#(BH( z&}yU)G+%3x&Dk;8D(>J!KlSBmI-XdTJAbjb9m3ptB5r~m0xd7|{&696tdas*dc)8T zOdB2Ec<0o2-tyzb5dYKEB--h~%X9KlnbKbsM9fdD%`vM{+JWh=ga#eFG3k_GgaQLq z(V%xWX^{nJYLHVRO{)t7i6W}}*ssGRek3J6HVAlCbOEUDXcpQ(<5ddmrz8K!Bk`x# z`kgO6=XEBO(Uh`bTVy1aZhjou??+RmC2d3Q$^ak5ts)}gzcj_hfTv($=8l5d=7oW; zxQU3mE!ekB-{7;@HFKKeZ`+^0_)}c#*rgCRbKkKu%sdhKx0M-A_{#3)A}5c+Ynhp8 zy~slXcxaf(9fD`P$0GLD*+`u?{v{Y#y_}rO?)W>;ag5!I%*HtUP_A{BwTsU8;eMGI zrXV9*KIg`rrZ`c~91zei#Lcuh7w#CN#a85OlKq$CfbUk#wHlRR@#q6DQ@ zKdjNFw6^q8n(-z=oEUk^J#+jAi=T0~r|es=A97;P3XMDgb-9n-`ZnaOqoYm4mpnMZ zO=3iF{UnaABNw<}RJ_{wXx7(s4s1pg_H3ncbY6LM9(fC0qe5$gt*HqBtYDJ94LP1n$z=vT*VNiXJbYR3|9+nTdq##7r#@k7`lduhC6PW6Oc;a zQB=L!6e?MNy92!<%z$l8;?a)02VR_{T?1Dm@A^49@@Suh4T;xnv~>eP8+5f6?9YGn z);BV$uPIwh+;OsSSmDMELld^8*5Zal&@$c(7T`cquU=6?kGE)wpKh7e{-p0KzsVp& zAHm}(!#^EQk@fU+$TT%J8Pq!6(p?+IU!Yc(@I5|Kbxu{_OfD#fUIe-#94fQv}yKUN6q7e}YG_%UyJ1ThOrxVqzR#O!1#n26Q11@Rs$z;guJ z<;lZSjoR3g9!A1XFW59zOYJ^vv;J zjQ|7N6b%2Rl3f7SFV{w;g=|B@dW)6wj^wdv*Q(al4H_UFCmm!^o;*$jeHCRjRS}bq z3LG?cZ|%tdoH`*XdTwnL zi6npA%xM5Chri=UgHZezFW_i?6H~AaK?6tQxDz$p2-Ip=fGQEN*PuNYu$u&C3S;8G zW^fOlVwx97m7xPW9;)Apo34f7&$vtfe49{wfjl1otIA-GeA>|jy=frhpY9V~BSp{u{*G1P-xFd75c{&fi8fcJ(eYQM#33)>)y(WK#jmG;T?(0Ll_+BRgDW%5tMX#bt)O@UA7kK_C#dEN#QaF-vz z)S*WL|0CxAi247*)f_y0r2G_|SD<|ruuc%bKAu1xUtGflEx$W1P-l8v+j5%Gt20v> zhrTZ!x(#vaY53h9nfX;avHhl<-U038+#VQ1&!ng4Z(xFUp)uBl2H1ta!>_-`PojrC zr54;-kw@guWW6CJ!$;6<6rk`_|7>F-f7#$$I~)9WU%I0b9m&5_Qcr|7J8l#Ir3&`< zIuMp)iCi6nl8!2H|8xdmNCt_(}lpblnZ!JrEt<#@t9zCzi7hr*ovsEEc<>lz%Cf0AawY{6H<~^#J}K(Gx+_IbpG2z z{pa}n|F@O$uDBMvFQVbu8VXbq?Pxo#)C@K# zmH#`7<*$kn{TEwtM;klco%F8m*1LNffgA+(n}gZO*Jc^z3J>IEksHGr9=!e>wHU^% z48^nUBq&h$I|eA=m-$EL7UCDX?H6Mi*t~x*lZO_R)&EDM|Mg(_*Jmi@OYF5Gnkpog{GH$Z6 z1J1SvKfWYF&)1n*-xGfns;6j|uHc4TM+Y5T8JS9QHR+)(g7$kfRUyevHs%%ZBq=7YvIkuC)2JgNY9JWLT%== zBS-+%p5lGI9=i=umU8aif*k~2#aITwegw)VQ<6V7Y(px5N9-u28n`->Wp@3e>e%01 zW3KW1DPet`h+ zenVZXeTwQ-qnax7@h7EUhK%EElNjfR_({?i-;R24N@*P-nceE7Xx&X${%-r}T%K9N zThl`Z6bOOmRUYA^j$2a_yD@I!GA6FZa;43S-qcinIM>fFq^;B3@ zt45GVmBzL9x}s~(pA0@|q~%MKX#+GZIo?jk>CIAIlNOx`?`mqiSj$Psw_i)s>$G@g zSFPjNeGVBKYvvv`Y4!;k4PxXe8-WUbo^ea}R1;17@=ZV~PE3basI zu?JI&UeNCX9`HytO3RK{9%SwTw>+)xQWEvthc|iurj@Dhf)(KIkh96VwJ+~sbxLOF z_$>tY9MnGD_;s09rGVTx-Cs+m1rKb|6LmmC=5*R1npotSix;NeF9uy=(L{Gr`k%eC z4UsQNr)g5{V`;D8L(CtJmbh&b z4LIT&H&dw~cd6apH2=?Nk5@6AU>>Yv(LZ2RktDYl;GdF@0?#?965rzJh>7Zm!6jq- z{%K9|Q)b-1{QvHPR=A2Uhn=WrkAB~57-^%#bA);omo`$){-O4t3Jm}uBy~TalOOG5-Hw=TLxuod&NJFwC00ax z{LguuKfh)et<2np2p%p2iBW0WkgX@!AMO;HZrJ204m42@Kz+?_a`?eLDu!p@`R)V- zb}I-s($1rFNgiZTD@WJn+KVi+EVgl>Ph6zqG~;s>x~sww*931ejhaPG-E$!I<{@f^ z@dyJ}uU1noof-#%#V4jj6?T_bunfu!=Q=|*64dLABLbbU&xW`<$6nYxSur%4E54|H zeAHKPLOCd(yPA=u(Rf@yVg4I~&1Ni(vB=Hdk<3jxa@I23z;5_vxH)`JvKjhOmHweX zTfwS@&l}kEv%eK)(M{w2``VQ3wdQ|9wI%Fvf|-EKC&vHLGPjd^t->rv0-)zqcM{bT zOY>eQU>C1!LqG~6h#b9-M{fxkl7+`zC?U7e>qNjS)LV}$VxUA(VYF%oK)RG^OAtb@ zIGyLsr@UI6LawNcQK2)aDnlA`z$Gk))uR?J^#ifr_!>?H+}1tiyHEbGlKJgnAFv{v z@SBU&xAvXbtvc+QTA59JKZxw{kyd=CGTEjuNNPd3cnS$Qt~1-u9&Me{mvC{gr&p_3 z|K=ylrhe}OiL!Ohrc5N0QFPyQmEbr!IPQU5B@WFk8ZpZ4kC>CS*7kvngihSOFxW^x zL=!cl$dYUc9$F;-@z?E+nQg}_!lTpO?p?7f3MZ$Tj!I9%YWza;A*c$ng{xRC7qpJk zxkX+3wPCw+#I&_b=oOW*d7=a6#e+6L#s%V&lwq-YE%DUA<{$AVdOpkxKa8S)M6GfB z&Cj=L%_4Oo-Qg+r1-5JQ=-XvD!bZ@t*ttU2dohnKxV)ZOOxEl_0AZKp+0)2buj$6W zs&9N}V!XmrkW81i9A+3f!b0^|yrLL&Re0*X>qHWgR^j=Pn>F!N9*gpqIE=|MdPPx; zCBUmXQLx#dm}Eq0E%>~3fC$brdBMBcvmMuCxf0$)_7iu#Q|Y&05UPnj!7|%Z!9k3} zGhrK+kIX6_!FMvLyDsYM&wPaP8x&vFZ0x1ykBWEiO{I0c1P-AblEp01PAr}3)l5Q1 z=+JsV@l+7yC_xPb6B3zAFjtH$0_?6X4eh=#q}hJbWZ^SDf71rCb|UgT!&lvgv3%Do zwi)=)i_@uVrYpT$OP;519O7p3$0`>VhK}bJxx?lsP=PL%QvS6u8#mSM9XM<1Bv>sJ zpYkecq+4y2c8~SX_PEITH#-INoQY`rcJ@r=D^ipvM+3Gm7#7s;pCj&ytBLcSE$;0h zoI~4&#ht$Z){@3M`}+sI>F<>dUaO+Xk*?t_tF~a(SmtKYPuWIHE%wI6AH&japES7F zJYDvllVN{iO5B=7l9Yy0l~A7MMf*X`OCQO0Qx0%GolHT&Vhts=S)0y2qfdnU`ETbG zp{4p#3Uc!r@u5KvN333AjL+|VeJC*FM~ywdoM%`5kEY4XvrH_)+Yo0JsQ3t8crl5d zbZtz!UThcXbv2Z2jmfvY?{zMRahb1F9Fza}{YgIgMTKYFRq~-`uEJyVsB_eiLgA5idSU5sA8~<2F7M;T;(sWGl)|B=KcaLV}q-N9lkW>Df zlhRzMJcKRMc`kPo%5UrnH~H9wD@bd1K2~%*@or&c&lS<(@}KM%ckFSfz^4ms^^3=5*|V*sgCxn;so_!($u{AJ5}&T;nMpd# zx$X^h_RJ`Cl12KA7Zd5qC^_4Ny{Co0qC4kJNNahC?7>ejA3b^#!!wy5e?TYEvqkM` zW}V=zvWB5IBjQC{r4tas;{Q)6L)?>JC?=iOdxak0tErD+Y zBxf=QmGaFFN#I{{g-7SA+VkkN9oe-IR_y1U8{sW`%~x3i9Sjn~t!>G|6osC5y%r|A zhKU{?WXu`)Ht4c)$HkFH$#0Gew`RV+=MZgmHCQ#X-*AT7)06Go+s*4Qk7f2xHPn09 z>E9DaQS}7wbVAOfCduH4WR-Dt$RcgDoDl0$oRD0fpqdFHp zUNjskQiugP$K?bDzjXvz@$I2hYr1f$2blAA^mLjXh-3AxZF~hRNow(PLTd7bg9(%O z`-hq-8w2-u=0@6)r`>y^XL2#;clXQD9|3>YyBNf znEFnUjr2}^nPXPk^gOKbB25Qh1Sd_U<^;U)AxF zEHcG?e~dbtMr(QEqDR);#ksbyv$<$?n;yC8XU+=n8=ZT@?m9nORZ7qC>G^Tth_;H} z7hlc2dl}dwkOrEXH+5`UaxpRSx6H>97XIJSEBw&?8@i?KtLG8k2p4k7&$kqoz zV8%?(d%)%nG1bBs1C%T_FF*@%r#&8rZHh=NlLNOQsRhdtNt>+q(2L8|)6lD1I-QOk z3CQ;Js(%l=G~iuHY_pD)VHsnY@cWoiGu@W^#`7%oDM$6UdWt6VZ@T5_%-@QHk75LN zRoEO;^fXxc{-aM96(PSdDm6DiaUwjZ#ScGd7=Ij4>F;M4uDK1#MRkuH=eQj>b{ps3 zZ#Op3O!O@{#>02tg707`uW;ANt`z_GwZ6>m8xACuTN$5Bo4nu+6Md-<6c`pybx&-V zT4rB)Tp+eLeQ!w^x8Z5;Go@rBj4T~CI#;Q~a`xB_a|f2vb7t`!9rt5CVO0L7r9}Tb zKL2xhQV}Rmf`alSt)22DVFD6FAt%(e{;oc$?GN=y*M480)ce0wpR`}zBG14TNnGib zN>ICNpKd*TWV-CrtAMLYycs3~yk8ix{q_M+_HsT#RE>k}(4k&CsTSGydBo+_>RLJqeQU5A$D-)v@Y}JrU|%8|teN=Dtz8 z+{ZEQvYalAHR8cQuV<>+qZ(|G*-=-o?BU$dL9sxGez=%^hMUOp~;v#>kIZu!B(yX7Ae zc1IW+HS&im@tuqg+zr*fa=O$O+WJA>WNeY+bLH`hUim9ohBN&darTKTOP7QEiUmH& z({;tuAzwiY8z`)fwZrU1aL`8TlE&5g`ju-oQtDQ($?Do7^#e}yPC_0mPW zTK(BX3f_KU^;DhQ3Qn`yku%lQ$(4v zg&Sw(%kG_1f`M3PnvDZ>NOtO70UOiHnujUFwc;_G#)(PRI~g;0 z?Y7+%n~Uxo!4%AHQWZ@vc+6OTNczgemtp5;v)rqVkWbh=?76YZk1<1I`i}rU%8HTa(G}%E4~8Vqz!`eWH&MUU28(IdYaQ$Nlt4zMhEi$rHQ|fQP(0 z39mi8pTaF&$&Ei-OmGPuKX~+OZkg8mDBR00@RuX&*JXH??kJz7?*j#rZO?{|kv#B6 z>mx{kMn#R10ZFTHJz5 z?>(>g!>CZNGo?v=({)>j2CYD8++LKW!^c@Zi5ae^PbDK>?0(8AD+1+re`_(aACzx& z<*ln@v#e&Y1gxQ%D-R5uJ_@H=mpKjx_Pn79N zbe8E{>@JUi=8#X-i${K_wSK0LH;+`Zo->sroXJniOUQ5yyoGyzc~}3SX*2(cL*6GJ zFn>vN^O7ErTeC?OtW!30Ho0AC7I60|Q7FvNE~g>F)X*w1i)0~{@_KQi zsH2bHG&F#y!#oLJG$Jdy#@6H5rI?SnDz>1mv3(EVp7&6VYAGmDiMU!Cx$ht}<}*2d z#10#^BxOr(4zet%C`okH(-BO0_3F9c>B|Do=>(3|%LR9Iq8!E)pf^h@J`nb1Te>|G zmujh4h-f-nuXz7pR0B`12+!-IPl*?5x)4u|oeeLQC9oBs6a@z0EE@ffwcuGF^4Fwm zvt=sjXjX*gWip`NMh-rNa$ZU7oA(tS3rD)g|%LSX^PX zxP$A>!;876zUj})iNw6Q^V$_+|M?E%mwe8NfMXLZNbVt|u?>fgiHWhQH3JJ%#ReF`?(X3C&HAZ7H`Gp^_C6{8Wr1L zLEAMX-gNM4s#9*7i|iZzv{vtjZ);FIj)w)I^a!wengBjJEJeR_p%Z~F9Mo#<9{BYB zf;R(0JbtgHWiYqP0^bNBbdj(-DX_)aln(2fZA7>=d$A}7Ie%37VoGeU&W+~8M@*5I zvvRYBDtz^eCYH^(H=jN15Dzm-ygJP}vAS#s7tEFBioTzhmTI1pQ!0vci)s;6Qez!k z7#q(nD_ibdQuL?#>Wein#p7Z5d9XEez15-(ikC6ESNZ>8@4Ew~Xq zCeoxMEjGGz=_MjkBOoHuLL#6bT|huU2})Bb5ouCGuhN@z2)!rNK#Je6XV1O6d(WOd z=l1XW_76;)Nis9qth>YIaT}6LXPbZn;lt~=zu=m5?-b~M# zW>|N+C_jO6Y@ygm&~q|T6c$)g-a9~Fx`}fjAiMR`!wS-ypRowJ)m9o6CY*23d-9=P{%f89FG(?tbE~^J_nCtcA>ieGU zw>PySA0(dcSi~}>q(46oZY_*A3~>wZS6<~7an9w;y$|Hy18%u%(Cdc<&b;#WEFa%3 z-D+Cd%^4-B5a_VXLHm3dzUR||@@dG7xH6c#JJ-##bpkXW9*!sX?e{~1F-H)RFe^S2 z0Q^9RtsUnmX5^)0x#b)`0cxRzH!^4|?Oq18tT2DmwP=GqjI9xR+0K46Qf&k#uuaXy z3~nthih98%fMGbSK4z1NB`lW2+`*U#+o!lg(e~%Dbm$ zdGBmB_&{sMj_riuJfkFY<+h8srxskgT_Zm}N;v&~RHifkdyJA*vRDiHMIM^CufYWBk|k~NtvjfV-qYec^H$=wd^&FL>qMtc7{0d9zYrMg&l z0SX`g6xGG?Uh{V>`_AWOQDF&sBLwj|ep&CCh*RNf7XocYo`8i7)IkdPd_pDLg+&eFw%1uqT{Lr%hHux=4(91sp zts3eukip&&6BatY;VRUAdCAVxE`}b2VA&X8<7Smfubft z6$>b*F+s?M^Ao#sIuyPrf*A!^+EW9O6NwN)5*`BR6k+zMoxndyl>k~3K7cft6!U?+ zLmK5G_!P2>pQ3)AQqzV3s!-Ud2fsNfpy}clKVG2&2o3_uC;zIXk^($%*CK8L&Dp4f z>I86p6Ms2B$md7vdq7Kh+6ZI{MzE&@0CivlP^7{-{N@N~pbYg)2WTJvtGpE;`uOYX zhF~w?Wypt-Gcn979OV=w<+x6$$85YISh_vw`z%{F6Uf9^K#8tz0+Jzka?3rHnB;H|{h>toj_s7;LX9O;L z>(o&Nb|X7za-W=2Z4hNrJMLlTlUP@!g8V-xj^_cYDfL#*wi7&(NlE19j$ zFzdn~I=IF!OZ1BXj6D}c65QnC!G4=R^6i7}TmjOyfFoG2mTX*j9mVr(@7M$kuUJ;^t4I3j70z+X40ZlfHk^B|i`b|Cc+~cou^{PDrNsLpIdG zA98|4fwu+LR_o;zC zH6HNytDYp_QuJ0)xFV7S09ZN-0GPy)c*$QMWH1C6n%_hVzw!M4<JJc$ zuRTc^$pC~_*D>qgP$Vtzua6;xMgAsS_;m<%ONkGNR&+=)*U5ni$WEXZ$OYWGznT%% zUmw5=_3OCn7n1`xTYrw_pJVywefj4z{%aFrbzs#0w3k2Sss6N=e@);0x%R04xsLz; z=@S)|G`KRdPV4^F>4i+^>W`S=4Y#+`Q=BU@q@`&WLgh{@G2Q|4$p!$t>aY1^*0((R z*MT_$v zEkz)S3{VFrxeh?d0Cn&nKdzWRxO(3qnvHJr?9sEbBK6>R)ZoUlR!a6%{dBA~OUcep zZTNe6S0~OGqUVqYtlnFyvTwY`W;n+he81EMQ}y&NkX-k>;?1*;e(`vMh0=w=X`@+G zGbieV#?Qn*5YDZEz2(|Xxh-<#-plRk;jv=^>qH^g9FlMeJHI1A2r#jKD;xP8C`&{X z9kz^mdNFW1i^P)EG-O8$J2rf#q0!{|s~n%U$Y633(guB)@@?Nl zP8q#Z5|VkX1aYx40?|c+w;i9k$%XXy33stOe-4i%@aT||gF~3fS_u#x!e#;btHV*T zN3=ju!;eMxe7Zuoe)lylUwqi4YCx5um+cmWZ6Vs}A*gYD2A*&_4;jg(ddZ7z<)Jt& z`derCL_Tu^YKXnwz6nWRZ8lub)Ll{VltWo0vb$|ekF-4>#`yBPQY}G;G%0kk z@4cvpyinMr5wF;K&5(OtuUtPDxG=BFYfq0ppiz)HT7^8oHUS|QBQF-{eZ#AdZqHMo zLVHSc7|ToS3iCSw{^!Xl6rOa4{B*>bzJ5cM!~TwZAg;JQAbO$(Fm!*>1pFs-G?@O^ zBBw6>jEMT9*Z&d3)GzvJ?EczMGplqA**pXx`#>nqIX#fJUo07X*-goIqBIsp?K z(m>~vRTR+rs|xKX?Ib09cO`mm*pE&@W>k&m_qnD=^?N*7ipZzo|1LK9zhe!4$5QZ3 zEnlO0oQcwKobdgm?b+YgXxkG0s&CeH&(K$R+6L!#1AZB`iHptBB=`Q@DK>rI37)%kZ@XExHM zuyU%a0x*Tpl6_cHY}>UxDx54@AJ-Wni8_6A&T$YX#(7Ucj(k0@0`uZaMUTa6ruAE3yCV!5w)KwL74-RP#GTjSy4&T z6Ok;_i_q&nCZC+debOfP+}LbA^&?BhxROdvd^yaiw#^!x=k;Yo=lOJia>`8j5rdb^ zrFqAQ;R=p2&;muzbWgDh^#))Kp*8w7R+tz^!!u zdXfKAuT=Mm!HZCFFBC<^*_=`}2ec*!RVBx+fivJOSmYjCk?TGYSWHyTk=Pqhy9%O& zi5Wi>1ClEXnD+pnPt~9sv)m&}1{sar^Ae>f1Jp8=7lFs&i1Xme5R@1J#x-pyX<+d7 zO9!~!+x36cPD_&c8Ao}6s$P^Bj9hFSu6m^?_}gv% z!ktnFrWV;!;uTA296^z}3(zIYSY`r`F)7(I1hV2>3ZUQQ<%o!7?M#C{>HUpj68SXN>>t#x7~^^?!&gk}Up@2qRtF|4ZZFKh^2|3q$pv+xQ3Y z3X|C&5kF&CQ~!b2bcqFKU=_4O5j_sn*>*~*(c4KA0V%twmBm{DjrK?xIWsL|uGHZD}ofD&W z9TG3NS&{Y3onr%4lHpLZGCSC{U(x&Gp|`V+EyTw%;pVLDV3E^8S>~~F4YvbZ%RE~%+4@%jtq*U+gjrmKIp;aq7H(P0xhj1bOb!K>+t>T@?@$IR3HZGgG z{`bq-Phx!h$Za)quPw%3#VPt``f1`YSRN~>-f!-#QM%6%cp8--AV=i6wa-UkGw7iG zqQfZ4e6%AidBTCUZ-6iytpvmz4V()~K5W-@)%)~cR@(Xc-Eg@Tj-qIQvnpU73nGov77HdejZ$VQ1YdeliV0C_pxImRj} zcgqdPujC5X4TKLw7ETyknsQVgyC|D#LZD*hWlNKaTl3(Fe_m@p?g`F-_aAJ&3$X#e0E~5) zJg{&`7t*I;EtP*XP$sXut%+FgpT?x1H09EadpIr9;OqK&b=0T00 zQPcl`x&4btPS(!sq3WoTK{glJ1M>z0=0y<>BkCesAiV(D1wWV)8ei4=2Y_Od28#5S zfhGsZ=j)w7ijl>r?t=jzm6Z~XYV`ldZQ%b9`Rgw*)9pWFrd#1apI`JBIi1$0g6%y{sFoXiFxae+7taeu>+{emDVDgBhj5(icMcL($@rF`$B}f z??eA6K>3gF&n&sAspjL`Mbi!`vTXy%AQnEaDVg|pOgtJxYT%j?cHo|>5b~$TM)93$ z{f3&fVb^AuKnelK%X=M4;(mgAu<*r>6nA4(E`|qr?P0~VLS{^qCVAI>7<%Nf*JD)h zzH9uMZ(j{0!z;hXl0o3-o^jZTf~Kh4B1I;}quxe>Be!42Mand)%W_T573tW*%#Ad(zA%GC}{* zU_^w=gOe^+(2uGB$e`wff-s_Fw^w*<6#hQ7_G6QkH(#X$yAM6C4LvMpjDTWjp#2;SPx&c`XizYR|T}r&6-9YO9b!*EBj;8{2aGVG-NA(W)uc`D{Dw z4~Okn29a3US#;F}!g{^W#EUF0+v=Y6;l{?X7jv=~v|m(GffMs%Tcr9BJy3>iKu3*k zTajBiMz)CPeX;Lx<7=#h2UT!{$&L}Xqhf)@ZV(2BK0In7gb*%Eu1?{3?&kMy`JsY= zc{6B~^{L=Rd)d3*AP!v`cU zSm3)IiW@#SzJLH ztM1*m*fyw{D`Oto#HticJD;-Xt}u#Uo@PGg^vLmCPJG}48KF;T&UzS0@ZuGD-z(Op z!wIY2xc8l!GEc@Yhnd6;?w&qpSy6Jvn8D|w${F4$Z8vRl5(%8Q7_TIVM}|snrY(<) z_a__0YS@nsoStGm?~ikvJ7U?s0OkBZ)du&*$2LKkfP4@08O!0sqV-@OzA$U0qIWkk zHNzZcc%)Xp_;0d+60~#DB9%RXyxK%Pjq6a=e1j76Ky&1hr4me0M=LqxV$9NoIO{&~ z7_l{FBb;-31ko0L+go^|IkwK{9*sk1JgN8^&t0-$Ga$0_JcWmFeR2$@jeC;pmJ62v zMA7Yq_N7XND4gXoZsncyk;Oe6>(_VLzFc8{%KW85Yia>*m}<2sF*-J^{5bg>w$YuT zt>aPNRhrN}n(C;S8No3Gm+4(w71~y`G0+6mR$@)6e6tJ+ z83bjnuUeF>o|zs~tyN+y>VeC-PcySvHKjSUX3eRC`P3=Vw>USK&J0vqmKnEx9`XVn z7n!CAnC=1a`pt^98dYhJ#`BdI@sMB&lK_bU1 zVM-^o$T!#B0@tSMW}Usnz}T3T`Avc&Pj%em;nH}b8Gw~`th`68`vC&dFHusQ;%hL* z8zUO=YA((ru*PZ+nj$YugC8>%Q#WzS%YOQ3fydOU*+gylzJ@A4_Sz+?Dx6~d;5apoT)$D+ z+m<;}-aOCyx;{O|PhD!0W+fX>Y>++&2`#&qhjr zJ8a9I_Mv*#d*5|x{|iYTH~eMQI>Y>M&XwyM#<^aeE7Q1XH9{;Ayij!-FP+kBVwv34 ztro%Y`Eylb%$*K4PIHDF0BCrP6A%GY|1?4wOgYwlug~R_>Q`L*)}~1|Wl8C*kp6y7;S{b?{6F5g4)eoq+~Kh*_y zbd~-f31PGvG4;wR=<>sc@)R1WO>si(j(X7biz8lAY_uNM8OQGgzC`x#5B5a(I)3!BTr1o)ePCB0 zO4W!FxPcO&TD%4pLv#Ra*sE2100uoFRBD2afVH$S{BlM{Top^FXWGUQXK|N)wTfZc zY$6cgoM@Wzn0Vm|w|;Np_@t~o^4&+-__ezBm|HOQ42swWjXvVRNx4H-ra1W>$1;5I zO8%60p(~fyL@gI@S?{gljk;V5p3}W9!X+zv^rsYTK$C+XD6LxW9mJL?r%`nVUQjIW zn=qLd`b(xFC|#R4&97_eZCa-$S6f;)vQpG&x*i|IrvFWU(mG!eahv==Ps@y5KW2H& zm3$VqSgJI&Z~QFcOFrQ1zfRi>@c%li zgJ_QflsdbA;z^px{sB6T$N|ENt#3DeLALg{T-9F?u<89pF?^4!h~W0|2MFL`Ya$!U zfcK2h-$f%(Tor6Mnp$VHSDTUMS#v>WM{uXR=lS`zAcfhe+bMxp@6kxIbnH|1C$tMv zme#y-ol|cL72KXW!NL%4rvL)+EA{V%5d9G2-@l)rZl1wX2dZ%;5(2Z%T5t0wr0`WG1Io4m zHx7ez+gpgPJ3xj$071~)@e3Wa8hoa789%9u7~`>D84!+)Z>|d*`R1BTd?$YW$Q&FP zCF&J`B1af^O0!Ri%WGgz( zAz}0u@q=rQi_OV8ch~b?GdIL@a%Asb?@)%f6O9lxR!rpg@4gNcZb#LQ%QsGCn>P`& z3x-5={Z_WdF;}MLpB{tK5~!wC8_@)QWMtHH1%u3XV{qKt3eElI5|FZ|r1 zJ3GpQTaV7K#5=;;lnzt6Q)tNVE2O26v`Ybw?+uA|iSEzJ3vIg8xpZjWT;bJ`RfP4G zFq=^e^D@Am5lZm|H7F{$^zcOZcAMYDu377d$i+1io0%Z7P5DQ1OcJsF?I6$F2(vxt zP7*L+fnLm$^kWPAu&i*nBbNbDq)~5X7{g7zX#Fz%#O@i<6k4maX;j2S3A%xKIIy0k z8bkLuLi1*iXxNST{YUHlqAzi`V?=HVM4Iq}Tt;Wzt;&f&_+2BkQfT9hg@m8t%SP6B z6YN@VI8VDU@83$DySWtdY&tvg659r3MUZ&Y0a*ZTY=PgzYRZR2uGiNgu#;Hbre1`9R?UfCO%;0)H8-Q2b;LJEw^CeraW<#>wgPWZ`=A`N;rU zZYeCV&O=rVaJ$n$eQIQ(Wr%eIF*>sVnKJ2hQK5iTlkR&)nN%S zCX4`g!yw_6v&cIcEB4Bln4zI0Em5OzE-UFDp!i4rC7*5g9?`#~RqX7?44(&xpCKdw zSCVgI0EC+Af}1iFx-$R~1uqstWLX2^%+{)o;GGPd&Z;m`6s}c;8(SaRc2E%fC`Ac= zQf+Al{-P!kHGMC}b;uD+ ztkOIkK;$KdfpqP1VdG=JW}p`erUL%JcK$7U`p<0>kT@v&oYGyAdtRJiFWf$gAE`Mz z+N1UzWE|i%y^~dt|J4`DY|h@Of4waEGRn{@3*X>16zLq;I@KBawp;|`wlpbTVP&gi zAt^fFyRI19NMQ|Zv|_L5nQvN;ow=tp9chT6f}ZpWtlOdvOYemaQ3)Sab^1gkN7BC*$E7AR&3d&Q(HW?exJ^#2Ft%~| zoH$j=O)=9tE=-6H-FW5__ehp^diMcr@^fjB4E03cl7Ujh2c9N4-mOYxJ zhd&c?$h`7~4$tOnD-~Me? z^`d){Lk+bYR8 z`?_=Ri`>>bvE;qiv8MaG)hOnrmnB2`nrxWoFK1OJVM~|2oRcpjx;2D%sxUL~KCgl! z0vlfo%TdxdA9la(&ZmBKMayTt4jjI@xT&1EEHZdHi#~zcHf?`Dv?*#*yW|ImPTZs= zDj%66^OaXR5U4o%8s|G8=@sNthd&j)^3-SgG77IxnIA5ma^b{shzJb4Cx_o#*(*jE zEic);wM(>gx_ruFHCMQ7@9ozqkC8|4FiFQ-y z2=CXcKaZ*dL9+kTVHKXQ5yzOtus7?}K7ReMeYiririzA~42NaZIWvc{>kZC<6xVX| zI*+2~QgW8oGVXUm9=cxxTdKUfMt>zOl_hsqTW(Maw_YcMV8XqPjP^v26H+wq)<`L; zWm{-G57Avw!c$Rs!i_s1MW|{pjTdw>Axgn8V|eMb+15jHhR9^U$ccEBxI=fTCLgLb z%6HN98KrRc3c22|DCu=RUlzNr!&=4@JScP&Y1YMsqLgil9-?$2XmMOc&S-}+=l0_F zFJGDRVv=;J4wVPplc-)bfpEbMv5YzmRg47tDNAiF8eP2D*D}mNZncD|JGku$1m$kAj*jM*D z6X#qSDL+6@5+_rwR*-3P7Dy5@msWc{8*TD zO<+k2r?gxC6>sr=}Z=_9JUZp)#2P1F2=k0)LLMw9=kf?{5BdBhpYiMRUroT>7d zv!wo%AtM!96*Y!y^Of$vDtD$9%0xOsu*oLfz$xW_AZXT?aom_|I~N{X_d$*A#;_(s zc&*{fx34)!(;Qti16tw7on)s?2!^!c+AN0#WA`@=C1EW^j9iU#SSm+11v;LW;61x< zsd4)OY9zrq=5Sp?!E{1Y#SMj1pT-@#;9?;z4=7CnYTJtLhi^LbDUlp$H(IyG+)}cy zfsNF%g&u@c2{Ih_KAI+$t)lnp0k@;YVWqe>_$5M!E#7=;E(Du=s95;MsC+GAOFSxG zt$Ewn2wGcFfHiuT2e%^hV2(Y`eY9R@#on`3*bi6r%PdLoe$0C>-?WLJRG@#z-nxZ@ z!TlN+`RNtVqFVGb-Ox|jY&!bwODhd~B9;G24{Z6)q;e8u&aUIM zJg4=#<|@-BCss=E_B(6%WG`aVe#07SDm!SeD0{X(wvkRr>lNhj`K$AX&hW2axmdAl zXbAK|c?^FEGQey38+1jjI+1IO{DrL}&!(BYi@0&|;*{aFYS5FjtE<0Ecij%8c!XhmXdo_2n%3d;f$EpFkY9uB=axHHo^wN2l-*{pk1RGTgr6<|pa+`uH ztly6;%iYI_=cJvyK~9kYi_20rq8FRnpWFco)}l?w?@d_G6<2H^{@BzL^oJ!S&M)ql zot{AO#Jg`!mWX{?je!`0-htK(si^>FgES!dBZwPpIO`0T$MeB-XbCx>=p}8eq7rGV zV@~#Y=dQ^rq;}|n>L`-aBoAp(A$cRlFMV_U5D&1 zc-bYi-vXRl=hqK!kg}dUWKuusqqBMyILxgsg_Ew5%+K9wun}%Dsv_lA_;rev^1}n= znY^2|pPgZ2-5jiie4m(RUQNW>;s@*B-Xp4Yi*)St7d;;HbO+xrdiwMv(aWBsXGsWVPG)o3e*yB>Rl~&cub^HwJC%zAADT5G7lz#AM)$ku6J7P8< z+Xh#x=#xSp+0)P2FfZ^c*M8oY6C!Kj9nEr&;i-+w>LimEpd$&ez=g-)`5$;`&pZYg zoXanhC4O!WKz=U(0^~)ZxV=QchY#haoYSoL2G(|s`5z!np#{OesC%pZGkrk+UFzO{ z&zt_mzMD!<$*(YTj)1Hyl$;BN!Rdd1Oo4La2$-BwCGfkuFr6X-K-~{xJ_`_E>5=_w zCpK>B?Eyp8=+oNMBP@()^!~e*daW!2$3yc6BIdu_uw@B7kllRnvjTda!DI<3A{Ibn z0Z+<;-r!~)utM_guv5lJiMz5odnfw$D8XNMSqk4a2qTqI4FA=s9$r<+Fb0>k)(>ey z?bTG3YGZ;e7)Q~wkRTm+uJ)^pPY!VQ=XwV z1p6qoaNcCB(dP|qGfuui$FC2sB5#4MkQx-bPxwTNbjzl;s}Aoz4^sWZ-3~ zTuSa6soeBk4%Jg)JFN0G!sX7PNr0)%bS6SwWw{V_b7Z`t3Cr)lRs|-+ILo=usYc+wA!pwMCF5X? znu2m)^A~dwp>kL5w$)I3vhH=9u7rnyeZox2)s;RF8H~;axd-fW#TbWeE+C%P*&ivt z6vXqw=c2z6EScbo6(wj?aAz#tu5ObQoI5lW%(y?O9u4g$n7vxodv2!wsD&?g4tdq+ z+2Wlzx#TQshxB%~yn++#v-+@E*U$-;B1TWEvVy|07)H4>VmWSaT$-p+@IdGt_11F) zKt3U0y@DSbRusbr^PUl9_&!xL57r|KZbTjbH0?O)m?PoDNE{$Bmrh;wGJE}z=;3V+ z*xHlKbfg;t3IZQgrE>dHtR~G)-_s+%K%*ZEn+f}>74``?t>s-by~FjDTMDlf{0<7+ zPnR}&vM$tfh5ZiKAw`|kU36iEU^XqgSJ z`6$?E9;4CfRo5{e$R0g?`&=w#1W#gjJ~zwCo1|Cu1*c&wKJTHuctT32C4T# zWK~>brg@lVY%0BiLlAOsM*KjOkd;tZ3Jgcz@*c*;`EnwNG9Rxy8ZOE*S z)Y~uTDQ4M1E@^~f)^)2okB`HS#3Sva(z8Lv9dQP-%YA*KSYd%Xr#_lKRhdeDHsiCM z$_(@k2Q?5LmU+9oWh;N8`n=$ruCs$9D_{g&WPI&e`Kvn_2vHVzK%wgrAzL%HZnunN zv~$iX_~G@GPMtt^{he{&T1}YU$f?jvoEh)Qn_i*%?Yf4W}U7l9mQriHNIVu z72J77?d!J$+S{GhsSRTeMHQWS>Rgn~dBcxuqRuRhJy|{7-{w{O0~WU9ks520`@Y89 zSoBjf=*ljhudS(z@MyEC>c~kImlfB{c*P^5-pBCXRttu{g8U8%p_GXmDscRgr4eKvr2+UJ1*;vJkwazfz z4c5oY@^?fAPc`4D7mG}OeJZ6o2@lY?AVG*LfG4b#mk7f{bc##grdL%#zU!%VdP=bI z-J6fE69c6@`4ri|m775>BH6CyUHp3O$$IFuI;BLmxs0zVf?j6o=_c>3OveKJ2|&pl zb4US#Mfn5lkQJ(vQO7NjE)FS|Hx*Pfm!8B6y1F`hyeu(lI5n#^s#Y1vUI~NW?%iI0 zHo+E)jf_YgBP7=)WhNyVzsQkn5VsnBF`w@ik+*2iCQd+7yIN_Kf3)OS&k3MEprrLHK;`zYfSGhcZ>C||48k4F1 zK`OxMbc9cO;Dds9FYmg?bvRIIgx+v^-iXOGYwgzhFx+q%*TS=qqm-Hi>U#glbg9@Z z@Jdm6zzll)cq=-5f0Afe2KvR?{$Kw7|I)stf6+lezkp2Up*EZ;>_D=&7|0Q;tqZR1 z69Ospi-6wv#1w|e?u^-r-0;us1jyY308~iJYZB0L@HL9^#s#+Mw3kJps{=l1gWIHF zA^UEn=!_5l1-b=s|EqKh{!AAK{1>N-0ez0S&XIHWl(w#EAcDK6>e>V{?y=AC@?5o< zYV5B#a`fG~n1NI4erfzR45zkQST_~awGG9~S`}F-^X`iTyL3mpK92ozzr}R;qlk9D zT%zbuohz>A>iNb!7am8kr7IxPQ*?-b#}&8Xs%PZaN&`kJ0uzkD&sAWl(H zz%<|^&r|tWXjes>XFh2@ugRa%Unc9vuih8nKik|@;5l<2xxiQDXrzEJ+~sf3Ifkrt zobdhHee$73gvShXQ`R(;!9r!AMEu5NV{?NBSL)-Y1=!wv{anO}6-f==(--Ctboe-HN7ozzh zIGJXxzn&O92h`OOVSdx=XNQKgcw)`6X;8i=-_h`6;5K-4L0VLs?$^fd&}{-t+Pjj@ z=sB~!mb|D;-=_O$2~nibu>-9zT)x2t!lJayJp2+jRU;_hzqHV-G~rLGrF&&qiiK9V z==qOV(k^bJulE8?o3&IA>Nm+rS#F)A4UR!pqLG7KLMX%@%H?RL9KIi);gKcz&}@Wn zkH@*KHgbNrJdE8m4X0IEuCgq*xXi9X^X;s1fY@>pXz$dH9^ow(@(cpV%2vtr@%2}6 z5ptR(+YvLfTd>BjFOSJ5bnYiix4qhe2rLz?m=*RQ>l_`#=<1fS1;acxTme!qU zpMC3)w$Hnw3}41E@Av`n2jm3YGEg5^Sv2b787?BUGGJ<}bo=7?=rbtlIdyE5JJb?f zZY4ofAh;WL0Zn%ZXI1U5pM!PraSgM{+R4iGeB&UVn`7$K_I+Rt&>G1xtL{BXY%upR zp{kv+IM$7W?hHH2jcO2V2I5~lQNTJ_gQ0529_wU~F56eko{(zTO0h<@SV_96(_v2wodNuo1dFoF&wX z3d;>~uX025d5!i0CO0Y_sK%5S7Ac1ca9*y#U~5+-%EXiQ{`3>8N7D+IP01>LB*BTFSjs&FS9pf$^;&=nCA%fA96NjH z*=u%f@rSTta_MYw*p7RD#MXOu=2cEHm$x%w=onY)O_?j)$4aiwX9Ce966bNC>5=?c zhaTzb#a-|Ida8dlRbt7EAV;Dp4!FT z)S78cE@5`UBaac<-35*<%}qBAJN@CZV{k~uoBbhG3X2!U1W8MP-090HY}vm0z}d<~ za+x+vUH&pD|9#}lBs~Zh6*0_%DfFzLBiK43-KGd#hpsopirii@CU{c+5}hqp07q#QkN z(lR^R>GXv*W>|&-TGO5;cd7b(|4NRbuxe!{n^XuezN;75*2ca2u@DRvuws_0&K?kuh|cttYW&->#sllT)JAJlkKuF0Kw zz}UozAFdK47=x=}ZBbx#{Kd_iN_qQ)|k2@V&_LG$ImSA6#9{^Sw6vvyo5af^Q!l>9p|#DD*HhW=I;Q|8RS#jIhD z;_bNr^W#UQGCh;A!*= zh%z9neDa@4WBx1hD*I>T)iiWCkfKgO{Qz0Z0$mb!igt_-lBzjBCsolAK*#GI|2~rZ z3~)5N^#`#4$YW;VuAi^#eJv%I;(J@$P4n5(p>*FzV&m8u8SjJ#MMNlQV z{T4Rs44W{UUhK11?^n9_=J66!ly|u0`dv9^tXPzrg9t754u25MM&~+~95B46>Nnc9c^3H;kh&z@5qBrD7k`F}k$xv+-p(;@eSVh+NbO?Joz>qbw5op|u)dDP{_k6S-L`fWCl9A8;?r82H5q7un!K$v9e z_|8e@(fHzSj*Xr~!bUQ6_(>nG*Ng2iK&+HzHoq*ke)tw|uHA#N8-ZkV@HFU&BKfk; zQ}Cf}XNmgL;}-_+N~^oZ2aM%ceh;^Oy4raYdRxmS;dq6<$`_T%Y(a(q=6izMLTDaz z(*1SD*JJYIjBACeGp5CEH-$S+bBh!h6~+uLlbsNcgr3>#|~9ytxV`8?>}S2`x$wwWZYuT=^3xHWG(Lw4Td6>~HSR2?5(BW~Qf z&ObQo)Q+cFJ%g=$bn2ug+;^P#eaMx7FLM~3S+wFI4&!|%tgTJi@XPIx6Z z8q*dJKYlrK-wr!<+s%JDwuL0PBpL)c@)#ZbIit-VnH{}pDM#+S&skLoE9akryEq$a zz~VUpe5dxxW`WCv8r#QvclWY-1h-e@Coy$rDO?Me2I;d5%XE9c`~ZQLj{C{)zZpz7 zVD;`0*d~JmYI@ohR2i?Ei9x6v?tPjT)Tp%gK9B`kyL#(=d?-k#C)DiHp-U`=O*Z0PFGOE!!S7!D3^t&mH zJmnmJURTUb7*+!PdLP;9Vl zrv^+lHwUvB$g*yr3dqO@l(nBFzg3W6^EfFJx;lD6A?~#2-8ViAQQwSJiH67;Wd%;0 z(72axEtdH#VO*iH>!!$qob(y6()E5IzZ~z_X(tFhO}Yv&bVws6C|7{Mq^+T>s39si zaVNrE|Ha;kCe-#5qshEUCd68Q$4c>Zv%b#R6P6Sw0#!mGMT3|q^KhN8Z&1?31xpN1E8N^}+b%R>l<6WjePDU*2R z!>2;3x-bUomYwRBbcG;P?IBqCe5!?uv`Hi2$a=t2w0;h%7DE}*UelujrM<@ff?Cjd6MWg>S2a1Sq0s;6A{E?y!555cset)t`Vc#Mt0-Xmpojs&p;X7Rg>%=*m@%csuOSI^G3z1cOgYm5{(jvYD zlL7V|G}sb05u2Rp84M&HCG@*tkA0|6%xjyQVC5UYQ?^nWR$O;J({(<)Iv=~viYHVE zTW}g{eCi_~I~0}ny36o`B82-VcV!nL(jdL zr)aLokjwWZwkr5ZFP4DeygBL{YNm~i$Gqn}0%Yr#;;M3A`P8VC)V6+dzT$V1uOH)6=21yMMBQf87k~HL=f?mrP8h zH&~Q5)=JEodI>Z)fjMTDo{D)Q(~^yHLiTsOGX=+t9;GyIKZ?^Sv9bEV@IFI!}SAKZWB zZ3AjI>qT%8TvZ)x7cE{ZdPH^ZxKisgN7* zSM|CMg~lXzxN9b@X|y&^SML6F8F&9>0OOwmBRi@HT$QIjYAl3Ei2k0F3V`Oc2>~oELoq`zX#~jByF%|bFn!mr#2P}(N z7ji+u8eo?Zpa5j7HmShe+5yFk!v-W6WL1b6nABhjHRcj-1p$Mu3M+zjOQY zap%|93;Fd`Io?IilYpaBtXG_VfCPyVp@Lw_DNY(npfs3p5(NaCzdXTTT(n{YbQbBB zuWSQkJbyVd4!=1^at5#np>V)xC+r31XOqxt(wB0Ozq-=joM7Q+$R-6i_z%#P9VuiS zxv_yY>Ni*Vt25k*r=cJZrUg331euUK9Wip( z5Y6qc+LWSG-^lp*?vHMoLD65#DfG{q<`?Gb&&QYa|F9vo{^b&*f9yq`wYqh*ZAi84 z+UHFM&gO>$xT=cFT%ABNkH>ScDG@Ma7MR5Nx zZmKymUe#<9TNZzpj*I9XfI)4Tr2w;B@2FvusS&rML88! z&&AZQzcXs>;>=TPG1ROAFHKv@9qi*cNypJ26*h5%#EtK*1?Hwv?zT_dvqZ0SVu4vp zBu~hG8gp}a5cNss+298B(EnlY&Eui$`?v8al|-gUc2lWT(o_-^CJCWT2w5@-2_a;O zF;m&fHX%fq%9g|=WJxC3k}~$OGxpt#b#F;@zu)_Qe!u7YynfH?{-f*a zHBOy#o}cY_AMfM+KKce~Sc2anHM!nh&xzE`8Nb{Viw6(x{ z&%!T|ZnhO2N0a{qj%H=J`v83Vq;ZKiLD#WHu1t#2fG~<^cCJ z4D>NO&Dkwa4M_6Bg`?eoOXw#RYom`*aK1{)v=iy#AqiJ` z*DpDOC+cZon7bVvIkjt>VZa$w328V`&J$=d>)eE^GC%KMG@DKq1d_ZrNhc|j?>)Wr7OW>?SQ2OD`TkLLP^@eP!%u%ob7QM{P?ckeo9 z^51ylYpUEl_TrYe?~X9;Fn>N}V^y@&$zujtfl^2;!I~@46nHpiAKEN-hNSPWPHeq- z`^4_O6WVP(L)tUlLz&%Ncd*|04~6S5xX^c_K%=CGr$8BojQjL=2t3v=Yk{~FWPt$_ zPf!V<^Z;u^@VQ!x$L=4q! z&T)}(dQ>j1Gv&K)T{OewWABc(9A)k7J_nQYXlAjQaczBfvVS|@wX#Nf)$KMsU+LM2 zTNhH&vAyEhY_xt_XXvy}Q+ra@v8=7CPoHdJ){AF|d`j~gXW(O8lkD}fB@{1kmaY3R z0vM8yXEufDWL^32*tBPv&2jCW;Rf zm#{}tweL>P3wT+lt0phb#8T5rk5q}Ri%{6~D&;P>n!(8#1C?Bq;=wMV=^kgVvL0v- z4%(j*z<7V(xogp-cx5qd!bI$NniKX0$LL#r)=|Z)U({gw(|u`v!<29b#8z)#z1Cfj zJ>5Kq^}BXRU?gP+U{aS4#Sc1pHXYusM7Vy5x8czIy%jM=-V(ahkrZfle6To0UJGv} zdlhq;kUFqY^PO1i9yzQgE`lN!^*k)wKe~BQuj1$4SwA<2`ftdI!LYxR6AUe$e=PM4 zs$IT-o*Y05Oi;c34I@+xmX4Wco_W=+w2A8x1Ts(-5vdCn`x7)n4%s|Lm^&J9Y*-*gzLh*+y0d1uJo!IF1eWwFrX2%_4qYndb<6aOC(a0$)eKj)6FM zj}Mu>0bEVp4~pN*{J|!HPzTSY5X|9{q3eV8DVShT=;a9PCXv8ya%avRK>5Jga8?ET zYB?Yd5X1j3z9fvc*`34?#g1b~V3Ql591v2&=Ty<)I}ldi?Kkjl*CYP%-2y=L(<=n_ zRj}vayNH1RaZU6O6HCWrY(pKW)B(XZFv&iQU4X7&Bj-ndep(z|XOY0*>-!GrHw1k+ z{J4L8+AVA-=WZKl+>Zxs#MLe4IYB4}Y9*La4qnqUY#j@S|7kn`nPQTSZ2&1Y5UAo= zj$?>Fj|hw!JceD^uu9N?gvlnvfY>O0;V9sEzeBzv+W25>E)Hr44Y(1WKTo8TpT`TO z26%~I9`=_3`(xOxIBx*n8iUONP&`Wd`C(x{&npI$^V7rrG_8V)N7;PD1>!t((I32{ z(|}c8fvNudu&Yt|p9hWHfc@ope;Kk$1rlP+_B$l)JLJiKrsw~krsws1#K@7~cA#S! zRc2uOfP?L0&+7JZ|L5()7!it=OEsh0U5b@FP`}@x&Dg~J_BzR6?lh|h)cI2t`blfaGojLyTe4Aaxi<({>o;Bo2dZVY82_)PQ4K zZEjPRer;CAyS|S36L}N2A`anp8|d}L_k*S2h*}U?-D2Z7L10rT0Gk2|@R?vwkgs@C zgLsf%G^7!w_&)6Dn{`_(Y_>R#DY2xVKY}hP;E14qMj#r-N1bu3+V-k7CH&TqXPz52 zTBW;2GO*50L?)ZaE)*y<(=7Q~-dv3%?!Qblcy}I)e|GxA6iiW`M3bv)`6p(pY#g~ZRHW94o z-;VDMtFLpJBarP9$<9MV*?tH**@=oXYw>^!eiQ0pe``6@@nm;XoM`tGWxTry2Y$oH zGmgTv%X{;#;8D*$IX<0$a9j;nyRi(&If~67CR=|r_ZfYoB!SVWx_pzk^`VCX@{T!b zZ+++DOKZ0;G2_kpD{yJlU`B7F{J0{g*3#ZC&C=m1r^e3JBTu~aN&M1i`Yoj~?12Sh zM4#_j24JJ!>QmwI3dB?dQ^nZ#u^~xmBpqd-cfh#yjv;b^Z~KAE2NM+fb5`%1CFKXu zU=9fXPy7DeknxHO=k78<&YJ)LMO`r9cr3wa8>xr|Aw;nhiqVMT_z@~sqB&dtd>!y> zFX>~inFTLd2w=Cer>rs77!aGU8jn27WH-Y87k>}B_=3n{q8`r6{Coo(UBiRO;93Q> zvY^1vPjRJj1!UB=gmQuC#E|&{HmQMKSt1IKAb-9PMhyY}>fEcRpb3Dd443(od4Tt~ zb93%zET2WRg?xw1Ph(`h;(xvlK@kF(_%SHJ19u4=p@qIttx+x3nS)UFdgROlY&Ll2 z(M}dJ{^#oeVwcSZM>8k~{^21iJ5H>})#K;^mtl-e_?|7Gt`dBCQUM)*^p`95foW(0 zRR7O_-kP(PNH=N5Cc%=xFuYkEhLW9}eDLk@jx<$(v46U7HI(`Da1zqLLrx-2A_lfz z#f}}o-d1PdAbf|Yk_XVWzg!8NIR8ALs0*CinA_OOT_3>%T;hxc|7QSEtp8>Jv44!T z>Oh;LXaes8oBKA*#?NV&ZR{TTWlg+VnH>mb;e0aM5bW&*)I{r#Mb4rh)rB?l)4Lzv zY`P*oKIVHu&%@+!&bS_rED9O7lAJ{)AgK4pix%U6Cx*hE*=pR1_)ZdwA;Sq;9K(Vo zI;7Ezc?;%dH9?u)#zV6}ERNwB;^baeBN_yBK_bWQ=HnD_6ybJlJbK9a-(1C3Lrm#=0@Y|+a0+w-Hm0Q8p+U2RD; zzxu|yK28qY)NCSD@8#ZO7m|^DTRHJTMC&$d&O{)z) zfv3Nvw!Xfv4(wO#-^;S(?r+8Js)6Zzq$y4x8E|rF)AbdRTL{4LMcNM6JhN_|44E^w zKa_FZt*K6SsL)^riOOUa2%;Yqi74*jU^V+^kKDYkc!mTgX*Lbc(v=1iQYTO#2wdOtn z1sp*yTU@Lg>*l^5Ld7WS9f~^^HR9FR0Dw-AJ5>=i)q!Jw&?RwHP{+|`R5mV`@OV(6?!jTK-q+s zTWW9X+fo+!?P1o#9UP-Yt&c=8l=ooyu2F*(g50R%oxLBWuCIM_(+}90D~t}#`4nw( zc%7QyhqK#1a6mN8?#vd~s2L1m0z3DJNn{=Xfk1`>yM|B^{!0RPu^(nxUSjeMLDi># z)=IXtjo%^dAkU+UImh609NVNM zn|qfH-iOq;sxG{J*GSH2OEiog4rzHl##gbQ2l)72W{=Gv#LR|-2MYb?5Cdt=n%MDSM0Nf_ zmLDbQ%)lvM)Ru8C`OluI7kf3o)-*ue93(g8_CjZ_=T=dMsV&HnaK`>M+-Y)GJywgn zBoslB)1KrV-yu05+&LpeD-1>qT>}jJsts zIWLI|M^Mjh0p)TM%49`)?vNb#NjOYn1&^&+)@q8Q+efAx) zKN4W(ynjxBHN_HBpn?C##5Dh&wcc7|#c;%sVH;wy3B`uAeY5s%24;5FoDYDbXxMxw z9?uMSq1MeQK4)EKq>PflgMKEhQolne#$l5NRgmwA)B+fSpp9MNLLt0S98EtN4sjQ# za=Tx4j~2`dIZ0&ufI)u-eDo^tD*_`hL@nO75;pr7o0CE66$ZbL2OAXd7+SbWNDuA- z#{lZ*n>4G>aD>L`NX{q-iiO9lEBk6P#u*WokMl#po4%uZ_}|gl|Lxj8>FxjMa}2(G z9gea1*SU)xbXBl#3qd{#K{Ap^gFOi~<$P_bjL+d=L3cdnUK)uE?RBO zAL1wc%9i}T*F?sVERyOm;P44$-y!@K&|!zp{1MNAgI?MOu{c5m0bLSkF0F1wtk9j) zEOucT~fOV8Y}CMtYBr!W~jMY(*H3n4BgqtRrX=8jIvPXGM_IWPW=N z)1(z_9w>)9YX7>u(%;=8LG7OAcZf0OaduNAu@#?o_MKJBuZlG&$cq4bMz9U7`ZJo4 zdS$>Qduj~E?uQk?Gc=fVyOMFgE7gd}$|u0jd#xwHt4o=2pIuf)WQ>IqbGHr>_x*umV^qZS z>r&uJF^}Y@Ynjr_&nIZ&<(O*zJA%2Kee5RvSHw`;=tLvhyO$+Fgj_eiJGW>6;qSuT{vwD25~P~SXR4#RMZx@S9ueD z{qT?phpF2t89&Pkb!14wr{+QAfjh(K#*VGXjv{cVIpc!wkmUjJ4;&#k;`2zXC>7pG z*YA*&AwnWY1zYL@nfIYF$=dkk=q_)PcWjVGyX! z**HeEPq?Y7k-8($Kzny|l=h5vwsVU~oVnmT7|>%wzF0^m1O`sS`9wh(6|0d5s{SXZb_=I{uCrc6BpNT#?mb|Ip^ ztZ%i^QzUB6sTT}N?z>UY=xJ(lnz3dE0M4~P%9b4sGqX>_BJtF7gq0KUtpM1jf&P+d zu||wZR3z#zK0VzrO3c?{fq|~UAS6UiRY2sf<~s?Kk4rW zc1j^sUUlLyHJ!A}D6_fAO}8~k{5Bz(=%`z3olk9jk-O!~{O3B-!RHVJeIDa6Z7iio zoyoqnBbR);tG2yg%f&OIhPt6taj6J&?tnTH*lCt+NIl)dsj2Td=T~xeW%Jk?rSYJg zKIqT4iUNPn#Dy$5>zaA>+jwfOMOoP+TdcJ70 zPodEbHramZr%p!j6LW7lt-un76Hgc(t?;ul(l>E5q!0<)C^4t*N#oP}J`(wqMO{T= z;ZS=G3Fpm{Z?EF?@1YK$uT!JE6$kiJ?AOVzPpop5Ydw8Y=&hd8mR<1FGTvC!MHE5q^@DrL1cE~QfeDS{D0nWPV%pb^Ye zGwo29p0+YP^ZXm`==!`U^}s#BN5U3{Y`DmK%OZ`9hqh>7eB-Us0xRn`n_5mbPGR0h zTU&*f8zx@q)J9x72`a0Kq=HH-x|Oh?NK985C{Zl9IRUbRF8tWfRRGD7TTl!U!dq2E zZ0$iBHyfbojzF{vg|s4)Ph>Dcfo@2M!3_m6?bbzX6k^vv--<}%0xEu);Ya!u#LU+M zKs%;bXyrS^aIt`j7e;&MMUe*H6&GDSPx}%q=`QviauIuAkGn2(v%YV`7uG*T%tCdj@Xg*S2Godb zsg$%U3I#1_XORP6d=IN=U?TMrzP&BbfmErvhLBj=C1c}CFz+&8Y$aHv3$E} zss6zSU6HRlVm^eX%dW^goU_1OsirF%`FI9QMUPDtAfCIOA6=hdQ!q}+xTEFKYO%a0 zqgmr5(Mfsd+rKgay->RhZ7Q>&Ay{FZg>1iX;9%H{few(E$-*p`IaN{+0%zF3;QdMH zo~!%=U4;K#2fuWazy`@a>lN4@6g_X%`r0J@+P_ha`FAs=JwHS9n{9sv?&SD*Pyr8e zLwrPOA6OOcl`5J_WQ8%1Y>Wo@+Uxze2B9n4JOFDK2Ut6W`Q<=>k?fkVlXGyki0l|l z1p7H9Yn8PlGS&dIq*X+8$ZDPyzht4tS7d2-~Sh#j6sZc+yYAm-yJk7Hu6)Ma9uLYSqkb#L1eKI8qE_oAn;O7Hk5}t7L7Cyc7k4+UfF`&s zTms=oDrP|eJx|l+Xnix8gmFU6SSD4t6#)=X6Tn;7j$G`P=d8e~#BWjrY6j=5oZ=*$ z6Xq~a3Wv=dR|gZ$5eN`J_`v=dsvrF$6_W!35$Q}u-TX5iKW1-d^2NVy5b|F)y9xgdu*=>~by>6<*Ozm82uvFCwe2bK&lHYq-UEt1f?Z5h!Q&Hh|548iW@>l>`XH@nW<^iF7jzC z@*$_%Y9} zKiCUe*;vN*UN%xzP6@W=jIZ2TP?~V9pr88aL&m|)y3XaEfYSncW~aURXZMTTXEaW}Mwxz1{w*`NJ-W{0J@ywmj~c5W^V0 z<*kLp{ze=C{pqACH4(;=g)v-I>79OYP=@MLDdwDVP|%`wE$Qhsox7%S zqF4DbD4j)ohYaV8)NYm1mjLVsG7V-xru(4{5=N85adSHBEbmZIl8(vTzQK*~vP$Q* z4>vx9d3F!ZW-cn^gP4x^(rW}wZJf9yfMg5FS;u0_nijP*eE|aR zrgJqZf9pZu=*Qy%ro0A4H zbr+GLy-G~S*W6u1FnJK1kdO~q3Y5OQ%|l{d72($>MvQ`bCC_L@X)0}cA@Wd$nzh_l zARLhGY`JfGQMbSlcT(h{te>J1BF+0rw;WpUcww%;ryn$}?g-stySe(L&^G6iTBoJ3|!CrwTBZ+spUIlc$YAC=~5ryoLiYVi;UDNLIUDP z0D#>Bws+WS1YpK6ir7XTon>vqE)`LQ`aY2a(7PMqM9L1@-sgKty$mnE{ZJ4b?Y^zb zQZMW~icx1fg_l0jU6@Lpb^OFvY+~gpMRf}M*hA+o=>ryaTlY^E)2dyg z%ONZ_s5$|QySCOF$ElLVvk&GG$U30cg+K8I63Y2T6u(a6emFgo)>t5U=)x}3*Da^a zT@rZKrTM(|-?EPXR)=VHGt-m;6}f>?rm|y;Dc=mprj0YrXyI75;P9F=M^E`bQXATO zUtaC}2;yJtU9|-}2;+dAp*Jq3JGKnAA= zyHwzpNtK_S#Gb=0`OpbVKp`Ig`{!BIW6n;Xf6=Px*~;i2)@B6y->l8PqB>t)IO}bv zb6J@*HIh`;`UZ5F{|qhcWt}EGab2iZkzJ6QNBZmEdscG))Du{6#3jDhD&-PwJLrxS z!l7R^eyX1PnqK(A9Fms&u4I{N(X=e^x) zMQZ!rD_cv>H+`sBdgNF`1(AZezPQJRg2&xBhW)$EeL0R}ya)*05m}@gih|mElD8(N zzUiobozWgRP^!E14p=`>^rt;o1B5fN_7W9`Q|kE5QFF>+np(>E1C_oyiQU~qhQSF` zhd)OLJU2Oj$Ph3wXPR5+p|7YTTJSl1U%q-D+gk+Ceao zHJ8dxqTw#E8~Qz$WmtL#)kT7lNBDX7`gyPO#rYI6m2vcZAK|va?+~q8%dondY;=r6 zbA@$=L2|e@$F9%nO+$_C?U%+T1_9XJm^2#s4qm#4!RZAgfecPIMmjyx9id_wUJz8b3c5~HNxGlz;X`3$8)qHD55KGf<^PRn! zOqmH<9@cKs*o&*MQ~CyOyrirt*)?wPYV3Z~m8_I`hf>5-+g6D;PWg-shC~MI7&3yJ zRr$Pz?JGk!`GDR+e~zdO-?cp5P{W^MGqGpRy`c5pf%e_~)Cz)g4|g3$nY#Bmb>0kj zz9qdd!87pshSrWa`|Geu?&S-<(5c99&H<7IsF0X8t5NuLwRb(aqUv^@<-3zdB`{a> zlqjz9e$M!);t7O!Di_7>!O_#~&s-Cxj)NrLY8%?2DB&pbtw9b`XhCcG$Y7T)5`<)* zgpaoqd6btY%R2f^cx% z#HE+7lR8&+3>=88w%e9z;5GafduN#s>!BL6=Lp6E>fnd*!4M?{c9s-|%ypiV3BMks zv5!{t83JI+VWI|{1sgyE9UVHoiV=`-QLQ76uzVU;P*Hm!INa6e-gcLlHCH zC>rrIQ&ohcf>a-auLl%eMhf*i3BwKkBo@rbvw?WIqN7ZdL}-IaWHAluEUj^ISiZ3 z{3VVXf4+>}v=aC8O&XZQKp%`CU;+k+RSXfDB5j<3Nr_97+qIBJ=tYM8sh!|&5y@&) z0{(0*G2WJZykRHplBKwx3Ksv`@2ce>t=WoBLl7JVm;15WmnjQW3?>70pwbi zY4Z!uq6U}P=8JQ|@SCGbGH*uCf_z77-@S?&VbhDzd0vIt`6w0KDcFN#0e^zf?F3@l zqFsxG@!qt-3%pw7V{9>|aehIo2Om4O-t=xP_DX2Wf{Kc)X7!S!I`aNZr%_R1fErC4=P}{c}K?i+FQc% znP(gKi>_aR*lhh+3-J$=0KjN7_6CU$eU6-?tQy;i4=&YOE9?ZbC}1j-TiC>io~X&- zmKYR5=vThNbVbh1&drXQECmU*-1d7h!uFM13LW?+UMUuoW}Q9}TS!j0d0)1D$7A`f zV$zp>zvlAEF~=)UL@lxm!XrQ&Wd+Il|T@tQ((m_+g<5 zU^KSpU?j5(<|YrfV{eGxf4Jl>b^4=IS0TEB?mBB>oXa%#*3xZLn3lZFc3!q~3(!@{GttpuW#H}c~@Bq83DrQJz|z?Rekx$M}}R?z}po6%4<7GI-3cT)(-7c$EDCQcGrCe z8ud+k)O}rqDg_R{`SN@)lHcfY*nMdF0keUQ_8Gm2vH8`;TtBsO!mfxP`kSQsSHDz1 z4@JHmUexZ@xp8#+SWU&6O6h&k3}y*&BFm;*t*P54+bU^j~Bb7vUT| zlSLq-1&PrFEQ90TW*i%7@5oT19|pz6e{Qq&x4(mSTRXK8Nhe={2%#)9qsO%8Y+jc| zWka1{SXRo~P55g(DJ^lBfQc{k9YekbqvVhk|0T8eMO5g+Qa@^neq^T;Kbvq6T~XIn zi+kd`s`x%kZ0g;{&l`(D?VJ z%X)2g@#?TmPqadkV?U6u7oKW~v8it(HQ|dk(eNGC6b9=sT_!D?z6I5n!%jT;0!4VpY z`d9BONoVLxy~ap;dr=4#u=Ty(A*}HR;11tmUKqXm{m2cqODjSTC`g%zlZ}ffm>XNo z3ioD{&*CRwmcfNFGH*j-7!I9m=y?%_e#uKmv2Pi{3+6or9MrDrFWkjN(e_S}FJi6l z@+hypwZZXm^q`49h3;0S3M3kvjvsmH7kdpki+-m3;VE#ygn9L)xm72QzP{Fnj3*z+ zr=+IYIkF#R7Y z5e3D-%saGS(_?$#g=Y$nPdejnk$C+&AmNv%mHU(V`Q^>o$SnzaPsyJvCh6vi)7z8n z()e7}F$yHQY>k<4<%La>b`>RIX30tWcU+Lt6!9?TUVqu<)@cP2T9ZE6?-HoEwS2${ zBQ9RNVJKhYPMUOXhgcrO@7&tAmkxY!etfk%PA{FXRr6S@$*~tpcF!^;BkUKe(I@DI z6nIE%w1u~|d132z!H3otYY*NTFP7Km%8`6x?B>C`hqGG;&a z^U5o>HAs{>qSQ@Dh;6_&wiS~LPQ(I2WhppmBjw->5U|I?Y%376;H2bbH3D*P(?88% zKWBkFNhI$DMjc>A#Y*QvS#J0vfU-f7Ys|&cYa0O5n}fhs53d#bU9l|xnl25F;^9%Y zUm@pi%vkFvVjXtK0+1;LfaMzmK8O)D`$;QXtPr2PPh>EsQLD{O{4$3@^S#sm?w^f4 z`^DL&41>bo65TNZ9l?epNN{|A{+5L$clR+4lN(fdS3!mrxc#b2B#>R;Ihs!9oU#${ zl7hSxxp)1-$5D8_2;O%td$s&LE7ige&CjOW8jWjyaf18Df1GJB74yW}Qr zU0#(7?>Et%k(+EHaTXw^T1$wVT6FADb(c$@{fCR6K@Z0n+zV5BD20=h zF>!p{%UxX_RDZD9h+lsYY zVs7K8OvWhcJmzcJ(P#^5D&xY}Ank=hUQugOR7WRbt%x6l;CQNT{D7lqP@~FpVdm(q zHkSuWvxllJ+3>O?sEy>La1EbHdC4IEi!WgAMkqKj+GHZILl?-{$uEFh%^J+a3aDm` z72*0xjreu!UX{(5yEhK(YPh-8N3QfLwr>{^kw8>ChFDqKPWuiy2qu7<&=TI6Wi$RNn&)1oZS?3JzAb;)4AH7Rynw2ZnwiT!>bQ-#H zAPg$ME^DymZU+Nuh%$;9jjn865_z1o1Xx#!d%al3z2}Rsr9C4i7gwZ`s4@fc^yN<+ zqrsWh{JC94)@>RHPh`zHn1_PNQaH6bWdOV8Q-ba5xV+BZ-P3%VOglVFB%iq<>!JOQ zOwtJAbrpA7$*4!La=e#_q;(#HM`T zZ`gil=`XT=Fuj_xBfLUTziRIF-N_lmdo+)U=e7w^a{!9lvMg0gVQPc_^tLqGyf7< zh}w>~cW=3W^X0C9byN&$P16P_gGjN7WlxOw<3XmcL0G^Mn~_udl-9c;dphHLqRe-d z-C}x{JnfT2IO88;3y=?p6bM}_)xqa@D8_7eL38=Z*k?&!bAq?jgvA;uah-|}I=zhS zKyi5PrFg@qFuUnFax9JPoQ`W$mYrXC=Hx>htI&$w$Si~QtrKGq`n9I|`cWNS6@49; zElt}+N4TaFvfFl-mRj|i9#$gl)ZFH&pRfq4zK;wd+RxJW!UH+dq1jkUp1HSTrQI?v z-AOjR=dfgq){Hp2!Gs+d7gR@KVeLw#R)W7-46j=${t5Trclmqgn6 z$ThG|CcR0U(7s{iamWBh7A;Q2R+D(^p3&>hylZk{t%Fp4aQAvroop0 zv&oXdZuIaoG;exs@l7J(j_j*;!mSDa<=TieE$LIykmyNR9+V{{jUnGh$mh^M1_F<<#wDli;{VhJj zD(tm>Sbq3tidwas_ehyEI~CFYD&abA=>wD^6g4T_exs{0Awa|F(Zbg)ktOP!=4p$2 zb43JEx)F0L`Z_zCbv9Xnp7z>7Oe)4B_+-#q(b){#OLJe(nmDPG+cy^Nc=hI)=SgS; zifVv^p>5ir{v5tBGDGsi;FD`5LDI(wce<7x;z8kbauZ8p}1@V=POt%V1*@#Pht2Q1`FRudUj8c zFUKy8!seSS>|j$bH=SBznOeHF^BzoL)wSh5mbHhT)Nk&@jifFT{0X<|2`UKV#^;w3 zl$YW-zM0BNqh1zAqb^`D-KH#0aQ#hhdM&SCR)u1o-=ay}xz=rbkP3f^cGy%=&H6aP zRE3n%@Ci`+DUbER~RYb8SRqv5<)d7=qlA=0p;1fjV<>0>N@v?aO?DXmAp!u+pSvlVmN}uB=U4D zYP9!$2`nccm_Ynnu;+Nvg;ee&G>}t8I*>SJWRRlvp_7-MeTPJ0ftIIT4*@baele@r z-GA!1K#xJJoD_jx=A2)ehp+5*#o!iHuL5fewkRU}pJ$%;{pj2Mr=S1pl5WCB{9;01 z6Y%f-FBCRSP0hxuy^kr5qwvl_wq2lV9IE~R<7k;XI|tF`Z8+}1q7d8xZyOnizz>n) z23%HzjDRu2xnZL1cgV_qFzYOjV#i#`MobGo0BYHXh)XeU#J8YG_Hi)4f1-$meUq=) zIjSHfhlxWmb;@E1EZlwuCXAk_$ch&7!(Q@{`7Mp5{+sTtN%k9<$@rDsKCs`(TwDVE zs~58sMMHdL%Yb9$)^pBA&N=b49kXgyliEdx+)n2RwsyG>eTQ_0a&%M(F7&t>fSh*| z{^v`e{ty^P@A}ckc~x`)a%aEs z20DN1YyWt)5!b2$bL2X9MuAuX|J)l)v!1}=mEi#OsYU}`Fz5+c zjyg@R;Alvqe%F@&Dk(rpYL%2`kro*K|wH+Wm%}_I6HFfaNbHECbkJ?7E*i}l zp>-`eDT>P-BC5Ba9Wk8ADnRrLjanXNKlX4DKs!d8ziT;omAW_OWv4@DdhE=Az4K0E z*nxmfqfi02irGSmO$y2uNAVfTtbK2ITreEKJ(!j5$?5S9xgm3h$L<_?Ro!km28`dy=i&?-Jf2PR z>hP%A+)S#qQ_l_0*hl z|7>|{E!pMWi(DjZT3AMQ*@ty}xR7uq0%m1O+0NCWig5|esKPihMEmlju#{V9Pnoh@ zVNRf{9y_4NoI-eLQbLay0~zF-lpJ#ZGHAs}0sJlWp-*p$N@82`UZQT+u>vpqt=sDG z@@^35tnl5-u9nzTv@ku7>RW}`3ER8~=kN8lHhb@wYoEh&FVD0798b%d0yiERhap!} zqbzm7=}gTR7GIK{cJ+iOurAzaBm^!A*O77hdFG+P3auY0`Hpo!3!D@?BFa@4Ox? zts2aQbC@BN2}}y3^3#)OJkAHn8t)qQ5~z8FoqSJ+ZU%M~I!j=M3ES}E9DzxgKjIJPX}U=2hl|owYK$cXQ{*YurVzt->;<$8-#vj&)-6nwn{vb01rl zL>|0!Jn)d9;61sLtj)Y~Wm33Ll(Wq~!5Pp0$~wxt&QEp1YMZcp)*+$V!MiD<9Gc{$ zV~sFTywsz=$GoBwS0T5tV`4kWc}l@%5041nv*b;QTgOflwCIb}vn=zbW0?zVb*5mI zm}E`oLbkSvSM1=r6zp4_%zC8*P-Xv*-l65hd}t*cT1&ZLtxru3Pw#<8Vqe=QyLTgb zM6SN9;F3NST$j`?GE#Djo?x`^V#qB$VWPrJ!H3pD){OhLTLqZ|vc>xgPMOEH`Iyx+ zrJgcRdAp;ixKA+tvEIEG5~{-7)ONl8baBhMft^JH{L<|zxe=}73iT`%>V>!pJomVi zcym~|ZTiQZ;ln%fybk)>L?O98+%}qP4@qvzAMGjZB3Mt}%4bJNZRO!yPJNA(1@(BqNnY*hTl45?@5RNw9- z7=t10M;p=&2R5&fhWZ|qa*B68;wst)Q@Lm5KUG~ixP+p+417aa&}70nJ4_Wa9xkpc zY#xZvGO;ZT+HKHbEIoRaM|2{77G)G%X~@WTJsLN=KVw_Tdlr1yYgu}bCgMOe^S-RL z>>(EImra8w#r49c%LjD(pscM-p@44=3VvrKkDCgHo%u5L1$p(Xx9YRO4?Yq1sBxcs zxbLMP1#F}}`r)k2K9o7GG$N51nQHTKVA$OJv zw}O;IyOLpwtj1s8I&IA`uw8|j@Q_=gW20NkDHhmjl zD{#seu>5K09Ug1&(_4#Af4l1$K7|zBliP0MMa$|h`#_WKmkGY@rw~i7EZNm**;OGM zXq>PwqkNK}7+|7nlcSzbfd0mmnV!>{`BvWS=nc&87zrYE>cEPe=(or7Tzq`M%ed z^VocSgmdCz<{3$=hqrWi&upLcsBDTttaYzLlsY;5V~p#?#e z?r?#)gzNsk=e~u-c58FL+i>KbMd6fszltDdTdLW&YP^fb%ZWI_*UO4qW#4Ot55KS( znqH$iTTHOeYnV-;tMf-)wQVucFt>Jz#4CR8%2PQ>OC;}M?x(}esnBv2X$|reO0R_y zOGz#CG?u=d^Kn>Pa%t)MRq!o_r{qvo{w!b}IZ9jyl`CgwL< z_FsM+IhT0&v*djrlTu7Q7K&EupOr+LeQ3+?IOwDh?xUN#D>{Y{#&X`XAbEkm%XSoNV<8Z z#O<+_<9o~6D=6Zq^%rlm#tO>t^%U+?UVD6+Ys4C*_G-GCyHJOkrxW6qu^BGpBsrbs>5`=yyg!{H7Twkq zvuHe4p!))bQf7g4W8}OM1H>^e+R6e6$z^}eGLSF_v7ck{Y&42-9@p$`&7MP1un8(C z3X=7}%%u&*7HJ*Diy?+?26IY5tg7y_fCxm)?X)MFVi&AUlF>K7KmHcRm`AZUPu36M zS9ZSXqol1!TNHA%3>V`@Jn+9H4@yV-ajeid{Nhp{W35Sw$yhg74!ihd=t%Bk-yxu1 z%cqe2icmAA;g?mXk|Li~gO|uj%^!Yzd$qEGY+7G?RW-dw4v59IfB%cYZ$fIyq%KH7 z7_54={I0V8;oWi(@;{tr_}2yYn|~G9bN>+7gTP>PwUxYW+4yUh4Ok%V01;avXflx< z;f~6)#m*cnT&VRbom9l zayitq5*gOLn~2H#*s)ziRY2_DMgn3VOI`=kM;d-a0oE}L_W4TOdbBq#Zo)DxHH{E} zFxo;+X5FTKt9e)^K5@~s((ZjgTBYmDTBqz-u0H391?lt7YW;034qw90wM2|}k5pZZ zI1n&~wBK7cKVLg&<7sScY7gB3J(b+1V4y>nX*Lv*_6K9?q}YTpwX|{5eASfcM_k zTA*>22$7!9%(lx&Swhar12aKKluq4@61>9;nOs9*HC+%5KSZ#+QHT|o(jbkbe~5Zk z_)hos*$9P*VF#%*g3I;`~PnCL<_FYI)cgh);?m2B}>}M$w#2 zlHRYMKV});x&-c+Jok+yx-7hgucG&16XtZBC{EWik|G-(5)jJ4inM3z)k_yNE#cS{8 zsrI^*IL_lZn+m9kF#I4~p<9Tl5cz9*DTx)D zyBPk;b<3#;^WBuY{eJaX^S23KQ62J}O>k;oKLWfY3To|Sr%XuB;uYCx%iEn!X?Y)e zow}P3H7#%K^VHxzaDrP@L}9Y;A79fwQ@qRci?SWyJTGAZ)$ntd8W??z9Y7wpu@yZS zKyEb@g7**k@&4C-Wnx0;{v4@EDwY#Sl)(0{$A5?HX#^pS2OR-|tiA{Ybu9^Sf@8e$ zZDNJPb+@{myLj2=uHGpz8iM|#r~89>aI=_I7ug2Y;K}T5`f59W zuIu<`^&Y={ej&rq{EpdaqYVB67QK0%3{XqMF*n97=rnc=} z7%M6QD$XWPt8bUx0;8&Y?2>QMh{zkjQgbZ)o-D_Ztwb1L= zzg_XYpS$eieWN4BxGO_9NS{15QMyZt4Ej6L_7Y&aQI)9QLb|G@L!16z{sz_!|3UWz zz!JwkFNFtqrVm39LZcS3g4P`s%*BVV98T8R&Ti6@*!-&D&_0zaQQw#3 zzzLK!slqIU7w>oj7OtE^1y)JVhTg|XlSXqp;iiqW>na(lkzK5hT-23fTH&1C>u_np zkZNK7Q)`h_gL5+uIb5nv%(WbPF^IlNaExU@!=Q_OXb#r<5rA%AQ$Y&1(hjXd#S5|L z-fJcDhC`r&C~IO*`{!WyoP2YRT(99&BEwEhO=V>iwxP~&G=*=q_oG!b4?G8U=p0s2 zPVeoKsRZ$8VbkQY;hV0Rq|e5((0bRGs;?=0*`y)E2+iK<%{A`Wr$_ru#aDcoP*gT%fIJM+ zD(rjZ<;^)g_-7Jbka0D>3}ikakxzW2ro!j=`Gt>#7X}ZOTQb^#5(0IC-1&ac*#rJp z5c(DY`DzP$Xwe+fn@x3ug~|mE(V82le%U7uAy&l2aE7!V}CTr(b%v z&9z`ld_C}qPv`sfv;{65`=S_G(tE8ylkV!REm>CLdc)K!V4zFN{cuEVINTFmQu(^K zrYtFSLP%=IHtMteiS{~Bv;v)~3q-Qp8mOQSNM8Wc=Gy3O8kY_8YXviJkDO#@@M4)z z&ydo+QxYu3^{Q@RPW#ZDOG@rocAR!-y7FVKG)MPmu?cD9}jLb-t{2i;XFI})t64$W$&6v08fvNO1_XU}uM1knmhG8=@_*L5WalW|R7U)2 z_O@Vajp^7|^n*&$B7qDU0)G~Po2TB%Ix1Eo3PbUQ=d{Y`j2&K3&@%!ecM{9Dq|$xk ztjvRD_Dv_VA#t8ZVW!zV`4*Fi1Fug<8q!@!vBF@?x`hUnZ7$*7S&f3_C zJ+?{s7AhMCnY@Nhe$8||AN2}+N@9wKBG=>aWH5g_No5RDYNB=bgUL){LwfZ$x2Jb3 zc&7)k#|_MA#f~03vV&5gMWDypyZOk-?<47GS#XI!qxJUXLL~QhJC{tG&ZXz{-L)PI zW0K#mW6w3&@M{4Ds{zS#fBFigm@o~=tH?9L&`Pbc5h3);W zno$62Do1wRntR@DjEmgEZo%6$qd`AGRAFGcLx4S%Ff3$7)lWef2UIUF-(O+)xFnt@HTwG4?rHf#{)0Wa_T>DwI*#)Ln#Ti!_5Ae4 zZkvZSYV5@K`D!hAToVk*vS){Hs-CgpPJ5E7l-Qfg_+>S8zSfu2HY55P!>M$p)42fl zX@96;r?PTPDkalMBY!9T_HD-QvboWwwG*mZ){Win8PSl~MR~ztF^)GX2~l?OL+Vwa zJ63aBsY>`SC?5E2!g`}3Guf!AGEdIrg?-?LMRD2j(VPR%WDZXsgcV5FgG$*OA%TYd zhDwomwXW0~&;7ZxE|rUyKS}SuD)8A4W&5DC?69F!BgXoXM{>M56aTzMF$FQfv?N=5$&Y#M- zvpcjF&U|MWewXwGC;Em>%mkKcP~LZVT$z)R|MLu|AlJdBlc8^~-{`uQeygoPqR&Bt z?7ceS70IKa;gZw)&|_+U=6|1>1pO*Lq8iDXb4x)UxX^cveXM6XdC5! zSOr>HVD&L2;igdx%Z4q{Im?B^Q#NdE?mj%kub*V59QrB>1_fMjk75_nAp^PDWNG@& z(Pp7%=Nd;{3!pkR_)m6OY`F6_<}BCSTl5{kw+5@Rb;y#;Ms$$()Q-{{yv&;9Wo(?I zgm_)=OaWHxruooIEPZen@p1ID0mg>;$ds*NCxutezr{JjCNf28v%x&UM|R`u;X?vM z^aKxYfUW}ID*}EOy8=A@0Lr2hXM*`%{cD|MRfcy76 z(Jdc~%9?Q4>_Z;Ma+{NSb}V07)8Ke z=C7?OYSAn3USnfFHPiKRwPr=9#cW1I^&zwr`*8Qu7bFO-PMB&u$4%C0+6T-dc{RA# zGFhd?DfnYCkJSri4V=W(=oHR0J8f#|A?cGudC@V4Ge$PCx+m+;2JSeRMOA0XeC@iD z`39}6K=8Bcb{Bi^t+V4A59!}g+Iqw$?F=1jbY*bxw>YCR%y&)Y*23^^_VR}b>#mYM zJ=MR#HJ<$e*O>c>N&PzF4B!>ez(r5h1o{^@3PTBt18oEO-Jg!q!f%ceaMdV>04cGr z;pki{Bl7RE;o6iF0D&zZNL2vfis*mE(a#3zc4N?cTY8i}z%|=U{#;TL0(e-h^>6+O zajR|d;9&1#fnWt^-1?C*q5Ylm%c{pRMhp`x_HCU)n@?lRrm z8vp{qddIaYEU9s{?{l1Z@uu7f!KeWxVVHnQY4Mj@qDPR;5&UuC^n?dNk1YfabjR++ zjXRt0CS@Di4mwQ?Pu%gcxwaN==gAb#?9}+`YI}^Dh>ddk_tW`WjAOS(VZ|F5!D4 ztX(aoH!HOZzdG5Vo84}lqe06^zibyA>?uoWt`B19Py7wlY(UT7eb2}iACe#U-i1qYPwPxD)zOT~!p1Va2-@dfme0Dg(`^&?)61PS2;0kKiN~_xUo$aGt z#|iYeMe7_n)6&dkZ@A~a`!?XX`MDU6wtrS>?7uFe?+h^^W!ZQ2;S1|<$tEX zUOUAe&3Cn4*LO^vKJ?Io>@G-*^7z1DChND^{3UmZ(u5RPh$c}nc*=S|rXbg1fx*>M zyn}OJJW5a_rMY?J)6Atyo$PL`f0A(fZu=*l2vTMUXyZ~k0IXoAMf0u5Sp6>#Q8zhO z8Ba_#ftYP3uNM<)2J;>114S=x=CAPct6wt%~NN!56qHyGVwvGlA zi(6p1t?Ai*J}>7M(zzl3R(qUkuL`=GAOm}vo5SKUKQ@#(xus+UP{!E&(8s3YkebW8 ze2e}Co<_ul0E#@?##*~gC%a~Z2OuF&-v$CUWskrnUsHT z0cr|Qc}F`R(N*h6as*LCm`AIcC&iId-zQIpkU{qyahrPvCz1p5#`o2d2lSs`%gWKn z2nMzx#VGPOqJFD-ZL%!3 zuldC6h5DnaG@e(?bknD_#KloefS=DO+QKWS#4@;LqElac&3d;rWBIf_`Sx^_xpSja zW}nPgtVHY~mK7>mpvrEmrfSS((#(G+xdSyh)=otieIJz$lYpGEi!X@Gw7ouQYp9t6 zHEMAgT&Y`S+^(nOy2@f@(7<)lsuzs=q$C$5t~6vtNk?mu?hrkO@M{SLCL@cR`UP>> z9T{?6_2tz-McD8cYv*iOI?&u7ICLjfOWwYZdP1Q z8gL|hAHKgcQqq?dGSM-2q=T_y85Or(aKn(ACvjh(Ihl{pZp~GjiC*;7w6V`vEb`i% z5>xT8c(|*3kkYj2&vCTa{}79g+UIHlIO~c_`m;P$^PWbjG+ORkC zsJp#%vl3`fK>%%V_p@@^L}R5-=QmdEQ`ZgJEbHpJ)ag&CmE$m@pSiKTHpv`BQ9t*o zqnf$kxJ=`vp2G&i(*QO0I6ss0lefn?^C$H}!^Zqax5hd!U+bR@Up4HT(yH3q*-PGn z*ebm*fZ$b|@)>Y?Z{~-p@3`1MPjwX5J-T@5?ZUAT$~`CF3jXPXc5Pr>zL945ln#-- z5p@>k)5v}@#XTX!cah`i!IEHE0 z?b9(jZ?sd&`d4=%=N4*{IzF%_;2Dt+LRpAs&QjdN5u2Ut`TNcn8b0mE6U@janz^m6 z*#Pei8&s`|3-K_!Ty*%Ngj42`RPEzWuDd3snZK27o(jgCk$?nGea3_+-1%sn5W<Bn`lzPE3vV~jl3eEh?5 zMwUlSGEy_U;vP#s6zYb6CL%d3^?gp+e#d#wSEu44LQ2pFX`Pd&ha_`LKlkNram!x% z00gUJuh1RJ=6_4a6LpidDPnX(rBIGQvcnfouQ<}iHjXM__7;oD?-x8)Jo0AZhH_=e z91{X|-)l`XBE(ZPPPwOBUGj18JxA(wHoZUNI0_uQ>?BP`B0WUieU%rlh7YoT&lmOW zkzZBH;ZwI3B->$rJC)^qGZpZUY3P$q>YgBb48nj6{ZjjoDXFljaNh-KuUvV%u$3)dKb2KwSvMFFrd0V1Vq|^$} zD1z1LD>$>(uyzS3s?hcLuG!nh;h{uWE*|-sqD$a@L<}lXx|a2oevV~_N&@sn&nRUXVi{1x6Qn4zUQQS>F_&{w6rLN z`C-R7Ef)JWmyJz?{623_JQ&no>qDepb#~0mZ%I!ju`~hqnm73&UX$lbOUG>6FgN2iyvmCzY*1)@s&^e|`4_ON~Z;j0(Y z^vNIV+a})9pXUi)S7L;_^(skp;F(u^Y*I^m9o|%qe^n9DeR)xtqx}{A9jwBDZU<4~ z{E`-z@J`=Q(OFlaOEx)f3%O&yzVgZO)<5Nd?zpG?RP*$T8cF^%{=c!F=SzYWz$5>I zS~c>IMC4Dk`+SrkH9_zPopTC}b&qd07hu~W^7i_6Dxgy^BkEWRkZaD3qsEPa&Rp8E zJFZFtpYueOBH}FwYeC3x;kEcP&VAliVA7nIYMqI#A~W72ZoWco&2uzXfTwUz6<@D9 z1I>BzgU%;PL+}$a0nGIc?A%n8Eu0WB8@YpIj4*5@wo-yB7pPu9UgRU!=;Hz~ey5Zz zfUwZSenzQbF#m*W*W%G;Dr6DLa9c$8X`Ji!J&XS9oA1hsDG>o!KqQ0Z&Vp(oAm)4= z`1xSc!DIYiD#AJH#Wiq`%oC$SPf(Ba;mDFn)psI!Y*Psw=wiH;rG_YW3oJeTZVW9F zk4TR<)G#FJZ2v3v>7hLu^-~GC#(XD*lw@XRC%L*k6zVQ>zN|d7O{iCLB{(bis6o(q zI$8b!BR94X6o-g^ z{>kqbgO7Z}E=LjUS0Vp`+)*v zOB=;0X25Jc1aeaXqF~Yli0}==f&Bgs1|$HFcVKDK&~D|k^f$n$e{O2(Uq7_Gf9%tX zd8^HJK%1?D7(feB1=3iF)j*B_$btRkJIGsSAMkwp&wF<00}6{sAmO4x~s8l7?H~JUGCgOvk#l{tr1!?TU|It(@!zxUh}V!CZr6E> zC?8hmp&M#=D(E}B9+1xiiU4x`zn~YWS#^Ux$5A@LJIg=lN^@5o|G}yrY6kziCwp_v z;0@1ZIA*IITqyI0(hSzX&`>!YJ&cvP1C^x>fqWV;nt-Hb@V;23UO24>!@MoZX&vuA zALlUSY3NhC>_+|;&VI>P?OL_3-BA0r+p%(qOY*|Vv+(s(53`{{xhFK%A@vzB`i3c9 zfkqUIQqGP&EQ9{_-2(R9t6k3DOP5^`gOS%*KmjJGLc2oxg~Fj=(MA;O4LSwMypuoZ z`d)uTewVaFu#)P4ko&R8)MV5W6FA0qN01@zX^xL!FR&8?Qcy?2I|&js;k@DxYiJ-6 zeLi^AUa6PfpB3`d5et+@M6(b*g9L~HL6VG5aSC4?X2; zp#vOVDpfr~WE2cj4ilT_dT)=4jzk7B3T<9)=FL2*zJEd=HuwIxY;Tm-M0@k2E?1cx zUEEc{RXbiB`36b*oIu@jE=OHuf12mGsvuX9uJOJF%TJQ%(>%ygk~>@wmk$U#PYO-z zhs{VeO;Z3X;9UH>4g5kM`86H^ z=vf0hH5d^8b4LP7^ag*=#(sgkn%a;8tnfEo5>;r|7c3=i*pckHVKt5e&#LMz?DNiy zYxjDdEv2%-ua79<_VvCc3jm0Zf2c@j%#s5Zq2jPqfO!jWko$fk=1xxv0WupnB#^V> zTOpZ~wiTH_R97=VF4Shmda2byK^Cz{0p^Q`>`-8g_4@&`w5=>DJ!0srI< zdq4X%<$RDUGp8ngvHU1Ch0W(!0`|OW3Bl7U)Yo>^1z5WZ%=SdSI`1iehw(;;vDLrBD1~(w1=nm5`~W#8-~M%#OsDl#^h=V=fjmVrbRYxcD$_T0z z#}8mG!$FENS2_-1Pn4U^SC`k8L+)001B8@>M)eud(L=b)Awp5J_!T zht!Ea_4{49WHtEZft8Zn+q#qZanBt{aLR%`WwGt)T zsdrP{3G(&jGfEFUT3)Rkrbfg&c!BzL4!Gn{$<%SU zV%5Oq;1(VG>_u<7U_q6;{2CjSysR|F$&b9p3L<6#8o?|kFoEf{A{$&AMcE!_@#?-_ zW6p=zn`d|xs?RlfJx{+WF#la;X^=S76u}8MB`{^;BIw~jQa4DFnijk3nao$p=5&YY zn_QE)!AQW@qx8mG^yg$Aea!9>ubfBPD65**n8wrSnXa~{W@|kto`YI_=+KI=9NvI} zRK4(1Bk1Y-sU~gbCI<7*z0;H3n>mnt<*TAfH#_JSRFhP^V@F`!ZRo%0?|dY%@W z*?I9W>;zgK^XQm2cYZz{1yS&;M}JV_v)-qLk)tivdw0`NS)3x-lnZ}t0B~gO$6r-dWSL=dQY-F3g0LbO8 z3F+%>A4g`f=DXPnPAkkj+Y~xt zIa;!1SEPHT>m6TL4NWaqL!oW#lTYUOH)^4q%w>`z0j=66Y2Yqz)xWy3>Mro%+`JB3 z^V_c<4?^gj=$ug+>$M^XVAp5fVt!F8;NQ`(4`*4dyt^y4+i{SZrg`?>(yEknltyTj z*L;N|FPxM37{HZIV*~g~P^Oq3_ljq=vCUj}-!K#>JHHL8xWdnLmRIn*V&d<-EuIVpZa!3lSf7=OcRapvdJkF*@js$KXJhT#oLoq6xv8G+?O`IBS zgr%S8iqd=y4-IQyNOV$@%y%TK!sh!LvolO67m4>KCDka=bB0!0Q4crPH|y)Py=Kl^ zaaRq->@5rMoXs0hFMk#Xb>HglV8Y$Xo=J6EY*tyKN}A>oSzQHIT8T!Da_=K_66y^L zi~1Zz_!#-cxYM+=rW(YH&UqWvw6Lw|{sL@Y*;TP=eGVHv|1MJ0jvI-?T_O2Kh z_{%zfaY0twz3l^AL0A?s#h|c~+&QCl9#XtcHXvEx$7}889w4 zO!C98zbLQe?sZc%szZnZx(+s0Hl8_#ufvI{CV70~m#;U7--viunMgFk=UywCPm#3l zud3>^&K=8fxt~ZfmQNQkzI$#?YgE`Xx|E!5-bT4WWWk9+M3qWVvYImVOG@vR@#E|Jm)P)%KS! z(%!OjKDh3!7Xb?AJwKoTV84z5XPXiO3}r~XSU=mzZ4)Abaup9{7vDMo0beWRtW&%( zj%Y_QxMN;pPT+b=cOPbro2bJEi^{f3^iCW$3ec9Cjcn21UV;_ND<~w6h0Kp7d{A5) z0*=hXtL@bBd*+AJzIe{f+1Z0s0hHd3*NKrBa1N?;{1{Y`v@p1mX#*j-4TR|fb?zi)?Bq= z`&r&Z=ntx%%Hplxe%%CJfjbc#l4h`D%($}X+}m+-J~n8DLiP5Jxev3)RBtm}oaOz< zwTgMpd}L7$U6=oCZ}pQuS@~{dVU_aOr7HRdw=cqb;1>z# zK=aS(JNalDeXQSEQfnJ5BRaJZ|>$otJ;R&i6N<$2?d0RDtUdWBX%+-p!*CbgS zGdiS_9NtR5HHvxma96`0nu;>S5R0d2#d$El>2FHxy@;Mvl9BE!&FBSHjH5Y~ zMhx6eACndLw$P!_ldCjgxcor%4VU?&RX4k}z;o|%>Ql{^4jqUbx6lI*Wh>(xs9(!~ zs7m?RfVcjl{)x}}`HDMH5Zc6dstN^6g5t2pDYAXlvi2DUotfNs!*QmU%v>~p8sQvI zTLn;1jXh-D4?3pSz&x4~{BqGz6Y-WsM+w;bHMYK358abq%RIKee(r4mR0+Ts17r_S z<8_$nGALy(nR*A^*7fSc{%%#CEG{(FT5Yy>uDwzh9Cd-ni+p?v(rOJg`GM0Q&yWx zyYa>fx&)em@oE#25n1-^ZJd)x$Ns&b%(`4AfJL_!kTA9t5vf|D5stB>aoo8&jA4|H441mA>x`zZLl zi+N(Kj-O~+O6+UEoSJ$}zy?=Gd>cIxOzE^YWFe}~OLQ}pp zK46tEb%dm~j$1*{_s&+RuSbQotK(IgJgp|9Zk4!+RgVQW>U@9MeWA_o(?w ze9LmPPq#>B!Yd^mMjtt!oMbY2wA+5;(DDT!T|)B1K>$p028{<6-cY|l=n6^iv~mTs z5l`CBX$78O8y~N9VJFp=LRz6raC^eS3@hN?1&mrK@%ib!d@?9;yx=v{3SCoC6+HEg zX_H^_F^9{Ni!#@o;uez3#@+|0`kJqTlmd@<_C^$97d_)=@xb@p&e z&nuNenxcORP1~nnkt+Y(Ls@y*A!&lmnw{UDU9{I+Qnw0l= zv>I`tyo~(F_H?}Xo##(w`2vA`0jmMIz4momcOhtWk z9*U3NNhG=AL4l0Zq9oO=sd9kMYu7zFLED$1ROscxzunm4RO(-xxv<^Nq_cbWjQ1j8 zbvGC$3uuN7fPFhlGcaeUOwy)>Wuzdo-RPp+3WHZV$@4bZBq^zGisfFj3mI~lMnH&( z?%E>9a_hV$ckA~QZV$d~&RNtubxh>+P2X@Fm%=XeJ&$*R-A7Uzp~Ey9uMz}=*XT@! z!J#E%j>RT6>`_OI$WPU_InKw#fORGA2yKh|kE_At`Wo#>7X5{34YE5VHspA?q= zEx~fBR{9iN(k9&5<7Y5Sknl@2F`CmqxR)IN8TT^cC3sm9LpBGr68gb=vfv@g{#9ff zn2MBL*3?uhDW&qjIsPhG`mRkpt2L7|Gu~WeTWQPvvJvP2j2RyQ1UXqryUhqOQc~t5 zEaXA_cK+6wN|8^Mk&!O=3PbzCTiJ6#OPxvBW2DW7c;;13oDbID8JV!4@yrL8hVrv)_LIZxcl^tq)mcQ| znl^tr8@VffpsiI82MVIelX8jI`gD5TOf(xnj3r~9QN+>^R->?6`!BiP>brs5X1KqM zKVrr->1r<|$(SaD#Vo9?etNh*H%?h#*3gV%6|fC9B-ifjFAq=CL?Bs+uRrL{6ja;c zzFw>Vw(}_cwGxlF7ggbBKdaHxJGj7Bx@6i1u>rKR9XRAj2cA9DeQ{<0ZiNqHTHD_s zU)WJ06!WV!hE>$d!vyG@*phIlfL#FMy3mwl*IX;tD=GvBW%5@#1f<%ENr+yaYaAE9 z&LJa9Pj0>muF8{FuZ94UheOSvH>MX$`bA3;gt_*8=}n~8y4w!C8Edld@Dsm+;qTYb1(NhdMHkFcaJ%Gq{}^%eFZ8l@Gd{MTyxoB>P7}NPKk~r|A-`? zZdZG;CtpE1*LH_IIinM3?DZg9kjHtQ{>h_5nX(E_N4d!gt>8vvIQUF0+v4sSsW&!U zw%%^8Mb36L=Fc8RM}gsfXeCqED7z#osupYuWkj6%ZU_yeu;YbQrrND~OV4q28#lXi z%byB$Iandf4UwVSNj!dM4=2)~{`p8#}4y$9Kc`A2a+<_M{ zy`ZfN6dZ+N>^bqZrJ^ocJ%dY>_CZsPUAgPwp($_l^_5^~A5D3eWzYFl^XNXkX-I=z z{BRY%>ZO z<=S;kO1JnreU+iLV`G*jzK5h|H6umMkz7AR%50Q2JYzR{_|>SSj?jZE)~}tbgQbp3 z)v0THCyyK~Pc-HWe4RE`mFn`?!wwg`F+3akZZ05^wRGT0Rc~3!7p_<_ z1lP?hs3n?q*qA$Ju?VsCn3)8tXmx*EQ3tPtdSW#RMt90d_JES=Zv8%;9fYYf?eZs~ z1DE*XuA4h}(RuZnck{R%tV9p{-R`eeBi>b?ksDed7D2gmL81n4^@spySzP8!RiF)Z&vJaL6Z zsc-7Lu9p-P?2lxAndNdQ#W}v71QXNCTQG;Pxwc%j*+PT07pjVkDtISq@fqutbewzA zydH`6Xm={0iaRYVHPb9t-iSF}mY!l8rOIbRhZEwt`aMrN`#Gwbo{kw;VB0za4o2`U zaV-QW3BmOAi9$ygJN?n=i#Cd-onPwIMjjnVKE5Cjb&P`(O;&{Q?f~+NA#kJ_&IomY zq_l%w@u<8%dvMfXN-SFJwUghRd8_s~OP3?7_j{YluvX=g=+|XE!hKtO47M_XD)IAx zn5C9N>@MxM&CLyKDjAmkKtxb3WRIeVHFhYOL-SlkZBOsw&16P6;{)-4u{{ za*U%*KS(S6-lOZEsWb83ipK6WsQi$|775&&*sF+D<@^%uKKDguxM;d6L2xHCuHKMA zo%s!1H?0j(X$RDqUeJ9T^+Caz0l`F12z`QRMjnOB&!7X!xpsp~wudGKN9={{w+~vp z8a>ZCo@TLnva2bY_O(S8Ye!gUL|i7JiJ!^%GE9mIa8D}iLuvIqmpnY;e*Qu+ADR%V zfZFYyPWmDbE@FC<4fC0@X>=Zi0sZ+mQrUa&?T7GWBsoAJ{PZt99<`xN?v&db*J zzM|v0`?}rbZv>e2K#Pux-;QS%K6!8#X;cz!KAjw357h0eBu@Elof<^&B&bI`WaIp4 z*iQ<)nWxmlVf5$T_!>cFVS2avany3SNv?XPNk*J#K-87>_@k%f*Gl*9%-Dbhol!WY zm@Ru4XCgISUu)OlG$ua|@5}p;*-9f#*dkNV8@ll?%HpV^cx~S=0Ncivq2A{DulT2} z0?r?F@Hi55K0=SA16=yq61L+2ZiS@RLQBLR_XU77AqntxCIO`}fWhnSwEOd6=|3Jy z{Crrwb`>Dra5K`lpivSX$XR!=0m91Q&*gBs5I_{;PlYZKVfCnu^9{(?gks3pd zeS{RD1{GF)DbHGZIpO~8K~0)6Pc(y%I=JyK7z%=PBsm+b@5*mC$O6Azz0pI0DoXdI>wh_al<> z{c>SD#7(c>7fzE)RgcK|&d4)hOL+`8+!Auy$kt!Q;nD0-1S`p&<(^_ zr}Tv|B{AD_YjD|AlXj!5V{IVs?cC(XOa9=Iv)C~%j^`9*0_sue0r#(zJ7*t=6FNC9 zgsNRsrcocZ3nH4Q4#0I%D0eYLOam2xRql6x04~|e*S>5gAA9Hm?SV#=i~1p1As6vm zR&Q$QNa!ZasVyuwT$^|#xhTtqQ|?(zT1%VN^I1QP&>`vbJf{fpn)3 z0zDo`ym6EKbV-(Y`^$ZR0yx*w^8LY&9{T)Gn@W7nE*uG0TIZmbVNEjZ7vmj_%8HY) z8L2^^EeN}UBXT&JKkRdi)fI`|iS|H>*KFpY%41%rv_TnJ9lYUP&ifHvA4!ZEx1?9^ z6O*^`kH3^haeQ)-)pcopq4YY7lIvLqE{+JKh!Q{dweDkr%!djx`jUk;)cM4!cHriK(it_nGorz(w=quA2UWj=udPa={VJ2w$!gZ1(@(3*?u$ZtjUcfD zae3gLwJK0?#p3GvWW^<-_5v6a0OfEqg z1%&yIqM~;(om~C(x-j^?N0RT>s)wqwXTfDRY}rv+P_p-P`j`89HZP0P!6GEA|mo#_H3CPOP8WxFG3p5Rz&K= zCHPz|NbB7;QL?P;E0uY4W2{|{$5W@}Cf{2o7+QR=mIV$Y#s2?a zZW!oX{dSkG{@tgK6JO;uh^?iL0nHDSc|*Bh8;c?=$dgNB`#hw?bFim^8hue&F<%T< z?c`Uyr2!2|s(Bsw*p>;s(U;Py>d!YWc3O$W-{6e-K=+jX=FQgUC+euh4h8l|E9lwM zBFjnp)X10T_w1dy3MoJl2-7$qa8y_6*a)RxL~!@?L_-QgIw05Q#-j|9B3!alAG`+KxG;*2Me7|50&&$s z5)M*ZeP2Qd0a~B?l-Nj*ry#m)=9*>0j}BCDyjxRRkd>T6vPz&1TO*67nyNsDlf*8D zSxE2fKgZuyW2N-0Jh3Q?3tCLc=i`!SgqM8Uk);l zBJ%n2glzK&)NXQPYcJVoXW+XJ>+Qi1J>S(52si0l%kqvDi8FJYQmH(77hrmJ!}I41Te06el9F4 zXD>^=d=;nsP{=1BOVQh(uLfA}n3>(3^MqE4!07Q_1{R``p|w^3)i&Z#NfVEjX{KJ=k9PRHJ--5IB1!mT1pH~ zPws0OfB6QymIKP(MPo`#czavxq~t7|RChSsW?$Srb$FQX5XV+42bzcIxsu9)z%CM& z8-^msusaoN^R@lb2-;1T6%RkZ7jzucS9rJA*>+s+q&C~Ci3=SB@3^poVoWW=(}Q07 zCXBiuU+dC5_yjwa%`8Rj&P~VRCu;SSBuG!25OtG+^fJvuI<(RFD&l(($qYmfVCc)@ zuQM@Eur4A_Q4?7wrx^eh}|!CO7vy0KMW`d zdl`+iF-5Ru^L^7l?6vx~0?kN(G}H)AV^$V&06Zb=#G3xb}d>wC$`V0yU%h4@Qa4>5LQln8y2yH(~eT#m3>8y{Hd zV$*%>U}RXb;q(tWlpz5?O}ADlwl{XRTDB(+x9y@X@?XEZFfif|+us zPeH&g17?JuWt={ao3e2myteB!TG*cF0@^Y1$8vBS`j}5XwkQ?vi)xZ}YfGyH;tl0o zqg{)`VzDxPXbSpVobwEOT zzj*6oyb7PWui&g@u@W|WQ#9yT(&%4H!qgfJ3F+ZRyemn5S4utm-@qPz6&%MLC0bFj3^eII5D>L*&HnCt#i3f3jt$xsvG|-m@tCf1jY_(mT?F8DRQR{~& z!pp;CS5)oS%`0X`DJG-h%Oj{HqSSpoj?~~r!7fF4wCJ4}0(SMGr+Iqo(V}z)^7|o> zt^Y&NhqZQ9`f+c<5hnmvQ7dMPV&OV=sr)|pUXWjYo_%%k4Ck}Dw%MIS$=i`W1fZ6R zZ{rEf=@3Z@!Uo%K*M5_?HE;A~jK_jyE|grZgoC8}#^#oX zH++c*pdIL|<^67xIqdH#03TvfvVn56ZSgqKL(l?QSW`iqtFh{q7ot;MY)8yu9mN6vUzPnk zAm}p>K-w@p(WLG_a&P~^?{}15P~TzZft+JGl$sBR*8)kK)qjNEUIrHTL0O^TONG$MHDj7l(i6EJb3Q+c;Kj@}P0Ns$~ zcfj+jXe72XfJ#BqE=G{F<98{PVdPZnPqBFDD*6%&i$p|skE~hzYI$-xUBjPkj;itB9ZTXA;4`Hg$el|9e^veQ6e+#C2~WVX11*m zKts?(DdFh9Gz|Rbb{FXUwPAmruT-*K6L|j!04`@n9ap3P$4f?h3AxmD&6ev_qBKf3 z#kGCB94tM=x@<=*z6;t|L@w_B_6;N2*@BwU`9>NI3>;9Zl&klBXo%XveavnNH%DH)V0L1gczgK39DE(7@K-IVeSBm4)Ujx=F(W&F>*r-NjP8mJZQI zG6A(K zU{El?KG-~T^}m_ChtyI$hUL@(^??eLiu089G)X!U|B z=}x}QXiZpuIh%@%K=|WhYw9QJ65+K2i~Bn$k=&FigWI~6$rE^O>Va!F1vb$ir=Q1( zb$m{=vNwo#wb z&)iR56ZcY4(s0jNssj4-(-6ynmGW~&;R1j?tNw26e={NXc4R~JPkV0tS1X5g3-yb6 zPw!{^Pcv`r|J)Y;zWM)mw)pEt@?UMD9@a@pt$z%MG5Wt)-Yoa6{;|51vLlh$sb;`k z|3-?MQ6Hiyz#w?8@yT0E0XCAkHuD3V86r_xPiR&go4(8%+n_(6hrb=F0%$9m((k*{ z**|Y2Mvw5!r*pEh%@C}XYr^I0^JbdDxFr!SRwV(?+$rVZ|KX#s@s}eef%<>?S@?h5 zi(lQM|0ydYn|sD1qy*muoM3A|H;TWm4A84zyg=X#vxfx$a*mii;L0rKt8)=U{CV!N z5D{1{;zFN1`H#>T15r?w?zXDCnKGS zs?9^m7kk~ZWATg^8}Iv1UbO%<^Eu9Xw8(PSbINY7|LGXB{{4(=_D3$K{yg3nd-3Qq z*7dh#bThCcEz3Pq_pu@w%8k0u7UUvK6T7ej=QJpGJx9f?5cC;MGe78f)4|*l_mHhg zfcs1M=}TjN^P5P2_)S0%;soS3zY6r5Uv=N>*IjU1DKpZ373k|NA_JZYgKUcaxviG^`4>}VNAj(ycfZJ_Mf;4!~ zmdCk_R^LCQ!p8R0#Q@?Cnm~hvJ796w@d`>-@n-SGdLHWhaoJ^jr{f-UESVJ!h$2Zx zty*uhmfYJ1_$!|uLmE)5Hnp7g50<2PRTD3cY}~MNSlOZ|iP~cW)2@YINKbqsQ&wQ}qEU8quy=9t_|c>Ka(l*3rAt}m z2+ZV{r71#b^$oxxRsjbbpeNyf4n7)(+CL^uB>@Lz5c;PhZ;p4|KMEpKfxfY-Qmz3G z7_$31aG3xWDJf?QIV1x718OP*?$SeGN-#}RTPMN0`#`(n_UBqaTZe#4X(6q>9r>M)s0!R^ z8ioj1>S1mgMICT{fk|Y5HiEZKIg*KhHM5xhN5AVMw$n1-8;z*!7f zB0dWk3+S(7@xQ8>Kd00};)RCsBJy@Gc%gyBvuS zgjpizD8Q8doU9Er=`ru0$F8A>C`~=YOr-($j^Iq%7v}&f9k2xQpd+#>Kj`!+5C3LJ zedL=z-@#1lFfMOqX8(>5CpqK8PP9G@6LlAs!uKAHzj~VcVz8>1t zg31!Q{h&rr@YACZ1w1sS)JKJnR z-#+~|T~AqXZRhjsAm@=k9eG@Vrj-b|6ruGy%5Vna%KkuHOx%U~4!X-q%6KD8(kuBj zj^5)omL?60oO`?=*ehK-#-+jth_0`5`uE)OhiF|eP{?RJv5F;8kbK%j9W?hRBP(fc z(FZ!dO0Q2~Ur^F<$L#1yNuB(~CI%<%-z86}C6bj?T?($b3a;6zNUA%bhZc~D+1c_4 zc(Q<2&0ORYc1F+R;n@JRSUEru{2!oy&n90nAdCYerng&|0lP3WjW__bTL)(`#J~pQ zOYnSJl65Zwu{ros!W`U`FrxfnybfYx z;!B_Fzix%5c%4j!2on6~bYU_Tf%6$A>%bu+3FJ+wCJ-z`RoFCtI;S+wNA%17zz-l} zuYj-v`c;rRCEcj`;u>{_g)zk#vnaqMzi@3n<>6fLf7e$<*a zKq_S8o3hR#RhD}ldc}AW?YmmIq}SVbSq0bEH;riCU_5Tak9!Z@*3O{@yABmjzZaE- zRrlFoX_;EsCu!k#HRhH3R~{PMG6I`bZQpwgrcos*zL?}RBf2^=-Vsff$T01BXV%+Y z4R=bpE;jeK5?(k~l{mPX=XA^Z$I|}8oQB?*x=25VG2i>@7v({5`r)J;lGnf>2}epTr_)!S@zo+>oXt z{@+$FHxkV*zTlSEH>XU$GW_|pKN75`O1$$y47lPaR1Lj%x)`)aoV{n3*@a7XoW?7w ze|a@%-nfkA$oNexK}@QlW6!97*bHRI6MWm;@|MYdl3srl?VNi7xg9iBV`OcjpJ|Z4 z@<2&dQ%K_Yx!oeu=iSho8Ll~NWb={(`j+&OXRfC!#qtNMr9+dVd@xFntpGI^e+8rX zW{ohPu<-<=%F}RwVUBgtrt>b`$3_WMiyhvnXVDIua3o9De|+wg;sJEZn-ALW3jl%T zn#|A>?#JrE%A6dz=$9rjGgI%@t76w%HNW|4Rv46yn;Bv_b;agK&s+;q!SaN}pfRgO z*~r)(l&@A^Mg@B1zJhe4kSUM4lb1fx*-JX$^m@DcD2p|P#RgSDyJ>vy`1C^qs7F>F z%y_XTd2{@m#FCmN;&t}?1+mlopQUb}F!|BNm}o|UXXfGmV!_?F1-MoEu=fz~7IsOn z1sbenH6QDXwVV4uf$g>O?6Vi472BHpo(GjzXuWodJ)U%J!Ow@3T_2)spu2d6=#s%^Jyhzs{yOfRo_C?BM@KuN>z;5T&Kv9|2Y>JO`LId-5lq08LWD)8=Kh-k5VF}U zS#&>*1ay?&&J(imNf=E^v37FQB@VH&_WW7eOZB$}`Yjsukm#|Y%Wo-24Qt!oDqW@d zKExB4h*(Jf;!ng*U%D(>%CnM>W7ZEC4EEXxCKr0y+LX9N9`o{UwR!m2+7_c@c6Z$W zsK!P9+Zq?S{xHh1E2y*um226(A#Bl{tMAdXiPZ~xxsFBL0UvVO5iEK$OJa42*V^=w zd$XemBDcjMJNf*%Mrh1!iT@Pyr*+*`$m(;X_P>0u+h6D=(zm1j0#Dpoe&MqHx2okC zTGw&pSxkJTgkr+LuZlgO(!_-oP>}&Tt9nU!?+CJvVz^^d z+RPQHCHC6`V$1Ju%v`y|q}XVJ<&=@5EyqnUH9YJG8N+)c2$t5UhO7BErpU2iCVQ=$4lXo9uzFf;5VVGXmxe<$rYjz{hE&pV6J91G)JRj% zcAy1%4hddMpGW&#bfazc+jb?vdB&At8*gMzC*2*WX}HtgrL8NP&W<1YRd3qTgl}=p zqDb}a$qLe*QkLu>?USLFLinfa43*6=R5AWFD>Xzf6?QBHUGR4mW(QB;_UGZyOlfi5 zV4K&X`#!4yu1#5mm#1wA?bpL#mG+se8%X7`Wkiv?F(Niw_Ci7GVW}V`uG;a4(DW3# z-6hDS{xr0j+&gb2`w9K`Wi%hZZAIgKXB1h_U%$JfZAzOi2aZ~IDvsf=6(pT#E_BF% z#BA1{7G(Jvb$uWNkx%+iAL!3^jF??}vwm3DlVonh46u6YfRmu3Z+wT|{Jc^jwsssQ zL(8$_)LKp8Svw3VXfvvgJf3`>!@pV;^d*h0zJIp&{Wfw@>M9{3J5-h=4*<)Y-9NzA z^cga{OVK&p_8`)@gCWFn+NpYk1ARK*3c}scbP6r)DD`$LL%@JaaJKSYj$rs`m2;k6 z!PxTQpp}9Xmx$XLk7!e)cW`qrxK$pzi$CF3c zLQSFTfiJ?eRunqw3{oneov{sYb5uF(7szyQQ;=r9;?x4qYe5v(iz}JP1J-Ocd&85` zzC)=X!}0mc=zQbW)nMuQ;7$tCiZjO*q;tNm=S!mkA7IVv!PKUq_zx{CxpCN?F+uO_ zy#H)hmq|EggH|4cs?6@j3ex3ypi1Ug{eR7|!pD8srb4InV+H=~QfI zbD%_lh5Y9vuwu~GU3l!5egUv2MV&L>amQt&SKGHz_tRlvi0>v{8o zzrlL`;9U5!G`9|2Zk6#UZ|7#+gc(nNv41$wbCd7!79;|lR2wmT4%1rnd;N(qoOy@Z zQ-*B1Z$9!i5t7oTbNw(B?c2W>k_D&9GEKVhJeW?|Q-N#qLx`TScxe+>wwNLT1uxS? zPYK<#IL%n{lbFlkRgWz|`8FP~!e#{Qh*^0Sg2X?k1JO9kyr81*PiUy($pb*~}Y7l!TQt&}6*xowIjx6uJ4jw_Wm<^U>$SlAMu?G%^8Lv>^%Z@-gDq})$ z@Z)(E%Flx-#RBgh)+^+4yo}R0adZNT|G0%B?e_$&oDIEF1tfgtun*bNDTs20>r2>`YN#35Jg~fa&c723r`*su5Ckg zTo4sNRp$2ru_yh8V7bJL6=A@1Do}QrU;CUMKwedyT(#0w!g#jMX)#!os(`AljCv*1 zE1~8IHBYFelUh%x^@OUSqUH%TPpEl9%@eWs|D->$^fSFP`847FV92s%)TGDCWZ>X& zsUuE}v3ItMxB^7TC@v$&B!b>UgwAVEGwy zp~*c8_9=($bajXd0smySxmNpY6Ap~A9!98NU#j7GEr zO?GfH_g0^1MOzyax5ouA3GF7^98t~AZ9eS_8na{@?mn~|@T^w$J@|x$u)8x4(sH*) zTTF-QW+AEm6Cpido5_d(58seY7)b=>L@-Y`(1j=4mdwI8gQpt<=ZYf1hu;PPqXFxX z7FVpf4BE%$_W0`~Oyg$qaC1*^H$xd(P*%mwN^3`WnP^#|&z78@e|3|r5ls=sPaJ7V zy7aJD;Lo)+6=yal|0=DM)@a_u7x*n<7)ja+q2r_fhkRr= zGirm`g&Q-^k|*O&Awpeo3R2sEjsl~Ug`R>IPF$IFer|1V=5V`uMlLqIdS3U)fRh1% zlR`9B-KY;3!-x);L#{WZuJVtgpC5WB{td^(rcLA3oR>8DJ&7w9%@~{MAkqv(YPKmz z2|72V*HCgZbzw!rjHb0xP7bquZ!^2|N(?_@LF^wSLmwa|T8x(dl)9Jx7jKsxe*Rd@ zI7WdXX`NTubOTp;KNDO*I*BIeVEiFSX^zBs`*r2Ju@OikIhWaa#rIF*NcH9jA;JPX zKF!dA@hIn5^M$6hwtlXU1AjoDQ6h{wt`uQEUq*}di5G+iaS0-9XMxcf#;@i+FW%6~ ziIV}%B_rnconJ_`UNy$|u*#OD%YTCC)RaOZm6m(@&hHfsj71V{1!-g8!kwL8O3=}Q zGzL==BE2_<*u$3lGb3#MoNkw;#y1-im9pPEufSw0As+l&Fh&uP#X%?JJ!n!1#e736 zd;9eO*A6^7bzT*uf!Vr{w^O2%QrF8$+M6l?M-0J|CW;px;$_DAcJ z#0T=|z$UwUg{Bc!D-%z6!|N`p@pccn4_m719xv@lRO-<5oR8l2ewyP?JwuOjeh{}} z`K%f3iH%Xu3D1c(_R28BWhSe<>Hu&nNOp)FQmy?H$~Q;1OqZ{LBqFu6 z+8>rwE>c~UK%4?T(5J{d(f3h_ZAFXrTwHN(?(;wRG!`6(Sx5Bw%ut~ sKz0`NLfI5BEo}53;qUh1slPw1I;X~o8YgNRP}6{#2L5vzAS<5!3sUn3GXMYp literal 0 HcmV?d00001 diff --git a/content/v2/csm_hexagon.png b/content/v2/csm_hexagon.png new file mode 100644 index 0000000000000000000000000000000000000000..0c11d1ca02d93b20ff8d78eef1545b6112ebf9b3 GIT binary patch literal 69982 zcmeFZhg*|L_dXt!B1o~&6a%QMAgG{-^d>5ZN)=F~F46=k20{%%5K)n0p?B#mNS6{2 zEGR8NfY7TX^oU6aB$VF-cK6-){e1s~pVzhS<>TW#Gjq<|=RRld!wY>~EiR6u91sYE z>xTAKLkMK=EaSg@tl-J*%-)~ie@8s8-Ssqbv-kA2d29#Kc;NP@o#>56HV$@%b~X=u zJ$~3JLzoUiZd}#4<1@54ij2N9gC^41K0lpoc@?zpI z#QA}1AMDw{^=r&0zq^IbTBPOTWG-v!QRf3qyh|!+n+5YnL)zz;9qii!`bnFrR<>Z` z|NpQ5=MEH**9mEQJi>*P*L^!Lq$^AY-23ITKnkAbm@i`Z0t6DVA0HmvBBdsE`w2SC zcn{-IdSH|J%%YHL)O9A+mI5ZmqXTa8#Qkjpg_WsWo{T?3HbQ*$4AOjyc^Ccf-QIap zz=N;3h`?74-9{?zJm?NyCx1ALP7T!f>%nvwsZVw_0ap<9*B}l1@G3UzzB2XKcHc(u=rz9kqh-PAhAKvl9<`4)0(vJ5GAIbCV!hN(WTvo^O$ zI*&Lh33i$Z3JJROjMOmk*|zC(VXi+3MZLYf8ge-+?xLl7oYN!Ics^1ts|LdCn46QR z51CD4liA7w0@()+Y1Z+0sr{-&au>)6&Mg6ijA^@V%bK8NM*&3Nxs)7#cpY(A>EJUm zQ$r81Qx_9N`=PWIFDpqnZ6Ob1-V{JWeSW zJFzTg(wvPnkx~=6AcM25e+(Z7Z>w2oAcnq328?f63-*!%#2^rLb+FwDlL3`yj_o1z zIiQRN>D63G-cf0VG?+8{?E5WGN=~7c3hQQ*Z4kr4jLBb8jHfb-To%Nr!a6Px$5qWs zG4;YsqXtM?Z76nHur0?Og&mXo4F!(J*djkRlKGAqG7rI7NO=f6g>yD?Pi?Rtr|sbC zQw>BkQE+$MFVJ@5W|ZM-Ujwd($-QqiLGDDl650Z4@9U~_Y;#WN_T(3;^0>zCjyyk^ zOigS)?rw>|A5B_a3#U8J%eXyI7og;pm~}bvyd`CoQ5`rp=XT%z#qdgLtDi7v#BKjS zv8pAir0Z;+xrOB&tQ0{SmXz}$so^#8?9PNCSGn*t((zKHnn;}i3k83bKACi-QP|KU z{iqBzL>Dg&OZ}C?y5lcFE5S871AVqz@hfK?#_Jal*v3t37X-e8d-i>qcf^D6QZ)pZ z9T5WA1CEcNP^bUx$pasgFIlmsfxT z6zc|YPP~dL&LFKOcpYyMc9^pDhPMk!$(GFX_NrL7lyKt!(+CjTyX*aO@r6$<*gh4n zqGOXB#-5it-P;8mK!xW1KR%wg^HY96s1jB>|+JLM=jBA{h=27gG!OGX!B z0unG@cbb=52eBv4F^$fpVqHzn%~m`a#ipM*_J`beJ;*MQkV1f!Efnem zv$}4kVfRv#4rw82-=y;h>o0cQ%n@v^Y^VjSL=^`7Y~$q{Ah?X z9Hh(qv$|)j3@c0hu8I7Xqf+W*B|&R1KiZXo>bxw}YdfolNxFihnFNBk&J4C=UZ5S8 zqu)BV0E5PSsC&G6_WKoe?~1n#WrZhETb?Wwl?@Q@8OQUBK)XfSy6v~}WW-;Hl)oV3 z787({!XKwyB}m8O^jEoe>^30+JksVbBU2vW2fhL98%3-cYpiX zV3fE*OnnPMabAWv4)0nV@IG7a9Mi`Dp&is>z>wkk#L7O~!QC0ZXZaTdoxC}-SS;8D zUCNToYtdg-6=bC-t9k5>o&DK2?L|Juob6M#m&;KmL;y++VTY@bKQCv^LBh`IvF*6| zzL52cMgy{#b;hCKz&nW~T~{x;wK+F*o0vMf?4N(wMq6Y;?BI_7Ry>wA6&<%$rUOJ7 zYeWpVjCp-Lg)8M_xG>pke{Rc#*xSv4P9K#{S%1eMl!rSj>V3LC@$Nut1 zaUY;Ccr0~IAR zw08E{ZZEH@1mpdRkJjsQ>(7vL-5wY-F|4c3AMAUc6WU({Z`&cUi&rBYofB-mCbH)P<#u?(5YRs~;Sx)Q(bj}CoWdP}= zPEm~?)4)V)<^JV|dNdggZKCa8pMMkL8+B&!KY%k7GNG;>^_JFS3itZbmj>{>x~yQw zSfV$Ylm%ExmLL*69gQgu39{5<1V#oVX&`tCceg3=$p5+^IpJ`Z&~-cF(I5P_NZQfA z&?w0MDJ-QGrAqn-6BpG2US2zuE*A>#HXZG8s&%NQTk1@jhkfVzu>1Y=gG~VjyWvC? z7E|Un<`oa#7YnBK@b%Uy4h2ZX@CZjq$8znsL9b-I9?woZH&3e(epi0D>#g?Y9LM~H zcW9nx8Y-BAJ&Y3*^s#x@|LX9sZl6pSOQB&+;kV0G<}b|h2=685?m|YI_1NKn0ftNU zSutE{QQ0#Yd^z_e4U0RMEZlPUawrUXqWbk;2Iyn{SJZxupW&S7BNvk1F0y{Ch&Y6`l$vEJnrxsDkP-e18uS)LdPDo_? zoUZyE><@_GT}PYD8F2;KLp9@=;UF+;p82zcFSRxfuEy0ev>VWctXcmnWaRZ_#F z&+vew`)1dIfiYP%R8U)F(JX4|?us5r##5hyGx9Guc?GsJlamoMT6)t^qvT@X^$hYe z$IXbxyU~p?OV6vhDFE=|X;{8qDsT(NqO+uusVpMGGO4!M%S69%vYVQAngSD4w&!jY zA89`cYb$Nd!SIh*i#OZ{20DRao+73N`DpD{W4TEcZ;n2 z*VdDoYmyuo$MYY?Woy7b>nKXemCX7V;bNfEQK5GKU>>1Y4rw*`c&eL74uGe~(?eK$YvQm(=9=lU~?ISjyKIR10~b{KF{{7x_{brMZKxmio7 z7)}?~MAFg$FcNKc-xG)azmVkhh5w3Wz@(qDC+l&%+(B(S(E&01Y-#P%fv(pUz@~$J z2k#^O4)oCP8Z$6ly^!tyaI4ZhX3vTP|Ht#v`*!G^!(TC%G0jXbCox8}^8g6K8l@%J z#>#Lg#~Al9hd<|KOr;%MfWsfar8Sf}n;nZ2k`6sQ&WK-Na~@obU$_HbO58acFc#Ri zoF_q%hC7bFJh;>lr^w*@yXJ|Gu|}ykH2JJ16egpQ^bdpe3)0~ndlV%Mt^TIi9xn5G ze}jk<7hb{!$K+m!D4D@0$Xw=P_Ppb~<8)v%`vE<cIO=BUH}L+f|my`8}zo>D1FgH%Haf8;kt+-7XMwKS1EWc>t45B)dl zeF3khwQHzro$&Ok8f18q-xwh4jKIZMl^+W!`OLere_#Z-oYTMQ)9wKhMOiP?+C^ki zXBLyZ(QdSAku1zHX3swoTgPPIocp##mVJlb%K*iI&%PyR7I&@r7t*P#YneF;0A}t% z$z?l^j@n)L9U%}fK#1GP-RgI<&yddyk_2byJ6=zr3ja%(0!Y${3ZrlS}>+u)uNd_QW_< z@4ySl%XxsU!Lp+p7*W-?c|Dvft*7QKLMl6z><}D1)>5#CfgO+kFHZu_eL#wmU9vd;yim;|7wu+e%mnrX zM1p_wq`l0Z=?xWc0Rb>V)&|prfwu!wCkl1agL$HkU>>h_)Q!n)4)gRdR^O%0fVayL z_Tf!I01IURn*lE$J=X3eQAcZsG14sG@hY40?O$gYj+B0*BD`TfRu`*MH%c`WYmQd^ zv^(3)koEU}XOR+iAV1wfk>~@A9FjQiNJ8IH^-*rVdzo>T^7N$Bgm-w|M^%`LxC1z$ z+NVJ<%4?C1eFP{d<9vciOtBMOQ)@st(6u9uUv3`&Ap3+@A6e^%?aLGn*_ybZ4$3~@ zxc3VG6SH=FFDWG~vOEuL;hFys@JVy9TOb}VcFRv16S~6&By3Ejca5;g+r`&wE7(>g zwo8D)sINr+T_M;3um_lz<~C>VgG~Sa=X6Hc0;5gzFhC^ilP@K~*=6V-tA6fHYj~)U zt8%OJZR=PXaM!(HKA#*JDeHfGU)Pmd#bFmly078}5)ipvuQIz3PiVGoXeTI2*m%z@ zg57Yu{l6rAk7AI?K7hvFw%B^{caq6ihB=v_(PJp?a%H(w023o}y3%w9mB1bawLkk` zt^}Uy-vZ@;kaS_wze5(V%{>kVqhlOS8c1!Smy}kawgv!e^#Ou_E!uHblO6l0Cx+Ct z4)*;Wu^z*LY15DXZy^9ITiX^C|5TOjm0NNijZqr700r8+Z&tndQtYFz8_gSJLC*MQ zjmNuNq#Ym)((j>vGOyiN&Hr!cVuGq4`j^Xb;FG+e_B#_5_>aqt@wSe!frtdwb%U{0 z{|;PWVi6xsn2P&@t+!zNUYr5S5nxc6&;RC1U{8V5Jpc!17#9AAqch4;#w-BJKrr}^)7fGHAAWLn7St(1{D8-Y0AFed+j&o4 zBEC+Q)bh$ffsVHzCT%UT0mKCc#pf+roE-dfQO`BI~Q;eg*_G#u{3>|n~wB3Ib zC4kK7l_52>Hsj8*X+{Z%>ZarfUsU?`eh+Y{?Ego`5B#}*KOXzpdY3E}wwUv@4gw$T zYTZFS%|SY&}AqKiq(x?=N?5V=$fhSCjjGK zxV}OATE)|>O!Xa|b12z>7AL&}BT>opas^&y>g%@xi`%Z(0FZSQu%v)00#711_#vQB z1~#FC!7KsRS@O2>b(RCNQMM}92!oxlN`iM)zSXr-1H>>~C$Cb{-~X4sV3bW*l}$w( zDm_q~bCKg$@%z7Wis^4Zc8X+9jM#j1x8}qsq1a-Dkse4q941mvG9$eWbG=P=?j2Gi zN0pE|IQJ+%%z-|R_+9JJ`G-(zc{9tZsjB?=A*IFIn)jn*M#bM!$Bu|$20UwrNTgr* z`%E#a{rDHR=@%6+8~x5o?K#A88=kP6wIIS)Td@TNMLxW;{zmlsnfMlc;S`_wMXBO{yj=uVVpXoyy zUrd%Or`DNE)$6um496MUkrur6d!#p(eI}-v7F&%O*rF8mFvuGyRB_DvubtTg_F#$~ zkHTzRn7-GE8XW>hRc4r4q>oC0Ev3hC5IR&HD4yT{ z@FrgOhOwG&W}e>W`fDTm*;%m!WvJ!9t17@~fgrAy6(*}NO1Fxjs@J*USn_zf_sxNz zw}E?^0GE}F&wquE@ovlPLDAZXDKhteJ6!brnB2f-0@!GwnDUwAg#$HA4bF@hH6Q$M z3gH%-GFb60S~6=JujVa=Vip0TiN&{6*bcqn?X4_K{hE%F;9#K$a_?Gm1DgwX(r?{D;D==0Vk`#03IRUZ3nK#EPFPj@ zb@#osPvGjOAKeWep`IzXO4gSyyz{V{ z%C5#RYixSr{dz}nu$}T_?i*?#4GTaFBBOZu5d&awozB~5OP4&qm4G3S0^WY=hw3RjM}^Xul5^XaHiHiq)xTQhxp@nfMqSn> ziIGvU(@|PV3+IdI-yaV8n~&RO?3P3KGXl}y6yMaXQunl5AGV<_!pI0y(=R3|ckHTI zolGDXGnxE*RMxw0#(+n~NZtyGyG0aYnzt2U=ZO_k@LDNTUl_x@Pk7sYJLNE%C)J-8 zahT6d`6I<#(fg&T8Y0#kYpjqFjS{8^lG&n|c1#gnX+37kkz2l7HP4r-iJ`T(NSGc< z#gF23rg8DFLG4u031_M_Sjl{Yg>-Jc9Nr=~?^@D2=p~cR&(SiYgU@t7HRlJdtS96h zA7$xY9()@tJ!AlLs)qN-MLr-k7Sqh~z8>GHS1=NfG)E92vQ+*K!yJyNWOPjSqhzy6 z!A90SepQaVCg~RYmK|N%rvqjYzH0G_i1{ zwi(y!UtahwFnfL}>ECi&nv!^TeeMDkp_@kdUE`Etxc!jZ$H*F$J<`yRUGTzA4a({D zd)kVgs|ZKwgb3=cn#vWn3F732hiBUQ zVROD@RWCvFpOwizp^pxB-I%?XT~c>HNhcR?YAx2o+(@nGQ;uE1@&KRvgN0=NOJCen zp18uEBw=T@k(tq(az$4@DvdU`t_tbl>*QN5U?*s5VUmbj^YOS0m!UI}hB`!7=1X+- zOG~;XzDt?f$1R-Kd#yV2)@yjxMG!NZ{zmVIWQ!^3=!&i(@vIj88?W~ZH+HdJ`*rsV zk{zI6*P{EFK)?W0*$;ur9PRn4CS1k@?cVFsFUe^(sj}x@`qb&ZM-3l){;g3M#k zCHO{eb>Cx$*uETYH*Ux-b=tkQgSTN7%avZPaKFHEv0D{iX4|Sg^0tE_GmJ)+PDMIP zC5d2;dki)m_vqM9=sQ-GeHiPt@7}TZk?w_*^vdfm{63{f{)p79Y`ULenLSZ_1%{<; z8n^KVU--Ry_n3YA0Xw7w-28Lm(V#r2oA)heuDhV_eK9|3`q%ObY;|%Pa3t&FPXs9@ z9*5u~xgpMS3Oe#g0Ml2)VBMXoShoO|R2uEo%M1e^Oi0J|z0~jd;jekfFe`!y`y8q@ zGj_$t_GfUI9~K<9R6^siPXgi|Y!7(|RpxDS$%TL1mnlkc;)cxSOdP5#8jXo>QK)sc zdz$JJS`_!&!LT&7_C@-9u>6>}tQ;%vmCV%NV-hpVU&$(k<$K--Jd&8b0QjLQ4f{mu zLkRaBk#-7F-0~#$YFGfpO~jrcf6WzL^?3v_%?TTAhr@;|L#_5H4T}vKk~WC~+>hvM zBiHDaeYOOVNEnvIF~eP0Ht)=alec^)IEtyJLp8YDPb!vH=c6xnXiMRog$d_t^R_MI z^eWy8XD8oZ*wXl=(4orS_!=Z!^HJy4Wmf5y3q%dVsxtpZV5NQYQ+A>C5_Ui<-tScN zf!-nWQ;v1&j4J7@0j8c-5jO&_oJ&^TLS78N`IX`gW${Y+*0@gj{M1V{vsbG4&3NAA zNaSIXd^XxsJK1oB=<*}&(ONP|J~-V~qNs79pbY8e>-x}zX;h`8L08dTPi~)t!OWM} z6OAh#CRejGChfnaxu~1!Q{^l4ysIxWH#)2E2bgOj70r&ET2`O2R<)ScxRsGSDw#a& zi&qmqk(~P}#M{z2kYrW6^aQSWwb)!;JFOXnQqHhT^cwl+m5~NHsH%Dvf9?Dcc z?i3#!6P4u?X4+I|xQ41|vvk(ReXq;QxX)xP=WO=6K~-_df*^D?!OrR#_oy+FCe<8q z5McJi8}~6GR#-`?s3M>LN|a>=Mwz9;7G=E!zQEP&>0g91>Dul<*0dDW5WgkvRSSA> z6}^R*lZl?KBh>!QGhd3s)*rst#g2HZVeYl3(ri*j~3;7{toD` zsbcPkqq-<{5v}x|X`th_r_zl-gzhyz3a*8vFFyh$*ovE|(Z>BsYn9A-1l2u)T@ULUawGQ8@nyKlfzIuy0G1JsBR^vj?tH zau*!z`hs=S_?b6dbGFDaJBjJ`o+m-v57gopwpWb5p+4WJ*U9%3y$cjF@5*wY?x6r) zZczHu+zPi{O3Z_X3s7nm&+1OrnBO)1U=knrC$=Hc5@|!&=zp`VOT0n6O%VRIx$ldX zhGtmUHFg4r7ezV#c1gD3ufgA|3Ac*s3LyQ)Yf2m~l*E-~?nwX1u|mlz+1aj-8JPrI zm3*~ItLlk`j19D!`o?v(IE9%2?k}Z?AYinkvc-mCe_bv=tgeh-se$pkIbi>5g7&E>V=-- z39g5F7i7gbr4p3Bj)}V4c9H{1n4c60=O##sE-17{kb9Ql=skWO+EI^JgLFoX@hPG6 zq4NE=`Bg?L)QUbUxTe14%0hh|GDYE8<3a}Qc$11XOtE3EM&=*f%7x1`@%XrM4<;nSi;3+ z(yaXGw=}Q28cS41!pQMP@-rl>aAv7x$|UNh<@?EOdWWJZ!y z%4FYm$8DJjZZtiGO4&yf3Xu-=oZGB3F>)Lt$>yO{< zCk)A&%14o&h0_DOGoDPxBrRCW#T4z;KFxv^Cw1~Ezi0j^e}^M0OxN-if~&&ceC~9p z>#>2rrFczRYLsfe;7cJ5IV;PTU5e>t%O+5?$(+O0;}$lfu(S8i`#AnFEOn#}RK24+ zK`DX577GIN^d9pXsKFm`!M}Xin&-Nz%;-&-1HQ8#RX#qdkKP(Venb~QiQcLO=B@b> zJdmvlA+!9Vdp4RGnI3Xnr+rw49_G6!wf>;2R)&ftwkW_|e)fL7%IxVI_|r4%?WmXf zQ5|dqcZ40*%x}J%=-ov0UD%yKq&3R&6bp=!h}#fx1#F1zQe>IKrLf?2pX{GNv4YmS z6Lm$2G#%=xw7m4B!BDWh%Tn@IhFZAO0d;Cqv5o`>FHWw4mp$T561}3-A*In z1!s>()w&v7nI>e`vciRO$Njd@Zdzb8)LITzJXf_$0eAO*s2v z2Ir$MMLcw@|J{38Tw-j;3!6rSh5zL6Hbj5)#lOneQ46(6Z;u$pY99)bm;w_$%@Gizn{xhL6*76w>+YRtCKnGj zJXSzeuea8bN=;RG+iD{7k(hD)*s*x{ydIJq!_)C{q*wdVDZ8DBU!B-|w@SHiKj2Qu z?hQjev1N5#nZK@{@rR3(V=sWj3&Vs2Jc z|HRk_CdX>&ABBF7H6FTV+K5n~wmXTXn@(m2*c=MJQtOcPRM*$E&=&d2BWQh2TTy4^ zbvCFqt|pXF0Tf*Y@}${I&AxDRIoroSMqzdIk)KteE8Idwc8f=Y)|Mg;oUIIbxguL8 z)p%q%!J?)`dHFEq{u5U}rxU?6tnJ69%nqR#G_{Ozo*4JHA28-o=Eb;f?krlnm!c8^ zKS)BmSy&m%yZ(V_oP#u%#*V;ct>i_SdQC0QSQpg$UUPkzgUjd-%KE*1md(?c?W)t0 z=NDtSvghbp=sA!jj!^w?2+0dIm%6AFods}L-xT22J#eXH`+LD9pOvVv*};wvbvGAN z3(Zb+-Xo}bYLDJk>`tkfRllgLX1LzSC-L>sPbNEqFA7tOF-P?VglVE<25uH9hb5m* zVuWfN7Whrh4>^bOKfm79ad9c9F#8iMur|=`j`sMc4Nt(?eVTpU1l!ZdHIeXh0^75E z!_J+@-3PPN?>}7j&DS5P4+{MFlWLt`766IJwH(k<`VL>FT3udssQTTx_2n)uJyxH0 z27lc+qDdrNv=YsppUjFtzhX$p!7OroZ zK%@iTDKpK=U>b%|=TwAmY!Ysim0wLzQkqqNe3d;>!iyLo{ifJ}Nu?9InFnhOSMi^C zP&BhtnfiwnPvWD7OU?TfDEj68!i~+;X?7Ce?&Kvs@3%kh7=wez)tFXr_x zIEERjw1gusT}|`df2MMOF)=i2H2I9ND{{e9ac$2Y_KX7u?8NS5FGp~^iNRkR?;Ye{ zAmx9#n<3t+TiaZtI~8eU8cN0Hy`7>c_MfZ2*hA$MtH!N6O#EaSPD2rIVv;m!CRV~f zs38tY0#Dah1O;E%QX;s|ygAc8FQeC-VXdt$7`T0B%F-x5Wa>^TkElW~{pcy?yk7Ld z%~_EH0 zg%AJ|gXIruDP`W5jy0|y|1oL)#Qc<&!gv?9`jPyFuqPQSIx#OAN!`Butm=K{_m*gN zC<&3N=0LJ+3E~d!H(p2Sn?wyRBKV`80gh6^t=DKUa69#~$CWJHbYTxym?qb(nyEal z*5nYyo_lI@{SJ~*jgkdg$P<;K?=r?UWz{x!1ihuTj=b=$*I$6h@K{n+lUOn^YB?~o zu6)bPxX2Glg=54VCd90I+0}DirqBK77bu(S#=dUZqgN<8IJ&Ik?RjV?MO9+S4E$mC z%j)tz8O#z@J2hl7@$0C%;ar`Aap;mBPoNYcywn9$X8A&Z#u)?D(z4rHU6ce6Ph~yA zf|wv>8f?gG>tC&u8VtUCzofy zU*!=_zk4kcTI$mH;H=QT*&UU@Zmy6d5b4yM=}KJp@K=zw3)o?r8yx6e65a|5zs;hZ4tmZ zzc!YaNsb;q{=R+->ZN!Nomi5hi*oC|@jEYaVJFgj^N?}y66`fC2LN?a5?pJpCTutR z0OfMr1{n5HnnK;Hyz7U&yIO?U*hFhC!Ea?0B^RPfu5pch)jJvV z@nM5K?P!;GY5>jBASQ%{Rk?qH9FdVi9wmdr8+i$63=>M^LLb9Rw&MpG*}_G}4U&z4 zN&bo*uESB!T)UAn)aL#CjXXE^r)=KV_noyUQ|WXWRcJhN`ud`=7 z$p8t{jgIWe3gOOpX*N_ek$cc3F&FAEkVoDada-=_UVfdfYl-K>+GgW-7q=gZ$D1DR zTu{;Fp=1gHO-9tkgp6Rj9R1ZXEu`YUS#3XQqQSb}uc#q~l6AGafGPoHsBR|aSRaCz zTt2R5tKvg2Jw!VCSB|z)rsi-}G+J1(MrmGKEVPs2-SJ8`OKb3&<)Caw=Q+K-#S!+A zre&v)m#f^12)!L|^GM}OFP4sR#QD)^P8UCCHm*xY$}oGP-n5SS-@6CaSOI7wj1pgn z3orl?<-G4UxHewX(p)_K-X7c{q8Bl}q?C6TsYHac&PGJv{Jm5A2h^;SLFWH9qz+T5}=&u+u78h4tog(h>%J>c{GE64}V*)O)W}%jJ`C)7FZY(zua# zkhR~+d{=WNlO?ma(Ve8)*x(`ci-c5y17%7me(x?AEWwc*}YBs_XOg z&W=;t8`(Go$U(=@=<|jAp5J=nP@e?twC-tK%0F%~sjTy&rhvsV(xxJjI|E>ejKp&P z;m-SdHfM)Ri zCFv}uE}Z5&2UT|t^^7qo{5k4UfJ!CreCi+D!M3SJs_`Ay$&yl*DA5>s#T@6 zhCL|D6LrQ_=vWGUT#Yk$6mw&@E*IZq_k z-}r8%pM26-nqJfg-STQ;-ANi9o?D59jV1DS^7Zib18vv#wSlyT=P@iyP!ARuDB@!W z{Wq^*=^z79557JN^#8vxm2WpEQgD|Sy#T(Z71yJG{#dHL@pV}t8cGXo7z%0Uy;GSa zEc?Nd|FoXv^ZL(=+*;vjVKML+FNmrKCpRrbc7nL z>ko9L2=9Tk&byZnbWQSg#)USSBk;1@Y}ZcJ-(=hBQ!aH9LEs$)S;kkmp&LImt1thN zCHc;cwgtu49*IliUCiN!eCLmFH?&6K1^kwBoW(4Z<}2T!CAF`jFQgL;Me0*;K0zNO zE6>-J~Ue@)u- zNThwju0Vh2oN3L4E>7B39sS#pQ#@ft+NSO((`#X=MoNV2=9<}Od;}@TVAdz)$Mf&G zvihE04JBRE_|QvO=>7e$)tS$pFEDfYOC1z%mMZx>BCJZ%Wt{qZbik!o%TL~Kk|mkSMIN`-0ppc%j{CN)b{4>tSkp>oabFL^hBSk?zlX@(9kfI z>=g=&sgetUlUq{%C?OrcG=E@Dj`VEM{u`HR`2qGE^?X%WTKB`DC1ZV4={(*)`OGN+ z9$lo=hF|M;NY&y;!Fu_`Q@xrZ*#vW<^N*1;mJ4~Kk4L}%I+o4yWwjh?C~tN6DMRkb z1T8-Dw`NOaR$?Czd!C$Q8Vw~sMoii^R(rEDnP^xL&hVOsI^ryv0_wL`4e#9RX=i6; z_5^y*jQ&ybpRRHAm`p-jY?h?7xcsGg>5pdP;laK&2fZW`tPYtRUMos+#F@+OmEXth z5xzorv@46)qiA+AegR&qYe!YpFtiC#g=L*d4-cm33Db6rgYT*<*P3QQ?M zkw3ene$87ISIMDcKcGHiAI^oiF)vw1$vF>&K1MIgyGqa2q^h`IH2k4DaWXQ=edl(m zykPJuk0S3*w~TyAqTHsT2sOh@JyTp-jkaMa1XMw7G4=GaP5dy=Z{7nzCfEFh03x{AcOr%qJ*1U}jF~l=dk^>8Zeq+eN^#6>#%Zbe0MF zV@KD{P(i_2feOln_5usKZdCV&p`BX%=SI$~-XZ-Fb<3GIrc^T8xh2_X@b%?_RedBa zQaX>mn#*>?I-8+CwgV`neSJs#1FrLjWIchB3nF^2vCElonyXm$W&4PkvirS3afFSYh7e&txwH*s+Yq(?*P+YrK^#%1e0 zww!{g$srk2_TNxT3)*MF8>xGp5%FD<&Ry4K#1{}rO|g@_`| z+3W3J3SbVFv<#G87nf~;IOjAMW%?K=Su6(F>pBi$ldgA;~CB+3MY|c^1X$} zQncjLIvlI@Mp}}V)p{3TWqJM^0eEmr_?gk1q+EDYJq#)DO=?GjnudfwprJ~2M<9?2 z;h65)vbB|0Dh9REa)=G9lNPh*b4K0mU+>*A-&GYZXNdXKXO~eYra`Y4vu7{3^>22! zl-cP#yp^T^f#l_x`>=KS)DC9DPFMZJ#Dn%8`YSsb8`MWRpA9a_o9bF2`A;pH02c(^ zr=p|1{AKt`wLu{DO8xo+NTnZu7BnDn27ea~EqJ^RDr<>_>g#B~^9gImU9>ME%?X{aN1;~ss#5Su5H`s!RGMX%AL*@Zo% z)`5{hJpa5+FO=)pUJ2L4zm%#j7ld@}Q5GxI}4m2?~Fsq52`$jfP|%66*(ORW4)gCeumerk`IugyMR z|D7zFhpB(Y!W6{0{%u2-)Vo)1plmho&ivZQ)IE44Dp(QpK1M@1eiFI1h5`a+&+&sK zFN?N_CE+)e*xEyzMp8PBj!=jIvdJ{$EJpax=K*2*Z6atx}5cE_pw7|EM z6v{}ljDOs_F_Efj)0sME>)lhCsf$!h)ClA6yieCV%d8)=LTh(69!W#(4ZX9)4bhH^ zS{3=wWL`%AS!?K>-+?RBJRNZ*4V|oB5cS`iOE~+4N@|DHu!E%}I9ZJg5{$qCYPygg z-pd1Fcy!b8VK*S&G+ZXBSsh!_OY?jbm*6vV7R>aJHUjTVOmb*YbkG@1ySX{XpskS) z`~!bp0#H3yN4G{K z@p_di^Bi*^DE;~h33@93d)}?1bbP7uILK!nfEE`FC$S9lxEVN{6@pv}(-{~YsIWIg z(tuVgbbZb(H47*t6Z3o+T?dZGGdJg8kE^sm$BsN@QKrP$R4ZvoPejpgjMWQhC(=E5 zzw-g@y;yo?=-?Ll^GSSj7%_2mL4eUMHO~;zT%aCFGI1L%A71(#i*7_P`V{j{e#<%7 z^`tFNZF4b0B@}e<GDte7OSH6WFqj;X#mhIfvjW z?WsAcBs0geNeg=5&iRH6xoN$<0k^EMwCYJ8b_lHbwSTonElD%?`~cM)^)ekOHH9m@ zX;TjEaV4V5m47b1z9b^z*H$mL=DhO}AE!T({CfM+#=t3KZ2fbcLF~|ur>RjWN2);A zHsa^c(DwRj(CoE(`l;)6bJwyIp%UsQSx8KW)r;jSqT#@ywnDGsk@bCs8(xA$KhOug zdcAFIV&OW4?dX%8R+Qz%yHzKB8E54u5WsfLHy}uy<*Qr139~XKF*I!2edRU=4(B4y zCS6I>Sxb2AhPzj0jihfqWxN^ah96d!!+)gj$8y{2a64&8@7Pux!{t-pU78N1O1Iy^MtiZcCBkVvu@UJtAP2*1Q3-IdXEnjX}PXN9av!GW^!Wz{&7g?AH zbn>+$*XpKEg`~j;D#KCf4O^%LJkTI~t6yVPLadOw^Y_pQI%LY(t-Fi)jmb9NV_}i0 z)mE@{6QBoWg5J)4LoLsx4y1Tea*bBGMHkGn0WxqDaiH1=dX;u9PDk5vEbf{fEk2N& zva)ie+Esma+^KpL?SQtr6j{LEU%#6B9k~rOEU}vn=eG9UxoHPlp$L(P?|%aEAKvIk z9Z+~}ctXCP=#T+DV8y)-%ZK5(aWCUR)uk-Z)T>Ct3|%X(IEi|*HSC~!wD_3M>L)%s zwU)?&{aahFVFDdMcwpBym0M|H15}kmjYL;L$8&8KjcYIol`w9@q{|-7r{wg_*Q-_a zFqzxMDRYlYjI10~MhLGEjiH2^6FvSYyW$b&$j2wYqfHP}wL~rII(F#vtH878L%eb4 zDlMmrkt>wf2ym;w%r)FXgkjI?e%iJ+oNvPIMvl3_G~Y z`M+uVWFc*o0P78^Jmq7>F^dudP1>s*-io*MCO-`Lge~N^2ZBcWAEV~Q(*r5iESgIb z0@MyAKap&SBcAp_v*Q*rzEh4fL9+`LgiO6fE`HyMG&Mo$LQZ2QH5=o>RxMBpL3>%hF8THH1o+L3ec5hU7#(2T=UP+AbrwNxdS{+lajO6$g z_v~jv=0bt<0!m9V_I{hTAr)Ii^44`J+fz{IP5R26a+3~s z%;Jhx$LV!{p_Lxj^``Bu_l#iEtWf_UB=Q+R+Js4qOgkbuxBA(sYKuq9jgP8o0`2S8 z@e!d`&8s4+c4G>GV;fP3mi9=5R>u#R!2LhZrQY|gt9cC6!X&Hh3qIp5Yk2L0F&_%w zS)5vW9(5&mPlnEq%Kgb%TjZNp*GM z50>9`BLmmb<#8Jcs@{uptIH~N)@qh9S9&X7exBuCS1DgqoPXAwSzSyaFQJ&{W} zFPs0#*x-Al`?+Y9c`4I01zYR^0eDw8Zo4Og}i-cZ9k7HWC@emCZA@9@Fi9 zzS?rwCWH?1zP|c;TGA@Ay0wF&ShKKxyhvXh>Dzar*%w-K@z0dx(M4$Yb^Ud3kBJH! z#eMb57~YK$#gEasLHCdCp zOyP@?5ke34z`xE?UV495+vnW?uIwz~9aGV2V;{>O_DksIN(BV|XeoV(tM^}>>AOUI z%Ew`b$;e#HvyTAV)?VqXE3cJ2&~Ozy@ZW*&Tu2~4Gfbe>YV)%Pkd4#vqtl^Qj;@@7^~)FRDmu7t*u2sd3vzx32LX)F@{Z zXK21%i+1WBwAWmgY#Of&EA*-u6cW52>^?8S^)0qe@{hU?v{trkO`8?e`t2rI{Dnzx z@wNJuehW#1Mh8O8- z3*0xy+ls|{Zj`snVv`Nwpw4>(^zpgXf}g5EmaIwh1u&CioQC*A8 zP9AH0gm;pq-k1yhY<9t@REPSWZCRJ>Da5|Lx!No{y}lN?T` zd!1w&{4{Xs(waeW z%uZlW{{(&}MNETK!GTK)zuSBcC|gX_=D)Pg$1Sz?@LW4~++@xx&-;G%*w-gk&hJNE zC^~V9zdB+v;{4X08MZ803y5%6+uoALF~R5ky(dSYhfD(|?wg^_@0`(BeuEh;>hg!a znDmEq0GXWIBl>pxcYN_vST9s*R{IzThi;$%UD=T}F0;Qv$r9yh5tf~zjPzZvga=Y; zIM!$zY{dG0RwVRtwbWW&iLj#OYP#&^=KYcs`?k7kb*n?A-gVTkC3=`_LKm!NG{F0_ zdP(6&Wn|HU{jI8On#3T0e`0{=n5y2p&%~GGZ!P0e3rGBWobNv#b{XbRmtawevy4-9 zSftGjEfW=7#nA4spFPw&579ana)n!~&gJbxbi52k`H4#&=apKx-A(8>V?B=71`dhH zgJ!wrzt^+#dh2>C$%M?Njj8NSyaXRk6WIb)Cvcy*U;Rs`E~MzljMdW?7$1*VVfNXL zH$BV0K72F``&>iKTyZ~NG%sCUidk>VwmL%(=tCKwv@kLFg}-tC(WI-1%a3yZRC`yK zL|uE(gW~8kq@lLm$wbPhVMEe&k$yDsfg0(%`JRZ)?G4ReA2%>*8=W1Q8RX>)Y=vif zCGJQntCF!eDfVWX|2)!E{u~}o;k%VKP~k?#@M(vK6mHd&=Ls0H)y-kZ!go+sw~&?_ zHKBwHmp`caF5ARv#`cgJh z1lKH3{RN?L?>}$o6vu6C4NzK-GT6CW>iT^0nT?6l$@^R9^`w@aQ47en;16?GKIn4c zoTg^PlWWw?T;VhyQg=9y5Ny&CLGTNV(HTA<{L~oHtEogTxacl}YZ*HrNMwC7e66I? z?S9GE4q4nXdiVy=`b{|({2VhroVUk%k;E6a_*l;IJ<3={{HbL60^;GhkpWrmu$$F? zCoiCbX`hpQEe%`w7R4aaxnWmw_M~4)4PFI;h9Op!r2x~qlZB$os5yAt=<=^(n~&$Y zJHJlW`>@^B7>3?5m9JR-^-+#xgm9*Qp7hdtkS};N0wUlut`ZpN*)o!%UxMj&z6Vsa zZK+x%8EYzh#8(TXw1A1ixTk+^4u+36f*;8wN*kHNU>C3p2%tM!B`)qCujc*&U!(Cw`+;( z>H8!2zR1Jj7scumD<86Y|A}@rnXRlHg@K(CV-RlctL~GTC-GA)B17wQkIGTDfqpt0 zxuW9pp779{ER?BHa~3m}?|HDU7U4^|(M1+k7Dh_s^XUsU<^yM`3e<5p<>M0)xXhGV z_uf1zAke^5ZB&daJfKRuiT_j>SI-t|ClEmK&34r>UsY~e@T!}yT|ImaSuIuXkxme- zlPtktJ8Oe0RP~gWB=o$U4eQ$)JtwTB{GrQ;SH%aq{G6Cm$24mwIzllYoXr#M6HlUf zgLyeyl5o)6|BtIT4}`J{`^QI{5Gtgsc}j>#cCwU`Vk{9QYqE|l`!+__O15O*vy-uJ zW0$3}36Cu?GVP}cz)ZADvlDr2mN z`XPS&uJG-cywOqC@wtbdRanidykZX9-eT2TGKfX+BHO$j05Yb zw!zY6HCK0=4L+$aP^p2P!6L`NQXWH8>DIQYM;4S0CH?%NEke`%Y#9C=j#{CYoL-Sv*&HjWd^fh_wJVROE6H{j0> zFGF__FQsnfyj|tCA?eiZP5$4x$O>`D5Rp~HO_6ndu_^oE{LU1zm{&qu+|y=urChjL zQxQw!ftx&jyk2{cZ;I`;kJlcnkV1Pk!zaD-D=cQ?$Y)hb>XUaoz3}D}mHK(SAF(vm z536X9BiD503(|BIk#o`v?3_0z0_tvp&D^4sAjOxFUzT_>mGL8y2Yk`kaz8%icLT|W=QH&70{3_4D%VyBdiC+LO8wxZ(% z3$A~!7aBLOEONYaR-+<9dR)9Fx+&3i#l0H4I-V!u9f%bJMcv3iV%(;pOm;vWI+{zEpnW!af2%9Na z^nGRMCt8`Hpof*?z9Uu6Q(EZMI$Oe!JaOOsTfJ6G{`vAFS=UaR;3&U*3d9};n|C|j zR`f4=Vq~R5)f<8|&Eierl^bw>E}{18)2OD0vEmB`iYjTWg;arDb+^7(+j4G!R0^wyX+Y zO!l|gmvr*>*m!QhxWz)@%M%5=pz`Q(ciFZ~lIP^yLnrz5qCPT*r|B9)CkblZA#+rF zUHo5bqq%YCJQ?;9gPacxzST&FJMPERya(wHPhHL`dGi5SI6?0L7P+Z%NJxsg& z%by>=JZWz@%+41CNcYVq<$bjcad6e$Ko(ac59f&ch+_|YQH*n3TZrP8dX2+MYf12n zY#NZrS8wo9KYrYot))OijLgaqL9pXnOT8rAc2qCp8FbBced1ErJBl46QVK)3$_4V= z)H*mei1=fy?MC!b+B?lwnPRuRI~H6CAZ1MWBMGK@vGr@}QgwAmt3zNcPhT#(XN~+2 zrBJ;sjXbDC(>G&WXJ~Gd$&!jevYeeP5@Q&p*;2dmSJhx*b&6wYn` zco0)F9`Nho0^t*Ntc{EIgN^cawR>4WU}9~)U)Sj@bnI&P1zYW6y-{}kkB3ttSGt15 z9j4nKWi0c5zkPlQj+-EWBEFG(yP(`NLV%)LW_CrzK>UUtIwKTW;bmn|d+fPPgF5br z+<`%LKh_{~U<*s%%6cYv_}g5vmfLpN79Wr|^q7TM(wkZun7G_mO7x<+P6(+veC@F8 z;xQyh5)k+Ytg~&V-t&GtHzX*V)J?OAUE0Q%r?8cQJHLpMOs|V>5@6%I;LZ z+P{By&;6M?gs49#E93m+mC(;1RTJ%t1IbmVH(H~Ts}FFqD*B<%3iQa!s_53zYU=)= zoeD6W$&A>wf|TQu$cj+5UNPrDeKLKnS}qFs+|Z#0`% z85sv!b6LJK$bEaMpyy_yDd(nCQ+rl6QP;*K%{wD)La{>mXeX}5=wgBMN&I1}ytjj~ z_nln+sdDe#(RF9@chOTVfYp4lCP@1ak*}SXk@d`{th_xWz)-rwgg9Puu@cuVe6i5K zHH3B}tec=UmOSjm&Rik7E_^9-TzZKs_1u#T$|D;!ayhJNk!31|IWLuAtW118>g)}Y zP1TYQQ205G-yttS1vdeww0yL!5&k5JOz}!QD`&M%f6z9&Y_uMj2U1oP6!DvLO6O3~&xY){FF4{`rS>cW3#1 zga}%Ky!+*CBiZ7uia8S4r*Lh|pt{kDSYM}&E1*`1xjSY1GXKmGLQKh9E2GG2Q5{5g zBg$Sl@-NT+%4_t+(}a3}jkg-eTL5W;Fx?Xr?6OB)0()EKm}#Kjx@l zPSy#a=NnQ6B~tUG;{HoaznlTEzoIC5h>+7`p0F9o$X8gP&cqZ- z!c0%!=?F2A`ch#8hE#HgbtqG#oBgm2`|883Z@@_bc_zlyMC&KT(z5n($BrpvC(0_` z>dA2T@q`l`ALjLUkC*G{GppOJa|8NTVdwrAhF^GHjy1a;q^O(>L4yfErcGU=S5&bf zfC}-J{U7N6<%RSRATxGnfp0sj-mN#P{`7|_7yi~vP@j7}_YV+3yh)zoeo}iaH|*q8 z8oT47XA%HFQWCzM;`~>I3;3?<#ea^s|3diLO%q<$QLj8EJP$jhJylqSb z3|S_c1w8wUv_4ep?T$Xg(w_mGOStJoom;>wfT|pJkg1;7{COcovA@&oBpkJ}jFSeO zhScJA)(xm|o97sO3&=LS(Hu=a21LNs_JD1I4P6KngIgxG`*zL@Fk2fh$*{M#jSQI2 z09Cp7hhR?ydAG%6fEX#VQat_lr-g*0IzdfNsY~J^%}v0C$QkFz68t^PM#8Pop$VC? ztRK@s%nSjs0vPzWz!1^12wQwFNVq*Asf1aqXx~8I86lG7s`7c!(R-`Vx>;9L`BK`cSU=z{~yn9iC z^%l9N{E1|qoTxe9$Tu(nQlPwlJ1gzVZDZ}bvM$T=S4iSA*#ZCBbS{ZF!z71r|A)(f zF!AkIg<>ak>|4ND#|7VDne#UX0t?TbPi7F3^#8N&jBK>$3LI2%&np`VdVj{e6vZYV z1Mh9R;Jd{~+1he4!YMSuU!c;9OurNmk}Ut**QB%n{w}8gT?hxQyul?<$bEHZBekN# z!?)hliU|}Zs|h&sjfB@ErXmk;0P5xk<|+;fEr3%8(+mc)eBkdQO=%R4f)a3yA?$(? zJ|rv$2F6T|2Pr$&rHW2AdZ6?9*ZXibr^s_*pgiu9@mukrZwb$OKA{ zfL^i!^)s@op(hSd7?3(5fb#Y!vbyu|?}kDeY%rO;2uR}i) zgMPvYWSs_*FpG~*G)8EB4mFwkaH^_|f9LPoIiTpp#2_v=yvn zz{T!DBv@}gLAX1>@pIQqR|s1R;CbQO9@>b*FI5qpfRbHMRXzW=HFqA}7}}2c&(OEe z;Q_p5`q$ZnT?K5~@iwPJ)*xv<9kM?YLZyy@t|^#=6b1`EKx3B0kBe?GT}kf(UkG!& z?PhSo#1e*1bMbiCUi|xo!vD*`ZXb5vcSs~j$9W6C1nM`qB%xosS+*=jVio$MgQZ~q zHWmc)0P&nEamca;>4LpZf20VwjqbtHEVjz`AXOtrgS6pqr_y$na0?!q6Umr6c+3Er z2)WB2{1&LdC=~Z3>r0*8B;`^7YfVoAgeNI^AsU$?W50PS=nvpXNqQr>Z@@0_E3``$ zWLQc5OTs|HIR6^A)R&cmaLjg=_S0EF5e`d`g!;U5L8lKf0xYs`@R)*_`@xTSKtKV> zH*7h|DSx8JLC83|cIBqeje_F=7W|k#=ssBJ>wEJUt`0yI0dLM#r?KnB1KL!|1QH8? z7^ zYza50?S!7>t^j2ZClCaUdl7u1SlR(+4P;^=cS%~|@WJA}3UsLz0#p-_1T%&G4>2N9 zP_QM`zGyA}FVg{tYC)cLzbpq@vCd+I*}bl^J`e1_-i;*21U1HECOn-=m!@lh21_ayK-4vztb?F~x!UhgG5HB~ycGCjmxi$6zN^CJJ_ z^jO=Y%7ONHEOD}6{+=i`1k6ekr<>4HK)io)h`# z0sj{kAcO2wn9oIblJqu?1z{z{dAgS!Yg$AtHrw;ZX7gSx~bF_$Q zCeTwkI{H0eG zv$pf?@^0A!l7brK3+VU1nJLFavo)KPneR*ZHKJ*zjS&6_vRoFY3DaaNR)lE^>& zl}$;UN2?}7tM~Qm^)>i+MB{Kh!aZz!T=SnnHuQtSJGJt8t}s~q<&m_xt6SQBI`Y(- zXMApQ$SK}56~l|;#rJj&R*prnx(=PwUCUiR@J?NY)g?ltzxiU(J9v0~y}<>>S{Xf! z!HIpG5Z}psL+%M(5;6`%m@f5}dAUP1U=Jz^&e`<=BXT=PbkMO1Mm;=~Wn<&{ZCrRV zVUYBc!|m|Xcq=$cp^s5=B~j7=!fl(YN?drnQZ7SyKYxx&D;arc-yd7@_xZPX4U)a) zbY7<=@h*0dr4%PjXxT1d*oh_`=XN}oFt31J0ZF?}!zE1Uag%bAYrinEjyum}NZ6ln z1N*&LDT@qp8{KbfS;{E2LYNItSj3P{<2gbku`%!aIWq9=3_{5cPG3#645V08HAy(l zLDUXP`9?ejL`QnIZRsiw!Ofud@YF1BULJxkJ3G|kTwX?dUcKyzlA!yj* zgt7USqM=7`xN~Imf+zYQD#4Q{qR)@-ZnWl=E5P;840C8=Xgm16_w6i`A@_0j09GKq zjIcKB}XPE1bx6A4BnrF zg@lY--w4vhCfu|Aq#%Bsnpv+%3LBc|L+4=Vi(){&)B?q^Tqc>?G*yy^Z)gWN6J!# zPMl=p5Qrg#ITL>2<>y;=|9a;ioRGvt8P4JOLsgPuO!^-9kbu<`rVu^L4mw(}o(=;%q z?xxPdhRyi(sXA~0!f+0SE}v-EiT1voPHA~7)r3=K6>`9fJwLyb_p=$y)4f&MmGP`I zoHa4wR?TThZa`dvg`^b8LdaO}u2An}=BIXf-7&qW>he&IaYg=aB`s8WSbgsSJaNXC z3X)=9=*UFs4s$>?6SJ~*DF+XI^stvg{I{p?;dXC+Z+oztUNs_zeC2gA#b!(V{n-~R zzoXsWYinTJcO8ZaDfhVn+E{Y(v+DlzrqLeJ&)Im;(Wa0E zdlioo#y+l&qMoamNiqnhlE#ooMq&mASX0RD=dbAmdE=O^#j)8AEwU4e%`)100k<+c zU_Xq@O~Gvq&r{}X!F2x}xLm=Q0&@#K%d`rd>wTki$@sg=sK#mn-+-`3Cw*mhb#Mv| zgqtFx(s39~OZ>uk4h#nOtzb4-u1l&<71h*n2D&vX%Q~(6;q!S{#z6uAyYFSQ-xtwc zCxH7CSnni?N{VWIfli)#f*U&pri|YI;ffn;J{3}M&qa}a=i$Mde*5Z6tH)uJ$oX`W z39Aq2t!CfyqIYgttWfM(i1(Z4@T#~5=v^?v=NGd1<9^rWmhr5uOA1%$#xi}696rC5 zBK_)a?8QMT<|S*5O3%ebr-Z&1{WP5Lm(vh>U&#_!Uji^dkV3}L^L5=}IBq_QxxI6t zuT(E;nR@NH%F>7G2CwGN!|G1hM49Lax;RP1JC|xVH@mMHLlDT>G>hdlW5Kuvk`44< z?P9p+kdM*2p8wV4=Qc}-a!A|_{cbHatg??)Xy7S=8|xis`Xrt;h`0Y6V87Q>eC?7n z?rLAm@4IE;?u9a^tjR1gdmU6TayuQ2P!ls1Buofg1)}Z%CkeVg5HDCXWP6*{kepEZ zfG}EhX;WGFP=+CNB-|AODNg-wfqp2>Fh$fH7duAp!js%i$uVT7MKk8e~k3Zeb zU#S;D$AK>Ze#eGsqE z`3g&NMsm+^QRgr^^ZlqUHx3r&;EW?Z>zi+~P^Tfcr9NeO#+!o8 zqFEp$%oA0?GA_QekFcx|MKRF4pJ_tBJfu3B%o-h%R(-CO0|Q4ijEWTKir{3 z)j!<);HU3Ev_Vhr&-V~-%FGOmu%(JPDUL4W7N+db+#5~A3?vkLNC8u_s4ATbAIiWi zbd%JZ4b}C!`z@dNg|jC18M;eBG;aZaAbkH}pfgFOTS@*#Bcn?NU2n;S`FW>OyX%mY zCUczdS%?03A^KV%sof&+rymT3X#YMX>)1D#^p*%N0_G5znWjx zIb~0=IE@jS+c)pnZo9R-H~YP+ZU89lT3Y>dyN&-?^v>fbTb10qH~p5~Vz-LR$w+b9 zI@%Aj+!uLM9pUnrxwtM_AqHD2G7|LA3t`oJ0jeAYeW}fj6?T@M_f%-lntr#nIhjqp zpc6*}QPa^hK&m^SN=O$RaPwk>-fg`h7P3CjQbRk@zv969<9l)}qzHN%Q#&t4_#@@U zb+zZE+uW=DMjyu2;i_1HBi|JQyXW&9p=!xe%o&0S1gUQh0lhCh6B z<0HktzX+$-5!tDAHg_!N(KUvv=uIdkDzv}wE$G>NgZ+7$GmDt*;zrm;&+9b`K6r}h zwXi&u6$dI2z=oy6q^=bqtfxs_X*zr;l_qdD(XpGmDh|t&aQX$q&*U-KpYfKOQh_5; zsI_SJ6aK1!nDIL-LSN4W$K_FsHaFiSKTQg^p8GqgD{AMX@H(H~>%z)t-QU+F3|Ns< znp*vAb{RA4sMC8j<}A~^c3k{%)Gkmkdi&jlAObOGZRKv-#QyRTdPh1Qy7Yu?rs3+} z4!utpbaz_YjJsAMTV2*RW^Z=9y3{gf&g{+k_&I( z!sA!xUS3i6w7R=7-_w{Ydn>M023S7@3u!I!`85^g%{!-#o!vtzLLV9?uPo}vV|EFt zuQ~3!vU*G4ojU`z?&|Rdzp5I4q^0jFNzdl_J0?xwW}ut(`~n%>!9G?z^Ci8GD6~CG z5G;M*93Ed-ZSDR*{gPgPkcN7G$sPK(eMMiq{w_}Y65=}ct1CiH+irqjVk|nLqaMiP zg)QK`uj+C6pP51W*XcRZ8}oC!xt=4I{|1?)cvS8{qq8bAlUzO}Gsg_G57ihJzzJ;# z5T~r}x)^DR;867n6TAyAIX_Sf{IYp8QP$aqtaCk{A1)C<=2m=H_&t^l>PP&a|KI>I zr`sS!h}Zn(uEb1Hx~iQ5(`ppHB46E+{_)shMW;co#Th-NENbe|i(T&@Z$~+q#byy# zY49YqT8J7S$h&5LFJdwjAQ9r}>f_oc-!6)o(c)xxQHJG1jbLNwWQsu(X$6 zfgVgcFM`_L>PdU;!O{=wElFE^0ecML;Cof33ra7SfT0MevcPYIb?t7jd-Xr^fi;t} ziy6*o7sUP|R9kcH{$ljHkEqT3j!k-3&U$H2)qqxr@Y}(36E~K%=CRx2oKxlpXJ!?i z_HgbX>ejz=XmaLCI^q)A`HfyFADzbLdzH9U8=zs2##b=gAF(y_`<6`(y>=?%wB^CR8&vMqI05O&(G%j-!IiL30F4a=Ml`rfk#+Wbb;K6KxLx@2Bh zq--*-u8Xn58_H>S?@TB(R+)^{ik=C*znPPsF|@ruZCXC1o5uK=xq$dmOCWVstaw^u zEA{@igd6%bez4fuV>pEkKOW*Yt>$oiOK7~fL-}}X{)?G=OqGH^X(Mc^l2?4fY5YkF zVrX#?hZ<_Yc>MU2$l|&zLx)(P?Ikxf7}WY%9=uSjm!{V^L^W7WrjNpBKTTp>*5DV^ zhEUGS8|;sLox0CAxVUTMSbdRxv8@(z|7h|_FESoE!86F~Xm%Mtz}VSMsAp#C`jLd0 zG^-e-J2S*|99@4mg7zpmb&5sq-I&8jbwrcf-E^TbP!z`H4YzN_Bfe|7=Fhol`P^q1b4@pIJtC$sYOi}che2YYV8#<1#_?WsJDD@sVX zn6_1{UQ{Ra)vBzdl>bp+XqVTT>-$drDd!)oL$aAsKA2^Q%c+MW8c_F?_8PYKi3NUp za2XD^Igsy(S=Lydg3OfoEw7g^SY7WXh*=-Jd=9OAxHMQ%7jw7i`;zeHcihxj0xID158Ncx=TZIjJnE-Z({3g}QB7c-N650k=wuTGFfPqI?S>Wg?g8K$T$MnJ2fZ z8M#upf-S2#hkeSLC5T%Tz5zv)W`?n+>R? zA6&dJN;%I;M31M>*_S^}h(o*WVKrTe&i(1gsa$5W(4LvE;E+zW)`dJiT|wyolPGse zPVq_qAB^O01?|$t0Oc7oH;u2pkPl4-2w~l+)hK~<+wI6V!8_j3!3#7Cn>X zvg|=Dpq|l@ghp$o&4=%eLB+|RUH@xnDb3%_ZDy{|Jm3=Tni(W3nOZfQP_215B_5C3 ztKwOw82JsF@RQ-y_jxwgBiHw^q<)FomED3agL`*UuUtUc3>7{6P)Cq{<-hOe%_jcf z;wbxyt^8#A!q{T2Y;Xjkl!}fiIU%OERJ%+-$QEcCU$SIOXU3Sn{AK*yLd}m>= zYW!na@RQwVwcoaVk-t*+GP1<^gRXWFI;SaXzcNASrAX5i834{&PKx#0pJ}%KG=yDC zOqlcD&z{p|OySEuH;Sc}KHg6&frZa2!Tb@^NWbuvpX6(@@PFhC2x$wAmv%0UsPqo% z^ag4Ncl%7~VmjiH#F&*BHq#>ysV@Up1rBJ1Ik*@zv$CMAZd#n0K9KA6VO@$ReN~$l z^54b=v@QEjs~f|%N0|083I`u_?ejn4qj@!;6$sXK-JB9seKqP-72>P@`woL8WLtZ= zx^7CNuEd#|Us-fZonCUz@djV=$ep-NsRoN zi@g*$ZZ73_Pab!hZ)CJfDtpMo``LUM?gZ~%z1XGhOdoPuWPYPyB68$sIkB#~KA{F) zFPBzf74-g@w|HK)y{e{;zEj&yyJXhL*LV6;$|%KlLOvW}JKD1V|Tz|khIsF`pi z;#RZIcz$`((*1QW2sP3HqI;=085wB}2J~ya;a3XOv;6iySZ^Kw5xsTom$sp5ueDGF-g1Y}*TtlV`a!o-2qt2NmhIPM@smc*It<^~i% zSb*VXe8Vd5$*ML<{7&+DUbs3+)kTSWl`pco*tN%b&b$OECgHj?Kl!0ng(lsD#o7RW znWf)AG2b)wZH&dm1f)#3(MOSdfBnU=agoz0Q@MLLbs6z(9v$1fvZ_QT8RrQrH{WVV zw&dsZv_3(fkYYh$L6g%i<$Avu44rxi<5!u*z^TZjo-f{~QV&~`AvnLfoTgEd_AJf< z^7ZY)uzlc1cImLIUm1Fdn*`B@Jgu?sy2;}Cx;G~DyNgAZ8)u8-hLvYB(SEX8cFp5w z*Lll3M6(@2Q>`ugb^=3h*&5s^P%2U=SCQOr%E;V)GMBV=|BiuJg{@QGgjFltMH^E& zMK1d$zPV~0dC9!rG1OzqlLxDaevF9<IP>rBROqZQG zIQE8bn)8rIiX)wNd}1$~q$ScjQa-4-(sh#sf;K#OU)9*R$k3jyJ^PHbSR6#175cTH_ z6$D~&SKx}tOqD#Nvo8?KO|~>;8)q}%U8xd@O>XUX z_U0V%bMdQuLlr;w_x-N1Fo{M)Xzbn$g0nhgLo2O+n?5q7!d>??mna4+oke)e9YZBbkY&u7x{knZeZotj3s(`EV2&EIex+1#&; zNy7c3DoO)C-9%Z(s$DvXekkP ztvH-D`JPa{yU0$U&yKCoosshRI3car!9C~n+LbpBN?DvvX4;AdRpa3Jlw5_>ElAaO z$SgnY=gD&i0msL}7>5R{HX|HZxJV>Jf##3F^_9gzu6bPe9JZ`{ct zbScl{bE}rXk>1sDEB=mGOLR|&C9Ede!L`JBW%OeqYI@<1yxS{T~F_|f1ni*F?B63NSSBB^=VxnzI zH@Z8sxwV|__RMC$Z|R!d<^oP+sk-alC8!B{Q{?l)na@OLKR3hiC{-EVVtgiQliUUo zN_Zv?vie>=)X{=Qzu^;`Qz&USvId$!!7sVor~v9#a8&)j5Z|gIuba%U@66NKBttl#m=XvPXda%p#YeMprqwUzslkuA6Fd zLz!UCgIe#?oEQ5qRLE zYk<@a2iWUme&^M(9cEe#dcIftGF6w0t@P388?-%Ydy~558eu$-A?sRh6 zg|&}jTWD68SlN@4#sow>l(4L9klX%o^}#Kz5zzpkII%D%a%UmuL)38G2kNE6#kfw3 z(y?Eh&D9yhk2pr5s@fNmKcTxvspa~66c6^B{XV(@p65I%7f!Lge%FmS>Qrz*cOP_2EI$al#Oa{k9vB1s4#ERwY*R%>gm3%c` zQHp`>SC<7$v@Bfl_rzWa-*XF`tYwFi>QKQ(n!r^$=A_!XqJDs4m@8wS8EYZ;_!;fL zhn3;9lY}Bv*HkL`d;4s@tqn(Q%18(#ii*DNm=3*VfY|A56)uZBen7cezxxVb_cCb= z_W5`&QR#4B>I6tF4GC@SU=mQvw11$TH$-gpj!jD46=aso3Ab>^GaG;Y6zS)y8oR$L z0QM+@#RhOMa|mPKjoR0rhdg=PXs+=jgsvRE*(84toLyO-fJz-<=Ics#l1AczMz!h0 z53+El+SUY@$2j(MEbYw|#M?`!-F3OhJrTs+QXnz}P-Kl!b$j|NSs2gjeTwTXV=Ks-sRk!A1cfl{$}hR)z?wpnx>pOXXxp%&BuTbboU7G;eVjk%$4f;aUa=k#9ofSQRG z_NuW*$MY4>Wus2jAU@S(cICD*ys%x~K-?8tbFGh!`(1DJ)^oy`Mezi=(2ppz-`M*s7rXP&VP>G7(l$F|iGHv)=#*#g z&+1dvURrwYR|OKd?vJDN={Qn;2-VGBqH`PZ*qZPj_c)G_1u`W99kdEKFT;eSqO|ED zQXFdL7_%F2n0sFEo_Eq8orXXCpV6Z6){)VO*6)E{^=EbQEYH5`JGQzl}Xhg2nr-?JJik zocUA!Dk*!1&q$gN9dBPO8!;hOBpf&$X~BRxIQi~xN(fP zm*d*>G#p8Ie2*s1Z#q4|awjpWFLta} z`=|}t_HHX*!dmKB)6l(oS9*eHjXb&d#(~i+`&OHN8|RB;|5G(d*QAfLKgv2!;F4?c zk8KVf&P_X#FiKIG-+f@V{w9Y1$Z;X6m z$tsqLlU^?|Nc<-u`nLb1VT71}#`C=S7Z=qocA3;WvakK{`d!F+g@*0m(QXA=G$Bwr zRCuolpTOU7_D8wG;}W>ns_WZoG-ZAqS&{eZ!iMW;^PA~iSoU}Ww|U6e;EFOtHc|Jt z(`{5dE}SQUJhT%y-FN9S^VqE=m&i7v)b^3A3*4qnnd^3MXZEkTGrEHl8o9B&5bv71 z;Ea{tkYll?^PDfb$5GZv%69h@D(%p!KTp*)RV!^LNWB`_&6=NIhJJ8k7KAHqpTa7QjW6SyGT4W*L0$zsM2Gi6j>&VTr~E>0 zTAq>ROEH(-)^Qzy9^4n|fj5=sh&;p(zt;xdiWg0HG zZD4!H|J-Zl!P81#c@}PeS8XwqulCUO-`A~-IB&T+@WbcPD4|Lx{@Epxz=J)a%x5-P@n>1^fj*dl zVJYjS?No!Ey!Z2OWE)`Vq9fipIhEMagu`9R^Nkk$I`;f((aXC$7PYSazr(zfgxzy_ zCWny%-@9bd%9u>w5t?zWw)IT(%>>5}`%Ruriq%vPhNJm>-JsB2qHJH0%0d&;I38M3 zX$Vy2>Lku~7UGVPjtyePvIwh(A=Ua7KZ!>J-|CW-Zl_Q9+)+B8a3-j7FJxTl_|+x% zd|!k?<10Ezt@pU4a7`lnyS3AcJ!C1@WB!B`W7*^HsseApoWdaaHTP0{Q(0y!OtOYQ z&K)`DP^CKx7kM!j62-^?Zd71g5>NRlyqI^Xx3Fi~PYl1z{Y{1i=3bDgJwiM2m}N&v zM@FgfIs2%FznC;5L1x`Z+Tyk&$`0A^m7fL0-+ycvlW7q{ZE{Rdk2&9U{`@rt+JLHV zLWigtr!`(E$Lz6r-#zi^>u;GG4adg^EaT$i>?!ASe4IoJwAX8mRC8zEtlrdoE>2sg z-#E>7U;UEko%)!9`O8X7xB-V}BJwSXU(X*&b6VfnAMf=L>c zs_-pTo+Bb3Ds<4jeX0IXW4H|J(KB6g1aP|xAV7MjDTNHmtbrZkW8Fkw@|qx-YhT}B zV|X-$fe)5(EHqfjbN72K$~)w$YeIW=Z0JPY6U8cID%Ng39AIx|_;!@$XwxUDclX7I z-=-5z@&4ydtpv#yo=t+?94XAPe!J|RD2}>XH8WgOo*(z;gFp=IwufG->2&3s%_?D5 zp+ciWSuyTaPdxt1>kUJk-!4bH_2BB(F`j%PufWy1v3N)y)W^M+#j7zTr0;K5O?CL!v>k5dPku?k1* z-(Sq8>xbN--I(N#i|aR0Vqat^KT11fDpR5BzH#8UT6N1{!x#T$0Gdoo z2+qezL1D~KJGY8Q78iKBg%%v2Ms z(uF*W?AaFWhl%zLkq(aF*l1#Qs;qX(kq{?t|o|6XQ)?1UNg zE%30jbVs?*I{I)y?I{-+1L{L0e`$cGer)kw<4XLBpKjmsl07i{_DIGRv0rTAu;zR4 ziVpd@CbN@nfGlMa0N4FJKT(+hd8V(+MpOyK69f6YH84k=_WV1y`onqs@}iD@c4v=8 z6UCkFy=q;WB%VJXLoF8gVtg12ZJevr9PW=S1*ePrWC9^ zrZQ7HOLE-Izi+^-gl2z~!n+jJ^~|f5-s?GEPS*5DU*FZ?aOvJY{iD5%c;u?Sl)nSi zBAJ;pl(?Svv7#PCcx>%Nww}GAU5@iqpI4pu=9XgjCOqDkGkeNfTtyj>>uB8}vAtvN?g=qcP9Y>nfbYZGMf*3*Vx&i@>yVTt|YBW2-X!*A5oyLe9cn8>H&;A$1w zHg*|FsbJ~1wHpao8QMB_&o+T9I=RNZZywY^1oycmbE5$YRmp4G9~h|Th)8`^B9W`2 z$e3ge&C zo`cKYR^{;)Z-v)&r(YpQl3vszQUsF_dXD}Zt*zM>wy?6XA;OgBVdQ)V;AGJTSD<#k zg!fS71{xK@uj`D2#Df~3S?D=wa7m`mTK}86q{hA1SA>j?3J!eE#PbDw4`Q>l*$F&Q znv}5=y#~0{IROh|*NZ&10b4mr4f_^C9naC%IZ z!Ab8hr@~KL)Sxb`1EzT?D z0#%~#M#f=Rs^(mv+oKifEP}}g{V>z@l8_5M+H-nm}RxES8uW{S~DRD2hbY0-b@->s$il4#F*3WxNrzXjbow%^uf0Q3Q zU=J(nh_St0JR8^QPZ99)Y~Tg<(g;aMUQZZLrY1g1@&!SraO^D9pXS_G!rkAL1K9lz%(XrO8>wk}gjCT`_kgZJQ`fu*sX^Rk@F%)s}ul%zW? z`EqUel-LMQU+?EeC7Bs2JWQ{?AN87<<>SU0jrW(f^O6ug1}H-*2y0T}|4fjOhB9LlQ<-|i_*aowzB z^sId=ZEE;P63JvNQWhsQWd!@kaM%7S4pUTu@gTH4Dd^ON^p#_z(WN7GQz3p>2^q-+ z|Mk$AIH4|4r=TzX z_Uc0pMm>a97boQP(VA-qAgFpT39q*9H^J|{TB|=L;-f4%mDar?%aIZW(o=@!d~If= zW*socXI0DxhwdN05^$H1bgrx4C`DVOa>1_rBBj?NTuxRy?nfpyu2H?Q>blhryQrnO zk(@>xlY+lLKl}r&*Q8crg@D=<8CT*mx1pV%8a^r~C#va@U9)X!stPpMr|l8PqqGzr z6~7KytfS+yu<>HEU$f{_-a~(L9y=GO z%WlU1C^pZwYehzER6SuQTqHMZ#S~Me*REzUQF7s{b26cvW!1oVaN@TMT9cx61p%^=hA6r;3oIk)gL7a-*-Fv z5t+r6{;e>taLp@^&!J|rM#MzAHwA96a3vd+-!hIRi$3|q!aq$tBB{zorDktxm#j>?0 zD)yY;u4{W9&9yMN^fo92UcMHstFP+vrl}T*8|ON%&zSt`K=iQVZy2_i2|ci(+jWU* zpYUTd=$z7=M;b@vQq@VB4ka{TCiXM1T{Z&!6P3J|)M8KH07;g1muMaw0AeY5qi!^E zRdmnGB=lf(Vr|MWbSSM9cvGiM-)sCs>HpF7=7CVZ zU*EVTDT+2Nvb3uRWnV}2i8fod>`C@DYnCx6X+x`>A=w!_F~)?XvKtJ>5Mqomq%kv? z?YX8t-{-mS`*;8PtA^h1Yp&~@*IBM}UWXpK$jOlVtowFw>H%+N1cvr(-OZ^d&3-b! zrVQTxYL6JF2m|pH&&d9;)eqd#D2N;b zdH7wx4)N?V^uV5OLI>9Q*?T1L4>~J+9CT+qv9DibXClL8GZn^c=0Fn% z$m#1{u?fp9-jL?Ni_yQobaSFXS=NE>29TNO(Q8%g0ISs430f08dcyZ^u*k0Sk0BS# z1f#rNqo^fmk<*=&+~$z6vu2=h>!t@t%X4dfp6%{FoM(#L)?2LM{LbT}XUGZEYIx#q zkdOrRX_ZB-5`SO(=`L&5%E~Q0Lwx)Ezn|RVUISr=hXWKr;{~teS1T*$haNOtb9$0- z>cBT**>X)u-M1(x$oQ^w+7Ar6dmew4DRqG7?-LWB)xB>Vs8tzCbN5Nmc;I=WRL}8A zbW1^b7@INh?YzS_Zha;%?a4b>0&6=RGEy+^F`v&R#WE)po552p)uKfc*j2jfsUuKGgEwAv-`NS65e0oB*8y zhv3=0#k`q|KZ0R+zsT@YYpUeHqfY*JFA$@So0)}7Q6+-38l;=bIT~YA!`NOw8H}zc zqX&$l!5z-Zyxs`YJNe|FW2Y8b96ih!kSySY9vgK3n9+oI8FklNTlqstT4wX^byV9j z=!;POwDnBC6sT6WFu|&>9lX5PY`*c$!`x}+`(;%I3xuchmz$7qT0}o`1#}xcl{q@I zx5F9judD_$li=fD6+{zHJqjG?Ynpt_vl7BKUB9~;AGlgE zjCdm~pNV@TG)YcO__D|7^haoLryg2#1V?fUh2RrSgWeujfnuJ7nK>T^H*ml-$K0AJ z@Q)V=;`FgM1Jzizc?73ml6*h1_@`6dMBKf?a>2!~EJ(acy|CAl!pHu-dfpe-s+d@Y zpXl2gir`)fT!?{121VK!Sl?Q=e3DJJanORi!=I~gO}R%A7zc&T4dDe_{WnqdBwxox zX3w(n6e0{-lMq!oJ>^Q+Gix^YA zDOil?9ZAKmI)K{~aGe=>qUcd=1rK;@aP^pN52al-p_KSP-D@P_?T&_-kQ56=n8&Y2E` zQz$bg((_dI5VMz@SFl9-aCvm!gFmI#v*$>?7tmDNbEV1U)k4v<Og~bhCU9iX(XVTobB0V;p||Hxx{nzy+6BHv{`AE ztV@j^D;pg<+kK z1ACI1S!}N5+X*@?DtGxB2FZM+HRkOqo%>>5fq1p{9El@eWjqRnK0M$nR)jBV@I9c~ zmc4ji;TPYp`zyNPc5zfCs8^c8Rzn}G4MB*Ql09%9t)OXISynu~MiHNWp_;6l>h-zV z$u~`pM=zX19VE@0KZBtwXqWOQnl~;eoTyObkkJs6TMR@RkFWHNw6-vfB^gkfV7+zC z{6^8!kwXn$nFel`y+)OT67(3@^d3@ zuD`=O@%5waesY2`ue}*sr4Cx}fSMGpsSA15)J9rgt1b5s%@{{i+8-#cY7pKUHCzH8 z+e58aLjKI~CDjLlt4tKUp8QdKwbEuaC`pB3S4i-hW#NJt?-`ztqq9>o1`)4^PBJJ&SVMR{pB3ZZ8r>GmE zCnxmtd73^Fs^;E^;#Tlc>lGBpJb%NKJNi`C!Br_z9-U)0She1oqU(uXTz6>l?TCzz zfEd=f{gf&m0==X>!o#BnRmeW&A=kA4%I#Npg#5I5eCl*H-!BANI-QfnSH@S=@(f}1 za)=ze@4Fies{w-(!YNE>EMqRVI;sLk3>9h@ufqm=?vZIsv?=9G(U(?ZATKcY6g`iD>V^*NGsQriP+YWgYy*(WYle!&}3;X0F9+w)lLP7#E01$H5~ zkx<4sckdM6*#p2ojLwYJI1a=|e4oGcCP8Me=eOaYo{a`jlk2!raGOMHoppMYLW-o(SWJ>X=mldkeoiHdcWD%h&&@4Lwh-yXnggWp(AWPo7;EnS z{WCDP=Lb`TRO7OR)%=QE!|`)H>56^U&iUZrI*A=Tw@?^n$z&uW2JA*RiN4oiqwc}EjjXkJPXFwA>_te~(+Sxv ze%x%t(MtD~V%ldEy3`=7}~g>D-p*8nVo8eeCo8S2iNop@l(& zd+hqc$`0-^y}EBVACD0y&&15x#@43!h7u6;>u>oQg(qt+qGXSLVmvIco#}$z&$Yu$ zwYRyHRF=vUos!<1gH_V}x{UMKh~3!{4!$tEc$)deMw5xx!Q(0B2@^r6jND&&FQI&( zwK`e=l)K!satn#o;CZWS7#vzVUk}-WtZQO*m2Y@FRXiNq06QIo6JoV88ePUdmv7IO zjoZA*DCo32(iifN-OzY$8eJuFI`Ei4jLQX~CWOt#bkXgcLQF7!lmj#Olp^`Jynh|nH-K6NbJFI1M zM!{|(o%6+o!k|^OY<;ll&@(+0=FkNK%(dK&Wn%bbTH+f#r`!*YUjAAY^Abyz{VSwr4lEp8WC54Em9cKqdP2yjnbBg4m$-6vSSS8n7LC;W4h z1BwAb#c&Rv@V-@ccDnds5IvZD*(W0Qk(@p*YovDFEQg9Mj!)o|{ivII%pIw>B%K!8 zHlolMXB*Et9vA}|Zh@|`{dzfNgqfxWk_L2<|7ipHpvU#G(?;~+?Yvt2Klp2uc$7Ec z@;OMxnHQw{W(f<(*&U$o%W_|@Rh_B}6nOcwpeWN+NoOw{?Q3XDVbb&7I7^t{;ceAk zWEtxJH3ft3KNa(&83M^vHax0!doMyWSm3JK@ABwkTq)Zwua(GGQV*(c)NYk|5XW2e zkq^yqEDRpMM!ng0xrYQQ#~85L07^2&a&)&ZHciKSsxWqRn;LlcA}Q-||ON+f)C>-5R^12@@Ihfx8Ax)E=m{N!Y<8=gxh+X)hFk>J!8U z)Fw+EU$||~?w6czPTXHpcE%Ib>X5Ax3YhbJXBi8vYx(OH(4B)aMLi(2p5W@tF?Gp-SI4{fry4B z&G~^&3SW6f1^God<5fvac71s?xxTp5okF|fXknB?df1l>MTDhFbwYjUD*L+TZ#xlV z8!t6#)`A$2+n6RK&U0yhI(e;j1Z#seM%N&DhLJOw+QS7GJpL|Jkv!Mzp7t-DDc+ z;{h6e4QkJ1Ec#}6hH3wai$IDZ&U8T{E3C;kNjl4FR<%$IXt1Ne1Qz>HfIb@Xlhy5C+*!)<3tZ^7Xp#IhG^Xty59zqcy=H#jzSBUL$4?l18SQRJt{v+Af&gb#qc9sYVzKCvDUKj5q z(mEFWm#0J%5({MyY@3`s`XEK-Ptbb#G3a3D#(#INozB@T>_(otFRvIMZ0lH5zsEX5 z$L0e;5ZEeiK0>e8PN#mc#BoX5NW5;uy#ZnZO6~7^MYy%Y&;(--m}a2 zh2aMjYQ$0S4;p~ba=~srs$IC$DOdeqn@X^~Q&fFT1k_!!VL31VtNBBOJh474BNUBT zAod?tHH-}T2U%Z~tFC?yGW?WBjhaPVnv2&Rj5T5M@A*ZlpXH#=&~d_D3!3p+&s) zRrK?Ikxr|()C%CXsPhyVfih5UYLfA&V)@+Hp)@;uzgV&uLaesE=yLPO5v%o)eGd{^ zL_eP*vy@9(yqBZIp(8XrUEB~myRbUJGG9U1gr39Cw=q{=t-jYKm@^cz5~!3LHN@K= zydI?p2iIWF4_}cvVt3#HS$Mxx_o4IPogg*l()W0{ahZ&e!VkRm0rdj&TZTR-2R)!^FL*0_ieJ3@^xbjChuK$zw1 zcC@<9nrFX()@0+mnmE#195@$1hH21d=i}!ic>n!wJg3o|Z=T7Q&HhL~H(`0Zic{I8k{^8Ar+E|JfbU4Jh@+qnYI{Q&Sh{+kx#{`2oI0x!-) z2PBgI)e4@xJhO@1>(!u@c znj-cIpfv$m79JOhM)GCQU_TU|%e;p1@ZI?Kb<*lfk5S?_o;#;ieb`G=BBHep;dM_D zx4n+ly)foIZO@bz(z|jyYD~Xoro_;7LYO$aR|zW39@t*ff{N;-O)h6AK2DcP+{I%K zM?-&8W8&fJVLd!Kcp-VUyiAKdbixyyZDkqU3mg*p~b?>{S_bA+EK~QA@d* z)4MZEDN9~;? zxr-=yrr)LFDOK-nQ-xAi_8?)@D!jpDg`HVmsM6bDlrtgBf+jFf0$y-t+GR``y%YhosO?`&`Oj~w!z zf_`THoNGPF;Z!bSGO*OqtpT1V44|4o6{4TzodL9bSIU(7u;UE4P953LL1G+@YKY)$ z(l&jXZFnlxYrV&5c!dmDSixFTvDY-QFCZOSVuLr*l3g&hp$P@X+1g)(x#Uqf+QDU7SRfOw*A}}e z!FT)va3eaMf(S=^^DOO#=H`yBYF@pI9%Hpyp_1k)wCXdmx1iy(i_dR9T*RPqjQ%da zI#;h{zA5zGrL3?PO*HlUg6c{&2Xk06)YoC`!=GQ0ixx+-h=|K2N(wlF31-NXgi(2o zDE{{hPg|$AwQ#i7J>Ffq zQ4L7Ret$0gD+8x>xIDr6c5c}fF;CN4L^%te^;W7EdbQMo5cxm|s`KXkJo&5^gXcH; zYeR<%vBBk)RN~?$mtKYE#&v+*S@vCp79V?|GG7{e@qx@=j9#CyFkBp2i0Bn2$fI{* zIBkj~5O@x5NvxH##f;zZv2R+$xP5sX2Bw(i@ZYv8QL^G!SBWjX;DwHI|0e|nUm;IU zA?3#1fI{%x2%Z;Z|EPOyr&>PhX{%+}wdr6BN9+zRKyd~5G+Xec`;Z(uGSB+{T!ANK z9~3?jIv8}tD@2z`o7=n&1w@TtpsVA?xAV4c4o@*-fzuVn(vXl;wLj7~vk*nO5~3M# zawLsV3X60lB}_qd`y1ZhU$NJ*SN#}h&SU;YM{u);wjx!PM@XHkFit}K)&{4_eYFIT zTVA_E3K^E(SrJJco3tnfwY|Z9w1omC)SH0OcQeH;k&NZzE-0WMfUT{odTcXDp{NFo zXarK*T-+PkVc}PIobdJgc)Y_wJ4W5*c18m|WaajhZ;DHvuB6_Tfqfytt`%Q^bdGJV zJ+G*}QSHGB`YX5hI2Z5!)!o$I?0B=iN;(a?_usqO+p>BYs==WlszYn{!Rq;jQ@so+ zo)t=cR_(uQd;nKoQyW)lcs}GKmKJ*v1A%hgH!i=ig+=tO#`MT$ghYj3CfKZ;9WfR( zNd{Vzg%r8v=D<^8oP^Mx8Y`0Ncn|7`0ppSO*dxVux-@ z^H|~e{+MqAzO4CAR@m+#<+}0BwPG`wrD|^=a6o1%%|^w#igbRNPh7i#2pQ#P zM*jq0C)tJHqv)}*{1*eJKsZwLeOIoaO` zqkKOl5Dd;j?(A@y*IBKuf_Eb4x<)3(oec(6s9BpqTzGiR&P~$qc~+{LHkab_^Um9X zmWb>_ilQxwA1T5ay$g0Y8*JxM-pYf@cM#!#F7Lc*qG>HW@96I8W3+8)t0jg9NWrUdoJcS`p zF8!d1t8xM$wC*a*Eel%KI^Pn^HOdWHQ}wgS6x%;mLg;7QY@RES(xJ4J-1Nu#m|EH` z+Y|(qtDhRDfo<0-1}#7(EnYV}n*ucs&iRlN9e4Opkw4jMD4MgCo$D#1}CL_no9d z{;yB}(jva=7%oIo|KRf5ZD3ms1CtF)?c(DLH+`Ax)tDBs1g;ZM-I|rh2YBH!LI{Y5 zLupou!-WP`*?!pn=q4AIt_9C8_V!kLSmXt+RNbDM^g~DeM?S5OLeIquM8o+S#XlAA zmM8&O3=B&5NMXdqESE8^YF_#9FH@R@2btBEJx)^tB04pRLpehuSgIo1c?_L6-;EQ; zRC-LafTVO-jh|Ub-vn^Z-SK-u^IZzKPt_iZTzl#Zo%sjY)6Fcp&*JiucM);6h-aAS zn62UTPy;h|bZ1vzy~?8Ju|n4Xu00jHX+Jic1qds*0CU<%ZJcuja%2U_-V> zSHaOj#r~@9ks@QjfjLrS2IqDJ-tz!v$0sxdy!Aik*5g>{lsg4PZJJoujYFO+Bq>30Fc1ul;k zXB|xbuKSni5i3PNNOq-~W?S*X7l`G5oWwjL(B6|qW~2C^keq|cbEw9;&cqL;x>*37 zKu_l~?BIVD%iBAkp(`tDjxR=*m~910n%Mdg>iw&L!pQ{T4;H@vVe&n*1Yoo}|5eMJ zO+fIL{>juWv18=FsU;x-sq)&$MDY5fWJ6>qy=xw5m&6XavoN3%m|?0U_uUWDzaZ`) z<}lGGhyI@r=tF2Af1G1l#;w&!?7!pj=a`4KiQK*p&e`OoYnwOv7Yiuxo6hN z^?N{R!y(S6p5ZhFv^PIy%(U9buzM{sVCq};|4_^;G=;uQMPPpcQSjw!Ubmy_%T2AW zTHWSi%lG8PZYw*gCHTphy0-Rk=qx=+)Z1aKmI9m?Ad%1XsB^ebX{Ryew>$r8=weEi z&)o{`zG`o<4W||Uc(A9ye{WozfChP&hH6AIPD*M4@2PAc2$*-_4`-Hep=fV|-k5+7 zn``sII)7MH;b~9qn*cR6X;O}}-}ys1K*T)yuO*pkR(K{d|vGT^ewTl}eF^d&cYyC-ct}Ln>&U&0VQsb3d1`FvzH1cH~o+x$jwvn8Q|% z_r%TN%YV!Yc-M)2U$J&{`NeKipa0b_R5aj9H|_fHB#0`IKMm*AZel@5t8A=`LMXm+^6?rP%G`FGwr>|UY9HYOXF4&7lxRN-!ygR1P+ z)Xr8Ae}zJ5u{)PeL(*x8&9x@P7!~se;eabGjx4A#a}#;AsQtf%m`)e-fw6iBc~E{g z#n9|rqkdgr+82k9oxaL2XqUbgi=~t#sR)5+em;!Y0ge{)kNqMbLMzdBM($J&Oeg~6m z;N@_G&?e0mB{Fv(8d;b3B&5%!_$kXGCO)_F1Ykqy>?lfydrxotRLcbLREvxaIz|I? zro1`Jub$bf8pbf$8S>VzO({Xj9S)2jObYzML+3}x0N{Lb9anxnfSTP+Q<1N%heK6@ z=RfiNe}d8DM5u(=TiM|hzbWX4_bG;$w={I4%R_tl@_ioY?DaRLK3CnoM{NAY76Mkn z#i8vYLcsRCF7CB!ZT8r>AhOj&J&R%V!Vg8mRYi;a6Gx&Os3e|i(;Ywhyp0iW~F z{r!F#XqB~4hH;{sSbtW^<5LZ6TJ|h|hLtLrx%RlXZqlL*o_MlQk6nlqu?Wg)g!5H- z_6F|!A~Y|At)L~Hdmvq#fRxs{(?HKH#g4lAH!h)#tc4ps{3R0>q2u_j;|sXhZeru>0;D zkZEF(aHNJ+qqe)I6g8EY(lt%WkpxRZ_1pAV3LfcjI(*y6)pbKr9T$Va8o=j!Z7bgL z_-aul59U9?0r&mU1=YZLx!bhatzR=BJSU%eK=~K8XKR!_GnchGJ3CK&GdsWPn3ysB zE$x|lVu>-D`gE_3gWeQiSpkVI@d8wyySZCb#ewd+NSiuSe5kzHH$TpoK2&s6kSX0X zk0@S+Jq=Se`xV?ajqGc==tdXH2mIe;`#jwaPp`SurL)UM2fI@1%v$Xi_MvOig zLIre1BWTum>PD|uUdY+VG!k<}HV@a_#Wwa^m}m@hc@wKiCEnh3E)DRpmiTBQrz}WK z)rb{`@BYi~`|Q24y{zkQ_AYzYD)B3CCVmIsINdg4>1tC!3oxU={+4js6aPzelk=mM znM}bgJqa!jJWld8w~s+}|MeyxD(qNhM*1~aV=d9|LQe$L5%kbwZ2WPHDsP)p07l`% zWb?q5q3MZ%+Th`oso=}=P^@|AIhKC=$M1zF$IRinVKWwg1nqjl-$0>gmHYHzO72g;Q?K4?-bpxD&JU_yYRi3z%p+=pI@jwCFgq)OPhPGJECHmCb{Eoi5fyCO3+{wwAxLO0#sPVqsn5@khP;j2a&Zv~! zpSDk0{S^36wam+LD$wYLk&}H5-%uEPlA~!c#Iir}Ka)1$Vwh@=&}Gf5Sz$tBWnl;& zyTzR&<_9X$0BZ=5`Q;=B5)mqW*e#5};2g_%x#jndEqks;FPj8ps`|E`IWu?ELa>~6 zVzaoa`_i8BAfx+H(M3a$tNY2skdyap-}R2=7%C2a8$*D}Ev45jVir=)F$_){ke4d9 zhBx)67sM#5DDv{1`1v_8OHi=p=L9@rxhqSZ5{Xv|oKjjzQ4YAegi}f(zwCoT(b&*4 zyr{T2S|OaH*d7a9^P#pG3pk|ST-@FJPBD7eNZ6~IN%P+^+34S6TQQud8zo&X|nm$Z- zzW*`Z_t@L%4dVlH^^e$t3M(;0oJ_@e|Qc6?CU=mdrV`5GBG7YohsYktjM zJ5{)cCe6mhvu_6OE6gSbh{Q8m6($opNMY0z!r! zU2hY+-Zkc8In@wSI2*LtxO0(_luf-s4=%DB$Pk;mt9MlPB99a zRECYTpgF&1>g&7QPHglhfvIdH9`!E;76qC3z#g5XH*hI!hiY#}tp(%ePgv;#$jEQh zsH7&5R~V-NZg_L4u$mMULeAz-5Fw1mB?jIZ?hzobm%h+B{OP&$sX`2?Vs+9$?L>M< z#_StBow+o+09Sw`SN!~ZZ#+PEFxL*=(qPOgNUVnTnra9P-*SkOb;$oQr|p$BkcyZz5RH6P`T4Ce@QKb1$h*xtexrQ(D;2U!$l1YZi7Vpy!nl8 zQH*SheB%)@4QAqof{syU7t+ma5=K#|IyjIBes?=zSXQP;Ke*QB=-EI8YUYisHIeRA zt-cjw?2ce+2|x9-h~}|tCzmwS>}6{CO}7zx0;)HH!ga*^3J#H{*fVYKNp~0n86Gk^ z{f)CfihHG*PTDNGql0!hhH3r6<+)g=p}O z>%tW@X=&-M)FeoF(gqP!IjEeohCYXBYC-3pTvxYJ#Ew?G7K{wE{Y=uKt3v04l~s55DZc+<@7cm=Yh>;{I9KC5 zwhxS70&e2D%QD>axjwf0oj(H8+aRqz7mu~fdF6?V3LbP!xpmauD=&-g8uY-s+Mo~x zV?CC=l@ua(Q~XP{%G=Fui(YoS<7(23;ZCEl8Bj6*j^ z)DxCj()S!5a3*vw!@@70ehWrF`AfAVUNG`c>UyA(ll^B-jSz`DLu~Y-!7MvALkFke zVs%Z+#CZIud`Lj!PQtjUuSNYM)a`B9-23gbfRH(bS%H>R;rwD$LAB747PfaMyH7wa z))iKH;2hQOM!}Zko|_&o>>aov{IUNkP-u|f>C5B-+7acYoV=q!>$nm@HmG+CF5H;v z_};Lca3Fr|mKHH8<5Sr@$MM_O4P#`(j;NsxY(?fo=;Ew#{Q9+$ozyfxFz{xc!6AUJWN6iuZ=( zm2_76*18YP+rn-8&vp&azCWel@er+KqV;)5Fy~p=HLyXahuqlhFh)PKodbK@5nUr7 z!4t1(R*clIE>^IoU?4i7=~pgNr;O!z7cZjb(p?a`fSyhKBC=UCxB0VTvO;tsQH5?m3}Rac&JOeebilCzxJmRbR2n zz|Pwt>Ps^FZ>d2dDZbxf6sq7E5)Eb8G~YnPZ|u? zrT%n82MnH=@430c{B4o<+_mpcRJee78+%=NMNzdpCTe5kNh7N!u4}YzFO>DZu}Vu0 zk$G6ydF@BuV=yf#3oc?F3-icz1ydz|LwrtU=1rTAw}g01zp)fdGFE0~23n=RLcC18 z;bH`P&3q1*zCjaB_<-WvtU1=x6zO}Dr>;P9 zZLG^`9gIh_7X02JqIn4n%g*XWH0ZUXrQO6=`oBg)d%Q}K zN1D#@sz4I88y%s8( zW(+B?5k1-BcAM|fmANIjHQg-=t}!iPntOTr8TBe@m-0J*{-f8H)E|@>2!4~4%D7o2 zVJ)6f&qkx?>1lg=^JeERguKQE%RL?T8vp2O{f!>Rf{OgQ#LvzuW3Tm1`MNr0>@gST)!=5uwIJ%6Bp9AVrXajs}HUd@MT99Gd1qgf)SMIL1<&rw&o4(_$-rd)mpa>>WIt<#u zbicCF3N^x%wCWof$i0jH+e7-N?@b%3rCW$bwy!A3WFGf4A9q+VQA#k!DRs*Wd6Ifo zzb!{Zg_H$$wwj$;f!Ml6HHCZ&=E)2JCp17~wkBO~>8pouyyYCa_`M)zzoAQp+jCyk zK195k{4)gYNY3$n;_nJ>g(MhZwy7NPG#_bUH#G`yBC&^^-`3|jjI-zPHR4^a088vJ zNiLYtS}O7}(;@JmDdVnD!B%C{3%wpUg%9)Q zewGv)kZ%-;wyoaWzn}kAJ-ewbpPWuaaTYZ8Z>NrIIKs5XHy|Pj`5boFa|6G0NNMqx z>f*jghOhy1)#HgMIR~wFVLJZT-P-4f!Cytox+@dSC1v!8`CC7tc1MIA`q9CN$8W#{32rxM~KfJFlVseeMpc_8Yyg!B=p7lEEc|sJ^<9F);<5ZeJ z&8?&g>xsr+zYk^IkJ4FGf-wtMQsI)WK^At!=w|anNWSLlU*Qj?%fITtbSiLN>L`08 z;cdh55_1}Yy_WVIK_wJo;6{3aLh)Io3W~8?;akc3RUyQsSQJ5XA3{vzao(jPn<7bu zoBsv;!_n`aU?^7b4N(sH@|OaY80j4?v+)zRDD7f1DwmmaYI%W5`tfb=aL1)PGK4<` zoec(4_T&_b;Plw0FEzOxErPfC_Py5wAf&U6@Z?RzUaS2~C9)j8gzkZ4WrfW@IV>sCaF<=y3@Zrm3Q68=`i-6Y>Zc=LQru%A1 zUsx*>!f?h!tDkL&Fj6bxQ1cRe@#-YI$goxj&NxhK zCYStfF9EqS$+0Reuqfz=zKc!B#rB5j^J4} z&Up@ZDj3Y51VdZSl%rA-`j-fF{@l-2or-tR!N!nkx*zKq?30~N8R_;6tmV3|5OWw) z5g4GA4kn^jcsn|~DmY$*h3}n_9WQ~5*0^PybZqL7vxX{Z&AW?xRh-f8q<75jmD_cf zIMfL*`H50G@8=p$NU0FFSB}s(Bovl5Faa_byhU9()2+K^T#+UX_I^wngB$i8fjT`U zGQK&%IyJq=Rp^lT1O2kAMF)DlRwJW}KK^w$L3%$5a34Q8100QA>PD^xHI4aK!x%r# z^J&hU3*6i*c}#7S&_!5g;4*M~CjH_xL06g~=G&6Hk9b~zKhhafQVr1${91=B#|&EB zlG0bSRK#wpOYlmzU{-}oogEWQ&kE_Ud!tKQB=vko#vkm`*E7g0dcpLC%ghD0Rb@3+F#HT)h;$}=og480+I%s-j=`gb^FJa42v#;gC$hCAf#j=S~c#smaolE$IH3sCIUMqY>oIZa`(V3Fx+l(&DbbQkqfHusO~RYcqL!u z?+FnIBxmyXTxSs|uJaJf%PfN4n?GiPzTUefqvv%4Xp)ovCOP27Y9 zjLM}dm6k|)Q=ig9dgwPWQ-{+O1yP?6{fIrASja*2>6eaZ_g-^FYz5v|ZddQX%(O3n zr}ku&<9cZC9e}kqxpRrQ1to(Ux2x`0wn8F+%ALw*uf;oR4iE*_hG;6!_i~L!GUfiF zlGPb4nVP(ParRkD4%ZqPL1R3+g)>qCZ5k#zU~KFdG6dwz47Nihz6%77*> zG-^6pS6lTPUv4q5c1w)}w@!UD*u-M6n`b}B2%%OW%$XvHW6Oy_+Rs9{W9hwpSOVnpRkb4ERBaP}l&nnud4_^K>N=*sZ3w#J=udNrIKD^r_duz*YE zeb4m5))(szCcNLI9l&)rkr0Xzk2{IR24<;h&m$6eOcIFsm6BbAG<5hTwVJ>2X7sc4OXz0Q1}w6<^5ujiq%>4mL>Pq)R)-Jn+wV(9Oijm8ue)a8(unBDz|YOhk*mW_Hfq~Ld~M#*U1NMtE%1I$ z^VN&HEqURG&ZYu#soK;sIa;LQCBmQmh`w;Yv6pD9s}iB)X6Tu!_1(QC8o@tPw2zlp zGL;sZM^D|V*5go<5jCMhNW4@!Fn(j&M

2 zyNyXg-0w=aN|K7sM?#%R_%g4Rrh8R`m&=uSx&1Fy$M}B?mH`UZfo+T5jueG9*%_Q{ z!->8a>;e^sMtTM>7T(e-A9~BjSxcUxV;*+08tUHvjzlE}OWtVTCMQ4y1*)8NPr1uY zXNA<)WjX>PoFE&IZ3cT!VK#$JTbBzlAaPiwi;+g)w!B=f;hqW9dTaOP;({L!^Ek~z)ih2im><53rN zrcq(v)e~JXiK7U$FWv0Cw`ROw$3YzC+QGEm62zw|ew8)9DF{0m^tv$w4ZuuH-^1tL z={uxHA>@S>_Lp;F0!N_T1uH1=Qh%eXNe3+A7hG+&i5-|x(4Tg6kFb(eh5_NbK6uu0Q&&SB9Ig2S|(^ZePd z+@#;c<@}bBM{5g%VZ2B2I}Y#syWe?@u}zX)^8m{qM7D7R)mcP6FPo}6$zxE$a2V&N z&v_7`?tcov_EzO2lylAnjlQ(;Fd{0WVa?9T68YO;K`Kc|qY2_E_fL!MrPu4U;>`PE3h>pvZq7o0T(pXbbg2 zS8(m~7PkkP?4X>uND@W38wv||nS?O9U^+&@;MppG2|1)rFz3vj(?j~j2KdAA-sx-Y9U758qTD03CtYb$m6NRbR!v!s$ha7b_TywyUq zx_;U2e$!b%Uh22nh4VVp8(0jZ0i83Ur2Xu;=T-sxiPBkKvjI=GK~niS8UBgYFr%P5 z&W(_aD@Bj&Dcyox{K?6gB%s1RtJ4a-WT4pG^WP_9PO12f?4V4*?cdP*f^<7T%F^i- zKns8O(vAg1t%^wef#jheHx}yEc65-v%Mv1Y;^YUfLI=UV-Mywye1uIa!nSRV^#?<( zc_lxd{vdOcwyRMpg*3_z5_!g#Zd}C<#AimR20p%WEa&*W@mw65D(gb6J^KS8z3$RO z2$!w&%HAlMqc9u76W=XY%RYh+GJ_QC7P0xRMe!F&w|%$&c2!tU#t@9u{d6{M&ZNeh zSie>s!;HmqzmAFAAF&K-Ox!e~iqcx0_sX5^KheU-zv4P?<*`c?%akzE8z!|_W;GCSk{oJG;GZ(II?tl-)0i#n%p z@MRE4wXBf^^)=Lmo@l&l;4FCE=x$C^lHX8bMUtY`cl8f^{INfO@7KJt*KdB2&W9)X zOF@TUkY)8wE*XcnHYZth>`3N$_nZCuYM7s|^4P|63*h@V0<)6O{?@lCs2lyj1{oAG z=`X(s5j1&j((f?BC~-^ocaRdmu?gQv3Vq4v`%Y#yC_+V>*VMe)w-Gi&sh(VBbpM^i zyjI5(LW@Q&>f&7=@C}STR@IeyJIayE&thS;W94#shOrklkj+s)yg$Xb-Y*E7o}26+ zZ49$8%;ulgp5gS7Zr^p->>aO$i9Ej=k%UCSjFm8ed;F33kkaI=6iZ-Mr$qPbC8Xcf z<^&(iz+Q{QGc!Hj2)p&m&2oR4Mq2eH98k@!Sc~a_Leb=5M?{n}Rcddq z?ZYX))gD_`)#JqYPiJ1pzMbm12?)?lyK=H=Ql%(IU!^hK^b$@L=d+L1hM*A<%k!Sh z7K=01DQK45=Gd5*0TKzMH+>oJE>&C#PjwV+3ya)1cha8B1`LA|e1)|B;fu)A0DJG&OhHAc;DY5H^6R_t(@0lpV@nqFz|?U&_Z*0ygc%Mm?d?)-`5n5gPf+ zPUQC>y>e~%?4puFp=bV!TsR#P%g%8MU6H(Cb>MvZ7unz4& zzZsz#Qo{Kf&S@>)(}posw~d4F?E9f>-WXV4^0{9Hla?Z6e&ga-8pT-*rFIqvPH;PGSeWGN>SM=%Z$QUGIp{I?M`-v#yWC@ z8Dor?F&Pct>mGGZo%iQ2_?{om<8eB7_gwdNy{^~td_G^-B_G2J8x5#Gbhu$bVWjRh zHK#ewRK}%6#ddK*?Q|bVjjbb5@6pH*WqpL9u0?B5H+G3}xDwD8r}cA5q&pV~>DnqA zC$`mn{5*`G%2>s=nVzl=#yEu`qlMRAKQCl`8$S8|*3h3t?n3}cS=1zrgzru)jbHsr z=Ux6&%Wm;!vW5sAE%=~)j~j^J?X#d1{Rrk|hso%MwVkG_zF7hzs80pziR`ene%V9p z*%YMnAg1b&d|KlpZVRu(Yq(nRuK#oudLuZd{>08m6c&VVZQhM+MD0)r!Zci~V^==B zLvzE8sqN!(@dmvkF0R`JW**z>eR6(r|G;L&tQ1SL13Du*PgoUjY^cbZrR*r@`g?l7 z0yg096BcOpbxs8FrQZtfG*No6^^0u@pDRj zk)3kv4dF{?)ZgE!cvOrQk1iUdAcNbzjRmSZZciuO^mrXQn%C}7))M}0rf|szxu&xH z+i~&h#*Z|97r!SynFp5NllAs2^UE!cXTi9ZLUoUCjae%t$g?Fa<6GjpKhK$k&*p8H zUHqLz54$>@kYlgNOB>?g0osA&eJcUKC%3POcAJNFOLTdL$~Suy_AJ_8_Hh4R@(Wen zogpoIrJ?}_1SZ$&W*~3u+OY${v+&gwCe)m^ncm-H zEqv15Ta|}-mLvCZ(lX~yz(y4CRSUpFoB0+Uv625aTlgR^b#L_C)lP0fqfT^*7j4%g ziIV(WsndfSvT+%rT#^mfk?nL1+!=qu$$rP}EB3eaDo*)-a=v0dSlPSWr*Lucx|KBn zRv|)l+Aq@)KC?Esoo*O2v!QMDPvFnO=gx-nWZs0nM-Ogd0dx|Ky;(Tuo*QX*fEe8- zMLf^^ERlv%PF|ngV7sMEQkV+YxTksWBB++O>!`gl64-6E-50=cH@MF>5GEvKfvHhF zJQ{PvmnAhCOT4%tx$lLF=9ezl#3u<0$P~(UTkX?ME*u`y0#u-H&A3{bNq_&%#A4Q>~RX2u$&uB^^+R$8sQlW05+lfzuRbO zsLXsu2Bz{Uem6$dBdms$ZX)B$epaM(gtM1$(Z#+SgugGV+;)pSjb_D?jTyh~B`09&b7!$TsKJt`G(S6(^Y^4+u7ZN4T}dm#Fm$m zjq+?@R|~sy5Vj;NB~nj^!`vH!7Nw09MTy@S?GDBTYbCcUF6bR@csJs2VXRSf*i;LS ztv-&|oPX?{a?PZ}Bg5Sds6Cq2PJ&D9eYt9*9autuJ3EJNeThr5k40shq^nUTcOz`} zWji(;&(}@We51Y@zNcT{;IU`tUd6#rX!wm`A5aLvb6p|R0SuL`6;_mO<+k9E65Jh} zo^z=ibJZd8x!S<3Vqi`OR=}b^axX|6)z=JWa8Yl%NicEm> zmg?SAzaQPuR`BfHI3P0YPb@|{gUAo0I3l}&ml=q}Wdv8B4L&&V@M(-oX7zsOWN>5S z^=G6Z`^+XI_1~;*EGIn-My?GMna!>j>bBF=j%>I%AL{d_+Gv4$-DzW+Vql|b>^D7t zd1!-4uzqs7kD1xN(?TU-ufZmvAl^F^=f>KtHN-0OtMPx>2)K=}3+MO`fi8dDH>0eN zl_yWyemxW{d%b^mp!;u$VNCw=HSh*@LHqH zghnPMoaWWouX*-Vh-S~Gc3I6)jCq=Ge#ChnqR7M-_1XCorEfO96b|oti#NL&*iY>7}dM@@&aj>PWQvC5hrAO-20B_@J6|?Z=O&dd|vfZI} ze9`XQ+d~b-LY`6ps)3tx&u+2|uW|R<VCCj?jq^sJh#ruGF_ZxrC!CX-b@Yq5f zzkYg-j8Lz7N+z|${9UmT)iEmFA!R87NV$>yiElTxz42IVVT)v1{x+t&-wiOGx6Z-M zA5D2NhrqPn>J)$Ge(71YV9okUK-n6FXFsQur>Wwre%JF%=Hsk6>iDuaIKbOyrh8JR)X zn1Z)VG`1!g>hop_gVutdnW1`Y)uvW&j%0EOa_=7<13lv$^+vrf!^vU{v0*Z5xw!g$_@cb~yU52<%t>>+0ikR& z^_ZXI6s|Er&_!f#!-Fq?$}w6yap)D+pJJCUCR);7hfM&{ZO!>Tx$<@D=ArSRYTEoF z@VBd)WfdE+5x!pXAnl2B{ph1StfJG#kq0aIx%KvG!7EC}S|d6;wODX`S&TpF6mM)G zQtTwqoRr(a%~ykhHz0lF%PEi|VJQv*y6U+_Am4=tcZ-e#6>6s_EgBgD_%q~OzB0Gv zM3gg_RWJsT$;zoAuY;-LYpvk;#wuVJHjLXe_63Q8XNl<%;^2nAh*+Ri1V9>m%2XsryU`5?*1kP5QxThwg)_9uE*r7_h7wG2+m zr;($8Xe(3%Gro8xn5^?AKN57tz~N*KwevGG!38vH(365EvukN;+z&Jlq(f3f^@| zrW*|+i+^=oWL9JiDi*qAJX#vOf6NLzyYL>c9V-^?Olb@`0{+6}_O6};-wC{S=Sj7D z?$1DLrhtryJh*A8*<<2yjIx@NTWRe$>oFu>burX+0RY{9Kq(o25t{zCYxt*8t>=%W z0i1_AbTFJ0lLrmc^R>Hvkn^HvfVU14_2s z)$EL2x!M2TiO^pbCTSaAcb0Pi^{bVAd2tu{Rj533g@oCJ`;A<{J$b&j8eRTyk|O4lDFrs z-dyIcNBD(9Lf|I``Mygug}yG{oC~aId3+dd#mLLS(^AK2gf$ zg!;)Ii33F4DX>A!!l8CL5#UZ@bE5&XvevKx1ZXfPrm|g9Z9%sj;+uo4=j+vx$=}~B zI$=fctj*K~gDB_p0z(EbJ%1oK1ngiw1`2Fo32Gjb?6Ox$D`*Ez>7%5bZjsIzWAl4}8;1y!x>E2`Q*CLqv_^&E+WA6B{ z<#c#Wq?Q}h|KiEMPk9c__v8`sp6G!2#1FE9C-_5AR?3w>1G)gguzkW&m#(J$DGVm5 z8J@?P_8a^==A--iiJA?W#-EIU5sODINDga)*BN}lWvq)tb&YB96Eg^(hOVksGQ{*^ z5R7raq#d)-Ah)g&o|Al^1HPp`p1B2#3s;JxxR&y0;OhEGbD&a7EP)zB3|ew`;6mP< zF1ylt6xx_PAOPo-*- zHbvgEl}HFxIXsuakuR44-&?MnR6GzcFUdm33xLsfswM1&J&EP$Qv?oY;Un+YSM<~O zYfO$nIOwJixLis5v-h$3&EZtGr)-^q(4nLH524$m>-LSPHZyDwGzJo@BNo_u_7_i-hSP1o zRhie#Bro3*WTf?XjRU@YQ=jyjdDSly5@8n|!?EC=ZbXA8VR;S*vQ^qXA{PSnz)bIY zVu%>KyjTZ;dziP@eOQ7eqiujN`=&4wl_r>Vn$<(c3}YQNdn6p&+Yuj3*Nan)n}t|K zOC?2TW1J4)R0Fo^UINt!$0Y4fb!EpemAObhg14ZnR)YC3Y(nJtv+SyNHt*C3u%w*;H>ee;E%v+XeqDh&ebC&<}Gt4+Q-+o z%(=JDyjfDJ@!B91hPg|zjp-bt)O8Su3X*^DnAyHQ)ENyMr78Bu;F;dHd$G3kaB`RC z5|XW7#L;om(Hj}oc)V0WJ$Ga{Jgz1=BQ;|VK_QzJS+pBB*iw&;+i%6(b)1N8+;=G7 zsJO^tlp7#XmwJe^a3=h+r;@^Gy5sA`m$rV&Jblfb+zHE>;p)(&WqJem3w=r--C0U_T8SHNX#uXU_vfLLmr#F6>u@^6uKIv7 z7X3x^8OEdV@rG|jH}zryJ`y_HkHiH=oqpxuA*azK^h&2SU$E6>wF#`;2QD`&8$u7C zdbRwi;HmTcP*3bPt0t+Ir%kIZJ`5?f@i2^aK-H`J301H>9~HgT61l3*_e}5o=Q9Kj z*|?#N7`j2N5Lwdh-LU0Gy_wiVKl|)9awE-I_s0B`>75%}hkt+J-e#>qUN1ZpT|&P= zHYbgVJxmL{{M}yifmVu;wN2>xez#O*KQM;eo%n>ek>6fk@Qk>lbgt@^&8v^okujlBuj+5oYKORW{SVG+RMq~yApR;vez_mjdGb9Ei9Jo8mM|~Ssr#&6+2azhB%PuRb^K%UI ze#^@6#)?h1Uu{qyng*D@M7t#}+_T*~bXA%z^)m0}@;o}Thons`vVHZJLg216J##;D zQ|#%PAYEdSUbx=m?z84RRw-tA^;>gsr_wner+C6bi=y0D%wWj1;LdIrZ`8d7N2}?^ zH-n9heE>_pRm)W zztz5)s#zV=F;;&FGp)g{9nhPj6=k13kf58M&fgxmQ^qw*^1~@A`ozY)C;OLJsJ59l zrJ+M_CAwqY=LDlK)2ed)bmVyTg3pyk+HUqwH7;WMNKMsJy+~uU=k@U##T-FoeV0Ek zW9fPC0d_E+_cUHRjB*V=6QTde?bbuJ8Kvlmhf`=(?CT0 z$N882(m9ct>+4VjpX{i`FK!s-p0nFE_<3o`C&%T7V_-<+7~N|z4KvmF%PbCGrG7pK^`e1G`D+civTDTKzZYF1{B~B z_!Dv#nGVG2gAb|aEx~E5g;fLd+OZjpEayk|4~v$l*YLG;4sv){Ha`cJ?_F@|<+QUm zxMd)>=PBx?tO$N+!U*5t(cH6qaT0?cPWy{fH_LOJW=nmV>ogVB7C*%C#+_bW*o+{z zRC^K`)1f7)yFJ&7)l`;q9@{Rzuv&V~@vbc^sB*chMQSTI)3?1^S^KJn5N585)^+l4 z8B(%^cgHQqnf66>1*Q+;3YRNKbV5AHVQIRsGluLjo$FmUZ5h8WtG@89pGY!^smPPl z!459;RpaaFFuld<&95uwQHQE)Cu=Nl6Gg*C?u?vJ*| z33(`zlz6iyaq!RjgukR7u@^2Iq{((5Ln1Dp3dxg}P@9@$_bOkK@TwiYxY$-<#o&a* zZ0lxBd^}W+G0mos*+?ldfcGT!Zd@K*^~L8yxUaC_`Gj;jBc{u#PMht0<5ZHaVxm{$ zk-HHD#8;a3m$AEw1FZNWGhv#K9cFkfIQwvd(BWq6F-`9bLN<_9bQ83s#VsLun35Ul`pW&nxSkIz^^W4;9ZoJR7NyTVuMWMjYNIUM?bKZd?lvS=382b@U+aVaIA0Q@tJ=1@6KX8@7UqwM z8`QTlNDrf)w<|YsoD980K|lLE9akjLG#m6OP3bZD-sW<`6k+yZUa`6^EMHzzdf!B1 zk1JxW7=EECC;Um7H)Vr0jM`C}Co|(zm%u@Zl^u^O$* zx=zbs)AaQt)?Z>B3o=YH;eO;Z-jA5D7e?Nf6t}%b5nQ^+BiRk-q>pQmm&0wnbreQ+ zdMZtU^AV)FkU&bDNAh_FgCw>GXru)3`qr_y%dW`GH1bS(Mrf^H0@rTJSx zFrs}vnm!&CxxjiudJT@BZTFB{{QR(Mws?$SlKH@E{(UTQ!-X-~E%+^K(vAIXi_vW( z{_qb~>&q1~GtAt`lP2@a^>$@-pRW5c zUI_au8xfdP<2|9NKGwF#T)lp|dd&z8>9wXW85y&qgXm0%@Rg`c4MU)j21Qqx4^+%l-XqC| zdr0MBDT6+z95j2j;G|bq%ROuN!{US68Mm}vYX*c!1;HIk5XXfxuEo3?>GJno9F=O4 z8=M=c8>#EPez__CGibfn(A860w%S%;!DbfnIkP}m(J>ela>D$GmjhcOcb<=55yfBF8Nwn`F2 zc5CVGH39ESFBi^hRqh--jOG{x7LMcT-1*Nz46y+j_j?GEokne0(Wktj$ z0Cgk4zR9tFoa%F~4EW1H%>X`7j3T8>x} zKdd22dWG~M%`LDsOHamv!c9?*DA{>;BOq{^@LMEemk}De>>3K`)rXmVU3(trK9sMc zFXWmditI11Q473D3`P|Or<~K~EsWy^@?!!De&6vYJqwh%z89%EmEsZ7pZtWOlWf=` zlM3X431PM#ld&hKX@R!n@CB4)#_5r$6902vnjx8+J|K#;HhpV!5h8KI=Z9gEN zvx2sAcP3raL*EOK$RJ%0Qi!d}oG-~lH=33Kw$ zSbz-sF0-C~iBxt$FLuYOez)ZXuG@IEey#iD=U~S4L`Goz$BR*3ncGJfJ`Z>evxv4l zBTq0vgV`zuq*G8-$VwI|#%9X%HhoCS82G-Ml@`#R59CWP=QWJWx?e6^b|tSaZF% z`GODtg!}>I0Psnp))15l=^j}HQQpRD51hy*ff{;%x~EC9zzc8F3VsIV83i!Bx287?-^Q{_f* z^Q(RtN8_M|rh1@$SXR~qKT^K$2gZnGrxdh9B_)*Az2gI9ugA3Bj3)5)oB(MBuA{%L zwcs^XMUJoj5(Y4y0ldNgRWebVjhB$c&O~YPKquU)R+GI`m1(*{yqkJRXeYh+Jxei- z&Q}%XPGJByH2e&}kl|ttU`2NSB!Oae&uGMo0npn5!hE=^NH+ZxkP50m z@-5Y(PB=G?I*?SXPZOTgI}7xbGO$VMf6(tr-8Xptm*uJe*boQ-R>YW)=Z5Xr*1c&T zx*uHyUW+B%U-B7W2aOf(%ICb?>@edzKx%_UitrR>UzF_D1~a+@NuahvM_j;HJps+m z|41jH#f+e?4zi!0R!zRV0v|q->jhT)>G-cOH}v4u=pU?#(|p+Hb^KMg0c^T4RfU{4 zHL22G%>Qo523*DrMaOMtV<~8*s-=N0R#yv%5zi{|(pC$K?)1>x3`yo7YlnT2fIxX5 znp4ryqpbMSQ8?~xUC=QApZ-sqJFoa3L>uVA?m!Dk_~I1@ zhzy{igch=+#*nBjG6^}5!;tz;Wo0Sja`1X{fTu4bxZb8`TfZh)&I_z8rE@do*h8hn zr9k1JCJK;QsFY&HQPJ?WjH7+VpQtL(xkNCBjbI(MK^;D(RjIFgOs5SPM_f*(9#RIj z6_`<=WDAhWLHo!c@BcEmx5<3T8^E_kBNx6~5ZnvSJkqxmh%W^lH-7rcO?GNPucN5o z!W=5@@&QU2wxxngc-Pu-4A@Fws$TBR8dzdElD)lt9{>%`(3Xq)ixd}nYsH43-4?wa zjIuTr@^PSvCrclQ6`*nc)tNU%L?{Bjgz4e419}%O888DYVpf1StJYGs%{31LJKACD zN(zQ_t60#y+v5QUJ%|Q^vBmy{togcB0hxQa?-U;M$je?;=*&ffJw_;d$*!Mx6(B%U zht7fguA&885VR$p0y*_Qdx)k3y)G50^-%AZlu%&z-S;_+-tG;@u?z4O_W{Pa>yja2 z&0n-#)zPGetL9-o^XuYCkbxLw^Vf2Dm&OSN7to`=YGsOcfsV|7JP6<=Ae(=4M7t;m<&s5L-4u_Y0s+W!Tw@xuDs+6g)h-5o+I9{Dncw z7lfwb$&svrDG<7hXy&$X{1n(Cw-_ql$&-vWp!wjh6)g(&`eFzP?Lcr{Bw4)~J*Xg% ze#6rRNJ9t^h1X@M3^_Y!oeH;fCjcEK1&}^JOiEDe{9SG{zyw+uSj1;k-gk!wIf%0o zle&iR5Cya?#F-tG2C`_=U)=~a13<*{D?tLfDE4Jp&V#tMxIJ|>-{wbtav>PdE4btm z0NPuYRMjr8!1_H-_4i7=_(vLpfRMoFS3Ry?>ynsc;Wu?`F#ivU%>S0$L%9Q`A^0U0 zICTJuZs2FH!bNM9JS6yR7_`$P;6E(Rgh-pT;6FqCm9pSJHWO9zzJylJ`AJGFsP)@% zK-Eh3^MLOFa{mqw{?Vfbj3`vdirn9cZ$Cgt0Jbi=w!gI|ZZ9FlQnc30UCw!BwsZa9 z%sGnAg`J?-P9WewxD)`(zOpT@?@A+me`OTJHwHt?_pHPR>U;oNBVa-Ez}}`)%3^>5 zNv$tneqDhWe=1c0<#ka4%BfD&QftNUJ?6`8fyx;N1Uruat!fIL;lOZR8Nw}hI8!td z1#*B%6Wf*c1W~HU_5UkoLGwk82}~jmEYQrpw;O=As~{h2we0T1GCbhX(?E0u8yR+C z3)rE+jQDN@)Y>W@cGiMg3OK7ibnV$E^sTK|h}J7Q4ah!WU&Mc5YL7y#gBw*F>ww(i zIcWK9`Qb%82~dO$!k74nQN_T)4tsE;7x>=pXt^GedBi|doBz62X+U!Jq}KPa&xiFb zK2U*7WTfOr+#1;S-R9^ZR&&M=jA|sC@@T+;sqh1rC{^hcaA7`^BG1~d?H3vM0xll< z@{jBO6SzdFg+@Po-GZlNi`9w;fx+Qbu6=1-5@>$@3Ng2Ws4}qVr~7QWR^$r&A^x@L ze|T6y6zPA17WidYqS$0QFnIoY^4ogkag7D7G$TZEaZu@euNHa3<&uSdj^=Buer)a#Fenlzb(An1Af? z{jrX}a2d*dLo8nqw)GLad3~U9B`Lzu>X$r;|4|lef0*0Yv;rFPTe?2Krb#Q0iT@k3 z0L{9MM-vM4SkYEcIkKxj*2RD9iYV=};mP4ilv2YK57M59Qf>Yiw02ssF?*FuE;2@^U`+4}t*n!5!-ibwS?(NF;AI%JcYcfp{Nmnq%7PMPk4zRYk@R ze4lky*PlGdN{@peck>FNyYA7{Zht6bLgt$zP7|BZVnFGK0(v-Ab6^(w9M}I1Sii?aJ$*KPn2qE_N#;?dur9U z-=RCoVX#Mer6Kn&uFVD-YNAaO#r^Zw#uj?wU43-2wV8e1nH2 zt>NoCl8A~p#a#7KyGr-<)c%1H~de` zf}EVBFC<~}Mg5eS3+P@5R6qj;sF=GF+o0#*1Go&WLt{{3Sxhw`Z3`H5}ogKyZDO;jh zg#_|!GbKLlHX4&_0KO{wvW0B{bwcfHuT*IGnXpfOvfRh1Y|= zpEM_;{3HHhw;bU>I0z7gk;HFi{9LK=slM(Z0R(?Rmkj;mK-RnJ)9SBrD@J`Q>?i9Z z;AF>^Sh;Hgzgr&wCO|ZR>^Wi^IIIoH$l(A@lpFJV025+0ffRL+T?a(_O0Wq?n!C^zpxY&3>a(f8T8ghB{3E;9VaOdk2dEiT?ZZrA0I>HbGnn)t_ zfY-BWs{dK2@g;rj%Cx2JM*Jf>K|O0M{d4zE7D$`=zFT1B24HD@`c{fAeyQ)(7eU}h zubW3!_@sK{l@Xjj4Eeo(5~lw9B|i7WsFR18^h@dh)O|qDKDrNm6n%$zl0O%)pR0Yk zW^y4#0P&xc3EF`MzQ0uaL|GnlhnB_@1i+xgB)# z3Jhi>_QUIi9~^j~lF7!$$aF|GNwtCEaM%Orwzk(tL04yhZ4&&Cst&jl&bs)RF0AZX z16yn;^JZ}PwI_RoXO*CNhe88R_TS12VK|hnKXeRN&|X(nFa))^*Bk_?`iH4i*JAj0 zUBGaZpOST`+_y<0+DdoWy!LJGGge;FLj2e*AT%toK*JL_69eSy2|HwqLJfuiE+O}m z@NLug0Vn;Z0K46>3Y_5wn!mnRU-h%!x67sffwp!`a993MuvI#Vz z1KC;sq)uXNJkT2iXF&NkA7lD4u@|<2)aggP&o{jT+PGh&Z7UnQRT4^rnfw|E1W_XR zFjfRXb9@C}QhbE}Dkiuxr+q6X_rCN1@O+BJ17I=dDeD!D=_(+KC6G}iyiZ2ZOHTz<3@e>67PnUhy0rtpO?2Lj`1JsI0~G-Zdlmv9buaiM^^r*6cmEG z6koWqoM_Xu0Q52g$?mGv*Q*`5kyreo|AslAKMBs9usS9_u8#+JH25cCHWKBro=Y0e z`TpONk*E+69!(*2xapE0^aSw01Ce20fQBCX^!qdZQK+YpOMyv^A*Gj~M_}EDa^+)L z_=27FsW$w-gbM@EAASnqw`eEDe*)+m2O<|}qG$PI<^R$DKmR)4ye#DmqfA|yS$uTu RFX+2Y{b}|G!N@uC{{fJ_q)Gq) literal 0 HcmV?d00001 diff --git a/content/v2/dell-csi-driver/_index.md b/content/v2/dell-csi-driver/_index.md deleted file mode 100644 index c6ac9abfdd..0000000000 --- a/content/v2/dell-csi-driver/_index.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: "Introduction" -linktitle: "Introduction" -description: About Dell EMC CSI Drivers for Kubernetes -weight: 1 ---- - -The CSI Drivers by Dell EMC implement an interface between [CSI](https://kubernetes-csi.github.io/docs/) (CSI spec v1.3) enabled Container Orchestrator (CO) and Dell EMC Storage Arrays. It is a plug-in that is installed into Kubernetes to provide persistent storage using Dell storage system. - -The following are the drivers provided for the Dell storage family: - -| Release/Drivers | PowerScale/Isilon | Unity | PowerStore | PowerFlex/VxFlex OS | PowerMax | -| - | :-: | :-: | :-: | :-: | :-: | -| Current | v1.6 | v1.6 | v1.4 | v1.5 | v1.7 | -| [Previous](../../v1/) | v1.5 | v1.5 | v1.3 | v1.4 | v1.6 | -| [Older](../../v2/) | v1.4 | v1.4 | v1.2 | v1.3 | v1.5 | -| [Archives](../archives/) | v1.3 | v1.3 | v1.1| v1.2 | v1.4 | - - -## Architecture - -![Architecture](Architecture_Diagram.png) - -## Features and capabilities - -### Supported Platforms -{{}} -| | PowerMax | PowerFlex |   Unity| PowerScale/Isilon | PowerStore | -|---------------|:----------------:|:-------------------:|:----------------:|:-----------------:|:----------------:| -| Storage Array |5978.479.479, 5978.669.669, Unisphere 9.2| 3.5.x, 3.6.x | 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7 | OneFS 8.1, 8.2, 9.0, 9.1 | 1.0.x, 2.0.x | -| Kubernetes | 1.19, 1.20, 1.21 | 1.19, 1.20, 1.21 | 1.19, 1.20, 1.21 | 1.19, 1.20, 1.21 | 1.19, 1.20, 1.21 | -| RHEL | 7.x,8.x | 7.x,8.x | 7.x,8.x | 7.x,8.x | 7.x,8.x | -| Ubuntu | 20.04 | 20.04 | 18.04, 20.04 | 18.04, 20.04 | 20.04 | -| CentOS | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | -| SLES | no | 15SP2 | 15SP2 | 15SP2 | 15SP2 | -| Fedora Core OS| no | 5.x | no | no | no | -| Red Hat OpenShift | 4.6, 4.6 EUS, 4.7| 4.6, 4.6 EUS, 4.7 | 4.6, 4.6 EUS, 4.7 | 4.6, 4.6 EUS, 4.7 | 4.6, 4.6 EUS, 4.7 | -| Mirantis Kubernetes Engine | 3.4.0 | 3.4.0 | 3.4.0 | 3.4.0 | 3.4.0 | -| Google Anthos | 1.6 | 1.6 | no | no | 1.7 | -| VMware Tanzu | no | no | yes | yes | no | -| Rancher Kubernetes Engine | no | yes | yes | no | no | -{{
}} -### CSI Driver Capabilities -{{}} -| Features | PowerMax | PowerFlex/VxFlexOS |    Unity | PowerScale/Isilon | PowerStore | -|--------------------------|:--------:|:------------------:|:---------:|:-----------------:|:----------:| -| Static Provisioning | yes | yes | yes | yes | yes | -| Dynamic Provisioning | yes | yes | yes | yes | yes | -| Expand Persistent Volume | yes | yes | yes | yes | yes | -| Create VolumeSnapshot | yes | yes | yes | yes | yes | -| Create Volume from Snapshot | yes | yes | yes | yes | yes | -| Delete Snapshot | yes | yes | yes | yes | yes | -| [Access Mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) | RWO(FC/iSCSI)
RWO/RWX/ROX(Raw block) | RWO
RWO/RWX/ROX(Raw block) | RWO(FC/iSCSI)
RWO/RWX(RawBlock)
RWO/RWX/ROX(NFS) | RWO/RWX/ROX | RWO(FC/iSCSI)
RWO/RWX/ROX(RawBlock, NFS) | -| CSI Volume Cloning | yes | yes | yes | yes | yes | -| CSI Raw Block Volume | yes | yes | yes | no | yes | -| CSI Ephemeral Volume | no | yes | yes | yes | yes | -| Topology | yes | yes | yes | yes | yes | -| Multi-array | yes | yes | yes | yes | yes | -{{
}} -### Backend Storage Details -{{}} -| Features | PowerMax | VxFlexOS/PowerFlex |   Unity | Isilon/PowerScale| PowerStore | -|---------------|:----------------:|:------------------:|:----------------:|:----------------:|:----------------:| -| Fibre Channel | yes | N/A | yes | N/A | yes | -| iSCSI | yes | N/A | yes | N/A | yes | -| NFS | N/A | N/A | yes | yes | yes | -| Other | N/A | ScaleIO protocol | N/A | N/A | N/A | -| Supported FS | ext4 / xfs | ext4 / xfs | ext3 / ext4 / xfs / NFS | NFS | ext3 / ext4 / xfs / NFS | -| Thin / Thick provisioning | yes | yes | yes | N/A | yes | -| Platform-specific configurable settings | Service Level selection
iSCSI CHAP | - | Host IO Limit
Tiering Policy
NFS Host IO size
Snapshot Retention duration | Access Zone
NFS version (3 or 4);Configurable Export IPs | iSCSI CHAP | -{{
}} - - diff --git a/content/v2/deployment/_index.md b/content/v2/deployment/_index.md new file mode 100644 index 0000000000..8d804958a1 --- /dev/null +++ b/content/v2/deployment/_index.md @@ -0,0 +1,173 @@ +--- +title: "Deployment" +linkTitle: "Deployment" +description: Deployment of CSM for Replication +weight: 2 +--- + +The recommended approach for deploying Container Storage Modules (CSM) is by using the CSM Installer. The CSM Installer simplifies the deployment and management of Dell EMC Container Storage Modules and CSI Drivers to provide persistent storage for your containerized workloads. + +The CSM Installer must first be deployed in a Kubernetes environment using Helm. After which, the CSM Installer can be used through the following interfaces: +- [CSM CLI](./csmcli) +- [REST API](./csmapi) + +Alternatively, the Container Storage Modules and the required CSI Drivers can each be deployed individually: +- [Dell EMC CSI Drivers Installation](../csidriver/installation) +- [Dell EMC Container Storage Module for Observability](../observability/deployment) +- [Dell EMC Container Storage Module for Authorization](../authorization/deployment) +- [Dell EMC Container Storage Module for Resiliency](../resiliency/deployment) +- [Dell EMC Container Storage Module for Replication](../replication/deployment) + +> __Note__: The CSM Installer supports installing Dell EMC Container Storage Modules and CSI Drivers in environments that do not have any existing deployments of CSM or CSI Drivers. The CSM Installer does not support the upgrade of existing CSM or CSI Driver deployments. + +## How to Deploy the Container Storage Modules Installer + +1. Add the `dell` helm repository: + +``` +helm repo add dell https://dell.github.io/helm-charts +``` + +**If securing the API service and database, following steps 2 to 4 to generate the certificates, or skip to step 5 to deploy without certificates** + +2. Generate self-signed certificates using the following commands: + +``` +mkdir api-certs + +openssl req \ + -newkey rsa:4096 -nodes -sha256 -keyout api-certs/ca.key \ + -x509 -days 365 -out api-certs/ca.crt -subj '/' + +openssl req \ + -newkey rsa:4096 -nodes -sha256 -keyout api-certs/cert.key \ + -out api-certs/cert.csr -subj '/' + +openssl x509 -req -days 365 -in api-certs/cert.csr -CA api-certs/ca.crt \ + -CAkey api-certs/ca.key -CAcreateserial -out api-certs/cert.crt +``` + +3. If required, download the `cockroach` binary used to generate certificates for the cockroach-db: +``` +curl https://binaries.cockroachdb.com/cockroach-v21.1.8.linux-amd64.tgz | tar -xz && sudo cp -i cockroach-v21.1.8.linux-amd64/cockroach /usr/local/bin/ +``` + +4. Generate the certificates required for the cockroach-db service: +``` +mkdir db-certs + +cockroach cert create-ca --certs-dir=db-certs --ca-key=db-certs/ca.key + +cockroach cert create-node cockroachdb-0.cockroachdb.csm-installer.svc.cluster.local cockroachdb-public cockroachdb-0.cockroachdb --certs-dir=db-certs/ --ca-key=db-certs/ca.key + +``` + In case multiple instances of cockroachdb are required add all nodes names while creating nodes on the certificates +``` +cockroach cert create-node cockroachdb-0.cockroachdb.csm-installer.svc.cluster.local cockroachdb-1.cockroachdb.csm-installer.svc.cluster.local cockroachdb-2.cockroachdb.csm-installer.svc.cluster.local cockroachdb-public cockroachdb-0.cockroachdb cockroachdb-1.cockroachdb cockroachdb-2.cockroachdb --certs-dir=db-certs/ --ca-key=db-certs/ca.key +``` + +``` +cockroach cert create-client root --certs-dir=db-certs/ --ca-key=db-certs/ca.key + +cockroach cert list --certs-dir=db-certs/ +``` + +5. Create a values.yaml file that contains JWT, Cipher key, and Admin username and password of CSM Installer that are required by the installer during helm installation. See the [Configuration](#configuration) section for other values that can be set during helm installation. +``` +# string of any length +jwtKey: + +# string of exactly 32 characters +cipherKey: "" + +# Admin username of CSM Installer +adminUserName: + +# Admin password of CSM Installer +adminPassword: +``` + +6. Follow step `a` if certificates are being used or step `b` if certificates are not being used: + +a) Install the helm chart, specifying the certificates generated in the previous steps: +``` +helm install -n csm-installer --create-namespace \ + --set-file serviceCertificate=api-certs/cert.crt \ + --set-file servicePrivateKey=api-certs/cert.key \ + --set-file databaseCertificate=db-certs/node.crt \ + --set-file databasePrivateKey=db-certs/node.key \ + --set-file dbClientCertificate=db-certs/client.root.crt \ + --set-file dbClientPrivateKey=db-certs/client.root.key \ + --set-file caCrt=db-certs/ca.crt \ + -f values.yaml \ + csm-installer dell/csm-installer +``` +b) If not deploying with certificates, execute the following command: +``` +helm install -n csm-installer --create-namespace \ + --set-string scheme=http \ + --set-string dbSSLEnabled="false" \ + -f values.yaml \ + csm-installer dell/csm-installer +``` + +> __Note__: In an OpenShift environment, the cockroachdb StatefulSet will run privileged pods so that it can mount the Persistent Volume used for storage. Follow the documentation for your OpenShift version to enable privileged pods. + +### Configuration + +| Parameter | Description | Default | +|----------------------------------|-----------------------------------------------|---------------------------------------------------------| +| `csmInstallerCount` | Number of replicas for the CSM Installer Deployment | `1`| +| `dbInstanceCount` | Number of replicas for the CSM Database StatefulSet | `2` | +| `imagePullPolicy` | Image pull policy for the CSM Installer images | `Always` | +| `host` | Host or IP that will be used to bind to the CSM Installer API service | `0.0.0.0` | +| `port` | Port that will be used to bind to the CSM Installer API service | `8080` | +| `scheme` | Scheme used for the CSM Installer API service. Valid values are `https` and `http` | `https` | +| `jwtKey` | Key used to sign the JWT token | | +| `cipherKey` | Key used to encrypt/decrypt user and storage system credentials. Must be 32 characters in length. | | +| `logLevel` | Log level used for the CSM Installer. Valid values are `DEBUG`, `INFO`, `WARN`, `ERROR`, and `FATAL` | `INFO` | +| `dbHost` | Host name of the Cockroach DB instance | `cockroachdb-public` | +| `dbPort` | Port number to access the Cockroach DB instance | `26257` | +| `dbSSLEnabled` | Enable SSL for the Cockroach DB connectiong | `true` | +| `installerImage` | Location of the CSM Installer Docker Image | `dellemc/dell-csm-installer:v1.0.0` | +| `dataCollectorImage`| Location of the CSM Data Collector Docker Image | `dellemc/csm-data-collector:v1.0.0` | +| `adminUserName` | Username to authenticate with the CSM Installer | | +| `adminPassword` | Password to authenticate with the CSM Installer | | +| `dbVolumeDirectory` | Directory on the worker node to use for the Persistent Volume | `/var/lib/cockroachdb` | +| `api_server_ip` | If using Swagger, set to public IP or host of the CSM Installer API service | `localhost` | + +## How to Upgrade the Container Storage Modules Installer + +When a new version of the CSM Installer helm chart is available, the following steps can be used to upgrade to the latest version. + +>Note: Upgrading the CSM Installer does not upgrade the Dell EMC CSI Drivers or modules that were previously deployed with the installer. The CSM Installer does not support upgrading of the Dell EMC CSI Drivers or modules. The Dell EMC CSI Drivers and modules must be deleted and re-deployed using the latest CSM Installer in order to get the most recent version of the Dell EMC CSI Driver and modules. + +1. Update the helm repository. +``` +helm repo update +``` + +2. Follow step `a` if certificates were used during the initial installation of the helm chart or step `b` if certificates were not used: + +a) Upgrade the helm chart, specifying the certificates used during initial installation: +``` +helm upgrade -n csm-installer \ + --set-file serviceCertificate=api-certs/cert.crt \ + --set-file servicePrivateKey=api-certs/cert.key \ + --set-file databaseCertificate=db-certs/node.crt \ + --set-file databasePrivateKey=db-certs/node.key \ + --set-file dbClientCertificate=db-certs/client.root.crt \ + --set-file dbClientPrivateKey=db-certs/client.root.key \ + --set-file caCrt=db-certs/ca.crt \ + -f values.yaml \ + csm-installer dell/csm-installer +``` + +b) If not deploying with certificates, execute the following command: +``` +helm upgrade -n csm-installer \ + --set-string scheme=http \ + --set-string dbSSLEnabled="false" \ + -f values.yaml \ + csm-installer dell/csm-installer +``` diff --git a/content/v2/deployment/csmapi.md b/content/v2/deployment/csmapi.md new file mode 100644 index 0000000000..812f36b835 --- /dev/null +++ b/content/v2/deployment/csmapi.md @@ -0,0 +1,8 @@ +--- +title: "CSM REST API" +type: swagger +weight: 1 +description: Reference for the CSM REST API +--- + +{{< swaggerui src="../swagger.yaml" >}} \ No newline at end of file diff --git a/content/v1/deployment/csmcli.md b/content/v2/deployment/csmcli.md similarity index 100% rename from content/v1/deployment/csmcli.md rename to content/v2/deployment/csmcli.md diff --git a/content/v2/deployment/swagger.yaml b/content/v2/deployment/swagger.yaml new file mode 100644 index 0000000000..15a9b8b227 --- /dev/null +++ b/content/v2/deployment/swagger.yaml @@ -0,0 +1,1395 @@ +basePath: /api/v1 +definitions: + ApplicationCreateRequest: + properties: + cluster_id: + type: string + driver_configuration: + items: + type: string + type: array + driver_type_id: + type: string + module_configuration: + items: + type: string + type: array + module_types: + items: + type: string + type: array + name: + type: string + storage_arrays: + items: + type: string + type: array + required: + - cluster_id + - driver_type_id + - name + type: object + ApplicationResponse: + properties: + application_output: + type: string + cluster_id: + type: string + driver_configuration: + items: + type: string + type: array + driver_type_id: + type: string + id: + type: string + module_configuration: + items: + type: string + type: array + module_types: + items: + type: string + type: array + name: + type: string + storage_arrays: + items: + type: string + type: array + type: object + ClusterResponse: + properties: + cluster_id: + type: string + cluster_name: + type: string + nodes: + description: The nodes + type: string + type: object + ConfigFileResponse: + properties: + id: + type: string + name: + type: string + type: object + DriverResponse: + properties: + id: + type: string + storage_array_type_id: + type: string + version: + type: string + type: object + ErrorMessage: + properties: + arguments: + items: + type: string + type: array + code: + description: HTTPStatusEnum Possible HTTP status values of completed or failed + jobs + enum: + - 200 + - 201 + - 202 + - 204 + - 400 + - 401 + - 403 + - 404 + - 422 + - 429 + - 500 + - 503 + type: integer + message: + description: Message string. + type: string + message_l10n: + description: Localized message + type: object + severity: + description: |- + SeverityEnum - The severity of the condition + * INFO - Information that may be of use in understanding the failure. It is not a problem to fix. + * WARNING - A condition that isn't a failure, but may be unexpected or a contributing factor. It may be necessary to fix the condition to successfully retry the request. + * ERROR - An actual failure condition through which the request could not continue. + * CRITICAL - A failure with significant impact to the system. Normally failed commands roll back and are just ERROR, but this is possible + enum: + - INFO + - WARNING + - ERROR + - CRITICAL + type: string + type: object + ErrorResponse: + properties: + http_status_code: + description: HTTPStatusEnum Possible HTTP status values of completed or failed + jobs + enum: + - 200 + - 201 + - 202 + - 204 + - 400 + - 401 + - 403 + - 404 + - 422 + - 429 + - 500 + - 503 + type: integer + messages: + description: |- + A list of messages describing the failure encountered by this request. At least one will + be of Error severity because Info and Warning conditions do not cause the request to fail + items: + $ref: '#/definitions/ErrorMessage' + type: array + type: object + ModuleResponse: + properties: + id: + type: string + name: + type: string + standalone: + type: boolean + version: + type: string + type: object + StorageArrayCreateRequest: + properties: + management_endpoint: + type: string + meta_data: + items: + type: string + type: array + password: + type: string + storage_array_type: + type: string + unique_id: + type: string + username: + type: string + required: + - management_endpoint + - password + - storage_array_type + - unique_id + - username + type: object + StorageArrayResponse: + properties: + id: + type: string + management_endpoint: + type: string + meta_data: + items: + type: string + type: array + storage_array_type_id: + type: string + unique_id: + type: string + username: + type: string + type: object + StorageArrayTypeResponse: + properties: + id: + type: string + name: + type: string + type: object + StorageArrayUpdateRequest: + properties: + management_endpoint: + type: string + meta_data: + items: + type: string + type: array + password: + type: string + storage_array_type: + type: string + unique_id: + type: string + username: + type: string + type: object + TaskResponse: + properties: + _links: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + application_name: + type: string + id: + type: string + logs: + type: string + status: + type: string + type: object +info: + contact: {} + description: CSM Deployment API + title: CSM Deployment API + version: "1.0" +paths: + /applications: + get: + consumes: + - application/json + description: List all applications + operationId: list-applications + parameters: + - description: Application Name + in: query + name: name + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + items: + $ref: '#/definitions/ApplicationResponse' + type: array + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: List all applications + tags: + - application + post: + consumes: + - application/json + description: Create a new application + operationId: create-application + parameters: + - description: Application info for creation + in: body + name: application + required: true + schema: + $ref: '#/definitions/ApplicationCreateRequest' + produces: + - application/json + responses: + "202": + description: Accepted + schema: + type: string + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Create a new application + tags: + - application + /applications/{id}: + delete: + consumes: + - application/json + description: Delete an application + operationId: delete-application + parameters: + - description: Application ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "204": + description: "" + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Delete an application + tags: + - application + get: + consumes: + - application/json + description: Get an application + operationId: get-application + parameters: + - description: Application ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/ApplicationResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Get an application + tags: + - application + /clusters: + get: + consumes: + - application/json + description: List all clusters + operationId: list-clusters + parameters: + - description: Cluster Name + in: query + name: cluster_name + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + items: + $ref: '#/definitions/ClusterResponse' + type: array + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: List all clusters + tags: + - cluster + post: + consumes: + - application/json + description: Create a new cluster + operationId: create-cluster + parameters: + - description: Name of the cluster + in: formData + name: name + required: true + type: string + - description: kube config file + in: formData + name: file + required: true + type: file + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/ClusterResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Create a new cluster + tags: + - cluster + /clusters/{id}: + delete: + consumes: + - application/json + description: Delete a cluster + operationId: delete-cluster + parameters: + - description: Cluster ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "204": + description: "" + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Delete a cluster + tags: + - cluster + get: + consumes: + - application/json + description: Get a cluster + operationId: get-cluster + parameters: + - description: Cluster ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/ClusterResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Get a cluster + tags: + - cluster + patch: + consumes: + - application/json + description: Update a cluster + operationId: update-cluster + parameters: + - description: Cluster ID + in: path + name: id + required: true + type: string + - description: Name of the cluster + in: formData + name: name + type: string + - description: kube config file + in: formData + name: file + type: file + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/ClusterResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Update a cluster + tags: + - cluster + /configuration-files: + get: + consumes: + - application/json + description: List all configuration files + operationId: list-config-file + parameters: + - description: Name of the configuration file + in: query + name: config_name + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + items: + $ref: '#/definitions/ConfigFileResponse' + type: array + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: List all configuration files + tags: + - configuration-file + post: + consumes: + - application/json + description: Create a new configuration file + operationId: create-config-file + parameters: + - description: Name of the configuration file + in: formData + name: name + required: true + type: string + - description: Configuration file + in: formData + name: file + required: true + type: file + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/ConfigFileResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Create a new configuration file + tags: + - configuration-file + /configuration-files/{id}: + delete: + consumes: + - application/json + description: Delete a configuration file + operationId: delete-config-file + parameters: + - description: Configuration file ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "204": + description: "" + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Delete a configuration file + tags: + - configuration-file + get: + consumes: + - application/json + description: Get a configuration file + operationId: get-config-file + parameters: + - description: Configuration file ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/ConfigFileResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Get a configuration file + tags: + - configuration-file + patch: + consumes: + - application/json + description: Update a configuration file + operationId: update-config-file + parameters: + - description: Configuration file ID + in: path + name: id + required: true + type: string + - description: Name of the configuration file + in: formData + name: name + required: true + type: string + - description: Configuration file + in: formData + name: file + required: true + type: file + produces: + - application/json + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Update a configuration file + tags: + - configuration-file + /driver-types: + get: + consumes: + - application/json + description: List all driver types + operationId: list-driver-types + produces: + - application/json + responses: + "200": + description: OK + schema: + items: + $ref: '#/definitions/DriverResponse' + type: array + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: List all driver types + tags: + - driver-type + /driver-types/{id}: + get: + consumes: + - application/json + description: Get a driver type + operationId: get-driver-type + parameters: + - description: Driver Type ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/DriverResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Get a driver type + tags: + - driver-type + /module-types: + get: + consumes: + - application/json + description: List all module types + operationId: list-module-type + produces: + - application/json + responses: + "200": + description: OK + schema: + items: + $ref: '#/definitions/ModuleResponse' + type: array + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: List all module types + tags: + - module-type + /module-types/{id}: + get: + consumes: + - application/json + description: Get a module type + operationId: get-module-type + parameters: + - description: Module Type ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/ModuleResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Get a module type + tags: + - module-type + /storage-array-types: + get: + consumes: + - application/json + description: List all storage array types + operationId: list-storage-array-type + produces: + - application/json + responses: + "200": + description: OK + schema: + items: + $ref: '#/definitions/StorageArrayTypeResponse' + type: array + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: List all storage array types + tags: + - storage-array-type + /storage-array-types/{id}: + get: + consumes: + - application/json + description: Get a storage array type + operationId: get-storage-array-type + parameters: + - description: Storage Array Type ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/StorageArrayTypeResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Get a storage array type + tags: + - storage-array-type + /storage-arrays: + get: + consumes: + - application/json + description: List all storage arrays + operationId: list-storage-arrays + parameters: + - description: Unique ID + in: query + name: unique_id + type: string + - description: Storage Type + in: query + name: storage_type + type: string + produces: + - application/json + responses: + "202": + description: Accepted + schema: + items: + $ref: '#/definitions/StorageArrayResponse' + type: array + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: List all storage arrays + tags: + - storage-array + post: + consumes: + - application/json + description: Create a new storage array + operationId: create-storage-array + parameters: + - description: Storage Array info for creation + in: body + name: storageArray + required: true + schema: + $ref: '#/definitions/StorageArrayCreateRequest' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/StorageArrayResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Create a new storage array + tags: + - storage-array + /storage-arrays/{id}: + delete: + consumes: + - application/json + description: Delete storage array + operationId: delete-storage-array + parameters: + - description: Storage Array ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: Success + schema: + type: string + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Delete storage array + tags: + - storage-array + get: + consumes: + - application/json + description: Get storage array + operationId: get-storage-array + parameters: + - description: Storage Array ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/StorageArrayResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Get storage array + tags: + - storage-array + patch: + consumes: + - application/json + description: Update a storage array + operationId: update-storage-array + parameters: + - description: Storage Array ID + in: path + name: id + required: true + type: string + - description: Storage Array info for update + in: body + name: storageArray + required: true + schema: + $ref: '#/definitions/StorageArrayUpdateRequest' + produces: + - application/json + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Update a storage array + tags: + - storage-array + /tasks: + get: + consumes: + - application/json + description: List all tasks + operationId: list-tasks + parameters: + - description: Application Name + in: query + name: application_name + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + items: + $ref: '#/definitions/TaskResponse' + type: array + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: List all tasks + tags: + - task + /tasks/{id}: + get: + consumes: + - application/json + description: Get a task + operationId: get-task + parameters: + - description: Task ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/TaskResponse' + "303": + description: See Other + schema: + $ref: '#/definitions/TaskResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Get a task + tags: + - task + /tasks/{id}/approve: + post: + consumes: + - application/json + description: Approve state change for an application + operationId: approve-state-change-application + parameters: + - description: Task ID + in: path + name: id + required: true + type: string + - description: Task is associated with an Application update operation + in: query + name: updating + type: boolean + produces: + - application/json + responses: + "202": + description: Accepted + schema: + type: string + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Approve state change for an application + tags: + - task + /tasks/{id}/cancel: + post: + consumes: + - application/json + description: Cancel state change for an application + operationId: cancel-state-change-application + parameters: + - description: Task ID + in: path + name: id + required: true + type: string + - description: Task is associated with an Application update operation + in: query + name: updating + type: boolean + produces: + - application/json + responses: + "200": + description: Success + schema: + type: string + "400": + description: Bad Request + schema: + $ref: '#/definitions/ErrorResponse' + "404": + description: Not Found + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - ApiKeyAuth: [] + summary: Cancel state change for an application + tags: + - task + /users/change-password: + patch: + consumes: + - application/json + description: Change password for existing user + operationId: change-password + parameters: + - description: Enter New Password + format: password + in: query + name: password + required: true + type: string + produces: + - application/json + responses: + "204": + description: No Content + "401": + description: Unauthorized + schema: + $ref: '#/definitions/ErrorResponse' + "403": + description: Forbidden + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - BasicAuth: [] + summary: Change password for existing user + tags: + - user + /users/login: + post: + consumes: + - application/json + description: Login for existing user + operationId: login + produces: + - application/json + responses: + "200": + description: Bearer Token for Logged in User + schema: + type: string + "401": + description: Unauthorized + schema: + $ref: '#/definitions/ErrorResponse' + "403": + description: Forbidden + schema: + $ref: '#/definitions/ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/ErrorResponse' + security: + - BasicAuth: [] + summary: Login for existing user + tags: + - user +securityDefinitions: + ApiKeyAuth: + in: header + name: Authorization + type: apiKey + BasicAuth: + type: basic +swagger: "2.0" diff --git a/content/v1/deployment/troubleshooting.md b/content/v2/deployment/troubleshooting.md similarity index 100% rename from content/v1/deployment/troubleshooting.md rename to content/v2/deployment/troubleshooting.md diff --git a/content/v2/grasp/_index.md b/content/v2/grasp/_index.md index 5c9ddf386b..f81a8d8e68 100644 --- a/content/v2/grasp/_index.md +++ b/content/v2/grasp/_index.md @@ -1,5 +1,5 @@ --- title: Learn Description: Brief tutorials on Devops, Kubernetes and containers -weight: 7 +weight: 10 --- diff --git a/content/v2/installation/_index.md b/content/v2/installation/_index.md deleted file mode 100644 index d2a25f63d9..0000000000 --- a/content/v2/installation/_index.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "Installation" -linkTitle: "Installation" -weight: 2 -description: Methods to install Dell CSI driver -tags: - - install - - csi-driver ---- - -Installation information for all the drivers can be found on the individual driver's page in this section diff --git a/content/v2/installation/operator/installdriver.md b/content/v2/installation/operator/installdriver.md deleted file mode 100644 index 433bf7ef43..0000000000 --- a/content/v2/installation/operator/installdriver.md +++ /dev/null @@ -1,174 +0,0 @@ - -## Installing CSI Driver via Operator -CSI Drivers can be installed by creating a `CustomResource` object in your cluster. - -Sample manifest files for each driver `CustomResourceDefintion` have been provided in the `samples` folder to help with the installation of the drivers. -These files follow the naming convention - - {driver name}_{driver version}_k8s_{k8 version}.yaml -Or - - {driver name}_{driver version}_ops_{OpenShift version}.yaml -For e.g. -* sample/powermax_v140_k8s_117.yaml* <- To install CSI PowerMax driver v1.4.0 on a Kubernetes 1.17 cluster -* sample/powermax_v140_ops_46.yaml* <- To install CSI PowerMax driver v1.4.0 on an OpenShift 4.6 cluster - -Copy the correct sample file and edit the mandatory & any optional parameters specific to your driver installation by following the instructions [here](#modify-the-driver-specification) ->NOTE: A detailed explanation of the various mandatory and optional fields in the CustomResource is available [here](#custom-resource-specification). Please make sure to read through and understand the various fields. - -Run the following command to install the CSI driver. -``` -kubectl create -f -``` - -**Note**: If you are using an OLM based installation, the example manifests are available in the `OperatorHub` UI. -You can edit these manifests and install the driver using the `OperatorHub` UI. - -### Verifying the installation -Once the driver Custom Resource has been created, you can verify the installation - -* Check if Driver CR got created successfully - - For e.g. – If you installed the PowerMax driver - ``` - $ kubectl get csipowermax -n - ``` -* Check the status of the Custom Resource to verify if the driver installation was successful - -If the driver-namespace was set to _test-powermax_, and the name of the driver is _powermax_, then run the command `kubectl get csipowermax/powermax -n test-powermax -o yaml` to get the details of the Custom Resource. - -Note: If the _state_ of the `CustomResource` is _Running_ then all the driver pods have been successfully installed. If the _state_ is _SuccessFul_, then it means the driver deployment was successful but some driver pods may not be in a _Running_ state. -Please refer to the _Troubleshooting_ section [here](../../../troubleshooting/operator) if you encounter any issues during installation. - -### Changes in installation for latest CSI drivers -If you are installing the latest versions of the CSI drivers, the driver controller will be installed as a Kubernetes `Deployment` instead of a `Statefulset`. These installations can also run multiple replicas for the driver controller pods(not supported for StatefulSets) to support High Availability for the Controller. - -## Update CSI Drivers -The CSI Drivers installed by the Dell CSI Operator can be updated like any Kubernetes resource. This can be achieved in various ways which include – - -* Modifying the installation directly via `kubectl edit` - For e.g. - If the name of the installed unity driver is unity, then run - ``` - # Replace driver-namespace with the namespace where the Unity driver is installed - $ kubectl edit csiunity/unity -n - ``` - and modify the installation -* Modify the API object in-place via `kubectl patch` - -**NOTE**: If you are trying to upgrade the CSI driver from an older version, make sure to modify the _configVersion_ field if required. - -**NOTE**: Do not try to update the operator by modifying the original `CustomResource` manifest file and running the `kubectl apply -f` command. As part of the driver installation, the Operator sets some annotations on the `CustomResource` object which are further utilized in some workflows (like detecting upgrade of drivers). If you run the `kubectl apply -f` command to update the driver, these annotations are overwritten and this may lead to failures. - -### Supported modifications -* Changing environment variable values for driver -* Adding (supported) environment variables -* Updating the image of the driver - -### Unsupported modifications -Kubernetes doesn’t allow to update a storage class once it has been created. Any attempt to update a storage class will result in a failure. - ->Note – Any attempt to rename a storage class or snapshot class will result in the deletion of older class and creation of a new class. - -## Limitations -* The Dell CSI Operator can't manage any existing driver installed using Helm charts. If you already have installed one of the DellEMC CSI driver in your cluster and want to use the operator based deployment, uninstall the driver and then redeploy the driver following the installation procedure described above -* The Dell CSI Operator can't update storage classes as it is prohibited by Kubernetes. Any attempt to do so will cause an error and the driver Custom Resource will be left in a `Failed` state. Refer the Troubleshooting section to fix the driver CR. -* The Dell CSI Operator is not fully compliant with the OperatorHub React UI elements and some of the Custom Resource fields may show up as invalid or unsupported in the OperatorHub GUI. To get around this problem, use kubectl/oc commands to get details about the Custom Resource(CR). This issue will be fixed in the upcoming releases of the Dell CSI Operator - - -## Custom Resource Specification -Each CSI Driver installation is represented by a Custom Resource. - -The specification for the Custom Resource is the same for all the drivers. -Below is a list of all the mandatory and optional fields in the Custom Resource specification - -### Mandatory fields -**configVersion** - Configuration version - Refer full list of supported driver for finding out the appropriate config version [here](http://localhost:1313/docs/installation/operator/#full-list-of-csi-drivers-and-versions-supported-by-the-dell-csi-operator) -**replicas** - Number of replicas for controller plugin - Must be set to 1 for all drivers -**common** -This field is mandatory and is used to specify common properties for both controller and the node plugin -* image - driver container image -* imagePullPolicy - Image Pull Policy of the driver image -* envs - List of environment variables and their values -### Optional fields -**controller** - List of environment variables and values which are applicable only for controller -**node** - List of environment variables and values which are applicable only for node -**sideCars** - Specification for CSI sidecar containers. -**authSecret** - Name of the secret holding credentials for use by the driver. If not specified, the default secret *-creds must exist in the same namespace as driver -**tlsCertSecret** - Name of the TLS cert secret for use by the driver. If not specified, a secret *-certs must exist in the namespace as driver - -**storageclass** -List of Storage Class fields - - 1. name - name of the Storage Class - 2. default - Used to specify if the storage class will be marked as default (only set one storage class as default in a cluster) - 3. reclaimPolicy - Sets the PersistentVolumeReclaim Policy for the PVCs. Defaults to Delete if not specified - 4. parameters - driver specific parameters. Refer individual driver section for more details - 5. allowVolumeExpansion - Set to true for allowing volume expansion for PVC - 6. volumeBindingMode - Sets the VolumeBindingMode in the Storage Class. If left blank, it will be set to the default value for the driver version you are installing - 7. allowedTopologies - Sets the topology keys and values which allows the pods/and volumes to be scheduled on nodes that have access to the storage. - -**snapshotclass** -List of Snapshot Class specifications - - 1. name - name of the snapshot class - 2. parameters - driver specific parameters. Refer individual driver section for more details - -**forceUpdate** -Boolean value which can be set to `true` in order to force update the status of the CSI Driver - -**tolerations** -List of tolerations which should be applied to the driver StatefulSet/Deployment and DaemonSet -It should be set separately in the controller and node sections if you want separate set of tolerations for them - -**nodeSelector** -Used to specify node selectors for the driver StatefulSet/Deployment and DaemonSet - -Here is a sample specification annotated with comments to explain each field -```yaml -apiVersion: storage.dell.com/v1 -kind: CSIPowerMax # Type of the driver -metadata: - name: test-powermax # Name of the driver - namespace: test-powermax # Namespace where driver is installed -spec: - driver: - # Used to specify configuration version - configVersion: v3 # Refer the table containing the full list of supported drivers to find the appropriate config version - replicas: 1 - forceUpdate: false # Set to true in case you want to force an update of driver status - common: # All common specification - image: "dellemc/csi-powermax:v1.4.0.000R" #driver image for a particular release - imagePullPolicy: IfNotPresent - envs: - - name: X_CSI_POWERMAX_ENDPOINT - value: "https://0.0.0.0:8443/" - - name: X_CSI_K8S_CLUSTER_PREFIX - value: "XYZ" - storageClass: - - name: bronze - default: true - reclaimPolicy: Delete - parameters: - SYMID: "000000000001" - SRP: DEFAULT_SRP - ServiceLevel: Bronze -``` -You can set the field ***replicas*** to a higher number than `1` for the latest driver versions. - -Note - The `image` field should point to the correct image tag for version of the driver you are installing. -For e.g. - If you wish to install v1.4 of the CSI PowerMax driver, use the image tag `dellemc/csi-powermax:v1.4.0.000R` - -Note - The name of the Storage Class or the Volume Snapshot Class (which are created in the Kubernetes/OpenShift cluster) is created using the name of the driver and the name provided for these classes in the manifest. This is done in order to ensure that these names are unique if there are multiple drivers installed in the same cluster. -For e.g. - With the above sample manifest, the name of the storage class which is created in the cluster will be `test-powermax-bronze`. -You can get the name of the StorageClass and SnapshotClass created by the operator by running the commands - `kubectl get storageclass` and `kubectl get volumesnapshotclass` - -### SideCars -Although the sidecars field in the driver specification is optional, it is **strongly** recommended to not modify any details related to sidecars provided (if present) in the sample manifests. Any modifications to this should be only done after consulting with Dell EMC support. - -### Modify the driver specification -* Choose the correct configVersion. Refer the table containing the full list of supported drivers and versions. -* Provide the namespace (in metadata section) where you want to install the driver. -* Provide a name (in metadata section) for the driver. This will be the name of the Custom Resource. -* Edit the values for mandatory configuration parameters specific to your installation. -* Edit/Add any values for optional configuration parameters to customize your installation. -* If you are installing the latest versions of the CSI drivers, the default number of replicas is set to 2. You can increase/decrease this value. diff --git a/content/v2/installation/operator/isilon.md b/content/v2/installation/operator/isilon.md deleted file mode 100644 index 6b7bed86c8..0000000000 --- a/content/v2/installation/operator/isilon.md +++ /dev/null @@ -1,113 +0,0 @@ ---- -title: PowerScale -description: > - Installing PowerScale CSI Driver via Operator ---- - -## Installing PowerScale CSI Driver via Operator - -The CSI Driver for Dell EMC PowerScale can be installed via the Dell CSI Operator. - -To deploy the Operator, follow the instructions available [here](../). - -There are sample manifests provided which can be edited to do an easy installation of the driver. Note that the deployment of the driver using the operator does not use any Helm charts and the installation and configuration parameters will be slightly different from the one specified via the Helm installer. - -Kubernetes Operators make it easy to deploy and manage the entire lifecycle of complex Kubernetes applications. Operators use Custom Resource Definitions (CRD) which represents the application and use custom controllers to manage them. - -**Note**: MKE (Mirantis Kubernetes Engine) does not support the installation of CSI-PowerScale via Operator. - -### Listing installed drivers with the CSI Isilon CRD -User can query for CSI-PowerScale driver using the following command: -`kubectl get csiisilon --all-namespaces` - -### Install Driver - -1. Create namespace. - - Execute `kubectl create namespace isilon` to create the isilon namespace (if not already present). Note that the namespace can be any user-defined name, in this example, we assume that the namespace is 'isilon'. -2. Create *isilon-creds* secret by first creating secret.json or secret.yaml file. - - 2.1 Create a json file called secret.json with the following content: - ```json - { - "isilonClusters": [ - { - "clusterName": "cluster1", - "username": "user", - "password": "password", - "isiIP": "1.2.3.4", - "isDefaultCluster": true - }, - { - "clusterName": "cluster2", - "username": "user", - "password": "password", - "endpoint": "1.2.3.5", - "isiPort": "8080", - "skipCertificateValidation": true, - "isDefault": false, - "isiPath": "/ifs/data/csi" - } - ] - } - ``` - Replace the values for the given keys as per your environment. This username/password value need not be encoded. You can refer [here](../../helm/isilon/#install-csi-driver-for-powerscale) for more information about these isilon secret parameters. After creating the secret.json, the following command can be used to create the secret, - `kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.json` - - - - 2.2. Alternately user can create a secret.yaml file in the following format and replace the values for the given keys as per your environment. The command - - `kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml` would be needed to create secret. - ``` - isilonClusters: - - clusterName: "cluster1" # logical name of PowerScale Cluster - username: "user" # username for connecting to PowerScale OneFS API server - password: "password" # password for connecting to PowerScale OneFS API server - endpoint: "1.2.3.4" # HTTPS endpoint of the PowerScale OneFS API server - isDefault: true # default cluster - skipCertificateValidation: true # indicates if client side validation of server's SSL certificate can be skipped - isiPath: "/ifs/data/csi" # base path for the volume(directory) to be created on PowerScale - - - clusterName: "cluster2" - username: "user" - password: "password" - endpoint: "1.2.3.4" - isiPort: "8080" - - logLevel: "debug" # CSI log level; valid log levels- "error", "warn"/"warning", "info", "debug" - - ``` - After creating the above file, the user can use the following command to create a secret object, - `kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml` - -3. Create isilon-certs-n secret. - Please refer [this section](../../helm/isilon/#certificate-validation-for-onefs-rest-api-calls) for creating cert-secrets. -4. Create a CR (Custom Resource) for PowerScale using the sample files provided - [here](https://github.com/dell/dell-csi-operator/tree/master/samples). -5. Users should configure the parameters in CR. The following table lists the primary configurable parameters of the PowerScale driver and their default values: - - | Parameter | Description | Required | Default | - | --------- | ----------- | -------- |-------- | - | ***Common parameters for node and controller*** | - | CSI_ENDPOINT | The UNIX socket address for handling gRPC calls | No | /var/run/csi/csi.sock | - | X_CSI_ISI_INSECURE | Specifies whether SSL security needs to be enabled for communication between PowerScale and CSI Driver | No | true | - | X_CSI_ISI_PATH | Base path for the volumes to be created | Yes | | - | X_CSI_ALLOWED_NETWORKS | Custom networks for PowerScale export. List of networks that can be used for NFS I/O traffic, CIDR format should be used | No | empty | - | X_CSI_ISI_AUTOPROBE | To enable auto probing for driver | No | true | - | X_CSI_ISILON_NO_PROBE_ON_START | Indicates whether the controller/node should probe during initialization | Yes | | - | X_CSI_MAX_VOLUMES_PER_NODE | Specify the default value for the maximum number of volumes that the controller can publish to the node | Yes | | - | ***Controller parameters*** | - | X_CSI_MODE | Driver starting mode | No | controller | - | X_CSI_ISI_ACCESS_ZONE | Name of the access zone a volume can be created in | No | System | - | X_CSI_ISI_QUOTA_ENABLED | To enable SmartQuotas | Yes | | - | ***Node parameters*** | - | X_CSI_ISILON_NFS_V3 | Set the version to v3 when mounting an NFS export. If the value is "false", then the default version supported will be used | Yes | | - | X_CSI_MODE | Driver starting mode | No | node | -6. Execute the following command to create PowerScale custom resource: - ```kubectl create -f ``` . - This command will deploy the CSI-PowerScale driver in the namespace specified in the input YAML file. - -**Note** : - 1. From CSI-PowerScale v1.6.0 and higher, Storage class and VolumeSnapshotClass will **not** be created as part of driver deployment. The user has to create Storageclass and Volume Snapshot Class. - 2. Node selector and node tolerations can be added in both controller parameters and node parameters section, based on the need. \ No newline at end of file diff --git a/content/v2/observability/_index.md b/content/v2/observability/_index.md new file mode 100644 index 0000000000..f99b05c51d --- /dev/null +++ b/content/v2/observability/_index.md @@ -0,0 +1,122 @@ +--- +title: "Observability" +linkTitle: "Observability" +weight: 5 +Description: > + Dell EMC Container Storage Modules (CSM) for Observability +--- + + [Container Storage Modules](https://github.com/dell/csm) (CSM) for Observability is part of the open-source suite of Kubernetes storage enablers for Dell EMC products. + + It is an OpenTelemetry agent that collects array-level metrics for Dell EMC storage so they can be scraped into a Prometheus database. With CSM for Observability, you will gain visibility not only on the capacity of the volumes/file shares you manage with Dell CSM CSI (Container Storage Interface) drivers but also their performance in terms of bandwidth, IOPS, and response time. + + Thanks to pre-packaged Grafana dashboards, you will be able to go through these metrics history and see the topology between a Kubernetes PV (Persistent Volume) and its translation as a LUN or file share in the backend array. This module also allows Kubernetes admins to collect array level metrics to check the overall capacity and performance directly from the Prometheus/Grafana tools rather than interfacing directly with the storage system itself. + +Metrics data is collected and pushed to the [OpenTelemetry Collector](https://github.com/open-telemetry/opentelemetry-collector), so it can be processed, and exported in a format consumable by Prometheus. SSL certificates for TLS between nodes are handled by [cert-manager](https://github.com/jetstack/cert-manager). + +CSM for Observability is composed of several services, each living in its own GitHub repository. Contributions can be made to this repository or any of the CSM for Observability repositories listed below. + +{{}} +| Name | Repository | Description | +| ---- | --------- | ----------- | +| Performance Metrics for PowerFlex | [CSM Metrics for PowerFlex](https://github.com/dell/karavi-metrics-powerflex) | Performance Metrics for PowerFlex captures telemetry data about Kubernetes storage usage and performance obtained through the CSI (Container Storage Interface) Driver for Dell EMC PowerFlex. The metrics service pushes it to the OpenTelemetry Collector, so it can be processed, and exported in a format consumable by Prometheus. Prometheus can then be configured to scrape the OpenTelemetry Collector exporter endpoint to provide metrics so they can be visualized in Grafana. Please visit the repository for more information. | +| Performance Metrics for PowerStore | [CSM Metrics for PowerStore](https://github.com/dell/csm-metrics-powerstore) | Performance Metrics for PowerStore captures telemetry data about Kubernetes storage usage and performance obtained through the CSI (Container Storage Interface) Driver for Dell EMC PowerStore. The metrics service pushes it to the OpenTelemetry Collector, so it can be processed, and exported in a format consumable by Prometheus. Prometheus can then be configured to scrape the OpenTelemetry Collector exporter endpoint to provide metrics so they can be visualized in Grafana. Please visit the repository for more information. | +| Volume Topology | [CSM Topology](https://github.com/dell/karavi-topology) | Topology provides Kubernetes administrators with the topology data related to containerized storage that is provisioned by a CSI (Container Storage Interface) Driver for Dell EMC storage products. Please visit the repository for more information. | +{{
}} + +## CSM for Observability Capabilities + +CSM for Observability provides the following capabilities: + +{{}} +| Capability | PowerMax | PowerFlex | Unity | PowerScale | PowerStore | +| - | :-: | :-: | :-: | :-: | :-: | +| Collect and expose Volume Metrics via the OpenTelemetry Collector | no | yes | no | no | yes | +| Collect and expose File System Metrics via the OpenTelemetry Collector | no | no | no | no | yes | +| Collect and expose export (k8s) node metrics via the OpenTelemetry Collector | no | yes | no | no | no | +| Collect and expose filesystem capacity metrics via the OpenTelemetry Collector | no | no | no | no | yes | +| Collect and expose block storage capacity metrics via the OpenTelemetry Collector | no | yes | no | no | yes | +| Non-disruptive config changes | no | yes | no | no | yes | +| Non-disruptive log level changes | no | yes | no | no | yes | +| Grafana Dashboards for displaying metrics and topology data | no | yes | no | no | yes | +{{
}} + +## Supported Operating Systems/Container Orchestrator Platforms + +{{}} +| COP/OS | Supported Versions | +|-|-| +| Kubernetes | 1.20, 1.21, 1.22 | +| Red Hat OpenShift | 4.7, 4.8 | +| Rancher Kubernetes Engine | yes | +| RHEL | 7.x, 8.x | +| CentOS | 7.8, 7.9 | +{{
}} + +## Supported Storage Platforms + +{{}} +| | PowerFlex | PowerStore | +|---------------|:-------------------:|:----------------:| +| Storage Array | 3.5.x, 3.6.x | 1.0.x, 2.0.x | +{{
}} + +## Supported CSI Drivers + +CSM for Observability supports the following CSI drivers and versions. +{{}} +| Storage Array | CSI Driver | Supported Versions | +| ------------- | ---------- | ------------------ | +| CSI Driver for Dell EMC PowerFlex | [csi-powerflex](https://github.com/dell/csi-powerflex) | v2.0 | +| CSI Driver for Dell EMC PowerStore | [csi-powerstore](https://github.com/dell/csi-powerstore) | v2.0 | +{{
}} + +## Topology Data + +CSM for Observability provides Kubernetes administrators with the topology data related to containerized storage. This topology data is visualized using Grafana: +{{}} +| Field | Description | +| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | +| Namespace | The namespace associated with the persistent volume claim | +| Persistent Volume | The name of the persistent volume | +| Status | The status of the persistent volume. "Released" indicating the persistent volume has a claim. "Bound" indicating the persistent volume has a claim | +| Persistent Volume Claim | The name of the persistent volume claim associated with the persistent volume | +| CSI Driver | The name of the CSI driver that was responsible for provisioning the volume on the storage system | +| Created | The date the persistent volume was created | +| Provisioned Size | The provisioned size of the persistent volume | +| Storage Class | The storage class associated with the persistent volume | +| Storage System Volume Name | The name of the volume on the storage system that is associated with the persistent volume | +| Storage Pool | The storage pool name the volume/storage class is associated with | +| Storage System | The storage system ID or IP address the volume is associated with | +| Protocol | The storage system protocol type the volume/storage class is associated with | +{{
}} +## TLS Encryption + +CSM for Observability deployment relies on [cert-manager](https://github.com/jetstack/cert-manager) to manage SSL certificates that are used to encrypt communication between various components. When [deploying CSM for Observability](./deployment), cert-manager is installed and configured automatically. The cert-manager components listed below will be installed alongside CSM for Observability. + +{{}} +| Component | +| --------- | +| cert-manager | +| cert-manager-cainjector | +| cert-manager-webhook | +{{
}} + +If desired you may provide your own certificate key pair to be used inside the cluster by providing the path to the certificate and key in the Helm chart config. If you do not provide a certificate, one will be generated for you on installation. +> __NOTE__: The certificate provided must be a CA certificate. This is to facilitate automated certificate rotation. + +## Viewing Logs + +Logs can be viewed by using the `kubectl logs` CLI command to output logs for a specific Pod or Deployment. + +For example, the following script will capture logs of all Pods in the CSM namespace and save the output to one file per Pod. + +``` +#!/bin/bash + +namespace=[CSM_NAMESPACE] +for pod in $(kubectl get pods -n $namespace -o name); do + logFileName=$(echo $pod | tr / -).txt + kubectl logs -n $namespace $pod --all-containers > $logFileName +done +``` diff --git a/content/v2/observability/deployment/_index.md b/content/v2/observability/deployment/_index.md new file mode 100644 index 0000000000..b446d71974 --- /dev/null +++ b/content/v2/observability/deployment/_index.md @@ -0,0 +1,441 @@ +--- +title: Deployment +linktitle: Deployment +weight: 3 +description: > + Dell EMC Container Storage Modules (CSM) for Observability Deployment +--- + +CSM for Observability can be deployed in one of three ways: + +- [CSM Installer](../../deployment) (*Recommended installation method*) +- [Helm](./helm) +- [CSM for Observability Installer](./online) +- [CSM for Observability Offline Installer](./offline) + +## Prerequisites + +- Helm 3.3 +- The deployment of one or more [supported](../#supported-csi-drivers) Dell EMC CSI drivers + +## Post Installation Dependencies + +The following third-party components are required in the same Kubernetes cluster where CSM for Observability has been deployed: + +* [Prometheus](#prometheus) +* [Grafana](#grafana) + +These components must be deployed according to the specifications defined below. + +**Tip**: CSM for Observability must be deployed first. Once the module has been deployed, you can proceed to deploying/configuring Prometheus and Grafana. + +### Prometheus + +The Prometheus service should be running on the same Kubernetes cluster as the CSM for Observability services. As part of the CSM for Observability deployment, the OpenTelemetry Collector gets deployed. The OpenTelemetry Collector is what CSM for Observability pushes metrics so that the metrics can be consumed by Prometheus. This means that Prometheus must be configured to scrape the metrics data from the OpenTelemetry Collector. + +| Supported Version | Image | Helm Chart | +| ----------------- | ----------------------- | ------------------------------------------------------------ | +| 2.22.0 | prom/prometheus:v2.22.0 | [Prometheus Helm chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus) | + +**Note**: It is the user's responsibility to provide persistent storage for Prometheus if they want to preserve historical data. + +#### Prometheus Deployment + +Here is a sample minimal configuration for Prometheus. Please note that the configuration below uses insecure skip verify. If you wish to properly configure TLS, you will need to provide a ca_file in the Prometheus configuration. The certificate provided as part of the CSM for Observability deployment should be signed by this same CA. For more information about Prometheus configuration, see [Prometheus configuration](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#configuration). + +1. Create a values file named `prometheus-values.yaml`. + + ```yaml + # prometheus-values.yaml + alertmanager: + enabled: false + nodeExporter: + enabled: false + pushgateway: + enabled: false + kubeStateMetrics: + enabled: false + configmapReload: + prometheus: + enabled: false + server: + enabled: true + image: + repository: quay.io/prometheus/prometheus + tag: v2.22.0 + pullPolicy: IfNotPresent + persistentVolume: + enabled: false + service: + type: NodePort + servicePort: 9090 + serverFiles: + prometheus.yml: + scrape_configs: + - job_name: 'karavi-metrics-powerflex' + scrape_interval: 5s + scheme: https + static_configs: + - targets: ['otel-collector:8443'] + tls_config: + insecure_skip_verify: true + ``` + +2. If using Rancher, create a ServiceMonitor. + + ```yaml + apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + name: otel-collector + namespace: powerflex + spec: + endpoints: + - path: /metrics + port: exporter-https + scheme: https + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + app.kubernetes.io/instance: karavi-observability + app.kubernetes.io/name: otel-collector + ``` + +3. Add the Prometheus Helm chart repository. + + On your terminal, run each of the commands below: + + ```terminal + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm repo add stable https://charts.helm.sh/stable + helm repo update + ``` + +4. Install the Helm chart. + + On your terminal, run the command below: + + ```terminal + helm install prometheus prometheus-community/prometheus -n [CSM_NAMESPACE] --create-namespace -f prometheus-values.yaml + ``` + +### Grafana + +The Grafana dashboards require Grafana to be deployed in the same Kubernetes cluster as CSM for Observability. Below are the configuration details required to properly set up Grafana to work with CSM for Observability. + +| Supported Version | Helm Chart | +| ----------------- | --------------------------------------------------------- | +| 7.3.0-7.3.2 | [Grafana Helm chart](https://github.com/grafana/helm-charts/tree/main/charts/grafana) | + +Grafana must be configured with the following data sources/plugins: + +| Name | Additional Information | +| ---------------------- | -------------------------------------------------------------------------- | +| Prometheus data source | [Prometheus data source](https://grafana.com/docs/grafana/latest/features/datasources/prometheus/) | +| Data Table plugin | [Data Table plugin](https://grafana.com/grafana/plugins/briangann-datatable-panel) | +| Pie Chart plugin | [Pie Chart plugin](https://grafana.com/grafana/plugins/grafana-piechart-panel) | +| SimpleJson data source | [SimpleJson data source](https://grafana.com/grafana/plugins/grafana-simple-json-datasource) | + +Settings for the Grafana Prometheus data source: + +| Setting | Value | Additional Information | +| ------- | ------------------------- | ----------------------------------------------- | +| Name | Prometheus | | +| Type | prometheus | | +| URL | http://PROMETHEUS_IP:PORT | The IP/PORT of your running Prometheus instance | +| Access | Proxy | | + +Settings for the Grafana SimpleJson data source: + +| Setting | Value | +| ------------------- | --------------------------------- | +| Name | Karavi-Topology | +| URL | Access CSM for Observability Topology service at https://karavi-topology.*namespace*.svc.cluster.local:8443 | +| Skip TLS Verify | Enabled (If not using CA certificate) | +| With CA Cert | Enabled (If using CA certificate) | + + +#### Grafana Deployment + +Below are the steps to deploy a new Grafana instance into your Kubernetes cluster: + +1. Create a ConfigMap. + + When using a network that requires a decryption certificate, the Grafana server MUST be configured with the necessary certificate. If no certificate is required, skip to step 2. + * Create a Config file named `grafana-configmap.yaml` The file should look like this: + + ```yaml + # grafana-configmap.yaml + apiVersion: v1 + kind: ConfigMap + metadata: + name: certs-configmap + namespace: [CSM_NAMESPACE] + labels: + certs-configmap: "1" + data: + ca-certificates.crt: |- + -----BEGIN CERTIFICATE----- + ReplaceMeWithActualCaCERT= + -----END CERTIFICATE----- + ``` + + **NOTE**: you need an actual CA Cert for it to work + + On your terminal, run the commands below: + + ```terminal + kubectl create -f grafana-configmap.yaml + ``` + + +2. Create a values file. + + Create a Config file named `grafana-configmap.yaml` The file should look like this: + + ```yaml + # grafana-values.yaml + image: + repository: grafana/grafana + tag: 7.3.0 + sha: "" + pullPolicy: IfNotPresent + service: + type: NodePort + + ## Administrator credentials when not using an existing Secret + adminUser: admin + adminPassword: admin + + ## Pass the plugins you want to be installed as a list. + ## + plugins: + - grafana-simple-json-datasource + - briangann-datatable-panel + - grafana-piechart-panel + + ## Configure grafana datasources + ## ref: http://docs.grafana.org/administration/provisioning/#datasources + ## + datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: Karavi-Topology + type: grafana-simple-json-datasource + access: proxy + url: 'https://karavi-topology:8443' + isDefault: null + version: 1 + editable: true + jsonData: + tlsSkipVerify: true + - name: Prometheus + type: prometheus + access: proxy + url: 'http://prometheus:9090' + isDefault: null + version: 1 + editable: true + testFramework: + enabled: false + sidecar: + datasources: + enabled: true + dashboards: + enabled: true + + ## Additional grafana server CofigMap mounts + ## Defines additional mounts with CofigMap. CofigMap must be manually created in the namespace. + extraConfigmapMounts: [] # If you created a ConfigMap on the previous step, delete [] and uncomment the lines below + # - name: certs-configmap + # mountPath: /etc/ssl/certs/ca-certificates.crt + # subPath: ca-certificates.crt + # configMap: certs-configmap + # readOnly: true + ``` + +3. Add the Grafana Helm chart repository. + + On your terminal, run each of the commands below: + + ```terminal + helm repo add grafana https://grafana.github.io/helm-charts + helm repo update + ``` + +4. Install the Helm chart. + + On your terminal, run the commands below: + + ```terminal + helm install grafana grafana/grafana -n [CSM_NAMESPACE] -f grafana-values.yaml + ``` + +## Importing CSM for Observability Dashboards + +Once Grafana is properly configured, you can import the pre-built observability dashboards. Log into Grafana and click the + icon in the side menu. Then click Import. From here you can upload the JSON files or paste the JSON text directly into the text area. Below are the locations of the dashboards that can be imported: + +| Dashboard | Description | +| ------------------- | --------------------------------- | +| [PowerFlex: I/O Performance by Kubernetes Node](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/powerflex/sdc_io_metrics.json) | Provides visibility into the I/O performance metrics (IOPS, bandwidth, latency) by Kubernetes node | +| [PowerFlex: I/O Performance by Provisioned Volume](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/powerflex/volume_io_metrics.json) | Provides visibility into the I/O performance metrics (IOPS, bandwidth, latency) by volume | +| [PowerFlex: Storage Pool Consumption By CSI Driver](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/powerflex/storage_consumption.json) | Provides visibility into the total, used, and available capacity for a storage class and associated underlying storage construct. | +| [PowerStore: I/O Performance by Provisioned Volume](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/powerstore/volume_io_metrics.json) | *As of Release 0.4.0:* Provides visibility into the I/O performance metrics (IOPS, bandwidth, latency) by volume | +| [CSI Driver Provisioned Volume Topology](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/topology/topology.json) | Provides visibility into Dell EMC CSI (Container Storage Interface) driver provisioned volume characteristics in Kubernetes correlated with volumes on the storage system. | + +## Dynamic Configuration + +Some parameters can be configured/updated during runtime without restarting the CSM for Observability services. These parameters will be stored in ConfigMaps that can be updated on the Kubernetes cluster. This will automatically change the settings on the services. + +| ConfigMap | Observability Service | Parameters | +| - | - | - | +| karavi-metrics-powerflex-configmap | karavi-metrics-powerflex |
  • COLLECTOR_ADDR
  • PROVISIONER_NAMES
  • POWERFLEX_SDC_METRICS_ENABLED
  • POWERFLEX_SDC_IO_POLL_FREQUENCY
  • POWERFLEX_VOLUME_IO_POLL_FREQUENCY
  • POWERFLEX_VOLUME_METRICS_ENABLED
  • POWERFLEX_STORAGE_POOL_METRICS_ENABLED
  • POWERFLEX_STORAGE_POOL_POLL_FREQUENCY
  • POWERFLEX_MAX_CONCURRENT_QUERIES
  • LOG_LEVEL
  • LOG_FORMAT
| +| karavi-metrics-powerstore-configmap | karavi-metrics-powerstore |
  • COLLECTOR_ADDR
  • PROVISIONER_NAMES
  • POWERSTORE_VOLUME_METRICS_ENABLED
  • POWERSTORE_VOLUME_IO_POLL_FREQUENCY
  • POWERSTORE_SPACE_POLL_FREQUENCY
  • POWERSTORE_ARRAY_POLL_FREQUENCY
  • POWERSTORE_FILE_SYSTEM_POLL_FREQUENCY
  • POWERSTORE_MAX_CONCURRENT_QUERIES
  • LOG_LEVEL
  • LOG_FORMAT
  • ZIPKIN_URI
  • ZIPKIN_SERVICE_NAME
  • ZIPKIN_PROBABILITY
| +| karavi-topology-configmap | karavi-topology |
  • PROVISIONER_NAMES
  • LOG_LEVEL
  • LOG_FORMAT
  • ZIPKIN_URI
  • ZIPKIN_SERVICE_NAME
  • ZIPKIN_PROBABILITY
| + +To update any of these settings, run the following command on the Kubernetes cluster then save the updated ConfigMap data. + +```console +kubectl edit configmap [CONFIG_MAP_NAME] -n [CSM_NAMESPACE] +``` + +## Tracing + +CSM for Observability is instrumented to report trace data to [Zipkin](https://zipkin.io/). This helps gather timing data needed to troubleshoot latency problems with CSM for Observability. Follow the instructions below to enable the reporting of trace data: + +1. Deploy a Zipkin instance in the CSM namespace and expose the service as NodePort for external access. + + ```console + apiVersion: apps/v1 + kind: Deployment + metadata: + name: zipkin + labels: + app.kubernetes.io/name: zipkin + app.kubernetes.io/instance: zipkin-instance + app.kubernetes.io/managed-by: zipkin-service + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: zipkin + app.kubernetes.io/instance: zipkin-instance + template: + metadata: + labels: + app.kubernetes.io/name: zipkin + app.kubernetes.io/instance: zipkin-instance + spec: + containers: + - name: zipkin + image: "openzipkin/zipkin" + imagePullPolicy: IfNotPresent + env: + - name: "STORAGE_TYPE" + value: "mem" + - name: "TRANSPORT_TYPE" + value: "http" + + --- + + apiVersion: v1 + kind: Service + metadata: + name: zipkin + labels: + app.kubernetes.io/name: zipkin + app.kubernetes.io/instance: zipkin-instance + app.kubernetes.io/managed-by: zipkin-service + spec: + ports: + - port: 9411 + targetPort: 9411 + protocol: TCP + type: "NodePort" + selector: + app.kubernetes.io/name: zipkin + app.kubernetes.io/instance: zipkin-instance + ``` + +2. Add the Zipkin URI to the CSM for Observability ConfigMaps. Based on the manifest above, Zipkin will be running on port 9411. + + __Note__: Zipkin tracing is currently not supported for the collection of PowerFlex metrics. + + Update the ConfigMaps from the [table above](#dynamic-configuration). Here is an example updating the karavi-topology-configmap based on the deployment manifest above. + + ```console + kubectl edit configmap/karavi-topology-configmap -n [CSM_NAMESPACE] + ``` + + Update the ZIPKIN_URI and ZIPKIN_PROBABILITY values and save the ConfigMap. + + ```console + ZIPKIN_URI: "http://zipkin:9411/api/v2/spans" + ZIPKIN_SERVICE_NAME: "karavi-topology" + ZIPKIN_PROBABILITY: "1.0" + ``` + + Once the ConfigMaps are updated, the changes will automatically be applied and tracing can be seen by accessing Zipkin on the exposed port. + +## Updating Storage System Credentials + +If the storage system credentials have been updated in the relevant CSI Driver, CSM for Observability must be updated with those new credentials as follows: + +### When CSM for Observability uses the Authorization module + +In this case, all storage system requests made by CSM for Observability will be routed through the Authorization module. The following must be performed: + +#### Update the Authorization Module Token + +1. Delete the current `proxy-authz-tokens` Secret from the CSM namespace. + ```console + $ kubectl delete secret proxy-authz-tokens -n [CSM_NAMESPACE] + ``` + +2. Copy the `proxy-authz-tokens` Secret from a CSI Driver to the CSM namespace. + ```console + $ kubectl get secret proxy-authz-tokens -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSM_CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - + ``` + +#### Update Storage Systems +If the list of storage systems managed by a Dell EMC CSI Driver have changed, the following steps can be performed to update CSM for Observability to reference the updated systems: + +1. Delete the current `karavi-authorization-config` Secret from the CSM namespace. + ```console + $ kubectl delete secret proxy-authz-tokens -n [CSM_NAMESPACE] + ``` + +2. Copy the `karavi-authorization-config` Secret from the CSI Driver namespace to CSM for Observability namespace. + ```console + $ kubectl get secret karavi-authorization-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSM_CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - + ``` + +### When CSM for Observability does not use the Authorization module + +In this case all storage system requests made by CSM for Observability will not be routed through the Authorization module. The following must be performed: + +#### CSI Driver for Dell EMC PowerFlex + +1. Delete the current `vxflexos-config` Secret from the CSM namespace. + ```console + $ kubectl delete secret vxflexos-config -n [CSM_NAMESPACE] + ``` + +2. Copy the `vxflexos-config` Secret from the CSI Driver for Dell EMC PowerFlex namespace to the CSM namespace. + ```console + $ kubectl get secret vxflexos-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - + ``` + +### CSI Driver for Dell EMC PowerStore + +1. Delete the current `powerstore-config` Secret from the CSM namespace. + ```console + $ kubectl delete secret powerstore-config -n [CSM_NAMESPACE] + ``` + +2. Copy the `powerstore-config` Secret from the CSI Driver for Dell EMC PowerStore namespace to the CSM namespace. + ```console + $ kubectl get secret powerstore-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - + ``` \ No newline at end of file diff --git a/content/v2/observability/deployment/helm.md b/content/v2/observability/deployment/helm.md new file mode 100644 index 0000000000..46c9947d7c --- /dev/null +++ b/content/v2/observability/deployment/helm.md @@ -0,0 +1,118 @@ +--- +title: Helm +linktitle: Helm +weight: 3 +description: > + Dell EMC Container Storage Modules (CSM) for Observability Helm deployment +--- + +The Container Storage Modules (CSM) for Observability Helm chart bootstraps an Observability deployment on a Kubernetes cluster using the Helm package manager. + +## Prerequisites + +- A [supported](../../../csidriver/#features-and-capabilities) CSI Driver is deployed +- The cert-manager CustomResourceDefinition resources are created. + + ```console + $ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.crds.yaml + ``` + +## Copy the CSI Driver Secret + +Copy the config Secret from the Dell CSI Driver namespace into the namespace where CSM for Observability is deployed. + +### PowerFlex + +```console +$ kubectl get secret vxflexos-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - +``` + +__Note__: The target namespace must exist before executing this command. + +### PowerStore + +```console +$ kubectl get secret powerstore-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - +``` + +__Note__: The target namespace must exist before executing this command. + +## Add the Repo + +```console +$ helm repo add dell https://dell.github.io/helm-charts +``` + +## Installing the Chart + +```console +$ helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] --create-namespace +``` + +The [configuration](#configuration) section below lists all the parameters that can be configured during installation + +## Configuration + +The following table lists the configurable parameters of the CSM for Observability Helm chart and their default values. + +| Parameter | Description | Default | +| - | - | - | +| `karaviTopology.image` | Location of the csm-topology Docker image | `dellemc/csm-topology:v1.0` | +| `karaviTopology.enabled` | Enable the CSM for Observability Topology service | `true` | +| `karaviTopology.provisionerNames` | Provisioner Names used to filter the Persistent Volumes created on the Kubernetes cluster (must be a comma-separated list) | ` csi-vxflexos.dellemc.com` | +| `karaviTopology.service.type` | Kubernetes service type | `ClusterIP` | +| `karaviTopology.certificateFile` | Optional valid CA public certificate file that will be used to deploy the Topology service. Must use domain name 'karavi-topology'. | | +| `karaviTopology.privateKeyFile` | Optional public certificate's associated private key file that will be used to deploy the Topology service. Must use domain name 'karavi-topology'. | | +| `karaviTopology.logLevel` | Output logs that are at or above the given log level severity (Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC) | `INFO` | +| `karaviTopology.logFormat` | Output logs in the specified format (Valid values: text, json) | `text` | +| `otelCollector.certificateFile` | Optional valid CA public certificate file that will be used to deploy the OpenTelemetry Collector. Must use domain name 'otel-collector'. | | +| `otelCollector.privateKeyFile` | Optional public certificate's associated private key file that will be used to deploy the OpenTelemetry Collector. Must use domain name 'otel-collector'. | | +| `otelCollector.service.type` | Kubernetes service type | `ClusterIP` | +| `karaviMetricsPowerflex.image` | CSM Metrics for PowerFlex Service image | `dellemc/csm-metrics-powerflex:v1.0` | +| `karaviMetricsPowerflex.enabled` | Enable CSM Metrics for PowerFlex service | `true` | +| `karaviMetricsPowerflex.collectorAddr` | Metrics Collector accessible from the Kubernetes cluster | `otel-collector:55680` | +| `karaviMetricsPowerflex.provisionerNames` | Provisioner Names used to filter for determining PowerFlex SDC nodes( Must be a Comma-separated list) | ` csi-vxflexos.dellemc.com` | +| `karaviMetricsPowerflex.sdcPollFrequencySeconds` | The polling frequency (in seconds) to gather SDC metrics | `10` | +| `karaviMetricsPowerflex.volumePollFrequencySeconds` | The polling frequency (in seconds) to gather volume metrics | `10` | +| `karaviMetricsPowerflex.storageClassPoolPollFrequencySeconds` | The polling frequency (in seconds) to gather storage class/pool metrics | `10` | +| `karaviMetricsPowerflex.concurrentPowerflexQueries` | The number of simultaneous metrics queries to make to Powerflex(MUST be less than 10; otherwise, several request errors from Powerflex will ensue. | `10` | +| `karaviMetricsPowerflex.sdcMetricsEnabled` | Enable PowerFlex SDC Metrics Collection | `true` | +| `karaviMetricsPowerflex.volumeMetricsEnabled` | Enable PowerFlex Volume Metrics Collection | `true` | +| `karaviMetricsPowerflex.storageClassPoolMetricsEnabled` | Enable PowerFlex Storage Class/Pool Metrics Collection | `true` | +| `karaviMetricsPowerflex.endpoint` | Endpoint for pod leader election | `karavi-metrics-powerflex` | +| `karaviMetricsPowerflex.service.type` | Kubernetes service type | `ClusterIP` | +| `karaviMetricsPowerflex.logLevel` | Output logs that are at or above the given log level severity (Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC) | `INFO`| +| `karaviMetricsPowerflex.logFormat` | Output logs in the specified format (Valid values: text, json) | `text`| +| `karaviMetricsPowerstore.image` | CSM Metrics for PowerStore Service image | `dellemc/csm-metrics-powerstore:v1.0`| +| `karaviMetricsPowerstore.enabled` | Enable CSM Metrics for PowerStore service | `true` | +| `karaviMetricsPowerstore.collectorAddr` | Metrics Collector accessible from the Kubernetes cluster | `otel-collector:55680` | +| `karaviMetricsPowerstore.provisionerNames` | Provisioner Names used to filter for determining PowerStore volumes (must be a Comma-separated list) | `csi-powerstore.dellemc.com` | +| `karaviMetricsPowerstore.volumePollFrequencySeconds` | The polling frequency (in seconds) to gather volume metrics | `10` | +| `karaviMetricsPowerstore.concurrentPowerflexQueries` | The number of simultaneous metrics queries to make to PowerStore (must be less than 10; otherwise, several request errors from PowerStore will ensue.) | `10` | +| `karaviMetricsPowerstore.volumeMetricsEnabled` | Enable PowerStore Volume Metrics Collection | `true` | +| `karaviMetricsPowerstore.endpoint` | Endpoint for pod leader election | `karavi-metrics-powerstore` | +| `karaviMetricsPowerstore.service.type` | Kubernetes service type | `ClusterIP` | +| `karaviMetricsPowerstore.logLevel` | Output logs that are at or above the given log level severity (Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC) | `INFO`| +| `karaviMetricsPowerstore.logFormat` | Output logs in the specified format (Valid values: text, json) | `text` | +| `karaviMetricsPowerstore.zipkin.uri` | URI of a Zipkin instance where tracing data can be forwarded | | +| `karaviMetricsPowerstore.zipkin.serviceName` | Service name used for Zipkin tracing data | `metrics-powerstore`| +| `karaviMetricsPowerstore.zipkin.probability` | Percentage of trace information to send to Zipkin (Valid range: 0.0 to 1.0) | `0` | + + +Specify each parameter using the '--set key=value[,key=value]' and/or '--set-file key=value[,key=value] arguments to 'helm install'. For example: + +```console +$ helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] --create-namespace \ + --set-file karaviTopology.certificateFile= \ + --set-file karaviTopology.privateKeyFile= \ + --set-file otelCollector.certificateFile= \ + --set-file otelCollector.privateKeyFile= +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example: + +```console +$ helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] --create-namespace -f values.yaml + ``` + +__Note__: You can use the default [values.yaml](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml) \ No newline at end of file diff --git a/content/v2/observability/deployment/offline.md b/content/v2/observability/deployment/offline.md new file mode 100644 index 0000000000..67d4948c4d --- /dev/null +++ b/content/v2/observability/deployment/offline.md @@ -0,0 +1,161 @@ +--- +title: Offline Installer +linktitle: Offline Installer +weight: 3 +description: > + Dell EMC Container Storage Modules (CSM) for Observability Offline Installer +--- + +The following instructions can be followed when a Helm chart will be installed in an environment that does not have an internet connection and will be unable to download the Helm chart and related Docker images. + +### Dependencies + +Multiple Linux-based systems may be required to create and process an offline bundle for use. + +* One Linux-based system, with internet access, will be used to create the bundle. This involves the user invoking a script that utilizes `docker` to pull and save container images to file. +* One Linux-based system, with access to an image registry, to invoke a script that uses `docker` to restore container images from file and push them to a registry + +If one Linux system has both internet access and access to an internal registry, that system can be used for both steps. + +Preparing an offline bundle requires the following utilities: + +| Dependency | Usage | +| --------------------- | ----- | +| `docker` | `docker` will be used to pull images from public image registries, tag them, and push them to a private registry.
Required on both the system building the offline bundle as well as the system preparing for installation.
Tested version is `docker` 18.09 + +### Executing the Installer + +To perform an offline installation of a Helm chart, the following steps should be performed: + +1. Build an offline bundle. +2. Unpack the offline bundle and prepare for installation. +3. Perform a Helm installation. + +### Build the Offline Bundle + +1. Copy the `offline-installer.sh` script to a local Linux system using `curl` or `wget`: + + ``` + [user@anothersystem /home/user]# curl https://raw.githubusercontent.com/dell/karavi-observability/main/installer/offline-installer.sh --output offline-installer.sh + ``` + + or + + ``` + [user@anothersystem /home/user]# wget -O offline-installer.sh https://raw.githubusercontent.com/dell/karavi-observability/main/installer/offline-installer.sh + ``` + +2. Set the file as executable. + + ``` + [user@anothersystem /home/user]# chmod +x offline-installer.sh + ``` + +3. Build the bundle by providing the Helm chart name as the argument: + + ``` + [user@anothersystem /home/user]# ./offline-installer.sh -c dell/karavi-observability + + * + * Adding Helm repository https://dell.github.io/helm-charts + + + * + * Downloading Helm chart dell/karavi-observability to directory /home/user/offline-karavi-observability-bundle/helm-original + + + * + * Downloading and saving Docker images + + dellemc/csm-topology:v0.3.0 + dellemc/csm-metrics-powerflex:v0.3.0 + otel/opentelemetry-collector:0.9.0 + nginxinc/nginx-unprivileged:1.18 + + * + * Compressing offline-karavi-observability-bundle.tar.gz + ``` + +### Unpack the Offline Bundle + +1. Copy the bundle file to another Linux system that has access to the internal Docker registry and that can install the Helm chart. From that Linux system, unpack the bundle. + + ``` + [user@anothersystem /home/user]# tar -xzf offline-karavi-observability-bundle.tar.gz + ``` + +2. Change directory into the new directory created from unpacking the bundle: + + ``` + [user@anothersystem /home/user]# cd offline-karavi-observability-bundle + ``` + +3. Prepare the bundle by providing the internal Docker registry URL. + + ``` + [user@anothersystem /home/user/offline-karavi-observability-bundle]# ./offline-installer.sh -p :5000 + + * + * Loading, tagging, and pushing Docker images to registry :5000/ + + dellemc/csm-topology:v0.3.0 -> :5000/csm-topology:v0.3.0 + dellemc/csm-metrics-powerflex:v0.3.0 -> :5000/csm-metrics-powerflex:v0.3.0 + otel/opentelemetry-collector:0.9.0 -> :5000/opentelemetry-collector:0.9.0 + nginxinc/nginx-unprivileged:1.18 -> :5000/nginx-unprivileged:1.18 + ``` + +### Perform Helm installation + +1. Change directory to `helm` which contains the updated Helm chart directory: + ``` + [user@anothersystem /home/user/offline-karavi-observability-bundle]# cd helm + ``` + +2. Install necessary cert-manager CustomResourceDefinitions provided: + ``` + [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl apply --validate=false -f cert-manager.crds.yaml + ``` + +3. Copy the CSI Driver Secret(s) + + Copy the CSI Driver Secret from the namespace where CSI Driver is installed to the namespace where CSM for Observability is to be installed. + + CSI Driver for PowerFlex: + ``` + [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl get secret vxflexos-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - + ``` + + CSI Driver for PowerStore + ``` + [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl get secret powerstore-config -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - + ``` + +4. Now that the required images have been made available and the Helm chart's configuration updated with references to the internal registry location, installation can proceed by following the instructions that are documented within the Helm chart's repository. + + **Note:** Optionally, you could provide your own [configurations](../helm/#configuration). A sample values.yaml file is located [here](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml). + + ``` + [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# helm install -n install-namespace app-name karavi-observability + + NAME: app-name + LAST DEPLOYED: Fri Nov 6 08:48:13 2020 + NAMESPACE: install-namespace + STATUS: deployed + REVISION: 1 + TEST SUITE: None + + ``` + +5. (Optional) The following steps can be performed to enable CSM for Observability to use an existing instance of Authorization for accessing the REST API for the given storage systems. + + **Note:** CSM for Authorization currently does not support the Observability module for PowerStore. + + Copy the proxy Secret into the CSM for Observability namespace: + ``` + [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl get secret proxy-authz-tokens -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - + ``` + + Use `karavictl` to update the Observability module deployment to use the Authorization module. Required parameters are the location of the sidecar-proxy Docker image and the URL of the Authorization module proxy. If the Authorization module was installed using certificates, the flags `--insecure=false` and `--root-certificate ` must be also be provided. If certificates were not provided during installation, the flag `--insecure=true` must be provided. + ``` + [user@anothersystem /home/user/offline-karavi-observability-bundle/helm]# kubectl get secrets,deployments -n [CSM_NAMESPACE] -o yaml | karavictl inject --insecure=false --root-certificate --image-addr --proxy-host | kubectl apply -f - + ``` \ No newline at end of file diff --git a/content/v2/observability/deployment/online.md b/content/v2/observability/deployment/online.md new file mode 100644 index 0000000000..8beca80c6a --- /dev/null +++ b/content/v2/observability/deployment/online.md @@ -0,0 +1,136 @@ +--- +title: Installer +linktitle: Installer +weight: 3 +description: > + Dell EMC Container Storage Modules (CSM) for Observability Installer +--- + + + +The Container Storage Modules (CSM) for Observability installer bootstraps Helm to create a more simplified and robust deployment option that does the following: +- Verifies CSM for Observability is not yet installed +- Verifies the Kubernetes/Openshift versions are supported +- Verifies the Helm version is supported +- Adds the Dell Helm chart repository +- Refreshes the Helm chart repositories to download any recent changes +- Creates the CSM namespace (if not already created) +- Copies the secrets from the CSI driver namespaces into the CSM namespace (if not already copied) +- Installs the CertManager CRDs (if not already installed) +- Installs the CSM for Observability Helm chart +- Waits for the CSM for Observability pods to become ready + +If the Authorization module is enabled for the CSI drivers installed in the same Kubernetes cluster, the installer will perform the current steps to enable CSM for Observability to use the same Authorization instance: +- Verifies the `karavictl` binary is available. +- Verifies the appropriate Secret exists in the CSI driver namespace. +- Queries the CSI driver environment to get references to the Authorization module sidecar-proxy Docker image and URL of the proxy server. +- Updates the CSM for Observability deployment to use the existing Authorization instance. + +## Online Installer + +The following instructions can be followed to install CSM for Observability in an environment that has an internet connection and is capable of downloading the required Helm chart and Docker images. + +### Dependencies + +A Linux-based system, with internet access, will be used to execute the script to install CSM for Observability into a Kubernetes/Openshift environment that also has internet access. + +| Dependency | Usage | +| --------------------- | ----- | +| `kubectl` | `kubectl` will be used to verify the Kubernetes/OpenShift environment| +| `helm` | `helm` will be used to install the CSM for Observability helm chart| +| `jq` | `jq` will be used to parse the CSM for Authorization configuration file during installation| + + +### Installer Usage +``` +[user@system /home/user/karavi-observability/installer]# ./karavi-observability-install.sh --help + +Help for ./karavi-observability-install.sh + +Usage: ./karavi-observability-install.sh mode options... +Mode: + install Installs Karavi Observability and enables Karavi Authorization if already installed + enable-authorization Updates existing installation of Karavi Observability with Karavi Authorization +Options: + Required + --namespace[=] Namespace where Karavi Observability will be installed + Optional + --auth-image-addr Docker registry location of the Karavi Authorization sidecar proxy image + --auth-proxy-host Host address of the Karavi Authorization proxy server + --csi-powerflex-namespace[=] Namespace where CSI PowerFlex is installed, default is 'vxflexos' + --set-file Set values from files used during helm installation (can be specified multiple times) + --skip-verify Skip verification of the environment + --values[=] Values file, which defines configuration values + --verbose Display verbose logging + --version[=] Helm chart version to install, default value will be latest + --help Help +``` + +__Note:__ CSM for Authorization currently does not support the Observability module for PowerStore. Therefore setting `enable-authorization` is not supported in this case. + +### Executing the Installer + +To perform an online installation of CSM for Observability, the following steps should be performed: + +1. Clone the GitHub repository: + ``` + [user@system /home/user]# git clone https://github.com/dell/karavi-observability.git + ``` + +2. Change to the installer directory: + ``` + [user@system /home/user]# cd karavi-observability/installer + ``` + +3. Execute the installation script. + The following example will install CSM for Observability into the CSM namespace. + + A sample values.yaml file is located [here](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml). This can be copied into a file named `myvalues.yaml` and modified accordingly for the installer command below. Configuration options are outlined in the [Helm chart deployment section](../helm#configuration). + ``` + [user@system /home/user/karavi-observability/installer]# ./karavi-observability-install.sh install --namespace [CSM_NAMESPACE] --values myvalues.yaml + --------------------------------------------------------------------------------- + > Installing Karavi Observability in namespace karavi on 1.19 + --------------------------------------------------------------------------------- + | + |- Karavi Observability is not installed Success + | + |- Karavi Authorization will be enabled during installation + | + |- Verifying Kubernetes versions + | + |--> Verifying minimum Kubernetes version Success + | + |--> Verifying maximum Kubernetes version Success + | + |- Verifying helm version Success + | + |- Configure helm chart repository + | + |--> Adding helm repository https://dell.github.io/helm-charts Success + | + |--> Updating helm repositories Success + | + |- Creating namespace karavi Success + | + |- Copying Secret from vxflexos to karavi Success + | + |- Installing CertManager CRDs Success + | + |- Installing Karavi Observability helm chart Success + | + |- Waiting for pods in namespace karavi to be ready Success + | + |- Copying Secret from vxflexos to karavi Success + | + |- Enabling Karavi Authorization for Karavi Observability Success + | + |- Waiting for pods in namespace karavi to be ready Success + ``` diff --git a/content/v2/observability/design/_index.md b/content/v2/observability/design/_index.md new file mode 100644 index 0000000000..e6dc2b93c1 --- /dev/null +++ b/content/v2/observability/design/_index.md @@ -0,0 +1,34 @@ +--- +title: Design +linktitle: Design +weight: 1 +description: > + CSM for Observability Design +--- + +The solution takes the approach that each storage system that Container Storage Modules (CSM) for Observability supports will have their own metrics deployments in the Kubernetes cluster. + +- Metrics Deployment: Queries the Kubernetes API to gather information about storage resources and then queries the storage system's REST API to gather specific metrics. These metrics are then exported to the [OTEL collector](https://github.com/open-telemetry/opentelemetry-collector). +- Each supported storage system will have their own Deployment for metrics. They will each follow a similar pattern of querying the Kubernetes and StorageSystem APIs to gather information about storage resources (ex: volumes, storage pools, etc) and their metrics. Metrics will be exported directly to the OTEL collector. + +A single topology deployment will query the Kubernetes API to gather mapping information between Persistent Volumes and storage resources located on multiple storage systems. This information is queried directly from Grafana and displayed in a custom dashboard. + +## Required Components + +The following prerequisites must be deployed into the namespace where CSM for Observability is located to support the storage system metrics and topology deployments: + +- Prometheus for scraping the metrics from the OTEL collector. +- Grafana for visualizing the metrics from Prometheus and Topology services using custom dashboards. +- CSM for Observability will use secrets to get details about the storage systems used by the CSI drivers. These secrets should be copied from the namespaces where the drivers are deployed. CSI Powerflex driver uses the 'vxflexos-config' secret and CSI PowerStore uses the 'powerstore-config' secret. + +## Deployment Architectures + +CSM for Observability can be deployed to either direct storage system requests directly to the storage system or through the [CSM for Authorization](../../authorization) proxy. The CSI driver must be configured to route storage system requests through the CSM for Authorization proxy in order for CSM for Observability to do the same. + +### Default Deployment of CSM for Observability + +![Default Deployment](../obs_architecture1.png) + +### Deployment of CSM for Observability with CSM for Authorization + +![CSM for Observability with CSM for Authorization](../obs_architecture2.png) diff --git a/content/v2/observability/metrics/_index.md b/content/v2/observability/metrics/_index.md new file mode 100644 index 0000000000..e41fd14b7f --- /dev/null +++ b/content/v2/observability/metrics/_index.md @@ -0,0 +1,9 @@ +--- +title: Metrics +linktitle: Metrics +weight: 2 +description: > + Dell EMC Container Storage Modules (CSM) for Observability Metrics +--- + +This section outlines the metrics collected by Container Storage Modules (CSM) for Observability in the areas of I/O Performance and Storage Capacity. All metrics are available from the OpenTelemetry collector endpoint. Please see the [CSM for Observability](../) for more information on deploying and configuring the OpenTelemetry collector. \ No newline at end of file diff --git a/content/v2/observability/metrics/powerflex.md b/content/v2/observability/metrics/powerflex.md new file mode 100644 index 0000000000..c1e2931407 --- /dev/null +++ b/content/v2/observability/metrics/powerflex.md @@ -0,0 +1,47 @@ +--- +title: PowerFlex Metrics +linktitle: PowerFlex Metrics +weight: 1 +description: > + Dell EMC Container Storage Modules (CSM) for Observability PowerFlex Metrics +--- + +This section outlines the metrics collected by the Container Storage Modules (CSM) Observability module for PowerFlex. The [Grafana reference dashboards](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/powerflex) for PowerFlex metrics can be uploaded to your Grafana instance. + +## I/O Performance Metrics + +Storage system I/O performance metrics (IOPS, bandwidth, latency) are available by default and broken down by export node and volume. + +To disable these metrics, set the ```sdc_metrics_enabled``` field to false in helm/values.yaml. + +The following I/O performance metrics are available from the OpenTelemetry collector endpoint. Please see the [CSM for Observability](../../) for more information on deploying and configuring the OpenTelemetry collector. + +| Metric | Description | +| - | - | +| powerflex_export_node_read_bw_megabytes_per_second | The export node read bandwidth (MB/s) within PowerFlex system | +| powerflex_export_node_write_bw_megabytes_per_second | The export node write bandwidth (MB/s) | +| powerflex_export_node_read_latency_milliseconds | The time (in ms) to complete read operations within PowerFlex system by the export node | +| powerflex_export_node_write_latency_milliseconds | The time (in ms) to complete write operations within PowerFlex system by the export host | +| powerflex_export_node_read_iops_per_second | The number of read operations performed by an export node (per second) | +| powerflex_export_node_write_iops_per_second | The number of write operations performed by an export node (per second) | +| powerflex_volume_read_bw_megabytes_per_second | The volume read bandwidth (MB/s) | +| powerflex_volume_write_bw_megabytes_per_second | The volume write bandwidth (MB/s) | +| powerflex_volume_read_latency_milliseconds | The time (in ms) to complete read operations to a volume | +| powerflex_volume_write_latency_milliseconds | The time (in ms) to complete write operations to a volume | +| powerflex_volume_read_iops_per_second | The number of read operations performed against a volume (per second) | +| powerflex_volume_write_iops_per_second | The number of write operations performed against a volume (per second) | + +## Storage Capacity Metrics + +Provides visibility into the total, used, and available capacity for a storage class and associated underlying storage construct. + +To disable these metrics, set the ```storage_class_pool_metrics_enabled``` field to false in helm/values.yaml. + +The following storage capacity metrics are available from the OpenTelemetry collector endpoint. Please see the [CSM for Observability](../../) for more information on deploying and configuring the OpenTelemetry collector. + +| Metric | Description | +| - | - | +| powerflex_storage_pool_total_logical_capacity_gigabytes | The logical capacity (size) of a storage pool (GB) | +| powerflex_storage_pool_logical_capacity_available_gigabytes | The capacity available for use (GB) | +| powerflex_storage_pool_logical_capacity_in_use_gigabytes | The logical capacity of a storage pool in use (GB) | +| powerflex_storage_pool_logical_provisioned_gigabytes | The total size of volumes (thick and thin) provisioned in a storage pool (GB) | diff --git a/content/v2/observability/metrics/powerstore.md b/content/v2/observability/metrics/powerstore.md new file mode 100644 index 0000000000..77bc7f700c --- /dev/null +++ b/content/v2/observability/metrics/powerstore.md @@ -0,0 +1,51 @@ +--- +title: PowerStore Metrics +linktitle: PowerStore Metrics +weight: 1 +description: > + Dell EMC Container Storage Modules (CSM) for Observability PowerStore Metrics +--- + +This section outlines the metrics collected by the Container Storage Modules (CSM) Observability module for PowerStore. The [Grafana reference dashboards](https://github.com/dell/karavi-observability/blob/main/grafana/dashboards/powerstore) for PowerStore metrics can be uploaded to your Grafana instance. + +## I/O Performance Metrics + +Storage system I/O performance metrics (IOPS, bandwidth, latency) are available by default and broken down by export node and volume. + +To disable these metrics, set the ```karaviMetricsPowerstore.volumeMetricsEnabled``` field to false in helm/values.yaml. + +The following I/O performance metrics are available from the OpenTelemetry collector endpoint. Please see the [CSM for Observability](../../) for more information on deploying and configuring the OpenTelemetry collector. + +| Metric | Description | +| - | - | +| powerstore_volume_read_bw_megabytes_per_second | The volume read bandwidth (MB/s) | +| powerstore_volume_write_bw_megabytes_per_second | The volume write bandwidth (MB/s) | +| powerstore_volume_read_latency_milliseconds | The time (in ms) to complete read operations to a volume | +| powerstore_volume_write_latency_milliseconds | The time (in ms) to complete write operations to a volume | +| powerstore_volume_read_iops_per_second | The number of read operations performed against a volume (per second) | +| powerstore_volume_write_iops_per_second | The number of write operations performed against a volume (per second) | +| powerstore_filesystem_read_bw_megabytes_per_second | The filesystem read bandwidth MB/s | +| powerstore_filesystem_write_bw_megabytes_per_second | The filesystem write bandwidth (MB/s) | +| powerstore_filesystem_read_iops_per_second | The number of read operations performed against a filesystem (per second) | +| powerstore_filesystem_write_iops_per_second | The number of write operations performed against a filesystem (per second) | +| powerstore_filesystem_read_latency_milliseconds | The time (in ms) to complete read operations to a filesystem | +| powerstore_filesystem_write_latency_milliseconds | The time (in ms) to complete write operations to a filesystem | + +## Storage Capacity Metrics + +Provides visibility into the total, used, and available capacity for a storage class and associated underlying storage construct. + +To disable these metrics, set the ```enable_powerstore_metrics``` field to false in helm/values.yaml. + +The following storage capacity metrics are available from the OpenTelemetry collector endpoint. Please see the [CSM for Observability](../../) for more information on deploying and configuring the OpenTelemetry collector. + +| Metric | Description | +| - | - | +| powerstore_array_logical_provisioned_megabytes | Total provisioned logical storage on a given array managed by CSI driver | +| powerstore_array_logical_used_megabytes | Total used logical storage on a given array | +| powerstore_storage_class_logical_provisioned_megabytes | Total provisioned logical storage for a given storage class | +| powerstore_storage_class_logical_used_megabytes | Total used logical storage for a given storage class | +| powerstore_volume_logical_provisioned_megabytes | Logical provisioned storage for a volume | +| powerstore_volume_logical_used_megabytes | Logical used storage for a volume | +| powerstore_filesystem_logical_provisioned_megabytes | Logical provisioned storage for a filesystem | +| powerstore_filesystem_logical_used_megabytes | Logical used storage for a filesystem | \ No newline at end of file diff --git a/content/v2/observability/obs_architecture1.png b/content/v2/observability/obs_architecture1.png new file mode 100644 index 0000000000000000000000000000000000000000..94d59418e2572e701cf730be6efe823956679660 GIT binary patch literal 32995 zcmdSAcT`hdxa}Q5f`y_YA{|9Qq$yQ;Q9(L_bOL3cXjLnc6)Y`9XtMv3nzs|QHXph*eGYK zOq`EN%Rf7lCiC)Kvb|WH8OC2KX%M{tTtDBXFwTL>MeEf?RaNKZ6!-C>Tj}*XWQZS8 z*0JMJHqOf4{)!gZg3E9=deud!jS{&Yb%h!ZlQvr;eJxe9d;+?Mo#U=!I1P$HSM-+d zi4>c}{xTQWA%0V%&<)=Yq@!+W1@RoXVI$_DU_%pVkMT$bx=C*a$&o`~P z3_A%^-`>&*erHHtP*-zkwut>PFZGaN3>mEb`^Ouhl%B~UVg5|Z7`uA$Ui48 zcONe}t4NG$ItU&CI`KG>h_#ny%(ov( zv0gg(7T&TTg7S%^QXAWhK@c(eP!`A459;_baF5O5@IQHu;8Ng`Wkv!+wKPw!Q-ucV z)LjIB*`loF^=U1AD0fGXJ3Tq2_4}?u6M9K* zrQKIq0&I*5oF2l!*ue%z9|Pp+l!DS(jx<#qIS6FHMy8UJ%Vk~kSfF`jLjkMF`nW)u z+Z7)t9~ZR}FU94SQoN>$c4p=8AcS}zMAb?l@E>_ zvx;>ecxHSs>qQ>dG8@<=s|26O-lW>Fa>2$Z`dO7qTJ|%bYS`5py*P#ds{jPjp=A6& zUX-Nw|F^|kWHe~C^rXzZajcKDtnjQ-o?U$x+O|07E|K1UsdhPvvz7E&H9{@b7mR4E zS^j?R=S%^rQW(Un=p%+Hg*-GQ} zbX_H@U!&8blhf0=cgoeIUW?=J3Z*Fm0J&QVb^qXz`_UZz%S-izOnuz zx$}sU^7!gLDYPJPJNcfe*s|~p2Q)pT=tOe7*^1I&h}50Rsz8S>`r&ZX+}Q^|cr?aJ zZ(%~=?BeV5!mp2t7^_gNrvzv{RM2Z;r7+t$%MpsXoP52vjv}S8w-DWA?tu}znw*~? z=d;T)B}a^*Gb?ArT23gMFq9>1(DnAL%9ZnH8eX+w!Ee<%TO9Tn_6qxCF_^iA8B2(X z*<`KNjS`0rXDg>9!E5=)nI3(TQ1d^)6IVE1n{9i<2_Jm5Qj&gWry90_*5^%tRwY@* zW5{tFPY(}J8CR>6Usc2}@4mku|?CiQqeY}o4LrzraGJ-Y(W<(a2chMGS zLy7FlSeJ>apEas-*(nw$zZtxvH*1EqL^_|}>yc+6?(d_+$SE~sJ%{|v3ziNRC0dQW zH>Y8HgX?)?!_92_Ga;>#As90UFdYc=^a(I2j#1j`P;1+0&`(-RsC)Hdq~_LhgLrxz zHTs_e3;zNYv91Z;EzVJ#--S_x;tD1Jjq!$9+C&u8H=A0!VrneB-Aw!=;Qd>Qa3cac zcHN4sq~hpc?FXB!xP;YyaY*2bD*CD0bB6`+j&y^KPL*&;r=)5BNU1~ro*K^$} z74CZi5LbBW)}nb(yl_(q3;)}-_}vx-V_EM<1E3Uv5#HyGmJWsnK`)tD!1iy~82f$S zUe*=W83w60I?Ao6YRB`){JIQHfAWq-Rfa7kK})LJsSs!PhnPNd(oyOo8hRD%R?aWG z=aIF;qNimPB>FILYL3k|Cf7{IX!AgD9I?=HypfQ7ezLSUm6)8nKw)nT-0ovFui_;Y z`J+#zrYJ4{fB^MQTK}WrZ0Dt(n$s(9!i!ZZ1pQ-rMjhumqM?~r-#0ci^tOON941nM zt{MM0_4!#8)frHVGqv5cd99anUc)2Ue3p@vIN~2-9_XcO?U~L#e-S19c!9#4am8Xu zUej!yB4Cb!_duIm^v@Nr8{-5t)^U#!zO7Ujcf^tz|6yy}twCJ#0RN0xE_fj0CQX3Y zc-mgfvN6iIiX8fEZULTC!?Nr3lh2gKNRTPV-tuNIw^VyMoT-h%es*tJMSfDQL|Y`G zA(L;eaptsKX8TjDDC0N7rr-2XKd=3sRgTeOLw14cER#;3b^`&X_0!!#`P%*-(eJ3> z(<5EuQM{Sh?XewK;xO?QQMa~FFT#x4yOxdVAj^NXIDd^t%yn#52aN@7Z!~U-h?I=$h=L=^+D2#ZB`rvA5U<;)4JN8JeRfLqo~f}ZWlB_qfBN=9{%d-2i|!$P zL_gIJE@xZ5k&^zwa6@O=+E|NhNQs@TqeH0-t98*!>{A=`1+=Qj>jx=lxXMCR98;>@ zEwe^bwyT5(h~q}p#=Hin-{wAen`C>1#fG>C46gPMiy4*Z4YK{i3J^Xg{^5+n4rxIn z!lHjh1oPVY%fR0!HAh%gP}C)cvT5*HC0@8z+PYHsy@k+;+6jlM!koFjtZQ! zTv*W^Qm|Sh;VL8Qk)K;CmG)*N3JzA0@KioH3YKyf-nrpJYa>fHa+h*0EGgAAA|TAgcq?=7ng+;b$oVm5 zr(&HK1bQF(I->9K9F@qkZ=akV@xp)C1g)kELYsy)7onKy3A3uALZqIsgn2K`^G6B$ z1}_PYbXxzGd2)!~kHdC= z$(OdY*_&2{->S|f#^?pfZTMM+m?tA;#%c_+N^I*!ywBv$+@{Xjx5MnV!rOiW)6b;o zbPq?k0kUKNbkqmt05)X#&B(KGGX{Rvix)bdBdwB4*W27V{zHV( z!vPVNR_4@1E5(cyy17YiY5&KVtb(QMF&RmuDP8}+e05`2c}lh!(butd_2)6jh$%2R zw2HJ_xz7ac!#gcbR}Htz^pI_$c-hoz`PTEvc1zJL7_vSgv3GFC+h^HW&V# zQzho5hM;AXFoQz5NiE{F!!sS#+4s+9g9avigFgGRgVZDXZ%B>y2k(g-%AYTtr>@{; z&guf!OlRT)Hk%EDw-d6*1r~>ASAWoHC-TT`eaJ7(g6@VJx2)QJRq;akXhK((UOJ!^OOFC{sP0r6Y&jl@xhEnE%Thnm)b_CmY+`B}w!a`YseLm>X!E$(G(NL%!`E!Qn4V|08 z`;GZ+hqNIF5%|f%_Bs2)Oz!@m4UYxn`4LhxuJNXU(`@R@^@Nt|$9eZShkxEt9k->H ze9ZmG<=wMQRPXMIcX?LQ2TgNt)taqXOIyc%tl{}{S{j<3CAodcos%JTp(H+J(~#M_ z90WESP-pQNC`R6-VI$flFxSlOC%ro$Ia7&!vinnm)gpzJ2$Kp z_~9Nj3(k@1nwjU|GxsrL+lllQ%VRRWJKN$c{vaRe?y~o<>JtYw0gB^01V9H+=;C^b-B}} z;2X&!5d4>IqqC~XMYYb+ZdTk(h?C1y^YXLB7v$f54&^*dQtNIBI@Yi}BDEiaUuVg74%5=og!@VT$3&&oyKV<5 zDI_`(oLQJ1+%TcC_M6NIuYLY%(90wynHHo_5_E{RNS0_l#0U!uzi!A|rLBQ$C_6V3 z4eC#}(VBG{A~AMRbxC#by3D%Ib@_G0b!Byxb+vVeueYvToZqL7Ed3Daz0te5oUGX0 zQwqJX&B&Y6t090bEen#^2ZWdE} zS?5)?#^GjRSRJ3gjYiL`*Mh*iVTy@@wHRLugJIKK-w6-r~d4Lu90LuGcWkOx6ny{%}Ma z4s=HBW#0z|bc#!lH(O^s-;5qn_Fo2t8VuwtQoHy@97?=AZyr@w^c-TB^J-&aVTV0| zsbkA0J0`~_7bo{3E33#mKgp$Y?G(0rhva-UZ%xIh{;Jqlo=y{2%qzw5PlTz$AJ4vd zqH-$ac8@0=I%Asw_xM&gYVqwm}?-};y%S|)o#c-a&59kQ+SR}IDf6l zN}I;orkcUm-|=4aXh5Y(ftsRa{mH}2j0lFQa^~$8yJYN7L&Gd%Vbp}h5=9rTDQBqW z-HXB&b&cajN(-TaKKO1e%r?!fw3Ff!Y9_c*W=XQ2H#6bt-IQ;`*=L^8hI@HDvZ{a* zW^^#)A$V2tLmQ_g(~-l%lO67}DX>!n~9Z|_R~ zxg_#YDxN8Me!TE9t4qNwStaDd{`f>_{kN#hYX9H#ijH1~S|m>_**(szq{OLAunfP_ zBT{A<+-Y1=qn4JG4n%s_tz$7jw=iCtAdNhg@$4?SXI4$#!2j0oOyuvhdJiUM8 zq4+0Y*4JNUBi7noG}m|hs2R zUP~X}h!G*k4mwww$4?vjISuEJdi4_vCd?M#$>cbNfZMfejU%4-?i*SZ^rgl4BqA5S zOgufETW$CUypp1Td9XTPF5nrih_5{8^J%eCR=m2Vwz^t?m0jJN)EpfY%1?XcNeIB2 z`;4;W*RpO&+OF2927m*%A}tb05;3a0w7hEVq6#jU7m^%WoQ&U^){A={ zYfZ~6pgIS6;jV;NBgH}k7j_#!7?74$vOKNSwPgvmD!Zca&qGJEA*IlZHXG&Mj5;MeAt2W`IA zk=uEYbO$CE(x^Q!E;YI5d~$I=?VmfYrJR*`8o6A&I3`q-E?&G{Cne8kW%eO{5&JE( zq*`~C(ah)N=%L2pJJ|jU>G2qvv^n(i&F0`kXay7YjRED%Bk~nHLtSa#*m`acxn{Y+ zXhhn0Ir;B{g`cm3AR0!;Oe*I`PXqcYc~|yh^x162N=DPdTl-2}T#991W*(8TDl~>T z{PFruEivA&)7!fyY`!$+I5t>@{Z+AskE~3iG01J7u3RsHW4zYJ;LcU$=?J;tKN0Mr z3wC~gWvmB^O~G-ccEI9z65DJ05{7RWl_BH%5Db3l`qaJVZ2H!uu5ZMT zp;cv4&S<+o^=c|YW%5#vJ1e!Zc-`^U*h{9LRf*c9GQL-%A?6d3Q*1| zSAwb^prHbLIUkZMi2PNMHC+h(lHN<^tKlIk%8p|lK)oAWq zD!oVYwHR4h%09!8NX6X0PN2!t%|pZ`mdYE=n?aii%>n!3f#m-DtS}E)KoB+4vsu7Q z9JmX}uQ^Pvw;_c=T7tHmae4Ee$<7)3?b~tvA!j?@)X9;5x2O8L<`!`DT~|`*FmOZL z_Zyux;PXr$bV#I`4x72QQ!EB|(8~M?#glca<8*N^aRxXeoXOuB^{**eGct36nduV4 znsK`Lp-unlwOzn^F`YRws9#7nC3PfW_$$#v;=^^r;v;n<;-ht=;$wAkw=M$V4G5H0 zKGyblZLCaWqT=*;AAQy0KnV`);f5{SN%3m=)}1k|+uhp1x*N^=kVY{U7#)lm#tGwt ziNK^uTL?@KhI5Ey%(!o`JASC+h%Fb3eMiG89E%x3%zbJ8Be(3-)S}ZwTXDl2&}rKn zKCPyLttajxtv3(&KjZ87m!Gg7>4-c>S7)C(?a1`veP#sS(XuC>pSGT(NKz?oGjK_| z%Ae@q2N)iL+5wZp^LYtc!nrr)0i!CZQ+C768`-zLlYMU1vfsSfJ(#OPa!^E2TZ7&M zIWKU(NCr&?U<_12F-(4oBH8x)h)wykIr;f2v|z%_`Pu&Bp;Cy*f068^PcOz8eV7W^ zJ>3jxJ;BeMW>Qg8cdJ_*=~kD%AQjy_o%^Y?suB083q*_3GBcAb&bCvw6ANXYWu46P zpcAro?@4a`pu-RYrR;V5zFp?&vSL3rI-HX~v-0b;VzVkxk@A5nb#!#h12YiWM1Z-7pl=*>E3 zDYep|BD?wm>K;}Cej{aXS&|U*we-R!UG~9K5&LVUVH;aRR12eq76Kj~9@~KYMr~W1 zuZ6%4T)<(Rci)6ul%~t}xVR_X>E*n{F$ES1wu4|Pa-h}xyy}bwltfa@z`%@mV8No*@+&eciswPVDzYpvT zzX5lX=-$cdGtRYR&nga^v~J)LikPf{)kN2n)nIA}HPp2NwVJiCl8BB~EC&@S4+*`sk{6W=hDj;q z#>D%PdLbL8wiQeVacZhcD<>=$5-IWcv0aMgBVbZ%pUrE}PdXySBAWk^bf14e<%Kne zzSM7K|Mj=r1-s`WR%ahd>GT4%F>RWnW}+s&wC)|vrMw98`WO1d9iQ!P9yHM3L6!AK z+1+Ynzb#uTk+wCp{qB3D_B}M&cQ=u1BS z_PXPh0ncTsu6+)S9#|;PSoLaOcu^Pz+`Y|nJXIW>GI`EUzr4jXvD^nPem<1aVy#Rz zx*tyyC?YAzi>rerECHgiAc(Z*qJhTRd!pW>&@AMX2)#Inb7?hi*{emu2MxV;hrk}T znxDM}rR?!FF(!s()nn%Uiv7>}Rr@vjU-awu8~2;z6mUwor#NNYbDYCxpvI8YqI__i z8&JUQK56wo2B+Bn`D%l{Rlib@-s^9^|Ix5XiDY|&mHdEi-a%N~#rHe&gQ~8w6 zM>fW&!7$lGnmqS~B*Qd6SSu!7BHa(a33&DIB_UsFZnutJYNZHq#5RBh)Bz#^Y$vtSRif7Dyh_U=^{tr3BsYP%OPPmtzC+Xb zr9Q)twLH-b_k^)_>Vi3LiSZaMDNwA|Q83_@Q1*Ids;Ov<;{I9A<3xZ}^hfvK#UK!< z+k-2<)d)j#ucUQ+BlcpRKi(=gMC7k|W2w5#;N5(={#dtcCoR+C0({zCvGpR~scx$? zUW)GiN{To2C9&!P3xt?@vBhg5nh4|vd9AH8>w1wJC1ENLm-UD}SPmt7P$9ZDCVGnB zoLo8+A>hg46L8tQ&|=)2apNpp4XHVNyhVX_tzk7Y)Ie!fBQxW@M%uUlr*^-Ow7b=B zG_0v9;$Pb<x)>sIUuA!kb=$)sIcSXNfxcz;u(^X$(% zd8gpE!JHE@q+hht)Ylh)+h8X0upe%l#Y;+RdXLpD)Pq<>U9oe^$HqK9F3-#ham#fL zu^S~ecE%!VYzsn~jC-=5fiz zI6GseoCYULo#t)UGWFY-UAwv$)gSz${LP;-cw|_n=;1d=t~j~`T~x4-_gF%h(|ZMA z47{#TH;6ixG8#~SwD=Rw&^2?4pMei5hy|d`L~%uM8R~=Z_N=rz704+N49{i(Z3=sKkxrzO_ajQU@b;} zRfk=}YMZ8rkNoM1Hm1otbJ+B<-8BU2^#DhC8gxVS;V4M0I-V(!;!V=b{nKz{MAfpJ zsLtpb1|jCpLJ%%CHzOX23237{;C*kx#|H-obveq1VJN&owdNNsN^eFsHu0rG#j!&9 zQ~LzW=mt7X;JC-I86@A)_;Sak<4X>)(#Fmo;xFJbi{hF;!$oG zc-TL4n)K_3igNfqWL0N1)`iu*sryhDUH9ooeq{gGm)$iR{G*MAOW7qICte*0i(ip(~7B{)f zc0AtMjy?51Dr`b2f7HE#P5 zsO<0Rs%c&hZ~Pw=Q8kzaD6I)2sei78vVL zU>G5Ky1vq+HAyh!pvxEIRo;V1$01n7( z_V*2r<@FtXpNIb)XWZ4>ot>QvW2P=*I|?_00KxkR?<5xS3^d{QZ{KpCEfx)Akx&t2 zu5U20!~%HR$nvF}RUqczr-+m4;gKQ_uO@e!KkIm4$TYiI6_?$7m&hV9=Ceppyq+Oyl3KQ1 zxG6}@@j;JwXNCZjvT1If={`DLjrbyL4lAo=Suc5RIiaP`yzHHSy2@&iLVNFY4hOUK z=x(d4i^h0|H6+E@^h^87DYko*1P3*3KY&m+BC5*67WRys%~w(vZ%<36dcl8-=@YE_ zY)6uBOw!b@(migqJf0-9-mojN-r(DrRI-R@fRX3inP%AdZIfbdAhVFDrpjr_ctfUJ>-FQx6lmr)EqVU8i z9-4gP`|lul%4e@h>Pk~^r-*RbG2H8SzhUAll&J`TRo$AuPVaYE70Oo(K7KFBhGIV@ z?&x{TmnPjkhtrptbMNMFki$6I`NzWvk2sAR`>dzUn0>W1y$v0*Q8RmPdZ=#(Fm1g^ zkSt0LUI~AtH}=cv=h|#l$E(gQoW$2?!)nWB&0`uhq@QNLY?Te6bs{yjf0 z*6?qWpKC0LZtLP#fhC&{>?gNK6W`%ALUiSLt03LE%JdH#Od`64 zjVgxxshZMTz=NI^3(=v&-2VC6Ta5~rKc-;D)F2FCTMZF5Q4D!Goig$9AN0NbMnfMo zZ%tzBM@#z6UUl@1>g*g`WlX-TstUD6ypGH0zVV-gvueVr8y-9R%^;F~T z5E-&adR6+kgJyGCu{p^;{hTxXKyzMu&xp!&G@$ zh<%G~|7gVQr3eSBZ?{~^?c9Te@otVEo_>#)OgG~MmA;gUUv2POn+JNifBZHmIJYZf zgL9byZq+h`-E5xSPL0w!K2G7rEmQz- zoA<=}+si9s9NiBng*|j1JJ~*29i~TK%6~8_9b6RUgiB1u0HKNp(d21BF9H9%7HR+` z)K%B#na_=S0oWQ-oP)ycOC1?MybZNohRV|*IY!gCIfCJJZc6fBmT|_YpoDnY8;{>g z*zXSv03ZmUI>B+g|_ZQ{NV9 zIe1-7HK;Os>8TcA!Pz`he!CVpn4K_Hj_B1TKjE-1oR2x`*DO%0w(xJZ92F3XFG2eu zy3-3!sNmf_TwJv+QWeFBSg_$-@LM(boNt&ee(qSCVWieR-J0w;MW8@-yQ(nJZ8ue8 zx?-1$sW%T!HCM4-gFN9-x(J;1ADECsyV z;1x$N*;OcGA5An!b?$o)a=8CG20KVVT+YiN74`4;9$v65j$BXNbu`#;Z3mYIb8A

Ow?J$s4afzzb+8*DQ9Chfm;fg_T)K3gn41N(z==7EHEp8GAW%|bn7 ztMdNJbLEW~M<^lWs)*yr5n1rH!TdkSNuxRPbYa!gE)2utzW^uuJ9rwka%`(zqH9~b z>j)3$!&`p^(Kae;)5uK77q@EM%u>UaO;AdMl_B$knf4_2o-7Snysr`U`-BrS@SD5n zKl1c$y5`LEDnHp^R;tqK@|ReShKGSOnEkHVKBRcS*KXCVAW{buz0TIuPm9-zzf}z# zMr-==l_^eJKg3WyihC+)nu{ICmbwFvS4mtMFfkxmZSCw(WwaO&vG4)jyRXEf_S-b<(ZHrVCu%j< zctBaMD@884xC0hMP2Bvdqh97$1BzQ?EQ<1%owy<2LCcP1qoJi`y7<1;s=ETnqS%ih z*W*s@QN20ZOX25j9)sios!Bqv;o$;6!Qux1!ARee z!~{E5SN(2PY8?Jvy25HYJ)DaKKd+J(WXITZTYWMc4hJ0!820v-6AI6@O6zqPr zEuR^CsK$e3MMaRo(%EQspiwNvn*SrDgZKjY=pT23E7d*zDGv;TY~y z3B{0~Ej{W!%VGR@^83pucl>+xsS~Mfs9O_CUAb1kL0|K{{~ZK7>YV!WDqDA`EFic_ zojL0;y>;3+dwyfSZ(o$gIWGIL`HJeX7+lZ+Whp&i>16`-YgJH}P8fvsD`P=~Y6(b$ z`<3V=qUr0_Sp7lu_l21%;WI8f3}W@n9SEg&-`u}mNHk8*`)`_$?X1Axt?+Qm{&iHa z^{9S=S|Ca;X%MD(EkHen{&zcI-$OWemL&H85ukUaW+Z#v?KpE<>8D8b*yI*foq_B` z@~EFNY%+_QK~Z*hX6c#Q)8vO7v>ka=rD_I#nuhu}N3tuuegI?-suvM?=dt_O5E`ZT z%!%lF;8oRu=z7gb7XF-&^A;XpS~@Jsu#B3HQYUx`FfEt80LVi%mMIw94p@@(w1~pY z*-yTafXt%Sk`D)17lGfKkva6;aZta%XTXCZ!I5OpvI{H$IHiVvh(H(47~)_J)K84P zzWsQ;LxyZwS^}Q70NA;`OKr7hwl>!~%Hq!QmMaEUX`H9x5OC2$zz8Q75{(K3wHX=T zFH@0>lrUfN#cf&;%?4ETKivm#vnQ37YMibQ#F_zZ-J`wu>&KyLoKH&K)_4Gpnj!$1 z72Mi%8*(!Ywf(&G-9sTgSMbF8rrOXTLn7az7GpH9d&pmcL(cIl;ca5rC7Lr@p4QS| zFIYvlJVv_V0jks_$;ib}>3JI!TX_cg)YF@$3de74j(U)T--K|?fGl(dHFrRn3c!bOF=Vn3|!i5pgj=Q2kMt`5!egHk_)obxvxiq@;6_@sz1O(`BNe)r{*EpBOO8jQG zMT%+sLXL>_VJ3)Il3M$~ zLeD2{Y%=5n*8`}i%D}_$c1~*D+vy5Qe|k+wObJ_5)HUf}k z4GpDk)}!O&qnce(VtoNPf`spqm2CpjrXr|;sjV+?G@nb&%t3KTE@P+NVQNm!9E|@omeb|^cDq(b=(0`qw!dlVOsf6Kw(h-^?YFIZZ;fp`7^-{lxQ^mS%oF?WU$mP9;GOzG(1rv zPXOY#UyE*(f#t1D5`w<$E}bGRt0^zy>Z%PkRs8(?oRi8RqP2hDewQmO*1Bn%bP_xu z$};eIzvXFBpe}}RzBK4fef_bmR8V)R*%&znra_|E?5KpM~0!L zpKmTVGL<%LCPRr+05L9|$8LvrUH1bj4^A&=*GM_9MGv*c5~Q&JLSw#EbO-CE#@N#R zX4qjyMpM+jNB)>Z1%`?{f8Qm7Vvpsz*z%7$!zKs|Uy?0_q(^VtlszJT*>Ri6t|n!uU9Pm%ChFgxJxAzQsmcd;?r zNbkmLA$n&uf)1#mqr_r4!MfYiLoybW{fhL0;&)1~lWp;jb*-adGFK7LEgJkQ!DBao zqDWnFA-LUD|>8mxOyls6kq}y^IH~7u|`f#fKqRwnf z>j|u0Z(4SZH)$YX4{*rCpsylw|M@BQ$+p(bZSln*aEgs}=>&9Ffw(|L`u>cN9y{D; z2@y@&F-ih8@5R8uwxjf=UANN8=mGStfdiGu8Od|lJ0=JA5{O*kG1F2hd_wNK!unn4 z=R)E9RevWWNH%onR72zQwT;u!(S#dgF;&&VjT1^uPo}0Fks^9UiB$%hVenhGrO7Ug z+RLHT*g=%|Wdi441W9=K{lNdb?3Wj(~97tX2#KN(h_1MD5r?|Z?)Jzp_R&6;2p7^br@g9|e%E@q z-yaiFK&oi8c|LXhN{@+`HDA9p=39O-p*6ib&_L0|mhowl)7^-tvK+UKrsT~iB{rA` z#k)l3r$F*G^lfom+P8Rz-V>I%Wqy+5`DDiad`958VDU5h_5Tvz$n)@PFSwiPY5?yQ zXrJqG7#QqxKme^6G*z`YKEnh1F>yQM_EJz?FfUzM8WuNYu=L#k+)>MYK5jzSH)NSF&dJT&1*>7XtRH-NJlFPHUIx zQ`v%9?*J@GxYfJN^#nz?Tv17T1Y5$%ZOgAc%s+Qwqj3o2F-j#<_xJN3GiJH2^E$8NcyCAT6;q!1>i4ZTLraRdSTBVecvf!i>tMRT!25TK zU=!uq+=qn^xrcghk_g!nn)TV2-A%@S2FoA&aC>+nxb~SI!FZ4o)3Dhai)Gq^D)Bpc zA;)P&#wvO3Ui=w#P>Q6rXZ3wTu(0esy(F`lHmICex?C(hFgYNbOpIP)X!`P3sf86AP4mws7 z{ruh77vmgK9Zxi+RSnF&@kw3MQEm(R)Y^&$_#&*>^$>ZdXAQF#p-GNz2ny@-Ki1nx zR&F_!{xrv;l59LVsMvCzp)#*y`CtwktsrYzvn*bl-ig5Z&?!kF>Z>NbV_@mp-hg{o z+`TFhGm}xVa$VQ4jGXT1uI9qfeLV6&>us8Tx2NZcir&Gt8&H2OFHCU+THD0g5PGY~ z;o|0Nonqcm^S$IGOuQB%Df@|AE5tRy_NWy9?~>5A$j1e5+>!LmsZo+_|5ThcpExTn zE)wFibE4MGPP^PT!gyF&K6{GJM-rHb9QTD`GrdNnD&H6`W$L&}qfs!F=%3xW%O-P= zwYZHJYiMY^=LARAsm}j<(?1~0(>E;BRrPc+$I8Lcnf|_Fj|AX?8B37`P0wg}S%w}C z9yIQ&fn%V<+)<+4e0jJfq>%MZD0U+@k2}Vn(@66@v$sz~`GMRt7jJdRk)Vl*(}~$U z9ol_1#*t6;E-&A0J*&m6xZ@gUQK9eOH4j?K3*Hf_KDwJt7NyPvKN2N(=Vi@$6|3Xh z3xbFjF?{Ec&4RjxX$1*`k=|i5GX`6_s+g-X1oSEm;k@iuUp-}QLzYW#y7VOn4!VPp zU^Dm)pSOA5LQ+p5olyWKQ$*i3uuorMf}BEIKnnjmPo(BJzNOV=f`d;Xe#Mr-4%2lbHw076mG7}=#2Hq&eG!{e|c1cO-xv};i+2d^HC{5tq;NlkM8u(sCG&5fj`G+N!xr0achpOOWol2xim zR=qb*@E;I=dHXTV+Pqx$jEJ}B*xdEekB(`X@1F{nB{{H!G`mntZoYi56LU8!mqvOO zqqY(s9mYC7i~HoX?%jM){K@Oo&g9?EXdepQ_|rz6H=Zda`^90)BpbiF)`m&!!DJC% zeY;){PHOp+DRub^rA|(Ve6LK{vO5TVla95=d~&W-?>iRBjx&&JV-$$dyL!W}@C-Feu8EIN-$aG~ z4Brobs#C50yfjAp2y`s_#duJ!_kYWZ+kWiHfj#OmX_HrXSZWolCpV2FkjZsTAe3p( zM>{iyytx@XG#75kgBrkyEO|WXCgHOPa*q9H2w9f~4lC8)XnZw(P}rz_+T-pgy{4aa zA6>>JUl-kMS}dJ1$+u7xFZ~vkO1k%HyO+I{?>Hb$@G{EvgeI}@d~GN8JMnZe6ErHv zt}AgnRl>c)2m0u#ChQ`KGX*OR{lQ$ZkU7gGIb|?5&W4j{Y~F@}G-tk4_Kj7Gur|@_ z_va!z|b=jqLs zcBzmFIQa%kKoN9-$WY^j#Y7MkT3u&B@MasAI@MRY=8(;y(R;<(CMJh1S8%&&)SK=v zcb&-0%v@hjt<%g*>ugyRXd5f9>=YB!Y^wIY?rH*g1L+l`arbm4>|z$}MpBZjFXGjt z5B61cmU>f`dmp`~D;E97*A?9uqLX)SlAU{u1b~?0JhJy12@oMEpmLGqZuKsO3e?jF zrJx=y-FDS-yNApE4w)&*2l-;vW$&b(4ykCQD9|yOL7H>~c9nKSZmiaLP;3d_NBa?M z=AqrZij;Qdi||b=*v!3JoJ0l82iS@=uKJ{UhG8Y@x)6gx_R^qG;&TO!3}SX==J8rv z9RVHtY}vC#K|tGG;ol0(uYe%nMb6cN4_)RHyw;+8bBb&F-moTSCXzf;lB7EzZvb4L z=UlZOZw||ER?Gc*M?JmJWgh^KarORqp zn}TLpG24qqJT@~8yOyXBfSpf#cm9I4*Fu)LM#tyty?JA0_CjGGyjW8RtZOcCpXh98 z3fJ{jQe@;Lc2rZ2(|4ygx^sBuVlKaRAnQzTW-* z;Di@#V2f)5sAi@#dv=mq^DZ*lSfBbk?^l)|;SXMyWX9-_M0@wnaRNX{87d`IbU&eO zYbm;Z@cLMPd6Cnd`)le3ni7lpYz?|ktN_3y`xp_xHb52vxsXuX#nQoL7we?d)EYY0 z?6*+VRkTIr=KSR2O{g@lnWHu+ydjtLk%uhXJ7KDNvdThJEB=r6fY#G0@ zhwF;rBh>`>!}iQPr5k#W=IHO&)|t%`$=-oI%t1oCSg7DI2xeW$`5lgM96&b#9K|S1 zXY6of#N#=ell|Bn-lPo$(4U7(f(2X-fMW>cOy_-g#P?_!k>AnzK~}V{Qq*X!|Sev+)rjebhXr> ze(>YowX6}PdsA%Xvr|rlKJU#r;!+dqMwk5L?C9WXXX&5XZB*gju*~jljPrLz20pz7 z2NJnK8>d@KbV=C{V@}^Bfgz^F7e@z(s0UL2Z}Wnj9{u|o&WrF5NrJU+OrLtd@~4UX zQ3Yeb=&@KeC5HwN6?@sBf3arl-YQfnPu88)jF5@s-UfB$o(65Ug1Ng4;r$<#+FE;sk zArs@nSJ)`}-*OxCZJU|Hh1T_6bw#<-6iIW^R;5am6!I9?i$}l0{;@bo_&f@|me)6U z>z#z%A+TXvx3>EXBac10bqpTr^mYALYZKdmllg*nz`f3FLm$l9$h={_ft&*G`7v$t zATfGm;+NMP8Mn>o?9$WMA6ZLO`!`>c)|MON-%{YPZU3~E(C|`9N?Kkz&5~QuZSVP! zbRXkV$AvtHE$pF_WP)(ppgF!%Y)W}e$61kj_?CIBxuIcCy4fO5%MkOhc5uC6a2b=_ z?_A9|{hYX-ObA;{nQ_rj;6X{0=O+;&MG1a{f2u_)N|DWCa=(*DC|FxG_Mld~)%j_0 zo8r#P$ys1@)xeIEGjP=!Q&Pr~t#23q2%&5*Onlv}!#tTCu1%wy0CBMN#1$`||IycE z^S2MpKW$BuR|tzz&6`ux)JCaKx26vIt+J1GvzT-jTC3S|EqX}Jc44IB5RQ#IwDx+& zt9GMWem!8z#|UJZ=BY!h+Qlnjhh?3<+W5XxS%-Z1m&Jje^H*# zLe}P>731%Wck|{O9p)>FeUbP?%+e@s=`3;l*9pS!6PtsKp$@+hJcy%K^0U@}3l{FB z#knOdB?8LU8S0Ta;1=smTg;J87s-51NtMpb%`BoE`Ffvv+tU#rGJa|01a9_$O44X> z#tJvrwnVoHa@?<4@>oCEhTp%{kdt^<1Ji zOFu%IAwQtoTO7I=bIx=>2n_ldFOh~XkD4qx35{8NF)Q^P9UpVb*|0UHIjVQF zLvTP+Ky-3*AD4G!iejQyA#iE!vu{R{H-6Zfe`_~ev!BoYmD($RY2?Y8Iha1T221Mi%K26`+|_J?)Ei=#Ibq=D4F97B|Igc@ zD}=2j!rDbJh}0K{!MzD8y>z${7rtSdQiG@heY%eGc%1<~)ee2A`SE+C4{|;a)2MgL zmcGGR(df6BeRW47w=Xu1G!lzvZ)Q4N5ql(!ORA2!IUID-v^myC zx>>z9%38dC44a-3shBL(GoX_bumOAR8zOAD=kf}ZYD#_7U)tAeDVswUkre0i>!9Q{ zB5j?q=I_SgKVBl7PFl65-!tY#d24%5W(FHCIv`1T##0jNxI!CW<~63w^_#H?^%?`N zO>&!*GOBuPb?TuFIEYzXCWfXnpd1!mt|=2!im;A%6tI0OKi{mpIjCpN%-5Y|@$Ms= z`Q+v=rmbd_uk+iq57}r4qf!n@geCI&i0E3)+d6#}|ILOLkGKA_D3wQ4*N>>m<=rl~ z*lk7jvd-KtW#s|nU$4?{lHYnuM1?!}I!zst9Q1?gbYcXI*P6-O!DCvcdM7$G@Oq~D zH#gwjd!~}7BIJ_biWC0yx;hsF|_e%oxVpE3eajX+=;XnExJMeK0;#x7hcsE ze3Cq>DDVE^u`jqgDxh*-;X0>*{}`gyn@5FBV2Jta;(FQh;_F*3nQCX6Q%PFsCRTo2p~LYOI(PQsH}Uwonr^MLl4nxtc2xw~ z$j2%fX^yyylM?L|V@h5X6HTTBUja3s&UsVkMI}O=L_s@43TcLaQ&7CO*!11{sy_(^Fx0oBoSqo8pdz0@c0B*C7ZMs{6_#WL zd@$yhymb4BLa5$GNOL$-%JZN$xDCwsvp1wTqH7op#KW5RrCa1^_4 zaQH9mBgMniFHCMQ9p9qotaMniE`r(Hz!bczxUqom3fsAzzKN-mC#{Dzz_ho} zV~&!A){{qfavOzDXS2vxVfl1N&4$C`&oBp$4Yh|G@V}`OXuj_43$hK&nL*4IHc7l@ z+W=2Hjg}#^jj?pCbQh^2h&KC*6dPmMgRpS!b9AW|0f~<&Qufq)#>;>13qc4#LECHJ zc1Gpl^|89QHD?qYZ#_|GbUu6g#|1(uW9U&ol(R#Zs@TeMCm)w^Eg*CJ$ou^_E?tcZ zbX-Y&>LAf0%b0khhXwR!^FX}}y3}&sv^M&C=9E((!Vp#zO5d<-1WkRSzW7sy(LdWS z`@W=dttxXOb=#+T5@)!IY$;Qbic**G_jw+JCkja&z22jd#}in@TO3@)ujO>=pH#kO zOK)N$Hy~)nZzrila@>(-ykQel_eRXEY6w}MR!Bs$iZ#>BEl7C46sK{m57BLEEAA>5 z9WcC9W~H+IUb^BQ+hKSXrOy~n?|0K&25=>1dN9usOMl@4P$wJ0L+3Vz-Cjz|T>`bm zdQ!pT-G{*da1Rk`aA7i3aSeD}t*fiU4v^5hKw-8^iDifN2|jkk=TPQ$#6R9ivlG-6 zhjTivB4@SYF2lEXTm(WAd{r(e?oQDH|zdsL$%O3&Y;+vC}>@FoY zi@I}KzqqfPinI7?JxKtcWy`a9y)a&ge2Zb_p*e_50>ofH#z+U#Gxj+@wv9a-t*x5*h6RHN01C3_V)MpK~6=QYm%22Nbsw1 z)q24|BV1QsKcH`5I#T;Ae=-=r=`y4h5!=g!n*;^X@aTkgo`m_1r{JVdRjEW@@b^d9 z)Bcc)1MYne(=j*WTntQH?yuDukiYw^4|A#7#lIPQMd_z-Oqfi(n&_W!^8K!*lg6=f zqtF;P-TS6q{^upQEXVna6yHA@see(r>JZBE_Q}Dw=lxy{{b$p(`;+-N?gW6&$iTLF znX&Fzr)M2yqq`ROla}eoq{!P}A8a(P|Ni;XiA3C(yg3aY>NXTC3!{c?XH>&D#z6=% zT=5`y`K!R*ojlH$cPYh3&%WNd4Y{oh?EE3R_R0imcgM~3mCd{T5PsATsPoti21Rl# z0R!5Nz1S&!6;7 zs%j;a$P&?#yklGfv^#e<7dN3dTU0zmW5p7^0zI$y)?0r1$$ltG$dADrx_sBm32zU; zK`8(Sga3LI^M1Mh9!m-*(Q$b-)A68OwQ^v$pZgfPW+eEmFS`tCb#edl%$aR(e^RPa ziCqR&`}@40DqeODv-i6sCI^8=Pe~nIs~ntbL!t_zsl{_2(LSdeNrR2C5jmD^gpDpj zIrz%9=GzGCwS;6|u%me~TRZa|O1$W|kLCgkUqSo>Dn67L`JQEfM)N&u=&7_W;e-Mn z;N~_z)A4MlC^Bh%Ub+I;q2F7W%drwRb1dF@{j4@bre8A7|Qd#r74=gsZa@{p(%*n2}>xVGBsmJ2$o$({?Ghe5;f+2H|%T<`I zihudfnjaHkgjN4y0z9Y$&NP)bw5fVYMxl0$q;we@z5s<`Eo6sTe89m21gp_^LaP7LIkiM8zN85+k0ZK`NN*S+2 zoy4toDxnMsF5Kci{xurScj&*pi@>__a761^iP`8_C_l$eev4-AOi|KxtqII`SREj*y zxb%*isSK5NIOb#jT;C8}4|l++UlqG;jF!)~bSzUSwh%Dr-Q*1+DR}7Z2;VErUol9G zb=+a1OKp#jh%NrY%RqHii<^V(1AH789wTYqKyZ*)DFqHI+7xn!`2Qt&%icw+1nm&V5pTgb*@SOj>@st-{B_9Ci+=zdOol!8D=?E#QkYSO*k7_Zi8Xm_= zDF@t}MzY7NUXxZ_u1FF8{#Ct5g-~zeDRSvU>OU(D(>%K`&_-t6kt(*czv(k1hW=#l zvc1j)nsBKy36Vh3MH`Dcvr5kuKYj_m6kgNWna-S-TnCh%V~6iwc+VC}moN^(9Gvnw zYF*pbcM(o+XM?z+bp~+aM*^u%Bgd5@mc~v5n!)tsFMsxNv;+O?8M5=foP8?SkRw<69Xs)?9H|s2k49cWT|BJw%>Bw~jm$!sYfM zgK9HIFT2UCZ+V|-Q;Plgg|Au!=n6b>7J;`Nia6Mv53g@=NrOJfrf?{P>NtJ0jiJb| zN_`I4LYGg9aO`U{*rT=(gZa@#!PyhknL6{JfvF2&lIl zB!lcp2I=h9dZdAw3m7ovChio=;_~?aVWk-{#NQIm)V-tr&BsV*u;kk4dkSJ(2!y-Z zudBP@Q{GjLVQ$bLJUOqM`=-mMPx%z5VC%5A76%Y66hzi|Om?5zG79(1S(&l~^yk4s z581nd@Y=Eb=c6Mz(`!pJdF*1>FC;CTuXot6|2WYSt4I6~En8KIXCE28E3#2A$oY+HnSr=hEDKdRJ`T zNG$K=S7Uj;YU{S8W+zNpyE@ho2anXpc6vca-sDzFdRDqm8I^*-S7o8auEC%OqP(1w zR6=cwy^xj|3Xlf|L!wpdw^2$ak}jWjZ9I5`C-5+xfaXH`Iv|ecUD=am9P7!=UUC#X zZ|^kno&rgL3_?C%eRoisK#pNnM#k)d;U62%rA)_*3vWoh5I^pQtInozxLN%AXGWMu zzl&;;^>||~N-QnUPEQZ{S=Nq{5tmgD#K~xUJ4@g6nsRd{z-?~W`c`G~ilr%Z7k}dZ z+~6=9{Bee`H{6QviXGG=UXaL#D7I}2>v&t*hAa)o7v#enMbUeBK-Tk4cuqnHp}-Rh z`xUeqBxyHWLNQK$iUam)kdKM|&GQqQmxVQNgG9dqe4b}damNQ`Vc$rz^=<)B{@V6O zZ^76hma%Pi@%40>J`u{f3J88&IYm1U3IvrZSSpk<=a`IY2jjzP4$~PnmhmezchgnoEce2@@1DuT53ZJS4PF zuB*IjkS}>Ip{igphjavX89D)$tB`Y@B5GW(Cr=~Q+7SLC#j1JjVr@R05|uTr4IyVZ zKFI70thL0R=joOiHKw{O$@$ztCEC^6j8_@N7r`ZT&5ZQ-gJ8)%z}ZAd`ZY%Md>+CPBF(4SA+d%1?9bn zV>8bg84^P_FOQe#Ze)k?yv&RDZ+ui~KJRe|iV=Bp9?sw}gK)Uk{$xZ(MM*_81`QcxGMgA9>|v=Gr|Vm++DWsePCaj6{EfBj;>@2)o8z`$1?g9T3w7@ z>j%3jVlPTNc36+MresX-v3%j5nm(H?xFw*xcBS(B0E1XZS0JJ7WO@Sk-#~7zd(nuA zX~J-TN`2c2iC!|ol3gZeSOES4vjp#7o~9@!3m?FYVm$5 zIX)|DWH|ba+|H!S~FVmgG%4%7T}tm5((nJ+#oK5J91v-`}-tBsTyTkDdZ zLl0m%!NDnH+-)~Ox>F!>p)+h&Y!2s+ei3W@# z{3jDO(#@o=R34o8kl>wenQQ$Fww!Pv(^7v%XG$jyWRkje6n9zO)#Yza+XBHqr=7lY>{h z&2Nwbo^5KhE+z6-oQ%KNR8$$DgAAB#ho04iw^d1?oRh(x8(`YP)&Cxq-zp!xJaTAC zIWH&f3OVfJLi@)Mlm)PLFS+aBlTK;NF4f3{sYr=i_2NyPZ(IZaGU%e3!f$n6BRSds zxxxB&mLS>pYK_f&W?B0dcUHyL=30`$$}kuh@F?Jo@G|TipaO6CSNU5%5RcL%Rg&vh zq;}dENfHlu%TL@B7^ot~It_mNk2~-H*zEUMzc5m8^Zai5uox7&r@a7gVfm zTIZZA@5Jy3D&t#7F5hN$wG4zpS;skqRD7m7|y7QKt zbtS)DOJQsA>l(fN6F<|e$EV|y33=kYa5z6NPHU}h>PsnD=Nh`l7w(IA&t3P}3t~yv z-NEC<`H*mP0^e#HUQE6kbze*fZ1a)Wc25+_5JO43Ev$CAHvLo(23d8FwU2NQ#7BNq z7@&Jb(kQ0uND`qWW%2jr3f)(lDX3b_s(NU)L*ZN7QY@oqc1;O(^P(xk_W;#e_OCtt ziu`6OuSoVrFD_KbM9^Tqv;4>>*oor;Llvz9^zFDOf0YazWGV2>2)hVph%%9lXK~gV zVD;U{nM9#W{$o7H>`#B6dup#xwVK;~bE|X51~~bB3{FUV**3RJE06HMyms#cXN1_m z;Y*o?Wr9&u$7Z=7_|wpb*qBSxGK%NO+~AMDX2_WMuB?N9z%(4R;ZfLh-RINU$pvD* z_RN8Nf2}4KrKf6qQxNOXIahqV?+qJgsrT-z>DAz4w=i6=HFGD|RFYV(-=jNjO*aW% z_QA*tRZ?%_3J0^Z&P#vej9_8ba#uzNJol>6OhWJxTNZ_891F8H=lKcQ<)MI3(zU>< zm&eC*RV_EpO|a?oVWyy-efmK4a)+wmx(|DTa_@2q-!v>jgn&#M6uaHhyUD+tL{@ztC)BiC+KTg`}W#LdcsSc91kFs z*1E2UG_&|KpT9hACK(;N!CWeu`HQaH=dE$T`Hh;#KTiwyBCD3$u0J$TnM;Gb!_lCPi)(w>4ikp3->cXmM2swFo0Fk!@~sia`F+e`4M zkPQ5~Fcp1#T{s>uY2W>%gv@tjC(pxIRP>7}V6qdF*W9Rx_?a@6ial!UWyj1OnwupW ztEFqs3(i(|6kz2v7RYb8DyHwOV19jnRGw%a6iF+zWSd{Fn|v0F$Y%7hV|BzjJxwX@Zh={{eD|^3eTa6gG}X!W4_y-osw`d*+{vrB;|GUg$X`iZ*^BoN`ecmPX2uDQ zT#|2(Tuhl4GF8+II2X`8MprZ@DckeatX8LtC0pxKjA=qU>(vSKC_Nu2Q^FfB!3y}i z=ze~GR9eu3be?!oD>c=k;nJF`l6q;$eTR13S0bMEUYze~Wr|OJ7gvsuxb=q*=?705 zP%`{o&~9T@e1+PZES?V`N@H^wnCr3^(rZY#QUQYrfl6JXnpHi^v3{`WZg~l8Kt8WS zR#V(+Y0w~-d!*{1sFCW(t%~H|MF}nM^utOFIK}y5!ZHdA#qj;(VMhntQ|Ee#y}6of^sIE?OTHrr9@f?-E|CSDy`spEYP&%%<L}UCWgQ z&U2SXZn#z?y0xEa?$DVs&K8ZcmK=+^XqycZ|K|m`Z@lA@Dhdg8lKE*!Bft{DQ0sQe z(l*0?r)5{z6I|^#+{?Pm3yBu@aTNk;O&yhWs3QV5vskx!OFz6bKZziB~sez0%{E>$<;6Lx+TxzewM^ zINaLm-d(4Czne-tBcJ$wn8wIF^fp7FttoqLLizkkBxD?jbO7=kNo)pm9(r=~HhqD3=7!RR zWBrkewVr!|CNkp>l*z<$y9Q=m>JNwN>e7^o+ zFzHM)C$)nT|7X%1?GBi#6-&k38470C_@gLqK|w~B_FQW;nm5GBxUFA?)%d^6l!oX2 zFHidC;MspnEp$z(Tqq*Wxn)yxb%1&iCEK9hM+QfIsN9TBc;>t*RCiiJS9jo3pKIq6^_; zWdNnkAd;e`==8InaCu@zzax=JxN(X7Y`Bg5;M&)v^R0=Go){0MNsqiAliJye)*`QCoLl9@>g( z!DtC=P#7CVq&sCFTn<`8loWZjBagJTQMFYHeXdq93lMUipPwC{=Gy$m)sH+Z(^XqO zVmuEqfSfX(k4KI_;vjhLHnk_qL9Yrg82@I^p_A_hpvIYYC9b`iiP8pH0Vw&V2_DmZ zrJ_a*Ip;_9My~+Hy}CBIMV4P84V|%Rj<*qZyM7!mTy{!osY1oLdC&s_0Ud$+as;_x z=rpH1%yirOC=Pk=o12(szreu-PF6TCA7;_CqHv90?Yf%fNV4Jcbp|M+wVDFnje`)u zBu^PVDuX~U(aQN}_h1yvMv~d1#tBHTm_m7ZOW&9X-A&5dl!^;bQ((%(ZVTZ+6e_uD zN%EL6TSD5Zf9Akq(8+cP9@J2%-u1gQk;B><}bJRlduc=u7QHPd+e0gSD3;eZwg&{#^}lr zbWJ{<0CVX!p`lL$NYuW0%F8jF^d#L^`56MS_v{ay(}EzI07-NbfoS_ohKgV*cIAD-H;(_24xWlh|&xEV~)a;%oy<5ve@f z>&MYhUTe7@YR)t$TjSq3fbu0!_LTt+w`vi1WC~R4NriO9aT4ni{CrQCSeo-OA-n@* zy%=_SF^~y&$oIP5%TdjtyAGVozrW6XWh<>f#oZcJ5G%lLEgq<=lNyj*9}%J%OMu8& z3HmcO*B;aUp!%<04f7*u=^TQd;K$)10BPvw-?D{So&rTOxYWrDbE)Bn+W`3Y2axAi zfr91GK$rJb2!`Dz=M_YtH=#mvHc*gK&n^8`YR|IG7$ER@%^sCoVbf`A^{@D7pD58V%rq*B&sru zJ@})wKm>_~3(gn{ZRbpg!MHo3sY^AZR2f|JvHFvbZRdDZ|@>uoWdkrtP@9czh+ z-v@mTSn+q@?pY#f=+I}RGy+|!DbB*VO+#vBq!8%^rvt<|N?_j^ec;a`>6H<8`s&4@4syd|U(y_9HL_@X<)0K!9FDeQP z3vKFyxN9IB(7Rb_;FMe1V-zCTa9iueV~9U$-VUn7G+(&*`u4=j&$-T0c!T@M0CRqh zFFoPC0QfOE8g3n?kxiy?(#9zG@deFz0^x;mrj22?k)XsSIAXB}5)%{uibbLai~_a) z_MZzNz)}7b_i^+$?y&!EHKIrU7vkjqiCy_`pX7TE2$bC9K)GOf zW|gECNr5@Y0=uw%bv4g|Q>rWNFt9gSYqC72~C0qx$}nm>%6o)7#)fb z_}2-OZKoH?& zufJGQGL5_{J#E!X&`d#!=?`HVu3ZX0%s}~*cr!HP<=-G5OfrZ;i4thqk(7uEqzmso zA{$M)0c{NC9E4>Gu>Te3y?ywtcn9Ro8dSr$gpH?`nbCmxr=ZJMI7+{ZZ~MB#U4UB&TUo_4sUA(y8E|XU$e7*_Mx41}9Pk2|z?N_` z_IEn%BY$!DiX~%IV0Y;cV8TVO7NB|}ei%jr4GGm<)2dMdexM%#sMLEY*G^g2v2f{W zabE)y6Yi=u1lHENoir+e@jqO}&8(M0cNc&~qL}(}rdkc;PL4f9-<)L!$?6Bc4j<3Q zU%34DA`Cf#LBG!4|Ajjv_ex?Mv#!1Riq-Z@wFk8an&XIadE zZ@LPOcw#HQ1OA3-E`T++{R4BwP+rRap7Q#@?CuDw6cj>)twrZd$Q$qc)Chv^0k{;# zGrBu#Mx|R26t#b@07a2q>-scrZsJL&n2(gF0m12**5PUdTjG3YZ=Jy z?FqUw-+lp@ZXVQg5yJgi`cKb{rWW$+MO6|{drJbBI(nkMxY@lVj<>SJGiaemhz?mK z4zw2DXJ8}2T#V#KtE(jrR@Q>QtZLcgmVU`5*VBG>J5ueP*=RI_A}~(*$bPef^H;nV z%Hdup)=U8LK+#7|yMU~$Mk8^zBSc_Ci(!&#Lzn(n=&4q_fJ*gXm$Y}Lrrq-^PgwxL zfxiv+AV>+7hDpa6ksvD%yG`Z=)pgkA){u7Y2y@$f*jd6gy}loq_MT%9h@uo`sCO~W>fUnB3qlLSc&=u2*9ZlRbG`HcTH(BkX|HzEwBnk!<=fGYQUrB zoo@km|4rBUrr^#N67mC%gy7^4?$O>b^I5SbIJU;Xyed&O>#@73Gt512?-p%|G?Nzw zp12)}z$aKeppzAQtxCgYPo&=rY4l#dQ>?xNrYK>Gp`W;*7P@a^S7}y|XKu{{teowu z$7tN|;sUi9BUZv~zS{ITO3xQO*&G46edWk5SJ)BVx|o1`ZK{zOdQKA8&h2;#1>nkP zLTab3!2!FIp->vgKg3GddKm^ZF80N>FTbhUq3d{}k^sar*T!+|*o@1@Lf6_-9c-S5 z8yezp%HMGFcYy&3bGlF~FSGi1yeOf`7)DZUL=uonlJGhdiQ`Z+;0SCVx!)eg9(!U{ zRv^U2PubexkX+YIGe&nB`iSEx7}b(i?_fSb#d#y5@|5u)<9K5LRT8~Ytoo?-f?j2{ zH`bdgUFJnemnZ!mYx+qz2=Ug?faNSlGrNyy!yY`w6^a$Mm&%W;NTPVJzi zPrFtD?W@JC?4V;YFpaq$Ys4d=@Il~$RZc-B29=`T@E=aKjW6k>K}7HN0hcX-k6@YjGx$Zq*LUY{ey8nU}G znw&{<(c=}Lsrcw^#_oI=ItCxmhzYc&7vB0=gi?pHKW)EbbE)Joou%{}taI-S^kgV! zp>N@P1eJ&_v#m@@SZS$cbx;a6TfO}Chv`Eqgz(xU_r6H|0Kv=$o9XgL1oz2@IeA-^mhc*3LHud69H(v^nlIE6mg&kkx^S%6!O{4|wog>oWS zXt$|LJF7Okm0~?U%`Y{5M-pw=LSKo`sD}11uPN_2zP<&eh73CCs8J%}t5kpW^dWj2 zA74uGCIB#vO?DdYA8~NCoK9^D%5BZ62>4oC2pK{*tX0z00;p(9y!rZ?g1j4*>kevp z2;$XlT{hT*K57gj=pE+f9E7m1=^T=V_cpJZt5LdQu`gAh>h}SR0Dmha$ zQm+>VaTJGOC6JYGyocm3Na+&!lLWYM)I8wR1MI^1bXdY~N76X&-~}ynd}t%_93!=9 zPlr$BPf(>ht!;iK{e`V_uLO}!*3(2%))DjN4{YoD+7ef_WZfjzVH$BNA$KT%>J~k& z`wYFqN1U?f)_7%BQ#6j<_G;gN`Ml32=pUbuGV_{rB|U1(pmEy}c3(LBX|X7Q`|)B@ zO_dls>RCM~?fgXkW2u{D^78EwlGozBHG||2a$i8M?Xlr^judj;Y=i`G?@e?iF_3);YtntuvJD zW$sF^K=WCjOQnCF(DF^$;p)sGEM98pJ-|{eEqz zpD+HH@bb2*Mef7B1KYzq70hY_TyIY8W}T( zD^5S?_RuoEX%0_kk%1Z({cxZ7Z)@J|$NsJ1+y2Y{tWEmQSNg9LXRLCIK_e8vDaift zSDffMDEz*=_KHDz`)0wv6@D0nN87`l;Jp+i(a4tKtEWsps`UMJU|XB_@54_2--?p$ zkNy8IpZPA|7hL!!FFo((jHV+D4&FM$FK*e$NKaDL>p^EAHex0 zi1N2=rVoP$)JSy#J!3n$`cn)@wpMD9QC--a+%L~2*CktkhjUlE&3FD#hdlI(ktpN! zIq2Zm07C<)8$F6N1DGG}pirLXB7lxYtj`0a0)h+J0W6>Fv+Q9ijJa5gaAj9f78%8?8WJcNb_hRGP48D(avAZWbZA zPf@n*Q4pXBpTOY1oCH;v74v5R(sJ5P&QGWn01-^0L4(x{=RHx0E`;TE=9;osD!~+= zKcm1LANbfx-{g??3 zI0PudD2f7%h3D4$eypL_{z*Hm3@29}oi`&Gxh66f4k1KwO6+uhac0SEKgPBF z*cX3h7yb~^eK$Llk=DmhuB?Mx(5AqL$4fwhyW(^Y|2ykQW*|YsH zvUrMkRNe$kMbq0p$hnh;p3ZyNHlAUA#3s7fLkp#bQqrCW$&?9Xpk(%-`|%r#*T&@s1>N5_2B9x4aq3HjBOrXKU1os6vI z;keawr{y@=yRD+i(`ZbWGcp4972OPfDSqo2F|F#s=4E;nsIUiT=VDLq4Wwd5vkH1> zp`h>)mx>WPh2k}!x$?U4!Fy?7bQH~qT^MhxZ8GqPJAC@avIv(;EO0N|KwB4#l7DSn z;qD;t>1pozvF+2nhR6#WR!Fm)e;uZhAVpbcs< z&+_x%2d>Xbr?*=R=38%wY+=MFKTyjN4h7<3xW-{f#%$7JuH-@m{C4d3P5#GFI5!y# zpeaCz4l)m>-E(LNsV}%vQ2Ip6vF)j_ThhDHLTV;&FQibCH43kto~`BbK$`d&+IU(= zXuT69v_1*B4#Ao+WYWrrSKQ8b4Mo{@bQg+E4l|NEvI>QSoD)a)H?~P8sE@#y-9MKE zWpiG0t9_}>Knj!6yVX~<@lx}}P1`E|$uLW|o6k`(dGq)>achpS{#JeXc)CorhSb0h zfa;%@^aW7u=BWh7R52k}oo*tw4WLs!HinlGrUjr$ZMTy%7!bc@+|ahhACbH6_F>r0 zwjW@z?Qz@y>dOIJfwc6F?VQT*=|Xez?Ycw|8ozS4;jpOU09X6e`x@tF5It00so zdsoGjzgXSY*4FFB7cMXwm7$AKL^km@)D)hb3eQ{w%!d^NpVb*G5sx(-UVY7kL$W36_Vb6!RdeT`mHerXuYrsw3tw(g5YJXZ)xCC{EvJzf9_{Gq7PeMz-^p z7Q~2uiXKyio$r%5n0s8%mA-vHi3o*pF00u)B--c7>;1(}L>x}AxR7@Fbz=EvaBNBK zv6lb4h+kU32XcRY??dTDZWhSu654D}&3w%-SbbQTWq*wyY;=DnRfLM)^a@!_o@R%P zlg4P8_h;Zgez3uX+^pippv*XQv-Dv5oV}A>ckc&dj*|1<;`u|+SD%i0(IBnS;-Y6@ zkQUb`%%ME~lRf1ZbgKhQw?pO&Il2BCJhd0?Cfn1ncSw{$;KEk-QVv+MDKL7Slje3# zW~P8XTb3rNPe`&0|_z#5Q|08 zC!>{g>>q=`ef9xA1>}o9=5yZ6V0nt34Dn6Y!ZxPb7%QZJ(&4R!^v4vv8@^+Am!%I3 zxF~@3oLo3S#I9r}L6RS15yyAy3|y?dU8fM554$!O-_@&9YTYhvc?HyPh2pnjpn(>+ z`R&7f$GQmq&GPAVZufgCa4V0>^|D$hw(7V&rQ6ptYx7PyE1*;NtS9FUqvSr#*1LS? zI`4=U&+;6iLpKj}$2W?>5^eiWn1*VSJc-vKa~4e`$5~kdOn|5>a)BVsA6N*T1?y26 z+B0C$Hq7X@fw=Vvc3%}gKqEd}6iwpPX8WhEg7L+WSTHu_w0o*B$_q}w6hyL5AyNX# zoVR-{$X5W&T~*xbViRQRas}{RO)yrl<${6Izx>!?LQ_KlqWeq?*?KS60^xZ0NaAmN zUoDbf2#%rnoI$hqM_(V{3~2Ogd>UpUJb{wPG|$=`hz{e{V03?UPW~?u>(5 z-h5^Or0JA_c2p(rSw=#p!hM=k;7#;WHeoazhnQ(mRUvkTHCZHu{R;EawhpB!_?t$8 zK=%X8l8Sv(^~9gee1l@(ZSdHQg|GRY->f6nvc~^0m;6^Wl$$GlSE#JMU zceDOyv&&mF6?#_^X+l=;v?5ZlI8ZpOm1`Y#y#AA)6Q)0!2;mMsKDxD*t*?WXv~7l! z;YPlFE>LY|WC;74w?XhRTMiJ6-EGKR$!}1jKk2f zwtnU3#_^t8&!y^_)HGOSWod@6jEqNqc*O#XV7y02A0$nQ8cd|`%ggFIxZJ$bhKo&{ zY9BLjR*bEO_={uO>-e?!o+@Y3;X+HGDK{v;EoYMX_(g z#haHL`wBdAX#w#Q5+GrmTtGg%wJ zGq_tp%je>cZr2lB#Bda}f|faA)x#`iWwnb}zk?dYdx58FXYNi)xishR%ZfvelA!T~ z&6`-a*qoUVFhOBo->Wq~-Jliz*Q4w+Kb%+=QO?WC6f*CW=v)7p0;l=}WTS!I??*p3 zCQLN)H2LRRoMP3NbIy6;$>$#x5ApDxz6ET*gKv-7!Whe0|Lf)QyP)g4KRn#^dfn${ zl~uDF?=B0L6qHJL;EhZb&yZnRyiv;JTI13m+0kp~yEwAER-3p^+btMa4E(x&yUI$h z^nXXXzQ&0~kFQx}m1tW#mTo!FkQ$LO!JYTpim$-o(!Bpxn$9XqHcA3J&u%y6SGmtf zT;x7=IdJ6&lNN9$KewdrOAT=N(=K93X&rDYxB2deS-(B4`bwTJyzun(4}maoaACV2 zSf=}LnW=L(JiHfpGLv`s-BR^V;97Fi-PX((g1A;`{C42|_wC&;;Gp@gM2(Im2lx@~ zWZGo!L~ zUawxcp5JU%^W(z{Nubf6ZUPIXMd`pw1L9Fo?`n$%^wzcoJ0Z8C0=t654)KFLK + Troubleshooting guide +--- + +## Frequently Asked Questions +1. [Why do I see a certificate problem when accessing the topology service outside of my Kubernetes cluster?](#why-do-i-see-a-certificate-problem-when-accessing-the-topology-service-outside-of-my-kubernetes-cluster) +2. [How can I diagnose an issue with Container Storage Modules (CSM) for Observability?](#how-can-i-diagnose-an-issue-with-csm-for-observability) +3. [How can I create a ServiceMonitor object for Prometheus if I'm using Rancher monitoring stack?](#how-can-i-create-a-servicemonitor-object-for-prometheus-if-im-using-rancher-monitoring-stack) +4. [How can I debug and troubleshoot issues with Kubernetes?](#how-can-i-debug-and-troubleshoot-issues-with-kubernetes) +5. [How can I troubleshoot latency problems with CSM for Observability?](#how-can-i-troubleshoot-latency-problems-with-csm-for-observability) +6. [Why does the Observability installation timeout with pods stuck in 'ContainerCreating'/'CrashLoopBackOff'/'Error' stage?](#why-does-the-observability-installation-timeout-with-pods-stuck-in-containercreatingcrashloopbackofferror-stage) + +### Why do I see a certificate problem when accessing the topology service outside of my Kubernetes cluster? + +This issue can arise when the topology service manifest is updated to expose the service as NodePort and a client makes a request to the service. Karavi-toplogy is configured with a self-signed or custom certificate and when a client does not recognize a server's certificate, it shows an error and pings the server(karavi-topology) with the error. You would see the issue when accessing the service through a browser or curl: + +#### Browser experience + +A user who tries to connect to `karavi-topology` on any browser may receive an error/warning message about the certificate. The message may vary depending on the browser. For instance, in Internet Explorer, you'll see: + +```console +There is a problem with this website's security certificate. +The security certificate presented by this website was not +issued by a trusted certificate authority +``` + +While this certificate problem may indicate an attempt to fool you or intercept data you send to the server, see [resolution](#resolution) on how to fix it + +#### Curl experience + +A user who tries to connect to `karavi-topology` by using `curl` may receive the following warning or error message: + +```console +[root@:~]$ curl -v https://: get secret karavi-topology-tls -o jsonpath='{.data.tls\.crt}' | base64 -d +-----BEGIN CERTIFICATE----- +RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe +RaNDOMcErTifCATe..RaNDOMcErTifCATeRaNDOMcErTifCATe +RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe +RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe +RaNDOMcErTifCATe..RaNDOMcErTifCATeRaNDOMcErTifCATe +RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe +RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe +RaNDOMcErTifCATe..RaNDOMcErTifCATeRaNDOMcErTifCATe +RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe +-----END CERTIFICATE----- +``` + +##### Configure your client to accept the above certificate + +A workaround on most browsers is to accept the `karavi-topology` certificate by clicking **Continue to this website (not recommended)**. This will make all other successive communication to not cause any certificate error. Anyhow, you will need to read the documentation for your specific client to configure the above certificate. For Grafana, here are two ways to configure the karavi-topology datasource to use the above certificate: + +

+ Deploy certificate with new Grafana instance + Please follow the steps in Sample Grafana Deployment but attach the certificate to your `grafana-values.yaml` before deploying. The file should look like: + +```yaml +# grafana-values.yaml +image: + repository: grafana/grafana + tag: 7.3.0 + sha: "" + pullPolicy: IfNotPresent +service: + type: NodePort + +## Administrator credentials when not using an existing Secret +adminUser: admin +adminPassword: admin + +## Pass the plugins you want installed as a list. +## +plugins: + - grafana-simple-json-datasource + - briangann-datatable-panel + - grafana-piechart-panel + +## Configure grafana datasources +## ref: http://docs.grafana.org/administration/provisioning/#datasources +## +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: Karavi-Topology + type: grafana-simple-json-datasource + access: proxy + url: 'https://karavi-topology:8443' + isDefault: null + version: 1 + editable: true + jsonData: + tlsAuthWithCACert: true + secureJsonData: + tlsCaCert: | + -----BEGIN CERTIFICATE----- + RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe + RaNDOMcErTifCATe..RaNDOMcErTifCATeRaNDOMcErTifCATe + RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe + RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe + RaNDOMcErTifCATe..RaNDOMcErTifCATeRaNDOMcErTifCATe + RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe + RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe + RaNDOMcErTifCATe..RaNDOMcErTifCATeRaNDOMcErTifCATe + RaNDOMcErTifCATeRaNDOMcErTifCATe..RaNDOMcErTifCATe + -----END CERTIFICATE----- + - name: Prometheus + type: prometheus + access: proxy + url: 'http://prometheus:9090' + isDefault: null + version: 1 + editable: true +testFramework: + enabled: false +sidecar: + datasources: + enabled: true + dashboards: + enabled: true + +## Additional grafana server ConfigMap mounts +## Defines additional mounts with ConfigMap. CofigMap must be manually created in the namespace. +extraConfigmapMounts: [] +``` +
+ +
+ Add certificate to an existing Grafana instance +- This only happens if you configure jsonData to not skip tls verification. If this is the case, you'll need to re-deploy grafana as shown above or, form Grafana UI, edit Karavi-Topology datasource to use the certificate. To do the latter: + +1. Visit your Grafana UI on a browser +2. Navigate to setting and go to Data Sources +3. Click on `Karavi-Topology` +4. Ensure that `Skip TLS Verify` is already off +5. Switch on `With CA Cert` +6. Copy the above certificate into the `TLS Auth Details` text box that appears +7. Click `Save & Test` and validate that everything is working fine when a green bar showing `Data source is working` appears + +
+ +### How can I diagnose an issue with CSM for Observability? + +Once you have attempted to install CSM for Observability to your Kubernetes or OpenShift cluster, the first step in troubleshooting is locating the problem. + +Get information on the state of your Pods. +```console +kubectl get pods -n $namespace +``` +Get verbose output of the current state of a Pod. +```console +kubectl describe pod -n $namespace $pod +``` +### How can I view logs? + +View pod container logs. Output logs to a file for further debugging. +```console +kubectl logs -n $namespace $pod $container +kubectl logs -n $namespace $pod $container > $logFileName +``` +More information for viewing logs can be found [here](../#viewing-logs). + +### How can I create a ServiceMonitor object for Prometheus if I'm using Rancher monitoring stack? + +The ServiceMonitor allows us to define how a set of services should be monitored by Prometheus. Please see our [prometheus](../deployment#prometheus) documentation for creating a ServiceMonitor. + +### How can I debug and troubleshoot issues with Kubernetes? + +* To debug your application that may not be behaving correctly, please reference Kubernetes [troubleshooting applications guide](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-application/). + +* For tips on debugging your cluster, please see this [troubleshooting guide](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-cluster/). + +### How can I troubleshoot latency problems with CSM for Observability? + +CSM for Observability is instrumented to report trace data to [Zipkin](https://zipkin.io/). Please see [Tracing](../deployment/#tracing) for more information on enabling tracing for CSM for Observability. + +### Why does the Observability installation timeout with pods stuck in 'ContainerCreating'/'CrashLoopBackOff'/'Error' stage? + +Check the pods in the CSM for Observability namespace. If the pod starting with 'karavi-observability-cert-manager-cainjector-*' is in 'CrashLoopBackOff' or 'Error" stage with a number of restarts, check if the logs for that pod show the below error: +```console +kubectl logs -n $namespace $cert-manager-cainjector-podname +error registering secret controller: no matches for kind "MutatingWebhookConfiguration" in version "admissionregistration.k8s.io/v1beta1" +``` + +If the Kubernetes cluster version is 1.22.2 (or higher), this error is due to an incompatible [cert-manager](https://github.com/jetstack/cert-manager) version. Please upgrade to the latest CSM for Observability release (v1.0.1 or higher). diff --git a/content/v2/observability/uninstall/_index.md b/content/v2/observability/uninstall/_index.md new file mode 100644 index 0000000000..5b272bdaa3 --- /dev/null +++ b/content/v2/observability/uninstall/_index.md @@ -0,0 +1,22 @@ +--- +title: Uninstallation +linktitle: Uninstallation +weight: 3 +description: > + Dell EMC Container Storage Modules (CSM) for Observability Uninstallation +--- + +This section outlines the uninstallation steps for Container Storage Modules (CSM) for Observability. + +## Uninstall the CSM for Observability Helm Chart + +The command below removes all the Kubernetes components associated with the chart. + +```console +$ helm delete karavi-observability --namespace [CSM_NAMESPACE] +``` +You may also want to uninstall the CRDs created for cert-manager. + +```console +$ kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.crds.yaml +``` diff --git a/content/v2/observability/upgrade/_index.md b/content/v2/observability/upgrade/_index.md new file mode 100644 index 0000000000..b8eafe9dc9 --- /dev/null +++ b/content/v2/observability/upgrade/_index.md @@ -0,0 +1,40 @@ +--- +title: Upgrade +linktitle: Upgrade +weight: 3 +description: > + Dell EMC Container Storage Modules (CSM) for Observability Upgrade +--- + +CSM for Observability can only be upgraded via the Helm chart following the instructions below. + +CSM for Observability Helm upgrade can be used if the initial deployment was performed using the [Helm chart](../deployment/helm) or [Online Installer](../deployment/online). + +>Note: The [Offline Installer](../deployment/offline) does not support upgrade. + + +## Helm Chart Upgrade + +To upgrade an existing Helm installation of CSM for Observability to the latest release, download the latest Helm charts. + +```console +helm repo update +``` + +Check if the latest Helm chart version is available: + +```console +helm search repo dell +NAME CHART VERSION APP VERSION DESCRIPTION +dell/karavi-observability 1.0.1 1.0.0 CSM for Observability is part of the [Container... +``` + +>Note: If using cert-manager CustomResourceDefinitions older than v1.5.3, delete the old CRDs and install v1.5.3 of the CRDs prior to upgrade. See [Prerequisites](../deployment/helm#prerequisites) for location of CRDs. + +Upgrade to the latest CSM for Observability release: + +```console +$ helm upgrade --version $latest_chart_version --values values.yaml karavi-observability dell/karavi-observability -n $namespace +``` + +The [configuration](../deployment/helm#configuration) section lists all the parameters that can be configured using the values.yaml file. \ No newline at end of file diff --git a/content/v2/release/powerflex.md b/content/v2/release/powerflex.md deleted file mode 100644 index d3ccc03acc..0000000000 --- a/content/v2/release/powerflex.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: PowerFlex -description: Release notes for PowerFlex CSI driver ---- - -## Release Notes - CSI PowerFlex v1.5.0 - -### New Features/Changes -- Added support for Kubernetes v1.21 -- Added support for OpenShift 4.6 EUS with RHEL and CoreOS worker nodes -- Added support for Red Hat Enterprise Linux (RHEL) 8.4 -- Added support for PowerFlex 3.6 -- Added support for custom file system format options -- Added support for dynamic log configuration -- Removed volume snapshot classes from helm template - -### Fixed Issues - -There are no fixed issues in this release. - -### Known Issues - -There are no known issues in this release. diff --git a/content/v2/release/powermax.md b/content/v2/release/powermax.md deleted file mode 100644 index 03eca59072..0000000000 --- a/content/v2/release/powermax.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: PowerMax -description: Release notes for PowerMax CSI driver ---- - -## Release Notes - CSI PowerMax v1.7.0 - -### New Features/Changes -- Removed Volume Snapshotclass from helm template -- Added support for Multi Unisphere -- Added support for Kubernetes v1.21 -- Added support for Docker MKE 3.4.0 -- Added support for RHEL 8.4 - -### Fixed Issues -There are no fixed issues in this release. - -### Known Issues - -| Issue | Workaround | -|-------|------------| -| Delete Volume fails with the error message: volume is part of masking view | This issue is due to limitations in Unisphere and occurs when Unisphere is overloaded. Currently, there is no workaround for this but can be avoided by making sure Unisphere is not overloaded during such operations. The Unisphere team is assessing a fix for this in a future Unisphere release| -| Getting initiators list fails with context deadline error | The following error can occur during the driver installation if a large number of initiators are present on the array. There is no workaround for this but can be avoided by deleting stale initiators on the array | - - - diff --git a/content/v2/release/powerstore.md b/content/v2/release/powerstore.md deleted file mode 100644 index d6a7ba0bfb..0000000000 --- a/content/v2/release/powerstore.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: PowerStore -description: Release notes for PowerStore CSI driver ---- - -## Release Notes - CSI PowerStore v1.4.0 - -### New Features/Changes - -- Added support for Kubernetes v1.21 -- Added support for OpenShift 4.7 with RHEL and CoreOS worker nodes -- Added support for SLES 15.2 and RHEL 8.4 as a host operating system -- Added support for enabling root-squashing for NFS shares -- Added support for disabling snapshot feature during installation -- Added the ability to configure nasName per Storage Class -- Refactored configuration files to use more generic naming - -### Fixed Issues - -There are no fixed issues in this release. - -### Known Issues - -There are no known issues in this release. \ No newline at end of file diff --git a/content/v2/release/unity.md b/content/v2/release/unity.md deleted file mode 100644 index c55d3abb62..0000000000 --- a/content/v2/release/unity.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: Unity -description: Release notes for Unity CSI driver ---- - -## Release Notes - CSI Unity v1.6.0 - -### New Features/Changes -- Added support for Kubernetes v1.21 -- Added support for Red Hat Enterprise Linux (RHEL) 8.4 -- Added support for MKE 3.4.0 -- Added support for RKE v1.2.8 -- Added support for VMware Tanzu -- Added support for CSI Spec 1.3 -- Added Volume limit feature -- Added support for secret in YAML format -- Added support for Dynamic log level changes - -### Fixed Issues -- The flag allowRWOMultiPodAccess: false is not applicable for Raw Block volumes and the driver allows the creation of multiple pods on the same node with RWO access mode. - - -### Known Issues - -| Issue | Workaround | -|-------|------------| -| Topology-related node labels are not removed automatically. | Currently, when the driver is uninstalled, topology-related node labels are not getting removed automatically. There is an open issue in the Kubernetes to fix this. Until the fix is released, remove the labels manually after the driver un-installation using command **kubectl label node - - ...** Example: **kubectl label node csi-unity.dellemc.com/array123-iscsi-** Note: there must be - at the end of each label to remove it.| - diff --git a/content/v2/replication/_index.md b/content/v2/replication/_index.md new file mode 100644 index 0000000000..287417a574 --- /dev/null +++ b/content/v2/replication/_index.md @@ -0,0 +1,120 @@ +--- +title: "Replication" +linkTitle: "Replication" +weight: 6 +Description: > + Dell EMC Container Storage Modules (CSM) for Replication +--- +[Container Storage Modules](https://github.com/dell/csm) (CSM) for Replication is part of the open-source suite of Kubernetes storage enablers for Dell EMC products. + +CSM for Replication project aims to bring Replication & Disaster Recovery capabilities of Dell EMC Storage Arrays to Kubernetes clusters. +It helps you replicate groups of volumes using the native replication technology available on the storage array and can provide you a way to restart +applications in case of both planned and unplanned migration. + +## CSM for Replication Capabilities + +CSM for Replication provides the following capabilities: + +{{}} +| Capability | PowerScale | Unity | PowerStore | PowerFlex | PowerMax | +| - | :-: | :-: | :-: | :-: | :-: | +| Replicate data using native storage array based replication | no | no | yes | no | yes | +| Create `PersistentVolume` objects in the cluster representing the replicated volume | no | no | yes | no | yes | +| Create `DellCSIReplicationGroup` objects in the cluster | no | no | yes | no | yes | +| Failover & Reprotect applications using the replicated volumes | no | no | yes | no | yes | +| Provides a command line utility - [repctl](tools) for configuring & managing replication related resources across multiple clusters | no | no | yes | no | yes | +{{
}} + +## Supported Operating Systems/Container Orchestrator Platforms + +{{}} +| COP/OS | PowerMax | PowerStore | +|-|-|-| +| Kubernetes | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | +| Red Hat OpenShift | 4.7, 4.8 | 4.7, 4.8 | +| RHEL | 7.x, 8.x | 7.x, 8.x | +| CentOS | 7.8, 7.9 | 7.8, 7.9 | +| Ubuntu | 20.04 | 20.04 | +| SLES | 15SP2 | 15SP2 | +{{
}} + +## Supported Storage Platforms + +{{}} +| | PowerMax | PowerStore | +|---------------|:-------------------:|:----------------:| +| Storage Array | 5978.479.479, 5978.669.669, 5978.711.711, Unisphere 9.2 | 1.0.x, 2.0.x | +{{
}} + +## Supported CSI Drivers + +CSM for Replication supports the following CSI drivers and versions. +{{}} +| Storage Array | CSI Driver | Supported Versions | +| ------------- | ---------- | ------------------ | +| CSI Driver for Dell EMC PowerMax | [csi-powermax](https://github.com/dell/csi-powermax) | v2.0 | +| CSI Driver for Dell EMC PowerStore | [csi-powerstore](https://github.com/dell/csi-powerstore) | v2.0 | +{{
}} + +## Details + +As on the storage arrays, all replication related Kubernetes entities are required/created in pairs - +1. Pair of Kubernetes Clusters +2. Pair of replication enabled Storage classes +3. Pair of PersistentVolumes representing the replicated pair on the storage array +4. Pair of [DellCSIReplicationGroup](architecture/#dellcsireplicationgroup) objects representing the replicated protection groups on the storage array + +You can also use a single stretched Kubernetes cluster for protecting your applications. Even in this [topology](cluster-topologies), rest of +the objects still exist in pairs. + +### What it does not do +* Replicate application manifests within/across clusters +* Stop applications before the planned/unplanned migration +* Start applications after the migration +* Replicate `PersistentVolumeClaim` objects within/across clusters + +### CSM for Replication Module Capabilities + +CSM for Replication provides the following capabilities: + +| Capability | PowerMax | PowerStore | PowerScale | PowerFlex | Unity | +| - | :-: | :-: | :-: | :-: | :-: | +| Asynchronous replication of PVs accross K8s clusters | yes | yes | no | no | no | +| Synchronous replication of PVs accross K8s clusters | yes | no | no | no | no | +| Single cluster (stretched) mode replication | yes | yes | no | no | no | +| Replication actions (failover, reprotect) | yes | yes | no | no | no | + +### Supported Platforms + +The following matrix provides a list of all supported versions for each Dell EMC Storage product. + +| Platforms | PowerMax | PowerStore | +| -------- | --------- | --------- | +| Kubernetes | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | +| CSI Driver | 2.x | 2.x | + +For compatibility with storage arrays please refer to corresponding [CSI drivers](../csidriver/#features-and-capabilities) + +### QuickStart +1. Install all required components: + * Enable replication during CSI driver installation + * Install CSM Replication Controller & repctl +2. Create replication enabled storage classes +3. Create `PersistentVolumeClaim` using the replication enabled storage class + +### How it works +At a high level, the following happens when you create a `PersistentVolumeClaim` object using a replication enabled storage class - +1. CSI driver creates protection group on the storage array (if required) +2. CSI driver creates the volume and adds it to the protection group. There will be a corresponding group and pair on the remote storage array +3. A `DellCSIReplicationGroup` object is created in the cluster representing the protection group on the storage array +4. A replica of the `PersistentVolume` & `DellCSIReplicationGroup` is created + +You can refer this [page](architecture) for more details about the architecture. + +Once the `DellCSIReplicationGroup` & `PersistentVolume` objects have been replicated across clusters (or within the same cluster), you +can exercise the general Disaster Recovery workflows - +1. Planned Migration to the target cluster/array +2. Unplanned Migration to the target cluster/array +3. Reprotect volumes at the target cluster/array +4. Maintenance activities like - Suspend, Resume, Establish replication + diff --git a/content/v2/replication/arch.png b/content/v2/replication/arch.png new file mode 100644 index 0000000000000000000000000000000000000000..a219da022e4995d28463f5e38f2cf2eae2d4f2ba GIT binary patch literal 55526 zcmZs?bzD^Kw?2&Y&=xgjBu&_8}XfvQ7}k&tHmpi&Z=-bVW! z7~U^tJ({Y|59gLVR8GG_Kjd<342dnetjg>CjCmJ63uj`kAg;!(p$-LpIDA!s=DQF1<0A9qY!)%*=ldru>682ykFD%pUWH4 zMy46l2nx^tT#|c8(EiUy%++TKP5$>MJQcCt694ai(i;agjS2Z*|HE^J>!rQg|GG_Y z96?lelVj1rG4IET_l0)@ybG-x2ApVI?+OXzIsVU|D!w!50;PBvb+6f7AJ3-yp2Sxh zeG}{Sf1(2KfJMVy47yzATP%-hw+jiP|9^ie{oc4O_QN-qTlXDl|BDULF;e3mv36%= zXYCtk(D;GaTTenkrM0>1?&$m|Nv1B$|2eeh4B;>tc}G}ZG@-v!H`?tQ%bh;e{&tK{ z{k>l0Hl*ulfJLr*)wTk@2h_tJ{37a621BL6?%8PjD3GS z%QL5P$E}}tD0>;tN+z?c`uk!TKZ6N29`k?n8T@`cfWKBK0Q2GG!e?yFh@|5%40^{Q z5pW{b;ZGuF;Qu7g&*sz>w3yd;mUo0O^O(z@xyRk2yW+TI$6EPA`ybN*=aHpe{hhhz z&0&i4aDg7+!|uCA>NlIKbNV0>fL`seH+^{XJuUFS$x#I45Z|aUZ(MW6jhE8_U!0~| z;a9`lBJKW8*_?}zqqnq^*1R@YIxUY#o#8j)_?cQF5DB+aPLIHs%R z9B0gTW9U!M9_eV!QS{j}A5u}kI_;Q$yR6aP5I)?Dk#iM5wO7FzvhsgCj_^OK9m=`UOZveu}vii=tWPngjH*yCU~ zc7ATFE@++Mr(tIl&mI5QtqX=Y!}bD~^$<$6>V2VaQ|wRM;#ztpS?Ff2=?QuJ;pX3J z&IeKOtI0<@XDt16(GQvp$FLtZG^~!dR6cYoWK$Rych&49UGOg|_n*67@`hZmr#Ir* z&Y$r4gTqK^(ci2}dz;<8aJf8+SOG$FW15($$0Ra|<4nLkN<#$#Bo2@$FP zZkp?|ra?h^g5pu?sh28Dyk*Td%=c>tMx*CF6S=9KkP;DV1mj7;{KMf@-5lxm+tYBh zjx8*9oTUlZA+$sd<~F#=n+t-#_I28O8N^_Hr|&}->E)+`U8j=%huwW_vgenbe7G6it@$2QX%W$ zm$GtuInVi`LPP9?zmLY^3HaZ2G;#$YwCeWA^Nsx)#5&c8+eDd*bC<%`=3Q^UWB=g5`z zpT(TA!d-F76R9}w``i>@uSAuFXYf@CKY5+sacSy$D=)_Anxkx*}wMETVrKcqf4>H>z`t)?>qYY}Z)Q_I1f1bw8T0!gRkR(DlIem#rt|{8UEtnzn zP-=s{G|IL(LEx%Zu`gta^R^38csS#sI6=k|>1!4i))rxK(Oi(5`V%qBwj>*U@Re?k zbUBE{_iZaG(s?Iwz3~0m8GnKf>u*p01NCFI$wAD`DsB-x)MSXeC^u zG~>I7Si0%e=pKzY$Y~F*$V+C<7Kk-TDt^{1vur%-2=$yc|d!35_)x?`CD z(aQ{(3$fA`bF`q=n@)3a&E5r^l!R54u-R~v3~vy%8xE_6lB0pzh5@YSpt zBh3}e`-51wxwX=Gg^{&`gY=xs8cL&>o)>EF2{PO5m?N@?HkBG$y}7}2ytJeWxdfS- zK}~7MK$$$;0GT&LsT7=u69BE05&+!K=Xn7{o~KmFzb1c#?%<7M1jQ0;;j7$J7&J*7 z^9d&-R-v|DjuL^#Al%%mW-o)q{w^tU&U~5+KT^mP4gQm0;|Bga$a3rilw3_GW1KtA z)pBG{f^~mXpC0Kr55aCMHAGC=0r5?~pOQt%MTFT+`UIxnFRKO`Y z0eIar>fPX{&AvUg6^_IYf0E3byaT%AM-TtRSMH9x#=H+$J-ew$4Tz)EL$plbk5j%P zc33^npD*ny-l%8kx(*XMs69J-N6JXiD;(@i`G7d}As5{ksNiVu4HltVJoAThwf1R_N>c9G2+=3zLYO{7n1n zg&j1B!gSd99X}V7Xa!>Svt2BOC(PKojnr4q3Btk?!Fb?8S3q>9+QrhvB*y6a?MtM2 zakgj6@(2FP06pb^SLbuY6Ji=pw=L;EY0I5;=glJugZ_~G#1~LrknlUY{ZW@pr6M`P zSkZls?OnH$%489Zf&G=#^zGOH1llZMpLf@XCtR$d8p=S#&G^L9M!FFR|Z@!JM zBZO(|u>ErbRhO;{A!&}) zlTX$p=Qf6$1mCKKd{?+ml7C_`cNvsyKkeXh*s8MbUlK-q`t~M5l~IwEX6=J-yU)aCaAuM$|;~;fWnTY0>|AhPL&#WE=k^!?B{2~l1U)J z`Q~7zeSLFtp1Xwe@HoBSed5Nle4F@dbsWZKH<}L9w_78HZx9{C?mPcH+|1Yyn`PCKcS$LNw!Stzh{m=`XFZqWsPr?CpDqo{tkFepHJ>Z=wT+dlp~R z`&DQ`^HDN3Bu+f5YHKqCOV7iJP(-SwjrkUMjV}feVFJ?bE0Lb)V;e6+=QdE+Puhv= z74Cz&=3~SH*I#uCRZMS86eBi#?>Z}Vb3|cBY|WfwbY9U**~(ZJ6LjNe`pI0CRd)2O zF+Jt(LRrG@#;_JpXcp4|kMhh-)ZC0Bhqa={C_K%ea7x4BiBQARfYw`*!^V6=TNR_# z4RL7>5X{id-oBVad+!JS@=>pq@uAy}(oW3L!{x*?2QOct%#qx+I7%PHcZUOPtfJB- zH#8?1T(HajIV&Ju2zv zHiguoeru2FdGRbIqa}QqbbDdVb3sG`_sdmxw!mS^6FLJ(uyb?>&Y_#FxjE7Oz^FoS zZhIWdpC*1^X{rU`vGiZ*^J2znw@mw z&A6+6JiEzl*!0hp*wVl)_55ZB^0smrmnokwuD$ma$rn8ZThrcO=F&~mq=G45ksHA@ zX~5jg{ELsVnApvGB}#Ytj7BBWq#uDR)cIxJFb)80wJpL4-Gjm3zgMc=u2rNnUaN(8 z_LtNJiZ&dA?>8ph{+u!X{GDek8j<{SA<>Ax_#pO;2*-I{Jx$g$!V)Dkgl%1q5?C#hP)VmlKU3{Kk?ZyWkk(Siw zaa#*6=1m2?QxJ0$>>ANe^xZmrG9fm;HnvtivR1e16R>hFO8(m1;oCwI)4rGo?!&3R zbr&XZrHU3l8rF4oYK@Im@}>*5JH8vtycdqmrx<71W@YG<3t_|J*wP?xUCZl4Q*N3EN)3Tu>}5FCa(W5Rm3s0 zk$&i2yBg$swIGH6(@ojW=yY9NyXUlfcphuJQnuiRmX%b}g;NpVQq;$hz%atMVVNo? zyG-Qa-Mk%R73rbk)&tu_CVL*&GXu8~wGDcYi^`sQoGhh$>`!`NG#PM@7BRDa+}i1J zYE;*bSF4htRV!!CLzAkdP{20}XS4i>-ESH%IF#mYWbkv|Z@qByW4tIW5EbltXK>@1 z!%ljYbxO3}OtP-N%UBXPLZQEFE?fPpArLXAOD#q8lujs7d z@6@)bTB39sLFQQ9q$^q{?c3jnyGhVyop*X|Q8tx`WJ6VOJp$&^p4Tg#2g-!#f8?_MC9;FO@JIq+u=*xNJ`~p`Y6e}+}DZjANn=(sDWQq&v_NN9^T=BIZqPa6nZH*z8u_oB*K4{*xQ|T2?biHOgSr3CmP(pI zU+o#ZVY^xPsNgH6PTax0f3Eo@xOwM8gU&8Gx_uS@k zXpd%8$ei=o5wR`zIV_bynSC1nHI_a@a%+1|V-W+fSEx1v?N!s5xlhb}P|?FI)z{$M zra;E zEIx6E)$kDqjj+@3z?&4=ZBcHqG9Q?vp-LW=7Sn{mphy}==|gs#7*RXDvGS(~p_-p|%M zofEOTogT2p1FgTug|y~T8#fK8fEo)mU3}5>Qm47#EHZeWgLNR_cC{bYG3G+ zI5EG~_nzUZSaY~}ov%tn>?iWOfNW18OVPH|MK|?O*Dr$TUv=3zDN>O2FE>wED|WwTN?9Ml`>9!p)Kk+qE3>0 z`>w*=h|AQG*xZOLRm|(R;jIp>@y|bh85O$DpKoy(e<%po|7abc&u%P+h=3cteZIqDx)r2F3?BSr^(wk3Pqt7@+U;xz8ZGev@$w~=#~ z-9go|7i(xIXR=4e6F*tyhjxA;)r&61AC5SrQy$fE81`|W{5fs$e%r4YgRC^|y4+*` zk}UHVsi|A{F$9W9ua=MBNRD*+h9iB4D5e$O=CFHY1rsVo?CoMyMJr;SI$e2lg9f&W z8PGiZPVZfvi4bjyଔj-55p7wowma+D3mi2><8GI?ojinLf%EP`9xtvRlsaX1 z*EGmFw2623zDN`-8H*h zu{N;v@*!=W1~H#D@`jy}Y5jqAT8Ap{o}*|w+EK?C1Mlu`!@TrJIINWd>q=~>YjPy^ z*7)VR11z&&{ek~HV6-dudcz%fJD^o*(TFqAR0c=DD7KJ?=A{4p7yI>I9k~@sfWzA^ zPfwLyzn#k5`uPr6+|4I*Uz@9nw-nQ)MK@zWUih`vK^ZX1;W1p#G}=92piaNZV33$gE~IrAfD7WZA}=LvE3)r&3u{K~RT ze|O~Ilr5K{(rLW<+5XM9?x=V8BR{ZpLF9~i+bmSyR?3FeJ9kifsfvxAY)5pw*^0z*+`}qf^xq(K1xlO&BWf{WG zQTV4a8ijpm)1KLj{R!B$%^-~}zRZn1^Okb7mD^gxoKk6MNAX z+nWcWilZkTGP~SfN5T4C6Z2ii6$eB~qXA|U?`DIiUMHGISrjFl-ixm69QC6{sHV4y#B zo@UrS`;f!f>+bq`!*`o^qN{{?;R5qKaN**7{*$V)%2ii+lh2v%?w+jJc^=3k0Nyz` zkBEPUW3i3)h4r0Z^>5OO?dGLmXb0?9e{ihj|uax zm(Pm&*CpX9Vl5A0j>!`96CC)c+z99><3(FZ|Ejd@K4yorPQQUA7?TDy*OCbH*}~Q< z0-0|#&(a<$e6#uEKXu~Q zQS3U(s*x`&t{ z?0-Yl86_$q6uP7w`j6=Lt`M`WB;Q;ytnm|`qsn$u37)>lwFL7KOP=uJh+)qvpnW#$ zx7S;R48$HH=l9p=n0Jrb-+*O0R8+U!b7AURBJ{@(uFtia4+x1*&o!xxB`*_)HqNxu z-Kx19-aK?}8`F8^aq0h!Q~aiYr>z`lO~cCrCNBa($&i48DbX9XnTQf0OD%Am0j6UW z4HLifT8iY7vbk2Ch9<&i&^jB&zox&KThcB;<3=H|_x-$Op``H9%UhJrTLumWpNkiW zHcE9-7C6d^!dn-H8+YzcJ+>%Ar_zVcN4f8=A6?y-ZNo|;z(4A~PEuk%DQNrx@!$Tw z7{IXp@STlr-EDQLO`JNE2#IGPD@BzjI>>L278nDerFW+JE_DU`yyI%|CBJm(h;6)~ zuf2oq5;letE=_Q06gnS#bKt85+q$wHw1xx)wQ=Ng^rU~iz!v_dD?u#>mXsh~7gxui zzH>}L#q>yUnb%C5Pe)Oal(_uVuZF=@B}?<5jZsDEm{2}qDB3vYmVBv0^yH5HVd}vN z@p@u9EO5HZu^xVZp8Sx!fOpy6;!rW7@X)nA&G;AuMG=yV3=%+dnfOp~tv|F?1+Q2Z z6~V|v-Eh-fRyhnx-5b0iyq;DJU_A`TPuSZnxY>D7dFpF$XGh9p;T*-8@ZQ^p(pI=w zba;vjm*z<>eK01jTE1$3?l8XXPt~z4LC0+7dIQ6}e1GxFf;`)wV_TXkKA}B}cQ4=P zW)GVZpYrMJ+`YY9UT@sklN?dH>)Q4iZM~jWSyFM7%@dyVm~hY-*gy>%bEDaIIj^q6 z>WCxWb*LBdWxdWhtmvFN#m(*NgD#4IxWNROhMDY8ks>-94=C@Gux_@UFYI=IN7R28{AeZUjrB zr=too-@^EByygg>n|_MRBnsOTcr9I+kI%a-hiLgna+5e9w`jS=p|n&mQu2r1wW=Fd zI=?2+`pb@)T^dX^p7o>!rW|D()Cv4GtBE^OM%()JMO5L08qerY6av4crcg44=4%TrG=m)mLd>`^9g7!OJ^KGIo=0e((baOEbK)H*H;j%jjS zrak@~2kl>FikpU|W&bUsyWFr*N8fjD8TIp^E zvVmh6oMs{JNkEQbDT$zB%=C5n$n_n;mL+E>oIC;%xoO-p7%U~0{V!=G12_W;G&W$f zs3ul?k_)Ig69BVw3*gy*uylAN2`fB?QfG}t;vUg%} z*g;tZ3mE&DBbb^L$^T(h3K-B00=Q#R0ZNx0m}m`-XRnuYL&2D1xATQ2=H|ULy~~5+ zVF9l_VOFT+af81_OZfQsR^oBsOQ=|l3_d6ty_hVf^28RdIVmR6rwICP`CB#+Fzt=o zx(_p!sdZ|9q)sHwvsTl{*6htDdLdBb8oJkXsvg5|UOv8Y(uO5x+zyVK^Y56&Bv&D+ zHIV-jV}6}E69R%+-v=b3n%!p6`H6{&#RU9^BMn_^LQa!fG?n$1$={tx-TO<9!U1yB z?&8PlFT{)PiEMFG`gT&Z#Mi(WlA%TZJ*1mdZH9x4%)`Kk9bnRLHs=9yobgrhOXbUD z3!;3nm*)S+wkvHuAUW57^J#bGI8OivAVI56uE<7x!33q=795Hk+_exx zdQ=Bm?7L@5vemWF#88ElC9{8picp|ACnlAX9yq5~ zy2(}F?jsea7!^W`!K_XkiT#E@=OK7)o-#}F^CewFEr`Q<_}5J8^1dqhVFzIi>MlsQ zhX+}&pB-=hkwX{yGW8-6Loq726ujdo z?%Kb`9pkWgRGyA9c{UVT^6!LkB2?Zui4J}sT6@H(6$hXlY;qmr zG`zO6`Wiq&^o%}23ofhA=R`(}x0+e1D6I)Y`zh)jnI6Xd)-mc zANTyZj);1{i#2xxLz$p;uB{h&hGMF;0lP2a*-Vz{?gjpwRFOqd;Mv~UM=vohiHr2a;r2x}uF2=&m84uR_8n96ea=HNp<}=Jw zd*p209A~H&J;7k=F<*p#K``}QG*{rdo1e7qwtBp!ZnZWzSU z?rCR=T({xtb`7ECl7|bLfIMW9=SyZF`Mbe`Hn|N(; zz)TmI>|SoaxB+Ekt>bF5r$i!a~pL*%lGlY#qMawb)jpzd{*>7NaznmqayeY&bv zu}}*zz4UtH`i`hv3euyhRGFN_Op}zx*o?Z((TsZiwPBH6X>pm|u0M~}zB~I_2_wC{ z)1xNjDT)Ace>o`)T6jG0^NlBkTbZdR#kl!&?VvM|K-%KaFj!21<$%*y*(QP#)C@p< zhbS2*v2-&${=i-@W$_?Qo_F`A|r{? zf^e%i4~~*nLVgX$sVU)Kj+P4c!g&Z zn`4BvG$dRy7+T$9BI_OACX_ZV5-ICN*>i;TEF;xVa{c>B)SR@HP~jRFoOQD=#0P4N zg95h0(y0>wUh(RJx}tg(1Ci?5)`bMSvsB=y*}5PrWRD01S9+;mfDVDR21eqf3cA|x zAlHo~CfQPmHoKtj8*1=w`LCG$0~j&-99xv-i|s}*_6%WeHxSZoV-yksQH{x7s1jio zrs}wKQUO?Bg&MaI4N$;Y$$-go#N)O`(7q6ZZA^42k;W69>i0F^G%1OvC^}NyIh%DL z8h$O7zi#3Wg`)!A^0+o4UkQ^-T7u}XM?LRm(2|5mIe}RS52G5~kDexeB=&_X%6s0! z6cUoGyeRrh!Z?Aogjd+zRlPuU2-ok|l<Lfo4=2bas%w1Xk~Z)IKjg4p2f> zarX!$#d$E?ae9Je_s7^P`6zbDK*(bOyUeX$A7(tv$a5IKG30kO00Wg$L6~8G%G@W~ zT_EH>0RF8OdiYI)+|s@z@hxYoNf##yFyY-4!l!aD`%N7Uupl*^^u@VvqR38oNHU*4VT$ zpCwMr%!cTd2=0A6B0Lp)+{?_>!55eyYMN~U(dfpaUTa}) z*i>)moXT~Z;lh%SKe-_z#b=XgE_AhYz~d_Q$P4cmsyyCT$S(Cvrka@3`;&z2h-Pyx zdJ3+B%dr46@2}h90PdGae3xV(Es3CS$x^B``1~qHw5&WyTwQgP3)bE^6!L^IJ#kqy zvgfC%5}Bsn@1(b!#}GiTI-2C2@4McP*-~S!81{dp-WT-wN`onhm4$~W3Oqtv=lk%j zHzq4l-v`-a^(g!<9VUQNa5rON3hZ%+PtXI)H+Ccur4n9t6lZ7wcbHErVK3EwgDX%H z<$4is$$}z#J_6AwwF_*=Ky(v11!wwz*nCXmUW1bwAsgWG?~7>$Es*bkYevbv*G{%; zrq^aKvkm#3f(k}W3jUC$Fkrtg?Yk)0PBdF2(KYT+&#EK$<_Rb?A=)enyS0m_>?(Pc z((N@}7|m|}&;d|h6R7=t%u5(R!dX9g&J}2PwaBJwqcTxxKsl0NeLO>%-p-iP!`GpG ztD%4HKlt8G+co^z6h5DMc@N(gU_)J{&B8a5nI9u`&uLywKx>Pe^-%osn1J4RnNysh z!#7cp8yI{-Q;(snM9D2(vghb5NN_ZPj>A-P>Dn+ zE9xNLRX&zN6I^x9yaQC*c8OiJVA04BxsQSOB;P95nSrxODZ!r?Uh&g` zP#H17q!QF0qC8w(J(Ow=AIpWdBt((DOddJY0Ax&5nPad>#2z)Np`KcY2?50|zDG|O zbEX{BVkFFI!jErX-v0H4KQ3;&0uWyU1u}s0HJI5*r{R8XtDwIeFt?<@uN&BNIMl(rI0h{ ze?`?UR<;bq3^Uvx1)k+Id_ns1C_1F!+Np4 z)op;}GA9A8cCk?8RofTFc9YL7_|kd_|=zoaHdqiE$U~-Qkc@{>SpSm*H2eK*1AYcUsjm znNrpx@BI>sHZi=XiBq0-!#NRE^3_9d3TzOR28F}^Z6d%7>6-M1kA1|@znxRhV+D|@ z7@RbYO65#8XzAO*V}WX=q6$$4KfjxptJ7cWg1`-5aeiBNmG8VLwl-UxtEoe9s@wjg zuE>mgOC}{TT{;7w@r)cmMmt!N>=FM_#)hLo1VMe}CVtfIRpjT~{t)d3qFOQPe+3m# zvf_I_4k>`Xx`KeDaU+h6QUsw1!!h4Xt4Wtn$gO2JSjAQ zQ*w=$#qF$Q1+X}u(`f=-VN{4nc0M)uB?kx&nlf~yf6O6&BQ3|kBT~wTpMF|Zu2LP0 zwe1Z=xtrT7%NWE-AqQQ zpiV=U#WWX&Ck2nC&?FaV`ZznRf}=a6LhBHa_AyjU5o|b&SRcscdVJIA5?}pb&nf0Cj^O*e?( zNJ>$3vmeX-;kGrD$w~OrpyXKrO?@IOc~{{i1CXx?J)%N^Mxrgw2co%4HjT&*t`NQt zuaLO^0xZ{r*@$IRX9dx{hnRk5;(V-&pjeCNu0#`az;i6vd` zZ$3vA`~>t`Z}8ZCT6^szM&l^RP;x#+{?twxn_+o=lN>p`(_P2%V&+>PRy;?Qtm3`V ze);Pifq_hT%P7}=0@^zr2s;QJ?3FmS$WMcVXrs6X`IKw)%un-@@6Gfnh9sa0CW|MD zx4r0S{CUYG^SbFXs^W{o6Y#lrkp+SsYxPiMprZN-xRO@);=hgJUJ@ z%t=Kmj};$4r};A8*}5C7JrHQ=>jG#G2dS?pWjCu>4u?g736-bT2ZDH)C$m*31AF8W z!3klKG{CqP6(uS&Uk?q8Zfh@cAnX+3QraKlY{mTH4$LEy^Bd9!eSC6+;?<<`O!SHW`~Ye3=K43*;;zdGV_? z5n@48b>IGmL@1omB3L1$cxH`4yXSj%qvrzXTv4VIE9AX%xj6(RbvfuVRvDjvCEn%v z+g15o;&sb}7!SzzBdez8C>M6XT$u(%KdS){x_H3SDgf%h@*cxD2BAl6_ID?wim}|G zsWsG(M(75Nkn~$e%^9o50_yw}tvZQiMX^w(83JGoWuAZQrZODwF~Cu60Is)N?y*?* zP(^9|WEen6-=Vb`oGhtf|I~l5qY|)T=QL?r<&86k`?BbS_OlH?0yY$2hJUF}FS9x6` zv_t{Hb|Bw&5mf?szwqj^4MG5Hn0$g(W1#%?RW&u}XxBqk76%ti?73*bADkh;#K;7H4BCPscBxC+GwjWNTRq zyv$Sr#`tt90IKyoTRS>(@If(ly%siJ7uuByNPF(sH$kDP)SjhAH+0qk< zCZJ%#zj(iIkn0i7yR<66Vf>&pg>o?IU&_V{O0E0XFM*A?|HA*^l7I34D*Gb~;py5D zYMfjl_nsWUyqHpElgbKnN^KOewpP@Ip)oc()IvOJQu1`#`%K?%JqEqa)gZY6R`i{h zuB`L<8Nr7)!*5xRuX`La+C2HwWJyiUT~P|%{1P->z-8whlEmzEP3BTWVIht}HJK`r z_uuj)3aP_Z9I=g+J$98~3KYq06gGv<-UP8X?1hB~5Z4Od8sV-diBL4%ItPA|%9&{X zE%yE<;~~rb1jf#DTfU`?I`XqLhwkreZ8f~LNKt|w1Mqzb=$VV=(T?<5_mH)SkPwvk z@nMXHsEWsmAh??bWKW_

Mo*mZsT(Dv?=)SZ4YC@)=+>KfdlL0_5>J5Ur_e&0|JP z2GsU%7Y}s1Ky_$VcqD1OlONfEPymR8AasBY>$2Ra$7HmvVMZ?{i9k)45@bmFn8-xD z-@7@%P#MkE+oQDOZMB2fF5pKIcx?L`(9;S=b>G@mrrpU@5=BNAjgp)ki0{)YQ@OeM1s;wbb$r<3DFzC#buT2rI;!_&M_P(NEjeVVzlP zo4ODOA~x9@CAd%)FVCeDGgulMSX(joye4V5+pt}}MkE>pknG@+8hVPHY7=9%Q>)Ub zpvm`eQgF=4JW%D_4d(r=DeC>2YTE*QA!(r~rF%QlKJ(D^=|fptHEgr-@3k(n=xLSn z!ABjLBXKk;qjw}#vvKG1JT)Spa0bKJ2Fm7Qex(u3bq}B4+)zww3hcJ-5x(ukw5oEA zFzhF97=oL>Hf6yqWLNw|=IrsENW13)Q)J(uX^O!jy{=P|-4{zD7?QJM5~?I-Fe5aB z04?#A;LN(bKyoSJBQ+j1uINhN{E<2HQG=W)Sq2~?(1oKMoCt8F!LjT<`9E~E-^X)p zF<8dG4ij%9TcLs^1GgeQ$9R;8vp8%>C5tK;`$?(5vHpyF`|#dhrO3m2$*{c6oI$_3pH_q16AQlF4CO7h9C0N}%iXMw(3421p`Z2<;Hk=1XF*S0q5(bI8V}3eHF0IcNtf$LmkI zlDACyC4N|r++LKPW0zYFYD=Ja1LUPKc3HKy=){!ie5j<$IF}N5cUycjG!y_IAs6Ow z44yjP_XPhPUbg9m{oaxi1iB!AI7u`ad}7>-*(sCRE$_{S^|${hX#-GWs!5LImlawN zi~vdF@%f40oJp|3!Y^{j09c^}sv;18P_2LS(SO$$0B2DsdbplXH*u6x%h6;cAd5(X zPv;`)4ddmAw>3YxlhDqgy@YR5)7A;qFcg5X>9|i~X7%ht&B7zT2H3o?1D7*cf<1Ne zG814Q8fnsJQG*y%RZv+z0(_9r3KLENEhcyI=ePr5KUsoT&jbYFV*##;q3q?wzkK{P zlTllr^Be?D_&b|OlE`Pr)0DX4ds=GI(XwNU`8Q<%TKcmh{1phhC|Kol3vKtdVaTY& zFa&g;r38=&MV_-B_T0co9juJ>x;q*vqLeK-B@`%3_ds!dB?5RCga+u@O#P7RyFJpB{3?q$yoH;JrgdDcLDpwU|r-5%L@FgdV&6H52CycY_ zmL$OZX+T%2Ekp*iuW+Nn(LyL(({r2&(ZM0&dAk$Y8RbI7P-IYu298i1ZqeNUwLU&> z{)UNI7QTVxT5zW@Ce7%Kms*j8YS(3mjMAl`W__NN#Nw0vpH6*^eg3asjkncNiXa?8 zjr+s0t`c>g1|jAQE8whn9N{?ax(3#RnIbBzXOsor#tcmr7FCP4lT1xN01W`CjAdI|vXf0^8IAP7O@%J8_4 z&xhA-FXl-B45Ah4$YI#-WHBGAVXH%lI%So0SQY&B9v!MQogoM{0e|FJ$1Y}Gw~>0I zMJ7kE?K9?vGnM(ivQKle7T8Fs!!%@+Ity@@OAZb1=qR0c!{f~Cj*e<6B%@#~+lVRcU&pH&(cvAF}Ls*e=Xv9c7?N~+2c z&)=hDw9I|#nSAX2-6MV7`KP#)kr%qZBSl#MzI%xw8WsFVPfiMLrZNGvqy|X)vE9^q z^XlOPwHz?r%K0DG^1s`)e_`_;dkYxwul;pj#>c+rv2`;8ikPAn1GtzL^eR+5`YQe^H>s$MI%GXqN7$ACC0u66*qA)F&r=3wferUQ+jiUxWu(x7Y3?pF3#bNn-H%Y4!W-J{H6z+=U9&3THe|n{XJshN5NHFHiT+iS)2Iu^t4CZ`hd$EJtrX2DMRc}* z!F~X=ve&s52whxG5i?31%RL0t_9<>+b*o9~d|BcDsVK=pm1fycq$HSduMv)2oXl zCzZ%)y8q_>!7zF#bLxvZaxl}&&wNOrG|Zz$F{jwmSgC9;@7Py9g5mj%vPJY}Zk*b&7I9-qiV&WKqez*dfl@SJWOvlsxDEGn6Fa3>X{p0~ zepe&E7x(jiPa>*UQtPYd{t)^qEfZEB+_qaC2aXBP=(eB?R*6(1k(t^|iBI6sH4710 zSHhO1{$GxuDqV2;TeR<$WB=}{p04g69Lvp_P%eUY2BUGWuXb(uzn`&k_+TV92q#Q0 zu3fI%_ARo5d?gY9e{hs_zn~TRY9l#lYX8H!cf4@L>cvy9Nc7FYDmL9b&6vmu%LDgf z2v$7X@nL-|>Y~@dPg{pH+Lp}^3|Q_+Zn>UFJb8aYq)X9x_fHEQg2Cu>j!ZcKPCx}F zFKYRr>DhRQg2Dq-*NO|1Kr?KyxP=wsFhLhwIdS%^P%`RG{ZAplY1BQ!e~TmlrJeB8VHL1~=>0~bWIQM=Eg#71+=8NcpE{Yz zuBk&B;j;Qx5LaJMS|_KZSgL~Q6r;Dku{#Y$8Yj;!H*OXE@TXFoq_q15wec`DT&Zo* zFmyDEky%Wk#D7z*^8X{dBtTwK?0s#VJI}~DtKlP?o(tvrO@{kTPf)DCxIC6=KIrG( z`uC_{`DXc$%$NGgSP173>P&*LsV4`O(yy{>xLPPx9PQTr)#k|$_jjAFwXx_2tJd!N zUzf`4wBaUBtpFl9k zVs0Q9m__%qb&HE{Iy1`%(vJy%`vK^6G?YcLw zF6e+6Xm?cbcTH#yjGCZuwuu%~irR`$Q;zslNH$^CA2i5oMUc}bdxQQERkai_f2Avh zlIBGEqay*;%)tydS9gEW=0z0aG6&JGF&IS{MuPhE3j(!)vm|Gb7Fj#47QyXHN)19l zFGPjT76j)aTWXp?1TWEIy}e{{#o}Jme4Bl%mKv#0Js}mGzZ}F}67tx^>@3Jbux1A; zgd?Lbc;?WiG}TPdxV6UX#F-+bpAec^)xHkcsF@&a}>dBGC9p;dNv5afK_Ih-y zHIdM$-{*FObbHPf!Rm`WA1-Psr3`tl-?k~wfTRq>VkJ089@!KEk||Ve)`4v9Q<+N7 z4z0#6_XJYg7vuS=Xh(McQJ#7uM-;`ALLW?olIolUlME(C6Kb&0R3_E#*ZFsdzYi6lnc%fpF__Qdsc3;Zx4gh0$NxwGAr3&7%s`@(aRQ*N6iM>DBiFG`Gd8cv9 z5>B{h|80I~tuKJPo`=%m$F7wBj@rj5V{yx&cfgah3JINHWrelqMkDm7r3XHa99+rJUY)}{YIR_dJu5dOdGAd!~K<&Zz-I&{jI0^2zF5D-z} z=tN1Bq=hG=_SdwP+8;`QR)b~fp4UQ{sa_<#s1fWyd&@J=YeTK4TTlO@PUonnZD{Qg zt$Lr`9eA6&AW)s6=a&eFEURZ@!?NpYUKbO;2(z~T|G0X~uqdE4YE)r}0i?TQ2x+9d zh7u_e0qKx#DM?A`R=N?8PAN$#m6YyAx}-$n?%|y8-gCcyK4Q%5cw@b5t<5zZ+x|yHh3RNfpU4YOoY9yflLBxc7^tGfg;V_J23u{dlPDh!pbSNSCm&o3%Q_Sk7ew zA`K|`87%NAIpYd((r*}Em7DA0?D*TnfK_3d)AbaIF6}n%BV=@|C5Ql-NEQ9GxF`_x zR^Hb!EHAR)<`(a*c9eaIL!!S&&(`C(6Yh--y@R6(Rw|cGaAtksYeqj**fcx-BF4U$ zwkvh5+Avx}WSUuTx)4@JygwbBxxrkw5Mw1k*W&9bL)cjGo8Mp(`a7pLJ9s7Wa8k9| zDxDSm^q*^_@gz?IB(S3US)P=o*pJGY$bt;=uSB|?F?76Nw+T_wRQicjB;pNbg3Rf# z`C6pVm=z8=rOlt`_D*&q+2t>J5Lq{jon+3`E8<-gnGr;!$L2S;kUaW_RyPA_4wdO2 zW(w65S%fjvF^nHeHK_J!}-k>{V`UZ?daT$f`O`=hyeqsThx#%ypQQL zqwNj9MKeCHL4a^&Gn!~^i4Q@DJy9A<0a1gswk4;7Sc!p_aOL>}7x-GX#$@LSaX|Mw&sAgFWccp>U@ z8(}d@Il6xg>?vkuEeWnhyf5T?8*ry|h6V1jjBS(1;0wnnM!P9$d7#M&-*7a6+}H8a zTo@tV6#Jc|oBf@N;aW_(s#q@y(_uiW*98rreu(XS?) z@tZy@gbf#u#PBZn#*r;LQRl~L%;qY|y#4q1gprsmizlPk$@M}kZY#lNx^s{1 z7fKHP6wgfwIzN3OoW9(!5EJ|W0w;v89fAVAj28D{0tB!|=5%pPyw~vepS=@U!EAl+ z_*w#H)5*<-%xaf;5?suabzkzH}Nn5feSG8@1J)wz}!H%=i&|E9>y;!wMdW8u(xu|>C0E>l}kJ&U}$6<$Z53Z-w^}&L<<6V-W#-J z(i^!(G>;O^ra8RaB}VIJIPLCqFiZ#q+?uVr;z2ad+%LOP?z#1+tHgF{oL#$mPiJ_{ zQJWoKJkNFS&A*;SPJ0l?@*=Xg-9nAa=0ab}U|8;v$U%;SV|HR>F^Q>q`yu|$#f2@2 zc79MY@;!{wt_(tuKVYLkUMDlqJ+OcUOur)dlqvnb)J5EYh_I%f1X007A3dS~O5k7u zBylfkr}$t_Is7zEx=-g~?jNb%WRcg)i^g4!sywm_T7@<*T}N;0B`g zW02^e!SS%mC+Qs+f!!bh%RCqeli6;2Gi%-9(cnnz#?fg(4%Vb}+eksaPuJFkcIQ2w zemN9|7_b8#NH-$03grIvtOWHP*{NY06Dos2{S%#pWhKHW5Y&)A7*ob}C?QGbNhQRU zDs{asdn^=C;hEB3eG$F*d=S2L(R1g`DB1wO7!^m~0JnhTw2 zIX89q@$hT1AEfj|O@y)2S-mC_vW54YTl%-T^fJC-6|{ktE+-Y)=5|{LB7&Syq^=fi zV{zjYCN&ABL9~n}zN1k0jLT^I7|g2AW#2^$!(}4lAdiu-p|oU9BM0yw0ffQZE)U)m z@4LW9h?2FnzjjUvr5}YXj!nF_^`ukB<7b%PP2tx72&ZOX{RzhaM3rtC%;LKqBaRFk zXJs|oT3rz8TIdh{u~+y)JnAb2QXz@RO1X+JLQbQl!NI^%QWBTzYqzYH4<1 z<~?I=-;jrek3z@x9DM-xB2d{yQ%NYKvIu-VS`%(I(p<`b5;GTp+`hNZkf^>svlO1y zbxxroxZRB3Y7Ju%3oePNovn~N=`c@tSD`tjzmTke{GmOJr4}WA&HJnr(Y;FLsS$@2@%J z2TRJ9a`CNn-|K{F;6iOn@NHs}gJmxP_VJu_>zUFDD;D@_X)GfT2V@Ah8iNaweE|sY z$sk;qsU5jJV#lQKy=0Dk?2`!F!W);jXPbTvurpfCu=^;*3+!jQ@hINUDS-*azSC z^ud?Zw&H%?#m@j;9AW}r5DKKbfl`D!a5`naozHGDYxsFC&Gndh;zTn;0<>)>1=9x+ znf%jf3n7ia@)av~C$L`>n&DEmkcIz-C1~X&vL@5|GA0ETyj!PL?<0-l?vMNulFkh% z;VSqcHzXP}e$QJRWS&Yh2rzyKKVDwo^gZx2)nl7HWS4txh+M` zB|WS5O`a}qsOG{vF*8lwIwyVhJ2vfQ6bo3)`EY1kd?8I#*x;h)aRJ6BU*;yXCubqz z)ba_2dGLLBvIZ&ezzdGXBWgj2OnHn#1t{{2`^9T}5An{pYY*t>A^f zD*fe)hbbDu;U?n!R#Eru2Q6Y5VC!|ii++Kj z>j={Z6K*j|6NOw?@a&U@oQ6iu)?;jS0Xk+$fTlO5KivS%)c7-=Fy!JSTiWL*`Im~n6gFSa za*Y&dcAo4Iu@uK^J8F}W?v724zW*R$CK4{=^V4SFr*A^JhJ`U0iKYPd(|;y6+mAcF z0EuH8loVKv1R-)EofJ{|Q=yra5ez`F+hjNLdMo*7XW3$*!X4=otGW3r$}uHEEAF=B zivkX)Ja=FY{cE}gUmekZBL``2Ilr!`ofEIDKUb?3TvYu{@R(DepKkbG4l0C z+q75w7BTGtFQ}(4+~Q6s8KSK}#($#sK5l`BH6h6(uY*Zd{F%&YsGVT2OmU#GYsr`~ zinst(3+_%AZoi0po>VQy0&^b|XN`OgFZ7%m2=dB;KT;oibQkFf*@%jrhsLhs1}-c{2O#R=v{V5#}4Oear12<<+iu$ zvxB9xminzK=MPRCF>FpJHf;P&UlMLrkI${IZFy(5JoIv0`hLr!R~coDuo<(weh8+7 zFHLvg(lBjRT$p@bPBO&QLUkD}zs|VgIJv=jP?$q|aHfo9i$($4)GcR;W5in-I;BVm zu#-zoe6jGrhJ+3!L^+Bsk98WyvYyD|8bjM+kGmaBBKOA+Llon}O!FxL7$JAggAuaZ zihx)RU!uLb*m3Db)9j69rBd&&EmON^*7B~45_@H0(dPTCKa=C-YN1qS^Z}^^C;|aH zc+g=C{jRznFHre6PC8cAMG5fsZ($(;S!Ts@IlCztTC}=3ngup}tgabgBmo$J?l2NF zgBKA@m|W~?rhV~vIF8%hZ`ht!NzHqleKCjcbGq-jyr@@8gop^_ZZGHjvS_XjGE zr(F-8%mrVjrKlJu7Dp&LSuEq{x2HtVN*|rQDC)#`jFs)vAW*N*pSdr=^txj+NK&yalr47N&|c+ZDB~chwt>pY8o6=9Jyz*g5@A`%660qZE@#JqbeyNuY8N7#BpOxM98pp#6<%eENO)VFERvpC z$Etp-{d zQyZj&X)n(0WGJz8dC^hD3yUkVNQN)eyB0DGCv-494_CCxy02{AgCl9TWHDrOhC0mo z12y{AITdG*F(TMsj5;W~p~V@_N2Js}v763{Vcd0Jj%FOa+}I@c^MNYj8|o29_Sk+g zGjJsb7&(1Y6-pC-Oi;3IrloK*1JuI;AE|mS9&w70#FUUap@H2%Cu%PM%1)wI*t0O1 zhGLV4dFRFXL)kR={296xPrS~CI0xrl09ukh?_!$w+4AG)8}-A=bNnl}$Lntv-%O4w zkEq>0egPWqHz00@SoDR?miJE88>y8B7v>X1G^8nQ!K)@)Y zr|%U@>42K1F*)qg)o)kU`5k| zTo_he`uGb>S?=AGFBA#5p%sZ{R%5EEUQqr_OZ9mt(rre2(7tvTreN(q_?@auf7D-i zrDPW6;O+fgfR2!7HsB|Z^@bvcgKX}!yxc!)zP()qP)fgb=C`^1MB5k^*l2*mh7JOS zuyhOw#mScdrJU<7>ym!# zZ^PHh>vS(%H{skv=k=u>_n?QZePgXLf7KA(nsT5P9zO7P$)S0W6*njr(zfzD%~^ag zEbz98>=FH6LFu{YGz#q*amX(njBcr(nK7TNH&^>e>-EQ>=Z3 z_f$0_Zp3nVqr>Avp)W!Zv=y>yfA1^QkyaOPudf1*l* zA>e|WMTt7AB55~$o#?bXQ06l$2hzxOBI5BwFwR@Phva}XlJAbP42JtKO$GeU>XwQr zaxay}^f0HO%wnv}qWoM=vG}Xynu;GC({e>D&kWuDwvyca|2DMjYm8i-I9?enaEfEo z-4(u;r@Qm;0v;;HD?m{u(HK<9ta%RsMzw|TJga*4T#E-E1th}&>L`~7jTBOpCw}?b z@0k_~D~jGvY9Hq3(G<(it)V`$*Oa_G4H^Kh8V3$XX!u|#uy&|KC?k!J4wR+ z*C!n-s<;I(MMdJ13|>s#@*qIu2s4tgxTI|a+QSZ@oWwWD!Kq?vR=8S}q zkRsy4uH8dNk|*(@uSK6yp>dK>jsOfk7bGluZ3a1f{Q@aD7&}Ab`ledVSD3oA4EKj3 zkw-6!yKo0m6FwK4Ve2+V91yrhhv4ziP)dPWeNsK8g1ekxg3B&$>Wg>v@!xg6@L+S< zvG+u#|EThmMVhoz?gc~qy@3k3LY;=jZPJpKd+Hz)G?So(T;*dhR0H?tDS%nSHnRyJ z;qkCW0+j!TcO-65iX6Z?wKe()&)DMB)eU}sY|7V*$GXy+JSW$fJKKF~e%Hy7e=B3K z>EKN`-qPQ0O@-m5>e6(bnX~V8MYAEWen-F#&a7J}dIfM)t3VJ)06`0Aw66bhMExh) zg?CX)=b+{LN$E-poVZl=x1a5PR@7MjIQmW_8AN>wK9}WRhbR6n4HEC?L$CbDJb`xDp1JLWp3kqRGnc~3BE+$kwhDJ)r}=07 zVFHOG+w{dqj>gi@l)cxJBsN;+0O#`yGZ0RurH^ZUS_auz*A)@ho?K zm-l9Z1w7_s12S{C&nf;@m2Og+M&Ov)S};#COh5j`%=qX0Ak#UJH;6<<;JF9uFH2`6b} zbmx@D&qt(x23d&;lnlb2eT2~bx4XZmKp;AKpc=+~r=G3?z826=KdpiX#N{qBc|W+y zv}tWy)a0!YShuhdWyYxC8ogjY_@a<|$ZzF4DA5Y>Vca=lRe8_M^bun|Za?e?FW z*dz$*gfB+~^2U>!Bmq@n+@3HMrG}Fr>AL+Xowj7bNl+=a`c;l*f4i`dMjW!7nhQnK$;@h z%|`|T<4~FvU)dew+5Mc!A0#iEo5=azIa}bhe^@@VAj1@6l@RybUn4Pi;2h5oAMP^t zjZv|*O6f%xOx_=1!`r{$*tP#mJ^%|JRpgURPC+=((p2q`h6gfXGJhVWk=->BVR)YH zJ}+ba$61B+#O56Qoe}#FRF>-Z^i#u0Snk?%BNNmhujwKkhWj5FNJjA;vl6Y)e>2|E zQ+$YK_0M>BvCIxYdV`>pj9oc3%xg>?vU`;8dpKyviw8gIK>Jr&FNjWK*@1&D_gSBj4s;3Nx~gD+;KcMCJ0B=j1Eognx~Mdk zm*D>SI5);)@BO&vt@jS+3*S>55za63%w~<|#0L!?m%rQfMQ;)(yE+?yB}z#h@-U+Z zws+R*JK#q3z!$m3ukI{VV;dJ}6;3&>9Ar!^E*^Asro_PRNf5 z`e^ITT+x`(GYAWV|8|r{cYm^R#Mp%>lEG5G{b1>jfs7#7P4NiVjxc)2iMWzI`p1=9 z@jK8ROGf45?fAjA+_yFf72H=bKwcrVZ?m4Fl)?^`hyV)g|EpA>d!Q+SP$&35m8p{J zw6HmnC+sSZdCP&(2}FiO$l{uG7y_C>k2P?k{TmgLK(PS^dOkA~VE{Kp8lC?AE1++D zFS0N@&0nPT@gVVDiE!m0WgOp#+Esdtf+E3_c)H1SzC_xDtaeC%N--qy(uZygX)%}; zeZ>cKq@k=>w?YmKNjoW#?36TeyDM~cl;rTSfQNjT!nCit?aLJuMw~M&@G6AhQhetN z4lolL!fvlZz$C^9zys0)XkhStCb;w!pp$B$!~@~>G%s$H$c#6dhXKP5$UVi6ne_qV z>*=KdA%Z$d@c3R#O3(ka3jZ+_+$zBliz{Oo#!E{AJ0)Y>!B)8F16`>asVONZ^lz_K z$Q7~BuhJoO`Sv<6=GRQpFbRKjnH+r9WcJq1r~S6*BM$Oof5G|2@M^WvhCRk=gBMTm zs1QR8Tm$&hIB;b~qO9*j8)ti-VFRi*Zl zf|jeqtSvlHF~biyMF#+WbhkO;7+F z9pdoj7spNpxK98XVn&oS>ry?$AuTwqEYFHWn7*-Ta9-({TraQka#H=pe?;Lrf#z1@{)suVfF8T}#cbj!Id8eiU*25DJ-Y z0IcjJmIAO_(o1960zsJ2$y7l{Lm;HFqDsr_@61-0&BGOgH6Nqv|H5R_kHeh?`O&ag zyHbD+E7!2^1z2`1e4qc0ypM|zr7<^^1pyQI-)#~X(x3V3!==a3YMtsCQ*@w*h}+)| zyyAt#0V^4?7+Ro;2IQufz+vWxGgO3b`KS~Y#ntSGD zDm=o6yj|h`_e{PM=P{ORP9w7k`k4q5A`QeLdE7UrkdCDP31(b*+`!+0?m61h)y+Mv(4^0JiF{qX7ap z*v10^r4$(G2u^$xAfwZ0dbmL0_{f5wNY@;(B$;uCA)@ym2h43f@^H(5+7fY#Knqvs zDgX*wi+e0I9yX5`vM(@33TA;5Fh}6e!Asx=K#(TI_W_+2 zu^$jx{req8(4NPcNHn$x`3Ed!O<@?o6-1ePC*{Kt5Y(@pdLy`JKve|h{cn-&3voaM zPgqtZEIV*9R}RD;okvr~Z8WzIm15TX5b~GgXt=bcj%i#%UAQi2j*5MJ7mVwme!x8) zaDwhv;=gO~&ko7A`t=3V7>yQTBl&C4SnvR{8w^8!sf(0J$C94Es}#bPP(+RR-r&ga z-Q9kKbO97fniibNXHBp$`6XMBL0cOVaIrwpmRWcu9_DB-{%$E_;a#6Qbpr}rRA6vS za6rXt4L@U80pep|R3t3tvj~NBpfi9pA>D=84Db)e1^=@PoL89~O^44tGur}?P7*U9 zsht9id>9g-)>+bTa6hd$z%LtZ;669bxCJ>J5eyLpF^Fa0(*!5N8qtyH$bEPN<3_xQ z($gzU-!AYERJMf*YfT-g{v~2(-~N`jim78T8e8rrt7t|2Cz2K-^0|<=TQFudJ%V;* z$+d-Qg#?C$n7|$?9LlERhN_pD1+zjY6e<~hcRcFeZweTs60EAeL48@T|7|kV4=!*@ z_u2kIledDpo9F!3|2gBp#p8bD=kd)hkT8T#qaESU3^xJHL;x{21J*lPKVbjA3S!f?P^-z4CKekVZjeZWo#|nt=}Ja zq?0%974Ye)Z)94m<|^^AbM4x3Q8kKWKE-I!w8WGf2p+%MSGg`;CvHpfrSNCFthEbs zcBg3Px@=vTI+~ipUOS}sI%+EZcDWjpf4LNFcKLQz_bUfXyu^)^D346wzwxG;^Ig%g7G$7|)p8pEwEsF5(m|&G9x$6gw+oIaM662#Yaj_&NgyKw3!4nW zEglB+&-AJ6Wla(9PbyYuemSmQJbxFj9iw~c^o=~elhNKIADh=WerDEe ze)e(=m%dyQ)h;v=)mINBT33W_`I{vi-WVI_- zG#94XUZQE#&3P}u<%Iy@u@6hJ<>h8pBJLA)ETD3rgLRN-a3?@C5!jq<0Dox~*XcPPvJEFp* z#Ts+)vQxA})HsX#iijJQHI+r{DxjPQUP+cA4b<)1kqc_A+h%RcdP8(4xIs)E zb#X}gZ+-L6Wn|++ABMFjA17k-Zi_WZfsEsRk_L`90z^Qt$_vL3C1qGmYHx8K_XJQO zzU%@U-u?N#N<}blstYN2e5Lwn6g=R3qYf-ZUla?(O90HNzPrW;zx`l#c`?r8BeEiL zK%nx&m#4vL$^Dqu2J6C(swZlYA*EWWN~21;>MbD-Ja%Pjtzx<13(hi*_Lt=bl9wxH ze{7BdX51Pr4GAQwa;RwZe?_Bd@AWB6QT7B;3@--^CLft}9(H4|Eop}GwD>%OanWG` z3_L{HkMe-rA6y*|2P%4%{={xzsFN=;>ElDW6uH=k8B}ZG47^Y2yDhhNh1V{hnL71O zANJv_?anahEcwVOc4)oC|34uPiRV7ytpGm#f7qik==Uj)6_N5n7R`(x0i}WgU2`JD zq#B?IU?^kK0g3a!)f%l_0I2ympuONh0sLV5=(S7fN!(l76^w&e%AT81ZRfi$c=HXf z)%iG*dCXdk$7pYXHs@M-7M;43v@dY7bh_q(93N*%YBD^%pD0@Pw$rb`^~_XZ_bq#+ zNYL*$v1{$C*sC~GhdsWB7skE+{y8uG$oDi}cq~?REGAKBk4`f$5;fc%yV9bYKTV&7 zmi&xS|KtrCmC;drgAEgvrPT8ywbEujB~QMUMrEY4V5$|etR0>0TRd$Or%ARC9yO}8 zh1J8QA|L&a$f?=LJF{UbgQWk0GR-dKMoC@ZS*`$|_M`-f_dY8l5cqTz+PcL8*>Uc4 z>qsVyyh0u6a=Esy2^L-*sAgUcqqbx?m}WEH+Y_mTBmF_0eMTb|-t}VNh0r}A2XGyN zg*Rj`^?z|okPC<5$j2

RlaohDnSzqE8xjGdCD?3BGw>^$hkYFmY=1?Kaa;%wpGN z^jxFcTq?{}x*^u6J!BD&=L=U%{`wa8%ShB+wC$qf?MDhcW-}V|wO51^bt_^LjZHKc zj_na>rWGrW9!5PG7vE$TE}p zO)jVB>UH#8E%My?sVJs~GT;q@5liLc)zKXJmkCz4k^((ud(u3;x5789lMT&yDE}W6 zcMq=2*&&%A@--kLPq45#)%TN>1*_%dFlm!ygn#(<)a66t+G9@Yh7^t zvv6OT?Oh}|EN8x=lgwMWXkZ~#k}XIEA46s1Z{$4^fA49F_@x(J`-Y?C%Kg4lp3qupk z=nUFbHR=74=xKcO_*$%;M!2tH`FdK#lK99mgQ6+?+HCDI)iVQ4AfqqJjl{_x-u^`y zHB)Pw;JBf#mV>b_s#fVmh;krsENG$poG0b~j~*Q#7=wK+H`|sWy;TYexYDIx91>ai z5>ubu977WE?>Lo(r%lEw%Gc(%y_kj{)r8FR`x+a;IfElE_-hR(X6XBhu);g+lK(;a z=$BRTw_F!v7Gb|E$iIanX%~rgPNYehGG23G46Xk_D7<)^b_mKM-u|a)3Wx`iZcc?X zTvwG)#hyx8x#F&^L`N>bOGkT2P%K?bIn- zWdyRa+-S9jg4Rpe+p}M{7oj76vW%vIi*Njr@HzbE7r|T|KAZAVw`gj6hwW!c++AN4 zy(y;gOL9Zye*xzb<)1wbyq8W78Owi{(>k3o>ga%Xlmb8+;p{BY`2gt}b5M9rc_ZZqDvuWvn+%BT>-S#r%!Q4(Yxadm#TcmwlW8TMe zc+5wmZhgnqT4={B8)#0$2{)JSJ7h_jq~Ge(+xBmb`70v&N`-tM84Z$mM@8SHRKHf_ zdy+r6ApF)zYIeeiU9P=DA+{VHfAl7XBSMaI>WDdt&QmS;RK1Qc(=2;FUqdt)y z%fFwxA}ujh%r!hStkqmEc6>+1!N%`7#tQ zN=BsJV4KitESn>;BMflhA%KI-prNC2B4Vg?!$dtJhPh;b8(G6+cXuio>^(4YU509^A>-U$Fe2=A_Y->y|~i?nz~);_QZ^+?4sYgD0` zT^hS{*B}IhM$LIT$VE=SM5g%y*VgRTzvejR;@Asb{;Y^(V^_bFzO zb-U-#QH1=Z**Pgul+Me_~jOB~Y^&?DmxflD@_FQXcNk-O( z%&nE6SuE9FM0AK%__stTj7=^&L@2y1R10`0pg|&uLd|DZ0>vwsK!FAc^md(!flL@f zsemFo@X-%J7uAbLI|9z!VQi8?NzI1Nb8;%AHFKc{{W9-hCJq`jw|uL(5|7i8)i`&% z`aZfY-^%TKid+!JoT}L)Gpx-|bBMi?*b#cY{!wE;P}BAG?2=-0bd%OpoQ;V^fO5<& z;+XjZ53sfP0?)&+&@wZ;M>m&0IaY*wC0hRp(9b$rJwoV~S}FgdR`aZ#i}w?d9)iWe zlH71|8fDkV&+!Xf?d7C@DiPM7=N06uvA0A;w0@V8wY-Zc%=BqbF{5 zgSAkuE#HC*&9=%6Qe1t58Vv2A>wpjFX&{0J3g+cJ4P?att(xH$T0UrpAOS~xb~2+` zYL zvJ||=7*&XCtUX}P{$1G#xLO`$*>hiUvR_Sxt8rL=V$@)*HpO5>=P}F=E z4u-t*;YYf80^tgS-197hj=N+pWj<5w8S|%3-??#tTN>V$$jdr^(mV2c$+Es_OI}9? z?j<=?NL2g-#cr+&YZf1OhQ z)5L8|BS0?;)&|TK?XJ{k!cq9_V0VCG^CjV4rx1q*T0VG3P$yLd^bjh9b-YBQ5Bu}U z-;R${j7pU4zk~xI+Jicrh#6PU6PK&faSFcTzhu{o^ZSdj?YTsEGS#<(v^R?R3-R5) zF2Tm@?!R~*@iBBp21Eel!H>`%J=^eCu#pkF&iK237E{Y}$N#DhR~z3X{p0HG>l^e_>Rf-Bp<1nn%08+Af6#HxD8-9@WZYv7-l6SMbBL*P0t-*byRvW#tFw( z#AWqHnTr3odAWrb5U!%Mho($Pv6Ebn=P)6ia1*{RPePYZE}n1LV;m zCPj^$1uJVDw2HQwV8PS2w#I*=5|~JO>1DJ#38FsbW`0D7Q5Ja75xcg9N(ltAwNp84 zc@ji*K&Elzmdv06vT7j=H52wgw%?&8s_dhmc|>nk4F8DL-WxgtsakYE*rt~b>xjAb zolY1HwbT}P7S=Vj-IcZn6P=%K+;Mn;U1@m}k z*OB%KEBVdMW_oI#=G3u*r~ne$AXqU)MZm+O1Qn5={%GK7_^ zIaTD=*8s_=Olq^eyY6U)=GQvt9TPd>T~yMzF0{cpvyUHac%!Ow!lY#RET zf&!Ki9*>na3fID76~g(N7BVj*Bh|mCtK{dkNXyt?&f6}Vx%8_}1vjOZ& zDcA)p`XaLz+)U*DhQxqsYQVMfXIs$Ok^QK%Jjm0j$Ir*kkK+qpMsIz3Lk7dV52dId z7QdTYamDAJTVymRWj;d8@SUHY=G2v8{aMt@ z;gEDbDR8IZg)rFP>j*4binSthrOH<)EOWF>+c{r#b;s|X~VRY$9ygns&qxS1&IWl z=983e1N4L*3`{LhJ$G&T67ESk!mxtL=xN>Qh|>~=ep?an#gh)nWG33Gm1_QjtG=`V znaqI2*C)1b(=Fmjj#K7QiA7%AkYe;0>=Ek}G?Rc!^P*zWbR_W2?K&sHv-0s&2-wXoT1IfhU zwfsYm<*CKe9!GYEZbvTL&cM}3`k8GDBKQd=TxP=TKi)ZUj5)8f5UqY4h zw%d72JD>>ZorML#`hom&eAX?*QhcU5R8dS#Et-&)A3seR9(+|E zRvIoPGd8P~NBf$ty8kie;BSq2XXu7_q9yTt#6&uNej-?3``4L&Fk9VBNX9!$G^w;U(MNt0ebsLMnOF39v^8$Lm|&Q5X}YO0Pl7g2;fumck9uU> zjbcvOguzzi96R4eHQavsgg(C^zoLyA4V$_ed0o$z++3=5Id==hpfcv}04NJsUhnyz zIIgr^ZVUEOs|p81Ae#ZRV32dQ2(1KiE$+}+&#}OK*T5sg{^SPbyNrx9<}cP*+JTH#K1|96wH6nA%f{rE#KRcuFG@wwxxW-Sur3JzWx)JQu|)r;WCZVhljS-l4mNo za0BRu$R^D_po7Tm&|qr~+=OM^kYz0SR`7n(71O-lY2GrIkOsQo){U?Dz9nbEax@D# z~qrBt8O`^C-0zR4G?A1+Uw{*Vz>l;w*p$H+MQFzKq%c@6cI-kj6X zGTr=FYloKlJiNTZt*z1gA-(y&{tpzFhWaEDXNDXSO~rWGuV#WI^;>AzSW#ynq*jQ8 z1E-psc|(w`l$m9=r#5-0VERve*+W!BC}yWsmSuNu%$?&Y=fY2c%Uk$CDEvPk@)S$d zTskZ;k{w{&=`#@g5ba;Lf-F;xPZ%(2W|DKyAvGq<=1#oetsY-4xY5UwT!-|mAo7z) zEiXTt{yyHF+Hv*vj8A9VJX=Lr{?G)nt(#Agy|0KN8p?qjXsj>kmw|#y8wwWq!$J&Y z3pI)*H@WY-Gi23AYBW}E-gVE2P;R7(tl|9Q)^ay%zwEC%mFXIamIN9q^qHoL?lh_9 zckZaH){RdafFKGe?N$06s75RZRwHpt-q^h9kXy+W=D3`Yp~L*_I?#m&)5^?@3t^|j z1T!6YM{gtX4{UK?~QHcG)O|+Rs zfV-?n#C+i!f*SShBore{0?NE2tuI-BDN63fwfoyYf6?r}l@$Q=EZxJ`ICTHe>X~!m zZoldEOxaiqPN=Zvvd+!KrOW4H9`v2TlJO$Fq=0`VoO#dGLy{u6?nR3v!$hiyT$M^KGv+<1+fhK#0oZUOYSJ^TWZP!cd#*a`>CI0ClI;yP~#V`z4yRL(sv9O_q zpnB2LAbJeR)TuxPx$4EF#c04Hm{uXNu%(u=_=jF2+6$2(4n}WG3{E&-=a| zU?WIBnxRlErinWhrpXdhFnx1=5SgHL)lJ!`FOb98?1CtCNYi7Gr5Jk;SQXOOK& zjkV=#@kxq)CscCdU8(ZRYJ5LDMBUp6*#)CP>TK}5gSxC_70W5H^2!0S3fRakG?W`o zw1(y^=0@=A=puXNw{dr|%@Pe_q{RS&MOwj8q6KC@uElk8qZL1Z?cz@NkLemvP7ZH2 zfYM8^O1KtHlueDH>6ZS z<5E9F+fJ2HC0R3VJs2#p`J;l>Ly+2c^!*dnLm4cl{RBu3yDn zIT2l4i?*GZZ0UHKE`&<_zkxBBJwv}k5pw!l={PZM7ozNEjp6?o6r2x34aKSs2%li5 zE-{)~n&P)ze0x7KVSn9JI4z3aO@nfkL6SvPO%{pfbD_n@5J;U>Xx!}fbV9~W%XQ%`hTCdF5zXPL?+X^#DuI7l?gOppdy|WsV7c@_}5IFt| zCE$_L{TKuK)_xjSyI0DbjqWcT$Kbe~qM+{zKEyEn2^gkV-4icpWi$xUG5*pOZd~ECVsPZg(HP%6$lvdO zC_i%OGB+NlSsdM@pDaVA=-M*s-Z;1ZWgwLp25?2Om0BOkJ3n0EPCu)mWQ;W zlJYmrVez6&{vOSdZJKt&RV(u>Tgaj{au$iCWkmMfM;uBj=Za!Xk#=vFr>rl_^vg5% z8T~Bt+>bsL32{jT-I04x(ipx)$ElDAMa!2zE+3cPv%-hQD`$AYU4XZcIKqRzeRta5 zGMtB4_@-}q_zjwd--w6C$S~6u@STVx&z_5LP;=|ih@Kc*2YUIxs4*F}>?fDu^tWa;Hxw~3FHvLyAq6EW{c>RyH>OK0Z+Ujkk+ zu_%RXPo$ZqCIaoCjli_To1l&gvyMALWTM|x4O9df)Nk1TSrc(LAnVK^7i2x??(1W8 z&~Fbg934pdpl#Kn2-{yQH+VZ~pif{hCcABUyj;R?d6Y)rN$Wy-mmu`c{>;or24U35 ze_wZh%XTX}?soH$c)eahYG$NFCevGNOsYPnGs;~ zX$y^3@u*eF0aY0(FvC=25f2@dA^ZqOH6--oDp$bcHg7rZ|PjC47;kPy{o<{TBDJjr3b^EhA$0crWU=FMPKJ@sMDNc z__oX}Pv6jK@I9$hJ|8uq-Q-sH?mYJR$+#R%y!_d#PcYj6dFT8#Zn-{B{{C!8c^~}dB_Oh3e(+}a}kAbu@r=6gL8Vr!Gb^D%T8+==W8Md+YPA|dq z<%bO4AZDX*E-(+a31%T|FdDHS3}nQpb}Qw!bb~A|B}J)(1DhRt1+PKp^@h{DI&UW# zM8z~Pz%-rbbOB~6`f2_iVIl-i-Pn!)Po*r_$9(@o7{+ZxOh!oxzLJ|d;psjk@U@lxA!fs-$-;p=pvRU1iMYN8-ZqD9za0(H z6DblyGq|)OQnd!(kUyy}9*%=ZY;1*a1Q}*abz?Khx2btS9z4AU)0g^5LaZBUAWY%D>zgTimrC4_4 zosaaj50Ca*JLK-h6#I5}1LGy3-;o13*$>_UcxVk7s-!%&^bC;I+B&ZI|3^1^&Tm^pA&P zjVn>^CZ#xXv1@m|IG8--mINj_h*xQ{-Pp~Rh^}={7r?aoi8JX8y@yuM4#_hj<2&;_li1~3A#;O-x-osW^ZzcSNkkf2Nzv=};o^g0@;q^sz zzC}|m>}#zZ$7W^Bw~{S=JLS*Prp~bf>FTtV`O6t9#eBFSP%!VpB2_}d<7^F&b_BIH z8^jB)0{uu?tn>dcb=FZ)weQzgLb`{L?v@Ve?v|Dg>6T9EZUv-EKtQ^?TLDSwl5Xkp zy~pSKTkBo^=UU8}Ip^GUU3-5v5C{DKhmerQLAsD+`uUp|bjbdn;C7^D&-ud=X9Pc7 z3`EOT@I@E4U`xL9Fng@vXO3p+S*mXZ?42Xecm8nMIrVts9j%1pZM8PoDxK{xD(&?! z@tqBD@ojCG7$Up~tG>b(N%X!aS&S4&dZ*hzb;ja{dPYKQB+Xqx`9Q}Fogwyd!7k{f z968T)>>5U6=A^RyO(d>R8hhi*6YZ?C`MyJCx$dC;=*hXcowokh{l9g0|K&PACNK*~d>zG{NY$RDM1GOP<}9@h4(cbz zGA5&Z=5wUI0z|f0Sz2XB{&m!*yxSG?aUS@N0|$R*H|m>hPxmutl0Cg<<=eR4!)FKh zAZ2^`QIG~$qvJ`xGNxHyes{p;sL8A){m#tR1r7ULfLm_JUbvE^@31MXr^(0yX9V8e z(ZwSdA0Eood%NK%w)W3r4Z1-9>OkM^0zg+jz97Th10xU{UK8785x99Nsq?xikXrXi zrq&k!T$#Rq%QSmj-d%GfrPIWR@_vrSY<8b|O#f4ahc>n1#?f!*{M-0$+i1$OjW(rp zLEn=ZYJ9buV}Th@?^&(3dS>(!`yaE^CJI{k?hq2OH2bKzax_2Oci?RpG+4S zeC;kx!0{XZ__INHKQ5gR4|}n4&HyW^A8MAvj|1gZ_n&-A0hH-!9G0DlZt`3l^<87` zlS>+~W!Es;j*&;PFn{<1EAe1|n;I;H_R!Ck8xIKcMSoXz1kQb0bElL!wuPEQ1x;?Ok!bakZ5I zAm5O~o%Q3)2e)g-<%0#UQEs-#YP6B?)$3AQo26`|unjtR*rtFfsU;!`|ACbOqi9;% z{A`s%Y!YZxn$0TZtIXtX&PC2x|8^10`cDOiojm=3^mBt4rSX<|nDXVs@ZWk< z)mDDk+vW3dGp%#YvOP=O8SDW{51>oNi8M3l%87JL6UZizAqrioMNc@HUNGjnI|1K@ z{;P9%CM=DA@>w|;ljxw>zSVry!ZB)DIoS%~;Ekn_VHMxT`7jFN~ha1jk_IaXQ)QNO~@9v33*O&)*9j~5xzzt)w_&#r|R zF4+BVzf^Mk;PK%6uwcM8(2?zfCWWv(PV0#s8b$@2yM@#ct{gFo?`rn6>t&U^YfP21 z8>>d8l6LN#8!m4#Qx{9K;3F%(iHab#D5)rF;WVIB&)2kKA8a6pvYC@p+GeCQ?(rj` z@Y)Y<#I{y@`((Q-g0e9F&r41uWw|P--3^oa-?(VPg;z7WfO=}axge-RBef_fkUNNT zprWK+fGL4lW0f14h?998+>|d7@oL-|gevwPdsCo%ix}DKxdKf_HK%6+$XSrXoIZCk zjTJ)*yyXZ?%4(Lc=%el*H>#z6-wZ6ed3xC6Z99(i0q_1%zD-@Lnqs6GtyrsJP&Yep z1Byk#oLx4V-NgPjxQUfQyV-4}xp_z@%p^|pjm2P5&gKvOGMZ|3T_H()Ow^s!-o;w# zxPBRfzLlz-*H%g>^=am{M;^v%WmBx%eW1tUhdI3ug9pT`-cLRhs+0rU9mmRCvzi4J zMaWFG2dAEUdQ2w7o&dBJ$lziRd>kf$Oiv5qYTU^|K?To8oFPOyGT-<{S_`wf%H-{oSn4=%_yK1 z$;hujZR_TR?=3FBbe=L!Xcj!lyg>^-!@K(gE$3%n`QMCOp`aUk3>#A89!(Zf@E4F` z$-RqUjOhQdeW^o|9E6*wJCA7;BwKB;upD85eV#sUi@;)=RF$I~ypIVNsrOGh1A$j7 zD6(}Fr?Z$e(%y3j1JBX+BDVA8e0qQPG;|gO(jwpjQ9;s*XC0(dv{cKD&V>K7ACwoz zh}Du7*|^b(4|>k<9QhD3o>$INdu zBz|mYhl^dspgGh7Jl!=7geUe)gXd`+9mX!sgxQso+hWy zQp+^v%`o(r-ZQxJ!xrEfz@RD6CyV#h%xcS#y#KQ5R z%Uz2{qW<y3@kv|$~4F>OH@eXuIH22#GsvcCG1pV;JnMo{B` zb!`2F|H@*8;bEn8Ph`Mi#z0~j>qJs4Ii$BDDPh%<@a3m)Hr^U3fzPlcWtW|fJnNl? zj(q`b3*_l{rjkV(wlxVl^P%R&%!MCO*i~g;d5nnf`5!Va)Ai-64?$rFpq!&Pm@+MX zL zkSl;`yo3)pS)hD~BX$(+Mqnv8k%X>nAeph7T1NhiV5b+yPL>(A)7KzVd;GioG(>ONn?Dwt#9}_k_2}zo!PF? zAn8qdHN!Wh45QVR>RDu@n5x;AM~`<=#C{?m59k|uJl*z33_E34F-htq@5fO?R}|_@wT-MFZsW^ z3{OEL@Id)biu-bXe6~*Ifc>iaMsI$0ec3@K_6;_A^AGAmZPLEB60M`U2@in(WSt5D z{X8TU7MA{61*Wr}QvNnjWT-56ob~j|3QnEnv2JTB!eXs(n3$!?HZTmeOi7_&sU)cu z=P<2XPF<)sh)o*Bpe#G4M&1pwx%(Uv4CdqqK;#aoqMxu{nDGy}L-pEs*MpREQXuDF zIZ+zJfp}=i_A@x`f-z$nP}`Gt(ZneyU6ovaJA^Jxs2K8)@gjv-zkyx{FhClCw{k2nFAK=47BfpATkMz%zD0&^B_G2fPtlu%moX1o9J1akwQpnCf7@0PDBPJ02ne+x`Z~ zXEmFV{A-!b?Ob&P?fyhY!-N9}4XB&hL+rlBbfz&_Kw}1D)G$ zHDCYU3sSRy&+bIJ_Z52CO5}1@m`SQkhE#5}fz&4c=F#qf!^8Qa_=R>osYV4T8a(T( zhBjTD9Xj!>9jf81f=1EfBHF>@B6_g_-bKiNFI;JauQlL>?jm2{NuX$hu$w1&Jp}(aN5aj-SR+hq`^MX3r<%ayV& z$L|aS#Vf;uIV_A)f8?%p>&m-*PG$&W(V}bn11lr)X_Vid|(%eZlQ9nNiwMJD1!gW$rs<> zgD}3@=+m-fX#XZoA@%f>Vvq37uh>jZB$Rx;vtZq0$!=$OpOz#cgURd)I~DDwVy5LO z+>^bLYgc&R7HnYytelFNzZl|pyEeB0_p%gEZ-Erizpl))5;KHK92jyto9C*_)UL@H zui|p$v*Z#GpMxY}ahRpZAbv3aa3VvN%DanV3X)S235Ig-_oc*EWWqX55{+U;R8!S* zs3aauH67G{IF)dc=e+>sEX-XK(7&-kLHH+~OLI|U^CPcS$L_J04h+(x6?xdV-~W&o z_yr%{i|nO$WI}L`xJU`;hRWsIPqes@m%(yRgP078XDjmJ74K;QU~w<^JGJaA?Ti@{ zAcFf6M9x@-QtJb#rv&!WzgfuY>ANi8lxA< z&w}N~?<{|wr1HAsOn(JU-{rkH{=OqA-huXIi=%r!#&b@+z>V5Cb&;PAxQ)x@tebnK z?7s9aaGVXXo7wY=O{|7o61a1Tl7n;+h4?Xm?g~2Zm~M9V{nih^lJ>3n29EK~?EDs$ zz5%KlvNsUa?MsLyt7GTCJ)Ou*`4G{wDxw7nPly43%3vgmdCAoTtZwODh{p3v+E3!B zcP+6Y(7ArJ7D+N98Yb_GX#dDtEx|8TpT!5B0oKLuj$tkjG&1##SPB;3VTg~5;bJ2{ zx?i>{(r?H?bl4Lj(tEmRNCQl108Rxo%EoAQA}bL%!fWU;IWEZDe_f1reihT6OAJ;= z=V|UB*0@L(M^}Dp)GmU?!?#Aib#(53cNA7bF1zb@<<65=<%8;VBr#;uQD`9h$`JC$ z7~FfU0Zp4hn!Xg`{)!e9aqJffdzo@WJeY7jBP=p-a^lkWxP82+n}5oP>S(tcw;}7B zjyvl)TG}Q7CnR}X$O{;EpyMzb+*OO#)rNkpglb^9AE59-d@{4?K&~O0b~|-Ow5{a% zU#i(+M;W0@HhVwbvmLpDI7j}1iVdK0H2ShK5Y|%WuTUBZEeC)bUw(W_-_e%m{5Gz7 z{N1v2L-=x>j@oOkxb(-~lKH9lp4r-=a{ie9MZL3RuR!cjmxssAFE_0+3a7ka44B#r z{1Hf0dk+Kut)2d;BW9$%U_nv5-k(+s3m$ZBYHN{zJ1&m}8T)08*IYErC2mb>f@&wZ zW5NCKz5K4@FLkGD-k@W%3qkRhz;-$EoWdrOw1P+Xzn*bt)IS@?KWnm4yb7Y58oBv< zWeS8CLkPY3AC|o5w2tZsMUo^MOOLUt2o+CWAso{AKn>5OmM}1PhKRL zVZRMKTysRTz>duRMJAD15$2GvuJRF~OCf#;ByvIh%Gj6emyf_B;$b-}Av z>lkxE12=fG7{WnRew5KTy|ii^&zfES4KNMuA+h}1-NuN{R5x;Bti|Igb+Yr+9*6y| zC7HAnUlyDEc&#t(yy#^!8mN-395X4^ys+IYU6ATyap$qX7C;Agdb^1qU7ej+@%vvH~m=HorD4sCk zz>V#e*8zd+uba2z323wn;1qxfOOZ}3VWKNPcXj54K@=Pss+*tNhshKDlKkAxPD$Yu zLK7x1dzD9k*(+gB&{H>nz25lDUxR}3=VG0D-f=0w5E>T!3L%z4z0k>4QU%OYEujzN z73FgsM-Sh0Z*PV&86TdC3g`v=zHc_hxVCMbVI`gpE}iU)TI$?ta!)v6-F&&B|H=D# zdY%B@K=W#d&GE<{FQGB( znuAeS=<7za%9ZR_ye}IQJLcFkjIA4~cI<#Y{Nt)C;pk@TY4r8mAZp|<;t=_|sj`8s zI-7h|a>+pG*M{>*0#f^M&d=rfefJ{E_5#ExkxE`s5bxtBGwQDv_}_jF zAk72s9SjYk-S-XS{S;CrEQlJ=zlDH05r0(B!p8$5S7g6}N_15>V;9w31kP?W9=Emq z92xq}Z}dZEI6wEt%`AVZ_03S%#`@+0Pb3-9)LU+~c>@(rWI#5A3#@|rQ6Le;N$6`H zsXXguW$|mlSbk~M&WNi+WWAr&Fp8DgU*5k6B>M=fAhq&W9xK8B=O10&G0BrtZeO}0 z*iN2C;+(gtprS4icb`9as&U5M_Zd*da7vJq1;0bnfdT(^>@fJ|@!gbV%=d~;VQ{CU zAiMJ+>3$OQ)+bW#%j{#z3wW+-xn-P#=8dl{APX$%fVcDCC^m%bdbX$@DbY`Ne&s9f z_~1Wxjk?cq%NyDe&StY~Erfi_YoF6VK_+u0^oF=c7osCZ4t8l;nDZbnWf~Z>A{lVu z1Bi!+OY=p^9Ne6+rVmH=Ui$@Cup|el4{aNX%wK?ewj6(4K-TASs)Vnm`dc(#9wrYY z3An#xsNboJF144p?rX>=vEw9@#d8?$51Yn2q!$ia2K8fFsPEW9vRf8AV!mbcCcJO7 ziTC)$@h@i_&IW^Sp^R{L1?p%fhmKENM7)l$@RlDmg+vdr)`G~q_c9tCHnV!nZoW&o z-Aq3aJ`6lCJ`9u!-E3Up%{twWM) zdLZLS07tq-waXPTNPU)s^bAGcJKpu!8BG9wMK${9pz?c; z>6Jj+3F~ImeUg&Z1R=P*RZ{q6+Ej(+1PaGgKQwru7vJzJ@-ex@CT6G{tFb8vpx*exoRd(!LN?9|B+@rDiJqvF$X{+WB=0hYP2 z-k=-f+;QzGD?c$3H&$^PcPxTn02n(>i|NzyAd@71H?^0`|1>@4k6OMqUa7_yq;h=0 z^I`0rATQc09TX>GMCaH`6;w1}1LA3{J%$)~`iPUi7U^{H5*5u=a1+Nwm1jr2kA}fIbL~;ZqoP7r;%?A2; zr(G#ARzUSlr~yeM6T(|f*zbSKN$wnXw`6fc3*3&ceg%FSE}I`%S#2XT2#JVs2V03L z@Ek=Ui@#-Y;VCO_8HIDaaIUGJkXnu*ud^Q_wfdB6d zUa%Yoy#-)Tsuo@@E8a9+{UI7k04^mina?-wU9YE~(2WP#8#6yoUJKa_W7*-N-GjKB zF{7NQIee)XQg|u-A59c2@HgaD$eWMz|A^bZfRYpN)g}~R#A=Zb_A53jr=+MPT4n4y z<9r%pqolVv{4EEcr8LBu+$>DHa!}1Vm{>p3JjnG?_Sn8&cGlFiAbljN#bfG=GKR&7=G&716iG(ClT_ypQN(d&PZSfzd9d)Z| z9KIBFF5A2)i3A0xmNMee#v+re8d*UOCeGY^%tVdAkOyV+nXGA+2HMJj!!mlX>Vh9z z0E{0}!g4_+ua4Jj5?R3%i31O!Dua^Y^dNSidTfYI9qOuSL4m?mmLP|(UnU%!)&mPI zo=1_;q_wiVtbDZ;_Ni6722GgVa#V0^@s4yQ`fUjOWOTLh{e6Yxs>yoX7ad3~s=|i0 ziPr{yx!huq5+A!xmQFM{{wAtA6Aq)L>Zk$F4GbL;TqI0&-FCWr)FcMAD%E@3YkQJ` zm{{1G=~-bxLym|a9S1)W$uf64JkeAjhFy*hucI(3UWde&^M^n?xbY6n5dri5FBC?I zlh_zQgw?vUQ{*H*HUugMwIESAY!2-F(ME!2b{KtTnK;37s0-*GaDce_x?)5yF5R!U zWEXUsYBx*A&iGzM$TD}=d}m0jcO~*?=j>I5bX@v!bv*W<`(A%}?JIM-oVr<`v+B>T zwW-J2_u5lf`ax+F=QMcEW0UU0d@c14a@DJPJh^_K#3`p2G@yf_HeqC?g!n-~EiD1+ z7L`#mriQWx5Hukd;<o0R`#HqBN9PtiUgy1$SCX#in?}h$)&uJYo&WA{dO97k`OZJ8?(hY+Ji(9<~b&*+20gTQs<)wMIb_l z4#^Zui3P7`O+j0a&oHC)g=1SIsbfdu zb4Ql>-5xy@-u0}0J!lsRuVOLs_aX;KrvO=L^&4#GdOr&44mcREW23fn@S&TBc4`2( zYW)S?>0{DD`rR+0DowN1Rao%a;C`<=^bx7iyKqpTWEB8Otz=6=XyJ(Zyjqn}hOSOW z`#gJXRYYoN@v329>b8B)L3DxSAF^-{Z5q?reS@@ii^c)w&|kJm?3M;mw1}=n1-QnPq{V$n!UutT%ot!h{Zv19dV4{1({)AEoodqskIt| zb2huTxG}R|;uk*V9A^xQ*^|A6_n-rX`zk?4>Qwydk_-BEIbSSBg+MGq#H-ZPu5E>z zH>PAMDe-X3)h?0mgQTxPd4V0*joE7z?Lj*m+-hR8RoT{%zBsiy(j6MGwL=biaijyU ztvlo>_$vJxRvhnbm36TMo)vFlcqsF()cU7iOlLpx5yuQkW3OlXOeVu5+d7@`S61s5 zLus&vbz1l|aYEdx;pf}R#06gMAOCz@aFAIzLjoQ}8bbsSwf3LRAZW!>8I>A@qW?#? zeNwK%L1b{^&6u!`?lA}kqy_50gnTv%6obv7BZ5f~%Dmna!aOn7b50_TH%qsPMgebx75taI1go&`^KS`HF26s);lMG6llj#4#y3_%S~0=P{rx?y}VF<~L{Mbw1e3x#_ZKqb{ObK1qEu_SfLml{0e!f2c_!)iyO)fbU#M4GF zbU&bd1<^?`v+o=-F+*>OepYd{$a4MV2EfCZZ@O9YDO0gSnc2fz$1@QuuRk1xhKG<7 zPsJ%DfJUnT@+_FZ5wWr1DT{6yvsqh$M3jgJ9~Ub(gC{rhzcziq_$CnRqfIjS$b`Ph zJ4f2H(?Hg(G8Jd$|68}u<0|i}j~x9fcKvWd^8y`3+7VdXUme-h-LtMr&io>Z5b#9f zBpN*H?ZJ9jt`PI(aCyebb0y&39nlnmVNco>-eA-pZtAeciXC=l_k>7EBzb<3po7E` z>2i~zF-QlLbpsl+)#(Lu)wxfEPmH=lJ&?HS&PDE^TkZmS5m(J*I7bT{!KfZAgg1Cr z7J2eR;tb!Jxw1Z|>CR_rL_yo1P6jake7phT5G^}}!GRD{if7yrxCbQ{cUpOTH>k?V;~S1r!?`yeanIe@Gt)v|AW|F?ddLC-ncH)UBWo5 zhb7W0rt;&dLS+UaAe~vbdm(>Khzs+#Ci>of7-S!Qp$DxDAh$#Eg}BN73DWw0ivJxi|1@Ah`rlER!R`77bX%e1+<6)$QYCzhXn3gnUG9u?6r{} zBU9)AL|%QD31+C20*zv7t3le3F1sLP1Al+(%h&!1LSZV7WIf^T`n}10Mr+^Nm)jB5XqaShXG;1^ zTaM~xxd}@UlP~6FMtI$n1fn_>vpMTbQgFi{~$*bl9Sr~_CiTz68%*?aSllaU)yROJc9vF6^Dl=So zO*|X)nEV<`)nxc|UD+vgCx`wN16&>ajLIymy~uu$*aMW;y>aEzN|-+xF(}HE5k(&v zwsge^0s(b^r+dQ=CNDL_2^-$)x#mk7PEvVA4>hN+ zK&c|Ou0L2L3FUiHTnuwVq{IS3&40y&6M95LH&I|^VMJK~5X^)IqMsE&_s_teo5k<; zc>JQg&>(t)sk$8m`F`P{;&)`-kdKeL{6VQXB=vTa2AV0b{Go1plyL8R@Ir+&HR6II z*aXGUSN-#`gNIaSC>BL7O^A7j;leMSFvCdbv%?OJl*anB82tUE{XAu1paoXL&dHPo7MGmWp@j74JLen< z^9Hn9^NDeHY}j-ma=s=i#8PTdL;}Eq8%;=NQf^Iw2{Fou%xUe|=*@jo^v!gb`ptaN zpPTuC+MB)>vzsm8;Hn2cfqE&WoBC^;Gon8uXI%?8X;^-+oDHjeLINPb^8N5?GWGoL zn_JPPR}b&bl>|TfpuK0TFt%-P-Ws7%7s|#dyZq0HSu#_--)ou~nR)tVn7pH^45PDQ zQpD_#>a6kfSB#!#(FT7*y^+LM%n%-Fz+j@r)RGb-%>mM-{1pb2{V{R>&6nmHWKu4B zhKFO0_&+BCfd!#3wLTm(e7h<(RJ2|4wMbetszq2nTsKZ<& zVJd<$b+AafCzYKVn{-r<>o+qK3S=7>H#Y8k^5V;;cTYe|Xa)*#baJZiD018-_KC&Z z7s-Ey!WB+u&$&xQu?q1&f6UUKi>?E>1sfu47xt*7IQA`9!DQEi3Nkw@T&uKkJ~< zn7p@xgz*MaZ^sE{c~CdL^a%UfU+X?7O*=oV+&vZz%n!Q51bp-+`kUy1qN2IdHBt`Oy= z?AMcihcj>4UB@Ia;D(L~CaEd3BSanMKFMvBAR+;$mg$I8U?QwsOUj zV~o4K(VyEr1&^3XSKMGkVnkvb3sKhs-iKmBmb!YScu&nI-P+XL(NM}NOze*|`?w6V z5?}*l#j9}20Ea3DfF-l&q&WR9kk7ATDZcs<0MvtyhX3;uNLKIYFS;|R17Glj!~cyt zj*8}LA5%Rqd+XB+t;S_hyK6V|lg_w>g1Jd|@uBB{QU<&$LFDVy-39dYLEwFFXV$nv zwdPP=@_!yGPCyN87>1La^n`blNOC0tuDJCtcH#dKy`WupL{Q1IZO59HC^;CqWA%ag zWmIyYI`kxYg=rH{;aHH+h?Pwmo$~cD_|S3Jqgkn*Of7ZP{_Az>W7LDdJhU+{GxaU* z^S|;>5r6j!Teea%Eh^A}-}OM|YufEqq(FF%MvTn&VQcmL367Ty5m_ak2BD1D_uP4l z=XcB9Zx_9Nx`yZa;$P|$CO;q zeEEYr*5*6juLFC~DIDMwBZK6_KM+1`Z{{}(^T(A+xHjZ7mArOUdU%!o-m-R;Wj0X} zAmCEGn4q=2h`~SM^om14Ru8tJ&ooZRCVxa|RPWSCdtHB^MdV5b8W+a?+ z|En@B)9NG&@_|xX9wqXAxNc~W@Y00$L73 zfa--F8*+!mQzh_RLYXI=QK(S~#W8Dkiy4vpF+-iwl_nH|vJDt1P2>T_;eis#U%C8F zl5nmIYJ@JCV^@agWWMRbvVw}yK;#Js5O`sf48QQrN(1MG5@86r#^eb#5&}umnl(=# zxD;XvbY*W#y5fGgKG3ui`a^d&poeh@r+>tw{^z#~Q~ugs^~HGVZ0aN8t4(o-yyTDE^3X$4o;7oD_0(FJB;}lTTEmE^xdZ4~Awu zl!LUUe74`9BKu#m_2dKa**MaePy%zEd_{H=LpXHmGaMX?0{il$uh{Sfn>aC&dF!X# zJIv4Jo((^f3xrj|+~u+VY)0D++^%4rqxx5zi1?65pSFAy;Ysyae6!H%WvBFqu0}>R z!_%Sp$-Ula%|>{}#}C6q8Ul#PnESGLswEEI z01{JVi^S6Gtyo3r-0|tGHWyX;?wPvND566y7UW{RX!Vf+S&LLbB-i>gaT>AoV(QS2 z`Ny;ewD!)*FOOrD`ME!6tt>_JVKcIt5Q8CbEe3i63NX%%-)W%$r7Vy<@rg~jViu>2 zS56Z+@}TpL_iMRR3my|jDd6-MkAOJ}qK?;9orDW?m`m|ug}&wg>x4g0Ab$z+;56*> z!0)T!{=TZJRIKV)z|Z3I47vV#V$P{zd+JVFC}h$eF0^$p|6M8S#O8><7I8bD#)vZ3w%@dJ6qxDbPjH*HsfMI`qeRs}fv&K+y> zbNz>!15GZgx9(g{_vU6KMlb&sNBL$i)c_(jD~$mt4c|yWG-%<(@*@JXjU&Y;sKvlm zm%1crElCH-c6cVWu+;Rwms#lPUjhM`N&@jhy}_~#9mJAdtN9>Y4hvCjUWYVZhIjm( z?OXC(@5-=+m{C$uwEA)I+6ssKJ!iU`CA`a>zQJFxu=N(eNegusG;> zd*^7>Mv)r{ikF&`QiX5OvLR9YV9;xVOEP&ka%VE9N57d%Bu&T`KZli*Gi-3xxz5su zl$zWy{U0=FcY0`UdVyge0WQk(AU`)57Pk^uEktwO1vr?H#Bkw@F`b~q$@IU*3NWd% zmp4q+^3dAcC4Uj!#Q&TM@&5?4^j1k-(a?IBI9!qZKapFxQijeSpaLQe z18QBsY9fnFS>v6cBLX%eYEpDn{9lnqO-rko8;}L$Ra9hq24aLFz8>OIvQ<2Oi|Q^q zd`xR)Ksd1hs=0aLeE%-Cp20u|TQ6E_k*UhY zqm>p(?aNMo13E>Xe;-Y=LuE^d+sk`QgURsvJs}-piR-d~{9VSj&H}Agp&|>+vZU53 zouv-)QlLeyk1XWfp6eq#cn)p&s125A;Z7gQ019_1zt*HXp|#X2*|BmkjiHtDkMrBk zyKQNnNZF6WtF>0NOtVvVUXeG@Zc#FR#l$7CsLx_|;i&4;$aq_l@EX|Sd2yeyLxXp2x8yxDj4u@tgCwanJfP4-nr`X2U%}2T=Y<3@ zOvnZL(Ci4PwitNelHn-Hp>GF~9J$tsU6=OL^?h0`4{j@AIIZM*v&YqU&sMGaxz>>pWtABH!K>`WAiaYp z_1b`cIG?mUn@}MY6Sw%JHRyjf#2F#SAT@aAoXX$8EsQVXcOxhGG*)&q86Oatx|$iE zo*g|@dWf~?O(62OU)}TKYwB6m{K|XQ?~rq6L*~WsoTmpQw6|C7WWq7JD05LooiE}A zpEznlP)qWw%nf36I!IsQ3VGfn?wn4jko8w)dm?puUcd|9UDys)ii91O25;O7N0CL_ z|KwQMKB!H}FW-b=Lh93q?D@O8^0|}StJ3-*=d-Pae-_`44lXV{ZoLlfE6uX{Ag1G> zs3ZG!$A2siIbqo_F^R9}*$jPoX zS022##!U?JJznxk-F*=h$Ql+zS4{F!B2d?mhisCl!TMeaQTgWJWq?z~xU@L=rB35Z zWW_hlzMSs7HwVoZ6Z(zPFq=nt#-vEusPKP8*-q!IW!V3S4Emg)b(QSunCJKwhQW~W zMWhpi?=qky)?C}#@i}4P6tVWc_9oAHzb|uv{xaluMzpm~TSII}+xx$gaA?ui(dyNo zSA@Mz@&AKY;B8shuAM5%#IiGlu9e<7ib#bHda?SDlxyTgrnsgtuBv9ypg zGwySZGDzv&Ivs?f({Y3-E*@^8sYNqlk@Yv+$15_#*}oRX6SIxUQ7;Wp`e z<5>e8NtMoLE4GKMBJmx5cV-9L{jYVFV|t=qe4L2?e!aWOjuzA%EMxrVhxo_oI^+8e zDuOeANQ19tkeb}UUWU%mri3P5;r-C0=FQ@|ZurTQ*x@TmqJm@D7Py1Er z?VDe8v^NS0?~$I)C3a@FjvKuvM0k-!iZsoAoO?j;aY~&Y&?PB!}pIfc5k7qdJT z9W^w0)gaYzz#-)9`%u!+t|}V_9PA&}iCDOS+)UP*>NH?Fet#1+>j=Tca<$?qWjKf=3%Hv8EvmMj^bS0}i zgu5j(Iol~L?kh7l`8PVAa2(eu{Ai(h5>$y*l<={Q*#i2h2_9)3@jaBP2CMt72I7Xl z_}a+$@ZQmNY8De`S$Ri@1yi1CnxM@VTC693buMx6%?<16kSNCFJC`8lb0fiZ`$oV) zjeYz3QhAQ+CtYzn`W-f$G$S$nI1tS;O(G0)#)EEkckwsz7IUYyu+;aL zg&;B2T`JyZpD|q0U7dQ2c!ifE;;Bz%o!q#(=cvTyl(N^Xa{xq~Y#`W8RvS z^FPwNpLv^qG*FkIh$U_M`@7PQ-FFNUb8nt^_jqgDp)p5Sh|87lvFe2S1&hOBgi=zv zpPZlexd0Ox`N544DlrGL(IMZLK7Qu`WW~>^F+#;Tc+9!bociq%6>#GIv)=MAz=e7J5m^6G`0Zc9P&V#u9u5~6V$vC>vhgtXx zrCc{P&%eX>QhF@jD0IO#UNhi(dZUI=(+(9%a`9L`!U~sz$JXX~@ak^h17>kv*Yc<4 zV#p?4zv)Kd9vJVqgFjYOCGtx0N!xuc`@_kU#Ky*?_Ad&zlv=?a4}p=@xa)&c45eozuC{PT>c)4Wd%!*EfMj>2TvJd^SGRO+KZG6$MLq zoI=~Ps-8E~;}YHc*b5}c?y%imo_Mr>whV7AP_bQCW0=)zjgR)mR8I%()s6-Og)Y-@*@qOcCvTS`?6%sHnn?Hy2{~c(kM(`q|Cry;z_%|8 zljHqSo{Ey%^|b}dYM4m@ZP`=;4<65=`Q7?7oT6UM%SCGf)X2;aBX?rH&ry(pRS?pif$THolJ60 z0~tc@rMEsYxd`jFbC&rxp0Kk;$GOkhAT$?USps$ghn_Jxn89eDo98n%KU5+!s{LJ7 zpE1kJTaT0IUNHE6ZMdnbnatmBC4VT$O{i>e_Z(sO@%jKis&LDG{`?)%&t1RsL^$Eg zl2aX_p5AaO1{w(i94ui^IQddNI}gEhyhgZ4+n+OR1SH(geb9ZsN%vMS2p|$c0^t=p zyNa?95>gW54Sa1Tv*zeaZ3emmC8|02aLfusx)buK)bwZaNswY1!-9Hcjja&jj#P8w zILua!e9hvrcCO0w{8@!xKSxoJDJj?y&t=zdPg|(z{WJYaHMSLq8L3tO)`eD7>gOG> z_y``cH-`0W;sl(^O}9&AU^woQ++-p=(cLz z@gHn1nXhrn9qT$PuLb?|(|nj+MZwpce}A)u8xj(d-?R^d95+iTXh%?bkf|cH5uLIc zA0vMInP{I7UfAXAoft05%Doa==(3cN*~XS`gkBSN&cF|ucfEexkdblVB>hk+Gm+)Z z^>GDb758h?9S2%Iy>D};w2xnqJ^jQpCtG^gwL3U4u`fcOWD_CsakhKk{B>%vkbBi{ ze)r5_X%{y^EzLetT`w*?Qqqb&r9AbC9ajcF2W^c$WBYfMJbtxAJ_i+x{A0W9MAN!g zX$UZz(TTYS%p@%xE}_N$#`$fAV>t9xku6#wK;}_&dDn4!{G#UIeS$aT^Bm0q$}=l2 zykXvgx%F{t(_0xGH^CPNw%Cbo4j4jf?G>p^66ba*Rs78y+j+S}NQ&BM@BvxwkTZX- zjpS>}_7b&3=iM59Z#FhxYIoAs$Vo18Q#{|mHqLkwX_%=p?Eq>A7U{`Q4+)B$3zal^ z$4*ZJ^q+~^#m6;#}ncmcP15&X+mM-`0a3;w9K?plzHLUgrxeHUFh?#}i47OI~C4~v~78zh;HSuda^)7e4)YaqZTj2 zh>C%x3`Q8*{j-@%54O)Q;EWtq10EyQ<3lg@;$wtpPC!aEiKc=hey5;rdwj2vQBM?i z29~l!;l`53g>eUZ`zngqNYV1Vx<;_UE$+O!PAtl|$^?&_@|K2m@>sYIX$t>a{+I~j z=%0=irFj#s*V=CT69GT3b@m(dxt9E`iI5-f(Rymec}(V>82hgdT{4@mAh$9H>`rT# zgh;RUQ%aDS-mtr9aLFs{A0>fjf%u{&vCH+hY69sW<#_gnMQ^=zx(3%YpRuF4zj@Cm zW)J>?_h~z@%XLO};!?xMbHU63EwnM9$2REFoPK_ECg?gWDDVj0h5)Ug7*A%vivuv0z?`Vcuus z-Xn;{8E^KHRrqr)VFvO(yMQwaHZR0D;7FaWJ1$ z%C>2^7}Vq;7VM5Y<~bV=xmnI!6I}0^x_w+P*c*kYCGSu@p1SqJ-TD07JJKy&WI8Uh zg(Nj-Q{F$IG;WpR6t@ccUd`G_$yN1d2sN1h_Reg+7|I*GsfXY(-=fldiq-klhO6g+ zyWaC{$Nll0$#y2qzSh?(iM+3uG_&XZgY3>XT<+O~gfD$C@@}74UrU<>2KX(ENk!;Y z!AxypvpG6rEAxo-Bu>q-ims#JDs_z|jyphr@w{;!0jg=mDf=S@0x z+3y35FVeuuzfJm{8$v7%BLUk*1h$5x$Q>j|E&eX}Dn4W1^13FM+4HG_>ha40eI&ZM zu*-wEajYb|nKgZ2l&b!1^bKC=)an}`%`(qbv?b`$X%8G(nh+#e`UK4kfBGdumDjZQ zDcSgXT2S=(^WgmZjldS%QtxkY$@(5zOKKi`{1X>t!N#}TI6P!lT8$FF@zpjHyMlg4 zr*Musnko#xE5tX-Z?sk`rv07y*Jvv{pn~P?kFv*KwDU)UZ>!6;6ZzA-{(i@&KgoTb zsC_*`t3!(Q@^@p^*BcHV(3baH!~Th!KD~HcaQ)f24)^|tP$Lp|!2^0t=~EoBHyM8( z;cmzt!{6&|BP}ZVAoi90>RK-BiV0Z1_wiW{w*vbPg57%x0osk??dNN}t?0EE^N|Cs zR&AFtEqfl}q?-lEU+CVds```4C>y9#1>PU@WZ}P7mdHKKVA_YDkyp_d|214@)pS|g zlH0u91IxAIWqnXRa_95<*EuZ9%A=+mo>7~=-@1=}mCsrIz^sv#e%;Ue)~I0aROj73 zT!=RJX89%jT-@BMwg{n+mYNR+H-3OVsFD zEr}Dys=3)Vj`W`1TzQ;e_pXq=0e0^~5YkDQvoPbMejC>LY#zu*{g+9__d#wcOq;gd z`&%Pv@MXzNn{oOt0}vZVStv6xk0I!gZf9q)`;gH)o;qBFZgvE zq#D8)?>uObj%DL@C)^0Ago;ksq`k+2F48!c+Xt6Ok;em^g*!PX;L1KRnSJ^iCyG<9 zRiUVY$vn(S4o18yjZTLCOY9P+ZbtCYHquf;)I%j=BC_nq17} z`lfyd+e;REDUq}`_W)c&an&T|BCWocV4q>HI(y2@0i0rPv%0}o)ju0S;r%vCWmKmx?AY9i_F4p+)UrOV$b9ye~r`b9JQ9|Cf#F4X+bwD9K0YI z0KY{bCNDdQwAP(q>N}YD^19eNjg_iUX2mK{k+|mJ4#>5`;Px@P7q&(cL=BL%hCfjR zHqhw&HF&m751q^c5NDaSRp6lalC`^mK|5?~@3ZkEt9F*8ff@^I-K;(3fA>kzThV(A zeV=}h9V0yG(L@j7|8BxG7G@BQ*NbxFPx{N?C#b_Iq!rr4D^-vpYk_ga484X&cBnHA z7;r*Z<;oQ?tzeJ=EpyUqp=73lRHjY&D*kE?{?7{qI93_c!`3p(3_s28pg-@we`9A> z^rt3^vx6y?X8Ob2YjC!ozM^Xf%|yhTJ^@?ia!u{vli zwczPoZnY_cZ;)lY_z|q)7mEL{munA7Dv!c#Vxy5YAhzlVDv&RFDAjIJ#2Wa(Or1z1 zwYn{qZCGoh7Fcc4Za&gQWH8sw97od(!ppMis=3Pcz_M{l^U+N9(%KNURBSbi_IDxO zcJ}|}&M;i=y}xtL_kHI(ckVF27Z~VrM@qTlWqNEzv1gg^&9dgutH!Bzs7stw@$)LrDPxxO7UVv}sf_jKDr;Z_CQ z(l*(BO2ZyWEPx37*c$LqZ!3^fn41s8z+W`fk$44_i@$A;_U77vJWr75FS1NUzh84U z1PC$%?sGc%bfuoQ2Dk3$aA}^WC>??0|N2 zqt!&-1{O@PpG#j0r3&}nK^)qitfRFlG`F{hB%%a`N6Ug7HLl_%HcAjW=ChO#M6a!z%R4=k#N|MenIDYi;;zFwY$|6QL&d zJ;A67D9rf|i*&Ki{Uno35M8|VjHgJv6ZVo7@6k|im_#zL3b#TZj=vcd!j`h7E}_!N zhXkW3YHDDl1sGfC1w00^qf_=hUZ9~}qa@u~-K}^F4vv?(px5s!KnJ>D_s2;_E~8sh zgnLsYYumd6VRB@QaFPd;BWl_e8hNz~Q$1}8Fi&aE3-5Ok>HCKK&(Ojwk_;ECx|kW| z9TVh?w@f%pO%I3F9mWI}JZj(bH2F#s(&ZN+_IYq0yweYO;R;FjZH1+ZH0oM@n?h#9 ziVuMjtOX!Ni1zvsIm*1;s_$0tHZX#m|BKz-U)d z4|0HbDo5L*y+85mG-0YQub`?0C0NzFRMd>hUfap%UMipUn5#70x>YCN1MeCi#(+9= zpdk1WHYssQZyHN|d}WmzJHLoT-)HbQ1X#D4CAN!8jlPoZcEwmWc)$eg+X>8xJ|vmb z5PO??a0rbk>6jm{P#G`xIP5g**+@unuyi`XC;8;e!0z8>x_(~yxhg`npg;Pfi@hB5 zlQ`+bTP>2CElvh)-Bx?fD5JCt7>tZ7bp@d&8KLVam||XF>sc+nlgQMyF;3QPq>v;h zGD9TMLMPpVMx3kQ8AsZ0RvcWBUimF)l&(?w`{AfJ;*#^;%eNS%CSqnGR7QE|ENCZ5M(mfwp; z%&^tn(wzxN<)~kf*z=k2+X>nUPhPra{D)maT;Q`jFtPFpM_52|s-`zZyE7%2^m}Ov z2#?ICAeb9^fyl$C7`DbqbgSy?W>Zwe>VhdRgsmzoTbH!XL)D`_{GA{;yg$yp#qg7b zu@zZRzavmuxCa^xxv_Fc`SP*OVZFp-j8ma^vl{yma$mY?3kYdu!AY;^o(~YBxn;=v zs9hmrLE+Fc;f>V|a#_V$&>DeOr_k*2<8vU%9MD07Gkqm zL|G^qn_VFwF$1k1!8hxI&PYBUU=a`JEV7+Fjr9!Y^3O%reW^Hb?Z-1Y2|mb5*1f8> rsQkIT2w9njB?@xvJn?@D6#kjn{cd=3-vq;Gm + High level architecture for CSM for Replication +--- + +## Replication design and architecture +![arch](../arch.png) + +Container Storage Modules (CSM) for Replication project consists of the following components: + +* DellCSIReplicationGroup - A Kubernetes [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) +* CSM Replication controller which replicates the resources across(or within) Kubernetes clusters. +* CSM Replication sidecar container which is part of the CSI driver controller pod +* repctl - Multi cluster Kubernetes client for managing replication related objects + +### DellCSIReplicationGroup +`DellCSIReplicationGroup` (RG) is a cluster scoped Custom Resource that represents a protection group on the backend storage array. +It is used to group volumes with the same replication related properties together. +`DellCSIReplicationGroup`'s spec contains an _action_ field which can be used to perform replication related operations on the backing protection groups on the storage arrays. +This includes operations like _Failover_, _Reprotect_, _Suspend_, _Synchronize_ e.t.c. +Any replication related operation is always carried out on all the volumes present in the group. + +#### Specification + +```yaml +kind: DellCSIReplicationGroup +apiVersion: replication.storage.dell.com/v1alpha1 +metadata: + name: rg-e6be24c0-145d-4b62-8674-639282ebdd13 +spec: + driverName: driver.dellemc.com # Name of the CSI driver (same as provisioner name in StorageClass) + action: "" # Name of the replication action to be performed on the protection group + protectionGroupAttributes: + localAttributeKey: value + protectionGroupId: protection-group-id # Identifier of the backing protection group on the Storage Array + remoteClusterId: tgtClusterID # A unique identifier for the remote Kubernetes Cluster + remoteProtectionGroupAttributes: + remoteAttributeKey: value + remoteProtectionGroupId: csi-rep-sg-test-5-ASYNC # Identifier for the protection group on the remote Storage Array +``` + +#### Status +The status sub resource of `DellCSIReplicationGroup` contains information about the state of replication & any actions which +have been performed on the object. + +| Field | Description | +| -------------| ---------- | +| state | State of the Custom Resource | +| replicationLinkState | State of the replication on the storage arrays | +| lastAction | Result of the last performed action | +| conditions | List of recent conditions the CR instance has gone through | + +```yaml +status: + conditions: + - condition: Action REPROTECT_REMOTE succeeded + time: "2021-08-11T12:22:05Z" + - condition: Replication Link State:IsSource changed from (true) to (false) + time: "2021-08-11T12:18:50Z" + - condition: Action FAILOVER_REMOTE succeeded + time: "2021-08-11T12:18:50Z" + lastAction: + condition: Action REPROTECT_REMOTE succeeded + time: "2021-08-11T12:22:05Z" + replicationLinkState: + isSource: false + lastSuccessfulUpdate: "2021-08-11T17:18:12Z" + state: Synchronized + state: Ready +``` + +Here is a diagram representing how the _state_ of the CustomResource changes based on actions +![state](../state.png) + + +### CSM Replication sidecar +![sidecar](../sidecar.png) + +CSM Replication sidecar is deployed as sidecar container in the CSI driver controller pod. This container is similar to Kubernetes CSI Sidecar +[containers](https://kubernetes-csi.github.io/docs/sidecar-containers.html) and runs a Controller Manager +which manages the following controllers - +* PersistentVolume(PV) Controller +* PersistentVolumeClaim(PVC) Controller +* DellCSIReplicationGroup(RG) Controller + +The PV & PVC controllers watch for PV/PVC creation events and use `dell-csi-extensions` APIs to communicate with the +CSI Driver controller plugin to discover/create replication enabled volumes and protection groups on the backend storage array. +The PersistentVolume controller then uses these details to create DellCSIReplicationGroup objects in the cluster. +These controllers are also responsible for associating the PV & PVC objects with DellCSIReplicationGroup objects. This association is +established by applying annotations & labels on the PV & PVC objects. + +The RG controller manages DellCSIReplicationGroup instances and processes any change requests. +It is primarily responsible for the following: + +* Perform _actions_ on the protection groups +* Monitor status of replication +* Updates to the status sub resource + +### CSM Replication Controller +![common](../common.png) + +CSM Replication Controller is a Kubernetes application deployed independently of CSI drivers and is responsible for +the communication between Kubernetes clusters. + +The details about the clusters it needs to connect to are provided in the form of a ConfigMap with references to secrets +containing the details(KubeConfig/ServiceAccount tokens) required to connect to the respective clusters. + +It consists of Controller Manager which manages the following controllers: +* PersistentVolume(PV) Controller +* PersistentVolumeClaim(PVC) Controller +* DellCSIReplicationGroup(RG) Controller + +The PV controller is responsible for creating PV objects (representing the replicated volumes on the backend storage array) in the remote +Kubernetes cluster. +This controller also enables deletion of the remote PV object in case it is desired by propagating the deletion request across clusters. + +Similarly, the RG controller is responsible for creating RG objects in the remote Kubernetes cluster. These RG objects represent the +remote protection groups on the backend storage array. This controller can also propagate the deletion request of RG objects across clusters. + +Both the PV & RG objects in the remote cluster have extra metadata associated with them in form of annotations & labels. This metadata includes +information about the respective objects in the source cluster. + +The PVC objects are never replicated across the clusters. Instead, the remote PV objects have annotations related to the +source PVC objects. This information can be easily used to create the PVCs whenever required using `repctl` or even `kubectl` + +### Supported Cluster Topologies +Click [here](../cluster-topologies) for details for the various types of supported cluster topologies + + diff --git a/content/v2/replication/cluster-topologies.md b/content/v2/replication/cluster-topologies.md new file mode 100644 index 0000000000..adba46d212 --- /dev/null +++ b/content/v2/replication/cluster-topologies.md @@ -0,0 +1,132 @@ +--- +title: "Cluster Topologies" +linkTitle: "Cluster Topologies" +weight: 3 +Description: > + Supported Cluster Topologies with CSM Replication +--- + +## Replication Cluster Topologies + +Container Storage Modules (CSM) for Replication project supports the replication of volumes within a single Kubernetes cluster or between two different +Kubernetes clusters. The replication controller can support multiple clusters at once, but a single volume can be replicated to a maximum of two clusters. + +Each cluster should be assigned the unique identifier `clusterId`. The rules for naming are as follows: +* must be 63 characters or fewer (cannot be empty) +* must begin and end with an alphanumeric character ([a-z, 0-9, A-Z]) +* could contain dashes (-), underscores (_), dots (.), and alphanumerics between +* must be unique across clusters +`` +### Single Cluster Replication + +#### Cluster Configuration + +When configuring replication within a single cluster, you need to create a ConfigMap with at least the `clusterId` +field configured to point to the current cluster: +```yaml +apiVersion: v1 +data: + config.yaml: | + clusterId: cluster-A + targets: [] +kind: ConfigMap +metadata: + name: dell-replication-controller-config + namespace: dell-replication-controller +``` +Note that the `targets` parameter is left empty since we don't require any target clusters to work within a single cluster. +This also means that you don't need to create any Secrets that contain connection information to such clusters, since in this use case, we +are limited to a single cluster. + +You can find more info about configs and secrets for cluster communication in [configmaps-secrets](../deployment/configmap-secrets/) + +#### Storage Class Configuration + +To create volumes that would be replicated within a single cluster, you need to create a special StorageClass. +This StorageClass should contain the usual replication parameter `replication.storage.dell.com/remoteClusterID`, and it should +be set to `self` to indicate that we want to replicate the volume inside the current cluster. + +Also, you would need to create another storage class in the same cluster that would serve as a `target` storage class. This means that all replicated volumes would be derived from it. Its `replication.storage.dell.com/remoteClusterID` parameter should be also set to `self`. + +You can find out more about replication StorageClasses and replication specific parameters in [storageclasses](../deployment/storageclasses) + +#### Replicated Resources + +When creating PersistentVolumeClaims using StorageClass for a single cluster replication, replicated resources (PersistentVolumes, +ReplicationGroups) would be created in the same cluster with the `replicated-` prefix added to them. + +Example: +```shell +$ kubectl get pv +NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS STORAGECLASS AGE +csivol-06d51bfcc5 3Gi RWO Retain Bound powerstore-replication 23s +replicated-csivol-06d51bfcc5 3Gi RWO Retain Available powerstore-replication-tgt 23s +$ kubectl get rg +NAME AGE STATE LINK STATE LAST LINKSTATE UPDATE +replicated-rg-240721b0-12fb-4151-8dd8-94794ae2493e 34s Ready SYNCHRONIZED 2021-08-03T11:23:18Z +rg-240721b0-12fb-4151-8dd8-94794ae2493e 34s Ready SYNCHRONIZED 2021-08-03T11:22:18Z +``` + +### Multiple Cluster Replication + +#### Cluster Configuration + +Similar to a single cluster scenario, you need to create ConfigMap, but this time you need to provide at least one target +cluster. You can provide as many as you like but be mindful that a single volume can be replicated to only one of them. + +For example: +```yaml +apiVersion: v1 +data: + config.yaml: | + clusterId: cluster-A + targets: + - clusterId: cluster-B + address: 192.168.111.21 + secretRef: secretClusterB +kind: ConfigMap +metadata: + name: dell-replication-controller-config + namespace: dell-replication-controller +``` +Note that target cluster information contains a field called `secretRef`. This field points to a secret available in the current cluster that contains connection information of `cluster-B` in the form of a kubeconfig file. + +You can find more information about how to create such secrets in [configmaps-secrets](../deployment/configmap-secrets/#communication-between-clusters) + +#### Storage Class Configuration + +To create replicated volumes in the multi-cluster configuration you still need to have a special storage class. +Replication parameter `replication.storage.dell.com/remoteClusterID` should be set to the cluster-id of whatever cluster you +want to replicate your volumes. + +For multi-cluster replication, we can choose one of the target cluster ids we specified in +ConfigMap. In our example replication parameter, the target cluster id should be equal to `cluster-B`. + +You can find more information about other replication parameters available in storage classes [here](../deployment/storageclasses/#common-parameters) + +#### Replicated Resources + +When creating PersistentVolumeClaims using StorageClass for a multi-cluster replication, replicated resources would be +created in both `source` and `target` clusters under the same names. + +Example: + +```shell +[CLUSTER-A] +$ kubectl get pv +NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS STORAGECLASS AGE +csivol-06d51bfcc5 3Gi RWO Retain Bound powerstore-replication 23s +$ kubectl get rg +NAME AGE STATE LINK STATE LAST LINKSTATE UPDATE +rg-240721b0-12fb-4151-8dd8-94794ae2493e 34s Ready SYNCHRONIZED 2021-08-03T11:22:18Z +``` + +```shell +[CLUSTER-B] +$ kubectl get pv +NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS STORAGECLASS AGE +csivol-06d51bfcc5 3Gi RWO Retain Available powerstore-replication 18s +$ kubectl get rg +NAME AGE STATE LINK STATE LAST LINKSTATE UPDATE +rg-240721b0-12fb-4151-8dd8-94794ae2493e 30s Ready SYNCHRONIZED 2021-08-03T11:22:18Z +``` diff --git a/content/v2/replication/common.png b/content/v2/replication/common.png new file mode 100644 index 0000000000000000000000000000000000000000..aa75f13573228fa984d2f2f2aa283dba6f0bb726 GIT binary patch literal 44238 zcmXtf1yozj^LCK}MN4sSaiWMk#fz#Ktb5a!&-bq&pY)txydY-ycOl8C(;vThQEDzHEve~Y zw4d?PgR=jokEk!W%5L7|$u3*YoJnaCLT*hCMsqd;M?#^Nb8#Fz@wReFl4yF>DdT1l zP_p~St+dHcC1=|%!sBwOSDt=|KcmkQ>2h``pg^pu{-5lQtAopb{*&L``EZcjKPe7T zfHubc6Lq{~9%qJsl26TPxhemjh=GRSi3$J23zh(7WBDf+5Eg*W{{~#$B?eSfpv$xF zs_8pcy#xL?q}-sUYcW)32K0UTh86C{-lG$Nb@I3mimZo+cz=576tSynln*!j-|NeE z-vBB~+6P9w5OYpGt@JbxGT^+Y&$sYSK;GGyzoz)o0|x~gZo-PDF2frh8}fS1|INi( z$qN&X7bFb>`9sw5NRmRuV)cSAR`j^?MU7B;q5M;0OmYOocrP zdA0vN99OI{BHCPuJA6sJy1ZU<%nq;)?|FW@fZNG;V$4CBKalK2CYDKSHvsw`S=G#~Lp9UOCK9021AJUEjwM}wek&Lpm zzdq(Mze$F=3RBa>1vB}}buWhu&Ip*JD)m}bo}M1VVLUB8v=7|cKwZyD3{IqtPh6!y zYd->#Q$kFj!Rz)67q=hjhM$zJ zYw)Xx9$5=M#p1oukiCy;H=#J5$1!DH0_^jCkz~#6S?RpQRa+2^LYA8=Fv(hTeq*Ju ze&kQk&4+wd=6O6aF*2VomaRPQ3=9B`=8=}BOWJR1CER`r`0bSk(5l`=_=ZgBxZ#dFn$lhUra78x4~Y9d7`)fRiQd6cPmaKH)8hL zw3}oZp`Jt$eN-w*YwdvQ6L`uSYBFQ%YNy+%PyNPdKh2I)L63y6pyu#nUIp({l8l@N z@NVtnQTN1gf}eQ!gzScCo(&7&jU}<6lBPBXZqKx7wThUypdY>pbxWwXJ5qx^x?exc zs{5sAC7i}zkLa6KsoC-BA)%sZX5c|iK89RLQd04@rv>3Oi-wN+E?V6j9L22Uy_vbV zQR;6 z8?~s}=RoG|B@G79+2K%o)*u85EY=D)8fUu|TXJ`4!-sZP2{eMJ3WqB_-0}SkvqECF zo_F>qLsS)=77gCz7`wZkG2RvlHmo#|!u!d#AIW#_^+x-F_JQ91_V3)h5>6vl2{Zba zQmpT18Yu-FN_w;wb{+GT_}EK_OsjGTi7CkTpZ*H(IW5{42ZXq3uZNACTrW5|+&kt7 z*k^8q*lfOB8+y44^V;zQwF|$TG1y!UR=V-X#i*jiX&jbnsT$_fUVXN4A ziV?8vT7dmToz<@hs2Kn7Dm-b>C12w&`$1UFj)x-%t-*nlj$LhBe9Z6Hsl|hVh zalm>pkNrMj@sph@dCaykX;xGvkm0PU!vy-%sIW8t@wKQ1?);{jF zs0|Kmy;Et!j)|7|?9-dwW`^RApAEhv7KbW%VVM2uHm^s}PR~yx2FhAO@56;Hk~Hax zv)^o~%UAL-lYBH(Ke-xt1#{D*WKUvP-K~Sdz|ODA=hUMG@N~NPjEvBMh`ek?F%l`c zVt{2WG=9}ySiLW6l(BguvY_qDd>ULwdcvZX*Ya^Aml9U{%HI-*a(icON1_e0>2Iiqsfn77oOFa9%v8I zIZ(?1Q2d>ApHVS2c&9$d$KV~$Hr*pprI3EO6L`thcIqTszD0Jna%o z73O!prI$dG2^uk6QPgEvN=@pm2%VYE3sbyzcHvK-6SqJK@8Sh}60YH;)j%GautBXn zP}zx!gVC zel=n|%~~tY>3^MJv^;g*(qsf$wQ*}*?`3O>^1O{o+ z&@9-axq^R(tZU2MvthvM*hqKWJLrY_b8xS4+q3A4J41eS;hky`uzBh9nIqx&%`gt6eZ>1Nj zMbUKNIGuSE<`B^;!a5h1sW41S{6#kO2*;bgH=z1_^5laTeuBRE0qj!AQySxE*=$SC zpe-yTlP1&}eqJ}IH&HUXvv_T+tEr@uBa+Gfk>f5ZJT$#_yfG#1>6b;VYtdi8$N0^FBWlB!0?xucnEg!)E-WN4ws&%kR9+ zeILC+4fXIa7-oPa!J*%BWRt)4LKWP_wNo-|?5<_pD>5?Sej zmbUQB5T0jKj*cA%`-zvKajEe5D9nG9*eU-U^QrvHtUOby3{5R-avE=jER(r^0B}c> zF%0g%@=MgOR~Wc$@wnDPE~X3Kt5Wab|2x7}+`lsAxp9REP&s6!(ih$BU@ovD+eA}G;K_Jg zhxX3^A!YS&#c%yi^tI7eA0$ z^gU(7x`sjHKmU68sw0F}3g5U2)^Jh6%f{EQZV1hib%$`-rRx`NwN;3K;Du8p2b^p8 zqG2j?F^Koa-;#L!?4SA*fr9wCxy~BbE2xk^_41%*dQ5kOSVVWM(Eibcm!grHURdq9 z%g_A$yf|N`jlX|QP9`jMVHPZ)7)nW955Z9n50j}>zH7Tn+n#g@#91AEOr*YOOCWYD z@{B!8_rgNFBWD#z-vNk_25!sCA3Q^dvV*j@t9)B$VcYmiTP!!?oLY5(?IWwr17g)q zEBeRc~w^*}kNMnTQf+&Wa5F{w$ew&t&NyCg6Dnk1Md{x=YF^B`w$QV|2vW zN6T$uK|RCUn9+X!0wR<3Satf!PAOASimqMAktEMzB!3RHdzU)@N6~;5TS6 z?JL#OZS=y?t}qCJI&YdB+~SZ*IPwS_{rbiFc-880LK{LzNEulS0Ka7wPUUL&nePXL zS;@V%&vYerXUFd0iD8$vn)!5q7o!@S|f9yd0AfFj1hqY^ni<#;Cm(;HD_zdTayJCS4noF=)<_7bJ>J4hPzhCTU|O8o_nUw!CvMXn4$TVoANLYgiQNo4IkHE23ve zZW{c!SxcE7QM~4GqFy^1y)Aqn2Hen@)vPKK#frFBQ2TYWFi;CQd6O>cN^>kyfLaRBt%4WSuwH*s5Vtb!PD$%=w9|{Recr?l-+m9As71;Y;P(;uyjrjt8Ed+ zHp+-dW(1pb;{IvfrS}?u?*{hXJC+->4{UDD48n{vel`naDF2yAxT8Z+zd2j7yucR~ z;m0$GPLe~%>CKNkFYQ*sbrofOI!jVSwJ^3G(+>)gHR=7O^+`#=<`cJ)&2*Wp)HhRr z3Rihw#IzdBRPw#Oepd9mav==g%=u60Z?jhK~QY#5`lJrY)cAKB;s>k)$XEJt4=(7^R08XPoEY1TBIH zdVLDPolr2yG~;6B?2FW^sj@*BB_!@Wmh0yyA}O=%KNZSfT`l#t%nOhdO=Gp3o}Rw< zA2*|CGXDJOi(Y%v&y}Qne3+jdd1eiwXYiW!ivginnuS|-#m}D>Es;FVJYy3P*NJmTr`BUVVY<4uQBFxzy?i&z};a7Izi-)j{jLy$TxZuTTb z^J3$7L)L#aG8;V`Q+RyQ(s4!da@Qud4&$|@UmRt=khw!LC#A_m4fX`Y&zwDc|BkAd z$sc7bO7faCbbdYw?=3&t=IWKr=z6La3v7Xh>MoDq8M@J5- zPQ`F1-|$)$QxmM0sg=XH4l^V@L(M3sSw^aaJ&Dku6mV!L_rd4YkHHD#)35k#9ZjD* zgc5<5sbu%5spNh%x93p6>i+J$he2A~V*Kz)sMecuGqB&ot)eXkd-n}H-`<3Q+T;OM z-cV`;Gke8Heu`nh91NOjJly!Ba2vCzViFp&k@Wkl9pynxSYHO}sjJSHNh5oeJUo(4 zyV@VJOMO5dmraqgL+!|;?}!leP164D93O)y`r_7{`UrGPDrdM}hO<+D@#mLFlf69O zg?B^OE~eLaN3jlyV|Rtnj9CH?K4OF|^iS+_Wmhp)a`4SL^Lnb{i77Z(L`=mC3( zl%GPX_IYJWLb@=erHo`lyzeO7QxIV4745B1?UFN7TCmSqhbS{gp%jZbNp#) zn**~&X9&KF8r6`uK1uLJ<1~&BvZ>cJ5x-lGv;cG3#N@hXm)kouGoR+^j1Dd7TOIaP z2MT8WCZ|*?>Tf%9oh8#i?=K?X$6@OUIF^F-CUmid`CUy-9C(wTyYGg6`oj!ZUeg}J zj-@7@wAgeRCpXMc-um@0s&k@~HZiP=nKG`fsVoonPY9cS>2sT*2<6nIL-BLaCXTt3 zb5Uv3v0(7YExG0u4y(^&PE)-9;+B1UjQDat==h~{m0l(3X`~o>?;}d3ITrbXO82+{ z#z!s`2;6YVd`iX%!chJt1tO-PB;=@GY$m-j$X}ml;D&iSz7>trCFQ{XBhT-@N=wg3 z&-;^Chg}4XbPLbo{kl;nJiTBZ0p7#TELh+`pkQ^+F6&WWn@2?9L{p3OWib|3z`FEB zO|zngXExTX)2!iFWzrVGEn?wIlE?rThIK7XHAJDCWuIyJ7+dt!b4o!^l_S`Ddez*0 zC5WzrAcS*`3!Q6iwUuw%fhfvf54a|A`Rdxmfz?kaE~wWi2!g>8WaWeqxV&tW8)F6( zdc*IcvXe`B#oh;Jw(&ceiwiiu5fjPal%_j#!voXtYw(H8>$+Bw#+;PQx%Mf<-qWWc zyVaHfe7wZ(WSwhHZvQH#W7?6o?BsB}Jf`J3hc|uE&yb$n-_!NgZ|zSXchKZ~6e)Re zho~w7@qA)VHK)@2F3Zob5)3qjIWGxOMvOR|K$#q@QyE3V!ASllUu|yrt|g4e#2yjRh;GBxmau4zT1R}Hha#m=y*;l9B)!uTR#a4 zGIRDaG-3NM6Gj*iqpb!PA6A~Jd~_|l&njta!!4O9?G4u|QTve`7|Cj)#QR$9XPUZ1 zN^bKDdk3B$1GEs~2kPEwoGT>UDpxtneFqSZt(n^GpyJm@g9&vFZo5A0{iWt)2{Gk@ zjH<-zRweQ01d8LsG^;I6MN&O*yjgYJb1zrcY&i3mRdl*sd8g#n_$b;owHyUN<)S%iHw2V9Xz3q0Nrel1!pOxVDQ)1Rnd?l||$ z1!Sogy2o#k_mrs~c~SIz^2U0{&l~xMQD$2PdZRxbi%>4IV4Pe0u+t?F4jYUdTx5wF zwUZEGMTv0Rp>CDW)qzfUI(fN?K->IF?ZY!3Z-Pq)yN%Hc_}cP(?7O?oKew+APU&_= zidINlF(mJLQ->A3;HG0?R==}lYfsHV#dQ4n-@Rl-H2G}RcsUrF9GyuRM1KjynT+$BJh zHJ~Wft3l)EwBlZ>z_jTusWdGSYY|1%doYN6DR2<7uV%H7xc9nuL>GAx7T*9IzkAl{ za4y*}Js7n*0%IgB1x{}J3f#A^9!w!XvWl6e|IEZY6Ddwl{BeV>$La_*d{`@mev!*^ z{_YZJ##IZt2<7@E3o?2s1(0`Stitf7J+1uBh9yC*+$&)h4>{YV*DW3D*hpi8OeJB8 zdS_#v-CM6DvsQ#O(s7>KM?|KA-SLX0pVaj3i7S$*$@7A+AC}DlD;~dCnsRB@x(tJ^ zP4zh2%OW`wP9sa#5cW)Tg=}MAMCKnYx?M!bnl7!|dz&M!d3_bQbiPcoPdK3x5+3NdKt*n2#6ur91+nG^JFWtXbvXb*fHCLXuZdO}S%v zQ5iL@8f74ulY$ILdh@zIb0`IOVlkWkDb_;H%!iD1&s>8L4T&1u*SRFC4Z zrzz0mm6D@GA$t;ljtQ%o%33~d%$x@vh zO8$k7%R84r9&WZs5gt2bU&<(if&1s9PED4ICBGL7SiT3bdleQvI$)>rKW!DcvR1Hrl#U4^LO{)%>aS} zRa+#A_HXhhi{+xAKI}hc3Vh|2=#K|J_#$~W`4>D^ms*Y2UYqR-|g?SQq|x<`B2|Es8_Vtk3s z&pU5>$W_l6ij^5gbiMn5+^<3S)eJ{Wzg9%v$z{3bneczKt zRm)JhLHy{iV)c8qlWJqXU+-1KpN=c5-PQg_S&IvubECDXAjpU`-g4YUeB*0K4)XGm zO6LgM=z3o-{xhq?XcO^38gJx4$Dqn-8S;W(RCG{H0~g13Y8NGN4gYE!R(qwgZQOEI zzt5iL`f6^OVHJe=E$-L*FyJ;K%Fb`u)8_srgb>>xxu0f4UZ+%pSNST5$#RCa0!Ho0 z;CerF<*cT4Z+*o@vUz+3out!O7;@cOcL&u*`% zvYvwPAoD&@q4IppGBfz@ufqI60)@*Me=Kq9yd$M?0qaJ=V48-r?>XIbeRHC+wY3sB zH|Jq4Py7sa0sX;0&lbkF#V;j%v%WbHZ@p!#LlX*eO|dZSKvW5MgKSXF-D>f+HrGC> z-Y{Hf)n)`Ssh@;!%)z>v$cguc-~Ux)aKdT9C}hY_KysGS{d@R|Qe{T$u&ylCR}}wh zR4mZI%5!D2j^zEN3k&kx)A!P)@THhkYX^053X&a6M`sJ?&qR+fe(DCqRp-SdVx=Tw ze1La+U=Y^o>wDu(0RqKzYz*L2IyrXgsi-{Kh9^lAgahtb9S=5nbZyH5Uq*~Ec_h&B zwCd|yInyyLUt_K6^PQE_-l!>lFk=7<60RGsW49|sWk)O+W&Rjkmds4j8O}Yly@!(V zi4h&D)kkMC%BncfeOH@AdSSSu+|XzTnSQ8>M%6t2a<{oPI(ZHBe9HV0lc>xv(Zo8h z>;k4*lE4MkWjw^s{ytuiEx6Op9r$j*I5an_FuBE%ZpvMR)20V=2$S#==%;9?2<>Wi z;})bcU@fc3b@&j|t~n95^gtcoiRK5OW3D59$lzSF-jfH_F_S;cynM%M@VJjrwzjtJ zIJ!WQX=HS4mKCd}HZU~Qwd8weTGvaCjz{&aA%^Sz9tBplU|SQE5s2dCo&n04>>t4sQKWxeiagOZ(F|6m5qSj=F_b|~&j+&f!&{m!4aR@K#&FB;ZpT2e+u z>3;ZqGN*gC#(`#^lBx=PAZ$C|@{)`Uiqn`T-O!-FVB1TKmN*{w&DrL}-=+()Pzr#V z%Q3etr+xpS`Dc=Dgv#7<48G&j$bLSvMqwP*C=zkw;w{niUiqk=kJ_$A#Y>(tY)Ml2 zD!jojLXUv3EdIp!bl(+?>Qf7M*^AM~jfq>9`TowcI*WlGo6y)5Mb3uStKqaNe&0sf&;1YtR`OI9dh*!l;e-T>BhC z!-Nq0Uv8evMyqre#rp{wI5E3uv}IOQEm&w7E(8Q36D0wKY&#Y??cy%DzL(Kv=QJbO z8M50WI2n;?|E4kJpdFAX6-m zh#i_V*IAprKy~?VlFNp>wQP8fFCT3wm6<xHlzYM~eV=m^&~JOwmTO)mW};guQ7Ew+q2QhOl zD3o4=z5m{xy&=@Bd0qWMa~jRLOP7rI3{JZ~lAeu)$>?AMvl|(>8#4%j8;>RYOV*p3 z;ktPz$?fHCdq_>%aCg>_yU*#I%)}VganmGM$ai0q#GOPQyo8?)1X#(lV6s{}j(3>r z$+@V>n<#T6z0_LCe+Ys(n&WaB#0Qm3Z>^NG z4Z|o6MLuySj_xCVlGXW z-IJEFP)-l6=ruG@fZ&K#yXw*I(}mxN5Lq~hcoAX|bI5=|ppWv-M4CuPl<178FPh_1 zOl5bIc2?D)L?-C3aLAzP=@~ackOkX=*VOpqKfH=_ol1^F>Z)Lw(3=Yi=c@5`!W@>V ziTV_*zM*XBq&f0MMJWKys}j!JOe-pp$r(P`md@}IQG~_CZSD1VceajoJn<8`g`bb+ z2oCSQb3Qx1$rbf!5XD2$*)pru5-*KOK9=}q`xHJJ!YRE#r598Iif}yIv<3Ck?omt^ zuJb+dqu?HGCug8X&6W|CqRo5>F7DZNtUPkzGS!j@zb>q2@r>Cb7qjE<0 zPx{RXuUvEmHNv(;&--uhiNlhSIEz1!MvU%QDxJUn<;gB35jTAw79aF7NN~-K@Qj2* z%343wWvDef7guGLemymD5H|e_V^UNee~|>9?)Sc$CXO4GUfXo~(o9t19nCW@o(Amt zfPZ^>+%w z=}s1FHtR1ptaOI_)oI*|*gZ`*7cMtLr_eD-Hivn$Ajg;F+i{abY89q30s7^zLkFTK`oP1}M#}IbIDk6biQUW8p9wF*4Rc_m-6v z6rz#_N#amKO}RwVa1kA^1v7Djoh=x}gjc&mSKyk745{S`W9oc;5frBmY~i=blDpLa{dt zZ$rsq8&9gW=npgZ!YCM<%&wOzwP{+@QVC=1xa(%qU%=3T-BTkth0#rKMTBs%x_7xd zB7i6Cn1yHC64ggclh*hv>tT7aF)ITn1cDi$V0`vC32IWD3g<0y`9zzK9t`D6x}j{P zC6F3J99-Gq|9rjWW;j^-r*@}X1BK`}PTqn8x67Wj#58XA6Jf!9cUcelmzUHh!Og~^ zU3z}8M=3hI#O%x8cbt>DH#C{0=3;DXy5F&bs$QKXmG=LN!o`SW>uJkt)2*H-cP1|D zy+mPhJO^Q`M33s$c7;2%&rjgDjSJ0g_$19(QI{Za3jr9)>|Yj@ z$K6$VQ~)%NZ>g_Fg#s4}s5>Q+GG%09@1=Olz-TCb_q|pZMHLkvIU-8Aj7nv#$zG>d zG{4|%R(JO%&(NqSshHU?_52d<#|*gnK|8-xDK4lU&c?0)X%suYe@DE^H1K~RPPwmm zX|6*hVg#M5^_;a}6olM9>yycUK68@NXu@ZEMcsWRfgAA9MnKAM{f2)|-1_!znE#{R9gZDj}@;2POBPkOO#3E&Rodb_LoPwY;)bN zN4rhZg*>i!NqTQO>jfZ-uYYJnG}}RA9m>B4(Y@aRQQg!37pC$!0|AW6#$Ry^u1t?B zs|0<76AE!C!~-aJfI}!Dk!zcBdjfM*w!CNYNOISgcapm1by(u;UIn!^IbW_XLnQCt zeyzVS8BP%QIoD*@Ge?Q}K^RFc5J>f6zcXQ(*!%`fkUo}DB7P81EBI;>3O z&+HYcM{qtJPhRkm_eH^htq@LNNMxV>-X9FJaiPSrZ4qYfK(oNs#?>s>$dhoEGD$!2g!L z5xG4wy+_gWy-c+$mX1Am+>u45a@%Wt`r*EL_Ax~VJ1hL@b^%Ejfqko}iYb1xPl0{o zO4+BJ-iz&l-lg#?CE%%#?j+gR3um2iB)~xvSNXcfv}c75Y-Y4?;9>|J&oW?g@wSyjz13sp11Iu zl9Q^xT(a_d|0!5^~GY0+|%Bx|<1!hI?k2wYs{ zo>;6Z+*mn9jPBPwZO=E$ANPzgU!ro_ZL}g^(!A^Yr)}8%q=I%aKVxVe$Yf;EQn7OXro=AtT8OAIhpmHv2 z<3+gUd)z^a<$~?QtB0-Muj;beLyuz8NYGZN^H;C^+-XJ4XG!UcOB&7o*_JS2S)g`@+PU`}j7nA&^!{*Y-)b))8RrvxgsJ<+k%!_+TR1?|#(!hST6GD}{-C~U`5f@BB z9K71c5c}NwE4uW@4~Y|hW5O#H&?gUVl*-wTWkwRWtrT!q?$=&7xbj+D`GkK9)Gg)c zS&x3HOQRqCdm=h&V%U1uQLv5j=}$&*39;<@e4^a-pHz#MMlqbb?xFk(fO}*jkMnbb zH=P=CjE^@m6Ep`;P%FaQ?e{vS0eE{a9MT*G#OqYU=}$Q!f?j*=4T829YdS}O_} zgx-~@n^f_>nz0|~ETaINtS(XRo1^1adtIRZBm2p%%!WCt%y6XqO!Lj}Iv^syvtM2D zce{{8*O&kG3iDw3SIc*+l+Vo)YooTGWBQdhkB(`8$u)bhMcFHez1K_LPv;TFENpd| zX`zXz4)oV)_j-)gzxZf~wMwk@u1rOxQ}_Qz2P>3-fy`hfRR(d_vYx;NHpe=xSM2}-(duI9rc6-olT>oHKP7bJ{mC5I zIn&a0DyO8OX6-bl3U^$;RRp#2V-XK?b(onFmK(hO)=YxFvYOv^-S4C#YDyN^zF*qo zi%SIav=QQ5=%V!=X4SPV5A4-m!Av8+_w&Xv5>^chD`Z=tRAc$$pwjbimMM|&o{Lz! zLRA-3c{tpB?(1@(V@!F^uCpcSU;R)W_rEJ@Y1oT3ocIEqVI4RTU5+S#3ktCJ`Vi4z zWu~Jc zH<XieJq`7=D?J>QUX<)=()?OIgwq{{BRl(@*$EG#(YfNs=9< z(K2O#zlcTla*mhi5h!Mcl!mIfyHcYr<;V~xC}>${{g3SYZcLEe%x-I8kD9bRT}D6+}zu;{J(t*Zpgi zTrUW~eQM`L_irn7eXboB6mSGDE{)$DM-KEIIv0Cb$8v#CCT@80C%uLWqb4jjSP2WV zQK@5Dy#)UGy247DD5>!e+b_YJa_|9y?R?gA(rHloE9H>&Vvj|!19ocCtq-O$p-^_Aqg8wVm-Mkb#)sy+IlbP_H z#ag5ZcmN5W;+rDr{oS%tYz5giT4rsO#R?XS_1SY~kU9Oh{VN~`$}Z3K)!&EZ+Z(pm z>2O+a?Ic@?=aVAagI;@O4adDC#w$4?)N8>@+KJk~X~oO1-I(T(_$ZEvT1oyhLslL- ziOsa{9Ob6Tq>a;K4K#TDYFRztVC9V;Im4IFItQ{4Mi-&GDRZpjD?oKHC5fd`NgtE6Eb7rSgb1ueY?#Nz?k<>hDQue^zcKAa@m<@m` zi|kBs<-TIe04`hO>k7Kxjh1xl zZQC(}xX&#z#JrQ7pEXBIPyh4Xg?dmA5g&PjctYD`%~vwrM7^rX2hqo?PMwryYmr4d zHjjC{z<%>CxK>K*B5t6pVt?l3t83FSU2uJ@Aeq+S*=!@Kc}Il?w|5W<R#A1EV zY4+@2SN!Cam!r|xIhZ){z)ILRHu-mLt*dZmMxJ?1a5hY#d*wAf;*ORNOA7yRx2&RN5twq63chn6pxLmz~d|*z87pMI~w8*Kcpzn zmHP{gak`KyG<}9A!0c6Ebj%!EO3W?GM`1r|8D*nL!@@VmXI$}~zA+)mr>>i!|Ip># zGrDZ2p#tdeXz5hg0}(e;=}`lHj!zc0)`78DupAnkPBpi;kYK9U9yKT^tjR-#4+EDK zs7^A<}knIMr?<*m^#R5^TJWuL7Lm*HP_A1ny}G35i%8&z;) zNyC{7&yFz@XUFd#ZFXy;!MsB}i3jS1^gumLI6QqLrxrR~e>VoIjHjp4RL^T^ISZ%Y^iey6zF}a5$I_Mf zZ7Oh8QgAdfAqnqh%Op#O+^stF<{_rNyQQxAeHsjG~Ko7Hmc9%!E0Lyzsy44yEA4*V>6UyI{Zrah?Otxl>_N;zunxC zYqyopf;SdtF3!FGupRX6y>mP4O?t#oe{nYNj@F)CQ2p`_^{cB6O%LE^RcIEOmk${- z!OknE#CvP^$Krt9T)5G@yuwh$R8F@^qdH}LLEv_Q;ee{H2v2+$LV}sENogLX* z(kp2A{Wv35bj)@(yLD^*xNvVROpyVnmbTDK5lD}Vc0E>fa3bII@Z$S_p=k2k$i!T$ z@Sy{hzSZ(#YV|;SHqBA-7{T;cgFQmvZ9n$Y!a%g}iI==|A3l#5k~K-uI1?-7aT&G1 z#yje^`hp6SGv+3}4V z@mCF93gV*wJ-e@^ncu29#%xo(p=dB}K))L;sJ@jpnHfZF^ScW>^Pyl3NgDYd9%17r z#zQCUKD!vq!46EXeOd*?bsaGsM%+7xC$CltxMlOfWq2FjU*_#wgb-v$T+aQ4Hlo}^ zoL`MUxyJ$Tc{lv{MI&f99{F1112pK|Z}GO>Z#Twg}zyd&X42Ew%6n>k$!amKb7bIWjs zwH{rivL^ija}he2g*(`x2R_^y`0e?3G}kqJLhr%iLi=0{E@?46@BD`_7OT6U2;{9s z0o>rNTbcmc)AK;M%j_egt2>RxoBtyrBVz(*0Cp$0Gr68Nf_Jm^PrTZCNB!v=29V|J zZuPV25JmrKb+*#kS_*BEn69NAb~mb%z@U$B*xkS#X2zWCms{OyAKtO!5*v0Euef+r zf6CzO(FiUdn=s7%WI$RS+SGe4q?8s9o%CwLQ7R>wJUC|&Q7O;RM!+j^=ui!*3GzV;cqWQ^LEc$7c`M0;6!tb!$hF{8Lxh`5b(im%mNb>o$+P;`dhW zTKz#1G3sklB}PQtT$2Lb;-=&JJPwbk+|I!M!^TSEcaq-}vGL4ZNdGYKd_FiA0A?SjY<_{#Z=z2GdjA6SZRfgT45<7@6@x40$tf=BF(<+X{&e z=FzrPI_}{2G=YfGm=MUvg5t|NrY89j1Dc_RMJJNd`sU8dujrI`p52Eldb;~V-+MFn zgNs@$0TL_J!RBo)A_n|EX4|{&URJ_}tDF_>xkqCev?w!1QOaN?l9t%dRAj=w;XYm0 z7Yqecf9|Wv)#nT7Rulgz<=N>-{&PCss5~{;Cc%e@$VsMpR4Y0sN71)L%7u9*TYm?0 z_dmk?C-93s_decywqEjT5ZTXY5#;w)*@kQ;s8#Hke&OACaOe= zph83S^B}xqRJ4-?pAFLQre*%F>Fx2HO@|ju4fZHOwP%vCDE5h3DgGBhERGSdt~j@m zQm+a@&g8o68$Q_1J7VK0b01Fg4#{rK+2LhwsMY_GRIzn&;qw?zOB!j8HeU`?r95lS zex^2&<-|~4C8$O%N4W{f)<7>0S#!<;Vw=@9Rl9KKBKn8(=ltAc^M9mPUs`&r%`t!R z)1c}VCDta|f;OPR{j|r;%6OJqFyg|EQ%S9{r=w0+xXJWt{H@Ic4S2UDi}vuytY^lT`4HBDsh(VGtVVis9p%zNi2!hIp? zZzIhrq;{KlKcFJit6TF8&DW+2NO+}nuKYs-Vb3Ys%3+SzvMJE4SBO>D9O1#;l5GQ* zx@}5W8x#wrFcg%|HA9j?kSsP*M&}~<9p^gSDC)m`6PpD08Mb$ihcCtgHw~_`I#caJ zq6D11b?i6Gm%^05nX2!~Dsmmhr{3rk*w8^fHl)Y)D5wit>l+#?Kl5)A@vKTL;;X07 z<jo$5oeEL1Qb6VTk0skveABMqkj|? zC8ay0kq+q)0g;xF4ymC*q+6t0L}KU=2Bcwz?v5dc?vU;nVyJs~-uK?my}$c6hqL#r zz4uyculSyrceWdq$n;>p)Gg7xg+3ey=#>bd5=P)?)414eso%mw2}N^&9sviemlkZnw82_;h}Gal(+ z)ulZy!zH6x^`xPYoe{A8#J@2aJ(=V>M<3zFoX9V{LIgub$J4I-&r{tS%(^ywlWY2k zHAsqkI%kS_4r9tyR?eQ5YjOS)5qmHQCE&Y|LK zmv_Tmgr_JLK5ZB1mQQW1oPo@ey_&x9&oR8&;b+%FLHY50P%R#MU}iaQoa30Pr#9%# zJzvBb)1DV)a+20>=~V6O>#JT9Z0Fzv@$4h$swcQw`2KY;p5cL1@Q%Sp2DMj4tpNx% zVA%qdMPtlh(FDYf(*aLysgeU6JHEd;2YeM#tr^O{oBcIZLIZSP{rAMkvE)Gg`fi!# z=#Q?W1x^zt(Juo*R+&AI$CmNHOY9=r`HSw`R-^kCXVafVa5?iQSb39_^K51Dgn+Zc zmOp`nag|qUyz21UTX;I=it?HL`~{J062U*4I0n6XZgx^?{!CG0X4XRQ9wRbBHsxD? zwyS382a3v%?p|+GnNHN|x~mmKito~cAC4RMb1)+rvog&4J<-Y5Wtb}Od1l04#8Nf7 zxCw0ciQqXljsv_kw!*^QZo!}UJk%9W*zi%ywa#c=rya&a%=%oE4*8=uLWYF_T-V_N4KVCFK)`6Iqc+i1|-ptW$V5UC-+t|fs7&y4^ zD%)Cexy>_pXKgo1_6I)t>hW6M-eU4G7l_#}R=>SQB+h|J*?`QC*0Ew%PrcSrSTfyO z{3~6douqci{5Bl8)Z_3iCA(Wb1=2KO^72xKQ;hCp znM!|FXrUC|=s2cjz2wF;6pQe5;{C$w8PUobjg=OaA)&nk7L>RtUs1gNcaIQ!oUvA_ z7$aL6kknC_+CA+PN|!>o(J3bv3edb7P#mai{JxIv0xC78iBqw#LA6aeJQLb$4 zrt7y;CA0rGwRtZS0VnjOYI%}k1Gyd?SRv}b63_W2+bb+Yojjx@o*)bF`y!t7B*{5^ z@XL8rPj*$s^dWV)J5DDsbt37;-S+dY^EK+Ur^5wwpe>6=BTY%&CcwIA$Q)8IcQExf z%A3!dZxLo|kOMujf1}lIwnkfvbz3J(TG`6@7u_ZolYYAdnFspIjZT0hYEASEXt8ug zeu5*t$a8Yx26n1(b#}g%pC1fJ)H~98M}wz=YP_zz<5h9N^YgaanX zj|4L@*+nE{_e&pn_&P@Qy}v^(o=$HQKd~%(lJO-(rfT8p?{tnY`#E^?F{`hfscIw;qBvQtLiTPs^X z35Q(;x8azgqs_XI>G36%2nJ0{zS3XPeb@vTxwIYQkK^UoQd-M`-^)! z$lt&7RU_bFk!x#*e5)jX3&@F8Albm=_Ni0g3)RKHOUaXC=ar49#!e;uRLdE^bg+88 z08I(R<+VmCXD){)GJF5|pHM)4|7I*^qqxsO&z8R7#?HIGSH-&y&r+g1|2;SJy~6WC zo_!8VazDSr{KlSac=pn?aGlyuEj8()fk#Shu`UDT>cdjdue=eSBoKZv~Oc8_fD;vZQAWpkz8_(i3&ix7o&aQkW-l zlq-dr@E%4QoLfXGN zbqYScR(an(xlK7~=iEI%;kH$?o;KbHJDb}Jt}C*;641x>FfH?b!nJE|g~K%`TAFqk z`(py=im+BD42ZYJjMI$|h%B1w>)kdGHXNm|xGUN-K+dCS z=*PB(KUE%Xntzo4y_H?yl^#m46mp1~!!R4)$m3-({EK%LB~NeVeS7;-lR1Uzlu~9(bPq5i}ubyz_ro*ktt`{j0AjHk-SFfv(zr z;=>V}0carMlG3uKfKSsy&u)f5$IbbtU3yHs&V-&pU|U4kBkcEVSr&0jb4G9TOE^MD z%0k_|b*cKoU~?LN3J_mwg#Np~fC-T7&;Rj4bzxE%N7 zr!&{e$LngGE#$=Mj}iQhIkn%StIxf&Ze+(xKs*WrYIvFhUXr=35egHKRRh-FpA3Uc zP-Hf9<7fVD9spkCJy9X5pJO0 z`bH-JJ+Gf7$%ETvd{$pyT{#aIn5JP2cB!@SQwmX`$yxgQNl}oYiY)}-BdPiG*N(>^ zYry3dtQ0#B^}P~sXfABTdc8Y;#cNdUD3)H8bf`aijYqdOsgj8ZwlnoIyf+m@{kC>> zbaXW2SJ41`a2H8oKBs-Cm-~_%C`v^}TT%I2xrBaz(;UVz>KFSNO?s?fF6INWNPnnP zXzsC{$*#p5D;$05%UT&WkJU!=L)bex0+&zU5mavk_YtRyT&DgRNDu#on5M%^IU$kn$^Y>SUUU?siYP^s9klN+~v8 zD;{5!?$U(X>F7y6sUTgi=f&J?5OKHz!@#;Ks zD3o(;A&Y&jx3{+xiR3a&i(fGH+#4D4=zo1OK=;nX7^)}8BZW%f4#y6B1{wA$iKeDr zXtd<7bsduld6ZIemAl@59uUzO-nhCGmx#Ad8m{KDWmhzz{{46A%}t&@0IZUQp?k}UHVq~X27(s7^MoelUQs-FA+yJ7q6X&ze)%voh$D- z2saRqq&6;25=j`_y8VcI;|TD2WgRC|{(cOz>=|+KdX+&P*EN_zyXNQefgBa9)KfU3 za7Ggs(=%Pk?SeC)IwvkFLZCs3X|idU&5gEI4c(cI#P(mGe8}8b@W0<0bx|{rPBp~>kd|^Mz!Tcyl?hrj-+C&hz`Q0woE(t*X!}M~b`2VHaujAj zR`>3mVov0I=an;Oy+S&t3;mW9x6;{HLf(@DA9)2i)~YO=d-Bv^X8*xXpi94vxgLWC zKGfagT!j~B5ZJ#H8KzveqGm*S{d@i8r2paY*!ppJVY|QOR`vbVv{JFC+7MRLyV2-9 zY&(5T72u*Qv4>mw(S-q+Pn2^7(a~?~i)3|=@~vwnbG*=IKud}AJI9a-uO}tsZOxJX zJU8LFv34-u;+oP3zaA9K?6~5IZP6_u3%UI846#>vDdF zF@~~&*Nxrqo5)~cpR3cS!k5Fpl&GWQZ_J7=T^hKZUt5M*JZcd%92LK0g4uf+egN0y z=;MWONGBR+za%AGaC@(@^Mvm-<6+yqaj};`#rCg(ZZ1dosliE_<7-n$&oG5TDF-L2 zq4!&y2d7cRGJf*nnSM0QuVSgj$4`6Hs@Fh6{a2s;IPH=PS?Z~IPpVbQFacCYW;lD7 zD#CrOPBm#|67v4t`3Er|@!F8RBoX}x4Yapn_T8@73bQ+m?u$2DEVbtxnCCTnQBNwO zavD~96CMbe-Oa?3XQx}#SKy(v7l=*M-y!kFY*ZAjL#TQF4 z)rW$-m|RM|?OqpOb-cA$>R)EcAfnUEN8n8}xcN=&6&D@i_mrVYErzj~{?2WVS^+wB zqDI*t&v>?KRLxp3jmtX3hhx^v0`1`3iIXz#9fr8%x1W!?pb+%DWMn?|X;|}ZO@tQd zUhw*5T=yA|9U~$PiY0WSrui3yr;6J}o^*dYWj(L=THy5^>vDWl@#*HZ2mZS8u4Yu` z%(*5`f?#|72OF`7n2w7C!`oa1@0P9x-bygkOH3##1J^Ad5vN@@=tK1F3t8J-D506EKa z{W9|_CS8)xqos68H5|+9XEYjNW!l6YJ9fc2Xca(5ELQ=>V)&b0mOs1P1SG)l_f9AW z2^i-!9x(pXW4d&|)CxI~5NJp<6tN?Yw05vhha5q;<_?kbAs zz4F~$jOq#feXOeIXJN|JvN=D|lH)`%o6(#a8Ifb(wha&j4ToWTT1Bm56AZT zwPFOnlNuo%y`63HB`|gn5IOPc0GtRsT&#Pzll3flG2m`sjZX#_7e&VwMu$Zw{hOx4i_qT&_~08vmi^z!ddCX&2g#TLbX9 zoL;}ijWBMrl37zz`!~+ywXm^`2?eb4CljIYPwcj%+Hz!plW_M;r8SEhO?0y#U}E{X zp_rili9fmL(l&=}DZHmlR>eP}UzJGVd8qmW>NK40NOfa9+qmO)L$$&xl^VyHsqv>I z3utRr%ugk4DA&I&ku`l%L!w`G&X-p*b}7DeoG%ZamhIRr^FG7j3oQX6f50jd9539D zrCf|4j}b7o1(hz)tmmO@Pm|xt$!!=~>#ZI_lyiM+rh;Cmdk4K1TY<6EPebwz>nbo=8LkV7` zSSfWR*Q3b_s)EknfvWaijKG)p+o-vC^FVRz*${Z#_)n9XE;w>fYFzb$K2AbWixFk( zR;sXk1C1UtLzKLvA*JTlMS4M|U&Gm{^@Utc)KHH|B<>;mNVfHpINbNZq{%%(#=~1DxQa~Z!kkK6JW;1%PznyDbS^z0Pw^zi!Le43SoeS>AGE_6`&7mi- z?v(D6#FfEXNPJ0tK#|+lq_!IecoxYO95_py&)X%4!EAjN+v?vfy9rO7mv7%AiqyDd zlZ;wVh>n@NS&=?u0;f9X^t^G4pEqV*$Yo%GFt;BQOBoCl1~4=a#peXH))$Z#e-6~x zfxa!_V|#HdSmc;>la5?YCCsz4K5-Y2_G#fxLv$43c}j= zN#7k$KQ_U1FaL4W(mXHJZ}(W;Pby7)81TZLVZ#}2UC8-mMX+;tU7=u18L;VcBKGRz zpVKtpr|U$!R{p#&5Keb;of}1f4kUpk^SsbebM`j=4EH6}_x;#;QL&ix_G3NB5@=rl z8D=p9Ob*?5tkO@!H%b0)!fn&@S5D<4@gpg9&YyYi1iK($fcMqEj@TJEH?mTq z2N0zxzu{@GqBJDapS|blt>zEI2ev6Ru<6?~^Ac8Qh+C^5)c^K2PR6K2t#^b=JGp`f zRO;AB7h5f6e^ps;H5Gq$Jvf3&oPF>4p%R5R>qlgj3%ZraKCJY6IZ){Zt;XH=+CQ(X zgl?N`g{L$E1!CYk5>P!KksH%%78SVG#MLvm0|y`z(*~S1(JvQSjSLNyfFDA zT&=#EiY`+C*Y~GP6LNswO1BtT$X(WShD7;UH&R{+g{dWy1l767uK;MTB^K&RceY#7 zVx$#2c`gMMk)TQ!7L!|&+?G(#>P5=zitpV~9oTBZ;5u%X6fMa%B}0FoSO1ln6dI%% z8d&oU{+2CH&W`IOPLDk5#jFZjoOX-PewLlp4<=x*IX=(v(+hXi@&aDDna}pzR9`-fqGzH1_{1bIW0EFo03X2mr1I?#}D< zffTtXs>x2c#suMYG2!KwcvmamOt&xJ{b!7a`Zg^Ge+QAogQjmC0gPi6zZw4{6oc%K zE^LHgTL=)P%xr#xV~d+-6005H^1p@l@89{gMxgbRBe0S22D>PLEo<{ritpmHB&mkl zLuq?dKzD?hiG?~n#Ch8d@-@#a3V`g!0}(002#4Tq401km;GVBIMWg>DpXJr7?3L7? z>W4r7t&%Hw&Nmf1w7qZDnf+~5v702PM8x}?-JuDo^>=;!&2JV~BsHKONY8V5@PN=! za64%&STKr$P6TrLx98nJxy$g=X1n#o89Sd>vvd)?eZ7VT2IT4h!Z!&k<%;Y)kca3$ z|7BJDa;;kpw0t9W)i>V_UC4MkKM%2wwpF5^&AGe1HalMJ!d6sJXi^1ajUihD#FE?l zT54x_rI=J}ihZkS3!IuN$OY_37lAsW5C9vz$olZ!9Q{#2XKD5s=K#5b)OlWt_pBYW z6=vw{?CcMvMqi{Mhi8RDscc9AAl<}5xS*g9PkV_tpuk}gh|>HT929hP`WL8sn(suG znM07k=(5iSZ}_iQk|Q2OV}kWy30_Lq1}B>2EAxl2E1Tz`5LEEpdc3m3$IPbAoF!jskI(+Ck0| zWk6+7Mup6Mq@_zs3=X1Vgo9lzJDks+@XJ{ji6vXAzK^rv^Z}3}mp9=7O;jsC(N2%H3 z#y+0;M^%)1M}r*QDk`huodDpFY2^{YNP&F3YQvP@MH8n8vqsCkU$c?S3jcnozlA6V zg6NQe_iXX2q}Q!%R^LOCf<@q2xjd|;tj zfrU=Eqv7frZmBacU486KNsD{~GSo4vzvL7miHn8KM}Vw1zVT+n$bvmLY2j(z&&k;y zgw)HBzpzbpYhb<=99(~>WWLc}D-Q%>H92LvRnGqQH2(~b4}kE{%MX?8<1z5O8?$v1 zsly3f-6`Mnp>pdSH*uFCI}asl6|N*@Uh9APOE37+&XY_$_@jUsno^8P z<96qRsN(xhkvH6lICoIO4Qyvu-+nj)ZyCRvi(PG)oVM1tzdLB1ho_;`iwge!1ntU7 z+TJloBndaw|1%X3fN#BKRTh;^G>2_b=Hvw7#B4DPk#O+|GG7l9=Yv4GqLZI z(ZrlCIBbcR2^WH6AC3cbk+L@KSaPvLA3S%vmgkuIlS?sJ-XTW$!7cXRH9LBq;FE)GKJ%1Ss*Tm1Nb}}pDS)goOn&TlA)VpeO<)R0Mo{J%9{Y| zH`6Z-!c}9m)-GZ`)%sBI(V99_u?u`!cAvEH7^$FCJuGaEL}xp$cYd?Dknr8TIPmzV z1@~Pu=M#S&ypY`_nUzY5@LC^3&eBEAAkpf-YbDYaI$QcLV*iqFHxGiN+UrAFOs~zS z;knbX`RPBhHG=Nir*&j1yK~JYKhLgMzR0kFYM{f!0LB!tzii5_Q z!d}yXGr0l0dvBa#M$?}qkzN%{R%Z_9CN`6OuM%=lZJu;M37|Vw#q;>wn7j(Gl#38o zF0c0KKlhEW#?~1TCTZ)%J^^8Dz%vRkZaf;XE*#jp6ZCCOOmuM~kxy%<^8YELW@+QH zd|l29#kj_|S&mbS9BCBkB%Yve&LUTvu{cuXXp5VEtb@M(Il}vy#C-gBfUdN%lh6lr zPKUDD+kDA&WnFYF`TmJzj;ZLq9@=vXX<{CFtpwg5gabT*jAfD`tC{(Jw{ zQO~z>=_drpRa=-Xhtt_bmdcp>aoEglS+I5iO#~cW$?vT8~O21kT;JovCrGN>{CCo+W@OkCnZE#pzodn%aLMsF^dWn)-j&Djq zR9XiAzGXb=-NtNLrBgOXGM(2GcG+!Kx#8^`m-@Fc65zVf&`{?NrZpydlA6M}fXHn( zy|U=#1`U@9FB?Aqv;q(K_DdnkeYl5)9pSXlZJ@)h*loDWwH!)cC-m!MKqXG?r=mpH z@0NOu-D#}tX!04B$ZP`73*T#rpjpS0;P#~l(IX7c|e)YX2Rqv&Z2JiW5v?emq|+V6-;r) zpYZY!b-{O_d>j1!SJ%fYijcZ!5xi4U2A}RC_ zlkJCllL03@D0yW>m6?7@fuhcxWW#PFXtH%X{Z)=8JY6ioBIhKk_J>pE!m zMmi+yM(^fJ4%U>z>yWNQa)a)ehDAv~JjhRYRoPkiaH+MG{9GQqF)14`xIFF;E)Wto z>;r1FUU*~y#3_R~IAfWvtXV<;QqgWiFcT=3Ag;dd^8xfII^;offBJ!1%%J(R&mnLz zuSfnm#8Igv!OQhC&6nnu?C&c3DQp~4`uqDYr8J$KoTL>7`q|5RzQq&OdO5SQS5K}~ z?zd)Dk>LH%VlFAGQ!_A`t#b|p`O#JWL43?d2p9P6>%a%$-k89d0JfLQFF+bQ&_ktq z&g>Ogj^8;sbT=mhT!WlG^nA?mB-%CceIvibMn9=}JIGTFRRsW5&*WOcEe;B;`;m{G z2G96BENw~KEBnc97Tg#am{x-tL~*K`B~~|{S(0eqk&zJvqau@1GKALC)ZFkgsW^HP zv@FWM{8MTf(mdaS58!*oyiy5tW%HF`YEpAe^*ok zQb)`4=amApv>+|7<37bSiwMa8VO#vDd$-2lt)0!SDDo=PQhzE3lOB#F`;yHIzp^8) zcb`gD2C8n8o#sSE+K1X6UE@-AK4NATDi6%$5YVsi*yeRuL?V;kFPoUGB)5FQySceh z)1LauU`wJFah-&|x&gNQ()079l5k>77G}a2Disrefe^C(-;%TeBq=B|5vSUK_|;Im z+O+bD@0|;0dj1?N2e@$T0+oZAR97S5Q@hqAGAVbwAL@brRLx;*H4{L6TPK_MDW0*N zNBy)U_sapT;-IP`wv*FThq~Y1cj>yu!9gLbt6hn>&w96}iuGgRA=sZ}4*%r_rAQ8mz_@W;&l?%?VXa843z1lq7W zBCE`0J1RDnE(2N|lQsvorh^&5jul_5LK)D#9X!5rkWS)M=SuXzW#m|~DEMPL6J~2; zQ~vqb)Wc)P;e~)KVH}rHHKo(>F*fU0VcGSSm4twQIkHA%p^O<%pDULnR(BY1%l5-X zU)D408R#l$6Vz|>p`u_Ba6>Z-iWsps%eH8(nk1`y2CK<;ytB=^rta;t`*0Cus!*YhLBmDZGJ1WBzfyh}(_i{H70c z;@9TxGx7|)pp^;b5%4AYBaWEVcMns>S=bJMrM z*sJT456k9EUpPalD1*_w;{(1n?Y57NA$Y8J_$eiw9#6233I6Uo*shHx@>-bX7pvw# z3w>a`@{lOSN%2V%t4&zXpNz9Ka*yx-r18?HT^nC?R=ilQzQ~x(u-h2VoVwX3*{-jC z>-(Bv7C~J=1I6XFW@DJS7z#n1<}=H=_1^yx&c2nL@H>1h)AH|bNWe!ND7tkD{5E*a z>&E+)Ctc-PSyO%b7;6cA&e?Nd1u#`cCp@Mru(b7w+fC)^CeewqbAmCKzJCv_cmN|G zA6Xr@!?vYbYb*nhqu-P%xyMK@V>r+&9M~-+m_dhpynH5ywN$A!I%dPoz5sw{tmH@U ztHzfXC6OHyMH)^6D1JLk&iLvsV52O6HgKB-2<|UIkh2~KEOVTYXRq|i61WL?Jgl)5 zlLhlI!z=s3WQ?4aX)~aV4AoOOQ7DiKI{CXDF7r8Tf3^NHIm`JzhJ$9 z76+B?PetlZ`yqDhNLINI5sl&--&ld$Ck^iu*~PtO#e)=3s_kR%&U5u~nCBTKb?+ax!*O?)pL6d&OZ@*zOp$*X8I_Keme{2!CcA;sZmaoZ zV%I82LhPNiB9ZE206TenV1O5l;1H{R!@+^As9n5_SVQH!^(&@1nz3HS+MT2o__b%! z-TcPLax1*J_r;@DRin2)2q&jptNILwPngfKei=RTZ_aw=U!&YXR5a!^xSciV?$a6Ix)Blq4GqokYJOSEdc^kz?d{^XxhTewDg2*xvX`HFO%{M#Me zPE!i|nc1(w6+j?LE>ll~pJ+#JXPAwKI*i0$m}w9}u8C`Jyd{nAD`h{y886eam6W>_ zIu6=jdi#qJm40HABu`g%S-Nlh?phGy73P!w&i8|_^jH=b}=#EWeeL5*#sR{Su-v?XyK0^A}jvljOan(u6`) za1*jmHwjB>=HR-T)|~JQ_BP+tsxO0;Lh~^GC)C*Y%qRtU<*v#EHZU0S<~RRTq0(ms z+K-)$c8{)S_C6abj$S=CrcJu7W95ZFe-bwifl@gP7Un;yjf#Dv&HFXJ%6hG2P|Xx6 zIS$I#e){<5`h)l$R7<}fcY2@Ynp-kuIwC8V%I<6`Jiw3^OVC-BYl>urtwUD^_L~vNDqHM-dQ|<)3{i6Rojo^dgKMj>+q4ubcQkHwN48za?Wn+ zP<9Ds5qYQ=Pk@h%zm1;7K(3(EQ<2|mEAMMd`zqW5F1X{k(LS#{RJw)o_FiL0(ms>o zb?Qq`*b?%-d$uLg?)^z2V6+vA2tO%2n5`FK*KMZUY-|Ex%)4JOxPQnlZbk-3?_Ilr=DmLg z3|72-cDmWMXYBP-pXL=8bC`@<6nuJf<_&k5Dy zbAQ3nLz9si)#3}4MRho0lN&$-1+XP#6w%0hr*Mo+)9+~Itxds`)=4l6JgB6aks?~I zK&%9+8-y|Le<3Cqcd?nBr9OW;{KDgmfWq2HdaFj+KfOBhx%~ocZu_Fbk7lO^+>D8M zX;m|t$kB{gGW4gA@*Ye>9Sm7^A2$=;7v-O`!IWE;pu17_HGY|6?#K7a&^%R`g>{QY z=Cz#@-b6wNsY$lUiD!kB7aMa zoWIGw^+z~BmLO+_XC&E6kdXe##JpP--~5*7w=Fl-rUk~zU1<+DigQ>ZU@Ls;?gn&w zTf016@JpsthAGsalf{7n&ou@j*tJ~!^sd(Jgr`_EHRxm~(NWo1)C~*g+)XGmC7K>y zPI5)ER_@4;hkCDeNAseltz}+A*^3a|Dok)A#t4#NE?P zGj+R9a-WRfz`B(!5%R^(Zp_hk#IxFji+?GDb zYwjN9Yg1rnuRD8)x}F-N<`c{}R&JxTfI~&)-R|qSoq4^!=P&8kM{^`&Uv7N&|4Ou2 z8Qz)hEao)$L>p_C?E9X2hkxeY8DVW#!e`*aT86n*D;s|Ja)!9{teq64;p?P(gLKH} z3;frlk^mx{nmh@sOrvLI&xbUl4Nr&UQ{co3?2CvKv3&T6A3nKT%A%7|(7;}R+{NVa z+_w3@4wP=Pu!-;4tqk(#K=X4O{=GkdcpBrtaNpR<9+1z*G zBAB&%NgU=WF+h}06-wfCa71X+0xgZ<_Hf-yy@TKe%Zyg#c!Tl{CA!x(dKos5xq-wG zwD`y0KD*tpc0Ma~HcU*;JU|W((rD#xXqSnlomA%;ZOWnRK z`-_5L|FJxKZf2!8U2xs<_4f6bD{0BoTvSqM<_{cVU+kSw^d+MIDNwmt$B;{x zJ-6olz{6r7N;~}FVl*jBBC9z|;>zk*AapoN3Tf*s^2azjo7oEJKy9;jPkGP0M!eY% z!%cnV?6^(oMGKB2!~4<50 zrURk?LARglBloF=J)D1FmwK7Mq(&X;HA-|#i+G&56)cS3u~Ad^UI(INCyl$y*R3#& zZXD1`{q2PA4g;0PZjnz5_NT;AY=@XT1iHqsrxRr&BK5}lKp$fMf@InTeYzWShX7D3 zrik$wt+}pZLzA3Z|10qYTquNsxz4mZ9Frxk=~Zwz{G#>gXNt(izGP&XFNAG6i8ubP zOV0gMgCEZuyP1-e)!Kh1OFoS)7<7JZc|2cP_mWruSzd05j=l&JN}?@m5jKg?<2mhj z=;?oh$K_LnBPb^EIJU6{k1OT!2RP#yEPht;nbbbS?*}rLwRoN)m|0TiyZ&|bW(}-~ zcl9?Er|E?aJq$Ss={c>|py@^Bivv-IG(Y?BjNg;_3-acx-HXl#nL74v9$lZ773a9; zVJy$JIm5g5Q!AHA^*MZ@Y=yz*oSBrL9l{O*cyNjbBJ_p09F|=-g{U%PAydzm>w`^d zyYnfzL?&9nvg?)gsTBFW<>1f?nrLvjsXK$wZQoC0BJYb+zT;`g+!1PPk*Gw&yTEW< z!e(|kEwS@Cq8$HoHlGQ-ANLv@SUmB zY)BzAXL1?Z0EDu{h8KPSK_i?!ES63J?>|n$k>5Gki;lO3cxw%S07F%!292CrXyO5WEUuCm5n#Z{%$fnAoT2=gD z5zWA%2Mgp&mNBCrk;^2JGfo(6slB{LRZ;6yN&}z@W4seX%_3~c8;7(%?Apd8=TKX2 z=uxUzRz2!^ira{yh<$l*v#B|MKdB&wM7mX_um1K@yDiAjH2!lTT{hUMT7`3b-a9*! zFk-K5tTG?$otYU_bnnQL$>?$EzdL##>N^HF0-Az<=qHdV_Z01p!6=t`w?$%IiUzca zGAdQo#ALS`*LcZ_;x|{7kCxKNw$(!C-1tdR_4r~<4Wu!fMIW^g-7g!kbGB~Jf_WR8 z#POy$o_9qL46mIhZ1S|SQXTLR0Z0Pm_e_@Aeqx zFHq`!Du>&S?rTfZu^-S&hQ6O)oVhn#-O+eB3p?yehEMIr32v@-jEZ{r7A{r-6P^>V zbg>hELnx=eI|SWcTw@(#?AapfdwbO+l#5XkZ!l>o>s=zj)?aIrgSbQTuL z?E>X@#VT&?VgR065D?DFhA4{et1QjY(EyihKFhVD;{j{lv&iU>JMUBUF95iXGQcWuUy!QNAtc!*?z(@5%qdm-fz2 zzPS6@1Y{lldcVtpyPjun1r+}#A;%2-Ub(ZzK7cMTz#&~b2J?*) z*oTM1of!9zYnhW?)fJE@z)t3-p*i|vV*@)Y3A$(lM;Jbyzn@>|ShSg1FqM|Gcf;Vl znQrW@j*!R|JbgxhW7A5A6y|fpyhiIknz(suC#lU~SjLS#QI;ONWj0g4_|B1l?7SAa zlBCoSdAh5Y9$B=bwue*H{>_ZY!$+I3wCZ*Hda8mBVR}qa67w=o(G#CKNwO-Hybcjs z3KccaFR=qX+fP7etP?^hdXa(hu=4QIZpwQFANL$A)qVE%H;GTnb+oY}2S3$%DGF1& zuykyOMph);9uDk`#B|MDkN$Xze)f<_R|1lP&8SOb^)nB66Dj8F0 zzzl@6DYo;oD@( zyWY2cu>1!=Q@C$}@14cvrJ&>;y_b8XAZ1g;?<+!kX{7CD?ov;sSX00vJI_96R9cqB ztFq}o)RCK4ucynmJkO5l8mmM}ROdh|sub}~r4%S8=I61&u>VhUh z`M9p|@LosQ(L5~QZGpiEMegb1YoO7Tq^<8R=85bkFWSd5>VKmZ4+6&1J!8pYQLm29 zaRurlIK6c>@8XO!IkUD5s+Cpq1tT*SRARmJB3HH=>jV@ahtzhh04!fA&V&!wL^4Gp zB-auzzk($sxoYh(&66(o_6_p@7tvr7;8haiJvovu$S+|7O(n6{IlTZT66G-bI4!(T z{Y?EK9if$FrB0^YlZ%3#zT!*DyC6nYnm-#!Pm3uH8hk`Uc|K&NH0Q_vc$Z4`^I$do z^v>T<4K<=^PcaOYP4z4HIL9UMlMKgT3$^70N8zu8GT@)9mH)i=9Jzun#5(ItPAH#LmznPeUOnNF?cJaa>MXrZcs>zuf?a*2Y~ZD|il1AQs5 z%0uqr6v$n8GxB{q2!ba^ok6k*be>T5A)2YUF#tqLz-=72&(#7q`wWx@;A=$7Qe3R+ zSn&*3&57e=`ihfA3hcG1T%68BalP`F^9?G zPLfZC%@aS6c5;y3mnhF7_s{Lc6XmWix=HN(%~x?sv!}g9;=pcCn{Pb{{q$`*`XkqN zH%k|XaKs`mt2aU(&KyR+iwOFIUgSMpEQ)^!fEMFkI>lF;s=WbNC>2|2W2_?7N4uIz zhE~Bmh$OQ^FvHEwfVsnl92l%YebK7`FnlaL1x&`~v8SOunBGGSs~xKTtpK#=Xs*&; zXZOqZO)4Q%^2h?n>a~>F<)+Goj@`^*pmFz50KMq9EdD=evRj#c!Y}Ek+q$r{l3+0h zH?%9)ZEKfUk0zW*=RnuTR<&}U1gbm!fBCLccSVgTk@iO&Z<@sOc;}({kxAla`tv=R zi|twtZCm4smmNN5uXlUVyXNU{K8k!tEZ-1Jcxr(X`@%_u-pI$}wZjXlT{CeW$xN#7 z!Hk51d!FAi2tDg>K1h#|lm@5WC?RNI+2Y6u2 z8`D>pdHS0p=MAsZqewqh(;~&^kw0>ec7v{T>ISi;-w&I{Rl8R;(u2b}mv%5}M(~?` zMnutCcsh(5xBuxLG>Ep2EY|I$45SHFYK>wP(5YYNPMoW4Wn{^uIO<-=*zB>aY&LN=i%o#Xp=sJ zz&^4~V%PAn@(iXWURaS{rDN^xP*7SaU& zf!oo?g)R^pI8#k>>EA(7sw2}8Q8;*s-)PJ7Hg*RR(fc}YC z4E&#`gstZ2wJcZn{~UHA?g-#hbU$b^G^qq%YTop974ZLD_)-&qqY?G*8#|`t%-S+E zw?%@tf%~P0KqgCT@jeOpE50etIWI!_n%%-Pi@Neh#-rXm|CeG}o7pzI^xc3ORU4}2 zaSbs3!bU|HMLsyx*Ffr&i+A#MqI8IKApOF7*(Gb6WIDkZSCHv1aj*n(s)_EaH)<(g{z;E(_j(R#q_lGyL z&#c)uq-gs?gSu`dO`|owyEL`CJlMn~5}g^#nFGUa^misgOI#QU8yZl+Ni*#DTT&m$ zg!)x-h<#?!chGQX)mwmkwMM)P19|{TbCWB&GL!DFf(*xy>0RkSm+W<(>WtSP+!6?? zZ_@qAgK2)$`R&8UGnRo|E71qbEMkTFYD9bg-xro19I{AIl<~2l#`9H|iutrrzb#BQ zig20u2d31*Znvj$tMGvQaD^0BcJt z7fb&?^C5fdjki(YXv8sU#5XmpxN$k%fSJO95HQc6Q>Kkdl#or~*0oRRmAmGtHk|cR z^99PX;f(|{>)Ow31+oU{o;e5aC?XSKJ(OAX_NV=ElM87pw>!q1_VL2y$C@dl@I|W7 z<4HBD_OzzsF<%$L%4#5JA zEfSsSi)v)PU^R)kRVWq(gZTN}yG)upJcBw(V3^vO>``;10oHSCzpuBSo7?Z(p(@YI z&)xY0DWVSJof>}cB0aCr)1|onS7~1w2zA@O-Q7ZoN-2@0C`)!D${Iq5Ny-|NZR{kw z#waSuR<)5cax)gdvw#vMLR_jt+PS*D0{EHJ{8NRoFcRS(hm^Jz%dvItRNCTDv!-} ze*sXzb5tJ_#*OiE_>rK&q;$+Fv>Y zwdcQJX#VQb7B*dJE#0mV8Lr43DZJPRb@LW5=e)8dBb(a&7FDb;FBYidBA+7cYU5kF zc?!jN{0ISDHV*S<_gK^0t@Q$ zm)a0yowj|dgwzb6z7e`%K(!;E;T(9u>a@uU?6_Zg9gQ@2<7L3>$|>dWygS{oUe@AO zyKY+PwzREly8P=W&Av7}?pJg2+LEg4eM@B2=0A?4h{U1FL>62Fb?zqb+#VaVD7cD{P_&npC>p{xay}z=$3M%a`PEU3%KOU`=)(4~vC%ENl`WePxZv8l zNs0l>`yOEBsb!}wPVW4cG8E0?*!Z@B^O!2s#!L?7zPPcKpOCF3e!k0= zQ3-_O6zdYSDc6fdy4$es7GL0(^m=d`q^`md7jBiWF6HbVTpoe?4PX^=pP8_u={Sy~ z>eScBJlQ~x5Mi*bfM%zJY@$SVxZ)vBW^k>T*zsGIW?(X_|1D*k{-a~5Lkq+27H_?_ zGvM7D#DiW)ZYB&F_`jGB1w4M+1O(||a58<7&d;Gc5yP1=J1g4oXe#6Uor>+|wX;vx zC(5^XACKIrTi?E2xAygJ4jJ%#)5Z3p?lZ(^ifKu~14lo`TqCR@ENntxuBUw_LC75(Ol5Iq(n;ZVjO3&u)p!sk3SF6C5Lx8oB zjMpHPK8euy?OWgjAWw+wTICnnVx~JDqKyb$&rw|cYcYiGX2oHScu6s_@X_aK?E?<@ zBpJ2yh0ng7b}U^v5=})QQ8`>{4LoBjcHTcVi$>8%q;o%uhgJ|2&pax>qP&frFu4Bm z{v zKqr?L!3z9JMc&8;d({p0+K9(Zv!Ba|u82fuaoPM%fby&sELyT_OE!V1gEOeJ)7!$P z^D6SZ6ixPYS{@AbKFkAkWTbJZ6J?lqvS{i%um>I00fcK&DTv*+PxXwp$7n!6r*A=KVO~Do99O1E55@+B7Api8-;tH>OYy?z@zt7)*sGU4gEKRb_#XmPEo;oE$%bkNuJw?WH<2#1&!n z8{EYBot=H9<{roNMU=R@;rWrOof{py@yJq1Pe2`b*UDcKUJ~K(QxJ-WbZ@&u=UeQq znbe4!XmEQIm*9BxcfyI=mmeYDe>4$xkJ&6Obgs=#vP|4IC#9>4{1Gy+KE2D#rDz<* zK2j6(*)HXy{U(gYlh%Riw8tXWpRnN%QC#&5qOWV2F29S|4FoYm)JS16pr3;ZblvHsk0x0n6GvOx+>Pr?@;J$<&v%|{e+A+`g?dWEu)O}D6wJIZw&dO%SvmgP zoIvGwqXCG#8GRDaS;+2_|EBKW;&Z=sg*X|ll@@e?c0rcCX_$A0{2{O({qaPZ$)I@g zOg4SuseN&f%c3FX<2^EOz~Yg~Vj2m4kOm)EA<8WAN?RrI<$5h{Dp1!B5DbB?g>E&l zi#iquYpeI$<&~I@o_kzqEU^aH z_4O*>w#Apbn^ucm`qjn6o8ApY2-r?_KtSuO?xt&DMU9MQW$WwXF1IcZri6-EfLqx#Em!ma}0w`RTT*#1CM=F;$25wC$|K%4lU4L0m!Ex%Mi86$(} zWO$FD`wvENF&xCu6LkGlPu-?iDtyLsGIvY6Gfsa=7{?wfXZ$4pLjG$PmU0`C|*QF-^)IJ|6*Xhs)m%1?TcM1!2 zoqyMQ{x6I(a6%U4dINK8VT^6YnRSbNU3_%_O1*h%e*;$)6 zSZv<~4ES$xVJ40FuASEyW<^?!y>wUm<9)|=yM&K5$;BWcEi68Zspm1*Pem_~XD$r; z9=?B0A{I#Oy-3mn7!IbSix^(N_cuu47{rE=Bz52@6+5ROt)2XN!{7u*m2#Ca2?*|$ zGCfqpbCz`_lOTo3$)wME?-T<^S|4Bchh7vetK;aNlP1YioIg(Zvh2V3xH|EPX^z@?aZT5$ZKjeiiYM{qCC|CF5(kb*@V-4BZ>j27#+Qf3X zNrzXiVJ=X-x){IT-pzA?1BG^H3i*V)86Jy?q6O~^9zeAb__T9Z2;k;k z@6{>*1gopjyDdU!MSrj;#P=8r)*}%qlX)p+qaBqk9qM}hB?8UWMbsc?1@_5L?CfpF z^8fR(1E*7vkf%VMF_dn4-fi}K)#_*m2^u*kr-}DD3xm4*wZXf#oo{q>N<# z5(68&dLq(r&!NpEWFBF|tWtL9a3OL4ZAUT#fV4ZO_|xYC9(Vmt&4yPZBfQ-28AOIp zzYu&d^PJakeSDs|*?#cDCp=#igV7pTK8V_5z~T3{FuLw;NTm1`n8Fwu*DhKodFlAl zM5on?X~w)7%;eT2t0rCehI}wTONGz#CJ^_mp&dZnH!{Z;i8kyrO?+S8(tfu&BN6m^ z7@qhBoa@pWt(zk0GQ$xuz8GC{!s>hji0O<^%cJR4lM{itGG=m4<_CJn1O4i|E{o7Q z>VTKx`l4Xf3_8?*RHhyf!T?H>?^dTl0e?D!TSmF~`Mqr|>CIR9qy9L{K$g|O`D2Qd zok~CF_J^<=11Am{@q8`D{M5o8u^RV*swrfe2Bo^s4{ySd{f?C4puC0lf1nlvJ1zK{YHbT2@g$BBA`f06N~9PF?qgwAPCw={BrgZ_rZ7# zJ8H9X1yr9rG?abqS0?)8AWvCfMMf|yTj(>a{;+%_3B?dBiDE^|0XmO>&p| znS9blNjlRVtkJWzpH3qwLbKSuUs5Z?o5xUofYi(Zg*2TPxs?R2YBX>rg1s`Pp`M=E zrzJhy4>A;HJMQFHJ*U-8AEkmG3Gn#uu#7(;297@y8sisALgV*vQ?2HNMls)sP%NBw z5j3y$cW+>=APu^@G-Yqu76hlVs1!bKS%D={uA<#PH650}_;%>uumsWoDG0|9XygX} z2K3hUbt=aQRZy6s2Z>L4%AwLj`6;pBg6U{k3~70-H<04lb+thK(Zg$L*2Ve5 zVgrH}`{z!Xw-g5p8c-|rTb7B*ot+sQnkMYpky?EoBmTyGYicYyR}};}hXG|=-mts` z>TAq%kC^%NFp~)Tklkn31gl6f{t*)$d@c!^5tBS&ml9HU-TMB5$&50&mpZJq6t~Tc zo@AWi6|I3ySAf??I(g|?UWxqmV(MJirOmazEWKTyKDbev+*- z3>~C?w_P>xY&gGX;E#{&7qI#fr6+ChkC`A{6Jf-*qL!uQ9}A=&tq(LByfM}t_OcB^ zx;0!}48tIRx%-Ch6E7w&)G|Q2N5h^k>2EwK2ecap&+S zs{9t{w`f%Y%qkKri>LBLuWmk#M7l%&@z6W()%2cnXt?(>lkY*%FZVxG;+Bt>_<>mk zuxx7!TUJXOYqp~Dr6sDt>PycX z*^97ozZL@#0#zTZ=@)z@6^xxozJ~yInumfwL^~B8&@BKJJa}w;Tc+l|xB182VNmFQ zuED8bok(hxDIy%r6SWi&Nv7K?e-}*(Nchj9D6s6VJ)TIT96{e%A+*D@pETp%{C7Un zbWw4aQ89ld2ii;<4qe}}^6BGdiYHAZ-Hk*FZU#Cp^>YFS5|EMIesIGdu>@%1JMLsS z?vKk&O&dRdfibI-7mmgGu6FssZgbMIW{m})8&A6}C?cG|@lf>U?K5~F_CS05nbY%m*ei!wBO=REqDdP`mm^%px3Yid% zw9~)J4&!BAOO+e+L2Qsul}qB4du0>Sidm?W%?@giXH$_l)_5B=&XdP{HT>ItLZDOE z-(?4~cVrMz;pHwBowIOIHaO=Sgfs2=+h(VqY~R<(oeST*rCs*2W?d5W**oeLFU8KW zWADW^xInbkJ9LzQeVmGGYK2>8UGdL=7BQIP;DzP}hzGN=rCtxTffHDpc@X~4lZiiZ zs=r3pVI*ouH$&PKXp)+^KbVdRuJ0pk{O{`n`D;La0`;HytEDb*{9$qZI&|N@{UGzW zpZ=sA3$}cum}NrnI^r`PYjIc+y8v20Ery% zch#YVY4nLtn%?dybYT~tMAiYGe4$I-ru`pmIHqU5W7ikAx5iS_R?YN(7D1Z+M2cUH zEAD7NF4?0h=nZf>{zRQ{UQa4`g<@&(%=!BDsV1inqJrx9gR1Lm~q zlx;65r%nL}A6HM!u~?q3yK+js@?{A;!fDxfGS}yw;xGLq8Y?ym6||Vb`$8U%(YHx1@jnovGmUrPV+^P~q*!0`%Btm}K^9 zgbvbdEqV5?jk{CX!chxTlJ<=vq!8;@MO`y<%?pZq>_G54D$N4T(uCmV=C0C$juHeg zT}8V7zf6ab@d+>{Vn<~mX64ZJeS-qNMNv<`o zB5hEu(g3Q5yQpEoXWVO!_wiEw$say_#mk#RIFi_gc z%%zdCN$$hfop&-;uJ*_;R%Fn0GLL!ubiaxCO2`hqWHcN*g%#4K{QRePgiC7yFsZbzW`hka-BvN( zn+b0z@^jxXs*|;qN+mxzNL_DG^;@oxSPznby$(%#iXaLH_WwHBNsE3a6J7c27O*zq zKYE~Nu6>%DEaA;Sal`)6U~d>;Mkl2YhWoTu90znTKS(z`N;3oH{*ABM51hfsSa-kn3zfJBVy8H4i}hINSq zp4rxbB?52b0q1kyCCj+0u9bQOYTdM3mp1)Z2z3pYdHqM#w~{&fw7QzQ9u~A|*GK&- z8a9wiRS;gNNAhsj;AN@Z3 zx^5!rIL!Z|x!@9FN9{L_%KLW{zwdCyP6kqX8&+=^iwr8edLMySJgoAW!2K6ca>7w{ z{}#yMptLQ;Wcf|vwc(y2zm$x(1Dl;mPVjS0pya&)$TcqlWl=L6c{ejPIjnM z@(+52R-{!B!{Y(ExXbrP(gpX{PW6Q8WbaAD*0EfxWZgXj-Q&P?PW63dU>JxkZwwVJ zDpUR-{4`mNRdciD(+?<=y8Z1@DwQMrgTm>nn*(;LdeGJP7~-FP+O+p&HK2La_5Bla zK#P7_m#Djp7)snz?sYo&V~hbnb zuRDv|UQ=0XSWwVg{Ka8So99brl3eWWfHe!mO@dcMHTxQ6ET^~fL^pt*arY{|be@N=y~^)j(4jfI zRUMNX_c@uyUA+PhYT-VqShQrg^NUhhKoTQ;*+0{3rs!{h_HPb>_D`Wz41bfMyJOPL z4$2lh?HI*(G=>g`2HVa!>i3O{1rvw^_5_SiiBHf$38235D+vO^^k1OD&~3E{tB#4e zqlvtsSJ4SKnFyl?n?_%<%;#A`;$KJ6W^>^u*{h}t!%%*XYxfj4TP`cEuU_28LD^Tf1@ zO~Kke7&uiyFmrvxTxIGVLb)ZRhjNlg4ALFWU5@=*%dlRhEexSP>wW8Y9S(6jDxCyQ zAOY2A58}w$R`fZtx6pljX!w58KL7(dYGAmmqjQhL4lncFtqpz~|3XxLe&G+GU!b$c zyD*DqeX#PulS?vC>gc^7M|9MWke6sW=_J-UOfUHvoZeVyYl~-M-v2xcIi%pe6C!;E z@Di{VFl7dO(Bv~Zk(KMbAAxUbQ8w}Y+<{TC;OiM?t!wzAWrNrL7Zal8xd_9-d1_-~ zE^)ZxkuBc+ye7Vv!cPRq|Bm-<20Ce^Y`NkrLy*{TgW`F+h+jiHKVAWDltodE@8>o3z4$-wWVYZcLl9FO24qjow0y48b4cgnApMIj z%k1PKo(lx#QmG?3phkCl6ggm(n+)~qAfJFcWr4&-c|m6 zGf^zxkWQq(y9Lc-&leKrxR;E1UmneUsT1yE0RZ%W*%sGdrn!mpx0iA@mrD z=>zN`UjdMR+(#mBT)k?1Pr5)hne=jBe&J+M{=5Hv2ZFe=jSK;^{zY)Je*L>OPCRty z&l?!@Mx@8Y#8_2~Vzk{@AB^}EeK7x@my0S+&{u%)rU%5GbHEy}WuxFhWu1GyKu#W?cde_SAkPnrL9fdgH& zO$ahR_bIBPs8QzXc}1$IU0=`PLJ8m+9@&|iEQ z%Dn>I-RWwSQ-Fo`$1W!XGFJTOuy)Yf6ktFk&q^PchL$XQTN2kI`mp;Y-C{ZGwLTYu zy}n4y#&{Y2MxzdsyrA2I5WYx2QYrx*eu%e3|0YH2bY~p6_D(NOolJBTp?gFzMzP;2 z3vUr{O1{5!E(YfOFq3mgR#>`XEe5utI%H&MK#UU+uCQ2<_3R(r>DeUti?!;cr!Ay%hH0<~tOQ zco2N1k57B+YOK`&BpQcvAMeodCggLjDP@H9KHheu3H6 z)m6lP#%a+1$(1W-zFR@{pG4-xP;V<7GWB|NwGa^d`u?`OkL4pj{{^)_ADe;Zb0p_g z)g=)NO>&fTWJ>PP4ZRl>8bzOknI;MAb8G5^09yLDpY~kYAOH&64#U3ZN>QknA(s|| z<*sD!#!*ZZIO)%^<=gA;F>Jmw?{fbfO`pE^`su%h6<)D19rz(0J}AVe z@lCgL?_D zo!1&Y%ep55dYHu;EZok=71*t5xAFBI+Hi7cBRLo_q4v`~uMq(-l?d^_{;jD2z12M z+&tvO9-yc!>>VNBh0#{lzShs{p|v()rsDYG5mO_^ZmImP@@eE-V5QkE>?NW+#iHYx zo@##$N7D}$dq140FH?LG`)k-`*Fm9EfdzV*u-5%R+eGySrv*8vZ>YzmP>f=+2kFi& zd4fVo-I5Czgr{o9)+XuMt)=Y&J&hqF_1=;6h=aAh$=d3!YW7fcwW7o#pbA;nHmvJYeN1%@M80FYej(>gIm`MNl za`_32w!hu>^-~XDiY>Q|zpIm;Fr_bK%Hv)F$KS?|e6PEK)iY~LZGU=PUk5vqvLD#I zb0Q={UPidmlv9j7;lVXsEF2GOk|@zGFO;Rb-2-0ELk^;M@7-JU17yUHAF<4PM{U=$ zd*_)Tqcg9)@7bt)XCg(&72^AO+F|o{ajqIgo_zC7dE`XLnI`V1S4vS#%O*0bv3WV) z6H1<$`*pemCtNx1G0~{Up*e zV%TCxKx0_7VP$R0>}(`pmUlH>n3wa6V3qwYmjezGHp?H@hFs(nm7H>A0_NTFEbli! zP%o?}K3Y3oz(i^*%&d==mhBEVQ~G6*hX#vzMIX-v(Ng=1>(AOv>*!2my2*KFWYx)E z4>i_iJPN2!PWHMRBZ1c>F3_-L=4THF3o(5m(3k}D1jJ-xA4v)^90}=2w-8<8wInjA zmNRvKA%69L0kXG8B}xU|xE5_faF=?BYEpJR$;2uwJ=)i@x|nvIExk%A2mvA8Sf1&+ z5>O@}zw#F!A5Ggwvew~ChN4C^DYvd-&J)HX5W8|sGv9M-PS1;_z8xH6!C5Z1x@_bl zTI+LtGE$DM=#v!V0W^o_fxP!pjL*LPj~|~j6#u%f`sKxm!;VJ|0DsyV`nQVI9tHm| D=ESE& literal 0 HcmV?d00001 diff --git a/content/v2/replication/deployment/_index.md b/content/v2/replication/deployment/_index.md new file mode 100644 index 0000000000..ab4895e042 --- /dev/null +++ b/content/v2/replication/deployment/_index.md @@ -0,0 +1,7 @@ +--- +title: "Deployment" +linkTitle: "Deployment" +weight: 1 +Description: > + Installation for Dell EMC Container Storage Module (CSM) for Replication +--- diff --git a/content/v2/replication/deployment/configmap-secrets.md b/content/v2/replication/deployment/configmap-secrets.md new file mode 100644 index 0000000000..765e93ad10 --- /dev/null +++ b/content/v2/replication/deployment/configmap-secrets.md @@ -0,0 +1,112 @@ +--- +title: ConfigMap & Secrets +linktitle: ConfigMap & Secrets +weight: 3 +description: > + Configuration +--- + +## Communication between clusters +Container Storage Modules (CSM) for Replication Controller requires access to remote clusters for replicating various objects. There are two ways to set up this communication - +1. Using Normal Kubernetes users +2. Using ServiceAccount token + +You need to create secrets (using either of the two methods) in each cluster involved in replication and provide their references in `ConfigMap` objects which are used to configure +the respective CSM Replication Controllers. + +>Note: If you are using a single stretched cluster, then you can skip all the following steps + +### Inject configuration using repctl +This is the simplest way to configure CSM Replication Controller. +`repctl` simplifies the complex configuration process greatly by enabling creation of secrets and updating their references in multiple clusters. + +#### Recommended method +Use `repctl` to create secrets using service account tokens and update ConfigMaps in multiple clusters in one command. +Run the following command - +```shell +repctl cluster inject --use-sa +``` +This will create secrets using the token for the `default` ServiceAccount and update the ConfigMap in all the clusters +which have been configured for `repctl` + +#### Inject KubeConfigs from repctl configuration +`repctl` is usually configured to communicate with multiple Kubernetes clusters and is provided with a set of KubeConfig files for each cluster. +You can use `repctl` to inject secrets created using these files in each of the configured cluster. +Run the following command - +```shell +repctl cluster inject +``` + +>Note: For a detailed walkthrough of the simplified installation process using `repctl`, please refer this [link](../install-repctl) + +### Understanding the Config file +If you are setting up replication between two clusters - Cluster A & Cluster B, then the configuration file (deploy/config.yaml) should look like this: + +#### Cluster A +```yaml +clusterId: cluster-A # This cluster's Identifier +targets: + - clusterId: cluster-B # Identifier for the remote cluster B + address: 192.168.111.21 # Address of the remote cluster + secretRef: secretClusterB # Name of the secret required for communication with Cluster B +``` +#### Cluster B +```yaml +clusterId: cluster-B # This cluster's Identifier +targets: + - clusterId: cluster-A # Identifier for the remote cluster A + address: 192.168.111.20 # Address of the remote cluster + secretRef: secretClusterA # Name of the secret required for communication with Cluster A +``` + +### Manual configuration + +#### Generating KubeConfig +We provide a helper script which can help create KubeConfig files for a normal user as well as a Service Account. +* Using a Certificate Signing Request for a user +```shell + cd scripts + ./gen-kubeconfig.sh -u -c -k # where "CN user" is the name of the user & key is the private key of the user +``` +* Create kubeconfig file for a Service Account +```shell + cd scripts + ./gen-kubeconfig.sh -s -n +``` +Once you have created the KubeConfig file, you can use it to create the secret. + +#### Secrets using normal Kubernetes users +You can create a normal Kubernetes [user](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#users-in-kubernetes) for your remote +Kubernetes cluster and use it for inter cluster communication. The process of creating `users` is outside the scope of this document. +Once you have the user created, you can provide it the RBAC privileges required by the controller. + +##### Example +Continuing from our earlier example with Cluster A & Cluster B - +1. Create a user in _Cluster B_ & generate a kubeconfig file for it using the helper script +2. Create a ClusterRole in _Cluster B_ using the following command: + ```shell + kubectl apply -f deploy/role.yaml + ``` +3. Create a ClusterRoleBinding in _Cluster B_ for the user: + ```shell + kubectl create clusterrolebinding --clusterrole=dell-replication-manager-role --user= + ``` +4. Create a secret in _Cluster A_ using the kubeconfig file for this user +```shell +kubectl create secret generic --from-file=data= --namespace dell-replication-controller +``` + +#### Secrets using ServiceAccount tokens +You can use service account tokens to establish communication between various clusters. +We recommend using the token for the `default` service account in the `dell-replication-controller` namespace after the installation as it +already has all the required RBAC privileges. + +##### Example +Use the following command to first create a KubeConfig file using the helper script in _Cluster B_ - +```shell +./gen-kubeconfig.sh -s default -n dell-replication-controller +``` +Once the KubeConfig file has been generated successfully, use the following command in _Cluster A_ to to create the secret: +```shell +kubectl create secret generic --from-file=data= --namespace dell-replication-controller +``` diff --git a/content/v2/replication/deployment/install-repctl.md b/content/v2/replication/deployment/install-repctl.md new file mode 100644 index 0000000000..a1dbd56f21 --- /dev/null +++ b/content/v2/replication/deployment/install-repctl.md @@ -0,0 +1,45 @@ +--- +title: Installation using repctl +linktitle: Installation using repctl +weight: 4 +description: Installation of CSM for Replication using repctl +--- + +## Install Replication Walkthrough + +Here are simple steps on how you can start using Container Storage Modules (CSM) for Replication with +help from `repctl` + +1. Prepare admin Kubernetes clusters configs +2. Add admin configs as clusters to `repctl` + ```shell + ./repctl cluster add -f "/root/.kube/config-1","/root/.kube/config-2" -n "cluster-1","cluster-2" + ``` +3. Install replication controller and CRDs + ```shell + ./repctl create -f ../deploy/replicationcrds.all.yaml + ./repctl create -f ../deploy/controller.yaml + ``` + > **_NOTE:_** The controller will report that configmap is invalid. This is expected behavior. + > The message should disappear once you inject the kubeconfigs (next step). +4. (Choose one) + 1. (More secure) Inject service accounts' configs into clusters + ```shell + ./repctl cluster inject --use-sa + ``` + 2. (Less secure) Inject admin configs into clusters + ```shell + ./repctl cluster inject + ``` +5. Modify `examples/_example_values.yaml` config with replication + information + > **_NOTE:_** `clusterID` should match names you gave to clusters in step 2 +6. Create replication storage classes using config + ```shell + ./repctl create sc --from-config ./examples/_example_values.yaml + ``` +7. Install CSI driver for your chosen storage in source cluster and provision replicated volumes +8. (optional) Create PVCs on target cluster from Replication Group + ```shell + ./repctl create pvc --rg -t --dry-run=false + ``` diff --git a/content/v2/replication/deployment/installation.md b/content/v2/replication/deployment/installation.md new file mode 100644 index 0000000000..fddae3593d --- /dev/null +++ b/content/v2/replication/deployment/installation.md @@ -0,0 +1,91 @@ +--- +title: Installation +linktitle: Installation +weight: 2 +description: > + Installation of CSM for Replication +--- + +The installation process consists of three steps: + +1. Install repctl +2. Install Container Storage Modules (CSM) for Replication Controller +3. Install CSI driver after enabling replication + +### Before you begin +Please read this [document](../configmap-secrets) before proceeding with the installation. It provides detailed steps on how to set up communication between multiple +clusters which will be required during or after the installation. + +### Install repctl +You can download pre-built repctl binary from our [Releases](https://github.com/dell/csm-replication/releases) page. +Alternately, if you want to build the binary yourself, you can follow these steps: +```shell +git clone github.com/dell/csm-replication +cd csm-replication/repctl +make build +``` + +### Installing CSM Replication Controller +You can use one of the following methods to install CSM Replication Controller +* Using repctl +* Installation script + +We recommend using repctl for the installation as it simplifies the installation workflow. This process also helps configure `repctl` +for future use during management operations. + +#### Using repctl +Please follow the steps [here](../install-repctl) to install & configure Dell Replication Controller + +#### Using the installation script +Repeat the following steps on all clusters where you want to configure replication + +```shell +git clone github.com/dell/csm-replication +cd csm-replication +# Modify deploy/config.yaml as per your cluster configuration (optional) +bash scripts/install.sh +``` + +This script will do the following: +1. Install `DellCSIReplicationGroup` CRD in your cluster +2. Create a namespace `dell-replication-controller` +3. Install `dell-replication-controller` + +During the installation process, you will be prompted to create secrets to connect to +other clusters. You can choose to create secrets at this time or even postpone this activity for later. + +If you choose to update the configuration post installation, then do the following: +* Update the configuration in `deploy/config.yaml` after going through the guide [here](../configmap-secrets) +* Run the following commands to update and complete the installation +```shell + cd csm-replication + kubectl create configmap dell-replication-controller-config --namespace dell-replication-controller --from-file deploy/config.yaml -o yaml --dry-run | kubectl apply -f - +``` + +### Install CSI driver +The following CSI drivers support replication: +1. CSI driver for PowerMax +2. CSI driver for PowerStore + +Please follow the steps outlined [here](../powermax) for enabling replication for PowerMax & [here](../powerstore) for PowerStore during +the driver installation. + +>Note: Please ensure that replication CRDs are installed in the clusters where you are installing the CSI drivers. These CRDs are generally installed as part of the CSM Replication controller installation process. + +### Dynamic Log Level Change +CSM Replication Controller can dynamically change its logs' verbosity level. +To set log level in runtime you need to edit the controllers ConfigMap: +```shell + kubectl edit cm dell-replication-controller-config -n dell-replication-controller +``` +And set the *CSI_LOG_LEVEL* field to the level of your choosing. +CSM Replication controller supports following log levels: +- "PANIC" +- "FATAL" +- "ERROR" +- "WARN" +- "INFO" +- "DEBUG" +- "TRACE" + +>Note: CSI-Replicator sidecar utilizes the same log level as CSI driver. To change the sidecars log level refer to corresponding csi drivers documentation. \ No newline at end of file diff --git a/content/v2/replication/deployment/powermax.md b/content/v2/replication/deployment/powermax.md new file mode 100644 index 0000000000..34133572fb --- /dev/null +++ b/content/v2/replication/deployment/powermax.md @@ -0,0 +1,322 @@ +--- +title: PowerMax +linktitle: PowerMax +weight: 6 +description: Enabling Replication feature for CSI PowerMax +--- +## Enabling Replication In CSI PowerMax + +Container Storage Modules (CSM) Replication sidecar is a helper container that is installed alongside a CSI driver to facilitate replication functionality. Such CSI drivers must implement `dell-csi-extensions` calls. + +CSI driver for Dell EMC PowerMax supports necessary extension calls from `dell-csi-extensions`. To be able to provision replicated volumes you would need to do the steps described in the following sections. + +### Before Installation + +#### On Storage Array +Configure SRDF connection between multiple PowerMax instances. Follow instructions by PowerMax storage for creating the SRDF Groups between a set of arrays. + +You can ensure that you configured remote arrays by navigating to the `Data Protection` tab and choosing `SRDF Groups` on the managing Unisphere of your array. You should see a list of remote systems with the SRDF Group number that is configured and the Online field set to a green tick. + +While using any SRDF groups, ensure that they are for exclusive use by the CSI PowerMax driver - +* Any SRDF group which will be used by the driver is not in use by any other application +* If an SRDF group is already in use by a CSI driver, don't use it for provisioning replicated volumes outside CSI provisioning workflows. + +There are some important limitations that apply to how CSI PowerMax driver uses SRDF groups - +* One replicated storage group __always__ contains volumes provisioned from a single namespace +* While using SRDF mode Async/Metro, a single SRDF group can be used to provision volumes within a single namespace. You can still create multiple storage classes using the same SRDF group for different Service Levels. + But all these storage classes will be restricted to provisioning volumes within a single namespace. +* When using SRDF mode Sync, a single SRDF group can be used to provision volumes from multiple namespaces. + +#### In Kubernetes +Ensure you installed CRDs and replication controller in your clusters. + +To verify you have everything in order you can execute the following commands: + +* Check controller pods + ```shell + kubectl get pods -n dell-replication-controller + ``` + Pods should be `READY` and `RUNNING` +* Check that controller config map is properly populated + ```shell + kubectl get cm -n dell-replication-controller dell-replication-controller-config -o yaml + ``` + `data` field should be properly populated with cluster-id of your choosing and, if using multi-cluster + installation, your `targets:` parameter should be populated by a list of target clusters IDs. + + +If you don't have something installed or something out-of-place please refer to installation instructions +in [installation-repctl](../install-repctl) or [installation](../installation). + +### Installing Driver With Replication Module + +To install the driver with replication enabled you need to ensure you have set +helm parameter `replication.enabled` in your copy of example `values.yaml` file +(usually called `my-powermax-settings.yaml`, `myvalues.yaml` etc.). + +Here is an example of how that would look like +```yaml +... +# Set this to true to enable replication +replication: + enabled: true + image: dellemc/dell-csi-replicator:v1.0.0 + replicationContextPrefix: "powermax" + replicationPrefix: "replication.storage.dell.com" +... +``` +You can leave other parameters like `image`, `replicationContextPrefix`, and `replicationPrefix` as they are. + +After enabling the replication module you can continue to install the CSI driver for PowerMax following +usual installation procedure, just ensure you've added necessary array connection information to secret. + +> **_NOTE:_** you need to install your driver at least on the source cluster, but it is recommended to install +> drivers on all clusters you will use for replication. + + +### Creating Storage Classes + +To be able to provision replicated volumes you need to create properly configured storage +classes on both source and target clusters. + +Pair of storage classes on the source and target clusters would be essentially `mirrored` copies of one another. +You can create them manually or with help from `repctl`. + +#### Manual Storage Class Creation + +You can find sample replication enabled storage class in the driver repository +at `./samples/storageclass/powermax_srdf.yaml`. + +It will look like this: +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: powermax-srdf +provisioner: csi-powermax.dellemc.com +reclaimPolicy: Delete +volumeBindingMode: Immediate +parameters: + SRP: + SYMID: + ServiceLevel: + replication.storage.dell.com/RemoteSYMID: + replication.storage.dell.com/RemoteSRP: + replication.storage.dell.com/isReplicationEnabled: "true" + replication.storage.dell.com/RemoteServiceLevel: + replication.storage.dell.com/RdfMode: + replication.storage.dell.com/Bias: "false" + replication.storage.dell.com/RdfGroup: + replication.storage.dell.com/RemoteRDFGroup: + replication.storage.dell.com/remoteStorageClassName: + replication.storage.dell.com/remoteClusterID: +``` + +Let's go through each parameter and what it means: +* `replication.storage.dell.com/isReplicationEnabled` if set to `true`, will mark this storage class as replication enabled, + just leave it as `true`. +* `replication.storage.dell.com/RemoteStorageClassName` points to the name of the remote storage class, if you are using replication with the multi-cluster configuration you can make it the same as the current storage class name. +* `replication.storage.dell.com/RemoteClusterID` represents the ID of a remote cluster, it is the same id you put in the replication controller config map. +* `replication.storage.dell.com/RemoteSYMID` is the Symmetrix id of the remote array. +* `replication.storage.dell.com/RemoteSRP` is the storage pool of the remote array. +* `replication.storage.dell.com/RemoteServiceLevel` is the service level that will be assigned to remote volumes. +* `replication.storage.dell.com/RdfMode` points to the RDF mode you want to use. It should be one out of "ASYNC", "METRO" and "SYNC". If mode is set to + METRO, driver does not need `RemoteStorageClassName` and `RemoteClusterID` as it supports METRO with single cluster configuration. +* `replication.storage.dell.com/Bias` when the RdfMode is set to METRO, this parameter is required to indicate driver to use Bias or Witness. + If set to true, the driver will configure METRO with Bias, if set to false, the driver will configure METRO with Witness. +* `replication.storage.dell.com/RdfGroup` is the local SRDF group number, as configured. +* `replication.storage.dell.com/RemoteRDFGroup` is the remote SRDF group number, as configured. + +Let's follow up that with an example, let's assume we have two Kubernetes clusters and two PowerMax +storage arrays: +* Clusters have IDs of `cluster-1` and `cluster-2` +* There are two arrays local Symmetrix array: `000000000001` and remote Symmetrix array: `000000000002` +* Storage arrays are connected to each other via RdfGroup `1` and RemoteRDFGroup `2` +* Cluster `cluster-1` connected to array `000000000001` +* Cluster `cluster-2` connected to array `000000000002` +* RDF Mode is ASYNC + +And this how would our pair of storage classes would look like: + +StorageClass to be created in `cluster-1`: +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: powermax-srdf +provisioner: csi-powermax.dellemc.com +reclaimPolicy: Delete +volumeBindingMode: Immediate +parameters: + SRP: "SRP" + SYMID: "000000000001" + ServiceLevel: "Optimized" + replication.storage.dell.com/RemoteSYMID: "000000000002" + replication.storage.dell.com/isReplicationEnabled: "true" + replication.storage.dell.com/RemoteSRP: "SRP" + replication.storage.dell.com/RemoteServiceLevel: "Optimized" + replication.storage.dell.com/RdfMode: "ASYNC" + replication.storage.dell.com/Bias: "false" + replication.storage.dell.com/RdfGroup: "1" + replication.storage.dell.com/RemoteRDFGroup: "2" + replication.storage.dell.com/remoteStorageClassName: "powermax-srdf" + replication.storage.dell.com/remoteClusterID: "cluster-2" +``` + +StorageClass to be created in `cluster-2`: +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: powermax-srdf +provisioner: csi-powermax.dellemc.com +reclaimPolicy: Delete +volumeBindingMode: Immediate +parameters: + SRP: "SRP" + SYMID: "000000000002" + ServiceLevel: "Optimized" + replication.storage.dell.com/RemoteSYMID: "000000000001" + replication.storage.dell.com/isReplicationEnabled: "true" + replication.storage.dell.com/RemoteServiceLevel: "Optimized" + replication.storage.dell.com/RemoteSRP: "SRP" + replication.storage.dell.com/Bias: "false" + replication.storage.dell.com/RdfMode: "ASYNC" + replication.storage.dell.com/RdfGroup: "2" + replication.storage.dell.com/RemoteRDFGroup: "1" + replication.storage.dell.com/remoteStorageClassName: "powermax-srdf" + replication.storage.dell.com/remoteClusterID: "cluster-1" +``` + +After figuring out how storage classes would look like you just need to go and apply them to +your Kubernetes clusters with `kubectl`. + +#### Storage Class Creation With repctl + +`repctl` can simplify storage class creation by creating a pair of mirrored storage classes in both clusters +(using a single storage class configuration) in one command. + +To create storage classes with `repctl` you need to fill up the config with necessary information. +You can find an example in `repctl/examples/powermax_example_values.yaml`, copy it, and modify it to your needs. + +If you open this example you can see a lot of similar fields and parameters you can modify in the storage class. + +Let's use the same example from manual installation and see how config would look like +```yaml +sourceClusterID: "cluster-1" +targetClusterID: "cluster-2" +name: "powermax-replication" +driver: "powermax" +reclaimPolicy: "Retain" +replicationPrefix: "replication.storage.dell.com" +parameters: + rdfMode: "ASYNC" + srp: + source: "SRP_1" + target: "SRP_1" + symId: + source: "000000000001" + target: "000000000002" + serviceLevel: + source: "Optimized" + target: "Optimized" + rdfGroup: + source: "1" + target: "2" +``` + +After preparing the config you can apply it to both clusters with repctl, just make sure you've +added your clusters to repctl via the `add` command before. + +To create storage classes just run `./repctl create sc --from-config ` and storage classes +would be applied to both clusters. + +After creating storage classes you can make sure they are in place by using `./repctl list storageclasses` command. + +### Provisioning Replicated Volumes + +After installing the driver and creating storage classes you are good to create volumes using newly +created storage classes. + +On your source cluster, create a PersistentVolumeClaim using one of the replication enabled Storage Classes. +The CSI PowerMax driver will create a volume on the array, add it to a StorageProtectionGroup and configure replication +using the parameters provided in the replication-enabled Storage Class. + +#### Provisioning Metro Volumes + +Here is an example of a storage class configured for Metro mode, + +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: powermax-metro +provisioner: csi-powermax.dellemc.com +reclaimPolicy: Delete +volumeBindingMode: Immediate +parameters: + SRP: "SRP" + SYMID: "000000000001" + ServiceLevel: "Optimized" + replication.storage.dell.com/RemoteSYMID: "000000000002" + replication.storage.dell.com/isReplicationEnabled: "true" + replication.storage.dell.com/RemoteSRP: "SRP" + replication.storage.dell.com/RemoteServiceLevel: "Optimized" + replication.storage.dell.com/RdfMode: "Metro" + replication.storage.dell.com/Bias: "true" + replication.storage.dell.com/RdfGroup: "3" + replication.storage.dell.com/RemoteRDFGroup: "3" +``` + +After installing the driver and creating a storage class with Metro config (as shown above) we can create volumes. +On your cluster, create a PersistentVolumeClaim using this storage class. The CSI PowerMax driver will create a volume on the array, add it to a StorageProtectionGroup and configure replication using the parameters provided in the replication-enabled Storage Class. + + +### Supported Replication Actions +The CSI PowerMax driver supports the following list of replication actions: + +#### Basic Site Specific Actions - +- FAILOVER_LOCAL +- FAILOVER_REMOTE +- UNPLANNED_FAILOVER_LOCAL +- UNPLANNED_FAILOVER_REMOTE +- REPROTECT_LOCAL +- REPROTECT_REMOTE + +#### Advanced Site Specific Actions - +In this section we are going to refer to "Site A" as the original source site & "Site B" as the original target site. +Any action with the LOCAL suffix means, do this action for the local site. Any action with the REMOTE suffix means do this action for the remote site. +- FAILOVER_WITHOUT_SWAP_LOCAL + - You can use this action to do a failover when you are at Site B, and don't want to swap the replication direction. + - On Site B, run `kubectl edit rg ` and edit the 'action' in `spec` with `FAILOVER_WITHOUT_SWAP_LOCAL`. + - After receiving this request the CSI driver will attempxt to Fail over to Site B which is the local site. +- FAILOVER_WITHOUT_SWAP_REMOTE + - You can use this action to do a failover when you are at Site A, and don't want to swap the replication direction. + - On Site A, run `kubectl edit rg ` and edit the 'action' in `spec` with `FAILOVER_WITHOUT_SWAP_REMOTE`. + - After receiving this request the CSI driver will attempt to Fail over to Site B which is the remote site. +- FAILBACK_LOCAL + - You can use this action to do a failback, and when you are at Site A. + - On Site A, run `kubectl edit rg ` and edit the 'action' in `spec` with `FAILBACK_LOCAL`. + - After receiving this request the CSI driver will attempt to Fail back from Site B to Site A which is the local site. +- FAILBACK_REMOTE + - You can use this action to do a failback, and when you are at Site B. + - On Site B, run `kubectl edit rg ` and edit the 'action' in `spec` with `FAILBACK_REMOTE`. + - After receiving this request the CSI driver will attempt to Fail back to Site A from Site B which is the local site. +- SWAP_LOCAL + - You can use this action to swap the replication direction, and you are at Site A. + - On Site A, run `kubectl edit rg ` and edit the 'action' in `spec` with `SWAP_LOCAL`. + - After receiving this request the CSI driver will attempt to do SWAP at Site A which is the local site. +- SWAP_REMOTE + - You can use this action to swap the replication direction, and you are at Site B. + - On Site B, run `kubectl edit rg ` and edit the 'action' in `spec` with `SWAP_REMOTE`. + - After receiving this request the CSI driver will attempt to do SWAP at Site B which is the remote site. + +#### Maintenance Actions - +- SUSPEND +- RESUME +- ESTABLISH +- SYNC + +### Deletion of DellCSIReplicationGroup +The deletion of `DellCSIReplicationGroup` custom resource triggers the `DeleteStorageProtectionGroup` call on the driver. +The storage protection group on the array can be deleted only if it has no volumes associated with it. If the deletion is triggered on the storage protection group with volumes, the deletion will fail and the dell-csi-driver will return a final error to the dell-csm-replication sidecar. diff --git a/content/v2/replication/deployment/powerstore.md b/content/v2/replication/deployment/powerstore.md new file mode 100644 index 0000000000..5541b01e88 --- /dev/null +++ b/content/v2/replication/deployment/powerstore.md @@ -0,0 +1,230 @@ +--- +title: PowerStore +linktitle: PowerStore +weight: 7 +description: > + Enabling Replication feature for CSI PowerStore +--- +## Enabling Replication In CSI PowerStore + +For the Container Storage Modules (CSM) for Replication sidecar container to work properly it needs to be installed +alongside CSI driver that supports replication `dell-csi-extensions` calls. + +CSI driver for Dell EMC PowerStore supports necessary extension calls from `dell-csi-extensions` and to be able to +provision replicated volumes you would need to do the steps described in the following sections. + +### Before Installation + +#### On Storage Array +Be sure to configure replication between multiple PowerStore instances using instructions provided by +PowerStore storage. + +You can ensure that you configured remote systems by navigating to the `Protection` tab and choosing `Remote System` +in UI of your PowerStore instance. + +You should see a list of remote systems with both `Management State` and `Data Connection` fields set to `OK`. + +#### In Kubernetes +Ensure you installed CRDs and replication controller in your clusters. + +To verify you have everything in order you can execute the following commands: + +* Check controller pods + ```shell + kubectl get pods -n dell-replication-controller + ``` + Pods should be `READY` and `RUNNING` +* Check that controller config map is properly populated + ```shell + kubectl get cm -n dell-replication-controller dell-replication-controller-config -o yaml + ``` + `data` field should be properly populated with cluster id of your choosing and, if using multi-cluster + installation, your `targets:` parameter should be populated by list of target clusters IDs. + + +If you don't have something installed or something is out-of-place, please refer to installation instructions in [installation-repctl](../install-repctl) or [installation](../installation). + +### Installing Driver With Replication Module + +To install the driver with replication enabled you need to ensure you have set +helm parameter `controller.replication.enabled` in your copy of example `values.yaml` file +(usually called `my-powerstore-settings.yaml`, `myvalues.yaml` etc.). + +Here is an example of what that would look like +```yaml +... +# controller: configure controller specific parameters +controller: + ... + # replication: allows to configure replication + replication: + enabled: true + image: dellemc/dell-csi-replicator:v1.0.0 + replicationContextPrefix: "powerstore" + replicationPrefix: "replication.storage.dell.com" +... +``` +You can leave other parameters like `image`, `replicationContextPrefix`, and `replicationPrefix` as they are. + +After enabling the replication module you can continue to install the CSI driver for PowerStore following +usual installation procedure, just ensure you've added necessary array connection information to secret. + +> **_NOTE:_** you need to install your driver at least on the source cluster, but it is recommended to install +> drivers on all clusters you will use for replication. + + +### Creating Storage Classes + +To be able to provision replicated volumes you need to create properly configured storage +classes on both source and target clusters. + +A pair of storage classes on the source and target clusters would be essentially `mirrored` copies of one another. +You can create them manually or with help from `repctl`. + +#### Manual Storage Class Creation + +You can find sample replication enabled storage class in the driver repository +at `./samples/storageclass/powerstore-replication.yaml`. + +It will look like this: +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: "powerstore-replication" +provisioner: "csi-powerstore.dellemc.com" +reclaimPolicy: Retain +volumeBindingMode: Immediate +parameters: + replication.storage.dell.com/isReplicationEnabled: "true" + replication.storage.dell.com/remoteStorageClassName: "powerstore-replication" + replication.storage.dell.com/remoteClusterID: "tgt-cluster-id" + replication.storage.dell.com/remoteSystem: "RT-0000" + replication.storage.dell.com/rpo: Five_Minutes + replication.storage.dell.com/ignoreNamespaces: "false" + replication.storage.dell.com/volumeGroupPrefix: "csi" + arrayID: "Unique" +``` + +Let's go through each parameter and what it means: +* `replication.storage.dell.com/isReplicationEnabled` if set to `true` will mark this storage class as replication enabled, + just leave it as `true`. +* `replication.storage.dell.com/remoteStorageClassName` points to the name of the remote storage class. If you are using replication with the multi-cluster configuration you can make it the same as the current storage class name. +* `replication.storage.dell.com/remoteClusterID` represents ID of a remote cluster. It is the same id you put in the replication controller config map. +* `replication.storage.dell.com/remoteSystem` is the name of the remote system as seen from the current PowerStore instance. +* `replication.storage.dell.com/rpo` is an acceptable amount of data, which is measured in units of time, + that may be lost due to a failure. +* `replication.storage.dell.com/ignoreNamespaces`, if set to `true` PowerStore driver, it will ignore in what namespace volumes are created and put every volume created using this storage class into a single volume group. +* `replication.storage.dell.com/volumeGroupPrefix` represents what string would be appended to the volume group name + to differentiate them. +* `arrayID` is a unique identifier of the storage array you specified in array connection secret. + +Let's follow up that with an example. Let's assume you have two Kubernetes clusters and two PowerStore +storage arrays: +* Clusters have IDs of `cluster-1` and `cluster-2` +* Storage arrays connected between each other and show up as remote systems with names `RT-0001` and `RT-0002` +* Cluster `cluster-1` connected to array `RT-0001` +* Cluster `cluster-2` connected to array `RT-0002` +* Storage array `RT-0001` has a unique ID of `PS000000001` +* Storage array `RT-0002` has a unique ID of `PS000000002` + +And this is what our pair of storage classes would look like: + +StorageClass to be created in `cluster-1`: +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: "powerstore-replication" +provisioner: "csi-powerstore.dellemc.com" +reclaimPolicy: Retain +volumeBindingMode: Immediate +parameters: + replication.storage.dell.com/isReplicationEnabled: "true" + replication.storage.dell.com/remoteStorageClassName: "powerstore-replication" + replication.storage.dell.com/remoteClusterID: "cluster-2" + replication.storage.dell.com/remoteSystem: "RT-0002" + replication.storage.dell.com/rpo: Five_Minutes + replication.storage.dell.com/ignoreNamespaces: "false" + replication.storage.dell.com/volumeGroupPrefix: "csi" + arrayID: "PS000000001" +``` + +StorageClass to be created in `cluster-2`: +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: "powerstore-replication" +provisioner: "csi-powerstore.dellemc.com" +reclaimPolicy: Retain +volumeBindingMode: Immediate +parameters: + replication.storage.dell.com/isReplicationEnabled: "true" + replication.storage.dell.com/remoteStorageClassName: "powerstore-replication" + replication.storage.dell.com/remoteClusterID: "cluster-1" + replication.storage.dell.com/remoteSystem: "RT-0001" + replication.storage.dell.com/rpo: Five_Minutes + replication.storage.dell.com/ignoreNamespaces: "false" + replication.storage.dell.com/volumeGroupPrefix: "csi" + arrayID: "PS000000002" +``` + +After figuring out how storage classes would look, you just need to go and apply them to +your Kubernetes clusters with `kubectl`. + +#### Storage Class Creation With repctl + +`repctl` can simplify storage class creation by creating a pair of mirrored storage classes in both clusters +(using a single storage class configuration) in one command. + +To create storage classes with `repctl` you need to fill up the config with necessary information. +You can find an example in `repctl/examples/powerstore_example_values.yaml`, copy it, and modify it to your needs. + +If you open this example you can see a lot of similar fields and parameters you can modify in the storage class. + +Let's use the same example from manual installation and see how config would look like +```yaml +sourceClusterID: "cluster-1" +targetClusterID: "cluster-2" +name: "powerstore-replication" +driver: "powerstore" +reclaimPolicy: "Retain" +replicationPrefix: "replication.storage.dell.com" +parameters: + arrayID: + source: "PS000000001" + target: "PS000000002" + remoteSystem: + source: "RT-0002" + target: "RT-0001" + rpo: "Five_Minutes" + ignoreNamespaces: "false" + volumeGroupPrefix: "csi" +``` + +After preparing the config you can apply it to both clusters with repctl. Just make sure you've +added your clusters to repctl via the `add` command before. + +To create storage classes just run `./repctl create sc --from-config ` and storage classes +would be applied to both clusters. + +After creating storage classes you can make sure they are in place by using `./repctl list storageclasses` command. + +### Provisioning Replicated Volumes + +After installing the driver and creating storage classes you are good to create volumes using newly +created storage classes. + +On your source cluster, create a PersistentVolumeClaim using one of the replication enabled Storage Classes. +The CSI PowerStore driver will create a volume on the array, add it to a VolumeGroup and configure replication +using the parameters provided in the replication enabled Storage Class. + +### Supported Replication Actions +The CSI PowerStore driver supports the following list of replication actions: +- FAILOVER_REMOTE +- UNPLANNED_FAILOVER_LOCAL +- REPROTECT_LOCAL +- SUSPEND +- RESUME +- SYNC diff --git a/content/v2/replication/deployment/storageclasses.md b/content/v2/replication/deployment/storageclasses.md new file mode 100644 index 0000000000..b0eaaaffb2 --- /dev/null +++ b/content/v2/replication/deployment/storageclasses.md @@ -0,0 +1,101 @@ +--- +title: Storage Class +linktitle: Storage Class +weight: 5 +description: > + Replication enabled Storage Classes +--- +## Replication Enabled Storage Classes +In order to create replicated volumes & volume groups, you need to add some extra parameters to your storage class definition. +These extra parameters generally carry the prefix `replication.storage.dell.com` to differentiate them from other provisioning parameters. + +Replication enabled storage classes are always created in pairs within/across clusters and are generally mirrors of each other. +Before provisioning replicated volumes, make sure that these pairs of storage classes are created properly. + +### Common Parameters +There are 3 mandatory key/value pairs which should always be present in the storage class parameters - +```yaml +replication.storage.dell.com/isReplicationEnabled: 'true' +replication.storage.dell.com/remoteClusterID: +replication.storage.dell.com/remoteStorageClassName: +``` + +#### remoteClusterID +This should contain the Cluster ID of the remote cluster where the replicated volume is going to be created. +In case of a single stretched cluster, it should be always set to `self` + +#### remoteStorageClassName +This should contain the name of the storage class on the remote cluster which is used to create the remote `PersistentVolume`. +>Note: You still need to create a pair of storage classes even while using a single stretched cluster + +### Driver specific parameters +Please refer to the driver specific sections for [PowerMax](../powermax/#creating-storage-classes) & [PowerStore](../powerstore/#creating-storage-classes) for a detailed +list of parameters. + +### PV sync Deletion + +The dell-csm-replicator supports 'sync deletion' of replicated PV resources i.e when a replication enabled PV is deleted its corresponding source or target PV can also be deleted. + +The decision to whether or not sync delete the corresponding PV depends on a Storage Class parameter which can be configured by the user. + +``` +replication.storage.dell.com/remotePVRetentionPolicy: 'delete' | 'retain' +``` + +If the remotePVRetentionPolicy is set to 'delete', the corresponding PV would be deleted. + +If the remotePVRetentionPolicy is set to 'retain', the corresponding PV would be retained. + +By default, if the remotePVRetentionPolicy is not specified in the Storage Class, replicated PV resources are retained. + +### RG sync Deletion + +The dell-csm-replicator supports 'sync deletion' of RG (DellCSIReplicationGroup) resources i.e when an RG is deleted its corresponding source or target RG can also be deleted. + +The decision to whether or not sync delete the corresponding RG depends on a Storage Class parameter which can be configured by the user. + +``` +replication.storage.dell.com/remoteRGRetentionPolicy: 'delete' | 'retain' +``` + +If the remoteRGRetentionPolicy is set to 'delete', the corresponding RG would be deleted. + +If the remoteRGRetentionPolicy is set to 'retain', the corresponding RG would be retained. + +By default, if the remoteRGRetentionPolicy is not specified in the Storage Class, replicated RG resources are retained. + + +### Example +If you are setting up replication between two clusters with ClusterID set to Cluster A & Cluster B, +then the storage class definitions in both the clusters would look like - + +#### Cluster A +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: rep-src +parameters: + replication.storage.dell.com/isReplicationEnabled: "true" + replication.storage.dell.com/remoteClusterID: ClusterB + replication.storage.dell.com/remoteStorageClassName: rep-tgt + # Some driver specific replication & non-replication related params +provisioner: csi-powermax.dellemc.com +reclaimPolicy: Delete +volumeBindingMode: Immediate +``` +#### Cluster B +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: rep-tgt +parameters: + replication.storage.dell.com/isReplicationEnabled: "true" + replication.storage.dell.com/remoteClusterID: ClusterA + replication.storage.dell.com/remoteStorageClassName: rep-src + # Some driver specific replication & non-replication related params +provisioner: csi-powermax.dellemc.com +reclaimPolicy: Delete +volumeBindingMode: Immediate +``` diff --git a/content/v2/replication/disaster-recovery.md b/content/v2/replication/disaster-recovery.md new file mode 100644 index 0000000000..26abda105a --- /dev/null +++ b/content/v2/replication/disaster-recovery.md @@ -0,0 +1,51 @@ +--- +title: Disaster Recovery +linktitle: Disaster Recovery +weight: 4 +description: > + Disaster Recovery Workflows +--- + +## Disaster Recovery Workflows + +Once the DellCSIReplicationGroup & PersistentVolume objects have been replicated across clusters (or within the same cluster), users can exercise the general Disaster Recovery workflows. + +### Planned Migration to the target cluster/array +This scenario is the choice when you want to try your disaster recovery plan or you need to switch activities from one site to another. + + a. Execute "failover" action on selected ReplicationGroup using the cluster name + + ./repctl --rg rg-id failover --to-cluster target-cluster-name + + b. Execute "reprotect" action on selected ReplicationGroup which will resume the replication from new "source" + + ./repctl --rg rg-id reprotect --to-cluster new-source-cluster-name +

+ ![state_changes1](../state_changes1.png) +

+ +### Unplanned Migration to the target cluster/array +This scenario is the choice when you lost a site. + + a. Execute "failover" action on selected ReplicationGroup using the cluster name + + ./repctl --rg rg-id failover --to-cluster target-cluster-name --unplanned + + b. Execute "swap" action on selected ReplicationGroup which would swap personalities of R1 and R2 (only applicable for PowerMax driver) + + ./repctl --rg rg-id swap --to-cluster target-cluster-name + + **Note:** Unplanned migration usually happens when the original "source" cluster is unavailable. The following action makes sense when the cluster is back. + + c. Execute "reprotect" action on selected ReplicationGroup which will resume the replication. + + ./repctl --rg rg-id reprotect --to-cluster new-source-cluster-name + +

+ ![state_changes2](../state_changes2.png) +

+ + +>Note: When users do Failover and Failback, the tests pods on the source cluster may go "CrashLoopOff" state since it will try to remount the same volume which is already mounted. To get around this problem bring down the number of replicas to 0 and then after that is done, bring it up to 1. + + diff --git a/content/v2/replication/high-availability.md b/content/v2/replication/high-availability.md new file mode 100644 index 0000000000..447036e440 --- /dev/null +++ b/content/v2/replication/high-availability.md @@ -0,0 +1,62 @@ +--- +title: High Availability +linktitle: High Availability +weight: 5 +description: > + High Availability support for CSI PowerMax +--- +One of the goals of high availability is to eliminate single points of failure in a storage system. In Kubernetes, this can mean that a single PV represents multiple read/write enabled volumes on different arrays, located at reasonable distances with both the volumes in sync with each other. If one of the volumes goes down, there will still be another volume available for read and write. This kind of high availability can be achieved by using SRDF Metro replication mode supported only by Powermax arrays. + +## SRDF Metro Architecture + +![metro architecture diagram](../metro.png) + +In SRDF metro configurations: +* R2 devices are Read/Write accessible to application hosts. +* Application host can write to both the R1 and R2 sides of the device pair. +* R2 devices assume the same external device identity(geometry, device WWN) as the R1 devices. + All the above characteristic makes SRDF metro best suited for the scenarios in which high availability of data is desired. + +With respect to Kubernetes, the SRDF metro mode works in single cluster scenarios. In the metro, both the arrays—[arrays with SRDF metro link setup between them](../deployment/powermax/#on-storage-array)—involved in the replication are managed by the same `csi-powermax` driver. The replication is triggered by creating a volume using a `StorageClass` with metro-related parameters. +The driver on receiving the metro-related parameters in the `CreateVolume` call creates a metro replicated volume and the details about both the volumes are returned in the volume context to the Kubernetes cluster. So, the `PV` created in the process represents a pair of metro replicated volumes. When a `PV`, representing a pair of metro replicated volumes, is claimed by a pod, the host treats each of the volumes represented by the single `PV` as a separate data path. The switching between the paths, to read and write the data, is managed by the multipath driver. The switching happens automatically, as configured by the user—in round-robin fashion or otherwise—or it can happen if one of the paths goes down. For details on Linux multipath driver setup, [click here](../../csidriver/installation/helm/powermax/#linux-multipathing-requirements). + +The creation of volumes in SRDF metro mode doesn't involve the replication sidecar or the common controller, nor does it cause the creation of any replication related custom resources; it just needs a `csi-powermax` driver that implements the `CreateVolume` grpc endpoint with SRDF metro capability for it to work. + +### Usage +The metro replicated volumes are created just like the normal volumes, but the `StorageClass` contains some +extra parameters related to metro replication. A `StorageClass` to create metro replicated volumes may look as follows: + +```yaml +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: storage-class-metro +provisioner: driver.dellemc.com +parameters: + SRP: 'SRP_1' + SYMID: '000000000001' + ServiceLevel: 'Bronze' + replication.storage.dell.com/IsReplicationEnabled: 'true' + replication.storage.dell.com/RdfGroup: '7' + replication.storage.dell.com/RdfMode: 'METRO' + replication.storage.dell.com/RemoteRDFGroup: '7' + replication.storage.dell.com/RemoteSYMID: '000000000002' + replication.storage.dell.com/RemoteServiceLevel: 'Bronze' +reclaimPolicy: Delete +volumeBindingMode: Immediate +``` + +### Snapshots on SRDF Metro volumes +A snapshot can be created on either of the volumes in the metro volume pair depending on the parameters in the `VolumeSnapshotClass`. +The snapshots are by default created on the volumes on the R1 side of the SRDF metro pair, but if a Symmetrix id is specified in the `VolumeSnapshotClass` parameters, the driver creates the snapshot on the specified array; the specified array can either be the R1 or the R2 array. A `VolumeSnapshotClass` with symmetrix id specified in parameters may look as follows: + +```yaml +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotClass +metadata: + name: sample-snapclass +driver: driver.dellemc.com +deletionPolicy: Delete +parameters: + SYMID: '000000000001' +``` \ No newline at end of file diff --git a/content/v2/replication/metro.png b/content/v2/replication/metro.png new file mode 100644 index 0000000000000000000000000000000000000000..a98e7c0d42a527e4442526a503df8700af54cbd8 GIT binary patch literal 45006 zcmbrmcRbZ^+&}(4!*T2tI*8*WlwR6GlSGSGNpJk%wp@$%d>71_iMF@f;AP9C8 zjRH@Ka^O4QADG|8vzkz0C*KVCfOOF?)PSIpB!(Ra8t|FUN7up+g1C-RzhLJs3N3=) zyK+uj!z9Rd{xMA@@8zvquf)zX$XPzCtkJ4#U3gN{D#0-KcE^Ith2fAZL(lOKL)1TB zfxffP&kT+3bcF~H*FE@@=JZ6NYCW`TMeUsMCnw>D+aXitrc(8xo68ezX+aJ7ak>55pUikTE^W%t))VNKHdHvq9&DZz*EdmPl9k}k8E-Oz z2~2%D`+Y-NR)Fg^OSq`oAMU6>eq(j4*RSOymhN}XHGK5WTi#dP?~;@)o!p<@Up4v@766iSS0)>N1Bh@vhn;c^;x)I^@vt_F9rZYB23d$-kFjV_pvZ z0%PGtKT?OBcFoOZuq1Ft^33{{Xz+21zt@KqpvSJBTrWV?hfWxC9z`_#*!Sj^ z*eo!Gn)-d#amjk;w8^MoJ`)(LXRFy8bboQD8M0@D^Au>R`=WX57^p_k^8@mRk{+h#oSw6now@SWdsRM_tvu);I;jWe}b1T4(pBNJD6EG z5lUcRdI^rV@mZ#@%WyL4rUVYMMV^!&FHOL|M&dtdlVbzE=#WtX%4I%D3DlcLg$a8W z=V>v_IzB~(9X|G~jj15DK2)yfL=|JPz41vl2pmcW^6YnEgDv7%jiqt+&8KqF= zQid|3Lyip%pd&DXgV%O1QLJS7SXw4J2(`gz!N1?)gG8WPIa{UmaS=q1l=t?5-k?L{lI804gSCGl4UMh1qmdpg1u&WxGs4 zl|Si)r@^Bt(R-HldN_nF64x))r)hUI6FGhoF5h073$!Py-k!}kQk}kIcUgVfmpj7L zfA4|-=0WxqRhpHEE9wd_?Ec2Q;Q!@}EsvK##P~BgrNO8s=?IiBS>FR+`NwXLmdRWH zmq^_ob&lC|X!Punf(CVFOZ5or9<_b{(4wb*hqxnu46_V#3KZ{x!_D_jLbmdsqQewX+-Po4Hd0`+V~PA*RLl6x^otW=n42Pm7d1itY9*Y2*=r3Y;ALJT z2|%%M$tPf}W^nAWMe)~+{foVkY8-)qf#pg8^;ok-zP)IMGuHLMrwd_M(^e z@wV_-rcY_rG41On-xBN@D^;Yc4`~SX-90Xecy+m$QOeJLS@KhZENdPgRZTBy*=eOf z#Ts^LI7m*$zS)Xl%itv(Xoy@{a#9r4wh`*_Ongk@?JKz^a8m5`<0TFSxwop5`4%?G z4I*}bpHes1C?n+&zK2V;L3vU_*jn}Y*oNzc_kqrx_faqN&Dv;7fN! zE{v_tMg)b{Tv4zY;7VVMA8r@s#i_r}_+|0kmB33xutOEy?> zZeeb0#9`iP%V`gj*XU_>2m{P3NVtq*Rx zfn%Yn6)(XKSyEgy88#GO<_dg3mBs>NzQ_r;kE*kbw2O-HsDE90W_ZQ0V;BRIPOqR; zY>bN|`b&gi#_2%KwnMcc&zB!Lfk~6jK@T;Ma{}KMH=xZNS-!0c7m@g4SYa+rn0#4s zS1ixg1y4l}s&#WpLh^&Mw;K4XQ`)=ycKn;&Pim^4gfCJ&95LJzte)f-ED@^KV#JE;BXxhcMfP~M zUcaNSVBRn#{s0So6_KXfsyKwLk9jq)>f43qJZn%d6)W0w$Oc`T*4Duv+ zxN79kiI11&#)co_rSMo5e>|oGkx@Q{F9owDZ&QliFZM;&ns4+HXW#hzCU|qcEU0y| z-)X;CM&C~=;sPo>Yq@y#_-iz{?pR6#vnF|5Tqvw zA5HE8-1(PAU_7y?4y-#owt$)dvrpl9{4=}^Z#*br=|5h!- zAY*Pr{l)7z(nSNdRtwEcy@Sj24Wew`iH%S6II_yC7Xbe)rAPs-tA~b-wcWjX5J*u>t%V zcc|^WhqKjUs1M)#K#_B=W&RcRthOH>fwDt2-mc0wW`DgaXxKv~E)3OV7QFlMc?dq$ zQd02tvtC|s={NS_tHCEkF!naYH#i7n5g-sBXm;_`Nw~e1jTY0slzdP5NYYnUZ9Egm zqkdT~dOS;kZPS_^o5`dwSbPR$YT?Ye zT~{vGkx_VmL%!{j(kH^ZANH?wAbL*NOIfN)Go43z#!cbi(e)<~^6%x!ij8h@t$sI- zQoqCWTkjqu*W>rx0H{S!p(xQhE%fxa_0wnb&pr5Nm}y$jt|wOLR2?us8+mPez9LYD zfade3XiWZz*stLr%62L??`#k6%b)&Jn^1Rs!BaWVcECm>aOUf`FIBR+JZP9t!zB@T zMSxYh7reev)^BU?W_D z{q|9J-yl6_Ee*8My;k0;fu618__Yv^-m*w5)Dr}40uH_jj26U4R{A|r`MKYg$TG6g zEo4MIV?S0>8;++2j7EW$*c)~C2r_5_&!q2#$cpq@3!$I8oh(9kOdkk)r1y$jrE?Ax zx<-{GFsQg;6c@>e4uSoRvwk~EA2Wf3+Zg#2DXR-Z1F@r95~4K$HXq*>&h&cO1V+r4 z_XTJ|(PBy8U0BOtqfr>PeuiP-kKBH0$ya>|G+JQa7He?NhewYz09Si%pbHF z<}bc&4dfK!6i2k;Gv&Rk?Y}CM(_xwob`9ZqE?wEzb|4#+%1`?!rn%qfZV7q9vCz{4 z#kSos4c5;QuuipRGvGE>vKQqeQ~KJjWT$z>LE?yI{xy-tB$LH0Y&+u9$VM=e4L|N^ zv_hBfK*50WTGb7&R_}3Jt=7`VUPCpqYNVPJV#iQHZMG@Qwr%ROi;uO}k21M}`Ssp1 z-u_5xF1g?0l&o@3iv#8I*_AGoY4VK9*3LP;?KfXP9|6k_t;Juq>Asw|XaI$aC3Mp|Q)) z-I>&bgKkJry$-{^lr54SWSMZgqbFdI!ql9D>hY-`nj_+n&3! zHsGzUFhDRx^hfOP9=Rh&O3;XsM*mndXx;lduTcAV`}@dYCELU!;p;WSRes+?{?yt0 zrY*p!-dy#Ws{JIKS(%D*BJ|SNXL6cZe<|}C=>3FG;1YksXyV#NxWg?Pj~?$nVIQSh zh{nrfbm@St^^`9rUChzJGl6vJJp&hvcbqi^CcX%wO_*@cBFh!60e!r_1eagry;Do^wNn@`S2Kmk>K;p1yA>z4o{?Nt7Nu!9Z2TF6r&4Y)uHdb=> zJ@=N=8hU)j@0}H1>TB4On+bn7?eU9Lr(P|tw{ckMs#17ojNh+8#j~9$z8qPn3lRQF z6iwVk!l`nvffjlV{qC|Qp4;A~DxCT#r&_!`TbwvTez5yOjy6^V10pdUwKNE`i6?Mv z%(M!@FJLHe^&?c#P>boZ1VOlS8ljpC;*A5vr@P!(#E;5%8S?Y?rnYX*ee8G&ThMB0 z;P2j!zbW2jU(OWj6MUSc1Yw_hG<*3K*ZQw?_ad@&Js%(+vfguvl z2{p!6bM0JseF5n%1bL=Y?_5;AwVd2XP2bYF57P33U|q)h?>P5;zrf!~0CXdL=hRRe z!Q?4tbw-MrySH+{+(_hkA%d7AYE7D)Snp>^W9~9iyV5D!e2Ycl>DeUtD=l}V)2y%G zu3G)7eXc`{ zRA6E&tN@X9I*I{f(n`=o8OtDusSlWs^vZ}8_II9g?@{{ieB`n!HcT;0zzzvCidX=* z+_<%bW6g^MSz{FnCSZo52BrVx1R$4L#h0+0yEuC2r9+WJ)F}x|bQ*&=sf{i|Ae81? zP>e*L;qSykqpV4v!br@8F7)84a1c@ z8^gZBp)54(&32w-Sd>4DlwOW~?bd9*jjP&9yX@riG+UXX+U59Q5LMej0=f`1c2~hY z2>96tLB9(s?gxR?L$=8y$Sx>i<|p^hBGx@m!O&2$wBOF+Y<^L--_5n}E|2-FL*~m1 z^9g<~EwF}eGC}jb{fox|0h;932_2aMGKQw+r~irUy+zw^15gg*H9*7x&WvSD2hS3A z7t}#ApQtW@3L7=ryhM*5g^>Ux@>v`v?>a`J@qb0pthgBbG5l72r29L~!0w)}z6A@w z{M~M}LhCaUq;kT@m3PFGi&`92cf`;|r^%OP!{%z!Olck^>c(Ao~+dl zL^6A3S@vyCDs6Psum(2T0&X!Py~u~yN#`VE8>Sf{Ied%V}CAZa9R108NES&aMP z$=c?V$jAq<8(%EYNQs1X)+QX<+G2h7TU)tGu_?@N$1Ti$7uIqNiw3$I)Zwr5XzQbV zwiYg#?isuaFO$q9zOm^^7nXSY%F#KGtB8KT3EB+BzEp9mjLDA7%sj))3}M5J^fPyP z9&wtQH=ct}eOw_27rmvwB-JP7Wm$C9ZlLp&ThFn7qE71e+AyL$JgD5cx!zr@S1d2qUHPs{p-sKop~utN|S9I%V>yr zi#*6f@L6Os9{X_-?h1ol~0}%h75c(9UnW{p;P^8=strA4MMf-?utV zD2Giem|y!w0(#yjT>@SeuPn22<$Gn}i6qgvKMMxn(H zYt=zfLE50SOK?2Xw*NydxaVOPErvx+fL-&s=31KpwbFkfZVkmc<1J~>x=q>nVNLg> z9-6`|-kDp{JPRRE?w&UscYmBL{Dv;*s*qGnlD*4c^~qhkz@ZzHJ(rAb$a1CsQFo
k;)4E|#}bkt05x>}y$)Hb=7}Oi+=3^qoj47A1x+-d9*;1JJ@B;5GeyC1`+9L^9m~ zJ|l>&^?ZpAfsiDIcnzWD$!*8s?)@%L5`kEjz`?2>y27l_ZP2?96%O?KjOi&P!{Cx9 z5J=IEQI(JHeDWc){!?}O`B1KYckLYx>_g1Bh`N(Dc{qG~{#r@SRCY+G>eV9<*Pg?6 z-TF_DYt=KtvQDk63LSr5=NDdQfJy(^k7SVWVSuykRSaHF;9#&k#CjWsKvhc6L`Pkt zz2>|Fi64?78G9VT&NW}5Mc?d9Ym9EyG(l+}PKJe-`;=d zPIrDsh*q^h*oFN~d8Fw3#EKkO4nuGJY1scc7`8rib()ep2?D#c!fs04D-V6q6bD#Q0 zPNZF)-y+oWUjBp!3TcCyEkfgk4t956ihf4B-zl0M~{pW0n%V zSAuM%6=(lygDpU`Umr1leuLnboF9SFZ4Jct%btgy!=pCNfBl4ik(en&J&GrW0um4h zyH8Y~0RlG2B!PsuVXCWgPl!3^QB;JHFeL_`ct98gbxA~HteO6Qh( zN_f$NIejl8GHVIZrM_SL8)aWL#%&waSdPV_2hTF2!=mly`b!GG5egB{2v(@WUr&%( z*nM+|u?AMpbRtvf+>RudAl|MK+E1bZ;_w-YBrCbxCl-2mKceC^B~Ey5kPU|&Nq}C$ zvHkWyAMbDz+uyTM)B7h5lCClb?X231IwVVAX$y{|*ueUJiufV%)&wH(=yqWUF+}+# zhNm*vj&VBHF^ss&3K4xeVtwg8HS<47g?n8Cya z8FAxT_du{|g*1B)<59gGt7iof6IA7i zGpO;;=KLJljP>A%t<>`o#IA2GxN+Lk3#v1;ck%oEJx|~mk5)F@LaHKYX0~0Vu;TDC z*2O4|LHIz>LWW17?-)XxIT;?Va}RclQPk;&Aj6>&cR?E(|4Xgj^pvoB3nI6jJ77)f zClRe0CMZ@S9u=8NT=?ykvmyWY2~8Bu9b|oi&(di+=}ukje5h!Z#{CLW^tMa2y{ z?F0RbGs{8?ox@+lkzyO{wUjwP|1*;7R}3jOSfXF5gHt^DH@lrix$DpGW$s^2o&#%Q!rPFye>BxC2(1U!oQx=yD#Y-`bt6Z?$LLo<^LrkN%6VkXB&WSlM}G6xn* z-hd~6RQbq)7G&CSlK%7jIaES&Ci)`Kv;_z>8W)*Nv0H(a{hFa}!bGk8lB`g%1DIsl$cdO<_rg0VqFFBK7Sg#U5MYpgipj)LM; zmY=mkv_B_B20Mh*rN?3O*}m2ZmeR5EyRnUAIX4Q{b1anJ{S)oAoJr%L9QXsbFkA895P;vVsov^bV}by0ECU*<9xMie!fwma2}nnW&vvl|>M&@>YjHMSqP8 zGOI9P2pu8P4r*#9sVv7?$&P#y$?=y(96q$M+$LF*Lw_}6gjOKbUTtgo=nD8zdY9UE zd+5>!?#VXE2LDpJk%;~6oH0<}$Pb6E7_u)9g3osAmU+jPe**V1IG+#}zA<`h5(GiN z?n9gBesSA{eqk~lH_s0GMHlGFcl6_DX<6NSEB4UQsrOaB^;u%#?C7|%^Vk!*3duGcB=^Oe9ojxf9njDBvPX0vDCa);mf45PqkVX@ma+9qbDk<`4f!s)6B z>5iSz2;A^ zf`@9?h60D>yc>4k1%qO6sNObsA|+!{WW(YCWFa_0=U08$_43H!=a-4n3|WY&CMDl% zjAzEJov*_0zYj)~3XF%0{tdO`zRT~mwW{0`mNpaLg{~0N)*+lIq27uk+XhY$VhNi= zG<+2`LCFxYDl3~$nm}7ALahKsB}EhiOe@41Gz2;22DNn2K`KplXV*{t+5K~w_k8&f z5@_mI6^XD3e_o0WUO@Q@+UX2zclb`bOSD=ko%vqc)!>XNx4ajBvL}d-7S0y4=S54h z6Y-SsBz&tmtg!w0U)ZDM`~bJdBXVDD$SKwBYW6vEnT7DHoKko1SunPXl8mxp(e3{B z^2C$+?Ln~3#wUyBu+Eg{ahqzt{5jtAUwy0%|E<%i-v&iC1#*c?BItF=rE9ap4ETwQ zdKmOds|fMXOJYtU51r_JbUzu;DHeRcXsVi(jr5HqHPm<)#g*pT_@>d%$Jbe(de2UG zICNnDk-&@4`FC<|KN@50WEIR4rD4&6aMs6$WJ1$onP%j}68LI^Y*6xE(AI$SJK{tcgm@R#T zYeMG?oK?zgh<)*48sYUw5qH=OC0mS!#p?J$ZnppA9qRu(B=-}I98TWQ^QgIkSgx-h z&M=JCZhHH=#&M=XuUbq|844^Y#&|~7n-?%~h0@q=dW@o|EZt$n!>O=v$8-UlW3+k! zycHsfbkku@9lpj!;v|qob}$L7v5VSh*JC5)wY2x_1!Ovmx0Yuj~Br;#EWCgN%zAq{I#JP9rfzp&kSgwWL@pI?oNW zn;rzNIo}IWYDeS^x`~XgjW(k0Bo{5ZNykOKL{Qndl_ur|CzxQ8#T=WYA2T|+V?aur zVW*5CHQ4p?VSAiMa{V#7Vi3pzk&8DmV)#A?M?_O}KtlqfU~GV~zYCiYMz`Uya7xdq zA_HoqJ%+cX?ZXH z2amnh=_Ax;KH#AMmJ~B@@k}yBB9-ywXf_>hbqpycs03uX1Dt*3ILgTaK#M{?5k`D( zVWb$6J`qmJ3+?X9+)e6*VYJ9t4N^J&DuUupeu%$HPq|56sZCnP(!BkNe|Igi@(Kza zR;|+<@34@x9RAR z7hVjTkFDj0UCpIA>7G;SmRmfDrh4SN>e^*nVHEY zj=%tm!6BBLwOjGku;{n_tTK4Y=h>()Fz^)oHOM|~Jzx4*ETU>Q?HW|LUjzj zq+Y=&aq~fl+3p8+$P1G|M zs@z{3&v`|NRxCgwRmEX(uz`sa0vOUa0%@u~4v{o*Hr|yEFXO}nP44^U2xvMgAMNI` zfZaQGySc##tL}VK1}nxE&*)Rw3gsrP7XQEvpPL{RXXJP9(3Ohz$O)OwjpibdwDE z@+p{J@@Gk|udC-N?3K&iAFNZlO^S9Uhh@I=Xt%RLBzUHXIf4h{9!b25W32^{k2R%K<4AVNs zetXFZw3NB=cGSYF)90%~Zr9wTQXN)Hx78;WzV22;>~xQF!7oGqa~QZ9v-^lgKWi`G zxba@V9Pnw{6%YC~^zH@BRzD~nrbiJnby6n*0@50`X$Xfu#4<@LMl&w1e6WsLsX^`- zQ!bo6;(T6l6d73F`8oXSWqblO1Y16;^L1Ymfp%sU#KKf2l|ZQx5+o^3^R@*NXE~|t zKl|!M@6L6>Ax?j*#Rs4HGI#DsGqCv1MXRctyf;TzBgU;anK#ZW8of(kjJBcy?KJip zI?q;*XMhdmBU!~5txcGT3h%``ORsI}T+K;H%lzrj!f0nH)32T*yB55w7~i;JN25v7 zgZiO9YG40=*#ihj?|DY0x;TNYEa1(}Y=jAcF=+(#7f9*{%p zZZV_({Eu%muXfx8VPfhRpB2cFD`Alt|8 ziyQbB=ID>e;sD5Omyu6sqq*475*Z}^M?=`@xMK?gHCx}I=-}Is;)mYyN$0a%zjMcz zlz`9UltD!j?`4VE;Ib-!GQ8`Nh@527M*--ByxjCdz{hAvdi9e|-k+BfdF$w=o9AXq za+;@@!Y-<3J1(|3k|a#2b)jC_G#?mqL_ zP?p!VG36SCiVdKlQ6u}W7xAKbyxO_~wf>x};7iIU34axvV<7Eh;fUJ)(g0LV2VMEY zg%2VcE#7kA?K+o$uM8oCoy&*53O4BD+uj2j%kLHjilg8d&2%rCg`crYD0vBDp?Bl&1yK!?5+aYzIquM1Mh8`2j51BGt> z;;7imyu0#phCDZ9#fr*e>*!6c>E%CXq~%_Y;*#S<5*z! zcmZ{OZEjfDwoH(eiY*~O0&G|sArp>oVOR{UUVvL-oS;#ROV+3*I^9-R42FxuO2rbc zJll@Ek|!4BXYV68b*uo?x5m{h$*4z4L<6K|$vw{7g=;kfgQqMVGXFuD7Xi1e611%x zZ$ky}iiZ6CFKazaX0>ly`Fy_1bi4Evxtpi)sI3$9(^5TO=klJmZ?09-KR_o2L_sSu zh&!HVEt0+I!}xPJ(9Wlv?_|U+11cJOORnOv9eYTA#C+vvm&GHnu5XIFTX*JMss+?V z-+QBqaafgAik4i(_vCf$VTLy{=r6;f$@5>?lCHs@bxd7C{0o;YH zgGYCsIKx6&5r!7eQN4q{S9XZ9e_mFlV@c*Hf&5T7e1!h-)zGRA+Mm3jZ4EDACaD7I zgK1)>U-C6tHyiskL;*UEu#*U5XSGcug@vRZUzm%2opo6rBbtgP*tr$IJ-jlAD_u{2 zo|nXX>Lu-sblc|ZX9tWPsvS*D50kKTm$>=v)V|t6aKybYO=?E~b@8C_{_M9UJX#a@ z=dfa;r6|By8SFH^wAX!&&+lVo6dHHsV%c8<&eY0qo9I?6nJb>t#;1y>y2UlZb@DR+@yCHj z;fKmWtEi27&mg38LV|!|Sc5*1aOIkHR=QrLlvvoAlc%=tBzD!`w)**EUXuP2Q&N5I zDZn}4bj=meVc7IMpc(l~3jyGh5Y%OWJzcK4c=e%L_ZnJ%YYf9pz_OCs4?}rtA7a9H7snR2o3|N;V=G*6 z-5x=SS0?+FX!F$H%EM#@sI&*a$-(AJtj?-%)P>JCk%k#>GO3W_CSbj-ImSUR*|FN% zBT)ij+#1Jx8?Pi74BxvmTVXcU?1^=;Uti(Q5X-T0&+FLiFv!9rEy;$?w+ox zTE0Vad8qPqwrZAB(B4-N)hT@<$7kIAQDfwtUYDT=)P%HaGQ@fKjoBwDE_`Cjl_@?& zZX{uWwev!r(AN|A3Ie0>!$({O<(}W4RJrv&d*xGpY-Q(2e_YKH?_vuYw5|5Jt( z2Wg}0AnZ;jI z3>~}P9e(Tgh(}O&6jV`1k!7sYIfAPdALT~se&;+PHX5T~Aqx?2j#kf;#%>9FCEN#C=;?~lktww& zY$-&oLQ;bLD<-=prPCp{Qo~t(e>7K`UNE$G3v_gSX2=mQ)+{F1?X{oI%e3j__g+&` zIEkDYtz@pR-Pkw178c_06Tp^$Cf5563xmrTi^EAYflPLsEWqtu`}*Nc*+r|;mf1!l z&bGJB)=aYDgl%g!KWBq=*g&P^qB#lk*ebYaa4Kv$YcOqnIh{OFKli}vZ82K~A7Y@Y zs}hyGed@cPz<3(xcT{bX)w?CWq~-yqVU@|?PT3%v;v)NrMttnEOhVt=$I@K+%RJj* za&ChMJdx{QN?^hFfL{Q5YB*S=fXZQ3CeM+j;_dqD>l1qXm6Aobk0Mxqa{H)n1#jQ6 zblqai@!n$0ShJI8Ladt_?T#YkjREB8Uvm6LzYAzs8D+p}R)jtgtL+@^VcT6alc_@67Miv`{R)|Bv?to)6nsIFft3Vxo|Gm~qTQDaPr!D4~!H4ATV%?t$Eg(QXu zcSf+3_Svcq-DKc9t?9wk6hIaiN zNh!(jYI4?%kN%~V@rggl~VL zZD?RP+Z0hVAK(K>Z|4^RGQHjfI$}ppz{F&*6>u064u(S_m2x}f7upK2MR%_~*!>oX z_WY%3&3_a|md44DtH`ES-dCCaG__3cg$R$rnusY6zxG6zy>TI| zL099Yo~|DQ{C$M&`(3%_U??jWG(!+natRo#iU-3bHiC~2V55}7J3Q3eih2{a9gz3? z$B;qAH4Sy8r&BtpwZYO`55Po3Nao(|y6<|G<$1b`VzAn?O=5obGeXbs|1=?CuQD%X#`_t7yVD7RJIpeu2(j zO2EginqgdSIV%po5te1NzA)NLv(_<%LziEK_|%7JPkS~b%yfqcl}h37`*b= z;A7%rPtw;v{5#7dTfYMXVMaNdg*6KcmNb>mLkOwxcYU^-v=th5D*9{eTN?W+4h9fM zi$fDT)}bpb`$4kH=?axwS-R70+sN!OJsVq=w_SgGwRqrF_Pj|-U4Q#ngkXZK+N|%s zU!^S_DD;o={L`7R00*N|SM9xM@&sj~9Ebk)Dm+#WV0Iz}AA1L2qokwoEf96YI;h^@F?+(RipkaM38$ z7c)bv6}hd7-u07NdOD-z`gTVB<}0PGt*^HsS9XX>tEd#a0Kd)&B}0-XsL#hBOV>1d zYH|NAduA}$tMq5}>X*LHkcO@T#E#d8d~zh<8C}8RIBWsb3XOK9GynpR5t?=&k|ex1 zVY-mO=Ogw8N)ktw=RaHFo8uKn9K8Owv&4Vq?Yod8NqrVBs@qk(-v;CPT6e)X zMdw^?H~-pBh5uCf%K4g1E#|$aO3STylz9&Dal7@(fwP{mx`Utgm#%PyN>L~rB+ zxBJ=YPTh}Tm(@@OD^eHbyTwe{sAp+k@Pl@KM1)ib^NuuEbeR0jERP9?=~IC!KYY0o zG=)ePwXtS&lqMB3u*il7wUWGiwr;sIqC>>)uD;5$&V&#m1ByQW-wP(5ot~`8zb?Mh z{l$+W#QRJAS@g~NRkeuMN~3vhvrC*0LUr(f|8DXYiS~6OfnhKj-(w^B%I-y4XEO@c zFb{*q6Ha6>jt`w+rQh+7LkD4AS{DWd=PE7U-^}|Hw<$jzaoeyEkH-0PAG;6>j}aDK_&h;nA=K? zpK3VCUw@*(l@lPZ1&H#?hcKdM2Uk0JfI1Xuqq%-0=cI6`(i#@$?mebC-g-AXN+d)5 z?&EPafIv7t1yI*w=UL=0U3?)fIRP1sP~}c0I?@q9-$R>W;o?aCTd~0tSg>W1<0pbJ z8-OaE9^>ETu0##35_TYpE4&f04FEU@HF1&_7IB<()oH##o* z3f(^L@4x8ZL{t!>gw26A^u@5Xk?hk22w^d!ZQs&80Viyd-qXHV_9 zuGRZwVYUZV{wnI}JTFH*w1P)hQoTx{Yopcejn|3GGRc<5080xnnbKK#7v^V5rKII&_(Q z9v*D~7QZP0z*0JuG#a~a7r?}xm^ViB*=0Q7K%4^ujHuU%`L;H$%vDZ_GwPv~?Zb{(ca=`5G-Yphc&oZ) z@65T#P1A^%>Bkh!ih{|^lr*a4*f-m75TtBTvn+je^<=)lG0CfcE-*~98%@)CerUy+m-eimOn0M z)FPf#EzRdn{!A*ANeT@p4W7*p;X!7JO|@4g1?>f`+uSK1{`54*z!*`T^-q90X@F*T zAVBnY?Gb%R#O06Wrs&RK`$VPL42#Jwv-bAP=9crPZY5$|_O8za`K_sT&xil*5~HQg z^ra#Rapb$+L%$2}NQTTCtn_nNJQ8WB9=I}EQ@Q$0b}-Oyh?nK1pp8tuZj0HChiSwf zK!uxqeHmg~lo@%21pM_&C)q$E(`H-W&UkZK)Nfd%?vIkt(AdlG%Iy5gx7%^^uu2JQ}Us^r(jYo@@k5K1U;{3U;C!0-VVWTNICQSXWTnCwx_Sn3SE~cOGnUB6Mkze|LvVZd&F0XwBH^(4Fp_ zOPVz%|Ab%SM7n56Q_I-n{aObVF98>%V>LH+eZR7Q$|%$!s^fve(d=z?zp+fC*NsPR zxmCdRW_Rg6?dxqR?u5I!TM7m@9_lP*pdr*WegaO~^>*?PS6?g7!mR&4(d)41kw9ensvd&;Gc={0J#226@Z zp&QIyARzjWUneZ#42YMs#ur)N9r2i&rxI@;mZR1l0D`!I(s)2b@({fDM{YDt!@7*&ik{ zTJO5Y0PJVgS{rNS0Y&RT=9cRvlGoM`!RqzpC^W}Tgqhh* z@Y{bKZv$B(MG!dyQY(kpze5~c2k@Pr%#iiPATw0`8|8i<@Nb@ui@`^n zNkLRHc{{`Zyhi{3zGe};rZ`X&RruNmLy1(^6Q+Z}jk4M&g@tub9KJ} zbBB7}hj4H^gGCwRobOZZcvN9%)lFwoaxc{f#otPU*?plpbmtTzRhy`*H~pl;RKC`8 zCYj?FpL}S;F9Dksv!r@umxH-r>W$?Y14}k;_&)VUyN#^>O$70Q6(&SpN@*n*WaCDh z$!2BLk@4?N*mHolrc%2xA>%is-`4)TOI$YXIdLkwd%@;@%B4RRj-8?Qx2vYBKFkXE z89BfGWAR5BQ~B$8)$B@&CiqVk^ayx@>hgE6W^xjvN{Yz;S}{ov4+kgH)*0~&Nl~9G znE?F~JHz1w!*kQJTMB+VUi$6joO=%{vk75c=Ud4M-;N@{w6V4h$rN>M=@1Nz&|oD| z|5o#L!m@45=z=&dVFUdDRZJ@$|YzW$_YvCyc)qOaa@Pi|Smuf0kkqxpQ@d%n;nA3w71RHph) zSaOZ(bWU^o=nI?K?5P_rwkvO|$o1ZH4>;!broPQxQqxkiOFR~8(C2HNJ60(F+7K20 zl?P&@-m>+EMEQsW&A;7x0vUig@}hIpjDx%0+i@GDgRy7dhKfq|J=>I& zLbOqKS<4dHv&>jRDYV#Sq*8rlDf>Ril5L3W%ZLmSlYRHQM?KH)`7_tmT=V(NeV_Y2 z=e*DBZJ4yGq9U0)1jPN{dcpY3F{e~Tx9PF*x7*zAxNQ;jfpqyb28FeUf0PJ(de|j7 zOPB80TC;(>HW+wPt?{P3@ga8OBUlVkxa9Qo@${?~qSK#$fsrvO^ep+^Veq535|8^y zDFioRU~R21g3r_{9a_sf7gGGHO*wDRs2ExuoF8uKaUNcMbD7)m=l6d3m;J-Nt_9y0 z9Op)HPQJhVk_RW(o0F?qHlk(&sDHAXLz`1ZaehUE<>M2MIiu?e0`ApOftrhxyWPP{ zYU(RmUmk`Ep5G{YlaOWhAu%!ZN(=-c?@{;;W&Z+tw2P_k?~Z+R^dNAPl^EEv{vk`DI+E6eF3yu?s@%e+Y;F@h(@zj9Twimzde52lBXr-V|U&BZW1mnRHe!` z@4lzwm4fiV+LcAgj;-S!4uqNYxP`e^9;ak4cmJMXVJZ3`Es#M{H5T*N+{69@Lj0Mx zheFNx%D!GjD1xw3#rrQ%fw0hRB(1R9#M_hRkq6(H=Ui;DleNuC!*@A!iJY#wQyJ^n z+c4f2;Zr2}YM=nO`SCJq@Z{NuNwWXIw3X@4QADjka(pPyfBMKGGVA0K$Qe-PKLR@N ztb>@ChITq_i9I7F$E9>n_hG-D+KaAo3pG`j7MLdbFB2{WNz86;LB`*5kGv)R3%J%u z*MoR{5=O$+^v?VJx!2?LMP8s?{})0laIw41OW1(dosZm_&gMRrl`zLq_M@EOa%QMn z`4SV>fl{(&Ox<8Iv2VLl0c)Dw#k4P zO4;zyHtv4c=ainWc#Zv`QX}!|{F?ubZ(r>(Ct=o?EN)#Y_bQ(aWY2}&H+HhiXG%)e z4)s=NZFH!iL<6<&7(IL5M?t#THmzEcv7zfXj^-nK9#>(#lVGHhD{+S?8-= zfY5M&%uzzac75ZXLt2m(Mzfgm6bvTSWL-z|srt3+C~ePH%+0zFKYcf9T*&NiU>Vpi zd13hUiLLaicOwabgY7s4<*kt@@Ur zS1)m{{Wy>I!q%2d*&JtomG<-}k&ec={i!~naJ@9$; z(FHZxA)dcBt$Z z@}EF+Q@rRqNPDMK89DXWqF7ieDO`_BP~bI~kAHkv6|29CWw*W|g9+Y)RtDLQ~YDj33YdTIKvcEEGKdiPn1cYLxsFfpy`# z;nyQHl3BxfUVA>9-gmy_(l~*&6=uo z_x7p0!iQ;z(H0h)_1=YJj_MVZdMWs91p~?pCRjhr-~!kh5h|q`(^{l(4Q>=}O(eCI4nVhdifMqbTR>arxwZW^;RA?eWNkna1fMo}`pPrZBsWji|=ym-#$t zeziAUwYIc2bmRhGdDglVjO)gX2Kwih7%|7rMyUTVRO+?2d1+Xp&)@5}s$V#At(Nng zmJQ3PkoQdP+50}D9xgq3lc%J2ZmVVH*WNCimfk6M8~a>5+?k-2Ke?K=I6|r>d}o{u z;q_hQao=CM86-^*Nr1*)RS$UzW$+p7RIWdjhGtt@y6^trRvU4TLMJb~Hux(c)PkPz z+-bxe2Xf>`wil;w^l62xrb#?2p|cfqWeO`=+okQ?C;iCN!Wt~KcbDb~u6UAfoc7C& zlE6!2B(Lt>@Sqxv>?y77XOscfZF`aV7`G)pAeb?p*mXF30&W(~!vrq25i*Ca7*+4w z>`lk5$C-gx)}OM07HlId zf!-fdWS3Re2RWUj6?8;)8t1+Hj(81AF1HIQulN?N%LI{m6l|M5la&fX6dFYAny|mM zKG(^u);g!~t$IK1gT76}%L2vcz3bApLXnLR^ZY|n%{AlQ!zR}Eo29NAl!7@tJIA9` z4bz<}tKm4o@F2%0=r8l)n3kW3Zeq~OeDRLB0HFzKQrlcPYbrXTk_E%Vr)tv`bqOgQ z;+VJ<^cEm>4(TKAJ%wV7-yS*3VElnv;(TNIM!oXm2x$z?%zSz0CJsL<;_}%P1XVw0(u(iK%fAGvO_;8y6!Prc$qROmo%Nfr7ue(MSc8k7VlSIp4Oq|` z-m;V(v{;@OTsQlb^RPA*H(vY&sL$^ZxSE*7t9(B(U*3(YiO+M$6i+WVq=&kNr|(8I zXg=CL3Dag@`&EPalinwfA#ff&3B9)}eGjNco&BTep#HTQ@4jMBOTiiVc+DTk8ym2* z@%a;xDepW!x8gZ|ZT`qP^@#c)D2D6=c{So>eVGpx6{JXgOBedzB|bewi1=BgdtmT| zTj>zfANP5gG~N8QH>^AoYV8N_PS^QOr@_w~DXC|ubHfyf)&eqRKG*@w%|F&8bLwe(1fII z`rU3N%r?6mstt0Kbb%c8^uHu|j2LxcUBBJdR2oPKr4_292D>`2GLo>sI16X-j;)Rz zd0e^LbSuG+>E-KgU5GGLIoSN&a=D^khWAgUF<<7$AQH7em2-U#&_5uu=x-H z`;7W-5WkmhfvPU8n9!IMYCPi-jndd2Klku(7zx*;YbV>$(B|Me0hF(|7?#7 z^@!KN!0~D2KrW5Dmu1B<7Os`M-^-_|pRSI&JcW*JSC7)mcR8Vk#gnU%qKM^Q61QsK z-s{9VtN=}_wY=5b6#Wm zegyvZ5ENxkK4rvCuIvq~JoN7#s+$yw8?PQ%5!g**zM0oj*wbcJzNmRGL=P#RY)KNn zyQk>*d9yEMp^M%z^{{lxE#UyajGGlZDuwM!Gl9$P1euq&q^oe*fz024e)4WEy30(q zZayGyRLl9%u3!XK8%a)%tI;x?!@f_$+Ghq+R!59jOYcp#*QT1+g#oa8m?Yuu1(mmUZPDohq2XpLKZKWOB3z@}T z-I&w07WdqslCG$3gvDLi*ezdtS3pWxJR(|a=+S*OVbl=(p8lObK&b#!!nnY+!UrxR z`AD|dz>y$njsen#U zr4Ow&hur+m_JO>-VWCAJe>9p8T&r9t`2my(K=}b>Dwk(J?3#8yEbL2s zxB&V)*6T|uapja^$_Xyob@QN5Y-zv6Vr@ff(KDq|*ZI`)&mr%ptBlS2uBk3J z$B5tL(_0YcT_YQKP3$Ug#D$$fvJ}hHen$+v?IZdIgKG0dh!~l?d0}mNdVo|sA)>|- z8!+B|pHL|dmoJWYgLP~*EN-`^hiocbVp~(cpK1QmgO+6~kKAYNahr4-C2E_o^qB?1 z{o3qGmUm1l7b#YxZRevl+6@c4@^6Pj|Db~Q#CMUYArczSvG+`8t;-}=XA-J>8(F&( zp}DJ=p;k!vA|d@tR}}7&?Fy&DRh#Q|$4qN9WFEq!5O7q^b>!cdA|_^RDo_1gBy&gj z>O}K*gAev(x&J9|&d5_2E4fqlUgHcIhP}@^WWHlwvFzk`S`(3z(?#at+)K)*2d%-= zn>jm>iBF%mcRD#fhq8w~%wB&`_}fW>>GXbgTZf#=o0MDcy*b~{p^u!~eizLDMmF0H9Ft_Izd8uDz{T>c%9) z-3q$UGH_sIr9OD#FIY`y#u3&RVN>}+gQSHRG?50iCGLfCa10#;k!MgtNJIgOs6ddC z+kRr@oL|H+Tz+#_(>pIAw48zO#w}m1If=r>E{5s7(&_AWv9eApL#t(j&uHp1`tb~x zwZg^0&2~b&pSvqH(UDW^vt1Z@P@m zKSA#-rSYk_eJJlm)@{t{cL3Rqg2b5Y_o|gmSfNHYmMt;V`gciE?G2ktpYsELH3T@; zKYly?S;8@eFt3%}-g*)q8_(wPQDP)fORwh%-+P9848QKh$3L{-7W$8yVhdj0WyTfboFPw4O8Psza_*xCqR=&uGfLO*_@f|bwhNHvB190UNmDhBv zjL&FVgM0RcuBPK4vstP?6i0W_9-A{0sC(!=HB0B7^&1_nwBK*@p0yAI$ED<=tjoJr zgvz@jrGi&xU$No{PrceV_)h=8Y5P1>n|}1wF$%ZuoWFuotjySbt+v_pVH(HDlQu`# zZ?xE+Ke^oT=IC^9T6P7+pE+N1>(Pbj%HwsJXTD^T;yq1}A)o6Aq03E!cF8U*W%jSi zciy5+zem(Co1Zb|7BVZ;_w(BH(ynx?$`-srq)-ErG!+^<9RDrhYk+74!#GcfoCAPM zF=GaK;~xI_vV4%Nt9Y)(Ddjt8w}fiQM2uf`zXOUai?={m>=E9OXQcZXmL)3K-(1cC zf1UZ~`M5V(i&ED?s|>W882Iq!*4D0DPb^%wWNl=as-=_dghOO**v5Op{A#tD1yyf_ z4c;ckImQ*@5y5Zw_asjmikL%Jsf; z57Uv}QH>96c6v`TWdtP}Cr&n-^&s!-gP1Q3s~tromke`P_V)fiy%StR&uk#cmXTKJ-Z(K2&n$+8=u$ z&Zcfg9G!k+&XXGQI&pwVc=>cJF@vXF*=a<%El5pzL*$W&NX2x@&FpQS=x`-FvHf`Nc^Ri4y!Lnc}AlMoIwk*g)!;h zA_q8MQTF#teD6tz^pV0(LP1xJVM3J)%;DY)OaI;I%!kr`M~7Rfe)}I#n_obHXR;Re zUn^{M9KXD5Xx&7A7J;>k6RjP6Hr`}*?!#$p%=7@D^r#&)xk8b^vmmSlw zkQkc{c#mP6*Q_!sgLE#=t2t#XTmsx?9B*?0WY1;3nW6>pY5ZiTp9@6MeMI$mW?HGU zL*GnSM=o#Ks&K7J;NHYt$3<a@&Ma~hfo zw9t=9BezrHb`SIgRdbn!eawmtRM9+hdiRxZy#?apZ-r( zK0Y3xLC1F8KdJp_{i`RK$30{Q*RGYt#rDv{O)2!_sdgIyx3c+R>mv69W5Kpl-A-NX z5WWQa(PP(zSgvG$-u_djvGQ4G(F_}@&=SjXPJ?P)+Dp~$tZkqbX4i!ic^x-@xUHWe zN}VbCnYUf08(A{vnYldy5P!lH@Vneh-DuCTzL&%Nxt6*YKH2?_+ayq>ju08lUxd~; zWf)v@Pa+rG{p7P6@75BtSM?7tm zv^8e6igSvsa19HXEex3cNus2^mLb^qmJIu9ZwD&P7XnGfS+BKVwZ}J1&5&o2S>cGE zzcd8N4=@BvIKk<%LuP9w1B(!U3&<}1JO4j#8phW2e_Av-9$?OoV2G?qF6d1U+J^Pu zdc_2m3h!aq!m2wrJLi4-{2cocBja;|XEA;tD%rEtdVgl_6in@HkdG&2>F_VrSd0_= ztHt4<-ss_+qLb|{@2215rh3>H#0MxXQ0a)#EFF!ceDqYzu7;Lr6WT*VNeX^_ z%+Q!%k4=C8UUaJhH%P38K-k6<(a~VkRV&W)eZ1?Ks&DB zm6gvKmiZu)?LKpg{a(OT;nSRV_*7>$UP(uox{MDRirNdjQKazjt;rCScJ}tmNEB6; zJ&J5;N42ylcPT1c)=7_GE8`m5WVh)*U$`Pb3r9UiSH%u4?5M z8cEnxQ>mH_@z$$1BUk7B#JJC${!t8&oidK>=&A|kekmelY4i7~yvf)oN&v3dkMmj# zt;`DAZ2r?Rx}Z^q8h1EOlerx<(@zl42B@;#)d$)89+GgLA$+aJIrkgKXEeVs))DV| zW%mQMiP}1)v_03G6H*sAF-k}=^qZfA@ue!>{uS~pc@Wl)RQ>(!U3*ucmP(SA(%0P+ zqT49?z*GK0`IO)w%An37t3Ub+jeEh&ardt}WJ{KP6;JXzaX`Ky)B z9B!nLV-^+;b6RTh;P|r2&h%{fE$Y$sG6}Yp4`LQb zvhIkImQQgj{Ai_>=ZTF3=^DE=yB%OXQgG%zSJ6_WE#&^xWNrK2e+6cSF0@I~zty zgbzYjX}_UY8}<}?i#R+LrLkPzLOhxwX8azlkq-aY$_tNbH+^!(BPEwZcTxHzEzR6i6-^Lx7NeX3gadi;g#b@Cr}@#G9jh*NB(`?K=t;$Jnl z+>h<3iNblVJ*6@EUxC~4DR%#gbI2xeu-!lwL1e`Ly%M0~hu0YM;Ym`YLG7S^4Q-MY z1L;ZQZNJV~+2-{7%?4hrxmR6O2bUJr-=%aLQO1?X$FE*nFsJCI8a>VtjL2IG}#s`$E3^V$%jXk{`TCpbvw1jnSqVfN< zuTS#nafAYp0}NyD!Ud)dzk<$o<|}Ga_vtp`ChN73HtZ)|Y(gljYjOZ%wlSao%Mv_S|2n1@CE?0bJ>ACk_@6PRv;hUs z_qkE}Qa3zS=$`pE7kZ1;tUyD5bDbYD59Qz#(~acNAbSiCJ02P*?Cc)oS62Q#GDQLh zbQ1nk_-BaP$iKhV^?2I1evuVJ?m3YF03l!+!cqe2dLAWTUGmD)9)xwh;$rk!ARl;y zim=CWLRHrvzV1-E%ltXi_vt$b__%POKd#lBmSkW2u4|ktkC~*y){Df$W>44zZj?vr0eaJs z6{RJv(03=}g59;-kg+CDX;@0ss4fzf6#> zGfpmC?|u2GUnuV*(CGi}^Bs#t5uYal=}|A*-y7#O8Q9>~^<>2!zZkuEr+1kr$Mz+U zNK^B_zB(ArB+pqOKOP90t_8MX<(e4I>SD2Amb7{+ciDC33H2Ctlq&S|DC}ZE16=K2 z;ehKp^5Up2*i|83?E_e3XZ5=+`^*<&m@Wq*ZC^3 z=B!{+yo`xq*Zbe=RcixF?aYTt6c9Aw&S@)M9ksdu5`=r~(1|+M=Cl|q!Jpaf%pqHP z3eySCI}+})DE8MVd>Pr;qavY{RyD7M@Ql5jZRv9w+U+B&WB!^Obx5C2;s0~i{>Q?n z7mZJX8XYyhNQ>o0NBlP?KTKDsWXS3eglv#ne@sjFv|dvLU``tMGc_rPJLpL14tYVV zwqB&|s|t*GZW>zR@3EZ+R(!u6JJeVga}$|GiwyrgpF4TLV5smcSNk#abGjfW=_m7| zlQ#I{4*)i>`f$7g_zG;4i5WM%E7r((&>UgpE!g3MNv_vb;r@eLDika1AF zibyhCfJ+n)^imB6$Vuw!0isk11Q4)ffb_TGx9_EZv184gLoYOZ6-PnaXcXlKg(jo~LTK)v*M*3c%2SBtW!lCU^_ zZV=eR6qr6k;lZ3R+2sIp?edBv^MOxi5L?_f2Uz`CKEzVSBc?CEVn3sfv|%g$3Wf_L zfC~3@V%peY)ZEdx%^@sczWPq{Raa2cV!+48p|AiBP6tS0%LZq|wLzXa<3ckCf&fV} za6HmEHt-s#t-(0Sn7vX@g^xhtQmbSd0MPV*tlirJUIry{VCF+^d!aIab9WJUcWZHL-m2*wWDQ(b&z!Bo_}BA5QoPfh$Ts(lt-hJM2} zn#2C?hWdf)s#`jnQ zFYl83U5=sC;dgOm3bXP+i}$bIMmKZZE;EO>in&{H!t7XeWw_Vm0ATnZ?Wr2Pb0DoR zK)>*!?SNLwP(M$qPCh8=#AaUydK->9(Ci7S@wI4t^D!5uJRo`bV0i{HD*^7iaUTqD z0?M2kkbbYgi~^W6H#8}h?;848^zEYKOP@Z^)1?3>oI?AW+B*}h(|99TCoN~Agn*p2`g$Qd)?Witj3jK|TLpT%{1 zVe75iQ_2P_<>Xb3W;u_K-II&)LbioHXTJv(y9=i?2xXkn~K+cu1fGJeqi#UdVoLZ@pHXU3K!Yf}r|B z+4IVK3t)=EZ}_dg>3K?L#2pNx>%&!v^S?`mD48aQU<_oFl2Uz(#=|hwX|}2237P!K zkd06C>RZWnC?>ohE=f8a-Yn#*gJgrazfG_Kcw!$ZaWMp#iOWz|wztvUu2ym}3kCB4 z2vlQYs6j4_aHB}OGozK(A+$r8Mv|x$ zr7CUyy`_*%!E)=sHj1xjX(-COxcPAlRrUW^6O5|4mrXQXLdGBIq+=(mo7p}2{t~6i zS8(QfC$P-Y;|B3_^#N|QrfWq&Cx@7IDjejeMU#@;3B4zb<3aHEVFm?kwv|EJKy@9m z7@!f18>|{4@2Sy3eWo)X7CBVpJ_##y>Cba-hrAlkF_kF<`!h{*eFTij^^;a+x*IG- zmrvC{m)ylT9~csR#UB_FxD1Nd35|&l4-e+Jt{u*wsBwMmfCsivaYb6xWRL09puFhw zrS796E-2SdI+TZ1_?Lp0&8K_z@2|Dubo?&4PKK;6v=FBk5-Ecsi<60@TjTRFa%f;k z;5jLks+=drcWm7sJY7OtG6hV3_pb1r7O4^LJtM=Ls6JGaMcovnZ+j0Pu7!kO3w?7fU%%g5H^!qBu-_DYNs0`S^`_I;F zPN!9ddZXY{D3~Ra`h0;-htxcn{W?AmqS1vog=%j9;1$i!Qth4Uixv&imGfDj=khB1 z*fdy5mW9{qYSi}JN=N%#t5^FR+oVdpm+)^ea!bJ&33Qq3_y3A-4}MO#{q6mu3Wioq zD{zYZTYcEEt90Z{=8 ziMHY9Ex?A`Ii`%)7X^bV&9sLS$h9>qMwubYhTdMtFo&_KVHuT2y|4D4!s9^+# z;|2k)ZNvc1XOHrhgiNAYv^H$~1R~weWV^jR8~b!}lx9*ugSE{+1faX&mxrYer!Rwm z@xxxvOm@TF#KKdzKQ|0rR4{J&{M>4>14a~R-%HHmF zCGmwPB1-uFd$k|Yhuf|9mUx<?i$tw4uAtZQwARl7_2PU*8kS{$NxzSCq#G zl9gXxn;u}&ySy}DBIkBnrXqy#-%N^|8rEVifNP2+C?MMU@_ z=>79(n>&Na(~L?SNnp7>7T%O59RBXZc5J<;XVAo?6fzZs&678F1(r=P&?1BYJ0vi7 zx>)viFudr&MLhS|%>Zo`055renWwO|H78A}-*qu87C0j$8`meA<*@oFNy{@(g{?qWjUc*XM)|s8o0P-pBlb zc?_#>iOfVIUkNfh3X6E}biHxA3~=k$>bf5hHEYnRpFs+lS>?#I-&i`>Fd9lOHP%9)hRq0rx*kaz1okVGP`6I|7kZ*!X z+-Pv<)5aP+q*j!AX?`6ynbv8>1YnlPs}byRlN-Yyi^LA^s8?hTJHLLCj_Bei60yjB zKT6lNsPCwI^mOF4(09US#>!y}J%K+9NI6qlTx;LzsGkbym)5jJp zy)|~MyPs*OroJVxq4eHJdc)5o>xItSAj~faK82f|;Z-4$&maw!UPd44y7%pq9X&Yk z0s)QZU?%m^(@@o1m5}Zj}=o;2UF0{G)Xn~Y=2Q$qx-HdPEJ=d-h z94R9k9N7`mv7j@Z^1CzDu|zF6eQ>LYAphAAwy@|utye)>-PJx2_VEBqIeohCC*g7MUc388&b;m04O zxqkLE)Q7yDUmvhzEj=k`iBKePCi{&AybAyr&kjx_4cm)^9T|stYWI*x=Hefg8tc=Wj6WdM^yCkD^F}v7^I| z0vI|JG+ffWc-{u^{gr6UlGYQTx)V=8Yq;%M(MLw9OqeHvK~bwq9@Y1x)nNu`Cb*h84l&JF0F2 zF==2Vi5Q|lnj8N-AiXkP@K?D`YZJ`Zb`JoRclEUcPzopHG*DFjb(AXZipv7?jo}sc z9AK1<?q1$VHw_Mb zJDQ_~*Z%IhI3#@5X1Y2a(&rLng$c}Waqi517zXJA8l;d=Qaow0Pz@PN2iE%^a6R(yXkQ--%n$cE?X9X}#v)xsJ>%6P8l}nysbO`z zj5!|-wWL33*8A~-ljJqagFT4jD-g|p3T)=WYj4OCMXvmg^VW&zN~8_NWB50U#PrHQ z=jSvh)F!a(I;67-2c~@Qmotx-e;NpGu~;St>T~RW{@gEVeNvXSTA_cmmhzKBvRV|i!c4Ly!~_uq?Ivt9SvCTs?l_V+Hifa}Bt6V5 z8}>O8LTD^!8xVvy*W2i&uDz`#&^=Dp`l=@TJd7^FtoY8)&QAf$)7iIsva>J0KBvUQ z4S+7o&+?wTm5jC)-7Ss1T~&X|1lec!kDry-#6)b{xBR&G)IA!lZ}Gv)+FjI|FaCFx zIR936A95nKpF36C%00jSeD^71fiJV*MGAWDSN?Gz|8jCnIqhfUx4sw>9D4#D_;UNI z9tx%^92+wkBkU#07I_;anM456-V%ewAAtk&7;;<|BV?ef^E!g&J=>rrWERf@r_D}} zd{?|%5_!Al{!xKPk`gB0U4E0bM32dLeRgQ$=hIW+dP;r6@Uq4ywdW==sxb(4yFRrm zv6#`>6AQaxhbKBAw0m}v7bJQ(8+srCm$LUoS@aOw*b{6p6TLSs0A8W6Iq#vZ-OQaK zmV61Bs^l`=nN(YhLi`|lrE3?|V28Pehqm2v6+gPBUTc8V-)jYP!U*lxncQcD>rV?Y zyJsYYKJc`Mu#6C+bj)wVPI=7~Zi!J|Et_xg44~!~VbD z8nr8`6INd{;b;@U^uVH#@5WTDzWUf1%uG)!J~(e67uLuP1ulc2r^(3;eGjH2rp>5P z7Z_+3EeBWBoiOGpZ|4b1S8)DST<7T-qO-{1hhpY$-iV5yI+2PwDj2{_DtyUy)PUi7 z%7e^@_##wGmafHD09xQ6CTNQqQJ3eUCyvKV+{O`E#Xp5W?h%cS9cB}wE8-}Sh7d%h z5Ml@eR{KAgy!nPgXg%=Ik)aq3^vL7csHKU^KLpk8in4`c1+eEs=3Bt-}X&{XnS{mCm1J|QVNb7lI=WWEikYvoqTJH zW$WvTkcPA*Q0)Jov3hluSc&_OA8-iC(7HPC8Z&b`+PmO_dVttv0YcV+gF!KH<)J|= zZ|E@1pD9xZwF5JsgjE9p0oUB$-}53YZy?JaiJxUSpJAt-b7(0ITExiqUxcJ-S5<7+ z(ICEH5qEaXoANNq#SF)g)Sa6%^bDA(eVXG_F0;qdSBc8m;CF3s+>97nv25EjE?#o!U|Tku7UMNCh);uoMPiN_`pD7#tyOkD^& zri>lXn2nF%%lGy{(mnb@Yayy1O5P)e!bgKMD3ljB6{CwG1N2f%Ep(PFEzobGmdKUG z9+Hv%gCdrQN~SkHm<_cbQ@|@lCmtCQx_AUwDeyVpHY>G|q#bihVBCC(|2XKOZYUHp zP927e?3E4pab3emj46{=L=5MM^8+h_ieDo)SUV${ol7%omMK2ROY9q< z$dXq6IM-#mc5rrN_y^UzgjnI@=9SmZ!+8CvMWxn{F6 zAA}_`-ZV5ua>`@nt5Pw*8H{7a;*Uafyw_tOZ40IYAxl@XaOn}3R$69WGm~nF*^fQr zJGdfEpXP*ofG4xoXkKyn9r~*FOEx9*p>j)YDTZ#dXR?aHaol#YBSD4-_mNor^d*hFb>!zDxsTw7`bA`_j!|PT68sybV%!3}9xx ziceZ1EG~HIO69`-`gydSqVr~DYf>EU2_jurSAfzyD^z^q$RXe$?*Pp6`I4`S+Sv?a z!01DIBOta*L@TK5IbGStkC>NdslwT(zFi>#IW3*W?3?E!8_*PvW0Ul6DzWAl;=M5Q zvun{MEEsrENKxTuki*;-@&NB3;bw5L5ADGIuhRk3Zvu@1ovaY*B=W@5P*&Mm+*AIo zlw*->D}owd(|t$=t7VL#CQw*K4G8Hl3~1shcO9jIp(vWKs|C~UF$> zgG?WMB7@m6=MN}W@u_rG-wNmvs)HjiQnNMcM-77w@Dly;dr0^Jq%j74BnIngPqt&i zITve>WmNnuXmc_bz2U4AVsZ&A`?|<2Kkhde6`+f7X5rHuvsgd(XW#H_KX;2RBJ)Nr zEERzrY+@L|vPRX=2Eg&mUNjsHcopxLf%V`@!!cR`I_%fC0R5hGvtY~#vr-;*4mr@o zrI-u*rpqQI$>vToT6onSjYBfYljGQ&USaA9x*=t)xW(%A5oI&Pjh!ei*v*|N-SB}+ zk`Q1BQaAGLJ7k2i`^|@#3^Tb1fLNaxKI^eHKl|W=ITa6ZvgtBXqPHC~btSij+!JZo zy6aMKGA<``iFfUbMi1@?6U6g-K0WT#5=WR9PPQ5ur=laWt*e=FhFpq5Z6n7|0Jj$Y z9e}K*ImUro)6rN2Sk!l@Oc&#wCi8d!(zRnv0C2|;_R4^_iV8_Fldwc+B+f=y*!Hm2 zg3?RB!O^LU7G`w3KS_tMd?)ohdJKsP8WV;*kTyZDpW5Ct#(vf&&?7r8SX6Ts{HXor1EHn2rhw+~9C511b$_~KgpTuP4x8jj!Z3p-^0u0Q_5 z^h}O;PV?ns5q3IvxPW~*EsF;(zZJka?+389-{8Nq5zahU=6qTNM6KM4JAS2|pydAT zXqR-iL8sk<3)rZhZD<%EY}ab$!XB?VO=2 z9w&5(SN*(5NP!@#5L$5L?W1^_51wdTz@;~slZc5F|o@Vk6h_ zEqbP*Ef7jeImbpswfB<<2M9axcAEKy%HOX)bMeYJZa?^&mqw?F&k6VgU-pQJxX?BF z(W`#xz7&hX_4g057au4rWdTu(L0stgjgN=kyjmweoSrg&q@56NEpg=UZ4FRofm3lb zq}L(mUrO!`%BH==2xnU>TJd+NDE#)=$&FFyxh~Fo2&)^YvQx3KeB?W+Id}5%8l>Rz zR#SGl z$Yz_!eQ3Oa;SVOJ^gxqmm-Cn{E~{B?}ker-o2Xt zp4Lt5zO{xJ4=y=TPK(aB9mu;P+<~I+Wjg~s@&=uHgL?dqO=xM#+#l>(l%u);^bJ|i zjIJroYf*CH+8ILxXs?0huO&E@I3PfqvI%&dpm$Gm&uL@}t%%2~+jX(U;ON;B!{A_) zJYX(Yr6cWb&F!%Oijd0Z{RUQTMUmi@r)gX3gH8mssXYn-w*Zb*nf4^>klVmrTM`(k z?lkYL*X}C;>+b#beruc?C^!qKIK)ei0dI}&$0FKe2I;EZ1{oTI1}XB51}{&2{{vja z(m-yPGTZY`-LXA+B3aGLk#R||WiCKw+r}D5tBg_=zZxXV))`*jnTQe@k@Gky$k|LU zDB0Y8fV=dtx|c@ z`X1BDyPg-)yT3;6)M{gZ)7#tAsgzAo(GYF?by)dD%AJ?SZ+!6LA$e2fS?>g}X7pu0 zD6NE5q%$3x|H&ARKdGRD)L^Lc<~lx)u7cT_%SKkLkP`&Q4yYMja_2D@R@vluX*i!Y zQBluKJxh}FUY`8>`0dYTw!9_uBp(IKQx1#bs5qvsvl#ar2u+v*I_eUzgX2I66q>a1 zQ1*AYAWxy>xcoKx@v9+ufx)lTwnNpXXXYH!w5`?J1U(zut5jX*5neNmlkHDU4HTV5 z)jJkS{Uw>@Z^#1ZZm?yZeC7qbu^TwG89mzOw8cHWxZS_`OQi@Xc!W3Qoa(34`ONws z)zaRVFRv5jkliTRSJ1w+IplC|vdJaY(U8A#?=GJTc3;&FX@5d=5>d~@^3@-jVscEM zt<3$)7#K#9K zh=+zg+R0=WBi=ec;R$a)7T*|E-^0}4!W_}e+_H{=(>t_7CK*zdZ{JECSafexPBF!x zOVJ)$-CaqiBRr9;SHL9R6(^1ehBo4PZE3muy}O^RqlnMhO?ZL^kYokrDJ6FN8C}eC z^oxq?SWd_*Hg>%Uc(p#ZrB5l-hc4pb@X<`AMW-_^zux7@S@Yj|a1{HWXAg_=O6qq# ztT#2YT^z$U{2-g_q9inUu87SeL28bvV1RX!-u|L!_}0cJQAc*R#};*7M@d|orfU`x zzz9*Z4#3D6*&^LgP$telW;E&o9q;27G@TiS_q|>WVv;+#gNQwccmU|!a`g&~ZO>$F>8kuzeM31>pSvhmTfJgejjNav&R%|SBXPJzjfX+!nD8=1{rh^##F z0Ai+crVN|_M;<~V?8!Q9f#Wi3SBxiUgrcZ5i%(^L3}Mc%nC6^nPyqMF*L4IN{RkM* zz2~8|t^tOqRTKuA5>wKU`(!6zWKx6%bO>)TI7e87ot8ZDmQD*~cMaH+3D=O% zbTi!@Fzr_fGQPMQMFrGep|{VV06Q$!4=RY84OmeX0paCWh zQ?61f>WX`ohL{m$_4`6JHO@8jQ|d5(Qv$wZQ6UWYl^7y{1&=e$tV(h9Fx_Wg{9`yd z(e2v<2nuqQ9l+ZQSj~6`L|m9<9r3Hk&&B93zr`^tZyh2QkDP>uq7+p+KI&b6`7a1o z0I6F45iE!aV1^jrhZ+}H6>uX91vs?({WkqGmY3h7*|t39hU-Lp>!a9?_7Zk)eVXJu zFAQ?xDLVk?TYmu{WzRz^T)Akpt?^uNtODWK5pZ=PzfHjJ9H1t1@&O+`)bSG1egxlw z^@rG2$iXK>j)^&!Z*?j<;&c4!({cjL;8^ZMVk_lzXYrI7{`hV1obmmw8_`McQ@Px5<~@4wjpzGTMF8$G*mS1SL_ zgu{e(an*}Rp1Rg#j66P5H(*cyB}I_~=o-xF4gsD92L==ZQqIzL|5=d315XkxFG$~S z2AT`pKV85MtSG=GHTCOHtwY^yb)F#ej-(&H#A`v?tBzS}`>302j?^9bi;m4V}eQA`V$Y>S?Z;tG@D5=5%%E zTEMeJe%_HaZM6lLz?AqSdJNaXt|y93|1!_!{&tpR2LFiA>(Mm*jZoJ%K3mrFMP?Lk zG3xb`M8=kHB}qg16!lb~KQN;V-f{&Zd@|TJ{EiJfd@buL(^Kf?C$Xo{o7ZUx;9IVU zWy-b<@b*1fh>8b4sIy}#@ECEh$)!CLX#cmA#~l2)_YUqcpJ;O{L}c&>d!RLX53Es7 zTVDg!bZaNt$yNfi0Gl_!?WV@6l<@#y2c%>Lbyl|l1u;MlAoVHI=Ka7xGDO}TsJMW& z#4dG_qvaI5eULR@0ZZi|()?2P^KrXvQW{_QA>E#Euy%8yFl&1(Ep_3`)CV`a za5TDQk+T3HKg#KS6`0`d{XCO+CD8||>RYe1wGFs(mPdg}Ilo6Iu*s2z*=K%83ROG; zbhigzy|@KCZ$kUx4B!xj9QvjUP@kYtc8DFMY7t+}!OEr#oiIMh_uhz>P@^71W6O__ z*SxE)f^M;ix!Y9%j~((Qw>GT*2qYK!d#KoJy+Iy}=Xle840D6wMqb6wbw(6<<}r-s zATmps-lNKJM?S#5!BgoM3JseWTJSnIJ)#qlW`fQE@pa)vdMzYgg~-s*C+)sAeQ>z& zW(V}9cXR^cH7KI~3GO;tzj@vPubT=A&Z+UC|F5wt4~MdQ|1)Ncv1Q59^cF)!Su>U* z%aC?T^@bu;mh3{7Y%{2AN!j-)MP)5Z7{(w>S&Qsz$eMi_G*U6|DCaBM1iObQfr14)bm zX^z^P;H*T&4HA&AIDhK_D{`vw{(u8ZS?`m`f9}R7XoGCN_7Ub9ekWY=dT`6@G+?ZW zx`t-A+gt%Dd83sGL0&P72tXr()T{=i6yE>~3Lnu$7{2u?99ywTiVzOjB@%H_ddzgs zp3i094%K+OZTpIfqoKX0=IR)~#Vw?NE=S|bAfXXUMGNSo9HW?afmMV&&WrdTpc|?l--Vn$z z!io%u5b2_3Bv;3}A@OAhp6?(wU5MZg4#qZvTQ9o)m;Ov=HHVL5U#A?I)18}lGg!>1 zNgP=uZ@tSU_R@~l6{;~TZ@aeO$%NOF-$KL? z*w#zVz&teO_#Q_={FNv{TfyN35LE?~TtmbVZR3RAB3noE_D(-fKvBXZJjQ*-=R!je zz%3SsfteF${9>3x*H(ZX1^IPQF^KXzV#3OFX@Fos73*IOiRY)q+jL=I>V-Z_u&FL= zZx~wO0;J2{oy*9THA%R*pIipNZ{k=MOMZ~4n!12Qq4-lw&$aX8qX3sxuyp>!yJSso zfPk!FVnOQ(m+_6TQB=Zh+IMo3R7eZ_OyJ&bhYUgDa@Mt58BbJ{_MdPs#uYrY zEvixZTa89xcwbis<+J$LG;miyxL8LGf-W?3)Rj}P3a*$pUuya4X;=pck|AH57+w%{9$Oj|pKZz}=C(3%@$o&YG zajA6JIL8j{z*Bd`4*Je@OjNaB#7g{-fCZ5>$;18mL(Nj*Cmu~Y$$Rp}V>>U9S8lJd zuhlgd9ei4G+JEVIMT$ZL!qs=5v`c@JA-eTn(g_w-ZDaZo>t}4QLgrt22-TEl-f6g) zd1{%vi9_0Qn|<`Qkqm}@>jr3_oRDKV8|<(4?i%WgYBcr~sQvT}0omIWy&v+K`KMKAH$G0??wl^LZYJUL{Mpq{_q&Z>+VgFv zWmp{r!&y9)UUn(eH2URwO_U;fy2K{XkA3z;ghPCn-ByIZb<8Aaf_YU;j6;?0pKJjX zrgN;;=i4~=owO}ds*~(-jTVlQ|BmMvl?OTSL3P zmLhv$rH8v+agImTg$RfIrq;7ArD;FlLLEGMeKS5Yz>o#GIj2|+t8u@Z-x^%PLu!N- zt)pEl_MMoZmbqMPdSJ1tQ@(f4JXV~5RnQEamoO%UeCIGyl7`co zH{!)t+Mk&VYa?Qby7b3l^wBRsVDP%InvM|sTc%R8BE=xsz??Tw1`b*`fIy{&5x8fL z-xU*$=kZ^{VZRrh^E~#z428nIGt1od#Q}Z;J?S}dKJoHq1RT$0-2FKH@M&HG27$Dd zFeV({-RpyU@#|!pnY>HRKE*qj<7_RgaEoULnWPk|okaI@_}pprsm)cm{mjFu!7r`vmT4Tv*b2E8jaAHc|f zmG;Y`e*u;l4zk=Q!T3v8;Ht-TN}B|xo0fgq^*m8>*)12 z&owFe&?i-3MF?v-%*1%kQ~5c#F;MM-od8^Rws0|&VKR|jlBD$Ow&6`j!NSg@U{^NbnBYZF5NVem z2T-B({D59-TBUxKKSO_h&~KomS*5Sv?3A-(&liXHb#d0&xg{liB?U&`lgSe*gI-rX z$zMcd2woniS%{r*wLQs7bbgCboQs}{e_S)$|DiLp3F!T#UJ5M5Z2@G;F1{ZhAdUN$~f_O%7Kz*(L} zw9~QTkI8BnvEM<%6MK%Q$u@VIINO)>JeniIMCK_bJj-OpE+wD2p7v1u5QPZ)McERW zTj!p%BRz!O(;;;lJKk^4x!%R}0%Z{$U03bM9H4I_rGfK5DQFWGM}X`5*Kh%JB`Akb z20u?0mVju_rk*$qq!v_$!v{}+-(8SJu!h1wlmK*pfUw{#A}lY*n(BjM zW9Ok3_nYM8sZPg%Bn(m<;WPL7>8@YDZlE^ThZ^4ZIr)?hb3H!7PxV2Yu=kT*TPO;* z1O_Vy2Wj=|P`_&y=+9lSCpg4USo+WzA@GmiIH(iI^oK4XSgfQ;XUGMtya^~A8?0PY zAKUU^3U1NHxM_=-IW2L!r7OYw--5FuEz12`O?5O8Hb=E z65t|mD?(ua&w~lfW7*n}9~=g-6dDg9EZDRTvdE?Np^41=&LkQA^83p=wak-`l~d8~ zfCYl()<>tAQkNJBSC(gh8sixeP-EmuoIRxHtw+Dm&0k|0x|` zpt=;?9dULY2AcWPc4N?0`97X&f+5;iboD6rv6#F-JclmV@xlEiLv<@tl}~&8w^CDw zK{;aMy-$2+O5Z+i!jWDF&2wTVOAXn!_UAEEc_6=4noZIMU>L+QzRMuk`QF(7=jr~D z;BW{rveelLzCrO}>B_#s+IGs$l(ZQ(bI*a*n`d!J{)|;JnK0zPwZA!!yu=w?IUqZL zpb8e60tZ+7e4)DE3Q~4UM-FXKb3EcK{`hQJs~i84!$jP~9(n8w`T5;mk#St!8Z^x= z6CPXiSfHc&Pj!%i^x$JrHFNq1u~}?6X$;7MX+&>q_5#eca{sFo82ydc z#zmq1o-qBe*nTO}!zw^#pa$w|mb-2Ig@}gDNx3#^o@RYHADz|@VzB5b6rSZSJ8TYt z1MVT5{c1S^9gs&qK(22iH z6|qDnQ$=hcS5uOxyC4XVS@O~35c$4kG}F}%Q@8P}ZcWlEfVn{zc>W+-0Xo2ezxnhK zVy(&Tmi+4S9G1ntCP7$)pCfgFnSfC74K zMh654Ie?(dARx;ja1y1&M*x@S9PHmPbiY+=tGv>`smhya z&P|@XCnQBSUV`q*8*EFlL`h9ki;HDWnLVpY2Zx0Ve}!IcR@q4!8`kXenj4$3Ns`nw z1_S90mI z_N-?o#j|-hc_+F1M>v=t@g}AdzNK{s+OzbmHbk_WR>)!oF{G&w{gD#xG0Z`njnTp1rj3zQAI?qSVH6N!D#sOZ(1!L7sTr7fgY*5>VK4(2Gc}8}AB=J?H;dH< zlxRDh8jeX+>6grURB4qRa1r|BWESy1*_~4yAv!aX{8;%Tjx%eoH93R z97|#>VdB+Q`W}tFEC(|Mpdjs1%wOI7=rF=xLOT@lL*CzDC4o#lsHMy}OE}t-FKtl# zkZYgkqU79s6W>WK7g+>PrOJ^-huXYAOG1+RmeH~4ogZf=5-14U&UD+_2j%=@Zyf+Y zd9)+E#z^lYWm*v&d+jq8Fup?R-d_*6nI`--eUp`3lj5-P7$!mzhj~M#67q=8G3QZX z-=%=GLsdIqOcEb#M5C(L;=8ac{CBE0hwpd8Y8?JaMLeO8~;3}J2 zy2~FJ85=JdL8UJ$)5`!&kEYw>_K8H!xzt})_!qZjmyyrI8 zavFErOUPHXi~r-!G6PyNfD3ot3LE>NOA46#aG-7LCdGkO1idOy3B+2WE@5=f zAttXCaPf|vNKx-`aJ&7h8Pw5Y|(DG@xDv=B{hw*pjAdDc2CJmn=7r1#4 zK?x_t6^X<6Ab$x8=D?5;7dF@ug1qF0;LP*|Z%kXZ1;(pp`;z`pB~o#ua)|WSdOBzP zXJq`(o`&720xrc>I~!WbM!!S{%mef*R8Ptl@^9yGuluzm+o@=@%+=1tGy0dOeV3Qz z8=EO>ie575WX4;?=4-7@(%D>4kJZvOF`yzVxeo3&`r~f;V9p*utj%lB;SAP6I2MMU z-@M1N`tHxZa8-In#uBe9ztG#gJ!hk*GT%)ip`G)3FHt-)H>~_E;8ok!O=nbi9}g^t zV_e#03f(uHt*1T=^)vX^n^n?#2@Kh<7DxToT-|;PDmJxbT~y(rVD#YL1KZEC?qmCJ zQWa7>Msp${1@?d1YdV_?z*sYs-8pH*GehES5I2GaO2J9N0SR4IH>VreI|`R@BqMDc zRd9PGBQvW>#HEnM!GMP{Dy(Qzoo}7Qy}}wEwDZD0rMxM{y;*NPY4vHM#jf%N8{yyR z8sZvI-t)FytxBU=tom-tLJaH7){XC;H5A4cWAuw zXTokMob7<|`aQaFL|te+W8>%7-n{EWcpnoa`S;occLw}&Z4#| zGSR71RSNBk;uq2Ic<|%;Xg&YYi-ZZU<{|l1r#RXC;w8@c?boM;UZyuF%-TJDD60Am z=s|W~5T^R`zq-iNtPbE~0Od0r+bU#ZdX=!qvaj&Yg`_-&a=10;)SVCT3eKN z+aO0Sex%kq%esuhCeKIhwVa>#*tA@xlR5cKBEUqw#IlVtFnKqKgGUt8glp4`zN0!3 z+4GK>87i~HrrSOQjv~`8jmN>;>N)ZK3JCBR{yV6m_bgFLW-$Iygp#X>;=(zp=>+0a zh8OWlq%iG%3M`0~u?KF>{hs4FvC6#OE=Wc-Wp7iHNGYQZ`|0|vsB8v8j^5*|Rpt@a zGM3oboa0@5m9tc9HNLl#;4C4hTqU|xXn%`7A8esJFWcJcw$%x}n!}3wH6-xXs~hnM zrlGK;qAKHwAl?RQ*{;xF4dYonn|3rXSG_3(FgbV&g(LO#*{!D9cfOs6-5=lW)>N-T zo!UF;wDo z8()qfz@Bh#ZXQP1o`Q+vNMW$_CPNxucd@>m87*(lUAz=WT(2^_U7|5%^H0rN zE!|INcPatEQv8YB2}<=^jj+gtkyGIW4F?OwM#7J^K(hb6AjE_mSBZkXMQgyNd-?b6 z1-jSMTz~1U?;AyX$*Cn{Ek10Ojgp6q4WQ^19xzylV1P#&E&-@b@WSxJ|Dtf{F(J9Fe{mjv32s@A=)HYXlyb`9ddoWZ}}Rjn3~ zI&96;zkZ`264qL|u&8tFNmSiKUiNwpgPbe04|OA~k82zPrsb_C8EzF^#!x8z&r`u$ zaA4k$7g>r>zm*id2_L}P%fQ;B^OLQtNFL+bq^UGPH2bzjOM+=3jkgeXca2A0L*`VW z)&N|iHR(2`fVf|_QpbyZo$|H(D z{ozwtSv`e1zN;QZ?}V9Co=eMPhNpegwcGgzkj3H!qo1P(Vt>ClkeQgAmTKa*Dk@i^ zU=XFic17m!!J8Z%E2@nHcN}|e54K`!4xGN^7R2ePc4)(s<9Md#gkCXx+6uIzZh)tP zyhaGv-)qt9echT4wGRlAbHwn}<)D)TJ1W(=eAF5pNwfW2=vS1~iVnu+3xP(# z<-J0CerQDSk(2}Xx=zSjZ$(RxW4Y%294TcZiDh#(Piu1#ed%hArrRCr@`%e0G#|_x zz*fTwfX{~SDZ(A^orc%`j|lSSs{fkd7Qz@AZ@5J)_hS7v`f(mGv0R>v4DnzObq22k7 zBYarOKd9=`Q8sQy+0OuDLy3bO*Dnwzj-;LFrdS76=^r)H;&aHLUpu+>)-R5#uwT{V z5%*X}@t^Gm!+vqR23Ig|_=x?Mgi$Y=KhGs!ryYi$<4!um_O1Q)`pA5v(LE`742k}P z$dK1#)YTj|tsYvuQot`(_bzz7N<>dA<+xv2j~i9sm_DzumPO49=$z>4Uop)^w;dYx z|8#bPi+D%%Za3HRvcr)2WMjO%ImNdwx5A3B*>C1JuZs0H)D}qEWM5z#L?a15KC-`& z7D>O_o(n75Wx6)GZ#|{r(T|TDdxWW!qE=Ysi-zm%c7_@&<9|OV8=%|=n~aCxG_&4n z-I3w_VY>0OJiz1I4MgF@&UB}cg*qH744Ap=nm}Fb`i%50iGuXX+9T~vZlUj4DZU#^ z;FI#{0JRx(X)4Rl(BY@I6cvY8_J3+6(pZ;r*q=1wA;orink9%3Q+6 zQmhGJ&WhXFOjezVGjH<9+J5;+`RED4c*ukt{k!S%m}%k6R5a6co*vZd_J( zwaUh+_NEg%+;LiKe@|%K{8T(VOc@@y$`&{z$9s1hkae=;k86DHlO+2!w(j484gfrl zBl|fGraVpT!LSMZa`x%=OLWjV|TFFe&8hjJZ*(>(+md5X?Fc z)>+ik*vyxaMdr1UB?K01(F+H + DellCSIReplicationGroup Monitoring +--- + +The dell-csm-replicator supports monitoring of DellCSIReplicationGroup Custom Resources (CRs). + +Each RG is polled at a pre-defined interval and for each RG, a gRPC call is made to the driver which returns the status of +the protection group on the array. + +If an RG doesn't have any PVs associated with it, the driver will not receive any monitoring request for that RG. + +This status can be obtained from the RG as under: + +``` +NAME AGE STATE LINK STATE LAST LINKSTATE UPDATE +replicated-rg-240721b0-12fb-4151-8dd8-94794ae2493e 51d Ready SUSPENDED 2021-09-10T10:48:09Z +``` + + diff --git a/content/v2/replication/replication-actions.md b/content/v2/replication/replication-actions.md new file mode 100644 index 0000000000..f472a99830 --- /dev/null +++ b/content/v2/replication/replication-actions.md @@ -0,0 +1,60 @@ +--- +title: Replication Actions +linktitle: Replication Actions +weight: 6 +description: > + DellCSIReplicationGroup Actions +--- + +You can exercise native replication control operations from Dell EMC storage arrays by performing "Actions" on the replicated group of volumes using the DellCSIReplicationGroup object. + +You can patch the DellCSIReplicationGroup Custom Resource and set the action field in the spec to one of the allowed values (refer to tables in this document). + +When you set the action field in the Custom Resource object, the following happens: + +* State of the RG CR is set to `action_in_progress`. For e.g. if you set the action field to SYNC, then the state will change to SYNC_IN_PROGRESS, action field will reset to empty +* dell-csi-replicator sidecar issues the command to the CSI driver to perform the appropriate action +* Once the CSI driver has completed the operation, State of the RG CR goes back to Ready + +While the action is in progress, you shouldn't update the action field. Any attempt to change the action field will be rejected and it will be reset to empty. +There are certain pre-requisites that have to be fulfilled before any action can be done on the RG CR. For e.g. - you can't perform a Reprotect without doing a Failover first. There are some "Workflows" defined in Section 2 of this document which provide a sequence of operations for some common use-cases. An important exception to these rules is the action UNPLANNED_FAILOVER which can be run at any time. + +>Note - Throughout this document, we are going to refer to "Hopkinton" as the original source site & "Durham" as the original target site. + +### Site Specific Actions +These actions can be run at any site, but they have some site-specific context included. + +Any action with the __LOCAL__ suffix means, do this action for the local site. Any action with the __REMOTE__ suffix means do this action for the remote site. + +For e.g. - +* If the CR at `Hopkinton` is patched with action FAILOVER_REMOTE, it means that the driver will attempt to `Fail Over` to __Durham__ which is the remote site. +* If the CR at `Durham` is patched with action FAILOVER_LOCAL, it means that the driver will attempt to `Fail over` to __Durham__ which is the local site. +* If the CR at `Durham` is patched with REPROTECT_LOCAL, it means that the driver will `Re-protect` the volumes at __Durham__ which is the local site. + +The following table lists details of what actions should be used in different Disaster Recovery workflows & the equivalent operation done on the storage array: + +| Workflow | Actions | PowerMax | PowerStore | +| ----------- | --------- | -------------- | ---------- | +| Planned Migration | FAILOVER_LOCAL
FAILOVER_REMOTE | symrdf failover -swap | FAILOVER (no REPROTECT after FAILOVER) | +| Reprotect | REPROTECT_LOCAL
REPROTECT_REMOTE | symrdf resume/est | REPROTECT | +| Unplanned Migration | UNPLANNED_FAILOVER_LOCAL
UNPLANNED_FAILOVER_REMOTE | symrdf failover -force | FAILOVER (at target site) | + +### Maintenance Actions +These actions can be run at any site and are used to change the replication link state for maintenance activities. +The following table lists the supported maintenance actions and the equivalent operation done on the storage arrays + +{{}} +| Action | Description | PowerMax | PowerStore | +|-----------|------------------------|-------------------|-------------------| +| SUSPEND | Temporarily suspend
replication | symrdf suspend | PAUSE | +| RESUME | Resume replication | symrdf resume | RESUME | +| SYNC | Synchronize all changes
from source to target | symrdf establish | SYNCHRONIZE NOW | +{{
}} +### How to perform actions +We strongly recommend using `repctl` to perform any actions on `DellCSIReplicationGroup` objects. You can find detailed steps [here](../tools/#executing-actions) + +If you wish to use `kubectl` to perform actions, then use kubectl edit/patch operations and set the `action` field in the Custom Resource. +While performing site-specific actions, please consult each driver's documentation to get an exhaustive list of all the supported actions. + +For a brief guide on using actions for various DR workflows, please refer to this [document](../disaster-recovery) + diff --git a/content/v2/replication/sidecar.png b/content/v2/replication/sidecar.png new file mode 100644 index 0000000000000000000000000000000000000000..d1e253f706232d33eb695839bbfbe0aac664e177 GIT binary patch literal 23115 zcmbrl1yGgW7dDENARr~JbSr%bNeSr==|)0Yx(?kSQWA#-X+fmBOF$0Yt#o&D--G_@ z|9x|3?p$UV&f%SR$J#5N^{ll+73C!`9uYr+gM-76k`z;hgL{w+{Jum%2L4m9Ls{`A=$SGWL?A2~{> zZ?8;`N{@Q?4^N5iLCRp=u?uuJruY{d0jtaLdnZE3h_4aFumV((;R8H_8xs0IJrVII zxCr3=vaP<^tlfAH3~_<|v(@BDY5-pH-l!!ijgYHyXdl}NB^vOE_&V>ZqxNTQ=O;T6 zhYM{dcO{lZJ$jxac-X@UN#s^3!pv4Q8h9!czs0DC^3dlzzGxUW(V;CUe&ihwe~yTi zzY0XQeYeABAMad1Ac2J_9D;e?F+CL?O2y-gf+5e=9l!aWl)oxtl@?=gQaWV{#*Sna4SsyJG&_WO7!J8KtK z7%}%c@TxegyE#ex43s2(r|E%wquu%P*#D73;FAY;Y3DADc?Y1Iy=$92yvv1Wcegq^ z)bKs+!Wt!L81qrBgYRb(H0KRfI(Wp` zL=0ff`Z-wZ#pkQ!fsCLL@q(Z18dw@wWM^Ed@|cx6#VbMKdE`AZuvcC( z(h*T0X*RA=;;q+&?OL%y3L{8Fan&fX5n0IfcFlRh)Ank_yRixM-Q@H_+m~2Lx8Z_8FjVhF zXG(*)D`zBZSB8}LHH@qSdpR_`yn&Vq6D&o(D-!#NviukHZSuDz>JvTJkh%fBj~`_< zJW_P)Kk`*TJU)U|EtuoUI6u+asG?HgG8drug+JrSNC~6rP`RoNo^g>|h^S@5j#^(mq>Fz2@|1I}NSy?R?Ki+})bWns&QtPfLpowI3F~VC@ zR8uCcGxOGXdLOKgfbB+?UW&--NTBzu^`A<#v-!s?<zjo%K!5 zs5-jVE9p*lB6B&&+5I(Yawt)lb+!qy^o0uf)w@Xug57#ERcam3n3zQzc9jpq(GweP z5i3(`SvFd}2-*nwdB54M&0qM+#QhE(@)TW185@y++1cuQ5szpC#cqvjzs$$M6>B!Y zmXdb(!120v--euaAH3u6vK<~WJOw)g1MFjux?IU;pfaNVL`+acYz+*5me9sHkL9An zze;mH>CnJrn)wpU#VLmDsDxTSRv}8cp!Rg-NyB>#cFIV)@pmze7FK!N4kQ|9l%!A3UhcIv0J`jzhhU+Uh*W94o zuGgOD-=?7_pzHkEzTNDU!KV*G%*;nIRA$Q_g`raBB|0~H1q*o7&eWXdY;P4bk`?A( z576z54npK+g=vUSvV{m-!@(Ct3&T;i*Qj&nBk4m-)wjtucMC#80+=_EyWX2>?ms)L zH_Ft*hjEdFMx*GnNq6@Bg)TFNx_nXaY$w&DO4n464D~#oEiIl>ov*aw%j6$UvRP5u zEyaX=ys{E-_x-djn5q`!l-Mi;QJ`$?eEe|v@j-XzTR=ldS;D2v_xVg`9v8j-j50vG z_gF?H{`f${WAT06+EU&|5Q%M8J(*{W-gBi`L2JRdcgNbYk>a+>g3=#Vm!lA`7o)(R zA($g81`Q-&&umh%qsb$2znLg30VdP!2_XV@!LL+|_PHGG&SROCP`-_=UXS%( zMx5)xLe~_HdUa{c^`N8*nJcceuT=bn&%io&exElt57;ojQ|N=`xMslt>leE1fujbS zl3Wk$VAHp3Q-@JQ?03V!AKViyIQZwlktHnL?lVr-Pfrt(so#f0=@Ot3vgj?xe;4sT zuP&ZO19VACS#6gip`1>q!PP zP)SCS_OO`?I!F>z#dNWKYo+kts`IpA%NH-pHQ^J}I=_c+zT~&NVB?Yp6e@4Uq40nP zwBRMd;FA0RqigSx%#A%?{!+l)@%0s6CD!7>t=W7=`rTUT@lFYe_aR5!uc`&8?XH{8 z?i+Z=yOGinDwakGZ?7Fu_wAFY6RPj|5?4De3kucO6FYTemv_tK`XdN~O-a_C{lRXv zCpC6g*jd?=Ed#0*3zJ*Sm&4Y1Dr0)F1!uEM6P5PAW%|h1mnc(s7%6vd)J-6=MvCw0 ze))i2EH)RF7OVF9{w!Cy9+jY}Rkj^*@rWpdSQTO>rXVZoap zk0h?E%R&z~N+psdvzNyszN!!@hxnvx2YqmIM^&HZ7=BM3Dxz3;qM=*D$shUMF-@4v za}4qbJpM5ayykFu6uvi1mhSo*?Yr)okZ^PT9@|X_`z9H<;OnXX-NTd1{9BHKD&mJL zhC0A8D0Ve$yFUf2cj#c|@+f~GWeKFGyUz8NPvJAcbEeTJ*6fgXXX%m%3Ft%CI?AEk ztbC!Az0*>&)UwoyadWr|)U0o)mD*CopZZ|)l{1$k&pce2Mx74{V}S4`3N$kzmZUSR zQG;~6J)&}-nNB;9aOYC`@`&-jw@;o}+*K=Hl`-Ex%d17A;dAQRMju??QFYm7cCRv* zG!LsL{L%;f6B<=!)YV!;NOrXD&dE|w`VerIE?r;v3hvmK&oK~6vcq@>2s6uCrPd^5 zf%TP4_0FEMh2o)(;b%#T;Sf_Xiua&9f8!Q0uFf9Nd;YzO$4+o*Q|F*!4Vl&B&c^$S z)4uyVT1`zD;xe{Oc+w;RdRk$kdnE%P6G*B^9c85J!@KkP@$idRbP<(SPsFAZE= zDV11f&*yx{H}BV~A7zuPCBG8`gb|kPbuT=DQNYN<|X)Xu9j2!SLrzfm))z)U8=)mFHzJ>)ZlPPg>D42=HxUb1zLkjcDu`e zO6Z)r_0V9|$!@}`Iy0@@1UH%6Jt9vU^)S6>gusYzOpFOcWL7dfF8c29NzP@@&Js~s z{JZ>sTgP1Jtn(V#`Y#0%om0smn6 zO4hWL?==&rmC(gC)T;bYmFRa=Rl#OFIJb}88CA@88}{t$EX-Jxn@+4v&ecQ5MJdI7)$PO_1gcGxrBr+_9+Pk(;JYl4qKdy|CroNk!JG01P zuNk!K-xTG|5&2G*uvc#%3-9WQarM1*Q=($D+)Wz3q?xkID7_$Seh~UpYNldlWx6fs zn|h}GMAukS*^WT_pdQ&}04}kMHFGZ|C`6)zhG5T4uDE(I3ny7dy~&Iqno*UsiHX0x zN)ay}diREh8broLBKPZIaULZGvWl<5CKN#nl$N8tcixEqA^r9`!Es~|oY{O~`|5Yh zB~x5hU5uSR*1Pd_=Z^>nocwD0Zwt=B!Se6iFe?wp8R*f~0yR8B<<1?Li_B9B*PMFY zfm}V(&(IYl!+3za`r7>CWaH&~a<>^%y7!C8srij4ky87tDubvPtSdwguUY9bABbC7 zabzXE5b<|y$dfWc!Qk0o-_WkV zpXw{uLk@ryWJ%(%Rl&8ju3Xx&f^Ix1Ky1SPo0-cJs`FG4I z;AXK6M(nu*GcjgL{W>#ymDH-;#$nD8 zuZDV4=JNd=h3k5yLcT_~TcKR4f$ELZI(TF1Rcg?I#1-AM)nWfq&z$aV{yM#ZzWZJ3 zA+WXVFohtPms4@T3>PwiZ~p6KZ`4&m3iCr zw1$QsLA8wxF%z{>;%Ef|mgb&4$F18bxms@`2pe|jBv#DaY%Gu*IXJeTd8wM!hr>8# zOcTFbDPHzQC@aFfq8;;g5U;58YQcG;(Y=Ah=Gr0`8aDxeqI+|1L5%OIb#E?y`^O7n=|usz3Du%>$$n}cP|NuGp+;%y+pFE+_0_u?Ike6wuqWogsaE z{zIoIz@!N$2KB?o{IXYE6iR})pG?;Uhx%j9*G<0a>CP${{b#Am=P$jh2l>%3XcuYa zX#{twU-Em6{~7=5LcfViy<$H#gNIk z)B0gOW_E7yY0_yx?!3jVeE~`|C{L!3XBanAado%NS!T?<`)r5DgoxC1E}mc=#-QZ0 zK-Wl#Aaq`D%zyV*TR?Di$oQR*sla2b(5Npe5ppy%^eaphOQ&fItw;iIbSH=YD_A3i zuIi*PtW-CA;_HvJ-1dwI_N5j3$FmuTl#!3BlVqwFu5xZ^?@I5^2?Z`~-nxHw7jn=0 zC42d`Px@C;K+aiiNDJoe{pMB-XJ_t?5%FvUBnE@sfM98GgB3eY<+7ozUj-fAO$E>C z1#Wl5pd(ULOM)_|z|;wW$hda6c{q2QWfc5#6VJzoBsMRCbtj-`zj#My zrx(ta@4bKC*LdKo*5Y0=f*}EhJKXXCw7y#A_Dwl}IkgN3Z zx1-t5z){|#uTpv3H*X2MBQ}0?meTRfg3+;_mFU$3p+tTRp-zUv!KT^|OdWWr49U_R zr)HW3BklzRgZeDf~m z$y%kULo7ZF-Cffn@Fk&$@YGBmz+VEsm>Mh_(6#)Fw%pisHq0xjRHH{;A0=|e?edMT z^UZ_e_jhAf5cPj%M}*~6arVr|dni?;jjv>!(|@euQtNEHKJcn_#lV5dm#Yv}IW>WJ zFe0f_`@_)f%3Aq%SDWuxsb$h3vLvsjPS5T|0*>`fm0cFD9hzY;t+5Qsv6wb|wz@Ys zPNy?7vNN&HJ7aYxSz}p->y{P$U8KF!^7m#5h-IUaUT;WL+9kg4X4tqqS(%3Wo?pFn z-LfOG|Co7wXtV7DK3`G?LhLLBPVQsV7+O;6CAL=v1~x=1Nxb}LjQEnXtRBw@V<9sv z_bJ#qF!rBFabQdd!bjSai-b*JuHSW0{64rBak11B{mU(9-3?$ux3z-rWEevz)9Z{iB4Sp3D<^C75o*JkFwZ-gdc{>70 zYJy(3?2%e^+CtsgJ0xiLDi|ZYmtPhu#lINPk-{uX6vV5-s= zU8ON)dWxh!p=jID9buiGp=b+X3fN74nOSyKesM zM~_^g8wH4!+N1tQ+JxXxqO&@d15UD}6P(w8Wo#@oaiXtc%4wCeqWe2WP0iuIba?Jf z`NqMfv5^rt87JA;Y>EqE8bimU;)xZ1_pnXbmPaS1aw98CZWh3-`m=>|HQC<(T5MA z7ZwjIeeA4*mcpIaC!RzB)5Pt53xQ1|*_$DoCp8g@zPW9JgW2#XQmR-7hf9jo+PP7^ zpIC>Y%(r%BrdM!YWM%w;_S5$`#4dV|J&I?2!WsVZJ!0lBXut4^N4+7Ac8t(?{}CAV znGQ62{M2Zp{41H-CL0B$=X#~+CCJrn-g7geo%%gt0=d#d2i!);WV9?65dtgK)0Xq3lV8*zxKFVke^x>5?0@~`hRiZGOKE#BA&vU7TbAk4%Y<=de4)|wlZb9#}@;In}{&?6T>I|V-Y+r=D;5waVCjiej-8L~mlZ^x$J57y>nk$;o!3&23geI8(ZASr1eKz6ix9t8npU$-Uv7$q% zYBF?vTbVe{+HBe1iGA9KyLW2agki{k`Bu5d5&CX%P3zx2rWL(R-n}t;m2q7;%sN14 zZ8idZeFf00w;EM9@Hb7%o=mJ*#PSAhOSDgf7ysZ2E5P6EiIl6$QKB$(e6uFV|Fy4s zY;*JL*q{?>)cW+5ll@u5BkoKT_&+$#88CM@{A8zh@WPTvpBQ~DG7(p^O^XT~At#`> zzZe$&6F$%%!ommkAqH0BoetCXZjc%@s+JRlAUp2J;9e3gk^&j9`2 zQz243{g1JZ7os9kXcE3fMNe}O|g&D@87Us zb1vbC=4g0uD94G;Vt+V$)NILc^W~jE#<9LQrFARory?1Yl9=|`lr(Ofi(ooiGDLcLnk#W5o*8u z1v_0P;B;dkliu13gllHE%+1!j3qRI;qO5B#&W?;}UIqq5rAz*SJ!0mB;-$Rusiu1h z#6iq_UAt7#Wk|Uq-4!i}U5oc2gS#yDIcuB2RU$9^7b#JfBAuI+}>RhK1!#> zs@KpV6F{p0!#3?H18e#1#a>d~e*8^iKM7FKZ6bvY_5=GupUZy(yG6ndFm|>BkC?kP zIaam;mB84@s)Q*m1iF8Ki~7fk0oU{ya7__RibqXUrhh|W}(kz8i&S_ZlJ%CeiWag0y3bU3OH_sz#KIJQ``Ec)@< zBt=$EtIy1)?X>)Bjo0x1u?||16{y>fKioff9N_+i5qvGUxsKJDaFza;(|cTXtdA)> z)EiYENcbE0L|t6VaI!I6z0Z!?tjH4U^<2F6U2Y<6=T*LZ0E)_rpzYGY|_ zA?qs5GwJqx0{+-LN>Il8TIPZ7AH*%{9bw$%xVAjuATSH|Gcvq%+Z5XRddtMl#M&3% z!U_%*0W2Xh?14=E$ep^OUR6MhHaXk0DV@`Z4V_hNM`R#wY|69`HeU678fKKuauCm? zB|04lfK{{LmJkFnq_-Y6yC!R=)oTEq_q^u(U%)Z5Gfv>e0Nq~JYOM3-+5qit22SMV zP&!(}>*nh*+l_AS+W?#EjluO#+TL>2cYEpUX~DPRXF?~80*A{p$CE{`H$wf$HYMVe zqMXlL$!?%zE3X2=xVMYCCmaedSW6o}qyWs)#47{w7brJb@7Ylz9uOR}IvGl2HRB`% zQ3VY*Co5zFl;6mmYDzj&=1+X*_nf`M_$buM+!iD{`XuTZI?zEpYy&iSI*?6Ua5KOq z-RQ9ON|{5`IXDy)0qhs^nVFZJFUd%=4 zoVxK%7OmH`C;ixZbs}-(e2!-vc|i^tDs0)(++?``CB}VyE)HaVWosw!)#(i;H8_dh zZy&*YY^bz+FWj=S%RY*G>47X0Gs_#T#MgRh=G%x7)Yfz^4u^|4^e+Hba-}BGe$L%P zz}2xka$WZ33Y7p}|jMC=)~uk#%g)B9Z1z0pxX z*V%&IBH`4U-%!F;mG8Rd7D;Ao3`PlwHeDy{)ZF|;s%klgI3=D)Ilh-h#v%@hU}A-H za%S(9+y41T)~^z&haX)_V^GtMuhX zR!Rn52hcjhj9e6`R^+ro?f4OmxEuEkX_yde=9~uG2ceeIgwmX3!ef`rpWU;$EcMS{ z!-Mxrr(ICvt+-P37?dEpw?`_MIROC4cKz2uLnh%zocs00=`>Mj{Fx0=LkA+PL{z@) z?@biDMTHbJK8%eGaS~yZ|`W(ukZdstusG zZZ+zA0tn_}9|IK(qXHqDhny*2A!**tS@`h$^LPCu$47V9@lA71D+*xo>e*A0%K-sQ z=$y3AuJ@&r`_Ip3>!qb$l2MJfW%s;F^Udzn#;3bF-80cU{n<-P_r)ph^2jKFT&X5~ zY$H_r018fPx(vt=KC*87OJ^N=$DH{^Q!yhLC42@=_Bd-o(Z?-9nZBCckAv@ zFXz0XHUPW1+m{KfB)b;MpO837m#Q55i}7J!eLKm5f21}aXquNyO{QqpFP}CvQ?NU! zdu%lXFoCvgS_xYbQ<-GOoe}rc-_XfBfciq81uwULy`b=I)vvVT(?abxrD2WGXU~pp zWpuLVJ5EesVD}P#TU5kh9sst1C8@!ossG?Ro>AgTf3u%lg#zw$0!MmoOo(LO0wM{* zUzBDFRzs`}h4oA3eQr%(0Mt!7vko(;YO}8-7@#>{MCd!mY@RIO^S0*Xw-Ac-W;k&1 z4yb5UFw@Pr# zGG@cuc&LdhP=Zg)i8&49&X8?{z==(#vQ5~8{t)zr5cK~=24dz<3nM3ga6Cozekc&n z0CJf>RMId+48JXPrERog}8P zTb<-<_x;YZ^&eO1iZ`|sK%tXw*Xso}=-pGGN;Y-EYIhZij3N!jCG<~4CueuXq>btM zjeGw|=KIT`FVt~=K4ipP=;E+KQ&Z}_wha^&IWjCCQU$lTGY%WD;+^L_7RY$LB2{5uJi(Nid& z_J0vQKv#d~;7MgfpA(O2#>GjdloQ`z-|WMvL;n6N*edf;VU+lVNwj9La|xLzD|1&j zzo{pnvAcTY)Uz8M_=NncX1;8Tc_vwSM2r8*0bra1kOPPUp_-n<6>TtMK=lpHQTIGU zQQ%_cgkYx8v$X;)CqJc=iOj3dW(ZEiU1U4yj)^juO^4Ayb^3Qn4cUd|7jKSI& zFE_{!l@SWQ%9af4+2Po!>!atc&u-sXJm4hZ_Gz3%qM!$mH5&;v7^Y(U)X2R>s^^@@=FUWv+)FeN7*!j&@ho`L1a0_&r5!azKD!s^3^$I` zkN*`^?`n-sobG0J>(rxM+9QPqo+KZ--yde{d^dOYnW>k*SFv=CzS$$$f;U@^Q>O!i ziIK-Qm~HDr5eulcAXi?Vc0A z_mDm(gL960cgRUh>;{|391}a7LL81@@lQP&5oqpT|C^K8Y$HbkX`4O$kPC-GI*4(K zC6)9-LehM`m|G_y{7intnG_?Nk`&~Y~py)mo+>{w3<(Zoa;zf)_r1}K3R5B6QX zqvs_(aQ~qbowsS>VJuvxM!Fn-Be$}BeE*$tO&Go(yuN34A6I7_eal{~UbHXS^&DH; z-M23=-D0aGD07cBMg~^(sA;oRvrJ<-I2EnMRoI*DFEC2AM1yXM=b{l*co{X?Zhy9@6PPV28Vr zI#{J=?;wg88Xo@-rM%`2P@&PUkr(|)bC|cy|4F}p=ZAobhB<4-R@hzj?o|*~s)zR{ zex{pp_WwVZ25<#5u<*b1;W><#y&%#ysd0uVvYV3uEHUb%Bksf6s_VA#Yy$J%-4V^V zgn9%sbdvwLc|cp1QcwHtU&RaQ57sZu?JXMoy2E^*@MmStu3KN$x!2t!Z%uy$`D&AW zFb_mF2B?~!oGJF;r5-8s{;l@LaW|xY^MyRu<#XQvI$Hrutrh(MNLN+w(^YC>KOAD} zl?Vs*Z{OD~>CF52Y(&N1Ora4DQad%bY_olR?2#HR>6&Tyryz5mL7U&F zJKxNK@`@j6{=K}UKtHKLLq<3Z6RXR#CJAEL#0|`>4f0j`JnwOm#eDu@;2Y2exHzQ* zGZc$n0~~t#wOCaw`bZiskk2v$`792`OH>RTTAVxvh}Z`SV`rRBheQTZdV{5|#}li` zsWm&b1JePKy}FJ2^__VD^6KS`hhN~<-ow8N zOfW9U-u27W?7i&C-$XwcqV}H;=Tp8S5?J3VyE#rL_=+2*o`pxuhnn26^++MdWY?%) zz9w-ZExcWBvjm!WGUeegvAvw!=zVqqx9hr_Z155_@``urCbD_%Fc-0gDQ>Q-;*Gv=G-W(# z!0aLDKS%c_vuw@ob-!2SbxUXbU&$7L$XPhkh&c0DbTZ4N`S%-)n&U4|L~2JWm@aF# zn(xjpUfjuDDQw(2^G$RE47qX=t-s5==%mJjr!%A&fDU~6+&BAUs-sh}VW0y@4v1%e zn)wH;Ntj2lB*e8Zm9zt-!Ui#!$76MK*>rOpj(*biE-wL}`jS~J;+gH6E8p+(G}V-uqiLu8 z3#L<*0=2>IL);grbwCqxga6Di^l5FOy!8nTBD z7}k=m;6P-%&?y7Y$Xe71y#%R-#F<2FtP$jGwjHOo2`(3A62fXd(Hy646@apJ7-*OW z+Zlg<4y&pD#yx5P?s3iC%>mZ(r(VG_;t&dMoR*UwdCT7xvDXygpxNXqHdWF2s5)IW zTe^CHB6=!AEXd*vEdkw~X*UDu*FdT1#+gMw6A0z;v@9i-G8#&>N7hmY1M%$S;iJFH zPfG>UxY?_5IK(sJ%u`Ofe49<%Wg68G_tDIO(@2=?#cV>+ft1kpoB7LvJi*RIQMg9@ z>cPU&Su?`1r#w7GR&=-&oOTM_xy+wtENJzzkp3=4;ln~7%P2%vVf-lpo|Yv3p2HWbBOA06%W#RA1r|Wfe3PU#$k}PMzl;pNOxIxRh08LMXOrtXt=(Q2FT^+uy zl8Bt1wZytTZKZBNW6OR^qdA3s$R4{s-GsJO4B7Y&#$U5Xjxppm*R?b*{|mmtC~P3# zF$|A_X2*+DKl556H8_hcCX9Yi%fODX_B7jNlPOP#A#1Q*-tqNjeoHDx3Jd9#NZ>g5GYD0 z%5n_QWdZ}pA_hM{^%&?xgsRB8IE5{F>Hsvjm{@=~mJxZi7;Umj!~m=(rt#C#vJDLi z>Vw}carb9LG3W~yXI0BwLg~+TAnpyyBZO$blh1nNFr%XHEqh)dDVmqR#OBD zx{jQovSKzi!8P2_J9Tfwv83Vn#ziCwls}z4_gsS;P?!h_ zw2(#=?0JG%A^;Gzze*q{iF3K6MqUkv!KGKqNkfg3XnI(Fa0ekZKmU}cKhi~L+iNwu z4BJ8Fs|2*{!dhLK#J7k1+AqY~MVXp1F(00)5V*<+O9FFw+f03k{3D4HT!rW|1-5pA zGy|{eeUlmFW9e$_Z6p>HVV~a}K(MN_c#m2{&*IP4N(s>h1vW0SQtt4^#n{w| z=3>e8%Hqx{n&*QJ`kxBVuEVTl@W3}?=$9D_5>|hT0}f+AaR8%zG!&r?YI6;)ntQGi zpYJ&(D3@-;O1p;p98bJa)`crY^d#3QS8$UO6DOo?kCY_|DTZ-v4UY=sdfQTzZYB^F z^p3G$W~+seu}dpFbeSLuARS!dra82UfFRo_ zq-`c@`pj<$ZY8J~3u)WrkA;XD=&3=nuq^>4q2T5>}Lfz8!>D8J4{x3IM@(PoFOIiQoK|-aT99=u>>}(FPg=4$nW9Hn=xHBKBX!jnN8cKBT|#rR%6OpOLyRDp(%gE?K}a^SzzkuNo2mTi z?FGRWS8;Al$+aDtR^!Z_-!e#aME`(jXVIBy^yCHmB1%R_1Ek z2(#07SC9kr#J=qrAA8wnT{56d;aQ5?!!OYOH@GN%eII3`H?jb9GZ<=HtkQ1+b6|&$ zw9Q-4QVE8(1Rj?6l2_XYc2U1k>2e@h@fVa#aTZt%Kps>wi}E+Io@kxW3nn5#otEo& zwK*%_8u0YNB`z28XF?R$iO5JiD9f|EVx=@Yd$3==*2WV`4YECcDm~}~aQ2U}|1qsm zYCnS^Gt+gnINe-&z_GQnnY31_zzB4=$mgIfOzYeQ&J>x>pwl-}8JcY>m1fW4>HEG~ zi!A%|)Mo=m>f-$LU8dn5*R_b&OgZ9to(5$Q7m(L0l4pxhz^V~Jpv|$)AyZ2h9iw&3 zo$pfMQDB?H^+O-apVyw9d8nYPfBOZr+oF>v*+MJ({Rk zo>@O%Mb_RatkvNMof43?y`ppa*18j^5Oi!B8$>RKu#9r>WS80)D^p4sRsaMN&rrId z5ZP}jMpm$%S^>ufL+!8K&V?8^!C?DKB(8Mt19!VNZ0s~dc!Xt(h(M0@rh%+{cHLFj@ zwj1THvM|4==w|_41nB3=b2m(;8|i2TJSAul4a5iJf>?AR33`2R$`77A23mY!?N~rd z#Pq-{LG&AyQ^h$!2!}qNxAXZq4da9%0w-~!e`-7CEZC^Cs3+s*hPJ4{HQWjGe#2s% zZYcB(Fo88_7P+?mK-Il`0B403B?EI{$Q@>#kzo8CRi3gHU6mR+Yb(EBX^B4vEki6I6$@%QbuGqjVv2=BdSmuKS5%6GTT)~w-z zMBfy_$o08MNqU7DYqU5AhGXNnO|x(Owab|u9$MHk9xye31}kVWDh z_$q3|bhGj*^z|ORE8&y4yAoV*BgK36^fP9ycK^Zi32>s* zDoEJLlbVTXpJ>=$$#a(Z|BbC)`ybR(D!Uwi07_ie&^P0Qzhq?0!z#5zf5lG{&Rf^$ zM7`B6TAEpxaavyLT3$R|33Nwr{zl0GuH@}Jegs4(F=uT?N)cSXQ;RNEo2g2nWg4+4 zz_67SQeRLid5oR{nKm}r*rCe#T=&EAW0a(g0FD2+Gw8{AhJa>o*Hrmj_<0R#F#kCUt3AlSFk4emFz*Ko#xc~W<% z#E@b4K<+_r_;d{uzVBvxwbB>8iGWd51_c^KFi6+2p&v`2lZ zSjmk3)g}<3r?cQTrOdw7EwQc?qp$*%emkeIvYR6WO3*>}yK21meJ|ugpgH86;yWRd z@rF}@xjN0jsLH7t`*VblE`;F%$Eb>}uAa~^|0+cp&WFVXIK*);g@AoLE$R8WrV==F(uzPBYF+QG;kuz`FE>Ai+lF@W}^eqti z?TViE zl5u1ef$y|Lj$ZE#)HT^<Cg9Dp?e$7>d#$SHI1wz1 z7QrxcbI1WmNi={K43p5WV4FzEB;O4!LIbSi;mwzu;ar+hxSyV$$`y=Tp75lf&7{zP z^f4dD?_9JSo7K797r|8!Ghdcy!cAs)=ck(Y!ba`& zBAT{&*It$~Frtj(3?T<$p5wyy?*;Xf3R-&X%uID^6;FtaSR5KMvARA!C_8%*@LS>s z2)|XMj6Pu1==;&H3?}T0;ycsAsiS0Q+;(*CR(PeR=v&^BvjLAt^-X)hokj)-G{b6; z>~S#}<)PLI%|sKcx?AQg9Gp$x(vy{4b)f6__i0jOE*W#t-?!VYAq-O;S}e$^W}790 z<;X#uV^WAGG+HHw%{zPX?9awG?4?hov++esQ8B)sUM~Ud;k25RvAsoO_**lkyFlx7 zP8jrh@u5(U_yDq6fpICl=E|rI599`us{PAj0;N1D=fV`>hPzT&O zrNUI|yxqm5PikpFx^d7aDkA=uXWFHoW1fw7BX%*AblIdafaK!-?50_)$Y}x zlsSM7F910U?x5vJN#&tsYl}k&ikR`zbdqKh{Y(@6%FE5`kZ_pNLPgp;U}iNa!l4Po zkhtyYmz13zGa}`&f}3?p69g)BF*wpMu9YiJhy{Lh3vij@62}2Y%VzrPrF-org zuPyW>y;8ex9_Q#0SQBo=bJV(>Gn1&|bpkNQkn^@MKpPreW}wbLpB8hv+RNw?JyWc< zkSJJ4!PN?>5kR9*7B=ti?KF^Qr3CfDV)0=p?-#M~P>JQhnV%%ux#>XRcVahWQZI zC0sxb!a}~n@J_KKXRnHS(4^zV57YGf+cx+8xj=2gS`2t8JHRv>ri_6zCF3Wy3 zMa)R;d6vhV9QD=jyxD9PMX=VgAu%W;ycwMz|dt`ASS`^p1yhguwgiZ2j0Q0B4k{o`NO3hO|xo?(gV5t?D{ zqXpSkYIR*+{35gd^cK*td)Mmc0yqg^$$(>(626^swh+4=GL`xS?bq{)`0lJh;1bk7 zo!1=-l~y@GEj>-w{VWzq=~WCG7>pwgk*rAY|Cy5I5gPd0C*q@ z0HU~~hy_1Lm%0&nD6&REwZS(%M_(;8xapgwvbI!nbOvBzk zhz22;+MSnZ^RHkxlYrW5J+xRYHiriZGI-QsslP@ccfkp}p4vbqf=jaU>5G}SSt$_C ziklZPnEp!J%UmlrVC+56s0&0spet3|#O|AvP|A)EjLS^Qb9^Q=l_im4GD zkoUR*Hw=!9vXg$_5dgHdHRat;5H8t2DS>NK>+xUXp0k?htw-(kTF?r@Jow-k1P3>K zILf3+YvM)BU{l1=#KpPq?gupv&Gjpm*06zn`9uo%-$yzP$cb z{Oy3K($S@gSLn~?gv3nleYrj0%hv!x*4Rim7n=BfCX{3&4hNr~tkxs}{7g=}0k)6s zaA^OWV6r=t#VdUU7U4>|2AO#A=E5sfKLRY45J+iW!l-?K>+*6x^38qQ(yFfcc)pZ! z3Z3PL@K7Yk;~_m7P;P_$UMSEKpFLO63BWNw7dv4G0$#$VTmiLb+9AYpOyauu5BzF`uO0OiA;b#LOIF_foc>@n``}+k(QuiVn3(QNe>C=p z=zFd;z`|<&8m#*vbZD2Xd*hoI-KbjFUOSZ zyHf3d;2og`Bz4{e?2NRl*8KTMNQ2sux<&fc%Biaxhe31QPW3yOi-Thl_m>$;pb?r2 z@r98dv6sx2t+Xh@A#@?-?~E66>`Cg(!bShdVo1M$C}HDe1h&T=csAk?@{?5=kfidu zyet|x6&9)%yuZm&7Klu#;?}~wIq+B zY1wAw-j3FZf%uWJYxL3&I>YJN3;6B9%Y~tDHd*v0i;FUKp zUND%aKS6}U^rSOx4d}#X8T2>E?QGOXm%QIo zE0V6$HVMc?P2#kTAfN%!KE(A2K)F7FCvaRT=rnIbcFIH(frr|C@4iql7l%=lYsmWOtKT9UDzoTsnskLgbR<}&H& zh=nC77$e*RyGr(CR=AD{U_)srb^cB)f$C4b8UYf;+g3=)Y$r2{u;1THCkMJQiq-E) zU`mkRM-kwfP&zsFll#v=IkSk_N?4K_rYEYnC?bWFumN@|c75=ADARR*?r zoahAm)&ry#M!#MQOKOUUj7VVNJo;NP5QQmV1KbY|W0gZtBFS^GYBD5>(6q5|LIL;I z4v?K63xP!dtn`zAO(cRgpygx_h%Oq42!Y9BSjur9p~pA@0U~G^xPPuPu>u5J4kIvH z0cRX`3oTl{+oDc;LaM(kHJwMM-kOW2 zw&nU!h>Scq-@i7C_FUqhtzzA8l_GN^?THm%m6Cp}oUwS-A2BnrG1Bmo`W$zC6+E*+9!sY6z3?H}FpKXvLUVivahRm6jE zL{-et;SH|fU0AAoYQU4h4DH)5(f7-4tTM}PVgdn$pn7c{@Pw8cG#3L;^;AcjM;4wN zUwU|Ax)il1%j$$V`r6d?S>DXffg#qTnL#@_bCI_tLSMI7xnEF=Pk6$48su&}>4!@H zKb2g0Jd|D7mUZk)HTEqcOLnq^OhVBhL=2K`NHocA3}Y!vD6htvC0PsE%QC#S>`Nq+ zwMNzg=&-VGvj2LH4z zER2ndpUUTJ)WF1g;5@hm!~7G%U0Tsk>)9499bZP=H|4heeSdSI+{8GB==|yEd&A&{M1)u!AF3k48b*d8rN&6|< zw62t4mBjB){PuBr#$~amZs&8AAp><5TgXp`+`zsW%K~ox8}TeUAH|AjfvWp*R-JoF z%zU^8@tb*;H~B_f$Tl?rvn~#k@$C~GOmT=u&X~s$e5@Y0dS+Wr3r_#_Av*IpP9f8mZw*BQ{w@zb*lt;0K0=07JREyK;OZy8YqMqb^ zeOneJbIOT?Q_o95QXfd9cvawWG$%b9EYyJOPIBt#({nK~Kokof#Hq^#k;!5-^0Eb5 zVXI+*XV9q|KmdGy8UT52!igdzk^v3Snoh75cY)m^jRhim8qKItYB$S8Zrk-8WiBu3 z#$`3RAZHie3!pwT6Sy`A0(p4}q8gNVLh`(C$;zH={sTfUo(W7U6UXo9R1?XB(XJ=6 zY~cFQcB86KCdU{USIj@+l4_ekAf@JNSs1n#I}QAUn9=v&k+F`cVv=%A`An5Q(jev= z7eGTZt(1uQK@DdJUBEI}64aM)N&!WW3h9#^J#Zwywiw0+cyo?-%!EOVk%=K1oTa54 z0cy|iE9eOFJ}ip`L1ejjvKsyu!67-0+~m#cG(F+0>}(|hz6f-x4}d}bDF*0sfO?C^ zePw3$xr#;bB~Ty0Flplk&@(BBpYmb^r;WCQ%dKwDck@0d9x2?N2p;4w|Bjbe7YQ>; z579UH!v5HRWXsziCdorZ%s=~g^MjM3OsXIeR9(W>(T#UKc8+z#>ZeOdnZ+_&XwimC zXx);`@qV!^N_~lq0Pf)a8<{#%QDy4;=g#}& z(-;4+46O@i)P>>lmm;Y(%~g~7M)h$y#ZIilwaXv~utDMGc_|hnwV8k7?8V`U;1>A4 zu{W?$==ga=$9R(QO(6ygFw?G?^@|Ri;}ro4q|!rsOFyqoA=^O7Tqs~14%7BrJP9pe zfnPg6s+*YElkFw$Iu_}9e-v`WIprrH&BsgwlE>bjPp+li9mO#HG0)qYO7RsuEj5E; zKCMiL(06d!!|#?R0xK1Wx>9{Q^Ear)FOwfohiczuzZ0~R>ycMd(+a&4m1Uf6ku%!Z z3FAJ)8G(p&szhcS4r!XAssijVTKdTB+b^Pb`b!ZyLwZ3!bI@Fu&l_QHAu){>yg_oO zH{{mCA1@s_E8l{0Jsok}AnQjr{nc`+57CWs&S4h|}a zsuw}Uy{QaL68R9UQrOP7b>gGnI)8M@(bBl_!cg+~ao&o&T3qTvPEkpP=-ahu=$d&M zGo)@p$5uJHhw)jEa zi^MT~LE!>_UTjIDfY2DgiOyYLK_9#+4UW_YASuy0FIZw7Yp zg1X3)R|&vZ!xu@O6;)-OO@YFCxx~rs(I7v1aeRxgjF}ikJRYT?D>M64g@XTsy*CK1Viut(3nd&an0k&vJtJjGug1?LF&WKDw!? zyL}MxlM@}C2HlL1E`2R9MH!{>EkMp3Xp#$AAd<2#6bv1~sBWh{bSg%SgF6M5(-Ymd zrcVgDs8Zd;db=#Jwsvm zVSJi(io)^l{=1dczFSPIC%3jrz!K2a&-cnX4W&)t6D_dmz?bMKIFNGOpvDB!Lp9>h_#j>vN-P@E2gc4 z`IeH#1_yJ0h|QM90o!pa(dBdVzTPI?y87mO1?-&_CBoeiMMvh=OBIdI#eH%Le86C;h&k|s#~p-)Z8_4zd~b6S3}R$eYH|9L;)B) z%TSguX4Uet3a-QrvOxTXH{E*67!CCZeWmx|+(UmeR+gEa8$-&8BkK*8iNouE>GDKJ zH{Z>A!V$`MOXit%MSQW-yZ7ge`-Ka8mWQhqYs3tfvhVGd{mmG?tfs&Wg7~7Ft{;hW zeA?d|h;--mT8{d04DyG9Z43C7)?p1KPaiR%0CL_0zPY`PoV>S+ixqhGRB-OcmBz2d zl`Z)LrM;LdCBO~WU44SxTN3lno}uW20fM$cE4ZB3jw^gL{18;G_E{{z$r=-S*-r`- z0$I7?Z23-^p{zTp!v}Wg-aejKrz1gXOIqz-l2x+_6S0k_><9FTHa3b>Jx&c2;gFHl z%k+R=A}1qFodf&x^zYzQ@%zG`c*8^yUndn2QIK2*B==W z-;QKpA1As_ShcpJ7kHnuQ#_{wozADzXR$yk(V7)%ICk$!!?;9atl3N|3E%ses(eSj z6uTzsfz1!e)6NYaQ@&0X)h{%9~;hc@>{IrLwLey1$to?$PQXh&qRL zj*Q12{u*cpYELk^la_~Q^euN=v@Zr^2faZqGIYo_A)~^66H35up^0nN%n+^zXArUb z33-b$!;uv=KZZ~Iy(Ikn zanWqpp2KnCnLl(=3aqUu(VTSEjUy9BD9d%Y)`2{kQw%gV{&a?>T$&vSks2VWS z1kJK7{EAAE>&#-)E%QrTbR7wbsI$e6`8mD1n5}4;F4F5&rv0;hyUnbxq4!UaD1MUi zXDU1xXPi9+b2C??SufT2bBXI^BBC6ZjtG{AL(jqpez}>m9&$EVsq4`3*%v8rm$Dzad!5-$lX2$n5W6nIC*Ii| z6jwl9vxwz*g4yE%Eo;)pCeTpOt@C>D2(?*!_Nw1@g%!wn7^VzYk|Paye;DOEFgQw4 z(YxhP6xNrAdImAN1A%&#sI!}6Po`oR*MnP@47_zVg$R+~0skenj$gxy__GzhRwh+2 zlSIrU6B9?}zX#t$%?wC}=BUWJ&n=;^`Anl?1BFE)+gDn^K>Nd;= z=z}dI;O@yLf7-8|7s#Vu zh`5v*>-02B@AA^N*#Mco)s^5BobJVI>`Zw@*eUIQHZio-Z&X^L)hCgFDr)>S=ZjL; z@4|{KD-_3`2G~cHzMnsNG|rm%5J+8G@I2aMFfv^Al^#?gIFHf!eV6|(w`VwFce?!9 zo^cLqM1b81y8z$Z+k;Ikam|=-Z7jLX+*YepAHu$VW%qsMSJZ&fiO;k(OxbKFSqh9b)xo@u^Iamz~iVWQA zoiB}A3{xMm(JAWnUs1X*?98c?PUurt2JGX4yaI%-v+=+*JdK;!tVV<7iqwDNF}FQm zw~_$n1JMGIZK{Pk1BC>D4p*)C?g-Pu>lx_}Dehs4Jq)6c6eblU)@>R8^Q#_6xO`AO zje9e;`x(3SoQzG^B=vj)l8D01#GAE=wrx`=SDb{+iEo<3A-B7OJV$O*Ikx4XM97d) z^r3Qfi6aGw};o%@MPCaQKVk5b}?f6TjX{%>?LQBzZ^pAw-$xWRWk5? zHpw1HWot9QyznCINMVMORH5cN#Bi*~re{%Y%-sJn&6Yq` z+JE5DyHnzY%SxQVEB=NYH|^|YpRB2=hEqNbo_`(>*u{k32|&VEtGuWu6q&|s_-msZ zPY@*U?+)&lszgj4l*uv?Fqd~c^w-8Bi2ssi^nb(~VGs28W<+gHwSY~92GoI|EEjCv zeSEA6`eItou_`*=C8}LJ@88jzj`03yt^m&~riw~#l?*BAQQRUA{6`*8E#4itr>Umn zpTA>pyhyWtW%Qrt3oG7-!3Lyuh#qiO$Z z?e$4kP3h?HZ(4ea8~JhM0j(!=KK5f&-T}I}Ox2I#8vY-~^)Oz6@6Q?bAJah9kDk#L zO7G$Hd(KmRH}x4fTM)I1wYAzgCm}EvjmUDRoKgF)Rm0V@0^yqZKA2^D$!!_smUvP1 zKP874tK~1*C)DoyTtcMOl%97^*zlH}yx*Nb;k4pvwN&mCL$Znw6TeWQy_oX5Z1fc4 n-}?VAndJZT@(qc@lQY2{o*EzWPoRJRG|kN$P{T^def0kT_t^9< literal 0 HcmV?d00001 diff --git a/content/v2/replication/state.png b/content/v2/replication/state.png new file mode 100644 index 0000000000000000000000000000000000000000..8ff6bce21e0582565b84bddea596aec7b6907b25 GIT binary patch literal 18298 zcmag_XE>bQ_XZ40h!CA5OhjjNVn(mgi5>)zs565^^cpQhC&8$rw`dW)*95^Zx`-Mj z7|~1g_FR+u_xzvZ{q%ltU}pBd_FjAKbDis4Ya(>DRmtu=xPym>N2ac(^b`;8CKM0v zh9nUo@XGJnv1H)a4cDit3V3CM5B~uF5ZK6T$>ZTw#*kcC-U9w7c2YBO#lySLf&00k z{*-+e4^NdsT}j@+%WNydd;A4F1AA)o7V);}{9(_w$slSQ^#@Y}o#XjH)=O=o6wMVm z#~QxLtoB%*Oq58)qq>5FT`8Pem@s#=<|bs5D45@enT5}UQeiSU2W&8<0ujqi6$l&fM|gG|hKMDYlGT+cwC5QRI4XHPIM$)$B@f z5#oA$S?PLQL(b;VIP{j$rkUehynZt)-E^<^$bXXQ{GI|)95)ig;vZ1&`gzD{dt|6q zY57{xbBC$6Ygw)~soqgtT|+I&x0nOkQ{T0`G01;i=Nc36vypSiQGGCE@JssAYzb4H zagC@0pH992QFh>kL!>6udx2vmv41q-n6#?du3rmQ4RdAy)`H!)s`XAxHB(t zygM&m?{%H@;^EKxargLzOeAF5Ev{S0%j=!mlO}5jB9FhFd)IL&wa5WBlEDqfllNLz z!ZMz?Vi_;`J-Xq4h`+ce7m%oqd^=ybif<$CSw{I#`~Em#&4!k`MiGqI4C3C$5Q3|062t6LUeQy(@v@D zc5%6c7*;1EZJs(%wS9dylDC8G*L6#PtzV{`-JIN~%TwS8?d2hC>)&1DpC?{rNz^-; zV;SY@4NtGLWxrufcK433rcxqTUx6b97Q$HCoM$+)voOs_Fy+E*-&IE@+7wEKaVB6?SaQJP z>}(Py-*CaNJG}kOwSLZH=1s&DEfcCKgGt)v2gAIEA0NL86J%6N{Lr;HW`&U=py;I; zFf$%7^TQ;D<=I?()5ODkOI1_NZk7Jox{%fIH+2V{0ou=Z>1Og}o_XnN$1qUSrUOr; z$2~FZD$G?w$8&p6Ba9&~W%g>0|CkD;$96rGbnZXVJ#jjOa$2{kmmY*{Tw*KaCTQ%3 z+Agse)ZwA6O#RgXD=5<3(O6zW@BfyteQu3S3TQVpF^6o@?HTPj68EA^x2rLdNmLX* zq*HW$y$<-9zsnEmkB{Xw#oe#D?9=M_UXD^{bk_4#`#rNAPz2DymJ$h~BB!{n zb=A0T1lAzDX{*uYSvQ;Iw`a+}c=EU=I(_o3+@=JL_NC@sbdPr_Klj%8mB*&fU}=2a z)W<`x(w600BG0TG>m`ZTxzG8;yNz9kNvksh9*8;}c<_F7aj+o>S{r;1# zUZwnO_)J)#fXip7#z#pgn))e$H*zR~mA{k8|KA?I>i!P9F5?iP31eWp+P^e~uqv@X z*t7oZAm#VfIglnYog1Z_a%0lH)ru2l_wvqY%g!_w0GLa_OfGS@j=p!ISa$Rir zEo&xy;o#Rbc2LIM>IH!6BbxuifVr5}Z|%<8alcIyFC`AiWSO$!7k~OXumszRBSCtC z6WZ<$gIN+{p0rp-nMT9Yte05}2bh`G%hL(XNVy7NrvKrS!*}kj(`Sqq?_8tEU!lL6 zEE4Wy`3t#Tbv1J8*apY~m}v^!>a+b{OaQipx*mAi9`mE>fjjcip7>@)2rpxc&M(28 zwBz=pz9TG^0#PLy5;Q_;W;&dyxqWrL2B1)_%%5Mm_!*`iubMRPGPF?q8ftkty%TeM z+EuxA%n#rzFEB!yGT27Y9^J_}ICty_n5W#-rP}oT$(Y9To0WfO_#4Hc|AD$#z|h3T zwGMXsGH;@(HNyvyPM|`>a;5}f>)P4z*#1+=kD~j5Oue3?jtclad%5GN-aRjVyen4| zY(1ak<=Zyr3E#8)vh@+L9L+R?OLFEkbpmv{e%3}NrkY{qKsr-yCvWSr(){Rp_xjbF z_IB6LZDam^fE5&hX!`#fE`2|7aA(=sxU2@`b4c@Zd+)Z_rUh-E9}murNk%uUT)hvN z@=xEozcYtS$DbZDcUAWZ*fauAvOo=i3*S`2K*$9CAou`N34dsEI;-M&J!&*tWB$d% zyw$7n9Q|deD+Y)py?20cP7EIO?_+p-!yc2jom%lT~rD}WcUngVoyy}|ug)QlRDyaxyIl0r8Jx3HSVv@DJ%#K{1Ur)CDD zOYfjST^z(y4;Xb`%jQO)=VRbL#^B%YAM%@2%Kmyz#L}e;@C&N<#>}8LH%ge4{@`; ziNl0}~hz;e=j-Pllxm1_wZAOST}lRV+ZKdQ*}KHl;c>JZ9Ylo~>5E2l~o zg49y)4Dq8(imNV*-w{nWi1A2+CKa8{9Xtpt1oZ|pXoZA>Qmo) z`^+T8!9X5?JaOqfhvrz5XGr#GJvA$9Sc+70YLXWXqf`ivfvJq&2?vH)6X6DjtaOBE1m^vJ>KbFd(M7fj4C-#iDcqta126OTAaq zOiO)^2zbzNPhtFQf?jCnH(J_G2vnHOWPhQ0>yF<}RBC*0->^gqyestZ>;6ZnZ917S z)2`cbe?ApIA<`oQ;F7M$iJ#ZD@g-Fcqi}w>S%SaFHq_G7T5dw(hZTm#Qtk3?*x(Wjv90Bjt1cQVO z?={K`#8R;n-mnDi;SqrOo2`)ef9oyjgWM;sy9tQ-eBP7pNdgEV30Q$6XCGtjkRojx zgkj%X3Ek;kE{Lp($To%|iAf<=8G)CBoxM?CIN7Y9!l%L>_AUnp;n3SvD{-! zWVU*IOD*ezZY;)LL(QerF+G|rSAkiAphKY`w8z9zOWT5#{onQ~$vpN~nYfBQ0vtZ_ z<#gn^RP$*jrXibHP=7weLc}ccvcwsU3+y6H^Kmdz3m_^#o3yyR>(bFVO~o&rdYi!c zgs$Cr%2eDC(1Ttw2urVj=NKNzV zK9~%xDVj1H`-w!}AsDxbF}zV2fnBA6L`M*2(oa$`b&^i;&8yrUl6%zmWE1b+)1Tw< zM{CNe0iSMVMHNd3(~oF&eFViFWnXNPGu zT-b1oQWy``CAs(9oGv(YGkV^)%UU$D*eLKumB2(!a^$B$lN4cg=nrOYvDqgM!M21* z)B^<%4sKo|QWH?sBaGMjao%1?XaPrn><4XKZ+&%LOJn_~YObBI2v|WX02C7>EbAdK zurB5O=55lYC7Y+cWz1YeBn&={%DTpNJ#q9C&KiI3B#Pcs8vAEqVtn?{`PZqlYv(kq z_UzCbR(T(6?<=S^)V2xEsy@S;5~{qBBnq+6Pc|>{&ACI;?^+=t3fTJEh84qGvaU}*Wgii8 zTBgy54o5TsWM?2hZFVi@9p!gc6fs@9dGr9)7%yqwkFiP5ZLbE4*XK0p@F z6mF@{NqV={+C@?2Ze@;s<+4h+eJp02u3b@(I*$e+tA^;(U7!d-lLZKCIwT0)%LP^? z@}7pBx)U825Rgu1IILDP3)qh1uS^E`!H_9;Wy`ffH>Mwc$D2!qg?kB#-I6AJ-5F#s^llQQe% zA3GZkW%0bz^oB_i7l_lCSxFPDac z(v%v)r8^Y~ctb({8NeZP$pR*Q0gD4GXN|=y2hS(u_mkoh6t1AH>p!Dh1(%!h$J5KvA$ zeRADfx~G#x8|b(F`KE7gkUxO(PIuSIcx<|l0NK6NOs0FGPNNty&AMCWE_&b>=lsf% z>|TNGbOicmP1ex4rRlG%R-IqajY+Y|*LxBsL$4>X*d%xRvEmoTx6v*vguJvzKfb(Z zfWNGFSroZ&v6QozsrvX6-_&Ns3O@hkh1Z)2Paaw|URs}0)5cx8$vV504*rd%M3R`m zM2!hG1f&Qk2+lL5Dhkt;9@r!za<0m&}NErY? zyK7jjkId2~&)&n2Wg}h$iL(3}*c+${55=r4yaof&hahRR9QsfdnRb?k(Y(d{JGY;d z2uLs~Pro{UKfMn)x4av>n5AM?YH1wiFVXG9)le$Ce^0;t18nWm*+}=#v%%8iHySK@ z8-^2tTa5LQJp6G0?~G)Qxx?(nr~h#_mS3z*+XZHnSXZrrT{0XL)w9`NkzG&z15_x2Pn!th031 z_mFI9u4J)!Unmb}-{P4u-dK^4(c!wWD-X5q{ZGVz`Y)$Is=NpQoB${LyLtE>$~NsnqBFXlP+}(EBP~ zF#Wf-g#D{^(GWto(?Z~OTwaWaj%Moegn$Wk1mlXzDYyQZR7f9&-qY-l+37FUxoXv& zwWRHfZ+``igqXPsZOG?jdFty|FT@4Z^*C^bOG&Ilh;1cVLamklf zb_Z~bwdn0_i~er=*@h9Bc9&14F6+g`SctM?<#HFz-1I%(TrgK^);hbed>=+iu*_*g z;G)!Ll?dg1fA4Ry?88LP6`qnnn9AM2mobHrx+6~)N0q9Uy6NX~WsWsv0=UmeAkTH? zoD>s26{iiuw8|iggqCx`I?WpF=C%8+h=Oc|5#o(OWJFg}wBZ6YPlSLqW3^U}E-^?*R2M{u6uWY}Ur)=U2A z)t^&rmghl?l)&M`Prah6OmB;Pwi~gzdfF^DHbH;zFwzjxcI|V>-6_HqP4B4ve|Da> z1*b~c9(n!6%IV06aqmZP$ernp2ZZiZBw7dvqm>*}RSQzG)4BimwAbd-l!A#ACO4|^ zUr&@eyHZH7AI|3Ya;^sK$8V!-G9wVAJ@yl*ep3BisOy{Qz5=+@m(MTy(@1hiPwI<-8{0pu+pF09Ckd#d6=HxD`q>LcX7&iBCEg_ zGgVrhjH>qFzFhyQMbekXGM)PncP~mHc8rOfMjd8Vu!ywg8HZvlyK)=Vq5kt0@il*_ zNqj3NdXA-b_ueVtia;L#){)sfeu!8Q&qxRfZOMUSgiyfMg{`e`IE1Eag_Iq-5)3Pl z{x|QaO=w^IlY~Cutrz)R;MIXN+5s^DzSE}Bn1cDM37O-|okH0OM``yis_l#k`TqTG z4vpEf=AG>(Eff%bfe`)A9!1i{O2wLEgUXRsR@<|U-}*4})`;&KQvf%oZViuwso)OG z;1hlYnl#aFy0Hkepi`(b%{1Jk)C-~Mwk^1WCPjXWnR+bUFhudI&gRtf=L;H{Aq!NG zuim1!hegG&g;Ri#{ks^6uc3x75#m{eGSBLXOc47i15HN|>m@7dcual;MzUFFQdSa8 zy0Ix@jNK_O1t@YDOhq_?5+3SWb7@(7&=in`rMo&!haVA}z%QyJW8vU%U`8#3rh##f z^_A$A0VWnh$`G3J@qtL+zeMh5!LT(4($40sx|z4)C;jgM z4x+`{g&}oo8ae_C2Adn5xU2nOg`v=j7Ru=8Q#@uj8#yK0ND<&hf=8^5Fv~mw_W`fm)_Y@z`FwDYyV=)CrIPX{$d`Tmi zsPO~XCq!VuF}Y>u8g+QR`~=Y<57CbY24zfD+w^Fd0!a*@FX<5=K_N_i7*c?N{d*I3 zO$QNKhq9Fbirk{=zk>$96lvZaHmnXK_p_#?b>O#kc$x*$6WPvehM4it#)AZG9tGUK z^ycSPNJ247;+4~1bJyGdq$s%G#+sGgVh)7lJu&7p%fWPsIE>S4c|-xzKQA7?F)1Ki z{27r<%VKT|`R@_|A-U)HO83=##&)oOh-{;@a@m#u{9pWM#ozzO5SMiG?>7PJA zzR&-BnQ`)U`M4{Rb-p2BNMdJGN{7 z-5RYV-i#Vp(GL-InZ z_yrKG)&HAGt1&7ku($Mi?Gp$aj~3&-ue#a$vklI9KKp3Sxi>bM|IOkV&A62$XufS0 zaCyiK2U9?jL0*UHb918^KO76fv(wFGUe`A)f7gBFTxt3NL7fW)7*OUv&QU!iyWw#C zqx|WRMx^iW3Epxy0HQn`+fEUG{eo2(t4*-1P#lMlaa}tqHVARHa zckF&V=b7cR7(zP>Ajxk>cD^9G0fL=3({yC_{O!fyHv6P~$u0#g-**A&hBp@#Km|%V z2aT}f;$7m1=Ho*Bvw`7p=T3O?r_8Lor(GZB&&|foBeW-TJgx?;Qv+YX2!Ev>SRY?- zv+1{!DvMSg<-eRw^VEvbc##0)8+YXyX+DtMOBEG;GrgSYvn_F)Hh2ZvK4k>B*v4{!*10Jt}p%s?h5!-(R?O^(hdl)LIrgF4_Qm=kv8@lDv1@*`<#13U42f>7<6kZ88I{ypO-)Q#51&p=SN`iO|JkSeevT zO;I`N)T1g0ON`Z>5)|4C`~4n{Jj83o#>vCDjN-`t#-JWqDvaB7FZ>5Wn(59uEd~s| zgO8+B;zT@uc^9UA%9%!~vO~0RSPU0$gYFg&ob#709x~eGTfeY<}T+(F_ z(akGKrn59U(o_Q{{c2UQ%7j6n)VT;T?8RiO%Y?v4#hU@eF;iV_()NPc@hLGT%@@G! z?E5cH^A{NxTNK-()M7{nVhXif#Y*&dE0#XC9=XUhuH|yEz3&~?3C)?ziPAK?%LD!T zXi3Z=>!DU@52jZ0`%rC2gR#|EdEEfE@F5pP-^!;kkJsuL2Z!I~f}^_|4?#j!UGG5e zP_IMX|M_Xf(I>LKr-zSnSQHiGY5Z)ruv2r0AhJ=l)K9Z z-j})AbaV{wT9~0y+YQ!k-uS`)A*Msad8Jozs_w|>a@QyFl;ID0+MaXnMh4v1wzJ}5 z=e=xsk!M#K9#6h>rO~<8&&%?}q#e)wyj;>ScYzK{_P=x;5ZMOwL8ln$eYNqaWLbzi zHL8Wn5K+=~sbTJHUH*K#`$d~@NxGTW;g=Jtk-M>}60WOV$8Q10ip=gqf!^Oq9xRS_ zVNI(*3_PfJ`!l-MaCTT8zz{JI4T9!Ia0|9yxQMy0k8A!8j~{epIytG&ovG>hOznGQ zH&)R2XRNUKb9tL2Pcpq@%gCJ1PHSA(BjCKAL_fdNTJ8AYA4N=HK%(e)@^ySSuGFl` z+CAUYT*RAZMKIlS4~Z`wxX^F{z4s3R68*^RNQQS(mQNMonqy;8f^BP={%3z|yBEGk z(KeqRV4E9Vv4{uljXO8$u_MsgLGvq1x3szeUF+HCu%|yMH~|2`-sdx>yo|_wVVh~4 zB1Ns%7`IaLS`<7vqG=dbO1iJ0nSN7u!$}xpRW#E@f1bk-jpG#ctj>%Bm;798oqvP8gf3$O$%^9b zc}av7a#<*?7FG}fhx1*43rw-CYq9~WoetCG&w5@fz03~KOs%Q-*z-1|0L{TW(Q_P3 zsa}*$41UX2R8bv$SnlX@JAE&E2Ag*LhIqU1jZ^|4LzreM8>5UtB7xKHcx5+xBLyMB za2ry%-MV`H;?GOcfh1h6GQC1tLh$k?66?(Rx$NeqhC!N2KPeK4=`+rE$5ZhomkDUA z5*7jIos!>zueQ@w9h{Y9vapvNj&S+vzw36!aX#8F|J6fSX5^hLzIwxl?>c2 z^&ct|LGg?NtKgyP;;511M5FP-DjM&LBo3&MNiS*aC(GcwIec2se@VnyEviIe3i7^} zS(uddQ6&|=-tC2lET54pv9J3_op{%ABsx$M?^tCDV$BTI{EFsy+7QcMe~IBUv-$7Q z@wFH{lhkU2bQz!404~s{i2u$67MJ$~Vm-VJn|csO!84U24ePGp`ylYbLu+soS_>iW-727o(YlK|yWOa-2%pkdN$}?kE;|Q}m4nJ8=#q`(1Qu#K0;Uiuuf;e~?&h(654-2ue<`e3mWz2;C5)2`BOlYIZhokO z6FLJ9vQ+Fx%qEb}S!t!AU!Z4*65`X)UpbyMz!?;fgg|#-mTLsjcPZ2Rr3U7n)?xCs zQVMx(D3p?+bgVF2$;;gjCHA7vmcAil;O z=d13T5IkbV!PJj{?-JkFlpMVlI_;NbL6gG#7N7J53kz@(DO@xDhvI04cc+T$8hBXV z!7V$$h@n|=RQP~m77-D3D_A(Sn6|3P=~Gs>@=an~bx)7L`$f9o-8EM$wxE--A8)8z zftAWa({=3bRV3Yjw;UAWmYcy8|B@a*Lj6HoAZf5PK`I{^l!)T6BQYUvUR?`?`i1i- zx%BvxPLUKk;E~};S#k0X#+-Gz+T+RM(n<#EX)eDpns9QgL8nGMNGjYuLx-5u~yjg2_q?O7e|#Fq=|u z;v1UuR$O%eHYpuBU9qGMde1c7Ini5DKky15#2Ua6gb?R$nZ2hTBP^TybEqZb?bvvsG9W7soAn(#PdGLB@B|FbvT;6FOB06gn zStIp7*X(K}lGwF;xj*Xw7{$uTEe9>jlK0p(g5o%h9XdS3LB+)s(93om-a8sTh`VK_ zes+p2;}6BJon)6NlIFX*E=$MhPC;^PHXM=j3Tr$VOYRC4YnHYlMJ z--ihqvYc=Q@6&59V-=^~;Ysz70QDzn4mj+#0JP_&PpiY~2yr9BT2#dG>g@qdwA>FZ z9Ll`rhhD^9;4_1y9fai(+4@P{j%G{C-@b*_I5F?j^@AnCNoOKOaeFC$GkaH1Bnl7% znu_%cyMfZAgy9xmde`6=D_$UBqv2W97S&Om`lfO{PTW5_sT7$0kW%{nX5t5gf|EEM z)x-YLqCa;3h_Dt0gNMzkk%gk&Rer!ik4p|#9^=f)hi~0)&>KA80u$CkWd9^F8kM$L z=?zq`>#hC|hLCkspFD%0kYUCY@a?2}HNqkw`?cgxnPSZDT!p7CS`WvC zO8s+8e&DQeRvSB@NsJbef1LwT;o$uRBvA&BUH{ut6o^SF^vJ6H4{?tAM)_UI|9KP4 zX**jY?SP!&)fi-x8C5I`_yhpjaTxok0QF$u6PvCG4t~YXh|q+JT37rTPh?gs&Z%v! zZd(k}f*--WPZhgda8YE?Z%)BhSiejSA*mRzFGyP^+}pQ1gsyrtOYU*=4hSd7TxvJ) zn7txQnp>fu>i^1=r=6D)jf1ew{-}T~c-)ZvL@l3*|L#=`H)tI?Cg-1osL)_#7Pv@* zh@Vbge$!TB0rEXopA#Bb^|gxzLhLSTZ*NBfF}*geDYMj13c88OggZ25fuSX_Z>=kU z)1LY%H^nS;bt%b+Iokpjy+3TP6bc3pGKm&t>&F9J>Wm9I#(A+2@0#WIV50C&v8N;u z8;P$=#rKR|X`CLh#rq1{`Mpt4YG+`Hyb)MA5|;rHhWBgk`<(`4-tOlSxkWaxP1E0f zVw?ny;K{!N0q2@fEh1>rM~7N`SBIZYLo*XRD`ecxphxge9bs?M1E8J^r1P507P5{v z%W04;%xk%4P&#|YpzmkELPl04{35N$G^u;Km5NrQnpN=cmqnooPN+Cb&iqHNpaQeO zZ1a*>6pMHk)woppeAlymTgVqbe8xm@K{Q6!&Z7^nNZ|n^n#9PX0~Wf2Us;18tG5GH zQw}?--u-s*>GcxF2rfePb~*VgS}Dkshp6zw3B4`3n4V!`ctCxaN>*tgYIu^{yI0@r3OLB46XvUUB zC#T-RhUJqolUy}+6xyQ}Dd@3$`BBFvhX+QWB7CP9x4vFuE~x%Pjc27hUW-r2-%3qN zSh5KCXMwLi?D-ioTzdS+L$Dh#kECe+0FP0C=ZM=l3s^6ge)zRH&OTxAkN@<2eBMWT zkL@IA{va+V>(EwF!l#@kjDd-L2?QH9WC;b9yQV>^ASB?*B= zJ=jocD?)LrK;q@DIH+txpI8lOit4*^{V~CnqB@!MV4?O7(@anE>`|3eX%>**p>?4*fp5g(ULTVF8pqR&!e`g*&BLq}bh(Bh=mo?Rs|2S;3#> z5!mzBD4_@zO!SsNHCj^w*jX?oj{NrKjlqbR@q42M9~mZruA*6lz~+2mN4NPMfuOIW z`NBS*w12h$RRt)wZ(E(i=4jNXnDeBCaEmdjckF?NKn z_@N}U0<)uf(WWr477VDO%C?$O=e)w%a9L=?n2Q--?dBYTae?5ILRW8`6*Ul67yiPm zS;Wk*Uv^ANq3HZCGD7!2fYkUniBN)BW9$!-$Pj3I1gygF?uPdw1^0kxPBa3-4h2XG z=?zj)vAiv2eeCVGFavMV8~vmCT6IPu0NlbTunq(T`UdX8G#!ZqH)u?OPvdK5GTjYL zKeCR;7{r(Xbo|yoU{69-mfgt69V=}DcrCMOi=0n65)}xzSXRo{VejZtQnpmdsTNp4 zlUuVB{2tDBwy$n4_;Z^gN*!Ya&4MQ*LlMWsh*>QQfP4Q4!;u{$t%ta&5py+M04)A> zRk|q&w=GFUsc+!%?H3*mXohRy&S9Z<06jR479@0|SWL%h}+b3kSd zQ9lx&N=W?l@2vMpzq%EDLZcxMJqB8Zfow!L0R;+IfgTbwbg3OXGoSovtNCb+L{%&{ z|CVBpY-0x+N$-C9r^62fl@em#IGnn!mumoyFJFZ;VJ8^@1J~cMNl4fz*y|;;P%K2? z1vlWga=y-$+@i4|B?v@p6091jgkbiL#^@9Gs3F!BM@$}^Z5rgTRTYV8(Wh=%vn8)V zzRp@^gu)d8_HNH%x#}G!SepQfp3~XlU>jKDfF9-*kr+Ke1otw^vAxISt1AG>N;EO; zPDYzd>ZPZtu&@*mj1PnLw1x3krZ@p5^ndy4z}IAygC7hDFfW*;SGk+<>JXHA;&Zsj zEqA;@Dzs*+yr?+KiqKRhE+UVqKtp(-MA09z;ZyDR-i+ITag%bE9VTQ~}@`+Ia$+Z$> zOgffQAmY)i<&S^CydOiFSOxDc96QWQ)dr{waA|-xklXLKoT> z^FY}JkVNl2WA;nG`i z(dr=UnU9`98hPQ1c_W$<0E2jM>1W4B`4D$SV=;dTdl1jqtD*1Va3x2Kc@x;I4f)M{13c5r(-_4nKv%$Z!a8pYRKrp7;gI>(>Pp1Kf0U;*wmc={bQpdv_4~0Z>3Tr zuqB~P095D2-Onty*G&aK^r?oIRGfuy&ffZ&NqzY&CiAbe=jLCTIbx{XcAMxq&33|u z?4LI0%c5>VU>MyT4@F_AorC{~LM0+Br-fWYcp*~D%vqNUq*=X~3+u85dIrX2LzqPNF8#%k;%VfkOYkDGy zWaU;Kdp{J}vfeJzIC3^;JQfl=IO@-Jp*ghJOqf~v^oY6h(P60TtUPvW>0_3F^B)ne z!n}ap%A#4Wc1gsmpiMl@XN$Q}0xsB0ABP0E+UJ^kbMIa9E_x?~g)|PL&iyAPD?Hs* zb>?`_XyZL@>XMT7{nfBzuEKQ~StesUcaL*k z*zV`7csAk>O-Z~GRX^9_IV0(dYg116yr$^@)cpe^lM%?8NE4x&Y-#SFO*Xdv=Sz3Q z&Z_Wdg_3tN-oE2Ki()I-1Zub|&j~PY(@`mpB8(ZUbN8o-4E6rpLY+3JiNA7em}B%U&}*fDmzNUX@BMJT=+MTm);&pLJq!>)5X62`w$yqm;H>Ny-1FdQj|X=edr314 z|NM@7M#YP(d^BxTWl=ZXQPR@r>s_XX*>cTG@A3M5-VJm&Sdvv=RG0m!ghwTGYQa>u zsSy!_4hm_#ZPuS3ilx5tv67iNTe3dcA-fn_jUt{oVTJDunb9|F86iqCQ90E-ey~x0 z&q({A{fvwLO6Q2M{@%_)AU4J|Vumlit_cb~UXt^E9I6OHEEbRqY77PF;g;l;mw{_S8ib0^^b8avcC zb6IxlVDe}|u8_85_C|_jS9F`6&AjjX{Y$IQ>55Es3|+Qh9+Ob>Lc_0-_V2Ht37#)4 z=!9GgimDykWyGdPe2^8X5dxV-6Uqz4i8H(@v>}T>?b^kZ z>*TLNeWs-B`lzWEZ&%@wwADCnFqchVnoBvp(VUB(@P*_S-ZL0|0(2!q#LmScQ9S7J zi5n7>T_wi-n9sg>u{XMv_UQX>rKhRyju+Ymcjw=$>!o7y{j@875**E!V+`({SqS~# zw9UOE5hnVlMD)=ra>?H)k<5`)g2@mZvWJ`%8}-nr0PIt{0o>^-erV2yZT%C#kyqDT^pIWY^Fr-8wgbsyhQk|$A7 znoIk7@9oU^+sh2q|Ez-h%qD{#p}Bdu9Q$Mpcmi_N5e0_Wd8_yP1+$7_pJiPuyK3-_ zaE&EBFD}q0^pu7+TN?OK65x9SgEX?wEN0MdMBs zQwA*blKoQ`Bh*_S;U(CHne@<27}xz}E^dQe6H#Q3nRh9GboQp!0EPq_Q*t_E?FaPq z>~(*Uj@-A@U9ClFBKUlZEn!;IJG>henCL7S%ZxefeYAyyAZpQhf&<F|`)?aW zEZugwZ<)*=E0dlwxcY_rtXR&jy2IEXS)|p;Mm&m+vHDy$zsoq-ck@{rz7q&ijTlJf zXGJD}vTl*ww>R05+a@9Im#vfQWba|Wvw3*2<(0Wr9UhB;(WIyQZf4Cn1^Jy^AC=rk zqMW#@@gMCY6X^2p^f=J4EnAD>Op^>s3OsMav;geHH2-GY4WF`GG4BN*U-`#>^QhCQ z6QZ(WcnY6!f9r2X6^U_sKz7404s>4sU5;PPVaySriO&)w>=?D;)FXs&Jvkre0>=Rj zOzL+(>B-FbejI5gzI0{+h=zqt3$b}BYlq5iVZDpW8Cx(CGs zTs~7q_}aH-B?`sfr{{Ua3@tr?J}QNx_Ch$d!uyCaC_5KxKbW4c8xsF#nKYoZQX2;f zItOz}Z(A=d-ky1&UU{SIJ3Fy2O5WmYrp=I$y}7c|)PQE28jBwIDH!-s(|(GGWvu%W zi7`eH?p3U4o7@fVnn){hiwF5cyVvbhDMDz-;U0L~Kqr4X(dpz5Td*>&8q%r|N*Krz z|Gw*l;m&8^YlW^<5G#eH+YoENSH^XvQ8Ggl=R>!GyEBbEfIfK3cAB!tU|^{uu)3YIj-;3NtaY9Ze>PrwM)s zZ_e`lcq@h;%x~{_f*g&)oSgrbjR9R9_^Cf3JXhC-+gyTh;qsaEa-6G%H3+nM;T=Bf{ zSre}1FH_pv<$^3Ysx0-TuUpeA(Y&#>8R7BMU?o{V{TM@!k-KqXF1*$q?YS2F!vr~# z?y2`hGQCHWp6_yW^wg>Q@M$6J=^f%gOg;>qNS=j$=Y z+A=`k2Kt`9@KQ{vSn&apiq+NV(d;ur>%mdexwz!*#54Mh`)GSY_G-3_piMQT11PQO zyJd28^uMqt@qQppOqK2RIB~pMbpszyVe zVJ{n0*T3O*@7TxC(4t(0e2OS|ZcvLN?jBv~Bkwzn-HD0T@aJtCS3{I28%p7IuG3~Z znM*s;x-Sh$aLo&59*-2YC?b{@@onIPK^Qn;S^L#nPoP`2;8_Qbzg|ua`QK0Wl4)2^ zike-F_tcRIzc3cZV(a%kSl^>@8|WHb0s%&IH=%!b`5 zf5RH0wCmp&dJLUBUjw>L$o<4WX8i?yuJB0`dGX3oXi} z(^soKpds7da?QD&(my_)VDnJKPVg8=<>->VJfa_nywdo-8FeSI5zgrqU2#sNRt2$< zJ8BT*1V1UYNn>xroK&=0cHC+yYbF17`EA1eZ5DdVEBbh8{@9$}xCguBedRBu_oE+l zQu_8P!WJ=|SFU@F;(NcJ|AN~*PP?pe5|`-RD~AYA5&TQ?+*fB!%w1JA^<4ECoiQsu z%{y1i4GsC#o#nB`U4F$CeZRuqym`6b=pQoVTD<$EG1Sz;$Mi_Zdv|Z=T){GEF}`k) zmW=VY%>K0fMyG%L(BV&KsfQ@ykg%lrA0=L%PeZ|Z*$=5eeYFD787`(R2@H*Wq_Oe~ z3xzRZlD8=MaZTq1pPCRbU%GV(T-ukDyqWsei8u6q0_Ol;g5!iS2ZjGi`m;ayF@@-8 z!`)EyV;4EQC5sCFo7Ovp@fh|`w~-rOj->~kzi#)prB^skd}HF}nZHb?arpvZKcx^_$&_ZQ?STon#_ALqh>ebwi|Ie2|-%;%b z+t`Qswgy(}2XNaeVh98%o2K42!1#waCcb^D5G@TSocwi!_7U>U+5Jh6c7Gp1c>Y`B z$mHFz-HwO`s(AnZCYKOOH$E8tdmj)u+!q?9n$hhKO`~KX>ia2(Y)X_+FOQR@68Nq4 z>hn~shC0fPQ~_~c|GvQeY@C!5;jY!&oi9(gSc>9Q@{=Ct_Og|49J&1``g6=62OGX! zqL2wyP!BRurlR%BL6#1D$LQo})(qAiklwQ?doC((m9dp|i1y3>@>^!|U`)+N5UhM< z-DY9Z_?HdptttGBfRs%ZTga(Q(<@Cg zzV6$?9&5*FK$v3hn?L?q-r$`cnWk3u+Z)}N4xjl&8~6&GEzOJuua~)goFt$GTonX7{zT!*MIR>>;EH5b;C^O7 z2J<_ABlf7YcmT)toH`gHeqU;<@a)(CY_?|uhwhwM8mt()cP#+w;J6q7UVkN|lmlD} ztqM}@uwiFfpKNvPm-pW~uj;#B-}!Kwo#~p*+CsOtt=U|E2)b*^=JmHD^=(UkHhz6`I&S{)h~u@< z=c^Oua?Z28f2#E_f0*7Le_(Iv^Xb;>z->^sw?*&VAfIsC@9Cl6iM88{HX36SL-xHF%#C`X+MF88D8(F;L(+Aubm%_n6a8x~KTR ae1q6c?$C2jOn~R*FnGH9xvX+)_)J~-K<~U$1{ zT}r=Kd@qak?ngzfm~kJzBV^2dxFJC^j=jGlR28hG_0N;~l=jr9Zp{9H;E<`hL=V3Y7uouu?p=|!TPh8_ ztGB;*$(x{d^}U`jAL2@jJ!AvEdWz2hujQ0dw?cO;u1%%#m4 ztoWzoSzfqNmdoA^qp0chBK$2ccdFctxW7j5p8_cbqc%3+n&H=iZ$<@EkXSNR-3QKS zf7ku(ex!N%J{GF|Wfv~}#v1qEphJFKW`_MrK|4w71@c&33F6X z4vU4iD|Y69-^@xusMR;msxuxDYm~7lwi`APks}%{(-S> z35wpeML=@sk)CR6gq$-zVKIjCeTIM0Yw66OW{s#Aa&{26a=xSJK8QaWef_QtTQA~w z%&H_0G868qCi{?UBl=
KI|{cK?>XF3>bg8qnM z{LXEmFLmO`Mq+qILj!un*8Y0O?9m)XYbhclJSi%F;}6Hi)@D$X7U4)OA!=bxq#8Ow!W-QxT?}1wG^cpOQ z|7x2vBNI4N7&u|aL|-HNi2gSz^E18&(@#0O>y5uEY{{)9VMLedRXp&l2S zDN(;m`fIK}srKXU2+uJw01Vbrwg!=U_(o|Y*$SIw3_^rW*} zcP1s21Yd6n2T!R@mhOf*EordCqtGHN!f>=W9^a~5*RBqNC=>BXYN8qAbcodiQG7%N zI8sxWq&$WR+y6^qex!C*N~h0{+M7}eQHNGHdd^L>F}3@@WuceJCAe3m(XA=gPQB2k z+JBG0JsWEfBR1ht90I3xSjio&QcDhCR1wa9=nnonA7+kTIeTL2g4V~AuODqm%f}(J z?;Q^i*m-b$b}0|PqvRf~dv8;M-s5{^6n^<hI zj%dWdCf6?kV3Bg*%U)I+gp^g;aMmfVP4k?l-L@27A{C$nW7Gp$V}j|6#W&8pNc7+L zRyRyfj|FU?;a}fx$BDPU6>-6B+lZXS1m9RT|4?Yyt_89fS{7VU^D7#n zx&Cg|kiPso;cR6jJ%Lq5%jo{rf*`Urtd6a1L3ZY-!`#186_|(1kWy!*IZ(>}k{9=1 zRL`3#m&nIjWu#2AG9_YvE>~=^??mZ$PyKBX6I0d#HP$l`OQD}vwx~tkYqVLkS@9!WjOSm?48G;4Gmd*7KI&~cQ z{Kt;X8+3h!Th&+0Y;upZ`An!RMan!NTDH$?yl$Nrp3W1OnI%uSttLIU+y0Qo&c@OX zKlNM=tt*kDEsPobN0+>93qGem`J`BF!6Y$-qyu_MJC+|#gIw7PG|bmunpU{pq>cF0 zbiBivCoVGRU}nv@)!UH?4zdy#b@2rs*X>7*vz?pcK1O~9)jpk|X5eP3c&?mc#3T(h zZA~ZS(Kl$DpUWN|Vk50$GBP#!Nc??r1p3c(O>w;_COnFfYKCS>qnTcq7#qq@V zq%Yl4-^Y6^ZmKo_J$jzGKg!#G7LBXxgKt9k!Dd6ikeb?9COWb!zW=i zq+3hCIVlf+iQLMcOsd2*bPNg{3pt<~vq5lP+Vtip7OrSpzT_iSY_IkyI=%NwASIYM zjZ%2R7J?<;IITiKjj+yi+_|HyFNAXNp_{E9kE+aOJntP;3A@Uj7K|AlpMJf_3&-+U z^c+~aRc+!@*h6a1l%RhpY44z}UTx~r5(u|OcS#dkK^Lp(c?#KAbH>|tfCqu-EdnG_C2Gv>~xO;0}5`-frY(sF8Y(ByPU7cQG{~6-ff^&1@GIk$8}KA2Bq;8XzPTL8WX1p3V!>Z zYIA$#(0K$X>^$fxPlVUQO2$j#7E>cel9FLOgp}AlqyA~3G8i+8b~!OHFDbg_C#=vz zsN>|xh7}6gMKqpm={uG~c&n;iLC+re4)uSb$2|ZUcxC%&00QeC+TpD`xxNxBAi=eQ zfFerfJzM&LSzTN^)AcuCAau7*e3Jr>m`8PM+lI1JqkFa0l4wBmY_J=sr3mR+gtTgC#CB2V>r$wK^aQljVipxyS5> zho$f0GCAYf)uf?C-u;#=wK{dOuT(~8s_5L}kqb_>0q^IPaGvTmUgECJxZ2Bb%NmcG z(f~`ccD$nA)4gHh&F$;iTH_~90p665fSi7(svkF*Mm(4iv_)Lbi&{srK3P9{bf90n zeu2AdHlwN%#`F@Lk(pi8)=%M*M225HJTAJ%FMRL-7)reTz~ZD0cll{oKhz(h;=11H zf&&mmR--+zAZvmXz+3aX{0&=!^{}rfO183+Uow1S3_LG>eVG_Q&n>Q4NQdaY+PAu_ zJTd;wO3~!nU=f(0-x>t03e3^6fc6_8ERKbx-$)Y^*A){f%Zr7L1ki^D651ylPd|?7 zWGeH*AM%(w=%BCLCe|CV+Fp+soef}N$YNngu)iI$&gv+&-T_DIB(# ze(h=L$Y{!~wf*K->b#28Fv!O0Z~p7_k5-BTHPVjP3bF&x3r?~~!rcK%KieYU>da>3 zdR*$qg8O+!hsN6m38V68%dbK{y5Jx0bt#TTq>m$FDb?=grtGS4ZpJTbTzr8TU(WZB z8&93p39VRl*-&+U8Dd}GCXkCSN!|-S)n6k`fNe&YceP&YSFNtBNT0tM&9)RuLS=bh z0j~9r7M)+MAL;N5xH#NvS<>eqoKUgFi6C2-u;n;3OJ!C0UIb=P0k9v6V>ZfpP95`R zx1e`Orn6?JvX(WoQL_Bw=Y!)|2L+3_b2_xkGY1u8g53!r+a45Z#r;HNO_&q@P`rFY z(p?Yq1n6=s%OKs~oz{awXquO81wXF?r#$I~ zoJT_JYl6tN?z9pTXDvylxvb`p;}Ga2Cl6oZ$qZi_!CAFopf^>T!iHjHpVsq-%E+wz z5NUa7J0+P?P@4pgEO+(bg+5l0QdXHS(+`BOwcZ8n%@PdqtLc-^?l^0H?B%a@(Na$| zG$L>7N1nnQLzE_a9}pm}fKYl2pPemKWDwyyTf}B08)P-t&y7N!TQ(Xtc&%@`rVAtVU|%{Pz7QJW%sS-Ax+d#bHH3Ub7c`4s7?)dWN56pk~tMw zZvu-!^ljg+8I(DM?OSBp$x8No@^Z*JI6kwY<2t^EA2#6|k8BT7pq5kxbhkAe*Mu%y zJh3WP!OJ$cHrwdf5LHM*IIk{&$Tm{s)+hScxmxo~-72mnu==KYHMy>R(4Tv{t6! z&k56=1(6>99}_0yuKpst%#X3todv1?!bxldV$0Cx8SS3B$czzdY{p@J&iX9Y*gf{& E0HP45{Qv*} literal 0 HcmV?d00001 diff --git a/content/v2/replication/state_changes2.png b/content/v2/replication/state_changes2.png new file mode 100644 index 0000000000000000000000000000000000000000..01f11518e8f58e61541efcddd41823354073b3cd GIT binary patch literal 5581 zcmeHLc{E$=yVmN_qA03rt_J0pXR4$%G&IOT&C1cJxl{}xnrPKfhnOoGb4{(H#-d7E zD(0AHrD_&)jWOizI=^$)y}#dG>#lp({p+r~*UHY`J74zqywCeS@Ba1^@tYxpiGiDe zhK7boPgmQRhUSbWaIAmsG_aqW4K)D1PI((cG---Syov zu7b+sKx8vCSOZ@l2W*z}$g8BH`YM9|&2xew7c|dhMY26OuX%F3(4fur47dbb{~%*T zyz=vB!4N5ZEv_F>!jHO)y;(4g==68(U^+fY33~3rAp;8*1&cMCDM)uRhPUl9a+wpe zyGGMitrC}c3&IEurX%~Z57IIXs+sSxD&z@>!80$hp_J|Qx___pXh3CtM$I#TgNa+9 z2j}}WHP=M`<(@fFPpxzpzJ>_jdba(6p8S-KoF;yFj=L`=QT8`R`nr@7A?FfXWqWnt ze%_%1x8RgGIXYLtEF^o<8Kyz9Na0!TLS*qe$XOq3OuQ*6wB^wd4@~+sWc%i`Z4w9O z40aLHcKLN^$b^9fn}Wr=loEdDl8Kszm`vFtT`tsDHH*PN@r3ZvoU}mea%D&Iw_WzP<$b8Gz({^Nmum&P)HAxvX5FtO_g7rA3n5b5 zEzARFADq7-9sQmkAG&?>hj9^vix$RuLScIkeVUx(rKB^RJ%d{1K=8H&+oJGqV)svY zRF%qt-e*)a6|8D(KAvv`0Dj-XU6On$H@8E9D)!1G9jrL0~+tIHq(?6`DXj&VHNbpJYFe3ac4glDuoAxv%9ti*o%U)V;s?&NQmm!M2 zn_H&QIC5Ywpo|G{F!`&dleE}A#Mf~AF|o9vdKVd=hlqr|{TygmZOjSo zKq!Kn{BuNpvhuL*x+UGq#N?q`@nx_QiD`S4pC{YC0aFVU_}m5Z?BKaZ`~B_Q<>%wV zbLoqUr?t3DxbDhp1)w>G`#5C!IOIW2A%E36z>9d(NO$7QCxyvN)(8+}#RY@CK0K|B zOTZBaxB=mKS8OjOQs73s+u5eJb==1`hAsP#%p8QT9pD4~B|wE|@mhtrh{>?+2Lr4I zIGNFv_Wq7XowGYFswb-csX%7Eg*zi#$iP7LV>#5__|!(;>!Kd5bDeunKH8F^9A{Wy z1f~q(qCU}$fvR)R;5ldVz@785ht_fA^`KO2okBfAn#i7ad+b}$D!;InBRai`Ag*Og7o)VM`sscvcE1G#&bX=cXnD^ zon~ishc9Hz$Bg3p5Z5#O{v;LkOU5db2A71Fw9;j&#-VA7pdwKO8Pm%-X8!kdoz4%@ z5q$PYw|fkr@O|6&k0+OfMP7oO{(YT^=kCL-Y>3u=P!~U2&(=AE=_hz?xr}9%r@i|X zKu-h0Q*=8FEB(yh#vG|mB(y$lVv3Mf`Vg3yTI<*(3CLCT3(D^K7VS!B`5*FT`hux9uiRS)Dp#gU(OL1H+>oAXlAjK_Gv6mAL66Tasxt7(X?Jsa z*>kNPy_7h7e|5!<<<503$!9r=E)!b+2x_UhP&xuMDiz0l$Ljn2Y{xJ+^m3f{Neink zirS}icFwDDeVdwEJ?=X|+O=m5*`fLI9vTIthM~2!uTQ(yCfnL$rrX2A4`80b9<*{T zU(GQcPpSka-$KFTLG`sYfz!=Cj}K)kxZzgeIl{5EoQhVuK8xX9@Ohv3qN+=V%PVOg zv&neqYZg!Gyev#gtD`z5-6YdTEM5syvz z+?mg!3{U*BD}T26OD#<6$I({>xGz*MWHy)xnGr=&nW^{bf8lyB=4>-uQ+v5OLBMZ) zL46-!?W;C8Y|uJVWM`vM1@om_IH2W6hZ7t1wMKg?IOv>N?TMgV{8HrJQ~e%i)Ti|t z&L*h_)|Q549fq@EA1^B)E2E{RLue(<+lvGwT`L@fO&o|lzMK@D%>&WET>+iKkyolh zHg1xO<&PXa5DFydLlemvY@Ny|%6GF=;Lzzpk7E;$(sODPEK7`g94!oa79HblVb*K` zi*0F@O!GdgW|mNyji^9m648$FPXq=^UYVk5FsEP8u676xw!dSoB)1oUT%}}fuT)(m z?eHE**kydwXx#6A6ZsLZHgj9abgEfQVwKqIh$YOAq1HY&^Jv?8H*p?qu|?aR6COn}d6bOZD90SFCiK6#eL-Q|%AUl2 zJTb4qkw1*C$4sv^$q;`H7xEEqjWIH2JkI|<)%mRyx0*Od)~7?}7u3b`=+`xII3IiN zM{zfc@jE5ISW2!zCEz724Gf0$)dF!3%F_D0+CXap#ga+-30<1so3SQ}KZwyl@3jgQ zSZ4`RmUo@VawhBZWc0H$tqvB;OMOg7+?lE0`$oiiO^!)+GdmZ!-W@I%nWimsL=72H)coGu4l4o)q3g4gACs3DxMHm zN@-=3*b2Rf!-u7SR`s*?La-guWTP=V%S^`dQqiS!M^wwQ1eOwh@1xJ*v`^Ggif3nP zd92~@+ZQ44V|H(zx5YS8nEZyGM}S{ycw+o~T~P_FSuEybVD+7OD=39E_z}hUs-1yitfzTxn_3ukYC(tqMd{NHQytr^wjMS zYTs>&_T%_mTD&LY@EG^whf(ex4P((8eVaz{s~o&PB)N>7Z&>b+6izx#x#Wd+kT%?h z_`R-EiPqws0aqR;H?)a?LNySg@Mkw*QdxHOn7z)J!%0m=%Q8H^BrcQhz`+0)ZNgtO z_W>B?Oh4oZojbl~c_`h+o088xk3|R6463>J?Q{lF_nN5(LC2xJvV%OYEv`eSIE(nK zA(7)f7uRF#dS+tzvs_La)q?(no$kp6FAjT)ae#2glL#Awcf9$}3FMU^+H|vGcnc7v zi_JS-#64H(W3<_GeYeM3z2NHknnr)9-pw4?dl6%ZSw^CUgRi0Ajkh>M%WgNWFF1dXRNt$EunwsE##!rZeZUe$bKhK(}Y{z7)sJ^Oy%K)mm;eRerD+2B%@)zp%%*4vBj zf#GC2DE^eEtykY&?8j1h=^+#(>0~$%PrzUj$(M8C@|X->xuGn^g=r5`?EHq^`q~A! zWgzTlJic6@E*nmHMIbo^trmrwe<4t}ai@4exu*S(Rt?kFM9Z0z^kU>hI46uPrdBQ} zST2S;`$ezje(&}2n)Gqg3(`4;xJ^3xN+_Md&b10}wGY`4&w0z1e~#xEwr3A7M!h9M z-g$7H0Inf>Fby#!`3OzpCK4ha7%0ZSq(#z_SBh(*Sm%BwLGmIF03DKLAwODHb=mw? zmd?u55-kQl05Vg6lxS5jpRc$O}%4Xa}>00GUNGl_#VyP>X+ysG}eMMYH>h=|(7d^c5`tyHv zuIKylgK&hKJYFSyiq?*>euM>Y7p>jK29{h>f>Riu^+i#CR?|TkKsobsrup($IQDH5 z$$4zr{>#a|K2gNCxWl=WpeX*bMhwW8sdZUYOyv;;UQuw za#ehU7vecpLXuh`xiGWzKyDm;=(QKM-+MQ$3WnFW2B6pYMm;3u=Mg3NeCc9&Spb|BF_yr;Dxd$1+~f8n{oI8+>cch zx}E$xguB9K=I2wH`9Ty$^j4sCxBh434_S2Cajbe`-g-{2mP;hnhzmzbidckItqisu z%_qe+JS1JDv}Dc9SJKg=k&AM-87{kk9i>gr^H6P}hLl2|RK(4s7=}OFk{^^|iS3qN z!eWB(3Va5O{*0=H;$(}cmx92rhNHFafyB{M_l7&1Q_#xrEth*e4O$dB0o7KYPierb zqykQsGVPjjm>j|2m%|=vExwy!t;tZOYO(+dF9523gZ_nVyNVrCO4PSj!@$D(Y{)_l zF?7q4!~u`GQ;^F6t98$~zne=?kj@XOGe6i^M>Gag-(JaDlM;jboC2XLgbnW4!*k`c zL?n}F5o?bgzRz*Ov|l5D#;*@3crG&l%o-Ej_Z@T8<1DPMs#1#`#`~@=l`AI0J2d(# zUCk;YmS*K%xtu_qX-i%>P)b$W_hKNmNG$746Whmr_I(NX_|bR}N&qvXEB8(|VlML~ z#xeWV-PL#T7=O3Dq1cRx!fUHru_Gh?;>dcR$J3iz)4zGtRlX+3J`Dkgwm?sO5J>8% z`N%sO+l?FoQ@;`3qb-j`80|)@!C+xDr69!?whh0K@4a;yxiIVfcbVAISTUV88&t=2u^;pynTAB5Bz<$)-pJp;1Ne`nJb-l&U25CdyGZMD_rmaK zx@q>vQ|>bLZ$oAkcch14nHs9g^neK>{_~;rAY#7$C+Optwh7GRAoh;mM+=4A>G8r+ zMejNi-VIo5I{9B!Mw(2KTUgw9+kBID_F9YYq4Kr|8;%RKm1eXo4P|p0dKN%y*2CaJ z2EZQacWkvPixZ2GD=!y_tqRIxUQ~JcWNQNatIb=<8krSV?|^blL1h4(6Yxs-;B|3J zx$;czRSsX&ham006wJwx|D}$fjjIn870$dr_uK>F`(r{q?;)UxXeu{kZzh;sA zpYVD9KZyUi + repctl tool for Replication feature in detail +--- +# repctl + +`repctl` is a command-line client for configuring replication +and managing replicated resources between multiple Kubernetes clusters. + + +## Usage + +### Managing Clusters + +To begin managing replication with `repctl` you need to add your Kubernetes +clusters, you can do that using `cluster add` command + +```shell +./repctl cluster add -f -n +``` + +You can view clusters that are currently being managed by `repctl` +by running `cluster list` command + +```shell +./repctl cluster list +``` + +Also, you can inject information about all of your current clusters as +config maps into the same clusters, so it can be used by `dell-csi-replicator` + +```shell +./repctl cluster inject +``` + +You can also generate kubeconfigs from existing replication service accounts and inject them in config maps by providing `--use-sa` flag + +```shell +./repctl cluster inject --use-sa +``` + +### Querying Resources + +After adding clusters you want to manage with `repctl` you can query +resources from multiple clusters at once using `list` command. + +For example, this command will list all storage classes in all clusters +that currently are being managed by `repctl` + +```shell +./repctl list storageclasses --all +``` + +If you want to query some particular clusters you can do that by specifying +`clusters` flag + +```shell +./repctl list pv --clusters cluster-1,cluster-3 +``` + +All other different flags for querying resources you can check using +included into the tool help flag `-h`. + +### Creating Resources + +#### Generic +Generic `create` command allows you to apply provided config file into +multiple clusters at once + +```shell +/repctl create -f +``` + +#### PersistentVolumeClaims +You can use `repctl` to create PVCs from Replication Group's PVs +on the target cluster + +```shell +./repctl create pvc --rg -t --dry-run=false +``` + +> By default, 'create pvc' will do a 'dry-run' while creating PVCs. +If you don't encounter any issues in the dry-run, then you can +re-run the command by turning off the dry-run flag to false. + +#### Storage Classes +`repctl` can create special `replication enabled` storage classes from +provided config, you can find example configs in `examples` folder + +```shell +./repctl create sc --from-config ` +``` + +### Single Cluster Replication +`repctl` supports working with replication within a single Kubernetes cluster. + +Just add cluster you want to use with `cluster add` command, and you can list, filter, and create resources. + +Volumes and ReplicationGroups created as "target" resources would be prefixed with `replicated-` +so you can easily differentiate them. + +You can also differentiate between single cluster replication configured StorageClasses and ReplicationGroups and multi-cluster ones +by checking `remoteClusterID` field, for a single cluster the field would be set to `self`. + +To create replication enabled storage classes for single cluster replication using `create sc` command +be sure to set both `sourceClusterID` and `targetClusterID` to the same `clusterID` and continue as usual with executing the command. +Name of StorageClass resource that created as "target" will be appended with `-tgt`. + +### Executing Actions +`repctl` can be used to execute various replication actions on ReplicationGroups. + +#### Failover + +This command will perform a planned `failover` to a cluster or an RG. + +When working with multiple clusters, you can perform failover by specifying the target _cluster ID_. To do that use `--to-cluster ` parameter. + +```shell +./repctl --rg failover --to-cluster cluster2 +``` + +When working with replication within a single cluster, you can perform failover by specifying the target _replication group ID_. To do that use `--to-rg ` parameter. + +```shell +./repctl failover --to-rg +``` + +In both scenarios `repctl` will patch the CR at the source site with action **FAILOVER_REMOTE**. + +You can also provide `--unplanned` parameter, then `repctl` will perform an unplanned failover to a given cluster or an RG, instead of **FAILOVER_REMOTE** `repctl` will patch CR at target cluster with action **UNPLANNED_FAILOVER_LOCAL**. + +#### Reprotect + +This command will perform a `reprotect` at the specified cluster or the RG. + +When working with multiple clusters, you can perform reprotect by specifying the _cluster ID_. To do that use `--to-cluster ` parameter. + +```shell +./repctl --rg reprotect --to-cluster cluster1 +``` + +When working with replication within a single cluster, you can perform reprotect by specifying the _replication group ID_. To do that use `--to-rg ` parameter. + +```shell +./repctl reprotect --to-rg +``` + +In both scenarios `repctl` will patch the CR at the source site with action **REPROTECT_LOCAL**. + +#### Failback + +This command will perform a planned `failback` to a cluster or an RG. + +When working with multiple clusters, you can perform failback by specifying the _cluster ID_, to do that use `--to-cluster ` parameter. + +```shell +./repctl --rg failback --to-cluster cluster1 +``` + +When working with replication within a single cluster, you can perform failback by specifying the _replication group ID_. To do that use `--to-rg ` parameter. + +```shell +./repctl failback --to-rg +``` + +In both scenarios `repctl` will patch the CR at the source site with action **FAILBACK_LOCAL**. + +You can also provide `--discard` parameter, then `repctl` will perform a failback but discard any writes at target, instead of **FAILBACK_LOCAL** `repctl` will patch CR at target cluster with action **ACTION_FAILBACK_DISCARD_CHANGES_LOCAL**. + +#### Swap + +This command will perform a `swap` at a specified cluster or an RG. + +When working with multiple clusters, you can perform swap by specifying the _cluster ID_. To do that use `--to-cluster ` parameter. + +```shell +./repctl --rg swap --to-cluster cluster1 +``` + +When working with replication within a single cluster, you can perform swap by specifying the _replication group ID_. To do that use `--to-rg ` parameter. + +```shell +./repctl swap --to-rg +``` + +repctl will patch CR at the source cluster with action `SWAP_LOCAL`. + + +#### Maintenance Actions + +You can also use `exec` command to execute maintenance actions such as `suspend`, `resume`, and `sync`. + +For single or multi-cluster config: +```shell +./repctl --rg exec -a +``` + +Where `` can be one of the following: +* `suspend` will suspend replication, changes will no longer be synced between replication sites +* `resume` will resume replication, canceling the effect of `suspend` action +* `sync` will force synchronization of change between replication sites + diff --git a/content/v2/replication/troubleshooting.md b/content/v2/replication/troubleshooting.md new file mode 100644 index 0000000000..b9a7103201 --- /dev/null +++ b/content/v2/replication/troubleshooting.md @@ -0,0 +1,15 @@ +--- +title: Troubleshooting +linktitle: Troubleshooting +weight: 8 +description: > + Troubleshooting guide +--- + +| Symptoms | Prevention, Resolution or Workaround | +| --- | --- | +| Persistent volumes don't get created on the target cluster. | Run `kubectl describe` on one of the pods of replication controller and see if event says `Config update won't be applied because of invalid configmap/secrets. Please fix the invalid configuration`. If it does then ensure you correctly populated replication ConfigMap. You can check the current status by running `kubectl describe cm -n dell-replication-controller dell-replication-controller-config`. If ConfigMap is empty please edit it yourself or use `repctl cluster inject` command. | +| Persistent volumes don't get created on the target cluster. You don't see any events on the replication-controller pod. | Check logs of replication controller by running `kubectl logs -n dell-replication-controller dell-replication-controller-manager-`. If you see `clusterId - not found` errors then be sure to check if you specified the same clusterIDs in both your ConfigMap and replication enabled StorageClass. | +| You apply replication action by manually editing ReplicationGroup resource field `spec.action` and don't see any change of ReplicationGroup state after a while. | Check events of the replication-controller pod, if it says `Cannot proceed with action . [unsupported action]` then check spelling of your action and consult [replication-actions](../replication-actions) page. Alternatively, you can use `repctl` instead of manually editing ReplicationGroup resources. | +| You execute failover action using `repctl failover` command and see `failover: error executing failover to source site`. | This means you tried to failover to a cluster that is already marked source. If you still want to execute failover for RG just choose another cluster. | +| You've created PersistentVolumeClaim using replication enabled StorageClass but don't see any RGs created in the source cluster. | Check annotations of created PersistentVolumeClaim. If it doesn't have `annotations` that start with `replication.storage.dell.com` then please wait for a couple of minutes for them to be added and RG to be created. | diff --git a/content/v2/resiliency/_index.md b/content/v2/resiliency/_index.md new file mode 100644 index 0000000000..417176e60a --- /dev/null +++ b/content/v2/resiliency/_index.md @@ -0,0 +1,175 @@ +--- +title: "Resiliency" +linkTitle: "Resiliency" +weight: 6 +Description: > + Dell EMC Container Storage Modules (CSM) for Resiliency +--- + +[Container Storage Modules](https://github.com/dell/csm) (CSM) for Resiliency is part of the open-source suite of Kubernetes storage enablers for Dell EMC products. + +User applications can have problems if you want their Pods to be resilient to node failure. This is especially true of those deployed with StatefulSets that use PersistentVolumeClaims. Kubernetes guarantees that there will never be two copies of the same StatefulSet Pod running at the same time and accessing storage. Therefore, it does not clean up StatefulSet Pods if the node executing them fails. + +For the complete discussion and rationale, go to https://github.com/kubernetes/community and search for the pod-safety.md file (path: contributors/design-proposals/storage/pod-safety.md). +For more background on the forced deletion of Pods in a StatefulSet, please visit [Force Delete StatefulSet Pods](https://kubernetes.io/docs/tasks/run-application/force-delete-stateful-set-pod/#:~:text=In%20normal%20operation%20of%20a,1%20are%20alive%20and%20ready). + +## CSM for Resiliency High-Level Description + +CSM for Resiliency is designed to make Kubernetes Applications, including those that utilize persistent storage, more resilient to various failures. The first component of the Resiliency module is a pod monitor that is specifically designed to protect stateful applications from various failures. It is not a standalone application, but rather is deployed as a _sidecar_ to CSI (Container Storage Interface) drivers, in both the driver's controller pods and the driver's node pods. Deploying CSM for Resiliency as a sidecar allows it to make direct requests to the driver through the Unix domain socket that Kubernetes sidecars use to make CSI requests. + +Some of the methods CSM for Resiliency invokes in the driver are standard CSI methods, such as NodeUnpublishVolume, NodeUnstageVolume, and ControllerUnpublishVolume. CSM for Resiliency also uses proprietary calls that are not part of the standard CSI specification. Currently, there is only one, ValidateVolumeHostConnectivity that returns information on whether a host is connected to the storage system and/or whether any I/O activity has happened in the recent past from a list of specified volumes. This allows CSM for Resiliency to make more accurate determinations about the state of the system and its persistent volumes. + +Accordingly, CSM for Resiliency is adapted to and qualified with each CSI driver it is to be used with. Different storage systems have different nuances and characteristics that CSM for Resiliency must take into account. + +## CSM for Resiliency Capabilities + +CSM for Resiliency provides the following capabilities: + +{{}} +| Capability | PowerScale | Unity | PowerStore | PowerFlex | PowerMax | +| - | :-: | :-: | :-: | :-: | :-: | +| Detect pod failures for the following failure types - Node failure, K8S Control Plane Network failure, Array I/O Network failure | no | yes | no | yes | no | +| Cleanup pod artifacts from failed nodes | no | yes | no | yes | no | +| Revoke PV access from failed nodes | no | yes | no | yes | no | +{{
}} + +## Supported Operating Systems/Container Orchestrator Platforms + +{{}} +| COP/OS | Supported Versions | +|-|-| +| Kubernetes | 1.20, 1.21, 1.22 | +| Red Hat OpenShift | 4.7, 4.8 | +| RHEL | 7.x, 8.x | +| CentOS | 7.8, 7.9 | +{{
}} + +## Supported Storage Platforms + +{{}} +| | PowerFlex | Unity | +|---------------|:-------------------:|:----------------:| +| Storage Array | 3.5.x, 3.6.x | 5.0.5, 5.0.6, 5.0.7, 5.1.0 | +{{
}} + +## Supported CSI Drivers + +CSM for Authorization supports the following CSI drivers and versions. +{{}} +| Storage Array | CSI Driver | Supported Versions | +| ------------- | ---------- | ------------------ | +| CSI Driver for Dell EMC PowerFlex | [csi-powerflex](https://github.com/dell/csi-powerflex) | v2.0 | +| CSI Driver for Dell EMC Unity | [csi-unity](https://github.com/dell/csi-unity) | v2.0 | +{{
}} + +### PowerFlex Support + +PowerFlex is a highly scalable array that is very well suited to Kubernetes deployments. The CSM for Resiliency support for PowerFlex leverages the following PowerFlex features: + +* Very quick detection of Array I/O Network Connectivity status changes (generally takes 1-2 seconds for the array to detect changes) +* A robust mechanism if Nodes are doing I/O to volumes (sampled over a 5-second period). +* Low latency REST API supports fast CSI provisioning and de-provisioning operations. +* A proprietary network protocol provided by the SDC component that can run over the same IP interface as the K8S control plane or over a separate IP interface for Array I/O. + +### Unity Support + +Dell EMC Unity is targeted for midsized deployments, remote or branch offices, and cost-sensitive mixed workloads. Unity systems are designed for all-Flash, deliver the best value in the market, and are available in purpose-built (all Flash or hybrid Flash), converged deployment options (through VxBlock), and software-defined virtual edition. + +* Unity (purpose-built): A modern midrange storage solution, engineered from the groundup to meet market demands for Flash, affordability and incredible simplicity. The Unity Family is available in 12 All Flash models and 12 Hybrid models. +* VxBlock (converged): Unity storage options are also available in Dell EMC VxBlock System 1000. +* UnityVSA (virtual): The Unity Virtual Storage Appliance (VSA) allows the advanced unified storage and data management features of the Unity family to be easily deployed on VMware ESXi servers, for a ‘software defined’ approach. UnityVSA is available in two editions: + * Community Edition is a free downloadable 4 TB solution recommended for nonproduction use. + * Professional Edition is a licensed subscription-based offering available at capacity levels of 10 TB, 25 TB, and 50 TB. The subscription includes access to online support resources, EMC Secure Remote Services (ESRS), and on-call software- and systems-related support. + +All three deployment options, i.e. Unity, UnityVSA, and Unity-based VxBlock, enjoy one architecture, one interface with consistent features and rich data services. + +## Limitations and Exclusions + +This file contains information on Limitations and Exclusions that users should be aware of. Additionally, there are driver specific limitations and exclusions that may be called out in the [Deploying CSM for Resiliency](deployment) page. + +### Supported and Tested Operating Modes + +The following provisioning types are supported and have been tested: + +* Dynamic PVC/PVs of accessModes "ReadWriteOnce" and volumeMode "FileSystem". +* Dynamic PVC/PVs of accessModes "ReadWriteOnce" and volumeMode "Block". +* Use of the above volumes with Pods created by StatefulSets. +* Up to 12 or so protected pods on a given node. +* Failing up to 3 nodes at a time in 9 worker node clusters, or failing 1 node at a time in smaller clusters. Application recovery times are dependent on the number of pods that need to be moved as a result of the failure. See the section on "Testing and Performance" for some of the details. + +### Not Tested But Assumed to Work + +* Deployments with the above volume types, provided two pods from the same deployment do not reside on the same node. At the current time anti-affinity rules should be used to guarantee no two pods accessing the same volumes are scheduled to the same node. +* Multi-array support + +### Not Yet Tested or Supported + +* Pods that use persistent volumes from multiple CSI drivers. This _cannot_ be supported because multiple controller-podmons (one for each driver type) would be trying to manage the failover with conflicting actions. + +* ReadWriteMany volumes. This may have issues if a node has multiple pods accessing the same volumes. In any case once pod cleanup fences the volumes on a node, they will no longer be available to any pods using those volumes on that node. We will endeavor to support this in the future. + +* Multiple instances of the same driver type (for example two CSI driver for Dell EMC PowerFlex deployments.) + +## Deploying and Managing Applications Protected by CSM for Resiliency + + The first thing to remember about _CSM for Resiliency_ is that it only takes action on pods configured with the designated label. Both the key and the value have to match what is in the podmon helm configuration. CSM for Resiliency emits a log message at startup with the label key and value it is using to monitor pods: + + ``` + labelSelector: {map[podmon.dellemc.com/driver:csi-vxflexos] + ``` + The above message indicates the key is: podmon.dellemc.com/driver and the label value is csi-vxflexos. To search for the pods that would be monitored, try this: + ``` +[root@lglbx209 podmontest]# kubectl get pods -A -l podmon.dellemc.com/driver=csi-vxflexos +NAMESPACE NAME READY STATUS RESTARTS AGE +pmtu1 podmontest-0 1/1 Running 0 3m7s +pmtu2 podmontest-0 1/1 Running 0 3m8s +pmtu3 podmontest-0 1/1 Running 0 3m6s + ``` + + If CSM for Resiliency detects a problem with a pod caused by a node or other failure that it can initiate remediation for, it will add an event to that pod's events: + ``` + kubectl get events -n pmtu1 + ... + 61s Warning NodeFailure pod/podmontest-0 podmon cleaning pod [7520ba2a-cec5-4dff-8537-20c9bdafbe26 node.example.com] with force delete +... + ``` + + CSM for Resiliency may also generate events if it is unable to cleanup a pod for some reason. For example, it may not clean up a pod because the pod is still doing I/O to the array. + + #### Important + Before putting an application into production that relies on CSM for Resiliency monitoring, it is important to do a few test failovers first. To do this take the node that is running the pod offline for at least 2-3 minutes. Verify that there is an event message similar to the one above is logged, and that the pod recovers and restarts normally with no loss of data. (Note that if the node is running many CSM for Resiliency protected pods, the node may need to be down longer for CSM for Resiliency to have time to evacuate all the protected pods.) + + ### Application Recommendations + + 1. It is recommended that pods that will be monitored by CSM for Resiliency be configured to exit if they receive any I/O errors. That should help achieve the recovery as quickly as possible. + + 2. CSM for Resiliency does not directly monitor application health. However, if standard Kubernetes health checks are configured, that may help reduce pod recovery time in the event of node failure, as CSM for Resiliency should receive an event that the application is Not Ready. Note that a Not Ready pod is not sufficient to trigger CSM for Resiliency action unless there is also some condition indicating a Node failure or problem, such as the Node is tainted, or the array has lost connectivity to the node. + + 3. As noted previously in the Limitations and Exclusions section, CSM for Resiliency has not yet been verified to work with ReadWriteMany or ReadOnlyMany volumes. Also, it has not been verified to work with pod controllers other than StatefulSet. + +## Recovering From Failures + +Normally CSM for Resiliency should be able to move pods that have been impacted by Node Failures to a healthy node. After the failed nodes have come back online, CSM for Resiliency cleans them up (especially any potential zombie pods) and then automatically removes the CSM for Resiliency node taint that prevents pods from being scheduled to the failed node(s). There are a few cases where this cannot be fully automated and operator intervention is required, including: + +1. CSM for Resiliency expects that when a node failure occurs, all CSM for Resiliency labeled pods are evacuated and rescheduled on other nodes. This process may not complete however if the node comes back online before CSM for Resiliency has had time to evacuate all the labeled pods. The remaining pods may not restart correctly, going to "Error" or "CrashLoopBackoff". We are considering some possible remediation for this condition but have not implemented them yet. + + If this happens, try deleting the pod with "kubectl delete pod ...". In our experience this normally will cause the pod to be restarted and transition to the "Running" state. + +2. Podmon-node is responsible for cleaning up failed nodes after the nodes' communication has been restored. The algorithm checks to see that all the monitored pods have terminated and their volumes and mounts have been cleaned up. + + If some of the monitored pods are still executing, node-podmon will emit the following log message at the end of a cleanup cycle (and retry the cleanup after a delay): + + ``` + pods skipped for cleanup because still present: + ``` + If this happens, __DO NOT__ manually remove the CSM for Resiliency node taint. Doing so could possibly cause data corruption if volumes were not cleaned up, and a pod using those volumes was subsequently scheduled to that node. + + The correct course of action in this case is to reboot the failed node(s) that have not removed their taints in a reasonable time (5-10 minutes after the node is online again.) The operator can delay executing this reboot until it is convenient, but new pods will not be scheduled to it in the interim. This reboot will cancel any potential zombie pods. After the reboot, node-podmon should automatically remove the node taint after a short time. + +## Testing Methodology and Results + +A three tier testing methodology is used for CSM for Resiliency: + +1. Unit testing with high coverage (>90% statement) tests the program logic and is especially used to test the error paths by injecting faults. +2. An integration test describes test scenarios in Gherkin that sets up specific testing scenarios executed against a Kubernetes test cluster. The tests use ranges for many of the parameters to add an element of "chaos testing". +3. Script based testing supports longevity testing in a Kubernetes cluster. For example, one test repeatedly fails three different lists of nodes in succession and is used to fail 1/3 of the cluster's worker nodes on a cyclic basis and repeat indefinitely. This test collect statistics on length of time for pod evacuation, pod recovery, and node cleanup. \ No newline at end of file diff --git a/content/v2/resiliency/deployment.md b/content/v2/resiliency/deployment.md new file mode 100644 index 0000000000..3710f604a1 --- /dev/null +++ b/content/v2/resiliency/deployment.md @@ -0,0 +1,150 @@ +--- +title: Deployment +linktitle: Deployment +weight: 3 +description: > + Dell EMC Container Storage Modules (CSM) for Resiliency installation +--- + +CSM for Resiliency is installed as part of the Dell CSI driver installation. The drivers can be installed either by a _helm chart_ or by the _Dell CSI Operator_. Currently, only _Helm chart_ installation is supported. + +For information on the PowerFlex CSI driver, see [PowerFlex CSI Driver](https://github.com/dell/csi-powerflex). + +For information on the Unity CSI driver, see [Unity CSI Driver](https://github.com/dell/csi-unity). + +Configure all the helm chart parameters described below before installing the drivers. + +## Helm Chart Installation + +The drivers that support Helm chart installation allow CSM for Resiliency to be _optionally_ installed by variables in the chart. There is a _podmon_ block specified in the _values.yaml_ file of the chart that will look similar to the text below by default: + +``` +# Podmon is an optional feature under development and tech preview. +# Enable this feature only after contact support for additional information +podmon: + enabled: true + image: dellemc/podmon:v1.0.0 + controller: + args: + - "--csisock=unix:/var/run/csi/csi.sock" + - "--labelvalue=csi-vxflexos" + - "--mode=controller" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + node: + args: + - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" + - "--labelvalue=csi-vxflexos" + - "--mode=node" + - "--leaderelection=false" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + +``` + +To install CSM for Resiliency with the driver, the following changes are required: +1. Enable CSM for Resiliency by changing the podmon.enabled boolean to true. This will enable both controller-podmon and node-podmon. +2. Specify the podmon image to be used as podmon.image. +3. Specify arguments to controller-podmon in the podmon.controller.args block. See "Podmon Arguments" below. Note that some arguments are required. Note that the arguments supplied to controller-podmon are different from those supplied to node-podmon. +4. Specify arguments to node-podmon in the podmon.node.args block. See "Podmon Arguments" below. Note that some arguments are required. Note that the arguments supplied to controller-podmon are different from those supplied to node-podmon. + +## Podmon Arguments + +| Argument | Required | Description | Applicability | +|-|-|-|-| +| enabled | Required | Boolean "true" enables CSM for Resiliency installation with the driver in a helm installation. | top level | +| image | Required | Must be set to a repository where the podmon image can be pulled. | controller & node | +| mode | Required | Must be set to "controller" for controller-podmon and "node" for node-podmon. | controller & node | +| csisock | Required | This should be left as set in the helm template for the driver. For controller:
`-csisock=unix:/var/run/csi/csi.sock`
For node it will vary depending on the driver's identity:
`-csisock=unix:/var/lib/kubelet/plugins`
`/vxflexos.emc.dell.com/csi_sock` | controller & node | +| leaderelection | Required | Boolean value that should be set true for controller and false for node. The default value is true. | controller & node | +| skipArrayConnectionValidation | Optional | Boolean value that if set to true will cause controllerPodCleanup to skip the validation that no I/O is ongoing before cleaning up the pod. | controller | +| labelKey | Optional | String value that sets the label key used to denote pods to be monitored by CSM for Resiliency. It will make life easier if this key is the same for all driver types, and drivers are differentiated by different labelValues (see below). If the label keys are the same across all drivers you can do `kubectl get pods -A -l labelKey` to find all the CSM for Resiliency protected pods. labelKey defaults to "podmon.dellemc.com/driver". | controller & node | +| labelValue | Required | String that sets the value that denotes pods to be monitored by CSM for Resiliency. This must be specific for each driver. Defaults to "csi-vxflexos" for CSI Driver for Dell EMC PowerFlex and "csi-unity" for CSI Driver for Dell EMC Unity | controller & node | +| arrayConnectivityPollRate | Optional | The minimum polling rate in seconds to determine if the array has connectivity to a node. Should not be set to less than 5 seconds. See the specific section for each array type for additional guidance. | controller | +| arrayConnectivityConnectionLossThreshold | Optional | Gives the number of failed connection polls that will be deemed to indicate array connectivity loss. Should not be set to less than 3. See the specific section for each array type for additional guidance. | controller | +| driver-config-params | Required | String that set the path to a file containing configuration parameter(for instance, Log levels) for a driver. | controller & node | + +## PowerFlex Specific Recommendations + +PowerFlex supports a very robust array connection validation mechanism that can detect changes in connectivity in about two seconds and can detect whether I/O has occurred over a five-second sample. For that reason it is recommended to set "skipArrayConnectionValidation=false" (which is the default) and to set "arrayConnectivityPollRate=5" (5 seconds) and "arrayConnectivityConnectionLossThreshold=3" to 3 or more. + +Here is a typical installation used for testing: + +```yaml +podmon: + image: dellemc/podmon + enabled: true + controller: + args: + - "-csisock=unix:/var/run/csi/csi.sock" + - "-labelvalue=csi-vxflexos" + - "-mode=controller" + - "-arrayConnectivityPollRate=5" + - "-arrayConnectivityConnectionLossThreshold=3" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + node: + args: + - "-csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" + - "-labelvalue=csi-vxflexos" + - "-mode=node" + - "-leaderelection=false" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + +``` + +## Unity Specific Recommendations + +Here is a typical installation used for testing: + +```yaml +podmon: + image: dellemc/podmon + enabled: true + controller: + args: + - "-csisock=unix:/var/run/csi/csi.sock" + - "-labelvalue=csi-unity" + - "-driverPath=csi-unity.dellemc.com" + - "-mode=controller" + - "--driver-config-params=/unity-config/driver-config-params.yaml" + node: + args: + - "-csisock=unix:/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock" + - "-labelvalue=csi-unity" + - "-driverPath=csi-unity.dellemc.com" + - "-mode=node" + - "-leaderelection=false" + - "--driver-config-params=/unity-config/driver-config-params.yaml" + +``` + +## Dynamic parameters + +CSM for Resiliency has configuration parameters that can be updated dynamically, such as the logging level and format. This can be +done by editing the DellEMC CSI Driver's parameters ConfigMap. The ConfigMap can be queried using kubectl. +For example, the DellEMC Powerflex CSI Driver ConfigMaps can be found using the following command: `kubectl get -n vxflexos configmap`. +The ConfigMap to edit will have this pattern: -config-params (e.g., `vxflexos-config-params`). + +To update or add parameters, you can use the `kubectl edit` command. For example, `kubectl edit -n vxflexos configmap vxflexos-config-params`. + +This is a list of parameters that can be adjusted for CSM for Resiliency: + +| Parameter | Type | Default | Description | +| --------- | ---- | ------- | ----------- | +| PODMON_CONTROLLER_LOG_FORMAT | String | "text" |Logging format output for the controller podmon sidecar. Should be "text" or "json" | +| PODMON_CONTROLLER_LOG_LEVEL | String | "debug" |Logging level for the controller podmon sidecar. Standard values: 'info', 'error', 'warning', 'debug', 'trace' | +| PODMON_NODE_LOG_FORMAT | String | "text" |Logging format output for the node podmon sidecar. Should be "text" or "json" | +| PODMON_NODE_LOG_LEVEL | String | "debug" |Logging level for the node podmon sidecar. Standard values: 'info', 'error', 'warning', 'debug', 'trace' | +| PODMON_ARRAY_CONNECTIVITY_POLL_RATE | Integer (>0) | 15 |An interval in seconds to poll the underlying array | +| PODMON_ARRAY_CONNECTIVITY_CONNECTION_LOSS_THRESHOLD | Integer (>0) | 3 |A value representing the number of failed connection poll intervals before marking the array connectivity as lost | +| PODMON_SKIP_ARRAY_CONNECTION_VALIDATION | Boolean | false |Flag to disable the array connectivity check | + +Here is an example of the parameters: + +```yaml + PODMON_CONTROLLER_LOG_FORMAT: "text" + PODMON_CONTROLLER_LOG_LEVEL: "info" + PODMON_NODE_LOG_FORMAT: "text" + PODMON_NODE_LOG_LEVEL: "info" + PODMON_ARRAY_CONNECTIVITY_POLL_RATE: 20 + PODMON_ARRAY_CONNECTIVITY_CONNECTION_LOSS_THRESHOLD: 2 + PODMON_SKIP_ARRAY_CONNECTION_VALIDATION: true +``` diff --git a/content/v2/resiliency/design.md b/content/v2/resiliency/design.md new file mode 100644 index 0000000000..241b9ecfeb --- /dev/null +++ b/content/v2/resiliency/design.md @@ -0,0 +1,60 @@ +--- +title: Design +linktitle: Design +weight: 1 +description: > + CSM for Resiliency Design +--- + +This section covers CSM for Resiliency's design. The detail is sufficient that you should be able to understand what CSM for Resiliency is designed to do in various situations and how it works. CSM for Resiliency is deployed as a sidecar named _podmon_ with a CSI driver in both the controller pods and node pods. These are referred to as controller-podmon and node-podmon respectively. + +Generally controller-podmon and the driver controller pods are deployed using a Deployment. +The Deployments support one or multiple replicas for High Availability and use a standard K8S leader election protocol so that only one controller +is active at a time (as does the driver and all the controller sidecars.) +The controller deployment also supports a Node Selector that allows the controllers to be placed on K8S Manager (non Worker) nodes. + +Node-podmon and the driver node pods are deployed in a DaemonSet, with a Pod deployed on every K8S Worker Node. + +## Controller-Podmon + +Controller-podmon is responsible for: + +* Setting up a Watch for CSM for Resiliency labeled pods, and if a Pod is Initialized but Not Ready and resident on a Node with a NoSchedule or NoExecute taint, calling _controllerCleanupPod_ to cleanup the pod so that a replacement pod can be scheduled. + +* Periodically polling the arrays to see if it has connectivity to the nodes that are hosting CSM for Resiliency labeled pods (if enabled.) If an array has lost connectivity to a node hosting CSM for Resiliency labeled pods using that array, _controllerCleanupPod_ is invoked to cleanup the pods that have lost I/O connectivity. + +* Tainting nodes that have failed so that a) no further pods will get scheduled to them until they are returned to service, and b) podmon-node upon seeing the taint will invoke +the cleanup operations to make sure any zombie pods (pods that have been replaced) cannot write to the volumes they were using. + +* If a CSM for Resiliency labeled pod enters a CrashLoopBackOff state, deleting that pod so it can be replaced. + +_ControllerCleanupPod_ cleans up the pod by taking the following actions: +1. The VolumeAttachments (VAs) are loaded, and all VAs belonging to the pod being cleaned up are identified. The PVs for each VolumeAttachment are identified and used to get the Volume Handle (array identifier for the volume.) +2. If enabled, the array is queried if any of the volumes to the pod are still doing I/O. If so, cleanup is aborted. +3. The pod's volumes are "fenced" from the node the pod resides on to prevent any potential I/O from a zombie pod. This is done by calling the CSI ControllerUnpublishVolume call for each of the volumes. +4. A taint is applied to the node to keep any new pods from being scheduled to the node. If the replacement pod were to get scheduled to the same node as a zombie pod, they might both gain access to the volume concurrently causing corruption. +5. The VolumeAttachments for the pod is deleted. This is necessary so the replacement pod to be created can attach the volumes. +6. The pod is forcibly deleted so that a StatefulSet controller which created the pod is free to create a replacement pod. + +## Node-Podmon + +Node-podmon has the following responsibilities: + +1. Establishing a pod watch which is used to maintain a list of pods executing on this node that may need to be cleaned up. The list includes information about each Mount volume or Block volume used by the pod including the volume handle, volume name, private mount path, and mount path in the pod. +2. Periodically (every 30 seconds) polling to see if controller-podmon has applied a taint to the node. If so, node-podmon calls _nodeModeCleanupPod_ for each pod to clean up any remnants of the pod (which is potentially a zombie pod.) +3. If all pods have been successfully cleaned up, and there are no labeled pods on this node still existing, only then will node-podmon remove the taint placed on the node by controller-podmon. + +_NodeModeCleanupPod_ cleans up the pod remnants by taking the following actions for each volume used by the pod: +1. Calling NodeUnpublishVolume to unpublish the volume from the pod. +2. Unmounting and deleting the target path for the volume. +3. Calling NodeUnstageVolume to unpublish the volume from the node. +4. Unmounting and deleting the staging path for the volume. + +## Design Limitations + +There are some limitations with the current design. Some might be able to be addressed in the future- others are inherent in the approach. + +1. The design relies on the array's ability to revoke access to a volume for a particular node for the fencing operation. The granularity of access control for a volume is per node. Consequently, it isn't possible to revoke access from one pod on a node while retaining access to another pod on the same node if we cannot communicate with the node. +The implications of this are that if more than one pod on a node is sharing the same volume(s), they all must be protected by CSM for Resiliency, and they all must be cleaned up by controller-podmon if the node fails. If only some of the pods are cleaned up, the other pods will lose access to the volumes shared with pods that have been cleaned, so those pods should also fail. +2. The node-podmon cleanup algorithm purposefully will not remove the node taint until all the protected volumes have been cleaned up from the node. This works well if the node fault lasts long enough that controller-podmon can evacuate all the protected pods from the node. However, if the failure is short-lived, and controller-podmon does not clean up all the protected pods on the node, or if for some reason node-podmon cannot clean a pod completely, the taint is left on the node, and manual intervention is required. The required intervention is for the operator to reboot the node, which will ensure that no zombie pods survive. Upon seeing the reboot, node-podmon will then remove the taint. +3. If the node failure is short-lived and controller-podmon has not evacuated some of the protected pods on the node, they may try and restart on the same pod. This has been observed to cause such pods to go into CrashLoopBackoff. We are currently considering solutions to this problem. diff --git a/content/v2/resiliency/resiliency_model.jpg b/content/v2/resiliency/resiliency_model.jpg new file mode 100644 index 0000000000000000000000000000000000000000..833d20941388192db6e705c526baca147101d910 GIT binary patch literal 54821 zcmeFZ2UOG1wl^3=I*K5@Md?x%q?f2j69MU+sDLy9=>Y;!dPhJ&sS47hM7s120s_)I zA))t#8YCo>``)|v-FxS~neUtV*80}Wx*;c7JNf@NXP>jr+2yxS2s4Cbz>O#BTIv82 z5)wcf@ee?l2dDx_uUz@dllZtwe3DU;kzKt?MomFMPDx8mOG`sdLv!sq!;Nd#>95n! z++e;zf0L1kiHVkug_W6+m4T6o@h?nBNQw7cC8HuEqhh>9bB*zT`ax(1&{JM1zEVg^ z!UMQMPeMvhLg)qn0RR#*VsHP_;s1D$Tp{+6oPv^ynud5m?G3;c5>nDDS4scUYvR>G z#P0!D>B$&w-+M@YQ~w18j|ZdVyQD9aypJk7m<&eId{QqxL#U{kSy^~BJ~*u>P#+``t*{*{BHle3q%kFOuZKOi(LJR&kGIwm>gLuy+3 z$4?n~`CkhPi;7FWRaMv2*46)LXzc9j?&eu~D%tIODPDNo z80l=H8bCRBtPaaqWzm>|6_uM{6CWHZ-V`&Typ?gQWE0i zkm0+Z15S-w1$1<2DD_#mBZ|wSoY7SGlRaXGPN98;sK_jz?Y!Df#c< z2AMS<_{NX4az!tz`v`zzi`F|Zq`4RVe$YRV(w;GwI~SxP1VAo5h=c$zlLG&tOw!xS z0TBRslNfCRfO;?&lmAb2=?DGGcc}!xNL1vXjtm0e_v0AYYYYK!$qbJHV@<3GfOz0P z(N=khyR>jT^f73Pb{ZeTXL#X|NC0fsLJbIj&Z-TZ<3G{PYmBhx_OK(=ZT$CFZO8OH zx${ae0zj=4m5ygh2d!xQBWWs>{~uD&orFpg0H327@v|!gz#lO%V;j1xfdF7v`6s$T z4LHLF#$lsiWo+=vtC~fpBR~RR)EQeq0EF9*U`PLno*WRuw+|2i8{Mjx&xc@}JZhji z2myePHSLkWiHO5`6aSH{(APL6Hzfd6cz`?PE(E|shCBavQvv!e*>;Y(@vmw4*EIa& z>iE}c_}8ZN|DR3C3wTq>0VCM4L^V+xD-lNk+~jMlJ3JM|3pWb+J&ExoB^^x+*xh-D zJs<%1iip;v4){k!;iy_PMf@+8jgi5b!Rh?#h_>j6l<>?p2XvQ*{2RnKt!f% z$Xy`$B!D|eEr2Dm_1ZRG30qzak?p$M(l-l#6}GSdOr|t=)cU%N900f;n*4@blS!g? z;JFqE@_Ku~R=_gbrx8?0$ zfQ!6JmR;1dwg)vk4iQbeO|9^%g(IRIhFB09u7!QK+!oE=n(yI%Z6xA2w|-8nG%vqD z67^s}3;el;7Vcv}*? z5Y=POvHATdFo%{nGzG5V`nryz5??)VYp`0mkpNIQDzz=qFW%x?U(HzTdU)j_KBfsYoy(aWzPBpq@;K~EaA9*OIH$$GiQ&ot4V z*945SxmJY@#DKbkImZirWc2AYIr1cLr54x&I4hr#D4kwuYI{o@P#nh!m=vQ%(w znjSwty*hF;uQePEdxs~%X-=0n%jfT?DE>Z)e{e42XEEXH?z#c|QO3iOpi3?(HO^C2 z1DxGoQlyK!i;X~Si-9|sw@*<+qc1*1r_drlB!3l73MtB1_b;bB5{}V#9v(8Et>vir zQybj()HCB~%{$93vv#~CJF|K(&-cK#YcntARFCm*>kh7geSseC>kj6?=*2=clqYk; zk2zjTSumNqRUpg3N76my^a#;T(8+XJRM+87~cz0=%0+Cl7i z5k1}q5YnptwYRYL7F#VXTaFd&Q&GGz5P5SgfwQpz zrRg>oXNW!1F*qcc9d{jDUm+3EELD!3SH)bLlbx}jM%5(GX#vD)qSU?K2BiMk2pz&H zVwoH&oCpAxo832UES+1a$JaB2c2^&Ai~utzgMMlY*mB8aan}OpYIq9v81q&fUX|@G zrdUr7;QQg?;8!dB0+Zv7ji%LmUsf3P)dB_Mh_8TuZ`P6B%2FMTuYOeHA(h0d^K>e$-;NkBnS5PqjRk+{kY zZ{@`t!`N}s-z%{WNEj!?H?TBYfB^7`C}0}TZ^`-mN%Ye*6%FtwPe}^HpJl=(;dj)f zE_4T{VdKZL1?oN@vQ!3|jtPKw=hnN4azut+e~UXSC|25V$=P1`8Q3Ovr}ZDn{-L&2 z>nH-?YTI#Iz^n!??hRrk68|A_X=$>kSBQ?<}T3@XJ$CI?`vwvhw?C+zsEzkC}mwi2|Qi%%Z;YI&8r)!R$KvZOx+l?Cwpf0+jZ|_yd7li3Yaf%YD~%OEh88#a9UVH z^om*LQ%u3Uw!cc{ZK}(1IbWyp)IVX*d_59q=zoxl9f5WcMb?f4Kuu!UYxn1YE`zSm zy6#KT-go;FdWZXSsFgJ$zM`y^cM%JJl;c7J-;_t=1nk}ul|b*U>1gJcO4 zk8B-02Swb^CE=5P&!?FM>7siKtMbL}^vd{}I(xW^1&WQRUIWvFm)udnKqvhhn>5l2 z;ktWH4P!VCY-V}zcswfi3YGxa&FE>)Fgly_*_c_0u~vW#gx~w1-#3KFxtC1E)P_Fm zl7(Fh24M9J(2>zluH^$JY|5{u=4mB8A5N+Jw_DAgAJKOJTo-#uHcIXMb&7g{kzg9A zEW8grsEN4=NwKVRVVP9Y-~(j z`_Ub~wwjj|2l|iJQWHE`0M}=w1^41HZQV;;*ysv~gj!>y&hPy)9-T)*doLv*hmU2Y zGzTmdsf9XNX>2rB4x+$x(_IRt5jZNO`JSume)!^2ON9o_b~+#M{J;o;47;@ zx-yN;)-?LFzVs66O@-O(3&$Ip#=17iBbIz!zmBi0;kwo)2=WWo+-oI2Gb?BEA_21A1iTqM zLH`gF+sQ49?nxa@)EE^z&TLXvGXd3vA6@+>BL)2`*P#?b(#MGz8^ADruSw(POtlio zoLz+b9!$F}UMqd|!5QUT_V|43j-iuVS;l(Ram&Sta+?;$FRB*Ebj~e;O+_afU<2Q* zb0l8V_-6SLS*Juoe;CTFA7}qP=trMCI<}`CaUCauIe3CjYhxOYL{7>!a`n`wzKOEx zkE9FXJJ+Y+OH5yw&QMz!dCTq)wT@APhc@fOitURMyXHdYvW1>#EDG`ukj{iCSN7OK z`LMG{1f4ZhwHjlR=yN@Mg~pb)65=M5?;_O@Q>NcQ%}8;}t9P`czs$y5{#o%Ct+~-N ztCtlMDFFieV~uT=bGzI4i6ZvnHHDH^CyOTru7b>s1%u3UX91S>(=)*gPJWHx4z}Ri zTg2>Kc#T99x5#7#Z7UDP2s2+M#22(fzADo4N&5y1tL^0^sqD%X3rN#)aJkP)A_tbG zdr5h$D8X9d8TvGzbkVAF_zNh5a6H?gb5CvKE0n*4Pm%RV!NvKJiR9E6_MLvvtl+f|sF(@@(!IUC(7LNQC)tJDwa zyVgSJb;&h(=`g< z*=kfSu$Ym0yk8b1UAVo(i(yVj_F`|M4ro-7^NN(MG$7Wj3 z%naqk7iZF52LIS#Q~e^ptBXZ^TAa z+PgA;aZwU;3M#VV)bMkgSqNKRMpMek@qS^WXmJfZ^+`8juZH;b-Q!wv`n{4fGwas3 za75$ZB!!U28*kx{C}PWv$35e9O|o9^j_EsXH(4v!D%I{{J}TTdR%0_g=d$llM+ znJcUxb+fq44hC++7+NJDZgjwh-@uMjjV_3}hh_eSikXl}XiXxFT(pW)V&Flas-+Fp zWm&V~3NU)^Rb-jPR(&h^;n127R$%y@xQRQu1{=u6qO9;9B1{A55Y; zrll~~-QG68>r_OUT2|$e#SPWRx(e@u(VRD$Upy!;mqNkXM`*BZ_?yqx()K_ z?8CYbYZV(5D;y7d#M9Swv=;*lYc^X1+y5v>c8Da-J(}trKp0ew8Vm#~TCN_wyn0^s zi1X&r)mOSj*|kFuLDZ`T%*AqBPoM->zk7vBWTALb;Ub6Gm$bQOoXDrn&Ct-gH)akL zOdARmeLwBc2R$bkMpIMvjrg&fv}s8t5rU>kQLe+(#n->QVO=)S>mUGPGW5ELE)q_2 zOqwIGzXGcD^)h6%T%V2MDM*s}`6FD{XF)hqT-Dq#le1Bzw9%G@wOc-!K<+oceP5-q zkdh~i4ue{a^@-X~4Ayj9t4*xwUSj%s4w$9KKZ@$D2vwfWQ`fj z)XY{MJmQ;k1tV72bRC|*u(0Ih7ho3t*`M#akzUI?nug&=am%#alku1?R75I99C%eA z-QAz$_c2Y7@W!5FY^&K(LyC)xX%1D#X=#3HuUR^b?KmP%CVBY4G42EDXwm#?5V}-*mdM9Z*OYrOcXc9v+521lFkENG8p#x!>b z6N}vFp`*kG_o0GQP^>45)Qhh_PeJdaSsLrXja6lRfJFTqPe?x#MGVMMjGX}J0bVcj z7GvH}N7IG6BO610RrUM4F){Y%4}NrTi<9=`m0|ER8ct4>U?1Y`Ox!z|CKPb6j?^v0##LqKe< z(%F_5G};+7YCk4ge@$~gTGz`QG;C-MooWWHu*8+M-iGR7fKkVr6}KxVD&`>hjmGB2 znxwRh@9DUrD>9LhJ@LF9FsfEQh|Qn5Q%eGX;o()2WXn9(_g|prVLxs`yFN>AO?OV^ z=|s_BYQ$#yqt5S_ zFz?SlsY0Lhg$Hn29E^`HbgxXC@Ac?8^(F=bg>+r zgMF5-i~$Rqmf!@iC10_0NCKd{obFkDbH+h;qqlFG`|GID-ko*3pW0U_h80Mc(iBBg z@)cqXO7ss40v$h~7C#u7YPU#y{?7K5*Mf0@S2x48$;)=ihL&uRS`+K>io+T~T;U?F^Y+fgJ2VqM-nbDBD zj3%uqXjtbceiFgp_I3RD$8j5-)8IGDS!Yq6O6_PKb%Y?R*+jZ+2kEVqnDfjPif&g~ z6h&{jX)n7s%d@R?(`UL#);wh$`n(2|CcN^hh_MzHqstOeR|3FM2i80HD#ZhajQ1S9 ze{m_OPs5q=aE(Xq-24M)g@zz6ZyW|Z>$CNuM1$tKd862qIavuW^$VPq%Dc-_^*YJs zO0V_8Zyg=VrefRH1#=7K6|F^8kU)z`CBxz+Cm2((AWjS;8v;iq%Zs}DSo)+5MX6ZM zC$Zl!TDJfAUVc~&s$4$PQ|MxP>U(y_pRA=jNyCGK+}zmg?Q#O;Ee8zzO(kZd9ZqJ2 zaN!1`VNuPhrCJ>2g`ZIHs{X?HY8W$PwaRbEwcKLRU9@F%2Fjn`Ud@TM((E@+T-LJC zGTn=wKsI$|BVnWD*fpOaP!0gL`3g<>l>hE*6uMm-DxY=w1K1`lplgM+5+Zrx89gkKAu;rN*2k+*g)| zpBz-SCgt_4^Z9>jmsHsh{$bVEul&)Jqi7+K7<5-jPbHCa7^7uMPmieMs%Q0nNYR~H z&*VPHpCUq-Q3#eASBK^4cQ_JcsmqRwj$qJI3ID2Nu2a*CvlN#)BbJnd=gV+TQ`*g` zZvFDmqULXdpK87HF4uxg5@ZrC{S@y^eTgiM?47{A(2}b-(&-%xlolCuS9A_6%e?}1 z@wnjI3FgGOMNP5yMN}Y+N9Xr$4BJJL6~y`LE-Vjr^lI7ssL)&1P08EItupO)k+`u# zlt0c%(nY4#x8zi|>G1n+CT@cpLun+Ct*leH0MT=h5bS_O%luhfkXm#+QspoF;_CKo zL{wB#CgK(Y>z&nvFu#hB71UYS{ev(NJ?>`Stn+9e+~pp^=@sOqQN*HMblsE3VG$&h z9IB*!yh;wHWbtuD54Q^xybNNh^gekxF4UT=Pi-x3{T@q@B@-I2sCg5vDc8T)FQ=Vu zlwUBPkQV4Nv4!V=cYs6ig7uh4oT%ji$2Pm8lW0w;7`cnsVX83A{jVjY^4s!k8(&(` zvfb0%_t6J?TyX1R?QCt;A5Gqd?+d#3Y659j(C~DTNjxpiY)pj<3qt9plvpl}c%ZDg zYA)1kAKPhB|CGAza8+Vh;Yt9;CP7gwy|P6AiLtPDs`b1*-!5?%%lv(Wmd^^RRdBmk zq$9HkFI{uq>+e4ob1hk8I!*5kGPp3qf{@CB%LnmLMI?~%5g&ejTv`)lS-OQ)>{4aN{BYU{1e;*^*u(lSXJ}m;E>TK-}%v{m@I4PZ6I$N;3QnIJl zFomv1BqZk96R}yuJ+G?^k?t&G$XFzPk!CzWXP)J2A`? zr{IJikqC#?lsA8^9$t)5`s^2e^4jf~(=;5Cd75`2k)T8dTfUS*O{=1<8)_>fjWU1z zXo{aS0n4YqYcK+kdrbIV=|-ES3sa`l3O92I7T zaMlXDf}ud-bGCX^g{?myDpr4)SD_@RoKX99%VXAR%S)tuvDHhYXIK*^HgKj?RPIFp zPzK+DM4rZd$BevHvMs47Dc(`g%lXq4}VTm;()@qrq8K zHI5Evd#zA@(WbHHS-M|SGc(2&=4SnkREW$dB}B&`(bdLgg;T~%MWVEImV7gPQ&J5> zHtB|Q(fp!q@d5e+MaD1r4M5E`@^*W{j-3h!oVKOgo5>-h#!Mhv@ZJ;XsHs-3VSweZ zg!Z1-tdb-goqlSJVXj)9-^r0{!T+qi)>WQmew0b^p6ckvrAdpb0a_pv!?7aR?#gQ# zX0;XCae5{-U$6DpqbW?K`(4t4ooP6J9LRn=5*I8mHWIm8;XQKQDQ$?WwqTA&E=@y1 z3d#1ie;$Di+Oh10)r8%}jw2JJq0%ni^)`&7uE+Bq;gk9f_Ow;Psjtr2%--tKK|Ra| zDdNhRqV(5FLB!ly7euZDJTSQ7nI=II>DA@sWf1nft?yz+7ZzMP%4@Q6I)Hi1eXp&) zZQOfNuRU|Ej+;JE?qxkQ?%OSx==WRCkCL*`qC`vP+}%1 z5m&t)({H6kbG$!pJUHYfhovN&zSjbI+lG$g#i2}SMBFN7KM4tD1jUfnF19B6DE}Bk zHoO=lzuNy+iL!+QWazu)QTK%XHdYafjiW~v z7;6UYMT9nYH0GU{k~JD+(unDc$I+nNxwj1a#M6r*f%@4DP5K@v~Bu;Y2wob%?EbKAdRm6GXviN(=sUfi;njV??QfV@G^?Q? zdrOy$Hy*z^_oux6AJMe83Ud>XmH@B^G9aEVnUt)Qu8!~K{~WYv*GhZpGoO~E^3?=k zn$3ChYl^Nh@6U`UOUE|RHiKG<0Zpuzub3()wzZ1-b)kE*A{FM2^Yv1b8tbXYN>_+r zSiQ>MumzES0%#9P|LKE6FZXknm!J-bOa7cXeFA`&Qx;2f{t9^i4X9nu|Ks>KnBs3R z;lIO$B1c7dYB&MFZ+YrR05rrB0FNz9H*15v34jh`0${Z?c$fe#L10PyVUVFd|*uhr`o#Ef-8;`+0{W~l!czLUCi21`vr>56p%^K3E|qsv!o zGVgtj78SpXX_ONl(0EDrAmE)@jsCNICPBX1pdgx!l$g)}@tmg1Q}7#oH6}YUM*Ro> zWpl-*_cl()qQ>$j;X1z*tn+4OA60&Jx+*ei{EQ^mq*u?=g&`)AvcE+7+x*WT!}_{+ zW|eV&h{&4B1AR3{z+ajvDF%Vp(j|HfuR+I9AH+Y=tLq3NpbZNlrqq>R=MxcJcMLHG zeWG#T!>A7)(m4M8S3dvz{$D`lqt5>&SiHRkI=n|@ngIG^pp=Cm;?TKhy}#hlziRZ= zVA{Z6U(^_%k^Jv&R&;%^bAE-5%kM;l8#5jBPjpHq>}L}_o(i@ldQz20RI;`{y30Gj zmI@=S~_n=4PF$+2@^ zcxJ>pehVBtYWb{ON!iS#2%}cmVp7Po*+u`v+ZigU15z&==>cLNtB4RgNQ;dp!t!^7 zi0La;RNLi^kthU~C%Mg~7+y{QSXP7A!B}b)jZ3|OHezMo@>3jf!TtS(iT}t(gFGpNw#(TuQy#hgXk)&6Elg=5Ky)0 z6u>OxC9p<~JAlnik|*A4B5h?X@uW!_Z%+Wc{Y(HD9>UjP*qb2HHslQ~(Ih>VLdoJO zzm|a*tg(X~Ia(OH&I4A*E4ERYMwOP&H-59RzG{1jGsmp-atloACi$Sul%(Huha%l0 z>sG9%EwdQYR=6M2Qf|w0#vPZckX`0N9g4x%bVnYKw{i_i9b|TM-}(rN?5+-s^jK}z zyO8Hikjl#4@pZus5&$F*@kMK3Vht)<07_H5iI*PpUR3#WfE+e8msskR({f zjxd;8K`zW2R5|C0V%BBH-m6opxhI2MV<>kaOrhn$gY^pB8B@U|n8$SrAa!(N%oq0I zXyJsUsI_136AcoAvpw6U7N*WNh?|he<+A}-Hw_~6EOjIUq=6d#2a|BeK=$b;K9T00vSdQtUV6?8#K(}!x6<`jVgOjv% z()~LeRn;m}_N1$V2i$k8&0FUQ0I&d8x>tQ(v&-_xo;I>Ak^9!f@d1rv@a^Ogy#>K3 zx4kbhgYW@T|APM4cGo`j@lm6iiDg4%)L6r11f#WME=FN0V@{Q}zR|kO{WUA+UE0Ij z&*^-wa(9n!r)+cK5(|qfKcP^p`m=m-GSj9dl_e- z@HQ4D5lm*6tra?_I3xa}ySS0CffPE*5->#$Co&BcxlqJ%w4cSp7tE|6x!wA={ic=F6v0ajpUrx$pZF6 zFT@v}=Zsr&6Pk^smp;V6P^suLUiHxwr4M(m^L=o5ZyqVXk}UEad-LKU*6%cIv{py2 ztInd}1G~@9+EgFS{P<5X5d*tP9jwYf%Mr1;jK{g5+@upqmgVzH)=qUg?ETC+QAb?+ z#doRV;>TkL?#t;uLLZh7>G%$vRVeHwWac zc2Ie|zL<-j9Q@Tt;tr+!Dz+)H-i|i3k<1KV&rBjJ`X|tL}I8 z6_?SmF&3rs(37sE~*#1^scT zcAnWzn*7g*KV0ttxe=zFs2v`Wd~y>u+M-*D7Ux}ki0T$Z2ozW{gaqEy0!4~GPu|v}fOOLB zm5Z&YiP|Rqa+l$j3aNn6rhsLMm5USJK)@oltJ8Ps9@f2Zt|scVPM-_bmHg`)YtPz~ z?bC|22+HUApg>Yac;jC2Uj3&(s%p@C!~wulzsv8pUBj+)`qiDq+&j%CwW}QPnjT1< z=vA(73DQUVt)z#kC_sWvz|`C1%a1z5U+=RFHq_bv*8C(l@{-ChG~|tQ*_ptOZCl=t z{{hWjpP;qeAu%Z(JUPab=5OV0M^GWd`44Os$uH-@B@3fA zmT1e?%qB^`44t`+V50p{JfmqNyuw?k`R41p-?*`R3^az zSy9D$A)AI^-2opIOp+W)($-(UmwW>NFmxvqU-X{9LU5M0Db%(+5~`gqQU>djM87LGf8{@lD0XQfe{a*O%n@}N29@+bMQV_hi)J#jvu|f zq_`*55%Bb#^x%$TeP%RYjuw;FPga`bV$FpCt&4nM0ixCqXa4)rc%wC`L;dY>$3vOjsF)3BNKW zsTVT)Ir5xB)qHlzvvzM_Z)q4jT^{Qi80*sDGXFS`g1CCfv9g`SnrZKB*^Xcf>`T-y z9j4W%vI`Wtul)8m8kFxP+}~S;VjX);W&PZ9y&U!Pdu4DCca0RfsO-` zq_X=_cBF!2sh+G6&%JE+E_i2gkI{E9rX7iFSTCFU-}aWp-fcGoa-}RD{9=_euiHID zC{Ao}R4LSR3U>-o3#q=VF2q$y3TJ^tz8!OD=nWx98fU9i|(%8Y}KXb!Vxj3tK`pKEsC zFF=o?SC`105yk4EfZQ(7tRG4u9AuZR(Usxb!n#y+7eX!_hEQ++SA15$Dd^d<0g%R zaT7i*HJitmGPt0Zxg9je?lyDyrkwK&Q5)R7Htb6Qtg$2$ zLC~E$js~ z^=FnF4+q$NL+f6bblCu3!v$hjE)<~3dK5cE#T2iN7=3;rog1aUD&z5}S>4`SUEP?K z4FLo=PzW^S&Yqb~)zT58%!us~YiuZrj$N!3;UzC!EdI)|zUKO;Ra`EbUef zd@+qfM1Ny!J3Du^tvu@M2VP3!{fagjSDX}a$C8*Ed^o9cs|RCp)?tEhO6HQ#8n-Z8 zeqV(C9zSvQYWPCO%<^i$9!}!2>T5HWe`SaT#ofmJX{Ci(Bwl4~o52KiYLcK9m)9$` zF7kzJ0w5Wdlr=q)Ly9Ttr6b#_&!xrP_0fSntw}c5M2ijRK2EkxYmAU*z4ckvzC9W}x7uTk~RPwF{VQh&lgS<>dW7%e`EOEB6?FHbt0axpL-OG+n6R z_%YTayP%asO6yI9h!hmpBg=zoGiQ?n7tydjHeEi_2$8n|f#W6K-}uMwz`;AX=%Ug> zg!%nT5d26f5_#5sF+Vah2*$J)tynu>XehW&q;WH8N9R@5eiCPc_UenzN*dKIzO`Fj zZ#tMMMS|m`CCDLuD5isMkxRNxcB>Rgh=ZPb0>{itv4(Zw?K16%eml=c?~>Y?f|>d; z%zCrh#66lu8Wh2fPZ!9{UzE*#A-YnB>-O0 z(K)Kz9y_?7*=spdA?m)jM3rQN0yig+u$f%7^X93|NiIUQIWDrgg;id~DAJ(>6CB zx-}O)b%BzI@S&;pDO%bJwsn0?c74f0-s)Si-ScMnwFJEae19$}&K5a;z>U+ytQCL9 zXvAI(zyAZ%$mlD1?>W_+dEMKFpEM(aq->VSR=E_sEobZX8-a+ybyv9LI<_ITyk6|& z+!7;?zzP6yDF_bO%nR7@lj*|XCB&i2k}v^KQJ4G2kjtYDtqZ@3jqTtj!vwWO)m$@t zkP~EV7b9jcto$)x0boz zknD@>=*{M8wf+t!!LsO0>{i_0do-^dBfsZ{ax93B@GOfXG2B&?J>_p8XF5e zB&nFS*^YcxsZ(PGpM zHtxGTpcebp@559Z=AhGb@vOmp0zhJ7SmeyAWuo<>iMZSI1;F;QR}Q#0fj|}3Efoq3 z*J+a1w+EFP&h_GT$vS-N(*AiAF7JK-KhpQ9jx|h8s0ibS2!L9Ow>af;=#vSkPXQ!P zGYuuOkuq>a>#1Am&89HnH|<~8dhb#&&EdzEu3=bWK+bd_0qZHqA)5=$Y8NN*{k`LJ z3laU(_uWrAJh)ksIao_z&OlOZN;j|;+>s5|M&nCLoJ?*$a62g5{hCJeM!fze@3+*a z*Zp~8213@n;ZvS^zlH0CCh9fS;D#BOU+_}cl)l`Wr)@Oe@Te&SHB|O%CmdEW=qqNU z_0)NlO7;t%yD=q~R|H?qy@Cr7oFj%i9y4!@)v3U4BT%p2PYrn#Kw@Z88$<`*4SZ6) zcdO)esg$c-yPS0Dg({Q{BSG}`9Q#{^oIuybT16l(CgCO*k28K-*La2*$tBvp4_14Q zTXHCt#RR^Yz<9vSf zB(f9Ul6?s)Z*EmjJ@Y-RFFI*BXuAnp&BRvYJ7i&h_;-l#>1-cf{~Tj`xu;5m>GI$W zDm)fLLByD$d+HRU<>4Xo$%oV9aY6P>ce@a2vewF#RwXP2vA{I|w5y1beb|N`uC%SN zkv^NP8O)@zZOHU#e&PGrNXjmRoPv+N2PaJcw6{r_;k-e8e}Kx+d)RVxVi$~B%zIB; z6BC?^A-^q|?b0Qs;Z{#Q{3}Vj(Yi{2(tulF<(7vvXm=4!*9-r$9eh8x-J*6cew@VK z1C@>3%QVplfZ|_jDKn zr)s{8h3c$~%vN{N&tW4?swc}|o1h_<-FFW(#bvTbJI$!X>itwx`3@<_-V{kVj3~aI z#7)-Xn=*Bkw(qu{)u%Ly;CpQDMz*tq_Q+69`A4WRy9=i{PXA1mu@0~O2f+9@b9#xb zx1dkaZnYTUv(w1$=$sbPA?e6aQ)6up;l7`Gfu}*qw!lt$A5Vx*QjHu4Xl7}C&LK&bdG_Fz!P?r`h5DU<@)^OvCU*fu(aFqyupH#b z^70GlWj05jY{tY~&{RD1wNH@DEZg&m0!j7aT~acRho+=1*M2>iH}-MAf_sDoUjR3A z6i4v_*n|~HGh)d+*#cVah2!S4cEHC-odXtD{f?E46Ze~&sw;`RdfzM|5?#S;<33I4 z5r14MIu1KAR18KhDdPbALb=|nXmTA_C}}-LwkL76%?j&+B4RDuHgxR4aT#jmQzeW^ znN#TuJuC{Zz+dV@`gy-0RjDu-!)oI7qftp*4B;@DQ&>NNJ)P(dzu zre(BvOQ|Euoemx)(N-nF_ck@%?P?~goj~t00T9pxjsdaM9>nI}Y`p@p?9916aSS;r zm6Ogk+mfxatnOTv;{EUTUsd=g9m%aTUB^d1@`CgP*ESrakb=6$yy%FgCM; zjpzkT$rv+i1;Z}IiO`a!RO&e}&=XJJL_G8!Po<=fQ9NzJF0KHtWA*y{V06uFNT;Vj zr*Xfsu^+w@iZs#eBL;u(CoQOysX*#v`=pz z-lFYWzn#yA>rS=r)vPdY7Qui{A7f`%fH$y)?e*XrI5t$Y1+03j>DTBzUmpWr4Lc$0 z-X~1L8n=$OVXuhE-e4t6eP6lDihH*hTeFy0_ciyz%|rWF&z`B%+*y0nOL_iQ^p`H6 ztk{)%0Zu&bGUPsdVfm%NJ;tUqeOwz?9(dBQ3L-m3#KLL>yY-?}fYsP~6p(haQ6-=6 z&{}Nbj3GkuXOb%L!06ixtL3{uq2=WlxlDL|3;YP8Zt@_imc*x=OGGthk+jvm@#9RH zqjlobO0vwI>4HFtU8!Yv28afVrB^ZAuj@}?tUIju@o9=Pv%!OOYJmp6Uh4-Q5r#>* z&B`t;J&3DrDz}0W1~x?ZX8I32#HL?+X~AsZHMd%IXQ;Rg1CW$$`=0sNu>w{CK)el0 zw=sHM$IIArR@xm$EpeonJ2Rq(@$0@ObAW1#Q*tQY9&<_lCF;!)^hmX6rkAti7fBt( zz~1|0%o03;U~RTW4LAbv1l8Apn5EV>u!TtT~E0B1qjNg>_|( z-oy>(l#%=T+|??sZIOm3PmjdI$D5Jz<_%Oi)*FP zQ>80+K1RlNgP8;_#IxxxOy(XdKiq46j+vRR+RCk3%&Dn6z})N(h)iI@*a&`4+ z*k#)BGhJe{JzB6=g<}d-2gfN=#JU-RFs4xDkB;2D5Bwd{NG@WNA*@^;17D&}O!b4dwnjg*LCcdEpg zMwUtcylbp8ajTy@uP$liRy3wf2SKoigZ+&m; z7x3@xeZ8VAGD%DjFbDq%SgXhpZI(i5yE8aaQxailLljrrX?DgRN;i*Htp!D7;^4uhb0i5?#dTJ&oaT-W@@?c}F>9eUXi7(YDxC`H^Ea$Zb6WydeRsXL} zNjBJnE*15du0$4yI&3eVD?-vd?)f0)*4c+k4W`{zdQ4v=F6e7T5wgX(&+@zbxx1~x zz&BXq3`iu9ll}q6hrgX6{~ugoh610Shp%~ssfqT@&`yDI{1$$=6ZebdY3bL-)YpWo z_1pYx&Bn5IY&kNHO*H=YH8CQkG9mu5hq5IeD;;^7K!=BE9H?E|)E|O=Oy^aBkiz3_ z8>KJ=c_Q{n&B6IL;;bY8LW6<;0Og;3{?p>V3iE)g*}*!Ei(n%r1VHOGAUf3vaWvU> z5UTMX+#a3;Ab#RkY+`;A$G4Pt)Fr2!0D!Xp9qT<#AP%3n6uN!VmUP+M!j$xPox1<` zyyxUV=a;}1ipd=q??rro2rr(YToE5oe~EVdN8UAWU`KyI0d%EPc#Sjm|4!ihFh`>G z-8c?D2AY=R68EJy%l=Nx|KyDyCFVCrHZM0-;FjmW1(#9tzmxJmhw?H%l=$0eqZhw} z{(bo1@|cZ1vSs(kdSXgqhXz*BFwY$M^>%Y>Qe}1?>!DH7PM!ou$QD(!`I#s0lk$Akw({uaNYHeN0 z4eHP@9GLk9)89ZkJSR>T`*KJ&^4LrazK|kNprG8d8g?S4l$o`$6SEKdo6@BJhYG0v zyQZwMo96Nh^hlPU(}mcIb~R<#o98ZC) z2rNWEL25)q1O%kF6a@k40s=~lf`Et+l_o6_LKW#H^xkVi34s*9=~`!>qigMb&feeN z=icA%-u;I%OOpA{w?6MP#(2i)!{ZSSY3MOnTdXn^i%U0@T~(FYG*O#o>@vLko9SD$ z`C04QuLzFz-);+dpb#h(<>UuN5UulVhHIEPo!`D3V?TVhvGdoB1nSaG=bY#^VI%8> zFUw#1A=#Vpexu4q??l&_YV#ZhU(<2_{TF_J{E3!N<{3H|##bB8)a%I>#I$X|oJPAm z=iZ}sUU8tyB#l8HV?M(i5LB+bWOIHJ^N1lsj49mhoeL$vDx(0t;W2*V-B^FhIHa!I z{P?<*?n1Hme*RWO$nRzPy~MJs#~qq+VAMS~o}poExA1Zcu&G?gB~cQ{$^hS~Zt8O(>U*XEI2ToiBG_Q@asK0&;Y2L^13o-M_+h_Is5+++0w$V{@55V?sXG9^yn+9 zM`H%gq1wveAk!WsS!s@m!&7SFF5-+9T+?kb76^m+q|muov0eNAz`7TjhnciLR9G}5 zf{)UiG!po<&Q5LJZt&1eN&ip_lShpMrg&-uOGe{amMl_Ae}&t&}8?!Whn??u%3sndLKwSVCc zr4$xy--Nu%e4~XhV`%!Kw*a}2O?Deko9MTIw3O5a;}eb%^bu9efw|7e*LF;?|-;oqIUip=v0dvg$sC&)K6!Xdl=g~G$UGP2x`KxlcD3U z#bLHQ*Z7+U_bo~bL(?5aumxl%OWaJsQMhR?F1in7m&FWlA^z06sq!Az7@OD7sl~ao zXA8j8|E=dUlSruQ6Pq(e_7Pg*^W&Viv=5xz;`q?;Av06#veCo0=Rlhri~l7dn)z3R zSpMT0(;K284GR!2P_mQQe;rC}Ma43-HW{d06Ad$d21z=3I(p^5t?$`Ssgxc%WH!Lu ztw#D9CXAs9cP7E`kimH8R7u0@GK4BZGWy>AuzA9v3~Nh$WBmcKM$sT1R+1R4}OJchF5pZtJt;w696#CLOm5 zgjZHa9v!USuFn}_@a10=5IaLpr$5K_e*-xIGFr3C_wCeN$8eApm$is3XZuZhIX?A{B^@LAFGf4@tp?-P8Ql16SUl?j&}1Pl^K3<)C23F}D@24aPt;L+6F`i|DbM zG}o2r@)euF&qh)FzDOG_Da-sNDeILo%OSg0gp}l>E?P4z2N+N&eVC^+*__mnI~f~} z=3|pOO;qSPS{Px z7l_u#UJ2rBKDM>Ry{Z`Rd!Vy1<-sLe!!L$TTQWQd-rlraFPtx*q`-TNI%8~-@UD?FZj@X<#qy&VTBE zm;v_uc;6y}=NsthOc{*@P>_{R{`qtSKy-mw3^B&NS{yNV9*D510)(E(o>M{Jr@Z%Y zz=iqbC*0C|K%v*7EPsCkY@H>NQ3Me`Y4^ScA|i5HZvU?KwEY<%@g;&MW`(t%kH8{d(Ptq z0;fbuNJTXPg_uH%ev9G3MZ>$1xefCnd)?m)seWj)+TNV3j>kgi8F1(C^fg(Z5Yp7PgI@EMf;lxJZ>D2IXIty=!)7t3)Ri>(|&R)N#XFXP&Kt#XD7I2;rDK#Gd}H z*T(Ox;yM&o>bz7DN^i$X9BN#cCIsTfLx?S-=KY3w_tAzatGZe7*O)~QO|QW3@PFDb z_$cC?i1{JE6!*HyQRCYDxPwK>FuQ7CnH_aL#{8iW0tf~6? z6VRgz0zxF{W4S<~WX4gzXrR5W>n@>yIF_Y~ z$jBvuKPRcUJuWHdlw5sh{~uGhW1cI+9s9{R-pLrV_vEG^ppGb%5YOS5^j6kz z$mFWTWP+QPOL97Sbb7M9$L*l`rhY!ax6SoM)I2-dq!wXu;g^S?&)Jy0E8n5TBOtKq zug7WqmFxUEL8zH+#-4AWBBLJ;Vejss)}?cSQPcHe{nOfZI2_!~yIPP3142AL(9RLRLXQZOJ~}=psl7+MSgYFckG*GIsd#^W zzp7`w_jR+z29J;(YfNs-ho$1|EFDgO!w%M9CC!D)wW6#$jkj-h>!n)0Qu`q5f>?SQ z!(>~&^Jo#_v=*zu4M>Lhp!w0^o0cvX+|4q@FU$qot>e!eF8|zipiSaUW`XJ3au?Cn zmBP{VkQTl&m+cK@FyLc*fOd*ldT^3h8se7iPuaL*+@&|}#jJC-4*cunN16j*$5*2S zW2A~Ol-q+;6Yh}*A9ar=@GCyH2Y+Uo-Tx?JQ$-y6!TdV;ty^mK2xA?QrtGhLqw)kQ z7^7gDV$rf@ zhwE)!nr?xLSf;UutFiBWU9o&gV6J_A?msZsU!1u9+rI^dKxAf<#}H%R_qK2O`E>O& zsv6*DI8bu7Fp9}0DsB{r7NjbZeuIrSHDrOszzVhn2=_@^_6AQ$@9YCWvUM0Es27Op zTa`z!y^|(QExH#QX(2Bl+#6`ODE`1?Z8_2QVFI=SUdFBLi$)TrcSdcRjTp0l@yYJZ zlKFW!d-s;~BO+X>XB9i-ay%o+8Gfq2_A=9*FR3vHZn2#o;=x?WEQ>k)?qpv504#N` zqJ7SG(8gQ(hch6h-F zj&Y7257#6e8oT1gPBX6V!)yZH2RX@l(Wh^Qjlv{_czjNI3d%sGWMI0TdP%n7nQI4^ z0v8i{SGNq2)wO;BH@MCwC6&3T-t!l&!#s4TA6583!i3WFy~oG6Eb7UgC^y$+nO2D4 zvCDPLN=nmH+)YZ{l|894_2CExh5mDmh9SOa9<{@xyrm>2zW|b!sJLpMW(64dZz-vDPxF?-_)=lQo~xAtse^4=7P z-Q|vwQ%^r5gh3<_W}m+`3Ng(V#^m!Hdp@akSL!63--aCPqh^1r|CSou=xu&{W=64=hZQ51m-03ZhbtpN(a zOnb7jeHWOTb`N5dF)5R7Q$Qbov0#teTYV7-42V*H_>YXFzxCOlht&V#2m?ZSe-F9+ zC;#s0@e^ghP~#A)JjZ_?aqc$g0O8ELC@B35S|SF}3{7rX*Czj=4z+tx(_FwHw}O2K zh;#BARt7XDWbB6e*|PEEH^AgU3VZ*rFyV0KO`vz!EK#3vo9yP^Kb%HWbC@?7a;E1K||?#D2K$4pfliSL<$I0(*eVNZwNyTaa93m{U&fBu;l(rbhTAt z_kIJltkIYN=c~*gk8w8vMtT}%I0wX`pPz9bTRXOcyfXTSI-DQG(1O;WOOZfSmq^tt z);Sy(4ea_Ivi}<4umOpM76Trh4(*3UvN5f~ec4{WTDXSUhgJ6o&mR+7ii%5`msNcV zZWIuw#F5Zb&pui?10qQj*u=v1Cspbbjt?sb16zHghpH2pGJ@VB+oGY)Pf{M+5Jq-| z^J$eIbW%K~a|*wK3I=xh5N`$@-|v(qUmMg)bIZ68iO!Qp1H5@Cz(H$PD+1AIQ$V5% z+E>GY{0Zt;hw3iT-ohc_Rd1G^Szpoo6IfYfq9W})3h%bdDT!K}#?h?(F$yiF$*JE! zWp;oZRXX%~9XWOsSe@vS-#Il+V1XJ1Za#AVp3#H&{2p|ZuNy^_f|4+;(iFfp8#=Zr zZUM;LG@~dL(1}zAAF3nI8Q5D2e*;Y}pqyu_fogu(2xz!MdPvX_>evn>8~5YSWHH!T z_cMY6+!*^B8S*>X-#~}Qh(nAJeHe8IKt^0TKbICVxZ?(N^>G=X3Gs`5=vDd}Ew*cn z@~a$VmvsS0;et?rweyeF(FK&#jpFhRbTJ!4rzL*_MP@O0a1&+pLrJ*pbr?e`b_HGr zU@;y;C_TAL*b9EpcQFuj~!Z*+>V*-Pr4{ZE_ zNB^PpWUS>VigFmWb8a_7l!^-kHfWn=KfW?x=&*eWOpa~_08jJj8>j&%hxcl1MqX1C<{CzZp z{qObJZdKSZN3QO(rh^5Eb?+V=lX!erbe`4GY^G|g$PlkPB{s@g2CT3i{?8b;8x|_k z4{0XEK23LG_ayX5l@Mt?#ihOz*L^eUL5F@^n@q+PNa3>$wbHB^a(pZ$E0>{v2KxDh zt-Flbj3Lk|Q(!N4-L&9Y#Pj671as02%p(m+N7D>el1m@g)m};AyImzdZ3=ZOUya$j z6h$>&CYo${2b|BDaHt5#DKYRr|3X)_@C`7Te|`Dyb@k8dDrd+PhSw3rR>fD~hqgp7 z51J-83eS8^C!dbLz~4Uw@)bHXf{6nLVdn1Fl(0uM79vC83^=mt(qZ3EN+XW0Y71Ps zK1b2`Y8P#p^vgLb{9~EDjJ*aW{EBo#G)+{YjO0+S2t5vWqqd?M&rl z$S45RZ0e-_8<6}NkYFX~Rq5!du;neL6SeJ_CX)~LCBcp~S(FOZ7%NV%f=*X4+97~& z&VppMBRB{{56t@p%9+-uykdv}!2QbXcPjAR?#sUgtpC>aLczu;J4!H7ix3JpY(-}l zBBI_MC>;HSdIDL8!jA#McCneL`96&AX<)5NgqZD|594R7o!@K&P+yVSwSUhme`Q`F znXLfk1mQWd-|q@Yx-LsA7LCP}NZ1)%0JNZoNhx!fmbQGE(EDC&MUN-{qBF z03`5w(PGeV+d6SZ@XIj@`et!gaf?qSt^y^+ef^<1_Vq)J*OP@u(#_v!T2~*lEE_mv zY;@Jw=gKQBZ>$2vXc8BuKrW($>AGm}CEW?9QL+zzz7v(Dz@{Fsv0#;W!%6xOQM>1v6@FM=O1#_N=E>>qGQR+YK|%%`&Of0s zy8>)~9(9#Rh#Tc=kM>C^>gMNLtEa3ZxV7EWhpm@aHdYpaUCy1GMrK|vT-QiIa7pM3 z2YLE(*559qpK&O!u014Ye0EPa}0_*xeU$a@&0x+St1};ma_Z=SR zPkd1IPh^qJRTsvTS;u1SH;{lvE+1gMoZe6P&%*u{F7qF`_rJ$`0x!oM_?tZh#)%w- ztlOX*V!vlSOd7@ZVj^&E;2mjbQ6nA5Mx^g%p);QU4P>*3S|~rp5JN=((o@PQz)n;` z<2!f(0ZY{YQ!QzjQe;Y!?`Lt$8hrXuY5dCg^xObYmus(JPy)e*wf8KNiP1_9$jHua zeA`~2CzN2ASbKKTsP=>Su)p5Hy#iC!2sDfFV|UL+Q~3KVE{Vz#-`73_UxccFg5wz# z@yDFQK#CIF(pT5q0zmuj5}b)7L{)SeG*~8_%Nctv{vi&;)F*Ogi*pWEv>y*;gX^Z& zb@~N0uH5e9{uMl@3wd_4>EI5x!)i?Vg3Sw}&J-b(W-z%$TnT%$2_SqRKtOv8`!Qba z*ZJ3v?QbTixz&j7^kN<&Sq1h|(n;sF?aw$v21eO~_Q%hfS|Ro{_V7~0{j4 zya#^{6rv=72BJCiRv7GXk@pnocg_MzJ#fR^VT#vah57Ks>9yz=mYyfq; zZ4M#l?c8=Qf7wa5MrmLP1%w%Z>WOQ3!^b%8VuZt0qDwV7v7leXuA)5tqWvN#x#+#v zmAMexjG!#aemCLV&#-W!UZrrjYaF2?^8Qh4=~`5n0=lRd{Y1^YkP>NF***JEI4$X& zyPW?pSl#+P=tg@F0ZLRLF2a}?;?{}%4vO)K{AHF2v3*6k7v-F~6ZMR8Ev`FzHk=VE zAgW4o_I@G9_!=cV@+lu$8uVWH% z&cw=z_F5F^-e6-LpXG?1NpGUHq{|)e^^Z(PURi6*3ksFl1myx7+UYOeklj_(W`V>@ z5;W8WaO_$O9pwT{@dfs7?-m?CPWCM{^_$^i7+vpqUwlf1Q5zg( zVW3*pE@jQ`Q;IRB7nAc9Uag3WbO)GA-9SEBhec$7DJ~9^P;kpc?6G?0*f*St9r?N* z_p`>=xDOB1Ku@VY5=dA524VuVN)2PxEEocv@KbqCDpo!Nz%Ds$#47W}FVmryLTqSH zWpzgC?XBTwi2L#2a3sse9{7cdck%ksdR^0km-zf0oRuNozotGY$T*)6gPk~xlnI_X zlC*uj=p*rT9lK$PuApJDUg!8pqmA=S<>gZ#yCFE{?BfsYi2-uUi|d~n#NpVL<>{eo z(PINf5uTSQ+!C1Rp@|OlAVTDPAuNydkH69dwgq5VU;4kt;Mmx3pm16DI z=?P*!?^&bkK0+${*Hugf;wI2xICkhgi500K%?eAgmzB#!80asb&5AY;tiUTEr(K_ANLlxVQi_Y zGGfuPPa!95%U9yo%tEqxH_vhKi&ePiD}5nd?Q?D3EuapWs1$k4S>&o3yGL5!&@`rC zBKUJUUp?w*)&1Sz=3I(Co=~JS(|D?7pHHouvg!@91VUVUz`PtR40V8UesFQnA!r=i zQBo-$Xb`d(LPm=OM2PCUbhZ<7K8FLXnovg*^XVm$Cw4P z_0ZpqlxOztuJJkENy=YStTW5!X&;MEaZZxBTTG?3LC6S-;=~y5J%&tJy@Hf<@c_21 zj72re@<<`~!-C?cX3%qj5o7NuFd}Bs4Oo8GWuQPci6{ePw?;`-PqY z_!c6>oSs%mS_^#R(unyb2 z=Ek+Ov~n}~-sQE<1>DZb0^^T)#<{9iMG+;NeFTl$-@#Gv(#7xK=#TicaPp5={(@Lx zooPyI+y3YrFC#6)i^&itKL^I8q%op2eQ%%j4<`g4Ci*I{2j9s$1kfAkELzMu0C5M} zV*qgQ@K6mYnHB_)--W)`5K6eLK#+I?h-vkPZVrc|IH2`_V&{og zV2MveU;hh3&A9{^PsbWq`6kpdPPy0&?oK-$y&Q*#kaNlQo%5N4t+BnpoXo6zuQXVW z@SD5`*Q4&_pvS*TbcUWz%{6h@RgG9F?~j?2Uxw~w$lSxR(nKcpI z%xqXh8)i91tmN1ud@7%rR#(qP<=>v4n9ed9z=;46k?|)In`&0T4O@#t*@|AZ5#r>K9F&W5 z3Nn4xAL{%mX6)-w8lA3HYehS%9?O;PC^?Cxa5{kDL@>1d1RO%*Qn9@Q?$N~Zuw1MGWw+$ns(dMhuJSI@apd~EUPr#PdF zJ9u^kYxK70XoRuF2DQL67&g=sL5mlxIs zKl;cjA?Q$wAV~rR(qIZSqm3@=aTD!4dC}FP8=_ zBaWh_!(OHg4&Jy&{L=nD>+=3DuUO8^>k0;`5Rzzm^h{ithM=GCjSd%HehB{K-M%we zQ?wG>6`sLE(J#H3GAR7mY7*0UZg`b}?NsVe^kwIc1Jf=tx1Jsp`t`mnyi(VSEjBpD zv#VPCCXFx8lB!UAM$}w)!`#zkMmO90?d+_Nb(^{El1KOM*Aw)H#FAnRVaDDwkzNF> zoY@N~@*#kc*KV<4vZ-D` zOM&HFw5T^g0+@+LROMItd0^FBZs(8ye5BV;lmcca)V#>Yr612K-$T~CQ1y^jZZif4 z9Ww3v3~+R4ga2lR{n7E(bn7RlTz};LlWtsf4N9{|p`35y2o9(oR6rf{Re>$JFP!0+-0N9N9-&Es$aJBk;84DI@o6yfh| z2HbWTsMrhp;5Vp#sAhk92K0L_-Y&}ks_CD|JjlP0%!5qsr^Sx##Vu#eqj%-=KNbGr z!blTt+FpmS>AaWp6aP0o703S;4fzjV|6lTu272)n_||Wn!z5-1 z&(LpQCjFLLI(~>SSVBr(*>Sqh5Q6U`@I5KmQa8LRv^nB=|B()1`))}NhBwbU#E^da za*H2s4Y2;}=?DT`&5Ta(Zyn*sRrr58{%fnWJL7bTN@Iicqd{ZVF2(3~C9L_|r9;ed zu^ntBYjm6*mjbzxWRuWuki5~aU*w!Iq8R0_6{Vbnq3>* zZIox=0Z#!BJ9qr6ZPUF-PMj&~UM#SGwxY03@xvyec=~Ar*k|4>KHM=sr@Ffcjr%ie zE(sM!TV5^%A=hL!GT2E;kyFtk>N=NtZuPj_{KZ0~|a7^-izfYuRj{EtmZ=l;}^BR3%78@f98$j9!NVo$LTAOC@ z{;jiy)RM#Nx)C2mTJf`}l^g2S;jj*9Fz%olln9+zO`HI;TKcOXBH&#(+2Jq#@s40$ zyXIvjCJ;zt`%KH+qu@G%XnO`SS)TFxky~aAZtBz+ zode1YSUU>?s2LGq%l7$MVA?OxObE6#4NHd004@>;(i$TI5{x36sY8g3V*-GW%_|Dv zyRy%dFuZBx1lgE`P<{d8a7Iz>($(n0C_DrXI8J1SjgQed+jVF%+l{zgF(fOXUuLzn ztdnj}w7OM{M?U#sdj6-u-e=3vYB?cVe3_!4HF7!srngjk1 zh3Ndbh=_Kr<3NAbI0ZPeNUyWB@62o$O~g{{)?!hc*JylzB7gaJ4-E~<_BW6gxCTd& z$iU8JMqUGgLXQA`1YA4&=4k8G0b=7%1>gMntze#=T5nM8Pf+75w4e=!KVq3;_jAF2 zek)A*d}a@Ht`17v$It{EV$}YzsyzufyJWxuH2{B?p9=o-Yb~t?h?RhMNMPC?)Ki=P ztHuaBMUO@*k6aNfr@WeQK455GAZIT86v5fgv_sH+iKig#!$b{F;DPT%}&o zjjrMy(8-CZCrPg9mm+o<5nY^|qOICTBUiIH7*uP-w4Rj3RRavbl?ZaxFjzW}ka>k& z>CnwUb+B$3q_X%!$nB^H%nwu&9>x2sFF8d>hzzHX&bVZLx6Rc46w&qnR(#h_(H%cV zdi>#dztK2)2XLf+h+6LX;m~Y}2SSTnpaG$AIq*VN`Xo%cneS(JwQ4?qWqE2nM|Vfj z_Y%?wt?r7Xyj|$m&5vV2Hm`sQvO(bU-#_#JZU08o+)&iCGQd3pqqW1pzVD|~-&@d8 zU|>W*Q_f*%XLg}YYXBgkr%`^xZa)%V1&cqkVnEWEZC-4cDHnybr8EfGZ%+PSibemh zDgMjmcu@`5iAdv!V0uc#4~KL+L13$bfT9`C+7la5Rr)hKf`LERVb&k~^>+$?k3q~x zvLx#F0KZSc_y0!m{j>gyKN$P|zh(LJ;*D~VLVG{P(}?fh4mSJsb-FN zhZoO&t|yx(QqX@Be*OKzn}T+Yzub;p=D);1+@a-n+`~xF&G9HT9C%#?SNs+wu12Nq z|31;0L&c%*y}>(M3F{cm%-AglR@yoZ+64XgXZ~D2%79SDjY&x+^KRE;Fm{Um#SfZl z8d4ob@+?ZTc3}qEEqq@Oab9uHxYDZ5e zMMBLE(DKlNyX}5}?(AaMD54+eIk;q!T35s-?!WFs?86v-fJ-kt0@@3#-0i*Fs2cE! zJPj8<`^+qxo&?#Mg3#B+sAr)Y4N&T|5#ya91Bt0*96&i@W@v_Tnbp$E?}6_D;A1UL z=Z7L}-9~L}A;yT8s0JwMN&jrl1=N2&N}~l#BgHayI8gb(435qRBL0JbEFe25_Es^B z{(nA;d=oVnh1zb)qTfW*=rCW}5k@zxg_7a;w_X;q2zaB;EmCpgVdNABtZqY3qKomD zXCeObF5f_=qJa2`*~mB0UT864ogtcHWRv`thZTY+ee2s<;Adk7`89=lyeqp)@tR%Z z8*3Q8&eJER3U5wmt91Tc3wj)8?O0VH`#e_6FV0KSr`B?aT=x`yj#$t!#@$qx(z^Tb zgP4+raa?Zzq0fe;sL!l+*N=2r#euw?%t)j^FCae{P&$Y^`{0~xz*9q>`rlt;ZQ?)5 zhZKeUZ@zHW5AFAtzH;jScU@)f2LQ2P7cSUVcfH*@i^Gg?>l|i(Xf*Sh^U~swTErHj zL`T(PYCbb!^YAZ!hpFzDDu)JGkw%<TY?k~Q%3 zJQ<_Z<9*leGsI#8{bURx7t6eui%$_wY>%pPJ4q*m6-S+KjKdG>Zc9#0+ox?Rg9vQ| zW538L-$-7TH!DctC9+45*Bjw`G{{S+Td~sYuKjA3;G20dCM+d{dUez}MZKO7ye3&C zF}{Torui3I7M)#5H5MRwGX233#rYyUqgV=UK+q$0uHBH=Ru?4Knh)nrB6w!mit!t(?9K;x~9~$ z6Dz7VS?&5z83Upz636hY>{JQ7%5@d%EX5aRqK?P=gU#aF%=^EA{KMtDI{!{Fs()0x z3i$kup5hjDXTyxfYsEpkUnUNFT3R)H)H$8;_RHrW^=LnxaGZVjtA%Y65Sa)_g~}3( zM*O7f&ZVv}FK1l2E>vB_-t5;ruVEuG&nw0>>Bi!hP&c-(Wf7;b6eRJB}Juyi6#mBN8IcN&%_*m?z|-AH2=(Y&-A#0G#}w zyy4J^jM{3^IsyJJn)z!hM~l96m$wULEFUc`KRu57w9Sk~k$jgc-`opO>l0w9C?bJF zER%?kXqJ(iFCiOq4?HFF_oTl(RvB|u6@(Dfg2Tp9PcmdEo|7CzajOS4OA_FG=Db! zwCU=Fc0JJMm;bAs2IeSfd*#$#-@(ve;_l#3y~<2{!W$>gtEW3RZAVsDk*nI^)t;pB z&6i*!5;{f>5>~<5P%^1*Jf_=i3y~wRMrC}-%9mMwc?=;j8yk))X2wmX-sCVq5r=A% zS7t0uTkedWA%xE-nPzEREHjkf;W3u6S_|2Pu*2_?^p*nnTl^ZYM@Pgy5jb5eGhbn- zWZ&hr!6CR#kC;(9iKoQovXcH5S%E|mTH@I%TVtU{ML!&Bs-KN%e_EF7q zVr+TnEhSZlDuug0`U_FLWoO4q+8+U&pI`Mq=F@ylti5n%6A(|n^aBq`NpSzg|7 zgX06!@D$T<&lkNj&C6lj<#Nd;cO!Nz$$|7rNvslFyM&lN7d(VNW;3L(p5E;QyT|^~ z*BD7GCMMs-7tAr+x{@ z4~#krQ>SUtQ{b983*nAge5mjY_A*H!4Nj7MjXw3XAq~GJLv4EUdCwi;3pVBQTdbUd z8tO#p25BBYs1*XNQ-LKpTjn`d9h~wxE+AC$t9NO+?ab&){L!=`(78ZD2Z{};1f2a~-5hs?3GF7a?0(vPS#Io8kPPy0JG@~rb#W-z!O~Ifd z%d+jvxCfnOSFgt;Zp_t74{X=_ocqksr4&t2AsKC|L%0uqsd`LLUA*@(wSi_zbz5$+ z8OrV1a^YNez^}z3B|4-8YP$k4;pF2m$<;8_FAI!wUC$232^Sqne$G8}?y86G66^vX zTvj~+jUdY!PPAI6ratkj=$>VkXwjZGy=lqzSU^^rO-baTs<=cQRutKVCKfQ1{RAfn zG(p@Tlo-DQBgs;I6Ui>?#i&JE=~#3*6<^>AzfI`}gww)42k@6h(#!MwFgJL;j1ZWn zb#@8Bw@hKYk}xy1bQv+7vbbFBb_==WxM{XyG54m^hLuDmV~K>%Be#d}osNVIagz6! ze397Pr-zuS8Fu62W%h^awm$D={|vAvW$TU_r#^Ngg=ptV`|(etub!-~9y{#~Dw4pn zyYNiExgTI0i+ew_x{7eq(sK4@-Fl~}u>P97aWY=n?$(z@?MuI?1W5qH$q6=yV({cN z;t8U77%?u|!aQq;3^?WQ*xbB?-g2u{rB@hmqg(d;vTB{7PdmSie z$4*DXyhg{l0|OCxlI#k6&dmD^_wVIRAfqTaAhx`FA~bypyo_EpENPKL*-;G#75qIo z+UVhFQ&1mF;;7LQe{;o5RE0Y3eCM0Ys>-Rbm3=SaERh#uZXZAmhwV~uv z1D!f(r#_M(!D@o)m81Tq-Ojv87GJt%FW)_ff0{GVZD;?UQ*R?}vP!@$%0`Jen&2{- z9}A*jbW?%+m5s4m`{DzKp2N8Hm8Z*Yy4c-9UW@P>3a&S8Evy|89o}W1G^<0i(=PX& z?kH(N=B7vQUHKEugDezUhuHS0$6A?TX!|In$+bv}zC8O$Xb3L>-!CcI zcdxMIl8j}jWKbk_ROYGjI67O5x*$(5Y8i3S2rKD?NzpFQE4)^u8_Iz3h#D_|O}b+4 zn7iUWMxNEXK2gdMqYW20ILOtJGD-nc@7#lNSKUy2>}>$J=hYx(qGWhYGkp&#M19Op zG^qmVnrbPXaM-^W>W4X!Tuy>qG_o-QRE@7uvZfTHkbF)Snw|0mhtHA=2^vm|$G`5` zxPIUIG4rpO*6j+SbMO4f8LxoQ*2cI0{c`Y6E;&0;#vyqUALA%0SOLpZ`dkMwX;~kV z>@&9M_r#wqkag68&Q0j!T!%DZ2Bzv!fO*Bqg?XtifC&;3VDLVqkat&zs?*dqe)@{A zbr}tHHje2+L$vvaN@IojWdXKv$DDACpqQ9 zTyz4Y+>v3EjRqlGRU96p9DpDUxM7cXy5&t0^22y!W9o`YURk((@!7X;xqNOYV9x4T z?P*Yk^!t(>x&S3{6K&FVxO}>WX~&kSfuMd_y6M1ig<}fD>+!tWLLm~}X|vdm2{pXk z$d-?Om(5Z27vVx)H4d}6G&nt>WdP^XUftjs3pbOdo}h`7r16l4b9fE$4=!A0fi1Z* z!gVH`Iv@$==og*@tY5*5l*N|4K)440Mh)F?B-x1BS9-FGV~UJl$~0Ul=q&i@ioPm@ zXcXKnA8t(v@epy*;6KzhV|GQn;PHicIW40PX&*q+BW<4O@pL{j3W>@@Ns+ubi7>lP zOezrWOO?dG5W1Neq3BnmHZBzZP$T$#;n0NQXCRP!Y+o^ipR!+v7!&^1oDx2&1h@5k zt8?sPRH$tGfe{H>?kS(>cZQ?P)h1*?ivDDK2$aPenCK~U7p>)Id!{o^y4t2oo$`z0 zqg$3LU&7mk3T#EhuFi2VzPfZ@CtO`xyW5rcR@-#&DkEB>8tod^juX&0<@h~C>K#}} zcWJ6~p5NN_@>rdqg)HVpk+A7h=Pf*1LZV}*d?{j6(uC|x;;J2EosZLa40o{2uFYf( ztQqoZ=WrBVQ%ur481N|4mJj`$G+LERwxejs8xGC_k=+rSP8sY(sVx6Dmd~fh4j?8@ z*Dy%-QRv-i=S^(s>|9t00~NSQTeWLxfjZDqkkA>s^|=NJhm;iV-dKpmX!fKiX_!~- zsdTzSb~X0Rn}i}cMTJI&Wuf87MCgGw4`g^3+~pOc6H@B?*c-w&T39gAe#kGtnIxMp z#&zsNRH*5m#L&(0hng0!K|8V=Angnpy!07)x}%sHseWvf+pec%MPZ%AIp5SgEu719 zzk`;z=AjV~8KcyVJwUre37nGVrV#1}bt3L&%u-v5NxqNQZmGOJDstUW_?dnDy=?1H zE$F%atIVF}Mm|P?=B@NyWSLE9BIj^bkJ-|$`ECmAV||r?7`+TD=``43z7=>-TBE55 zoT6s+NO{h#Gkk7H3D| z!fU8~qI8e*dm4})i`Qee+QFY|3|qpeF5v?9l}c70SBB8fImZb(xGMzNCgiZ>>!ui&i?a$tguNHp zpej`M8k-~CaHa`$QGCi}ZGOdH%k=MYq@}-=i4TnT(A^Tj`qImgER>eXO*A<6aWQJe zHXGI=Kev1R+|HFzQ}7zU=eA`|faz9Bo{e-?JhjlXdp1|MunMyt08z4}BpA_CH_=gO zCN;wcjr!QG)zxCY@~fN!S;7}q!jE_@&+C|2D~2H@oFNBMS0v!aON{paf+6OY%rZB@`@l4FrB#+&SFb8a&+U*JZ@_)&%DcL&Yf2y}HFnUFK^XMT2%fmyt)`g0FleriTA{u;`MmWI>&q*9-__YceB|vO zCG=I`hIGcEF&dKhG?;s;&TtkMOiHs2%Y7VLv$U0Q=aCB183f&XG}zj)C10Fo5;>~Y zyenZo;3E?eP*_zEfK5iM`s*|pKHh~b$B`t)!@}X}>eGXg(L)Qq$%xwdgq&G#4b*wyzbGHjbqL$0kzh>3{UwoHjs4dGEAA(32URgz(-yt)MB zh_|{4)k4)=YQjfWyXj5NwHetaA!W(Ft4?-jE?zYz#EtlGD2=UdM?ABW|57|>iZq?2 zZHmt`#9-{mJ`}fxSe1TYHchp2^;D6~+io2`ZIH%{E0}hu9O&QBBK5fy-*LMBq+txr zr2yqJYTbG~mF&pT==Od}_~r?b<%i)#djd8ZE0IlrTYOH|I3&nMsDtKtyKj&XA^M5; znaG3)N;skA+8u3sp`eu>`tCY_Y2l*uY?K3^I;<7~cJYF7P;AzHle({!Cke%Oyl3(= z7rt2V@E~`bhtkrQnQPkur4dDptu<+b#;>#GeaT7r%@Weqg(eh9l1W|0S$Yam+3$Qk z*Sga-_E>kJ%S4Ze$0|wAQ>wNxX|Pk_;N0Q;P6bppWGgSM4tx+GIHaGHq+0|=^BKo^ zMa%N^y4=1p=01EVNjWk7i7|GkH6R%e8!$Ad*iuz!TAkA=>b{MmXFs4<1b%&}eMja~ zjIi$@SgNk*mVK;k$|}wd7RnH$m=F~WiQ5rgYs=L(5|uA(#@b`_|>Pv0N(4ykMdztw%eN^znUHC@zOxLPo6AJuYx^7 zKfy9nBwZ#}%x=ckj2`Cl)XDLCG4AN?qWufr1)F|%O!d5s(3O@DFr(E$cfH#vaJ`WT z1GngGCz_4EnJ%40WuxZ<&@>La$D3i6k{H2VpPguS%q=KNLJ<9Ft`F?OUdyg%SNRGY#U zNgTUS5?Fn)Z zG*^m+7pi}IVlGPF002Cey{^+mWksQP2b^;)N~#K`>yMEVJ}4@;$nfWP!gWd1$+0@O zV2N=_$hhJYN%m`9lik`FPtLmc#oF?hP6xY2$SNPUdX%;ivBFS-|3aFJf&!MSFyw(Q zIq4D#S~tEGb00b2nsF^=^g1g2^@0AoM(ZDz>Jc}_(>1295br*+^@SvQJLeA7$OQ(w zct-N|i+8$`JgB`mOjUzqy|JTH*0ySfBUOkd*o!4BPvV`O1`XgO2=i$)wpBXO(X@qbI=Zk!!JwICQU5l8M#8B9o;5sfZ(8 z4#%Fp6}p9!vr`_=C|N1a7B%i(+jZRCYuCI=rhC&3zs3#_>d@S9b&}}h2a4f@fneQ= zRPHwr`_Z>w@}?ijF-(VtwbEubwkz1u85JEgds2YgBivDM!zZIBy5Z75vSXE116lRc z7bbdLUIeEXwQTGc$ja55h1y|)M$c2srqB@;VG(j}%a!V`yUN8o8oh@{Jr25Zr)e*n zg|n~iAuPcRZ7eRK9MuczoaL*UI-B_phZ>*LB%kb)jr8+2aGgxfiDYp1>YlxvLpH|c ztt-;l&+EPq9>?;y7lbxCyjMFyK-Q)wfJ&rTx!X^`@i{bR${1COl5c?uj$1%V6JzqFQ{>W3uj@P{ zk6^FtT=Q8q+j+=iv(F2*?|V*|CpJQq9vqj3td)6AiBqK)owv15>(N8;*UyAGugQor z$(;3Nk89VF%~NW=7jN_S%ODDNp3Us4Y-HcsS|t`oXlkHmuJL__m5J5>TZBP&mc>r3 zT&oozD|1A*ny3cuES|9=kVsC1JCZVMu);u+y2G0ix9&vZOLg-`&#CE@jM^a1m!1M* zAUVm_4u+JYIDZ7;8%Q<9kkZ}-O{SguXDkr^$al^7NWK#`aipxzzKmmpyOm|#7+yvH z`_{+o#U^_4>~AR>^^>d_U;{*x$f13O5sHWO=PyA33P?{8} zQ9(gz7Mg$rQJR1V2$33*CS7_9iHe9I5CH)xg3>~dln`p7Q~?pGflxw6sR<;pnh!Yl_EuScDLx)#rpwGmV;WWXe(Ew=623?=#v3$ zkQz;q`mtp&aLlJUz}>AR)bYnR7!bMdh1(_(m(FF#LyKm<6ia_z!aW;Mo>FaZw8s?| zKqoxHBU?9Lt^BY|yTn%PA|(PWd4ll1#tR!*zd6(6Bs-WU#p_F~vbZq+#MHvFkQHh# zpwj=Iwp8{8`pAf;#vJ&C#JPsyO{c8c55vh}$)WkJpA92sBMs(RNWYimz1klM3mq}K z%GSaX*`OQB{R;4mTMONx;iTN_8s#fCMrtXqV*IEiZikdF=VtY)cg$y*EbDwb=( zTU}>>9dj4%BJ2@GAE{6g*h^YR9{(Nw7T^|=gI||2Wk#LA9hcYyuOtnpG>JA;<^y(y zT|pJ@Ds|J>0fsH%XQd6qr>15fgbUzeJJ4CHdbS)b&vkAP>-4KL?*oy6tRFx9DHx1>rmffEO8e>j%Xd{EHcK-J6JFhu^{5hH@aHc>$6q zc+%`{9{ppo-Yv}>PfT8PA#sJ*KY-#(HKJeut? zCy8Qh33H2qOFF=$NAd=D#C=G!j19zs6-6A-c}{<&=pVq0Ee)GcV4L^>pjptmhpauMLpSb*#PX_&*6Rm8^uWt?8*yuP-dOTjL$-?lte() z<1u46c4eXR#yp`1cb0B7taZ`j{%`n&7VL<_{3&1ZYU@GXh0>5yWh-GE{2{R?ggHCI zQ2pW?LO0)Zfof-lordL@VqH!py3RH?Z+D8cliYsRwyG~#02Wh#_L1@Yt{5SMu0d9f zWy*NEwM$4eHPoj)wL-*c$y9^flfw1`-(1{(gshZ08#FHk37S!iVxDPEF&WW1ADYsJ zJKIvl5lG_tJ)|!fQ+VX(ZQpEzHfFd1yP6os-Wc67?^;4;XO8}@x5WPz^d<6)wHjH-Gq@0qFd{P7G&cBy%&4`q|V% zl&T)a!YrKu@2X{{^R`h#fA=f{zM7T$nyH$7fbjlSwtvLZnaolT;Qx_)p=qmxA0vx5 z7@nnhp98Y7DF_wG1mBm$lU>)vb!HBFi;WRfk2g$ybd+K5@8f#R?I~kZW{iD{K-i+g$)BSrp3E6_$7R^~PAJB_8p`$oY}!5gIzFRKBxa2`-}lAW2FNY}rLbu}t^ z4x%wa_{|rPkE%LRt&tp{-BZOAiLLTFj!1fVx&F)%UqEIDCq+@tWjq~Ogs$3K3V2S9 zxq(43yN3?mI7!+x>u&~DQgK1oHW3N}1T?$w9U$KLz{A@Gr0-T00_C2T$Tk(6S4d;*qwU7MmD_-cc~ehNZdM*KHVj#6PDCNxq9F5%LR5;X%@op zVnc^!>%DYExj}r8FOCyg&|HD`34fATP&bv4OG zC7cku^ER)y9UCn~QxxzyLhU^{B!gZ&2+bVEv0wjc{$v6}E1c)lWX~JiJ-U0Da)X`- zzB`1aO%-=_kfO(sn-dPQi1|W9g})NSE5P_ph$oC?DT42aF;P0OI4^h2WN*`hYCKpDo9&)Y-F@bXV|S*72PY~r;YX3HHsy2TkGj^m zi$8>Fn@F~6ve>%2RK0^7dhXf~68hae+D;g)Zg3Bnp=w2Wd@ z+^zxD>JKVG`lhY&|FGQV!T>Dfe*F}9`07FT0qG`)IIMAn`uadGZXdh0hpKES2UV;N z!P{=EmaW9Bh61^3qeGh*SBU}8T{EbXN(z3H1jQc`Oqt4}q406$;iMsRX9H28xE>Df z=>Q&N=!#jgw#2T3$=x3ye9&Krmb0KyoQIackZ2lK0YOad-$g0D3dH<&&5e~l7)E$m z{1yc6eFs2&@qu0ty?j>Mjr4+)v>k*$T)+~cx@lmM6uO z!4va`RRCYP@uS76YPM0qv323;KFWj%Kz8;PdYFAs%MrCL|3I2HRbtqIjvhl`{6fnP zj#cW#wOV6Bstp_lvO>W8&5mJ7{OXo3a%LU$K^a}YAMRxmVs{_uZpQlll{-^oi3J%K zFJ6nw)$ehoXNW&#LN7@v3lOK{770vP<8N-NE#)SrO1 zu{#CH0Mfa?odwoY=MZ%<^eoeO#5zFyHad&exCW@WqM7V)lpZ`QPLz zv;5=vXrQUbe^`K7gbgvV%uF+do`g*PVW|Q)SxH(&(X3ZUz-i13w6H)KZCX z0SMYy2|x?{f6e9j?>GjDWfDPK-dX^n91CX1y=bZamlw3`3f-^-D({NjNftA1Z2)o| zaXD8@U>u@;jNz49A0mYj*XEI&2<`O zaEe}Jp>ImKL}UrPFVi&({Un^1vKu|xfC!fNk@NN*HIxSj|FC|Rt|qFzpb)}=K;m5! zG-fxFitSb;G^?0DiT(+$G+T#CW2o~P93Zx3l2&1c!Owc9kl!VZpp-MArr#Q6CzYtD@? z(q~Uw)`G_~BQ|5h(NW5ZJo+f8txd&Z`2aB^dF8xcwvc&&vtK{LIM*`eD^rN3OOb7r z5dBH#B94~8oKi7O`wq}cR>m5oPETA|gY~8wY`)ND=cUPt>o;fnoKwUEslmT*Fn8p( zWSQ{@UWZ*fl-wtgAkRU=%hNv$?|NHzl?6Aw8L2N6!n`lMr!*^lp*#$_zwgl`ag)3} z1K{|PI7xe&$p*g0xq2Hn60oq3gQf*Drh2ohSkW-TrMY!MQX5=mM5)YZb6rMmL*!V~ zRx@6yB#?z#7vZxgnvio_#^`9`-C0lWqJQLHiK*UvFYKhhP_ItcT~Tu*(cS@gN5wfbq#h0#j^Iy7VI&Zk;TGG4x8|v z3D^(Qc4&3>Pa6Etf{cD6r)fvM5ZzHx>yg-`XMM|BOb|4s21W{eGa);xehs8OcPnQU z%i%14e4yGFfu_Br;oCWPa~st>sNiv zVtH%75jH7-F`@?GYiQ5&>AK`QiITO$#_4Gvk&Tsili9pLa-&zf$?s8jc?#E7ASl%{ zb&T<^zjjB5Ak)k{#kaP4%rFzsSIC7OH4qQ;hiWF<*F%I@9eSx-if7WWh>`A|Aa#~? z$#?n4^TYg>TP5)RkUBUA0PHwk;Io^{XCxNfs7_p$3{RVMCjFE-N^f?>eZ-HH!<^>O z0(3>WBx1)Wourw_PK_w|tyyriKl}nEIy!e);2p`SNYUCUX7kB6q*cqi^&@ zbj8a1?11CbZHm&#@IC8M%XsqYz^Z@8$+lji;YplLwo9-?=uBV{jGc0f5R1DGyEE)t z>#hloywFnJhw7DnKhT(flE(yOyP@E_Fa2SamFm&bCLO9~YG`-Ye0HV%qWn_N2U)g( zmjg>Wh*RdP=-+!{z|i9T4Lu2$r(JqXNlk1iYdO>nC?e{8s(2mSD|lW{l8rUhJiq}- zv6v%ufH-K=hbCmgi$5%wozS%F0?Sm(;lpli+vSATY(9Nf3~ZCE!)+`e5oQ2pu@rEeS^B2MPb1j__QA?1C=F@)#%RQ`CXHzHa3)zi%gJ9= zw(1ewqn)DK>TNr>yv{bq0N)E;_nv9oRzP1oT5wsL_4x==O`IGiz_vz0LjfqkOUy{n z4dxIcFrCjtrNg9eQR3;xBQ%aZ@T(B3A-W!|t>|^y9Mh=qt!>6hy$4(4PtW+@Q2X|~ z-g4$??Y5nYz~iiB{|f1rg^>@nO@t8VDYTP%aG9`fi`Xd64nL>~?u1saHG-qjyZBSI z(yopq_YU0nsai*gEBOk?$HfHAx-FuRJyp%}WFh8hWb_{H@=r`#WQq0h?H$vq**3)s zw_|Sf(AyT5Q8v41_Ej5n+mt9Y>o!fa*xkyfNMlpgCTZ{3sqM>mUw&r6et(7x?_|8) zDZ_ISX~<5S=-)uiOYFF`wbsISlplh|^6lHoL!?b>j%7Nev-L&Mu$xH(%-zCs9i=SV zHM%l0%k{)YqpkwI8#KJ#|2p?5V)j8OSZ`z(%;QBlMjb`!Cl33(ju*TLy-xGL!8!bV z(>{Hjx1eL*^cC|IE$OHS7GgyqLQ_Fub=g-Bt~D~xe`0)wDV9jbt!bK4i-witb&kf3 zcU@vV@*zsh@wpr~3|r{su_h0MY9DSWXwlO-&h@h~wcZ0-2j|Li>O``gG9Hb9-8f*? zao$a8P0}Heu31|(ASp+)uiib(;8B2iu`LcnZ8>5`paD!k=otvBfG7sr&ydT(o%z=g zu!sygT!)h3#T%_KFDgI{!28_1|Bq4Q|BdhH(~Mg10ukl}OpS;G>thiv|FY%%@f|-2 zi1NOGrkqE8>3;>pSu*jw#x~_LU|EWgu}c^$CS{Hy#HaFdPh-7k)3h{qx{7~*Zb^N;^bRwzw~6Qkn@DZ zPZYW7vnJjUNamQ0p}$)9U)1U5oDFTpJ4`fNKh7l@rTA=JLRk3KDL z4Qj3*(Lcd*h9yuSN%v9d@PkwV>2Dv_BNaUzCLD;+&jCjEA(K14v?s{dZAM5_iA#-w zzdi}P^kaXj?rPH1Kb+&?Ep6UN+nqO%q;$Pm4@6!ZdEpUaMZQySbyV-Elh}qApGnvU zfnVjlyykuflZ#gDq%`x?+&Qf<8^X^65H*vQS^y12v`ur6H_DZ>Vsjc6l3ea5HKFp>`ZY`TInYMtHk6xgNKt&TV-L|8#3&6u!0N}A;TiF8V`4uoXgEBI}AFU!3mb09;!|BaR^ZN5vydI*!tV-oPVOa7>z zJ_o)g%%dr$s?RYL+({%n3qr1&9H)&z!@PwuB@M5kgpb+rgmX=mamD>gyMFp|FYo1K zpl-1NWF;0G?pk@T1*L%nnk|cHJ*`o|O9xi2WlbH#b~hF65thOq zAZlaU-`7%{ahK}1biy1nPZ+-km@NFHT-Xw@NjpI|rxD) z?3^0RUN!Fgh-;L6#`k0g9l>i0^Jhz+6^L|h=D(^f7JfD1LDE`i`NU>i4uI7aWsANz0-no#DPts4 zF&7U*Ny?Q9H!LUnhiMX|bv-qM74lO)SZlesh24a>RTksjHKvyxRXd;pD-OI-t*Ro` z{hwqW&ezqyIQ{u}&zzop8yjweOKI=t8XdH0D)gL*dByKdhpIIkIv?rBTV7d@~Y2m&D6%~5Cnbz=Sh zcW>PQj>B_%YstcHjy7M4&>(&-Zs#{W(;Yi9G7och<0|z_%64k;o4?dkCsHBfD^rVm zk|Ens0QWKjm}K!_H^o>cYsM&)3mdxz(NL^Cy?mV|^g9@)a`X62cJ%eek=db*go*>x zqAB$B3#w2oVdV^D`=YE|=cC15hZLw}Yw8XCK>NIpub9MnhGn}sqJCz0cS&h<$x)Zz z{Gaj_|D~1ZV9ENzy*%$zgd}Lq|Tb zFWqwk@y|J-9wrYXn<*W-@}yl$9C2z4KaC@Bzk3k=8osYa?P`exv`=T((XHs1M(Jp; zWzXWkUw4JagEQCHy;(p@8W&Ptibz z@%U*KKT(VQb_m;aeV-9koaPwXK7On0SAO-_$~|qs;wkG_Uh_eQ4+oYa(?L(-%69m* zkOi~I-B{x%)$Pi zXpaZ%fzUkD)hAl@XL}>#HT-<5>A0rhY}2QSbxuv_0f(~lB(n=I=xxY>6K(DaRdlff z6a}6DPBYT2!p68Zhj?U}#hS|`yf^oZd^hK8geW>R=ph8WHz4oPw$mK|Cvc@ysKNoW_OHUlDOU3;^HNh-K6~A?+($q|74P4d8&fem^gO zGLq{>T$VwLpxGD6Sy5J7K^rOT}8%_+1>!DXH4D? zFx5r|tpL06BJl?_9FP(MI{_g7%{a+JCI>}5c)vC_hS_WE&E4*CZJL{M9%)g~_lKo@ zK-a%H>O|w;ZJ1WQCaonPn9*Qf#7w0x8HI2ReY>S8KBse2F9ndYI;|_fd9HOYeH#Dm z<~x1G7}&i@^b7jEwh4o*KP<5&kXHB=-=-OmAa+O>uy2dai<{O2zl?O*LvM-X^R>hO zqDrk~74g1|m##>QRh^`T%$Xj#J6r4z=!RI##-GIc9}@Nji|;fD0q;l% zw8E5FAyEhNO_xT(LF3DFyZr}vmb+}my(L7{cDM}M70Kp;QT_WG5jiDcIEiXc`|7vX zEbHP9ScqaC+5)(dix}@eEKa01s^Bn~>fb-3U3?kGPVqxf5+{4|2mf}>V;Neh?Tdhp z#mq^yN0znYL^0xhji!psmu0pp;LolNimD{u^HGd9_GeXB2Duk?1tz!zdH|%9g73;W z6oMN2C5HeyA={yTCy@bEpHaGTr2R68Q4zBZf6|LW9m6De64r?+@jxePd1vO3pox?( zB;Q9)A-)fozxWj#4qEFa*R++NLOtKfIPuH(yejlS2@}qhp65;!ua7eMi~*4Al9=en m&~EL#xLx + Dell EMC Container Storage Modules (CSM) for Resiliency - Troubleshooting +--- + +Some tools have been provided in the [tools](https://github.com/dell/karavi-resiliency/blob/main/tools) directory that will help you understand the system's state and facilitate troubleshooting. +If you experience a problem with CSM for Resiliency it is important you provide us with as much information as possible so that we can diagnose the issue and improve CSM for Resiliency. Some tools have been provided in the [tools](https://github.com/dell/karavi-resiliency/blob/main/tools) directory that will help you understand the system's state and facilitate sending us the logs and other information needed to diagnose a problem. + +## Monitoring Protected Pods and Node Status + +There are two tools for monitoring the status of protected pods and nodes. + +The [mon.sh](https://github.com/dell/karavi-resiliency/blob/main/tools/mon.sh) script displays the following information every 5 seconds: + +* The date and time. +* A list of the nodes and their status. +* A list of the taints applied to each node. +* A list of the leases in the CSI driver's namespace. (Edit the script to change the CSI driver namespace if necessary. It defaults to vxflexos as the driver namespace.) +* A list of the CSI driver pods and their status (defaults to vxflexos namespace.) +* A list of the protected pods and their status. (Edit the script if you do not use the default podmon label key.) + +For systems with many protected pods, the [monx.sh](https://github.com/dell/karavi-resiliency/blob/main/tools/monx.sh) may provide a more usable output format. It displays the following fields every 5 seconds: + +* The date and time. +* A list of the nodes and their status. +* A list of the taints applied to each node. +* A summary for each node hosting protected pods of the number of pods in various states such as the Running, Creating, and Error states. (Edit the script if you do not use the default podmon label key.) +* A list of the protected pods not in the Running state. + +## Collecting Logs + +If you have a problem with CSM for Resiliency it's best to collect the logs to help with diagnosis. This tool can also be used to collect logs to submit as part of an [issue](https://github.com/dell/csm/issues) to help us diagnose. Please use the [collect_logs.sh](https://github.com/dell/karavi-resiliency/blob/main/tools/collect_logs.sh). Type "collect_logs.sh --help" for help on the arguments. + +The script collects the following information: +* A list of the driver pods. +* A list of the protected pods. +* The podmon container logs for each of the driver pods. +* The driver container logs for each of the driver pods. +* For each namespace containing protected pods, the recent events logged in that namespace. + +After successful execution of the script, it will deposit a file similar to driver.logs.20210319_1407.tgz in the current directory. Please submit that file with any [issues](https://github.com/dell/csm/issues). \ No newline at end of file diff --git a/content/v2/resiliency/uninstallation.md b/content/v2/resiliency/uninstallation.md new file mode 100644 index 0000000000..51240b443b --- /dev/null +++ b/content/v2/resiliency/uninstallation.md @@ -0,0 +1,13 @@ +--- +title: Uninstallation +linktitle: Uninstallation +weight: 2 +description: > + Dell EMC Container Storage Modules (CSM) for Resiliency Uninstallation +--- + +This section outlines the uninstallation steps for Container Storage Modules (CSM) for Resiliency. + +## Uninstalling the sidecar in the CSI Driver + +To uninstall the sidecar in the CSI Driver, [uninstall](../../csidriver/uninstall) the driver and [reinstall](../../deployment) the driver with the `podmon` feature disabled. \ No newline at end of file diff --git a/content/v2/resiliency/upgrade.md b/content/v2/resiliency/upgrade.md new file mode 100644 index 0000000000..5473ff849c --- /dev/null +++ b/content/v2/resiliency/upgrade.md @@ -0,0 +1,24 @@ +--- +title: Upgrade +linktitle: Upgrade +weight: 3 +description: > + Dell EMC Container Storage Modules (CSM) for Resiliency upgrade +--- + +CSM for Resiliency can be upgraded as part of the Dell CSI driver upgrade process. The drivers can be upgraded either by a _helm chart_ or by the _Dell CSI Operator_. Currently, only _Helm chart_ upgrade is supported for CSM for Resiliency. + +For information on the PowerFlex CSI driver upgrade process, see [PowerFlex CSI Driver](../../csidriver/upgradation/drivers/powerflex). + +For information on the Unity CSI driver upgrade process, see [Unity CSI Driver](../../csidriver/upgradation/drivers/unity). + +## Helm Chart Upgrade + +To upgrade CSM for Resiliency with the driver, the following steps are required. + +>Note: These steps refer to the values file and `csi-install.sh` script that were used during initial installation of the Dell CSI driver. + +**Steps** + +1. Update the podmon.image value in the values files to reference the new podmon image. +2. Run the csi-install script with the option --upgrade by running: `cd ../dell-csi-helm-installer && ./csi-install.sh --namespace vxflexos --values ./myvalues.yaml --upgrade`. diff --git a/content/v2/resiliency/usecases.md b/content/v2/resiliency/usecases.md new file mode 100644 index 0000000000..bacefca590 --- /dev/null +++ b/content/v2/resiliency/usecases.md @@ -0,0 +1,38 @@ +--- +title: Use Cases +linktitle: Use Cases +weight: 2 +description: > + CSM for Resiliency Use Cases +--- + +CSM for Resiliency is primarily designed to detect pod failures due to some kind of node failure or node communication failure. The diagram below shows the hardware environment that is assumed in the design. + +![CSM for Resiliency Hardware Model](../resiliency_model.jpg) + +A Kubernetes Control Plane is assumed to exist that provides the K8S API service used by CSM for Resiliency. There is an arbitrary number of worker nodes (two are shown in the diagram) that +are connected to the Control Plane through a K8S Control Plane IP Network. + +The worker nodes (e.g. Node1 and Node2) can run a mix of CSM for Resiliency monitored Application Pods as well as unmonitored Application Pods. Monitored Pods are designated by a specific label that is applied to each monitored pod. The label key and value are configurable for each driver type when CSM for Resiliency is installed and _must_ be unique for each driver instance. + +The Worker Nodes are assumed to also have a connection to a Storage System Array (such as PowerFlex.) It is often preferred that a separate network be used for storage access from the network used by the K8S control plane, and CSM for Resiliency takes advantage of the separate networks when available. + +## Anti Use-Cases + +CSM for Resiliency does not generally try to handle any of the following errors: + +* Failure of the Kubernetes control plane, the _etcd_ database used by Kubernetes, or the like. Kubernetes is generally designed to provide a highly available container orchestration system, and it is assumed clients follow the standard and/or best practices in configuring their Kubernetes deployments. + +* CSM for Resiliency is generally not designed to take action upon a failure solely of the Application Pod(s). Applications are still responsible for detecting and providing recovery mechanisms should their application fail. There are some specific recommendations for applications to be monitored by CSM for Resiliency that are described later. + +## Failure Model + +CSM for Resiliency's design is focused on detecting the following types of hardware failures, and when they occur, moving protected pods to hardware that is functioning correctly: + +1. Node failure. Node failure is defined to be similar to a Power Failure to the node which causes it to cease operation. This is differentiated from Node Communication Failures which require different treatments. Node failures are generally discovered by receipt of a Node event with a NoSchedule or NoExecute taint, or detection of such a taint when retrieving the Node via the K8S API. + + Generally, it is difficult to distinguish from the outside if a node is truly down (not executing) versus if it has lost connectivity on all its interfaces. (We might add capabilities in the future to query BIOS interfaces such as iDRAC, or perhaps periodically writing to file systems mounted in node-podmon to detect I/O failures, in order to get additional insight as to node status.) However, if the node has simply lost all outside communication paths, the protected pods are possibly still running. We refer to these pods as "zombie pods". CSM for Resiliency is designed to deal with zombie pods in a way that prevents them from interfering with replacement pods it may have made by fencing the failed nodes and when communication is re-established to the node, going through a cleaning procedure to remove the zombie pod artifacts before allowing the node to go back into service. + +2. K8S Control Plane Network Failure. Control Plane Network Failure often has the same K8S failure signature (the node is tainted with NoSchedule or NoExecute). However, if there is a separate Array I/O interface, CSM for Resiliency can often detect that the Array I/O Network may be active even though the Control Plane Network is down. + +3. Array I/O Network failure is detected by polling the array to determine if the array has a healthy connection to the node. The capabilities to do this vary greatly by array and communication protocol type (Fibre Channel, iSCSI, NFS, NVMe, or PowerFlex SDC IP protocol). By monitoring the Array I/O Network separately from the Control Plane Network, CSM for Resiliency has two different indicators of whether the node is healthy or not. diff --git a/content/v2/snapshots/_index.md b/content/v2/snapshots/_index.md new file mode 100644 index 0000000000..1b375ecea2 --- /dev/null +++ b/content/v2/snapshots/_index.md @@ -0,0 +1,32 @@ +--- +title: "Snapshots" +linkTitle: "Snapshots" +weight: 8 +Description: > + Snapshot module of Dell EMC CSI drivers +--- +## Volume Snapshot Feature + +In order to use Volume Snapshots, ensure the following components have been deployed to your cluster: +- Kubernetes Volume Snapshot CRDs +- Volume Snapshot Controller +- Volume Snapshot Class + +>Note: From v1.7, the CSI driver installation process will no longer create VolumeSnapshotClass. +> If you want to create VolumeSnapshots, then create a VolumeSnapshotClass using the sample provided in the _/samples/volumesnapshotclass_ folder under respective drivers. + +### Creating Volume Snapshots +The following is a sample manifest for creating a Volume Snapshot using the **v1** snapshot APIs: +```yaml +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: pvol0-snap1 +spec: + volumeSnapshotClassName: csm-snapclass + source: + persistentVolumeClaimName: pvol0 + +``` + +After the VolumeSnapshot has been successfully created by the CSI driver, a VolumeSnapshotContent object is automatically created. When the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_, it is available for use. \ No newline at end of file diff --git a/content/v2/support/Slack_Mark-600x600-950dd6f.png b/content/v2/support/Slack_Mark-600x600-950dd6f.png new file mode 100644 index 0000000000000000000000000000000000000000..7a5d760d4fb12e2a015a11d733278ce442c86678 GIT binary patch literal 14874 zcmeHuXH-*LwDr6ArzX z1nIp6q=ypP-8tX6zup*cyz&0rKX;EoviHhtYqmA#TAR;W8j2LR8E+F25m6{Bz0x5f zx^6)DyF~(wG+8H26A?))D8G97+Iw>AS0FG(^#0pL0bRj$!tMWF|05bmYCL=I`m=T% ze3@u(v6M5>;Vw%`*WU%}e=GPgl~o0PeOdwk=bgqv2s)x6x2;@x=g*PvD0Qi|rKD;9 zt}PoLTQM)s|J5;Wq?0R~ifLo|v5EJaaSNI6Kl3`z)@|^1vVq%lYp8`E=NE%&nv#Dv z7#|*nSRoiI@%J6|0`a%eoss)}`JiEhv>2Yu5!az$zt*_-JNmKaF&NwH&M%O~Zw*0u zcFZJdssjRit8_o6%FdS<3DLhzm!KWMkMR4-_<#?yu_rm>wc1+3hLef@tZ>=PN*+m4 zpqSrG-L!WcQQCDjIi0P(=jy^&gQw{$j21v$rNh7a&;A`zBKG}kJK1Cyd9f407`gpn zdR;L|FF^6Bg+eo%1&*0J9^m=nOw!jx$!m_#};~_+H zb7}f6j@VSE)MQLw{Mo3NiR3$i`iD#+H`>vY+O6%!s&xKO5cG}_>14J_Cnw@Ku`$6q z6^B;E8#R*sk&-FKI6C)$2*&SN>M;SaEKt&w0MAnyc)E76cm-j`5WBqFASYTrOm=wI zl5G&vJuoIezO`M~7zRUj6dTE-*THINuG)K!?v@IrMh4vJX+LNIysn={3iuO`g{Aot zv(YNG$N(;^-3Tc-aEV(L5y_a1EsiS`&LXWFHtU^y!}*Q^!1%H`=Uwl-z$De|Y3>fK zGRV}nutadI**#~lnLsXKQT8=1Xe0LU(XQ_YI~6Of=a!2E@k%628$1`0pIO2%xB9dt%lRFAX^7#cv-FR!HH*NsP9pgM02X&-L zG0S7Wt(v`tt7} z?dtT{v$Ap`-$0yfAQHB$Vj)imAs*4#5FV;ZSDFBJ%)~k*h6Bp394iEj{>ug;mJ`cq zXb;JzOA)O*(;8?i zCNAjoD}>4G#iDFwAuH){!wavm0hu2Y)o!*@9&VTiQK|%%YNVLDk_( zm&#NAGtxYcvvLPh>EF?h)mzs2qtrs$GYn)^}G8HP?qr%Wtv z5oo6<*4KW*TPsrX(uEf2%(e^1BK}r$VHKWq%?g!rge4CL;`pDHRs2IY+IitR_E*Ql zjTVJ`+_SP*716cBLB=lC#1!K`o=>5|8eVaCE@}T0RZQ+?0T1kL-Uot=nck4TO`2~stl-T8_1jh z+3YW)ZWUVyp|I(vHy9j902ig)Xl8@TBg?1)S`NtiuzE}jeqxIUpb-ybbbZ^fVWYM`60p}FtEyI!ZlN{3=G`q1LH67CoXr2 zwCRCDi)iRaAP#I>=}vF(pT`H!p3ib4&KXE(f3*Ojytlp!=FM^Z)x!3lpYPPEJlC#0 zd9oo`CQt^Te|thZUG9Al`TCnIWakamhuAcd<#dp(fSae1BnAhUX%pP z-&pt%1AeY)4p92T4~%_5JAd2VleLu=83~RF2@DCm2@JNPDQWrqWlw7F0klvA?|~_E zTZ4eWr6b8UvcyYLs(V3|tRPnWS zWOBe{{+Z6nq=Rlqcz7_m*yyS5!qP1QI5h#hL?@L8dd{=Z`gA13COf+A&<)v2kc42U zhi9a@-6~03Cbcm}TnKL?y!ckwhCG$*|FO8_T-Tb`{SzwhlftTe5a{ z7ugTAo$izY#N-8ptbR1}LS?8c7OW9>Z2w#qzYAYz&D&_utUtMf6tS&5bYa3hm##(* zWV$$p?waT1f297`B$Fzavo>$vhHSKket75I-~Y2^eNE;&JfEKo)XZhl5VEbev2-zp zSc-QxH!Klyeg;Se*!zXC@uH|k_t_8!%AD3Cdw0)ZV{vaJl$x=*glRCCyz(7P9r^oT zL%sjUT<`yV`qzK{`|-cO|6hmEzW}8W{YTyNzXm(U+U?#*)`+@)t|G2HxG;BYlKC!8 z8+G@hYNF0|3+q4M{fu?L)^K{ zGpNzllHy0qbKqpAv^Q0fo>0|JT{oU@y6D&;J78A;X4A;fhN3rr~fxdO} zSwPHMA_w@mX;u$sMOoU&iN3LPVPAwvs+>H`i4IW0sn9h)G4cMgtw|12%&(u0KWTil zA!j04FSc)PP%H34=86 z*&H70PZdy%;ilI^k}Fa?x9X{)JC#U@-g8im>4ak(vG@5dW85>jp}$8|+HQy3+h`TV z+KjXx>xO3dOgZTm%K+3h_)XG#jy4LyRoa)5hBI<8Zm7_XQ=cfUsoLQvLyvBT8Z$v% zfATAu#Ux^)EO%-D3I2bc-bb zfoh+63TDl`p~>QszkaB{7g8Mbx_WmbyneOSLmiLP>5* zWrssvFQSZWfCRp`zfY(j79caKRqF@2qw7itWa90-3LSHmiXC8SIXiNAHzDKwW7j2T z_mK+Sq>tr8y3kyW* z;>4;Q}4Y(Mo1lduKK|sDJLK3rT!y3*%LwNPxNvpBUcSaf}uNDgD5>s&J74e@gK; zL-#C@kvHT%8mW8yu9a;S8Q4{7k}L~O2?`WxBIfa3^LS^Cn-jyTyppn)JgH>ZZ zK(+4e;^d;4n?nV<2L_9gk&w6o>q-uo3$=F(Kw&bliHDDbt1T#5k4aWE3r<()y_sh zQu5{WYY2uvShBdk!WgoaLq(@6+-VK?mLQ5U6Rb($iLv|6xF$C?1qk+Ac;Q1VpX0CH zBkK=1%J_IEi0umUtd#e)nl9#&-$lVUgvxqKcG5s7bJI)B++;2AM@R;!0H=Wb`y z!eAl+Fl60o*b_tJE>~3gpT6-Bg@j=<+Uno&TR?!hf?XFZ=CUt{k;A$pA&z&7R;hSR zbxfx7WioA9PV2R%^U>1}3@W4mCp&cx+|3Nj6nw|j{nPmx3FLqjg2|tle%u~8+b4;` z3HE50s+$s)vQ3lLP>}gswb@{*9TOd1Uc-|2G^frAwgk0)4&h;D)4`CNOCj+N8G8-4Vp zBz^AD8(`y-(YB?ew3T>otf#H-8YM68hKChF&@bSUZ=$#F6m_SDi|KT70VOT^b6;Vq z6dcB&X9Ed{jZfUcwe-*A<*XEOmsmx zVRyYs8P`-COH-<-c3?=Q8AS@0(P3hg*gvAt0ip>CaXPhzm}1uvClSMfV|pyoWu8%= z?C4S#`w;ZsxLg?x8Z1a@{pD{F?S9XW?#;)Yuofvxmx1~4q?DRRI=R_vLRnXup#d#O zjU2P`Bh68I17GHE(b^!D|LAjOELxz9(}k}o@2AeD%F#&BNIa=v)~pyAc=>W+xg7?( zu<4+kP5x&FlP2I<<5f*>kR;$of_6+M;v4P~5h(%2>i4Fzi(Of~Tcrb8EI$)0i^>AO z^uT&aoAlZ*;DCG6*jFQ;RT8UlAQXjoogZCPG(z+eU>1X%7$@=bxVB)!OkM_31-EZ#C42+<88pKDo9VkT3m7f`!+Ra+)7p*g*NrxI_2 zJhGFuK5TSPkK1A(Nf@5{rU7i3zy??K1LA4Hyjj)e@6}?Vzf}7G zYj-{km#lc6meU(Fr+z;awLYvEZSt~`1iX}v%g>Jk&A(@UJTMsPU$?H?8alpm-V(vt z@ImAQ0|JcuYcuIyX2y3u%NjE=kqPQMML!D?fjWKn%;V=TiIH~Jg;oItB^xg2Z%&iP zD>K4wv7E`x3WEa%CU2^#XWMn8YPACtkzX5#NN9!Oq{7(S5biz=BBJ>#&3f;W-MwoO zUk218(ia3bTBiyal;Z@lthEw#HmBe(=%rgD;9<$FA;}~0!UAPSzc0o{fJ|wc0<98N zJvk8@2`#2)XGsZ9EeJ3fY5p^>KWD1Rq3*gZ(`@ABhEfUWr1{b!AHX|49(93R0D2HowJOEOSA}L%%!pkN-gP$>~BvqUW-uR6EFOY#-qUr}J5!Ud0nzA4(x1 zm9FMsTyqBv39X&w>uiWs1Q_oB&PQ^>3lQbNC2V)$!A6^Y!9xMar0BvD)hm&7x8VSL zC61*WFi(4tsqDpjCUj4L!QS1<`n1e|aZ53J1ABMB!WW46#Ibipuajbd=KHeuEbv)- z4wcyhFgP*>ZAwO`7)*}Jp(-`l-;L9abMfp**~}F}nGF=l}PjaIP`a#gys$kA9b z*VR98?iyP%oVw%KDujXRwIw7VZep=FZpIwOfEE|i%2>=<{CwL zHI#+ku-J$`mz56erwox>Z3st*I2Yha0!RB^j(=joP?ecSCf+1-acCnlx*9DiGSH9Owd6YGa6>Ij zWwLf}tu~cbYTYpVk_hwf0W&hkHwrQ;xLut+tM12lc#mW{bWn6%C^_7u0|sdTtFAiFEq5q<=jPn`(V#{W=}5Xnklg9pz71 zIM8ALKL4IAlNelD7@JX0Da;|w{wU5LmVD)p5FNhIAG1kDPgqnVgyJKBPW|zvkTTK) z!4~gU^&vQ1wV+g$E`SFyEz9NaA?_GrzR)JR&>A-q0+yT`*q(+D8D4zQeQTK$OWUsg zD8AgbhoR;Hl{LhyHImx}mHxfjWopcfg|c$E)J#j$ISaqOR`axBWnXS}4nO?tY5`r) z{k-h=fTxymtzPqr0wOYXQKI3;`Mg@)7x+XRk6;<+ZJ^QUfpO~>sK@aQ^qf7;jvgPn zxVO;CSx+^LNE*0zCo@-+*M#{#ADAC;@_BdRz&*gk%WBkqfg~4n)(FSe?u_dyhf7rl z$Ybfl45csn(E0=2ldY%Ih5SNU0V>fBPIqDv%*JhFcX7{auz7v!gH|f|^P4iSE9-_w zE31=KJd=Zo?Shksoh(4#-KZ%j+VfpEAC%@^*2?ZDcH=RLS;vb zWl7WId$Y^4i$M8I{P<`1ztwLvy_fVX4;QYZ+Q@E8^WPNN2(e2TT(~>H7se~#PdOdOT;W?w(}l-6Yom>+sl&~y2KY^zCI{Rmr{A;Pij@9hyg;Qb zN7k_T(G!)@Hwtq@-iX@a-deqYo(Q;zH0S#B4+HEz$qF{U#6(0c#%jGkTO<6eV4kxf zS(aAw;u~#br?$^yzPlZ3iEBfa_IyCm+aq%B!n(Ix_%Zg?RyTRUoDh@$LaM5-8RVQ6#rT>~$r(PW3r8rd53Q)8bQRDq+E zId4P-qJ83=R^-FXuyBk8GhsL4|L?j4`Py8Y!Nlw=#4y(^%m^3=tE5(lj2rUh7+Z7N zDeyfNc6;*Y4FhX@LfwNom$%8uK4RY(B#P>8b7@ewo%K4JMK3KoyfLoky=Zc464rN3 zedX3Nmt2?f(-DK)6Y)^DaD{4iyNL91j!e76_mN45swKRhJ@Bf{PPdAKKj4vbm2G#E zjUN2m_bj!m&lO6}^`lI-e_;RcS)x7j9F6ha&9FII3q6JL3RMe}UcPV|T1<4bnr(`c za{oZ;gTc@OiD#V0_eL7L8Ofh1h6sr82)XurwAt(|LhPT21NIT9=*Hx9PTmN4Fy1Lq zVj8cy?#4Vm9tZk1PR^_EHSC>1jlYcT{n_c;eQc1)RcYSAvWKT{pB3kN-Rh#}R0sat zx+BYV$izGj${iWVYxdc9{uH-h_oXo}do>c@ygovlTn7K>VU!?8;- zF-vUJe|5q4vxCU^!emcL;8$(4T~ggY{T}Ze=SG*=m~Mx^je0vkJ9Od?->H9mXCQOD zlr5Sk_*Y-+_m6@_4M2lehV9DzUC5qdTPdq)BEls+?&`sC6T`(ku8JH&byHT@(a)$} zrlbkmo5!m~yFk^wpm}LS@3_W@-7n-u;z$n|B#X4}oyu{IT_m6sQkK4|uWwAevOfGo zg<6F@lW%c%%8rP5{QyGsMTU*N;=@)DaRqXJ&9&^vJZRm<^>C%ijTG><20=D9<%iD=t$JB3f zN@em@K&7#@rW?Vtaz}ksGAD!PA>1l%g-0W`oi0_=t{0DeUPk5RY5g5(s_Ug^FVfwU zCi1j2f+o_4QDIHJ?KOymP9f7TLKY@(xy;IV%vMBVJfZA1eJ^Cj?Ppu+{NQq)pXx5- z?Gj~e)xreG-FrrDz~+H_d&XxgYO%l5w5YqrjWU~+O4z+(|FqMuQ&Z|aFzAhjlw<0d z>>z_pmmE=>&+7Wfs)k*vruJS!`Kg$~Rrc4Z{KDUcT{Zws(%pO}Xr6VJT7;S+~ zh481*hUpRmw>=W6x$Qz`9qYEYs3Cfc20yGMQy_;LF3^BDUdNbizL|!6x{evkD8E?Q zO~CJ;N5nsQpdY%TzH7Aq#3=~V^`K3K4gPUZ!`0W)GT~ekl*@>b5q>oA5omshM15vn zaUFUjY=Vq35j$r4@+hgYu(?>j%a3@O7^y8Sgu-Qm?4Q4`=4H24gSd_;BqU4sOa zzGMlji>z^HsGy{8HKl%Bv~f&K9s8VC+s9-~DM&xgNkhat4nBQc^!4i$-9BmdJWr$NB^c z>ZxX$h_Hy~6QTRvkH1O*{r@GLJv_4tn7$LEX*Utk2g(+)n@h{jxyG_AXOAW+U%@;C zY2Bb1@{FB&#uEt75~<>$4o+P1mE=)}w*4o=vp@P6e8PN0S64`T*7dvm?A#SyFlv*4 zM?w{W9pX&lfGX{UbeDqDH-qtMOSW!v@eDU0QK&d({oW$2KP#sbPd?RQxfN(7uK0CF zMC?BqoX*s_grQDnZ;%`tM!pV@;Sd`=G2CAdQbr2^v@SY1n3gp1lcl-BHv6l`Yv%77 z)V3tdXq(#E%wsIxXdj(l*I9UqH)*R25zhMyN?U7 zMe!}*w=%ITy~k2v zitW>GH)~>@!qwXT0!Yjcb#s=2`)+&W(oEu>uPQt$gSY3gI)(VxP{Thkz2otPuBB;# zGHH5@ggQu))j4U{?Xm=FCqjSOnkl>7l7D#&@K)M*`|pS5&7v~Z+sXQB zhvvK4Vy;|4*=)q9bv_WuPG9QB?mIv^{<72*X){wX?ojE>{oy z+UF>Rz? z!9x;2D7zx99XIG7Pg(Xde2J;cK3^w~jcJjV!!rBwVc^^}pUs!(7zaIS#^0Rw;j*W* zGnxYh<^U$8_hE}5WSxIo=HXofNdD>a4!6CjB=h(c+a{_1Rs7eO7#`I2qXF^vhvYZe zqpb-TwX$wcPq}VD%r1|@HWwl5Of2JnXvD;zGKow06ihH{FJ9SFXNiqn&oXH3E~}p9 z_}NadWcgJfO`4JdYq>V!<4mBHpQ?%w z0Nq#)&Dg2EOr{2)%|n_#Proh?Z1)IV!d}Nv)z{a*i6P_L=UjgU(?jj&#V8|t0hGfI z7Z2)FukaShq4S2pqrdfTqD*&UBbO!~Rn(nYEoBLKv$JJ|QLM~;7w{kk($x?X*O+fN z^K}$|NP$z43v|v}z8yHqMJj3j={(gR?V@6TR%p1<oe=+GQ7EadpyI6-JVWyH!#|_B?=;p)9dbx%^^fD+@Gc~@ zT=xua6-m(pgl7#(zzUFk+6C55T#fPoWel_aD6>A5XQ$0gyAb$8o{>;y10U+XBhFgl z8143tzu>NOPh|nw4KwHLLI(7##oeO^V+LbAF2pT=)CPsLND`gWO7y34H+Qq-)k!%8 zA)H)+UF0t-ScP8n9M54y-r{csuLrLQ`fTJ8>XRe;-bee2{kGba{~5 z`=(teHP&MJuN#=pPJDYf+rlvyX`MXD7#oxM{0g=r48dhgpF#TT3m_>hs zS$|38J}|8~HtJ=R=(D>9xkG6x1RrTU9iL|EFv?C1Zt>oL zXlY&w+}c&aFrO4!H6+IYWDX*5tOqtPI0CUs z+xcHw@K$!;pU8KpG65Q83$f8i+KPm}s@C&{wUqhtoU}2~-Hao+&jg6M(wAXu6$KE1YO-9^iZ8>)rWVJF&^=ztup;5o!mRbN61KpvL+Yr&z*pj~>%0IoAl?l;x7R zsPkO|4mP6)Y3u4`U*6b}Ln?aA=7b%yYw`T`nHO&%l7Oy;>U1iRLtf$~6`u5i-2iXN zlG{<696-rtuWm_c!ErrM#CzFz*=6>I<` zfhO~!6|51@m}Z)mROk^ssh)f361U>4;y`W-W0hpg=lB31U@%W5MH9q+y><%n`qKNe z=FUB%6-%y(Rk>4(+eN5q-dGC^zn@h^JfR5za`9)Yxcp;T{A-)Y{m@gSe z3K+%yg2~1?bqWtC5ID|kCUHx)u6&uAp3oW1622MRgh}%dBYU6RC!NCGX<8PBp8=hx z=jS|9hze5^=uiC^-ayvG93m7w!~jPOE@T!jH@YM4ONiLUWc}U+bkM>vlEte}#&hVm zZ=tciGgKQgyUC61x@7)2)yU`Z{t*3JA6&_K0Il#Pe~uBh7dlYs z#8oX9YpjL%3H^q z?myc9bwU2*+jdS8{*`4=YPZ)b1<~Piq~^{|pymIpN9cp>_dh17&I)*{n^=#eOeA+p z#H0f)w4JRX!-p1bkSO>Jt9{ze&y;G$%e6w6lN&dBbnlX1>UjRIjlE8n27Mc2w|(G3(jh!j{VeQ{UYSH#K#=^c7t%|`Zas?rZw4TQV96IzaFA6LuSDwI(O_CcZzSS zG%eVXSj!3UNI4j3Mm-=RN(BYdfB=aI@0;8O{U4t!|BNvFUq7k-`Sn_$UhWswaS}WD zO`DHSixdYMc|jr{!ue**FqPsGGj-y)W|1770u{hY_eAT|7=8if!bKUA`n^}H_IFrQ8N86@0m)hoJ} z(38+b+r8Sm+SRZnx6{}53;RK?q{-}8a=n=w4t*1adhq@!E7A4v7T1l1*<{}j!a4mS zJMP`aCbuzN%TQ`Fw-r2>6Yl4Ih?o)#-CIaQC?0PWiT0ID)}ILVHlS}#oc&6cx*a!4 z?VmiUl}FH$JWQ{FMra3_{75Pf=3$2R1YD_wt?YdACQ2WUYCgnFgVIiSrr*_T5at=) z5+>NFHITS6o%dV3JPrsk8a99fh1ZYSSQgX1yq`~iw}N2z4B`ik8?onFo<)N>Qb2qV zh6Fidtopesu@69IS@+x{zsp%U8m zW#TkIAE2Nmcs*Ro041thvP14Os`sxf`&J7*^X`@Q&EJJt{+;ZtO6$+|6<+WpfPwa1 zgBy@;V`2Rg&0BG!CjUY_Hhz@4>HrV=R|1<^Y{+a%RzUT}5%8Z01dKGFJkV2dX(Qku z%itF8^kW`H^qQRg4cQ21LGf+UB39G z0-MO5`(@;THMUVt|1A%Y>8Z+Iri5^(p0}u2ZC~=mGvxLxBN;eSVxhE1xNO^HhJOpj5p6Kym=%G2b_!Q+i*d<_%++d$tu!S*X^$%ISUx$w*pmi7mc^ zNh<|_p1U4nZ%mZlHzKO1sRubiQx@#?{+Hn~6Pu?ceP8Dl)dRcH$Te zc&z&GM_-{HmR+tP-;oUzslA0E9#8258u3oinIM^P>pqVasFW40^Lc9xog!9^PE@DB z6e-P`@S5yno<9{PP&@cDZ@;snJ7E`lx~*rOyd_CibXgb~hPiVKGyT{&VW=}$pO(o( zlLj~=IRVE@te#~~_>e^uovIgX1s2Oyu#Ay3mwVBbxg2>icV0k~lLz^hkjRK+Wr5lH zzxg5=+3UydwzRxrc?47Xc8HnoG8;j{1p8~xuNsjeSl6!OY|XYzIvg|a@g&Ogn8}%}C;679H7GQ~ z{_c(^ATYLt&;BGe|0ubFG)PZfFw&kY4?w2>a?GR-RS{O;UYX+J3YD^a?}21w+~Aq{ zAVNs$C%Ah0U>_zAi8Zn6Xo`{nZBTAP*^}5bs4Rk4!h>&enyQRX*C{uw$OQnNU!QCo zC9SP9othc+663Z-M+q;jKEn`+^2;n%dj%`Nol`m*YGUDbb( zXTJ%I1`SCy49(^7tvRn^8J{-O{5@;(I#9jbK<{SZ10-IjC)m5ZE z*W1(m%23a~#=Y)09fX5MBHK;4kZmy?zVYQce2S_hxIovb^s_XRVcZyxNot(l&L@p1 z&MAzr{?{TduDL|}AO`L4=2H=k17aw@KQ+V}yxg}0B zEzyRBCRb0rMI}!644&@5{s765$hKYDYOr51Xvk)2(;u}rFtS4x`W;dvAFIbLfxCz0 z^Jes5X{RM@h6-PjsPSm#PNoUJ+RJ1QE!|pr-3T~QgO-AvUu0I;= z7tR+UPCcSE2+!f~lKo*Tf?HnC*3>Y4x1feWuUjfV$uOR^ZZh*X1fhu z=JSnIw`4)Nd^NE59>Z?H3sDFV|6%N;q%O?iP4Ck7%S{S zxlz+qchkuC(NHHd7||DUqW1xG1Gi-p&*2Bp`1=MMhY|}q8lS&@+XLO7KJRn8a5o#1 zvfae>&3VdjTR5zqkg|ShADnT7{4kNq(i{BlpPtshTx>t4z7^N4+TD|(qggCfhceZx z1d1)9W!0-yL3@CHSKS?*3MP~!&Obfdtyh^#nmNVWbx&q zVmccG`8fq_JLzfgYq*)WE2rIg_}qQ6Uv7tIQey{kddKwAP*ZpOLC$qRo$t>XdAIxX zb28svX z=3&t#G~EThTs#?xMR;#_to{#w>;2DiDmqs)YUt&i(cvDm5g$+%ZVj_BnT0ONdEFsN zaLx$688O6{)Tb|#6n)H1Um#lCmhyK-t7WtTB^9PN12h+Aj>qdt`n%?7IxQ}q;HD#oo%T)*s?Tg31HAYG%6x|;C-L#_{ zg>PA|i_V@i9!Yc*iv--XrMNRgRK{`pUXvocY3=39Bw}J&na~8%MuE~h(B>fcwF}lM z&-eZ^WgY6L{KiLv7f85lhvf87Cd-7&Pdn411gpYAQVuSvzj!j_dg-)El{6Y-CFzUd z8io19xG+ChqYmFVPfnfK)CXchP<(uOoCoeIB;5Y*^*^J5XUt)m9hv=bS{Q-9vb@Ht J5?NT#e*t?qv>N~b literal 0 HcmV?d00001 diff --git a/content/v2/support/_index.md b/content/v2/support/_index.md new file mode 100644 index 0000000000..eab3b9b0af --- /dev/null +++ b/content/v2/support/_index.md @@ -0,0 +1,11 @@ +--- +title: "Support" +linkTitle: "Support" +weight: 11 +Description: > + Dell EMC Container Storage Modules (CSM) support +--- + +For all your support needs or to follow the latest ongoing discussions and updates, join our Slack group. Click [Here](http://del.ly/Slack_request) to request your invite. + +You can also interact with us on [GitHub](https://github.com/dell/csm) by creating a [GitHub Issue](https://github.com/dell/csm/issues). \ No newline at end of file diff --git a/content/v2/troubleshooting/_index.md b/content/v2/troubleshooting/_index.md index 10204156d9..fe699d592a 100644 --- a/content/v2/troubleshooting/_index.md +++ b/content/v2/troubleshooting/_index.md @@ -1,6 +1,19 @@ --- -title: Troubleshooting -linktitle: Troubleshooting -description: Troubleshooting for the CSI drivers -weight: 5 +title: "Troubleshooting" +linkTitle: "Troubleshooting" +weight: 10 +Description: > + Dell EMC Container Storage Modules (CSM) troubleshooting information --- + +Troubleshooting links for Container Storage Modules: + +[CSI Drivers](../csidriver/troubleshooting) + +[CSM for Authorization](../authorization/troubleshooting) + +[CSM for Observability](../observability/troubleshooting) + +[CSM for Replication](../replication/troubleshooting) + +[CSM for Resiliency](../resiliency/troubleshooting) \ No newline at end of file diff --git a/content/v2/troubleshooting/powerflex.md b/content/v2/troubleshooting/powerflex.md deleted file mode 100644 index 1f2f4e77a9..0000000000 --- a/content/v2/troubleshooting/powerflex.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: PowerFlex -linktitle: PowerFlex -description: Troubleshooting PowerFlex Driver ---- - -| Symptoms | Prevention, Resolution or Workaround | -|------------|--------------| -| The installation fails with the following error message:
```Node xxx does not have the SDC installed```| Install the PowerFlex SDC on listed nodes. The SDC must be installed on all the nodes that need to pull an image of the driver. | -| When you run the command `kubectl describe pods vxflexos-controller-0 –n vxflexos`, the system indicates that the driver image could not be loaded. | - If on Kubernetes, edit the `daemon.json` file found in the registry location and add
```{ "insecure-registries" :[ "hostname.cloudapp.net:5000" ] }```
- If on OpenShift, run the command `oc edit image.config.openshift.io/cluster` and add registries to yaml file that is displayed when you run the command.| -|The `kubectl logs -n vxflexos vxflexos-controller-0` driver logs show that the driver is not authenticated.| Check the username, password, and the gateway IP address for the PowerFlex system.| -|The `kubectl logs vxflexos-controller-0 -n vxflexos driver` logs show that the system ID is incorrect.| Use the `get_vxflexos_info.sh` to find the correct system ID. Add the system ID to `myvalues.yaml` script.| -|Defcontext mount option seems to be ignored, volumes still are not being labeled correctly.|Ensure SElinux is enabled on a worker node, and ensure your container run time manager is properly configured to be utilized with SElinux.| -|Mount options that interact with SElinux are not working (like defcontext).|Check that your container orchestrator is properly configured to work with SElinux.| -|Installation of the driver on Kubernetes v1.20/v1.21 fails with the following error:
```Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"```|Kubernetes v1.20/v1.21 requires v1 version of snapshot CRDs. If on Kubernetes 1.20/1.21 (v1 snapshots) install CRDs from v4.0.0, see the [Volume Snapshot Requirements](../../installation/helm/powerflex/#optional-volume-snapshot-requirements)| -|Driver pods are not ready, with the error message: `MountVolume.SetUp failed for volume "log-config" : configmap "driver-config" not found` |Create the configmap: ` kubectl create -f logConfig.yaml`| diff --git a/content/v2/upgradation/drivers/powerstore.md b/content/v2/upgradation/drivers/powerstore.md deleted file mode 100644 index 7eebed32b7..0000000000 --- a/content/v2/upgradation/drivers/powerstore.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: "PowerStore" -tags: - - upgrade - - csi-driver -weight: 1 -Description: Upgrade PowerStore CSI driver ---- - -You can upgrade the CSI Driver for Dell EMC PowerStore using Helm or Dell CSI Operator. - -## Update Driver from v1.3 to v1.4 using Helm - -**Steps** -1. Run `git clone https://github.com/dell/csi-powerstore.git` to clone the git repository and get the v1.4 driver. -2. Edit `helm/config.yaml` file and configure connection information for your PowerStore arrays changing the following parameters: - - *endpoint*: defines the full URL path to the PowerStore API. - - *username*, *password*: defines credentials for connecting to array. - - *insecure*: defines if we should use insecure connection or not. - - *default*: defines if we should treat the current array as a default. - - *block-protocol*: defines what SCSI transport protocol we must use (FC, ISCSI, None, or auto). - - *nas-name*: defines what NAS should be used for NFS volumes. - - Add more blocks similar to above for each PowerStore array if necessary. -3. (optional) create new storage classes using ones from `helm/samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f ` - >Storage classes created by v1.3 driver will not be deleted, v1.4 driver will use default array to manage volumes provisioned with old storage classes. Thus, if you still have volumes provisioned by v1.3 in your cluster then be sure to include the same array you have used for the v1.3 driver and make it default in the `config.yaml` file. -4. Create the secret by running ```sed "s/CONFIG_YAML/`cat helm/config.yaml | base64 -w0`/g" helm/secret.yaml | kubectl apply -f -``` -5. Update values file as needed. -6. Run the `csi-install` script with the option _\-\-upgrade_ by running: `cd ../dell-csi-helm-installer && ./csi-install.sh --namespace csi-powerstore --values ./my-powerstore-settings.yaml --upgrade`. - -## Upgrade using Dell CSI Operator: - -1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). - -2. Execute `bash scripts/install.sh --upgrade` -This command will install the latest version of the operator. ->Note: Dell CSI Operator version 1.4.0 and higher would install to the 'dell-csi-operator' namespace by default. - -3. To upgrade the drive, refer [here](./../../../installation/operator/#update-csi-drivers). diff --git a/content/v3/FAQ/_index.md b/content/v3/FAQ/_index.md new file mode 100644 index 0000000000..46fbf091c7 --- /dev/null +++ b/content/v3/FAQ/_index.md @@ -0,0 +1,118 @@ +--- +title: "CSM FAQ" +linktitle: "FAQ" +description: Frequently asked questions of Dell EMC Container Storage Modules +weight: 2 +--- + +- [What are Dell Container Storage Modules (CSM)? How different is it from a CSI driver?](#what-are-dell-container-storage-modules-csm-how-different-is-it-from-a-csi-driver) +- [Where do I start with Dell Container Storage Modules (CSM)?](#where-do-i-start-with-dell-container-storage-modules-csm) +- [Is the Container Storage Module XYZ available for my array?](#is-the-container-storage-module-xyz-available-for-my-array) +- [What are the prerequisites for deploying Container Storage Modules?](#what-are-the-prerequisites-for-deploying-container-storage-modules) +- [How do I uninstall or disable a Container Storage Module?](#how-do-i-uninstall-or-a-disable-a-module) +- [How do I troubleshoot Container Storage Modules?](#how-do-i-troubleshoot-container-storage-modules) +- [Can I use the CSM functionality like Prometheus collection or Authorization quotas for my non-Kubernetes storage clients?](#can-i-use-the-csm-functionality-like-prometheus-collection-or-authorization-quotas-for-my-non-kubernetes-storage-clients) +- [Should I install the module in the same namespace as the driver or another?](#should-i-install-the-module-in-the-same-namespace-as-the-driver-or-another) +- [Which Kubernetes distributions are supported?](#which-kubernetes-distributions-are-supported) +- [How do I get a list of Container Storage Modules deployed in my cluster with their versions?](#how-do-i-get-a-list-of-container-storage-modules-deployed-in-my-cluster-with-their-versions) +- [Does the CSM Installer provide full Container Storage Modules functionality for all products?](#does-the-csm-installer-provide-full-container-storage-modules-functionality-for-all-products) +- [Do all Container Storage Modules need to be the same version, or can I mix and match?](#do-all-container-storage-modules-need-to-be-the-same-version-or-can-i-mix-and-match) +- [Can I run Container Storage Modules in a production environment?](#can-i-run-container-storage-modules-in-a-production-environment) +- [Is Dell Container Storage Modules (CSM) supported by Dell Technologies?](#is-dell-container-storage-modules-csm-supported-by-dell-technologies) +- [Can I modify a module or contribute to the project?](#can-i-modify-a-module-or-contribute-to-the-project) +- [What is coming next?](#what-is-coming-next) + +### What are Dell Container Storage Modules (CSM)? How different is it from a CSI driver? +Dell **C**ontainer **S**torage **M**odules are a set of modules that aim to extend features beyond what is available in the [CSI specification](https://kubernetes-csi.github.io/docs/). + +The main goal with CSM modules is to expose storage array enterprise features directly within Kubernetes so developers are empowered to leverage them for their deployment in a seamless way. + +### Where do I start with Dell Container Storage Modules (CSM)? +The umbrella repository for every Dell Container Storage Module is: [https://github.com/dell/csm](https://github.com/dell/csm). + +### Is the Container Storage Module XYZ available for my array? +Please see module and the respectice CSI driver version available for each array: + +| CSM Module | CSI PowerFlex v2.0 | CSI PowerScale v2.0 | CSI PowerStore v2.0 | CSI PowerMax v2.0 | CSI Unity XT v2.0 | +| ----------------- | -------------- | --------------- | --------------- | ------------- | --------------- | +| Authorization v1.0| ✔️ | ✔️ | ❌ | ✔️ | ❌ | +| Observability v1.0| ✔️ | ❌ | ✔️ | ❌ | ❌ | +| Replication v1.0| ❌ | ❌ | ✔️ | ✔️ | ❌ | +| Resilency v1.0| ✔️ | ❌ | ❌ | ❌ | ✔️ | +| CSM Installer v1.0| ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | + +### What are the prerequisites for deploying Container Storage Modules? +Prerequisites can be found on the respective module deployment pages: +- [Dell EMC Container Storage Module for Observability Deployment](../observability/deployment/#prerequisites) +- [Dell EMC Container Storage Module for Authorization Deployment](../authorization/deployment/#prerequisites) +- [Dell EMC Container Storage Module for Resiliency Deployment](../resiliency/deployment/) +- [Dell EMC Container Storage Module for Replication Deployment](../replication/deployment/installation/#before-you-begin) + +Prerequisites for deploying the Dell EMC CSI drivers can be found here: +- [Dell EMC CSI Drivers Deployment](../csidriver/installation/) + +### How do I uninstall or a disable a module? +- [Dell EMC Container Storage Module for Authorization](../authorization/uninstallation/) +- [Dell EMC Container Storage Module for Observability](../observability/uninstall/) +- [Dell EMC Container Storage Module for Resiliency](../resiliency/uninstallation/) + +### How do I troubleshoot Container Storage Modules? +- [Dell EMC CSI Drivers](../csidriver/troubleshooting/) +- [Dell EMC Container Storage Module for Authorization](../authorization/troubleshooting/) +- [Dell EMC Container Storage Module for Observability](../observability/troubleshooting/) +- [Dell EMC Container Storage Module for Replication](../replication/troubleshooting/) +- [Dell EMC Container Storage Module for Resiliency](../resiliency/troubleshooting/) + +### Can I use the CSM functionality like Prometheus collection or Authorization quotas for my non-Kubernetes storage clients? +No, all the modules have been designed to work inside Kubernetes with Dell EMC CSI drivers. + +### Should I install the module in the same namespace as the driver or another? +It is recommended to install CSM for Observability in a namespace separate from the Dell EMC CSI drivers because it works across multiple drivers. All other modules either run as standalone or are injected into the Dell EMC CSI driver as a sidecar. + +### Which Kubernetes distributions are supported? +The supported Kubernetes distributions for Container Storage Modules are documented: +- [Dell EMC Container Storage Module for Authorization](../authorization/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell EMC Container Storage Module for Observability](../observability/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell EMC Container Storage Module for Replication](../replication/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell EMC Container Storage Module for Resiliency](../resiliency/#supported-operating-systemscontainer-orchestrator-platforms) + +The supported distros for the Dell EMC CSI Drivers are located [here](../csidriver/#supported-operating-systemscontainer-orchestrator-platforms). + +### How do I get a list of Container Storage Modules deployed in my cluster with their versions? +The easiest way to find the module version is to check the image tag for the module. For all the namespaces you can execute the following: +``` +kubectl get pods -A -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | grep 'csm\|karavi' | sort | uniq -c +``` +Or if you know the namespace: +``` +kubectl get deployment,daemonset -o wide -n {{namespace}} +``` + +### Does the CSM Installer provide full Container Storage Modules functionality for all products? +The CSM Installer supports the installation of all the Container Storage Modules and Dell EMC CSI drivers. + +### Do all Container Storage Modules need to be the same version, or can I mix and match? +It is advised to comply with the support matrices (links below) and not deviate from it with mixed versions. +- [Dell EMC Container Storage Module for Authorization](../authorization/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell EMC Container Storage Module for Observability](../observability/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell EMC Container Storage Module for Replication](../replication/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell EMC Container Storage Module for Resiliency](../resiliency/#supported-operating-systemscontainer-orchestrator-platforms) +- [Dell EMC CSI Drivers](../csidriver/#supported-operating-systemscontainer-orchestrator-platforms). + +The CSM installer module will help to stay aligned with compatible versions during the first install and future upgrades. + +### Can I run Container Storage Modules in a production environment? +As of CSM 1.0, the Container Storage Modules are GA and ready for production systems. + +### Is Dell Container Storage Modules (CSM) supported by Dell Technologies? +Yes! + +If you find an issue, please follow our [support process](../support/) + +### Can I modify a module or contribute to the project? +Yes! + +All Container Storage Modules are released as open-source projects under Apache-2.0 License. You are free to contribute directly following the [contribution guidelines](https://github.com/dell/csm/blob/main/docs/CONTRIBUTING.md), fork the projects, modify them, and of course share feedback or open tickets ;-) + +### What is coming next? +This is just the beginning of the journey for Dell Container Storage Modules, and there is a full roadmap with more to come, which you can check under the [GithHub Milestones](https://github.com/dell/csm/milestones) page. diff --git a/content/v3/_index.md b/content/v3/_index.md index ae544eaf46..2c2bc57d44 100644 --- a/content/v3/_index.md +++ b/content/v3/_index.md @@ -3,7 +3,28 @@ title: "Documentation" linkTitle: "Documentation" --- - {{% pageinfo color="primary" %}} This document version is no longer actively maintained. The site that you are currently viewing is an archived snapshot. For up-to-date documentation, see the [latest version](/csm-docs/) {{% /pageinfo %}} + +The Dell Container Storage Modules (CSM) enables simple and consistent integration and automation experiences, extending enterprise storage capabilities to Kubernetes for cloud-native stateful applications. It reduces management complexity so developers can independently consume enterprise storage with ease and automate daily operations such as provisioning, snapshotting, replication, observability, authorization and, resiliency. + +CSM Hex Diagram + +CSM is made up of multiple components including modules (enterprise capabilities), CSI drivers (storage enablement) and, other related applications (deployment, feature controllers, etc). + +CSM Diagram + +## CSM Supported Modules and Dell EMC CSI Drivers + +| Modules/Drivers | CSM 1.0 | [Previous](../v1/) | [Older](../v2/) | [Archives](../v3) | +| - | :-: | :-: | :-: | :-: | +| Authorization | 1.0 | - | - | - | +| Observability | 1.0 | - | - | - | +| Replication | 1.0 | - | - | - | +| Resiliency | 1.0 | - | - | - | +| CSI Driver for PowerScale | v2.0 | v1.6 | v1.5 | v1.4 | +| CSI Driver for Unity | v2.0 | v1.6 | v1.5 | v1.3 | +| CSI Driver for PowerStore | v2.0 | v1.4 | v1.3 | v1.2 | +| CSI Driver for PowerFlex | v2.0 | v1.5 | v1.4 | v1.3 | +| CSI Driver for PowerMax | v2.0 | v1.7 | v1.6 | v1.5 | diff --git a/content/v3/archives/_index.md b/content/v3/archives/_index.md deleted file mode 100644 index 888dd2c6a5..0000000000 --- a/content/v3/archives/_index.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Archives -description: Product Guide and Release Notes for previous versions of Dell CSI drivers ---- - -## PowerScale -### v1.3 --[Release Notes](/csm-docs/pdf/RN_isilon.pdf) - --[Product Guide](/csm-docs/pdf/PG_isilon.pdf) - -### v1.2 - --[Release Notes](/csm-docs/pdf/RN_isilon_2.pdf) - --[Product Guide](/csm-docs/pdf/PG_isilon_2.pdf) - -## PowerMax - -### v1.4 --[Release Notes](/csm-docs/pdf/RN_powermax.pdf) - --[Product Guide](/csm-docs/pdf/PG_powermax.pdf) - -## PowerFlex - -### v1.2 --[Release Notes](/csm-docs/pdf/RN_vxflex.pdf) - --[Product Guide](/csm-docs/pdf/PG_vxflex.pdf) - -## PowerStore -### v1.1 --[Release Notes](/csm-docs/pdf/RN_powerstore.pdf) - --[Product Guide](/csm-docs/pdf/PG_powerstore.pdf) - -## Unity -### v1.3 --[Release Notes](/csm-docs/pdf/RN_unity.pdf) - --[Product Guide](/csm-docs/pdf/PG_unity.pdf) diff --git a/content/v3/authorization/_index.md b/content/v3/authorization/_index.md new file mode 100644 index 0000000000..6957c6c6a5 --- /dev/null +++ b/content/v3/authorization/_index.md @@ -0,0 +1,94 @@ +--- +title: "Authorization" +linkTitle: "Authorization" +weight: 4 +Description: > + Dell EMC Container Storage Modules (CSM) for Authorization +--- + +[Container Storage Modules](https://github.com/dell/csm) (CSM) for Authorization is part of the open-source suite of Kubernetes storage enablers for Dell EMC products. + +CSM for Authorization provides storage and Kubernetes administrators the ability to apply RBAC for Dell EMC CSI Drivers. It does this by deploying a proxy between the CSI driver and the storage system to enforce role-based access and usage rules. + +Storage administrators of compatible storage platforms will be able to apply quota and RBAC rules that instantly and automatically restrict cluster tenants usage of storage resources. Users of storage through CSM for Authorization do not need to have storage admin root credentials to access the storage system. + +Kubernetes administrators will have an interface to create, delete, and manage roles/groups that storage rules may be applied. Administrators and/or users may then generate authentication tokens that may be used by tenants to use storage with proper access policies being automatically enforced. + +The following diagram shows a high-level overview of CSM for Authorization with a `tenant-app` that is using a CSI driver to perform storage operations through the CSM for Authorization `proxy-server` to access the a Dell EMC storage system. All requests from the CSI driver will contain the token for the given tenant that was granted by the Storage Administrator. + +![CSM for Authorization](./karavi-authorization-example.png "CSM for Authorization") + +## CSM for Authorization Capabilities +{{}} +| Feature | PowerFlex | PowerMax | PowerScale | Unity | PowerStore | +| - | - | - | - | - | - | +| Ability to set storage quota limits to ensure k8s tenants are not overconsuming storage | Yes | Yes | No (natively supported) | No | No | +| Ability to create access control policies to ensure k8s tenant clusters are not accessing storage that does not belong to them | Yes | Yes | No (natively supported) | No | No | +| Ability to shield storage credentials from Kubernetes administrators ensuring credentials are only handled by storage admins | Yes | Yes | Yes | No | No | +{{
}} + +__NOTE:__ PowerScale OneFS implements its own form of Role-Based Access Control (RBAC). CSM for Authorization does not enforce any role-based restrictions for PowerScale. To configure RBAC for PowerScale, refer to the PowerScale OneFS [documentation](https://www.dell.com/support/home/en-us/product-support/product/isilon-onefs/docs). + +## Supported Operating Systems/Container Orchestrator Platforms +{{}} +| COP/OS | Supported Versions | +|-|-| +| Kubernetes | 1.20, 1.21, 1.22 | +| Red Hat OpenShift | 4.7, 4.8 | +| RHEL | 7.x, 8.x | +| CentOS | 7.8, 7.9 | +{{
}} + +## Supported Storage Platforms + +{{}} +| | PowerMax | PowerFlex | PowerScale | +|---------------|:----------------:|:-------------------:|:----------------:| +| Storage Array |5978.479.479, 5978.669.669, 5978.711.711, Unisphere 9.2| 3.5.x, 3.6.x | OneFS 8.1, 8.2, 9.0, 9.1, 9.2 | +{{
}} + +## Supported CSI Drivers + +CSM for Authorization supports the following CSI drivers and versions. +{{}} +| Storage Array | CSI Driver | Supported Versions | +| ------------- | ---------- | ------------------ | +| CSI Driver for Dell EMC PowerFlex | [csi-powerflex](https://github.com/dell/csi-powerflex) | v2.0 | +| CSI Driver for Dell EMC PowerMax | [csi-powermax](https://github.com/dell/csi-powermax) | v2.0 | +| CSI Driver for Dell EMC PowerScale | [csi-powerscale](https://github.com/dell/csi-powerscale) | v2.0 | +{{
}} + +__Note:__ If the deployed CSI driver has a number of controller pods equal to the number of schedulable nodes in your cluster, CSM for Authorization may not be able to inject properly into the driver's controller pod. +To resolve this, please refer to our [troubleshooting guide](./troubleshooting) on the topic. + +## Roles and Responsibilities + +The CSM for Authorization CLI can be executed in the context of the following roles: +- Storage Administrators +- Kubernetes Tenant Administrators + +### Storage Administrators + +Storage Administrators can perform the following operations within CSM for Authorization + +- Tenant Management (create, get, list, delete, bind roles, unbind roles) +- Token Management (generate, revoke) +- Storage System Management (create, get, list, update, delete) +- Storage Access Roles Management (assign to a storage system with an optional quota) + +### Tenant Administrators + +Tenants of CSM for Authorization can use the token provided by the Storage Administrators in their storage requests. + +### Workflow + +1) Tenant Admin requests storage from a Storage Admin. +2) Storage Admin uses CSM Authorization CLI to:
+ a) Create a tenant resource.
+ b) Create a role permitting desired storage access.
+ c) Assign the role to the tenant and generate a token.
+3) Storage Admin returns a token to the Tenant Admin. +4) Tenant Admin inputs the Token into their Kubernetes cluster as a Secret. +5) Tenant Admin updates CSI driver with CSM Authorization sidecar module. + +![CSM for Authorization Workflow](./design2.png "CSM for Authorization Workflow") \ No newline at end of file diff --git a/content/v3/authorization/cli.md b/content/v3/authorization/cli.md new file mode 100644 index 0000000000..67507e4f8d --- /dev/null +++ b/content/v3/authorization/cli.md @@ -0,0 +1,1046 @@ +--- +title: CLI +linktitle: CLI +weight: 3 +description: > + Dell EMC Container Storage Modules (CSM) for Authorization CLI +--- + +karavictl is a command-line interface (CLI) used to interact with and manage your Container Storage Modules (CSM) Authorization deployment. +This document outlines all karavictl commands, their intended use, options that can be provided to alter their execution, and expected output from those commands. + +If you feel that something is unclear or missing in this document, please open up an [issue](https://github.com/dell/csm/issues). + +| Command | Description | +| - | - | +| [karavictl](#karavictl) | karavictl is used to interact with CSM Authorization Server | +| [karavictl cluster-info](#karavictl-cluster-info) | Display the state of resources within the cluster | +| [karavictl inject](#karavictl-inject) | Inject the sidecar proxy into a CSI driver pod | +| [karavictl generate](#karavictl-generate) | Generate resources for use with CSM | +| [karavictl generate token](#karavictl-generate-token) | Generate tokens | +| [karavictl role](#karavictl-role) | Manage role | +| [karavictl role get](#karavictl-role-get) | Get role | +| [karavictl role list](#karavictl-role-list) | List roles | +| [karavictl role create](#karavictl-role-create) | Create one or more CSM roles | +| [karavictl role update](#karavictl-role-update) | Update one or more CSM roles | +| [karavictl role delete](#karavictl-role-delete ) | Delete role | +| [karavictl rolebinding](#karavictl-rolebinding) | Manage role bindings | +| [karavictl rolebinding create](#karavictl-rolebinding-create) | Create a rolebinding between role and tenant | +| [karavictl storage](#karavictl-storage) | Manage storage systems | +| [karavictl storage get](#karavictl-storage-get) | Get details on a registered storage system | +| [karavictl storage list](#karavictl-storage-list) | List registered storage systems | +| [karavictl storage create](#karavictl-storage-create) | Create and register a storage system | +| [karavictl storage update](#karavictl-storage-update) | Update a registered storage system | +| [karavictl storage delete](#karavictl-storage-delete) | Delete a registered storage system | +| [karavictl tenant ](#karavictl-tenant) | Manage tenants | +| [karavictl tenant create](#karavictl-tenant-create) | Create a tenant resource within CSM | +| [karavictl tenant get](#karavictl-tenant-get) | Get a tenant resource within CSM | +| [karavictl tenant list](#karavictl-tenant-list) | Lists tenant resources within CSM | +| [karavictl tenant get](#karavictl-tenant-get) | Get a tenant resource within CSM | +| [karavictl tenant delete](#karavictl-tenant-delete) | Deletes a tenant resource within CSM | + + +## General Commands + +### karavictl + +karavictl is used to interact with CSM Authorization Server + +##### Synopsis + +karavictl provides security, RBAC, and quota limits for accessing Dell EMC +storage products from Kubernetes clusters + +##### Options + +``` + --config string config file (default is $HOME/.karavictl.yaml) + -h, --help help for karavictl + -t, --toggle Help message for toggle +``` + +##### Output + +Outputs help text + + + +--- + + + +### karavictl cluster-info + +Display the state of resources within the cluster + +##### Synopsis + +Prints table of resources within the cluster, including their readiness + +``` +karavictl cluster-info [flags] +``` + +##### Options + +``` + -h, --help help for cluster-info + -w, --watch Watch for changes +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl cluster-info +NAME READY UP-TO-DATE AVAILABLE AGE +github-auth-provider 1/1 1 1 59m +tenant-service 1/1 1 1 59m +redis-primary 1/1 1 1 59m +proxy-server 1/1 1 1 59m +redis-commander 1/1 1 1 59m +``` + + + +--- + + + +### karavictl inject + +Inject the sidecar proxy into a CSI driver pod + +##### Synopsis + +Injects the sidecar proxy into a CSI driver pod. + +You can inject resources coming from stdin. + +``` +karavictl inject [flags] +``` + +##### Options + +``` + -h, --help help for inject + --image-addr string Help message for image-addr + --proxy-host string Help message for proxy-host +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Examples: + +Inject into an existing vxflexos CSI driver +``` +kubectl get secrets,deployments,daemonsets -n vxflexos -o yaml \ + | karavictl inject --image-addr [IMAGE_REPO]:5000/sidecar-proxy:latest --proxy-host [PROXY_HOST_IP] \ + | kubectl apply -f - +``` + +##### Output + +``` +$ kubectl get secrets,deployments,daemonsets -n vxflexos -o yaml \ +| karavictl inject --image-addr [IMAGE_REPO]:5000/sidecar-proxy:latest --proxy-host [PROXY_HOST_IP] \ +| kubectl apply -f - + +secret/karavi-authorization-config created +deployment.apps/vxflexos-controller configured +daemonset.apps/vxflexos-node configured +``` + + +--- + + + +### karavictl generate + +Generate resources for use with CSM + +##### Synopsis + +Generates resources for use with CSM + +``` +karavictl generate [flags] +``` + +##### Options + +``` + -h, --help help for generate +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +Outputs help text + + + +--- + + + +### karavictl generate token + +Generate tokens + +##### Synopsis + +Generate tokens for use with the CSI Driver when in proxy mode +The tokens are output as a Kubernetes Secret resource, so the results may +be piped directly to kubectl: + +Example: karavictl generate token | kubectl apply -f - + +``` +karavictl generate token [flags] +``` + +##### Options + +``` + --addr string host:port address (default "grpc.gatekeeper.cluster:443") + --from-config string File providing self-generated token information + -h, --help help for token + --tenant Tenant name + --shared-secret string Shared secret for token signing +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl generate token --shared-secret supersecret + +apiVersion: v1 +kind: Secret +metadata: + name: proxy-authz-tokens + namespace: vxflexos +type: Opaque +data: + access: + refresh: +``` + + +Usually, you will want to pipe the output to kubectl to apply the secret +``` +$ karavictl generate token --shared-secret supersecret | kubectl apply -f - +``` + + + +## Role Commands + + + +### karavictl role + +Manage roles + +##### Synopsis + +Manage roles + +``` +karavictl role [flags] +``` + +##### Options + +``` + -h, --help help for role +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +Outputs help text + + + +--- + + + +### karavictl role get + +Get role + +##### Synopsis + +Get role + +``` +karavictl role get [flags] +``` + +##### Options + +``` + -h, --help help for get +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl role get CSISilver + +{ + "Name": "CSISilver", + "StorageSystem": "3000000000011111", + "PoolQuotas": [ + { + "Pool": "mypool", + "Quota": "16 GB" + } + ] +} +``` + + + +--- + + + +### karavictl role list + +List roles + +##### Synopsis + +List roles + +``` +karavictl role list [flags] +``` + +##### Options + +``` + -h, --help help for list +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl role list + +{ + "CSIGold": [ + { + "storage_system_id": "3000000000011111", + "pool_quotas": [ + { + "pool": "mypool", + "quota": 32000000 + } + ] + } + ], + "CSISilver": [ + { + "storage_system_id": "3000000000011111", + "pool_quotas": [ + { + "pool": "mypool", + "quota": 16000000 + } + ] + } + ] +} +``` + + + +--- + + + +### karavictl role create + +Create one or more CSM roles + +##### Synopsis + +Creates one or more CSM roles + +``` +karavictl role create [flags] +``` + +##### Options + +``` + -f, --from-file string role data from a file + --role strings role in the form ==== + -h, --help help for create +``` + +*NOTE:* + - For PowerScale, set the `quota` to 0 as CSM for Authorization does not enforce quota limits. + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl role create --from-file roles.json +``` +On success, there will be no output. You may run `karavictl role get ` to confirm the creation occurred. + +Alternatively, you can create a role in-line using: + +``` +$ karavictl role create --role=role-name=system-type=000000000001=mypool=200000000 +``` + +--- + + + +### karavictl role update + +Update one or more CSM roles + +##### Synopsis + +Updates one or more CSM roles + +``` +karavictl role update [flags] +``` + +##### Options + +``` + -f, --from-file string role data from a file + --role strings role in the form ==== + -h, --help help for update +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl role update --from-file roles.json +``` +On success, there will be no output. You may run `karavictl role get ` to confirm the update occurred. + +Alternatively, you can update existing roles in-line using: + +``` +$ karavictl role update --role=role-name=system-type=000000000001=mypool=400000000 +``` +--- + + + +### karavictl role delete + +Delete role + +##### Synopsis + +Delete role + +``` +karavictl role delete [flags] +``` + +##### Options + +``` + -h, --help help for delete +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl role delete CSISilver +``` +On success, there will be no output. You may run `karavictl role get ` to confirm the deletion occurred. + + + +--- + + + +### karavictl rolebinding + +Manage role bindings + +##### Synopsis + +Management for role bindings + +``` +karavictl rolebinding [flags] +``` + +##### Options + +``` + -h, --help help for rolebinding +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +Outputs help text + + + +--- + + + +### karavictl rolebinding create + +Create a rolebinding between role and tenant + +##### Synopsis + +Creates a rolebinding between role and tenant + +``` +karavictl rolebinding create [flags] +``` + +##### Options + +``` + -h, --help help for create + -r, --role string Role name + -t, --tenant string Tenant name +``` + +##### Options inherited from parent commands + +``` + --addr string Address of the server (default "localhost:443") + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl rolebinding create --role CSISilver --tenant Alice +``` +On success, there will be no output. You may run `karavictl tenant get ` to confirm the rolebinding creation occurred. + + + +## Storage Commands + + + +### karavictl storage + +Manage storage systems + +##### Synopsis + +Manages storage systems + +``` +karavictl storage [flags] +``` + +##### Options + +``` + -h, --help help for storage +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +Outputs help text + + + +--- + + + +### karavictl storage get + +Get details on a registered storage system. + +##### Synopsis + +Gets details on a registered storage system. + +``` +karavictl storage get [flags] +``` + +##### Options + +``` + -h, --help help for get + -s, --system-id string System identifier (default "systemid") + -t, --type string Type of storage system ("powerflex", "powermax") +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl storage get --type powerflex --system-id 3000000000011111 +{ + "User": "admin", + "Password": "(omitted)", + "Endpoint": "https://1.1.1.1", + "Insecure": true +} +``` + + + +--- + + + +### karavictl storage list + +List registered storage systems. + +##### Synopsis + +Lists registered storage systems. + +``` +karavictl storage list [flags] +``` + +##### Options + +``` + -h, --help help for list +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl storage list + +{ + "storage": { + "powerflex": { + "3000000000011111": { + "Endpoint": "https://1.1.1.1", + "Insecure": true, + "Password": "(omitted)", + "User": "admin" + } + } + } +} +``` + + + +--- + + + +### karavictl storage create + +Create and register a storage system. + +##### Synopsis + +Creates and registers a storage system. + +``` +karavictl storage create [flags] +``` + +##### Options + +``` + -e, --endpoint string Endpoint of REST API gateway + -h, --help help for create + -i, --insecure Insecure skip verify + -p, --password string Password (default "****") + -s, --system-id string System identifier (default "systemid") + -t, --type string Type of storage system ("powerflex", "powermax") + -u, --user string Username (default "admin") +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl storage create --endpoint https://1.1.1.1 --insecure --system-id 3000000000011111 --type powerflex --user admin --password ******** +``` +On success, there will be no output. You may run `karavictl storage get --type --system-id ` to confirm the creation occurred. + + +--- + + + +### karavictl storage update + +Update a registered storage system. + +##### Synopsis + +Updates a registered storage system. + +``` +karavictl storage update [flags] +``` + +##### Options + +``` + -e, --endpoint string Endpoint of REST API gateway + -h, --help help for update + -i, --insecure Insecure skip verify + -p, --pass string Password (default "****") + -s, --system-id string System identifier (default "systemid") + -t, --type string Type of storage system ("powerflex", "powermax") + -u, --user string Username (default "admin") +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl storage update --endpoint https://1.1.1.1 --insecure --system-id 3000000000011111 --type powerflex --user admin --password ******** +``` +On success, there will be no output. You may run `karavictl storage get --type --system-id ` to confirm the update occurred. + + + +--- + + + +### karavictl storage delete + +Delete a registered storage system. + +##### Synopsis + +Deletes a registered storage system. + +``` +karavictl storage delete [flags] +``` + +##### Options + +``` + -h, --help help for delete + -s, --system-id string System identifier (default "systemid") + -t, --type string Type of storage system ("powerflex", "powermax") +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output +``` +$ karavictl storage delete --type powerflex --system-id 3000000000011111 +``` +On success, there will be no output. You may run `karavictl storage get --type --system-id ` to confirm the deletion occurred. + + + +## Tenant Commands + + + +### karavictl tenant + +Manage tenants + +##### Synopsis + +Management fortenants + +``` +karavictl tenant [flags] +``` + +##### Options + +``` + -h, --help help for tenant +``` + +##### Options inherited from parent commands + +``` + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +Outputs help text + + + +--- + + + +### karavictl tenant create + +Create a tenant resource within CSM + +##### Synopsis + +Creates a tenant resource within CSM + +``` +karavictl tenant create [flags] +``` + +##### Options + +``` + -h, --help help for create + -n, --name string Tenant name +``` + +##### Options inherited from parent commands + +``` + --addr string Address of the server (default "localhost:443") + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output +``` +$ karavictl tenant create --name Alice +``` +On success, there will be no output. You may run `karavictl tenant get --name ` to confirm the creation occurred. + + + +--- + + + + +### karavictl tenant get + +Get a tenant resource within CSM + +##### Synopsis + +Gets a tenant resource within CSM + +``` +karavictl tenant get [flags] +``` + +##### Options + +``` + -h, --help help for create + -n, --name string Tenant name +``` + +##### Options inherited from parent commands + +``` + --addr string Address of the server (default "localhost:443") + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl tenant get --name Alice + +{ + "name": "Alice" +} + +``` + + + +--- + + + +### karavictl tenant list + +Lists tenant resources within CSM + +##### Synopsis + +Lists tenant resources within CSM + +``` +karavictl tenant list [flags] +``` + +##### Options + +``` + -h, --help help for create +``` + +##### Options inherited from parent commands + +``` + --addr string Address of the server (default "localhost:443") + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output + +``` +$ karavictl tenant list + +{ + "tenants": [ + { + "name": "Alice" + } + ] +} + +``` + + + +--- + + + +### karavictl tenant delete + +Deletes a tenant resource within CSM + +##### Synopsis + +Deletes a tenant resource within CSM + +``` +karavictl tenant delete [flags] +``` + +##### Options + +``` + -h, --help help for create + -n, --name string Tenant name +``` + +##### Options inherited from parent commands + +``` + --addr string Address of the server (default "localhost:443") + --config string config file (default is $HOME/.karavictl.yaml) +``` + +##### Output +``` +$ karavictl tenant delete --name Alice +``` +On success, there will be no output. You may run `karavictl tenant get --name ` to confirm the deletion occurred. \ No newline at end of file diff --git a/content/v3/authorization/deployment.md b/content/v3/authorization/deployment.md new file mode 100644 index 0000000000..b2c11a53a0 --- /dev/null +++ b/content/v3/authorization/deployment.md @@ -0,0 +1,274 @@ +--- +title: Deployment +linktitle: Deployment +weight: 2 +description: > + Dell EMC Container Storage Modules (CSM) for Authorization deployment +--- + +This section outlines the deployment steps for Container Storage Modules (CSM) for Authorization. The deployment of CSM for Authorization is handled in 2 parts: +- Deploying the CSM for Authorization proxy server, to be controlled by storage administrators +- Configuring one to many [supported](../../authorization#supported-csi-drivers) Dell EMC CSI drivers with CSM for Authorization + +## Prerequisites + +The CSM for Authorization proxy server requires a Linux host with the following minimum resource allocations: +- 32 GB of memory +- 4 CPU +- 200 GB local storage + +## Deploying the CSM Authorization Proxy Server + +The first part deploying CSM for Authorization is installing the proxy server. This activity and the administration of the proxy server will be owned by the storage administrator. + +The CSM for Authorization proxy server is installed using a single binary installer. + +### Single Binary Installer + +The easiest way to obtain the single binary installer RPM is directly from the [GitHub repository's releases](https://github.com/dell/karavi-authorization/releases) section. + +The single binary installer can also be built from source by cloning the [GitHub repository](https://github.com/dell/karavi-authorization) and using the following Makefile targets to build the installer: + +``` +make dist build-installer rpm +``` + +The `build-installer` step creates a binary at `bin/deploy` and embeds all components required for installation. The `rpm` step generates an RPM package and stores it at `deploy/rpm/x86_64/`. +This allows CSM for Authorization to be installed in network-restricted environments. + +A Storage Administrator can execute the installer or rpm package as a root user or via `sudo`. + +### Installing the RPM + +1. Before installing the rpm, some network and security configuration inputs need to be provided in json format. The json file should be created in the location `$HOME/.karavi/config.json` having the following contents: + + ```json + { + "web": { + "sidecarproxyaddr": "docker_registry/sidecar-proxy:latest", + "jwtsigningsecret": "secret" + }, + "proxy": { + "host": ":8080" + }, + "zipkin": { + "collectoruri": "http://DNS_host_name:9411/api/v2/spans", + "probability": 1 + }, + "certificate": { + "keyFile": "path_to_private_key_file", + "crtFile": "path_to_host_cert_file", + "rootCertificate": "path_to_root_CA_file" + }, + "hostName": "DNS_host_name" + } + ``` + + In the above template, `DNS_host_name` refers to the hostname of the system in which the CSM for Authorization server will be installed. This hostname can be found by running the below command on the system: + + ``` + nslookup + ``` + +2. In order to configure secure grpc connectivity, an additional subdomain in the format `grpc.DNS_host_name` is also required. All traffic from `grpc.DNS_host_name` needs to be routed to `DNS_host_name` address, this can be configured by adding a new DNS entry for `grpc.DNS_host_name` or providing a temporary path in the `/etc/hosts` file. + + **NOTE:** The certificate provided in `crtFile` should be valid for both the `DNS_host_name` and the `grpc.DNS_host_name` address. + + For example, create the certificate config file with alternate names (to include example.com and grpc.example.com) and then create the .crt file: + + ``` + CN = example.com + subjectAltName = @alt_names + [alt_names] + DNS.1 = grpc.example.com + + openssl x509 -req -in cert_request_file.csr -CA root_CA.pem -CAkey private_key_File.key -CAcreateserial -out example.com.crt -days 365 -sha256 + ``` + +3. To install the rpm package on the system, run the below command: + + ```shell + rpm -ivh + ``` + +4. After installation, application data will be stored on the system under `/var/lib/rancher/k3s/storage/`. + +## Configuring the CSM for Authorization Proxy Server + +The storage administrator must first configure the proxy server with the following: +- Storage systems +- Tenants +- Roles +- Bind roles to tenants + +Run the following commands on the Authorization proxy server: + + ```console + # Specify any desired name + export RoleName="" + export RoleQuota="" + export TenantName="" + + # Specify info about Array1 + export Array1Type="" + export Array1SystemID="" + export Array1User="" + export Array1Password="" + export Array1Pool="" + export Array1Endpoint="" + + # Specify info about Array2 + export Array2Type="" + export Array2SystemID="" + export Array2User="" + export Array2Password="" + export Array2Pool="" + export Array2Endpoint="" + + # Specify IPs + export DriverHostVMIP="" + export DriverHostVMPassword="" + export DriverHostVMUser="" + + # Specify Authorization host address. NOTE: this is not the same as IP + export AuthorizationHost="" + + echo === Creating Storage(s) === + # Add array1 to authorization + karavictl storage create \ + --type ${Array1Type} \ + --endpoint ${Array1Endpoint} \ + --system-id ${Array1SystemID} \ + --user ${Array1User} \ + --password ${Array1Password} \ + --insecure + + # Add array2 to authorization + karavictl storage create \ + --type ${Array2Type} \ + --endpoint ${Array2Endpoint} \ + --system-id ${Array2SystemID} \ + --user ${Array2User} \ + --password ${Array2Password} \ + --insecure + + echo === Creating Tenant === + karavictl tenant create -n $TenantName --insecure --addr "grpc.${AuthorizationHost}" + + echo === Creating Role === + karavictl role create \ + --role=${RoleName}=${Array1Type}=${Array1SystemID}=${Array1Pool}=${RoleQuota} \ + --role=${RoleName}=${Array2Type}=${Array2SystemID}=${Array2Pool}=${RoleQuota} + + echo === === Binding Role === + karavictl rolebinding create --tenant $TenantName --role $RoleName --insecure --addr "grpc.${AuthorizationHost}" + ``` + +### Generate a Token + +After creating the role bindings, the next logical step is to generate the access token. The storage admin is responsible for generating and sending the token to the Kubernetes tenant admin. + + ``` + echo === Generating token === + karavictl generate token --tenant $TenantName --insecure --addr "grpc.${AuthorizationHost}" | jq -r '.Token' > token.yaml + + echo === Copy token to Driver Host === + sshpass -p $DriverHostPassword scp token.yaml ${DriverHostVMUser}@{DriverHostVMIP}:/tmp/token.yaml + ``` + +**Note:** The sample above copies the token directly to the Kubernetes cluster master node. The requirement here is that the token must be copied and/or stored in any location accessible to the Kubernetes tenant admin. + +### Copy the karavictl Binary to the Kubernetes Master Node + +The karavictl binary is available from the CSM for Authorization proxy server. This needs to be copied to the Kubernetes master node where Kubernetes tenant admins so they configure the Dell EMC CSI driver with CSM for Authorization. + +``` +sshpass -p dangerous scp bin/karavictl root@10.247.96.174:/tmp/karavictl +``` + +**Note:** The storage admin is responsible for copying the binary to a location accessible by the Kubernetes tenant admin. + +## Configuring a Dell EMC CSI Driver with CSM for Authorization + +The second part of CSM for Authorization deployment is to configure one or more of the [supported](../../authorization#supported-csi-drivers). This is controlled by the Kubernetes tenant admin. + +There are currently 2 ways of doing this: +- Using the [CSM Installer](../../deployment) (*Recommended installation method*) +- Manually by following the steps [below](#configuring-a-dell-emc-csi-driver) + +### Configuring a Dell EMC CSI Driver + +Given a setup where Kubernetes, a storage system, CSI driver(s), and CSM for Authorization are deployed, follow the steps below to configure the CSI Drivers to work with the Authorization sidecar: + +Run the following commands on the CSI Driver host + + ```console + # Specify Authorization host address. NOTE: this is not the same as IP + export AuthorizationHost="" + + echo === Applying token token === + # It is assumed that array type powermax has the namespace "powermax" and powerflex has the namepace "vxflexos" + kubectl apply -f /tmp/token.yaml -n powermax + kubectl apply -f /tmp/token.yaml -n vxflexos + + echo === injecting sidecar in all CSI driver hosts that token has been applied to === + sudo curl -k https://${AuthorizationHost}/install | sh + + # NOTE: you can also query parameters("namespace" and "proxy-port") with the curl url if you desire a specific behavior. + # 1) For instance, if you want to inject into just powermax, you can run + # sudo curl -k https://${AuthorizationHost}/install?namespace=powermax | sh + # 2) If you want to specify the proxy-port for powermax to be 900001, you can run + # sudo curl -k https://${AuthorizationHost}/install?proxy-port=powermax:900001 | sh + # 3) You can mix behaviors + # sudo curl -k https://${AuthorizationHost}/install?namespace=powermax&proxy-port=powermax:900001&namespace=vxflexos | sh + ``` + +## Updating CSM for Authorization Proxy Server Configuration + +CSM for Authorization has a subset of configuration parameters that can be updated dynamically: + +| Parameter | Type | Default | Description | +| --------- | ---- | ------- | ----------- | +| certificate.crtFile | String | "" |Path to the host certificate file | +| certificate.keyFile | String | "" |Path to the host private key file | +| certificate.rootCertificate | String | "" |Path to the root CA file | +| web.sidecarproxyaddr | String |"127.0.0.1:5000/sidecar-proxy:latest" |Docker registry address of the CSM for Authorization sidecar-proxy | +| web.jwtsigningsecret | String | "secret" |The secret used to sign JWT tokens | + +Updating configuration parameters can be done by editing the `karavi-config-secret` on the CSM for the Authorization Server. The secret can be queried using k3s and kubectl like so: + +`k3s kubectl -n karavi get secret/karavi-config-secret` + +To update or add parameters, you must edit the base64 encoded data in the secret. The` karavi-config-secret` data can be decoded like so: + +`k3s kubectl -n karavi get secret/karavi-config-secret -o yaml | grep config.yaml | head -n 1 | awk '{print $2}' | base64 -d` + +Save the output to a file or copy it to an editor to make changes. Once you are done with the changes, you must encode the data to base64. If your changes are in a file, you can encode it like so: + +`cat | base64` + +Copy the new, encoded data and edit the `karavi-config-secret` with the new data. Run this command to edit the secret: + +`k3s kubectl -n karavi edit secret/karavi-config-secret` + +Replace the data in `config.yaml` under the `data` field with your new, encoded data. Save the changes and CSM for Authorization will read the changed secret. + +__Note:__ If you are updating the signing secret, the tenants need to be updated with new tokens via the `karavictl generate token` command like so: + +`karavictl generate token --tenant $TenantName --insecure --addr "grpc.${AuthorizationHost}" | jq -r '.Token' > kubectl -n $namespace apply -f -` + +## CSM for Authorization Proxy Server Dynamic Configuration Settings + +Some settings are not stored in the `karavi-config-secret` but in the csm-config-params ConfigMap, such as LOG_LEVEL and LOG_FORMAT. To update the CSM for Authorization logging settings during runtime, run the below command on the K3s cluster, make your changes, and save the updated configmap data. + +``` +k3s kubectl -n karavi edit configmap/csm-config-params +``` + +This edit will not update the logging level for the sidecar-proxy containers running in the CSI Driver pods. To update the sidecar-proxy logging levels, you must update the associated CSI Driver ConfigMap in a similar fashion: + +``` +kubectl -n [CSM_CSI_DRVIER_NAMESPACE] edit configmap/-config-params +``` + +Using PowerFlex as an example, `kubectl -n vxflexos edit configmap/vxflexos-config-params` can be used to update the logging level of the sidecar-proxy and the driver. \ No newline at end of file diff --git a/content/v3/authorization/design.md b/content/v3/authorization/design.md new file mode 100644 index 0000000000..8d9cd34138 --- /dev/null +++ b/content/v3/authorization/design.md @@ -0,0 +1,262 @@ +--- +title: Design +linktitle: Design +weight: 1 +description: > + Dell EMC Container Storage Modules (CSM) for Authorization design +--- + +Container Storage Modules (CSM) for Authorization is designed as a service mesh solution and consists of many internal components that work together in concert to achieve its overall functionality. + +This document provides an overview of the major components, including how they fit together and pointers to implementation details. + +If you are a developer who is new to CSM for Authorization and want to build a mental map of how it works, you're in the right place. + +## Terminology + +* **Service Mesh** - An infrastructure layer consisting of proxies that intercept and route requests between existing services. +* **CSI** - Acronym for the Container Storage Interface. +* **Proxy (L7)** - A gateway between networked services that inspects request traffic. +* **Sidecar Proxy** - A service mesh proxy that runs alongside existing services, rather than within them. +* **Pod** - A Kubernetes abstraction for a set of related containers that are to be considered as one unit. +* **Tenant** - A named persona who owns a Kubernetes cluster and is considered the "client-side" user. +* **Storage Administrator** - A named persona who owns a storage array and is considered the admin user. + +## Bird's Eye View + +``` ++-----------------------------------+ +| Kubernetes | +| | +| +---------+ +---------+ | +---------------+ +| | CSI | | Sidecar | | | CSM | +---------+ +| | Driver |---------> Proxy |---------------> Authorization |--------------> Storage | +| +---------+ +---------+ | | Server | | Array | +| | +---------------+ +---------+ ++-----------------------------------+ ^ + | + | + | + +------------+ + | karavictl | + | CLI | + +------------+ +``` + +**NOTE:** Arrows indicate request or connection initiation, not necessarily data flow direction. + +The sections below explain each component in the diagram. + +### Kubernetes + +The architecture assumes a Kubernetes cluster that intends to offer external storage to applications hosted therein. +The mechanism for managing this storage would utilize a CSI Driver. + +**Architecture Invariant**: We assume there may be many Kubernetes clusters, potentially containing multiple CSI Drivers each with their own Sidecar Proxy. + +### CSI Driver + +A CSI Driver supports the Container Service Interface (CSI) specification. Dell EMC provides customers with CSI Drivers for its various storage arrays. +CSM for Authorization intends to support a majority, if not all, of these drivers. + +A CSI Driver will typically be configured to communicate directly to its intended storage array and as such will be limited in using only the authentication +methods supported by the Storage Array itself, e.g. Basic authentication over TLS. + +**Architecture Invariant**: We try to avoid having to make any code changes to the CSI Driver when adding support for it. Any CSI Driver should ideally not be aware that it is communicating to the Sidecar Proxy. + +### Sidecar Proxy + +The CSM for Authorization Sidecar Proxy is a sidecar container that gets "injected" into the CSI Driver's Pod. It acts as a proxy and forwards all requests to a +CSM Authorization Server. + +The [CSI Driver section](#csi-driver) noted the limitation of a CSI Driver using Storage Array supported authentication methods only. By nature of being a proxy, the CSM for Authorization +Sidecar Proxy is able to override the Authorization HTTP header for outbound requests to use Bearer tokens. Such tokens are managed by CSM for Authorization as will +be described later in this document. + +### CSM for Authorization Server + +The CSM for Authorization Server is, at its core, a Layer 7 proxy for intercepting traffic between a CSI Driver and a Storage Array. + +Inbound requests are expected to originate from the CSM for Authorization Sidecar Proxy, for the following reasons: + +* Processing a set of agreed upon HTTP headers (added by the CSM for Authorization Sidecar Proxy) to assist in routing traffic to the intended Storage Array. +* Inspection of CSM-specific Authorization Bearer tokens. + +### CSM for Authorization CLI + +The [*karavictl*](../cli) CLI (Command Line Interface) application allows Storage Admins to manage and interact with a running CSM for Authorization Server. + +Additionally, *karavictl* provides functionality for supporting the sidecar proxy injection mechanism mentioned above. Injection is discussed in more detail later +on in this document. + +### Storage Array + +A Storage Array is typically considered to be one of the various Dell EMC storage offerings, e.g. Dell EMC PowerFlex which is supported by CSM for Authorization +today. Support for more Storage Arrays will come in the future. + +## How it Works + +CSM for Authorization intends to override the existing authorization methods between a CSI Driver and its Storage Array. This may be desirable for several reasons, if: + +* The CSI Driver requires privileged login credentials (e.g. "root") in order to function. +* The Storage Array does not natively support the concept of RBAC and/or multi-tenancy. + +This section of of the document describes how CSM for Authorization provides a solution to these problems. + +### Bearer Tokens + +CSM for Authorization overrides any existing authorization mechanism between a CSI Driver and its corresponding Storage Array with the use of JSON Web Tokens (JWTs). The CSI Driver and Storage Array will not be aware of this taking place. + +In the context of [RFC-6749](https://tools.ietf.org/html/rfc6749#section-1.5) there are two such JWTs that are used: + +* Access token: a single token valid for a short period of time. +* Refresh token: a single token used to obtain access tokens. Typically valid for a longer period of time. + +Both tokens are opaque to the client, yet provide meaningful information to the server, specifically: + +* The Tenant for whom the token is associated with. +* The Roles that are bound to the Tenant. + +Tokens encode the following set of claims: + +```json +{ + "aud": "karavi", + "exp": 1915585883, + "iss": "com.dell.karavi", + "sub": "karavi-tenant", + "roles": "role-a,role-b,role-c", + "group": "Tenant-1" +} +``` + +Both tokens are signed using a server-side secret preventing the risk of tampering by any client. For example, a bad-actor is unable to modify a token to give themselves a role that they should not have, at least without knowing the server-side secret. + +The refresh approach is beneficial for the following reasons: + +* Accidental exposure of an access token poses a lesser security concern, given the set expiration time is short (e.g. 30 seconds). +* The CSM for Authorization Server can fully trust the access token without having to perform a database check on each request (doing so would nullify the benefits of using tokens in the first place). +* The CSM for Authorization Server can defer Tenant checks at refresh time only, e.g. do not allow refresh if the Tenant's access has been revoked by a Storage Admin. There may be a short time window in between revocation and enforcement, depending on the access token's expiration time. + +The following diagram shows the access and refresh tokens in play and how a valid access token is required for a request to be proxied to the intended Storage Array. + +``` + +---------+ +---------------+ + | | | | + | | | | +----------+ + | |--(A)------------ Access Token ----------->| |------>| | + | | | CSM | | | + | |<-(B)---------- Protected Resource --------| Authorization |<------| Storage | + | Sidecar | | Server | | Array | + | Proxy |--(C)------------ Access Token ----------->| | | | + | | | | | | + | |<-(D)------ Invalid Token Error -----------| | | | + | | | | +----------+ + | | | | + | |--(E)----------- Refresh Token ----------->| | + | | & Expired Access Token | | + | |<-(F)----------- Access Token -------------| | + +---------+ +---------------+ +``` + +* A) CSI Driver makes a request to the Storage Array: + * request is intercepted by the Sidecar Proxy to add the access token. + * The CSM for Authorization Server deems the access token valid. + * The CSM for Authorization Server permits the request to be proxied to the intended Storage Array. +* B) Storage Array response is sent back as expected. +* C) CSI Driver makes a request to the Storage Array: + * request is intercepted by the Sidecar Proxy to add the access token. + * The CSM for Authorization Server deems the access token is invalid; it has since expired. +* D) The CSM for Authorization Server responds with HTTP 401 Unauthorized. +* E) Sidecar Proxy requests a new access token by passing both refresh token and expired token. +* F) The CSM for Authorization Server processes the request: + * is the refresh token valid? + * is the access token expired? + * has the Tenant had access revoked? + * a new access token is sent in response if the checks pass. + +### Roles + +So we know a token encodes both the identification of a Tenant and their Roles, but what's in a Role? + +A role can be defined as follows: + +* It has a name, e.g. "role-a". +* It can be bound to a Tenant +* It can be unbound from a Tenant. +* It determines access to zero or more storage pools and assigns a storage quota for each. + * Quota represents the upper-limit of the total aggregation of used storage capacity for a Tenant's resources in a storage pool. +* It prevents ambiguity by identifying each storage pool in the form of *system-type:system-id:pool-name*. + +Below is an example of how roles are represented internally in JSON: + +```json +{ + "Developer": { + "system_types": { + "powerflex": { + "system_ids": { + "542a2d5f5122210f": { + "pool_quotas": { + "bronze": 99000000 + } + } + } + } + } + } +} +``` + +This role says _Allow Tenants with the Developer role access to the bronze pool on PowerFlex system 542a2d5f5122210f, and cap their total capacity usage at 99000000Kb (99Gb)._ + +### Policy + +CSM for Authorization leverages the [Open Policy Agent](https://www.openpolicyagent.org/) to use a policy-as-code approach to policy management. It stores a collection of policy files written in Rego language. Each policy file defines a set of policy rules that form the basis of a policy decision. A policy decision is made by processing the inputs provided. For CSM for Authorization, the inputs are: + +* The set of roles defined by the Storage Admin. +* The claims section of a validated JWT. +* The JSON payload of the storage request. + +Given these inputs, many decisions can be made to answer questions like "Can Tenant X, with _these_ roles provision _this_ volume of size Y?". The result of the policy decision will determine whether or not the request is proxied. + +``` + +----------------+ + | Open Policy | + | Agent | + | | + JWT | +--------+ | + Claims ------\ | | Policy | ----------> Allow/Deny + -----> | (Rego) | | + Storage -----> +--------+ | + Request -----/ +-------^--------+ + | + | + | + Role + Data +``` + +### Quota & Volume Ownership + +Policy decisions based on the current request and set of roles alone are not enough. CSM for Authorization must maintain a cache of volumes approved for creation and deletion in order to know if a Tenant has already consumed their quota on a given storage pool. + +A Redis database is used to store this volume data and their relationship with a Tenant, Storage Array and Pool. The use of composite keys provide fast, constant time look up of volumes, e.g. `quota:powerflex:542a2d5f5122210f:bronze:Tenant-1:data` is a Redis hash with volume data as its values. + +## Cross-Cutting Concerns + +This section documents the pieces of code that are general in nature and shared across multiple packages. + +### Logging + +CSM for Authorization uses the [Logrus](https://github.com/sirupsen/logrus) package when logging messages. + +## Observability + +Both the CSM for Authorization Server and Sidecar Proxy are long-running processes, so it's important to understand what's going on inside. We use OpenTelemetry (otel) to help with that. + +The following otel exporters are used: + +* `go.opentelemetry.io/otel/exporters/metric/prometheus` +* `go.opentelemetry.io/otel/exporters/trace/zipkin` +* `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` \ No newline at end of file diff --git a/content/v3/authorization/design1.png b/content/v3/authorization/design1.png new file mode 100644 index 0000000000000000000000000000000000000000..89c748d0b56803d0c3a34370548e12fba176bf8f GIT binary patch literal 22497 zcmbrm1zeO{7dL9qNQcrXT>_E=NOyNjDBU%HfC58Ehafc|-AE%LGAbz@N(>?0Ln9&I z1DxaWocFx)d;^8R2Y3LgfW{v_e7GvOAtfaR z6auepZEcd0lE4Gd0H^}`0^dLhP<#D-U4Gq5LP7#4mzI|Py%1=2-3uTB)LxGcv zkO`m)9c`!_z#_z5Lq+ojIyNpYE*4fp=)AN~Mz;oaO36F}7iHV6#e3kS%H6t@KGb=YQudt}N zqT+33Lqik5(}xcqKX>-@^!N9VjE;^^&CJYvpI=Z*elN5w51 zBk)4cNL)#ansyYUO%(KbGdqayYl*EQGhOQnuPhK{LFuRgOvdi%xm>HIe0hLNzu-

poZaTX8^u3<2$S+M&XeqFeKwg?)T-RACjG8cnUl^^2HpECW!92GsoiMKVwKN2iagBS4ic1SW|_ldHo7`j3~zgsYbSq(EbF z_DDPxAS&oAkOBNFSEdFA+Kga8LjQW{_9Dzh|HsgmukFY2fAH=s^pGYv*5C~Smm6Hi zhQ06&)~=wR;yS`}O3bv(-#=d3B_5mp+}=piHQi?UVR)@Fy`0U+2PV*bseSrn94pU+ zQ1#1)GMWta?8~kgt1gG|*Uq+L+wd8yh!J0l+vr0iwgi-w;<>JoHJ^ysB3))-JO|C~ z`l4Rcx=$ZlyJ>=V*_9OrFlOy0`ON7&(gs(;--3akyB-vp_h8`; zGbk4$_XqaSrvl_-BK=lcoh_%GUGkb`b+Fu?b$x&@3FgxTy84mCt}gV=73;|w8s~BM ztTrf&=U(oQR9s5^)|~Sb2e#!mh}fTWNwoy-9VB^81a{pExl_IOSACSpZi%ftHqD(z z_2XE06t`q20shhu)6>rU(HC{on~-t{WFEYV+sfACm{>xSFzgaGFErymf!knTfQV&@ zT~g#f=q9l_wH8j9V8$~@^*W!D`^ zV-E9cDeM`}^=^IaYvSZ}^vhL62h$4W5J!V?a%tf-R77OtKFNa&rHv{4rg$-1hY&;I z;f18H{i`2oyW;8|Emwb6>WA2~I-_Qzqf^M zX+2%JrG7VwmhJQ`XFeVSR$c5^V9&`}R>H)zrNj+OV4c!w4E#u(Zhz8TgQQC)k~8{N zK53In?~$P0PosEWZTa%X>TVy_E<``Z&?lPqL;=%4k_2-_9_6jXBXk<~tia*Ou@M-& z`_-q$Ai}&jzkM0CDG@(|@QWgPL_ zZ)K$&@{VDz(cfnW{eU^-Eyf3Z8=u%2(aza@CX-wM_K;su5shx=!LOX6Ypl4b*k}M%k~QQ_m(BxD+BdH zUqa55K{{X8##dT*TkldXJ9_G@`(Pjpg~f}KGn!-q*zZ_vhu{VEPoU2?%Nm$8PFLw1 zPQ^WRmGQ)K57K^=iCHn>s9{%9VSH=cG0pgMZX$(#;`dD@xyjfh4E7ucZz37U7maa*~5yy?j%{FbC@9rLxp zw{Fcwc;sZbI;p8`*CVRw7K2`BTvz% zr+FQ0b6mz}y6tWoo<`6JNaFDZIV87E<0s{v!_^aRWXhCwIAF^X;!C>MKTV?3Zcf4P zQ+2A}ui*dQ1?dqIX(0SQs=Sv5VOY*%4nXD>;dJp46AfbnJpA{B-5Lol5$14-i{u z_bnB*h~3ZwfA;l_ig)&FAbZp8YK^cMKA$_RoJI9XH$v-}<|Uep+YPnP30NG zAE)fn%2R31OePtG`MHo{W*<7JQN!6N&z@tJy;IY6JUt+q7v}xY$q5yq$25uv6n6F% zjRAgrK?e;1`Pd%bHo_2T*65eO@x+GNIbczk=3`MD)W+?GqKeZ>T@`UJz5ffq%RmEma%BvBf}c+V~B3T z&sXOOW2V=q51KS(UGZRENlS{aptivq6185F!X~U0sYP}erRFvd4qv_HV8#h*1C4~R zziBe0jrvy6N`hCr6Pm2${D8enh1K|(`76(IgThO*(Is#&61f3l6@`1r&?qwL60#Sj z372j$1z68j|FA>0iJxUK65@htO)ppm2^D&oe4OD}>od!v6nNL+n(GMqeEwEj#Gb8q z{RgDwT&T?#+7L}4?}ZIzET_~l7u;V2g-0mb?rs`&;&&5CW3D|79i^xx3=oqy2&=(K zHSi?~H!FT;`|&=WL9EOX-;$mOk4Ot5I7%FsyUACBUww_%krV#;)Yv?4^*nEX*0Gbk z8$A?ni1lH@^qTZ!L3|KqmkT3wZYWi`-<>S5NRjr*oXOdO>R~pnMr5s~xd94WQDj#c zd3{$`qqx0L9*gT8W9E9_qE~C+@zb*Xr~+(Kfq<^Y(AK>>%Zzd%T;|WeR3$j{9lQJF z{j7b_g{?~)1FYp$d2R4qnbuDfC;3<9kX0H9!CkLrXG?B=jlTO8 zob=0!io2y5Ld#D(nCcjgpO>OBQa@JzIRNX*E`1kM`wrIt$X>?!8&YgvI^r~ung7%) zBKY`xsXx`hmK-M42`B5G7SqOZoha)wQ(tqRtjB8B%g=udAo z^>;7rf6k9koy@izgGmVL@wMx&RZ>hg6eubvCR6hViYt|w*Qs=S2wF-{ki2CIkQfY3 zlyw?2-rzKME$Wc6t!fn6a14W3Jc*7RpGdF2pvGrwdriS-Sla?m4@x85mS4lbn zztEPbUKeMNdrW6aQu^Fp#nis>7=4VgyRGVh*)K8P82%v zo5gi<)7v<^Gu3!$FtfTXykwA-`cxw)g}iKgoi26Tsh2`$QHNM1)Nwvkt6KOvVJhu< za@)IqPm~Cxp7Pdp^kA3p>k9=y{8~xBOT4q35gwoQjx@r+yOrF`2G~I}+ee9cRiZ>?fV^`9|`e=(gB;y~qWVlC& zLpm66x4zsW#>&U8g$&21|Fmpg_RhqB7AhGPiG5g09B#jtK%knOg=b+!ffFP_tZyT@ z4`xOkk?u-mhty!(Q1RAIJ3`vV9tm;y+NnvRDN{^{v<~6Z_%O;HtM=;-ntSv;8uQOZ zW92hGL$bqJ%=Lmc4Cz&JGzr~a7=F!shx|c% zq6oA3^QYhU(u}x;W!nP5s%w<^{z0oIngcFj`$~coC}e3yiK4A)g_a1$d6E88ErisQ z?+O;$sH7Xgk}bpcS3r!VL;%O@u5z>w-`!vYnPAuu$>-!-)vm;!4n*6$^Lpn^T4~&B>@0Zd%z!C4L_<}eyz0Z3JJ}s%wW1m*gXiLCK(S2JM z=Dx#hxDSDRv>5NKNaVR=ai@{J+9DrGpG4uUta=iLpnE}9)Cpf^S4HU^>4c({#V;wa z0d+q_#T3~Z2JzxDzhGC2kv7~EOOFu)Nm8e65K?(pj_3Azm290@u7BB0YB>8aYy+3T zNPWj-QB`b*o2Fhvm2qnM#NZf|g6|$WYv$8yloTuJg*{O?v5u-XMLMJ)A>4?vk7qFX zbts$}&D!nI>K}(i1{a}}=$eIkEbvrvdvJ)atPVT+5bccF~cCAT++;J77zw9TSiS(=m zx;H720fF|KRgqP-c3HL8>l{>tDclBfr&sZ7j7lPVc@OT2 zyEaf;KKLA!KRJn8XPR$4Bq||{vBeR9>SQbEjaV}OKw8toS+=#i%Bh&5EjK~-cxZ#~ z@vHam;*B+f#zH2dieIo!``H@X_g+qpI_a)#2*mZRePmgUu=vGIPcNs$blpaz1M^;M z#_WP8W*;^kkJNw4ZQT-3eWk^e8cQ3T*?9B4o92fFCC5)z4~3i*W!teB1?1gYd8mDb zT3uLohH19m;};5BcF;_{7)0IN3p6{T*F{>FW&3uZkYWyVz+v)uca8wQ7*e^MBQo89^^O z7))sXL&-eV{E(}Umf^0yh`M=Ih&AXPI!9xU$o-AiXW15r+o1yD{^aIeKJ=+_{-P=Y z=-;p(wh<9+drud{b5TcD+}VPD3Rc^8M=y#@>+x~3PPL&BAZIy{bS{*+G(@gnd;@E~ zjhG*We^{Z3#Es;L&N>eq&}~@7 z0*mk^PHv^A#g5(5ydS)e-1yLjzeY{M2Nj-LlZL{+FARWIv1?g~SkK`sh-+3%Y|x8n z=?N@IXza9j2kmAEOj2$;%OcJbz|3;J1}f#6Yz8C(vZ$5Oim)+o{vt(Yz(ms$ z#hwWCtY_E^Ayxo-8YW!Q_16FpFbxU-IB_JcQBx^kSa|$5ngFUbB)p=R3kRUFRSI{u zAx8jT+s76nw&BMzSdqQN#zw{GX#S!piFqI3rcA!+4Fn(PIhG3_kU$4|+FcGXkjW}X zAW<9ylblcvBJKuoJMue!qX__iKByECHDnk#0MmfDK(od-|Eo-|XUbIX>+|PWYhFMn zqO&u4pBVB(Uh%{;P8fJ88V)iiziwY6p+|G!Wda2hT@sDvhTVqi6U&cJzsw#iHWYcW z$Wtt2D4eaDWRrv-kEx5L{WO?`xCHo6CDG@0&NFxz1Zl;D>wNGh2Rl!M?Bey}TC0PX z2_c~iS(l1>i5c@XBTwBjy9!_0t_~EP!0^PogB}1TUjkTWt`{LOl*h!&QkPLc6Cz8G z-tU=|G?pXB8}_T7h!PLCf*fhONb~c7T?o70lhz!)2)ZlZZT5y z*2GAhfSday_{>P)n?X%&BT`Rx z(n!!Vprp$4($Sl2+9F${%Mli1T}rG@T`k3MCepp2^XJltl9n;rtBk-!cyhtV}A z48=dpV5W#t!XL|V$k1s?*;=5_pzBAP8{g+y*#B_PHlaM;(=$3Idp^le7Q1CT*I~%? z(nX>rfX)O(!~#iqnb{fSY0Q4zK8%WrIqXV|xJ&p@cCQbkaSG7{&?icUdJ_ZaZt)pZ zw&Yxw_LrrZ!&@D9-OGNpX>AzaGt`AwHXbIk?jK~uF(-J}feNREgb}pemnDA58|cC6+)`jhcXDpV-E}m%mdVqXVHrg*;hAqXQ4ak!&abW&#CzgC8zs8ETb)lrpl9%+T!L* z*~{!9jMCy@sobgO@KhDkEX19wNt6?euvR$u*lRnSEFx{p2QRfGNAOs zxlG_$!WyE}z;DGuEMoS(#%Azx1DnFwCXXkf;Pb@+_7Wf5A9ki319ZiY29HpcgL*HL zuc8^#eb7k?SzPdwBT4720}4a5)?;G5NkZlDI=&j+c}NFC)n>YZ=o3jt*3^#y3l7FZ z6K)1#1wNL(myBE*>~HbwKVuEA^&7I^!{(a3?FlN)sN}!K%U`h#=yi3-poIzvt+|Sq zIk)P6#zo2Da&w9WE`CA2jJfJB4CzvVg171KuI4%m9wj|m3Mycr+o3SYwR|4f9v-rd zgq(*OSPt$k1IEC?#FtnK1gd~Y-T48)vl}mu2%MQfxtB5Y4mk!+(WQlc^_Ks=HyRD< zZAj?IrSdNiMLd8%%h^lHKpZ9!Af(jb&%lFHG5rxuFGs&T1tGt4Sp!TW6zqTP46yY+ z=Z|Pwl-7raLj#2S|0`qne`gFhDFGIu|5++YG{JlSD)E(4igdvnHf2>FPf1D`-V&A3 zJjCg!2O^V>1=v6|^b?YbwBfFkR^hE6V8Q78U?T^XV%4d1OqYOF<4X%0rai>y@3zj& zW&*hlkj(wCy5e$#9Te8No@3pS$Dk$$RvCX`O9=Ig$VPk-udFMsc+&A!nErCfQh#AV zBp`(!_cdolAl`zI5X!U52`P{yv@1C=@Vs+5=_HY(wP$gQ!pNlyVo7td5GyWBAc|}~ z!_lu*7JwbJL0_rVay}P+sKg+rC5o%hK$JR353Z1pmD@*W4=%kVfNB=aE4=Nn3|6mM z5>~8oHRfivGr`hXL>nAyWZ=&keECykk&>~@eoJcbklE|?!``L4x9Y|=n`@rg3cvK^ z+eEV)9NQ%spH$K8)5X;C06lzJw>Yp`N-|fOp{5X@L0J6`gRO>bY($Qr3Jq<-@5V!e zNDT6l4>TGu3lZoO^m$=Jd?>%iXmR`brgaSu14vPLFy!3$E2GeIb{x{)V%$b8hw!$& zLzx6vDnZ5-2@hlZy#;O7Zm!|}Hx^gYlNh_Acn9GekiV5kvi7S;_Ho%GlIgP``WHL=ijLrAtr~}b{uCp58Rb;R+|Y>y)6s%a2j8vgV#WBc!BYED zt`+vO!n;--QWC*!MJcz16?fJfzt-(PPU7EWdlIoWy8CV)grZI;vTQV#h$!Sz(635{ zHukH$oG_}K3a-IN+7x|G$}WTKXgrH+0@jhzrkAKVUep|v^Cd5rq>h7^DbomgFxict z$B}pB1!RkaMlNocolzGl&cr#ZnK`=9euof^$Vr;(nz}D@;L36FyF=TABprvSv@HtVwlB`ns zyC_1lArn=4y0VQjDq?+7!ta~n@hR0AhiUzuTawl1IF!2HHiMCfz&b_ByQmAEXCQM* zD0Un)#FC1<+#n9_$WY+3Qvjc>WDzpIT&PZvK%pb-QI=!U>q-9WL z@ahH+WoLJ;6)5{*&Ra8YMj^NMUQ#(sRa#E$xPtjfmC34p@CTn0_XWbKKD!+DxbO`g zs9&(v;pJkSp!VT$u=zVyAeSq?^{01V#t@+)%xpqO@1;^cGe*~bZzLj$F9|A`F_tbO zg^PpH@6C&|>AvU0C!~yeK4U%q(q4^)JoxU$4}FJIwEhu&hu5mWxnX<)K>o`T%iDpf z%g91)eROlg`T>h`>8;RCMTK3;n2<#WUpkqYrjb`EM_?ohez!Km6JnJcTE;^#I}r^$(@`#cf6& z@}4!M?W^(19vV6&S7v%y-WI&#!+h>z%ZJxX$H*D?|rMS5f}cSN~U$eT6O@ zD#Xt2y_yCRo68KLALokG&K`H%>eHJnEjZVy2c<;utzGVn77_YJ93W@HyHrP5*YFzz zAtdevA&~T-pqlTxGl8VdEU6(thSB!oHHZR3Rs9}`91Xx(rdBM2B_3`yUw@{TdZRwJhs}5PIorz$1YC z3Q}ma$SyChtYG-)4H}C}jjDl*Z%vN@Jb44)2L@?jLKa5Z@<3$*gHSS5zt`ffxLIOB*C3-tM~X&aJloZ4F8`( z8MtO!$bDrL$-ttvRJt@4hN||5NkCjK93bCq)dI|5ouv}UQWGzqos$mD6()p|6GD+6 zL0E2IGr1B8Y}Y-80Vd}ML~uk`rIzovKE zri_&hQ4tQI_D`?SNUr=Crb&dT1BUu?8&aTir5$S=FR^1ZspX&HC)`B;o!0G(?7lq4 zE!6;sgXljcy|hg$lbqLGUNu1Tsf-8NDlUWS|I$iT?9r9^^z)TXS&<~#-JfFg2TZQx zh~*>LZn0>Q{FAk41u0p;3Vlj*;$OB<38B(|spOa4deu@^m;mWgB*C#OqJ+@T|I+4w zz+@za&#LjV-Q{flPc0Ot=yR?m-u$O`Tq<725K#O>jT7k%l7BHD<@=6d-a-jww*BnB zJO32|^Ql3K z1v>9~JbfPf;4*YFfq*c<+F|#VQ+DvxdINI{u}vvL3J)I@^?Gt(A+K%)qOkNHtO#j* z%`TA}MJ`rDMm_(BBu^UhauDsKhK)*dMK_wDSDt7S@83r@_#}7jmbPA^P(g+A@5a>$ zu^U|cI(<4DbmVB{>6J$a#mGW1>1ON3?l$jLxtCYGdtZAmbz;h6hQx=lvD8b{$tWhf zhfm_D&2X^R>l0`XH3d`449|dC2;+B~A#F3A|X9}Xtk z4Sjr{kKxANNNn8VDR^(TXRznc$$fF+RVV#=*~;2t&)4#)x4p>XMBPL9f1f+|8{#70 zn?{*Pvj8(210%*fr$N_b47--5p3l~7+vuVGyQhlv3l-}_Mq}lNQ7cuRp3@Db{NnK! zFXa-WZrnxIW|D++u6_AE^6A`qhu$m17cw#3$YByNPaMoBB9&c@2eS@aNSGY%`C3*H z+(xjUwS=tw`f_gf6XiBxk`{vMP4KGKcix%tdG?<0j`a|;H-;>WR!Hma_miD0k3CUp z_Sa6P*2;TCgfaZ#AO7=dwuPxNmBh>qW)VcIOZ)E0s7DG-JQry;4Q$ADn{*Y7hN6lw z{U#e@57_mtqFQG`z#mO$qBwfsVXsNIm! zyUX|&4y7DrKk1bVa+G)&^AHdKy9=hM{lHIkvC>$Ip3Z^_&sn}G2mN!Lm-QP-gxe?L zV3T(E3YOdX7hL&!SnoU!YH=Km&<&-W&SvEw{90pfZH!6(M9+mRQ#?%j`sMql>01Zr zsvrMJGXBV9R9B9Uk&^**Xs=sexNa3H$Iu#YCX&eo)hk4Db_w2NO_oe=s&s3 zAG2AuQY<1~1L4lX&|D3<3gEv2GrrM|A6Y<Un8aR>6 zRW_S*r`c`3ilmoJegEaY-E@;JJT0--D7j?u&KA)i^^d)zO|@_Yxlo9dL=O=7Z~kqH z^0jrw;ZusepgxL}MeheY8hK0aLb{L%p@f8#bSbQ}4Bsbfo~_cYFRaznhS82UfdYH` zTh~O%^&ki!OTyR4^82UB0+Wpi)ygLwiqKU(bqt?|EhJsI5M|iRI%(aff-pjm4KHVp z_04Ht=}_~E$FN+va8a!0HUGOD4(vsfRHr&8wYu7cEV$67%yGE#bl1DnpR$(vQUxAv z`A2_?S%HS%mpB!T8uG+avv=Bpmqk{)!`9b@MXOkZr2>z@Qk9PKAJpU<^StV+qG9vu z@YP%d$WILaGQDXaohr*n3-HoN*z{AkLb+ZB^RQrhL(|H+i5o+0FEF%Gn#=BN&pw1Q zHQI}i5I}KEnm~t(x5T8fb7*ucx;*s}Wb~{M#?OpIxx$~fws^w#fs8F&d-gR}@g~&q zC_)H2oFJC`kFb97u68B$6iOVt9CTztY~wv1P{J-EMJrs0(qfM}p*qxGH$J(HiP`^# z#FS+<65&qlyR?;u3anZCXH@Qu)u*k7Wd>q?%7m`*=X8IhPW`viYi=UlxXdjBu|q%^ z<->zsmCij;{)1UHe7k2p4konB!Y; zDdRHW#u%y}vtnlLF@XV-u+J+B!x3Wdx@*b3%ELALF|Sg;JYVRvA8uD*7=oT(4oFYT zi3I5HN@O9x*xsUZ?}4&}3s8WOKy%(hdo{}>;$%0|w`#P{*Dr35s{KqD zx%287X{|qg@*KKRvMgmA1oleU8$Wqh+-UN2yJNI{v~`)1w*zjSshZWM;8o^a1<3=F z#KfnN<(Td5&6W#UMv$*>e``zq(bit${#izgSOfX?Rtv|4=*5yl*YU|-W!V#Un3 z?}fB7=PefZegbo=2(*}FN+2N|-1Dj$ev6=XL<^&zuk;6fqZ2|8()qY$&i1r;{ZSd$&6a?@=2eW*@2dx=cKr}N-0WUq}QS15aUiZ8o5F zIS7|0Jie>)p*G!l-qCC8r@7G(87Ytw={KT2RNqpDOJ$9~87^@rEd zbh0+>qky4j5wx!a7c8w#jNdmMc)tHm{%H#K14f`4{Fr^n4F^cd=&LjzNK1-+4|y)f zO}W0uUsR-*iGIic;((%az?35nLOf~+dHpp7(wg_>a83r97k`+RI@Sg;P^>@th_MT| zN-s6~iHezW6L2nNjD80)nQGCs6 z%Iipe6d&Eplk>i~$}Q+8QTz0W0;=G8kN74{i#zzc#<_Qma{E7>T0`}>)3~A;mjPHCO+KF7U3uccbW*J5ia?p1A7-pCqt^D zHUUuZ+s+$0n*wv{P8^*#(fSpAXZw_cTQ#OWsS~2V<;Qz+H){_@r#r@&j%ZFaaK-VO zp7NcnYYrH0C`)5$aBm+9>NEcub$2NvhfMA;byA?m7`WcLX1()ahJ!9t2l5!`@U z(O@|H#L;6EK^G@bctA28|0Ah6dE@bL z*j`7=QRZooZ^L}O01F}IYPG;BGbbon#YYkXjAAKU zmY>y18IuqDj~@lB$2X&am0D4;AoCH-ZKDQ`sP!HxyNAjOidUNPxf=-MQSsL?)B#UV zpAJ(LC^>DzJp+L#u%T9oU}J~x$?4C%6Bc2)E z0V5OC>e$-g(&Mj(u-$+8B%tGB;W3FCvYEt8{$`HjX92xAZ_3J@82+Qft>%(0{-fy; zBF@LSTgd#wN2)-Sg!@mLFRlAlT+AI#Z;Gi9KbyrwGm^N7xc6Sgq>sWzg>H|13D zDOYi64qzEAX|Cb>5UMVXcZjg(xdAux*e-PfR)l}^%`Esi zVg@B*KlZ0bS6(VapMRV6IGr2(Ixthm2~7raWR)~o_)C|!uz4R)|2peFzf;;+vvmcp z=#i}c{Lk*jKEZ^A1N!s!A=62Hw83R6FA$)kp(a|93gIFW0?K!UCV{5lVV{sB zGbY&Zm#j{uD=g${X0x6UsF-W(#rVF`oqDO8&8iakOm{hIrI`KIZSB|cI5Kc-4X{Zf zH8agNG8MHn$3D~;HNvq+xoIj=tU~{OYjN0Gn0tT}I6XQyU$aSCP>ZhwyQ+ox=x`Nv z^>h$*&IVtrkbBl4VsK164(SRfBL2t$asDw;GGRenQl&nXTYrY)Z;!CGY|Y_lesaY3 zl}2*$5z!JYi3h7-MX5fv4EUB0>sIT`cj$3*Aw}xlL&ppGym_3)SurPOMOr0VkfTjJ z!m@gTC+6t9cw7xkeESkZnl!KRR{JD=xd9(A&pjDL36?GGBu*G%?Fy2nct9rXysTQ$3t-I6Ea?~t3;Vr+o;&8-VIl1-l^r*HJ5xhlMj=`AG7mvqJn5|T|qJt52V5EKA@orY<(xWndOHw7tE-| zYQd`R?jxIzgHf4fcf;B=oVL!}kYr_hw^r;#S5*nW5JHg*S&gAehH{0Ze12=q zT;rvddkuqKQr)fRsV|qR=%k2RUkK}hH#UBY^w)aBWK8Z+A`W&Hf!;lut|LL=Kl+J? zcaRU3PoV*=miDiHO+HWNUVi?I*_`tr+UspoJMUZ<)@<=g*zv6XT}pe2SsUSJL+YYa(r( zlJhWci}2lEpQrRK=#cMNXJNe>0K2B8@H@}4CM8C{d6vYhn?UHXp~)8ci}jLjrJ-cU znAI<=`4V;Hs}}9MSs0iDDeCp4!Lqq+tsNFQ<^kWDEJQMde};aUo@vUkpV0+Z>6

zT&$(r_B-LSAm{`Am`J9DKj!_1_h6~+K#w1iHKRRKY{@{{H z_u=py!kBQ7e~J;f?`sreOZ+ExRd;V#Ldq9K8VE%frPOfafk(=Ss_iF0q|rbZ~=a`KZ}~Kx3!y$oUgqLn-u73%-IP8@-oZ-LVLcdxBWBuw~#J zwbmn1e}bTE`CH;~0K{O*`X_vd9ehe>FoB~aLtl|OgEx}b;xaf-4S!wWSnn@7l2*aXiWo!i>ywMI1X7QtN&J4Tiz=Ldi1R0;O>nHv-;vk-D)e_M zzd-htJNGJO9A_Y zp@ag~j7gc_HF|jt60{Z1k1h{zE)Qu=K5AZ2qMMTo z;r0SQg%t#V*%$YwuTMz!Lt4WuJiWQe!@(M)8srXQ2cC;LD2Iw_h2VKta@>!gSodnLsVn?%;2W zMGz{wr$;ZSG{Go0g+T0=1BfE5E~@c64pG<9Qh*qLxGzx0tE(vt2<$VyeVjq&_p0RCY&Ik z1){kn18}g0fzhu9oE@$KSEn@8z#+GQQ)=L_@v0SYrsf0u0T*}PJep(v0>G|aQh&YQ zDbVZ>z8Z@JgAfW+13v|>U*-Wf;*c>^&6q$ue-MNPL|*vjriQ?Vss8Hw1^7w&FJ}HW z3~-I?PbxS?lo&Y7$Pgrl_yZ7ZNg!E&4V+Lh5d7k|fD5=7LGY_3hU8od`Y!<> zZxCPpE0aHgYn)2IYAH2D{$Hr$H$GL(1WFwKQYB%?_RhbL2??OO5Y$kXoLjv-;JsEn zVF--pH|9Ui%>TyyZ|eVTy#J~fEMyyQ;E?zam0YEqNL-pl_L;`Gtn6?4HGz_rZFFoatL9Erf3UE2VC1jqUT^0zPXUEBMz%^yyE)sgvH zPZFJ?AkvE%xj4b=nU6LO9D14^SEB(_0T}BKSGX*_vJ8#oWmE#9+!gi9DERkAz}(L8 z0n`tW{Uvv7>hZ*p|6$2Y`@)AGn-%_tEfsUw{Njwk%aW!68%3sK5v+XV(DMV$nDfz4 zXDqZ;;mp%HM0&G2^n7mFdDX7qHf-;6=1?IaL^l;c`?#CAkR}cT4D9(Vxk9rTtMbE}L1Lp5)oOXx?5e4rj zRh%(Iw_ez=#Tp#%AI%^0o3=@`0B+S7_3Yfs<*Y2m!Yu6BnW4*BQ-#HgSm-Xl%UJ>^ zwX*FzrdarVt9UB?nFG1l33F~}cL8P8e5-V7tO;%7o&&vn*|W56p6Hdn85%*$pU`ee zpI+VX$5e6j5BFkRroLDk`u^}CzqlR$af#~t>l}yN`ez&b8{51c_46~lydSgjo-KLp z%+LwC|K#}DpKkW(q}yvglUkZ|mT|``t~h3!Nv=MsH@cD!nzW1#`}|4!_sEea7Q(c zHrEtHws)Q(^TYj&O`~?uWbVhn_B>5%Yr^vU&i0Q3@*&yx#25I?L%6Mx>pvY0eId&g z-%Y8d6HT4X$yV>rM6`wz+JprV1mF}k9=`~5ZvwOZMA4A?fl_cc)?~N(xI`{4zES&4Y_{=c3 zvw8>dUbcmbsytu`o#r8Khg@v?V=^Q#vnwJn)vve4(dy7L#Eg`=#25bd*YMSEtYi% zw7cncss(s+-g@a58|jNrAC)CmSM$CCHk!!6%P@V(hqEU24B}2qT40Vfl=)^hnxe!y z3c>P3@L+e#%9f$g?M$y;CE(gQ_8|e~GM$%*v&+$UJVli}yg8ShJR}q5Xi@t5j-*ro z4cEayi;0=_%9v>>tj96yRmUT#)Fq;1l!xINKQdr;5LP@2x6}`!^ae3OIX+?l5$#Kx z{T$xc_X3I>OTRHS8@c09l`U3=#+tKaQJuKAWBY#GYlKki)Y!5ehc?Efj zi(*_PGwH={UBX~$UMSVqB;9#2Gugy+3mCzc^jmj{n3T!|zc&uCCfu0_kmIylG76BT z`}7{s-`j=~6{(dynA>Tb=l_<7^zO%qUvuUUy|aNWX+IDv-jC*mnqEhK{S-F9kjD)f z(o3<}#vtEA8jlS)rWGe;FBCp#j85URvUk)NKQu^}M@U=LxJct?QmSFS%*@|Wmup}# zC-IUWzC&iO5O@~H1G2lR!q1WbSuPcZa7iVEw%u2g0aH4k?~IVn%nP2xHkrk<9pym^ znm5Cc!J62GJ2M622h-;H2ut zWE=7`deZsW#n+kB|L{56H+3Ych|O=V>x?QDAD4tG4@&nb*+SWk->&#;nZH>0LOC=~ z8$M+xT8?bluM(Zz!nQi_4Vvv%7eU7k(kO;-uxlzLAP1mSS-zkjq_A&TZ-(#))|j9e zr8~rCpX8ocn?bPJA@pIZ zu~}V^718;!8KEaXoqa8c$sAtAyZ!@d_lSlPueO}KpDRBdHE#uDeecD$S#+F9dbEPn zfP6Q?!E&KfKjS4msNC#a^iG~4v0%gojR*}`F0nH+Lx!UMu`i{HT~rKSNJcj#i_oXE z8V!SyqcdENhDPBS3qO8Ai`^Q%N)tm@BtW2kVZ>GAiz`|H=UwdIShOe+(vGl zqdEAVUT~skA9^@__u25<`W`{HNalt^eivg|p=0q}Iw=9Uv) zbX6U}m+|DM^6+RQp3n(34X#y^0X{j-6kTxc4F0pvTQ`Tdn7la^(41j8L2z)bsu71D zVOxj!krWjr<+Huc!Bh9Z7i`7|r^leuQ!AWR7vIy2YAY{7_#M+{OZLN; zlllMY=G@XEn36J4q*aD7onV?VFw?2rRBnp<>a#uD->_fL=RD_po^$y;@7Fo!bKszA z3JmS*du%h+c~4mE{TY{T=ezCxS+vG#uIZ_w4tNPzAV2=Y#R6Ga;K>^zc6?3s&Fe{L8zzIn*G}Ze|4zHh1`(MhK=xZcBK+#kCUR9h-_SJXr@|obZ7wI?%(=(Rh?0z8$_f`LL+HdWNCv- z@fm~))apr)SBDpG2M2#464kn4ftTx@=9B0c94q0a6vy-xIuq&b0m!l?52}WQtQ|*IgqmNcFNx(hafxV0CgsQBl6xhNE zSizgaSIX`=oIF#>zxuR)MXA$LrFeTjWXTO^jez*7``P??Cs^ifn&(qv*@Jez_OwyK zNY5oAzYUIf85Q`LAd-^Vu#ySRF0N#9()dLBetHVRk(nIjekgDg>Q*=XQ}L;-hkad{ zXYWkrB{}XAgYLdz`k@L>3fQ`ObxpK&^m%n(=<>jVJ#P=y2-F+9n;6lVDY2B)G8vz3 zOMaFl!&hOfAZAE^Nw0HdKuY~!q59fl7*5Qb+NrFouN$VVgm(yb`0ZtNn_s@gk0KgU zS(`jv>OhcVZ}o;mkXJeDFPuHXn&%ZyKWNR?KB^faiq0I=ALXle!ICO}lLbNpe|^2; z{9t458)nXj$}g=OK1S{xmro@R2B9vjYYE6uulbP+ep=;~4+PrXncKN3StEd#Pq2b1 zQP$GX-OLIZ@C@q&bBR~bqYdU8DKEDup-It(KUovCOm3&Fr`=0XXOf!KO&ctg)d+R74b<2F_}7vUYDr*JfG5eI@CFpSN! zBY7Z8R}1WsM_zlV;`6xS3r$f`^hdx{qS;q}&E}t_CH$y_gh7GnU9E&Fda6#=IWea% zPddNM5qu`SK_ z2Ac+8A7L-~`*iWj{b!pS{N)&63j}AX+nVmjY9qxo zDMIoj`_{gy2^8_&PGdsZKzPeo3y_X+!fHSCJdmWYsyhdj>qM_y-}R3euuo4c=iTcG zb~XI`Jw5WX7jb3ijhE*e(o&9_jan6Ll}g0p{uFZBUKvh3DC}EBBrnC#fz$HLk@|ih z_WrG-W$_(+X`j z!5G3X0CIw2iWd1OOBc3CPLw}1zAUwdkisBpd%{Ofx3-0T8Tf`8R#y@6_(yD`0_z?)C zuT-(Vc(jLv6wNBn(KRD&_AIVl+e!%s%W`6hnSL>_kzRXQVw?BE+v{b^FeO5UdmP#z zFlowtb^>R0qtdl_+^|Vb`Gew*Cy&0+QP4#JTiRffgL`_F(Xz~ve(6_VyS2xzbV3sZ4>g~aLX-8jb%ogs#lOOGxC1(RiCYE+h$ui^W#l- r=;^t0vk4f0g{1G{q=%1M7VOw|dC`$c>aT&HPM6_h_D47FKA!g%l__CC literal 0 HcmV?d00001 diff --git a/content/v3/authorization/design2.png b/content/v3/authorization/design2.png new file mode 100644 index 0000000000000000000000000000000000000000..8c0009c8ea5f6608a81bbae1fdc96d5f9289a223 GIT binary patch literal 8977 zcmb7p1z1$yyY2uE2t!B>f|L>>jC6N8AQIAplr(~LNVkY|BaKLRBaMKB(%muS&`9Um z_`B!-zvrBLpXc6ro|(1xTI+qkcYW(y-`cZwu(Bc?4~GH=1Onm7$x5q$K$sBVdiFjB z@auZ@wiPJQ98}lRXo5!R9)h^(K_Us$a1M~BFi10d!9o^fU5<291Nk+s z2kU`iI#G${psfC#TnAA3*nYJKsBz}7{UfMr>1Z$lG_-ayy>&L12tw{(Y<~r9A736{ zTmwdLZ*LW9bMyeEtd1&*s-OoCh-qn`u(7iXi;KThR@O2wFtfFF_VEdfh=@;5&nqph zYiap4FfhBYu)DX{hY^bnAhB&_5e^^_8R6X*t(WnS7zp&(R!&+%?StOV9G?D2_cW%h zo{pWwkY`5;6AR1duhkfFPbwz;N#*4&x=(L;2Y!pV4AUzNS1FiIuUy>r`_@zyWpg<& z{D~+1UoQNADST2yW<^N8Hn-&OiFlW^V1UE}h4Vu$+S;NXxTEGBUT4A4KpB$bTYmlb zc(<0nTxm!_K_ImO;_^}(Vd9`emI@Fk!!K>C`LW!nrUrh%x8cR9%m+c$POg@!qt2V< zeb@DFp=p=4rL5ua4&kVNuJZyZClxdh=$D1mhUgOo-Yu-^zPLCMyQ()rL_wUmyfRJA z4X4s+e4{Rw4R8`Ff~`Y~%jL)l1Ep(mG5kB2(x;30KX}c#m!ICnq94L5d>2S0uWg%l zJ!8ZKGOj+n$c1pyQTGa6w#lM_d>B*<3&S(BM8>{4Ku5uInIFAleiCZ%;vf6o`cCS& zGKHVjcpN?s6S#~(1GU<_ebspQsa`C?T#E0uerbUO>!QE6y)Vgad9Bx>T%KU?o?50N z$u}uM8xY86wfbf|^1_V?a zljnXB!Fjt;S1cH7{z3U~KRoKE^O|CU!vkQz{IT?XZIv25V)$W0zu$g}iYS}%R?LLO zwic$8t>QBgm#h*!z+LikH5<$Oi{hW^ld!6up^Pm1m>}k^Q`Xn!`X*>|Q^Zaegd#3V z8-FkXr7x?@cx?C|N8E04vuB)UC==L1i>$UGc4}|DUl@Vi2ym#SG~AWX-1UGMsowtl z)C0&81#6jUs#SWWMxTH%sK8gl8cJ(k24+`n#BJw+)V+TNV43v0DkCVeE2q3U1phV2 z$K-TdT#&@+xNpYalcK7F2pIChh6<&sY6CYqNF19M0vZl1^)B7tB{DKaS%S6h`@%ld zxzM97DoU^nJxf{l2J7Y0o)_1y6^OhRD$lDv=Kk%&?K3<>dfeUlISQ;SngyF&>?2iA z_NK+(sv^v4Z1Q5FDcylo6I|vfyPO0}o6FpMDE-(pm3f4MyGQw_eS?9t^s-?5U#Xyc z=E=@qz=vCcx>?mPgerg89CjtUZOyG8JvkzjAQdKbKlJv1OF_lY&k*|oY(J}VwcVRv z5|f_mI`!FjEi;M*_Xh$B!0(zC8JS5qDuGo@Rw!GRZ0arL4?WV&t%_GnZ++XgC*$4+Y@#=_S2 zgWAm4qoGY0f58Ywy(k(CTMU9fn&(rMOMTy@t%QPJG+GP}6+g~nnJg7vAzoe_W3l9} zsbS3%JH{TvO$Co;R!P*N#lN712uHytF(*wt1C4n1n}4 z8q&I+LkRI}xjgDJoh#UV-GFD2;KRD0&%9J;w2%x#-lNfAvm*ulwrGOrI;^-tv@V}h z@EAsXSUPyXPn7{3v4}^exLf$0k+Htpn(;25Jk%RG;R`VR^w)MLhoY zf0PpVM$gM#BA78NKrc;V!Btp+R`X-c#BDHTNN8tsl3^c4HxcRSv1ijEZbsF~_1h{s zS4-~H`v?$7nVcX{7=74zY~z4B_2CDHmr=k*roOK;@I-}obc5r4fAv#TH#*1%wTMj` z@FK#ZC77ZU1f;tEpAWO~@eoEc7-Xjm&)BBEzFrE6oWBmMz<+?{bg$Run3U9hhbGq1 zhiQ~B&!<@YnP$zo9cXZSJgT~jZQkQ*)|^|k#rw}8huHnd+EiH%vSqd#Y!DOgR`>Ks zMA&6y?QNGBdiRLFQ75GtCP)Gb)Njc?FfYAbOvhMRm3YNLhJKw1qIP$pe~cYFaYf>j za@Ectw5@;h45U>^7a``*PLq2On+}c)g6ouJ*&2c}5QTI-Pr($5crW|6Q+!*#>%g0q z(=pUivjrOa5HPZA98r9S3^jD?2%(x~Jb*qYZnkJe8W#O5|$obem-s zL(5pMdlAY~5pMh$J%v0rHcSA6piV8qy<-5B$1CKt!lQXDH-GpiQ@ZFkxhw^g*f1m= zP5HeBsvA;r7V~xvu{rsLtE@NMjgpZFjfof4O+&2h?}Mq48W&P5fYFWav`z>9))URgv^l(Sor1>cav}f0 z(*>_X-H*Z942E|7;=`>EKZc`mBb`>1O7>p2D4w-=ICn*uKjdJ-D|EoTSzRXmc>M_^ zoU_#}U$RSB`*eA0py4vvM$%(FsEY4OP|MkQ9k-)D?Z$5e9Tc%C7|q^r)xiIK_0jT2 z>oUw1{P@&W0gM@)8h__AGi8`g={teMVmdipY00Zxn_27wsRcvtLzcJS5$Rm)qTC;S zjficV3Rd4%h0`CAFQj4H4Du&|+0Nq1W~0||BWH*Yl5O6}{3f4VTJCFJENTS-eEEq* zbi@-Bb1y1Ek6y=04r6CJGe1Encc=Km+d`Zg+ZCld+m8$4!`cKn%SX=O#*K?NTrEWL z+CNgz6udTuU`(d{ttTv=$?Aaob!lKXy8l7V`3OamdDQ;Tdl{IFYMt+qQ{Wwlk2n ztuKGSE7J4orIxA1*6-$!$^|6CM*!m&-bA6FW4>7!-&2m)J}@T#SfdX8gZu>7V#@ba>`nh?<#hbUM9l2FCFyfrd>~c zF*_%Nyl;M1Ab%{nsmpg;QOSKVxseJDBW2~+dgHepP*!~eA;f$#Nd*b zgbF-5tvhP2v5XKRZLFIPaP)Sro)6His-!e*J&6b-Lg!O zoavpEnfya01t|S*@ zHOsE`f>Y_nM{e6WNb{GFVPlEj@~@m}VAVeIPshRXHqQJU-7?F9l{AtmbG>XHF8AD( z5QYumulS{L-@S5e1w67_qFXz$+5MtL!9|Gk{)K1IUT+ZA(f)zmFBvGk>_UuzFl234 zYJT~L5T4E^j3C%u>H3USY^4s?`hvuHvXoBg`@L7Z@6$PIRb990{c|q7mg*8v$y>_) z-mCSf-{Pidp1E*JV~NHy0gSW*SmGtl=1BSt&H-BsbS=tjnI-`|>F_%ooJWUn56%(g zU2$eMd+#FqI%E1G^U7`K7~5&i^1OQQq!A0VU9^H$BFX`C`IQiJj>po(58>ek3}gk! zzsngWNhQ~WU%!VO)%`iExN6m{D>Yp9R5f#buEo~<&~oAZh|8FaV<1dcWhKRzU$rmp zk3lB_KN9@QkPy|a9q-?s|ztLR8?4>Ew;+Z=Yb-s-D;H2Yp01EY`Pg)$rxZ^4@A*yn4&8?6T38 z68j8-lfw1DD857)CfYA^L7m<07g)~ZWISBWsyD!y8#$Bj;WR6{aLCn5`SMM=Ig@n(H_9sj?^C5e8=aHxML!lbOx2SGpReR7+E6ut^XJ&m(BLwY8MzO}j zx^@TGH$1lhatF|Cfs+iFy!bM5j|F!v!K?qy$Ep3F!3A`|xtL*mT&FNBV=y2xpD zP)Y5NQmV9+D*+-hCrApDBFfjRrYd2Qa%I`?o4 zH84xXKz93#&u(C>J)Enl>E9|}w05zF>v zE?ntUWPGxeRga+xc+qTr(teGcd={Um^4 zr15=Hk${XNQUBe1moeH$h!vA7)si!_O`qtF0^eZQc!7-5oR{|^>iuWOKWuyXjat89 z`vdnVMUIy09c`$u$kJtQ958=cIpn8O*W@PaqvlmP5bUS(s_g#J6NG@bCw2wid48D~ zP;}R5@DvHnNcI*T*XxEobi%Q_k2_kM<3`;0!q5%ik=q4$uKKd$Uuj$1hPM#oK3r)% z`WH_xT>@;wo-BboBk$dJd_1adht#E_IT-+_-VERZK3i`nhT3K?E`S`^n@&l7XRJ5{ z0Ew^rF@&|j*K$Xvpg2|=<5)bI7x5ndIwcYRwsSoanc|zLthte(ED&B!Od;KV;wZr0 zaEIOgPb{U&hLT70+r_$Q)GSIF`aAS?IpmpRSh!0}jqa3dC*OTcTzdoOy=RFMQ(O0I zRac{=pmqMH1Ns8bvodBj1>aGR25y~PT_5Lkc^`C=Fi({-#{U^)qQJyGG;sVcsH3EJ z!6~9x=9>~LP+iZRm#L3&--l9>u~u!4pLEz$i|Vc|pgC}S|1aW34GtLCxb`msr>lNv z$W>-hzCnV)IDMbBQnmWq3$57=A|Vd$N^P)SJ$PLzb3{tTVqI>6qRVV}y^F`v0Chd( zZ+@#*?}I>+X~(Vhj`!0pKMD`*M3Qw9XWVg2l`jN;07-o%4y+IqFB{PhaqF6J>uY1U zHUQ>IUpCY4npsMKU}yN4;1-$~li!qUfSFxNH>;?y#LV8sxbae<{RlrR<{K-_awzjO zg~j7fFZ!7L=t&nON$Pwf4j=8d{#tdp<{UJM3K<2+W-YzOnxQ>!$x9T7k zm2qG%q20Xtc(_$}d4Aa48h=(IcVyzy{8hy5a=DfM1IFQMf$u4BL8bEv`qouzPOgem zl8!_z*^pv73GjGAm44rjn)AA~%SH$HM?o;7i9`YA$yE;*Bndx^P$zF`nfiU<=r&0u zR_AzwAuqr8vCU7yLRn4oczbFTu0oRr{PkYRH(cPsh@(dIo69DdHrx-Vm~H0SUi3`< zcFA1L70m)Ru)mUgyj?b`nJ0BB57Cq~miJd4SSx(BDqOYAxtgv&+rUz|46M!cB17~Ny^{6~MF74*4OiSB zWi#{Tmq||+bc0EOr1=yd@uJv(Zq2?a=)3lzT-3o9zR2-csXVNYB_tzJQA2{(J)s-jl{meA4)EjQtzw#s-PZ5B zxWpxyl+`+j46#eeN?LgeX){SPruEGJ!2sWK!v)>%q;-JxB`QXuk&FyMBIAtaeZ!5( zzt%-aG2E8afm0UICrQSmsxGXKI8~c4KNt6`Tq1IkL-CfZ+_jA_$rqvGp6>-?(K!i? zb2i$vlX_y>I8A&{r^r&k#3PGnVqqSU1jf(SZ(4MN8#LfUd-$~Q8*8Zp3*}c-*qkc* zS7986^9;4B2%h}62?{(;lN}~#+4qWnqYla>7n;67^pH_SPhRkfl-%$iOE4nh!bgT4BrDmdh*|YA9*jXq`0~Yl4fBvP{-E6-s zxq&8tM-5bG`h7ELMs^z0!5)jHI#og9la(c2#t2KGeK^^z9i&r}5n)FV3j2bbr8As9pH8711B=<^mYp4>`c z%dwk4tKbe-o9L}>NoIVHAwL{m!V!a%7sd6Vgx9gMQ0cW;XfjxLx2)cF!;1bn#8H1d z^o)(#=u%Yz5y^o4B-wf>*eb_9t(vPU&jl+ot2maPsWJQ>skVL%ag0GP?EdzkYqs_o z%LK4SD777E-*{4sqOY_JXj}BTn1m-L}GY*=M z34>`NzD&mP$HZ1paW_9zp3bz_H09G_e@1# z^S5h8!BH*!!X{xUM60{9vizfN^yw16?u7igc{j2{Tq)5lotqkHI@N{C*60r=Da>V~&!K^>13#}xmZePtmQXN1pWhw?Z(7vcrBoR) z<&tsgmJfdp9I}Sau5S8%bzRX;s{D(K_3I_2Ol3xP`rsoyw{;;-(a~1F<|;g!k|?y> zPBKMvtygKf7bAiYeC4M4_piTv}<0O6vh@TRmr%WbuHN(`vG4V+^~s6Htctk6ZJ zGt?TG0Opp{sMpB7=k|dPaudRqvX}{>`ECqb_kBJmWO}std z_c`f5(9u2f#erw<1>dc{c?FeS7je4Ds5E#$`Gh?QEYrt2wCYyH`CP4EENalH5#H&x z9s^sQimz&;w=CDJ#dRG}0+00S{~bd9!jO6K7wQ+|2=OdXRl^H+S>nK?5~PW53rmb4 zD+DK1x1y<%n5ih!zJwq^G6pFb#DCu}rKo9jfTs`c#raV4gifGJn&6b|? zJ=*uO6-W}DyV&))A${NU7}G?;z$MHfm6Y3G%}hd`E!!HO@|<23Vc_W8qqa(U81)Rt z*0hYNR}&D_Tfh@5F-X&`A-wgfSF7TDwYW52y>H|QF&Nu3s+zFvV(#|9M8ei3tVF1B z*U^;)?=)#VNnj4YxRN&x{Lw6d76SXwN3%h1bAE21zFL{FHylq?jHXnc9yLKw%Ic}a zcgW=l?XGEBud8UASZ9g_XU_3V&r_2eu0@`}RNR&Kd!nLX>>>^K5C-#*8~&&5^_4Qp z$FK}V2NSFHkDF&k6%IFP4=as*$$>{v--9WJZgk{L;yyVRcNxkGO-%&Sf9{4+z?0jb z>b&5D<>=wDnqg(^cM^2|IU0jxpb)glADVWUwhF9|A0LzH)`dIFHLb8j>lQ?fueDMY zSUZi?x#*ZpZo1NSw!tFbi|*|)ri<;@F9}uM3)OJI6L7|v&K-RS{0aE=bDPN6*COKF zKeYbRj=5vg+r=Z{ZQmEqxB4kRfcFr?H`~E+<-+CYBKD0YkPq}JrxpiVzv_5}~M~6B77-CE}mpO)3 zU~!7+g>~4iuhg{8g)S(xKkSQ{(ysaSV4SS(0w!6yy^QqUE2*~)oyXS(m{ogIgI~sj zolSwz!FBJUG3+3C>{Yl|D|rPc_%Oe})kpZ18^GBzSb!TY&HA^LHUAdSh9axv= z-Jo62MOVT5iApY!`3v;j_rn~^UEp*c+$JvH8k}HX;tivhuS;NM+;>x{^&@3T)h@>- z#g$LXUmt56IJ2Lq=t)2()f5JSzo|o)SSQLVKfOikCk3B?k zk97JTtH}3lJne72-H8DXAEN8=Mre5)!HL^Drj9n?e+alv0 zfv~QWzvFw)cN}xGyg>KXr_E>v2+2k>p1o1V8BbRwHr|IOzO^Od^FR{VSU2rKpZAx< zll${JmDc-f^PnqXyWxS@IU`cj?|C;mOOogO0jodIZ+JU;L2}mPmbnA*&9(a< zPX-st8ee%MlSB2fYk*W{ei|eUijoPgptW%BAz*!vl=|%2$0`AsABTUFA$w@BJ;`hA z3w}S*BN!~p{2EH%$NIXdt7Ui3rvE2C^v}D;z?d0!Ub#3gE0Fxrq~+RHG<#HGuoTAx zi4KRhc&|>aagzLqdHILpwKTw4hPGt>=!unVm2D&#QVP8DiFq!4)&WA4r9?9lq`M}o z{~9H*QM-u#s|~6bT;Wsb`I+k=&W6KlwGpsXe9%Sa9gOXhk&dgKDd_5jd>XK(Z z_$*UfuK^f>m(cR(GL{VwxG z^aKdV=^pOO6kYpVvxI;InxzY{{LVA)Pcd&(r=9>d{fq8&*3w$C5w69s-Ww%k?-}1F zigkEIwDth*(ZN|6=p%^EIQ3UcyLS8roCJ0s=+rxW*GcH^wC=yu$P<}C$|gSf$@mJQ zn@)YX6Y>jLg@^sb@GKiNQrby=L{j8Qc|MQoq`MlgEWYQG=qdR zC@@lI&3!-5bM`*}bI#tMz2EE?_X}OKKCHObwbr_>@9!HcMqgKxoP?PK2M34zzLwe} z92`7P;P(L0P2m5LpM7tD1+M2KO%auzp)w9mZ6fIflmJ*KcGG$W?7_2% z{f8TFL%@oIqc(M4P1(@TVmFVl#jqE1je?UK-rIVpuO=8SP-JXiBLwy_7=J%*Y*Pfj zqTYE=Rhwx=E6Gg7G9!PJj^%wQ*Frcg0Y1KRZx!a;|N8XPXwB@Wolm~Lv-Rhf3Zn{T zquCPn1HOydvi7g9uXI2vM4XYJm^B7EZD6TFlzfk89lPYDjz{KVmulh3Sv1&y41>=KUu*od9{YOAaOF>M*bwmy=_(s{nuUem|y6e;EW zJ(65{e(WR!^CPn``0@{Q!F#&0#roUDK@TPL>H<^fj_&he3!aK}?Yfj2%9cPOlw}SH zn-BX~VDBF0L^n>El&=oWcL({cyLMvuUN($t6zb;5(P>5sxCCDuYHGJ1uMd+hg)KA(w7e64ubw{l|fe!QBAH9TS zc6FCY{(ZQI{qPm!ajnIXkY%Sr#{q&A+MmR^QkrQ&QvK=V4V{{>NdpmZR+4MXXoyal z!DrhWQHyo9g9y5(W>j)MI}X#|N;rB7)Z^%*x+4f-nz#IU<^%RWt+a0Blcw@LtUG9Q zUFtMa0n-qDC#K-iXm8Q*o{$UE*{vM|bzA!@eK(P*>cc24lf_x%5l8)3C z{y*pjJ?C7zKE;fwsG?JAhO@xjFPmoV_(IY4yca;X+xh+cP$s10sBc8D>Nb=GZsHkv zijp8U*h_nzRUGQE;(;LM&zf_p{#21vO7JjD;|{wvTcxAP*3S8AoG1brLsQA2L6&e! z@w*zwwjr(Sr{6|?t1vq>>Y>F(qp-#L-q0{Z$}GDd?5VZo^ju7{zLX zxtXl?ho3xkQR0WK(4p}=t@AYk=DTZm7@n;~8C9ChHh%EWzIg4%lL$5MdG&kNz973m z#9F`!T=q5&k~E6NsD;gU zew>6u$bi;^6=k61F)!?6@fLVPE{)zl%#-^@a+}1>WYH@}Ur@i_XLGFk!a5I;G9}6t zLlPBW=`(BVqer5*r`>%&Zo1u5z~Mur0Ii^a;3SpDnX0nhj2ltgL#bJ$+PqDoqTR~# zJOslwM+QQEzvFA02hrTlY<;B%mkuT5q6RbCItsb&P^2*;Lt1BwnD6)>kLTS{6H!(e zZ{hspT0bns7YuSL@jL?ihfC&(h%Wgq1!aUdOmb9#gz`1}zeD zcOMa{EghHhZsT;5lOvqkVnj1(m2yBs7vTmHJ-9mGH*FC-ozYa_p1DcE>aZW?5$*Rj zca1fXol|X3kR?E7l^7*MN1{c-hEGetzi`|511m`pV^eDeUX|y@$V%E{U1H$%t7()8 zIN5O|Sk#r@eNHe3V-IFLSq#{Bo4C*a4EM{K0*S22c)(t3*|Vjl8SA*3Z$_rJcj=?T zv+&N~+zDcL@V9A;B4f_kgU?p%Z1GLDXpexWy*+QPOpo0O^HuI9i7Vm~1-TmEdsw(o ztV!t^$)9k8GnQ&X(LYoJW}2cXYQt29i&WyjD|%!4>!z|!vfjypujQcj8uaLhLVm|e zh3Bz_1|yr-n6iMR{jYPdjs^&@iS6XLjrKDlw9dyYO|5)-c2fBCJ#gL?$dC^FRg zT0Srcr&aq_oT&5y6Dgw1tenpf+7VA6Y;Mt)qMli_ku%w$ql6%dKEMD2nG?CdkJ4b_} z&Bw0oyHYeo#+=W@MKU>ALx7tjL{YOo4pPH^^p0a*;HjTRh{$SOfPSZb0*7Qwy`i?! zhG!*&bo9rML=aa<+QZ$4oN8eYRy0Y|@uI7UNj&&i_5D!#SsoNod{G<(l9fgzpK)*8 zG!DCe$`|Y=62(ZsQW-!pzFpNm(xyity9S!mTiGS>^M1Pw`8B56lm67gF<5*#pzHFa z{$SZs=rgF?E5?em#PqZ%PDK394Ukf^7D=+9Ru>#RA-<4eJoKduF5kw)^y+hGmW(KO zZ2#jqmv-mP>1xZCv(>m^>OMx9kuQ9r+*Kc6oauMYzuK-$&j_qA1IC#87(IN(Q{0Pt zGPSQ&^;?s;$y@~aAz$J02cK{B+?_VFp%;&&C)de^uw$00dzpQ^2^b=QNok7D$bjAr zl20>u`BpgsF)Y3G(mJD${Rg8h&vbi;%v7PAt>(i)IZm}}?_UnCqHwPU!WIZJbt*a#33&G8I?8fhkiXZ@y-ef87ZqNE7j)hG0w_y zY5UTbHfF25o&TWw4ikx8n`zdr25v5i3K`^+2h>dWbZ?=OU|5Eg&$VVv<`m6ZtpKWs z|6=3z8yH_*2_$U(yeE>0#_0_qd3u}R;;o9+OHeBJM3g4nIzm#f?Hx<%g^q>YjsPaB zqxEA)d?>f;)zbB4!D|~{%bLVKYX2V@rY_(WH4E+G!8N7|$2D#tH?lClqc8kV>u#oW z)x1mHpvsfv`eJE3C7=p2jxR0N#DVs@+pQh7f)Mpv?{Z9LzAT-oH}kI8WD#Vjz_tE4{PCJ zO@q!S@}+_7Bm{|s2j+NZnDr>Z_kYySQ)R@bs``zS4}NNaOoQw$Y`5mlNY94-Z{14p z6rH+c9YKXzj=FbADN*d`ed4322XURIrDu5xnB}&N9lp29@fJ;cbc$&b{c653*Qv9B zYN{?v*_)pX(*3yfB#*SV;6sVLCES`Iy&2v2$_hz5#yhUS4 znM-5IPIJywfWGPr#wb;U8K30`ojjv)GCr&wgPI?EKCX6Ob%vmz@?S9@u1YOfXbMt) z7J#^#(@KGQ1zw_BJSprL$}8OTo|toh@ZSYWu`=1;HH=+)hAh*b+Qisd?nRNfG7ot= zana-#f%TbT9bVtV5?o-WWEWl2CGc}G$mU3i9>6ycF%(=sizHkEua-u{c-c%>_wL6kO( zlHG+}{F`s3N8A8@GOZyW+@tsb7}bR**z#<{>Boy%xOF5?eD8ZK?l*qyc6|30-F&OM zZMYT*aDvuaVAE-&Y?Nisfhj%Re9;U?&=Emku&Uahz~wMPL$?jwbYd>S_d1{-8b*RS zL-+U&N^{M?tujHeh_~X(Ratq!g}A)W=K8DDv-;mD^|-1_^k?FFm zP5zd6q71oB-y1ve0;;bNSMs*u4XZeD@k@M~jX|)Cb+*n0H$WKCd)~#k*(ffvonXfGVzLL~c8)#WU<_wZ*3~VDQ)P3cduk zmzsA|m4|I>!DVwpbmjfx;FF z;9S!$&K-w+CuF&)dw*UEGJ{cR7Y-&c0@{(Y~*rdFjR@MP8=`sddcbfV<` zN(7}6Q98jCOhwMA52c8Q-`p+tdYB{Ch@Paf(0kr)X5JDwU>Bp>A#Bzn76^>I z=@iLv{i^3~xh>t+)1}&(HNY4h4WM+BT>sOTe6cD+?xKG>&wp*%T>b#c=9=@0JqF$v z6klRb&xZtC)jk7%?S&e|$aYNwf2oeobi2sA<-eBPWZsWG5#-+|Lf$ox0?^>oEIIEN zn*iXR0WkOw9_+m*&vG4i#&dWJP;ZGT0Pq{SGgDiLEi{04q*>(WWP@3nU{0pUQ)XTG zn|on>Gc4@Shy18pC)_&p7Ry5(sqiq2mi<+X|Niz=6_}MD-m^(oRVWvEujHOf1!I%* zs*x!zrz_t8D35%pecDo6-OBfC#lIfEq7}~<%y@qw+Hs)5B9Hi_oUY<=_%ZqyVy0kF zq+Mv6vf79toj5AYH}>}?fC1~k9ye~1)jZ3N-I!N-6^wo@t#W;JsamF+hh;;cMx!$O zT0=1%Z~uMZ76!Bfl_#yqVRM$+(Q;m!Ixctv?ZCU9LV6gVwLRBd{W`f57=3pZZs&WF z9_q+yDM%D71BBCg0dW+yCzq(eW!kNBbRO3_2V*CpOySHC{mTr7WN|Yt?YoFb zVj4sbC4^PuHM8w@ASlyCg}7}9B#oqUSI?#LMRIN<1>Ln-?Ww)~rsdv)m8#n-A7ZgdUwezMY}a z+;FIKC2EwPZofVob7M7JhSLSky&5aSy$4raO_BLwa`A;$^xr2UBI{&71D>rpQCW=n zv`G67b%N5LO}EdugfkG0Ext9&l8c|)n2iETZjE@N=B3~OMmewd=BGf-G6z;l8PwZ4 z6#aTu!*g%O|7L!a{pzfr#(&OhgCuuXGo!Lcvbk%SQI`QgCmWe-S0DS=Q?Z#B`yKmq z_$hoPfRD`pOo4Dh!0Dbdd;4#9i+(cJYZvvb8suRsdGko?w}DLKI=A@7k^m}{JaR>p z=0)Hm@+yEaOc%LT{AB{QQ1=U*)9FRL23^ZGZi`APHJzHL(x5Ce{SGH&Jq$%NQzpW` zW=0kiY#cLX{+_m6V!al#--50!p2hue`L#LTG+e*|hj~eK^RBB|=>HK^{H3ezj9sq! z*=GrBAzOmK6ruJD;3VgT9$e6cv-dVTjB|NyP4u>b zo^2>1Md{8SdKrZ~qeJyHgh&E+m3fdRlFnUYo(hKKy`pYLy7N8Hrtw$aD*H7iPuGZD9{BZ% zYff8jjO6v)3fO@zloQ=jBj=EqKg6BKPP~bbs~I8vK<#0|Ywk2=Ne8QGuC#g1EH@(F zMd(M*6_ofl<)7j-BCu84kLc{6?4KZ0oTC&oD3DteW$(z8EJHfsL|JqJH-b(q^`EIkb5&uHQqWb+zUTypY(_M}y z(a)23`LY73@wJg@deQLS3{o)!gZzbeSJ0OAKop%LkB z496m02T?OH`A6$PE+;dzGlXjQhsM3WpnSVoEmM%bop7uepTw-O*ZR>fBkR9^l>0Rm zP+TH;S#fNq_Fw#4yinF*>lDC9@+B%i?si74l_%_8PpN#gHvf9yv&VHY|D~CMy`Dna z;*}Au^*YTI*;8Lv5EPH5gXFyx`4&eSENFl|N?&629a?fYyDt&F?^cDC3#RDKSJXJC z*Zg?tmdM_BosCsb8%SW^?UBltEt3aG=<9+)(0`GK{!=qNFc|{RB!@-lcqWwHtKY3R zGm1K2d7Se25WQD-SpSap$O0HokUt~k66A71QWt&ZoL8nyUC9BcN$U5D)E%j_SJHbzT4Sd)r>L@?+%k z8EGyc6EMnpl<S1?^x zP6+lnIE}H-_wW1pDp*(w7(&kjiQUM<$(?K5RuI>i9b(AU#&sDmCszlZCL9wJuI`P< z?>8)^yOV1px?y1-a+Ux!=wRM+^jQnZ!!L2N!836aF5ep*XKXXghYsto*Z}3v3751; zEgrD9`xx^!TLApu6HY){aW@Rp5^{aDlB7yeYtM0^FpcFKLve4Y0Mlnrs-BV~ zf+7TXY~a?PA=(IgW$|i@ zmvkcwY$J4N7I@g35lUnlSbefPXUfQmfxA!4?Ipl3Lt$(_ zL}dlRZ5YDIU0{xsC?@P_93!|;O%LhAYYPv!>oE5A$kc;KbtLALF18Nj38;QjgI@vo z>q3$2HSdnf{@nBOPr2pg?U#+;j0yn^$rlKy)lMq=nOzs9F#;JxvXM-p)C7B?1M0U# z6EopNJ>oDGlurA!ML;&3d)%E(rN#!8u&xz-O1{Jr4v9!={-e|^G&2?dN85ZT^ z#hNgzDr^RbgXtR7NVDy!%1ZmhS5!8HtHZ*+q5a2;72nKt)1tCe?}5*w7{aN`;!-lh z9ad})to0}1O!)L%lm<6hj~OzBjhky4puJfArt;gp@Se!HA0oPB#yeNPt3#p|KLx-R ze3uk2F84#4k)PcW5e}+q@1n!hdi-$zY_(>Hn5hXYw8xW{l+(o(@C)H{SW|a!akI|f zpaIYApe#8b5KP>S680~kmo^udacy{>y7;BtxK@zC$Q~*jd3Npp=1+E8$CGj+Bh5#Y zy16prYV$4b=!$ZQoL4z*clYdU^InZBQ(9&D0}O=lHTND)SF3b1D;f7>p3E;KIuYXX z$tjH`szeCMDvCP)?tUdtVS&FIJ1f#5&^O9iRg+QJx0TVGHsH>1uT!TtFw@6NMGVv%Z2 z5nw+GJNt?x1)6LeT+Lo2$D@2olsmfwhnnC$CFsRAlYK7L)d37LBV){L5>HbKR=eV3 zui@EGg_$qcjwl@ws4{efuD2ARYlbmr5om?exZg9bODD(k5X8^z;HrH+Z;I`+mD3+` z%WZyL=RNLAqbbg(5}oWQ0qqMD){Q^jx!h`;Zx^{Q!IJR8`|!IAPvfJ?G)b};`)696 zs#^Qh@<=6oKWI=*-5-?P6Cgccfktz12c3JvrJ`lV=YI6jofNZE$SmX3{{$Q5acW1B zlHMvx^dz}IJN3Oot4+sX0WR=PfcxX7&vSP3oJ7Twtk=qD-qb9C`7Oqm%zhM(Cp1qCStG+bXwQO?;OvPq#bs|R^YW_WaalNz$585 z^@R@lA+#g3lYyzR3SUYDZ<8~tpKaH?4oRa6bc!ux9rEE0G3ZY{J!`w4Y0}lxdS@ns!&=2EFFnB6MeDlt+}?WBP;p+)aY1 zj57}jz9=51K6rg@FhZr#_s2uT=zdk%5T}S=#-tljvgrG2(94o1KdTE>VI~ZBK3Oo@ zY|^VwCSUj8(6M{oPy5L=-oMzwX|AdA+aMA6;7=Doz8GC!o-bWXX)=Wp6gV+zkED2J zRSsmy^>uhc`exA#=UH#HF7F3(Cf@Q}4x?XGiEF(ZJd)(-$rHuI)bg?G*G6pM0%?dK z{EVLLK{mrrQ5qRtsP>8)G`2ME(9=uNx^|Ty*+EMH&Ue%J5u-;gL#(A5d(;ZR(71dI zUJ5#GjJ*ND&{KTP0Ao@(91Ywksqvu*Jqx*18aKe~(hPRaO1iZ8wMFAX&6rLqVJ{Hb z%3%J1NRNZnOjBLmHdFx3INC3fMD-p7-{4MEm_X>2szs?V3U2!Q?8S-c@GF$73YHY8 zd=4m9Szj1u8c9^r1D6zK#|ULnPRlZKo8 zS5%ri_A^B8>i*#&3N*Ilwj`&V&d^f(6ZTWSi}+;Tg~K63r8K>#=HBVADc_~2{(9u| zh~7;vKQnuuNKuGZ=d-nri}&KEjmMp!P{y@|b@@wLuF4FF)`7Ao-HKY}GRthMUGfR% zvO*s+(WgUl=RpgJ$+udgOVPmr3lu_^a#QZP=(#;gBI0boPxN@}l5RZ}TF%0TX~TQ^F;W5=r1~iZ+KWBfF3t zOJ{-fU#YG{@~bS`w~eTT?n?5wDLe)%w{dky28Q0mbJ$4MGf*+s?#999Y=lnI7Q!1z3? zi3iluXI~^ zZ&A<*{B%#>9XigPfN`s9)}4K~TxNwLQ65yt6u2}bhrYW*9w&lU*vvq!D#uYc5vAMK zMimr=|BCD-JR`d&Qqi(?5I_YPx_H-K!?&O2*N5;1Y(v@o9!}H?JjPuhXrM3EHp5f^ zv&_8HsN$*Qwk#s*Cdks?o=;&_ATOz#UC51yyCP&UJr>>*t2<3e&R5}})33s49cEi0 zWF+1e1qwRrX@yfFnWvOG^VCh0{j4#?h!T0&Wh9|;v=#RSkyu4o;1YFh|1sAP9Ckbk zSwcj4zuxFQ>KlSoxWjMl!Hm@>IiFLR8vllS_FanaM4~%R4YxI={FHi+zIaZkr|e!bw$cNe-UMDtkZ0grvK~%pf~|55bXKK-Ga3XYQ+&IfY-3zv zHpE#Y9wQrV$PvC7YYV?|#ZkBUqE`iV&oSEm;0{NHsqqfz0bD+ktpIGz%0g2#W7k4( z+Fhg}Q^PaC7WY=QWc>9Yh)hkeD1N&}K>UiLwtt_{krfaW3%6+pdBT$iGF_i=EyAB> zz*Q?!;p#_}=b&sP-D=W#ibV_qqVMWWtnA+Fw-+0b>+I9NuX|Fez(euCV%6KK-FWfo ziy4xKQr@|L6JXihj}TcreaHIak5=>zY}C6~m0O&wG5ylFMv2(1YTP=P1W&ncz4)Vh zSaur>!?CVlG!p6j4d;yqm&6Cz1~NswtJOa&=ZItmTKjm3D&rjh^GAIsreq@7xZwM$ z6Q%G*^24alJ&#bXu$G(2@LsZQ*$fXgHuSL;W$vi)^q^?hd|%~?wE265)Tdr#iyHl4 zir0J3)p%dy;R}-EO&wBh?*oQ0XL>6JPqRe*l5@H{ybDMLn&4GRddWV#iEpuE=%5Xi zp=3SckirSdwPTAPI?hLeJ$N+&+&}NPOL8!dgwmxGYo;Z~9i;!zX%xY^A z*T|=wF~<}oao9qggbc0C_!W63aMjVBC5V56?k-bWl^cV1@1{V5`&Pn_?@ykJmD~ss z_pas4Vw8B$%p^b^YZP_*OtQhQ-ew6AQNtI4@ow(L1 z^2eC#r{5@%CO#WI`E61)8U!U6rmAKA3Bjdd+ZQi45q%!frNBVP9v+X5jH?pi)8asG z{#jL$o_C7~I)V?tozMqKd+)_srRl9%mp-g5dPN+`D_?NrU*so=h?L)$K9?UULn}qK zJ(X>LQ$nb;o@iBkVI#zEnYKKtK15X3t&NU;HcJ!|dF$LwQUfF{gU^|Oe(5=M+PhIZ z(ij{c^x>*5|HYg&OW~KZM|~0!Q0fbSuSJ_I*|DMI&R50iA)U?D8+gzDqHMpAnL8Vs zzURT1vzj{?R`lvpFA4Ut1lO*aRL`?PbfJTC`(c2SgX8?JNVrU*Ei1jyvv^xowNi?m z#L*unqR8&c-`>lt%b42L@o%w=HbYKySBi*Y#!IYN32Bej=f^l5L+~TbHFlgML_h@9XB_ z0S!e(n-}NTP3!k~Mgexop04=(V1je@VOZC^yE>>RUp2N^`2`lzH)#ps-iQb9#X=$&vB3WxFA@h(u!ZWJ<(*Qp| zR)m_L3`5td*hC((@k;2H$Ou)DR8m5}s3dC^?`s?zJ1NA?K^av#kl9d`Mj-Tq-Gw09 zlnM%$s6dsNMzf0{aSLHu2m}hr#jHZ6{25P+StAWROX$S(nl4&)nLYS$i#b}-if)Y& zBo)aa@g*BNg5={P;}VjE@#3X)N%>!OPmJi}?+p%lB6)))jM4*p#3=U$8{zr`ac16g zAL*%z?&-^jxh+V5nQ|UHO1C*GG|g~%!UtMg4O%6nVXW%>^J06?keRCVCQU+??a0^- zrDXL)f{Z(TwJD3A4nq%=$2cdmIHEaJg$y#ppNG}r4-x%R5`(h3Sq{(rZD8JgA11!4RFh7B zeLa-*SST>JCz1#8`k>@Iy~Z<0xTC;ZyL%ODzyd{SQP&F zZpmpRO~i&zUjIJ((`)azXi|yJ?1~#D{<)-gGC-zqLDj8=do7303IU3JHi@v0mph~7 zCMQ8{NarwE$Rn^Pner94*es=2BG)gX)KOZ^O>ie&GW^?OfKkg$XiQZ8o^e|eRY>3w z%ziCDGRLF9zVMvR9i`|Q^;fIN05`C0-wcU(JxC>uJ6>Kjkh7#l*FcFY%etH3mo-N| z$nYvhP7P!|p!^(q*M^#!CXBH?wqIojdRa7Yi(ukP48X~d<0CsX6=UscQA^@%Yk{2F zcu-w&O1YEyf2O>+!4M2Krp^}Yo>Ah{J7nT&?p%RPsaAL!pMWA-RjhU4c*?lSPKmX* z8kPklBSA&;_Z-HZ2M+N0D8#y9*_X!MXBpfJ?}%jj1`O$&=WF=o>>nEWaRc@ z)Z;}SA|f^sCa6|cw0we&#qy0s=qvnQ>z|M5u{~aD^*Z$H$sw(^2_e+Y?GscIe7^Vy<@9?5G+E-zzbv zO#8&kD&fBcMgbXsmH@2|w+qj1oCoFb&h1^WLMT3L)Vy9s7Yqe*JqMiUd?jZ&v5C-Q zrxwUII9Q?YwADu5CzxX7@^?+mTI!uZIRf0ApT5q2M;FxYuNDoUrh5_PNp5-!-mUZ= z9DnPrDLql9LPbWfBu@n)3{k}YLg3*)jQ0P?O7mXoD&QkF$iNiGD_6M25QpNKg1zR*aQ4@OL}`^bhN(@P8_yy`u29=J043}I7xz z#qR?l0zc#wGh296Ngw9QfE9p3hQ18>L$EBD`g@bJX-9@^_&s&$mos8Ca!lcd;_+O7}W;<2I$tu@6(p*Vh7Nee)r^Z*PvvkP$H2LNHvY3;hTnk{9?BrQnLj5IrWFD{}8 zTr&Gl*VTNNX@Kb)uXsQk*SLgu78`BRi2Y)!dSysKZ7A)w#DR#BV z@%+B<%klR8Feih5kS6#T0WhzKwJ)i{doy|q_cDL)weR10Bkk(q*!*z=aJvvPg+KDJ zitRI#^E+6^TF{^D2s?kw$^NMNh{PqPb;rQg>=j_BAe=-aAsKwpvsR9806_$6MahzO z&Huz8q;I^*_(Dy3M}x(=A*I~1tCPHWH4hpS%eJ5N2cMz3dH~aY%6tCVn-F@!dtT>$ z*jn+p50zlgOOYXJc`F0pyHko;(pQX-G@kgI-7f%A7tooVHpdE89j2@DdMOXrMxW8C z^R5p>ajHfe#jKD8FWJM;mJzB6iXp3pfI`4xVIhR-csU-_1& z-4*=!%e^o{wSi+D5Q?A+FyoRev9Pxopa+DUIgZST4k-X$cUQmKLXpO2Z$|Ua;okQd zOy|dpLphMh9!lJz`UR8x5=w$&e!kMU7IBii-oj2Xt|8ke!7+)Ir|GqSh6y*%PqdZF zE)h6*56H)~ehWpKx!iwX!rP-gWD8pw+e=S_auB_-jelKAF1^TnM};X+^A;_gnE09`W7sj&cce>qcA zDBE;6-2;ki{t1`Sw06160nRi{Nih<9&a++@VI5<%`{{JiDXNX3gA0>n@xK4h$*vQ9 z>>ER~a+TjtJ=};>9PhV&X;+)%+!SE2hQZ^SW!asW967wR+bC4qFVh1*4xG+r z5H||T*F7wFl9yR6nI8*S1BwI+LBEV@%^YPHoeFQu0$wWiY}PG)mQ0b|C#ce6i9Brv z4c{nW+W!9tmHkhTu^?i;!;sJ{d0&?-aoY#IM&f<|UEG7!Ua+hz@Vg-P)0el}nIeUN z_C#me8+L_b!1(J)P%>?rk$P*gANcgwS3MYuYe%j19i~7aA%+z@NPyTB#cSrfA7^sN zMgVtJ4PY*O@{*2_+A~U-u0)IEL3z=R8g80NLuD_{y;3loVQwZ7AUl@Kys-=X0Q;l!$|so?TOS zC8n%xz;^h&V9yPLo#}HfWdlxLw!g!wTv!3`FUMt1it~wQ?r3@-;3Hd!;m;>RvH9kj zhX7g|3<$W*Ub5}QV8_iCKx*2Rl{q~`u~S-xTsC5QbVTfQ^S!5@`NT7I0r?w?Gr$3k z719t%oT@^%#C7ccf+i{g+F+O!kOOGm*(VLeKb?H6*NA%sxJV0v#-!QIP_;m?@w-P~ zJky;RPUJiyiu9q-@7+1+3m|z%0a)dlV%lCyeHRciZ<7QZm9u+sL^m>C))$}ww$$7Y zz%4prS0~L~vUfjYuS?eQ#TLb_8sHu^7wGxQ96+SN0h2}Un5eMux zW)jz)E`=;*0KN;|O+drh1O%2dAgu$%6KhJawZ?`Lb6h+9H)m>#TOUd@CyN~lTpu}V~#cR~rK;uB<0wxjUi zymX@Ih0P*l(GQ!2kJiAPyRw$5M*(B?fVW~Z9~EH3HN!<=(?z#W>gc{;G($9Du5Yp1J0io%zDnlnQ`)fomx~hAh%Ua-W4JtbtI|PHQ|1E zADegWC!qGEvr_jgjNmA0Prpxnfp`JE5O9y%;i2?XGN9)8o;Xwx2!+6=a$zdE(@vMEP zPP+vVfL~60w!HrHlm!9{HKBux@3-}~>U(PX@~>`V0a-FORr~Z-&kK}H=Ti&+-bm(+ zhXqOtb|ZZ@>osf6fPCr0&Zp0TQ~Rd_=nW{~$l|-;)5)^pO4u_S;bs-0f)&*qEIJ6q zGfDIbHJ9)TdHx05J(Oo-WYuWW1@?gSDOto#^151g0M`|HKWuVcT8yNIsB|5V$nSpT z7*#lq_m1Hj0Xf_z0goif~bO^));6>^lrco$s8cq=E+V`S$U<`JqNWXKI;KHH3A;t zCa*3kCpcKhEtnh;|EwXBVI_(ebhx>l3nN-K;ZxmdK_^VHZM%=A_;&m6Y?!+Xn|H|X z)I`KQJdt+(KH26m+jp&aGSgGljpzsGC)>>GFZhY@^rjgRlP=7A&3-jcNa8n>Br~?} zJH#bqwKA_P=MHS-6toQoVW%Hs^oCl24-TCXLEC0aj(hd@9Z1{gfXlve719I?@kFomBIQdGisB{AfpIA-!?f$;QLH^FHA!5inu!{-kY+0fAsjIJV_!bxyck z;UOQ7xC872Zu!hWr}D5s)9`9C-;%ul{>BXVv1$IK@I0H(i+0*5-FNy_8g0=}k_v#4hOh6egK(Q$Gl2|^N|eS$$p+>mP!a%Pi|wh0aKLjuhfQPe%G+YC zGY{)G+C7Xfu#kcCp0$W(3-3(>l;y3nU-;;jnj+2}0MWG60QRZ5*7!0si)J`%q!C!NAl#%!O)^7xH5*&Y=tIx4bb=30#{BQBu|*IKB|ge=3COV?=LVWSWa0 zW>D-*n9aKcOv?-SJ{r5Ioaa$Sv?r;zZB%RGHHi29~1NFI`%2d_%^Y*rsdIRUANb4H)HdkqTy2vEpjmi>3 zqt38nrKe10(C%Ebv=du_1O`w%91CQjf#!fg{!Y6!_Nbh!f)OU+Z+ql6MugqKxv4)N zouZIerSc-!4qL%K4akf*88e~Jk9v)NzUm{%`-9QAXr0G@5iF3hki0x({g);?W(gZ&BtU;yLF4Y|UcVA8C) z1Rd{g{hd(2B2&1m(&xeE8MWX8%e4DL>7udr{{h!1c502pTb0@Q1feAp?Y{eCA0C&* zD)xr`CuZ^_jU|S`6CcvU4Oh^QFVHgRHvd=RC)R`eP;jm{%53GY8x;#nad=lk!|H)? z$KG!Nk>{RRfcQW4g^K^u2mdRdx%kgPrq1?94J)dVfR~jP_$)(?8-Tcg9QPR~;BHdH zexCyR`tHaeUW4V7}|`7XY65?;<(4*gi8=SwMEB@i}%-h=sia~l8Xs(5sQDVfpz>kdi`blJd19sf2|Xx@xA>lDvVy`{rm4kpnj8kVFli=2sHoN z9yqc7n^3&2hWNNl?Ee2Wd*Gjv^PeL8A6nucqUImQ=pPR4A6D@np7sAg=K1UzN86J~$cFz@#(&GQ|6kfv B-0T1V literal 0 HcmV?d00001 diff --git a/content/v3/authorization/troubleshooting.md b/content/v3/authorization/troubleshooting.md new file mode 100644 index 0000000000..c7d27b9fc7 --- /dev/null +++ b/content/v3/authorization/troubleshooting.md @@ -0,0 +1,174 @@ +--- +title: "Troubleshooting" +linkTitle: "Troubleshooting" +weight: 4 +Description: > + Troubleshooting guide +--- + +- [Running `karavictl inject` leaves the vxflexos-controller in a `Pending` state](#running-karavictl-inject-leaves-the-vxflexos-controller-in-a-pending-state) +- [Running `karavictl inject` leaves the powermax-controller in a `Pending` state](#running-karavictl-inject-leaves-the-powermax-controller-in-a-pending-state) +- [Running `karavictl inject` leaves the isilon-controller in a `Pending` state](#running-karavictl-inject-leaves-the-isilon-controller-in-a-pending-state) + +--- + +### Retrieve CSM Authorization Server Logs + +To retrieve logs from services on the CSM Authorization Server, run the following command (e.g proxy-server logs): + +``` +$ k3s kubectl logs deploy/proxy-server -n karavi -c proxy-server +``` + +For OPA related logs, run: + +``` +$ k3s kubectl logs deploy/proxy-server -n karavi -c opa +``` + +### Running "karavictl inject" leaves the vxflexos-controller in a "Pending" state +This situation may occur when the number of vxflexos-controller pods that are deployed is equal to the number of schedulable nodes. +``` +$ kubectl get pods -n vxflexos + +NAME READY STATUS RESTARTS AGE +vxflexos-controller-696cc5945f-4t94d 0/6 Pending 0 3m2s +vxflexos-controller-75cdcbc5db-k25zx 5/5 Running 0 3m41s +vxflexos-controller-75cdcbc5db-nkxqh 5/5 Running 0 3m42s +vxflexos-node-mjc74 3/3 Running 0 2m44s +vxflexos-node-zgswp 3/3 Running 0 2m44s +``` + +__Resolution__ + +To resolve this issue, we need to temporarily reduce the number of replicas that the driver deployment is using. + +1. Edit the deployment + ``` + $ kubectl edit -n vxflexos deploy/vxflexos-controller + ``` + +2. Find `replicas` under the `spec` section of the deployment manifest. +3. Reduce the number of `replicas` by 1 +4. Save the file +5. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n vxflexos + + NAME READY STATUS RESTARTS AGE + vxflexos-controller-696cc5945f-4t94d 6/6 Running 0 4m41s + vxflexos-node-mjc74 3/3 Running 0 3m44s + vxflexos-node-zgswp 3/3 Running 0 3m44s + ``` + +6. Edit the deployment again +7. Find `replicas` under the `spec` section of the deployment manifest. +8. Increase the number of `replicas` by 1 +9. Save the file +10. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n vxflexos + + NAME READY STATUS RESTARTS AGE + vxflexos-controller-696cc5945f-4t94d 6/6 Running 0 5m41s + vxflexos-controller-696cc5945f-6xxhb 6/6 Running 0 5m41s + vxflexos-node-mjc74 3/3 Running 0 4m44s + vxflexos-node-zgswp 3/3 Running 0 4m44s + ``` + +### Running "karavictl inject" leaves the powermax-controller in a "Pending" state +This situation may occur when the number of powermax-controller pods that are deployed is equal to the number of schedulable nodes. +``` +$ kubectl get pods -n powermax + +NAME READY STATUS RESTARTS AGE +powermax-controller-58d8779f5d-v7t56 0/6 Pending 0 25s +powermax-controller-78f749847-jqphx 5/5 Running 0 10m +powermax-controller-78f749847-w6vp5 5/5 Running 0 10m +powermax-node-gx5pk 3/3 Running 0 21s +powermax-node-k5gwc 3/3 Running 0 17s +``` + +__Resolution__ + +To resolve this issue, we need to temporarily reduce the number of replicas that the driver deployment is using. + +1. Edit the deployment + ``` + $ kubectl edit -n powermax deploy/powermax-controller + ``` + +2. Find `replicas` under the `spec` section of the deployment manifest. +3. Reduce the number of `replicas` by 1 +4. Save the file +5. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n powermax + NAME READY STATUS RESTARTS AGE + powermax-controller-58d8779f5d-cqx8d 6/6 Running 0 22s + powermax-node-gx5pk 3/3 Running 3 8m3s + powermax-node-k5gwc 3/3 Running 3 7m59s + ``` + +6. Edit the deployment again +7. Find `replicas` under the `spec` section of the deployment manifest. +8. Increase the number of `replicas` by 1 +9. Save the file +10. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n powermax + NAME READY STATUS RESTARTS AGE + powermax-controller-58d8779f5d-cqx8d 6/6 Running 0 22s + powermax-controller-58d8779f5d-v7t56 6/6 Running 22 8m7s + powermax-node-gx5pk 3/3 Running 3 8m3s + powermax-node-k5gwc 3/3 Running 3 7m59s + ``` + +### Running "karavictl inject" leaves the isilon-controller in a "Pending" state +This situation may occur when the number of Isilon controller pods that are deployed is equal to the number of schedulable nodes. +``` +$ kubectl get pods -n isilon + +NAME READY STATUS RESTARTS AGE +isilon-controller-58d8779f5d-v7t56 0/6 Pending 0 25s +isilon-controller-78f749847-jqphx 5/5 Running 0 10m +isilon-controller-78f749847-w6vp5 5/5 Running 0 10m +isilon-node-gx5pk 3/3 Running 0 21s +isilon-node-k5gwc 3/3 Running 0 17s +``` + +__Resolution__ + +To resolve this issue, we need to temporarily reduce the number of replicas that the driver deployment is using. + +1. Edit the deployment + ``` + $ kubectl edit -n deploy/isilon-controller + ``` + +2. Find `replicas` under the `spec` section of the deployment manifest. +3. Reduce the number of `replicas` by 1 +4. Save the file +5. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n isilon + + NAME READY STATUS RESTARTS AGE + isilon-controller-696cc5945f-4t94d 6/6 Running 0 4m41s + isilon-node-mjc74 3/3 Running 0 3m44s + isilon-node-zgswp 3/3 Running 0 3m44s + ``` + +6. Edit the deployment again +7. Find `replicas` under the `spec` section of the deployment manifest. +8. Increase the number of `replicas` by 1 +9. Save the file +10. Confirm that the updated controller pods have been deployed + ``` + $ kubectl get pods -n isilon + NAME READY STATUS RESTARTS AGE + isilon-controller-58d8779f5d-cqx8d 6/6 Running 0 22s + isilon-controller-58d8779f5d-v7t56 6/6 Running 22 8m7s + isilon-node-gx5pk 3/3 Running 3 8m3s + isilon-node-k5gwc 3/3 Running 3 7m59s + ``` \ No newline at end of file diff --git a/content/v3/authorization/uninstallation.md b/content/v3/authorization/uninstallation.md new file mode 100644 index 0000000000..4b8fad3b53 --- /dev/null +++ b/content/v3/authorization/uninstallation.md @@ -0,0 +1,21 @@ +--- +title: Uninstallation +linktitle: Uninstallation +weight: 2 +description: > + Dell EMC Container Storage Modules (CSM) for Authorization Uninstallation +--- + +This section outlines the uninstallation steps for Container Storage Modules (CSM) for Authorization. + +## Uninstalling the RPM + +To uninstall the rpm package on the system, run the below command: + +``` +rpm -e +``` + +## Uninstalling the sidecar-proxy in the CSI Driver + +To uninstall the sidecar-proxy in the CSI Driver, [uninstall](../../csidriver/uninstall) the driver and [reinstall](../../deployment) the driver using the original configuration secret. \ No newline at end of file diff --git a/content/v3/concepts/_index.md b/content/v3/concepts/_index.md deleted file mode 100644 index 23c4dcda4d..0000000000 --- a/content/v3/concepts/_index.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: "Concepts" -Description: "Concepts" -weight: 9 ---- -## Volume Snapshot Feature - -The Volume Snapshot feature started in alpha (v1alpha1) in Kubernetes 1.13 and then moved to beta (v1beta1) in Kubernetes version 1.17 and generally available (v1) in Kubernetes version 1.20. - -In order to use Volume Snapshots, ensure the following components with appropriate versions have been deployed to your cluster: -- Kubernetes Volume Snaphshot CRDs -- Volume Snapshot Controller \ No newline at end of file diff --git a/content/v3/contributionguidelines/_index.md b/content/v3/contributionguidelines/_index.md new file mode 100644 index 0000000000..19b639c316 --- /dev/null +++ b/content/v3/contributionguidelines/_index.md @@ -0,0 +1,112 @@ +--- +title: "Contribution Guidelines" +linkTitle: "Contribution Guidelines" +weight: 12 +Description: > + Dell EMC Container Storage Modules (CSM) docs Contribution Guidelines +--- + + +CSM Docs is an open-source project and we thrive to build a welcoming and open community for anyone who wants to use the project or contribute to it. + +### Contributing to CSM Docs + +Become one of the contributors to this project! + +You can contribute to this project in several ways. Here are some examples: + +* Contribute to the CSM documentation. +* Report an issue. +* Feature requests. + +CSM docs reside in . + +CSM project resides in . + +#### Don't + +* Break the website view. +* Commit directly. +* Compromise backward compatibility. +* Disrespect your Community Team members. +* Forget to keep things simple. + +#### Do + +* Keep it simple. +* Good work, your best every time. +* Squash your commits, avoid merges. +* Keep open communication with other Committers. +* Ask questions. +* Test your changes locally and make sure it is not breaking anything. + +### Code reviews + +All submissions, including submissions by project members, require review. +We use GitHub pull requests for this purpose. + +### Branching strategy + +The CSM documentation portal follows a release branch strategy where a branch is created for each release and all documentation changes made for a release are done on that branch. The release branch is then merged into the main branch at the time of the release. In some situations it may be sufficient to merge a non-release branch to main if it fixes some issue in the documentation for the current released version. + +#### Branch Naming Convention + +| Branch Type | Example | Comment | +|--------------|-----------------------------------|-------------------------------------------| +| main | main | | +| Release | release-1.0 | hotfix: release-1.1 patch: release-1.0.1 | +| Feature | feature-9-olp-support | "9" referring to GitHub issue ID | +| Bug Fix | bugfix-110-remove-docker-compose | "110" referring to GitHub issue ID | + +#### Steps for working on the main branch + +1. Fork the repository. +2. Create a branch off of the main branch. The branch name should follow [branch naming convention](#branch-naming-convention). +3. Make your changes and commit them to your branch. +4. If other code changes have merged into the upstream main branch, perform a rebase of those changes into your branch. +5. Test your changes [locally](#previewing-your-changes) +6. Open a [pull request](https://github.com/dell/csm-docs/pulls) between your branch and the upstream main branch. +7. Once your pull request has merged with the required approvals, your branch can be deleted. + +#### Steps for working on a release branch + +1. Fork the repository. +2. Create a branch off of the release branch. The branch name should follow [branch naming convention](#branch-naming-convention). +3. Make your changes and commit them to your branch. +4. If other code changes have merged into the upstream release branch, perform a rebase of those changes into your branch. +5. Test your changes [locally](#previewing-your-changes) +6. Open a [pull request](https://github.com/dell/csm-docs/pulls) between your branch and the upstream release branch. +7. Once your pull request has merged with the required approvals, your branch can be deleted. + +### Previewing your changes +- Install [latest Hugo version extended version](https://github.com/gohugoio/hugo/releases). + > Note: Please note we have to install an extended version. +- Create a local copy of the csm-docs repository using `git clone`. +- Update docsy submodules inside themes folder using `git submodule update --recursive --init` +- Change to the csm-docs folder and run + ``` + hugo server + ``` + By default, local changes will be reflected at http://localhost:1313/. Hugo will watch for changes to the content and automatically refreshes the site. + > Note: To bind it to different server address use `hugo server --bind 0.0.0.0`, default is 127.0.0.1 +- After testing the changes locally, raise a pull request after editing the pages and pushing it to GitHub. + +### Community guidelines + +This project follows https://github.com/dell/csm/blob/main/docs/CODE_OF_CONDUCT.md. + +### Best Practices + +#### Linking the URLs + +Hardcoded relative links like `[troubleshooting observability](../../observability/troubleshooting.md)` will behave unexpectedly compared to how they would work on our local file system. +To avoid broken links in the portal, use regular relative URLs in links that will be left unchanged by Hugo. + +#### Style guide + +- Use sentence case wherever applicable. +- Use the numbered lists for items in sequential order and bulletins for the other lists. +- Check for grammar and spelling. +- Embed the code within backticks. +- Use only high-resolution images. + diff --git a/content/v3/dell-csi-driver/Architecture_Diagram.png b/content/v3/csidriver/Architecture_Diagram.png similarity index 100% rename from content/v3/dell-csi-driver/Architecture_Diagram.png rename to content/v3/csidriver/Architecture_Diagram.png diff --git a/content/v3/csidriver/_index.md b/content/v3/csidriver/_index.md new file mode 100644 index 0000000000..64cfee9115 --- /dev/null +++ b/content/v3/csidriver/_index.md @@ -0,0 +1,67 @@ + +--- +title: "CSI Drivers" +linkTitle: "CSI Drivers" +description: About Dell EMC CSI Drivers +weight: 3 +--- + +The CSI Drivers by Dell EMC implement an interface between [CSI](https://kubernetes-csi.github.io/docs/) (CSI spec v1.3) enabled Container Orchestrator (CO) and Dell EMC Storage Arrays. It is a plug-in that is installed into Kubernetes to provide persistent storage using Dell storage system. + +![CSI Architecture](Architecture_Diagram.png) + +## Features and capabilities + +### Supported Operating Systems/Container Orchestrator Platforms +{{}} +| | PowerMax | PowerFlex |   Unity| PowerScale | PowerStore | +|---------------|:----------------:|:-------------------:|:----------------:|:-----------------:|:----------------:| +| Kubernetes | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | 1.20, 1.21, 1.22 | +| RHEL | 7.x,8.x | 7.x,8.x | 7.x,8.x | 7.x,8.x | 7.x,8.x | +| Ubuntu | 20.04 | 20.04 | 18.04, 20.04 | 18.04, 20.04 | 20.04 | +| CentOS | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | 7.8, 7.9 | +| SLES | 15SP2 | 15SP2 | 15SP2 | 15SP2 | 15SP2 | +| Fedora Core OS| no | 5.x | no | no | no | +| Red Hat OpenShift | 4.6 EUS, 4.7, 4.8 | 4.6 EUS, 4.7, 4.8 | 4.6 EUS, 4.7, 4.8 | 4.6 EUS, 4.7, 4.8 | 4.6 EUS, 4.7, 4.8 | +| Mirantis Kubernetes Engine | 3.4.x | 3.4.x | 3.4.x | 3.4.x | 3.4.x | +| Google Anthos | 1.6 | 1.8 | no | no | 1.7 | +| VMware Tanzu | no | no | NFS | NFS | NFS | +| Rancher Kubernetes Engine | yes | yes | yes | yes | yes | +{{
}} + +### CSI Driver Capabilities +{{}} +| Features | PowerMax | PowerFlex |    Unity | PowerScale | PowerStore | +|--------------------------|:--------:|:------------------:|:---------:|:-----------------:|:----------:| +| CSI Specification | v1.3 | v1.3| v1.3 | v1.4 | v1.3 | +| Static Provisioning | yes | yes| yes | yes | yes | +| Dynamic Provisioning | yes | yes| yes | yes | yes | +| Expand Persistent Volume | yes | yes| yes | yes | yes | +| Create VolumeSnapshot | yes | yes| yes | yes | yes | +| Create Volume from Snapshot | yes | yes| yes | yes | yes | +| Delete Snapshot | yes | yes| yes | yes | yes | +| [Access Mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) | RWO
(FC/iSCSI)
RWO/
RWX/
ROX
(Raw block) | RWO
RWO/
RWX/
ROX
(Raw block) | RWO
(FC/iSCSI)
RWO/RWX
(RawBlock)
RWO/RWX/ROX
(NFS) | RWO/RWX/ROX | RWO
(FC/iSCSI)
RWO/
RWX/
ROX
(RawBlock, NFS) | +| CSI Volume Cloning | yes | yes | yes | yes | yes | +| CSI Raw Block Volume | yes | yes | yes | no | yes | +| CSI Ephemeral Volume | no | yes | yes | yes | yes | +| Topology | yes | yes | yes | yes | yes | +| Multi-array | yes | yes | yes | yes | yes | +{{
}} +### Supported Storage Platforms +{{}} +| | PowerMax | PowerFlex |   Unity| PowerScale | PowerStore | +|---------------|:----------------:|:-------------------:|:----------------:|:-----------------:|:----------------:| +| Storage Array |5978.479.479, 5978.669.669, 5978.711.711, Unisphere 9.2| 3.5.x, 3.6.x | 5.0.5, 5.0.6, 5.0.7, 5.1.0 | OneFS 8.1, 8.2, 9.0, 9.1, 9.2 | 1.0.x, 2.0.x | +{{
}} +### Backend Storage Details +{{}} +| Features | PowerMax | PowerFlex |   Unity | PowerScale| PowerStore | +|---------------|:----------------:|:------------------:|:----------------:|:----------------:|:----------------:| +| Fibre Channel | yes | N/A | yes | N/A | yes | +| iSCSI | yes | N/A | yes | N/A | yes | +| NFS | N/A | N/A | yes | yes | yes | +| Other | N/A | ScaleIO protocol | N/A | N/A | N/A | +| Supported FS | ext4 / xfs | ext4 / xfs | ext3 / ext4 / xfs / NFS | NFS | ext3 / ext4 / xfs / NFS | +| Thin / Thick provisioning | Thin | Thin | Thin/Thick | N/A | Thin | +| Platform-specific configurable settings | Service Level selection
iSCSI CHAP | - | Host IO Limit
Tiering Policy
NFS Host IO size
Snapshot Retention duration | Access Zone
NFS version (3 or 4);Configurable Export IPs | iSCSI CHAP | +{{
}} diff --git a/content/v3/csidriver/archives/_index.md b/content/v3/csidriver/archives/_index.md new file mode 100644 index 0000000000..c6df42da23 --- /dev/null +++ b/content/v3/csidriver/archives/_index.md @@ -0,0 +1,43 @@ +--- +title: Archives +description: Product Guide and Release Notes for previous versions of Dell CSI drivers +--- + +## PowerScale +### v1.3 +-[Release Notes](/pdf/RN_isilon.pdf) + +-[Product Guide](/pdf/PG_isilon.pdf) + +### v1.2 + +-[Release Notes](/pdf/RN_isilon_2.pdf) + +-[Product Guide](/pdf/PG_isilon_2.pdf) + +## PowerMax + +### v1.4 +-[Release Notes](/pdf/RN_powermax.pdf) + +-[Product Guide](/pdf/PG_powermax.pdf) + +## PowerFlex + +### v1.2 +-[Release Notes](/pdf/RN_vxflex.pdf) + +-[Product Guide](/pdf/PG_vxflex.pdf) + +## PowerStore +### v1.1 +-[Release Notes](/pdf/RN_powerstore.pdf) + +-[Product Guide](/pdf/PG_powerstore.pdf) + +## Unity +### v1.3 +-[Release Notes](/pdf/RN_unity.pdf) + +-[Product Guide](/pdf/PG_unity.pdf) + diff --git a/content/v2/features/_index.md b/content/v3/csidriver/features/_index.md similarity index 66% rename from content/v2/features/_index.md rename to content/v3/csidriver/features/_index.md index b8f14e3466..6089280f02 100644 --- a/content/v2/features/_index.md +++ b/content/v3/csidriver/features/_index.md @@ -5,5 +5,5 @@ weight: 4 tags: - pod-deploy - csi-driver -description: Code samples for various drivers +description: Description of CSI Driver features --- diff --git a/content/v3/csidriver/features/powerflex.md b/content/v3/csidriver/features/powerflex.md new file mode 100644 index 0000000000..73c4fb6d7e --- /dev/null +++ b/content/v3/csidriver/features/powerflex.md @@ -0,0 +1,603 @@ +--- +title: PowerFlex +linktitle: PowerFlex +weight: 1 +Description: Code features for PowerFlex Driver +--- + +## Volume Snapshot Feature + +The CSI PowerFlex driver version 2.0 supports v1 snapshots on Kubernetes 1.20/1.21/1.22. + +In order to use Volume Snapshots, ensure the following components are deployed to your cluster: +- Kubernetes Volume Snapshot CRDs +- Volume Snapshot Controller + +### Volume Snapshot Class + +Installation of PowerFlex driver v1.5 and later does not create VolumeSnapshotClass. You can find a sample of a default v1 +VolumeSnapshotClass instance in `samples/volumesnapshotclass` directory. If needed, you can install the default sample. Following is the default sample for v1: + +``` +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotClass +metadata: + name: vxflexos-snapclass +driver: csi-vxflexos.dellemc.com +# Configure what happens to a VolumeSnapshotContent when the VolumeSnapshot object +# it is bound to is to be deleted +# Allowed values: +# Delete: the underlying storage snapshot will be deleted along with the VolumeSnapshotContent object. +# Retain: both the underlying snapshot and VolumeSnapshotContent remain. +deletionPolicy: Delete +``` + +### Create Volume Snapshot + +The following is a sample manifest for creating a Volume Snapshot using the v1 snapshot APIs: + +``` +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: pvol0-snap1 + namespace: helmtest-vxflexos +spec: + volumeSnapshotClassName: vxflexos-snapclass + source: + persistentVolumeClaimName: pvol0 +``` + +Once the VolumeSnapshot is successfully created by the CSI PowerFlex driver, a VolumeSnapshotContent object is automatically created. Once the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_, it is available for use. + +Following is the relevant section of VolumeSnapshot object status: +``` +status: + boundVolumeSnapshotContentName: snapcontent-5a8334d2-eb40-4917-83a2-98f238c4bda + creationTime: "2020-07-16T08:42:12Z" + readyToUse: true +``` + +### Creating PVCs with Volume Snapshots as Source + +The following is a sample manifest for creating a PVC with a VolumeSnapshot as a source: +``` +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: restorepvc + namespace: helmtest-vxflexos +spec: + storageClassName: vxflexos + dataSource: + name: pvol0-snap + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +``` + +## Create Consistent Snapshot of Group of Volumes + +This feature extends CSI specification to add the capability to create crash-consistent snapshots of a group of volumes. This feature is available as a technical preview. To use this feature, users have to deploy the csi-volumegroupsnapshotter side-car as part of the PowerFlex driver. Once the sidecar has been deployed, users can make snapshots by using yaml files such as this one: +``` +apiVersion: volumegroup.storage.dell.com/v1alpha2 +kind: DellCsiVolumeGroupSnapshot +metadata: + # Name must be 13 characters or less in length + name: "vg-snaprun1" + namespace: "helmtest-vxflexos" +spec: + # Add fields here + driverName: "csi-vxflexos.dellemc.com" + # defines how to process VolumeSnapshot members when volume group snapshot is deleted + # "retain" - keep VolumeSnapshot instances + # "delete" - delete VolumeSnapshot instances + memberReclaimPolicy: "retain" + volumesnapshotclass: "vxflexos-snapclass" + pvcLabel: "vgs-snap-label" + # pvcList: + # - "pvcName1" + # - "pvcName2" +``` +In the metadata section, the name is limited to 13 characters because the snapshotter will append a timestamp to it. Additionally, the pvcLabel field specifies a label that must be present in PVCs that are to be snapshotted. Here is a sample of that portion of a .yaml for a PVC: +``` +metadata: + name: pvol0 + namespace: helmtest-vxflexos + labels: + volume-group: vgs-snap-label +``` +More details about the installation and use of the VolumeGroup Snapshotter can be found here: [dell-csi-volumegroup-snapshotter](https://github.com/dell/csi-volumegroup-snapshotter). + +## Volume Expansion Feature + +The CSI PowerFlex driver version 1.2 and later support expansion of Persistent Volumes. This expansion is done online, which is when PVC is attached to a node. + +To use this feature, the storage class used to create the PVC must have the attribute _allowVolumeExpansion_ set to _true_. + +Following is a sample manifest for a storage class that allows for Volume Expansion: +``` +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: vxflexos-expand + annotations: +provisioner: csi-vxflexos.dellemc.com +reclaimPolicy: Delete +allowVolumeExpansion: true +parameters: + storagepool: pool +volumeBindingMode: WaitForFirstConsumer +allowedTopologies: +- matchLabelExpressions: + - key: csi-vxflexos.dellemc.com/sample + values: + - csi-vxflexos.dellemc.com +``` +To resize a PVC, edit the existing PVC spec and set _spec.resources.requests.storage_ to the intended size. + +For example, if you have a PVC - pvol0 of size 8Gi, then you can resize it to 16 Gi by updating the PVC: +``` +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 16Gi #update from 8Gi + storageClassName: vxflexos + volumeMode: Filesystem + volumeName: k8s-0e50dada +status: + accessModes: + - ReadWriteOnce + capacity: + storage: 8Gi + phase: Bound +``` +> *NOTE:* Kubernetes Volume Expansion feature cannot be used to shrink a volume and volumes cannot be expanded to a value that is not a multiple of 8. If attempted, the driver will round up. For example, if the above PVC was edited to have a size of 20 Gb, the size would actually be expanded to 24 Gb, the next highest multiple of 8. + +## Volume Cloning Feature +The CSI PowerFlex driver version 1.3 and later support volume cloning. This feature allows specifying existing PVCs in the _dataSource_ field to indicate a user would like to clone a Volume. + +The source PVC must be bound and available (not in use). Source and destination PVC must be in the same namespace and have the same Storage Class. + +To clone a volume, you must first have an existing pvc, for example, pvol0: +``` +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: pvol0 + namespace: helmtest-vxflexos +spec: + storageClassName: vxflexos + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 8Gi +``` + +The following is a sample manifest for cloning pvol0: +``` +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: clonedpvc + namespace: helmtest-vxflexos +spec: + storageClassName: vxflexos + dataSource: + name: pvol0 + kind: PersistentVolumeClaim + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +``` + +## Raw Block Support + +The CSI PowerFlex driver version 1.2 and later support Raw Block volumes, which are created using the _volumeDevices_ list in the pod template spec with each entry accessing a volumeClaimTemplate specifying a _volumeMode: Block_. + +Following is an example configuration of **Raw Block Outline**: + +``` +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: powerflextest + namespace: helmtest-vxflexos +spec: + ... + spec: + ... + containers: + - name: test + ... + volumeDevices: + - devicePath: "/dev/data0" + name: pvol + volumeClaimTemplates: + - metadata: + name: pvol + spec: + accessModes: + - ReadWriteOnce + volumeMode: Block + storageClassName: vxflexos + resources: + requests: + storage: 8Gi +``` +Allowable access modes are _ReadWriteOnce_, _ReadWriteMany_, and for block devices that have been previously initialized, _ReadOnlyMany_. + +Raw Block volumes are presented as a block device to the pod by using a bind mount to a block device in the node's file system. The driver does not format or check the format of any file system on the block device. Raw Block volumes do support online Volume Expansion, but it is up to the application to manage to reconfigure the file system (if any) to the new size. + +For additional information, see the [Kubernetes Raw Block Volume Support documentation](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-mode). + +## Custom File System Format Options + +The CSI PowerFlex driver version 1.5 and later support additional mkfs format options. A user is able to specify additional format options as needed for the driver. Format options are specified in storageclass yaml under _mkfsFormatOption_ as in the following example: + +``` +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: vxflexos + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: csi-vxflexos.dellemc.com +reclaimPolicy: Delete +allowVolumeExpansion: true +parameters: + storagepool: # Insert Storage pool + systemID: # Insert System ID + mkfsFormatOption: "" # Insert file system format option +volumeBindingMode: WaitForFirstConsumer +allowedTopologies: +- matchLabelExpressions: + - key: csi-vxflexos.dellemc.com/ # Insert System ID + values: + - csi-vxflexos.dellemc.com + +``` +- *WARNING*: Before utilizing format options, you must first be fully aware of the potential impact and understand your environment's requirements for the specified option. + + + +## Topology Support + +The CSI PowerFlex driver version 1.2 and later supports Topology which forces volumes to be placed on worker nodes that have connectivity to the backend storage. This covers use cases where: +- The PowerFlex SDC may not be installed or running on some nodes. +- Users have chosen to restrict the nodes on which the CSI driver is deployed. + +This Topology support does not include customer-defined topology, users cannot create their own labels for nodes and storage classes and expect the labels to be honored by the driver. + +### Topology Usage + +To utilize the Topology feature, the storage classes are modified to specify the _volumeBindingMode_ as _WaitForFirstConsumer_ and to specify the desired topology labels within _allowedTopologies_. This ensures that the pod schedule takes advantage of the topology and be guaranteed that the node selected has access to provisioned volumes. + +Storage Class Example with Topology Support: +``` +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + annotations: + meta.helm.sh/release-name: vxflexos + meta.helm.sh/release-namespace: vxflexos + storageclass.beta.kubernetes.io/is-default-class: "true" + creationTimestamp: "2020-05-27T13:24:55Z" + labels: + app.kubernetes.io/managed-by: Helm + name: vxflexos + resourceVersion: "170198" + selfLink: /apis/storage.k8s.io/v1/storageclasses/vxflexos + uid: abb094e6-2c25-42c1-b82e-bd80372e78b +parameters: + storagepool: pool +provisioner: csi-vxflexos.dellemc.com +reclaimPolicy: Delete +volumeBindingMode: WaitForFirstConsumer +allowedTopologies: +- matchLabelExpressions: + - key: csi-vxflexos.dellemc.com/6c29fd07674c + values: + - csi-vxflexos.dellemc.com +``` +For additional information, see the [Kubernetes Topology documentation](https://kubernetes-csi.github.io/docs/topology.html). + +> *NOTE*: In the manifest file of the Dell CSI operator, topology can be enabled by specifying the system name or _systemid_ in the allowed topologies field. _Volumebindingmode_ is also set to _WaitForFirstConsumer_ by default. + +## Controller HA + +The CSI PowerFlex driver version 1.3 and later support multiple controller pods. A Controller pod can be assigned to a worker node or a master node, as long as no other controller pod is currently assigned to the node. To control the number of controller pods, edit: +``` +controllerCount: 2 +``` +in your values file to the desired number of controller pods. By default, the driver will deploy with two controller pods, each assigned to a different worker node. + +> *NOTE:* If the controller count is greater than the number of available nodes, excess controller pods will be stuck in a pending state. + +If you are using the Dell CSI Operator, the value to adjust is: +``` +replicas: 1 +``` +in your driver yaml in `config/samples/` + +If you want to specify where controller pods get assigned, make the following edits to your values file at `csi-vxflexos/helm/csi-vxflexos/values.yaml`: + +To assign controller pods to worker nodes only (Default): +``` +# "controller" allows to configure controller specific parameters +controller: + + #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/master: "" + nodeSelector: + # node-role.kubernetes.io/master: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + +``` +To assign controller pods to master and worker nodes: +``` +# "controller" allows to configure controller specific parameters +controller: + + #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/master: "" + nodeSelector: + # node-role.kubernetes.io/master: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" +``` + +To assign controller pods to master nodes only: +``` +# "controller" allows to configure controller specific parameters +controller: + + #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/master: "" + nodeSelector: + node-role.kubernetes.io/master: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" +``` +> *NOTE:* Tolerations/selectors work the same way for node pods. + +For configuring Controller HA on the Dell CSI Operator, please refer to the [Dell CSI Operator documentation](../../installation/operator/#custom-resource-specification). + +## SDC Deployment + +The CSI PowerFlex driver version 1.3 and later support the automatic deployment of the PowerFlex SDC on Kubernetes nodes which run the node portion of the CSI driver. The deployment of the SDC kernel module occurs on these nodes with OS platform which support automatic SDC deployment, currently Fedora CoreOS (FCOS) and Red Hat CoreOS (RHCOS). On Kubernetes nodes with OS version not supported by automatic install, you must perform the Manual SDC Deployment steps below. Refer https://hub.docker.com/r/dellemc/sdc for your OS versions. + +- On Kubernetes nodes which run the node portion of the CSI driver, the SDC init container runs prior to the driver being installed. It installs the SDC kernel module on the nodes with OS version which supports automatic SDC deployment. If there is an SDC kernel module installed then the version is checked and updated. +- Optionally, if the SDC monitor is enabled, another container is started and runs as the monitor. Follow PowerFlex SDC documentation to get monitor metrics. +- On nodes that do not support automatic SDC deployment by SDC init container, manual installation steps must be followed. The SDC init container skips installing and you can see this mentioned in the logs by running kubectl logs on the node for SDC. + Refer to https://hub.docker.com/r/dellemc/sdc for supported OS versions. +- There is no automated uninstallation of the SDC kernel module. Follow PowerFlex SDC documentation to manually uninstall the SDC driver from the node. + +## Multiarray Support + +The CSI PowerFlex driver version 1.4 added support for managing multiple PowerFlex arrays from the single driver instance. This feature is enabled by default and integrated to even single instance installations. + +To manage multiple arrays you need to create an array connection configuration that lists multiple arrays. + +### Creating array configuration + +There is a sample yaml file in the samples folder under the top-level directory called `config.yaml` with the following content: + ```yaml + # Username for accessing PowerFlex system. +- username: "admin" + # Password for accessing PowerFlex system. + password: "password" + # System name/ID of PowerFlex system. + systemID: "ID1" + # REST API gateway HTTPS endpoint for PowerFlex system. + endpoint: "https://127.0.0.1" + # Determines if the driver is going to validate certs while connecting to PowerFlex REST API interface. + # Allowed values: true or false + # Default value: true + skipCertificateValidation: true + # indicates if this array is the default array + # needed for backwards compatibility + # only one array is allowed to have this set to true + # Default value: false + isDefault: true + # defines the MDM(s) that SDC should register with on start. + # Allowed values: a list of IP addresses or hostnames separated by comma. + # Default value: none + mdm: "10.0.0.1,10.0.0.2" +- username: "admin" + password: "Password123" + systemID: "ID2" + endpoint: "https://127.0.0.2" + skipCertificateValidation: true + mdm: "10.0.0.3,10.0.0.4" + ``` +Here we specify that we want the CSI driver to manage two arrays: one with an IP `127.0.0.1` and the other with an IP `127.0.0.2`. + +To use this config we need to create a Kubernetes secret from it. To do so, run the following command: + +`kubectl create secret generic vxflexos-config -n vxflexos --from-file=config=config.yaml` + +## Dynamic Array Configuration + +To update or change any array configuration property, edit the secret. The driver will detect the change automatically and use the new values based on the Kubernetes watcher file change detection time. You can use kubectl command to delete the current secret and create a new secret with changes. For example, refer yaml above and change only the password. +```yaml + - username: "admin" + password: "Password123" +``` +to +```yaml + - username: "admin" + password: "Password456" +``` +Below are sample command lines to delete a secret and create modified properties from file `secret.yaml`. +```bash +kubectl delete secret vxflexos-config -n vxflexos +kubectl create secret generic vxflexos-config -n vxflexos --from-file=config=./secret.yaml +``` +Dynamic array configuration change detection is only used for properties of an existing array, like username or password. +To add a new array to the secret, or to alter an array's mdm field, you must run `csi-install.sh` with `--upgrade` option to update the MDM key in secret and restart the node pods. +```bash +cd /dell-csi-helm-installer +./csi-install.sh --upgrade --namespace vxflexos --values ../helm/csi-vxflexos/values.yaml + kubectl delete pods --all -n vxflexos +``` + +### Creating storage classes + +To be able to provision Kubernetes volumes using a specific array, we need to create corresponding storage classes. + +Find the sample yaml files under `samples/storageclass`. Edit `storageclass.yaml` if you want `ext4` filesystem, and use `storageclass-xfs.yaml` if you want `xfs` filesystem. Replace `` with the storage pool you have, and replace `` with the system ID or system name for the array you'd like to use. + +Then we need to apply storage classes to Kubernetes using `kubectl`: + +```bash +kubectl apply -f storageclass.yaml +``` + +After that, you can use the storage class for the corresponding array. + +## Ephemeral Inline Volume + +Starting from version 1.4, CSI PowerFlex driver supports ephemeral inline CSI volumes. This feature allows CSI volumes to be specified directly in the pod specification. + +At runtime, nested inline volumes follow the ephemeral lifecycle of their associated pods where the driver handles all phases of volume operations as pods are created and destroyed. + +The following is a sample manifest (found in csi-vxflexos/test/helm/ephemeral) for creating ephemeral volume in pod manifest with CSI PowerFlex driver. + +```yaml +kind: Pod +apiVersion: v1 +metadata: + name: my-csi-app-inline-volumes +spec: + containers: + - name: my-frontend + image: busybox + command: [ "sleep", "100000" ] + volumeMounts: + - mountPath: "/data0" + name: my-csi-volume + - mountPath: "/data1" + name: my-csi-volume-xfs + volumes: + - name: my-csi-volume + csi: + driver: csi-vxflexos.dellemc.com + fsType: "ext4" + volumeAttributes: + volumeName: "my-csi-volume" + size: "8Gi" + storagepool: sample + systemID: sample + - name: my-csi-volume-xfs + csi: + driver: csi-vxflexos.dellemc.com + fsType: "xfs" + volumeAttributes: + volumeName: "my-csi-volume-xfs" + size: "10Gi" + storagepool: sample + systemID: sample + +``` + +This manifest creates a pod and attach two newly created ephemeral inline csi volumes to it, one ext4 and the other xfs. +To run the corresponding helm test, go to csi-vxflexos/test/helm/ephemeral and fill in the values for storagepool and systemID in sample.yaml. +Then run: +```` +./testEphemeral.sh +```` +this test deploys the pod with two ephemeral volumes, and write some data to them before deleting the pod. +When creating ephemeral volumes, it is important to specify the following within the volumeAttributes section: volumeName, size, storagepool, and if you want to use a non-default array, systemID. + + +## Dynamic Logging Configuration + +The dynamic logging configuration that was introduced in v1.5 of the driver was revamped for v2.0; v1.5 logging configuration is not compatible with v2.0. +Two fields in values.yaml (located at helm/csi-vxflexos/values.yaml) are used to configure the dynamic logging: logLevel and logFormat. + +``` +# CSI driver log level +# Allowed values: "error", "warn"/"warning", "info", "debug" +# Default value: "debug" +logLevel: "debug" + +# CSI driver log format +# Allowed values: "TEXT" or "JSON" +# Default value: "TEXT" +logFormat: "TEXT" +``` + +To change the logging fields after the driver is deployed, you can use this command to edit the configmap: +` kubectl edit configmap -n vxflexos vxflexos-config-params ` +and then make the necessary adjustments for CSI_LOG_LEVEL and CSI_LOG_FORMAT. + +If either option is set to a value outside of what is supported, the driver will use the default values of "debug" and "text" . + + +## Single Pod Access Mode for PersistentVolumes + +Kubernetes v1.22 introduced a new `ReadWriteOncePod` access mode for PersistentVolumes and PersistentVolumeClaims. With this alpha feature, Kubernetes allows you to restrict volume access to a single pod in the cluster. + +To use this feature you need to enable the ReadWriteOncePod feature gate for `kube-apiserver`, `kube-scheduler`, and `kubelet` by setting command line arguments: + +``` +--feature-gates="...,ReadWriteOncePod=true" +``` + +Then you can create a new PVC with the access mode. This allows only a single pod to access single-writer-only: + +```yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: single-writer-only +spec: + accessModes: + - ReadWriteOncePod # Allow only a single pod to access single-writer-only. + resources: + requests: + storage: 1Gi +``` + diff --git a/content/v3/features/powermax.md b/content/v3/csidriver/features/powermax.md similarity index 67% rename from content/v3/features/powermax.md rename to content/v3/csidriver/features/powermax.md index 178d736754..315786176c 100644 --- a/content/v3/features/powermax.md +++ b/content/v3/csidriver/features/powermax.md @@ -1,35 +1,34 @@ --- title: PowerMax linktitle: PowerMax +weight: 1 Description: Code features for PowerMax Driver --- -## Volume Snapshot Feature +## Multi Unisphere Support +Starting with v1.7, the CSI PowerMax driver can communicate with multiple Unisphere for PowerMax servers to manage multiple PowerMax arrays. +In order to use this feature, you must install CSI PowerMax ReverseProxy in `StandAlone` mode with the driver. For more details on how +to configure the driver and ReverseProxy, see the relevant section [here](../../installation/helm/powermax/#sample-values-file) -The Volume Snapshot feature was introduced in alpha (v1alpha1) in Kubernetes 1.13 and then moved to beta (v1beta1) in Kubernetes version 1.17 and was generally available (v1) in Kubernetes version 1.20. +## Volume Snapshot Feature -The CSI PowerMax driver version 1.6 supports v1beta1 snapshots on Kubernetes 1.18/1.19 and v1 snapshots on Kubernetes 1.20. +The CSI PowerMax driver version 1.7 and later supports v1 snapshots. In order to use Volume Snapshots, ensure the following components have been deployed to your cluster: - Kubernetes Volume Snapshot CRDs - Volume Snapshot Controller +- Volume Snapshot Class -### Volume Snapshot Class - -During the installation of the CSI PowerMax 1.6 driver, a Volume Snapshot Class is created. This is the only Volume Snapshot Class you will need and there is no need to create any other Volume Snapshot Class. +To use this feature, enable it in `values.yaml` -The following is the manifest for the Volume Snapshot Class created during installation (using the default driver name): +```yaml +snapshot: + enabled: true ``` -apiVersion: snapshot.storage.k8s.io/v1 -deletionPolicy: Delete -kind: VolumeSnapshotClass -metadata: - name: powermax-snapclass -driver: csi-powermax.dellemc.com -``` -*Note*: The apiVersion for VolumeSnapshotClass object created on clusters running Kubernetes versions < 1.20 will be v1beta1 +>Note: From v1.7, the CSI PowerMax driver installation process will no longer create VolumeSnapshotClass. +> If you want to create VolumeSnapshots, then create a VolumeSnapshotClass using the sample provided in the _csi-powermax/samples/volumesnapshotclass_ folder ### Creating Volume Snapshots The following is a sample manifest for creating a Volume Snapshot using the **v1** snapshot APIs: @@ -45,7 +44,7 @@ spec: ``` -After the VolumeSnapshot has been successfully created by the CSI PowerMax driver, a VolumeSnapshotContent object is automatically created. When the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_ , it is available for use. +After the VolumeSnapshot has been successfully created by the CSI PowerMax driver, a VolumeSnapshotContent object is automatically created. When the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_, it is available for use. The following is the relevant section of VolumeSnapshot object status: ```yaml @@ -100,7 +99,7 @@ spec: ## iSCSI CHAP -With version 1.3.0, support has been added for unidirectional Challenge Handshake Authentication Protocol (CHAP) for iSCSI. +With version 1.3.0, support has been added for the unidirectional Challenge Handshake Authentication Protocol (CHAP) for iSCSI. To enable CHAP authentication: 1. Create secret `powermax-creds` with the key `chapsecret` set to the iSCSI CHAP secret. If the secret exists, delete and re-create the secret with this newly added key. 2. Set the parameter `enableCHAP` in `my-powermax-settings.yaml` to true. @@ -119,13 +118,13 @@ Where is the name of the iSCSI initiator of a host IQN, and ..dellemc.com` -For example, if the driver name is set to _driver_ and it is installed in the namespace _powermax_ , then the name that is used for the driver (and the provisioner/snapshotter) is `powermax.driver.dellemc.com` +For example, if the driver name is set to _driver_ and it is installed in the namespace _powermax_, then the name that is used for the driver (and the provisioner/snapshotter) is `powermax.driver.dellemc.com` *NOTE*: If not enabled, the name is set to `csi-powermax.dellemc.com` by default (without any namespace prefix). ### Install multiple drivers -*NOTE*: This is an experimental feature and should be used with extreme caution after consulting with Dell EMC Support. - -To install multiple CSI Drivers for Dell EMC PowerMax in a single Kubernetes cluster, you can take advantage of the custom driver name feature. There are a few important restrictions which should be strictly adhered to: +To install multiple CSI Drivers for Dell EMC PowerMax in a single Kubernetes cluster, you can take advantage of the custom driver name feature. There are a few important restrictions that should be strictly adhered to: - Only one driver can be installed in a single namespace - Different drivers should not connect to a single Unisphere server - Different drivers should not be used to manage a single PowerMax array @@ -153,19 +150,25 @@ To install multiple CSI drivers, follow these steps: 1. Create (or use) a new namespace. 2. Ensure that all the pre-requisites are met: - `powermax-creds` secret is created in this namespace - - Optional) `powermax-certs` secret is created in this namespace + - (Optional) `powermax-certs` secret is created in this namespace 3. Update `my-powermax-settings.yaml` with the required values. 4. Run the `csi-install.sh` script to install the driver. ## Volume expansion -Starting in v1.4, the CSI PowerMax driver supports expansion of Persistent Volumes (PVs). This expansion is done online, that is, when the PVC is attached to any node. +Starting in v1.4, the CSI PowerMax driver supports the expansion of Persistent Volumes (PVs). This expansion is done online, which is when the PVC is attached to any node. + +To use this feature, enable in `values.yaml` + +```yaml +resizer: + enabled: true +``` -To use this feature, the storage class that is used to create the PVC must have the attribute `allowVolumeExpansion` set to `true`. The storage classes created during the installation (both using Helm or dell-csi-operator) have the `allowVolumeExpansion` set to `true` by default. +To use this feature, the storage class that is used to create the PVC must have the attribute `allowVolumeExpansion` set to `true`. -If you are creating more storage classes, ensure that this attribute is set to `true` to expand any PVs created using these new storage classes. -This is a sample manifest for a storage class which allows for Volume Expansion. +This is a sample manifest for a storage class that allows for Volume Expansion. ```yaml apiVersion: storage.k8s.io/v1 @@ -201,11 +204,11 @@ spec: storage: 10Gi #Updated size from 5Gi to 10Gi storageClassName: powermax-expand-sc ``` -*NOTE*: The Kubernetes Volume Expansion feature can only be used to increase the size of volume, it cannot be used to shrink a volume. +*NOTE*: The Kubernetes Volume Expansion feature can only be used to increase the size of the volume, it cannot be used to shrink a volume. ## Raw block support -Starting in v1.4, CSI PowerMax driver supports raw block volumes. +Starting in v1.4, the CSI PowerMax driver supports raw block volumes. Raw Block volumes are created using the volumeDevices list in the Pod template spec with each entry accessing a volumeClaimTemplate specifying a volumeMode: Block. An example configuration is outlined here: @@ -240,33 +243,35 @@ spec: Allowable access modes are `ReadWriteOnce`, `ReadWriteMany`, and for block devices that have been previously initialized, `ReadOnlyMany`. -Raw Block volumes are presented as a block device to the Pod by using a bind mount to a block device in the node's file system. The driver does not format or check the format of any file system on the block device. Raw Block volumes support online Volume Expansion, but it is up to the application to manage reconfiguring the file system (if any) to the new size. +Raw Block volumes are presented as a block device to the Pod by using a bind mount to a block device in the node's file system. The driver does not format or check the format of any file system on the block device. Raw Block volumes support online Volume Expansion, but it is up to the application to manage to reconfigure the file system (if any) to the new size. For additional information, see the website: [Kubernetes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#raw-block-volume-support) ## CSI PowerMax Reverse Proxy -To get the maximum performance out of the CSI driver for PowerMax and Unisphere forPowerMax REST APIs, starting with v1.4 of the driver, you can deploy the optional CSI PowerMax Reverse Proxy application. +To get the maximum performance out of the CSI driver for PowerMax and Unisphere for PowerMax REST APIs, starting with v1.4 of the driver, you can deploy the optional CSI PowerMax Reverse Proxy application. -CSI PowerMax Reverse Proxy is a (go) HTTPS server which acts as a reverse proxy for the Unisphere forPowerMax RESTAPI interface. Any RESTAPI request sent from the driver to the reverse proxy is forwarded to the Unisphere server and the response is routed back to the driver. +CSI PowerMax Reverse Proxy is a (go) HTTPS server that acts as a reverse proxy for the Unisphere for PowerMax RESTAPI interface. Any RESTAPI request sent from the driver to the reverse proxy is forwarded to the Unisphere server and the response is routed back to the driver. -The Reverse Proxy helps regulate the maximum number of requests which can be sent to the Unisphere RESTAPI at a given time across all driver controller and node Pods. This helps with better queuing of CSI requests and performance of the CSI PowerMax driver. +The Reverse Proxy application helps regulate the maximum number of requests which can be sent to the Unisphere RESTAPI at a given time across all driver controller and node Pods. This helps with better queuing of CSI requests and the performance of the CSI PowerMax driver. -Optionally you can specify an alternate (backup) Unisphere server and if the primary Unisphere server is not reachable or does not respond, the proxy will redirect the calls to this alternate Unisphere. +Optionally, you can specify an alternate (backup) Unisphere server and if the primary Unisphere server is not reachable or does not respond, the proxy will redirect the calls to this alternate Unisphere. ### Installation -CSI PowerMax Reverse Proxy is installed as a Kubernetes deployment in the same namespace as the driver. +The CSI PowerMax Reverse Proxy can be installed in two ways: +1. It can be installed as a Kubernetes deployment in the same namespace as the driver. +2. It can be installed as a sidecar to the driver's controller Pod. It is also configured as a Kubernetes "NodePort" service. If the CSI PowerMax driver has been configured to use this service, then it will connect to the IP address and port exposed by the Kubernetes service instead of directly connecting to the Unisphere server. ### Prerequisite -CSI PowerMax Reverse Proxy is a HTTPS server and has to be configured with an SSL certificate and a private key. +CSI PowerMax Reverse Proxy is an HTTPS server and has to be configured with an SSL certificate and a private key. -The certificate and key are provided to the proxy via a Kubernetes TLS secret (in the same namespace). The SSL certificate must be a X.509 certificate encoded in PEM format. The certificates can be obtained via a Certificate Authority or can be self-signed and generated by a tool such as openssl. +The certificate and key are provided to the proxy via a Kubernetes TLS secret (in the same namespace). The SSL certificate must be an X.509 certificate encoded in PEM format. The certificates can be obtained via a Certificate Authority or can be self-signed and generated by a tool such as openssl. -Here is an example to generate a private key and use that to sign an SSL certificate using the openssl tool: +Here is an example showing how to generate a private key and use that to sign an SSL certificate using the openssl tool: ```bash openssl genrsa -out tls.key 2048 @@ -278,7 +283,7 @@ key=tls.key ### Using Helm installer -A new section, csireverseproxy, in the `my-powermax-settings.yaml` file can be used to deploy and configure the CSI PowerMax Reverse Proxy. +In the `my-powermax-settings.yaml` file, the csireverseproxy section can be used to deploy and configure the CSI PowerMax Reverse Proxy. The new Helm chart is configured as a sub chart for the CSI PowerMax helm chart. If it is enabled (using the `enabled` parameter in the csireverseproxy section of the `my-powermax-settings.yaml` file), the install script automatically installs the CSI PowerMax Reverse Proxy and configures the CSI PowerMax driver to use this service. @@ -286,21 +291,21 @@ The new Helm chart is configured as a sub chart for the CSI PowerMax helm chart. Starting with the v1.1.0 release of the Dell CSI Operator, a new Custom Resource Definition can be used to install CSI PowerMax Reverse Proxy. -This Custom Resource has to be created in the same namespace as the CSI PowerMax driver and it has to be created before the driver Custom Resource. To use the service, the driver Custom Resource manifest must be configured with the service name "powermax-reverseproxy". For complete installation instructions for the CSI PowerMax driver and the CSI PowerMax Reverse Proxy, see the [Dell CSI Operator documentation](../../installation/operator). +This Custom Resource has to be created in the same namespace as the CSI PowerMax driver and it has to be created before the driver Custom Resource. To use the service, the driver Custom Resource manifest must be configured with the service name "powermax-reverseproxy". For complete installation instructions for the CSI PowerMax driver and the CSI PowerMax Reverse Proxy, see the [Dell CSI Operator documentation](../../installation/operator/powermax) for PowerMax. ## User-friendly hostnames Users can set a value for the `nodeNameTemplate` in `my-powermax-settings.yaml` during the installation of the driver so that the driver can use this value to decide the name format of hosts to create or update in the PowerMax array for the nodes in a Kubernetes cluster. The hostname value in nodeNameTemplate should always be contained between two '%' characters. String prefixing first '%' and string suffixing second '%' is used as is before and after every node identifier. -Also, there is a new setting, `modifyHostName`, which could be set to `true` if you want the driver to rename the existing Hosts/IG for the host initiators on the PowerMax array. The new name uses the default naming convention (`csi--*`) or the `nodeNameTemplate` if it was specified. +Also, a new setting, `modifyHostName`, can be set to `true` if you want the driver to rename the existing Hosts/IG for the host initiators on the PowerMax array. The new name uses the default naming convention (`csi--*`) or the `nodeNameTemplate` if it was specified. -For example, if `nodeNameTemplate` is _abc-%foo%-hostname_ and nodename is _worker1_ , then the host ID is created or updated as _abc-worker1-hostname_. This change will happen for all nodes in a cluster with the respective node name. +For example, if `nodeNameTemplate` is _abc-%foo%-hostname_ and nodename is _worker1_, then the host ID is created or updated as _abc-worker1-hostname_. This change will happen for all nodes in a cluster with the respective node name. *NOTE*: `nodeNameTemplate` can contain alphanumeric characters [a - z, A - Z, 0 - 9], '-' and '_', other characters are not allowed. ## Controller HA -Starting with version 1.5, the CSI PowerMax driver supports running multiple replicas of controller Pod. At any time, only one controller Pod is active(leader), and the rest are on standby. In case of a failure, one of the standby Pods becomes active and takes the position of leader. This is achieved by using native leader election mechanisms utilizing `kubernetes leases`. Additionally by leveraging `pod anti-affinity`, no two controller Pods are ever scheduled on the same node. +Starting with version 1.5, the CSI PowerMax driver supports running multiple replicas of the controller Pod. At any time, only one controller Pod is active(leader), and the rest are on standby. In case of a failure, one of the standby Pods becomes active and takes the position of leader. This is achieved by using native leader election mechanisms utilizing `kubernetes leases`. Additionally by leveraging `pod anti-affinity`, no two-controller Pods are ever scheduled on the same node. To increase or decrease the number of controller Pods, edit the following value in `values.yaml` file: ``` @@ -309,12 +314,12 @@ controllerCount: 2 > *NOTE:* The default value for controllerCount is 2. We recommend not changing this unless it is really necessary. > Also, if the controller count is greater than the number of available nodes (where the Pods can be scheduled), some controller Pods will remain in the Pending state -If you are using the `dell-csi-operator`, adjust the following value in your Custom Resource manifest +If you are using `dell-csi-operator`, adjust the following value in your Custom Resource manifest ``` replicas: 2 ``` -For more details about configuring Controller HA using the Dell CSI Operator, see the Dell CSI Operator documentation. +For more details about configuring Controller HA using the Dell CSI Operator, see the [Dell CSI Operator documentation](../../installation/operator/#custom-resource-specification). ## NodeSelectors and Tolerations @@ -340,7 +345,7 @@ controller: operator: "Exists" effect: "NoSchedule" ``` -* Set the following values for controller pods to be only scheduled on nodes labelled as `master` (*node-role.kubernetes.io/master*): +* Set the following values for controller Pods to be scheduled only on nodes labelled `master` (*node-role.kubernetes.io/master*): ```yaml controller: nodeSelector: @@ -379,7 +384,7 @@ node: ## Topology Support -Starting from version 1.5, the CSI PowerMax driver supports topology-aware volume provisioning which helps Kubernetes scheduler place PVCs on worker nodes which have access to backend storage. When used with `nodeSelectors` which can be specified for the driver node Pods, it provides an effective way to provision applications on nodes which have access to the PowerMax array. +Starting from version 1.5, the CSI PowerMax driver supports topology-aware volume provisioning which helps the Kubernetes scheduler place PVCs on worker nodes that have access to the backend storage. When used with `nodeSelectors` which can be specified for the driver node Pods, it provides an effective way to provision applications on nodes that have access to the PowerMax array. After a successful installation of the driver, if a node Pod is running successfully on a worker node, the following topology keys are created for a specific PowerMax array: * `csi-powermax.dellemc.com/\` @@ -421,13 +426,35 @@ allowedTopologies: - csi-powermax.dellemc.com ``` -In the above example if you remove the entry for the key `csi-powermax.dellemc.com/000000000001.fc`, then the PVCs created using this storage class will be scheduled +In the above example, if you remove the entry for the key `csi-powermax.dellemc.com/000000000001.fc`, then the PVCs created using this storage class will be scheduled on any worker node with access to the PowerMax array `000000000001` irrespective of the transport protocol -> *NOTE:* The storage classes created during the driver installation (via Helm) do not contain any topology keys and have the volumeBindingMode set to Immediate. A set of sample storage class definitions to enable topology ->-aware volume provisioning has been provided in the `csi-powermax/helm/samples/storageclass` folder +> A set of sample storage class definitions to enable topology-aware volume provisioning has been provided in the `csi-powermax/samples/storageclass` folder For additional information on how to use _Topology aware Volume Provisioning_, see the [Kubernetes Topology documentation](https://kubernetes-csi.github.io/docs/topology.html). -If you are using `dell-csi-operator` to create storage classes while installing the CSI PowerMax 1.5 driver, you can set the `allowedTopologies` value appropriately. `volumeBindingMode` is set to `WaitForFirstConsumer` if not specified explicitly. +## Dynamic Logging Configuration +This feature is introduced in CSI Driver for PowerMax version 2.0.0. + +### Helm based installation +As part of driver installation, a ConfigMap with the name `powermax-config-params` is created, which contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` attribute in my-powermax-settings.yaml during driver installation. + +To change the log level dynamically to a different value, the user can edit the same my-powermax-settings.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace powermax --values ./my-powermax-settings.yaml --upgrade +``` + +Note: my-powermax-settings.yaml is a values.yaml file which the user has used for driver installation. + + +### Operator based installation +As part of driver installation, a ConfigMap with the name `powermax-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level the user can set this field during driver installation. + +To update the log level dynamically, the user has to edit the ConfigMap `powermax-config-params` and update `CSI_LOG_LEVEL` to the desired log level. +``` +kubectl edit configmap -n powermax powermax-config-params +``` diff --git a/content/v3/features/powerscale.md b/content/v3/csidriver/features/powerscale.md similarity index 51% rename from content/v3/features/powerscale.md rename to content/v3/csidriver/features/powerscale.md index 5222bc2770..2c40376a85 100644 --- a/content/v3/features/powerscale.md +++ b/content/v3/csidriver/features/powerscale.md @@ -1,25 +1,27 @@ --- title: PowerScale Description: Code features for PowerScale Driver +weight: 1 --- ## Multicluster support -You can connect single CSI-PowerScale driver with multiple PowerScale clusters. -Pre-Requisistes: +You can connect a single CSI-PowerScale driver with multiple PowerScale clusters. -1. Creation of secret.json with credentials related to one or more Clusters. -2. Creation of (at least) one Custom Storage classes for each non-default clusters. -3. Creation of custom-volumesnapshot classes, if corresponding isiPaths differ in custom storage classes. +**Pre-Requisites:** + +1. Creation of secret.yaml with credentials related to one or more Clusters. +2. Creation of (at least) one Storage class for each cluster. +3. Creation of custom-volumesnapshot classes with proper isiPath matching corresponding storage classes. 4. Inclusion of cluster name in volume handle, if you want to provision existing static volumes. ## Consuming existing volumes with static provisioning -You can use existent volumes from PowerScale array as Persistent Volumes in your Kubernetes, perform the following steps: +You can use existent volumes from the PowerScale array as Persistent Volumes in your Kubernetes, perform the following steps: 1. Open your volume in One FS, and take a note of volume-id. 2. Create PersistentVolume and use this volume-id as a volumeHandle in the manifest. Modify other parameters according to your needs. -3. In the following example, the PowerScale cluster accessZone is assumed as 'System', cluster name is assumed as 'pscale-cluster' and volume's internal name as 'isilonvol'. The volume-handle shoulb be in the format of =_=_==_=_==_=_= +3. In the following example, the PowerScale cluster accessZone is assumed as 'System', storage class as 'isilon', cluster name as 'pscale-cluster' and volume's internal name as 'isilonvol'. The volume-handle should be in the format of =_=_==_=_==_=_= ```yaml apiVersion: v1 @@ -87,13 +89,32 @@ spec: 5. After the pod becomes `Ready` and `Running`, you can start to use this pod and volume. +## PVC Creation Feature + +Following yaml content can be used to create a PVC without referring any PV. + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: testvolume + namespace: default +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + storageClassName: isilon +``` + ## Volume Snapshot Feature -The CSI PowerScale driver version 1.3 and later supports managing beta snapshots. +The CSI PowerScale driver version 2.0 and later supports managing v1 snapshots. In order to use Volume Snapshots, ensure the following components have been deployed to your cluster: -- Kubernetes Volume Snaphshot CRDs +- Kubernetes Volume Snapshot CRDs - Volume Snapshot Controller > For general use, update the snapshot controller YAMLs with an appropriate namespace before installing. For @@ -102,20 +123,17 @@ In order to use Volume Snapshots, ensure the following components have been depl ### Volume Snapshot Class -During the installation of CSI PowerScale driver version 1.3 and later, a Volume Snapshot Class is created using the new recommended snapshot APIs (depends upon Kubernetes version). This is the Volume Snapshot Class created for the default isiPath provided in my-isilon-settings.yaml (which is created based on values.yaml). For additional custom storage classes, separate custom volume snapshot class should be created (only if the isiPath is different from default storage class). +During the installation of CSI PowerScale driver version 2.0, no default Volume Snapshot Class will get created. -Following are the manifests for the Volume Snapshot Class created during installation: +Following are the manifests for the Volume Snapshot Class: -1. VolumeSnapshotClass - v1 +1. VolumeSnapshotClass ```yaml -# For kubernetes version 20 (v1 snaps) -# This is a sample manifest for creating snapshotclass with IsiPath other than default -# pvc is created with sc which has some different IsiPath e.g. /ifs/custom -# to create a snapshot for this pvc volumesnapshotclass must also be initilized with same IsiPath (i.e. /ifs/custom ) to work snapshot feature +# For kubernetes version 20 and above (v1 snaps) apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotClass metadata: - name: "isilon-snapclass-custom" + name: "isilon-snapclass" driver: csi-isilon.dellemc.com #The deletionPolicy of a volume snapshot class can either be Retain or Delete #If the deletionPolicy is Delete, then the underlying storage snapshot is deleted along with the VolumeSnapshotContent object. @@ -123,33 +141,13 @@ driver: csi-isilon.dellemc.com deletionPolicy: Delete parameters: #IsiPath should match with respective storageClass IsiPath - IsiPath: "/ifs/custom" -``` -2. VolumeSnapshotClass - beta -```yaml -# For kubernetes version 18 and 19 (beta snaps) -# This is a sample manifest for creating snapshotclass with IsiPath other than default -# pvc is created with sc which has some different IsiPath e.g. /ifs/custom -# to create a snapshot for this pvc volumesnapshotclass must also be initilized with same IsiPath (i.e. /ifs/custom ) to work snapshot feature -apiVersion: snapshot.storage.k8s.io/v1beta1 -kind: VolumeSnapshotClass -metadata: -name: "isilon-snapclass-custom" -driver: csi-isilon.dellemc.com -#The deletionPolicy of a volume snapshot class can either be Retain or Delete -#If the deletionPolicy is Delete, then the underlying storage snapshot is deleted along with the VolumeSnapshotContent object. -#If the deletionPolicy is Retain, then both the underlying snapshot and VolumeSnapshotContent remain -deletionPolicy: Delete -parameters: -#IsiPath should match with respective storageClass IsiPath -IsiPath: "/ifs/custom" -### Create Volume Snapshot + IsiPath: "/ifs/data/csi" ``` -The following is a sample manifest for creating a Volume Snapshot using the **v1beta1** snapshot APIs: +The following is a sample manifest for creating a Volume Snapshot using the **v1** snapshot APIs; The following snippet assumes that the persistent volume claim name is testvolume. ```yaml -apiVersion: snapshot.storage.k8s.io/v1beta1 +apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: pvcsnap @@ -157,7 +155,7 @@ metadata: spec: volumeSnapshotClassName: isilon-snapclass source: - persistentVolumeClaimName: autotestvolume + persistentVolumeClaimName: testvolume ``` Once the VolumeSnapshot has been successfully created by the CSI PowerScale driver, a VolumeSnapshotContent object is automatically created. Once the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_ , it is available for use. @@ -184,7 +182,7 @@ metadata: spec: storageClassName: isilon dataSource: - name: newsnap + name: pvcsnap kind: VolumeSnapshot apiGroup: snapshot.storage.k8s.io accessModes: @@ -196,13 +194,11 @@ spec: ## Volume Expansion -The CSI PowerScale driver version 1.3 and later supports the expansion of Persistent Volumes (PVs). This expansion can be done either online (for example, when a PVC is attached to a node) or offline (for example, when a PVC is not attached to any node). - -To use this feature, the storage class that is used to create the PVC must have the attribute `allowVolumeExpansion` set to true. The storage classes created during the installation (both using Helm or dell-csi-operator) have the `allowVolumeExpansion` set to true by default. +The CSI PowerScale driver version 1.2 and later supports the expansion of Persistent Volumes (PVs). This expansion can be done either online (for example, when a PVC is attached to a node) or offline (for example, when a PVC is not attached to any node). -If you are creating more storage classes, ensure that this attribute is set to true to expand any PVs created using these new storage classes. +To use this feature, the storage class that is used to create the PVC must have the attribute `allowVolumeExpansion` set to true. -The following is a sample manifest for a storage class which allows for Volume Expansion: +The following is a sample manifest for a storage class that allows for Volume Expansion: ```yaml apiVersion: storage.k8s.io/v1 @@ -214,7 +210,7 @@ metadata: provisioner: "csi-isilon.dellemc.com" reclaimPolicy: Delete parameters: - ClusterName: + ClusterName: AccessZone: System isiPath: "/ifs/data/csi" AzServiceIP : 'XX.XX.XX.XX' @@ -229,7 +225,7 @@ To resize a PVC, edit the existing PVC spec and set spec.resources.requests.stor apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: isilon-pvc-demo + name: isilon-pvc-expansion-demo spec: accessModes: - ReadWriteOnce @@ -248,7 +244,7 @@ The CSI PowerScale driver version 1.3 and later supports volume cloning. This al Source and destination PVC must be in the same namespace and have the same Storage Class. -To clone a volume, you should first have an existing PVC: +To clone a volume, you must first have an existing PVC: ```yaml apiVersion: v1 @@ -291,26 +287,26 @@ spec: The CSI PowerScale driver version 1.4.0 and later supports running multiple replicas of controller pod. At any time, only one controller pod is active(leader), and the rest are on standby. In case of a failure, one of the standby pods becomes active and takes the position of leader. This is achieved by using native leader election mechanisms utilizing `kubernetes leases`. -Additionally by leveraging `pod anti-affinity`, no two controller pods are ever scheduled on the same node. +Additionally by leveraging `pod anti-affinity`, no two-controller pods are ever scheduled on the same node. To increase or decrease the number of controller pods, edit the following value in `myvalues.yaml` file: ``` controllerCount: 2 ``` ->**NOTE:** The default value for controllerCount is 2. It is recommended to not change this unless really required. Also, if controller count is greater than the number of available nodes (where the pods can be scheduled), some controller pods will remain in Pending state. +>**NOTE:** The default value for controllerCount is 2. It is recommended to not change this unless really required. Also, if the controller count is greater than the number of available nodes (where the pods can be scheduled), some controller pods will remain in a Pending state. If you are using the `dell-csi-operator`, adjust the following value in your Custom Resource manifest ``` replicas: 2 ``` -For more details about configuring Controller HA using the Dell CSI Operator, refer to the Dell CSI Operator documentation. +For more details about configuring Controller HA using the Dell CSI Operator, refer to the [Dell CSI Operator documentation](../../installation/operator/#custom-resource-specification). ## Ephemeral Inline Volume The CSI PowerScale driver version 1.4.0 and later supports CSI ephemeral inline volumes. -This feature serves use cases for data volumes whose content and lifecycle are tied to a pod. For example, a driver might populate a volume with dynamically created secrets that are specific to the application running in the pod. Such volumes need to be created together with a pod and can be deleted as part of pod termination (ephemeral). They get defined as part of the pod spec (inline). +This feature serves as use cases for data volumes whose content and lifecycle are tied to a pod. For example, a driver might populate a volume with dynamically created secrets that are specific to the application running in the pod. Such volumes need to be created together with a pod and can be deleted as part of pod termination (ephemeral). They get defined as part of the pod spec (inline). At runtime, nested inline volumes follow the lifecycle of their associated pods where the driver handles all phases of volume operations as pods are created and destroyed. @@ -338,12 +334,12 @@ spec: ClusterName: "cluster1" ``` -This manifest creates a pod in given cluster and attach newly created ephemeral inline csi volume to it. +This manifest creates a pod in a given cluster and attaches a newly created ephemeral inline CSI volume to it. ## Topology ### Topology Support -The CSI PowerScale driver version 1.4.0 and later supports Topology by default which forces volumes to be placed on worker nodes that have connectivity to the backend storage, as a result of which the nodes which have access to PowerScale Array are appropriately labelled. The driver leverages these labels to ensure that the driver components (controller, node) are spawned only on nodes wherein these labels exist. +The CSI PowerScale driver version 1.4.0 and later supports Topology by default which forces volumes to be placed on worker nodes that have connectivity to the backend storage, as a result of which the nodes which have access to PowerScale Array are appropriately labeled. The driver leverages these labels to ensure that the driver components (controller, node) are spawned only on nodes wherein these labels exist. This covers use cases where: @@ -351,13 +347,16 @@ The CSI PowerScale driver may not be installed or running on some nodes where Us We support CustomTopology which enables users to apply labels for nodes - "csi-isilon.dellemc.com/XX.XX.XX.XX=csi-isilon.dellemc.com" and expect the labels to be honored by the driver. -When “enableCustomTopology” is set to “true”, CSI driver fetches custom labels “csi-isilon.dellemc.com/XX.XX.XX.XX=csi-isilon.dellemc.com” applied on worker nodes, and use them to initialize node pod with custom PowerScale FQDN/IP. -**Note:** Only a single cluster can be configured as part of secret.json for custom topology. +When “enableCustomTopology” is set to “true”, the CSI driver fetches custom labels “csi-isilon.dellemc.com/XX.XX.XX.XX=csi-isilon.dellemc.com” applied on worker nodes, and use them to initialize node pod with custom PowerScale FQDN/IP. + +**Note:** Only a single cluster can be configured as part of secret.yaml for custom topology. ### Topology Usage -To utilize the Topology feature, create a custom `StorageClass` with `volumeBindingMode` set to `WaitForFirstConsumer` and specify the desired topology labels within `allowedTopologies` field of this custom storage class. This ensures that Pod scheduling takes advantage of the topology and the selected node has access to provisioned volumes. +To utilize the Topology feature, create a custom `StorageClass` with `volumeBindingMode` set to `WaitForFirstConsumer` and specify the desired topology labels within `allowedTopologies` field of this custom storage class. This ensures that the Pod schedule takes advantage of the topology and the selected node has access to provisioned volumes. + +**Note:** Whenever a new storage cluster is being added in secret, even though it is dynamic, the new storage cluster IP address-related label is not added to worker nodes dynamically. The user has to spin off (bounce) driver-related pods (controller and node pods) in order to apply newly added information to be reflected in worker nodes. **Storage Class Example with Topology Support:** @@ -397,7 +396,7 @@ parameters: # WaitForFirstConsumer mode will delay the binding and provisioning of a PersistentVolume # until a Pod using the PersistentVolumeClaim is created volumeBindingMode: WaitForFirstConsumer -# allowedTopologies helps scheduling pod on worker nodes which matches all of below expressions +# allowedTopologies helps scheduling pod on worker nodes which match all of below expressions # If enableCustomTopology is set to true in helm values.yaml, then do not specify allowedTopologies allowedTopologies: - matchLabelExpressions: @@ -409,19 +408,122 @@ mountOptions: ["", "", ..., ""] ``` For additional information, see the [Kubernetes Topology documentation](https://kubernetes-csi.github.io/docs/topology.html). -## Support for Docker EE +## Support custom networks for NFS I/O traffic -The CSI Driver for Dell EMC PowerScale supports Docker EE and deployment on clusters bootstrapped with UCP (Universal Control Plane) 3.3.5. -*UCP version 3.3.5 supports kubernetes 1.20 and CSI driver can be installed on UCP 3.3.5 with Helm. +When allowedNetworks is specified for using custom networks to handle NFS traffic, and a user already +has workloads scheduled, there is a possibility that it might lead to backward compatibility issues. For example, ControllerUnPublish might not be able to completely remove clients from the NFS exports of previously created pods. -The installation process for the driver on such clusters remains the same as the installation process on upstream clusters. +Also, the previous workload will still be using the default network and not custom networks. For previous workloads to use custom networks, the recreation of pods is required. -On UCP based clusters, kubectl may not be installed by default, it is important that [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) is installed prior to the installation of the driver. +When csi-powerscale driver creates an NFS export, the traffic flows through the client specified in the export. By default, the client is the network interface for Kubernetes +communication (same IP/fqdn as k8s node) by default. -The worker nodes in UCP backed clusters may run any of the OSs which we support with upstream clusters. +For a cluster with multiple network interfaces and if a user wants to segregate k8s traffic from NFS traffic; you can use the `allowedNetworks` option. +`allowedNetworks` takes CIDR addresses as a parameter to match the IPs to be picked up by the driver to allow and route NFS traffic. -## Support custom networks for NFS I/O traffic -When allowedNetworks is specified for using custom networks to handle NFS traffic, and a user already -has workloads scheduled, there is a possibility that it might lead to backwards compatibility issues. For example, ControllerUnPublish might not be able to completely remove clients from the NFS exports of previously created pods. -Also, previous workload will still be using default network and not custom networks, for previous workloads to use custom networks recreation of pods required. +## Volume Limit +The CSI Driver for Dell EMC PowerScale allows users to specify the maximum number of PowerScale volumes that can be used in a node. + +The user can set the volume limit for a node by creating a node label `max-isilon-volumes-per-node` and specifying the volume limit for that node. +
`kubectl label node max-isilon-volumes-per-node=` + +The user can also set the volume limit for all the nodes in the cluster by specifying the same to `maxIsilonVolumesPerNode` attribute in values.yaml. + +>**NOTE:**
The default value of `maxIsilonVolumesPerNode` is 0.
If `maxIsilonVolumesPerNode` is set to zero, then CO shall decide how many volumes of this type can be published by the controller to the node.

The volume limit specified to `maxIsilonVolumesPerNode` attribute is applicable to all the nodes in the cluster for which node label `max-isilon-volumes-per-node` is not set. + +## Node selector in helm template + +Now user can define in which worker node, the CSI node pod daemonset can run (just like any other pod in Kubernetes world.)For more information, refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + +Similarly, users can define the tolerations based on various conditions like memory pressure, disk pressure and network availability. Refer to https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/#taints-and-tolerations for more information. + +## Usage of SmartQuotas to Limit Storage Consumption + +CSI driver for Dell EMC Isilon handles capacity limiting using SmartQuotas feature. + +To use the SmartQuotas feature user can specify the boolean value 'enableQuota' in myvalues.yaml or my-isilon-settings.yaml. + +Let us assume the user creates a PVC with 3 Gi of storage and 'SmartQuotas' have already been enabled in PowerScale Cluster. + +- When 'enableQuota' is set to 'true' + - The driver sets the hard limit of the PVC to 3Gi. + - The user adds data of 2Gi to the above said PVC (by logging into POD). It works as expected. + - The user tries to add 2Gi more data. + - Driver doesn't allow the user to enter more data as total data to be added is 4Gi and PVC limit is 3Gi. + - The user can expand the volume from 3Gi to 6Gi. The driver allows it and sets the hard limit of PVC to 6Gi. + - User retries adding 2Gi more data (which has been errored out previously). + - The driver accepts the data. + +- When 'enableQuota' is set to 'false' + - Driver doesn't set any hard limit against the PVC created. + - The user adds data of 2Gi to the above said PVC, which is having the size 3Gi (by logging into POD). It works as expected. + - The user tries to add 2Gi more data. Now the total size of data is 4Gi. + - Driver allows the user to enter more data irrespective of the initial PVC size (since no quota is set against this PVC) + - The user can expand the volume from an initial size of 3Gi to 4Gi or more. The driver allows it. + + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for PowerScale version 1.6.0 and updated in version 2.0.0 + +### Helm based installation +As part of driver installation, a ConfigMap with the name `isilon-config-params` is created, which contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` attribute in values.yaml during driver installation. + +To change the log level dynamically to a different value user can edit the same values.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace isilon --values ./my-isilon-settings.yaml --upgrade +``` + +Note: here my-isilon-settings.yaml is a values.yaml file which user has used for driver installation. + + +### Operator based installation +As part of driver installation, a ConfigMap with the name `isilon-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `isilon-config-params` and update `CSI_LOG_LEVEL` to the desired log level. +``` +kubectl edit configmap -n isilon isilon-config-params +``` + +>Note: Prior to CSI Driver for PowerScale version 2.0.0, the log level was allowed to be updated dynamically through `logLevel` attribute in the secret object. + +## NAT Support + +CSI Driver for Dell EMC PowerScale is supported in the NAT environment. + +## Configurable permissions for volume directory + +This feature is introduced in CSI Driver for PowerScale version 2.0.0 + +### Helm based installation +The permissions for volume directory can now be configured in 3 ways: + +1. Through values.yaml +2. Through secrets +3. Through storage class + +``` + # isiVolumePathPermissions: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + isiVolumePathPermissions: "0777" +``` + +The permissions present in values.yaml are the default for all cluster config. + +If the volume permission is not present in storage class then secrets are considered and if it is not present even in secrets then values.yaml is considered. + +>**Note:**
For volume creation from source (volume from snapshot/volume from volume) permissions are inherited from source.

Create myvalues.yaml/my-isilon-settings.yaml and storage class according to csi-powerscale 2.0 + +### Operator based installation + +In the case of operator-based installation, default permission for powerscale directory is present in the samples file. + +Other ways of configuring powerscale volume permissions remain the same as helm-based installation. + diff --git a/content/v3/features/powerstore.md b/content/v3/csidriver/features/powerstore.md similarity index 59% rename from content/v3/features/powerstore.md rename to content/v3/csidriver/features/powerstore.md index 04bb15b435..abb045b355 100644 --- a/content/v3/features/powerstore.md +++ b/content/v3/csidriver/features/powerstore.md @@ -1,6 +1,7 @@ --- title: PowerStore Description: Code features for PowerStore Driver +weight: 1 --- ## Creating volumes and consuming them @@ -13,12 +14,13 @@ kubectl create -f tests/simple/simple.yaml ``` After executing this command 3 PVC and statefulset are created in the `testpowerstore` namespace. You can check created PVCs by running `kubectl get pvc -n testpowerstore` and check statefulset's pods by running `kubectl get pods -n testpowerstore` -Pod should be `Ready` and `Running` -> If Pod is in CrashLoopback or PVCs is in Pending state then driver installation is not successful, check logs of node and controller + +The pod must be `Ready` and `Running` +> If Pod is in CrashLoopback or PVCs is in a Pending state then driver installation is not successful, check logs of node and controller. ## Deleting volumes -To delete volumes, pod and statefulset run +To delete volumes, pod and statefulset run, use the command: ```bash kubectl delete -f tests/simple/simple.yaml ``` @@ -27,7 +29,7 @@ kubectl delete -f tests/simple/simple.yaml You can use existent volumes from PowerStore array as Persistent Volumes in your Kubernetes, perform the following steps: 1. Open your volume in PowerStore Management UI, and take a note of volume-id. The volume link must look similar to `https:///#/storage/volumes/0055558c-5ae1-4ed1-b421-6f5a9475c19f/capacity`, where the `volume-id` is `0055558c-5ae1-4ed1-b421-6f5a9475c19f`. -2. Create PersistentVolume and use this volume-id in volumeHandle in format in the manifest. Modify other parameters according to your needs. +2. Create PersistentVolume and use this volume-id as a volumeHandle in the manifest. Modify other parameters according to your needs. ```yaml apiVersion: v1 kind: PersistentVolume @@ -40,7 +42,7 @@ spec: storage: 30Gi csi: driver: csi-powerstore.dellemc.com - volumeHandle: 0055558c-5ae1-4ed1-b421-6f5a9475c19f/unique/scsi + volumeHandle: 0055558c-5ae1-4ed1-b421-6f5a9475c19f persistentVolumeReclaimPolicy: Retain storageClassName: powerstore volumeMode: Filesystem @@ -85,56 +87,33 @@ spec: ## Volume Snapshot Feature -The CSI PowerStore driver version 1.1 and later supports managing beta snapshots. - -To use Volume Snapshots, ensure the following components have been deployed to your cluster: -- Kubernetes Volume Snaphshot CRDs -- Volume Snapshot Controller - -You can install them by running the following commands: -```bash -git clone https://github.com/kubernetes-csi/external-snapshotter/ -cd ./external-snapshotter -git checkout release- -kubectl create -f client/config/crd -kubectl create -f deploy/kubernetes/snapshot-controller -``` - -> For general use, update the snapshot controller YAMLs with an appropriate namespace before installing. For -example, on a Vanilla Kubernetes cluster, update the namespace from default to kube-system before issuing the -kubectl create command. - -### Volume Snapshot Class - -During the installation of CSI PowerStore driver version 1.1 and later, a Volume Snapshot Class is created. This is the only Volume Snapshot Class required and there is no need to create any other Volume Snapshot Class. +The CSI PowerStore driver version 2.0.0 supports v1 snapshots. -Following is the manifest for the Volume Snapshot Class created during installation: -```yaml -apiVersion: snapshot.storage.k8s.io/v1 # or v1beta1, depends on your k8s version -kind: VolumeSnapshotClass -metadata: - name: powerstore-snapshot -driver: csi-powerstore.dellemc.com -deletionPolicy: Delete -``` +In order to use Volume Snapshots, ensure the following components have been deployed to your cluster: +- Kubernetes Volume Snapshot CRDs +- Volume Snapshot Controller +- Volume Snapshot Class -### Create Volume Snapshot +>Note: From v1.4, the CSI PowerStore driver installation process will no longer create VolumeSnapshotClass. +> If you want to create VolumeSnapshots, then create a VolumeSnapshotClass using the sample provided in the _samples_ folder -The following is a sample manifest for creating a Volume Snapshot using the **v1** (or **v1beta1**) snapshot APIs: +### Creating Volume Snapshots +The following is a sample manifest for creating a Volume Snapshot using the **v1** snapshot APIs: ```yaml -apiVersion: snapshot.storage.k8s.io/v1 # or v1beta1, depends on your k8s version +apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: - name: pvol0-snap - namespace: testpowerstore + name: pvol0-snap1 spec: - volumeSnapshotClassName: powerstore-snapshot + volumeSnapshotClassName: powerstore-snapclass source: - persistentVolumeClaimName: pvol + persistentVolumeClaimName: pvol0 + ``` -Once the VolumeSnapshot is successfully created by the CSI PowerStore driver, a VolumeSnapshotContent object is automatically created. Once the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_ , it is available for use. -Following is the relevant section of VolumeSnapshot object status: +After the VolumeSnapshot has been successfully created by the CSI PowerStore driver, a VolumeSnapshotContent object is automatically created. When the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_, it is available for use. + +The following is the relevant section of VolumeSnapshot object status: ```yaml status: boundVolumeSnapshotContentName: snapcontent-5a8334d2-eb40-4917-83a2-98f238c4bda @@ -142,6 +121,20 @@ status: readyToUse: true ``` +### Snapshot feature is optional for the installation + +CSI PowerStore driver version 1.4 makes the snapshot feature optional for the installation. + +To enable or disable this feature, change values.snapshot.enable parameter to true or false, specify the following in `values.yaml` to enable this feature +```yaml +snapshot: + enable: true +``` + +External Snapshotter and its CRDs are not installed even if the Snapshot feature is enabled. These have to be installed manually before the installation. + +Disabling the Snapshot feature will opt out of the snapshotter sidecar from the installation. + ### Creating PVCs with Volume Snapshots as Source The following is a sample manifest for creating a PVC with a VolumeSnapshot as a source: @@ -166,7 +159,7 @@ spec: ``` ## iSCSI CHAP -The CSI PowerStore driver Version 1.3.0 extends Challenge Handshake Authentication Protocol (CHAP) support by adding automatic credentials generation. +The CSI PowerStore driver Version 1.3.0 and later extends Challenge Handshake Authentication Protocol (CHAP) support by adding automatic credentials generation. This means that you no longer need to provide chapsecret/chapuser credentials, they will be automatically generated by the driver for each host. @@ -174,17 +167,15 @@ To enable this feature you need to set `connection.enableCHAP` to `true` when in The driver uses the generated chapsecret to configure the iSCSI node database on each node with iSCSI access. -When creating new host on powerstore array driver will populate host chap credentials with generated values. When re-using already existing hosts driver should override existing CHAP credentials with newly generated ones. +When creating a new host on powerstore array driver will populate host chap credentials with generated values. When re-using already existing hosts driver must override existing CHAP credentials with newly generated ones. ## Volume Expansion The CSI PowerStore driver version 1.1 and later supports the expansion of Persistent Volumes (PVs). This expansion can be done either online (for example, when a PV is attached to a node) or offline (for example, when a PV is not attached to any node). -To use this feature, the storage class that is used to create the PV must have the attribute `allowVolumeExpansion` set to true. The storage classes created during the installation (both using Helm or dell-csi-operator) have the `allowVolumeExpansion` set to true by default. +To use this feature, the storage class that is used to create the PV must have the attribute `allowVolumeExpansion` set to true. -If you are creating more storage classes, ensure that this attribute is set to true to expand any PVs created using these new storage classes. - -The following is a sample manifest for a storage class which allows for Volume Expansion: +The following is a sample manifest for a storage class that allows for Volume Expansion: ```yaml apiVersion: storage.k8s.io/v1 @@ -259,9 +250,9 @@ Allowable access modes are `ReadWriteOnce`, `ReadWriteMany`, and for block devic Raw Block volumes are presented as a block device to the pod by using a bind mount to a block device in the node's file system. The driver does not format or check the format of any file system on the block device. Raw Block volumes do support online -Volume Expansion, but it is up to the application to manage reconfiguring the file system (if any) to the new size. +Volume Expansion, but it is up to the application to manage to reconfigure the file system (if any) to the new size. -For additional information, see the [kubernetes](https://kubernetes.io/DOCS/CONCEPTS/STORAGE/PERSISTENT-VOLUMES/#RAW-BLOCK-VOLUME-SUPPORT) website. +For additional information, see the [kubernetes](https://kubernetes.io/DOCS/CONCEPTS/STORAGE/PERSISTENT-VOLUMES/#raw-block-volume-support) website. ## Volume Cloning Feature @@ -269,7 +260,7 @@ The CSI PowerStore driver version 1.1 and later supports volume cloning. This al Source and destination PVC must be in the same namespace and have the same Storage Class. -To clone a volume, you should first have an existing pvc, for example, pvol0: +To clone a volume, you must first have an existing pvc, for example, pvol0: ```yaml kind: PersistentVolumeClaim apiVersion: v1 @@ -307,7 +298,7 @@ spec: ## Ephemeral Inline Volume -The CSI PowerStore driver version 1.2 supports ephemeral inline CSI volumes. This feature allows CSI volumes to be specified directly in the pod specification. +The CSI PowerStore driver version 1.2 and later supports ephemeral inline CSI volumes. This feature allows CSI volumes to be specified directly in the pod specification. At runtime, nested inline volumes follow the ephemeral lifecycle of their associated pods where the driver handles all phases of volume operations as pods are created and destroyed. @@ -333,12 +324,11 @@ spec: fsType: "ext4" volumeAttributes: size: "20Gi" - arrayID: "unique" ``` -This manifest creates a pod and attach newly created ephemeral inline csi volume to it. +This manifest creates a pod and attaches a newly created ephemeral inline CSI volume to it. -To create `NFS` volume you need to provide `nasName:` parameters that points to the name of your NAS Server in pod manifest like so +To create `NFS` volume you need to provide `nasName:` parameters that point to the name of your NAS Server in pod manifest like so ```yaml volumes: @@ -353,15 +343,15 @@ To create `NFS` volume you need to provide `nasName:` parameters that points to ## Controller HA - The CSI PowerStore driver version 1.2 introduces controller HA feature. Instead of StatefulSet controller pods deployed as a Deployment. + The CSI PowerStore driver version 1.2 and later introduces the controller HA feature. Instead of StatefulSet, controller pods are deployed as a Deployment. By default number of replicas is set to 2, you can set `controller.replicas` parameter to 1 in `my-powerstore-settings.yaml` if you want to disable controller HA for your installation. When installing via Operator you can change `replicas` parameter in `spec.driver` section in your PowerStore Custom Resource. -When multiple replicas of controller pods are in cluster, each sidecar (attacher, provisioner, resizer, snapshotter) tries to get a lease so only one instance of each sidecar would be active in the cluster at a time. +When multiple replicas of controller pods are in the cluster, each sidecar (attacher, provisioner, resizer, snapshotter) tries to get a lease so only one instance of each sidecar would be active in the cluster at a time. ### Driver pod placement -You can configure where driver controller and worker pods should be placed. +You can configure where driver controller and worker pods must be placed. To configure use `nodeSelector` and `tolerations` mechanisms you can configure in your `my-powerstore-settings.yaml` For example, you can specify `tolerations` to assign driver controller pods on controller nodes too: @@ -393,17 +383,17 @@ controller: effect: "NoSchedule" ``` -As mentioned earlier, you can configure where node driver pods would be assinged in the similar way in `node` section of `my-powerstore-settings.yaml` +As mentioned earlier, you can configure where node driver pods would be assigned in the similar way in `node` section of `my-powerstore-settings.yaml` ## Topology The CSI PowerStore driver version 1.2 and later supports Topology which forces volumes to be placed on worker nodes that have connectivity to the backend storage. This covers use cases where users have chosen to restrict the nodes on which the CSI driver is deployed. -This Topology support does not include customer defined topology, users cannot create their own labels for nodes, they should use whatever labels are returned by driver and applied automatically by Kubernetes on its nodes. +This Topology support does not include customer-defined topology, users cannot create their own labels for nodes, they must use whatever labels are returned by the driver and applied automatically by Kubernetes on its nodes. ### Topology Usage -To use the Topology features user must create their own storage classes similar to those that can be found in `helm/samples/storageclass` folder. +To use the Topology features user must create their own storage classes similar to those that can be found in `samples/storageclass` folder. The following is one of example storage class manifest: ```yaml @@ -422,43 +412,45 @@ allowedTopologies: - "true" ``` -This example matches all nodes where driver has a connection to PowerStore with IP of `127.0.0.1` via FibreChannel. Similar examples can be found in mentioned folder for NFS and iSCSI. +This example matches all nodes where the driver has a connection to PowerStore with an IP of `127.0.0.1` via FibreChannel. Similar examples can be found in mentioned folder for NFS and iSCSI. You can check what labels your nodes contain by running `kubectl get nodes --show-labels` ->Notice that `volumeBindingMode:` is set to `WaitForFirstConsumer` this is required for topology feature to work. +>Notice that `volumeBindingMode:` is set to `WaitForFirstConsumer` this is required for the topology feature to work. -For any additional information about topology, see the [Kubernetes Topology documentation](https://kubernetes-csi.github.io/docs/topology.html). +For any additional information about the topology, see the [Kubernetes Topology documentation](https://kubernetes-csi.github.io/docs/topology.html). ## Reuse PowerStore hostname -The CSI PowerStore driver version 1.2 and later can automatically detect if the current node was already registered as Host on storage array before. It will check if Host initiators and node initiators (FC or iSCSI) match. If they do, the driver will not create a new storage class and will take the existing name of the Host as nodeID. +The CSI PowerStore driver version 1.2 and later can automatically detect if the current node was already registered as a Host on the storage array before. It will check if Host initiators and node initiators (FC or iSCSI) match. If they do, the driver will not create a new host and will take the existing name of the Host as nodeID. ## Multiarray support -The CSI PowerStore driver version 1.3.0 adds support for managing multiple PowerStore arrays from the single driver instance. This feature is enabled by default and integrated to even single instance installations. +The CSI PowerStore driver version 1.3.0 and later support managing multiple PowerStore arrays from the single driver instance. This feature is enabled by default and integrated to even single instance installations. To manage multiple arrays you need to create an array connection configuration that lists multiple arrays. ### Creating array configuration Create a file called `config.yaml` and populate it with the following content - + ```yaml arrays: - endpoint: "https://10.0.0.1/api/rest" # full URL path to the PowerStore API + globalID: "unique" # global ID to identify array username: "user" # username for connecting to API password: "password" # password for connecting to API - insecure: true # use insecure connection or not + skipCertificateValidation: true # use insecure connection or not default: true # treat current array as a default (would be used by storage classes without arrayIP parameter) - block-protocol: "ISCSI" # what SCSI transport protocol use on node side (FC, ISCSI, None, or auto) - nas-name: "nas-server" # what NAS should be used for NFS volumes - - endpoint: "https://10.0.0.2/api/rest" + blockProtocol: "ISCSI" # what SCSI transport protocol use on node side (FC, ISCSI, None, or auto) + nasName: "nas-server" # what NAS must be used for NFS volumes + - endpoint: "https://10.0.0.2/api/rest" + globalID: "unique" username: "user" - password: "password" - insecure: true - block-protocol: "FC" + password: "password" + skipCertificateValidation: true + blockProtocol: "FC" ``` Here we specify that we want to CSI driver to manage two arrays: one with an IP `10.0.0.1` and the other with an IP `10.0.0.2`, we want to connect to the first array with `iSCSI` protocol and with `FC` to the second array. Also, we want to be able to create NFS-based volume so we provide the name of the NAS to the first array. @@ -497,7 +489,7 @@ reclaimPolicy: Delete allowVolumeExpansion: true volumeBindingMode: WaitForFirstConsumer parameters: - arrayIP: "10.0.0.1" + arrayID: "GlobalUniqueID" FsType: "ext4" --- apiVersion: storage.k8s.io/v1 @@ -509,7 +501,7 @@ reclaimPolicy: Delete allowVolumeExpansion: true volumeBindingMode: WaitForFirstConsumer parameters: - arrayIP: "10.0.0.2" + arrayID: "GlobalUniqueID" FsType: "xfs" ``` @@ -520,31 +512,97 @@ Then we need to apply storage classes to Kubernetes using `kubectl`: kubectl create -f storageclass.yaml ``` -After that, you can use `powerstore-1` storage class to create volumes on first array and `powerstore-2` storage class to create volumes on the second array. +After that, you can use `powerstore-1` storage class to create volumes on the first array and `powerstore-2` storage class to create volumes on the second array. ## Dynamic secret change detection -CSI PowerStore driver version 1.3.0 adds the ability to detect changes to array configuration Kubernetes secret. This essentially means that you can change credentials for your PowerStore arrays in-flight (without restarting the driver). +CSI PowerStore driver version 1.3.0 and later supports the ability to detect changes to array configuration Kubernetes secret. This essentially means that you can change credentials for your PowerStore arrays in-flight (without restarting the driver). To do so just change your configuration file `config.yaml` and apply it again using the following command: ```bash sed "s/CONFIG_YAML/`cat config.yaml | base64 -w0`/g" secret.yaml | kubectl apply -f - ``` -After Kubernetes remounts secret to driver containers (this usually takes around one minute), a driver should detect the change and start using this new configuration information. +After Kubernetes remounts secret to driver containers (this usually takes around one minute), a driver must detect the change and start using this new configuration information. ## Configuring custom access to NFS exports -CSI PowerStore driver Version 1.3.0 adds the ability to configure NFS access to nodes that use dedicated storage networks. +CSI PowerStore driver Version 1.3.0 and later supports the ability to configure NFS access to nodes that use dedicated storage networks. To enable this feature you need to specify `externalAccess` parameter in your helm `values.yaml` file or `X_CSI_POWERSTORE_EXTERNAL_ACCESS` variable when creating CustomResource using an operator. -The value of that parameter will be added as an additional entry to NFS Export host access. +The value of that parameter is added as an additional entry to NFS Export host access. For example the following notation: ```yaml externalAccess: "10.0.0.0/24" ``` -This would mean that we allow for NFS Export created by driver to be consumed by address range `10.0.0.0-10.0.0.255`. +This means that we allow for NFS Export created by driver to be consumed by address range `10.0.0.0-10.0.0.255`. + + +## Array identification based on GlobalID + +CSI PowerStore driver version 1.4.0 onwards slightly changes the way arrays are being identified in runtime. +In previous versions of the driver, a management IP address was used to identify an array. The address change could lead to an invalid state of PV. +From version 1.4.0 a unique GlobalID string is used for an array identification. +It has to be specified in `config.yaml` and in Storage Classes. + +The change provides backward compatibility with previously created PVs. +However, to provision new volumes, make sure to delete old Storage Classes and create new ones with `arrayID` instead of `arrayIP` specified. + +> NOTE: It is recommended to migrate the PVs to new identifiers before changing management IPs of storage systems. The recommended way to do it is to clone the existing volume and delete the old one. The cloned volume will automatically switch to using globalID instead of management IP. + +## Root squashing + +CSI PowerStore driver version 1.4.0 and later allows users to enable root squashing for NFS volumes provisioned by the driver. + +Root squashing rule prevents root users on NFS clients from exercising root privileges on the NFS server. + +To enable this rule, you need to set parameter `allowRoot` to `false` in your NFS storage class. + +Your storage class definition must look similar to this: + +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +... +parameters: + ... + allowRoot: "false" # enables or disables root squashing +``` + +> The 1.4 version and later of the driver also enables any container user, to have full access to provisioned NFS volume, in earlier versions only `root` user had access + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for PowerStore version 2.0.0. + +### Helm based installation +As part of driver installation, a ConfigMap with the name `powerstore-config-params` is created, which contains attributes `CSI_LOG_LEVEL` which specifies the current log level of CSI driver and `CSI_LOG_FORMAT` which specifies the current log format of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` and log format to `logFormat` attribute in `my-powerstore-settings.yaml` during driver installation. + +To change the log level or log format dynamically to a different value user can edit the same values.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace csi-powerstore --values ./my-powerstore-settings.yaml --upgrade +``` + +Note: here `my-powerstore-settings.yaml` is a `values.yaml` file which user has used for driver installation. + + +### Operator based installation +As part of driver installation, a ConfigMap with the name `powerstore-config-params` is created using the manifest located in the sample file. This ConfigMap contains attributes `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver and `CSI_LOG_FORMAT` which specifies the current log format of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `powerstore-config-params` and update `CSI_LOG_LEVEL` to the desired log level and `CSI_LOG_FORMAT` to the desired log format. +``` +kubectl edit configmap -n csi-powerstore powerstore-config-params +``` + +## NAT Support + +CSI Driver for Dell EMC Powerstore is supported in the NAT environment for NFS protocol. + +The user will be able to install the driver and able to create pods. diff --git a/content/v3/features/unity.md b/content/v3/csidriver/features/unity.md similarity index 60% rename from content/v3/features/unity.md rename to content/v3/csidriver/features/unity.md index 1c0d637836..304fd93271 100644 --- a/content/v3/features/unity.md +++ b/content/v3/csidriver/features/unity.md @@ -1,37 +1,38 @@ --- title: Unity Description: Code features for Unity Driver +weight: 1 --- ## Creating volumes and consuming them -Create a file `simple.yaml` using sample yaml files located at tests/sample.yaml +Create a file `sample.yaml` using sample yaml files located at test/sample.yaml The following command creates a statefulset that consumes three volumes of default storage classes: ```bash -kubectl create -f tests/sample.yaml +kubectl create -f test/sample.yaml ``` After executing this command 3 PVC and statefulset are created in the `test-unity` namespace. -You can check created PVCs by running `kubectl get pvc -n test-unity` and check statefulset's pods by running `kubectl get pods -n test-unity`command. -Pod should be `Ready` and `Running`. +You can check created PVCs by running `kubectl get pvc -n test-unity` and check statefulset's pods by running `kubectl get pods -n test-unity` command. +The pod should be `Ready` and `Running`. -> If Pod is in CrashLoopback or PVCs is in Pending state then driver installation is not successful, check logs of node and controller. +> If Pod is in CrashLoopback or PVCs is in a Pending state then driver installation is not successful, check logs of node and controller. ## Deleting volumes To delete volumes, pod and statefulset run the command ```bash -kubectl delete -f tests/sample.yaml +kubectl delete -f test/sample.yaml ``` ## Consuming existing volumes with static provisioning You can use existent volumes from Unity array as Persistent Volumes in your Kubernetes, to do that you must perform the following steps: -1. Open your volume in Unity Management UI (unisphere), and take a note of volume-id. The `volume-id` looks like `csiunity-xxxxx` and CLI ID looks like `sv_xxxx`. +1. Open your volume in Unity Management UI (Unisphere), and take a note of volume-id. The `volume-id` looks like `csiunity-xxxxx` and CLI ID looks like `sv_xxxx`. 2. Create PersistentVolume and use this volume-id as a volumeHandle in the manifest. Modify other parameters according to your needs. ```yaml @@ -99,22 +100,18 @@ spec: ## Volume Snapshot Feature -The Volume Snapshot feature was introduced in alpha (v1alpha1) in Kubernetes 1.13 and then moved to beta (v1beta1) in Kubernetes version 1.17 and generally available (v1) in Kubernetes version 1.20. - -The CSI Unity driver version 1.5 supports v1beta1 snapshots on Kubernetes 1.18/1.19 and v1 snapshots on Kubernetes 1.20. - In order to use Volume Snapshots, ensure the following components have been deployed to your cluster: -- Kubernetes Volume Snaphshot CRDs +- Kubernetes Volume Snapshot CRDs - Volume Snapshot Controller ### Volume Snapshot Class -During the installation of CSI Unity 1.5 driver, a Volume Snapshot Class is created. This is the only Volume Snapshot Class required and there is no need to create any other Volume Snapshot Class. +During the installation of the CSI Unity 2.0 driver, a Volume Snapshot Class is not created and need to create Volume Snapshot Class. -Following is the manifest for a Volume Snapshot Class created during installation: +Following is the manifest to create Volume Snapshot Class : ```yaml -apiVersion: snapshot.storage.k8s.io/v1 #For beta snapshots the apiVersion will be snapshot.storage.k8s.io/v1beta1 +apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotClass metadata: name: unity-snapclass @@ -127,7 +124,7 @@ deletionPolicy: Delete The following is a sample manifest for creating a Volume Snapshot using the **v1** snapshot APIs: ```yaml -apiVersion: snapshot.storage.k8s.io/v1 #For beta snapshots the apiVersion will be snapshot.storage.k8s.io/v1beta1 +apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: pvol0-snap @@ -138,7 +135,7 @@ spec: persistentVolumeClaimName: pvol ``` -Once the VolumeSnapshot is successfully created by the CSI Unity driver, a VolumeSnapshotContent object is automatically created. Once the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_ , it is available for use. +Once the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_, it is available for use. Following is the relevant section of VolumeSnapshot object status: @@ -148,6 +145,8 @@ status: creationTime: "2020-07-16T08:42:12Z" readyToUse: true ``` +Note : +For CSI Driver for Unity version 1.6 and later, `dell-csi-helm-installer` does not create any Volume Snapshot classes as part of the driver installation. A set of annotated volume snapshot class manifests have been provided in the `csi-unity/samples/volumesnapshotclass/` folder. Use these samples to create new Volume Snapshot to provision storage. ### Creating PVCs with Volume Snapshots as Source @@ -176,11 +175,9 @@ spec: The CSI Unity driver version 1.3 and later supports the expansion of Persistent Volumes (PVs). This expansion can be done either online (for example, when a PVC is attached to a node) or offline (for example, when a PVC is not attached to any node). -To use this feature, the storage class that is used to create the PVC must have the attribute `allowVolumeExpansion` set to true. The storage classes created during the installation (both using Helm or dell-csi-operator) have the `allowVolumeExpansion` set to true by default. +To use this feature, the storage class that is used to create the PVC must have the attribute `allowVolumeExpansion` set to true. -If you are creating more storage classes, ensure that this attribute is set to true to expand any PVs created using these new storage classes. - -The following is a sample manifest for a storage class which allows for Volume Expansion: +The following is a sample manifest for a storage class that allows for Volume Expansion: ```yaml apiVersion: storage.k8s.io/v1 @@ -218,8 +215,8 @@ spec: ## Raw block support -The CSI Unity driver supports Raw Block Volumes from v1.4 onwards. - Raw Block volumes are created using the volumeDevices list in the pod template spec with each entry accessing a volumeClaimTemplate specifying a volumeMode: Block. An example configuration is outlined here: +The CSI Unity driver version 1.4 and later supports Raw Block Volumes. + Raw Block volumes are created using the volumeDevices list in the pod template spec with each entry accessing a volumeClaimTemplate specifying a volumeMode: Block. The following is an example configuration: ```yaml apiVersion: v1 @@ -258,18 +255,18 @@ spec: - name: nov-eleventh-1-pv-storage persistentVolumeClaim: claimName: rawblockpvc - ``` Access modes allowed are ReadWriteOnce and ReadWriteMany. Raw Block volumes are presented as a block device to the pod by using a bind mount to a block device in the node's file system. The driver does not format or check the format of any file system on the block device. -Raw Block volumes do support online Volume Expansion, but it is up to the application to manage reconfiguring the file system (if any) to the new size. Access mode ReadOnlyMany is not supported with raw block since we cannot restrict volumes to be readonly from Unity. -For additional information, see the [kubernetes](https://kubernetes.io/DOCS/CONCEPTS/STORAGE/PERSISTENT-VOLUMES/#RAW-BLOCK-VOLUME-SUPPORT) website. +Raw Block volumes support online Volume Expansion, but it is up to the application to manage to reconfigure the file system (if any) to the new size. Access mode ReadOnlyMany is not supported with raw block since we cannot restrict volumes to be readonly from Unity. + +For additional information, see the [kubernetes](https://kubernetes.io/DOCS/CONCEPTS/STORAGE/PERSISTENT-VOLUMES/#volume-mode) website. ## Volume Cloning Feature -The CSI Unity driver version 1.3 supports volume cloning. This allows specifying existing PVCs in the _dataSource_ field to indicate a user would like to clone a Volume. +The CSI Unity driver version 1.3 and later supports volume cloning. This allows specifying existing PVCs in the _dataSource_ field to indicate a user would like to clone a Volume. Source and destination PVC must be in the same namespace and have the same Storage Class. @@ -313,7 +310,7 @@ spec: ## Ephemeral Inline Volume -The CSI Unity driver version 1.4 supports ephemeral inline CSI volumes. This feature allows CSI volumes to be specified directly in the pod specification. +The CSI Unity driver version 1.4 and later supports ephemeral inline CSI volumes. This feature allows CSI volumes to be specified directly in the pod specification. At runtime, nested inline volumes follow the ephemeral lifecycle of their associated pods where the driver handles all phases of volume operations as pods are created and destroyed. @@ -339,11 +336,17 @@ spec: fsType: "ext4" volumeAttributes: size: "10Gi" + arrayId: APM************ + protocol: iSCSI + thinProvisioned: "true" + isDataReductionEnabled: "false" + tieringPolicy: "1" + storagePool: pool_2 ``` -This manifest creates a pod and attach newly created ephemeral inline CSI volume to it. +This manifest creates a pod and attaches a newly created ephemeral inline CSI volume to it. -To create `NFS` volume you need to provide `nasName:` parameters that points to the name of your NAS Server in pod manifest like so +To create `NFS` volume you need to provide `nasName:` parameters that point to the name of your NAS Server in pod manifest like so ```yaml volumes: @@ -358,11 +361,11 @@ To create `NFS` volume you need to provide `nasName:` parameters that points to ## Controller HA -The CSI Unity driver version 1.4 introduces controller HA feature. Instead of StatefulSet controller pods deployed as a Deployment. +The CSI Unity driver version 1.4 and later supports the controller HA feature. Instead of StatefulSet controller pods deployed as a Deployment. -By default number of replicas set to 2, you can set `controllerCount` parameter to 1 in `myvalues.yaml` if you want to disable controller HA for your installation. When installing via Operator you can change `replicas` parameter in `spec.driver` section in your Unity Custom Resource. +By default, number of replicas is set to 2, you can set the `controllerCount` parameter to 1 in `myvalues.yaml` if you want to disable controller HA for your installation. When installing via Operator you can change the `replicas` parameter in the `spec.driver` section in your Unity Custom Resource. -When multiple replicas of controller pods are in cluster each sidecar (Attacher, Provisioner, Resizer and Snapshotter) tries to get a lease so only one instance of each sidecar is active in the cluster at a time. +When multiple replicas of controller pods are in a cluster each sidecar (Attacher, Provisioner, Resizer, and Snapshotter) tries to get a lease so only one instance of each sidecar is active in the cluster at a time. ### Driver pod placement @@ -400,19 +403,17 @@ controller: effect: "NoSchedule" ``` -As said before you can configure where node driver pods would be assigned in the similar way in `node` section of `myvalues.yaml` +As said before you can configure where node driver pods would be assigned in a similar way in the `node` section of `myvalues.yaml` ## Topology -The CSI Unity driver version 1.4 supports Topology which forces volumes to be placed on worker nodes that have connectivity to the backend storage. This covers use cases where users have chosen to restrict the nodes on which the CSI driver is deployed. +The CSI Unity driver version 1.4 and later supports Topology which forces volumes to be placed on worker nodes that have connectivity to the backend storage. This covers use cases where users have chosen to restrict the nodes on which the CSI driver is deployed. -This Topology support does not include customer defined topology, users cannot create their own labels for nodes, they should use whatever labels are returned by driver and applied automatically by Kubernetes on its nodes. +This Topology support does not include customer-defined topology, users cannot create their own labels for nodes, they should use whatever labels are returned by the driver and applied automatically by Kubernetes on its nodes. ### Topology Usage -To use the Topology feature, user can install driver by setting `createStorageClassesWithTopology` to true in the `myvalues.yaml` which will create default storage classes by adding topology keys (based on the arrays specified in `myvalues.yaml`) and with `WaitForFirstConsumer` binding mode. - -Another option is the user can create custom storage classes on their own by specifying the valid topology keys and binding mode. +User can create custom storage classes on their own by specifying the valid topology keys and binding mode. The following is one of example storage class manifest: @@ -432,33 +433,64 @@ allowedTopologies: - "true" ``` -This example will match all nodes where driver has a connection to Unity array with array ID mentioned via Fiber Channel. Similarly by replacing `fc` with `iscsi` in the key will check for iSCSI connectivity with the node. +This example matches all nodes where the driver has a connection to the Unity array with array ID mentioned via Fiber Channel. Similarly, by replacing `fc` with `iscsi` in the key checks for iSCSI connectivity with the node. You can check what labels your nodes contain by running `kubectl get nodes --show-labels` command. ->Note that `volumeBindingMode:` is set to `WaitForFirstConsumer` this is required for topology feature to work properly. +>Note that `volumeBindingMode:` is set to `WaitForFirstConsumer` this is required for the topology feature to work properly. -For any additional information about topology, see the [Kubernetes Topology documentation](https://kubernetes-csi.github.io/docs/topology.html). +For any additional information about the topology, see the [Kubernetes Topology documentation](https://kubernetes-csi.github.io/docs/topology.html). -## Support for Docker EE +## Support for SLES 15 SP2 -The CSI Driver for Dell EMC Unity supports Docker EE and deployment on clusters bootstrapped with UCP (Universal Control Plane). +The CSI Driver for Dell EMC Unity requires the following set of packages installed on all worker nodes that run on SLES 15 SP2. -*UCP version 3.3.3 supports Kubernetes 1.18 and CSI driver can be installed on UCP 3.3 with Helm. + - open-iscsi **open-iscsi is required in order to make use of iSCSI protocol for provisioning** + - nfs-utils **nfs-utils is required in order to make use of NFS protocol for provisioning** + - multipath-tools **multipath-tools is required in order to make use of FC and iSCSI protocols for provisioning** -The installation process for the driver on such clusters remains the same as the installation process on upstream clusters. + After installing open-iscsi, ensure "iscsi" and "iscsid" services have been started and /etc/isci/initiatorname.iscsi is created and has the host initiator id. The pre-requisites are mandatory for provisioning with the iSCSI protocol to work. -On UCP based clusters, `kubectl` may not be installed by default, it is important that [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) is installed prior to the installation of the driver. +## Volume Limit +The CSI Driver for Dell EMC Unity allows users to specify the maximum number of Unity volumes that can be used in a node. -The worker nodes in UCP backed clusters may run any of the OSs which we support with upstream clusters. +The user can set the volume limit for a node by creating a node label `max-unity-volumes-per-node` and specifying the volume limit for that node. +
`kubectl label node max-unity-volumes-per-node=` +The user can also set the volume limit for all the nodes in the cluster by specifying the same to `maxUnityVolumesPerNode` attribute in values.yaml file. -## Support for SLES 15 SP2 +>**NOTE:**
To reflect the changes after setting the value either via node label or in values.yaml file, user has to bounce the driver controller and node pods using the command `kubectl get pods -n unity --no-headers=true | awk '/unity-/{print $1}'| xargs kubectl delete -n unity pod`.

If the value is set both by node label and values.yaml file then node label value will get the precedence and user has to remove the node label in order to reflect the values.yaml value.

The default value of `maxUnityVolumesPerNode` is 0.

If `maxUnityVolumesPerNode` is set to zero, then CO SHALL decide how many volumes of this type can be published by the controller to the node.

The volume limit specified to `maxUnityVolumesPerNode` attribute is applicable to all the nodes in the cluster for which node label `max-unity-volumes-per-node` is not set. -The CSI Driver for Dell EMC Unity requires the following set of packages installed on all worker nodes that run on SLES 15 SP2. +## NAT Support +CSI Driver for Dell EMC Unity is supported in the NAT environment for NFS protocol. - - open-iscsi **open-iscsi is required in order to make use of iSCSI protocol for provisioning** - - nfs-utils **nfs-utils is required in order to make use of NFS protocol for provisioning** - - multipath-tools **multipath-tools is required in order to make use of FC and iSCSI protocols for provisioning** +The user will be able to install the driver and able to create pods. + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for unity version 2.0.0. + +### Helm based installation +As part of driver installation, a ConfigMap with the name `unity-config-params` is created, which contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` attribute in values.yaml during driver installation. + +To change the log level dynamically to a different value user can edit the same values.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace unity --values ./myvalues.yaml --upgrade +``` + +Note: myvalues.yaml is a values.yaml file which user has used for driver installation. + + +### Operator based installation +As part of driver installation, a ConfigMap with the name `unity-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `unity-config-params` and update `CSI_LOG_LEVEL` to the desired log level. +``` +kubectl edit configmap -n unity unity-config-params +``` + +>Note: Prior to CSI Driver for unity version 2.0.0, the log level was allowed to be updated dynamically through `logLevel` attribute in the secret object. - After installing open-iscsi, ensure "iscsi" and "iscsid" services have been started and /etc/isci/initiatorname.iscsi is created and has the host initiator id. The pre-requisites are mandatory for provisioning with iSCSI protocol to work. diff --git a/content/v3/dell-csi-driver/flex.jpeg b/content/v3/csidriver/flex.jpeg similarity index 100% rename from content/v3/dell-csi-driver/flex.jpeg rename to content/v3/csidriver/flex.jpeg diff --git a/content/v3/csidriver/installation/_index.md b/content/v3/csidriver/installation/_index.md new file mode 100644 index 0000000000..90e2b25f9d --- /dev/null +++ b/content/v3/csidriver/installation/_index.md @@ -0,0 +1,11 @@ +--- +title: "Installation" +linkTitle: "Installation" +weight: 2 +description: Methods to install CSI Drivers +tags: + - install + - csi-driver +--- + +Installation information for all the drivers/modules can be found on the individual driver's page in this section diff --git a/content/v3/installation/helm/_index.md b/content/v3/csidriver/installation/helm/_index.md similarity index 63% rename from content/v3/installation/helm/_index.md rename to content/v3/csidriver/installation/helm/_index.md index 30294fe45e..4bd95d84b7 100644 --- a/content/v3/installation/helm/_index.md +++ b/content/v3/csidriver/installation/helm/_index.md @@ -3,19 +3,19 @@ title: "CSI Driver installation using Helm" linkTitle: "Using Helm" weight: 2 Description: > - Installation of Dell EMC CSI drivers using Helm installer + Installation of CSI Drivers using Helm --- -This section provides the details and instructions on how to install the Dell EMC CSI drivers using the provided Helm charts and the Dell CSI Helm Installer. +This section provides the details and instructions on how to install the CSI Driver components using the provided Helm charts and in the case of the CSI drivers, the Dell CSI Helm Installer. ## Dependencies -Installing any of the Dell EMC CSI Drivers using Helm requires a few utilities to be installed on the system running the installation. +Installing any of the CSI Driver components using Helm requires a few utilities to be installed on the system running the installation. | Dependency | Usage | |------------|-------| | `kubectl` | Kubectl is used to validate that the Kubernetes system meets the requirements of the driver. | | `helm` | Helm v3 is used as the deployment tool for Charts. Go [here](https://helm.sh/docs/intro/install/) to install Helm 3.| -| `sshpass` | sshpass is used to check certain pre-requisities in worker nodes (in chosen drivers). | +| `sshpass` | sshpass is used to check certain pre-requisites in worker nodes (in chosen drivers). | + -\ **Note:** To use these tools, a valid `KUBECONFIG` is required. Ensure that either a valid configuration is in the default location, or, that the `KUBECONFIG` environment variable points to a valid configuration before using these tools. diff --git a/content/v3/csidriver/installation/helm/isilon.md b/content/v3/csidriver/installation/helm/isilon.md new file mode 100644 index 0000000000..8f4960f11f --- /dev/null +++ b/content/v3/csidriver/installation/helm/isilon.md @@ -0,0 +1,235 @@ +--- +title: PowerScale +description: > + Installing CSI Driver for PowerScale via Helm +--- +The CSI Driver for Dell EMC PowerScale can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerscale/tree/master/dell-csi-helm-installer). + +The controller section of the Helm chart installs the following components in a _Deployment_ in the specified namespace: +- CSI Driver for PowerScale +- Kubernetes External Provisioner, which provisions the volumes +- Kubernetes External Attacher, which attaches the volumes to the containers +- Kubernetes External Snapshotter, which provides snapshot support +- Kubernetes External Resizer, which resizes the volume + +The node section of the Helm chart installs the following component in a _DaemonSet_ in the specified namespace: +- CSI Driver for PowerScale +- Kubernetes Node Registrar, which handles the driver registration + +## Prerequisites + +The following are requirements to be met before installing the CSI Driver for Dell EMC PowerScale: +- Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) +- Install Helm 3 +- Mount propagation is enabled on container runtime that is being used +- If using Snapshot feature, satisfy all Volume Snapshot requirements + +### Install Helm 3.0 + +Install Helm 3.0 on the master node before you install the CSI Driver for Dell EMC PowerScale. + +**Steps** + + Run the `curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash` command to install Helm 3.0. + +### (Optional) Volume Snapshot Requirements + +Applicable only if you decided to enable snapshot feature in `values.yaml` + +```yaml +controller: + snapshot: + enabled: true +``` + +#### Volume Snapshot CRD's +The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. Manifests are available here:[v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/client/config/crd) + +#### Volume Snapshot Controller +The CSI external-snapshotter sidecar is split into two controllers: +- A common snapshot controller +- A CSI external-snapshotter sidecar + +The common snapshot controller must be installed only once in the cluster irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available here: [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/deploy/kubernetes/snapshot-controller) + +*NOTE:* +- The manifests available on GitHub install the snapshotter image: + - [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) +- The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. + +#### Installation example + +You can install CRDs and the default snapshot controller by running the following commands: +```bash +git clone https://github.com/kubernetes-csi/external-snapshotter/ +cd ./external-snapshotter +git checkout release- +kubectl create -f client/config/crd +kubectl create -f deploy/kubernetes/snapshot-controller +``` + +*NOTE:* +- It is recommended to use 4.2.x version of snapshotter/snapshot-controller. +- The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. + +## Install the Driver + +**Steps** +1. Run `git clone -b v2.0.0 https://github.com/dell/csi-powerscale.git` to clone the git repository. +2. Ensure that you have created the namespace where you want to install the driver. You can run `kubectl create namespace isilon` to create a new one. The use of "isilon" as the namespace is just an example. You can choose any name for the namespace. +3. Collect information from the PowerScale Systems like IP address, IsiPath, username, and password. Make a note of the value for these parameters as they must be entered in the *secret.yaml*. +4. Copy *the helm/csi-isilon/values.yaml* into a new location with name say *my-isilon-settings.yaml*, to customize settings for installation. +5. Edit *my-isilon-settings.yaml* to set the following parameters for your installation: + The following table lists the primary configurable parameters of the PowerScale driver Helm chart and their default values. More detailed information can be + found in the [`values.yaml`](https://github.com/dell/csi-powerscale/blob/master/helm/csi-isilon/values.yaml) file in this repository. + + | Parameter | Description | Required | Default | + | --------- | ----------- | -------- |-------- | + | logLevel | CSI driver log level | No | "debug" | + | certSecretCount | Defines the number of certificate secrets, which the user is going to create for SSL authentication. (isilon-cert-0..isilon-cert-(n-1)); Minimum value should be 1.| Yes | 1 | + | [allowedNetworks](../../../features/powerscale/#support-custom-networks-for-nfs-io-traffic) | Defines the list of networks that can be used for NFS I/O traffic, CIDR format must be used. | No | [ ] | + | maxIsilonVolumesPerNode | Defines the default value for a maximum number of volumes that the controller can publish to the node. If the value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. | Yes | 0 | + | imagePullPolicy | Defines the policy to determine if the image should be pulled prior to starting the container | Yes | IfNotPresent | + | verbose | Indicates what content of the OneFS REST API message should be logged in debug level logs | Yes | 1 | + | kubeletConfigDir | Specify kubelet config dir path | Yes | "/var/lib/kubelet" | + | enableCustomTopology | Indicates PowerScale FQDN/IP which will be fetched from node label and the same will be used by controller and node pod to establish a connection to Array. This requires enableCustomTopology to be enabled. | No | false | + | ***controller*** | Configure controller pod specific parameters | | | + | controllerCount | Defines the number of csi-powerscale controller pods to deploy to the Kubernetes release| Yes | 2 | + | volumeNamePrefix | Defines a string prefix for the names of PersistentVolumes created | Yes | "k8s" | + | snapshot.enabled | Enable/Disable volume snapshot feature | Yes | true | + | snapshot.snapNamePrefix | Defines a string prefix for the names of the Snapshots created | Yes | "snapshot" | + | resizer.enabled | Enable/Disable volume expansion feature | Yes | true | + | nodeSelector | Define node selection constraints for pods of controller deployment | No | | + | tolerations | Define tolerations for the controller deployment, if required | No | | + | ***node*** | Configure node pod specific parameters | | | + | nodeSelector | Define node selection constraints for pods of node daemonset | No | | + | tolerations | Define tolerations for the node daemonset, if required | No | | + | dnsPolicy | Define the DNS Policy of the Node service | Yes | ClusterFirstWithHostNet | + | ***PLATFORM ATTRIBUTES*** | | | | + | endpointPort | Define the HTTPs port number of the PowerScale OneFS API server. This value acts as a default value for endpointPort, if not specified for a cluster config in secret. | No | 8080 | + | skipCertificateValidation | Specify whether the PowerScale OneFS API server's certificate chain and hostname must be verified. This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret. | No | true | + | isiAccessZone | Define the name of the access zone a volume can be created in. If storageclass is missing with AccessZone parameter, then value of isiAccessZone is used for the same. | No | System | + | enableQuota | Indicates whether the provisioner should attempt to set (later unset) quota on a newly provisioned volume. This requires SmartQuotas to be enabled.| No | true | + | isiPath | Define the base path for the volumes to be created on PowerScale cluster. This value acts as a default value for isiPath, if not specified for a cluster config in secret| No | /ifs/data/csi | + | noProbeOnStart | Define whether the controller/node plugin should probe all the PowerScale clusters during driver initialization | No | false | + | autoProbe | Specify if automatically probe the PowerScale cluster if not done already during CSI calls | No | true | + + *NOTE:* + + - ControllerCount parameter value must not exceed the number of nodes in the Kubernetes cluster. Otherwise, some of the controller pods remain in a "Pending" state till new nodes are available for scheduling. The installer exits with a WARNING on the same. + - Whenever the *certSecretCount* parameter changes in *my-isilon-setting.yaml* user needs to reinstall the driver. + + +6. Edit following parameters in samples/secret/secret.yaml file and update/add connection/authentication information for one or more PowerScale clusters. + + | Parameter | Description | Required | Default | + | --------- | ----------- | -------- |-------- | + | clusterName | Logical name of PoweScale cluster against which volume CRUD operations are performed through this secret. | Yes | - | + | username | username for connecting to PowerScale OneFS API server | Yes | - | + | password | password for connecting to PowerScale OneFS API server | Yes | - | + | endpoint | HTTPS endpoint of the PowerScale OneFS API server | Yes | - | + | isDefault | Indicates if this is a default cluster (would be used by storage classes without ClusterName parameter). Only one of the cluster config should be marked as default. | No | false | + | ***Optional parameters*** | Following parameters are Optional. If specified will override default values from values.yaml. | + | skipCertificateValidation | Specify whether the PowerScale OneFS API server's certificate chain and hostname must be verified. | No | default value from values.yaml | + | endpointPort | Specify the HTTPs port number of the PowerScale OneFS API server | No | default value from values.yaml | + | isiPath | The base path for the volumes to be created on PowerScale cluster. Note: IsiPath parameter in storageclass, if present will override this attribute. | No | default value from values.yaml | + + The username specified in *secret.yaml* must be from the authentication providers of PowerScale. The user must have enough privileges to perform the actions. The suggested privileges are as follows: + + + | Privilege | Type | + | --------- | ----- | + | ISI_PRIV_LOGIN_PAPI | Read Only | + | ISI_PRIV_NFS | Read Write | + | ISI_PRIV_QUOTA | Read Write | + | ISI_PRIV_SNAPSHOT | Read Write | + | ISI_PRIV_IFS_RESTORE | Read Only | + | ISI_PRIV_NS_IFS_ACCESS | Read Only | + | ISI_PRIV_IFS_BACKUP | Read Only | + +Create isilon-creds secret using the following command: +
`kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml -o yaml --dry-run=client | kubectl apply -f -` + + *NOTE:* + - If any key/value is present in all *my-isilon-settings.yaml*, *secret*, and storageClass, then the values provided in storageClass parameters take precedence. + - The user has to validate the yaml syntax and array-related key/values while replacing or appending the isilon-creds secret. The driver will continue to use previous values in case of an error found in the yaml file. + - For the key isiIP/endpoint, the user can give either IP address or FQDN. Also, the user can prefix 'https' (For example, https://192.168.1.1) with the value. + - The *isilon-creds* secret has a *mountEndpoint* parameter which should not be updated by the user. This parameter is updated and used when the driver has been injected with [CSM-Authorization](https://github.com/dell/karavi-authorization). + +7. Install OneFS CA certificates by following the instructions from the next section, if you want to validate OneFS API server's certificates. If not, create an empty secret using the following command and an empty secret must be created for the successful installation of CSI Driver for Dell EMC PowerScale. + ``` + kubectl create -f emptysecret.yaml + ``` + This command will create a new secret called `isilon-certs-0` in isilon namespace. + +8. Install the driver using `csi-install.sh` bash script by running `cd ../dell-csi-helm-installer && ./csi-install.sh --namespace isilon --values ../helm/my-isilon-settings.yaml` (assuming that the current working directory is 'helm' and my-isilon-settings.yaml is also present under 'helm' directory) + +## Certificate validation for OneFS REST API calls + +The CSI driver exposes an install parameter 'skipCertificateValidation' which determines if the driver +performs client-side verification of the OneFS certificates. The 'skipCertificateValidation' parameter is set to true by default and the driver does not verify the OneFS certificates. + +If the 'skipCertificateValidation' is set to false, then the secret isilon-certs must contain the CA certificate for OneFS. +If this secret is an empty secret, then the validation of the certificate fails, and the driver fails to start. + +If the 'skipCertificateValidation' parameter is set to false and a previous installation attempt to create the empty secret, then this secret must be deleted and re-created using the CA certs. If the OneFS certificate is self-signed, then perform the following steps: + +### Procedure + +1. To fetch the certificate, run `openssl s_client -showcerts -connect [OneFS IP] /dev/null | openssl x509 -outform PEM > ca_cert_0.pem` +2. To create the certs secret, run `kubectl create secret generic isilon-certs-0 --from-file=cert-0=ca_cert_0.pem -n isilon` +3. Use the following command to replace the secret
`kubectl create secret generic isilon-certs-0 -n isilon --from-file=cert-0=ca_cert_0.pem -o yaml --dry-run | kubectl replace -f -` + +**NOTES:** +1. The OneFS IP can be with or without a port, depends upon the configuration of OneFS API server. +2. The commands are based on the namespace 'isilon' +3. It is highly recommended that ca_cert.pem file(s) having the naming convention as ca_cert_number.pem (example: ca_cert_0, ca_cert_1), where this number starts from 0 and grows as the number of OneFS arrays grows. +4. The cert secret created out of these pem files must have the naming convention as isilon-certs-number (example: isilon-certs-0, isilon-certs-1, and so on.); The number must start from zero and must grow in incremental order. The number of the secrets created out of pem files should match certSecretCount value in myvalues.yaml or my-isilon-settings.yaml. + +### Dynamic update of array details via secret.yaml + +CSI Driver for Dell EMC PowerScale now provides supports for Multi cluster. Now users can link the single CSI Driver to multiple OneFS Clusters by updating *secret.yaml*. Users can now update the isilon-creds secret by editing the *secret.yaml* and executing the following command + +`kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml -o yaml --dry-run=client | kubectl apply -f -` + + +**Note**: Updating isilon-certs-x secrets is a manual process, unlike isilon-creds. Users have to re-install the driver in case of updating/adding the SSL certificates or changing the certSecretCount parameter. + + +## Storage Classes + +The CSI driver for Dell EMC PowerScale version 1.5 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A sample storage class manifest is available at `samples/storageclass/isilon.yaml`. Use this sample manifest to create a storageclass to provision storage; uncomment/ update the manifest as per the requirements. + +### What happens to my existing storage classes? + +*Upgrading from CSI PowerScale v1.6 driver* +The storage classes created as part of the installation have an annotation - "helm.sh/resource-policy": keep set. This ensures that even after an uninstall or upgrade, the storage classes are not deleted. You can continue using these storage classes if you wish so. + +*Upgrading from an older version of the driver* +It is strongly recommended to upgrade the earlier versions of CSI PowerScale to 1.6 before upgrading to 2.0. + +*NOTE*: +- At least one storage class is required for one array. +- If you uninstall the driver and reinstall it, you can still face errors if any update in the `values.yaml` file leads to an update of the storage class(es): + +``` + Error: cannot patch "" with kind StorageClass: StorageClass.storage.k8s.io "" is invalid: parameters: Forbidden: updates to parameters are forbidden +``` + +In case you want to make such updates, ensure to delete the existing storage classes using the `kubectl delete storageclass` command. +Deleting a storage class has no impact on a running Pod with mounted PVCs. You cannot provision new PVCs until at least one storage class is newly created. + +>Note: If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. + +## Volume Snapshot Class + +Starting CSI PowerScale v1.6, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. Sample volume snapshot class manifests are available at `samples/volumesnapshotclass/`. Use these sample manifests to create a volumesnapshotclass for creating volume snapshots; uncomment/ update the manifests as per the requirements. + +### What happens to my existing Volume Snapshot Classes? + +*Upgrading from CSI PowerScale v1.6 driver*: +The existing volume snapshot class will be retained. + +*Upgrading from an older version of the driver*: +It is strongly recommended to upgrade the earlier versions of CSI PowerScale to 1.6 before upgrading to 2.0. + diff --git a/content/v3/csidriver/installation/helm/powerflex.md b/content/v3/csidriver/installation/helm/powerflex.md new file mode 100644 index 0000000000..697c8c786b --- /dev/null +++ b/content/v3/csidriver/installation/helm/powerflex.md @@ -0,0 +1,328 @@ +--- +title: PowerFlex +linktitle: PowerFlex +description: > + Installing the CSI Driver for PowerFlex via Helm +--- + +The CSI Driver for Dell EMC PowerFlex can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerflex/tree/master/dell-csi-helm-installer). + +The controller section of the Helm chart installs the following components in a _Deployment_ in the specified namespace: +- CSI Driver for Dell EMC PowerFlex +- Kubernetes External Provisioner, which provisions the volumes +- Kubernetes External Attacher, which attaches the volumes to the containers +- Kubernetes External Snapshotter, which provides snapshot support +- Kubernetes External Resizer, which resizes the volume + +The node section of the Helm chart installs the following component in a _DaemonSet_ in the specified namespace: +- CSI Driver for Dell EMC PowerFlex +- Kubernetes Node Registrar, which handles the driver registration + +## Prerequisites + +The following are requirements that must be met before installing the CSI Driver for Dell EMC PowerFlex: +- Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) +- Install Helm 3 +- Enable Zero Padding on PowerFlex +- Mount propagation is enabled on container runtime that is being used +- Install PowerFlex Storage Data Client +- If using Snapshot feature, satisfy all Volume Snapshot requirements +- A user must exist on the array with a role _>= FrontEndConfigure_ + + +### Install Helm 3.0 + +Install Helm 3.0 on the master node before you install the CSI Driver for Dell EMC PowerFlex. + +**Steps** + + Run the `curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash` command to install Helm 3.0. + +### Enable Zero Padding on PowerFlex + +Verify that zero padding is enabled on the PowerFlex storage pools that will be used. Use PowerFlex GUI or the PowerFlex CLI to check this setting. For more information to configure this setting, see [Dell EMC PowerFlex documentation](https://cpsdocs.dellemc.com/bundle/PF_CONF_CUST/page/GUID-D32BDFF7-3014-4894-8E1E-2A31A86D343A.html). + +### Install PowerFlex Storage Data Client + +The CSI Driver for PowerFlex requires you to have installed the PowerFlex Storage Data Client (SDC) on all Kubernetes nodes which run the node portion of the CSI driver. +SDC could be installed automatically by CSI driver install on Kubernetes nodes with OS platform which support automatic SDC deployment, +currently Fedora CoreOS (FCOS) and Red Hat CoreOS (RHCOS). +On Kubernetes nodes with OS version not supported by automatic install, you must perform the Manual SDC Deployment steps [below](#manual-sdc-deployment). +Refer to https://hub.docker.com/r/dellemc/sdc for supported OS versions. + +**Optional:** For a typical install, you will pull SDC kernel modules from the Dell EMC FTP site, which is set up by default. Some users might want to mirror this repository to a local location. The [PowerFlex KB article](https://www.dell.com/support/kbdoc/en-us/000184206/how-to-use-a-private-repository-for) has instructions on how to do this. + +#### Manual SDC Deployment + +For detailed PowerFlex installation procedure, see the [Dell EMC PowerFlex Deployment Guide](https://docs.delltechnologies.com/bundle/VXF_DEPLOY/page/GUID-DD20489C-42D9-42C6-9795-E4694688CC75.html). Install the PowerFlex SDC as follows: + +**Steps** + +1. Download the PowerFlex SDC from [Dell EMC Online support](https://www.dell.com/support). The filename is EMC-ScaleIO-sdc-*.rpm, where * is the SDC name corresponding to the PowerFlex installation version. +2. Export the shell variable _MDM_IP_ in a comma-separated list using `export MDM_IP=xx.xxx.xx.xx,xx.xxx.xx.xx`, where xxx represents the actual IP address in your environment. This list contains the IP addresses of the MDMs. +3. Install the SDC per the _Dell EMC PowerFlex Deployment Guide_: + - For Red Hat Enterprise Linux and CentOS, run `rpm -iv ./EMC-ScaleIO-sdc-*.x86_64.rpm`, where * is the SDC name corresponding to the PowerFlex installation version. +4. To add more MDM_IP for multi-array support, run `/opt/emc/scaleio/sdc/bin/drv_cfg --add_mdm --ip 10.xx.xx.xx.xx,10.xx.xx.xx` + + +### (Optional) Volume Snapshot Requirements + +Applicable only if you decided to enable snapshot feature in `values.yaml` + +```yaml +controller: + snapshot: + enabled: true +``` + +#### Volume Snapshot CRD's +The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. Manifests are available here: [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/client/config/crd) + +#### Volume Snapshot Controller +The CSI external-snapshotter sidecar is split into two controllers: +- A common snapshot controller +- A CSI external-snapshotter sidecar + +The common snapshot controller must be installed only once in the cluster irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available here: [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/deploy/kubernetes/snapshot-controller) + +*NOTE:* +- The manifests available on GitHub install the snapshotter image: + - [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) +- The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. + +#### Installation example + +You can install CRDs and default snapshot controller by running following commands: +```bash +git clone https://github.com/kubernetes-csi/external-snapshotter/ +cd ./external-snapshotter +git checkout release- +kubectl create -f client/config/crd +kubectl create -f deploy/kubernetes/snapshot-controller +``` + +*NOTE:* +- When using Kubernetes 1.20/1.21/1.22 it is recommended to use 4.2.x version of snapshotter/snapshot-controller. +- The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. + +## Install the Driver + +**Steps** +1. Run `git clone -b v2.0.0 https://github.com/dell/csi-powerflex.git` to clone the git repository. + +2. Ensure that you have created a namespace where you want to install the driver. You can run `kubectl create namespace vxflexos` to create a new one. + +3. Check `helm/csi-vxflexos/driver-image.yaml` and confirm the driver image points to a new image. + +4. Collect information from the PowerFlex SDC by executing the `get_vxflexos_info.sh` script located in the top-level helm directory. This script shows the _VxFlex OS system ID_ and _MDM IP_ addresses. Make a note of the value for these parameters as they must be entered in the `config.yaml` file in the samples directory. + +5. Prepare the samples/config.yaml for driver configuration. The following table lists driver configuration parameters for multiple storage arrays. + + | Parameter | Description | Required | Default | + | --------- | ------------------------------------------------------------ | -------- | ------- | + | username | Username for accessing PowerFlex system. | true | - | + | password | Password for accessing PowerFlex system. | true | - | + | systemID | System name/ID of PowerFlex system. | true | - | + | allSystemNames | List of previous names of powerflex array if used for PV create | false | - | + | endpoint | REST API gateway HTTPS endpoint for PowerFlex system. | true | - | + | skipCertificateValidation | Determines if the driver is going to validate certs while connecting to PowerFlex REST API interface. | true | true | + | isDefault | An array having isDefault=true is for backward compatibility. This parameter should occur once in the list. | false | false | + | mdm | mdm defines the MDM(s) that SDC should register with on start. This should be a list of MDM IP addresses or hostnames separated by comma. | true | - | + + Example: `samples/config.yaml` + + ```yaml + # Username for accessing PowerFlex system. + - username: "admin" + # Password for accessing PowerFlex system. + password: "password" + # System name/ID of PowerFlex system. + systemID: "ID1" + # Previous names of PowerFlex system if used for PV. + allSystemNames: "pflex-1,pflex-2" + # REST API gateway HTTPS endpoint for PowerFlex system. + endpoint: "https://127.0.0.1" + # Determines if the driver is going to validate certs while connecting to PowerFlex REST API interface. + # Allowed values: true or false + # Default value: true + skipCertificateValidation: true + # indicates if this array is the default array + # needed for backwards compatibility + # only one array is allowed to have this set to true + # Default value: false + isDefault: true + # defines the MDM(s) that SDC should register with on start. + # Allowed values: a list of IP addresses or hostnames separated by comma. + # Default value: none + mdm: "10.0.0.1,10.0.0.2" + - username: "admin" + password: "Password123" + systemID: "ID2" + endpoint: "https://127.0.0.2" + skipCertificateValidation: true + mdm: "10.0.0.3,10.0.0.4" + ``` + + After editing the file, run the following command to create a secret called `vxflexos-config`: + + `kubectl create secret generic vxflexos-config -n vxflexos --from-file=config=samples/config.yaml` + + Use the following command to replace or update the secret: + + `kubectl create secret generic vxflexos-config -n vxflexos --from-file=config=samples/config.yaml -o yaml --dry-run=client | kubectl replace -f -` + + *NOTE:* + + - The user needs to validate the YAML syntax and array-related key/values while replacing the vxflexos-creds secret. + - If you want to create a new array or update the MDM values in the secret, you will need to reinstall the driver. If you change other details, such as login information, the secret will dynamically update -- see [dynamic-array-configuration](../../../features/powerflex#dynamic-array-configuration) for more details. + - Old `json` format of the array configuration file is still supported in this release. If you already have your configuration in `json` format, you may continue to maintain it or you may transfer this configuration to `yaml` + format and replace/update the secret. + - "insecure" parameter has been changed to "skipCertificateValidation" as insecure is deprecated and will be removed from use in config.yaml or secret.yaml in a future release. Users can continue to use any one of "insecure" or "skipCertificateValidation" for now. The driver would return an error if both parameters are used. + - Please note that log configuration parameters from v1.5 will no longer work in v2.0. Please refer to the [Dynamic Logging Configuration](../../../features/powerflex#dynamic-logging-configuration) section in Features for more information. + +6. Default logging options are set during helm install. To see possible configuration options, see the [Dynamic Logging Configuration](../../../features/powerflex#dynamic-logging-configuration) section in Features. + +7. If using automated SDC deployment: + - Check the SDC container image is the correct version for your version of PowerFlex. + +8. Copy the default values.yaml file `cd helm && cp csi-vxflexos/values.yaml myvalues.yaml` + +9. Edit the newly created values file and provide values for the following parameters `vi myvalues.yaml`: + +| Parameter | Description | Required | Default | +| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | +| version | Set to verify the values file version matches driver version. | Yes | 2.0.0 | +| certSecretCount | Represents the number of certificate secrets, which the user is going to create for SSL authentication. | No | 0 | +| logLevel | CSI driver log level. Allowed values: "error", "warn"/"warning", "info", "debug". | Yes | "debug" | +| logFormat | CSI driver log format. Allowed values: "TEXT" or "JSON". | Yes | "TEXT" | +| kubeletConfigDir | kubelet config directory path. Ensure that the config.yaml file is present at this path. | Yes | /var/lib/kubelet | +| defaultFsType | Used to set the default FS type which will be used for mount volumes if FsType is not specified in the storage class. Allowed values: ext4, xfs. | Yes | ext4 | +| imagePullPolicy | Policy to determine if the image should be pulled prior to starting the container. Allowed values: Always, IfNotPresent, Never. | Yes | IfNotPresent | +| enablesnapshotcgdelete | A boolean that, when enabled, will delete all snapshots in a consistency group everytime a snap in the group is deleted. | Yes | false | +| enablelistvolumesnapshot | A boolean that, when enabled, will allow list volume operation to include snapshots (since creating a volume from a snap actually results in a new snap). It is recommend this be false unless instructed otherwise. | Yes | false | +| allowRWOMultiPodAccess | Setting allowRWOMultiPodAccess to "true" will allow multiple pods on the same node to access the same RWO volume. This behavior conflicts with the CSI specification version 1.3. NodePublishVolume description that requires an error to be returned in this case. However, some other CSI drivers support this behavior and some customers desire this behavior. Customers use this option at their own risk. | Yes | false | +| **controller** | This section allows the configuration of controller-specific parameters. To maximize the number of available nodes for controller pods, see this section. For more details on the new controller pod configurations, see the [Features section](../../../features/powerflex#controller-ha) for Powerflex specifics. | - | - | +| volumeNamePrefix | Set so that volumes created by the driver have a default prefix. If one PowerFlex/VxFlex OS system is servicing several different Kubernetes installations or users, these prefixes help you distinguish them. | Yes | "k8s" | +| controllerCount | Set to deploy multiple controller instances. If the controller count is greater than the number of available nodes, excess pods remain in a pending state. It should be greater than 0. You can increase the number of available nodes by configuring the "controller" section in your values.yaml. For more details on the new controller pod configurations, see the [Features section](../../../features/powerflex#controller-ha) for Powerflex specifics. | Yes | 2 | +| snapshot.enabled | A boolean that enable/disable volume snapshot feature. | No | true | +| resizer.enabled | A boolean that enable/disable volume expansion feature. | No | true | +| nodeSelector | Defines what nodes would be selected for pods of controller deployment. Leave as blank to use all nodes. Uncomment this section to deploy on master nodes exclusively. | Yes | " " | +| tolerations | Defines tolerations that would be applied to controller deployment. Leave as blank to install the controller on worker nodes only. If deploying on master nodes is desired, uncomment out this section. | Yes | " " | +| **node** | This section allows the configuration of node-specific parameters. | - | - | +| nodeSelector | Defines what nodes would be selected for pods of node daemonset. Leave as blank to use all nodes. | Yes | " " | +| tolerations | Defines tolerations that would be applied to node daemonset. Leave as blank to install node driver only on worker nodes. | Yes | " " | +| **monitor** | This section allows the configuration of the SDC monitoring pod. | - | - | +| enabled | Set to enable the usage of the monitoring pod. | Yes | false | +| hostNetwork | Set whether the monitor pod should run on the host network or not. | Yes | true | +| hostPID | Set whether the monitor pod should run in the host namespace or not. | Yes | true | +| **vgsnapshotter** | This section allows the configuration of the volume group snapshotter(vgsnapshotter) pod. | - | - | +| enabled | A boolean that enable/disable vg snapshotter feature. | No | false | +| image | Image for vg snapshotter. | No | " " | +| **podmon** | Podmon is an optional feature under development and tech preview. Enable this feature only after contact support for additional information. | - | - | +| enabled | A boolean that enable/disable podmon feature. | No | false | +| image | image for podmon. | No | " " | + + +10. Install the driver using `csi-install.sh` bash script by running `cd ../dell-csi-helm-installer && ./csi-install.sh --namespace vxflexos --values ../helm/myvalues.yaml` + + *NOTE:* +- For detailed instructions on how to run the install scripts, refer to the README.md in the dell-csi-helm-installer folder. +- Install script will validate MDM IP(s) in `vxflexos-config` secret and creates a new field consumed by the init container and sdc-monitor container +- This install script also runs the `verify.sh` script. You will be prompted to enter the credentials for each of the Kubernetes nodes. + The `verify.sh` script needs the credentials to check if SDC has been configured on all nodes. +- It is mandatory to run install script after changes to MDM configuration in `vxflexos-config` secret. Refer [dynamic-array-configuration](../../../features/powerflex#dynamic-array-configuration) + +- (Optional) Enable additional Mount Options - A user is able to specify additional mount options as needed for the driver. + - Mount options are specified in storageclass yaml under _mkfsFormatOption_. + - *WARNING*: Before utilizing mount options, you must first be fully aware of the potential impact and understand your environment's requirements for the specified option. + +## Certificate validation for PowerFlex Gateway REST API calls + +This topic provides details about setting up the certificate for the CSI Driver for Dell EMC PowerFlex. + +*Before you begin* + +As part of the CSI driver installation, the CSI driver requires a secret with the name vxflexos-certs-0 to vxflexos-certs-n based on the ".Values.certSecretCount" parameter present in the namespace vxflexos. + +This secret contains the X509 certificates of the CA which signed PowerFlex gateway SSL certificate in PEM format. + +The CSI driver exposes an install parameter in config.yaml, `skipCertificateValidation`, which determines if the driver performs client-side verification of the gateway certificates. + +`skipCertificateValidation` parameter is set to true by default, and the driver does not verify the gateway certificates. + +If `skipCertificateValidation` is set to false, then the secret vxflexos-certs-n must contain the CA certificate for the array gateway. + +If this secret is an empty secret, then the validation of the certificate fails, and the driver fails to start. + +If the gateway certificate is self-signed or if you are using an embedded gateway, then perform the following steps. + +1. To fetch the certificate, run the following command. + + `openssl s_client -showcerts -connect /dev/null | openssl x509 -outform PEM > ca_cert_0.pem` + + Example: openssl s_client -showcerts -connect 1.1.1.1:443 /dev/null | openssl x509 -outform PEM > ca_cert_0.pem + +2. Run the following command to create the cert secret with index '0': + + `kubectl create secret generic vxflexos-certs-0 --from-file=cert-0=ca_cert_0.pem -n vxflexos` + + Use the following command to replace the secret: + + `kubectl create secret generic vxflexos-certs-0 -n vxflexos --from-file=cert-0=ca_cert_0.pem -o yaml --dry-run | kubectl replace -f -` + +3. Repeat step 1 and 2 to create multiple cert secrets with incremental index (example: vxflexos-certs-1, vxflexos-certs-2, etc) + + +*Note:* + +- "vxflexos" is the namespace for helm-based installation but namespace can be user-defined in operator-based installation. +- User can add multiple certificates in the same secret. The certificate file should not exceed more than 1Mb due to Kubernetes secret size limitation. +- Whenever certSecretCount parameter changes in `myvalues.yaml` user needs to uninstall and install the driver. +- Updating vxflexos-certs-n secrets is a manual process, unlike vxflexos-config. Users have to re-install the driver in case of updating/adding the SSL certificates or changing the certSecretCount parameter. + + + +## Storage Classes + +For CSI driver for PowerFlex version 1.4 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `samples` folder. Use these samples to create new storage classes to provision storage. + +### What happens to my existing storage classes? + +Upgrading from an older version of the driver: The storage classes will be deleted if you upgrade the driver. If you wish to continue using those storage classes, you can patch them and apply the annotation “helm.sh/resource-policy”: keep before performing an upgrade. + +>Note: If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. + +**Steps to create storage class:** +There are samples storage class yaml files available under `samples/storageclass`. These can be copied and modified as needed. + +1. Edit `storageclass.yaml` if you need ext4 filesystem and `storageclass-xfs.yaml` if you want xfs filesystem. +2. Replace `` with the storage pool you have. +3. Replace `` with the system ID you have. Note there are two appearances in the file. +4. Edit `storageclass.kubernetes.io/is-default-class` to true if you want to set it as default, otherwise false. +5. Save the file and create it by using `kubectl create -f storageclass.yaml` or `kubectl create -f storageclass-xfs.yaml` + + *NOTE*: +- At least one storage class is required for one array. +- If you uninstall the driver and reinstall it, you can still face errors if any update in the `values.yaml` file leads to an update of the storage class(es): + +``` + Error: cannot patch "" with kind StorageClass: StorageClass.storage.k8s.io "" is invalid: parameters: Forbidden: updates to parameters are forbidden +``` + +In case you want to make such updates, ensure to delete the existing storage classes using the `kubectl delete storageclass` command. +Deleting a storage class has no impact on a running Pod with mounted PVCs. You cannot provision new PVCs until at least one storage class is newly created. + +## Volume Snapshot Class + +Starting CSI PowerFlex v1.5, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. There is a sample Volume Snapshot Class manifest present in the _samples/_ folder. Please use this sample to create a new Volume Snapshot Class to create Volume Snapshots. + +*NOTE* +Support for v1beta1 snapshots is being discontinued in this release. + +### What happens to my existing Volume Snapshot Classes? + +*Upgrading from CSI PowerFlex v1.5 driver*: +The existing volume snapshot class will be retained. + +*Upgrading from an older version of the driver*: +It is strongly recommended to upgrade the earlier versions of CSI PowerFlex to 1.5 before upgrading to 2.0. diff --git a/content/v3/csidriver/installation/helm/powermax.md b/content/v3/csidriver/installation/helm/powermax.md new file mode 100644 index 0000000000..4145ceca62 --- /dev/null +++ b/content/v3/csidriver/installation/helm/powermax.md @@ -0,0 +1,355 @@ +--- +title: PowerMax +linktitle: PowerMax +description: > + Installing CSI Driver for PowerMax via Helm +--- + +CSI Driver for Dell EMC PowerMax can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, see the script [documentation](https://github.com/dell/csi-powermax/tree/master/dell-csi-helm-installer). + +The controller section of the Helm chart installs the following components in a _Deployment_ in the specified namespace: +- CSI Driver for Dell EMC PowerMax +- Kubernetes External Provisioner, which provisions the volumes +- Kubernetes External Attacher, which attaches the volumes to the containers +- Kubernetes External Snapshotter, which provides snapshot support +- Kubernetes External Resizer, which resizes the volume +- CSI PowerMax ReverseProxy (optional) + +The node section of the Helm chart installs the following component in a _DaemonSet_ in the specified namespace: +- CSI Driver for Dell EMC PowerMax +- Kubernetes Node Registrar, which handles the driver registration + +## Prerequisites + +The following requirements must be met before installing CSI Driver for Dell EMC PowerMax: +- Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) +- Install Helm 3 +- Fibre Channel requirements +- iSCSI requirements +- Certificate validation for Unisphere REST API calls +- Mount propagation is enabled on container runtime that is being used +- Linux multipathing requirements +- If using Snapshot feature, satisfy all Volume Snapshot requirements + +### Install Helm 3 + +Install Helm 3 on the master node before you install CSI Driver for Dell EMC PowerMax. + +**Steps** + + Run the `curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash` command to install Helm 3. + + +### Fibre Channel Requirements + +CSI Driver for Dell EMC PowerMax supports Fibre Channel communication. Ensure that the following requirements are met before you install CSI Driver: +- Zoning of the Host Bus Adapters (HBAs) to the Fibre Channel port director must be completed. +- Ensure that the HBA WWNs (initiators) appear on the list of initiators that are logged into the array. +- If the number of volumes that will be published to nodes is high, then configure the maximum number of LUNs for your HBAs on each node. See the appropriate HBA document to configure the maximum number of LUNs. + +### iSCSI Requirements + +The CSI Driver for Dell EMC PowerMax supports iSCSI connectivity. These requirements are applicable for the nodes that use iSCSI initiator to connect to the PowerMax arrays. + +Set up the iSCSI initiators as follows: +- All Kubernetes nodes must have the _iscsi-initiator-utils_ package installed. +- Ensure that the iSCSI initiators are available on all the nodes where the driver node plugin will be installed. +- Kubernetes nodes should have access (network connectivity) to an iSCSI director on the Dell EMC PowerMax array that has IP interfaces. Manually create IP routes for each node that connects to the Dell EMC PowerMax if required. +- Ensure that the iSCSI initiators on the nodes are not a part of any existing Host (Initiator Group) on the Dell EMC PowerMax array. +- The CSI Driver needs the port group names containing the required iSCSI director ports. These port groups must be set up on each Dell EMC PowerMax array. All the port group names supplied to the driver must exist on each Dell EMC PowerMax with the same name. + +For more information about configuring iSCSI, see [Dell EMC Host Connectivity guide](https://www.delltechnologies.com/asset/zh-tw/products/storage/technical-support/docu5128.pdf). + +### Certificate validation for Unisphere REST API calls + +As part of the CSI driver installation, the CSI driver requires a secret with the name _powermax-certs_ present in the namespace _powermax_. This secret contains the X509 certificates of the CA which signed the Unisphere SSL certificate in PEM format. This secret is mounted as a volume in the driver container. In earlier releases, if the install script did not find the secret, it created an empty secret with the same name. From the 1.2.0 release, the secret volume has been made optional. The install script no longer attempts to create an empty secret. + +The CSI driver exposes an install parameter `skipCertificateValidation` which determines if the driver performs client-side verification of the Unisphere certificates. The `skipCertificateValidation` parameter is set to _true_ by default, and the driver does not verify the Unisphere certificates. + +If the `skipCertificateValidation` parameter is set to _false_ and a previous installation attempt created an empty secret, then this secret must be deleted and re-created using the CA certs. + +If the Unisphere certificate is self-signed or if you are using an embedded Unisphere, then perform the following steps: +1. To fetch the certificate, run `openssl s_client -showcerts -connect [Unisphere IP]:8443 /dev/null | openssl x509 -outform PEM > ca_cert.pem` + + *NOTE*: The IP address varies for each user. + +2. To create the secret, run `kubectl create secret generic powermax-certs --from-file=ca_cert.pem -n powermax` + +### Ports in the port group + +There are no restrictions to how many ports can be present in the iSCSI port groups provided to the driver. + +The same applies to Fibre Channel where there are no restrictions on the number of FA directors a host HBA can be zoned to. See the best practices for host connectivity to Dell EMC PowerMax to ensure that you have multiple paths to your data volumes. + +### Linux multipathing requirements + +CSI Driver for Dell EMC PowerMax supports Linux multipathing. Configure Linux multipathing before installing the CSI Driver. + +Set up Linux multipathing as follows: + +- All the nodes must have the _Device Mapper Multipathing_ package installed. + *NOTE:* When this package is installed it creates a multipath configuration file which is located at `/etc/multipath.conf`. Please ensure that this file always exists. +- Enable multipathing using `mpathconf --enable --with_multipathd y` +- Enable `user_friendly_names` and `find_multipaths` in the `multipath.conf` file. + +As a best practice, use the following options to help the operating system and the mulitpathing software detect path changes efficiently: +```text +path_grouping_policy multibus +path_checker tur +features "1 queue_if_no_path" +path_selector "round-robin 0" +no_path_retry 10 +``` + +### (Optional) Volume Snapshot Requirements + +Applicable only if you decided to enable snapshot feature in `values.yaml` + +```yaml +snapshot: + enabled: true +``` + +#### Volume Snapshot CRD's +The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. For installation, use [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/client/config/crd) + +#### Volume Snapshot Controller +The CSI external-snapshotter sidecar is split into two controllers to support Volume snapshots. + +- A common snapshot controller +- A CSI external-snapshotter sidecar + +The common snapshot controller must be installed only once in the cluster, irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available here: [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/deploy/kubernetes/snapshot-controller) + +*NOTE:* +- The manifests available on GitHub install the snapshotter image: + [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) +- The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. + +### (Optional) Replication feature Requirements + +Applicable only if you decided to enable the Replication feature in `values.yaml` + +```yaml +replication: + enabled: true +``` +#### Replication CRD's + +The CRDs for replication can be obtained and installed from the csm-replication project on Github. Use `csm-replication/deploy/replicationcrds.all.yaml` located in the csm-replication git repo for the installation. + +CRDs should be configured during replication prepare stage with repctl as described in [install-repctl](../../../../replication/deployment/install-repctl) + +#### Installation example + +You can install CRDs and the default snapshot controller by running the following commands: +```bash +git clone https://github.com/kubernetes-csi/external-snapshotter/ +cd ./external-snapshotter +git checkout release- +kubectl create -f client/config/crd +kubectl create -f deploy/kubernetes/snapshot-controller +``` + +*NOTE:* +- It is recommended to use 4.2.x version of snapshotter/snapshot-controller. +- The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. + + +## Install the Driver + +**Steps** + +1. Run `git clone -b v2.0.0 https://github.com/dell/csi-powermax.git` to clone the git repository. This will include the Helm charts and dell-csi-helm-installer scripts. +2. Ensure that you have created a namespace where you want to install the driver. You can run `kubectl create namespace powermax` to create a new one +3. Edit the `samples/secret/secret.yaml file, point to the correct namespace, and replace the values for the username and password parameters. + These values can be obtained using base64 encoding as described in the following example: + ```bash + echo -n "myusername" | base64 + echo -n "mypassword" | base64 + ``` + where *myusername* and *mypassword* are credentials for a user with PowerMax privileges. +4. Create the secret by running `kubectl create -f samples/secret/secret.yaml`. +5. If you are going to install the new CSI PowerMax ReverseProxy service, create a TLS secret with the name - _csireverseproxy-tls-secret_ which holds an SSL certificate and the corresponding private key in the namespace where you are installing the driver. +6. Copy the default values.yaml file `cd helm && cp csi-powermax/values.yaml my-powermax-settings.yaml` +7. Edit the newly created file and provide values for the following parameters `vi my-powermax-settings.yaml` + +| Parameter | Description | Required | Default | +|-----------|--------------|------------|----------| +| kubeletConfigDir | Specify kubelet config dir path | Yes | /var/lib/kubelet | +| imagePullPolicy | The default pull policy is IfNotPresent which causes the Kubelet to skip pulling an image if it already exists. | Yes | IfNotPresent | +| clusterPrefix | Prefix that is used during the creation of various masking-related entities (Storage Groups, Masking Views, Hosts, and Volume Identifiers) on the array. The value that you specify here must be unique. Ensure that no other CSI PowerMax driver is managing the same arrays that are configured with the same prefix. The maximum length for this prefix is three characters. | Yes | "ABC" | +| defaultFsType | Used to set the default FS type for external provisioner | Yes | ext4 | +| portGroups | List of comma-separated port group names. Any port group that is specified here must be present on all the arrays that the driver manages. | For iSCSI Only | "PortGroup1, PortGroup2, PortGroup3" | +| storageResourcePool | This parameter must mention one of the SRPs on the PowerMax array that the symmetrixID specifies. This value is used to create the default storage class. | Yes| "SRP_1" | +| serviceLevel | This parameter must mention one of the Service Levels on the PowerMax array. This value is used to create the default storage class. | Yes| "Bronze" | +| skipCertificateValidation | Skip client-side TLS verification of Unisphere certificates | No | "True" | +| transportProtocol | Set the preferred transport protocol for the Kubernetes cluster which helps the driver choose between FC and iSCSI when a node has both FC and iSCSI connectivity to a PowerMax array.| No | Empty| +| nodeNameTemplate | Used to specify a template that will be used by the driver to create Host/IG names on the PowerMax array. To use the default naming convention, leave this value empty. | No | Empty| +| **controller** | Allows configuration of the controller-specific parameters.| - | - | +| controllerCount | Defines the number of csi-powerscale controller pods to deploy to the Kubernetes release| Yes | 2 | +| volumeNamePrefix | Defines a string prefix for the names of PersistentVolumes created | Yes | "k8s" | +| snapshot.enabled | Enable/Disable volume snapshot feature | Yes | true | +| snapshot.snapNamePrefix | Defines a string prefix for the names of the Snapshots created | Yes | "snapshot" | +| resizer.enabled | Enable/Disable volume expansion feature | Yes | true | +| nodeSelector | Define node selection constraints for pods of controller deployment | No | | +| tolerations | Define tolerations for the controller deployment, if required | No | | +| **node** | Allows configuration of the node-specific parameters.| - | - | +| tolerations | Add tolerations as per requirement | No | - | +| nodeSelector | Add node selectors as per requirement | No | - | +| **global**| This section refers to configuration options for both CSI PowerMax Driver and Reverse Proxy | - | - | +|defaultCredentialsSecret| This secret name refers to:
1. The Unisphere credentials if the driver is installed without proxy or with proxy in Linked mode.
2. The proxy credentials if the driver is installed with proxy in StandAlone mode.
3. The default Unisphere credentials if credentialsSecret is not specified for a management server.| Yes | powermax-creds | +| storageArrays| This section refers to the list of arrays managed by the driver and Reverse Proxy in StandAlone mode.| - | - | +| storageArrayId | This refers to PowerMax Symmetrix ID.| Yes | 000000000001| +| endpoint | This refers to the URL of the Unisphere server managing _storageArrayId_| Yes if Reverse Proxy mode is _StandAlone_ | https://primary-1.unisphe.re:8443 | +| backupEndpoint | This refers to the URL of the backup Unisphere server managing _storageArrayId_, if Reverse Proxy is installed in _StandAlone_ mode.| No | https://backup-1.unisphe.re:8443 | +| managementServers | This section refers to the list of configurations for Unisphere servers managing powermax arrays.| - | - | +| endpoint | This refers to the URL of the Unisphere server | Yes | https://primary-1.unisphe.re:8443 | +| credentialsSecret| This refers to the user credentials for _endpoint_ | No| primary-1-secret| +| skipCertificateValidation | This parameter should be set to false if you want to do client-side TLS verification of Unisphere for PowerMax SSL certificates.| No | "True" | +| certSecret | The name of the secret in the same namespace containing the CA certificates of the Unisphere server | Yes, if skipCertificateValidation is set to false | Empty| +| limits | This refers to various limits for Reverse Proxy | No | - | +| maxActiveRead | This refers to the maximum concurrent READ request handled by the reverse proxy.| No | 5 | +| maxActiveWrite | This refers to the maximum concurrent WRITE request handled by the reverse proxy.| No | 4 | +| maxOutStandingRead | This refers to maximum queued READ request when reverse proxy receives more than _maxActiveRead_ requests. | No | 50 | +| maxOutStandingWrite| This refers to maximum queued WRITE request when reverse proxy receives more than _maxActiveWrite_ requests.| No | 50 | +| **csireverseproxy**| This section refers to the configuration options for CSI PowerMax Reverse Proxy | - | - | +| enabled | Boolean parameter which indicates if CSI PowerMax Reverse Proxy is going to be configured and installed.
**NOTE:** If not enabled, then there is no requirement to configure any of the following values. | No | "False" | +| image | This refers to the image of the CSI Powermax Reverse Proxy container. | Yes | dellemc/csipowermax-reverseproxy:v1.4.0 | +| tlsSecret | This refers to the TLS secret of the Reverse Proxy Server.| Yes | csirevproxy-tls-secret | +| deployAsSidecar | If set to _true_, the Reverse Proxy is installed as a sidecar to the driver's controller pod otherwise it is installed as a separate deployment.| Yes | "True" | +| port | Specify the port number that is used by the NodePort service created by the CSI PowerMax Reverse Proxy installation| Yes | 2222 | +| mode | This refers to the installation mode of Reverse Proxy. It can be set to:
1. _Linked_: In this mode, the Reverse Proxy communicates with a primary or a backup Unisphere managing the same set of arrays.
2. _StandAlone_: In this mode, the Reverse Proxy communicates with multiple arrays managed by different Unispheres.| Yes | "StandAlone" | + +8. Install the driver using `csi-install.sh` bash script by running `cd ../dell-csi-helm-installer && ./csi-install.sh --namespace powermax --values ../helm/my-powermax-settings.yaml` + +*Note:* +- For detailed instructions on how to run the install scripts, see the readme document in the dell-csi-helm-installer folder. +- There are a set of samples provided [here](#sample-values-file) to help you configure the driver with reverse proxy +- This script also runs the verify.sh script in the same directory. You will be prompted to enter the credentials for each of the Kubernetes nodes. The `verify.sh` script needs the credentials to check if the iSCSI initiators have been configured on all nodes. You can also skip the verification step by specifying the `--skip-verify-node` option + +## Storage Classes + +Starting CSI PowerMax v1.6, `dell-csi-helm-installer` will not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests has been provided in the `samples/storageclass` folder. Please use these samples to create new storage classes to provision storage. + +### What happens to my existing storage classes? + +Upgrading from an older version of the driver: The storage classes will be deleted if you upgrade the driver. To continue using those storage classes, you can patch them and apply the annotation “helm.sh/resource-policy”: keep before performing an upgrade. + +>Note: If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. + +## Volume Snapshot Class + +Starting with CSI PowerMax v1.7, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. There is a sample Volume Snapshot Class manifest present in the _samples/volumesnapshotclass_ folder. Please use this sample to create a new Volume Snapshot Class to create Volume Snapshots. + +### What happens to my existing Volume Snapshot Classes? + +*Upgrading from CSI PowerMax v1.7 driver*: +The existing volume snapshot class will be retained. + +*Upgrading from an older version of the driver*: +It is strongly recommended to upgrade the earlier versions of CSI PowerMax to 1.7 before upgrading to 2.0. + +## Sample values file +The following sections have useful snippets from `values.yaml` file which provides more information on how to configure the CSI PowerMax driver along with CSI PowerMax ReverseProxy in various modes + +### CSI PowerMax driver without Proxy +In this mode, the CSI PowerMax driver can only connect to a single `Unisphere` server. So, you just specify a list of storage arrays +and the address of the `Unisphere` server + +```yaml +global: + defaultCredentialsSecret: powermax-creds + storageArrays: + - storageArrayId: "000000000001" + - storageArrayId: "000000000002" + managementServers: + - endpoint: https://unisphere-address:8443 +``` + +>Note: If you provide multiple endpoints in the list of management servers, the installer will only use the first server in the list + +### CSI PowerMax driver with Proxy in Linked mode +In this mode, the CSI PowerMax ReverseProxy acts as a `passthrough` for the RESTAPI calls and only provides limited functionality +such as rate limiting, backup Unisphere server. The CSI PowerMax driver is still responsible for the authentication with the Unisphere server. + +The first endpoint in the list of management servers is the primary Unisphere server and if you provide a second endpoint, then +it will be considered as the backup Unisphere's endpoint. + +```yaml +global: + defaultCredentialsSecret: powermax-creds + storageArrays: + - storageArrayId: "000000000001" + - storageArrayId: "000000000002" + managementServers: + - endpoint: https://primary-unisphere:8443 + skipCertificateValidation: false + certSecret: primary-cert + limits: + maxActiveRead: 5 + maxActiveWrite: 4 + maxOutStandingRead: 50 + maxOutStandingWrite: 50 + - endpoint: https://backup-unisphere:8443 #Optional + +# "csireverseproxy" refers to the subchart csireverseproxy +csireverseproxy: + # Set enabled to true if you want to use proxy + enabled: true + image: dellemc/csipowermax-reverseproxy:v1.4.0 + tlsSecret: csirevproxy-tls-secret + deployAsSidecar: true + port: 2222 + mode: Linked +``` + +>Note: Since the driver is still responsible for authentication when used with Proxy in `Linked` mode, the credentials for both +> primary and backup Unisphere need to be the same. + +### CSI PowerMax driver with Proxy in StandAlone mode +This is the most advanced configuration which provides you with the capability to connect to Multiple Unisphere servers. +You can specify primary and backup Unisphere servers for each storage array. If you have different credentials for your Unisphere servers, you can also specify different credential secrets. + +```yaml +global: + defaultCredentialsSecret: powermax-creds + storageArrays: + - storageArrayId: "000000000001" + endpoint: https://primary-1.unisphe.re:8443 + backupEndpoint: https://backup-1.unisphe.re:8443 + - storageArrayId: "000000000002" + endpoint: https://primary-2.unisphe.re:8443 + backupEndpoint: https://backup-2.unisphe.re:8443 + managementServers: + - endpoint: https://primary-1.unisphe.re:8443 + credentialsSecret: primary-1-secret + skipCertificateValidation: false + certSecret: primary-cert + limits: + maxActiveRead: 5 + maxActiveWrite: 4 + maxOutStandingRead: 50 + maxOutStandingWrite: 50 + - endpoint: https://backup-1.unisphe.re:8443 + credentialsSecret: backup-1-secret + skipCertificateValidation: true + - endpoint: https://primary-2.unisphe.re:8443 + credentialsSecret: primary-2-secret + skipCertificateValidation: true + - endpoint: https://backup-2.unisphe.re:8443 + credentialsSecret: backup-2-secret + skipCertificateValidation: true + +# "csireverseproxy" refers to the subchart csireverseproxy +csireverseproxy: + # Set enabled to true if you want to use proxy + enabled: true + image: dellemc/csipowermax-reverseproxy:v1.4.0 + tlsSecret: csirevproxy-tls-secret + deployAsSidecar: true + port: 2222 + mode: StandAlone +``` + +>Note: If the credential secret is missing from any management server details, the installer will try to use the defaultCredentialsSecret diff --git a/content/v3/installation/helm/powerstore.md b/content/v3/csidriver/installation/helm/powerstore.md similarity index 52% rename from content/v3/installation/helm/powerstore.md rename to content/v3/csidriver/installation/helm/powerstore.md index 1b51319513..f7a8765508 100644 --- a/content/v3/installation/helm/powerstore.md +++ b/content/v3/csidriver/installation/helm/powerstore.md @@ -1,39 +1,41 @@ --- title: PowerStore description: > - Installing PowerStore CSI Driver via Helm + Installing CSI Driver for PowerStore via Helm --- The CSI Driver for Dell EMC PowerStore can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-powerstore/tree/master/dell-csi-helm-installer). -The controller section of the Helm chart installs the following components in a _Deployment_ in the namespace `csi-powerstore`: +The controller section of the Helm chart installs the following components in a _Deployment_ in the specified namespace: - CSI Driver for Dell EMC PowerStore - Kubernetes External Provisioner, which provisions the volumes - Kubernetes External Attacher, which attaches the volumes to the containers -- Kubernetes External Snapshotter, which provides snapshot support +- (Optional) Kubernetes External Snapshotter, which provides snapshot support - Kubernetes External Resizer, which resizes the volume -The node section of the Helm chart installs the following component in a _DaemonSet_ in the namespace `csi-powerstore`: +The node section of the Helm chart installs the following component in a _DaemonSet_ in the specified namespace: - CSI Driver for Dell EMC PowerStore - Kubernetes Node Registrar, which handles the driver registration ## Prerequisites The following are requirements to be met before installing the CSI Driver for Dell EMC PowerStore: -- Install Kubernetes or OpenShift (see [supported versions](../../../dell-csi-driver/)) +- Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) - Install Helm 3 - If you plan to use either the Fibre Channel or iSCSI protocol, refer to either _Fibre Channel requirements_ or _Set up the iSCSI Initiator_ sections below. You can use NFS volumes without FC or iSCSI configuration. > You can use either the Fibre Channel or iSCSI protocol, but you do not need both. + +> If you want to use preconfigured iSCSI/FC hosts be sure to check that they are not part of any host group - Linux native multipathing requirements -- Configure Mount propagation on container runtime (i.e. Docker) -- Volume Snapshot requirements -- The nonsecure registries are defined in Docker or other container runtimes, for CSI drivers that are hosted in a non-secure location. +- Mount propagation is enabled on container runtime that is being used +- If using Snapshot feature, satisfy all Volume Snapshot requirements +- Nonsecure registries are defined in Docker or other container runtimes, for CSI drivers that are hosted in a non-secure location. - You can access your cluster with kubectl and helm. - Ensure that your nodes support mounting NFS volumes. ### Install Helm 3.0 -Install Helm 3.0 on the master node before you install the CSI Driver for Dell EMC PowerFlex. +Install Helm 3.0 on the master node before you install the CSI Driver for Dell EMC PowerStore. **Steps** @@ -43,15 +45,15 @@ Install Helm 3.0 on the master node before you install the CSI Driver for Dell E Dell EMC PowerStore supports Fibre Channel communication. If you use the Fibre Channel protocol, ensure that the following requirement is met before you install the CSI Driver for Dell EMC PowerStore: -- Zoning of the Host Bus Adapters (HBAs) to the Fibre Channel port director must be done. +- Zoning of the Host Bus Adapters (HBAs) to the Fibre Channel port must be done. ### Set up the iSCSI Initiator -The CSI Driver for Dell EMC PowerStore v1.3 supports iSCSI connectivity. +The CSI Driver for Dell EMC PowerStore v1.4 and higher supports iSCSI connectivity. If you use the iSCSI protocol, set up the iSCSI initiators as follows: - Ensure that the iSCSI initiators are available on both Controller and Worker nodes. -- Kubernetes nodes must have access (network connectivity) to an iSCSI director on the Dell EMC PowerStore array that +- Kubernetes nodes must have access (network connectivity) to an iSCSI port on the Dell EMC PowerStore array that has IP interfaces. Manually create IP routes for each node that connects to the Dell EMC PowerStore. - All Kubernetes nodes must have the _iscsi-initiator-utils_ package for CentOS/RHEL or _open-iscsi_ package for Ubuntu installed, and the _iscsid_ service must be enabled and running. To do this, run the `systemctl enable --now iscsid` command. @@ -70,42 +72,29 @@ Set up Linux multipathing as follows: - Enable `user_friendly_names` and `find_multipaths` in the `multipath.conf` file. - Ensure that the multipath command for `multipath.conf` is available on all Kubernetes nodes. -### Configure Mount Propagation on Container Runtime - -It is required to configure mount propagation on your container runtime on all Kubernetes nodes before installing the CSI Driver for Dell EMC PowerStore. The following is instruction on how to do this with Docker. If you use another container runtime please follow the recommended instructions from the vendor to configure mount propagation. - -**Steps** - -1. Edit the service section of `/etc/systemd/system/multi-user.target.wants/docker.service` file to add the following lines: - ```bash - docker.service - [Service]... - MountFlags=shared - ``` -2. Restart the docker service with `systemctl daemon-reload` and `systemctl restart docker` on all the nodes. +### (Optional) Volume Snapshot Requirements -*NOTE:* Some distribution, like Ubuntu, already has _MountFlags_ set by default. +Applicable only if you decided to enable the snapshot feature in `values.yaml` -### Volume Snapshot Requirements +```yaml +snapshot: + enabled: true +``` #### Volume Snapshot CRD's -The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. -- If on Kubernetes 1.18/1.19 (beta snapshots) use [v3.0.3](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/client/config/crd) -- If on Kubernetes 1.20 (v1 snapshots) use [v4.0.0](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/client/config/crd) +The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. Use [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/client/config/crd) for the installation. #### Volume Snapshot Controller -The beta Volume Snapshots in Kubernetes version 1.17 and later, the CSI external-snapshotter sidecar is split into two controllers: +The CSI external-snapshotter sidecar is split into two controllers: - A common snapshot controller - A CSI external-snapshotter sidecar The common snapshot controller must be installed only once in the cluster irrespective of the number of CSI drivers installed in the cluster. On OpenShift clusters 4.4 and later, the common snapshot-controller is pre-installed. In the clusters where it is not present, it can be installed using `kubectl` and the manifests are available: -- If on Kubernetes 1.18/1.19 (beta snapshots) use [v3.0.3](https://github.com/kubernetes-csi/external-snapshotter/tree/v3.0.3/deploy/kubernetes/snapshot-controller) -- If on Kubernetes 1.20 (v1 snapshots) use [v4.0.0](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.0.0/deploy/kubernetes/snapshot-controller) +Use [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/deploy/kubernetes/snapshot-controller) for the installation. *NOTE:* - The manifests available on GitHub install the snapshotter image: - - [quay.io/k8scsi/csi-snapshotter:v3.0.3](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v3.0.3&tab=tags) - - [quay.io/k8scsi/csi-snapshotter:v4.0.0](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) + - [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. #### Installation example @@ -120,42 +109,63 @@ kubectl create -f deploy/kubernetes/snapshot-controller ``` *NOTE:* -- It is recommended to use v3.0.3 version of snapshotter/snapshot-controller when using Kubernetes v1.18, v1.19 -- When using Kubernetes v1.20 it is recommended to use v4.0.0 version of snapshotter/snapshot-controller. -- The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. +- It is recommended to use 4.2.x version of snapshotter/snapshot-controller. +- The CSI external-snapshotter sidecar is installed along with the driver and does not involve any extra configuration. + +### (Optional) Replication feature Requirements + +Applicable only if you decided to enable the Replication feature in `values.yaml` + +```yaml +replication: + enabled: true +``` +#### Replication CRD's + +The CRDs for replication can be obtained and installed from the csm-replication project on Github. Use `csm-replication/deploy/replicationcrds.all.yaml` located in csm-replication git repo for the installation. + +CRDs should be configured during replication prepare stage with repctl as described in [install-repctl](../../../../replication/deployment/install-repctl) ## Install the Driver **Steps** -1. Run `git clone https://github.com/dell/csi-powerstore.git` to clone the git repository. -2. Ensure that you have created namespace where you want to install the driver. You can run `kubectl create namespace csi-powerstore` to create a new one. +1. Run `git clone -b v2.0.0 https://github.com/dell/csi-powerstore.git` to clone the git repository. +2. Ensure that you have created namespace where you want to install the driver. You can run `kubectl create namespace csi-powerstore` to create a new one. "csi-powerstore" is just an example. You can choose any name for the namespace. + But make sure to align to the same namespace during the whole installation. 3. Check `helm/csi-powerstore/driver-image.yaml` and confirm the driver image points to new image. -4. Edit `helm/secret.yaml`, correct namespace field to point to your desired namespace. -5. Edit `helm/config.yaml` file and configure connection information for your PowerStore arrays changing following parameters: +4. Edit `samples/secret/secret.yaml` file and configure connection information for your PowerStore arrays changing following parameters: - *endpoint*: defines the full URL path to the PowerStore API. + - *globalID*: specifies what storage cluster the driver should use - *username*, *password*: defines credentials for connecting to array. - - *insecure*: defines if we should use insecure connection or not. - - *default*: defines if we should treat the current array as a default. - - *block-protocol*: defines what SCSI transport protocol we should use (FC, ISCSI, None, or auto). - - *nas-name*: defines what NAS should be used for NFS volumes. + - *skipCertificateValidation*: defines if we should use insecure connection or not. + - *isDefault*: defines if we should treat the current array as a default. + - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, None, or auto). + - *nasName*: defines what NAS should be used for NFS volumes. Add more blocks similar to above for each PowerStore array if necessary. -6. Create storage classes using ones from `helm/samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f ` - > If you do not specify `arrayIP` parameter in the storage class then the array that was specified as the default would be used for provisioning volumes. -7. Create the secret by running ```sed "s/CONFIG_YAML/`cat helm/config.yaml | base64 -w0`/g" helm/secret.yaml | kubectl apply -f -``` -8. Copy the default values.yaml file `cd dell-csi-helm-installer && cp ../helm/csi-powerstore/values.yaml ./my-powerstore-settings.yaml` -9. Edit the newly created values file and provide values for the following parameters `vi my-powerstore-settings.yaml`: +5. Create storage classes using ones from `samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f ` + > If you do not specify `arrayID` parameter in the storage class then the array that was specified as the default would be used for provisioning volumes. +6. Create the secret by running ```kubectl create secret generic powerstore-config -n csi-powerstore --from-file=config=secret.yaml``` +7. Copy the default values.yaml file `cd dell-csi-helm-installer && cp ../helm/csi-powerstore/values.yaml ./my-powerstore-settings.yaml` +8. Edit the newly created values file and provide values for the following parameters `vi my-powerstore-settings.yaml`: | Parameter | Description | Required | Default | |-----------|-------------|----------|---------| -| volumeNamePrefix | Defines the string added to each volume that the CSI driver creates | No | "csi" | -| nodeNamePrefix | Defines the string added to each node that the CSI driver registers | No | "csi-node" | -| nodeIDPath | Defines a path to file with a unique identifier identifying the node in the Kubernetes cluster| No | "/etc/machine-id" | +| logLevel | Defines CSI driver log level | No | "debug" | +| logFormat | Defines CSI driver log format | No | "JSON" | | externalAccess | Defines additional entries for hostAccess of NFS volumes, single IP address and subnet are valid entries | No | " " | +| kubeletConfigDir | Defines kubelet config path for cluster | Yes | "/var/lib/kubelet" | +| imagePullPolicy | Policy to determine if the image should be pulled prior to starting the container. | Yes | "IfNotPresent" | | connection.enableCHAP | Defines whether the driver should use CHAP for iSCSI connections or not | No | False | +| controller.controllerCount | Defines number of replicas of controller deployment | Yes | 2 | +| controller.volumeNamePrefix | Defines the string added to each volume that the CSI driver creates | No | "csivol" | +| controller.snapshot.enabled | Allows to enable/disable snapshotter sidecar with driver installation for snapshot feature | No | "true" | +| controller.snapshot.snapNamePrefix | Defines prefix to apply to the names of a created snapshots | No | "csisnap" | +| controller.resizer.enabled | Allows to enable/disable resizer sidecar with driver installation for volume expansion feature | No | "true" | | controller.nodeSelector | Defines what nodes would be selected for pods of controller deployment | Yes | " " | | controller.tolerations | Defines tolerations that would be applied to controller deployment | Yes | " " | -| controller.replicas | Defines number of replicas of controller deployment | Yes | 2 | +| node.nodeNamePrefix | Defines the string added to each node that the CSI driver registers | No | "csi-node" | +| node.nodeIDPath | Defines a path to file with a unique identifier identifying the node in the Kubernetes cluster| No | "/etc/machine-id" | | node.nodeSelector | Defines what nodes would be selected for pods of node daemonset | Yes | " " | | node.tolerations | Defines tolerations that would be applied to node daemonset | Yes | " " | @@ -164,7 +174,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller *NOTE:* - For detailed instructions on how to run the install scripts, refer to the readme document in the dell-csi-helm-installer folder. -- By default, the driver scans available SCSI adapters and tries to register them with the storage array under the SCSI hostname using `nodeNamePrefix` and the ID read from the file pointed to by `nodeIDPath`. If an adapter is already registered with the storage under a different hostname, the adapter is not used by the driver. +- By default, the driver scans available SCSI adapters and tries to register them with the storage array under the SCSI hostname using `node.nodeNamePrefix` and the ID read from the file pointed to by `node.nodeIDPath`. If an adapter is already registered with the storage under a different hostname, the adapter is not used by the driver. - A hostname the driver uses for registration of adapters is in the form `--`. By default, these are csi-node and the machine ID read from the file `/etc/machine-id`. - To customize the hostname, for example if you want to make them more user friendly, adjust nodeIDPath and nodeNamePrefix accordingly. For example, you can set `nodeNamePrefix` to `k8s` and `nodeIDPath` to `/etc/hostname` to produce names such as `k8s-worker1-192.168.1.2`. - (Optional) Enable additional Mount Options - A user is able to specify additional mount options as needed for the driver. @@ -173,25 +183,21 @@ kubectl create -f deploy/kubernetes/snapshot-controller ## Storage Classes -The CSI driver for Dell EMC PowerStore version 1.3 and later, `dell-csi-helm-installer` will not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `helm/samples` folder. Please use these samples to create new storage classes to provision storage. See this [note](../../../../v1/installation/helm/powerstore/#storage-classes) for the driving reason behind this change. +The CSI driver for Dell EMC PowerStore version 1.3 and later, `dell-csi-helm-installer` does not create any storage classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `samples/storageclass` folder. Use these samples to create new storage classes to provision storage. ### What happens to my existing storage classes? -*Upgrading from CSI PowerStore v1.2 driver* -The storage classes created as part of the installation have an annotation - "helm.sh/resource-policy": keep set. This ensures that even after an uninstall or upgrade, the storage classes are not deleted. You can continue using these storage classes if you wish so. - -*Upgrading from an older version of the driver* -The storage classes will be deleted if you upgrade the driver. If you wish to continue using those storage classes, you can patch them and apply the annotation "helm.sh/resource-policy": keep before performing an upgrade. +Upgrading from an older version of the driver: The storage classes will be deleted if you upgrade the driver. If you wish to continue using those storage classes, you can patch them and apply the annotation “helm.sh/resource-policy”: keep before performing an upgrade. -*NOTE:* If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. +>Note: If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. **Steps to create storage class:** -There are samples storage class yaml files available under `helm/samples/storageclass`. These can be copied and modified as needed. +There are samples storage class yaml files available under `samples/storageclass`. These can be copied and modified as needed. 1. Edit the sample storage class yaml file and update following parameters: -- *arrayIP*: specifies what array driver should use to provision volumes, if not specified driver will use array specified as `default` in `helm/config.yaml` -- *FsType*: specifies what filesystem type driver should use, possible variants `ext4`, `xfs`, `nfs`, if not specified driver will use `ext4` by default +- *arrayID*: specifies what storage cluster the driver should use, if not specified driver will use storage cluster specified as `default` in `samples/secret/secret.yaml` +- *FsType*: specifies what filesystem type driver should use, possible variants `ext4`, `xfs`, `nfs`, if not specified driver will use `ext4` by default. - *allowedTopologies* (Optional): If you want you can also add topology constraints. ```yaml allowedTopologies: @@ -208,4 +214,39 @@ allowedTopologies: kubectl create -f ``` -*NOTE:* Deleting a storage class has no impact on a running Pod with mounted PVCs. You won't be able to provision new PVCs until at least one storage class is newly created. +*NOTE:* Deleting a storage class has no impact on a running Pod with mounted PVCs. You cannot provision new PVCs until at least one storage class is newly created. + +## Volume Snapshot Class + +Starting CSI PowerStore v1.4, `dell-csi-helm-installer` will not create any Volume Snapshot Class during the driver installation. There is a sample Volume Snapshot Class manifest present in the _samples/volumesnapshotclass_ folder. Please use this sample to create a new Volume Snapshot Class to create Volume Snapshots. + +### What happens to my existing Volume Snapshot Classes? + +*Upgrading from CSI PowerStore v1.4 driver*: +The existing volume snapshot class will be retained. + +*Upgrading from an older version of the driver*: +It is strongly recommended to upgrade the earlier versions of CSI PowerStore to 1.4 before upgrading to 2.0. + +## Dynamically update the powerstore secrets + +Users can dynamically add delete array information from secret. Whenever an update happens the driver updates the “Host” information in an array. User can update secret using the following command: +```bash +kubectl create secret generic powerstore-config -n csi-powerstore --from-file=config=secret.yaml -o yaml --dry-run=client | kubectl replace -f - +``` +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for PowerStore version 2.0.0. + +### Helm based installation +As part of driver installation, a ConfigMap with the name `powerstore-config-params` is created, which contains attributes `CSI_LOG_LEVEL` which specifies the current log level of CSI driver and `CSI_LOG_FORMAT` which specifies the current log format of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` and log format to `logFormat` attribute in `my-powerstore-settings.yaml` during driver installation. + +To change the log level or log format dynamically to a different value user can edit the same values.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace csi-powerstore --values ./my-powerstore-settings.yaml --upgrade +``` + +Note: here `my-powerstore-settings.yaml` is a `values.yaml` file which user has used for driver installation. \ No newline at end of file diff --git a/content/v3/csidriver/installation/helm/unity.md b/content/v3/csidriver/installation/helm/unity.md new file mode 100644 index 0000000000..43683da46b --- /dev/null +++ b/content/v3/csidriver/installation/helm/unity.md @@ -0,0 +1,409 @@ +--- +title: Unity +description: > + Installing CSI Driver for Unity via Helm +--- + +The CSI Driver for Dell EMC Unity can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, review the script [documentation](https://github.com/dell/csi-unity/tree/master/dell-csi-helm-installer). + +The controller section of the Helm chart installs the following components in a _Deployment_: + +- CSI Driver for Unity +- Kubernetes External Provisioner, which provisions the volumes +- Kubernetes External Attacher, which attaches the volumes to the containers +- Kubernetes External Snapshotter, which provides snapshot support +- Kubernetes External Resizer, which resizes the volume + +The node section of the Helm chart installs the following component in a _DaemonSet_: + +- CSI Driver for Unity +- Kubernetes Node Registrar, which handles the driver registration + +## Prerequisites + +Before you install CSI Driver for Unity, verify the requirements that are mentioned in this topic are installed and configured. + +### Requirements + +* Install Kubernetes or OpenShift (see [supported versions](../../../../csidriver/#features-and-capabilities)) +* Install Helm v3 +* To use FC protocol, the host must be zoned with Unity array and Multipath needs to be configured +* To use iSCSI protocol, iSCSI initiator utils packages needs to be installed and Multipath needs to be configured +* To use NFS protocol, NFS utility packages needs to be installed +* Mount propagation is enabled on container runtime that is being used + +## Install CSI Driver + +Install CSI Driver for Unity using this procedure. + +*Before you begin* + + * You must have the downloaded files, including the Helm chart from the source [git repository](https://github.com/dell/csi-unity) with the command ```git clone -b v2.0.0 https://github.com/dell/csi-unity.git```, ready for this procedure. + * In the top-level dell-csi-helm-installer directory, there should be two scripts, `csi-install.sh` and `csi-uninstall.sh`. + * Ensure _unity_ namespace exists in Kubernetes cluster. Use the `kubectl create namespace unity` command to create the namespace if the namespace is not present. + + + +Procedure + +1. Collect information from the Unity Systems like Unique ArrayId, IP address, username, and password. Make a note of the value for these parameters as they must be entered in the `secret.yaml` and `myvalues.yaml` file. + + **Note**: + * ArrayId corresponds to the serial number of Unity array. + * Unity Array username must have role as Storage Administrator to be able to perform CRUD operations. + +2. Copy the `helm/csi-unity/values.yaml` into a file named `myvalues.yaml` in the same directory of `csi-install.sh`, to customize settings for installation. + +3. Edit `myvalues.yaml` to set the following parameters for your installation: + + The following table lists the primary configurable parameters of the Unity driver chart and their default values. More detailed information can be found in the [`values.yaml`](https://github.com/dell/csi-unity/blob/master/helm/csi-unity/values.yaml) file in this repository. + + | Parameter | Description | Required | Default | + | --------- | ----------- | -------- |-------- | + | version | helm version | true | - | + | logLevel | LogLevel is used to set the logging level of the driver | true | info | + | allowRWOMultiPodAccess | Flag to enable multiple pods to use the same PVC on the same node with RWO access mode. | false | false | + | kubeletConfigDir | Specify kubelet config dir path | Yes | /var/lib/kubelet | + | syncNodeInfoInterval | Time interval to add node info to the array. Default 15 minutes. The minimum value should be 1 minute. | false | 15 | + | maxUnityVolumesPerNode | Maximum number of volumes that controller can publish to the node. | false | 0 | + | certSecretCount | Represents the number of certificate secrets, which the user is going to create for SSL authentication. (unity-cert-0..unity-cert-n). The minimum value should be 1. | false | 1 | + | imagePullPolicy | The default pull policy is IfNotPresent which causes the Kubelet to skip pulling an image if it already exists. | Yes | IfNotPresent | + | podmon.enabled | service to monitor failing jobs and notify | false | - | + | podmon.image| pod man image name | false | - | + | **controller** | Allows configuration of the controller-specific parameters.| - | - | + | controllerCount | Defines the number of csi-powerscale controller pods to deploy to the Kubernetes release| Yes | 2 | + | volumeNamePrefix | Defines a string prefix for the names of PersistentVolumes created | Yes | "k8s" | + | snapshot.enabled | Enable/Disable volume snapshot feature | Yes | true | + | snapshot.snapNamePrefix | Defines a string prefix for the names of the Snapshots created | Yes | "snapshot" | + | resizer.enabled | Enable/Disable volume expansion feature | Yes | true | + | nodeSelector | Define node selection constraints for pods of controller deployment | No | | + | tolerations | Define tolerations for the controller deployment, if required | No | | + | ***node*** | Allows configuration of the node-specific parameters.| - | - | + | tolerations | Define tolerations for the node daemonset, if required | No | | + | dnsPolicy | Define the DNS Policy of the Node service | Yes | ClusterFirstWithHostNet | + + + + **Note**: + + * User should provide all boolean values with double-quotes. This applies only for `myvalues.yaml`. Example: "true"/"false" + + * controllerCount parameter value should be <= number of nodes in the kubernetes cluster else install script fails. + + * User can a create separate _StorageClass_ (with topology-related keys) by referring to existing default storage classes. + + * Host IO Limit must have a minimum bandwidth of 1 MBPS to discover the volumes on node successfully. + + * User must not change the value of allowRWOMultiPodAccess to true unless intended to use the feature and is aware of the consequences. Enabling multiple pods to access the same PVC with RWO access mode on the same node might cause data to be overwritten and therefore leading to data loss in some cases. + + Example *myvalues.yaml* + ```yaml + logLevel: "info" + imagePullPolicy: Always + certSecretCount: 1 + kubeletConfigDir: /var/lib/kubelet + controller: + controllerCount: 2 + volumeNamePrefix : csivol + snapshot: + enabled: true + snapNamePrefix: csi-snap + resizer: + enabled: false + allowRWOMultiPodAccess: false + syncNodeInfoInterval: 5 + maxUnityVolumesPerNode: 0 + ``` + +4. For certificate validation of Unisphere REST API calls refer [here](#certificate-validation-for-unisphere-rest-api-calls). Otherwise, create an empty secret with file `helm/emptysecret.yaml` file by running the `kubectl create -f helm/emptysecret.yaml` command. + +5. Prepare the `secret.yaml` for driver configuration. + The following table lists driver configuration parameters for multiple storage arrays. + + | Parameter | Description | Required | Default | + | --------- | ----------- | -------- |-------- | + | storageArrayList.username | Username for accessing Unity system | true | - | + | storageArrayList.password | Password for accessing Unity system | true | - | + | storageArrayList.endpoint | REST API gateway HTTPS endpoint Unity system| true | - | + | storageArrayList.arrayId | ArrayID for Unity system | true | - | + | storageArrayList.skipCertificateValidation | "skipCertificateValidation " determines if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate. | true | true | + | storageArrayList.isDefault | An array having isDefault=true or isDefaultArray=true will be considered as the default array when arrayId is not specified in the storage class. This parameter should occur only once in the list. | false | false | + + + Example: secret.yaml + ```yaml + storageArrayList: + - arrayId: "APM00******1" + username: "user" + password: "password" + endpoint: "https://10.1.1.1/" + skipCertificateValidation: true + isDefault: true + + - arrayId: "APM00******2" + username: "user" + password: "password" + endpoint: "https://10.1.1.2/" + skipCertificateValidation: true + ``` + + Use the following command to create a new secret unity-creds from `secret.yaml` file. + + `kubectl create secret generic unity-creds -n unity --from-file=config=secret.yaml` + + Use the following command to replace or update the secret: + + `kubectl create secret generic unity-creds -n unity --from-file=config=secret.yaml -o yaml --dry-run | kubectl replace -f -` + + **Note**: The user needs to validate the yaml syntax and array-related key/values while replacing the unity-creds secret. + The driver will continue to use previous values in case of an error found in the yaml file. + + + Alternatively, users can configure and use `secret.yaml` for driver configuration. The parameters remain the same as in the above table and below is a sample of `secret.yaml`. Samples of `secret.yaml` is available in the directory `csi-unity/samples/secret/ `. + + Example: secret.yaml + ```yaml + storageArrayList: + - arrayId: "APM00******1" + username: "user" + password: "password" + endpoint: "https://10.1.1.1/" + skipCertificateValidation: true + isDefault: true + + - arrayId: "APM00******2" + username: "user" + password: "password" + endpoint: "https://10.1.1.2/" + skipCertificateValidation: true + ``` + + **Note:** + * Parameters "allowRWOMultiPodAccess" and "syncNodeInfoTimeInterval" have been enabled for configuration in values.yaml and this helps users to dynamically change these values without the need for driver re-installation. + +6. Setup for snapshots. + + Applicable only if you decided to enable snapshot feature in `values.yaml` + + ```yaml + controller: + snapshot: + enabled: true + ``` + + In order to use the Kubernetes Volume Snapshot feature, you must ensure the following components have been deployed on your Kubernetes cluster + + #### Volume Snapshot CRD's + The Kubernetes Volume Snapshot CRDs can be obtained and installed from the external-snapshotter project on Github. Use [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/client/config/crd) for the installation. + + #### Volume Snapshot Controller + The CSI external-snapshotter sidecar is split into two controllers: + - A common snapshot controller + - A CSI external-snapshotter sidecar + + Use [v4.2.x](https://github.com/kubernetes-csi/external-snapshotter/tree/v4.2.0/deploy/kubernetes/snapshot-controller) for the installation. + + **Note**: + - The manifests available on GitHub install the snapshotter image: + - [quay.io/k8scsi/csi-snapshotter:v4.0.x](https://quay.io/repository/k8scsi/csi-snapshotter?tag=v4.0.0&tab=tags) + - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. + + #### Installation example + + You can install CRDs and default snapshot controller by running following commands: + ```bash + git clone https://github.com/kubernetes-csi/external-snapshotter/ + cd ./external-snapshotter + git checkout release- + kubectl create -f client/config/crd + kubectl create -f deploy/kubernetes/snapshot-controller + ``` + + **Note**: + - It is recommended to use 4.2.x version of snapshotter/snapshot-controller. + - The CSI external-snapshotter sidecar is still installed along with the driver and does not involve any extra configuration. + + + +7. Run the `./csi-install.sh --namespace unity --values ./myvalues.yaml` command to proceed with the installation. + + A successful installation must display messages that look similar to the following samples: + ``` + ------------------------------------------------------ + > Installing CSI Driver: csi-unity on 1.20 + ------------------------------------------------------ + ------------------------------------------------------ + > Checking to see if CSI Driver is already installed + ------------------------------------------------------ + ------------------------------------------------------ + > Verifying Kubernetes and driver configuration + ------------------------------------------------------ + |- Kubernetes Version: 1.20 + | + |- Driver: csi-unity + | + |- Verifying Kubernetes versions + | + |--> Verifying minimum Kubernetes version Success + | + |--> Verifying maximum Kubernetes version Success + | + |- Verifying that required namespaces have been created Success + | + |- Verifying that required secrets have been created Success + | + |- Verifying that required secrets have been created Success + | + |- Verifying alpha snapshot resources + | + |--> Verifying that alpha snapshot CRDs are not installed Success + | + |- Verifying sshpass installation.. | + |- Verifying iSCSI installation + Enter the root password of 10.**.**.**: + + Enter the root password of 10.**.**.**: + Success + | + |- Verifying snapshot support + | + |--> Verifying that snapshot CRDs are available Success + | + |--> Verifying that the snapshot controller is available Success + | + |- Verifying helm version Success + | + |- Verifying helm values version Success + + ------------------------------------------------------ + > Verification Complete - Success + ------------------------------------------------------ + | + |- Installing Driver Success + | + |--> Waiting for Deployment unity-controller to be ready Success + | + |--> Waiting for DaemonSet unity-node to be ready Success + ------------------------------------------------------ + > Operation complete + ------------------------------------------------------ + ``` + Results: + + At the end of the script unity-controller Deployment and DaemonSet unity-node will be ready, execute command `kubectl get pods -n unity` to get the status of the pods and you will see the following: + + * One or more Unity Controller (based on controllerCount) with 5/5 containers ready, and status displayed as Running. + * Agent pods with 2/2 containers and the status displayed as Running. + + +## Certificate validation for Unisphere REST API calls + +This topic provides details about setting up the certificate validation for the CSI Driver for Dell EMC Unity. + +*Before you begin* + +As part of the CSI driver installation, the CSI driver requires a secret with the name unity-certs-0 to unity-certs-n based on the ".Values.certSecretCount" parameter present in the namespace unity. + +This secret contains the X509 certificates of the CA which signed the Unisphere SSL certificate in PEM format. + +If the install script does not find the secret, it creates one empty secret with the name unity-certs-0. + +If this secret is an empty secret, then the validation of the certificate fails, and the driver fails to start. + +If the Unisphere certificate is self-signed or if you are using an embedded Unisphere, then perform the following steps. + + 1. To fetch the certificate, run the following command. + `openssl s_client -showcerts -connect /dev/null | openssl x509 -outform PEM > ca_cert_0.pem` + Example: openssl s_client -showcerts -connect 1.1.1.1:443 /dev/null | openssl x509 -outform PEM > ca_cert_0.pem + 2. Run the following command to create the cert secret with index '0': + `kubectl create secret generic unity-certs-0 --from-file=cert-0=ca_cert_0.pem -n unity` + Use the following command to replace the secret: + `kubectl create secret generic unity-certs-0 -n unity --from-file=cert-0=ca_cert_0.pem -o yaml --dry-run | kubectl replace -f -` + 3. Repeat step 1 and 2 to create multiple cert secrets with incremental index (example: unity-certs-1, unity-certs-2, etc) + + + **Note:** + + * "unity" is the namespace for helm-based installation but namespace can be user-defined in operator-based installation. + + * User can add multiple certificates in the same secret. The certificate file should not exceed more than 1Mb due to Kubernetes secret size limitation. + + * Whenever certSecretCount parameter changes in `myvalues.yaml` user needs to uninstall and install the driver. + +## Volume Snapshot Class + +For CSI Driver for Unity version 1.6 and later, `dell-csi-helm-installer` does not create any Volume Snapshot classes as part of the driver installation. A wide set of annotated storage class manifests have been provided in the `csi-unity/samples/volumesnapshotclass/` folder. Use these samples to create new Volume Snapshot to provision storage. + +### What happens to my existing Volume Snapshot Classes? + +*Upgrading from CSI Unity v1.6 driver*: +The existing volume snapshot class will be retained. + +*Upgrading from an older version of the driver*: +It is strongly recommended to upgrade the earlier versions of CSI Unity to 1.6 before upgrading to 2.0. + +## Storage Classes + +Storage Classes are an essential Kubernetes construct for Storage provisioning. To know more about Storage Classes, refer to https://kubernetes.io/docs/concepts/storage/storage-classes/ + +A wide set of annotated storage class manifests have been provided in the [samples/storageclass](https://github.com/dell/csi-unity/tree/master/samples/storageclass) folder. Use these samples to create new storage classes to provision storage. + +For CSI Driver for Unity version 2.0, a wide set of annotated storage class manifests have been provided in the `csi-unity/samples/storageclass` folder. Use these samples to create new storage classes to provision storage. + +### What happens to my existing storage classes? + +Upgrading from an older version of the driver: The storage classes will be deleted if you upgrade the driver. If you wish to continue using those storage classes, you can patch them and apply the annotation “helm.sh/resource-policy”: keep before performing an upgrade. + +>Note: If you continue to use the old storage classes, you may not be able to take advantage of any new storage class parameter supported by the driver. + +**Steps to create storage class:** +There are samples storage class yaml files available under `helm/samples/storageclass`. These can be copied and modified as needed. + +1. Pick any of `unity-fc.yaml`, `unity-iscsi.yaml` or `unity-nfs.yaml` +2. Copy the file as `unity--fc.yaml`, `unity--iscsi.yaml` or `unity--nfs.yaml` +3. Replace `` with the Array Id of the Unity Array to be used +4. Replace `` with the storage pool you have +5. Replace `` with the Tiering policy that is to be used for provisioning +6. Replace `` with the Host IO Limit Name that is to be used for provisioning +7. Replace `` with the necessary mount options. If not required, this can be removed from the storage class +8. Edit `storageclass.kubernetes.io/is-default-class` to true if you want to set it as default, otherwise false. +9. Save the file and create it by using `kubectl create -f unity--fc.yaml` or `kubectl create -f unity--iscsi.yaml` or `kubectl create -f unity--nfs.yaml` + + +**Note**: +- At least one storage class is required for one array. +- If you uninstall the driver and reinstall it, you can still face errors if any update in the `values.yaml` file leads to an update of the storage class(es): + +``` + Error: cannot patch "" with kind StorageClass: StorageClass.storage.k8s.io "" is invalid: parameters: Forbidden: updates to parameters are forbidden +``` + +In case you want to make such updates, ensure to delete the existing storage classes using the `kubectl delete storageclass` command. +Deleting a storage class has no impact on a running Pod with mounted PVCs. You cannot provision new PVCs until at least one storage class is newly created. + + +## Dynamically update the unity-creds secrets + +Users can dynamically add delete array information from secret. Whenever an update happens the driver updates the "Host" information in an array. +User can update secret using the following command: +``` + kubectl create secret generic unity-creds -n unity --from-file=config=secret.yaml -o yaml --dry-run=client | kubectl replace -f - +``` +**Note**: Updating unity-certs-x secrets is a manual process, unlike unity-creds. Users have to re-install the driver in case of updating/adding the SSL certificates or changing the certSecretCount parameter. + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for unity version 2.0.0. + +### Helm based installation +As part of driver installation, a ConfigMap with the name `unity-config-params` is created, which contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` attribute in values.yaml during driver installation. + +To change the log level dynamically to a different value user can edit the same values.yaml, and run the following command +``` +cd dell-csi-helm-installer +./csi-install.sh --namespace unity --values ./myvalues.yaml --upgrade +``` + +Note: myvalues.yaml is a values.yaml file which user has used for driver installation. \ No newline at end of file diff --git a/content/v3/csidriver/installation/offline/_index.md b/content/v3/csidriver/installation/offline/_index.md new file mode 100644 index 0000000000..a6dd5941fa --- /dev/null +++ b/content/v3/csidriver/installation/offline/_index.md @@ -0,0 +1,276 @@ +--- +title: Offline Installation of Dell EMC CSI Storage Providers +linktitle: Offline Installer +description: Offline Installation of Dell EMC CSI Storage Providers +--- + +The `csi-offline-bundle.sh` script can be used to create a package usable for offline installation of the Dell EMC CSI Storage Providers, via either Helm +or the Dell CSI Operator. + +This includes the following drivers: +* [PowerFlex](https://github.com/dell/csi-vxflexos) +* [PowerMax](https://github.com/dell/csi-powermax) +* [PowerScale](https://github.com/dell/csi-powerscale) +* [PowerStore](https://github.com/dell/csi-powerstore) +* [Unity](https://github.com/dell/csi-unity) + +As well as the Dell CSI Operator +* [Dell CSI Operator](https://github.com/dell/dell-csi-operator) + +## Dependencies + +Multiple Linux-based systems may be required to create and process an offline bundle for use. +* One Linux-based system, with internet access, will be used to create the bundle. This involved the user cloning a git repository hosted on github.com and then invoking a script that utilizes `docker` or `podman` to pull and save container images to file. +* One Linux-based system, with access to an image registry, to invoke a script that uses `docker` or `podman` to restore container images from file and push them to a registry + +If one Linux system has both internet access and access to an internal registry, that system can be used for both steps. + +Preparing an offline bundle requires the following utilities: + +| Dependency | Usage | +| --------------------- | ----- | +| `docker` or `podman` | `docker` or `podman` will be used to pull images from public image registries, tag them, and push them to a private registry. | +| | One of these will be required on both the system building the offline bundle as well as the system preparing for installation. | +| | Tested version(s) are `docker` 19.03+ and `podman` 1.6.4+ +| `git` | `git` will be used to manually clone one of the above repositories in order to create an offline bundle. +| | This is only needed on the system preparing the offline bundle. +| | Tested version(s) are `git` 1.8+ but any version should work. + +## Workflow + +To perform an offline installation of a driver or the Operator, the following steps should be performed: +1. Build an offline bundle +2. Unpacking the offline bundle created in Step 1 and preparing for installation +3. Perform either a Helm installation or Operator installation using the files obtained after unpacking in Step 2 + +### Building an offline bundle + +This needs to be performed on a Linux system with access to the internet as a git repo will need to be cloned, and container images pulled from public registries. + +To build an offline bundle, the following steps are needed: +1. Perform a `git clone` of the desired repository. For a helm-based install, the specific driver repo should be cloned. For an Operator based deployment, the Dell CSI Operator repo should be cloned +2. Run the `csi-offline-bundle.sh` script with an argument of `-c` in order to create an offline bundle + - For Helm installs, the `csi-offline-bundle.sh` script will be found in the `dell-csi-helm-installer` directory + - For Operator installs, the `csi-offline-bundle.sh` script will be found in the `scripts` directory + +The script will perform the following steps: + - Determine required images by parsing either the driver Helm charts (if run from a cloned CSI Driver git repository) or the Dell CSI Operator configuration files (if run from a clone of the Dell CSI Operator repository) + - Perform an image `pull` of each image required + - Save all required images to a file by running `docker save` or `podman save` + - Build a `tar.gz` file containing the images as well as files required to installer the driver and/or Operator + +The resulting offline bundle file can be copied to another machine, if necessary, to gain access to the desired image registry. + +For example, here is the output of a request to build an offline bundle for the Dell CSI Operator: +``` +[user@anothersystem /home/user]# git clone https://github.com/dell/dell-csi-operator.git +``` +``` +[user@anothersystem /home/user]# cd dell-csi-operator +``` +``` +[user@system /home/user/dell-csi-operator]# scripts/csi-offline-bundle.sh -c +* +* Building image manifest file + +* +* Pulling container images + + dellemc/csi-isilon:v1.4.0.000R + dellemc/csi-isilon:v1.5.0 + dellemc/csi-isilon:v1.6.0 + dellemc/csipowermax-reverseproxy:v1.3.0 + dellemc/csi-powermax:v1.5.0.000R + dellemc/csi-powermax:v1.6.0 + dellemc/csi-powermax:v1.7.0 + dellemc/csi-powerstore:v1.2.0.000R + dellemc/csi-powerstore:v1.3.0 + dellemc/csi-powerstore:v1.4.0 + dellemc/csi-unity:v1.4.0.000R + dellemc/csi-unity:v1.5.0 + dellemc/csi-unity:v1.6.0 + dellemc/csi-vxflexos:v1.3.0.000R + dellemc/csi-vxflexos:v1.4.0 + dellemc/csi-vxflexos:v1.5.0 + dellemc/dell-csi-operator:v1.4.0 + dellemc/sdc:3.5.1.1 + dellemc/sdc:3.5.1.1-1 + docker.io/busybox:1.32.0 + k8s.gcr.io/sig-storage/csi-attacher:v3.0.0 + k8s.gcr.io/sig-storage/csi-attacher:v3.1.0 + k8s.gcr.io/sig-storage/csi-attacher:v3.2.1 + k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 + k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0 + k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0 + k8s.gcr.io/sig-storage/csi-provisioner:v2.0.2 + k8s.gcr.io/sig-storage/csi-provisioner:v2.1.0 + k8s.gcr.io/sig-storage/csi-provisioner:v2.2.1 + k8s.gcr.io/sig-storage/csi-resizer:v1.2.0 + k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.2 + k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.3 + k8s.gcr.io/sig-storage/csi-snapshotter:v4.0.0 + k8s.gcr.io/sig-storage/csi-snapshotter:v4.1.0 + quay.io/k8scsi/csi-resizer:v1.0.0 + quay.io/k8scsi/csi-resizer:v1.1.0 + +* +* Saving images + +* +* Copying necessary files + + /dell/git/dell-csi-operator/config + /dell/git/dell-csi-operator/deploy + /dell/git/dell-csi-operator/samples + /dell/git/dell-csi-operator/scripts + /dell/git/dell-csi-operator/README.md + /dell/git/dell-csi-operator/LICENSE + +* +* Compressing release + +dell-csi-operator-bundle/ +dell-csi-operator-bundle/samples/ +... +

+... +dell-csi-operator-bundle/LICENSE +dell-csi-operator-bundle/README.md + +* +* Complete + +Offline bundle file is: /dell/git/dell-csi-operator/dell-csi-operator-bundle.tar.gz +``` + +### Unpacking the offline bundle and preparing for installation + +This needs to be performed on a Linux system with access to an image registry that will host container images. If the registry requires `login`, that should be done before proceeding. + +To prepare for the driver or Operator installation, the following steps need to be performed: +1. Copy the offline bundle file created from the previous step to a system with access to an image registry available to your Kubernetes/OpenShift cluster +2. Expand the bundle file by running `tar xvfz ` +3. Run the `csi-offline-bundle.sh` script and supply the `-p` option as well as the path to the internal registry with the `-r` option + +The script will then perform the following steps: + - Load the required container images into the local system + - Tag the images according to the user-supplied registry information + - Push the newly tagged images to the registry + - Modify the Helm charts or Operator configuration to refer to the newly tagged/pushed images + + +An example of preparing the bundle for installation (192.168.75.40:5000 refers to an image registry accessible to Kubernetes/OpenShift): +``` +[user@anothersystem /tmp]# tar xvfz dell-csi-operator-bundle.tar.gz +dell-csi-operator-bundle/ +dell-csi-operator-bundle/samples/ +... ++... +dell-csi-operator-bundle/LICENSE +dell-csi-operator-bundle/README.md +``` +``` +[user@anothersystem /tmp]# cd dell-csi-operator-bundle +``` +``` +[user@anothersystem /tmp/dell-csi-operator-bundle]# scripts/csi-offline-bundle.sh -p -r 192.168.75.40:5000/operator +Preparing an offline bundle for installation + +* +* Loading docker images + + +* +* Tagging and pushing images + + dellemc/csi-isilon:v1.4.0.000R -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-isilon:v1.4.0.000R + dellemc/csi-isilon:v1.5.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-isilon:v1.5.0 + dellemc/csi-isilon:v1.6.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-isilon:v1.6.0 + dellemc/csipowermax-reverseproxy:v1.3.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csipowermax-reverseproxy:v1.3.0 + dellemc/csi-powermax:v1.5.0.000R -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powermax:v1.5.0.000R + dellemc/csi-powermax:v1.6.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powermax:v1.6.0 + dellemc/csi-powermax:v1.7.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powermax:v1.7.0 + dellemc/csi-powerstore:v1.2.0.000R -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powerstore:v1.2.0.000R + dellemc/csi-powerstore:v1.3.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powerstore:v1.3.0 + dellemc/csi-powerstore:v1.4.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powerstore:v1.4.0 + dellemc/csi-unity:v1.4.0.000R -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-unity:v1.4.0.000R + dellemc/csi-unity:v1.5.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-unity:v1.5.0 + dellemc/csi-unity:v1.6.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-unity:v1.6.0 + dellemc/csi-vxflexos:v1.3.0.000R -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-vxflexos:v1.3.0.000R + dellemc/csi-vxflexos:v1.4.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-vxflexos:v1.4.0 + dellemc/csi-vxflexos:v1.5.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-vxflexos:v1.5.0 + dellemc/dell-csi-operator:v1.4.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/dell-csi-operator:v1.4.0 + dellemc/sdc:3.5.1.1 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/sdc:3.5.1.1 + dellemc/sdc:3.5.1.1-1 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/sdc:3.5.1.1-1 + docker.io/busybox:1.32.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/busybox:1.32.0 + k8s.gcr.io/sig-storage/csi-attacher:v3.0.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-attacher:v3.0.0 + k8s.gcr.io/sig-storage/csi-attacher:v3.1.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-attacher:v3.1.0 + k8s.gcr.io/sig-storage/csi-attacher:v3.2.1 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-attacher:v3.2.1 + k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-node-driver-registrar:v2.0.1 + k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-node-driver-registrar:v2.1.0 + k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-node-driver-registrar:v2.2.0 + k8s.gcr.io/sig-storage/csi-provisioner:v2.0.2 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-provisioner:v2.0.2 + k8s.gcr.io/sig-storage/csi-provisioner:v2.1.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-provisioner:v2.1.0 + k8s.gcr.io/sig-storage/csi-provisioner:v2.2.1 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-provisioner:v2.2.1 + k8s.gcr.io/sig-storage/csi-resizer:v1.2.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-resizer:v1.2.0 + k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.2 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-snapshotter:v3.0.2 + k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.3 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-snapshotter:v3.0.3 + k8s.gcr.io/sig-storage/csi-snapshotter:v4.0.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-snapshotter:v4.0.0 + k8s.gcr.io/sig-storage/csi-snapshotter:v4.1.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-snapshotter:v4.1.0 + quay.io/k8scsi/csi-resizer:v1.0.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-resizer:v1.0.0 + quay.io/k8scsi/csi-resizer:v1.1.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-resizer:v1.1.0 + +* +* Preparing operator files within /tmp/dell-csi-operator-bundle + + changing: dellemc/csi-isilon:v1.4.0.000R -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-isilon:v1.4.0.000R + changing: dellemc/csi-isilon:v1.5.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-isilon:v1.5.0 + changing: dellemc/csi-isilon:v1.6.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-isilon:v1.6.0 + changing: dellemc/csipowermax-reverseproxy:v1.3.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csipowermax-reverseproxy:v1.3.0 + changing: dellemc/csi-powermax:v1.5.0.000R -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powermax:v1.5.0.000R + changing: dellemc/csi-powermax:v1.6.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powermax:v1.6.0 + changing: dellemc/csi-powermax:v1.7.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powermax:v1.7.0 + changing: dellemc/csi-powerstore:v1.2.0.000R -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powerstore:v1.2.0.000R + changing: dellemc/csi-powerstore:v1.3.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powerstore:v1.3.0 + changing: dellemc/csi-powerstore:v1.4.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-powerstore:v1.4.0 + changing: dellemc/csi-unity:v1.4.0.000R -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-unity:v1.4.0.000R + changing: dellemc/csi-unity:v1.5.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-unity:v1.5.0 + changing: dellemc/csi-unity:v1.6.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-unity:v1.6.0 + changing: dellemc/csi-vxflexos:v1.3.0.000R -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-vxflexos:v1.3.0.000R + changing: dellemc/csi-vxflexos:v1.4.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-vxflexos:v1.4.0 + changing: dellemc/csi-vxflexos:v1.5.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-vxflexos:v1.5.0 + changing: dellemc/dell-csi-operator:v1.4.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/dell-csi-operator:v1.4.0 + changing: dellemc/sdc:3.5.1.1 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/sdc:3.5.1.1 + changing: dellemc/sdc:3.5.1.1-1 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/sdc:3.5.1.1-1 + changing: docker.io/busybox:1.32.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/busybox:1.32.0 + changing: k8s.gcr.io/sig-storage/csi-attacher:v3.0.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-attacher:v3.0.0 + changing: k8s.gcr.io/sig-storage/csi-attacher:v3.1.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-attacher:v3.1.0 + changing: k8s.gcr.io/sig-storage/csi-attacher:v3.2.1 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-attacher:v3.2.1 + changing: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-node-driver-registrar:v2.0.1 + changing: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-node-driver-registrar:v2.1.0 + changing: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-node-driver-registrar:v2.2.0 + changing: k8s.gcr.io/sig-storage/csi-provisioner:v2.0.2 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-provisioner:v2.0.2 + changing: k8s.gcr.io/sig-storage/csi-provisioner:v2.1.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-provisioner:v2.1.0 + changing: k8s.gcr.io/sig-storage/csi-provisioner:v2.2.1 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-provisioner:v2.2.1 + changing: k8s.gcr.io/sig-storage/csi-resizer:v1.2.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-resizer:v1.2.0 + changing: k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.2 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-snapshotter:v3.0.2 + changing: k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.3 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-snapshotter:v3.0.3 + changing: k8s.gcr.io/sig-storage/csi-snapshotter:v4.0.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-snapshotter:v4.0.0 + changing: k8s.gcr.io/sig-storage/csi-snapshotter:v4.1.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-snapshotter:v4.1.0 + changing: quay.io/k8scsi/csi-resizer:v1.0.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-resizer:v1.0.0 + changing: quay.io/k8scsi/csi-resizer:v1.1.0 -> amaas-eos-mw1.cec.lab.emc.com:5028/csi-operator/csi-resizer:v1.1.0 + +* +* Complete + +``` + +### Perform either a Helm installation or Operator installation + +Now that the required images are available and the Helm Charts/Operator configuration updated, you can proceed by following the usual installation procedure as documented either via [Helm](../helm) or [Operator](../operator/#manual-installation). + +*NOTES:* +1. Offline bundle installation is only supported with manual installs i.e. without using Operator Lifecycle Manager. +2. Installation should be done using the files that are obtained after unpacking the offline bundle (dell-csi-operator-bundle.tar.gz) as the image tags in the manifests are modified to point to the internal registry. +3. Offline bundle installs operator in `default` namespace via install.sh script. Make sure that the current context in kubeconfig file has the namespace set to `default`. \ No newline at end of file diff --git a/content/v3/csidriver/installation/operator/_index.md b/content/v3/csidriver/installation/operator/_index.md new file mode 100644 index 0000000000..713918babd --- /dev/null +++ b/content/v3/csidriver/installation/operator/_index.md @@ -0,0 +1,389 @@ +--- +title: "Dell CSI Operator Installation Process" +linkTitle: "Using Operator" +weight: 4 +description: > + Installation of CSI drivers using Dell CSI Operator +--- + +The Dell CSI Operator is a Kubernetes Operator, which can be used to install and manage the CSI Drivers provided by Dell EMC for various storage platforms. This operator is available as a community operator for upstream Kubernetes and can be deployed using OperatorHub.io. It is also available as a certified operator for OpenShift clusters and can be deployed using the OpenShift Container Platform. Both these methods of installation use OLM (Operator Lifecycle Manager). The operator can also be deployed manually. + + +## Installation +Dell CSI Operator has been tested and qualified with +- Upstream Kubernetes or OpenShift (see [supported versions](../../../csidriver/#features-and-capabilities)) + +#### Before you begin +If you have installed an old version of the `dell-csi-operator` which was available with the name _CSI Operator_, please refer to this [section](#replacing-csi-operator-with-dell-csi-operator) before continuing. + +#### Full list of CSI Drivers and versions supported by the Dell CSI Operator +| CSI Driver | Version | ConfigVersion | Kubernetes Version | OpenShift Version | +| ------------------ | --------- | -------------- | -------------------- | --------------------- | +| CSI PowerMax | 1.6 | v5 | 1.18, 1.19, 1.20 | 4.6, 4.7 | +| CSI PowerMax | 1.7 | v6 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI PowerMax | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | +| CSI PowerFlex | 1.4 | v4 | 1.18, 1.19, 1.20 | 4.6, 4.7 | +| CSI PowerFlex | 1.5 | v5 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI PowerFlex | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | +| CSI PowerScale | 1.5 | v5 | 1.18, 1.19, 1.20 | 4.6, 4.7 | +| CSI PowerScale | 1.6 | v6 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI PowerScale | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | +| CSI Unity | 1.5 | v4 | 1.18, 1.19, 1.20 | 4.6, 4.7 | +| CSI Unity | 1.6 | v5 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI Unity | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | +| CSI PowerStore | 1.3 | v3 | 1.18, 1.19, 1.20 | 4.6, 4.7 | +| CSI PowerStore | 1.4 | v4 | 1.19, 1.20, 1.21 | 4.6, 4.7 | +| CSI PowerStore | 2.0.0 | v2.0.0 | 1.20, 1.21, 1.22 | 4.6 EUS, 4.7, 4.8 | + +
+ +**Dell CSI Operator can be installed via OLM (Operator Lifecycle Manager) and manual installation.** + +### Installation Using Operator Lifecycle Manager +`dell-csi-operator` can be installed using Operator Lifecycle Manager (OLM) on upstream Kubernetes clusters & Red Hat OpenShift Clusters. +The installation process involves the creation of a `Subscription` object either via the _OperatorHub_ UI or using `kubectl/oc`. While creating the `Subscription` you can set the Approval strategy for the `InstallPlan` for the Operator to - +* _Automatic_ - If you want the Operator to be automatically installed or upgraded (once an upgrade becomes available) +* _Manual_ - If you want a Cluster Administrator to manually review and approve the `InstallPlan` for installation/upgrades + +**NOTE**: The recommended version of OLM for upstream Kubernetes is **`v0.18.3`**. + +#### Pre-Requisite for installation with OLM +Please run the following commands for creating the required `ConfigMap` before installing the `dell-csi-operator` using OLM. +``` +$ git clone https://github.com/dell/dell-csi-operator.git +$ cd dell-csi-operator +$ tar -czf config.tar.gz driverconfig/ +# Replace operator-namespace in the below command with the actual namespace where the operator will be deployed by OLM +$ kubectl create configmap dell-csi-operator-config --from-file config.tar.gz -n +``` +##### Upstream Kubernetes +- For installing via OperatorHub.io on Kubernetes, go to the [OperatorHub page](../../partners/operator/). +##### Red Hat OpenShift Clusters +- For installing via OpenShift with the Operator, go to the [OpenShift page](../../partners/redhat/). + +### Manual Installation + +#### Steps + +>**Skip step 1 for "offline bundle installation" and continue using the workspace created by untar of dell-csi-operator-bundle.tar.gz.** +1. Clone the [Dell CSI Operator repository](https://github.com/dell/dell-csi-operator). +2. Run `bash scripts/install.sh` to install the operator. +>NOTE: Dell CSI Operator version 1.4.0 and higher would install to the 'dell-csi-operator' namespace by default. +Any existing installations of Dell CSI Operator (v1.2.0 or later) installed using `install.sh` to the 'default' or 'dell-csi-operator' namespace can be upgraded to the new version by running `install.sh --upgrade`. + +{{< imgproc non-olm-1.jpg Resize "2500x" >}}{{< /imgproc >}} + +3. Run the command `oc get pods -n dell-csi-operator` to validate the install. If completed successfully, you should be able to see the operator-related pod in the 'dell-csi-operator' namespace. + +{{< imgproc non-olm-2.jpg Resize "3500x800" >}}{{< /imgproc >}} + +## Custom Resource Definitions +As part of the Dell CSI Operator installation, a CRD representing each driver installation is also installed. +List of CRDs which are installed in API Group `storage.dell.com` +* csipowermax +* csiunity +* csivxflexos +* csiisilon +* csipowerstore +* csipowermaxrevproxy + +For installation of the supported drivers, a `CustomResource` has to be created in your cluster. + +## Pre-Requisites for installation of the CSI Drivers + +### Pre-requisites for upstream Kubernetes Clusters +On upstream Kubernetes clusters, make sure to install +* VolumeSnapshot CRDs + * On clusters running v1.20,v1.21 & v1.22, make sure to install v1 VolumeSnapshot CRDs + * On clusters running v1.19, make sure to install v1beta1 VolumeSnapshot CRDs +* External Volume Snapshot Controller with the correct version + +### Pre-requisites for Red Hat OpenShift Clusters +#### iSCSI +If you are installing a CSI driver which is going to use iSCSI as the transport protocol, please follow the following instructions. +In Red Hat OpenShift clusters, you can create a `MachineConfig` object using the console or `oc` to ensure that the iSCSI daemon starts on all the Red Hat CoreOS nodes. Here is an example of a `MachineConfig` object: + +```yaml +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfig +metadata: + name: 99-iscsid + labels: + machineconfiguration.openshift.io/role: worker +spec: + config: + ignition: + version: 2.2.0 + systemd: + units: + - name: "iscsid.service" + enabled: true +``` +Once the `MachineConfig` object has been deployed, CoreOS will ensure that `iscsid.service` starts automatically. + +Alternatively, you can check the status of the iSCSI service by entering the following command on each worker node in the cluster: + +`sudo systemctl status iscsid` + +The service should be up and running (i.e. should be active state). + +If the `iscsid.service` is not running, then perform the following steps on each worker node in the cluster +1. `Login` to worker nodes and check if the file /etc/iscsi/initiatorname.iscsi has been created properly +2. If the file doesn't exist or it doesn't contain a valid ISCSI IQN, then make sure it exists with valid entries +3. Ensure that iscsid service is running - Enable ```sudo systemctl enable iscsid``` & restart ```sudo systemctl restart iscsid``` iscsid if necessary. +Note: If your worker nodes are running Red Hat CoreOS, make sure that automatic ISCSI login at boot is configured. Please contact RedHat for more details. + +#### MultiPath +If you are installing a CSI Driver which requires the installation of the Linux native Multipath software - _multipathd_, please follow the below instructions + +To enable multipathd on RedHat CoreOS nodes you need to prepare a working configuration encoded in base64. + +`echo 'defaults { +user_friendly_names yes +find_multipaths yes +} +blacklist { +}' | base64 -w0` + +Use the base64 encoded string output in the following `MachineConfig` yaml file (under source section) +```yaml +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfig +metadata: + name: workers-multipath-conf-default + labels: + machineconfiguration.openshift.io/role: worker +spec: + config: + ignition: + version: 2.2.0 + storage: + files: + - contents: + source: data:text/plain;charset=utf-8;base64,ZGVmYXVsdHMgewp1c2VyX2ZyaWVuZGx5X25hbWVzIHllcwpmaW5kX211bHRpcGF0aHMgeWVzCn0KCmJsYWNrbGlzdCB7Cn0K + verification: {} + filesystem: root + mode: 400 + path: /etc/multipath.conf +``` +After deploying this`MachineConfig` object, CoreOS will start multipath service automatically. +Alternatively, you can check the status of the multipath service by entering the following command in each worker nodes. +`sudo multipath -ll` + +If the above command is not successful, ensure that the /etc/multipath.conf file is present and configured properly. Once the file has been configured correctly, enable the multipath service by running the following command: +`sudo /sbin/mpathconf –-enable --with_multipathd y` + +Finally, you have to restart the service by providing the command +`sudo systemctl restart multipathd` + +For additional information refer to official documentation of the multipath configuration. + +## Replacing CSI Operator with Dell CSI Operator +`Dell CSI Operator` was previously available, with the name `CSI Operator`, for both manual and OLM installation. +`CSI Operator` has been discontinued and has been renamed to `Dell CSI Operator`. This is just a name change and as a result, +the Kubernetes resources created as part of the Operator deployment will use the name `dell-csi-operator` instead of `csi-operator`. + +Before proceeding with the installation of the new `Dell CSI Operator`, any existing `CSI Operator` installation has to be completely +removed from the cluster. + +Note - This **doesn't** impact any of the CSI Drivers which have been installed in the cluster + +If the old `CSI Operator` was installed manually, then run the following command from the root of the repository which was used +originally for installation + + bash scripts/undeploy.sh + +If you don't have the original repository available, then run the following commands + + git clone https://github.com/dell/dell-csi-operator.git + cd dell-csi-operator + git checkout csi-operator-v1.0.0 + bash scripts/undeploy.sh + +Note - Once you have removed the old `CSI Operator`, then for installing the new `Dell CSI Operator`, you will need to pull/checkout the latest code + +If you had installed the old CSI Operator using OLM, then please follow the uninstallation instructions provided by OperatorHub. This will mostly involve: + + * Deleting the CSI Operator Subscription + * Deleting the CSI Operator CSV + + +## Installing CSI Driver via Operator +CSI Drivers can be installed by creating a `CustomResource` object in your cluster. + +Sample manifest files for each driver `CustomResourceDefintion` have been provided in the `samples` folder to help with the installation of the drivers. +These files follow the naming convention + + {driver name}_{driver version}_k8s_{k8 version}.yaml +Or + + {driver name}_{driver version}_ops_{OpenShift version}.yaml +For e.g. +* sample/powermax_v140_k8s_117.yaml* <- To install CSI PowerMax driver v1.4.0 on a Kubernetes 1.17 cluster +* sample/powermax_v140_ops_46.yaml* <- To install CSI PowerMax driver v1.4.0 on an OpenShift 4.6 cluster + +Copy the correct sample file and edit the mandatory & any optional parameters specific to your driver installation by following the instructions [here](#modify-the-driver-specification) +>NOTE: A detailed explanation of the various mandatory and optional fields in the CustomResource is available [here](#custom-resource-specification). Please make sure to read through and understand the various fields. + +Run the following command to install the CSI driver. +``` +kubectl create -f +``` + +**Note**: If you are using an OLM based installation, the example manifests are available in the `OperatorHub` UI. +You can edit these manifests and install the driver using the `OperatorHub` UI. + +### Verifying the installation +Once the driver Custom Resource has been created, you can verify the installation + +* Check if Driver CR got created successfully + + For e.g. – If you installed the PowerMax driver + ``` + $ kubectl get csipowermax -n + ``` +* Check the status of the Custom Resource to verify if the driver installation was successful + +If the driver-namespace was set to _test-powermax_, and the name of the driver is _powermax_, then run the command `kubectl get csipowermax/powermax -n test-powermax -o yaml` to get the details of the Custom Resource. + +Note: If the _state_ of the `CustomResource` is _Running_ then all the driver pods have been successfully installed. If the _state_ is _SuccessFul_, then it means the driver deployment was successful but some driver pods may not be in a _Running_ state. +Please refer to the _Troubleshooting_ section [here](../../troubleshooting/operator) if you encounter any issues during installation. + +### Changes in installation for latest CSI drivers +If you are installing the latest versions of the CSI drivers, the driver controller will be installed as a Kubernetes `Deployment` instead of a `Statefulset`. These installations can also run multiple replicas for the driver controller pods(not supported for StatefulSets) to support High Availability for the Controller. + +## Update CSI Drivers +The CSI Drivers installed by the Dell CSI Operator can be updated like any Kubernetes resource. This can be achieved in various ways which include – + +* Modifying the installation directly via `kubectl edit` + For e.g. - If the name of the installed unity driver is unity, then run + ``` + # Replace driver-namespace with the namespace where the Unity driver is installed + $ kubectl edit csiunity/unity -n + ``` + and modify the installation +* Modify the API object in-place via `kubectl patch` + +**NOTES:** +1. If you are trying to upgrade the CSI driver from an older version, make sure to modify the _configVersion_ field if required. +2. The parameter "dnsPolicy: ClusterFirstWithHostNet" should be added as follows: +``` +driver: + configVersion: v5 + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + common: +``` +3. Configmap needs to be created with command `kubectl create -f configmap.yaml` using following yaml file. +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: powerstore-config-params + namespace: csi-powerstore +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "JSON" +``` + +**NOTE:** `Replicas` in the driver CR file should not be greater than or equal to the number of worker nodes when upgrading the driver. If the `Replicas` count is not less than the worker node count, some of the driver controller pods would land in a pending state, and upgrade will not be successful. Driver controller pods go in a pending state because they have anti-affinity to each other and cannot be scheduled on nodes where there is a driver controller pod already running. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity for more details. + +**NOTE:** Do not try to update the operator by modifying the original `CustomResource` manifest file and running the `kubectl apply -f` command. As part of the driver installation, the Operator sets some annotations on the `CustomResource` object which are further utilized in some workflows (like detecting upgrade of drivers). If you run the `kubectl apply -f` command to update the driver, these annotations are overwritten and this may lead to failures. + +**NOTE:** From v1.4.0 onwards, Dell CSI Operator does not support the creation of `StorageClass` and `VolumeSnapshotClass` objects. Although these fields are still present in the various driver `CustomResourceDefinitions`, they would be ignored by the operator. These fields will be removed from the `CustomResourceDefinitions` in a future release. If `StorageClass` and `VolumeSnapshotClass` need to be retained, you should upgrade the driver as per the recommended way noted above. +`StorageClass` and `VolumeSnapshotClass` would not be retained on driver uninstallation. + +### Supported modifications +* Changing environment variable values for driver +* Adding (supported) environment variables +* Updating the image of the driver +## Limitations +* The Dell CSI Operator can't manage any existing driver installed using Helm charts. If you already have installed one of the DellEMC CSI driver in your cluster and want to use the operator based deployment, uninstall the driver and then redeploy the driver following the installation procedure described above +* The Dell CSI Operator is not fully compliant with the OperatorHub React UI elements and some of the Custom Resource fields may show up as invalid or unsupported in the OperatorHub GUI. To get around this problem, use kubectl/oc commands to get details about the Custom Resource(CR). This issue will be fixed in the upcoming releases of the Dell CSI Operator + + +## Custom Resource Specification +Each CSI Driver installation is represented by a Custom Resource. + +The specification for the Custom Resource is the same for all the drivers. +Below is a list of all the mandatory and optional fields in the Custom Resource specification + +### Mandatory fields +**configVersion** - Configuration version - Refer full list of supported driver for finding out the appropriate config version [here](#full-list-of-csi-drivers-and-versions-supported-by-the-dell-csi-operator) +**replicas** - Number of replicas for controller plugin - Must be set to 1 for all drivers +**dnsPolicy** - Determines the dnsPolicy for the node daemonset. Accepted values are `Default`, `ClusterFirst`, `ClusterFirstWithHostNet`, `None` +**common** +This field is mandatory and is used to specify common properties for both controller and the node plugin +* image - driver container image +* imagePullPolicy - Image Pull Policy of the driver image +* envs - List of environment variables and their values +### Optional fields +**controller** - List of environment variables and values which are applicable only for controller +**node** - List of environment variables and values which are applicable only for node +**sideCars** - Specification for CSI sidecar containers. +**authSecret** - Name of the secret holding credentials for use by the driver. If not specified, the default secret *-creds must exist in the same namespace as driver +**tlsCertSecret** - Name of the TLS cert secret for use by the driver. If not specified, a secret *-certs must exist in the namespace as driver + +**forceUpdate** +Boolean value which can be set to `true` in order to force update the status of the CSI Driver + +**tolerations** +List of tolerations which should be applied to the driver StatefulSet/Deployment and DaemonSet +It should be set separately in the controller and node sections if you want separate set of tolerations for them + +**nodeSelector** +Used to specify node selectors for the driver StatefulSet/Deployment and DaemonSet + +Here is a sample specification annotated with comments to explain each field +```yaml +apiVersion: storage.dell.com/v1 +kind: CSIPowerMax # Type of the driver +metadata: + name: test-powermax # Name of the driver + namespace: test-powermax # Namespace where driver is installed +spec: + driver: + # Used to specify configuration version + configVersion: v3 # Refer the table containing the full list of supported drivers to find the appropriate config version + replicas: 1 + forceUpdate: false # Set to true in case you want to force an update of driver status + common: # All common specification + image: "dellemc/csi-powermax:v1.4.0.000R" #driver image for a particular release + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_POWERMAX_ENDPOINT + value: "https://0.0.0.0:8443/" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "XYZ" +``` +You can set the field ***replicas*** to a higher number than `1` for the latest driver versions. + +Note - The `image` field should point to the correct image tag for version of the driver you are installing. +For e.g. - If you wish to install v1.4 of the CSI PowerMax driver, use the image tag `dellemc/csi-powermax:v1.4.0.000R` + +### SideCars +Although the sidecars field in the driver specification is optional, it is **strongly** recommended to not modify any details related to sidecars provided (if present) in the sample manifests. Any modifications to this should be only done after consulting with Dell EMC support. + +### Modify the driver specification +* Choose the correct configVersion. Refer the table containing the full list of supported drivers and versions. +* Provide the namespace (in metadata section) where you want to install the driver. +* Provide a name (in metadata section) for the driver. This will be the name of the Custom Resource. +* Edit the values for mandatory configuration parameters specific to your installation. +* Edit/Add any values for optional configuration parameters to customize your installation. +* If you are installing the latest versions of the CSI drivers, the default number of replicas is set to 2. You can increase/decrease this value. + +### StorageClass and VolumeSnapshotClass + +#### New Installations +You should not provide any `StorageClass` or `VolumeSnapshotClass` details during driver installation. The sample files for all the drivers have been updated to reflect this change. Even if these details are there in the sample files, `StorageClass` or `VolumeSnapshotClass` will not be created. + +#### What happens to my existing StorageClass & VolumeSnapshotClass objects +* In case you are upgrading an existing driver installation by using kubectl edit or by patching the object in place, any existing objects will remain as is. If you added more objects as part of the upgrade, then this request will be ignored by the Operator. +* If you uninstall the older driver, then any `StorageClass` or `VolumeSnapshotClass` objects will be deleted. +* An uninstall and followed by an install of the driver would also result in `StorageClass` and `VolumeSnapshotClass` getting deleted and not getting created again. + +**NOTE:** For more information on pre-requisites and parameters, please refer to the sub-pages below for each driver. + +**NOTE:** Storage Classes and Volume Snapshot Classes would no longer be created during the installation of the driver via an operator from v1.4.0 and higher. + diff --git a/content/v3/csidriver/installation/operator/isilon.md b/content/v3/csidriver/installation/operator/isilon.md new file mode 100644 index 0000000000..5ecdf25390 --- /dev/null +++ b/content/v3/csidriver/installation/operator/isilon.md @@ -0,0 +1,141 @@ +--- +title: PowerScale +description: > + Installing CSI Driver for PowerScale via Operator +--- + +## Installing CSI Driver for PowerScale via Operator + +The CSI Driver for Dell EMC PowerScale can be installed via the Dell CSI Operator. + +To deploy the Operator, follow the instructions available [here](../). + +There are sample manifests provided which can be edited to do an easy installation of the driver. Note that the deployment of the driver using the operator does not use any Helm charts and the installation and configuration parameters will be slightly different from the one specified via the Helm installer. + +Kubernetes Operators make it easy to deploy and manage the entire lifecycle of complex Kubernetes applications. Operators use Custom Resource Definitions (CRD) which represents the application and use custom controllers to manage them. + +**Note**: MKE (Mirantis Kubernetes Engine) does not support the installation of CSI-PowerScale via Operator. + +### Listing installed drivers with the CSI Isilon CRD +User can query for CSI-PowerScale driver using the following command: +`kubectl get csiisilon --all-namespaces` + +### Install Driver + +1. Create namespace. + + Execute `kubectl create namespace isilon` to create the isilon namespace (if not already present). Note that the namespace can be any user-defined name, in this example, we assume that the namespace is 'isilon'. +2. Create *isilon-creds* secret by using secret.yaml file format only. + + 2.1 Create a yaml file called secret.yaml with the following content: + ``` + isilonClusters: + # logical name of PowerScale Cluster + - clusterName: "cluster1" + + # username for connecting to PowerScale OneFS API server + # Default value: None + username: "user" + + # password for connecting to PowerScale OneFS API server + password: "password" + + # HTTPS endpoint of the PowerScale OneFS API server + # Default value: None + # Examples: "1.2.3.4", "https://1.2.3.4", "https://abc.myonefs.com" + endpoint: "1.2.3.4" + + # Is this a default cluster (would be used by storage classes without ClusterName parameter) + # Allowed values: + # true: mark this cluster config as default + # false: mark this cluster config as not default + # Default value: false + isDefault: true + + # Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. + # Allowed values: + # true: skip OneFS API server's certificate verification + # false: verify OneFS API server's certificates + # Default value: default value specified in values.yaml + # skipCertificateValidation: true + + # The base path for the volumes to be created on PowerScale cluster + # This will be used if a storage class does not have the IsiPath parameter specified. + # Ensure that this path exists on PowerScale cluster. + # Allowed values: unix absolute path + # Default value: default value specified in values.yaml + # Examples: "/ifs/data/csi", "/ifs/engineering" + # isiPath: "/ifs/data/csi" + + # The permissions for isi volume directory path + # This will be used if a storage class does not have the IsiVolumePathPermissions parameter specified. + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + # isiVolumePathPermissions: "0777" + + - clusterName: "cluster2" + username: "user" + password: "password" + endpoint: "1.2.3.4" + endpointPort: "8080" + ``` + + Replace the values for the given keys as per your environment. After creating the secret.yaml, the following command can be used to create the secret, + `kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml` + + Use the following command to replace or update the secret + + `kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml -o yaml --dry-run | kubectl replace -f -` + + **Note**: The user needs to validate the YAML syntax and array related key/values while replacing the isilon-creds secret. + The driver will continue to use previous values in case of an error found in the YAML file. + +3. Create isilon-certs-n secret. + Please refer [this section](../../helm/isilon/#certificate-validation-for-onefs-rest-api-calls) for creating cert-secrets. + + If certificate validation is skipped, empty secret must be created. To create an empty secret. Ex: empty-secret.yaml + + ```yaml + apiVersion: v1 + kind: Secret + metadata: + name: isilon-certs-0 + namespace: isilon + type: Opaque + data: + cert-0: "" + ``` + Execute command: ```kubectl create -f empty-secret.yaml``` + +4. Create a CR (Custom Resource) for PowerScale using the sample files provided + [here](https://github.com/dell/dell-csi-operator/tree/master/samples). +5. Users should configure the parameters in CR. The following table lists the primary configurable parameters of the PowerScale driver and their default values: + + | Parameter | Description | Required | Default | + | --------- | ----------- | -------- |-------- | + | dnsPolicy | Determines the DNS Policy of the Node service | Yes | ClusterFirstWithHostNet | + | ***Common parameters for node and controller*** | + | CSI_ENDPOINT | The UNIX socket address for handling gRPC calls | No | /var/run/csi/csi.sock | + | X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION | Specifies whether SSL security needs to be enabled for communication between PowerScale and CSI Driver | No | true | + | X_CSI_ISI_PATH | Base path for the volumes to be created | Yes | | + | X_CSI_ALLOWED_NETWORKS | Custom networks for PowerScale export. List of networks that can be used for NFS I/O traffic, CIDR format should be used | No | empty | + | X_CSI_ISI_AUTOPROBE | To enable auto probing for driver | No | true | + | X_CSI_ISI_NO_PROBE_ON_START | Indicates whether the controller/node should probe during initialization | Yes | | + | X_CSI_ISI_VOLUME_PATH_PERMISSIONS | The permissions for isi volume directory path | Yes | 0777 | + | ***Controller parameters*** | + | X_CSI_MODE | Driver starting mode | No | controller | + | X_CSI_ISI_ACCESS_ZONE | Name of the access zone a volume can be created in | No | System | + | X_CSI_ISI_QUOTA_ENABLED | To enable SmartQuotas | Yes | | + | ***Node parameters*** | + | X_CSI_MAX_VOLUMES_PER_NODE | Specify the default value for the maximum number of volumes that the controller can publish to the node | Yes | 0 | + | X_CSI_MODE | Driver starting mode | No | node | +6. Execute the following command to create PowerScale custom resource: + ```kubectl create -f ``` . + This command will deploy the CSI-PowerScale driver in the namespace specified in the input YAML file. + +**Note** : + 1. From CSI-PowerScale v1.6.0 and higher, Storage class and VolumeSnapshotClass will **not** be created as part of driver deployment. The user has to create Storageclass and Volume Snapshot Class. + 2. Node selector and node tolerations can be added in both controller parameters and node parameters section, based on the need. + 3. "Kubelet config dir path" is not yet configurable in case of Operator based driver installation. + 4. Also, snapshotter and resizer sidecars are not optional to choose, it comes default with Driver installation. diff --git a/content/v3/csidriver/installation/operator/non-olm-1.jpg b/content/v3/csidriver/installation/operator/non-olm-1.jpg new file mode 100644 index 0000000000000000000000000000000000000000..2a5fb5c2496a1d12a15c98f6480952524cf86862 GIT binary patch literal 206872 zcmeFZd00}>`!9-Fnwpt&YHB%VPGt_217$g7W>(HAl{ugxSq_*8l{rtTsi~=%Q)x;m zh&ezxR%Ye|i7A4qIiQe=J3&13J?FXSIse^r&%O7rA3SUC#q+EU>s@Q_cfIfD^I2^F z*q#FIJ8$b?3lb0z0A1(5LEAKtmkk0M00KEVfsTMcpxvNdf&!pj{F(s2oEH@Q&-q^+ zcAWAreqY`41gyN|M$2bmhjZ{B?* zA}S}pUqMk*OZ%|S5n~fmvlAyzojqq`YiI9p{>oKXH+K(DFTY#<0f9l#;CtZ_kx_`~ z`*Dxs6B3h>Q?hfO=H}%;D=2(fUQt<9{pxj1Ln9W~gl~S|($U$~-P8N&^OvFFkx>%) z#~6i1pZ+y7JNJ8jf%Ru~ZJoUV{N4O#mjFocznjHB{{>_2#Kf45W zMEz?ZxpUW{V?t7AT!e3gNvjz>+%03BRrcB{O&uK;RYDauMylOt9}kCh8$NEFjBVHX~qF ze>zX*$s_r18KxSNSjm*dZP4}D5NqZ(h!Hha=iWs)G#p-Zc%|ACCl0xkGDJ}(4XYJs z737^D-xGNMOrXT+HtLJ7IS|7!XZ(q_)@f*R$o{ zJAT4>2eDLKvtC5+EPxju6*G^iV_y#GuYAc_YI|S5M)A&FTan@BM8cO_SDT72?&xFR z*s6>$OpZbe8Ly1Z^_r<1eT$Pfo0LxMa8G|de%ktIo}-IuVREv%dCJ4YE2Yl@s^fVA z$Ve8kOKcnTcv1||p)>rtymaH?n*8$?a!($iBVe_f_Mp z^pP@F!mRucs>)nXAYJ0|x|5^h`|oW|Re&#rzUgt>=98mtot4w&6QmuXg|1gy!VYBV zh;sfE8zyaopy&tNAZb0MClk|yI>zE<(&{dgJ0*VrjSkHIy4lyY$|@h)2T{rTWlhy8eD&rGD%9@OXi)U-BF zI!t(4rbL5zhxt6Osjws`WNIG1zLdWRT_ROsJzv6A@4ZuOA zkF0cnI(i>`|3b;p%nsB+z`q({tt##P+mx)>r*x>=IBJ+;xp0o5K2N)Fb8#c=(+h_~ znRAq_eBMc}2;e&Hd;k$e+XkiIViIy**;W5UxO)Kwf%l@|Q6_Km#FF6CLx-Xn2v^S05QcngvI`P$XaZjr32aYSg0Irwx zWk~kQA-A5rM2-w<3?(}px}GV6`m8FA9k;ZSE!Woda9S2SIhV2_2CkjZ#)ya_Rd^ty|7iN zcZijlZlSsrPNtm|~TM=`N$->~z~HM~mAqwRi8DOYBF+-vuHDuR83%EidNd z-dQ>x(|aG@i;)C4UH2I!IsAD&upq~v*I9uRTbz@nbaex%&=7cFjey)IQ=0>bY@=Gm z1KBCMhIEM@>SL7YR*Q)G-8=eFFDRZU0W)+xx!L{da(~#%f1?6}r$?=%cq8E5>&|hd zvPd!3a1TnC*;B_dShexg0=$_kcKG3!*kLY7SO2-Zo8*b7p9GTSj=h(2i&hGUf!o+2 z?YZlVl?*Dz35O5KH^fF#Hlf37%eV=R$?7Zs!VcalM}|$uy3}}Xk2fE={yd__N(4}6mD3^V1_UMU3E(U}a~~q*qkjlP_#AVq ze}d7R++pv#JFDV!hIP|vioLK9A%(fYKyyr0r5BUmP!>td`gGcsY9~*hOi=hu&~I;f zH(WQVfEuh?h;j(rIV>&W5O>Y8?ULSZkK><6xPfs&b{I>7A+08 z!r?~<`w$^rZbJ<74q2cb)kss7)FZ1%aXot^qB*oe;@3eU-F`RAmFP z{_`S-a-4Gw`k&^9S=Xxbmsr-ka!2p&oWEhm>|LC|W36=XQUo)GT>wdyC#V4hel)7Y zS0XcGtech&zS2Hw=KXok(9fJ$sB)g?<5a2G>L9e@c!~bge?D3~;O$9PQ`a zux-N`Z{F=U``K77)^voaep{2J>O!YdqNd=Vmy46#9IXmuo?Hq7w?wdrvf!rIq0m=A7|ZCF|nB^8B0K2@W?6V{FEU zA)0@qhQse(c~fm!YZlv-695LuZY zc_PDWt%zTxS6LA=pFDkjs@aIQKbM!k@@^(ML++fbmhEYG%Y9pUCQkD7#1z7Q?j@jq z3M^#ySknV19_T~TE+H`{I=b{PcZj7Hy;ztG_)R;K{58Si!To^;U`1j;NTw1ZhrYsa zFS`a#QB-o78i$B-^@p^+!vZ0Bj;X~*l-f;2JYBBbI=f+bD6m*dA$=A&#xi4D4)Sz? zX?kgIaZJzT5t0E;0te{2jaVsrK)f9z^y)Ob*_BnMb)pUjwU2#dCtsiJ`qJ>?PvOga zY^EtG)a|dQ;R?LGVVpx!?O;r3Zf!AEPSeR)k0x!4fmz%94pJ;daO?6y?0_c~- zH9(M6%MNH};ghWlc%%1aJAtw?oQgP(iRqY7g9(u${@!YSKUCH_d_6Z;*7O|s?jO16 zp&QSrnP9AQ5?6#}*p1R*3cY>_)PN-y(xbxakhXw(S+IOmsL#)@*V{Ax>MNJn>An4O z7WrNu7j}8b#n*{Y8v%=1LFX;APnkz~&ksZLLwV=PWgH9M!2LOf0=+MDcaW78vnei2 zwmBw}W%`P_)f903HGF57o!+oL-?Tmc`*sW&2b;M?eO!t2RR{X(eLbLF-*U?5Tb$w` zKwKBtat-^QZO*}rtq%$>M=V&aF+n#34&IGCp!ah=CFffOw-k4PfeLW=h^JIperrLcb7cge%6ab`>#;)KSCO+Gc00g#6++Z z5>^dF^`Mk}3j$1&FZZKYPSQTJeYHz7w0o2P=mzAjCY(sL&hPNb~nKyqt7AJDI{iG zLdeT!!B?a8(Kqv$)bU?ASCjPvO3p!lROHN5n5UY~tIkmmcmhh!EZ2$ZPPk++r70hPbn$l;eG7%UHxzm6MS2@H`V zC~`G{T2^V7K20@_x~J_7z28&6khVq?4{D@d(>rq2IN^k3(RIBSO-IEfT)YY)OVgaQ zA!w;kf_M;7pbZ*5Ew&%INEP)0e3zZhPg>S+Cdd4YY8c_Sa|QQSm&sC4pQs8}3P{a& ztXo!Atd*oSPh4$`d5k?jgG(q>O${G!zU-Fg+B%F&ewozL^5Of}^!E~l#}ey%d#O0| zM@%~J6i|1AB>`bA$I(`j<`YWEy_tFOJ-^EXT`RFHk4Powq@|%@Hx3 zzDHtB$yZ3e4z~+Om;012{`g@h-}h@=1HbFaujAaZqT;P*gd?bLV3BQ5P%0#uDuvSJ z+K(7RMDRH@6D-rRxVxWGYhxr+crqf~abLpeFInv!#r#Gcz0A5{k$&6~JCdQC7>;2%`>JD{uvC^`+qa?F5n_YtHL7E$ihz?|s3Hb11W z^QOX~v9=2y+o0E=&o~WOt6wDK?$+~giLt-v0EtX1xlDE{$(Sm-=x(KIYIdb5t~z8h zEfNfEd4Hws=b}A1OxGf~R`zosTK|c;Et4!C#j)Y;VVQN6N(S+CNfv?pam%P(vWFKh-k$6TTG48ZnMuZ5K1n)fK#USe6TYXSc&!ra*4{KkCJ=%@hpxo@UY-v1 z|GL)F>h*g@X3gg^4Bs%*I66ObN@9t@IfJOC>u>OCNFuJb(v6%$r6J83|*RDl}Xkc)po{3-kYX4q}lR22uI^&zMiPFX8wJiP`?PizO z;Qv}JZ~C5!p6q?f>s5V6?HU+2qnpeayKjDBwzm^No?SIK#~E-n6asN55Fe_WHc{U1fW2XU|^0+_Jk~U?Zb! zfo#*}gKrO(25*BN-9inbccBAT(xWDI0WvLCi2iNPIYG?F+b!;DUWndAN28vu-;vBh zp*-tb>EEuqUT*yXe$2hVicjp4NKz!GV+VH6Z|*r&xt1?dG4Fhb#O7q!pS@>1^yhAG zc>3oP2d@iz10y4*ze0WQ-W^_cWDx^oLTN4os9WXpeUZFv5TJbF)DRQ>xXosIMGlG* zVkYEjvg_U~?E5jFcWH~0ntV+oEc5PH;c0KQAeeS;8`Lp445n2QY5IKBOm~Ai4rV^u z%I93!a{TM-Od;Om;rk|90W-hn?hZ`h-brELY!zaF{?uzevztUQhn9ebCnv9H-1CJe zOkY}+MPfr@AjSvv>gKMURTG>s)xX<4=`|k{_2&i%A`IoBDzd~DY{ua@q4$WTn=QEqp^|wgMW1}AJ$l;1 z@Fa799mV%9CZ7GTkV=63w5r_r_|MdsWbScVQR`a9&G@d{*V7-|P3gz3;v9a9M}prO zc0nFcg{_Q!aJ_*EdZxVRHt5C|h|@4vmuBwc$ROM@>Y>|}Uc&t`UA8uT(@MA=d0o1U z21$Z6qC5HHLX_dj0e*C17c{>|tfI4g!tCK~hTF0jG>?9@?c6B!i%Q^x>v6#u_2LSK z=Xn>m`>lpVB3GP5c&PQf80*dji{Yq&O+_V9H1q?AavPkrV;e*>d&Cn(w0f}Io(3pZ zCxjElC$0s{p{_j6@5kGJ&04xEi$6^15{&bah}#C;%%p6CdN&7>xF%E7vCLktgx54B zL;y=GUpRi5FnV1}XGXWtLzV{e;O$k3dg+8T4uWUT4GqqeS?^CCPo%wxOW7Wv0q8;N4&`h0p{tnEod zgPVJA;UJA(PBZ7rl&sKCU!;W&$o{4Z^33>{pJ)VHA!rkpnfxYv;{4)8Md2i*4Rg+# z6+i5Kx*_#xj?;)%!WW9eub>%Ef#&RqOC6YlQ3ac?h{393@*Z16lgx3!F5ja-F09H4 znZJq3hfj$c#k`))9;KD&oL_iiBUN_9W%{y4A8KJANaKC`2(Be6CZzHW-X}cP{pxVw zDx}=a*XK%X!~(Wyzz#0FRm>Ck$r~&&g(nu8by39uv|Hf>^?VaciaLEc%jJ2ew3pYn zSDZ`Fzxp||8@unAtUwy&)3-sl;1AJQBt&|BC7CLTF}B=clVi6ECqTqapxH7vsYAat+#X1q!y6=25ER{8x%TX?6kMjiCno2vb)); zKhyFaf8iQT__(Rx&h$6dDT{x$L2(;v_{BS@1r&s7y28&&$1eubFddK-q5{`?Qj(vt z_I0V~jb@M4t2#1Csg~;<9hGP8{T?bb?f4?*2YS0MJArU!Yi*UaLH+37;?f@!8-dmi zeAAs^i12IW$Oz2l9qQx4_s_yK>t<#moX6d4Qb3@YUO8nZ&=SugaMtY)_&jRNuiRz zjN7vXFg4LGhlBCTqhg0okK0fFu1N1_vf7X8q++Svm^82a51FD!{gI-sLcN&vMFFVZ zK&6Bp!9Z$P7X4(`E!i*U`;-`dDbrT6+*?2~)6uhyrQMOae=^7`eYu2mC0H?LXYmcF zdRDGR&+k8jhc!j>d_FnYMT8Kfx5@~|5W>Cp$z3Y~2og-pmppW9WL;lwQrAl7dYzb^Y?ZAlo<8#C2w^AU z3N5r^Qe)7Mit*sbRI!Jn{aJUO=w(WNQ$JXL+0BC*a=_((_X2k_njuALTH*onULEox zQzBjKdjtb@a`?&!)*DfG;LY%xKf52>zx;9h<)cHpO+z!6kL$o6^CNFanw0=+vXN!> z!OFPEnv7d3Hqm#q!KaX{8!t9~Qj=6mz5Xp__v3?OE#T&_l{QF=iDCwKLVsp*GsB%U zG1`8LI)Fc01>E3BpoYkP3~^TK2bEJKf)*gylM{4`O+4`V^@5i^)-A&gN{ZfTt>JQ8Verhp z$4X{)8wyWKr1(>J6cFt7BJ(rx|1o#j;UlUsbK+VSf8?fwhV@7+zeV7M=lghwtmveu%9Uq1M+^8fD`SW2^DTcv1PMH_q@ zB)aGfw9_DB3wTkXT;b&Dk){Qs8_#-`JUxFNk#*I(P-W6{)Zx?X@Rc#gX>bOv|6(UQ zmKoZ}x^iJ?Ia|cShPlyEh?{ttZL9@*;Ru!aWc}v3gOv1)Ip}KWscq1|!1Q6MFu~M= z>ju#1sv-?wkQYh+>)7&s9_$8L>_8G-Fh`>vn3-ud<0?t^ziLOw$Fp#vp$Ahm#U zCf)|9o1U}MJ9X`p<`ff#Ym0It4Oe#7EkSF{ayeh=CdXeNQx6q?aD>bux)T5D!|IB0 z?s)2EI1e95gq!i>t`$DB(8~w%sk4H`G#FlbzHDw%E zlR@Xk9X|5&fQs(DkEQRT82&6l50-WUSCgL{(>Yg}Y5V%% zBYTK*mO*+NIm`NygPst~ui2xH1UHa7){%0fwRgg6jO|tZ*D`!<^ku%8X^TNnHE9s$ zvliOdfVT@Q`!%V!mCxt$GxsCrTmcBpnJ+gum7i=Z6G*lIR|6OSgfLFp3LO8CRiO6K zU-eXm$NiM=fHcQs5v{<}oIq;4XHCY@3?;1_HJfs$#bCB44eHh14MT|m*wQb#)~3i6 zoio#s2+VmvpH<4X1zc+pc$=Y@ETQ76g?z7jh^Q`<8UQZ?dZw3{6{&X{q4}$40>%1u zHEPC+8F|O091J!JFBX8I=rN@(G@kU1xK}+d}k73G3^w!4V0`rYN&bs3kX2sf*H($u zj($EYFwWbjY(|GCAi*`)yj$lZc^W=vL(A35-=&x~;-0I=U%sc44yFvqx=-Pk{<6+a zH@y$5K!TZ7)v@B~MH9i4_=JbAg7?ioiNC4Y>@5~OlkVVC)+Cwp86;(SoX^;0F2yq4 z+3A^dHyq21ZctYC+eoj_aEx%^hd!xn*89{&t#n**UaJC2NiXMb+^m06dOWewFpYQ% z{zw&j9(iHZ>M+-iIEVzRIh5froyC@+IJxY}bEN~xxF>lXrsyXXIR(OcYG9pu_n7Ko zICzx|H+Z~||8pCpFTY;7PU+1@9^WeFuW+jAZuf#!g?PJw-tH#$hT0?@y$1+b-co;7 z7N)dc{rZ8IjW7$w<@(EW&`7f{gj#==G#kBDjpS!I@xC%Z8J#Neo2SXoJ)=A_y9-B7$>oPP z&da6yvqO^BmG4qW_7$Ad1?MOKKJpkz@-Ub>yy|$7I)m2qj|vQ-kS~%8%=U9P=HcHq zhMn-^@N8rRbDFN&vE{2QNQXRF$LytE^X!eivFv!~anqUMcD;*k&6*;=g< z4@(=Lf)%+s^Z`XG_YM;s7rqS=_NM#{9!AtCd-io(EQV$(&a=&I9^_76-n)BM0Q8_c z3Ox0~*O=LxiM}nNh^YQZ&}k+c|HWKSunb;UH_#vi!EVIQLN7hdzt_`c|G4~-f|$9X}JbaNZz1KaW$lf7(|_J)XA+ze28%~3{u?`IiI)1o?w2^35wT>gBj+q)J3 zUHNn2d$8iQ=09-SpPPoitfs8O?d-nZJ!1bRRrn)#th5WQfI198%D1taQm3dgUdGJM za-f6kk`PkV9QC*9fj7nJ*H?n~E$5lT>bn}dWAKl`p_%cDTE(^8{f#jUvyV&wZav%v zrt?uy--mSb`HVtxXn$Dc!ex^Ng_#k9N^#jw*%Aht5~kM(@JC>1=7Satqu7jL$s+R8 z^Y!lGyzkJ}d9;XetQE{b+F33woAR-ych{3-IpeghfK}Njqb}Q?lfG@OF(h~-rW}Wj z#Es%fr0?p{wv3RV2?O>;hme}~A!xgPJp;k_>dd`!d?K_FX)(x;kKmn~Skm&QD?TZ2 z8>IL&C2e+p;Sedpj`DccPZ5nP(S3+{!S~H@1>Ps{F8(v}38jgMqepeY9M3X2>c3yA zCc245yo%0S&Pjd=3-qt=K~FS%20yb3@JRZB452G$c21aet&VYZSr^~E`JI%tmG45v zp1_X3_IO1lOzPG?J*|2-?fm#tp+k-`uKJ2=Jj@)=+W?chxD`3RN!Y^v1i;S*sf}1T&_CD56Da}uzsBuki`%=uuAXpEy?v?qYVyRF!~GF)Y$IZ7 zSIc_*21AzFZvm#&sSIBlZG-#0@eTI6<`{7_Wm0ub%wc)Yw~Oba71F{C^QihRz)6>9fJ*?Ay-{f#JTW2g)BrA({L3n3f zM5zc$gVzTUMY`69Y=guJVD5bY9j)A6T$;#rro~!)@$UO!`i{W4a11h5WRvZRN0evG zPT5M1QZBnL%&5jp#CXrv)otoJ%-1bp0;7U5&2-_LQEvE{-dMe&;Dt|JOtYl`WDIL_ zl^rzf=I=$+CJM2+zxqXXJS7u)!En`oj=pC z4YEWQ3?UBz;;)cb2O}~S7FG9g&8Db(ejCE~R?^|JeG%*%5hvklq!UYwWdrSkuDgUE zWwEcNTc5i2!-J`B2N>QG$${UIvP|=?Nn@Pnv=f*QOgxOLnWq#wh8o<+n?$G`>dO0d zK_))S{m`I-k1I-?>kOQ|$4vF!D&<-F0y$2D7+kFn+=eCbc&#;Nu~zJNdA59tqr)8D z`;~tJTG`C{5xaP8$ukLl!kiv&+)NR-Fl*q?;e*uuQzh>VI}I<^?kSDAi|wt{Js&U5 z?AH+dT(hbA0g{2zZYN`@;z)T`Kv@{gv#nId`v(xY5IFd2Rnap4{41x{=%mldro~@6 zU#StYnFEYIX4TMQ7g0is6cL29jHU5!+p&4xF%m)Ux39)XJ=Go;6T!JyRC9r8uwLR+ zr~DluH!0&5@w3jk1B@H!@Z($n`ldI!3@N(wKz3dk&2$iHPA~mOq+?sBhM+I|zQu$% zdF_T-eS59gqn5=Ty;gcKO%|r)HRe$NykENyJ~JEXcE5Jw_p_LR%HrvWc1&MChBDJi zG9S08BPT#h8xk3gbpYowaHSm8?+b2a*=F9(SHveUkV>&yWqxAuIvS)!$!z26zt0*y zI9q=z1>La?8Z%=T17l`Mbtp-$04pkKj`>WLndLRFxM$Vr=B$hSQ&!FLYE%yA#hzyl zN})e~V#>KYfej9rd%URISDEFU%(Z#tea)%*BMl-OQYx~BmU7x#Bv4#|J!SP8MT*Q= z(YvkX85s2Vb`q$dKZtvNs|p>cnoPwBcRQ;FpTcC+A=O!qo#30zBk~<=i5h4W1p2OJ zU`*}a&R=^D zHrf(BIcfNU_l=5`PeG|sk*dtz4;Y1DUxT4h>J=s~F~MMV1STt*Xf&=7z*jb1iaPx9 zM#;8Zo zn@-D2E^T1o6D%T_hY^`{_XMsiW}(H2SA_BW&Gss(yw7$SP)K19Ga~OK`Nt$Q+moWj zTYFMlrg-dDa3T>0`Oq#uJ=@Om<;$sv-4YTwVrR33HVrHZM0G?q25)GFSH6YW{x0^C zXgqJKs~6U1_UT-}nVH1@xD6EOtWqY!4MTC(o%;~zpC%BW@F2PQ^HQH^EHd_Jw0yiN!WQOM5U=M z_7&6}rJg;|i8@Nc^(%g~X-ba4jOo`6j9tyHx$Ze<57MKydivO2l+bz?d~+GI4H9I| z&wqc7_K8^hL-=STPc7|33;pD;j+!)V)OwBUx^hbwNBuK%d@kz0!Fv$-)K}NEVqbUy2Q#I9G+PPt*LZ>*eDf|T z)z(WBDsyz_%e(`7$XLLf{T?_^#FEp9L8?h$tXbZ=pP$G}c5pIC3C!{nf9qiyCD{M>Su_j$-!hvbczHnMedev;sl zFtyqpj6AjV1RZRcN}kjh;_E~NSdsV`8bA6@$#EWDQ~1^VHs{-)w)`Z6ZIC%?g|G4N zx@$V|?mgs14*Mq{7&whiQglw_t5#G2J1+DF?XO*ug(DN)xw-x;%FDmpE84JX!TtE@ zJ~jKH==pmGvRV#b`r_#wPeMZt6Ht}_l_k~%mgi|AYQ4X6W2c&p9V}d{xhIFP3|or* zt+#nvywCV{N1vqdwFgIjR{5zp=Qb)|cu)93D9I0r<%PJ{&trR)?!{1aYu6iK5YlIS z6{*pC{4@6?$A~vLd6dN~V^(*lg1FEcpxR*@^rSigOBM4Oc;)#=cm+0eTm#vVSzxCp z9Citz%Z>#$SgLgKxeiDobr;vO9#QKIjo(PXqW4Z*TacU88ao(+n1;&KBI|PZTO3ei zqxpLg`tNs zJpXs+&X|0fTxqQ0ks)FchN&tRKr&x&nQ3*rt(m2nmjm;wabQY!;7L(z_F#{SZokm% z(%8AdXZj?Omrvh%{LFv(T!CCN%^1Z#P-|0x7|syi(Y?>6()C|T`^khN=W!s$;3*Gzu!=`j>q9w|&Fob=+l zGDopiswBN7L#$Y8tP^er`Q)DpAzd@PuvsHIMJwp~oEWOl87W#~|$!kE&bs<$bVg zYpa6`Pz0HM7{L3n_L6CVAAghswRH|<_0LyjuD7rg`pFEg^$9We})d zMTAg$?NlJ6uEN_Fd8r9#*SH^EDv3*t4PNxb0U<9Dm9XW5+0$};)xoqwlCrH&lGXFH zlREdGzS^LS-o+z>Md({qTz}4KP&(T zVL7L2^sIF>_-Xag$LUpm3U^z#LAt00+(=CD)&#mc=Jt&4m%dwc%nYJh9~P^WS6F*@ zJhJV${Z<|t3faeXEShTK`#S`Ewa1M;8b&nLV<7G|(o}Uf*QI*FOBO@1aFAVzTX!h6P3pPjVDJLhREThSpybh;`Ao`s zCh-MV6j)^X(R#}13_}lKVw$+bDRNW>cSgxmMb-=@y?s48buX|c=N0Rwy*v62CYK#^ zK9u&Co24UM##~`Ia!i3Z_Vg$^#4yE5hqaD1T^(=AgjFCe4sF7mVTofJc@d>o9vX8Q zQuBU>GIaC91yOPa_cu&_#9nr>}dw%oT-RS|^Wef8oi^`z*GPX~qx zL|v33fx>BPC1%1DDdh3Z!Kg?QNB3^K&w%g{VGq)mOwcs@m@Z6)lqRgV)KYSkD~oju^ExDR_jNtaWejf%UQ3MKz`782I_tuu^mk+o4K2|x zPWU~`GN@v1)&J9GjLk1;G_QcEVnQ@4-nTi=3Y$;n|)|OFBMgBQ3;*&z!VEK zUs3Sz`DC!7R;qt>2-%T+4{Ng%FK^0{ymM7~sQH)qZ1AuEsDy$0^p}JuBuTPjq-~JUk}-N_Rfq+^3kWX19wk1vkpR-(dYIF8|g}>5)#( zA>hj}T_VjwmL*8%OFwj~0a2U8E)`vpp+Tr|cl0fh(6>eV4YZq~_|P*4^sI%VcE9S5 zK;ObB^7xY=jB zr@y!SE|o*=U1%xo!U!W>fmAwYU@!1znS2G$dg?3D)J*c)oTUAd&`%yIk3aW_K8KLk zPxx_0{fO;*f0~gzQ>nzT}%ji!eFF%m#i*b_B1!|e(F7R%vgTau!NN1A@ zve)gJU6ZBYB6yV8%g^Fnh7Y`SZiZ)xfN~=~2_L+-{u4F04U!2*r$P2d7%Bmw9m~}7 z9Q};q^4?dsIcFLh8WX-u%#Qs@_ROSpV|+YZIHdhDTR$G@mQJdQ6se>Cj5%V~j=C(AR|_-Bh> zF3$@OzYx@ZVN4hL0y7}>EM3|Wn0CqXce(cd7rXpc!|eL-Cug%$Kt?te2kIC6Wk9X{ z0!jP%8wG=Y#zL0_E^3~?8(sB$u2AQ{aBmu&;&m5j8L(@7S2%sPA&29jUn%vootzshKjxQr(QQQR#Y6e{n$ zA9!AQxq%(_bq&V{-<)Y(<*wn~mlwy2Y}w9Vx!N3a)ORaO*03N z9Bo3oQ$EU!By@6Ts5XClZ5HgVB>r&cfdeW>i1Aj!$lI)yOpKK*pEuq}!IjEDSBw@^ zl!lPtd-u?{zY{(`&SRBjiJE;GbHOt2gv>wQ!V`9QB361S0h#qcDo>KA=!LjXL!O~a z#Q7?dF^AfR^}R;A4GLcSIKefH-eevu2=&V|a~1G(O!$TL=D6_9eor?{R#66eS&6;* zr<^lX&%9SL{f<(e_ljNWuR8s`JMdn)H>5il7U|H__rjH-|LaKak?Ozqedf{UaMYNf z^|Nib7}#7@DT-6q8X8SbAl{;;DNZB$Y)IGwKD22l^!v#I-b#X{l8c7b1k3%o)(z*S z%a0W}CYGq?*`~dHa+{j4gPO?KV}dF5oL<cn@r{#xD$PJ&S?u()%~6UEdY zdFM@WJk>RzWUC>WJGs|hAZZ;lw#ude+DzT)m1M%P1+VH%msU8ZxxtNv+n_1xhXDmd)8ynY@1IVz(mfN@ihD8!>V7+K z3qEy&RTtMdpN5vmZk6(PRxb9oDolDKlohYgQiNBES&;thNwnR^~Tj1CJ zUg<@PTd5%pMy3X>Gy!Q3<~n2ac~l;|D%!y53AX=_a`6l(bL&QaeYT z8@N@E3=HFAHIGqBEzM4+IzkvB?utG$qxA*w1I}9W@z15ddU6}y^&Wt0WLUp^ccKmr z9M(>2J3hTKF4i-7n2AoUB4hu;U+`(skcwhVp_0dq=(Zm`hbW8N=aSB!Fn`kU#1VYU zSrsV++`|B=*8nm-Q*OTY6~fN#`x?O2rp3UVDmbxe>`c85`sR1F-q}Ra%Cu((pS@Mc zRnW03s86q)3mA%xh;)WOS=6z!-*99(5Xsyxgp*t8JW~XE`eHd#`U7eo$s&xdul2>e z_<+Nx^E;WT>s*1Udi8-p&HTd?E5_&{m9p#jmT{O z5ZBcdNlYXY~DKguf`w;kuoRZ#;9AF1$2d4%qcV1R^q%iTm^{wCT#; z=SSA4vQR5YT+CuZW5!f$;p#=0llq_3Ypt&xtHv}A|A?h(`!hN0YC!BI@;-^68w`;l zXa#|9F?U+YFq?=ps_3}W8z0%BeCK~avzq|y@DBy`3{Pgop`2sM8tN!_^2C3DW?%RG z_kkEnXrH@wzitrDfk3HPo8Z)anICubn(Lpm0HUT>;!CuOKBA?O(zQU8N7L1iI_+!2 z{@9ksMhQOu0h;Y^WPLiAvAaHz2L6DNLf&Goq^zTN192C3&(?^BqvN}%fu#Z zLU?Iv@q=Uj&5vcHY^|mpeF#Fi&S*6MRyKvkl$7{r}4Xlz=@q430G4b;7FLxrgxzIZ| zdqHTIdK3JxU7k^cDRAM&*zmRa`VIU=_8?=}4*%@pwWcul#`IAx*`yS<#5o|G2KL(q zQHZoZwv(1y&v=J^6K*%X(`I8Ht<VieAKXjdz@o}8niOzZx(0b zKk_AiZO~doxkCW|?+xw;#xF0Mh-ta+?(hyz`>e3ny7lhc6Rh69Dj!!*EGaBu?_`p`hzliJvTzHf*RFYAGjz#1spg>_}e?QyK7e-mgw-e7fgZW zJ>O*2Kb&TmU%{2c#M?&V#r_+6ZyL>J-?#tjJfMaaHMcdjHKgWhk+y28OVg^M=1WZ_ zNLy17(#brv6h$kgh8iM8ND*RIRMnVD5Td9dB!);Oa_zI%bN`?9{MXuV?)&+#y`R0; z{UWa{mNO?gf8XPK9G~MrVb{66YHO6Ztd|>s&aY%;xciqV!U#vtS+EqxYD8b1>Kglz z<%xGj8$rvUPtClmKcyh64Zf($OIAFGLYXBOx~7j5ecuzhvdrLRsMj{+(pd zRgQF<*)_TyYx!JRNM+d#rvIU^^4pZXxc;<95+u%6_E-?*xTOyr*D29eQ&48gbhdE$ zMjZ|)y7xYc4X>=c&4c)G#%to8`cZS^P1N^9s#uHbbMQ$&!0+SBuuH5Ud@KgJy92gC z($c{#kA%BFgbg}(F)yqykZe3B(}4}$x^njA5H4Zn`7YVDZ--lV5fekH!F3NLF#~P=M%=$0x1@KkY%^xND1vKTA(rMe zDzO$O;^Tj5DN1}8@f&vIparVF{rB$RJ*Pt4WNdnxSj@W9O{jr9Havm2#qyj=PW)C+obpHb)wm59uzWJaCZ}HMv_XH_goX3FEXMM85UH9 z+N?ONfoSh|?ZC4s86s_!+r#(p3rMT!24LK42V~$Aix+|c;~o#EJ#F6MK5;gHFh{W5 zb|5dXLdeK=i0ch6Y3Mr9Xd-c?Na(c(9LDtAEyTOezO|c)eU9`Vkn(L-{PyZ?V0#1X`I=JmaLb>C z1ABqRdFH-_+dcc5!b=jszOv506-f`wQ1X1*DeRcTz4uINB}ep$2_6R3L*5q z;oXA9zNr+<$qxq~$*-(kD~T0Rl$>tb6DsH=;zr%DVzb3A*aAmCm~Ak!VeU&G zI8hXAb|(H-##u(GuqPq-FprD?^B#k+l1v9NQxmCCO^nM_?fKYuX4Usy-B~ahGaY-1YEdAz<1|lhe0u&%5Q+`<3*|kdXIQi~Oj_Q^`M_qczOgDQ~jDt`9^5 z@oqy64s0|)3-pw7L?1$BFJDF)t`4;A@OR~_2nF!YU%HZH6Dp`Hc+gA)M<*~XcT1vl zEUC(_&yhR`XR01Y@eoJew!!3?{_x%USH^StzK!_FAKah&6opO5b-KzwDLh;dw-omlGm%jt>m%sYX8B%Svkdc61HQ)S2)oiGu%^JP!H_gPTw zXqxPcoSVBJ49~;aw?`4d&>7hT7jd>o*Slu1kCAsQ8rYV}V^N>8UOG-FWqSx_Wb#!M zJyjeOKd*!Sj0xh@4r1Dt9V7Z`5`Dp9O(jjT;9zX-mR<8(-O+e1wjGbYql_vBrz)o(@V8Q^KXJZ<64{N-kx->vU?)w28x@iTV26pDlvVQ zep^H2rXv9~E)t|0sfJyy_M1g0v(HD3xLg|5Rz2Pdu7Rc2CiaWn@z=duGlZ9oc&Hjp zjZyX2=oV7Hu~$$1Bi~+}l*BB;bY?)11$J$smm~&B_Jgd40}AU#fZ*2X^rzbFljWWA z0sG|2_a6PYU+9^u2^%rA5aH@h0rmsi8Y(YMZR3w&st?}sy^(wH!c`xU z#&juNyYoh2SKGs~e|?rq%0Px8?Kaj4-epaBXi$VXw`n(7mo3yZZxS==qrrvpY%YE7^ao{MjN+YT9`U0NxfsW(Q+eQl( z?>h^=63u1yOx-(zS3A6L@<%xF9T0mav{FQUx#tJ7tQi4W`S5hM8ujvrAadAhe&$!D z)Rm!5=IbH&U2{Sd>nrQMq3g*Lo-7o7!zs4IMSvlega{(JROYyY;?!&Mk98ncAmtKQ-Ghm8QU04N$t;5#N$mJ|Niq*{T zTkWjv(HZ{zwY5j}mJ!-(hL$vi0F&xPn=?JYm5e$I%yf5vkFydMTDcN*nc5G&V^Q8@tww1zpUP9;TV)ZxMOje6l2d=a zk%12D>jLin)*TP-DLOMB!+N>~8NFi(4+iZ1aF`_#BLg-2ktzTUM_}VKZNC?I-M@Aw z_JycI9au_VIczpn1YX|hDqPEsuYK+3hHFZnX-*D?h4QIC?t56=4<4WOQ13XCrYnEo z(F2cDrp%a-H)}V}4<@E$NcyikV+%$z=2lC-)`$4iRdYwFXB!f%&!A6!TC~9_^@NQ4 zIhy{eX;dw^r_2W@d%22rn*p(ASav_bQev7xTAv({-Kcb5@T!;oxu;ipfZ13m~z2*7O1hL9ts6|zz|k;V6S*5U{=l8mB~*h;YunNuw7naS{V$w`e-^dDA> zIT<5k>qh54uOG>r*K-fPCGzT1fN3Y8R;(SIn0JQta)y$GJc$SkEM(1WO1_-+KQuFy zQ8M*~RQF4GGtcK6zY+~&+WQYYZ)fSAHO-gMhV9G zi!T^T?4~t?psBOck`6@eo*|tlDmyogC)4M2q@C=(Asak7b#CC6SsMoP|#q$QL+;XtcX!{R6b>gr* zPe=H|$}hG*;y6o$vE4yAxutriyIJoz9DI|`jRyupNz>Xf$J;`a_V|s7_b#SPv)L5l zuFSanC-t;vG~T(`i@;Ve>Oxdk^MT#!HNyRfwM2?|u%(3bO@AW`e`xEaNM;pMp>0A1 zV75RH7Y!r)nNL1_>Fh~S;UDL2WII9)LdI4}2En$-n50kSG$(R#v(E=gpK0(0#5$Xb z;sbWFNYbHMn>VD`R>Bj24C>$1^cnXF1x#~|1he_GP9|N4zaKhVL55tm&U-uzoRbUz z>o+kq7!)0Kn01=E>)t7$o4Z>z)1=&PXD7xqw0^3GSOy$K##Q6D|Kt@FJu{GCc>bFf@;E3q_yfWo?fCPO<#@x8-&7CUJM|V3jV?-n=sTSj z%k%A#6}otU=sXAH!<7lj%8drj^#R$!=}A#Y<)Dqm@G#iodPz#N6yh4oy}bJ!;s#x` zW`?|2G20l^=QON<&2bDn=$>t5V|%v6^DduE2ho$Q#_b_UAfc{O1JeV~xZ?N*M@ey* z_FD%7Mdm8`k0)}Wlnd2Q!>ZXwhUoW%m@3yi}!vS&IyB&5Mp68mZW+w#5%_%lj>>9v&C^ z%C=aRgknhwsVemIDD@jP2lsDCKz>i}&LhFQveyAn?Q$RCX#X6%V2s!vYGwYuXI?8p zEyG=LGO=7u{%Ghq>8m1>tmD8UyCyGrnj*#7I~FC+xmrU{jnj?`?^d;WRQq=FphFF500?dn^^>lQuqiMS5R8yvQba zBB?^-pv@C0AqQFBs3V*|S+f=WGpJ{>NAc!V+Ks7^iHW-`Z=+9yoU=v;G&HUx^)_ak zP}MW{eX972N7h%uh7$LqhE7S+MhBXFyzO7$vdpxA1~P5r%U%O)FCJdq)iJx<>CbvF zPP;FFG#{|Lm!!KUHH)#BCRM|n+Yd`zI?+b-0V9UHkwNxbTe0D-*E^1!it*Bux!X(M?jHEwZN6Jy3n9fU zQ?t6D{bKB^wfs8L&{k4Ze%Yj@zNV?Zou&>(qO8lF?-BpX(v9lkmapbLkJh&mVZF`< zFhWMXOT+V!^hk;7Rcs?0FqigJWX664?6$%PYt{f&jGo%M787-f;f0nicdE;tX%dZC zj*d110F)yC08qAsihPG_G8J|)h)6U%u{}y?Hya;}EQ8-9iQ|n6$t;%zTFBmec~<%g z`}5q(WB-%dd5kbE+ld?>m@clLb-rxL>Y42v+KO=GjZ_3ab*2fiwT+S2zlEf+^#AsEqKanxv79Rj6~jkG~duugSMR z;QNyRB@q)t07N}NL=v@H0z!v};6Uh*?!+55PalX0zzm&B(2V=uD#fa$vI00oN=84(+E_BVcqgRkmH#MfDIB@+3I*7{$_CdO|dOHCy$~ z-y5~ww6ZFbeSgOcn=Af1kD)H$&*7bn4jtD4CLaP&jdbrMPsTx%Dh)5R95_)p5Kbqx z^QB>{<`fjoC>kbz1Vnjw+1hH%`IvxHBOI8{+Wt_|($b9%S8cLu%4G0bNdR+*w2s=} z%mb(&fAL@@?xO?{s-+a8lJVLx%!ltR5jRSX}zeUD zyJ?3QWnV3grq=+$P#oScCHWGjKP67@pWNwIH~HUkrF=wZwlK$-#ZM2MRZZ33iQ<5!yxRKLl`Z*Q|mEjx9DH$LFyjd!DB29}!PeyDRY4 zRQ}i&kQiK{R3aX-(u3)7tnF)bR9ybX``RInJ?ulb!rYguUoy*?P;-2#wVe0B`YWO2 zacYy~G_q@LTyEwjW>!_!vWlS%&}*H2+OIGK;+my?x?E_0-WR?7D9xwg`L}ULbNytg z@>9CPj%6opejM8X+lbMO*k_hyar0H|KjDd8vchO=4<_v|9)PCF*;5P&)*o`fYj&P< zwmMv3t#Cu%_j)#L@*2j$3|84>n>qfIHVqsl z2rZXUB+agV`i2QBcZMLaGz{dvZKuvSa(u1MYreh*wXh$R^*x@Q%Y|`ZuDJAJadRS-7C7A%TX|EJYH!(JbDxy*Ug6ELb^V9{ z{P+)>=VfI_-tf!y&S7B78;#BxX^#fK)Ta&iZF2Fs#Ot&LFfV{k0^r269#dy(S*G+u zol}73`X{o@7+QE=vtK(g`?|}WuJXqIDah($4Y%JYzekmHft6Aq{rwk@;1(>#7RbC= zdY8gO^yC@W16ihb-fn8!CM_j4uD-48H<+>yvw+Y^s)$Kab1!KV(hZnL{t4Kn!LkUufHGM$Sg6rv^%Qsu;G}(-B}AZ>g%>TZf^Io0qCP{-iwmnxyu z+L6kuloEByaexXIV7Xo!Tm#RD)p?K7f?ns_qHe=z7u>@nPW1`@T6%i%RintH!+#}5 zL;ou|nhKoy4lu~TLqZV5Jq`y=mn7DviujngmBGC&=#!&e`QCFE%@Jf^`zzCZ+VN3x z#g&WNiL;P>0I`n{Ux^oC9B( zB<2PDJoFCc{`Ouv#neaLZ>pd(fYHNuBMtw=skf9bbuL5vl8pXt5?Ae~?8)vHO7ug4 zgzyF6%o09Q#nJk<<+yf!Z2sgz5;oAjU3VvYI^>K-;zB_trQXhw>BZWmZ%>D|rHY1e z&oB-Uk}%q64dAiC44D$CYZ_X$8VuM+o-$Wmxmk5n%|*#3=JwpeXg}t_Qd{ zGT9AHI-?4qLBqZb6U5NGb1iXwc+HN~Z||eX^#NugeWU5!sO`2q)o(DZraP7mY2@3( z!OC_|sbe1ZFehGq;!CMGe7;4{gdYl*oe}6n#gAReECJRv$T+-_e?hlYPG?ta!9b|= z)6bpmJ~{Gkf?oU2`FT7&_|OrBE$N^LAZ%GV4cpHbMk=wB;HyKMi3S!)Y$~qHCg{%meRRRNk+dKz=7M&DYT(^C1qj$PmxI>__7Pvr%=H zmHxOnJ930ieeWWn8biBUfw(qeD6}YBgG{Z&+ZU41UrT2aVTY!AKG?Ul9_>@D?(j%H z{PM8Ztz%nTB3U!CPry=!r{L@C8SlqjejrQ4FwFFl$coiUJvK2xA%&^Q0Vu;{zJH($ zyAK^oV8R~D)&l(!&q=_dNeF7FNdzH4Xv^Xrz!i1^Dtly8R>-+6Q*qi9ruMSj$pR*I z6Zh!jdgZh0KZ`8NKbLr$?P3fieNkfE(}?S=SjI+IXqJr9$03!KEg!=@aNC`M+qk-T zoA*uM)B?Dj$BloGRfOA>H7Wwk4qn@X3=6?=bW#KQ4I-QjfON_NiQD8y94OZZneXNz z@1v1agN4?9-f7un7{a-Py!-wZ9bFO~@M8p>PfDIQ_p8dj{ZQWf;VtzuD5`iFWv}7I z66O=+GZ$sq@k^WGGNq_v0Bt0HDWy}m%QbyFRHfxZ^v54bdvdlxaY%sZ3rU$$X1y;$ zTxaN}A};5{XB`HE&uY^IjBq0$nC#8kG;(iaRT_8d?DVV80m6qXC6rCCCn&&2kJ>ix zz6X1Q<0Npui##M<7;~7IEet;#YB7YrUBdGEx?$T8dFJB1jY^v5h+Og?pE1cejgyb# zk>Mw*ZqE;fM~+z%l%Xf`Fed2^T4aD09htVVN(!;XIbu#d13*Uwm9=jp+UqDh9H=6I zygUmp=mH;|#FD_-Tnx=jZW7kWLbNnCdZB#Sno&c#K;4a6)Y0$Uf#!?3UA7?rE&>k( zE{@~bzqn&yv71S&W7nmj{)Dn&_dbyRt1I_5P{{G#PG^!qg z4FC4O9w-kUz%lRehuFRdRr-AXEO@_fvo@ovC?6g}G}39-Vh|s13W)nYf)sbEoCXX8 zw(FJR=@gGJkG-~E@Ole_svNemq;H4^cfK&5+C)EsMUV3|%o6~uLq*{1# z6ZQsLdi63C8s_dn|I4V6n5h<$$Oh z$ie$eBPBSx3~l1m<}+}x^|#<$;erkGG3+nZ0QB~$V9JTI%6b!9@qMQOt;QL*(#lps z+y{)0fx1r(1>r91i++AT8ppIfhF}3`>}O%!bVOV4k$DA99U!vmrkS1=vQIe=u!3gQ zGT2wR-H(EF!#i*WkTBS%9+>>_U7RswH@UWI22+ ze=1BEij+h^sQrcp7Of3+(Iud0gfg_WMkn9xq1SrP0)^x!bi}5u@-H6E1LmnQ+K?H1 zqb`Z2IJD-q(twD*lMM=O*cjTO6(^2{XW%{A(j3?~?nPhO8scNTG#b9#L9$76_LYD| z>r0{&U(0!#D9}KD{;RV`<$p_bT!z`blgImTEvYHzcHg-Ix4N5ovq>hl%)1>2{u%zh z>UveykKM_>3+GS!>B;eUH63cn1Mj}sgdJopOpDe4kz9V%bHvs1#qi9x)VE5lA^snn zYYT1?Jn_T1)@JxLqUxE9#>mvYIzz78k;dCJakd`k$|!JC2I5HDsj3KFG#uLQ;F3X2 z2Dj^k=F|=^3bl*94TY-ZOZj>kBmC=MbnLfae=ABd*->V$4~KBj6;@FjgXJqrkVqX4 z)8Z@eFA6n=`b1zrgJ2I3sjs79s%QptEUFI}zqI)+Oq(559U)b8OHR%AiPv8W#9!W1 zm5RCGB*)Wfvf`f84^Y9D*;iQXZUYBc+CFDO3ooFE;;PU-)pHp6cnd`88@>SF60&$4c6NtOe&Ue%)w_Tk{IphY-M0@PxxxEet23~ z*&kt zo0|W!v?%pbhoKe7n>N_IrCztYe0xoSd~y*do#Y_Bwg)lKEO9=C09 zInL;tX5#3QROf|u0YPX^R8gR}w`ULt`)Som{9Xe#X6cOR(n&9)xvx($%?2}`?Y&qU zbrhIDPz<(f{a}<7%fhxf5rU0CyWbk-fPdqyJ|4KI@Yc_NAww|Z@A+Sz$7~51AduvG z%+QegP0Ur)P<%O0Wkgk5THwahb)=+yyUe=)w4Yl|NN57p&5#jLoo#NSs(cReO0)l8 zkpblI%tfJ6IpC>ghVyzchk#)j9J~CV_U+tTEL}RN%TN`Es~6oq&hl>84PBJ#HpVu3@+Zx2397>X5SF^}*!z9~_@An0aF5($ zmgdZ0XD`Au!Fu~2rsZyD)Nz~FP$g(pAknBQrFUja|`s5^vnxg(hsM5D!kM{K&m)l{a3#@qz&q1EFTY)Mr!jENMn!r=bd+ zmV&18U$)1MA!KLRkyhq~wF&c}8Yf3cgjdDu`VHZ$=hUk&e4q0Au}u)-Qc!!gF!6c% zpFT1UC8osBqCxGNPVm@HfMCwKOijL_YHD7sqo}vCbvgc2V+y?I^+bGrhQhR*+WL+~ zh5>kHHT~D4W>4>?N)#TA(%M0AYH?qe9nm5yOz+1)IZag-?Eu>xVLj3;3>TZ>qL1aj zL$|{VpiKw4Hs3hWFB$+ZGEBRzr$H&%?QV`;`VVU_Y7xVG#RgC;Em%F}99~xFw16O- z?efiUrhW`4_L+_h{90o!ayP6FSEsXm`@!Od{`rz{n#y7ApE*hZ$=|4hf<>h?Yakv0 z6qtTzZ2+O+%!;ra(?UHD2YCD~4TBU*igt2yxkytPIY0GYr+nU{?v0c26|nKOS%H-% zy4OaRq0FZ-ZF0Hu%?*hEq0WZx*2&|psFf;}V(R2(q{Xd>%V9F6N$Ag+p~lb4qK_M% z2=na2j5lsI+7dl7iu|Wab#@1FR{Er1^Kg6Jx}8Z^&!VA`bx9C#t4`J`EB9O6WI?FV z#7MAXstMs!?A1>mbt8rMs>aP)FJ$qxlyyA#k;G#ej5-ST0GhxMW~};1x@@P+>0!h^ zD*L*dKrAP;#5V+|t6AY?6d)|Am!#n*NkGo29sX61xy#CDTXK7m;)WLxPNVt|498>` zugy@$ma`*Gh^;$*JJA_)*s}F2%r@>x86B(XKhhMB4gc7)9v>t?Qf6Mj?$(;pG{Fgm zXYc+Dk4%0%6l6^|d>a-jSNxWF?p}^7?XKYdBa$k;&-?0YPFyxw$)_n;>M85gu7_A` zG~pU>7J5ziErnrMmx-+SXz|s=T!|Lmr;%j1{k}EmKsgy&1@wm5B&G6FRGUfhCqzcUbSjeUL zXktHhJz@8wa4O+csv4e6y@SvMa`cdA^yTuI@4bpBrFf6$QvlOO}i!` z9AU6Ws;f%Bs-MOQdPjx-Q{W^7NRBQ6g5|wN_qP2E-s-OSWH@<-r zl`ln-XQdjd4jgi_&Vj9zvu{CV1#1PKhnoWF>Sc_mk4|}D8T=l(b-UVE^ufn#)qQ?d z;&RvIuZh3f*A!_S=`F@Nq06)#;)0f4#e%@12-_6Ph}nZrW_kN{xq>tuA!dZ6W1Pp6 z!dPqTFx^S5(zutrjwM2CUz}p2k^XCs!v&s8&R`vgaqczE^yWk#WTo$4JO_bKHnD^a ziwJB|>O%W@lUCFH{?NZ`4J^6~^3l+rS=<1j80bja2!f4Lar{BVAulz^*%)f^q@tgWUHY z%D|!_<(Pm-V-dI8wRQ|w=6pXKv{J>8S!Z@}?o#YYEE%r3|7z0S=_@}!rlp-cY4P## zl)XT5iS~-af8#W5aLANZLN8&yV1==70DI&v@X26-qd%uKM)b9RoL}AnG3QHVviQ*Y zsPEf3MO8UUXOtW-hb3HFHx(h|)J@qt4b9!0)LtBgE(S0ovC1^Z{wQUl-C}XhI7;E4 zuJ;3$p$9l3tR9A37g3hqP@1E_&}pJx2J6zIWCw#J6U%?<7n9XkXG~rKT*=?ryN5tq zY#_67H}^e5vF6yPo$bs9vDlzUfi8!Iwzpy(+gTww!R752P!=O=mT!c6yHwNT)npF) zkBNK^4RoA61gI=JKov$d42 zcxxQ8&nK(mkDcc67hz`EcvlibZ9{&dLxxAS1FHPks$1JZQ^XrfyAI*b_s5!O)bM|L z5_1Zu&tHx@Ifl{KraH?kLq@P{0L{*CxHFlbL%RRHyz|TjK%F_7aZ2#&ey`>Nx-6}f zj%&|}P2vcZv54IgnbA~9XFd{ZxZ7plH+|1iKsG(`@p-!CsN?6D@u3;cr=i8dy7l+B zReA^V4t2?j8Xn{X>|%1M5Ss4nnhXoo8v3nMvgb9iDx*f;0q2&R`C4%&TPyy=UkFYhSGuLHf?$_%{ zoW8d--0Ps)5)sj(&=fy*uCuRW>0_@x{)f(b`8eW_-BN-VDrpBu7vRr@fl~3j(-aY< zXvLxVL9JY82c~ABkA*u^@{>nXtwkKK=u3qSqk}Oz>T{oy`}(3Np?1Zj!phYgf0wfZ zIZl0b4P1xFCANLJsywCNP>#M3hmgfgvF>y>@Xu!f=0z(<-%9~SzH}#tFG)7kG~GQf zN1q(HyZ3M_8n%yfnpMNN)NM5a$nPMASe!rh?ri$qPv17}S7$%kpRDlLyqBW_=%7M&Rz#3*PfpXl=h5lwIV=TAi=Ovey-lfpYQhx5c%#d5;$l^I+dmDMA^6C9) z`z_;}n5zbM!1*p>#=B+hB>Y*o;bj(TmU46{o#nNCgU-#LmOa)Q_HcjJ19RR9arqHH z(s3E<57#=^Td?p0uOff;FfA*yd<<PPj}{ioUE+PoL1l>bKYbswj1@@F zy~)6}sd{&X&#gsom14*B!PI2;8N+8(n1koBp$!N6Dc=k3<8wWq z-u3jdN$%nKd|>zU z60vL~)>lRZOGi)SWMD7f#`maZYMxhB3LK&^0B7N97BMKVVz@;JCP@XFmZW`jJ4PxkQCHGt>|DA zup!-vrp+#nRXc{+g=n~vJEerP`P;6Fv>V_5`SLnOBL4=Fg7scmVC=JHlsq$(gHGw! z(x+-?F#JB@b_u}Ah;Mw#mk22|<#P$1tY~=turynQQ8#ZSClQdXV=t&Xze+ug_Ey-v zMm!UF`!!dwpi0tP7owDjdv2;F_(|ZiKsA>}u?!e?4zbO8OS<{fVA;HOtgkXNkua+; z)US-bdD(O~6JW~;vgS8tqMoqzSnKQ#Qslb^0-c6>4)ScSd;DU5^_41dp(CD>2~RSm z)|GYtg~Q9H*yF!=`~mW()QGRjg?CltSkgx8viF*-!(Q88)$br=_DKD0-#eqM-f7CV=XeeQ z@HUcI2TDxKY)hbeY52;Sbepyb$eg3`p6vH_LAVV*udDu&SlcD)$$=~hTii-C0P1>z z;s@p(OV}(>F>7DaT?*H={f3>RW1{_ob-YGY)KsSI_1SF8r>D<A zd9j@fNzN;iS&$cHfeNeJF5#}u*uij&6)uV3PDtL7?dCUPhSSBK)ncUKxi_jU&_A_3g|LJeonS04a8SL=?IFJZw)F=qWMNmp zI^=Ao1_#wx?{(n1YOMU9e8hME9n0Q_|Ay)xM=_3?atNSg)Fwct!nGscny(d8@_NE3 zRR8;Ee^Bt;j?zjr+a8|fID*%n85jq$%K4@DxBEQHeVB$v2$>O*>Ef@9G*pb=zv$w9 z{^!XLlSzSq{=NGaU>wTAm+!FLreRO=)W;C!1zOJ>=-l*~#Kv42xbKCj5^DcLEP#ms zs;kU;yxqPAoGmskmmQR+4H3(Ke43 zw|CouBmNP#X2TI?agQKbY`hQoGL=VU3-)05Q0)jCr^yO zb(Tw0oKj42d*q-yRjfm4@-_I;=rcL#>NqZ6NsILFeM|C3=Iv%dbjZVfR9~V+Ta+F` zW{kTJVS#74QTYQQBb9zDE0xjAEa_e&6+7D(lh?0J8u5Kb)PK|HkO|26-aL# z=YpZzmq6{PBfi8zA7*NBg|7rMc8mX-v<^?j^%`_Ce!W1r(a29u-sABRX$Y;AkvIdC zIg<7+Q@h&@0y}e}i{Ixj-g1G=LNB_H@QUnQXRWBJomQ`MYOE6$R{8$ z!+^{a%O*}KH(OJ(wg6mve)m61ymuo0Gj+@3cx52G3u7VaSyWUTg%4rJO4eYt2E7i7 zD5k5vEt_oh*O<7G6_?Za%jgTctoTnvVIcNx`4<4cCuAtWv13ufW+~AQ192d1W4|UO zzL=qt%%4nrd!W#E^^XUWPNn>Fhxq5c7fz*U+=*JRqYx)IHn)mu2%Cff4u%NyQ6XDX zlVl~g>hZdC?-{#zea8=uj=Kd*-R+k|y7ILytRD67cp{yltC8H{E`O}h&YlYXK07;! z>av7PhqkBg^`!`Ezg4!V8L2$OP@SEDXB;rB%v>w8%BhnHP4rpw8%-B8yl1AMsAD22 z`DG$+n+hgxOdHlRG`q7zWlk|34(bONv4C=7K^9>K9E-SJYW!hQ$E2g%Ag|=1yx7A5 zaZSmWS{jA;{hm{<=8sBBI0i#VHM=hr+qJ{n88!1L2r9Gg*CaH!pegUmuiYw zAgSBlF9{SraKPo30c%B$@OT)b)a=7ow|KOww{_%)n_lWAY)v&1Nm$Z|1a?nq(=d_D{%Ybq5wpx&L#Tz0TZJMof1TT;z_w(=G zw)?DRrDe+TW;vJp;rkO6qnY3srmXKsQs%npg*?TvYYu+il1I(Kul3Goc6!yLF|fs* zWn3mX$3SO&S8KyHg&jn9pa3nmCDha|h!6k}k)_AZ)Dfs?*A*I==^C>cwpNKK>RQzQ zWRrXUbD#S@xv_>wIqGg|%YcaQ7=Z^9gc81w>pPV70nh-A^PMMkI^=1%CW!=xnaS?e z;@xR$)z3$pbe{mfDR@7N*gkcMuGGD2XHD-%C97%W_5{PCxxB-tlRbtzdNZpRZ<)LK zE8w3Z)$8;T(us-;FFFgE1jojT0dvB~Ec+4ce4*4zjcOBl~(z8K@4hS1ZEcTosf z7`4$6Tsy(?BDRI5`3gDCndXf3iNCy~LQr=?wC5S$XUQ=wcJuY246!?`KM999HYH0r z{1_6#oSz8r0t*M-)WhNxMnvm|2L5aDs$&ZUyVfc#)-|OzvgHaC#fcWjS`7vzgCL^_ zw`qezU5VvJewrY%R=@3x8_otkt@AnkkFj29{hobZXt+DGZ1+v@8oAtd7tKA#O7CWd ze4K3CG0w}FxomlD)|!0JUq17pTFG7?c0xrd>`30(3{G5cxA1Y^Y})v*;Odag8lQ2l zTOHRmt%1GfRoVE9gK<98?)sb{5~azC#>>$oX0qb+?aLKvoD8#O(0`kSZ^XRl-mB?% z;FW0C9=9ds;vqxOccA{%77e8z-8N?^CL%tDg~xWJK6enA9QM0*lN>Slp{P=NB5DaX zb>P~>y!29?QaYjKlG8&oruu*|$+GyW;afj9 zw~JYiG%_*;JEh-Lk1a8XKtl#QgYveb_RrnPzjy|AXmiBUZWfdY*)7HUL_`(?pjltm zlX54YoQ{T@MX+L)&Q2(HMDE(UgITH2xl8X<26d#b$Ui=C2Z-TQ*w^9Y?(mW}%0bQn zMlqV|FQ_+$zg)y}Sfz5?q5EN%Cgn7YWBx38lq9_82XS=jFk_*0Ac?TYP*+wE;WvT@ z&n!=ZS{sa$f8Kxx4Wc}CmHpweB4R!QLW_x zVUA%VVe~&BzU8XAojU_<$@@Bhs85bDHghRpv)|SmM?N#4I4nKJ5!1|pCG)6xG%$=6b zz`t7V{bm`4U38SlqJt;PM{CA=K^t9+*{_52zMkwZ_<7#OsVa^h20)TgGJsAEOl*Ph z^7iI)3~*d6FEk#@(pRRU17{3Vspk2^e`;bgV@*dvq_2aMbIH&9RA_?9FL{pZm8Eu` zp!~gF_ywpfTRvFK+3~*lxpbU$R#Cwkt0zn=w>mtm8&HS;S;l;2)U)3ZEthkw#7F?c zD+@rhO5u$bc9D>_F`1K%xwo;_=cW4mUS{l31}Bp$f5Tia5KF)EVK!Y`l0~qp96V9;zQRIcq%m02yK5 zW}|R|R8u|tl^MQShX!HM(AE3D{QlzUgt0?ixLEIV8yd7loR^=6>yki&0&~UWW*nt zUzd1(O6zu>FRz^QbbFz3Qm7U4o-4y0Mef~nP0iWvi~zXDfCEV15E#XeO#{s@9Mc)f z5mJBoM8;5NYprBK@O{Jnv)?PKx>YErg|ZK2N^>7EnE6G{tP~3{Kdaq=s0BSBN>W%Q zc+}y*o>n(XpLoAL#ZwbS^9&ZhsGn2nbG8UQO2)m(>KQi%cp#dNo#~RbN(%md8EZqJ z`N|)agbagh%s<&H3vL6~#L@(S;Y7lh!p}KGm+Z=+#9>8)iCWTf0KZ$e;i2jJ1Z4li z?9=D};yE{UQ1aP;$S~q0E1ynildYk2U}9y?F;Ww;lipoMf5d#17P$J9`V|@hMH!6E z+cibEs6G`mKJ~@dd;oF}_=Eqrn}(e6f%kQa?xZF-fQ1}>p7W-Hg%Oh9@K^OMJn#Fj z`U4>CEooz#P_bu>4IU)_L1fnY)+(*&eShWH7Lf>5B~6i(dwaV7y?^-k{^8&Ihkx%M z{=c+;_@A&Bxdh&WxQOZ&ZOB6hQs07%hJ)hVBWQPQ#rTD_QiQd5{ZCYjy644X59rAy z^-;mkT`ml2TO=At>}LS&Rg+C6Okzx?MW48uQnK?Y^9&vh1UV#lqJrll8X#b*&@sy+jPpq6jOBgp@b-9jx@syLq&@RLqr$D#p1!$t8xvombknnaX%`Y z+pps4ldKf|Ja>C7X$>fAW;`)*jR*8;?av5fAi5$1@9wrNT3RgDU_G64Yi`c7(0aN5 z5gE()fJ16kcQ4e(wF^!vYMjxFfu5Zl!ZnHo*k9J|`LY?lJ{3jXMk#XF&*)W#o(;St z)x6^9l-z zozlT;`;qs(eZFoM{N`=kuA?ZBZ>ZY4xGW)-v%GSlAezgW#1BQ+{zi2;K0;*qoABG~ zSxj0jIOP=QKHO-Ojg~#J1vxPRm$U@ZR=ml+W3oESrq4{?uI8s64aHs!Et~oFBMH&B zqzrPQGYK=!4uG>qLV7+o5{4V7Ce*^cQXj=gzHD*JIF*!g^-xnd6#=KKRWT&HT(n0K zMwrERm$Xq;QOME7ogZSiO)k(LdPkm3QBrxS50w;otl5E5BuyJ?!`FwYuuf_BZXKaX z6CNIur#u-r1Md4pASbn}(_=iHEt5mKV>+9cFo zRT7%z=qz0y0M_ep&(OCNIT@iv##R=ONZLU&%6rWp)e%AX(ZN2TVwWa+9oW0_{QLF) z@OuCRSN_he{5h-Te&Y6(1OI;gzxE!;#Itpy`jC=f-?fwd)5xbXNAP19G}`&I)(Cq2Mp6#Lz;IM3qv zT-Lb8l@tcy`gyw_FEe$&13jz{0NH`7j=0HEu5gAY&X^{xX-VH$?-=j@uvh`)Hu+wD z{+#9>6p4W`)yImeS^t>}xP#!6`uwwKZz}9D-c#)vl|Rx;BCoW-vD4?YeTn^#yU)$a{VIOGtN4AL zfAN%iU3xWy2e>W{n_0i2sRhcm0Qq}~mg zIWsGn3Z?=?onH~xSt%MFOqp59&Pap@B96^P@7UGFJDtriq;oY?@!q{Rph`g}r`wMH z)-!leu2}&@+$&D{!$WPo zp5Q}~t3TXNO`SQM5NX`~+3F6L78q90ww)A@SzI}`2!U==uLJmiF$^Y=sFP`;*8V8Q z>U;;~addIKZo{2fX`rxb$+GW&Aa37ZZw-cv!1MFH&!^*w=>N*T-GBeC|97ze zo?rTh7+h>kh8V>lfeyb-n~V>W81-6b_VZ0P7wLaEQOi4fBgf)hIz_h93!Qp`Ywwpy zIc0T|Y3MkTvXRuL3yMH;KTM*OV-%viiydv@XKCz;P}SEW2PKn(=@!n1qi0={l=zoa zE2^iNz^SVV;-V&{L)U`TzAiC^FxS3>y zp0Q}l-n>`Cxgqu#_ETkp4!fsLD@J`T%k}bWVA9R*h5p8EFr`jpX$L6zZKq>$VUVes zI4vF=@68i*sj`eHAJ^3DuWRE?{EEYy+DBe1Q{|sa8TsoU0AykwNFkQ#u)c@`ON{Q8 zRs5?O;XxO|ewb>sveksy$;v%(Xof(v+DxYX^U4|dn z3dP{?b_EgkrT|}!42pPam4T>pJa7Bf4nJh|Lc+4D_@nX36w9;5KUYoh!Jvr}O2!fy zfLDj38L4z-%1T?@j!cW!30m<4>|{42j&SvG;k>5b!q;@&pjj)O+QYUngy&e7JpVLI z!j2Tare`v+x}i@IR>`cHRNFbphS(Z!1Fb{ridHsIRjIV>z~L7=GNg|%t^!o~@S#$- z#!(D(sh*JKtwB7WW3k3_Uhz%FYImokZ$rw3L$Pg?JVqN0F`OG$rZX49I2rYTnB5jA<63XyfO2JY z$}gQ9Uclica;t(7^l-B$eOU9iw_6HjV&hq|ip6Oq!QjKq!K-}S_M6ve2CYeAEUz)F z7#Jy7iXdArZhOw>$c{AlmU|E-8dfDgRS=E5gTlV9H9rwFm5l}SD0!)UbQm#v;#Y`J z4h^ce3bVRS@LZlui@x)?K67wBm|%=wBVk7|>*o!)!a5AlH8F5knU^a77^>dlE!t>g zSq@9HDm#M)*x;)ux!BQB+i*eAi95H&t{Bd6v^_!aBHR&4ByrVzEJK%ewVkaJNhEtO zD*z$tWz^_tTd_8;2MN`+*8&d(E5$$Mbn2l2MD(Tvk=XYF&lp?(-h!)`(tp|m7QMyml2!1RgH zVAM$|NC}f0c)^}Ep9$Zpx-*i?ODSi6&Ur?@wK0*5a(-y_;P=P8NvE#gq|lrM)rAW0Y(W;oeG|s`Jq?mvkl|qo(F{7oJ7drp*#V#<^SkJMT&0JD z$(eK_V5N97nYP>DZjuyKR_`Po#-4;LkEpI2#9;T00@B+6XDMo9PEEe~U!LcosBZ25n6|-W-spLlKki}fl<01l=OPPkQ`=&WQZwR3Z*u4mJBx;(F6k%t% z#GH;p9kU&eBcON*jGOe01Kwu06hnMv-c-yE%_-N+IRy(1038q{4cku+iU&fiwsh`T ze_qA5v5VeokT8Lv2e|BODTA+LyYzyYb06`2-kyiR2bIN z260G{TpIfeUS$)jfvv)fY}ij|{!$1xeB!oMJug*qu%?xxE^DbnvS9vENcO;{t>*4Pyt@er0M! zJOVpeCf}+N`sH+bCtshFQPT_(&{LEF$a(I*C>WykqHxkvqC|~qi9PssQ)ZRq zjpH6iTmv`*QE!%>e|x_3-oUxhWHXr_)$R?VaJTOp*g!?yVFX!b8gPKuoXj-0&w>4V z^t?-zA}$Nwt~S;XcGbUit9RO?i{vQbM*hU6zt{LbhVCCpOc~bR1^pWIj!I0mB$COYf68E_s;(4zczjra` zW25t?BS3V{rkQNUMN!;iu(B+}+JOcGjp~;>NE*An9CIz@pllXZ09#(<)(x5+-`Z2F z=)>W?GV!x>Dk#x^MJlWpE6J##TvBhXYu`*ojWb5s{Z|Hja?FqAoP+p6iy+mT*xM-^ zZ?#EcI))Oz-Q^$MjvHLwR%9$Ny;iy>*D=f8Sws@;qB^ptaq|Yf(S6fp=MziUt0w38 zP7cf0ndgUXQ>qi}=Bhl{=MRqQ(KB{ucr5>}D|oN*9Sz)eP=wTP?mr zzpu6npJiB4^9NY{8wgKB>BUe|>(Bj@1g&+MPFy0g3KR#}RTFYV8PDmm?PFL;x<6jS zhSAyzl))+jE`57DRy7a2uXHquD32nY)vQhT;+JNGaB7`c=wS zICaC4Qz4FAi$)$8?=PAk!e*+tBtmfxJ{+osU-z@C^VovsdC3E}#W-c1g|iRVU#c>J;$8Rf5%89 zNxF8H^zfDB)pZG2%VV z+W~FWR@)Bpb`tTPzC4&f4p(@5cBRms8>-o4Bq5jVpaXbqLVbgZ?HJHo-{HCs^B5)e z49Evq$(?%fOI3sufN0xlSF{Z%VQT+W!sr!Cz)f;=SMrgn+hyC1H9>AE++zjPBOaUB zgoP9{Bd29+(0LD;s;y4Yu?4%)Br@s+TV+^{rFH&gTi|AxRBhUNk$L5T<@>kZh}Km` zzy+HUbA@VwrW^^gi~@ojBHsZN2QGR{JU>bE@d7@e<^_~U>6?itFiJlw;L&rf?D*k5 zr}CmWGB-ioVPi4}Gd45n8B|U>_hu9$W9M(3ZW~*OVGZbX$-6q;w7+z^t3v-;vz;Tv zXs5YfV_XF^+eV$cnr$GkXDFTVken5xr|gy7SAchjOH!NX`qZ(fq3Xb`Z*Psf3C}uG z>MDtJi|xsL%<61l4L;DjJ>MhCZ)Fh(=FFF-t&b|rKLO84i|)Kbcvwm@w(c?nkTcWl7hhgThJ46Ub=jp0$8NgT8%K*4QZ_6fJ%)~7(sX3?U7#$KbSALv1Mm%>W7PeA_Q5DAk5?)*PZ+y1uyv1!{&kfX%!ZG4QrRd0aCPsAZ?PG;HG?=q+Q{2?Rb zAH>brg&nUf>kY8>Iv!s}odwkKZ-BHSNem$NgdJs=PpKzpSsnvlU=P!XS!Da#4Icf= zJ5<0NpOk)k?bK{kVKI?+2N`w=ZpMfTre%@0nnA*l9Hk-r!$KI;ghn0t_Q7XByNi?1 zDVBVwrW=qO0lt_j_>r9g{k?E05P)`NX(?bHPOTg@%l|QtJwC>kU?AF`hNs$=7GA># zeiX!OWl@h_-*@+Sdb_~BG1-tVOn%s(qU~5VAljyLPLCz1tHI4(KM`ye{NS9lvW@JW zMzn8K?3!V1z4mQQH=ckO9(gLlI`Y=Nr!8-~;t9VAHI^pjIWAr1|0vp47l$c!AdfVd z1x%5m^^Xp(t3K*_?KJ-%i?+uY=9{4i5f&iYzGx4>N1H@DNsp?mGgtV2*e`e&3fK0h z9Y1T^_$59(OJzvyu)Ha+oU&>Xer;MijShUWeL?4LZ{&sQ_mpUTj`TJRv@}TbKE`Do zt(#Z9Cg$sXRPziMf7=b;JPYP&xC0}AhN8$7(NQhS&XIsV#6+U$QRULg~)Wvr^r~M>$2TZlPY-nl32g+1z0SaSO~!8xs*X zXi{KCm$9iC^}%F8BkL4nt%wxvFYT4{ckLu{LMAC6IWmA@xq|r9uLJ#95<|Am^R(r7ac_?Y8y8z$FPU(t+a-P>;mXiuCU0 zFW3R$SwOZu_or+-{C~=}BhPf`!T$vA@=O6t%$G7p0%SzMPy0Joq=0bY4?CNAw!{}K z!}2{Nmbls>X6K%`WjX>CCkor{vp5(VeAvBzCdTvar5z|H|8sGBiUD-!U%IDmH|IM$+ne0V+kW@o#d`|~9r@vZg=ofrTy?>oQH zBk(e`=i-_AN2tBpEg*pnX;r|zCJYK4p&lMk_+*z^?kVcM`v?qoPTZ;LLNN0c+I!CDL`?B0{ipN#4N7~(yw|)uqsQoB3{wk{VtxGc5bl`e? zX<4L|=<#jqfiWCfW@*EKI#9q0z%a7usphoU`Bz2=6ilBuWK6$t)F^K!Nqff0lK;rB zh;e{DV=E%YQS&XxPp-zV=jhk&!LwFxX214ZZEfV%oix~!E@6N52{qE?;TZw`}#M^8|=CGLDITAjaV;_HOZ~yV<@$dTg+OoUF z5uNoRmND3qyP6<%V+6)i{79U0!QvWURZ5oXY;A2#l8A(1Z~vQS*~3?&pj~Vcmec6^ zhV0vtKR7^RtfS}1iY*B`6!`Y*y4{*OH$xFXg-)l0-fbVtIN=)fIOdr4=3@uPo1N(j z=WPY)lQu0=UG=NWp>+?X$!0L%juM(&imW8 zxV)ADyLO;*efT}UI+;pPJi^5?YCFG?(vRn~q{|a4d@A_%c0#8Xfmgrkj9?81C%i?W zEl>J=p4m3X4{By<@`kgTIns<;T8Q-sR)L{RDQHs{bA%x}pQd4pWD-;x#30(`TQrA; zk7lJu@+6fi%i6!uYSb~+0?EnO?XGJttq}4s%b2?LN#gLzO0XvG8_^P1-aWQv5R2ml z)bB4TTzRy)wlzD8fc)PSm!>PL7_#k-1a+;J83>XJO{i}bd>>T z$ZSBOHQ|^#=0x&%aeOuvvMIJx?9DRMj+#Qf(3b-o7}?_UK>7Q*KTqS`o5OePeV-gl zUuzXOBK;%g%BxDHnTxW@N;OlR?K0s{SjWczhg_01R({Ceoa#5`IKVO_U()7T%;Nc# z3zNQ}GM6)<_Ap({V6MU9Xj{C_i(e!&xDFlJY!C;kGHGAo>!(}ZqFKK12Ku(V9yub_ zscm>o?D1i*_5Av}99zxBdZuxsx_nF5jC~igRzC5(-Sk)2S4GQ0FJs7xt{+?&%IVk)zTkOI&RDRuH6981*cGQT;~VdTw`GBo0#lS7v??0Jv< zjf%D#cTbrpXt#1CBsZhp>s?^_vy>|8=!&gf7;ig+BP3WztCbxhUJDtKDH5ZlTr;TZ zG#NIO?^$KGcg1!FKQPJt+?#yg-Em=@sJBz3FU-0!$X4m1pc2C_3}cd{@xQd|!iu1@ z{u=|7dd%llle8dj*TUboii58gCdb?l7pOfzQi^5al~-m%gKEqHmBiSx(w5U^I%afp zKs(h=7g9Wc?+HO2qSZ91Ct`IN&kNylG-xwac!8}nc;hchb9_AUf>du`UH6Ax<``Gg7izl)@}@A<#>hhJxg_Z(EU4@S1&`H_-arS;R#}| zY}={~xdhL@k-I%**Ex%_xN8qB2&=Al6!pxWoecgpiqkK~J9VMg^+06QQa!z%;+}+o zMqLD8nf!*KfjTtoy$H}^wuNNZ@Ngf6(?<&lUBNs-KPj%4WO!<|%p4fZHeJF6LV z0In6}r&8(yEXyMPB=q(8Cy@OAB=l__Go4PDN&b4zN>ONuD6{jy!1*iATXW|VhA$d< z^jk*$__%z+7Y3rBady$DAT-ujjq0Kz>nU5p^|~T(|J?_qRyY?uYAFsVVu4~;Fo+nE zK)I&!3fIC@g{VSXxbA1B3#t%YWoIF`*!da_Uz%p8gbAaY8O|vXn!;W>Uey z3QO3XTLpbR%jG4@flT}eJ5wXS7I?d4?i7f05*2~#=rM9){d8PE7oK22F{X`$2Sn$z z7mPbcP%%8ZkPoK?xeh$+IoS|XD=;2R1vq^PV~C>}Q+dc1gQFJH+HZk}f4IKXAu`5L z=|pm__H(_d=3^C(wTBMsJ#j2(0d}4JAU?n$iQB&@tx8Yme9>S{)*b*}LLg*aOR9|w z)ha0F9GF@dEEk-fV`~`Hf}Lthi0o`e%7g*sxx)xgf{d64@f-s~#_gFeQ34ceCRXTb zx^ofQgY{Kz&qGYG+XauU^NAv`hKa9ha(z!gJwPj6*Lx7Z{&b?mvCLQ%k-ix5q$ zpoM$6q9e1GH(jzw=ATGio^D`(8*V@qD_P83i9`ck9IQsh9a>v*C&hdpt$iZPEcl3k z&)uF$&a>pJ5pwGV3o=#eRN0Rt5cuL;le)M~f8K&{y7+4y;3X`k%%}XBcJ(S({IT>0 zCg};0sj?myPzhEOqAvuyo?BL>Ogy-t!~$uU0AbtuQMM@LH635dgtl+KpX43Y0; zdHtCcJr4mgKubJIXS@Ebwzj_YkH^E%Q_947?ahVdx{1P1R0wm@!7dmJeYy>CsR=Re zud?>mE=4a5oxj8hJkvfk*iKWglGP&+?j#9MC#AtO`+KzZs0gUSu<9{tbNYm=hVha0 z+1H@}Blj!gWozAB_(pyIVFuE;ekedyf0nwk&Rh(P3;`#{Hu%YMd|haI@oDdYpIG1- z5IMGkRDpX>?@RbE{fFEHYAUpE(Ow~oS;2X7S_FaF+7s!;*$K%QLcKm z#Q2jjr>6THAbT#Ld}k2oxpx@R*b7*?I-W{(X5)t&B%I&xer}aKVb|Sa`yl*eM@4z3 zZkkZ^o%U-X_@|J?v7zd1{5-ll_UF%40&N|;;$2ou%J>E(Up`)mJ@p>A-uds_|DWgJ z-744pJskM6$;8Za@h^=yE_~IC^$E2A1aT=IA7eQlA1@aj^7D-!FyauC%>z=BTrgmG zzK4Ky5Qm-wzG&V7f13IEU#p$`KY0ZHzx!|F958TOnSf5aQyr(p8u(~en{_frHZUcY z0aAJIhJK$CidOlY`(E9tT@cS791r{PAj()f_39M#WtixKh?BygcQ25x z<9$8U^$7m&(skuBWJHI03~7Hr97+Iwik|)RWs#Fj)&-1|R(KH4o|Fq>f;W7Uo?Lq# zE2L8YDkX6NFa0m6!;775q&={Xe@q?9XDcQ@5;z(6;9Km0@Z%G8248w38;P!=r7Mer zlVhPs(kJE*RO3kFMHbVa(7T{7!fr*NaqY-Bd{h&O8-8Zkr@`VA;jNapw#4azl(yfl zn>Sv`Hb4gsrTvz3P1rQ(G5P;aR}TIM=}Jfj5br!nf7wL5II6F};OWrVjdzYdEcVQl zZ?H-c(47A>4Ord%E%s0gzt^P9cD0Kl5IRK0OLNgj{|p^!?1m1p{}MWU6|`|Cz!k!IY0y^Q zD*zhUs5aGV=wW4MunHm&*QKAC<}#E2F86wB7BJBp!9g^g#DJujoW1n$I=*PFjW?c|@4t3s%1hhHKm z$JcQeuaf<)$DOS*VjFH3!FoVg`ps(Kvc+c@C0~b486DMy5y6u6Lb38T(-JW)CyNWG zI5>o|uB$neWQA3a`-}le$qdNTTPJ|G4UT_x3w&_wwu#r^Ur*X+2Y;OoO#OCh&%gSH zfBnt>{q;Ydynp(9tmw(pNQhi zbF-^*@J6`k_2fF!YmJKWxJQV%?VvUoTZknEV%Up!ZtkzH2!+u4TkHCkGD92aopMg_ zyW`C&UUzKXu)t^sHs8%Vy_AB^>gKDPL z7XvFQk8;WnQC-q?!dpdeb$>%^ttbcL`iiI?I4u6AZ zI7yae2nvi9XQ)&9u1vR71?!)xsi0AZ`~SA--O37F6G#>G)=i7LW#kX&ev*Lw3D7wP zB9mC5Nw^q2Ftx-Z5CNe}H3Evk4O_W^_W*1`by#?`^2e1#ZK|{MkqtQ@GwDck2QriG z2ynkR`#Xpq5X;Au6ffi)^%iLbEL5nLM&%ngUWIomte+V4$W&zi(y!#wM`DuQCFy6S z`Q({r;rDjlg&k!N2;+`o<$xYna-j$IC{(cp0-g%djmsif#k!mZGLyg3PaJ-pCL0o= zo0YcUy5^CwI=MYr0&g7iDYkGtUzvgTTTWr_cGf|;W|*=>oy`Y3saVahG5rf!%`yk{ z)Pw!2wf!6y#Vf%&HCA|+gA!fXhpzk91ljg-zMT?Xvag~`JB8HSNfR>D>MaNXMwU@h zt9VVc3QJ6=gi+-%2$w0d!~dc_{_xTKL*Y2S&#U)9XO=kES0x+CF>|H?qjU2HkX5_d zUKd#pTxiR8JTHW)-~GO>yJ#7u&9&+_>_0(ONDm1dy>j^kxJK#I;O`H?XHq+mOL0@6 zs2mN(1cfg$UFK-1H94>`KS8H0b1V_lC($Yr=fiZ3TvmoO8s!F4mp>*NO5VM0d#mJ_ zZI+OFNZQrk_P-~8u~N*|M^;=0BnP9;<&2rnPy_25L6Z;%GV26WA`Bo6(Vx-0JDb%- z=bxxW*YypL5f6@hvUj|Y)*F;!;tf%0IVi4e^xF7V&0|i1m;Yqt`zhd4M&fy<662Uo zj==guN(*uHSM@gUR1K{^3VxJKPW&$xVf;U5 zXuF-E8C+IZHxdv!nx*w|F=)mi_f${X`croGZ{p-=<|Ru5TK^KAzSTjzIIJ%UQ=W>7 z*Gf7HR=>DFlmd1J0lo;A?_Xu#05T0X(_Wu$0N6hI;K)ItjA>FNPC#F1A#hu!jkFh{ zFO99MNL(fM0I*VYra9p1d?Qy}dOJ#~>0#6r$f7b|w80)6ctrv>M+VSkO0X)!LHKp7 zM-}-Fn*dsexIFF=gHs3C3d~3=eeuKm}q1h8$?!gwRud9mq2*?}2 zxe3YFjk~F-t0i3L_lZve9y4F23F9T@{#MJR`BY~ty3yXWl4%{Sis9p0sO-tTJRl~U zxj-BpwU55tpSz_5XjVBxKm z7H)kzd@YA941N+gSnADxd31hlcFQP;JlDB0PHH8I0suisyZ$A{o3g2XUio)@iiT;tzSW7i)B8@j7Z3QdW&E)WM;tRSj9L~nh~(y^~_l=4emGzNNLc-S(80SsQEXQ4HVE&HvsTGJ+lB%|;KkT>TLL(;)4O z7l-Mx-s$Q7iQFcGL;9zH^n7QBL3E0GT<+kb0iUd9;p&(m-iAfJqF`~)%HRj)*#PCK z<LA z{~_L7^Da_(OI^~de1V}wc<3fgnVpdvJx0cL0~=H|d)-3L z_x|dD-lIM_E%Nf$2PXTh@mR5)Mw|pqtYbL?fd799@qR=P=g!~4@^R@xp?Y&mztZJVkdRJLV#WuAB^Lp!z)QtldJ*Z+oAZ2l*v<%BwsK zN))s24&GyJ4I>$MQcz1zN*ox|mxq1yyvfKTtjk0GB@;u2wCuDV54#2tY47$={Q4gR zyB@AxKk@o&%1Nr#vuWQVgn+7GC2pZ^-GUSbQTF^ z(F3sVGOp6}KPblPoh!wIw~?)>?>$Z0bjy!t!e(}(O%D=@?%v;|tTYJPuR7C#9~)y{ z1=z-!87(;OzZgW>QWIKG-rZ#Z^4~<84qsk?%p>^2hDjCa^&jC@v^-=RDsG!Ao33xb zd#%iUYUkold*x6y!7|&okWqvzvV%yD5+mf&Xc2_mc-4?b zjm)5wLCNJ2lrrNbkIjD1$hn&%4oz533)$0&GnXn`4|}W@djIZx3(5-B{0$v}4pQrX z4PM?1)eTrchv?)!{giUsx;|~}n>gPRlRn*k5oojlO8bY*Z$}lyZlt&W8(Q)(5bAgFX$AT zOpig+HlySmdGN6_`(Fu*acWVe5AT#?1q-O>rVa3%6mBXXU7cxik5=Nb%@@<4Oha8C zTxm7Wk2`nH-p=#;Rq%|`$Bw@`FZ{`9I`E>3C^C?LoQL7hOn(p@dAJ##5zPz$51Q|f7L?qf%Qe}Yq6iteo0{cl8x^Y z9y@VlR@C|B%XTnJXD8Xf6BMsQlpn;3g!Ma}8AItw67(#c^I>7ZKAQ7zGGDTsVNguX zOz?5BvyurlUOv{OyPHJDLDy-V3^-H2o}$h$W`V)v#Rxigv_3B^$f+T6>jnmL_gI}< zUVv7^tL{p@7p}F5Hk0@EyQ)cqj{tII%Sd2V9HtA{tVDo0MVQ(s8YIn7B3(&s$0J&^ zm2VDv;}2^7eu!9#gAAj`aSu$j^SV>Q&9a+5#OR>!udmlT)d!gAl+TaLmNrs_Mz$xk zQ+KmXREW=51}tdPb0-%Lnx3>ITZgkbV1#>g5M$ni?`7x$OCkU~e?+aZfT7ctanW%!4Fv&cKDrdbnpSLY6jj{k zli-9ilB)4l_yViP&E~t=W4+E$Z`sWThIcU>#E76DrO0&lixC}QIjyEuRU@Am`^ol; zmyC&cd8@>&%eD2)V-_N*UZ2emmv&dw9v3?xw3)KX@}5{i<>fS5KMWymrQs~}wkE-= z!@o;9a=7WJR>V<9m@-B2<%R{fZH1D$W;Vn!Wpsh$$L&bJUcC7FZ-$ak8303gj*!5f zfSKF|)+^7#j=)L)^+B*+qrLqA>(Y||cNYe?*N}09?D+?e+a8;g`Go!R;z7lwemVq5 z1{~2dFM>g)6_SfRfhmSn)+Qg2n9)662OGTi<%P%LcpqKJOaxSEj!x5GJZEkeUr;iryzyjcWh|QTQHD?h8 zKE+-Ek^R@Q0@Fpm!Ac$ZrqnwPjuIE~(7#emUudO7%UIPVxNg9?U#r0h(mi?i6eb(m zT-vg3&ORI#a3a&PHWvr;M%fB{aRZ&72!LD3f9E=JyOW#~MftMcUlBZDKhA4lGr?o8 z+Q7EE*dv)7nxp4q6`%tbW7@;dg78l|aA=V>KD;i)bD^#v8~`hB#s2xqFr?mUR={I$ zq0CzgcA|=TQ4S&+X`)d)8*lO=?Kc!!Iay!tXi_-_5aqh6xx?HV263rioq>7<;@IHm z0xUFRsg-$s0VKH0J`5&R^(Xr1J$&e?25nH}3r9)Zt$r5%P$m7Nf!0w$;~*izL5?tL>WT0{S79-v^_40?%GH(&5Gr=DQsOAXm_3KjZ;Lt-Ki0xgdMu2cbkIO{&( z4;TK^AMOPB!%Nfq9&dvp(Y7n)!a_>oS0xYheHOlDFSE;}KB?WT#N-m$b0mKTy^M-@^V0VtjGH3P^x`GOY6t4&bzT9e{_>xosKQp)}&! z4NROv){Ox)Q!3=!%bWHAXHDcs`f7PKZ(ndv)s^bd*rPA-@09{({_Hx!_Np?@0w=S& zpaG;-jstsx|BC53XD&^oHHPI2DOwoQKRvj9Nyju&2Rowm@bQ4GDOvV%^?>;aw+p|r zF5gW#-;0%H7)|pYz4xVR;Ju}QEn$*?2R5c)mxhWI3T$L>-`iW9ihVWij@?b1vELb5 zl>S2uO;0;ub>G%63A40?DyZt*rFk7x_;qAW?+ND0WqhVirYc$nKK4`GEJQ+MJO4_fvx3>j-q99>crdl_pf17{CP~O{m!3BImg- z;rUP4o{%q2qt>Zree;T#+Pl^ny^nk+8YKrmhC37)sei_g3|W*IuYxb&0xik2GZsz` z@=+}-F?9v8<$4G6;TOlswR-Nm)eV%b$K)*VpG_IqPkiscNBC<>*-=<&JI z`rD2|ZeN`<&u#zsZOlx15Ao5#2DJloqBBp&-opwgxMq^DCtGPC;~w27;{z;}sYcN) z^d|%_e@OqPn6xz5zWHVlW@Cm6V|-)e>Vrg&xdIKoHHWA+CqBAJJlr4eRG#Uq9<632 zu{b|dWyWu!T5l;H7qn)s5*G3%{w(jH^GVq^Zj}j>${`hjv#C|^cl{H`dY0QUUD`vt|F+^+YZ0QgqHjT!_c89Anrol5Y_pc;9|{v$nN@{v1%s3s$Ju9+=Plg1Q!j)u7tH0!0*z~#rsn`Pjh zc^MG?g5wX~NkfM8bbz<2=4}`DaoXkw6ywE;<;YzNSimmU2Wl~fl7^VhB=JF>!qGA5 zR^uPtJg%IKdL=AhZ6K+q96X&Q1S@F=31XNrm^WSzYZ_C@*n|LR(BZSsdVKTy3?`;s z&bFOQ(UIHl_t@pQ$!28WyOryIl5QltR~^wGN781O3%=C`f~zapBa~BhvG-2yLUQic zD0T%7KNv}U-8iBa&;@uMWOOSSK%Vm+-Jqw8SQx9t;xy0@q_&UQMGFGnGnY4FN zMxeoU+R?i0BKw`zyy~3+7g{;8+%Vvn^N}&(puuR0U)Rx&iV7P}J+oEsa?WY%BvpL{ z*6mTfCl93tTSFh`Yd1iNrovhlvq2i|^*-c7XH8!o_`YOR-f-lcCMxz8%FI|VrUvY2 zQCMBRGm1$WsICpb3=q<%*WMXlxZ5^xJF3c}{`!KqAttcauHjRLvbP_z&ruR{?6%Xu zx}g!UbNs*b#vM#nf38j;J8(iKT4}i>EFKN|gRShe~yquWJdk zNKbJ&-f}Nt@QVDro-6Yx3p9k4?WCcm7Jwqd_^82WRZQF>C^AfH6zVcWolCrMa*dMH zanSiuN?Yg5i5sz{_g8auHt#T+X=`M~Hv0(15E;10_5z>7}tp0iZmmi z)qG!E=g_(@D@pf$1|#9AViSqrd}C+@t6)e^_jLt$DH0BtF@@2xFwtLOO2T8e%>0Zh zhA;`Q-iWCoA#xQB3ZgBMRskPS!GFR8bXl_n7V3UbWrKSe-|+K<`(-tj_R{A*u=X?N zC?S&}7PPTugs`WGv`|(T-Ka4s$|pZm+VX7fgnw~3q2^8en^f?R(u*&Y-va_j1TZ8k zpcv=T$`_~laKd$HC+12DAj&;xjx{I=Y0EX>`;b(#-s?MK4^ zdh#l&QdVq6Qq3Ccs)vr75&@9Fsa=r3glyt@qM2m4ksIKFRAYYyY_UMKBB>3p5+(`| zzul+4mVw$cf2L0Dc#e*lKq7br9eIsAMj>twjP=I9Ya8Ba`dJ48;G!J{mF_K|SZUQ^ zEm90lKuwePYV*^as1GDN_=V3psoJ^u{b0>1LUpC!9v+L@`wAI-JYC^AK!nf*w3nqv z&*+$^s&GI7sQ8=r)hSXFPLxqi zB+l6Xup|Rr8`7sI$JAt<_jz%?w(>5>F1EZ38Dk#?RwDcSLHN~0z~VMv!ay3;e24DG zMZ$HbkVhsU{CV+#tG2D+%@{2n*K05KKNq}q^x&10>pMT2X{a{!2^=s?1HpbNjqUMoUVT(Gz7N z_PCQkUETqeJGN2tZF3ntu<%$~cqa!Kx{^BUqJR}O7hHfISwV4>FL1PPt+R~uDTgj) ziU{<|?`o=F2j2JY)~@1sY$}un497|QY!S~_zmP{8xXWNq*$dxvdmxvdn5Pedy=TM{ zAEXqg#9y%DJbYo_*r=5OKbA9W2&+TyZ$a|F@6+8PKEd9?FO((;LvDN6-5<2fooLLM zC`h_JrdswX_UdDWJ2lt`=~`_!L>|+jj8ii44QHqO@mn1^r)W{J1!L&nE2`uuyZQ$6 z7_fXoYh;Z6kvhgp+S-&!Jf?4NSH6AY6BAnFqlf zo3xb5yziN#3#`NDK~>g(0sM9@!Q@FP%xA25Y!EcwLcVUURRVKK39&<;&DkND+0a>`fHPK74aa|*6 z0J(AB7ji+~?xM!m`_1#VTBzH`PK)-KFe`jj^l&OpW4-_o$3wLO8}BdG{H`))@X$Nk zs)@(3w5?{+F;FYn%*x=Hg*%z~*4iX6(8&H{p;4{7)h#)^`DxBqkbGLk5}0WYdr5KJ zYAL%5tWY#Vtxc<#R*gUcSKQF><9bl$b%ph5 zGBOcYk@J@6w}3>qcebm?XV_g_;0?`hErXd@4r|%xXNu+KD8~@26HL;@v`u+3x^@$o zNh_C#8F7B>rE2rO(6WnQED9P#gydSS*@5N;CpRV_Q@eW+0L>JgbL0ynYD)dNzUCO3 z$LftEB-0>LZMl?u)>!_v-ayCKJXzPkeXQc<#64WuWnsM_bW$WVfEVEJRc$3|G7}VU zp({pCG|=*9EWiQ&doV9<4ZM_0-Fw($9IT=JGIN`A(`jed?G2i65?yLIM>n7Z<{btd zYcQZ(>6ubi)~>7iTvMAcXyo|UtXwYGrLWSp`ITtp2451W(j-ogSFu%H1o${8RgMgq z%9b(zGNJ+(arO26dsYtmH?wlPVc@NB%#2hOn;PODMy;u@Ys`c-cmJDV`N5q;90XCZ zkQv3&SZTX@Br4z%w)Pawf<1ZB!&$ITa;|%)r&B_?5__mbS#mG0ACf;zl684kBAT?9 zb%&-_MQ-#Pxm}L_f1uSoe?zO2zaCHI4J{$#2>k%^g*z#W!u>D;axTEghQ_z#M}17TlD=*|ehK#GdM z>StLnA}AKzozllK7)#zsus+YwhWULPv3H*;Cx7JH#h8maPDkFI)r-A9Lev?mWK=LE z7OHlq<;%O%az2*f;Cjh??svGNt3O^CwZAjV7rc+J@LHt}eDHwln&36Z;_s3^nqw=1 z7Is~@)x`mw(BGwHm46q3v+ah8El9=FdaA%y?z__&K+1-^N;7`XK1KUh1uj@X97%j$ zB*VY_;+1qM7NyTK}w?B)(6aTXaoS=s&WGT@QO`v~Y1b+OliokzP%ai!SMr10= z8$STk^0ES8TF#ak!YX!>-=vkYWC|S2UAZz2T18Hazq>+pd?p5xRrHFucRHdF2HBiv zSnr>U#mYELE~H~6hBal5jDy3JM%m)OoRo&k|KO;g=1lN@%Py{X4j;}mzAN=L#5GcM zVD=VaElIn9FkjFUvVaa%Bh*)!aXt;Cj@g$yNy4pXyWYsgU{niPFXjr99U2W-PlP)Ktds)VLio9VLeCzAB?vG z<&>6%HmO->#TP7>ES78LEFf$QOZ#-IN%*pj%i%E$;900;+`yqp@i-5@Xh62w)=!nX z+ftVMOJ4zqJM<}=<9O9FReJlp!6k;g1+R+ZM0eYM5^t^;548coW5woB&Z(6)QbZLn zD~)+fJRW8KnbzA!*1exNZHcZGk-k5O03)jsW}{;c&%d^s{Bqc_)_ZKy;*qL1*i#v4=_+V5x(9?tBc{;J@NAyJjWSw<91|{g>W>^LbF{8Cl z_H8^*XoJof0z2>O+5a8Yobtwk(#=r(i0MVi|ZEnfupdPJfNQ1Q2 zZOrJ@xt7?y$s5vAE-IUeyq`RCRJGTyW8uB>>Bm15P|WLa9mY#Kfub0VJqtId2Vy=l zwwkTBkL9Qhu_fp20&{)7n-%l`89^6&r@Z`j=3YaL+P&8&Z!GUWY}WV@Rgj0@AQYQ5 z2Hk8)tlUCdTQ9ocEk`~PhA?IIPL5>KM9F3X9g!4Z5aD!`v1i)*Zo9Zr6+~ZRs6jdS z($0&>`w9^M_%8naucf-r*c_o0F-(BQBVV+%9+qJ{W$@BTX_RG|_ck(*+$Y;wqocE# zV;()b<~@B?E<`c{xE!izZl*LAOu17p(0Ha+Sc)Vbz4LXO$SIPb!+emPRU-=U?ykf^ zdq0scXrNC^t}db@0FRSpG(twtJ=m8L!h7;t zzg6m#NCdQWLn6c@%}#f6@6VN`+nP=mmCY&|RZ1N*&s>gMV`Mae%|OC$xfY;s98?D*iXwy0d|jpKvvtpd|Z(kd4zW94-P^~ zZ*9E88$INiYYsw!-gq153zUj~Is+9F)dD4;u4mXY-sr2FNT&izx+XPuE3 z3_LPr{s(*S8PrtYulwt*f{KWMfPjEXQxQ<4sFbL55h5rxlBj@`7$Qvq1fn9n2?z)X z5s{)0xT&Eg(xr)X2{nm;NJ}VTNkZ-t>QjYy26^IC>zwEqRXR&v9rIW>V&#PS*?dlFzQBKWKfl^LV7`137@2HL(@*5He~ zjf$#FvTv<>bD&`5Y zlhNjAfVL`-u@wnxhVYWaF`;c4FNE2uAR&gsbn^NoL-{NVN?dhs(D_2uBY3%gFgd;R>s$mf4J;S=JpBD1Ze05k~{ zn0?)tJaue}eP=kV#UM`hMcg0bhUdaw&%ZsyACVq&y2?CD9!YL@F0To4IMA4u1mw~%1LO`pK_UR zwR@O7{Jr&S&41J*WRyH_uO)u{2@&CnVES71&WE;DAgiySBW=yyHkDNktCQvemaT0} z=bla&OEfmED|nY{jve1&n3n!QQc}xHz{|n%li12D)F6AfxuVwl?2%b>IO0N7$HNVu z8_|N^c}GbtNLzDFf@J6Wxt%dcL|URoz~fXIK9a)E?6Wltg>=Ruyk=C{I%Cm@IG_+z zc(vUO)J&fxzKN%gWFZ-uw7jioIfgDs4Lo8_FcipANf3?Ec9g^L21F__YGmIyB`(6B z(ePj`3@_Hc2q-dg1WR|}VKnGcedJ2cAZorY9Cj%iQeh@WaWbXeSJ+|GwP~@xu=gy} zXtyLP;KS;s?py7ye!uayVqTeVDMBjfL9 zbZPk#R@%l>Eqd2{bfp`J_?pJ~PI5zJJTj~6_?HOPdeKq2adYrJnZ~YJjiu3sUs{zZ zwURQScribSAQ%ld2W)9(aSj8!HAd2SA|7uYY4?i2G<#ZWN63MfV(klwkU7GE(vXsCJbV5)p!6nV8XN-gE+m8LAxb!z#@7h3 zHrJqzatx`BTJVMdf^3qGE@5G9K*1jNASyj)f3);fyVP%-#|*-JypA=kR0MltbVXt0 zep&bw3mU$yG2A$DzI~5!dnPC{xyHThI0F8rUW#-!y?iD^5vTYxo-Q&{xpD_Z?0hm1 zV`H0EhrcpAmQU#hZE^2@p1BoW`GB5hGl7>Mw+ywhu-dv)JF4&@e*(MGK{amEz1^lI z%`+Gx0X(NWR7LdG_0RMd1Qj|pXDx%p05!gsWo6X1qq|2NbV~tSo6KuWqlkd~Y1s1m zQt2{WJa-}|{QKi$E+(?FFR!h_Yw*%Kd|>>SnHJ}VII_6?c=UahnPGBsT}bV|Aqtd%m+ExKI) z;&j`oL$dm1qIHZ*Jp-gO*Bj-Jttm|A`DwnR)NeVAm>E%KK{?M8mhi>v*eq1o&`7#h z6Wo2Oc!nvn9&1T=302*z8ou5`mWDyb{r{6Gpb}+9-XkXnu@VOQ7U6 z(Ht67)ZAB@J9q)DK)F=ByrSZo-fY5t5Z3(OV#U%3S(C})1qzDtiAY97hqMTg{?Uzm z-zSH2F=Gpqu)=?sSlJnf<{fSlS2OCVFcRoJcJlc;XrMX4k*NXfOR@aGLNLu-$#h5~ zQx|Q@6bMttXh>$7eU{A-4L7r2K_%I_L_hiU;&Xq4$<@a_RUj62)~U6!kUW#+vFx86Xw#M@tn-BNkJ*KyD!k*yixFOhKR0qg~T zpWu5=UXs7Q8jB|>ms|%=(;d9L(F7{w8Cg;%h(6vI2Im2EX<5iNiJ+Tx5#bwnfr$yk zxVmcjefb7A=j(B6)pt-j$0fF1AgI-+sc>y3D?N9SbP7CapxaZkrE3sJFrhP}5q^uG z(Z1a_RTs?iJ#25oIu8}eepZ0Jo{by6YGXyMl@a9*Ar5g>Fflaah>#1M`^?!d$@GY? zp2l&NG7*6`_@ImKFV!#DPy84eWjbU!CV7?r5D791I9S&8feTLy4DLkcPEmAk1yLHS z*9W2G;E~Bn*EeAE-3_3z1QP3uLYgLn_A`cO#Ni?z&|V_Apv9u(=b+_#Z2sEyqdz$P zRZRf(m$O^<0iIsqp0XS6PcQ=wD+Cs}GC%|?ggF|qirT0i+7wt$*zNIs%szyn+*5YV z{aiPn4(ixTBiqL(UhWZG#8=EOS23V7wjI;LSf`;Xs5J21d}c?xWm}PR4kbNmk1{a! zd$```9Ty-2%JSNXjUeZwnf4n3m8z-7>EIcui7f$$vARh+Ijba9tjn;vo8RRse&wpt zy$f5EHclGf<8s2%a`CA&b0(3(L%%4daOqDiSN0bdRPp9Gtln*N*q$q)M)x%J@yz&@ zpNmtL8tv7!a*h61J5$XWrAxnRe?cM;!yS?!-) zC(uFDR)>qxL@x5k;R9`fGGQSnLqK-2A8|}2`EY{o)V_);SdDT% zEXs;0Y>PV`fcLx8Bk(HzNpe-NjZ7ri-w7J9RwaRXs&RzgX`tw8Kj$V%Y9xpGunPTl zLF?h7X+@AiRkp4^yt+E|j1Keh3wS`09M)h)%+Wusn^VFmE?L@qGF#_-!{Wj(4q@=i z^1>{+pey7u=o=NLhLlQ&GF3lifOq17VtRdehvUF(#cw~jmCJ8*u0Y+Vdn|=I{2}Zg z(&qrN60AQoMo+vdqGh`=FFc3(Yk5;^$p7wq=j#9)wC5>QGN)H<=2Mr^!byAZus`!w zT9X0ta>jYv!K{R9tP7I|ue{tKxac$SzAunLX*rZsSvD)LU^1;{bkj4$`Js)?Wkh*e zyFdi~fZnMI)pq=WX(04d9XCxOi#926GfAVS?u8okKvdp7>w&prauWfRVsfinuKcCR zP20sqbjDzQ-4AQC4i{oUALp-KJwr_55{e160Me0+P^#QZ&aKh+Ur!CMfKle~ZRxTA zjjZ1db13!OWBO;4kN02LeYo$u(lR==B7`rb2d)5C2f)FL$SOpZ4XASr9(~tWZJ<6 zl5oFouj;iRnZ09h#9|RDKR9ef729hgU-fd?#@e{1`GMMW{o!976mQm(wV%Z0l}6=y zp!%%2k9+y%aFPG$)QD}rF{%&G(Pre*a50rUVBezNaU>->P5J{*rb1r9k9Bj;w2I^U z9?phm6<+RqUazg+<7faWn_oujR)6pjSZZVn=6sz`<@YfBEvf3+<=V@cCZw?QO(q>f z?|m#!etNAWlS+=oxj+xu0if4NERqw%JP6$nWK5d{tG15l?JMIB*b`iZ8oa-0ewaOV zKH$!k$;*6(Ev*?FTA;76NO820po9)bbaH#hk%*`2YMCkh56<{W-;@icEBy|74z zAM%ha1pHiWGo=fNxp8-wGp?Khif%FU8n;#OkGCKX&HSH#8KKShs?FYrd>jS~fO9vg zi1DBq=};;UfD)~u9a~y$P<=;1EM}0K$cI7Av|(UsSytxWu*&;rw}SBH_bT$?Ch~FD ze|`J{%M4}Z06qkcCpZCIJrXiXmTb@kqfFB`D;Qhx;OfeIqkq1pJpP-Z7s?;RHC8Vi ze8&II@cTr0%8QD8+8@oy-oYuOgsfz-QH#I87*6_&MQU-yZS%x|7Gq&68=rx z!^>d$Yyi{@;+eGiNQ2?q`jXnW?$ToQwT**ga{sJ2JazW3T_^upak!MNvr|aghnc?# zbX2sGGzV5mCpzAa!_4keB{dvfmrg0vHV$3)*ncW}1w)xLq1&hRqT0UA7QOpFDLM3- z9oQkE7QPcuFmpwe&|JBXqKab`xofgv+KiyyxU@pTG0;o(?3)||SSVu^6#v>Al>JQA zyU9z415=IxV*NS(Rk*X7V`}eGFT6Q_%XHVlBI@cGojw}FJ>?;@AFISLYnLd9QO`@P zf*x|8lB~nusucXw{!sOTc#>{$7ih>mx4YdiIL@D`%EIov19>cFSQ8M;JYIr9w2+Tz zs0zS?Q-7|vRM&0vIunH_4b;>9VCd!jM_)hrr7Dr*v%~cCVV~9BC7y+LNm*{g3#((lZ#Yf zYI3;W_bA9FRxihO)i;sL`{MnS$U*|qfh%c@fxc!fL3`jin|4U7n*6Zw75;1w3^v~D zFW++ZGh2vC1?Ywp)- zb6u@Jox>cKp5CY|HUb?MGT>4*c6+9AHKswQZYxq%S;H(&V*??E#Pg`@dV8UTx;#;t zMnit$=Vts9>EnKLeW!}$t#93&xpaD6&o#fAJxTgLJXqn5>dj5}IlWL<1$t@z+I3?= zi+r{Ybf4|z2m<{~)%G+5KiJ=Pl4%^NV|cH;iWT|}6Ee5LnlPZssqQryIAMGeb^;~0 zC)Cy#KSpFlk8)+Fu*biWb^{|@ZIoa#1%!}OFg7dZHz-ntQ_iW~;wfVP@a_to;hx0j zZ1#=sVRvEceP2Q=B2q#Zp8%=&UPT-t9l;=5Z3dRLS57tzs+Ob~CpT_Vr$@(s%bwTcRIX<8a>%hnKT^ed<+FyPm=TirJXK^R1sr{zraO4W7Ui9%qxr&MYGo}4Ft0xJ z3_y^5;gkaKMuYe0ZnOU^S%rA^6ASLZ)tX(Q)|=4Haojb$(^|L&_R}? zxjh!3Jj~g!MfS=yJD94Zjgr2MJEEO8$EvdTH6( zL)EYb>c)sksk0mPLN&hNuGIMRh`3?7*t&4*lh20-AP=Nao24@Da4leKMutzHv7)UM z2elf0KkP|ZU0RikQ!ZJyz~A=<)1G+GmcZQQEYoWdVbik_mNk{heHmum$aGH8>A9Et?iki5?S0T}FK)C*DOeU`%W@2c zLsXD(4W@tVq!2VF5S}LAqZx9fVgypI3I=?~3!RdJ9VX|iY@Rti%S8V2zCU#A+AFpL zsuY|lj4bw-lvy-yfm1{%9%lw2=X%V8T~mNQ4gEYs4Sd`-ZuO@GbA0Sug5NJ*(e2FW zwk}Ke*Z23FwT|^{%(61L*Lg}V@<#(9P!U7~LYr|ySmU<~G6E-uAXG^PF6$@Uj4j+Zqun3^>sW(_!^swVL^B}Qd3FOVFdN zG&Q*Cr1HkkEwIe=zf5cX1JtbltvCN$Z~nL5{BOPazpX*?@95(H)|>yWH~(92-pK+v zG%|5EJ{~eW+hLQfji(n6olC<@i;G@c) zfWJ+}pF=vA!QQFrcMji)$>-OKrzQ*xe6W32X4)#_`h+?Ma7|Z1yCFIfS1l0NU_H}! zteeKK2OG!8j?CAZW^Yof!o}s?ow{z^Oe8tSzMkNG?kO(zCcCJ{$_VHQVGU~#aeBgJ zChs%99Tju!wmRu_Ii#20e&=jq;Ts2w@_Npj)~r|A<01z@z1i_U_2#XwewTC0$Mf-! z_31e{s5iSZZ<_#kGy_MKYQ>3EEi^!Q%DkKyqt`}M70RnKF3m!(NX8tKw^^Hu%G`fF z;2-G`?U}x%CR%9>UIfkE|1Ta{o}G_9e7gkjVVj2ZRO6~r@yvOeKn(W;DC6pi-5l5uD`S|a%yR3hDX!n(w5^`u z2Qd4?!!CD%VijbS*?+EHn4cXbrde+Vm6~Z2Jy9iE^=peI1p7yul~w+OX|5#&eI#kX z_BSVJ4^YvJ=igk0nkC!`HBYu0+z6N>!p6RwtX4afB5V@!Jz!$;S;;%dw=EVigWu|> z%ovh((Kx5?oWxMfOw3vxHnF|jBpI)`b+fFlo~OzBp2cpSx`c4o*ww8 z)||fBFSnc<&^r|0#hPCEPpSE~`A!PXgWriJn!`vi*~#Pt`_X#;Luv+r{N~rci0-$s zN2SWjxfw+2t3CBEE&M=|2CCj~4g9V#jFdI@_6N)t%8o6xCg|Ct)V_UL zgtopnE)#j!Hz$pzY-8D5VK{J-7%1>Ul3M978tGI)Vvu6oaU~vL&H;?Ci$$-S1y#ld zhu*16I`b}DvifCBs`!ai4ZgXe%buPBlnCkfmM?~ZQCN?uz1F8cHjsauU zCG~+-bK4P1_t{rHq&0_iPBM^9Vq_8Jjr8T2%vRjNjqXPD%~bFM_->TkBA`-er*=f# z;WCe&6*3D99#KJ%1sI{pAhzIkb9k8fM4IxxEWch}6EL{YyYj}8LlkZTO`SK$UH;F) zXV%+-v_M5q^%?x~px%WgrfOVe{c7ZeADSZr-!MkKw)X7(Q6*@+b}hiw35HR?EwO4w{Y|)E2+#>@-H9*NAAXK{JACkaj5^E5=q0 z8I%#?{|xxEwK0ouwses~TEI>WRdT%a)V8_`t8~_2{NbH_v95=X3K{LQ2KBft<~k^L z99iWGV$5bh05??B{ek{R48nrZJG345I_~*rmuj${X!+r-@mKf$BUAB1Uc$oq za3^XXrEkWC9NTcsFMuiAA*zXBME;PL>fhwor&>ItIgctYJ>WZ6m!0+zeoXWhvxW5} z-d$q@JCtQchr3w7vU*aGw8Bz05?e7JEbrM z1uKW{%l&p5mt(Y9Fy@z{AessH%pwKRq7B(Uq3=%P*QbdzZhok0e2qWbw=}{Uob1%z zo5+&mFO&86j=t#F*0C(iFm8j0G}xo)Qn%X$0cfktp~}_$`rt~)L!sL{IjhgbZwDDS znq<8X);SaF7_xHt=mEJ4oL^TUt&lN``KwIZPXsGEjVEy?rq`pxmeCh=e_+W^*+IM8 zO^%qnENVm>kx`&3CS8-55G6XtVY{C-eru>Ax}YHe3V-dYUzsx1MZ1*bvakGDErqGv z83h{WXq57D^hapcD8zX+dX;HP62!_x_tB~g)$@jkSjF|KZ`>Xe$-YFc3O~3r_cn8&1*%o>ott1+v}(kh}H$t5l|ZNrV%w&_hep@=KDj-#u03 z2k{i+nv2FqYSZ6hZi&6F-u$5hV_R_enGmo#0AsJ?!~A0kgyG?uw?z{I{@S&_u|lsD z`M&L7<#r6tJyh~@KaX8n-yOl$yl*8xwa2Xo2gxZUN%i+!C3#^3d-yW+~43VHf_3AKDzqzNWdw3~^^)89_JSUvpRQ?|?g+C=WY zrz=XMI*#nCA-&RP0VbW`fD^|2YLKOqBdP=W+bg+(<=mmNIwDH9mF&bFxL^^x?H!s~ z`0c>AwOhQ1XZT8x%N~}H|g%cYGh2ekd(<6?TSB#^ymM)rkr}2 zJ9zGy6TYX~C2nupo*sWMplW%mery{Sr0YA zs3#8Y945dgt_nb*St~50=>e#FE&$Up+ zkE=L;^V73UQ=yDAtGJH7!H-HO2GbR*hNs=ClQ%t9zn7vOHQ=u8WRcxek8%u2U|m?k zGq~DNgJWJ1sep+Ne-sA0} zro7=?GQoY#VG_1-b&+(&+R;03`4{7Rxr*zd7U_K6P2*PPCm4F_F+>DxT!&jE3wKbJZ3Ql>*CrG-ynQ zTwuhQpZi-u(~ne7#Wljar#<~eb+BLI7f)2jQI!0=4uO-o)8v+gk}Pa}pss!qx9$;} ztl>9z8_;K*-J)eD7Gvt|fjDX@4}jKpJ2j+ZO6x2MBU2tKe;+p%$!cutS-)f|^XOL1 zov6vK)4l#9RN=+YAw$qgh7r!jkUWeod1#r!kXO zCf$WDR>xE?fK>|uP3(lQjIB@8@o7_X1C?3&_7x)=_#?n=<50`m%7*8cbKIP(vggL+ z!|e*tuW!alw!Yv!)D2H&xUv#=UgKO>4{|K}^(4TYDb!z+{C>fPD~XWgT>82R0()o! zP(625@xih|hMow8=g`r8HH?p7w6 z&X4~&RmgU=x^8gMM);PFexcOt#G3MQWBtMz2X+OBleB=!x=DvGD?6)Q4J(tCgC-m+a*L~LMI+tC zbHv+|tzPwmvl4y!<9`Kbia*FA-B(jb3mrLrQQ5Cf zrVTw7^lADa$TPeM_|S3D4&FdrpK(Q523@~AnQf|^Cp6JGni4EF=9Fq-GsO4ynV9c@ z%xe*?N-SZHKv;dZRXGT^_9c2a_13R*Hi)(>i{qI_EOI&kWj)z>+Ym&LyA7UxLiS<0 z9heH?&Jv>$mH0!B6VrCbCXBegg6+;R$d?h`u@}IcVG#y8gKqDW23YG<+h-&JOo0Q_ zD0@&PhuWyvvZW=)>g8K{ZHkrGRO2JeQ#hL$*jsF#mDvnM5sPmggb^G80Q`d{VKjPBzrtsbl zKenn9?ntvrQ4Je|tJ8i&l=!@!#7+`P6`4Snl5`kwW~@dwNanPBoB$xLf#y5a9|~ce zJ|g68b;Ls#6=_U}y@XoxwTh5qd=4^85Vp-vy(_o~?#Uf|gCCVW9;{rYtIu}&9hJE`^T(X!17pL;6p zPJ_YlbeFX2r1ix;v$9$5ml4(xG{`3iC8(Wy8L*`GMeCjYs*V#@jqoeP+7nPl{!Gbjk=`+BfPry9Tydk(HF{bscLx(}j{_LvTvI>-B*F z=!Lbkc+zpKK7c4{d5bjzX;{?p#h6PgGv%YcwFHHvscWz2?xa{ppP#imB;7h{Mnyj@ zXhZzrw;KPIW5XCO){`18UeXXaeD`-hZECIZ_a2=hEux^{@#%|SYA&E;eOk+X@r+vn zk{B3GW;v9O7QtL>R|7(!sjR8}o3$%eu8kPf{cuwUyS1cbIdrB_?9C6?6>d)r zd?h^LXmGsKO>}Ait>E%)O!(K0{q0LkM+n&Zk+6qzqn|5>L9im2=;#KBOsl|Admwz? zj$skX^R`c&-;W!n@qRQlk~O^m8x%@7GjmgR&#Oh!agfbXp^RU4Dc}Tv*l*BHq?8Xp z4F}a5_bp+CT>@|=gz9vbSWV-)hF$82ewDqoH2pwicgT`fHYZA9eHuaie_G%Yjus7x)hwwU3`{c_WdXImmz$`(<)fj?H17~fyU%p6=BasQeiHjdra^YNQseJ{CO4~j;}yRaeRVlH5?aO zqv9t`IIlI>U=F`nO|~9fk)DCcS2VdIy?o}y{m&p2_gfNE=z2T6p<`Dxl#skiV+3T3WEedL*Rz z6f$$tK;iB4Gb{6PCC>30>DZA8$9RW2RRAe4rpOgdi*2w(7Xo>?Op%i3sUfmV#imBS zR$;KVK749!nyqR%1n-x4Xy*cJUc2!Ou3>n1Wmp>abAvd=UMjAu9C*^Nf>c!Vwj76X z2;;pQ1B+%;Ul!-5_i?*H5J+pNx1JRD%hZ)oQpd;6yeZrRz=*Z@nH0y@SoF(Mb1Y@I zlX%O%y@}7PvD$21(7cCh)&4!A5dtyw{I}aO>|XxN78`81=%<(aQ1)KAI4bF)T#)@M z&Hpe_C;m5@s4su9`KO6`p+GarbFi+lsung?Jt@=cUI5b^AGVZL2y%*ysPa&{k=--wu)5TQ-o9ln)wH4 ziqv|}J&38dW7@oWC{YmZOXi=v>meF)`$bysZ)I=ETjU?RTPS>iDZ{DA119T(~dMmnDoY8>PCL(7YMWnNc%o%?!K(@=bkep8zUU6x|2a&8Xm z_{|iRMk0iL$%imCz>_Vm5Fd1(y=fuXk89tU>o93AW$%bda(M1{3xZx+V404oYOR=lt#*+eC>)C|f(^EBp))6U@MYaO(z_514v0+hAz( zi1e}gOv}nUXODM3N=$b;==fXJ3=fRnR7#*I&Ll*KC}GOS+rh0umVuAd6L+6F645%c z&0p1C-u~IWS89Wm5SXZKvW>ZYtZrw*`?QdW)2~Segs!#J%gAhU_rjn_Nj7N|f# z-*gRLl$NAJ_W+|*a#Tr!2vfLeJ3qAeTZ&kQMO8s3(hps` zrv%8e_Ulsn^RxJ&{WH-Eq$8YzjX=SBq_oONh%5%#M3VeU*F)F_oqtykcUL&$E?0+uv$auvjme`ADS=YD zrAx}f`m{Lc?VVD+BjfHN!j*$7Rs0^KcZRE!>`yf&=DujBgk(MT_dF=Abtg&fr}&+4 zK3kKWNI&98LvS8unm+v$t1Qq`vs9v?Yi5&dT}LEWG$g54*H>K$4(m2OnjKuv|1+W5 zPo77{)&BoTtSj}vS0a`Yn8MaTEdevyHZAOHs;9gVcsK3*7;wGMj{BKx29$c{#G7s+ z{j-N1_Qms{N@qJGZr$g(z3g61Rt}zql^WHxY4c6Z5*_t|cg}ISaYfmCm~-a5B^UqLQa~!(w7X35Pu8c{T&QFDnF@x=MJCCQ~vR$Rtib9fC;1WOL5}DK`AOz{-%D_ zqfdez>OuRcM{h|ixxBP7Wx4#x-Od0-U*cfV1X!W<0JM=l{lD?L0@;ndgzpfo%O?2H zvQ+g4eIuQMmT%jL@e8TP3#s#=j+To$Wk*%+yDS^qO@q9EpYPW&i_w+X%LJv~$;JZK zXn3kwx44R8oZ|`8lwE4r@h5&0#k(#M1VZ8G7^R^`c^{`aH<=wTHdEIg4EjNMJ|%fR zUA@?GUQ2Ved;h^@ES69U?K0Lc1pAS!>5wBpvw&!C$+rd4Nk@&`p~^;4idp)6m9@QM z#vZTZ9$UOU>0O`4oqe{N6dDc!#a*d-*hJ3^vn67E*s@E2`kSewAXth<0JdFGDzm@$ z>}kWUS5|C(f}=X660MM&x#i52h8qmeHrruUfXt7WkMvI&t}TQ>`rRrUBtc@@Bz+}k zkGL`zXXi2U)=qHnD{V$cr%jzs{=`BY;#||LI;!Ver{i#L**9@UYVJg4^Gv)~yfGn= z7hJnIQp|^?G=jJvRCFOwEDBP-B3l<>PR#x({)mR*_MSty$0>%r$lO|uU5&mt%Y0^p z0H50gG(KYue`jwo9UbO*KNs@VfakOKNu+Eu^~Am2T-$yX`d^{NlUQ1$*AA&g={Ik8m)k@f1et# z`Ti*6FxGL1W9UWY*P^Y(GS$#Svj5vUW@ftFejnUghZBL zWvHdQ7ahV0u5-Z^W@Q6&88rS_!L9a>_D{+Vdh;A;nrpn+f|KFMOUf%kWb%g?ZQiLH~t$W7AMZ{Pvg4Cavc0X5?pjt=G$h$sFB;9-Y8Q zngd80U!2E?jOLZD_ZUR|UN~PLRtm&whR~@G8yQ;kysap8 zg5s@_N1Kg`t$IiMXNEjcswd*z9K@AfYpYG~r=A&~6P7h%p4{D{HVVt(*zBY=@PiH7 z{w4kL|yv~q%w(OsoXsoVA~&@df9mvb+vB4puhRaU(ap_8Fx*2 zP^Pw3gUmH%ZOxwK>x`2jeP(_kD~+|4Xyh;a-you$CBESDa2_#N6VQ4h7|EHfXur~< z?#pUFr6mWj5FanxqpzgS7pcsg#DiL0W0sYS$H;|OJ4DhS_L$WU%EN>bAciYQmTdOKUNC;izz)Y35}8moqTp}&ft06h%EG}RryLg)+S7{8w$_s9rq zNV@>a4Y`J_hgQ`2h}p#4b8?be)TdQBTu?Qt^30_d05}>LSm}VvG!h5KZx2DLb@mk{ zyST7F5!KrEy{|ZTj#>HOnz-Yq=T{FImxT1;t4Et4&k!N~D4QKZ0c4>UaImcgG#`P~JnT3j<*857b^GRTg(s`GVGl+2&HY>`J8JC; zxOKO8oYB zT%@;I@<0qja%R3ACKH2`Y_Oy)LY6L@E!5${u!_hJ!Ni_$y9tx^pQ0qA$33#50KsX*AyiUSK_ET?vRIIwz&;<+IV}M};*a;vB)pIoYp8=sURK$Rvscd? zFG8v9jr%@*zWjMW6izwm5`0@MG(5+^1du}n{1vx+b zNAQOq@qh0vT&SR!pJOc-zj%6m(9_y9Z~gk(eZ>SBCZXW@BOS{CcgB3HM1Ik`+`_UU z4T7|;-cJ{bnlmw)MwLBD+_kswa_E@oG64Kycc%=S*g20Eu# z>(-XN=UWgj$RZ(NhgyRyBZ!(7sbgOxUvXD2jY<#=S_})j5&p8{kBg7?y%KHTegCIY ze*a&)oWSn$@zyI-U_F%p7sOhYRw*m|)CRA#f?>|780%sDS~yx*CK^Xko!WQr0QB`C zA4jpJIA$_6tr;dGs!v~)1`-T29f%dg$^%-*TU0{vcb{VH*ii-IUeI9@L zEB9F7ik<>@gv>)aBNImS!ZNZ;qIG=?>|erdd~WzdkdKKqoQ9<-i_>o96uHrZ;q|ZEc2^OYq)RBaJp` z7Rp0@jT^)E=v>aU;}tYg8;b@JmaFvn81Bhw&M8J3$jdn9k$rBUHR29~1d{kZY)W2` z-1qXgHXuvs$swL@x_4Mj=_6Q`WzN>e41kPh3B{)xu1x%pJY)jO)X z25IEFdz3mgb5t38bYdL$1cIZ$Kr}(ckkV%dV*eSeuP=(b-uI7S{cpm+e+KK3Nb2fR z5Zjt#JJewQ4y(D7rQ=FK02k|~>ge?L}# zIOK0f*}c|bhW=X!b9g-x^L{hXRQoVQXs+K8K}dGjC2qk|MxsYN=EE_>X6bVbfhbiS zNqQ;Y&nqfr1vl>xsb@K~n;|ppdG92h+2xFWu)AoQpL>*J33SpRfIjyKM{|^8U9^)` z!0l#CCFpMUy{eg1OgmVC5*L4T&pB`~L|&`qB3-)`fE=zPNyWZ%U&ExDm@lz!@njf2 z-A|ipdUIU@diuQnxxAZkL~ z5!&95Y8H8Uf)*MzT&Y#k_$M~vm3DZJDbc!?*cJ86!&2mng*ZScA5l9#aPNBqfIOONO z!zi*)OjcRIyPv51MUW{Oy6P$aXTz;FLcSeM;mlQI1)>u-$_K1r9S+e;jX&ZO!Trg zL#vg$9~^%=Gy7Wk0yxGXfuHY(gYG=%6su>uu_XEE*} ze+*s@WG(nj^?6Q|PO)JMVHB?IqAOTVYLgB260Zc{{+5X^#g%bj*J5(_Y)gT9*3+E~9cw1N!=aL^z+A@|ci;pb zfgl2Rj;zbh2PZ#IN>Eft$Ikl)S>hYByjqrj3YUF{)x-6J#9K;`+7@X!QkGeV*!ru ztA4D0G*4J!VLJm2*B0l7XM=Fcl_=SsV)8>7imerp=Ff1l*vZEFc+vUzEPaBhm$32} zN>=4w*#pj1g1-u1Cta*5Jmz=#SGX_f5Vr?(Z`LwF#MTT*ir|-Nf}gE$&jIN|c_3YA zOU#m2&0!z0GP5)NiROROh0MWT4#YlzXB-y>ZwF2^L{^`wd)sPY#aC6>og`LWLrRqt z^cLz`geKpK*La$lpJJ`@##rvgbrPol!I);(8ieFi~jc2b01t_oE2Pu6Ke9EgoJd zVB6EmNXM|^Kns&-k8i>A=pDtRwNb(dM2gBItZL3(4`IW@GbAUu{XHLQUwO)kpYSiW z-g(`CX3Jvvc5-O|z7%T##0BL15IUD3_Khp~Ex5=^4c2+Q8Ix&$z`g9vqcd{cd*37b zL_RR~u;KtI#@WFR#Qu#w5u`2rC{v?7Ew}(EvIA79%N|TmWzl>0GmVE<3W#gt%T_d# zmDb39qfdfzi7|H@gWPv~`;68wriBybU%{MV&4cNH5{5aJrv z-U-#~Ka!PmetJM0|1Y(@m0sV83OU8$0WLFBJ80AGt4A?)eeAw@zT=7J=ZFK=ASv;u=m@wy)Ri&5gn1R3AJTrFE`Gw;#k?oi>saTW4)`%!50l)o~c(9*Oqa;TtEotD|abxEnAA9;WrLM|7-50D(gN(1w z=v6T-gmX50ME+05XUp!CHPWEL_kuYVFX?F7T2Q^Xe17D4D3P_P$}S z%M`+_d0MbxACpa0T;`|sMMJ8j-=^xFO>Sm(d^FC-Ag+yUUh=JxcbAoxlBhi3b;v`R ze&>1cfLeQ(R6n)&`>!XX=J3f9R==`M{Ys_t;9Oc;{!}n&Yt&+7Wwcj@7d%y$9>ZD# zWx))syG)QwjuW;2Ro0OMP&%wY(Wo}gK6~h#s84{}(-(=5SB*s1=PWELIQQ4BMWT|9JQYt%B*-b+f24kkkzJ-k9gJjDdh6!UPdk9%4gBdfT z>@#GHZ9eDS=X;qbDis4=lb=>+;qF4dB5K8@me0w=i~mM=e8?TKoMjv z>}6`7opL7SC!X80mh7l>=8i_xdH$?>N^k1Va`N5+Ux8oTD>QKDHeeJEA~a#^ok)Iz znq5K4p0?>1_d395H}ZkV=ph@WWnPyduOjMYuf~g6}!R62_YDNy#O=8kvu!J zu(MG+OGs~;?`^Q`?b&-s1nSu#PQd^KGMXttuTfMLSg?Xi)2~f1&rLfpTPaurf59uS z8ZJxCJnSg*wQ6!D2JP30BMck34iJkS=ywo@27xs67?I3xjT#}?5WT7h)q=(_y$Nq; z4%CUc!@e)g6Q9#~Ad?6I2#Ig65Fi#xS+-%EHHViF5)00pL%Yh641$F?NjV$0ii~aup?8upKObRi+E{Nb#D`jq{4MlKqNy z^}gu3NvH9kY8~vosKa*^eRVmZr|#xlNEv-&e5gHj|LUsUh7GXU_Q)S~Ua z>q+YmKSeaHHw^>|)IPkrw-FcM(qpUxaC0p4K9&2ia$u zrVP10!5hAu>lQ!v{+@}@va`-!F-{N;#nJ~NSsHL4q`F>TZtRJk6`?Z()H)^Kzd}dv zh&>z{`fiFD$*WJ2GqdSQy%?qVE!9Qd$_1zf`0yrxdGz&JUqryd`eKVYN+ZgeQoPr~ z*N_r+ZPIUiDjwdi4GfB--q)x5)Vww`R#rT1`BEJ-yxlw$`lJ^7aIjOOH>bNL-NF33C+JbJrH*z#z9_^17}@1zgL+%zkNP3U0lm`FZrv{uF*7zF^j-U{jVEMtaYr<# zZ93fVRIh)Fe=-DiYo1hvC;}kspJ~L&lCs`8wew4)B(GanRPMaZ_zLx&FB;7U>PX}! z1=`x0e3gno8wCK<-0rZEJ~*r|1tEyfmex9Xj%{BZ2;dOy_6%RWc}_iLGGw>{Aqc;N zqhHNouVH#nkJP=(TQ3}>4thWelG#?(4w6I;K2Gr0gM87wO$Se}#%m&lJbO!F81pY! zv%L&IsSzD0cJpShhhP`O>%q=-FI^=$G9K;$zm=<+aP%BNZU@k8R8@9ne5bw+RMo~p zEu&pTk$dCknq5JRENZGa(Wq&w5M`kE*;q7cUM+?Hv$~z}N_z9xCjahn+zpR>0&0Cz z1OQoYrttSYZZLfPWp?uc@mrSHukUR(I2JW$0!1W7Dn{0Y_L#a-OjS(g@WLP6HS;U8 zza-x{H2q~onkw3Vc2(4(r})t~U?kp^(X<&VD0bKA7dn<3#%n*K2{BM#&U8x3&>-+V zyqApAwCb&kx&7ko4PMRp90|a%Gre~X$p;I)N!Yy{RJ>49gav?8F<9-QMMAP>fxk&~ zU9-OZ)n3Jix70Oc_zgdC3QT~Kq=m5bE}%|Ct%|kZYbSozIy*t?rjd;sF-=jTAKg9- zyXP*^YecF1W)i9U8_u8Olie}Acq6D#$g`vCT4Mc{3h|bA&)Vkg?~Y9x6Lv^%`Y|V? zGyK*Gj!#M_(!Mo$pY`tUabC#K`8KLCk(~W?_Y||Z6jn6zk?7k7=5vHtzu&^x>xyfv z25`Y{H^1dM|E1a#&)9V|; z<|>oy<4#q1ZvT5l#r}(h<3H2a17CnGBkwq5#$y>gBL>uB3|fLRNB8Q=EFVi{|1rE} zDioviKK}!k%{^#S(7BT1@B0aDpsx@{1`|Vne3L0QO^&ipC&Z#-xH9Xrxc?Y7bJ?lc zkvF|X(*6;7Z8!B?=Z@rZC5VFT1jUjM1;khJ@1CM(&qb6t+h$#;lhS-1#JMl^f|$T{ zpXA3^pT0a}7bJ61Y7`Au-?<70(+ra8a$`yR=?RUzF`65%1N3fR#l#I=slAc*shT6j z`m6fe@b}Lpv`ttQuen39y>;1pAr4M9VR$J8(rnmD#XRBrL=h=y9w*9b1EcXB`1r=? zj{}Ey&yD!NEebBVj-tOloXar>O=XOqyOKo5Up-^*FRc@>?OrHPc>+B_ygLmy0zBoF2JnvOTCl zPqA()5mav2b09qlBrOE_#=?t`! z_c42%*xSX|J~!r+ymjdClCdi``^L}l*Dw!W;d?j*+OBt1_%+M~eRg_(EnWR1;vd7T zRVgX;45ZteT6+xz3(E+cnK=C9=2e-)eS>?Qu5y~Qz%YIGl}tEgd4xXa@ac{=YT7^P0Nbapt`Ex&xgB@0&WM9s zykqu)adhVo%B-mpXY+v2lNIHGbZpIqK*eL%synsST2GX|n`UDZ%DOG>A=HO=cz6f% z1?VU_@_(Y6a-L3K0i&1%oTV z4)*BHTSU7)gVblX;k`#MKE1ZYjqzdJG*wcsqv08n|6}%HYEzQ(0;o{=$?h_*_v042 zD1~0t8rNr1Gl-ZwRo${mzSS&y3QJ`70gzl^W7`BY3@3|`Jay7%V{5Z+4cnSLdM_rM zk|NjnV^hQQ$d$qje}P+54u)+Yv`HuL0oZpS41QWw%=`^A0xZb=j|uZd`EbFSlC#yR zdafUDVy0^IQ@@oH>SEZY44bI}IPa?&sivArUM3jE#(kpH0iuO4Uh zc%KH!py}T}&Rd^h9*h_!e%e3QU&LcLqqkSdG+Gpm-74?!8VZSJo|CRH>|Fe1v*~6w+pRogAm;-PldJEz- z%)b-F4HSgJR-;!cHWWrAC%<>UhG$(+9uus2h)$C^eAv+^RVbr~p0RX`jv!Fw42~jr z9C+h0iJn^9m3bbt;kL%UZz!#G6Uk}~`hW{pjGcT;%KK#%p?cgMcUCt@1nBfT$xM5s zuLZNYNzmo4@~SFk)|w2tCS5GcdNi-=Z2swJ*NI8P15t~SZlAaygSf*8A~B$FwY}Fe zJ_AzJP3N_*A6wBZ14j`R;;e~Ol6kmt#*NYXD<>2KWCTo{fL?r=^d{~HTw(`=7z7y8>F;)xn}6l|Dcl_ds%=2LrRt%D8ngUMgTb+y zBf|AHlUI_omR*E-HZE|Yq&t9fDshH#g*EJ~2DlZ&c1+WMiwYwZRuyI95KZ2#UVv&G)PZTZRcW}C+4QM1BwySHG$ zFmX&y3i7efwVg8gq2?qI!v$~>sw2j5T3Ic*99XsBzc9XsOtMTKGwSv$WZ-e)k&WpZ@+n5$!UZN8OlLHzaT5ZqF$(RNU1ncPf@@5t- z5S`Ri^QPZ%jkO#Jkcor0nNRa3AYBcfg9WiRWs3%atP@k7+9d9gpL#rN1C*&~;#`=C z1<+2TP!GK)XU2K`+QA&dv*4^xx*~{P;KrpQI9P*zKu51{dv1(PqjbdCuze2^ps#iP z1*t$mhU}TR5n!%$1xWkr`T)Rd9v!&g-q9J%P?jwA z3@6LuOehc$mfZQP`=Aw|?ox1gYK6nnssRHW{Ums`5?D#te z%Vo12t$Aq~x)SL)-7>k(OjY@3C{()>r%TgMoVnOtu`H8%A&=ENvLZY*==dt(YWEYy zVB4(h`yls1Q7xcq!K=JmzEr;9rIm3-RTG(x=j{XEeH(a#n4=1Olq~j&5n2{hMeuVZ z8{CO{VOO4gSI)Z8I6`;Ww&A7Gtgd$xcIq4J$A4#^oLOaK_2f$LBI&%=OgAqeM|~_L zBibd^@|cOi^MDIv!@E{NPHhmV25rCbf&)tEtN#RP89N1f`k#P5e!|LcDyVFrc)*!lXeZtphhj)IU??!m6)O ztQ3My)b!W&v$14(Y>IEO%SK%>NC8QD%PyfODC$Tw}2E5YoTNiD>@Loa!XvT;aLQ9M|tz%@c0eQGnYZ<1A?L z)4SFH7x8kTN?{YlAiJ`Q@!%2(9)l^7Nb|3WO88VtaX52&KDQ=l*|NfRp|L1&M`QO= zQ{5L|6{U^dc<^DenRK?FkGigUP5V_V;|l@sV<6bk6_I@|dH}jNQwa&gGp4<{{0h@Q0Ok+`-VF40LeS!OU`q=f~x>LFpO(Qknbj)!hrV zPa98YH96}P>IF8Z-3kg}#N$Y-%DZV>JD8-L8jA`M)xe5r5SKpJ?tSJ&IgsHN0XnK{ zPF=n-HnA+Cr7!ZOQuD~$=tp3+)PwGKCVRB`6JA^-T&9s3SNBQ~XUVXPYfPsdJy@GF zmiG7|T`%c1Wo!1saN+uM{i`X5Nb=+qAUU|*Uu&wm0c^(Hw_^+xHif)qs-A~<#MPBm z9ff7inB#_b@0P1;?<#Ux(_fnuCs4S7CBZo&CtZv4te>kSC zup74>0>Sr|)=n)n34-E=2A#DR^S!jcyG{&4>?dk_u@`qVfh~(FeWjRI){11)g_gqd zjjW*_Z6QE6n*#p*&7OijpOn`p*lHpgj5+sB+9*_dhLEE)%Lce%877Ux8_N0%=1@aR z9LCeVK2z%q-8A8VY}x)o(}R4M#j4&S4kLzh*>FIUU~3qywk^KOi^WYp*`EJ0Qr$mmAv9{A6 z2AVDoU)2n4f{BNIudB^;L&qrc%Y`2cx}%hL04f{$HdXuRSLXd4Uc@j`7^mh9-miO_ zhOzP$@T^`XlmpHK{g=8m%nzo*CNbanU)Y>hRPwD$QjBLh(UYmj7CrC9cKnfDui!V{ zHYjd4t^DG%=8;dkB@;^IwM{;BzWGOO!705GX3mIUc1-h1FM)U@w_kNlp}Q5{zZ&dAUc(=E)J2Lx;MALKzK|5K8Num00b!Kt3+Qap;Os> z+9Xn6c)@~dA*{E(@f3~n7>Y)LMUL$MM3U zkHbC~3CihA7z-E)&=Usq6sAv+_xcD$mB>3I@>Dmp0&YnY zNu2vqw;bl-WO92DN=2tV94=o|(*H{z+sF5-Zn7!%;&X5_$)}&e@kKeuZZo*);>1>?LvQoOk;kEv&HoUK3`M#~Z1m(-vIrS=fOv6Ky*p)nN1Dk?toakZ0DC0x6hYxavG*Q8P3pvVkAOW@lN`Xw>U^p~&V(OAe>PksY zaUBBXewEZmF{P#F+1L(Qz15v8%R-a-`(fI`ZRC6edYgp-QyKHrR!-t?Cm&9tJeP-^?>MmWmwFd(&1$Dg0ojkjBm3^ImWWP1Wz|A+-fEyvK z)j)Ofo!RVIjbfb%z(lmMWSBM{Tssw_pM0hptnt-pT)hu(yG|fXCM(ubCLwrq@)DVD z(ghY=M#xSv+swYe{UCX-;D&FQH#)7ZVfT5bK74Z#I zW%?v;&IdrH7}s+{ZT5l@IyjU=e(wyx+Jywa8CA*KL*ZmKLL}E(Dok-4c*WvwNr+tR zg*D`pUWu~z4~47`PV;#~lD{@FI_r{eWiB!-n6JfuEVWsC>9W5&Rih~Ix%FY&4)*H2 z%v6GG*^}dhVH{|$8Se@@2%}&j)42k0hx(`)s&=IAWvyh@$R~fYr4E}77uI-+Q}u3L zU32%nAlfF5dWNvwTuI`M0%N+CngEKbGiTIrC+OJ3P1MX zb<+qR$%zQ{42KAS%F2$tU1mmkEu?Fj=^MS`p>tcrvvu;h;WvSWo&(Fhr=>1e6~NVY zY!Tf$KFJW5pfGCW$PBGBxuClW0%q4x6_E4$+WaN;{Lek}TUryv0xb$eTa6d5a^$S- z!~uNHk;2o0r#d%{y9%L1!UL zJ~JxvDMEADrq$esbOr+STuilU-2LP5^QqN@us=*WPR~InIb<~xX9l8>0{X({ ztI@>o(JHHG=IRnOU|Ak=K}FehAmdT|82~j4fj&B#U3_qw@Bz`?$R3T5hkJ}6#1_CJ z&;lm71OR4!&Frk2Sv}^ZFWrP0j^C=s2s1VtpC$D9J{G?w6J=+7K=xdDIpmYR4veu% zwd{bpw6A-OF|?=@s7A9^|GYx9Wi`eqoH%xYFFoZ%`1u*0BRnF3H~epSe9j06_<hM+ZYx$0ZoK zKq$e|D6NZn40u0~zz^y31n9D0o3@T+_>!jLt#9g0azj&2vX^RB)|^tsEMKnemvYL7 z)FT1S$0hN`VwbZdF0IR1oVMD|t!;*Hh`&rrj2!mNM2koVjHaV`-(9Ksnz|NzE+grx zRos{Qq0i>8N6er=Yi31={3>4k+QjK=P$PWP_HY?kZfd*IvXxvdvdllD%-){-26o_X zR)@Y2q5NmF1ErA}ddrtDf3i(uut)h&_2ILqHPoT@I1xXK0=3y)wHvmY)06oJp9X9G%mB0^?}4wq?U^DSxktQm z`4Hz|L6*!c-YA(^0P9^e+3n_AIPr?anaj+)qH1M4G5ksF?u%!b9&de#y(XL>(Odcy zO{fz^6JiFrz&8L4zI!K6-!uiqF2FEP^<{Bcg5JNLQN%0B1yUUzKV z@>&}u-zndA!URG2od7J)c7^`jMva+?Lp}Wa-)`>@X=AAGz1MUK*=Z$$mkQ};z5^<% zEM^2ff!x2q>*uBPVr#HV>4DT>t3WnbU*@04w!0u8aqX+ji>7w|#Y zsRHdrB4ApoN#Q(8^fgw|r@F6*=(v~P(+FO^%?MEOmq{MD^r@mrA-c4NJY}&xRfIE7 zpV%4LvVX9MU~Ji|{K=M(Vez2K2dcZ-imb&fADSUcdILG%oHWHwdqS*+`tdQWUIFvL z%G~zHPOA3$n_s?Q$LAMc-cRD;6)OIxii@`}o^r#pkpPKYxyowz!QQju#Edi7_~nE4N18Rittu`gZcLP# zH3!{jk#bx0tgIUAM(389VTvIRf!L-te67v01QiJ2UO*njD$ove5{u(B?z)e`wTofa zYoR-bxJs{&0p`5poTn}VnG8}Lw`s{AbCW=Py1{_r@)3C$d$)p_Yp%|1-j-<+?c?LS ztee5#J2%l8Wy-j4bmAq{B_g6D)bis1@$s}s3z=z&6NdQ(EE}}o@fD+%bks7uuYa}MV^!_A+~U0n16)qQV+-UcqST{R|`kEIXmUz=%X zh#O_+R49B@JxaD)&|(apK?gM+>LY)B>xs>B3%7N1znj?2_UTd;IwNDoXTU8?X=9;@ zleCGg*!KF4TeL(K_c?3O3=$C%%*@3WFuyLS)KjM~_EvDgqCFgivEF&1vkJIX9P<^q zp1t^(#8Elil3UB0ggB1qCn@X|=$@|f#8^x7jg|l0^KDzyn7N(k6JzURrOunKByTyD zUGrL~!S$%2Fl!7c_N0o)&WNNdbo2@687?)Vzi^ z<4E1d`>@ZPIkr(#5|M?*7OQT)&YooC3c1hMeKb?8o7Y09=vI$?#<&fjUWUE13&!!%RHKY@q(8SuCo4zHW8Pp6E-kn(b+LxNZC=+xbf0%%HXTIoLqV?gc7{eQ^_ajP4T= zT)2=49YGP3vP$f+BEq$@La>6wkFEjtE?cvOpM``1yU6`4ZTJ;hQa)f`X4{pdTQ|J< zu@)RskI83-%q{eH(|E><5|0```bdeHPPYGnhg8J?o*>0tUo3sKwZfxagy=N)y10E9 zmSr5(x!4~*q!=WB-ly_T)LKN;y88MH6EWqz*DPfih|(1spvnz*9n!S8{n7c%FrtOJ ztZL#aVkv$tgU@1LN_hF;z%f^~<4az*k6$Q_ER+g0P_`lCddD`a1^tss;AkImhz*#g zA#3?{o$(>9>m2-SGQ*CUK$1_s?sUzPr|Q`%YZB%5`N6lAZ(HFfrr)Lc47G_32*v;H z6<|_d5HS^Ur;*&=LJv9rGYc6bUYT3sK(^gg|FUZ%{hFbwqZqoccu_(I;)coXHL-I^ zRjutx?CCFBjWB@tMk(&xfDsts%x60$a0@4!JG3lMoHX4g5+O8i@5c1fpm==OtSG8F zsD<>nn&`s!Y3{CLbqvi4ue{7~zyv|wG3FbC5p8Ev>XLi5lo~n6giC^f=

2$OL_moB$!1%9+%|5Eej$j{m%fp8A|)-Sh0l_(Y*^{oB(z9*l1* zUJdyf;#Oq&X;RBH6lD0N|3ogHcJ!Pnk=TQ-n^d z@Qvi&eeBy3{r=#%I5q6eV-A{(8Z47t0?A~ zUfFGP>eMPurj7f=bWo&060T{;4|-3GKkd{_ba1A7dl6f^Jru$`b-L@8l%N*GP&A_^ zV{v0fTyxLSjpgC9lf>=#-12~nhHF}!(EgTk^v{FxeaL=!YVU5dp79>T1??}DFMV`j zE7KdpTp#g%h$dz9DF6Pd6lqj4a`o8d?j<}y#K(%lNp8G6P9egl)H3+1>GvrRw|}G` z>5nyXh@kQ99xA4=evI_@+ym16@914bZ7wPj^U!U^VH$d7Vm9d{MXjLs2qH?n>2YNC z9*UQLzHU_i4bvPY;*-QTy>)z{9UW9C2*!8isjQtxJut@Srf&C|@D1HVs(v{(}_ z-D6cNlU-GpH;s=ZMc6HLYMlei(#xH@7}KBmWd2ZOyPdCHbwqBLny9h#r!cJ`1PtHdJo#&iS@eU=7%;$d5=4 z*YeH0c{)2+`;@o;o!hrtnxbF-{Me=|wX4QmLvfej-3V zMQ7&hK)^VTt82#R_4@&-p_P<2el7ZpRswS$Ko3E3l5L<4%xph{HR?Mz_07MnQM|CI zg-=uGAy~za;N`!Xd|pZ>j@Vhh6%=22$_4m67PmZ??y*gcoy`E9Z}Ac;Htf!!Or z@E7C7-2ACJ|9S={?X0;DxUqT%H4248CRIPr-AI~%m6*Q%w8uh_GQWX$NZ}Xp)|{$Y zR4fDF2qgjvxzwJ-j<=HKQes-j`Df*Ujg9H5gWDt~)!j*7K# zl{NU!K;77xUL`tA>A+3a8asJ!)sCMOn^m+=>>11ApDlCsT!zE7K1N91J8J$Pa__6G zB=uD1g%uCGt{Fw*l;%TyzwCGX>mg~9{{RD2M}oZWB$e(MHtoD((GgxMdiUbRE^EHY zouJ|08Y*D}KHX#?q{;(MZXvzvly`QGe7|;%59C*!FRa`*m{S<^Zt{O8xCdIz4>S_+ zTXS`R4~b(Rn+K zVJjE7wETcT-R$k)k}BUL|6~oJln;`xra~we_wosvF&2}_ILYGO>17s%_;Vq(vUvA) zTobja%*2w^>x^xtNxIOWOZW{XO0jcV_gC+mly$#|IyaGOiA6=_SK;Sd`>(p9r|+Y* z=;~JmzVNdHbf5+1IZRf6l71ia=B^x3!~ss!X_;EZLB0l*eVQ zUV%1ey(0j9tc$nkWaM14n{!i8W2QJ)x|Jz>n_kP3kGx@kHk?h0-4EvZx}c*5Xe6OS zIqQ6yS5|>1Zt_^}hytgcr8Y&FP~jA46z}b{1&$SjMSUW3HoxzitjQa%wnXjOexCO^ zH8saV8B2gCYD?8h5-nW%&fl7z%ofGuS1~azfX4r#!EeTl7A#H z*Yj{~ll>Oc8k(JPs?ZWJD=XltUB-=?8dmre?qvohC5}Ua9L3C4#Ll#+BLpZ5LGZGL zke?!@dx5aCx_2GiP4?JJq+4?4(4+!DF_Ydt{o@j@WPG>{0#K4gU53v{c) zRF0aU$D<=e`a(&DY|8&^4QohMGB1}Q?5uS#OP-Y>!9BKRVgjGg%Kh?n_=|hz8qa57 zljrZq%`V_odYP-PZVVQ*qdOfQkjTY#!By)wR&66rLn?|-7);R}asClAS zraIzG;?;RFj{DqphxL!);Zv&f3SE9cjx~>3LH;kJ;o^`9Y9=y zcoly1qBSVsNq%u4m3y$bkv%pJRdH5z@J5#wQ2V<0$zs;2Qnx96mnwtQHce+So7jLw ziyL%jR(mBPCH)G~ycycTeb{uhcxdz&B!5{Fm=$>dl}9T7I^VvbQ8ar!Roemn5=OQg zXy-Srn3TQ!@PaDJFz<3>qeoq4_=qQd$P#0)AH71#kM0Shz#;+N+Bxi8Zlv!FtP|0mUWY?t#Z0x@Ypcnp-7(4} z-im&PKV4y?X3A_T?knKuyv-zT$##(%5-!sq85+0eXY?D)jswcfPHlsQRn9je@M=k& zrx8KH;EKt67d+m85e>i)3ZpeO{0m}J;{7#f8-e1FM+!5*s7r}KFn<95lWZZWrZ`ydKB;fVePx4+5Z23DXOX{YR{T&tyYa1rOT?KrS?c$ zTNekL7|KU-%Si>t?v)y+L(vJJ`(lj#Wu7Ag}(C{X94NR@DE=j_d!&Ysv{>K?g5Y zfz|ptM*W;WWtTf_BfLUYhww;-##uQtJK=L3=cBEr5bHj7mtmpBfR9?&EX58`iSZ(T z6n9lRH-5nH;~=)3%K3h&VI@mWO|h?2WaQ2wLhPwuz5fM3Kuq%Q{!-v*qvb)&^Td#o z?)296Rw!~{N?NAC|6BbzraE=uPI4^&P1K@}A6elqg_Qroi!tOT5kwkwA}X%5%3y)~ zWG3sWS{}%|>CwJKE5-B)I!LEw-skJg!`!v+8L2ap?`yd8vl4ZER)W}I%2+gg08fua zN zc>&?fvy$B%-ljW2pzYBl2s@c9Z=0&U>D3mcf{u(E>+s3a7O0R9vrp$_vN~&y;W3qe zkVLB!d4hOo+Z|X8&O0t|+iz_R$hIv*LuB+?eq!rFxXOZ4r{z*ySKmhF!8C1oT1K&( zHur7+Qiv@9^RL;t*MBMUeNsl8+pnqG=Wd&x0{M#=?>>`B^_2tiykWZ1p6}?sh{+Yw zX|m}~;61qJ_zFTrMu3<*t|aP<5uA2?E*IaE+0TT!%hG)$f&j~vbMSAA%!OVB;sx zi5$y~ixRLS2H%bPsUyzBn7BtO>~T^i0FvXBoOKbGlsfPL+*cO|2F|p_Y6T@AjEhBF z7c~9gz#-L{hZCj3qO}$N zW6Y~lEC~!M?6NTTZpZDPehK&|nHeBBFf37SHtkie=rK-oT^ff)>-M+TOe<(WRd3%6 zS-qk1e!Iu7Ek-Px;L)AFn2f8uFb8z<@WF$F6VNydZp6|&CtL@P%JA`iFQFV}|1xr| zcbt)upr>fmG6r34o7mf^YDKz>C@PH0z0>Tv~uMf-eIlskJ@k5TfL^Y*gt?^^q{_>ISYp#HJDtf z4>#vR(12Ca>>ub~V|RE%`_8~`oy-OEJH(mBwa8#~_QjOJ7&uBKzt8z192IqqHH?z^ zQ_}fD`Ut+V8_Eu2mxv@O;sPAI2n$yy#8STLy%iM}WWUrUVs~^@yhFYPn=zQ#_nHTB zY)_*x2bcEhZg?q;uVWujNFpvS{GhR+yH8ti@2qA+%=F{i0O~doyiczTGh81S_(QE) z+6i76dIg)vbY6w;kL43((Y=WBg}9_^&`U$MKA%bVB?bX?WSrsg8LluG;_h?5r!FhI zxDRrr`mV_3X&>pq_g`*E4s|oGW*zly{=e6&AwVT%SA}Bd%Qd&35)vZiP??&bTAN|V z5(8F@4#H<}aJl)N@7pXr2P|xUa7mr$*q&6RxN#n6>6f8S)$-hPG^U*iWHc$FC$2wT zjxq5~NPb%`oA!#Xld8kE?^*h zZ2e;j8hkpwGy^sh_ACSJcb(EwCUqt8pR4`qx#aN?~evf%Bae_;|!viVG;o9 zK!Oi{>*O$=WZ6@RF>z);+{wL{JExdx^}$_ypxt?qLq3p!xUWm}z^6T)@q%2Ox2mfl zta31{*LGUErT$vie&V57E=UzDwmSO4Mka_r)x%vGxl4NJkJGa`v_a0VZl!UIw@z9H z?#=1Cat`z|vDG;eCUE-MOvzvZeUHh{eP`7MuhNg!Lp`6r3lzW6xj!IQ72+NecT^1` z(i;$V$F`i+{q*K_kte0>we3{ItP@Lod^5ITML8m}PN%&JvYcdMwh{hPkZ)NCn|WvC z-mZ1(zguSx`9Qdc*p`RIo2T)`IE;_sq}+kU$ljr0x;Z4OLrl>@l->$$avA zZT1L5+uBey`|fDE&i9c++T=YwN0=#2F-Dc1tvis1pjLw=?p<vuYN9K@yyF4{h6+O3Q^+J?CPq4u%(sQhKq!|f{tyAGA>s|%IXS)t<?M)OXFPq{^IcVfyEoHSw{%ioV%h;|&6r zFffOiV^3hv(z-vYbiNwhk)3VmGJMi2!@p&rHSn#+9hTujwYJ!RDKR?;T%< zB;rg~Wwd89s*3tRv-#KJfwbbscm-(UvcwMQ~j_N8&Ai_qBTygC%w0BWx zT5c}-v*Zzjg)cTBUv^LH9pfcxJFg2L^U7y}whze_BEPGC!W_+ktp=G}YB~oUScQ7!~BU3kQ1;j^8b zOv$+-T;J9-4h>X=arAjB9<*hyFbKg+pSOiUKDmG)Qpq)6eJ=IBzV-q7O7*A5VjFx~ zO&r$Ot;}m7U5Xp_Fd75QjV3DPxeAbap>&aR(Q$dfeb+GlIMW!CasI;su+6RMqc~|y zN={Y#q(j!F!D8cEu{{qd5^vw5jy8O%_m{%LVo93Z6s@ScNg}Nu{lewDe#%f2e-4400Xw%SqCV8hyM&RQX=j|U<=WkZ1$!xQ!}yk% z3rsiug^S9zQ;l`9#T`el$DwWMEH6<%N9|*ph%SruyWyK@>aI#Nq9b@EeSAC+I5k?; z&#c!VYZ8CyNTwa{7h7tnI$ssjG_!bcaO?fM7iPvm;iprT;bbA0rAeEEt^|Y0^p>}= zfs- zyUuQ-T;u};bpgJP;{57Fnq{q`)a8y%OXZx3&CQ^kx8|edBA&Zlxpf=~8Nu z5<$458m85$#>7hW>+RgKZ)OFjd$(UKW-mbrB^`7L=ZlHjKchNy6sv8a#H&Gh;CBg% zQS5&yo`q};l&21=#07Rv1^Swc98NnM=PkoCj$L<~ngqB=>a7h#mE|~DDaTF^(656n z51aWu9Oh=ad=k!y5R?5SF|N~&5Nj8`p>{1G&4L(2pzoqGnyB3cy^QV!i%!W1*MtX& zy&D%yH>@g!ynR2^*wLr@VyR)tBQ*wFfplMy5TLiLPw_1S$rd!B!6rrzcIMFSPCCyX zMscD+N`kf`4$~?4pzhO|_)1ki$BWrAkr2f{^}A)}`F3Avro^0|xOSi}OZZ(#J0@*6sQC!oUSFU15&-X``>{T60t zuQ22>kE;HQSVPH3?RzSK0-1j~(ckDz)JBSM9JdZ{*vl7)Zaf9wu$LMi;4e=E=~?oq zs51>;sB%Lmg#X^&eCJ0#hVk_uV}RhL7FL2KidYALL(IhJiD&Vsr)}XnLDioAmRG;= zvWlT#i7J(gT-0k1irBmp^LN>QZiD9f`c7sH&F42w?z%khwa?bIcIaNR{KjP~h0I*< ztMyvU<0Dx0g^~HTvu@X>?{)H+NnTHUbb`*xfxd>UGiOWcxeHx~d(`sHZg5tt=n+j7 zBS;zwl^z6%F0@Iq>!=VhRChYJvGp_O)n_J2{nDzv)N$340s8ANh9C3g3$Unh5KW(q zd)>d)XN)JEEICyJr$ae{TTPSl2tt38M}fmu`uvCHC+c_C6-)u|1{*D5fi87sofUeS zD?GZeI{)3mpLzjMzSbYFp33=L!HJvnvV|u0z1P9j%kRH$Q^Jp=eOua6mUAmi57C{6 z9nm|xmfK3z>WDUJ+dmQK^nQ?k)gy$#yI#@cDgeRIen>VOuc(Bp1c^@P6$37kkNIM6 zozUG0bG5UNtCxJMV}iDLbhT=A3+AKmUl}XF;m|nKq87MRxHb0B*8``*7QL?fwfAbW z+`Lu2rd!`@Y<>DWB9wnTh{(7UxRfY$MBc~kkoSom(RkV)e_9~;(e6bN%X3-!Qn7l= z8+-C+^u~YI?2<>#3rrG%51@0+^;_5@16t58vLJG-s9`+6<;zzcDKCHBnAa`Kt_|@f zQTI>op_T5jEx@JX0e+HrH|TPv(X)x8ObyBW8tbR05@zDJ^(~&T_IC=-zKt8A?C6k3 zZG#vc#^uZJYA1m3dj-Wd(ssI1Cc-p%{83U9Y{(In{Ia|pL4uxZ*y1_E@%fiP!Giwx zzovUu&Cs(Ir4EKC@HbB^O;~Vi(O116S+~9J6Kc%90#}}aTZ8XU#j<}l>k>ztG!^DR zi{^blji!n=BmqVwvy3|)v8IJ^IKC~XL?_qf`F0y0pz9Ovvak;=Kt_9RM+qS$?96TB z*&3v0lYtk=X4CK_dQzN ze~9M@maLOfF`SmGtfMdewg1NQ#v;zx>w{IZq`i@|=!vgy()T`upTWOg?5w4aCza=T zH+GJ|Ut!68r>5cZ`}EFDYxTuSn$3+_dpCC{HT#(V+|Bi(AZ<;prw3+xm4YnIX6N;M z{XK-bXj+>%5T>?a#xDi{nKz$@P4n4Z;ydj?5tv8!iC?5wb1yPwVF-8(a3E(aZWaN@=OSNY55JbipIcX>lTa*Ic{q8acQ>|>{{6V6d zOH*m`*lh1i+a+RGmtVm7+Em;Z!sfF4Zwv2IXaD=@$#D~1)RiI+`02bTSSUM6Y?y(( z+8};sQzTiSD#F-OR(0D<211^tw0n+v3mUP<2r&$Puv<~(KH62=Q>PyFDwzdnG}4)_ z5NSc{r%T;Pq=WWaSe`w5=ySvyYpaTx(2&4a4gDK!)J{H0M9aPtcd#G-$J6$Rweg+l zlWuQ?yQrIuNQc-y$^NZEx#Uzz?f!w0TgK59Y`NF ztySW^h_(+qpWNWHogSC&x|?P*|qk1|Bnlt`El-Y2+g6E3k|&NO5^9%yxX-x z(u9oJ-(B8b*KrcLn;SeJ8A_ELJnZN5ezj_xd;`uqz7LQZhkdb8VbkR$3RSLBQeV%s zlOWS;3tHFXbor|8Ug>|dcfBeT8+UQy#}YeJx5Pe=lX826ZNrAM4P9?52z^bn4m$BP&#^tN< zxNcs$qAg!$5oa7wQM;epo_Zp>t-ojh%0O16B1u$ViQCI3c$)%Tv!zU^!l`;VM4qnf zZOgMUmsN=QQ{gDPrrUS<+A)F%H;GuH0iLYRJP!h!ri&Hf!2UY8n!2C0ULNk>thEu! zIXB8s-1+(=FI~^R+Ip|;dO{R}XowL#YBvd{@xOyufdFaa-EaQZUNWwA$aD-Y%;M_0 z9VLeM^OW}=-_>CAe{-QRzR(jxdV@041HEV3&_2Z$dY-1|>ZAIL{&Q`#6Q0B1m6#Zt3-kEI%T~lLp_Q?_)b7;YLcW#?Z@t7gmQ-22J zYu9hT+Y?UgEr_4}9By~r=j!YTzBkl)85%>2V>^kfssYhl{qw&Rx&f!;r^^{FwPesVIa6K1cd6qq#l=}zX%CC_cJm58 zD~ig+Z)osoc1;e&ll&mwiUF3DFKzzZzh5tB)6J1*p2MEN9MBt`Gw76Z#HJ62>5~V^ zB2PXhiJH?h^wE5Z_r2H%4R5>iv!aE^e;GK|Fj&BACZ_J}Y%%xu; zZbw^aa@nI~j|5GNwheOi&cIH7z1bzs3TP1yZ{@JwJa?Qf*KWP$RTa9FBuYy6HM>T% zcK@r3Rmj?C{~*2dd3fdINWuA+^7bR>;bChNzkC^-j*yk&800UO#3K4da|_o4-CZOv zGPc>JhCEij!Hej>t#prfCfl?fX8W)fuhu7asWp*N#NiHT!P5-t*^}GCo!YT!US2^SGZW$ zUEeh6b9d873oKV97v=2nDGDJES}L|8H4Id6JS8%%=z+UZvjpp^CgvYDng|=EnO8@n zg_>oPwGU|kItuKQ&gH66ishMH5)&~{m1zZxItTTVStoW2$B%e;9zt;v=9)Po^~plQ zZ<9}MBFdXqP+XVqG%N#1`UkaupkwGyIj1Act-cpXg4(xj$AIF8P>4^p#7hU=wAXa@ zn4~nyluyO?ub=`{WX^9E9o86(&+J)Xq<8;PY$}4%ig3Qt<@gh;pCk>(+^wq?XzRsW zIuKRlF>c&xDJ;nq`A1ClAy3zCzpyIz7D*S6+W_1oFZV1oF(%x{WEJM_cLNNXa(MyF z;0F!Y>7UQAO7WU3UiXCSjEPb56*0gQP1M~zwkRwu)bsWAaW7hs8oC;gH!$Z~bN%LZ z(9KUDMLoo*Sewd-24uYxocMXT9Q6F+aWa|5`S>rzID*`KdSMB)t#$6}mu0VU&FG)R zJ4(lAVbbyv+W9w1Byw3>$h5&V?K!-F5z^XKRmhh%ps*8GOO3 zD>@eZX_vf7og8cx%2fpD z-awgdKPO@YcJ2F6u%a|hc}4i%wki8ZT>2b_9J4o5(-d$i zWx-wsaSr;`%6-4)-zXI{mGH6JIT8m>;2N>0$3|t0q*u7$Y+9eQ>owWhG`$G+iDq+p z{5g@<^PQvd{MrVB2FCaL+Ent4#_8tv%zB(nQw6|EG5HX7?ZpEc;Nny4(v#7eY4Oe3 z^xJJc>dpLS-RHDo(4_18u^&qn0n6v4UX5#6;o<|gOsdi@XZm#WOXD{p%Dm3SU;f-Z zqW`q-b>D)%Uz+BtqnDko*)xBHLKpNEkCWhra2!$H@pv?vpVQXM){(6(59%d(8n&a5 zm=CDLRtF?XHYk=I#lKP$Z2EAOJV4wT8*JhS8i2pUJU_{Au4U^J7(>u-W;GGVa2{05 zBW7$el~1~^@JDaKi`3bj2uyKc>bd7O__9j#E{u#MNo_V_PXw6iNN|1z zt7yvwu{>AeCyJ*}b07UoyrkYj-$7d>pW_1zl8)7+$5rL!xM5RXFhg9IYn8+F33KDC zFjwkAflql9imP8J2Plp#^kd;#c)yiSlcuZ~#^wT8DtG|fHeD|D2EmThM)t^6m%V#W zU_Q8m{TLgXzAe8iG}R_Zx|TWt;3w_X-zRn;6_wYgcMA}!x&+D zeQYmG(+wO&+VmCM2Y%^79=6p(*E8GMir3L6KR~=hN8L&25g+$GBfW>ByDffUwMdhy zRI~^JBO;s28ml5`cuA?_Vh*4r72qINcHJSy=v7yxJ#mDswxyZWgsXVl3h4M4%2$?j*0S``2-t3=YFn z3r7I4$*sK^vaZ)jE0YRAJ-Dv@A~E5N-lE2m;YsA2iO$L$*#;Uu`zy9~f+4(jtb8ic za9W{u_=FE|esTO!T-YSaTWm&dH;}2AC&@AqyT1q2hAU_L6RjkxYa}ab*di%~NPCYCe3w@q_XaWTyQ(n~g`dTk7M7FLXU^PH90-u*Y<#{|A}DK zzc{p<+Pes@o~n~l?`V@E+6M)cZOVWJ!UP^=9qLR$D)T2??c&$fq|5vh)GhfB1s zX6}aL`txFGOFaAAd(q0}{_343q&n60(PJ;dbk1?8vuy!J%Oyc{;V1aizsIhG4qAIJ z`zoV#4gYgZUYcQ!tpINt^ApHl6~s7a~)mb$G)t7sz0 zd#ZC`@QhjIpv`*pX^aNmCr*ZBiq+%kaxSpiWH(JqcW9C>@-H2&);v(g2=~7^-x5w* z%Y6&Ulf0YFRr#*AZk)_VjOpc<;oeIM%G=@&%!A~1*niWwKZUY+LeLaJnjF5GMWhDF z8-4t-pgkHseWx`qV5f51C#bV`yuKd2x0q^j{wVrJso;N>(6ZOYL{#YNvAKcRw_XzX z@LQY5XxhQ><$30%3!=irHE-=S-nGNo>6sp;h8Z%5M5yy~6^S~ZPS-VQ}i5p6ExFzX>p`ClG zRgH`xjb{)~i%|g#bevT~Fp2)TWHyH}a}m6D;M2D5f_zEWBL(@%Q;s)grBXBJ3d){J*I4{ z$_72ZHC;W_<~aAnH4?#&P&mkD5wu&W6ly8?mU(LSpDls^c6Y)|8%o@$AeVg^dNw*9on#j@3ZO81gTk^{<^9y%M zRvuq*v}t`}QfgSnn%Ax6iUZje1xDvqQGnu8T1vKva;a!9RS9(D)9|b80l#4CGKhc{ z5pw}z6aJ@itg=@{US8L0sn6!N&Jla-X+w;oUuxWAFHaC{v7;AUKr|$ufC?9G;Cq_Q ze3LDI-L{th1dgCzRl!_`EK`uQ5{`dytu~3}Tudo>=;Kvrv3*-p2h6kn`E{CL?44-s zrPz%%_kO;Hib@O? zc0D>`N=LqH$S)$u(2;qz)SDJk+b!?4T`wAlylN;CLtvunuFcQ!%Cqe#Zva|XCW{4F zv-TLt4LuqKmxtb;8m>Hk5j_H1ej~twNuz6L`i(?20aq*_mRcrsE?upY zhzhFml5d%SdQML)Pv)|lavnsFif7c-x6PT{4Q_aM=jHF%f;q*LAj^=cd^kqK=TxQ( z!?@HjZ6iYPiL9tqvDP;io_PDa^)?7&Rc0rNsBZb0tI4@b-T211&Fab&h!rl=27n*z z^IZqJIFyv1K&>+ecR+p?WIV#o?)Gx^U|DQgsP~;jv#UDOorm{IB$^tDOa$4HMa!6k zh(O7ZONj#_)lO-*zJ0Z;61`2qx4FawAjDk{YYZ5OqJgy(a@mXAo-OC(Fq zf-p4;vpb^C8%9~_JLf81SZN!Y+iJA(@znaH8*)bm`X)eAg~tr88Emd>J69is;LrBjVb8`-m$}mscj->k}Qm(_Nxo4$a$q1Zil$H@j<&B7Nz2Qi;g~W zXq04m+thOjv%cvc)a8fXZW2hd1RannZToIiI-IA#UspP{bF`@EIiIfQ+2?~Wit~~X z*VXvN4d#3NcCW&Mh*vA`;-Me*TfA@q>W?PiIXtbSbN5^X!?V2&B-TWZXuug` zWPx9f4>G#bPa-Sj5*Ua5rBXjZe)lxCw>cfBy{7!k%x0o}!YV`a!6BN(OwE=gL-rB$>VU2Wdt;dM)0} zzavoC>_N&WK@tH+{l8<eXR`v3S1VjGPKF< z{8$Rdmm^eHOX#S?oqm_3v@WaDE|MM)!jrKWbr*~aYnhM^Ba7(P!JVCwoKIODdY;)V zq=2Gr0haQ8&y0J}7WuD{a_3@$=jOTTBTJO-lb%lv2W-Hw%Eh7ibNd{Tk%i z6a?BhzdPzw88Ai)zy)!`)&FTNyC%Br7l$213qL!0(td3EgodnqPsmpTT_HceEd0lE zzXE=_s60Du{Lja2efnqj_aE)CqHFnlW0rga_FAtzZq<}KuC?sD3;T0S zCt*M+FO>Hi>I-XVZ2Z^IVSm%umb;Z2#l&NEUZRWvzAv==^`v_B{(P50lWI6tHy{qO z7SEaWZixA5$a3CY{)}K5Z`DP>x<+La6Rq6r7pRU$XUmRR*UbdWeGBCJ)g~Qd-jckl zoS$xel(G4%9Y7dGWLTpT(iIxcI@R7OdszCVby{CW^)1qkhxwl07x_N_GL^zp^XlY0^Q-zcg2lur@ z_#W2IXI%R2)$qAs*6tycoS6IElqTlSLtidvn&(Zi##FR=>s+9yd68>#z~DY!wLW?$ z@H&if=0}_0gkX#*#Pspx&hlj05$EnR!`9jlv9*#*62+!8K1nIq?;h6T|9a=H$W{sZ zlyEDzRkthXGD)f!F3ArpV|$Te<`$I+>i+AA$@I$MWUJt zYw!+EaNpct7HX9ji;BP|H%sQWW|(;ZtT29DSC*w$T~g!bD|)vGn(7;VYNqGTL8uo} z#xqBb(9uU_+3Yk~QQtOCnLcb(Rc5v)eHT?tDqY4JVrQj zE=x7D3{{&no0J?%Ob3CjcZuNBB?9-nUfM>{CiDm7ztYJi@`zyUEF45&?L1{05Sljv z637b#mv<1xnjNRC#%x35Vuoum$-g{4nzlOy-kTze!qR#dnWtT|g6J7!UN%hpe$$QK zd}r}cvVMJ96(`kZ_83W%lHvUh`~xg6F;`Kn-nRW)&fWbVi^grhqEUnG$^V$R{4;g= zUoN&S0qWmp5SltrWK$WPS_bw7Z))mzLh7MmViK6C!La;pPz@d5b|JAUPX_P>1NV+s zt~%=3noaChh>Xy&lwIBs&iNB3S1HQ0jUt^(Eu;bFlC5a~v{`A>_hHQDJcqbqN=(6l zcwk!QO}->axmLp!gRvM^aKV5xb@hCP*?V-8ff5_8^K7_0u9c&s8V%dq z0>X<87qo0`eRJ62m2&zMb#LhtW8BacB}4D%VlRJcvrFFsQkKaYwK%kY;S2_PsHz;j zr*<8#K2Exm=j68-T#3T*u^J<`7M1oS89tUuH4D10{Yf}r26A#5SU5vUG$kSm1^=Vs z{=b=IRF<7;f@FZE!K;&) zV9*X67ZUYKf*jBD`MuA-o#%1&`aGVvw?WnAlrvYVHVn_g*0krH)oJAq;1cKnMSUEU zzTmhP{y;vtB)9(ar8;3p#8uRB=8v5}hih4ZR<;|Z0xWQy;6npUi;yG?OpAR zFz=;qHA&WA5PwMz9c=R}B!h}D&Amyw2UlRD!!!3*XulAlxN}-v{89{D5vRV(6QE)f zy#yhrUGZVHL{T@-+-~mWGh?USFubSwyTZd1a0&lP^m#M`EhEKASea)SG#tKYA+Y{= z2hWL-=1KT;<+#6WJ3#t)uXpd5UL~q*S0Nx5ckgpvgl{MG)$Qg;LC4~}(gsg?5+Fsn zl<$Flj5XN(oD(l;Wdr7a32_%MdC0$iQ%jXgM7%=l>9I^?ppt?*CF$;Q45$V+(PP3q zx3uVZlDw(#u6q8i55x7BhQ15+k^YBR3$f;6nB&V(qp>6UatTAENSCjz%40dZ5IR%C zOUp?ezw}&SML4Y(xI6V#Vsel2OyqUs8+>1h3#(PxTTQy>J8s&)b1nMPMo-E0bu-p9 z1P^a=`||1BZzc3EGS3#;CUj+(>gBXUON8F{mgqf`Dx}W3nkDV!Z{wPbPlFL%6v-pE zeFtyliL>W7vEC>a=a@W>qw33|njj0oA5QIg2{1FrbhDe*r^d0zQRx@%C>#p$eE+Ix z!0ElHq@rx9Xp5`70*mPY=pCdN?xmXpxw>wi7^A1v(VL50UsNA1@*6Zs|Lyw!pV|EUHo=;8h6Pk?%cQnBE6H#vN`<|0B*{T54!DetLFvb z_y#rY4u|cqN@ieadI`p1Mp!uc?o?%IWo2Qh<0Ep{rUNRh89lNtpETKTZ2YO@;yr3y zXtSz0~2UY(i{e9Q(Q-V=%PNkE)pdl zUcMaC(Sm4_p(Wj)fqNaFj7z-+gD*|%Hlt7tZ+9V687_a4hyGg(h{y(4kI7~!^gO8R zkCVa6vmnsSXGhCAy!tUY?P5YP@%^u?M{$qHXL|3g{>*24Ja(h)aSY8lEpydp33&XQ-`PHdP0$WWT=@88^iW3XhQ}g9FWtANwpY@gIS=##Ie) z3`QW`b2V%}d33@PCM}etz(zab-_WmqX9aa%`3vE5E&zG~CP^*s`CuFFrb)Q2^W}b| z_vuI`f0kYR6Q|WUcyko_w`-TTCLJ%Y2|x|!-)>Vr^WS9uURU=4EQ(oMTTt+>-x{ui z53GB}>GD%ZAv|JnH6#rzMyoTu<<#MyU)c}*%B?Nq_xAQ)qSofx|1DJIW@~q9>t*7!)W2 z5zCpODE>4+@Kk-9lP2W$K%a+hIne+FKyKdiy~(ybBp z^`i_|T14zvXG~}q&8Iz)#$`ss=$nEE0Kxgw|I)4h_wN0l{LRD91ffxVQK%Tr{)ePm zQ{1L^`+B2O#0&ld4)G$fR++x6TSVU#_Hy&dB&1y}uN$ zpF^P6GwW;Ghjd+)Dg}|q)IHn{!Kn2t6FOe^Vh3+=3JPU}zo|1$CM4?)z9QNG+ZMN- z&|;V4d|v&eRE1;J;sa3a<7;suTp~=1w+`H=qrhxI+W-*={3lAr-(dTc1UPuZBur}Y zGF?opV7EmyGRmvwJk;?mqPU^1&K~2V^x$32jNL75E*9PR@P;MY`jD&}6Ffcia5BI7 z1s9aWXW9-IB#lPmQ{iRs1}PD`Nf+1ev?-h52rLgy!1^4{!v z6&lN&+9nOv0D`IxgJ7ABRskTAzyN>R$|xILl@O!%PhMWM4G#|&r1n1JOxJY1iMONk z9kIU@$Y&jji6isoOY5RY-kEq)_kZ~}H~4)3f~2=ksym}^l>CEPQv8EkPQc}+ z()o)k7C@Gp=m5ZS#q;cC!{=C6UO}zYJ0Y5M7=WoY-fWo=N#+Le!Vpv*JI0d?N;4lH0MkP5aX%b7gMMG8$A+Yo9JFgB%r2$(=v#dlrr}PswGzmdf53tLc_hZ=%&9skA)v zxD5UTe=%=`DcrBTmMl_Tjh`y7D_CopWx;z|ZS*9^tZNEk_k7{B#sCJLmaWq@<@L)yYzHc2H zZ?T3}0pgFi7cp&k-@|ul-y|q_OZ{KpNpbUw&a`oD0nRMI;9)-KD)GBPPTfw`uz2`x z$b#HX?6sBWq7-*l)D^8(Vg>liTR|OuBcWIfy>(m7fn2$}14M0QSo5&kU~S+aT(ZGc z?bY3Rq2i-}`Lo6L^#MR_suR#>)^-D5MPvoqX_pO{syoz7xiVGmS6udKyEy8wZLEC{ ze%4aaE`8_FRI8k1j&IATfC(7>6fm1I(*8LbainrzzgI=HvEJ*m=ncZc(}#AMKl*u| zmclW#(PNLNkeH=CtM=6QwezC{AJUOp2+;_#4Ca%-$&UofM0)9lVyz!CjFj6mWVVJh zL5!t%$NyC97+=eleCL**$gzRmY|$V*?gcWNjPwDvZpF5R-)+0vNw1qlQQDl;!c`Or z1s-x))$J+m0Ga=}g(e0AXg}H?{G+!q#xR*R;`fk6TlLRa4tjAa-?+jbByq}q33yQQ z@;}@rrZ&0_=$tvSfPCx-+o{pWmWN=Ex6_LC1TAo3K*7@m&UGDKgM-@0_kH|7|ENSC zuGYf%qSmec+gm_X`gr0eewBQ)u7h8c6MAp8j?Ew8bBmOlbT+JDN=zpyVgYlz1! zJVktXLq*w0XVk$*SLEX*-M&V)xI9qApS?kL%&`F;x6~wG9Ecg_ecy^0)6I@l7`F9? zUh{5pM87QWh`0M#`m(t<$c<)KuID`XDPnWxRJoHKxWHY+h0+B$y{3A zA-!l6@NMr#_l+wYZUcko=tBq?%M{(B{uNaQa>f^wT~KI@R@wG-g-~a24fg>2_xB19 zETsw z^~IHe%OjoG*msmnH`w}yPly|%H*!BK=)M9@VVwWHM*dSL|8E!NEL@;&!b>2UpJSpf zKy2P(!izz3anN74SS$|6JIQ(Vvp<&eV*j72MA=I?psxSR3CC;yUyMp_icKfvrwyY= zSNE95NI3HP{t19${2TGM9!ngxQmkF48{uB}Ii6ZFs922cdU=nFWa;Dvf6n9=eFyLS z(5;PfrL1a>ouVaXHe>UMk}yXNUCmbI_mgZDk&*2v$w^3Cmy&bupNnDmWT723{7t<1#+#zt|uLCOqD#opNhcx~$)~`)J z%PM5px$=H>t1QTstn!A4^gdYOqMdn7^umrZkt_%mMWryXUMta~&{@l*F4n*=5e1d4 zoQ0=xTrf~Du`}eFrP^>mxZdUGsIVqw_4c89%}a=`ghB`Lfhpi`9`>3&%_( z7OfRYT@P%Q$=*U*D|KmZc?Ia=11IO|7T23 zLE}zSYQ(YtGkA%aB$W@7_w@QH=|w-RZbAOph#+K5MG3uhz9Pzdq1l+~M&C#`3k+qg z_yjM|wa-9|c!57Jimns5s^e*koGb#qY5J0t*7%}!W`QHHIB$jh(RmyC6!7OZh-rCI zSs4mfQEj^(VhPUBvG_~TA16v}u(sR8c;&OmoY>M(?+z&|{1?i;101gJ zTYGd8LZTBbh=?H3yCf2VAVe2N7hRO-MhT)tNf4s9=tS?M_Yyto=!9TKo59SSZ<74} z_q*SH?sv<1X68&`=A6CH-fORSt@Xai*@g?*&m2XXT_f=%rSsl;TS^{seq$jfp~=9l z=!_h=s}(V0U9I?6y)88&S*aV`9}khgZECP#_aAR+C(lTWlYLgwc4b;b)_HZbVr3s} z9NR@tS@fuQewW@wjlZ;q(<_zN?~^ypDw31XEWLeQvO=OfsuO#+5`J1crI$fH?x%Px zRHardJKsWxFQ;+KtAj+6Bjg&9o?^y)0LA^ef+k2}>~mCm8!J39wo|%{_(&~)k6%tn z+*7yr$8w&}yI-Z84)Ki65A-~_wJizS_i%assH@#zS{cnX55$+}a~LMUI!JB0RM9!rK%2qjP1zHHG3^UPG#`c0XYbt!{h21Ve;z56p7} zCz|BEiLo`+)o>I+%NO8$ChhO1&~PbeNUi@{dGc3s`NSpmg~lBsb=5R6Yp?Tk~4m!g!+;Jpmq+F8-pWwpxu z%lvi1Jyo-VvCO8|d-WXjnco&H3rBmD_zcL4U^kt+4o>OkYMZeF+eLQB<*SouBL9+I z7==3v>#;%PQ}||RI<{c;^}9I1+cwRXN0T`r497-Xpkg=raM2OwN0`*LOl|lkG{VN2 z?iF`!>*+AUh~turIi;KOX7rmtQ2fII9#0hCowDoaM-{eIR$+8vv1;!C$~<1X+49t z3S?SLEkQ6*t2=e6Cg2c_6PPcS_ACbjp_$#oc+}$L#|#xiioAR-pVWL*tD1E;@;CZL z@gT*~c>c-j@r5nk&qv~xfiB9u8U)6f-GUJ|YZL{c1SmJ9@oTZK>!_3qM8|D{l<&rF zYp_e)>tiQ4zL{{Jgi){hEiU~hc@j?l^mj&(BZTUoBK7}j1@xbNh9?`A?U4^QTAq6~ zV&m<6YlNbw`BMVV%S0<&v2oy|o6&kDuW{+L@Io|4$(|HCh9{y$CtuA9rxvJ@!cx}G zeCXu8LOb>;Jc&!WU59_$gc8B$C5{6sUq z{km*<4VGAZ`SR79aVJezTY$ds5O0%Tq^b=<|rOJ4!U(wU3jR| zVvnHKLU?xb!RWdV^G#$2N382yX~dLS=}6bDI#>;F-Hi`9BA6+&%@C>l-bTB}L=kK( z&|J3MEqXOchboF8>?Blut-B^q+7j%NcuUadFUPj657lfm5UQR=*)$ORg~@>iDcYH=q8FL zW#&rCS-!0YIkz@$2kOabvFgY3;Az*#>*d>n8TUPgV$6@6!`tYj+KOn#M~c;M=X*%i z6zk-J<&K^l6T6mb@3UW@Xqm}1!g)+x{O%a%r4wD1I$dm&J+6gLn}651q?GTgScHqocKG!5Wa6X(a2&Z08m8O_PK>z)2rFxcs_rG<@>=WG zY*d7?eU|BoaTO=7xC+;ZgsfgcC}x($2=wVE_3C8sIX)cbIHuWTIM-6_E&>HLliUoJ zC_6(nda!j%$I{L1NGWD=|44MMDGZo6(~G)eCNx;}{6GhJGjN3*zxf$)gztdTpz2}$ zx%Ao2ot*{$HS8XAs@1z-rwlIr2tnvWlqS_8$NojVp+UKva=}dh)+aLULG7E3jL|$G z&#fj$i!Llf)EcC-n)2NV%Dv*cZJjV|XV1;cab9^liO0%9GQ|ZyPG;Cj(N&0&A_uL( zWb(1_HPVEB+#~(U7Haptt>?(wTUDQnUUeg0aebZ(?P}h*^)W%%h$*?xz6{*Wii?|} zxmW93;ZwF0g<*W3Ia4L(QfcEk)AdM)^&Lo+FE_)UYC9CyUilEjS<2rnC@SF0>?J4rfWQ% zNa|9bsqr;7u8H7Dc%5Z!qZIKf^M3Y&8$t_#4o>T$HfxSyp>FW)_6*L67I7RI_=uLV zB4301&x5>(Zb7Q(wKZG)o6_zQlBI`qXuYUjVK3WqG|TFxmph+(^@ruT!{Ap&Mfbj` z81B^JSxY{SIcED36hi@C*GZ~g{X#(u4#QG^=+ZbIiTmKFE!wPB)8GDOyQMjSjdNC|%Bn8UIY!$nOh@jr_0$Z{1c#OR$aUXWgW&6zxHgY0`Y+d8AFK z(2X6@-mTLmYNh_(MYiNF?*GW9IXm&c=Bw3)#;Ok;He>E-2hd$YJBLmia9(vc?W`YL zeJzgUW95tQO2MG9)4*+Vp(~8v@5}udaTVFg_u^LOeEZ=EN8;2<(am5=3q3N|0o8BR zu_CX0Ge-V9U3C*dV{9$rqvrH45AJZq@slz=-Kc?Sj}p=?95EyrQCC=EuG+8c%)uv% zZfQ6YUOtANo~JnAYXmwquchVczW@maK)7h^-TpsJP zEi>4rJut4~*sk$pm8yiF`!xbU$Ye7C(aURT6bXQQS+FV-OiZz|SJJYTA z8T~Yz99KogA*Uh?>Pj4}98)LVHzCWhqp~&3qxUqlDz7HAO#0Slo5bi!+J!5fMU4jN z-3(fYTtdYlZtSgzN9QB%%{zXGfZXkCb`=1tE!||JfWKdl?pPu14-{o5 zgc7ZhhvvhP=9Aeax7`(=nQcnU`0ACQ$j*I3KR)06MgqYDE6ZI%i~58;Frz4oNuQR! zyCa**w8!g~bUnk$4_3`nRB^8)Yz;-02N}_MYJHOZTr6sW>zIQG`rxFl&J5PNkDab9 zb#9b()oNP=TM-Jc;uO9uz71s$swrHn4t}F)oB($7xv;b68Q$ccu1E39y7QscCjDf+ zS0JRQlE-j#0Haj?Xts@LXzSGMb@Qd{2W>x7zIYp))sbqwpejk=8{w;*mE%lz?x^%~ zK=~@yRM$Wo+NyBiPs^T$v`xwt`t-zH%miMmK`*Rzpj@sn-6!<_6T|pV@j2QhKeAaI z#R4L>Bl)di^o2#b$qcVeeR{Us%jZ$Is`2Ht@`5RGeBmb*;oJdD>OJa;TNL+OM zv`FyRx-C)VClYPj7k5mopX%F;OcCLrD_k^uINQ)j{`j$ca)H9h? z1QoRkqr(Y|8J1_`5cX9kktGY=gtxx$zprm3D5P+16oKNyI9q+oX3Bh5AUC{n*IPf- z7Yd}8|BRd$bIubQfw(h?)x=jPtLlbX&nvGn$Uempn#jvTbI$kocKJ64Tc9hLg$o}x z9!=wb*m5s1RaiMQ+!Piv`)(b2kfjBA$-3=-YUm^L>H1+Gss} zxO%p4E>8Evq_1pu{&^Wi=WuB-vuDcv{tV4)MR5$(X*XKT7>~Iw^RQ>LJGR_|^S|aV z6Cg$Fr*nS%aDhw&rD4m2Q>}ga-F*jv3Vw1i)i*cG2yZ+e;1J4=ri~74m*;x3+-m=P zqEzPT8fB>7GJminTCdn}m)cm#585)tLi^z}@=CyY(hF)gw_BkD><8jlA{>+Dnsc;_ z*_siB&)&;f_Y!_)ZQq?*OIyx~%wKNB3?T@Ip4jACu}xKh`x1?|jGihQ2O5Y;XZ5uY zWp5`DSZM!wLga;DC(~(oNB|+q2LLG}oFipeWS5pE_6)<{oxI;p+%^D(@g4-s67=Ta zRHUPe1hzlMNwP(y&f;9Omz`1@XRKUPNn7K+MMcIx;X76KL{^T~-8$t|Z4=iwx}10u z#BaRz&Br)!7dLKb>v_19`U%^6>%uza?nS!3Q#|r2n431bc_UYyF#4>2tPocxI2$2j zl(Qoh)v?ZR(Gfsc-K1KkzNgeEcD$(mqWBS+RvA}0Ugx%5pm7*orY|n@Zx#*Ox9H!S zx`kr9izaVEg?pBil@3W=HD>;Gnc@33dEoNVN0%RMrXB>gOPlq#QV;~a^A$aZ@0qSu zud7Dwb9NyEbn^3;zNc>gy6{oaOtCaIS;;=WDt~X38A>pNwi1h4gM!c|(;`sD9dV!M zZ)|nvtut+ivkE3A$P64;b=c-9*w9vCt+Yq&eJ$CCdLp)^zqkg)^~f^=Zt?-A%)6>QgN! zw&pNfb~X_g(1n8Ik7L|3ulZ5BA((p&oq`;N46lB@?K?oMHAAFzG>nc-ylxOHTe34o zhdMO)HtDBV?4@ed;2g=6UkZVL?lCJ-lUjHjbzGaZv*~sG%;reWjE?#Z_#Vo}W3^d6 zG=R5O?*2pzE=$YF>*SnSyROxYHMJq(5%a>rpzysQnvmEeA^FIB+2u2|zjTG%>@Tsp zpO7vrW%5_I52&)0*H|X>!xLsz*aO$`N@lINu9oqw(;|BEkUy1)Jm z*6qyjY>1_|dX2>nkyfhQWE8RCst!8PPxaSQy_ko|`kff}j1M$(DH6?iCT(pB9EC)7sA3;b)9dUFaoG6(77h;iJ!Sf1B!OGTnZ zU}IRKKNN3|{vk3a-VXK?#BrunM2cXj?2@Ep>L*ICzuLvOp#0oN`gQPwB2fg0rGarH zXvD+te=Zv{L)i&EzspJqfGT@3v9T&=F^`YC^jNu2+4R9R>FQ&B!}HM`9>$LZ)*EWA z>NY8h8umSHn;qF27`6{6FE zNflwaNZbHGb8`1mrPU^z{bSTh)uY(tn~B~Nxjx0?bl`VKDzvLr%D?Peleof=qbVl{9P3T%wj#T9+;`jm28%fD+KXHU=j~pc? zdD=b3`k>bf{bHtWR&%h^{!Z$wZ+`Rk{cv+tnhr@B^hlZoUsvXUeA}yna`a;p(@~}hAM&AgP2=?~njWo*VGpV~xxD-!!jVCxOd+OHry22X{ z>k*_u$)ACBCPcq9Gp-{P3>S=*_{d6g?2QkS4%0eWBJRB;+&DfKdn-!1-(rC9T^uvY`S=d9@qaOS;%yGx)n(dIX=(tGBX{^|Cs!ycc(YZKM z_0xG%xcjZqxOC9U7}m+M^DhSpWpM0{;( zOf(DQ+CAtd(!>d`WtD$jRsUwYdKk${IW0J+)!V0E-PmBW!>JtqIWvp6{A#MQ5DyPS z-G^i?lv18I6DBNXEqNOKausFSFeP&Q^?jM;hkKZ;`9<$i>!WiX_cviW=6NeN!}bd; z)HzFDN^4)caZKv-SB-g|%_OXO8kbz|aEFmo&klQAT*d6SM@J%amIw zkx@8;EHKVNyZ>J~Xi^&CawLtYn00>fhjl6ZM3Wz7H$r&r@r%5z1C$2em-b~$L)OH* zyk+PSayZ?^d5`tIiLN)at+kyC=lrgg+LqnEUu>n@d)JNix}+;8=FofywIW1V;%Wu$ zo?GA7{`vgcJ<^lu?gY~1w4X{8)_Qlq!AA?MpTScJfdR07cp>LLl<&JUz_e7f5<|ORzf&rFhj0EBSj0~ zmkDEeb=ePU&B4Q5JIPxuZTRTIkCP40W zgzF2q1FzS%0uNG&=o+RB4b}I>N#P zmoTm4ymx_ZV&8KqxuAb9s&RF<(#}UL-#gFlh0S2gxAc`%nc%PXMTC|&BxK2oXR z+ap5yl9+nV${g37uN&oxI4jr z#Qn(61{HEI=^9oF!Pgo>S8Y9gKvu`CLd^&}Vky;&c6qjA{~_l?(zSZ=6OH$ByzrSa z?_yh4?irCXb$Iow`ZVEp`1U0ioswA;tj?K}As9b2B@t1V`~lfhFz9Nt7#cc=;# zQmlH(Oum`DrFquuhu16VuyN8S?&pDUJ-F<-z@g!?3i{*FZ|*-%n)#nCF*t8N6)-Vi z6+1T=u1M5!A!T$@K91yVZuW-Y$cV(Qs^YX?afOdu9!U^-KaYZ4abhjqF!KKA;gN$&y zvGn2&fnIkT|E!E{VH5zOvX=^L4&c0gwM=DKHR3V;GviU^b}qz${oVh*(%@f<)&IE1 zUyd&Yqaa%KQ|`@s>EbWy9pOuJgX5~yJ|#tjY%cc2Q*Ag&h8g$EFBA%W*gI|C8e_6E zX0{C)6L>Yl7!6e8+CzdVi5rS>wPwdslqfZ4y>@SBov z4vr7UYCw|l5n~L46Qa1Yq1@HI_>k=HRkR^MFp+J z=ykuvvbQ2`S9n(#?H_rlM*TF|<%fDYS=RZly16B1L^%>CCbLm55&st zKeb_N@==!X1(XL`vrIgEG0C61mMo^^2G;C0|AI2?*nMxzaQk&ufQ?R(pFX1Pn@7PS z4As|7Kg(p9;TSzDm3JhYi#UFwnh+i|xSmyZH8WP8T9ALUz5%DOGq93K?)vn0z3bqv z;*~fs;r00j!#hg`QI0XEsL-{1cs-hvZ_U`$%NZNEh6R7aU;xmrr^6)x5?60I{p$4* zCl!OXpv^M`KoO_uu6)8@ET<|q8>pxQRY)xAvwrUIW#q&l2^Iy~L=5y%o;uN}$zH4! zj!e9D+1@2 zh_MLKvTH+6r~DojgLh^mE(Ov(eD5W}O-;SuRMWn~R|0vIs@%yP{#WP!XZx%3|82#F z#u}Jz565|q%jbPBnyz3Bz5YIQCf|d*I~$KnV4G{@h8I#a@hQl0H$W0`yEc37byMtn zQB@36ADh)=d4*NNGC4V=fS7qn;Iox$wOKH_7FQh6F~zz(RSlC-Y0~v{E!Vo}VjV*c z=mv-K3q1zH$jv)nUBqiC*}O7!Ck|>B4zKUdHhD}>f?pXdf>pVMUp*LlzGFneA*&yK zIYU9C^&f}rfAyLGn0uj0LfYyyO^wY5{n`Gtf1yf1$PXgLz2{^zp!N5&zmJT#owc*8 zqnW##po8sOTPK@;b^?wrBDl{Otlhm`a8HGP|2b~|z}C%=_thlj1@tFNS&LLVLz z6`EOH8@!U3gnOU-!F_@I0uLmF#e@a!gUCe$94*bxck$R85x#?_FW`?6q`JRY*x&6g&Qz>+JKU>aoaBM4UUeH8Hc@i<@#l@NeT8=0?O1Br>)I(`*{ zbmV%%f$$fnj|^WqAAICD7@K{%Tt@h7GB@qWa2ZQ+@g3t=M=8)b&7!>f$pM zUiNZ>dREp9F714Nfe@X7s?5dv^Rm1mxfwaf- z&yo@dt7ebd!iDNspopWM+U?Ke$9xf=7qH$Z$9CTpRwARDSqmYEQ}b}s^yj%-?+K_9 zdp`G%)tK5oGt=Nv#G(T&XCb=}Z{I3|TVC7f9=fSvx4_8{gtb9H(KQnl9Avz|g3<3n zbFm!(5RTp8ng-YsUWU~hVP?n@mGx8bfko&CDmdPeKmV+{vLlU$_^3`>sdm|_-id`vJCYvwDE}$S$_m`qUDrcu}GZ%*gVbFjG z11>ua%-M%~A6a9Gv~p}e$NB|re(eu-)d^rQsj?JBoh>|yWg{l96+w*j zVDKV7+Z?pA?K7g2^?K|I$fI79!T`8y3I#Gg z9njde96(^D$s?QSfmN#{mJq7M?qP?qkSpGz%$G+@FF|F8Sp1KA*sq5|B(A1}JJXFN zJ-uPU-582wlqrbg{R)Ma;^Z->QZ^M8b_A1gjY7B}AjJ*wji8iM0zaga-)2?Ab7}_U zk+{#{fJgPy-;+X2W1Bb;#E29OAI!RYg~CAm|@f!qdWi^C3Lv6t4eKbRV? z?`5tiX|+XFA-d?{nSqQXkxbQ>5Bu4MHJzmvQqtmu6dQ9j#?l%m@JO38WcWfN{7~vK zMyV~|BQ%qdq##Nt==V^roGUMYVu2M7%$G~qc2EHX<2Xs#P8xV`W_e@zl15yX1UPC5 zG_bOf|IyCES?Zt68yoQDh=srt@V|+|LkAG2Gn3db~^?3_=)?w`$WZIhH1OY4Kv@b z-TTO-6kMb!GOX10@Mv=5k>p({xuBsaw(j7*aEHaZJlbp?7OjvYEYKnYO5CUeEivCY z`VIgk z5(X%Z+;MZ#KONl}ww(oF^*~jFqmY(HMbJ+ci!F5c!zJLs;f#tP74)V2#awL{I`BHk zpsaPE_3Vz54<)eaecQlb>=fRhYGXBM0jq^8J*>bUz66QiE*pWgu_xU9x5kP7A2d!A zQahRYJbd91aQV#Cr%l@I?==uYF?$RYcTOwtt9zJw^wzcH^oPSTO^TVD^HUIM7O&#ROmi`QYLa*!k+M;s(SL!`K!>U%-jBspYvGb=jDNe?1~dvp0;0o z6(28hin8{2j`&{&8z%!m;A3bz*?5VYUdFqJ3YX$%knQkrQ@mKAhLjlScBY0{8D%ix zt`(ceLxy)a%V6!FOQ51>aZ}^_9Hc`(yOR|Z9+y5~_|H7_X9n5|c8Ri!4*K!gVs-$d zsr}vKGU!-IVj@PT&STKgPTIF~RRDy&4PVw70eGp-_@W3ax zBZ}dOq?NXkj`un}pXV}(yE9JS$;+q@DQw4CuO&)qkImC8ynNKVt5Y9)bcvfurFOpK(*QCx6aG469VEb zrg&0G`l^cH3T(5)4DCDSiXC9GCRCCLxmm3@vKSQa3kTIQq$1yeS9l9%$qw2$9xOW4 zQy#-EL3*%2MMGP?%s?eve+K<&%M&hswzI2n+W>`WBHK66Cbp+*tZb`tcMC#FGlx)u z0346O6Li0&V4YJK@9Klco?UnFJ{i6PJ~LO}J#qn7K#uU6@%C1m5Mcmr1}5)_{G#IH z)FFmv|9I-@vDERi+~q?Cka~U+sT?#HP`^gTyH9kk{>cB_VH(~UMDwl|sDNkwvE6bv z=wdI4P^^V~sxg>lA3>nFs+syk^*bzU z3xj??$+(2RiUoi$2G2n1T-~h-5l+zG%iQmeS+`X|0w_NE4u|_+KWaju?7X6o-GJ9T zq;-Y;ED@pVI*myHx+~lT)R*$=c`xil{P%GAGguUY$3r)ba)8dEd(y-lxP=k!5~ew_ z6Gv`{6yO=b&_uT@FdDtGewkCa)z7fD%D3#Sz8weX>cT8Ypql^JxgQnhXuL<eQh-}Y8;dswU2(Vj{<9ZQyYNQPtxD5XC6~;;y<2>_4FE`>oe;#5 zAHSx!J35kV>p-5QD$E=P{UM&UIllg-d9{*YYkQ#rsRokpr`vd`hfA&jx13pQ4@zkE zvFSO-X%%VmUX%j_H)pSZ@-dm`0pLl3sm8%Aoe7UyWt}1KVpw1J%7TL>7;})5@^dc< z!9=F<5r(#Y$OH(?1+*v$z+}RKnaW!lGB{9 z4p1ez9Qy}o$hR!oLj5;w;xBXgzBzykegd5)_#g(*+YF^I5Y(xq9B)Y}pbu6*ufEA5 z1wq;2nV2ba7@r~^E5_cD&8V3FR<#!vjWPP=$W<{0Idgx-^bNA;3)$iS=!bnQ2UR?F z=IG!S>lYkd=67O4+GSZqzPm{yze0+e&=#Ord6$G+%FHkCky}b$5J@fh^FV}d7kJ$Nn8ngGB8O_}zxS+d)o5{t92g5Fm7VCLxXu zkn<~JWYG)BB6zzczJwiN8i`G-36DP*=(Ev=+VBMJSh1Af1*LM7wCP{1qOBpFJ8SmjY#UsfPJYafT4x} zWC|c#3b8S|)a{i62>UWr1sovzkg(L!lks{oijI6#&o3K9{4Cam1pwHbF@!aiO1Y13xE#f1jb$hugk(XRBX$tp6kLV``viNpG2!hfFw%uFM&|@LJ<+%3;b52hjrOb@ZT=O%G(_DZHc;vJM0<`xJH@q1?EWJ_< z;VlAC9Ir&iz|jHqf_Il9f7S!ZD;~WiTNywr{Wq=H>at7d6^r3R_sr>2(mMoP@z=TD zzkheb)}dEnEPC3N8Z8f;ZGd;7_)6cfYYa|l>BzoT>JMyiB9_}zzC?4BJu(r+gg%RL zGv4*m_0~MZUr8g}@|`Nfs~|^Aqo3s$VP#9TO>9|2+qa=F$EeZT7@dYOECM zx>!j2;r+b0@{7wBx>CZwGfq(Xfa<6?L=2qUUIFyCw4$$8u|;}Q>jcX>J+prRsjv72 z?w3c|2jtjGvK^kliR|caI>$`y^s6RRmmh(+EN1{+LDUHZdm}oKc%pO<<2l|=3X(Qp zb@p6Es2ST_z{WdB4cRVH*1aY<(KUk8MxP;nq5VEwAu`E5sBsy~CJHHC`+D>b6+r4y*s9?vULJI+d;u$b?V`WNqme*R4n;u zXY9R}?y*(DIn7p{tsB@c$$duPe@)`Z={QtDc{RqYCJDj+m&*;Rte z@f`V4=B_LGl+YwW95iR?ldK&})^WqOik8YSatRvQhKc z?Z#$>wGxcMj8x`^Q3}u{3(i=lyAnJ<2-aC-+cr-!G01GjLGgcJ1cEzO%`%*3DXx3V zE7Rl8XH=B{+HU;@P&+|QmCOPV-XrP(+jH?}y<%`})ce71kbi32aqZThN#jty<9>jX zf3`EM3(*E*JLAtmCIE0-N@Y8mUg#h%_u)SFbV^Vbasx%xc!yZBob%2}2pCMgD34MF z?~Hs2bn5wS$90)W+nPkHt7Zonbo`V@ZI(vl~x{_BP^gClGRfCB)9^OTwmCkC4V zDto*hgJ?=;T)F3A4isc!h%0Yg=E6w4L%BlrW|#gkycPvRWl_Ko@GfiCGJl&Hn!J1a ziv$2cj34B$T$vJ(fZ++Kj5ZI8AW*C=g;iz1As4=q?hRRr&47pamPvT}eHE{t$pKgl zg929SW~AXB^%(0VNP_EY4gE_064P}o;!Pev?H)`xoB?mL)IfcIl~6aJih1qCR(77UDLhdB?izqPnOu8)ZhMuYV$sSU=SBO^%yB^nGcBW)r1 zpV3sL4)vkduZ`f6we2fz=v%H>O`=8{u}DnR`~~cHSCs0eH(n?CkfhXw?#O z_{m34LgH(2aDdY*aN~NaktwI6O0r!W8$3n>Hm*L@BMgGNToR-PR{1?~KgxuW#=U#~ z>u<-Z9H;BebcFlaX$;t)IrWW4nI4KV-7TcEb-Fg4e1A48V6_BoZme$;1b=vaE8Ic(k;0eI)hpfPei_Xy=rp9=#t`MLvTqYvD{ZFS}z$z38 zGi3-?KQUybo1+FJKgvtiF+a7yk1hNtplyBl;EfQeJ57#Lr}-gXW+UbBXnE#s+t^(B zBKh==(|459=WUn#H4dY1*grj>WsRUrAfFmULAM#vLfpcfZc_Z=K^dR81J1v;^K#hS zG^r^_ZxmF(XYW4YL9BZoWb>xqj13S&9v;+pB+5(3N>2Q$Jq8tgUu^C?ZjuKp5KDA7 zRgO`=N?)X6kO>bzXKEo~kDeH_!DF`5Zq|VV@9YAwgv^38KS@@9H+c@O$q`D(PA(2= zX##Gc`*k}{r|@W4@9-eLTf8ncUEl7_LnlExMMD>NhAAx2*e1V}0=c#Vd^Q7uYR0fQ z6w@PNKQ@$KA~VMn1be2p?E!&V<_c(jj@2b0|J^a^+Hw#@Y_%Gv6|=uSNu1g}e6eZe zw_l&~kzlt)6G;Np1#@F#3xbrR1ns{UeNX)1On&p-WScs4<@f0xdmb9g0K&ciQsdwC zh4}`mRs;%}+_*4xdqJZSD0a%gd|HURX7(RUep5Q_$s+wmcAi$CNVjx_VyTubSORzW zA;;@l0gx{FRi-nHg^m^ywi_7!4*Jl9l-;K-8+``oLXh$HW8w>!Db=RV>Bf7tETw-t zaGjc|;4N;DnoAxWX~}uG9o=PvG}DMX4j*?^l;4#LACw2)9maftfrWE^crjmY{ND{2 zHdB)iB$gRmvlavD|IJr@e3P(k2T7C*`n{wnzPQZhRQkj^rni}`UM~!k&zYlf9`U_i zML&j@1LIKWJz_OaY~G>zCN}I-`)~N3;;o9wo96Ss?ou_o=WVa=SElYsz(CDb?%2z{ zlwf%UY53VYl3W);nRf>&(}+KakRQI#q)H3ure$-g1Mp8MgE!Kf;a?WE4xITf3yp0# zc2QIWD79(xd$BtYt~69L3I7t~LVgcl5q_hRR&2BHkR^UAwQ20MnLa6G*^D-&)9q*A z6X#rYpvA#XwRYX&_%j$F7jX__foVXRFZgQg>KRSGzaMK4M?e#n`Wcg3Mvu z0rF_Er}W_xpgHz0bn(~oHw%?XjlrDbDVG2*Pu{KGw^heE!bkwX*8OqM;NR7+ zJ8H&BQw#n-22(&^Xba-h_9g0X80gn|A9MP_eE~~270QuE8m%}xY(}{KUxbb#ZD0H505@eVYj5*x>Fxie4;7` zZ5?5P1A*l2V6$NMx6Iw5(#VCE3izWf_LuOx7H$Q@Du z&Vt1A_e?;RtX!ftXBq!|G5%qRYFM6fVBbcRqc}ieZeF$hjA+Tj)O=m%*aR3#Qx3|> z&XQwK-M6CmvZP$MJ;d{a-s!8ael`AeI~~2S?)^RBP&$r%)|jBsknfGxztFgjheT>jU|U#oBpo~ytZ_^>aloG^8xynWMENY@`2^y`eu~j=49>qWKc$hEAu0k zXE0cF)BQ&E_F)vSF02r{XSFBb9;h>`$L`UmHzEso44#o>F%d*R5}h9ufd2`(;QfMf zvO3$Azn(nqLV=2MRrmS1{v54RsLLC{wC_bqb7jC8F(!)3;MJOjwrD}ypa9-CAn;16NZZ83!z4qj-uFLE zC#PT6a@-JJU_JmFx~uH#16+1U*)2|QQ$1+HLh%eySD;DvH}8XIDA2C<#0gJ69znX#UnsU@1nc@C$Ep$?FO-m4N6;*`SbdU@ z*egf0MT0qPg;)2l&tziLLl&OVhsOfLx4=ED$nJ-0czf-W!V5I@Z4jWDuPS9fX~ zkZnuh|EZ$(mk(azhsO8p@;{b&3+j2WfypWvd+h`iJJGf!BeBL1_yApywY3f8(X~~5 zQgy!}`jqxw7}h(#Tj7@&-OI|zlx5wW{|M-M4Q)BLxSz_P-NxA?Mwgaz5RwGopeZkKh_g1y1>sCNd8!lTKM+wB}54% zK%XY{Fd!2MqyMyMJ@jV{!O)%XeA^SC-Mw9%iM(JWXcY2m5B;1iz5W-jWb$u+?(}My zoWfgQ8b$KH3zqVbJZFjr-M*Bf_c0vsBLWe_@CNAWs8$t9g=0J~51wG(V4K0i=MoB_ zrv+cQSitRfBek~M?mab|wB6Gf$AqmAKBTjEc60V)5|`^kGuodu)+23Q46_Sa@s0T<^VK-q&GEF7Qxs%U+qc-!A7@V7uI zCH-?K$9HkaF_AZYk|@VT;D>Rg=b6CvbKld1Kz2|;le`D;8tirw;)4`6mVZ#d^iF)KL<6wF#9vgy;MHd=X*i32mbHY#Q>_Y zBGIL)jhP1kIH>2+q2?iKs_8K?0lRGi{!!U*a~(eW8I?*^*@@Cj!8f$CX~AuXEAbs~vT_EiBkBj|XJLSU;ko3g!Hv?S6zjc9I7O z1Vev8XPYv2?vu%b9YD%QlcI;ajJ<0gA*J`*ANmhEKmhdqltgDNklS8$7+)-S>9<;s z!V1JOo-b~GwTizUZW(;@9a&aon)BY`>Ol|$j*iV`JMm{FRP$Y?R>e_*KpJq-x{+cd zisX768sxk@bp8S|eDIBw4Y^CADxx@XpT9CFp6D*@2gPx?lSl^KHBeejEG^a60X=q} zc}<)5dAS2{D=OYEY6E=hoIXL|>5(h%A%G2m^ZYV$UVc`d?Y)PZT@VI{fquGRD!k%P zXUXR)Bc6DhrqnfsayZeQoFaK1;PQ(&67KH@`nXvz3oYr0UVp;{+rzV}_4gVA2qq!!Z`tK!T%xaz2lO6-}Z5a0*Z>caHC~expQVJ zs13_3+cp%;O3PhpZoq}*Y^p6WTUIKTrnx{dEn8SBSh>=aoT#X%!2PA(@6Ypmp5O2O z!xyg?&8-ElLkSF}$qEIt%Y|ivAwSZ?H0b7NnE@0-e=Kw?{@2wv?S53Fdf#mPg)Wg1i(1G5>yLY&U>^X z2g7}Flc-*=Q7>j*esM`7sCnCQi4CokbQBi%?j?7&o$=b9LnT?crso6WG<6!MXI(``t6h&eY+v6ud8;9qgs!wn?E3OFZ>!7t zh+0L@73h!c)Ni*X`w9%6e)m8ga{bSbFEeF+YHeK%QnI-b6esDv4Hvw|L1RLu9d3;mR)@>S6_Ej?7N_~D6q)1&d^$wD0TC- z^;Td$Ju!LXk&V47x32xYfEBs*TS&SNhnsGF+p2v*U>aHCCB1_9U8Sq(S^A)DLWVCz zpTUAtY_EUx8fZ1|HV)b*P&zi;r3`fIFUuYjf_7-uZH4)Zr4#NCt{GYk0B^hVEMgxA zTKVK@>)vQSoT8CE)uI_$+%a!z{d8fm>P)6$AkZp~q zbb#p@Dtk(5)ddT2-S%BupU!FenZR>XN(ju(j*IrjH*OjU9J=OW7|#s-N1g8y(pYpRg&X-3RB+D_ySZ2QQl= zQaY@Ch*Ht-vG%P}hBRa1nsxVXv50TC9?w;G&%7jh@b&A^V0bTau;lb6Q^vb5hra2$ zD6LJNoBH*wdUzBCB#3V9Rnr^<;ZK?tSI;@-qs{Hrstxnvg&r4KH5c!Mo0}L2WFk_%E8ojm_=Q#DV1c-pS9WbTzc9n3&wZLoN~%N%}oLyIc2&*1jIy zPZvzKuXelaxGvzz z(`h>|YI&EI3J~8We-xi{IiptHYnFxyh69sk4E#jT0U+%{BKC6wJEUr~HBT3=TfkFK zo8Qscl}%st1hsa^d&L9m8W!H*63Aj~Z=%+v5+0@@6g_rfx=~~8kKm|Rukbi6#IgSK zK%egdizxm=L(fXsGR2(${vWRFKeX7BkA3HU&z{L&ww$^q21pVe7(bCXBju5E)CJo- zP9nCxU$ii&JeOC<_#M4-4e!J22X^wM^tZfb(;#9QTiEq;_i?>z-7DEBKtAlz_I$bT zZrAHv-?|*Eh}?8^cbe+Q+kurDudeK$jEQYi;#5dAt|1W-Q_p@;XBDp)tH<6lT>-w3 z)`l$fODg``&L1w{k66Gb{{(pKa@kYOH4AaS(}Ev7sPp;?{_6UB^RnoVxt3Si-f>Gh zDwU7vOaxlLdwh#+sJ1F>H%frPEDXZ6B(>iN%dY9OLHhc`U>Udr4 zG`YblW*V3$j`M!_E?z;2k{?Zc$XR@QM7)g}PS~CJf0bH?_EftJ|C8?A1GBKD>%j%b zth&p6z)$5zG4&@^0&Y#hjxG#~OADO>5}cf>%AcFicYt=?FSs63r*OD$SN-CAyleRk zrO%Bxp<{dIB(`54zobTfLpC?3!$8@;#4YClF)z{#17PD0g8o%~@rqt^vA_+@#m>*m zk+tXn06^h}?p%whvXb8;Q}RE2H-4YXOOHNb z`-Ks4CDD*7WVS71b&of8n#RJeadpn&1~sY;IBs${WTkUTjBmop%9!?EUjCy~#nCrC za*&jW{*(KbbA=!R_}kk#k7@4<_LgaxVCFxv961*WoAzNPk|}@5aZFJN3)yhshMTBp z%Q1{Yvyo-W~>I z51vwJVf>dKdEZ|;D{fx-=v#pJm}KNxGZgPs(sA=k4Ki&YM56r2_!M`)Cvs!=hMV)n z2t>^YpdI)sR0M?z%TrPYH`zC@P=LPV)sXHC)#=5<@!?k_qG+h){TSJV(92KhO91f9 zs#jx_9-vrBIIQoEWRCKG`<&Gb;CKT>&31|I$mj7&m{zdx(U*T^Qg`FribF4Ef(-Y+ zm-?%YYP^%QGTZZP;ExC~=5)iJrQ1NSv0ArUY#Dv7!rjdHbMN4z^Xtqd>}i=eg7!O_{%wVS1`Hm3`B{qnAfgF8^(sY8eaKT>?3$M&Fe=_fe8<ls_|`DT2LaW_ zKO&=mzZK_f2-B@IN4)31uf31Pj)$`m9&CIAAf=%8RO8%*XOePaUK5~gYF!1|eI}4{ zH;w_$EejPg>eKlNyQbRqblYp!lX9vG6gshDsT@C159OiFwIg@w?LN`HD`l_6C<&Xg zct0FsSO#onXu(b!U3~uyARI5B5v2`9|GCA1XP`C9KJev{n(j^<_^RqVpf)p|AN%kk zam-%35w}B<(g?O5|1IEeJNOBu4}AnbqIaGaH36#Et&lBX*C%V&9-0pT%kA7Sl7s&| z_Qb&`=C-#|LN2>hj)dA>0ot^eR?mk*wIc@~!pUf%5&;-B0K8WI7mmoM)B z2ehZzPeJ^mH0?asvshtyuIuwas|3m`T7M+xPxda6>o%1eqQw8A>jASCJI`^sA#d@@ z6>KU<{#RZ7Y~bxmr;SxcLnTXvtG^JxVVscWNaN?DEAOv~C6B`)4%QKTH-5oOMaTkA z`|q7%NacR@F02JAD$)yt|7NelE%G^jZ20;6fqoY&!8yl>SN~Bc8+pn| zUys73p-VM^Pr$vZs3#-SAGE&5KGX+ivJhFFXf0APN@$2cy;A;N=03^ zKLr4rw_7pM$-5Dt4S)1Bji{-_n}%gX^6``R7Qc#qdtdig6y)@&eDrbvrQ<&UC}6@6 z{wmiDg#ik4k+pKBKQn*sEtlCJ#V@xOYWzJL__;RWNIC@7r1F4xkl18=zNnWybU3zQ@GDn>xn0m9CSkQnBB#*orBSWYeSH|lH-}0D87H8 zw8ObvgSdX2b|cmVjICG9>t~CN+I*4XjeakU*X&^7H1%5~XuA7g(@&>mp)z@aM9+QDJ(%EN%TePh!MkmL}+!87A*zB<%!`F-QJ6I|Yz18ypX4P&3Hdfq;Y zj=nAm7VB>SdAa_JgHlPJ4zl|xj=HPH0kuu^@q4!ud=6}{de#IebdD!NRR=VweRe_( z|L@n9UwMOxKs?-+1L~-J=BMAlj5nzKuJ{r4V03&w;`_z_V6!yX_LTc-qPUQ=*c*-g zV|*Zwu$8z47+G7X?#e*v8WBE*K!C#r9he4i<->a{H=E@{UXzK7YVjZHtP5}NxU4NW zu_acneaPe7{GXez7uHFUDrLyw0-`TgGFr!hH*zm0Tg0XH60+%kufmnWmuMbj@6Cd8 z;t>he@Cfiinl5SXBYtmU?ACapQI4;k)&auj^Pk1Tm&fhs2kroU@7v`@V8ltaY3|_r z3D9zmCbf+%`Gwm);&Kpvylp-ay>GD5Z#=z9S%{{=W($h)SX1~PqWnf?oCNCcq<2H! zH*SAIpF|}twr&w%zdutAB>~?4l1#gBrRRL|X7W`@TK%&zQ$_$*ycOZ6KVB!3Ja=Id z2@}1Dz-AY2^h@(RnM6dt5!_f8hg}Q`R?U=ky1%=&SgZc?kD}}+^g%?F4#|C?CqnLP zNkn>b=!KnsP&yMOfT0pS^v+~T;AAQvnSH{3Wi>6D{>MQ3{;z$$x&HPm$UJWLEOhPV z{E7F74!+HU7X?%LG5H;;Im>72JzpIrv3?*Ay8TOOX4)cz;_=r6E|}Y``9+upYKR!o(N@9E zm{(w{x%Ku>&k#qxM%^n9{%AN`nUmd6J`!ID@E&X)SX0_D_G)J?<%bh~d=!|lZOZh0 z?#0RA8C1P{Y6v`cJ607iM`34{2=NjbBoGJWDUAZG!gw`0`MdHX@3y5YJ9 z|5G#;oWlsQpnp+)4kpEPCAe^zC6Q}l05=CD4 zwt=kIpF++|%C*0%TA&ZLYW)5_JzYx#B0I5srLs+JGo3jytDP?TiH^tBZz%)BO0TSQ z=9oe=HLrP~al_6fU>OCV7>XkH2|&#e7zCP+v8P|szGKu=HP_W07#cse+>1HEUPT1p zhO%?|_bT7q(O-4o;1_a_QA5n#0wmqh;?Jwt4`Xz|+zpexei59gA^-Kgv$-%P9zIKOK*@P4dtv|BAA22v}Nvt!X zKaZb|I}8_NfkCbw!74cF_U>PNso~+FPB8t;_D&W&=&eu8($m>h=8pE7XU*dPVdAQO zpa&==71chlC7**XU!3qme4P4C6l1j-`+|2{%D%g`g6F|hKUV))2upk*AeI13-t`!S z+f6XM)v)rcqQ^`Z< zizBhTS;h35yMv21t2yHIpFVvmKh3$+G}ijiQv?9Qe?3twrPStnu*alJKw-@Cj8Dq$ zLO8&?l_FKQx+R1an%J@jb=Z0%WtwO7npmNEBkB4JB{2~Y3$POP+=Z)s!5+{9IsY|t z(SI8(%_V>3VSoE7A%7YxrAQ!<&Nls95G+#`cTv7+79nr|*pyO0uP~#a274pmASrL8 zM0{pIe82&lN6l6av=!wOens{W&3K4 zXK?qBF7WRwDaH3szpxZ4Mi1_P5dFZJ9Bn`LsrUrplvm*$oCgZEkh6VT)9OZ8C-?rt z#^&8>GIr+Ju?QBobRR63$P{&k40ns#{zIl#G?)pv{ES5)OTRzQp=zS-eNdZT|J##1*sU;!J&AU zzZex)Erc#^!N+T>6{N-`SlojtT9Bw9JxME~VbabG(n~4fp9iU37MJy0tu$qYbOhn> z4ylKj>g@@Pxaelsr#s0%qg9_9;3FXu22S0w{5JxzItecH*VlBu(LVu>50P3&NLAci zB&LhjrlnNsYSw7znwzgv%IVPFF)$4t2INl25(b!v8t0jwrB!BxxE87VK1e&LGMgPw zl%ZMB{W$G~QrZywkA%qlYjRE13VI7X1&a2}9c}5b=f@18Z-W(ouBHj>^1fKKXm^N%p=_TR$8=eJLk3?N?$K1+pyg|DtSeWp-b zzqLG%4^8uTw_wcJO=Z}+0V;&R&GxnaCOKi2|REc7gEYV4Gndh$#^9$ zQn6Z}P=Ei!N;w(%C;4IE#5OmN9F7JZ{A(HnDr?I^LMh#%&ogvQ1%)Sa2>~F2+uWAV zGrb+Cz*svEcV)*YXiN)yFkPtuB{t|c`t+)w*ajm%g0`Jto+!pk>2{|bIT3CWuIhX! z(7dp{_)SacP;U|(@2O*Vq&Iv>#M40Rt>F8GY zU`W%t8gLq?{;V_)s~WO!dhf&wVoG#etLvv*dbh79VaSQm6N%v1g8PmZBWYW_d`ZVP_k@&Nplt9{=0|s~^c6T$)mLRr ze`AF4=8i?rb4K1UooU76q@#J;dgA@>tZ7<92r0oeM&sgM$T^KT$<)q3N9r5Zn=IS< z9~vC@+W~7M7&a%O+)p$Ud2iAq{%chVm89+VRex|ulKxDGwv+~ir_L;>ax6EJu z-72f&PuCNVyCZ{RfV9aqwaLNd6OHO4H=7{A;95FXDO|El`^+@{Ebrb=t3K%wwc(2?uqi4<&eQMY zYsQVI)2}~l`N_lC4#1T45I))`8kM=B1EiNaz2Q$qu>HvXO~$sSznZQj-;hG?X!*wY`sig&XY7Jg ze|%pcKs{<<`vhC};c?sjM53UIv|DY6cZf3L9fT4mAERSP7M72$9U1fvGuUX>4%)hA z-NA^*^d)A*5kr^qnMQj4*3}(5Hk~*Ji$sW42|(nX3mpe!VI>SU*I+Yv$5Li1ttV?nmd!nRdzlt1dmr6B;(TB}q%W;S}OJygv;?6baXs$U!sJKIVqf8tff*I<5|sDxyzijT zgX5Bxfke|=(R4VFrO-ffZj)#rqRh1LAh)EXrE*a7;VV&qtK&gk^=c27=SbXwS?fgm zJw4F9!NX~AM&1%P-)+$*`!1(ce?Rcuv!BI08K#Q=|@R{01(yg35 zSthqZnUUG0G078$ccZ+{sODD$T?Ez1^*wzLONoy7YE(QTZUgFJXqs*tR%RhO>=XuX9 zOdL9SDFL9A^(UVca0=d9P+!SW>C(Kfy7eG6)RNmk_>#V$-Ohx~>Qgse5cJ!tB7OGq zQcM(>PxjkiWI#CuP1CVUkOxYld62w#Pe9^7^H`%OhW0)dKc~MFYYayF<{Zk<&2B48 z;^I@!k#3V-lXg3LX`^2VxBif<5J%CGEV=@qf(%!t!G=o){GC^Vw89S$LE-0@f9N?5 zkhTn6YyfX}b~_;VyCXo;_G>1=EowJDtMW*=OtsYS!s5X2W!ces_=qw7>(~3s2~)mI zxcO<>qk!bZWWmm-5k4tzKGtl0dvXCbHH~?ZTwG-OJZTvdeNs*GIN1wkm5q%JGF|fh zC3|5;0L+4>=mdd!Dq^!LCc;!gz!}zebPqp?A6Ciqo&RAW9{SDOy_iKDirY}MdDpwH zr8Tu$SGB@+@!kAUyenmQ78%0+r+h1H>!RY!{H+7dUXH<*9J+H|&T{NpE;c_-(~S8= z_v>5{?kNfJ1JkOhv};SJttq8l&nabk=wbFjH@3y0bKo)6VEx3CQJfc54Fw&d@B4(4U9ld->^Y#I2xx}o@4;`NEnnx~boVlkV z*0@q~!wmCD+kAP#Q64>Xj&xxL#&*8)N~(@|bPW0<3qgf0mx&YM_k$LA}7NZL80=`_&qa{SAf4wKL8a4AJT`CW#-bIY+ztq zC<3(^aTaEqD?JpSjNsg6Yx*GIDaIBi>n5o;vmXu&7_o(+y72NOwLUwBP^OAp``F29 zOTQ>S)CY=IWpd*yrO5Z>ypX4dm4m33>Cf@`JI0|S6T{XVl-M>4%Z7zwbS{%deG%cP zFhY!nno0J6axFOf@d#NZ`hYx@VFlxnX5|dvgiAwFH$jE-_28!aobA2an?C#H zRu|8+Fq;vxnR-cj!bB3b?5}*!nAEwC$k&;vm5+r^pqjM<6tFLFyxUMMv8|?pd;sV) z&JX0C@#IYQl;km-wOy7EGe#FZ&F0x+n?R;K^}_z-f^HHFBfHe}#=+Sk{crNg#$7*E zIC23q^8%zSuQA(;sYp7)_;&B6S>Y`j`Ug3fX8}528$0#s)VgHDp);Dxkmie0k6G!8 z3hJcIpHfE(H9O2zKf==G!GdqAcFCnENJ|D{3_5^ZRZpKiD0)`-eD$k$bHa;}+yb-? ztZj>~q1fh$++iiNy^A6+oTc3UWob_tv{(;k#7ag$t8OQ*?Y;BX1Gcwy$QkSne!xAc z%Ojb}M4w-`h9s9Rn0yxp{iV#X@xgEr@lZEKS-ycHeDh;gqU1|K7n`IJ5vGzMNGTIS z$~8($5PkS1yQ%QE57X@BGx7slmrh3HyI;;^p{2L#@pEo{js4J0TYm_9xU6ZmDyoQHpdy@a=&~<@oULW zsOV0yN5fp;5KGxMPseo0EjNU>V-M2WoGUJ1TZI8(T5wh`{=@4{(Oyp1%t|p?N(yFu zimA^%_b2N^3D5q{lScT5&E9R!FGq;oPxj8#K>e!#e*BM9{amh{d9P*4bM=8_*$&Zf zMMX4S+aUV8#0Iz^j3LY-Gj*ud3nLxMj^3Vm#wDrf1%KUK^f1SqO zOEcJ}9Tz~*I}V<%W@&bAL!+N|Ue`kiDifW-6R4kqPLMz@QcH@omD3N~lV&qhFNGg^ zFCZ&sfmHcDqX@(vvG}%4RPMKRlLw5+b z$0Js;W|Wl%uCFq5X=qTUQ>JU4Td#JJ?hJb!rY_&%G1LS)%{vm;?~6n&t8^qm2Q7oK zGmU|5ySJEbZut?|wE64Kjn{WNn6kHsEvrKutt`_DVq4Slw>60{2+v>go}C^wEP!L1 zyNOX>zlPP(QYv%w($TH+?{qerqcPV2xvfFiEyDEWj2b=Uk^H-CElXu{N>h-Z#q*GH zFxf+I99%Y0o-xibLw$Yo)!DIs$pu7VHIqfa7?yjC^njNPIxj8riZ&xGTwKkom}N;1_4rVvYe?7>gcC?~Yk z|13IFNvkb(fjUqhfxS`{`YdhLktOyINK;;=O(7UMpl65B{Vz*sE|aOJu{);5(|6uB zPY9y4J=oyb;04Go_$cgPTz%IM-7Dg{7)IQ5qZ5dk3rfDguCamT$od^gC~`ny76=^O z_rxK)qhV50%62RWeq%_wI5G4m?)9x?JplZ?loi$ zzGr#c_59b@D8Gsu49~-;3W>%db(|@dr-KHWPl#%TUA>+;ofS(rT`7WC)Ya_ddJGQx z)AsvIy?qS0^bq?OyUZ>To%VQh$ud&N7YOwG5xgvi2))AA*{!i(PfP1&hM5GNUFE}- zywwfe7WRfNNC*W|O`g&QFIjFkRW#@$c33tpwk`HmY6gpK6BK&M@5Ec8yeQXe6oYJg z=+eDpBQ_i;bbycHunfJ~J+e=vX!V%B!jo;Wd9k-YArR+KFP*8KE zNE`gaEPdzeNDv<%Y zkYSw}3vi*){bb89?7L#eMbw*)5rPf3m?8*a{A z)2E(w<&}4R(K~zjUvk{q1qu^tn6axV~><- z>s2+f=x)KJVPIh665 zFycnmlPAydcO^+orBw0D?Zi2jYEO?BkVS?@u5Oqv`n`*V37iNwR!+;qoUf$49xH7@ z7f0)zE!}-ATV?d*u&jWS?4?|QYid#M>}Wq!-@@>%OU~p)tx8B(CgFvSe^{~S5s}na z*2V6iJRf-R1$XD{$l__ikGxOI7enq3Q(v9&|FrPXiTIM!Fwebk$wF<8h~jd8i^?-< z=T|o=rvTq~2zrX`e@Z@8vtYJiPIPw|YI|Dxr&(*(8yzftN)x4rj%Dgfiznz>yOVj7 z2&v7=rQmteyUat&M-P^#2CAIvXmy~rV4GQELSh&~3QKj=NPMh3c!S>e%CJQYf&ce% z{RvX9tOxd4>e9e|Yqn^g0p*0D*ykZYV7(C`Bc?e$k%UKI%{^UNWaB`MLP~GmJ)mnqYIUVik@AM zwr5;6Q09iKeUUVPZML^97(EtN;==&6j+u6oNzwMaS&iE&>Z`^pi7_v3V7fAtjb$o} z`^+~*$Ri}w+(dowaB_A2*~{Y-dT(Dt<^Qf;gNpK*q;kgz`OKeC0Vgu6t*m+JwHiSfJ!n22JXXuBJ9ko zE$SblZf@9rG+eHwf<&ICe_AWF>daRY)W-I!M;7WyfTsz;2eG+nRsN52yW8?;O}&~g z2XJC~b0RLu`F(qZ)JDbV;}0(%49v*h#_IiLC|!DO!HhQcbZZ%CU@sO(5= zZB0{{V}K0Q7~>yy@Jy{9=8X&&eK5AV{PuHn_YtZO!Z^xlA20n|&I%KAe&+ezm)$?~ z4@y&glYLs3F-_9bnsFE8{le_dPCU0x$|$lJiNz$nt0(OG0Ud0uEl$J~OzRQa9-F1< zb1v+<*VLuy4|{&j1MYOsNNM7<4ofV%PJp4F8=_wsrJw?SF;l?HGw6jLJzQ zc+Tm)Ex~PZK2Ok2vK2NzCtpz3^5+y1{r@MAX%%csexg~VclkHTh5dc>B}~h6qm)Co zeCB!uNaeZs%HzFx6hT(abRex?VC+#-7gY4tfwE_NSEI0U2w$+mTxB28mGPF(`8O~6 zYwH7-gPP_mqvPR=f=l3qu@VNKKXtC+s~D@l4#OAMYa?~r{N9NX(T8i!@^%caEav;t zg(Sgzpj{jlJ=}z05QwYtS#na7JtJ~cuixMWSt;T|4~05J7?4g)PWCq;76FEK;2L^n z0Uv{CV3R{@hzc`my~S5<^7AVkAD@M38nB71xfPQi^Y1Q zGXocZ@`Shn%5{_6O%8>f{~03BJ;lQVQzMeY1dGILj#3VLGT$v}@DTO)=!+!hjBn9* zJ^ynoY(6_=dW!RC(&ZL_!HI~SOb|z zUyotlO)AIXN6X&R(C=C3k2vgLJF=V);f?erA7xs>rzuuYHVr>;pS0`*D0t%OEF|+@ z_@NGfnfPpZ<6t>qt(e3{Q+Lbelxg$Vip%fOE8^!_D6t6h9PdcnHaoo(1Q!L4=e?&M z8+;Gu7q6Jzrs8dBX7VgkdPVjQstTYP7w%b% z7uzWmq#3LgjQ)WZH075rEUUGgZoLzyKgO@e~asrwwk;IvxPH}q97 znT(vwyJ2M{N0S6Fab2=7-gkNd!WNu!KHz>_?Tv8z{yGgYSDv_vYC_>K{mYm$VWq_uO>fT@>#FBjgp-{0N|YT`#^; zaE6o+pI|1|UGx=(Ik1%a_Wwxs(d9T%xRHctd&p^_VgMdz%Gmhk3`MLyf{?|SpKQnz zBo+=MCfPLXj0(iR0x(F$QtB+_vpfc;nVnv!MY3WEy(*)$ClNty8LEeWkOA+&R zYf2zut~BpXs*}9}hS{jOEr5y{g?DjKr-g^03)m)#U;km`@^CwdDAftEHX}AR@XFr2 z^y|t(pA>FOb}trM6V8sW$5S17i$#6|WC;Po#|}=%lUnQ@?N$HGyl*V*@%01$jbpT5s}aKwH@2k2|g)ffs8hdmh@Z$#~JM3jrM&U_td=SAi% z2>TatuxE!C2VLZaI=mZ6qNfgH!4>1rBZAN02c-G2U=@vS`6Qs}NUlaJL`5%M$6VD zEcF~o(z_#*X;W}Kd>P#{T=aUR1+{w6GqUgM9@g_&jfm0RJ)>d z&`F7_$(l`GKqqcOi^UlOk8|W~!F7-cEFKk*0QL%Dgx(~3VhHtS=9b^P9Z-PKgrfh$ z5lqu&SQ8q+{0(+-grj~OD{vP_J6=azBTZg{z?ot@hq*JURJ8{37)cmv{^Gi05^F*} zh!se%!t($-i_#>P)~2i8qz0iSS80U8b|k*wy`r>7q|UR%Ym$)Y4br3_SQ6)uOGf}| zDEJrhA~n~?lVr>#@_J*HCK6Qq(ZBZPs*$7p-X5_#MXLHVmG=G(%b2eT5`17lX?UvX z`;RQt2)9xDleUoxgw7E*zKHf0oKJrkIYAsP%b=QN9U8N&J?T{Vc%g6mE48odB-ucj;{ay{Pav0b>&?zOF$Vd=De+7?uet-6%0bxt`y zxmz8FFM&aVkM_aeClva%`f1k8<0$-#cl{M*N^};{jD|@If{t_Q_4~_{QN97HN2B1v z#s`C+n%Lul%V^G_&v-vEH+E_4{mL{8aU{yrwgEhTnPUpvtHcY|Q_-}!{>0Ru0f!UD z(;B*)5?=>Fo3)pMymNS;NU$%+ z(iRZE3HhBK&^>GweTsSl0oh|lxv1q2IYp6=Gqz9 zB$OK|v4!zOQ%vEFq>lGfv2xLjCGMdP8iptrtCl*IAy(vrT?uF^5}b%|+z1+x)puVA zs|1&&G3c!e-bt0CRAi70DKAv-G}*zunGcy~FJs>M64q*t4s(`)qUvmUjgL!=XsFrO zmlF#5{jq9S%Hs;VnMc`4d;4u~WAl@ZD}=E2m9lAIaAvQj$EoVb>%4e3@xwy;)w5N3 z$%uQ#7eU*Kw_Q6EyS39rS%uD2|~!Ku5Y=z3?u&17bZ zf@x9UC5KFb-sJB9xHFZ#Y=(&0zN%;&*P$eFFTqT~3r@IsD+ta)F~wx{#O$CgIz)n5 znhoY<8S~dp9y>Q7dahU^L3!^%O$N=S%~U>=EJO?Ax!PxMkofgD4I{K53|qcr6Noe3 zpdg4Ok68vUEP!*>NC(*)0f{HpQ;{#yg*-z8aw}2|8A1yd%7slA(A6>PO~COMH02F% z6m)ly@)GINi6k2^3(4+x5v-q0R+oXaA{PbcNp4d6Bi!EtGmiiK`p2u_d_~oM4km-< zc7lLgc>bQL%h+^_puV%P(Wf> zH}EvnV1|LiC`WNe>J)q9o>PS;pxPmuql^F~SFK6iVx|(RXGyX`b96~=dD;rz88a_# zF2fg~%omjm*=1>=HO|}L*v^`d8GH&O+0(G%HPNnI)QpPUrAas-y&oitZUEwy-m@H| zm&A>$NexipO^A+^?F`184yryCI=6G+W18otWTV0U@HhJ(9k)LN0fg3|{ThhH1JhZQ z7R0tip=sgt0Pg8i$r-&2N~9Oa^Y}ht93Z$eCAhFs&!w&v9L(L_emJ(Jj*igox%;R$ zbZL{4@H$d(W}hs)yeDyu2V@YnVO)?2z5~!u!{fYHwF=&ChNtYH{_#q1*RWlXec|7+;oymQsH$qh8@p5U@gJGK$?b^B$%%# zxf%zght=03SJPA0V`+&597c<phTERb@ZEe1-UX4CB9^pvtBHM%*75Klm0UHMsz*^ zF7T&1CLjgp7`cu?^cih%sECVgewhRsfsTU47oh#fWpEC-l~gMti=7+{2GCzV{Y>+$O&xhhzFJv=VIvLDb z6|xPmevQw|OX8)9W<%Z-DJ^-F@C$)DwoF}TmL#hZN;6r#mP7kw38W7G@}Gc~vGL4G zX_trBWuf(uY%Y>l?aMkbX4?^dM=?qs6gVLRCHk{l7jkt;YgJqbTRo^^Njt_1nRrJW z{*L@m(*7KH4$wM7HHUv_#Okei)j+D1@ca=zo=vWVrBk(wfEG)Ja^K}LDdSqz~*%Rqvt|#bY(yIMjKD<*kKSO!OQHZJV)B;EMl1_n&0$sGuQ;#x0dpw@aH;}V# zDB_t5Y9zl@W!QyOf4%X0%Ij(9*3oVG$m{!?SxzaH@E06pD__PG2htw6EUg7iCRzVN z@O?0EHO>9oa5g;9g7g6xG+>m_Xv=aUo2!tIClCongCz{zNwA1iZ=2iML_Q|<+EsP~ zuPUvXwxH?-T+8aezRwQKm79$wOqQ4P7EjK?*Sl#dN#=VP6d~<=8cuzHkSo4?S0pK_ zf{ukQguH}cgo?4+WH4cu>)NEVmwBe%SzbW)0!s6BD^ftsQwVU3<71JY`c!Gfjj1qp zW>Ffb!2Bk7!7kgDpn*G+qeJAV41kO=UGks~4v@vMkxpoU;|%ZUl8vBLY@bR}2qQjP zd0OM+2M~lT@S~yq@mwEuE}G!BmIVwXo9|$mrZ8^e0$Iet?6wIh@iAh?1hT(*p|_gq zhYM3^07pp=<`Cv6Ml>ZeUR$2w$t+@#;N%_BL6fWCG75`mLINmTHqKtUAQKa_Ya6ct zv`EKO%~}Ga$K$(AgeDKauye8E<67Y1f#jk=PDLF^4N5r2T$UbeWUQ~)AI%d}g!JK8P+QqlTJl(98wn_;p_kZ}%Q13!3K-mv;d zVpDtrXvpr|Etw==6G`WE_?MybI?PYUXHXg{b73Qt3uR$OU%%u6vU~-r@AJ3-X&{HI z2BoRd(?6LI)G&Z!VyZywxuYXk;e((weK-M|`U|#d&zmj~(5&r9og+beCZrhK=ytAx zxa%epCw{&c4*9GjpF!9|uB8=&6Ui~&H=n}=Sq@FuK_7-0%fUcNQYmW-56T4Wj=PtiQ`io_Hmv};P3W%>pi9RQDHEy)GI({W{_T|VFa;rW-#<@tP^@Av!lc6%(uV0H4vPL7>&$Qn%t$j>40MF4P91qkAX z@DkHJ*^T=6AiTDOZ$x94!^OJGO*~Kn`*^$-rxG%scN3Cx$y#Q6_#VwZ z8PTWS&cpCR@S+q5*{!pwW_0`z8&9)>XfZno^f1r>-+?P*QIcbE;82h$kR5X9l9ip` zWzHIth$pB8iw{>)K&GZsROM54PIWhEekD`1dpr})*no7a;h!5x`S}~64`IUB#oKGs7=hY8Ek?HV(^|@zTMGqWeJwwB-p+H zoOYfN$^V8iq3wdP<5Q@rVgG|uP+DvOls!4e40CYF3FVl7>LpILHyRc{Y@>yIvPBFP zco8!{KT@CIutcjKMesGFbd?OAcV@)UfTiG;?2OhM&H zr8b6a$q+sK0jF2d`fne?Tdqcn^uaDm^1$Ru0`s|ydVrOKGiz!@yoV-0#PHM+-WSzS z{yYA5TStnW&+}JbP{_WBOKQ8(^f!)T2j#~#qa#6?U6bdCET_C9GOBs1bOi)#w8N!l zRuUZ?+wU+?&^xk)gdS3Z9REPv$wguGGHGH30&p}K88U-Z!OQEr@Gyz#*5`o4fGmg5 zk>@G#QNpoMUanY!@-zyVDvpq&JAdDtn#-kS=wtxlZvPIG1e%kxQ5Ymb+3=v|BP&|k z!1EC9q4J{%?O~t{YJLk_468kc9`n({h_sXO<1lLW^n-zuK3Q`;hqAWQd2(< zolJH(ILOfkJr~9>JVC!pQ@xBY!t5>UOHLBk0_Bl%7s=sHY9y;PH=#sM+6UtOy~MND zG8}bgpp;#zDDo@lgjM18ibpE)-+xNjVDC|^b+sZGEiw$t;kl`6PNR9@#$D_V&Mb7( zJ)IiX*C|rL(zW*GI*kf_hv%aC2zFH6t>m|y-^G+_js8yslx0R?iQ-&l7Hon+=JJLi_n-FhHPEdC7@O!)LBqSQsAxR@A{QaPcqW`Ak27n-u zDUPbpU{=A1AZikbP*znr2;(GeqU3+y{WcC@ zjxq5&i}g@LO;!F?_OfCy&lA+OF=K+{D?0{G0sly%Y73kppHZk!h?C)cwr`XLT;_62 zgM{h)%Sax<(@CWq7eemhma`9+FkK>$UpU#GxLZhV`-4ga@mg3BRP9+#o2jXfqcu6U zHyV%n2D{qMh&SMKG^Sn9gf|dIo3dUO@VP7l`?vd%26ZLold5o{u@TI|#*!i)sp163 z<>@zs57a>P%zLwcW~alh1MKC@J!AEyXCq!*>}UflfH157*>e8i4$wUKhbQF_K}LUy zW0%Afk#A8rLr}h1aZ&m%>S>v(P`OI5stoU_ilM{=a$s6j2~^zHWJVPQBYpyB&vBzX z@U$PbuxV+%26f+|mGmJrx%*TuG`%FMTzs4`+1i{}iNe$+4beKBU+!OPp9xPtEST_D7$6Ro>S%$CD)4fbu z@r@WA}P>;-GUcQ z!GzPCDBfZ|Wrwx+j20k0+|2L8iZ#R`eR+S~kNXZnreU|9#nyJ@5r#8TOpxsd&;8)A zLhaIMHgK2YrMC!c)OPg|^{oQ!yb8)H&NaBoy2jDYB5P&ji`9o#;`gSX}hiFx+}f;Mz1&2U0ACc z#FI@qXZp6;yTIFSbG`RL)s9gN7gvx0hl&Qm4DHCifb)U0A+7|CiDv~PxI9Oh0`&a% zT~y130d##%`TpoO-K27QfQ}T}=kZ*LFEz0Osr1c3&|m%dTEW;s$MbX%NAZ4Ikhbqv=CMqv2eYjpA#}`8_fC z^onF;maL6dt|2Lm)~FMm-%mgQ>K!df0e{6GUJwKj9#81EVMKjp+z3egxBIpTNPjFZ zoFba9UN(|mK?%LOv$UX$CY8U8*0q4AgfU%sRI*vdpGACQ>49Ba^N4Jwd*n3zY6ET0 zuFe^v;LKo-EraiT5M&n00cC@l4=QX0VWWJD3>GQ79ylmAymsG4(47K@ zhT{;v6QTrEWnW$L^-`uTdvqi(5l?ie633vNuEitROy}GQuOuS-_b0iIJcw#W3+}e2 z#T$Zu!SFTp;9fl>!-nZBC_mQL)m6!m7{KF6hfDA|2Da6mUx}Su5zz?wULL#jWpFe~ z9;8KQ;*#bgnv?4J*H+QzK>catcP{%{@KLtQ{!;HUm@Xxt%JW2aDj$pR(4n|YIjV*P z@%UpqE64#GQ1fjZ>9k79&J2i>?n+`D83W1#SqTRPvDmvh$>ND4cY7uxO2(yh0P-r6 zXX7tlK8L9dEo{R`5bRNT9b$XPZ5P|k#;^$5k~GOvsqVFFez0fY3kgDaj7iiT{)5Tg z+K~h^qL(1X%BL552Xk>!%|VW2fNQ(aUlBEbkf)14P3i>3^5Q*U`@!GfUTjgy-o+XV z1^lI@qSv10Uo)|-FXoaK9cxw9Owl*zB@fX5*cFZ(#s`GfKrDPhG?RN*EEC;*^O#JM z$v@Ozx%PjB>HT-5vVFrQ%_41heJxK=vf(?dsJ!^ax^c6Yf zZlTn0dqM6d?Tvr1tOBRxGXbN|G5f3lmM2bPgAB`=c8#(eCI|594lkX~lQb{ugQ6^U zm}<1ROh{P1*f9s4G=mTAa-&K;f);(*B`al%?V(4skt!zR0HMmiCR`ZsS$F2! zRbp|C>L8~ScdNV!`sKVYX3r%zogJAL1p=1rWe#nn#!Ht~c`VP<_@!YFRwRCGi@*72 zvwE#uGTp%>-Z|pKdk`59Z2RxQbA>ra!Lkb4oM-%#r^r9=W*why?JBq;Aw)|>q}6i< zvvz1@7;XMZnrC9xN`dEIbT(MUq?^mogoJw`Xf5~QLSp-Q#vo^40y+Mq%;Ylmsz}Rwdl4h(4SLDQtRr`!AMnb%~ReRw;9NXs-2loZNXm1ZPM0! zZw3Bj$*VHGa6L4eB%g(2y(LvAYtpuJWfvDPxVvDtkni}^_GYJIue`3A=i0(?t|K;g z+=4ApXwiv75)|dcU;G)*Ls(zVh$ijNR+YMl_t-k&jli0u^E~!S zz@z`J`XIZ9ymX`cb#Ey27uV+&2VVS+nZYNlnagl2d5KEFf+t@ZBDiePKPJnae;%cA%BR!~i9DBqy%A4=uiOI575L8hVmwN-3 zwD|FUhSH))zKF4sM%5VK7ri27SPjrNJP}?*XEFyCGL3m*#^TSkw@2g;^}J{Q@djM>Oq2^GLyPS+O&0CdM&}Hn3Wx zAmr$hBKchf(-d0OK4ETsPIPx(yH~h*bt#qG!oCX>@#VPYb||p=Dx#!`W?*p)BK`R7 zYLX3uX`}#wBxaMY%b#C5$!&pgT_wr|753h)G=~m_m!R43!-Ng8^n@Svmk0IWAS5o5 z92!~!V#x|szu7a;QJSNA*>btjtCaW*s1NWOGfWSad?0!TKs{V0B4h`1O)Nt$u?Hp# zN3w}IcMMn9hAwT=T@Z|3vkyIzfrTUh+n5)JwUnK|_PW)oWh>OHIozJHXMBPzf~M#5 zCo2#2I3fft6>gHQ4bvg^0%kp*i zVra)ep{#j)uf#`EZuVrJBUWJXdCXT8%;1Whb@q2?g@&3|R3z0*&1Ocx0>^88XJzN0 zl;11CUjn8jV+B#tNyra+!zWiuDJ#p4;l++(Bn(JeWQ8$)Z0>iFCwRR4|Ae}_{}bwB z9$TK(rFNXIwnMcM7(qmUe0zd0LMtQ0M@@-Huoj5T4<`EF7VfPt6LJ}uh?i}EdIaEM zGVtMLAu<-j&4vU}kU+JZ;L4>eZ-n~RDIea<%B$R#87 zQu&HIo7=-K6JJypIKew<$j1&%c(EfY6Cy#|f>{6k@992m(zfHt9=VhDOJ=Dh6ZZAs z_#oXTM^z)JmoTMv`~o;x;eZTS!Ln%$C|*wqdOoby%Y?D1Eql$h&*fCy4jbq|D?1hs z6zMhwjG7w7I;!>Kk$;77qy&|-^|ULNJ)^*MQ$^YNOolH%0zqVZf(B-Rq~nDYsFphm zm3UhDhvoVn(=8^+p6h^i7_xZGc@yz7AZ@Uh<7NhsFEU>RX7h=w}8O67FCJOp#!s2tX!8H2Jg>W#Si)Y^|`e4%QjlI?3XYz z1%AU(W6X~?EaKonc+Tx&F;@A_;%W<3`O|EdDR>$>9~!|oR_16hPS6PhQ-wZMY)ZwA zi5(AKHq|O`CyMy!A6;U?ZDY)HXY?+J_GwJ3keMNN=umBE5c{^~8I#Nmho5d(^sVn( zL-z_*8N-u9)^%o)vSA*e7j3t)bXp4WttYy<%mdE9(+pV!iOP=C37Z$MVu^g9M;bcR zD{SA`$JmQmg<>OiSmF!V?sM0|NXmMkP`U@WmG4Y$vOO~itU+BvKYAKKSkd-0uGd|) z-M?m%T&XRTpy@}1`DIgwUK-YENK;Zrq+Mqsw zl)$U`Ud!zt0J|Uy9cwR{WIUD+YdvEDgO(I9Z}WuCPH|AImMcfjKzf{#9;lvI(^&8c z2nF49wF#P{y6s2=ew&kfvQ?_u|ovN28(M3r3t z?-#VG?QB6h0zk+WRbQsX{PQDU`;6Cy-I>+OVPSXjv2PRE+D|L0zUXQX6;MUHLgw&c z5z^MD5A9pxwaT$7koou6`9Q#@O6B1wpjP$<I5APRP- zgW&?`B@M=(2g?`#8Vg0N+%w?#$Z(PbN* zNHP;p4Eh^-!g1sYTj!rCaK!i>emu{S{GxPw?96l*K$_flg3`}};ON6gTQ;dOuQHHs zVW1^chym@x{OR3Pboda8H1wn4}j6}m;aFD-$+KJ5S=#>iMm#ZS|n;df~^xElkE zARCBs5?n#s!J_$jwF<<3-Fm7a_B7o|SCIRCV0k;Gr>B%1vG_o7I&7#Nb#1nyAM zKgey;gC|Ji*l|0WAwp^!j){!7Fp+6eH#REu=+Mc0KHgx-*37u(HC-6LrR&h?l zl=M<4rKjBetGnu5&J|E-3Md&5u|Sq2GYg&s_E__&t%*Ki{|=3rwt;{DywNmFvd#^N zvQ1&lpIEZS{sFR;){GhLhgU$$k>QjizUBSLc##Dt`-Ju)lQbZ8c6{G-ES;S_M1^963c1AX2NWbXO#Qe?MZ<{{f z$fPCg@LnS5)tec{MC%;ZA=?8YQz|B%ec95LB$GJ(p3h*K@vt}K_|LMRE$Ggo^Zq^7 zT1*CHijb0U-cl9C3+Ff_tp)f+%9RuZjirj}CH-t5M~SI;G4AgSSi-Z1&U~FxyU;Jy zI4Y2n>8hwZJ#$U+~tCos(+k#Ayd}qY9O1awerJ=-;wv9*75G9BJkQhJWGYa5R zCOolyHgrUlNeknw2PKtnuZO;)u=0PSRZ2%iH<#zr*$e$EMlOOGTzZM}VmQCiu(gH# zL&AIJP1Xg(}m-X88VzX>N;orVa zcWdkVhTn05Kg+@ah=@C=3=+?S+zp5Sy!J(Xw+Sj_oZt;9g7ih$upulgOUQ24&n6 z+n0?u!q{SGJbyMU;T;p>#vg8Yr*V07&-*;twuySnLMw}4*kq@Fk5V6i(4yeGIxQe) z@Q)a6OUHI{wE5Rqkw0GM1H-lD$bWU(e+}G4IEDSb_4!pGfRYXQ8(*B}c#G+oKn5M5 z?ebcm7Q&9Vs_g2iTsS)O@0W)@XvY{Sv{FI^i1KfAQx=?HLwMXA!Xy!lOF zt;if0>pj(Cg2<%q&R2vZgC))7Ev;1$CxhWE1-49dHfndHL`w@denlq(G~DeLF&1dT zzW>bn|9k-Y`$IRqTR}!Z()OMO9FLn-KotX#S{ZNzy(!24*Bb+wN<6JGIadzjB>`6F ziy>ad5?J)T0VJ*MOO>fmV}9>Wun>;}V5$v*!Cc8oaSS>cDJzDQFECsGgXVI(Ep&)0 zt6tq|THQ7JzpaMy+&5!|fVYDy{CQO*k*1pF1f@CImF?D;Js9|dK#mUo@6`P70r@+C zH3(vzBo9cB28CcX8Ip)uiDRdjL{9~NM`j71egVHpL2So13 zW2`{8uz2C~rYyk71;>FLSXC>^qrV)z+mjEac?>#;1$&fFW!wsonFW(i5E+%NwXnMR z>&a!I%ia!INv@(l;=Ji|#yb^D5)6Moz$chty-=>dXU!5}Q?}X1>ELfN4UH=gaYj@m zDVu(h2{}3)`yPn>Rx09KDuv9P5)Li+f$yAwa(DvE@TX)B!_x2a(Bzm3OYVJMisZW> zd!^P|5)rB+ruRQKWHzQ!wQ@$E1ZDcQi;|i9aL<&9F~h^-HWTBHtcjb0jyDUYj7*bw z=dD2!DqU~c&VN#p;j$tcL=Ztt`2eW+r>(|Y9zw*#8Jks&zac8se&wT^m}6oy@3=W? zjstfIa2QB05}Wh_AmLIXO^_~=5e3n@DY~x+qLv0mw2pjJEbN3w8c*%n3z6f>=(j#G zJ!^A7Dt|GOuhvV!ubSPwf)o6dv-}MwjV1AfORyz7ED-E+Vq#ajC%b39!lI#bss&uJ zNE~n5ZOK!RZ2wIIq*%o6*(<(~0oE4C9a`Aa-mQcwC_lyjH#Pt-GJ-HtX~}*%tV_F< zAB$&tjL(~C&z&@0l9%|@i);3wTz9C7MQbJ-SIwhIbPvym+^MfD_mvUb#Xxb6+9{r< zgR(hdlOk}LH|?e61;_|=Rb|E?uK6{B2401fv9(tiiBH4P7$NZ%K1woLu!{Tl zpW9K{=;z+R*fLfnvZ4;Kyki1<3T$=QSL|#V?!-P789j?@f6W;K7)4Meqb2vZxKS3? zQg(}za7o#rp`W{@1NxQ$Dc3{FKKMX?&VsEx)$w(JVa(R|%6I}J^Om0IA6$xw?p(T#C_Ank8Z+gyP&k}lm%VA z3x#cc#S>6~%w9C>Y;;k#Oc=kCO>xk${1S1Hwe0q`1m*1>nU%pZy;LsG-tXqChYhL> zftOQg=H&71G@w`r^{u%HqXvaRG^Vd;p>=iQHiRi?^ercq+lD>z0N*gL?UNJa%lx_L zYhf(U7aZ2F)0zp^$r#l~0a*Mra7XA|z?4quDM>P%<^~^0Gz0L!J;K;EZcjug@ogl{kk#?w);Y;F#{NprtbI>X0-te_-f0##ZO| zDZZN>Qko;OjHuEx=kD)vwE_x(d_d!2!MbzZr}6K2TU3`wD<4Xv&DZ}xmqfH@b$N1? z8)<&}0|O$-cP)GKqX9)5UV)c5B%k^aT}7dyx6JC8)~I7!)r8(fu>78@Z9FGO(Oa+Q zQ!9C4#mcFt=IjJuG5vN;K-K=!KJPUaG}kgF%Ya7Cl`uI>lY+3ehH`(EWiN49HpYn6 zft33U#I`Lm|w12?ql1MD3-ChhZ`xA9Gigz`pS zggSxFlkeJN^*4eMc-%mhTJH1yF2npgU7K}Kun=T~IFE0(xfyr{hRg270R9BI;*cRXH)+8Ip_sn#?%JS zTzc9N&9~d`k}ZcpxWn_Gy`SUL8R zeQdt^K%sm5=iLDp#TR4w?z`FV;&GKCeOU2E4tWZD0vWK%=NSwCuG0sRBlcT-_@{`P6 z2pa3nCsmY$_~OcUEl~BELihtV9cP`uw<$QSiu{r@2TnfHpAJI`;jFdyA+&+=IC1m* z6o_05cy*-8A?(zVj=vg|zudos?sL-D^f zV}9OBkqke7poV=jZkO@D{m^3etQI5!m7vOLgcr*G>ig^|Q%EsS`{fm*)^$I_33S|M zM1fZh*rNioI7pS2mL+3)=`e}MxAU+kKu@-e{wdLHX5kOr7Hn`zS@~m_!D??YVt^U* z5${JCZC!F_Duq0w+8;2=&Hxx{VihIyliByWAz}X*%d88;Vav;5f?PSVYZqKw@(0_n zRwGDuT522RJtA3Nh)-LeAtsHh6DsD3gP~s_(YV*w^$fv$ZHa=wBW$LP@ye=!Xlw>t zaZ+NT+2qpCM?39_;t?3uuKDb1cp%g72OU$}ebckufdvgHfCL_Vv%;{?99gZbA3Qoz zR=#1p$>pP%sxfMRz=%aN6Z?E_XUwr+&d^|pEeJN@i{5!~}D>`Pvv`rwBUgdMe5gUA^y5KQ`OxradWzRn?jA2Z6cnBnmB?b%hW z&Y~KBG>r-N5{hrqS+W~o1)>eWxvv>6z9F!EXZ6Day#e=%*Vg%AWi%=r1m4>###Qon zoiTcM0Y8!rYFq><;k@nf3wi51^wk>i})Zd^1*KKU^60q9EwHTNOV)U`E<$;_! z<n*>}Jkx}IDLAD3;p553zvC@Z|s#_3YF@pnR@yP$PZo29KoqACzZ018f2Dm?%Y z(zyZU{oxU93&sHHCQ!JW-+TrzauoOe%)0Lrx~<0VczR3=Zy&3o4W|K(@3NOxX9A@A zemP|`&A&?m=18L1kC%+WUr@#>Z^8^j**J~u;DFOuO)K7)f>N;#&Qh_tP$U7;h$sEGcxhi9i8pRGC?akPs@&j!{LhXS?} zWEWWT81VR&qT8O?(uO}dLHjm;zN3XbBt_94scyvRlc{5$Y-8}TjwjVtZ$@VSQQPsS z^DJTsT9_*jtv;_+OrO#i-pRgriy$U_KEI8_v;yeJPfMqB@k7Q1nHJfg$E{YhOuTA4 z{m`k`xvNdznaBN&JI4M$0Uz#v0zUF9%d64ci?;np8rYgo3X(%fy<3SeEWASL}6oukSh+ZF_U}U%YS7iJs`$&c)r|o=N>V zOAyBTwV7ZLY;|YnzV?=5?6XyDrB=7e9Rl8>J2YP{lK>tmF8EJ5tZC#M!#PBdLsS?6pGs*PMRSIXvW25P*L1@yrDO zBcbv)+JCrl1roQmD4erl-aY&#`MdY1(vmVW@fwiyRIN65FVE*&sKxSJ=$m3}ki-3J zb$*tIu}N7ixc3_4D!nR?pEwi4W8|Ge=7G-8 zKq(&#ZSr=D?gYbQ`^)`AT@%0wzn0EUt!3PA$9TMlZ7sT&-#T}s%PDz`z;MKD?T|PB z*-}qJ>oFI-1%K4%cV77Dzu+=t{32;xQ*XtlA;?&&=WxT*asHy&jJ(9oRS^CvC_da5 zbfB}Nczd@)N4W9vVb?AM?iz2owNETJbb0Z_I9MbeAKID+`3S5X^4vo*m)p-Z#_cvn z{+G4{UY{3wU`Z$EEJT7?DH6@=*Nql34OpPtU(~vw-_W(QDMvhc2Oy1i zOE_emg52jDf-GgzTJico&)76Xj`HIwtO4DBz_!l>4o$aPDdi+$MGN!$FQqehMNE3}Y=} z{T0AUz~iCcdgj-GeL14D_NC1QX9Ht~OWHaP_Qh1If(xv#LOcy}cd3W(w>^5MEwKFF zD?8>h=D&@ep(6jdB2@rebOS{U%5YlY0G(>b*G-N{Iqe!lUSwf5ve|IEJtTnW!5&E^ zRgV@xUqP18!GB%_O|l)u1f_psJF+YhGdicNkF~JLSvUQhbYD6qaTEpe;7a)0o}`L4 zSqNLI;a~vIeE5-(9JV$mf;I`V%N}01U?j^93f7txZ(5Uu)_Q=(!~~+wdMPbDDB&6! z;#;d(e4zT5`e5N3;oWn&JZYH*?GpgM7!^&}p8EjI%Y;b}iKE6_?fmqXO=grsWa()V zgIBw31qm3*U71joc|B4P`2&1|qt?IQ)*~|%AE41H0(9?pC$fuVa|yn(!OMkT07p3b zoxi;lX0@E4yd}%?$~`moTLAd*Mx$HzN_Xs9soIB`9J5XKepq_SXkG~MN;_<&`%0@T zer*&a7P4klKeJz#&wEh)!0p9YD( zS65j2^_g{8JO|U87hgxk zI^H@h#dmdb$D5J1XHRk`Ce)N%ZlhA5Z&QJO_ zrT6_x;I5i9(`)W!C0LmOwAp>+*cN(ItUD!Ec-U-`G3Z}KMswd*Pl|lfd>oQ( zM{{6f;I9^=O&QEOL{+5rBG0{<3~<<(C2*E)Vm#my8YV@~)P8>X(NTlXU-V z&Psq^x1^o-Iu3fcrTIR*0bO$JBbKL9HI6q~UWv3=m%iqf{+ah?!GuO}9xdxI%$t*!PO!%G6&1j1O%`Zmi&?=2`9!BD`=zE^#WKPW$0i zt#bS^IndfL`M$A9WM>#zjcG`W8C|>`b2B0wsOJoug^Uj0H<-BA6CDi;b5mQWYqFD$ zm)`&TogjZq#+P)u1}YC=>{dtf>=KcZd21^MY#op#g=R3G85jy{4)a(s5_{P0>1*_n zoUIj__hxmemM`Aq&Pw}eeuWL4-Nsfi61986*`2z1M6Z@}kL zl=DcW4R>;PDW~jG6xS9%{?L@S{(MQ*Ar;jp$pJh<-Y9$vW%Fm$XO|t{2?Mf^XPvq)hLXNlA(T={5==XOCVdHl=vyUxz;EtXKU1sqoC#*JD^bzR>L!Pv2 zSy>0f*84Q7!{+#O66o1{7bcF1mUcUYh_bca`Zc^d}=@FV?IwxRctDG0Me_8jf ztgy7f$6G5ab#e_?h~3%qz3j$xvM71JM~*z_*&s7ootxJ!Jh}dzCv8bGiC0b(FjK&Z z7ltcM?`u@=#ojf&4=AUM`0K;ri>S1zm7kb9x{s6B9qnIgR9QE&Klip!$lDV8{$y8& ztZJ`zSKz`Q&OEW8N4%Bi7K2f}FCT5r_*;$~n#9*@rOk6kCevMqUCDGdL;N73%NYJ!F%)a2X?vu)iaia5$`d z^TwH7608hzUE;=mxH^`Ym7wQoaq(`|Yu`sHAec~lG-t130=>3-vZ8To@(#Ffm->|Ejnc}O@U+dm0Vqa0~+ep8eXifxs?S@#s$_KKKuI;(PB-Pn)=G^%Pbvi zX81Y?W6enUXsrwDn+#r9g||ujfU`Kc8jtVbZ^LzC&lGRA4nWJJKk_N75^iq86<;nq zrHOQM#Q!aSa16KTMgv10*GpcvS;l#Mz%v&t_uHMfMyYFRu?w z$AP6IBH}EXzAC^%z)HDg>uZKW+yQGlPD4*AN2={-z(5B>cg$`8W@9k4gNS$JVn+ZNEEl=i3Oo-?kYZ9(B#-d_L zqJYlWX_@LH7*|U>{%q5{$IimNKMaBZ?FzUD{%qcX6)>A$)tBOp?q@^H4)|4PcHF~7 zbiVhc?Fld~n5;(}{bxU$J=ALkfqy#NzgB5gBVnPT(A|3SGjnN=SE4yWxKNH9NlE9x zWGT>$8BoJPm&9~Ub*n*O88!!W>Iw73%C&pxfgNl@!02Tp(9tiVBp-B zKdq|{Ag`-NrE`Ozs)dz13}dC2HWZ)yRV5J1I8E>pa823au=%HvJr65Ii7c!k$M4y& zGsPwF^|qYkF7Err`S}KGzQ>N03|`}|d0XVUZpXUb2l=Z{SqmZ#@rokiIajE}c0d*4g~jUsJ=%YzA(7mSJ7MKk_AsvFqW+4PUSEFwPI_ca zA{?qH^ngn{ZI>thto?l!Hsh(y^MLMbmy4H7+2nQ;YQ6E6c)qoeGv4?nEhKHLEyolJ z8U|UB>BN>>n|)V&&lg5HgwZW(v8FJH`1j;vgG;w}hRa@^Fqzd6wF zsMOA_)(0#m@Cs30E&|Dm6KFw%e7Xy#o5qNvU1@*WvWQlm4K^YIM&Taj4{Nc)B`DH# z<44eAG;e*t0sUX@wsB=q-t^_`c*}3D=B9!!Yuok4cGwt$kZz7V<8)8sg{|P!+l1c* zh&REghb#JhH|;ej!Iq)Doe_Tm(sFOX3N}5=gE{3igy)LQ-*l1Gv^?e8#ufm^P#=8R z)oWZeGx(;({Q82?*XJd`-Cv2h+$*YOrT1!H?H=bBaRe_)$v+;v9L;^zo=izoiGo1^ zWVKH0VC}{wlY(aPn`uoR<(wvK-07xjc6NQsbYtI{@HMdS$2Igf7ZFrqiZANUW^anC@|`{+)M6 zs4LAauDRe3wQw{2k$gUDS^K7-z4fQki_OW@D~ocBs|pLruj&fO#Q_En&+_)lTo2k4 zL}-;z6;*>T@42E234du)il}E#=t*xVeP4{$s0&MGeu?oR4w!=L}LRySltg zDi@VZOn4->9tuKjGB!3}Wi)~~HQ`@4Z>1yii1b(gVo%Y70Qz9p+N(w4F!{di?{>@exHvg63RP|r4u=y>hu z_McB550(M$Oxz=U=Wpf7Hc6em5O$5b?f!*+!c9p>v3h+6u$jU zj2O-?Z+JmzYg_d%81-Ca0`7&aj{jjsEP7v`CLX`J8?#!d?C=BWr=?QPw)rLA57!%g z!FBK6vC2bFgYwC!2Q~C5KUo-sx2&RyJnRH1l0^$BWG9cC2_t4L`=cu~hTo6DD;C4v z==)~jPpkKuLgdyX34rqtwElbp%E4=%JM*wEl$H}u1@2^dOle_0`6?ZygFnOYCHXBc ztmK-gnmMm_Foy8G>uEL9Yo2WSqIh2dwY|+BSK@~KhyPw?Zd>fL;`irk!CI^KVO1vV zbmq01q^V=Uxob~g>dLh#Fu;p%zA^V~Kh^B=HR3%M~TT3|`B zT~n}k^41rtN>$yzXBX1Az+k##A`)FXxiMfF+kQLZ;F`Urp&i$sF=oAORVNo^c1}Uo zbIRB347j+W5H07qJ$qTn;$?v;1|n+7xxX9vyLg6Wp?F7#@5n%tj%8H9oXu&r$q}0; z0xyS?m%hZ3|39wYJ)X%ve*E8gvxCWL%wdy~oaPjA+R#CzQVFRTDvC;l?}K zgRcVjHTmpeKj(yC`_s>*M+}@C9nG%{Upy;t#~EwdYYQVOq==lBxHAWX;Y+)pwt`u~ zFnp6!&o6aIi_07tp6_`!iieMBImwk~e_3!ZrIIi@dHMt!BJy8>JJ`441F3~I^z0Z& z@O%h+F}Jq7TYL265A2dx@)~+9oj5zfyQ3G^S(yMlvR0(^P$g9cR0T!qrdTr}AfFrK zJ6L0MRC;s%I?z8zg{0Jbx|{JHD45`o zaNzS!WAiIn;GuEJ5j<*%{Z=CKcQRU&K{v&kF5+Z#w~GZuPuy6>B=*zl4g2>O>%_nz z0ek4*6dIR*jq5gVHh%KW)3u};VR~lD-n;%%UJ2EiK;G=_@(2sB=w7jeuj99({AdNk zxcaF5@qaL%zy1!Uv|YEZ8%mE~Hu}zbFQX@q#dyM8gx+wy^(px{V2CD<7$4|8# ztQ|N1rm{$HBN68NsDxyqp2zx)P4P>IE6B&M8#0{Uh}Z|Udh(6Kw*PxbM<=rEM>)l8MhW-(?31hVF3SdrVYSQIzA@MLI0>1>!fLG&YonP z$VrcXD>%L#_k`D#>URIft6lI;)l~suX0Bqb;~y6MH)-3};gKFku5qNRZ!IS8O74q< zKa8d$h(ha3&NIKQgr%{LrcKi^>_4o%!bcmklhblgUobVCv&H(P{OT^1-EtSmn@=mRnm31}*kJXJ&0X+?59ZhSQqd zD+Qjnz_+x`lOq%3T{Mze!kaU*+VZPxons3}V3Uu;+?c0J3#QrJQqO-<0>hP|K{fwy>BZ=GM>)Gs6kW^T%`b$$>`3 z>#~}R&vtbE8>>bCop{Ti0ikV!T!z3dU^_4ILmVa!GdmDT91S17Q!bp@OcDmP+)ll{!j&4dIqyskxFM0(!$L0wy6w!JiP9tE z%IhjRg;#hxH9y^Z+4rR5gDXvFjT;JgA=DULa!Yc0>hUH;ln6U%e1n?4x%&G?K*DC5 zZ;UA56HE5QJ}i%SU)MW(A>q`}`c3-RU&H7d*%dqP^&C$Ouze92;L8>gN}6mdY=e-~ z_1}~np5;XHuur};$1<9XNyySX&v-(xk7|{OKk$#IbM4Y;_$|OgPW~$EweYz#=n89z z;Tm+uEX{iT-zlSLAHR$J-4=K?qba_dHArP}Vt}Gekk0$M`bFj=Kr_h+)D!XN@XLaDB!GBtV`j>S?tnJEv$Y)}-vgX>%PJ|7wRFYL=E=vRW1CYk z2gkqeY0C>N07cg7-TrV5%IT}~PH49Iz-W@&H5awKFZ>omAbsXANcaY!*EbnM9i}&N zw1*iaUHKDUzE+XoLdll10=+=IW}Sl|_{QJd2Q_kSZEfcH2kMg=BL7pFn2PBM4CyA2 zdR!;wo2AFur<2Ve=bAG4_!D_0%K-ab85kj_dh2`#H>Z|6>j^-KE3#$)rU0)UCth{q z2XGDAM2$7RhG7+aoH4>oWouC23!NXzOf;VkXRi*&8t#daE@2B!<8^CVmPpTs|(M@1EiWd8@drSMquN?N;XuH?soaw2IX;N6=2wq-Zin%cMGD0Fj$4ANvoG9q?d>4 zkkm_L_E!qJ6wrz-Z`3&n&7p1DUhDM}Us_}BNCT?^J74mwMJ z%`hQJN#U3kQofTSSdeF+SsjqUBH-lJ>88joC5qwOq>pM~C#kVRG&ctXuR&#R*HkXg zHT>f&4TgqDPl{ag!?y;(M@DJowdw2KnDkodUL8>rEJRrd`JEF=oFhYLU{^XA|Et+S z>wlUZH1C*Q)}pr;@jdk0<=c)jV`T>*D=%`0k-CAr0$WHZ?nJ4RgvKE{TZ`;@X-eVd}vYlj|j@AWnBNn3i7BPSRmN~78XlqhEwF9=Q8ST z3vX_ipi49NJUP+;JryZcM>_GnL6B^1w9f=RXWm`MP&&?trzuz^Xr49X&$FQPJF+Ld zOp}q|H)0hKCysYUAK98MrD>)mJ>ROrcn;%v)}Cx+{;owXWf}2YEB@3a=1+HElP?G* zd>Hk%W9-KGB0J^dr++$}z(KKgM*3+wI7E^R9<_ix4KbnMby7fVSktPG?V_wgQaP;XJ=7=qtuu`G7pS00_0hxXUPadaOcLY z+*$aa?ArV332vyIkwj?cI-Fl?NvE68+Xl$~3^(nCXX0%znZgjU22gy9tw_E$8yw0jEeU>e2jl&ld~*oddSN z+*o@*^E79{nkVt%dEe9&>}r?MMB8(9)7)_&bD*m78f9hvYAGu zVpoMNpNFc!05!21SEl{Xj=kEMrk{?^?ec>gCl+0_j}ZOy%!rZ+?22twJ`o~`)Y|hF zo*LSZ5F)=aTSah;>!-*eZI!7w4bEsbIkkBS1!N^%|G}3~d<^tqj|(q{>z{9qMeg<% z+WVuWyGGwJ9kjELrSu)>r~@y2iE1}+~3V}kkzd7(HV zk|JK#2;a@JKiVNagA%K_GQx9|XmcPq8E+IN&3SE^YBZtQ?jyZfnyeEpO!x5f^(~F_ z``NhJ)FQx4%{0k(N7gJeg&%#R5rANbZeeRu$ zkX|O%N@!oek-K^${e;##dnI6@K7rwZyPN2JQF`dt(FhR33yx+JV`L3d$bBF^K8ot5 zALOR!N>)``Nz+hnNfq{g)y_Jj$=aYOVHWRbpjp%z9$p~RogUDHE;}=lA3LmmEFhU4J_Zfque&&HLm{8&XM-o9}9{znZ-7ERb zOSdHurD6Bn4s>P763}PWA;3ff@h~NHZZ?e6_71)Q#>0l)sxx*HX}_9$ct&`V7mMzO zpcGY0dRdHcmn$#_8vs76gr0OZPOqM8`xA6LPqQ8=W^ps}vW_DNWS*axw0kw&c{gmb z85EUg#Uu0bsYFTr1BX`+q9z||q(O~0t)H0Y^cGFijF@zX*u@gi`zoBE#v{LMkVhJk z;F?ewdR#(MyvyO&m>fU|amVJSnfS&cHWz=j#Mj8EBl1yn&m37inf!4%1hi;xER+|5$M zPmvDOxRC?sQtAoB{kp(d1Q386#4lAOnvYx2kiTItPC5^rA#sM8oe>8#(Z&Cq*R=t{ zQ(w8AjSwOhA*BImhP4+oSV(o`=uSisPZ-8z{Om#5&c0X!zcq5ir~dLXHCPZF0vo^p zu)`YX6T9TABN=@)<6v)Wh!6?s$clo=koK!QVa!duLW6E^0gI#29jJYj5#Mv^C#Mto z)}MC$+i6aVMH~OG*P%z555}!V678-cCFr_4Ybp)-&fR*qM$$)2Zl3bF3RG_~?C{~p z7Y?t4EgX5vltajsF^h;Q+9FJ@KG4o`TTb8{5A?{Pi<%)B96*1_YK%6Otb+1t&F?n)I+y$97ICSap| zL`)ZbV51rF@Y>^N)pxFpUli#v=SsDKO|1*`6dK6$;M~_J$l(_gMaL})U9>W+L2t@m zFjE6DSaWmyu!=bRr$Rn@*F8`LfZKb75y^9D9qDJMypu0c*0B^v`P#J%FAg(2wPY(6 z>@#?&d5bo6MgHVIJM=>)W8dPY^dobv41LYl`t>VcPiUY8Ht6OSU@`0WXVv!JGV4UR zM87jYRW1z&N(n^%z*)W(jhNCMQ<9a24AOiRz2LQddJ!nr7tBl$U}8${BjkOOnz$NPOf19ndiW-ZKIs z2#Nd9(Uu4wc!{|xwQl+aIJXUy#kQ@@!u8L!;N}PQAtLTTUo? zQWxu0h7#<*EJg%Dl95cQNC6{AnI30h72gPc7pWHJW=R@k;Mrp~*=xrO(g2w>nMKOE3};xJg!sFk zHsW^T!_)7{ARyrI_#%2ZYY5pp6D6U^Kg2?o!xYDaH^K!iAXBP5+#S~{Ri3<7t$#cb z?l(B^WG45SKtGku-tFxLF1khb7E@XHur&onPI=mS$rA`+JmIVmeJFr&3IdI!UV7Mt zfvYg9A){KSu5?kY8HENErY*{i`YRoraxvPwfhPB9d>N47Q38Q&4`K@4U>~G2Q1)1Y=LrI=~&O#(p(8G)ZIqwO)Q7C0HB>*-~wdd#_b%JnpIdvjQVvwYr(7 zJGntn>_bI7Z}U6}kwKC71p4%`?EtmN<|0-2vZ4}3EP)sS1DJ}K_>A!-O<}4kI zRHR9aV1rSkVp3#?=n>o}89A7?d9;f%d1WqQZ%Esdj875o;zWCgSO=@|_O&fDi?^$7 zt%)f~Xf7mTXxC-iIlyd0>` z*$@hYCM|$#u1NwoK%v3WaKUc4Vtu#9{x{bb943?mkTqp+eF8R%XhaESX=ne!K?It@ zOzVdQ>~9O;0*0vwTjqfpyCw({cj?HV@MVa=PL4n&0QW!l8xtU$fnmeE(~bXGkLnz4 zC5SDGT@XD940Fa^{{%$4^eki+KK?!42q`66S0j1q+<90#leOT$Bfwyi!LApK^o;fW|qe*j2+5Wtac8;uj*(Y#qrar1`=7k4g1XZEr#k` zWs=0(htBnYG0Z>J?=hd0eb=?A~I|x7rB{(zRAe2-}MwpF$U-+^-z}m0)9B zf9(ry)edpu{F-m~Hj(Lq1m&sL#h-PXZr>+=`+UREd)+^3tngx#DWs-TRRPjf1ikln zg0J{#`bZ4QwRh(3*j>Tv=Tuht08X7RPJ>dH58S=m;%eUmxPJWkb9{1gFNid21Yb3R z@J}NLbf%ylLmy|%4obAq3RdLI-NC1f@(g-M8o&AH91FE%q#LqGM%}o+rRBt@j^4B% zVgisX)}Ba13F7I5*`2*Iq#`w2u$wXq57Lb_j$xSRqF)^=AidKgO*V$ifgp;sMT#OV z%>v6#G>J7tvA}e_>fd#^pFrn}f%pin48_TO!Pm4#0YOMLVJaI7sht#`0z+ncs>~g( zCWd0hlPUfCP>JA0-U~EH=wLceL>meKHwvX9>;&t%_V%o!KA|Ank@U%DKoFrg>GOma z@gQ6v#w}QHR6>;e0p!m}n0PY)hTlT@&!ln2`1KmU2@{srzc7ee5wewGjq=lT%OR;; zM0m4P^V!I=U}QhGtw6&Rc&o_VUkD*ez!b|WG7%jcry@V7494A1V?ktPMrO_e>21bL zu#MnhG0Q9CGwapvX>^U=a}zNVHpN%WTB>ua_x^_qd+s`y*7y%|0bJ;>%bnqU?6b6A zIbSto(_Z`Vpqx*7p`N`O0v!{iw-wXc9#JIYViGf4zl5~X5FI*;Co0Fz+dapMNOG<{XwxXAI>eYPTP=NNL2O^S2`W7LJ@RKM0iK_%oZL z#ki4VwDC(wD|D~dW9G6-d@;Fv420oPDtZjCNO0PZZyQQ5f-?^!?q9MHFGcCVjiK&# z9NwedwG8o-qo7`4jJ@!g6?CuPYGz~e_S)^w!7oAg{(E~Mi!cF_22I57MxHo8Bup@%Q>9h$f`%r<&T@W^w z0VpA}-h%TNe5)j65Himr^05#J=JUA%tSdHf5xU^T&jgx;NnIP@RWg4zxF^63^qbOF zLXd&CNWGzSd}t_qnh@v?k5RcYTYx=+mk=?zMzD5ScN|drCC>UKo`3NuMzW;4bT^xx$ zBnZ`k`POgSswsmHWSM9$+=&v4drU5a9s*H4rfSEe!2R7g<2fGiPtk@?HUm|r?@2xf zZDDVio575N17JL1DzqnLdFipAlO`nL=_Zh$m*J5q;atn;A2lyI2YNVipRafi$antE zRqv?D1d3=;gL`c^RM)IO3&c@Gs$4;bj*Jo#6hSp>F%@eRm6dPm+dw5lcc}1QNQO)! zKAyse_SxF@HqR0Z$WXvzG44Z|R_FozqMq%$0Hj!hC>kR1XKH;J7F8DbVXhEu3Ev2$ z!Kk7g*EaO>X*ua^Hq(x6GotoWd=$>Z>VBUd6Ns&m-MC3l05XlNNtMwSV)%qOOScic z=HtEFpY%JWYXum1v6ayAZp~2yT>9awO7O5~pzYh5GCD3XxnBE5DP#Uc-{TppjE&{n zEBo$DW_I>q;NTIiF3^O{v+?r&dOD>M=~&%P$1Xl!HN>*tR?c-N?@q<7tj+asL@OaR zg1tr3!gJ`GfOQ=;6&3kP^JJu*FR?@mc^Bd7P&Z+Otb1ExBEg9=*Tj`JM0}ori`AS( zFBk6!F;3bdND>p(J1YCWuh?<3X*u6?Zh*{DE{;!-;h*rK#m$fa$ngm=u1;|xN)l^? zR^w8iFp?xn_}{s9Md11XDo}p$cQTR@IXqD1FgvcqNqYpV+y*C*BN-E)GCneoPYQ-W zdaa;A#pZv_8FU35&a3Xojx9Fy_o!C{-A~%Ihn_Y)VH%nAR<~BMMa`#sWw2-Z?)-N( z{xV+0pas!XhO;n^Kui?l*KG6U3LuFsyy?&1wtEGF6Rx)(!mrns# zyK98tD7PtSnqx+Ufw_tf3GEZJ7&{juCf3~9EM6w~A><*~`!MAN6Ms3g=|5?dYeyifXi~3O@tS{5}npbFm zW)}DnVXXnYw&?uUI^~~kkPNGsS&)Kji?}hK7@0IdhJl9A7L!-bFxf;bhDY2bglx2x zQQAI?zf;PHzwQQE-`O92CnP5$S@RK*N0A=2Tmo6lC^$R$2>mM&{i{a6`tMGkZ<|Yi zZaTybHVOcXAC(N#=0FYjL%)ZL)FDXXUd{)JixQgdVGp0)&WQ*Y{Tgl+@5mpYB|}|5 zdugywcDyb18mJxLIs3GbJU-w_#+tJ01(GIPv9_&pk@!*TS``tb&21vJsitLde2Jb0 zn+mRl=qT`v7Mq3_sc?&IdN7#hAeJnVe=FUx?Z$c@UH%mao3Qf(9|3UFZ29)VR zuzSs3dx7)Zv}k)ugsl>8QS>0I;B(8m@s$aIPM zvq)KUPyIK@83qf9CL5{i&v})9DW+PYfEGQTZQ!MY$t*?8(IE8V%*LD~+dWrc3r>+* zPIpnSrY0MS{Km%S@yH3H;=LW)o;Vmb4@TfF@Ly?-wPnWTBgwe^a~VT{rS+`^W%jyA zF>YusX__Xz)F~#gd$yy~(2Ls#Jx@>5$AXpTy>D&3vtuksdEPoZo;YwXg8Lf}zRCVH zLahkok4+I+L3IiLE0)y#pICCqPqWLqbP?NY=nu{zQEv?xCltW|F@y+N?_j)vUBhPO zAq}4ull&T6NE5|~ePmo)pVuFu4U#29pWjw!OihN(JTbPAfgpg=P0TYp`C>b#CW@Ga zkKGL=Z8R9~$g*HB&}9jI#vWlVn|#0ea==sKKC9t#&^}_@#A**6MIa>G6$o#K8 z*AzPYhC~6qE7(r#00|4wjy|y&!)RIManb*qiZ~ti=90@bh{Ku={ADT)QQ?_29Jpqs zZZ`L?&A%3WNL(pF!#t|d?_i@)W|7Jt*Pk(7Y02pSXLRs1%y<;9ScQDHm z;ssP1-iK8ju1i14Y|Ip#=L{5q$nUu#@zUj8*8AF>HLqqx$v-j2`R0BLS|<~W4>zVE zDiMERF(KC(3tA_rW>>SsCY%F97lheQPn8?JpVrYU$_>=Hi?7kCn8~7zfI)&+Zox&K z7bnQdg&>PxAkDw#W1ruLDM27-V}L)tvOH3T121O-w9dmBeGh6JJ8{au6s1NOce(QM z+Hn5YWP~6dEyyQ;gj;*fwo)xL&-5z-_EaI}9=>ii*%BD;M5$Bmh1@;%(FM2QaFpSn zC??NFfC>3DXeerj{<7Rd2xIedkmqPHp#j-eW)=kucBPr!1{q|th5-C3dJh};ZKXKD zPkaGBK+*z86;>EJ$S4N83$#u#=2rFgR1~t)ziM6eR0d^Irh~Wo`HV~G;Beg~oA0Ef zjBx!4B;SNcfKHG6WMvWk>M|%*HPe0`B3dZQqAB49bl&Y;XfWw7^40T5K{YG2Ev(;HwQPv$D*$*K3f ziX#FE=6Tg1BSQXF;J#Cg%e3$oh7z9s7=ZJu(9(t2RVP`OHGCl4*EP1$ zZs99F*D%5&zibQ)hm+1mgA* zQU7f4rmx$Jc@M8qP<0(MF8t*0l0(5&8i;AQPcUV4@yLDHL=@BFraPaU zKFnV5YMNnFDepJGbCDsOOw`1|0j6JXO_3~<@~_eNOGt6Ra-K=P9!m zfvj%u)Fg5y2w3uZqvDs;L7*?HT$f&>lG|F;nu+q-|@D!(=?GYDS{ax z+QmNU?+l-4CB}bufsOaWzN_(Hbov$Fcd9idnBkYV;gSV^`sP+)4);@)z?B8Ee*6#e z)9%2$kAt2kzIWtmVHixYx_2XKC0PO^!Um1nv-eDerSPbL@0pY`EfZ)UvG8Kh zJPbx~$GI_KSQ}~4 zn@|AEM~|!@i}Er7E-2E(%TOFk^W6@Ub)V~=FrK#?dtdDYTOxO{O|m32_ktv8ux?ZN zoP7^db>uec@JJZ4KbG8@C3n|+?jar{8K51A8yGPNs^IM7yx6$%c1!NAd-o*?Zv<>R&EYw`LJ z-2kIhN{vABAWt7XlFm%B#o+sw)kKeDzFR!BcVfaFDdD&_QL%u%krY*s=1C_gk_P zLVWD?pt0!ZhNW8j5QgcYN4cDX;-479vx#j^;P?lr1j!d8W6=x;A!~xzF}-w2C5T{+ z?DX5=1xvI>jvQWu1b}nequ9DXdG2MmswA0ARzYRO37EMVbW2JFSUS>%-`%|#yA<$m zGT2laT)a@rD~gzGX{!>1Cc>G;68+q4pzlyfiGj1Ly%U-dZgL*UF8%0cdr+*iTi?*2 zccR7BkJ-t2Sp^@DYSY9k#DP?y%KPTi!)g~An$d`2BLXc$xlxikOsNWBcc;o`l zV+s(jxH~ZS7LKk&ahUq(*sp@Lz8e-AjCd~7chH5(jSy(JHFF+XYo?3LvZ5Jv zxiUu9oa%FYm+}`RC`^WGJHK@#-mneAqxrcp6Ey?hZ%q9Z(_v85dn zOJqt&(QUxf;f{f<$+}XB$6=zTP~h&SsF4K(zFrW4Qq zb(R{q3|^|0sb41}!0SG*#H{88=pVSSaAXy99(znjW7$X)^D|u5Cu(?GL6gt%DW=93 zvKkbVkA+~SD;=VvkQgO^Naou8D!mq<5mLMgPCb8<3@)(kdyWWJcf^|`s^RZ>t77vc z-z%s~3k9Tt>6h`anUT8z3EJ@IR}rtg0TNiZXEmSRapzENG|*)@zk9V(ZAoF!-N z!}iQ&$NrL9(jy9ZG`)kpdKi`;!-`wDvZ z;ftC5(wFrx@EpzHa-B`sqH}nB#y%5H7Eo(9UX5F*AOyi1pSOf17TtRJ> znRviGGA=TkTqSy^a+OG(0j%^+*Cnrb@2mwUo_9oK#jk>2-^HfK4Z@~zeu_-)2;73m zh~_ahrA2-W3zR4t6t$P?+Y>&G8jrNOY{7Umvkz?YPeIx2Pb2aqnUqg)5Xq^Fn_1#Z zis+(-Uw-ZvKs^UoQ}-LV*~`;5f)4r`ScB*LPnHSoF3-Iip~T4L!>zUa(pe&is)ICS z>W};A`ZRTJ8ZhVJ=E0|muRQ`4I1?Fk?)*2ZQcnbbxaMsB`D;cp;>E~Jr`$Tu46qCD z4S?#P!^tq3jVbW{0l3bh80>lI^2|ITi0HTfvh8?wqMZ`u2r<8pc)Na0zEGKoJE{kr z=gVuwuJ#z7k~|M(ary2KnQ72sL&+-c#Yy4KWR_;{geRANl_U{c<0 z8c__L9Wh7qNLJkzCvJ+>;6L#8VPyr?F)yjE*on8KD-=wN<9+*d`UCOR|FS*;)85LP zV3#l7)ZUQJ(DklD0R9`k7duHmF`caZY7OW+3qOsn1UunWeU!QteOPKVi)3 zTvxI4I!HCA94_`<-Zu1sFf)Y=>BD2;I|^H>k!E+0iXMYb|8d}rPm&lX$uua; zh0FFsl`_SCXSLC2j|u4b2%G%P1Jh|t7V(cb0NrI^b3YmGxP~P}U3IntrZ0NB6KaVQ z8Ia=;sCe}W4(t-#3&ojiZZs(%Ydaz|!_s$qK-aZbXg^-hJ-M~l?4_@yZOTsVZRRqyvo87goMv$szL*r|^b2}8U(6Iok34%SxjGHH z_@Wt`26EK7i5fGDU?*#Mw&3AuMC>G3k~$0Brv>Kn9xo1DRGE}Onch1#L6-cwAT)_k zk>8GWv(f8SWWLUySmM7C|E_5*m~#^@E;c-Ji%2C&!vdzsuR}=;x-?V}#-seKG_3ft z0isT{qjM99bw8D278uik{aPo*6!|M=*oD@A+ZyCXrd43CPHRp*bX@BFJL@tAq;pcq zUYCiPLC2J6m0@Gia2hy7|yR1(aL3c^SktNOk@SA&^ zvlP*O4#J9^6Jm{2{nKEJJZQa^#Nq(fPfNJZ3TC}R=I z=a+`NTiTh()np8*aNA$4OOMn z8SF)FdIg(l0lhvR-kWtPyp5SAdY}iaD%o;tX157l5qE>4*;V)8yE^lB)13Fk--E9e zx~Z$|=XiYd$J^-nVHgz!2*^179X8nRFE4BvD)zQCf3tsQx*}CoMR_2V4+BZz>n5o` z-)M9zGb6T~e%x-qe4Tu7AH!b)83vSuf|Ugb{JBHbSsa**09iO1Y0z^{LtT*Nyu50R zXO{P6!i565rWpEYX3+umU6^<&b`*R}P^Jl~rU$gEW6A2tmV{Zs>NP270s|gL+@uH0 zxL>%YC->>+ysoHx`kSl}yE5oT;y2wo{?VpDC%g7_w=U-g)U$oKr@Y`2dU6=ZoL-42 zUWEzG2p$F&^F^FI9@cKt!% zu=dXIopwLm1s@G3=jixkginwi6M`M_A;|Oaa-T~Gpm5FKd3W&5$2rTlb<;rEf(^nM zCPp!VtIMFljZ1Oq<(M{8%<4cYm=gE*pRhRo^J&!ec}I2%@9xJGa>v zo7uS)QOt&LqXKLL?D(YJMV|$SJyk25g@HKy?WaCPmY~uG$}7F;X1XP8c2|~eCS@w8 z8*=c##-vzuv2WTu#sPn~!r0YsY6X6-C~#_A^tX|tE%i51h7fFLwHX|-N27p)gI0yx zy|wVM_n0R(B*QGTcv_Po()^obsGfl$^25x?;OqlnVYM5zm{9XUool{a{m|#&QxyH0&q-g!$73qQYIyXo60K7}&2gB0C1*zJdfI5J#Cu3?;|Z~Z+uJ%jl+8h7(zU}5U?Z}Mvlo8Fbx z(uZVP!9q)JuE$?kx~)|W(JHIIQn1(`9(QZ&n4vLMbNZYJCzBSc^m2VEBYx#kf?uO6 z6(Nv#ctJkD0TkMB?h4kedpo}?>;0FlIf-`z1Fpx&b+sJunA5w7$ z`17|3R}H!Z!ZgR)o1gzJuQ5DxL%cWMGagjj4*}tGFGlw3*RKwIx~h^F=f^bcXtPgc z--A+BF4gIjQa#Am4ik<~e7PNPCXQjwaV$_!pX*vxd6*SvZ~G$%O&LDTN(pBI73OZ{~JdmLMm*B=Iim;BzvEH==XmJ1NvUq6Y0C(6ey@0|0lS zytT8Dpif{MgH&(_epIY_<+uD^n@a2#d|p8<)uMN4mEkT1 zSFJ+7HR5ra}A{~12 zBR6IMmE~_CJ!X6!P2IA!jY90fE&8>{x;Hi1_k|?Go*v8@N#z@906jW@Cl7EpEepV4 z_7mS$xe?fzCLMtJYG2Vmc6<8zKGBX6$&iXd-p~8AbjntX;jL&D1crN{1Lx zp)%!Xb!E)~P-WkKP%nc=9^=`2eSf5x)9&^+>>~>cj&3nqr({H4F%i7$DVfHUmiA+H z))5(5B6r&j%jl=JWU%8ofO5>4E+Cb)+%V^6^zSY4ltQM5CRD!QZ&j71X%dN!L0rJ{*BuXw)bS^ox=CjBCs%UL?Ie^v|y^H?3v4l zZGzM~JcKj=yWzHf+c~I|Z^MX8%VrrprKXs&iA5(TG`-R*Ah&EoL0h#~omlf<_9^(4 z7+wA@AE-&=Na9i$ObWHiFhxSHi8f&GW-o)Kl3`3w;z+b$FkG0Vl76ES%C(TDg6vx%p?kz|6vX(o7{f)U`;vRrKcX1B@D=N=HlPVXwT? z7Q`c(AS}QvezZ>vrNSwTur@b=5i@F{yT=0d%*`F{<|ChB)5?N@zil7PFuX<5n|mUR z7}})*0=x#S=iL}c!n?uzqN+5$GCos~THTSRcfpL)d03%Bn-!SVV#yuc;Uk)@H3L6ua z_%JMQYmqZuOUKUXH@Sd^UBxoTg*@lT-8mwt0r1)Rv93l|4 z+fDOrv0G^xQg{f}ZNid&&ka1xUo+Ux3E~EG41siT-VjjAgNHPt5>Avz2Fi|{Ga7&> zAKrrxTNS$(C#5=;Qv=aXSm$hYsh5q4ms3#MDDecAfdP)9A@lD*xBcS`+22;v@pt0^ z13T_#U`_{Cryazm@YRWeZWt~2Wm5Kd4V-#5<+BcOK3%mXn!ZeLGo0NBBJ`?`v%iF9#UcQH|CQA z?|N9nTr>E=!KhcuCm~1;EM2xw^?l7-T}31-M9RuPArTU$WKt`oOahk z1kl$h1vT!C3r0F!iuTU!{q*yFtqR`&+E|U($Y~fQwU3H?5V-cY>aq4_yBCXCnvk-) z@DwKZ_cm)?hpCv@1pXK29Zo}AmN_XOj7(EYKs|qck9(9P(mgBxCd1q%>yV@N&snMo zpk&)q{x%YP<7V&h|72YKg2y3L*D^G+?xJcmx{f2>U)7-;K^q`j+6STIBR`38FuEXV z{pY}wtLK#YE$w56fZq(OBhd9+w@aSzg_};)_-K6u`X*lkBhI1Xs5gHByDh}+0Xo8lKlUBxDW8K}t71VKf2zJMjI~_r z)hX1V=;xIwStOgI&7B&6_J27I%B(OS1XT1gKLXy>p65N7!Q!Y~9rz2qli6#@sJ$;H zwW65G;e6JpRq=8!FETaI*H!*0do)yn^eQ83c2(V(RvIF%1a|+Y_h4Wgo4}s%1g4<6 z>LARPtH0lE=;q*FziTi2E?noUzI0O7>AlJ}@q=@|0JCHmB3fX(Fmchd_iC9j$3{xM z6Rl9`Vn;b(%`fU^Rp5fnX?wzfl4nRK?#3fF+`>vAZRj#M=44zPcP@5w?1;}>YUy`X zDZ8OOeuD^~U#v3BKf?UaQjnVsK6@6{V@&KX2S>?1leAI~Ve|;1!R70+_p$BoE0t55I)?7GnWJx)j3Y?D> zeeOb>y_)RGY{odCM^~X*%Ol#f3aNLsx#y`Cn1qg~6h8U}jhY#=QXb7S=cf$BM$<+~ zg}qnZ6J7S=R>vwM0;yW{nw0S9`}9nV^}>y#h~k4~Yky(O_qF=2XOmfanqPE|4W>NN zeAz;uQ=>xGj9Mkk6wdVCGunc1%`-%Pc;vy=@mjOay+TNoljC;c3zJ)T6e3=R4o?qc zgn6}TqU&{;3+fJ(X%6_YWpk(b4J(3Zdu8yQ9!vCz8Izz+7 z23Qi2hy;G97jV>kfUWQ#l1y!_9@J({Ab`fQn6;A#=p;gO&^z*+wSIt5cmYfAQeNiv z_~p9DRa3aA`9(aBt+{4ljq2kCcdCi?Tu+xe9 zt|ukr+WjXDiucppBAQhd(!SKuX(K21aqTzMcj50CIy=MGzQfPOY}vi8HSDccM}RbN znccYr7CVdV!qpkf%;S`;9efvlW|N{YFU@+|J_NnXqB?0^zj+!^&{rnc6jmR)dZrr> z6e@106)b3{?#axd9T9)VuM-50YL4v_eOfXqA!|k5M&4H4i7s!UYbup!xxUW`AxYL){uUG12F zK40#?9#pIY2~|SXSP*9V%-Jz5$P!y z>!sW#=AvPnI~&tI3|;E6OoSV1-c}_SjQhh1!JHi;syzUcrif7fvm>EB)>kUylgd#JNynwd6ye(QCEd>nd8xLnCQR)1 z?{pSLEwBSxQHT_ANNtUStVXDH*gPTKCSUwF>-GjoBYrj+)m2D0yUt4aMD?-R&w9X;%;2cU<502c&*8&U$Dm&GE1 zL+AY=pUA^SkwI*G1Csm`@M$~r5(6;sjE^bS+x&m1uwoFv4ql8M*(&$Q#o}Y|SfjJA zmaXMzCZ?u*V*SL%%234v`Owxby;EmyDp7(}=w-Xrtg^JKDNB7lg?dSTJvF$}5X$S+$S+_c*N zY^;SrUNIx@7zzpRJz3~{!d1-+#awshBK3K?JI4?yZb>3sZ;PXe{&V+LSQpRo?f#X(C4qLm9IH1N3L{b?lFDXSuuO#S(lXR65YUx_5 z7vXD4koU44Y|XpjAwJy7(SyGKCW>@22;~({h0QL_o)%_~4bJ z3tXABVy%1C!dQJfHl$U)lbNiq-~Qd`PUZff4tm&IqEO|s?hy50nH4{ru6J#Aow0_r zJuvf?Udk`55#duS4HuZf+`?uah`FNYFuh>Yo^S5s!@5k7JRQm3_h>hHEbq8%=4sPEz_VSXJ%#+vj6Kta~eJ@P*HjtSYY$AG0?37HGmUV=U+$ z0zE^a9X!UT0h#yl%tWTD{HsCiaapk;-2cv^-B(@b^~gT#9OTo#?|)%4wI@uyi?yOS z?gl_*(;M6p#%fTUdQNF2{2BCc;L6Rh{wEpjK<{?Rd9nqZ;^Ugt6=-xcVQY;+4 z@|7&qFdRESOnpa>D%lwz{+C5jLe6}@Ys8dcrS}l@e>$&hqVEt;7}xI7952jKR zd*kaFgjhtoOr!Gf)kL5RT~u+zqVxMDZ#FS`DJrW!WJLhg5rLLYF?kse>Q;UxJ(0Dj z4A?MXJpWza8-N89*SYtd2ZX?)N|vp@x(aL9Lkn`di>Szr#nDk=_L961=sYx8`jT!( zu|GNGw2!y^c|zazo$zi&;kBehe|XbaFRP6DD~JYEtZlvhQ3f9*|Btm`;(ynI)fbH~ z6M?nhOy+}Z5x(5*^e;v3YQ%XJ{!gvi=Rx<_zT#6C4OCCAfIvCMoC9?cRu!%2>&(o+ zALa*5B0DSCD!u$h!jn$~sI7Er0&B7+{yIBfW`#0n=9XHu-| zX@2t(J+Bo)o_xK#tQ_tA3BHa!v8i1)i|6FNOGgzlB^Cmr8j7%v9KKwkKN<|1ZG~?$ z{4u8^4~>dH>u6WV5Jv`#UKgGnGG5Y>xKsN+FQqMAd@?e0qFynFKR$r$e(Yuv{tT9k zX&4aLw*AG1={E8m9s7+SPiBKBCsMS#kX1}p2}@#TbuGR|ZKr5tjE5*TT5>&Mbm`s9 z{2f8YV_-{Geaf^2FmU13KqV!d|my6?~dh=)jO2DeB~TQKRP0vnGK5R*7g(9)V7e7QBlm8|D!IrrObsfnUU2N@Xq;+qHaK0k zsTJ*Hw_AqFWmf>cT%JvIKe_3c)~G#CH4S;cb4&YU zxtvFK2ilkvvXaN4BE!p)y~?9#F~s9NwR1I-V2DZAQrC>KPCNp zmm$u4O-PW2TQZGl5OM9g{lh|A zmW(9&JGJuY9T3B?LqTLw3&JSm0)g8Y+I_Y`A6*Kl>rBi!+$=m$WA!q3)kYZmApu~>n&E~@OXil0}lyLSG9JFxFH z6Lkg|;+hOQNG59n=WA1B z(GpIK#5lnn4*ARVqb_$mN*R;VesMD|29&)(LLq?(bp)=nZ8Uz7;)9$caNiDYS!^Jh zVokrij(O3}Q&n1k=UzH^I6LNtW?HJ_zhCxF^1rJ~`^!%4+`8DpFT8u`8sZz!3sfP! zt7n_UX=3~|uXYz-#y+7d7F5s+x6zF>(^D z=u~ban#7sLeznP&j^GW=vIqms1vZJz^WRuo*{%xxtx4XZ%$#5PQKJM#HLLleZ%>< zi$J3d9%Zjy)u{@EgrMW-D$spYGadT=6!LXr>#Td+&UXK>Kmy$!hOhjxG` zL@>OZ%`R#mC3#WZ&36g)%l)*@ncVY8NoI!plH=&;ydk9e68-f_B>HVYn{Wb$9ePCX!iN;N7L}Ys4yMHr40NDE znb}V52c})*Z!OBxSo-Y|-%r5yf{YJY?H)DO1L;y0GTwy&$6LefgI`|qNz)Nu;wwJF z6k+QrdiU=+lRNn2z7tD^^_vXnXtx)S`e4{?pMm?tk3}cX&HM_WDsuKTw7vLpNNjXR>@?8r-0U9u{)^!TG57qHQ%J8?aXAp=#Un2L}z80rVU zX=LOF5s&?%4O`3Wdyq!BRw zp=n8h8J7pvwjyr;H3=Sp{)nLM^kt3LHf9ICnVetB80UV*+|i6huG|RWsCf>>AzttB zz(b0a&=1C+B0WTSHkmoGXcnS7MuDwp7(Cr$9NL0$cPPafFnp=kAOB)WMfxe37AN5hpxXqMzUKFa)Cp(TM zFeG>3HDEW~*6hRZzP3l6%ngiebE3LA(pT~!HuWdEFx{ibjcp+=xSz2$`~-WQyrq)^ zERLo9T)kv#9tAtVK7xha?6h(tghPtw-)ii>unKL9;>A;xSfen0YzmBOe!{szo5i)t z%^BS9r@D2$47u91Q&qRs48LW+*-)|eN0UH|F8Olg=dio`mXd`$vU?(2W-pX1FR{oknhrgwG!7@kN9! z`9J{HURX#qaH58wqc^RS*Mz>{0ka?U{<`DZ7i2j`jhigG)f!MAr`>9m#Jt>A-G(fw*X2xoNv=UKauQx%9ifKE5y5S(z`yyXV^e$`Y9}>7zOg`K^dn zbNIXr(Ez8K*=9GvfEpF|G+;R7T61njl|bwCkG?!FK6B&^)5mMu*?UaMK8*cJ__cJ? zE>)dD)`wPKu8ov}E`&rasKzCc$$w!f^*rzTL@TF5m5N**eArw z5Dkdo|q$UF^8Bh7pk?PkNiVoD>FDIY(wB; zL*QHLIV`(3S<)p1cPFea4%ww4RWL}1<}8aIp+DCAxOfq7O{QKw#Olc_U%}N%_|5+X zzy6?P7qH`(Oc=jf@jRh}YRfdDLbl~*c_ag&5JD$KiAocsQ?=)D+Ca9WNJ;4^Y#(mC zd{z0{Jscw+t^-LDY4q3g-4*n|4@If+&qmDiOl=aCWX`;e4@|}b9dDo_4X)R}cqp() z0A$A@f(r4v&`9heq!D&O;lZH^8t2s7+z%Z_5WI}*1m9RGFSQ0px(H-c!y0|{2v*AR zQ4?H(doe{lYaR*vPhD{L!zoD(Ne4B4`@=%KXJIZL*i<~WLZpO@fK!bt|K6v+S%`lS z9;0fZ&7#c1JS@! z>|KA6{xX)tMSU0aek8kk&$s(VMx*cxh6tZlj#i*Qy2Mq1-6cU;lYLgfA5I);e&y;; z?~8d0WP`NOd8_CXhTYr$7$^y8f^X0@O#kAYJ^YI0?rlr#`oo$jTgszEDroufPJAVQ zDMpKFTlDgrC^1u;&q2bdt_SCUxTx5)Q3B9%y5ag(m=S%)rw~{{RwMg|(>HiQ-a(pX z!^4@%_r-RD$-(+O8$E~`w1*ur^;TD+BR-t-=xZuTw|&m&nt^xD8(ox(NV$U|XjoU& zJ`e0;&UPj3j(+*MB`;>;)Xa@V zao4H1GVfL5S$VHJgO98wNyiSc$c=@5>e~5|Wh$Qn4N{M_J)475t$}cz-?(M&LSFn@ zi^r3B^ktbT&3B#9km9wTC6SJzINO{rCkG>f7#)#D9{*fq{gtP29dx3?y3U{~ETOBb zHFF5^!|R+=oqy+4g)>w}-JZq4n}jNhBAyGk`;rCn#<+A@+gMatr7y=!Ic0AGe=*D% z-qiJ~Z6Q%r7?ea@CKp+AmLY*4Pi{1G?5#sS`FSPuQZDx3a-~50hw;X>o{{{-(sDyc zdbx_G>1SewJA0m+ik9-VSY!hhgrR@Bo6XBoLbq@>85g_^Iwx#V=_Ick9CddBipbTi z3RQ?I&}6)Y_)Sxs@?|6DfA-ShQIx*(pN<$DUVnr;?#-OJBf_L|RY$C-J(pSvIcCtx zX&e5g#iAp(NSB2S{Ln$6X5|*UTzf<1)-r-u1bP%vnrnxb+3v|0#geHcpu2SL-~Arf zURA!?5$$&=3q8QD;8>dfom3h5tn|}e+R>aaG{z9W+`$KqTNyzb5N!noC8)v6!begM z&kuBU*ql=1JewTw(p37q>U$e?S&gSL5#3GE0a`Ag=uZ+_qo< zyT=?`BFQAHjF|@)o}&1>IPM5N4LH|c5BadpBNn9}K872YYWLBD-GNQ3bE(Sw6-as+ z0T+{QMiA=h;h~0vLYdzU)Mz4%8LU3m4ZLmhBef+ihy?9vq~}8Up(UmtT9g%=be5-6 zHw#4zG?701IGtdGur`p&w}6xXRbUPl|Gy+Yw(93~Yh3&gMf z%6IeqkTO`PNF>s_lSyocEBUNK{==F&aE6)c9^PyqgKbeSeMDdWT{Y*i#DI?F>_y&# z`fsW_IgrI&Z%|2IZ$}^WID7QL2Ve1$Gn&MYZr#arbXvXRlrcFCXd?U@!=gx&MQMm?MzAs<)d?zsUyz|3@Z zVuz*NdO3AGX*S$bq$QO<}>IKayhVHv$Sm+j#jYeI-Y)83$k@w2%jikX# zT65d}$+;($Io3jf@KNj`AMY#$Nw5Rv+}_?tcb7(aQlByyPN6(w<=?KGos&EiD_nh{ zzq2Gd@&4lx;_ zZkRM$KO)1eS^sY+SEregIh*=~uT!8dJvciU2H$i2gB1Dtul`CYXL2R}fxM`#A1O!dy1F}|}<2l7?yeL`=4H&(QKTltALlLA{+ zhFTpbGKFm^>t{d?6EH#i9F+0Zd&-Qk!pX5E8oZdeEEYG?cKoXYnA7E6jP9mHf9}ypFHNXpT7$k z{Xm%N=*h7#1BCvga5agwYWl~y;a^FNYl8tx`amiXG@aMXUJ=$@yY8EHO`qd#`BA<* z!Gm$Fg;%bgsP(Q?c(9a1b4_NXH#1jVp+D-m&{KgAv}zzw73V8M@jH@ajBl`|fJ4Xr z6AyE+GF13%q^HkmpND82Mfs~ie_wpCg@>=eH-)NSK=0zxn!kT>4F?80`&{QO*7)|#p>425D$ z@#0u-A5fbyinyyY^^WE>l3NY$`+eEHce}tvn|GZw!&SJ(Sr*AdTMjpnmXutxI-fkF zq4cc1BVPb@4$P*c zI1jwz&B=iD6G5baM)gyq(Vh|JUQ7*-?P=Bic!92S_Bi3#`hdEs7Z5nx8f$ zcyXuY&#+uZKb81aL-y2NLxL0`rM{k{8EIqPX`_f!$9fdhn1Ryw)L%DYIA^82m;-84mRuj;HRwA_2B)bMF>xAo^We; zVzN(2IP<5r|J9q(6+KH&v!66dmPzwQK1}v;6@m;XXCuF*wl*Vk{bXN#%937Xk_^2l zr1cb?tWQ>45t2?$!-dMgw?k)}Af5)=$xU!!Xl*K&@%kMtUcOJXMn1`e?6vMrsx#SJh=i0^OsAQh5OmOqb!Qo~6`z z_>Z}%q~VkUbplG=vFl8gtd;Fs1EQ5CSDu0d{rQO&`i-TQxG%cJ4L;1YKl~tXWPG6n z`L6HQ@OVV(;s1Qp)YMp=XGYpcw=2Uvw6;zu!8g98@4BQaAi*$1kPJ>%XTT{EUod~uzW!@IeSC(U(A&+5Dn%XTtBZKS19XWlpCLa zEvZ#3_e?C#@Q!Pn^t)L6?Xc+Cx%vn`Uo|U4%!eOJJxIPhf?!b~WMwtrQ1&t)6|GNlK)s7ObTx;Rfm3sEMGUy{Ut8y2YFGBk>U%xYVR=lFOZTsI-BqsAO#gFwV!apGLA$`(A(A@Q&8Km^Qcw7i#ea z+_AC9(IovO#zHu~Uq+IaQX?EE`{I{&uq)otXySL9>@Yc}h=CE^@n&YXw zwW6d^Er`OEQODj0lP)z$zcHUG=#jva3y1=L{WtqW8U*OJra!7eI z@u!)!w4$lTS}AR(`S-f;izMkEa$j?6(knVi96^Z6oF*(Zz(=lC7vE!CW+jv&(hQ-A z3sZ~8sj>4Sp534IcdrBoqy;#e3c z-IM?CJwft+CxQ3~bvoO#(AXNcqomv1;b04y8HQ>*iT0eeW?{N zPPscZ{|N`7AE2JxuzWrzZFuA-RLB|$at(@k+KkkvGp~L^2yBuSaQuJsiUD#| z@c>KlG(A9P#A%O7l<(`^Zo}TyMAWiG=4BEwjBA zB{gFMmhRUlF}1UE+cRDMGaTVGq4JhgN%K<~5FE@44ZHd0UcMqyZXzSx9O(}S9s;Rz zvg5#HFeSOxGS9I(To&)u7#jL7Du6>A_Vo9fmlN#d_O zoMP(%SN&(Cug`p6jUXcxGXVUO1^MS(V4P%ao zT|V7^Rx!RnOY7_VgHO>ieryi?4nIkWv_5I}p^d+~K@}N;%t57&A5*?Gu);)EI3q>D zqBkh-tN3r1Ql4*U0nj#X&>3h>I;?P2Y>GS9dzOqXyv5lEm{1tJYuq zVlDb6lZ&X4>QMvz0vE2bP<22+FfvbV5(^E_-u|+%IMdu*A?*u2J)-$7ZRGvb$Vh+W zsqu*auV-nF^Z)Eunv*IE4V_!k8*tC9L6Lf`-Q?lX8r zpa3WU3V;Hj04M+ofC8WZC;$q80-yjW01AKtpa3WU3V;Hj04M+ofC8WZC;$q80-yjW z01AKtpa3WU3V;Hj04M+ofC8WZC;$q80-yjW01AKtpa3WU3V;Hj04M+ofC8WZC;$q8 z0-yjW01AKtpa3WU3V;Hj04M+ofC8WZC;$q80-yjW01AKtpa3WU3V;Hj04M+ofC8WZ zC;$q80-yjW01AKtpa3WU3V;Hj04M+ofC8WZC;$q80-yjW01AKtpa3WU3V;Hj04M+o zfC8WZC;$q80-yjW01AKtpa3WU3V;Hj04M+ofC8WZC;$q80-yjW01AKtpa3WU3V;Hj z04M+ofC8WZC;$q80-yjW01AKtpa3WU3V;Hj04M+ofC8WZC;$q80-yjW01AKtpa3WU z3V;Hj04M+ofC8WZC;$q80-yjW@c#n=m=XoJN*oG`hCr4&|6pI1RD2fE3m;DU)T>f}RO7sH*0*;s(@{r`GNk$ zfw!D|eyjQuaYu`|&ME;v(%mPEiXo&Jd*?T0$8$CfwwB6YGGggs=fs6rPW!_jHP3p=za=>0mpB^(h}}xS-BU{#bn++9fr>$ zp3u3_heEf1@{J6fL=>Y~?*$1TZS^91bCH!t4@|a?2k*>9F~4Z#_!iCxq#Khv5P$K0 zLnB<1pJC1$l`7=~rt!d0={=@Us0FjrbhHsKE5&=Ervy;i!!HO^Xs$`boLZaF@%Y0?Uza zbU$1Sla;u=8#Vl4TbkM^V)M4)Ec10Y3~rB2V&MAqk0pruOnPujKgE$4kLRUe^k_Xh zx`mD)J?oK}(M_z7rMPRFvn|;@!KcS<#A9O(Bn- zp~Rr7DdMl`I9N>09v9Q75eZhRD6xbwPZUqz+?hhRU_~Qx%;tKOb=@%ZtX8xU4CTfz zJ-3L>pU+O&a8Wsrp3t50sW^yY%(3!{gBwM2QgN;0`?wZ}x&!3k*n)%YG7nh@oIIfX z=1lm?WTsN?mG99XRbXdYMxu7Ys(o>Oq&Vj+&D*2m=56^LB0mLfxJu}zic40eOyp7H z7IWw45UouuxmE`2ecxhLp1<+5$aEkiAUjplRTE+6vO#Tq7);6xThZ%mCTb2#iGE2K z^iq8#{p$LaS=rl}o$%b<{RCy(hl^a!n}PCInxz(Hr(vh$V84KN(m~V zNAjChbjK^dQrrqC{Wlzo0Uum_uwU#WX48G=v6_WXUfbW?GJJ#2EQKhe!_ z^9)>2{83JxKG1rhwv&kU?)qcmQkuHy#Z9z$DR6wFS5^4?dvkQXma);F#J`?Qo{fhA zJ(rkpjuDIDhb*rOk0qs7VkGP2-%qAPiYNzTsjK^LkPS4KM`3stQBGvyM&TVqt~Dv= z8T3n)6-BIoNSh7Hq%W)Yo0lFeRQjj9y4;4DC*adH9bhn9J6@*JF*W)m&Rj=Te@<@{ zd#wVuNBK<`!NMoI;H%y$x!frgnzFlK@F_IVi|H>rC*OPAWe>uQG>ZA2bM!LxKz0Q> z%vh%=26l&dT>KPfW)LMr4iJ`zzcz97)nVcP_`t74Wlu=I<%aA!Z1uyaO&%@M?34*| ze@wV$Af+9Ct-3}p4tCl6DlPow-A%#4ID_;}Gs{&C#o6s^dkoS9MkgzkSa39Ce+6|X zt}EqmP;TGT?IrZdWwnm_D^~CrvxUDhX4L4HZKk@N-Sz$RkKWZ>O!J3yd%$?{kcLcC+Rbk%l(Atr_d z7q~$>ZNx*4|Egl!n&?cj)+ZYW`#%uZgpclMexh|7cdpllG@M7EmU=1rRJCrS1N>qP z%E``m&ekZTAOCSte^Q?^BoBEtc+<6tQ2Eh?&8JaqIx2p6HbHm;!IksaM>sF_T|;Ds zbNo=cBUQmLuB$+s4Q-YFRwNGXPa*%b<%ei4tH&Y^jBh;?z9eI$p7q{9HuJ_<&zGjkOrAHy(6UgXvii@8;kB&EngAmUN7axY#hH+Gc&X*D(^!^ z2V$&sB>0xYy?(A8lG{rfgWFF{(Jw3{gpr~Sd}AkiHky?eiT|CtHPG)dcx@&xQtJtI1FaMIB>4pB}1!7TH)a#IUX)peI-}>E{8+M+`iAtLi+72;chK59iD%jk)(mSdB)Y6! z=kRoUQP2BeLKi|gv1Q6bl`j7Ro%N~^oMgaC?KPm#Q55a_5M_UcX)|KLs)V)t2AFj@&d-ars0-hM<4A27j`+ST$RoRZS6!|9IW zPcI112I(Sii|@;s8vMb7uoBS{}IAie6Y%ZpvMO zQfo5tjS{7__{M~(lH}h!ZpVtIKc)Oz1#teq`t*b|2MoN@q)Wv7gR>B) zf#-hN*Y@OHqD?S<7=IlJOLs~0*&4(R3dx%wkEjv6E(Mc>+IcTm8=!>@@vbrd6db&2 z*G%?m3?a-@SLmXD;K*B&SBE0^;fK2s&`d4C(P=sQFc(`Qex0fHws~*ag*6GgxfJ(3 z@-+Max*&m(IMi{FFb@m8C4GyyR-#UCtXz%=CCEdVk2919)wV!_id!IyhNM6D6tx&r zegbxwvkr&+5~%X%dXQiR;=8Id%v=6h{PM*CR?eWs3s$N&6SDLC+B;g-hQ9*cWk_oG z`n3k{$6pL4!XIN!pD9nF=CRL(EmPd|GQ8*V2Zz?vmX>4S;)4URE-J&(2G9ecSrbXC zE8IyRM%a1^x0JsDirZ>BwY12&*CXAAn=_Io`$k*zH^12}G>Og%8=_M+Rz`h$Zjtw4 zYwC?CcA!s|vjv<&rn~F6CBvd?ps0^nYgT3Jc21cx|A|Ux$ddq1`4?F1YTMk#Gw3s- z{W5sm@}qTkKJWUd;;h^5EdM++*zpxYgwmRL1y593>Xu0+`eHK-6--zu5+-S}^> zF30!hutHzmxTuxcD*xhvCDy8BaW-G4u6%ERj#FKm6H>Z`?PRQLX_RkrI@ejuaNcSD zFa2WR^%7DSK{_g83D2Wew{jb1E@`kJ;gsq_H@i$dD<$?==YI(8LSwE^Oky>9^O_2- z9siy%BVl(veW7&K86wOo$s`2mR}eXdvY4^~NgMuDZ{iuSDQy7Z-=e z8xi)9HA3eKUdD4Q2QJR8`$1fC{%_F-yps>k)Pc4_TA!1b1k?o!bK~!>BxPRK=Z>^ z@AuPU(M&Ho{~E?bw)La->+(xKPay(|6y=Z`w?9KVH!GW$z!na(k2tQ?v%JV;uFlb5 z`)kM!jX(nRpf^=T-eoyrxcG2heJbY$VV1Qq^XARLgq&CM1#xy<=&|fA*HxI$@=Ekq zg`REj&ucTY8irM-eDCDkFrat@!-(yzL;0z*K3HXn1f!n5_;4p)Pe}|bg{FLZuH|{I zj_$8h;*is&bGoAZNtD+Mex5;kdOTg7trvrV4dj%d27@TAB`LPf4OAyl z5~IoDaURo*P|sIFt+UUc366z#Bw`YSw{eys))#Bs9Ngo5GOn&S!5duwXFk?sbDZI} zL7#F?`IBNpb+ILgXNe1kUp+wGFOI?B%nHr6epYiHMVea^wh*Xg{$V2rgkkcpf3i-V zi?!lEtB0yxtiP4&iw!e_dHjxU|9uD=R=Bb2py!2oi~-^;#L9INs}VG=$8w+z?!j$Q z#qBtqTv3Rgf!i|Gq;IP!FaEx#=3k_yzvRUYRAobFTm4hLJOe-cP0+No`RB>{Vy{k- zs#G45<+0U)cj%D4eMdq9|K0$cV8V^A;X+Wl`2HoxS8M8)U{;_%dWFrpMggM zsl#JnIYwE!L~Z}0XFH0Llu_;BTTZ#YGd$=SqIK5z-;~eqH=6yxiXShxgzTpj7q9-I zCOq;{9Q1gn1`9@KZuD-CjdW-~g56=vx=3QROWS&+Vt*>zg$GriFMng0z^p+Fa{V84(Xs7soeWye zA&jifK!lx@Sz%Os4g9orR9Tn0Ii0h@PXEYX)tA-VnN0b&9C|G5%|EL%=ZMIERJ&s} zO(?3qC_N>KR_*~TaVBpbp-X-F)Ah{E!B&s-)rP0HU<{9G18;)AaCTN%sW^c->JrKW z%~Q3+AP(U9Fg{zb`X9J)TP{-5F(=I4jdcIE?oQ0F^)X+2^^96C95?uRLRtDbA%&rj zuDZ1K;4W%b)<%vEM}0lza;{p+)&1wbS`mv+~mb?@~Tq z5W@W62`@SseEA;h`Rc7415IgGwv*c&$8pLdl9=;&)_j1;*OS_Wy6|@Iptg3p$XwbR zm(?~+y&gR9n(nectlG9D1)`1TFJFbT)tKKeEI3!y2$g@=%|F6)5}ot8{q0opRmxa> z64h5yKVG8HFDlo*TN9VLUE5>!4JD1$`i>c^9MmO-q#ss&<)4BGdN7!?)YYyR`}Oh{ zueM3JX}6y#C!ZnIDieB!=eJL&kD^!~1F0^-d!d~8^`Bu0fmOGSBkhCb!Zq^ag*ny~ zs{EzX%1VC=zgK6kaHE@9TBLC6z9@f#PuIAGuV-y@%=>fdU{v8ZTcYKdsn7c=kYe}7u_1{nZ69sJgLMi0(#;%H6U+ndQH@x zG@i}9vu;P@lUayzJJP6qB(aZbapbJuUCK(IGlBn-Du&&0!FL>%;j;`?KcS`GL$iTK zYOV*eI2{Os6WJ)e{8QAma4eRWa!#7Hd8KS%X>Qy6(tu){{l~r~SKb}dTN|}y`;XL{ZmIPv_1$=zmi#fy__oJz z=auT3E}aK*M!e5^GWu$A*R?{)ap`_*Kk9W~r@95Lch_eQ1*#)^;pFGD#a>9SFgoA4taNn;aeWC-@X^NaZzXxlV+z^ zvsnjql_t&?#%aDpLw}>~-jc83XWPzY66Kj^(BDrl?a6u-mI|l#tnb*eBQ~1c{P-AI zML+V5p`whMZaGw}`a!r4Hss@}^HT4mhY|6y$$U6@%-4hBQhS!{huMV$;f@}3AOwae%6pK<*mut(8XUG;|;43x?br~ zqsB)SQKN7DV@GV)wc1X1!p56QTA8nEAPK_(@E`fJIlhoJ%%T1P+F&$m@IWWQ39=ks z2a6M<`#d+_)HD3ns=2ooJ_2E zxox~DQB|#pbu{XHd)18OCXpXi$GK@NLlaEe$Dh`wR;DSRtUHsniDc+-CCSrLpPs0B zVtZVsBW)uE83JiMt@^O_yjIoPRwU%>=D?Rzw8DQp!lH1IxxGcNksBclUDYr>AN~Uv zKQHL2;K&b2?Ac`@syR0{pJ{iJD~bA`A8qrGE5^TVtk4&#_%c7s+e>;?~r_F48Kb5+qyReS?_#WGllvTy+S`) zs0-<&-egLWe`=1Z@o(PnJDpKr3Ax)L5DXq=`m4cCs)aQ}yw0x2yJfnmDLOd@)rOWz zn)B|h=ose7UsXMo_5QbXghs4}HS#aPCi8J!7((vQ#0nJh=Gw$6`geYpyWklPSTQq* zCB7Wk-%DP&p!S_a?M73_E9tQWdZu;*nl|LCr z#I}Eb!eS)DNqWn1nuY}7pG^}`VpK^Sah?t5* z1WT+)>m6@!H47-3;^(T*G9Bq_JqnOQ!<~E4s+*Xmd6^~i@U=UVQLxrbqY_nY6>}T6 zz=@Y9+32i6PeVnG{z{L_5sKRF)_iX2Vb(rQPaofwZMOCHpvwPh&%UFgy81?spDE1H z!AcPYY#0PV#ZDDtk7#1SMp0~01f@t&U;x2NG*(1|*fka~YAjJHBX$KVm`4R-Bcfpx z5Twl9A&K{SZtnBXy=&d~z3;oeKRD;N&)$2^-oMW|!&)x;PcR*6mXftcQWDT><>j1M z#d_;N*Md8j*WB9^b?Lc_N4pPegYF$m&I{QjNT(f6O)Y|C=lELu43ecNt5P5kbB=4}zD?w1lTnzgO>KkDsX z<_r$J?;dZuq(`?F4>LxzJUx6{vFQ|Lu64Wq9b@`?DChP_@n|!2`=ElD428Xyb>_jO z0zd!DrJKS{@_vzo{9sx*?L~-j_=FyH>b{Q>jf@hzuTXlr=*&tx)N=EKMTMg}dP_z9 zua||o_j_)b+Nr(d3(vU&=iNKzqPs~mMz>E{#^mL0I-=|qDxWO3l3wM$g%+{(lEIUl z+W-FTcuO6-c1OF`mA1W-(C)W8odY(@f4Y$s+c)0abYaI%!O_NrZn+ot>HT8f&GubH z;q3PBjw=i@+Pg>&t=uzI`kB+t-7X(|3iH|*jF6jn@9r0|ELgE4toJlQvd4RFqt0>7 z`fVj!a~5R|3CK=KXutDvmkTC8#ExC0`!EXZ-bIUraR3S3fdV9&4YVI#m{x zYHszctkb%HTI)Fh{lD$!ER?iMcDBfvydpxJyHI_ozv`%cd)vp#((}PlJuBiD`Pyt) zxl|{u!H4bM&Nh$Rj`#Llc|g9Rut757Vd$0G(ggMVVJphE6q?=G_HO4n z`7_%RW!3TT71h@2RVmw3H~i>yBjId|<7Z!)XSEgWaI{+Y%57zwc(-z-OK-h8ZYZFZijo-`vkCiw1@=I04dJGOlz3pv?mf_T{Y&mwlW@-wYd z_d6`y>u#ujGg^7wX3T`Jh3S`fm&df~QI>erFuXm zPP8{?X4gfT)<$KzQ|`4Mtvo*0yrrMJ-kuee{^Asgdhh~GV4d-perev7lf2$!E{sp@ zY2Iq`3fbhu(R%sYtTu=z+PL?#OYOZm!mCf9>SCaB@{qp0!}TT^1m7@B(fiWp>n)R% zR-q0l)+c*^YuHv=biZt0e9oZcp8{44ZFux$kZPUE>rUCG`Pmj0#)D28tvWbGS3k5( zU-`2TE024H#f4*jbFr?q-yOe6x^C94??-oE;bm~8M;Djuoh!}0t~D!DC#{tWDo2+C zt(T2@APG5Bv`Aza={Dw?DtpJ5eP>1a=Ka#Ic%5!++vh#4Qx!{xwiH^9EA%Up#1{^@ zJ0#TW7fb!bfH6Z7v&Qa;FbMQ49wrqfl{FR5m|ylm^um0k(8bfWMeT?@ z*BR};H8^LYjPSnk>YSpX%)`3;*#IYXoAoy~hpnjI^**W8Ky_@p@%?Rky)#y)ZG7KB zqyNW}^<*-7Dsd)A%QKWKIDRGCwB#ILsk z>NWbsa~=;&%+EL(t+DRe*j*90$tomk>Vw2lGg`K7bURiks*nEe)JLht_#|ynlG$ZBv=W{hRE$xqoEA8%Y`W7{q#>3pnF z{AbDOH%@)6{vaq9n}0i~N$0c5Nivg7p)Ga$ZtJ{q&nw$@2CE#@M;V?XD`C zuWs`}T;4@}`Rs+HU#m}=9Mf~K_NgkWuk$Ic5=-6}JC)ti$t=IGKaAbW%K(WlqZJKNQC-4eh*Kd`9ry`EwV?JN-0K!n9|V6Sn;}>gT5VrDJoyROmh& z5wy_z%R`OA`W(S#hwXxHHeaPF);r(ZZ`dhl(Fc!@!(P`#Y;Lp4?d{IE-*qL8y+<7u z#Z7x!lpGwDAHraB*YX1!kvyFER3U&%U5~a86WI=uwtE z(?9Oz8afr78&*RCUqgjdcOA7fs@=~^FLM;dQ7Wns7OB;SK=0v zptdZUVxloDcZ^xlSkquqRaAL#%#0%j1^!vqFG~7N>z*0&`GcC*6?c}+T9cX4R^gx5 zP84nu;8AwNB-7LX_ZTNzGDH&H;A znZ{^b#G8|5O25R3dg7oJYM+3ndZBJ=*6@R;jf#!r>da}5Ne6S7pXiisY5uhdPANvH^L z&-HbZc6gfe(+lxo@u>3HXpL9Yqz8&~g{kGT_}CLBMujIwY8ulOC2n)$>Lw<=Pmqik zSMGa}@pHx2JaulCdv=z8t8&NKmgRnm^J6yjSfTPN9&d7Ip=*5l7>i#e@7ee(}pL{QA*BeodKX;9pS|tO!4+ zzM>lTdHopkLUpc__wn~pGc4*lSIfe+Ujk7Ne^0;YO*Yn*>Dd`p!}^Hg+_p?#lk)0t zD{)g;(J$(S`Be|&HLojI7Q0B^v|sEiD^m8YZ&GO7d>joLV{@iTniL6Ez2C^5d1}fE zy!|t*U;SY6aX`4!m2wxIfO=6)ezZKxV?%z)q=t;QLl!TUKd*Lji;+C*-| zr7fH6JE~soKVsk&mz-HtI8ahI|Fr)LX-sik{sNt9(L49N;=}1DC5=8(-)|Otv#h4c zOz9%7IFV_d=zM8FK!;ZW+1jt`jl=%0GBY$QPZ!pg6-0b6_}El$U3R;sP<+Zui_@qaWTuR#N<)?CxR+Y`l~YyYxF%~nLuue_ux*ne?d!>;2qZ3F@V1Q0*~0R#|0 z009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{ z1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009IL zKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~ z0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY** z5I_I{1Q0*~0R#|0009IL`1b;0J!kEJp-dzfgl>W$5u^%1P&(PBb#r~9^LYE=jS+E~ zG12F0#kZD@(GAQLq`l_uo88o__Rbu=u(r=tj-igL^Gco$?K08c`TVBPr3(Gnye^He z)ODAOhAz_?Vt@K$`u&VM%X7oc?+vzD;~uTvA{SgFdqy^$zi1`uZ*;h&_1$-_PmIql zDe6(MtYt{GPmj8bA&Z)-BZ@AbjfoCXW$r2Ue7Yt-Ygy364=wZpQ^j84Ym05FB);2D ztbDDi?J()HX$O{G9qrX7zs1b~mrQf=->fY7@*njjjd=rZ3|*pmVm{Nf#DA#Q1cW%>+o>%Hsg%5nK@k<(5?ekT_$BKrruk512HbjR-M9t4E*k1Cap`x{2 zf&ZJ7qJ1wa%^r?>GOa$>C@gwSMN!F_`NvGBmz*iqG7|_OfB*srAb<{KcD#t3|2A^#9?#x2TRS?g%jmJ@rK_y#;s(vH zYouR%|9hEx-P=eZv*O!Ywb^9NQQe60E)^xyE?#gj9GGaL6PlU4zS!Ja@Osg0goSKm zu!E+wZBe*v`cV6kk{$+;nu2HP4@2AyqpQ0Y?J~}kU6>~BktxFDeaQJ+6<@WUee*`{TN= z-P%eo`Y3xu`Lmb%XSq3e{^esBA} zycg2gZP%8mwi_%i@B3k^CU3RHtTXrS`KViu{V+B7{5ji_x^do*77lWn>bM|VQ+e8C zl)ZT6*zWN?&rB@}X{A;R#>=E@4*b47`|AA5gF-$8Hxy_ZlG}TJSGnW7$*)ecJ#y5B z1FO3i?J~|31wSY|mZ|e3THH(PNFaa!0tg_000IagfB*srAb{5PArLM35>3LFr_h*2A?+;pdr|ll*#t8X7d#M?*T_vglqqzVIKuqOP6uC+l69v$@mRp)XchCs%p&%&-_byi^h_^Izg61Z>g-T!L&aL5`f8MCqK$O9RPHO5`7dc7uN%~urQ_e^5ndGi z#<1YFLUQ4BqWh`oU&s1P&AnAWv6tb^Hl@;u`-9d#$xx3?A8@j9v`#_i_o7nk*oCt; zT%Vs5aO&l}K#kJRRorQcb*rk>%*2UrvjP=j!-e~{yox(yPUN-GLKB>j|xID>uL8=f0rIT%%v#X1bL*G@M?LC&K z_MU6}#p2v0mu5_mnD=U^c=hrd|E#ksUaJFl6)y6W+XzRpzU^~={oHK3x<1dpns6cU z#QIhl0|UAriZPya=kUXo552GNd|hfct9?M{*{V zcT`>S&i8+PVC&00IYM3Pfu0v;4_y82dO;y5ItPUgKi4}a&T3(e=FyaNgZgTTzqUvM z0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY** z5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0 z009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{ z1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009IL zKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q7V|Eg;r&))r_e6Uhakmmo+4sX`Ex zPPS>iT>E@!^qF+Vj?*hzi|);R_CU($t=1H<}APG9dk!oE&t%~}`By{9(4(o`lF?Jdx(+IV)+`yF#0N_>n>zHyaQ z9{XAxYue)K)~ksI_un3J%C+2~f6Fc`uD(ux(RYqc&+ZQIq!P7TFI(d4YxzKP?|8~~ z_lGUwopmfO4frYa=cdO}#W;PZc84M-Z>_ctY!q4~eUWG~uHEaDoNJk_Ed|jp$t|TB zo6`eYTMT_P|8~O5u?N+(O=V4YWzkELm+?v0tg_000IagfB*srAb*WW!hN(l%mp%%JYielNXBo8U&6O0*nV(E+ z?TylN?2U@O+n(`U9z1@ReC2L~xHs;)^VjzCPwM(ECq6f|Ecc0GscU+|c5Ai$c~Oh{ zdxKQ&^7$@HUbS`&$%&q}qhzN_7-~P-bc*${gE#e4HTgz@Br{bNvVPA^S@O8P6Ytq< zd+wo$bX>j9rH_Md?ap^Y+FWVs967nS!|>|3OGRI;(>&dn+h5UhS#O1Ln=zm5Zh540 z-of9!BF;Zd{J#9_!gVzn-!)n<_MARx>A7rGU{3EsEewGG0tg_000IagfB*srAbjO(5bHT>H)|*p$pxXWAV>tMLJ*WrwrPD`2juOZ`HgDsr2DDz zMt$E2y)-YIV!fy3^oMgIp!jZ~- z#_pe-H|JWZ-C$8@YL_Ir{N&LOS0+SmZC`Le6*y^VN=HNe0CC}7M;CFsTH)MEp{I0k z)#|7tjgqM+gPy-l{Y<2gUf(Zi+%utJqrawyD7O2Xoa<*t?|!VF*3WpnsNUzdt(t}- zoflmXuuZ#Dr1?Ra>(xpbLZmkTqq$GQyaC9Syo<;K&u^-`usXUmKi zsp=$2Bd6Kqt{i+RO>fnM5#383d*tYxP}saF2ywgo)>ty)t8T3iJuBGy>Ttb(n)94a z3p8p!uY;1)T2ul71Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{ z1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009IL zKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~ z0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY** z5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5crQ35bHT>7c`WK zT6|UcIiaRso!O4PIYZp{p97Pn3<<*TQAVbdphIj#M6lry*q_w^=P=i zYVvlYuh&#e8GOt1-O!m`x5O1xbWCk|+PGxLK<_H~C6zc+=H(i2yrY*?G^&%?lG0^2 zhnS6R)Z~b_AK#?7+ja3TC7RufZ|oRQ*Y4=J{NpFoIW}3oOUmzC`E>~Fkd^AS_eK2b zi-WFc7L&q2~J+Eu&k?bj=4{t1ULIvay}N|CvVfzEN^YTQq?H0tg_000Iag zfB*srAbkaF5bHT>3o?|6-UKTuB z*FSA`l<;wIb^ke~I---tIy$z8Jrs9eJ`AW`nLB$+o#p6#8Ma22UzqGwjdYM5k-d=z zg=}`rj1B6)N_0SxbmpdT$INb1zS)*WA-eDA=TqZ6yuR_9do){9p~|@*a8>^cvr8k- zR{k#A;NaNe?%hBWO^jdr9VZR*_fOf>KG{3V%;CFsRTe`&kC&>wtfN;9OfSi;YdhlE z_g&^RYD(>120vKrby&LI`thioLCsPG0tg_000IagfB*srAb)S-DEavk)^@%%2`V<=Us@uZEDq` z;%xGu#Y5daCRH6!T6)~<^xAs3?ZejxoVx_1S%nR#IHeZ)3sX9~J|B4^)iF+?pMBGG zb2m*xwY||~^PNwlti(|rB!=?GS;<$|zd6}j?6mB2y%g^Srsm7#=S_o*?p`%-@&0g> z?&a~9zs~P9)Y`6e$HjhE`zYeJ<*YYSh#tnNgX68d>uy*CBq<~p8}Rrd-ER6_P%_q*#3R&?GVY0^ZEA2Kp4JUhxGN7VaepUHjSIR{D)?h;bZ zNpl@`v^l%r@lU3vRU3>m> z=D%x+1wp(%d~x7>?clWV`G2e_`sbRT?xtP$@A0>FKF$0z%~RWuJlCF9H}{Agf`jG- zY8y7eLI1w4374AZ3667v7A*dwr9DN?3!3$*-JBeWV(r$Q?wXipu&ZG@?71>tnNeiu}cD+~^b1f6cTU9}^EU>+789@gB@M)Q`e zwVx^1W-IO1XEt|gqq+aDu|M*9?O605BY&Q>pBWG+2<-y|LB35Z5hDo37214P5RBdl zg3Vj)wNiVG7KE0%g3#7b5L#)UyQD~aTU$Yp>Ig!}5?pbJ zhE6{xo$jZtK^vd)*ijOxqoAw(Svcp~mwycXb!w%}Q@ukLhR<3U?mzyU&{<*Adqf2< z2>$klae}ky=W+YCxfxo{T)Qhv^-iZw^o7O9&F+J{=VqVIxqW6w@7kN+|CoL&r>kXR zUD9WYwjWl9HUu&QEeFu%K>dl)hdR|Rmt9!O8=-&RYJuP~s>>2Fz zd{no*m~mF)2DZC)*`Y_j4ExOct7=Uj1&@h3922ec=EoOX?2UhMP+xzSIis;`*tYOd z#*@-pPxC)^vAM*R(QPlK{Z&BeUwP~(k=RjaE>ifT$O{V}w9@<)7J}7Zvzk+L=j@Qh z!GYmnP7CHmYTw?!Qjf1g=ZFMzLA~$K*`IR0_9bbKzc0}&{eQYdaHvc35}zK-r`$5N z`33mbCH{O=&6R#yqSgOa#lLxQ%{MRo<5q(3iO9Ur=#QSUqhvCNzs8!WK8573#;4rr g&%Fo@|NNZ1c}j=7f8M8gc Installing the certified Dell CSI Operator on OpenShift --- -The Dell EMC CSI Drivers support Red Hat OpenShift. Please see the [Supported Platforms](../../dell-csi-driver/#supported-platforms) table for more details. +The Dell EMC CSI Drivers support Red Hat OpenShift. Please see the [Supported Platforms](../../#features-and-capabilities) table for more details. The CSI drivers can be installed via Helm charts or Dell CSI Operator. The Dell CSI Operator allows for easy installation of the driver via the Openshift UI. The process to install the Operator via the OpenShift UI can be found below. @@ -14,18 +14,23 @@ The CSI drivers can be installed via Helm charts or Dell CSI Operator. The Dell **Steps** 1. Type "Dell" in the OperatorHub section under Operators, to get the list of available Dell CSI Operators. + ![](../oc1.PNG) 2. Check the version you want to install from the list, you can check the details by clicking it. + ![](../oc2.PNG) -3. Once selected, click "Install" to proceed with installation process. +3. Once selected, click "Install" to proceed with the installation process. + ![](../oc3.PNG) -4. You can verify the list of available operators by selecting "Installed Operator" section. +4. You can verify the list of available operators by selecting the "Installed Operator" section. + ![](../oc4.PNG) -5. Select the Dell CSI Operator to get further description. +5. Select the Dell CSI Operator for further details. + ![](../oc5.PNG) ## Install CSI Drivers via Operator @@ -33,10 +38,13 @@ The CSI drivers can be installed via Helm charts or Dell CSI Operator. The Dell **Steps** 1. Select the particular CSI driver which you want to install, as seen in step 5 above. In this example, CSI Unity is selected. + ![](../driver1.PNG) -2. After clicking "Create CSIUnity" option in above snippet, you can set relevant parameters in your yaml file, as shown below. Refer to the [driver install pages for the Dell CSI Operator](../../installation/operator/#install-csi-driver) for information on the parameters. +2. After clicking the "Create CSIUnity" option in the above snippet, you can set relevant parameters in your yaml file, as shown below. Refer to the [driver install pages for the Dell CSI Operator](../../installation/operator/#installing-csi-driver-via-operator) for information on the parameters. + ![](../driver2.PNG) 3. You can check the driver installed and node and controller pods running in the Pods section under Workloads. + ![](../driver3.png) diff --git a/content/v3/partners/second.png b/content/v3/csidriver/partners/second.png similarity index 100% rename from content/v3/partners/second.png rename to content/v3/csidriver/partners/second.png diff --git a/content/v3/csidriver/partners/tanzu.md b/content/v3/csidriver/partners/tanzu.md new file mode 100644 index 0000000000..d87473e1b3 --- /dev/null +++ b/content/v3/csidriver/partners/tanzu.md @@ -0,0 +1,29 @@ +--- +title: "VMware Tanzu" +Description: "About VMware Tanzu basic" +--- + +The CSI Driver for Dell EMC Unity and PowerScale supports VMware Tanzu and deployment of these Tanzu clusters is done using the VMware Tanzu supervisor cluster and supervisor namespace. + +Currently, VMware Tanzu with normal configuration(without NAT) supports Kubernetes 1.20. +The CSI driver can be installed on this cluster using Helm. Installation of CSI drivers in Tanzu via Operator has not been qualified. + +To login to the Tanzu cluster, download kubectl and kubectl vsphere binaries to any of the system + +Refer: https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-0F6E45C4-3CB1-4562-9370-686668519FCA.html + +Connect to the VCenter using kubectl vSphere commands as shown below. + + kubectl vsphere login --insecure-skip-tls-verify --vsphere-username vSphere username --server=https:/// -v 5 + +Once login is done to the Tanzu cluster, the installation of CSI driver is done using kubectl binary similar to how we do for other systems. + +## Tanzu example + +![](../tanzu1.JPG) + +![](../tanzu2.JPG) + +![](../tanzu3.JPG) + +![](../tanzu4.JPG) diff --git a/content/v3/csidriver/partners/tanzu1.JPG b/content/v3/csidriver/partners/tanzu1.JPG new file mode 100644 index 0000000000000000000000000000000000000000..78bdf6b437a9fa99f13cfcc21a29afe30f22a403 GIT binary patch literal 964501 zcmeFZ30zZovM(N2+>piv6@l1-q9Q~QL^0&FZDT|lqqrbzMgaj4(`=GJ$g$l}P|^l9 zjkcr}5El>;kS!1q5F=4^1cPyM!mI%w&A?2Zv;{L6yqgXF z*clUmnF`*6t!Etg<>th1j2;H_)$1Muj28H84)~h@o*083@G@iK-IvD~4SdnS7Y%&T zz!wdC(ZK(U8gN{@%<)i2n14VZkbc@vQ$A%A3qaP8^3&Ac-{-R~e|kT~(i($dvHtr0 zubIV+pC`2UCA0W{(T2Xr{6zy_H1I_OUo`MV1Aomu&^I&ak%557KeN&hkY%)DM2{up&xMT zE!N>Mc!>JLA@4xnuw{pR{Q{2LnGO{3OqT`t*qORmJFRp2VVkdiz>dfe-@TE$_IXDJ zdT;hIg$UZS@KjrB&<{brVTYDcgN_{!wWZoE|8#U)@P6WB+;Rdw#OH{u^LN|-yao8n zZuy_DB_bliB4UFDCBzT6e)HzdxOJ8|OG|UGg?T9Lc-SGT`SDQWKOf*b-%#(6fFHsF zD94vg9PrR#N_d#v^6>BgAKN2`j#wY|@v$~Pd}xD@`TF%fhs+Q8Y*=sZvtfgejrICX zmPghfUjFCP`*{C;_8-DSj(s|}k2lWum~W8p@vu;!jrF+YxZf`N-*rx>0Phe=DCJ1l zZhuM`<@fW0l?eLFH=kDHhl#I0tp^bL^POxR!hD1Fh9BNX`@xs+eRxp7A&c(=P6QnH za|k-*=ZnYvgRSwn34Q%RmVd8sVEz9n(SNipAPd;Wc3X(=p)lX?z>_dxx#sIOny<6k z_ZMrnu(V!>$NkNA|C_J;pE3mk-pAY4d*a$DA-^eZuW#`GnkgR(ApEsb_)SLe(Qj|S z!GT-NoH-MZ`{Q~4;}U-Q1b7wL?{^;rdoKHLczij@zog_Z>iVLte@O%X(#Bt`>x;Vn zB@O&b8-KB`|6%I-YaZ`=93<}%AWPRYVYXo=gU08iNfWP=CmvI$OuSB;I(5p_>C>i9 z|Mb+FIb*ukOs(nDXUv{4bJoNIyqhz7)|`nyCJyr3u9K%tnKEsb)^x2;oBT^Jnx`1u z8B^YAot!dhIcBo%q$#?SH02m9=(0}xba{Vn&4RxtPnkMxx)!*M*XVv)@kK;jnY>zWoPW4!XK|`}iL5^A9*08Ww&cf=Y`#edg@B znDZB6SqWFJUSt29c>Q*AO6r}oyZ7!t&d$kwl9yjl_^hnF;(6r@{>!(u@9OFs-hXHm zi6!kFon0Thd*p*d!y}4OWNdswu1T0FzljB2e=FtwMlM|-*W`&c(3+5I(&UH^`9IZ6uQL*}i+Q@!=B+Igofi$EG^epW(#265Uc!G^+`qAi zI-bb1R)gufBD{)~C3I^rLoX>Wnf|~&_I|e1pV>!-1~Zeu(O~d*RCmD=a7Y?V(q6{C zsO?78gPF*7{Qke#%VX!yR@nXb%lg9s6c-uQgPhL{=5s3>p&$;!8q8RSO$SkBG7hT- zZww|kuK#bA>tDaZbqc>L8q9z06%XKNq%;jiu$s39`h5|MYJiWV{lVZr_mST<=rUh! ztVooRP8#NXG{5sMchYFa*H>0C)rv04o5|5+pO zF5kakc_EK)-Zbd;iw5%_tJfz(S}dl;iRy8YHCPK z>S6b~zV z!EhWkn90nsYe?@|wu(nVn}KmJr~ISEgEScJOfhy`7hJsz9QYX%34*`UVBW;}0Ua>W z1sY79hX#X2<5aVtPTa`QS>R;ggilwX#I66SXMsIb8+qs9kM`MM(@G6y79`45fne~h zIR~8%A$!pKUBE@V;WpqR>ogehCNc^`s>$T`u+Px%GsF}yo5kQ$0;RMES*hvq5HnM_3p&aDH($vg*JD&cx!~DMi4%w(KbK!59z}l-l zye}I3Yc}@xL*D<^fbx&6Jr%g1cLn)VmO6VyWaj@J7Wg-5>i<$e{#<`v|D}{h`EN

81L?En5Zn4^1K;lG2J-{@aCK>iQTxqEu*LiQid{)c!v>ECq*5>qvY z?x^2$KpVYk5Va8&Z1sXo�W4S7n{Q!qWPke-G2{@1ODJU(WqA?2;G#Q#tbIF8QU( z_?s%@!5`x970w@Xo6NtTaoHtf{|kEm{}T%T>8kZ}PX>nb2WsT+8Sa07{rP`oT@C%8 zp6TNL_5xSKqQ!ETPwd)czSo1l52{hy|Bn~U=$}qdobAPiw!5@`<{kVvQ3bX0{)iNx z6`FmInoEPRH|E?p>yRG_xX9u!Jl|BEzi7gUicARn)lkMwWV^rs%&(9(%7fW<%shsXSughENKBecyqT>FxK6n76wEF-EAU9_~JviSw$tYHrpg;U|fMJCl{+# z2fm`cZP*+hYCVhwz4DZ=6=lxTRq1wSAFY{WzfhhjtpXa|%v2mvr{b5&IL{PtqwNV! zgkeK@cQUhDY50qLEEw>7-?vw(lTjd#U}tB=;YWxqeT3;^{9?#Jxmbp53Vq!`czOGN zx7)*;>D>p$Uo#^N>oVHc3j%`;N_;|yrsD-`>cWYhB#S*)d|!@kwGZayP|EGdBJ5MF zK7F68<0iL}8ACU_dvv32E77=#Z=yHofKBYsV5%TizVLmS;#wW-&pG!PDmT>AUR0?+ z=K@9iO7BC;pk&B+Xj%U0YIWC#eq(AoQ-jI9-bIZKE{`%UjCYUCIGJR@DHXhkTCuPL zdd#lGEu@FN#RuF)vPqB5k>;p&)Z?K;>Kg`^$F3>ZMjj#jP6yKgvvirT5~-{2pg9_)LKf^UE>^6Ccn9Vp_s8u zUBsAi(DB;Q+hf?x~|%p~iy_SVZ=J>Z5-c!A|kueXWNzKW<_ySClA{aEEG zA!$)(Z{t)L;pGQ7x4IP?jC|y7PlLRv39NI_iu6}YCB#ypZnr+=d=54?$)Kb*JZ|98 z$Gm#m5$?6oQO?l7)XRJ&ABr&Tmw>)XSkz8N?N49FRP5y7{}eWSAXe>p&$EO!poIsHkry-OIX-anf1@JFn%NE4Q=i`m z4AjdG>h$n(2O6s229I&LENCnMJN}}V6!1MEGxnZhZftC4IDCn$rLvQlkz#BIDoEPz zk=P;Bjt)gwSIH5d=63P|34S8?V3l6PfwcQQBpgfvJ-5x7lJ_~>a#$%(w2F(&`H zqwg-lZlaiYtl`zXDwDTXwL7Z&DiVKgXGL8fVKzSR@oUJ5GUixp(F-4LuAT(gb9>)eTzu9BI z0Q0v`Gs~MVe;_W4uagS1N1xArb;MT&#b)ZeUn;2WPl2pX&h_?gK503#{UURxTtD|# zPlKCYc3_4p;X}~zc?VyN?7coXbn#()(5b7dGlKd{1ZgjoV@9o8ZypZ8KVR6LR~24e zxYMRCGNa*0bhJG!Jf?CCS7JlW+j?Vn4d_%&MX=vIA$%>Lo@&bO=wVN(9#rv71|_ju z;I(`W#?w1(@Q)$3*Kp$>uPe9!q$Y-Uu)Ei3f zoLyM?u_1z`3TRlHid3Zu-7Aw_9TxrQo%=+&osDLzEghhGS_oWA8tZb6?5g0*<4ITC zQfbS=A98{NjZO!rBQJY;R-3Ti3abbEB+OC3NhDN*5TU`WmHevn-R**CoP<<*GwS&~ zy4@RwIn_&9u3Kdi^6^^Z2$y|%4DN+$z*?utu@$_t3~kmpZV`Ql486LNy&$xQ)96-F z%zH0MP~fQ>MY33pa~f+*R+x>g~IB zB4Qp~#Y+q|RfDFA>oHtCkV zj~jKg)a@MmUZ9>4?rmpQO@B&Wy@hc}{EohMrrIaO0VuwmiMr9QzV>9i6#}alO{piC z_zRcNP45M`8IZe2>j}nrtWE9UkimS@#EwdnEAX7TJ+VXZhcv}CBueQ>-;gC2o*j`I zZRuWX%yF$T&;7Z--wNJv5D7kmU|j+{aj6VBv&S zLr^^t@LIxO~#2}5sO&ASf^h0A^ z&aTDwp{?3Tt}Ih*-BEu-rW8lSsJ2eDkgYK$rG# z^tiY{@#Yorn^aKn1n!uyCZaiU2>%k(vnpMwqldWclTRBxYsH%vFzWV@4FcNHfF})m z_`!ai@PkiF;^nJP25_0)YkTd-WNHGbu%xE_lC|T~z`O0N*A9PKIC9ai+8}rP8mW?d zmouiS?=Tiozl9bwb(a`4ti{_y=aUO!Aq!GgQ>94=4P3f$6ChLo5iyi7N=#>fC!Ei$ts?0~W!T4ydHled|U z8?wiXVBCa5<^zp!248PpHKk@%dK}pZncD>dkL*zfJt&zk(qJC*Bh-0%_pt9#0ald* z+K6>y;nVNQw~0zlx5LL&-@cJDYEt?4+|+6N;vvhI&9a4KRd|>Xc+C6616M%;+ zgY2xAX2y9fb#%3YrT+as4H+t4-@t|{C1qTIj1EB^Y2$^Q?~zPdnTKqj1~bnJzMwy? zA;w&Cxu3f=Fx{Q+hXr^uiu$p?S^Dn4_R|vKR3vW?=X)71Zn$`R&+Ga|aZhX2?s%~y zwcmKiyq&cPc<3*eH5jmHNmr-e0+$=l4vq%bt+OpJ!Ljg3PMvXny*INjVi8t8V8G$3 zn^`nY5pa#&(?=G*>W1|hI=v108A+Fb?M66L8MqBz@l9TN2}%epfoMveGT;DLSH4s< zP+n~06eSW|%7MQ+SczksD=yq8Mqm@cfP(79$0z12but-DoBn#38HCdhW>)ggzenO?u+$RktvRuK% zu$;P}VP0NKz~iI3>f2kOF$BO~Jq;dy%XRq^<9XAUoe_o zm4MRt%9ofow;u-)mLYR{%R;G*4bL0#*X@7@)Mpso!+wye3h)JZK2(SH@9d!OQ99G- z)G+4vau!=rVv`otTNTf(CvEIb;8+wzGC{1=$nm*FF*A@Vt@mqBdq6c@}EQ4_{P9 zy3mT18(f3sYW0QmrWQ2^Eu;Z#dVqR`=&FZq-7aV%U&PKlo;%yqs6k9Q*IxL};^DGK zPXL|`Sy+HcDT#QKWC)^}z=O3Yt%21I8vy+Y8fQ7E9F%LQE~Sx_(;59Kr^+gfY_BOC ztOXV%3kP$ll*_XaR>zZCLD~y--E{CP+2g?}ySYuwh?6Ot_9|lD;Z5geP)u0lRw_lR zH%>pH!3@484RczFO5VuT(5LVsbe?KASgU6_$W0MXSItBTAlPJDP=7}#@HRada z1$KTC!BfH9ni7j7diwxz6vvcd&l9km3a=^1*;~EW_wy1J8IBJ1-uZbV03bu|@*o^9M!)pw6@uDX_N^QVlDK<2)RC-Q^d$k2;&7qgse$wGEtQtdj4F zp_s<5$WPc^QX)6Z#^JoApNh81)AN;E0dAmS3U-c)%v5lkCh?G5t=5wLs zZnqe=Lfg@~9xOsXUeHSH;IB>cxLSeMk&UdGXL#A$AIP&sYsZc5g=63I9`{q=w`=>2 z^SOC>Lr{bX!-wI)8G3ut&MkHf%y29+m3qo3V$(BWa3gUC0^dhMpX(1tE_|5U#(C1z z95DKrXmWY%ax;k421#U9b|zU~SpmF~r+wV~7`j5WOD2qIpHTFSk>Vq*wNmVepgLjn z%A_|nt|hDFywfUO(HMTe1h+UKl5iC}{>ssr7vI_nDFaOVd!X6K&{KwuOsHCEq%D8K zOb;M~BVBlM<32H%0*r*iWsZhT%CHY*%s^^ou-NMsfhp?}H=I*#4fk7=7#?&xu)ZM# zB>N3JB&=Mk%moO=t&WmoxYVn*KQpJmo4GIRNnyOh+IALXxe25tu4w;Bt5xYs2&?Ee zOd^NO7VE_*mPYSYZtPJi4?`APgdku*iJfpdP*lge>o(<-n8J~y)O-GfjWq+mf@J5k zE30x}{Ep!<0Ee!Im8zixv~c(Ix`hI&ju;p+ITj0Mdd>#Ox0IpFl~@%FK7;sCIOU2Q}0(wUM+H}H?FaEG#fL{ z%P)@KY|MgMY5U-+HoL~y3ONsm#M8FQA7P#^!PlrDZ<7)a7u(i*hA9)d8(zg<@0HEo3I#y%~Jo8NQN8U4{%bJhH0`d(Q} zeO7RwVavmWpiFmu@QOTkCoPGb*hyoM2k=E`J3t(S${dSdR{j zvWOiG52;lZg^J?j-lT=d5{b^tR}w>P9~u;&XTsJShZB{8;q%gzPuV%XFjMqn{T}iL zgelIHO532=BrSv@-Xb_Xex-F?J+~kz=jPJ=O8ergyaAjAL<^lLjx?ATETX5i2J@WM zh!f|Plk^aG#nHF;MSiJN>~8ecJ8R0~3RRc{B5wX?RIR|&?tI*DjDN~<3@%`m5% zA(zrx0riY8tDe+H$qrnvjvoYdrsBNn z<={PrCF31=24OjM%XamxVd116TkIw4pN9`-a+hjLi=VUa@(ozT&geT1gjxWL>`q2M zbBy)^8jE-x^=jczL@X4*LrBoE8R&GXjpDY9cQ!0z?lXS>?I-MAMfvjS$t(IU^V8rI zFuyk_0pS`D=t5y&&glW56N8=WLZQx?!0YfQ|_g`jza?jB~=CtpClg;OQ4p96rr%YaN|uv z>U}Tw#>S?KPEU{Ks*Xwnc&N5I!%tcG%a5edGdTxzP7&6q)+4w4?7GUJ3;NjeZQ1Oq z!i2K%isI&Az6RrjFEHy0fREuCzwK>9Qdm>XL1%q;Jq8 zI=NbjccxwFjOGB2@X6I>(Ik7H-d4OU<_s4Hf@9uA?*6oo<1SYXSi++Xdzyf0X)tys zEH11_Q9nkF=$q6@{Uu+kOpwyHDyie{!uYZ>Hq@jT1>~OMXGuN_R4lF0Nn4nfB-Mp) z_Nqnw?_8G1^!tOhiHaYl+Egxu&+~(=l3e1B9nOy5!fc(Wt-e(Y`#}{Jh8oL_PPYkl zgw(VO{VOMIk8=W7w5Ug_c|~~>9Mhh?qlZYNXJ49uBE^^7sB}j7fVMNDe~a+$bTj7G zsBFYcV^V@MyN}~no01prNW+=1NEVx+w;(1Yg?DK%T5wPhX*XggrZk3@YcTp&g894f zFRXZH3Jp%|;ivIe415?yR3LkK3(+Q|RtpDUkUO3vlazm|7@M_<-Hi z%(h}@rg$_S0$g=MwYmcnRk83nD&Q>%8({LZhM_n& zuNy0viWKMQ2Tld-(Q6U9{ElW&6CZ1j-^o`eGpu@rvj7F8gHS{R=cFU#h14=HlrNJ$ zNe%D#PzfNE<>BFg9l+;HnAJe2RrmU%PDa`<1Yo06f>Rxn@t((Ff8^!(a?Z9FHVhZV z4a`PPKMVG7Z)yf+qO=DLp{0XK2oZ!0zeMz5fd&&t*5d`?&Xmk=AZ$EZ@)Z(cdM*sI z?C*UhZ}H;acSs`wJbD6G@*45HR)7Pb#L)S5Rr*rEA`&LoaCHLZ#uY|uYKNoeit9Iv z-{lq|Qe#lN){U_o4x)HutPPq;pWQ%!sG-i;@{P>oj}43D4k9JeZ_J$_V15Z9Dhr*} z!slP9yPlqS=kj`-DAiT&LQLI}s0XSLnefL>*+BUvXW{p`c`_~=d#tA4!kFa<10e?c zy@3Kum{pm#*QgVJ-s81Y4vQP4=HW_Wqe@H7fkjhJSILM9sakL`9d{h+80|wn;3F*C zZZ1jg_Z*s3g7Kg`AZjD#J?bezJFBv^{xOjP2d}7PQ-Ualf<#mBV-OAv4*XIJ(tM*t zds^DFd+@Q@AZokyVi$=J*!xy9(S+@`^1{Nt>*qM8s%)loo&h<>y@ zi#RQn3g!q1(31)Apj6rm>J{Nxudiw{3Fh=8GBvZ&+&kW!;$CN-Zv4&!93Iqo6P8T_ zOh@=@m3@i&E_V;jJCjkJv<4wVF*vLIb|vwGIpuhJegYavT#;KHJjNiizcIRLPi6L9 zmHR2qAh*OE12;MulmHgdX3xe23a9u~(Uzr6)B&6~FckqZ#sUVW1guYQTH=0uu+pPf z5BtRLH17y!s{h7_NUvKf%8ktH`wu6mjk@}rJ%~XRrC=lp@Hw1bP@aTMR{C*kJSb8f zxxY#mfgaL##MVk(>Q9t-T>{64*pD4Lnwm72CI^%FI1T0^Vs7KxB7%I23G^HzILStv+8y%cygKL zDS@Py{d`AFALRI(QRV3=9dgXViz^rlnn?w0nSob%|x%$t}0^6NR2#2 z0K!ivig;%=7y~XY{iw5j=e9fVdoHVQ?*Mw^jK9PTySpc*`way>NPfhNMRjb~bo4rw z*(~2u@HI5}_M8=EkNv{LL-s!al990PBe5xd5IC|)&p4O$cxlpTrB;lfox`pRA5kztX>M+(;{_>NA*4w-dC2JYA zyd1J>o=|Z`CM**gQ03eJnc!gj>Tn0jayX}H``|=AmH72w%GOW4wg*2MJ?A+bvo^DH zer`x|y0$r^-xx$j_qC>hknjYM?T5~UI2MG`JcW-6U6KL_dbjGs$X-wNs{|HP}QYZ@jB>x7GkjMHoV7 z0<{y@0|Pjo4f5dqQYbr3x&@$dmdw1eT=-$MGEl5-B;3n-E*`Wah=o=8J0w3n_s);s zyrF}?q?_5wAY)Y95UB<;UCy6={ZB}^s0pwsO!OPZoZ>v-UlFDQ77*a*f*M9WKwV=C zI>8&2==X6IWW|0QJlvADTkE5_R_X$qotPhI2y1z=(UkeCE}uDlT&va2tc%yw3*0OY zfRfqvcO?c+frb?$lGJMUiRXJd?#~N+I-CjeTS)_xcLZL7JlG?5E{jSdci#&P_6uqs z^YY2$4e!r<^b)~Yy$X5noxEyI==D=Y4Xz>Ja;K`&E^s|WB}-oSbXXtS+>kbN-($C^ zpSpx9Q=xOufot+3foGix9g?&1?5IW0Oc?hXeEK?`-p{rGPvev}=J=ZxGGKOy)9P$0BsfnGJ zZJ-_cUpzy4BN2bznFDZLntSUva{U>3&76`Tuh$1kV$*bJ^0MU9ibe6tGDY6C zp;GhWU-C@E?iZ$B`1yO!dM1 z!yg*cDk!?1*x{MpxlFX+fa&?%3*jwZfkl@=_rVM>u4Y(iro5^Rx`>Bla9e9}ut*@) zUaH)w!MJC|LOBjfzA?z=5IIy)L zOoP#VPo({cI)EKD8)Bm~os@3${p!>bEW#urJeoT79@PtN-NfB$;^o1<+)Om>Z`WY% zfWSI7&sMqR>Gk%)Mdz1Ir?l{u1^)M96y9mOM_#VFUEp*o)~rj2tb+SW1WS<( ziDI7XAloSBBQFLX9#6TxLsWEO`BnTqFX)#!+>mhKY~P+FoVr~=I^(6?Krp1Qk_k@I zog_0y)I|F?>FJc*s#K#Rx7G%mgzQ55w+BA>b#m;gPtQ5U5yU+C+zYf@9nph}{|urj&fv)&^uvXCtxCf~I)X<<2&r{%nh5V9QaZbdmFNov{GZ$ljyh zOh9A?9H4hAz&zzfogdRXhmxzo*bZePz5~67AUZnQG%g2;+H*J5;unl z z&rjM-QJkzNXdzQXXsSFy@{oD^$&Fv%;~%#ktzZAWcwJ}*u`@iP%_LfAcr>jqRYICW z--j53UQ%4rJY+}f?3fBY_&Aez{h1kUYLtL&Jm$@@#P8q?zuxM#Su}vGsAr2Qi{4X< z6pz#?^k8{#SQHa-01@iE1@{uD#9hWB@bg~{CeSVtld3q^Zs9FPOMXv z+~Vp+o~T#4ylFoN3@6m@@Gi;Tlq3v+({~Y&9>P^QteWR8(z_vZlyIavvR3WLUe_Bt z#vrn=?4daIi@ z#8|58g=7#N`w7lNuBT{i10y#9xw(ZJ%&AC~LtuU~Z1Mb+cxe6>tn>+DUC($%o)+^I z_W^!}PGeT;Kj-Nv=n*IK^xqYAMmiqzn)SUHRZwrL3xYB;u4w*-lho1(KE zB~ISk>Xz>q(caiq_N3M0qscsPwV!g~NaZ=aov(;AySqg1QDTyz#q%u(eG&$)T-rEg zM10a3=;Wu(yss*6I$YYDA^7V37|1>X;|4%+_Ne!}BcQ~UIx4@VdMmsT!%TXBoHX$D z+hcG|I(Gn3CXrf7DS!hssbFkX%|^=PF_pquZ~&xFMz*2zmZ%=?{UI6w3)HWau5VdT1#?c>EDy5JkSLvB?wInS#01N6uQ0cw| zy8vi~20EzYaH$^L#u0(MX?FNV0#A0u3y_d6$9|FEs*Q!0R55qpx+L^UV05;|!{c%Y4v5i6DRL z^5Dwu=OUR`^0ca;1(>SK-ahS=s~t%; zGPFqMU5cFxw8)GpJT~O;D-|MTAs13Wl3YzHL-&O^n6iQR7HcOuJ+))qeaYN^Z>dS;0iV4HLvIGL8No001;cYD=KVZlj>8_E?`c z_%{a$UFznEx?o_<{X;$b?rnx+63`ZKcWgV;2KUPQ^s{GdToW4_OHv8vn7O55V??y74Vni;bFoyAhEW4~) zBV)uQ_p}-m)TSX6+U@tx*}6Sge`cS&i3^A;&{4D+GHWbZ$an=$Wz1AT#mIh{P&9If zBWiK(6pNJ(*Bwmr@>vqKA3xY+Vp;CMJ-t(&^0J^lzO1)mBVnD4UA9S5__qD>Fm)i@ zv8pKAf;86cH?5lG-UK&olB65|cwYpJhlL$mEqy1Rlif>rJB!iY0m)T_cJ)BN1`{R5 z_m7q-Ho&FMIo-KVb6?x%BTIf59J`jK0;y|Y1^F8=PI5smENclZb$rkas=;x)3Z~*x z<~TqW2nQ;Hg8D@jI1og1o|AMxmaIj76j5@I+F}#ciL}7`9&R2c092UOPe23X6YF2} zFu8)T_zl-v^om%Dn${YZyv=o-X^!gyCg>6j7S7{xgA*Q7;y+d?g=6bQk`1${_YU1B ziqF8q37wfI8}#$~K1e9j(N|bK!ZhT7wrkFoCNhQ!`V_j`y?I}KULn7s+`P~Y7XQ#a8a1U>5B=aMM-qdWL1hgx$FvdBkyE?SDkcZl1Y+xvnN24?Q|s# zs^fQ{16A=Q`N&?SscI&I6YC&5xwG36jqAK~l`9^mJ_uY?coPiQsD|=b3J1a~ta?NI zW7S^eT(pW{AwN5MDOY%=UP?>%q>aDIEx8vpE$No2YB)b9o|N4TDg#erRzd2I8Kwh9 zebm!9CiJ-LOc$TP*ij{nvH5UCT{i&RR2UY~;xD)LLh~4nt-6Sx@>^jO@)NSRO`0)q z7Hv67;NLyU@mJcl{(1pO`2Huj0kUa*!aJ5>R+cok0i9iy>VGYAe=I$uw%>Y5Mv&wb zw9#?P`?86Xn_M=|bVIV0c61}8EA=2KzUHeI&b?*CHsz$Y5W`obKIfRKw=}y0#|CBU z<~0{Nk9ki6IcM^OQ*z0ZKqW@?+no@tPRh9N;mHpMaw)%KIRtmoL1R~7nRAd%H0SX^ z-y$ItR-|#%S*Ne=v`!QB6R(!_!SRGqb#axda+;j&@-_{GfHSHEHR2+sbR#-nzOUAO zOvnWdpT`p*`62`s7Pj*a!KcVNBc5cj-*ZF1(s4$Xcnj_#W0jMZ^SgBKBu@*gV)iIt zmC*;IOjAIkcYBq!!5?%Kkw}o(30KMZO19up?{$2{%(R|7{W@t&X?$3`&5%g}%fSR- z02mh-!t=)bJjo}~MbxFD=xeFIZP82n*7xdnbY|V%p63iD(t^Kc(SGAOK@JG_beGNE z^DdM#s=+AU_IABLN(*@=Di}WVb??AS_?22B#(o%8&;bX!6Md1lD6hm4aWwF<2;|dU zqXFsCAMK|7jf3gWql-9=x+vO88VRAnMT3&e0)l~m<7f;4`!Q1I!pO&wOFIR`yi*#? zfp{EF3dRNpOeR?9uGUrRb39+B9<^}j`SpfpQ6~!P9&*)(>znp*PYHGd%EQBrX!@bw z2SE5`zE}1FuYHW~$wfOGrko91z1Z(VuEE>1e$d@X z(B7Z2r;U~iPI?*3Qrp?+lAIg6YY$!{ua0n>G3;yb6U2oKTzY;nPC6txcW}+%o`8}A z!%lWVj8Ww{RzQy~+f*Pi@;w`O#fNRXQ)-nFbt1q_adaS5;GgR2b2vU_-KJ%Vl*~6e zFQ5H6nf^;s{pt7pz{dVW(WSXV<=2~0&m=&Dzj}Al@0fq;&*(RGg#&my<*K8cc~)xE zJ@RvR!_)-3@}Oc=I%c-(r8u$ zN^z~nb`P=q;3b{DbL_19TL+^TMDpB&T7EXNLk@{?zz<3-@nNmFJZ&*km&zC_H(Il& zaS$H9upF#Z@EEYICfgSEW4!&ZRZ0TgI?3Ftb;k(lywO6mN|vh6D0R;JTZD8@3OJQv7w4t9S;V$pzhR2 z13+gUmZ=zeal}0IReVDq=guO4L zRA$JHL$YiU`A0BdCV}U+AdXHG9L#a+^Joo-DwUNJ6Syv&U?_=I4BN{nW$+TPCOh!~ zpgmKPnAT&{2%j7d7!EYtiL(SVR|Mbci58H#vAP)y|71^G+lhMU5!81hwfv_Ksuj$j z;&%~|@QrjYzGAa+LN&7w^{pJYn%I_E6~D717x$sI4A$cvgRwo(0)kP`d;pxXi~i*I zh0U-(m~`C1l$Q8?=ob&RgIN@%z+z_|JWnWOqb#DTh@&phU{Z|^$+vBn3C~KQK-_FP zt~N+Y-#}@LTiu@?_MTg`CHjD)88e3#47kU3pc>0U9FwCB`3dI2rJEqp8d?A8FRn(3czu4#&D|mX*sqS4%zu8pwuLtD(RSvtO zX(G(v@I3I(hVJ%U*E!2DhD*P*$ic=%29=~@V^C}pnQH9t?$(gGif`eg^zHk!GEjs; zcn?+w)y8VkN%EMA4DWJYV_{yLMTR6sy{HNm)Ji3Tl5FNE3$AkbG$woJDy{;ItBivF zR^`uqu*jdf(r#z81sQTIiSKcAtlA89->k^F%*U!#X)2a6>N#jcQXZ#M@O*MZ81;Dg1HOsVc4&io<;2A$r~w^}e;Ff=>3bm4l8|DT zO^hx~Qa{+A_eg2ll#%Ng=P)tl$)OQmfsqz?`1MZXe)2dZG?r>98fzqxzgci(4A8-CNLKFURFXII#JH2&M3E~d^lZki}9=aRI zYqC7p*t2LO>N%hqz9dPg28GZQhUYQR&eM^x+j3J!IAxq!>T^!c2e>s@E*D`etUJJa&Zw8;8|(D2|0KcHR~ zEg0Nbak&D-QQ-cbE(lq<41LYh!aHcip;)?|(jwI_&_r*MP2nr4aAIQG=LE=eSfp&Y z$+q@JYo}%V=w=-=bu43sYJCIukbJM06N|^D^%QpSp5Khrwop1hilJf%w)*zp3hvOFP3IiJ zxF-1>Pegv@3#T?$hMU0h^*K(Aq${Y0EGWKaypV7jZ zI)K*_c|yd5gEd_HJ3X8aPqIKk)7tuSvvE9F6B^&kT=`8;WMu{Uz2rF=%hi?L5W#1- zi_$$kj-JTNt8oYxYkxZ=eM|)7*f@(VffqnbaZ&Qkq|AAAoD3UB4+f0J1%1WouHK|Y zN}@u0v@wO*2a;@NRlZu7*un1vJvTeEAKz&(f8u>GbLZ^KFG03aOd`wK^T_YPyrx$r z#efB;v%sAk7LBCw0E1xu9_4Ft?^s+~-`HzxWs+$&vP53{6q_SFpNYSu^E_!r!dCfJ zfhs#*+$xk_3xOL*EzLxil4(@4J$Y&t7#d1iBO8ddupT&n{Y=TK`eWRsccT;by=u?m zPX$BKm&X{Mybr*u(p1ABMZPM-iY5Ri=7KCiY;#&thlfDGeXztLg$c&20C@@Sgz*g9 zvu#0e*#a*Q5Gn7+KjCD9%rJ9c$+l5?4F5@q!9-j@LFFn9K=V*Hx}#c%COx>XzQ@%T zkn3Rf&GEw(%`|jd62LBY=IG#@*K+Pyys`ySYkrv6D}ECW(?Zt zwL;n5asc-`K$@YXJ-i{|^zlW4IK_BpR_ak_f5yrNJeY=<(b8~UGGxlKTjR*I6gO_d zzmTZA1}1W5C$kzW!=+BL&X_<^@$}c5)`lq$N~J-`pK=c@+aR22s)S5OsBfVd+e;~r9dP4COfVxjF<`Y}G~DJqx&+wNpz;>ZiA@bisH`hz35*&p8q*lJfcrhu+Xc0v{K zT99zT55TBpkU;qwi0ReG8(WT*6@0CZssYItNxPmgPqnEIZo7pV$XbM_tTdQDo{nni z&~VU7vx9G6gG>->0S&_=a1j{Pb5>1~MVywxfjUg#%tNw=9H7xx?QYsF4KZjb_I*1` z{1V)i0d)32-NjbE9Ni$RErn!{y^)eI7`dBV!+Q+pl+>B3XcJ?(Kuus&#P#5KWuIII zm%Ajbe;1xPBlH_7+i4_u(j^-V*LHz7-O!NTXw@sb7;*iZQ#m{0}x{Xr1` z-d5!z0c|&Q&gTgiNW+-8a{W7O${nGX`aY@Eod{S|Ft(owZYXl}4*~422D1|TX#rBP z1l4B5T8Zn0WTd4|-mbuf!c%&Trl7U;+^wO32JCrW>KoPhToydS@sB527MSC0yo;i=&RR+2+xtEp->hZXR)sdg0_=J?;u7`|$ z8GAY7O0w!Q+iTlXhCW>vaRK$^R3yPhwd^|iGDT#!roX{Sxfb?|7lYCFW{+r&nw)5I zLXHlhg|J}fAbII~SAQU^PP~y$&7TIXGIS&>I?i44#f}$kp^n_ZwN!o@g`|;>1;BIZ zU|#c^I)>>%f7GiW{h)i}QMT|Xn34b^(p5}gl;GUvCJ*6#>O{he)EYebvCd)k_D6lrvoS$^E)WaA~Er162S*%sZbX8${@slT)QOU zegJQ91UaSxJIRRbylR}E?- zut+<_CB}?0;bUF}S&t+UETON+L*H{j-$E(1*~fjv0y>MnzC$HY27CioC0tfN8W?Wb zEB1Sum{U|mOJ<6PgR55jf9!n;R8!}=wjNt?D5l~-RUjS-q9Wv|ATnhiYc(RpR2)zc zQj3a!m?9!m$ZnlbDdZRmDGo$ML`8@Qh(bt|DW#|pkXZ>y7-R?}3}Hi(?f=Ge&%OWs zPuIG=>-1m$`R_Wbi!PU#oxS(>eed`@&s!i29I|}$Bx!3OSf3jafg$SC3gMLq`!ESZ zz1XQM30iq(mm`X}*7zn)$vZTVce&;vh)kK8!#?FeFT%e0<(HtZlU^#ud4dnf z+40T~m1s8`7dc@dQR}SRtrqK6vzO>LB=zs*G;XlV4G=vp(jEj?SmSbD!PzhvVBj$w zTE*%a!-@D8)3{&r&a~W}7~JNVvF7N4oN~ZZ#;dfev$4H6me#^0N`z{(=tf%AW9#udj$LS z6U;+(dXrFP*z7ZWTc6$Y=nm%Wud#Ytb;DZkN((1(+#x?+H6Ll|G0|rYIZ0B5R(k#x zC}EvsF05zT*~hIHS8)9oJWz*@jqxYVQoSIouIWi39e4lWTY#(_E&_#6FY`l$Qq`Kcxns^ zq+G7#)sKIa}@ zn?6HDD<5i|*1@|#S%5KUb%Nc|3i3cpK%H$s5octxc0TVY#KQW6P|<-0hgbrUUB#zE zxf%TNSpsBE`SAT`s5NkI^C&fd(&&ZM7jkAm8sF2|=u`3Ox&=*kuDby|McJMm7NVgk zZ9R597Claq;?ZKO=Nxx4$o-tb<(zb44U5m?64A%3&oJqB{q+d+Gt7q8aIBDUzIE&j zCwNa@bypkJ4AMAoLa@}`-sw^uS+yNvoR2Qm3jgSX9h2fFD@OG;J_!{jo4bSOw(B1u z?Qt34=M{RXK3xAc?wSleOPQwnVsTg2*-`RCvE0*3;nhfOy_KvqH6=7E?1Rh@j@t9T5)R!~ir+$=2^rq;BK&m^;Cb*b zqr_suEFA@m!+e4)DN((!v2J(~(^Y*qhPr~1Z!NwHN9vRXn(sEDoKEjC0r0E;N4%E(X2XL!?&4uw)oF^b!IPp^JS z1NmTaDpYJBwQz%#u-5DDbZLG>RAl|*bVlIL_b^y!N*nD8lPb5JPR1VEbDDZ z##<_dOY$CHIKJ>WY&cuX$B#HpmhY#CQtoFdSFM}}Syf~;zOE;9XSrw|_>Q;f$SbCk zBN#KJ3^%LGP?fTi1WsY7CeC>);C4v>D*j0)8fCw&w$_K=N0ZQxn7aW$G!45V^V?a8 z6N~Xz>Xa1yS?;;fC$^({;`7%>1vODhkfX2z;%z#_T>K2zXzdE-RE%qJ&egXAS<5i) zRkt2#O-Z^N78K230H~1OYJ1C&NVe|2p|#f;BSsJ!eo@)s5~Z^wU8-K5%!q*0{L&l1 zT64B`!r_0;1|Rs#OCGEle`vwF^1%Y)1&f*bJ36D=IBbXogda}0B-|xoaoKy{)%ISF zOD{DR?d8yE(<#-!wJqfr^02fHZu99&89TA<8n4 zQS7#Y7tD>Qfn4q{Xdpd-VhskMtqP(Yrt%vP`a{3qJkQ-}N+(ok3EuW_8L6ULAGR$D{r8cqKk6Ki&3 z1jSoIIliRP)u^*IYWvEis?M10cf)SGXF=JyGs(%YFcX13&g6j!74373?)WTpoh%nD z$&A8^wQHT5ZMF)S>+*|4(p*61|o7tw2?AgrIn4BD+6WJi?}J~?eR*to1rFe zt3N>;@R*_OeEcwZJTmqD6tE&(G=CzcMC<6c$y9kj-S3&outSx~g(w+MtIhKn{m$U6eHs`NKw ziYM*vYByJF{I*pwCIXk2GPF=*-=)uFeF|XWxI0WM%<6WOH5GE`a;XV(;e>-iJV_t0~Wi^_=*JqpmX@%a;(RQm4m<$q{8sL382k^9n7a zl~M~#EPzp4vd5uwdkZ_O>Uj#hX<|eNa$dMFztKMKbFy7u)g)m25bO<{eJ(ja3xwPu zK+0o-#xYdH-%ptaCP*}4`7?UVe6d7E9yqIzm@t<@KzgH(-rT6+NQ2hTZL2otwnEKj zj6VEwLnr5P8==Klelia>%(y>zG!?o4^LF(4vzx1`f=+4q4MCl}>=x7VcfC<;XJrp%hW2e6? zT!^JNRZ%{{=o()o#hp}Fars48rI1Gg&UDeKeFu};@D{PprZ;zAn&6AS{~2$;Z1;VK zq@`p(cVpe^Q5WL;s0{bh;>)R5Ld;Cu4~4~=MVbJtdQ>vbIuwo+k<0ksTNtU3awmaP z2cPh6GKE)BI=#O9c+eww-Y)%Zpu|D{Ag~Jr0Hhv<`s9~I>fP7)r))b$THx#3)>aKs2?`W>n`Q^zDbXi_%^itE*~@&H z2%)O<4L?rWvNdP!YNA)`MEN>AFwL6#5CI0QKNe`nFBO|G_WfQ9R-P;>H=vd;Z1`&m z?Pu`a4b|Nrid2a-^okZ@tU9MJGYH3xszes#G4c<@htQpp{$Mc;LsX)2)@%WHH>cmX zNzPI1Z?Ll+B(ar5Xs$j2$1-lH0iz}S&tFAcc@e9*uD?2_^kS^-8j()>a*+K^W6?ts&LF-I%u*VaOX zB8By_Znc{6lzri{IDu&dJ!&6uqQLXxhN{dE^NRHSkq@C81ZoLT3xrB$yZ27*3Mn&M zO&!>*5{}CZ+6f_d(61}a$0P~%HCG;ga2pe>-4(EQZ(|)#vlc|nmW{`g1-3F#mee3c&V z%uva~b4xwMJc3}JdQ({>@Rv`^O56gdua^xE-e=q#0R#mtp7^lo>Co9mpQJPy`D1sI zb7g!pSveMZczkD)2Rbnh^*n&`11r+cO|}6_jAtZM)k9Aivspj;M1tc4^X5ocDi+;gW=6LVI0!VI%WENCA)$wp!QAosE&02!a8=VYWEPVQkpQ$$ z(FeVv;KwDyc!QOA$PRK~$kFsYlhrmH?6lUBB|#T34Zv!x|SC z2^oqzL0}h?@mA_S(Sso3BW7agP3&HiCKwC9-W;;St zL`nsgNn3S4gT4Xu?y?5^TM=0*zOGWeoN?Y+a*<-*TT~ZC+*5bBUNBo0n=sP>3V<3+xCKJR)E(83`BM$>p0kAGVYtv@hp)677up4g z1x5hcq3mn!ZHm^W?=K`B?>?N{Rc(GXjgXr)T{`s}ct;Mi;mS>0E zLxVhsZG#lC)sRl-9t5Ps=YR%F_habj2FItU;)dMT?N-GJvn_ZLJ|_dH?~0B>~* z2ykYXP{8nH*acsO0yz)oLw4KMn01O}uG@ljsZBRwT6O()yu4n3*mGG%D(kdv z_dp=qqeoxE4&t0teP@45tyBkhx8tI#eL zRKMmyg7fMd1C}UiFoZs5U$rZ0Y`;&5)&@YmjQyzHP+;_41E~rHTcSXlleBWvO1km8 z$<$2wj4>$EoOf=|2_d#pTFfiO@BsKj*dF^}mpD(ZEr%NKQOYtYb5~)lPV{N;Wk2B+ zG!CkD(a@K2H~TAb*D5R~Yrs#trk}E*7(0uqa@#$D@2U0Eg-PE~0}aW#8>wJ~A|XM5 zx3wP$#3j{w<`&-Y2yYVGPS7|OU_}wy=}ZTxC)o0%j)`{wKx80&MctsCva@IeUS#UY zrZom5b^ve5P#kQBc&meUA!htkPjUruZbm^HS5dxE_$_5pTa%p@k(tIM$j=Zc)3#OY@_h)g#yQ>*tfqZ$n{^R^@`%jUuG$2GjulUo~P2!qOzZ9V&a533LE~EBWtP|xxv6$FCp7? z_l$#r2N2l=aNZ-$<2G(y85}gPi{6|p{~kLHICj%>g~+M&)%Brc>_zUVefrYc(7JYs zeoiZrx1Tjk8)Z)f!E#HSN3I!p)Pmrowb6IFSp7A|$GP$9RW)8sxt0kvBdZln2S-3| zrspc_P+X>rd@g;KYD;!*h=pk_UK0UMSnIKmYw&*wJUgKJLZ|HmR4@A;VB;NB;-}E6 z63J-q{68&%#5=I&vAcaj@4=F!t%Km70Jt;aDuLiPey~2?0J`Cv(gyy-YW2H58V_)!J(0EL7N?Q&!2Zvq< zUO{yiRR647EgwVTf1GM{k~d3q5aMX$qX-G+PBGIN@B^rI5<^NCRj=gh=e?eI5!$B>fYw{<6#SMa}R{iU!hYp9Te2zpfHu zit*G&s9`GuyCEL8o`j&wP%(=3zpKjb2rLtwaz4~}NmcT!aq?))8DX4Wat*LgouC-w z4mBn&-sL7s1+=o&UAhk8YyR| z7blc_RRrAHPFw=ViMtYr=zuC9kB3b_$wI30J)qs?skmUJBK|-jK9fn;Bder)R9#Al zccBW2M4JzQf0IBdX`hH7`i9-YmU;hR%Z%<|pFODx_CeG1T&tIN!y+wsKp_=Gu5~vr z(&rENzs}yYu7+jHs>VOX3KbV9mNn|xVhgh-Qf)>(S|G5JUs&y05(UM^i9o!_0QUkK z3q#%W17#I+n?Bh-Rx+3AJ|cYviAc^U52Fcdh?85cG4ANo-L`;L1@w0HhdM&UXj3Jz zWl0BM)92F^g!2@Fpjaq?Dt4a-V{YGipo@WiR%cRc_XaRpk5U>ot3)yZ9g6xgugZ>V zWPC2~L0qzSnwEm(>3N`D5s~PiN88?1@tW{$QT|V4{P{SbS7iOiDb&s z;MTy4q=uY;$B*-il6q>2^7TWLB~UPT7T%yy1xu(M( zjLn8l=>9;e7HGavZKQG0Ut?KgW$1Z-TPzj;p$RqgWw_S8k#UqHVB^tmpmX@4Cb{Z6 z$}0R9;WVsJo0(cVR)cU^@|T?Uc6V1`cGDp)odlH)mGMqRU`65* z4M1Z$M02rrX~nlkP?HSRW_}`b)c5ELa+9}UPAdLJ1Ab*zpa&M4 z@k~a4s87b>ls=$pqAd+Yjf3cLW7Z^OIU>Gp2H_fWhsw8{mp4?&J0rAH5fcR)`EP?S zD~nEpI3Lp&jA2kU^asI4fc79h+*Sk9xd1yu>`Dom>zF4jMAMnEL~0qmpx`p)d-F3F zP}viEZM1!fB!2>$>vB0_H@pHMnNM6x*l!z$Aa!h(YL0>a(Ft`C_=t1r*1ks?;pVer zn!91B6-aNrlq%P{YZ%(Vt_Ip%yj=8fD1o^nPOguY?GJw&3@3-tU@LmW56BmQM@i=x zFx#E511~ku#{bee3oW^GD2n(@I76QYT{TgB@%Tl1^PT1E^C}Nz2c4uWX&@CO(*Plq z1f^(rCWFI8w9te8SO$_Syw>CjdcIXtrDu3m`hw(VbNlJ)J;6kVpmvb-M2oa^^7IG6 zP7k?00nM`*afKmJnT3-v)Kis}sBJ1du6A|o;9=BII6EYcV*KRfiAZpK5VVp2_WGd(9@*_pl}qCnGvX;5 zSkHw7wFNuSt&x`z{KynPbRT3Mec#oJ{WD}JEX22}z#lr)-H9sc^M<2?w|F3J(#T*~ z8Ynr@sTxq^FfRZH?>qnj_PO+#Y8tRo)kglc0)0Ta$(!oyZ{zN5#U&t`^MnFud_zxj z$Cnwfs)0i@qip14rJFjTf;Vr}9Pv{7$IETvtUVsR&I#aY$y>DZkNfJ=L5>4pV20qn zbcyDYx)aG454@EVOrVNfRLG;%;nlJi>#G_!D72v!ygCcF$M@XMR*_|U@;j~(WcUpkeH~TR&~U9W zAwbj59*tfNTL7w*V2fcR)NkWWME(qQPAZoJsG z#{rm5g9f2w8-F7DC2@G@FHpod58qPOtIu||QRR}`k3jE4iON>1LC>d7LtE=+*G|*@ z1b6r-tjSWXkVRf(&0+3POOWui}*+f=zvGJM(dkHm<$7I!n-_O(qMk4x-I+SgJf}b2-%a<^t=c}8Gx29 zeXf5i;X<;k6|K|z#gGTgwJVuGerL^V#Omw_h)q+K zdttUJdO13ip`#k?=ZtoqX13op4?6idG}WNMSOPITYyXL<&ATN8YNER*Fg^);C-wl_ zjXMPL&fjgxoWEn=Ws7O>M$J^W^W>ryx_|tZgcr%QRGVJIdE5bUD#$pD_@k ztAdFjc9BS|C^BuWO3P^5Cq1$_^oR6=;bNj8Mw&t+uYngX!Mqz=Q_d{DcBN&%zS>5H zB+^x%qb={J$c+*QbpgQV^AVpCHd&{wzjAZp_`V6?`hsNv|A~y9n5yRL<`Wf%OSHR~ zn~GE~GOtGZFIR&y@5kp70<@AmXd|?PEIJEn`&+yRhRT!+hsvbJ0z{UeA*|UuyC*wZPM&M6i|LOUPp#Vr-zI?53MF6sq3}VH!-e(N zuN#4Q_tXh6)gP~Yg&Yoz#b+C5?P$2w||ZBJVSF<%@;Li;*K z5Fa(#M$jzBuBbzNKx~Qp5esODGfqsEi#~flfK3#(^be6q=WybAbgQZI?%5*irOSQ$Cj}_qsq^Z4$Z-`w5U)FY|R`0YNJb9p~#xP4azc8bqBG{cUUiltC~X5!2a2w15>)zB_X2GP828H zr(umO8RpR@g6O`iSG@el(`b;nNqu?xI>GBdvbUFv$SzkM+H{Tgi=d2-S<}zi^UvT* zp>-oNZ}+|SO{_bs9-XzO=uh0L^;547IZSTfoc?V)(K6#)#mk$Q?_6m-S>(+4LRoZ4 z*CsZbCr*oB{7wF9;k8Att}QCF=(1y>hgRqxhcoHzI>MzK(GmW4TTUe4i>_=Z0^IG! zxp8>GeCRl}B>UElNxt_tYZxUG#F_hE91<>>aWL9zZt3Gs%B|IWcA*3##aHC4eY5{a zx^sQR^qr!>lw~eZdOFzDBFdM3A3-}OovuSV*q^$h$LfzRbb21Q?nR8n(rz<{A8LBh z!%gAL$tFHf7{6?rsuOwmo^=X$buP|T1uV(jI zR-+-b^XNlyIq}?%5NY8XAG7p@S9T8DW;7M7yZZ%b_x$Diu8HF;fF!fR>K(ATYX6>R z#Y2^Z`QTV*6*vv($jeKjDe;H<;|uCLAL}cQtrJ6UUUU*=u$v{@^iPB{HmMSJsw>*f zIb#2!hNBJ}?z3LswGXQy4uLrK+CRE?{ygVgK6-%NJnxw(FY8%otjt(bbVxoTciZM( zcx@XxCnu}5gF|8ufJgG^rY7pQBT-`~`u3iNnI54ko|tdJ40@$osa@+I{8dz|Ryq5I zdqxP-l6)<7*zIW&3JhPpISCGDind8>jfDdS58@*BOe|J&LG2n-lo)!V)}l1-llH?C zuHxYaDeklN62PdTsdQJG2#J7;C&0^00CT&QU~r|}E6dRyt{je#%Q9o39;(14_S zsYO2&o*y`oW6|hQqV0u(ff+bukpl>=VJpM~Vy%a78+MG|a&iO|8uvd$4`HXhnnd|z zu-)kZ^8ndHGaiVK>euUY;Aui=AT6x(RAqnFkZZ3eS1zVETb1UqpK}OnA-L|k$}7QV zVd1!$uj&e(WL?R_mOtcs6TGP>^H?;^HLPig<&L6=V4}Q1T)9lilXy7^5fRSCm#b@kPrS`RNMP)Yy2edyw zLVuqAi|7m7h`F9V=SYlCjXh^mX75Q&DxZY*yFP}gBv7}HNdIHKb}Fqkows?u_tl7x znL}WnE%mAPjMkct)gVpbC|;qP78sE0D|Nr`FE&f%pYLSXq>wmkPD2{L5$hJ7=M(gg zMFE7_tT)KaqpXEdSyip6ryebS6O)oT$Xi^UX5wVotggoMSCW35`i^JBBoN98XVOiv z6Y0x%yZwwd=GWKnDSpNo`sKpB=aiv~{Wd>g)DB~7nE`q;N4Kh$JeYf*>3Fj(D7DD3 zj*-5#AZ}{dPNTqy}5zmqAG$Q zabh{Y`Sm(YftL6A4!RqlGV0N<(Me}E&@W|-OsJ805>=zpW+I-H@f5{;dr@67HSdl^ zBQN~jHqh+AVi*IE&r^4FAUfMo5$>LWTU^n?_tn0Rg1?^~M}`XF5skyN*80J?nVXql zZU~kagC4*Ii@}O_upz!bv@Q6PI6-fKOOGm?{1p?_g~!nnh-*JGHSJ8 zM5=Rh)WFp>|{Wo1Axb)iBngWTBc236oDHJYoe31R14;kr&(3jO; zjsB)B)zU}^`Erc^@1J}39~TpFf919z&-#@!=l1*D$kyNCMvgsG23Ztp%&9n}5kqf@ z2VSE+bqZYH#QAL}KmWc(V_HA`Zy&4u_bWw{e`W9g`k8b7C%K38fABqA>TPQOH1BmA zD^qrUa7knAe6)MjRnaG|E1d_pva!>IxaDMgxnTS^Zu-eH4H{so42`%Eo2)YP3#Fhb#Q=yXoV{mJ_vZ$HA2UpCt_{ZdthnUBD zNjL6F1Y>e$*&&G<3i_yGjO{p()=_OmFuU9t!b@BDg_Euh`u@Mgw&bkrS)?SN6X2nu zmpyLBh_Yf$clpkV&E#Lielps3?VqU5)I=YUrRCZ!c*r%)?p~{(x@6<{G>68x_#M#t z_h4(s{lTOEHfI|4jZHvagj2tJ^>}E0UD<(QoiRBuKI=2;Lw6Q6=RdAUZH^#Lj6Q}% zkAOj!|Mi|~w0N1<@DEy)oMyKi%SK`O9jKgSiuKxz|E{4wqKP=&TIUw>@1LXm`?dH` z-uM-R{A=qT==&hn=O1|&wFCVp2_e6Skp{QL{s-OGfJNh_|JP>Pu(0d?2^MzmKga(1 z=edo4d{OFum(v#b4_Kbsfj-SY&1w7Bjewv0-%`Mq#(xI;1EK2gU;|hFqv7)Ja1Z}* z$o@a#9^U>QUjCoN3jYqlhEd_|n5KV^*G~LL5ck`|LW`G0zeB9?FYEVzTEE}tjr<KID__Etm$)^kLh=&W1xX<>zr6#?4%p?E z`P+Mnb^qM$RD?UZ;->J&iITH0C}KZI|NlX@dHz?XvsT>v?lEAUJ~k)~+s)sxdFr>& zsGj|=fAp_c0B{9>EabQlW=19NI;~7CW~34I5ySm!O9Qt75YUgWj}iab%t*JCwd(zp z>yh~8BsTVE-R}2O{yd~hFpqJVzgWBOB@E0{d+Vo(hF70J%Z%jwNh7p#Z-4Eb>;3>- zqv0~cv|LXJq_Iu-@c>1tYGqBcadQ+>f8^_D}6J`UbG7C@OJUH@K zEXT!0Rp58JP_^kU{F#b)dd%~iemt(AZKi>S{PT&a$(v)05>S{#x#^kn{>$SRDKp_= z8#f55kD(7i(nn!Hz{6zle#yTt0m@4t>d0}f9pd2TN-33o6TaT=YLjV#0K8jt1}2#7F}dcRR6zeS?pJr&b1 zAJHcfo)%74!}2Fj5}p@vXp_Cf!FS!aDBH5;Z9eHke@0vo%$qt!XEzq5qRo?(Qj6q> zP|`z#d=7{)88m6CUM+=JH|;+!w$1eaychnqYNLd+K##~$f>y9Z>mkc3^9%6GOV;lm zPtn9iBg$Lp0Fvz)_0ElwYG&#mP>4ap!Ty%mlKatf@!@^;EdiooXzVU_x2Zn#e1FZK zjsLebo3^PE8D7&zAA3K=8vo(`lvER`ydEvpvHcH zI=`s(Zve*SM?Lz2f>K2LO@GI+8zh!@T31_es<#O$ecU->Q_ZBxP?IRfy}WXk?JI_T z&bD^CU7y&i5Ojk+&^#%xm?>X^r|nM zdN&@A0CCFk4()bZ&BK1Lq%wC~I9<6M?>tsM<-42Spk5D6OS_+Y1;zNXl0Y zov#Rdfxo=Ck2Z8rf$tw=)q>>ilcba}ayc!5J{vb>H3*4-Wc^0BRHcvCS+Y#AfUrpU zXRV--@|WtPw#rU(S8|$=j0Xc7EGj zW>O?(ys>({A5nE4%Qi52urCqWlGn&Xft0NE&{AkXxEYbaUiPLJNb^u-rJS84E%L79 zH}9-KW(lkh0G9Qs#yKbV^zGisAg`r)uLJ6zdo5=cC4qpHYw1tsMrOOv2TjU6IjvQ! zxr#m0E@5uMcFR^UXUjH_L+w3Ri9Pkw=If>F(ZEZeO&qtm@zV9NYQrDcIlJ(UdjB*G z)GGntOEf{7fSY&GdCnCX`9eAgL?622xE@XXP+KO@4X;L;P|c%kr8*{b@cpuj)1G}5 zI^Vk@v>E-kBxxZ{qJ#YAECp4`&hAs`93Q_Ly+$ZsPY+f*{@}Xreq8+4T3eWp zbqh>*8}du3*1(ZBiwco7DRb1|dNlc}YqzsH04&?IxuKB0xTS9~(|cj$aNC7|qN1oS z&>{hXCG4c0tQ2?cJXRC^A?+f|Soe*dgC4z-z>iN~gyqOx&`}iF3kc>Zma{r8vevo4lXud@BZ>tp2zw{)#maJR`fK4I|!H17o5oP)q4U9*UpxFw1V9 zcDs(I=jw^KuNuTtQXxBlOj!t0hIkQXD;Ex-7hy(a6mL+xHGxteo*7Xt1X4w z=pQ4%9MG^O+eSs_r4NfL$mfXpFn+W(p5AC5twYpn`*)w-n3q?~@u)!uv^+Z+NG%)2 zI@BX}?l%3%)L`ipKzrN)8c$`8i0%CAPn!%O0?xWVSX4kRM_R=AjQ3Mu0->mamye#oEu%OJFZFKGS*0%S8^&lX{IY=7 zYDWUzH}?YIT#0GVQNd_V@U9c!PdbPb$QsbKbxuK4h>m03{dR$-NSP^2f{jPD`e*>1H_7ZP@Eh=~Waa?V%ybKb%+a?4AJtP@@6x-TFIv^hAQ3%Yp$ciQ?E z*1iEq>oU-#k0kb09w(~y5EIdSQJE-_Zh`Y-?Z+^xO^1Av*wFKroub<4yAMa7ciYC^m&Mwdz%cYpLNcpjL z=@AQa%uTx#9@3VwME6a)+v4_qG0{Z0YHx2VS92Tmu-*RCQzduNvDM^(Lx)t;+hja( z4gLEyy46A~@wPuER)rZ=`D*rD&qm9>hz0B9 zdv9LeXL)Xgpc=f$Zu2+s!w6uS6E*-+JiVt%4%hS0d0?>loe&Qw00Bzj2hd4vo% z{R~r!*tk*GB^sDqE2h0FzLJQoH2vOQvLvW+{82HzEyCB2A}5cHFNFCF;G`~r?3Xss zf3|iD^B8ss{(n?WtYRcMS5`JY$przQ2+ajlAsy$HfF^vj82GM=oO`j-967AmxD1D~i72!VAu#b+rcj@$s5toUm zT#8iVqTUphAn!Rd#!tYf)(#2h6uxV;9pism^U>wb)Nzw%q?m8qO((wqqGq22#z(Aq zKq-9(HQDPwb&?5NZ6bRler4SK5vLdljDSI5 z9-t8_Ppa#dBkQ9rE7HG)@jFqP+z@=0we}ONPN6YnYf7;^?PpPu9gGU{Ozb8MK3RC7 zgP&iX(Led+`zggmf~46&q$D7~b2d!$@b&BNrY^r4eB6B3w_{cwt;8#@-`yNJn6yg2 zRxbh-e56I9S)xYD`7@ZXF;6jd^O_uB{55mst1Yr~VC9SDAUU_xS>HTg;JQmETX4ujCff%wjkr=e;iuNjSfAEi(m0E95v;)5!AWgi? zeagNVS?pK!B(t?m5@8n~VO1&OhA}{_Mqtp|=(?KHvtV)_49fWf{>m!^EsQ*m1lFp2 zWy*&^>Laj%sU?(>96nZXBS+((H;CAP;u5PsO ziKUQp9}7Fn2$2pik3#Wwbo9{Ijha%B!3%_#MG3Zg%U9ElA!q*>eiqt?F7Z-Z2r9res?Sd~rbmWyx8xm^){!06iPXTuaKCA%7I7k!iFOAcyi<_SE zK1BjIAc6GwbQ3J;FV>MtP-CQSgFJcPth|Z$r~=<>X=Cnv2acP zTy2qj3;4BJeRIVij|h_vidnDNhneA<WWp8`J0XT7aUf66AynqVR_N8Wq3n2J1r>}M`={t;{WE8Sff1INf=O6;6KFbE8RWZRgeHCwYtOV%)|BrTsWa`o&$=Yv}C>`=#X zPSCJB4E%zj$bh-#9SIqDKjj2dv^g&A9@8FM0=7nr5drfL+7s{aH8Au01-YhBrGHL8 zQdFl%)_q_=rh;acaNW&ov?H6hv7SRE=;r5;_5Rlx@3cEWG0di8Z`C_DVcs&y+qWT? z<1YcT0-mtZko*CAM0iJk11N>ph?6E1OLGmX#~1) zF?=GNT{GPOT-3q!o{WfBrpXLa4EG-wmY!+?50}mhfSwoOTvn%rfewKN^1;H{H!*b`9|Bqom~;(QpskoEtLKqt}7Vns7J&K4tpm z=<5dGiLVM-JlgJmzU2ou(GOIw-0e{03|) zRgi>C1cKxq+P`92)e8Pe?z0C`8PtXo(nV3;PbYVwhd7>g+Vb%|YJ)--=okY(IVHK{ z?PA7kjJD0fvYxf1xjNdEH=jki=uWnS`204=Ho*S!&Ua;99A{&nyBc+{=SSfo{8=r1 zdz@Kp26`YM+%&Cg0ydMAO`1xHpN{Czhbs=3c3iWF&5pe@U|+htwY(-D^j3R82fL1a z#Nv5}E6kensKQs|sdBjvg77|*i7@wYJojF3>bxVZneFU|u8GufuZ?7`L2|kdG_!{# zRmehD8-i|W3?(IkagU|xaWB*&P>2eLWXadUtdZ%cULrr2trG9T7&o2;glU@P!bcC_ z^B;y`WVNok;2K=kq#XatzKPmr-5y{IJhYGd(7ErVs-zI^VnkDUZM+4N1opM{{m+Y% z@h8<@QT{8A33l8rUrjl9oGv!Yt2XS}X#W~C6GO_=mtt4$dUUwi^|@L2u3WwP-~$+w z^_}agi=(2sH5s~%m^H$-Qn9$1!9M=^=2>aCTJ`BJ=fMQ0Uutqvoi4x3JFh!H)cCVu z=3wA_t|`6kI1v6oWoDG~om0#JAD@9`d%y(Qwj2-Ihde0;9`~1Mn43$OWiftS@h-kDdq0S3{N@=QeeqE-{?~!rXHZz3EP+aa`KSiv_P> zEN2RjO<5M?zd&@Q=G<`qxM)nGKNLIP|Fe3AZsYpX{3ycHlR~rP=ciWM@*#XLFl5oG z$D=_?vwQa_iP%OR%pljDT{pj(_I@_7VlJhvF+v0 zAJiQUWr_+w!J$O^1#cKK^o_FE93w?!{MZZ2U8*f?SVb1sN`F>!AxqB#js1Mi9fIx6 z((o$(6)I^tkAP9NWEuP1;O*BS7vQFUnVAU>ilaT5CrmKMrz{h7V4}kc0Ws^XPaAez z>Xnx#On9Eu?!Ll;PB0uW^G zIc?3&5=Npk{le;q*+gus&M4#Eu>1V<-7hbgav66ZeSC`#KE8bY|90){Z`ZeXwUXJ! ziqlurGv~~ye7$zO$tO@LCruhFW*j;XJ;dYXc-x1!0x$-fLS~VW6xgmjT$4|Jp3E& z3iXFI?l1!AR(fAIB+CXl;rpTsyPB{Q3GJ5ZoHWvm<(sg`x5eMzC95cAGuevZZFZpKrf4EX8ho|blBL;em!BJc$MkJ-0sg=?8U zszI&=TPC@fPRh#zzv~?uz~4_bLp3j*R`t!@enZ1m25DWR7#*eqi2RQ0T;r}Jww$&o zsPz%=X7CR5RuJnT=+g^8Vgy{PWbzkmc`?z1xf{!pzeTjfN|A}{#(S+3Fd4AW_An^P zXvaw@l3hEq25Ro^Y=uzPCv8dVxb8wal-P=R`bB#kO8Mx|X>hyRXkaO(oc<8*TJ&q3 zboLmd1370ZEzA;t(@Zi+NY`{{z^pIc=+Fm=xHZ+sY-2S~^~GZe{Ss`O zutui0Adm9b!X?+0Pr8DiMJ9T{5|Qpe!rXHB6>E`>fHAV5R=-{khtMlqyX6Ln zvmbp|tPU}bt@L^~95tuh|22}&AS*b2%U$kLBw_H+R(B2?67iHYzDi%-b_gSAJy0UL-$2gsvzpeHb*g_$An7GmfGfsy0DI*4fH4n1Pzvv+Fjbftyy6P1SBG27hB zr9`q;f%_i=0X~o^!(SW1C6amzNXxbMJYAfc*d5KaSW)zV3lUCwqzR~a=;EzDPT#pX zf@p4#*!NHb{=l@&oInrN>2};{^#SE8-D6N7b#BmK5iZp^VqxmFZd5sJ-B@H^)bZg) z4`Z*YZgM-QJ?jL94Yjp@)76eU{2KyTvX9i*r3m$=O|`Xe*@8pKY9_)5WRPC<`B25nnBdN zh`|d%;099~jNQ`Y_B%H3NV_5DO?);+1`(uWNR6Pv9hHS|ar3}MVBBg`c(8B0H-Y%b z%RF@mXeX$o8{?lBH#%%pLaG4LA9YYPAP%kggXXSkwqp8ORk~P_n%$9o-qq%wU-ZJo zMOQvdoXv&&g*Yi1OZPjzU~&;E6P*W1IZ{-%W=AoU3KEFt9!70*n_cEpC^o(qvvgnh#gCcoOWw)<5mXuCU z3xl0I+)suuUSfmAseCKxa|K57q4Pct-8^&lsR7%;v8{uLlAnVbBJ8M0ZE>efzbGCt z)d4A7L&fUh#n0k`&RUbbe(^6Z*}R!S=-2szM<6c5IwXLg3u)ieQ^{Dww1L5Yf5xVD zq^D@t=v<2H1RFDsh}xPQ+s)WYlel~kTTA|+{khHUdh9y+#a>scst2q(h`hLha~dg+ zl(v~b6lCJ*xNF407=aDNI}eWOTHFCyEa5c1LVwqFqZUeOIHFpm^UN1hvY|=)6Pwf#{>U7x^O7I*nISIcd2~ESeo65$DR1AB%}a>Wzbr8 z6-@>i{0}qS&nSUKM9VB?C;^&+^B9Cay6P`J)rjU;^1Zm53L3nXu4|oewzo|N$jImM z&+uB_T-N}tTOTjK>C|YPg>=j7gRdfN=TWtkyMb1s$tR@8kPTZMtdXJL`OIN!9s8vV zn2uSk?_x5~WmsP%XFLFH;I3*d1O!hBVpv5u(m3n))FFDZV)E>AVg4SfDMS#JU9 z;Wd$dT}G=>KE>&#@TUIGu>y21UT^xp*n9J^rtWra6zf1K)i|R}X$3?@NQ)whm{n^L zke5fD>EBtXbgQBY7)K}p3*R76CCs7!)D$}A#A=1B=j7-R?}3}J;N%kN3w z;kzrbXgOY0 zC*vL&8g@{)K}C*m@}B{FsoU-rG6Cx(w&9L=Md7G_u~DlN?U7ILlPV?8N(9Edp21W2 zC|~}u6gnW$$2ZmE2Cb?Cyf+LUVSqilZ=WyKmo>?r2gw>R581!$OCO{xW%v|A)O{`x zv-6UQOHPJomAe(t*yb023R_SE{)Gh#rtemjdhH`_bOHYi6d)`~8df8clv08(Z?PfF zaUb+Fk!fGfCg!Q{IofK?Fx(%|S>l8%Qg#VW zArF)H!k`kXGf!Y$qZMeHbI z-Q2Mgx|o_4Z(i696EHzvwpakSH*aa7t8Cd|7tZe5cv0ozy)e%Cp1|1%nu+Kj(i{>r zaYPMw@;GvQHc{@%?xIDh_867t%CNkO;+6Gy%OhX*e0R9&i^HHq6QHqrgE3gTjK42h zR3$(ExWOw{`8&Ee^Au;!L3q=0E!WD440T@@keZF^b(O4Q52bM|Y8KX2n_8Fk02^g% zcjhpu4HcIcuXv+c;3t)f!oA894~8bN?^gu@E71|)s)(P292QnA#i~e9Nqw3b0Tg;~ z-%MC)*TnzMT$=;?o+tSlTw-jE`barCIi|6;v7(g7nDGNBi}515Nx@z4qId% zMJ52tLusDOX!0CBd$2jlL^dm))UL4tW_iOPoO%GL?m=(VmhLQHlY_~G2K-s7qp}ov zx^WRrZs0ef1IkBE5Gp&78z`{z?Q6#YD_ZiA)yJhs;fX?CJg=$&Q4 z;xs8$e1ua$o$s5tmjyQ>buzEr<$Q3ku{RKhDS6g*K$kX$SvzHW#oolWgnP-@wAqG) zZC{;SklQ@IMDm9UnfDFoqBhv=9@tIr{yqo#F;(({=rQFwYUDc97rX`yb3VmggR9l| z^Ep6{L?jlQ&?62?xfgKbYITYbB`HHYcJe?fn0N!{zEXaFwdD;jhdQ)hhC&=7@ey%> zSKL!tl<|n|`cAg4J};2oJm_&O6fL`@=hVz_ zz26#s*SXrVJAcf|1Y`wvhkYaWewnmF9fKa@&Y+)ARvMc?(mpem<7Ya#(?RrZmAEDr z$RCaPH_QU4v&oC-V`B4*=2C9iEp6rYsm@Yog@19A5syuSg@J^a1~oCZN_j)cDHu77 z2l#@;h5H{4UWH`nco0puibgXBSx_Z^4WvY1jb_vW`-b8X+8Xr`7&i(U+L`ZJ-pYo) z#J@rlszxp+5#uXBG|adA##tmBhqB?D7o*e|>I~*8 z#^=pnykV}wmXA3miAdHh&?t-*!Bv~0&*O5*diYCXwmF#CYB3>7Ksd~SZZ-)n9`CI0 zgnjcH+uE@gbb==+ZK7Q=H#s5$^IvS~YmJs}5QgvC{#@Fd0!5myl$Wev+W^OIKSz}X zLD+RzTQiMY3Z3*M(~#0aCqE%ar*(fjo$3NSWwH)9&rU}OW*-%$w%W+i&pI{|-80Jr~o`={f5#h4|wx>g6 zMsF2x>ke{m^g7~PwKsd0YSUxvs%)~-cpe5tY@OwI!VTH7)?>{rwmY4SIfg*LUBmiI zD5N|9@eDe**o3i7<~EcZB&Ad=MrI$DUJKPbpX0}w4J7BZFmL6H5eDcLsk@Va>}K%R zqE%sEL4};Civ~i@gR0pSTvnqr?Q12({Vxg!}T~H9Gm(rw0+?2^$zy4&P=UK z5%OCF;^v4)`xSZz!kcf+Y{~}fv~3vf9QVfHE`Ya81y=ArB^%={0v#A-4`kMo7d4C{ zORy8AK;bJLae*q7M%1%M{u)uIe$dK6nza~J4&fVwr1L}qdYA|sBA@3&)9#<@yUcJp zWXk*$3r^qC8xBN{J@V1N{!f#t>W{=r(`(Rt>FZNe5fjuY$Ur(SrjxV(8C;?TtqZMC z>QIiB0?z0+biAH25zwr0*B!Q%ohusP0^C)f zM~Z((38y}2z3XQZ>&%q)nt+1uTmx|ei0q*pMgIZM`3W>#w8U1m=TX0R4X1**aCNrF zE=}|q7Dmc-gf5`PoI!a$sIRiRH2y&7-XBmxdl=5e=M!wz%Yc_V8%@_#l1DYzilm?$ zcY3C%F^oO82RI$=giAKM1|u6^DT8uUz^sq9Y@b>nbgQ~Tlt0YNQQt!SZt`=eo=kBG zaUQfLm+ONzILIqg6d{06QuM;G^k9I>on5e$jIBEuAoz|`cymaMz1=rc?6oTMT2&3s&f)_ zu-R_ZcjA@>zWFq7V$f(-Ha`dLO5{l0W;@CkVS$+{a~bW76=T<(cOK!qZ=+jwEA10( zliWs@L9LTH>~a+X0+Q0_AUbpfcBx@AuEXq@8j)O)1(vdnm*>k|GVd5a@%IYqsn+9| zo;-@I!Iq7RH7X%VL1VKQ)lM8Rcg%hm?xtLZmN=anfo67}Y*G>;LM}||U(aLla+yuZ z`v=@jvz14ajfAZr;rK3Y>s97j9)ymng-KQNz3TMB5am{Sy6|9P1&?K!GuncfAQ$3F_h=6t5^J?)>wb{ZuaEmaPjyS z{4;I10n5}kacjI%&_pN4OD9T>mzBDV!FfkljoUn#xU|?Noz|3l1PCG};Y0i+{tm<4P z_2`QnpS_&_yMAOuYO5nz_w76NV_eD{M)DQV@|t3uk>NE3EvmUnC#jxfzbKqimS|ig zD;;jxCS%6mM~^w(_SHFB?-&S~QO!jakV0?MNLbHio@nt4SAMJVY{Wll#cL+mSX^9K3z(Nd$ZyRFCczmHHaTN~Rq$ui}zG;SgZ z>XgLxHS%*9BIX01{?Me9SnBze(k-Tt@Q|KJS?GiO_>46a(CMjw45<+0>8RFF-!Z*D zwrPzb=;x8MAl)p zp}G?zZ8akA=!p>>j9Q*(BZy(Z^C7;79d!$6i9_~2wbaP)-kE60S&T%1Z;*RYyyH$IMlh+1Oa|EY= z_*Y_><51u9Vg6;}LZpksk?y1eA21{r>eL*}!)|&~y!7w{hQu?km-3 zTM5hBf`QhoMChBQTCUeQx8YM#!XxIOU?ZtbDQ2^fqueV1OBs=t4zIW2>keFf*ZP-b zlytQkx*XjgV+#;a>R!gd2Ba&VnwuJJuD*Rw{lJFSrY!ILqCiQ#T&VW|M7L!#qdE?o zzj~IPSfk#3lB}@LCzxmNkwo`)EVGLe%a<;wHbw^TMVg1oUghjo$ZkXpea zV9_l?6{mHQt4=ekP&Yt!T!W0G)*HOQH1)KUuifieHOa`rC-LtcD4o0e03(2J55FZ< ziUmUv${(38$OJVTqJWVY{i-r#5yR5&qP?zcnV_tGpgA}(s7%4}dY+f7?i-fc=Yth< z<4g?#;Vh+$)2b&-1tf^J{73a&dpFsdO5%w)moN~r{=voEQK?ZV*ciqEZwGQn(8Hj6 zEEGE@q;AOe4csaB25&3fLu)q|>PgIG@xK?Zz-+}NNxCIbXnZNzmreZkTO-Tssv7DL(jtvXcvE9BQDvT6SLjZY>&5^w>_s{CIVi3m zYw!YqYEms-9iL35)hNvQAGA`?(eGT@Al{G<5A+_e)tR?brF#gMI8Ue$!|Sr(SwJ*z zbE10W9IohE`O|Ln_`5wQ;B} zwlAm<5Q`1ls_xW^b@y8iXSZ1u*MUhVf-)w^r(IPrkI*X?PU|-|RNu7$5rXN(*qTGh z)j&eM)E$c?%|(wfM?1HP;c@jSK*dk(eZwO%OX;RsAnScXEGI?to?3A-=>^-8mCOu( zQA~{Urf;`_hq{-b$@6n8O5Uf*kA&^2M}$lW9zG)+#0>P#`FF7n%GmNDx8@e=^DMQ1 zEvLf=NUn!%Ri_1w=&Fd);4)PAJ#wV6kSJ=i>F_w=%v~dy?*yf3oDXrPWcz613i%-k z;l4ddNe9_P8YpkCqX){jW<`{@pO15TNJUHCL5$QCP=ZjR<5_jQiU+x%*ZP@v)M*br z20STjIY^F<^7?M=y~{dk{KldUIl}D-6txVc8>c|+cxWmi{(*zJYI~5Tz$?a?CR~HN z50FSdP%bY13cDlL9Wkblc|2>(@%WZ%Js|3RdhG5w4bI?`e+_G}rPOmpOW{1x728T< zy+TlOt{+Z*{x~0;f3;EgCDBFR5fob?DdJwq#J}_bv_tW#@Pzd?H~pP)`w0pOY8B{v z5aaT`p)9~Mqd7bvB_;sYvtEs_wKtN>-1#;QNv^3TxGVd zC_-M2RZA)2s@S!HOT^C#bwY&dT{|9w!j8W=TOL9}`|hEtKq%_c)xL*MHxuWpw1b37 zBVr|0=lI0Rajfte_Yti-I}VQ5pQ;*98^Otg^XSRjo9#E=?&vQ#!8#;&_AsvnSVJde z;;M$JH1o4)t)U!_F~hc?e)x{GujFQ!LHdhAUiMo*>x1DO(Drak!K#HG-js%;GG6KP zaJN1660dU>BN8W2D$}g?Uf5oi7X0_O3E#>VHcf@$lHXsY=#E2b^>NZ4CqvocDqY*E^~gqL1btmR%M|uP9Jy0$d>#0IGa=GZ!t)TpX?S{4n3}4?pkHZm%n1qhlW!8eoUrLdqj`e36(Xs8vN}W zuLcG$4{j4ry%uh#XRyP}uy1=KxW1lx&6YtDeVWz4YpV51i>Ev+T`Ji9jN=K-2X9bC z!*eN;8)Qf#`4kA0Ls8-1kc~egY4YdqW*1Hjp zbnj0CHT@C1sxBFlgZ;gbOTnsT?Z=er9CE&`Y8mwZDkF@c90)DM0g$-!!7~eo;W_#< zLgds7lT?WIvI_axzE=h6=e2NbI7vVoZ6#f?t7IP$?mJ~<`+`#{JLuT!M7m+rcSD0X zxpMc+M*m$RP_<1DOUve+J1wPpI`k->`dNcoIcO=oltJ_&Tn!4SL1t*Q)(9#L>2wg+5-OVuJ`aEr_xrk5XMeL66$4~{K}m!+aeZe?73XvRAYCq& zwRhAf@2VqyWqFo)yCp=?_k)S*%xCQ@razGNmHQ!!-%rsloFc+y9Pv3oy&-p}-$^w_h0!vG;e5^4Bd*ED8HwBgV+HirS|Nd`~1k>Q@pIVfDMO&AIMd$ z!P}ZC5?kq-ebD=|hTJx2+hLgdVW?**aa4mm0D&{UDtpX=KlolVfs^A_CRnVpeS%F_ zQt9Nea;9NDbhw24`99W)(ECyFI5fpkup!?A+`xNya1G=_NFCL|S!v0v!c9gepnlk? z?~!qtGb#}g<{Wf?>kdotWl=JnB{xuCKMZR;zC<51ufi%d2}1oaEt~iF*lB>4P^>7O z06qgST<$4N8E~5Hxje9eIg4Q+^(+!whKdOK^sHArcG*dX4_aTSH-gIngQ?jk$iQHA z`W-0DZ>iK6`!vQjEaH(<_(Q-k#X+RA8qDH-cwy za@n@vl9poLBE1VjrQ1dFf{NuaqK+jRt9HZ*W)h%0eNba`fjQBl@15Rj_P!jYW%tic z@&~H)n>QHGG@pFEp0OBfkm+{m#eSjDT;4fql^pY;AUBR=-8l*^Soc3%(DsQi^)3)R z?*oM#i8nrhS$#l_%Vlym# zON&jlRdO7Fgr#qbkKC$));hRN$*o|{WAxnWaT+MyH4*0?iX&(0=4z$JB%5g@Sh|wP)8m!S*>I+5JoLapH4_5s+ep+%QlMy4*e)6E;z;41 zhs@Ez-MqNrK@HsShS{#W(QjUi6Q<#fL<8stku;4k+bZ^AJK{w|JkSmhIw-T)=Yy~o zm;;S(`^&u6TKionN1n)O`DXRXD6l|SM{&<*?NF&80x6m7gHR=?%QUl*fy z*=Ea%Qg#Wfc*jXm1-2!uMU2@Xon+U61#Xu)JPN1@G>*Bv%u2d2NeQn6Zv==I2c}wXy3Dm)a5N9z(L(bo#`?PJ{MLLN#ZQxk=m5t*u`^%F7FD7juPd#_!ND$af2>RTu1e~3X%M|H{5 z(SZbUs~la(Y$VPeBI|*WF6(#x8AKZ8D5~~{w49sCa1BVShT)uEM?*lfD4-U(kl92g z$P!px5?GV70F$OiCtKRpgSr3)QO~oyESO({2wQ;`YL>7l+jXd{-8khTv$0@OWpkuT z;wt3N?q~)2adolf^4>uSAc=Wa&=7kEnWEi@YM$~0V<|=z$BbO0&Or~mhuiLLTJ|g! z@9nE}(<2Uo5LBD0h6ZX`#V77^%)XFcr|g%qB};|w)HbMNEF_fk&hw!E-3D@dQ*%=M zxlV_ca{@F~LC~=qvvAz1PFHD*kZJFk1a&f5s{<3Ex)pL4?Y*q>lRoTu9blRYlMX`5 zxg{FX@~G@hVrPKMyf6NWA~V^Ig?X!Q(z-fWgkxmAh7-knT1p3?xN6jIlf3c9Ol{Dy z@*oP)i?m0oBe$y`V&3J8=lc|!H29~Cc0*XH@FA+##sW|ge0bPbaOPQNSf8ytJQlh- z*oxpN$#J;7q@lcac3D3n{6c9D<;G4B?;7VQ6+P9|4XSWVDW+X1{^E6!=-Ehi26;d7 zRFn(CXmC@es>z^snGFb9H%^`FP>nq58Ag?Z>{BFiM9FPyCVf_AHvY@o1N-R760r4I zPoDu`0+d*IQ<@EJaS{7chHl38JQ&!4Rqa0{pY6T3SmscfYTn8Ns5amkds<9j_Jj_- zU4@817!*jO!Cj+=u9eVVv8g|jvhUQ1OlYElwJ6&ob5kwj zbP(H<42tTRwQ`7A00IFfBLwgSioSyoP!lg|3*9P+1l2aYN*OFSPBRj;GMjqT$zTK% zKr;T+p84Uki4tztChszQtrRWiow3#Ly)Gs!MN79>=Hy*2uGVM-Pe4DM7XnH3jTYh~ z6;*vx1mca-KDk%p+D&`;yYrq$Pl-jJvq1+1rZ^DNkYKdF@IGWtZrPi>D~LI%mm#V0 zjp4S(l<3psMiUh(u+B%-JP9<~4+a3LIO!nsFxTc;fIZPn7Iqt5{v547k z@}%(|b_M(|$SQ}1px){pf7L2=I&Ppcz|y>Ax+T1C>zXChn zPr+z}D7~pvmUc99l#}Pfn@g@(o^`)UywVbCj_}p&)T>b`v$S~4GzUMC2q4uBYtcx~ zQ%Ti@p#5g7mrdQWo(k~muqibn8=hWpYW( ztMHbkcJWxq;r&NrH+k(FRc+})*WjKu2FL^iffM!H1}2AAf=s!yj2CSK%5FK#3(Iec zJ{{(XT*AX2RUd+`bEfl3Xw~N1^VMn8jmO$wbA`1(wRpY>vWRgX-1wj`=UFZrMq(h* zZh}I@%plpM+((^~A-*Z+N+Z+mU#7xZ4a*%_z%yO+`(eorVZ^;w6iXJ$loWM3U>UtxmeuXE+mS{B81g_@Cx zBPFxdeOFBbLQYooxJ`#Hp`*$?X#vngRN-6VSQy3L95~ZifJY1|TDV9;fZKU~tP~wz z0&&$zSLn<3orli&*N|#-b8YXQkw@M2U~HDY-8<^y7u*MdiM=Y#f`5cv8+X%T#)ZH3 zD*v`r{-y8#JZ^OX&ylN*s~kreyeA4y;TW$uByPv7@PF~Z27)=f?!YIIPH?8IwwGiO z=J+A4cIEoNNAbas_i%245vsA{|55qURKNbGf6bPJ;otEgSnJ>e%YptIUURV^x%E8` zB|~J*WK!@H-+KH1{%U9cbMQP+nTD#<9#GPj01n?77OmTV%l(->+Z^9K#Z}W$N%1O$#D`l_bs!K_NcY#NpWkIe)ZP|4nl3)~~Jlc2XIR)=@F!gI0tD(z5G~XgLYZ zYf&$PU%)5>xd~NxfcrjBdW*QXf_QWMU;Zb@=Erv?j=L&&4$NQvont!wJ0BhH_u0n} z`FOkjl_mLcb$#57AI-{tZn{72laKr4<39QS!#;UmnfyU()(gBd(S>&_K;|bTvU`uK zJBuDd7FBT558kWBJN24nwR#oY^UQ;s31dy@=Ggr6oe74kqQQZA1ug#?$;(qO;`}|Z zb5w0vpbSIn_Wwit7w+{L5$ZI*WxKs^`FGy_cMj70)gK>G^YJ78@jiaMQGd%QKCY;b zTkjw9%YS2qJ{pjZmiBM8hL0}k|MJcs_r=G3@o``L+o<*9zWBH={)g@hWfN$=^Eu!A zn_~Q5=b!$k{Qf6;3%+?JAc;(-8V?XuXYZsjAO-#68i*5IRr^|MVmZjd%o4Ct@|XZd;p~QYN` zc5+PF0RuYos-^@JUj4YuAbA}oR0c9;sN)&tvcN9hIkMrPr;b!m^3Hr$bE?ct-5r`- zc-pm4v|eQFxo(F2ByvG3Jk0_6x6^PlwDdjpW!K1Mr0sqUKA-u>wzyfV9W2Y?mw?wzd@vtJdoqqJfYH}^j;DvHQerwbq)dG0Z z_H!edCiVUkBXgJ)yljVwD?^_C858WXnh>vimQq&WX(aCVlqgT3)p3l&fOc~ek<{zn zy8X)Jw^wEe`IspwO67QGU_raU2j<`sdrPO@<=W48OnF|lEbQE@71I~sMBT2Dsjq46 zy8y|5o~pXxs3Pl?2*!UBWT)Z=pYjye#YY+nccozzAzJ#*U4%;Vm3sz?S7BGWepPLr zbG1t+nKvq~8bN|tYZNVql%{COw>h-7>xDFLr3-)}^e)U%E>9$v^SBlS8mt7#>`&zFa&L%cVsnk+34;JEEA78P-^E z=~Q@STCgE+tQxO1xVIB+*kI^pfWn^#WB#=HlsotfG<$Kz=bV9Iz)M9U&r!exg#{27 z^&nEp$OUS4WQuYzJ-7;ie)DCOp3ox{T|&QzCDG>7y(PpBSO~{z42=)V@Uh852(h$? zY3YsYI^SF4_<+7q9?*maE1$<0NPG#(kyrRNtx6awEM>m7vv&@Wk%ZI=-pqD|=V3O? z2n7Xd_>cr#>!Rm?%-bN7vGxKLJ9;-Gzbo7(Za?gqR$) zSC=F=BYmKmX_Q-kD8aGOi$(O#Q@5>zuKAe1YJ<5r+3vawyZI)A*C2E-ff$dh}iACh|CFbOJ3 zq`z-nzymsMZ&qB@jy$0Aen0ui22ab_;TTc^Cs(g~N*x%Nb9>JHga zcBW5rv9_$G>{5`Cd3nNt%j~bK3|*^8H{~w`3{JrqKx9v7A;E0*@sE&?|LUL1 zWn9&{U3jtM#Di?2V)~Yy*q=P;ZQX0GdxHF_-@nQ3pSa?^BQGZ>E81!Jgq7K-_#B{G znw?CqP4kUbz{WnKE+Q|*wsifFFWVwNDa$*DFB?cak(%PeYb&6{e38_tGojlmk#s+c zYpw1v7f6(RtHPTH)jZUPJKL|tQ%`2D!S{J=-2J#9u370)jMe{?pZAQ_O}`hrjTdC5 z6`tk5m{gMSxAXkSOJv~Gb81H-$c6)+y0Y#hz2f}%imO$r@7{(dT3l2;kKvFelMco) zM*x!djJ~CkNdSoIbE+PlP?5;Yzeg?W-8azgpbG4Gi?-OZCQt5|m9o(7oC;84Q5>}N z1pwC~!9-jDr}b&)EdmfO7-7v892SMN_Q<0yi24AquwF zI2dSM2`URzLY(sH4NsQvT_UbkJIC?G6x=hSkV@&ekwDRkyv@fKS_tK;&UeRJ-g4YVwcUK5-B31Q0*uMXA? zFLd3yH6U^Cp;}|1!_uk)@DAa|%!P+T>l}U!bo}w|<+^X+Pp%F+Ogr^IB_8~b&ePX* z>#^Ge7NF!KIis-zKw-7I?**jR`J4)2Lzd}i zf9Zif4Z0p#ki$BMO1Hc05>=k4BnD)CFUYddkwBbkQo4R9CJ}8ovhp;U6(_Y zyOh5cZ8kjV*lSX42uxyzVMhx{R|KPxMHKwS=hP|R*fX1U$@SoLO)=XKT8Fu1yea=Y z?q2Rn^##7_ka-DDX~r~y>+&xO%@q#*oq)o4*S`rV%BY_+Hp)=>1y&bj2*?ZD^~#g9 zrJ4CkD~B|{y;G~dMmi3U%`CjM%n5M6Ch_CkeDnlMVNJQrk#AQyz?F1FV=Y~7W&HNB z(p*6nfXrQ#>s31SssOJ;$_;JwP`qV_>_~BB21Uv{y&i+jNoI zwM(hFZkKH=xH^9AlndkT;oIBWKb5S#2_U{W0je4s9R%cDS0--}a|xC%U*2?z^*O`w zjg3LRz3Xko-rUgg1u#tVJ%B6En)c?C+S5w~(w&43TVXRtN)aJL4njWRJxz3F9gJ5L z$B6da>h2Unp zD!nOwCyLgevE_B;qp)n2psnt3I~vaKko7dVWXRVaIx;}?A<`F3ovvAvP8#G^idpd$Af>ACYnA5mQ=eQIqtGcK2Lfw zoZ*v~;Q5uzTwcM69XfG1x6uo)XV(}=cp>wMNUufXG7J{xOjf<)^@mJ8Z)Ol0e*@-n zJ3AyFw0L(5dGb$L@|VbC+IcW;UP_LZ`e8>!l9^pENBn-o{&_24u~J6MPaYUEl|fKhMFZ?@Iu`;2>@2@DPHrLrB>iTXWo)=rpUKo?(Gbd z5W558?BF%ghApeqPt|Q`{WDS<@psff1^a5|0a`7IA_JWv6NPGWL1V2@uNtybMLm$%i(EM@CA84+)$oCOV%*H ze#9^bjIU$hJ(aP{Ee6dwMO?UlsXbrUDWEqb5e$yvblw;e){Dwt0+psHs)PfA6>jAc zRQ{{_m+UZ0uOC`u!LkLyJ+&oyE;~i`1c?!ul1~fCQXgkH2K02}WAS6GG8(or?{{KH zpZu2ekzhgLp8KjbQev5Vzy0PzUSiT*_ur@Rr%13jNyD5f5d%P+w}$M)sxKmT<(1MF zGn-&G^R2#%q;2JpzhdH+d+NL;v=tZ4m`Ts^z$7w( zd`#yGfMK}H$C>Gc- z(x>RopkZc<9xXeGfL$sjOMt$f+2 zjv-qzmP?5ef8tQT(uNTR=xVXhJ6c5yc!&i%-7H7jchYz5$h&5m5TJ;972OFUQZr7T zvgxNvw}(;AIxCGZZ%^!p1Z!XRf#WCX!%9|O%_FgTjf90~y&7ZiCw@~fslH?GluOhZ zOkn!?kzvf7-R5J9wBa*b{8bJjm&NT!)_^Ui0EYg?#4!4K$r6UL0Mfo%Re~)P4h0xj zLsI)e%jxShG6S)lkS$^^V=R}kD!G^iEyiBwp31RNwdVF)m3afT;whc^zGFcD!qbEJ z@av5%#c7}tYX)*o`)7s4_AlA;boB-DQf4{tQyU6sUwy%Llaitti;VWYct!L^g`oXA z*Re*v{w*Hw!{ZkOi)>3MXNh@~-yz>?XZT7<^1i4MQC5rparW+K*`qyig6{ZNxp5ni zCcYWNUkR0^l1(49exzJDtxx)W1ctZdUJ*Mnu5A9;P}01oH!BifUG0~N)h2s5YIF6T zLMBgjviNa5b0ggV#t9+{ZDlt_HUf5PzwxyCdrEunNp>*Ni&XAUURC-}v z1UUU~Uvt3n$y$t*bj+ZfIv@2yFD1>8ru@b}aQ{x1@fA=AV79svm?ThL^fm#&z&DBQKZhmTqWH-++Q!J)uW3H&+)y z;Po2;Bp02v%lS&v0s?;RU`xXu8Gook7EwYqM7qE-EmG~54yy+AH*v~}mRGjyzQU^; zQ9ZxJsQyATHw<+>MbeX^@GGv4*gSA{yzw->U1||3hsQY=h_il&>xlvckO$cWeQN3+S?TccJ%hh%H z$vyCr<*D@uikgdw!#qhwxWR?jekH}rnI$}(Vnh|(ME;ujX5DG#S5NSY+y=(i!VU>} zo4DTVN>5yfJs-reoJ=FKnfqd&pPc%YL0;3bM@i(gsVE!QrCu!mv2QD@1HX3^2SJt= zdlRX+oR>wpoZ^=e*fsoU%K8S<+}Y3EAOHQcDJR-Rh-J@aZUlmuTOh^)F{t(sR7rX5 zQBLud`jeMa^7C_Z8cBUhBvOLE={LIdTR=5_*$d_qLV)q*E3g{l=y~Mv2#9k{iVvd; zVb)6Nhko{cl4%t0BGWrRbllT9{0EBdt8?O4W1z@`7O|4Mo!TG1Wxn7oBpVOfW#KiP z>}#Df-`LcC>s-VA+}C(P#NO4 zUx(+=@At0bhO(w+OL_9ys$FFbS3*7O=k`v*XkZLmh=q^HjBKNk!-O;B~$SO0;iM@vYbq8Abl8#fJaM_V4v$9`y6VNj|GfdD+?T-BWVAi~*B>&6`J>_=HCS6*j@1a9gk z7RHAcM)pl!{0VtJ+Wp>SQM}BcizU&0fc1`4QngV(XWs1gfvXjA-kibWg?Y`#B`MqF zAqg-98|{qlw68W9+ju&YBR`ETO;t_9LKzEuL>p^=8Xeo6-xQSLwNMtSj&#R{pjibV zJYZIJmJ#UfJE<#rM@A+Bx(&nghNr_wb;}l*Iy|EMWiH*^rWW!Z$lS^ZF}nA-<+M+H z3f{b#STSL=#CLHi<;mOBseCVfXw~$~WexYG*sp;*1;G0DZf))8ThHZp%YS?rW+zaX zCaXu(*$S?FGqzvG6;D<|Oi81*GcC7lzSdUbBjpR<+Rk4cx}3A@N4|!NJ^!j5j*P!v zUtI7&yjlP7!%Vv$Po+(paoCMaTD1DeVbP<6nx`92zA8>~kLqTs@V77n4xChOE8qV= znnC*)$IJeudA9$T$I{>EUe6ABf6V){=jrjZSi!8bRVqu~=V;dyq`NT>FW6mY&J0|2 z{e2zwj+MmoVqxaAN^UDI{syQ}K6Dj;xe(r4_F=ASp8K0JTE{Rb^;Clg~Y z#c#%b3xvRjxJ!N$a%CR&O)&v2*=Fx3gn{6UiQ1;zcv{yc@^|N)x~+M96Gc?t$8|`UtMm zq4Z$vknT;BDn;6=h2rw|NLI#vXP>k-C$L37P{^H|FM$qP()Ao5{rCjq%YuclENP{@ z+=LtlY z*KO(I0XFz^Sgn8Dt>giWtB~VeQ*r{%Bo)$r7ev;<&_78?Jpc2+PO77j@_GN%+TaZ1 zvY#z8#Aloyhrb$nz42&4>1{C8nXXJb#u9UUd&}QGp~d0;z-hajdk11~h8e!$8!JQZ z#E04$UrD-dow}D(nStq1=55U@SzD7F3w796t(s!&n4mrW_oQW5s&Xv@th#W$m%m$i z(#)n)8CD=9P&aI~x;xsQcc^F(%xK$~$W66~)n!{k&`~YSg>1vSe<}`h+nn3r)!2>Y zq&W5|T+a)#UU3T_{85Y)rookF2*zV(+rkqxzOHF|fSK@H4*!~gw;?mF$kSoflpv=# zI*t#aHdUoEUBLLEeq=F!XmVanktp{28k~EZTld+D>0q_J1g(<}>R(T7a;CPZoC8GM zi{#b6dSHW92cSlA&o`JjR=Zx^RLHm}9>v*2`}`pny!jO&yMZ|#3| z)7S+ORb1Ovru?8)v~c$|SGx^Aq`!{6Hj*UZyU4kY^2K#*i%AMM}L-dfr9rpt}@>)7q z+$PkZ^YItF#VYDUr%Yc|`VDVJMS$teZWmjz!}WWh07(ll3>pG9y)-3_@mXS3DKZO~z9L>;7JQ{qHb3|M(e8l7O}Am+ffF z3p{5rlnTE%=1bLwVPG?4up2!Pvl-r8yLQ^id=iVQGd>b4n5lA+dhKq?T89>lsd49g1RX4jxpz`vp~;P zge;~D@cBl;m9FpYg4?Z-H^sGb6xgLyymwWggU8*jzJ_{-QQBx-P25skDoMVcP*KZ&Hi{ktAt5R+WG17B779--t;ESdFwn8WIW^b?vTT|r9 zOXM~=UG*G&2cd&z418=}i-*I)X*n>U-zm?yI-% z>RV^1f}6$yIbi~2>izZ3_na)^@3hY_URkj%Fqv;cTpI0($!~o+4LvNvi;Ax2R8755 zU6c{|EozV8MpxBW_?Iu*7;`Z1`>LNBkz=~V*$Sp*V>W#}UE(g8Bo<}Gek-f!QGm== zSv#0}cfkUX2U{bWEPLlJWS4I;Q93)ctUjFGw7Pv@AINJ13p3-elgG@3Xif1qkZAta z$5tItvk-4C3)NjqJttVqB(BR4vIx~P63Gee6+OJRSM$_Kq)rFZlTH@}MEfXi=%@f> zv{VZy_?1*(6S0IF6z?~%Y6Xs=KZ}9EX$D3CWl;MZ%th)Bt=U$bn3dopIeuVD1Ui;Z z_SKNtn#Q>$s^H_#9mY#|3yZ&Wl2IyoS*Ka#qD{X)dmh&*>g}|+gz`-1IT@aWgmnMX zu}y=570I|~VASLsixN%KphOVWY5xr4baAxWeGXJqM$qoQkXt($75K=(FOAR)myU`d z=WJMCaXR}iGzP|hZghF~<9cthivnF`Mi)}q;g3R4T6}Fhv;&z3gYNu)whRApNB(#G zJbz%vyJ|1%{r+P~q_+xAa1e7ZS7i_{7M*6bbDW^izL$b;<2E&$g3=RheO`^)qWR^T zS1qQ2^bMnd!wfv6ECiW%ay7$HVc*RgPhh=dVNnE;w%TaxRVaC7^Hf&>6&)p;j>jf% zgQFdwYK|tjsT8D;YSkn4MSSd{;U1`;wcyhT_;*r7v_wi(Pe)X9P}NlhgrakWnw66L zpdOJXuz|CG#Rsj6KjUAZb&Wnm%o%o9^`fcg{7K&SS)q|?&6{T{sAFohYc7;f9pT@r zpbhXIDwF0@`WDqEsh)7Wx{UQ>~1d$w>xkcc(+waK|o`wRF=1I#siUy}A< zr3)iownj7(gRcaImKH13^L^FIbsXJ!3%4NH7@8e2HOC@(PS)_+o_z(J=c%bS3F_;4 zXb@}TBK#p1@=Cg!n)4v@ZmQ+;V!yW2bpn~EBwV>=-7VXz0V2W7tP@qkB$^qu_DhqA zv`6Gk2YtV@9T*$-k!y)8Oy{67+&u7Ap1KI- z-5e)Z)~g(3Yus72b>32ck$7W9kWcp#NH8jWTW-oY_}OB3@%tbLw*?J%s=$YB5put? zmS(MPJM>F3=}oNPGYH`%HZoS3RQ)TRBYDCqu=#ZFUZRv#h|c$WS@E;+Dm&poT8NVk zmX1f|pOtOY-u1nQj^k@fr*QstZuyjREe7?bZv+t62Eh*o$$xsyP3l%>Fu%@M1Q|d9 zAP5+PPVb7%< zX%()05UfCf{hwYds(HS&D;W(H0o(=`@NgGXsO=oF?}Y4omx+ekz!tLdgVuxmsB+v`mg3wm0F1^011MecV^yGyXJB z;$C3e%VpJPac1N%Q9+{dlUdiS55{8+fIy!FlfBb52{Wdm=~ zg$ZuXw&F+~Rc){*u;LaIuxqPI#Gm>frYVj*Sb2tpEnx7j+I0W)^mDOx#&+wxpb=8B z?Ism*;m`QS?dyLPWHGqI*KdUV>GuEmab!mP(7g86Pb6d;Q1`|w|CKIEHB3v8^Ry@@0>XnX4(; zBh7(Om;KR-^UR6e7b{O zG)0vDq}`(#`IWP$0p~3DF?#eFUJeC7i-sw=RGXbGliN!gR(_J&ISgA!MwP0R2K4DD zVhA{oQ690GgK+2MbRaL|8Am^2VsoCgiC>toSXyUm#A_NZ*S}J-;NkNt#VVhZ&;A@F zm**I67@8Zg3RCH`%O^>_pG-bYHZHITC$FvdEn=Va{&s#&ra5UlOHeV$jqKaFYoo^k z(dXB>^q}Ir$n|gSKhHd5`%iGqHvU9q8LZ$RZaCXM;O5m2=z_aqE-JtjcmJIK;cMP) zmB-f9Yh!lUgk9=_l_r*Qlh5RZ&}p(MvUkSTsjegKw7~0E&-+gKt1-Pt@Z2Vbb9}-2 zd!_O+y8d_fhQ+Jyb4@;}h}pLX%dQ?gez>YNBxs!OcBbR8>gug0!-B!gZwl}GSk>k= zp4hYY`oMA0&LcLUW%box>3#g@X`eY2De1u>5&kUE5vSuZSI2Tczw;R;#}9VWo>x>+ zPf7iA#|;^Elr7aM|srMaLXeV*|h3OR#z8{M)^M%ohIN>o@ z7ZVJR#j6IQ9&pa`3hykZ_CBN$>ud1hm( z#FZWC2Yx!d`!9YeEP0b?&|2#9?tglz^Jnu25^%U2VZvGK;=!7jR zqu=3By+|;&q54bevc-45KMflb)_9F9&4^}Z?VOjP8y_qWeAuZMMllZIg;226>4{Zq zIjwSOZ4X6x1Pm5O`fyk11PbO8x(!LmrS2Z8?X_!LdAOo=OZ}Ff-4kPvBf-3>NZgDQ zmfmo&aH%K!;!bOoXvfK#-^mIExn~fxcck1$1@pC!p+Fo)vs9Z+n4__lJ-l`QU9RQ; z68k71YYlUM$*m#w3w9GFe15OK-JU9!!DH4ludT-$?@kwN1e`7aNq@ZzQOP|d{uf~X zNLN{6se|X|?R2TOfjQrNpBH zcdqOtyUq5QbnJd|FR!7LU7FDA;#)d#9+)^&n#+aPSnS+7(n=rnT^jw3&zuh>HY9;j zwIDe!*g9!#DI0Bk!Ej;hXP4gKSzD0PL14&PKLQ9H1Vfb-9W&s=`F=)`fK>0&KH~P> zKR}CVgMNjVQ1wM#wB3nSa%$0TBqxaSh$mucuUcklNhSH8zrbdQX#v;#(bRVDH-^^qKLybCHTD% z?`hy+4=e}CYH5ZpBs5D`Q_+udf1g=+y<>=&%>&`c}9!nSt}`<0Ti5|yn`!VFf4aO`k4y>|y`^jAPF z-6+c{(^kro$;LbLsL5XOwv&nRQ+x8VynrRAeb@8>;DNhMQ*Skk!vhQA6jn_?z>0OB*3qzxO?5UyT=2k{l{7uIFBMiE(`K)hRo1ev6HJLusjfA2i zXCFV!^dx|EkDy}pncMO=0MX`CPFk_j)!faEpuzW4R~#BvLiq<6p@2GZ;U9eOOh-+0 z{TChY(;E&c&rQGjO_^i)fDR^RuZ`&I5s8R-f##%k)OfaWnjRu8#7a4_s&XG`ieeT4 zXvcx@RP%PI83g7v%p5pPHlziq0nh36VN_oe`e(bY#^$(wZLg&)_o8hpU3#dL-INa( zJ78vpl#EI07o8D7NxyaoH>C}W&W6~OLa?^2KP8z=)aA;Dlxc`aez4YOp7zET);GiD z))&K}QI;XKh1cYBoEP~dlJ48-De!VJohh(~?8SgeWQ4i-bNG)9%C`vPfd+%rKBWC9 zTg=D?8`M$cl|o)gtev!wG?Na{+ zVwn%;j=^F^T<=$uc|Y7g`Wam#3oh=#qnwk^q~1 zo>eq%N0l$1)Co8jWMg>R^3&c;?}H><#Cq{#IsX-TF<~`uWrdP8`an`}Dn-Iw-t(E& zNmyCQewnOvJ|=ceWZ1iQTB@P?kbg;hP`@3MB%EevZlN%BW+Z&$nYM5=ccK8#Yo?w^h7k;2O34w=fDRYetm>4aldyHc=GRNRf3O z@g7P#LX;2n5vy;vStA$a8+cVS1+h~BnwKwKu8ic_uXx-$l~>vix8=X=4Y6 zW(Jw@V*6Q=VcG8;*z(jpc^ZsKJvdfpy-lZ?5Wu*#{(vzC*3RA2x?pyGr00}fg4HJck3!#aDOrtFmfZqdwQY#C1+U99IkuLec*FM_- zFC|g!G~CXymQSL~(Uw*)=zp54wn)jXntlDahYR(gAe{?%g>wMtbQVqHgAa8=w}y+5@VvX9F||i@-0K zs|oVY`E0QSX%HPhfH6GoN)dGy3zvA2EFNP62lw1Yy>s8CZkxVAY^kI%)j_nANUZu0 z*z=pVNE0#o#bZX*O2X>a;zxKdfZG`csvIe1tgfx?3NLV26V;{ThNR7n3{@d;tcC0= zEswNU{3?qBX+&CZ7wTUmEc?8J9be&|&kKJRKvk9?=|%aDK*Ad~W>An7Mr9+BWc>I5kl(IDohioT}uLrxn$!hE1- zkQ*In%?#-$25p2-uqW_uD(V4@5P{~G_2?_dk%>p>J7F=g7Ppl4-G@n%0c~}ggN?J} zu9OEEy3sK^dL=5w0;t({0-L5v0m?cb^0?%23mEWO+b~skSW3}Un~4N20dHbC?JMn# zDWPEQ>kK+G>{(z`%uVHs^6U04l#NW&rSf_O5gQ6Okf(>e8MR!2zw+jD?Q>u4Ey6b% zNcR4Lk{>Hal5K;0f^M=~usagFD%ci>(r<5CVa=p~dnMH<-I9?}Fdg~kXHy44*zg9M zA>lP3iyYITTMt9e!C%4LrpnO=f4NF2=m4?C;yvS*Ol-2enx)mh7?#EFeX0 zC1UA*tPx-BfKK$`e`P8hAtz^A%x?o^+La*y*Z&+u>TJ35_Il)#(2ScNgQQV^;2XcD zL^yi9ZzVtZ81pq152*C>Z&hTixjo|Z{PNLcRRdV!WrQYko;FN75DmRz2@Z-QUXwac z)rvlVT)ZA)9mW`khh%GcbsYx;KBsqVOm(%oTbJ!z0|zAZI-LW=msH5{Z34*qKDL+e z{=WF+0`=bC(v>kL6Um?@Rz5~HN%-@J$t7E$#U)8|>!NC+Z1W5ImKB`oZwhxgKq}&e zm^Y@zJnVI`{44+9+PCn_Cq9PS95@I{gp1>9_!q&UpfT#}a>jr~ef`;)0r@GeIiIQA zzGWncQN)`U3Lx&@$W%ZipQQd3qj~f+!5JBS-bEir|}GaijwVKcz6;3o=~qU%5m z(aL+8t<9qx3*@=;4&G6Dcz$+>HhVCzy<;s%Sx?2g43ey8h@_1?b(wzp(O!M+W5B5_ zU_iQOIe6ffPV76rxT88aI_McftYv#JO*86pa_g}XDW2V4E@tPOrVHyq+O*kK;O1`@ zZYF#QN?7(~)F%|P|8uXSj1pH8V^du&O(<5I@AS^tvnAST64eLkZLAe24p9S`tw&g8zJ&(Kf6DkdOHZEHHr(L=6|s7KT&#*&pN=TthV2A? z$lwvCGJN}7^!Nnp$PvF6!If4f2kJGh5v3<}NF5E%Ex)$7VFfqzt<3pv%=A zvGi7Qv8t95M>a++Gz(=8stYumJVfGB`7*5rUXpKzZLu9-Z@`E+d2hV8qwa(?hx+@$lqUbo$Ew~b@jWs3d; z5Hq7L0>=2WZt=UI-Z_&~CL(AV9Dup*0ni5^*ZUoa2@4h>bZJdF{qoWxG2f8N@nVct ze)ZndFS&Q~*KDcX*^`^a|72{6$hGv1J$nu5N zQF=7La<&^pM$*EuQBYh(!+JX!xYZjb{6JbAIC8*-S2SNB{BaLlfPK59V-{yh^eBQ2 z`d{_Bm^E=?^N^)MAIGNjU=X-R;}_LWg1yK;R<13d?X)^aH*$ zaj(TpCd&EnK)w_01)kNQ>={NY+{sJO2Dk(h%UMD*K!)W_G{3kKBYz|SN&X(6LG#F9!k>YmnE=?kwPVu|B zuOY#Lr=QMyY6lv_y6Xo%L;ly(v4FV!hM|giOji8{_7kiKV4!5o{wA`6CPMp+ZuNs) zRRtI2zJiTtP9OZ`&=sy|bqPp9fQ#z`pAZKlLplRxUJVpw<{i2MNRr2a7%bGo2DF8X z(v-QaAk@x>09$k+`Y!T$D{O}}RtCeEU~W-GOPRQ(QN8813QSu-5Z(ZYN8?VPI|M}@ zyfHJAFwK`hJV2y)&KiBlTEf|Iny{dq<_5)Y(XQ?CcwSi1yk(KSQ+*CQd1C*Both&asWFtAEQT7Ye7hKVfm&C5W|MlsE zqy3CJadViqdu>#$vAgHZf7D%v!?i1S%hxi(MU~NR$)9=qU!*SjQ6Prwo#Oko-6eV9gzgk*9f&Q$ zz4kjihG30>qnMRUSWeZg<`%)VcfCLcThf+jp)t*-6%eJ4$a#_2sH@=eK5m(&wM5Ih zxewMpkXzSrizylta^EZuYSAxnRmlg8}pK?u%Suv#E={_5%6adr^47Bp; zK2k3@_sJcO3N{??M+n$DshsK=bPRb%#bv*Ta%1fJMg!=dgd%G@S))7=hUNhGq>(0iApc& zF>tDs`&YMVYC!asLV{j`uaWLR14HW{|Ld^JL@v~r92Bt<>6?J@#n*k9H~?Hz@YV(0 zv|W{~ALS;jnFgnZm=%NK-k(9Fu;vZm=}Ix_-(yY~>eOfN+a1);GDcf=uy~A*Hj;=d z1S^CttOgYvUcb*gY%g+AL>-tQ@WZq$P(@Jy9|goAYWqVYhG!M!PZGt<>vTi3in~a2 zun$CPZIg{&u8J}<-2td|=25QB_V1zRAUdrFe6}@NDbs~RXw)HLFBob9-ba|O0`3w{ z<8WVeurbSb(HhiNsNfjCwjgOm?xm_XPmRL;m1@@Zt=nW?HfnO z&st`=Mr!zWZ%K9=d1fiyk>LEk4ca<$SYNo1{za!WCVdy}u9z$6QWnarFKmGXBQ+ND zWB~~2>G8nk{FQ1xOL;o&vUwXD@J?<6-lXAv4bx;gK%C`*CluDQy4AGTnU=%$s34RDM&TFy}WRz;nC{0MAgD!umyG+!)L6*fcyvMhTm zV7p8;GsLD)my!z6FCWXqKNE&rX?r*V?RYKs5S0Gy4yH z@Tq5@&h(EK+gng;aFs(cTn%S#lONc0T}ctH^0*pGG3?JbJ|%2;UUX@@ui9-C$Tt+4 zH=0tOi_J%lUXSMdOIbXq&tjW2I7-0}A!{PD^f{%e@5hB8^lqS=Xa;sj2fn^V`|BTz z-~Ol36*i8wOhGRLNF_aFb#dCqkG(#6cL&bE=>yv5A|uu8*1t{nyE*5WK)rbI7FtNSMiY{9o;Djk zqt9@YlxV^6cj};QNUiVVO4b{6x`}>ZgAnyb?g+jT{QP|)2yl77W4~^bvB!JvbD->1 z|4KWkeMq;V?LegJ&5oCWb4t>YJv1Y6@bg?HXa}g0>IU^ohW&R~;nI1LikXa=4gYHC z;$WjI##Bqcrg_NDW&>U^F3#2=SpP@~)xmbF!dc$EJKDgjb-(Uw1^n8H8|2~xeas*M z36VVMakx@CHh&z@2{FHZ(aDacL#?wP18aiMnDHkE0wqgKA2-(G+ZGf<+aVixn3g@f z_3=094?B6!ov6HDY@#l|snz+BY89R0vp}SW)BjA?L(PU!oGUb{QXi4N*kiddhi;gxSj6xZanZ^)>&7RK?n{eP1=1WZ>o!m4d|J`2 z=(+;6VfS3_4|2tKkm9|fCf}KG(wFtdW3w37X)5LOB#-rqpXSme-inl`XEd|iEA;KOoAxyspTotA94EPl|hIyo#0(v!MQj^DBJ9 z)I!a{giSXK%i3I8BK9_MqbW!?dcE%%=f&~r;_So64pig`q`Oo{!B}=$GV*^+y3D^} zJ>`1`H4(sXKmc#hLH2=TME@Db9Ikf)bS~}1V1Sl;hYSC6gr}1xwIkVR{WZ@g*0;L% z>(+N*K>yTtzt`f!S#+5OOdcBFn8;d0^y)N1%Vy0UEzsP&lVXNpsLJ!dyw z3emjJ{C;Xh*H7T*&!Nrauera#SF+|HVHA-YQ4GEQqLaXq6>gEvuZFGizTSAp`00tpI~ z#o9Y`TZF6JL5U;iArbPqM_Tbj|2%5T&z$x(>fM(gb@D=9)QMd~D1+Wai#PqHw}HAY z)rkt`c7^m>px+}{X*M94;5v-saV${&b2+cB(*fKt@06eJt9@A7%lA69IjT@l+^=aC z;mhWQp1^l}IOKol@NODce@fN>rUq+$R8uGp-7|d|G*Eg#>tH$xQrVWvRk3gp%`FBn z)qT8%@6Gg*?45U#+bA1_jR`wJ6yDH9Id{|a?`b!JE^F_?ejp-U|5XNNbeDbteqL}t zxMnyLdywl~!HZDyHA<4cmnRQ14lcDl;J@TOng;kgx~_w=N5}WV`iW=-Je#qcIsq$o zhvvQmWgFbjyU4nXF^tm~vr$t-Ce$2&W%pqb2K}i18CDpe9cp5yrV<6|vMg{{aib<+ zkQ>hf11G{-?VnrB=k6yMlCJwKZYpNXL0*nMUa$Ts%AvM6^-MC!9%tt{59BqsL&wzL zrgTR<;BC(j*q^(C(4ZktZzbRYPZr-`PEoLR`c#PlAl~Db|m|q%e7-eA1j{4X@|9)Gv!@2H_z5)D87#4yXq?jGVdKYtK1Kt-CV6=&Vg- zpxxGP4f>Kk(>!{M1)`Qxf?J($DUaCwF3IS%8Pmcbg^VQOXbx;1nf$uZ5-ZzU6kyJOQ zb&w*knPenPJPP32OTU4-Mo*mNGx7>!RIzd+vmA=wINmIdu>g?5MQf>TKj;X6GX~WV zZulAWwGrqV?M*3dxg1gkHKFsVn>=2#7D}g%PHm^Rt=z^1zR@y0dP z6Y2UtcQoHTaz|*Yx-gy0e=RI#jb4+x)-lQ7pbK+r_+Qb!ms|0!SvF4!4Lk$OAI3fD zCZg$>nKLO}VD7asq@MMi3ntxqy#HA`s4GYe`ZmO0t`@6mxcVQxG`o?aKCdLxA7$s$ z9`md?41dbWF!Q^aJ@o@T+nQA1B9{t3X=F{j=RCKbyT$){yLUzFG(6UvLpXMacZC*( zILdA6xUzkGLmKEtdhl-y}c0=YXH zH!?aK4%f)~im*uI*}RcsjlShBqw9g4Hy=t2ml_HMh>~A(B-E=1goxU^DB&WI0iHmz z6NB9g!p_TqUi{WU(fCU>4D^D5zG{4+u*fb=lG*dkd*@kxf}y4S)`Mhbi2pK0-nfHa zB-FAxbz2SH?})rRlBIaRFX;1`52S55Q8ZRZxre4=h_I8Ry+*JCwaz9PP6S^W=Ze<0 z(k$iA`L*;NZMOsRd}9V@#EQXn18L(i_xgbHT#Dz`ab9-44|Cn+p#rne9{uS^zBZ-+ z-2*PT8-LkVf=^5ER0&sT|ESRQ^%cP;`irSgt7gVtRQC12qrw0;$elgw?MMW2n>DG9 zsoTLO$O`p%lk8XYd#j_(ZvYSNtT0Uwpt2tyOa|ISY@Bolu zgMixJdq}Q~rA(0#>umLuFOh?y9so^ZK}%(YcaR&s{_ZpDm*WSz8XXse7V?(=BMLwa*}b+)|{gnq2gbTg_NTbtKDe$6xxM6f=x{ z0-30JD-NsPRr^w#^|s%;Ynm~*8;V#p;dFh)1PoL%@O2bVo3DMsF{S2+9r7QVqiP@_A{36H6U5=<$H6_sT~XA&c}db2Qs!`K;_uQD=O1C8s?U@V>6B zfX5FVj2qWV`@t>N3{M+OM0bBc>An({00P_MQXCKsKi{3F-j3;9$RoC|sCzFw)c!!; zdpE@Yu{KMLo7M%xSyqKYBb;OvO^2|i1FcQQGQj$ZS8`?h)r{m|kra7wAK6UFCO!hr zfM6RxX$S#|At0r1t7mO)0PFcy^sOy~^YZo*F1L|e5OFh^9F{hNQh<8ZL-|abd>OE7$UnYEqR(6HS5!B=d1%4tf`_%ZbnEm1RN(?H%@vc3PL{|K z`1*X&F{f{*^6HLRe*|*^Q$)c(ARFKba?-}y<-=RgD+q7;wL&StPkW<0*zN~(ucP1y z{Zqvc35t>$hBG#b8kDLD_EP9>lMiYA}v(Wy9b4*2c1tdMzduM zF)*^|l+&LEWE3mWe$E_S)DM^KXjwm>%S@&#+B-kzN z8NfIeF&$N9j2rZ2^hRJ(<#3PAQ)cilY0?QxhuH?mC-}6Ni#B~@#<#cOi53-iSbqQv z`$48n38Pv+31i;hUIE}+WUVR=zpKD8Q}+_xI*_pA`GsNkY1Su|p*KF{^U`Lb!gZjF zhubt&Q26NSlgg5PkqZf9gq=g&MEVM3AeZ)?44hrd=nW_anZDPBoPW=+jXTi(ET^Kh z)soSWIy4#ubZ)n|L+t=+y(P)W9Su|e)I+ag8Pb1%~QBJ8XHD!3K-&5 zIph+fAJ$v3SsPjY4Agntj#k>Q$eF;Gj*LfbXw5sAIfI@6t|M<~QaMS)=8-Owi<6{d zB(*bjaZBBA2&?)6v1QH$S2WwBA5g7dLtUGMpTF{|U!&eN(61DJ`l9o>FBwF(xRVo@J`@^BKRHm7f-1HHccV}u@G$HU z4UOr`5|!pipp1M_dlR5mbJb9lJg|3%%%?!?y5%ky+1&nWPk&Jv_EXvF^M<7j@|u9jYWR zfX?q--hnrfVP4Y>Ol7%06)x2u%v*F;2;tx|~Q{t2Q zKH-8MBmtOQR4F6oYB77&WI4}5IPI@4{VTKmsmauUF^;WOSdNE=#$2w|Wq=TDfc5L5 zf;8pM!Z@GgiP3WA1-!c?Xth$k2_wZOiv>2B@OL1p9xM-VOnR{B^}?bd1`VfnJq?*^ zoYZz*nr~&{ysLhHwt~*1z>{ymeN>MPB}OaVwt8+HE-BZ*2ws;aF>0|5$nF+&ku7}G)ew^F%7q$xlRFdv*G)xr*;B- z!{*O>*|0wN)H$pE(rMOa>4R&Ksv&~XNn>;wY>HQ8{YSf1z+xa?y^DW{5KjA%YP(JDyJ)#Iu zbP?BLZ-6@5buAPzh`IA7>J;bZz2ZU8{eDk-p!T4eiv8;rkq*k(H5g=VZX6w3#qp!h zm)~L}O@2DN5h%E=QU{%)8+RuzoG&_?kCzx{tIKH@A^IQgyNq>azdWv?&D;fqH2@Qtk~!9) z1|K+`xm2i5#YWeZI=b_ePLW%lW>Wh*v8)PksB>!V1K zdV}_MiGXY&95ZnxpTb7u-=KugWOgg2xFZ?z57vFfF)u|((K#`hZmpx^ILnH(121kv zF902`6FZx*4r*r1E%eXnTQ6l1eg3u3d~maF#S!KNaZD66Z&bhIjAawrGmkZFYSoi*ezv3s*0W5cka#S-VRngLixTcNN~>^xu^`;L1DvFXfKc|9!c0xdH5$JS)4v ziRDdkR^S>VcSiSB&=-}-^=mLdr1#nxHKUogV_W=+WuxaEkB|kXEJaI0Mail68^pi%JoM-76d9Wr1t&g}PD!t4;F6x*Pa4fBOLmRVQ9Is> zd>nIcTYq9h8L*-2^$@gz1<>$5lsh0?Er%}9+|@s5@Zj+;qfH!Z;oLmMLI)$XGNivcrs-ni|l@z0&Q@;v0zyqM5sRrw?Eku&&T`WJCtdO%7GB z(CrN8FMsE6eGSKH!(LUmM#F1_{iy&$vLiHg9DILzJK5S=wQxu^&A5QB(R`zQMEg~( zH-dR?dKt{w?)DnU#vl0ibrydNe~fp1=#ty(jg7`P%m>3NfgRSuKRrwdZ>%2#q7EOd zl59>}hD^x#V)zO;ElC%%78S|~g}!|@@ItEO6}!CVJmXO((K^%Yc7!2)+$sJ+DtW3D zT;HG(!5o~dG`V-PY#Q7*0PwG09_qugo>IcoMy~*n!blXphe)e-KZ zz5n8i@vZ-(oVm@QICwRgqcb(jv@)4^|5SZKK1cV`*HpSnjUq~mH&01 zeNoI{n%lK&ns#78DE6q9E<4W26p_pW%JXVMq^ahPhmu8AQR2-Y`M`nUb08awu5-d=cK#^m|Uk9Q|g#JiwFtU-HR9QxH| zE$PyhbD))Ri-$)`b|6rdiwbX>i)*ffWcij=z#J={WkB7=W{V-#>{FTb5hwKp19^Vs47LXNmK^4Q=@9R zy~QNi)3%gsYHl@smHGq~_9^6`{EF0O^{8XuYIc^rBX2FgY}I%i>wRw5VHBA7jjjVm zAnF^_6-IpxS2poQ=61U%6$QC*7@ z;9bE)^W^HclTY3fk_uV}Yfh%0-GDE7ROR}9JsNivNmQrKy7TWAg!!U(fFFrwjO^|}4%>Q;C&+1=e|9FsWlcE$F`@HN~!Pt^L|iBjFG zh5J5dUPebVH0B-MjGJd*Kk4<3(CLU3yY4<2()!I@S^`Ng@g@t7AP3bO5dYVXAtPBE z%Na*Gj78rDFJ2W})H+wi&)zn-Wt+o@Nun6Hlp0i3PK#nDXk2|C3c8Q)3^b{oYTjv< z_C{oR-L&p__mu_pn$scOo_Bm7?>M`6z4UD!oEfZbtYBZH!nV(zt}Ck#elPX!t+!G= z32slVz1 zE&!z?oWD$0e}fit`|lz!`s&3Oof*3w(!V_IzhC`uvr^r_taDd09gWJy+{&eFrz?bb{qz9mX5VDb?H8cmu-lAAOpraLZG)B8K zPS3zoY#RVp1{;C%xbGU9B3L)ma1YpV^BYkd~Xkl9GM& zo)x`oX}pqU${cO*TkyzU-$Vb+7x?MF`vU*%ckuu81uSmDd1Yj+UO?Q;wL9m}g*X@6Nkd-!ehpVw;TqRFB z@V@BK`*ToJVl{4Ng#?)IhI+W~3cJh00q`hC#MCYd0l^++;3$f1k~N@LL0>5CzSZjf zz1e^I0y?2!pkGc{4u9ytXw|6<tAD~-0FYPgh+v*!Y5B&8H+RQcDG%#3Ux^oo$6|+dj6&Fj4V8|0V=Xj)a zj9CaL_^P`$!^h+h@(bL_Kv!HwSB#)0@7S8PS^FY_!L6<)YvPWlK!qzEsk5__0mcQJin)2u2kK6yj#)1-!Hqw>Ji z?>P(*o8c|Dsx&UL4vi&7wx4`y6I`|P>1pU}vnD3y<-xLvD;B>rlTw!R#>EWOlP9S3 zP-Y`1#hB}?B7PDO^Br*A7OroIoSJYeOmk0Z?%i$`Uw73lzTZ0RwSc zAnigO`aDF0H}$+rb-Mr!ZX`DO=MZ(dm_}4@qIc7+ zv`ir3GeV6pSEJ~0rdRwvOmYp6R@3ZCR-R*T^5WTYnFF1sT45$O)Y}&~z-xXfGzGkn zdJzdT{6)tM@+U8$MnOh!6)rd%DXK=-1;w_6H$>AiBk_pugl)bhZk1tVD1A&mFmvIA zCIqRKM=SBjaua?{L9&l&M~QR^wY+PWtRoTclEb^-IV^v#FP+lgK;A%JZ|DL=C_~m7 z;=c;>_P7X!ra|O6v?DV51*q>2jvn$Z7pXqR*xhz6^GNd_+?KO`Uv%6X(^a6}zbl zxqM)u&Tb5Sv#qZ^w>k+@zAuxXyu(`h2SR%A=|wPl3v<LWRO<<4!_3-YL{qa9~z@9@_)L^oXCuzR2hqHg9d zQx$9{eFWZeKVu4$(`0rnCS+}k+jn(0J4sV2VPBXA%*()34=DyX zMm%Q%_?%G8#ebD_t3;nC(lF{*l()x&yf$1FWMG9tL zZmI4{^@1RB@lY-4N|phlmaD|INi{yJWVfEBAY_*hW8(Nd@@#c*4Kjf(O~ZVaDDEW! z`eE6oL64@xL*(bGYTOddN^KU+RK}|6?JIRxB&0_xKs$DH+jdEV1TqLAmFQk ze^u`O!_)LX9l@D+9Bn%@d3?i&2RHDituLBMs}t5^ZxAus%?wql$F&~#H4*Y_a62IU zp-gUl-I7z0KrAUt6OrO8>Lm=VKNF)2*NHAM;cLJVDuNTT4B7JB%O_hgZWR-F)|jou zV4Xxo0o2<^Wy!PTE^hb-pd9=au@O67A*?18>c=`TN?b(RQ*PD(klCF=;DhMQH$XCl z7HLnO1wR_P^^4B33dd;qy@@{BRu8}@Q(Bm_+aH!IBy40#ER8WoWL{*w=p~s-BRgTleN6{oTnYQ^zUHKvJ>B>q3JxI!vCV-tB0jLNa7F3 zco#F~5iF5BiA{`M@8HOr7Kx%iOFS+?BfVamrUQ#%U}gVKC%o0eR2C_eqVF)*l-@*MNL&6iP+*b$ z=yZ8f`{M`TC^||M@%28hU}yTbjA4LE7?7ZD&gpjdwgWM%8ccifr;rLx|#dq|j1t6QZs-mbr-N%UR4wE&yE z-YN|(L&vb{$vGweF z8Y~$HJMJ|XHzWq-EhUw71923%7g}k6IEfZ$k7@_b!^RvdBmz97wVZox^~=(qGS=B{ zJf|kxM>kxkJg4s^XpQZI4 zw(g?yurL;YY~T&ue*~ES^f)mwxr7^6Aj_$>z_f1B^NMtEY`fobpY4Jju$n7LzLIBrMI1^Is9>O zSgf*#8=&v{k2nvF?dq$vd7Xuod&FxT#pY|lIQ?_#Nbd?x31dvgv!4IS_eNKP*6zo`@Kc>t}xhuV--MNbS~J*r#<-WP~86ZGsSP{JmXU&`*HC$i4-lc_i*{%fDHc5 zSAx&K|%S6ju$Q$Twu)_TeJh}*j zUQfM%e_vUobS=;Dat`Ic*LH_?)f>Z8Eua*Ygo{D5^W2fV1ny#@t+QG&V6XM>zvL_< zdX@0`P=dzmDOGY52@caf&O41c+h$z|R%4(t@%p@pZ$rG-`1kJ-6^;~9%nrpKz}*{2PmRtD#HNy`M;L%h#@`{~icps92s{Ij7R{fNIP}MSU?!p2 ziITu_S~jdO!2l{MgxEk@a~M6EVfsa9wY!#?pg(qfz1G_OfBVf5 zl|JjB7vJSh-rWUnh5qN4{11O~C-o2XV->48+(ZM)zyJA(iT}|D^Y`=o{rAzt{=MG7 z&i#A;fP?by^Wg9E;P3O`ubcdz=fN+6Zx-Z7@cc7p-IAY9w?Q&82C-Q`qV|CQap%)7 z!mk&=l-VTGZUC@9fluQS-NY1R_u@Q_Ml5?M)1sVuJijYdYqO&Y!kiG%@+*m@fMLhmN@*KhQ-O2MQfM3UJMm zDTaaklL zfl{W*`oZTHtWM#{36MX-FQQMtzz`A#Cg>A<^w@sgMe2P>fmk;lwWaDSPsyMp3Vvgj z9lJH$ExINHm>s^ERBw|ADW??h)7vg~mf9gr5u-6b?7)W#fAxCJNtt!rIYwgdcXG$e zC^pDr$I{#!vX)y8at-p-zSG{u6>2h`}nNVsys5}+dl0&QL~!Vk_Fi6SMI z=r5X8eO+PFP361OR=BKXS@H%NR`S;R-d?Z`@o*(gwT;!OH5ueSJUshg0TC9^D z`1-Y2x@k$FY&2?L`h#>!MSp4X9PD$K5G)w%yQ~IN+!H%MfY!&IeZpAI3Tmd9n>>WX zO7!9<;dsHjD@`N4TPt4{sqrCQF3M{lLeb8ZF+)vL-2x5UQo=?mYcHU;=?hqW-NNEq zf?@Pj$vtY(F%H{eCHKYk$gD#d{sK@e?o7q=2DJ=OsNc>y8RH;gbuw!R%RpC?wDz+2 zTo@I@V|p;7c$f2wF_ZC9J6j-7uzWcIw~3)CI$2wsukQmwZ#PqO`))r_I|K<|SY%sY z>i^)^e9nuiF%P!LHV1RtE?#7W8FzRSPtBbQ=>o|?>iTtaqhDoYx5JcozDE@_?hBeh zQ!daRjXcbW_5?~LzR@seaate$|03^Apqe`SePOLuYAK>9qD*N8M2nItlQLvG6cH)L z8DvTo6#+3tK&Fu0ipV6Sh5~|0R6s<96d7fTj46Uf#t0}O34;ic1SD+8(C^PXob#UE zcip@0S>L^Ded}AgOk_y1pZyH~;Ws4A+_YF;04Ta7?cgc)gRxMpbPY5c=JVq#eLD@) zmA%}YFo(gN;`HV@0)RZ~PfBTK&m+)l09UH5H-IujWX2hpL&gZ&N;Fe=I!oAt7g*~p z&?O%nnvmYdgDf3)EVk8O-F6^6umuOz)E);IJc!6o%3dszF#3!I9;DLPm`|)Ls7mc> zOdve*OtS9|)z*=TsUL0+F#n=pazh1uR-{$d4w+r@e$Wxw?r4T}Go!QAup1H-BtV&w zg2`m%mgok3bu9g2rh3e$q|^K1W=)K5wylasdZHM!3<*>%0kA)9`(pl51p-i26@>2^ zR?N;aA!;ZpFkus}e?$L7EeQhX*9D?#)(oQ>E)6wnQ}E{DbF!{dKa(&-xqSagnm&Tf z2{|jkrMTywKOe7-88`BJ%jWIw)U>5ZT8*KCg0s>9xk|?QX;=p7!(1ECJEcTPTw;Q0 zy{|Dz0L42*;(tVZqDb;(Pn`y_sJGuK+-SI(47!Jg7dbS{X03@nk??AYG&8$a-SCFu<{xPIaLY*3NYL>08!kDDc&aX1 zpVp~dIhJMA^Mw2fU5S!?sg~D9He1Ba(9GJR?1$)xsiWaEu5B+a&HGpO&)asbKF?55 zpJ+K%NICL5h*ugkx?N=O`x6sIDot6Nl%2^V`-Rhlb{$aZ*o=f4e-zT8`7w5f(#faA z&$3n$*40V!TrrVsx10PxH%umx`AmFUz*kt+mCc{M4FKO3QzSeH7`NP=1~g>`*W|wP z1xrt^c80YA)XaOhnJT{wrnDAyT(s3AqxoZLyy;0_)UcKWrdh?)Tj3hr77Z%5WBpJg zNe&?B%6DNm_{_vi+|MDzW$aKvB<`A85c!dBW>*$TPBki*|3H1IO9d+WoUig}iEU^h zR^A9V!67yT=}m{%pb@?a3&xVS2?EFsv(nMVsq?HF9+_--qX`^70n@9bQdnkBZZh4l zRPin0tI{WLpq!~9vIyiqE12*uVReRZRQo^lMU5)JS@V5|Lm+^VhhRmHr3TGwO%w<@ zOXU{I=U9krzrUMH!o_O)Ac2~96Yh=W(f$wV<+yP|yYKKE>I0irV2kc;(0Nn0g$z-& zL_9gjn-~X6Fz_u*9M~Z_m&?DkZh*KJvGz&N{8teHwS=R$milRZsXDGd>GL;`lm5z4)!;mU6}iVT#f-M`U#4zLJ z29i7JLgTnvbLd)q1#?lgm(6Fbq*$=3(`;=1kaNmB{Ls_Wcth%jsiD8Ig->SrzYC`Q zJbyVxB0#S9S^l0T4a77MHFu0^qW-Q8|n?+|{)g1W`9h<*Vr~m1oIA_Dwj%{YGgG$GK zizF5Pg9TPkd6+l9@bJ zGk?OY#CiOzRGB4)^3SD$8Wum^)`+~cjNp=?*HpbQz|+WRUPf(^a+R_zwl0&FU>hj$ z7HD#ks}BoR_fJ^7JU#7{-0}7#dt~nNW$D7pmMeztcsUww4>G#+9k6!RSDW!KV`hU$ z9~?#Hjv+b-p|jx_fFHba*)KCWPxcLVPDgRT z>EWlj5IrlW%8K+hy5PltR4~AU!Vg<7GUNO4&tMInKY1lMZX!5JzuCswv>BQ6 z(M3Oud;R+x_0JpjKY6qzN`H{3T(!l^5I<{DVyUW)J5TLH<`b%o)l;^T79@=aMPSGS#jwAc0T`eI>Q zs45bxMDzj?hyFH;Z6BMAgWFy@Ciwh0u;rJ&J z1)`6o>TyTxW*RTodO%Ql)(a%fpsQ198+w0C8!rkJzkNS%U&HL*O0f?Nk@}PHoRrow z#Soxv4oDAdTJpz*>_j#Qnh<)Ide_nESF?wvp)d@+kjRC;U0JG?$l(!Y z?1k-p?By)*|E)sYT;vmKnSHlGPr;6z^iJDp@T?*lqHh-*Xk-KQ$LlPJQ!buH>xiqz zwOP%G9)-ffG9H9gHOwPd0wz%Y*W!2ar5&Rc$?mr@7Kmc|p8;uE&e{&D(gThnuXx$l z*rfoS!F@Er)?=f`C1*(DU&px`Fny<{VJDW&0<8{wL4Uaav#kS3axPZvAiV*7&sr0I zr+er1O~oG>?RBhX^bXKY_BEbFNAE<1*e|k2K~Z8g%H3=-OzdMS z4{QZl*=(qY(_Okl|B02WJ*EK2)6jj0s^4fMiuFc|!tX>nOeAp|aZ;E(r6x_|eaM-M z3&hiMydr-W?$|#WnSXx_qlxawwhkyevp(+}6eEp#d+Vtd;=+d(q@`He3%>LusX6wu z?{VWBD05`d_=_DXJBoD;8^EHfrRi@58Apq9?6r=;TIu1pVd<*O4K z>JMRc%B9%1V;8?E56l@uN{2$V^FT1=9ot8dx}ZS;7vW_i+XElKrWF5`+zo5UqpX#T z#*DmH>iYN1rt%d|O>k27Gk{FUs7{%H*aZ7@0JR=6Gc`V`Z-JM1<+t&}7-;iw)2!7#p`TqmLwDRVGzDr4(%1|= z%2Co;Y6ouW8m_lo$tG)}W6r)u`_J1WXD2wffjqr~;)+!X6hZqH8MW)NPQkvETwaS_ zA(PKqHb69LVr9sx;=iV~$*eMPleU$wO0mx+f>FU%Zk>#Dg}NoBsVC6Uh#MmWsRwCH zH5@RGBkpt5Gia4!I4V?TbDs4Tv~|dDR2$F|D>g2fq?_GQyD6;vaCtkR+G3k-j9I2l zL1QSpB|H?^h8bXk@QzLTDeQ1H5-tl+wxR27?YspRHC%|&B2I?jaeH;fwbI1yBkH1s ziUc4MPiSt_cCynyO?+oK_qG!94%2Wb zdqnP5Ttx#W*Z8hg8i*$+f+X&TJDCO9nJ=Vl{y@G_wd4;o-FQPdM5}4K+-{uMnb+qc zWQ(jGQrmHAK$T1+d@Z>KIuyTTN(-XA1!_l};)FHj^!`@*j-fvn9Uq>fqmLm(4T+R) z2EPRZ=_WnIJ*Jru*eP_x$hF&;C#UEbAmP$R*7cGG@2@x#*)C zYvcG#ic$^6CleBwOC06!V;W955&9!C@MF|Y`!y~c#t%_v|9xf9;<^0aGtm}#01D_o z(Mi|aD|?goFiG%P$fv;QXFegeXwCI2Op__naXGT;A! zr}O<@c4&xRHO-%F#7)%5KR%Mr3I297zi# zUaAmK!ZB1rMe>2b~MaDs8UakpWiaD0rQvGG$;)^0}Q7=GE40I20jiz#j4ZMfc~@fw`RMhdbyo+1>2M|P&Ank$ywOV<{QGn`=l8po6XvA15ly5>if!%clZVFjh2>~X+*Qx2&JC;Fn|{qCO#P(!1dTVc>6~^IUpHJv(nnEn@$Hqg)BFyuf0X*cG)d#X4(@{5?6xZzmQYl4y7 zP0Wg&ELF$EMLnhCk&bwXN-sG=_3pza=C_J`mLDq?swCxC%mHK-#&TvAxXpNH|n-ApdcDN^vD@k~sV_sayk4=oPtq(n_arX-0DC=v%)) zwiciyU%D#5%@pwMjB`5VyK~v0eg{G9 z0&TT|S-+5qGWEpjB9@P2az6&=u!_#^4o-tj{uXnVW?1o&;11J|@a7$+w#=E!Erw(n z=R4&BwCR(*=F4%`YFh*G^m8#Bhpc2da^JP!3F_O;4B0Qb@Kv(4A)WDTUo>bx5)2VsUG$@d8ynM7c++Z(|KPR1by% z(B+}K^z1bq8kB~wZAtgRWT<|ACM!G7Z&kR|I{8+Ju5@-4jPL#dWF|ENDgw+cShsB7 z2ZlQ3Y>wOzJ1ZWTZO*dnDL7MA{#rB%&W9z%NsZ+2&`=1p91`0IUV9u3ub$q)F<<;4 z*d;}-3w~&O1(UdU@->ixm7zR z*>MoQurGqXpE)|e{lKDWYbmW)hZ%>6U`hD7Byvlrf4rmYh6^Ccj{Hn`_+L(O!1Wp{ zS8>#VL-OaM<*{-DDWi{f3Ro!2-lHO%4{s#gW}zs<8l9THF6$`{z8~H3Gm<>7SeHfq z83gy%Xf-lQOsH>os;0I!5(6+o>I^u+J61hy9&RePGphDE1idRo7u9P+dD4%TzjT%EnFX;pD4X7WG zh-bo@ql1_8WV@A}jM6(a5mEfn8Q-i;y8elyie21#WLoBZh(0}gc?xU-t68SR`7zSc z!w%i@R_VZQ&%8L$x=>FfY{9nidA+lZ)Xme?xIx)?D|5vd(kpFOBnt$@?eG^&`4&Ko zMu8y{ND(q|LqLK`pKvMRi=qm8t9@tp#cIdL8?N`eUu^E;EOXg;T;=OajVp6pj%y#^ zrs;h!vns-X)98{Hll^VCXSU|$SLM=eiYKhWZ0aH~!_$%Bu)Gu1o#$$`=;wWPNveuS&lvLTzdB;#8GoVX-�kOEP{EPd(aGQ@YZ2gR+kUb7Q!HJKMuJsWz#0@T3 zitmGdjO?7u{-I-r7L%#!c#6EPF)+n0&LA(BT6uz)Q2qHJS+8Fe(ZS3dd%pQ{5Brg? z#AB06Z&#OKhlAQtEXco`G*uMlMQA>%w192CzE3_mkGl?_Hw5e}%W(CKc&~4*gT#i)pgxkMd&00>2HOfN#9bPzsAc&R`&jjtYnOwI+INluXA@!%Qu1WW znf50IN)E&VXqC)75bBPgAFS}CGUWC!{O74n42>-Vs>~~8*0yaG$wr*DT;ROJ@Z^QI+(>MdyvE^qrR&Bnu2nk1inSz zKkyr!M7<~b*u<0<&lDMekad+CgbAlz|6p3WdK?SQGn(=#)xEq7RdZ#@!qJRTbC#=1mgxB ziq6oL+$>X<(q9LE-P12JTg^U_kZ0%LdltUChGMTxzNI4i{C??Zn2vo0?8UXSDbSE} z@!XQPy+Hr`(aY1F(?z3P&J@M&pkt5ARFyo1pmx88Elq}B52tpb#TEtZI9n3`iy7z7 zcwEQK4bqpT6taj<5V19w(G)zlpe=dRibe>u3=CguS44T>mXSRf6W4?F8(D`tSI6rZhm|YrGV%2fCynOn)m+i@jMQ>u6Xcs zfYIeOM=2OO`VrcSp*jgLDRt|P6DNqL51?&L4`txTSv3{{@vz4;nst8_J%Sc`9?anR4q%DSYmn9Lg@(1R|gwwH0EdSWjgS z`sp`X9By{<@IqfPs-&ZlLAA%7$mYZeVtIKT)~=I9TQ1}h`byA z$B9SzT(p#-FftIRC}dqwS$9}?pW^@eJ|-gOKgQ}Varxi@7_;nuea$6`y?ift@wypw z&Ww-Og=e6$M?6@Q=72fzeNw>Uj->tw9wWPW(4Vx?RtW!Y`9Rcn${tg|y1w~f* zNtr$MMJ2uwk8{@T>k8FcYaKHbICpwXm=eDYddO0je2Vwt+Ev&+>69%3#n=1#wQxjS z+4iHdv23?;Qf}xLOPU||d~^Mru@yhFTk@^0IDcuu7rSLIT)YIH)f_}6?Nmi%(xy|t zU!=YY_ThxTLYHRCr*6!ouIV&4cmfAQ)ZtMWBfE6vyr$&#(+Mg~^bo9YW$eTI3kzQS zjvR2a&)@8K1qvmn7Wfff29h%XWe0Q$WUHhmlI*P4I}d5Gc(fjBQzJBq$&vQ!nIq9Y zA>?eHYKuy*uwqIMxF$WQOwkl)7lpAzKDp<;wkvYLA$AAGTw@ldb-c3sT)J~LO`(3Y zr$CtOWD|K^V(cF84J~Q=fqc1-xE#dXm0X5O2rYVkEh7(m+?ZJ^We5`OHtrBAU%&P) zraKx|?3aufUIL+Z`oU{pZ**Xm7>}wF^eNurRQ46#MbV4nu4}T_&h)1S4ZBy@; zyhP8EFncP_7vdOONEyF)SBZMd4{`I-CoGGgDwf>WM>Mq-^Jrkd4DhQrq()qc9w&zS zMVQMjRy)YKZEF8?$GD!m>Vr1rDVhWJMfqTnq9|^IHt{e|aW*PGSINPB5ll|BPH%o` zR!?`s5?yJn-KGH{PQR5`gDcyJqwh#mmZNP&=WG@!!-FihX_eZo^s|f}Y+J@YoIJ9* zgeAJgE9wuQn^r4j_1RW!R)?^px;%L&@^Bfk!DcK3=`TLg1;bHDSoVIqGsp|-^u1M- z$&Cw0a)WZLeDIy6W3|1Q=LRB&v^D6s=|ZQ3){4q}$wrMK@3oP7=92ebJ5vPv((fu5 zt|`0A+t1a=&fJu((EtL~#I$YoWHrYRE(bk3F#nZEOHK7iQT$bNU z7vaa~NWIx>6m@-RBf^(2aMIj=c^xX%*=^ z75F#sG(O$2#BX;>B#Yd66EYrN8Q}o++xgKTQm|Yf+bm`e;(sYn>dFno!P@%qGN$W>;ueS2nm&tO+Or33J($`|Ii$Fbo?~A3+RSLC z?!^4gb(`{&dB-X{L!4UGMPEpig;3ydkizXAXJ+ienL7FB@s!Qh%`v%gGq^7>RQhvg z2`_e*>mXWszJ0vs@LXUuh`sN$eIta-Dv-;Phy5OVK=FvM^yK@VG_ivoH?I2edBGHX z_t%gJQXJt+xrv0>u$-Xkr~C{yKE75I!G<_tbH0{C)^$`C?vS%)s9wnMox@OdnUIKY z)#vj=J1BPHh6Ac}iQFnEve3)3g)EJeKZC~1mZy$*$jO~;0fmLWLHV>gMgp$*K`w-V z2?Hx$&%jWJr5x+>#uz~Y)pdClRz+_eb0qfM8z0P5Z4D1GWb|okvLNk(e(P`nD;<{(Z)d>FCw!x9WIYA1s&$@Wyk?&2 zkpPE7u>8ur*vG0%Xvcb?a`7tw7D8E4iEio}f8+~-uK#yo=Q?EdmSgHyLpDvy&B)%h z19k+#j+|sO-9X_ly2-Yz8OkA*8}j{PfM8+FURIBdWyZ7zHWI^=O;f! z6~3_9@zEfehzD{cAQfQ)79YjWZKK7Jq^fYV9q?wlNVFPg%fqspts#GSsaI%0{Ho>B zyx!|dI#L{UA8$%bv4K|4>=@9+*JF60)-M)#K@R_WllFY;H&9$Bvgy z#tf{%@M3RiA$D>w5pUoGx3l5hw;eqQ5x*y8mNC;&%d_5i%dV;5ZC^lj%1Pip6}PBQ zLa(ndbRhe*lMC5+!5H!)${d6d6}EFS51pBi}O>>@(Oz}bvC2??(ZQJ7E3U%c#mLilnFh3zQW zeDW%(7m6(MwG|N1(%JiAiwc{h_A35Z5I|?ALx)28s>WM-Q~aRx(Rpk9)d}Pb0$vK@ z8kUt3*JGh-SY1L#uvz+m%^M}hSOSTtz9Fx6LT9(NYUCz%#Zr( zis5)EKGkv2m4kaDXW?5@+NN!J?;t5SSUPGA_9&Ckm=2zP&@10~?%K}mNY_aV(H@}; zX{Fo5b?{zRAm?ap$!5c_mAzhe!An>Cjw@e7{or4)?3E+JC-!qj9Q|?g9MQ>z1Ju)` zsn&?+*(bNcT75&Gc=!(JbtAs2Ch9sQ_m*J=!=7$uZ9^M?-T|Cyx9L!GHDo?kZlH2V zUlP6zEB_vbJ4tSAIA8XQWpK>_&ar33X~@8G+q_6$gK78!h3*jtkxMXo6;U&PjIKV} zhi!kymt4*@f@*HTWcgc%haQe=0^x@?hHYz(ZiPnHE`2pw5M>*-Tg(~+qYF}u*Q)kl zb*(V6Yljd!706c*Ov07@Ms0@`$?AB;nFTQN4Hz1v(}~Zm=PkxMr4p=0sJibA-cz)^W zfxc89`5ZgQ@J27%UmeH|xhvlxW?Yl|7E*R~m_LYhmFQZIJt67j8_I|`aOqkfl|yG# zU_L~hUoy=2O8#YMtr3NQ4a>~J96UPZX1T6%Qh7>4nM+@I3K2}#efwhH3`Mum+REvp zXvP}Qi|?yqT?Kya4M|O{nw+AzX{&x0Yj71uHS}ZIbq`Ex5RcBgX`2eS4owFLD$3yK z!+p$I&`5c3=W)jjrW$aj!HBObEb%TO&`Fy;_cT|KtCpL zlhvdW`3rvM1o>8F7c4iI=Vn`*OLG;mM{B!7s`_Qmw!jV5=be9+=BR%L~42z{16|^|&wPYB?}gE0Pqq z?w^mKT+Td8yJZk(KvQ@`4k?C#>Fu?IFS}W73_&$cay&i$W5;^iQ)2D`_$*FsJ7nKq z4%I>~Btx$U$IxW}hG_m7?mBJ>b&Wi%eS>(kiTSzvhcsy@fy&r8_jN^ax-z2w?f2gF z0ph%`?r)1n(6tvQs-0zF6hkm}L89`*f_8ID$*UZ3@=9OsDhDzSwn$G?S|bT6ys1=0HI0BGHa6=wWa;J2!#cdmgVUa zMv~sdTtdX<^(>9rjbYpdr8@iq(<%95J=;y9S*>?e;XyV|A5qN9GN~H^EwueIAD7Q+ z&EamHwlyB?>-Kawh+^yKg5WrsqxP~s9agS~N)lB3Abxlc;1dcUGI;Zw0J{mtUJwd2 z&X9Sokdz3ay0(Kqz7dTl;9hGilvmNRna7dD5@;#`Fz0Bsx5SChX!xx(MWEG~q~0Lm zy?k2l?C)A$BKw~4i35fr*Gl2#Q=4$pQUv>KCrhwWjLKyU+RIZ^u%q1@cA|I!& zQh%1|-Ush1k5|(@JgWmUaOEE%ZW(YiWK>-b*~v_QW%lH9WSsO(UO2;ubI~BQ!E3#k4fySgV<_4_YBu+Q>ZSt z4BmRO;kLj$5Q5i*q5Q*a9WPEKaj3@^wA{Z#m~TDytTQCZ?&4COPt6sg>GzI1roD}A z4Cj!`y9L!L19-IFARp!UM|9 zcXpV)6m@6P{_5pX#aEC{ZzZ%ZusWv3SgUGx%EPfB!5yuJOQ5cioTD`4QX8_}dntRK z$<8*SQys!q<%=mmzd`J0Jh^GfYt}#B4=0ZMK$`9w$dI@QPQ-|5&&$1bNS0c;tn6>q z-g`E0?}&$&hof=2UNvkP9B^GQeU_-6K+-LVa&dxgZlZX_0MDt5xuIOSK*8yI z1Uf=12si@JyLuVsAbpD2NAY*qo|J$Nw6@sY%P%u2_fA@kz&|nwc{6EPZhGw~AQT~q zJh@9R{U3KOTe(WlNg3(h6B|?Q&L``hKNOZ;H(<~?lVmMa+J)#@ey~Xlho0*VApOIl z`NuHO{&D|3KVP$$1EtdcdUJw7gcE_ZGdUNs_5xT{|D3C@LHQF1)PJ8d|9ofeZu|ci zUKxZciUq!ylXza()c$_EU;0x|cURxcA6y6y{diL_!QBAyb=Dbl=C{R>|G4D#|M-aG z>Fof5^7B-0)JA{^pwyHsOMmD%4a%NPl_5kZ9^?wvIpa{Q4o4oWEZ0p$@`M zxv4}yg&#%UD?$3U$Vov%VV94WrYI~)rjEK7Aj1ifRSbcL#Oiy6vAerPwhp=MC$0|R zu#?T-oV;+hBt@xc1=osQ>sf!9iXN8fvRz?pH^sxPN_F*Xq1qRtHzq#h=$Afrcp9~5 zWWYTPDt?e;33;=zvvjmzA;zux%<?=g_lclO2s&XDX(i(>=ny6{I7Sn#n$#pnJ4#a?yjD`>rS7`IYw-lx1YI zAHMqn?6)fb^=O!)3~#n-F@Abz+2~)_ji%T|xUpDZgJ0!O-6om*MQ+cp(ckfLt2|`z zRwIp=GV66lI<;GRD`Nv#qui2n1{}5oGm5R)Ns+>`e4$g4cLUNJL8UR>>+Uw0UovWx zUOLGR)N52AVaki3HnskG$lVqF|KnOok@z%{ZqI;bWfaQ3tlT~JF810;_XDXO-iZ`IO{Z!P?HW)ItGZ|$jfg_ZK z4Gj;DHvLp|_z8vGUm6zSyFKjUNn3-5{(Wh=kH(C)mX0SKg;S<0 zk>c&R@v7I`Z(DyV%2@j2(|bCWF^BG|KOC%l<2u?NbK=?CGuhOqCu*waE-F?N)Em!3 zp6udrw`4RSJvR%QWHYsw^#Cz85j*&|!tB2huUT?G&GpR5dpB;hN1JS}J7SYC9}9WQ z%MgjWLwdc^@VAynV@1nkdqbYZ?s$v#E&Z8DiSEjryHrK)<+?Gx$JqB<*W{iM4E7&j z4Y(YsK$6w@Ug{cWOM<>C%;nZB9oFi$D5#A@8*qo~*Vj-UTj#z|w3MzlO|m+pI2uaq z4)J;8`uBT5-GJ_2rjiSHY_=b}W za34R1Vn%x)H|j1#!`j+|)PHNJ`?Ki+YTAX(6TAGmXg$Vr!2Ac9*YsCP?3#at1%Dl! z-BBOobOU$&uh5SWWn;rp(IidiN1UR@L2UgBju{B$9qXa*+gWthJUD)F^9y+E`Uu)U`!^HD$r{ zFLcDcq&`O3XUjkktCjcGGUPx%}z4vl8{O=25! zS@n!K?ZU^W@;HM2Th9zT4EK*td#BT8;*F=6C4_BytS{up&<~!~xH-HLg$%M=QU0ZPm`4ijb8a>s?HbF`DX^7~vwyoc87txIvlVi>Y7U12hX;KcLl zZ_;s7dJ<#h>ZfSTW#lttFqiQZ0D7w=raZn&LxKN^0G~t24yEod^#ShHN^3)J1Fj~O z8^;byjLo+0u6cS@9Z^rmoUS+SiBUhhlOt;rFA#p~z{@TaY6hC!tTQYXtlzD>S}z}S zk?pbBdYZ2@F>B+ES`9Tu0(BX9ue1#Zm7Y;kG}di&W?WFy&l)W2MLr#bHF`jHR5x{5 zb)o5Rk4}G=dREeP?_f|AZ*C&;t;)LgI>GO+v2VP7ik3_$<^aj;efnO3~U0BDg8_lifOuKi7t#Nqhvd4PEL)?}7(*v7~s`t(+J+2A%%UN^2 zldV`R|HNZ)Y=cs>bL++Gz`U>o4*y+pVpK>rrlQnHQg=-Nz<1u;x;2*^fp|kexAV3E z?2L$~JqAy3`dKl^Kk2YVLR?~+a+~M{%Z5jgh zs#Wv?@mt2kw<+FmI)QkVL~W9IVFuDrkgBq^A5?hn>9S86zhf!0uOL2kkoF>>26I%8 zBd5Pt44~mX1d|fQee-^i%OF0DAZ1aK;W;o9G%a-v=Kr~9)!6*IYqyNJsZw@%g+|ov7HE^o|7e7T#yK!eiqCurecvdD zeJOlgOs(k{_1gd^=g2&k@@;!?jpZwwn?n_{?=LxO-f5YdWy^{J4H+|>+35ElHZ7^6 zYA89Gq&T_1MCYWW80&XRn-qLLROa*mYdzWVW7eDgeu1m73-R8$0>ZnDE^5QfckJj0Xen%hzhSgSk0yaXi=yJX8=!y#E&+wSQfdCb5`8Jn4a@ zh$WxUFW&VxJQ#@7oUo~8nO6^<65z9pCN+s<%*DQO_izA3TLREj$a-vrIZ#)*Juu^22+LpBZlVw| z7a`}DO7;2{LY+W8ex55of$M{s9zaT!-N2>;0p*gY`*w^f$dd>LilJaiDCQs|%AGpo z&i6iKsY$M}(2cdEhV&Ck^WxvdirQ2?PM-m7Lh{zZ=p{Q{#`^Tf(BA|uZg9J`k=PQv zT7Qf0-LbWox4jH8YP`|g51`X6^za3RJ5NJ8^N>mcwt_8Gse>9|Say9Sv93x)<&h+J znu~MCCF5zArGe~FSSj!3=wP=BDhl&e;VSc$Bf;comX@t?Bp+RcZ;&O9nUfL+Hgp#T z_uK9HV`t|ip&zK))eFi5!vZj5G;3q#z*cjM<-?1aPfM4%hE+K$-ezfHXh@)O3?xE~ z$amhYe`_YgDe^LE`8~h%zN~cpY|vZw4b@N|=;b-DSs-vzVHL^a4~LQJl$zpwnSDOd zl&yJVmQOt$ZF~9xe*4M6kfwa<3^S(nK*wEmYl+sC>f;Zoowb@+wC{uU=215FZUwoD z*$eUZ6C3EB%$E`+bqav;4 zxV`{6_)u!4L#DZ7Xxauka6YtX)+(ir{3w!$!I%Cad|F0Z z5bj)XaEmuwfZ~znYw0dUhj-}{p}o5tn}#cDc6Ji5qvfi`iRS1USgM2#Vnxz$Y0Z#^ zd%SH`oU+ppz@Njc^aU@y{cuFPq=uzST_hXJ`MCH9)-Nod0&oGu*h5;;r{AG`MREfUs#S7@dd_H>=?qD)Z_%z0>v9m!IWg4f|M` z(_kriC%5r(`vBXB4TYtJjqgP)znZ00O1xfMnG8 z<~eg;%w2PYvkOY%(CNZxvsrWhci5AE_qO~ylTszme6aw*smssOo<}t(PiJj_0Nl28 z1csA4!4oq3RGS7CVMGaXlwd>mPXuh1T8qDx)MNI>mW^YlE9i@oE$mtz3w|E)R#MufU~lC&faMJJ>JU7rsS)I5beRrZIHwIo_gv_BVgk*9Ch3IC72O!E%^m--=rOMB9fy1r#U^$#Cd zFT7av$Mxf{=T|b(-b;)}ETeu!dtjIhEq!wq_gq%G)o8 z_jT;MzROVjVxMc)jK8}gAvjzUaO_sk;)Fv^<7a5qZjNdZ*#yzSWX@Bxxtl`|>jb z1-Gwveu)Pu-gcExUF9h=!PX+udn8cDqyOpSDD}OV_Pht-Y`SpkgkQ7E`%KomXOcH< z4D;unf=vfDhXh`hN##FOZn|GZ-0`nx(86<*T17^+T@X`#x?^C|8}@0h5B%SvnvU;~ zzkMk8k51mX@y4lZmgmmZKPq%2T&aDcxJ6ZO5qCDIJ@)@8pnJytM8!V9h=;LFw79p+ zS-1w0O=EAWEz2a6JdhcfFw@SW%LCrdzfx-%KiB(ir_slwen+CrL!G)y{V!L&k2nrE z`UFP%f7plrn+n6?|C3+y;3dxkSi7G%>}m9$4sDAl#_*;pJ*0nUzviL-@3gjFfBs@Y zbOB>3RaIwe)u3wpJ(QPxxqYb;l6TW2Ev4gE z#3#t73fw+QnBq6WQfgv%knv%ceH*iqVO7@n~}&w~iFc-e1{OjStoQ^z!k$SDs5RI>;%G#t{N! z@H%wYt{E3S|8r4B;$f&Fq<$hce^p*jT=UU@EH~h0u$jMN%sZ^X>$s^iJqF4LTj9Xl z=TcF$?mAKR^rN0zw-vc|{ph)Cb3ux3s(WV96Dd{_J726Fa?mG;K+PYO`rn1in0^2L1G zim+^{Zs&xp^WEMLhnVrD%aU!zgR>Abh&~^rjuYUDQ-UOUif|GTM2y0j@>M^>L9*%% zZT{vAPO+Z!L%zZ#cH5y?xe~@crwwDAFM50Smpcbb{L!&Pgm`Ed?G#_vg+gh8cviXm z>ji;bbRQNzh^!bueZxZQBJ7j6>BXY8)*gWn|Nc6DI$;iZa{7@;B(YI8{Bzxr&^*T| zb`vsv3zg-eGNY&h(waXPy$S$w=N&*irAkYqwAPS+0oPOb@=+m%yTDe~`=cUQM8FjZ z{%67RC)QfTm)F}lcrf2T8yGdceAZX*7MMe2^F8@`)eC`%9TM&U(P6AK7#q)jcOFrp zT7{7txjmO_qq=Jo3mgIs10gU6q#5xd>g=ff)~%1+Mfm)0=>~hst$%Wx#gux3y$t9tEz<9qI-_+ zpqpB{3xvPLV-b|TRPM*Y@?=MtAcY}Q3n-<*C(~j5b*tn=F>&G>N%0Bs%cdvkYb%G# zq63Vo)7k-plhP(5D$JOV7s?PD2t`mPuA(WlNLwJ6CqVG0o`nP8sk$4?_Vkj)rGf=D zfU5y4zG^WRD6^*QlN9C((a+d|R%hb|x8v2bYa@c`;piBy8rr$3IJs?*AXH)CFC0~B zK&MWAsai+s{*={idvZ|EvcbM@aIJ`kuq`Bg*%ipvwJs)$dcaK?Q${+*6WW&-$G34Yd_nW4ky?xcuUeuS4)_&$svY zzjY#$L1Yd_A6kkaEEMvohN6Yu^YdDdwadOaKhL>Red_KHS=%Kp89CT^BcreHD*B!T z4b!%iHfGJgkbD1?==*=_`7;1lvsTNOOWc2`>Xt7NteaV9t~es77i9yhEHMr!{z)AN zX#CM8{AcnbiASo%D)F61%R56HgU9C#puKEzQ!-+of%Ggy!YB2;q2`(M7i!agl9m5= zuA$=3MTvhd(h?C?x{jH7V0&G-rll`W+Zq4R8B8jkqkA~&!rs(&gALK!f_aOZ7)P^p z5%g#9xwUFxx9W@f8){7oE{z`uh8KDes7R1Pny}%Jiu2#jFmNbv#&QRd=vwtk38xX! za372Cyp7aWRNT@T8l624Ucx|I-=+7tW};ZuJdZRop?$J4cwM1E5!bvbQs(;c^wbbo z7yx+5B&HOQ2H%7{a(@f^jF#Y-xMrkEk?1dU+#0|t&Z(IuaE4*UvHK{j5~u^nkW>gB z4=kEFVDf?zE_41sS`ngSf?uQLWZ5R$5xo)*bee80EICQw1{$&;i32g0|A)Od4{PdN z*T!+vma0`$P!xf*5=2FyDu_Zzs#XCJBMu;Awt@m8rie&@kfoxcAf$kRpb`ZU5g{To zganx)1&NGd5CRGFU=oI~$guogdQSH_yQgQ`XMg*5uHW_jp!yLKhTG1tsS>DtXW-(K8F z7#}9Cn&}UUo&^kyF7K8L$HpC7eVj^x`N#QK_KSM`WG-MOx;U#&Ei;n)J|pRaXZ2Ey z(||<|^d6}$;cDRHme+%kNt~s`F$wFM>h1|l@MuQYELZ+R6mkE0*(`aoqd;LsUYF?<4#`fb5a1Z8j4&O(iSAW{*~3;!J?>!V(WgzY>dq&Y_CB$iu!hlw3Y9_ zYv|^R7tL9BXxs6Z;AUVy4_jqe4eyiW93FF-yz0Bz9NL)rGysmT{AAV0+zD5UH?o7i za)W9$zQPRo`F&(B`>a&ysH8ZGuQ(4^*O?2c<)D|Gu^DxvbonHN@U#M{wzgNd@ zrbhLB;xrI|A5r}!_W*IgC*eq0&g?gi!-Ut*A~O}j@7Lh^O=$ zOhJ^IG-&)Z)~w~!S8pu)05-m^Xveh3jI@u*78PrOOyIfoKXoPQOU8L`c##xMZ^|}X zKzKH~LNTep~IYx-Y#q3%%<5X1W{6oOItf5}UQ*TzsUR{+5C` z)|IJpXD6Yb!~z&Wuq<&7e`Rm*ANX$l-Cy_jpZwH9qSJ&55fS+X4atr&+vt&CGkwhp z?dK`(gWg#3I1K;AqTKWV!uzb$vYCv(!<}-L0w8ZjcU}JRe*LjicfBf&cu2%B+5}s6{s@QxUh87Gi3#BtIpOtK{ z&t2d1vRK-YoYC-&*{*AxX}f|EIz4+F?S0##<Xcmc%yVF~al*$GMmFCTgD5vN4H@~|HOY61TJs<%NZT0Ng=Tpfg4HU*H? zqV2gD`fTT5DPR)|fcGM`0Z3JbxX&q_lr@SM&^h|eHKaZ+vTUPR*;Twb3-Wsgd>_Ry z;n0j}v;!Y+1W2K?M46AiVpj~PK)R~I$}Gl5B0ESACFd0B5D`)*d9f*|yrT9iC9{uJ zj;3->w>+aFSi`|YUSoViQe(_vC0WB;9W9-eqT2}rU(+!|Ewkl-L%2X8BoDEN780`D zH;7o0^MFLMLQr8=i`}6pW4Q4j?`(3?8L5^gMO>K(4dwI-*4O~2P=yIS;K{O(*;I#! zFk?wj53AYpv(i3*D=tP>WYZsjKrMU}YbE9c7?!mG_s?rAmDw!GT>I;??CxpA6L z>YrjJ4s@9G+yM}gkAE=Z!|SQj0DPDLkK&*)NZVyveSo}X6II>hrXN(caT+BjhUIChBOjg=ig zckd(iD|FV+D)!q>tQWL;=p1ZIJ-+}d&D6`3X?!2lYBl%#0`R!i_6@;i3{<#OO4oMK zUb%&(pUx|7JsTRf|EOv*z)M^3fK^2M2o#!UEixDZP%M>eE465y*?O!rvC~ zo5DS`X}6J0edFEFlZlw)VQEdn)BG*Dz+a@pY8a$0(k5{2?RcHBKC~$5Hf84pXIw1= ztRq*>$#(U3l!|i(X&yUWoIu^2>PZ{RTQrX<0j1^RFw>{xZLs}-+cs`>sut`w&}(M* zx((Zt+1WYT0h*a!XwfwUDvw7}PDRm_VU=SM_Jtr_G6Cb<7R$`jO5E|zbm^*#pj({b z-lPhF&(U8T8L=esa7C7HH>!?!7jT?7{1vLFVF((6FLUk0T8W8LvVWJAKM|c6TMxuH z-f{Q^QVg)3b`69Mii)Etd*z4W$G*AbgJNuanAbpTQiaVd;#hTDSG(*I?$BBEvWl5dnYJap(9=3UC;qqa%OeyE7_OsS7>S{#-&@ONVoakp_ox&IH z2UKrjb`aAh%&$1^3`-3QvB9-sY5*3JN=QN}3>+`E_~^Qg1a zxq;pVqiFErBjA^##K8B${4ZOS2WeD-Du_b`iW^PhHTjRc<#KJ21hsS_Rl86;e-q(8 zZFr$b!xw!)ohs@Oy9ZMUz=|6^z38sw%-xmcBN=-^(*FT$;k38r5!W5x&KnQ#R+CSP z>}pahdxbq{?8&S1W_iKK*?vP-T1jhc(6Q`ACbOZz6gc=h$ZLf`rBuI~rQ&>nwW@%n z)^}b6n>jL?2Va+jLco;#QP9r%pU%b@Z^P{(r+S707ODXgehfS)i^GLRb8eeACY#7M zMn!GVFXl;tzhuNN!~)c0FQ)isiYegB>bS{_N#Xmz2<1F<0jsIrK9 z&|-TR%LaB!NQlkQvxMPp8n9!Iki^0Hegl?xLDEeVstQb~v43!-hpO(vegUVSDvqD` zc(-#Qwu^17C@75sA_pXY?B##m?Q%i`5)1Ve{#jrKlmLyW&GVQ5RN;qLD1=~UGnlYD ziSF&b3Fe9fCt)wyDb*;At0_4(A&GZQo1%kslDzZ^QqMmHR&PBdK#TPPEQ!T1Qy0)| zHXN45MJj=k@gLw@@|P~{$@GqcV93OqI`tH#MuuREfk8%GFFjMNSKO@|?QV^Ezj6Rm z8M6$Pena)JXyJ@Vj@{E?V&_$J^^H}(OR#*$QX+kLs&`FCUKT|xIe5BlI8x>&{<10gSz*qth!p9j<%zX5oh%vcT6jAS^&T;n50ot96#Tcd6IepOkc-ak~g#VZNYj zlw)3tK8|DC3*Lv_P!-Y=H)#7;g?}_86E~jCYWXE$onox;++ZPbny_ouc!kI`+l#s; zsr;ysu*q3(ffd^hyc8C;%3l9->!$RN{?pM+z${`(S{EE`{sr~_0kyOlETF$BKZ9ui z8kH)AFdUND>n;Lrk_@sV-~ru|@xB5$ZJHI}uTG4U^pV5cPyh%-Vt4V$pi+smQkzg! z7^!sIgJnjT_i5_{m?m9TFuo8>w(4p|w8B<5l07-{Z8&wPlLdgmXVZ>NG|{1~rv-{T zhUdy2HpJjojbkqY1rqZf-25H2e?Ia@)~vDnVsj5Tn=) z%1Z;L52R|%M08%~@W>YwxuCd1X^aBJLc4iPET6b^B8lLc>IB zapJZe@8-T+4Aj^e6=~x=PB~O@B73N#QAg|8eC-# ze%5?}iY$#Eaii2rutaIe+(V85f;fgpR4IHn)y{yIj4!sfFX}w7nYHUt;HqH3Rk636 zsKajRz&K?y>95`c@^U)(wEk=dtOn?Se{5k*j01Xl2etYIgMKH3pa^r+#-G#DwmxAo z7V6w}%RE7K>u04$;41Z6fL_O7>H?gJ1OUYQ3MiL6>4n)GJ~isg&r0rFk<4_^POk(P z>5M5$QkfPBEP2a+D}OO+l0wDJSweR{U*jfaa~}vrWZw)Ver4sa07&WA6>|*#w`ke~ zNLtWJbuG~WUIE-|K%BaYL=bRpLEgseC|uN9vdb$N>x2VryMb>z3 zOAJdk@5+)}PyynOP6CMg+I67Ey~Iod^w;wulw2(cSqSp#zgyzU8pM2s;*BQO9< z_29pE=;Qb8H8PZ!0wsCaEuI6v6SfLW5-OZoVDA6XI+EX!GKV=a>({{*_NCGehaa2MC>~FJjjvt}_{{ zy;z2Nd%E$w{_4p4Bl_=y+WeGr)K?ZZPmW0l{_Lr22=MoNa4_0Sp58hj=*mEoC7@(b z#hs%@5LB5PdE`A0Pjz7S5nuXhIOhy!@t5BjW`veU@X&Rq1=JO^OOLc-45|?$`DPIy zEk3sH9>cAkojPDheM9DXM|Iu!${tR@w(}@0gaXrrHX|&Gqn@$7qgFK^Ljg1QlBW+op4vWPn;PgFOjWggcwPrA_C zQe1mU_@l(_hvtK8=T(NE{x(xT8nZj0=7OW4Vt5&DmtER5lN^k}OZP|n0x|=@?PVGT z0ErLJ*1FiY5U*q|C2d+@j@=$WtBCg>bV$pO%zmHk08svLspc;ygTp$@rP*N}1mKdi z_GxSvd8Jr*3({!hR z+r5zPn?2Sr)ZOQNX&!e}G=C@KR_*pTFJ0sPYP&XPbTNwy6XuRK_*D#pwc9}L2H^4E zZ}I+j-m8?QJqLi%BHAxyhyQ}yD#1s=d#Ju*{vjW~1ocOm+fSC?2g;MRzh@N`8t_^0 zcH=(S3~ZZgaEeUAiMP0Ed$8RX0|gAASM!bKaeHW|p|PK^EmQ@VZI=J|X2E`;1)19V zoM2=+gDZDM%3r;QWDi(Ds(|mF5{>iGo!E9#LLy0Ze+Ebke{Uh-Hf2*mp^h6}vSLJ0 z06M-n=6O&9ov<3AyaT0`4j6y}en3zysA%|HQWR3@NR#6A$nyXpdK86w^CeXgLC4LW z3zHCJOm#Z42bvlIn)kvi_Ih_{Va5?SQ{0_Z&pWl@?E8zhzNgMbGC~5KW=*#|f7KZ5 z7iM7QR2E@dJo5~k#l=naaA&(-WEGE-SfcQ1VwKF~X17$cyUX*N>TEl+(Hf49DVcAD zYwdsr0&B)92jB=aIyVT3Y+uNET|2odhzFM@-C6OV`?FGQyx37eatFhH%V3mzO|G$- z#5xZ(_fKDE>O>YWrbYDSKLMHuH6;s=?0lu62&N%PYQ07|7kJg95Wl1)LScDw-k}h8 zZHi3aFvgmjBkVe!DcjD;%fKsMCi7AM{wyCP^sHNsFirq}Nho3mAe_JC$^H!Pq3O)t zzpK0C@7*TF(UqLVa; zTIa2%WF-RXe4Gu?BWNG>9T1-y_t>FE$HjP!E>PB`y4=XT^;C4=(YP&3g~mZB>hj4edt)=eh~)}*eMSldp-HR>h!!^ z6V3?`+wN<7-a)odP+xh6)Yiq*eLnPtrR^~SdrE4+g8yPV9{}TJGof+rAM@UiI&3kUS9V42-kR zpIHd5q#uA21i}^a?V`=uV%6Hqj1Wqa??`W0Dr%<25 zm39zw)qFUa2>EK)5EzSm16;7n{}z?_|26%2-8gO)Vjw>RC(%jD{k`mn*-+Hd2I9&* zzUmsEAkBzwB08#3X3ALY3W}2K80&j+n8%*ei&7TH?Z^&a9TkzQ2CraUgd*ydw$p6q zw;~0jEJ?x$SGc`@TtQFve`C!~9$Ji#U^GD;fD!UX*Zo~DXqJ>-F?KVzSBMkZzW=O5 zggn9$N2<&21!cXMoWV9qZu6#A*Mn-a71!r*pHM)pT2BAEm((n`4b;xb&Cq!mJ!lXmm^R7saisV4T1(LLTeq}zb|R^lkY(L zPe{s!sljK0y?&(;S(QfqYO#asMP?AE_N9;yF(RZ5?1g7Y9e&s=V!hPlu;&x*E829+ zgMqOb=+7{*?Cq34gJ$0!4WzzTo~$hYw+9Y~*UC=AyZBQv4;7g{FT6u;m(nj3X&OBY zOY5ujl4-s1nvYxL{135*Ln+g^x!8KQ+`HlvZ~OEfPNuF;otB+1^ndo=H22|8Vz&QR z+P|chF-;I5_jTz6Uj^9>)C*Mt~WrqBb|H9FzX%;CxXa=Bxwmq23+v^LGw39 ziQlXgTvcjSyAKPiaXOfdB0`m>iCOh=uAl(q=^3DmkIWe6UNW3&?cn2e8%Gqb&|HhT zP!4&CjlxV-s`2Z*Lr&FPRw<2l6-}nxybK->t^!680A|gVelyH4=T-%Tr7O01%UMz{ zcinVypyHXX;(j2iJBYw#s0I#^&H~muz8OeZf>o0IHv&U)n(PpMCk_bE*=`B680KCW z$A@l`wFL^_YMo7aV$YzvpOw@>iG9hWA=h3P*ad+%d?W0tww_3E%VQ9 zC3Lk9a(}TNd3ok&BGXumHZQ*CmvoZ(K>p_vv0))CqP@5_;LEqSxxd6s9~gRG<3D8e z-Mgt-;*_$MBdU;4neCHw8JopN$7+QEO>2CEyOTh86Q?ELB{rxFc>>#Rrh{yRC#BSy z4)cnahD9{3)vu1N*9NQQ%S)?Ph5pG`0B5gGJ|Rs-Ek6`+D!V1qp6zWPxam1hQ69Rm zu{B{!zrX2yz)Lv#=p(Ks?IW~N%Ln}^9$>R`!`-?IO221g|Ms&%3+~+VyJujIhnC;1 z#Et>ac^xO>@Rz|AA)LveCm%21)XsO*5K3DM<_-1JOP8gO9|D*iH zg$A+ZCymVGnXAv7G#iOp&<}z)hvC3+2drj4{G+gr-yi4iiovF_Qe0g24i^^83<8Gm z7O?me6AaZm`XyKc2;OQum9CzvDpymhL%|yWiux{)&no2BQF{y|uOO9*kx6BNpDMB% zwc0BC;82e{9e9(eKML=I1crzvlf(RWVNg!)>JH?zI+_3 zm4qxU7krH?*zOtL)Elgy#KajReM z02BwACFSY1EJCdRXQd@izEw^e8FRZ2S1aR}V@xhf$#Gl(4KE|ly!=VW*G2oAlQV}O ziRQ6iL(}?|)5u3$5v0%!s6)-SFMjTmYmjbU(UA(^Cz}d3B__57SrgDVT{{kJ|L{!!Sm_o>eqqJG2j8Vfpeh>%=+e*G zSVDKGgq?)=^M3oQiP( zv7jp-Kp_oCrOa|cZj+tf?xF0rWYv|! zkG#~+mGt3#lUnD$eNr(tStJXMO%fdqOq`KvwNT^>BcG1LVBx9JU^_l%HAy&77scnS zBW)8@mp#vT&h`&`(t89QS7k+gKpS>>1D@X>?1I!Jyvp$6$rv4pg^h9i^dpdq9i2 z88FU|E&2cWmkNjSwHVaxl|m&_RR5Eek_mK zYRE^irU%W|EJjE-;3t*k; z!(XSzSp#X9&CEjLLJWQ`E|?tV1fufdjUy-qqkTBydbw+{n0m9Hi|F|5j_s816xlHg zi9|id<*;;oEH0mpE~<$;kDK!sQ+E=KiZROvyeVIjvhnR?TM?IS&Wbn>6a3OfcYGYh zb=WvIz=7E?H8k}spJNQ1%R(jw0N!C!MIulVe5Psug}%11GrK#)PoZ8NMoLC@zk- zmsxc~;8O|uETDWqHwJa=E06~dJ~F}6{s$Ba=Jhil4)iM5QC3CubMKgu# zwt7la)R~NiVG6K_sfit%-@%?iruQ0Qcne;`j+QS-x&xD`rf^QWoB+H9-wkpxHu@4s zzR5vnn@r~^ar5I}4FlKkX7@tD!ypn+=0iB${DT&8az2B6pqaUxM6`x;U1SuVRiq^z z3(B}%DE1Jbf-lM>y8e}y%^wYjfBU=OZ&HE)+2jV0-7swV_~mlrHq5yvq^jwSV^5m{ zH<~b7gdW8p60*1NqYGP)5zF4Nc$$*I^{qHV>akPg1`3y-9yh<4lEX01yldpe#hCR! zK5#Vrxj`a$vBe(4D^wYW4=;4VIZC`(>88nuL?&_HvWMbkXV|JOatk74&4@xIwy`7s3U7ji8s1$hxGV+DF1D}YL%LGvLPgb*Gwp?sPgJex zgrf#{F?5X0fI-)#oWZD*ycZ2Twf(ip`hAcb{N#2l;_8dS+qxj_3Gt4^{Vn5v5k z4hsY}#|DIrD??)l|%UT!%HNyjX!%6izql9(J8vS%kWQu^L#; zZr^^z#X|ddU*C8iKF{VgP;cue12d#Wi*vbeGq}u;$X+tQG&v%UxMeI?7Khe3?)Kns zPx(|Kp-mEJ@w@v*8cWvLoEx@5-t1wNVycG#T62V*G<%LK^c$RJjU<>yDlLHiM4ep& z!9f|k%6jrPPq9g=T1h@gn?1!6qT@ge?Qn1^0r~M27|;OkQ#w`;Hm>1)116v>_*6bA z=%mcOkiOmAG^=eplY_qOv=HLgm`Y4W1FYng;v>Z^?7M%w*cK34GN;1DV2ZsI!OB;| z5rEA~wfz8?V{W#J{oc>K`*->rKXh&3&vRtQXgLmqv@U-_>0*8hxNfYTY#XLXCu0S> zQ;z9Q%-ZY`XK?1rynJBm>=O1^0O()<_Y2FMPnZu=Un0_p&g~@4+qGf8CE@T7;7fS5 z3l8R%Nb3+sUBf8$^&YK)GaHLf#3bm2^}ZVIcD!??zQB)&j~wq9xcdH^hSJjzm31t{ z5y+z@J49DAu3W+x@@;brT@bgSh^enLI};t)Z7B*feZdjq*C+G1$DIS5#}>*j(CX<2 z#HrtkgzNK;=Oj8Gi)ZQj>{-}6>s#3E>lcLeOJiPZ`K)x-;#>m31rFDJE=;j-!)(=6 z3jYV_wPTbqM{_rp9lvwDcRXG0Ip44ZT# zH*o~-C8}ku+`+zU%91Hm!Snbztuuc>D1vEDpq2%TR}hGrNVJlJ7gjoD$`AByM!B~!6I6ahA`N$rRxDs0IL1~stI=6Oe4N~jA8#PWQWE9I9z6IlWJI8p55uAu?Cq*3~ z&SyS=rgYs_^N++3rWF+2V1R8noMJJM0pr@lQiJvkMGSMh)x5DuFs_#YO{{;hQF0Kj ztT3D%mJ(D&IqRUf2IQ>n{DX#DC6N{bUZ9%HZ`?vZO6WofmIoHJawo{Rsv;BP&T_WK z30+b|jnwav;XJ}&`e^igu?>9xcGEpk=**2};spz2+2l)C{hEY~2CePLg$ChOE9&Xa zz6(LIW74o!@%UXgZ?A95x6rw^OghtVTt$OVxi4R*QR{M?;lKOI=;gI}H6CqSgdgL= zw&8E%{=`@=daWq7DvTRB<}Imz;kJs?`g3}k@>J6vG}ntj6C0~-@4z`$KhMg%+BY3$ zGMXe9@|dHj_IG(+CNW%&W;@tiNK2K@5iixd8GHntG2A-)7v@*me@E8!cX(|sksam- zO=V8!#{J7I?;2JOd=BNmEj8uu7#;Rs9p?P4uUk73!ke-b5%#wm6}-pSB=Njjfq3zP zW*bGj4P~2OGJ|0m+3mL==G6|>%StizxIk*(*>Ve?jevkD(K>>0W+X^A7$E zvUj@ijnjkiNZG}>YbM_Rfkn!1V90;^XD$xh#QorCcPSy zh-cCoD>Q9-W>L)AfLj=IV5kT|Mc7AAcvstQNK0il4K&WtywlW^0?ReHdjF3LI>v2aCZTYPHD$ie~O5sa4X}kPSrf zPAPml-#U%sRvA4m)x#joUJK-nfKn3IyKrSmr@i}$P}wQ?JJaD}YPF^uK^2QPc{{qB z#B}gvMk@|9PRr?YEN?)=l(Ba2VbFI0eiKo^S?7zaY)xl=z;5tO-5h7L+s^lCFX$>z zv#pBV{62FfUK%6lM+N3XEJbO9kdY>8a13#B;lXW1AV3%=zcnc7vrda8ugY;s; zT&kO&H?Ckyxi~krpSDqs7JJ?N1P0n>vXuf?H>|ZW8W<*7&v&`I0ymD}`1w?Ka+%Vs z1whn950O$E!Zu1fG;Mzonp}ZG?!_^)S)i?1%9^;JFr7IC`enU!Y^1XJv(jk&7Ujmj z3iWn3{@3=5N>XsY{lNsEkKHN{gAa-vPl-Ooi}CEl6s^8(?X3JOxMG#*PoKc^+>x>3 z4#fM`k@&-xYuR!Wcu15aSld+UA!4&bD24jB13jKkq~jkp%C!3d3ro&D^TRj64uEBB zane!4OLhpj3o%QW8Z96Y11mfkN7!r$tg$7Rfn~6KX7$}&DIz~yl?F?6jB`ilJF!Yl zj@2=0KkJr!-)8E7a9I~&VK-vT%unDmSgdJKnHi?Ieivf^?P`esWd^OC-BC#GOp;i3 zUn|xeK(RDGJMT)ccci_86deYCe}e;7hl6# z_*|8G)o{M?kz6Ll)fvw@f@Fk+L}@e&H=dyljXb(x4OeEPmVjkVI|jQ5I4H7}o3A^_ z@r|JS6s=1!3YSFHZ=VukUVIy~(X%l^nNAR7bl}z!yQ8Xj-!S}8 zRjid{j5s1%eoCTR)a$LYy!C8pN?p&-@f^LHytk^!L##w}Jo)BNTa>xpbX1Xo&Ro$) zR&S%2_u6H<_(&a|Drhf9TgP^?UpimdbXuSp&s2> z1JF&B+8j}Z^XDYz%%}q1H_s#?KLCJ~<~=>Q({{*f{&u&;&3h3egQnx|Sa=}~K2aHh zi;)}mQ`Jb_s8#D99xN7NVOYu^6dh=1D&HY; z}m#GG*9tF@Xg#v0!Hd5u;aj+SKFmS{{_vtOWX(Cq#H3X#9HnD`(3Ka@f57)4JM zRE1kFKdwl{n!->GPt_yJzJvt_3xvxT62&%>WOSP$(kv^#1GcYc6t|ko4#Yc!?`_|v z8p9RhhRW9y=GZs1rL%^%_%|hOxt>(~jBe=+t{ELa3HBd^AY~cPQ(S2?9fzeBj_`M) z1CC-cw5pJPld`T%{Kav$Nk}^$KCCi7lG0m2 z@A50m%!``x?@1-Ib^*aV=v>F98}f8oQhMo(g@*z=#r)eS+lpNSxH`~v+2oMF;|BU2 zkXh9xY2J^u@gr_1YWEvVv_Tgwx~l>6&mp$HB0oo{etN|=)K_xDW+C=F(!(0(;W+90 zTDpAu#QWV%1XvQomwcLOl>KNAv{|3}IH1{!P@vZ9c3nZ;;C+eF^?K>U)PN5TxS6-Q zQP1ZSGrf0rhGJ=N>WdICpP?k+1z zdhyY^M0VuorGA65{T{%~j`w)@71>1bh`gkqb1R;_MT~u%4o7lMw&?(a^5TjQIW0~6 zpr37~owe9n{ttl5w_+qwm)dHwaIVub2RBRrk?h{D;pnIOcQM8Ss`{8&eddHcAlQu+ zQFfIA`*zacU36$@RQW^Fv-m}PL|H#cU;4}3g$7Z?bva5jzn@y|t}Kd4P8(~s(Pd|j znUk+d0Q`TEpL00=hrh9dQLY7VV7PPM8M<9|DVcBZeqAW_u7l0GjOVp}dbKR6B}b?$ zJ8~Hm43O?CRyV6sIuEuqPmZROFKZpchVNA((?|%&KA5>rk0m|FlCtt#TpXDI8AZ!O z;Lv`Yiu|WmvI>7QOz0OzyoT|OqA5C+p)aXe>1H*xChRpD@+&HioLRJ_4c1Qvu4KW` zbVuo9TYRzIfw$%=wfK9;(l*R8rfMm)5{}|$-nfKr{sc0UzMD=jF0F|ACDDSoZOhDhZg69f-Qogbs-0vIPs04w4Hkx z9Dt}=p@VZJkxF7zml_acs(#7y7V@nx&Gv9K$F~lk*0{Ug`Gj%W2*egP!2o5l`MF*~ z?K^}i)s1S5!5Oa|(J>U^!5RHZP7+x~%KiFCa3dLEzF=5DNVnCfqJN=(>k29=WDvFf3ZOdM=+OFkFvvG9e>d3X z8ISA(@jq|k`fQAVC~(n}s+Zg4`2Q2Jmhuh76BYm_Zm|kjRXJ7z8g;mp>@4rHN03>A ztRYzCW2)I88y$84m||rQZl$b;-rAjO)j*c=bc#2ToHimymszAs>M>@I!lD}3@|(M4 z46r6jf$X<%zFmFETMCDj4-~|_uJi$i$D*kIkqD30D{eb+NkfXEng}6BSL7LYG~=_9 z;#6NVxESFw9bixyDBDeW3yFVvCeumpM``%FYjv2c(6f8rTbHlM`bjsxI7(P=$xhaa zr9);Iy(>Da6^YF6*t$vly!R_}F8Obg6xCOi3VFFRB$V{LJ*AEHe6P48g^ zY5x-ZfI3fc(l&W0Ajs9#j@`E0+#p%=;g#uDz3HZm7i8z+FmqMu1#&jAz?wGs_1h<^ zhVYc^ds5IqF`ICmsUxD*5kSf@w-6ucAiZyH7L9CjAMX(PNW%(iYkMbu`e-XFz8CDj z@Blan(13i>v4XG83QNbiz%1W;!EkTd}8Yr@%o=~Mwr37HXj4dmioX&VCV@bHr=yj#%yZm4FB3^ zrK|=vP3m7ke-1!tDrJ+EhJ5dQRd5vIDO?6f!3PsO<#vV8HCCZy@l4<(zFz7CzfQ85tK$(DGfa&=jwvVJofJ23a0b;MfDqG`5YhgKSPv;<VJ@SG0bKUE%dPv>g>hd`oz0G@Zp{N8- zh-_27eBbjGq5GL1YM4%p!Z==I*Sy(NRL3>!E=3&6Pk0TtoOM=pi5w@MV?ND<(|B)p zH=l+zWSV?i#ZL@ESzObebU@0E>7PdLyFPp#zg<|jeYbgWrD_D~OYAbFowk-?FA`Sn zMwXU_c^nrF=lOeVoN)If>Ldg~ezFE{K{0UjnvY#z0-!ZDP@+>lzOn#?`9em|gSIw&~MM_gQoDp0L9zSg%*e4Fme$KQ}1 z(a~;W_`P(0uP0|xGLYQRR>@t%L0tI^S|9ikK;`r&ly#IoDF1n8CLB6YGw=MID%iS$ znd~nbK~^`g+fA~mCE^N(Kg|f_gTc76>AE29hqhxXRoRxbNv_y}uMt7nL+R?<13M~8 z1%6iUAM^^FXK9lam-__sv5Hjw$kEa`TX6TZ*As_>X=RHuf~#tnplfn_TQc;9;(--0A|SBw>AF5G9150N@hc--E<7I7{JOk(+ zBC4k=k`BmM0c~Fi$NE1-RsV~~>^2vdEWb;bQABa@pi7=NU7 zg79uloMMAsnB%{v?>eTE%q^h2>m~2|taOPWJI-*gNS7R%;H%0mgZk?JlDUKbY0v2R zm?N_ye;Xw@#hRS=5p0=5Y1sPc)pk%bs`Yr1EB;S@;u6>I==y}Hnq)rkzxP2U&Hi98 z2R!?IRBu9Rn6O;(7STwg9V?QI3q)&XMwt2r6)>lp#gYg8NuF^%EUa6V@&=B3+mg|? zUx(*TQsDM5Y93gZ^Rn-NuP;$O-qjVapBQ_H7S=2M=Ga%a);>=6b#`E7xJ-nsP*e;h z4DNXE7fk#%Zg0B(wE3QQlpPBl(MswLSQekU683hct)7sW2T5*CUcE}VSZ0lF_W#ae z6P1FgN4*I&&HLLk{{GVw_urU8{EI>Am4x@OFo&)v0BDftF*pXwiEIv(vq1x&m1KYF z0ey7I1oHzlxMIamxIgkx{XygJwfO!a@1v^=zGBL-gV!Lh4hNgf3y!c>7uxc!qtqBW z7*qd1-LWDjno)k^Qxjkc05eD3pY?qVl5iqo=2S{AMOVHHI0rO6UF0B2b3}B0Kb#=y znBc3(b?X`?rMJ_4B*ujcsa{=1p2aeRATOAnu&4sH7rUyQehZj@Cx~~|F;OB&t{37O zbakCM_fAg#ILIds#<0wU+>fndwYx7`Pqw?UN?7mYJ*x+BUv<13HwOfqN=^d}j%bho z4oVtT!~tm;;ISZ&u#z7bkpa$OvlR>~^6-aXf_{MB!P1nwz)qqT3n%b_ZA8emByb}O z6va6%-C^lSDG+B&KNg@O3Ev=EIj?A|m}qYbDhBaOT;uCpTanof8lmSDPZ}c!;_LZa z$rV&YDF%XXVo*SSH3IfES{y;FN}B=)JBS*fAuEZ1TDOw=*PqTj0&oqvi~*#@JFi(|}wWj?jjjLKF2IX%ynN~IXd zkBN3a9?;grM`&tuqcDzio9ETf4)S}blQ5>-=MttmNMgK8#}zdr>^NM^r{3d!RsyN< ztb5oU@ZpViwoTuk9@SZ0TGHN!9L-~^NKF}W)?jMJv5W=39q~dfKb~>8z2X_C^)(!F z+Sz2Rb@U4KyXdlG@(nOJcgwv793zm;kI?{P=#g52rnIwrqH!7n+K~2zgsKT#0U?IG zcdyv%E_PYHM}M6d6JjPw_*94vc{*c+eXq^wL>EmXP4nwPZ$RDk3-Db8UG~JT10Q~) zp#R2r2b{E1iZq5#P_AzZmNzgYxf>SJDBj zsRXvNm8E=oSFgth;iYsNTps429zxHo8=1fC>KvA`2LaNSp^r90k{JW+jDT0?MsN^U ziZtHRRL7l(Hv;!=zx2F9TvL>k6ldk9&HmJnGyxjF&tjYYL>26m|E%_z{Y`t6Cz@w# z;(-OH_hRm~b!H6Pwbf8Kiz0lz7wY^}x_17_)xj@Pe7S!)DC(D*?QKtRd zLyT^DvJ(2Y;)o|{{~O+TnDRaOa4WKkyt9LXz95NnJCNSF0A@)=z;G1EMlDHO z=?`@*b=??x*8E{mMrvA;qhXxI!+!LavyF|1`iW?(Bm@x-ZA3}$ybF@(jLd3f7 zxz{T;p2CS-s+_0#Zsn3__IJ9*W5g}PHBfd8UkD&xuVTQ>i#tWtp|tY8 zLe`I$#U${j0vsHg`7w59`Rr=5`Ku|H#KY(Lp}xVoMLO=N`8d^H*)f%aeiyjpfez=1SW=vHtGE`gLQ;WXZ3<@zD4AUS94wpHNV!sd@=2CsP zGdCe0#Dzt-&>^VXrWlWpf-`@}UeiRG2ahYgd zuD63kS12QE@RNqTu6Z3VNkli6BOw?AK3qo-8xI(h!)1mBuK68n__h|I@8nTghJ!M< zd*C86sAa(*N(Q7EBlMPQV2AqMnk`X{L=`0PZc{KMvwqf16K~?}3_9C~|NgK8);)O` z$PZn5GIMHDt&%y?lFv#L&jNWc!r{A0FR0#5-Tq-V`_7HcS z<0SV|Js~h{jVU+4X_Es)5MU;L4O_6K+}oIg9{hJgHDoJrvH0kdq)A934gZjY_g2J~!Qse9mLx+d z3^XbKF$J2iR&FMK#>)r7V*TUrlqh0<%SG}*;y`(?v+vk;57fm9*^jg_HSnyr!SPIi zh0F<2&^{4uN*{=(5iah}Jbf^!1CsmnRl~Uv2zM_4Ng$r6n6dD4@2q?%O0ljhs z^gU%9*UKe}Wwm|ZL^!|)WcsjGjTnxqb4Q7bZ`0@O^lggbg167g_U_Ods-!l`Ovr&h z18$d6XvCDVn0iQ&imZUc`AEeX|FEy9zD#ZNPG!TP>UV3lsP);n>7txP)O!SNz}kAk z%I8+*1PJIcjHM#>@!NfsP2DnHP966 ztDq5m{9nOA4vcb!Si3Q4HCwx);!#naURJ7IxZ)hU?>h@?CCi6=$2#CEE#=jMGw;Rf z%0BSHrRJ(s-JE+@zK@@WNuk^&ZU??m(}us;1o&^R|2nGi&PD3x!^5Vm7=n5(2$bF> zxvY4~uz1!5=W+&^={Y{;tXsoLGLXD3FV&5+7Cf9!%$}ZQ@WxPl^@``R(DZvY66IkfG%2{A)PCVJ3$OSKd&-5d;|~3x9C_2_ROo@@GkL) zU|pdAPbI9yfO4YZ_{;$F=>Sm~Hqt(8(eRLT2}hcCcRlo@&c!$ERb5)Q_W+P8@v)uK z0a2?UGm17qt73J{NGPq7fp|^3em~8b8jY0umu-N5%Tbxhfhmm}dp&~n;&ogd_&<1p zjiko^ku>QoKFVDmjuM;kBW@J-_+c%eFW@&kyVi4g(aj^b?aaFe7m^{?@KHev!=hg} z=_jCesZ|5Z5(r zCr?Ee|Jq(q^lD)2#Kip~If5?Ai$Yd|rt}SaU!DvEL=C(2xFVmN0OhFz)zHmk(tjrF z%l1-QJO+lMsWBLouL5j0E5N<5G;lWLe5Oj5pap3j4od@(<8#m~NAZ8ydlRsx(r!x_ zN1QN%A~L2F5G{n10-_Rf3a5aGaVn8PqM{-orcjX}AyH8g86rW6fDjcC93aY!gha-O zfRRCv!Gt6XGA9h-K!)nqulx4>s`|UP?|r)Ze$W4R`8)z4oRgfBbN0LU+H0@n19a$_ zng6tA^56HM{__ks=4yFZPed7rx-KU|OtiwT*G|RNgVsfD=@ndg^7Hegh2A#JjZS8x zP>2a?mBV6=NQlJ&oBqX5xGXX&Wy(r5GmVF#q?*Q%!x)62N{yp!m?kD)?~ikiG* zoh)&{A#CzOSn^cRH)L+c4Ybo^(grDdBk_vdsli6Wdw-GSNO;)!6GcsV{l@xh11=#td6f$V!#u1UlP;{UFr`F;QQk(?qg+MC6rglJunW)1+1hq^C!K_Ww%Xw;GiUANj7n zcA$fG2s9#|0j?i;49tuuJ%P)3owAQZZa^Z?IH_@0*3?b3ojt34$jS{5Diy!@+SuOS zk0PLb{C%d^ByO4_Yb;#^NbnpnAu=Bs!!|l*E6ljA`splZ+1fjH&O}kXTf;f)ViK6J z2;4%m$MkMdQTSL>E-1r+`&3^(VlK%(zM7+*M~PAyz{LhheUT;<8S5s35JyiJv%`U0rXvB9YNRF zch%pfl;ZPB@OM&eU&DP8pK|=dQ|$1n)GeiNqJV`)LSRQfNG%Eqz(s0I!{w1jAU+ta zFiQlx7{F6G3pl=by?(Ye9IU)4;w|&&?7#2@Ueb@*l-qd8j;P`q5KOxRYYcnpL7S0L zLbHn^@Ubf96wS4%-6w(tJ$4Sl#HG2l*JOGsUrc9Zc}MdCL0=JIEvd9X*UUL(3f-q9 z9~dR#Xb$SRmf7#9jDrifdy4ZzE&TTtsy-H7|6mtlF{1b`p&a}GIF}>Of>UB9juN55 z!5wSCa(zkK5hWa=^N`gV=9L@!-=5DP^m@5*)3E_&bdww`as&u2w}emz2K#?pH>bA) zakKrNpwPbM+Hs2Le(sneDAQw_Asu}MZ2TUAch2EHtlqY*5tjQ*y9LcD)-cTSTy*148C-ET$* zMxQgj?uTcMQ=g4Tcb)xX`~!n63SV@G$lUJm?_ zY~t7rK5`@J!>)1u+db>lvVF=Zi&X}S%>nKNH5j$Gp}W<_Ey&`e%eD_&_+w*Olu6Dq zOfV+Hrs=@Xx=B+Jmw+^ZtCxY)C~lrCIqaOotBt?YBo+)ted`xc`@Gz`a9^;pqhKhm z1gQsm3lD|mV&m%?yqkjt2M5C}ant=igo}YDD>t>t(SFynV z?iyh^3vt6+MYwhZSIR6K4WEe?EEUVQ`yn;++ca(jgCSHi`Uzi?GamQG)r>BsdXg}< ztp%+WWRsRj!cqVQFAZ|>sc6rtx<6TX)pD=Sk>Gu_o#fUZ-qWCS)Q?v&-AqkgBY~nXCB{BZ8z7(Je3P|mozrsjLQeOYkPkouJvIP9lZKY* z?G6`Fq6@B|hJvN>JE;`_$1wh!=O4))`}T|@+ULkFz^CO~V0<|x4=PVSww=d4Lf$MHe)e3{`q|Qi)oL+nqwnv3 zo9P8;)7~^&kf4~&aDV~1^k*c#0dJscWX#F-hUFq$6i`d#oUY#?Muej-$tgqnf~A8- zXPygJiNdw8^KQ^~)zJv?!z;%^SQA+&EiYJK_5^+-Dd{?&A{yR4F2uZ)G>R*K{gQHU zY%6-daRQ%j?jH$al_PDP_+Blr<4gns-<_Y-Tkg4j@Ry8NKsm0%Kq5_zH22Oi9nc~;=h2y6Roo%%MWlJ{}`kJBTJ(YS|Eo^ibX(LD;jNl4cgcOW( zP$KYJpoZHaE;s!8E=nH^3*K(Hk&&0L$o+2I!Xk<00Nha!Pw%@!y7cfnS^J|M?W}-_>tyC)imseiV13 z9`r%Gl+Q7X{NwtA+m8+3N){uQ)|&ETvfQSrfs8z?ynb^RV%q1|t3W;Wf)m~Y;5|PL z2qeywYcpS4o(D5Yc$gcuxip<}W-!N7aike9-_Dz2d>dDQzGT!CO*K4@9L2}_vMrOV zkw%IDA^tjN9(&24o=-SNpE$VhZ3{X;MBP-*#|;$|bDO&EhCP|OH>PSB+XXObnrkzl zb|a-Pg)6T~n}nBhB~ewuQ%7dbm!51XEYv%9o4#0AC5$uh8PM1v4e#RJBHIu*x4ug? zZAN8f1x$uP2V-3}?{wYN)`<<&nW?12*Trmt4jjv0F-r`R)KiAGTqDb7wCfW^D4Ze; zYKgV^imFK6@SEBWmhubr_J}uqNU#a*UWEV=N0sB-oB55t1m>-pQRffd)GSG~!dd3l1APz||$%fRMierxk zt_u$5Mw+@29_Bfiw< z)9Kh1jU^DKc$&MArB}3nr|SP-=H&24g7TlLZum$7DWZmf&Z@IOxgjAV6O91Eb8^a; zgHymH()5wW+kZwq__x=r|L!f_k_4xh6pAA$o>*?5dRk75(jD@?&KYL=V1zohj`)w?j2O z`>NfQb=i(0!X=hvb-W`Ad!@8hrV}2d#Nw0{L^S*Mm)xros zZr~-Q>>x({8{IwqS*avkY#80X^u97Zn|o1`aR4_Y2ijIoabx5G)Yn=$&|!K@CZ<(M zh_zkF7?Qa(xvQ|+!uycKr;=gl+wzukopqoW?~x&U%8^c=KxYiE^ejx2QBqMeK04O3 zCMLD}0PPj3l0#RK^GG|SyJhB)^Y1^aHDv|%+uFYCJg4Nt!*^?X=+#q0R`0V3GO{w8 zYy`%!QY}>5;E2QV&UsA}L^G*P%kxKk--H(WeE#}VWA#HoM-O48JQXSiE84BA_Ov@= zf*Sx{?*n8oDYJ68ixHvP3I%LbFudl^h@@7XE7zJ&ca3wses=hXeC78%6itkr+s)%%)cB@ZUoVXP!m zQLJ5Q#J&T!THh5&>P5_9l=?t|)={k4OpbRkXf{E^53FYmHM^pua{y^VwGt*Hwc#lb ze|t>W_K(&2j9gY?QE^c$f3C89`FM?qw{(IDNd>o|0D>0$o7y1>5D;8IL{+@Cy!*Tx zj^c8B*{XKhPJxO_IBnwPd6shd6wL+LM$}FIVAQZH#AoP@lyemB>oOnqs7hT)#Y%M| zz>@I@PTp6T{PDV7ZOCT3vb7lE!*h4T!a^_^|9rOkpUG7J5itkgLTrI-1t8Qm*7#is ze+M*MQH9EzD9S{RyIRMSJJa;aDM6lD6~4o@ilL6ymOBr!)jyH!x?FS)7vwjvp!8$Y zQ#v|2Z)(`i9a~QscyK?7u40m&u!8_?iET&HP(D>yN%TeZs!+=9BwUPj%ARrO&ub;h z(p%5dYtI-5%du@cFONC=5I@_&z^6`>H_7N=lwH0ulJ$(JBUG;>==<^w-_m$qQYf5c zYuJ+F6R2DHW|VfeyBJiS(H>k&Ag1t*$xzvn+`=nsC8%n~LRN6l+6WOZ@`(4adq8I# zHnYts!>cxDZ{QlO+oVG749Blu^`ojuhq45{kG}$xyFS!AMw=2AIvQKIc!zw_mkCb7z_%-BfR^>JZ1VNwMC_3M+lL($c987*Jy3w8;?>StmH_%!Ekz+ z*-WveNm0VOC*xb&kPl8lomFa~+S=o|p)_f;;w<2o{^azOnCqUrt0_;gl|BksAOo(m)O~)JXh19i;EZepD*#k*g1^0zv^S7dNGyQb5 z&fVDruA=(+dufhD&1xXF^5dOp74kZx@ciQpN;&QYxvkxckzF{-5gIm;=J;4%(?Lo{ z<${T}<*KBxCsv@pJQxAj%W^^$i~yLX6{6?^ltz$b6qFd<@x2S{Om1NGM#rFg6gG*{uN`ZaH@;)55xz*tpz?v9+K$ z1k)hrjer&Y7(nCqn3pMR<(J_@Rqgkmrs}{*sntPAY41zfVhDK@#_<|QP5})p8+5To zO`!mYLLhy{l!N?remBUw8?#zouxnr6~khnGwUuDXCLa}BM-6=SGs zR&l|Ib)qatRiSF*CMr{8)RGb(>BJP5=W*gSk>v`#iLhN?5mWd2=+a%c8K}+N=6i<@ z?hKlD^iYny|MFtHf$K#JDcz3;k(1*{RXp~X@>ea;$==Zd4faCHwXs*XJz)2o2FLea z@EF|u3dW4fMfbR{54GR(JkE~)k>~YZ-S%Q#Hdd@&WsVGomQ3>QyyZsZyX@iq{3c;W z#oK*ntEJwmYWzv3HM6&q;P;@Fv-Itqaj*_@^3*FvZz1QLXF~(DPCW67h6O6i!=-Ti z49jhESjrDnh(+7p|2p_R(+n<=Mv0hIitkq)*>MR}l}XkyZ4Hmd7k_42*P3S?IvCe| zR>eI-$DGooo|#6_%?h@H1fxp3hclnFQI3U|%8xc-Y!pWt6ai132I3wK9{5H%{@J!i z@g>_hN@;|f_Q`QnaB!%{Oi031tnd~JDxq2JBqumPVkQcXx|DcwJjfXgZk=CzEgkSw zFF45Jdf#KFV>@_pv$`)oLOji60uIR8(e^{-R-}zER@x!tRhFbno)t?`d*r**(>p!Q zIyQW@bnd7zz_ad7M*=$P-026=&-`D*6!|IGx#~By<*&%gVWu!5hPC|VK+9OYFhTk( z!jN^PIdI&pjlbTc@*0NnBhJ#3GEXgZm$n#M26Q1Hb=X#2)H0j-6d|`_yovBzU_r#Rk=WH02-x@ohYe;r3=* zNMZ8^OLBuD>#obZ8tMnyRug5{-RO(0chqEy%xg);@_k@x7`g?rG|N8cmOSLbZ$B-* zCK71+QoP?Z2Na|13#P_Rq62sjyd8dsLvyUMF0hfx64Juwe(piCQVCUrx~Z_r;$wZ& z;MPjM&dQn7bu_1(B`Qg$2i6ixH?2Idn^ab>7TUAI^#f<|D=??WYuD#;R*Vio=a^dX z5iU4HE#@VA9j8W;>0=zhkQL}rqbs<0+JuJW12Xj33c5!FKc1=d;Y_!q+)Nx+7y{yfpVj8bsESXgf? zYOP>)P%7A)!nUu=9?1(GUC_oA$}?_z4T*fT+%;=^D1oW2}8OxTkid-)AQW4ah&Ax>?=xtfXaU1#k&`jDxMHgvguvXsSlf5}S^Y!n zc^d913y#n$EN22c!5WoySNh8U#CzqD!$VQ&*(alv+zwu7SWLj0$r~*$3v{gTJ#M z>{6`0vmX`@o+(Tc0QQ4-0)OWh>3b9EMimK}9=6_V4Rm@`2NsJLDUK>1u`Rv=y`LSe zH>a*C^q*FrvyRySBp@t(s3A0&WGSh}WK0YVhz%XpL*xz~E}C-h03xa!4i%wp8KFM~n6erbwrK+56Zz?{j0oeR*md2dMLx|p_c=u{;n0?7#(4jXd`mR^9@McZ&zM>}U%9=yHS}tfqb7dX+schkz1$3>C&m1 z91MZhcVv`_7EMRzVIZ*SM#-t8UiLd;1MH{$>*W&kj>zfZV;=Tmb>~&$7MN1 zO^S!JOhvlXSN@`SNV#VpFSFBnuR!0{bJl6 zsB|t}vj&rq>FId7sQ4b2n`jd2q=1mSv+=@F;EhaKaOsF-s+=0(g_N*UOv{p7>?+<` zl*W|2rvMf86~_tLPp$%ufPe1)e}{XL0|))4W-hCKpFsh(aJ`5!uI zUbQ@Iqz+QlFwW3=(9KAvHBYKv10)hWLB7ZfD7>7?n^lNk>j%w8ua;6(i?Gr~yejv? zI~Irb0ZL;l82I4m`fbA|vilAKE~U);HtW0EzFPy3%=(^iFUdn*qaYQ55@(T42Z0q9 z;J{72Z($l@MhF~_*9g9JXbaQQbz+FRfc&w@uXbiI#kS-}% zs@1@9XyrB2N-g*p%P!4Y2fQ(@kYK&g+NZUqLqOzS*-3Mj^Z2gcY*x&Y0!N3@3eFPJ zJURNC(L$-t?a2VlpcpH=XX|CzMCN9m8S6M$eAh|6Ela`VJAyQ0Og!j0dK<{DZT$?4 zp!%GYfUkNMB;8(GQp1eMRKYuyhGg`1{;|yqCm!}ThB}AYsUM*2g%VYTjIVKAC=eX& zEYjMBe4Zv)8`fifI=gLivPgfB2Ro5mWgZspNUKBfwLryc>N!#Y=7V{Fzne6HYrj~z z4LR&8L6mX8@%SKayJzR85mBO*DKGq{ycRZzOPbfjZb@Bl#9#cNC)UjZ*gj03*$RDr zuRc02>>`kA@_6JYm<@q9s!Q~FmlUj6VJGsTW@jlJd|qN7x53^{#G#Q5J@W1PH5PeC zyK|J?pb za6OK9UN$|}Z5)YBSW28}1bli(W+NS@SB`eris`Y|NDV)|fSAdMoBV2*-IeX73d)({ zwu?PQT4oQds6T}yZ+yqZ0x1MNqJRq_@{l^DpBhenM(^lC>bembE}wehePkJJiZW9$ zbvb=z3~Q2%@I`Yf+RuXUb4azwL%trH@gRu0Y9I+8Y1LEHWpSvYFmA9vun>d&g3jGQ zO|@FJu@9Ek6M5ClSqcZjmtYxH`A7x8NS8TB;rnM=W&D*XJVr*pOeXbk2@1tIG*{=E+?)4qe`e?5uf&NFXnO z!*?hX+4>!%WpKYdM6mC;+vYjEz`N(VY^UzjS{m@)w)Xrx>j4 z(MqIxd>6L@8P3sR>6{khR>2%sN5;D0L*^;B&0L^+9-N=V-upPI7 zZP(g%X}@~B!c3V%@gcy>09W`EWGBns}h5*ORQ`n};S7N3Fj|O=ux(pSH9gq<7@P zZHF@dRCY81)Sv!@h2%y-9;z}F*%l%EQX+|{P-6GVePUIs9o9r8M^S#tkR78#CbU`O z@3ER3gD&VXqYaW#khwg?rcs5t|MD&d0LgPG-qR#+W+G>F8ng*Qdi(0eF{HkviOIVQ z7i`#~TnC00?#*K7w{57<91`v`5>e0RsJuVK9=b)0Y{?q^NU3jxYE{d71#LRzj6CMh zxODk`Wuj_L7C^b@oOl+-d`DT9ai82YclOVWw%`f~9TzSyR_nFyE5bdEJB;|s?AzC6 zd34V13&pPjS5dPL%V@EjmWc~kaHv#WwvE-2 zMb;s=LyMZ^h#~gnWD#!#?9FSaq)v%qr>$h>)OcF&2Jv+wGc6Mck5RlM6{h~u+R9WT zI)bEA~!lhc?p#r%Ct@B#4$w;n!{0!E7#2d>()Y| zc@<_AY#~WLBxT;RwBCw7Am0PPP6uyc$+zeWzL%%yI)$5MW8YJzZjjuDfNg5Gn#h=b z%IxDe+16y!@^HeKlR|SkP@EJmMqN{Ad{5A);Vdbl4D17>l!Fv~ zV)#Bb`!hP=5%+{?cjU#>gkJ32BS$J~Xh>NTu@HSCHw1tq=i$CiQ^p(F15d90=quyydwq*nPa~|g#%;!d z2`6`0F1w^;a?aqcLCY~)V4N5UMuj!t;KOwB%Jg6(#tXmMTlv7egFFuAQ?6c~VCJrS zgm|D>&+JsSBJ)~rkgY%yPcMa8!H77r?M6F3(#B=2#}1Lkp0U*dsz`$plg(1#w=}_x zG{VJSO9Cj{ReVltxRg@{>DuTMB2{QfH77*sUv(tue7cZxTQ5JR6j*X<*2tXw9}IW* z=>pdIys%=h5WkeKg*oq_MbH`ia^E8$xen44Bj$V6_<{jBm0=CHQ*?6oiK&HulU zrmhnFRHHo}JnSn+5}8$e>s)09bVlO}LPK%n({R$dzPpsiFpUREh2*q(O>$aL^w_r5 zxTox6rR&r*Z`u?fmwPNel!|P9&W(L19A9Mg;rTdWi2i+F{csFCW5>u~{$s-)i5i&U!U)L{?DnCWNk|vwT70s&_qKdHe1QXVeud{AIpU z^*bjT_7%SLozdvwwpmkdyC+0ha3XA+!AH-{XFpyGX6bgQvH=Qfa&OjX^TA(530D`H z>sRvEO9bH)JuNI(k-6dK`s^py^;5R@ucm&aIT!?vP{hH%J{V2iI+*)+4ag$^qjVE8 zbbSvDl9#u>3UW55{+kgNdQms=TBap(1Fwaj(YzU7 z|LjDik_@c0Q4JUOgifKA-$>L1=fac)0IbZ*GBlJ>c`=IPOP&T=7i4ys? zwR{-wB`NXW*g?!a(uki*Mdrp+3!IkP)*7jnZX>TL;lQ4Z#T=n42-;E*iUA1;e1+sF zIZma8D!|HcZ>B>PU%#t;Y|YB@z&6=@#e^YUU*GEeIG}S&)GmTHZB3)Fqf^Gr#l@5^ zn$%f33uAzj#vdfKiR?X8TB}scYF5`>0oV;ZH7@O?fTO6znSWmkI#lla)r(a%$b3V_ zFrh2!kcb|E(Hl%c-im!=%Dg#w?D&F@oHGx@a;)Xj>QnsrVdh`_A*Y6k`o*|#Y~zO2 z1-bb*R~Hr(Qfp&ZHI1yvIJfB2Bg8$Z>m@}?g&_KLVIsOXkt$TfFr@$(VTC+v42pXH zCg}9atN_!FniUaK3H@4*r^K~fukzA(5$GLb=2ywL3>y6)&CU`MV28DmexQ-crtw`i zIiF;dR8uZVmGz8U=C#mq{B_1+(hj-(7e#;+f8&Q%g_~H3`36w!RDd7jSj{JCA>MLp zny2nYLeDj1TazZG3FBXb(NkHs9N#a*g0U<)@H9CtXzT z$i?Q1UcquVlBEO}jxi(IDIcMAo}?hEbr@QC7CJ{-^46cu4?9>c64%n&hfl7y^zKu+ zM~uxxyS^piB=^{8m>@#U>+pPK-AIfYMNsYi>nBKwZ}0r0h0qFN@)0pt_BaxxsJwD`2y( z=P0%ou>hF-`JX+h+5mg+kNt_^8};$7lWA!sC;>AP%^sq`*tn_M0XSG%A>+d1Po1QN zLd122x=)we$Wx5Lr^&%6-f+x?k6TYgcLEiViO}UgL^~Off2p1|{r;6Mbe?$|c-H}O z6HCE2l{QFDZ?h;OUu()RYK7AVJt%^jd@=I;_Zn<@PX|Eo6OoC=R6f?7u|zRPepJQt zQhN*ANH~Y!fJ|5)o7#(70#|spqE50JHn7@OaRbjLG-5BvfKCBLDqXn~57Cc8IbS)T zPYavzt`4zmB*D&bqWAN#{QR#vZl8^F;}7M~#(Et`EE+|q+?rlOEY1>V32l&E*{@zo z(k+F@*Tx0uaFYddzfw0Mom$a4HqF0!?F^jiD%uo+#l+We>|Zd4b)_wc>zMiZ(xueL z6oP+J%bS2SBHp2(Xslk9_A4bAnb>GOheS1VFgP{tbx6KZRj29ZXM`z~P7U=xh0Or~ zwoJ+%Ztqg3R zPCZA?@eBiLTGKWVQxW8kcmO40W+^tbvNm=_h4OSs)>5ym%wxpegGaA#eBSQm6sphF zekU-v5E86eV>D(go_aW;CS$H3c}h2j%MSyku9)=FC|}HKNkZ;(yt4^GcKc~A?ZXzC zp?otk4@2Hpq1{WF&GALFd&q9JoRKmsrpYTP<+lE!tw6D79v{!wpzOVF9=RsCsOWZ$ zfh!PN#C!~pcGLp}o%^=8tdZ@ZBJ6O85Q+u2wHfjT$>u3+<<=z5WmFysrpI-9x}09K zP{msvy%1eIJH+eE+z^^WZ%7aqaIiN@Ib!;q4VIRalUeHJ_+?o^Q6a10)<*z5s?8~g zbztu#DzdhV>!@|qp~l_D%D$P8>*lx$`ESXVWVnRWu zr~lN-u~j1`(H>5#a>DDJjGd76X0_vJ*6|~sc{kW7;$m4{GkYD8BJ>0Wp&%M*Sw&+v&Ga zHWrAgP1v-Kft3Jijjxw)enf~!To>zPqFIYflyf$O9RH*qDyDW2xP3yM3I-Ao1rE)V z6@xVfiCE(ArNw3`ds4c6FB(YGt1n}FIz1?_Hojlt7GFCdBQRt&R{3t>Sf(Kl$? z%V{l6qY8cbZZ)oEm3-$dCjj}T-oP@Zd+&FXS1VH$Si~)|##z-oSVzcM#1%4bC(Q67 z^APhpcP5dOb-pmYX^xy=La$18RMk!P8T87MT6H1cjm89=A#YTyk?`)^V)SYNSumIR z{PCd<6-=$)kvkFuoGM3$>$^}0;-HKMdjv~$WPz=ib;KjQiWv!gS0ibw;RGe%Zd=H_ z?j*^1Eh2Sm3eXA>WJgAJ3+)mO|Iri^v~00oSL~4>ymB2#frZmTU{_zT4|S z2vku`;ylZ759Y?z{J``2+)Ub=EasJU#LRD!U4*rTqsxh#tGPpTzIM~(mWh<@JmdhM zS6}ro?#49w`4Uf%LG1fXm3Rn$Q>(`5Dkv=+UqOtQdZC0!uh<9&SCCg6J7_-mK8xMd zR}&bFR{t<=SQ%;@)2$h;P>8PD1M!7F6_K0$@9pp3(;;}p{)b(SB4h-94A3w@7u$oP z)G-WhM<}j6ezf@h?|U2h_6}W?X`K#LIh`}(W}z0)qR|(ZE0BT? zqEt>V@9m!l!7h`~jM-bBQk4U6wxmC9<=3-f7EZN145x}50U?|6iZi{I`iE@*$^iEJ zhn=VWVWaE=Kd%5ef+ z!@K#vt}+3Vs2<(1keFIagOtxbz(mTa0yg1_S~l5?xC6;zv2gO6ofPR?9PCa8P9Kax zrb7Gs<2(4JJ5Y)@&wxP%C_~Yiv$+ZjXdZ<(*{WJJ0>NLAl01d>Z)#909ySMPv^WT_ z(u{(pd$0=Qm6Y)hS2s|~nZzrrd4#y50W6&9dLYQZr+*wU>DQan|5j=scK!$T!shfbG*uN8 zNwj~f9&adJT7ich-+t~(6xr)IM5rF_CR^<%7H1*Ef;NY|EOabeR$ICV0?orM1;Yos*cQt>msUOfQjKd>8{rE8Qo zOT=EU1WdeBOl>$}yt18BzN+2j(0;ks^Nfx`or0Omj{||8q2;-gDHho{<)xUxFV%YGOVup`O~L)AAUbbmiqgN->aJk=@P0U{5)sK zD)T!>?LHXy6C$VQf2Dl!Iq-cFZQY!M|Ffbr7Yf=aDkDv~E9_AzSbm8EuUnC-TiB!s zdC|Xln+a!8-b+{<%NN&Dr-07nRgCBfOI>zK`Bb&mkB^qphlKLIFuA;yo4O!B7R>VV z^<$kZ&<^R2l;BW;uCn_ADb+JhMtcMRNyUnA;hC3WrFj|fudtFHD!YvN;j{6ZPv`?; z!tC0N{wp`@fNB5$ImST~@4NA$p<3ADT_lPa(a|a*+=RN)tP~3=;h;%BiC@$~+_wer zOD-|gJvu|^%uvuT_XFygyp4k?_j}J!c_JK;#-ma;iMV) zJJlT8Oyfr&VUJGrq)d(0{cR@l{#R8SBeyDIXw+AJpho;2Y=dYvrVi<7w!a5Mcv?<9 z%ETYOx0tC`Q{-c36q?FBg{kyq)pFwQ(Jp2cVz$8JOHJq^#SY2dB+|tWt}5qnk+K`y zM%lF8XXmtKGLtF7ZQovnzU6$(yUf;0r!Cu;P6N`FwOdbvw)wQLDp%<8^$!bX&;UioKH56w%_MVKho4SOu^3Fhm|LidT9950;50l^ZbA z>-~kZ9K@9EYy^=Yw&X|_<0P)JK|CEIWq)oyeV0TKL2fgx4A$hDwHuFhE5GKEfq6GA z1gO^jV{~Pamr3go%T!p3t#W@%$?3nm>Dbp05Fu)}h{w(Qc=J_lP#&|Au)r5urdSC0 z9%ItestA#WrQl!#^E72hm283n3Rgr{fqFfYaWZN4fw&3o|i7u04rRn$g(D zlu1F%rEZE<@D86~QK_Xa=QT$EabYs|Z4B$Wll60Sk&3s%3!iAF$OY6=*NZ@n4b8FK zrY1uGNVhq+RLXWLNUjsgdXd8J^fMpFq>P12qN-ty)-BP9y#+ zi0s=YnHq3mIol#P%(}j+3m>gtSN%m3ZFo8qPO9hgnd}5s--A$DMPkCEp zZgxs=dM7crQs-?R<=a%!BsY-|e9^~*zEQyd<}l)TfWxFR1_r+XGDR|KsV@adw)aid zXtOVhAepHok_f!D2wSfsmvf z63fgDL1BpU;MVqlzIcPwU6q%|9H}|@uaiuSq_CXOv0eUd8$?x@$GvTqr5_Tiqj)9u|#@k$Qy#J(q^ogxNWerlqO$2Cn z;}=nUzbGzBHjRszw-xhVc?^0X*+org7h%{+z^feV*k2f5o3KC&HCZfj>;|qbiwG5* z_P(7`W=yhBa2vA>7L>i6Y)Ld7iAje!xWZd5?h91Yg`xhD-oezVkXR?Q{IykZX&NNqMt$fb@kwlOJO?G?f93e8s`kOUxmEW@dD+zCW(y@eR z9^9Ug%UWScy-phMfNSf+hm_hK$J8T%;PL2UqMiF)BC{)_G6hv}c_u>^)*5SrTC%{p zB!pC-dg{6paJkV3wvu36vSj-H)7M+>1eM;+>|3?%0mWa2IRAvzB(@#4>Ec|UDM%3_ zhg?FdFl$?kX<=sNWbLM1pOuvhejO)|Ig0O~rM*rjf#bhyp!icFG)X^x#-NDf6{>ZT zu!q#NCN<7)MFQfqB6Y7+&yvAf4oym3kF?9}LAfg6c>e7;qm%b8ZNJ2q7S#zM- zHG#BI`5bsF8j0OMxN7f9<5q6U zeWjS-4+Pw%vgYRtwo`P6fLz7Jl*j*8_Hmd6V1(5c6jg;LSmF)ykG=2$IKk{G&EP4Zss{@xE<1obm@TBZaMe`q zc_}P=Ta-#$a8qf6P#AOqm4pwF@EDA5`kp}6f8XlSLUOAi(m(deAGW5#u4J8wW=L`o z#7*wH+4y`ewq2ab`Tf>uzu&hSeK@c|Ry2V6{lra>TV=nGa8d?7;;1pvM-gz68u<#411}eX5gW_}>Lco@^_)2>|N4}2^etzYy z_MId(vFBgti~o`DQbD`FSf`qzMx>WP8ti%Sq4JrG+brKqFOLe_C>!S}4`<@=Psp$*5MK?bsHP}TvA`86>|cSx~VI#n^|m$f0T%%6F-AY*vvOwD`*%JTQ!A$>7vec=i0_tLt0+M@LyUV$M*fA<;Fb?@CL5DggA~)JryXS zT(qLIyBX~|nhu1uHJiz! zKqu^0F6SI#o;z_=c1D^V6P)G0Qj;r8Zc_~FxE8%hDex#6+O(Zie*=*MMF$S!w-86m z_}Z{3C?@J8_}e2S-)t9eOjcKn$Kkh9Y~%<*+$5HtPw5Sz_|hB*1f*h|I^`{8zVI-T zPMK17|&V$P= zt|X3Yyo>9eo?bC)GDTa8y2WyqJHoZH*+6*T!zHwuZxVt&0P45JYp32#38ecyeFHlM zh>5MHbU>gxnjoIK5W>dKyq!d~aYURlyasV`)i%L(vbDlldiq&Z(6Sbim8ipF$H7+X zg z*?wduTt+`#PD$e^L#Gcg_NWc8mynJF<3(J=5&UwJ*@;m9i~%iAEWs$-S@E>*>dIE`OUuH&0Yjbem|Hs+2-v{RT*#(?T4=|R7Q%ToujhMj@j%=eLND785L zNnCkpA(w3`wO|a_N(Reh+hmW8=wV%uCNAt5H)u^qr?bJ#ud%KUV`yOe6sj7#YM)b_ zVkN?b+u(1{WR#a^_+Ku5>RZq{bN@jBrPJZp(~kHM{jFmr{i*lIpbCN3fRQeoc3zNQ zSS^T7oh9wzMn8?^j|`{|2sON*JWkut5RY!j=&8}68<}W!rf$`8Js=tHGKxWdXSS$E zQiPkO6*U>KkHhD*e7wFN(kH~UsF~By4UmDJ!f7b@{B$g)B1vtg{SLeX3)iHRKfUGN zCa+c;1iqM4JI*S0Wqu*L?gGP#2+g(0&pg^XYX~ct7BLUw_`nb|(L~G1#B-W_w0bF+ z_XDCnjf`cOc_dvq6s>R&BD4n>I-J+}E@!43ikeKDH;7|rpaQ28K?e9i?^rvkCD6eD zgU#YqYVz%@J~1?GF9E_^pC@7vB699a559kcr_SLQMEenPYHxfx=pN=fiI7TQ>)c&U3g#@SIEIulAF&rl% zgj4clH=lL-C82JqM_Sj1zT0L$lrY0i>771^`T{jt9_-z^QC?J+dOVQ2L%o{Qp=XC` z8?7|L08SbZE$J9MGSz0pHq!N}TTkRq;;T+-ozaakt(_?2HnJ;#fBSgPlF)K82=pD7c|?QEB8yEdp?6=d)MhvbB%)kRGK0Y#wi zz!dc+jQ}XyklXHN>6$Qx4QshqQZE z*Fv?rx;eGku&%;LAUP*%2<3zS{sSLzm^>f&}n57G&hgm}5?sQMK!4L_Z1 zNN}6tc2&9@e4mJ*3^{w~@!sKpPftn<__%&F&; zjtoW2Lr`+lIN^N0)|nTG-$GsmmmAa|yQ3=@MpG}29;ErG)5RSGe>(1KPn^S=EIKPq zB&gx)4KtPj(z?5_uMLEOVQ>>uk9BLJYM&B*7FA3Y`8SR;u*%;^Z9{sd^!@Tqx?B|j=O{Okonc|0I~WgqBy~LWPUhH+L$H?{Bwpe z(Tbmnn4>tpS_X_oNn@I|Cx`hENZY|FQsjihtdk(Jkd2RgPoQ;UKIr51%wSKOYhr=~i!@^@k5QLRJ+POX0cqxR7o`c{(rq}q zhUq7|`<}5k!#VjOrUr1As0pL^8_dA@AEKxV;J&-5TZ>-NZnLsdkxm$6Wriz)`k6^$ zFvhr&H7brW(04j9HXaHRbYBqnSu<*pdO@bTGRE~uHQ`vPj8d#vB3SO@SHHzuG$xo% z?x{0j#V%i?syClp^)tC>oN!$T7s}ccYn!ulV%yZ)#3MBWA&TMH-+;9eRmOAtsIthT!~P-oeq&Rfl;+Ci;jQJ5P3AhzL9AHWfYT zv2SpPSa}+KmMWkFq=X3eTqo^zA-oUccLKP+mNSlrA-ez1TP#GxXUbm_bAHdDzeMV^;qgU(wf~C3nz$<=i zj_fh;2_a6AcLI1i609f6UwVMdu5^UmOzqdv`2+g*n510>|Hm-GJbWcIu2TlMrq7u_ zlMXx&`*3bj`;EXoeEKm!f85QV==|^Vj%q@EmD=}&@z!zlt4vS}Ed^T7)3p6^ZIv~C z1x}q}niw5vo?IWUkcT)>hVG zhdRZ+v~Wca)vhsVuzQCjYXXWi4zC}i^4wIP)CABMh=CjA$Vx=vv}%>I3Xn%=B;P04 z3lWb7Q(mRZlkbAxOG}f)Cp0Y+Xs)uff4qNuqzP>etpAre-OSnyUG-}~EpZbO%ZjaB zqMWI>C^~Sk$v`=~Acqt_T1p%3Y*m*4&I;8AJkj;)U%Xa{q``OS8Qb{jHdA7D6(jGuosga7%V%X!k z<}(M>*@iN@GpjWAwEZ+!9(!3Z)6)Pk`Pog|M&0`$fZLke~9+8H`3qa1jyW^ve4 z*vg}vRaV>#(0yg}68FdM8nk)5i+h7<;27|{&WPA0;98!NnI@tOm41}=baZ0ipf8xr zn*HN}RcDA4LBpgve|vrW^(DE7R=+8zF?t9<&JLvY>&=&g-eN+aSt zHbP*tNeo25838edO0$!vKv)Zr(%PN&MXdBxaAW&p68SSz5ZvZ?Frd1670W{gv zMG}KW1Itu6uWV!|`a%A%f!DHv;Gu55S3Th}LN%F$`&#ek44!?ST%BC>euw>6D^P(; zn9uU_%`Il$Ej}quf@X$*MB9E&4H4fLM^p55qO8E{2iECP{Z$KF!j@%kEZ01E5tDhC zmpNf$KF)~-b@8CzZ~XKAUUkaovIj~}P0LzB_m~ZvD}t8RDH0xlAfg{y@mCta{nEA{ zz^4bfU5l+|9EcRd5X5=Nh5pD+b4&5=N$F=q_DO!FCFwwgK5U+Pv87Cv@V zUL16q!kV|+*z}jucc@Am=|1)A!47Yiu|P7+qSWA5L+`<&ZTcEqjyYL*D}|sf8dA8m zvR4J|JaJ7P)ljo`fE^n=4{az5!M^;ylB*zs!=Fhx^MOT-by46SnP+}zT`Bt}+N4AT z96|7Uxf|KKhFb|G*=XFQ6tMb9XbC9yC#pc$PHE!@57j#E+1*cg#p05kV3sVb3;LdA7sP8jUc}Za&F|x{l@ji9@ zt3=X&Jpxc`$?t&OA)|OAvIeNeP2~Bbmqk70IK?&ir3jf|V5(D|R+C|bUlEcF5={g# z4-G&V217pNA7~`4pxgH$Y%nQ?>R&(n?uw}De3cY@@YX>JMiB*6j9H>mN-h~H7}8J+ zfH+VwT}^(@w`-xEqjlSYXx3myefBCjvr2-%mB{aQ=9{l|_?qcH=-rE51D#7c9Bwp2 zKLc&E`y8asVc`L2z*t}p#R&?B?tr6zHf$-f&d82=31sc;fSRvGi?&|G<0nIo&Z;R23Crg*k0gGbr-kyC-%W}ksKXo*oaXiC_(aX?igZ@K=3DM{n zY$cx%;cia4AQUrjoLp}j!&}!WnS4lH7A!bd_>MUNiO1c;HaczP3}jJ!=on35L;fLk z{F8WVck#Sr*D?&;^lB!SH+`Z5U;=mBUWNLXXN4`K;^C$4mHh(GzqTBt&U$LTZbs

?Q5z z&Dsg}p_?Wnl7Pj{P5i!~EjROBirN$c!SrnrCk-am<7UrCMt zN$E{6$tjnDbv)}z`@gALv1XMmYbdj&0UHYS8-z-19R=lh7=<2Y^I2 zFZ2lV-Kj_rJ?r?5I`u=#Qj_A-tbP1H;-~&U|31(NoddIc6Zoig0-{0v`#Ygg13>vd zYdZf=Uu#{O{eOb@4(9zYBm424|1S_+P^K`WJW8o&fNNPB=C0t$Bd<|51V_<6D8tt3 zjy`rg)~4aUAVoC-HPaWc$O4LNdW>`0>IO{_s?HD(5^-yk0Y^sBy~n8zqTX!QjJ$s85wa=gT%kCTKjCVTeb-@-_@&Nq_ts?9lkR|~G< zy7$?7MVvXpvdauTlOHV0zd_#I=erEC6n3mirzAh`mTvD{8<4)6U^>m;k6EKd9zyw- zpC7!sP30*pcdkVnw5u%MymrXQ^>@hTrK)Bw?mJx9A6l8m@rR55F}q{d6%pqPAW-Tv&zTE%s1jDo#s(N_I4^MzZB%8JfH^Ry0~J` z+Z=z;V7jD|qvwFQow1=slrehpd0JRZm~o_D{klTd_1#LYwfRs39pwgfdOjhqR5Mh^ zWy)Iq2Dn0w5#^{XG&XXJ+{cNX*`dP8wy>}_5?0mf^77Kuy|is4bEG+a<)iSVn2>la zA$uoTPsXehXnFJ@SNZY5mL=PpA6!ePO%Q zJ)C*oxvF{cENW2@JR=(sJ@VS{eW!2ILs9Oskt$9o?N~`s>M5Z1nE=ja1}E7rZil3^ z{2~ZiNyI2l!|%aHLGL?{Qy42*gEGv5ZyZWh9s-QKcFk+=9zIsX7ICLr)DIqmlU{-9 zi>fghu_G_GhFUnr6g%t2>d#Ksc${jy(=sWk@3)~3#edm%!N6M>9*E%hY3kwc5 zrVZ>nOSPS@H>a=Q6<^`#YYgGNVyH^(EsUfU35tVvcD!V=+y=+{wZOQ5WIO$d=uD17 z$KhS3>t)KmNXdF3b@^~Ou}aa4rW&|i48^^a53|TP2W+v4`>t}?qqRj>(oz_L-jgUgMsa3nI>RU9yx%!D z+9S_qph=7k<`htGsvLz3El~Q&wrn@UFMy>Qy~MqTI-31_M|gD1#WX!1tdhh3IQ`4s zjXQH@3w>!x8Xc^dk>EE6e#JN2p4&$%Hc)DJp|~Y6Z+k|Eh9`3!37}Rh)58JHZU;BhG`76t0aByFHVEm^3RObrh>>HpL8V5UB(=9`l$gZkg zAnDjHSWxJAmvBbDF@^A?Av=U#AE+QsEi@N!rYUD1ZZie~o>|@ta8P#W)znbeN?B_u z3qybo%cl6Uj9b6`ZBUc&i>D6*H>|MiAakdPYQ9`6twG#4 zNzU7Iz}rx1?f)b@sXZQ9gxP`}Bt2$vkPTfh?>Tr+s7jD(Q~$SW-w&+<1o*Vo$*K~B z&j8TDKy_N_NW=*rGbDj;f;r289Ht8sBZO7XVH;nBWtGrk9(geyC|^@D)jsqYGO2uI zBxKXv`iF{BvIO$M*xFxx&7*WURZb{F#4T~5`b!}xa^~Umsh|8+?F zJ`DBQ%F=3w(YDNZP0Jur7bpAD)^vxaaT&8nk(dIQQ@oA(T63B4M$?d?C&$FIH-=K2 z+Ix<*vMqwsFK2hAm=s)hhYD)8p81W@SbvE_{IJ(>_g!B8&v7awT!V@fvH8J@j1B6d zVjWyn)bYyt)pya03vV3bB-#$tL{bhU*MoUs=@mKZ(YT$Tz;)G}KI%&79JPC8ZQ9!D zTM_x)n(>|r%@)wUo9>t0_t3pTX+^5g^X}r4lJBHU-={S(OKp`MG-Jxg^ddiCxlN)5 za^rcX^W?g*C>Mj+&hKF+4(={T-S5!0bdP`KLv{_&MKBTW9>msjO@~1?5mku1?Io=e z^w`zn#2{lZHr_#v@53|Rgr=P+@UGj43`pA1#{|G;^?h(4;ytQ2f4uK!Bo9&*DmNI# zgKcLOsLFUVh0`HI)uxLIQjWEP!y~i2-5NFW#|5*uY&vcdMA@cD>o(Jf<0{tDm~1fc zR|`gqh3_L^j~v+SkS_uYAAR}ov7?7_GtjeulY!5vh0K`;v^ape4mp|5ydlKl-$vd= z;g!1~2@<@dID6<8*;V(J^`td=M}*s0uBzx=>M5PZi&)K{bOYRJlm8~pxo>5kWu zgH1W3kXR$B5gyROKYKwXe1|4Cg(9ZELmDTHLX-JJYtQY1A6gXfiTJNMl=!Fr z^q_xy%0u&Kx5WPQqyFJJcNu*9pI_sDU*Z3`8vk~@{m<3-@4p%^iB_6DUO%+dx6Q!f z>>NV)r@QlBV5Qgj)L(rCzBXOOOSnZ%YwE@TfMp!Sm>#o#qVwuMBcuH1da@ALX)Bu_ zTAF=oT@44UzpbI^THjwhV@VaS;p{gmJ$1V3viwq&!X5ooC|K$z=-O+!cWbyFXkiZ` z?}pVfJE4pEd5YXy4BbN6T_z<5hULTb?$7SDX}wc(sFgouLHSy+IZsimwIcIk4UloQ!XQ1Y9O-fs8IVFWzDJY>C)Q(s#--%sZKxd zNZBes_x`j=#~}0KH?W(f@494YIStmJ*LVNW_K^#UI2Av%ZZqalRuLTmguNJLvLH5_ zD{rVu6LggvakCcFefQW|rkP%GMX2o#U?jT`hYtI>gHU&5A{nQ2C7+a;mgg3A<8F=F zpPaO!zOBvJRr+?~>`WaO6nJxBPsSHbGlb~DsWbCYmcR2ib+G1&aBqnQRe*D#T~nt7 zh7V9i{ChPDta&Z@Gx_g}^R;3ePR`=vRSs{y&(dNiY0JBO{DN0vOkV~NB4`$mXlo*{ zE8%VT!yoDG497cbJ___uhvn|oC9@e|x}QI%mA%dtuw&I3OFB?SfjJ@idenkdl;btb zG|M%mNx0kq$|uHB_NL&UkZ`R>UFS)?u6n_CC~f?*h|m%WyNih^l`=6+iS#M&FR>J<(_6BF&+_+6brJ{RcRydMCcj@ zN1guz^Rlbnq#oo&9t)NYAequ*$iqJcT zdIF9@Sq9lF8*B;2%oPto%aIb3#>Q=PGD~O_e*(e@k}H|1JfUf(?2x6=PzE_zc{_T8${E*5(m502p zlB)&#d&xGIs~MMHkoU_JDKTbX>#B54_$JP<9kiS;7Q4h)rSPWk-Iqi;61-S?BV#^1 zMm7_2bcxhGtlNXUsuIt%WS@fwWNZ&)}CWPyzXLjv{eFJV5i&dd%(Nb;RA@!bIF6= zGgtS?KhjqW>hcwNnL7rY-Ek z`iq>YTQ;M=@FIJC1~GJ~u%}^F^33I_z}p6Xu~j99;ld-utoHe@V#;P~zf{c|KR=V@ z)<|E|)5;_L5P(&l4@ueI6mr^$Vk*#|XK~R28x*zd|YD)ch?+x{fjTjs@(!cy; zJ*Q93i~lZASZB46T8zFWcdUb!YmCXi%5c>L10n{~S?sb4&h(L8tTSm0uL>|vmCuZO ze@cFuGMuh8#aK<`R`M6M{Lo^OPv@T+E4T-DDRqX zw~HcTtHdau6ND+By6=Uzhra(ld)O~pxm$HQwhyR4mXnY3!uqYB2jeV?u9Sr}$&{E> zauHFIxs60QhoOi0hp*P-+Eh=m$-x8GOLNgCT@-nMbv!PzPiEovQa#r5fV_tqJMli>&PlV#)a z^+5Kka_Xb$`Vn(#*G}c7WS{g#P0uDyeFA;MYcx(Ka@v3&Nmi(61S_o_@i{b)48gRa z?`ir{m&Bx;O#VreJ*!5nbGku$sO``8P*#O>muaCZ5gN@@{+1ulUJC1gkTK3@Ip*$^ zix>C6;hdYwv#Dv0PPj>;s`Qh0Mats`JtKbEFI8CCxqEViJM2l#4dXe)Y##(LOW}5| z61Hx{+DYdInv!F}JFo5xv8n}}(>rQFK8&LZeW{flu@XTyql+4(`NUFc_t=4MF$v$Z z3nj4YA6NAbzGE!b^s-m+KwTIC1f)f_gt&+0oC+R(_7&4t?nzF+OYb!w-m1a>mHI=g zETJI{*f*uNX3g3y$2^l&2i3*YbNM$iY)fUxB(}xrJPebUssI#XitdM-TTfYVNqQR zX>;>8Ty-w9N`~=r?+PFnG15(98;_)ftUX@+786S8bkrZQ-P=$%_{`7@b!NAcIU3qT z4I(5k5Jh;J>3n##OmDhE;pu1Daye}8k#>~#Q@@ZEJ#~SKunaHn-k$LTYHoy{9p~rQQJ>PeWN|RbY)^ zxxg``M|P4yiDaZ~q=vHTcAb~} zR#P?Fq=0T9AepZq(W&q5%*@E)cA7l&!(mvX6yDUBxfM4#?gjEK>+HDdD_1U}?$GNk zXN%_5S;}uH-$otMKIKXj+<-0!x^N=hyIWN{LgZcj3BQmuj|Iv0-M$0m8L!uktj_K) zz!1P`01Q!w9J!gIP@O?pL3{?xTF`RJhTST@B##+ZFdva#v* zOQM~Esm@@V!zFbeDB5t`vivvr;uhM$!h%xLI{k5Xqo3NO$)JV`%QSQL$+QOGpWbDf z?Mej49nJ;aE4wRDT@o%qn)&Ke0CT0V${c1&}jvy`dr?b-cI7R2^Spx>trIPs{2-A|9HJo*{|2X^PNy2>0Ogdv!YGi%LJmyTJ>YJ z4zZkVs@e_H&va@&UC6Wlio}$+oB#AeXD|`|@wh@jK6_Yv*)+FfQ=X%cS_|D~80I>- zV1(4WPk7c5U)@I?c_+4LaEyVPjd};p?0$R9S#04n;=`4=%OC!1$8~sm3SLrmrHmQJ zIxTvQ*M-9`ht{wAyQJ(9*7ETm@0GO@xc3p%z;*n@uO&gd<{6*H5 z3hy@5%A9X#y$;6yGPz}vwe$jD5ggXgW?jo!`mL@57{qMhALCeMBW=@6;5x+a!#>u` z>I9&aAzR??Fp9$JVpV3_8G(buc(st>aJ^{}F32_V&RiM$;@E|RU6P!d?sB(mF z26k>J22!SjFEc?`%E}%^#-{u;aRUj=2WujLfb_^Smg6aP8FcQHgNJ_w+6d+lHs+qY zu=Od6=252MYMOroA~OQ>zNU8CNUqFxY*gfKW%t8^Zw{L;a)b4*}w`o;;8 zFL)>7=r)A^LW+v)KAZCKZ7FlSk-kju-Vn%+J0mbJIR*i23ovQ z-$I!QANDNL!zuV8Mc+>U=4GJ_xuc{&e zum*nZFNJq4!~iT;ODHY_>0b6ovV z8CTBL;#nwHkV$Zgyr<8Yp~v3-C8*4=JXmDyf1v$o3;E+{pVDNsM17Wi0N@n^6T3`% zT!}+BI2RaQo^=_vg)-gSY@~OuAjANFwsp+ggB4$Oq!f(B6FmBF)?;UZ2+Ya2Q~#wr zK|zCS#GDnxP=#+B3Xv1U*6lFb-+{u3?;!Kd+Nb92It%hdic^taYd8&b5mr~aZC+qQ z|J-kjttu!GIUH2Q>1i6H2ubH;oZDMjq!+{#Y)fiI*1Pti(teQCTsWbdrXZd5ppzaK zz@Dx$ptvsDs`3qXtfAczEWNC&TgQ=fvQ1IWGx<}NwV0VU_1Zq9&*3Y7U5{xSF@4-m$ z9%$C?Smk*`(<~^um0u|}C0l^wrUW`D3%oPsf}N7=$F7Txe(yHnF=Iyi&m8p~91*8MJN=T(;t zpv1ZszlKBLE`_SaDr!KFU>ASR4L*yTZUa^rdTfpmlcB%~Eb!I3e8l;)j^5-RUB5I{c|p zwbo?D1P06L3urhc=J6|=WRjYJ`g7meROiqtgRZfxg-PU6bNYdZRiJ$RL|`m=cQ%n( zRf4u`zHqbCEBle>6;GopGs$k(f1`dJlIQ;4(vg2lfBgSVd;C|60{**y{vXSI-_QOd zLaKEcLTyETqV4%~+9oU#GjbGS~?#N?wej-Vqf6 z)y5;TnJiYpQ$L=(qgkt30VFr%0HM*syQZf2J1hAozegQdW9qZb$E#**WI^qM1^)2| zE~jJ%6YKgMC3EEnAu~3DdWX6S1-${KE-)<%rX9`@xC1ht|CvANWd8OV6m5QgoSSCO z7;&B#-lWU2P!C_Edn}`*^zsNxVqaCrWGTbAx8v(FnTxCfk58gEZ?r_~U^O zavJ{~kd*Qb=j1>8`6t?gb`=1tj4`o50bUtx2quKcE>8Ue`Qq3%kUQ`hci&= z9q`*_2sWKGE-Hwo$Ze&~_kEdgHD}>M+)RXpY}rP=iR}vCZK8J@7kOejP%V z08dwrYzdmJE~9pjj*Sj<2NbZF6J`@({oSQiS;-$!)$9I+Q#O1OjAstTsa&%v?pq-TDfd+z0Cun(p<}JsSX-jjFYJ1;@%9YyEyz z#}@;s!oha?b{-OK^7t3$goHTsCmTwgg8C~bjng3D_I`Hu{2Pq7z2fq@ih|~+Ep2`G zcvVe%amB4?irb42`g@~8&L(TA`y;Q24lLt)_h?)~ugRFB*7;oJc6daHiC6h%eT$MN zu?_x>{_kKw&FwsuQH~rH~sDnPo+isMK|Tx27sEV1+%5gvC7YH<=`BS0L}@OgK|GS zE!G+6WNdsWN;GgSDq!BmOo-`RiE|^vlImhxpMMbOU^snm(5!`sRHN)q2aG>G-i@rioyce2c-6v-m`onb;Ro?Pti_ zDoh<~GA}KEm(q~oINlg%Zh$@(SL-y+{e}G(co~8)kD)yG-Orj?3KxgTa`v^H=S?>g z0~~brOdLw#H9oecH=dO$)3j$g7~s!dpgJlm6anJIn0R{{S6VEuOEl{!BEC5rNtB4& za&r}*7B9uJwRd=^R`@YpwTQa4xVe;W4RY=DHT!774faM^M(JD31@bBX7v9{Qec+S? z$mO6UWni9?%*!D!g8k5oRr<30%K5xJ2OPX_(m8BLh$mviay)ae#sB%zlm95p z?a8A{uG$%!e%ZDgmHWt!?La!_B^&k1NPeOF;EII4NV_-Pal|;TeMdid z-8WlobT?dI^*s9cp5vR^2d~|WS|wjKV<~%t`~Y3$=sCFri+JV*x`FP&f zR@{2!gq!+o@@$$5$SZ4J{JKVKOHS_GP}=F=hK>{;B*ouaOpGG`31jDQ9cW_ij9xKK zIlq_st=Q~8iwAKy9;J_DF|GjTB2j;R>(?GqWR6)B`+`hg0W`N4d?B{@rNw4 zW2E@MqS$~BnZE|kH=v=nk^R(n-Z;=qiF;hE(Q8Aza;gy9#r++efedOVDZJi1Lol*w z?npj}o|&$IZkO=&V9x+yV)ThN$|mBNU{7bJ+>$nxiw({6dMnJPQ+ROq|Ep(d?+n&u#JJh^jY_H)wSV{e(v>%4|-bImXH z)PoqAq`H{sx@(X>XAW#8%1e_|CPYXY$~8BrEN0+24Vi%Qv{qdS@13Dgs#Bi-(Ax47 z?z26m++vec#AFAKzASq*boyT_jAeGLjFs(2cC^89B`NVUkz(52)9qjrm6kE5U1Qjk z6WX14H)EdC`fgNKw8cAR7%goco!S8L{quo@+~*)eX4FTCd;T@38(AS(ac8C5^w#Y%Pd1;aj{TFAtD~!}{!0WFbPWXed|(uDznq1cqELjy7g2Mf zVSQnT{U4ZFllv*^V^@xF(ttXztuYBd6MPaN{+<#OC5k*>{pgwcF?%~P4c81ztHb$Q zS*QBS_d{@c$n;wucXPToAOzm9m6!*En4eCHL0-pB5ODyigI)YRcqmt)?@r~RmJ8`I zYiDQc&C_tnZT{G~rD*R}A1!R_yvA|*!;tLI>DM7^F*l0wH`{`lkw>WK;Iu=&^leA97CS)ASVY-*GPqm?5Iv)(we;+ z>DUsJ;U3NS>ZAFNH5;E`%nVuXpJLoV7_!l--@u5{EWi_aAEIL8QI=sjy}_ED%@L%b z)*wh!r0Y((i7R@8-S*)@T`Fv;e-)`7hU zCp2-cNRc3;R(VZJ){DYc)|eVMYc>UYrQM|p*T`yW63c=L7&FA{?hhH;HjSa)ogGs9 zTpmlu)FG}>Eacmhg^vwHjN6y3kDe^1i}w`0?X(_DAM4%d=T;p!7M-L!>|0p+QxWIIT)pCcDkCPur-EUOS* znIi23LT1~fH6${K%S9GP$Nlz)S3|fu+xQm@^j%eNixB(eilBJPFLH)z73~8b0jg|9 zFE2@40y^rF-k!hkTXN4Ln~2tA=Q@zj21RljAa&Gqkj8+#-BdS42uy(h{i<}fzi8gA ztMH-v{~;}}xN)wLFqGpLl5>;27&IEJ_&enTW0A@c{9r&0YOUAsT4R0DXQ#WAkbP!% zNoR02E*kbp02$7B?}xJ;M;U$2ctg!+Y7z4~#hi>})U2oq>x*&!r1?_f7P`dj`9ndhAdUrWtmGteh|qSN~PU_09c4mw#E9&StsPk8LE2KPYf zBTji#7IltBy9bu3PTlC^-7=G(5X=~w$s|lgtY#hwv@x7exym>~T7qgXNIt8DbS7Pn zo@nkzKKt&KN}D$^%pI9WUr*$gfjWtgjKZ)X00+i1&Y*mCoO} zRNOn)K$Mp(m!8z8%Cgz(K~K!MiVMJ}N{rAd@c^!_eqhG4gpWsa{f^74DuHt`fwG>6 zs9=V>#C)A_Baz0ddeWVKB-ZL=yxXu3Wv1TB|?gsY~evgsR~VCfwONaQ+`uQ%*Py(yG= zl-Eq%JXBA87DU-dAH;11WNF>NOsasD%6BpY?`B{UKU2iLjyFPY0qH9_m9!*=9?LG* zL!@Ks9b+o4La!`sz4a&q57woyDenE>-Xmy8qn)PwdwqmCL`z|QtWd_R0&idN&IM_U zHA5aP_Fp8{qFK!HMc#kSk?Gtn7eU?14`oA=fUxZPjqgCAYn1&?9Zrh!Cd8`qXIYu{JVEl(0UO5P*{h=n#({Xv-}&dT=2>cQgWi;+_zLy1AoUh6tvm*0F5Q{E)|3|(iYwr29jM$7h??&LgL~W1qYuBxv>=6X7cXK zqVny|(CzMhHzHEF;jgCNZf~iZsQa1ONNt0V-NkGj_{eH7y`H+|AR2&eQgU4}(v5Ak zHD|=-MpGBVSGd)Ye%8gZfxA&9PlHX$71<`QNW2voPD2tFt$cG1^8uP@OL~44y$T)> za=H<<9AmW0u&I`8s^n>(i(|FdvTSj={-;^DDQMNH=a0jNhJi$QqCt%y)2Uqi*Pqjn zdESWPFZmUQ$QPra!aXvo$lz84GWN%HVcn!fzw zIORJQ#kzz)6--$r>r8z89lfqa2p2&z6+GGEbwMpI*@qD&=ohE*;lCxFzYH zj4M>c2}h(0gE+cH-o9o>=px^}?#$Lq_vqM1nyIY2T6Dq?B?^Fzi)8p%@@X-myRgdC zT0SH>C1d*WR8CL6FTm-*Q02B$-wmQJ*QJ6~Ne{0fwJ~;}UX!1Xz1hu!V`DyQQa_lv zG{3-)Us4)OO=PAF*(I=a1=iqimDR=BtF^1j=Dl7;0T^-VpRR~58|&2#nCEi)}Ex(}T}i z|M?*ypYKjMH%@KC#BVm=J-K%mLYw$mS+Ns8+9V7+Dmw8{(X>FIV73RgKi$qIj*B}l zBl&KOiOsyQHIa$sk^RHvX4nqajxu1o*ycUlQa|YDNBQ;` zFmLB3%(hY64yrl?OEn)My-C__zqvBSOOcL#SRe*|XPL-4(2U#SMMDn`iU2h5b%s_b zSpa-<$ZMZ>td^h`!<%IUAv-rFPh|%K>G}fYv5NM5d*228R(I~~H+k(+MxqvpI_m!{ zxJ0lLjS3A9E~q0#%A-WiFBPhBjOpV5;EMQm(UUuS{t(ffqK*(f0PcXTlCiT%xY+_j` z7?UJRnr)5wBg!blZaU@_IOgG#pas+bPCP@OwOWZKN-?s?xMJ=dgN$`=+fl9&)&@SU zSxL6R7A*QBpP9qpfNyPQPB~%g%Z`-=D*l8E<#v@CXLV*CdF8WVQ*Cz2;bxRwU+C)w zZb=9fNdIbc!SY?aV3F}f>_Bbu<&*~tSHF{QgnIlB$cqQ0m98*8_nV_PRQObWVD{E6 ze%i(l2qeLz(&y<1%Ad=L+$gPa#+P()HUC!`q1MG+LG*B}X!{PWMP8WfkYjFLurW(C zFL_JHM1wN6ESw`aYE)?6zR`T)ah9K_EQ28-PhuoDsQTj@#YWy5%-$wvGlaxZ$z%e~ z25YUrM2BB8VbOuMXV2iC-zXO_X&c-88kA0|l^v8NMCeF~92cL-V|j>NqQt)P?YSoT zDJC`j{V^ZMf3h*g;ZL}3vAL1y{J1P)8iw&3ujpZPgV9Iw``7Lbr_C?zqh4zUsBZGn z3c(`w97?BP86@1N@-COB7K`%j_VXfe%ZYd4cm;PKC_4m;QV%!WJZ<~op8>*WaG+K$ ze2t3}u8Y%$8;v6c%k6}9l6d^K0a6yffQ)`mh#;R7|E3f zs4Nhy!KX-R1sWsOau_Ki*~C`jZmIjMd!%el9fpbE}F!MZYxDCu=z zp6W2{B*d){1kY@DO#h)3Yn^Wa_7~v;ckhF_K?`oE>h73<=YrXrT9b=8)&UlTK(T(N zeN=6+eG>I=YO8N_%CunIL_zN8{!1AGZQHa1pD4u45R z9A;EqiMo2AoZH8& zMBY3%qFIfsr0Edx$~}Z_Kz_PHy^LQcL4Ma9^CvygeM~ly-%uQfWFFqsr5?FK!1!9C znWw2_%l@Q8C5fJ+e4q5lF1x{)LW!Ze6UE*37H#+qm|D0AoB&!Ew-R3*(D5kJ({yo3 zN+tI7cLV(^kr!ibZ|Y}8CW@J906qJm)sh7wq5%%3)Xjl}81hQA(?ii!*jb2&v3Wr5 zfdc!6g%W1Z;DN9&)28_Q7;$_tRrXMrl;7t7<6o$pnlG?yP2TR+jkPJdZ~k|Zy)rrB z;%%23ZN`VR8`#Taf!9?!AgTPJ5I1TU6Zm{MlCkviBGvI{@RgA($(bVy+)@sdet|&D zfaNS^EVI@>p>aB|P~iY--Rxm)g@bG?L4;iU4Q+^DG8`Vvc5G$se&tFC&-u<7pE2on zyEKRmA2bE0|3~M_e;%r;5V6qW2n6g3{8`$rGDU{DKw+Zo9^WdU=BF*6JNarS^Mmv{ z+ftsJQ)3b>)V`HZc0b4YMp?&}4Y1O0anzR{izil2Jkebyue$+66He3+qx`#Ghzi02 zxNUdKsDCjWRmP~^yp{3+Y>-k&{p#Cd^#ue0ogC~A=-4eEPD)n_@9 zWVQSy5PYC`xL@-@zA7y({U){NZT+iL`xxhFnp32LI!jd%pt!<$-?C2=y(={OvMU+0 z&`q*!&Tz>^--bvBHpAc8w!E57pdX2&J?>3I-kpB3%(8+}gc~h?MRc#s6(SQ%S7@4e z=FB45<3~GlODE2Dfi%8MZT0WQq?n^Ut0#a4=^Em#uclb;4eqy_-3OnFAYIk&PJ*b7 zeEG#F2=;&2z$o$NpQ_uM;e)k&plkrQ2hl>^l`(&KvfaS4w zq}sFRIG_SPNIFIx$pWq8*qIhF_Zoga#fsncow|y>9QLo~ttEYCgo|{S0ka=LBm8+X z0C*-i7y_s39qO4=_T28*HQm{Dl`|9zY_LpO4HVJQ#kHsQZ~4Bm;4D^~weBZ@Joh^&xI;g=UV`eF0xP>D|tg{(frW5w?+UrFF@WbLUa>w@_V(JVre`@r=9FvLbcrA%F+%GCYEO+ zf>I9O+aXov^8>+hcnvH-PHcNhBYUAbuC>iuPKcdc-7*G-eLz^Auj>WP*)%XUX6?i_ zCV#x&Wr@WcoKjf)5eW>r)KST+?J3(|%2rk|J)S)JwozQENQwY$MU6mW(MTZ-{va z+?>~Mlbt)>mJE&vX>s(~K2^rq!@a}#Yp7=hmP39mFX5wAUbVS7p=EWkZ}O1#532L^pvFv$yt_>#__IGEofi!UI)AwZsSabK_j}!iU zOm9kq$8htgAr}+|VgP72OlA7zyd;~zz97{N3m+zs6gVT|aDHYIe#IzM-Zsgmc2FCf z2rjJB3C-KG*V1J~PmSsNKK$s{ZOs)~WP=WB0jp@nTC8a)piNU1{}+320@P&MrvGBQ zppA&&g0e+rQ(4l8hyo_ssE|gCTZ^n|8)OyJfJlIls3<#$KuZLasGx`lH2Y#m1OgEO zBfB6FlCa2{1SGtW#q;>pshRm^=3i&#od20RRj0ekQfx5c<$a&$x$pbBeiu7ohQYnZ z_#LxiPP|8iur~y9yQ0r1C~72X(;Vw;2VOn5-_0+=Nqjx)XnNMxVCR03JXv-1Qjqsy z0JT7%?*|=&8Ou97bVP(25k*WA3L4&dX^fXhkdv6J32fQbc6L?)SoDZCjG+W7sIdS$ z(~`*$o^B8LMfid7%;QVd@TxSla3bcl7s(+yT)S#+mLDzi3SsRbel~|?4AAq)4cQve zO}IV)`aW_2@7>xxTZU_nv1=A zgRuj!vm#=$4C5Jp{T4HBmpyF1aFiLe{QSsHaBe;+IYMlygH+_qAvg%h;uUq)Q18mO zGla-Sl}$KvC!EIu>f^PU>(66>!usS7rvPW}k(1+pq!;~om2mqTTgxj?e~9{#Jc|T zhsU(!_kcYw9y$HsLP6%g@Du(4);X&7-+BAdoe5mJ1>qxSEz-yR$37-eQ*JOx*jYlW znK!v^;XpM;!=(%82!+|R_a=5cw|4W{wm?ZHj^t9ySknE(&G^%hDnCk>)rq?vX;$#b zFCvyQW)~DR<`bR-CRv}p7PX4QWq-*P37t2Uz*36@yYt2Qg`lVY%A+23Ea?IgPpr() zS!69rO>EFT6G&nSd$A4Pdo-HL__WAnZ9Qvs&OP?ne^+_^|HkJ#S@P+X3~|@86Y5{X zVvfN!bO2-QBIQ4eg6Uf=oR*_FvELMCl)$R`j9(-<4*ZY@53UM+B1B3Pf&Af$14m|@ zo>vrhwlg%+sAXIzt_kuK$6K~&1+nz7hO%Fl8LKzd=AtW*VTxk z_gJYuQ8nrYRl14-)H6=DV*4)=y&J38#0DpkdLJmW-|i$rV=&B+@TqHrBXe#Bj+ zUpHqa<)h+Jpqs!jG46)n6cnz0cX$8u7u`U5k;tWX$F!FI={3HqE&lCSJ@_a~wL-LL zD}-?V?W@@R(--~y#{SK9{`-pk%Z>T>J@)rg`Hw~EEXEz`VqQwl^)Kx&EFiu7>w?3Dtac7AMXNx{BH+9Dts@MiYf8~z}mFIf<0i~ zSeu;^$e;b4&plK3a$x#CX!?7U6@1QWO+IWV4mny;p2E`e3(|_67GTagf!+qYS>>~> zovg&hfKkFpD&Ij@qeWcgsLdIVeatosGI*-zl*-nx2Z9B$?<}9c{Ba$5)|OwKfGNk+ z6XP||F*I{t&DRIjANv{+upauBX)8x5TKo|7Bp5ZTXQ{~VK?wv|09f9AFrN%Kj!^N4 zOi3Ig8XAs$jZ4*R6>NftjSJVS9~d99nLj#6d{edFC+Qk_0)buo)5$2b!j7kDy1Mmn8QrCgTvnv3@ z5_SryiJsjW$c@9Fj$aYq?ZU@>Q-}mM7TUc2Teh^USY_M&k&^y|reAGp`_E`@OBOGp zeP#I;j5zux*<%~$*LahT-Q5-ra22y}o z*gni~Z21P!NEDV2kDj^FI%$I*x!@V5lAza}+oLP*>>>|b*KzQb*68U0Bkp5juTu|3 zop$6UjsbLkc*ftBVoT# zp2yYRFOWFYSE&v<54w6>UZzxvT40ortsZWv;VE*#Xz?G5D)>6tlkpyeHA`s3CErnJ zs`>3Lg9NUD#~OXOpB|$rs>J>1at~CutMnmo$$tDz$GQ<&so1O%?-?H`y}c-+kz@I$yi^j^F+UjJ5NyVQ zh&D34BmXk)nX9v@;9#8(FaVt^BZNC^l2n`n9rrq&Fr;ByUeA zmYHx8o(cz3`yq$sn;;*r@avl_q$OU>L$3;I~hL8uDqDU z@O*#xYxupd(45|1_x&yP;k%;SNF#)WJTOX()ImSL2`lZp4SZ9p`RoltjHX1DyH)ou zH*t-K+5s95NLAQBHZrblM(d?asXB|U>jEPDxaSfcq&wn6pwC?FEsr14Scv_1<|i|! zhFOlC01DMwcSg)Zn+^}G5$L6At&(s1fH#4vB=)%ICXp{jo#C}?WAcLIQl4Jho5goM zdfpmOY&EJDpAdn5o*TVGU3Rd@h)hkug zE^4{!989)*VVKiK=6qb;iu6=Tn&9@;!=s6tE;Rl;Nekn_HxEQr4~7#xB{o%6I^Jyf z5_Jk>Q~G%H@z6=Lpcy}4*zir^2TJ2JB80NBe&x>?pkC`2V@p~BVU)3DFw;SF$V6oL zb9~p0JKYfs6A#3H0ezl9Mzw`8*olMnW5h z=n{aE2-@LjQ2|f3$Vj5=5L!$9kt)R%`PWQr98{7`wwz5pJf}>f#590d zjJ+rT^%d&%vnc~L#XsQB$nwEbe4t=?^!bYwyw#Ao@0ZK{EkU4zyk&hM zf>k!Fb`9a>OpfErMjuSb;UCdbgZ2VK8?p@3B#1$7t58w>++JYolUK*MH^&}Oq#~Z` zoku-)1NnrpZDg4tb$PNWLIQFZxUsX`!hn_HM(kFMuiQ!)lbGk1*-L)f66OP@xj_+L z>cOXw9juiT*m2Zn#@1Dymt+M5Qz)m&W&E+kQr^A=$3H0?`dX<$j)UW!)}?J5o4G7G zS$79~SAJ$P_5s_i9^Mz)MlyX!jOz>~9EJkGGf&C* za+jzW9^6u{m^n(=BRwZV&x{Uhc6{aBqW>f!-%WFzhuhe3mq&X;O%T4qt?cW|)iudo zNJdht0nTh8Q=wf(5-@xUy+32<5KNTS47@>i#*N$~(IOy3%_?X=a7<-g*Cj+?34t;7 z5!L$!J7CUV+xHfBH#4^Bx$s?2VR>SrPtPvP7qC6;bGoF+q#68j5RhH7_8@w|k44#L zUy-~6R&JMwunqvq`*S0L4O2R+6C1>Nm(;CHOI|YuysA?t0P;S_D}_A7(#v+sYfF0( z&~<|fdeZcJBSK>n>4`e^o5Yg@8G?KqQj%Wk2i^e`JB$I?rZLNbMzXzCBZFYz0sC{pBb^ToXvhY z4A7}pH>E(eCW=he7Fhq>wKrFXeM# zt2|EML2tI>`N9{KHIC?Q&~AQuWh?Q^q=Y>je%>t{GvD>xL)15m<;`k}@ANQyU@@3g z0-9@)3oZ=ZTL|CcM*7emICr%=d6?&?%iI9_(`;}MqtBpyVT`f02QCd~1ORSVi;=7AlZpW6;%1s|FLPy|Rh)!!o|e!;(+@RK*Kx#tdM16HP}g zn^wkSqn<&DCwu4`pD~}7BTkMNV)I;yxhOKU3}!h#z$okC1wurs06!ny1pGAESi(+u zmqt}R12!-W{p|irSF_IA4vWZk^~)fj!G6xGtUAHL&y-eU!k?Gc*t~f-iom!iEMo6* z%6*vHPP}VKMT9jTXv*%wm>Mw|CW6=(<)R<`E3I->cQiHFSw7erZ{vNUE%?-dBkM|# zKJ3q$&6skNR{vU+w?>7?#@g%ouRcL!=1O`UECs9odf|jxrx`3GJWVY;IgUqe+l4Zu zT!xhu-;yii3V1yrV0NDn!+-obTcaY|6{dziE7EzR{YYKSZj5$rz<=olO3$ptP=NU0 z`8Ca=kH7>oC(Lc4_uj7{QV7~F?>k@BN3;E-)^WBt&F1!EK>r>viSKGlY9`J;SNIiz zOU_FFfI4J}-_0hMQ<1TB-TQ~qcqc@4xtVudk^91fe)Bx8itf>d4}6?^eci;yP(LG0c61IIZt&P}j>a~1Kn^cwyGI@I zlN^SAVDm6i6JOeK{;3}2QOeIl@;%e=JOObfNaEBlWvuv&Efcyy#=C~>l^iB#18>G| zQSn{EI*-P@X`-eDdXu|vrgxdiP&cL2U)>B9wj&k!cr@KuM%|}HxT52uC5}MP+KKGI ziD0u7$%PFViT#OdC$mkv5sh4qsx$P8b18PVNXgFcW(sR(WxC^|tqZ?%SQ#GzCf-Om z+a{?BHn4n1#Wwn4j|s?1NdEP!?2toonXFiDP)nJUvca(fh<2K@4}dD?0vC1et&tEGE$Q;%$&`9DnMmlP~h%2^`Z`diWCes!y+T)a)2CuW(?|$5}0S90%t|aMbDJ zUZRM$)a$Ixpt+BzkUR`Tn<(7JSlMcc|9hTTY)Cqy&okGrV`XSjr+_c`sT-k>p&?b~ z3sy^Qpb5zVV#CoWK10p!xnEeOPm*r;jj!mkR^x0hs!u%FEGY8V%_%K_An$xgqobGM zPfhUH3#Al8M&eM}BiH6j1l4Y2nG{_#mAyX^RplTsJ)+au)duRsR;}xn-w|XwHf?>6 z@izfO{tZvP8GU=2hrG2Cd;8#J!hYA~6e#O*X*GjhBmYnb(45=uH8BZpLCdji-|fI% zR#P_WS40zHcPN@)sMJ6#8!r>7G=Sy%C_C<}wrgXA_%Zfqau0_hPPDET6q(46?+;ID zfn`W)egf=-a0y)AsVhz?5&gP?Q#>z}W~+;SZH@-$>%9_N)Yc&TaeH8}&bHNA6(lKJ z$nHm0!Qu!8P$ZW?2^qnvPHU_qTgJ~m5%tBy6H z=27v7qI_3pLPvOHC0of!2z^YJiu6Zsk)9KdeYJ!MON}eA>L{M3vgs$+_kl%(e!~oL zK!z#4x`~k?c_(EL$>(aKh~gy3Sww9D#5f{YTL&;KIjrMG)bC4Ygp7OgZ2;MyzCAs- z1#3`1SUDYxlC*fYoOE*|>F zRxUT_xhxyVhe~ru=d>uQ%8yc;+>%?fsL0`sPb{v=1l@abh>8M7vv%YI9084nIN>P2#|!3G$O1U(3uE8PP0 z$c4zu!ot}HAaT#enH$y_IBROUXTDR<0t1u(KjkGAMKUbHsK+ zHi>Qw0<8(#dZgBmL#5iq{@X1n*&fMqG8QJruAHFO;l2lXMEJxYEb+dbpd&+tyd~s* zS76#KDQ9d*R#ATX4u8}pK5#6m+@B~C=-03^#)vGIv~0f26{$$rg})$sO!Q($r(3bW zkG(LWfn8sDDBFN+Td@!twT@@)o0F8a!Ay@a|M5GR*oIgzdrT8n>Rl$W7@Qi`r9sC< zY~H$>mwq>2W{xL{G@CMK$|mEJdA5E9JbT7;9%VMuJ67T$^@GyN(Lt zjfPCPhGL=}2`7E`HIlfDedVUIJci9yl$PIT!6Fv0pUAw~z6SQEEEgzR1cFUoloY!{ z$fj(A=(8fjIJnN-{P=L!uQdq>2J5bUC-O>CpCga@X_{rlZbqx(aYFd4D7y?^elLcRSZu6jv(xkCD3={4~k$+Y0gD{mM%*( zSMz=8+j?_VKTlDG8P4r5C%-^u?O|6WC0e-YF}891u$7RrRsNB>5pfWILKO2x6edm) zO~l^NR`j5C+5pn{yClt#pEq2k@K?&har4p5Z^iLsElnsm%_-El1s3`O!@AsVEtCI>u~ z*IOAT+UQHr{sZ(hA`eKRiE-jgR=+6+op$jaU}YcreGgeoJaA@m_O z3f&wcXNOt!KIf^x{B`u|AY#tc$EZBpE`ceYv;VW)*=^8{Nyj|QNJSk&-7;59kUH_O z0|K!3H*OW8-?BBJ5VX)PAvVr}y#+J?5BLH__{FMpc!_J_+XYjd3kG^-WH{)trN=&3 zh(dyHvd%1M|4j2ZpUU_G)=_J*qi}|*h`egV-T_L6u=`WB4_FCLx=i7E3E~NSL=-K4 zSB=?M*=V|m!b2EMs;rlP$X+G1Og4a`p9T;PW}W@h&6{%xA{Szu+`I0dmU9VtBtJr=%cL~bWuCEjzvBpKTr_g_+11s>4zzNMFmUFP!G;M3W^r5@4c zx0)>#Z-m}RPUG!mPe4rqAJ}Pw6=EEP?Xh>I)*!mI&<|l^RhONQOF@Yra)~9M`7@*I z!NG45T#E%qksDP9>8A?mq(9&Ssl)}Moyrw6|SR#EtXSS^c*XsTOanKiR`3$o0ZRWvVAn} zW_q)SK6@_3%5>XE2z-&5OJ(++(o$KSjWaK68)aTlJtSu`hrlXJ;JAQKxAYOEA)(r}e&E88V&)bhzY4t9vU zaswfHc4yIKZ-mbCu;=~wRh>7qk(VS&%VCs5OX`d_3&@`3hh|i`Jo7Bjk{N(3Vk=ob z?MROFWCf%Y$z^Yt*4P;K$Fx;*jgBO-ff&B6j*+gHI;cG2h8kPWGS~7xpjRARY$%H_ zcMNM_l)@S@%D6OJT34uvb-h(!otPTsFGOSayEf|_(It4|CwBF{KD+8a%a!?8v5dR^ zzlzZm@P;RydvCN3DPE-7F=AV@hcTuuclN$WNAHIZqmIEY|1Sdcf(XigWt|ebOH3N>C1LPT2yWi6$bs^&X%)8qpvZ3Vw& zvvZ?Oz~`a^@V`&DoCWjeR_u3Q1U0Gj-RyLMm987#o`bDAZ)zUy=HU+Cc)IIDL1W10rlsId|fI;Werd`X3 zA&?-3I<^sPG*#pw-xZd8LlF`hf(g^9D{BH^kOAlg@c#lfNiOqeVRh^kdQcM~8U#*R5dUU06?pGdU%P?(vS=oy8G-$q6fG z5(_<0L9cL5Xi=O*o0YLUT$hB>O&uSwM9zO0#>FT{f*f7)h+r)gz!lsD^MKVjqm#gh zRcG+t+VN2HP>`1Dsh{GG7W@vBKmS#uL=lli-^mbF-Gke}ukcNL8p}LDGw=16;1iUa zcfne2Fa0!1Mhc$l^n3&etK-jr)mRyi96_&#)L1TkI-Gj>Phe@!9$1O|GFsbhp{ti_ zQ+3@_Hj$w>k20v&K}lr<@NSBbyy6C#CSNhywSJ(8Q8ei{VRw}NoLl$1gJ!Fr?wB6Q zUL?CP0MJRRS#&M=JHmFM6X^*EW`oBMAA)Z4Osod%Z#X(MXLg4Wy;+88;hSAgVzFAO z8&|{Az4!ut0zy~*{v0G}>I1C@kTk0(Le_`5FwI^R25^a6?8M<>)?dg6A=?^UQDv*6 z7=Pll9V3;uu4Q3jrDZENu!I-xeb%OM|+?((c; zo5`@+^t$I$)N7m@x~V^VMe4pD)D;$6-F$0qt|sd?cZ4?rpyszyCn`75#k<~s>H#) zaqeCdag*w)Kh*P{MblGlcIN;^#P2mQZ9<2~DxqORlrDd#>#T!qZ}Gu`C{ss7-%={k z*X`t5T9#hFgvQ>vqVYjiEZySAFYc!_*IJBMyuNG)i^2LVl)HQIns4@B7yQ+-Vd2nb z#0|L_s{+sEGZb-7BNXWt^Lm1Ajp#*tH4HMEJX;%(NEw z8i;u81TsZYOk7EPWJmsKaDxt-nsN;0+<{Sp0+@_)auVY=cx<+Qc^@s1XP4HbP8F77 z@hU*Tv~6uOMY|o`VYaExAZ{@paDWW6z=Wcp_`EDjZY13%?7Ky~PzV|F(M-m67vHLL z%07(mbvJ4%<3OEH`A% zUO{{iO}RKFNYBZhV_zcuZn_z+SOak_X+fovdphXb(xgj2tqMmWt&014>nXU zXo#g1krbB-JPxvPJ*m-Wd?XK})-NAqY@)$Di~Ut6!-iLjwk{1^3p;O8$1GvztslDq z(*=V`Lxy1Q>d!_QT?jqM{8xzl3UBmRZ&g6%sjNU^zH_3FjH$lv;=QGmGU}c)8IvG( zYD5z)3KLwOkIg-OE(1%`7=kJ zs1&{|zI%|El<739^cok-gEheuF|Zql$V`{y*n2lHF^J6~HNV=cb&uQ9MZe5{0s%a; z%xve><6xA{ri>;1CV;5C;@N$o)gw;z)G~<8)Y&ZZ$QMOQlrHvSZ)heTaR2$kVL^_> zD_#9ulf3dUzj}U@+`51q%Qm~EQf~BtU@q_CfQh2dEXMw$+;G~eqHery8#B|f=m9s% z_Co5!yLoAw{-0`($Yxfz`x08Rnmjhh(rB7_xB%wB1e3kBVw9q0nt$kC0WNjk*_@(Q z_kc!6b7X@!5~71-<_4q>F&s_$KD-YUA~{K5hh=M*#X1Uy3;hmeAL&|LKUS{JxQZK- zD5#>0$h%n-y>v(gfRQyvmS$Cj41RePpW98}g`JtD`de|L7aa{_KOBmx9fq6F!D>=G zZi6*MAif7;FBtJU1|Vw|4RG$w`Ol!=aA~LeXsdIETd)O_!`KIVWYMxcW2T;Ius2|I zsJP?nPe3EZcq#RhW#O+DN);&0D~LL7r2S&Rx^AiYE8hd|Em*?=M7um|>!}kdyHfXA zB_V(JUH!%1i2wb;DW@dkkBcyGfmD*92GQqLRzt8;oitm1tF<4pV^K2@5H?s^)I|Yy z91JlzwOJsNc&*61(Q2X@okaMd&nvU5aVY|Ri>B!l9t!kE5f#i5S8$ZKt>Xbeft;)k{MwqW-5~Kk$hNet;yq+DV+`Us)`;B-eDl9&K|IilQO8t zsZs5pLyJ1;>LTpyl{^9)Sx#(5$I#X24YEF#BV!&?o!?u<%9FC2WMNt{($Hj}*Z z3g41lijtH}Srrd#VG_(_)N*nRr_76^LD=JHnQU5NB-n|Qoa)3{6b9SR@=2)955ogS z)ROR2w3cTpxwSG*KKGAUqhFxa{Aqyb`51w`jZhB&LBIHuBMh(t#JVK%!tO3|pp@ZL z+1IwPUiyPnmoW#)yCiQQ!Wvt~6(IitqBm18o2^&H2SE2kf+nk;9!ea|Hh{}fad_RT zL)~gNWeGsRZG?I8nZpZuW_GZ2z@`J3x1K+pnqXypaWS_6^JO4x7A4B!J4F-r4NdFA zU*jE#hEiRGZY@h1>9w@(#F6gdb6&QwwKAiV1Y101xF}8{*aL@!?_< zQ&+w|llW$y|E8MMp{p`B5}s;rcKaC2w*xHWry);1xxbG`tbYUhfzUxeO8+Q5E;1Ns zWm>@!XwE?|QNaXOsDWoTW_W!|+;aM|8L@yFv{|!6z2yj0G1xmQZl=(Pvnz~uT+TGlRqrw*JESI>Tb= zD2Vj4OLC^pE>~)#Q~%J5!AUmrs*FbKY{kz&C_*H+?>4x6KMufR<@-fMrm{l=Vegx+ z@q`gywMo&S15s>i?5dX{XG@9?AeRFMLFTqfLq72;Y$Gm*zbOj{)$QW1eI;)2@EFEn zn>_YKxeW7gdluHbT-xiEU^|vF#?lLtPAuJ6HM7!NxGp(&aB69PyLKTh4OLZrJk8_R zm-5e;Rpsz|hz$^f*KX(5b>o{tTzU$d8@U&64)pOsm4*h(rL4XEWGq*+7iu zXwaf0M+mKqE%G1TA$K@Uox4iE6<6v&-UBc9Lt)3mZ*rzjO3g8{h*0 zTy(SS(t^EkEj!LD^TUvLwR}K$s^Ix4-AN{;vP16?b;O`fhkm1z=v$mj{gJ*q0Ji>{ zf?uIhV{L9ueJzMzHY>*M>E-n*|2)w4BzqWVs!wUDUT6P~S**GIxb~7=J@Gbj3xHCo z#2{d@XN28^Zsg`0ob5O&y0Z86EX|O29GmOg(IWXYlk=CEEPG5<%TAA?+M<^gjQ&Mo z<-)JM2Zy#d1bVvFl6rf4Ei=b?JjZ-3zm||$x8iyg5(mH|ec7>M5Y;K)hq2db zk}|)>F5UMt(<`-;6fXu3qCi+@;%&W$T%Ow{ zKV3;ru%Bs{*O`EmTRv>%4WQ2FkcUr!Nwpwi0hR=-h<%H`ojD5RYh=+6_7={C@;(_k z*LNxN@!-voM{K?A=N$CT-CWRG4^3Z2s(e%M0)l!7&Wu2lLoovdyqkqZ$Ke^pQDw|? zEie3uoVZV@omG|OBjdw|b72deG$-+;TG?yDu3`LnC|UTd?`^I2qM%9HpL4!f8jv?U zMbXInG)G{AcF)Z|aCGnn(DTFKWaDfouwf5@;E`i0IW{LH=kTjR)lvTr>1$2Z`8bL|ZDp)ZW4V|J?@2Jm;3*8BQHYYYuP@yLyW&*~$9AGpI6r&8bNVVriB_PyHk z#UJUrAt9z%J{olEXQ>5EEsh~}VdFs(Ox{fHisD_`Hg3CO^Y9kv@l~C=XB_{|qAc-{ z(XR26HSL5>JTed>NPe~*p>D?cur!zv7NmlacGCrP zb;sgP-Bf#Cwslt4?T|GwNO(KiI2s6UK+O|j)Q&d;4+eLFiQdi@_MPaEh6WIx@eHfG z>9FaD(3*KRyL4`Rz?!(ElED^w(?dj*x2u3W#MTblDTMRc&HC6)?yl1?wa{rs;y_RL z&FvFQ=_|o@`t`{ZH3DF=dIrAP*Q8sByFfhQE@u;0+nj_&)A!(y`7Xv*NL+na&X9q% z!4})aPF33bJasQ<)a2YcI$bGLVXCYJg2H4n8KHwqXFGLN*yE>_Pc@?tSjWkZ7omAh ziHNoGHjPbnqOzt-hpb@Yx^DC<_sgGDDg(l@FO!B%Qpg9!L&&Cwmyu^UW)QUzsYBmH zXi~$a9j{A!OMr_enun0iWVWDylvBsBz5nh1rgt9T( zINlLs>9!|R`2p(56Y6cSAHvb0ub&%iS$6O4w*M`D!wTsNCQRI z%~Y687*}GV(p*c4r5SPAYoG*217(EKKAWFXf%KiURFN{-O=yTy0i5I)SDl0Y} zvg{i;`o6xv*?HJbuTsq_9F)122VdwlCanY=(=2ydD}syfLg$3kM#NqbD77*Epdl3F z7sSEEI+oO+1SYy^GLPS2v~}oZpZhkAZ;KDbil50|nV4L|pW_KWVO%POJu?Yjlt%ea zRoxYddvke5OpR?`vM`G&^){t;U;a_qJnEJ2fmSzKQN`#uX<+W;5~n}dA947d-!4IAWRj_Oa2$$y~5iY;Vi*O30x%D6%NVVV%A zPc3M@R@d{w#!f^h%L*;L=>XsA?}8Mkr(wgDSjt~rhqQO!PfoSZI^a3AO0iETF7N%&zH3E? z3vT$I8kF5UGRgaC@llPwa1KR1`Fx_ZFKZH3&Tfc`8xA5?(+6IQ6iRsQKFN28Fis$HT9 z*-3(@8|J4=z9}^E(pn@3!^}SOiDEQoK~KBj^9?G@AH+c8qyeI-qbl`fAk(pT8_hng ze?W`K9xQPk^{hEjY}!K{+v@_8-Ty3*S-W=1`{*Wpi^Lr`b#b^btdYECny^cBvT5#l z9tVG{%Zt|e_2rB%xvg4axRo8cz(D zw44YIr!I6B%Nsp3LHET$a$q`>)f}bSP$l16-2<{e+$cH*RaL1x>+Wg_J}lKiUiAHF z;skbaCY}W%qph!kXd>}buFRG>fF+fOmk$}Z#)UfmeDspRosL_qjFo@;8N0!wgvNcjf5r|B3O?@kuZW zxqPqT37M1Klg4N3;HcK&G9*o=vw{Vz_jvJ{;R-(mzT7}sIDZTahF3zOjdRcsQbKRx|duVs=a8$utkJWVd zQrwFZ<44cSRHSbfByWO`Oa;d-)jibOW@9G^KwP#Z%16~z3xm;03M5*bd6 zzziX(g)p*>w#d5S5aNhXJ#IEM5O%(5VJ1}bh$Sls_R`|j58V4KLH#slCvNGj$06|Y zzPMfqA6@UbX~7AC6?jAyu;{Bx+&ghDcH@rc>lLNI55#u(d(-N)7F-~M;aqn3?8*ZG1hg$S$-R1p07 z6-KUYCO^lkSA6_Uv^_0oB;Hi7dVVoOkKCHp2BgTT=&`=(UvbK0=@v`z&aNAdk&U%s zZ3)_5I$ze1bzsD^+&}FsgJDKMp?9Q0tA*C%0E2gFkR9sM3=^w z8o~H#aqrjG*6GM7L-(?3ir4K?(qV9@O}}H#PDhg7BqJM$<$@;S0Ef$IM#q6!`B(P( zFZ2x`@wPr8dL9Q7&!>jNdt0x}gV{0lDp*t>OmUPMKI}V;wKUyl5FqV0CR;jo;SXI$ z{^hB<-03IBrve|J-t*Dr(bS*AC&E{p!jJ6)qLe3;S{L9O@KO!lRc%+Bdn0=`Cf zFMr;G>x3zxlE7Wq|GrNg42q{p7E{AJqu@*Nvq6WEPa{ToeoKeum5lDHuQl~J5#4%# z_mer*lpYTfkBTH>LS~~lrcCyPpo4pMbUTlKTHYqAOp#IP9Oj`(pyuw>vd_LKmfrm{ zR`&U!C}Ek!%r=mb0Kqo4384r)904lv*-9~d_v*CskmZYkOaDKLlh@z#R_gD^7 z+hVw)bq6^Nx>z=SgBQ;#wlT``W+p@hjhK?ETllqHOuPoU5v}SgLf4KY#F6^qgEkS8T@A{^Y970v1s}ed9Fi|M|jVM6;S5}io;JpI7fM=8R4P{+w0_1$} zoZ~#Ll)Q3PjAKkbju-G+R2ZC+#CaU zNe&XOWqYv8Qg(wpd)r+y-g;^6(yP6zC$L)y?-*LNsOMnjS_@Gm9+&|7n#>iW#6q3v z`pWnMFdRy0(Jte#b|p3I9JH2y&KU5X9m zaw=G_TwNTDQ4E`89&KJ^7K7EsxQ^5u6!jiQ3Q&lSDJdN-F;!-Jz9ozxA`;a`F`pjtp!Nml2rToZwg;~0g9WW<@D;ic0}kZ4)2q$<|ha6)tg`m zmO2MT^s1}ccLz!*QCEC?Jhfs@RF;>M?B;V0ARkIbQ&H=u2kNf-Udc2_xV&T(wYZqS z_X(I@XiGLiwj+XitQKCa8?;7?FGB-U^GAxV2TE&hPb}RO5$3EuLRTc( zIP(T%X%e-xkC}WOyWMr_P@gVSqpc(>GWi!C?}F}N@O*eMc30kqps_qRr%IsgIl>{Z zkUMO`^FB+hA%Vozf7n#0oD@HfBfvM-djjc#Ca|#Q5Vuk%_sxSqO%kUatUC`Tb+jQP zSPaq^SbF~;do1XR6k`w8?LTT@4KwbSksLB?*gv5pZ1Y)I$ZxFlBNku&Jgb;oHIoL~ z7Ux9BroaH!S?B3=Hg2Fq!d3uOdbZ&Z8-wvNHQXvg1B zeA!>)IZIqoQGMrxmVm&1kLTbH zv+Lq6U@MF!5816D6uW|p^j3KUqU+1sh?{1{>w1jK!IYWMwN#s)__DuUp9WkX)!i1F zS&{FKBFFwr>H8SrG*c!5(`Dco<}n7~;?%6>2+UoJwG81z>ngA6eZ6= zT-hKm%iA_e1q+=IBbu=R>0Ni>IMl`CsG^?}8;DUnYao|EqiRUs6pq)@y7g*EJY-pT zv3ftqUT9}gNM7Wf+rEOuNyq||r&W^Ugbs$1fS^X`$c95r#1YU5BnAX{7Al5-nw(k-OEv zVKA^zMFCf4+I9G~BHeU;>kqp63;{80HdFEgh=c?x+t0!wypmARMBmj#vo7>=0nCS8 z9@9G76(aTQ&<(~(K_@7dFh7|f19^WQBqUJ5uvGW21=a$Il|XE z{WG(8E4emVa$d>gp+sFw%}Bd$UM6$O7?TUy1+LqvrDzg}<-&5mDcmM(m3P)o#DofB zS2ns_r56T1&s`xD?;suK%w}Fo4G$(3@R#n`FQn*4g4>0UQ6hR5t9?PL2@vMeP^c6i z$}33T?x@pje?zb9hRhrtz9zM4ZC(a^g=ODLOSMNofE{=1O_bD0&| z(4sdreXSdo_O)0aa+U1BDb~YQ+c*l9nnd-*lL+J9ip0Y6_Fp@^haG2UC^~j6x{sR1 zf45|7S{eSbWVLs7BVJLcDE?Cz^CouyOh79M`L7{Y+pM-|N5sam*bCjdr`OL4;NJi~ zKC!R$&OWeVWj{c>0T08(#jX~ z$uslswqn^CJDc(JMFCjv;``F z0ZB;0AalYHHYC~JWuMc1+8(~|ocs0d^W8r6hd;P99zWs1tS3c#2VSOJ3=jG^gP3^*msP#m+;( z?V3&P6zNI!%b(&GwAVlQOe)}A$$i*t%xPg-Wss;FZcQyaE^r8_)5!w{8bVl>hh5*k zhIoi}A6#HRBX^`~=zE%x{IR<{b+Vx&Y&X-`g$=Wdh0M+>UWGP*hI!_$M&JSU5cwvz8gZJ*GA4V?ZDi4@&HB~C~G|^MveZ*LCt+G-c{}@r7x)AUy`Z+*_?uhr6M1QhJ7;FP@*` z9LUU9Ei}>c;UvsIZL>{B&MOE2)@ST%FQ}G4DQ<8OTH>u{m?)rYdYQcoO-DlCqVHAg z0*`QXImuEW!`FW+?;nE#>qD0PZIYdGJu;S^E6+!dHU5d4c~}AZTK2kZ1bF5zM?jv!j*Mx`8Js+lYDmcd1^1yA(t&j zUi&sY!cgFH>@^xjOdrk`Du(k4^xDt*u#8--vnhAI+IXi_6702{gF@JMVta3oRI}l! zYk90ql%tYNc{qOcAWxM!M|#{OhKU8$$FP92y%S0)J2 zb|?}*in+D=S9$LK2p%=SWbvAY(b2uWoXul;iAk+UgLGR_4ZEYWlKVYqCiQU~Mf=#5 zAyz*&rxhn`(`Lm0yNeOrXNBG3Ya^i{V$i)n2S05Wlpc?MNagMZd6h zV+$~X)9T|%PfMV@_;os8cT=-|t|m{2!h3F#4TwVbq6_tqvq+LEo@=WL>__&O>0V8F z;6v6O4hp%|Tjg6P&D6Qfg+Tmz${)luj#37{t&*rf-SYmFh<(W@_nCuDrZcbhoL(T* zXb9@-dtlzQ21ThA(t0fYm11ZTxgr43#9rERPNr{heoLv!1J-C)tMyWP?B@8VF{DAi z&P$3*n(+$ghoquvav00Jkp(oAB7?ST{;%ubW%C*8&UL={xTAH&O)~m$GQ17iGLu5O zL*KS(7URiy0g4)8n3k?Q2M(ZIOZ%dfm zjWfY8#J3EB-XnaH*IvXYM*7GC`HI)Zt+N~|dj~qM6=ZV<&z}IJWHEwvZegF+`Y@bR zSq_4BKmZr0Tg0m2Ox=g--VG{VwV9NNfpckafpa8fq$)I+ft&WN!T)&SzT!>hsx;Xt zF=NC}9AEW=Yzg8gGzhR3>lWU5)F7m<`Q+$45CnY`#&OMq;o(lk_gpI-V2H>bJ2e6I z-wOh!>Vcv#0i(j4u6}~T0bYS3N$67maDt$*+|Yt{^2lVM4&CIsMW^>KYSx=3=6hln z5+pe<1^vU>px2g??jgX2Yt8j6@ZKqlbRk=}kc~PKfC8q#XI{i@rh*M>-8QLZ7MX8S zo_h_uz(OCm*Lzg3=d^z|qkX}cop{Rc6YN>&Y7Mp8=*f+4B<>vArKKyqfCM{=131J> zX3N8c(MKyy0S_M*n5F%IBS3oL)F9ez@aDyR#tu?>vF@BPEYdzD)HKz{`=kst%>nW~O#V zZ2-TMQE>2btKdLNSI@_oc_24kfnpgFxQcoZ@#kYBX>(igYLtn+=!Xyfb&I$7>+dLz zgYb(NYMRtorFWm1*T?S65}Zy4C(j%x0Rtv}ye@v9~A>4NgJjhA-U#!sg9o~pI5SN3YrZdm`#d#rqAe>QK&y{RVVX&wI1`FnY}-#2T7F;?VxLc z91(Ov*FiTz(;%kom-J7LR!^)mKh^tM_|4Ef7&_bqtz*iX0 zIiVwv#}2>_-Gg{riBHvJ=ei^J=tbV@G zUOL#aF!}L`fgL{#B%Qi>Q6do!gAD9-*TbV0RD*JB;yaGGUl#7jkzXE#CLOZB4Isb2 z9Nq(Z+j|*PZ!%lz{}@I7hZq~J@W0!{P_{pul#T`u!L zUW&1mY*9N;4Uap+orjP-ehCQprMnBivv0!S5(RC^bPf2RG2J|V@m~HwWZ#?Usq|#!% zX~Zq%2zIo4LZ{n;KCYPCpD0q7#3F9e-Lfsuko4{`_0J~1)~0thWIGKc^{D!Oo?hvc zmg{2?%jl}r8nqh6S6s5(5FwP!6E}6|R@X(ogszfQnK*%GK5D#Za#;{}+y{XPAN@77=-%f4D;nD+c zo@qA-8o>;tt7{b?#V1XWu46SoMR|bfnL)7v?p3)a;p-Z|iyR?WaW~n1_fBA&EX(?_ z^ON;?xN|E<3+_!{J!kl){ay6k7mUUvgU(&ZsNT%4lPlUaPDMuRRXM7pz4mDGU!&8$ zWr6VR`JYoX7cXB_KH?hv*TG7wkNk5V`w#Do3%CAQ{QNYh0mRQ>?Ejq>(l_*P+A@su zUsO1mgNpM&vxLQytS$p+eeIcf=l&}hLI1$#&YRa5HRo%*(HgCr7e0TTu)a;72$*_h z^97@;c;X8t_clPHlgu!KC#AO%;V&3%S{T?`j>7}S^TQTK%laD@{eo>c=7rfhl4CF4y`*@z7l z03TMz82}FY@Bt)FkgtMNRj(#637DB-njeDwHs3(RmM?RJQ3V3Xn)v-M_Z+(I%JPd^w*tz(!f2o`pg)31*MB;@^v89i zf;TxRX-wyYr0ot3?9Brz;C9tl_F793l4r2*jtA7~q`tCj=aAIHEu*CD>MFTA)IT(M z6JuY&0<@Z&N<&x)5p18HwRIiqhUc>|0DfAWYbA=PtPa9O(G)*f`D$FGZ76Eb`t0=f z#gY(l&BwKqWiZGf>8j)=CbC%?Yl&TiI}o1bTzRYJFBe)_|+8` zfnic~TOz;;7Qkn)(U9s{fG?z1b>Kt08H*?{EQu8~B~caWOmWMpqMP!RadZ?+?EwvA z3-T8!K+Kzy_Z4@^A3fbN1+3pVJEkSRpf|a}EHdysfsMMPb8tt4XW(i-E2CiDm;>nS zEDf;R6^1>eMwDQFO_t~)hkqeJOSScOfg}u6MF9yyX^Ne*jb3}j&w(d#xVl&4Vz8}; zR#QMDs)E!}*Nx8>mJ#^}T?e^3WsTY-;A$z{$Be6!e&1(pz%?~IM{7D8N5IM^#(Tzx zp2?$F3qX+X@i4KIs~E0~#yXUW6{;DlI=m9q%A)+3py=}fB{Aa%4FbTJ05$eekltnJ zB&j{C+_5H65Us%PVRs}MW=ckICz>sGXOLX0afv!!7ShOY9g2jwY5Wsd76YgCSt7+s z;zHThXY6MpSGr_Pf$houW9)s!0TX0H-3h(;=_})7vd{DS;NM897TTg@ba5{qr%Y+8 zj28GDY;>5!DIl~1GHIFJB+1#Sy`9h(yq_^jz}^lzhK+>tnCu1Y?i98P(@FpmhPx<3 zHELT*i(-uR)k%hs2_zm-kehdMZVPAELcNcIRU_EHFxuf7mZqoyNTcQr>U;3jvtH7d z?@LGWetHr226RztKUw?uX@u!E@buQ^gz|HTYekWKgOtoi2;orc#)8)SD+Vv38^q@x zJ=OUzF@CnJ_$Fbx;nS=8il%ZFbKiZv;dXuz+J5PArg%xk=0~U$#Vbe(Zn6OtCx!9S zN{{avE?)9u2_j7A0!Mq*5#12Ji;Y$DQnMD$mCi#i6FP*zX){N=q$sgYDmY|O0)5we z0Y>zShC?6rUTC;-l^U599BpdoU%%(fWUaxdcFOwGaqsrsq@6v$bzvu}&$wxW*l!!j zc6l=15P3+{KE!Q{UWl zxa5ZX#S!f7IA`mPNA={TAD^f_j$S5Xl-*wfi&7~1XqY8{+7@nwqp{x}o&=N4X2nM) zsM4B@d4A}sh6V8Z{zq_k4Njc;&Cyc`*?The_ow}7czz#{->;D0Z<&9aD*k_PFR&NF z?}d-yZYnHvPD%D%o-4>ExD+V%d~!JrZATpgeK}aPDI16ETR)lAs%Er)*8TQEIR?MfO_U&<<|hc zL~amqY0EyPNcl0dugrQTQPM4cmMpPA0@9H91Bi#Oki3Et>L6Wsl^?7Q+5xqJ(h{9G zThy5`D5Rr-ZDbKFWL#$bKwb16g$5k2>~Pe2exH+BtK0HA+CY08bhUIq7CAbB$|d)g zw?^~>4s#gaq-ta#c{Ozhk_?*kD?Bg81qL`Kgg@=<>U;$QZBXrrR7oV_ARuBWksQV% z+B(Fo#;Q`Xz20AoE_k_}tP!sD1!HLQn_i;N7mSO}XH%m&+#{~=ecF54oIGSJc+V(U zm3frUP;eZ&s4~6MI#|$Yy=9~)4(NPhCf<(cfZ%#~NdF)yhBt5If}C)?1gYmA7%_rC z%iYCVU_-_cfn*|B{s6eC&m@EGY2Q~1?^5u`TZ&=6NhI}HNH=bgj40w}<_y5&t3O=m zI?WY~*P*4mHB#J6Qkmim4_ScZ-wypAQZ&1WHxexh5L~<`0@AwfyTB}kUah5F z(rBTS30H8Ngy_dOXxo9FakO5qo%vcg0R_6&^Pvt8+Yi)b4+a?pkJ#5}E0FZ#aeE^x zf~M(4(s0Ewi+rU9X>sp1xXBDNbx>cihM|OFsYar9pk^g%odN#xLU6VPfuh_A3x z=D>Ly!v~pxd2kk6&XaHdf+57@9Me=s_o(H{uRs#68Kw-3oy-Zz298gRWmEJ>(n^1L zxJ%LMnbh@xfA0l4uuA|IxBI9MPJtR^sr9v+z*r} z9`SM)j$|)9fSp;%x-1UkkS>40C_;JkDnF zeTiKw^Fua^`hR-<0bLJr?^t0WPvF;v97nNkSz01v>Yb^MycgqdbR0`ZH_CP*M;^cx z$Hb6eVK{#Tst1FcZ#-hBZw_xq183qIDQ*IC<(Qfa2}G)Kf`B1Lyc#}Ji}8eDk&xm} zbEo}*3qYT~Ip^iR^8mr-iM$2ba!Im?EoitZ+vg9Etk-*Zm9tZ2Jqhqs)0_Bd|9iet zYudZkCwZT!7e(&Awc3>$ag?Nnl?UP;F~jf4Zuee@iUKw44MI&IW;EmJy#S8ZGEr;p zqcb!e@$qE0kQ`SFHG}BhN#ELxgW>GDq8Q>-Ztv9ikmEPnw#`VKb*e}{`Jt|td2w6d zHc<9B5B44wL$Zhtx|{-fEe{9fpgTvhL|Yk!P&IT3Fp+`dj8!*#xRIt!39UJ9cB?l# zLwt)BFQE*}*xUO{Vh()4^rp)uze*t=GM98iBSlXUo}dD4fb*eO25x*(OpehEZqh~1 zuEk(%cq)?e1=9*NBAwIct+BHFm@<1*l~E2M01@OLg)6#6Y?&@;(%=h*>;(4YFps_+ zB!)eV=wsT7QvtK@5|ilGO;?vWin#QrUX1Z2js77)+$E6>v;7)zfpJG=u$aszSGeGp zxe1D@c#6pBR)I@Gk?XovpAqc@;tY6}^)5|i z8V~tP_a)K9qpRM=Pseh;nlgRYOWiEBp?Du@W%@(W{?O9Tcumo{2Ob*u4e^`=d!;^P8z7pOBdN+_UIkl&(%*ft-~keP1aw+;?{@6S7W$am*t`~|>_j^f zSK8?KI@GeK&x5GIOZaOKOGs;|rw|7b+v-Id%|LcQ#JieJMhZ&XriQ#h?i?Bj0=lGc zO0r}&h+pbJ(DB?XWMXeYUYlWR(T8(6#s`Ekr~}l(0ibl91K^E4zA&e3pC4-hQXpCHi0i&pws5d(F@ZVhc{s>9GkR1!Kd{mI#d%IIl@+fJs zrCXfftDxZZ`QwjHAurM0AhLaJ6MOOnz>)t#QSp}wi%X{RKlY#OjsE2P^@qN3knZ2A zgT8s}r)^zUt23A8J!CQln;_byjSnNzy))ZM)!HAsINLbd99)7_yy5P)5a3e%%?tm@ zZG^w~+5e@Y?(s~zEXn_5`+!<{_}-34?>3bmA~V+&UVF1<27n+a@Y)9y4b0h@4@dg< z{lwgd0AbFk zPeQX_Fn}9modXOqpJK0L$1!xYQVm8Es-0Rwfm_oqr7xI|ZeXHl{FpJf1i-jhNal@$*)u+&I{ z$4Pk#HDBLPa!V8tf!C^iFr4} z_Yq!M2JjoI$3kHZi^crh`4rkv`Lx#JqRT^quyW$nfYN={Jt<^aaP4Cd#8vBuovpP1 zDY3TlMAkY)&*1~Qg<{Xgg`%1Wosfr^JmL6@x4&X6!%+=y!%NV1f1BJ;bWs!gG&Yh{sCqfA6~CfgrXtm`H|bcKl)^|KvLj#`3+%1BNxa>K&BJ4W_5fPXo_^?y-M#22ar-pPd;;RI z=)(ni!)0y?P%ZepV9BFZC3^e1hOG{gbYwzbP z0Fqs2XtyVzc?kE4?nyF%)vaTfGl(eqH6*X@1-&j#_y%|tNo%22Yhc{Cq}wOILqJ`I z6i5#f0h@0nC5gBlP*vWx&ZfMSFbZcFXNy`>zhDl;;Xo4e%yV>Dt~=NZnuSE6RYByB zATZPCYX`fHndO~370Z#Q`bkUl2fa3denMv=dWawa$o7i|eqiS|px?{u1cN~k7mYB4 z4GL68Eme_BGP{fkiUstMXd6+}?E)*~OuE+6G!y&zVVl z`Uz3rjU18cQh$~|m2C|aC|)rmRL-nxODkvE3LLPT4 zY=w$yGRGE+Kp}B0j}s`MD|;RH?FdN)hH)`FM}+dOd|&$46I}h3u=LXf^2{PHwqyl3 z&6L5ZBOlm3>%sVZ1VD|C@cxn(J|wckUB;Ws@5Anp5=D`pofgp1@l_)s8Tn`3*S8#(yy8+R@&69naW*B z*&rO21U-!-=&~hO!^U(Xh8Zwm7|~WWz2R6<|M8|t^ZKKe+Z_=A zZMZ)xE^B1wZX4fe(4*z<`n5vFVqXFTAf#7HpsFC9;===u^jBjY$qtCe(*fE^8)H_e zPi8w8q-de6#(uebXr261iU(+d1|Iu@IfZTaBDUuq5HIL^DTaO$r$Ra^QNM;}A%6j#S!M!qXgx<-pwG=Tb9ID9@x)MWmY^P6mz1uE937-0Mv1khuikCtj*613^be10MW>8M+sA z>>IZ2U)1`4afneClSYQbLOy92%=rrzA*;kkg~SN>xeW5)!%77I5IMuwx3^XY;G(0z z4(g!PE&_wZ2nGHO*=mBM2=NBay>#1FY&o<<(BiK@cHJ={($|9=5a{az@Pcf#N#i^K z87y@`2IB(Jjt(DR{6d+dJVQ@JuMW4c)w{#zA*a1Vh%QoMC$*u_Y3K;BuC`W{&>}0AHM*}6uC|xMnA=wQ@~(_!`GlH5OM4EUhq=TnX3xe)(XxO_ir>4@lJiD>9x5dzCg_~FLcIICg+^E4R^Xvb`( zzNCLefBk2H;)RM8Kvx0yN~(c68YDiV)_9Q}7Z)~8Syj~*M7%O3|L%Y`amtR+=Vh*Vb0 zO2D_Y_3loN{$XI&{$pB|U*G}-HmC~d$YHHT@N*`PJ}cZN4Q^`(HRo6bJT*38~%a;Cdu2_N6#Ak{H%%J1p0jT<9HB!7nQkS>EQ`t0f3*g;tX)1X`B{g%yaFG5kjPxG9UECa;JAK+#08H-17YQsu4a<>`=SYV;tNj^ZIt^4+Cm#APTj4&qj*qykY!LPQix=2fy-44 zSz0pl_wKF6(e~vgJ7#IgWb{QJsn8k(9(IU{vejgv{biiYA)S&ZStLI76kQC^Jsq0v zZs9!@;`0H*$j%aZSNQ}ad?%dtor$B~@)kgssoO=2YVLe_I^+>NVqbBdx?e1bRERXv z2T~@1Lw0!vh)mVXpAp!w87N+Ryyx9{_W{!PvV+KiTqK@^+zaGm+Z82uV}OXO?S2*z;WCum3 zvRl}9rgf~fmopw=f>cM232@iBYvd_Zk^pzLbiPSa0qeI5;+c-ggpF%tB_<6T1FLUS zIAg1RYq&7v%m(^tJ>h7!bkiAh2NEf|?c#j|Ir+|Z1II>uGho_mRvx3>XECkR$suov zgBz@MMt=-59sm+E(+momPl%vmQ|Eh+9IY%WOn3-3SqX8SwQ97-te;y(S$foi@=zlZ z2JmN8t8APY-@(5Ouvb{%HYWO}@rKm=i*6b(@m{Puj=pz~*)DyZR&|%7aVPGQrF}U& zKeyTm7h#60ggdmm=i`@>RSYU9q+^X#=cH=pv=X7O)?=p=C7Q`{wARydhf85@&_s&5 z{296vkx^37)$HMLU%@5|b-{?u{^lGq)02F%2Ii2D#E{tL|>|mx6 zfPGn!9U>Qb*I@Io!#IKBya6*p^eK3ycUy{L{Qfx$Zw0ShY_RjjZ#b+cVB^oS4XrIY zfCBJiWu@yzQF^G%$6KJNIH-0Zk)&d=FTh)~H|@rZWZab*`zFQX#3zlgv0W+#sHMyn z1RXLe*sAQ)xGQEJ5nE*YJo-O%fHgY$VJ)Zyn;>MOgtt*HE*37t&*WN)cq3!t4HJA^ zH8B!zAitMCv;?~57m}hLjpLj~8=T9o!)Z>{&_{uGoz8yu@gA+yz<_WL6wNZFs>s8b zATOX2TEc|Whg`pJHTKqYb9_%#%piS2JPx7ni{qRa8#huQO}hb*uEy|IBp z1w#Wm*|3K8mXSxV;H{x}NX;wYU*7vLJ-hD__QmuO*=u;gt7&KB4ltPUIj1IcfO?57 z-9XQb|)TBXq+DQb^7GsyqkPy!psw<*z3rVpD zuKA`bXrmUjBb;?wzllOQSPcu3FX#}e;pcL?XP(N63Rq3DW8^G{F5s_HU*&r+PR~~d zb77`FXdkswy4KTmQzPwr%4Nl{Akdk`@wa`xIPe&(-OBh5y`mOoLyGyDDQ(He5$02m zw{jk^^pBVg`lhGzjc?&UKy~u}`hNdlZ^ZvL%smOS>0wm=BaHH2vfRgpE+wJ|wZNW$ zv=xv7jV{b-uKp{Id-GoJE6r&QG5#TvhS_>XQ66c{&zARS*shf}iQX&$z!_aRgcme?Ha({36Fd zl1J*dhdJXBm~OO5oQPg^fl%}dM)C&#&C%GV|50x-A(bF6Gdw3e^C-s~>WU-w0)-KT zn%ae=3vu%AN@2Mi1Vi28f}}xg2W=bBWMqLQmd8We3Ev*N^sb&$F8}iv-TWW@7X8z+ zZPoX-@fylReGCnFsuM66j*$>s)_VB80+<0HNnv4cmEhwhHZ!yCnGB8^`yIKSy-Y!{w_ZKzHKd7h)9O0M# zmTmaZVdVh{fT}phH{D-KUW7muT608Qj4R9~d|PO5e&y#@~VfnL>^C5m;Hd0=vC9NsIjv7XN(u0!&bSjY$QVh!qfT?C-37bQhxt#D1~cO{fq6s2<< zIrQS}1c`ZT_`=_gKmNNKMgSH5Gk*7X;+OphOw21N z6oA#^xFY#g96b5L5!3lFVulB-UGSS_H2DMn-1e9Jwklhza@tx^OuR>+kiP1Sx2oh( zZ*}+0&Vg3C-fe@hglpD@7I}KJ`SiM;_X;0Y+eaaK5?3*?B3ILswONE6*)Ei38=7A9 z=4y&_@@FSiKin3VZZ?D)4bphe0M?G9Px<%33-H@aUI859d+|YvzrR%m?L$XGq{J_z zXNKg{Myu}&sReP@pzfcIz|6jhm|)P^8tUB-DbO2HnQC6KI z8b}FnK#gB(33e?CCTf*)=oTcNPaKv?%{fAA=33?F;(dJ&glqC|H`-j6y&f6)Ac(KO zkq$w(uyUjOiWeTToa6;~9NOrpSBbm!)zwAx!pBf}T+IDVE88uT(mAY}Fm4@)mD%)2 zjqH_bHSTh>XTs2u+PjLo5Qfy6!r_9{$FHG_E0l<*R zVAR6gP&;N(&znG+GvFbWVM3no3&hsscBo8uPjSLfEXD0r5qF1pIzr{>LnOeqIHq1V zV%g*1+P<4N3ksvG*Wf1N+@mo!?lzME*mVY8JH%UQ-(AEZhvs%ORy%v1A2i#0k-Ls= z*EHpQrYBnG2j@Uv>plVtx6O0|U5l*FF`6@MWZwXR#d{Jv+Tzkox63@#yJ|tg|8c6Xx?ws#k`I#$-0`@%?}kW1a|H$!P%G&Ds{!S2#uQNCeRyOt%~gN#Z6?apD}O zt!dVM*2dhOL3v@I@|yeDqSJ=3wNCf#^GUdivxa8z1~c8EUtt9TmO~E4<9mp7}|JAd*WJG`-ts?_NT*I?YZ}0FH(nz09c0Pip{N& zTtUd(W!~Lo)%h3k8;cvabdAYO0{V6sFW$=7(JTwslTFkFW4E_A3BoQpy@EuAF#m@p z!ZjF_g8A%1v>n?{(A5aZ)+tLLWGr_GCq|Bm=PIKFbsoQhW7c0FQZ~&gwKNMKrMYYeWY)dht7d#TheH*?w#Lk&Zn%NY@kyAMU zz5dXu_sf5_d^k=DZ;;s>MJrU`*`r_K%0EBEc>Pz#{vY(*IpIRm%=~mYl|JNL;Ey*3 z0O&!u?KN6ZcX-aBFcjJX53l$6f=ShW+yw4AdL34}$O-=Z`t!W^S^v)#y8l}QudTf& z;@{pFIYNBWcJX4+t^9<5!sqq#KMcp2YIEcC9%1Z6oCvD9&|q#`wd=CBVSihb!&huh zWq1~O0{aB)w2(5c5wgtN{uOsivI79HEvdw3ZB$&aZ#JzV1utG#kX+$?-W4#1)$)5- z(nWx#=-gS`FzQx|bzX}X7u|J!mA7#uS8MFv#rF#$#%`Y0$?BgSEixG5F@w(6^NWD|@S?yajj_Eh*EKiNhqaFKl5ZkYIz1%7R+a_1 zU>zEntNeV^2ak)<@s6+9=^KpnAQP^H3dp~y3gnzu4cEEY7N(-Wf$Ux+>dFnzZZsz= z)!cnrsH&77`{Tj!pSij}PGExoE^I%tAeZ7zLKvs`xQ;Q&-8k$rnK9k*D+YSiJ;vJj zj~M7tY@)|)0ILT|SufCuY51j7TXLxxCnJd5y2;_jVXCTajFrr_{{G;ypV2x{#~#{+ z-R0%TO1?kPrdF60xGX!HX=m%}Ymwr(Pc39R;PY1NRBy-Q>_<*RLCfT2y|;R{*82pK z*TtEp`i`6Jd`;Ur)5f5EG*boUcgr9RqjW9+piqwj<_`nvh{_kN$_|=7yoz=+`Gb-9GjPVR#&6l4z z{-;4UWuerTnLwjl)o8duF={ALnIxj`{S-^pmT! z)-;ZcX}^e;z-L}3NIul?Kq~>jQv@`(4hZdT&XH7~XRSdP-3)a~QI*ybQB9sC`)EbL zue);{L*n*Ix5RP!)^P{Ix83bsEZgpk9SIieaj;9#?*>qu2>()|d62A1394}lC2L&j z{Nz>m?9lC4D8>|zF+*Rp$b~-@stS^T}^x{)ZrPeZ4aYADEh+8G=2dPUDJ?$P9uuI#g z7lWqN_oh0&Vf5(}2R@+_9tX#B+w}x7nc@wzLoOenb8<-FbJxrdwCE|Pr4<)!`a}h266yMx-kINo&@311NkMvVN zU?ppWy(!v?j$xTPeLw@Kg0`^pj~9sS_mP&~TSY*^+{A@-uUK0m)cx>@7Oc}cK-n;T znR|e1x?k}Qqig0)-z7ZrsX0*%*)d(6=(_Nk*!A9yl3%qn!NWj+Dq`C&bA2l7}( zdJnXf`Ok+Sz>`xS>DhE<`h%m*`8cPt=WBm!+^jv` zJE1e5Bjpy{60PdyTmlYcJnj$gQS6x_74abS-QF-!xFhhB3_hHusKPK;;}CdH)3Nt zV!_KBREe$am8VbJ1)g^T)riu}&)pHT8zV4c28Pz0vJS}`Svjwh6qr&kSaNAW=dU@rH$RzeKTWA9Nn~sLQZ*^OSjHu+Ls=@SWtJ5+N}AIcSi^o8FE~k4O(w@l511ZyD^RIgih&vZ;qE z86AhcwN^G2Ea5F50!V-Hc+-ed+WF49K7wv3Ht&x1gxd}I*Ou$NUh*aOa&$2=CR`pX zASudLAYyfj$J??d;8<&3)++#^&;5Mh`86Ul7?j~-?7ZaB}rlbnOuKUN6S0}ECIdDI}Wh||@ArTZ|_;=b>Ko2zl2C@R~PGKpF zfquyY9>%Suc!5?cc?|{ZcD;7kIe{dzVTAR%7Gpn=rXj5C;6=v^589^ zm>g#Ci)!wju5%S%Ebu0y;i>ZY=tCV}+lR1E%#xjQSzUw_+yEjHJ!Pd>D@%G*Hm}vf zoFBbMc<_Bebb!=O@}|1ya)qf;<_7xP8}O62x1&OW?X^Xz)vT@Za6my@hnNZ*enU;f zDv?n5l!04?tDeXtOs6Go)Vwa-(6-?1#hJJczD}%gLRZTfgnqCxfdA@Ic{)p(!V%(R z`oxaY#49NlWZ*g4oGMoRZIZMapD0)~Vko3<+ih^Qhvxn~8Nl6y39vEI2tyrxi3o64 z?qOwioEI*$6+l-2Lyl83HdpowGwHzOJ->2CYV1dERZD|W+&P0s@dp!@UYWqR zhg+0N)ypfZBKem3=&Dsqyo9zzYIy*x%QDd-jqL~~H}IYQfk@Hrf%?^l7aq!f5M~ z`-f3@w&7VIqioy{&0|Q0hASSCem!UAQ>}ktJ^c`p!`x`D9NH(bSFbCbT5B|ji!0_jv(Zc$R&)90=4R|6q zfqFAm?wyd6Uc(+=Oq`v;ww8EdHopg|o?g2AiUE7l{X)kDNIc{AwT(lTuhql^DZ3#P z=-zBMv^)SiyQQ`Io5S}C&;$7O2I6e*PlJ7cLbNU%8oG7#4-^%}y?-y8=}BqSbV3KU z>0^6flg=rA*xSxB@wDIZjQfglAi0m+juW(15hJstp0uuKR=Ak;u}!aNbBmZULZZl} zNV;IVMo}1(DITNah7JM-46qnEmPXkwzzw&X$X2NeKeSma5jy26ay>s-1)frs9rB5D z(2<^Im`?bNtpeLhhc#8<6MZ{Hi==xVBrH00Yh&DMfC>N<>rffHcAv|rx!l}IHV7fu8EFjel=Uj=CZ!CX<4#S-aO z+Pm3v&jtO!Uo=}ySRFKVk1abmdBA8|%RNBV!<`%m@^tt0SvSXG9cK$OI|dStD;-GK z5nJ)%z_?BCgc2|L zW9m`q_Rr8FnNv2RZ7Wu| z)sMUd{f^egR>p6pntj}h2HHB^uom!& zMN1jX8^gJK<#+Hak>qY(nC!?SO3Gl3eJeBgsdwSYcOLPl%6iLhX`lbhV6N?t3U12) zlyNMD4IHhX@FZ>`;&5;GfJ`aFQ{p(%+g7D%azd;;lIBsU| z^g4}Iu8a(s5i%m42EolNU_pyl7kOMW>hiOaE~oo-htS5+1KV~6*d&{iaUP?uYl7S& zroRV^G;|$12R=6zjV}5CjHcCV7)ytTsgS@HdpM=vD*13+2+iDlD45O-1Rb;o)Y!3c z;RLmIuiM-3?TkH5cm?VyQ9~4JNa-wh-7Z2CGbo)7O=Jrb{}2y@$%_xUZ@ApO#i7#< zfMfttt--Rkz1hA1d`UA(a5r{D6|A##t~w$Vk2dk&(fzySJ0$OF$nz|FtGU_z>4}ly zqi)wZ=R&71^QPI%{rnT_$rX<;X#rCihBCQ8}O>g_+<_j;e8rH#NUw)>c&bChk z)%MgIuAMWvIl3Lx)MvExI8ZD2Y*&Pv>@rEe&A`5G=x`0#xdN`h{LDb{u65uyNESH)=13c!d`rTm9iP8?!TmSyogU`O}g@I9-< zxw6YgQ5In;$FY?0=Uqfhx)rd$N`NFQ3W57+Y?J3VYuTL7$LPX_nUw`}>4H!2=R7Cn zZw_~9pnqDkvXWF~mqGQObL`L`xF?n?BLKObzfp{p&s_yr(P^pZO0p7Y2(O1kY6md` zn{vp1{s8o6&%D1p?qA@w89i;X!{eJ&PFu3a8;1LV(!2SHGf$?&)dse~d*E)PTdr*+ z@xG_$17p{Mc}jaG&&dNUuaDuE_m{u;7x@1F)6Vzr-}hhpe*PCYzyA?b474N3Rq*5@ zqHJMY#*nI6%`3}iP$H*d} zt>qZ|N!CM1D{e)rs{-Qq&$?pU4@7Kof1M&Mn{60tgK3V=BUp05B2_IbgR3SceUcIjqcdh;fi{o$F`X{{UC z1EH$#vjbzJh@))3s-{ z6ukU+-1GuBkDxayhzE-QKKLMJ=wH67`WM)R{eF)AgbDm#S?MqNbB@#ToJX17NoDL< zzsJBQfhR3adph=PkTfym`vpVGm}~Y;Gr;^$`(}K3W?*c+#GKw$r@3Y9LadpfHMa|Nre1k|pOTm19rP~NKh0$zS-Z3_Zm~tNyYTIr``^v}33thHtj;{) zRO_L9H-#iW{{+Bm&FubGAu2yS|H4mr*D*jVI((gb2>x{)u zYBA}L&m^oGQp@ft15B**wtjxTCJEO8a$jey6>WaB$@t|W!tB4oSzFwii>G=B#ecJ^Z=#bx&@aH%|%X+{V(?31gxoS zTNgzwwGVer z>sAogrC%}4yL~y`UGr(zL+M$~`FC@~i@nm_ah3GwNM!glT6luY(*Hvk07}P$>$wMn z&`W~_gt}F6ule$3XhnF8UL2qwBWB`24R;cRTMDP?poi4B^3q&DC@;(u0pw1z9mroN zpk>!^`%x6;4y0v~kaulBZ0O5XaZGM_T~r($JU7KuLZ~GC@v&lNbq0GoYy+VV&D9F) z(nAGgyNky9fiSGp;g@{C5kMfX`rH7U&k0Ng@lI~>BpbsGnS>^lulMeaeqf&p(o;jV zqZX7nN(?0CNZPOj6(k*i>_&!&P6`eAKLJqSZJ}+e#(t7kG{h^p%@w^*Qy5pauxapS zs$Oq8b=4kXHOKEh9}<_GTOWFxkUC*E>luS4VtOhI_z^-ouIvPkuNmlFvCwlK;1?QJyPe8o?U&@(eU}O`I{&mQ{}jYfnZF%;7Kx&e@s409P0Jrd^^tbvw$mPx zkC2Yp{$W?Lhy_<@G25AhhmJ2yozxU5c4p7n@j)7>AKZ?<#XEr6=A#?uwM6#(Y{^TD z10qAD7Ews$?zA3cuQlr5uzQ=%v`so`um`)DQkSp1*`BJr{wr`N3PQuS{Mxy+Ag*ki&jIdmM&TzRwq2=;;d4ck`-1co5Zh{tYv0uXiXcb8 z^`kom#Vvoj|&w!bX!jTqdON%tF8%S-S^*MSmv`?Z zGXVhPSvkNTKaTcwO#T7gXFdX1yFXP${)yp3u?FppL#hp}+gap#IzEg&IAUZ6n0=-( z_Js1!LxR!{v@bxaoB%uiGu9_joBJ?y@U|-ky`f2a|Gr&jz6kXrsKfSw1n1u$*ON4U zB`;|{4P&v87hW!^pX9i9z{023skqdNsnwZxgdx3`BFoNC6O*@7DWZ#K+T1YR7%S(v zo$VT1kZ1`BU^2nr!tfv03!QzrA*~}mvNc@!cE|(sacyb4qmo@oP?XfWGaC?8jVO46 zu9Vfq7|8l-s~CGc)-ZA1k(IK$(`_{>zIynqn7lDRXA8}N z)|$N({UtD;a~VyePbMx4K-2PN*X8#L4c3VPoZ^lVSM`8LGw-S;qqPrM=1O6nc1Pl- zMF;Z(GJMzO8Zh@DN@7c32O*Lo6QJ>{VPXlY$>os;CMAaL5IK~hkZc=o1%0wVK!7?< zOzGTo$gEv>Tuz>Sj!|pxiAf(nvzFLo1zlpHp#!_z2SDV|4(iB2k!t_fsdx`^2Q#YS zHT*>;1bsjpEh&KfOvlmAPu9IDSXh{#d&{;tfdWV*L}W?EM(eLp=*fXIMiglpKliNF zXvXXYy7B4A5YU$xNs`J5d3-+({0TXL8s|1hJVw(Ye5?extT?kj-l#sCNu9D^S;JVJ zRk%FEbIg9W__L@RISFA5T3-Ac_l9me1inJMjOr#=10iUVPEfzjaPboprfla-mv-(O zFAW3vbi;AGS>935<+IQ4-W+_hypZ`V?`FMWvmqTZQQXN)A)OKKnlLUy!=hDO?90lQ z+=d5kj-Djs*`NI;zbRGs;cDR&WZc!7Yd`%oUk;^INX)uFW1JtP7$;s1NFUg{ISv_ekfsCyFY?I`2gCkBi<3!z)Jt z_3UQ>*m^sZZf9_38q>pr44`8GJz3czfSLN%T0t}P*Ims&`2Lac9PEB8Q4&fYg++w&izy5MSU3SKCI1fDIez6`ot z3*DF@h`1z357`vP+=n(Mp-0-{EAj$ynbPe@Js=f6B#Ms4OhEpmL;-Bq{q>cEVd+t* ztf#%^=%?VcMFmgEtMRk)Z1MZLn6%=qLY>=)aKLZv<9-#IFHM85*m z%>_i=spRB$>*t>sKoDUi0BMcLa(aI|6>{qGOr7A(gZUXLX+&q14Lk)j;F;vxS4pSt z{b%HA|9Q=Sj0HGZbLCiaFIEsXP@=uw42+WKmZj!#*+E01rN}ZG zCG4D%-)Ccyi&6DD3ScGC@@~r?r;QL2Ukl4A4Q1eZ^euctCRPqFnv;%7^28TnHNoh5 zJR@1}ydQc51Vv5FOUHAcPhA}q-$o=OJ*V=4s&+ECj(_iH78|-pEdSBKs%yGeE$H-y z20dMVJ;w*^&in|(mkRSmj#4Z6UD1Sg2vAQ~@<371wL@b7kgS0li_iEIb#ADD2dZ#q zAd72Fm!!Z$^`3?B^Tlz}#Nr{;o9+tu1f5CXfkS%7>jsD%fA;V}*ZHRs7szgaX885F21{225!!-4FkkE^G8Znn z3@%4N)S~@)mxc{Y+pCKp;})u)ZpvuO zv0TB4~oQ}O@@ z8$?b0Z>tG)H3}#;WIR5pX&PRB$xRIxWR%pqh3kRsLdO1o2Cd8fs+GUmZyyo|T-B;t)Xkd%l21og+BFh4 zZQJt`q{oDwIES#kFQ#C7c~?m39~?3Y5&P|qL0bJ=Nso`byGO^thDFpRjUFll1*tHINJEcj-?vMU7_-v_No^g>uD; z8kP(o6L~&cs)d>y<^&LUP6cHd78=?uV~ybitd^N<_!9;Jc0!XW<4WYRCOB%ji3KhBcB`Kdg$ov{Hdkhh$!iPj4*M z*_zk%$AbFFk1Is;N}6q?Z;3}&5E`bv31}lB2A7w*#cCooF@zJ9%*nSVaIsI;bx`tM zccq8k4dV1?vSzhv-c|1(Ll*#s*NS;7Xchp+xN0!lr+(`4V^Y@ z!|nNej$d)2xH4L~6{ROSfklLC<@vScFG~AhbC;1_R=r_rh7Tb>IX(a~eWnxWU)42+ zkr&`EkyhL_l=-vT=x4N$5uTsUz_AmHT-r z!tT7o>RN+_6}=C|&H+<$7Nf+VId4!RavfAAYqQB9QXDxL-8zAL1gf-eG?SGh;~Lio ziSm+{l599!3muTb0?YM)j2?BUm?yZh3`j;!@g^J}z@?@R-0_v`Lpv(MCRT(tGj*ve ze(!2Tj-bq)A?1M}a<(|z=O-q|(QqrnYxFZoTe!mY_2EROmZ_~l<&l@BHR^&u?a}?q z)4&vo{My3ag8~*xm{tttCGMrpt90jm1zFIuyr*6I8G-RL+_g}QC_ znneTr3?pyN>HA&(Q?53G78!v(#SM_e|EV4VDuJB7R|k#x8*k9I+t-i{#-av57-m0B z7Njn(;M z8`!^jUtb8?^VOrJf9;g7Z_-Gic(sGqzR6U1(F6*Y)WFv4!l;A=esVW|9At82Hg3ur z&@T)uescMFZ~%%c(@r|CLJTMC5C1%7zAH9%HZohbY?1j5{E_)Wm$@Xf zZR^&rU*Po(_}c#M_U+$%vwio@ojbnWvwP1T+1;|Ta(fl_$?e_0S5|hP(!Tu%4k{`t z?vYnMq;&9*!a>D@Ur(}S8~DsO+jni>zU!cztlYu>=GT`$W%hr&ZE)wkZCj4XY~8zuETnuEEjq;P*1$ z?BA|%^z?-t2b_N1c`WRp(XVMQzty~0)vS2EkE3OL>+bzsyOop=9acGhLR;tLDHBsO z^D}49UHZY=#`dz^l^ZvmU0mJVJ$!Hb`3D3B1&2pOMj@hOVjnzAc$E0~Nm6>o@0nTH zXW2Qg3JQx}7ni&#t*)uX*Ad>;H?*|2wRd#B@9OR!7#tcN`7}zKoSL4Qotyu>u*hBI zt*!F~!i~+Z?b;%fElog^dOtG8kt&;GyuT4!$WjSuMR z70CPtko(7Lj3V-R^T2MPXicieo+h1r@H;Pmxv_VH_YQ!1VYYnldGQ9o^48&O-WME8 z{b|->USzoU1vEqv$6*1tbX$lsn30zykeM}C$LCW~<3bkEKI_D~A` z_AFe(C2y1kKA69q2xuHI|MgxR|NcC^d-;V>Ml1w>OuE$9bEH`AAK%#+$i-VrMhZmN z4cSdcn!A5t{(YEW{&}|lOZ)8&FdO85F&hYt|BfN~KW%LPpL`Jl zSi0dF%3N{Pp*gG)ln^_mqxgU8)SY|m{y!bR^Z!-eT3&($n1#QFmT&&IPO<+WqWW)} ztN%Mr^v@XY@3Z*dMYI1uh*cJrN-i?Tp+dQ@0XF&{2G~B2()E(-uTDBr!7(wt|0wP+ zxb2kob&V1Jk0bfdqX%z00n_mujFtbgO8onTiZ!!7d=M-<<{|(1@+oOH*8fRY&N&&L z_#fVv)qnR|v@hp>*(&!xSY509=Ps^2bY9iy=)5Au3Nc(=Z{drn1}wiHg9TixJB_-P|Vbm^&|R#Dg1By zmRqc2mIccBdn0$GyW|L35k{f@@Em({xCATyBGbfZ4pSREP2H2Mb+s|`cX8phZ`QtU z(%v+7P$TMVJ+10IG}gmNK#oi@jN7329|)*pgLuY`R*k*HQT??S#+R{O`PZCb6(*}_ z#9axKj~*TSQ^UatdJO5qNx>~Qz48?1w^*GSs(o>(_hw>iLuRWtJs4`apKwi@j)RoD^Q59Ev6OgV`&{2d>EvFN+e%O@x zP4IQrfcSbh^K%WMr>{4i?i#fskrmNVe>}SVF6DMg*5xrj_p7r%e}4ev)3+$Lx6nK5 z%hcUfV$3bw2Mc?;$qbL;o0pxekz6i?{~VBP9*>T@SdC#tWv%MbM5XN2pVOj1$woEP z9H4@bUu0sd%3KcmQm?W9oCuj-6rI{Xm$qi9xV>V~Jgdsf^LTP{l?wKGnnn&*QLIaOG$HgM~hS_G;7D-79Ob-e(olsR6nhq(@hZGn9f~M za~GzD2!YbPu{UwxsK}_AoqE`;%xn&xL#Sn{N5fr*kN20GN{j?I9w4&);D{p`w$im= zdTHk6cW)3UZk}oh-FrSX)X4{40#ctJGP$QM)WY8c@mJ%YRBAQmNY4zPCAK>g0Gpbn zY7`5DOT|@1Cj-GUr5T6v~9dFA4}igj5C*%n<34yy0j=%|JGQo#cg86MC4s$TA7-Yyq`f zXP{)d=M~J!*}&BEytfUl!?Q6OSDBeJ&M0(F_k$9<$uV_oZ{~`#DfiL+kzYJ3@vobD zMie}36&SV+b_IY&OQmup8!N=F=)0QOE-%_I=d8Jy&Zi(D#Y=w)Qudh3g_TjIILEwI z(>zCkFQdN9KQ-|ElN-NBrd@Iw(TjjoN$TL5EUavhd^fehMpU*sv^h!AMfbe;BIB!w zl~TQ_Mq875xjV`u)MT9oN$oLja?eNQF6SUoem!(o1Qw9M95Clp#6X+LDLz`l6s~S( zp4tdekED=%fiUozP@6aD-{|+wogTqbjR{%pAfIB>c}S{QcS>V)&N4lTtIK?%v7Z<@ zC9i198SiWjDU9~#){bg(cRr_<`gD{Iv}$BgW=h%gIrD5@=myGT1*IUiAqcBDE7n}+ zit;Q-XbN%Zq-wY)Rn_FK4OQ%U+XZ+^je{`>ocGH*xRYGGpu;|n>LY56Ldjuls=SBm z&J}odAxchF&PitOl))S4=&N1QA+L|($SK1l@-DIA6mDx}#%r%77Y?IZc>nB))NwOt zc2q}qzY&2V$ime0K=9qM&Wf|pJ*eZt`@D7^Lk=btw)W1ncQ2hjURP8QlN=NoWS)&D z)*sF>gC5VshNGLjj(2v#pEz)&&}5~Cy$`fopAF$$ZQ6NEU!w)RvDde`)h1<{` zJt;PA4OXh79>YB&{5bCQw2@%65lq&F1>^ADXGDE-PgVw9F-R}&JVsA?EZVqPx&WF{RxGS0uEtbSDMBvTC12#-$iJ1oK=*`h)Zl^MqmxxlA_Z|V1WNuKwcrzC^_C;$*yh=7cw z3hD?VD5KPTT#pEUaxUOe#2O)MdrkTmnVVV8{(-)XIz?#iigBoj*;2b@#K|p-WWr%d z-_jf^n~KI3OM5DO)n;JlSR!U4qoHV!=>76D^)6wvBmdTLX|-4U>%}wTOn3vep5#5a zrNY|3c?t$Hdazsi9v$9CoeNV_K6tc2SQRjCX9S-l8O7lAEdPF2Lqcc{oesnkxqJYvFdi9@gV zeHyntZ!6^wZv;22ruE$Eb7OL{10jKKXo3mT%KlNUn{-rtE*rHLhlrn*9)EL->ysSj z7ZjsZRZIzpH%|+RAUM?`6wpy-44!#6^Av#0q}dcHW)wsdE^&_xv=%OTpvv^go1d3M z3$lT6jSE5I6+2Tb&WBVOV62*on#*cVRpuX`2{~^Z&t$L}->XJA+sAu!EM2Rwy1zOe zx8zL@tV^{HI?50r3_0vqBhEEMA`wp@67m+QnW5jMTKgwtBMfGN3%#e`XZ?%15!Y|- z0oS9ALh1uucpz)*@ebBS1Bc;@B@vRNr!(KHZ z+nL;0A0qF4uIw!3#6@zf^#*B?4b1^0W99zb z;>2l!d%n+r%MQFK`29#4OJv0&A;tl~u2D#0*@sL~l|1B}en1qnq|(Ca6|L)T&EoKB z%ks3=U#h)NZ5Y`}D?H~m+zH4s@y#t|*1jIXfmXpP)D~VDR8yDNh*LWMo(_t))(7S` z&=by9iBp!^ZNsq0!eE!!it4)IypBnKZzf}`c1w}D9k3t9pnYku}m+U7L&0izC3s zn2aK7_fA*qyW?AgPYT7~bDAnEd=dW3!(3`4e0zV-@EuAc1q)~RZIJlPMvqvH4`H9@Yy9h4Q0{i*bj4s?VLD_z zsjP9%Pin{>*$LF1Rgf2g;1+VeuSSKjXI0KbIz+zqC(-Ec1*w*ezGD?UV1_a0jvkP)T z2}@kawHVlkB}V!pHPrv$*k$IjN#_-MUa%V9ni; zug}Mpxh=Y!X7dbS23eP}k~tSZM|F7s|l5k+99~IuW z4Dc9;c%3V`!t}P4&z7?1HcGa6Bo&p0-&!!^H}l+MU@3m`CSw)mVJGopi9#1x80U z(MkLjEbLrwTdafFJi}wr1>xlWzK>y|yqgjVVmn7RK{N<##_i8mfBA@Xng>BJ7`3<= zFlwc}4XJQL39Djtz=U}?8tpz?t!Vy=dqRr(Lhises*<9$pvfg8z$GPclXEAZVC@p z#J{(;scY`VRnM5rb$&OrZf|*NG&i^_{+G99<^qJN6|?P}_i!q$RweWK=Jk$#(`Cf& zkFdW+5A+{pLGX`zN`#^Y?Kr2r-*;Slh$t1vo!>ip&Deww4z2Rp?a z%N}Z-^#;n{8_x_mhaZyU75h%UxMY{nW`^?lY?xh`#6(axc%MO;}^f_!2 z>13eQDb6q^M*G2v*04ccZB!Nkb?28(o})HZn}d^DP&{3Mw?-t1t#NKbGp046>f@Y9 zYb3UXs!cO6D>DfzztiZ9h@WFfS>IV2CCw7$rc02XlMq(&vym%V<96SX?#C#@%0JfV zB{zy1u`B4P+BLY+XOt!(Z~F4EiNr+~z25J}ur=!Z8r}qgnZu0|7EOoXcK1$~$!XhR zTlTT*y{&9AL>EJ>{TXH}>%m~_fI&tG%La?ME*T+zG*@^ByVRY#37jheVbrQL>`mc) zHA!w%oI%Cp=(?etT|lL=4byLxjeVa@Zk#h%oTPX7m~qgLiI(uGPZ6q3#vTox+w*PQ z3(|)tGqVvfPseZ7F&ar8(2(EJ0ngS|bUX2mPndM(A?4O{h?LrQOm2#%v+$N0}?{8>LfBR&Br8U%8-_R#%D>5S%Ft ztd8xt)~o6@h+-f~=aIV!>{h31k`i4rNZ`~{%4ETUSIva2)4PxwG1E)&=GIpG2-)N* zsP5&4hgsaN+1fn+6@AaU>{ULfuXyvVVE3s6X%m1^L-|<+@$lkLESDhmjN1?b9g{-@ zBHq{zn06~#K47R8q-Y4{SOtCj)BHQBm$QlO?uVlY)YYb~E*1!5*2FDaB(F0oc(er;`Ft@}q52pN}_u+VOC-Ynz80?rBAY%fNaU zseR9;`Ll|EFnqReMvp&Fv5qy?h=NbPTIvAm$}Uwn+lfYRWf8>sUC2qTA!0`eCBZpJ z6GQP^9YVmy=%ip7Fce-0kbpZiL6qU(fgm?rY$`-(bH<9)9h?<7o_w#V(J zFSx`yJV(&xs$%%MhuF92TkD4X(`}%+!KLgCRPc2{{KxaVb$fx#vb;hN$^_5pO$HM= z{^Gd(3&^#8m&;Qb6#AS^-}|0!N@Em@8C5OzoMJv6SLly~C^!}iBWpd?2D*yMGfV;1 z_&EH$1e#5lqZ6dtf0TEARn4|=DjNO#ONcUIcoUVa6>@Bh`QzKtvUo<%P(ChNWZ#dJ zeG^^!AuzJS>cg;oCd|q&&7UqlMOp1ft+bsHF?aR<*V~$~+Ig+~UV>NcZw`xqOjp*GQPwBTo_4TaB=!k_M zaFViJ2V+0fzy7>Rl~%xUnhAwKb3XhASTFK0>d~$3PSFDwI4ciTFY(~zp@#msE~$2k zE@mmN@GKDZSe_cMpVkkbWVTwmwyEnRIu1sjHywNXc}eRRyZTID=(w?wn94KN2zZ7L z`F%wPcls^27i`Wn2S01jZ=u(kCbI)H-o?J;-@0Gjc zPZ?F;AI7mWI5! z`S(K7fy!4z7)m>OYN-Xn$+Ir}{6&WIWCIo_$)alWAGjNeYk80%um=?rhg#v@Bp)Cd zc+i&A6+f<#m4i^~(qaER-p!oL9`>G*m>$e*#w^sBU1qw~5|z}_z_rPk^wzkV;lowR zht1iP5=KV$)Ad_n8`&rr*?fE>M5FD7kbX0Vw$zLmSH@n>VR-fo7UcM+k%<*YlEC~TtR5MswzBab-7pe*s;C?H=$hc8gaoyyV&=S+$WUSH` znZrcO35MD5;pI@3%j>!eie!X#dcR(nm>Cz$hBvKNf7IxSO;P+H{(%b@A61thTu;FC z)<3eWdyDQ3%C76w5bw$ke8j{8ATggPm0*`;WZ~p_*Ai zzIKX57|E?NB;~qm7er2~3ylt$`aybz>pa3oKOn}>$EVr}(61z!b%J5BuXC)D$aWf<20e>m~}JS3VKmc|I2C-*ToJIn;oDiT#ZV z^co8PcvX+nh;Cv2i8?T7nwv0Qw59=-B9SZ4EjlCT%ZXA!+c`r<2nYcCvcT4{3pCS2bIWfDIPWn=HM;hES_ z7CEwP**@+W`;XK>_uEO!lVOJKdEa@Tl1?#MrMz1kKRRBcKEl8wb$CA+z$rliFgeoV>JMh+ca=M+)TpUS}rN z>$^Ra>3Jn}Q>nqlyZhrta^ozRzL7Gh0(2`J3B)*Fg2I`T2(s9}Np-TfZAA|0_OWP~ zc(PQ^)iHIlBG2#9<+}H!<*s*GWjd@^eSLKzh%Sb>fB}?S>_^6GsFq;JCu*N-72x& zmou9|nD(8lu`>8`_F4VJ>)bbo>f^h=$fT_sdv&UaKl~9NY#oty;l^)_c2t}fs1t4T z$Y- zJdg1WZ+w-WMfyo{2=386NVF~r6lA%KY!CmJ9Lt!S z>;zb2_+V*!hXu!l;-;%pLR$|NFpi{${#0H>2Fw(3!ZIFjO3;xKH*K4w7s>KhJ+In$ z-nlj*VkrI0kc$nBX>3ldCv%5NpZeA#lkrYGur(hUE;0I z7Nn`1@o}6=BN(#zBcDt)ck7hQ{ATmClU+iUxjAGS81YU3>0!3udl=D`Z0P!rZ*d}g zZppam`b;`RP&V63qf7@pA?_>>^3mX|59Zj?^id_*17I=rR z*p4Wn3|@E&nr}lza}9B_pYghp=?3|XHQa9?p$kd&m~SJ?FY=||Ww5Y0UVWvDdm26b z(mZG3d@NjQfnU4&06Bc_A=LamQ`hMfvfydzW|B_1+}0%BZb%>|VY9a#zOB9RGwD09 zDvX*skFQU6@pqebcJZ#H@W5~v@3?2_lhndVO#zN%*JqkD`{ju;gkOMM?MOc+XL88d z!$xpRH|np9?q9j`b(rq2U;2gxv$TSYOz!lNI=w2HnTd>G;a%oLR2nB_$~Zc%W3#g9 z=gE{{xG+PAu_uWvtOCTV_1ZX~)hnx93OL>Tj#qYn8SX~O+J$8}%qPyCl|K?;_8mKFV z7NdKmZ@$RdV{~#|e%lm00z%wpE#AQO z=IZQD3l2~FF*Zjsq+LEbb%Ut=3!7V2tp+t@#io~ky+?C5xs0ow@Z2y z)f;R3ln5wxb{Swx7xUz~HoXQ8oeK3tSN{p_HX-$dkk6MCXYVUFh47j)|H>$3#~~iMpyV#%c{rx+h@5iN#oi;>iux&cMNbNp??PN^)2J~_M!FVyEvR&M=!aYz z2+ec}3DWbWA7e8lEBui0wI(Y|ZTp(4C&{)UyIabE2d?ZBzxg!^mFPNN zdk}%TC7E4v&-~$eal7GT7pSaQzBD>jG@sh9!Dwxi+(}ve>XgeS47Unf+du*>!RmCd z(E?z6>0hi%>na(Syz~_r%ttZsB!M6b$G|m#3UY0ZpuOT;e`i~omlw^0GT*rep>UDp z&uGkrk4p_jK&1_Rt2e=I{)Yx_Y0CjL*Lm9aFY8NJjW8|obC+^vW1^It+H8FKuVb!0 zVK$s0e?m`dh_!qUM&1r%{K9+I?z{?etnu<6%CA_QrOi3=j<>^hJ%2R5o4%17wO?QMEB z8l7QF>c@YJ6v-~d=(CTFQRZwYciw2O{L$9ktw&%yWNBlRc<6fZ z$+Hl9Bu*Nju5qwr;Hf_Ug?Qld#(j#L<^-gTPLa)4=w4|j`1mnu;^}8A3wT;C(v@^7 z4;|G=PE}Xr%qL3sNop<)EJuh~X7({AC(Boyfm0K40pwsH9?4$Sudo!lCV^Vff`zVuz^`=OWwd#;sV|5CJ!Gb*buw; z?Kl_ii8M*mB+Jo3S-}JFL)oKitpzW~8WDyfJa#HSF?Q!uygp#OaIWI9ml5%Kft6a1 ztX)Ku1~cz&CIg;Tx9(st;x-VvCi>(u*RiN{KhTrirD`zjK{Jtb?wl9q`Q5o#x?mTI zor#{mHpzcby8J3m7aW_RXgA&)=ig7v{2LMephCIwm%Fq$&EwB;=8Wa!GvSj|1-T zEXc9*xs7isXHp^TjsfGC5NY?2{*4L5ebe|`^Vb_b`i3NTSx`!*-{qV!P!;vJRLs6- zuIRcLJj|OfsoAZYo6fykGglp3wgz_)u}N%$UR%s{;m99><9b<^KP^}tN}6`$O-rcl zBiXamUrL$nc;By~RG`=oU(>fPpXji?*37JIiXIaXo#yLJ-9xD-kNZ1U^4jy|k&x*! z&ye^K2YWmoZZz(k_A-k>UU;5XT@8GON11sGS+;9ZH-ArWk)+1v9cD8x2bI;g7!`7?HS+l2fPI~{GmNTfY~EcaAi$(5V;_-*ucLib->*^7)kU*o zBRrk7+=za&1=Tqz4=vAlWl}_?8bUsnKHCiYqokkIh0+)BtU`qG96=jefwbR2D+lv1 z%{1J2@y2-IYFC_E$J|&ym7gG)feAd}6nw}6MsAc5MA8`0hlgUX5g!eonQL^W&l}-- zn4D9yrjEaob`Ig=Qf%fgKJ7(lXGb1H9I)NqijH-2Cf2J;W`kE0qbi3sTq+X`0}fcA z49*m@Sy8Op6=;VK8dC&u7n6V59lbm>HUc03mq^2a>qJ0i5r1gu;=83r`+S>@+*3S)w$)>#r+(%>1&DE zS9b!J<=vReF75xRE=)?WAn<=~NVM-m9ScH)>$x^KK8=hb8kr3{r=x3aHPMkCXO+rP z@1s`HEx*^1;KuKVOks{U@jOV z3>I={F^KMRCZY!0yl=s3`+!(=(mNQwBR+Nbj9x%h>fz!?hoW%ZHF`-*gCT!Ec$1g^ z8_`j*{%~Z4qszOG>)T0#m4!_WA@F^{W)!V{fWa|1pXm%zJRWqSB+p{oo9G)h999P= z%pkvjszpPRX;^d!J}o;tJCxXaeh$PimM10oOPg!EkhYmZsLgPM#v!De5D^ovoJ71- z8VwhDN)>SW1pp4_UNKFm$AsII1M`KQtsI6k*ke?E@{={-0PZ6tRa$O;fZ$SDbk^5} zQ8&Fz4p;@L4>E!v8e)xa6Z%e~ADNk(kyQG92b2~a%@)z8U*|25o3#3k?KIIus@JL% zFa^1`W2US*JrEi!M)F5r{402MJWh(TqBM5#Ajv(eg3yhU*}3c9EFlzN&bDR*Ux_DA zpws%qrv0xuy{*taK?IO-`;cEqYYnR>E!plaLw`1%a|kIx4a)k4odSV0@ zp@^%EJ@I*zJfBiI>q3`SJCq4rS7IL(aOPV#3CTc)s9`|N2p5?-XtS&$lBLO-p@Doh z$ciS1F7kAtp9qtHkjRCB z2G)}qwm$u)-d4jQ_V!KNTyk36rqeQW=TfkUP5g%E>_*6Q$#aVf6+VWk!22v^M3>6T z3hz6d==834=CNO{`exjDT3Xs~({FNzxjbS!1;SM;IquA`Q83?}s{aD_>1FzWTT?Au zTN+by$!H^4%3mayH-_%bj2`X9d=dlLmj8`f%=w`?!6C41F`B~Y0Q<92*wLbbsyNWPbv&xBf?Doge+?iMIeW)Q9Fc)%N$bXWWKyR z{j-$@VX%Nqth%pZ%%XcnjcWOi_4JhXQ0sGH`-L&+iq^}VI3Rc2@hB!{2CKH)&;5S=-R$lhYNDlM#Al8s=MY4u?>!l%9Y$; zafK~SM3xaj&{MYq1^Y*(AM;G#$#_hX{(1*KySBp7gOJ)Sy5`+)lC{V*32v;boCWD{ zma9httaM@NRvlN8;=5{*LN>$_LK$QR{RaOmx`M3{vbl_GpVq<4LUsx@Jd!VQaF1%= zn8MD*o6#M4S|sS{O!6?YOn?a8@Msk2tJ)5egB5_~;XC2Z343Q}%mweN_cg5zi&3lYo_9Cm3MDkQRFPKUhK20CBlhHGwBHDc zb!clq^Wzgo;nSC@{cn8f~Q zWVgMVb^rY9M~=q9xb6x<=;8=h@Cd2>T1x#Q6IzR}an~G}Y^)m8bmq}mbsKl}@?#49 zE6JUCTdFwo%^-tdrQAo;%5{9Vy3A56%nCY;o^a4aPY(sOqIV#V2Gd;1Hx(+2zfGO> zO}Ddn=TGNdep?e0OeZJ9$BV>$YmzH-f&xS6$Aak-xg9>=aS#szHVCJdJo*9o>Y*rB z3VA#i4$5sSB7gRsg3yk|dB+}FQFiR}t?!2!xJG#9*zo3@;ZqyVA$YJheSoeKJ59;O zPVrbHwA!>%=?Z+5HSJxtTTB)INCmx#erlx=jqXf_NeHhiX6h>DJU>*M7`HH&yHs@z zCF{1U)vlgsKFm1$&UN z^GsX$wE503ExkSfVlZ1B1>vavMFAS;xT>?7zengm(neZx+f!e}hgN7mt*m6xB6<3i z7WGQjsn${*IxJ#yFK%y<{8J>PH2P}i1+H3UUbVM=>gabw%$+>1B)T(cmGBknR)KzK zwLgCA{14Jjx7xDgUP3JhPU8HftJQU2Q+MKg2;hd?_7SNp*Ar`v8O>QBcmY}}2R*8E zFx}V~&AeHp9_UF~tMa1p(4Kkwqx*x%)#wBd$}&F;8h@XDtv*l+t*OoR?4jd<2a-iH zBXb%(H4--0eDpaTfKGbS^0Z0)VNGv&`}BU##~x-3d8)Cl0W&w0IaxVyN$5BU*$Z;` zW-1mTzHbcZW#HO@hY`jwx6y28l>de+%z6_2P<=lqv`Fb?;ewU*%<0-+x=aTLVoot* ze0hh7WTBk%di{}xyU!ubj^6|lHak;IDGaM|(G5(yE0^9IzWe>~V#QbNRy>o)G#biJ z8CUKfu@lC>YW9`O%hXP)@C~uQJbb9Gnpz))6O?`YnN#kg(YO8{X}Ko~L3@Z*ZhW2N zkb*cSnG=CbA+r%|+78L>oJ`GlErhf*=+8Ecqg$*#j?v#&0|QrRLte6iHu1p5mSoYs zIP=lw#@IB`sc-?1@v%7L4h9`e#}JCQP5<Y2nO)w^^MU zh|rMzY;}Z~ZvSrXg$LlGhM&duj5WHPJxp5Z8CrW(G#PK`GGbD3YjK1+xJEW!4&Qi6 zf<9}!y@7!JKkU5;RMY3SH%td>D6wjexAMeZ|~o4V*p??70Y^CwPoG+C9zY{7V4bsY#CMjJq*j_SjZaa z>Mv_}o-6G7Det0}E|lmzm2pp~k)rBZ8LXI$vcEfg#Bn!oG7f|>WH>?r5wX+L2-{&41A6l4)Yz!RctG`4-VhpSt zB#?PcpQtuD0Q^g+(elW9I17Z(bKc@9cN=>*WfsU*fkq&uT?1Ew>PZ!quJAwBpfG$0 zN#A)Xt?ii*Gx8$p+**-e!^6Hhb{B)4-k#97pmDl83zrtxokgs*r582Y*XhE*W#%yI z3Ch~Q_>9cI|5{ptA?KzOQ1&N}*rlX;KA!8CON?uv6p?p7Yh26L@j*WvG!3?h7GkgA zQ0|zQs{Dw2UNAnqF&oDS2OiyF1}dwHQO%8KlWtgz%zs?m%#8*rlD!3|LxvoM&ZU*v zVb5xpa1u9l0RL%l=iR3dBGD$@7_3RR8CtWimI`Z{QUWi~z1o`l-XKIaq0NrWlV%6R z9l5rvnDvU}2)d+G5;>=%Lw5~>`}&=6znuHA^aQ){(W?BR)(Nee?At(2diI=n`1Dd6|goz^ki!v1F?J zfhOkA6S*Lgg8e$CbY_z+*9umX!?e-tM@zl~A4DmU&0cwtHl^5Ab7+SyoP6hD?YlAb zBY{dn;*@xCSo2oJi~>ZT_ivN4*{l0G-?^6%@>$26f2J3!*^DL3TJ11ld>43GBR@1^iEtB_`}w$%wT27Y0zZf+n0Z#fd7*ep0qD0OJxoFFVn9)bw10>T5-5=b9cnJ_{I zw90;gZsYWMPsgHx@r*9n#;*Q`r_-0xNjABu)P!#R&&e)LU=8Bm;IJ*ZTUB@;yxwcQ zsOT>Tqb>Fd>|K1hWGeA7BbO5*dDTNjKXX~gU|A}>)1J%c@82a$vo}3#5INsq;J_EQ ziv=R0HLLC8sczjS(KG9X6d}f{Cnoa(7xp#QVxloTW|^_7P~oQAIu}oCE$IAgtY<@W zN1a27%tCBFN?$nr?TiV4EZs z{Em6$aB}vNS6zQC9fTs=zaAQ6Ujx@OKJu5Oiw{_vKpOFJOG{HjS;wTeI)qc&AaP8$lj28w9(g%@q(s4l zZke%B`y!HuQj05fONe>!RX`~Ng8SpqDy)6>=cD!OzZ|VM4W33J+Ij38Wi3xT+^2DR zo^7Zz(SK;KC8DRi?+X3R=|!y5y|y3VN!# zgGL7h&Uc!ObuLoWP?uCI^f=dbpvzb|0#nD^Jqo)rK{&upYM2)SBT~4W6XOoZr=)4M z(@iKwGZ(H{SolQ!1&MX5_#8m%E@=AL`!v)8z*`9=p1_A3MRm!WcKnKP7(X$AG5p%Gn){CRDZ$(!iKR}&N zDrbH{V=E4$p$#qrHzl))u_Ahc1oUY?2CBz|%bI{%-l)^=tn5HHDKq5_ zXc0YoX1phTyy=PT`=Rfy2#&R=Pm(t8AFOl4NnCkqNisk!YpSn#ZdG}A!(XmGtg5J6 zzv|V{yPIo`zd(^cs_AQls73d^#kzLrqdnkmWlNL&ui{K?yC_#&2WRLoe2nMEEhA+9 z3XbDTahUfCdJ&)=q+%VKuw<3@gjZI|I09*ylJiwjx;^#H0)ZM#lES&UePA)ZtG>nR(PorSMUzU2*>1m(`tw

(+8>+O|&+xT45BYD0aH#?3B7|%wTrDkklLmAgU5PiOqf8J-lYU#TEayId-C^fiBnd zbKjg-2J}aGcUhI3a;%9iGLjNwX~z6)9c^p^T3AR_;lsrt#0=n|RH2VkLL4Noe)BuO z=UJB2DK_8h8GuNsXJ2M|>L)?E*PEhC?q--qZ)TiprM2V>gP~(lqltvy?|UETykNgg zYIndQyI!)Kd?Rb;Lf;-*c#-43B@|ueb(_JCx6U$k{;*fa@zL0y!g)PemKbXOpu#4X zkBXko6-1NHg*Rn~q3W1LONBJ;R7efTQWIb6ZF<=Wm4mCK1ES4{)Lx}ypW@g=?E=W5 z6UXkk+sWyjo|{-jYM)^oW5#L`KYa20p8i@(Wk6*_I6(8Ssc&m1xh%^hyW;|To!!}J z6HNQE(qu~8iwiJl_>G zFG41;Dnqr41-WW;hG0TX33-oy1WQeVP57PGKOO)p=+|~SQZ&tKiQHsFQGK~wk@(PH zYrMUUuWWNv;?`bQK~P1()7N( z;sbsW{}9ZpJ$P3IOsvaVoUhM8{)m68kU~$wLmig-Q6HC{K~4%4?zh9*K|jcYWQ3x zR63L3npORv{%P;UDN&nB!m|gNTUrb^Y-)`pF#LK6U2EH;Y-lxi2IixKpwP53pzYE=M0=0ikBVhbTi&| z40X>gHGTGwn}cK`JW4PHTcgS9a(5(E_$we+<7$nc2s+kNlG@B6T_u-fi#*nn-3hjx z7k5g-n=|R@py4+q?ONSu05S?m2hjkpc&(njy=Bb(Y049+&HQpOpU01ST=hep2g zF=BGOLO3=H6BtP{TZkzy%r$KxSF)D31_9MEfg6Iu0DdeXW7>x9w-0 z4}jf=9w_A?l?lVlujQl;mLuQz8(uRBdMZehUUuaACrehkS7ivuP4+9=tf%GNuqHhz zKuN6AY*iSJ&O^_~Po^)pq)C)7P)2m_;AcJ<%3x`U;O#|RzVYO zdEZ4`ImCW>R|?|36wIZ~P<_n-?Cst=-Boq)b3}>IFQ(~4?aO4)NZ7sz96Cfy&iznz z(N__h>q)GA+IbJ9)Tf=W1vMCrFM)czHBhYDqdU3^LPvq-@jH`gzv8#4j!k3@7>2eG^+PZn6NGbQ`H-@DefX~3n~j`lv*WDFw;oUe5R%UQ2#8fRzVu;(%7>to;kbrgKufM|{%}IIS})t{3{sj>7#upFQy+e91GU)-)DLyyz+^YUAklLUem^yW4Kj z{oT^%!}Cg2#TDs{BMX;9-y3mQF)hu0+b#8IWy&?ypd+vnYUQF50|P)`U_AEd^VFRN z$BwgdIN|)M$-8V?-VV!cmOQm-_UnQqP^@!cvIaOJR;yY};Gq4(zr+rIPf&Yk0_f;7BBcUmZ7?b^OOkKYy zxDcSn3`HmcnL*gRqD6QOE~^~EsEBY;1Ow(8o+}MuJJ!oYcv-@_GGke?1LXw9Vf}hI zo%93a+?DueA-6+pXFS(r5)&;PZcDd{p2j!OFhb>1fB3yy{roC1{a4GtF{hmdE>dzr%PKY&| zT<1X7(OX{%x3q^Dzbd2q?d~>WXPj#;kgA*ZV@x6Hu}IF@fmPRbw`@;y6{gfDI0k2H z#+N5u;njbPrV1M|0eOU^np)lLJOx2~K5#W$@ebOs{GnjzY$}=fxZn|r{j%a1gCo}Q zg*-*ZkIR-8@CRF3t9x*?#pIuRrOp>RBxAuwAa;6tWSH5?u4hX@eVr}vUpz?pAj%21 zxAY-?x8l9~72Va(yv@bkIoW9I&k&8Zc0N;0Zd_ZAZdJ&*lav^!7`WCvV3bq_>K%R_ zC8@SY#jWKLA*^@~VZe{PSfi1yLhh;JP*BCb5z~HVcD*$!7O?8MHVX$> zvmm_=55f~bn!M`LmTb}D5S{4O>A!#RjBlW**Gx#M> zCnNBahc%J~7^H(>sERzRvWl-o7bPSTORk8|&IJn2Q%Ya%&yRg3Nd{YEs6-3MAUhGM zGGCtcO>HCdm)CEu8slz4xd1rI^H3LNV1h+2(r1GfAge)>5jlUj@9% z2UgRpO+zcC(bI!?A&J$mo3kF;~7C;5?vD7tU^e zFXQg02GXkbB%$Avec4;eNeh&s0Rt4UGgXF16}-Bg>(Wy5MNzL5(c4;4v{SeEsIHDJ z-&xaugUFxZO^HW!19{E&9d^#2c+pnkg)%BEEb+o{mjG&GEFToSTz^KIlUq*c8}2y1 z8l|y2Up}+iN0xfu3+lDy>IR6rWt1Z-Kra)(`B%$l%XaZy1`InlC$?3xESq3C>*I*2 zjF@~}!+Z!ApxS*@S=^~U?{p9fdTXpL98^~$-O^Xk2PrOItq~*kVL|2Ee%}|pOKuC$ zEUXfp_ZyY|o3>N~sYyQ2y&Q+;k@z`X#<)m`PYfI^@lTHvZ<#yY(nw#l9jW&e z#Epfy72EJaByQrh0K6=42xod{8gB}g4=?b~Rh!0S@-H@hRoCbQ@(M8{L0Z)uwy4>t z=`m7N$5zG5)&BH?_^F=j_OW3B*mkphLnkEjH9$B28=PTFuK$oGEbRR5?u*r`Ol>{$ zp@@LvqVfDEkK(4?Jq(d~6iGN=56o3l$bQL(C|EEBCH4x*}MS34+H6aV8+6Q_E zF8~y{iCIhD& z4exbqcJ#CIriSGu%!BN6-yF{Sxw-GdGSguz9yJQYb30Hx9*}l z@P&P#R|A7a8@#D?D|+7ju%^fCd_6A!IUZ0qumkvXkQr)8wTNDi#z##QqVvyY1@z@=1nJxwpe@1It)GPjwK7fRBTo!qy(uijgK<_7WePtxG zq7+k@Za}{6nR8-bri9I7($*?+b;+Hr2_PfYSrVo7k`C5}Cz`Ej57zbSo(Q^u)Xzqm zA6%;DTE&9Y^0Lc$1sJrnMK&qgnH9ecV7T#U9#U)mmA9K>%fL50-NB@k<4u^IcIecd zzPCILV!8G9C0HkP^7*zNwA#7ezKHcsI2M9&{-xW zcC7nJOTVjnNK3rIjcaQ9N?^)@Et&XnZ8e*6oBAxH7R^(BPk_FU(HK!shr3rP7qO|> zyPc@}XH)O$Uz;~Yrl3T#Izw7YE*ZBUCY@w&^eMXlblJ%z?J)H)Fi$JR;N-XEc)7VZlM(^c%GcSTAC^! znAmvLYM6P994$xFPX~w2tW%dl<^!@TmnOwJ3OZHBhH!o5h+`lOu*`D7ggzFWQkV&O z;=8v6=j-y1ne@^Qf&k5uNS~@7{`1L_vWA>VyO%hNu;h8`)~HF{Z1W9KptkTH^Qb(r z!*efx50A1;Qr+~kBs#AW&mf#R+EI5J(g`q--swheYG&`8EfQXpL<^5kk!ypGd1mAI z*=8{!nua|Ouw?t>06{i23!26{FidgTyOLBFKP6wj#4q3Uh!mMu0m~0pH#+0PAZp2_ zc4QanjWo&Jqk5{{u974fe-JKQpAaeSKsGJnKKqVk%7_+*Q;RX_Ng4D;d<+xh3%wF(h6 z5hG-v>s00A9*FL?ljSZMH%k47igpG!^V40MN;zWb{(OhgLPRWIWXpl$ja6>XU+cX$ zn{^)rKl~uo41d;X;QSuW=WKCqe*^#^pC5@f@C7}7@tD&uPqjVa2hZPC`*jhbi@yaL z1EtPE_eKeGeNBAgC&-utbK902mk!)WV=l@&JY7xpaNXDOBaBOlFGZHatiLi&{@s>D= z8SbOu1^e-$loSL5MfW1NRy2YFi!WFwtuZ|78~UIUdCba3|E$>Wa0kd1a}Mn)0{28b zx_rbPR5MB*7S@6>L7-4LCF&LYEyknm@J_(!k2; z8#{87@839@yl-$VS`v@A2x@!+%?SY!kh)S~OMdj64=^%KmT8n#0P?Wc;$#3)Ssabr zfwPyhZ&3HT*q`we-#cbmL{9*V<4;%D4K_A`ihf`$Q@?yHswAS&K1T-i%il%*cBxV; zI=1AkLApv-@5fD93Z;jRs6Eb%TRym1hjXjq)}vvxIWzRzYuS6cNOLyW1zbNj^oubY zq&_&}%+Hb_4=qw}P06@jME(Kt<0|JOne+skxmKFk4;s$a%NhYk71c%~S49UF=`gEA z>-=Dj)Nu{7TZS#f!`2Ax{*=#B%g$U^m=Zcr3dFG|0_m^@YPrgLgK|eaqvg?cUli!x zre2;L(3d2+bz9gfYNjtCZ^Rv$3j*p2`?0QMaorC+RAy0lc(|yw1WE)%RXG6+X*F&W zP;8mHCnND$Qbx&3&f;plxS;#i#-ugu3_ge3IK=(`0i>tD2xM2V=$wc(jg>g0Yf-24O zr`hQ{na4J*(N~M)=DAlEKqhPQd>QDDWW=p?|~Nfs!H7T*Kd z=|^y_tsD7HU`Iv2d+wFjndqzVV-JPmU`%8K(jkSgTIBzx|14G<68NJ##O;d4xMJFI zj1WbL=v*mpwI`$VOnFjar%cQ$q7<$Cvb?zXqTARbO5*ZtsEE&4*lKOVyFUX-oj zS5mm#Hu2|!Y;p8j)9(AMF}K&4h3bYLof6~;<$=@HX|F1WG;USFUncrs(Pj=D?Nk7K(eNsv z5u3)^4uIQ7HoO%u$s;h8(A*4N;Ra42m8_MNntK7i-`@C!O{TDvIaRBGBV6s2$9cM! zeAK*koQGX53QxPcG>@w)B+mD=G3O?YA9$d<=`6$FhH-}D279B0)lbV6Za+bUzMs2=j`2MYO_xEyz^FLVN2uSX(bZ=W(X!Y()Jy+pV}-D%>j{K;Zb0=C>wE#)NQDZpPR~ zro#1B>iy8*8G2SYu8o$@-z;JUlo<4nor{q`lq^~5*RS>71^ITqCHb}9(+6(40z}{q zjh||xf-qrToMZXZVPr;qtOH(<93M{pg6sUNrlv8Zu`Z<)P}wiB^0b*?HgV~=aYwuF z2?eaonfv)1bv?L9B4w>%u z1es)fqJ`RwFip(5AS!pb-#cl;!n3q_E2Tl5qUZ#{7dTNuV-r4p*}qe~iC~~|`*Jw8 zPg^7WFqeK8U3=}oN1H}IS^4r;p^|XF_rWea_DWBH?nyXdr{tJFh^Q<~tt}R=`Au=IBwm^6!pPnt^iADL zvB@9W`B4;E=r67%{2q*6UYdOQ;HKvxm4(OK7{6uWmBk}ZV~Z>g+SN2_IIW2eqo%5~ zGhhVd#*-?i=j~_yP$V_S&7Nr{208{^!vUcu94&;~3I_Bp^S;ir1wE3T7~Af{%4}zm z<%Zsi#@B6^Hk1a7Q}g|cTv4vQtqD3ALRGtBHSSqD;b%KOmWG;`4*IT z=49p%Uj6J8K%WOcir#lY`*ZFA;oxzjN3ljPNX^6!1|iGy?JVDRg`)~Srr$CTU;LJ= z|6OoGTN6adZV#o0q7*&P+jDyiKR`q!3JV_>+0XOm4*@yI{u)j?Of9i<(TgA30t!UB zt%Grw6Zb5FUZEI=sfRNOHT4TBqgX!VCmeL+RSl$aI$?<8K`TX>S6(sGZzV}Xlxp3 z**yxXas|Y`$!0?58QgwwxlSGh6LzT-aIaV7AMMW#`nTUR>c!6&t@wK>wy*Wl@2Y~q zZaf5Aauto#9r4zjnIR`>dUWCyLu3P!$S5{RuQR z8u-bZbQ#$jK~&3UYZ7vNHvZ$Q{uiz4y%3a$6~#iXqPgsU*G@Q}Tp>>(p956;t-EX6 z31IN?LdiJv-~Q9uqGQtQ;(z)J_v`GJzmk;PA4q>;mjHMFE8E$BwZt~@1&Gbufe;WY zYS9Lu`4Q*I&>!y z|Al1fvAtK z3IFluOyh26{F9wKC;x98vz%bV|AWI~?0jxv#V?jiLylm%5U!4k{C7fv z4pC(d$CIIdnXv!$sp|b$>RtDBD9~#A3jp@7gPjwH^5%8~7J$maUxCGckr$ZdZ#j3V z+Xx_c{|=8m(`1TK~6RU%j2V_x3+t|EX(G`PT6r|7z6Tf6D*QdSB#6lE~{e&Fpuz1MnkrrO!}xBW*4c6k-v6R zpi*mj>Et64GsLayw-aZEz)fOQ~0Ri{OSzC3l|JfX9Dj6Z=C*9 zIWd!cXZkSlT0M(XHKT+BIC$x?aAzJ{A=E2B9)F46LHQ`Eh#a3X-u~tLMv2a($cO+i ze?`JLTc!6#w)5}j1>3*hf$Dot79*1~Tk~i=?`~~!BK!{f(QYvGR<(``-Ac719Ks!b zV&^cW_8U3S1Zws4K)VS^hNq3(4zeoEim$G9<>en2Z+BAz8FQvL$Ex&Bn;r69WJuB$ zb+?Z-baXW_E8IGUE1eG)Gql2&sB3%gWa^Eu0l~we@U2=?QlFYQXI1 zpW-9X5r|uCrL3gI2DIJi?fF+X)Xo+EwGToG0?=~%q^1hNgTC044D_Qw2hZmhoib~QuJ?W`Az!dlY3Kw&U|9=PE?DzU`n1ub#4DQL_~bnc4O zH5)KBcRl*Du#;!YBBf>tO;bgmYG zUY+&O%ht*oFIgS@6Elo%*v^TDSKg%d%G!skM@dBAN{MTk@XFI?E}1lbYY>711Jteg zL2X{DmZU9TJ(By|yl9oQhe?)*#Y*&Yi0x^x)ua_qZ*r2 z0yPz@=b>(PKbC4i>9;+!Y9j0XIMR0XPFFQE3(D) z$OHeansZEci219SII$xH=xYY?>RAKf;g-tE0wDBN3l#rMo8$`**&lHxIqzdZH{2|L zekmY*!YE%qJ@-P7sa+}%DTF9#L%8iK#&i2K57-|vHz*9I+noF@M_&lXzLyEvuVfLF z#3!*Dd-W-tz2b#al3iz+fnp%7nJveG4B@HsFk&bNEEqZ0>;BMjou@WCWbb2aRta?@xH~A@Wc~?B$ z@33-J!_}Z6*!Y!l9Fl2*OlSS%Pq$pd(Epx_Lnkgu<*sv;NU=2)M}p8_9^F= zwbp>*!hl3Tp`cv&P5ZOP-y*A8qN?sH+p0=ZD%Ohlp%9*~`=T{rY>^jC)NP>MQg2g5 z`YXI;R^!*=_lC7z5j<|s83Q9ff~`Mm@&+Rb_W><%CS$@adnNbUm@5yA%Q@@gS)KaB zkdM@Don1PWO=tsc{b-+y7rhSHkoH%6YR+#}?^j7W$BxJc(&q(!af&@1530~GL1;p0 zJZU0$YcNd%E)^a3TW@*7@~o%FZ>@^=E?0|_4)!}#w6`Y-*D3%Pz8QubbDdIy@m}yT z?adWm4keduU?0gSL8C)Lp-r9EHwHUf>8?DTIXAR+Tw*Z2zK{)#Ze6i=>^W7|AqZ+| z%AXgXL!&&0Aq!R!YO-!<#HY`0L9@BFVnB(v?QISeK{vhDi`1e!2=CxrCJ38x`-i}k ziO#O_`WK`wi?8^H!|NBs`#P<&+Pu!XE{xX^gm%v(Dr|qJDs&9_+(}jB1lRUdPTzXZ z@x{poc5}g0PI!)Mcy?iNpoZ*w-^k%i(wTzX1Bw+emNbCUM2IrH7W$#ev?j^hA1K3h z}zv%v6~+^|^w}X-%1P&``PHMxcfhI-!m3{DX)ec6)F{y6 z1q+Erg5b~iOCVuLS~t=QAN-T^f6L|8ufoC?J85&$f%Ch2Oy)(crBm=HKrLa#|Gl~G zGl#jQL9-vqKszXX4A7GCu<9f`owvb8UB`!jG}TS1#JeUzb;dgzF0_3~(O4h0sBFUw z0j)aUWY^{kgx?bh(*fIv`?IYqqDTk9;u@0)9iV6I1E-+IX?)^nk*pF~;y*7Fw>8+! zl1#g+R9DCQL$?l@_6;?&KMan_0v=&IXy1b_+yxzPrOD%VskU953Xux=z)=Mgv$#$n zVg!(UI>C;wT-rqk$}he`qgR8A-9`(5bAHLNlk}GA;iA2zk7EBi;hHBm>|*Mseip)u zk?5vy;H%k*@xGNahauTkD(nO*&fN8(bSVhqx;`|-g9*n2rLaYv%&cpX2ozO>}xA!oj>56@C^kO8L?04KL4XT3QYlMPys*iDRj!245h)@HE z1LBagJ#NJqN>>=F=aQK4U6I!`>X zEq5;ndb-}k;n7Knx??bj9HQM&>p*os@>=hcTCB=gcZEm%V;XCU*O!w8*_wd6Q3-_o z%HiY`b{jjnRQEQcq`h;(wwpuvY4g|zs>IE%(C^l;)QIeJMJRUG0*<}lL}+6q2#nPZ z&yHagr6-o~%XwV06hO72{_tAw!VYhWd zWu8C`wdS@cW|(bA zW-&p6D6H+Q6*D(A2H`pQgDq_s8lVW0+vp0ndBFvcgn|CkZOYF*730odACHQNL3tYT zT{y^QFq!0Pg5*GD5D!Gr5|`6F=Th#@8S(<=1??6gt+poXn?aoS?U^=wMe_N|vrlXH zU)Ya7w~g?7psMzmpFBojVNDA;t%witJmT6)&x_EG^nuB(sgm|TSi~Q{bTNuk6D&D) z@9A`c-Bc4|pt{$jIffmNK;wAcUQHN?PlNiLrzs6Z><<_zECDjBly+M6&H6I~)09)X z&Y@+GGu>aUel~_c2zxGW-sT`p*gwT7-QzJH$qxt6I z#!vgEg=dA*`Xqey{5E@^-ip-gm z<_|$3V1*b;^f5nXlfp6+(j2^;@)5amsW39fQc??1Bo}^BmWVYL+GKigc1r(v4-ii` z>A0*SiR{B?YZzUl&~MO9O+Goq3+L_U5id0N)sZzwmrHxP>q&QKEu4y*8NqyRdDOR2 zfzeMk-W&`ms^sfFmVeb&fm)@x714d)n>(SQ<{{LaU<_L}$G?-^Ecw#>vZzex${ElA(i>Z!#vS0aG9SI!L=>Rv)mx5Dr zewAk_dWT8ng`@Fr_o%DDBp>iY1OEeOt8ekdzJ59`0=ry`ARUG}X-)jbkZOA^zrK-k zG^6u?s%TdC(Mz@E`ktD{jKWH6n}{G5@@m1&lY%ZY3y#4EKXoQKhA##xv*`=sVXJ2omS$)PZbhrIi}x&f7#TL$+-?g~m~pB_1Memr z5O=;i*BTaaUuyTuVxQfU-Mszt?p6*h>lUS}b1At^`^c=P#R%y$(5Pz^e6_QLaGkw+bi86_>DewiGdMJ{20@%3 z?Dy#&46)6&$9~*GQ%4XZtDEdF`P~WK=XCxGDJBJ)>HZyBZo@~uuW~6TY?X=XlColFa03(R9+LP#jfR(@b{6%37~v4M z3<^~{Je*hwRQET?fJ>|GhdA72Gs|Wtyo!=5QPz3v>!k}Wk%|+;}qzQpqFS?ISG05)ItqLyG zG-GsgkTo@LQH+ib-6wEC6PhG*CTYv2^yEah(0Px=X#~52Ee2ReNvWc^1h6v=oRip-kD-P=_!@R%e@g@kx@-c-M`~#k#=)*O zw}I=}1mB-MRnhsTxvC$Mj+IOC6rkZa6C6KM0354r52dYs$+WDXV}C&qwf zwopaZPj6DKjJJQTzAIHPqkBLSL1luRt;ep6Rmll5t-$b;sA=9L0VEK&---+61h2 zQ%yko8QtfBq?J+j^1k~ZvVhTlVjem_A=!p1@u-Yua!|RBZJSP+UVCbKJ`gP8n+rm(xGPFaGa=h|2Z%s z$g(&>Ovm<%SU@(Q7f62KdpbRLDRMJi+HE8O%qK5$`Xqj=kU=0WlX!yNO>2@mPaOoZ z7Y^#KOIz9j^*xp*+<#!;heoH^@CebOhI%8+~2{a;gZ+aT6v1}9UmpvbLC~w7l9-o1|MFrC1L@Blut9cLH%I+tr?nlQ{ zeLI$ddukBc5=3nPBMsM$8KjG`M6GZIup$%Ms?xI@s*KZcrm5vU@n*DjNrr3^$oBvu z-tJnUl`$6!A5>8%urmK0N%}q{??Fu#$NX@zHR2-;Pi%z;bR+;WMSu_UOu5tEH1QJ+ zOfuw<-cbQmaQ~*ZD>aS6ngOR&Dd2er_vre7$4w9-fs&h1NHh?TC624zMk7R)8Q(=M zkRt-t5*~5XTz2=;*ZpSIkAd7E&mQN7q4=WdU$zyK%UhR>rFr;8kZm-g$6QDzK3Mf3 zRWiF_8MZ{Z+bk5~Vj5&%z#fov@L#RT&7?T9ue!EbWQC8nTf#@?_lL1rBQB-T=HzT! zc@JZrZ1$ipiM;Pkv_BuAuAwgXWVq{(r{wO6TA!Gv%~hhy%o*$gpFG%cI#6<01lrQ= zAb3w`@!zbfH-}FKDqL7sD`rklCp7fj6$OEz1ij8#W*2;bwd^7=M}R{e7}ac4@U(T? zZLSPjbJ`Bh$CjtVK>BvUk*+%ulwfJdJYJKOPcVE?^{8!RUq8Q~u|ovlQyFzW(0Hfo zYrT&EYxQkQFB*R2`1fRL{kJ7Y3Uh&y zDlp7V&Gx#tlO`s{gyBQq1=U*xTP?ZR9gl#i$<#_RXCUJV$dGL7qb=T1&{z3|n>{0{ zsv3JyhdbC^9OXGth<7)r@E)$dK{Yf$28W=2_(PjPWei>T(+{+TQdKZpSk)i+=?jUx zh8Y0T)D6<~xa8eD3`RJA!a6TdX$Sc3rD!k`=xXJR8+`RXruylzmt!F(8ageeLi!~# zmsD@S(euM@MOj$t__=|tgE$Cb!)kfdSRB&Hd$E?VlLucSrLX&UwlI@#_f{um!CP5~ zN1B^2hXVpi6BTa7{x=Vubn;c%Pa1?%4I5|9(^pf6;UURHzGCenAyHZY&ee~@E|jbI z{ZC@}vr2z@P|5Mjxc1M-fPyF$ACL#4fs~W2*a~qHWa5iUQ&YU0H}e|;xgM2v&R{r! zgm^)a=UVz)?SVdu-7;rVRGzFY-_&cqQqobwV6DE9eT?`e{Nt(XNALp{p25tb!S9y9 z&_~j0Vf}*oWq%#Ua2%S+^u8CJ;0pImZSobZKAMln5%r3diODypbCyP|O{%L8Eq7A6 z$4<5lJ-=KTtn|6()!0!B#!e%d40IKcX}Nk-5kuN0Qh({Q%t_tS*EjbKEu$Y*;#v@w z$?iS_PHy@vX#+E)e1?8FO-e!=QNiHq8*PP^r2&M|U^kbGWxM3{_b2T?N0{#x$cP6z z1ooCU8)Vt|C0swXb;1MkJFU&VF{)&hoO-_&LfkM`*3cz!1KfX|EZ(xoO_M9k&|U^% z&$0;%8&`%*T7=JPAoA+&P{(1R+Ghx!VuWF%%A&@vmuidh3gNA_dn<|--=8Yz%dQN_ zW4BRfNzL(E9y@!td_DH+u_4)ax&AbmmM^g3l+?oM#Tisw0Dy$(rvJ-aIX*`HY(GZ(=~gL8$nt= zH|)0RMLdu4$nGaCE?D_c3xnCCI?L5s=xQ#TiM+OLn&52WP_X$k)GBAOt6>fOM$hLJ z&rEV|m?$%YWHL?3Nmi#29vA&f{cjO3tdSfav0pW6K;-n+eFx?{6Z)1Ph>}WDT~9P0 zx$oW*tAzAR=I5WW6BjV|aUR&ZBz4deoZBiVs}NNrUOgPN#7 zf6omotX?w0wM!DGfT)bzq=ynNH~&?LeZbCy(YLOh5%prt^62u$UTP6Dy7}Y1ciJmp za(sb;&_R&rCAmJ7e5Ke@x~ZN#E(#Ymf=A{=8UHar8D+_>x~C~oLpaMy&Bt;Qn7ZaT zEL(wmID4vb#?zb;G6tt>K*GO@)RxYx+W#NLN(3mS=B6yHPXb}uoizarf0YsxeCwg= zucQA|*-Sv{<2G7muk;FaldleMA?kZvID;HbkiAU> z5?&u$KJZc8Zy^Y{UYy`Q`Aar&u35brEJd-;soc-i`#7U(x zO+;muPyU&^!ieH)?&Y*VQw%^yqRS*|Ni0z(z3Mi}D*dwjn8Nj#R3I)*!QkSGT;tZ$ z7rHH9ZCj`bh-zleR0F~1Y%ly_^;Nlm`JOC&PQjGn86+SW81erYi7fReI~is?QWG2I}DiRJ__aQL@V&=95(q8itB zb}>|mmiE211r&i%^%pWfHB=UpilSEy_tUFJp4RqB3{>G|oj@TBV7e+neyTi8wz_3` zaZ&*EWf%053rV3d`uX9y1wW*|EANX)9|__Bw7r}qK683ljUI1vDz#_|yeIkjVQi!x?dUIf zvB!K^WcSr>wCeniK@{37IP|?&rVFs^-k*TG3EVQPaG@l( z+lr`(Vzv{9kBAs%PKG)(rhVd*hjrP-Y6x%28_`q?-o7}?&8=IurD^O+Ja%;t6e3%^ z3jGH271(XA(RNHw3f8e5_FqVMk?o9jPxxYB#%6kVsCbDMU_(*B7TK$1r&|g&9S%MS ztEH`#MG(cX4RKxUysR){P!OP{tu4Qdo$cZ&5z&n=Q?{VY1078}eqA7ONTS`p$o8}c zY;BS*6sw9+Awq(I=50)_@yy5_`fv0`Ak)QHkoQPd$c$TPHd4g%2_Pu1hnA2K7XnViE5Ww<*rV<_kO8h)2=40wA*A zOIzb_=w5OY!qZG*If9E&zrr!dI5&c&pi8`8MV|cez_5wuE{l&$k=I?Or~ZlN10ei= zq5xgB1OhdGSl3dE!x4jaZE1`65mk=pkg|yjJYKlSx;ptF0j@mCZuETU)NmoM6}1Jp zvj0|APQ@-V>hZuDt!(d#r+wHR?j`b7?^`P26wU>fF-z~nEG=}CvG8pX4xd}_=vr>+yk%PVCd0e`lw@*07$X8 zIb6m(RZ=lzg!*Oqpz>5huM#4Z7`2^9$zJLLB>bokUP59r7HK6=ZqfHR;!AOub;~DqDW)zI*{*< z+ZWF3!EtjIDor$>H^Y8)=FH4p%flkULP+K73kvU4C8~IA`IM5m;7W0`{2TrzW;KaT z*QgI*>`}JDq1P43!dzHPF)FCOaS6x9i9uKoyky#D*i38cTe^OD!Dq6SwUrP3;`F{z z4Xd{ShY`Fyr!>cL_WPEgpkOcma(bL^X449>-knBUG4pcw+1GRRHH3*_J|=ckQZY~x{ri-|?TklDpV9=)aZp0IlZt{Ha8{%`{y?sxRH`wAPu0UTeg-%)hc zu2zy?eetTAIzI!D(A?kYP z(xVJ`%)Q+_Y8jK14rL@h@=HvPd233(W1`Y4ew3><~Ra`6ga`N2NusDVUs78kngE?_+}7VJH172J>7 z*z88xBKJZ+chVj^7+hO8L7NhYKHm0s`aMX#_s#b`%6t5v=Ak78ZJI%e;MCEq>d48* z;Ab&UBFPys2P1qaxN1KMxC#H*bjO@S9Br)*oh}CDivK|n+&7S&eb{tz4bOx?$L@k$4RjhrtE_TfUpIShj{N(KWsOK|^#et$f5& z#r3z%H^5bc%5&hy52BD_?;iGj^{RcKd(y^++E}OTK0vYMqgc29`x$Y6XWV@@q}(FA zNxuf&9omrnUU{A4RNKH?#MJ9WfD}I{CIaO7EXZyC$~t+B*i^DRD)<+8S9PH};izDo z3w9XY@nKUI#zN-p%4)Pl2@#O7+3;mY5+m@5uML+9S@5La#tni=N%Or1#xTxPXCh5X z5vogS#qRP4$d%PN#^IywF2m_ShKyhnk8gq9bYEcFAk!i8yRbaIt3=H#1?tBf!9iOU zfcZWv2C#&8`v;Bn=cE?bF^8fa^IY|A&7;_6kE%dY&_tJ3<8;Aw!=mes56HYztS$7B z?7Vj3&um+^R(-x4$T+IUi5FOZ`J*oV&qRcv0RRd76HDQbq%3}f5-!+CTQ}N3&Rkk1 z-C&hl@70@51m?O|a1Hbr^)hK+)e!qH7c>iEqnv7`Y;1E+z+K1GF1*DF#Y$Hobb?;>Px!0J3=LMtj z?xj3%UcnuJ*n2F{6(%c$i+7KmqUU?{SD;ImN*i)Zvs5D}rsrr;dDr+HB*kc_wEN~f zOnZ#;FozTTKwV|6hD@W-LY~s|bf0I(HJ8FwoTQ5XkYSe>tG<>=;b!H4G!p&6-~5no%s9N|CJi}hyZTU>AWh6k-9Z8#z4|j{`!2U)dJq4IxMSyDcx}FW-6(crx=SU?*fY%F zL|DnJZ6c8P&sPa@DlsQz_UcU@+e5KC)J%o#f?sroDqmvI*u9J1L>cD!S#P=Adgx)i zE?$OIScuvd(_mE?L5=Id#AJy<^inEC6)aHY5MvQyTcxoLZC$bgB7sTMm@&|4GD_im zkE$xfM@%mex<-q0zGfO%NiAAE`~bm06_L0YF2Gg7iUp=cPU85r;F|ulZuWOm> z9zFtSflpKG<^ZDJ1at*hZL7!=^@*-+u5 zJli{Ow)%%YB|>;s>1LiobG*k9SU)5HhYM60H>Xkb$ITsOi^;w6X8-evyCIbwC7r+* zC%QN8l5e{p2K|ytUkD$@tQHY)n&Wy0#%+j+MdKUDCG#~Xa-NNP7YNkgBfcY{#lQOX zLT{lBZ3iWfs^sL-=O{FVQSjaoEwM0z52w|VreV`WVt}J~8WJ90(+}$<<&3oR@+T(@ z%QzOyMPN7rTzPaZ|9WNy-xVK#mo+QghO@8cO zl;@B_cxoH{^+n9FQoi#$Ke&Iz0NB}oc!$UX0C;$Po=Lsy$l={$Q9){n9OvDKF%{~( z4q`n}ShI$fZ{SfNH`r7$>`%TfGXM`pVYt30`wg~b!O+G)ix!hR5|=Z#c2GG4@4^3#*7-$MrVCyX~&Z|?2iM%DB`ecfVT+1j;a()rJmK@_h)3z zzf9F|f4k_Q85J0}^WxK?+PdC2Q2PVc7`_2I^2%blZJQSd1VlR5R`&Tei+Z9~eb8_T zR`f;yLyswT-buG#F&z&Cpk}ISyCdT$4`sd@aTyFORK$ll)T$Q*79&s0u=~%Ba}4k1 zi?!Evh?4r)jA|OZy`~;G(^s3+4wJt9m;l)0wqe{pqQj20uOm^rA?sr=^F0nue&f<> z)r*UFHBbeGIm(b81Cek8$hO!3*rx742p;*^Id%YV3R(2YhIf%{{zxP|+~v$iqjtrJ z&;qT>UVVdYX8V0Llfur0!G>!xEvItn(|PayvlT8l<&Y!O_zh4h!-OvC1?*LzuVec{ zMB2M5i1;%=jU*1jM=>BW@2^GaTVid`^!f^%q(9^t&RR+uQRm(65tMGjRct+wmN35} zqJa|YDQQGKk`Sin9+DWr1#vok5It>nq34V-yv=BDe`8REe>kV9F96|ZGZGAdU2g@! z$Le4Ei*)~)GoSs>Z2CVqTt*~mcA%{En)2jZ-5~#?vk^}og6%2?zd_zT|?kDqK3bEbA$mDia0YDVndcx`+j?5p}D$IL^dEjYv&iHs6kyz}{ zbXdNTQU-L+N%_`=D@Uc|M?z1Ev;GHpeM-<-=lI-E@+0YnIBsZM^Z zoF5o5@q2`8@7D2=6GSWDU_6Oc=?od5G=TD`-b+0E}FG_jS`myN({H*#Idg$~I zP7Kh4ZU<$(4Dv6hB6Eta+G|TDw3h%V)8U)`k5_fedm#tj;LvAr-5qMX{=dIqb@Y69 z#qc8StLn3ZnI6`3Dw&WKJk^fsCBBq>AA`GRfBV2cvUBkI3-G}oH|MK=`uW#Z z5Q4WJJ+!)(!liWbW+N2bysIWX|Fv-RvnN8qk`~Z*rqAh?H;^Ck6R*vfrqO_VE{`G) zC;ki0{dbi1f6?Esz`*_XvF}bF|3PDBWiMS)s=nzH6)swo=td7HqL=JxC_%y%Pv5_f z_;=vuzWL|THXART*#vB!DnPpQ!1H+CxLD%7iAh2K*2N9i|NB}0t$!(igKM-XmEuVq$#Dpz2k{fGg@oM)V*lrFL1?{>3L3}4VL~>2 z3!wV^B*m#$`GaA!HX8UX!7jOD&if5SIw45G&3zLK`=GJH9P}gUr^}5EV1%YNukgVS>y2>09)x|iczKR>-j z@=B01^Dzi|vIA5GFDOqGSO>8ijmh+}KaM_L__bxQAL>{{1L0osdCV!$60rC$fz!V~ z_C#^~W9;#D4zk*?6dz(N?Cut z*5C<*Y?MC#`b;!L_TJEyi0df&pus+J@(r%z_sGxA{}<)R0LuOUlr)}Z|Hlf{OCIJ& zX;evT&Z3d&>$e3q+?}V!PY?*WD11~L?3o~yzDa%HQLYF!3DbHLyJJQaI(V~{iAlM` zSj0|A7y)k5Lg5emy>i=!;SH;QX*3kMhl@}3d!MM6S(#D8hwM7Y_>ueC!MPDS zIKWxsO<=#3=f8#A;ONqYOxu>c^rSh#I^O_)*C+0lyz2dHdr_WCmnd64n~T!vj@53Z zOY>qOE&Q)$uuK)P6fRh@r^I0|Aa@It@eTi0Vd;=r+%m)L5;no%bbhTJs+?W@8~aM! zCBngTIG(R`0>-s<>L-5PP%XbA+cZ89B-kz;&1i6;^SylPNgndC4;nk2MS7~#hIDn7 zs~@68(K#m=)I8o;o8w}RQtk{&ihVWU1osLGQte$~t2WT|_@Ge~C^H2OH-N(=2HE^M zP==ZN0lNz)gwmDqjpqet@?E9$YkLN0JC$BEwuAG-ibpwENKhRIm>8*){Z1z(bq)c+v-hbzTi&*?A7(MATdDTedO^FH`W{5?nBnflLCfccx;^!fOpq zrGPDcvM2KJDR+;P>eq?KTbPQ=ss{sydo7qVk_r_X7Rs>vz5&;gI*lLB{E`$1SWA=> zD?B7Og__ozkam#N#zU)kOq(YUUZ&6&UyaX^K3D!ICAF%oNe&hjoQVxzfyz+`n(s`V zno6Sqp6D-TaRj)!r{Q@}0x6khbQQGXxENFG?tx~%oVxC7*p>atm5MX+Jb^EJGlGS7 zIG`h84%r+Sbn0T8(8t9~Sbuu_RcP5?i>Dt8sCzZaJvPM>T%_1^8zOPstHG;Kdzq16 z?`4hXrjx@Nmhkpo`~8UWUu)47|U$7I@%E_;9$w!p3LPxQ{YUbsGsA_5X6J48Ayrd(5- z__-p5s<55?4w@mb6Py0`~7asTloO#I3&%NMju0peH1wc@AX)wiRcw{1CN8}pYp zT*jqK`+q*NwkFfn7j{!+ao1bdv>^h+W;v9Wd!N+)qK+ZWU!gP@`h;sEj4-!n9mV zBR)-M)*?y0Q;Ct;rZt`vrXq348^)oAibD-?0}2N2P>e+mmx9xlnXs#rfO>TE_OJlg z{0#6}5M4ub@SxoQ>R^%x(B~~*&#U_QADL@CAM@1Ud?ON5HRd{`uMZ zU;O&>c~Jj{z|<`;u#SSNG%261+8f`b*!DrAb1j&GPj7-&iEP(1xO0U|VE93Cn#~lb ze?5Fb-EFj|PUNGT1Kg5{I0JAM zc|acPO&)#uc+F=+7)@ZyYAjt;xAE*hXt)+vjMpK4!OeV+1n4EWDKsvSxRVEZ;-Z;Zlj1w?e%yoZ~b4RZ~EkSsV%@X z4gvnKd&)2?`!HrAs`jn;ws*_!!;jLDhFzE1D}7ye5S*zBDzX=bBP@VOv)5xTcZjw~LhL@(;f9541-+2^@>Vi%dJaSfKLp8k%j1oo2%o5JN2 z*>fuaEp(!za1+*~ZFRGK_vc~D5%m>TF(xSMn^a_|I0N35;fad|+H>KGfPdLTp=ac) zLu9Ka-a7rV=W3MJ`d1=Dk5h^>c5{|i-kJ+|?yU1HAWH-4j_Lsl>Z9EEmY{~tKPt95 z3--W?+wxWP4S@7@EYwm7OI*>NeyX3wMw809!HAk#9#M~nZt^E7cMFUrE8i;*Nk@uj z-m22!GivlSc2*wx88J@bh(zqP!(GKd)2NI1&HjF_TLFJtNhRdSo$t%>M^uC;xzb0p zRq0mVDg5>w@)pXAW98N0Us*+CRYf3!Q0@mZH!;R1tNGH4ULWq#hVO}y)Id+Q8R+RzocV12pS7vCQ(EgvK;uzL z5#)g?#VD)OW0-(nQgvUu$l>JM z?oAkL8I&M~X~0_^`-X2VgiFis2Ew1{rPpw6d3RCtIP7FTt|{P%kj_Cj(;?73p(r8( z9&6jI*3Tt>`_lkAFpV?~oz$XEm9>{MDKUJmKkk}x4^9@?oaa{nl~+P?qo2GxZg%$2=+lQO)zU>s;5nAJP;Qv;-efn=F6cD1PhF zOh8}9t-pwYZLb{S*Q7-~_IIM{B6FdNmFnrW1ocZ|{Neu*hSmQe32U5QNCB(RX0brA zVhA@{OZuKn_qR{ir7h!>DuaUeXE9m+`vbSsHg|z7GHQd>R@6K zq=_<}2q^tD0@oaC80$49a!XCu3fs&)XqD+|cH?3%5akHw2Dr-@YWMDz!g<*PKrb3K ztslTzo(&ajjkHLv8f&5~X)Md*OGry9JL#i04T+aMcc7mrL0=?s0+B7B5EUx|U=ABE|%o1t1V59LnU z8dgoG#YL2nLgHTH=fw5Z;mz*9NTedYgB1H(guh5*92;KW&`Q|9meZAe-dKRz&UUWUwq5-R(tJkLmRUjC-9VWnZ%GRL~FL2CR^jn8ldWcjESR zPAqNQcjf2@je&PYJER2<#0U;Ip!e;7c@4_kV?EsFAqP|7$!tYhFxGYg0}59Dw55{k zjh3BOn_|A~!G0MFRdnFAd}mwq`KjuBD`cY8>+lT(?98DYCzQY}3JUhytTvg4DrKN> z*{%W2fva60cj=RQ*5{a=$7Qq1!J@^o83tpHrG?vYfg>u;go;>TV;LaR%D+f7|W_cmWTG4C6>qEWsMHDD7z1N8g2odl(|dHmL|6$=}!1-W~Ips<3&%{m7{2)yLqfSaZ96fUX1s zd`dn%qx{QBN1g937l3agW1FfO9zS{2?2Cp_^__~iJRF%@a-SM_J(Y&++q`NCD> z`$PJbhL;Cc#0c`(5feVJw7rW;z3A3gexM;#7YV#{gs zNA@(Epq?yUK=u%gqebl>qa!;F1! zM0bRu;No7-J3GpbD70V*W)CLvn3QR67$yAIvDtY9 z@fDrW?s@KXRw%u$@rl)l-ks!}`e;oeKAgyR9{0hNUJwuGf?f@D8 z!J^p96Q^EtroWdtW;f!$k*A?|Ce&tlM~~ghUrga*gV6Yq@X;E?b-P4Ti+$lru>x) zHoIsnu|ChdrgFvKe^erWBqUjCh2A%#FjycQ6Qr0r*F|en*;qy zv5FQW^CVdf(ZhwBgiL!n1s@fo7zP-|OC=XR(mww9d?^1wPOA6lmHy|VGr?j)n1%m( zQ&Hi~F5D(-caL`HT9z_FxQ~bu_ku8n;)e^doSLP;38oRjKw^6eozsL6S}!KgYp;02 z5Z-fof2ya&rP4KSf98*c2P4uNyMIF|sBi`OSSxmoEU3L6S}dG4axZR))a&Xa)r?Nx zPs@&;N*!@ZS1$+g;E44~O}(oQ4v}xBclVp`uFG5)Ul4lw#yv#!+OU?qf#m(jlT()W z@iugr99=h6ay)XPws=ZOUrpz`%T_$ML2Pt@Jc*4t6;@29r!z8hXdmt^yo@P&y*Z#5ODPXRS3^=#sSDe@d zTW!DNorx&q!mY(POF;TBAN9HsI9b*%Ro9wsOL}rDfURxrqt=R3C*K9F_@vtoIPn+q z60v7pui#~khu}2 znp5_c|M>KOaRT}gocer3%ixLIPr*+;?kYiEcSK?V2-C)($@EFPCBFIlGAGDphy1sK zNr?z{eJ0E+x^R;P8e@Ha#)V@V_H)N}>UA8$y^AqxGtQI>Ci}!5E5qo6Scv@jlQ7>C zd9KAZ>CTiOr;JqFE+!SII3bjK0=5JC(n2l(+A=`X_8DArl(2hQJFHN?4Qv8B-jn0F zeMbDkStDx__7xv0b4pEkI8N8Mwr_$i?7k+_?Lo0Is6_yD^vdYZARA+;Eja~7mGZQN zB6H|=}sE(%l-Y#$OiYDP1m}-!?GA@fjmlW^uWSl!kXBL7W$k~ zA53ZqQ=5<_6-CsWyFa#DLi`HM0N;QoN<~(x!8ib{5?7~lE1UYU*R1g zp%TVT_O5sjF59=zh(4Ok#R*RWytmC;M|MFODeruni?Oh1&UarKQDHU=;8E86TfAa~HqMeVf&M7hG;Wya#By!&9wIr0cm zD=8r=o!9OIt@b0N_@b*05cOt@^kvEv5etb$96`}1=G}uTHsGF}TOtGs(anXMM%CZ4 z9IlAduzlV#=!5eOm$_lle8-aVwfx|I-mL2^ZnO8(f9)Jv8HZ~t+!(v)oXKZ2Bi2iR zUM%l>Ml9Q|+$M$IGQ4y-ahMzMz)=I^`UJCsO-_AOpTBUnXOkDItCnwa4dk!WLzhk1 z_mvI}^6aaHFnXh@~CIu8Rd_-|%r4YqhT^a6sFLvD{U=u6@yB*I z?8cC-Xpvj)$~+9=)QQQi~`tOR=@|1=P3LK z4Fl3o;HyjcUcQ+ik2%7U)O^sml}D~65yAx=eBR4J?ouZ9J!1yM^ps&QfCsPxrNzP_ zoF>L#)pgwmHiY3J_si^<17$U7JJXCY1a+VHxxd!hei{o{(-R5Vh@^d0Sv3=thU`?o zuAhB~wrBWPV#>MR0Gf(Hp+Pk%4t<**3`sINAp0Wk6;Wv5GjEHwbPdcq>*b^d*#__* znPHy}ly)>PdsRLR_p-BYy2npP?IPYH^S1x&47y3pu;9t!jE5ErwQoI7ezt5)xf9Xo zty92@A7Nd5M4f%O^uTL~K#2wz1=B|cOPZV3lgBF@Sw!_iVUSqwAEhHr5A!8@9-*9pex5r7KTOIgw5+Pe5S8wJ&H$!=PG8=P zn|YD|cCHET-eSdbRbPSB;%cNtQh{Oe5$P~~0h_I9mGLY%)4iNoPYc_YS0~tj?JCr4 zJT1~?TU)FiWR$t6FQyqV^j$!=TPQ0VuKt2<9e;02)QI-f?<478Pi)~s*d+r%J;1>5 zsN1)5Gp`TsN1`Fibpx;lDsIqsbo8%%S%*9TWcXqpfP9L`4;npDEEYV`d|+UCYG&`k z5Fa(0e+2`EomKV^IQ&0@$^UOTo;kcTbmvBKSI|;SBoku?d;5DHsKEVb29x>;l$U8^ zFyc2;-H=|YG>FClRZJh zlBoNG#!3nJ!cC_N5<}k)G+E4F2bf}E;WdD6zx<%#Wl36^2kEApvim0e|MU)p?dk35 z|91XY|9U!3IMhI}P~Kg@$<4tPAkN0>wQ#1dDYrd{O=o|6BoSBD7*h^2BMQWK5f>5aHd8xbNC`&xvvwayf?yEV>%-L zOekAYIar=RLsY-$;?m!`d0+fkukIkGYRhNuUfmDC;lC^JeER!uWARyhW=>uDZG=vZ z$IWkmv@sB_`l)YvT9+Z|X=%_5J~vatRBBFtXV|3UE%{3#UJ?+A3z<=N+s7~{6)_IHI`|C-wvXJD-4CeVv*3* zex61$a121BzRa)vI6E{=0rok&WUKz%9ZZ_j5)AGEKj0WjM;te6i`Vb`B4Y|YHJtO{ zuJ{bgn&`#nFW8?o+xfl5bNZn)xI!TDGAAZpN-Q0_Htv{rHtNm!Ssj}x?pKn4T@Jm} zOtpVJIwWKvU#a!p>F1kEc#qb(6yNtspOEr#-<=BukbYqgd7n)gzZ<#m%i5`>lt;si zz;C;CM0`CN>6U}N6uRautHRo2Ga@!gd;|yz1<(F=oL$vkWxH5gR*h27%{j~c7ZNu+ z#^UZYZYE;Pq)mdw6)w_T0R^GyLpEu3chAn-Df6lvVSa zxn!#e?`TzX*TF^n<=;=QIGQ2_5%)n~sq=h^oci3?tYK($xnz!ivAT1(GG}F>8tz1_zF26>4;tbkeY=Go zDHck5UGgO{6RWN7rpM8_U(YRd{Mw(P{pN!Ps|MEs^y~oZrRJnxa&z}qS1|zbLphVL ziDYI!Y-|IG=lZK8!&`OlC5tgZ*NoC~au4)oV-iU|$BkSszRHLnu*uo*WC)1!=QvH& zKLpmAc^dQarX#S;m?Qnx-8Vpm+8VZT!neQ&B>{0lf4E1gXmyeh=yfsS?X~R9whP0= z_A<`BaxWSjyYvvn|DoU~cObwBBtx%4Z~YIX%6|~7{S^d3sl*%{lGXABj%U)4%zwPUd_obH*UB!D)v3V}G%V z*$DMX^Yn5V#HEgqile6W{FJ7z)f>m+SCwHrODFOqwA;H$gdu~@DKlTr2>MWnmwzvI z7#7Q=Sg7V*kvi|ut^SB?fX8t{N#DpzWP3cNh*pc64LWypGks%Aee3$B^F+2`#&_-a zRp=CR7-Y&(dO{4Np)S!v}_7B&F?&8Dp%M?6%VSLN{078fs@ z5AY5~3oQ}B&Wy>gaqXgDJcnas3a^eGDb5_D2Z@= z*hI@?<=NLgs7uTFHo9{Q!N9VU8ZmNqBB51a)Od`@ltwjvR&thqM7H*&Xu)Qnz=g)t z=a{u#wi!?x3M?fkfr*kH=RL3fEWVKKdR4s|1P_E+l=5!VE|iPp9$^Rmx@Oq!Z2hMp;i(^cMGWv#E!@&N{!R zMpjn4yafLaWT3pS0KI4LEBj=Zmp*7@x9wqIBMRRK@6w$i>>F{M_0pLcu0^Mp0Hc08a!HH{;jW;z+BRsIGux+;|S~K8vdpyvU1BQ*m5nHq>q5nH*@T0f)npg2=Ki#ucP`hB6J~Wjrzeh?qI42vCST&oo_L zTpnfS?ARlQM31{nmMGl26|@i_dtE>9djoe_O}g(!!p|>3;3oszqQu=><>EHq5xi8b zrQhxTx&qpkNJLIpF{}r8%yk>u8H={&W7}wpfIw6BR2ej2hJnad8N!cO_c@^7^6cE| zB}LgIl?{lm-(8F44hI^j{xZ3#hJLYge3zyY%(4i=`+%cJ44 zsOa2bm4r(3XNej*+90>F5b1u%28+mhU&zDlLoG-(p}@OxjbzZXz%f4tUmp`OQ%hOI zv{&42^f>&!!>!4{<7uyP19}ZnMI%|~TfZ8qzi@VtVrm65q2N{1B0_a4WxjIz%OSzQ zgtFVah=x)9Zr!aXi9`_>{d*{S921 zw<}DU8zlz!o1MGnBC2x=9ekK+jn4Lg%Ygy%StE0Ku6Qff(&CrKgC$}3f|z8sC!9OG zqvK-xaB*-J62l;SUks<_(rWKks zch?L4&{sAnLah$k(kUayolqZLreyj8yOM$WOCrVen%G)_yE~TO6J>yu80Js12e``G zpu6r&15=cjKNHA2-`95fw@tjHqEMb80CdMMVRQPqjO;^Nrc}L9(jDx&F!Ahms zp4*S4ejuPiBODJ5&P;0t*+F?NqIs1ojfEPy)TaKt88xW>BP zXxr5O+UdZ=`gy-%g>jO}jm-JM?yA5%kEU;RQx z9l5}LM{c|vht#J`?;c{#VkMr@s`2#HWi>ThTF~tnTLZO|X8~MRFP7^fWm1wRiH(P! zn3db+HO6d8ERL!<6_*eg)Dn?Fk5lpJrWn?}V&xh6J#qJH4^g^ysJ?FQs=VN&2^ZGG zJlAP+v%#FmB$q)i>!I?pE+SQ)9gdz7j2OmwAgOFC33R5tcYK-80n3d2*^q26c#`K3 z15i!$7_%5Mwh?$I2T^X5r?2IuJxUKeOi9sdYrPV#s}5qOsBVs^7&wNFS{E(yEeVo& zbUeqzt@wTVRFPV>U=m&8%tP$82?4Ajlq0IY+^1vgv`=RkU^(ZUmlh~W@ zkS-jU8Ma%W;MD8F+yjbzz9lj@ATB5Ec*aAYkVU5n(@vkJP$_As-b3b*ipQK09UuKe zHdT}^0eJV9#D-gnX9?~)BhYW;zlaRdx8s`i-liUgCI<7F=y@}@vtiKA(&jFP{?a97 zuL~DGJVZB{;<}afMhi*K^x2^4W{Bp#T;<(hX$Ib>OFKK@Hd582aE2;Uz zAo0WOd3-WpwGeh2p{tCN&S>j~>3iIKd)GRbUOm;;o&PxQa+O+=UE4BK!QzcXpr;1X zQ=!lwX)EQ4<)LAZ#!%vY#%H6nH@PqZOQ&u=rZs~vL&seJ(fTPOk60^OEAp!f+VezaA*0oS(Izqom z-%^f&yiLE&-=iCYFASBD`=jlU-z~6hy*I~gd=9FL1gEYpKzH;Vj}jPSPRg$ocZx_` z#<1J_9S%j%uqCCVg`sfn)+@6vRW95J2QtG_l0K!ZX>cBvKTs8OMoEUU_ibsxFi0qL zqqJ!{IkG;=-Bxkx@afiqz+;ir+H&2V_MW9o+-8ixM6%@j6j}q?L9xr3k13^}1R9(k5P6}{qdA*J?yPZl_RU=2 zzqEgGE|1|(_PH16QxW58Y+^0}7z(fqEs`fBit{_)p*Q-)BD{Kc-wvu_IXLt=*3%n$ zUi6w;DBSiaSLGJkWMuGq9Cdd6m56%A?&dvONyy=Q{icV>t*GriFQ_?==mEr~~+G8dmOB7(`8PD_va9xf4gf>If23J~4zdC7wX(kkdaIZ3pR-qbs% z;%|SAYv^egj9sx%^Z_dns^M-$bR7=C9szTB#(UCTMD%E}Tb1=z6_2y&_N~o7E1mC4 z>?IsDW0Djv1wa!d+Ua4vYr!V;0eDtN+t=@~OKSRjkrQ1kY}!Syz8IKw zLgpww61H~9bQVLOFi_oNsOLSrXOs~@SypML4yot~I4H%7-8)h-VTnTb)1K1qTNURk z)qT|im_1iU;C{zO;x0S&)MQ#+Hnjw99uZy@G0yTPna5eVFZ65YVtI(d^Ueb6{HpqcNs z)n}od=9l2>YJf!fgJ!w;?N!>*0kW}v@89IdL`L=6x2$pNVjEtyyJKIrC{7K$Kc@XI zT$fv0`{vzH&kG{iC&reK$g3CJglwXHg*n+bN8jY*`j$Y~4sfA|_o6Dyp}f*|LCa2o zWer1latTC^P0p>5FQ>M6-=?&ZAhB7Z(z_0ZLaLVj)|yq77g*$PM?%FuL}j~I8ay&H z;uVjmU#0?-ESf>=2Ms@#gL_3RtZl%?CSXtR`6NkjpJ86_ahFoO7G34#L@IhQ z@0Q}ZMdTbRp3^_nR8h|DIN zDUzcM-%9jUx|YN`KiBp0R_~x!srxc#Pi5rvHupudavTwPPQgoF)?6jRQc^6^zA^XG z^wl|8`t8QmLfmE~WTSCUzDLhnWKF*n>;U*&f-a)ElgdEj)$ukGL5p8G@OZ|WgsQjU z+wJaV3(2qFrb;MA2DO>N{i0fKJ-yd94rNJV4ljk%TNulHx^(IE5x!Eb(AYL)k z_{e@-Gxx$rE0q{PN{+v3r~i*f=RZ)^+*=l3vuG3VKirm0;gXD#T+dN>lvf$v!~TMn z`p2IS>kQMY*>@Y!fK^4YOHaq_#uyVi68CT5T+D%4>UeT@4?=^Ma`7r6wT$u%bY^UD zh{ycs5cjrQ{ynrM_URa4(GnJJse$a|G>SuSL}XJ=tS0sZI7>@K{~vpA9@q4_?u+8G z)>c&N0H_F5#R-H|nJgf&T0lgKLkW-osUky&A)+!#NVEzl2rQsLfeI>uN(hl51QJN9 zOob4UAs~rK1O#Nr#E^jup4YYZ+QT|~pS}0F_jB*LpS%805Ci=38{YSMzR!0sZZkK; zoszxE9?SaN+&~%U)fllz@>$Egg!~57dGlROcubc9FSYk4(TBTEvQ>1q&q zowRjSVlXY()Q7RVzw?#JI){GyOaa%BTSG37Jacrz^~|LSu8Tu~tFiPR{6^{=X>#fn zhNwVbuBWf{TU8!`-`#)hSG%@b?#&Iiu9OAV7pI9Ad1VQy&Yc3_uy%O%ks8Ae3gt$Nex6?BnEhV%LqXtY+V%>;(T) z)hElx&HQKkrW@`eeHw=-2}25_4(_7if-YOC4&u13uXo7Lz>HZ#+J@mnr5HTvi^4Ky zz8j3MfSuq?VC8wl4{PA++)b^`;o}(eSV3}i^Nup*@izDmc6;#0oiuYQ;1|n=5S11rG|0xIn+*Q6DyJg1#MojU|5<} z0g5Gm3VD0{xsLpz;L_+xRPffUR^xg1s%BC<>p!6d$c)?25(7a1+ws=Y z{d29u`K-OXdLFE)@n^7bzuOV?STaL~#g=+2=4vIjt>_vI zHbl(_Yi15QIlwWB?Rp)CKnerbzFNOQA}{sBpE?9bu(CJ2|%1b)XXd9gVw{Idr1mL6RL%*f3lW zPwy-!-QW_C^f*4X)%8%n=F9USUK&FS0BiYP>Ryn58O?x? zb+7^gVxa3Izp65JO0Kf$?yh803SvhL1DNqdNkH5=NR~_JJ5@8}T}H@vw0x+w_+P7%afld>Qx|?Z9O7ixkldSNiH<81_hYRk^Cz>+=eL#<{ zZ+VJ4;`)_zDmA8&>OHzBZW5Fsc~#o;(Cjg!)6jQx41{1So> z>Bg>B;?bs;lO7qVx3izLuK~FQ&DybAaaK&yZZ~5NL#~17E;b5f8Xs!_<3IvHS}1t@ zZWHGSvK`=~kJ?sLasd!nI(aU=kSLKbZjw*MM1#aq$1%d@NJ9N8QWf)!)wrq6t4io|B`KsfxV>%fak_QZNF$}cn?*+-Urz(T>66OQ@Y&eudEyEZ1uUr+yD*ZV@F>l zOCiUl<#X^WyzeZE?%&IAFTfh1or-frj7@8lZw|}76i$mVGp&Va*yH#bj{*IwL5VvBhu5J4GNxV-E?!8pKfJS z2vQyb=g3lDkiWnklNse!DYLwDeVhA7;9RS8URG_C$HImp{>Ax=q1ZyWTNqqi86tk7 z1^)YD%U}g$NsB->1D@1Rf3d-E2Tnd+ccR z)8ji?yMN2DC}u?PCSjTG$QBK9ZrJy!W`C}m%;N=*unzSC=R6uvJv7?fZgvV2CL`k5 zO@)Qb)Hne@xZN#Cv9PjZN1rA{n%eHVi(n8RjSC;m`U>euv?fs&9SZUt&q5>xik_M- zlS9NL5vz#-t5UgcQ9cQj_O^Qy0_v&h?ScdS76WsOiC)PORil|-8hrr|F%uSP{J^IdHUPMk-%!?% zGp^!lVtqDvg;T*caQmbwMC5vb(E0LheTEsI$B@X9xJyo!ic;v(u;veHQzL8)p;EOdy_+aZ*Llu*$*7vE9nmI(Yo&>}p9`_C?S%1=%^ z3GNh_hZ~;}FBo~DEL6Vv?$~^vygbJIF!{_;vm@mIeI{&h-5n8ZC3DX#+0^fHn7Xb4 z<&$8_eyiBzF=01gmssZOuduAFOA@gGT>csE;4`Jy3q?MhL>{quJVbG(c+c?4isS*i zuzAe80q~YJX?jwK(pR?!ED7O0Yd}&i7&@!fXQJ?3@;hL#2_ScESuE(XIT~T&r_hjr zG2`2mB=lHZt0}yDu=mLa>Tq3f@8nLE)$YgHe+3W3U?o zl%6h*V+QMIj29xmX|0Uh1P?@kVPc^LX5z)(LbJ)Y%os-GxXwsvenvKRLwEQ?0j=4u zz)4=0h|-eRI)9CFWo^bxR7`5$UWo$Fiv6tFE~WlEq*3JX^^&qjhmgSri(Pi=*>nhn zFdUlV2E;lDV$JJornWDak2DlK_UBC(VQN*Exd``~b^w0SPaYfy9?~%Xh#Qhgu1@vd zH6j=>c4~GprKy^)zd|kFOxaQmLHJX1^h<5N2fI)xpFYW>D;U8X-GUzoOF8bJF27UU z)-j;7$QX@Ss*bdAJ5Chd<8;+;RP3Z(#w(H3LyN`QDF9@HCV4CNv}9d?xc_V zHye~`j%SW_IO~hdfAojNYZ}5b(P2R4Beb=$IwV%%vH4W|hWMSs?t|ndH>KZ0+_%}e zUDQM)Dte@h-*mg=RH855R|Rt?`#$<5slQzE&l=euhpgYz`o&{+qVi7!_!780*oSAo zBoyo$Y(gHKV*bfxZ_+!-ExbV=7!*RvomycXiPiwNlF6`4xg{@9cQZ;@uqj}w%7nsV~X#R-964nV?gK(oy01;3| z0a&46N}o|vL@RUsQikIhirQY(@vQP~r_s`dK6ad4_CZUa7YZeNKdLx037dZ|>6T1g z{T&C9cDB(lS#v;T({X=-nfxHzp0Id_H`gXMatJ@_TkAyigS1RtYL5V|FmrZD+Z}EJ5n?l19GGFhIf0NErE%vjXSj9D{?1sOiU{ zAX`*B1fOuR9~BxYJ>JEE)GWuFU>P^mmii!qkZ#S4n zvE=jRZ17$N!NB0Nc*5y<@2un@nT?UajX&w#;1Dso;0O_qW0-XEg@1~F{KPk&aJ7n{ zmh4o9jA{4&kScOYmS@Lcu%AyL4*}(b?^`fJX2Tff(*;hD8ye^HN#?l;;ZG1eZ?g$Z z?SaTDdV#j`Lqxf7Sw}TUFIX1oJZ|zdhC@rGYvSj-ubQP3-^O?QY>03?dx&N9fxG|f zYz{(P=ibdyG!)g1^@7NBLl@hGcP#R%7o&%l4s&~d9G>9ppx-K&}Bey7zT}(a2;0#UIx9mYr($l?CzEcyC&a`T1D(LGWd~(vGOx;Ct z?AsQD!(dar)xo9S(Dmb1e0Kd2>wWL2_8jb%LYk~9yqIw@D^@}yQMDvWH*T*ou@Xht zDAs(3diSetYy5Su&l?*1b~dND4cY|cnldA0{PRR&bqop+#Mi&+y7myaRW zC(#dZa9SCt{}5zhjt6tA^2+1sAgR zIMl^+7-4UFdW5ZX5X*AmQMFoibF|cO(K@`t*ssBf`l7|T<6uVD532AVDzU1bfi4?%!>qEP$@uC*7Axc0YXJPx!;4Iwa-fc z#HoKJ*7+4{PD(S$V+Lj#+rcVpd>^W8W*|`LIccdnNO_!1#Du9BVMuy#wwqo&R%9x@ z>MzT``xGtseExxqD!<0Pn0?ZBC+9$gJB*sm5Kr)FU@pkg4pq_=tyvquVj(3iHEJMO zFcDI^FJ?Utj*mq@4awPBbl6Yym0c+vWy}J|4IZX~x6G&Q0yS+gbJ9SdV^()2$2-1Y zST-ru#`l(>U%ZJAKaty->z@!i{8g7z&+x%RDgf9Q`hs5>#7vwdL088c2lhk5=viy{ z{;KN>sDdF@_>{Y_IlE$hI99}Tn9y0uEiK`bse3_<)^Wf5RlFk8MZX%2tV^OMlMdkc z31FbKGGb2#A;IMMq|GFTX)~m=eD$xkwsrsM*4EOU)*u#tzpJ~+$3lsGS5xLmj2wb~ zsd1F5Pe*JsG5q-ie!x+NxlbDBZBNXH()#_jl9c9c0$YG3B^kHsLqCfz5uQz%Tkp9D{6X3Y&^C0|LEnN)HI*99V$5dRg5kg~s@9_%mw-_rchlICIQ5ao*nMbE{{`AW z2rX0a-tkSrrR@6R5bPKX7OFF4@=039QAs)u6EjZUq)a)C+fSP1Lgb(4g<>yL4^20y zF9HdQ@dRp{rz4JOSqU~OVnw{i$=6GwaCj|c-u?*cA$nTVf&I2Di{{?B*Gitee+UZ`gr{xX3*_VSTjjVOYzWCgCzK?Vf;f={+lqqy2}X42bp3N7^u^4 z4F3j@zcueEDMBxr_I~r$gi4QwZ|y0GUn~N~Pz4WH(TG&wm`Y=r-@xXx>cIA-T$XMZ zYWcQ_jhXL56;9JZHUi`+!@O%U(7Pw})VdW^ip3>G|>X#C8BF5Qg z&dZB^%qzq3s27t0j1Uka-+5dwU6EHDsUgxMhoAI)fAnwb&wuq}3z&fYB~-@K%S~_h z=6djt1nc1r>sWQ$HhJl2X)3MYE~Y+lXrLN$VepcuK%~FzL^shQO&IH@diGos&RHad zd(_JaHzCdD=bybT-e>R3hIL2eV{JSQ{XIZ2=FbD8>A**|^^%R#PHpUUnNLEKEUPEI z(8<}L_5I!3=jlu=&HLUkmHHJIjwtiAZ*Tkg@VKuUtWGfze_Ar^L_v+34ah=|kn(ue z(LwS1QR}&-6T7pSeBa2q2tdo|t>GM4GN{-0dTPVywffF6`)h)Yo4WgrnxtdvMf`06 zI^z~L<3uURi^@d?e;2+s$3ov?{y=2EEymY`dAE3icXZp2Ksoh)k_Dq-7MZ{@P#Ru> zxdM^y0qDCQS1hapen(~!kn3c8jl8@Bw3pw(Xa2%uo@oB};GmuIkinnkUHY2(8}u*QJYkjUV-1;(_Rep?%as7F~jB|Ma_*@H`s1 zXkz;gqC}Con{+pf&6Pe~pSat=e#KsWjPUwTfY|w^3J77;@-!s(4PklJ4Z=@j%nuIX zzayms$ojonJsYUB^pkw1?C*ZDy+X7Zbb~uXB;5T3G@u`TFj}F#l?L9&Na>2de+yZEceumC`ZHP* zu-SOvzgoWDN_Q&^x9Wd-2hhL!)ku7wj~W3aV@IDG%x(A6e%>P$j&zQ7-oc%DS3JwS zvyU5GV^(Hyy45-tAx>pwp`2Xgbn4YCn!TiylF+Y#r@m4xju=5C2ZWB=g$8;MM zm!0OLiM`=m^iQL57vA{p&Mdo@&v|}Q^X!DUinmFRBqtiv69!3gP2VnpK0szgANA%C z8<>#>t06CaWh`&kj)J+;5liMY6HF9KeIUB)ggK^t;_d{hW*-!6lrLX{4N9%v300nG zm^!TOyblh{4C&*jC3i}2gDdvFAogyL)NL7@(*v&J_1DBc@-ZAQ0X86#NCY0zWT~Y**eTqM}(J}ibGMm-%`1qc7S7jU!Xg(T$=eL%Lp3s}ZjbRY zpcEUL(SAVotTP>FKQisJ?WA+x-#f?B?pD29^$>=8K!_i{qR-B8> z=;npcY*+1S2+y%~|o+&Gjd=roLD|KraUNVWL#bpHG$b2#1t{4Gs8dQOpf*C;x zjd|bK_HV$MKdicJT^D&dh>tvxMxtY6i#2}d>XpJPPmpe)^fb9p@>6j?c76p;93|LZg;Y( zs`7P5tvidZ#KVv+Ffhsnk(OwuFv@s3QD}^e%zv%?dHze%o(4)rSneexBP?@wC|2$Z zT828rX(go7NzrETrLwrq5pG)LbUf(u{zYn$FY=Hny}8Q}*TL8IBm&L|`nWQYJnb}< zzNpCcE_hk;bz@_T{lGGk4|41u7* zPh;=Y){QpV(Hp7kHG%|;n$4Uac*UbD(S1vx#ZB)JIDnHIat^s35%A`_r;$#bBSvFb zq0#)qn-{fjFqJ($-Fyao${vye-DD3*RxnoRUQ5~4ztYgCq2*unq4%S=b=KO)%SEYi ztfsujI%{H(d(At8uclqUu9rb>M=dT55$eVVDAv#)59xb-7@u@l*bwKjQ;aP}<4B5# zmCl`J2Zwd*m4@a4GKYf7$fA^T)8rJ=GdSrtquITh`X;U#5lM7pO^8*nCbq#CH^S9Q zswHczlZ?l9SJYf}|S4 zFesd;as?->Traw06ZTH&hFvlXsgh&2<(f8XxugC3z>fRn{uA61`~=`c#8wZD$IeVK zcA~cl+ay2h^oN<0i?5^J4_(?pr`Dux4M8z@+wm7vY3%u0vF|5;YQN{WgVH?7E%4Ly zhi`Hf{>_6I<^zf^UG;48z3Z!Ls&>O0%x=(ZsgbtD!K|uLims=KKYDi|?6UdVhrYZh z5lMlV5J&tetBr7{Ab2$(V7_COZukG-IP6dxBv29qy{=u|*1+)}SA{GD@YHl)Uk2=H zv%c)7KxHvZI*51b*IZ|gT#0mmQ_>MCnO!*A!>Lux1Yij82oG|lyb~Hm=0*ti)hBIh z?Z}7C!{5Sda?tv}22c~M_i+A<355kXd_o^oM88%p;U4+Y(syIWAB+^=*=B-1V!Ee* zb%B{sksBpZ;3yB)$G!8GWPoXx>B{zC%i*62?bkW%39{+$w>#QXiJP`ivv(04Jq0dci3TJir1XjPN=f(>1Jh;*{1c72ZA2?EAR==`{QD z(A6lOyg0ymLWRICHyH*112YcDE9mLNc|1`jQ&!b9F7SM4XsaxKt?DX7fGn0I%?yAS zyvXWsxEc?ZVlUH9o@g$FiHarXP1t1s16Dr$3ROB7Y$uc7m5MutB*C;Cu0Aoj{&p+c zzSVP=)uGC&NVdlMsHv&p%MVZ!7xOXG3qnuIU|7ST4Rl<dlCAR9gjc z{+lR@>bauUCxs-k6I?9hj7D_O!4~DnTcwgw?0{s3sL_7$>Rf z1A{AseJ85GTwxMc{(m9h;r$Z!Zi#uHq#83xZ~SHCx1cUm=#e&O`D*5M8f3GwXyE1b1GKy`_95bd=oeVC={?!SksU-( z2>}3Y(a#DqKG~e9+9}ml(b`M%`y+bftmug@#YNacb3QVUIq^hlZ`*1HMQ%jX@^h|P zpF2q#7|#%Io8#F{MVDk`?iqx*R)n?AV>VZ@Iu%b> zQXbW4JjM{nbphOsb@12zZgv3X_dGL84p|iPEOo`8GzZ*bd9ai9o z*d{;iG4tTAW{uhu)5Q$8~^TBSuq7K{hj&Q440yN5?$6MpB-WJMOzpvzES1;WFvaE zlPo3uSS-J)BwUu()2!P_n^f7hkp&?B;frpa0`LbZ`yR0 znt9?;V~Kq1N}5tg?a5}yIRF!$>Syk8Apmoo4N59GzV1x3R6sFLx#p0IDJeE9#X5VK zOY?J1j1)3kGyu>})S1kVcWMogDi46MjoWjU5`HU%SK!qotNpOC*L*|;v1tSNg#kQKQSPrEjq z(%yZFDx=t$a_KCKiw@mX$J) zcRs8;GY3_&&Hw&zW+*FXf9ZWwWF_PM-H{PmlW_6iYR!Js+b1{Igk@C@8vNr(|8Y+L zai9LV5ea@@{Ma} zu~#Ai(xdh%)K%Dn_!nf0mRop!V#~s|fi|EVI|CxT412DX{5J-3M*r3M?5EdRv6}(m zc=!0ILVIfoseKrn8#qLIH&7X`Xw_M$!}GMc*qGHLnifGEpzH$IY&wn!C=P~tSD~9I z7{9YJY_eu+MdZ1NbYeMsVzL}f?M1}<#(C&F^21QZlR86wfU$#9*2~hZ@fZ4q$RYbu z17*&Px5HSkUo-ldXmTFzR3Fy`RkF zr&SHju_&B81}vjsA~dq=HGb<1W(*DeD!#4_GZy6K0}FE9cL3JiKYT@mGCI=3-UVSb z6>CB6O_yf16qA(_12v7zAfh*tN}3Wbu?R$OJ2QBd_vE2E3<^43hU2s;>)Hz%7^a-& z=+Q}K?qMpQfFcI7&E8-84rNHRk} z1y%j-l|6M)Y9@rw17;@Gz-Q{6&mD@-XM%W#*|Bx4%IGR?_mF-6I3h1A>dg=;4=4!c zwVVtP*)_Q0*#mx3-MIW=G!=V))OkPX-&>-OoYg+0oVXUNj7z#q-FO^3MnrAJklvTT zv~QWQhdG7JclK|l%~tBVWUb0{kuFMPCiGN8bE(?Edx9|F06-THmK>Ja#&<8Yo=c+7 zg}8CbI1az!dYvO{RfL3Ct)yk)^y>SX?`4NH{{3^!j-y)rzvW&^z>a|- z;KyIwQ)I7dAX|DoXO zScYG_lRVq7o!{mZRr(02&38T=l2--;-n14NdND{fa^O>PjoYw>ku=}b+XTvIt~(0a z3S7-;vbCoxskv*tZN0ZqyKC(LJXgsh);21A$Pu)Z3f+2HdOX^DumXK|Q3Wir&u%T% zUd*5CVFXKBC{$qFPV|;~fs*>R&G6Bbc{z9Hl|p?|i10Kd!xmyE8^c1mJv?w{@+fJq zKg)LoZz(wh`)oEkKDVu?<$lY(9QJu)q&YfZt6$u&q`f_)d1`kRQOAxK6pY<<`EK-1 zvq$t8;m$Yl9W&+)FB{-C72F^?pe`8kf0}=vC9a-)%T`eR8sm{Kbo(fSyBlSYd(6?V z8`RE6X-N$QrjOUrC3dBD_t?5w&;r!?$0FA>pLzJwE@O3P9V&QRMnfxVPl0JWzn-x0 z$|MCt_fy8X_tdXoDOm{F=S>E;V}dU9wsWz`QT3G4)3;tuo)C+$09{zh((YpU@)d-1 ziEqpG<&SzlDm@;1zw7-94T$HiZy)K@K1H@f`+{ED;gLK<4?vz42BIWm)si;GCYhUP zf-;q=3Ez`tak**}0*R6dc-|lNyd89+d>;h@tG3Szk&=JxbFr5P?dmXYaC%GakBoyq zc{7@0_3W`)aM3wdMVKR65hzEumz2s@o&bmvc`Mq?ba;s!yKpKwpdP!~b1(N&1vW1( zp}Wqq?vQpeRE39At8vb~Qe@8VY)3+x%>7>E&*Ek$EkF=+6^t=mCV5 zpgq~r`;*0O#&~OvUz>t9Q8Z26<7{7l69ZVHL-t`CC6yV@M_cJ^X`~cVsaY)T1@{rAAh_*=i-86)F93^zI9OHXao>>NG8jpFREq(U zb1wZNa!hAlL_awSFnu|2%JE47^Mtld@ag5ie$S-sLp6VJ3ksWxuM${LfrF$#%N76o z=E~$RhizOutML8XlB+Y&Pqa_GUSqh!r#V#5RYh!zl8^(I-Tfy7aIyfI2hwb|DI!N* zP*Uz}plo-+-D~TjHTGjx5k-B~a8A@uw1zPLgqPU_e*xFs-OW0>-8{{8XMEX7X>VJG zi63QPOcqw~fKi5i7BRyz9XwEL*)a6BueMgpX9pL&6RwFEVy>$vt=IQQx?vm+bJx-H zfh$3AoPruvX|_QbqD_w`&0H6g_THtmT(EDTHy82G-#bQcXx(n52vHR)3yb3f)k&`F zt|(VK@x5cDsqO(`sD6I6 zwe>_c)$Y%ocG;aE#;A&8)h+2MqWNg{LXwyR77h3n{e5`kc1ML zFN2Qz^y|#|F9-*|37n=HdsQX$FzE$7VPOT@35-xYwC*u=+i;e~8G4&tnri)6+LLp9 zovx_gvUSRaGe2H*gsI?Mhdp~oUXSM9hNnDvh`OG3%j zL_utdUz{K;avB%$a(2x4hV`S+gz+XCxYI_HF(YvVI?WBKG>lbz)f$7f*i`AWHmzIs zhvO#+Mr}Rxiw|bTD4tv2HTHHkm96Wo&or>riiitm!nXH`F=yOIXWe#Gl)U)g36mq+ z1g%%Vl;-iVfT+i6NV&Zy13MR(qp3@NqY1?ed z@X;JMv~nDK$gMG`_E2RdsBmKN@CC`|BdtkKQ3g+yS;q%lB56;Sf7~#A$dgoG5)zf^ z>Dt%yFyf91Fj%_>OO@qg!xOjmQ+Mqvu|auOHw!%Jr4O3 z+psy>JDOzcwX>7*7+ZUa>8N19?PskLA?YOs>LbmU6Z&Qjbxm|qdoVQ`Fgzq5e{|#U z7GK~8lQZv$k9To?((z}qBCPRkk5B^KhXE{A>67LM2dl$v$Yb<~QIO5dR_@pf*rc~> zXlQ882}Ke|-NWSbgE*U4yf^!jV*_ys1!6N+6?c~FTas(al&2IMu9l5n&L>PQRm{3uy$N+QWPqUR9!=XSI+VGHwh~G8lUh{O8 zy6aRwCDAIL6oV>+eQ`0Xhp&G^cmT5y6(qF6aa!ZaFvgI}uJLU2n3ZIsGV+MS=38eQ zf98j%J$@7XlzCz_Bh>eFY1|bt`N7i%2D_AZNADl^>R&WTFEv7MtMaNw@krI9wf@E0 z9fYa-wN%{^e=}2>GJ4$n?w6IvA<2uJ0SVlBONiRek((?Qk!%S@d|?dXE(0qbZs|L^ z7I4tA5}^D@sW44Ae-I8VZ@`)R;2k^>4N%f~0*y1uG-STN0O*or@aA3@-8kI6h`dc$ zF#M?309D&3aIQmMLRD!W^?2smq8mp#{*9Ht6`NtJvCbWfO^&36k)j{QXPs@{dD!{MB>!X z&~X22ggenFh9hktW{dTrdR9#`apycz!znGl73gm-_HAzAeNtVmM*0DN_BWeIe-?UXop#;Q7am~bpx*tYjgl{!F9KPPnldH)iW#0z z-)p4#F159&qF_(qD4nIHCA}&)m#2=1c#~L&#F3@(eXskJGIZ+{IG2EcwrIJ0yp1`3 z1=ww^*8bf59pK7QAlDC&V?BCxpY`L8RL9@M;C#mRHyZ8kH3_p~6QhgsHJ`$Cu0-PSA9m_ZW72c~+Xe)vu&$ zgfAk!Lf2vp#9S08lXE9jFh*X#_hX?65T~Z}Tb~FN##?H+Q%GO*bXg{puPrYCjAhPm zm4}PmOAo51NE%xiA*DWIDGB+qXfp4y7nL;#xi<3fXK!KLrF(Sr+17U+ZKSiWOjtgt z3@dtliG9xg2Yoh0jA-(qxqob3$h*>)BlrXHRDTY{r5$asS{Wr?_OYD7(&Z_@x-yV3rHpKP ze+t#6s{2v8_wF?Wg4c4qmD^B?4vCgqJriHLm|+d{S*+|r{HM93K92JPa((2`^7d_m zw4nEJ>o)dhPPvF$p65>OM1bq8BM__}VSqFqmi!y#t*S`JO_A{51P)X>qbZx}$X=si zgXT&VNzTOVt<$F9w{IQIS?PEeyF04~SZ%QgAX}jNvON41VB1Fg1pfNwFZ#g$rE|l7 zFwy(J_j~@lDhYIjp8ec*>Y5muaVK;b}AKmLKx-c2^GR@XKVtwda@FTyw2F}OI ze{()8^{FLR0bH(qNvM0oILd)Yl~zke$$JJ}Ej7mmaA(RvJmrx-9l!Fpom`DO#fxpF z#!jmDYVF{9@-=j7=LC;Q|t(W$4q= zz7xK$ zJXppRT19c0RuCQgs9Bab`1-2+qJ)LTle*o! zAor$m!g^)!40kwSxW2`5a$I}Ln40}^fIzDf+UsG?1VY=PX9Y+^qnbO_eucaHD>clETpj`q zqP8MdRz9k+&oYURYvm?4lvbj-!Np0@x(e?6{NagWEhp?P2e0<8>F16>Al9OFZ6&8% zuca}r6~|$K{HTF=dR4d8uH&+lpQuO${gmw4698 zRqdrf_tqO^Zcr}wj%}67p4Yl=%_fnSg5a@;{TI2y=3Fd41NemU75GTKrAjL^b=#1c z>Fe>q82&k*0nBamWDxuEa~?49sw1qkPED`3_6>1>w%`^M}_2Gb8b+jQy5~& z*n@S~tt?sXaGNJrvDomcX@#Go5s1S{Ic!rFmT#{5Pzii+)W}%kw7^CBic;nE_)UDe zCxdgIKN)~PdRTx7QOhYv)cK+Cp!undOI&&7^tn5t#d$sr z1hH`Pf@hzEsnrd2&6y~$7$o>ot@n_}kp>YvKg<-#3o5LM?o@Mhb0&0e9G~CB0PZqJ zO@8q`K|z~jSjTLUVBQaKq2ERgg+>%XB~c(*7y7-7nTqp99~sIbqpp)k%;o7h?5;vE zJ50!9!1Z{Kh^Xbf>Y9*M6M2JaGp?Zn%mCq=1LqtwIwk^6{ z-Y8-WQojoNj*j;HteZ$jCryOHf>=TP|Lx{zvm@W`tRo+K5`869S|<~B1RnyKYGYP> zG=i2hKR@Yy;UY$WR9k5|Nb%5KL761l!wUKO$LWC#`z>XvC`x3W<+q+QyEmUfTfZ>oCxIXuWHf0Z&8TD+-3I7{MZ*W0I%|)Hvf_o=44l zNl9_LlrWzB=OGt={Em27(5|+k*fP|X%rT4{<51E^<`S;XSA&XAOfCdAR?uO_miW5U zQsJF?m7Ny$${Ub4G_?@vA0*95;Y(qApeS*@%OBD*n{(4b+(>zAt|*1_QE$g8gh^})K|$g|AwVwu6u%Rf^vS?) z&pO9;{MVQZ9fDcW<==;%cTRLsv8;(oQ4q5gEVNI{Szk^53MLBQC;#28@UL%+|HnW7 zPfMd=-PVEQ%IqV+orb(m?h_}KXwqqZ+Uo#-c|eMBFqci4UJ;mr1|sexXdwJS17TQQ z@z*deQ1gI=#vQ1+a(j>xgI8Gx3C&Qa*o#*?o4nwI1>XG-$ksSgv(G`FAR>+NgA)6W zd8gFe&N<82OLqLMR9P}}V!XB{07n5$LTK1M>m-ly?dD(1-X`?^!d$i{b`e7Kprf8V z@TfwD&6f=ml_zUkf0`NFPfjedx~NvT`W!6V9u?|gaE2Mq+8Y%{8K?mihqd%^@Xd^` zHPuj+WtK8jXh!J6$X0)9EW3Oc?}i3HHt6{4fr1^~SO8V7C8#!)saM+oS)mk6j|vy! zG>0Tv&<_pDTl1hzeGg*u3UCR)h?d%Bo(Im#Zoht4;29H-zm|}$9aZ&diRr-I_H(G_ z4&kQ>0YM33{(4lYf!Y$+uOqHo%ga`G1jWvH9kwX^DOa?n78As~Do+6|EqZ_n^uXpw zjhoW9VunjRP?Xc0KhRT#E$S8~>QuZS>b)juWq%etvTe!e{dN{E#;zoTWgB z$$|$4PD%($*&qb0xyFy6R!4Cmrexh=~Yrq96OB`M5 zOch~7_Q2sJ5p&GM%~$RA^UEIgP7wcrg`gc3OfK15=9qk~bSvu6G;OGK{gd;1dtSc+ z=K7-U!rC{_EJyL2h><4!(d@l&J8L1XmTQoI=>Li7>wg77hkLBu(;|-HiTS0NV zkpijdV1~$6X)@ls)0-)o4qVD)iR-|U$m?A&ajdgO>Y7^q$wl`PoC`%H3v~Qx<&8o1bL-bkJDLUT;c+TA1Kk-_O?oF z#89P2h{N!ozDFY|-tRpolO&c<+e_99j_hrq#xr00Y8Yus-a{zzblLS2=&x?t4wZI@ z_DqhyJc#CA0|m$^{pnJ=FS2E4r;Y|yZpQ2!_6;8mI@B4MbU`0!bsBwmQCo`0QYX~h}AT3DckENHA*$g zet?oq7hSqym;Tu$_JVB`wvd5s`Qdf5IdFsg&fEBhn#?2C0i|=bwkPO?%^hkU^Dgkr zyAuz28CPV`hE3%*G%#i7ls73s=gtC1kahYQ(?)cMLZc+tt z%&O(ATnI-iVF73I!+dX2limy+q5FwNDk2A~aXkMF4UZy5ugE<;0CQ_7?FpUNv~$67 zz{k=xzOR5rzVj9?q|)o@%yq}Yq(fDH8+n1=7?%9KPsFxVLJs8MdQhjgpBRl=8~7C&ts*;h6};{v1M^QO(wZNxog4fa8RCuX)Z5^1*P z^^%W1HPyzBPMC8~{z<(SJ<(RljPb+rc{(<1Kxg{F>FkFTea{ka!wU4)J@le*&@9*D zdO+%@mNd9x3b|5qa8$S%_igi_J>Rv{ci7%4JsITt-L|q|T=}EBuZu4J6osxc%L4&~1x(s%Pa zgcLjDO~^wyLN5soI3ivDh+fNm{3*Zu*eoDA0X|eOJe5oK{S03 z=Xkyny)Ep?)u_;xfwdVZ$gix4PxU{N2J&2j>RV(rYb-`qD{78~sj*8lmV9x)7A2<2BfOY|b(zu|WviXry6 zqv`9*)zikJH8sGk5|FeB^oAQQFVRU3>TzVs4%zpy^CRRGPW@p?L;bp#Njv~isjSHa zJW`E_^L0)ntcUAfo9#|Ls&+X`PQIwVW<;3D$2zNt^Hs&MpeMXB94E8&Y@$6MxU^IH zdGUD5M%SUT;%wf&p;3TsoFD8KJAm*>5SQ+&rf1>9X{KB}7` zT{Yi;a~^|ysdQ}Rw$BBB(VsI6tI2sa{Qba1Y6+)k(tdulxQDlAA`AwmOF^7P*V0k% zz24FuGgE5Ky@=<$q->0Z>jjl_tOx^G224Tqv0izS)UdoM<;Z8ha`MUo$Tk*g*P#Hz z3w)q_xk6@{aUQHeSB$XKCw}Nf>q9lW4t6z_AzS1XDxiq@R%SQvHp;vc-4(sNB0FaM zDTaa?$1s9&t!uj$2mqqccT@xr`7Ul!#W5L-R53%#yX8fA(tr`4Z_Hnf{MBJ7VkFLH z0=R5i2h>SZGSFs}ZK%Hb>&?J-YP9=; zmZP~CPNfp>?YcSB=iA4=^C3J1AU90tM1fLCa(xSWyfbTQorllQVzGetL#BDXd+h<| zhZtU5(h#`VH0*lK1}XCPQhbcJ^KpN%NRgEHq_OBC1xy58jNC(0bt9F--sgeqt0R1n zf{0&xJ>_u?sYe&$SU6EVsKU=^CE!NhFyNwZa2E%a*}lj(c38H*XSOG!>U@dmP`4n6 z(wWmI4(h8frdk4F292;?% z0Ac3Hj4etetZoQHu8)W8;E0XH%T_u42XZYdtJ3M>1`d+mKvZ5GHBNT1mP?*b|FFA- zsy@=D@Vgq=^Lkv1EZk)aeq$}^sHsCi#mEOP&d4dI%E7@wR&|;8Pu5Q{zIYL$O1NH` z=p(I8Jzq8r`=}Q(aOu3i^}Dz18b2^CR}oL%SToOdb?Yaf)?INPF>)BPGx3?@3+MaJ z=lFcqIafz%f*GSFV$apDHLS7ar>z1lY=Wd;%g(8 zpjl>rs;kpZOcsX|5^*e`Zo<6x&4?qk?A6^0E(@Hxg*Q_s{{GF|&WF>)FopGG;1B(F z18*I*b~)}S6WwQ=zSn;-IQX~l+h0u&{tI8TUUc0kE6{9G0}_k#hzo=iG47t@9Ry_!dV=T9DpmJ3C*xR1$8= zIEQ_#erx&-DZqIHnUqR-7byR;)&la1FQ_8{7uR$_wn=x(Y%3TV5wmo*$oSb{o7b8{ z&mC&2P|IiE5}v7J1~02h#bRvH{i^sU?$WW}V=xywPa;xy`oVk;gI|Sn;J?6O1Y9+k zLPi%XKg=gsse7~Wt8|@sdnHDOI4-k!_VmNmH~tBNi?Ib8>oaIucLmWO`l{JrJ)KqW z#7aB@z;?nRr`Ka_mhQnEKSuns)kj5JLGrz;JhA8TEgV_vT?up84K59ot$(q%J@OfmRT$Y?ZYliyM0p zMM;1FsUir(5S3k))CEuw7@&{>3bG3!L?DY0NUChIi7ZJZAw)nTiy;YXAWPrdc4m%q z&b-TcXU_S(*Y*30?Mle=JooawKi|(n_A4AM&ksP-IB*bh-}pwbQ+qcUen@I}xKcX_ z1DTKx7=hE`A+pFAXn)obKdmUjM|YubSlNAe>&PB2snf`cGi0Hwt-((mva+cvZKiHd z9Tl?3LN(T+=i&z@ffeyOX(%SM%m1K|S6$^@ygfuMz1lyafbo4~we`B1xSYM}S5reX z1rkTb?;mwW{-RJaI2`W@sOMkIoSTbA7}R(6R4X+vWQXh_)rQi>gOJ2D)MW84Z;m$_ zA@=#cwl2`Cg<~SaUm^xcaAt`ve7FEGpgtHJKT;Zae~;Fxsr~z>#!aAiqo2E8t8*|+ z?3ZC4J71vmad=2iBsY3m!i}n5&P=oVbmIr;2BWG{99jAF>8*n(!Bi$X$JDVY8YvgZ zZH{Rwubu*vE%Wzxg$=DBG_QB+_uDRV&k%BCejS7~U8H>8(C5)M{73(nUiy;>?W2bQ zNmc0i{VE4#S(a;MIN;u=|NC%o{Qb>|!T-sZ|0*KiqfP7-O39OSe4URIAIDd9H-1^* z@L|d;_i=ChWcbmoWf;zT_fPM2M(QQ(cv;T) z_Oa7YSFEg9mlja`B4a9wYgh>^ZWFlA`+-aPxKEA;P-*t-ZN$L}*>}DhGc0F*8*rWR zS(SBfxpiuw*IHek9VBqH`_q!Zi}No4d$ovGcv78slm0T%hAs{^;RgFHhli zc@PGTkob6Z!bNwZ?mI{cj|Ea4xR_~(1mv(iU$k+dhwa;C;E_NtP)!1P-g%yZkG7&e znh8J{b8N&o@u2+#Q2mA&ER%>&|Lo66Z}4^2aG+8AxN~w;3pY-j2+w~s(&9Pkr|enZ zJW?|JcWY{cE=8$u@CjrM0du$u}c z*d3H$2d0 zr{x#3FyHQeEpSyIcJ#$mBNXDTrJ8ifTNh|y$qQ_$*(XCE4>VQWq)mW_=u(lEaAWk@ zHN>CB#^<0S!r)0tbgp`5EpYK{OqgbsiOG<#*2!X(7{}-SI zoo-LF5`)*}`z1u)PzX8Oc-6jRMY_7NmDoQ<-XO3t_|9b#tXZ)o29$>lG*io7xM};I ze(Rh~20u^@G1crlZL*8_Z!I=m-itAsa2C@2O419^yTaQ$r^i0TU{dt3e z^gbip?NUVlF3wIv6A$hXnT&( zGZN|H)pByOn^>5x{_3l|as9MRlJ$-SPe~0W8XXr(AJ{<#k#rk-i;QTZh(rToJ^UzS zknNJpGQWeaMFeH8rS{M)M%CTe=w#~S37eYKYRy+IPh7Dl8n@^yeKU3ym$k@Dk10t! z5OeNXbJcx8%Y{JA@#0PJ?ui$*I`V-Xr3=CFJou49l$0<=vlPDC{Pe7UEEXmvcfJaN zs-LDP-ywwXb(#vi_z>R8Ln_K3Hf_4I#x4zEDIxX&_rS2SiO2G&2`ZFi(3wf;Z;CVKW0hR_GM9Gf`pWNc)mLsLJYYkpXi1RSlw7W3GR|5crjRp_93o)~Gy?6DwgsW`# z-hw7EjN4-tU=V4Gnm_sO`(%#{Zz!gB>EyXp72%N|sEw1V0c(W=0C&AVgl^j+)&}M5 zK2Xl4q2;Fj{JNO76T%1Ib>l);)lXf2SWlGoU9C-*zvR_AhzH-;ZD?BC+ASQ|3<^w` zL9basOQ_RS-r4NohUza)O~&g>Y+}%F7%7v5oPBE^&DjFC7(Y}+dakD@@cmM!yT5Le zJLQsP=nrTpH`Mm1P>?D$p8SGN{Y;*pYXVqCit4~|$LkFB0R>j$Uh>z;8} z&cgw$AGjAvZ`9jO+>t7?y+o?$`ALw~b)Px38@kQ(O62#Qhie8rD(x}nAJm*LZ7Pok zf82K94SHi+47fdiG6WunK>zkU5nS%0uDdkhzQ4Q}-1aL0zbU+Xf1jy5ohJ7!D-tO^ z@In2wqVF_X@V(ir4kU|gLC-|SuM0O%P>V(I)sU1E^vlgeVva|45W>PU2OO7O=*#f? zF~W={pm98ho+06jfXU|F8_+i6(N3kyK1-19$Rj0&+Y$rxO{Fx$$P4?=z6o_H?ix@` zJh1(Oy8huRb?#|L|C0Xdz2m ziS}+DKzqNc*4_RUO(5T*?u#kVRCa2jSfxL2bkHLPLRgeSFqk3{H*%MHuI0Kskk%jh zc0wFRm^xi-P+@G^OI4m}l!E>XUb?wz4oV)^Y96MJeA5zX>-!6YyC`jv^e)!O1gnU- zKqP%BBU}P%>9Jj)Pk=9LwZ9g`?}-SKe|y5PsPe?m-$E+1lTEWTvsFP0G?v=(v1cba15qqD4POS%& z=Ya_&yOT-Uz6AQj;MY$IU^W^OxOJk!v9hl4RA@HLH+Laz7 zW^04bhN|x`|C92z*~8o}4F?>L-5@Ip%H*Li3wVhei9j$kj908-xyP0vFdMGoM14i` z>;XRcJChfEuU=iVAf013zC?vHW>d* z4Uey7M`1yk3xX(wOh?g977YJMOvd;Z$(@Yvnc=1&!?K2X++N`-rn#I2zzRD= zY}p*f3fWQ0=DJm^gA%O~Wf&!2P+0=Gm`#a+j}uio^lq2-2CYUj3eK~B=Drq=`E(NHMC5?z;%RUMEE5g#b2CKdZ>eTahcj*lOwJo#9k?=N-o>sp zG%WE}saW#NzmNkW)Qo@Wmkav+TLJwt`VLj=SvA7n_~}Rn`Qj47)cOSbd}~97lk};u zr~X9^M;CcyA7<5S)T3?YN+ho>@o$)o~?Yfw6L8a%f@Wc>dBvFQ8T5U)dY$u*lq2U2{- zpF2&BAQ!%AC5GgKXq+Pudk9-i_7gTYX(J;_JzY$Q#;CoSoK z)x7sB$dNsO!oKSeAHIsc*(@whk4)oiPdIm)VN5(~b5Sv^x0~n{(6AVQk^AAMvOKBq z!icQeV!mY$abfw)=G(z}R@_u;{mIO2tQq90-^q40n&^AUsl-!4c4_`WlWoZ+=ez{Q_w?faq=A0XMt^$#$a|3vw~hBEz_(qGCj4 z=OBySb|q8CrFZM0g&-tg;hK6DC@ekvT=~lwyEBa1ABD>swLZz!`(@Ney4l;k&=U>6N*qa5cm9C^mHkS!^Sda9w}>! z6DDGDi3W&QQe25R(OJVCzW&afH(CxCE6YdlUiHm+b9B8t2I5 zPTo+|xLmak-tKeYE=Z_#+&ivLCNK>JnD4xIfZXIKD_-k);s6qK1N?AJ-r!6x<4)p_ z1OBvIfHNKFF7*4O-G?>&hgV#^`1lC%{){7oWgL?I(w=}o7Ten!BTihox`BC4>E-Ky zzEACi8nhms0ILUo8`gN)B1v=0s07U^X$6tszv-y`8%Eb0G&7v&3l$HbK zKB182hq=9Omjkz%)FMm>#effcw7N(GnK<8hZr=7AVIpp|GYe<%(8z$rb|-SyXj4;w zh1bW9MsJmI3r8ORo4>%vM=<<#&=~$l{N-bN13xAvx6FNXQah$K^}oO^Hy4N{a+j{> zz*B3WvkVYpkiH2oZ@(!9@l*6=KjV%9Mqyn`wp(OCz#`kar<#Y%cJlVI=V+Md$5T>z z{b=nd#h5f7X3Mv=VkCh}3Lf@#dNr5rl=Y(F1Sl@@LOGVuJ(q>t&KvIc>!jWYfDwG! zHL3V>WWkI-_s4~;d-7~3XA3Vb1p4)pTBQD)lzwR&ovf~Q>|^D64`R%ZY`&GKHX}Ed zzsgRy+z!pV5r#FtlNZfALkMqexy?fvnIkEfg$4X|&ncC*_(Q@x{Dh76dA~5%Z_SlX zdNz-gOE#I>Yd?^XsskZ)@82?F49HtB-#RL~Iml8VL>F#5=I~Nj&ZAIu^0OHHGS=B# zQKs0j*4!R-ST>)Oa<;fH-Hyc?Aj@jlz!p_Wank+PiuTqRt4TL_`^K13Rb3Hj$bfXh zJHAB zh$MJ(J%2s7Q0|k!p;^qm7W=#cE=rlVt-ryI#U}0>DJwdad@w(^a=kJ?`VilbLQ8FR zNmW?S>EsfWlL5UY^PKQjOqaW`D%oHffebibz`sCgMNN`P@D{Ap5V*|A<^piwd;GGee@$SlDk{$51(25J9CIjNa|BmkUU-@@^ZJIK30Th|kbo>L_6(ibTPhGJGBrA53xW&u; z*VLqGpuNMU71+de6>pImi>wq6N?k!~F}R{6=%@7|hXAm0(HlOL+Zn)e!$l0S<3Yi+ zzov+nAMtOgvADm|akPm3u1(`!nf7HD?EM7qnE}IR7jme(UossD) zynL5;FUnDq*dEFqmvP7Ohh&+{6q|EzkmXR)lW_;*g)h7ZFZr=)tU3YEJY$auZ;WXBD)-0R3V%9ORVeqf%P)bDV$JxWjC{>3iN4o z(NZ^`M&Sac%I%#`2qS73s49+!)o{i9;IsZ}glc0#0+c@M==JM*mmC!?e^V?mOwfdX z|C>Vp0{Snf6)dygj;AeeZC`&6U^?_Xpcx%2P1SF+eel=u$+Pwr9er;5Y4a^^yRGhU zL`a=lU&c{(QhGkRb?NMcU8>d&5q)HpswFZitQ~99&ex5Cy6S)d5f{qrp;YvM!6kBjRuf`ak7Y|Ih?}~A-Aik3K z$5qWX8)w(Aqi2;AL1}l`n*`=o)K9j&(#96kYG-T=%7t2tDvm_#T|`PK`JPyZpY~k4 zN+K)~;DAg%6Q9r}gx8E|xr z1(DVw?a?*)4{I(!>tZ92C)p?j&%p`wJ7{4Bh#7TkPt<8)nk6yH2*b#!Y$s$sNxsCB zub9f!j{>ev>Cq{HRILm2kf0c;VKNK{d;X*Y85yfv{DrQ4awkeJR)fDoTHh@-09?rD zbZzO^ET#+`7*pY5A4h;{9NfgTHkCL!0#edR;W+M1=I$8CJFgI(#wI!r@_l*m)Y6{B zRRIM6l*|TbFIm+zq{vLX33aVe@Is zMZfyI<6l8YR2dMrb?y+`Dyk;fE_oDe%wECqYg=0RI{KDULLhtsgw8&iXR-*{IA%(u zjZ%PLuiR@8b@nIsuGYg5wO*N%o@~f@sZHk5-R_j38!X6h(j(Yg1A_kr~;>@mr20mw+ z5Bi@xwP)PvZ3D`}0gVa8y%elc1sn-| zXr4u6WQJw4X2`7GMr3g9rJFu>tF#1N#4+`sp~YTO|J3>C(f<2$+N`E4)0D7&xITV} zqys+T2}?$D1xTE}@?HNZ;)TjNpY6Cu1CPTbx|rvjvi#g=lZE6E3lbL;<-qT;_J2|; z{%fRee?OK!7m-rmBKh@4HHwdOAB?w>WrWUGol`Rh{I=d_KDncX7APqMu+lDvhgRNXIR85wIzW2P*x$HZ}b0}9%hEKZ1;hbR0G_p zu8}~^a0Z8uSQWBiRQ^My-B7D>TVbEi#*Fc#;ePYZi3kQYlYc-yy1+T6siKlKsl01e zYu6J=SYwTMh{a9P`r4Y}wm8~&z`5XNddgihF`ht?___4BuS8pf8vvFdP3~DPhtt&CJMjJ9|R(BIDf|5VB#y$D6`ZfxW-T^tr!LE5dMd zhm{sNrhYw{>o#)XX%PFOH(F6l=$7-&q#)u34+=8S-xmeu&EndxzTO zi`X!qnGbOZ|Dmb#-}bw|6gb$6f6cUfr2I=TD8K%*8Y=ja#Mgd_AgmpUUiI0qpk9|f zX_i`ptpE`E-V^z6iv=T~9W3ZBwrqzl8eo4@2$KhI98R3s@E9`YXuJ4`yqC|4&!$f) zukVf=*bo&0MlLZ{?L8cj)K0VIv@rDYp%v~|=oe*mXy$z`;19o`0p{!aKH$wK2?s`E zP@=osJ{R4g-Cb;c7x0-G+R|Op!G)3TAg{6zO;U{%w7AS>_y6$&2zOo*?2bt%hFJe% zX;=Wt2A9RhgSjDE3pzX05AzO*vF(cplh`j8VD>1f?hOfL*GId*f2_-wkFfdph%o4G9BIONyG&y?d-1v)XeqE z+9FfvClzx{^?_8rk&%YnCmt(3M4a>}Ig|xNWkbvkhX-Zud@b~E3YGvOzUmIj%?$hl zG;hsr0pL&#%t88WP~j`^!LC_f`G;l7(}BCTip&;oo3!9@^AT&kCs>2D0K})`Q3641 zDi??eK<{z45Z__iZtOsQv9B}n6h*1%I=BRJjo>!q->FJzu{0rLmd|r#(FP59AaxBhP_!E$(dx{ zH8;FC7yLe=)i6S0$i#S9yqw{59_pI-nNE|T+a`-xL37l@|#)S zZ0FB_es$x;XxSJWcAcn@aI$2U_Ikr6qo^S^4T0LL6~v*C>NxbMmVxI0vzNk3<{8nf zly*KG){vB6KD=-RS(=K%i1VS*63^M6Kk=85UXPJ;R*O001-o}uy=#aLa7h$Lx?ND= z(PG7z#Fvb3&DcpqVPA8dU@|Md_y`qM$XhRz&=*uD{jFqqEuX}d&#{uT-e~Fx+D#mF z^Ii>@F@(;R!i7clG#qRiI&W^w0)J0l+GM68yDq;hSgw}S2KCV$Huam0Rt(>pwl@`6 zX3~*3DGV{=vfj2DCyuL%|3cIw{suX;)DCQ=^(Zx=J?sDoEGa`j7%Gp&7ar(e19L{x zS8&h&h`7E|dP6=ii1CuYfb}1VkZAa60y3jvIefY4z*EU!14*!k7R@Q}ZOzc#*TvdE zpr!$e!KkN|LVVWY1;Izc-tIPYv-$J#1V^uN!K)qB77AES+!563G(;QIJZhN zT)Er3EN+%1&J8VfWP3UF$1`BLNR>Q0f&)%BE+5K+=L5-FLF=rUjmhqt=iD394c{St z@%$0a>0y(dXq*pR=hcG3$O+EAjhBlr6HGeeT)VB=k9BYQ=qJmUj763`w79=mIdqwS z-(p|Iepcp(;9kmb-{}RbwF+x8=W__x^<)3sYn|GFM701KJFt^w-S#K93`GpwJqMd_ z28jFi@e>h^dRWugqov6XKy^s<>tDOX0Y$laW>SRVA%@~n8|~ALjpRc9m(M<{MeMx} zfFXNN;Ks?SE`PO*y+d)nVi@SkfHXsrVEk=mVVC4qmM)oJLC^o`rou;QX4(rq0o^hQ=Nu=Dqk}j1{%|LiqOLVA53> zynkC%qZ?w$f*uH2r?vX$CQN85`-~V8H8>jXEi@8)HI9-N{5DS$*AzuDn#Nuasossj zsGfzf=G0E|niiw?>~WwkS@46{@|As==HhdcIM=QMw!d$$*|nLC_$W2VyiP1Cv0ozV zmBOO%vSs?*%1g2F^Qq@I0^5yE#>V~poa3UeXRRa5hAemhl_H{(py3IunaBUP``)IP z)bCi`H^#RoYcvsNFEL9zn@C15i;KT8Jn>y>xrB(dHy$A~q z%`^;2A%VW;#W8m2SWFnxSEPC`a^hyC6T>Gnl~AqK86xGaLyqYA)z)9}4B3;P3qy&Z zLjYXbBphe{P%jjulodmWj5@pc2ue4ufOSqwK-v1DUytsWMhOoCiX%Vwd+%`z%W?M( z+|-MUxs<1xWf_Z{ZdiZ=>1Ze*dwpM=w2_3%Y_t2c%clKI@3ktJ=~1ts2npT?1l4}gZwcQxYM zQ~Td$ONBAf?&;sa7y7R?< zi}B%OL2e8aB{po@PIzePhz>!WQHBVQ-KCeZx4`B>cr2iv7eZe?1)v2aizK5Rz! zfpvYj;?gi*JyV|5dW}RidSx9c8h{EDtKMi@O->FS0rnn~86m5k^(wJDO4kEWX0=G3 zMLcQUJ|43((0r*yn;v|A^~O9e`ptZs@;R2v0mTUoEGnfy`<7sN-J0@HPZ5ywx76um z$0FIG1mv_7w+|?T6a9MO&f==)1?c;PBZP-%_2LxoZz;Vs>GT8O3ODNLtJv&8rj~wztDWoM=;udD*?zOle12{%qdDTNmE*QTD9=+ezB1RP(Y)j>TyVeF9XwLyPqs6| z&yLlG>3wzYz!$8pK6PL81@W%R7?gX^ut6kxk8f~;dDVin5HfOk3`<^E@MQm{unB)$ z+##GlKA5g#D^@q<9kkFaY40GrkxTrh^u?_^rp|`f>Ul?P(FtDG{kl-pTgs=)x7() z_)B;UX2LN=5V^-^P8NWOt%C`GH`m~LvCxo0Q|FZki#u#gkHZz&h-Ssv!&RgEM7z5! zSAUKYv+TfH5^@Y|HANTkB4piwqmWwihK*JXPSlhSq_wF>xP7)b9-Dr>2P+|^r}R>y z`+(&@vFLJA%O^rXTahlqymcP~k>KKxz3Tc}K6ouoNA}vYFx+wta(E4${4`2vci&L1 zDm{?2{H;0P)qw`1v|1p3nfg{c%c`@%teCT;1EOc6aQ$!WQlpE%tZQ+v8I5s-$Hne3 zgT+0B%pHt)4W3$knuBZ!y}OV$>PMVWr)OpgTI?z~vuhg`nUk)u>M-nPZ=+fxOzxtz z9}C){iea7-?(>mP9!}V)`;Llv+_oYeVM1{d(RDsn?+InNE^m${(qZ!)bQjA41IKX0 zyz0aumXzgqYq`~C=Z05gzdzfx$<0z0|7Q{}8*rpU?N4e;x8s9t6-E9{Q*p|>#643k zM62`X9IHZZe3R{!JMHPMmlvYqT^P#uWKm)zbjy3zN_es4SG_KHYyGg)5f!(}R+Jq& zqOKpS^D~jc&&gYl!Wv85j_s{zmD=tQX(w&ID_5Jf)oQR*3@i_AMvg?g1z4x{)H_kn zC;AI0P2L!Qklut+pntZ!DUF`O!A@#f6d!LKBw(N7S?m)bZ?jh??N$N{?BPb{0hG{% z*)`A<{lDFc|0S>cf96=~|8DT)gafb^e0vsP$MZeEW8&y~Y^~j7V1cLP`^i<%(IT_{K0wqVRJc9L^U(ZnTaYjPFeWUgMmj6OGgE!U<91cO)VFb_rQNnyqa$x$sWrS&M!Ls7*ermOjGb zyLnbsZSXX0VX@C_IKs+)x@y!IGK!8<=J;{NbIj`8;S@V#J_lkxajp~S^{;Bt^A*PpJW*{}ay!IsWvFSor`qMP)l|RL;LjNv|5F4XV>X^5 zi@V3n;sXH(zESokz%$ymarG~t%%X?GvrkSti+3}jw6-`<-dkXPK1ebY z-@}H9qahZzC8l+lsea{-Xt|9D()xJjJ@>NwRdYH9VZ=zM`mtdWB0u79@|Mk*czf|z zR9jJQ)jeE16dwaUM;-=D!)H_N^5!Ac9%Vllm4fCG-XQL)@ZP2kdkI*FyIVfEN&rE64WJi_1fyzlw|Br* zV(mADigVB>%s1SEHSQ>0r-e`~xdtS1B0H|77VUxCUJhM&ZocqdC{{!S)DyfbDi;@bu!N_cs%|G2YU z2F8>$e<|MnH-&vYv{eBwvrKIvvtk|i1L`e z^_}h4p>B~A5B<&7f0XRy3XM6$n1T0|6#0(h0MW|<9MyTb5nNocg5FsA1G=<(UqBOG z2AtGIlx!=tN_kYK%VMANDjSoEd1|U)|-scx7kre&+3!PW1YeB_Q%}n4d|E>I8S5pqX#E z8!9&r3x`!qlReZld6F!EUtLtNc!xyVhAy7OHE%0jQ&e zR}EUZO6qO^)=pOgPovwaoX`PzGc^6%#0AG!4t6c~c(kRs;CBk z`0|-|XQ=cYm(J$}WsGy8P(j&&>7);~p&;~0Gx5NHEv6DzncV=Ijdu#*ulKjGx1Bo) zM06I6^{7tZ0TUiiGYkrg{8(P({*0=R-u>F&yrXJ0u_PdJf9`a%Gf(%r@!BO81%vqD zGj^j%g1*ZtsxTc7k?+l3YrB^i!Dz{tNFNN$=?%%_1gw{V6X#)AXe08`_QsEda!s!I zyUq8RtOpy=6kR$HQ7*l=geqR057#Xub-z7PPyPi<5$B`Rkdf5=%=c3LN8C_mUpE4w zoqr&Yl204;lrJT)6i^>2`og<9s0WD>^ZvCvw?Z17YPc7uh%|O2s(I+-^dTv&gXF-L z)6W-njqhurh%8s(DG`!ho1GK5@>pU}a%_Hpx2>1_Wv>+8{`YFe5vmsRYmw3IsyRmQ zJ~kZI6|Vk*W`Z>m6cGMN>ED0p%iq;m+t-OR+gX*l6YqwXC4T$MGUm^W;NCVZ=>>A8 z9o4(FIS@C{x`Bb(RK+W$(^6e4Z8ue)B!4+#JH)uBRg@XIO45#U(#eb{^iD)lqJh9; zMd8YC3LiA7e+WGppVHK<^|u!oza0t8up=eh?#b?)xC~3Dw2)GImsG&mYh3c|5NA!S zN8BUsiam64_k4)%PVbjweba>3@|WGbFl6r{@Ef!HNYd9s1_Hxw0>@*0WsAY&P!H}c zl+g%t-!7m?np7@<2&CzCT5=7!y>;J8fW)YLH5<2VkpuGw=>Fjlwd-Be4dBU4WMNRi zBboM*zR{OE3blnoB9e+2G17tkg?6S6AWj}oIH(wbKGZQ_5@+Xu zHtMcyW=HPNu|DI})8Gg)=fmi5OqhT|nSQhd{cn2EIdYoy@oN(g)e%@5J%M+tN8{`9y&oC}TBy97U$wq|DuUjMu(>$*{ZtdRF(X!0yScU(XzmanPYL+$c;}oS zMDJ2sj#RNLUNyCNMe66-8Ioqov%hD`3oJ1d8Q6zn5jCPut@`qMW$EaE0F#G9<|{eA z;LwUSiwjox_X<0I#N{dcSH{oNXzG4`!QuSjw@t~NN*2MZFK~+sIeew2MEC+O;=6gO z-k|jCquCAIOAMAB+6!2??bJ?JXJk|tr4Kpm+=Na60aQK;3t|6-a=X7CZ#Q+>9vSyD zs-MtzT5;tYy+rf3gngFxh+&J$2^~5_=v`C0E}L6IxP^Pcm7j%u$bnqNE3+%nV&}K? ziz)8#eBBIpBO9D)JeCNXhT!4ipRflyP{{||4l&hJ8_4Koi@F28!pyV?+OC*X1WL)Z zwk^SS26aX7Btq0TwixIuKMG=i^r+p#`MIdMsYhor?uqlvTr-IMs;A-0Nxb&&}{8#cDj zKU?ShoW14UR;=^~baP9A&=okBcAcvqGJCPS=h4&Qx(oWXoH>gIGZTm2ru+-2R&sO? zR_eK2cB;YXtIxlF$5R=2?sY%XSNHMMOwZm-4v*G0oDiY^-TBti+;79KC29a+PE6W_ zMBF_-<@jnMuZTUFp#akDZ>3&NX+W znfvM`IUJu)UW1`opmTw5wQhVBRB$wg<-8{#UCp5H>LX|_nXgh}pv?+6CE69^ zWy=tqm<1XcV}OF%0JIDoVTRp}Q4-IYaZQP%RA=Kd8$Gr5esG;ldsj&ZZOTj_VS|Vi z#ifdZWU5*wzkpYQT1B3?1YbsKG3;4GJzQWC-kT|~ln_1{5jRdIVUh)gX7he_=R|tg zNM)8z{UDNY`8&`EatH!ZYBCBER-9^u{WM2BEbU>dLKySumYlgNR7Y`z8 zc2h)cGxx#`SBn?h%!|4q<{37WQZ@;mn@?Tk_e;Ol$~?eVDvd=|+n0({r=HKSVePMG zCAEKA%Mrw;Ys<{MR)13<`j;SLKU*P0t1cS6>ci?@cZk;4PhixhZ}UPRZU z8_U>a89WQzxtXJg99f~1EB2s%wPYD<`$O?%aK~)rh*-OI~D| z?cSB;QFVR3t5btF@==z1A0?k&9yoQq6Gy_wvMzEm0L>j!wpIu@*Y zNgC+QH{%scy<#$KEIouACVTrMhHE&_Ww56K=@96-UKQl`tiG%Fm}YTOd>nc*ZjD&{ zEKyguXpjhqCuKxnkX_6f&BW;H#O1x(KrT zGhfw*)iG7S(sr4_mFI2up;cx!q?Sr3^J&6&ek`{?VbQ%Rp4k=<`NH%SXx*93d0^;i z+>w7bXlW!KtEUtD^@(X*P27yxkr!~9>{u{BsdppoC1?0Cf;(U@>zP|(*;zRm}c80Ov5{i5P_ z?c_w|%u|^YLBz*3{kr4f_GWf*!0C|6R0z14`8=KW1M^gP>fy?nTC-UA16toy-pRWU zy%>2$zJtSoa>rgnQQM@kYzIH!!y)tj2vUTf)Ij%ZG3<`e#Qh1-o3jp^D=y2bPX6)X zUS_`ch08wcT>w|6I~MONPPxi1oY1TPfKhgamc_e^?{Jr#%`5q#Vu9cg|pKPRLOv!hzJ{gCFvGaewHv0e>_5@>tkhqS{r_1gE zs_&zwgh2qsOwz<|w%?FDGsRwZ!Wts(H-(E5?bXC?8YO-FGUfyOrPP?eU!+EUmhdCs zl7Qa)l=*Vv=DlYLH#~3!XK=j($(hYf(U|p|lCXmO>cwuSsr2wEc{p>EfVXKs{iZt`xX7W=D+Pcn`zMcrZn}C>%R;Q`6o~n>#~!K z{X)Bx6|}N1SfXB*lA*Xz(v2&_juDMNEIRa>U>#`l7UW-g$ztrTGs0T=m&427pIzy7 z^Vi&|xTT_TkVagVbU@Z|)9If1iA(Y9vUQlig0*(&;HGDVrl2V^z zUkhL6XiBdULdTI5<56C)JP6n*0q1!(!u7-u^Veov`C5TR6S|z1GWn#@+d$3^-(+yV ze_PsCFpq=fs1>vkhie#Tv-^{G#h(qiDNk@y%&@JtOFvK+gHVm`h<)p>?<{-z$)Uin z!&rn?ia_r$oNgAX-Q~YYb*?OQf9f=q9&Kuw#|7}#?lYUW#MQW!#GGqeB^TIMhgXjI z7`866;Ki$j7K=>O!UX)NARgr0`n*9}AB{$p&kk}zZq$hNlrB!j=#Ysy5|6J|6DJ)O znS4b_XATd}MFw(!Gixl6W6n?9#GDvjQOO>Xvt66%ULhgjAqQAK7M`-VT;u#DXUbYm zJU2QVTAcZ5T~38j&gBWow5ZRj(Y%hVa=$Pjy)J&hlnIXx`3uL2=DinKjrq38T&Hi*Or>C@{uu~`kA1a>3@mG6yNAosATsB<8sfz90+ zbBNbDSeA3nA$d~UoK)M;w(ms^mjej|lkrb=4XFx?${L~JF>LoQXIRnq&A2L7wO`aQ zNvaGSg%@&ZjI?-2$~7Srf{fNnzQH$K5&l+W(PzbJSps}vx4b*WbJ0i#5zLIuf zfH8q|Ybz^N;T=_rHOEL)9OSQzfqquk73{UOXt3!aP`wlxYbN;r3^=2Vv^}@h1+y*h-1A1(%lca6V!v+aU_*_J!J$O=df(uXGx5umkP6GQj*$tvm>XgD z%v++b`k2K9Bn9P!E^wAi_4VUH(gktu{F%)!&jlB(-4PHZ_aZbhP3AiWIis(~LiMAq z2W9s#2shny$-oC`Er=jX41I5|soZJWUx#Rp#PPCht78#+3ldrwxOh?)R^O!2^hAS& zKmam4*w~Q;f&?*Y`1UC|If|UqmsD<#G9>ZGXdGlMJ@hAQ^??cQ-En~*HN~+d$(CLT zf6WdpAhX^zNsd~~OlOtnfKV?CZ&4n&PF;!e-7f)NVId) zqcLtQ6cM%#lNDo_f$L?!{t0-LSYzd1wg$-e@X*_c8T=5!=+}}1`P#rtadCkI_$693 z1?Za>3fspuTL)V<0~?T21(99F(TO{IvA~TgJOK zHN^wDRqJbRiwzyqU2hxKudQEcu$W#i>|4jqZXDdyYpW3Y9l}ca-iiivmydr8=4{cH z6I1cX13mP)h_lD``WFhj?1$sEAIDsbc{{Qkw_d0BG+BrZGj$oVlGe0@1*AS7mT#KP zTZ=NTj=9~QxbMmETkqOs+{ND%UXqgS?evkJkQ|h7{XQEp68va;==^iNDSrw*xxVK4 z@M{g_2Kz{Px>`TwrPHd&QsSTcu1HPx;M}vQa34^|d?~#guy=^q&JKJMQ~;3-nVMJf z0A;Qf^emPHJEZ#?M4wF;m1#BNW;RwTnpqD~u1#JGMmq3`d>6v?Kq{)hcFTGcUGRCl z`H)l{#d8)A6Wq@pLPZ+-plv4;Xpzp6ni{(#PYA{8;HK_NvZ4rg!{ygR{0^8HnCHd> zX`V#h^cTsvhXa7OC_<0Big?;2e6Tb0hSHcCld&UYpM6GW584RifU!xS^t%U5r*Z01 zQx!zL+M^831OAN2hjv{>#`QEhZ>etD`wFK}Qr+wt1mXzvDbsanUSijPNn_<%l6qca zEr&bX0Bkrn{0w~VcvxI#PkO?eJEHh(QtRib3U93Sg_Uh>K5q-A$FW#3#y2=|K&uRQ zI=g$D^{&04ck3S^X%_S`&b;es;lW|44!Q)5oHtc`cGZqxWYjYMw1syu%Bi=L!!_16 z(#MtlbU1$h1Xg=<49acL>_uOc>X(Ks2fK6+-DHlF9{-=Mp#NnB#=oll^6{kkfBt*u z{sfU-Tb|{)HuJY~&zA91Ol;s)#?@|07^BHcn#%$K6@V3tEloL3cuLLd(Z4%QNjA@R z@}vgS$w<&(i9?+EtoffP)&BN0^@~L*_jQEvsssFw<%;TE%dJUyY}{JftmgKP2I#Hrj4bszZgy|3h=N7;(GY+Vz5WH4J+5m-~e z&4_3PePylNSBGpXYMpvfdl8h-nnqL0HRv?^nC53HZEhl%8*KG>;A7Vc$N1)mf}t+$ z(VbIK99mqT1e^*!C{&yM;vmg~{2`d1s>C}AiBq}%XMIOGQ&65ByvZYVXR&@bln ze0xL8WnaSJ1tNmj^bltk14!-ItH4^9Ppr5gQhdp%HRHG*rxW(9C~+@ki(!OtlRBQ? ztA0HO8x*FAe1*vWYC54WGqok*QOu!vr`x{tZ-y_?!xFng-Yu{Vevwe9pwj&nTLF|} z?^;Z!9&YY52|XL!TtO}02pkwSwtXpS$)`0VN*;aQ_?d6fXW@UAItU+5FOD9cL~6w` zkZDNO5=EDO8Hdu$#K2}26JL#gO|M(YuTz_NiMhd0^*L`EdkwMc`TIs+U*vj$N>)^D z9EsH5r{B^d-Y?u(a*_AvJhRoda9#Vx&*aP90B=qFKpuXyeJ)jm+TMj0!nz9FlPX#% zBP}~7m4v}OIm*h4`yXY#iBSJq|$>x7PWKFHfM-%o9vdjiDA+fgSxV z63><OT5c^p8uiSf3x!KV6Tu>`Fh>9@V3={q&>%IHdZ*a^}-iw~9-4hD` zM9f>AdOm)T9(gmaM$-;PBP46++nGcqA0c(Amm`+;qF2vir#V0n2FlBzC;Mfk%b5qxHQjC--`_G!pfvH#HBYdf zT}tjR$;y35i*3S88{SAGl;Ncl3M*Wl3zGr7KoW{)x!^wWDvIVFCieA1%WY_gmmwE-|i9O2<+ce(+A`jZ0>LB+ZG2sIb+bk#f*64cvP zbg=LgCHF@%Gv^1x5IsRNH}2&kTYe)p4$XR`e7dw{zPOeGVK?o}46D8#n`d~7pC{2#U5O{nevgS{`0Yw}#v##(DDB2^0rDAW}dfy!Fh zVyl3N6gRd6NEHZ#7$UMHNJz9Q2nZaYK!E}(n*t%Sga`>qWmQ8&c1Z{^K@fo?gf);5 zzsECk=Ifa`GiTk@y9li;8D8n)k}U~K(n z`<(-dy+T)r_e?ISvlfSi_bvgGAv2$jaeR%5)Objvyr3x7GN}>=MlGC+BgmCR*_C$j zwtxZ;SS-s}GF%%?q;Z#`6f~F|nB+viCaU?NR4aTYbbMCIYo1bTyd8VR@Wv4YX!QLu z9D3gL@9u{-cT@I{&iXe6d%ge#91W1e!CKGHvF#S)x{{6e&iI(M+{4A6qr>HRYeFy@RFISg60kaoFA6MRx@qw?!%r5cLaGd>QPHcastXrcl9jGyjMJ@ zp@n5_x5*xd(8$Lg&A{X4Z)5J&yfm*kVUmsRi&_k8r>dsXc9kpm(ToMxN}SubQVsf7 zAsolNa@Z4PsSVd_9Q#Stb$#Q!h?lJT zZT5Y%J!$UVc{1-0vqbkpcn6Ym5b8ci?rJ9mVu8V#tsgI>2Ns>yp*JCrpRG7S%ab$B z&~iSA9ZY2CwUNA^ph`RLzZzN=*|o(L6*yN1ob0TU`FUyCyhtP+JGytg__9jY7$|0KOHY5{)$?eg`L5dNw zcsA-;RK2v0$Ve40AMWrg10n;fRJ>iug!1d!9&y(#g`L2>m+I958MdXns{%UZsn4+XeKWvDA4tXWZUq2zp{kA7KsDwINElrl)orFv z^W~(~ppFIOE_B_1yZ`K=Hz2VGX>}0b*UwqL0LUKae~J;+t!hpVkL+0t5231-PM&kF z_w|M?B?G%_^hi)A)9@f5)BD7c?&B&Pf##GWMow=Gv%4q01qi@By0mX+e_>cFicL`LTa)Mptr zk-+R{%IiR1*}@#}6%)`*sR2k#lXUj)C9PH!jbc7^E5f~1Zha_toEB6aeP|r!1-0ab zDN}WpFEK$<8$SlfQ|kZGxt;$aX5Iu7s<*6e6$af3omc;yV>F&0ab$EnnHlHsAq`{! zr;3A*+Ca(8-&|qcKL8|?Kh)^k)$x}{sY(JQUJ}cfPcq8xUps<{=c~`V#St{>UfS9P z*I$i%Fq)d{s63#}OaMZ>zHaaot$)JTL+Yy$J_1|UtJMO@(LTWEC)vN$Mx@V)&Z6VY zWJ7}rxhnPE7*>xq7g zsxGV@%|t$y?m?sUr_ezV+7O*SRSFNwcRcc}`=_S=~vy0pL!MZFrO zQd6Aw<)3w2_6A`BA40+b1LA5b7s#pFoB^-%<$~GP_pw~^&L{HA1G=r%^->#bE}zrC&J~^Sr~i*V}}g*dbV&p?g{1X{bJEY3>CSEHd`j$^58t@y60h7 za~84Q4k~zN$%mk+QLUC}ya9QNvAbICI?2XHKlI^44P(<7C*A-Ht7QVvnh}#^sK+ut zz>LF#P5**x%zKrS2IS!T*X(1ZTgZyTi??P0C}VOG(AWOpuD|s-ex1~%4ZE_GVnJT} z?&@&Xpyk!%O3lwv{{> zIZoPpb2Rt_RB*<__4$h^Y9|df0e$!Yy2@xD=SKCKqcx{vd90)QHj2G6z5uSOP@iFB zmY1}ZQuQ*n9J?2r<=DU&X72vBoY~|Jp)*H-?^gfMe{ciet%bPB_Q+^H_WVrht)iY{ zR7Jk!q)Vg~EfZLa-Bt$o`y;q>#vlFY(n18`jlCk?yq_OZ$dUkb=uO4g0#v6Tb-tR`49 zQ;)to5>q@ey#yuRhOz31n_}Y-G)jiJrY?ke2=!seE$&{b7)khYCCu-beZ7Jh0O*RZ0c2Nu)`}S3HzDd6g#g; zB3DcE9E`{DiE3EwJX~i8>Uk~|j9x;T76DS@cEjGZX#nqD{w^1rh>%KdlBP$~)vgGK zj{jj8!(9wF53XjfdDp^f#QMf6K}HcVBawAJKh+ zAF+CX^enr%tAnVGV|hv?x5<&D&`B2-D@QvajT%jyCNH@YX7Q_f|0GpcgXjMB?g{*)Ulr4OszB*DU10{&Yi>TkM4X{4|Jz%BYbn5;! zEAc;p9`vs?p*I1tRKbF@(r;_(8CX+n5i+2b;+QuLh`DB_$&cR3up%Dkn)T%Vs$<{C z((dB&;C*$5HWC9^@0(z;Ikzr2)Uv{#?ZrizqZOtmfQJzKN3$1qm%OK!jK&J0w|olx zW8b9JmzS@O`ybVuD38KE3ekKt%wg?lt9wq~-d+DD5)yd>Tk)gH8Sj<2hse@p{Y#BM z^oq7rZjSCbLE&> zGs74J(Py`un`8#at+Fjz?cH){*bGCbCD4gzavqi_PQ4tPsgJLmvd$_5c!LNPS+LCn zQr$>av)uYM;Ha59vQ54NosXJ2hM)TO;iKQRrBL|S$jWOXvJ zS62A~*M<7FRn&LdMGADkH{8;PL zu_QmwrA&K$nWem$@zKn95^hlvUiz+n@tpY~wyt?tc|DJ{M1W5GO9IIaGL8m&DVo;} zFM7qUnjB0Hu17s|UJT&sKBK*uwTgWOyqycB=U2+^jLnea^G-|Ee)uN(affDMvGd-k z@A%EtO0gwkR8I4h_s^OBSZ0jWM}GG+((!P@uX8QV$jn;dGg&y#lLPeB8e%ZCBm7N{ zRdft6U93XP2`$S?pJF7oUk@;LSpV=UwiHzg>&kUA3Xt140sST9U8#s^$rn60H2LcY zkRKamNe|eu54%cmS6pF^Jrett$jj7CR8wc#rGn#zy3vU=W5GxWtNg_mf`}X$NibFkuqB76h%I*q3LXNLth#f80d%kdyYg%E_|G7)za=X0|C@kM0Qi6(!n5AiAQy zWx|?3x>RFCS)gMNS0>FJtPw9)eEW}0HTgTK&F#|ogo`u8xX2wBg_Z?2Ujxb^q-pnu zkgQ+wLSBAcIP`yWY+kfPj&i*#L&c)HWJeD2ybm&Ke|Hy3m$+rvdEXFNtXkqxo&v(F zu+DB%--NX4MlCIW(xif3}|yC}#u9udZL+y$i#5=nSQ*BKm^y zJ%hra%k_ib)rXsF&RX%j_suH6`hD$sc8b3hw9!cwk4?m(Pioy!55Ii$I9C_l5*3jC z^^pHE0hnTlR6q&%E7G(FRchA4(5J`5aF=cSZiVi(T&(puw3*6FcTD#7hcD)#FXC

Sp|{3i4chsm)Bo*#$puop0%lXRZVnN~z6&*5oNfQSkG^DvY$tyFVokTOCwT3RvT zGHYw!Jfn&9g0jJEmnI=f;ZYP3riku+3Te80#oYDn@owN)%VYg9U;5g?Uqycm0>9w| zQ)Ged%u>9$JfacAd~YfN%<6jH7wJwqfUD^^yF{#EN{k}?zKr)yA0k$hr!OJSH99hC zP?>>XP>o1MtLXpnzbFFg5?yFx3?_~2ONz+Rb+R+qQI`tRrr1V&_E)c-l(O}PG#I`; zvG=GZtkwRixEf z`olr1F_#**P%876@AAVH9;MV#`bVpC7s`S?mwKa<<)0s0P4 zta$ef`&#`YFTX0X&U0Xi-V2lx`O1-QQ3pFJ&Z4L&-nt$jY#J~HJ#I49gH(avVQG!qZEE3q3d$ER zyV9(_?`yre?;3KE3kRSM?kQhG_j=t)P8DX5S*w#O^KM&YqpeyaMsAz>Vo1?&7YT`iZ85E> zHNoW8s^73ZGpftqEGzTr-PtWcysR>h-RV;ca%S7njWb;- zWNwT7`kBI8yMB<+h!{(f7ioe=itfaA&hWS`lztrltPg<21 zk@Ze9;h__9?a>nNZqohi@#RKwS_Rv7#|)q>9V?Z&dC!z&w!Nrb3`X0!lypT^4o>o~ zx>@95a#S_Bb7(GT_@f#PdKGZ6YB~z`F}mqrF%I<59n7slE&|K;^cRAiC%gmZ?B_34 zSA+r=9T42~i_|TNjQ8~~u@D|D9D1*^`TO1rv+mguVb5l3LorQ$pdegRtT-Y~RqU?s z4!MelbKo-t#L!dq)XmE%)OhHe7RWMM1PnzB$^75lHvJau-Jhym_v$~fWlyi~GzUvM zh8a(MLp^*1CPH6NU6UWrQmXgp9MIV}dto^foE|LeY5W00=eu09S~EP~ z%nDco==A-DW%>WKjQ?A{KH4$9(&aT#eNw6SxI3~U-yxI??FUTo(v)|IoHxl?fgZ`k z0W{`tHb&~P@1DS0v9oOAa?w;)F5P;M=2n-WA|mSDQX**%#?q-UT^(PhI?Yl?&=fHs zh~2QvuNne*wQ8{z$s3H09k09gjUa!YjchcypU#bf*LHR**t4tsAitn~AnR5M`FbSG zSz?a90=iP7dfNp=jrVH(_$S`lx!RfbGkqNtW2YZ9KtvU;qZj1t+)! z4@xo&L=#V0DriIw`CCAgI@#M2Rj=GJGlwf{wt|kNsVxlGUv~XC`wB8@miW-y$lbem znE=KraF#E;C0}p0qq(t%RJ^EzZtHJtbieto#w8{So@vWmM$o9H9g2fo0-WY|%RwcK zsOI6TE+F3|kx5k~@vUM@_WGd!gfoB^x0EZG65#0nY#4V9$7(;x;iWVM-bZ2!C#*4x z8dFAZp7V`bdk)#)DVPsNX|AiB#SQz{{$kO!uB8mA+|@hS(s+x1M{IGRYCaaqdEq## zct(FZ6v_}aR#;`oe6l3=S5?jPL!>|xQdF!fxnhxdiF0C$YI!W0zy z*F6EA7`;B3a)gd9yB&eHY1hFd=6ihXj^e7KJa}{FHK8Ev78EQ{SAI)ljj_4iUJ7{! zO!h-p+tZ~%_8U;cw3IJvZKl+rXsh~5MsuO?5B>}y2bFNXIyw>sSvRq`A|_J&>)jvA zX;dPGI>u9qBFsT}&L2DLzw-A5+*AwjDEw^l>Pgo{q{G}dJX!p_W z8ts%(*NY?1o7L5y-Q}B0S8F|T$2q9rQIAzgdbwz~S!_Q~XH}AizD%$OK?`^nOcj(} zHn~FT^$V@evh&bITNrt`9d`Hk)+o-vu;dGYJTSkW18}x$C3L(2BeiO&*HQIps|e|Z z8J8^H_An%xe%+tzfS9v)U(OBzHZdV?`Z%X{Xg~FKU24rFr}8X}!bn|oJ*#VEZ!zoc zUFIH`>uhC+udH#JGXV}xO{Ifwb=64D$jCN5p_{e;_7Fxu;Rr@z;eA)#r2CS>;dK+t z^YM)qtWNXfOOC7Vu}HN3(3_NX$whe)NwdJ-9AsjTSBjjTD0ilMF#5BdQCaY<(8(k; zI!y1~J(xQvCjcPMWi0Y(el6hFSYX~7C#Ga@+TN>t`E`^mC3uNg(Ub<&fGZ-4$sUx( zbirPeAd83I+U^KLd7E-pgjj|t!6Y1!q_(f)RQkA!i(!m&Xz`p_XPY||3890~Y$C;D zV(rsN@=a)FRrNiW64XlP0PxcWA&}99{;LBMW4wLiH^O7bd`Yx1%pw8qn?3$PaT=8c zc#LG(w+pGVpd5wifDNUzH{ix}K>*PVWSG&S_=>CLNaeaX%vM~~lH-iNV&@j*pk6Fb z=CYsAt)BJ#rHGnI4Mo74W~)A|g@1;()t}B954*v5bDHQP%j0n`sjUBydlqNW>pXkI zqn3lz5#Ro5PzxsCm%&fW3^CD$-%)xwD}pL9bY!nbF2W`!Pd~Z>k*HEaEQ5s%m<^2p zt!R)fdi$eJT4q0Ewq|hiUB#z>K^}?nJ;^!-39dyCB!xxWwMLOvC;ZbLQ%qzZk*@Cj zn}&n`(6jbGJwvZ53TF-8=`XbFuWI?G-UMc!zO`VZAx^mZMEqy}a#Z(kIl}&bzQ%M^ zX$N-K$ch$%A@OM&Xcqkdo^#J4Ci5>hIVz)uzh>C>zjdEre)?Wz+z@C?h>IaAOCS97 z|BV9om)@VlY`}jVx=XA8KYa#gBnMl zT#2<=+}`xKuD}KL(>!v6%f>sEOa?{>RarsM`|z$!FX`W#Lo_C~BERDMsmAX1s`C#I zjBH?Hw z>on#DTghu1WpXd+`UJ(+FzNc1+GF~!#(S%%zV9|v3$kpY03Oglf69&Y=_~EE-!H3u zVy_*i6psFq4c(Yq{$w#Blj2I=j@({jCDC?=hZ|af?32^$>D_+YY;6K(vW3}kb!1gT zWTV0D@0(njG>>SL?gjhLX$tqhR~gGAs-l-+R|a)o6L0E#QX)SxBukvMNx(Z}irA4s z6|wgn3fhWBx(}(*mO^NrAfhETFH$Ae#R1O}s>Pg^B?#5mztic6r@%FX*@C3lkhd;9 z;+=7Z6*;=0?-bAO&+YbQV#j^i;1sH22{cn5%CK!KC8YS9k?_xOmO}R4RJXoR(wjt8 z3MTKVS6N0#4UmBx6uT`xSj+hbBeMUgH_NZT?|(WRBDgJYoljjERaYiebu<%ajX{U< z3v+&7)v@R4qfb`8ZPPtDatd;=O0pc}n|fgZR~!^859_-@o6VpZ}NE zPmXQ&;^Bm<3pc;Dm&PH$crLd8uIkcX@T{xgD7(iwAM|vIc(DHeub%Gjuj6MxJr^aw z?<1(o_$}CHfp+wPmnfZZ^8u?zVkBh1gpDzfo0`lhD*Gh>t4ri5Sp*$M)`|=HbKLVu z7df%U&%9t)1E%iS96{`s2mIZY9?JwoaXb7T!{@gI+TuiCc(?uA(%Zi>z~9 z1i!&Kw63}-hDPmN_8bG$aKJ9?|gEi|w{N|NM4-^+( zvrKd*ULvvST^lzKb9ogo(>VUdq+PLNnCvU0h#ya{F92cIA6t);v9V}j;ns;HKwi_& zY78xrCop`OQ4ScBF|cvQgrHFZt@s6q`a7Ldn|lNJaG5WtrrENlN!9efe&RFaE)2pA<(Bh<-DMf{e01LRg|PI3kJMV(?WGSF-E3= zs{AXh*%m2l?(&GF=QXrIsd;5lWVZd zh;83IAPzc!p9kgZdIcQ$yEX5Dj2JBtfkIM2lX>M<`m>t7kf~bYM8m<^RZa=uVC+mb zQ_`%IN$JCry?k9r1YHH9(uvSWJSMFxSxPUF?%kKI9;7gZA zhr8daRCw^h4CH66r1HInn5V6*Bg(5cQ^u_3F=o)5UF5-B5x3U)NWYg^_Bvu@dd zFZ{t1!J}kgcOQN&DVVTp=Iw2a3EoEN>NldBuXUamwq^Apa}f5lqcgrrVlob2^tfhM znmA^^3)c*ZS8nL1G-x_$J~G=ys-tQHJh;LCEEgMTkqTyI!to4YS9}<*Kpa)`!^pr9 zld;Cy+@Af#v;BFPpDP*&AejQhFR9F18{P&6-jWSC?s@Cb%!f}o@tJRpDE-BYHO~5q z`DBE{oYrc|u%X#m+45`Go#LGhgKjx!^FMs|XlVH4_rZX9mgkQ#T5Cv5A53@tG~)Yv3~`EH0vJ;dMAQ>k zxA*UL0&DLnaD5yE9I=%n57wRpLNg0zg}0EL43)&!@wMSNluK`2jNwyZZB1PsKHb^6 zemqwTvy7-)Gd=H__D-iOL7^r!bev&Ot2%^SwGhsDOiWo#%E)a0y$$T~XqbQSE2|L> z)53=?dslWWmbfVgu*o*d(tE#4yG!pkM``2^XlqHT#v_p+n}FqUSN-&TdRe>jknbt{ z;l79+XFYl&(N{N*b5A^_enp{+C`>x@pn|l@;YdAOpV^v}TO>1Y0wZIs6o@r)KHm1}PmL6H~Km75dyl6iRk?j~X4T=Lq{y;%<{ zy^)RC@rq-D=!H+X{`(pb)lLyyY;?$THl_aIasUT-u`^7(aKu)pqcuGi=lzdCi8Zh#Dg@dhYF~pdC`It|Bu72gGy<5IL z?uc#QENm4922wLsUBaLgh+xf(aO4SslT{WOwj-+0OPRJ>jNF4 zPXYt5*fu6NNS1^`J}ev|2El?~GIHs}ie)CgWtDuG$g4tukbwnX|JNq1+HbvWZG@ta zj-XAlo=3s=1#(z>Ok+irm6c4%>Ge(BeonyO{=JG*?3Omd#i+gPyv#rlKtH_*rgYcw3G|aiJ~q6AQ9*z zW8ZeTTI){9BD&Opk7HJDMDn`vheckM1CO3EW3grxCs+zUC(T;_|+wrGN66>U;KyyMep> zNkHP>#)>UhNUfK7eh$d(memhj>t~~{)J7LtEx`Z@ zW6|1>HP25Oux{%7gw^7=kKT=VEH{S&V}hKZ-J#ruC~D4__(On!A7=q%!u^J1^WeL0 zBED#Ta%}toFTJwzsPwnaDZEgB%V!Md z8|c{q3*|mEi#p|Fl0^5f0s)M5l6A=3S=`>hp22hJViXQRYd~CNoKoF4F-yZ*0lad$ z&U5o?wn@9r#+94)dw_G0b7^^H7PbPph-w-_PaPzSxw5Dl5m-45u7-xyIT!3j^!LX|wv zGYvoC9mvx?s9?_-^G$#Xoil-lNYh)qq;^%eV((88beS~A^k1etlD3SLuS$$EL3raF z8ckBNRjwLoyd~_CwUtebe3^H=H^LXwcD1Cug7@S;v@!`v6DRCROVh|J%#M;QBA4E) zXw&WdXU6B+;qT5OEzx7X-@IAITFyo%={oJXg62GD&wcXlsNM~SFde5>k>UAX3v}S? zrk;7jkHL_VqD$O0BDBZa!t%mR^l|0lVH(y$uTTooA{y$lrjANAlZxOcA91Fj1%+eK z6P;ZDF7~)1Nnr$JihXNgswg1tj~sCufhR zYa-wHY*QGt>P4D^lRoeH&nUn1DJDI2`VdUoGQ!YzIwmIQrfp(7=6 z>3oVN3WiFsef%av|6ncg(<+ESzpVn2XzlwN6>XkR{Ek>VnQQTEb>U|o2rG;xHu5G% zzq@iHcWB#5`p&cFB{Vx-k^yv%oK&bet<*wBT|mF-r>r_CyGkYoI+g}AqRy=LE9auB zT3WEV$#3JQ4F=E`Yx+U5*d%Af&GhRx9i8R;)&tLf9$jZu`vs~wa_>o-qKmZ)lI4#k z^%o=t${$eQ{@F)ncb@@bd#WW^BlIL8RdL6IxiHCG+3HyZSjQdzzNY@$ZRZWMWH&%X zd0dtwfHkdcwM>dG^WB77F2V@XU@~uFldtO+Yi3*isxYrfE?5H6K0)Cvw7I%E)Tkgo zjHcUNWd?hBGXhaaZ>l4Wd7TP+-ui3yXQc!xhFFe2md+Qd-=Xa7 zvo)>vsBsZ2!bJz_fl1YUXXQQJX)0_Qy1JkdoS_C0$W?hQr8=H zMM0U49B0l{EU1OIul1GsHCd7{{?Uuc299;-Fo7rv6MHC$7SZc3%c&>NkW?b|KlexC z*9nh19AcLa?{}BTOUZ`{g5>V?>%pW5rdk&I2iD22P4i>~hg!~rOX#1Tmqq<$9 zBUZ3ym|)V!Xe6XlXT*X-`e2X+!ska6>v~0lPSP8n`tu@%$!;&u%qa+gHAnmfRnu#` zR*?URP4Ilzrgzp6QFE*Jw}}qIa*j?GA9Jld+-}dZOV*EtNKD=3T;%nT+d_sf!=3R-blA?w*s?%5pbsVuAMG6Sf+tp*Nh!h6fe~D{p zZQMjwTTXKBuAAc0yx!D-Lecb?22+7I!*dx+OQ?5=``3U09)hMbTuEkF>XM5#*5u%Zwz_~?j!>Gt&TJ_ZXt0+5c90o)Z{iJYx%b_Z3hQ2ZwSKr|m6pL1zbTAtn5Y zdR9zDuuidctL7mtp?^%w)07Ah9sp8ClN|wN@g5P0`H0j2Oa6AU!%H6jO=ERVfx0`{@fzC(q)8|bwUQ9My|;%uN}dvc$+u$r+TVLEea+m6w;POk2Wpm5Y)*Qq*;ZKl{LP zb_(jA(15kg$%PR6LgQvx*MY8)D-tgC-YE0axN1b2oIDSLI*Xv@u{V!weHr`jx}`|>=b(~;#;-=e zS2Za)Js$wp|GIfPsGEcn-^B$wq#w~j8Dcdoz~Y45jF30Ev~k>;V;+>onmxICBc#{u z%jKY2c;0uZtK?iaMOM{Y;nHn;J$B3|2~yo-@aZm-&Kn;6=I>QZI{+CGb_>iX41j0~ zHTYqBBB(vPpp_Dt9hqdBt3)ynmjawwzY;UIllt0Tbu<8L;jR zf9<=wrSOvSrLrrzNPYr@AJ`)q}D< zl7FuAn-ohB^7uhxh9Eo18gvSE@CWx20;OBg82Ob3@);oCzj(G#jecSDQ(IT5s?Urq zG>dHiFvvElzVHGq#Q{z;ukRs92~&=2g&_qwV)}CaDVVx+?FiuzYAaDv6t;fQ%oi1f z3hgz0_Hj&>MI0nE(-X94p1l#L*XIH(vEbgQ{>>Fec2Q+&gok#|rEM5%}FgYgG_lQnlx4}US3pm@{O((tdX5TjV5mu zZhuBXaf~ah5-hyFZ|IH8qu~S?voXxRBbuPJXAnYGJ|xfbZ*tl*1&}ys=VyYv>q0e6 zj~lJlem^HiV#C4}=MauO)2B?jZzul%mqVXxw}O1etR+)S;;`p}nVWryLb$)+C$Ujg zz+>gMx3yeqsHAD!X$dt2-TzTm_9A(j3!#YQK|dBm@oD4eWu|nJ_P6=F{FfBYUN&y2 zjeKK?!=PYB-PZX!70JfiO@DBFuX5($F<|$;v{sfaCn+G;xYIrtGu}bZJ+wYMp3voY z^YG_yaz^=|5!Creo&JtwTU4Z8^=RHiv$oc%W1hM~&P^2nIii$cfPIv*f2Bv7c<_9_ zbNGq1YOLlK}Bnx;G)o%zFNAg_Fob$ z{}GeBU%%%6$5Xt$M*kYL_ZuK|zwIIYAD+m+0&V`gsoh_g;{D6OZl~-a7*MXG{!9KH z&?QO7`QpK?qms{D$;UMM3)#^dM6*CNcmL)3^ub@p-c_W*H%zHnWi_G)B#T9XaQS4D z%M*e&W)rfqriRkVZggd~e8A(-e?^C(hm~T5Wr~A#yWIw=B3#(#9IRY4OR&KNw7ur& zivW2it;w(q)Elhh;0;{41tWsNWlqYjMW#sK0$*qlDv~!Do)o{(or*?_cR7>BJd#J# zu!a?}W4jo5%#abRRketEI}|23_`&Pi7Um%kNcG=v(iH=&PgY&aq`3k zWU|FX&aEFTl@&RoV_L2HT1_`I+LH|I(qN+)?%T# znf3Mk+@pF$uby}bhcYXEiyT| z`J%oko!FZgFrIQ=^2E-NN5FWBbeX@ApjBz5cfi%N*|K2!OiJaWO8dGf?jVhD>HFnmgqSr`HtW8&$-RQe zbf@dtowHmF7(!0-mI#RD`a#I3`Z`&5hjmE>vn5GweOsEZBWo0;_T7$0?W8%=8qwp7 zD`L1&Hio_Q;G?B@H2xw4>87bKQu`b%fuL6wt%&DD3lg4Nc)*=5sxTNC=7I^H2j!l$ zBUurSeK;bsv$YGn`)c?Za$_z(|4{aLxc4f8z1glh6`BZNivX`P#9K~3ar5*?mWe#*Yl?b2HK7!5 zOYOBiTpEllMTPPC?^ew2b72N)rnLqvJxR`>xN1_2cYUqDQTB@aUZwfiU1aWSDi26o zklr1TY+yz?%rrTvGMk!mRjrgJHF&ZmMEN;GS{1LBshl!&(Rd8Eqo68ug3X3|%;SxtGCF^9wR_no5HK+E1-MzbKWT#3oIiDb4e779P?e%%5oTQ9 zgLQ>L8Q}*3+${glpa!RaFhqa)F|ago`u$6PzXQMD zf#2`I?|0xY-GTFwu2G!X<`@{p)EVKJ`cqDnSZVT;d+HzePB&i*Pg(Fsq@QChaaTDN zuq$o#Bk(0?_5Kgkp0!or&3}jEv-Vk}$#sB2%=zH7S{vi9-I}J6D=T-UppH;u-==8W zdwu9wA+jx$!w@j*Q-uz-*yrtgSS-ubF45Z`w~%)>T34dI2eXjKpJRihWkWw2a26?y zBdE1~(tr}`YoVg z&6`lr8^YS)YS@%k)ah5$cyy?{#}P|1dzPXSYXkyETJ#g3?2#s+{(9Mqo)Psgg2PB% zg{5)9k*bdJT1RFyY>Wdewo=_zi_LAwpL@M)jE~2=3s~rH1?b8JSIh|%$|XTpTwZHA zh5$D0b!(=+@a$UY=pdn-SBv(}JOP}X1ajTi^ZoD|C^C%Ih$zHx`l+F_QT047$QBsE z&5b%RuSb3ZnvP}zA)9bMIUqMy-3fL30zeMX!1n+zzN>!x{^Mwd8SW%sFsx^3eII-& zsO zq^IiEO#JAXN^CiUgNyvGzO&zh*;H9@4)-u3OZi+5*vR~tP)T+ak3t@Wr$V)UpnL1b zz3Gk2hkHE+x4Dk=efPAoZ%~yM+V76$GJN@#{aghADbIUmm~=GR_{ji42;FJ$ND=D7fqv7w*@1t=FHvVNg=ss%2FNZ041iEHo|Q*+ z|2<@-iIL>K2d4*i0$9Gw)bPxr5gcJuxHqARIx|2)8~k8YM$PbODp(+5Efjf0xhK4f z;o0K|cQkWEPMILC-C0YKF12lom_oUz>enMPoY3FX(Ak~6cM-FLA*+(5;I%^&RaU|g zN{oOQXMeE2?wOKJ^e^oS`(n@9g#8P>I#W$&P=l+4*(O?-_%ApIIuu??#iihcIJm4T+Jr4B`pKFcg%F)Vd0?TSRAJQI9Ekj)M*5G8tqu3-@)qVc zl12WNE@#F|3SZ5a{|U-ORNz;t9*E#@31||9IaIl^W3xDoUf86R~3$@!*9j{P~(0@r`1Bh_zqECne>UEZ22k zdXvX8WZA6b9D@6D4iycToLixbG!fP38;TnkI|y?P_aCQj#GmV>JMSw&8RtKoxLRMR z#R=+-Jdt&PUe)s`~6&q%=VmZq4GvYPt49YR4(CLeT+Ircq`JB#egrkUOr) zdrtGlo{!P)$ayvJb?(_8{k8EC3sbql8>Uf*SK}HhLOInjx z!6+jk@tQ?NCT4jXMSW$0xnhJWuX1O;x!4Dp0^8^W<*ph{{&ju*zApY{H~DYu8|N47j15&kt3q=E z(m&<6jv2MUDaAZ)TcAWl#3pBJoN%Anc{)SKeB!!`~C;IV~w}`t@sbArIUWT z-HOBhB_oq7eZ9w1D}0)OkZf+I6dH_5vjJL0D; zT=q6JrE6>W&v{y%seh;2=~~WgIjT+6uyvNMbp>&Jy2+9AM#keDmSLG7-nkBo2``HEr~%CiL7P=@OxOzR<4|JjZX6whm(`HnC>T4a|l= zw4pGnZf2&`=ZUnRM#(3e2MN30LDg?g+a61hn6rk^7pW+m5+OgHv>i>US2U!B6t=5r z+QkS8Z;ReE&?yd&a$OfaO<_-?+B-tu*wp`gh1uo@AqOwof3})~KZ09Hp3my>nZQ!F zOy=ICs)jOR>qQKIt88E`4a|v`)K9M<5~Zo}O5?mytpqaN4fDWv2tPMOcqbwHs_FqP5fnkvXdAfq{jj3ooYP`z-YSWY9lNUzyH6)} z=zlTZN4F|{BJd}cgy;-Zf0CHZsn516;zlQS_EcgwS4lE;F)V6i1mFw=D7OymX545i zFzD0rKeX6be{b<|m9AVK0OwIx!#Rw;HB_K5f&ypEdQgd<`v!Hn=b+J3_l!4b|A)PI z4@)}l_q}bJrYSQ!simb;S~i+8hc)bdm! zk_Vs^r95Uxo-sinF)cL&JRk}(`#bmA`?~IX?Y;I|>)Gqs&viZ5{YPFRl=S2GJ$*j! z_v>APX<#YOpq`Kmns-g-=ET8XGg0wfA`!;Q9v-$g-4UJ#5A%ZO%0XsulcC=rd9Qq8 zY!B3wc)Pa9Y4B>!$ki)5?$;vL1tJ@|8w*q`#hT7l2qb_o`WZF%3SYjf2>Kdp(Kim^GL{u{H^94k9;bL zG{c7uoDukNL)d;h2duOx)bw56mVvk{0r^0EPP2dBx{ zauv41In+@zeW8}u@H-UXm(EpoQF6n?W5t?JW`2`av;kl^9!7soWmlUEUogCMIi|i) zq3GkBYBcDu1kCXI1Gn!1)sGCEInel)aMGA z*vLzZk>nD_JCEaz?@Sq+C05EK2F|5kNJqt+V%e6&0xPd-BTu$#ont{Zb{5_I`~wVVh;P*kH2J>IA&p1rt|_Q=WQS?8d@zrTWcQvr&=oAt9nXbzfaI+ z;W^_DwSwx?*@uSTDttmVktSma*hq6h?xZhs303W@4I0VAZDNg(m}aA4D_7&T^S-T- z7^1*xz{xUvIn^@4hGif%A6h1i6l=Qn*|`8Kf~&(db356}SNW|)HZ zxTRbtF{7qb;-**jxcR)u6!BCW?9*Rq{F`BZ(Kh=yQI%J}` z(+qy#U%yfca$~{5m}+SN>pzPt@NmrqKAx^0n6Cf zV~kX+^xXQPL64MB?fi=LL<^U4%`MX$>)U)iN>l!TYeR6pvuaJ zntM=182YYR|CF23c_>(J*0(PF-fu1u@s5DNmX&zZfo+bZh5V z->Al)8KygI>Z7pANl&KHAq2f6%c&Ff>bqg)lkUEaF~cvMrG{rx+U`E4RMTYa>|f?R zeriIYftu4z-y@f{O5z5uB|mBYRSH)&Ak!!#bSxRiZIKnBKphHNQ|h{JYAXWYXxC%r zZIu-x5`_3NB)Zel464#m{s@v(BHdh8h9fxllNQzQTE>&>+@3lgJJPB6tO`hT2MS^j zTBHp{E#69NOxFa(-z8@VHNL`Z3$>+YV8#ekPtruI<%7DjGxIblu!~$(aNW9D01K#r zUn7L*;f?+xQUHd2y1_QLves~PI2zAHui<9T@5SVVar1%T7{q{RdP$cu(D)4jR|hYX<2J!gHQ4K-4PZh zC3wM%jcJ&Hd=ckI*(HCe^V)6ev_}K=QNpv)E{*Ouzh_qUCvy5fMLJE;-gf^ru()%> zE=1hV^FFJ^f&Ew5;)NzFJF`&p(z+J`O)uatv*CC#2v!ROB+g2;rApH`bZt)V4V8&6 z&OE{Y+;CJp$yDLp;`%cNIysbsF+a_5UoJ)F?ZWVv{f}sxVhxkFe%LsNu(AR=kbNvf^xaZIComl?E{6ZjO=aHq-$mOVT?{o? zFhoshBN5z*LT-`YxE76+pQh}BzMkEA2_MGmO;`wvX}jT1_p({Sav1T1c*5Y&Y1=Byd)0 z@2SZduj2g5bXs8RartIYg?EjFai1)X*05oEnR^=?ahSKGDEb{)jiJC;={I8B-lKt! zku2R&9{xZ&Ik&PhbLK^=h*-hep*?p*1kZHVilMQV2qU2~@Q%ldG&yox$c7QQQ@cJ? z{;Uj_hGw_Szozy(8!HagbWp#L43-ixjegv*CS8c8Y9KDKU{jWxM#c?)YPw6&;(cNy zZF1RT@^2n0rxSIko>YMzNi@#0?di%*ackzNi}2CLcYL!` zXFa_)lw=;ISpv%zPeCPDA1u~PTR^~4K%8W>hT#d!U6@vMg1gHdZ}c~!(%df*reUiq z6zUK>K*1#rH*e*3f)>a4xDnrb87#vCx!u6OuCR}X|1UYrYf{IHmbc+g{HbylB29VqIL<3r{{AOTKQd;KU2@>(zP$53q;mouJ_@mh8+ zp^OY8girb)tEcoZ-OR=anuHRfG^Qya?HQ@RE@!$;2traPPjmAaLf`e>0ufvw4??P$ zwT_ynhRc%Scgs|RjiVs%g^y9V`a*6s?~xN;nc^EXQr@e0`?`K*S!P+@CsMGM_XVxT zcY-bhI9+Y@=+rNIzvKyYi>^MMDU9HZHQsVJmz%@L6vW_oeX`Yn<>g`Q5$6f=+nUao z#F4}Nw32>W(&@Pf*WFeitUPwiGz87~P;@lZU4Ne>sD=B;?OeQIbC(dd#k!=LRh}sO zbf&IAQB^58QrTAZmSH{_`nb$T9`(=(D@iMPK%kRWr=?;o6v!cM-aOOqDr9Jds%*1d@)pf3k-m_TPjfXU%n()i zw{Tj*gkO=Vg~v!jq*LhAUrJo(BV;P7mQOQ$Zx>5YK`8u`yeAacCEEg}kUPpZQDzv2 zI!cBoj@cPxxqr#Y5VAtKvX45sj5RaZzIZ3m6bEr-(~Yr}K3>83A8jIiL)gd4@_!u4 zE~R>v1Qdjc1ST{dnqd`RZs8ELnB850K2IK;_%h*Cz#|a&_~pkuTx2KTsFy@ieJ@XK zr&(jer#FP`Nn>PhssYAAzdnxXDWwY~FHy!3C2s5>MoQHxCkona5Df9dnSqdypBYE$ z{Z|v-RC>Y!$B(+quOgs9f2zSHn|y!3)P<-HXU>jgV`G2lB-Wi4KqQsQA(GT&de6l+ z{&uPCk$n`r5z#vCB4*0Sm&&Y^j;0&D?!HG zcF5ECKj=K2v3XTvp~l$G1-Bij+?Cl!<19=^RtN{)UOVcF`f9|ai<0Laj2`#WTSCpv zqA7g*S9ks8#vh^`;K(oWm~0PK9tq1xGP`ntW*7VOy`3CtrD+f$!{?me(f5*7?pY;Izm%YBUtoW;Y-yd9q`ghS_e=`+SF8HXh5PE5opghkg?Kj7ZY3msH>LQ_4)+Rgxj5wmJDB{7XgqKP3(r9dr+ zTG;$DT85yi0%Ji&p#;a^+jE7^?UW^l~%CTTQCrAsj8*S?_jRw<3w8kzPk2 zu?QH#0pP)Gu>g2FxWY2tB~h_}!?G>vhD@+KM*ga@&SEIuD+3{a)|3J!@g; zEW4q@pWoFi&ZKgH_n;oJ}JDxTtx-f988lkbMEk;1O!vmN`{b_gz0@7t^A4~*=}v2Sel zW5hH?+*2F-Bu`|6WkjU(DCJid9LfP17(>^TX?>wv$t&e!xz|8HR$VDD)gpg4NP(sB zcMV!K9nst)FKB(x6>He@fg3EdoU;JCKE2}u=m&Q(qt=1~Icf@In{+^TgA^V80tu#t zc?pQTNDhSBIl4Op{ z!>Szi&asT})8iSDgdO)s0>dc$zT>-l(&^j%$HkgmW&AEHhS;!Bz0qUDs=klso+|$;#-6Tg2^C~i3AuK;1SM&-85T&V?kqI z4>D%}(OdnIF|hcM^o?PrV{SzKA;FQ_H*cAZs%4_BP7CiB$Q@m5Dy2uet7_VsYNM@x zHpUe5RaM4z&F`_+qp?9TqHb>UoQUgJ0)ztk&m^gBoK>>Sv2J{M5w^*$>rhU_)UTv3 zl~q+Wlol$lF*^|h!7AWQ2_N=2BpPb&n9>zaJrVNNT^&0RkfUKGck^;l7^E2k$5g@v zz&nTxm$V}L7EPD!41}N!?sUy+L;hsEUfN-dVLH$pco`YkE(c_=C^YjgN(z~XhrVQ! zl;7ogPqdG6Hb2R~#q&M2D@T+AJgBkpa02_UoH-3FU~2fl((JTIGx^y$#4)ipPmVc9 zbx(U7tUdiUDsU9fj0sp~aNOOifyEwl(bg&L8hWi*PHnb)nlXr+PT0n^dQU?H@4bPD z=-gz&qF}8jN4r_R2B~z53i&|m(#ip%X3>>+gKQHb`bv?|U8Rj|LI8GUK3JMnKlCrE zYYjs8`Apl|rv{ig=5E5;sCNv#D4Ns&)|7PX(28(L5wg$9>}R)ca9wn(ick;DXlRl3 zqdmfQ%c2=0T42E3l0g9q<11)o#Zf?(dW>M*7fYT+3)|g>_N^t_U-1hn_4Owf!Qv3n z@QeV`%{m|wd|BmujuwCOD6+j-Ygpq`W|Z{{Ox?x82|lj{1O`BgAI77MfFV%Pj#)mS5BgBg zT?MMUq4S!X@P^WFY9xXaeI?R~iK5$KQJ*iM?XQ)fdcH65?JZ-Ab6|3HYk`m)2mWUk zlG<1DLi-cG7hN(=pw~oEQYW_5h4C7(OOCuoRN5f)Yk9^ciP@){v(0;b7|EQzD)cYD zCRPoeGErJ!9%AVp1H$thp(?BA<0*u7S)N^w&A5206XUCNnRu@|K#f$+*-;kUr0fVtj>Tcc}W0 zG42fOG}sf9J-44pKGvAzgLbYy@>U>1r+E?kpMqgq*CyDc^ddP|dcKx^6^w^fE~kd0 zB1>ECyAO9g>U#~H;6O3CQ4#28(LJ{>&TbAQ{|r3Hgnqn5^qBZQf3IyaDV!8aE8IG7PA*IHcW?VrSyAiIX>0xd8d6hV!S(bU8~J(YZ!)3qQT5LD@X3BeF&5z zf^_BE%&gB>yvJP_XWis7A(P~hk11d?1X*Emo5Qjn36Zx~l7T0i9#DoWL~DAu+S*&M zb8*NwBN{fwRZ0=<5g?LX06FWIasYpE1)ds3k79x#uPkz={@`R+ZQT_P`GdJC$cB5Umf^)3 zx)TVMquD7{14NbTJ^lA;j^MTEM9~FM!uqWv4{(eNfC#J0!((>HG-G*FNYUa5W5MV5 zH7^~s-YDIruAMg%b>#)f`ui@?6(RFJZE3vhpE+tYp(a?5Td-SBRLcQ=r=s9a$snZU z2H3_&do_pVUXq4oKk*##3M^c4JlFk>1)_G54U``ISxI8rhl~yK80N`=@qt67(wIk)vS6>< zXIQ^BQpr5fQ3yx`;K2sdn-anuirGaWB)z_on6*DSN9Gb_kVCBNz7>gYox~I*_9CQAw0dNMZNPr4pt|xhcLL6x6D<>+F388oD1-G2tC6is?mD_( z5{+nmVMeuAQOC#&*=c!RG&CR;p#`x3$<@2KslSYlHo9NaQF5r8d&zzM?fSGxm)ZhF zysv7sDNo7j^D3jCgDB_I0L()*Z{e|KJmCoB4rA9fyS>C4u;hhRQ$^soYs@PDv4!hI zM=e?Eq|f6f&RF0F*L=3sY134fSI(k*b=u+_$=v!{T5Y!pJ=Gb%+*= zH^CkX(X#u{*Qq-TS5$S6D1btA!Q*c0xOjVT4AdS-_o6YeLi_bj=nFkwlpFqthh703 zk!Ck>Up?W-D!Yn@xFmn@Sb6xCa67Jg!$kc+$>1#Be)W;&NO=m={lVFy89P>EK}2n} zc&uG5eo;$^)N0-v8uxS4*n77-r4mSz_zPzev&FoSw)P#!vKlFMPdCWUqa9JcCng$6 z%^72iTfoJ(1y|eC=8-JxLoYU}duAU)p1Za{EIrAVasIYw9z#vx8osyBUz#g3wt- zH}SYWm$iyl9*o zW)*&`eDM)YuYDHC0cQfW-v6LV{ogF@l$JfYz7Gf!v}*Yk>{`0h<5r=Y=CrPBTiq#4 z!rIqHIdhf~>jJphSC$a@(xNr;c`x~SkglF0*n-iW)k~RM(A>_Pt1f1=Vk`)oW`LBA z@EOrxI&*4qrS}o`7Tj#%1J^ z<%N*Es6~}24k53=D6xO4oseNR2mdO^w5}v(V-5`<-oK(syX?}8lHf5D4_7CJ_kQ=? zSpm7bptbvC+oj(xHw_JUk5uX|DQ`q;t}JDNzi;)}Yvu1B-Wa|5{$FU6@agspWh_lW z@%vk_o9*=9LqPuB@5zVd&-_WK!hMqD)bi;Sz=`9J`s_KWaN1Z~S-Po@{IIXKa<+K$ zJe*w>YN+lhFzL3|IK6~U1!oN{DAYN9q3mJ?f6z{kc;bj(3VK6?~uY$?Hr=7 zv7!FBmQpULv}Ri%OEKk3;UTSMJ*ql0Rg54;Wr^LB)ilH?G7M&Go3( z0+lxfw+J+a9&H`>OQiZ}pP*Xumw@e}Y11ru()c=w=FLUlh^d_ghzM!bIhSAUSQVk! zX#n+=o}ln}Bv1wywISCp5Vi#mZ}$$pfDCb8y2io(W>P=!s_qc#R|Zgb=KjT5i)*^o zZ{Kq7)sUTUS@6naZi%n&m!W8TK|uXIod#g#Y4fOpb7_}KjMsChN~?RX>nEz z+HWU*?R#zc8=`BqEAY}Ba4vY|T(|$~-uMAIc?{w9ZM!fwI@)zxtlh&fe4dT#0b!%I zed7qt6#qE#HPKH~exn$-qLIdsPg{{^HH$_a0Y<=EUh2 zg(p1qb@2Dc=s8=p&6#up`AckGgU9|cTEC(5CLQ+ygx+nWFs1u1 zqI@au_?`)^2~eMh?$hviU8rNLdOV4W8)_fb9`E9Qvb^9jrxL|fzaN)P`BH}OTFxN1 zd47%<9luDw>GE*z9QRZDktdG4CEUEue6dEQX%B2H7H6o4R~Rb7p#!pvn&qOPf-n4- zm}Nrn$j4b;2X82?3?ET52t7Ol-JBifu7@MB+3^1AC977;)P3}Vm@2|PG$tD{xeUVj zB7pGOO-g*-tie7oU}YbK{$f(=KuVLSh93$+ZbXr361Jh=}T0P%BFQ1+MAjm zJv&{)MFvG}3rj22n1s9~QoLw3%yzZt9q#Lslpf{s0mqDs{pNnN9gYF%A6ku0yj}90 z1_=JgbNS=Vd*zMo?tXTX&SX2Y0~u)OGZZ%3zJnBG^|s^ra(qlx1ZeNrA6z?lu-fCb z1lPiwC5(MPXn9QZI=dmMqMxM{v zc9cx)u{kn-TrbK4Rw?f}-MdKAIo;gkf_C!EJpH9O06kzC^0K)Ivh<84MGQX*PPUeDq3U4Qw}@@wq< z(Ctn}A%>>tRsO{4ZSbxMrl!C*xMLG3YR4`o4ZLt!c)3>XFYD_M^P|5VN%0 zBScWwL4}!6Q>BqDiAF=Ds3r>!m(`OWm{k7GtATE2c_2EO5Yt$Ku2Nvp%U~CSafnqF zNLyd)QeSF6Kvh@KEY6}IKjd~(2bdsyYy3sP+((QIp5OG<^^K;idV@ROKc|i@LqHYL z>FFu!y2y&wr!H67&vvI8T}M0zN8UrS+U2x4DsL#hm9Pu1H?DDc%G<8EI`uxmFl;Qn!7*YOqxZQi;n;Ld0wT^o8omW}%$dx48kybrx zUblb_=*vx;6`lOu1Ih!<#zkIrsmFtJq6g^$-Vqwlgs1v_&A@p-Y>6^L;@21%f(jy@ zhCs}8FRNRQBp5Pz+Gqm2hcB3si%>Ig5zWvw}e0#iI}*)qbF< z#xTxIn;AelK3mbBC2@v?7g{EgI#iN3*SPbx;y@@ zrTs~+Z|r3Xy|+JDcUMVTDc2~%BFq=`*=Wjd?$QIsVY(ovg#JU z4v3v1TbgYLOP}{GVrmS#Ct{UpK;|Pn~YxSg{|MkH~LY zGg7)~UO5{QS+XR9>E=FK*O4GOHmv$*!0x|K(fk%~bjzjaY?hzYfm{%uK=iV!speu1 z7ci4g%Vsfh4Yl}otv5L6K*#gZpZUgv3+jrP`?02_o^IDb9c-6z)~{70w{hBysD!|T zBlB%PblTGkf0{pZp$mdl(fz*P41?>OQKEL=9Wt7Ca zsR}XW9;b{1@a2z)H<$CwX0NI~UOW;TVWTi%d13tyOH=Mgi~M?C|L|FsACvLxwQ4KZ zaN|c|)jI-8?)?ay20Th>AUMhVb=}YV`Hugowi`!oL2kOXXkFVcqMr{>2)S(5l{wqz zjY>+vGAHWH**tIlo_cxeX7XB810&hIzO1J}`%&5GsbhGC`EYzPvI$_Huu+%LKyPz%Wn$-yinVfJ6;G=dN%Flx(( znvZZopmq}FaDK&myxCKEIA#CM(^zLCmZhoo5IkfTwGj`tyR8n9`dj3;igEL9FB*Fn zwHoj7Pi>kpa@+LW8v5nIo664wzV|1?)nfYE@bJjpiF?y>1l@utvvP$+eW(}vd+Kro zbqJGV9ayY+=E<`V&TU=lBXoSIDu6QRVtK(|FZ=f+vW6|dkHye#{^+0W^*Ajt5YrG-mmrp*20s^Tnz8A7$M>x5 zv@N=$G=Qc?V@M7gk?&_BTy=7dOwR8IQ!^t)YzmRAPCxsAOo1MjR6&mxq6x0KzQdHg z1aw@^*eXiuq6D=xHt~iT^VKp?x+*6Y(2y5h>?fP~SexvXW-RjEf?Kzj-4ZHGP zQmMfl`>KAE%>2>K+ ztAe~OloQB!JWY6C_-ZEx*AkM|adjSSrABxu3r#v*C-}@6ciuq= zhI2nTScZ02y(PZ%LV)eIMqJsBH6LRL8>3T6rX5($WJyrMxaPJH@s-I_dJaLLsKeZS z_){c$^h-Bu-ew6E+2;4nV06Y!TA^k#B4BW`4_2q`yoX+7(KWXe6efE4X?D06kbS>t zs*umNTS~`h5)rS|ow-S-Tg%!!d44Ge1l$V_*iO_lZeTCqt)lV&l$pIg8E zgTc3aIpUo3>TtyI8RE>g&>z0_dRT?t?Lw)AF3oaYn!;{2+)iB6A2t7!JA%tPJrox0 zqW&3Pe%&(bH211I_oesInA+8t1+qVA-^{nVgZLlw=-?thw~Zm3YlfdP&g$q`jM`Lx z+Ik4aSJYnOua%&elJL&ste|Ed~G(`JM2cwDzwK; z+wT27em;Wf|4^a{UY`Qhqx4zoIn+LcLVEv*DckmY`EsdA z)cDVKHSZIGW(0HVfXj{Vw)!F*!)TORqBM6~}SEd-t-J=NB{Rs!odNIy2d0UuO_ z;vaaCJpInq=F$sleO+>(!tU4X^l4bOpEa6`#Sbl-;mu-WrP%gVVa66vWY9n_0<-l@ zXoCieeWMwfBbF1IC|;m~3s`)3DYg~7LLO?r{#5!~m8z#*w=FK3Gwsb1_1^WTy?Ej1 zW*x|#KTezzy=`)P=E+D>L6oL_hxo@32G3F7xF8NH@9fD&Q)#)4a;(i#^Sp;~*=NDl zW(dw^?19w1Ap9}^)HAndC>_}_@^S-pME2A${l}Qu<($*p81W~+$HmG${R=QHFQCIl z`VB3b9t=z#qM#jS-L-Ntc@%_#tD{R+!7((Yr{CE-yAGO}wJ1Q_ALxxq3Dd<|HEG(;*|bCVA14O7FVo<^$ELJoGkR6u;j&z$MZc-+2ZaiBHF2l^x}ieC;OoZO zs!d!kLTUs}>P~1u-cfCn=(PSW$+!zKTj<$7C9-NRdooI13HT^7tg{SXol>&6*|{;I zp;_JJ)QV}39IQ=@^^%SIg4IzqUs1&UD?0%=`U&Me}0+kz}8(4?MjMZYYn96%Y#^ zZ9m?>kXlfscem==_>D49qX6QJj_Xjo{P{Y}N0e#xu>=Ffo&~~} z0?3z?O{6Qb=sCT}uxp((41bb11>M+dX;AwJa&jO_P+RqYn|kcDa1Q=f4CgS+Ma0Hc zj+$f!xr5e{@QsF3i~f;5yDJ~^tk$L5Z~lbg`p=i^l~D7om-D<``92T85*6A=(m6-1 zUwvZdwR>qRqAT)A$W5&WL*8edBbNwGOT-t*HDD0pW|(8V{Z`$CH_q4m6>h6aZbQW& z9`a;HH!1z`(_op+Fx#wwJvqrfYDB}V1a>#(s@5LYUoYWcwtcRV6Ws{A41eaw6ZQ14HTC--7LRGFTd|3{A^*` z(J#?yM|#|A{c~u|G_MkvL|b^>4mGAK3Mo;#Nn=tZ!a4TvNmrAjfiyTO4cd7zL@yW) z)chsO`BnicT~RdVYk5|?-#V#&k}x6Y>|p7jnYU?(CCl37usV9#i{^GfT!12Ip7~O5 zzur~CF4~ixUCs${KMh5oc4~tFyRYc(kJRu)3?WuZI60_{`OP9UaZ62I`a65Z5kU(x zJdUW64W*M&>X0_bZJ^(>!&J0ei3*#Zo|@>~sG1u;P08N&6LKj#453FiU^{+CLtVd>x`um#_qtmr>z+Tjn(0DbzA|B=eEXJ*Sbao^f8B5e+OJ$+}i zff)r`d6FuP%>ha^>{5Il0~ng5R#Ad&6dc7gBgxN5q9T=r6mCl^{~=U2Db>v%ZQ=L~ z-C&gofs{TVTHvd=@xzUrDeD+)E;dH?TWdIOdTG1UPWQZ(P~I&9%vGj5Kv5Q4o`4-;}e`C-UD| z=1nEg8p-ScRXjPaQxDMDfCWLkC(paBAHFJX3zn-zBGKsT9uh zh@P^7_nRYry4jy_G3;{2x$Gy`X^OLz-7s;!+H$;ikt;IRhDKByKA%U=R#!O z97)vE&0HN)3{Amy+BuZqo+w_~#-tEJp2?G4WBO%nUfs3zF>kpQ1rt*Sxi7H`YI&1TXjAZ00&Y4o5K=xCe6hIll7lb(abEro7_jf^e{_72RA zj8-+HOn)2;VekWx`PY9ex~2U?rx0^b$8=*^8~?zAt62sXCfwJwKh;i#&JhEAjbA6~ zva3ZOi(2@5r0*&spMtI0K5pwLpQ=bSaxC2uY*vHB1dRj>|FV&gIUi<75a!zO#n^dZ zEz2t%!&=+Y-qQ2i*$cjIZoSoeC71i_Q|Dov;|=v@XbX$5tcZ@c+yVudjM|UugLng> z&TTpt)IE~biv`~Do0G#xcl0SY4Ac}J9I(ng%>c<_STUZ0dhPe4MBF0K!p*x%)1L*6 zi2@bg1sCs)pa1P7gtW_}D>&~()-U8-N(8gE!NuSkTx)ybfj%oYo#wk0p23k;Lxp*d zyDU}FojH9~na=w<=PK*aaHLQ%R3UVbKR}U2or^Qnr@eg|@wbQcg&dSSH<{^Jd+1)` zlCrLNv(ASAuDEr{pIxjJym@ouhMM)zz1-AhoX^@RO6Q-`SjXC4soKp%uEbf zkNqIn$6T^rGoebaipMkQ2Z)vT%Coo3JroO=8uzV4$W% zNK%xBwhR1ygA`vjHpezeI%J&O!vsd%h|?@1)0ZAt)&y1D=!w)&Zuqe4u{0+`s{RF= z|1Ov4S5I9LbqrDJGad84FLuXddm*q78P*~ownv_nV_vCtOX66ox5h+}Qx*o`(+V7M z!b}pHYCJ4?@vjnfr4B<)Y}%N}*yAN_au-E?=O^5sYP>*X&UI+afEW~ZZm%6vQOK^* z2_MiFZA;tCCT1)Qo+mC|Ge5vvDsexoWGRn%H__S?5B4ihJ(*r{N?B}zerg-Gb!f}k z!X0%os%reTsu3|e%k{0#k+Q;i?LvENMTcvZjR~fPtt$0iJHt=Fkn!0&ELE1wvyml~ z#;8CI1{JCtT=OvwcHa(2CN~XfW%-P(rrR4RY|+LM!0LgTqf%&DOLVb?JW)3Nc&q@H z(!gk8+_u&~igORKd|Kd&==ykbL%|z(@JM!!^=K8N5!1BFkrCu4ls2m`4}dZ9tt@-B zZl5T@<;(fi$HV39tgz|A@s>EV$(xqW^{E@`;c5Q9)`(yZ51u%EMm+b0|uj^Iq)l63|kWJm`P6(ws3Kgj#B;HppC6h)JbTP z@;Xy7LXF)9l8I+U0_^G}*+P;pr}?e^fsYM3kh&X;dQR>fxX|-%_ARSToLMcT86hQ( zNYGhwZ+=nL1aYeA6LI)0Z~5fR=gPlq6}R>&`xq z9h*$ou-)+@;}e>3D44-tE06a`#ls{9*JmO4=n~}#>)g2JB9fmEiP{K#FA^QdeU~1r zRS-%H1GcjQEVFUKd*z#+SNz@mlxK@XH_fS-2D)G-`rAYPE_pEi1CPk_WSmZG;h}s! z8gm?Mo=AVH4R$^CaysUunw?keg|g;+=4p8+fDW0e}Jef z;5M1{B^uiBxbv6tb5oQCAH;X{*BNY9bp=#S>%?2Bn`!&@@uv8Q`plmzxry#vs^c;Z z#7wQWXVYb9^r5X?*O)brua1@_ShGD+=$d2VZ^6Cy-u9c^C$XO_2ti)|GLjNQ)mZ)4 z>_RYAENfzQ@Nk@?(Fh7v(zR(^!JwmZ{9wFg#t7ML^$#Ub(rSLl?~Ei=O#SlC<*wCf zaj7Ra60o1?0T_DK3yz>2d1BZsTq0<(aeQ4Np{7}Q5;}|WDp~|V%d|xC#Bw600DSh} zNDib6F3Wf3Qmd$)@WI)71tO`nHLSO1KaB~Zfl&i?4z>w>+v;Y&UZ+#-S*W~9%Lj77ToMi|5Uq)z^H6|_gADW zFn5v4r~@RkG73#$wC&Va#8a9EjXy)-%N`(u%1jNH(dG*~*DTF#SGa0;hI$lkqRg=k znv4pnhgB=wxxu0>cIXeTF0z2Z%e4(PF9(A9@;RNZH?qs-b09fZ8RA3tK;vo+w~-Qm zbILk=I&=E)$Z^{IPtUueY9J3km)#@UT&VPV0gf3jF}Vq100y z2UVTBBWg0OeY*Bl3+cVzFj|Y2jhl6VQrVZRy6gRUMyDmtr@Jz^u+AF8xpWFz!%bvN;6&_BH<__xjxWZc6~ah-ah_KKk}EK!n8VI@Gi0K;iJ? zOpZjXOl|O3jRUQjVp6oVf%MZJHP3&Lo;v@1aayhaUzflCZ$JJAa8Y&TOEBv^NIeHk z?5RLX$G&bo{13Xf?CAeV8FyUo_x}V6Cjkuy}I=`102`|DivbIWLQJm8Sp!gSZo8=R)%S%pP!_=-fY8 zfCU)(>$X?b&woW-phEsTNCdX5(D81DRT9fKSJZbci|tA4KA-1SyvDo_M1iNCjIZsL;ts) z`+vbZoE07tzNw#5)}6!m4-0_1yJO_rde=KUL=;dkE8jZ*sg?-#sKQ_#kmF?B`96hqN6;%Zv^*m@$I6eS(xfT8i%&} zwGrqDhXbaT<(i>BpK=jGb#og*0A>$)zD=lLVM~^36%18ydhz(@FaGDH{^!m0UpAcn zq0Q<1FT+ysw_#ZUii~wi*2}ztNDG3NS}4dbj7uV(-BA)7;m9osP-zoWU5@V*Rif0D z?qGOdLjco7sfrB*CsPBeRU3f5^X8u}>DsX-Yn22l76TQlD;SkYh6s&RJ%Wh`2vRud z<2}0v$9KUv9LB0GK>+mN!l(cI2mW~t{&^q#|79#xem^-Fz0;c?lXMvt-<6h&Rlwq? z$_GxF2fzBmUFG{XP93@j?Dv3QzG3L@{{ve#uHt_4cfmG-t@U}N0p#F*N!di3O-QLc zMka&Ux+F9s^LAgWd|PYkK^g8g(6PHB)$SSBz6~`9wchZ-TDun2f0Dha+27|#cfVy3 zoi|a1YF9(ZA6L&1w$gRRzdiJY5^`Gmp=g)_J_}+soDi3$t@G}V+V$s+9Ju-9!*7_)J{3ogl@%^>Zx$fb#YyNtOsMPP= z(Qg?x==TaHn_l6~wmU^i>`C19QmS3FE}I#uyY=4HLEWk9ToEvzKFHtCVXX=ZR;QOB zI#abX`rFwHiiGmX>5gFkQNrDl0B?z4ixUyoBa0r0Qr9r{?OS9)$4}R0iEMpR4;^u` z)GJT(ig`n%6htT)W^qm-(~&g+t@_7~DEAY&hUm zJP`d9BYIMoxrbX4GE_Qm7{HrHr!|Y2$91&{dp46KORau;YkC7-4l12+Z11qlVbr$z zd;Nr}yxfnzHFco)-bx`-B{46B8iDHB!%8dgF)a=r(!w`>p8fEM(4=S12F}B5RJ&4B zBm2{rsWBpQD-J5|Xt*{oYSr66=B3YT9yl;kk`d9h#Q0RyP3gs(^rl#U-RfNBL<1AXKUquIe)ACoe3%XN5-- zfu|wh9*^;|!Etq*Fl^5hAK&ftnxG4)l^=>y@{iZeziUc(`udZY`*9g{lbcv6^``zbwF zS&VO^jVXcY$|WS%EEsH;^MEN0wk-rxieNr*3JPdNxlzCM2B)0+IqoPgoiKpAiS1b;GLHDlk>edD z(a?-a-;kBryZ{s?J}7wL#E##(pyH#stH_mhH0$_wU#0u-qN~Tnl-DW^!nP^SH4+;7 z*t%p-zANYsSEcj35Z&A*to0Bto98;5c+7Juahs%>5m4qgZN0)TwiMTN&W*NOkJvZ? zIsA@PBR@ah+n2C7x^Uo?47quhVg~W;RVF+=lsl|rZNt|Yq-awc(w)5>+|&61o>zUj zh=@vnr6&^U5~R#8OY+W4@Ay#F-i$WlQ@$7f>~I!0_QAXUF3W;a)d2)*R>f3a0J znfxqxDv~s1`j}sXSxHz@u{cEvp}I!z`Pi`tgQg2@WAO|cdt=cYS#lS&>606 z^E=oqkBExL;mxXWDJMMbUPhbQb5^E#!#5@!M}XC+=Urm~to8T~)#jeDV{aC{@K!=I zjCamaZ9Qf}{CRqQeBi=dSToQ`H8c`SqvPkHaD z*+TJ_P?u`6=<;GQ9ruaied&K?H%ZTD77hrX^X6iZA8y>*Z1P+}NNqNs zv1PT4j3E5H=+!^FDPtYx$OaaG8%DTC#XwD_ZIQ`QsRcb7eIa)!T^xHzYt1Op=QI%a z=jFk#a2OT|B8JE+cJ`$N;VsQ=>(QV2ZCZyDz{+0Cp1rlF?bx;Q#&iyhZ=+m5=7KV3 zP$WSs6vuTQgc^qMH%b3c=}W)Xu|4L~`s}m2jfJP*(+BW?-~jiuQchnrk3@CAi^Kdk_TB`n>1*Hn#aguvNUZ`D1ghXrnJQxy1g%9> ziZ~G<5waB-LJTP)b07`{1Oy5cC{RRYCWOe41d@wz z%H#Jw;FHpgvPm~= zw6`cm(e0sHef$|l`=gA@O2uTEVzze)kDs}Zsx-rIy;|+M?4L7QC5A6SPNRXabY?Qe z+uli(YO35MG|-MTZ2Mw5q^ruaXWP&3nA;@__Yd~6#dEXVexLy5G@O!-145yIhl{{l zOY(=JP&Gb865u+PV{O6nddY8C_f`kpjxrX4QuX+7wY{ZPc`by2yR#)Xl-DIP|J_Uk_D|q{(cE70T-@EA_4Cr6g(z7doB8 zeN25OTwjM`y`9+%3vB=D`WjW&) zV25_a=Brmc?Bf~HcA+8P5%`HYdgS>&n#m$I`&=na6#GdjbW@k3kJ zl#wCb_N4I9F(~<0YTPUf!k?>0;c|h-wfS;eeocYU;4_0Au&JG~xfke^VMzD>qM-Uy z+b7URSg=V2PQ|+AU?Ez;NteFaF0?G$}{#o4M6{uDW9pzG5*@%**CfJ{eVLW6hi7i%#$e{M){A?-N) z;*e*Zm2v z;v4?FWgyxMT5gjh5=!L}t+fcQf2pW>(|K0h2riIpJLuCFvni*CJ$ZUQycRMyLPs^M zOMlJ3)b3yy2%&!>qgRfj_Jw6B!gZU^677(lO43}(JTD^G@GKG2EU=heiG#L*bs;d$ zibdp~YSXunZOktB;=3Ztr{Xk``2JH{txyp^va6W$79@e?1eXzpEBOu+Av0{r&rQJS z;p7pD1OC81HQX>cWZwg_Ro^G$iDjca-C41BQFOs;>P-4wTYaN`Gv(fzAV>tXw4<_2 z@Jji#JH6J8)2RP>%_yb_taxi#Do~q(UPDr|;Q<=Od*U+kSBV6s^ zSE~V`m?z=2K@6clN1l(wWy?J7b6QD=^;hw0^h&)qhjGg}ZrQtGYb?;H4x;tB0QPJ8 zcDZwF+}^}9UeFBLaid_uB8aig9pkJ>ppf7=a0|j)p>s4AE1=W#p8tU?_ z(+#wta&o~XR>M+#+Sf+jPc(1%A#^7dFRE#=(`u~+<66zta)_dBhkW0(AX+?iAiQwbv}dw`~{U+xn1ddh4u%HC0g z{yZomytaxz5}AIH9%Y&<37!j9fw77~*>s8k9P;dzX_c^Zxbf{JC| z-h2GqN%*WJ^EfL5Rm#V}I>uqXO39oX zQtFQ5(O~w+FEBovrhg_=pQM(Z(l6RNrM1t+xE-Dm0K3<-C+K;E1%OZGtIenkBU_eT z6&i^&`yDhde6WjqMuh2a*tx-Jwa^=;XGDN))*j?sN2<{e-Bhv- zUl4_RiP+b4)*AfMo2hp#3bl04>xES zMD{@F&teFP5yyfPqj{HR6qk0J;aT(eGET;@-e+ zv}d)Hl^sbAKtX`vo#r!uRETwOm9*;d621WwD?(y_;+~W)-}RSmNO)B591?n0=?evRG=vYWmu za>g4JI68kAAf~U2%t4*EJW`*2eu(Q-2=(`y*Hw9vne$Opz-X;lKcFqzNDyJSzT+<6 zU9f|H4xQf7P(#Ui%2wZ`IJj&9Z2!P=A|_bKBHEa~BJJlzDTbG%;29xHUiAf{|7dAcIqwY) z(=!=`RB-_E9w*w|u!dZUl|{rW_X-)GdpRSD&!Ultia@dr-qON$)JqczT)trHN8hp5 z=x`1FPP$h9z+9;ws&Nluga~sZb(jeg(MpVUjUdMn9O%57Jmf(O#~%KujOL)9ZnZ)P zb)#~Tv5Sfy#Gd+x0O^)?_O%^hqtoluTjsl_A}SK@qF0AplEYd0`Vp{*R=l zCZ-O*dLc$P0=zaoS_oOW0a^UlcKW+d+7ED{CCe`d&+0W-a~xnOUwxK4TE5d%&HGiu zP3V&)(4=17Fp3ob4THSOVE_xbCDe3<0yGOXPiQZh>S|TQKK-Dkx*K7zyyOU)1PyQi zh%y^jsX)^Yz?;@mPPbPX1TsL+(7SVO4P2th#bO{8Sl9|WgbZ*ykX>1ay*^MIl*ly) z!9Lock%$FdWKo5}>4VzZC$o-{_gJO78vM^E^XJI?dCmMEI-3fD(z(_es~f>G^Wx(& z6Z_~f*=26_G@qDF2YHWIE6OQpY?};T5J7f@_}#c^6{0Fm@|$4Qv|=5DE8vsCx$<`} z5a{ekWK4|#gyp&$UI4vMz2Qv z`LlnH)t}eK{~mK;r$_oN<4&uXf}oZD2JGq=>@|P+-BW>-gc#ThtcGfzHhRKcO?DU#MNXUtN9MQ5%69- zmn|K*7JT6U4UwN_HUW`26Ybjm3p8~y%czHlHt~W4GPvH|Jw?koMBr0*tdpNCMyzhX zU)mmu83J>u{Vxk{ zv*$Z{mc6{NYwrC3OdKoh`^n~*8C8p1F#{DO6OoZzJD0+sDfs(tK}=7Yb(*!mYKcD@ zJ8gefT7q0{ep!wX_3ethg=}|kN^xPpO{LU`n;Ax)ykLjGr3J#tr+1D@K9f8DAazJY zmmC-z~Uj224JflxC`QIIR@QWI;$5JfY_?WRUfL(xc zF8@IqbV3)o9F*OuOt9)(eJ@xwJ4a!JS6;=w@C9P)8qmyr`sT5E_x}>U1qS55<9oh7 z^mxO^6m4i9hw)}>1(riATHTD_^7kJ--d12BpGPkTHG6{dLb?qg9O3%c0r0~n?|(*r z`1d|{)v?X(frro5#{T!W1sdLwxgP8TnZ_}8um^u}q&|Gn%QQT^#sYd~tS4G8GOGg~ zTq})B-YZ>u-#In&^L6~~0s(dDMI15!)Sl$Upt_Sg zmfQJglgx}-f@H5QFP+Z7MdnPu9Ao~4V{U#e^Nf25X!6BFZ03aiYoLV%vo3mF6z`xf z$Br{LAZ+s^mL{Lna0TAF{F6G?M8&b^b9ib5+EQZMOGUO4_5^UuorUBVbJLwW!O1p4 zT68){r?e)obW||vLK+;?dURHe|C9SDvr}Pxzeeda*kG{vRb=AMF+^@1w>_9GQ!KelP5qMK{VeOv!CHKb0>#60pv|m-6^J;i|73xwIc}h#^tSCV-wBU=B)CAW zlXk>gykOQfeAHE!GHI>X~n)QU2I^h zfPIu5=#!lyfsxPQYi4C6+Vy@*#|O1@!`Arg>YC<6lv#{3Xf;Ux}3of3y!wOw9%0qi)dZ;7!L>(S5SzG;wg5>Z6lXJz-; z!jdbnpK%Af3{MNf3go|VoZz+?OP0CG0``6mdpV289Se%C8a=h=Ap1xsvvnQppLl{sdV?p8qrVb z@Os%V2A>nGQ7{;X7F(80Zz2s<(~gt{86#19EE)oPr7b;HsSWkP{yyPiy!YjHKpNU~ zH%{;UaG3gfZ;H%(DXjes`xf+g+u?e`Z|u3lYZLBSNHd`BIAP$#**or*qym#7>KY1v z)w?|;uFkpvLWynXbxnx*bFI4iwx$O<#D&qHRyi=G2db&kMT!(DllPz4oLPuVTgUI*!~? zbRcP*L{Ys!ouv1Xdllh%VSdXD>f6%=bcvMX;o~k8Jb4|zXQ{_c#UeBM zP0Ipn#AMX9CG6OlI%DjX96sf#jQsF`th^Qd`Ka8T$aK6iI1YQ|%8Fqwc6FS8aBbdA zhHldf_<=4@6zQ2wmE3pB>}id@YI#O*1J<+~!%Kiuc+g3phatrTt``InHp>|I7yIJJ zG#Ik9ym1uvGW&K)IGvUVq0UzmH^B4HsQQ+#jXohYz`|wAl?*>NeILe`UG33Ep{EMl z`xkgae%F5Ne=&GwehnPFa***WBowGhS*u0Yq=;s`Lw#i1vru}!QwI*D>E8d!yL#~Z zIx_)?&N*&eOvtlFr+luomuJW{PCv`pZGRRQlpjV+qJ+<(mZ8rLxMsR?UkIqzN7139 z^7zUi1C94ez1Nd6g9jy9(9Fs4E1dV@GRE+3Uw4Gom*Zach0J|~ZmREPfT3ax_^7{D zk8`yYX%&^e%k{BhDUVjddV_P@R#Bk5wXK^vo)H}E3*ibZ#G?WmKGF8~=7VtA#)L;k zEZXI&Aj{U+ic@~'qVr=#7tx7b}w)jZ0bM?B3{TRvtC){{g^`V#g*!><^$$XrJr z(=qRj%2z+{uj(2u?Odgzv++vCY?U}mwZW%Vqb>F@dMEapX;}lAjyyGKlNe3n<*FXp z6U@;H7^#0_QKJ1xkoT=uJ)dfKaR^gTiB~qC8*Md=3ijx|_{jHWFhsQ<-@Wo^1};1P zLG8|h-w^FoR6r#kbE4@PY-&HkrgaIIJ-1Yk>8@gch@m-rnEs)GFoXN6Id^NO#=hnd zVJ^+*c|Qy<@PpQB#v9KT^vwIJtE!y*A!}nSt_E1%@`Obot+Q$zN+za77M)?BY_Lba zo6T_lvQ9{!HG)nVzx|-LQN9toJF-Z0tx=}mRPxGM1jHJ#TC(a_E=!TNXXea%f#@nu zqA&0hh&{2$oOas1xahTP-{`9beIZ|cJ z3NzS=q&Vf|;#^CnR>M;;Y!~e;^6f$J_w@u}OU$Nl047n3iN79M&<=IJzYw+P9jp?# z4uKwxSICbF4~G8RwR|9Dj8`3INXLrCyJ#*|L2>(zp_7d2&WfuislRl-dH&4gn_`rr zGn~bvM(``*Od^w8+x2y%FQ1g2thAwSC-2HPD~K)a+Uo6nnlRV3ZOqG4Stp*vPywQZ zB!0YoyalVRJUAYEae-;iZ*(Cw%~^%aqZPHni+mu zmPN6%qPZ70A@+wi&xxzC_vbJtWE;{`!iqG??v{=6k>nQ93^W0m7yKqIAk}wmG-aYw zr>bgAB3i-H)=5_N0ja3qENOTF_aaQ)VIrb6G*~enw#bKuz2+F~3QN}ptymqKoFt)Z zs3$x4w(EDu@Ut84!>Ut5-psmIGbfbPT=@*nZ40?2)f_7O)WJ}8pdKAi#tbnlsG8om zbkry{0u9NCFvgUiAV6d(R*NWS ze(ns}wg3B!u00QVMk~4Uyz|q2QutkK!UO#;2Wj58NM4&(^lare51Dg`ASxUZB(P{9 zDKJf%z<7VAnwi$H?tO&E&m*v|kXtj`b{N}do_Xc&KFvycjn#Vx6s?Y0O+ubTtamsd z^V?Z1n{*RAkq&VOQH8EDOObOt#%VlJdVnm#o1gA)Xx+2=b}3aEE{+pK+kFoKy0@7# zJ*sY?dh<9U?Gu$12^n`(rcKhZCuP&eh>z-Hmts68Af9mpakA%zRco(QD1rFUV~t8= ziY&1`eQTuFs4Wky(l(*ALsZ{71e*2-3p=B;3{l3014YrRs`>2Q!S zJdWZ#3Y#OAa+Y)7zo%bCa@L?YEYT-KS_9XU-$Uz8uYM5-^&1}hsyR7E9JIS;f--jl zB%nc#8qSS-vOFZVOzMP6x``0vxC>)iF1In)a;V%hW{{C#NN-4UNqsMwsH*Cy?&YQN zsWB|LhVr_!FPZq@cJuMY0BV6<+`tn7%(-ROk(Q}>5#&pFs8{GA$30qdh|h*@^Ud4x z&oj1+dAZ#Zab6Osz%;h6MvN!lDrB_7E=9I>jBSyfzK;;K4_KpguTo&21vkK=@Fn$4 ze*W$Nh2dsl!z14U+vxB+$Agl`Z!;d~xIG{uZX=Pg;ai_f?#+CAx)}tmD0u#v`_n%P za=CM+0bqq$Dr!r0Y<2ij=KS!=RGl-nM!*!oMshw=ErfUD53n=g$}m9sQ(H{e#`s8! z?uP9eT8zC?^LSuo@+Fx4O@odr?*>{xvYgoZcK)UZR+3!^EpAy>l)9?$HvNX}=Qa}= z$gOP@a)N{QtDr|l^kj8Qai;NAmrorT%>}`)I6RIAgKR?=5<3>92Sb@wwp>b4y^biU%>9 zQ08JwkuiICu`Tj8ZtK7o(`4fv{*ORNE|t`PHD6^={)I#@9Mc{^tG)>uGh!1BcFl0z ziD|gd(kX6m5{4bZt2QO~{%pS5wVP}!u{9gT5Sye2<~DHELe{yVW#rJ|&q?wQy)Tb#%Qe5n4=Q7Zls}@7LWX_$Rx1(aP((WZa z9sk`Z$IEHctDgpImXHB&d_RyCKh}Ugt(DN6N)fp}PLrhwMCejDWv;C7A}!m|s=!TJ z6SrvDI%YOt?;W(Pv%S822J(&vMLA5{{R9Cf@gOzcQ(EV9$1kmV1lvpBCM~AwI?)=3 z2{-Y=M^h*oD?xOI6ZAr0iE<)1=Zowjbr43LLif=@OVkB=!@A>|cfpmsCo-m;`E5T@ zYz{?+CNb&>zK!6fImQ*3+RSw1s~0`0pUFp2VWarp#{5PR6E9nhb^YiN5Noq0`Srr4 zQ%=_+Q#zmkeUj#lg#q-*1gf^H(#JWtM({p2XsC`(9>(u$BIetrAUtk|e)l|^GyKit ztyetsL`8cHw#o}ybR1vB4TdSYOfeE$^oX(%>dFgO3L?-_R(g{D5l0Q>CPL)T&{&4T zY|y3t=8ZWe6GsgO^INs@kyp)hg?_o<#4_8B64U#ZlDyKpQ^=tn>!rwXE4Ze3(RJ0H zyMa~UYy{z43Py;Hy!%IES-*#X#YnGV-Sqzx`|Q8}vu96iZa-+<$yd7cSKG&+U(Xbj zfrM`qorBu*qG!)cQ}#VuzP~q(0G)B}$$9DIVF=&xOVD=_6EPafud!Rk->VJ;dZ_Fh zrLn}Jt25zj2C^w_mw(!)qg79MvpAsT#D}d#U-~gbp138WQd+y%O;$dHCa&FvuW1p7 zIVOU+BS8j>A4^7qR{s$ja&}?$RX7ikdl?aa5iY3m*G0_Q$7e7ogD4ckyQ~3J9kp{s zZ`;09A~(es2q!bvO3fZ|lR+Q&{1`l^&Lon*1($SYNa8AN*`7Y!8(0gq>J0Yf~yOJrH^b3kbSCtytIl} zHJjA~&nsDb+g$}z$Z8RB1~UIt(TokHpBU>1B|*3xo!H@s9YDcyiwq@H$md)0%?Rj{ zApO0A)kN6CC>sxt+D`ktDUuC}>0>UW>Y-Z=8cMU%o*Ybc9V->`@`4?oncg7I)0&Fs zxPjc$EA#*^kI@XFZ=9lUAExgPiqPLj9;_iYnSnTlLs^&4aNYB6#P(R)^4;N7rCl6I zU-;g^XfW7HfqNBZchp3z^L=9@EdEH_0MIdQ7leh6PpZUDLdouT`ro9TwbDbovd15a zGZtoE%xXH0aXaWy^2@Iaun&sV!j2z2JDfSjqPazcUSEBPvhvufC&=3qYHTy5NlG1^ zC4476Uv?Y&pzEnT{W;}8lBfW0Jtpw%&%2Q@H)i8@BrcGBW~rXg&C3N*$V)o^9d*2a z`8ulY&zE4rBIyj-=?>f{` z&bWMrFx}HTFZ(v>a!C0(`=Q*$h&M6p`vipQ;Gk*PakDw&HHQiN7r}c`J^NPgd&u8h zr-ySI^jww#*fkhuAr(PT>F|5rB6YT{H!ZDIa3Eky2bTM01CaxqD#U22}P_9_^5AuNC6F*PkCSS^Uz- zkEJzLg1oyOB>!OFrmK#7_a%T*Oz89I(*2i3OpUUgpQ0 z+2udeE&oin{NFU)a^@+e?%8O0Mft!9eXrNpyZPArG;I-ForyhAiNbeT&@vCO6ZpA3 z$s1Pa?~!wOn3VCHZ+Aw1LG>Bi4DJp1v>U|Z>vxeY&hYZxXgpZ>k@*lJau6J=_7=T< z`@ni8@^<>J$R!C}+OUng}=Zibqqa5)7XCF?z5g z(z(^)@Q~yU4U~VeWNbvON%g{u_jqtR@E$w^<}L~}Vd~waw)fz_tJGC3I`>D(g<2mdO(4)y@N^{#N4Xd$0c^7h^NjPKt0-ZBF71A1E`JLztC=sHn ztGXHC*8T)%4pHpbdJOmoaXwDvQ%f^+WF9Z5gCT|#?piljIluvlkeL0tXTwm4D&>j% zS++2irXPY0@ZsP=aYGHfEUZ)5^n-E7vZcEg^d9vJrK}hK31dACeXkf z2l1a|65Wt7>{qKADRKuX9;i~6g3bPo2#C|%vc*aaX;#4)gDxc>T0iN1Ox;+d(T4uC z>#>~SDUS~;o;E;HS!VY20p+}E3-esXujA>x8F^Tmzw2U0!cD+4AzmaMv_V4Via-?41 zE5GL4PL1%QN&|o_P`JC6eE>c5g&8tnBhIq?=f+3BJ;LdKhrIZJ+Dy#ccHx z&cyH($P`_IST`2s4V9s7Er}iBV*l%)C@1#2-iX)O9%Tc*i*^hJ+&Z->>|5)e?hS;}3L^K1MFTEcotOBicgLJvIp!WqP{jG0weKno8m4`juO& z_l-p>HJNCZC0#D~Knbyq30TWm> z4C~jb$8RBQ-NP}k0oqeAWmJnEbos>^MBHB1;zvB7YDa~2Qru9iUs##xdw3v^Se6)S zp7VYab2&Gi>Qf1j?KH>Fz-e4v>u#|;(Q^%EF8k~qGPKn}6?mdjYee2v^czLC@Pe=y5EJ}HEKT>}gqd1J;yP|2R}U10 zXpZUxA!>QVwp!9V?xd6dyv;K{5n|0x=CPFPD{R|Ru$l;+X#~o&8Ujr%S^7?B_9X3e z*cKkA2RjCq4f-;_W+_>1Wxj)wc$a28UKm>c{Tq`1Sdh4qt)KWo?JFRHgYN`-T2OpAJg1>0 zfGI8I&Ay_PJT2ZynPxG9@=JBxnb~WQ%(2rzS?y>Ipq`7XZ|xDUW3@%vi4y~~ljWUN zh`PEL>_N*zCitc(pFqHk-XSbB_LO^w)R7%3_XY>6Y{H@jk@@DqwX7hXGgW@B!w`59 z-Q9K}9KMws3SGq5bFwa(ZQ{ZM`{hAVBD7cV^in^Dvl7-c@)No68t?OK|QGXe|_o;b-n&lnzI0wwH(vzvkJw z?mVp-5exxHUjm=EjH{GlTLfF>8<9QD2IuC`=x+|vni_MaC!JI?u9lXdP}hzI zZtR<5rQ@)ZA$w5Acqgrr@pJXgI%{k`(L;`#B5aojxJmK%M-Ufcb4JQDCyK|IiY_CB z5eS&eo z6y`1T5a-Pnm{8{&m+z=I$aAVL5Dhtx;xA_)7+aNw#nW(Yhr>b3IY)fPc*qQ=V9wS_ zQ}XJbZOkvoe891X7fe8BY1UHM^RZp5r!1>Ay+^8DybbN*(Pi`}U|`LU@_ImzN{nAK zXvq&qTvUfHweY$cSv8Q^rHh8P1z)B5@_~tXu4+wiPEE@EVyF$uY43XwffS~1k4(AT zKu;SSa}B+cxf|qIWe2jqRWT2|;)U8wp!3Ms@aFZeB|lmBebyy9Lj+iZvx5?It?ABl z0}`D{V;jGgl=CRt+Jo6`TGrJj=B)pkBPyn@bE3hMc zQUmSaYrgjLV;)Q4iKVTj+_y0%#=WWhJo>z?!WGB~3Y52pX2Y<07-J#{a0U@?Siv@9 zBh{$G*r#WgF>RoIL(i$D+bbQ}3zGZ#mXsoq`Gdtndxs8&H#Cxma=y+*^U-DlFtnnY z_&%Q;-@p&OGH9*KgFDQhDJ-wc>h+r|xe++>44<&#MPEECf^UBnNj*7ig}THOM~5w# zqV4yOVA`(Dn@z05t3^sW;X7S{S;`{;v)8vg2-?o3XT;VGIj0&msa~eK*X#zx`N0{yE6*u>d-4=Oj( z@yw9&yRb$SX&US6ecT^$<0cFj?8)*X5twO(K}*e#U&)KVZypS@3!@H6t_7Oy4P73; zmf&+}{iWpMak8xEXOIcx=(!^@W6{e#IfU`bS+%oy%tN_9&O_-E2f7!I zMTk9F5U`04;$YL< z^FNysT_SJX4bB&N?azP*OOE6f^rHFYy^4Z~8r}A2o8kyjN&&C$-m!y8i`Ku!ro$Aj zj|Qs*R0Pz|DzD~#=)Kf`%|3ylvH`tL0{%qm`1hczgaC6{mQsawmdU8Prrx<{{bdwS=~f$HS$o+em@wI;C|^0V`{ zBh?o=sF%Lw1XZoNe>CK*#i&kD64zq7fU_mP|BoN4b^TAF8Y|^*+O@w$7d#4-`tpHtj7M$rgOR=`k-08d!z=yhU!#_8#en-DmPp2xQp@0wYOnNXr%rx}UqcJXfP%FcAcxKBBUYzH$?P>oNtWN1`$0Qwq zt>40($&V|&W{=u-%i9?lv8N}%@N~_<8K5lnP?n%IWkf-pAV*}If@tz;3O#y(Yjx%>m3SnSPQ2CqZ?ui1(Zlp(^t zP3_zAmq8a${on_+OWf@D;WG#8B-bdF2>4E=UX7Q)XKKu3zo%P z0kIUI@pG)(*!B_&_@msLnyKW5yCt4%mn1D~GbYi)l>ciLM^B`o7g-yI!-F2)rr7Jo z_L~XB<0o&+jZjoltD;Hg6d<3$mnzoxzpFVV6r??tsS-`4^^HU3rokn3^xCGwH%N`C zBw9@FL@+if(wg&E@#04T*w~LgY0Ap-Y&EfgyKE|^0 z6nu@+IVPY~j&>f-k(?j2BF^up1PYczul~>jPP8#Sso1d~wQ1FUUT3IO($-~y1ZP

*>bju~)w*W~fKDoe!hnPjKN?F7rN*deA0RWNr-S*mBoZHa@;J}b-_LT@xJ9)lsfBo~A$xD_iw5Q(P zEvdD{ur*`}OhMw_ZK^;?@W<^AJ{zyePmeZQ}7o~pblP1bwYbGD7;@OwN+NQ}<^XHgx51&X*3K%V6no{>W7 z!!ssm3A#!)`O`FU`960@0ZnTUKL>1YO~EYysc|uCcR+HLCHr10CrTf;Pd#O7SfFUmwM1dD|0CFn|EC;#slq z%_bJK%P#4x@cbke{0IDY%GN#*`1J2N0D*My3lN}$E)X1Ni^K+1iF3&xC@4a#n1|X2?b-uD|Bxzi-Z2_H^oy(26Z;KpJ3s*ucJa`AsMvg% zs4)L3?6yoIW-@By-0Cz4^`qkAXL{m68wFb$!SDREH!t{`tjV>S~T7;`%RRyz-a$Y0+seCijf)M zYFmfkh9QB>S=#@RSLbAg2e3iFydpav6_5#g{4dIj)^owffM-!0KM7vgtQ`Q**^r$< zylQG`>hoZayRKp{bWdAGqHOL5|3!RLI9_Qdoe?fj8vGRL*JajX>znD`S0r`3FA0zx zCglbfxYyLMg7Z+NN0vvvHT zCqYDsxfh%Plex~vYqamSNg=gGV* z?Y>(0diS;W-B+gccvjybl<^3x6rNX59`9l6y4C(`P`kiJa?s8cRK227)P9oy%^$>w z)_Y|c6bC!pcn@xEwZH`e`k#f8AV@J2-*~x9MSqSvc7q_YEw2+|6*7@;)Sa*G63>E!#ojT=-`|9cy) z@^Gsu-$RB~`$(z5(S0)N#3vk31DMwU0 z=GCL3#gw#D_wtCR;{XM7)U$~*o>QDMt!%2V)9V^348=T7_Td}99TkXV%xNzN&f#s# z@H^&IHw$JqcgcFBVdDb(7Ptq&-51M*qOEyuvohVdHB$YNpS>zN99(5h*M3Pb)eF;U8G6hB0j=DJk_UhC!^H8M5;!IUBb5jy?ZaQK+L7A z5h$TY>jVWUHuUkA)p^0SdAzBBrI@#TMTN~0i6YfSHg-1ub25<7ByPihVMI*73~5yL zWn2xs!yjKzH}aN2J{I(K9)+uEasU)1n7jVK>=KwoIUu zv{H`GUkqsE4WAqGQ&JN&cr3He@sZ@gXBPROXAU(lkn}HpiOAcDy{gfUBV5iBHEg$FZZtG1dJA5wkMZ(0gGbF zS|+QC9@ZDX0CX_BB7aVDvH`p;W41TsRM8ArD98u$r6|3AQ!C*P`^LY;wrI}^u%j}A z1v01Eif2bRCA|8xYU~2Ky6}JmW2`;y$TZTvdGmuRB$DOP zP*5aw)$ZLXU1(_U*)#rceUcn+cD?r)Ruh03c&UV1(Z~qsgQ3p%;urg7NuxOE`4;L4 zh5Rn%uwl%bpiyr+S$j8pKFI;0Gc+BQuIn5-eHrXP)z$@Xeea3+iLlJ56ORMe`y{fc z8Sdto#3d;GN(#v%BiK;L5!_6h{==@9j#1KeKtdJ+Ctt6#%=&;*!l$<1Bx9|Xbb7II zJ=K6qO=oN!M7hgF20wQ{R93L^O*^SUUJXeJZpO*zR<^# z+m93GWTCjxyv2Hp6hr|;;gbF`d2_Y@e0ddfDqa8YADE=3`RvXZG4S4@g(aw7BR76_ z$=6C~@G^Lh8ZcncE#(L;I{VEf1O?vxn7^EN@6|4Q_4ZrR9N3QQpyaDYo_sCW{t3F* zD*?KO=@1>hEz;DYyYIbH@FXW+l+fWKejWKWjCdF@eQI~v_~_OWKO{~7xcMl}_BWUP zbF89Q*udygXS$YmuzI>>((N%<_%0m8M@ zPPVVkS0L!WP#175=Oiq|A$h9XpU0$ZjcI};+xuN6>q2dZ{rqB^pTTpDZ*Me>yVRxN zSZelBv!q@diPGDV^iMOJikZ!IhtKn)2W4m;Do>q>J`NA+gVFKx6vbD&KD{Y^n6e&L zL^!z8?$4@jXCRkyC+_?1RqCc}hBaABFs5O(3X*g=DXf(KM{{#7?jo0f%9rZYevjoV zNAlsY0RUiFGJeqon_#Nek#TJx)%1EWLa?acn1=dc^uuaijup^mkiFsU6%b2 z_V84p4hC9%n5H2x@|pD0Azxl|U4m=hXlmXRjiphv9Rt9}ONR?BeU?@_Mi)M~cG^Pi45JJ0o*vIRicWDAjnJVgzxgIUj!5NOd!9ne zwsW=r&Ldf>XCwU$c926TPqq(?-vknM#9gGE*sdhTEOUdAikgNkVd;Efr02VOIrN*v zAN)ec+X#Q)7XDI;(FcNuOB~r^1qq4t^fmEvKsuRs8|Yrml)U48nts=oyqgpO;BX9! z>;7b>L}kQIYm&*W8C4{IP7f?O!EXD_Wm0bNBJafe19ZlI8eFA0E0LymbZB0#Bw=?( ztB)Ok_^V;%3X>1h*IPr_D?Pf{?QPh~a{WLJ_ z+U=Kv-kzWjTUT5XnkPr~p=|O5uVr*oV~d(miz0-*2<3GP1K_VT`YhSpm?q?^yB@u( zstgu!e^FP!$${~zO?0d1jUSAplC0pd{p~+Rs7%9epekEFks!{(_o4N4Jl@N$=f4G_ z(o%85W#7?e*F%3a@+ElH^?t)re0lBHv}|h+5#=SMK=;N_sSCM0IC?Jssm=?n(YXk1 z`dj<#J1u{I?XFb~-OmEj*~S9zU!?^19gp4lKzO_zy~gTl9< z%RV*O-Zob46=tD|guf(BDCjWttwe6kreZOLqp_(KiFH^#VS&EZTWKJA4fK;!*HvGtuZd_KBWk1 z|F>8M)Zn%a;0G{pvTnlWq1L3enNC}P0tjX`MBeU$$_8Mgev_Ub=)X&Q<}8qDboZs; z8~bq8_(58y$Dv+;Oh-TxT?4L?`TV-k^p~ zRxyo;?{{Yp^OSAU}1@1@3<;5J1^=IGe z2vH9|6Kl=>t~SMOz3bWaDB@X7x7=oSYoITV>~AuJM+vb)-|t~#Zr^Q|2KWAaQ1h>M zS8G3})q__W*QQnJdDsOY9-&+B){y?OLqx7cZB)Qr-wa%PD987d)9Yr1lza2ajKcAq zkVvc>WD#-?%|Cfw^2Dc5NGsh=x z5k&>NY5f{gXpOHNh1z;ALr+(xN!}juir@3>rgdTvN&QBTDNJ~7zrz=5(ZHwP8t=n| zQ#}Ux!;d#9P}IzC?W?BZHb03}`Y;v#5D{R+nGC||^WCTgI#*j_c5*q!e%*ycC^u^Y zn(2We5BiF7Wcfs#^JGfJg z1U)B3@GKKTRavW>EYds*9uH+^tDMn1(GE9l-)IiJZ22g-w`E->(P#{Ih1YE%3()oq z#Ph&~g7-L=ztI1!$O&NoTJs)=5`GmEm-CHyXCB{n^>g-(vV-|)GwwxTq7PkfQXslM zsPYStGwH6Ec6KVtts|3K=TYbd*&Cl3lnq|DpF~RaFee$Mn)XbKc=Q6UXepStM9q8W z``nvk=&i_%5}z3Bl>v46PNtC#5wTu6p7Q;Y)a@=@purSFUlNTMeS4#FZ{%7ivhpOP z_VTJpj-+usf?4wdUo`;wL zp!a@C=p|R#KWe_@X&ExBM~P@zitoA=o4CoRgkOkjFyGpe#RX3(I4Z|83iiPuf&ia8 z?GD(?C1xelkFlc9q{ei3&nD}8S4b1>nns1cXC)Ao ztJ9(MVp2AZG3OF{s^y zHQ8A(PMdvRSQ7Jzf_66lTenpnEw|!%_^>b_153BV6ZubA9*oVqccWAww=Dw=Lj>##|KP%2^oG?u=)#pN-HL zrfY#zbiIvC+>`awzoJ=J-iTzeTT~E}1Bn5vWSZ3fL)v==MG<{#zdZ?tJmj1+l0iX1 z7&3xNk|;`4K#?E@B+ZaB0)n6*8ALKjlAHxZL9)alNR%X*f$2N`tKM_Zx%Jk)b?c?( zLl+bMaR8wOn4)Uwt{r*D0Z&Gxbk%$smQ3ZdH9=nSPFt zTD>LfDQPu9DK2M8<9F)K;E?S%$R8WMTz=mT>5-0Vkt28o@aHx?GUm}E^wBA&-e2Dx`lF&>8h< zhN%=YigHAP243P-}*=X*eWThH2!7-iunF7Cf0u#4nU$#I!9eBt&DY~oc! zCQHM+1X-LGC&R@ww(qBJL}^*E+hYOs4>gPyjK4`$CvHhh4?zwfGS+vh6=&vDF-kiNp0-=%E7O^8wT=@sgY0G5!K>|tE7X}D zVo3=v#3_Ed4)cm4sjDx}27(3o_pjCB2}#avu)MG=4tDzHELc&5)=INCQD(1~sLf1z zZO;Fj%4QaX=*8r2_f)o94_{)(Hq=#V8sU7RGpj12AIS*lM5qMvghsyaqi5>Q#KP!H zJe|xD_CIThfOG8QfKLtf#oN1B18N<@WyM;u=_4aopv|*}PAsH|Jo)$D@XsO`CP@5Y zh+CtkG~U6p=x+H_!~I54zf@sksiWJ26I^>6{+x|SfG@h6v^4^NLpxstg(;OuK4h~x z6z+uRawC2@-e!Q`Fr@pQbw^Cc)0r=FZ!`M|N|@!kk-nXgAm@|)0f0xnMu_T#wzbS% z(r3h=g0h-qh$iM`7Oj`l1;LJlTIoHiAePnh7l`kPcp#!i_W0qn?Z=C9GPJ+xUya`1 zHcc}@tvNz!@o0U6xqI~^ydC7_TOwlA$?Azzs&7hsnIo?ia=wEqu{9*wl+^;HoqSr= zi8hk6podGFO8h|#9HkR&yfa4!kRvJLl0pk$#?cR zOKu8j+pm_(?Rx`eD`#}Y)8uA@vuPrt%T0-=mBX1Kb1^V9&n$lBo*y=p{r3R@T zhNfSvKw>Ot)8$)dbCzq$(JaQ;a@%6X`)e7xaaXjl;F7v0h_^-)Thq`CStjp16K;I1 zUD^g_c^M~--ExPAU|Faq>1Irp71DVZmD$wWb7}?q+UF>$adTMM?9Xf6U@6xg9vt|E z{i>^1qxt>O)=Bk1F#n5CNs!PN>S)u@*=pV>=P@j)+0ue)c@&n%d_(Zj{b$+SEXKcy zY7dfll0ziR+%8}6+NOh5$HT!2qJLVD%o~S@b1$~cBg-xBx+j^c%<1+T5;nE|pI|N{?roQscHZ#jNRe_W(Jv!&PL)HKs zD2!Hm1D>G|x?KkNSQzN}Vq}d>qyT9) zgyjp0s-RCCv9N$Pre5a0G~FEjBIJ1x(2lSZybckpdOmYbn*v+cx|&^bl8@P@XIMZq ziwuVnLG35U6%*;W;#b90l;S%xwSKOqcd^%rIyZO@(_J;{ z_q5f&)OIfZY1ORZyAZEfIqaoUI_0*YT1_AK(;Fqx%LnlfM0lw!hNa{iFP5Q*j$=od zJo9tM$hA`V&4)w=qHvK#3eD*hC2h!ao73&xdc>Gs6B&K7N^`YfbxdqI7nDVFa_4T1 zxhK}=4DTo_0^vPhM3ccRIQ~{f_T(gb+S5N6|EhG4z2Sa;_po=$rDNrwvdj13ie0sL zpjXd+%1Y}q+#1CIp@s_8yy?|19LQp?C*Up(OY1wvpH{X)LaY_RVPm=b+7FeO`&{!aGtlm zdH;1Kbj*Sj7(F^c+~umz{`mBT$;d_6hs_tML?xRo1kEKZ z&a&5V7sB%lcUmpbtmp-gLH2^#k*oq^Hj)wbS46jDN@c`5bYhM@?7leBi?n{n5{D zy^`krDe(}53|$dh%;uo7Ga6RoP7U{b(byB(J{#h}N>2C1*X&}#R(0!$Ii4kH`TE@W zn{xGXeBI-tIkxEuaPH-1u@~L{O;P&$zg)cjw-Cql^bcNFf33wqqy8fm=f`&ZcZtG( zyH0SlDEXFDYj!{5ziG;EGZ+$kb8UIP&ijAOc=gvkQNW;+WGxCv&-JGHJ97h*PP zrq2{MWP*4bINhRU|J z*#TxP6TMYZ364f+S@GyC|FVgxE&swN{^d1)#iMJcPMNe49Pirj5hOt$Ftclb>rmTsetY6>0 z(Ep*~Tjy(`YB?s)Ok2tgK{XJ`{_0D2s9#3aopVFN^_W1OV>gzuFEM^xwe@w4B4CE< z*HalB1U4f0K_5$*r>^4m-Q1M(UhVnD>yLN*ujQ_fao;XHd#*E5r1HV&;Q!>8U#Gw| z+IBg7I#irFZniN6T2%YYYc)ajOQY>Y_KDm6SJA|f_jD$tmu6_Uzb!9+`7c3_>JfJv zi!tQuCJVzd*c$0PLXbeF{zr50vGd;Y$aU9|NgPbdK``8C%cvj!uo?2%!p zAHnbWF=bsN&jEPn7-@s9abBrklOLeXA)DiDt!UzP`br@x2o{k+_FcV7h-EGY%fnq| zM<-IS$bR4ABxSZBEW)9J)~1JX=T(SKDbfV@P2$!{nbA^a9de z+zi)sP7;w&#sd`H2cSv>hra6vuq<}}I_JBA6+bA1q$@Gs*FhMnj%Yq2<@F*=&lz+gonP`zBe2q@~La)ULkD z2{vHOvh7!|jGwV&xw&E7cz}YOt*xZuIAbwJp68?kPB*}4(C+#Cp3$EXZrcq@WN?1W zBj$WFX|NfmNj)2Y**O^^fmR@Y6JF~T2)xp`z}a>%aOKEHWhGc6etX6h`=T*^(y|Gx z4*iklpf$r%pk($HGN8(3i4@#|Z*a7wXeg`qJg~-W@4{dVw3l4vmlQ%b_-m=w969sZ zh#~D?>0q)Rk9)#ea_?5yh%^@!A>B$V>%x(1Eue?=ChfFg|I^u1{XZ;*CqeG#w^bW^ zfp;OKZ%fPmj!0SUqLk#FbLq%j!Ug0_!4s=FWnF6Wn_Y$`#O#z5kFBaY{OpJUTNkj4 z>K!PcUmXC@Nu1yu67okpZrIzrBU>P{mS)x5q82N((=gVU%FQ8fR7SrX68KQ*vF1C$ zR;!oCOYIa-hxwz%d5I^SzXB~2+ch;EcaBq!@{M-ee>UsOtN=8Wx}xn$dA}^)aN4T^ zV`yq}iJn~JP1DkCXrnEWs^g&0JuvfFDmi~!8ka_e8Bb!)?Sy9SnHPk1 z4>=qb+Okl}q=lp0$>#54S%#g}gx@yK?DCTuYZi?v82_fq zxSoa0QyRfNbt$1tRNX!-eJka?cX|JO7YbZUKr7gfjm@lbwPOGng_Q?b z-*PMdnr%4Y40-t8ob`_ygtiT1)!tbGQHLcL9DBolR74liI)KDntN~YWo_2^@ zn)H5(tVA5-JVDSpOrsUu^XNe=x!==t~*9&KSAf)`BLvh|oIM6-;OTb=uW7wqt8% zQT#SeNC!^$#?{n7t^gz+0@8VEblJUs)>$U^5#O!^=<-lo1otp=eUPjd2>R^|32$d^ zJh(_N=`A@X3C;U?5<_2lR-Ro^-NUVYuq>f$i_&n4|nTcxM91r9n zoL8qP2{9M@=|+x@wZi-nODz#VG5Be5 z9`UDU%j~3@(GF}l_5H=u5X}UToTFxlTo9#4&(kS4zB^$I zA~uI9buUtp5|3hS-(DN6{X%?Rkp9XX+rR0uf;eu06mL-ET~yQ}Qig(*V*xrh&UbJ; zw_;gGi=vi}3WzDB9&weUWu|K4WjonsyV(lvab~V_mzo`ewguO(XZ*mZrcJ*lyk17p z$i0BEewOJaBk_we0;7d1G9_VGNjkUv9evU4{%=65_}EGXVTa|nDO_F)SI z?*jMXY}qEpUw*XuazXql=}r?$cq0W`dOI?&w0-Pg{6@Ox6CRQh_A=GA(#v%(i_9Oc zVyokIpx}>Ds7(^N_bqh?gm`IH-D_$60V_Z$cA!(@^Wyo_S_wFAX<*wydIG5SbWl`= zJ(&_=`$D>QHhAK_U26{kC_-F;;KnuxmUNUNsxwliq!OZ1oO@i#f2?eYt$6p0CHha4KOeDVB*dHT$Z;7jsg z=LkQqNSt{%a|x8Jq;6J7m?o*KZkqLGF%$pdG==S>kL$X}KN z0NOa2;oDAn$86G~a*XBt+|Hr-OWDR3=MAjbr``*MnJ-w6Hhw@v&sWQ29P`FMiwH#- z;>3y}wN?hX9q+wXBwYxk4#HX@+#L*pj#ohslxDM*ecwiY68%D>FB(fr_YMZeQOj*wC^ z3DiNPF0|sBrM^k%ZW!9B8(RIxw94G7`+A6QW)FZ^XhP-lSwLRyiq^>7pb^Wh)i8-6j%(A*f#- zX$7}ml=uUo99t#})D544|8T7^otT;JmNs@_W)~Y(*jPp>E9KUTAL(G)FzgIfkIIQJ zbNEoFeGx82_MHEsnZ?mC}_4D1@$PQ z7d#O9Fy*Y1KDjb_P&g?5EeD3nnmU2fP20nr(M=gmRY;BU__%o=LB?a52e8=eefsvN zXo_eT&A@xTa^;Pj?!?X)vqazVm-Q?TPFH@`(jJb!B#bL_0Bgd210>NOZw%EmtIGp# zD%lLLa{kRv1J^j;X5umK*9Cx{1IkUDz;N1@M0(h*X$+p>Ua|HDfF|(3$*qO98Q!ef zp1fEopit$J)spD|lavA&*WW9?~^GZsBj z!ct)=?RMZukq1F!>$mqHL4}vz{8+6#)uW(3AWEv0LYz4n1(g7a;yQ2+`<25w-yAy}wY|N)1&Wfn3Rdb=u8!zk+zrKyO@S*k|%X(%I`v}CxP_ifF?s{ZB zsvoL2&g%BOHNkcDa1&vO3*zvSf$k569No_aXM&_Vyw6OnSll&F`@x^h?){24L$k@u zoqr#+0chDZativ4I_TDc>dqM%O4^fO@Avq9zqJG6qi-Ir&}8ACYYlMl zJi@#FrcN;Lb5#tow@T#)Zv^~yHK?bfUVm1$T8=brqtN*#`Up7whGE+k_F&=WX-S^> zAZ$2_8yY)+QfR=RE?_ZTJDXIM zFuCly1Limju66Y=1}ZJ@bR{l*FDtY`+vHodeZVdsR@C;E(9p6goK9$SXRCrZ8!Bx? zCqQq-6`*UyKDGMOcaTZm_30lppw|eO#z(Xbz#E4d*l7K19l&i`Yz#!50?a%~DXIjw zV2tGe0(^PK>rnKI*$A0ZL)?RTF84V+9qD?}*dC}$tB-KsA5*U9!-3d`jO8v+xRDM# z(xnOI(82mme%E5UX5vrU6qi`(fH^MiabuqgH^f~}N zfQ-w`3fAe03JdfjjkB2Nd&6h4TPP?$wuF_{iupu)A~fV0KoWsfy!Ple0dO!c2b*Gu zt5v05CZ55N*7(bx<|A|2xED z=EsuLOz0r2HylB&)Iv>0pna6g77a1pQ|~o?#qq-rGdF~Wx4nTCPLy=ZE!Os-*!mr(PM;Y}4vC3t)xC0qGLg&*1`J z>gHf()$)-Cw8nkldlH<^B?FYAmaB68@nf=?fnSc+tpU4Xo(KjLq&ZzyqM-L(00Q91 z(TEte-?}kV)GiAxfi@TeWkA~kx5%Q%)N=2>GjXK&vqJ%@+pGmTRfLN+o;aj_v`mQ{ zzmv)HJZ2(#@Z~XY=z6JtkrWZPSbaaP)bhcTso zz6;1qq^zV)lF8f-=cRqN#b7Kjj<97xtQeO#})^ zD-MWeS%he%jX;JpBmpe~sys48<{q!|qX85h@g4Ch9#Ev{!@gso+CnoAll0CLJItl| zqRcP0KeqAwtf|C;HQ4HVm09|IBdlSpqV@&mJlXAN0OvJ2i zD&Q{C8GE?ieN6v+f)d+KCV<*uy0Rx1k}$l=bFl!Prsolh&dciy;sCvT-+ML%tv*6* z1f&s4zL$QCOz!1!4_%_c`v)OmpGa%;!ynNJQmVVLKJuPp6-A0bAr9oV*XA?96K3|- z3Qo%LUM|3y%G0R#&Y95w@mm4vJr_#^Rkivz@8rTKcj5U}gFJ^J9q0dloCW@e4FMj! zFoMfGF@D4Ia64<`c`x*RSlUm5AhJr#r%5s%#&@Mqq(!P`1%r-{*s>bl1lJUwirIR?Ne9emGIFwHRE1i>BlbRqs|cI!GF#U6jVXtO`(upE|DE;^qQG`;`XOo| zY`Z9c@U2<=V@g~Ea-(WIz@6sq>whk`#g9!bo#t`K#vc$OSflp@E=XemOXw45qdeR| z6A#(7Q6fKs2SS7c^btni+*igV%bw4&9*VO()6U#wu?eIhu_kD6>N2( z_#j2|0YA88=pK~SuvOZcBZJ@5P* z)Qkd>MF0=xvU=E$^YUiH(9&BDFO6G@#67L|2M3iST0yA@9<`WPLHG3^UHSCf=-WZ< zMQbYQH+P$3bHHbQ3u7}1Lx9S^OEpwjC@=lT*MT@T|AvR3lGOO0X8PG_nSkn%&@Ti2 zWn8pEmX^hwQbU+yLzKU^;a;i@9!CBn5M=Kfz7uxS{gej$a~%OrgB6yH*;ow)$$5KO zVv+J(Cr{8HY@H3Q-&IPdTDB`F3y@`rcs*a!>W_^-7Ke*2?AiKbi~ z_Ie5KN}HU<`550Ta=X$d8;pHmfTEE$>Aea95(&6>Ngv6&GG~IRHk25s6*Ct2JYbLt zkIM#4!3!jYAIkLg!;Z#&AFoY#i`dMoWSQ9-TE%KuJU*jgCt90N;4YQiD=Inuqjo=@t{~ajcXmM}Hp^o1szUG& z+6MOpmbjkSep9_-`_s%@HsHz-J23-h)uNExTMFO&$X(yY9BNo~fRK0nQeHxiVy|^< z6n<&NYA7n8`4NeV{j8W+55P&+0HgpGYSS8+#RF6fp%GX%7_UAH3X;Wkf;_fXRA!~7 zSNXtK-d0MeM`0@haoK=Y4_}~2;BpSo|9s?~9FoVKwdZVVHK?(*5$ykFwfe%nxdt-1 zOKJF5+M|*M)!hOrT=bkbod?Lb-4-Q!9K?sPxhxL>sI$ecxR&2gr=Yt6EuR?5QC>l@ zJYQBxkDWu|jBV~4^M1n$WJYX00y`c68#yy?-;m&nhJ8bpost(8T4fGy+Y9#9oY7{0 zR|}>0HQ~<*6-M)C4I@9ng*`f9lED=YGGX#LmT*SdcMjHQq%Fe;d@PuR*F4CKIeRzo z{*L|tT|_lYf~`$fgV;0vMV{d~TjG9W=OYj7vA5jpeFxla>u|BXcYJEua!<4L4 z20hI1Y!;B1xL3UNOct{VCy%+byPs|}r>-f03wa>vCoM;_wg~JL2vjA5bo8ym z+=3}E7j5XP?^b|jh8hIx@$C^bG4x>}%_duWU;cy~(Qt9#)_UOyoo!P*s$2GVGbiAp zaWL5TVI{}TuL|>cY-A53Q4wIi8*mO70$NRZ`73{)Nuk(fq`39n~~9Y0a{HBBUE zXYrhO&df<3M(;vA04Yi+^3zQQB2S#QfBxlV(C>7eCoz8^z+MpCA+obm?Re~R;FKf= zdylWtI^O#aI~#Lv?qVCKr4!>5Z-0gimJW=FE?dl!Z$fP~DN5+7dGDK|mWGTkSW|S~@vFH>}|fwqf7*lx1KX};buADcVN37H}6Q3}}OMe~+XjZt8 zYsA7pX&g(ufcv(%%ca;mw;}^4A22ub&>$2YL2QhiMFg3@Qdt}-8RPrgeHMN-q%Mz-xl69bZ#SOdwTVYTMzqDGLmEHOat<)G3gk*_FeDYA7pXqxoaxJ6dipc)#V-H$=e(kLa(6r{_S@cE1&NW>h%m> z$QSHqiWF?z1{@lFY{YlxHw7#7p^;nJBoqhdaW(uNUH>e*ZK!sH&z1!lSr$v!srTq* zauKG;l=Mu+g6+Q^wgok(?8cWH2DJjU0M%RIyQ1`PJLFO8B+`qKuNHX$?>asIYY#Bd zi|I-&FFMAfMgS7H9))L{ZfrDl>>5Jgt0Mrv3dwqT>n889w5{x=lK8#r5@DposFUs| zSt1!A4>dE8Y$kwX$vDIEAsGt`uFsO{Ih~OvCMQURs<)_Zv%%aNj1{6L%eLh9HuDeJ zo-aYEH22-E&aR0u>LkUNk=2a+EvqI57i4XoRjN^4wtbq-;K6%uO(>DAlJwx58{PeR ztTkP=*Q^iC)Q~G@!2%hs1~I*mSOC6Cc^6%!IU~jf7 zVf&RFrxP`GGw=YNhiDd=y=;D<L$?ImC&4U9Of|OZ;PfDTSd3@CfSp zlaT>{LYc};kBKK_NYWD2?#3rS;L%wWW{W(I*S|@pPax&n&VkIa=hc??ydiwM@~MI~ zulS=ULzgq4JnoOM<4$r|@_>7fZ3sA6I?J%Y_1&kV$SPDb*CEuPX_bH?xy#n3$7H&s z1zz+L^KE@>PD|d$HcE3l8czw*4UvC9E`(lcIhX}$kWb(yau2D$HvdRcqG2ZB_rp>5qWp(>O+B3AT$>XDFiD;b-Q z+jU_Sw`l5^8#MagXeXy(RX;xe2v$9N_{3HYppvS9l9tc4^&=@Yq{?4$$2%8l5VdfK zIyG3<+sD#WPD(GSu(JgK6F@>=P9m~Si^+S(y%lC~R>EzqN#@r-dBx>k-8p?&-;W~+ zQblL=Dzv3^XUD`p$|3}-SqJ;|Og!+8^yPK!&3Cu!hX5;KYrxnf3l49^ry}kEwp7A* z_Y#&V-X6qwTxC{VI#WcWVCl7!sAcTmvu$(m2oi)oRByf!I8obwF&zRB?IE&@_dH&c zQzlsM|BUYT?i6k?l6_vO3&n5bzC0KK;t|RaHy=DDZ{iR9?J(Ywlm_nYKjM!ZjDcR5 zV3oo4RAsnFS6<}!cc$ld#Nkr_0ssi0oK44}B` zo3wFqgF{(QHhvoBzIl|i1i`^6?|foeD~B4;yqIK%s0Zv$92}Eprh7;)-%&>!8lOxO zc~`{uKC@>CYxR*UTryC>j#vnQLDVAenSK+Fcu@9mi}0KoMe72C$9b;OkbFvSa} z^8hGnhPzM6IvKmQIP5R|yDu45#3?Z>h0nQ9T}hMU&mDyFGbX3wrdMhwn#dbfruRA> zz6kVVj?2iuA{gxS5azizUy~HZguJP6jsXuB>3Lqu4@F7yg^G>lIG&!+s9T&k~?e~BkPhsna`F0`ZghP zGv*t#6cMU(X#U|l9nwH!rC>0D_yzS|s|=C8Q?t|VnxQ#m%~B*`J}O^Ynb81`lWC?H za|ZXFS??Q9uT=Jft#cv$oFaehnRSK4rYO)TL^V=K*}zyWp4{lrv%Hn6`|M)%06;Eu zcs2{5x~0oZ7BCY(|NQKgIv%sCEyuzgfTybr)+njJ6qsYIZK`Iu!2Rdm_1-qU3X1ty z!;8;<^>{x$k^38F&d3Y9^G!6685JkF6h!CR|A30VDIVxx&WV4tULb4N&K=t2@kO1L z#6U5_`E7#gqL}(^8q0G?Mnf9-3Q6+l&3jSc6Xhz(KIvwoK%~kd0L3xjfX9BJuB3&5 z20p1lSa(i!IWAVi#PT*QUH2aAIE#g4|A)`-o3WOwdkKx8PP`p3~~)g>Fe!` z;5A~NLN==%t74ix+~CsE8!kl^TO^u6w4bLt+vpX{F=>qv0cAYmwBU@rdOA6DG)0kN zH5GF#0K~;#H7!)3A*w~6!3$&==m^n+o-CwU`GKy~&u5pV37e2C^)C6ealUhvp=-Ax zl^!8jampLHPlFh(-?~P8Q)xP(LRGu#R&UwH`*xSE^>?LNuX zOQ{1vz>GPJ*G%~`59qD_qzMbOZ1+2|JP+K74@d<#xOh1d+J>n-aRC9u{Un(d1t`V< zvF*X`IvL~D=o^hS84hCVp`IQ9gO?Y3nI>1`Ebjd-=U*+%I7aftyI^sdv&9cAmruA;rF znSNksO?LtC1Yf6AP^A5Nk+{HSZ$!s+^+8=yRfi+!SeW&q#g^=4Y4}b6jJEOKhZ7FS zXKW}`+g!z|c*+SSTfMFBv;(dHPCQu?Eg?d-Bpv_8>44IKT11p=i5 zF4fZ?ai&+$Suq=x&)CAS&=WD0zQRZw`hal=jv9?p?`j}_c{=D{t*d^}WzEP5I)s+L znad9#X$OmI?40(g0o)HHLgMp-rJQOCMlx?=^1~Ew*R@WS0Fe~*oRNcMbOBefu(bZK z5*LEsj3s9d067oxB>2bp;gF&67F78r4WZ=}ryJPYZF>j7JA;o|` z9Sw?{Jj@t5TNrOeK|Cwj%(|Br<(k@VS*{)xZT8Qq##7rPz`OkJ72##zC`{hK?4 zl|@(>Khk&?i-P*D_d<9--9P;DGy4;bO(D5`&=tdC6SnX|qD~HZ18Nsh7`68!yLEq< zSA@FBFB94ZAM3Ax>hS-TzkcUKFOu5>X}nVK6#wT^YeT^A4oEtxt0KGAGre6LaN}jO zQ=h!$?+s%9`g@eTOFk|dn>*Hu7O1^hMRi0#*RY7d6MgwO2e~;P#_Ydc`Pmt3+h(nmyrKOk0Kpc#g z>oN&d!$_dLS?d0~akM__6Zh%lA%cbd8FmSUw!ED#m{I)QmWpnYj3fRP8@L_td8v6G zm~>xn#0S^igJ4v^&kK!bc!$olVwT63jIDm|u+^*gJ4|7IB6wt*riYqimn~Bm zD@fqTJTcc#i|{T9p__nemD9qM*Yz~UmX^9y{x@{(E{lY zf&<|R7nx*Q(>C}USXyX-E}KB0KIL=>{4-0u$aKF%-L}A2b@F}0(`{(fcy1i9jFY^# z1h72IP)7$1u#gsOFME9z$3kgOhB`>tjCVEY<&zLJU2AXW*?AY>o^yM8MpuTlT$Kp6 zW5Rdzpk??0l{MB&eqZ;dUIojbH8nImG}1H*PdcP?e7otYT&t>L7pRb$+#jZzeP~f) z543K;&#y406$Pa5ya{4Z3(pYFykfrQ@?2-fHL!C=jeXa?)=TKHjOt3?x4FNk^&Q-DS< zyAxL&07Axu-rYI{Tl!f0zA#_B z1W0`6LK(@0DK=U^yispA$djdc@pPJ@!K>?JniBAp#!@Q1)xkUI9xU(Zl!HD$3L}JtpEl{Vj^~$T7)@WU;zhRgUc9g@dmQ~J%l}y?B2@- z>zCom2$?bVNzM68JPANO%)!aCNg?U_ist6qT#a(Mohe4#wh^~ESIYB-c8XaulhM~8 zm|>d)OF2_gr_VA{vTWj`P#-mVp5})Xo_BbqXMj(+c&c9PM>L?410;TjFV)D)a`-qu zsnz0ais6AzP*&^ezSm8DsRfJVmFaoEy%()^bd*6pwjr$8x zjv?#r=MuX(g!NdW(6>P30vW%zMVn!-rPGr&qx^x9l(Ffh`>$LCoK)+H5i0`VwU;!5 zBh&i}z!_V9JM@@92|RvUzy{yePOo+#dE|{N;@f$B-usY**wrwncs8w+%@lWY`G?J# zL`VE)sG86CG+~|uP@!$G!D_Z)9Fp)|G>SGbq)lxv6@7G8Js+EG{wDZv1+YH*TAyukFTxs&f) z*3%ywEyb#_V1Uvk?6Y}7k^!-}&o}%29O68D*hpl(pkb8x zU$Px##^q9p2FXOI?Kx$Z*nYJ=d`Rs9l~TUV$5I8Aj>osaZsLCl!6Kj%2BR|D3gii* z7p_k-CkWQJqn{0e)9RmW(mbqWR&rE#s~J>mC24JuqZAD{_7JMzF%l5J?}a7t56=^2 zZ9QLly0+l!Ip%ex>@vxB4$N-d|KQS}Ym!tdefe6Gnesol^xTA#c=|WrIrZ5@SeV7t zo&^1QO~gFO#7TO!r59B$rhOY{WfSq(NqSb_Ie#Ccd*q9M*zgCut%AN1{K835Zi-l* zQtM=5@U6UK1D+CEUe5Q6=n_~kzi_oNJB65zc?4w^&se`b`*}B;5l(mj@BsUWj7uX` zaN6(hqPCAuOs%Th!14Ib3vV8%&@yk>A5#87iPqM^qdmy)<)s`(A*I7;9bo~Y^<2up zAD_sD{4dQBg^N_`1Oeucop0Odto5Jad;M&@a;ski5WInGi019vWWTy9ANVK(+^`q} zH_u^r<1#SMX4X+P>XAU=2RzvPWx9N-<6 zdgjKLf@hyoNq1}AxIR6=)DmH2X57E;W=loMDJ4-txv#<4Y0nBV(Rj8r`a~=40xZBo zf}7gkQ0dTaI`qWK;F~H!Bc$y{_dw%Yum0W#S7Y;TP&mK2*o(6B%nk1hsTQo4um`;? z#jKy)Z#DJB>>vB(tR8lseWS=cPL?tOXX@e5vQE|Drat@dO{udv^I@|9!hKs&;A-G; zZK2So5&moK2{$nd?pWzZ(azAXc0uz9>mBV~rfwM$!={5$PAzVzs0UAO+z%6MDcy}M z*3$@xNSLy{?CU{Vpqn*aL9}h0;>R2hU`E+Snw)Or%m&g_V};2*tk(S2)q`Vfj#z+W zs4e*iwRyfk@RUNQBFKhVEQi2t3mAMNi?r+?YMKq37Q;{=K0}&yDqMgklkl=UP$)b~Al-Cgp) z9ce0b2-}bdPYeN}XS{YqJ>sx?(KnU640h^5;@#@1wMK{cr`3kZyMz1_7WpPn954JT!McFi$Nl#a5q_2}{hrxgbL zAbhKciPom|U(LiCk_2nDxD5ymUs9xA1Q_J?PA^Bks60!)I1-fo`&s&X!+#bxz@ys2 zM8aO|==y5h8x4f9e@IyUKxWs8@zJhs2;Xb@dH2+^wKW$l7_sM~H87@1OuEQAk}5b) zb)P55XTN?>sV_J@(fVxHp}X*;KDya~_!L8p7@ne;bnY@d``SNc>o5@-Gd24G^pQ1v zyU_l*Tn)h5(PuBNkncWVCYjuZ~kz` zfoi~oF2d;YO3}QJqTD^ke}4lTQ$j9~l2!81b3$nTUs)8rW#E3x{&59+T5%zeo zRt9cUVmzsKjoVUqesi8&KQ^MT~M7n`8B9k3P!48yBA{Hl@~45_t>ieZzHdDQ+>ckkm!>*avs1C9q@O7C3+)&O-!8!)(0MChg2#Ii)kqF!{>N z2@2`x8Ukb&M%PQlT3SzO7HGEww<$;dlnx^8OdG&Q-`^{K{E2BWnEM@Vv;O+`ukO*F z@5J3uoP^=Uv#nehlC{BtI4Ka@HbmO3HlCE5+-DwY%6kY?jcVGPmHR2ukZu?YtdXLP zc34Dp8&LNo;kjd?Sp*+Q=3OUqXQ3LVSkSlpzj%8Os3yX7ZFJJ;CG^mH?^QaX_l{Df z2~rglDTeCh`R_h=-@Dem|NU0hWae8* z)?||Jowq&DV~}Cn1-|jazlfZ4;8Fc&_5I#oHKq5MZNW`X)i~7iK{}Mh1Q`=9WwU zxjc|g_(WPeY8N~9cnk73Nj}I>njS^uamI(2HS=NbYqRu z48b^o;N|Ca9%HOEzv8aW#w5zUin@Mcxntl3buPR4sJjWL#DFSw(3BXjnQE6IyV-B< z`>adyB!5Nrs{QK;Z7U=M{bk7W1=+Mbe&J~b9QoJEI_C6^YwDH}M)4 z`)RWK9Ow7{;kdLav5?)_{q8%HJCI0X=K03I8d`j`OoV&mPi^>{H z-M@8NM20;ip*DVy_yW_hCLlZ>jf|fAo;ZudzSiIt|F#Hk>OUP+@lY$qp=>Wd0dT9R z7wxJdqu=Xuy4t(#1dfJj`+PXd;0Yv)O6x2N1L`wq>N~ht#GCA@iZp8QVrca6E;vh| zMpcc;I>4N}uZs;zEYiC+x<`bC01AaIJybSxtbswqal7XVA6~k}Ho1Sdo4bD}gXy;_ zHacZXkZoBhi%0Z=Hl8T|2kItnB$xB)^WEq}g+`4F)i8Jgo6Y^VAH-LpQtGQOGO_$z zrbsSbf6kKR8%^KTAMl5F5VE4(&`(&>sIJ5Uv52o~m#^!jbG^Q#T(`zMw`-KWeqGW! zbGG%Bgv^%tY(G$j?DI~X@|ndp8fRr4A8jN3@wOz!Fi{CEV9+^4sn7Idps+<_lle%439ekLk-$J%B*xC9&!*8w6zKLEc(ez1y1 zhWt%`{i#Oe@55u_o&9!=)Al^{0(GY-FS!AC+lfv8Xr9e6xSp!QANSPYo8>IdB9=0A z>jVd22hXr#DZ^nZFg-EpxueVY0m#jWO(ZvVMu5Lq%vCG(G3zOz{fsRYfWj64E^2wI z(-o;Gnwu0qX&+xvanDKz^G|Q6d){7QV%|DFh)f|B89aBR)-EbO9S6ZK7}I@j_bf*i z(U}3_i_cGgVWJD~|Gk{sLR$!$DJ8vC+lfd!45$ydIHLZncKqP@RE!zXfWWE`*ks)s zi=QNZNT|tRVbLo;m!M|z?^6QiF?fE=Zz;`rVMvYmpi>Wi;;jK2IsBTn^Ax?9)$Q{4 z?23<4_u+oO*NRWU?NA($sfX$=9C9^2$nSnNU^S1KaRhy58OQgpPFJ^N5Xl(Y=_I!9 zbP%_Rb>RcFvL{Z@?MAG63#L9+t}`63Co(@4MZ9J<7I!gF&LpZdEBH`@BGOKl5yO|!3)rTa`pg(+%XhxwH#j#rlIQ4=Np0r*=Cj7^3ig#Hu;=9yO45D)^3e3N z#m?!s;bj?Gk=H8EDS{HH&k7fFe!bZrvHNk`cm8ngdfs>!$gAI}JKuGx^gj%>P?@f> zOIZpjDzlHcWo`rO2eml;TB(K2jIdXcAm$O#%E5|0-2B%4g|raEpX}N@Uf#im-S%a9 zE|ELPG4H4GWV)pc540>h)j19l&z|w1k|vP=4MhtaAcmMRLJ~39g`^AE<{O2Fm~e z#Mj;iLrcCJI+EQA3{Wofl?mU$fyop6={X2~pI0(!497PfmVe(FLXjG{!eXy++_9*B z0GeT^`M379=dDZ^e}Sq?-{wR$F2qLw@+U-8lqFe;q+2asm-Q&_KBi{_Rf)-0u4UB> zf|x`0+Gn-1nAAWU`lkXJ+_R_iC<)QVkZZLJqnz3nfE`kB-CmHHC{lbj8lWPEv%Fk+ zBCNl0v9PAYr*S}g3UKe@e?+rs{=pfVgpmGkI6OD!Q+gHLEhnl9HEuPhJ!JXHA zKzMYTl+|Hv8o!bE0%s-nX~2^Qce4bo4zYAjH)D9{xquze`s5~r_SJhYjVkU) ze>4S_h)Z$PAXzy%Ti zP{Bs&uMzN}$nt#bWQg`oVN$C^UqnE=pc{$HZ+R&ntJ8@U4+2DQKvlGwrE3Z>PRVpN7n~k}Wf0X3c3vOXySHTqZ{PL2S}mdr zE{_37v`kop&Fg0&f2uvf%W$$tvW8NQ^k|sYD&TF8315}tU=ZnYO}Gn{x-wr25jEE17g*PL@DmApcU_`gvqVJ34cS@DLA>l88q`g-Gk=K1`mJXTC!}ctFPpC%eTxnR zq>W=~0adoBa>=T#v0DqF%LbE4wpCNL=QCslwl9T6Hj`wByyeaD{3-3Cu)mVE)?K^P zmr)mI{hgIBBbKD2691AhCX+pudpjk<{thzVfsWWCTva``3yvC(g8gfB?*LjP-}QAJ^Zb7>9shkw`98F5E2vT&;PdPt7n=f#RwI?Z1l{}Pqz}>k53wr}A%Jh%u<>~jFNjx-g=iK@M`8g{Cm zxvG^RF`p_;yh}qq8XY=#yY4mBrOVIxwy>x@rVtX3L_fcYUwpweFYvdjW!yD((y44= zBRH$e2hiG30fbHeWxLd^y#5limj)b1MUX5*?bR*fV?1XhQXe2mNo{k{tYM5ohD5Ar z{^nleqUP$P$%G3}y}%qRNQT0n)2N;fpFgM8|D4d5*-sNqXbAAY!hC6NA@7#hMD%Kr zlP`vNlG3AlB~$9e`7!4ka&H>I(Z7IN0)kOK$BHOccz+U5B{HLUmq5kaQ=as5VYW2|i$=vy) z)STaCf0`1$xpc??YMf9b{fmGwMJW9cQG(k~MkiIe%LOZ7LBKv=NG>Asf zCCZ&f1}aA@pHo>VX~ej`PZViV!t_RT;p@~KW^TJg$Dw5@J0VC?d91nxOd<2PHpgYc z?B0t=2N%!|Js%;ST*ta00N%cMQ$h3D;Uji<)w%1& zESlBcG4yV?dfXL;xuWlDSR&K3z*y;0)%}m}^v}~sWF1r)mIq2UACm>0k5HP>NCaZ$ z$`xcD<-`8&1zC2561oo{CJ3ktmKMiXc9UL4dK8{dc#rTuzr^auo#`nwVz zYAk;u+a!=u%S_fs*j_IIPT0ACN3S15ZM`n-)Va9g^9tsf@3V6`ZKL+Hvj@)wlo1Ln z);ji{b65YE)m8amp;fv}l#r-FZ&&d2{JlnaE}N^{vCc=w^BPoEgst9V{{Ka-?teHi z=N)}XFvTSrS26ONC5*^y&XpEnZ^CI zex!4*o?_xk%FnN5I6R3Sd&5}F)g+84HxM_{^tB?l`hPLGOdfgm*@3Z9+zGE-FH$ghLeA@6jXI_ikM==-fMwiU0(wcsy}%R-Ps-vY}oBKp&sGNirLT#3Ea zR2)p#*7>5bGu<;LFPyjKIlaEwuU ztyx-E9EG78#~>5V%}(eIN&YZBI4^~EX(PahozbM;fkkOsnc=66$J=gYNkqtwR-1>t zJ*vba!t&FRm)MEB-z#^{KSn*;_+C!9gR5lSM}O`9$d)Uk?(fEjxnN?53+iqN8FBp_ zuyqrOXP9Bqv|{OOD#@5WSOdWf(}&~mfRgGT5N!8%^@m)~pSL-8(h^DTP%v6DftM#e zbu>{T>m6VeMy|Z{Vrn2L!&A$)EWK-rI@VQ1_#+Wagbo)S=3(qn3+@w-ZVgaP`v(XS zK{66KiPtU<)kB(wHUdD(9)>ur(GOW27~Iv^4Y3w*d2;MZJ4vRgA~(s6g{~qX7##_l zRQ1zb^(y12zVZV+E4U?|{xbqR`i_>y7Bd>@_i1KTdK8xtM^(dlAjO zMWfHFCSGdXd@O*$hhR}840e-~I+@mr2(dX)?VX=dX)p0TWW0rYlpbs>B!2O zA1fd1TF_L-A<2=|zTjam+2_jq0$AGFDTaSCjlKE)S1gWeyC=41jU-ufWc|zuT)u(& zJa>%mWFY7UH)*?$+`+TG@sqw96!8m$%`Q5G#vfq6>21yrZY)>;0uomj$cc)0T{U?! z(#KspgPzaLgMA!+Z;p7nhMBP>!GTw8f6+1o8?(WQWuiDnWymW&3Cw|eCtNYrELUv1 z&dDs6tULQ~Mb|e~ergScRoWnsXyQ*j&Zynl>ONL61Dv4m&qf9 zw)0eH#KHtYC9ZfN(6zQ9VHpqc{Tkw^4*r3K^Q1yxV`S!CO(Xv(Xs}ROquBu-U+N$* zYN4)*x*p$lx$w53a{fa;4^?-(&V%H;Sv*zc^}IO<=+g{vV(-Ce1ZH+2Ok<~ajS z2@<)ul;Z*aBuxLO9DM?P(z+g2jKsqX{DVprC9&caneT$xq*xN5a36ArM5L0$eLnbo z(xDKO=B=xtlMg|EKdT(@cm?iYZ_D(v7(DA5o`DBG5JQO7RhV=9FcCdwOe8|lh<(sC z=Ii6UV7e3ME^Ic~A1l@PWFBz?t`=*i`*1qNC9si5neA%hJF9jo;n%Azv#rvM%|RHj z*DwZv03%8%XeBC->xmEklB}?aS^K|R4aymQ1YREYyfw60%l{!V)Np4=sg>0D7Nhfi zd=3p7N^ioo3+>(@)BF^-SqOrA2;cN8_d)P!3VEpD{`~w)VkErx4U+;7&k`{~m19>^ zq|3f_#GNCgGduyu2++k2k|r1zJ6O`UNtd1P-~+)p-sz+_5Fv8S?>fVJ%~1CH!piQl zO6n^L7= zKyar0%bO%o7Qsly72S=rU%59L-X;V=DYgGL}-Bi%LHz2iMI(Jeevgk z&HuKCE%+x%vp>iO258iZhtBWL)KrIw9s$#ze7AqF^32CKGp%=1jjq)H4QHj5!kz>^ zq3p%iF;kno=>-FO7f?L4EPHQr-H}HZ#9R>dKo_3_$aRh592JrRz`Jq^4UljRQleP( zrKlFOULkfO%8;dHKVV6NklA|7HpCW(3~;)})voseew#uL-k6gDe_%FJfDg9Ebq6l? zIERfuVG~<_>JS?ru7Vvrz{k6$pQ9=QCFMAzNNk9m*xj>P93-z7t9~LecjL-^K2i>y zA}Cq!GC=cg{xKyas-ELr31$mSzteSeJ?< z_HvwIb%!g`Zqf)6^^0tj!#DuPaxYkxer162I6ONXfLpvtP;I^C2CDTz7UP(N1g}&C zK77QAR+Zjhl_b;9Ix5e1_ofVXJ*>;aFD_8Ho0IRut==ibc3mdnt{rLeJqH)q_9&ZF z7?N%u%Pi=@KDWf{--a4G1@h{u+TZ+zKTLgo#i20&-epUje;h*H&K@9Ptk~W?x+ZXp z29P%MzY(VRZ{Tu?+N&zImSc|>Bp+aV>aJxhMDJ~h4Wc)`a)uBO@zE+`Q`Pn%AUdI+ z_gdG*U3B_YdWn0JMyyGRSSaLmzNbS|C)4YWBq~=xk%WCzMevq5^BHazGG^Ydg^eht z(JqAl*yxGGIjmJ))4&2yWbe;$K@DosU^M9^8F}}%q^9GJ?h|?HG_U8>xnIdzU4(D$K~q z1Vz&3^PG;e03~LX1naOd@8aV;?}aKDK`>w5ulrTXVcBp{SXGfJ+*DZ1<_`zz>zgWv z%DPE+?K0vqDRes##jr8X3@pNC09j$1Chxce*z|q8<1~2HJn>(0gvi8q?wRU$J&@_e z_MYCNAuH32(YS@cDQg|r$!!@LQz}VvRKO)dm|X4@d=+Z=>&EEeRCf$kTmQUi!3!Sa z!YICPS)7~c&mdWDlnE(M-m$)bG_`|t&W+dU*dbU5G);57riEQJjYCVHG99n zv!FHp%3B?R;Bi!(0?e_cyqEs()C5=*7Q&fxg;(Rc_y_4#AWWS4EFWLazIezofv{oJ zH*Ft1w*NMXR#oLcl=1&+7#pkg=D@goXLy`+SBld|{oOD*W`3X4#`0GBuo}fvvqr-{ z81WN&J1T3Hg7g*)es|KIUQqYJ#|M5p*^i{SxF+R;7&2k*!I;o^iZAC(hgJe8+#g6W zO5A{W_gNeXuBi6o2iGPCW^e|kxVm6YlFSu1_&b|VQ&?O)74%y5 z=35bAgvR%nyK`IxvLUvk=8(cx8UmQHGq6ut_{l;a1%1U@3r$m=wSnsyD^9aC&h_y2 zN78S<0r%EdZ+DPPT42A+OjHJG8&_5>%1}nT^9Y7m%MH^qbJ{C{)|_yX@jT_hVM~M4 z>msF9wQrey^lS-#9>@z>p6=ysf$&wI&=lo~HE4qmKAF6zwitdNIsJ)QC}<#o7Ds~o z231vinxvEK<9G>_cTH(rT))y00Pf@a#-na7A@8s(00uPBGnaa*T8ZnCN84Nk(g-;> zdd=1ofOZ$oh3Gx#uZn)95H9h_01|7T)ZR6Ez_uXnV@!*7KbF1G9Y@*i{4^UTtCBQ9 zGGalm1^Rs}UVA>e?oeT02gTlu`b>le@0S(;*!rt1kX=$n+Sk@UJ1*pHt2GWnQXg%a zpO_aJ+7Y;IkN_3yRcySZZ=IwxQryCkP$Z%HIwrijP||F`Ui;{_OjkAA6^5Qh&0^_( zp#a1|`S~lV%*=a)wWqMIlk$c@JK6=}6eAh4dl>~Qw|h`p42;R`GRz~ioGwxT0zhO} zp {Ih>nVAA7qV(dX*ZvFELIR6pL^36i(?o=)YGpFE60#&6plktRUvp0NTkWN8x z($IT8dTF8qASv0-MaHXlJJ>f3f&d5(z5V>BijQ~K4`M7;QKS()Y)dFvjYOcuneGTW zA@A_^(zA^@|AK!69w-XmUBtY}NVQ<;hD0^!ALe4oCho5s;CQ1(a8FcV(hEZAIWes| z-SicnfpMj@;1n8)C+2t`{85K=0{Rs$bZc<@XWaDW-WxRFI*rX36x`Q6Nx^_fBdI86 z{+M@RVN-*Fc$DpxI2zKtsQAa_sQ8(%d#suyBC6d=&xeNY!x6MfM17uI@iOvHt5 z?p2bRSPqUt>ab=~9`mloD}k_)Z!B?{9j^zYFSk-(7nfuQx_6oQcnNT=GNEn0#E0l` zjo!&2#a8y_h3TLkR?y-G=!F0hJ!l6DMGAfJ{dvZRoTAfgLnFI8AGk=9o>qOk=Rg!A zj)3F{)U4zdBtK1K!F@qxM^Pr5Y_`80M%pd(z}@rY0vGm5*rGC~T*GNx@ck`3txeHguTwUhy%3ELd zT;f=^sSB*je;d;E>4HAr6qWOif1Q;pDJkErdHLTxs-7Ic&(vp_q)W9Q%R&g)d83IU zhGaGFU{rpKd4C#QU|!dwZh%zj4F9$`hMC+W+iJ^Lt4Ve43N+ktz5jfHv+|IwU-RKp z%8`cfqk^g8SrewM8yl!Z%U~)mIm*FS0*_)37C@^sY=heX%?(8KbRExBJy-_i5vm-& zm_F^gBk7;>1+_?8+HAk~H&F6-PX^!(X!5D1nKpcd!3~P2!nhKY6zOLCXL7DmyCZV# z7~V>R9(Tm@{~l+~js=%plWNMy+b%in0F>|ZC_IF0Bd?=b6u6=WA!7*~h+qK19<*XA zG+^;1TQ4l}089}H8BzQueT3jkyad>Zqp>uQ?YwG#t$ykZD1j-P5}iAP&em*1;GwcO z)NV4R}KgfBfk^)bL5pR7q}`6jI>$3 z6Fp>midCkvAC;|4SSU=M7Xsu zOFqS^a-X3cy~{4A(|YOqbP&X2skp6pF3e4sUHT~`OZ=YJ?04Zimq|jjooF7Yo}3Y> zBm#9GHRGry>&Yv-T!CM^Vs7p%cgy5xv3%>FzJ}9H8=ee|0XQf_nhm zxRs66)ceRUG|b9oNjAGOOkit5!-;Hj-3s6bi$y4Mf&eH1U0Vm_zdNicF5ic%N0t?t}leFMV!~3tByd`Sgm*j z<|d4XpNOY@{UG&^&=9~zV$FzOO$1>A$(DVJjp@ON+bC@MU#!6+$wnR1z~L=ftqccP zfHL+k%h!aK|;V{3M7Zjfaz= zZ{#rd^(13&wr@VIq|eUZ9z-$Z1s3bBUO%P)c*_9v{!tVY_A&e8a2y2dmJwx8vv{Y< z&bT4c7c%8K!@C>RDKX_h0L`DZq69NZH#HC*1MyuuXk>VAl&qd3{eAd~){g}mvYnS% zQA8$$9>JPvET9N$j!JnfDx?{*Ti9Dl0Ovx8$K%2ZK}DSfn{;pooy?ZZ-_7h@h)mWm zpdd{JzT81e)sCHrI0WhVaJ-5KJBu^yXs3wKnSu8{TprDE$+-<88D3^Y3nj*ZQCXSd01BpJMCCWy?}6!P=s}e z9LX^Z_{2YPJ!HBu1rXP1_IL|?-{%*hwhfE0a9j+tP@m?r1j(UfnpgeIFyO^qk!9#@ zUYox+{FyPAedNMK+LFhewP2v@L&F=X5kobaO&Xw2F73%j;n@2s_$45k%WkNHxAblxX0QN%NRqz!5_kC$w)ma-kN(R6s9}uE_#!np%mJA5HT3cJ`e%m( zMa+vhWIVQ_^(z#3!#5V2oALNMsXRCL36Lx=@Ywu#4hVY=NQ+!)6uVn}?{?N$h@Hik ztyvHc!D4oGiIuH>y7%F9eear@8P=?%zsw-14&@tL$$k0QI*X$K0!)8*ydY-Tz)`ao z$lOLEwQY0w_MHhe<|ZY9Qo`&0`37gh@_zaMIDTD=Q~&T&PHqHVK*agOJZi`Hr|~T} zD<4@r6PUmy^y3-8tM!-0@QX9eBOj1?SA}Z*i;;h?0EO16>_GTg#QT5NN3;GJ>4T*p z#Z~R0oEKdeYDl({!2B)gEvmML&`xD@bq{Ar`^X7|o6Il)>KGz(h@ z;!$!oSGih%)&h^*;-6)fZjAWx7|}OmPY3T|Fko`xVtgdQX(F8fT0MqxB^JBs0<`pNDhr}`KY-A(hov|cRM$eYN547-1LrAvUg&J46B2G{ieB>E>&pJ5 z4oO}y&WKN$3F#_UBJj?%v~NH!%i{}q-e5Y~+8z93iK$rdOmnoy-bN!l&D*&E{7%Q# zQVJlo(fs#bMDPG|xhYY<%fY3H#T?dsa=)z6jx)qUmR#jACUi6r8U}Q`i~B!jyInba zS%!9dKlUzeM(Z{ngnH>c+1B4#P`t>R=d%TuadMXNW~+EKbmC2~tJ*RE&w;a*Sh?z9 zzAb{x8hEO*x+)Fxidvi$3`0ay{N-|qDvk2Xmx)|l?wt>7&>a3WIFw5j7Ikvf8y9#w zJ=@N61B)Qir*;t3q&)HJ!wU5(qvqf;l`Q8{&X%>IQE7oDnQeLwFxkAWVM?CEUS z@Vu9>fpX-rJ+~>GTRsMfzZN>Z`&-LY$9lZ=Vn1MO;U9OwM5Uh1hl$;~DO~O_4FE2+ zWb-n!%|4{8B2jVY&yCLLdu3DcqjTy2Giey0XqDEp;1rrj%!cL0zD145bsmF9Vb^ZZ zg?1$aY~H{~piMT{$VEJ#VCPLF@@i4m3%YHO$HApoJi4p zmF1}}(zY-x)EIea?v@C#`_8{x3+^I3o{u+xAlASSO#!!&_(WdHc2nT^7|Xc^MbJ~) z%ZELF;D~l5fk1Aq5C{Z+xBrCh2653!Y9ilCm?(RtM0`^s(ma_sEd%P27Ky-qP0GV| zm*54BXA|}vCs2ZUb>I@Z8$V=MD8-+Ge%c*1Her*nMqozVnm>WS;A`y$Q@4x8y`x&R z^s!R6!}v2@7_Xnv^5&(q!${t+cq6i=Vd_lEG&gsp5~bcQ2D9_fe6fh{a!fa&-9t|6 zvvlE$2$Vtq4$!n(o3tJ^#wG=__@+=Tor<^BJAyxZ@ z6eIU+0&U?hR9}-ir0I7&PBO0cT)2MWBJs+xYf6WS2~auQ0-h}N&zddWWxEGp zvw!z~>A*tMcL|w{zO33^O@^?&o1Xv*VNn5vQl|af{H9E0 zQ6oNmfeT5_Q>-F6Tom^%wb0Lv1nG;I7#E97|oI@=yxv zeEh}5eOFZ-$gPLoYZPoj1Yj)}Z5={~j$zjIHuRI;T@45Cc|4$Ia4^UpbB6@V8treQ z`=P<`;n`8nhOy1%<(KT%sPXx;JmzG8c5hN_qgQrjs>=ZT*&#u^#Jt|_qnzusk1M5; z?$hIT5(aUhU$Gyv)8&HOQJoxQ@m%zscF64oS}6OcU7)jsI6(W!hV13tx`*_migj?b zK~vgoZZrq^!z7`R$0fxWd@tdeQKJD9i*~FpTry&tErw;zBUevjHhjd@)f8TlR{s4_ zBaIsLniY+vXiw3a5*pR4%K{|ECjTbZ%$hct$wm}^N183ApAJuX?4AJc-ox>3I4gF! zj~P6#IQ4XX?p(S8Gyqu`Y|JW{>V|p8wrfm2pItW*5tXF4FnE~Qk8l?>X@^GHEeXxN z60R`}K*PVVzjqaY8U)k2y6nnk09uD!jh*7xlny_~jn&NXCB&E_|KP2+RPp6x(ZXRfXgH9>kyu{ZG|gg{U1AM2zOoaT8F+ z)Q)&PKBy0p`#iK5Am|Is$kuSNiW!0D_X$Qvfs5O%BUK%xs7)t9aHH6G5)PZV$izLV zsw0<;;i3}vK4lFCx~gnIDA%t4q8euZt$rukhT*&7d#5UFDS^%k5JLk<%^06{EW#+C zTrXP_M(A-oVb+S^ui!S9o{_&!ks+}5MZ(?datA^YL?motHeee+updjDEC;EP@$KRG z*tMnbsFNu1jouNAEx&v6yH%CqwE?x!BhS)5!Ngc5 z3YexiLxTpE=JNPJ0(S$bmg;?!BB;G{Oa#!1L~(5@^){{-rGO8hX($q@8}gp@sjno9 zxiY!2`+@SGSHEQ)$48d{;dHQ1M`0In`D>x)oa^o@O&TW-9xOE*l`;iWUhmT9LzRvl zBgVHht=|F{s#ec7ix<+qc8V9;+~}S^DuF?%uaUa86OHPC$A#$%u$HqP5d>jf!C2!` z*B;yZSqND-7>KiwzgpZ~42Y!_qHzcphA&yV#NsKSkB2#EZEx<}drxsxA6qXE8Y_B#~&l;jJ zuZl&kY`T_Anmy1|nI@P^fOMLanwQ1wreF)3XIcA^_>qg#`hTG%YsO&ILB-P;w)=5)Nb&VVq zP`akBzV`v*9xoQ#FkT%sY@gNOD+%opR=G!v|xUTp| zx%Sviy&Z}2g*rq2E(7Rpp`ERSfL*X1F0Pc2cx9VE`^A9VH5|({yes08ybgsEHIZ6& z?;kn8?8d^A3k+nb0=K?+*AVEsU&li!P=ogVuLX?<4Xoz>!U;USBJ7&{G5Mk`JK@+c zdOmwbVZQk%?1z2^1mwNb7$CLy^9gkq?iN^sCgBS6f;)GUMrVh+??Cc0bv?Li@n&xy zq_vz33^@lqS^M*4{zU&@W2gN!%wdVsQ~&FCs1K~c2zSo#ppbfP2_Vt+n!{C;`m?6n zz>vj8yUy;0b6Xj|(O(rNjr}rtt7($K{L%MjgG^z|D<2hH(NNhw5`Y}`L;?9Rm4rqd zPHF4E>q5+*^1c!ih`#>@s84c9el?j4g3DoQr;mbj2B-9=8pZ!yskpkM{`s&W|8&g_ z;8$D(AY4OA(w$&H+a_4!b*N;^`>$vGUo)ex2oBfa=&L(y2>Pf0G-ibUN`YKch3CAy zXCz7M52)Y7b8rZyaAD>_VPrZenJP?MCiK$LuD)(i-`Ybl1qGPT(8JG6U1kAUayiM60YPBwfP|hPs!W0VDjKpC=;_c2mv* zCPMM|-czixGl^P!&4|!AxGob3dvU|Mm#NjGmn|fq0w5;_{3*X;|1QO| zXl@)-J{wf0VZs{RzO(s4Rkm~1Z=g@KHnUVn)lB3B@A!AU;N6epUWZsOVZ?{tz0xSB zJ29KMyrvLpu`g&>m}S%610%)PmE7|Utw5$POq~jK|agz>zwSl zf4ICe4T6{K>LxWl`Z|o1_U_Qv3}a0=Qy>ZIS$f00l{iW7@!=W9K?p7nI~nff3DQ-}b8lUyBFSQZX4M${ zsBnQ2Kvx#@(8&+{x<*B6{A>mQ1zI9rPYNVEwC&o0@<^d+trRmv1IqG$NKJTFXYw{w zE6_vFO~?DG&VM|->wHB`x!-nvzJnXW_M_3t%+$tb&->dGhYftR3pFf`wJIf8f^;C; zcZ)PZ$tlCWwm$q_yw9gpn|IE6ShFI#+cx>lB0mn#xF7^(=eIN*JeBud@CBwjZ{Kw7 zfQw$5bPjs%H|r2+y6<&D^+FBPJ2S@mpr*J@T9O}#X?~XRwF1&Yx~S`+<)iXc}9D(kVS8u+V?SdYZ-HG(m%ib|C$2f9}DiE36_=n|Gk^~ zU-lWz-sO+2I;H=YTk)@ZX2AqU>jWdw$)xCyv3!p=|1TW_TVlLyeEsHan#FWSCh^N`Yyg#ioy$_!0 zu~*h;5%GJ}NWfHKx)G;Ds#U^XHyr=(hs$F6LJV!$QyrLNI~FrO`u`*?@c zn6f_3yS>|X%KzAl7@&UVY2LexwYzD|ze}9`O_?37e^#8fXnlc$9U!sP43D{oWB1RP z<8~&yHc12++CE|$qvNwo+MwK@K6S8BZZA7H_1=%-0N*uTDmBG&+sm5W8D$Y4zv|%H@OzQebGo zzFI$?`Mv4ijKz~hthp%dTi7;^TJ`$y{eq4Lrp9`^UtFu^AV7f(G3H<3h1T28AUBru zj#JIjt@^Va3DizuuD$h8rwLk^)j;4h(zu&l`I7F`?rIq@7+H{CGGzoZV0-R z691M5TbFPO?y88clLsRqz`c*^J8xV6R(6eK1)f4>70_@x7QZi2KMO`HyLuCpz=+(Y z#iZ(ul(x)C2R44YGen#arkr~c_=(dND~vz5vP*j}AQazD?DXnNz|LtH?xkYP zE%FkB5UqC^_w*@Thc-YEy;ZuogAd|mAcWA&V!mGi2%J0e=8R_A2vES(<|i!t^2^sd zlmb+ACR9^5E*R{}^0$&bICEltH>F6WK>rw&mMoJP1wvH6I}w=chZ>w02qhMH)(^Aj zL@kjwmmOaSY{sd?z%IqgOQJ(|3KU=B0_(RbN(WczwTDbl>r4xXXk^gk2YC0K0$ZCo z7&C5Oi8)524 z38Ub-&P|`w=kLJ{EEiVfQ_NKn?{34ZM&Czhq}bcCZ@1{}Mhrw&a-L(`;J*z0__8Jo(zhlQYT7_o|(-qe&I42`~ULpD%8QTWOw85}opk#9ISKPYXBBTyg3 zX(YB@j|0&pgnXeFF~E3g*v|vNS-cWymQArAi(fM?k1r5GB5pyrREIv^Eu!T8tAxPxS+Ip2zoH)W_{BzFdUY+i?jg8BaW~Ys0>5OklYToGN+Jhm z0A->aV@*!=9{byzW0B2^+h?;D)OwNIjlTvYdkcj04H_nNqh0v~4ozX>Unf&1 zOu|i9czysoQUG&;)CYjR@{R#a`wWL5$qA8<@Q)r!QIJL zWSCgd3mfI=#mwFjxGH-mX5k=EL1Q`rU?U=Y<6CIjh5B1^I)>Q!ZgX7Bh-q31nFarK zPb;1E7Mv87!Rmk%70SBI5;E)YVj+tiONJEvE>Jlw5%vr#?UQn>;*jR%eojb=muQW7 zb7jh7qp7==YZHsee4>UcaB6vks8&eI67+3AyFKreTS%2ha9wrrEDr)$1ot{cKMX&k zjE$ZW(JEhZXU)EU!9$)HgCi~votST>U!9T&#}I3;Rw_oEC-aUGVj?5}CvyehC@i#X z2j;2L93W+vky9A`fy1T4{~4x$Q1{>}Xed~ea4d_Y7q~GPrEbrEt)=U@D;ma+d&_57 z*oDy0FAed&+1T^-L*Dr?WsKTd9lfFMXRG(F!#EVcMp}7AhlJy1&h?b}XLA66cA_E` zUE%|bBOSiS}v^-fwI?B*PbAlhXCHi3&X)=c4mNERMJJV6pa-Z zrUZ!u_~$$vRr>?&*bv9dZaT~8_!nN(UdhN=aPo^?b8T}c{#PQg+v|v`)_P(iuv`x8 z!kh)lMwMp_TgN|^l>3VTk6hmaEIXs?JIA|pNElfUG)p3K4Z+;1x_z17jzOYG#e~0>NB6*foM>17Lhm?y_{J#Y7S!RHN`B zX8D`3o+i*$i6hXmLA*P5q#&+TxZMf`hoZGmPT#xR8A7-8nt2ikkQ##|Y+{(_+wdqdVJn^&)1t#{ z8O+BEJbX3WAGSW2kAcb*4OXZusmb~JL1BL5tXDvUe_|s0s$^(-FFaA zF+&+`_hM4U9MEEs%xysyG{AWmc)rtaUeiO52Z3fJPw@K8?6b4Sf-MrbLD{Me7!nS z52AHn?{sjrU}wBk%0A&OfeM0VmyDco*1VBQX?ZR@>4?S#{tbE z=sx;qyj#|J7n%y8?*oE_>#=tN=K@bOIW#@k*j?&gutjq(Ybg@PWn?ll0ONiFfK1vj zj6Wk!h5~SxPsI8UYMQ&8FaE2C{Qvn3g(8e@HsWw|RD-H`{?D^Wnq}Y0EcdTVt5=nz zpeE0IHhC+Kk2KD^w-?G=zGMK>I|2}PV(6A{K%4^-AE>;10S?#xc@;+f4e`ZCQa<*u z_ns4-4P$dj$dANJTm$uJf4bN4YC*xNU2b>C(@`Ah&m6WISe~)o3BgW6Z*x?@^xP+V zbxor>0YF#AncnEhCmHZ(H*%DxeKB~8;*!8Q3}kAK#!z(=+xFWw=ZtK7l-&hZWx_nv zbYsOArls@%z*Bin>dE?}L$EFoKuW|f09?<2@S6}1Geq0`k9rT_eJRnqogb7V!Ukx^ zNYLmB!pDGA>HHERZO2IvGOc)bZW_pmBGC0gK=(?39kc)k##h8 zyo_|K$7;Q${FKKE$GBEq&e^j(^N-d8Ct%oYY+ zxS$KJ^^4@5QHHd5T4#Vzpr&_s_H^ScGYsGydZx`|sJ3sY*07{{7;s215HSFYGL}!a z)`SNGilQ@+a1Q!rm(fNuqo_A3Mz&oO`0SB(lczVjjy3*r@beb3Fpft|neBmVt@(I! zG*>aDCKH_{DUIP_Hvm!3fa?5;4viAD|JL~>B)8n<;>U2$w>Ne9Z8(osB4}KqaP7DR z{j-16KA`}aD^G-lvuJY@ty=id(}r`w<8}Iv&Xd)bzj$7@N-C}=ZBZYcZZ-x>tLlSS z^a#JR17T5Ax}G33y?Z+k03G@TZQZB-<+N$3B{{;Ebl{Nytg5B#S3?hS*NwCDThE*R zmz@3aBzJgA{~CeEmE6jw_v-W8f(2e(mV!sr8lPw&XG;1YUK64lY&+z`N?P+E=~*Kn zWpUFxIDXPDlaX|!QM0PK7GFtjLN$HsDLDH{GY|pPX{j-XsJ3VYsNHH`JagA&0uN30 zE3A%HFY&NlaQ;Fs2Gn*m z0)&o&g1rF=VnIbgMO0b}O{H4lwgzn676^){loX1nSb~k9QWcC4CGqR;8lXL9K-*W?{jRti~-214hA zW$m|-#-#22b>~a#2RcheZ#;ln(;t!jYUbO&K z&UciKKZ3SAb+n+-eQ^6vJUpvmWK?)9$`p6*M2wDn zw4e?WG}J>lRcYEuvyWa*GXOvX8j@9bG~nWD*Y_UdHM_F*3c-@_=lc}ry5?+ska!CjWs-3r|EBNnoau_-xHAuyK zST?7)=)KQuP$(dsNbR@hCP0v0LmALAtY zetG{?TQPP(LCtuP%2ISrvbYET$A_H%3ec>#ojOL>j_p0^?)2{bNbdgPTSvx#?{UId z>I3=yB67{Q#=E5F?+{M!lyw%BO-I2i-js1TCO(?iPS3w(e6Uz;El+>fb$I`!!a!A= zhm*}n{_nO_MGpF%51LSd2d3j!lQP8T5u9LK+x}AB2 zf7gxF+Ax)jcW|ft{Em!_6bPD17HxU`3GaX{QYmV?X>@R^U%KGXSHa5@zX}Fde}1 z8}I+FKaN@Km3^OCRrCF--6{UW`$!`TQkWo(EM{^UOjz4`oqt0`+1;_f`PdY=SZm+bZ5 zlrx&OvB@uMqX|>ZuTAs5^Iu)i2&DSP?hWsAbC~_zHG$UC@{5+c2G)m{-aiPD1Ap#U zg{gm5_~KX7ii(6$k#A9`zF$q?^GBT^21p(G1rA~W10$;923L}gYM?=fY-rn|iqu^Q zm4yJB-Okg`*F1(g;i+>(N0T%Lr@bo(#d+}|L4olrAl7bjY**dTR08K+_Ir2`V&k8^ zFyGjGzf+Tc35@AHxpDGue*6O+(DTY1kDo02v%{R+)KnpYeELNY0|S$c3`hd^TKr_X zMKi+k$E!xLp!I*%;q>Q=?iQ@Odft713Pwg|Q4vHJ!++4l`zKxCslEu=-@W_S%m1}j zBLi!zFRPc&)H#FqpSbjR&YKaTJ^umo9g-d<4Y+67rLIt-kH`n6a`}@#eMFKs>x@G;0PTu2G zd~KG~Thio}w}yM-o!xSBESUV)OCe54-BUWFOe{->gy|<%xT4ZFL z42asNkY5Nz0WcPzj}2OsS@JdHpicJ*Z=KZ{jjADTq)4j;RV_0WEKtgL6EGtj6HX#X zyPH6aliG(Wfv5T$7^#3*OD(M~)jPr=AClokK1P4(;@m&^EA$V2_z%`Z>6-=G{KYl1 z(vDi@FNN5;r|VjJ{@s7DtSZC%ElTP7FG4=I@Y_ER;&z>#C02cZ$^PR%t1IALGNH+;r=E#4iz@cl<=MYMu96IC%Wzj-O5bDbc_2_oi)&Bb26L zL)4T$Sd9Ly%VW1|J-6^Q?FX2umxKPDQQ_CqfAM6t8cun;mN}$lm5P7rqxuqv=Vop6 ze)iU}ACva_+2_CHn)cYw&5pUVj|r&?)#5;m>DHNHb%tI$FlNXLq`L%2fx4diHB3ET zcjnQib$KC5o3EInzsLVgS;vschc5$;^T$9g_)P2HwI?if6C>sChRi5N{V}k~^Ivr( zRKy$lFSJz$3chXI2T9dW)%FLyk>Cma$*qUY{=on<%5JXOt+~I*>kP4Xb^=Y982C4B z|Fl7LlhY6U>gzu&16U5~`Y#M;3=;^Q#(xawR7fV~{ewN_ZX}`4@ZSOsN!Px9CB}yh z8!@JTAq(6}qJH1K?^D(6XO`T>H z;1sZ`iSc*$%yfJM04f21hOZYm_X%X;b^#h*KoSeGb7cSwO~MxBL-@OD*|Mr2=DKCvvxnG9-+31P&uSff6tob)@!TsIFndYu@wt1x z&v$^Wh90;J&HDAB6cCecIjH?^Iw=tHPwD`0nsVE`{%q5ES`dBwEAGum?a$$3Mt4)7 zZp6~yP}D$)0GQ4ONI)WgFVtz>(Z}J4p!kDl+*#HdO z2G!>Ps{HI(pXe&dS!k|f4eex=^0Z)0oyJ0ph1@eR5L^b4FDjd0h31nh)`WxwhsXSfGImb z-)c%A3IO0R=np{90Kn;%={cAO|6ul(ipP$dBK7Y$X0I!JY!eizd)@K)8~w(e|8hfO zF&No(KDD=n7t))<95g6#@h-XTT5sE zym)SYRM8HD_Cq^Z@zyv}XOEO_Y@yTkGDRLs(p<-+0Y|-*yI@(_?-5++u&gfd&6#sY z;I~cvN9$bk*atlYz&2aZGM}lVxn;LK_;Joj6N$l>XF$k}m8ZH?f~vm_%Eejj5j~fy z5SfK$h~geXLf-l%s$MSTpAQw%fpA!IFwELh>)GD$sR$$gw<(xp9&+=mow%Nfqoza# z2_R_$);^GEtpR4M)m)&L2jCe&`8(HaE#Jn!qT}40s1LRGAO8jlr~2F<<&{SMA6+o) zVBR}A;~wUstHY-x|M^F9VEcV}L6$IueP=A@R`TZl&UI4{UbIX@7f53RH{+RN#){mT z(s$7H&PTVC_obx0@;qFdIXLp{q6Ozw*mX{$5EEWCQLj6?>Ejs5BV5Aqy*pW9NKCJK zId|&5zXH8pNc8Q#b8wWC;dUu=o!*6N$&Pna(mmx3HK|_=!6j2{uBraV`GSh3mpa=A zIkjz-W6HC?e*gBkQlJ>sj~&f-@m_LxzU{YJ1vLcFO$iMsE2VOgw|~@WZT>8|3J6d( zjLlICn`jsS_CfcON~lJW>=D;6RE4ednxrhT1(eGTxjL}z+J$ereR3rT-7jZ?ewcGM zVFqSj_}uY5NZO)5!H8e-c9{8<^JI~E&^e!&DVT@`kWf~xVD46yGxcJ+`x$5@4gsND z1cJVN!(FkD&z_JxXzX%ov3OLaqJ+cqkMX9=T{*HrnWk_d zt#9TN&y%RT+aSn+&B^+TH{{heb;=&{!Ks?(nFHa6jxLp6|M5)H^@c1K-l z5CN6RU8~0*J*Ay-ve{{*DnodFT;6WVg{g~YC9c?ZKU3*Km1l^-b??2Y9_2b}AkOz|Xnk znDc5`W8SjWg~k=98-zNR3eKF93kMr{h#$-;H^#ua+RMj2bKSUhd3B44tSLb9B9CMT zMkAhaImnbeCLh%+?krXasp(bN^732qta{^2k_b-bbQL!_0M^yW&RLWb(HIf@?mcnd z4w8oeRhM#`+L)MtZ_lKV)us>}zKnREwEkUzLVc1J#JRG`UXiK-A5ADHETVp{hEb}( z;S9X42uV_4dT)?)z^dcv3e3vno1+$F9+|WmF0zxOrSR5{iyW0WP^1gg;tF_sr-11s zUu`?kqg(mdx41Q+%#MU7MHY9^iQ_VjLrk?yhs3gS1u|LX1&|CoF8>}sBnB3aj zs@xXh29qtQ0@{5Aiky}Z<;lqD$QHW_Ja3*eB_Y3;i zwrg@C)mOYaa{3f}T6~8=GU1Mmlk49X>TwqX<50kqDpnMkOQANR`J*tt64#@d=?qG| zDI2&zjIXDB_gv&DnPXig$e(Qw?TxLqXRl=4u`H(HTzTWL2)WqAoOJs(zB|jtgq~a` zU&N)d)({^HP%Io}opCB3gwAkHV9g3j&-`ZB&(U46Ao}o&s6nK`|jC#z7JK zN?4NPa@~vA0V%PArcjQ<@NsEUlt3#uZ3-l_b%ZLZ<7CPcG9n%mbBmEcd=8jE=ovFw zM1^bXq%c0;1}M8LPZ+g355^1`ns7M`JG;x4AXT?`_Z5kEYp_Ud$Sp7I;G?nshmW{5 z^3!Vt4_ncvu}YsnO71OlkB>^Fs>$F1(3< z+@Y?OH)m}rpk@#ZE!QW1Y}&M04A9%@*2Q15ayH1oM$Non!_Tr2xkd=(twxBg;lT7} z{o5wH^oyAz5d0U}>#)v_zMg%LZBXZ-^5`wBBjv|=eUGh6oTp|A&pK{cB50)idUnH- zpZEXu&e$JtW**i31t;sjg8jEzenN4ED*IVS^8Oht2L8f>{pe2wZT~{bMyWIOXAJ}A z2mS@Il_7s%{R=$%(VuAk1?{h&UB$OZA}Ks!N*Ots zfEsCKl6#q9`{R)#af^C|RMi7VMS7e_S*04FKnu3nQ#H3Z(!DRFKr8}wJi(#W4jq#um-?<~{BiOT;75Ztx#hjGZ zA2e%|s@m8HetdGY6E$gUl>AhnWOIs%t9Pl$2?-!hOBd9KbKj-ay_T1#pJz7?Ii)m* zO@Z1+N27?{;SI-m1ESfuFMR4r8t15B4Ole4bUBTqNm&On?SLeIcIJ>?mG~?29KNi` zXl;8m+zRm)cYvXXdM>f}&|l4TUy&g1Y@PdqJ_boYr4lyyCU{yfTcOIYl6Q90$rc3G zA{dH#H?Z}4N&>5pEZI#mjv~r5Lpbu%g(d{-$?%xA5!SZzpeuEi$(Po#w--*Il$pL~2#_GvzGH<>TL_l4 z8CJx{6g0%4ShKJ8R6-`o>G5#ULqb>8?b_4{9+nvvy6^%3_u;f1{s1eAuLcG7q#yW! z&sB(eL6Ej0`zgLM-2ofHBr>LJab!+U%rkvixWtY%y;dyQ&5Y8L!sS|{Yw+D=l!6EW zR`LPXvU3j$OIajpQ>0bHuE=qGJJ6j&5n<~po#3q9twqrYI@~>Bx~w5CnL!CpkcJJJ zT;A4W`+Wzjx5pVjud^EV<;zQl5Zsqh5MgwQo+!dK?2NAd@v`~LD5haQ-Fi?wp2x(u zswpOfN{Oa*`&&)x3N(^$I4(w{M^%Ceto~xPNdYmd6J9Z+T5HAg{(u5 z>h#oXsY{~ReryQ(x?lgEb5A~uV2Z!!GB!1!-g+)@xLa40MY^!yi_+tldzRBzs#*oD zKGfEsOi+5uh27b{w|K-~;qb=k&5pX0Xj6mJaS4D|Gi#aIx%;%hj5)vn?m#~GTY+N(}78!9z!E1YGi}ASgOX=2rv86`Be?G z^-L$%-ZvYWHnK*e>_$e)DelRW6FMf`9*fRnyc#4}bv#b)|8OKK&JC zNQpDouxo!*i2gfQ4{CihyudMC*KT)ky()}R$c9O4wIP$CSvy~v(MX;F#B~@|DLwfE59S~(yKS+@7g&L0H|Ra2xZCuE8XuT zlGQaT{2DI}U1bP9jSqhKIvah;(DXou-cWYf>mw8A%icas>c~*87B2c)Sc`2XdM1lgKbbB_p zruEC$G7+0hMH*n3n8kSYjRd!Y3PvXdS|?wYREc_8e-`;ZQ*ny?LJ%Yi!}2FyJo5Nj zwoR^A=FL1P;_ys5bw^@KmB%2-+%MTen-f*_eR}N7fhZf`SpU|^qzWQB`VckmY!a_* z>XyV(>4eYSJ#AEq5yf&pGw|vrV+C!@vM`sw{jxM+gH|qVY{R{)MwofgmiyNnoa~n8 z-&QAc6)O5^TjYxd1q&BVc$l{wZeF6sA>hkIqdJ>|!a2PPKdK*;b8iB%1dA3+1Ip_! zARg<$ez@1E4rY*ltTwlB?)TlHjB1H@sPfpGnZ3*Ut*umSSbz0|_`oGy>5q|wxW1gA zvvwb{*KE&e{jpsB08@+Fz9-r4Ya#4Zz_tUsD6ptk+PWL#89_?RD7;4zRMTVe8gwR4 z!_xHtgNEHmK>?9(7hC<%f4$Qc(CBv0JFLtzwTQbGTw@1RZvfCgzu^SRB@0J84wz3OYjoKe?kf;36O(IQnZW}mtW_?GKG%t@MF=KsWnptT3#AH^0 zLfDxEsR^y-bOK!biejjwkT{IOQ*Psg*!o2PUoC++lz%iudcUxA&%?!m%()1<@ClJ&!VRAs@Kt0)Pl*J0Nq9tF=^g5DBEU|VrppcTA0*@C zLdDSsqr_Wzh)ZR|A=HLM^+qWl2@IaPD;46J!^4&Lr0_iIH(?Wqav?71EKb~7R5p(6 zE~T%%%v5MHiIJ3=1p@mWLJnjTZ9uSs|UC9!u9aYDZ%oVT91#C;E-u&V_g zABgb^t&Nm$w)h>96Ca2)ybHG1vxy{}0N=+XH;%%u$TzXpdm!9t_r)Et_8jIv-A6Ny zqQ8Af|NS3gXrp3IpmAe#vO4eZoEFD?z2>nA-g?$-j3``U!&LayO^Y{f^Ys@HI}x>K zxgJTlL@WnTjBw4U&)E9vQQH2$mS#>g}15O>-;~*zfYA(?a$CS5@%J-;T&a6h>5V-9TREJ}x zkOJM@PMKCBqQhe3>Qu7g*phGVm#IC$i-K=-N>05z^=(4_|C1YvgueblpZy|j1gQz~ z>GAQ+Ok(qe7qFoNO7IDi2hMdCEe_5kLmr)6eKp!Ws}~n;bmfMq0o!yBgy6+X@7%r7 zEWq@(rI3TH>e|){?Kym+JNwNh#&6%;1D2v!p9-D+3V^b)t6B0gF{g+GYHZVdwsiZo zx|*9QLKFS9lKZWTLrShDJT%+RK>l_ZTrdes$Bo3o!UDKSTRfbexJ<}{08Q}sH?bnm z7{?}@a2109T;AoxwMlzglCHN@G;xmSxvr{NMNjMNrp`~QqXv!2d%}NfxLFIWi*+ty za-V1qIjq~-mpr^wL)ie@Q)Pm_UMm2uuE@K$8TVbu$>^5sB2rXh(mA>BbhdG}CN_w$&PB067t|iwk#G|(mQE;q#b3K&@oDgL?$#Gy`X0#rQbQrX zeVkfb%LQJ+LQRtM$`^a66^}n(=-j1|*7@%KbhvudZ#U*B?r^$PCw-qdl_muUDgf14 z0Q??6iQIM-*C(kwnnH6ur}3M9`qR%RjNO4+k9qgFbsLXdLr;(#P~eb1(qg#v^B2}GYp)i&L~D1R8ptx?}2DQWLdS!vl(g;k`S=T1KQZIaU!Js=Cw(eH6_A zweoPC9sTh4_6&fw9f(IdOnYnKbx%lJ)-ozAHwIJ zPvY5u#ZasUBH*S#Y_0mL5j7?^(Vwj2`V3j z+8e^(Qmo$6Os5Sek(oMxhU(7QCg02`g=Ue%`ulbCPl6uoZ1%u>1z-ffo2s+moihG# zAl)lum9XXbO{`yJOu!SHkGL(5tw+r^w*)oS*hwN6Z;F0ptmo2ucp{TJ${Bc6J(PS4 zR1mj~gkVZ*$C?KUT8X9PQ1+wb{ZqaF!OxPMk=>I6)2YLUB)jjGeV2_%@qOiOGQYfg zvW3FHX*z6$5D)Dy2%K=ArX^`iYG|50at2!wDFy2_^WBQ&SA&1o?#krPvyAoS8y(ZF z5853J8EZ3>!-TY*ivydc0XvcmmB5%q%t1+h$SG zrS0_+uRU2Ind2vs#99`57Zc9R|7t$i0c!yW`?WD}6?6I}>SnhSdUbEz6t)I5hlSTE zCA0jS6d!XQ_t4+v*F_xsqHnT1I_c1QLR|o;VGl(9IJf)#Z{5Ckm25R0P&1%_4MEqB zqV(e1n{(>zSDon?yUwav+%_XX&+1eXI_BXQG{uIb@8T75OslrbTfqhDcRu`t+s`+% zG{1=Gp=~NHIr#x0~w7iEa7teRM&gge|gfmKzA{Rn}>TA-ghze|NS0 zzGqC@%a5Oqotk)idSRn5TwGw6&T4f@?8=or)#YW}lv(JVaV`0dBR>n>Zac> zEW8!yvziK@sNDX1eESYY8i3>)S%6RsP7F{q0DF~Y7Y!I`onol4a0lkzvoN(4hgVkJ+QWod})7R*Cm>@F)bQ9 zm?i~8CdOS^S0?H%0#SBg$Q-;6w^qE7loHD;Tu||fjh<3j=5dm@fer1Vy~?T~N|)~7 z(RI8LvPtby_j>xqdeR(fI}g1*^r6B;o;eJxK%$Ws=*X3nM}_6}VclPsz-i78j!x~% z8Dh!N7iRvY2N5m8Qy*T$2i78|K%gy$t4;axgieTckgbq z{=#{S%ig$fm%F&-JKejS^ZQ}G^TFGlt)tOAHLH`FuLfxTiK-h)Xuln(f%^`xb}mp% zqYEoxrRf`YDNlR|S+}oe_1zwKIH&0d2QHz|k~{&DQjXF+zW{@IM4r$7mDa!Kf$seg z26E(PMLM7d=C4*><5LzaUZ?U2=To-?@pK8T@%VA{NIDJFoBi1gzxtf8og;R?);nIsc3mme8H)w1p#hF05`b*;Xj(y3%LRr%%f;F6ga;8RgFzcIeT>mNuw!LYP!pjaFiW;kf+We zmocofFP!se?5JE&cBu)PP=^u)(gZ27r_%nSM>u1J;iwWcVKCwh2J-`m+RSmJOp}kD z;Q7(+(xXx&7UN;!l_b3Y6`Dt}#JYnQWljSUyRP_p4?v^4wE$^J?L?$pPEPE~Bgv0< z4A{UyktS~>(@~ZPKjW7qfBF!b;a-Pesc|1*;kq#07 znM;5Wl}{>Bt51Xqg%(Qp=?ouEp8r=qoSFT(IYXr!xh!ynzSTzukI_a2mbKo{BU1yW z1ue|zLoD6jNAff4qtLmxPH%kkU7Wy*k9j zOt(!4EZX}PhyVo02D%CnTXTy)+bz(PkfH+g52jkC_db*|B-q35)_8ZsBzKE zKe?e{)zj1bl&osb&bQZGVqpt;N6!@pQ7B%3GF6Q+( zsnAUoh}!XuS~f?8x{TWS(77BVmU)c_!`%`02+oXg-{H=&u6UUBsFB`5-D541_9^(Z zA_cQ$%}D-L8|e!%71?VVOC-FfTGC*~!E_K1xn@;(=KXP}K?)E!X2>&n+#9RXA z7#XwZ!lBDC;F;UGTl&vL6m9jU!HV3^D}eocZ!WSY0t$(tPgtj91ExKyY@X4kP{0%C z=Q5atH+{l(I!fQ+@oj4K1XkfGA;C<2)1VaNW4i!Co@Njok;)x~@7AY^Nzmz~3}pMr*Yu+n zb2^u}Q=%8>JUT*M;&I9$Z;(W;rG*d~;aN2dsYnIA#UbqNQ{{ch;5aJuQ#Vc4k=M-Z zH4^)`1f4K?AP;xhU%;?$?sV~{;GJn61xyTlD1}z#ffMK@MasyD9?)_G0jg)3zF~<* z1Erdgl1I6V=_+GBLYTrpU# zEL6UdWt>Z6XMGW}(b1eFe@Ymbq!m`siCheii{=;NSniU`6ayq<#ik^^;SimoL54jS zGDZWxi*$|+8E3MHoj%;~VE-T7C1gYel7%I04Q8A}wK!lO^mk=4XCpgPNHq7W0qj8g zhgnoo*E#bsp|+%Kn?bC*kQ6(k>6X3n!xZcW7Zje^6kyHd}`DPKO%nx6shWu>4O z*3xS32JTB1+8ydOm>`iG5@38C^ruT1=tqwI`@N*?Zan9~#b;UMVFzVzc;eD4Es<_pOt)={@6QYx=P8@aoK}DHJ6Nzm6ymAGQ0~ z`eLwuP3c~)2XWg_3ir0&Lw4TIg2vaBO}51v541b^;Y3P!-OJvdhq*L&8d+DQtY8>} zN7f@MQN^NU@pY~T$#^#0+FUO2cWsAln?eq@!RA+$25;+G#E0T(nqHNed{ld?+?-NU z6+R6lode{%K?iIo8l=`&Vj`}vr>@A;s}m-zv1=bkV+mXG zew#Z@U$2TD2Zc448haM0G1^>u+)NZ!B>d49s|ZCk7+azpOSC0v6g0=Y=&yZH+BAD>DE`2&wLr`JO))M4nNqAmRoD+5& zw*{K6a(45K^L}I3PLLFgJ$WKHf2e&`x7TW+7i*siufYbTaogzsF5mfXAXN_W* zDt(2Z+@3duI-lkQC%Iv_@N0DAk!=$bugGmlV=d6Mm_AjSAXnf7c65G?BPDD~M9k_v zd&zNwI~3uC!pTzo+juCrE84-yW+6#{BX$6ID0O@_h4k{9Rm+o?n^YTm1AnI8dzWon)xC0 z_T^8@<>sVK@VgSTZ-jZ69%pyY!KWAQqz=a~d}zm4qS-2vbmN4DbJeikgK1GFb)*4u z4>5v|8(Ae+wZ*g9$MZf{TWy(=t=kzRb9@IE8Spu}t<3tfbpuC5C?=IL7y0CJvdY68 zcT&@k30(-EbQTcVLU_+&a4VRy9N)9BIf1we(;b$_R4?I7E+!ro-~_17<&5Dd7+vO1 z32^b9w1rO#^)wdW?Bin)Zi#&YT-Oa|;W``>%eLn(j)oVDHwv)6BG_@VeGXkW25}Zi zvSn|wpRCR7kz)BZ??ILvnztz#3o&IBrzm`PZDuJqUUiIlBi{5=JCI_-tU?aO?To_= z3#g4E9Fv&ET!So@y+z61V<5FsEU5+^!T=%SQIt9_sa6|cL(a`w&RMRla={A$F-vH~ z1n@o6v}HI2aZ|4d+cydyZdoa-wA1Pp;(31DDERl^+==BPHQFc7c29ixq!V0rn%WQt z4g+{iK^2irV=KoKN%$lUfgk|WsVP9P1O|X43ptMIaf9!WomHGXh8uLHb=wchP9JPb zI^>)Klh_GSzFybEm8YHX^rpA&5~MPfgWv?dOw zje`^&u*FegI&ST*{ZgN4!s8QF-(2pZUlyDzq#37Gq&HHA!p3>}XU$of{x^c1xAa5uqsZ ztWGP>B)tvpnWNxX?An~;ue^oY$cbhV>_8R6y%s6cS~=W_ZW)GG1V}6wmzec$Ek*A< z5~&M`+5gtRP=mM0h_m>tZfx>mtfXuwUc8yjWs{K| z+_3D{r>$K#C`5`I$LO+!AiDtCFkv?r;@7B@A)vm4t+O%`Gyt}|xST_O&>Cqjeb zVKycjHEv5r#0B7Sb>Z9~ti+}$0c3{PXAR(5*_dh+MFDm3CXlwChh3PR?m;9MFg?zd zc<}Jlneq5P(tTrtrR*5*iTCJ5&CsI6ZW9qUdvM#NOGWiKsC=lHXBEzn2RrPj>)^&= zA?M%Yak%iRioi`7c230kH^suOaYv79n~?2J%?`pbn!(X91`E-^ zkDzr>U8#H_Zb#V;)*`*Hp>Ja>n1FEs!}xNiW+Y3EPSq4(NeaXo%nA1?+|yv`8<{_8 z6qKEh#x)!g;CpNl=_Da$$XM^ygs)6vd=;k0aVRzkE?>@&`O=|~f9q3Wft7El{}vXx zVFR{Yp}A#L5r>jpI<`L{#hj@IQZ;W-3_!luBR849HBW#V+63>E*g$KyR1jQplI|#M zeB(=Lw+Yu8Rm{W=O~Ic#3NaG%ad7agH2q;B$&DW8&hg{P_Q1yN<+lrj)H}%u4|D4T z*dY@UMtY+@$+xUZk~{Fu7~1-I&#VBK-tllKMym#_$B{U}&7HlYsNPXk^!bUf1oXnY zZ~UQ6_|KD@62T~F{o8x6&0brmTM3tGiXe7=ahB_L65olC!dL;g!DCD^%fW0UWU5ba z{{^2-q_F7{Hq8kf$m%tSq2LQBWQIHM`6d1HS>xI+$wSCd%+Vne^B(FQF%`Lp2Zf{}@Y?7ALJwKux+GgF4`nnX6OE zc8#&8UkHrS-O$RQ_T7vX_bgoMr>5zAEcwA?RM!h{X0V@wB(#2lV?q(<`fH*5H%>!U(J{T-_Z`0 zl_e*j)%%1$4mRvRB;^c+ReN+5c(bCF>4%dFqHv>bOL{9H)}OYoCQkO#rt#f#N8Oe7&Q+942DfrY^|*WwZBBWs zTGagyyJa?8x#7G-_ z-XzZYHAhv&j|)__Y`(=_xg|G`?7UX5X;e!*+Fw<6zO|XpjtP7rRC>q>=A7?{P|$ql zh}|u~Awqo*39p6q0<>x1vH2t~>B;qbCBRuvmEVr9(!RG^F@CfGNIJ?~OAQX3cr^+j zP&AG7vJ}RjjxyC7Z;_SV& z&R5W|+Ujz5$awu)4_)dh8F{&z({#Jypj`9j)Xr}=zElrZv#W2(1IOCQLkk6C5>859 z!`g(wsu6MSt?jS2zxv4&ZL+ZQZs$E3TduTRk(sVa`T)0_v>L&_F$;l{G0tHFq*B(%xy2ojXH1?-Ixr7pr8f5 z18EED%tk>zsx@uy)L#&4QxD0`$sr&EX*TT>Nf$cKg_5cOriwB2P8oVVQw0#hXl{r7 zY@q)ZK`%Y@Dy#mX$P-LZlVcx0@>!cO_Ovu?Un!dtYC3XoG7+ea6uW+F4G6g0k6pJU0hfp zch2N4uzQblkfvTmfW|gGySRJ9SL=vVH7Cf!Qxb==7A^$Jmjrkj5daNW0K^bL0syTG z*M?$MAqTt@PG9{NKY48?tq2XOH;GL^?q&52#{~zMbHNW#=&KHTj09{XC?%RbpKspP z{uuJ~>V*IrN`P^3h92H$zg?;Rto7~F>(`d49t>Lp)qw?|M5I_i7Y#+)Xn>ahKqzwo z5_Tq2sGF~;<4>TyP|!}zeHh90-g^#6YpQ!kLpst{55I-ieTXhJvx~|nJhR>OZAb6Y zH1gQtj+-_&`>RTzAdLwC)8Tdjb0I>J03e+Opmk`_W<$y|U^R|@(U_%RT0AS&7i)aH z4wyR7?^C?>k?wa$OYE*cWq9=+gQ+qaOV6f+7Wyheb}({p-8`cUf%!9wN%dzI6XLHV zCU0faa|jQ9^1tLN{l6qJwQnpJuk1)Vof?U@K6o~=uq7vn03|Nvjn-~>JX7%RSxit- z_sjI~=0SA5KAdy=6@G}D*uc43C+^HNyQulWC|n+KVM|6^Or#FA7zn1{sdb5Z0(Ytw)J;aS<>@v8A22dB&a$`|^-U*qxa zMT@LLJu@ksZXt|Y+xUaFuPb#5*(0)}b&uNlqx`QvJixkjwLlVirOGbuGpSU zY-3kYeX!>E%{-<@+p1+ZIN~*TF9vP3?msa5u#;tncXu{2hy8n(Rpp7cyF8NDI_bd( zbfo+`c$IcgA(dFO3b&#ijDfEvgBebvN}iJ$Hf8?emCqNmjHTVjVb#ozm-d+ooDjJg z%kzunMo&TU>Eo!}mlwln1#IG_8yY6{;+0FY$}eK-P;6pGKD+|yxdB^mLf6-0RftsR#fXCVTaRfQPivpOF8z01utfSN-C+6DlqvZd?Z?(TSG2PM>5Gc zKW=Ezt498u7Ri&{LkSpb1;KMD-UL`BB;xogv>@Hop|}!*ZA;}U&T#L~5nf`Tx%)Wk zD)%}9Y;C!8nQ^SnI!aAA`@kumw}J6)J5DvO@aBKYmQ1bN_9Xz{3t zW~L#gXEI}hk?^EUE66~9t{@Hz&D*2$U-@CZCSw+IG8WRo9Kht8(K8{Gj?rAD3?G(Q zi@cFAP)=42F<3>rje;y?&EZ?8$?B^GYKb1=mC)kTT=?6){&{Q_S1uH4?iH_0rbP>) z;GIYVP`J*|2qJZ1%B@bB<7o{Pv#mnW22I~{=`7=TMc0)$W!hIHVSzt{A)9_Z-hN%( zVAgZAHCC`akCDs6S*wJsPtu83abGa122H|OR%`|x+~`m@?#IM=B)x^X5`xzqP0}0> z7?wod&*d=%$-~2dHMU+m+n82T(lhR!-hCW6T~iEurCnO>QEv=$rHSh% zrXk0SZ*~v-Oa@|Ks{aJfS6gWx$aI1+?UKTX&w$B8%N~{J6vKy{RJc>KZgpiy`yZ7Y zp{LkCPABCH-C{4*Ibu=+j$|EP7Izv+aSjGO?OpEV(nd1yl!vob9A?j5Og8kscO|lz zIaiN+kW^C~biZyfoTZWyn}95hp@i$){XE}pU{v6%jr6v_=HU0JxZpk^Cr_ZR*I>wQSD;sK~|ZZf(staPO%4+NP-hCm3m=|E&As z>-E+tC_ZkMZsY3J8hfT5DrPzI7e&LGKU*Vc!*uIDEGrQ{z;J)nX&B)!rw;hex)$PY zkH!ApM~hZj%HQi*h6z!oMZ>(*`Y+dO&{Lc<%kQyNqY1HLzd=X&tqYPJPceSuSwu1d z#ISSlgDkS-Q=dFm-OB(BV{Agu_O-NE>?_D&3e;a(@{jl|0>A7wdAZgZ^*Jg(ehD`L zwj=odCRpU?^MzfE$0XY9h^t4Qg$R}`R)f8IEq7UtvnJeg&75P)h{CLRru2f*(sFq3 z(~OG=2-=m%&m9cpXL^@OuqPlM&NoG91dHJW0F5#9%LngRp3OM6MAMzCPg-;7_&tE2 zY+WpD?W$d45ooT6r=fbX)~%~6EOXqX+ZWn z1eE;ru+U|o;Vmsy0{pm;eWA0<3M{|uGryh|0uCuo-kXrZ;o{W_ySu%S0<}&#>@4ue9(Z~ZvQsP2b0P;um*G5fofY%CZ)LWWBb)^ffeMOZ1apMHF`=a zi7cVkT}ZeJ=tJ&B8_@2xFuEq14n~Bf3Zm2)>(m|!B#XX8ddv2{11by*U2 zofwe3V9v{?L@!-Ia67NdJmz8eF&~IiHn5^C%C}G2OqEc7r12W+W(9Y7YqgF?;c^Q7 zDYL-mRMxmhRAGsaK2g%<3HvAo?|G5dfkI0W_QvNZL>*<^j=o)!dD~q<#=H?Oc$=r_ zZa)Pwwcr#d1h;xgWsu@?G}ilZRte(xt9$dpLc$nwV<^xWLv$I3O_87`0r3f9^*gULUhZQvI-AZOyh)D+h zy61$%hSj!0!-xlMU+ApeTK`cutP zn#x2}>^2P@B!9v08^=Z$A%~Jto-UHTY22|XxNIAoX&9}PYIc-w!eih*SJu#JvezQtR9IyB4E>2#z>IYGr1kX6BTlW?Gp; zS=pqRl~!6-Zc{^9;Fxn|X=RC8*|Za@ZDoq!*l1Y0q|qshiW1Be73E!f@Beeo^Stjl z=lwj-InU>OASBkkMiy(`_jUb#-^+-%NHe$mHkB7yaCAl28T2Z?&dr+pv*uE*j0*ikH+Rn* z)jr797{N@8({eZjjBBu*UtPwPiB;}tkPPFg^*ckym2(+&P2Jfah7xYpds)gz#92rU zkr7bjP=b{WLSn!N=rVmyuf!sk+9};q((7W|io9U&?)kk~ZNy3ZnQN%?QNuVg%RcoG zauOxh{0euo34YkNH%LhU(bY%yp!_WuX|2p}d@Ej*SpYiI)G_{miX{OFdQ;X%cyMNofb1@JR|#w%_30EJ>7Pi z0azoe(k$r%!BO?{>D!J6l=LrwedtmwzeKNU4Xd&)=hIvny1o#=dOOVaBu3`k!kZBQ zk#^7{a2r(M z%~YRxxtDuG_&U~ttLKq_`=D}xc%iN_eA#ZtWR9^nqMh_OE08ACzBy^!2~ou3lucsl z%g!;Qo`{YT0Mi9$Zr8I>y1DVR%dyy)_cBa3XCpeSL`-xxf5yBJ%smGsBA9_?%(F4o zYwi3++Wi^K633ia@x2=(!K(ePd7A?$42szJ&dh<$ftW{7 zLVDQKXbSWBdjdBvqakfb4*%I-JERw8R-b1>{CEGfVEY+tLVNolq)sDZ+pl+1lpMWe z^`etqhL=6`&-VQ9HsD{by1$yG9r|}$+6kNJTzdcZ2mZ6A zeOv!(YP$EI^%X7o*WSQw$nb78sNtPUg7?TBUdmtI!qC4K@ULC{XJeS~3jSyF-QPw$ z*m4Iu@A}L9dXBKPWB+BsYv4?uiELxN?LmClr$!~F2C)Rfqfejarf>T!_7%#c<& zX3F>J*AtOU%lqHz*=^0xsAjq&sQ-msR^HooUbxyj$Xrc)%amv}5Y(DUV}CF`xCFK+ z?e~l@Esnh`tVMG#!vG(W-3&ESvYiocn&Fl-+#m$djyuSA_aZJ@Ps&Sdh3y#3N4heR9Tm0D@Tw`jZ^ z(R8gqY_>jC3zF)4Q66<36Csr?#u&@2ka>+6it`L%c)j~FKx{4)EPg_(@3$E*_qga0 z$#){Qw7MaAx=BbEjzzJu5h1=0r_rB+kGh^#l`zoj-Q=<6xY=U^y}hBhTS!opDDn=QUaKC_$}!{rpyE#2BiW-LdMS-!y3NRn}>j z?8BkKJtfk1IAJ_gnrLVp=BAg8e~+Q?YiL)FEqPcCn5C{cG6uAlnA9Sc!>g-82tfBDz}P7P$~Ta20zqvZQxl zGj?1zaLL&5nHi4KLhPl+%TOE#nO5!M*U|`z#2J_2?|bE;kgi(D(9`mB2dmd*GCf7J z#xMNC>Ru=}2&YIl#v}W9lw29zqiG@kfHx)G3RjU~SytTs%@tYH5%3@&2tn+)JX;kzsq; zS+STlmm8vwWXcTvy!eKYkt?3zsA(a`?Dq*e6+x~to6*u zxUPd3lPsAUIn}}GqcRtQU&?7ewftAKP~K=DKf3<#4hmX)vx52c{XB%**xaZ}#gxR| z$mc9rZu5A)#@BAo#d7pZN`Y*PRXS9VmCx1MqcI5&@3F6Hns%hzQZ^aBi5?T|UXE4X z*SEmyG0*33)ncS;#9hX(O23lzTOg-$X;rf2IQELmwQGbYXvTS{Ton^g1u(brAP;Uu zT=3{{=tEJA3&US{#E0=dId#SuS zp?(8ByEf_kW#=e^dp8ppwp&Nn*Y%lHO@S8ouaaU1YkYf^Z%_vaXm3-GE*I5Eg^}bAc1vOomUCPttO(mhlSbgAvwQw7l+_yrZ z$fzijrt-D@F1vDo`t+qdW20lmm#p1TB8h9K=4*j4(Fw~-HxQLfk^Fl3Ciu`#8b*hD ztJqlw&G~`h%GAh<@TJId`-cirVgAXQE9qqemEN?uW53(?X@6cwMS!;%EWbO##A!Gg zqU}-$TtdoBaH{2X7b5}KdOa8D@oz;a^i>8Lu1@IbLiEhw{66gsBz_>wZOPhal&}&l zmaxoM#?I9$L!xn&2-w_%l~?CLovgB7?Zld@XEe z`#CtvZOeP6{;ntePbUoBF`N?P>CDSvbm9~;GHR?4S4^1L1w?h?L&I9m%lB^L znwk5mN06f24r<8fpP-wqs@(R7;N^y16VJZ9Ko&S~{L+z8-T4o3&wym&$dPx9G&Fs3 zg!1$9JFZX{(I@f~dlhEk)(w8i?%CDf!d?QMRYg{i_H^Rz?eANbN=zh({F%;#D1IDE zTjqvj=gh_3;_1LTyy$?=22@9#RA4yzs2kc_?FSQX@R@4O=q0->bqa83X-nJG7>~44 zOgub>ln-NmqvP21%4phr@!^x7LmsOsGDJIL2oF6JnW3`aMDel<_f8B<;kZxcuIOgI zv{U;HrTywID$3?G#BacHr_loi7tUv%>Uv)+N#6|uab`bz>y!txGevwI>20S-&G6J0 zy={CotGu)hEM2YnD*9f4LBsDiM(G-z4dt72|bX9bX}+q z{PA6#y%+-G;yeYmMr zCT}X;T>Nd$Sc>j;?_Qaj^wE(cMW1_xc$qPtCQH~Jk^?wauDRqn@zmxK8GG?W>p*`g z^H{^?N>u9SORHI{Cp^@;W(4{D!oS?HEB(iuYPip^Ntpz!`ne=Kkz(S6q{~Y z748}sPT_7HM4KOl!fOMpKi;fX96Eq6B|&%@<{j&Y`*eV5ARj1ky`o28MVFO4sY2Rl8Htf%Pe*u^<^=$rR`0imk|;; zeB~HhxiM<3(=T@dEaH2W!n?c#*1$I?IL$yg4>N7WRv4riWBmsrjSY;=i|`1(u_Fo$ zmcJ5~9H!QFjyK{sdwQceDJ}OkcK9&&XYIh#BDZfVp4G3q_wooz zc(O8b;2m!c&rNED7F_H@4?T~iQs$c3shcP_IpJ#vv%GFNytAYqx8F7SN7~LHd3)X)xd-=a~_;oH($GBk1lM^a37Fnkn26GT-(_Z`;|##y0O~LMT79r+lbAF83^$ezLd5aC&hEUi z#bUAYK806xS&!9#9&){oxSWH+cF0meH{cQ{)1{HXJk9s5ZtZEI-056}1Ta9(&)s}H zcDSbma55g8LNN8Hih~)C$S5ITY|33J^rFc8$<&{lr0C&pniqE=veazkc*jmUsvcr} zAc*78OB9~aqd5u3XB+-uyZsj|yZ>hMRYo_1t7z}W&8}%2CVYxy>J-8RioKDl1*MFT z4-b6+UMeUIS$sKcbR15DJZwi*Wz_KWxl9K!j&r!Rl)$qIz@JKB@TjmI#zb4u)Q_5& z0geo;LOM)v0bwGRA#Pzz53J!95%R#@lzv?&WCbH#xi-l}ydYER!Gom8iPqBuQ^tBu zM-3qzX}x$&PSoMnQ@TWsAu6j-2LVZ99kZPCkMy5`N;EjXXY7OgFAX+hT4^~jvV#ZSrVC#rJ&&q^%UaRr`5#=nUA4lT zGv2fUI?D?KCvE2;?+m&jKgP&c+aEM$iN=s_ES+&;+ssR&bF95D{5~IMhSP3#1od zK%53$#zEHu(~q<9@%8pr1`p?fJX!9!+d311eOH$I+Z_P^82qed?|ByK0!&`kMJoka zE*l`PB|svjjCKy)U+t}RAY}#dX02#0a<#Ppzu+GFXRb%9ve8zEgt2o>*N#9SPWwcE zwTR~w{<;hnO&JPtX$Vz>qw($Y?O$!7&#vvb+)G0UAOK( zym;r?uM=-UES|H;CzV%GP%Bz?qvGXZ6zOH}_JzX88;>oQ&ORe4R;<8&<1XfFoPR-| zWznJEBlg(A6}nb>>WoGH!1?a$P|v&``S|r@N^@mS(-4LMrT+-0@VweQ29fK&OuU$c zEkh=~(fmcDAFd>6%uO0r{elaitn%U=?pP<&A;>RvbE>PxwL)KEFK{MAJ1&?(ViTlT zE1^%ISM6`Y=xN^^GjKO+RKtMUhmVt_=+?{Vy!!(I4<^oW;$r7lg*z6_$S;UUC}AGW zYXim*0d>9M1!5E+?4-YlVE7w4w~eiq;4siH`9^!t*CnS51c|hMb7(iwV-=ha`l?*} z2vSNEjP%UoI#{=8#WMNEwT2|IAK5I6r#Glv8*EUwn>V<#vcST)TKaInp>Ayrx6hyeXV&+ zJ7Q(rQ?(kB19P63?Y_V-wqB@JH1Ch23sqp%PSPKr=6#v7epDBt_SRo-8J@*EIgxHn zbcjhc-E$O2kfk0OcUOOUQY-i0jGXwdd2C^g(xZrl68({{L!FX&IM3S{;o*pTKE`O( z!V-JWqK9p3hZ}L|&vkcHuD&%M`mktGweMNYmuPN{a6L~-mp^N`jFk|T&$QzDR!W~g-99>f-FXhBb6YV7B@u_}@}=xG2+1#PQ97^^)SLS75fbAt!WCFASvsP~4rsj=mbWVW`1OuW>iIdITO4hR>aI`+l z%*uYmxzJ0Uj4)ZGXz>bmT3z?u*1yhi()ln)>p96={eeqn+H6YeG8oS#Mv5~hvf}S-M@-#)QLm1m5!&Jl%Ea$ zoPESBeW2X46@f_jy(a9NVM_vgHbp%IM2tM^?Gl@zj=Vl~xZVHDXUa!;ZIkL%v!>EdG_?U8}e>93}0&S=u`g(edN5XKuDyw1hPFTJFtvG6SU~ zDkb$T!^z`PPwJz|`-J}5Y^I@%Xm(dql-<>bdZn3A2&94b&tP$VL?~#6vBtKr^!qAi zu)EPN6ICDd9uX$Lf19GR7Vv|a?lBaeOiJXG6tnh0(HG-1S__bjV~js4XnGE!HT;;C zKjdrHXbUl0$+38jCjMuSYWdgN2NFo#4r}O3RteQ8{?}Ri2$54~qVgyxBe_6450Kxa zBVLr<=K`On^b(I&m+HIksWv)R!FXykbL)`e;8Ut#j zdlRLrMjKkx?>_@rIm*y*VCP7x@z0;59=X~D<)%v^?*MDu$Gc`#KPa@vLWYy3A*$bJ z`PRaB?g3?=$%MS-(KnIpDuZwxI}UGZN9$GIAm&>VPR&4D14Xuk!+GR7FLe|)_0^KQJLXHt&W^?*aRzpd2p{i0dvzKf>g908{ z+oa`&#`0dBcv}mLLt?}8V@f69cF}M3DyPff~M+i=Y zz4A}_2f(Q~0YMt(*;pl(UKeOI>Q};UQR=wNX-@y46&X*co1G64*_w%l%GFLDU*4z- z#crTf?|R$;{%_L8G0hBWf3;~aNlJwQ5pBi%4NmY4<{(BxndFKFV@U$MqlWGG713#|sLmOCOH6idX3a+?d_rN(i z%OE&7UAV*bq{ZF0{D_Rrcqk5SVnW8A&?iQ%S(m#z^8; zITB?gBXgZxVt{y0kn*tju>B8_8m0)Y(h@r6YL!c4%`+Hw-2DDid0~b8`hmA)B4=j} z3%PZwE-Zbg|j7R!j^4HQLlHgwtI(|wZ<*Ei@BlXR^wb1xMp76y~4%EDG^9d`@j<~KLi3g#t98mV33kuR}ADvREju1OeR{txbUlYOe%BmY0tQ@v?Klvt|GLA#a<{NCE^lMrO zRK4CazoYN2^MneoGue*LE8rrp3|v=fEQwR!RV$0~UsBumGw&-45+jnqSzK)SIZ%R* zp}YsiFsNC)V{z3~;Ld>6`LFrzahhDGB~O{|ekf3JFp?2~G{&y)pW9y@!}RiTWa%A# z6GhWrYgra2glsjaivq~?9ssic7Q;&a0XUGZyzhh&2Igw_oSe0T((=M-r@)bXu}5r* zIANAvU%nX<&r7G%ycsWxyhZu^ctEwaDuc-|KzUaxlF+`i1w~>8H6Ip$uovMnAEAEe z@rcmAwevT6&u7|t-fh2?KM*9MjU$;UL1IElS6OGcK9omc?(z^a!nDp#0^Y7D!C{_ zcxZa%-V|%LEi7*lbfZ3)c6T-xtCm&Ja6XCXmb7rf^uS)y_>!^9_Yx+SR;4s!?lr1l zn-bd&I*iC6?g*`WWT|BD^sH}orh1E))K;mrR_qP}uJ#6;g=J${zpBG+ddPHPis&ul zVzfL|2FI!4?jp03*0S9KmV8Y}sjT}33%P5!OxPoex3;3bhJVQ!lBB=5F^B7=sK)}l zt)0+IfM1r)-Bk$O@4uOvXk|tOdWHi8@o;pf|Av`2ibv%I8Ze+V#raT>={6vjO}2Ro z)Ahz}zz1p2crW87*1Htq#a5kPF%&lY`o&xp#S*Ma87sJWrxBFYU=7H)Nf%o(;uddY=ivkNV`@F+lv-8*PYs`U_9-ba7un4Ivc=X%Nx=YD!? zPa`0(PuHSsg8|@%9VgsMM@?ZwRwWCd(5j1jbla&N{n+$SP?2V4mL9$+WND>kqOKplfy1kiku3WU1DC@5MH`>8<273#0b4jHW z*)Gy*n0oIs860y^;c*J&yiT#zW9Lb0xWX~Qz)I5rE9@Atj8}p!>zalwRk<8MNXG|Q z2$wHQ0i2d`3o$t`PhAxBm|4~qE7s3|10T@XyaRG5d->;StklZ=>PJ{-sq#8Yr6xc*uw?P?A@r5Vs(l{>tC4-}o5v`M zQ%;y-hV9HKf;4EW0ri!3wZquB7@jt8-a_bxwT>|&BE6LbH*S5CuO4EEI9sft_C#e- zf@>*H2R$R!=lC>{LnNrH{hPnts9flkL0B%C{vpbdht=F|5}w%@j~;%x>=*#eaZY6WN>J5D4p(KP1E9NQJdgJoqzg!R|!phA(I~&d6BVV65C)_2A zIjEnJyFu%J^ETw?qW@?urqz5W)GGhixk(Qt<@>qIp2Fmc|Fm^3y8%(LW;eS(r{;XY zh=h8dxNvW-7*4TQqjG+uFUjyWOa+zqfvLDiw2|){ca7{-mGCuXQ!Buegv^((Wb6c- zjn)l*a#~k{{^X@d8Yb=DHLx-_`>gdLM;9zOC*^fFfH=y518kQtk5`DQSVuA0#Vqn~ zeVYj1?mW@((%h-b#{nn~DBt%GYH2ew1G}k#;qIip@?qQ9il*eyak$9?Vh5R3z3M4d zZNjdKMY-uZ8KEar2_cHK8DTJOpIk!Ltna#d<}M zS3WNZ!vJKncq{EW8?cN92XUspC;3+M2-(2NS&cpqZ@`MDag*j?92t>=&v zOs7D60yaHz(G9Zul@v#6uzYnuR=BC2lM{H%)3V~vsu?JR0;drZk&?yv6_MJ}W^Pm0 z34?A19>iKeGu^U?5QZ1zEJc^U&ky%!I%bZ;fJJL)9N}&6c;U%=T(My39j3Fh-NZL< z$!S@H^JQF|rYJ+~<#=ZD>3Gw^szVw{#KKj&%zLfF+Nx!e4bFKL=w4<@sL>u18??Lu zbfV#&Y_&hqdvX=NFhf4Uch*HjRm?WK*-s2TqYk{!cnN0oJX$faNgWN_uUqn}O`KnE z7zdRLghqeHhKs{zbIRHeT@t$Mhf{L-3y}>BhCw8EOGVo8V-K!7X=1x8wI7hR`OYm0 z15HjgbYj+$CqZ+TwP^F~pcDr3`pwEbyyn+(Kr_xttvv?D1no{P63#$5 zy`n{2hHX}2Ev5AyWef@P@llOP39%40@6idGz>>d|224zx%*1n)`BtbzFQ$&J!c@*! z1$l8dVV)A4xd2~N%RB8eSr6pdbKY-U0_;4JGx_b!uU^64W@?r-s*{;lvfA&(HEZb7 z17Us`m9;HTxONEDCyHT==8~%19}kX4*Ypc-E`ogkIk2GJkDj^I$mA|;`iG)FCekV0 zjv34I6=^0Iq4hi~gdz*vzaF-~B_v6paeKj`v^+~pQXBgm*_)|SfqL`f=qONt2bWw;|$4On+g zN*Ui0(-d(ITjiBsH5nK=I_dMl4yH}Krk{euOILS@tx9k}pw|;^MY0lE?k$~%YGZm) zVBgNiM$yaohtB<}{cGd|pPu`fPEG4m7=xHHBc5h$9+|4mEWz@Q zGvcT%%s7?yKB#9xL?i+ds=(3&tC6;-O=c*jwg=HXTj}ifL-!DQRE4(qmrOr=PgJ_4 zRC_sw6M|2-?7X;<=S(Zpj^tAZo!MLHMT3{ovTmX(o>My4_e()xHVSbRM-G>mwWVdL zx$M0>Icz9ju0e2&*D4YzSUWk+5bKJqr|@l!(q^t!bp}aQepzu z-}2qw!x!u4^x=~*PN-X;JD3K}C{&5?IvGwTpuKJYkt7PdD&TA#M2cNJ^|}i)6x_q! zo39FI6lD{PxurBJgW6i^hAan=Tcit#85JGek%E%bXz~I0?l+K?@#cl{F^O~1jH8)( zMx(VEP|1?lc`xDJvJ=8GH=8thtw+5Wz752~8Jjz{&GOnu^IDlSH?TfV*BLP*zXVB^@#;K`$T2=N2J7+3ya zg9}Y9+Q_&(hJgZ+%=-hYi69BeJ_m;K>%=4YllxQwg7)k;)Hk*J>6gD!x*JX zOkh8XJrK{g{Of#>()&*^1D#h0mfrd@g9C4^L~nER#07o(bc}@Z&PByeIan3^mOPb|gEI+L}2M$8%y>m~3~!K;3_eJBH+wSPS0Y zKFv2fZj6YMk@`>-9FIu+7Dig(B_~fugJszKp=BY2&zp{eY>JO}xO1G?D{IjwmjgS$ zCzMCok7(_f{ z$Td5!>x0Px#}{vzi(fF(vMSL1bu{KKcV=3l6C%IAu3KZ1kit|7aAOM>!7=^i`SwS) zZ2OB$lag7+Gt=0}(%oCzy-tzn-ZvRbByvv9KNG^xg)h4;C{{c5ztD@~23Aue^(Cjr zy;!%oS~ykzYAQWD>2t{S%YvmRq>hIfiD=5hQ(pI$Yt~IJHmz3{B?aonU4;)5<1p?p z|2pcPH5Iijl`y#sYBG#HaPt*sZm4LW5iV1b{2nL|D}cKaZ$5mhR+n8x{0x7;RFQ-* zLSBgUX6gSBUL?N~#?ndL$AOq1+H4kP(>uVYw)0mV$rsvnr$W$+q~NZ5;t$BCR*?MgM377$MD8t{1ko%x{B)-vdEW^VSmRS1D*M4W9>S}~X&}d^4C^da35A}!TdVJObSwLIv zVFVPci3Y^u`d|oFK>k@ahOGd+vRuAY_BA|Sk=2Jz0?SF(fI*`T$b-YWE%iK$7yK^) zx+9tUrPE&_s^}NZx!}lzv}8(Cz;MzdGPBC4B%i71ovKzR(J}Xu#7l2 zA&GZEkAB)+W!e8QRn2tnuRd~t+xSM|6%P%04m`fl9( zL{nn(H-=#@jx&o-jHB?<;P{8@^1BkJ*#GAa$b{1v8YUb;L6mXT@~ZKp=^?=6BGWsA zPHsFiaMp539CqjeRl9_iUXaCW^1A^&AnT&+BXEg!PDXCT(;W&u9!4lJ6F038hMAER zdYEo#GZDc|w-8EZ3PEKta{&On9Zj6IghzxWq(P^EMOww}LEui_4)@#kmY+%5E(|Z` z7^o~nO3HDFDAw}+oWi`!I4!rkq(N&;Od`@AsXU65I)g4DU9Pf474- znQ2-=IM9gCvR{80te2&wWqao+8ZjBG_g|ez3+YpDp89pbAkX!WvdRTmg&8MM1JRT5 zIdssP@@BW;{#*%*uu)-*+!*zv=<`Q&X11I;ka0-8lmX*##!2#Z zj0k2F$Luy1zUC1mngcoT@sLQ-efYicfW$~tf{lRGtl;vcVneHsk|Yr2;Trwz?XRcj zD&J?R-XM7Cc7>yvx0@mvsq+MO-CQXgSs`i(!z6@38Np&I60KJr7hnSNZeBdpTQ_-` zsHXTZ%`;RH&%rSPy(%_#*6v(3wDXTr!egcd@&Tnvx4G}r`)9$FL}YiTNRPpaDB|$U zpm1!*7zM8GIQVhCe-V-0(Fv-@8OmCn(wZJAX_*B&P1EEEvqSDd- zS+E7nzmTugtP&<89|c*69HUSL?z{xZ9?1hpgU%z!OsYxdy2R`Fu$O@!Fo4>s4Gg(K2 zPy(x+tt-#y906;(?UM)sy*}o`5;9#z7&-cWab`%!3o~5S$MJMarW^1xr^yfDb{ENe zqyMvnrN4@d8q^AzZ*ALFpa;|9?r%s!P7f|7$TeEoEw>!reajuZY=TJr2*-_mnBI&v zG_fZXh>KON=ZKB5k)kz)#f(J4j;zN6Fs$P;(GfEPNHn^FXbvz85iUiAE?wYS7%T~$ zQ5?J7bxIeej(Iqz_zLu%0O%Y>Fk{U))@!=|>dpWcgqWH{70mbNnQ`hlFvnv(CuQTz z6Yolk6elqJ#*pQS!TUYw8V!gd{E09a>f!1PM&^DySNZU!>NpA~z~8&Q_#CW4npQ>f zHp2!4pZ72ZE600^l0W_+L$$RPk9_+r{{aUST~tM6!(HZdxEz=c3^HF;)m91^oVm}GxD zFv9Y7c1GJ5+kZzB`M&&6_z|UGJ1*C?5ll%L#U)$y+}cU$=nnXJ@1begw=$7Ormb;U zh%SGBW*U;Q2)T`-itkH*a`eanF|@IMZC$pz5P0MR zb+s}0v_t30RB;35&EPn7|8*)Xq9cM*)Z6*s6j@pvrPU($wWi<26_^bCv8v+9; zT*A03gy-V{@g8r}q(FAIQ_S4W*bB`Ko|uSLJ*s$aR1g3%lII~GSe!~+503$TnG+Mg z8xKV8b2LVyZyXP7$%@w?1%*69_W4THgdJCWup`$H>i)9MZu24!LL@ihD5s`xtAg=ytP8k89`WiZItOt?VKeLV`3WaJvQiAtw`Ewlv6K0{BS$ditt0&V-F{4 z8qmxlvO)fY$d169@hD-S!(0AG9-5cZ;t)0;n3Di7#FR@pHIJ z!>8q5eUDsTSN}W$-iSEkMd#BO0qlYw(*hCy2u4(PTvR*RoZD2!ez^Ye`>BstXGeM| zFAruTp1u2uuhH*}?5c+_>s1iFY8n(o`uq&RDg{r^KdsFF zQhTZW-Vy5i=^q=snn~Nbc~>13iB^jUY&wsWFS{Su6p>XmCw*UwMr75T*nr6Ve_p@! zsOGoaQu@r`2tGclZGXS+Km1-?a@&eNo6n2TJ~3vs2uFZ`|A@%I{2L-;-{CoDFka$0 z(OL^vUV6Lx(%U2P-y1rd#^1)@JrG>ja3;Rt4Ex8H{ZaPifz}6B7R=MZp<1J8C6Tgq z!E2mehPeNpyj?IvaHi~nw( z26(nBwGD4@Xf5l;e+~rP9+&wx4xS5Mpf0XqphLgm&2IR4=`1euOyZj}sk`~*A%pq+ zzmEyL3R=l#9O~`<_+}J$jmrT)_=v;L_&aMFWb-bahc||j^zQv@VlUc%WU!ujY@G<sgZv_(B^A5t<)ls)<3u7tb#^aa55Eb}?xBbPh|E{#W|Jp|9>?iF_+MlC}G%)PK7H#a?ySr}d!tPeA6|wYwi^{7v z0=j=6v{*5Gk(xc7KFeV_Fk=JDb${D&AJxuTTe4taM*dL?Z{Q6wn)9hfp6aZ|VZaHo z;X0-8oqX13Q#*#qFzku#2No`gW!h|e@kdE?f5z4mo5eY@eh^1|uR(rD!t?*amBo~-FiHyy&XdVkfOw^LJNRSwG&#&oTG zbWZz}d3|`sS2^4YCcuM&bwb`=&HtzowrfMZ&u-Ys z<@Sywz&z(irAqG*km6VHL22D{ANcTBKAjOqyoKj=qD8RirRL}{F~Knx4z@YPAwt0l zGHRetfV0I2V^Q9o%I%>8a`A$ll{all`Zb3s47#$h8ZIjvMbk&f+q3zmRlwy`%1Ip= z%zha~z67@d9Z*O$Y09-I_EbqW{_>wQh1%*QGxBWG?ngdX0lJ;%$qx3$OUNB0R0YsP^ zQ=IUi5ryR-b6V89>+vl`Dlm4e1UGQBzgzr8YmJM`eJgfAK947a*&wpjPCtDi??-U;1N%3b~M8hgYx<7R&p6JCL`IFOh#&XEU_SQ zPr{No=K%QRsn+7YjkbtT-goE`1(Eg%(@m;68T-l$PN`w4kqcB(EO_o5_mQlZj-NY^ zv+Z>S`LvfoXXD(=ikW05~IHLi}W`L2Ae?lUHzZF`Qv#Y z*cff6Iz6-^fC2K$N5THC)fw?i_ghhMIuEj-iuT%O&^ zh}CQ}1Y_T31Rd>12Rt13R&~}@(pML`HR6oBQI?F*@#y1+>>^>n`qmVmP2DA_m0SY3 zKhRuinW5qMAjBXGrt-XjnIj)^m@$X_83tMxNVFuRgY$FcTXPfCQ_UaJlB8^hFAp~5 zqcW@+t~%sg;ci};3EK!Rr`(>fET<89MXg317mu zU3UEq+)ewW@YY3Cfitv=Yy?~)C*V%j3s>`;)1nt}^VkD#w3@%$E>1f*wymsFA~q^> zemYu+%nmsZt?0P1EN#hSCT%?ty_~V{z3+v2*{Xe^&In$t<(bnK^#{fI?U!P;_f=jc=C^ zs>Z?g(G*zV`E>&x1Nozn6<82b*H{9*9z6lo~VIpHkO z+yU0aTF8ljkVjv!>8dqD{v}+_xJ^*9fmtXp3~b{QUP9x9k;h+ls2DLC-WU>c*AAvA>l07*rMDt)_qRZjv>ESChHEAgM=PwAb&$DOR%quWV;UJ(`Lu7+JdW2q-py zf~>qfxDQMqw5fL4RqHa?GrL=v%HTeX=gpN^mAUWAO>A@q}=5K{CSKFo|+X zWJo3-tEs#gfYYZaCBLB`CfssJST}n&WC~1-3GtQI*C5Kb_+zr4Bc)Ao7vBIxa3{Ho zb`mKFS0}SB{*q;eBCf}=-4ilMvBds z+BQ;am3MW+Gq5T8mW6Avkd0uOz395 zU(cp-Lg&;6%{DZ|xeER;HbLiX0mZY6ulU%Y^V`6Pscbj{$ZdNNXYQQAa6UFh5XODC zoS3E-KU&qD&p0$%U??e9{J~g<4{;F(-{%?FyGVZ%g3aOMuL>&*ub8i^3AS1V+Ia>T><7@lvirU5#grCnBcZyL; z`Ciehd?WIFm$dmkg+ibS81aSORK6tM=^@DI)`hOHs?fm!Dl2X*9ttr@TuF07N;DHS zsC7KEqpbKF-k{hBy$kU)P)0B7F>cAS#zI|4S4?*64%{F%mIy9c-3z&3a_R~{AP=^$~#DZh6QOOgVx$xLEnNeBU81FmAP+Y`_IR z`}6Kic_>uzz!lS1Z~g~+?*Y~1*0v2k=_HVZ-a-l0&_fXs1QIEtfPz@C5}F1N2q+>V zB?(ojDk@e2DBw9NK{=?1kN^TAVh~Fdl_nY#B@{6T!fZV6`^`7s`q!-gn^`lnX04y) zib)91v&+4A_P+LgT^DpQi-&DB$B+6g+h#r1lv^Ddx<4k?9rZyCeM0~F78Y_~w>{s_ z*k^*XhPgfeq#-5BV*S;Mr}NQ!Yxv8}|WMn|kljPS?hzlz^P&`>?oTYk@CQEcv3yj<2bzMbV1vbX=8l4px9CH>M5OzWeK%)u$Rin zXQh2G;hTpT+y1uR+L#LrrqSP{cZT;t-k!nC*ByL;(*<)5ob@D7WRN2uuOS%EO5f9N zX%-o+Bst13>kn2LD(riAbM0VKICnou(pbY`xz}DhMAYM60KiufD7%EN}zqBk^H=~!-)!ltuO~@ z$NOnn$1Uh@dXp?vcTPor+hJ<%2r^JvL!002sNtRC#yY-yIL>MtLe{Ilh~VycxvEKW z0~#X|3#?CACBSJd7H1diX)kM4#WIc=;kiuQiLT=KWozFYf_pOPi*3Iyu|}<_KH^=k z=?F$_PD$GboE$EdVI0ar13wm7R&rA2oNESUTBHf%L2w3rl&VrZ?Gc?fh6p>&`jth_ zG2P>PT32fFjAl>|b$`^2A$Dp)XWL#P$gjf5z9eEaE&TYbZt47 z%xD*y!?TAon94Vv)VsEcHQurkB2<5}iy4=L_4ZH5p1anvc}tM={RxWVUDwv^sTHI= zv72xV-M;hM4ULM&l9@L`o?2ZVzZ*($Z)vcSL9D_1H|9tmB7pYm1GEX;4<3PNF zPfp+>}^x`FunLhi-fxi#pGVLUN3k_W0ZB0If*GqUzrF z#pd@#ioWdE3XqTQ>jNN7of7U7z%7;#hoUrI@eXVTxI%RA27om9(0hIBBg9Ml|CL~$ zzXa7>(MEE>8vycYAFYH(0qnvW^BcyH4W`}@dYMKVD?3~zj~T0g%|Fof?eB}KkC0OC ze_M$9yn=B=Y*YahboI^ITQJg%_yth*x!{Kun7Z>!L&b=S^H?N!q5@D7@Sn0n73mPS z(Dx;W9(AYgZAu^0EUM-BGvdEXxIbPA`yjnJOSzR4QCV@BLkEBP3(4tSueGr-PEnRl zuIuaD4@zCD2#^<(Y^SKNcb5J%y&cqbso0*6w+2)1|E}!*xFs}W3EHs6fVzWb;udak z!e;o|4L&r%(8;xmvY?7@M=L>Vg8S)!%8wbVHV1n;MfC#6YaJbU-KRH$7F*%;4 zRGju77jgv9O++QZ#LIE%x;p?=_Gt-V`F$zvx|zP;f1DfF+qWN-JYGqbSG*mlAn)hU zmzuJI3?RPWl~WF_dw)I#bP;Hie>$KKpg5qT-HwM4qZ<2;Vl#Nf{yzZ_<9i3(3>5!A zE@a<_%>Yf{7%|-|^s+#53i_hbn?d)kqyK&hfF%GVfj$OTBK*5<*5Fs5l}s>80kYJS z;BGtqb(zsh?h+u?4qB#nDSYQev9zztLH+G|>Eu(sNY0a`RtLxrwQjSn5#RI{>BG zDK6djKZ3;>6a|#~pOF4ngKoQ4(H#6w`~B}tssl#X5>glQpSpQl{Zj8P4WXsBSsG_4 z%j=e4x}^_+SHHVwE9eza;iXEXH-ml$)yoa=1&<)AwEtb#C!m!A=;YG>6neuV9{{4+ z_od)0=bA1MDB2bEpf8sIJkZGIF9E&=LR8?v?0G@_p{~G3C z6oAoJavTiah>DB_n*PR61^*iKzb6!c zq5eBUzTWw#Lsj?1F1_0v>~?%3VX22z0XW(Yz(&w5#{c<#s((ar3pf4OkOMg868@N_ z?0RPZzax9k63Y6o5SjV+aQh#2>Fv+Be`cbq$L>!0&A#}5reWFTc1!)dG!L1ez*EDH@Ql?< z^YAq2=Oys<{}3hr!y)#s`bxHa1v74BNwbdn{cpdTTo!)E%|O}s{n^I|IAy!vVk_@8D5De)XD=W{_X-ftE{biK|LMH`~a+CY-EXCZ{iJF@`&3_EPiM9N3 zf9Bc3hQR{jn=hEd@4i<80IG4kZ|S}>OWy&%e&3v_Gi$=5r~h@?M(5*mYxruR(_~k) zV6R=|p)q+~PIiZ!Fxp^HdURstWYBvS{6zwX>EX}O zcXviO?>9M8snIgIa+paf?Ktc#FEQ4He)h)0M-$$-h2G4#7Cr{&UzJ;DywShs)!G~B z&6C|0f9!r-r4H5XPxRR z*RM0WT~210V{T+-z5*-dziBonf=6hqM%H2GW3v%?Df!hF_p`|RX0}%AZ&CM*VXKik zZM{`W&?^c}#ho3#{EeheP)PGC`140bHE&~{z7>%dnYQ3DeuZu)K0^eYe zdJ%s3^Wpgc9nT#+g(%lo8kFXk$O@zKY8iuP*4H#qR}mbcKD=QURBT>G!bn5gd&Rfj zOsh#d-;8ON4+mGax1{C*u3a)BWi=kzq-J7XwtU{mo&TCVr7dk3VBMNVfV@q*KMx>> zGS8-A43oEQF`k&Au?`uyphbkudDz~nTciGpkzy&>AR{?;IDyqX5pQ!m&?n|}+TIi^ znk9eHA|oL>PZWo%KtIawMKJU}klbF(EN1b%2*1)#T|;8__4c?nKi`8F?UHSI^I^~{ zMXd-?wL-Pr{Lt;eTH^y&9D~DQvw;MmaeqfiP00IcC*zU;dDxOLH4NG$#7NiO`_* z_{bAkuZ-0)pKm!aQHR+hF#bp%%Q@NxsLk=61rzn2I5&!Iv3#)_B-Y}b}TVuVb+0CDN^KG-j|a zAL?sE2a3y)3N>jDf#47K(ira7R&T~pwahx~c|22fL~|Yx$D5kqBSSV0ENE;S>2523R-Yj@RK4(Cs@L99RXF*5F^bY)pPc2cMdEk0C&_P`!;UU7DA+)^7|mp$I{7Fn$*V5}Ga1 z&5U2go-3rsh!P?8PpfR+5%r=^Kwd3dz9T=4cGPE1R%%qri`Veyxh`fTr`c*+B{vQ3 zK=5)rWkt{X76s-vsi)9(s=}}N(k+^4P3xZpp`odhv^xtW&Gj%XSP9qBVR3ZUJWfB) z?&#avgp8J_^1f|xgo6`&{f8GbPnw__qKhr+kC>U#`$WGM>095iA~zn`6Phe+{}%i9 z8Cp3GO}rN-M-j`-*BhWEuPjcQq%He@PTO!Whae8SI-eg}^mJZ%$@WGhrHFgPJv9>l zC6g1NeOSJx+!GvJg2VzKh?JkFlSk4;X=^%b+PmN!?Go)Glm6GA{r{v%dNLyReJwREA`0a`P*9~kX;5p-A2PQ;-^ zKB$_6^DyO7Iz=JDc;#fw)jUn;qt43H12l?{5S7);kiU?&0wgg;|Lt~!4M{O5V;h*f zip#0=y+=egj<{|TC$%4>c-myEzC^?MiF@Q5P*liIZEhg{iA*kIIWgAGGGqRARv;?S z2b_bxJ!R%s6}};-rs9Ajp{@NRaHU#g7)acBE6+La1hP0;tEPiKto`_@@@Y`d{P+1| zgyo-$k~da6LqXj)0W@fX7#c zN3c{5E2WuHD8}Pq2>}HA6MWZi7nsWv$U@oGst}x&2y#_@TV6B5{CbK_VZST(3bk23 z??bTYgd9sEG}w@&_%$soMi9)?(genT!CamE$${>8g~hyU%b@{eq-v4eL>$3JHj)Ts z3OtfYu5CXNzUOFgPJ~*|xdSyG&j(mz&b2A_tXiSj*GlQ$EqACBjVq{336@oAuzh1puD+Qwcnao5WZ z)@ARf^o(k#BN>&qpHk8Hc3+p7`E0j+tPYDJB9`&&F*G09WnH-9WwdM3K7+Gl+E@S! z3XE4W74)`mmt&l)^$nMwkNV(Z2erUu#Pac&;@hSBwkt;!MAN)>U?!RzAVcfqt~W6n z945T2-2!JSD7&}{d)aocD=8p7GH%U7H!BdbB#g2)oAR#GQ$TZe8LOY+CkYdc``$oKaFL zZuqKyE2<-LA+ciD=t%pGizJinbXf>h7Fn9r2pDZrRgeAe+j}@S|4-J z=jO|hknnzmMEC5qM|Y9dY}6fM?vkB#g45?}&g4%v>VFNB7ozf%7G>NVF(x`wZu4dg zRX7Spb65wzt%XQebZlB9-CC&J4O5oKvJh)l`e~Db2DkY;xQR&%l%|QgP?&{ks~vjF z;a?%*#qluKp_Zf27hdE3#O}&PKW&G!^(z?Squ3G)v+6Lmk<{StA+U>OQUII;XOnM$ zt)O~cbY(EL!5Kg5@N}@q$NI#tXS4drwOB0=%^+{i)Mbale$x$DclByodjn zO#4H~^zrj+HN}x13woysP_k`x`1ir}L8`tBcTGQ=>Y|i0+qbK|F1F4Y$V>~kcRfx9 zmA_)+Cx7FM3Yq30>2{Bey~8He^?e=9D$LMY7#2fz zXL)$$BiR;h7!`-tfMb#sUMAInT*koDSqtqGcV-Xd!J>OMH$?8;=jKXkY!no|WNWQu ztm8|PPpaij@_uBlqaI?|!@Ek^mVUpE;W7q0(f;C=qtihXsUGTPGV*9BXt@TH=||+` zY+2h6R2@RkN=V0#1Pn)_A6;Hu4lS-WIYNW2p}7UK8!C@lK5iR3)Gt!9y?#pNGn?$C z(5fs;Yj9mAK12b_G)0{tAjoN%#;e3`Z`A5Pa9>+@F!$JPQST-F*EVB~>RdB%O1Qb- zXSSZ+tZUxmsRb{OLX;BisLn4VE|*BnXLLRLsb?3IZyfF_ z;W>yi=Z41cy0m4piKwKg&h`tBN2bwNW&IQvI*!jrTUlLOq#csrvDjnMj=$qmGY#q* zpkT3=Cb}i4$427+0NFyPMiQ#Cta~JZ#NADU3qd_v?u>-;Xfuv@GxWg z;TXosW;cOR>Gw`ulExdZYo;yiOxhmy^~V-FuQnw;U$KX^d&Lu@8MTWBZjAlw)u((o zsT}-~hc$&W?Jca3tmjobeiB<0CSqJ1mAoJsiRxWyQ+4@*dM(F~&v&rRs$QFKcrsNQ z!g@3VXIP}BX4-dWY8A)k!JeGlviMMBiuP9Hcun3{0IT;qA9CEd3Vfr z19;!{N0Z|C6^|Sk&9^3$V9ZhlH;1F?t1qtz#ha1PnCYK!E1R>Bu*tuv&$Lm}MEZsl z_WBcqi9~cWjWRIX;GiJ49`+J?H*x<$0E2H(e+5Q8^fAv1|LKwXE>V=+2hC?rBj>(+ zK(bSMn+zo#g)F^QOctFz`{>xAEkPnkkyw=pbQ!ue$Mmk_`LLopWF+5c)B3pqFX5s& z+_CB7`tQ=Hz`}Dxb_usRi+@t^j4T^h)NT~^2Pk%`QMQcw_ zG&K(gPUy(3s&t!WBP8Bpa73x+r}1z?e$p(@5k`i^1W!o*8loh6A!vo1WvTZC7A3yW z>&Cp&tU-PH8ay-3+dz4-rB8lQ<)XhvQKU+pOUqJEpHkCP}V4T4i0=ldxS{7>TYs+z=BS3Q_tR zj)qYq0-OxoTiwpa_g15`nkgAjH=Vm7^Oluc!3Wf0#vj4NY!ww)50z|rQdhba+6b2= zp;?_xGLbVu8DWu7r*1;17{C4o77ypSw%m8L$qvMBmu-r>#`$B-ytBBv>16&}DRITzB333HiQHCz3KOI%XV49QK_JTKT~W`E##=6zUE$bILM!R?AF z8`;sxO6WJp$C4XGT!n(YRYG{NDNw3(5}HyFp$_XW%zl!ek(s$(kdX*ehOnr76(Onf zuiN3}6L;@?RPBE;HRQUdK(L=}yMM6}%hd2xg1v{9pTK|GP_HWE!BZOCr8W{Chgw~c zA-R#4NWxr4%(xD|(JE)0`_v>QG<^{}pUsF8$>u_@PLo_8HP=>&j4`(P@`t&0h8WMp z6u=eRBPWNL)>&obKBlcJsW$Wfh=i@|sLQ+ZVA4lDSU7LykO7-CVmuFHhI5$_GxKJq zDSqsmtCo+`lA|TlrL0@$@y9843M$O%l4_3y6%nC@D?D@PWlw96^f1pD4RUoN2`t;3 ztGn(j=rmk`s*s0IFqL)^Vbw3Ij7C#%;UQvczLEot{|18XBp^ncTDMk7c+?PbF79hiodJnQ1fYof)W89+R@jZ!BK{2440${@-Qh zXtq#Mw$Xk|-6%gHS$<~l(6Y!lTFBpvfDOkh{*VOiXGbEgrC%#-RL%vNnMz1>g~k?**a+=QC7Dr+ zN$b<7L45ax+0A07N%>SkOd7U)v(4|2Y`ZAm@}e-Y_#D_>}6Kl!8P!A{6gKF zE@&kSvTThw5<7<}-|m{j({Ov~QAvWiqSPfDgehsJYo-!+Z$qCOJFBK8qxg~~KfvMp z#5LmV$q-!JaJSptn3#{O zi%p$BQd_bF>SMXl?j=h^+Q+V$3AqUv2>}dQr4ST)FVp&`aTR)N;ZBbxysfnr79xW z)GXNAJVXd1fvDZMjCbToK8>N1>6+W&T#$!GYS~)8?g=Dm;!a^Ec$423N$B&47I`~` zX$|`GZuQod-MgBk(LL4T;d=(-oxpMY^;A|igmFv)ei(Lo+(N$5fl>osAdqY{!48>H z;4$V$CxFcp6YlZmsCz=sGJypv0${DSELF&>1bO%JY9Z~)*)n0{p24}z1o$$6)oU$+ z-#jI3?Y$bVTdJCU%=mRghx%=|gw4%}fu>uu#3N0w6Gq!HCsUxttckkLoK88jmvbt| z>w_lhV6^RbLNu58ga84X&jCW>wma50s!5@=4SQI7aXiB!U=Q-16d3tau4Xb|OTFyi zdZBR|Hvp|nTnlIHcKs||DQg8_uFs{}>jk_tm;wVMoN2g)Oxr21YX>Bj(}0CYLp|&wHB@>qddK2$uoC>6RMki1y0zwY zFWt{-`|M|rot(F3k8Y-@aH}eb5nsN~t2H0i9^`5QO>85E^KDI!TNePnh{x~XHO&QO z-R}scTNkZ#vSuCXsF}e4R_Ot>5s{}&gZW18nF}#>oo^1-@m{u|tEiJV`dWu`dTsEA zM3|Shv3FzW8uts~PJ(8f*LBea_wD!;0>hifKAkBE50bNiad!R8PUXzi3`oM zUw$4IIRAnIb-NfP{$Tm`8MakePckAZrB)&oMi$myU) z@RjDt<3;!7^Q$w=;SZ@St{R0_^rRsVo0sr`0@=wON>Uk1$;=(bA*jTHAein=`mTTu(J&f-Jj&aettUB|L~#q-;Zg_bD>etRv8R;=L|MJOUVm zibBhgW#-dBu~$B}9?x!kqL!o_A&>s)1jHl!lS);UP=%0=lrk*Lp{=)pEj zAbl!M_|JM$(OH4NTAdXF%EErgxecZH&8w5)&wtidzjBL7PP)`inr9z*dp>B}Drnzd zaYys64#7>FNO8UwdEJvlg~;(KJ`5x!=09u_L(WdEIz7o_g%AkrE9WRXF=y; zAg9*(QlgoU;(?u`eUg4>vt6ipXOoLu&eP$R%`18aUodVSva7-j$0fZO)0sooA=k#K z=w{7%trf5RZto;&y4*OgAn{&}Z|zP?V2F`^@8hIKlczNB#~R3X%exh22hN_AqwXX2 z4qQsG1yVqG9H-E^uAuqWdLo@%Bbd5GX_6WV72r>a`R5(%G?a!MI$ks4D$*!u*io_8 zFmnD>&Y0|wEjt*E8jB_lRPuVXs2T!T%4&Dlpd`h1fe{UQu9ju~62c2m>nnbr399&ThWXUZlfw6zqf7%@yzB z;1_+a{Nc8azmN5{MW;ZrNK1BrI{)muQLNo@JzPoAq1_Pu@aw0`{bQV#^*fr^ zU2<7`h4~RG1EmMUAXv=7r|`BFrzVl7;3Yq@;FH!CJ|+_Lxdq9B{uqKGwt;|9@_>3` zP#@j7uA@Yu-LuWF7MtmaYQ!dOSaUHbp0a|o+x~?n(MTij7$!{D`&!Nnj$dd+m}DW7 zG^?~NFTiUocFwHjFFGGy^ewK#WPXW zBHe*A4`e&nD;IC9Kv0Xn)3&uuS>yFW`z=`4;q!_=@Hc`{iaA*Vdk(`ndmw9^v!5Sj z^vLbvuFHHTVe9IhyK2!-g_<8rxw)ax{4O~6hF|-d5>6h6{hI8xu~Oj9XHlY=gQwt3 zg_CA^^?&^}CO2lrg6p2ScElR8l!>O9k#u!sR^*8cAUWOL)w^q%K}=Nf4#po%G5mOy zT+KgSFq29#twi>HtDwan{lqqbPU+&O$B^o$WwkZBuE{C#?lCfK^Oxhx7H!CVtQU}* z+(FO3hVmi~S~g71=`cKuC6^R0wWVvdA)8je5{;Nw;t7k0En}yVzMa^Va zO*zbCa_4e-&FHFK`5ej&O)z_CzRoSOSQeSPSFV4W_*e0)#Nm6F!}q5GxyK7XZx5t} z&=Mx9qgUVF;@gv&Rpof$=d05hx57MAvnuvZ+srrJzO^VookVEV|D>)gW<*zn4BIBh zVf5__&jCr~+bkrvnAm*IT^m*xsaSZWh-W5e3I`g0jo52K#8YevBeUzQU~3Vhlq=F6 z9#*(E&S}WftBFS@A{fr>X{Rgw893CRFA8PAg2}j@7&*gusvN1W>eD!1bw!fZ_~f4=cnsc z$}W@i?-ApLRur4!FzLITAxK*b-g(LDf({cQ=Q^(=s~N~0)O;j?SI>PTY#}2Xsy{CN z%!MGDxpE8Z+Jk;hLKsV=^s_)$dJ1ZjSNw=)D7T<%{*xNCz$b+ z^i^Vvk3sR?g+#ce%#0r-k99ykb^Ct9r$NK*eBitB1aq-Q(79u+%h27Y*+6mVh6u0G zUcy#)NvjaxU}8)^F4!RJGk??dG+*oB(p27oB7Gz(6UZ#nvRKO)YcuJ1U)sPrqugG* z=QthdB@V9>5j&Gfz^Zp^G>LV$T2BqO-wbZQ`3DC$2Bx@JH62BHPt@7t?<3A_BqR;8 zDz5LuO$t7+1u)6H05QhIkL@6KQIyag_fdoIcmJ8&tcLb%+e>*=z*F=YGtMLQ1utFnzPNDMFEl-yuVoK%Ph^{)mKT- zAJ4S*zL(mjOgr>TbrFj`l2*NMq^xXhIoD+^dcDELK~_YMqp)0!9VI`;+xjMByprzS z7?asP_vDV&Wzin8rz-2jhi(n)jq}7Qj|r~jqgSw?{gqx{Q>tj_slN@U780)gq3i$S zg`D?;Pw)DOe>Sc8Kv31LxV2_Q6X%R=X7o?Yi!PU&Ua?<_W51N7Uw>q`yM5v|Q9ico z-Rorh_nO*|?S7UelAyM!Xv#~2{K8OP6Y8f%>wOEcgZHg@r&ZT z!gTFs`LLJ7e0UFRF3}Vz006DSUB0&8k=chBvdD7kBQ0IY<7#>XK4)W#D)Gs%+yg&Iov zJch6KI46hxf&8lI5*(<<0@N&)OTNSHgD}&clxsJI&s6z%Vw zuR?DdxsK-dwrVW$G*WUD3`~L+XSdLNS$#~Ri%H8hsOZ9PILK5NQ)cQG> zapJ(40-l4?Z3fUkte4ZxEIh}P$FwFRSjE}}0*j04LJ3nFy7;&-C{B$>T_*7_gk-g9 z^r*}|K-Bv5NduBr;FKHc%}U7oJj;nF@L>7$7qx=@a%tf@=z4{`(FRVAl2WGZB{$0I zDxIzqTDN6n#$cG)XkAp%;aiezYZ!JiEJ)eh;RLxB)vsnJ(qa3{rP~TFTXHBYLDL5m zFU1O+%TCtp0akCjg!YzK5W%*bltCU+bAo@V?GsmWJERVRHpAivXfvAHGDa;fD^b5(Gc48pT+Iv^ z>UW8r0ZwT!I{zY>f>8}3X`?!2-C5o8*fd!;AG9vLkxtEn?yk|&G2;~m4Mwp?pA+PM z%#=&>{b6MZPk?Qh^)WDy-vEkrR$ygCNdd_}DIoGj zlz8?sJ_$QxRO#+9-u*;@r_%x1@#!`2pbQJ1+pwZssU~6?2+CH(Gm|Im;gllQ<%dHC z>rKc57dVKqdG{4c{oKOER^QsApG!E`b5{l6KyHyW*Cj~%1slr$mXDwrN9^!XL=D-Y zCY@TnY{w4fDmr4udrDy|F8^`#yJULc5-aeC?O!jOg_|5dRsR6GN%0mN9XDuM$9wT<{6z&nEv9SZ%GWPN09 z;4$|&WW{ps`2`tgx6u?r9{vu4o(_dzbU{}1{Qj(|_YV}1>KN1H)49AQk+l8cRh9DxDhP!(sB6gmyxhrCk}80Gu1iWZZUBZ)kr0)m)i9RcIpAVkEg z@A*vv&+e>ZLpop^^JH5X#)Q0*B;|wpG-EWQxqFGAY%Lk$Z;B+?KHqsFX^SHf{kP*E z?FJ3w84l9;0VU{i%Q4n@^2)WrSC9pbHkxUV#Uvcd296row7Xa&@0wwyP5FbSL{x@! zX`TnS{|qG2fRtPvBwKg=^&8l7?TbSd1{)fUU+Qzo7gXCA(0;wLeXrr`t*DHR5hQMS zg2lkuV5%{U)kcegE<;E#+*x6D={g!v#!4`2{NbM3t&a1Bu)PCk80TS8VKBUX=~^@2?PBG?>eofOODWe_P;AWx-j+?$#)DOD`440iWBkpOu|8WPlc)Sf41hY~KE8o| zZu9JY1V`r&64G9N*-djjEBbE&&>%_%^grJ}bp4eO2Aty)w%7 z&k7!gI0$G72Kf3Lk^9>I+M!wV=lg}bhC)1xp*@iZ^D$;X=}9Yw`6)Q_=)y(Qq}{p? zHkV^g^s6zph%}Kb5x(G|NE0gMX}doB#u_2<)LN8f1~WK}mTl~c4c_xR6QF}Gq=~gi zHIX6}Bk@nfx4ApkWE}|@C@4%WfK>%#)&IE2D5Vx#Y}jDqNt~P^r0wt1&ac{+*&h0* zX6fg#{p}0;sGWN0Ft(J^K#R1erzb!QE{dHcYGrK2bX=h=&|QJ=DR5KQam^8GvxGWn z6LEttsu+qfK_BzZMxp%<4~eHRIQ#VJ+e6c6))qYpX>k9F#-9*R<(w(Y?!=7@#(kKS z{Jmy^59NLz!|-&J4lIU(pE(kVq<(oF&BWG~R~fG~sW0m*Qa z{Det~y5?3y^K-k-Ak?P0OQ`3~EPEe!xlF&JRAPp$VP@IgEl?;drA@GrYi66^A`Ms% zpXI2}GPlejs2|k7N-9u!ikc4M?w7Q+QwfZ@@z8LdyM6-WQAJLe~4Dw|IT5NeH z|2pIbM*9MSR1hY=&Vxq&R65P3Df1X&}@=XVjbRw&4<;z$ef zNuA54Nr(w8>Zzkhllq=x0FRfrFB9r7Yu$eg>T+5bgMZR#Zio^cImh`np3HO!am_2j zWxbm_rS|9CYSqARmh=Ud8BN!6T(Tz4R)xQBwhEoT*%T9~uk-!Eyh7&t_Ru-)f}bFY zqcC8GOUEICy<}nq+Na+2E77#= zNauS92?-k+%L#%T*iPNk+gOc2*P)V(x?qRqd*Pug^2#{YX0xPdN+r#HJ0xOeLVV9~ zYTMF57uQbFRHkefJ{bno8*yHc*041XDz+{p_jVh)XrV6wfrLFGDZJx@SFKz=a}SIs zuZs&5+3Dor8rHBjb)R5Q+pcJvMmoxbX5$ChTbvP8R+o%<74h2k#SHU8FJy~YjT$n& z&3kZd!R_4e=Pu{o-q$1&=z=5bxG~8@V&cojdloHfWybpvE6HWN->j1JO9T^~NrwfX zga8hQq^ywhn+US>pa$MI0R$;P3R!x8iEyI&n|1R4_2)s!lN_#)f3s+QKU8lRe7F(? zSW8PXKJk6hSTFi-deZNQ-6bu@58wdnYpEumY!15OOk^nk)C5!~X6PaZR2)!Z-W+<; zl%brixZ`^F-^Z)}J1VQv-I*=)XVE)?qlk3G1vl#}Oapy>R6=NxRO&21Wj7wf(eQ)r80))zyMFe$rc&eJzae zEV`SVxnNHL@PBM?d5yA@VP5F@yU_n4?CxHXOuUr*?yEcmToO@!ebw60yV4x2Xm$dz# zd;LuE>qt(G9}eaPQ83V2UnN*=7R@zd{AeMDa=g*F6ZPid!8p|SF^B6qAWG}{esho1 zc0|=JXa)TQUH)Q;dDy5GGzU8PyIn5`lSL2($$nmjin8E2i22n2_2K`y)|glHlS#6} zW~$GP{LCAwlg(6>PA0IVZ$w+N%4^NUpVYTC;I3-tVSVkNl$~WYM2%5Z(=(|S8%u>K zo$_O63_m+-FXp_pPm}L~b%xLHLN?O^uqH1{)I=tm$ubgy1zF&?w{=jm&Fo4w7uyUk z2t6zCq@7qDF-XyYG~qKck0jf4n`qZMkfE$RIWA-xoTSonT=@?g5WEv=L)%2FTr5u_ zD7n_`&=!q6i9fRp4U>*Ok$VJ89w7<{3Tib~Nw8a+-q9Qdqv^u~_20r-K+f?@LB_9^67tau?tQL;i@d6m0w{3gm`O9c6Zx zARjUb_etu$1>e4x^|y}5hDT(0_vR_Vn?{ZA-ma1uz; z$EVR5ce1C|pm*3z2iZFVXDa1TaIufql?~a`T+N<@>`vzvB=d5s-(?!)qTdmd{P8RC z4c{IJQMz&2W^O<1T&j%_YZvrwv_;krIEFs(G$39}f?i_ice56-M_Q2#znYznpp$4j zhV0OO2$-$uFasRQ)XO+kc35Rr{qj$hcsrQFX{w4Oc(+w{9qUyWHCgl%0qlc#F4@*N ztL$mK{I3o%X5g%ME?SpnkTV`C=N-F6tr_wDPSZ`T%#%8+4y=AJkfvr?m)?1G^-Fcq zi*1{w8*N-<)xKo`kBU{z@1=J;Hu{7O3?2W?8#=Q37MFllc%h5fQ2A-Z6tzx zbfE0OMWe%Cza6wbn51`;LpM`G3Qjxfa`I2`N3a8^rQ>CTHW3g|P>OJ90K3jsc)Uc7pdZ4FNYG+pr`5glx<1Y%)*EnOqDVYPdsRep zdJH?^HrT6r3@1hQc(&}~Z->7xWqDoYhZkIp$K_z}ot?3>w{s133w6_e;@o!pXZO<`YQYhZd=Jrj*3WE5GaEDMv*x*x?PAuAPB^B5i z9WBpK`%54M0_qg5^<6g?j_-EUq@4m78Nwr$GwO07y^0;Im=r4^inVi4iOmFv1fSBi zbNqqVfEaA~_IlbAVuf%`+4Ha44KxT66{*3*vn_~#0|BiODMxmyeN;E&@@AL z4Sqx<(2^7<*s+Wl1h+*dAsY#-(0f{@cd}?dH!H8%kUb`1`j%>01bXM)o7^2D=t&*_ z^f;{Jdg_9`hP&W^bHt}{7bWL{-A~&mcKaJzb63S=QIEC>b=nT5Xk}bm!F4jy*W>Iy z3;!!sYTEwj`%l=rW2jJvM&-(j@;HQN7n9rtsj>sr=FE>InH1W&tzbC9{Oo`_ovbzc zdq3*jR^H0)ql(2%NhX~-+~E=No6upH^{@^&mpFh`PQ1!3Lu@P_@~-+;34@v?LP;J(2Ee#+V!H(|3QKB~VH>@c(cjH-^Bk zh0#RDBn8%ki6X#Jgp(~UU^$3@ooG%mH5IoGG86nLO%0>b>{M7gf<<8O#`D3@4)~P9 zAHK}HuL;|ZfxMQM_Ugab`#V|2a?2p584Y*?d_>|)Zkfw5&BB`#e3i?+h(vA#L6 z@N~g=7IO~-bJ#s#h@hWQMlg22Sp=>C{K7P`mN|rffGQmH6ks0*h(N9t-~Rv$5j!}y z9mW;QzjdP_`cWIx;=E#mIcvJ(;)rd0#GBDH*xBYH#CD%#f!p_{msC{0mVey znGpgQM|^;*w;kcREEr48yPeY|kR3vUG`J4w0ymNqD~-L(yy1IU@tljM2-);Fe37GZ`!T`vAELcsFIZA9 zED2pohR$37Iu2kx_Z`r%!7^>R{nBc@a7kR@C(sM%Z#ljl>{`HQ?z{lZZL2Kh=f9N} zey`d;19^*7f=L8e*)8pCwgC2iqgFt`((eFeUg%|Y9Z<~Y9j;a^Ef?SSB?tJXH%nuE zeV2Y`ymXt!|5b$l_gZ0*W9owhHY;{X_u3|Q)j4XyDR=TZ4ECvS&s1eIx2-v@{w*~) zMR_bTp(}4yYVR%LO*R-^M~ZpOx2@WFAgAb&!jI!*U67tA?ilQo5b#+wx(sEM2Y5S>?=FXhAbdBJoMh*{c0LUBNmM?~r{n3OaXZL;wZ1!hieO$s=9a;)hQyKWPD+ z&Dm^P4ERPV%!hJyY2oBQvAHDO@eF5nr(Fv*%Y)3yW!l^9Gf$RW`FQT$FQ^Q;zvb)5w15fK8gUafe&-gRu=8BvIexlHs*wla(0HX!oD24LVdS|<<@sIt ze=o=Y%hJ%$_VM#i|M>53j(`3T7=6-kOqAXzIxS9_QV?Kdr)AYs-qhBPH8nrK8tO~@ z)66RW+Y$Tkk8YLD7061})E*5F4@h(M4lHI2j-C27FmG1I77Bo)c@Y-qp1r zGi%OO`|`iB_al$ae9NFdW)XnWemsf=ef^8lkDv5 zz4qQ~Uf=h<@2g7sO|YxuW}JIsQ(W=p7pI2b5r`(F4-tBlH4+4?#B0I`Wcul-jn&cn z#_UD=c-L&5kh)E)$n|tmTxEXsb*=BE|KY-isB?<*QRs#Ut`PKLM)R2czwrbUa-B+P z!kxv#w?1h~p8`$5>D~5fFD3Ab=k0O6gYq3hhvqk#!$f(@Mavbzxq~&(9x}N?>`M@y z1F?Z!1q*{ujgGl1z-a55V|O~=7eJZ7YCm!u)`O%yk$5Evy0d&>-CrNzz8bhEZjvHn1MfHLqT;ZSq#q+BHCxHn?9b&I zGmdvvE&hI~XH4~Ap#3m2_!8EM33xqh2dPJqF+MX!q9J zs6*(O9-q3r@ng1)L<0qsbZEc%mlVay%8FO6`E(iW!RmY7UEFKn;yN%DpD+nEn?z5b z)Ex1mU&*s(3%21dV4ez^tghcZJW_II*2-39*o5iiJMEfHS;@jXr-rUO=XfTQe$3jM z=%uB{6YG~fcfJaP27kNI_4i0+sM{bHAC*)v65Bqglht&z_zzUh5u#DhQhc15sBWl{ zMPJfmyLgh%*pogzJA>#ZGMnJZ_aE>Oywl5vqaCFRv`Jwx_DG9fSCQ0^pkR_ARf#cBM-hMoe)De~$huS%4XW%b9Lf*mLAhiF^yrsf*rQIHz?h zVItG(M*%v0r1Dr~U}#yy9Ii3>C<^*5{PrEEU8t8AmV`o+UY3L=Zk%~1ITN2-e9)`3 zy&t36v~dr2zTl@p@$!(W{?^v><>F~KUUt*4jl%_ay|WO6D-nu&omV_l(T@(3dEG>L z&J(P}qB-k#SW@g>2VDt@U1JLaDZWE1ESWAhCC7#yg|X1S#@SkO(xF63jg^zaUJT%W;T{13Suwn}R zeF}MOjyB|7USXE;)T&E@r33(aTzj$|I^>FX8Fp!GB}~k9dXR(xF*NY8CpqPg&kNZ%b-w!|-JJ=uZ!J;VJH{^>GTwOWRw!P)CUUk*p}a%y z^L#3)S$unNf_XVHk`%Y|Y3p$ZWmzm1ca~VvbV)CiEqZ=eguA`4xF%LKVyG+i!MOon z8m`&z@z)}Vs!T#%J}KT+(p$fNUWX|rBj_hLO^0sn%|M`bX}nc4>lR-0a7H1?o;6*7 znJ_Lj?HnlfY2dGW!h{K+*jqMkG6!E;kUm&gy$1C#LrG=EaaVUTGW%PBW=+q(SLa4J zD=l^IdiP?rD-LQE=-pCtc?9mkVSP75$1=`kI{#K+p0_87y!rmNTr{(o8Rhh?`+48v zNO`a8TE7w0t|4c>UNPDD1NGI`2z+eJ!yj5f@k3{~;)X6s(f)y+GqM}q-#13>jxq1R z9GSenv;sA>q5SDMXpoPh)Inr!xt9ukyM9`wv%B-srtn2itIhMK&L<2dw1eR4?BZR5 z=VWBN;?<_`j`{eM@)M=6-Y?4@KIQwVqVnh(`Kv^L`4) zy=?^QQJH^P*%e7gj2cyy*O=YC=hUYF-m39VFFGX>i$s25bw|v(uh9*KQ8;bgvT5J6 zC;;G(x=~1B1|3Frh@#ZKlcqwa%yYLTUPB93Pydc~B88X^y``0ocNsdv>)mdbf~DA= z6=OqZ{4i5-u9(%dPXdW|M=mHnF>a8LdUo#An|X9FmE1do9xq5M@`H2_Co;j@Zrt`g z+7c)w{>QiDI+u3ft-pP9Ob9>zMbaT*^K=P>ov z+aba_La0k6gj9T3uMpd5%?HP;qG*HC0~CqR=hXQQnRgW^ToM(TJlY@k(mHyb#*rGm z5)Rz4E)7w%Eg}|Q6cPj>ZUH(zoAHy0+ub-ij>o z>yp`k}?r*fMy{SM+Iv+i5%`P(^qD(bDKWqtE&i_U~Aj9*IK4fG1OSHo7D%~3E z447l^9T!ADhqM}Z2@V}`R*b1?FxJLEp?)V7w-vdvDDJ@&d z3Yx-kJ{Sj`q2UhU>E)VhM{0hHi6_MskBzUnl_HnXpv&kvk*fs&2Uf*26rYNjga$s9 zk-0&y_DuV>wfw}?h2834R+Qwr$&1rpwLE8nI+OP4Pt%-1);ZK`NF6Ln?@dLgRIecK*f^P%xh=>3p+Co0_qByez8aWG;0c}W^>8|YyG~7A7$xJ|ItjY2aCKg zAoO|UbZ6|nJt@kO-~AY{td0;ew2$MVa$2{vyYIh%61c&kF>~`mHm(HR_uruczrSpp z5sS+nM~IyEB7Evcr}QazRSe^diRm*1AI-9dJNJkau&mSHXX1DJT>0st&-wJdOD9f# zp3)FOH=M-T-?NEWAfa?tz$2Z>kf)JnJaoa;!*OQNGiUQ(ss8HcI^KtZ9%oT&b;RkaP42qQtODs-T@S}DF zIeTunlUQ6;`u61I6{=^E$^GQpx)modXoV^i&~L2!*(W!4h-SL%Ot}B<;wy`V>sB`X zuG{`e_5MtyW$^WkN22omf_HUKzLuA+92@xy`o)MN&K2P-dz2Q+OqeS2#WSOpYOFir zXF7zL6y4e&ym8jTGUa!unx3*l_TuBM?SEX1{CYZe(Ui^P*i%a`I!f92d#;h*XC67a zB=}gB+8>pj-hXG-yG!G#rR?TsX=TX=4zEUj7&nPI*lqjf5kNp4${aZX#f&$zbm(-< zx{qZ3&Zd>;&)W&BuA-)`BmaJcfxY2hKse;Atgxk{ol=WzeDb1XAl2EmREgm(`q?dc z_DiwX#M=w*ojSMS?C8TXq-*H8nWtaReHt}rv;EMP`TJ+VFDK34pSobgyaibcc;jkU zoXb1~?KyPn+**t5diu)IKb*aH^4xdl&(+^reDZ1d+y{r}UrkvjdI*l+KV$yYj0IVn z|J;6>v4FAj_1py@wG^0T{&O!-RQh-Bd`^cFR==EFcPd6T}|^9soT1L6pE_ zTL8qw1ylaKquG$cWhkT|c*+9)PIEjsZP_IJZEyy-^l6BRZ=97>LEh_dZUQ-18yGmW z0IF>Fxvn0^2KW}bmxvI(di7sf2t{HzE0Or;DX90tJ z`j!lC%<*?-`KDu_QMA9aia?0m2kw;+S@rim@a=!HZ}f$^PeDnI32p+(f%oizoR(aj zH6L6|yq7@#{J!}v(7c&{b)XW0n`)Xp;>-Krx%!{jH*jH46+s#Q>rIXb`tFCbpp0`y zx_@~e$j(!mbD5y1aa#}0{QN%acFL}av;M4Q|G4+KnWxSzzWm*Rfdn#xL2-C~|BsSA z66pu_|4{vRWr}_d5viAfV^1Tlp_Pq)vpO9l$Su8mQi1TJx7C{#TW&UO+l$et7=eiPfv9 zFGqtO3Y6YV0h9zmN57mJ5NHnqmFLB|%-TOwu3gajXV%V5hj?^|=n01VHQ;w}mw&Yq z9|*Wi3Ai(#Kj`)Ua!)h%f4-;q>&2iB44fqJ7NGBZr2^(9(vziR-@noTr78qZO8KiR z`Epv!zRz9MhLL4|wW9f-cf9*@E$UylCW659Yy=fR`&a!{Sw0`(e6RU)KDZA}__Ni0 zNjL6uMyAUDjh!hwHygh6yxj@q=Rqq1{b2l`nR5ESJq6td1v;Ukf84#+3B?;9JK}Sm z&I-MkcVd)z_m_13x+Bn&Gs?g8-f4ff?^z2rE%@u_C$&#%|7F|$<@86be`V;t=QB~S z2ZjFiC_l{ECzx5h?B2MY!N$tnUlN}EVfkMzA^V$i3D~QJXTKY0e53ywlP2C8^ySD| zlh;lT+~w?p+gU>1`LpOtiLMwj>-XvDg5u8dAq)TbJe(cG2;w0v**NP<55MoclD6O} zyW`LC4Ek3=I%f#NKv)3;MQ$E;$az4J?)}@RmFJHwjIZM^>c7$R-@X!}Wy`g@P3Gnu z{wwyTTzisoZ6FG3$Et%*c18X1Zwa%p!W#e;@BK3|HP03UmTB-G=$u{a{VcZjZz#Wg zX7L`N8D2QR_zYsd@_-`RlkWht@&IvhL{m=Sp4kH`cmttn1EOyOguX!Z?F$*kHBHoW z@u5R(Kr5WRR?)Dn{b$r+(;8d%YY5W`Llw-seD~ZQwcA92hwG3gGkw z6xfI7r2$d9GS5i|23%J_lWsuy4Ll|?!1SIIDP8ivRm-hMSMAKUbiVvg{DZMab*KKx zK!H7KANWd)mGusM5@LaZnnrd3=&EruZ#3|$G+jmL?`-SYKxq}Q#d-Y(Tvh31ha_{ip! z>P1}H_qU3je0LPB8T)gr!kmxOoLJ~by}=A$d(?k>0@2-k^Z7HoGuBCqc|Xnj`1UQ; zuGcXrLvUQ{lwjTP*>>nf>6)MfE$*F9QO;}!wh%Y_9J_rNe5uX>#HJWGkZloyqsV<- z0SG<5(!?C?q%67~il|61wi=+1#^4f%H$s*U8+5cZS$jgGfo_0k`vh^&VJ)x zh#ZF>ZI)t0!DxGggSi(3M8~(7JN<>+N(hj|!9%s$+D*2s9jFofZvm96! z4AS<~hoO0W5*vVwvzQqcZDj$C<7NQ>DSHKsJ>WsWBNf0HOV{AKSURVYHv zP>jL7HqKE=A{Z_j62dShi^)JrtruO0gK>WP3D_>6*hQ~ynQBt{18Be^50njq2rKEq zrqLXYoj8U7GxZpXGK4vj%5h(W@7aV1%hjH_6d1<2Z|z1)T1NFC71FlSoGtnCZI*jv zdL9L!TEpt5t<=h}-uh-j=>j-<0R?g>bizw0>i zvrj*2TtQ7|Ym}oZpTk9T9u(t&H_)IkkHHeTaoUUB?_b(ZQ<*gFB|%XLm!CnE;3T~$ zvjvs6Cqc6=nJMS2!1bcuo^l8eqZqROuqmThre7wCrzqjnn=5l9D7(o@F}3OScn4__ z>-Uue5yc*0u$k!36lbXB(V_@zuD9h?ee*(W-}8Ny)^L7e!$O*_8teQ``}Jkc zx_p?}_iP=;(EMPzqZe}ij=O|pPoI2*IoKRcWN(bT1kaowwBvH*#5&xnH&qHX-F=5b zfStNaFm!XZM2)?W4EN8TIO@H4WmY$IcJcewz0R4uD;r#AFF#&|{+(z1$)6WJX{J|^ zRHb}!G13Lqdi&Jj<~w)Tyf*6XUMkZY5$*BNTF~%sr;H}9N3V-XO|w$kgtE?ht9RZ) z5Jtzg#uIE#_YW-4URLE>ZpRa2dvP1JwREW<7mGM<=jZ&P#t9KV)_br)?{wh66^C)& zA1vvPr+0QCEQ3(mZ}H*<$>qDm?gR{%GQ(uDm@5kr<0(r&nNFkJUTlFZ7Bjm5s|R+J zV|4<@OV$galTzeTB7L$1?NDyhd0Wo7;~cwA+brld!GdallG_i9VL4xT->#$j%luVk zrTc60WwO$X<`4u1@ZDMB03i>UeG^!4nKB!p%gj~n5|2kCobW1Iy9H)0BnbL@spjFm zu=X;2X?v$vNtbN0O*fyR%m)6(Ml^Hpz96I$X0eeDNg91Ljaay(O%ct06EL3b;@zKR zCt1WU5VwG84O6+C#2lx4EpuqkHPIsk)rwfuk22>7dpC(ib0{+;w*9~EJhB#1h1;k? ziHbH=J>MKdn5cFw<7m?!V1qvT_YN8XKoQuNq0#5iCfe-L-Lv z4Q@&2_1^R1o>oj!FJxl8LV^z69)S+T^dF=ApJdfAH-6Bph%%-;HP#PXZ| zV7sU2y(1(3C+^bziy;dm|Dgi0@Qc_7APJWJ1bC7h3;U2>3K)i{3;QqjfPNB4A@twr zA9yviI+k!8_9ok!p30sFpI==)HwHelHVzQ%^P``Q{j9C=v^Dy(vIBQn|MO0G$uY)f z<%WryzMNChdHC%eTPaA=(V1V}PjY;gAoy=dg5*9Y@;6)mr!R?rPV)a@bA@H#5i9>q zuKzDPvtZW1UHnr7;PVf3)7@oaH8$>ngh;v`dfbxdcPv7Op;06Tg{b5(Uzvocy+>Ui zdD5bGfxcgET)@=f_1+&(t(zf*zK6Gs60u1Y`H7BWlqYuQQ7ko~n2~w~s|39JqA?v9 zgMj~OuKj}X4qKhAa(5_8w-&21iP!Mc95@TYWZ9d6f@MC4LVcbkd_fUju!t#%EK4J! zLN20qnAi>%jkm1K+E6o=B79)d&wux;kY_Px4B;0HMz{jrn)(MvNap*tT8=hCX-@#&$|k!2D20oe>80~BVQFub^c}T9}tnB6Cz&j z&>reXb@!(dSagG_erH?na_HK={xRlskdwbz=S8fK$^DotGo+)5Z(bT31 zXd5cdPHS^im{=n64ucK%GPZ`nv^%h^{aB#aV6jLs^yk{zd}g%l&1z1T#%A@fykl!? z*Ocn;>U7Rw`#94I9^C{hqm*rk~d;q9t?HAR^rPZVDn$%Qv``S;VL4wl`yp5`X@ih1o>EOSCdqaj+a~GJEmmc?A*)mrVKxHGe6Jh*WYxuy3^Q9}F(H>#-48>O?`1zcQpa}1Ll_-O6U#=4eESsfI;Fd+Zo$4hkzqME_GRsC2FZPgtwvKzBPPsnpb$9arKIU(2r38?CYfOb; zV3ZjE!#7ImfeH2ixtN6K$rO%K z$;G($#g49{pWOPX@u|^#aRy8OqsbnnI74E36P zp+hzn$b!VakREW8BELYCc&{$iSFAL9Nl#n|?^Q=A4m96JHu~;eX2L7=o|wQ_y=W8L znxsl-d~2$4l;$=t_e677!}smGQKET`@<7Ln=C>RinghkK)g1Uq~t|FFWhb=$JLb5Dw`C}P*$w5L&G|K!QcA!`PcouOgA zMgeqYRFczgCZYf}59RmC`>w$aLbbm^>r6lzN7gs5<3n39pJGrtaDJvOa|w+{sMt8$ z(l$FyL>2LzZBOb4=f&2GY1-X3n3lw4w68WLZPMfH(OlaF!CFOrtD4*tZBg@;A!4^_ zW_b)-ly<0>P`o)99?fy<2h@+N2@nIWYER=@05RdC=4OgakM47*cx#K{!TF7MpKGtPO!6)gIS^hRbU(z-_`eZ70FA^}ISIiLNAu20cJ8_UR*@nJknbkRKrFMedUV7?vFYq8T35e1NW?Vs$&!L zCvC}{SyRRny3WXph_nysKcPIj@in=$->SYpT&GS5i*Pe<3L8_j(@5NOtUzwJx=(1^ z5%k-R@ehghQ=hRNb~_QER>xpRT{R9bT%MfVlx}s3>6vAs^%j0y%gyEyh@qfw4CctjTMW@c)NH{qY{MS}-Mo{Y8}gai z0dQjagb+h|ypoSwXkzZcBOVFlMWkg?_&fmxWMTG~E;E?kI*2N=iqLtwm|u2fiOK`d zAFs&BW+QW_C^12Y4ZVWwLd;y*SYCm7XTdcgeB8CvQa)hJ_|fw47#p9ncN?n}1_f>ZRZMHIZhk7Xr#k2PLs@obR?ZAg z7?|p1;w-P)>|U_p3dw=Z^b#xv(jmCjh%h{QpL4vIDQ9lMd6h%RMqeDp`elkc((7SO z(orutcd-nP3Yh=8cgUn`#CsI#V@6G6a6>4RyJr$f3j}2mO^10NOFk4` zIiq_dh2vF(f~6Mi33fM0mbG1b=dg%YRfzj&>fayFSbyXhLG5CFeoc^_)n&~p6_M%L zggC*D@2zdhK2|G5f>P&$mRsUIP)jy44 z!rc})#{U7*o~rXI5&M@R$kvYnr*4eAbRP7d9=Xmoxwu^eOAb-ufbDn2S}+zOVArn zzW4*o$2AV@(&D#Ow{#@9ok(E=wRNfL0?>cP!0l-?z?{GDrDyo~N|;=?$$nD-Q8(bg9D#|hQh<}iuMr5_Khcl0TR<}o6h=|!PA z43=n6T;qboe2F-BG7!CQMDr?`!63$!(Tfu01!I^CF(&0oaRG@B6AS$`>N8hRiQo$C z#xyPs@Q=|#p^dPYSY{_&3lT*Wxpu5APAJk!G^ShTF!=`-BHY~~L4n30_D2vvBF985 zollH2G#2gNM23tQ&3r{>z*rWOCL>HhuL4X>KvPNrcp^9MW-+sjGr%)YY(iiYEJ)iw z{Q3w)=f3V6B(A;&(X88N74}P&r%Px%k=0uy*FPXH3s@Px8h!b95f1Liq-66qQ z~bl5Lo< z_uJ2G`5sc3hVd-Q>3Tl|sQ~kqEI7vjc(3C1-v3bw$Q%C%44Jzwi_Zq;Q2I}3+wWaR zB`{lVG|5bF{VfTkA1v_4H;l%C`rhY`So@{&*rP30vEW5dTA-kJ+eWr?`sCpb7HfZ}`!l2DH-rw(w zdWXkCRclJBUcK}d4O+Y8(@m%Ct1)L2WRNz$fe{~g_};uG!Jxw%tRIV}pvDlP)MmQ- z&n!Yf-ss5SrT#>w^xN+iPqN#JPwX)7Kb>)wr|?82X^(AkyZ9-=lC*2ay`P7lb~xaJ zlb2`KEE#oF1NCNnaI&_4GsQl&z%Ay}x`|QltB*w&2mZ#-NZ{HFS2KDXiRSVtaRNEE z!RGw#W1f?M;iit3BP?OIzd?~@swJ!W*fyl$X>-<_{FU|)w#;5+E3vx5_fm;$%W>OB zFcG40OPFSkM;`t;pmI=+SG}chw^~QspUSFRE%vtpt8*0YQ3&86W{L7JboY}Pek>Nt zr1Si##&&F%$zm{dI#9ifzDC7tyFkm>C>kAf4(@s9Q1rV(N1Aiii{HI%quQ=I#~MD# zZbnW_jYBwIA2@r*JFZ&NSWn5LeiV#3aVx9x$lkt4oZ{PAjMOn37MiiH7k+!OXrfXM z<<&NB5?!XmkQ&7++H=pLTPU+RG%D z%RF~Ot=(#pCz^vyant)8!@Y-^eR6`%OuX1MeDcMqi&`zWAv6Y6@qvu(yk6t|od=Ai z|5&u);5OstWl4ch@uWbnl&}uekMZ-bT{zWuAr8FJgRM*xY!H02cCWYO6% zbFA-w7LpEC-U%M)2m)pS4Y1l&F-ifn3?g@AaXbSFa0 zw~j{Jx+K}#+ptWL);ki#m}Yl2m@3*~mOfsJatM!FEZVB_Zfu_b!*PWLvkc0ttwXg< zN{ciMSmTy!s~zl`?36B!>w0bGqAdF8{>V5Ulvdv?pNv=8atVSfE>Od^REiN(KFFv1 zlR2Je8Iq6j!EWkiy!}owsH{lJnCR=i_YHQqi<7GXk~4}WdJh%lM-{J%NgpeoO64bv z=Plw+wvw&qZ>PPuN6Ra9AaA$A!Zu=AR$hpF47*-Q8>2)ob~gg%78^t z%o6<+4`}ZKfR850BDHirTI!~^n}d-7;s#)dJqRVpq{ieY+@y84oAlHwm4#Wht0Q`% zjED=IzJ0Elj)b= zE`tciArxeVI(KbNyAh(AtDikQ#95+%_NONgK9l$wqcN@=e0|32_7scCqnCJ0=84FP z4T|Wzx$&N2Tek+oEsm6EPb=B7;w_xn00eqmipB!_6_Ew=%$$kb5ln|!W0FYV#?zGm zZE8b|84{B`^=5*uLHZ`2E>}94SQ;aNcgGAf{SX$rHIc96v*e{!#^m1sTT??D=s7bX z)6I8X6pcg3$kAg!zi8nCqo4$@CQatT^s!6b`@_Leeki+ngsBL9G~TltBNbTWq47a7 zhtM|!94l?p4SnaOLGiJzqQT~t=&i$khWxfyDBtOq_gujyq^JbYxq3^d0M9+VDK+() z_=4j5bjtL?ubglHFiQ^M_Q~1771AZYlshIJc3h_lze=10!7&dMIf}Sv<3!``fG*9n zeH+l@@2*h;E=3)3)tt5wh0P>H!xwq zA;9z#18hMJ7tn}-&JHoPsG`*jWq=70R-joqSLGZ4zXbz;aSj*ZCVkB13*}62vYsLv z|Cl}*r;ca__Qz5t^*F$-Wk_T#Jex_J7Zdyj#sL$dlVA*mzWW$9T0E~->Ak%K^m+yU zn9D0BbCUE}Wt-xry9I|r(=?ApidhDijW4&g|Q!NAG{N$5@R75qDp!o zLFYecbKX*Kbu(4(cvTZ9FOZkR$g59fHnsM{GZHFWxojuEE)Ycs$_0F(@}n zOsWwr-MCftEswI0K5n_&t^C7@Kw$MPnLqc``oj4kQft;dA1Se=k7Z?qQuq%-!@%@P zaBR!G*9dW)iPt?J^EAPp{d7~+12*mKyf-R*7hC42;@{U(4qvfH^helf1^zPcm$8Uw ziH=}(Wy5XKik1y|(dJzqQu$qZdm1PfUq3sbc2-TmJYP|!oGzG(Y7Lqxkvr`SG0xH2R~F63HlU6eNv$v)gdG$?VK z13!U9y_>nFfY#i=JOufxkFjdwP(_{fKfHm+9dUaJ4kC+Z(PMc1pt$mgiZrq3yDq z8w6R#WcI!9r?_b#yTzc$_7uk=DUN|*#?Vh@`VJm&8;1*K`VgjB8Ms)nA6iV6!$dY@ zlFbQYAv@)Xy(AUR?kSm#lS@q{?Wu}*WR_?#$4fO5BciY&n{k1JBIlJYi@rPc-Fn}S zQR{ABPhOf7;nV8eS$?Y7w|xl3wW!yAeaF(Vb#ARbLl5jbyKoS%f7RcISu>`}2de#l z99(D~-iYG%#0|NXKA|5Ym!P?Vpi6bILjyscpB zIA3QvR2vvN2G%6)#dZO5AVxO8_5l0^a^c_kh2x&imoe7A7*&K)O~BKm;UdP)?lz^! z3l$I6{YXcDxH{xh0Zlj)1)Q%Vt+G>T!e2xv1oQ#YUX-j?+?VGEE0ZvCV1w1xC)(bb zIo@nYjcqqrsbGo+B5LV3y)2L_yf{4ssS^1C_5>9Uo%ir#tuo+l@!0+G5rCJ=c*?7U zr^B})s;$%4&QjBajAgt6^Dc;|0M!hq0VbPK`P!+tRCx8gdcjb)hK{_XxCNDbD&^S67X;RxZKagNDiwYcea1k8RL_4#rLIC+`^H6DJ28kjz;5fKl}n zzg)yJnQ|DfG*!3Oek&f!#dmpQ6&cHbJ4dmpD?pHMGdNgqn=%0|1k8K5esbFz_hNE6 z9MvKWkbcT?;2O9znDXuYMn29TCw<*jkVW~#Hc#UM52=?6$Eb(DvTdDbpnhNd4C8|>7GQ z_RM_=<5f+M0A{jt{`AxK#LMsJT$a2*xBe!x_c z)k^@ApBBJxk>AI*{=ujcJ=z?sBEC+mklM<$$Mtw*fJ)?;#4Iajcz80HS`gSsF5sn*t>d`& zd$-DhmWMbkb;j)@*^>#})axEQ;q zT4vH0wy+Ees?Qdo`%SKEZ9 z+xe$0-o!1mDRfrhiFe!MF+C34Uo%PmifzU zC~Aciv9aIC|ARbf{R2I`aYj*uEPvg!mO_+Dj%9JWS%m~b=iV3jZYn3o-HVJ{x!(6J zCMQjibK?=W7x~OyyMna}v#?b~RjxQ7_<9Fs76^Zm!!6xQ#A$DI3>-mJ#2@E24E1ys4C&bSGVXhlQuyoGMs?80Uz+!5oD^1EiMq@I!#y#~X{4?4Vgv|JPbK-ZI+J&7Mg1LmQl8oVeL&!kP` zgu&d=-3c$(ZYN0|253q3$-1bwSsGZQv8`tKJt*|EdRkz;_It*bzi-SZcy-s+q-!wP#$$J|5kdo&d*%2#L%LxqDSb_3V?|cN9beGU7l(3 zEcMq^Bor`JMnbt)9Bv0mvf{pAvL~JICXwiGCX2iTe76SE(rSB{q+dX@~k`}{>a!yjI#T+5)MO(BI369C&GyrzboZM`?S^nHu`XS5K zmPP|@ErZwcsvBjT)>g0$utJe}M>mg9h2x*p0Jji>KM{o0+?#K1gv8|9F1EzqLE($+ zv~P|=7pyXsTVuD^Mg|`g5@LD)ztQ82i#4TEAjfhFAH$}5lT}`J^Qfyjyx5&4BeK*k zFkcp;*$*-I?tO#~@a-iO@jF`q?88ts}gYFRak}JpuD!{)&&l@_STp zDy@ohq*@pCD$B*ig{%U9wtT)9xKB~4fe2=8ZoS_B0YK-4KS7|%5g4}T$&N8ZVXa&k zQJi`Vw=cVijV~n2fj4i-Mr-htm9c|TbI8cWBWOv#&rtw`B4^&&tmml;3Ru75th~K z4K!FO=gVfnKqo~5N!3zgttgqi6r#}kpaLq4JL;B5y7WOzm3gW%UBEn4O@WC8{;*U{ z0Xk-C66kkQNMb6QmfaTzwQOMRFbJkF<~~|_7|oYztcSJrhY&Cd_9h&b@FE=i3Vp(| zkNx-#)02yw275$Iy5%bCqd}2Jtq^5l+Ea%}I>l70PqqQMp(nRy3+q-pJa|Z7gEdIB zrTJ&HjikM#_cOuoJGx1aINrcWA|nec@+COagRAE0AF@V*nQ(gYUD)tWuJo=huv`+^ z!IY@?#k-G%81rr+J&blMs~=@gbzr0B4+Tr@lStDMFNFD%AH4DGr>9UOHLJ)OU^PFN z>Ok=VtY)01IH4t%%x{mih#79c5oq4QONZngqvm8$I^ss-m{o44bZM_(bV#-^@bA3M z!0z)88O@!!C#CiLe^`^}p9WcA%q191ym0D7C&gMj@XBb*t_QuFO%tXFG#~rwk@bp%8HzQ^{d#lehFRMF&zAC%V!?~o zrp}VTlDsw`b+hCM-4V?M{T2lP$o?mKL4}73WS7z%r{FUx(j`5 z8w{L^1hx!$3jHf0f%q39VH9WBA>#ip5D9|V+sYBp9{lpkZDV0Z)vzek_2E{R7j=)& z(5vBu#V&EpJN*6xRj6l20Jf{(m!7AO0+!RFL#xiLPde#N*xHmBcyM;`lhc67*9$95 znefEevE%e}fIUb7#9G$?<5d{IKBP1>?-+VN^5CDqg{bF+&pX5iQ?4E2pU-J=xpa2` zSMfY=q<2#e@AM%8_IYkFrEYoW!TvY#H!A;28&VG?na}0?C;qXud!=7c24DQP$`Jm* zR}iH2dABgN7Z}g~^y=2FfnS?At(_Gx++pd))SXJJfLX1JIUf1)N?@KfHSa^-GE^Wg zPYN8z;d!V)bAn52uXR;mcH6fqRy_tgC#6U%-V9&Tc=q*@^LB zF|S_rjca>;D&#cf58L9U$E4aBI~HSx&@SI55o%qLHmLlUpHVZR%O}Tq3=f#ow0YV@ zXUL`aVN4+8iiS$=ZkwF=>)xkLXvhZn_Eb}=Ovif8=*$W=8sQ%kqM*u)>~?8eBh~88 zt~M{zc}V-Xxm0C9vB-~nUbx$aM}%oHWPlxr1B>*QeizkXJ26gUl{t5#e+3LQ`o%HQ zZ~&`!Ec>Vf=0NLnJ55X$Q4c)n1Q`XBtN2R)0rOs(D8TlK1vrwXBXStauKjEf3<7Jf znJBP^XTLeA#{mcjw?pRK zOM!6#CCgr%{lo%+DkNDe02t%|i>CV=UL80`Lg66;SP7PT zG;yAj$vi@i08Bx@Q)i9ifn2*6Tw%hQa1sMs^e3PIU>o`*t&}#soYGK)8awN@!DQM6!Ni4-0P7l*z zj*JvIj3yS+I4j2i92-2oF#Jlkqz*Qn zk~w;*SA_DG%UjP*eSu~ zh6eaK-yGN-rpI%rIgYt7F3Zw;qy}IE6f8|)f_cpIU4q9bnWIdZAa;j7-n;3|MkOFV zAQDOC^i~P1YdPm!U`J(}U_M!DbzGvnKmR?d3SzA|} z^#uv=ZvFFiO>C{Srxyb&6L?k`5qJ%<`avjw#?%fx5h@DoZgoSLo(^)G1t)Io#@U^v z1Un(>W`4Q6h>v5FWG$ALCQX~gTwgR;xp|&wu*qQhWy-hRXr_NJS+1mPxet&M30Mns zv;D)?bdGD5&Gw?kVVq^K{kk<)X15dS`&Zzbs(98sVgjo+n|KXvGL*c{c7-25wvLtQ zN1{$)9p;hhdMWIj&n*)$t&0_@3v-)oQk9AHT2co(7M{Bxan zWlEjC{^I&D;jZWK#V(eJC86NxXpJ6twcdI57JPy*{DB}1E4=8= z=c6;0f-nX!x9X|r%&+IJ{kuP$s6;924avl z%l_n8#B1OCEe4DBOOU<_@A<-GQFL2VVuNy1{mrvW-Sbb#Da&+tt6A1$Cyk+U%VZ(h z&Zd@z2TaF#;6ax{W{yv~OBgUBWXrV;TqH@3tpYw0f6SLqd<)8Ck>Jgeeo_}(>ez;~ zw)W+x03{)rP2!cHOyF9>cFSc5>kdQbCpT7#^G$sX*28LEK0l&KUZKOuI}kcd52i&+ zI(pGaAG?_|Vg@o(kR8z0PpIXVIE*P=oVpQ2-Oogd%nv>wtlrKFgJr|IGC6&ue0z5| z!8$@dwbd)pByX|6T|9$huf+WD9lRPbrtsltC4yhv4~-GivYdY_#P< zEBX8kuBoaVW@_xDdP`DT6?~UvP3lI=JEEC>jJrIG=_9L;W=$&Trh!P1YP-Qv4w5fN z_y$FI4(PB5B`kHOmwgS~QAjqVk|e!Uz`2A+THzZ-uZ`2xH-Hs%@aLd;W`eei-Y^g{ zU#!vLKeEju#JT{B&BUY?ko!XY9vf$gxDKnmpMNV`cnMZg7WcPWJZ%{GJXdyKUYS zG1T%!%A9sqp3?1#rxhzrxtvz-3x^s=dXG8yF-+h1GBNai#j%v~n;!+Y1XAOxJyI^z zp`itjpW+YZPKdnK+;(y_wadJra@Qv|r^w*p+2W709nMC~Bc2CuqXc^0(;Y<6Ak#a; zS`bS3*7e5cJX>|d?T(*+|8BYVeDdf^rnNUuwijnl>13z^${8w8l6?S*VC>KwlhO*I z9YTvKGut`+X3bb;!Jw6X?#}c5wZDd+Uwbq+e&@!Ga4Dxf7JKmwY6MOl+2irJn{y1xTAM4T4N5SrwQ8I@ zZxs{)y3yyQ-GxPybPiCMUGEkIy$@vVV&zIGM$^A@X1}x!ibmq7?onojaTy;IJil{K zIU3#37inCk>uz(YJ=uAgR5AG_PNMFC>6jFaf*|%POi3!CA0fdnH*8AH@h1;8lmG%(Q!gknHQhb z@;c3yk^E=FmJVwXG(ro}cAWCnxH)nM;0~aRlx#=|K>0+uhLh(>G_Ng*;@2$*bfr)H zWbUxJU)-#n5?(cLaYL+W<@)M(9{iN^t^$AH`EcOXo&K!@_fE!0}A+K%m=qiT@C`E;aTSRPvFJNmFp2qZ}=< zc&j21;s6Yp zJ!Ktz~_|w(;T_zO=!)F!ETVAehiF(;6%(djnk+Xp4IyhUqIap-*#E zh1~4Gud>Hw{AM;YjjfHy8W=!KM_%Rw!4HI7hnmu6&7!MdpBfG?XRYB>PV&Q zwV)%B`N9E@d*vMcsRr0Ydt-f$V)?yYz(R;U7h*`Snd(zKUlq9=_0-{-pbk|5`Ow%} zICDsb0Qv&;qKQ^eEO@>9z=ys|T5&89blu3c$DWgaggQbK*S__mi(?~KUQqGafdgZR zLW32h*#Imdx|phup+jL!@=eAS6lf4-Qd6O&#ED9=>R9=qe4ANhn%d_}ph{P`smQs` z^O~!v0A46;P}OeUFsm!*C3lc_t5@v>b;P%q4{t-0Qq0uI7xt@QdM=JOV4e3f78nxs z$4LP*@xMxZ+jn2O!D<6n?8Y1Lr6{b%5`~l4ZL4o?R&d2NFHFix1=#y)H?L9Y3f-$~ z)#a7@;TUFZ4+XNDaXG24xrvh>s?Cpz81M>ECL1EZ{N*hS&+>INg`hGXR@5xE^W62A zes6VB2af2Agp9euxDr~*^TpRIEh&%$ffo!*ylV=s%!gM{Jfixv5S8s@sUm70+tKay zs%WLX@jkes4S%^cBqN#&WK)O;S_d$w!)%Xum~MEnLwTkN$W(zhA2@n8%gNts3*3HW z+^d3XPBo*w)A5L_?%TP0^!uxYccB%lPBzA%2gM$~9sCqUjkj%#$tg^^ z-u=!YitB;lq3@H1>b8^VrTCph50kMvIcS~eCk0})48C{xIfABCg%$g}Xx*uOvP1R>=LCL*F1HRGxWX0n@E9grUPGDEf)Bt zVEitovQ)_x)0()cfq-IjMg1zC9Qy*;Pjv)PEKS;cOd5lNdm)4r=7{KEc<|;!X{DPt zBw+B~IMX8!YA$LKD)5F60c$mqGmvath6&F5s#xOGk^1{%9HJY5O_}s!1%$#U4ozV`Yq{NL@AIMJ515t~~G+vIqh-E_gO-uAm5jW!I-#SjveP znWph@?JVR0|0l=bf8o!UKoc+so4fF{Q&mSYw zkUH-EVD~&HSHF7{%q4Q&A>RO-b#zhbg*jFA)kkLN(O=s?X%M8kUWueHvu>b_;-V+^upn7Cg;i5}OO#LL-X92G&kwxIc**d_8M<}jyrEUz%m zko0rb6AAsxpVdv@JRKaXfB)KBOEw0_IYx{2qx!ej^hT^Hpg!9BbrS?3o*g>h`;55< z_ez5syLm(W;WTh8UBRseV@$0=BLs3<%}|BP+mn;tM|Dx$o-i$*WXGoId;)J^v-CyE z`$-Y>YmE5-P2UUm{EVjt0_141;`8Kuai~}tS8pe#ZfDsxK*-?MFL&naM~P1)>( z(|3PeUAirKjb@G6;%JTG?EawO^vo$!a}>t)%yN#x;$&Q&tC~mKz4a0~{MHrq@5$;B zb&d_UOC2NQP;of67%tVdvHO?tn=5 zIY{H6=WYk1>DJ%8q?cFt2%LpT&y69d~tPFBGpjcrV=fN)JqvEDfAuek>Cm`e4Gi z(R1JPnikf_pLgfjgS%cgr!JlUX)0sfl{@^tpCvS7W&kJIhPd%COyi}bV~Ztgt^J_> z4a|)S;&nU3o9-&Rm!M-9Y4UEveoMG+phNeac!*D~&{Xo+AsMk^K~?tnO4%n+KY6T>v^#;c2JT2A zOl0m$pz*EHFGEwH%o_-VvS7qO(1QfeZ99eh)Pj7y^X;!PydH$Q`kmXd z!^^|SkH4&@wA`OHhfJ!uKr!(?lydriUS2)@?cXJp*3VUOR@~Zi62GU-O?FqsQWOJ0 zi(#|UpdA#%)nL+ySQ1Vu`X zO)P{x)6ouV&mshU;)y;s*GfRH7Awd-hDVZk3`MK<1AVP#$^XJWR^I%Jb z!L0}Di2M7ABMyR*JKB9r-@9YRH5!FF62={JA@jyT#57)8e6c1s$SJ_bV5KEBRd7PH z$38=h(Yl=AL&a2E7qiFTYB{x(LLg8KucOaMqa~fvA5iwpYqX`443YKor8B*HggUaQ ziPqdiwXssC$*8uoOIod%n8B9?APvYfG-+f?t*|Y==;jnvg2?JLyZj<_AeNUxXSYy` zTjZU^Xg!)LHz_o3`8CZOgf=q`=0;;!ibNEAm>ooDg2ZtCxT8t1LjK~6R9z(ig%fN$ zk}Vm|N>jHnCJlNk5LuddY6uZV7Xp$aLkB0*Ns%OF0QQW)XcZE+aWJmw7s~MRVf;SF zc`d1tmay#-mn@VgSBq|RK1Bd|Jm@im1rxX(``2(Qo`bwN5;@d_z_s@FeT+{f(APAu zh6!N=gl~At19cN`Fx}++iUfw;Pnd4y7yA9}EG1E4nZn1`iQz`zW_ z)FisY*6kDyg}b*!)ycVlqq!wJreT;+ZwkTrE|93Hkr9A$I3-qMs4VYLiTlgOdCKv7 zJM4!8qSJn#`?pA5!H8rR{6XJ_5sLwV)C4tVIp{AGYa*Qj_FB%r%yb-j5fmcWGxfaY z;eabl>#OW@2vE9K=43!HkfCxWc{#p!Vf|xf(F=;z?lp~8$r(iBr9Xuu+5aBA_nPse zPje#L@PL{k+4*o9fyMNksv9`S$4m;FZJXMuk#@w_B=F`oyZ}H5#UO=9U~J>yws6bH z<%kT%aqy|at`sJmtIAb9ya9)A;J)crh@q^g8I}?4BP5RCrXT-&)b`SPjTao)6E+bF z^mKX*L_eA!hO||gflCv;>@4oIKma*21K|=2tXVfVR>h1O%TuktLFINsU6Ly_mETSOX&-*IXCyUEi-5a?LuhRnq9ldC1@`i(e3btAHhn?4 zpi!*yMX|ygPH>CRc<~#aRj{B)64o`z2N)*cmY2A|#AhVa5jMRevm8Wqz}S9Ijii5e zGR$Cg#(^a%d2^s0Q^m@0X(*6}_mk9>XKu-F+&=D1iP8cspN>d2PC63toU3B~& zGFwEhQV#%dmEk_0+5@M z6o`4Lnng~VG1zg_t&=>voKV-U2q|h>p{z#%$|R8ac>RD!e!MXmiBd9@o;pD= z1rb-GO83eB%I987{cNVG7_1RB#gBP%n7_0@jJ~a`BXZ&`zTi=Ssi7$QPoy<9m`>PC zcJ>Pblh?a1WC);S{KZ)8j}jJRrcBxe=NW3LM&|V{EKYUmhn$wq3$fIOEX0Wl) zOh#w4P1;|0J&Rq$<2iwc;*`uaGu?u zMylc!Hft}>1c-ww#0(Mm@sD|pBf3It0G@Dc%!+r7ip{p^H;r}m0RQHI&QhGDQ_uST&T+}m9@hvP7Jh0aAw zQ(P}Py+M@%pILlakb)s?2#7QLSVig?<9D=AwF^3UIEn%4r4c(R)WEa)Whoq>G6FsF zv@i^>BV=9zwiwv9EUO62HLM)m z=!6lLPFTB|9^S##~+;NBPD%G`1QqgS&o;v`a;>1`}!ZM6%^gW$Jn0s5He_p5|t={ zjXeX8YpOBq8(pO2=@NmmQCtN&Y z9bqX-4d~58Z!2kW3R+aUVyO3~+!)k4HjCW*(B445+L+%*iD`JzPi&QZd04w2m-z7Rna+<&NPL;<_pjmYEPC`V-j8tfUW*fR;0dhd#scbvD*z{vaPYn#*Y= zd<-_u7W)q;>|cDRqb!BwiEksV?cPqZMU0_e{sWnr8ov8Fcc}cl8#|j4ONMBnK*6(} zPXK?Nyr2CqROYZhsLaV5#~vT{e*l#kv-{oqlUWmne$-HFKD-zdFavVhr1y z!5ib&vsxU=6jwc%V{&L??0Y9V`5oif@B^m65=Ym&UZ$Q^g`ShINTXh(md7*i$Ifh( z9bA0wxM21-=k0Rr`!H+NKG*aYfGmBs8Cwh9{nc)-wri|ouW7HD>;p>AmAue=wqWZI zo31^!54F#)IL0}DP8wy`Y5)HLWnMo}{(*4;igK9${=X@v3D}!19jG{Apw_^RkUkfRd4odqeKSN+pl9loyrhJo#L9j!O+v*?J#dfuL-pd>*&BqN;Di>Z zohow=#c^J3AkoOR(G~dfz_gp+>p=A{oPt1#A0;<-^zxsJR()~x z1F?|8PNUcQ99XpU&c`3Ngs8)!WT_L+n}7@y9e?>FEMbTsRNlw|XHB@V{`WAnNYid} z?K`;0>7goGRBbPnEu>rwfn-Q(P!vZMEk}w}fq8bYvioW4fLAK36(dB+5-5B?-$~)r zCgYa9DRiFf-yT9d!}>wVf{Ni(x(-)CVhtjus)-=^CZ1KK*Fc`m5vs+Zo%;Pm8^{&+ zcX90M040=Wr2F~;o>Z!$b9}-6%(Frgnh8v0bu291a_F?0UFwaC)pQpyLpzyo;K09v zb;lR&L>YX=UTH5XrU~0z?0;pH@i;9U3etqisI(m}Ltb*>If6euuOjdiaH0uV5l`uZ zi{bvn;ggKhDS7EBp*#dT%R4QW7VEHfCp%0TDR1e;%G`ua1lqzUsL7N0{dbgcK8kiu zP2v$sINc=~wRfpo!zVC}Yf>XHYLcl3}tnHG*(0VNhM7ir?fYJ?5SkFPniBHB&reUkq|>#xXygxK8}6j1(=rPg{S> z8ZyQy>%m>}?qStzzDEY8r)+kkQi?_%J$YLk{+xZjGR|sOEy)`@c!j7*uj}6?p zPqHzpdie0Iq05(0yrw$L${vSkX0%YKGdM;GMg6uLRZrX5{P(Xh*EXkPTR%ZgQDE3X zGu?HNRxTo@e#)FY{V3<9Wq1xxlc4Hzvc^C(4l^vZxnpUZ9jMKHW(bY2+m?5;al39= z^IEr@5aHSds^wc))ICg08|i6icYgHf8hDoP@sK4?e!}H=T8dTZMuN(-w$CArvkAw| zrURLF$ua@2F-8poZp~Iht~>$441HeE0J1k%k`Y0tz#g(^s5m^4)#lD3Dg;?3-a5G- z-l(|}30wSL)70)vN32m52j^!msX|vBDTskWn>5~N#ePtGl}C|MR;-Oa)9WWwA%0l^ zl|__`-@@P^*^@Hh0O3i$*AyjFSVq#4%|w@TkyK=ptanj?2S@wMf8ZyH5mA83Vp{0? zUn;<~lIxATLg5-AhjDLEJEHPQ)hzH!w0K}L2y;la10FBWW~^!tHROU0xiBi-6s@$9 zOupP5HO8|^5!m#0O@Bo4dOl_%`V#bN0T7%k=lP`*JOn65>i{swhomTn*5_d7CfTz> za766nk5sI8`Yb`S)s1AL|1=*<`LE5#=M|Da%*R33ql|0XgRuVORMQlhQ0+_zmgv9D z3?Z0|oCLWtNTHL&*m=O_A(-#(f9c(67*7i?eoU55AScW}1z+SO1YZ!Y8$vRRv%k|C z*S{b2JuLmtnryWdmaQ%~R8OkjyHxy13C6XFUmC@L82)^V%w^uuwU7@xFId5R-2eHD zx|6GG_pb9ip0lZaf}b>MbvrB<=SqMAv)hg@SQ9~jJoFy(<5zU!MKKVN;tN7?e`TZc z+G`W?GqcIuY=6J(`YYzK69`~nAvbrvrXMd0w?Vl4Zut<(c>KmIgK|AclR#E?F?mmqSopLzP!_m zYXYs#xuj1=2ePZOqjPTsgKyy|NQMC$3`4#&)C(O6iw_6CV@yD`UH;BMO$z@BQ7Vip zN(UURfXZkSb%|hmB}x86{!9KTA@z#iNLPIClF|o_!>ylhScB|TfV+PaNgdK z!)6EX!O#3FKM9DbzL5PLSj)P?Nue@jyv(zmiOOysaj=0R{(_QdsN-J2jLBm4yQK}- zQ#n+VJ;^;Nn>=L2v8Pxs$5fb70wt(;F%Q^A46WlKxGbA1Et6~uYj-IX7xPRf%dgL# z4$~G6=)b9kn<7zE#-W8PInY5%5OIPKxw{#h7_BqQ`WR3FJ1SXOiDGguE$itSsJu=u zvU`SWY~uzTWr?P7aIo`NK2iDMg-?}vxcYP6Rj6x;#XK}lgx&g_3vywFD*C^RnY_TH z{a4euA}a!L6b2KgNdFhL#@+ zU^tom2^(@5OTc>6V8ecY+_I%3s8Pl=jnU!QQIN6%3fvV)OcPszl~z8rJ!Acy$3(k} zae?7^ZE^>x5tW|7nolg0fL2^^;)tUymYyf|jAyfWNL_LsQFa~9yqZv$6#z*tngD}oU?h&I{zqXLJ^ux9$IaC7N$E%If*n=A zW{66H%3MFl|DeEf|A_^0=v@C}_6OLmYD9ZC|32U5l4vJ7IybtbbQ>WddCrkAhCNk=e& zVSTO^@8wZpjrF)eYD`e*peA1aD1O)%!@i)6b98V- W{-TLyU$IcRmj1l(>>r8W) zg1==2?jI(-xu4=TCG(1tD4R`LI`Ri87_x>BU-68UMLuxr8rB5A&al393ZVO zajZTCuSxAPhT`g=D|!W5rjRT|x{tVdo~DiSf^t$BSIp3OX(DN&j>dxUMl}OuEgf@_ zI#lj}z$QLMOVOe>Zv@pJR=b|QeMhW6EP%R-z-MU!-ey{XigR2}j-EF%g+S-L%qqueTGH2-JYC8xsuqO$JlQfCCC8O;ktiue84PP1`~tfRp~v4p&wu zJ~-jMqRqwrqu&54393~)*BFoJRz3QxMc!{cp#K(??PuHpoR`zJ{7gKU9QQ!oZoAPy zpjr{CuT|oW_Xp1Hp7?&n3DNWI!Oy#XSM6U^-FthghIuNB;XTUlt(FV%N41XUex3aC zOY!)llv`cj{%zo0$I(W5^y14ctHR>Hq&yk<>9l#n9_-vyZeAM~V5IEc(zGztaaW4- zl(#CJBxvtPHwIr&bKapUjz6vYv{6|@aXU9T{>bD#e0;>JTj-`+B;`QSj;^2I-bFd~ z%#|{}>d;4w6YAY7zgw1?agj6eaHaDsE^Tb$b=B>Hf;}F$F8%F?PGckuL9gGdDkNx7 z!!^|KM|L=k23uLB=3|d92rs9VxQumkNnoJNFQ1RBWROlG=@4NF4T=W+DYMI;d}Zpa zKq;bP-H5*o)?SvBD|)^#g@GEbMc%H<@`68_fbuZk%rs?Lb!O_45;mtkxdZa)RtXvu zCGc*-y9B3f?mYS6{c-Q1W*ouc}_mWEbwn(5WWtnf!-XH{2WD9Q2FfLFF&gggN z8c150tW@bLd@%?<%VcP3F1)RqSBj*rV=>z@xnt90tvWrH` zM3k1BkF$ebB(^l^tmX_h$I1a}(jL~F)udh&LX&dt$Bkb4GQ?g#2&U&>(=}}&w#ixx z=We@p5(ZnjM~x}!yWhX$CL=4kD+*_52_@ZHfO;vRbcWs+KUA$k`DzYyEG~hl5Yk(Q z9>EkjibG(2RhNss5E>4hnq9{A4M-aXFKXqJIhE|t*F+`9?p=RPRC+*P8s<1<%CR=Q zzoTj_aCWg`rPrl5^Oz6+(r?_tFoB*IisXlxscHyd$3t4pcC(du7OQZb~!&2mt`p}ZpPj^fl)-3&=3{ z?H_)*WdFIBKBzy(f%D}D{lA(0N(t-i8CNbcR+~ha)E!&5_TgQ!%*&!}6gEp|WS*$w zcbdF^z4%_jS8DFbt!-|@Q(GE-+CMtguDNv$6^mX}Bc@M;DCfR?vk%X^Cywk)kdaA1 zQVK?Jj+(~8-|H9HjpM46cIMes8}t~s?ckw>CNBw(wBx^Elle+RZUwL%W7`4u;t~!O z8z(seHpzzXPl!^WX?BsV0=tTx$BH4$v#T$uZ)}~;+9}0&sE@vkJc}yb=K2BEVy7l) zMb`cf(*y&sO3*U%mkFWp0d1dR>V!tY$du}oeAGT+YB78WN+PeANw1uYO|@e|j{8<< z#?D#^S$6LQ<;#VeLfHG3ca(O-FUp@h%A!!1BWG zp_g1>lz>Y&Z2M^^<4OQp@`OtDLQ>3!e!wA1{3Hx?lqh`IZu1RR+Oar5mBwOo6KFR) zh~NI6v_ak#QP&>e1mo(yE~~;`+==TNXGO+P6oW3T8L98IGC0SFdu`Uv9DlR(Yg*W- zg06^@+|n~u526c3@pk>~C2ha|Y=@1myQ$6&66$E$O#gXtH|VPuOp26H-x@c1&fh$j z|NPbZXGLn4`E#8Z{>e}4z0~zEE>f`7CFcE_!svGA8BcoIyw`MS~k70gcR+2_ooM96O+++x2$) z=Y>kC$h+-wSmXN;c}^#3C$F#2f2+uAdxMQ6fw-9vd{2yxn(lGB)0(?Id-XV`>-jpD zZ~wNVm->8ELihPj<4*$0s*q==ee0Jr=%2l{Xx>M{m+T9}D-Yb*R$eP+z3ah`9QYu1 zUZ60&o9It1ZVX#Xo{zj$JdB-xb5gS3Ao4ROey1YOxQQD{#_XmX8@b8l+hH5YNKw@e z>$2uX%iKl<33pQk#RlB8mMj;pF~*;>J$F%ktg=EG(2t04V=4QPHJs3^`X8*0UCw#L z3qDM{07r-_nauS2CpXES4n20rCQ?x){XCW$bm{=0Q48&_jf#yNz?tm!*xOv9qGSl1 zj8rkNzwlSndn#z^#I2iSmO2)l>UA$j`+V$VimNMlU@4J3c=bX3RPXx9Q&)d9i6zv# z?i$|m!R%$7(Z4O*QL7sP>2wO!!3Q=}6%KnQjTxpG)b~Ah9d~xYY~$6N@na~7ceBSb zjt+A(WoIKbAblNRK(Iljjzm+40SDSiw9K`#85UKde;^XN)!6_oymrIFSx}7KaGg_I zteBkRZoX`c7c11|lT6AS4WqrpbywZ)54`pnozgi}<=-gAru1tCme2+7J!(8QeDu3l ze?u+Y_Ak!WnBVrCZu82ZQKnpaG3)2H#VaWU-I*Dlx$_cyX8d^ihWfPaGVg9iJo3{>Bi5K zis018lA2lAw{1{lefDi_daW_W#g0t&DFISc;J_E_W{T~K5CefQm3^;sV+Q^cEz{@=us?zBE=ifrV zYy=k`9Mx&AB|6h93PHr8*4g_BTOZaE>%f!AWmjM{Q=M8|3Sh+BaS%)q3FRvMWsXO$)=^y4>^3i*6m`+^9*Rxttl`cI1j3-f zD5AY9-AfHa*b%R3Ng#5@Ym|HShhXu=iPkRvc9#BtJyKxEi?P#^{(v7aboc{%^mVQa z(JH)Dr1F5C_c{e+Bye4>On@j>%mp=iU*_Z#3l2wmwyb1b=_%}$&CfW(e2jC*< z^lfUFXBZ7ANLS+S!tJY%apasjF5bJ-QHMdr=o&3OJ|h~*pt$l$f}o zom~v4Z&upVA;qc)M+z0{m8{o{q$K|4`CdGK_Ea!rGlM%>$H@ohlTrYeK$CQ~=_FF9 zEr`#r`i-#m#kVl|ME&-Sp@acCzD~um08(U{*yT^{Fq$UltWc(ca`{9VlSg0z?_Q1= zW^{4q11qATlZVBq%-RiMN#H6tXb(f3ke#qQ-0b=?zmW7qZ}=E+zC(W_XCiq>Dy}(+ zDs5K#)zs%8q?E?*xkn66jw5LiQYgoz@d1X+2Q{i`g$UCT*8}b#ZCYERlD7W`>2!J+ z)FVddde6jznm*z67AO(gOw(|LCo(k*FxTUzr6okOvn0PmlpohZ77ZL!W#@>`K;71=K)6{e%5q%Tf0A%i?rgzVC4<{p=w@> zaWMiuUGQEa0$&VMOp90xP~Wmt%wEk2)`A`(OtT@u$KH zx!mHL>G3D=xXS`3IgWHKmB&9B5d)NB`^OG&8(g6F`0)(f7#!n)En69A+hxC%;_^-n zQrl=4@ac~tjR%wjs)`okf_PBxjg^(~F=Hb7$}{>1holtBl9MA~!rDY6H6qh=fUPA* zumelrUct)&JD#5>@Q%S2m}IgC%>lFMBBxB&o4lhfK8*m{apUT-o#^|p+Vg;;!c3F9 zLa?cJ(h;o6Tw}C)&I8#REM$nYw;%w zK3Om@bJomvEZ+FpKS)RXnt%YK6%qVupxpK%c?1y}@e; zE6rjj_NL=~Opp{ZZ=UZF63B70yDD1DhH9@I%HxssL`8tj6$kb)4Q=-A@3gD@2Jgc@ zB?irj21NTM0N0u;ik?waq7gW3_%M4KNI+#C@0HeZFNdz9XT*vucpYE)1W5SdL`Q;D zoC*Fn0{FZH0|qC7cq|s+#&#$BbI#Fq!MgkkZrnss!z{rexG`@tKzz~c>D7F|l$-34 z6CqlP6?TsaD1??->eOWLN9ydG6#_mL-VPQ^339W1_jDGe zdzf8~xlNO7H6D$w$T)dmHQDwBC`f>Bh~W!UAR5*R9BdVKqQ8R+bj(uMtS0eJO$?4zBvt zX7+W>+5>zanKB3?6aE5s?ak?YhSQQpXkY%W?TSx2^<*c@a@^P2<@knwlig>N@G3SJ zlh9Rl-|`A)RyKYnVhHg_% z1(j1Bv6c#BG$jf^9Pff85Sofz0f4|yGJt8bSPPjv0N{r>#sYxEkTkF~!|BW<*WqHP zS$H?RcJ>W0@>;PQUVEQ)z{Rr#z~G|Gk$)nL!#SXr&DZsQTkaHQAaJ{-Ifisf0KE;| z*Wph$bcMGEP!t|;4G5?9FfQ}{Bg5!na}z=;7bZ4>hK|nFc)_})4i$bDDB)W^%tL`4 z(}WE{jD23v4w=Tv@~|un!RG@{%*dg_JxoT9P+ECWGx$%Hsoicn)IJH(c&iB!_TZlp@Dh5vE+0I)`hzX|&xAtxtgln$Tkt2p2!iu&i+wdlUS`@ji(IuiZr95Zz(H}~AYNuV zm_iIv*sPp%>`NdzQ75>CVF)VHf7sawZ1A^8)EO8bbi-K!QIwc~D>(>4^VQ z1f|w*(>A5A9NhH&D{3*4SEL|kVZA_9Pe%BlzeL*PHu_ws;Y}Z$6RzI&^9?(&I7BY$ zY{76-lUGf7hQj@Ft-0~hziYUp9rb8met1t;Fdw3f?$a2uQ@L743>=lnQ!L3B$17|@ z$l`t5_{?B9i#}JnZG{^sG#G+JgFE4wl33B!xl}tMfk~Mn0>d@uJgzsw%oCn?ZDZYM zD?RP~O-Hy7!45J$N=^mJb&Ww~27l>7n?z(RZ4M~CAOeHDXbC=>b#UH@ULGOm_Rkd#FjXNGW%0>~ zIEh%et2$*Ir09Bi@VLMs!Yv~KVe5#KF`eoU{I^fvy?b{-`^JqMMU}`G5LCQ`+k6ms zxw-(Y$c1*GGOo@RYaF+uecV4EjQWhlX^*!9L zi!q)%ipdc%oIIhVuhsA&M4c#B9FUIkgH#0v0zmptTRK6$p+g#7li}NXxr1eZD#Ck7 z3kju3uEhTJZ4eG5pgwAHQKm@5p)zI>T90>F9ywMp>Ysd)S8UueQ=P6fewi#u{ksYi zxGXB=v#sWW{V`#YM7)vLX3Q9tc#J82{|_p0z#~sHYnX)t`pBoywvADy7|ihNfY-}R zFT0!)<^5-GNn?R=5Z7yU|Bt_FSvuAVYt8?sEwa+W;i3&%i^9f&)ujlsS4bg-wL+yJ z^z!r}98o#`50hpwfAAs%%R+{Vw!^i37jDCak2IhL651v)T3qzqzYvI?e-Ma4HDix^ z{vSXfE^cYxPG!IIFmm5Q$tCjU?y9)P-)d)Ee22o@weTy>aO}IgpKOj)#qRUD?s-RO z-d*hy9%bHxDYs9X!PdTfYx>boYitzlvqIauwSr;V{!D^YvMdW;7K~gwq>8jVBV*@o zI(PiDrHdxqkBu0;Y^B})xal=u*amPS{hH~s1z&&a1FDs@83z|lYD#YseC$KNc0ay< z>+I9l*34|$2LJ7<(R{>uaNq9uqDlLI6@Jc4y4Cp3f9;)bvf&O|e&8?s3t9WhH+m9) zz~S&)`{ZByhrzLi(nQ?=&VUr+A+YdD?6~zaK4IaAs&_!EgKsc*vZUK^P{$G?(}c<) zF0o5&@!|D3geUoNVUqIhaJ)=PO1Z+pTf2o4BjJAS?X=0Fw}p-2slSry7S>S>lfHK5 zY>L)<{J z${#!5sTfXsE2Y+oOC$2J-FQxy7~)I(mO?GofLY+6PL-LfCSw|romX^WheI_x4GM*? zdBy5A5QIy14`N)cAPbT9l;qve^DGwIy|ZV`P&UD9+hAFQ{`EJ9VLcOQZ3^QuITR-Y zyJ3bMYOgrJc?+h1r3_vI<47_=ry#WAe)x`FbDJ?b%LYF*TIg(p6k2L9GzRwf!T0Tl zN=2Vt0a-i$l>$=RSEZ!S^^nLrA2urKVPGUE0N-T24oj~VC1UymH)UWphx3gY&NO0a zqRl8^ArioWo3NdfF1ED={7gmA}SK4%II7VIAMOnxk5uuf?rN zAHo8CNz@6cGMn4RFdY3{|2>=?N>kpe@R1>Wn>&GJWwK0TD}0~R?Z!uWOw^mkM>F-E zRTA>zyQ7WNgDGVSvgBTQheq&DK}IZIFx=@*R>ZFD-)cLD>8XJgw0UE)KN|e(1)4;S$qu3bvB2j+<5pORra$r{G4mE6+<5NS? z7URNp+L{FEU3QT52@}#G4%dy*X>ziM(735^MCz8niyD*Ta>Ixt3SMBS0=+@i zS%s2z@eq?Zii)y3%=AQfjv^&N&ojoO>V>ah#0Dnx?SR)? zAO``?aq`+yfp0Q_=j_m5V6#MB5j$Eute47b{SDH4d2rosOweJwLX~+MF`$Sga}%6W zs^hgm;BnmQB7d!MgoczU=q%LFB%pE3wQC&NEU_vQVH<&}m|7scgU(l&BHXyxX>O5f zq6CMv-v#HHeuG;8bXx<`VF9yZyL2p_hDZ5NO;QsqVuq z$C39ERg(h?RKxGrEr@q+dGEvU0I@6{=Ogp4=GHu3{qD+(*)yCM5WmG0r|-1PKKJ4% zt?F>>gu}5j)v%I8jk$2{@Y1Cr9>eds(QZII2{wK^zTkSLibp$j7!EJl3RE!sb1od#dtz1ZI||z;`3o4!|6mw1 zr&o*b7D55|hg@9EZ{49kAoe<*O9JEx(QBh=Muq=MN42MdRHYNTC#s21)-6cIo%9z( z?GaE%H00W*+iKv1CI)r{wg9u>PiDaYj6o<_nMvy5-|x7xOmllqv& zXoIZ0m7s!uTNA3G7v3?L6co8F#fZ|^@*h_)3M!Q~i_ugBP{g#%>4&AskL5b$dpTg? zoeO!E6DP)E8ak_0Sh!9M=h&~VceL9on^R7%@g=Q?OvNNVIn7fbXX{ztam{|HmNU-=&g?Ec4lwip~m z4kNe4t&^FTMX~5pNFrDkLX0_@Pv)!!f>FxW_W9Kh5sZ$+VX49DatrcyL_cmwxh@#q zHysGZT6ynaIH=)<2*z2SSZd^9;7?pqA=P(-%C8XLPSrI^lk+h0Io<>eBLk7LM5eKF z12n6$l`y;+s~D+mXX<|xTCJ#X@Bd{O2{|lgDDM;4!Wgk7K%8$SZayW60t=;CWM!f*XFWvq5&YqSa6$A5_$3EKuf%&L@1o z(qqmQN6QFJyl`=SN-biHmsiUC@djNS?6$sD7TxNtjmSVc@_ z_gZv4X-W{92SQRCie)=gUh)zTUMa~=d4(<(V1)eXQyFqN_Pa4p`-U8kjdsUlk?y`y zIUeBw{?OABLr^iI|7ByEAi%h)f`650X~b#hqPP9M zW%*TIal}5hgVPrWW!axdF0R?xWcgY`sdBE8?F@7qWAIY09OPS+Hn&hi?-`#Rvm;#j z=IaUzCyk%tYQ10X$%iPfGz?$-&^F16_sFp><_)^m>otwI-ZO3sNh@xPhn~psYTj!a zan0|ws)d;1Wl88}fDs>RNPrPbk1#!XWd#s^G6;N$Qng&^E-XNxIH`o1vD^y#WGF^` zYE|yqRYy7nw6FC1Dtj`ThAq!nyv|M|LVg&kpseEt5Pf#BRQd&MsEV{x1Kj_LxSqOZE)fSmp2^Q+Is~ zRqoVND%UaYU(gt>e@mP5&f6z9CQ&A)jVs(7ZHU~dr=(JMoxK-xXx1&?Q76uB9dGES z#4#S8UohK~^Udg+i-HFqusSa^eP6VZS+~x&In!|-KP1~{)^Lv$@`;4<;OV1AiDc_) z&r7FlxQ(8svi|lJ%y;I{DsNB~*YCN_3AOlgWdY}40&Ma+bcibK!+0-Bpw3gx-F#^Fup=@Du})h6 z!c*pb6_IC~imiiHgrM7}xJ*3FABcz-JIS?{BlAY^k(!Z}D5^^DhQe@&qZp=>E~);Y z<)j^(IBvC_m^XaDp)H6uvr;S#(0KCo1-kOX@Do5aKuhFDxY{j)A@m`r&@uA@`Wh-6 z0A1r_yRK0b{|^gySm~oj5vDMD$lq?e)Ovn9s)TPN`kqAeaxb1}@}rxNnzC?2bYi&p zud;@jPP#hgXF^o2FHyTInLydb@x#4DK4N?=268H5C{6^?Lzo;u)5*bkP7 z;0D(@3HB1e6E+y$E6(%*_q6=U;8qulch0c$uG_IPmQYgC4`XOb7^%d6CvE6fonogA zYe1MV|Asr;eyC-|+yhJ2aClz0!g*OBmB3)ofooszsp4X&=n=AuLAu;0l?{qp#(g$} zv;v;d0Z(f$aR7XF`_v%XTMA_9D^Q{|UdsCXOfw8$5JDFZV-+DaegwMC;!RZAtKO-- zz!|!nHDM2B4blVP0J2L+pfsmmtKVM&U5({Kl%dRjV8n_xv?nXDIvo_RFhUagOaf(f zirdUUX#a6i(Ir0m!@TSL-z6RvMAI@I4bVALf{P)=-qt|VcK(gL>y=5RMBhtyw5%St zuYO)MH&W-8b*lIyk;m`%e;pJcIyBa4a$b<>W7iJ~3?`qzS-ga#lx*j_Pk1rnPO&6x z?BA0XwlW&lO-ygAnR)nFK*GLVtdBSUt~tWRrTzyLqp1&b?kXjJLWZ?u%RXEvPP6ZZ z;jH7rM{i!xFko11=|3Supw6ipHgP98Dav%(4BJ(M*z4&ZW$q~`S>5+_9sfZT;YiSQ>5$n&o`4~Wjkxw0!wbCLu_qEi^k~mbaM)o zv64ci8mXzaaWhVi)lh~xCA{A-hNz*8SS^!K4z7!N=Tn0Xy)U7;`g$D8dfb?TJ(Ez9 zsHw~VNNw{i$!IEwY>d(9UxyGII*+{eH1hEcHK9se44EJP%S$gC)tnmKVBP_$^hhKX z?@Z;G60f$$bR~K37*dOdHG@6NYQ>8`m`Hf=R{zA)X>JK%;ZyjWYb$t}=$6kprjqS1WTnE|xxcZp?UGi|v&H3{uOm;I(@EWnz*ca%xG$#GX!5_W<2Ycrp z*Tk9j{R9#@L<~oxMZhyELbO`3DkrT~YX$3}SQP@g-PZL0tw@v{CI%4?Rl8cH6@}Pp zX=@9yRZ&7_2uQ7U)l^inVln|mQ6K|?nUF~`?=_&+_UXIt?mqkc^L*a!@~M_XZ8CGu zeP7r2`u-*k*qpOoedF`nZ*Q!DWw`xl>;g`WZSMh`)aZl*$OO`KBrXjcyTqwYnX^p` zrHQ1ho)i7}fHD<)AqE}*xyK9m%Jp0Ww7;zTW*tcZSGIriSz={<0wb?EaO{m@ZbkeaCC_g0bXEE~aq>eRlSJf9-XRd2jyP68MhK1(D_db8A)0($R`RV2R!I$gpje4%l z?MKOnk3}7iSN%1>)a**3BU^+8AU#1^@wcS`ZAqY=30e+YWizB9p{egC-sYaJOKLlvxe zzxWdGDaBq<*a2hYFZn;q7il6`6TUJ}xbaZ^F0D^DaTRPu{7@E$6+b2?Gwsx?YfPd3 z>hF>c<~+!&eW;kf=Lf>WeNxqhR~L>#w5~u<)TzRNExajY(857L1~c*VHRS|e1_m~9 zrN|E^*b<$WITB_viT z`WQA32TOB-Ean$HUt>C|xw(%nO9=POdTF4gja%wfMilTlSyrH8#-QEMis{w9KFfuN zw<#Ryb@)htAA~k!@mnijJ<&{B{PH@5YSQMl!W>gw|3n_LwfRB7+p|x#PFHicuiA0+ z!^^>yOD;_y%x>7Z0N{}uP5-=YiMOp4sccQY_otWL{ zPSpSEPMq@0oe0@1z3xP+&z-2sigbBTw)VOc+rXWO_pIp%&zxh}kOj4EsQs_=D6NL< z_U@h*K*%^Nz;$=J2ol`pr-hRQac7Pnj+kl@Z?S|8H`#PPI=V`9YDhd2l7Lg(;F8)dG@NxyRnp;5 z0i~QUfUGj&Dh*SL_ZE`#0l#dWRw2Cs?R$)hPl1N{Lhl6)=G}zkkr1R}Awpcf z6@Wh?FVY0$2nC{3)l(4ghZ3kl!t}!lz}8y0e_=SlgcG14J0*hm79c1Bjz95J+yIC3 zv=-x>$>;0L<))qlU}gap^%7f4=3br8j_soW^GMtHmQ+Z0)6Fht)b)5@@On%90ocso zs@>3Pc%Hg`R)JJ_I9{iba8Rc)5a2O(@PRviq$wOcP_A3|osQHN?yANOlTcdj z@*}az;+Qmc&mUQ(^BRN7b8bZcq&JPP*n5wZg`um!SrYvOB3b@ z%*D`_pY5dmWC}|McoD7OMT`e8qWmGGrl_5p>MtSp)WNPmi<2Y?m?$Yw;R#^aR3pf! zXb4G9n^a=zb|=xGMjoZXJHB+{TJpo`g$NK+avG_-FdGYE0K??arv#vC3&^)3_y9z0D8}T<0rRDC zwb^hw_%{K-8tPHbq#dX8OfIrMi!mVTIk}?jIhx%US;k;h~z(Q~l%ugWU!hgd9Q>GTf<({wlc<%vN3El)?3>YGN2F?N9 zH40XGfd9JP<=^t?Z8FjXV?uwGxPv(I$^mQP%u{XCZ5;DG9Qea1rq_GO6qImt=G`GPTk_#$27s>1; zdeOg!WOV^1qhQ}4YXQzim>>oW$_cj}2Zb)xJ0>SB4cMTN0r#g4a1|@BR;9qXq^bP2 zix)$n&c}q336nRvyd@O*rvMlypT+neTfy22@yXvkzmETz-{^uyyCE`s&pkj!+t)>) zfjCwNNbeyZJcpeD{~`*5oO5ls1cRw32oEo8Nh&!_>qIiL2XwaZdYB;pMR}C() zG9))bqeAskAbKK6xd$$VzTxdN|cD7iz9u`oZHt9%vmoe-0bLKQ-(mW41Hv#U@Y^Z&H}}JZa>$V; z(1V+IH&}ifm+giqi$Org#AU;?bA?p^YTn~S=?MJ_$Lm!q=x_w3{SZk{jBqr)Llve; zY8oF(m6!|CN!8xsQ3hUTFj1fFzE)ard*y5k;iUK%)`>PF2|pmv>Xsb__g_(ajtHV3peQjG82_Z~Ft`x= zbcA}i8Z3CPj&K|32qSKsP7X(2G!YsqQ@})M;MF~*z(knz)I^x&pSt#sO@z}^otX0S zaWE0uMi9B?&o5A}Qh$v{md|*G>Z=HFCKk(BD0J{oy?R~K(yyjdAg^{Dg<-@UXm7yu zb%|w@uq?s%w@_s`WHXiHwnP`bLk;4(F(PEY^Ktec=?BMfyEFG!rmt#z7$VFu7vO2p z{}-q)jrLv_`U2Ib=fNRBx84O6;WbQ<0a@YQF)8y&9*IlBp7cd37rNG>=Vm%_aFNOh zl*tGD{l^Lz7Jx?lt)3j-{cZsR^|gtj(;fQ14Kfeh)O8LaFOu61y;B+Byf=A&Q zgIqAW;JhR-l06Vx2`Pf9u2f(oJ7r!ZB7`$V zSTJWz=l{p|7<{k#cWKXhZO6Qs*pV5NP?9zmVybJ&@UW*ejr(M+B{auGb?xg<@%ZI` zkGZguuj9nro2)^94q)}GEFCd1%wEQB$$FsJ>UI4%E8H#`J^AYANvGmj$Cgb%+b7Ju z*?RkvF|Q3-5IJ*vr7vrc+u^i$)=)RM{=jL9#SNt){})wYBxM74Og1Kh{ZH^3QXX&M9yz{D6lFFgrN8n`Ulu!6h-c0g`0 zN=yAL5K$B-2l5JL?!C6X~?X!*(pq{YF z+y~=o-Z88LPuV^zf4BL7I)D$e0T9cLL9(+qNDp^wO?l~CK$sH?K?`3PLDl|nXc5gR zcbaV?WKBH+y&fk2==H67euju6cRscNkxe*^t-A@N$r@o;bD0Tsww79jy_wF6Gb@Ae z@~4r`6$nH2#Yddrr=BmrR4vx-w$0zj@;Ei2RYUhCI-jm_@y2*OBm2Gzvs92ULGWc& zG6DG0QYeKcR=x*}q>FS2NK+d;0ytAb`p~|LerJJ%lQ?^rqzs6*Ynk$>)|r-{u1`>U zx{Z6p-+bb$*{2$h72%y*^K5mOZiR%t>^-p^Wk*}gjk75N)b=@uoy>1LvTpwjV?IC18-? zJc8J0-m6HY9dc_(DcO;bX0cSQS+h2Y=EjsrtfezDBv@7uQExce8RB%rrHu^gE=CY+ z2f2ZU2~}0MTc>mwf?@kiZNVpyyJ9@eI)GfTjt565@@n}-0*)lGtriow`Fpy;<6=gB zR>ZLknT)p@Hs+X6Sz3@5>x3!zi0D2gCK1f0?T+@~6}hRLFORf8@4>OnPF^;9)@`8TRT`wOZ;55mY|RD&Q!1l6Dh zRD)bl4Ib@P4XOt!KsDIis~T*Jw&)nuVEQxFUri^cw z_Nn&Zu}yrS9=##@PW;M`xO#(B(+su7js!@i-%Hj;b8Zw%*s1`jU|HO=yyhe|RxGG< z@y3b`JZWO3AJN#g$OW`HOdj%cd0y_S(?L055c4Owvw0*8Wc#*n;OX9W8h9#=(;HMG#cgHxGdfD5_^j+FM;nhb`}^MI+% z?Y1|zYFk3`8`}w0a6dx5nl>M{v%BpO)*Npk%RVyIYH`C!NNWycAiZ^Aow23{+kCm{ z+&65Hp*&A(Zb>%8VY*jnDbAHSVVZn>$KrAm)c_kp!d#5chm$iBA6uP!5AP&V8e;K0 zo>F=+#HO|Tp~8pyF4_V62FPDtaY@6@8MyDW%q4$zavnO&mzjrpm#f4Q;`&Aj2&xb~stEYJZa2tTFlg~B zmJ!O3E>Lu77pc}`KpZTmffOfJPE-eVyPpujfCDXV zY0o@E$s}xA=|jkSGTIP6o;6@A@qIpBts&}Fp%?qDG>$Xp8?SBG)X^$u(mee9)Lm?e z%hL1ecn?RRzXxYXQ58VLJ1RWLln>!>tJ+|79|2b!E%c zO}h^F#W2r}Sl?d$V`Sk&7zIkU9|;?f=E>T7GwS z27YmNk8>q@CvA^7vPvk@g9^$G_S#G;b0LZUNML6yRU2BL<}q^? z-h<$cd3|xr-$qc69b*Yhn|pO{sJBo?9OkiLqxhSH!gGJK!gc=ZXR%(!EVAXhyk zr33Bkj9=53w@giR;xNNL^Wm2bP)sX%gQ4@{BO&=9@^Nlc1`a?AAt|^bMwFMk-KmOA z=3=DsWMBSr7~py7Lm;dH24?jq<`#Ji?LZWnnj4KIR^g1(<;#e&a>qmyQP$-yjlSyj zGFMN}9CmJ~iPe8&{N8sW{OUj4`Zwi?#b`0wxzJN`Vc79ATYv1~b-9Xz&v{|Gh9YX3nUy{9lH959{CYn7`+ZoClL?N{7=)5S*M4 zwNGuwtk5MU&n zR1C>*9j^HufR_)c$y+HvKN2>UTtilatV4sRja}Tvvz^pxAU0VQe6LNYTrPL+1NM3Y ziHzcNQbGC#aW{Z(9TNe97Y+?h>wuc@{siC!eVNG;{wGI#4KcVmKRXc0rCQNwsMBKr zu$_*C&W1?px2E!#BZ4^oF!>l9-g@#u`B#l-^i${T#>Dp=Sn$Uavih+maMlkSASlG- zRQIC*`DVY6x@+~AJaK(xz>~<1c0vw5H=(O6Kk%I|3)jQ{d!5e0hb05XY&oR*^v#h$ z+o~Hf)}L{n)qgPi=#+-Uh8!=h>f`zLHTDy!UegV^7NLfe2H5$)-wBo9#hrbM-(k{# zoE6YQQH2o3Cfj1rx*wC6PwEFa;lU-r(UhI$%MkX0KU&fw`*Gujstk}l5c`_dm@+AC z`0-(v(Q{gBFk~x#y|}4e{6CqV?5>95bg`C2n185)ExZg)yQwh=o zmc`wH^qdMWI~$V9X+eDCHVe%u08TFnO4V&~++g;)uyIn+8tZ`H5O{)(ponEG0(}Ht ze4H?^Ct};wjMi^>R_`Ro$~bYAz^F(~DBvTf`~5sJ0BJf%ku+=Lv0?mm{YEZYmn)M^ zKD_6u{!j0Xi+L@;h16e_u>Sf8rz=;D+1o}}C{usP%}mfxK&a1?WVmn>NVMIO_XhnmZjZ|GLwCb(+DaG zUzmCpMJPkN%}uZMJN8I;gf%J>`FTz0mKh^1?(&?~!K!Rpeoud(tJ);o(OzG(b_gB+ zF(-b&jNI;#<9|31bsdZNUUql*Y9b|YsRc84{cUI>ks$uD^U{-|E_c5>{gmD}R>Zi3 zMgsCu@*O5vTVZzb-=8f%plqdZAtYV3*#z%NhN??Z5J9d$hLGxOR%y*k5V*NLza?3&_w<9@8_`*j^( zT96oS-X2enGGK^aEllA4R`cba!q)P7{!GK!So7(x<;Uhws0 z4R+i4r%)DuVfo_Cf$#09_GB%;(XaiZj`1_p#jxzQ%t<VmHr)&nnq}+ z%4?v_CPP6d_A`H{iKsAdcP+{UIS#sl4=pkEx-ekw6ci%$wfD;z(nP3>x1E1K@yV5J zcgCv{o(KVlL_BkO6l!2F=#v@mp_G>1{=PtD7Hp0m9;!I7M$%(__2~Q8);eaewrL*x zKz7&3@;j3fK3;ydY$bLjg)~oi$FTd)kITA}XI}P=;CG&?Q4Gx+%N=~?iEy2C@1)Ul zLfPDx-H%K=zc;SA;auiRER2+)^-tm_E-ku-l~5-o8+b1C*W=|Zv{imOr+l6yq={NHJ;f@>(VPixX$|KG-yU2m9j4 zJH;W_{8E$DAI;tI@#z4W*>Mj_HV-^?aOWQ^mo$xS;EqoM_KZSp}Mdm1C?Wp2a`}*nzz3=DorxP_g^Ky?U z>eWN^3@=s!x@1Pt*zl>R;|Pg^9dfVk$Q|}Jg1cja>-MD8tKw{-n_vFu!v3q;3qwBq zrBwe_o){7utB-G`YSvEas(!NP(OPN8SKXX0&3mSo;y9~LQVx1BE_27T9f2^Ly#cNU zzYPvF9L%pHK#H^&rO29lXu(II<Mr|< zzxy_%C$Z(FSDnji-*{s>@@ek0t)ZP-lVIMsCcB=y=FD6&v-|I7ugBE;%v5vO{iC)o zT3GtYnuC`Q1P_QbIkTwBpPL`yrZ*&SHRf3$^?WtN}``Lra?m-E-zrT#*6a$GLCc8b>UNNk>>pP8Swa!XW52> zeGlY}Ef7?FA+_qw5SoJ;8QaKt;4Vd+$pJpE)|vMK5y6=Pz962A_#}*@Apo-}K;j<& zu;^pb{6i42S-KSQ!e#M6w5;pC2<< zXcWTeO3#c&LJSEtb#Bq&=SC2fNw3g_0RCVrZyknAF|64-bO9V^1*)!m?CVA6FbQ63 zYKssw<6V%5Buoo8!DLhQ5lG9?^AA1&m(L@32gR`0WOVBYUTeuM@69xJIz|x4=F$b* zX&DZP>JRV)fQ_owJw65n+6(BDGGZ^zIqPnrWw5K7PXPJr)3&(e0t|#c&Y-Me+PGhH zj45xzyW=939-4U!X>1@@$xK9iDidM+cv+Hdv4(`F4~%8N)VDeiw9q1C)K1vn8|EZw zTZEFvR9{S^rM)wZ6fPcd9%fRo%i^lP-dZ?Y7oO$zYkIKv|0+ep zG=w5l0(|i=M`pVxX`MuAORV>Kt&kf6p1v!FB=cU!*9-{R@XonmCK!(Z{a4MixZ-ZW zASq4559WQ^{6d2qSiM(;-9n|r7fJch4>Ac2{M@NB6RNCY@>^9wSG4zMsgpTZKWXechcMt z?o(DzVeo6^z8ZT*(?h(WShZi9@)r=;F=N{MQv{%zc6q~7}=<3ls0{`P_O=!mqq z9EfKIfRA~qcxrzDMc=XTnSY?@%cg&;=vxm&8f0d`)<6yazU zaEvIIcLQ8c;RU+)B&4%rK?M&({otTlYyLq^sbB^DuA2|WOnAOtM!lIgSZo_h5XO%e zT+!qG4VAGT=gEb}4 zq|+EF7jta=2wz}@i9T}~N;!bq7NXuTHwo#rDoDzPO{39eTRam6Q(#UYNMz+BU;+ie z5#34}Qf*^VN&}x3YxQE78vugTHpvNp(mS&SGKUu1*1|<;I5%&AXZ?P- zPQ59R_*QL}CY?}+>1OMB5IQ`bOm}uj15H~Q9pMJZ|Mt?tC>{)$#xk54TtX`(-C+!m zh(V_rZt2BI@*;Se;t87>P|sGn0l$LX$GSv4IRRkHN_8{QY1bG-Vk`D6D_$Woq?x^>x{f!=9eQ7zmTG8S_{!hB_>+lGyS&<1w;#bU>DZK zK(sK9?7*~+A{{)>XLDiuzk`{+@PcOsVBnXs!(ag^Z5zp#7U*BO0M83tCD_qGm4d|B zWOWBtug(?N#>EWN;D{dOf_MWa0U?r*QGk}=x=o}SuKyV4V?6JiG4Gg!YN9h<3>99r z@`Xs@uVRmS-zOhapk#cbI68?T<0I+9^2b#C>#h2wOjrm3;=O33P%Y49WJ6?jcpLKw zf}s$F@i(mAlwHM~f;7VbVD+lRdS1so)t1E&%_Q$x1Pf5$`;p)MTpW2EW9E)`ms=h~ z(2miy!kgv_h(uU#9OZ~E9LjIaczAe)&w0Tt_^W&J@Y;>yo^mmFMguI4Jkj!h zS;=SKzg4?y(FY;iBnH)cy;|at%|}P5Lg@qA%w*h@Yli`h9ax5KkD&}GgCfXy3x5yP(^Ezfm5tBCa`%qYfy8W#Is+&6leV#K(eXkA<;CdZAO>L! z2DJ_E_apm}@liC&+W=)W?h5rl=pi4=9R7qjpzog?zB&2p_aVz(qUnj&iC%%dRF9^- ziGYO58mmyKk_(Yla5)0~)NE83;$CrYOtjF-R-=)OC`(9wh2Dw5e1pqRA1BZ2cqiM3 zB0#hRa?07|_>;_ow=3QZ?ad92hLV<@Z$4BdT7UH*o-kAZp~3Di0(*vN^uZ!~x8Luw zn64_mBCw^fuJj)AaYnov~ zJkl0ARSO%FVhjO)#vT`hBzM*mNP=y+f!70etGl{6+V6@vhupK>o}~o~9+vR?i}0!M zt)lk>{;c6y4^&;gLfnnUHMjc|d~N?X1>f3^FK@jF>q!hLeG0zdJ_VneQSd!t6nyl* zsNlN|3O)ev)nN>+*X}T~zHS_JZjE3+>)eL%9XzM>QyWcp%o2F)J$ST+KF66`+x*?F zVw#pN`7B@=;@V;h=8cFyUYk_sayX*S%Yc6Q2n;=2LBzMUcsHac-Z@f$ToPY4;wuXf z(^eNi`Y24t0BZM-KU%j%QH(WE^IxKkpIk9Il28k{AX}M;XBdtSZy~heoT2hNA|i$foYHEiN5fGxG#OUD+76jtM&&3RRR}sFnVxH zw4+?yBXQzPWmmGHE<-B`i|f%$+OD&eSTCF*G@X8xsw8VB&Mg}b>O zxDn?2VEYqV%?$aiTLAz*Y@g72n9NCs^purH4aYHRM zr~wQ<&`L&3{5-PTr+yZkBbcuaT(fZbK-AMoH5-X-F!`vd7ntbUc9Y`GMV)Z^mAPy5 zd`F;(MA9Ffi@;`5XjqipTw(+|FOO)MeuBTcwNQE_T+-n3ztd>B%}$1CP>KEAzIZ*) zHeRJc>61Hfjbo|MxQRGS>lWlgAOaZKoX+mnAG6%D1q7l)WR|P7G-t9~Wn(O0ALP7s zagG3-xYm0JiA2&yj#GtMlRSs`?pS@p7aGSyS;XYDHIGjJvdHNF-I_}kpLMRi!*aCFWCv#s zY`f(mE>r`f{s_d&t5*p@2$<9{@6284Y^n}i`6*T*9)?0HVyy&@-&Y7D@#*F(EnGZ} zf*wUHq52rIgq_C zv)E=y+G0F_b(+^3_{(wLmPhLbDkP{MY``y?ELC!#Ek)oA5sd=#KhW(slmBlCefD%*G%+@qJ?;wuYNNW-~pMSC{@!Ry;i5?4LCih0WeVYa1)w-mc`%c1V z%Wt~Adje^`%&+#HWDFZf^sTsh__)a!?OO2_venLwy&qE92IlX{E1^yf$-GZK>iz0h zHeKm++%1DJVDi=jIKnZXP3ildRrdRKCgqpDg@axj_8Pyc_88q>-+u`FV<*$gzzTb{ zdjIH`cZE3gAHPMIZ){+`+RFUUzVGh+X#kT^*dKiYwpa6|F;`IDxslc*J>tu?7RsCp z>sJV|YlGLf!9@Dd26IKdX-TP9^e_1CQ(5jVsVE)c9^#`lct9CPVw2wD+aW|ti^p;en&A<)l6hI$F1j6TidoRGVMOt-odWH!H3+${hzH0^_zl|42Uz6-K7DtjEF zlvB3k5Clqydog`9(ioP86R_AvtD%*cl7|TNJc#(+iYn%&W{7K{oYITl9WWhaRmNz$ z0}?3@2E5~)$~xk2IcR#)S=eAA+Uo^I>%B(4T(JNNXjvWr++AMjxLg9+O=3+>BOMNt z6m@7lV~|F{=U?PYT!_ z#U2`3_`87L1f1XP4*l>YOtD#fBfl@9_p0Ti3wn z#4vw`Q@3lRLD>O-9-fYHG+-Cn!tNXqh}&Z0l)Ly~Z}<@M?(j`b!? zjrgg=Ic!If%WK^<50sV}ct&^E8~wT~{aeBq@~*g3paQv$1T>oX2j<<9+Q*`Jp^Wt< zkp>YjP^Y6>7L)Sng_2xLip6`{sVA!+U4$D1Sh@c!g=ZV_ztB1NpCRKeLKn|yu#K_& zPr-@4F(0h(AfbXoWAiR{2Qlfs0wJef4qC^cj5i3GJrPRFT7qges1qQy65>d*oxdaR z)M4hm%3ks=gjULoF$x?_ef%K~1!60DU>B(YHB-g9Xaco(PKD%*l-_LLFlggcp4&`0 zPtpO#a;#cLI))hr5Z&&b<#IZsf_j{}0261m)&vi*dmohT>v#t-+NZCKl;_o-Li)Hn zqQgnPafpiOrS6V_`pTGF>M6TpTdR$u+@8dQ%kMRfi9?Kd_^3Qb;hF@Ga5WGaepzU1 zDX^*CN1t?tP?$1`-sdgS^AWtPsDft(8K65Rd07ALvJYl2;3#`TeS^+g8}1Ig(%m*% zaMGE`&!51)M1HfH`19tw3u4y#)Vw5JzEyVZ#E4lNN2ZjE6jNRr;Ct!quK3+Gr{4TB zevq{lA>$X{5-O*s3Y8(QtzpVH`YAR%>6B5bFr^kY3Dacq)BgR_%jOFd0k5=|@9O z(Fin$A6}7I))`GO@x1X)Ln64b54wQEsu}a)MiCPg0rD`;4R;I^Ru@s!?dQl{a!sKH z&4=cr5#-YwwXlt2CMU{_XsxkhMN15A8wdF=B!no0d*K@Bm^`$O9vKeX@>S}rlQ0m> z&pDucLogP-O;D zE^wow1VjJ@rwnDt9v-`xoU^;^-I@s(kB%HhsH$=-`^UEUj%>M>sPc5)dM_h>$1C}1 ztdH0qvlXvIOdfpf{(&j}hF1E|KQ3<;Z)f?vp0;VLDf{MF*I>sW$&bSI`OY}Rlf`oz zv@o8P#eJzI)}z{)Vip(ixoYmh!Hbug*A#_(AfN;guv?Xp_!Puz^OzUiHbbzmobb=j z|277?F6B^cQH7WswE2*ddTa|vZ#s^IaZ*X!C@rUIIhzT>c9-o_3c*AnA*YS&Kv7h-N!JdNsgjPv6ZE)|0W1UeOMp)OlQO9ZZ|h3FjwPlC3g5`$-1 zC`44P{|$>*&4?MKNF<9^CZ!)7HX!9mEujkNWAR$TWKaguMss4D!G%WZp1f$bhYjJs z5xon@F>z!7^rlLX^o2Ye_oDR49q+Uyr>_fxv*@UHNec8Ep|cW6l<&p4DbAK?_(Ruj ztlPL=9*AcLaX`P3-6KBd^23aVC4A`6Y{k(&6i*|-lo9NWP&fzjnE|0@Te1oZk=_YU zZS!N&HnUjLB2tR7D8N};Lg#lRsjb+5LGgGi{Tcwc+buc|a6q=ZoDomBqH^^_L)-u4P@*Y-iH}G%zLY3*MNlp@6mi5!#NEtLg6N=a%KRSx#Ylg;`rRGT)|GO$;$hYmUY0Sc0m+$`5NHL7 z4JhQgjE3GMAdLyDf9txdl33a&1Sy`n?j8<(iE-VPKwC}kWr6(f4#st-?sMJwwpac( zOjjj?3PHJs_eTicTBvpdYj+?)wJr?8baSonYv`*8d%-;K7~6w#RsEo0i4C zyr%#Bc^@vV7EO?{50FdI1FiwDaTb_4N#_sE!HU(Kmsw4jmVVp3YhD|7;~}SOj-}fN zT(5IknYRZ$dAH$Ky~`R_wdZh{Yv)Iw$nL4={g1c)ZAd_i1>#~l#+JoF=;nN+4m2rV z9-Sd25Y(ki4YAZPz?_2VcFlZb-VKi?P_~zPW`G1#3#A&B050M+rD2=~-Z5FntcRib zQ(<7=G3xRH)A`csUS4h$w9}?ve=!J`vXJDb!TnT07u%PjC8wrtDfle$qP*OGBd{{Z zajz%eh;-cW+ZFHpFiPC$H2XJBcxiNcwP;-zqF5S#arBq_29JC#_lM47&9hXZJ8o`C zSC5x>j*YVoWsPUs)ZlyT&l-M#mBxB&-M7;O4$rr_Sx0;$N8{$fRlNNx7tSuT`DT0U zIj>taqPx)+;4EI@<@o%X>*=*7`WbR}NC;2BU5z1Bw;RLUogI8PQ_334 z*`Ky=;06CETNoJYsFIyF$KtD7@#~0-pYJPY|DxKF%&DtA-f}sbwE3>~^j6Y|7IV-%#(8(f@Z5P9{Hya$34qyeVsfwdIqwQ;4#h5^ zmv5V?PG~&+WI_PX-R3eS8J`up8o8ZK)4YK@SKcY7o!$JWL>(_P9Aa(s<>O|q z6d`HhH+pe)+Zes3d2Z1Pnv<*wLxIcLO|*nD8A}$Oq1-m6K_Bz;!CF!U{UD^dyy~bf zEa7||%z#4yKowfSb9t3F{Ce9AKOg~3#doY?9K${sGDk+|1UbeUAsLuuZHcuVX3O)K zG~DVJn7XPYDE?mHm~v>u%RYcu`NV|=VhEliUm0_SxZmw2EnnjjWsd38I4PB$w_aSvzZt-At+m{xO zF;^h*6}o`tWMeYQ!@QkF155gty5nxj#PuC3bOV%7{D}r?G75Gi^VLBS;C$0=zX?QL z9x#%yMWHZ(&PSp5+LdJ+aUIa)+wirx1ZH`oD8MU6;n$Cjcy$cNHl|e{-nm48n}0YZ zQ9;=?5C^*!2Ga*jXzD4qMDLj199%kj^Dr0ynq$g|*k8zYwS{#CI~_#}Srlg5>$>p! z9Ne#7@&G3Xa=9JyBo(wkJ#Zn5UUcGvz9ifM_*1Gb9R*9UDG(xG*-z@-RCNnt2&OK;$7f>XkD$k_Uz~c*$C+yXCsbJfn-k zIh6%CK&8PAOx|Dy`0~I!&<1v5%GoI(9kaXLHPw|934Q;rJOvHl@L5W0%IyonRb;$C z)z!%Ir%7Mm>U113x;$m9tHlxn-(*YPCbSSpbs;GyjXzn|(^14@W5>u%pZI0YGlF(Y zT={hXNC!Y`m2O)^nl8|=BnC;~nrId165As400Vgn)ujocJ|1t7Q21uR98EefaI3$H zh5eC6&OmizJLsS~i~&0SX(tuXbbTHx+wclL@pa49;Rgip<5LVgWobs5BQQGxpgO$| z95x{WmBtF=yE12KLCJR=*Lyw-!8M4ug-&D3+fqML-Ic@Myqs1C7Eo+QfQcjo&ncqR zf0{hfjZ$EJTwPGOs#x|=KFLsYoiC#Sh`pk%=X?@mllo^|egt?t4jh7nBH}xG*2g#k z7hzEI;7ZuCwp5@dnG9S728;3I?f||n>{w8&C-|fVX|WcXn^IyS<$33YQ0~ZJpt^jc zC97wAC_rCwxZFdlS4~?0E5R_a?%fJ@Mmr|;&5&8_R(A%fGx*q5LU1eM5;zj0#7;tj zZJX@=B2~An9JVUB@L2#ZOk`bvk)}OMJxAKNlZ&&=1y#QGaRDV;avX-9~d`zi$@pyDL_fQ1CqLyxIyym zG_ld{^G8r!Hy<3W5;!9e#C<~?P<1K+RC2{?hn9E0CF}}*9|OTgQaZHckY=XFD{(Y< z^hnsCa_!B&bpx(W@GSe54gckB!~3#td7W}d^7RA%WmHu%$(7|mzP7BZ1fDqsXm|f- zTwRU_vBQx1vtgf7Uq!< z8Q{oT6z(!;!Ju9lS_J@RZQ#L<#DTB-P3|op$hvMfq@m*-J+H!xmcDHl{ZHiHo>n9g zn$Ak7`pP1?OzbTM$C&T8YKXK*xUF$9N#sSJCd6=ffwg>+Y^Sxm81^M74Gt7o?fbYo zbBzb`ae z9(Yt2nreEnIzv%`F121VFz>$v-cs2Y-`^WWVo#v2`L8c9umu|BLNhXF>q79D5L4k( zs?Jz1H#d|e2o@`+?`eM@Z29|DpVC0>#^k~?4kzxLT9sNaJjdG+>qS}JR~5ih{VnEF zfRJ{pTiT4+D20rC+%4SJ5<}X?7$ooz8p%Z4qOO+6JP5n>P(ynr7eG4znRs9T`?9+X zaJOhN5SAu*QNO?;?zjX&(xPmU&^wU47M|JUqZc7z zRXYZ5uu`Tan}8t0<@9npc?mIp<5Ds$Ynn;Byh%tP;b*`wFwmWx=a|imRQR{VTK($o zRj}nFWOj>UO~!uv{2f{&jV0Lj@GR%S!YeVnwQ?yX=qO1itY6DuWD`Sq*=}$m$dEwL zZG2oWQwON#)1X_A5`x(6fD+2rjn_@~h|$+9*OmAxMB^=RU-rnOZ#H{-ahf!zV|r0no^xwg#7pzz7R6 zpO3*%I_h@%8wYC*$7k*de^74&7>5((`_>2UEI~rtpl-1Oj=4rvciX zO&Lxk!HG!h@XsFd^<(0|0eBsE_a@vjQMca_P3JX^292_4JK81CfR_B1f9R*CsbrG)pKsS{`%bJ9i3 z%c%^5h})^_ufn*NMq|H)j@WfZ0^Pkjl7b)Lox`5SXP)I*+A`RvSp{gIfu9y$!G}Xy z15*ooyDi4$B$Im6ZIwZnOhJ#9M;ySwV7#Cs`HI+KbZux!jiQm=E!_4VnNWb0KTWpP zc$K{p6=)%BQCcJZVedO)D+H$)))*p`7wg`=EvKCDY}UcpgN#o0N^#fpyVXn6?F7*s zgbj1fhUt$y1m$~z4S)=JA`OEDB5`A)H`yLTPAjNa?U-^e#mC2ouZO>!8At$(6Rsc} z;h;NPC=z!L6k?a;J<~Go;cnrn%AwEYf61IfZt4w7>@YQ6mb?-@|KBNvNCS)(T6nnX z&2VJdFw2P~<$`VhDA86?>9;QKS)wifJ>95nZP8IM8P#MPQ$qP?cGNn%wr9Eb(sUJU z*VdA)1%>#J8JJilb7)(YA{omRS1;m_1niYla8NfHNkqBU^)OlM?ij0*pcW^b!*Lkp z6Q@NozT$GqU>jC`9tKWe_@nAd%?;2Qw;=y2P`9GFO;~716(IurnAGTzpw@jba^=-v7`oOQQumI)xyQv1PCTzq~0yb+!9TXhHa6FpHq z5>4xVg1YW7mN9gm?Em#)%*?~Z3^6AG+Z|)P`}G4oufcYbMqEH>KL`QK9hl~U)6-C{ z(F6%wYG8@45SChpXchSw6nDt(wj@oDtn7J;?U&~z(9|7m+xyJ;x1PAK4y{>P-Wv%r zOMJa-G<^u(SwurGIjIxE?nU)GY%cIuY;Ml5!-4-Ru(>zDbQiRJ3Xi4P@$IHJ*B^~7 z{&DPGVbPTShI6Y{H=BavYxk?t23(Zx+Nb!bbjZT{?>vp04e*-WU3WLo-g50Nzb?)Aqmrsc!x0I_7uj z6R^e5I)hwW-hVfqwlCc_btl6Wqp|<`|G-UW!ry*g!H4oJ^IK@B_WomCxCH32r}h10 z$Udjgwa^v-v7+6(0ye@jJOu`fP*}%xL1{>{WvVt8qBt}z zydW){nZkEvBy4#K>U z6XT%A;-ZX4S+se3?o+5P?Un-EG6)u@8`z`kIOE)YbRl+br8)PUZ+S5)Z@e|!EqB7s z<&)YEp8BE6XMOEynx?H6zOjrJInfRewud6L%{!;XrcFE8Vq|svB%6CGwBbhw)VMQQ zz5~WgRG-OM({g-H-k<9_q{Gt=SyinCie-eZn+RI^Rz`M6-sX6=-&IeRSN`~4cFg2F zG@pn*#0hA~E8XjDct3_LF@?k}f^HH;eG;bxxw8@GX|M1SVrjlon0|;M=`yGvV;K?3 z2z3BM(s|6+I(!#S*QkP5EN`H7N%Kt3h<(8(!k8y{(jCD>IP&#gd9o55Z*7XH>xJlI z6qQdQx{7}7B7o@hG49%i4UNWKZ7XomD!n6sgw(H-XY_nb z1RFcl5z8x=+X~G4WO2GYB0g5@;quf*+eYf+f}4aUkZ7yIWY{x~4x&@u(Nfwj{$Mb1 zt;KrNYS|}%%u@|c=m66=`5^{pZfs-Y00P6{k$T~IT5UQ-rbRJnwYi2k&^jn`7N#Q| z3(9*zx)!clU@n*CN*}Ha%JHF889&;F>sLG@>8gR7)5qbcHLQ_$1~WRA=0kuj*`D4p z+q9I=Ekuoku46GG(>}J1RFy+oE$jcVcjj?T-0S`ikgzI27Ew{KZitHUv?^9)(^|Du zuyw(Tkf5intxHgmC|L<2R_an|rAJg^tD;pQR4YnMhJe&skD7`~Dkc+DG)T+@1SXJW ze$NDOJH6+g?cP7`>-Va*h+;LF`Of$IJn!fIfz#z+RsVdxBd*pkm;~v9i4ar{S905J zWeR2#b5mgObWy3-3AqRp!1x1l8!YE>a4re$NvoCc@rL_Jw4lRm;OK73VYtrN?!24~ zIekpZC}14+-}&%Uz{f9`lK3thjrH-JKc%ebzL1jK5nY{)($=?|4?i9nwr5`VF!E=KhTLK2V z2D?`{O#Sp4?3OtUcI{xW^YqA(o(tfm21U*m-JR zG1xVO!OqfSuv3u+I~5r0Bw(;>j?PIW4R(1w7@bmX80H2BJLwR>$YudZXL0Hz4R$Pt z!7f*hs=#2^O&aV}tH5A)s0c{9L+4MvYOpgTsa`VJDWzbrD|unCTaD7D3t7?PoIZoy z-Clzow?B!}^{17;X0XcygPr~rgI(6^20IHF?ApO#ml;ebP{tU22r9Yw^-Bi3vm{BU z>ND7NlLouk7Y4ih)Z&M)8tf#b!A`U`QtwvcFxZum20ImLu&a7*uu}jfROK+($$AWS zlS|tj20PIrFxbiH8pgvTonWvlBsscjh?srdVCRNO9$~9{4R#0qzrhaAgifl$_&*M` zh0x$k@xKn=kp{c^K7*Z_G}tY080?^k=vg6s*>?8r5V6cO&PmjT_ zo1fKZu+xLVF4J3y{dn2I(n*8!0H*t)&tNC*G1%ohISh7V-K_ilNQ0dy6%2N=UW1+V zWrLmGVX$i^4R%NW8-pG7+mY&ER_20hY13AII(&y=iYtAyOM~8f^YULm{AFld@PjS)EqL5!5c)w$xV|N4NMk{ZyEuJo%!so$#!7sA2p3Eu zUeJ;Aw(wbSH?6`OqS4khNj8^6*$0eC^Z3fy^)i;=vUz67H#au(>1QbNFCV=5;XHO5 z4!dK2wx((Bm?!BxAG`yEgAkyoG>^m+F1~G4h#-gQMObVzR}v&6s*@}bt?A_d_S-NP z$^Ir9DhQu@+O3Eu7sFzoeV-@JN4bxq*C|nNc4b}})VDJxkZc_6%c6max2a@&l%{}8 z3e#dP26MNFHo*@D76-D`vbDzuh{n5nG}SXg?M0$-JPA}^?4A)^ZPT+9um#&hc0l$* zQEXhxG?S*=4*A%aYL3?<$h&29hJ6?+&bMEJnb8ZIIeg5BupMEs&4dGu+j=eIjRzAi zUzJh+RQ2uKU&qdx`jddUo=ATwGo)GZYcLIjbZijPrA6)N z~kTV!L>$33hCy(CZxLzLOLZWq)Q`( zbh8{ny4bLVdQwOi2|_w)&_g{#oGf^agmXcKAfzj2f{?BRgmmrRIi!%TtXD{vMGEOu zq>wJ-RUzHE@M7vRCU3x6hmh`Ub5c3cE2I+(Won0z&id(;El>5AzF+tw%C}J?RdcOx zDAvw+E}T2{BcYRkM~s^c5;_=m>6OrxgM?1)Z6l9ta8UAi1$-0r zO6VjYp^NR6(6#qU=$ij0C3Ik~fO=Lj>~wW!8Y-Qh@}YE_n%(_eLf73Rp_7slx^*C- zQ^kOUPL%1wfBIZPC&~Z`T{E+fe1kUdslO+oTPj0g-(ajIC3Nv1p;LLq{*8q0E=cI6 zlM=cG4hfyi!_p(6V}(>%9bNIuIyyJd(dl34=oY{@ z2gZSz(3X{~k5B&7>`TgZ6|p84Cm%|emKl)0`h z?ZZ7{E;1oo#n?^nf>8(j-!Rp6H-*ybaRn0+j(#`o#N?=X9Imyt@H#q)Tujs6VhPN{ zo7s1Ah-ytvXT6#(PAEwP#Z(?7p^YFAIh4S!2to@ukbOx;+wFqhNdU+~d@%%^)%d~j z;uP1O7}(B`6&c=Qko`?l4C-{Qa-G5v#@OF!7budtY6caDZcF!ws|wAQddwZJ>o@4k zqP9HE=p{7-+htFIe(oBA$fD|~9#fZ`Jn`8w=1tL{lAVu3ZlIJuSJwH7yu!{3{j%$x zvO;wH??GCk=n?FMKw1S4GG-bR`3^Kx;_V zUj#}3wor>vFGgx8GAtoPVh64+@gz)^<=p4UjOX7#zCHjsZP>mX=y~ghxYg*2Vxx;8 zzejn91nVG6E!j`LF@=IXg2?3t60B24Lmu!kBe<`d=!2p0Ej+&DPs8FY_uq19sF6SI z-jsMKdf31K@oAqUjmNGis7J;b$G>%S%0(vnJ@;&oI=DQUZ*lp4-jpBftxXB5w|GSn z*Z8iyT2FyJ-N{8p;okm8G{uwKe|4$A>BDn3zVZ|?S4BnInQgqe%cjMyi4Hk`X6jnR zsqRZ#j(&EVu2=}X)3@a|ocKHG{}PEP#6zRo`E%iX@&Z(V(_ znz^1Bb?YX!c=`|{vih$4GI8(A=+5Gf)KsEPD-uqGIUwj|o-&8l2{-2GPO|LK56$Nn z(*n^f=BcuxyQYr>+0YoVbwoie3A6;dQlir91z{%%1ZW#h!+stU;&FIs>8&d7S&^x3~3UqNv)4e=(wgf=6c(&*2_OIO=3c&B@9``DR@UncE$2GV|)BO&c~hF9!&2B<3jjr}g8 z$9~uTlKoCP>q@KBM(UskdFf8s?7i!J0z-FPRxh9V0g*Vqj-7mQ8fD|3V}Cg)A=pF% zJ$6&@U{|@H@Z@IE=*3TXGberiy~SSMk0}~>q-#F%j+KcBEv@76K>_{zIlvm2lC-$o z!W+Ob%oxBfhoH^e%19H=Rh>%uf#}eWYV;P(HyU&5srC5PJn{5_dtfM-Zx}~cctk`{O&wHm)?*N%Z6B z)I8SlW5?-2%tY%o>q?*g)}EOih2X)njZhmg9fBdUoNLm_mtF3OrZE@GDrT!o5Pk^nIo+f6uJ6|v6+&@18gJnoX2VbEhYPO0a3E?!kUE(;buW(7@ ztjBW!kcZkb#HBY*Tgm%Q>8mu;*Xw`!G0+)>-4-?8}XaHS+gQ;c8qwJ@ley;_-RCB{KNOzsr zb9Y_7Yc9C!R8g+a-F0=OyN;%z9bO9Vx*S^!xa-mPsLx%;8WnsJ+;z?RDNkRx>lS!uy5ad60?$pRF`Fd(U%2a7Xq>PYv>TF4*2}d} z?N;=<>!9o?s3+$GKCJEG>|9{-%HghK&FFR4>4%b_odIS5E~Sd*lJ2^L&z`&Mruz1W zWnwoAc!bHXyX)Xhy#8LVyY3X}u6t@Z3hufUFT3m1f8?&4@IFIR=5W_#JKS{*ueuO3~ao4%_y6Zr*1*@SvhZPn5lDqEg zEABcyw3xXLcU^mk9C_}p>+W&a#RaFAlkU2iFnG%9an~()*U(l=*v~izfc4^?QtDM{Cu6qitCCM<6 z3>x%$hr4dVa!8u}*WGnsGa}t}Ic(BhXCU2mWwc>360>{muDknDkGl@0W^(%6b)61( zU0sj6P6h5d!`qC`f5%-XB^-=hr;C)$a=7a{wb{~v&)szs{>EK*v!)3)6|{lg_Nv+7 zuFJzKdfj!vUC6o%=cpcFC{0>qMlx&V^(Bnt-K2*6XelBfaiAN@?zEn4QC2 z=k=PqF1OcRM^S;huA6k%eMq|NDjn`RHM;@ab=fM?UAIDkssGSj*Zz{bu8gGY9PT>G zMR`oo(H?i5L@RpPU02@(&`giJF30pi#&dUF+~%>EzSmt>Vn#p+=}4J1^t$T+Gw)5A zo!iUUSq2s=M#hrvx=?aU=Wy4(1@5}?h!uat*nx+`B7+=JBL+-dA~qjbF-Wj=xa$n? zWCe`{PssU&Sfu4l5Z~^}=1( zNxJJOaOS8GbiU%QlacN^IN#>#&PXhfBW*t2`9I>WTh!mR&t0dE5;@#;Gl3fY`XDZa zXK)f9CEaz|FWhx&+rxAE+;#0Ru++=g>0NEmFeTk}E5KbRA>DQD&)s!OT=kN>PW{4N z*USWWUF}Qmy7nG-T>}@~brSy5=D&5<<<9)ix$C%n?z-HU+;v%QB@oh-vj`<(o8&x;Tfs zPKm;5y6%O$F4p0$gG(rx+Zpn*yN)d&pQdOU>8_K2yRNvGvE#mQ*Ts?UI{n|e>sV3n zhB(}HHQH>|b9Wv0HFurlHFsU_LQxORZ{*Udm)v#Pq`NK`va+_5QxqQX%!mbdU53M5 zrym3EI(3h`P8ztquE$;1PP*$F?EZQhqKfQu*Qo`)?z*uKcb(*gyN*^)y6X~OcGt~Z z{*t@y)GO{f_Wd4rT}fN_>+U)Uxa%@VcO8TTJKS}YSKM{_$vcXvg|RBqT_=JZCeu7A z>8=y?y6e`2hl9IrOpm*+q}N@y%;BzE*XOQ-O5NXg*LDAE?mDI16Wn#VY~ez1*NL;- zGQeFY?Q_@F^tkI1%{x`S?mB6Z>V>-w2uR^}{eR`I%O>4*l3sV6K7!?N*QsM-;p#%5 z5aPKed>gcvpS$ZMq`R)%;jUBvvAeFs;jYVRXE3DTuAABCuA``8rsVvwyG|V=s5O0* z@xomfLAvX1%I5aC>ngxqX90Jeh&dnJb!n5pUDx@FyH54rx$E*tcU`i>U041`?z*L! z|5}VR?Nb zy|!4l?Q`eLISK9`KZy1t3ejuY^Vcz%A;?X-X0REFZSQ~O3ddT=lWRJzaBPMUK|ovo7(ukw0(zPi%jI?>QNWu6SO5Tg8e%H`Z0RzmiOEDDc<|nk zH76ASI4dkfG{g^!b%h|GS@0TQH?R+|8*}H4{R97R0Cse|X77(w`=RKxfMMbXzw5RQ zYHIs!0nxwqOX=`K4@UfQ)%7=}+gIu5hnH^j9{U5y!=0^*8(y@QDt@-F0f0Db{pbKCLT|E8J}jJwJQ0h||SK zr*z-P!O&?FwLsDhuIaeLq&8p=tOGh>Y;m1~qEi#*F_@m3b$$YhYS4aMEQQvW7VFg5 z8JIrd_VfZJ-8YEpbC%`qR^{EiAx^&DjZ(g*VLD;CHB3HfN7d2D8~z?aL8g%&ZK<0# zXm!I@{rPs%Gi!vbekIKKZ$$g0VsJsjAz0nt?Y44`pa#a5JjYIV!hk^Q5BYwcQ5w=C z?0iEZZ_|G?O@2DhnnKKMGeq=2a;%u}(0XVjgQkrTN5a<5znB$ec?3bMVlZPs4m}%% zkW~|C=s~Ip86Ehw&s6mLn0hV^Nb@rIio$x3epHbE(@1i<|6PkyDkQ^jO5p3Dx;F=+ zU&eM08Q7EvnH=w8M{7;m&pMCuh2ac-td8w&H@Fef)h2Fg6uWEZa0 z7sYcL`L>)*YT^+}{%Ts#l7Y2l5J20-;Wox_?CUyeaileiBlY#axDK=kEF;Vq(ISBD z$SU>3)QVn8Zl(oowUEF$U%H5~qn~t_>3rug4&Zhp#a2z3 z{a&@#fb23q_o&)_MA>@#F+qoU{?u>7YKR+~A9cL7Z8yY1fm!XsEHgwMV3m5I>7x>9 z5N0B=k_ji3pMndbbvN0SbvHx^?J-=ZrO}Y}`kqlgiXPh`fxosog4^l+;AdQh$3~*i zd!xg^m06Gz8>tV%u+EqP##&)6166sYnH4?=ieAPt4!R(%GVJJ4?%{AZLj2V7IQapN z$@5G}8We#zG5gc?K*z}{z_{pAuZ$5`!L9A4O6i9Bo(69;rO5D02$kDx@5jjUDq}Hq z`RZa_LHy6=e7piS`7%9I5yRJD$PQczrY2N|PHKhdO7LAnbDF56clNTO2OJc_U#OWw%^Iu@TgE1fpKOOu4Eka6uoZk!+kkIE0$gw7~R{ zOrM0fDd*eT!vT(y26vl7CGa>IteTHOGRIhr?K|=Lld!$LjAH<_Ui>LNi3?{nRWxY6 z$0gD3gi6ZFWy;)mbY@G9GM~%rX~O5a9k)Kz0O}5aEEd7 zo7;-=Bw8R?+#CXW^)IFQLz)GI2Y5y#Jd-upFy;HzVlvdiq}x?#En z_`T=OI`Gwz=%6ry{4|uhN#M`%H~V`Z4i?x@j%}rtWDXs_`X%~}{M`g3Gf0rX&Fep* zifUWf%f=mfd{vPOqdnB2pr*!n3)APvqFEl>P}(g;+tKuSie1(eFKNiL``x7FlHVR| zKDc=#TJuOEybbH7wu%?sZ-VP>O1n#$5Uxi2JXD?`j71%#+&m7gq)S4CGKnxBfoh`+ zHLtVr0gkIwef2Z?` zXIupX{L_UOBdV7i>O4gw>A1ZdHG`nmt5dv==n6AS$#mC4xG>?o0xJo1=XN^Bn~PVd zi>s46!`Ckff&G)52n3C9Bup`A+7NH7(3+Er#3zQRnYC|0*h!6JY-=;}A8G-e#dRL_DmG9DU5cs4E?*RU$CZ z0Hx3*B-G56;TQ_xuRz6m!u^CvE^LX2$JF#IagZ&7-bVRN_anftCvLHSwXg|qOCbjE zMIa1nNA}uq>><|1H1BXTFbg+AD*?^^g@IT>~>vovy zlp+87SlItj+U=kIYh}0W0BBTv5Vv(F#7N8J#1zqm&0}OZ1WldfCcTvJnk)A9h}yQu zEGvO?$oio^*rDPd7C-sMC1EWE1O$HQhwGE1nAOkt6l!N}c)>n+pkPPa4V#=Imzm4aS+0K;xd%i z+|k|W*;t@--!pRnb%YZ|gjbbXw0Px!L&ge(IP@(=H|W8LnM*!6_;A4S(s54h)u*;m zUA+A3zWj@eJLSM5cZ&O$_v^pD=&W;cet)am&#A#yCozQ;{GHRWEnFDl^o%gJ9r4>V zEgGc7FxAOSdL&iWfIsvzu@K!A(b8)y4@Fn=z7)1-U*P41Yrj!7V7p_aquSd zLR6Ub(Qh@%*_ixUam455jr`kch%w`qd>!J=Db0gHOt2nXN>nn17e5anXh{l--7K>` zY>b2`%1>;Hty?bvH>Y3ZO~$yUVIQW?TLB$R6b3<|;L6xO2E5-MxaHT%>oXz* z2tsCHyp;Z^?bg~3%I%1h>GcP zbH)(j)9o&28#;r%P9>8;uD5~@8f^;!n*&jzKxm3j<99)h>wESDnDBsufwnp}Tm))r zqf&914CeHZTMh$%M%AzEkB~$whuGS zk~!Vr`B-kZftgBX1JHr}sdAtaMi~#!Aah(L>%QUkVRKb%oV#Fmpa8r1AdA+XKKh#4 zhr99Zyci7m;?DfX+Kb~$pZ!?Ar3tA!oeLXMUc*2Sa6@O}h~R*a(8ly0duIOB2KWZe zU8W>qML7 z%SRfj9UL2Gdol=84&{uSIaJn?kFr7`5ah#>T6MIgi*L(X=gz;%^J8K;EiWIKVbk~G z^!yM1K)lO>P8)U&YfP|ufm)bmpL1I5LAFq%LxPoG2%#k&j6}DgRz` z#8e_5<$wtGDzFo|3S5m)6;EOI9aGOJ)D_1y3nDvKy$OTuQ1ac)gV&?$?7;IQOTdfa zk8FUVE3Cy^$trJ3o-{~i^<{n&?Gg2BF#}?!cDfw}J%&2s=2r74jgkNPz=!AnCVnyj{OPohUXP{UO|M z@q=G0UAk}dzrNBrvEWJN_>lxA&rBIRs%2UPH3&gAr4go|EeeF3&$r0IZ7j#Miw#~K zH<)z__p+-zAE@kq98C(Wrq;yp2>>g`K1^_Nm#DD0fyOdcsX$+4y~)$C_H12 zrwGJg@Gz8TN%KNvH-m z`-3_S4HJX40|M(hn$4q(Q2&5RLeNq84AcPTN!63-FteT3%_ooXj#N7#N(;t+{R#^B zC2qIQB?fwkMv1nL8BEWdPKjwJ+qM!ac|-@Tl~uZPd_(q~Mhyn~!vP1sE>$li}kkE%|L2@w9c$qMvt0 z*4l&Q_KBD@5R4xqv8ydmv?v8-{=YC({c8fG$?+7PQI<1}K`0kufG~O2ovs!=qmhgA zr`tt>5LC+TkTR^{ciTsIPV|_5FuEjBJj@6yYj5dgfc>$sK?0AuzZ)BV9qpsgP_JAEOC!@=9~ zzQj=u((3QLx-PW9;IqwnxWCUS>VtOGr$(3Syt#MXggegsWytiRszl6FzU)sQUR8hb z@XbAswPD##l;~KjXu}0lb{?~8{3GZ6r!~*IW{hx(a(~BXuGC7|LqEO!oq?8H@!v;t zPi6#s>wSYs(As1oyjCzNeTLK0#==YQZ>%`W*V`YB4|;ceRvfAun~}NviyJH+%UQ;( zXAsML2IZF}MP-{rv@27XOro^SMl{K3ZNR-^Htv%fV*VGl>vZwyGPxbVv`>|@acyDC z_($z@<;UGATdSCGPxzsl5=<<<+{qIpC2l|exDzt~sEz>$rbB$d- zD%<6xX5~9VG-1r>w1k1TKf2XDYya$ou2Rfv!ReoWh)T`Myc5^FZ|ZC$YT8$a^Dc&Y z)3q=+M2g{VGe8X2`HC10Y*L(y%mF|~B>=V@e+5R;agC@)3|I0(47Yy9yt(O;rQiSD zO{EB1mV`W86m+V%YXnj0l5E&_G6Hv_1Tg01M=cfFu&Y_D!MWXk`98W$c|asUZxQ<_ zKBe_2Vf|C4rYd~>xK2Vwp**_svjXXS^Tb&wH9{di0GDF|l$v6pQROIZ%Fd@AiYR z*2xzY)@|)`dBbbItz7-KQ~A!lwQqbjo~YmKQqupIk?wT)f;oa<)|jrVB1&Ap(Dx`6 zgo(1OzjgS5o3>qS(SwN#PP1knnegP4JH<8bI|@bQLo>1ZM-FE#Jy>#N(xwI1X@B{3 zaVABRzLNUxAX#0`?rNVA3$EQxeapl*eI8`2)g7x!?e;qhn*v#z`5?&bctv(k4k|E1 zc2~?`10rntQbYz0gnCPJt4!VKe8Dd^WB15lyTy9?M!ndZbz2I%!5{vaW)DFH%D zwotcggnt$n)NXekJ1WrCdDevu6sDrZhuA0j$c=kp^W4YxJ|XTN8d5OM$&Z?FXH49{ zvf{#pZWsEYJ`})0R}&StM;$pb_lwPG-&SQGqy(;I1l>iCPq?$s;Qhhk+KwE`ti9{@ zMHYo!$Z7hyh&S-e)Vo((+%S7iFZU+C=VA5dWQPB`r!Wvzd320}{xhJlQzv$P7`l&8 z1{mB(WzBty#Vv0H?8s!2jBvZ>?t#K=bT$i=& zU43E5+s_^%F2TG;D2`$G=D-V~trdE5xK21LDw3`kQ^hRb0(uuoF=Tv+!O_6j1>AV3z zSYx%OS+P@{XMzT*vlzfPAmA#rU2*UXfsqdnPG<>ZwmL<7PH*?HF3tt+O%FwiLWlx` z7n^~?a1XFj`q%>TZayl>FA`qUx^F21TKv$Chv!7XN;lXh3q!x9L}T`m$YH0Tf_npS zZRmdD8hRf?OIN!pAwmjm>t+=d#m3a?Y2Q*}Zk<@plw%3L~8U?$WO1t?flv+4K1(_|4!(Fhgos|3p5n~91#mEZO6$=R7Y#UkbF`CNyaXVdR zG{(kQBL&S0j3c#es=p$92yl!)q{QGPiC!o{;~-95Din@}YEcNJ>w#YxR|GVAfh@~( z%!bPG4UrI+DYI7aJcfNtUGB?CgIRxU+&iW@nP4SR3H;^w;TTd{@|=D1isQhFueE6` z4`8wqGaXe=4z}Z3x)|k1w($H`ji&<^w5}Lzd*1OpK;K}C#kKW${+_MPsU*h9%xbWX|gS|&FT<&?2J-bNs?fn$f zM+sHQ-E3GyQLX~AooniikkxX^i`dG?wRX=)Om?5E#TxsIP%Z{12xM%joMycR@vk_3 z)d-7)fRv3dZ*C1PKpvJ02k6JkH*i3$2oG~%f$$O=X&vI-OpJ!!yB5RwHi$TE%W~qP z9veT?<(2X3g)r6t(`<vaj6|Stg_SAu zBpmKKNq|ksOjUSfgz%c7mN^=e=fH{rtt+ZRtF+vo94KEOtOU0(8uvI+%vb>`M$4)t z)yv@+9Mu|(owp|nsnOkwb;X)|5}ig+ngG21a8l?D1rkhx!L57JqM=k^u(;Ydrtm4w##+7!|@pAyMHk zw_t!kC1bHMV4MWh&5Hx-1elXU7~<>DEYlTbxM0{;zNom}Ixy4OSS>^Y6!oT$Fg^&; zc>$aB3>dsvh@!ILMMYe3FnLBx;eXswR>oi5f`Vo29}X*aKQYPAVzjbhy=SgYOMxZA zUJQ4abRD#WguDQb#s*@z=12`xXB^S3Gx?Bx>uJG|tGeBZn79;|6FdN%;$nnw5)vx> z8%X-iqWgh3ihxraeh21ic(+~(ZuNw5tBK(CrOMfcO-$qZ!*h^d~ zd6|6!D}B=0Q=?+61G)5Ac*fzDu8K-s*$R%f8lj5?Hj3&fJl6f$a4A#*e-0aTdcHIS z=(qgFNID;$=E3j~@?gN>x(tzdL9Aai;TfT#D_dcNlgCg+8Lo;9;BCT+=v}uu*PVDz`+9N=#*naX-D*9S*tDn{1 z0+LLKayG&M0zA!tk`3jr4;G{Mr#houkv6D+TF@)a5MDT&V!JCGz``{#R2f}P&FGp~ z#oUexWYVDIhl-n!Y$L?ff{`nF(Kr93070%bOvSa0XTtUu?g$M<4mA#~1;4bEj+;{W z`WS^f*V2S|t(Q4HwE+2+wt1!v)jVtiOI`=3xzwF|eGgQAvAQy-aWtzS5uJhTCvKg1 zmcbxxt`+umwQUwx>N+`XIXSIux7c6}sRYHo%nAN)f_**c8x`VQ1-f@z>aUT*gsd_B zPMGFp>;Y+PMnGqXu3$AeK$zMa+Uh0+(@nB#w%sEFDjh5EEnM{3I)W_3eIRHjiMKWl zK|KiAuk7JNJg#Dde$}c~f^FNj<+X4DO(doobtRC%6vB#voA95FZWYHTCII?I(I-P; z$8)MnR#H5mZxz;qE#N9_ckV&oR@g^oU{*(LtMrfhfT} zcRgrhsSz_8?LU=mzkebXz_%kdJGm!3RFzNzvoL2gW%004v(d2J$u6MIuYvXE9L$}V z7FW`R2){u$y9EuE=5FBRX6@SnmO&X(zzcYmLO?98EHEEI?^~R*1kBa7STno}3~=Wf z#qrlx=SD&pNEwH751v5F>+NG~ka2IGvl^`c=B-#kFsXbDe$F$u3mkT1j#S|*eMXo-Q z_d&AAGa9e-G`*GHkqZLakdA8T>2hG>xms}^?k!IJ00E}xGp)V+-((P1 zg<&oc+y=#Ls&f zczY^XSNOldyUnyS4s*MDa#%wF{wXB?#5gIRD{A-y-faOruJj-0-3C49-44C6f6)I4 z-YwoqVBV0y8hK-92=+#4cH`2O4-UJxZxB-?-YX@44tW&bs2E^+#(UhF{S!2@iq=kU zSUXuYcT7Xv@QY378i0CRdw%__zkK2c{jIb~d*CP5HSktcr%n2H{<-S3taC#bG)&mP z_8fexPFpi3@X2Q+Dj|-``VYWvz{>qL!w1LfFaHbwz~FK(&E^Px;rVhb0Jo6=T;!)o z7)~6M*&~(v92(?I&Nab#*p4uev?S;RV6v7|P|-#&n@8$_oIA|C9y}Q35~lg6>eG|r zYc`w4bXn0+*B88+o7Z6U|6x6)vQw{MwsWp+x~qF9!E&;)J` zS1ur|zT89R6*#x8JH#~SY&C0Qsb^%nGs&b)pvAHA+HR*v&pr??nBRdFCWZz|vYdp0 z!n!s+l>iH*@S1@Up2JW7Km#*}7|7qCs?9>v*l2{XjOV`&_9SyE1A+g8A$}<2PZ;A% zN2j=C1lFRGA#~F`gh}O~P*J9GW?EWMNCR^g!Y)XPL4`e1eH=zAp%5Phw&bzx&M>S( zK5IGZXofhU>iy{Mj!hV8fJ0)(J5ac+fZQg9-Q5E4(r(x>GLDF$;nhRJm8A56a6{Z; zqvT{F>{S^=?jX-Nr3^WduP#d~VFbxg{H{!mDCc94fqOeWNq}lhU7UJabh8aJ$!(O< zucNXY99$=(G5oKT;7c{7m=!c2>x1iHf&@k((T?>&xNwI=SlNP3A;d*a%$Gp8ZO}~W z0pX+}Rv$IzKxmByRp^JP1MMCd{@6SMofbV1ku;nP#C=D--FPcV{LT8hch!SBXB-+e za_eR4NZu%BY1N0ZB2TCBlH=n(53;+D_-^RP;1lTJ8KJviZJs(YPqN7aAm zgkwd^^S}vLVIHM+IN@?lNw8;*>2tyXd-hSU6D|*pcR1m?oqmEr6KS6l4le(foN$o1 z8jxbavo`5Y##tb6o^-;ws7NPVRn~$yaKe@Jgsajdq!Z4Cbi#4_Tco5DPW{{oCk7{+ zItEp=gA?v3>4bA5xwq!$PPl_TPPix%dn282A_ZV?>i%AQhZ9auI^o)bUva`!XZ1Sa zP6LVt-@uO8Ioa3UXa4X#ssA5_Bf&b0gOURnZs~b$5ic-( zo*}4sV%KIl%JbRC29bK}eC3o-ZPh9&O1neH#wAgU^jK}3f$_Muoe=+;(&^kAxq1tM zL|TqKw?OlSQ>f)fvct1i}5OxP&vXpd=1 zxE!IlOpued>V1o%2}87m3^EI3MB_n9S)L{E6&kJ%N>&1BD{$L{KpqQh&}Vd)i)4){ zZU|O#^$O^z3=GJ9*p6XOFhv_=14LQ_nVtQ}4)#Q1yP^iUAEAzUi1004kub_RqOhVX zLRbJudTXEzZyko&48cIdNrxm@oSvd24Hs`r@RD^pKY$8%Ai@+hL8uEo5okC`fFpBN z+(W~il;^f_&7-9OrvZk`!B=;MN4Y?{4NBa=B*=C-#RiS`ml9XgEQYsbH?8nqAu_BY zhV$S;#rfzat?v8(e9&qS2zMJ$=l`o7wtt#T`yY%}4WSMD0~4J~eZbM@d8;l8+g&L))Qk-IKVQgS1Ae4-pHLGyvW>DnGlG$wM=^JGEi_71vnh_(CMD{b?n~7`gV}5cTQ($1wxEf56(QQkwO~0bsHaKqkJB^!X>b{=g zUR1Z<;x>Qh2xNu_Wm1*P-LD>g^*AnU5;lC9^SJwN( zGPVZql&kw|gpK2Ec8@60j-dzY9hD_0o=?dY3YfW3I4<4toRN#g@**@VQRpDb1}@;e zt*s=KA>3k`z>pG+iP6~bzsX(Ir%Y~u*o5}x56fsldYXKma%q=^6cKK|3F$A%Sv;3QBL!sGR zp<2}6!$POs!5u-YwDMH!b}pf0N=xy_1ofWa_{za{13meX_~>A>^pNYyxGzic0da1>P^mZ$?;leiq{5ynPbQ8TG$ZI%!yjcbhd z_k!K!Xrq^#!Vb^unQ+`$mIx@FVc52W!6-~8?YG$v%<$<937htYl#3|64Pn5JWGUuj zx{fW-SwiiC2QqWv1;yU+hkaLs0R&kc%a4t37T#wT~Vl9QrsZCtz3+9 z)lA?GAzmg)<&7I#d0}wgQpsWb->r|PyJY(KD$;~OAzbm`?Fv=|85DH6P0dt>N(X%C z(}XThwe*K5kXt8OGi6v4-q8%pN;qsD6!g>oLIUe+sjblR;^{aMV0^JSk+al^S`o+e zQL{$Wu7C&`2FsQMvUDGyQ`r1`2TrH*fTL{*B(kmvX`GLr+S$q;TGn}St9g>5Djgwdb& zTKx<(sc@HVS-p-7dLKe(;&Fr?Ejb3L-(_mF8ri(Q)2S&aZPWPmZ#5&$v(Aa*RyFm>JhFk z^laPPt~XNKlav8n5VdSKPblYT z2ws3uX<0;vh?aJHHKap=lLG1ju`@DZ7N38a4QK$geF7FF8x2Fe#bm6Bc?=?1Gm4B* zV!=zFlqN^xAXN$CSdU^Sup(6Hed(Dh&yS0jdcmeS5n!TvI3XF5r6G{AD&+Yx@%j>7 z0Vq_USL(k`3B8eF1kZOB^=69c1L#MB7=i=dewgQn-+Yd|?MMtL`X5?_+c06i%n$?VzH`uj9hke?^7Vm0rnU?0_xPvP5en$ypG3LOPCu)!vj-xa zx-xxg2>KI}OeefD=ylB4=zp4+3&IbMIDdnq;(Mqgy_BJu_suI+Uc)!PalJX!zULk1 z)B$ON`b*n7`Xvnyn*Z5f$F-Hb6Ek5R1GiB;ySKbM!nPCdemcljJ@c}FS2gqIjjlQ+ zN?vYMsBSC_xl3~EVY1^H* z^btDZWv;b-*{NR>l^(6jM35a{5=BeB;kqrwhJo;NmD-tL--})JR-K zb!Bpl+X*9#>dhn2mAXQHz9SvAd_h@KPdcioK%>bk1qm7C&Si!lZh)6wwIl@cAGe{=B8Ltp%b zwml$yy%?kZDDS#QOO*K?Z&f&@C63&_CD~25{=@ISn6u4t4mo2EliJ!fE&}riO&2er zivMx|D&y}FYzARZ0ICFm9wRzEE(9bM6H&l6+{?BA!URX#=o%oJEPNo?WNvD&>3nnt zjCuj~%8Ee&lD=LH5l`AG{;Ld|OK$|Ka?E=l&u{#8CBJKt@JxZSU*qtt{<9R@N9!7w zkMX(km-$nloQ$R{{U#y&Q`YX~4R|HxuRo4i#QeqS=@PelgML;AQ;|uu$CS~_h2J8p zHv0-F3xdK%rLo)H54qRi^xJTV-H9O@5$-Ic4b#Yb2sJizv48wx?+IL2b3MT78^``lZ>?0u;1fNLwmF14@KB42uH{qLMZLaam`K zN4HZ7#Dc4=VFE(YZiPY%dd(1VHM9To1XMqI64997**T=0fa!)Z0l|TXEY)a(WWF9e zjRhafe35`EVM`H`{-*`W`kyB8G&a<%nOyV(Ko;E%As7;`>`(B*X3Bwaz_m)Lt_M$( z1jAq=@P-32y`i0^$^h2zK7%#Jn-DYCk<{9~W?aA!5AoP`pc#h0*^vGYvlui54)yF5 z9Nz7CM6&V7r=z#^MxeS_tOGM_ciYTk56AFMvb2u#^zYXiEsHX)= z{eY5@Lp+xZ*Sr1NeHBm%cn4(|l*l6xAgJ!+aSgA)X*EIx_7H_xUni7=)3PPOC|x`s zUblK29`(si_)BzJXBYqil;W-kn}x0|enF?@a&kAXM5Vi@EkGdtv^*N)NEj)b+L&Dv zLLmd!0$erREDTnt+B3tvvkcjL38qa9BLPkel$*-jnUDaJ8)39zvajv|5`;F%baPwA zj?fiUI&pg8vh`KLv8*m0C`pi#ZT9HtS0!WW{fVeZh{gk!~r6$X#ZE5Ki(u!=Fr@uo$PR%t#j2E+gXkmAt zG71y4!rI2{0nYw$NR8(U0pZN`_rkKAR1uOONc#Rci_KDb@t?<^x&Wy%zl;A~F)awX zIb}lr)3i2q1R~zyCX5{cbXtz3&ID?MocowQ#sQ~M)LzPvbFhKM$MI5V8WieeY>m<8 zwSj3K-5Cmlo&ovu^@oLdWg30x zlNzEigpVUI_hK|3!e!=JY0)^Ut3U)Fq-1$@oq!_|qF{1*Lk&edfYX#Rd%O^q22D!= zatTsk(wGoA5rkRatx8&9j|Vw26y>+m{$h8 zOemaM*aS-*-BeiIQm09V8l51>h#;_hV4G`~x(enwa96y`k=p}jZy;h?Gq#=N& z)xoDb!Qe?v{k;yxeG3j#&yPU_-1|}JdPsbB2Y^QzBZKA~Ut>3q$2kfxJmKeHhy^kR z0M9MMGJ@s}}=w7NV}U02Wi=%1z1|>UJ*+5gEd^?lM4TL`m#4^vJdZzZjzQuiQnSoUVNXS?Gn`Q&oHr}rSwD{pqh5TQiVoSRp*PiZ-FJGD zsvO9b+Rf3P>{tv|)0g8EODDGCC|E^_jkI zig^7H2c4$!y0q3-4{lhD>r}fwshRN1bVd!sTp-w2DC7;)$H2dEg$W(IwpL-q%K@n66JN&DLK1R;rsu;daWt{0q?M~6_7T?_y7-cjoAl!zDPTYX zN3kO0n%WC?j(}DAb<*JxWLl`Gg1$R$1cr^Lv3o{#1_2=)FJ0pX&udns9{e+^8L&Hp zv9=SudSD9&-f2qQcatfe-&RuF&_}1`3dQ+&39L8vWJFgW_5bhkPjkyo|I>IH;LzII zuxY!*B?vI)-={_8$lTBYD!TBB_WXDZi?i_x;jO5!zH3Obdqm#g`K$UH+@L~`U~6mR zn0Gi?5XeqNNNo`{8gyLgFW%-k0W2ss`Y(;Z@GD%ae`gRhV^G>5eTWpUE+!02qXS6)`aZOHkELM%1uV2<(qoR$^FD7R0fN=yFLV&X`Uc+wc!wo2O+@UHDKN6 z-+P)ehE9d-U1Jf9wDH|c@hrx<$M0d1Jzkemx}EGV#h}6wdgBRxmV3^+*^UTQG7I$% z-WsJP0u)3w2lC-5z-ors?D6;&RWZoV6Xevmis=C88L^gS=2DNb(-Z!qF{nAL2w`sw zsz}q;Rfg=d(ubx(!6y+#PDLo+CAhZb<`x{0SO)-v4XpNh-S^r%H^lKyGN-pU!3blZ za<*4{UEVeZcHpgYAw(9JX>u*|`WUsRoHo4FgWu_Qxw}Po$VP68WrS`YXwIO>rx}O; zWL~(Mqd{Sjl|4!DSf`Hy@n<-qy{zn?zY%tUa)h^2qvzpG*`I8P z>9P;n^>`zZlB*bS`u32=easq&>?Nzf)5hw2#nYw_d1Uxs@w6qH6~(=tw)x;``+w}c z30PC-+OMBLLKwt=3b9g%IN=1?R>g`;TI*EB)>^C#0lV939dJORWF&~FRB4^)b^=?K zS}nv@MG0ApfM_kXrdlNxlND4H1hN7KR>(@$I#0l%-MeR>)BSzt{QuX!PJ5vUL?Od^ z-}ia$=l&_Bg6E#L=}G_WX-oted%L^@)S4PaN=ILAWXJ5YTD>pOyC?yr6dm^*j`JdkauI69dI;0##VXt@ZI!vQ%9K%hcrDtb<+ zjdqi-V&ez)DEWY>eE|~F7l>NC^B)yD$LM!jTq>bvjjw^*0pwheCNaO=JQ@6^FdVfL zTbU0FCV=AvMb3CJ1T*UR>|5$CJ?$+6PCamd1tz= zAqxho+i8zAYl+p2Q&2vNawN?vUe31rFN9tEtxM^8YHXpYg19C#o~S`3kTX?EQMQfu zr!phG2-Juo#K+5M#Smu7+9Iw{N*+7U|2?6m9N@Q*OAdTs4*7y#^||XCK9aP}8(`jZ zA;UfRHjgo93d4I$!I{_g6|8e}m4EQ|1wr=w3+1_`=$S7!P57j$Th91&ihi3hr#iB3 z)rj%)3#UIn1X#wcmTsUG~G=$TwacUNr>Wvt?(_ zBkr+1_kS(dBuJ?yt`X^WMOx3$nvbB1fYyNi%>BDEPz%SCPa{l=^|aN|%#I~74f~Wz z`9)OD?P}oFV)eK-vKLr`h)qPE83X7?Bk3*2l|WZ$?XxQUs6nVKHI#GDI-Qou`06{E z{prg%a{HF)65JJD<@n)rs0+aL#Qm(R-drFdsc0h86>zmX4iZldujZu^ zB)S9sA{Zu8ZW8+n_s!6Jgr7;V^Vt!EuDs5;TP}iSxrS8PKTZol2pm{U%MQbA9y;SNMkuJSbYsfY@5A!1L zwN4(Y$SDiE*o#K}+wUGWk;o%Wa`$0E_IlT+2}_XDg!gQ^0v~R>8p2~ww!o}`iq=9J65u!uvML(t!qEAbbY-d8=n{e-ooD)Y5WO=ZQ zKYMQ~T=-X%I9+W{WgGpT4efgmJ^+P#v`@~)e~bwnkdpH)nA@E8wu_KXT^94fyUO^n1o zZWjvksaFKe0jRk^nNGm9{h&^oE(@zh^FeQR50AxSM}$YH?sdE1J)#=%$T|32c}kGM z=20Ta0mNFu)>S~3>0CU^daWHW-`0E+xqfXP8aoQzZVC0Uk3^@}`^6DxEs1qVL2s+F z{@jACd;zE(+XF*s$+#K`Gf_|k>4u~0RGv1OVSEm#-7?wB3dQ<17R^p^$Uo!GFB0BW z6L7qh8Fvse`)kE`o{b58;IYnPvFc~fdr=S(@(+YsE?mnb=F+M}iu5YnlZiMO_Wk^h zK!+olFr*BZfe?*{w6RUu z^hnpN6psupN*7`A)_iRWpttZs$1j*?s_*rL7xNJLBB4^IxJD3!#4?6N1FxwyL>R#i zT=I-5`|qaJ#J>O8iJ||0Ce^kDUHCSKgb_m-cI>{*)0t-KRj62rW`VG#{J0Qtgg|N7 zKsY+vmJD^8yyEj!Fkwshf@7h@c0A?e!if)cT=T5BsICydtp2nn+H|BU9Sh(5db+c~ zE0|L&f-<8-KREy#D6E$u^&qS_%M^Bh^9)JTB-AZ>yQu+dj3z0cHjWTpQw^xBTrcUF zG73{wY;4?_Ct=S;u2>;t+!0vnk4|sZp^$upipvSBlsrC9vX5>|CR(-SIbmxw^{i-< zc#@&Wk)3s954wKcAUOT2a`Wu ze?6IP7HZzh#{M;(rU_9UtXcc^@F3T3nkw(P^1N$;_^~hjU~@_AGXDK5y74Cu_axb` zy+Nk+`Nlk1@hszR*z7tPv}TU6Or$1$E)tZL4w>z)OP!!9qY1b zzPveuPH~ZcG5X{qSv&20*$p{KWbd_KO5JhRJ@$#ai}~|{qN>=6&3~3*s<2c(#mv%R zcWl~o%08dO?+Y<)Oy)op-#$`?0)g}6?=dq5j@Ow>5UTt8=Mkp+%n!-3qqJfdkv=;5 zWjwh6MltR}IXV4|Q0#Bx$|%n=3E_Ym%GGM22}TTTlI`0)pg5&F9XQtfHj-mFX55|o zBX>J0gMEeCB$%X!t(8{r2h2>MD3HoO?u#(BG|fKZ8E*S9zED({Cp1v4-8^FrLey&o zwSj%>AF7hQr!m*hRmV8!1Yg-1@c=`co8{5$(a_jh zj8tXpk=AH7dPzG*Z_27^P-CZLc0U_ak6))emWRX0wWwY2oELkGT^tC{Xl;bfI*cgP zM4%hKEc3#NrPPAq$8qC+2LwbsLQ!j`!$9_bm*hfTsq@O-9CB3)^8Q*}2Qmw6CeVQZFz=wSRk+TAtAJ68V9-__BFmx#C7 zlA9e*mM;l;oY>f4aM;$S(Ou#xUta42`{Ra!yIeMZ%DNdponyfP`Sd7%fHTY5&*$tI z-*Wy=<})E%{H?L(IfhI8brMWvEP|prUy@@Tt3$RtO)lj_T|5;i9YI`*!w{YuA);(j z>sX5)i9ux-6|2(Sl2lX*Fkp42*A8Y5gymm#zh^lIrkMJjbYG8`hD#VlU1Om|#fv5X zPZDCD@)Rc_ra%?fm#Mr`DJLPe^3HQW49fkOMgcvS@0MdmpZlGcZt{GXu|FTU7Qkd2y8fZw}A?W-PlY#yb!I1Ve08H zt5V{eHID5RC?t93toW_sI&hHy8xz%8QU?NyrN&*btr)b_0hRawWq`#OCW|{Vg5+x; zN)g(KBcKb1$WuHg2h~G6Di-@>pmC4zV%OJ+An}J#X%i3z2y{SGoOAP7+-Au;_86hj z!-9lAv{pxb72g%HbAMqBWB<&Tj{8_9lQX02^&!?-TLFzM{A$-5mw!3*{`tm&@hLv> z%GMo+t-pNrf(?tI2E#-MxHM*h%}VSeRFgldnbM1`r0_W#Rt_FvbAl=*`v#QnCHc)9 zT(MHkq7iosWWWweNA8zv;0Zw^o~Jp8=_Ydt7jc&WAw%tEfA7dA) z3?%0%8`f}r`pffi!-X(H(h=>6L$WMPm5G#UXjb$FkE&x>hcUz%==W8osxO^%;t)3t zfFjK?>3^C|YTMuV#V3sPIV1KNWT`G4$CKB;-k(^zNFG)`?dNbKTXpIa!R@YvYX;|8 zQ%v?4`jORL{>si3Umf{j$K)-mH*%Lu$_SRrnXZLA-zZcis%E&P{V;SWV}jcNeX`By zAMnZ0_$5OzBmp(YuAlw5|F%>QE^NseD1dH!>Az=P>l-qDXKk`f1Q~9)zR2A`g1)^> zg8y88U63a8!c;Bw-L7WJ;fj6Blr^p?JQIF&?VMj*x*+NgG)k8Q1c5%z=n22%6jCHR z;KRNKPw&dqP;fAe>GV+*lXDQ75O zxx!+&Foq5qv2ESob0;uXUY8c+&Uicbg4WwkwszVNdT=@dOHf>>NC|{#bM+Ld91v4% z`k!!S#XQh+tSIHP8oZ8zuCFD?88_-?A6YlwaIv%+1;>8KGH2ZAji%Y9o@=0lPA%*> z0&Zx^PdPxa<@C9_RtxQUhi{BIbYRi_`?F^|R(A~ljlO=|XLY|pw+5(|F!m32T|90% zm41}ro4@g71g;CYAo@k_mK?ojzGe`^qak%_>y>&7)}yA=Q@OW?y;Im7@CKb#mDRq; zoL?DoDe%^%*Y=v5V+1k!nYAZ1^QjFlkB?+z{`&sjkI3pFE$GlCpFO;IS8-B=Yy=Rx zpWDw9yh1PjlxJ>axSvjqWyA)LxXV~Rty?*M$Z$IRH?wOSZ^Xev-ph8NXr0LG1(s$T zNFL&|mkLBM5rbR@sggSUcEYtbzM`(X!h?a>j#xv`ig=7IgihXzxKX9khnNq}NI*8d zvb-OC1;-uVbZ{oEh1DIvZxOV&2pC*ml zA@#uL)`RB9)^C7NdSMv00rL6aTxcDxGK6n~Lsf|s?4vNAgMm{z?dO;EEi)RZ)1a2a zGsay-rW7fH+~4AL_h;}*7kqk0jeqN+_~-*!l1pMybjkpsSrS1GuKRv$`spVw`0x)hZAaRVlo8;V&Fqm-g{z$;PSti7#haoBsE~Ggk zmC5FySpm3ER38s>De5Q3eBm-Npg9@50mIbbokCzv*2WBs1||V8kHVG8Cnb7oDI9-` zSd)1;l(Zhj=SHzbUMfflj_jqR#RCY@@u@SR$R!KkI+2~1QS;I9%9G7u8y4PEOfES^ z>F1pP;cwhuD_Y0;&I{cC*KcXqpuNf4W2Q<4~mvsjf|?@Z}`12=-BR05pI0?WZkXBf=zKBrOM~N z^XTU-TRavFf0S1}=cge%qz6JCkU@R!U+tO8Mgu}g->&!N3Xn!s{ z^qr%ox0!Cs<3VS0Vb^ekR(pbp%i?O1i@-oMpMg$?Z=@hC<^}JT8Ul6PWiIKUVcX*1 z2urhQfu{h))iGf~4~ZvP%;?0kbohlqoAi`JyPW+EpYA6(x}2rXg%dtoM37K%OH-kc z`OQb6J8G&I`?fg1aRG&K$U?axVbFcJTLp6{P?WQj12HHK8His6pdXGDAdVdK3>oIR zsE>EM!Hnw*B8~evUJ>BbOnd^ko6d9J6UZU0`2-4>(-C-D5I`~J8@Ix2V=b&GEis7u zYUtsmt2=Xm=>&7%0K8?v=ZE&XhzD(K9%%gr^kDDn)Y_PE#g23*O@qpu-mZhX>=1Sk ziN^6J(+4Yko(Q1L8s&F&zMRhFT6a=Z{Ah**gNfv2{}e>(?P?bY(WY)q#N;YjzRqhj zLw53=3#bUIH8gY5pAl~$vu(mX*Fr2v+)-PFgQFkrVJ*U-8NTO$>1!|08ylIw$?K63B^YIj(AH$YQWPQOHuP+RgRW_3{j*U zTs*FtM+niz`6MbbJrGW&3xz#vtOKV0=zd{@Dd$-fX>&M2D(z!L_%fLe&gyD-PIToP zOEUedUjT2A71}tjcvX}GujI24Jhc;uw|Dul71zTAB>-<$*^U;>30t&6CdL20iOq?o zh<%ee#IKf*edmCD3xY`5nuG|Y)HBi#fVXBh${h#ZNrqi3-rN^O+LGSPiWK{)uwd?oHh~(2r#m<8mB3MOCHPEb{0{tI z-Efxz<}VR3X#n0J)np-$b|-N)jBa7VOQ3G59>PR^N4%X*1Qi)xsE3P%Q?gWi5g5u6 z+12UPa9u*y1Ke3L)b@84^Dx=H$$<^jAAq-R7XlgZutCF3=_!S47Gwv>WSUv2QTSL8 z#zeM_8VG4j$Kw@qIq-O(8LmC>U4UWt(z{kTYsPr2I~-|pxcwRMmc@a*Y&em?rSHiq zJ`isZ(FVsfoiru)Ne1^J4lhzPHbhxei=my)`Ym8@Id-@!ovJaO$j00>TIEc1L>$;P z2?KueZaBv1sW2+nie~sx?gV^Q>Nrw?sKo=?q9NrRgMD3=+cV}Z%9XgZDjdQ{U1i2X zq{hj-ZGi)pMR#(`g@0n+Dtgx*8RF@Hm>if_YK{j0G!4Tsb^@VdregpTllMuLTXk$$ zAM`e=e;XTfZ;Mu7)sIMdW(a6n(-JwK!hd+p{&CVn0O4Z>nO;k z3{?Psb@KoO!U5CcT;P;WM7Ogrc%*?KtgjFW_e6cLu(FzeV>tpJo4 zB`BI17crS&O&b6nsR~=&zX5mpE{zQ#^i~5@bdmiE6Pii(Aw^%1rZm98F%4FcH#4%5^rl-(Y34Vi}O!v z0xx%;4Of=US@@RBI^Ghbfi?igr*1^kX{QC2!-p zWEhY@l{~S(!68=z9SIy0+^wkMpuZzu28UcFAIRAX=DH-k*E8lV0^oVI1B1Xld79KK zLL|Y*P6fIPM`hniM4)(DEQ@o_Pr)--nCW7;mG>NZi#Fw~*$ApCJ$CzCM`e9%h;9;1e3<0>iW4n^)QoyiQ; z7jXzrH~Fr4;5|5>;JoqRw?a#v77;A4JN&c{IsD31pM#lR!TUoN#%% zUGLRo>F2J`^1N6E=^&tzglkA9ACgF2;q~YE)>(U5Kzcxv!cn!ez6=g>v!wFbFD)|e zZl3`5)V6WZ{v5R*9!#aW^Eh05M(aSpH&%SsJI6jCeP47~?z1FP0BXNwx_bU62fQH;YJ=UQHo0{(g)=>;jI9OXbg2d+1(F|`w052B@HNmYJ55+CRJ0Qc+) z^#kfrC>v!R_fSQxp(8TFc`~%t;?iwL3iC0i6%fXHn)F-h4-|R|g?3(w3BQ=^d_!<^o`UIAV?x*c*-z9p!ED0**nxXPN(!ycgG!x5e7 z*#pbsd{+OgQlTo9?KUzF0J9|#Q1<(5e*LL`(@y`~Z0}(rWQEsKM-4>Kd;rAmjl{T76>C%KF@^pS{nL^|&q=ezLBGE*mnn`rV zDML0jNE?NLW)()APEHxAQuf=)yOo5jP=UK)GixOF}OmO8uJWnYZ-a$b1S-X#qVWoEz&jh|2Jf8%c$@( zqCOd0w^PPe|3b!gGwGk9wk6!OzaV3K`8m{fH2A>F{}E8zT&IjJNv6&r`(3K>as77r zgV*W7LsGqn^e?V7ZcketvhLiSH-fXMD&@T$C!8TE&j7Wk|Cx$y<$rMUDElASwllD6 zsFh9G^s%JX$+o2(DfNmV2w_bSS)WdMsEJ2GFIoKg@fVhzyp|7$Z*lxVfHT%*m9gT!;2=V62xUHeSTHh6~Z~Gc+q}_6V29PKjtZY+b&TzvoYj1AV;AmJ?d>_=N=+s91F@V(D;t#S?SPL^$&^^|9X#Pyza zL^BJf;1j@FhvWI(E-HuU9xgnyFeMQ;7E~64142mNBi{-^HKFvTXdZTBV?AKdti!PV zQD(Z{tap|dRBCgPijK&-N5a;|(-N@0L#3uA;~-3Hkb#iJh9luBTGKCf6C??HNOvfASmqHB_zTuBWDDFDr@pHTK{#?;ppoe5z``Omn|Ay>t2}JFnz< z4UTyIe(rUy@f0dspJx_`Jjqhp{QlA9Ay}h%X4|VjR{D#)=}lLht`1hFi;%ug6t@Ub zg(pXt;kt5VqRcv`B@#Qn?!HJ*LK-HLD|2FOHs*w~vn1&d&#Dkw-*Gtdl)U^#FNeb} zC1Ulb=m5mVDHf_$#tN)q7_t$Gk-|8Fu?)0GG`rBDi;fgWo=MIZwYDwggOj*N?3Y== zB>seBYv$A!(;D6hnstD4Up$l4A)c^0m6P`gy@9lriI}ii1?@%J{fJ_+T?i{!J(fDL zav))G9Ubi+2FPf_A2>GMj^}x!t74>WY-ir6Qp9lvj&kSr3kQ-7S7Yw!62^HKXn`uz zohVxzn&EB5SWCTx)lmd)g$bM#8iL(n;IhUZoLTN9*`Ov#IZj8rtA0Fc{9f3gcFv*T z<%oc_*WZ~p%F|hxFFv^WpY4${lD<;cu0={HWT8p zNc52H^0?E2gmI@N%SwAGvwN^nFe=uWIn>1f;MX@;yfpn*`R)}?Wa}pTT zWqt1zfK@CRGC})@vs(yiYiPw1pJ#@OC2O4TCnUjL1N>Rnr@dc2Y2#B8Z3%K7eBqDk z>E6#KZ|J?96KAXKy5o{vRQhRI>GQW<_^tP@>tpHq0#JK@;6H!&emJHw(WhZl z1;Js`8&`F|xOIB(2Yc_RKl#KR4lBMG#sBrwl_z%c7dM4otWBb>Ro2kN`hfp#dqARfH%t-xI6DafH)LmKXD zM#A7i-n_Lbp5-QaaxP|SmqL9=maoU{5mE?8D?by=14yd*y%x%Y#2b?~ItURmm7arH zXWfyZ*U$$Bc?uA1a$$#r14P>#%MfY0u(mC_FMreCjrc3172#JF4Od#c!-&i|O z#SyB-A6Y_8RBn<$s6E!mh2&v+yTyW4CtA8{mw2hEa08uB2cuu6n&SxV;mmOkGr+5M8Ph+=5E0?{Q%<0tJw>F2@mCqLa4B zMusTil&f+Ekn%csNEX_{~PCK&IEk#HhJf~P>+Ba>Y?nc&=2-5s>?1HeBE z{<~o|c=4Sv&(iDuuiM7VZ|nabMn_~0&ANBqIZ}raEmNo}p@BY-(_}mV^}1y9Vs(xR zlkR~we7cD0$u!3~jYNy?nR5RzfHc=STp7?CKMcc7_s^RK>v{N&cCrPg^)q7 zYgudvj+or1j73`rT#-msKQ`_r3b}k)v5*R>82A)v8;5FBCgWIha=rFB(#C*P@v)?n zI7er#%q_dws^vb7Ae{kBn=+Ft*&jnWLrCS8DX%_kPk2VPUxZVYoU+Sbs@q0wk51HpW?1>UvTiZ-lwHaRhQWt2S@YyIL@= zIde!8(^n&}til$6pc(zu2vo_2O$%O@XO=!(>0QDrm}igZw{XV2#+$20EtL$Lk(#gd z30_5?GLCA!ZvCQ{Zp*eJ?m`<&>M>^M;nsU35w~fa0hc@}sc&uFYMwq~QdM?gi!J>N z+vl=&)%TQ?iubN8-aApDP1-pXm(g_N!ocx22=e=?_g&AMedc&x`PTEg%ahBMwvVHS z6o1stCuhvKlCfk-Qh_!26VHQ;Jts<}MfR5;8{&eA%HesPt7R0ObG`ZKp%OLJnb-lu z=65_Q4)L8M5(X+<$yZ9Bg_4FFcR6lslx;^P_BEs}rP<9yoA*&Lj3S@;`%qE^iiTGo zAxZ7D=0@X}grVp9L8Y+fpy_BUJm`9_UKEZt7O1Z)(2Ouls7VJ}-tLz|;^aM?*t5ln zTOI5UYghqgD^cdj1jWv77bgiDjs9}V%?BcWBPsYX+7=6`oYKTRrX*@W%eE#-4x68{mGr-sW`BF z;!kaHKE>DR$QrqQMENYvs%akmVz!|T){$ym{IbJCzk+V@d!(o4OiY@w;)vtkLUR}6 z>^Qxx7`2YG_!;al%vU9o3Rr|TvS&)PyBd;6MNFl|54s~aBn66aNc|BJQ^%SSdgB?u z;*?KAW}aYLx;K&3^Ie+@H5Ok09gQ}(o~e+7ilHCCAa|k~yE;R|Q`v)KAy-ASrY!+j z(G^ZE&b9bzO=N4UePCZAX--oJYa&-@4c4=xAhR*ys@gul8NU*m4~e9OAXZ2pE%PMX zr!H=jX+n@R7~m}~GIjUw!{S6diT(YU0Q0Y@cc)7hshM|@3*%Lnaq*o^&!Me95bfRxHbn&@Iy~wj)*%9T6rLz*%IAy_ zDKZx7^PLsn{qxN6#s1mUKZTIG*0VCgp!!=ZySNB2uYtV^1uCp+sfV8O2>-FjnF3U( zm3mHe(MChpX;1UZA(~P6hSr7UqpZ8!+rl0}U=Q?YSZZhg0upC>V@OH%QHYG6Lxu6S zhL{+kD;Y#~q>rmmIMZN) zo6b!tJnQ-s=;nlCI;qRS7W)eJ!&CsS_z||!ko?rlKb{Jf0W7^a+?hS<25pyaSFon+ zB<^Nf$6=t((=5(KOxa2pfenVgY9;BWNR5UFTkt0MWd!KEK~&&G;ZkfzpmXQb93SPr zE&|Oms`SJq>o~MUh%0vGRxqJ50LA2yv?NRF0n>3#T;|IXb=?`7xEX}$r6v~OR0gnnN&D#yGt$E_03pYIj!(gBj! zk5O0J{wDu|F@;f8c;n7xT=FJO3~)*EeDwG5^$kqNuYY^RShzvfm|23le%Z4j8HRJ? zXrRWU?a058FZ!&4dkoUgh&o83RYm)%L3hJWA+f{hM_}`=CXvIkWq`Vc+O#rjqEdQ? zWSajn>V{Re_+1tuHEj#BwJ9EvCA?aaxqPE%r^uJF*M;H1_?yc+fj><@*I@CudTDaf z5=Dr^m~rUn#}B_sp)65v4IjHO;`*WffB)vk-M1*^lu;#hA3P^FFSZM{HPeS@l5m1$!&Ha(Dgr*aJA3Aj6B(Wd@v88L4Ne@CE#0 zs8C_?rxanp&j?kf3&H5#LlD%3@6Q3V3JfRL7!Srq7r~Ic=7?Cq z<}^65H(m6*JB%kxCLC|#zJw#V%v6&~doO?Kb5`wzN85kBWF5Kuqk<3xWBS0+3fFho zn`Z4CyCHbzo&Jm;NP7>hvFZ)$_%^HzEu3ReHZ*lDrYQlw-y6a<2^g$=v zmdJrl7i41sf<@kNd?+^5E9xv<}xnySSK?l@LVv!suXh2+g_{9;)ICqMM$=h(;D*Vo*5{Z7g_QCi$jc1p5)u z3ae6}p+h_ip45@>x(y#mLN_kMXG2~@)jS80iH@es@6gWZpW07V+HJG&`rkkI zX`0>j)(QL0Qby@rx2&x!zo;bv=~H7z3D@P>v`bs1HQim0uM|)F#7dXCayO&btwl98 z?N2t)1T*K_v0Ldsnd9}4ajg-E3`9Fvd6hs8UeScv{G0I_JwE+R$|<_Oc+Zxp%m`Hl zH))^%3kz~@UOEFN$_VAx(Xc@TbdV4c^U4)WPOT>-(mZQlnyAqTPxQ@U+n%hI9*1i5TPxO`IL{5D<6>$9kbwtyDn$IRz zuR4?1?R%@MZ{|`Mxp=6pS$$!Zpk+pZ>wHC=+uQHVc@)w31(Vs6n77HrGne82#orr) zZcUuYUTyina{E~Hhw10P|7HD(QROD4_TAH1Vz=5AT)vYp6`wSQ1L~K-5 zk!F@Ke*LkLwM2KoGgxf}WJpgdr`*fpL=Z-1MX17j9N#+3bW06FkkHT{_tg?geh17S zpABP~+)3u^H{qBdv3amdi|hl_k8XGt%t)!_|;+EOB7gU^Tea3Q|LytXd9HZVdsV#aAY~B#2AyMb(D?>>m!n zq0R9seVbQ(vbd0%>j6$EDM=E)!mC8g5!W4=IowdY%Rr^^_iXj3vN2#6~e-H}*a*H90znwivX!a1NuKK+Ix)QVr2MXI+&% zC#vQJ*dAwOex9|oRtgebfQUtZktQ+EglIiybf|JQfvUUodBCcjGk#SreYdB=qt~|= zMxzJkMX(|`!=AUQM_ zINso9x8H88feS$i#@;)YE1NF04uwgAt~NnqD4JX4hro^Rm1%ag55 zs4r6_GhkW*HWlHLmcVF8Gv_J<%We>tmUHl=S;uJjFsvicO#x1=dsJIom`53Q#9AP{ zD+56|UozGlZz^&!(l0o*78I~eMj2fHAT~4)74w7`USMh;I)n@KsSH%fcT`-&SL>w= zqN@*glO)803R|EvH=DD}&P&&M7K)vzp}7!13ZE*-;=RDss^MBt4Euk;)T-g%6m?q1 zgXJqw$eX?523jb8mgh$M+i&`+b`z>yauQf2l<@`Xqy+tj=+S#EUzI{{eirF znj1Rq9yr*_o!FM%^oUb^&>&AlF=V(XJ(cpbaMkK*0(QCHE?^Zpc`kUxM-bYtXZ-h( zYRj@75CM?8tSwa$Zu%_uibKA4(_<}^T&VoyAZ`3!=d}`Itz_syQK_c|z`a1Lcp%tP zpYy4zcwDz?d~}!sj`=0#!}4;N7K;si0jg!Xf}CZ0_gPmselnf9wj<3k2v>1X7wJ6P zf>PpHa43W{N0KDh85~+efa1kDwh1q3&((MX+<^gY;hb75gYS3kCg7X()Ji&hnJg5T zS-5ME=AkIWhI*-+W~F#S`w9ol78V50vNjl%RYbvwR<9Fjr!unwfX=inz8AjC)ck^C z3b>XL@DI76eHRKK)fj|zC+7vJri}rtRjJlRbPOujduhU|lAGNiIWz|@AYFQv2H#D( zUC7sCWVcJl5ZT77_`OJjd|lFFQdWJKQEubF*}4x_N1Hfaq*ED)rcha!pQ z@_^#=;13tHSf{^;4sD(X!%oK{G@&E}(EH{6o>gnNr{HK4`XqxA%>D;dEyKkMAp;no zY9Olte+*s>#u*8j9Z)8K*Xk~Z+vk9)H4kCJj!WC0WJ*0IbDi0tTx_gh5)=S)kAv0y zSiNzN)Ai^uq!4yc^u!4ORcm+Z-}mFtlxP31l0)NG{^i`zZ^Z+aL>!$9MYwNq7*QOp zjgK{D6QEneI)$a4B&m}LMglb0Li<)gse8c_j1AeMOejtbM8%bdsbN)8;Ex&3e6&A- z)fPrV*%N}w`e-$`Hnx*iQ*oO4uvfD&As9GUX#mpp8LkGJK^)5rW2LA&MN9||{S#iz zo=nj^tu(i(n_G)F3*hNU=wojVH9%CU^?nv08XF--R^m;l z>lMgVK?V|dtGD@W)Br-0sSdm?hP9L_i}r}RyJ<9W9Edgf8u@}`@c?11`R!$nvyF}U z&kyvtx zItS>IJ_Y}aMk#XB6y;mEv3Cy@%B~9Q^jK1%%%GvxWZMxc9Qw}xi?=?c4q~YO>AUK> zrnko~rNcTRWau8KxJ#&XStgy|PWJTXh;~Dat&P(}bVwXdhVo(e z$U4jfV!BJ~;56j)tvpGWP0B4E(1i9@HUp4-nnP7(vg`wXcE?1pQ~AYv5x$=xF8{MtP26x&H8ETjr$vtrKU@2rl06q2ePSbp20M zHtUPb@l%eTf8Uu$a&taQarfr6p`XQ1eDZ$cYOt(@9N7Hzx|t_lB#E|{*Fugc$l1JX z|9Ls0sZ-$?uO=iL3pJBTE6tKX={6BPH0?E{8@x{{8#Cwyy%s0aL?HJ2HPKa@B)QnT ztplb^s(Njw{SEZGW4Y38+&P@K*;$J>?4#*$-I=4K{B`dy@yuCOKdYnshQEH#LQanG zjROs-YgJQI?~ST#nD#Dr$1c2bw0GP$Q-6wy*A)NlxKQd5bzS_5NZliWIkBA7iTnh1 zAj!p2py&>U42;(nks9e_!#d%l?iFn#>W=>HUiW!^htT0wr^K2F*mSGq_OnGvgM?D6 zSOp_MsCdvj5;*~CQwSoBkWkj)dQ=RdothvTmL+ew)(e|d5*w3`rVZu6u?KO-5txp4 zH(}0y6o)M&Y*N^p+Rbkp4#VwW9SKsvjJIxi;=X9us0JW~JWWWPk|)Wka3%o&ZD*oW z;5gk5{zr-3m)Of^2Z7jE5Ucfu4wcNn%_X|M>py^H!}-;NRxe5PM?@OmBUa%;t*ve;2$mHf^nN_6kgRA%#rlK5{P6DWf}>(u>3 z)9uNJs)v={uN`)4CL_M&x3fm~E3Y=?9P19Ob+6X?a@=lJZ9RR+tGYbV;{KL*0(1L? z#Fz%{6kpF{ul`oSZ_Gb6aO16bx0h#rwteA*)F0}s(==bs-aXu5oHn8EXInW@TY2rw zH(yIZ5KoMjv5De9BAH8hP3(4+P<&R3eCEDQ<1H>S!z*Acf20ZAiqlu{)NvdGVsL=S^r z6ETI_Xc&gKk!_>6niyH!AU+GGr-b8WaBM+0H1@|)RI!r!Ee;?=T;Ec!_?Dq2l|A)a zBD&9`{n9JE=6ZvR>Zm}3_!w;5G{}9r(;FtrjL9h4X`ZPJ!ncTUtb#SjzN)J1WE+1n1E&BJE=C{RZ$r`06n`f!B4^{ zw^9ygy8Hf8Ph6Jing!+12*8>uE_M6;fohXu=&g-8#uJ4SOW4S@Z&!%AqrY}9fSJQ_0!8LYP;4~l;0lPhj)d+w!mu)EQ;66@8>Nt!#f+&q63Ye zcNFWTWYkeYa)o+`CIG?q!Q)4_wog5iH|SE}M9WR>>`<2Cj5Anze$0E(-@<3Hgg%fB z-h&VHnbDTeN!SwbwSi5oOtQMG04Ox)TSwPL=kLiIp0aMQ^nUfN`Ut14;tBZIoXlI1 z!0sgBfNkr&O@8aaR$hHXJ)J0lojCj?&oysO)!TDktrte4dO5U*&X(W*?A=dM*acB% zDCZ4(zxtn0wtN+IJ^zGpTOQOi#!O7Mh8g$V_$P?1I9<)ENmo1;Y<}m$2yB)#ELX?v z=>U+;e_^zZD_&6Pi#I-57~@od;;GSmH-FbpkIbUjDQ zMfKX4T1+Q+im}mkq7{WeMzv^9{()jk)ze!fu6-C=4rGUB_}K-ip^zQwMlxU7ti}KW zlhqjl8pp+p-g7Z`6S_H(Z9K5nw1wq5DYgVr{pIv{5n2Ke+s!>&qDbaQd;FPI@r|LR z|AkZBKR|42Yyug)%6bquji^r?G?pyGCG8zTAz_Zki>1~vI;6Ud!?}vy$0guuJ6k4f z6008KFbXx6Xl7N3R{cYAXr4F*AhrHIi(sN~reSS@FP@4S3*i!?7>Dh#12atE-Qld1 z96T3}BZM}o^5Aizjq{)w;xwKnhc*YGnvL}AXUU;e2>`JPu1ZOwQ`i%3pXu5iepLlU zc@w=&je#s&hR^dhFV@ZuKoq*NCu`_|#j^Elld)neALA{6IcmB_*U ze^BiTZb@f&=$UxE)wJ5gy(qje`u`Ng292l!)tUc?mHmHn55#uWF6Uz~6Gu5h___q( z*s78$2PTuC6kM!6r6yWlSKIvw6fc~v;joU>K$-F;FuoUdxeKp@o~dhYcFAP9OcCh; zV@IcSLdt{4w75!pL|0*JG)Q>Ewg7M~=ybIgV+eU+sPP-x8J>_x$t6iJ57~Ghx0KoA zGYoyvp|OzweqPp-j_B6bXVIa{BiqI>dfUgbx?7ariHYY~hRDJ;|)Ki=X;hxh1@0tLwe#PCb zW>tnxlotqOeJmXqE#=A|6!fm5|`|g1>K)c z-~O0*B>%+wanX&BmjCU$6cHRtJtIt=#|CZ$FiK>*s0P)%DCHT92A&0C&Mj&bgg2`2 zHhzVNo=XitF{fAW_b^(OkZ7_l!em+RKTrSs#JWLp3&`YIqLRJ*{=(8cI4!`2k}T1x z5HCp{O0yFXlCr8C4;mv0ndT!0vSrI9njP5uZvTCoMuWfeowak8HE}LssQGP`fe1ff zf>D9C@ISz4C`47HzSfuiNv=N@&*nM4E2&f0)u?dUMw^#84TF(_@Oz}54z*qQpsqu? zBc3^O)3DzNRPkoP-3L~oI5hj~*Y6Dut!7zJzNBopFU?At{$HV{&=9+-wUO7wV?+9&IOGz2F4b>tZFcT`;aBR@}bn93wHgY}+ z6k091Y45bCxE2F`D~9rP$W6{L&+|Ok1x8uQ9vDGH0n;jNBV2U-X%^BJ@DE|0bcpXA zXO<^qL_ERjq05C!IAbLo`(i__>{5F7zz1#M@1IVziI2c0PSrDd(=bA|Wei+s75WA! zcrJCLo|G8&$+rW82EF@9q+`ma;5PP;3*1+LwjomaGStS@f>H1{^;DMThf3ayKz;3kgoO_25HUVk`svz#Cy)??Zlltibyj#0v$m)ESW1cut zgrN)EW2mycLGL@&b& zlokc8sFGbU$nI#1fNwe%Vmntz2Voh0TY%im>=9m|d|`+49@khd)nJHV9YizuR`5{8 zSmuTj1FZ;rQUblqnWl_`2chK#M^trFCnW1(qBem-kV(RYu`S3+pjpsB+u4`azKvI& zG|vJaUShxFmE?O9dQ&?DPW~*zRa)(g)CjAA0N)q<8RR6rnR5f25p4l2)5QbU5Ygwn z)~9bX?vhKcL+1xZ$LB%QmDK<)tiIwd|5X*Q_qw+>rA=P3d$@ zW&FI%keFBJ9dV;JFFF(a!JB#GJ*NKbt#QL~{Suk|6$E!$G+-wQ?K`k$>=U^-Hq={S zkJE{;jrN)Py|Z`y~8n~Q^!ZflL7 zz5E&O!@+KMNU=7y9S*T1%+qx}gV6pmz_v%xN@C&Qw`{Y%Nf>aup9q(3M6zsN))WV} z04?U{5p6+^RbI4LrrJZ2uUJqL50NQ(kPm(i+3nMy1DZM?W7n+kNO8%Q>08%nv3f_zc}g8?8UN zynC5>j3Hn2W)Q!ss$xn9Qsa0c+Ek8TcW3m=2?A@Kj|<}{tK&+*TZ|#s8K09ev}JH& zbxCag$KWSJt6T#G3ADMNbUv%bx@*tVD9|{k>jlXSl5F+&pI42es@?KA&K-zx|-|vzPl^wr)#pwBC%zzJR?YwM{?% zb~A2`&$`3WVqq{@@|vSna()TkzjJls{fq2&>3I}Al4#}CAs!;M3qKX@(H%leiS|5? zKoc=vQpDzAS%TAL2emQm!j{Z|Oi5RiIbN1ogm~hlGRV>2{64@KxZ-*oA%o6`M3(>{ zr+;_A^Weh)cjBS-J`zJRdPWQM49u@Ol4xTC`4Saed4qp7FL+<+h4uxaS3hFSq+6>S zsb4%_zs88m^-0y`5mp9-+VzAp8 zUo?HfK1pwQ5<98i4)(=I6|&&br$@6cyg}~X66I=0>_`Uj0|Ql zKXX66g~4HXep1Oux9Z-w{#mE@CqMWss5$H~GLOy)-WB-SS3mIn2Yc@x*TlK*?I)1P zA!1O3R4L#YPnaIXikxh%S`T=ts0abuF10E_MPdob#8AXatF~6@5|PkqsntSgRg{nn z0nufxHcM(r#bg2%1&Nt}feB2KdG7%{b@#XSr)$6a{bT=jSNSZef||)Z^E~%`-Pbpw zX^k&& z_lL7;OwUbG-5Koh^$)ulXI9RsuTcagZZ{vSDIPp_@N7LZ=K7gW+k1C1)`q;iW7!uq zMd;1!_jk9Sqi)WMz9O~a1E6nV2U$+r7BNd z@!@%mO9q>V{z%bs(Ezsw=~YP-#N6nkd0^0)V{k7PT9=k6#fPTk;VB3YvSQMI@1;3^)ysTWOtg zn2iVKUZ}KL?rG-?vN+ioWP4bbB9%ZnRoLQbm|!jx$v1YpyJ(z$c&ZuN*I>et(K%>> zfmG2pDQV+seIQLPl@Jk75M0P+9c?sK$b)hU2f(#SaD8K@#Di8W(`O0{RO|(U^--oM zQ#oungo>VV*+-xFL#F82nQv}eTW2XI@j#&+WgYcxz?W?A9J0wObzn*pb7SqL#nOeF6=X{>0>6dq@5Awd$>{c30Ph3ResxuTWc6!bm1 zzewOc6)U=iqjC}&uMhaBieiPA0B5Ac=u}arSckGmf^6pF_B;@V_r;2ixaZBJKq$G0 z5UX?BOEn zLt3&S^ib_Z0joF}CgX`;`SL>D8V-s9IAg)F5UEUn-Tc9jJDEa^_t z=DRJS$pwt_zfG=%V9Wn`bk6Z<@a8vkme}^?PF0m_EX4o?OoVHK=1u5 zs`Lf6S5=>T3{?QwLaOwq!KIgSx7*EnmWr9gx4GLx)wq!l(zL%UT9bpBqDOK$?Sy$s zTuKyq!?C_NazZc(X?`@y;x%;&of`T$VUU2x+@{VOkgs_bNdYt+m<(N2Kf2ZnbVMZC zVjdSFk6t$!8bYA&kwIvscV*n8SWz1Wo1HaW)$O*)lGoWOKOvOY{NkVn<5gXs!L z=Bpnd*C0kG7!@f3yOITtvABi+3xWjm0||lW=0POn8XBEFb9S`y?-mQ6$rY^upQWvk z8lPw1ADcK3E1DbuQGsJ6)E=EE4oZFbE&>7Z6N(`RbsVF8K|vfVQVe1p&r(o6IpJ{4 zAO_I2198^5Hy~AXYRKfQB&VJW$C#x$uU?ofw4G)-#$U>SiRM5|8(Nt);jVzD)@Xcf zFv3!sL!O{(3gj?#HJN`G>%?Pw#Jp?zXov(vnw_#^a)c+PfLp`Bw04HuX>;q7Kqum6 zHpDaXKUfaqcgU+C|6Pjd=EUWT01o6eJN5DX@EW7c;@#T?m@`y2`rtM52v||FOfXdo zxfeqfYDi4go7B8|%) zN|Z+fz2<>H^tr&;%6>$zwT|?XsZiL#hISu_fJx!83X+2~!4U+3SVN05598@x@kg~8 z&Rj^B`2m3>kw^HNkVC&}am#v@8|@66cu9`5WtY<85CW@at`F=YwLa{jb5A);aTKMUU{c1aCYi9Jj&g z=)G(R(oBHcx<6WUzL6Hc!CL;eUca^n(F4h%nMjtuNDYUtl9>m`0*{)JQiHXL z9q$Z-hlH3keM`cIn9wdF3>fIz)D~GhfHNW~z)S{nP)C;kgT9namEk%!CtU5Ja+1yA z#gS!l^)y>p9#6Z4KzOv&bGR6a+Si=6wtfHnzm_XnQ5v_kD&MszqSUFaNRm%0VTl57 z=rwZniImYax|T^df>G?6x`8eB({%gO=vwQb96mhOzoOp?x^O7U%XVfZ%D~%h7I^8! zxOJ(5coHnCU&G;kWaGv{mnOGASCof&Xcs*YV7NS$w)d&wMV*VrinNPeE?J^AK@9V) zPqAwo5^V4yF4f4S+&qXgsoS2xFF>v#chSyn>?+bsz-t3J&^h+0hBl(=n|3IlYMfvw z!#|_6Z##1y!D~8B=8BMF*zMydlE!qCl|C05py41w)-+st2uCav)C#0M5stYcTIinx z&*HX-_C2-$YA8&7KF$?ga0Pr;9+rB0o`j*@^*;Iq*E}%>gA>{<;0KqK(>Ds6PbPcWT*ZW zpp7-a%korLjZ}fCXR`;m8VESX4WMhUfulY&6kbOj4N%!=k}3hK+b-&<5V2=9!l9bk z{_mh`YcjVT+|%kY8-uFNQf1(c%EXSK9P|#p)}J60yaw3P%^`UmfhCCPU=`d?AKC(- zFc3jpy@EAQ<%{h5mR7kSTzT8qDcUQoyDyBLt3e{gI+N zv6Hl5Zv3R4$PfQCQB+?=Q)_xoeJ7d3N8$hhl9FhC`mm%;YyX^COL9V}((%V}q8Djo zP34j9Gj%8^{3`wEJW+#2%_LxCE~< z4lH&lUpKr}#5&@I@sE%_!s?DXn2h|;N%q!)5|Kb}{=5&RrJ!SU$j|aPQLuNUIrwM! zTVA@<0c1^R8`qDlnLQx=NDc*gXLg)BKOFrSlj6w$VKuNcB(n-B)p+3;?3Goh%S#B| zR91uYMj1F}mM0Su17Og3n&YO!7Fhx)ar?2gxb1YLs4jk2LGEcV=IW_ZUls6Pcd&0uj^g2c<}=Cj;h6imo7l@O#r1s zuBQQ3s(<~lqlPEJAnDX#q3FKxQy;x|Ev`^ZlqJw~U4-8Syppb$RWS2sFF-L^lt>K~ zj#lzIBpmFj!2!+I;wZeu*7rB)dDy^i-fnWSKtOK;;BCh7a~u zRe>u(1z(9fmzA;9nCQL?u(hY*wNa1ZHP6vUM*WX~*A{?xZ5%dH<28{}UTcj#cJQC_ ztG`)TA2V3*IA-PHxu*i2U%K(bn%GfLfd|n}cVn}X=F+@!{s)3-De=onpg!IXQ#cja zW&7AxP=yr>t_P36#6Y}Yy7i}EkEh=>OLzOOne_MPX7gh_qYs@bi@F)W*g5m?mB>=N zp$n16ZN~;f5V7EOmuL4E3)wem31||C(B{a#fk1N*4yOpTb5&@*Hn{d@jk>e#PBXBf z{ARpYn#d^XN6>Owl)`5+LZ=3r!^pchv=2T3yQn8Io6v>;P6k`9@o+iGyNXn~U1f8R zb$NxioA!}V{59=s6~J8MSDNZL_@eHh-z%W+=Fh=cBG|tvL+DdIY%Y6Lj^U}K2N-Yl zUb$FODddsB6T6iS;?K3iE;0dXH6#9EhHz)Wj95Qji})tbde&$OeCMweFvplmU% z9u;NsXqdhbH${tFsa+8N*&+5fztZx%NbDlx#XS2YAoi=*0P@rLh(L>0yLhO=|3+@v z+D7R18S5P5FUZ{WU+geYkS$v}_ErkT{@mRH50$Y1Z?E7IiQ>Dcb$Rj>0^4r-77CRm zNiQo6GD_^?ka$LhJ0%Ys^6*2uSVb7z6Wl0mq{~6E5@2wm!4|k88;Lkd+UmF-;NJLkq^jKyc_e2j!{)}_cDf@dn5b`iEni!W{GlN z`{Lkt_cY$$V#qHPJCP(mkCv0Vc*73JnaWFvqPTK??BTafKj?&yvqAk(Dny;T31;J0 zMW~b`*Q}|BXwZ#D=c&GAP&S}vll#asy%$>&ieXR*YJ@p6yfujP@BMR zAoP*h>U#RGpW%G?T?hEbWCAukQ3yLEkL~JcY%+MaCSZcudIxaWS52o*=(&G}o+U@A zbD^tLVIQZDrjtQ)U}P&q5{-puECg03)^V(>)uj3%cZ50@TYzeLQcW-Otf>f9j)=9! zg6VD>^$dFU;Syj50ovYSIu%P2G1GQ5`8eHm(Y1k=>dYmvh;>nk#A1J4Y-THXrV5FB zAARNnv(cCAWAq7{q2OJ*Y_!NB8&n@nC!IENPSEg~2M))#wiLi)-sZ9kG=(^5juA;@ zr+u8VqCp!e(^#kxdLNDi$3Q^XIwE%M+qU3mqCsmi6RodHSCn$TQ!}6gH4#N`f(S9z zy4oCycO@pC^Q({6ca z7CbViW&a20>^Q0SVSqVJ`^cPDDaiqIT9I}20!{TJb6S3%IZX-Xv{mzh*osrSr_E`b z`pjw7iEPZ$2Ie%`BXe4=qoVjl+MH%y@vJ#*Bbd`}^do20v^lLB%xSq`PTSZWNSo7I z`^{-9eDD}EZBAq8!zJ0YIZekc0p_f-&z#l`=CnG1&h)f74b%r8b$5d~t-Gsk$+PCP z*&40$u{q7=;|}ID&0}*~Z<2jdV=uG&i8)O_U{2G~<}}^rFt0zD(-dG%Tlb7P?H2L} zbD9p!Y0$Trq9B|$FsCKEoH=(u1RC@x4K$QCr)dvG3Hs7N^;9uTEgQ^f z8SeA3PHO{mnyufQrt3GSofRo*bJ{t#voO1)lRiMkmnfuO z8MHag2Ie$H$g}1&bF>7M1Ow)@?*BEX;s3K~I54N30eq?7oF)?iaaP-BPJ=Sc+iLfx z%xUSgIZZ*E)9U_cPJ^zdqR*VB@TbjboY=?aH1lI~+U(><=ClV;!Afw+ADPpXU`|sF znA2LPpnBSzW=?F-KQ^by$`nD9dmo$A8ruQU_Z5nXtH?WGPE(|FC7<`3(-_@gPHTH? zPV?wDr!DC>rzJ<<(H{VF8boJ60YNulPIG^nJWJ^_rwM6u+9~2cGpB7U{^FhF=@Gj@ zmo{~xXE*o2z7e|}9;HWue$n;+utb4gVUVfrrB#xefrJSi^)t= z)pIe!j%pdqprOU;Qlr&Wvl0F$7_~kEh1r% zLyd3iDFwz~Dnp*h34I;LP0VBafwbP?C;hZ@sM&zs+^&ky5QG4d*l~4NH_YrS6~Ls~+_MUEtPA3> zawx!u8Ns?>$}_lpm0}z>RisaWQt@$`Nz>}zZ7S>{;8BLP)j|#pAQ*uj(B!hz9D}m` zsXIoO7j&$&0XaXI@-~4+C7g~6wG~dbMGwS<>f?w^j{zi&12qo$WQP6KrnM(u{)Q?X zg<3CNIA@LfrJ}Y%P1;P=Xs_n^rGGoJ<=l}i6^a9EyjbYhM`sk@T_aC<;lN5i&KC8# zhVI7Lx`6b?EfJ5Ywfl#5j>Fe+&ueglHLf+vF0pC6&$t?0rQW5au?CQ|HX$z8$V8|p zuW6By(&RvROH2f`P>15uo{Z4!X^Akle{y*XG2)tviNgH8Ci-wq-#hd`?zG-!LNDxv z0nE6(vlzlh%NA+57liUnPAiNC{8a?)j|?01Q^fb&0pXm4>4(%3M2*zu4(*1;W{(r# zzVQ-!00t*E?WQywv3b=4>)V)72Is}d2#5+zro4qJrp|{ru@9R@gw#MMj(H1!{Ihfi z4J2r9wvqNRik^BH0~*p(4}-Z7q_yZ8+DsTIR#In=*fDxGETxRT%=ctIX+_9*omW$Ga3nI$`KcVk1kjL*1f7Ty za!%Mv=mSei^fTh*i;VYvElyq3@%&I-B2A^~xbRn@hvgxrM{`o@nM!&^U#zuWbXI$h zJv`z5&cJVv>Cnq*KYET_7aoB%Z(4EJvP3lUmE_$?U8en~O}BkhUCx_K#CnO;pcVAc z1&*7aiywABNMzCir^ z18Y1gf?xA3M`Fm1)xjA9zEy+G=R=vq8fOOfZ?ZXD1+iCsOq#kY@*%XQ^v5!Nn}yOY ztw@D`WQ|8|LC-xXF9W(OAgYiraP`_?Vg?F3@Syob9|ipw`2LF+M;2(j`7wOxBrbN@ z$H5OpxL~Q#fIBN!JtOKw)$?gTZ5|fA{lf=$529aFKV99$c;_M}mB}LG7yanqQH`LUE{rhKAoLs#ev~IL_Ru|@^)-+kg_urZ;)mZoY^aB` zzNo&eH7Nu;izaX>PCB<<5EJD!voBvZ2(Y3&7Yz0y@t$69P zJMnj5|F0RVeB>vS(S9+_Sr zn6!5U$oc-@Cj-5)&(29F^35UZQe>kB?Hm!dGw{bZ@4oT(zZ+f)9#OR3x_DwFW6qn; zeW9#=VQEjpm%f|$Su=*rF7$T1%Xq<2^74&Ok(I^7j9IL>rCA-5Zhw5+1C6fvr@j07 z^C3SzCoDK?9{T0rV3Qj+x}w*sq%=c?b*2Vcs)r9+@mc(Ruk^yh`C^yn=Rav2;TG0{ zgIo4_3?0Od*UEG!QQ0J8?tu%d5bcWJz1|vM{0{aceUlVg(z5(Fgc#w?EBwLqC5T+Q z4n53F;_&rRvdz(&5-3tzc0oG~BT|GqoSkoUx$INB-7LUWP9qgT5P55~xqZ+Iv(r#$ zi37g4?os~c=TxOv$J()|v=*Mx$38X1ewQVz9#s?7+4A=E^dg_VVSfu5vT5!YjB1}5 z%w#Xh9zKtHnYIYYI=^#l`IaHT}DfB8>N_ob7+W z>^jdFaSoew;Z)K>ZE5ovPll)bRVIU(yv@t{we{HNjF%G+wEaCd4N`7*2HyK+(0mrd z=*pgZXY2+AW7M!NQ;Dt#?>Ik72y#1={}J>lJi(VU9ETXM9{!1cna#Q18ml2h>U18= zeTeVP8w-z(@r{t}tM!MV#W}EM*G`%Yln)US+dy!+Kq;u`lh&; z2mqs=N#|5-KQ3T35S=~Wgv2qvto428Oxr2?c%5`4o!qHTTEc-)dfEb%u+u%LpMYs#Sp|mN!ohSh;Xz(FFb4xd<2QbOaL6S zmiNH?Y8!PBgM@1r6u4G-8AyN^pwbLUoLZVye*%fcU?~Vo4DZJ9jKBnFcPotW_|XuW zFKO{QlmR zw}92=6+fTX>P`D&;7*;+EsTOP-sfbDY^-*HqctCBljXVo+(zB&K z%bT5KA5LWaVjMU(MXh5Xyi6ny-UM?d_rAO^aUS2m?}Nmea1k{WtN&vX=dVW`0y>Cu z6c}Mqp5kFH`Y4CfJcZW+c7#%IesZXBMUNOdm?B)qJ=6vL<@<02MZmk13K1TH)mgGD zp2^|dO-Z1iW%?n*9fh5M+C3&x6T&J0V^0~r4`ZEke>#ZMyu9RMCNsKINOp&)qaO!x z!nWModKpa#PAjJO*y|vNGbX9B{SMl>Dh@C~0>kJBW>R&Wa(G)uAQWFd!r(TV8>epN zi<^>sQAjoM78*!QH1-0dAEH-9)t~;lWDX=_yTPWx2*T!ltsVrH;YK53;Q$4)lPr`J zCXAM=m}U(Wyf3IhWEIg_a!ns++UGb46Z($E)%`h~F#k~-1axX< z+QSALoXSX5;}4*<&MnYO1JKsj_%=Ab7@f_3S@{GsnSGps%F_IPewoc(A&dzJWcp*9 zQL6}eOo&bNkizBbgzdU_I2=lnT;#1|Ajd=#`qI%ow!4kuH| zlSglc84PfBRdQ6QHa;0s8F~XCGjD-8?)o8Zm`tSxt!J2HST`RQLT>Ua*AK!%;G?lm zEng)j{Rr(KpzzCPQ(S>c7k4w4s)-_TgdIdcNg5Yfch^WD!$&A}d|7GZJzS1y`A8Oo z9QSh{j2_70%oaHgQ?N9s8bax07E28Z4c2hX{)w!#4gj$Qlo$o$5{9E!TBF5H(_n<> zSwxJjZdnVxd5KK#0~CY@qz$ft`4CLS=|jYX^}vg1^}?F9>t}0lofi%XWKn+G`Q{Cq zH%Kq-zO*}9p45FIjh;aPwWDhb|0>d=1b@L*wX8~w7My)3>M3&wl*VddGmgQjp%I>r z)AL(eqvdhiO6rWRTI*8S3LlE%qoRj`6v%lt(+31353R667AQ)uvCXX!WPb`L8zv13 zU?YcbfDsu`5De=LXwZyJj?RQMQhI;Kh9`;ohmwoJ;?UV%X^W%|;-XmdJ3z6%WLvx( zWGOJd2eebX1(!Hsc6W=@`nH*k^z&hnq)DZrvJlaHnI7(Gkj?ZCI;4|W_f;n{2(V6< zV6a@l)HKGskvx-UQb}biRegBaG-y@8Pl@%arUjVB3FlsojR$Li40`<)QX7EaB$lsT zFDBq1S;;{)L%RcAbwG!a3RpqEvvKWH2@OeH)p*kvSY)3B^D_q)T~lkhv@p6<^F44i zko|}M6-bP=(r34eL<6tjrhHu_!(v}9rPjf*<8UDX45&6<0&B`}qgG`gfzw6tkFiDF zVGv_lrXd|*f9AtzjS>E|%M}m|3;RbP>Xy%jxeBNa`wO~((isX5gUOm*1e}j1X&@@Y zzFef%i5>%D4+K1IQVxn@FnuAK5jEV{?PhQ}I|A!7J)qYlX?xIY4+H$8?^LrN2<6qN zrfyx(morpGszI}ff@W%iMh*GBe_^3v<@ffewLF$6%O=Y7YY07WTtH2z+ku^*-maVT zi)r8QVvmY$ceVRU$cQ;6Ta)1I5W|9FNQ;NO9|i~wi_qB6$As7oM4BC&(vblYb~XB8 zD_aBgA7&~%>pz3{DU5(Cf~$9C#hp-wXy*WQxdN_Viqo1k+_(#xcTW>y$x)!y#^5ak zgjfimt}qFkr-oa4d7ShZJWa9Kol(OWF)cjL=dj@<^dPj;;NTFZlhR{v5)zmuOuK_n!uvnc*@@+xH{=wH$!1FUG$Xcd z?Ndpd-$WI9-z6Ys3?i?K!sD7DV=Ig*sOThP-fY*seGMjoX}mQYDNypX!VE}|4K>q` zAXAA%W*|uXHaO7eF1N@$9m0_Fll4PZltNnux|s779{?m)E$vwb3()WlVc-2&6m}eC z6~Nk7F%ZO=;0=8^d@)^+r~u(g@}&O^5#xYqu;DKzahg8crQW-2YY;mQSq>GD8nH(P z7p&UB)IoJxJZ8-9?cu|v5ZXV{mq8ui7=(%i>bYW)`F!m&Pg6N5AUc zv>1j$+YJU{N?C0DtJFuR2o`gw5K42bt22B^9D?3}lbln5b)_A;Rk<+OvnRr72=6Tf z0|bOI2)0~5gvE~H?E#MAX;MrduDQ3Y*EV#}?YurpjK;;j!<)rw*Axl$Apk>rnNIBD za?+8HA1sbOnB`fR>G@RR?Al>V(vSXMCB+6+rw))}1x!`TLje+I51yemI;}-0vI?~L zE~58BM+1(;LIa!A0|@W$+PUiQia?5z;kK>abWj7q@w~PY?qC5nWBob`s7`^3(|zz! z9Oo^(1z$UiG>7i*f<`t;Z;C~fHjI#9rXy74+xRBy*T3Q_6c$<0FGq(NbYeXarigmK zJTL%`;R2Xupu;$sP68H7&qVmLPGL_ec+TLnwR1=f%}V|81Fqs+=tDy{HK`g2SBB(c zb;JXQfl*cvljOOs)k}U!{z5{z5l5%VOkBYX{O-u5zpDoHX1f%bgLW0=b#s%S(VOjZ zrD`2ei~aA`o265EZDdcM-pmGiGx90DnQi=^=*`&5zo0i8^Oz93H2TPx{~3fB7t$0c z$*Nz2c25XO{pq}YW6E2V9IGQdGR(K(#ZsBIId9m z5EDGP;6Fh#-uJ`WP;u5!a$vMOemdSsYBs?TINl-YWi~tuh_yiiMWLgqsgNk90WrO2 zSK4aOlxUtKj4BRP4f}F8-D_K?^_HyKcJh~F?*x66TWn@j+#fS_&ZV;Zd57zV6J+$- zot`kyICdfOmbf(uE$>NO$R4DZDr*Df9UQTA!_d-9zrP-tm6>dOdm_s(*wK-5Y< z2fHwaUp?raY~)WzJ~94$DTJ}YU(r)NY!}Wtc2D!1+UU^0Mt7GYkb4SB=^nJZa~0?> zagYKlf*iwPfrbh+yGSB#(SN@+a}C$7a@Doyg#Fo^GHF8GGcZ|LluS%q!vLcWg#GML z3rzYsLB0#+q=|!Mo7wo0gUXOPOz{OgB2fWLgh54^C5oeeQ;{C}9G}?Ss$c*cPld08 zA%XoV66?~|>0v(>!Q{dx*rq(wL8XqPQ74MwQfT-(5mJ_wXtA|=K=za;`6E}pUj*t{ z<>o=qSweA-8nSm#dogtlrGK^eE8m211Td7=X@O1!4ogfPjx=}UF%u^3G#Dw(E(1); zcnig-vTLnBRxB9^=LF)chOhrdjN#en5GprV(2hr(o_1(v;>ZHqfG>L=3rk zQD|^Y&bL$&z=eNZi%KBWu+-)1-2v%~5gdqjK{W&{$?}oRq_iR~c*BpM3vqej#69~M zY(`W7svPFOgxkX+SyKX=RcxfXc*)0gms59oGhS!1ZtYF6C;Q%veL$K_gYIm<*x3cM z@bw>P-e12kF=Zv{Ot|P-X^%|?zdVW zj8eX}Yt@j-;q0|jxl#sI{>3Ju9)p22R}0sq>2}w&ms8rm8D&BgyjyzD@5|W7s^cD$ zWCqIaY-Pugn3jD?rTii?`_~#k$zlw+E~1Ymli^a0EF+qZ=Ole(5MPO+I>+2ff7fsn zNe=U9w$G*zBt(5HV+eH#*Zg|ZauNRioC>^9xSwXPv;vXTNq4SKTo&f0TaFP8faJ5B zWG8erLQ+J3lFn(Kre-2?{%l0PsElUGinK{Jc)8T>qz7=O7_-3yB*n98F9~C&ksfsE zAFQ6cz>H=dlWmg2QMH9jL3_uNH5v}6)d zd8nxfQ|^T4>7m!Pf5Xd@93kv*LSJzee5B%b)3I7o%tO0g5lHlwDzk>)!ZmdlOTEK|(#v(m zT}F%j7$NqdSue7P=DaS@EvJ9~(?TG??`ade3kl@4u8-qaX-eZ)_SVs;8WLV-02&%_ zwTD>&n<0$TvLX7Ce)NqdoA2nIK1d`cEtEI{-~L~s>=~jgEApC#bADX+(H_y&Ityva z2H9c|zBkqDbReEGs?k*0U|dn^75+~wuRPt|l_f|)*oV0g*y>lt65F$W<opDZ9#bQfYh3vJ3HC`k6(-I~G&mi8q&Y<6oz7QOGPRvTJB%cv@-3$Zk~qCw z-fEILD!3pDzW^a0sD;w{gO7K8EXK9DKLeEM!tLWN@Tl2K+@WA~b&^gF0A*xTqO1Z^ zFZmN5z(cubYBU5-^s4ZxsyE3&xHS>EH91S;T7Wk50mm7tY3LMaoNzu^09Iosr!$ob zMOE-~BG77MP>Tbg%x@5`JTrv`%FH3RkMcz3sA&0KE>?za11dVVd>a5|K^Tm7TdI-1 zC{BealL;;~ugx<(G|&^`7~EZN4YE}YgYYRTT2ll_nc6W_3}bTGR#Tq1u2T>Lmi({r zWQtt?D-_wfoRCHoh_fw;7VnwmApHAp$>X$-wV2`gD>3Ys!$imb3eEmsz5>3HTOr8_ z`u!9-|FX@WK<_Ged{%?h7Lw&Jd<&QKE{6Iq%uBZDl{8ZZAr2W%?3!gPsCw$V-cm19 zY`mrnG3}F!?=PNg3!;&-NExO{>fDAw6}MY+a4!L*16jE_d?1UHju|*iDMMf&zv}!> z(s_#VGgP2862dWBKLoeAcT`9zVI|p_wg?rax7P*^>GeJ&*-z_5dn49{Npl*?5xEb5 zCqmrnB;GnqPN8a4ctf#p&{{)wsi)+&eUmzxbnA)?mELKd7>yXP(D6Brf{n2rp-QKb z8k(+YhYg>`R@l`MM56L()P8S)j*DPr$0|8AOy-V?+Zs-<+ByeL0N^m2H_jghNq!Hw zW;0LVopLVb!fe#!z}?e5G6tm|>4v8C#N;1?8T+HMJ5KOepA->E%#}98h_amP>|@V1 zL(p97P^h|Z7=#OWSS8c`IDs?QXT>)cP8GU0d0NVD*_pbd^9ujbskx34yHXlQ`v+V_ z>^~XEox=vZ|KpYN<`VvmQG-+Xh|d4O;J2+gFBM0g{z*B{ZOFtijAYquM)*3U;kl`Y zpQDObDqq{ci2Ir0<9X+|8TXd#;yFF|I`+G;W#4{GP>Zntkiw}@^I6iihTO;oJv;-R zU}iS1;X})1%1Z#DW#*T1Ltmxji#khwIcZ%K6G3)5CgG_1^y3iD6Irim+FM}|QQi0> zH#Y+8z49p7csd)+i5OdxjZyMbm;}bLT@Wk}QQAL9i`K1!9n-$w^PPK?5|r6eDVS`a(EggQ@>K*WZ`77+abQ z1X}6L>BGzbkCj-c!_L>YXSyA%rQT)vGGb!dFApYx#Y~KWfNJ?w(_N&`U4tcDNtS9K}Co*EbkBa*;!~pa72qKjo0Qt@_LbY zga9fipSHYV!WAs@XKa*_-3ZyHm0MkyRr1mlOzgg!fpz5+Yj?U#Y2cAem zALVieI*p%?t;19x=_T>zUhRpRGp}ThBIE6ONsXM^k#}{<$NX6>b>F^q&XJAhZf!hg zl*euuH_UY;tvUDa?|Z=<&#HxCa4QKKw|ER+4M*(*@~k!pI#UzRg2BN%JUP5|OvzQW8D?t? znCUaeNqPdmN5ZHYzB#fK`d7O&zdV!4>2VvrzXUugYC5+>Bk$}z0ioSye&FEL5!V<^ zNuOPB8;oTp$Yq3 zXc=nv6HwVFc{(mYWtp@Kt@RHsv{m3j``S(U$b~k}9j4Hu&rr}i0vB3xbRTyH%7lIw zTE(+2G#eKh{TW2cpSjQ;fcPv3x?>w&@yP}knof#k{kaQmq3>=t(=f&_gJPareO-hf ze<{4u_kQ=UW-j$k%mmLxKDM3AxmlDb{*Lv{DI89%ll8*Rvki9Yqa-)e?p4m2?fMs9 zSj>;3cG($GY0R{-u_ITT_4P3)zWr#)?2qmSt;hbs9^%UgWX^fTmnMQ<*qHv(?KJQ4 z$%mKASVj^*@olyLt3PlXd`&*8|27dC$+0KVA~Yq4&{~6?8$g7XuKq~E`O6|S#()T| zIx+lxnba$y7({5GVblE?^BF4`^P2R@^B6C9zV_DcHCS!oe6KvHLKxmx>ej3?wsZFAW{i68 z)0aCx4!w58BA+qn?a}vNSkFj(?cC4K%THx@e(1XApbN^=y{!oI{SySUmFbf6+YJjblkZ=KIy=~yW9uiUl$=JG2Za=`?K8(YElmL)G57P6ve ziUq4o$vY$of9Z4{RsGA1O}f~PjElJ!UN#1~O9dx>{$TZo=X-GOu8Vhmy@$4A(ri{C zR_a-C+n(VhySiMS79y`X5`(rQN{fjwk&9G3*O%GZO`Qs15v0MpQ@B6o_^6?yMwuAz zkL}**7hS#J4a1`1fO$->d)wxs=bRJwzI8?Da_0z_FT66iEw}TuHe`PrV=!8lznPN! z;7VXbpeHX?GS;P5CgR!SjxRs->vNplDPJ%gUGFX2R8(C%46w955~yX^`UGm-?jUCQR{}LXEl@k# z(sidjD(>@pH4M*-eCz7(%0s*28x#c@ikIWD-d(Fz{-54D!I<}8=J_>sp?OEPBl-n( zAC1^Tt!b|r#ExR1=s%+YzX-suHfQj%hQi5r5+)&=It9s&zmW!@@U(nX>;QNkuP*~} zIg;fo6hWpkYRZ;a@XR(!D->zc4@FBRHKz z{k1$`n|1?9-k;m4C`%DZmt;YLB`X4&I!SnX$vll$8Q$`6S!>a~oRmGIhwDGyfO9(i zM3H{;SUb=c%X)uv;n*I}do!v($lGP}Ubgc!`Ow)4Ij40nb3z95h9+R?8w;m?QqANY zTRb)Kl4SMq+3&u)F^*^(`CLp0j%OjV*~5;=cs)P9L_Cj}hVOV$x(_`kqxuDC8T|sZ z;(h^I^!`YEu6carV+$ozE45k({3z&#Ggu06dB-g$M98Grk zg7xNeyf3-)jBLq#C>ZS=ty>M(5NPE&x9H$bw-Z@#wUxIZw^LU}V<*>(L~z_uj%2;u=fSrhOqg?&6Grk9A`<;T~LXB4r6GFh(4a?%ly!B6L2HGNq?=K{i;EvRSt z-R@EIfu6^8bASlIS)e!bB!8Z>ZFzFEA=@<;K@a}O2%*_Fz3h`K5S5DifmQ~B0P%)b z-D4=80q>D07r|k)x!VnXAx*9si4IXEv(eF?-DwVgLbt6gI}NPGvJ+dy8Y*A19Wp*$ zE`EkvaazR)DE}ayBxam)FeVhd4U3=>qAUX%ia(!SoMs;ftoYubF_C7sV{=Eo4ibfpptbE|CXZ!)aOxjC!4S@YYpTgV%$S3ROx4Fyw3T10Nz+3 z?2GP<3Tdts!C-{z-(gSUW1U@*BQ7pmha=*46*KMaYvvI7zB)R(lZna!a;w9LhZ}-Z zJw<3%KxRTOa|nR7>KPxjlN^{BaZ!kiU2R4UXMw4LebPA0m7{YSb@CVV=(GXNki*#5&}f%eZG+4pb6I+pTkRNvLgfmBy50g%gun^`jw}mJ7sG8Lzo469T+0iv=@X17-n4xD8-MkVk{=TJ_Jk@ z98jO_g6n}B7%nL41j&lZ{iFEr%i@4;TTG&{>OYI_+|}7c3n4osKn!_6Fa3<0YYR24 zJ0!n2%is>|NrQ{8^D>9RZ3u_3Ep&iqGR05k5AbcWB=2c8kNCEjXm*hE!+yT4SjsoB z5qTv1arE9UQ(2jS1x~+o;Bkf##$B+Y^rd&k#Q-?PF`frl7L>J08W$)IiW)1KJ~`!2 z(mQi#h#DXyR0KmplO3qLc>Qgm8B)36}tu1pJ!C1yZx_ zLJRO~u$EsEmPZ*60+ml-E#Sg@oZjiCEP|tH1f+Lv#7P4kTY%icz@Y)(q3i^>rL%@( z5(B6(RYo&gN@elr(78n5ynt^z=AyFv#Om87`*N{fjMCwqemCq>ZsF^6srm;)>x_g;{ZR04EHGd;K^v}FJkO6+-TO*aKakzoSc%^b+|fGbe%jov z>hCz_DK}R5K{qebLkZ8g0lKX?0*@8sYNMsqo0mOeS`)JoY4t*n+&Y-5awX+h3!yB| z4&;j9$ea%@@p#O@Rx0g9$=y7_+aPvUyS|bsq4BmufHqFB0Mu9jFUfFmH!lm&END-# zE6`+qR)7!^8F^wOZu+_oT?cQBK(hyA09#~hbY!L-S%I%rBrZ~{Mw zUIZtdmr%F1ts}TzbAEq{uwx`s2>k=nF~^DD=>|&>?m^{(LSTi##KZbu% zh$iZM!a4=>xAIgd(HcFpSkeG|Judd1vKL(ka9gD7CST)4-w~?nr)jx!OKa{(Mj$-aok

I!JSmiwTW|0?cYlKDgrNxN5*i$b?N>EHJ7GBCvZ*Hsrz$*k|DQHYXn^<{RJNB`1B=sBjtwY`3YQ#92Z zqKArF`ByL)cgeFjCc%6~$$v(*aV)Mebwm#z3ti+WFul>Pdn0grsRf6#^Vu@Un6F;x z^JCF6$mqD={$H8dgRhl~)mY2JRbC(B?W{;BVb508856C0#rhJA zI9?+xP+ZDar!9cU*~`7qRCo4(z*9w;4wD)j8vBOHgaXNVg)1_^!PHZAf3a7pnGO4Y z(>Y2U!kSJ`mXU^>og>a?%1KA2hi_0~d6bYsE%u^rN1>kod0_e|>%tJ*)q z!5nKSqcJ%!m;LJxLs||dqLVwtXfrt5p8C*SP@x|Y28@TRw+6xU0EBxVTSyh@nt&5< z)YRbUHQZ9?5Ue9Q351X2nd4MFk}^J;htvEo68`lCF*I%`*!R&aYd28!BqWDJ@@Q=v6SDHK2`q%(rPr9~t*Qf^P%AFBs79QzN3SM_-(C zVb@&W=f64`-#N4PTMr(z`-O|v-VJ$cZW`0`oi)L8u9|*$@Y6JqH??1L*Pnx~X^Et-o*>Yc|oH^=6sofkfPV7199sb>pRo{4g z&e-!aV>Ef;S2wRK6TU2TAH3f<+$YoPMOpYm&@kb<`685GPO&oQjdQzi`U>_BKy-g8 zTNyw>LZ+Xh%=DE3yK34Wdk;(M$>`iF_5cly$cav?j_YUM|^3Zc57%y6%7poi>KYHN{-3eRjNL1O4_ z3*6S1;W5K4;35#co+MEN(8)l?9nBKeXb*yv?v<>mu5aFp{w$7Ug^aU4*AKEsG zl3!&K5-NTuDzcyQAWLCu3Fx>#3EHW*VcSw)HbR#wL(~-8NvLKrDXovk2Q^ucEoaew z$3#rWC@BJ!ne3)bq|eM^Wb%ek=oY>aKDcGvKhsqI0C72k<+;SG=Cx5P%Lbb)f6rpP zJkj&zw+^0=@_y@TJ9BiG|M#PYD(6aG`vxVN;UmsrJAx&sphc&lxj;NREofaHI2Z*%{Mxy^kHy0 z;x5~i{xDCk90|YYtFy){LL}%TrJDYUQq2R~)TdMwZ?L zCKnGV)lRAbG=#n7Bc)pFfKp8%AsT6=S~0CuyV0jqv;E&!s=5Dbr5d1i#EdsR$2L_@ zcz(?>9NjMY>az9q#W%Phcs&&oA9Z^E&5vh%J*utb>tl3()_BbSYzP~u#cz< zXZ>0PLydk}yd}|9C)W-WeueUc3bcsV=;DOIT+Kk3=Ni{{ka=w5akIU>vX$rj#UW2+ zdA6l;v@4xD4iw-FWf0}b?GUS}-FSnZI@~>OjCHlf>1~MCMoS!1_MsYFbXm|AL3xsK z1Z=zubewB=i*AUEuOJ+WZBf~A*DQ8*Za)L3Rhxr6njYZFk-&hx4ip^8?CxFcB}%ps zWgi=J)R^v6o~3vA(b2eWLr6!|u>!#0j-5Zn6rpt_)*-b}2UYg#=6I+wYG0+YFt)^L z)GD`FmzNmH#%7Sy0w}r(W6wmAqvY9lAQe|bA*@>-VsuIi7B2RoIXEA7`O6kEUjt@J z+%Yr>r*>z!X+m0)JmL5ZweD#T<>&Wj##tADl@UhXuecyI8ImBF_Axd$JSQWV(qQ}v zts$7A>T@^OSQI^_A+KH(o}n=~-Ag4`@jEKlnBF1O9xR6X3<@oGaM)+(B^BKTh016SOIVU*Q?Q{bATPHf*@ zqlwHH%lDm@tb)7czk`GGBvm2sP#3)eX)OPX!~H*f1uk;eu55Um7i5q5rRWm8SXR$*X@Q{<5cCFL-G8oqhOewD{+66 z(9c@*Z^E6HS1{TN&;!o@O%Xz}ka_knQA;9MZ#zBT0CE>^(l?RasyeOee?X~Z7Vp<+@IfvgGMkjii?QZ($&FeW0 zpZxYiwsYs_Tb0(~UYlOjS(ntdjw(7WV5M^(1$)kC^+9nQZ4x2I3!_lM+8OVkm~$iM z;|aVkSH)zKikT||5#Bv5)hL%4Ojla)J6 zMM%}D)4$h>+Q|?)Q{j0~v%}6pe`4M-Z$3Hn3F3xob0v6Li9;YpThLXbqbui2yk~6o zbsNk`KM@^!@Qm8VW(;y;y>T+-^PWw+{MAmX;SH}@(pAGu;y?}+gPj%+iet1HjlEB(0x#OnU@a)e5S0L9%`P& zTaHz|6&$Px$PuF}cobVI@59;jT#)S^>-9iFJ+wSE6eE+T2g_0LV#Pg+vz?2+axsHT z^K6{LC~j-qpu+Z47VU2%?_?#FF(eq)3y#TariLPoR6zL;o ztd~e2kDBOBv%ap&I&Rv%%R;dt6eTbqdcP+el_x^&drtXg`rn-QQ zUpKc5;3S+`CwBvP3U&#|_?*4-r51SJ!+TM%^=P9a z5OxKs-+MOjA%gb*u=nm^O`PlgegX+cAsoee06ZX`AhxxlB1daIP{r0(tOx;J)mjy> zqESLJA%G~f+G;DVA`;swwJOAVKnckZlv?Z3rfMY>!vv2(VkTf<0+VEZ&j4EO>R#X7 zwf6PHvBJ(i*kgTsmIa1b~FbzA(}C6TMyK^=2ZblhpVp8#@5ym5Fykg4Jv-Oj?FD%gG; zIGy@sG>GcoPb@_mHSTeds44`8)b~IbMlVP8hIpAX^p&p(9SbaDv_|2FgYRM9su6{K zM4K4;M9`phtAUQClIWB9S#ffbSi+{@ z_|a>xp!cI_t`}cH{-kj3eORrZs4KSCs5~j?y~vG}(v66!x|yesNMnEHo!}!V6`p!@MfXIE7f@ zPAimjyQ#iOwy#@y-kvB4H0yfzew#70E=?TOy9*1Kl{yJcMcXLr0dK~~s~CIS7#|ni z3)Q@q7m6M|k=OmH=$eV;^wM75weNQSHj*d0@YZ1Gvidmc^APB>S?3Kua?8j{T#L4M z1n<81hP($x35fq7nzQ$QD7%SJ^4Nj4-%OuC=M>_+TCDB4ppY!YwdQs*ponP8yqQlm zX!E;aI_obZX->9>bE{s}b_cD<_LRT_H%-aaxC;s&R>vw6T{`!@=6N@!s+k(+^^dpf zmb8^-appl)yUY|kWO6`>bKj_-UbB?vo-lcHwE$HVr&Hfh6K+txC)SB9Z8 zhYde|J5=~kobu>!#=aPDb;JN&CQczLIckK}f>-_uEKFQSq?TCjh5fV;+P%c(IEtkJ z!Evi;fiwuXiJ-KfA&%4RYbp)f0eG314^oUVkKvLZVF;QqJ8Ll?a&S6}J|^Hogz&o@ zUC|fZvnQCx7@L*7n3l4IyW~c6>HdBKJ@#8wP;1Dj8rf>ZI_P}TDPnRIURCr2v1JT? zD0WGlmGRYw!|sN3=p6O#uRom399derN@e#IqzHEY7Jiyz{`u`f}K6H-k> z!}7G?$0h5JL=tFLY%qJ6z)0jA&Gjf->b1{ z5{p|$kmexWuG{8MUk_QERY9F^F|jzi z?6(qY{mA3vCqx`w#k1pId;ie1LiAxMW@p{dtbF&qjHvpTT;e{8c5^s1@(^Zc%yNkf z-FwhIX-DM`@8}q>T_}pZF!`N*zbayVl9H0g@VZZlSDPBLzn@V_O-oz7_p6?u`((WP z)|k)uFKw{b*E8N67t9#q5F6TXDsO6pUGVW{Pt$MC87(qTui`gX8@2u^K z>lo302XqxEG}EtfC2PqZn5z2hZ*p0d)2a_{Va)A8 zMC51XTVxR_Xq1 ziQg)(J-)x6vV4N0&|P&v*dw%2KYdyXQJ$GkQ$8!P39mzr&L{;NFM;d@vNx5BD!(%R zs<69F2@Ct_i$>rZXvFPQI17j?=Jf0Br7B^sE4!)!B0djp{KZ;k2U4TLJ55~!8K2Hl z3`5Zk!vXEf;X}NmR4zR=k;%WHMk>J~7bwnr4spvAkw%U0)^-~QZsJKf539Rl+;}Li zhzSpTKs?Fu=+rtQrMKN?W>6vnEB{x-vceYSq(DKoI}t;*KTC?4kthT{js|aNiA@df zXq3=6gnJ!CPa1~lxdV(_egf3$AleUVKrO@#9#ko2IFtA-(<}sYTMDq0$VNy%m^S7C z#;)@+I0JW*2~S#zBh9#t$Okc9iQ3f>Ah+xAE*M~iSP6iP;F1>J~(*aUb+;gbemyzwZ1F1Q|xjyyH4pgDG{5H%Y$o+52=vNto?ohqm8w^*`8sV z1*6)#>dZ+YI||9u);B05^wTIK1v7$aZ`>nTLShG)arhQF(f;LbUWt*gDhpiCoe8+p z9T-b=O-KsB0bJ9v;|BmYJqyTx?v}-pDjUh{RDMrOWxk-h?kQbx7{W=5LX&Mt{uo*W zXaVFQ`(KhmEd+?0!5Lz{4faH`b0XG3aTzILL+HSO2eK1)N zgvLrUsNEH?H1Kmk_XAlA>Lj=z-ykV(slOV1k#H-*b3?8iOe?C+Z9*V*9WO!QNG_`x zNcbGeL{&kt_Y)=ammld65OKLJpsVyC-%l)2&+xD$d~8V4l1xY{6;w84yiccla_E@P zi>8E@(%%z4Pt$-~5IsU94JfUI9Iy=PH3~cwY7c7)NwaMTgnZtzDvIdI8H*fKi`>G+ zKnXPxM*CVlIQ?vlpDMzENi|ae#(I8#zGo4VmDE%%Nnywb@;%!|4B%}mt`QeLaK@L< z`G!)#*zHNc+YUnxZueM2+@IiW6}W^4b_q9NLSgT3YeSW83Pv@oe@96mKym|snb~E0 z96XfMPq(Gr0-(+t%FuySLwPp|hl2`!8?@=>Ibk+%L7N>B%wMUZ*arv<;*nIqkJvLP zc9f0$-t}C~*^%@~tgGoJz%;~7*j7~k_XBNp#d&Za;osc~&lc${8-clHV)WGL_j{Dx zfuLT);Y8L@rj8Jx2*!%Ab(B3;7RoZM{se}Ug2nS0-Zp}P4d89-lI;ZTgFI@_1B4Ca z%j_ggbgw(cj==bEAIKo&ofdFNin5So@b5H@I!_BF>J|?Zgl4#8(UeZt5yI z;iS!Rson2=J2Td77xQHwmeC2H?!ZX(C;GaXwS;U0o$zTGd%p|L!vUxL|?I4)VWp9V!$}_O%pu1rkP;VDQi=^}#5+ zOyRD$KPS}<8d5ks`*1^Ws|NiVO&J57tP!YZFmr|t@NFxM`l%07w3t?FTgw}EC3~3F zkAzhogpSWI6uoz%7=+~$XS9<~;vE45xE63Zr?VwmjO=#k7>aBH+&{8KykYsfB+^jMsOfbEQCJ9Q4cT%I{7ZqOxwF|c;s!y; zw67=GR5MI^27HseHcPw>)86Z(mi2b=^$C)|C*MRsAPu!I>UaDCZ8Y*P*BpmZ3FX^fXLb)%RTUSoQhp?zK zaH|(wRvZx0?En2~_HJAh3Fw)h2Wjg}g>}Qpzy`E-wcHsRMC^cGCfT~6PzK;Bq|L6! z6i^(=c7RJ_b2uwi(J5dS-^1Oy!u%oXm5+?IOne}RwI?FmO2>SvMTPgfIgPlU2bUwE zwaTSKogc_@|2*i^8P_P?!}Cy~UFkyVEaMJCD4S1h(i+D;(CrMhxDrc;nO*m`bJygC zu?`UQS&!^NVLmfJYgsH&^g0o@AMsKp!7pNkiO_P(L`~&3&^W}%EhR`_(r0LAW}Yvd z3VKy8N9FR~o63oj1W&N8ADTP1{n!6MP2Y#evEaUa`GHLBf!%Zw!1jJmY(%bdEq)($ zyci(Il+eL%_kj9%3zZZ-!-gATSj(6Q#1GuwGLATO5@awL;)MfApDS#q`jbBOygtw^ zPPBW=OIsDzRgiO*VpX(DKx5NkueF4twCWgS7$Hg=e4#vIzM@U!cTG#soN##W9!avC zljA;+@)=K`jPPv7x zmtoRZsYNf%ttmTMaj{3<^b#D|^3%FK@?!$@fqCbqhf}-pQn~V6IHkz90<|s#6*8<- z|N5=pFW156_w#2@IW+ihdzsu)A=CoX*5s}2%QLoI1!*06Cxb%9QYA(bhBF^i0nGzw z+hZk!dva(zkF=oB_BJGxqFNBwZGVc(J!rA7b&n09(~%)vB0@L;q;?s2C-{51=GXZ^ zm;1XvplxHHp>117emVAk2ii8EZaZJhcqxXLOi_o+*27Qfr*oz}nH%i5#`M{ebx)GN z>{u{Gz2J<*bJUmVXIFNZwl5lCDpWdJtFLrZ&S*sNVa!cTG{x9orlitoV-|Z+(h5{Q(yN*?#xm_<^y?A3q<5;u>j# zU*>`nh5j&1BiE>cAa0JGph@-u;dRm+HNi zHNAl!`upwrnSSrxFOU4-oMv9#%Z!ps`@Wm;cipv5hfKP$Bk5P$)%e49N3HMWD9Ult znvw%lUnVFVWz#es&U7Z|dFT_kjhn%QITX@E<7sz`($a2S2Rai}|K2pk@gi#q72j!y zfY)NPJu@vPEc8X9ts*T7?we4J>W>7?#K4)6i{K@E{;lQNtT zY_+#lr5Q@a))bGFKEXUfIHQ(wR0Oi@OMdp|xLQo6D-tL$-pMD}Y(CcG1MBvQAm z$kyQt5mxT;_U|&g_Z8n5eUz{KY^-Q!(`5hV$EmjrHd_J0HoC%J*Y)3^e$yC!ANRfVuBe)0b)XI)PLlQ{*ZHzNPC9Uo@n^i>2 zQ%6$6l)cN6YJJp*B^*<3QpSj2-@$$w{n<1^IiguEz<9Ayun~r4H{B<$J-wM%&Da_!tHN%{r-Nf*i>2cGVJbs!fyI-Y|?z=5346vJW{?ma*z; z1?G||be2(U`Qzy9DmR6=qBfC^{p9c)q6pkVYN3l`N=$(K00!!k;)ogT6U3>M1QF%6 zJ`MgX6u{&OhQ(uCNdgnEmgI1Zct<&?0HBxl33hAT#A2m5*@}oDUMli30F4 zVV#GvQdS7u=+YQzTka$HJcxauJ`;OX3pt_*%H9BSs=e7(CS~K`&$2D z=4apEFqjX~-4$&9HMq6@i{MY1Qk#4y@79NsxUpZlFtDQ!XC{6EOYxZNalt3|`T}kc zwAYpwEBnW*e}D2Q=~{;EZjgQI%cAO|6-%P4giH4v9kSugxa)}vqF563+=(M-SLbzL zaig3v8)=vf ziMYu<4#(DWT~y!iCiQ;~&99vhZWJP2HNVxaPk_Be|9es+Jst8c?RPQ_DQsP3pD$pMEnqwcs)(wrP^t7qp zI!i~ut6EDaE=m%hsOhOP_CahysIh4sttlYcQM6D1D&W?dGk@PQ3EX;a6}k$g-TxvF zW?Ju7cY8oMs5*j#)qH_I2Bv=Ec#Yi-SO;I0Df0~|({|)A!P3&I^f^VGPUAv4Xu%$( z3bBk;Ht17AS@P3-MeZsyA@AJ;69?0$&BA0pybI*u3w9su#M)vRiQTc`7L<=%(ppz< z#t#wD@W#t@)u{Z|8l~Ij@ZXa`ond&Y#1LMe1(p410>gD>^9fPXWo3rh0g+UT#BVyE z`B`pEC2cqq?Pm*6`%4=BdC)6(L4SDx#Y%a|-VoUB0fU$*SaB3RG3Q}s1MKmp*$|AD z6dOhf*_SWX@>O#%rvz4P1nk3bRD~+gnDp zbmW$5+_ALra&?Sq6%>Dzq~HHhY{X`;bSRA%!Jn(uSjNFT%Ks+fj;7f1Y*s%I3|!k_ zD-_~A$Jm!uuVKKCvXgJgG0`5dJ!J~)J=v4IvOw%r*{F@-KM`!#73G?3Z&$zb?a+-M zI9o=`4)pFRRumynE`*SfXAm3rn>z|4#Znq?f$Ur^@pP*up}ro1>S4bZf`oN4YQCYX&H&Y7?)(`p0hC{qr*1f7E(zjC55*JhVnsi|#=!{wrAu+h*s?`&kmSKfFQio0LNki1 zs1)YT5#eB0z1vXQ?T8WW533q1kkEq4@ zkmT``C)fJJ$7^5ydgvnvOe{?}n=#}}WI!%+;prbO-`xG%D5JMbG&V0U;-vjZpV95m zQ==OQerb43{=Cuc#V1%k0=G z%PGp`KzeelQ?4oFKw`>FQ;y}rq*#`nfE)$+PoFNhp|gy{A3Y#CgoTf{j3yS=O*bm@ zUjW`@B7JCfjAcFrxh-*@PoEC9{Y*NQQL>haVWq8!LR;JFIUII?lDL|yJ=%JONLop; zM;H(EC5Hw9*KrPVLn`8pmN4Mrt^TPbkYYHorvQfi-T1R}XcfbK4maQT+_y?vw`)LuiRnfMH0+ftYPuPT)np|FBpFOme-F9+0ZFK(J8 zXa1b)MgH2EiLm6*wJXV7tpeMaY4*XH2dxuvX~q`bC-$D5AP0X1 zj7ys#EycgvAJ^WoEQZ|38qiau^PrZu3j%=;o8G^S-p8SAt-L$ECN2hAE07yn4?z^t zp9XS6U8%RhI@ke$5l~@GEt3R&1Y$5!2lE5}Dd`3cD&nd$K)s7m=`l8r7uXCFEtAX> zrKdPho%Jy*!eN%mgUTIDT)zmkxxE{jy}ROR%nfzRtaWPub3`P>+#)WRQ9seyl#Hf9 zGwrOsGI2Zf8&&>{bN?bYG*i*dRdMA)Xis%>LM)-`9NtdbvO#CZ5fG*_8VdDF`+9bj zOB+<{XLD~ub|`2x(*2`TsDN~X6Rg0c(Bp#epvwlf?(4X=k189xJ4JK4%H>AccWGn^V{mW86~$I)?V9!*hSAwZA<%2 zZ3ZsAVTHaPE+D=T(55!?@20lIK2uw^A|ED^7xo5dIPioBXj7Zv52m(7U}_uVAPs^m zl~BEAJM0L!Tg*2Us0qN-7Ta%XGe0%8MZ9Qg>jo~)FPi{>Za0*TLnvX6$TbqprF}?m zwDJ2*ZR@6bz(J=(BdYi>Ol^ziT+;1yY27laNIJ%}E{T$V(*zc@u-=>> z)ymc_TK(NGJGMkkW_-+4o;~=tug5c36;!dja@zsgU49@dmJ#g4boLH@N7r2+?H@X7 zKO>~V*?Yc*Q|~N`3_h#OVwaOZ>Fq+f|8}fsY18;=;V8@@jU$Xd7i0=y!YxTjJWPIA zEk*mFw_c_N5vlN-^{A<4t-4fmcFdz}NELB`w(K1)Nn${vl-}72O@wee{bBGld8fbz zKAg_h;B18suEv$T`q}c;ay`2_`2dT!48+PB{uI?l2xI8C3qdka-GYw)}+Gk-#}?BeV%lkg_<`{Dpo|dM%Fy~1u zKJSEYZ4CCT{Ed6f`QshG4H-J;*e0rzA#ojfn)`}#!r#6NUh!eQqk80(UtjW5t$sb4 zY+!t^T0cQhtDkOrzbQ}WGHwZDkjJ1MpT0V);JCY6%cGS(#E&nZ3U%qpQpD-p=Wk1I zq3{C=!Z7)H&<%k${wK} ze5Utx&C76> znM{JCY@%eSJ9w+)PbwP@G$`2G7vQs7<)h#bjh0?nTa~dWk~2ul-b*_*i6X0xaI7cpA-uZQmN80I=*vO`SIg|Zmx zk<|G8n)O7BGqGrErR`_3`Fy?#op&0iR-W(U&)8>u;lO1`?vD@k1$>>p)%mSU>HH=! zjFL=*TS)*4x&i3i5n%0#)hC-y`K>Vo-k*Pm)bJWfwDY=dp>CJ#b{lxkl{T@4lTt{r zn%kZ{L(tYl0avoOJ`uY3XLpWPQi@``AJk%v^*Nh^au3_hXws+^zssCmL@F#grrpF1KNF=47~W&5`=TYVZs}<0)+*j|cQ1 zS)qjyxt2Z5xc&su^wo)yVX$%s%!lY$wcD@o^rq&|2i??)=KwVEI#wY(_m5+gE^9Wv z2%tS)_}Tuw4!M4t^uCs(?zrhawL%jEcl6BX05o-8C^%x#xPYltS)CUQPLIZ;{4cF% zP}v;ICw6<{WQGuf`Qi9~N)YwP?~4#Mt0Ja~krK80WCrpqL)1ADL@PB->;NgYb@6@N zE$dwjP5Q zX$H;Uw6#Huz+lOB$QDTNZLbD=C@sP|UQ6OQwixKlIAuOCXlZu)e7L7X*RO^QQRjaR zp`8a>q%T9%z*Uk`>v#bkkAOJHO##Z`!o*3;yYPLcuWf-D%ORzB@_(edJKq%;6 z$8&azc}m`f+v5dp*ENZ77ko*dIIlRGiOWo%jgr$gq z%bgQ9a>Q6z3HHf#-vi!ahKCgL*y(||qH3+)$+k2ArfG2n97i$!1ww%}3}Y$@Ojm=7 z-b%@F@A)?QMFZAb%P2))cSArpTri{35PoP351qR|LoWSmx9SEh* zgX=0zDu{I?6QN0jAgVdBQTPNndq?WW_*%WqaHdY6XHU@0jxZ46m+c@bc*mlc$c%B_ zP!1K|Z3M7m6|Uz>yQfT@60>sF%2`1wuD}_|P(FzZxYZQDT0mjW|$q*+QaRQ7Id?} z-Gx>x#!e*rQbhI9z|>1e02vZ4Li15oj6C2)49x&D3)OKLEOkjlEi)5?#g)8E);dYj!f}|~b+vutsb^y@ z`sfDCvRDbuG&)9f1<`2sU}u_A&~#0-WfF$x&@(VfyJd7s#qS)N7=fc$077$UVj<82 zA|AUO2OeZ9ut^v|h%s%JNd~sIfKpBrR_jiJAsGv|OlVj0u0Z}Hif)dJm`bo_`Ut*= zuI;@Himl$JzZ4~!>-~0GD515qBqA*3%?3Ges`S|AduduiI`|ofc8xD5py-NVFDVOp z1&L2FvQ3GOzDE|&@Pd6;r zmOvaf53(*5HNdkgY*-^{tWOuYN8||qDMd6LX03K1fDmUpw0z;L&y=J>KJIpf()e7m zVqH^OsAW6>;ppXgaOv8!|-Mze8x(Kxb6UBv08#sqk8n>*k;wIJ>8a zQE#PMccsTZz4Z|CsMu;*oV9@k$gH`^%-0nKV6XcGUF2UnCTMhr%JUl!&H;Inr zTKjsfDsd_#L)7Q|x0JYR?W3jD);}fC-d2DkbKU@eCN3}P1JF`SVWS3c zsM`n5QeSP+@BCRHB_eC;OPZ94>2809pKay_ASg7w%vNPn33eTxg}(GqR_T{bZhXEq zAk~PUOQESiD**4%tJ~RxX6n9gi+RePortE67F4OUjtQ*Xa=WpBhRp2aFDHi=6sJ`_q8;}cCoeRvpthz>`0pO)n%^; zC`3OkIrx6#`k1btBXaIWD)Cb{ug|$-3kwYm!8%hq34T)uMx5@c<-uPI-^Ksqt+v%2 zNIQEtJlKuEojvy^+{j0Kak-L<<=laVOn>KvJk&-gaq;c zbp^k(HGfBd*=F&2vTle&@ue!H{Xn1iH&kP2YJjeD7_6ol)8Wl)52%+?J(S& zip#rV|A3^8dxoSXj{I`m{|Y26VZgRFWW%z4WGpUt=b8tf&JF!?Yqj5X_)uK1>>n>r z9R9Z{p1v7ri8uDOXnXJZU2|Q^pE>Q|KTf(9fO~7-+%dlEyUsMPzb)JM=FPRP1$V<= zeWckiYu)#KAt}wSg|dCTBZp}Vk1M-@cr)UJKE`XL$<8#$)bq3+>~CX zlzL9MmfbI0gDoZCY5l^r;zBrI!loA_3X)y1W1b4v@{*A6ayLAcgC z_nC0*)+X$!a7~)+*xd9_!nNY=q5Zo@16?RWX}uNG#T}XqEEO6Yq!dyXh67@cRcTT;aaap?FnQ8 z%XFKIGe_U7GrI61PYz1+3oCgQt>HSo93WoF9oqCsp6tXSFZC-ka@kmWoyQsU~W1Jqe<47v@!nX3Isv76B!g#ilk4r zLfqROWEs_s>Gq^q0aVKY-EzIqOy!D5IfnS-v0T+E!U!^pRoy|ta6ndiNxf5(L}agj z-&w`RFfH`a6O6W>3nD>YNFsjgDx{~w^%N(VR3KG=11FDt=`yVw@5Wbh!nLqz4Wca`rIb&R~_8s*Qo!~tN{oJ^X2d~fo5&RfM!khPnxwG6#}NzH#cDE zGtF9}3^Z%k?e63Gnx~qzxBC$_(5$(;I!aIZ=RB`jd)%j4)3{4Pv&L=2)K4{QYHF`} zY@cSWxIE^0&Dvwoto8P5)-<$c4X|Xc3^Z$xqt9p3nlqqwwG#G;7(QSu?z#SrhzGvj%;_QQe?f%MPTJ72L6gAWT-b z_c_hlH?(F=^Hj4&(wa2@$ZP|ewc=C^iZzMI@0v9kty!yI6KQa+>C>!nY0a93)~o^U zI-psL=CPFGBwDjp+pk%hTGidBS*u@CgW9 z(5&75KS1q&KcH6nRI>*BIQC>|pJojL)!k~O&ui8WfM(51Yt}S>)T~KSR(79e&D^J1 zJNUuxnzj6=nl=5Ktf!haCD<1b^;6ASH?3J)F`!vv^T|HVT1hSWOtU8QH-lykI9ZCX zf1Gui6bhbd)(i*-%l6E}zc1?3tVshef@W>PQ_Y&RU$a)+uUVVqY%TMlHEZ>>X03KW zvnG9Bvt|gRHEWNppjkWp|JJM}rM3=PIWzp#C131dP~odu=Tk4cgtiB$M&x(odf{dl ztIx9Z$R-#F>q zE?2Z0GBUMD>qMK~HA-AOe1DVOH3Bs6m8#bY5fQI2iXdcLe>tz3jVqp1M8x7n5!#g) z6tm@n`yez*6(p!&iwr5zxC8?d*D^stU=VYHhq_{NyL*H_WlA%QQkvV|u4WI@vuOrR zxhQu5NwJ41@Q-?`pcy6-BOufB#fdLA?cb7NLuLVWVHjQbgoi-I$M1-*YBm)QQ2F2+J;!8l&)PkENW=_KEfG<^ zHyLT3nx*bB^)3t-c3!+J{~z3IyJ(gJKL^`4f%HJ(QzFgZFR;4R0<9BA|dJ8b!UbADIVIqu8pCW@;snCETjM?wD3hnK)AWbxu9=eyFyZ#V8 zK^0|cahczdZnpK^7A*yFq8^=_15{x#e_+ypG)5&_bu~ox?jf&M2%OXRY~wd!ma!;O z$zeqm{j|_!T_DY*xe0VdE!BHqz#q!LtYw3LmV{M9GJVS;yFYO)`>2|dB<7xnsL}Ko zt$z4GnrJvo^2y$AOnjGG-n=FBQF3c@i>)^+jc4O|jyu_Z;#SWMV@Y_|7Y<+aB#b^x zPjoFj)6%?_Tra&-GGqOj@@KRfJt)UN;e4CNH(Ej=x;VO*$6ki4?~f2o7XgY^L#TMM zk(j&@D(wgs4^!gO5hQ(PLv!W6s?u<(6uohzll=IBR*XT^5*Bnh9bp})pFMY0sc?h9 z5Mi4SS8C%en5xE_4(p0;*Qj2zTcXeWC+VSmCv5;*6i@PQw?G7q!8x6TVp$FoQ?0Jt z?0AiAhkj^&HwQ%B&|hFHx&gA9fJ5IJOmXEuL(~;g7@-yGoycp?LPW)np<8kb1*Q%d zfzjDEtM{VZHUb62w+(8i-h%S653mk_k&%PwRH9Nv<#2zkAc7^s17lKm`K-Q>6xSXar-wzuv<*BFo(ETPE?Oc^4`GA6C~^p}dZ5bc`9l%2Z0yk2X4 z=lbai6LRVAe_I99e^%u=;YYpyri1MpU9BBXa9?BcXm14}r`V|^R-So4Sz%I;%5o&$ zWVapf)gYE+sR%a3rg=B$Ysw3Uz6g&X&_~%l+zSv{&q}e;mm2i9M#-TzZdY-4DGbN~)e&XzC!E1Hf>~Ci!V8EPnpbIQp7sQdQ7n9Iz>2>O( z&MFGdeXy|W%4WyDP|t-lbrwr&^U7di8~uFdY9*P}Hc!)gAoIZ`KSRS6&e3=+6H~e#hgITt)=avN2aWS^+mp&miKMi`zabKYIgo1B zHshxFFmvJ1ETz-B4Tt8R_{ALEbuN$mi6I%0J^SlV#@zGu`IPC4#uuOaz~S7RRq%;k<;ImOHw>G?VFjs=f|`kV`s6vjEwMzi6d5xr+#!TJ^J_& zw#{*TyR&K*>2yDB^C!F;OoREst8G6jn6|EmI+d`ex{KoJW@e;J8|IZ)^G@Os0C@h~ zme$y3OVfOtbhO`=RzJ^ZJU?JdiyW+`ZE5<6|Js(;M%&WTtjZ#=r431F9%LduUYORfigxhb`H`%(BF@eAB$e+X z8xorr8@D0%iE3r5tYlsw`GYL@!-EI5d_CpnmcW+=WmOdhuDaoTDs7OnMm_IVv2)?$94C)W>)N{c`L0tWG&JEzjYFgk0 zIVqN8JJ6|KOeD{dcHd}b+?8~P@j`_sozI1d|{jNjN zA8lUpYU7@wEXLOxe4~G==O7O>9 zpcEF~wiqjte!b$>?IX*1K#K%GI_nCWDUF0TXvF8w@8 zAdF8Y@UW32;SJw1Q3FZe0(ZIl3g}5MC?Z9Ph_}Isx+Jg$@U=a;e1#K%E8FrS4xk!q zsGdzTWwT6&NIQAGvlUXpBV<^Z21cIizy1LyjN&(=c+@s-vu5pe3g)`t_IMj^vc7V< zXB9&y3~2Mgmg26j0?#MiuMW=xRXM$1@yjqw1(tqS9O&uZ65_(y(19K;gI+EdbU3C% zZqWF_0q;03S-9Smtnw6Z9Z2rfOb4Z6oH`PsCKcj+kuc6mFVNhLAgfcld@yz>JnMmZ zsM2K}h?xeH*tlp{e#;ZM66|?bfhrrO`?@-|qHz%iHqzILwGiD|U;|=>BusO_gr%7L zXVIODKIPT&E@Tp&ThF)PFzb7mm64b=2itOBEfs;3prUifUxO$hpd|{;67FT_k}mg4txv2w(n%Cfn}B1|po#6=FR2?xmZySg1zX-?2lZBo);Y8A z>{Zf6TIRIaJC>Ju*hzE`qFQBeMqnw-aS{u10ZBr019;d7rRzFpt)0YJb)^_EuER9I z?89i_Jq%XF97G}{ZD5wM&W6NA|JGfihMBGL6wGg2AQdfQ#ipi9$URvFi0xooOh>ZA zOmEuw>vyIq?Fqh++bP>wAyB6h4Rs?CzQFE>$qA)#&PI?)A$#$>(Z{4El7)c6u=sUw z(ij0DD@p^qH37@X?1l61Q=)9MqlSZGAXPHrSdb{6w2t4r&mHN{?Yssv{%H^^h)a%Z z6r|bfqeW+tVto=^B+$=qqTP+v5Yq796%etK=(y*vrxiO@2uLhNo$J3bC)I5Rt*Db# z&~dC_jO#gbGHVu8XHTl5Y}=j^Wo=dvNAYV`!+DGoA+rKd_7P9dV}XIPaX?h|mq;7a zyf}N0@M6{>y>o1fIFkm-+7$V*VT3i6LZ%YSeHMBCktjP|bU6+5UgJQwRb0W&;oyn1 z_l#45Lc`^Nt<&t7#$}0qgAMF$(B%ZsM41ZZ%gtfXQ7+X~luwi-Gx>t@==p$x8B*!( zN&T8~K+2@Ugr@ga$cXOHf#A+Udmze}RvhI}1ww-MiQzCV-GaAz6p$DqX|eUp-lXR~ zs02A0dtlt9v7shvQ8azQa< zk6J`DEN>p{l0#hKTfI~4;AXSC&2S&c?PSV^S-rbGA^z@kA5sw zvsVj+7@(!9(AwOw4|ufEj8>ZsLRgB&A3e+Myv5r~T~4RKuP0z`6(A97`+>4_g&2Dd zDC1rRMJ;UQOBA*u-B$)@kS_B?_yc7Fqy%XO9qBYu0Z3+tNblUA+NtIfY+;TiMC1N6 zweuGUJ+xo^~qx-I|>4VS$hCOIr`Voe*9G7}aV-i&F zROt!O-Gn-YY2uF_Qi@tmp*n;vFk2S*M zT@@`b$1q-DV8is-oruF`4kX`_*PH(tC@a1Y`T7RFf&$;3{V%R9sq}i}%I$h0kc7J! zd-O(gXjS5dx>Eas;^&C6Zce7bImhXEwcS06ajJ$K$my+K4~;X7&h3;eeC9Iz#%^;0 zWXuo_JQ?Dub{9hOqk|T1_91Yc`V&NKl-OjcNJxv3lt=^WjzC)CdGI-nS2&^o`fD)+ z(n`TSwo3$Qt~5~w*?WXO1`K#m3+RvSJYb80yQxxQ%1t5C0a-%J5QvvXJI$fbc(Mja zGLmcLE$?gsY9AAU4vc^mLRF$Z(+W<;> zVW9x`2M5`%5m2FslJZ6bJyH2IQRWW*Q}4AxO`VUP-2$xgZbJ;6+o_ow*u#~s-LBA5 zXe`&erXMLYIQuv9Dy`!+?uaZKn#s^eHziByf3=Xrg{3@H(vGKbm0+j2kGgM=yT{W^ z8CJm6+FBC1a4jc^E}R{S&zP0#gMs(fdy#O4KQu@P$ZP!~I-_DBxHI#9xA>DL=~2ii z7>@xu2F5MO`E4@tsnU&0Y7sVHkn6>vkzQfdA9^ou{++ z&GZI$UTtRA452wl6(&|TLwu(ME+f9)xhE1LOudCz;k1dEEK_*(P?vs`$GL!6@Q-=Q zlqoUE*abphT|!c>7}nwENTS;-`|>;E!N2A`!|d&JyB$WeBZEpy(L zqBN`3tMQlM1B{q2nyX`)FxAa5ihGJ~(r;p7KJ^4=XSMs!Eb-WlwJJ^U>&Thmi%q44DX?8F=O9H#Ua7Lj>m(i zEE@U*tLN-l$uc`;M%jlbTC7SGj?B_woTK3Ibf(3gOM$S)!5AzZVf7QpVdti2R|p07 zHQ#T@S;n!*?Tz=xqjzJtH( zI4AKsHvZ)vSx_S;-REwahw|VvfV^e#6X`F?*JOey&FoOO8E(26@OiLN+?6ggy``TT z_EQDS27iLBEz#|fL8DcXBA`A0Ts0r5&P_3z_0IQ|5NGrgN3sjt!dwtr5Wu?Q&JAR* zQ~N;*Qt{wVyG{8v%$)}YwoW6_05*7SdkK!*>BeKnj^Cnfp_F-Ay|dj7tX{IN<^I?~ z;XsUMBY`#$<`LJ5PIO&SF7#DArd%_!i1m!4atcDPm(P)Yz_t!vl!76@UdYtiCzKj% zL7=NUd>+Q~qTQ#5<4{U;2^QTe@!EweuPJVM71d+Nr0c{lJ{*8Q^kb8kdDY}kQ+dsI$ZgU&ME ztB4&x)oJpnF_toGAg>0;GL1efVkK7>RhC!VD3u`N({brB376-Y7?whx-h+SJZAT=e z2Bc>fL3okVFFi}6rDuZQrDyrH^i1mSh$F1QRmO(2ZcZ}5U{Q{IG`3HAwi%>ny-ZD? z^vp2TQK?eesaYL?`abEI_|!A$*%}QkJtLEo z^LObPgzc$m=~?eGT6$J^hy~I!O~3T4ND9)kwm#_@qe4zg&(zPPXV6A5C9VbOnHZ#J z`Ly(`zE66ldL}(FG8IrL>yw_v=e#IA z6Awtw)+)(9>6rqgXF2`SGsFM5^z7DuM|xJA9~Zo*k0OIrnSST$(l^KWxcqpKMzJhmM6k znzO{-NAMGU4l~;(!MnDkW|DH3Rs0fNA5ML%zw*md`2LN}*C{T`imkZP?=>y`a)+0*=ktE^k~b9|K7vbY!(IHedSMG zX1za230D7TKcmcN68@u#+WQSUnK)t1&7z#DR9xXY4Ho`d^VhmVN=2uSr^4g3;PE`& zenEg)#)^r4TGz>fl$OO1**YDRk@?rtNXn!sr2Lp`A}nwxEoJi9k2!eE}V zpU0Ikxh#{Y8$ZF$+#2&5>p~$%~ggqrQn<) za&Y5oHVClHglH@0Qg!^m}C?TfNbX(s7Z zZ~Lmhtdq`Z9oB*bTX5_u#7tWKnJRQF4$3kp@+5>1bt2{8g)0-&CuLeZ;!yZVU#PTQ zRq}+j4$VW=WZ09k*kVpBOwW(l4K6kg#1)3R@FYQ0TW76=j}sb^TowID!i`sk zZ70azEFhcC2FVHw&V)5Ypld}HCm3RxD)-DzxSPS8A6Mi>^B#hNKI*YncMNK6qy96U zo#Lqfts=4i`~7H+^?p(Waf-k#?O!6X9KQWS`bN_N9uDcsD9r|yn-{<48?ch!d|jyFPf)f}R^4O6wpct|J#!_Ku$Q_J}% zKnq{jLPw1*7it6YFohe}Lho2Vmwzq45WR=CMmF?eWFjM6Q^R<8r==Y2Z|juel9P#Q z(y7RX9XnrBuTSB#%pPHXu;zWv3N zL!P4#rgxYIzc%2)@+lS~ZxLntU+%vo!|86E?cP|&fjE85rTEhcE=6bi_?aiGmU9Ezs zS8?hHnLPvj`?Br*&#y`!%6$r z$I_<*@2&W3eOeuDTt`P?;r-aHZvAXVWO|Dhzl+-4Z8RhClw_P^ zVMWTw&hke(=sQA{q5827s(~a!p&w>|F+LnXVV8bR%p)wPkr3}&gehKFozwIihC%fY zF32A*$OoP*54p^3_kE;yF~zU?L!DD)x$j!;tzF0@UZM0P8Nzy1E9j0>Rolk8pT#z4RRa_Z41 zE5*R^FZcBTF<^aXLu{RYRzpTahJK8{IF{X1`s~2gG59LxMFp-gB|s4YQ=zo_t>eTY zca_U9z6v(&;ZnZkn+f^}{Zv^3=9DT%;n0FA^32d(D}uV1XG^;TKWxgZLE!i$2MMJC z3739gF=Y-Z3PmuM2{5x8N3j3aGV**`d_9qNm4`l4b|iZMwZFLpTWA;>WP4XKd-> zU9@|n8ue19u0psSQ*bs=6G9madOYcyO0}do;I~o$2xb|xii?ptSiQN*AH&Qiu7t1W zh&fpnIGNW6QczhZ8qj@i$ojW&n9I*m!1G~k@JRM<0FPM#heFD>I10r*NLjARQ}Y5T zQ+X(7*WQBzDgCgPxE!BMBI>-yM(#(tJ=KDn(1ZhLJn=APWi&u2^IML1n4%W`4rXdC ziH~0wa*h9PjMEF44A>8@thw8RTB5@HDMD*|oGL<-J8ZJ&1)fRpUtpe~DUWG_BLYPo zuwJc9u?)f zrojcdeK1+Z)1w2&5_mET1ic_ewmCvNK0vO9sGZzKrT0@y#0zl@PAyGu%TfSbgFo+( zr(+s`Jncah7$}OUe~EIKzm4ad^iwjk*9+p4y{-;fH?R0L_OIIQ1H5M1^L(Gs*1I}Y zw2EjWhTQq?y{M3K5~*HFi!)6boh2=Jz544KgnZ}CG45k;9i4I?l2eW&Hq2+x9B47F z{)x2VvnGWcsD^UNYL~Mg(XJ~-&|GO>z^$?EpT)?i$?bk|vjsMAg+haQHlf9>etcZG zS&?n=FsItEg{U+rpU?-|R(p^hS@Mqs9{+HYC#|HHC96&e|4;;axTCXLg}K`915-zW zQsk=c%V?cAplHdA9|pN4B<76#^bB2J$m&9K2OrzLX=dq&o9f?o49kc7nbVEfhp+B9 zQZwewpyDq)ZX%Ofe}3=vE?j3Pwgx}Y8lo(>^YtE31k@h(w+I>ZXE5ZQhoHApTFHX< z!l(L81quD8-jFX(;X3J=bLizf1le0OG$g2QSS|`6gut?eOO#XrG+l3l{&;*zN)2 ze~Kie^PbSo`;FK&ZBfk6x*{2w+I?1664%q(8IL0h*NR^OB_U39|JWtZ1yH&^b_5Gs zf-wkUZck|^9arH_MOwQZQ`p`+(;j{_v0T-!Dd=)koVRpcP|_}zui89KIqtv@4n4c zO&US`nzrjy%TpxUci}oFxs|bO4Oi2C=HOoz#eCx7?O5BD>pt*5{|6 z$ux>q>JHhv)|=*VW3F(;1vrI-C_?}X;=rvat+U(nFI7A z!*;$gR=*%6*m>B7;>}Y-YgY78XEI$O>>?M!){nW*;_@(DYs7^>6j?A`IS&^e-Z~EF zTR`tCGj`iZ#xR`6hve^z?o53Ow8@Q<1Bs-7cA##00BC4DE&-mjR{GoX?#wAHN;UH| zAukf9Rx)T%kHF0%G3Z$&_$Q{%f?F@bK2(%Et$F}oai@0R=;80EDjjCLAHJhu71t`v zt=h1c>uw$XUicns?bPf&15J}(n>LVb8ZeDs8|1t*x}tg_ZOxt436AuNF-Lqvj_Iyb zN<+kF-9|hZb=kpf1^vzOzP43<`?DH3R$5?tsK?yoJstK>$3Iy9+qknnF?m)`G_s-hmuDgZyCJl?1jN&E z_fNWQ5ZFXi?jf)X?hkSJfl=GIR_|1i&@8vZNr^;AotDU4RzY(YH->de!Yv;8$6=pG|-?4)9pyn5vUbY5Q?wB zx!`@zMi_#q1<2yVaAU+2oqOHgrd24pjOl=jcwr#2lq~`Bta@oV)T?$5OSJlQ`@t=S zbqUmV9L5w!m^|Os70w0m&f3FK9s>NcAchPF&aDWUm-WdbiEkgP#zDk4>WtgFat19C z0?-76*l2Woj`p(K)NzES+x1d~Rin#41j&+Z`m%ZJTr5&px&o{gE(SXQW+#@ z+*WP{nUbyhiDY$9BM`vs3sA!8XicqtC&rO#*t7tKM#MxQMaXr<#c}eTAhhXi;q3M} z&{1?9dA78S&BNO8GA;s^t~z7&(lGyr5jcTA2;y7nHm+un0t|@5vs?T~p*gr|#JR8_ zMlp~f<@g?qae)PGXE{D?90W9f+)OCpj78hH78rS)5xNmLahZd)vQz_ccheO#=Jgx? zjufxfU?j4cy)B${^Z_g|5Fz9N-1wfI!<%5dLbN6E%p=>bKHzG6Upp`q%Z%{X|BmAnA-%vt6dsYd z22(`YL<-V9#W5Yn1v+ym!FMTAPN|VtU{Bs+A@n02mDXAl7s46`{huOgJs63+2W!*q z(nt5uYV%Xzw+HOS{Stgoy{#^X^NpBr3PFU!6|iDmR}LhAg^ovJMuH)dSIUe;(y5|D z-qCkVbF{VB^-d4g+N&3H3@-ml52u5z&9dh~ylUwYF??v6Z?59M75Rc!OMCz)G;HYL zI)FCVX93QT-6%MYfKA=KY&5veKlCaSr07wx*a@uc8 ziA>Y&{|Gh3x1iG#85e@65>6?kYg#ODY4F`XY6@ov7xp>q$%jUrxO z3#ZhGwQ;)GHX{kGC%~tKNLg}I(G>0PakU6KzAZ5v{TNH1RH7?94_$+cAPFLe<^l>= zllpd!Dy?f-$zA6e_ozTGmx4z;uGL$?h z;y?;VTie#oE|wtS$RQHK0+Bo5GK8QG{0jctx}e7fr~V#J59KU1^c(i}aJuM@!2w2Z z4=20MA}ObK9cCGwbKkF{Syz-!+$e!1OR7cnda2UCOKFO4(g!I3S1EJ&k@y)z$%r28cIk(!JHROoM};ZsM~NOxylb>!t^1)tTiD3jsDx4 zIB(IT75EQuzYlId=SLNBw!qc(qca@eR6v4CfMJS3+S_ufXA|z_*E>TRZh^E%VX;Ej z6JSYVu6iCc`bCm_C?$pJfFy{`z<=zrc1Q-{;$mn|!}G%V8c{i5RK38O zDgt^qZ)5OdE>HGl5S%VDdB8GpS7n13Eyb|XpDk`M+MyT+K2-?VR25rV8UntWD$_zC z{aRSw{u4lKQFoVI$zt$w+IiXBo7n(I56 zFIqT5ARb_XBLcPOuIId(l#8p~07XCR(SUss*u1J)O+?nPO=U*hXtbX%-~FVL9{qb@%>yE3_jvW*hEV%x2w?6DZ0ic9CZu%`Q_ukY=N9#xgnfD^^KPQKl72!F-xM~A;Mr|1jg#4x&;uTTr_b7u zXyDWw&PVT^Ab>B2IfNR96uljsG!k*D*8;tlk1CR=4$i<5IInJJy-cg!)8$t+dBXI` zHr+HUE$p!S69Nv^q3*gQe3e;_A=eOiI@pr5+0CkDRKoy;+J+;=QdogX0^#~=;lkU) zou^)Cu@Oc_raVUjbG~+m7znc!t;vHGS2`yadZNAuSS=4f0K~a+c6GK3bZ|=61@)G2 zvUx>v=x%9);g}N(Uv&Tu@k5~>Obuf8zl*E2JJ$C$YYP5>Hcs=HwAH$y1APk4CIe)RI9ROsN$L#U_I zRbauZ9#l++7ubk5uQcx&e;4Lv1qm1qzribdhCZ75EWg#Mfbao~D3+wbqD>z~Dm*f6 zaD^pF2@9c#Vn6|BwrgU@*2I&mfo=xKAzaCM1N)8FB|ExRX0x*;tcu6&RjGCi3JpO- z6=oP)b?4#|8LF!!c!D3PR|IL~YT)>6N0z)BaVlD4!8=TIFc;-4H^P=2oHfueY{lqD zII$%J)+`o!4xE9izA7=yt*vDdH-@N~_IT0>c1uR_s8&ebvw1NIp^@D<&NRZ zMF15aC6h-&4Ht41eIjdyYl{$U0A8)XlJe#6AET`SU`biSEs`p@>DvSVO;^Ik- zJAZxecE-8e8Bm{@KB?*sJOB}z{NF*Az1s1Apg>b{3MTM`rsEe5qXB;iJTV(OkISDj z2jFt3C&LY|-&MYEw;RpxV%d-m3s+bl)<%hIn~1y9I~JZLe4O+`8f*X6XJ;PU&}yeu z>o*TOP?%V?f;M8(SAJto1qVF&!izKI=CWT9d(n2r+fH7MJC?oi<(Oqd1sarV+3v53 z`Fh;g#hjBm&s#n}Pt!T9wf~AYBO=x}JK5QM?fn9GEE-=Gp9Z6 z6Ii{F8B}?|&c68mNs9N@v@?M+llVYjy^k_eyF-O%fm~Y`yN!#AquO$H$25S)wM;rf zGAe93GY6Sl&*`eL!n{g3Td8Iy{0(H*K0%dn?FS=aYcFeOgCG_fP0s^kR!RUi*P%?1 zA$%(vNt=hT&UG_(ZC1GY#Y}2T~HrmCQ8H=PvIB` z!xmP35L-#N6IK?XHRxSP#^ivfZWIe4b3W%piutxKyKBV_W?s2r^0Pea8Ly{1CZ_&n zTfAvZ_7To*^+4K&C8}L=Z5(~E=iQwxXXh`k|7CkKR`JwullC5&y55yGXczNh1%J-N zT@PoHzvP+{KL7S`bi*^36SwdFM*b9Ze_ou!Qby_Z@7msbYo#e=?9i|qtnH%tH$H0n zX|&Op+@5>MZ8Lt;(Zu1qTgov~`F@_H1Oe-o^xAkh&Iz|Y3}Oh3Io@hFj4agVp3vG| z#|3Cqo~KV|kh;?2xbVQ0-8j!!1K62gZ`CHFMsXX*J6Z#qKvqt423DuCcd)^@Z_zkz zDYs@?pf6e5a+;3lWWugr%r*&0>Yxt~7It$ym1~6fZxsS_mI$k4?+&>0SN| zJCg*Z=8}xmVyn;Upxv#oJ~B@LZ90Y*Vqke`gzSlVqSmJE%Kt>0i=W4!$$=vf-2y9` zYJkK%LT0gC;=m~JMc3x4alixGEb{55Wm20(%9?K4X;&J89_)tL$GAzTd2EA%$Qdbb zcYp?sB%tc3x=m-BD*Pdw8ir!71cpAudFgz+n?4AFkxWzGJqkRlC9J-dPAQzHkIxrh z$1(}Xi=YZ^7wle>nsrA+93JwC-nmXez#f*@IY3f2-oiu*aV@pR`cPL!5V4VE=8@?5 zM5jC2Y92Lz#h&T*-oZ-WPK~7eMlkSvI@1#z#8|xdv|It^nX+W;=eY~lb&AiOtwQRN@h9qLC#Y&ZI zI>DX?!gwqd-yYUp5?e}%cc~j@IP?l zw77m5)NHy_@Y!Uhxg=qMH5g4uUM7YA zaUS-i(bAyUSjZ|t7!nm{IQG$JJ4vTh+fK3i3qo)WL*$^0buH(SAoS%h+u6T^&q5$Q z4utbA;t>f@ugwCLf!cqAi8= z7P!E$R)Sm=T8K6tWGZKsCxCq-1eKwUY#!bifmu{D06vSEa=6{`b`N}3fB#DsPw#XE z;yG-g!gdWhqXXfPl9M(8W$(u{dA;yiVzvj2dg5coCjonwZ!BtC%y-ch#iL{imX3Jy z=@tMZVBDd2sPrca9w~AO)h6C~aM&XV4_he2uWaJ37hIDo=lrL*vr}-(*A$8&J#vOZ z=l@q%TK->0qOEc%o3Iv#_#Y|UUubZFj?HhPQr*gIfQL9GsUze>(=@r&pFr^)g`0?o+7zL^?_!8H&3zOheMzP%%;)nAf zoVsOm9=lVxY8CSr;%WPKyxbEqw{f@OB(U(yX1ou0>;HNbHg(4uAgaqTAR{D zs)ev#xc}uW5nQo3Uw-CjU*MK29+(gVFzn@&Tua#{7<#J1U+UU~aVE-%%(4T3b_?Y< z)ql5Q!z|#Ld&)NbE_60L^uOM27|S|kgSx~7UexeC=Ntx>ZW8d5r{*P3m3XGkEnb4; zFFrWjf3DDTa8Zs&6L#zPZAUaTN4|4kjr4LrVyKC3{cd^W9CC_dnIIvFv||}xr+yWr zo83;vM|+xbzaIK@brQZ>D>7FlzwX2Fuitq>oOve4TNTYx4kTj=mBC|tguyJEYMz(6`dja%eR>@_x2Shu)!Wr>D5=n9~04yohPF zo(Jh2nO`18t0o2Hw}qi|NV~f^I3)J-*Jw)AMlOa7Q`n0t=`ysJSd)0q+z+Frv0X5OFprg# z_Y!OE%;{6Nj*}CLO-~E~fUJF!O(AP>KQi+p>XDvu^>U3zg~pU*a6(C^M1=(+uK%hW^v0ef1>aWOE z2S#ljhZ<(RK-Ng-079XFM3<2~XxptHcvbf__H3b-hmLl6z-6=U&<9ICqd7R+H+#8V z7%_Y1p3x$jm*WuAfVH%RADiT6GY72`&!Sq+kd0E_?FxZ6?P0d zMc}sWG`jTNg|0LPoi?sUy4mGMLT=O%84{e|;BD z=t(k&A>A6`W?0h4v!$Uf#ll0KWysoc!(}=n>L()901MaOzT; zAPH&{VIi?OJ`H~$+QtR;)OPM76>b^PRZWB>Ysl0O1Oi07mgrt@nyJcx*3RulifAi^ z@!PX5IQ&SlLtE#Wb>>mGpuIEWG4laOP&!Xu2$beeGkoxNUz=80Gb6=<>dIH)Xu*ST z*80122XCrc{5qI2zhky~m#v>Ve^hXlSM?|J)?Xb|vHNYW>Fr_HbXViYTrY((O_-T4$}@7OJmqb{8@CETf~t&m&Vbt3d%=i;Kwf=-3| z1$(i*%)QK_6$2900%;@#tcZC94;E-i1#B_P(<0yw1joT$Ss}S$fX5>z;ZuCb^-4O# ztf}5lF(?6PyLx*+Ra{6NpGYV;fgxcVQI3KN~t38SH zd$2Gfs3zP}Nxx+d#ZCypT>-wU*)6axkaqo@-p^IIAR3@z7B~uR6N_{uF`3 zwKa=z9_FhnBToP$Fx{Uz4FW$GqsZ3LWFBJ#`V9up!z6IdMv-yF^fC20AcRTH`!C73 zwyh%{?2U6BY4M|{(YIy#oE(zeQeviE@)5hU2ajrcMyxvSa{aS)LfRLf{&bf1g$&Pe zv3{}Zt1tdTC7u;lwh%AnsH>vUc;UGqyT2jmf}%RdXY+Ic_+ujOH?^{CHXP>M@vSqU zg@uJsKh1+leOVX43{pvo;*Tr50aF7E8RasSd_JN!a4j9X!{mA3E1- zXpS_0+B@}RrK2=;$K6cZ*VS<%$J7I~t!HET_S<8eXEADq%}*k9c|%>t-~3!uoIDo! zA$9=2VB!xBBqG!mS#HL=dcfyvj}Zb^MogzRsI}_K%_zh2{16%)VThOB(JEo!h6{nH1!MMFH&xUq*E zR|#SqV{%*R@2_8Mat!=%_AoEIo;HBK<8}6zadAyWLv%F9U4u>wcZ{4lw3w6Rc5Gxg zR-H9q5ulcgNk^HBKS(vb9@O;xxWW0KWI4NKO*y4y)UFA6Z^F+7(U{Z=E`#;66i;g_ zaIE|c$>8zpS_5%7(}K&SstA{n0#)pd;hLtID$dth@K+ z_1Y0WXUmv;zlvLNKjtc}q0urCnfKk#6YdN#kESejMW~X)*AguzsH8E?g8J*QZht*q ztHI;Wq@E({CHr?wr-#cbnaRE!EG*Dfzj7u7)ClP}QSc#$iwg)oQUBFNYUsESv=Q|n z;Y8rRTX>;+*MsYhZJ^_Qr)vThf`#mibsZrd7_j{tZP?b!P9Y_huSAzW)y9mQH0Q5h z-wAQ835`QYt7zE(+K8jO-rpVX)H>71)QwpDD7|{JeYGl_@y2`PcAM`vSFb2notig< z_S)c{Lf;#cM$o(l(7e`4Tw<>OaA28iYf{?A6*SMMqM@`m7R?B2*kURdvA&1WPvoij zFb$%#FF?1{*9Ar>5Y-i7a=SYrBw!`Ahk(m9T&BRwRehjaI-=zA6j|b^Qotdjepk~8 zoom7Ez;L)_F(v+47Ss=NSYYQ8Aqtpx9gZ5*=_sdJ&~Z`FUrFKBN;XgC(vP|+J8Hjl z6?Ed|0c(H#VCS^Um(;YubcfEPeoRHooSHKx70jQ0%hZTZ0%xJVfo&eO%a`rz+XrSB=Y^)^vRE4cS*)4Dgu1+sfYWaR9b5Mc9h<+W2k6)&*)Mc#rJ!TW_NerTlY)-TrJK^RK_K9Tj%_FC z*jgwZo5~tu=+Uvg`?8Krf`zJ{>)5K_icAC@+ilg_h8H?EiLb03$ct#;*ia2Th%9(P zxG6zt-m7ENPp$yBOu8Jn*nSi3< z9UEe!T^WBaU6$F_pfu{99!pkurIvW`vqXF9eO zpL1lK9>UGBN5^*Ik2)2GFW9#hEvFW4vFLZ3}y*f7Wj0dYIyln^Q*s6PVY?7CC zY&6Jp-)@|&u+O7(Y!cA1ssFx?4YuulIyTrQD1Z$EzKsh+<8vKbmZOS^KG(6;f{ra~ zZ@-T19;9JnB6@UeDp*Z>ZCn95Hbde+tz!d059rtmoH0trrUo4wKh-^g(y>WO`gLsQ z`gCmSNSkxNj;+N?;ccb8IyMRD*wh<2hJQuJmTvFSu^C*_wADR2widZ#+6x`qioemZ zoyfly19r5D0X7ln*!WDG+oxlb_UPC;9b-Vp_C>FbZA*`iZToW_n~Ku0t?bdU#eL?wXwB*~r(XlaJ*0ELmPRC}UbZpt6V|#`4)<4&= zIrZt-hSF0!ey?LwQ#!VLf6%c-^y%23(PtPmd{R2L6O@iEt4GHs#V!Es<|v_bY;^)m z`lmX!rWZQ421>^k3;aV-Hho(*5+2{HV~ds3u$Odf<=52xIyM*GSFkP~52Fmwv56s} zsOrbL8Go4w0=@LHpB09Y+EQDn?Bs;q5L40NTYOYhX06;?VF*` zb!<|8uZ}GbQ+T`*fdjzWuVZt3p<`>%Cq37(>7VP^(p8=?fa%e()q##JhSIU=0Ws>; zvE|~hS$f{@DSe@1yG7~P3K00%@6)mAdv$CVIzh)4V`;ekw>mcW9sfQZTW7zH&HW`E zTRSsB@4|OJiP}9PMHgP^*cM>?UL9La=5xI5oZYswrnXTJI<{=YO-ON*p| zj%{rW=-8yaIyTrlf{ra0MSq94i3F66O-kw54AH>pLcXe3$ELMWpQa!m1RYx}=-8tB zbZnh3bZlY@Zd3iOj;)#xPd}_J4{P$_s(h|v>->X`Ef)P9-PV7jC>yN;9h>SU9h)N@ zaX^h^F5(?8P*wRDoU|g)vFW2J9h+)C=-8yaI<_>ncWJMVO;73ADy*-lJP^qi2!y5B zz{Dn{{z2*37I7#Y8{mF@I<`uWRg{jctv5_D`U7xe1b68dy(=X!K( z_xp8hqW@0E*8b1w*mAQ$#}?tP?a{F@+6U@E$ClQwW6ST=v6ZwAJKCpXOAD90(6LRV zbZo%k{ke_}j-_Cng7xayRGDBK0UeuExELgDi2pjr!Y%!FMZB>tsP5S3L zwuBxXn~Odb#8#>HygnUUC0!z1`(NnTq(WPP?t2h+_vzSn_2}46Y}wnRW0O%jwocHo z(GC8)3NzeI<|@)9owou)3Hfg{;fK;wVt$o9oyu;t7EG*&64!% z*s_zNz+UE(yj!jBP`gClQdv$Cv zl#cBeO2>x$gF3bgpkt%ixiLLDw%c7YdOYLxIR8K?of*90K54r`JkEPKwh%0Ar1P)k zW2;D_dk{@OZS#_c&G#NgC_pG5sFZ%tXmeDBzg+MsMF3$3Ce8StZumqSEkb)L{upl+ zRA{V_zZgv!W|rWDC~a+2>0KM*H&Z>-dj|nZ?>)f zDO?$r77;wlB4k7q+DD(01mC++bJO|<+1mIu7ogPh-_hdbp? z&#>kFlX3_ITHuG~aYhUE(?FVX#nD@OfAzyB8asz~U3gIr>@J!%9d_+rk0%cawF~17B2m#v*+@T=iB#9=5dk?)2G5vbq_^E;_1yUH0l`aY^xm z_%Aa?lFilkCttjDaPhADzXg8yGtU(KCUeTZ7P83@z}kjYU*zj1(Y&^cy=c=NMSnf_ z*PnNk{rc(Aqq((zZ6EIA8AJECI=ud#szF+{qv>4Y_Nh>pX5DmkmuW}`jgXBmxA~;voVAphoX%is~8J4%d;GP<(!`j(lwMY?m z9evX2*mg^>{%wurK^tx!t$@#kxt$PL%Oq2QXoE3&;T9M^Lqr>R`MGJ3JY(nla+n4= zlpT<5UC<3*(Iwaj3qWdubxe_qKq4 zxjLoe86-0g1I1S>v+)~oUPW3o$VcYD+!eHOwpN(6hJ$^9+#1Eg)Zw72$RMdK_}k~x z*R6yZBwoZ*_!7ty97ZQ3tCUY48BZ~CodY4y)dR`7e5)(76&L~gYZjMevE_CaDm8u< z$?UE7OaMsErE;B93T7UOKWmK4O=Ii6uYqMn*=Ql&x*Xk1MJSvm2Uze+&>cw-x66m9 z-Bg_3cF*Z7tC!mSw;g7_jL@8rkfsC#jqb_OoVU?F|F#;r#+Xs^F=OmbiJ0c<^T`KC zCLMWt_Wd3EMqVEOp6{)XEhw4eHC&Lp$Z#NFeZi=6cd!0+=Z=b7yQr)Q8= z@9GNWH^mX26g*eGoGG_@EtXZfIjSO8v#o-2_O*N2cHn_|*@3Gs1B&vbk z&K8TU@G}1l2M9V~&V>C0T}TWL1YOgbRDFCb`5d52xAu2{%96L3d6_M^KtSv0s{q~J z&Jscpfe@H;Sedp~wlc6A$@S2Ro7F6+^9wPLxz(x|Woxne>BG8N&+)nF=MA6^xI|!g zm30v6`9V+tDjpZ*3ULbK3KDj4!lyL>K&3G1ZQtkWzQr-w?Q*A;bUu;(Te&N@B||tE z%kuwh7^y3c>!s%cYXMC<*LCaS_)Z65Q#AB{rbYI{b1~6~GLnrc+8wMTvzUm?{4E`D zI$O63u!y}4pnka0v;+}&e7YN>VNL0?D|Z#&LGKf}yc_L(1V2GhfW^&0&G7A6k8lk?tvF-9)bmXd zRS^Y`PnAK^TY*36{-K8%JXHCF5?$Cq(Ut_t|4q%ktY2C0*PIb-60GWe(oHsVPg#3< zO#4l6)b~B^H|oeki1p~-dYy28=V5CR4mp8eqNy+JZT5We)ji%hV8R5j$cD<#KmLLv z7917$1arFYlf5uU_PCJ{m|{UGxre9=XWa25B%f!PQsVLPiHu@BUZ;}L$tbo2760gh z#o`~=izBU3AG+9*K%ro8snyj~XDnjIOeerCi1P~>MKCA|$i2@JpSDQ4>4c@y1uK#q%5LM{>}22{fdZN$^C zw6W}PS!26HFG05k|FAkWP-}4u5r`>%E>Ben6`&vD+2-p_IIq3Az}UTUeLk8t2K~4* z^kcy1R@M8Z6KI_UYZV&F{W9~77Azizh&l%07=(B3cFrI}3NBZK8KINc*3QJ7B3SAa zkq$;R0>~yQryMX^%ZqX}a909)j`le-ql9-Kq;41iH6{dNeO-#@Tj-E}AD>eU*ZU3k z#z@0380QE9CE&Lq`7%@pHhEovN?_HTgwx zkYI=mtKG?uu=p-ECbTbv75GOIVO>`^0vH_pnv4o**_zT7?r=BcsgnHc8CYW$)40$> z)*ck3oRtsH@TKg>fHzQ7&_Mj!BM`7hKO@JI9{~d;vL_&na{;-K7u7o%m1J-(KhE_I><7?m~MRN{z+dRf_ zKTc;@PX#C#dgHapGX(Yn_L>p?gjH;xTYGQ%TOcOHgzl}tK9rxw~HWeo+95o z5jENZ%KXt)%__7PpX)FSE$7z?ihAL>^T5t+uV+LVbKcOF*y!0u_M;m&_y?gzeE&YN zeZdq-E;M^U`=<<=#{n_rFYGq&v4OP^xst~=xS)9b&6GS7Pq|!)$=jQMnK<<;V6#W; z1$~=)13#m+;Qj6`z8-h&z>|f@N~RpVxY1`S@6K4oshifst?HSZ9EL>KHop0hXZ5M` z%~huAjv+_z)n7{^e|7fR;qk)vbqjuBi>Ifu#R2y1LE?Dl>dcN- zfkhf5mKzCdxX&Mvg0RH?9k>R3yq(=XzP{j_I=W~& z1-|7|<(~zg1^EggxQX-cE7r=a{v4^oczA0FhL3Na3VKgF3EZ3L28)V^a$4YkauBEU z$C5CDJrI}M>h)}8z5p+mLXeDSt#~vuR`lLmBdQ0zarrNsr!KrcdC#KvcJ1*0DLFiu zJ|}sD>~rt)rTLsUf8BA6HnS;!uNrB#jhPeu_NA}sPd=&ppsRXx_#E38qE+8$57&!V zM4xly_nX*aA{J04wmOtDvBfrli7gsTY@!|$+l3wzTl;epn_-LtbPg~ShCiCv$Pn*) zl!;A5nb_)kOl&UW1ukG>s{=y1)Atd$4&vkfz^%Q~V`6JSaq-F?6Wak1Wnwe*o7fDL ziET|LaBI@vo7gUZiEUjFRDAZB*t)^QhW44*3}9kA-)CY|z$vfm1()MNOL9X#+CDrX z?_H<8q1{i-?hc!8d{ki459*ljPO66vy>k9%(Pa9*xMKox^6T`wkJ?=%Ci}S=KOhy@ zPGTf^{Y+ZPNp3!uPc$iA$h)S-g2_G6GdV-7dMnsA`9U4?wL89UJH*n@lQLQ^pcn2z zbLiI%YZ|zeF4qlN0J2AA2;WOkM+k8-0>gO$)SaA)v-tMHYSq;I-4Vl_1bKX7t74D_ zx3p08Gl}3W8LhRoHB}AS2HMX2pbMS$Znm06ub+-`Ky23)_Cs!d59#N!KJ?P+*ET zLdnq{Tkch%TYF&9Lv(p=n0q9I*Ifx<(9q)8wc_bHfU3oVwPH}Fh^q!_6sc450dG|X zL(Y9a42>=Ht>aYL$v~>*3dX%ms;QWl;P;1<);>}#?{P=GX(ms-RZj40cO{bxrue!| zzVVkQi5c?ACPV6z!T9JAo?qWeL#(D*zpT%64M&8}YJ1VObZXHFCsQtbtm>4S)qDgk z&GF_OgtZcw3Isjq+6hBIIqb4jifV9H$mvrUNL%m*Wy)_mM8xBsNw39$k|PEV^T*l^%aq5E>81UhwK+O1ADHwnWS(4`J7ntan?;XIhEZNllOAQBWlk9>i@q|I zcXvHfouykExNtv8*yxsam2XwLVeyBI8XoCPYbsos=o(>?#W?G$Qs%y$TrHwWr#)rR zT&iO)$J}&Y{#7b{ed6x(QSLp<|fMeZhm=CjfSh_2^D>((d|m6J{(2$aGBL#KQZz~Pj_OJ%^rE>s z>~WjEa^BD-*U#+jydTbLWNwtbnt0Mwt=>2O>vb4;s)qJuzAMf9P}3;-K1Rp&_VaHK zjDe9w^Ztaje*B#}Q+%ylB_K+fY8Jq7hLmJ)9(vCT?P>v3HXisoE!u)Fb_f@^if zv0LC2M{tZ{;Y8SuOBu5IH&lrbg&d<_OtEmuVC-9<0bTQtfv;l%Evca$s!u%{?J2d= zzkk~_42^4AG-<`g*|**g;_n?Pv!s+%5^3jm-GTe|l8Z_PQ&!66Zyi8;0*->BR{pjPlw|qu5&AFPXpsy;uVWxdM|BVrQ&maBkwIio* zqPpUrqL#EBt{v#LcZ#dqe75Mv9h2t|=^l7>mS;u|WAygipWeDHn#Y|sT}XB{U{YlW zuUQ;QLp_q@9SXDt_3QUd~_- zNMgt9!<{CT(?>WjR&U=reemPg2RZF$FoK+{F;C~7_*q-6T78^3M&;PB_H>RTqkf^p zB`kFEsjeA|_TFdLsOUuz3(C`K5AS$rp7#DwcD>!gIUB9cS^wv>8~+%}&xH6-Ht{-!;^pj8S ze8N-Woakrt@);4Y?s{BE+EV!oxq#t$oe2{dLecT+P zsVQlG!ZYz&n#uV_SwzzD)8}4mrQaTFtj}4$Y0m!3HU{|pqZW`LO-6H~;`KqFV0@X} z0&^l95z8@o_h#5_K~Yg4MG4amwJlF{iSy^*Kpn6A)Q zoJh#F?ykbNbqqeaz_+fMWF=`D!~dUB}`9>uJBcEI3`euif?k7A4I2X;BySC zDZ(vy!nJ%L)`3Jn*c5%u=oA=^pj(E~KfFTLvVfyy$HJannQF5eA={magNhVp)lMwS z2^d%-v)0dr0W{y%x}_v7T2}}klCzD~^8;aytOv6r5Sj80)>RnC6hV2f)e9qP4&ppS zXd{kSFPeK@;jwk3`kg*j?G}YBI-G}2RF>ox3N4D@WrI}%yzb_al410bKrQnVaPiRO zCQ}lgBQXbK{2L_No>VC&c5U4lsqu1kVoas&S&Wm?k` ztvnh1wpC`&=upnmhijL1@oT>HjOH1S8^V z!L$?hr-fLIcDPK6CFK_Ayj_!bX1#fg)@DjUa<-U*B{CG_>x%YSsB0h_ny>kup}xdIP{q3{t_09O zbu_vU$Zw`}$Zb5EZo%A5c{UAhULwS`mP-L(y3*K_6pTIJi^JR^fRormKtyM>%mZk( zXm?Opl~8zMIS)YvtIV%xoFw3-dIuL8ZLNgfi7+oV3}yC}hpJ{M+|K#I>c+hy0YhV5 zf)zoHGTuK8tEJmIB8OaF8HXc$ko>G)c3mGN-jfGKurfL-jsO!EM*OxeFw+%s(f<4- z3wxYIU+Cw28D*8;)2A^ zAxnU@Vaq-G%R>Q(z!a%9vF6brEQ5M%Ff+SoFx{!+HZ88I0C5s$0Zhk(B^G$&2RmX) zcEWw=k5IieXD-|c#)g?EmZpW;!uz^IMaY9@NPDBpoyeLf3ywGi5SrFVoM+lu&6N`% zUdBF4OcmQd^oO;C!(Q zDuVMY3OksKx*}gh+Z+pYn5#;%0pecxK>#4WRPL)K}BbB zG`Vn&Rc~jj-Si=F8CvD=D{KVvF>Ihu5;m6BY34TF+)38j5J6A(38aBf0+ zm|Hn^1QrDM5qJfI1mjH!#yU`>fm1?^f>{9eczj<9SOZg-a+%F2O6mvJwnJ?ah>8#~ zvc|CzBF591(hB<^{3sl5DWh<;91h%KldLSRdJ9wG5pK}}m()wFm16FxHqb08LkS6N zd*x2BTa>{=n0taK{R2Lj%@%;;i>QgJPUseT01lcSjqk$Ng3wE0A+Es$wVeeE!dGxy zvv&auHknk#YMJ8u?)rM@EyPd5^q!OYKl=e=>E~dG6Nbb6o_$_g2Db<@0j{nU;R3xA zs&I$n0O$m5KWwzY0UJjAz&#puL%h};9}b8@P$8tDv4x+vc-LtOyBta+0r8jrW97u)$42X~8(lAs zmOVWtYsh{?41@0F+m-nJVVm`%o~@s=K^|J5pKx!vPY~>h^Cj>Z$G2GeJg}#J9CcDZuSTml5!*dX zSET4(*2w0{Bn^joJcP&VIGw|NLk(2~0+4Qk(TgX97^6D5sWouF;$mSe7g~k6*28v- zb(Rf()LvC=A0-mDM1LgZ8%x9~`C8bf7p1X#%0oR*w{g~NV98LR?Yz$j>O;_v@ND-9 zyU;lMAbq6$K)J$=x+0*ol2XG9ER7RgEaospJG}EFZEaZIMUAM_W@|;HRU?JCv27c2 zT97SkuV+L)eTyqjqS6rK=~;RRz{1HoXivK;S$(kDsxCpULwKsVj0#U90z2G8G%ltj zjR^j<=y(Js8A}vm9)_dqM{jP1!riw4qjd(%w(_l47GJD%w=hj}&%=v3j-7Kdryf{C zM>PcDLUUtCMllHD&+x0{cvl5-uo^5hX!f9fS}hl}Y;7C)l7>&Ss0vG}%d$gmO#~Ah zZ~YQDhboi?{!`_lrKPV--6P5hwJn5C6}o)F3CtT_#DyJj)RRpYN*-jQ zZsrV9C&Y3Q%ook6I&2?RLm(gNCy?-Tf=v<=JoUU(4?+bVva!8JO(ZQN9 zAuS}`0-xo^dNAb8vWtnDLv&cQrNjLu3H-|D@fsJn09#C>I`IAKxJwZ=^7vUBc@_npGX4N*K@+)WjM7955D zbq^gnH0U(m$d}tE2*@2c4h*HyJ}R$=Qp>Ow>)vcuz4<~nxJ$QBwAAy*lEue;H$Q7G zs)usBOHsqS++h zmTYb&Pzg&M>SBeh+6LV*tGr!+`f9~(+Ii*%B?%{wdgd3}! zVVeGoZ@GyZ`63nmXR~j6gajN9lH=7%HrwBKi?FTF_L*U5+ z)g_H~SjNi_E{YZ0_117$u!MA^;qU?3C)Wb}pUX6&;~q@4M-i=d%2}Y<6uP!mtOF2%jzOGOw9a8sec_3j62y9D z0p3@}BTL2VFtK3h`d~^Qs#!}k*53)SZiM~BlY z@3n~rDJOzJ;N#65SGNbrLou;hEHvJ#6`SU#>jzz*vW;AbNkPzZLy^E>S>wpdIL-Mf z(c^VP{1x>5=x&hEld<2< zkAicsXQkCI9^gMr2aCEhbWBIN+>{?_X2v;1Ixg+;G#Je+!xb&wn0y$3kUF#Xv*TIs zbw(Q12!Lbh8J2}AI~mG{ridw#ONt1MI6vY5$?JYM6fu;e$6sP&JOnr|yBWV>_@WNw zQ2SgV{`@2EjBp$g(}ED$hqNt88oo^|!eK3SBZe{8hK*IBQ&wuHf2lnzO2jbkbm%r^Vpzgj;3tncML1zjZt}bDk?6_-dfU28lD) zFA&84z)B8yJAp78_&!bwx>|Kvg;<-PlFpawW^Zxt%iC|PSk+66OdR=N-Tjb&OLK4W ze@KT7KA4Kas`mwrHt?Svgv{db>uXz#0EmIwE#u$8W957oS%84GI=1Fyiht%Ygq0{q z%2|yL#%nw+L$JKY4{Le0(s2f|aQaxxJcg&6?0jHuCRrBaj@mMEwwAAKJ%v0qNJle z_)g1`9m=-g!j>*f7UYh}*O7)pRu{7s*s(YxUiq260ZyE!VDU5b@EAnC+-l@_P&8^_dfTJe?=rM6zOkEzhG9lPsOl_v~ zktvVR$XsuSm(uE8aP*Boh(BFbp`B?Su-}E;`-o@KOU3*|D9OWhC=k2u2!Rkb-0A{n z4p*!oJA_n~vnO_jqVk#puD^*tzrmmas-6B^{7Lu#JjNxzfXc{23>L<_)6j=Hz`l6m zE1(m-!b5O*PNwv1?S`mMdKK)pEM@G=vm-DqquB7ZB+V`)O2Azm9mAojBuOGp7*fr! zI%{0B&i1jK-p|@qRVY@?)Kxw_Z)U0^n#5!*%vz5%yFuR?NbE@AHEB4;x-Kllmg&?QmP%-sp+&NyJ~

uLEF>+>P6;A@|IKWRLIaaBjyi>e{7g4&FO2J&@zpxNy>hok!#4 zk=ir>$g1gh>Q?B|$ueFg$ihjHD!0oPY(C41IX$zF3!e z=d{bT;7${Avqdt261aF}Nxz}=G>5vK`N9OcAs^$gPz6JshV!wq7=)7&b9{ldqGiU& zs~ak6Xsc3xeC;BF-}&Lfv$RpmtFM%O)Q(uZszR#Trmxr^M5T>bCf-FB_53(&1NV(u zR^IhcD#hQGOx;n<)Oro6$(|L`Wv>}cnLO%iSBhI)`sOPeL*;3{Zr`}%%3Q^1w4^NC zR?`&8^o550QEq9kVrLY)n`t5NT_5X&JH)RlLhr*2@isEQ61R-+bDgyHW0)XBCqp}c z`b(g_Uo;d)_39@txidG_D0Evfh_LmY@5h^-uk8JZ~@)*D7W&>!C&3Gpl$xbnthKw&-vdPFw|nnU{ce%aEZ z=(RHq$58p+LGG+=r4z?2QLBAN`Kg!@k7-mhZy5tqT za-ZL6x63~C)-2kWa}pMIEOv|tDCB<9U>OzoTBl&9xY%XIXxAb4(*<9VW9(aR*Gh8( zH)noSsKYSHi*4_y;X0vu8^%oTd{* z(kF>W9M_=z#Z%R;tkAN$llVN_TV!11buEW_-VO&1BGnlkOF}%9XbXc5r*H;uo)bq) z#O4S)gLf_;fpWx#Lw3jExxRg&ugxAK=Ob#L&et$$Xs&7*B(R7fP;7m2jK@WlWo+Xo z^DRl};yab|AxG>Pld7=ilRQ~gF$>mK+!u-V#P)nL#%0Wi^!HcHiv8%wNUMCpDcko<7tk7n8;-9p z?kDRz=;=>mAA69yd^gwprWj>ADhr3cf1-3V{PV&f>NDw+1G0ll#|P%uHD_+VV85u@ zvY>2M^YZ3_k$?p221tbTjMC;A*$P|`U}dU8g>31W*o)*T=_wU1M+5=6$H9#i&b%G>Qdi+UnQ`K&e%GT3wuy4pv-vzLBJsfP561RW~|g zp@6$7bh3c6q0cA4u%CCi_uJ(Cf`!y<*2mCSayD1foIL;(MnYdoMs@SH@O5b2>@gj) zBdI|MvMr8ddmZwBx}57+{tFUKd^Xon2WIsf0${GJsXWh` z-Jm_6>jKkaucByDl*iR%vjo1dKAUNGOCKF72q4^{ccbt&T49*XsTXBKoE3z9Zx1_? zKf4rFW~G9<0cKhH6wrTJtCPT}8lNzHL8_Fo)G}1%84cwDAn*rKw77|1Kn9bBp;i1R zD4MlC%N!8%#x!P1TWtx_Rm*ty-l*3@F54w;^%TF_6-wc$dq?J9*--i`!{r^zuM*l$ z+1c`-e2T}d^>LIHL+=!Ry)P}cl^c?GrM{^kE$2#}=i0cbk}p%Iq*KV-)GUMTe_Ypv zn(#M`95v;sTi|@8WIG-;D zoq7(ABTuvY*;gPXn3`&bhyC;r6{c_^EI9lU0vp%_IXdVS&1+k(*21w_#RBbArf|uZ z1(GGwsqB9G!AS+n#uXol*ydyBQbrG%w4{95)^T5L`QWFezKkQ66~9o5A5awrt2Rb= zWiDdZe{jX`xPI35W8@Y(JL^G+XAYnVJpJL=bXx#lg(gu`AJMO1JYCj&@oTdufCw+V z5QaLmvzUeIS+zoVzl3hlK3jNNXx5$&%YCeHL2ttDz5+hgJjnn116=05qoXoqT+lR& zi}+~`2b-_$zv_Nt97a|Z+OF36`*a-?p&_q-`^#QyQ-x2hHh?Dc{fEIH7k8km1OZ*h zWwq%&nHYu~7pQK7R8qv917_Uo(uuho;yMT86^m zoI{cTN3an9mM6zxp2aT{SdsNXEa;6VAcFRucN}eD4Ox5b(8F11%w2wA>GW|_-z}^B zAzy3kJjzqzNnw00#ntszKE-XR&^BTHFsk9|+vD>>e*K32wnD7BGWE*Z1WzW4n@j7aQuvo|L z!@Si=dBz>{=&O1jGe&OQ?s9s`fhAA8XW0wZ`34{G!9VUk_WH1`F-Tk7zIbNs_}CN0 zH8S3g&gphie0sX)5lv_++d&cauiwM}WYsor`;AuD;Gyu6Kf+8&dR$2epoKEmFY}x! zLDf(lWy1N|Z<9`uy=~)Ld}GU`h+@y5f<#HhpS*O8d5|`o6z^xj8Ef&h>6OZ3DxWw*C;>NvykSdC!X1RS3 zGD2?f6nf2})Q(@UgFFK9ln@dATRfWezl=xIK95I(vEkq1(Nw>SN89Oy%AE0N+nMrL z;?bO(_CP!uRD2}Ak4LM18IQK3_vWwl%UXu7E1fm%#DP99 zPP^bfCJwvg=5^=(57=l)aO*hAUv>X>Kki`sDCV1=EZ*wM>Z*?a?6dB_z1dvArKR=$ z#Cy|FSl6C^E8X39MAS!#PtbW@bydSYZ;r{dt0fLYBJ2RGF0b@&C9K{+fIH=NUb6^r zz9*B^B)QVrkLHLsHh^1!x8w*(3mW#zqb03`hG{`~j%1cok4eNJ^DI}SacD!soT5N< zfHS(;E?o{(x=0!UW%isgj}e%m&Yki_zSMqafF8RQf{URBJ8j%nzBGoo@{9wW=TxHi z=7!1!obTYQr9QaN=+0%%=3Bp-QiLmQsm8iDY@`x)dW&m(!HRc&k zmEJME-3VeIUXW{@lrhpoZ_7i0xcs%pIAm>@a zl$f6Vr;xGdWSMjc69yup3fOUT+|6zS9?xZ+BV96IqGJ*synVkDd7h3*b_bDX91x@L z!p1_JD+;BSLPQY+g97PW0wiS4IG7@$iU3NGDHI^`^d^+((ToI`+qq(cAXm6zK4|Y* z2?WntIPv-Rxh-{?JSokvstYVc&czCRGlfPgm~MIrCDp!KY#WEE;4eglXn-CUdu$5R z14M~qf1gqrFP<3Ptsq;Iz=>TBiLMjQI!&Hn{u0xI-R;vW8enf` zn{YLIiqTFv0=uoomdNRjt2?h2cCO#FejNZ?8%vl}KK%R`_V|vi%8|^3im5`&xY69N z;0$;?3GYt#S3I5@L}_{O>Or*zgVi{T8~e#StpqNf*~gOZh1Nu32@eK)#YG_4wK>nR z5qZd^DIHDV22Ooe0q|;xs&8*OoHXfb_R-D!)>&@&*>U&9@Ng}#t3}O_%xv|~9$i9h z!fp!|DvYr}Pcc+o*DKV^ToSgpm87EK&_s63)D@ zWGr52O3=dMo5924d1|(@Uoeb^z{0;-rXX5E(~-_JMidj0umKy3Bc-?bz-KEAr{E2S zUfvOh{U6i^%@2H?qEl-}2m8+eV}o272om8sqUZ+R*i+~Rrr?4|%sCYK{suIcDTbXH z#6Y(!>kLw&uvrTNi>Db~tBG`Y5f}og8EXNjQ$kIRHpizn6KtNrC{{2doaDnYR{b8y z1$-wME(WI{IJ@8#k0%`3BZTQZ<5%Z&KPc`eH@ZaADU{gjb1F^x~xAJP9i zk7wtqG55z6DKR_$F(ms|LPrDI6o2AGV_Gb(EPddYwUBpvA@6APR{kC!Z#N~qBJz~; z#oQ>(%*|qF{_k<<;UefwWfP5`L1=tzF`k6kf9p$hEDRhe!$MiA9iynuVmth`oC!QB10%hn9o*i5qIXzT%UP~*AX*9nd_=zES;(xQw|t8Z$8 z3j!_4>;`X02!LtEw&>1ai4ugEsBm&O>nQJc9!~{y1zsh`o}Va$TS992wzuk0Fe-vR zl0dI_hJwg*MOs^sr6}3hU?_=;=yL;hEFDfDR%0FXV}x!g3yhfE>XNeu88mrvXP=#H zk8N3An{3a6jjcZhKZ}kIzvyvPHMY)fV{!O^(#=QFa7*$Y?HU%SJo{{~z+-(A)XY!r z1c8Sb1`u}VwQE3<%|;H9cTYacb~vrsXum?tJ`avgT1pcXe}Q{-nkHQY!|?P>Oe#`4 zFF|1P^hP0YwRTTaB^;{@MfK|e`q}O+ffW}>Iw%PB5FJ)$Q|ZrLp3?g;n|43JwAiTy z7GZ2Y%(p*+a@N}-GhFe-H+VMx?XLeVJ9eSB^30#Hcv`{y={YG#dpyif^DYki&!L;b z!a;k7|NWPh0GO$+M5#rQ7}7*-*p@yXrp=x4)uqdwae_6I-c-1?ZXRMsW=Gqi4nK)L> za%HChM%=KKSCD&PH%K=X;K>YpmP!I6rw~Pu;-b#jwLMmPE8fS3k0YS*sao&6XDecc z8Zk?RQipD>HU~mYwGp*jJ|WFeX4nR@CQHEa?PU8DG9BPMfr zZld))Xiqi!yW|uhaj~x=WO;n!Hg;va@8%z?o%q-QN2Yg#ftRQXwJZm=UKXmeEr>;~ zi~8pT^hefy+9caG>q)8()#>aTIf3d4^u_;Nglv=h3xrG_^j`=)&7sn83G!U%dH){} z6cot~ivaeb)iUX*=unoa!TxOLcD57uB;?43xkGC7jyHsa@~k7RSIt({{U3LOf%2_Ak!><)1S#SoBom!n>FUp^nVRT zjESo!lET&XyYFnccpv`pq<)+@LmEG~@n+76L(bpRR{wSQF{0OTDPwro>n&GC2JuEj zOdavlJc(w@{7v5vd=o^N$q%NzJ0SV&{Ym)Gkb8ceGX}#di~k4z7x?q4K;H4f{sH+x z_<+kphdUoOE!Lw{QP<#~-n*%=sjx%#Eqnq#){<>^Pj>T-)(*CGGv4j+u!=0>E5x&N zJ`%QxZ2`PK*XR^T95rG)qw%wKFAy<`$;wcjZ2B(yfKU1vDkWK*>R}~sWN&%Gq9mU> zZsFAW6&F`FllA1OtCYy8tIm(gn6U0q{XYNdUUl4ziL({Auzc5tT*<`Q2qn7DV`BRe zqHl;h<;}M#waQU5p1_3m47c>&thZ5_9SS!^KD9uui}JETLo#Ucr2GJomtxp*Hbh9V z#M+u_ZwE&_i!9YJZ*2HIK~|w*iuxfu40h$P%#3ct)u97BGW7(C##^F%wsO0hMPUwb z5qU;-0CV;TN)3D4oqy?G0`}T(L+5=j?5w-s`+`YhTBT-_v~lSB+QLx~i?g))1=;*PLIp zg5A}k_1fWo@Nl6^hK>5Ep}R_c@7D1*6Zu*nrgz=f@t%9;-x~k=!Nh38we6$-KIP6D zdQGhKCgeR2s672XOoPDPa{M!aGvs1nyn^f|G+sM!M9N6wrBCD2&lHf-BRdqRj28mn z9h~&-LQ1Doi&x(lFo4te$Rws%aMta%F!Hh3zl)z%pL} z_{t&j#0nt(2t0S2;S_lI+G4h~c-zC-^+CqEJ5o36j(#0)gvmIr$N=0u%>w*j46#KSR(G~T-lzDoMdYjw4 znJV2hp{3k+ML3AqikCNMjUAa$^TrTO{kvtD?bq`9&mu`kRVrUK{^`|G@AzgnHYPd) zGrX?Fk1pLj!@e4VA&XB5IZx4~!F%w)0OKWGXa5*($sObws5@7^NEK_k_RABvKXcp7 zK|XBtwSlirN}b28A?n!|f75 zO&X^1c(cmpr?;Fi98##d&u@sZVbtTiB)mD2$XsdKw~At+b^au zBGIa~6_zjzDcI74>x`BTyBp8p*XQkkfcX7IU?{mf9B7MlEn!J|V7{os*e= zGP->QqrMr9pMlB60Bp(>ti|ex_Ed~BLa8)5bX$aIhEwrLZR(CGI2xN@)wZVf+Zfz} z@EvSG>v`f4x~MLpQyl-;G6gf5zsQu9F_d^!0|XYRV^wO9J|Z~}%&ab)?w~I51Sq6jM;{{H!htZR*AU(t4arG+mSseWa z3}(rCQk7Z+me1TFC%bu>I-9$R|B`>Buo$_IbVoNo=gcHVIHrPlSRYY|yyVO< z*~ug=Nh`6V$1c=0wWab|meG0~JK!JzGdr32Jz|@pvgZyneRxwl=LKXYXTNiYXIwru z54Y=jwyx$}zxbu^Rz6dQb+ZzT)sIXG*kY99hbrI_YB3$RQ*gVrzeA=1y{9G$SC!>9 z6b^k?0|8}D%q%%`v+DIt=<>SsTm+)O#^YNpAG@*?d`r%c--;UQvaXCf_1R~i-;PmN z{o=@Z=hohtj@azclr;-~9#XdSQVfxQqqD_QK8zvttZpzZ-1q`5i_>`PRcs{N&6K3n z6HgK=o0^y>-xi&;jPV~Sk6|u9zp~!?Lu}a2ta&5i^XLXBfZb)|{G>MKwqxasFX58e z(`dBeGnQ%-%kF$TXIbcuT1tx7*h@{-AAh6W>aA{}{AFVu#Wnr!lc-PmPwZ^Zi~B~e zkyrL(l+Q=3Dj`!1cR&AV)Q6jR4niIIPM&kgS&BB8S;q~nxhaFDGXJh8Zf;FMPIB4(Jv1`c(!4gjh#yuB?5%jz->>0(qIT+WnV_D5G*60 zji|)7_MZjkk4Q>XZ!?sOYfhd1wVu~uwZV9*+icEE_=JfoCjSL~ZJaDnJgA9M;W$T* z3}`&1&#|)4Mm=bCtzu{{yN{Ur$s3_Q4p*;n)c&nL`^Uejc>hBSi_RRMa@6-uw82zx ze6(q~=f`fJm-7(O_{a1lcVExHPl}^{G<)Xa;e|UAt+$!O1m8WY2^w>H-p(QhsWN@P z`v;;aXVOE|^q#6Vd%vh&y^SI2o|KbY->gJWiEV*a7aexn;kllTu%-Mi&P$+dDNPm( z6>3eS76i*B>PY0{uPYfCzQ(b9+;KQp+a>*tPY}eZ9&f&p}d-Hcd z*@jNbSWPTsmxX;9TOjQ7zEjD8P=IMbGHARV*b={1Oh?jkg%Aw#PUSm!Ey*Sy%ALoT zCDF@kKK~ef_E}7;DQ_t=y>CoG`nQyTi}S|(CA?MUc4~o$XaC+eeU84@rv#?ru-$^W zZ8}VNTfJ~&H_UdUIBffpWR*||gud>h=A7w|fL@1>FK5f)W_dZJPN1PT;$ofoi;L!$ z2)FPdm-M95Qd>>`KPlzZzU%6ga+(8e!}x*PWIB{~J^5)(kgUCvR5AEn07@l^LH}i1 zcrL~KpqWz;sVj(&=>rR8sxdY{6W<=_286$i2YC?UcPg$xv(m7;Hl-aO$e?ioKm4+Z zk5MQIkW%(10;R*ZLT_aO<`qNIg01u~Yyq9omDfaP+*5|~LAT@VHo@Mzu8F!G;>^Bo zGQJCe;1X1}yF7v{l9}CjVrc@*iicf(=aJbJx&nO=7y;SPE6S;*%G+n=Jt%FRJx(4v zfRV8T{>}`6Sysl4rzMbmDu?HQub6SuFa+(GRlk+E?w*z6+j}@j>W!k+GSae6h;lR> zSUtlV6b~PZ$!41MNo5yGO?ssA;1P!Jp&^K?)4Fo$3D8#PW6MIFG+6-5k!!$P`nHOI ztvw(5+m^}l5JIt(#*MLzf$_49)kJvu)T*G3jCM$+=oY^U|LPHJ_vdmESX&ebs6Uu z!C4aW&iRiPo%P^1<~?1rC?ljLivC?oXdAOS)#CEx-Wht=y}Q%q4tKrEyY|=n%#S1? zn-i<*EeA^#l{py{R>13T{NuY57*RW1{gcbWPdVigYu-eC>-@f^4&zyvzS?V({tdH8 z4j#K)@C5mjW5KVE6n}Y`#nJb}Oh5inU8D+9c2A-FXJ?)@X*qSc(Yg(yb7PS>yd#cd zNj~10(3bM2jh$5clSOCW(Dk{tE8cZ8E!KIli_9VT-IFVBFs!3Yaop`?F6}=j*7{kO zh4v+xTym4H1t8?iwe#XLKlgJTQ8>G8xKzDzh1mD=pMLZWyU)}nhNpifuA>~xhv+hW z50{eno)5ET_K%~7xOT1{f7{1NmN8Z47OSgeA}(Z{l1B98wel3kOJk5P4?~+6J0RhJ z!t=x>LBOVn0$k1fCU;aT45^q(!Xp7J^Kt+bSGF5I;aCDh(!HioD2V>~SNWI%CFK5V zI-2UW3u=5(aS{f)LDfn}~Wys_Z3*lR;h!2W~W zwzf9rLgr7eOP50<@9Ax+(9;g#9%mqm-twxRld1lYNTo_RgL+OdeJLDm^j8Qo=jVI@ znjJ_O4izZff3tI*FLh!Oo+|#2yrcGQ=p;GtJUADFt zmTW2CH=Ck%%kO>X;o`4bLdy(8TnuwI$JKs6VhQ=<&lZX@cjDM5NrY-{S z=&rLs_QWT{e6)*P72}EF)qxMuP&G@wNqbPXE9uJ*X58Qo zZ<%|lIrMVfTi-ls>nIEJ`A6~fU!`NOU5L~0GC3{%U=BsI9agtwa^=qCc*)a@DO3{lz~xHDA>Zex0na#VGknU z>6F4*HL9AjkF34%%$D_(C20$$f0;1PHiSJbX3`g#1?%>v9kI_nYR)7miPI<^z7i&B z3H>|8V@p6;=;U{o&z%0_@OfO{IBD(MqZx1By(7D8XYLWpC9*M)iAr5F#|f|T4$sQPs0oWE3T`nLYKCOKgI>-V`iALbt#UvmPP>dPI1D)>Yp?fbuoPl++5GPFc;- zy~ct8bc}FuM&L%nW#p{_bn;(7CNx$_v3C!!V{rqGj_p1Ti25!44kJWcDQPy2f(%zt zjUHC-TjeP#2Bz_*^lCV!Whyi}6kfF=Naz|`idyz|t*1Kdc4Aj6>|r#OEz7aEm^OM< zJbp#PFtZ`{qc4D*03%%}?@_nD&y|m(+ec4))mA${SWClD^B=!(H7VbeY zox5bsQPR|49VSW8avtKQBt)zzrwt2I^s%19V_iITNcqnx&L|k@O{azd@djC{P*j%r z(*YjiyF|lpgqUyvgba?mKw#R~0ZnEUR2>ju*XW_o;jv-amN77==eNBA_*}_Jj*}gm zRSEXgDe(TWKd#V0!t5q@$_h7sr_I49^KF(|_EW&4QhabfC(X**(f z%Ty$-tVrk9W0`c~RY~S9|E#w$h1u`p%zlNMIg^yeJo`E2ODz-U!pahR*dw9qpj*~A z`j7BfoF;aF9@`Y~@g}-ODfwPPe~FJtwv!QLDF{XQ-VlM5W~!j25@yzv4z{zWosx#Z z(keyoh#-+7o#fk;SMf28rvs#VV)b7;r#Ju~yA!`YCB`!n5wJLDu*!2&#H;ieh@(UD z#1BzO`NG!zMvuvY^?@zLBFRUGr_#y7OkEY=W1(lOq3`&mo45{0aEFt7_U{Yod=osG zOzh!B%rw8v9q_SQ@E+ET5%c(tp{N2^85hE9!V@3Bc8ohMgY?d}m>2k%lmJYj4yc7M&{Rx3&yDsBpq#wJD&HsIU@vaB-KRgt#|}6o z^Q+Xuu;n2Dyzs%PGX&#`*0{re|cvw9d zDn>Y{<~9?CJU+&2l80Jy?V#?w=OQ*0s|e?88!kxX>uiwJhY1}FKK>}MNroJ1_?;-z z$^d-qKF{_gyEVFicNS;^mI4$*ja08UWv*3nxE=Vl8FAFf0jA&G08dz~2 zX*ZSrn|R&)b@TgX%$o5!@N6={rJQkKIpB!Jv(%1cGMs_{$fzuQ)W(U7gGI_rvdHYp z_XLL1nK~xEfxKnDDiC%5M*YyfWy_k3xogWU?7BUI&gq+0|;12M|a_MC5RBfsRUss z9WGbtya87x9i^)9N2d4ncG%Qq)BLO(M}+b;rSo##HtmP*}p{Lg(<} z6Zi)KA7^IGckWa=AOi7E#*P6+rVjkZRV+mJ!1+F*ef<>GP!wqfIP*(yl<$)H(v?}k zcT#O2>@4j}tonvjbA))mz^@Bl4?Q3((lW{EFrZKNVi0A-ci`JY1rW|(^_(AT=V_QI zEfVF4QLhZ(8aN0_)4{7+!jthDOi2|8f>QMuZ+6U3eP0NqVC~XhF{`}#6x#DsIkYOB zjYBPgs|r+_8IgGN#ebeC)2zQ7eYJveF!p8#9T zKpc)F`bK z%pj1irm(zrE>jCH;#(jxh>0L%tiYQZ)n+(K4v{w+#o=TT3a^c-&7EcVfmikK0kUDF z$~i_*!Q+N^trqPBdK1vdqDEueZ%|Fp&1_e(w484z9%9|W09_}WS%5B|$Igz^CfnYU zB$Huc73nAD_eWQP|3e;Ho!B}lgs3u<#N+b4)Xk zjndccZmrZpEGkoc0rs)ZBO+N2gcyU5iY&WbU?Q+mSqNJdv7o9YBQh>JRxIGOu{}5n zqUHz(($mh`FT4tm)uzq~gmwuIfpc&%Xz1pv$O9z29Gp1d!eploIi(YDNM?|c>9%3u zDu?6mKI)8A!Q^E)fj#ih5HMz43zM%1bDZ2lWQOq3Qe(8(NFA?%Tu znJ_mNr-fveeh7$6drpr*?aGU-Z-A1UBN;L5mjg#8IDDjS*27e9Z*Qgs{%6k=2i`;< z>mCe!1`D4y`k#l#E|?ZC?)v-kaq{3IC~v6Wl4Sm^i+3e^7`b1Wm4rewlrsT}xow;) z89GwB{25A{5ui;*@hce04ioQ^DN!(N{wJ2qQ&83#R{mU)>8TMpujR+PgiuA4D@`YA zVbP`$!ecrDg<0!#H~^~!9!ma0v+vpErplE+r<6G$04GxlF_a)P=FRKo0e=z4&b-l{ zqqHM0z_DeYoXo1=iPhVTM&c{yJ3?MTA*Ge{Xy=<9jEKgUe#`*q@h@o$*3ObIyp9?> z6P5sJJDHaEz6LAM>2hk$_)s{15$@fq7di?w+LTa;pK8_|tJ?uhbO`M=)N$;1}2Q zD65*eZL+|BQ6f>e7DL$Lf>`bT!kujF@EfvFTZzNVu3?(JUvgt^*dr{(AL3iO9n~dqa3BTtU*)oaC5_z~(zH%>xk@ zq}bl%HNmlEw6?N!cmqUs{qY9TTfl=ozJs#U1^PN?RF|Fcxb4lHYBnXV`or4Hu5!ap zc7C+f>!P>WM7tVT68^Z?(K^$;n7$qoIXM;OktLD^2B!Ypv>uR;#h^1ZjB z17-woxagNUk`?fsn0;j>?6i4LAzkcunPW3v@MK{l#~hmRFTs;7`R_BwjyA+VJPp8R z`x?Esk4!)N$QeX%aOuS6`m8Hv&0Lqf_trVq%+H#=J;=UhBEOvk7i~h(QY`GKBB^@fS@94ngIO`4&0O(d zW^ZX#S@@J8boq(7LhC1Ur~gpkHYE0vTUW0=Q+LqAcf^qm#}?mmqr|&Y7puZ*7Qen{ z6QH4+Z5iX>(kyRQA_*q zw{E2#A*s2G#=Aa+xoIvNN;_XmRt+P;k{KYYd~V5%e}bm4H?k zMGn*u#EA*PHep%_x&$S3K;y#To2)*dEjgz2Y8WUagLNCq#@vZ82Lfx>NTFLRNEE1f zSY=Y0v#?y$=c*X+WS(1*mW&x-%+eXTMzj)3!(M1I?`&&=Ysr8mQ@-7;vB`Vk{`meoT3wFA==jRnk?`YOQt46B36<#JFb}HLaM## zpVSGWb%arU#zky6LW;!BZAQyR!h6n9aU=uhyZIlK41M4oaq)OLSyn+=aQUN9+c63A z17$;|5|MgCk@mx{a;EkLIl7CbF?fteClw>FVexk`F?Fbq zvCaLLUoMg+=p!Rbe!Yq-;3{GldO3HB^=8*}&ITN}0*Hn|@rYn@*{nJiL0Ig@9f~AJ zB#3w7u=8L(&d0ZuAAzu#X*a9}Ae3h@>>avLj zjU_JXq|x$3Z9&~CkMqN@d_D#NObWS@q?(yHrYy9~>&gTeEu8?zAF&#yd%v2m{wr3+ z2NE7dGX+5ZhlBVt4#tkIX1lFL`OvFX5bi6I0)>UhHSjPP_Sam^f$d(!F{ul1qAKFe3?x7w2XVj|3yJlNhVDJ4$Y>Yr)GjDw5uo4ubU ztyY~)T4ilWfpi0Lq;pj;fOiStx5A%he=P$jpfP^*{$(=;@BDBe01$!D1F94+n$INp z=8MkoGEdq?ee;&~6U|xU12(rDOd8>m*LY@hzn~NiBB3;XR=9fqso`6e#y2J|i+0ML zrUX-^o6k3b{tsOhbEa23K%+VD!2`}8^F<eP>&&sH4y3)=~i~_m zg4sV~qL0U$Ahghve%qOYJQ`Qm+Z{|G(g?EHi=#<)*af|fmMFuiC3dVL?Ob|8;EVwn zZS=lX&CQvgB}X>G%t~eNZ0CMjQ8;?YXVz=i-VdxS?BB0VF|@}%@cVQ~){}kB2W4j| zZ$7+yAQLsltEf#9)~0(UiHEpuJ@XtNmBmnXYc1nsqUXNMC5ysxVVkQ-^THLVpuN{> zZRwrNelPKgbWeVKMyO;=Y$I3H_4YHgRuZf#VBMREZ|G{SWsIIdpGWWUn*Jq;Z+AVt z$t%ZKnc;DE$^p@k(Un}uBB>-K=fZ0yN6h>!(`e$W@d1xQER>u_MF;xDM&-%IG%X`= z#k@m5#>oS=&5rTlTQ4hZpwZyk{D_LQQ8*`#qYfs%c}fPrnOcXNl^So|a}bTPd(`13 zhi4?rz*VSc(!_%xn(ULG>(vV|<+JigE(Rpp{3a-JRS$EDH5H^flwVF0wWX>sDas8e zEt8cvR2ESz%o9p8jL6Q^i;W-w?CV-tNek+vIlY=Oe+1EL#gKg$fZ<J~jNa^WRI2^BX9& zCePE~emY~VUCfv4+Hf^gvS_Y36pzn$T{ta{`c3e8I(u~doUBK2^tU-<{vm7sbyJ3A z-KRfA^izcCKb9QR=MBc0X;*oF3UOw42ja}Wr5%MhGaA&SWdm_$7YF0acD#%;(|Q-m zoN;FR{}5+Z3~^?8&N#C=XPjB#K%ALmWrYUf%yOM^X57f@8V>d1AL7is2II`uLe)Fj z8E4iO?Cy*+<2;WuGdttVWX?FVw%^B@ZAy;uI1h1V%>!{}8}3xD1G;b^&WuX(>G zw9n(r=u@MzT{V&kxd%DrwSUnC{nXp9rps53*PQm^sG!%pEb_{nq9<9b{AurM7wq|V z z1_@$Sje7g9hc;h4w7E*QZ;dAvIdORQ(Z_3~>C^VD3SewjUTo@Xj&B&2-Ml&KW$xM2 zuX4s?Ynhi+n9h{g8DkOlsk|;aN(ZHzQWypA$}}#TVwYedj8#_(JF+6@?7dTK0G;BV zwnX<7g(HnzS#iVoMrpPij6anK#NjlXf38d57@ySM226(bIy3xO2`UFioK`9g-HKA1 z2m@r+{_j%Fgvo|uAfTl~kmNgvEEoov^X;8!`uj^Vt+GJ69YS5Z>WXhnsd!g z?WUw0Hov^+$XPoaL(yzEc@Vbo1&@~PcHESVEV1_x#gN*ury1f))1Ou7NeHB@00Yzl zV|Hn&7&6Qq9?C~OxMg00-YS-IwnsQ|wD;NS7|9yC1-mD^AuWa^5+@~a1ADAtrube;~_-DpAXntyk(Mx5eEfoYoaXccR-o~s(%=Xfekz=_g}_SFX*JTr9urAb+&{SI-4i>-#<_B#VhD{&+mIMlX~WjyKX4& z+n5^Ti92->BPwb`&S-veq*vVhAb2OSlCqtA6)ul2k;nlg*#F$cVpE|j?UM^jqT-rBYPv}fmpoCyaG zQ^px;J(lj7pYeFrq{xe+pJJEJm&`PYE(^C>|A&R<|1AFuH4WsSt%dxvaH|IL&*Y-} z#GlVUlReKrtM6RCLzCtiRl#Z?ocU*84XHoksiGd9km4trXc#XlU2OPrWX8yXnrMoL z*Ibh?&fdFCTw7SO?-^xy)~d>34Bx4TZeE;DxsR>-wfWiU;|b`tDSL#mr)ujcerYBN zW#76X^v=x1UT%R#M*FsQy;n^9Nao+DdwS|;R^1T8nHU_L3@6UU1oe*DdTA_V)`#&` z9nzrw#cH+~BDG>6;$w$Q5aW5?tsSC+I!Cm9T%?kU{2!f*0tu(j0M7=8$uVUfpom@> zMx(>AqWcJ8#2uZpn5nsUxZg}?Ns`asw8yoUCWKv7;#Vh@&o5SR+$Yw4W>WS*8eKObqKys>YLevZcv2WH(*&p$6cQJ;6X@blJl zw|#t0)FnlZxs@~CNH(cXTf!Q}A49?o*8z30SB#wZ0pQ-z=N4}tG;(?qhO=ZfLsXbE z6>x1_{gI3XpJy1ClE6p&E-nxFP06X9!M@yRC=vBHKCH596L+@+6XsAu@dI<&-(&^! zC<*=A^&3_Z$!}vni>%XsJ$fN+MwRQXBe{iigUgPEkIHVZ`K*3KK;rCatkH*;-SyvJ z*VfK6)aO&B(?(NUZbVW%{1+}=Y778WBwKkldBt6q9yz$_e{#D!!T+zY$ zZpc(2X;JW$*%JsOiDvtLTo{?V!p!Pj2L&(w(X?gV_V;Uii$I3~wPow~bkEs_$KhnJ7PJ$8KDM{`{6 ze;YB=6yxTxJ$d(N-n0WhZV4It3$oufefrP49k$ngU5YNWl^YIk50Xs%w~s!!#JgNf z-fY499WodvpUeR4OrkA51-HbH<|U z3?)KFHm}8qA6;Gf9@(K;To+6!)#>PGJu5K?w#g131ABNv`!1Y7okN0fQtbFS1#*x; zo!|^Aq4FV-&9tytxFGBC|HIy!fHifeeg6pr!XgF`Ok0Gw;|8%)D^_IFu`X0`Ew(HH zJJV{Z#07~Gk`sf7%CvU0mR768x>ao@)&(Udhk(?_GHNQVWYpvY6b%w`0tQatBsu^4 zfLnd~%)Fg>p7*-`&-K>Qh9v??&N;u|eShxnXH$=4$F6Uw%nIdyG}KZaxAc3Kjx#E1 zZoW1*HpaF4{!&K%#SeUTO#6#lfi9q4S#O~7Z#8=t-*8i1=Wab0sz(09P&FN_wsDb| zwog6_Rg3=>0_P1;0d|^}%;PAY3ssXrgSjtMt=m)0_;sk7>S?H&mbhxpe90VU^X4`3 ziAE)|IeSO->?y3W|EMkblLrT@&iRi7{Ttt2ZgGcI-;G$l_RD2w&N&&QXaCtUX#X#9 zWA`mxf82U{W?1bz1@~TO+hok@)f*BSNr@Bv7}C*SISwBv`pz_Q?3~#b>>FEL_o9?IgQF7&v{hW5LhL3=qy>)}e?T&6wgDBAH zH|`uu7eM4P7oOJXrumRxG-zM^g+eX{3zt^#74&kSGIE0h{Gpqr0G6C2iJ(g&j5rEO zrUm|0{?lP^HILmZO+kXp-qaPb69haxg(CG90@t)}irJ6qoRJnU(a8epycRNIrj+EloSHdgEg~r|u0nC1mSk zAv#XY_%s&ADB$K(N^WG>I)LP~sK#dn?*&Rud+o1ZeHLaqSdmy>w~Pa0CAW!W@N-^z zo|04kmY;Lk7Xp>wl91@!=xM}Ze(xMBH)ZuKY{UK>hz==5r5BEka%ga*-ki7>cA)(1 zdmIGBn^FQTRqK}U>(TpQ4S~Vli^n>N;wj^B$e#O6M6M*I`201}MLK2~-5u$B0v;1` zW;TMsXn=Qh0bBr{B62I(1~-YZE|y`?{|?g~P1y>1cAAk(5F>I4>FVGTP{#@FL*(Ss znwC?wmDbIq+E}e#-w4@QigMdg5sspg`Q+XH>W_$VwpOUR zRd3px2<|{YF zs3m2uqMUZFHsfT^nbWIhz>4m)KF;MGTNspUZ-M~>sGbv|qaVPgkQ1YDMj`sO0*in} zsL8tDrz(7$JT)iV-6OfY`mlwa1w5L@j=tQk_RNYRoc+X1@G?4WDW(O|6GMbhnNz!n z!zJ~JMz`ODaF=X*xtExO3m?llp^dcP)!FTt$Y)8vTnyJc0J*p@fpKyZ`UH{Fm4i6^ zU8V?f1(VYpqs*Cb2t>$M?Hdgzf>$KAccv={I{@YZxEjl>b4Q>eW%+RqwOK;IH;lzq z&0-_o6u=@eL~eBT%v^8g->>`?AxAPF9lccGjrWYDg3RnEh@2N)#S@|(uP`(GfwL@g z69|mCqZqPF4@hPDt-(G8#8r_qCrNgd-*wH_{>B8l7Kw%%YWfO-`4wC_`pMetb6c|i0GkK=263&6pt&2?F#;d{bh z*);-Cv%UFTq;P~e#^ta5API&9Tpei^p6wkR$nvtnQ2GhRZHqBXHFWP@u{?sdCuKQJ0cY#fK0Bj6)&F<2@o!WAG%ln}5kJc5grbhMn+1#qD1 zhK4U!m(sYH+Gt%3-^lExa*@q3=ejwdw(3>V-mm3|9ym9cjU>G zH5bd=^ZeS-)vFp6rN^}4KiD}bX13V-7z!|=>|7=JSjJm14}d|8mUGtRKILN1xLsRn zYMaf`WKRL&tM`|H-qFMG43Nu;W7r(!IiLtGRdV|Xxgyf!7^^Nqq3dkG5EyNPy(U1< z5}3O{m5^@*a?3&pc7dFJIHXNSj4pTp7iwxCr;$kNNH-+xMZh7Ac6LVsZm)LHoQT}t z_Kr%YGA>yUa|f7|0{JjNx5wSpVtDxBk=|!0fuoXp0IoUs;mqOP(bl5e^^iGbz;2%H zxY(G4YE#s1S0|)%LB2%PlM@ASq#R@`%y&K|r%E@UABInzQ5cND=tR&m$@7dH_Snvu(qfmr zfXIQ&*JzFcL{3Lvg0%B{nUIHwoe!$&0-G%e&{l>5BDYB~La%* z(d}>s%eDG#ga8Kn;D1TZSyT{m2tYTZ`zVx0SoVQtUg4~)I4ZIL()!dTU7eX!khHub z>;Q-$@HpGztQbWE;p&Jb>aSp+JGD|lx`F=%BV^u0OkDJmzVC7p-!Kb;oT30*xQP0I10o21zbj?Nl*8Hp@x$oGS+SP51HYG^iko+6w!n@YptuVT4Z8H_z zN2Xnd%kmusY4N^eyv?j9l1~2Z$CA!sY7`}hOKEH5rn0@*4?s2&SCqxvwp#MtVqwKqM%(21N3 zRKeZuVUIGpYPcW)J6{TwDZtELe1m846A-PQ;}ohHZXtLBV3*R+qhcms{lr5kf2m6G z#>6!i9z*<72IpObI?g#bVni$tssr=?Qoo$Mf*@GgEsvkydBrO_C}xe#u_zM|Hqu*b z3GWC**%`U*+ zRaQ42G|u|~!$vL{-0pc4uy{Rc7wAYT@fIu8WVyHD1#0G%VRWuF(60_KyhYv%SYy@z!gFd*v?s0xpQM{vmt%-rNB%-m@HusxIicQAARJcF(6 z?y@&u`oTBt?xCWHv61dQ0ql^;^`rajA<8e(e2ZJ=O}?Ey5lz3``0BqOz*Z0`k8t-o z{)InK*APFi2a(UG=y!nw>-#WkUpq{zJg&K?--d+oo{B~;iq;Vpb_UevHTcQz9iuS> z3RJMIO%^>W*&;GtrnE6g;)q|g@4MYr$9q_TnGcjZ_SJ?D^c;>-^>AOo(YXUZ%v&G1 zdBc)%fhDHhZ+hLk8f#`WO5(fqp8kOY{inoD-uKzr3E#(`f7#EsB5>!5-D``G&8$xr z$XH8OdyKcXi#rmB{pnu#e&*^Q|IF*4CNlz8hJ}MBu_$X2FV!oYvt?%@Q+J60kKQ(us;{p5TU$4Y~CKvXoWzI9@=^-%sTnH~|9Jc9;Br*cuivpDp z1B=)Z1_)jw`^MdZmj%c`4*L4h#Dr2bdnjBNr6AqV2q1^XN{951fz}0_)hu2cU`*S% z5AH`txXPintzQ9`%v{PVOjE|yMkXn_l7cF_sswbNmC6KpXS<$LFL4GDpYgmRtN`sn zS_b~a-WkyN9`#t?xoTP3V2zK9Y%$=QT@aqy$Td=Rt;Xuvi~88NB9$J3C;)y-dU$?3 zx|{@@uh(=G)S^f+Zizk2nbGg>YykLelXWjMl@1&2J-;JM@9&tPRB5OaTQQY$X@y}u zz6Ubg*w5=bJ@UAZ^_|5OYqH11rg$*R5i3_DI0s?)b?{28E{sAFM~_qT9!(fA@V%k3 zFOnD=$L|pz`q`!5z50$#lag&&Kcmv*&G@O9vErwBJ$DpePC%*66V}MyT(tGW368(k zKl0QvOsr;)?~Y4Ht~368nTYiL4sYXZmwAlV zA0B#R?CYkSiFb(a4h5BKYy+ol8GZMm8tkEgbH6R#DWJ}}{U>#MO58kFrfep_Z*~vF z_-bE3NB9;Re#;uq2Gh#e3BgerI)mf=4ca;q!1p9iy)#2h%=Z(*EJ1r(1u*0k1BqKzm%71D;Ke0+&yOU=#KT?!>sNf1N$k<1Rxhj)1O5i;R1qjXbvbn4 z7u4Ax0POm|b#np;SqNx39fGU)^>3F~)pf0{s=PUl=DB*FriksO-?ajR;4M!Y4eGT$ zE06Tu@cIh;y(0siXFE*`#;loHwCYT-?>XJhW7PWI9H97w+b1t*Xbf#{+e>|4{Y(lfSp~J7>lJi|58YGM zf1f%~ewG6N203q#iVUf3{h-`q$gU5mqd!dcQ*}>q!2e1G`hx%xX{luteaA}rtKsDL z_})@@df|glsKOUNafVa)nM1s{kh^+L>l>YTS*Zc^N|OOV#zO84S`cHDXIE<1^DjPj zfKIo7#~n(k{$qF&wk9&uhp_d0!vjg`CoonA7EtEd#5hJ9201Zm>$G42XeaVHt26y7 ztwjKlTFpF|#N^jOhbRmcAT8=M_1gDIyLk!4auK$ZQ{AK*3r8TJtR{XFih*lOnAD?o zR{4PibTCz_E|SQ;xM;+|tJDw09aW!TZV-ztBlmUt(?}e5dh3)?h7;-ASi?!a zs`W}ugiE&59jQMT2}E3J`qC031*gzDh&P*$-;J%5@aa`*A?5`R(1v-o#iv9XU{7RNaA$N((qqtu>CWScI5mVoLC z5wF2KR3L3>E7NkOL-3R(76k^*z@SdhvVtsYwEmf8 z4ip*LVh9L=sCvy^?O>wxo~AmJWX>~g0$K$oRtf!4t5YigKmsKQB$p&RaE1dU!#l$5hXu~)6F>$dJi&Pab(L(jT77dhVTP2a9xCn}f`8pvc zxf8g0DWX>q+9)b99=bIfS9cJ-sqV-sA+njo9WxZ+n1y{e*X1r>-*wNlS88o-+%hS= zJ9Jzx&-6W|vgeiK5fmzj%jaq_uQc}m zi2!tEv&t#w4VcmTlB=4F-<=?PudAc^de68f;=OE^*zb~0d~{CFy@ZYO%u|IyH#!Of zal4N*c-dr6Q3cFW%Rmw&()2X6b#>J~Tp~DL5Lr?)?4>scmncSmaN+jLw?5?TM)oQa zHaOSiXdE_$+L$2LoQP(|kkFx3Uix{-j!q3t2s@6AM zUvKBxW=UJ8qL(lYtgBo_L{jVlswR~LLTJE&D_4P|FFXcKg+a>(x}B(>7{`;RPT4R< zO=#BLZx;*{R;hTf5YOu@YP!~?qaY68Ius3hxgxDlN&F|nXQl4bFUsjTl}$Hj1TOC3 zeBTM_3dddorc}hnmPZ+w>3df(k=Le;r#7a(b9oEiNWgx=;=LN?{!Cv}xl6Xef6p!H z5nb3IlHgV}Nje}FmjK)=5Th;V*aXw&*I2w)$9*x@bLBbTi>ntHxA|-vaP{l%Zjhqg z8|vxjzkYY#M}x5)1LCR~?b3)@xzvp_XO|PXJtXBe1~Nif6J#<*b;yj5Cgx8a;OF{l zeUB+-^;G_kM?>AqwSRouC-CfFFq{#dbE5UfHRrBt-F|PxI75Ys@FSSgma!bWI5#3f zVaG)e%PB8uwMhI3$|L@Gy=i}MYUgT5%)(5ccLy^+g5H22KcG7vNG01m{EqoV4e7c` z?b_Ndc8o$3)!TH&=ATe4KQVH>* zx$Us;iSk4?HsEus|Jbyzt2^N_9M|p963LoWiO9qC1I4BiW5q7`4iGZIN)v*6`^QW$@2;6Soyd zzo!-3Mqdjf6Key%9z1g8j)UJZR?Ilpvi}6bLw4HX`O~)0yKf|I^_#xm;?fKl;Y+?H zuuKl)EWhE?c5I=(i_^4za{f=)0=IAP=Z<^=m3|e7xC8^ooQ72${0mDwmR!&pGW(N`R#bD7X_8o!9>WH*^;3Zh1+wTnj zRKi2kaa?U-L)$_Z2RxNN6%~~>%`;LO7ywZhOW}$ahhx!uwPn#%8T#|FPVz7J4J?>= zigviun9v<78aI82s;v~uige8d{JA7L%=fS^7K$mNt{&~Lia8Z#Nj*P(MJt_NRU zv4+s2EKNHcTeyB&nW;RfRT|s1;tybg+z9PJSk*vFbMW~QM}I8$3PIPxbhO#qwHb~& zXGV!KOyvxQfDpRF!&h?UAG7I}n?B~oX2(c_Rr29rC|_yA8Dt+Br!tkH&`YV*X9|{} ztQbiN{0wD7Vg_vdVPNnZi}tvGe#XZ2=d|esu!1!{&S~qWbJ|*;<+PRe<+Qbm**VZe zu=ABX$Z6}QbK3MTV*=Epg0Q(wqw zv+#f^Xtm0JE2r%SG@xSLj*9iUTh7nFuRWGCE!c+V@g%La-CiIwBDud|@03Bq zxOdKK$7o$fDdbA7u)k488bd~6GqRPs-A+kakA3q57TcAH{ab}@C)fl{bWDS%$WD1l!~j{$>7Cb z0YUDXy!}CpIaA(>4h$T8KMFBL1r}WS_VqS%V%tY`PTl)~^DSK?PmC3YlUqMw)K2VL zapS; zqYk;D=$=77NZDEJ(gk#+k3gl>0(ru^8|#nDH>}g~7E`9Jn^t&CbKUuq_M>SFnR2Bo z%y;Zi?yWOEXSm6q42WkBJh*Mxc-FzU8mCW*XMEU_6*%<60gwLJ8iG=_eljLgK8V3& ze9C@9#z6kG(wGn`exIA;}PrfC-Nn(LtN{&PrQc>OTzv49^e8)-~NG z@J0-ptw#P<2>&|@9e`1=lfg)9b@sI(hSnJk?r#gBY?U|uiYDPi{41sb@3+r*U}hI2 z%#G>#y5i-RG6!WZ=lRv%F}?oR2VZ!8WB>TX_DhK)_vivmi;@?%oIZ(W?0W06)r0lZ zFTU4G)^|*QW$3wOZxSOMZPJh>ry@_CH=hkgwm5S2lT2}!_HrL>8?(A@nxt}|$BjJ> zS9v^ecEAIV$HhjM#z)l+Db#wn2&VLbX-9Lr-s=a`yo*&TW{y0EY^l|T#}&aTm#=2f z910D^N^xngJ(VQ}EEWon(87y=G`GSad*sil16OX8^h~|p)s}Vt<)jTvSy&s^i`-6J z)FQdg+PF4e_Q`{tGT-66ckcgXgXenlLHFeMFA^1uNyqlZv^1#aArpPT@)`meGqxVS zLi(D-Y9&C&jj7#!gp_D)gv~aPMlmqsR?%on(hwqbK4q#@VN;WMiy@e+&IqrE@y0wy zDLq%K3<7XTucG0!D$Z01wjHWQkeQw&g%voAtS#23Dpcs0_z^H+0?f3QFH$W&Bw#fX zoju=)uD13Rq-<&W#JySVd1K7tT6MLT-LUws+Z>%OZr{4tGPduust}fTk5-q=T%y*5%#egfQHlhdk z(dGE=;Twg{pv-EiL+ysF0Hu@z`I>42Q2WD(<*yv{Y&K%zSJc{wfh-0~phq`(W- zf7JyRsB2>>`*%PV?o18*!gFxvth{p`h}7-6v?iQzSyBNwQu1I}SxGj3cmXqx#H#`aZESNDMp|M)>Pb2lxhP3%&uStDS}(qxhR7$#S#4I-GRm>s zRhl)*%m)NxJcb&s%eMy@z-9u~U|53YsZ2YB&yceQsFef(aX-eO_XXXZUmRn<+c8E% zXuhT$zBgQinMd2;78xKw0n^yO@bi76QY&P|0`w7xLFJ^1ellfmS3n4d{gqUxDu%-I z!@U3zdji%Z&#aMS8%#S^0`HK#FWz5*f5u~}aG=%7kPm64=b*>LnE;fY#a3-kVMv-3 zuq5ETMgYNX-0VAL3}NW?xlrjem`b3~%-d)_nY@BcDgd~pK)epq|Y?slj z*RF+l($v{rD!e2Sy11)*wWu z-hrBX?Ny5xcs*r{1ZK7^MT}h(^pj-2k3M64<^dxYpEM=w-`-!-=k=Uk@K)S2>I_1f zey#N^s%<$0v)CWHYax=!>_r^dP#7%Kc8KgAPN012^|KRL(o0JmBWOt_gH$;~^U76* z-of`!h{Hmsrn1iPL>C(FDPW`0O2VO0;Oj$MJvY}uM3%)1Jwm5d5~?;G#~CNZ6Js7$ zqmEgi?1E7fQWFWLhCqD)p@9fXvU7WzPH=TP284T|22K_tI`_KxT6s`wtUH<85g}JK zLXZ!RTdPHIkiJP$K?-X*q*L)-R!T%?8&Q!8uG&^MdH=7WGZ4&egdOxYENN)DX~$uh z5m^@BXZ7UK(3xV8efZJ3)@8nqh|(#_c!#K)Uq^y?Zx)F7s+fX1peK6^AQXCe(G;Khm+ z;}Ll~IS{-s0G{dSSruT+BJ3m_Wf~VO7&LZINGJn~r>Rm(qrC!gr(*&xrC|4v81Ht> z()&^=+7Gg#Es;Q;wIhIjV$vRwHZ@ZY(+OU2F7kU{&`1oUv+KGVZwdf9y7~KZ2u<5} zF%vZS4{*L8)qO4$^AlpNaCFss<7!4Fp-q)wm?p%y3+9s_n>`~NK#f|VA)Oi@yW24i zhbozNzHG@L0MllPzyhkK#8n&(Oo66BP#gTROS@Gtfh^yPtHAFZBQ`K9o?>TuaNCW) zjluguk?Jd+pRj-<0wPH`T`ce_$S|i3{!d=d)`sw}r>KlD7Lfxh&EI>1ft_VpZ;x8b zWr+&yBC#-i|J{vz=N{2>TF=9$BwpgVH8Uvf2TD5!p#kx|;*);ekrK;z8}!w50e(-Z zGldY>`2tu5Ig41mUNcBZz~wy23RnD{5ZehO=*lyLd4tRma_E+Dj7va_3`{LYzW3G( z)R`RibuJeJs1Z7fQ-0Njlg&6}Er#eS!FmeQPYfrIE7ALJzi$ythE%qzNJ~2%h=tRr zMZPD^oi*Sa7dFC-FA&N(Z5R+NCrGfP&?~paD#c*?Hwgf55fDB!vz_?0*OQs>YwV0p zaJ(UE3^GSS6+MdD1rX|1RPEefMr%DehNIw5ku=znm85P~%1+3f{FrD{G0$p}+oOjQ zBDbrgc{0D>>X|fiO{!T?vyYA5I7>j5s@nnilF+wSL+^X0j6%E`jlkfQpqeyWWtcJo zqotnQ=b5uTrjm=Tpd*#KrrKsEM(^{xPr&}X0tyo`(;aFIsYl@9;48Dq>HeE`?JshrP*$eEKn<#&G8zS%1shvyL~5r56GF< zW2dJ~%!VL#BUg;)$K!zK^;*%~9|=ft>nX=%rgzzBgZ)3F%3 zS^F*Vl*T{T1#Qwa1wj%94J%XKDfUT?+>m-~1;luYRXs6U!Rr`pO+B?i<$`t<_b9|( zWxC5D(91<2(dLmCZ=PSQLQPeKNb)27j3CWI13<-_^VKBcRW^sjA;1TuwllX8uJlp) z1I@228v&}&yhvEH^fC*Bb;$B{hef)8lICbv@$z(ML8g4@?Z4*Hpcze^b*Y^x zBD7A3+V;7qplk_tX@Lep74EfzchqNJfzNYXWqR-ezfBkZJ882InM3zIq0I*UBb}!Q z&}LLQYrl0`h*%$2&iZVS;!YJ5PD)K*W9B)vwOr!b%X*GG8A_&5vGd;Vohd|K*0?|+ z)=8Z7m2`XlS3*yY?T8k-MsRB7O6F*z42((`#T<;`@0qsjhkcPitf=se;Vgsb%u`hQ zFz7=gSJ3;aHaNBj$r_-}ngO7C@vQ}gTt?BORl+ibMwqk_3ZT-uNBKi^e@WM-q@dA5 zQaYHvw`@b-Uq15P>o3FKbL8Bf1a9lfH{OV*cH(6!&4p-6U2*jWboB(#>HQ~fjXoI! z&Af?JZd$1I+*{jTm7`o@04l682!3uZKxxlF6n;++JE(j`>*A&$QQ zl1+I6l8yTNusu`$SAb;6|2%w6U6>P48)m5x+)Lilq-I;Zxouzc-jBbqyK7cjB|V$;szK8GhxV`NGDPx{9Ygs3)xY)o+jRPrF=X)% zx1pO;3OS{NI2v_^*t82S;X1#5$!Br)MjT)yA7IqG`(!uYwpeU%$opcXcl?9$ZolW2Hq^<jCe(6hl#EY-LV<`6v_i<+ zXw(d@&!reDI-2QshKJ^PJje{h09SUtsMzp8T-&WpRbnb{ zr%)bM{KV^N<|Ep;A{U7#xdW@xU@~KYl#(OT&v~qjmIbg)4nvfDbk@K8#+(u2i-Q0}jh zQcG{bf}V{@;sGU74W_N05NAKgh-ZzW86_(XH%TA-TQ>)TfrTvh66s?k*fq&}p*Q&_ zcK@O|l}a;DS7~s(AFiU`T{m#dH;`x37os+=|Hg!t%{56wOIj+*JT}ePJ|S$C;?sGM zrnai`+?|4z=kCC%eZ!wNeY4VY=zw{Z-=mVa?>7&uy3n?!GX!e#7VEOtb{r$oY!~?Y-TGr9D=Bu9Fmku@iKkPbHpz>HF$uj!z)W zh?@@@VRa3^N(QY3T_;%%$Qg}}Q8%&F=b1E6eIh4?G?dqunbt4p>?7zP?Td!e`q{b{ zZ{Fo&Dl7GEpC0r!{U!e?PK{nG{MILKu{FtD&N`vo>Kj+It_9FZsDSTmJci8*H7 zK%g*k&sYs>#pr5L2W0*=<14$vq(V`hIi4!J7*n$(08g|eaD);DykLsJnhP2BM{lf7 zu40SSh3|JqS>1K%0+Ieu6GvK`MQ!Wu#%j{KyXqGBtKEDfRSMy?`>-EG(=}SxGplES zr%=96Ll`lbmPAj-+yIdKBF>{0@ z5|OvLwY%d5$SArP3c)!f+gXOANF=h8y0oa9dO_-0R11Ai&pB9DoXU9{z0@k9rJmL4 zh*yXQ(T3kquXPM-?S!Fr4^?MRoJ%M81tt}O&WevMTJo8?#Z(yX(JUui<_-=z|^i85{U0F zKfd(gZqNCvydW7Y3|q7&RS`irkT^L0D5f=?*lHNA;PLamtm_2R0B(l1FRPJeGk!&H^^{7#3f?@L$#6K5%j?`a_A7TK; z=*HFEF9)HngW>Lq~nX`jI&*zGu-+qV~UUV?x2g&rPC+8 zMv(`K>~FpC&6~UG{pW6FREY!$JqH@oKbeJI9?O_EZ+(NiE#%7|K(oVq&eZ8?=RC&4 zy1kr1Sk?TBju;&M7(;RlGDD*~7{x$m=<_Q)ER|?+EXEKq`)3rDJftoxh=}t(pw*4 zdb*KC=>3+E9sqphQsCnB?uqp`eO`{f2etS#HFjl&maB3O%OYst%bW_s%5!KJXOZ$s zZEPFv93(&+O5_o>z>P#Z%>OJO>laf@=yHDX(~09 z9}||q5!kBTgme{7`TFXl+p8ws7SgJ8Uu52tH8cKpmQ|BI^xM&cZ;Mw|w4W>5KB4v8 zt^6k}SjsQsY;%m4cxxn>%2ckC*vQtx(3P&rekW%!fL=GCrYd1PO+f>%N2csa3Yz6t zDQNjmQqYQ_BlRQ&P5C$lEl2Y|n1ZGZFQHS=AaTQM|2{n@nNC6L=IG;Lml*(~u7tin z1&vXTu?pxEG%ci{<$Ho@C^`IzmDBSqq@aEHBn7PjQqYqAQ3_hIk%Tj8UNi-RT679p zb=rSULDNGDn*IW$plRK73Ysp3&N0BDhxF0&DQMX+iR_;Rjb$=Lx%&AOG(}$unt}&~ z^*${p^H~ZSw))N+H3K`UQ%wfe2~r+$x@dKhiX@hJQMF;#UN=VX2S5!jQjrW3dcYs~SHd%XJ)lJ@b2!Y%yG65`l-CrHF`yhzkw)OEXuH5|l<

a%58;Kjl&jhsRN|tXl&)B9W8@-IUCQ_S0<-q(| zew3aA{SZ_G0Wxh305g$bsfA&*EE4)Q(0`ibu`=2*M$J%{YJ6iMke%u)030;-EE+G5 zu$y{6-x)Z-`}}L&3D@rr9Tc$8rbzBN?Z}<%dz`1-ykqSh=c|7B;+}SQd7aGPm{&6G zJ=ZlG`Q@jboJVot?C9+76TV*#S(NZ#TSyB}v?N@YIO*WjgqHrX-hWM>@n5BymD~DK z&89=D*>}BqNHtSP_w@e$R5Rt{RI?)Ue62pyH@1>n*Gs3GmB~gjl3pM7>9HP@@1Gvr z1j(#R%ekhXc=yhCm&s{wY-KexT)vmO`mlKue;|<+O*WKR5}@66`yo&&3dcSxdD2G+ zXD>BO+bQXWrMK4R7_H|(>y4xM;J~$L5?ZRCZ^qLbvtq$46PyPx)lcl47yX(FUEKP% z;_Po3tG+({>Ys(*o&7t>o!~JV6_L`Qi62~#EUpfY7`f~nFU7XEtn)t5tQdToD4{6B z$4lB)zG8W4;hzfsxIFHB(7Thq{Cm0e_Pd@%$oIlWDylfRa*S)xrsR1%a)D*4!cNZ22GXli&DdX%02i3Suqpa{(C4shz_ZEmL}|9$fu5Lt{L0CUn_HyMNyLpg^Yh+lc$v)%X9usLf-qG)96@5F@Yqs^fHTbntx$slB$)kw)a8&A&aDEHisu{TYK0Y_1<^^!; zWjB)%LZ$O4>F!B|-#FP@WfdtO?yL4r>D0t|uD($A2WI`0Y44Cp?@ru&mfzl zf*N};30#aN?I6k#skavwpj4)OexL>V4wksp^AK8vc52l?4D6hMY4jc8d;^YUZl^P& z;J9vsfzlBM7Ze%e_tJ7sPQAI1wsRiz@%@6|(J_l**Z+O|XT41uih`tP4-WI(HMYE0 z^NQe-@cOKtO1H?FbKm>)_}BA-U?6BLCLxj{5G$ z-F1Y5*8z3SbJ4VGlleviETbi)Z}CaYIY@YF-A^#61ck=(phSJ8dxVOu#4r?HGh~*8 z5{qc2OQk$Fjw!mNM=I|T9TC++XBi4{H(1$au}%mhvtQ6i*Nz&gEVbZ4g+0Mffa2Tqc3%HyAe$ z0o!J_#&4?K7Y0Dxl-It5{EHgDF)6gk4@FpX^i%`us}Ql(#Y(^J&b7^ey6%pP_S8|n zUgTltn-miHRa_s_mG$O5f+Zog-AAEFts>g?Gzdzqgi~_~kS=bsJz_P{1?^v43Vm*e)>ERZm)WWLo^CYnrlU&d&@*Qb^fgUruS%TxCSCklxa>h6Z z=T?gVjVn{EU{^xS6g+P0U65G%d9?(?0cXD=fiU@D>g|AZB}PJpL0U^3bwon^M-ZeV z2(mMpGG8JrBd&$;ov~6&ippU2?VFM;# zIA8o8?7}uP&x3qe@Y+_zN&;1P8Q9v?n8T)nN2N=8RKBpog25^Z-J27`ipAi%;ECzq zdt%xw2Vh1d&Myoil#j$55N)zYxr_fDo{I-YcadMFEHA+9-6z`ItDoe7A$2&6=dag} zVnAv8SEfzzvchu#FnzNL(}7PjRpGYNL1QL|s+VJ%13I+C$sV>@?YrZBTrdcbBm&c> zC5#ZG)9;kQwr5+KJ_ut zr3}@hJE{VF;ko!;5ZCr&KhFi> zi!xE)IW~ihtWIsL0C}(KK?%VUc)B|y7fioJT>6NOL&FDp2ol+807uV3KC*qJ zIVsw=0^9G{A-aP^qH>;OoGrx)h><{qX#89TaF6=B+EJK?kyXI??*wT8qcB&5;XACY z6T>)gOe1n6@dhAFL3)2h1dVf%up%xOwUf=gZ?UIC$3*AXNaKcTprqaKsU2c&;aD*N z2Q{nG2r&$0N*+=;7&ije^Bm2UBqD0!YZ3j$!TCJMqsBr(1o1yXb7|o^BD%W~o~>Rs zj1~gUWyv5--#2LN0L6^MVH;AjS0D3Kv)QVtQwW`*1csDpBkF+n64QH&yl|M3hoKJ? z^IMSyo=p#Upxjz|3-%2|+Y_4b}(jn!U#A zG!)Z}C=kMYQa48(cTw=7XjA{~j5D*iVyqXsbiec5(w9^Smn}ie`Qe}h-Tw(bz2F`Z z1}TjClh2tpv%1~YBE^TdD3~(xPez^+T?RrC?kF5Ym`6Sh53EYTbt@*sN7sO7v(mPY zQ3*U(Ruo)+f`L2K3XnWcNEg{=Kj-NfQ^gd+l+bNV+0dy$%bvPzPj2<##>Q@yG<@Si@WtC(~|Yq~w2Fk?U#mR#vzO z5~95FJz%X^1FtVv(PPynbh0JnrmzYD9IKzWw)_OZoh6J3D=z)OUZxbZPOv&##(6B; z^g0Vn*O{_@q|0T@B%mEopDi$b?P`Vd4fQ$h7-{hWxxl@9#0&DrleyGntLZ3&qVTeF z+JLS6eOOmv@Pe3AbD`XI42R_QG5VA&tCqNw=ZSTSP68aLL;6&k?NpEoO2K`qO;0fs z66Xe?g%|g^hs&gJQkUV*KzLbkPzmwXGoNZu-LhC(wi!UWAd1W@ZVO<85cpihw(wxB zMlylI^imkXOG9W^VQQ!dj#Nn`Sz8E%TJ zm)5n|Id!;20NPj38LE_F?E8wsu?EbRAy#Qx)|}Gy5EN50m5u8({?S@g;@0>; zn%hU`LrZtdV29E%~)*8884 zU5N=Q$94qS>FUgj>=bSqRFM?8>Y7T0s#Lu;h%V+I7&pxctTZM9lYq2w^XzHU&g$Ii`5A@5AQ@gb-8HGHsg!&$ zz#`}rIK~s%(iVoCu>sb0QDXwbUii)5&XP{nui-P3>v_=zwKj++sAO_f_ zxX`_d5Z#PPL)TaWr<~XjW|lhBJ-43t`$s`Xb3@cz8&i4xwcIc|! zBtjQH@p>J}R^~ph+f1aOP4|Dnw^@bM*CTPA(gitqH|19Ctrp9@!9787@Issr-u@7O9mJ zs!ydx{M!^5Kx98ngA-fh<$vK1lr0`(UYhS9#0CyL5~wdaNrV0{O^L}9@&QwT&whB{ z;1-CkO3$l-Sw$14!q#0)NY=y53hAI&l7zzG#eI5BdxG0nMKU9vfnbn@9;0#It&Nv$ zka+bAHjC$fa;W3$R}VPL>ig#oKK?MR#eMVjckU8Og4NFCPAkA}THb``yE_w2kSS-sEz zH5c450w(DeuC#k%uZd z$A~J3oQENjS_Ep#iclyn&l1!3L*Rb?kcgUeDi?NY0LGB%0@l7QvW%{W0MYLQ7_CUv z=hB3bvM2(kZWa`Vh*ho*Nl{kJ6PcziCW8aBbMNKDj$OR5IHKJtmMR#T}iq2l0@cP4Zfd@d+GEqR*$T~|B){Fg7MRC`4xe? z+H*3s`w^3^I=prItCQavN#!%&YLOZ2sb@~TF_`KOVlZS|nM)PBs~6nLV^f+-%~9N) zzLjl(0T<4EcYx!%>B9(oY3N%+850>}CJp_;@AwbxIRli8AI!546w2cs=E)VC-~0G` zuRvb*=2g>;4#ppkgx&OBctpLrqjb}FLrmPX!K<816l=0U+2Wm4`E?lAzsqAutc5|k zT*@i6dnjNsNdAjK|5k*yEgMEt6}f~t{PM@R$XYEz1&Oh|K1gg!H9$oeW|odH_)$(~M=ni9hEE~Bi!g4+&mZxzjuiM16%F7VY1!=%4R0{1#*NwZCwN;`NahrvW z%B8LzfGr?*@3$B+Zl(;?au0y(yz%1>E}mkl$QHqPjg(YjNGMQR{xPUXlYJNLfRInz zXWNt~ItLNmK}j~)GZAY+2KXE!)(YHJ>SNocKUT$|ZJWu-Alp=)QIu1x+o6Q2DF9d6 zd8SH9Bn^lu1`#VA&;evx9kVnpiYHbvNw;r1UAy8o`76ahh%NKSV8lm1E#61<;{nrY zk-kC-i+a+M)&fUP9N0FqT?Y4S%3YY4mTmUV^jedu_eXZ%Mw-O`&~%a@5@VDS+YITF zlm6eNBxSh2wUEq>J?UrzSoQ=;(fNwE$9FJpt1hH;Ti$( zm+2%qpG3dv{bBsKg4FRRB+F0s!B9{5ranwcbAQOf1uI4duT*?G=g6M^8}HQnZk8u; z>IKnW9wi~mCf`mPx_1>zep|TeyuD%7c|gCK>KN>X57&N}OSx-&Y+0k*!1a)L0O=g! zf3zq0QAGuf3Hx3NU>}Z=?XmikcIZ;yQV!;r;+c?}II zbnDaaGW|U!x%wG0iQplY3McG-yo_#+J$j6grP1kO>aNP0eSBGCOylL758(DQg6wkN zS3d>JO521Lz?>m{NE`?}`|igFbWD(r30$kX`Y^Emc(TXQX8nj6jg|G$VgHaN>nF_q z;3746?`8Uq{SaCol=eJZMg#5iL;vC@6k-^UymQ;6lBcY^URHQ96W92>QRxgaI*yq3 zXf@rz0UH1BB#(JA6*n>AL0vc3_D&XQiR+jOBb6mrv#1k=AtE)yQTWn=fbmQVI}?T1 zIljiU(+LyL3bEX_6wT*l#Z#gz$YW2E@=JXX;w}2r4hf^unPCnyvx@H%g_)2<%-P4wS!&P!1e9G25_2@6aHL|{Yddorp=P$T7AzC!2@P3)NeIO= zuSVC`pu@VSau4ri3Od37_abrZ3U&{LDJLEJ0#NpCj5alUVlL@F9fct3`C1nZl-1sa z3{Y1uN$??^Q_SVd1xbdU!u@Uw+aIG-onJ24gWrLX23%8|Ai4|Veeo?u)4~6V2r^LNLb#bc z{(m8?_5TwF&9gC7i6CCFIBEY1glJ-zS6OSDC&H6pqS}7)IXP!3YX~G$9qSMY4Nhb8 zlwnw0!jcoejPw5LHq-56j?^4#u1LaQ>a;;0K(^qKuqa!I<+M(z07W2Qb)*(LMy4Vt z;(=4ZS4c9uR?iXFm+U}qp&fCz#m-0!sR@@^;g|{&;oW2f8p*m%fRXW4C9XJ@s;4jb z*uk?kjpht77pm3-{<)jtV0p)c-=og)8dt$!+n=xMreHOS@%rQXWDY@UuIR_I2VJgRP++jQHVt|>nr%j<5=oqJq{Xc=pZrdE|3IfC) z?Q`5de{8z2_FKlFkV>DKNj%w?KV8f8EvU22%Bi!>Ky@SF`mGBvYWQfLr!7@&gana_ z#zxMuh03tRt4StKf=mtJ*YaoKO}u>CO5$iZQJw zb!F*(--54r^h|=$%~zZ=%bXG`+? z;lQkH02q>N$c1j`ek*ZKem6o|;`($^i@xQKjzDXj#XZiOAsr$Uxz8d0>+buK$UT3Y z;gA~{1s=Qhw&@-8_x`vqo46fG-<msU(v|}5IZ+U*-fe=y@(cbqUgk9 zb(xRkv?rX{wf!LYo$}B+hA`zVxg&D5rCzy|r-b;39O5GcK?XqfLHZBn>Eu9u1>E4B zjP5CP=#o;}*$^4fnOt+jy_MJacd<&!Sg_8V}#I6HeZ?s>Y)gfAXw2D_Z1;@-F?JmiOr@F}szp zu4d>GgfRkeY3Lv4s@fL3{FoaC?xwN>V{_b|l|Z zEQKy-S5y%g@49?Akdu74C9zE7r=E537MSc9LffYcU&Uvsj(qY?3gBJ$2oLIem6$W?(O$pmD^2~9}b zVYFHpn7R+7xIhCC5eVibIAaLoKuWb%1s0lP6q-cnWQd1=?JT<~MmP}H!3FeXoxs#S zai9dE0PvuxY902nAB5W~!F)#JW3tmB<}6U+ae@lp*^%w0(!p7ktvi%oNrv0Je%Hf}iUi}xu5C%fzvry^(0jn+<(x!}2#mr@A=eUR79x%4obWF$LbcAy^IB_ISUO{VN8 z!XF*YNq~0kp%FDd^R<4*+840Y5qV=F`%Zwpd$eMN#}|yj!F8UicSn7&R~r zWa{mHIMXf(2|v4hY{{2Z`x=y_YL8VdcaLq1SyG84~v>1BdKOM`tiY+2&f52QX&3&tVS4=83p#MtS<_O zHba(|xhyie@SegKVhfBzI~IewIpKNDn*62r+J23=e(*?|*YSx8;}NU%=&C)R?m~VW z#5wzyn2R4>jfu*#HE!=8Cw-W6>ux4LvqqqLL(*O$vUH7OwmPK$aNmS|;~d_sPtP{|vUu>erv8F9w*KIF{^-gr ze@XaaVPzsj`Hw}+a>Zp>J?a8%c)-Id=B8UYhY-gHsmWO5UI|lUJbUDTfi35*x7}Jk zx)?7q2Nqt#XaIKOAW{{fgl00B5`Yb9sWiEZm@N*+1$p@5IG2)faJV*e1;8e1#-J+T zyfkWFg*LHW8vtSykV|-l0O6}@W)6UXphFNsw~&hJ0{t(06=ieTP}V@XT%P_l#5y^m zcKXkceu*0RNrKhiW8ckP+!-%#|M8RZ3Eq#k5%+d{aAtpb#s>7qu+^?{Pcg*g|BxYu z^)STpo@R&@KO;JmQ4BE+#SqI^JjD=87xyy6G)eMj8Dh1446)<aL`!-pw5Z8_7)1%|*Fy<2^pm*VFEHL?O4yEh0RG88 z{e%)`peSK7&>b|&?9J=EY!oF-@DwFXKvBXJZc3OV!az~NY)@0dG(ZWf?4yJgaU&N{ ziZVa$XyX$~Sc$(5j0$@wVfl)t(!?i}u)T&pN|?q6I;eePC5PeK>Z63+auUWKO4uPc zC9G?AFC}bBA0SM+ut?lrUK@C2Rpj z3A=3C(k%>L^fV>x(u*izb2FKCIpU^-aov zM+y7jiKgtul(4$R&rrhF^-;p|-ITD_VW*#_gq?kc5|#~;vUrLT23-cHo>0OxJ(Mu+ z>pu;0Q^FceL}3plZ0^&PFoAy;P{LjYO4tg%b-0D1gr)ssN?6`wN?1Hl!nOgwND$CVOhQq@Ji)onO$ifFl&}jjJG5!r-ITCOpoGnbFvGt`2{X7UVLRS&Q^L|H zN?4J3p_ZbAai37aJbNi&2?+NwB`n=d39IO#gn_+ghO6$~RO5d_3ES683DYb-EOk@D zRtesILJ3>&J4%@6#g^01GN0=z0!oiglXQ1V~Dr*Qo7#_nP1v)PFu9u&rhk?a7Sl%wOP>gourr{XS>UFG$=sAMc~BQn z!rB*5l(1HeZ-{;oB~0@aB`l4igh^5p z+CEB{fue-TdnjQR&Skr-hZ3gfqlBgRQNlE@_fo=IfsZ>f9VlUjP@sf$QIs$XMF~50 z`JER~!Zhf!l(6YQ2@~{E!nBVmVOmJd=%IwQPUNQnB`n=SQNp@D87N9vD`eUH_bFl5A5+3C zr`?n=DmU>5poD>Nw2u;2|Ckci714OTj}q4Pm=adE^f4tYmJ~p}(znXK0&4J}a9Lte zfT`#cN|@vcB}_w6!az6mm=Y%Fp@gj}O!X2Z8{hjqC9J*izefox?4^Vqc$yM+rb1L) zI9IwFC}Fa$CzLQtgvj8gglYYEJf?)ndAQa`VurjTpoD2uK{5iK=IKvS!enQG5@rm) z0HQLMn-T_Ij1YgijzU%GDR0UPZc3PhqJ$Zrp@eCxjqoEL5lJXYmtjk- zo|_WZ_&Z9N?J*@xKB()f$CR+vXDMMo7kP#fW}_%!w}2961WFk9DN0xaP{Nk6bP*lF zEK#F5L1xziCCuQagw@iIsuEgzC}GUzH+m^y=|BlHrd~L-4ZU@=mlCFZObMfr6eaB9 zV?~)Pyc`fCmS-qox1Oeir9DFlTh&VmGo*54&r`zWE{78QNo}d>Xww{^-;n!0VGhuR`pTBwEv6}X8HFhVPA9s zB}^M|*-Z)KMxV)7G*9WHgr)UR!Yn`u%kH6sedc3)LJ3ZXL{QM<$ zw#-clYkd(VY?-h6ze)+qpik_hgiZQKl&~(Kgvt9TVH)U9+!rM8qlA?kdnsX>9!i*j zX?sEm+tNb`v-~|um<1?dTb`zbNva`Lv4;{ywR}y|2+d#Z1@cnxajP@;ifH^)A^OxqtS~#sl(hP`OG&DevAOL3+@kXHg5kg>Fa0~QK!PaaJy!T1f!g+V;D)I3|OG|yS(mXmdoO$Si< z&q-bf>~_VSQc+tq$OF?o=zs#iG{e;-Tf&VRT;zyy#A--$-mB?3XS+M$;|)I>LUg<)Xa2svHQ zITP$}8RUG#hyIvZkm1A-oDwvZVk&P?k?oPjPjo(77M(6kw$mXM^8jERMGtK)=Gpli z@atHJaUR1O3HzLnw>nH=G2(L<_7;bn;mq(9w z?9_sk6*#1D$v`sCw>R70iRhD#UEkEuryP?5+Pp!{MuiHcxm-a;7d8W#N$G0|-RSnB z9Iy0qTTyZ&lf3w?PK;G1%2{N>^rRoA^=+Mj^$5qNgB7KWZg_hN#fwLh0$YcX(yMer zL?#8IeCr9O{iG5sr(cl`d|Ek{EkSyeV^ip)+Ml`kf-qKRH>sh^w&^e_M!=e&=uU>+ ze@X>1IS%A5uQCRQrKI)m_lJVfZL)F0fJJd5VV9SxVh!nRr1|;z=gumwUp8zR2dVjZ zJ@ktP+nAo6u_!U^EiV#G&~CUwp{J1qin#T5pW39Q3pd_H&5 z*)!Fo^zdG#Eh#)&i79-EHbatim&?VL1^L<&QMBQbpb{zOU|IpaKs5lxufF5v1Yl00CB?)np+{)qqH&oIt%y0H;ar zYeh{`KvcINRQKEc3to);LQj!NtIAQdTV-iHXTlrLGvaM#vCUWQ@BIl7T3!Cs>sD>(*nd zNd;Eabj)RkuKPLhyeerST?E=MS?C};hDvv0+SjBtCycSKI8*@r+ASxf3QWi7QZ#+w zIKDDuk$|p$M*EeBJ*ZWi7jf-)^`(=((bKV09sHvLMYBL>VEnhWU$%abkNCe}HJP30 zJwMg=PEE*EX4X$9?hP1bTou;+qwgb+^HJUthY3PktU>oa=tlf5PAu$t#oIJ3>n}Ok zrLDFFv9mW8xlW3f?L9Gg!#nZyiSuF^Qq9}r!x+-6)AgV`!In;QW5huFMNPpBuMnVs zb(RAAtF)6><)YYN*fMgZyQH#Ll*2Sgx_aedZ1>X1xm3^!iT;&C$;8fel6`V8_xDui zRHsC_l$YgAw;t<28yoy6d&?7Cm|LdhhKjlV;p9~UwDfK47qP;6)n5vz8oWpr2H7;l zy}~cQlHcgDE_?yrU@cE8{tW_sqht~m1w6;WfJBZkDn>$gLsUxUkGI=Hu|mY{NWGa(@T zv8q#Kr19;UP2Y-a18Whf*ltYgHuzw!gR z4gssjezHiQox%dySK1r?SQ^MM-|X^iw;X)Qq}EZwFFyfVkrbk{yz!XEcL*V5&~^@>c|N20oPW^5JZ~c0%e`ut}IGxY^sF3#y;s65SsI#7txD(1-*-l zTrQu}0fac|sw%rH6f7vaUiMq{zK-CCAb|?Aj!)yF;KiQ-Li>?@A&P~@CCjoV(R)H*3(Q6$^ z51u@^3Q)R`n3gF0ldsF+wvOaJIj6(y#;b# z*Y}`0(9HI`2dp|y*DG!f*QF=kkvwxcCTMFVL-cqz?}wT-uAG&l?wKaveCrPr21z8k z)~|*ho0=4V<4!zETV=5wAocwwCW+&kzpp$$VDq-0v^PHdF$iEE@O3id|^zaQy$<<9O4*#oxKygTR&nyX%V|Meu9cSd<=Q|_1h+4XC_ zDf>K0aMAMU$mf3^yw_HKo|N27u8R@QB_X$N*MfOBsxMY6?Up79YEune_{Yz(&VH6v zE!+K`4+A}R@U4n_?@7}q?p_+?m!&-0(A5}!c~D+sR!ml(qU*sY1*7m)tQr-rGbe&~ zt*A@od)9Tpb<+2wT`vW>Ryz-usvzfsU$S*LiV6 zh#}W%>F5FEsw!@u)a4UP+p&9F6yUQpJR5Z?mmI|q4q7!&%{s@EW;o5@_w8;FV@rGT ztp1HR&~y~s_dKU`yn<;0iU=S;cX^`HpR*0jGvM3cQ^*93n4k%8N`3+Z_#7_5^mU1l z0IfKD0K8*-d9`#fyg9QAiz3(;qV2Wx>()r@sJL77J*Z`7wcD*D#Mj!8`@}hk#P=_s>|BKN znhy5!oHQWqa8Ryn`DoTieEVOZr$dnb~F=>&uTB0TbHon}&4F~*n%ryY`}d4~yfge{P>ezHiQx&Q%*d$`FCd3S?tv6ttQ&)m%u&O97in6t7AI$`LM26oXFHlcEm5T&>R-Mbqb99+oJo z58(yolkWmO~=pA&7gwfuM4V^|M+Y!zs|B5fLAkIBWi?EgA@Oop9r z9r&FRHV%7a4t7DNG8=>lFi+JqVev#B)X_wR65Yde^(RDvE#dr8#gc&ZOAWw-umsQ zKU|fORVl=KgyF5r_FE)>o1W1s-ZQmBPcqn^7v8R8zg+dF42Rk}Oye9tH>T(U|AahZ zHqCd%z42lT$mzN;t3YX3I{qeNv%HkEjXQ?m$G7!bK>EF%589lrfpGO6hO6@LI6!t` z3s+8-iBnhq))v?Bb-<*MGRN>7Fh-~jI#3OW)Spl&+vJeU^w{IETmbrps?GJy90kdkRs@778-<3e zWorBYCDrTk$c@7oD*UH%U+8&}h_H{@ftdTA4=qAn(V-F6F(_JgEzN$V0k`h1( z>JT|OAsBX9cR~R7{P$LTGQI>fGtEw{d)-Q(+ksskxs?qZsU3jn$#LM>IQ{++3U-jK}li*FjtPLm8QP1#ga}VcnpxgB}LXE<&z%5<2;q zM-4XiR;T1-=g+A|aWINth2oX5*YJCm(3aYMB&R00K<9F5eVAX8=F2unh(G|DnuH>X za$sEZ#o*uv>A!%3kio<$(LnWR5}x|RWo@)3m6B^qck24>gF_5nZItOJ{udRrsPk9^ zc7}TD2A@hXxqzb2)#S{%rt&Kou4VO^HZtK@7-N`106EBBVj^lzC0tE2O?h@SMD4$| z2!u%^wIHtc_k^np6SOeZQFc9G+A!_p>#y%A5(aNF1X)keoi4u^aqDIPb(F(zjf!2~ zI0$&ozDSRi5adT>Sa-TyiNgds@)EzRZs!$~w;d0<2ARYie7xb!QD}$`?-qFneo;DLY0z(ZR3vEe8AM#x`k*#s@sPQp}ZJ$@VVK7SY;AsWv!*I>Mo7JAhrrhz^0g z)m%LULr}!qj_JqmjYly)RCFgmCN>C{IB8l|;x;urwWMwKyVcOJx1*S#scetkj+$o_ z2Df&E*Cj$8gOiE#%!w$X8sQ?htE7qx=U;`o_`wOOP_xyP^A*~VleOI($HzggV3QN% zv*7hqCJQonL9GS)Bc@YgtiXC);HS4HZRMD7s;?G3=wK>{W!12>UK{lTf7PE>l$WwIEpBk}Zm7Itx!Js`nZ(sY+oTC}3=W?|1?{q(&=g2QRTg>o zx=>)T7NPRMMUa*3Y`6AUHg-W|A5*2&t@COstsf^0v;(E=f(Zu=d$frV7oX#R1~G`z zU~{8Du6-o~VJQ6o(J@2g|LqrWBk)XA`Hfv1?%LX?#zHSPn7V>G<4JQVz&jvOfez|gTLm0pft;pT{8aI*{4*{!1i&qpESbmZtbxHXtMuVBqFcF-@u3AvL1 z&Bgc%WHh;l)Z?IKC+zq`0ZVU9I51t!O6fjHO2?xZxNE3qr}KI&8zKE4kxttJnud?h zEovrAQc&Lq=ZAIyxJ#A?QtctyDn*xv0NO%{TW?>rgIyz=@@*__DpN*1v24tE2)DYp zdth?PRswH`E21xSx8zeSsc?2_?yq>t+wL9RlH42jtjIvI^;4191YmBnK zOW<%(`|y;YapzFZjFFfUD!VGkOIogXlER?u3xGHl^&=|^CK#p}`;n^gq9T`HELa>r zggP)BUEk+fLp&A9D zUJC|=v2aOad;(k+A>Ut2s=RsjyU~pzzcdVNpj9MC8Vg8=lZ28K1{%+xW_OyCF;wNlFHE{@PCCT{*if`W2Oc@m zN?J973TJic)sBG%wxF;8kTnXcJ1^r123I@}uUN2c-L5DC?ZiI=*G8oq+V!u1zSN^# zDqhY^br=>KroYsA#S{%>yNYDK$-mYTxaqBtHTo^BP8yzeGn%q&9P}$GOo1B?v2tLm z0#A#fEE~1+t^)UCED(^q^2;%~c9{@7HxN$ZoftX~RnL;FfaeeNiX}=_khUueX9u;f zW11J{d%*L;FIIyH!7fJ5r`m7|Xm{`^k8&K0JR#cE1%e8_bKBF7jg43}{D9Hg6c*rZ zr;R^Q34QEUfcQ$e!R~teh^fdijA0{*52GUjwcFm)^{5OOsP!N+fzu{^FK{(`>uS zjx0A?U-8va^Cch56(_sfdQv;q3rM$XsvDsAjWU_%7FwScc~KKP}I9d=8cD7;eC~F zWuiA>#u>U~DL1|4r%gE%XOb95^25 zvovu~SF?Bm!_O~Wsr7^Abt9F1w-m&`n98`)TPgUh%X8or{lEwBjo*vvO|E(7q-%VK z&XwJ2RR9A==JdO2WS3wX6`YO`FywRJU|mbIzSy~ug`E-(O7;}noe(Qfn-|V=i?U8$ zXG*8dC;3^f%0$&g>u6a>J*CNd#|t!B5;6igPF2~Vo+YsO z)DzwZHmHtvu-CfrvVDDzb)yCa>*ger)H%xh+9QGW8pNd)-GT;&%I0&|xyhU;1|q{u z9cfMwVSH$Zm_89)cf4{`VZz}io7@?}sLl_!g!BrsiqAnUP;X!s45=xsLqtSX=LLv` z0@livp{kkggeFp;7*|nPiRa4-xC;=-BsE?J3Tp$i1zIUKBs%Stb4O?h4e`EQ=e2Xs za=*wA$a`MDlpO)3330ywDL4BKib-v`*3Nuq#wV@ce*}#VO=h@S{(iI5QxhFA8he=h zkl;6r#t1q1sY1se7%%>_Qrm+hi-I5eGHlUPMU=}&f^db3gB3Q%fTGJu01krS6OMTp z4u}L1h8)0jXtQ1HO2J$34pB7-v9>_QWGX`WKXxlW+(_7gb=EO78GaF}G-B7%*D=oV z94U}q`vKTB&m$vsQ2*e&jwgYskfM_d%B#6qJYGI1vNE&s*R6pu?KZZ3AysI!O%rLf z%^@^8jr#v&c;*eve(pW@$&xRc@}SW?{+zclJp(>mnU~>SC;iDf`~DiN_xa(u_4F;- zw-^^Dm=f5d8`K<+$gDN%(_vy*)|waZ*OE)raEwv0?o3%dsk1!FOpVhPB)Iz<(s5L#G4PCQwEwv0aP@CL;)5gqUJ=664xp}KH zVfu^Qyj=H>-7}x|aeDshS7DkOp5IN_DcGgA;S;J*1Kl@%>5O4Bc(B6vd*(d5jb?$<3CMk(&#g?Y%EHs~%5%4z||T$l5MgiiAs`_ohj ze3>>lH!m-jnt*}YCN_M@0OO&s?W?JoFi`V*KXZ?F!)Jx=PkLV1G>;NE9B+I_qs!IYp z@;)$@Lm35S0la?$#&c-2(T`xf48}WP6M}Q|R`YtdhuTh9j+&SI^nOwEXKq@P2kWQ3 znYGqEhDqA+r%wzxnI4}c)Q8mIy*@KHj~Xw7(|JJx(;FX=+?xL>)BR!JctL_EBa-F~ z|7zD=de{9??@JJjSIppL=dI1oOI^G4o(uo6RB1b=s?f>%Xk1FKm z4lgTx-jKPUOq)JljaJwFRCDlk;>SbZ9KKdJ=H;UNeHWuRl0ScP^5)VF1#b{W#-=5c z*oj+?{>6W&ZLo95tA9QGk@vYrYwC~X9tnJP=aK20-x9`N5G@?Ka7yTv?dUzx2*XECq#u_#&25ojSILn!SzE&)hfrG*`MYm1SA~}UYUAQMeXAD!a)nB- z-tmG2x<@39+DV#wC+m)$xk2_0Luf;Lm!d}0%s=urW~Jxlax&NF!|B^QiuzN|`*hl1 z+P+bq?#27YMO{7bpI-&_OaH5@$jW(xT1DT1=^L*L?KxmiR?%~)s6FjlMbPi|;spne z`r}RRt*6oYexk@T0q!{q68iO<(EAznQ}qo!dq-W3J;O-qWQ1YB*~i~=Z{6$FJ@4J; PaDrFAz76Xe(`f$>pmDY= literal 0 HcmV?d00001 diff --git a/content/v3/csidriver/partners/tanzu2.JPG b/content/v3/csidriver/partners/tanzu2.JPG new file mode 100644 index 0000000000000000000000000000000000000000..5b3ddb1ce09776a17732eaa58475c85ec109fb8a GIT binary patch literal 629421 zcmeEt30MZ@%}wzkFXpC8?@=&$;KG z^E7p zx8}6>8Cm@QXhWZ6{;Yw|8u+Y%&l>owfj?`&V7tK%v+X<0wi|8SVPIyo%WS(L=C6H+ z!B}IqVK#zyXN(^v0ONu2#LR&adH2#;kAQ#+W;on=e|=|H${9C(7m5!q*!co(hyHdP z1`h>aaCY%_3)pzZ&E507xz1QITW6!EtGSM?vCVdy3wzx>JP(BWxg85VblfG>+r`vX z2O=zAf)6$e_POBW7T~-w*yr4Nf3sloO~2gT3>?pWjoU=P`?;PqJGyWGAI<=u%s2gE zEJ6hC*|4pUQ8+;#(;fq@=4L(f0te1LPX-g$q`KipuSo4<>n=Y;@I%K43R zH*`Kj2@Ejb6d35~YIfH7tnnFFS7W_1&W5gfJ9fA_>p8m`?$C2JG;}pF-m%Nz?2a>= z{xH0&%b!NS5a@UAm$6-4aBk<^eB90l_ycY1z-_|)e$xM{F>O3u{3!mEvjK-aC;^l| zjSp7B=a0YqvKklWe*R@WfY86a$cz}^=5s9Y%<+&5ZiIt@KAz6{2R$!(o_8nuIJ>*y zasSELc-)-6ekIGlRyeT!zn17f+7^%noMX1v&&@f&Z6A0M<}6ol`%b;>M#ukX&HCF7 zw&QVsao+#%%>OP^AmCkH%v|Q?PVxJ_;*Pob{`XAzoG0PWnZoa71YiCB0NfmGtHp~K z<8i+p_dhP-FW-P&1+M$k9t2lz{5Sl49^@ZV@@I8@R@XnIfq&@a&(`%>UH^~<{-KjU zTi5?Fb^RH~yPXH%JqVz5c?V`M<_l2xoHuXo{foK3`3iII3+B&Pn7?qr!iB%Q6c;aA zsJK{h;lf2r7cE{g_Xm!aEnTu~?!(+oet+o~3ltO}^A`&97c5i+(^v{l$X^Mjub==Xy#UM@{2C5^ z$IMq=u*B5hZpg1Sjyf1?01XrHF;Hw=ASM52X z=J4I%<=R+b3=)rCDcvi_%zMQ0{7{y6o^03Ao(r7~E|6|Q zwd9xwl*4k&Po7(Tb6MElS62;ca-ZQ(q_)F#E;=&*Sh^QynETtaetYxdF*WP)snaR0 z@KmGO+ZRQb`XIB;@Ieo8mU*%O{`EXkQDt}){I=i;++~z7vOB5eM%|EQ{u!}*3|xWZ zlV;aWDM=SH=!k`sD93!;`9O~OuF*Dclx$~$%hqU)%EjCN>IOG|eNAb)-)zIn@L$H{ z^Zx5Gork$=eaIrsNYrTvG~EPt~Uy6r)@>4i9>HX!n1xup6Z|OC?zHM_e?4(A$ zi1nK#I0A%WUxR)TX1&!^26b<`W%RiM@GI3GknGF{!(Q7%MyK23ry_SQc?aqt3O@bzFq8o zQ;zxDwwd|oNkQE@O>#{CO`k28N`fk(k2?BKJ0aS#g_rM7=vg|xrC>@N)WuP*Tp zU>5&2!JvP}ZcG1(edY3h%y4m1O^vO8j7g_;o8kXabNXLr7yrTF|E?KI{*9LVPt6dx z&jk2a8#n$}PBGzsM@0C?w|@1%F=Wa9iLL*y3aMYizY3O4nSZyh{(DUKb6ov3D*4B4 z@Sl&XEM!0a#2>-+^P|7P(4UdXAJF?hfK2{pt(|*Nh>JGf&3>-FiLW&4>AUu40qc-( z^onQqYkhOGR_tUWX^fq1@>k%{Q)7+Dv^7b8b=RI)u>R&r@}E%dAFn>V@NZpkd|rly z8-QSc1mJ(hx)`q`r{O;XzCU5;Z~lcN*rp&u-PODft>(!C)ZVxP;<=J@v$l?ZU9mqn<)Lyx})DDwQS+_;LJZTOs*^tQ~sry z`oA+K{+%j3YQa}GJEVAved^O3+0n!Pn`FoEj~~i?v3Hi;xk4-q1>{g^^8W@->Mv6E zKafpyF90U={&tey1Xwk|9{xfLQGSz@|JK&T_kQ8HQrmz0m(Y0^%$Mt1;Ld@$>He2< zlVuJA&gx$=x%~4gccT9NRO3sPU(`$f&(xb0Z8Jxf{=1pM-!qc`fRWgpd!BW`6)rxM zMPC1LgU^ny=%{^Nbk*C+R^zt(Ya-<~C24N#lLqou^sO9|2UXGA4f&3(!|sxG-WnFo z>`_#cx{r>UOCgFJqo*f`N9`P7=FEWB@31FM#4MGR>ceI&=XDd1J;EkS#8lX{7qPuR zXm@4mS(LN-BU`hC)^>eBZa-!a9oJxj?3~iprk^diz??39+U%FIYaR}Zf#Q> z>#>(F3JDzPTS>4TC#0zIkS1DWQBu*#Ae~+^2_g*b^;Yf2Qv@nv}(b9eyi=g}o z5?b@-w@EL`?yu~9UwX4iLsJY7Yb=%)|MG2`_!@OV>!4}%#02`jWD zwIAb0jgZo)N01B=>6CY7ZOO6oiHSRMBm^c!3^Nw3lvRy!kJUcy9aQW9;vZO`Vp|Kp zAde&oBy!Bv9cVQ<$7sh8Rwe(c9K)w%!gb8c!|Ygo5MW^M70NNTa*X3L-=F7ArL7S{ z72If^8q}4PV%}7?0BtQZVphXTsn#L6l~|QWkt8J1srH&yK}o0UcoPlvZ<=OKG}TGU z8b>>hyoeor72Fr;F>R^kN3pcS*#7{VZh9g#xu*fK2!0IZsCRgd(XlXEKW4$JMKQ+m_2n*V{~_>{m(8bEqqhz&polE zDZdj>2V;v;98$N`C5&E*7Qi07tD)=)=sSWDlF?naJ0u^w0xtYrb?fL;#+ zGOPn81#A1VbD~D{o}vxVa##4O*|zn#Sfh2Tc-6P{a*4g1KFhv6zKY2bZtjQuqFSsR z<8Ay#q$0Q~whUA&SYtmA?+8UOe-K;gzJlFwu})i&fk(kjM?`0t&dXBPA#qv3v`WcN zQ_Tsz5q*4NZ+tz2)M-(jIBa4&i%y z2NaY@4*FWA&xFV^^lNyoNgeCl>s=?)os#g2s(+Vr%ZcQ@;?RYMFDc8VUdRpsX{{ro zQ~|9m+40o-HY|ld6`e1onD??}0kNj|p9f~SHLM6!U34$KGCYW%9yv_41ozb_!Exvm<%ErPCDXvLbAzT{;MdL&G+0fpm5jjRMbflRjC@7$# z?bfGno7B)F$}}5|c*-8o8oX)v;~`a^a|0zSa41A?Yz*q}T&x*C&7h5vK5{^j;*p(uwViT(SpYtp{cl*l*U`( zCNv!x`TDqF zMpUMa(^*msmC{X~51$1Y*O83yB#Fy$`oSM%?-(ITtKdxfbRc}}-Ee@9nUC$!!c#sY z0s|Y(fD>PoaKu@1%x!Nu#?973j%iOwl^o(Z*im;`2k-TH`OYQwjG51p*IfR?V!vTr zYtB32bb+B2>If^mdY!{-OLjYV)b>J*XHYn_noISU>_h6RY_qYEqxM$0PRh<3e@2Jj z3qI|j)AHZgQI8{WZrf9^8wM@Df1_ROsXBhfa^RGT?MQ&%-2x?xV^_ZHc&!7UoPrH! z>Q*z|zbx6CeY9kT>1mYo@T7H5=)yRO74=}#F}Dxmpbsu4CkvsOW!WCMkrM(6|E&?b z9C&a3P~E3zp?4uhbCS^$%bx6+Q-i714i@`&#%_j9;OdVlrRivk>frlk>V{r0z)8_dbFR`*iXfw#zY}es^*zHal%FhJEl|_Nc1l?Ln6G z1{FR;)Y!?}@chS5uY9A&y)S62C0Ar?55`MhlEReu7tJ6}WevIeJjC1~Hr#&V0|(h_|7Wifg?wDXW2u^D;spN@`Ejx}>p7J0p^^m;)~T-of8jHERdIyB@BImAy3l zL{~%`$`*@^2R)0fAM=bSRv0&ZeU)h=NatgwS>Mdx{^4<%3F|)F9k;$S_)dAQ$L;G} z?V5y5HP7o3>kmQ~Q+YkQgP5bcTkAw7%etRS&8nU694WFf_X%=s;$39;{ zckooz-S+baR;>jkP4?uAw+mbvp0IFv$h0w+gHuKP1|^nFQq?Y-g*Zl%}J5ZcL1 zUkO(i_&EJtf`V}=cXmiUbYVW9yENGUP{b*b>a_sL2K$&NUHL_2WwE<@7^Ep*juvyg z(F*aOto$}wFzH=fOEVfuJSuf-8p{?mWIc-cDW|<7Jk?r`IgKW3F^BLkp@DSiL{_Ok zpL>lgX1qlgB4(|m!hHIk!WODqV4wnkB1BAFY0BO23Y%qc3S@|Wlu3bq3+4Y5IUb%!CqJ!t{PLO6%1R&TSuEt zkw)~+bn=FMYtd&!d>a(hcUW<+#hLfggNX0bV13fHwb+$;rczV2qa@tbP0gB&H@gI2 z#yag#bMt{RV=A^tbQxB9h~#&_#P9LdK=KYu4Z$yn61E{gOk6{mBPJlvcDKluzcWG@ z)&1h7Xm_=uOmS~xPjM1@I|Lr*qU~@d5afI2%0T)CWPOd2hL;^yx_PH~?F5o*(V#8I z{NPw!MRUD4ZrMlFf{Q^IWe#moc>XZQho&txFB0BsrRz~cQfnWy%`m-M1kIWfb#@Y( zTOTiTpgCF!aMA2#G^~fvo41mtiNJfCD3G8?9<@ACAFDVbs93OfGdsEssV--;@!APW7PPtYDNwrXHes0La z=S2m@g}Jf(K1iPk5|m2&jY~aR*L0pD zh~-a!FnzigL;^i%$-q;9X~;2^ zHs3Bc;hR*GmLs&miRr`_?VY6*Pi>COe?sei>Z6AlLrz+61D3B4R27Mf-CZ7cREuM> zt;B=7MgW2dC29xv6-)M)^O@}s06JwWrNZgK9J6#_`@pmu^SgIi@A8L&30(i)8K!%D zef+c^Fo!qanMLb@lg`m^5Ws3lcJCGK?pD06CtwJi8dCG$Wt}M~j^%gq#k+dICNzLL zEww`-Izf-Bi;&e;Q>~GE-Ez!w&RisC3xDw5DQ0?rNKSLTIqz+Qle5Hz)(k7ng|P@f zs@*%|<7-a9zBq=5tCx+n$uVO*>EwN-2V0&kEoZN!s&_#Vvq9GhnzRNx zjhE>}G?QbOAWKLqd(cPJNs|05Erw^^CG44gM<|N05mBmfS`QeD$_m2HhABtvG*h&* zDe%B3FsC3icRCIo{m%HwGcu~mEH`yw1ea|OCfCvTqb*6OPKz8<+{EsmmbpvAll9vX++=V9<{`ymyW}Sz@J=Ky`+7_g6$lmkTYcDUr~so}#F3 zZWUb#xnx5i>&r0`)zbyV5t`+*~a1^58QPPY$H1t-8y8aAF;Ur zc6UavP_$@{CGa3Hn0l~A2_vm`Z|KfxL>77QqVN<)m8mz(nDOO+=}v5sW0I&~VR5EQ zRcxUyCwZ)30XHL zcj1X$^i`g-HFtc0B^D*#fz_)^m{V^KWX2${h*HH?E;9{oDxcL$NRn9MNY)b)uOeX!d=fyoh$ZwT;#S>wR#C#E>M4Kmjg zls*x*M|6*tio7c?5;hhl?ivZOz8BiLyB5!#g6AU5H|pAJ1Y+I`PPr-MsctC_EEch% zM%G2R2B11f8TeReiaGhFn7dZ$idYLJr}Bk7I^k=CviDt} z5+clL&L0X3i=ofaRSgj6rY^D&ZIJ?nJGyvL8|tUfh)f#|E|I|D$n z`z%)<>Li|;P3O=rg_>L*riNrm&kFB7i+V~Mvu+usTKcHp>zDZ#PT*f|0Y;Gdsr?O| zZ?3UCtnzkg>C}xLC%5d88?DLeRq#Zksb;1M=7`1rl~)M%Dw{%n&#kasb$STOV?{{o zLZ~lYUbMIrj?a0i=ZhP?49Ea7*xP&H(l42_?MCw(G{$?clc8zX%~I}c^SA$Csg^iy z*&v`rey0!YU>@*Ad333Yp%^cV!;@XQNbRZufHIn=mK#dGZRAKa#>a_zCAFFpJA71b z%>c>>AvE{PF+vF!*{mv47dd9zN8t8;$ZUt* zN$o*h^bwaXd-^qY?pSPV)q3-?bnP3}J)z;%?4%2EoUg8PeAWEi>llVj*b-^kJS0lg zfi4#?mK&7|hbjwvG;*=h@1*O(D81+?sndZr3K?{;MqdK28VCp-pJ{2bYBYQJsgoQt zP<-gV(px(vt1ahm&ig`{oep=89oT$CbMe9tN+qGTT)3chWU)w9940(@BZIo@cFXRV zA&zyj{>b&zy5m}{-w%-UMJH4FX_3>1*iA=U_-{ID$4hF-@TW|&bAr&x z^LFo#oc)K7_Zu$=diK1x16@2rS{?kdl4^Lb`IT3NKkLw{4A;EruefZ4RF?KGTaRDg zx=1m@>-N{#={M}wDdW2`&klQzzC9I~g_k*LO0f8i&&RyaxFx3#u=qthncue{+U+=(YwWieTW3-}ff-cTb$tNo|!WV=bJl z6?cz(^TzaHnTqWG?-mrdC|*T3Q6V8MC+!nWU(`uY<9P?c?hV6%dPj9bD7_rzpBQSd z(Aw9*uvDc^Tq#N#-Xk$@lO99Dx=RgDG#f*!?FV+|4Ay;BP=KTOLbnFg;)>}XTsD-~ z$-G4q;u2XNVH*l?#_CCS474imqo(z{fN%}-ofXh>j{kxZUyiRv7&a5yi z3aEW4Thc(j!xoa5$To<>Zl{aWg`mY28%v zUcLR+_;wt?y=thaq%}wrwX-dUg(sm7vLNXv_{(4z0MPQ%P(dZLeZ7e|0WEM*fjs~Z zVyWg^t24`5bw`|sWJ;{5kVu0rqD@Gwj|xj=CBDIz4wSsaX%@zkKGw=HHk!cOjcWypgT6Pe z4ZyAZW*M&-pv;D2O2eE(4~A|YvGBVC=teGEco_J-2)^yeX(55v-CwD69V?9Nv>%G& zIea7<#Z?Bave+7Ov;^L@F1QC^g>6?b;R`JMn2Sm_JfoT+N4l99eMDQ>?(*v=TRY2 zRGDgP{%fn2-5EL((p6)k{wM^Hw$0Y*3Z=-~P&qp?6smZwc)HnGSA9jrZfpAyzo8M; zRhHlst!L4>3fASdZ2RkAq+LDFUj0Z_e;l5u_|6TBX97lQ=pN+O}fmA=XC zvu_8Znd|Ge5mr;70>q{34tY`KliG_dGa;Mf({CYfxci0<32~K5%cz8~p^uxseq8iU z-zjWpXaHY#jVQ;QFN(%&c^Hl9Cu|Mg-_Kz$qgr%@=>mq-d;Rj>>n0oEX8e!%GbAak zEL4uUWF;jv;4LJYU}lS4uNm>yP>m3q5pk8^a{WB^>fo}WSh^BxZ6O;NOWR?^q z-4od3>02wCE{M6dJE$ME3rUy?IBYTBTII;d0hFJOAp&B2A^BQB25{XG}v6 zyQ+Dk85YsC$gLS-*uM-H!F$ocA1Vk%V_yd=py{Z#l<4talE0-nr*%+m`C+W<-fr0>VXRVp- zl^j5UpHqarNh=0ARgl(n9?x^uvA=!fT=vxNm;-1-?+nc~#delE13Ut(%V|Ovfm+ji zu(6{M`;43^kZ(Q&sd%hyeg8U|+x4n%15kyjH}m<=mUn+hyiij?>-3L$FIjmzX@Ua} z_TK_dd?j>_f}CP5JI_7~Z5WhHu@-asKk4br)=qL~K$>t)OU9G=Gk}-ot(oAJvysg@ z!!g3ue8L@(d$)T;{*B!ZjlJ>11&}b#iHJUj^bhpJ5}^=D(d?>Hhli0SN|(gDQhS1% z)GOQ4S01nFRTHK|{iy#d_W9FJxc5!`2NrL}qGpSjzw^;zZ4={pA0FAI9#b|bplm z_ZOsnI5n79=6X#W6QViZX)Z!1WcJPXu$5*zqq;lDiw9oNobI^0sHbJ;F`-cby$(c` zkQ2w0j;0aoq)#T@YQ!2v5)Jt^#c za}TNvd%d>CsE~eGvJZBT{RlF#lsT6uYlhV+fq(DUAiPYjVt4Qk2uzIije`W$QTVElFDRR8H7aC&!Kf zKbUL1OW&2z*@3ok)ScCq+pe&c{vgNHlFp~EbYq?t|8Q(t=W9@3=$_UYgM%bI<^G^D zY|b5YNkY2KQ;&;&dYqr?qLS+K>HSQJ)7Du9zU5_7EUGb-vc%Cza0qQ}7~KZv`M@o9 zA#uPs;i)%2mVHfo!&^i%2&P+z+^dw9hG!mmE9DN?)j1yJH+E~r%Uo%0d2uswbK2^W zeGJt2T3B;MfL-B5P!bW6)x`-ZtR1U9%D^7Hg=htdvs1_#OVv7Rh%5=OLm*C!?{|`#mer?^vchJ{wv2St2hbHyBk|%EA-xi6UyJgpqAHk* zJ`^fWJaj~Cv-h~fvTbx~J`nM7RRsESrfe!-;^yh3CcMZNIyvg@%Wcd$CP-xZK6&j; zQB$6Ie!8K%CSV4T~7iRO}@m-^apom=;<5HKm(op&I3Jk zw5|5It1JOkaFA-3A?i;NC5d&V+2uQ9!&5#-`J>j?p#JoBErvDSum^CVeIW@CEBU5A zG8C5H0nBMWUXB^LuJ-guHUaj-Kf}66eW%$YqvXC_xa&n_36NApr|U6&%?H@CK*)@K ze4F=1*5g~No|L46?u|!ft=f{M(p3oj6zrDOgzZBFrKTymavRk}^sR?kVw#KE_<(QP zFuS+_(Dme!5U6<$1&Of==+AI&Yb9lsCvCSd>btZkhXz5R4RoTgg>`;(ng1hScCvOo zgQx?Xfy_M_xV<{FL8+p!_$S`d;e1`3!Y7_H{ZuQ?_{O)!MR8KVjV+6>m2hVUbfm!h z+8+ASE;jY99K)7lUL=tTmB;E5RhM%geWgUE9YZN&*p(=ko!ehSZ?_d&6qc5Xk}6K| zMgC6K{JIgBpMv}c-+FyP#B&Nu(6{ty@i?3rUnk=wsfX7J1^Zh|OaUO;`<6;#S!RLs z)x1P?HqSQ%J~zi4hX7`dMG#pI8%wqY=T^6-7`2qG?#OS+4(uOV`=ULqXKm_vw*IF>>R2bz$NXdO3d!4clw6Fc`*6fpO>e434csLLG}RJ?#m`xvy3iM zJoGMKsS`wYA1q+lB(EmdPyRSH=$yGf+r-o2ap{rqTUo|xXEg%0X4ViNm!w2-iem4; zkDO{B4<`EAfB3e;HS)yPS6=I9E2}l;3E}Hv>}rqgAC0{8wa#UJKk)LvE~)qRX0{t^ zfs=kfsnu-FL0nzof&0pr4hgd^?BRYKAgBKh>CnrVpQC(JyXDnTuMeysx(-Lql&)vY zW(kh!dY7H1_#A5zN$6iZEcKfZlbRDxqHjbAna@6?Grc~Ae{Z^V@#Gt?J7^sNw=!8% zv@pfq>v>Jb_?}%{%oWU~#kN{nJx!MzHna8!FvtYwLj* z4A-|Da=NmtNe`%dNgg@XR#Jd3Ica_OcXG^)sJqk;j%AWl)ejRA8eW(sIKNYFWE9i4 z&4Jo2*^V22>f9k((ew~GGuv%HTB}}sPL3(dp|=!mfZO`{X%+pFB`P!ik!4o}9g+By z$_({+&$hNDk|Qr>+U*Fx%YXy9*30Aj-v2yt_<^bZpdPENW!LRb=sa3O*&?A$L3MGq zMWQu1sz~ojU%v0se$`dg{#$Z?mc%dGw_@I)K7X{%k#`w(%eEdl@-diq^82rb#P<9B zIEwdP=k{{aZ9kkPnSuVW}_^y`z zkvP8ILUP+gcb3RYJZ|}v`i+n!CXc}afo!uW6a*m8&?lc`)=h!;2;tb%xdlb}CD8}; zv!6Yj&}5iGEtc9LJ0m0uX|J3#B&LmoRZnAfOTvn=hIXaQVLy(q_$tcnbAVGV`)Ct& z^l3laet3KWJRdt3Z-F!F<)MmlOuSlu1Z#Mbf^4y@UhZ~Q+9cMRczC8!v!nJTVs=(=kJ6>Oe*28C&mPijb zNly?WGKk$W|C-y5W$}D-8f3t?zF}qxg;3OJ?n&5WH3rB)o2({xm6+bI?nb0~Yv~l( z9T2<-mA&ZLFiKA9oq;E~br}VtrVuOU79gspr0EsRb$V3iR4Nv+7459-cCTP7AT&V@ zs$MKiyfa6eeehP6Jv;!MJ)Qm$pxF8eC`daLjp^b=q5z*br`Fw?YrV3R6iT@>?sGF6$%20ex0zU9`zjZ)*60X(G79>TOiq=?5Bpi_ zBxBp8b@WM(xs$O;Y6*2-uqkGeMBVUyiZDSMnoobhDSX(^{O?BIL&%?Z{bP`PyS2PYvXR zT)a4&m1v9g01ZFWzO?{%y9JQ3g!MFT3P^x1T>!zq`=g>|tT(*0&C6+nXhEK@?758{ z2{$~g%tfCAe8$?3h=fZk*el>ObWs09l!W{PnkB-rRI#HbG1@vN29#Jp#9%l82N1V) zx)OfR75g{#yd`Y>NY%MvT(@OpEcM09qC$yz!dQ}|?&@$){ICcViR(x>nVaS5N-0+2 zO9ge0%YbtO_eqA=X}>GmA^isNmKb|6OC~natC=go)=SrgaCHUoXpvJ044&Hdg8<=x zgWN#>hE5f{%BT?Tc}O*4EY}ASrB_g8M@@0O3yT|f7XmYT5eVRnQrU9sLMcf^ug-R< zVz(C+#OP-WqIQ;%#k6}AY?At2xCAUC5inIUqfE9kx?F04|}1zYWe2qxF7$hbo@B>EX79Jszr%XjRqyE#roJZ+08Dat*6 zLR;2zJFuGFZcK#6`jP=R@xAddc{$z`@K0CC1=wn0*%ptTp^2H@#mmZGmG~%N9varlxV8SDwr%EBvtpbOeRWh#M_+lH{0!1HgdDty7|T z6RK6E*l&fDD9~<&nevD>&^k8cR0 zC0zu%aJ;j%q9`rv2d~>cSo`+Ce_%fwwFM@ z-fF8)$(|kn!()?r(Q#8e*g@(L`WEW#(UFD6SHdnK=cGqOQ8g)A$VU^YlMjLX9Ne8d zTZ*%ofWW581(-JbE@)`rPNlfdz7oAQ7{nniH+1*3va}*9iuy-XeVqlKc%D8qoMC(# z|8q|~dYYq^;@}6jT1lWPcp^IvN=PI-Gv0J;b5aB;Q0wUYO9 zU^&G#kh}*`5Jps%Vcrqeo(f*oNLn#CZM%B#w#{UtBdADMf#n3#nDIO+2nC3%wR)Wr zYfAbYA13}82^8|Wr=lv!DpH*ABK-kUKtgV$o(d*Q0CN?h6>Ck`=hscc<6~mjus$}I z8W^4-brHeUOWBd^MFiFM_n?e!qgvx+Ad((+{NNOx^2$^zc6V?ITfcJ`aBhi7YXIh4 z2DvJ=HFYap?GnM?6EtSl-?+zW8>Rq0Sd7{bK;?}hPS%o`$a2RAsP>YL=xY>@d=FKP zsZe(m6t&>+>=7b?=c``!0AS2aiA4!O{{3jXrS|Id(eWirktsK+Yr7DRnr7{08qYgiQWsX&v8#tpDu@Tgn$vR~1|U`)9C}C4MohZNm*K8dtm0YW*@(1( zqM8Tyk!w>=Cf}#V5;bFaG7X|8XlA30mwJtfPa_MSP`}KTF>z%Z%1tf@OrQ~u92^~p zJ;Xk+SAsO$lhv3d@zW`8d%9R{hT?Fis^t=O0kvZW|yW*EFq+}XWDeBnPb$*5!EUs=(H%Rat5y}o`K%_l$eBRJP^ac zf437lK$C#@O$lA>goF!O)$BYr$H%35{feYa@3p8&?4pq=-BY6k4n_MWJSd2lkwI6Z zAsQM2PrfO;%StX&qt(*pBblPT{FWS1YIo!VG*0vd(a6Vo#J1>MQsPn1mWJA1u8)=< zk8L5}IMN&<))xHa^Ei1%f?$1HjHrD*S7;XVTSG6+!Z3t#anL>(}v zv;_8fF4=ccj+x|+Xt;&ZtMo{xkOIlR;DYkG$AXqq@kK3oY^rCAh9;>0LI$vYC*M?G zv!I{=H1)wHvi>pP?M^$T!4fm7N;5(Ay>wOlPl-Pw_JDxB8j3!%zWK2($RN3gI!x*Iz>Jm;mgIb*s_d2m~67l^T{UgQM!RIjWx>Xlo?{t+O8J(#A54cI0SxUMbe8pe3N#J3Dlo ze_+f9bQ078AC)}kJMrK{bNDT|gDLTV>)28yIc78dJz`%@*a2q#y(41F*T0hfaSy2N z?X;ySG*WzA7@d$oAL)gIC3co=IDJtxlW;?J<$mx6P&G&g?JE~wh|SddE3hND)dNN6 zKoi3Hf@Ccav^kQ(9!7g<9lv#0B7_BZFKY6mA_VW!8+#`vi$9G%$}7o@N0UF;6V>A6 z7~ZR(?`ZR=n~`H(9b;c0OUqA+&CaLysUK54O7sl@{ajj%5UmOAc=R?=+r^A30!max z50cFX{ox2XMw?(KEGVZ(qKkkG$Gmtejo6DkL4lCrja{S_e_W)Mm;-oIk{ak#7%Xc* zbL;4?zB4dzDM9LfUYEUf?d^^*C(5XrUh~gBl#GL#UWg5vvfl@ zIf^Gd49%m@Lnx#MfCmU_Lx;WM243Wpt5;ndKMh(}edkL31~1Ciz|}pn47`izHn|g+ zK@7SQkdojxQ+=q#D+xP2QCA?x6nN@3P#uNrZ$;Q>Jyh#-rJBap#>ud{<%;%6^^D!S zM)7Pz8MZzaU{<2)p17|5{Z7RO!p`Q(zmX=rZu5I*Mt9zLDWjv zJ|YWiOhVg_7ip+UzM`%{Yz1`0(QNvLbaDESs$EnyOZn7CVx}F(7p3=s?$+19zOiHY zSL5tR)wf8U_@peEswg5*pz=`8^=IddKaFaG?NTCvI^f*lXHfqmASF76CUeN%!J6I7 zOSE+zgFhmgmXamjw_n#}KZVnXI_)?hCrEfJb7Z$^il?b->0;2jbNP!m6h)3&9Oq#t zQM+ocje$9&9bZ3z2aOd5nO*4=A>4Dnj3)!kLA-{oWPh+`IiyquNmq+>D%i^hX35bk zyqoOKHam-~i{nln>@)ErAX>^X*|CtmDKu~o?D^cWa!Mq@q>1gJ=Tbvh+%#pMy_dhU z)Op+Oge8mhU_GXCiYJ6XKM@@TU@Zd4Pj zPl|7?zZSz1D>IBO08upkrxe8~hdg0fl=zgC_|(D6u0r;dh?m6B0WujUeUt$parzZu zSb*YWd4*iwB|u%HAE+*{kX>#@maf`siCppSE{2f;*HSaAmSFZbb(&w1ZE|#Sbls-~bfu@tnQTK@K5tqCeq9mL%Ti7$9Ne5cyPJwOBwE{I(E?W^b z9T4w?Rq(4d(qu`2{R2TeJ`yRu?m9BVl=eAV3qAQfV?^h*Y+?&-OzG!f&{2jr=9AtR zRFK!8JA=on%2pR$8r2Q^M8$QDXjm`Z9d0?t8wbsQPVBAq)oB~T3UngyWC;Y9@0_|} z;Ip5PRUTBf3=)LfaZm!G>4_6Z_CQA_VE`O9bT@FIm7K$_^mc?QQ`QLg?f8VMHA?NV zR|7{(UNJ@m4u!GMB%J2}9H!(Y{v{Lw%r>^v<#^-dM|Tp_vgO>!Xf|#WV`--Mt&+J% z3TE830@%H6=7hJsL*9m{kEPjq;H1eN8F94&ZA6L>KY z7WDuTN(~W~o$`TQ#@eQj7Tu}4#1mhNwax&0%N8p=82F_eBTfq^37f=wWK6=!;D^{X zR8yf%&7D9>Uw9%kGSsFwECsO8VO4E!HOQR>nY9uF>LTpIN3s-NcW()*1a@frfubVt zECJXhT5}H-7}if{O+YOtKtCZo#Mea~$6@laSVh6bjK_77Q0meKehGc#$N+6~iao_- zI*y}#ljZ=*-&Wm^g$ZNBVJx0Ev>IIdh?Oqu~~eQavgS- zl%y303a&bLu+j;Zk5FfrE+J5jL?`bENDGnqm02F3q$*jF&G=c6HMrVfPGqAJ6BtE)U7XDDAh;GMSL#* zWDfK4bgNwy-PqBjS{dmmFG!lbOmj$axHwK!ABKx#LFNW(z#qf+3fKU4Dpo704Zy4L z?%hg|!&^a{bA~L z1V80fx4iK6K1}8TlhK$>E4k=2=k}WpfSxuwdb>496eIQ!K@nw}2Vl_g=stF(Y)Na@ zB($jRA-nS9(Z=0hKBSMVatL{$)LW}wS_LKxdL@g*VXO#v`Di|O*$__{-N6a$Dttt* z0ELXi1A->dE0k?_>%H@~RXfVtg(&h)gy`Yg3 zP!YR+VWFj9#{|slVdry4c*31SVps$U`>;FjTBlMA)w4TXAHvx%TI)fV{m+6z2CrWB zk(;E(m}@DQIfmkf)g@n3H_B3ItKTE(`IQtF3BdWcBEpPCNtFuUu!n7@^+PRL(=CAvmZ=|DQ>Et&@BV$WaUwi z{F5u;#T2QfEC*EfJDK98j#k!WTzvt38dyRx01`BZfO+pvaFr}?5N(cSbCpiboCFDd z(ijna_TBz8l_RHbYbXGXstF(G@Y!u-r>Olguj5IHx&xX(Z%2rIfV%r(!U+}{qD#J) zZ1uuoChc!vs|r-xYm!qtPV+q0`&>_P_2*y#{?)^fa65p)xrl8`d&1@Q_wKYg$ZB=F zp&Ml3w=i%Te8n51QWxP+wH@bDS*uR+&N~lh{7%n+eoE81iU#Pu3z#QLlB!?@XNx7r zse22AuhZ@ZIc*kg&ZR7fjB$~0b3h+xCl4*6O~^6(ZHLDyM%Ip1@RpZA-7#XNoy=5w zJFXVYi`Amf+P;BuIMP-AUAW;pd>A=(GBbpaQ`V7&4uwu9Hl7BfmH48g(Ch&EyzIwV z<7+$b-&dS#n41BReu2ST=&Vl|x^%g)^`I=+cA}=7Jt3 zc(7{%vJ=4_O5)AP9g(*kLg~iMr@aD85ipO>1~JC75BlBq_*ROQ>|j0q>QaYwgNb79%#(9ctU$qwzbsXaiK@qU0`l_bN6vL8tU(pX0Pjug|aoc+jJoi*VMs&!LMy$)| zM#Q~~t=?&W?@Snx)&wuvQLsI!X6L-SW5%%}I`0e}BNHrfs zP6GwA-hzT~ynW*o_j@O`=1Hs)C++lWx3Ue3Ttkj3mliIo)Df}h`CLRRsw&&ygM&wk zSySM`V{G??O}jy&=i1uF&gFd{NQ&ewltNwfm3a7k)48>#_2GuELp3(`sTp6d8-UNY z`cr4qO^bC2@e?3rogW+)Yv80=4f}M5UpG%l>D}TuVL5U%wk+ztLfq{w>RVW~^g+#9 z(7JIIe$J`HMjr9z<$thKOIds8*tlM5Yo1}ozGipX5pnf`utIXfr4+$XGixwycMKfyP*BIe(- zf>&gxw|6nL=)>UY8|yyH8?r-C@KnIysR+?t&@##7ur#QiZ>3*L44k|U2e(T`mOdb+ zdP8mT_Y%j=e~N_-Ae>AcfWyQDNvlK$@fT1ogNRRGjD(4=iSVHXH+%vbG)lvlb)KEU zbH_O&{eGlL5Z0Y18=siieg@p z*i*vvxLJ3#hj!ne?5hxW_sG%v$Cji%<7n4h3-?j&WVGy~i>yj5_PD?4G!aoEQEV{z zsEB<%|LSl+wnmF}v19-+9BSY(NwzWD2ZwCo409yb_8rK1a@)m;sEgS7b96sWRl|J@nslRG^*~x&zdL2~|JZvMsHX0$ZJdr(YAL4Tg~}~fK&S|5 z6+{toYAr^jHpLqXLTXXDsVOQFB;;68K@c)PA%j+;AR;0}1q2a@+>8`80?JhgN#sr- z;SvrcIsSK?dFOrSoBqGIvu56J&G#)=S1OB;lXHHTz4veLXFrcg;;V4h-o$z^vWqzQ z2ixVTgI$|ZaYorb)#H2U<2k?bzs7Z$YiRQVPI}ebCvD6cIH64CK_Ks3lBso%k3-Wx zZBo5QZBOUAF7*5*bT)Go%(J;B)t=s7-@VdomcmhBt)AuYm+vidyX7k|N#(`7X4j`! zBz+MDsKgCeZ$%7`pef<|5%d7IGWQT`F(dm?d+Oe39>nYSwH@Pf}Q z0Q=3=WfBP0gfr=e*zxpb+?_tU8w#45c9m8pjsALm!4vXm?2yf$FiN++l~@;ox_Rmq z4WyC$TTI7{j=#!h(dmG?2rfPxm9S_lJ1%f|NY&ojTx@ z)%1i%t6dzGx^HwcZ^()G;u#vCdK#ddu~qXEv|bK6!#igyz#Z4wYf`>b{w(~4{Z%sr z7oOSR$`3Egi#M*6eA+h{{RExv^L6~q&!N>#P_UYDV!sE4CwdlOQ@5J^dLzP%^89B2 zOUoxjtwcN_^C60P51{H~%HQ8kqtankd(%kdTvsMowcoh2-};6}S0cP3g;%Y4>F}+8 zH#ThSBz+h%Y7~!dL~T34$K5hpUl4++_a`g?!1edH@Y^F2Vf2$MaEg59AD9%j-*+x~ z5rVnS@Jw#!E^sXAsA;At%}zw7>}tuG0I)cZq8 zf$gV{7eO}X&;Wnm3$(9M3Q(7%-*t(d!$Z17*H5;zh7zYIN+1<`JTltjjSknHt(x+M z4fHz~)wA0XUjBLi`BBPWuNMj=H2?idZur;T2IZf-jT406&6B*_gUI+m$QvD2ziM9Q z8yzxaAViXj@b}Qjn^`~3wM}JD!dGQI9 zfe2zB(RkG?L;RF$$nP=aEv`n>X9?nOJthvbD7H*H?^xWy+P(QRJYXajZA%t6ylLpYZDbiDB8xdRFZB{GVU-!)A?%L$v>xlZL-eQ#k2&J0GWic7pR- zUGmJEE2?imZX-*eQDqK0vDGtsQBmm_?RWZt(5UuCm*BsCj{Mha@gPR{4cGJ=VG7&d z8?5R-Y0h+uuKn}Iy%?<7KfibX6=qetchmpbz5CBDug-tP-0pVC`gd4jyZ>!g`j&r( zmHsc-aE1SZ4afVJY`A}gv;3Fb$iHIe|2qX#{~osR-)U;zjmUpVIk;$}|92zuZbbff zsfc%LQTY4fu=4S^Sbjzab) zm9c+!c9wf!2b_943Wf8gY2|#V=nh;C{(S`(s5(Ud!&L|0cNLd^xZ?5+Vaw+(|4`Ls zJCwnGYFc=h*!hnXwxD|Q|4?D;OSg}Xx%Rkyd;qC>8I{BQLVho!%)3rk6Hynd5dE&i zWuR)sRoQ1#E||OV;l%(z}j_`$^($&=f-Ua|*ruD2jzw>(fqtUdn zb*(@#N!1uye&0M*&6_qEMrGM}T+;1;KjSoFo8|te)Q1&@JMc<5F=}$_4?}olVaHr; zKgQ$Z?TZdcuoVNn8}feQ%P+ZZ1wmTW84SX33$4E$&8U0;}z6!2INgK6<_shHlp1PPWaQ zzg-LeF>4cqvu||nX3G{Rt_xM};_NCPzioGtH9MzLlo8>G>{>biVEZOK^BE%LT+MAV zF>ox%*Bmpx6+Ryy+hgD6#|K!V+{n$Q?!c41^1DJJ2 zDfJxp1M&(c?WIKnZip?|(PG8c(3OX8B~j>r%-6!&j=%S`!S^K!AhkYCVPQF<`eCU1 z$W;rLXIf83P^zZ^DuU(`n>r>%j2bW;cXO**w$JJId0V<@c7uX#MM+(N5R?6qLVnIn z`34-%jSX)lJhU<%@bWFlLLb|;;N^b2<-8y)QWEc8Y4j*ss;^tGI>8R5qrttkpy5DK zJ%+}T4SAn8A3y9@eeujia(U*f-JKNtUi(b*TLzXFsTBr_op>~Iex z|BVjz4I(yvf!r+{-ie-Cl!ySZ1{kaHuJ*9T?-w=KQ%!msJcw&l#?gw3zVoy-4Zs%x?Xz1j5q6p zp=-jl;1>RVUTe0LB4g(c%GHh~&nGSus@Kqh6pk01_uPt%-rQgd@PKPz!aI;(%T@T? zNtFpBSllAZQ-JGH7RWDO*D`^(wYa`4q8YUf8ZkW=hmCcd_bV=D^gzc6FtET%>dQ`X zQ!QY%(C$)WS^DZ9G)d^8OL4qtko?G#tVciI!^nKtZk0yA_H9ylV#f!|629?%VWZH3C*G{{wneya#!$>i<$RwRo|+q8jhMM<(qgj z_dRGTBWd^<0*f$1q91wh$uo)gSnsp7HA#`&Cu6UZ>u&`%-~FYnXbWvN0$l-0ws6Y? zKSp%7xQ29&SP)$;YLBKh+lQ+W#j2s5Q5){uDNS;(M~78hAaABXlY_SFz|PHP2zf6^ zqyrpyH;8vzYV+1_)BK5SqF#;V$&0IwV%629yeiEcm*pbQw*n%Pt_a{8PePlhGr>f_ zP&Wnf3rW>Tn?Tzfs#=5bYq$mI8Qh$aB;BUi$v-PoNB%&ch=4Z>sUR%`_!G`~z_1e2 zo}gtDc|kjlgFopeP9tCJX1X|~AaX>VWYycbNLeh)5{pj5wbctmVv$VR%{$d)h=oY? z_%ViN`if2GyS?Y{yCxbw9UKGgeZ)c06oWX~#2*vyALaB;&cfU7Q3xjYFY z4%Qwe%6Adt(E@%IKb~fQ_@Qmp%2ilkMz!YVvSwy*h`271Yyy`a-?30*k-y zOIXZYSMc_Hl92I)lwp6N>D)-u$i2=7XV&R!eqgT-;-R&bq7) zyvR<|NY5+q-Je#h_h#5o6#fEUJpY3V{W_la+=)m-$y5UWE~)PxGS>1q0s4Az-JV1$ zm|RPyy*#>>h<#@GlfBS5uzBiUDXk;a+lMS6O-?O70j=y1)B$6H%HLN{wTXEION9R) zQV<`}iu*uIR-q-GkmlWtpzK=My@}ZN?3dn?f&`>Hm0Lur z7A17)Vpft*oYz^P1`b~r%Bk`8oqjT}IXQgbWC?lys9TR(BOPBq&B!NIEtZy^7sRfA~hnwBmjIVb=m|Kw&P~M$QV2l#cs{W@7&CKyD#PXzZ0B zYr@TI(!YPBvx}k355_;VQhkIqN|n%AT8`aOeZmOqrq__>Vi_Vg#p3hbyn^b?p_y;q z=#&-%b5Ec}0<@1Nt)1@UX;$Z?F8?LysOgR$CoSFEiI-mVXN>PpSfN>^ZSW01+Js7D z1yarXfC&rpG!w`!9p31C%>3;6ByIkXnZ4YL)=^h}U`$e6824)e@S|8Hy@Ce&Cl}Cq zCy2c|vNvOh%3ckuAu4~S9!BWKCWNuXc`~(IsJx}7-QwiA=)iCbmbXC3)I8a2k?=*$ z(b`|;MeTJ7a9{L69o>#P1Wg~S;)#J9FR6Zkz8?I2X06JT^+Zdh=qHN5$a%<)4J-9| zbU&-TLl|lo9cl^u(jjzHXrT+2S+U`n|F=$Oon5HMrkBE*`$))H zda!70IRnMJ(1`=zH!I8E=q&Sxm_-J*dee7v^#9Ufx7hx$@iv9oo!~3|&!?xn&c683 zOVA5sgP^1d;xckdS9q~Na6ewTM40 zdUd!NQO>W`H>?VwQK0z?>;or`t(vyrPK{(Xvkdxi11ybL9ckQ+RIXFc%C1-HO*OD%BEh zGmdR*9yWgf?H%5Np6MjCezW?%wr4DNe1+glnWbDH-O8^-55MU^D0BuM}p< z*ZLa-*@N>1s>iQY$V@5gIr|{jya^XT(ecpKo>mQ=w*VE>)+9ksswb^b?j-8;k1xt9RfEnm}V5qF& zN8e*Df3D84B@NT_m_j?CE4~JXK)7X6*q*Cgq9Q5jkA!VsEpgu3jV|<|DD@6IP9+77 zxdE~COkXd6__zVV!*6tsGx@HOX*Zenm@(KI6-ETSJ4l7}<6mG`B~MB9MRLs(T0n85 zG#UC6Z$WGi6xS82GcHpDT(_{EKqe^TD>xPZ_b1+2H=unmmxgsJwu2C$SlHPad@(u^ zx+dTWo3)2O=nSd2p}7j}f|rTP4N26tFy*SITNAutq!VM;-UZ%)kZ|a2u!WZQQM?pB zaSSL&ho11eIi542(XuqLuo!Nzq^SIK3wXG6u76S)PkFkbNTw^zzHl5}IL$p$tZ*G| zzm`OrOp45)cI~3o+zeJbQLcf-`;e;gVVKvw-2vLYsfUqsT+H<9-{{wBX)pG$3hkJp&HD?ZAsrub`YMbL)P(Z7Z?X$fY*^1t`O88I>_TdUXrKqDr7os#7#7|O^yE~2O zdKh(!nRye-xV0|akh_p&5$i^>gZTV9&#ZIxYubg$e*$WwXFz>^*!Cg)) zHXYsPcg!#i$ZN))t+Pp!%kZesZp|_2!Se3QW)Zm&H-_!Ym$z5f7eG_~fCV%mu>;JW zbUPc1Bi$e2)_3Ij9EY-Fg9g(fZpZNan?b1y0@|~>*r7essZ-lFkT_aKpT-I!#+dLC zve?;%pk8{CoDxdE$x`;Y6{!$NL_w2)r?;6&Gt*IFEIF4e7wo|3S1bKOl&zAAd$-~9 zTGf`G?DiGsor9`cWK)0KGu=?x>khWST~#uO&hHn=6M{KLh_d$bR2v);*q7G~Jpp#G z`*qtGzSc*|Jg!%-B=0{;6PVno)2`WY-+D9)1Db-R*rgozZWp^j7c=kAR<7KCn_Zu9 z%6UcX1b=>grg{Trg|IE*J_!v$rZQS&6H4u!uuKArqV=gvGtW4K+WADK4(bkTG5 z3V8~bOy=mVnlHe^WD2Zctt7%iUO5w^*ok5Rm}xD^nXxh=`T4?DkLsp zAP-M|dnqK?s+ClDNyQjh39B#_Ed%kyy`oqLnXXt^&DW*wlXp~4dA6V9Sa3X@QaPrA zw4OQ~4W|?m4u*5js!2RX{ciRKc@MWeAGA+mku_lMCl2_xJZI@gQy}7a>WI%5>JKPy zGoq>!MfJosAR7cGGn@y}<O#hDA_NVjSY#YmJaI!=ZatnzJ|DtI(>XY8m`Mvgmlk zSJW>u9?;{RXy-xxm56Ot>t^lM~a+H-W@Ry*K@QU+dpMl}lerNPz;_dOtJ z2P%;iej1(+!z3KFNr8wfuoc3u>TfBM++3sxts;q^Qg+26U=~l{H2eimw>i|s-M87U zNOMr>Ho~*JmOj`Ehh;6%(k=e^9WB`LxGr-=Uwqkto9H1%@gt+_xuJdG+`t#S*CkpG zG)QzcLPirWSFr-RjEl;OFwcDES6D>8E1m*rz>i(~+Pb{8=l9hb8Xm{{Irmya#VV$k ze1v1h77Jt3E$-X_zw3F}kGGcslrqoOtr(pD?Nud57N~M&(7O$X5y=hb`T9KxYzcKq zVEa98Mvw=3EfC0n1eR~5pWs1fe#MrT5)GI;v1~~vq9WGv4V*XJY@e?1Z!5ArD3O4h zv`7)|*q%LHpR>Jv_CgP@G~@Ou_4#y2u@!SQOLjYy^U%j>aJ#B-ts#keODbVDq*|x8 z$LQV2IYUuVwxCm2%Lty(w-4WXeqpdX>mOsxtM+|?6wpc1B%kH$bI8IF__LL-$Fv9Wlr)}PQ{8bu%lyoG#xmqe z9V_VxAc>Y00PolIZNumiQIPmLYL zNpasJ=0MCTAmT5y;gW@7QwG5{0eFc^n3jA>m74L0@m^v(~Y@Z5x7_kfzHkAO~ z&yjbvNW8_$h$j`-Of zMKJIp$VD5XpOiK`Y?i@M0cbrMA!$Gywf=)LN3JKGb5@=%kf!E#=f*hO-1G@wY*c)S zIBKCK!SGKbf_h83&(TFQOHeUChBm*#f|0BAD1}r(9P!*;#ugX7Dz75pxe@b%;_?E` z>#z!cEvF=;yFd)B;sj7K5gFUX+11E-ni&~LS)0@wau{ZVBDY4hV_t2qw;;kIot72? zD|c*&1Yx|;2I&91YiaY#bS0xPUJkunQ}*d$+mXr5BL{#hXq^SDs4!LOYnvf{G-9ZR zhHoVWYl4CQkWZ2@ujm7ED227T=>idAMAOSS^ViaHh!nz^cF3k3+-%nepl{ zQHKFUK?YkLcZ`F!AS@_u3^=CCk^96Egecq^2+uaCAeC0_f{_UywY7J(wgxo}po+B# z?hLiCFp{U)&n>%&6oge%&&^ClLvML_(P(t3>BPm}a*6e1n%(h|*ZA`Uq!5B-jcC-F zKNG0+Kg?r3x^XNbT4gRq2~ZSVKqm~+4``)(WV#spNHBmps2_>{+9fi`xYf|8n)bDFGf#!&10(^hd|rJ zF}uD0WY)P%t5{Oz?J>L!csL;_fTf`6gGlsHzw)PHAtyLOLVyl#V5w`+Q*$nI z`zH3b+d$D&*Xyn2#qWfT?lglaQybOcS1>!&csKJs%<(3+OSGrBq)~miTi>p0GXz#J zYi3jP1>oL=lSji7n}sre1qnA`#}Yy1bdamBCMtdWs?$v$l-_4or$WYr{iGyWW2TkN z;cHfBw(AyY30$# zf*Q|KI>+j)>~#W2d_sH;3#RX~Kx2Q47h5Vk1qldSQWdDskmS@#e0hrlVV?Jpuen0^ zLLsqOli|*u_NQyfzO+%z^y$kBx4T*VSW8H=;0|UcR7fERUEK|>&yT43>K$?71THb! zIYgelvpK)a^4P+#`2$n)AqUY0gk0#5mX*YL=vT54b5|47`v!w8O^ufWQ5uo^aK^UG z%%JJ`R-?5bSvn?JuT|oko(6fs0ZX&zE@_YYMYmCz4=?aUX*{oL&(ef3WL0y=HmG81 zOT5JqY35*pK5enNf(!Xe$~+XyhPrW1_xc$1R{w=b?$<=_rcg|T8)yy>ojjm{kvxPP z(kCiCINkJU^-j~8dkU<$w&Jr!yyaF9$G{t&I%dQIX#TZUZzv8(J%zhtB?9G{+f9B6 zs)y*}{Nvntd*Mx6d!C&e8S=hco%!nMUJuy{&TtObrhZ{VoyDr^o;u=8>+AdxQX49* zsjz;oUJxu-N+SJgF77><%DFBG1;(KRz(bKd1!q`Tu~fTq(IeX3{3wO4^40T6TiyEP zhb;Rd*!O(d7vK^T>NN*y(5Z2)wIxTXf-yK*DF3MF1N~1Ra!{L-KX179Jnsk-A#uX9 z+F;5ygN87uwV|Jy38%rVae)4{fi{;(vbx}WSl+eS{zlJO&x>1h*{BqjMLzdn5=8Rt zyK19{7pQj729!=e(+G#8QQs9MM9>Pc;w?bk3WB%kdpQm-gOP%fOR$Q$wZ5NglE8@& zF}E_re_tO~Ts1}sx$a9j00uP)nG7TQgmH_ehU=ul3+YScNNgE|vA)fX$hnI<3XAY_> z_u*)qA6mztR(Vaaojv>@DxVw34|-ALexv(#@wgwPK&Uf;mXSkX%gyF;Bv#R60x&pK z6)Q}qPUHGR&FMg-A5h)NxhldD!ZB>p8cjf9LOd&QF&QTv!WGQpa%IQku z;L*7hlcQR)Yd3Ne6?VRJeKqk8T}G6C<`8uSo7Y9fD3dw%o&GYic~c%PjCji`8h%VA zRQY>gLgiY`RiIYf?%zshO)8Eqcx>5OB%v$@4T5svjYj+vNE&u zUh~8!GV=roFo87}$~{gy26qtrzbS%xj6hi$JFZ$oJGTY}W*06Ub3e{ojcYX5?{k6p zh)Aq3XGHCl^UmUCb($ZKd*v2outs-~jg85%Hzc|JQVDAh!$Pz0WwJdSqq}hxXYC++d5TZLX5e71H_yWX9iA zm}VJ5( z%l6zHN`%AEp-{S>fKIm>1uY;T?hS7NYxMq8Aa+^nSeuj@fKIeWzTABcEP^+ zg|mtR#QRQ@)Hca>g{KlxfcdYm4O)d(trJIX-||4-n*~Xl&sFE`VB3J!%m7!b5^_BS z*4AvZmNGX(*?UM;nOm@!JGXUDJ19^A2brP+?h|w~@E5nrvs)dM=%Fz*mOlr#V$N5* z&oahxyH!uk1~->Iu4qs_9?|BhK$-bIXiQUYGXH>8US(R{!Fq0DD5 zkRd1PVPRrY4atx}+>0fO%V!B2)Q*s3IwXp`xfX;G&|J+cDEq+Z^$rcNPtB~!5(`^J z(&ngJd!`M&BAYMIepv|CY4Zq-94~EXJHT6Jj@1G^w;A3dnhSI%$5>Cvi<%~oPp~6Z zYt?l5=vK%=N#MxYqkM*FvO!-4Y1Uy1TqD zsoagdTI$9g<=9_7^HMGN8#X^9BdR)Tk~RY;kdByKa^c^COLU-gp>vWpTqHLWO2ZQD zt}Bk*(WHopdaZ7`jAF>la3ieYj(!1FT@a0L*1GEs$46b(P4EET>W|JzAEJcgARIWr zA~sm6fUpuGQ1^O>6T&T$Q10}Am#;x8T@S5vRPVes;9t+JB`#c9=(AlLeMUr(?opr$ zXftm}dB3bw!|vAl1F`o&NG1JdBo8+rIBJ$rC)l8GuFWKmX|WaQp=nopW@vHDomU3A z9qokk4tmC;>z}AXi`0pAy+F}Evq0=Ah$kv<78hwQqrsPiMKoWQw30XST)iKJ$Rr_(g51cWpd z^5^p2PTg*9+ z6Gt}ece$Bvs&EbT}S%sYx?Fm(?*dDvMVftKyg~zpvPuf7R^HVZYFxIzz6-(SyipY#Hc6 zXb+g7_hK!dZCfV(g-GedM*Krv7=UG(OZY1M zk*JOK-t{EpJme4aCxSs%?s;w2t4Fr4n^sCU%ZlqkO{*7DC)@`>DGo~2&$xG8i`5G< zABpBcUGp669;i41`Utxx{Z2(YN45^QcQH!ivfZevUjFVJJL(8A5=xw~hTq4)y3!do5~~{eX(DJFDJ}`RR>*z&&Q0hq7d|vP z7nR*gA?v;B)ZE79z$kow8cJR>>{AN7zO+UCvC2(uDBB~6q*h-vD_2yFv}{(elCPry zZdZcl9&Dr>gOgExjJo7?!e%KDw(GNwv;fooS8CrE_#ayF`YHVLac8}3ESCDQS3m#z zVoety!D#JdP~qba!nxbCH#`*Cd3dXpnmfJneyp-U`TR$fiD=qBoO=XK?*cM#2)=i{Co|4$UT6r2n zq(aO}cX&!ptn&R_GGY16H*zFVbfMYe#atZ++~q3K)s2R zk9RuZ!fqVuuir+llc4P+u|6y^19#YZ1rF>B&O*~buCbM3_OtU!V{RvG=(aI|l8wA& z9o&on>Lz87_zBAztwfOSYjOrEWy^F`-wqPrudvzEuRQ6QV4nQYv2-$lZ(GLNd-5#5 z73`Ktx-S~`sWbuUxy7B^;OWF_f;>g>HvwpY>W_H&h+qFx%6FRc$&-Y=&_nLd9DA714ma z3N|uPnH|mCAPKaah@=eP-OwlKp{SlFQ5M1`?%1MmTCs~b_45#Fh2YdTI>Q$uD8qfT zMuZoL3z2RvSH6wmj40r6p~)^HoTe?hH4))rBbZ;;ZQOZMKuhgH>|DMQ4Fh>3m4rO_ zqvD}JU6kC5wpV|pNn%<_gNgH4kIkGEp0V~3E?<~8JG)6D*R0g@0Wy3`4 zKSLNUGc73%?rr#toN$XZBw9~uQ%N~&Ws*$x0LcPJn&elIKqjaqh-Z!t= zPZ9tEO54TU+k|u{)9z)*T4}Ca)7)^Nx2bBnmX@k$7s?E8Fv(?#+0h;Qt)7$=UaZ&b zI7*&&zE7|!+^NuCl(mJ`wB0GxB~9rcRbdHWRK7p0!>~L3fyx=PN&QNn0aok{I7^wW6qq;F#7&aKYP!zpY^~d=^UGQ?u6< z1|8d`^apP%-$`$`5*x}a70C}PtT9I^NtSC%6q}vT4C2tfFDX{Jyw?9Loiy>M44Ku8 za5B_Uy--j2M{KpCxLYvXA*P=*BjGP!R1nox_ZrH)=}NsgK!!c8p*H; z%JlA1uXy2X81Yf+AJ!uU&sd_L=vEx94k&)nv$oLV+slZ5PUshlRxtOuF5Go}gZKX? zZ~XInQGdai&f!KeAwc+md%>Q&D3UG2>tEWA;7?pVW>?VwCY{KE!~b5K?q}yN)LyjO6*uDF3P^=cdn~FO{Q= z%dr>(+1_0l?1N^{ZQ76nypCfaAdzd91-awlnbhPPu2$+Tq1ptm6la<9j5BT^=YkpI zf{M?vt5UsDGsd`2$%`VNuV||VCB1h8GEQr827mZ{Sc8pKzSb>e^Cj_)kIW3ql3KPk zj$}T#eIJ~EooVEGNeur0idoCbdGY!9r-6WWs8|u1y4K;+VRzhll1hSH1==qp!Ca_H zvHV!>L8nkc-b$o9t!t6oRG^%aEm3(e5Q=_R60VcJ02N;Pz=M(GC_uv%qpqd6cpStCLfu zf&_cfdE$puhvqXfw=_GiztS;KdW5}C>F#6o6krWqTAd-t{^Wlc zt2120HDfxKHjZ4C_f=ksFwT8k#s?L%ReK}3_Knc^eHmR#)9oi)G)%JRGHr^R{2E5ercp_t z1;>y$A$$VKUgc#ESjzk131LQh3}Hf~vxJd6avTg@Px_PYOyo)H9HO5Z!dIpJjg zwvo(aZE%{>7K|97_x39;h~)9ps5}*(koHDLDug%hp=J4tV|DruIfpBW=T5S#k7Z7C z+l{V;p-0BimvH~W`fT+&>?hcqs_#lK4pG?K?z~uOQOLiOL?g-OYcpum{(CzYzSnP{ z-Y?IKj+$ia0tn>7$wNjp9s*mT@(ITP3QEa)Foh=P79(mKWY#?E@mJ6Nnwb1z7$&~P z9*l=?nCt9_uX>|+LB58~wxKd3y4~P2+N#fN?((r*xoAfT*B6Qp{>yVi@OxBQ8W|3e zLMjAG%3r$!t|VW3NnWbqi!ZaQ!D*9J$d05@nFtatdmwX!*riF>W>BjKqf5X%RgRD0 z4p=rZcvCMx*T*51`8ZVQ@ug{T4L{zAQv-S%Ui!^!Q=T@UL64bK_;=Vj^GQ!~+i8NR z>%kYz?!ZLy(lpUx;V_pZd!wUJsNn5CKZ4G2WFE`hmq~tMm1?@CYew*0(U`;5HGLYN zn$QAN5&Y$CdHK{i+(hld-iW`@bZVYlyv8}|2Hihe_EyimwhP~Tj*SbrfT8O@fwu7v z;DUxsI2`N&Q6?I!TJ|1Hr70rccT_Kf`ro4{Ge`$Q32{&jDQi5xYy{@# zXs@75SQwNj(mZ$y*M^$}w9zI~ywfAj0rBqRrjC!fRf@foUN=&jXZ_wFtN$9S+swVFkO!0*ezV zc>MALt9Dz6qOXS$HTfm&*0XLX`f7ra#r-q%v&V_>7zYBqXlY7sdJ$lrR#Bls2%F{4 zr@sF<{ryk=d$M?Vy8_*WnXA5G_&@3bWA;a9&bHmbWd9j{!7IRqL&9&Z8gg50%~YAA zeD!XqeXWACZRqCx(D%dC%u(T}7J0x9M}+FaaU0=KzqSLX$g^6sSnYTRo28;L$m2CE zlSZg;iG>D%tENw0kA~^cCP%@Bd;@R;|B<29a27%uXs+%mTb2MfADe{yVV99l-UaTM zOhTBq*ZY+>EX7~TGZ}29u_k3dtnuVZqtvU4h)3E3LgNU%kbfIgoMG44X(c!`0EWAF zT$=`bPw_x`tcf*;X)O0Gm)f3`5R4cFPxzebqpojsmTK06%K?L_-6zQ4P+jg-t=iTj zt+CHxZpNZ+xkcUt98(fRIxE3PUx#TIu9fDWEL^RH6FC0w+R<$0yln>}$13h|9Kj_m z!TcqLXT>Vd81jPJ<#CdZPqbF;0EnN^Aw9hpuI{N7JMZf>e8$;bq_Tbeqnq-EI`>i< zvqbyNDUHm6H`oPiU-{#Ex?Kl>r&2dK^Q;_7#8j%SL&PQa z8o<*S%JaBqn1rivH3Q<@Km?F%ILjg#YT%$h0)h1vBziRcn8YPwyMi7wTDJ2hYiwu- zKWSu03pY%&+@2Bp{P6_gJ^TgH80tYJZ6VB2z*+1>j6tM>?Es;JG>h|n1kwk8_HBRe z*Rprs{zk{#EDMCi#?by>g?WU9U^4|dXp344i|yCpeXaQgUk~X*XGYXcm`pKEX8VJ5 zL&@z1-n9yFO?LtO=L zWC2+E>!2_IWuib|V^@=(quO`6kh=Y41h}ZTq$^iJ)rw}xNHTZ*O-;kd5f#EwvS$JT zQvA6UTNukGZb-P*CP1cLjDYe4^fy_fJ)bD5o zYH>}4?eg9s(7S}9Dip*z;iTv^s-CYp!d!yUq;aD$w0Y=$??}g8FPD`h;Jtm1JPnCM z=9)gxcBOaXV--g-xRy(mDbzi3j%%cBcj zr0xKh>96>lsxaSyMfhtj(Yrg?gaEQ((~$}xJ*xvyT=kk)>HheOeBExO)`uuYW9YZk z2d>oJ#QbX(8w6IEHyzFb{g^HQED<&K2>?_CA0F{J+y^cwc%DNJsCaG7qz?s_6MuZ=wVRPC16yBkw*&wapt8cB z(Qas)80=F8x&hmHWAHnySZo(9H6?=iT%L1%up#^?Xugex5JzpVX)S0~gXi#LWppvX zvP9a_G@y7OPd;1aBoHrA@7br+_uo~aaD9|*)yfB`HsBe1TFjyMgaNhPX$gU#74QLf zjqby?)Vq%1A|<;Jy075=OSIi*Go|A*Zx3Z(gESfxQNdbN?^JlImvK9Y?ditljjX3i zh*>VWl(6}8v>}}^u4V8Fqq@dN|8BGr1(&6$y09{>w4tb{%IuP3^I~t2@;`W%|d2tPk2mk92 zO19yszozG~dW9wzH&z>CIerSgN`Aq$6Zh_5o3aV7^DKGUr+AK z4F&)D1E}qVSoR3i6D8?XY&x%=*4|W!uaf(wi0SR#-LCuuyTbJ}^G%A`_sW;2-O%>l zIztD|Yt>dp{M$=cFzCvsa_T9yhgEEaA^y~f7!94PJ&!Jl>kfswS(FqcNpac{JIElH zCj(J>`T$xelFiK;{5U8?eMqrC$-CYpk#bD3{=62bu*_4>)$9q_@c}AECqx_0WV3Z+ zk%QdgK>o+%+T{h;1=7!KA?FCMX187nSV&u&XDlo56Bhxby3QUw$Gs~PoDJP$$^P}_ zYlT+jj02leE1==)2UlJO+Pz48#+u+PvEIfa$Rp zI}MH_3(4?jQc?n`;#20Pmi>QD66}E)PDLlQFg^IQzm=8x9fc@p(y*-cS7dkd*~tDq z2NPWUc8{qycB89tUk77k5`w_V#?6CM!=K4jN_Pc6)`5M7U&K1Q{F3B@5x!(=WaO>7 zeNc7IcmE7ZwfCKcnjG5tfc9rR@zWn#e4mHf#CZ>`ztLAza*qQoF>ug+35kf=p^7PG zpe8F%dP&KXpUb(5l>(H6M#R=w17>d@AT&s}i1J!!%0@5$wv$5jg7wP9&yR;s%EGFW zcDHua_PR$#O5$Q5VLUU?>sjNw3OX!!(ovb8Zsi-D*6|G`0I8k+(I=?U$1Q{iqs{cy zwz90%X4Eu=If!^0Ub)!Jr#DA+5CV@PaP4hQ^y;Cw2sX6Ur2Fi|;#J!jRsd5Tt(c3~ zv1XOXdC?A=%gQ5ajDEgTcPls%9Kt&7s6)`&1XopFOIfJN$)fJ}(u=kw z&f-N%jhTQl#^m3b2E}lGb9mBsb0UA|MU6%C_^*%Mf#U>s#%@bx9${WE(&|)W^e|co zhP;P+38J2QC*eQNW$`Si)Lf0c;z%=`jc5Z~X3<#_z-9k+g+O zTi3`YNH;5SNRds<$53!OmO?mGz*_%}Urt`Ie)l2m=)4<x|vobmW4w*AK=4+~7FW#2$MMW|-Wwg8 z8*g-Cen9E;85;zAr9AQ`7=%*xt$iB@vCQ$*SdGzdzK@-=QbNR^Q6L9$M`O0c$d)lYYOMxVtBV0{;yvQ$`!HJJZ|d@NXswP{Gz5y z32oW6xII?M3pO;QeFUBBsBe?AhY5GwwhIlIJ~6`vp@p~j1J!+-u8I3hA!a@2jy(dAc=s>eFhBclHATBlgbLtfHjm|5;L*J+Fg|=#%lJ!gEHo%5n)3%bhhD??`#+ zTpnCWHddG<1*e|y_2+0|=iG8=*iE7+8EWY#4S8K^${KlX=iTz~UxkSyM1Wd8EdHa;h-PmbSCDE9FNEo+^we&gDxSJh4 zL%!b~xoxXeO_+wT({iAcVjm@?v2hT zOp@ZO7BNZCf#{2<`GH}ExQRkH>W7lz;u4?*RJs0~Ix+CLO-#V%jzVv@MkjvU-KNBkgIC6dL@g93O+i0Uyws?;iIhn*StlK7>E@9cew zY-I*^RdGyWSj9i0rPc~jN4+uSS~M*WJDBx^^^ zlX`)r5x7~qSfko0Dz;^c7gJHC=nif%WVE%S@F#Y_KmCMta3BURkH06JNz?pt&%j!f*k@- zLH-ZqKXj-mw=rV3iWE1c@MT;_=Cx(Ve0lij#g61D=4+^MKik0l z*cr(j_|Z!=aAJN(on=d+#R)}BBek<`0Ppb&==3e6#}UWoK%pE;CYmhEV@{5qIkWEH z259gH=+Muhwypq}FoWlAu^#mLE27}Pq6^;r{GUjR|I=eJ?qr=2|4=d7_MrRTohv{< zBshhWFfY+?g@vLoCLgaowlZvfS6~ar07NacZ0(`F{14Fs1a{X4V6$db72_7;&NkY{ zXKYi2305rg(A<576z+91Ef)Y0&MJ}C`T*w0Ji%!uKQ`T$uk6F!e+?97@p*B7!ukaK zIsE^Ry*CePDqZ(Rb=!(FA_|I-sDNlAL`6j*B->WRh?sV0QKoDg6%a8ZB2&m}MMOY| zfRYB3sHmujh=7QMM8=4SK}H!&NWvhKBn)9elGXQNpSo4&obNkT`>VQD_q*Rce^`Y9 z!pd6j`@GNa8@#D{*av-a9zGI4WaLHPgW8x8%6$d&p&=Vb+v;hM(KL|d#ptwFQnOn) zr)Cti*un}yTLLXBSH5Z?nYepn9#J83)&2%QId1} z%uyG25rxWdG+d_rQ*eg#`eSLF@!+fABK~VMr-nkcGp1*d*nO7+En)lv;ONHX7<~Hc2fnE1$&APqmz_g1D~qru^=qMLiMZ@W!x$@K?b{+c_d zRl+e4o|wMmm%wBKq^||>Bk_=mpuVW+g-5yq9j)XU)b%QWS9|)gZy`22>FDTIRh%t# zL|tOw$RgAveTv^nte)nPfL2Azm-H2AIM7k%3>fs3NNVvP-YM2SQ)4_vSTh{hUB6505=oVzMHs8+Nu5xeJ1Bu)nlJhk*i}l^Uz{p6RF`vUyDIh zE38Ajx|q@}p!Wc)Bp-l=!g2q}z${7lDrJm@{bQSOCUB7eeKZds7=epICyvQWYFW`1 zgO*#12qvmM$<8{E&43p7wARb$w06+O0kQXe?Rz9^=I2n*d^sr*0%MS$C%&o1{ zq_Dr8FrY^psjsPdqv;+_Q310(o@~jx|1gH!Enbb(e4ci2`melXX62&?tuknEV>fGS z9vfN9sDD^8*Q?hltjq1l6}moF!4bQ;4G)^8QGhN)1(E4Jv1-%_bq_diK{#hX7sm=W zIbZ@doK&smuXg+}-`UWU`SIxK8j|N|gafJroO$3T4n_q6V|@$|FTazcY~qvrPg=s( zUa&g2?AzAAW?1e9m`&nw3YK6h0A2;)F4cKbUb`llrvvr^h*!=WwP6dxQIiuU`Sv$a z*}&oNmbe}7KLRwiZ^$Fs-fzfe<;Y!5C1-M0EAkcI%ZK9jIj(8oA(|0z-f!azJ-Rqe zxJdvPxf(8V;NF*aB@~B%e|NORlw(BLb1x4y=Fb4&7qFTI}zf$_gPBMCwvy%V)l$?((_(4Xy@$zRRE2OSkf~fU75XHwrxw-OY9mz)U z{5Vp!<|Ux+(^sXgqU#3JDz@Y7dpH}Td7Fz#Zn-=X#WN^=m-wZf_12jXrvKC1095op zeb_q#%YM}Yz}x@ukpa0HNl~O>*QpDDpTm=Z+=cUfq|90JRDFQB((K0I^;ga0b53SM z(aP(E;(x=TpXeUeh}53jauWvrj)P2gev-^uvoIYJ+tP3WNS$Q-505VQ1Zg?o_tif4 zUC^vjY;A5+e$Dr5$u99}K}MBa#Z;9d(ePKT^ndaCUL5*Y|E&Ft5VHDb>P_+3mSA9j z&Yr-lFS7pAGYAE`_y6O!@c*<++zLh>n;fy?igbOtDspxp~Gqf~a}1S|#Om=Ao*dAdB2YHNN{Tf<(SekGIu%!#glyq$udc{pJ6 z#}1TBP}mU0T?A3E0^hoE)E5gFroK|g1+h;Vl#ooJ*&V}#@axTh9ES5_EOCGP^EwC; z9`vbk77!JF)$;i-BL0!nLbfVr{C5BPS*84wbRe~I@<|agcP;6UghxKSt#a+SVFvl- z*Y6jqp%#X#0jb7E;B7W+3@K-}c=R3=Pu*~%sQWb6_&#>N z$|st;WBlm!E%hfG7!;$X&m8H!b)Q!n#|sZ#J+i7|slzlSygO~YZ*{E~CgSH$#FNj^ zB5mv^%G}MJnutD9U^w}RjO6KQSq>)2Bkpb#;h)eX;q*^HQrCOhpPUx~Tksk@q$q}m z=3d%_jWcU7TOBUB(W0UK2~l?{3fnW%^&DsCIn9DCb!Ketydb(9A-68O=$o3(lr#rw ze=F5h36@ZP&cCzIbqE>a>tjhD4}`Y`@V{aipcS!as=3a?BLDZP<6WGOnyy^IYx0&S zIfcfMud7I_C-=`iBnQP(;=sFB@MK^zHZ;I5;xKh7RM+iZk_+#kDsl=UrUE~2{Da*$@ z;FI-)_KWp7>Bt#z8=0noC*;Xr8q5-;9tcHZxun#>D7D{{_u}HhrflO@GxoGb$u#w@ zo(EaZ)c|Hyt?C%F3OBb2)*Z5Bz#3an(9l&N=aknPyS#nX&=qf+LT)&Z)q=oC2Xtk+ zu~CqgbGZ#1A8Slo{U`n_DFuyGL`e5ufp|0%4U{_{P!QM>j!rP)1ixwP7hnAF4~w=n zhUq6+pI90%^_ZYAbRu*zOzQVyJ6?V?C*sZJSCjtj>g|eU{_qTDy?H^7!K@T?^|Ia4 zy;&*(V?m4MR&k`kY;h~oJQz3$Y1r(K|ry zD+b+;ieWH~6W$~*#THk}(|aX?==i(XTD10ow@sNQc_;QI^YdwyJ%89ZspbQy3Se?) z{^C0$V7WHyy~h&NtCQB+E9w1XZ2i^}yo2UG(Zcs}U$Z}4r~uz)o}tO(5g4wGm>FuO zwA9?=I%y)LIX84VXak~+BSF=YAw97syuwE$1?4c+Uo*s|wBHpNqIt6}u|QU<=BO^Q z9((5`BNCxFR}9>^H*2G+IP%mG+Q?zD#I_N6L;3=AU7XjnL4opf0snX5O++7Z&uG$i zO&r;q1)tv!&622GzkL^3j4+CbyB~HSf|82pHYs`hBHRdZIl043)my*Jxe8y1gJ=Fz zO)i=d7^Vuw>I@3T+OAy)XG=7K*ljB}jtRdhHeNRH8C^RHNq=IX@}+SnzLL`#*69Fz z=$3NME5XoAT&}!V3i~rIhhdjg5u{K1I>GVU;woxyhjQbQEA*netL@36pER|sy0hlp zIql|E$TF}Hs}pH!B1nrEyBZm5x7Ff$E67V2haOV8`}IOMUWA+3&Ie8U6ChUv<~ZSe z_0l9|AWHW%iw1I5Hg%dc7HG&kofDTY*7N9~OlwzDZ@E>QmQ-A%V6Q=#>^4VUR7S4s zvY~zrlId6QV<$K()}oP8+R#sOL6x7^t~&mg-y;U60{N}nEaaQnFiFkfCQaOJ;X4cX za)%OH6>g2(tjfq!y6zs`Q#uc`^(ABJeEBu!&ZPeg-H#i z8e!6=4vpl*L3VM!kiQ7&d}2Tyq{+gJ)@d(9Bg)^5cuy7HS^d`OFwLqa#$lAmx17tnkE#|v-#*jgK)nQj=9g=6CSuwoo#u#Ub_Z-;)^or*NB7ab`SBR0|=X-%KNFI88 z+6l=Ut(jtN<>#n>dd?Zf4Ua?bmloYCmLKJy>zyVBP35C|=uyoEq{lLX?%7{#7g-;V z0o%bm7Dlo(*^{_)Gxl=xX#6So{DI^4`F!8}_!CI?qu(YSRfoI_`S~EoRHDek=5LnS zQb?6A+^)avG@7229oqwMo;~TDpLpzC4$+ zJHe7mdD0*4<^NdFJ?d{%!I_po=yQHd#1naBtl9J^X0mhf>lk%g(HDN_)px>J@quDg z^^_v>29`b4Vt?zcY8!4RL5W5t(~~sX)0|vR|3DuZT^Cg~yp-XAlBM{CpyqDGzeym@ zlKF}k31q9np8g;gZj_BYdQ$=&;trO{MTb$=kKcBUR&{YGp0oZIqlSLt)i9t1J>9-l3oSR}@dM^{FEBk9 zI7MvuzQXIgC8&FM28;y_&xpzo_*Ki z=U)R)$?kQQ5r~SG|%|H+dEG#R!y0j&uqns08XvSzUHZMS)Dbcz< zObk*jpk#w;{FO|BGJE?}O{GobH(n-;PEH4A9DY}K1gFWa zh58pHRp4fi5(XPE_a95ACkOz#PpCfR!4zt50CnYGS^3ZAB0H6)%SW^$_?;>E*`#f1 z>pHc+>S#xBRHew4`(>yXw;H#uq#zcOovIHTSI1C)UN05?D2@NcU-hX)N3}@}4^MUU ztZ2LDF4-4}HRz4zYRe-k*f`wlyu#*}8-Ea?WU(-Q+hq185o~COFrkVMQntWjD!6_0 z^x#biDU=})ni&}KZ~!-(+x(JlF}Q8T5Vt0* z9mxl2B~at4FGkvm1^DI6t;~7@?LlKXU62}e%@f>0%%VwagY)duY8pY#*=kVH-dfH2 z21X;C(#k0`7+GgY_m?JB@>`>k| zw}pOgYsq5aN4!_u>NknxEi?k|R3fnErkqczHu_*|GvIt{M=i5n0d5ZO`ytuB|H@IQdaKp>3?sBca0g;Pp_3{4r&k zp4vubZ5;1ywtV^ER)=evt#{YWD(Nmf$qUpf!+tMG=97`L9Mmjl@XAXF8+)*2-c!Od zB!9PJ3vKyXkL@f~*daLcBP%X{>2NSpGnfMti4>r;=j3B^84FQ&)eiN}T+~q>P_E@5 z*W7$f@p@9AsTACq9-obNz{428+nrs54Qr7HL_cRL?8_ zVWn_9Pi=Hg!oKoHR-mxFPG>m+)!4Qlgr1;k%YFoGSCaUz8TK*Ix^J6!PuAu7NRatx zEcA%4pDVcMTZ(PXQ!ET!u6(``h}#K4lu-5wM>DdY5v)Bl`466%=9SvI z^IL!I_J-5!!&K7*_O;70}u^6?+qat zYCjEU+>sE4BgzNUH=?u`RH>b3Mf#R76P%VA8JW?xV&*NhkNvcvB8&s$Y(nAlF~s_yP6<=U@Kw1%{xactQo ze5-Y*)}Z5}Oo92T;b_r1(!4J;Cpj;YRQz<{NtJEHGNygxlY`J`H4MfV8+xspIm3uu z%Ad3&#L<)sF#KCwvu_yB&fn-#G~&;*$n4uoYS!<+~Z0om^NvmL(N+2v7C(3|Gw zg#GEKTW^H;SDU3^*(SFf>hAVD(PT4p{iVM2IjFE4ucNk;i1krgO^A0{({yx6S@z1(yL)xjgBNJ6dpQ-Gmz~_wPiYWCmZAmt(B92g& zT-c_4mEjolJUFOqsG+g@HE)|X9=QA= zq4(2Uk(6v{$GEgw@uo zPjX|Y&8J-36L0+IUo%2OUZe@pb(~U-uRt^}Pa(d#6+Bz;rQ~^C@+X`pz8-XZ%=PQ-Tq zue>BFYoTvy+*o}^+KoqfVQX;Z{PX3?sL#KStr$*+GX23{GuD~OYp_Zf24|V>e!^I% z$xwT#4hB2OS}F$cv%aSy*VR@p`kd~6H^}aJaN$&Oa^oYuZ=&eyzCR;0v{u>X&IA*l z*N>^3)>#rl3~3hgGfo%XDKpO|4IGtYY-LzY+;$3X-lWxJI_S z@#({u>6!iioZkDNUiVLjnOMSA*#I7kebN6#K~vw<$HO@~=I-_D%-`Ts+~SJI;hT+F z+g$LI3!s1OkvpxxIAdrdSyqOh>NavbbQ}>}BaeTyN&Yv%CucZc3s7s1H|Wd^te!MC zZ9532QEWQC%3x_=|<9`(Cy!UP>b7-?7ODZ1vw#*7@pWvk9g>v!L zQ}3cqvi3K~CcB^lW-na{No6<%7T{boK)_qt$k3J6ZZRJs9M4S_9L{57uI(_oGYO29 zdv^Ag=d_MWnmOQ6qR7OL$f|p#X|biCXt5;o zCgRJ{bD`j#DOgn#sf|ppsSjglm&)!gO)0EN!Z7DAG(DzXu(pg|p6x0Lsw6BHJomP# z%xN8W+DqvnEI)&B?^@9g^;?;y z+ld^&nZkJZPd@`d3BDj`OeQ_ca0F-uc#_fegbIsUvgJ~6z(d8`lCwL7%W00?&^_>O zZ=Vb@xReOy6`*5d6t1IakU`sv-dZdvX{jW~GB*{}kNxRMz^AMqwe0GhxBz-!AOhZF zPM2Dj4M%ZS5Z45D(qee?8i>0xM2Mg{EvrpHyy%>uhUUuE->7i!BrJ3mo9SFVq*SWHKM42BOOww9LYpQpW0ND+vy%^gt)-UX9)-S zTiS>IsW!9$|3G}EL&qm~+lf1@n%@h4yP8#Cw3MSDi(PQW6n^k1DQ z8lg^|GL=%xN@U<)9#y8T7ks3QIbWe4`Gb%zo;9Es%88V`Z6=r`)%1xY;FdSzgML5^nnG%I~mbnDnW41Bj%7Bd6j~C+L+yg5_R^ee0Qou%h~H_$!Q# zbU&%cn!J&L?~Ba$gFBARBD_OG_K=^Sq}7j3*Jc|)Sxc<9$r(=MM}1^OL2K+bOM*S_ z#OnvMD}Fsut%z2ie4bf3kD#S?GA>e`OLwF9FqO85`LwilH%D9v&5bwYikz#=^%@>& zCTjcsjf=-)X*ON}XuBi6sZLzF={3ZQUGw_wTd?Y&j8-d=DKC#vg&3PBQ>|pyV;gWg z(HglfwQ1W0a>&!RZ*Ipspn`M9wSm%>%EvWSYmlzmf%8ZwaxQ<> z$2*7jDgj}rdMy{2J&Ql8@d?(>Hs1Bg1LZvHgtLvz-@+lfY zXl2ZkY0s+ejPrC&!tBPv#QEV*M2^wq?z8bIkU!WpPsvWoS9D_{v z?Ty>_P1{oTWV#WS{?D>U#?qWVkJh}$v{9BMEN3=s^EPH~M!!x-P}}*(zDAWL6=0XJ z)4YnLkCblVpTu9qtXWd>ABdM7PI#h_Ei5SF7Qf}Hi2Tv|two9ZKme~u`kYqY{S!ar zQ%H_lM^@o797mj~h^@pn$iG#wo}T3xj%O8Tuj?mRI_?CMZtBkvr9ng2ja5#I0FM!! zj^L}bC=WxdmcA@FzSpA#sei;7GKdqfd)%1H-QB%4)Ng_tnyi=4OD4%fVvPy8yGxjY z86qE#lhz@vrgg~J!yc}uvQd*v_BJQ9xeS*gdF~a-9`iJhYI!LN%l>Ba=1kZL`%Upc!{+QWu+F-br6Hy?3v=qDhj8h)Z3$^<$3idIHBcpcL$Y zd*Ejn2tMZb0#0j}a;_`WiRn^&lrv}9R&SE2BR-`&&TN9CQ2aIH;53fVxlU}rT%g{n zc|bA}G0foX%FFULxDu<{O~vZo0ywdVSTSecqj>6g^w(zL4Th0fgKwob{2R^4Y{M_wJg%hx^#%^iEMcN8O<+GRSpHLsUugddiqneO`>Io0v zj%E%j`uy7wEm(^i)$b~rf6i3D|aE< zx8*d{WG-3$DRcm7I;haclE0{!vj9D7uiAvP9()V6+|Luj2>xs^Rh%QQ04MJwlAijp z_Ivwfhmu=!GCAR&0B-5XqnHrC$b?t<3qdA|Q%>somrmK7i4fgH$a&cJ#3nn4qFc?s5W8i2uwgB zZI{bI;#hdfRsLS|WgIUE znF%T8O}rKG#}4p4wQn&0M%C}<8>y`%jvqWXyg+>`Q!6gp#6^D87P)elN+}Dyu#ldT zwLhxxt*TBhCAm!dI=iije~oBsh?}1G1;)nS=w#KzwC%Js8PvsdHNHI@9j2Hp->;!o zDq+quEN`}(C4kNG$-0U^=Lg;m%#lMTIlm`O!07AwqauawuPUbE=E=dn_oXORk#ksc zAL+~z>7$P`z6T|f7H}k%&$O=63(QZfhHN#yhivuh$Tap1z~5k$(d>XvaqF$hX(cPk zf6a(u1?Te56QW{+G8jh+LGd_98usn7vaH_j7ZD*(W@l(Yn~%C z^!8#+h2l4yIMOO#++sP1ZsMnbh2NPbg`3XmCs6#Av2lB)vugP%uXo5;fH|w9EhQ~y zY)8vGC%N+!)Y4Fok_=G*DJ=_p$yfe0gML>6bJk}!kFL>H!Te{xd0N|1&bX4AOaguI zQcH4Y0)93ZZ_OgDR~y%lEy9WHMrdb6#3oM`Q6n4^ipUzPY<&9y39EEkqmjZg47O5+ zG^{O-NfX&dSQL?UkVL2Z)%^aL3Pphbz&fA%_288yd z)GZqV9kcFH)=sZ8qruk>E2o@u7>7{zPHLRT%qEha+OZDF-@52x%ZH|o%qEjLQt~wD zI`K(?&7JiJ$)A2(Idbe;EL5$eRp0SStwM+v{wxVeopMALCnKEn?Mr8~2G z!0Gav`Ua_oyuZjd<_?vOIq9x1PrPZYVQeAlDm8G3a;BXQ1~WTg=(9W|XlO!Z%lxd* zDI{OxZNZl4CPsFbT$NLmZtd6NmsyuTs?r4nyLwsAcgn_rrj5M zKFTPEW0@VU(E2T2v|}1$kYYN_b~&Wppt+4rZ}@GPX|2kj?~NQKc*qZyJlk#YCMzVw z=o6=P#NLE=`qMuTdm>-ue)sSG{N<^O42YRrgDAS3Qo)GIoXZB?TowxBd zq#9i|O7T(#Q63b7;lvE9=B=wP*99)Zfq3@8!gX_N??ShBFF0D~c5^1ZTpYz2J0drX zG+z@E;hn>^(Nf{HO#CQyjH5A&;R=s0BzNXbk&y4A^T^l$jl!^z>qqkRf>%+%NZJoS zXhVw16nH*v4XLLn!-8dC;lto?UxYB{F}84Id&v0W^)KJ99nS)wG+ZPU9~|nW4zo)AUtf-`9#F*nEO&YyVVj$K~XtN@>=< z^XJJy_%@T*u{A6NfEv8?{CC%Tk=E1kR7>~7$%`(fF(G*l--kBKx*UlY&B#~i zv3e%Iw0BgSTr}Z~*6&<9(iKCU>N!ijN}Gu-#cHvcQ4;ohxUswLdtV-@-gc|;-jU1SRNz9s#i(0@#y){ zGLnrvp7YYjx^6P4?O1lEz@L6W+sF9UGJo_~vv=)`i^xKNL##t>Go2nYR--2*;`wdg zs(amB(16{AxsEs!2^D}+`TAM;|4mZ(|HKaZ zPb>EWoD1%|1q&pcpU_pM$dYknA!j9Hcf**G>#@31@wOiZ!S9elj5dK-ME%ARd9tcX z0?LpPb04x&d-~Y?otviobj#tHdX-o#I|Do7QA_^JsBEU`=b%XW^|D4)z|&YpKA` zXLzBuNRV7tS{QXoPA~uFN>#kfkYyitdaQY~??vL~%qsfn5gFjur=7%cH2gcwSFL*d z>)K?#Tr8ca5dL8%)hoyerkD9-xCNiZFA-~AkCfTIwKVD+RrJ)X*c_LBGGxXN-&V#U z8FfBN$<~e`9y$4B(f;AVR74rszgro5H6C*d!_;Xy?Otws5AMj>h+1u-sJt2H_h5?% zWmll>fK%o|8ip+TPO{{q=8%o)e%~IN%<)&`QT6pgZ@q!#^7SVZ%Qwpfxgsi3AIhXlTe{; z;KA4~cc_ANYXG+Z#ezqz zXOS6d`#D8f8>_Y0ez*soD#0y#S{Tj|mm>d)frhuXsjbC)W zz|PzOb(U$*-;mdsO;g#>2*0Wf)5E!$HQH&hj?m-{G)bH*XT1B9Im(_=9cE!|M2BB)*tt%@uaohsg|l$Sx}Z06nJL`m7doZvL~)Fe{AaOA@5meb+hFvR=rz-S6dZU z&`}Qo1*?ZHTzLgv{+2H>9#KwmeAr%XY7vo@8=eNu#AN2dPeD1GHFt^I!lh0$r9Dgf zl$T%4P-_M-KeG>>bo`n!68A}4N`v?AC_ zM!r@+Tl#hKs;Yd7ek1z{|ILW_RQl<64zN1GQFLQ1s1ZLw&H#0mclphhK9?a zGVQ2nvw7|2=9qUF41_mK^o|&h2o%_l)waj(%e8Ot%whf;wk>Dqkeucy4{jRsVH)*^ z(#j?WyRQG(X{@p`eM9x-9S&`=P9d^eO9mc z_>T%!_by$t*sAeZ%QeXTkJTfCcsf9zD*?K!E%%gIh)a<<{Hy;!SyIAM=sK9Bo)c|o zoZVfS&2wP;^-lgy(V6jn%Sw}8_BLOs;7TAX8aL~m{7kGu_qaT}a&#}JJ@s!@bc>`~ zoY(EsaTVtklhHk%n}xPbgb_F_dMdA--4$cM{@7g$8|->DAfKJ9QPPNd$c zBDZvOP*N;SCIZ~`iX`*}=#@b)g??1NYI1AIE<%10VWaF;o7;>dLKf0-ON+6ix0jgO z_VAC*w6gS7X_cGNX6oV-)h|jtP4B&Vp&U?ND@@#zAQexjUw@DCI#6YobyprW*s8Kq z6BT=~ooE=;o2he(E|{DcFIiQlyv$~C)syM#D>!6k$jgbXa6e?^)`?D91r0)>N~&E- zo;wh#=wF+xKIghBQI$U&iWN_9aHJ-Ww}17 z*P3&=%?TeJ{xrT72Rufc`T~Q0uDNO1%ve7Ovbc}8wnT9{{fgJ(%xCt?46Z+3{@i5Z zPz9|fo-#wcu6E?y*yv)LB)15F4tuiq;j#OH$7+bu^o* zUR1W%#8Oq%n>zfzrpvt8>ffiME~I}ycAW8ZK6ykx4J(0Mwe8NCtla>O3gHhllQqx& zZuB@x9SkqHWjs4;u8qp0up)=Ub^k_3_UGey+k?H7m(a~pLcE7n!}x+)v$82S_EaQ~ zZAkYwIW*mp-Lg+6)Z}MENEFLu%6QcIf!Y&w%n>~Ew$VhjZ9H$KD%GG}crYaHnzPe* z{Qlyy7zw7O4wYvLVrjY_sOx@y9&H|4{;OPc|J^nJ`-xMZsg}++1<>hHXTALw1)a@% zVRj)uB#gxL(WDm)BalL;OC73c%Yr=yJ}Azl$urB}OkAEa5=;s6L^M%H`w4+RbZ*7o zDhG|#eeH+qbN*zwLu#}G_3>0$fnWDuGa_J&mNL$Y3XQxM6+^dxrU{R~Quf6|aOicg4px#9fN9^Se^+)pcpYolJLrqi4pnN{CWoUu>i?z@7Jkf&s)YBZKz4yH#$9We3^m%%LDX(^?>|8`R8!DFx7O0 zw#2J&J{G(D6Tm|yo&45`Qh!uXr59Sz;6W2)_StwuJ*f@~dFDakShmfT8GcYL)-p2B zlylTEZB$Lf5Ol1L=a^}7k*>{hI#zQGa-T;*jWfS8Rw#lhSvN@9$TV=5g19=5u9xZw;{l6{QdX#%btu%!hR$iDX^F{-b!|Bg3W+q97^S<=F=l2RAdE-H-X z5~SwZYe%Wcd&DcgB^gc=-+m8@dq2>EOMN8eI(I@5aPte=Jmaq!f6^k6v2-Q0fZD~s zq2l{K$l@+^r(%0exlg!)YX7Q{)bO~YV^xG*#n}W-p2#&xOFX)oJg`?Q1-Hdn&AmBm z&~3`N#/J@o2_aI()sMqd;uJH&u>YGSyx01zY$kX134o5K-NRBDa6e%tvvw~x)`mtUWp|;Ta zixB3((-uV4rkoUfiXmr!n8z8v;zJm~zAZp#mY)4?Bl!WzIrHT~m3USgb!ZNdVKXc5 z1(ew|wh6DCC+?DnbnX;}x@i%uX$>#@|z}58uBfX&pVbY1WRN&=fFRk!XZ@ZHoTPt@@ zvYuQyG?G+b#K$wJFu}_B1qy~dDW}3hx7_AL(nl3?W1IJjp^B)7>^o&=xWk zc@Jx4=BzpG{dz$P9|30i+QZe}qT;gX{KO6Xc*tkXUERjR{4IPG8Tp<5aR?)*Z;#<; zs2$L7g=2XF4DC4a`79kD-F=G6EN`3JL6=8t40nvKHQl0Ja%rXUW%C|dYsS%f(t51* zuNivScJ&r_-eT3_B+0f4XH!EdZ&mgcr;ryaB7J%8tqTW&p#lmVdrv0pCw)5g zo94&i{p*d^KmV@?*8l$XSvUVZTId+-KT_Q0XKSk?dw|e&9Go{EpZFK~Ytv0ESmW}e zNB){&FoKrAbF=RbNzZvCLQ09)8W(0AZ&AZ3z*rDu{5-%8)YbbTO{gby>f-G#Z~bcq zCuB!_FQ9JfX*lKr)Ju6CwU!dD@U}E=TVQ8aY2f(6gwmIs~=!KWBi7Evwtbx|kQcXv(P*YD|K!Ni0GMm_YKqS>ge zY716}EMxqpd4K>mp-infu&F(m`Q0JpX?0Nea;{E0_ae|rYskr3ZOOq$JW^eDAc!f@rCskzG~ER~8OsYQlbFYewW@Y7j5T)|yHsXA24}LvI&*Yhm?v0leG^hEN!>;gW^`AgkF5uPWNt(9dblya`geu4_@lqrA8AQo96!pW)$Z zFek3IsJQ61qALji*SDp&z3@L^BHQ(loquO%P7gfM>iA~upEc@!LRtmrN4?+rYGUr2X5Hu`C)gK2BLEo(ei07^e*%f|`VnF~=`Ic=5t zH%0M*Mnc*##j&JEU;C3^JK=9791qX@xEUM%q>X_E@+haXuLC_HcP%H+D`2e*jw)xT zMplS+DE6eUZZhU2tn@4j^9@5R$rj|M$qV)^A%>%rivd1`W|&hg9{XBPQ%7Nm3~IO{ zRu73^E~ zS#Fd7e|(DaM%PFedxADr&%4$@_M~5Z!W``*6pt&-~I7_>C?yMN%agu;Oa!%7- za{HK~YlMo=9lfX#k`#inkM0rFbdHPjFdA=7ME!5W!b;z zaCmyw08ws4-l^O&hjeO8km5w@Cbs~@6LTmV$R?!O>{BaE;8u_A=&1IWNh7b)I7OUFF1=8wE&)^=Be{)vu;^C_ulz@txI zu3RS%iXg2&uJ%#1R0?s7Jqo=9x(RM2SMeinc}1wnVQoulUMV1vU>)JBOzTYVNy=~R(*`)PCqHBxOV<>&TIJs#u?SRzenu|6i#OV722-g6ju zx#OBJaR|8+Vnn_=t`-C11 zjT>arz#^$vR#O;XGlU;&037)V8kIrNTt!X~U*%ah@K&qWpoqWZ8;wd?+TTlQp?lhJ z&vQnXfE`?rdhD+m`$owj4p)$qfMhMj=Y4*r+E^n=yXRGEQUhn zdrAC0b^LWe`9=&ZrHLfp|r2xb`}>1U{bW*xs?;w8Z6Iz(>c82OS& zsK0_OH7gGj>bR|9>AIp??lGc8hh;Zv%S)#dq9c>uT50s|>UBF`M!9Q}8Tv07_y%mT zK$e4REq~mh$)dIlGD4mLTF=2B1Ztv+M;RdHMFI0JX#Dqamfs{_sm63eppkrc1pl>W zzb1{hQcdHbbV*KYM1}Y#bx646OHg2^>f3H6>$$7I+-i&+Yx!-8c%ts$NSsDR)9CvVejeM=1g#n3c;3WoG~5pBuFE{X#6xFNCa#Z*j3WDz)`Ur zkt`<553nLRa+V*~h*h#NT`<-qktOR?d-&~m-(e+ZNIO3y-D}&pA7fZyh0Uvx3n~Dc z63Ds<;F~S#edso6&N8Q7wD2%`B*(S2eIQW=GIZUMLj|?B+4!+hC6W(5*?&5;j{Y?R z0fg)>MG7K6{sPjkcg!^$)lYEanm;}bKK?UYjt|3KCvAcwuMJ%l!W7GIoo)K!2qRY! zx+X}jUqzldPB38ny$O+!_<6+&_D#kv>13dV@2}}1??*Q$*=zU74(v^sJR~smpy>$e zn#DuLswKgzl<|tsQHnF=(x`Z*5jt9~7qs2RIUY0YS1MDZl;Pz9lVoe1j`j}Mj&>s0 z?6LjnW^5DCT{}^2MfY;qg7I*NJ@J5*exzJJbg#QoWQpN_9L)Uq|XI&$0L!)IS zwv`yUIgl2Et!x-07@lbmFD9Q7YG}Q}Mgtga#hpGJk1?JV>n@ zR5}Hth{b5TlmN)?Sn2kAothKd2wJFvRR3lMw|*=O)^L+M^GBO)TC1_Ps*s!BTSMkT zl&ST_U-rj%jr^QX&&AxE;&C~2*x}$bu4Mj%!CH8YSChhI>!3g$EtIF zc8rRbe(Z4!8~AftC<&`GiVB49-NZiL2#Y z`@u6tV?>wgjNeY0ZLd4w>IxCiAO!Kg<>=qt6>?{6(b+xLFr>)a2(7gl=8znt>&^_& zBSbsuPOY;YBFh|N@AKaXhAq0nk4dNDyIv;Kq{OLTxHKt#@K7gzIb#nG<;zvloOseI zH0gNERt4^Hr_tFR#?9Lux&@{c`kOmk0YMKq5-I^s;U~9w^Y4mVTD7G|b{Z|E4pC8a z>W$32zXgx+|FF5FUvKO+I6`^hR&5B~c6Vc{Ri6jo&wlFHMDxAqZ3N|xFAS=p{qLl0 z#Ysn-ALL?nyrder+P}Y$T$~@jllt)kPh2w$a?DxXfG>Kqv_|e&89`l?I ztB$th%5PMSiCB2>WJ zf*EnhK?Kt$RIT9uK1o^#HC9`T2@5l@!j{w28(D?mUt6xyQaRM99NNf`to$|O7nOs0 zOw$dWsM#wuH~3!o)?TGe6ZeqZynF;**DpR^caj%-u*s6hU*e$2@>6Af=t|P816D*2 zMJ0xzG@KMCXwGJXY!#_oMMTQY?B)IK*b?$94O@l3lmh5BIO-X~{185Olp(YN^IMlu zZGbXwX5!Qb#m8DS+&!4~0Aw)A137Iim=3GWSXRIvR6Sr;CnI_V)Vbcd{h?}) zpA}v2s8M5YK~peq@|J^XK{;vuXNq(o$e+Ct$h!2L~e zD%CCY%(EB4`pz+8)v?cHs~X1}Km2~IW!HcTVb@4S!sK1b5w(^ko~h6L%(GMk#W5B= zN3V~l1oJ$B9KI}lZ8J%1S}`rt_va~~-B8y3HA56KjbA#T=3Ng#0(PWocmdtCYc7`~ zRI8EF6^P^^`3%H_H#YdVZTu*gOQ}x^pB%5Uw6yftMORh>iWLe7??kHT2voq<{T?gj z3)9zV?jlfD>5tK3Z5YVeFTC|w0gxHql1zQZ z)55BFGf-2BQGg^oGnVTlCCu(uzW&-CY+RXoEhv@A_FR(`e(zn#FH`~uK5`SO-zFJ~ z<4hyX74FXaj-HwA%zFMx{jw?W;C&KIz;p%iWz#siruIn%z_O>et8k~~BA=hr8+1NX zL2z*gt*u=dhQ=y9rG*i^jluAkeW+{9d9MDARiAoasLei`>oTQIyR__c3K<5t^7Shij!L0dj3 zCc~z8p;g}xf17IQps13CVuX*jU~$v zQHY0^W^1;{E&^2zsWb$VP*W%J8(o!_ z|Nle~_P-K}{r~mr|3S&kgQoHT&_hrhkszVzF!1u)O4eJ+PlRZay^Mbwq zs`f`JBja0>>X3*U+0&d~|3jNRd;g3{-e{+woZcSeh`-sUyrXcI2&3~|UHRH#*Z+&X zH;-y6TlYn=Y)}y*AfR+91w}UkDxGv$T9zUrQfMjCrWBM;jetskkX4F+bV&gU0zy;- zY=9I3(kJwhLXGqSLP$a*O(3BO3)0k`?$hnsXWVo5ednI>-np;-a5%yUi?!yO^PAuN zzF*@u*;}RXI0aO*SG+3r+m4)f^`4$z6UewNDsBnF^l;E!?b zr2TwmVku?wdDnoDpn-v*2-5hwhW?#kk$8$Il@yq7#TMwMVPYJ}-#iQH3U{iF@|J#iR^P7_ti_IED9lL!Qzl(% z@E09zmw6bgwlAQqO+v8FPYM7?nwmg}cO+LF_Hn>28K_zZzViK{&(j0YpNHH%UEDz# zY%fcZ(|=g^5#8~Z-fU?rdL0yix*g(L*xN*o!73~|xV3ohN;wC{Eunz8!(Ykc6mw}U z5Dh!1?XDOa*nI8UK2Xqi>4i>RTNaR59X~UO;Pb)!trgU%<;tjCxe@~T(GBKpY$>zx zmC-#|o~D_9TMr;i5^HP=0?aVFJ!Jv)p?UVt33Eqw-f_E9xnU3CxX}(PO`uYZPf14} zhz=0@4Mc_nQ%O2a5uejwW=SNoBcKyV5-196uo=nA)~DlR+`}hpWC-VH&6S>b_>n1+Kab4GTzm7i;snUe{+k|@yGvxl;^)x zn*VF6%twQT%;Hud+K4$vzX{T|SM$5San;YBC+_`S=A&^VjG#dbZ~5}~pI1M5S~+XZ zVMTyNOl+d49%l%BqCpOh0SSHLNA(2_P)f zA4F7qb<{FFk#fxroy9ShTIRbF+w`kI8>1LH0kJ~~+rB!QvdLoY0YK;b?O%RU{I5R| z_W)t`U@<7m*xKfRB-TjpcNyJwfYTmF=A|UEEx2b-N2y&QT#UDpMq`(C-@)bLLtmB6 zrRQ$1H~}hT+b~n2LY4!yVj<9sAb}!Y!yIA^)FZqa(TEL5dbtml0lNS1E|??T&J>JG zw6sBg;%*H^oMJ09mj!bfB*nT9VH^S=h~H7gg{v3xrD|#QlofsLt)K?NqyJUD^6!5_ zeUC$8AO>aOMi?YjnuF&Y&;kXR41M{s0E>5mmoSn6{mcC~ir^;HiV8gHi_V4kH8hZ> zx1Z-Tq^PT3--@2t$S4w8IA^^d;1vd7sRcFzjN9K|i=zpI2;ug2kn;S~n=pYd@ z=yP^4LNK1_1yHd0?IUzTjhj}VY=QjSaCZUW0x_Dq-CVo_v#(H+~Vt2tPq-ZPg8PITqNmHQ~k{ZqTd`YJ5C_Nqt@v{vH9X zs6$M7@XEgGfokOZ{ST-QFvDMb|A8+)R)~%puVKYQ3!C^XsVvZ)tg`;YCz(Gl^XJ(7 z`w8~vy!oFmzCXw2&$0P4i2n1|^ygyub20q682(%gf1jcLyOj0+V4x_>)$%C)@}XM3 zCImazJ3WUZ75o!^`wvwy*9U2T`0Qyb@}JZ`h~0$f)eXrZF|QDBq>ZCZc|6(wCQ>(W z$QBelmF!0TYClGtCeCXTO;+*t4K^CGx4hCz+tq3YuRRJ!T*yB<#`3V;n65}*T%}uO z#X-u=gx;6PQX^DsR-G$tW0j~)7ZxB-f0y~89Y=6`c_bgX^I^!AWWnQ&S65VY?V2|% z(gm>K)?dVwXvd#{2==VJwC@$09EsMVd%br&!7p#d$qxm1s#WxsMPOD2ek?B)nNWg; zj_j-k_|@he+pH^BllC2ziMV={AQ9=iOabDIvn#`t5q&`b;?jW8 zUY+XlijYVqBXjRhEoPxnBdaT$Z$YJKo(JDi_*3~uAEcG5;jpvDwx}_0qWJTqDj%JF zynP1MubU96n65MLy=|^3vgc=;@8a0jSkV!}Y9#oHAI$){EnqZQYNr+1(vNnP(Usl$ z-B^s#7#2=9dCmPRH!K|87YbdZJMrHzPIQzFP&FqMU64E84hlkt6Z;h&&mHql{3&Io zjb`Gvt|4fZPS4Ml7mW{XEz+rjOV#S=ah8{#6o?NXgKYHXK3_phkD&>q=;mpAu>zXX z-m{)O1F;xKCS0`DCBFi}&8E%#4K?tcqv?br70|C4`zN6BraUuj(vMyaorNX`796^C%ol0O8s^FYrF zML2*A3|Et72xs|cvn!ts5;|O1$B1_8ZXG9K@FSX>@3*&v#mOxD2&WMTAlppr($+?z zV7@aaEw082)o9~*6fKlWjc<&-=JM4^_Igr72lHG{O$t*4jeucLoen_d*iHc-?t z3amjO$y3Pgv)14*o$C|_JV&O^D*M4#ll65I`~;bOgbMLnp!OfgV5Bi-=pjN@J^5}q zyjH9(-4Mxv?$y`@$WJHxmEiM#P)k#Nv#jk=P8p5W{eHE~Tkn)?_ik#u_SzndE?!}( zKEtTV!K7^$y=sHP7%QU8SmT{d*)tAT5k?(N4v7VNQ)@sowSMJV^|PTU(dCqa3Bl(9$NAY+++Vi9 zk9^kLEEtn~u@|+=g};vF5Vs4=n<#41PXN$mRNst*vpoU;;J=ezDt6+`ZghA#8CF}? z^t$G{TW;-OI;q2)2k^AR8&Vl-&a{au=7y9}u=P#LVkP8jT zSdx@}x;kw0bRGpzn}lwH{IDd%P5QZ8yeH4Y6TbXDKca}!V4*A0eYWlDQj)arogWPo z^V8ce0l)Bjr(w}fyj9aVpkD${7xSm=x=WX>r?l)H_zqFEO-eA)Lg$_(`ugFgsMNL< z`SscXm6h zg-O@-!-Y-)?A@D=eR^!8dMl#@n4gGH&ml*0h9-WQDCx^`y4vxZ*3#y~fm@2-TF#HY zT?eZ#Ci(yyJQWT~3vT$>OWcT@5;bvbDEy=${H=b6BR*-PT;5uM`h<5GcarYUDvH-3 z+qv*sKbArbj*n}oVn#1yQTkjJ3fZFYcq>N(>xzcMJGOHB&~Nu0)C~NdsEq|Jnvt5u z`#-)6hU0-AsCA~$EgRY(1?^f@%of8k(0jSmT}X<55#V{SGDf-!75o=>TL~pp7hgWF zLpnH0vcmJYBz?-Fi)4gi+iL|b$EG*VM$t6L4d_i`xo7y0f50Ah3TOQsy|G%N=-Cx!J zubQ7vfBjd7%YR64^#5ia)PMfj+|_v7LBG>kco8`hA%I(k)CCHKITH?OVT@QO4DKH< zPXJJ$rr0rC5e@43K{os-0RVgyS4n{zs;ppKy8bGCc^555k_mX@&_-z|ed86P5u(@V zxxM2?#Mx(3CRp7mjw0P9Me;H}(Yh51VXpipGwb_x`=gRE%J>{%pa2~+TV|Aqe&Y#( zbi7o_;ha^W88)%^4cdof)u%&(ba=%8nKn1odt(f7%9(=YrfZBtBe-%Nj;Fi4`Ll6G zgiC?X?ErvVHyKEc>r(uHTAk!~nZb{;B~IACOkoU=%wbj^)D%W(keFG321(R|myDai zlG>ejQw0F5*9t_;NuUM~>?c8M6(F{pOYmu2ptG*Xz6wOB*%|M-@<9Tg34Ozt3`W1W z74y4Hx-eFU>>bDuwd&3xk5S)0t(mO{I`J1mIbWpO;`0cAqOSi?9Oz{*lzOF%T<$Wd z$dJB1I6n7OGD5saoH;&8t(zrdbdd>p$~_Zil$zzWXqKOSp{wXDIrHI2GGw@3Oh16F zl$I>P!j7M9EaU$7$gki0^Y>T(L4Ko5-{=pYE6F65rnQ;~gBU_vkp||us(?0RL852> zaiPy})>OaMcy!>frdK-pLLE0(Cgg^*EZ?h{rHc6$u@Tz|!r8h+Ia>CLlU#9F|yNd!HzpW|Ln`0%7j@G4cV( z8c-Lco|2fYtOUU!txM>r(6l;gzwsetO8dnHFow~9fuw}L=6kiqfeml|6snd%c)bg0 znO+WRL6&zW4q3<&D;7SJU1e;FZP~|w?#&jb4C6y_z{?*jS2P+DMU8i zIvt?eQ#|;2V*lsu74{(^Bnubt9#cIuWrr^t&$?jb5GFsIbD8?`3q>CD7X;VjoT1rb zbFJ*>+7Z-J{wUrnuf ztD3@k6HTD?6Lf!C%6BE%7TN~c-gqT@ z@SEU|cT`frw@YY#Ma?t}V5^a>n41Q7KEW)j2a!E>Jk%c{B!7Udz=IB1dXU3HIq;5dV+3y2SEz8#)-r#4dn z+@qetKZE|ppSV}Bi}I`=q+3sVlzEm9-d$&mMZ6h6MheIYETtM{(FtiUn4JKHCns>A z+`DEi%dsab;_2?~hDsdy9lg^*1B`3)whzT^vFNWltvweHgl+0-Z(vV4bp|3YU%w%CcsEAYG^+Ev!LGzmEFqWLa|o?^Vq0C%bv|5Wu8>)u{2m* z2oZ*5(SgeHhnc;)G%Qf?(2VS;U~Waq8>FD|dnbQl1z63V&7Zh6N7zt7vdTKKa!@DP zk#`UHTZn$k%*RSf_(oPH<4u><-Jl<61y5HKBy{kY{K5*9pJSiDGDg9Z**;+vs zJqpiiVf7b@*eo)SxE`p5x;+QM@upnD0cOnV~Ph$F+&a{ZL~-+FEpDq2$Ek?lXB$X6Bh(spAy;pX6{<1Y{1i$p(8C zSma{+=x%%rHMbx*l>G9@^NBRUTko$b%N2sLgWx5HY9_UKy^HW?O?L{0rR~IZT?9X) zDEKv0B6fP|%koiU`6@|BWA?ByoQ7U$)F#lnUjY##)G(zPrRG2M4Upb3Ki*pgq57LK z#kgmK5joR>x7aqx2)yf5qo`_mR`?Af;sd$v2Eg|XX22TOd!9`07oQRsw|c$8$Mp|^ zWy}dM;@j=KAvtIIyoXXeLa7uppdMObY>up3Hdv-}*@J-MLd5k+8yn2+*jOGGIZ+dl zi{PXXjVW||V+RZ$F#*?C&Q>OzCO5DKJUxr^&r8U>AzN|8P%~}} zHwRkt&SRku!1wu12HzRj4yWBFntYkQi9+FRIk*_HQ-P-+L~nVZNvWwI|He$;3bt8k zWiKQOAp`)G%g*81Xxe%p^BeONpVO3WDu}*&!v;Fsy`wtRpm1^PjG>|KTc53 z4Y*U^LA8dgZ;USidc};SB{a{=4W;R*3shS>9zo5surR+=+RiH7Nv}gIe3_dV+C&o= z-6J>_+UDW|8p9&qUAKGgX&q!wK5)`@%f*8u$#zy}QFmZ1sTsbvB?Xb=`b?J;;MHfW zcGZ@27cRav_1HDGZvuVaFh}uzMca5AzU5HR2CYEA*XQXAF9}e0YHWacu@7g{kfJ?# zv#s7;v6I(}RNnaR??SYF(nRmQ1EzQ@);I{n3439`f2mJNzv3V{inAfTv$va|kC%8w^J( zQrhm=eJj$;b_O|_gMLSivcQpRE7sQvXHYa~>;0t4v<`#uit>(vn)4Y6A%P4W{hhKT z8&Ln?$th5Wyp#MJm7h`{NM6w&Qh}D8;%Za4X0r8kRrnJ%G;&Hx-g)Wl1!B$#B7+tD zfK>~ZNTzQ3oIS{)zj@i*OWASPr*)=(?moTxz0h$zazW%l?8j~;YWY&O)NB)N@IBz? zDooRoX6>h*W8n zpJqr%48WX_$%dyCztWUU=izA|KDEx7USiZJaTQ57nsb?`HuLB!-YJc5FbCU*%S$C6 z0b1tx$eVc(3)07G9i{*@>A}#jHw*h#u>Mm7a79E0`LMtfX=(w4RZeySM9bq zm`&e6?1W2J}Cvg@gwC>jp!h{HevkP zWm?CvwQ*6RTAQi1_q*Bb-9diu#g9JIm-kP3BMGN=oV{>{GAJc_;>2mvL9L@(oHN32 z{|Tu5;a`EmKMeM}um)^i%Th-Dvle)TokR2iAi#8D7_dt9%8*^bqe0{T6 zE!0a=X&xo6hwls-8SduBw~-D`sfyUZ zlEE3Ae7BgQzww>NXWGXdH<1t>%%C@bEJt)tVn9Guq-x_|>w%Q`Q;nVT`xk@hEZmx#a) zlPtlC7sUQcEwCIqp(k4r>CVIJF_c_=gFSPFkzRq}kEhT+6%y9N>>pD*h|?`!<%dJH z!fOF$7hY$r%%h5K?e(C>E*C1NEe zMNFY<`y#9$Uj6aL)et-Im~TjjO$&L{G+pe35-?$0Q2(ELum1~R^MCsP9}vv{PUxe1 zN?Z94Dk5MLE1Uh9sE6-tkg5pO>VKEn)E8jc8!7hl;cQ*d=l$pc&bW*<&Wg2Fj>R3o zzJu}5nr0a%!$%Ly)e{^=7Z6;1)p*0K27byuhOJ%r;s~3*4yjydHMo}3b){2u%yFR& zyI;w|44r-IlH*`+I!K|d06NVU85BX2saOT;P*6B^;nUAkn!*^d*4|4(;@;$gCKF0y zL#rbKM{PBMZ|+J3z~gbCXRxCuVJmV~6lmuq$n@->{Y4CDpZ+98gJnxL%6wL`1b&-9vuLkXx z_E9uVQFm#pd#$a8u^Y?dP3iF|h(^;n^N?Psk9et)MhedizXuc^ZIhYr$nQu;M9jV8 zI}W$Q4MmdNn(YGCX~`49&SA97lzLjcwSL}2|4d>5zCqY4Qnx>L|Kap3w=>sVbuQwu zbb`kNnIk&=bKDqFgV+SvwbtACqPiheO*KEU1i^A2j3-<(DE&Tr=>3fe@7lh#HAL*p z2s*%VkTS?864L|6#+T?+z`{t92TAqRV4C#vt?bQ6jzDxm@W;1uqHC6fc8ICSnXsv%+X$m0wm?E( z`VSotSXY%dp|+hDf8V8BmGwwW@hMHQUEKy;pqp1!)UB5MG;XXBPVenc+YOt7n0tc< z`WplRnM_nC91)}zUdm$xvWZmbzB0;MoQ3K>a3fHwen*qJa^_nHM(>QT!wC*vN_X)Q7smjrq#=9 zh@hrhVKz;vAxV;w)5&(kR^h{uHz^WtK(Ggya%vE8QT$L$R3v_+D?&c>K7G*eI8`i= zWzWW3t?^-ReHPCc+TA{5a3extNZxRWqi=uj{WR=XO96`3qN5clza=~BOI>=Ycwk7( z$O`5`96GtR9K3I&{F;X`JB@Ys6J*ZMzpM%?Pt zjzNio`D)V)uty9>N3!WLn0;hhe#DzduA>6-dU8@u%Sq?;aeCklgBj?S?vaP1B`NPn zr;3y2-=l*_^xj%X+SLK07sbUk`s}rgCJ}364DzY~@AhMr=$ORZg`ZX1bS~^cCYxI^ zw<{F$K~hs}Q`fLz4Fx!p^3MNqkg6z2hI~A1hj+ztDi-CH8);fNW#q}C8+IMC%g@dB zqmG$iVENqGan8K`GVu!O+gMPx?EX0&12XMfrAf)Eal4=G`(F?V{%c4Ce{BMke*{r^Xvv@_Hc9@QCOQR~O<|0R?ouMy+*_yx59=E#=9CKrHZEF-uo@26FI$gTLzg z#}WJUOGd|+Hc6>b!t8+*)>30cs5jeFJTsReUKUR)|>P@zv zZn3~EdjntX4p9RMgErx18`Lky=M9ht{Z`H<+I+i>}TWs_( zCR(b2sM+#`*}6j}5;gm{4iq?;HtCbPAum*)h6|l?zMFoD6%*oY9%S9??CdGmIg%WT zo^926xV&UD)%mLVJ3fwV^^T#-;9kyV#sPtKfS}s`;@r)6D?$q2J2Q!*Xco z;BfRHbSvqZ*Nm;W`W$qJC@bEETzxeNEPyea@z_JOE@)(X_|q?D!XS6J*G`AL^q||x zw(RBA#W3t!CxLl%jRi-dj*~~IhfBImrtS$nTqe)8GjV#78>ADzAuvCLZPefvT1Zq8 zAK;HiU#LoXS4lq94lJTUs!){eezU#ZzW+xd;mNdb*NYFAkobD3n&81Bb)Q7*{TE&y zxf-H1SWC1$`dnF2$ZL^9jld_;r1l*5co(KO zr|pHG090@oATj+~pVyO^kjkDvEvf7r`_DH&{xQe8|89ThbZ==j&&!r_spwS z>(7z+N9IKCBPQb0e zws70y)%+a((}a(!kgvU%pTeAu`MzCzyn1yxOqa71y+b32O3Sapiu+d z8_dSvJbnW(=UfKf3K%xEHA^9C>UW1ObvGs3X@?#_r|?_(XdaeLA21~t^S!v`)1faW zJXHaHs``CE!;-p?n$L3cPZd%wr`#|9rS%#pZz>*-b~HT1O;9`!mHRXR6~9Q~WByW; zJ}A%9x73_vet0B z7-O*(y&Bm7JQH5y&Dk@BKp4$Q&{MFhLpq>)&TeZb*ZlQzAW-xbRdC5?mdR2BA3`5pQIiJy`c3bCm9IzdGYdjh&`@8@hsjN$R6Voz!>P0Sc zCgdw>%WWKA*hB( zq@eNNAgI)T2SGi>u+evgV=*$o;x6mf6vOiSbHs1cm5oK86M+&U>;XS3bXC6>BL zyEbTrmugdtXrkzXXS$$1r_hrmW%{aiY_o2SA%>=7?>RS(x>O#qdN_ z)4ATHPerJe-nj2{MC2vG$CY!o(eM>?pI!?F7-rG$LjJfI%QuD3TSq?mRpAl~4F4JX zn)_L_k$bbEV46Ohi_z-Z5qHqL8rf4AQFU~gfN;A@xu9XRGCpQUUYT5s;cNP%%X)co zfg;aMtvI|B_CMnLE7sgfscUl3OhC;HLJ68%z683LvbMb+Z-&+(XBt#3 zj}?OsoGKEwbe7!2$5(Yq+_64$iM2&1(~?@p=l8m_WF4lTD#(fN*yVku^j)?I6ZiGmiOi<< z4|>YZNtx(R3yue{;N;YmKT`?cf|gA#8A(b{lT9k2S|f3)6DALwS9#!Y(n7PSLfqKs z#399QYkNQ4*qiJ@^QNB8N!3~OO1x$@K}kM%uxNq$yX+d@@1hNxxrJ^egUF!y(rB^a~w^hNkPeB<}+gRmn-JL3* zuS~8xcF2?ql?>p+rRu%hH1S?E5Gg_N3avy|yuNvettNe6E;3J|lS?G|yzI*#ta(zO zgVd}AEx87O({qko(04>ltfV!%&;wrO@(mK3U%LCv`N0>#Xpp^Ew~3$uV*4m}=|*-t zc|Hg{Oa~dzjP0eG`QjSZ%E??{=SR8x1uA9MIc`O~+yxX+dv-;|oBS@L&>xZGia~X8 zyR!$sv6|PSJRJSNXz8DcF1^kWzt2#UrW;H?(Q>C(gQjxO-RyQLP5F!e?x%O|{0F$6|I-5Y zD(PJP7X{YnmqTt5q6kCIar*3_jGE^GK9QpL0Ok~8HbCQ#(gci?03UUG7+TQ+-0N)& z50%0Kv+Fx^pVCh$&A8(`y}9QM(^m%CR#`0sxUFGDgC6SGDi zsTr?Lp2Haqkm*1X@Zs+=G@Yk3cLhNxa?*1)@s+xby!N zA>zM5pnNf@o|sL(V3q?LrLCkH9lDWxp#ieV*VV3KS$wTGTMJ&E)=j7@sY>)9}>;zh3?B{Z^n)7etlyxaA+&Y zVgED9@1J|@KOF-8-x!DdW-h#D&~Bt3X|zuQ<+d#G&Cbri3IgY6W8VV$`f<@VHhC#< zfaQ63iV>)j#l0KQ@Mo*4eEw4w>~OibUiDKkaj zd-_+l<5t%Awie6Y!$)O8SpYJA*{JVTiz|lArhH``uKg?Puph7vUjx?RB^z3rHq<@9 z&^;fE@r)(^_NI`gEZ+ONtnBr#NZ{i}oL7NefghidQx}VSfsrgFB~q#@BqQnf3FGfl zYyw`s-?EB1NnFdnR$HJIa-N@;791f-H_H@OXJIUK&61PG>TAf0xY0ahMJvlveS}~t zLK9oH6$C2OI09O!_RY z<5E>pE#JApd1$xdGyvYk%{RX3@Yk@W8=-yojCr*!@6Ud8qtL;a&1{q?OxdQ`@pmO% zk)k^@8jmFR+Q&jA1#ig`?M%+P z@OQZHjHgx{qpupw0u{@i%XqGmmSlOXEEn@^W9fY4sLVxr zl(o5eoR{Dg67<30@=%Mt)m0Z>FAta^?Km#LiKH$!j+EqiX?G2p*AJ)qvb(yU^)`(GWV|6_y6gG?3R{8%5j2+lf3dv5w7 z|K>0KT;>m+K4&xjVE7|*D-|tZqa;D3+~)-lw*kE}s%3v@t+)6)0F6Sq1FJ9_hBUs= zzZHoBB{1zuPzDbtOVkc&o!#OD_(K2u?}FG8Xtu$i@+kTSz&*Z{7XBt)2HumP%(1hV zw;f;%K%JuO*6VC-1bR+@(wfw@Ghg77#~nKs>B{b&q2;(hC>=fPHNPf_F$TA}i++&( zL@9OT$+C_5DC}y2lVB+Ag{NQ6nUY_97an?rireDv@wgm29RSTqR#;Hj-s)0X7rfd@~+T_c4kel0lAeBu6|E z3pO*JrdW;yzi^*a@?hZf2CmZjF8Nqfrmk{QzS2-a^;|`n(v6^Pu}eh|EN!v@Wssxl zGHikc5U~Ccam1T=oMBK(dRx%n0IZmjTk{1jv<cUmTaXd2T8)aWcdet;U1sS3%_ySPBu*^jqF8btq&fkC1kQ4`{+VM zQV3t7t`ToVnmO>@epI6zPxffW9Jk@uNptnl_X&!Oy|+Nvg}w;hij?1_OvQ~_UlKSs zLTd?-=*+H4wn|TdDKjC%Ifh+cAy8>a@saJ{TgaWiHoF5D8P&jZ9VcWYJD$>a0UGaf zHgLf)=j7K@S52`Lygn{E_AR+~l@;o+A=0cV56vs47+R4RSVL~^z`5wvynew)VB#qQ z#HA@9fIKfr zNwtp?VTAq!#?tj;v%8od=-&bwWC$=^q?74t1be|N4qQ)0A!&`C2WX`q^N=S34fpn& z5#PK=t!P$x10*1&ZBA&fneCo^CA(}TlAmXUZWNh)5fIJ@cBK^}anSnjt6Iu)KBrGF zZjdtHzdPjxP=}6-S+dxcpDkwlg$%rW40ghMOY0p0OmLa5PCx=qM; z&`Q!hUkRyqE+P%%XZhDM`HrW%%WTY#2-Z}+NqYj=q#h%sNuw!k70Cv_%T$pZmwh^F zN`MFQ*Dja>@hxVRAis{4&=w)kXa>amX{jEmx24xSq-vDezayC|`mXam5S88KJ+DiG z3>}T~)8EQYb(^`Y37n<2V*4Wx3wm290~(z7WCmKDpw+=@$S4Rz4)k)>n&bnHrr3AZ zJiR(=Qu;di;AbFZZ3l(wWi}JziEmY5rMAU*b+t^TV1aDEi=pdY+Zx;;QOd!HbR5nXD7I@(@1V`@SD zHu*erhW2sYyLvsVsb|P`QJB~qVG7KkNZ0WO);)?s&DqckJ9`qJif#D}p?B4T8hA># zyeU~X(`p{O7CHYlOh#Kv9@#cfr_-%LSdce<346f}hjl3zfr1IHh7SEE83)}1cgd@1 zY78*UgLr-dV}>824RUw1nE{|f=QK%>HOvFL^n0>3=ZxZ@5i2%RvuZKXlW?Q#1 zO~>f3jhY>!DX*CfW+H3D?=pT^4L^*M!1*3V#~n$t@2+u#wH~Pt#Rmd`)49Xe&vfrV zL&q+D@G77qdz@QlSBXP_kBJ%w*O$Vep#>&Au(pZ57H0lKvI8VKX5l^8@z<@02na|Z z(v7A|hJ07|W0XL#{4hgll*`9+Dp1uCXcx)b@)@5QT!b)h=tNxI1v zx(PQ=j?Wj(3xg#&;%y=a1UfCC-!>UM(a~!!P?<>#R4vpDe7j_p92&H5ZX|GYJQq)k z0nT>)Xbq_qqQN2a9&nh^Jz>s`iKjiB54RK5o1fe5T%1l?4xiBjU0-MQAVS4__IPd( z^ea$|y+bcih!j{2JA$|u7p4~}wgY>2oO(}=DLKyc__QbIH;&_hp|Mqaw6A@!&U#Gt6o^lo-K~ zrvtxJs$_RLTom=;74A6$nC$=}#6bZ1UnF*|T2fJ2&bxu@Tg}OuZ3d7^{ts~coG+{b zd^~yQShg`vg4&k!P;=H>H?wjud*`4Nsw&7+vY9#g2zB~6war6T7=+w>3Z~0G9Q{h-frxA9ds4ODStDzG z&T+!gaJ0~g>^k@E`r)zVK-;Ay>8#XMT}I;nln$^$IHn50T=E$9y^ol3>FdQNB-~mA z1BlE&^w12&r@LHgy#jiLBXP`5rX9k6(9_@6I-j$O|vSK8TZ4; zE%AxF#!r{`c-zPB<%(_uGK3ZHz$TwyI|dg#Ms>Z^pJ%Ygr?-i$@F~Iyq*ks9iGUj14kJ~tN%KzEj4cY8_)c=gNZ7*Bn^c|9d@ zNbQZJ5VHx`2`M9&eu|~3AxlnO(_-{<2w3rqd5VSYZ5m`_Z_1Po&vyFoO@1)jInEl# zS8kB5=SSkB=h+TpxuINCG^Ao=%0r!r+dq1IzCKuQMWw}e^}^FQ@pZmoj7ar7TyJ~> zooMOU@+uxCYoj}bc!xr9K%k`9@42KzqTMpo_?|O#3K~rlm(F9d--~d763i-9Yl(o^ zvMpE;=jEnNDYA%~BfYoGD4xEh42>H2YzO!Xx?u#>)1gG~Ah@k5+ebYA7}b%X&xSr3 z1E4o=HHQfnCWaR#`tjo;N*PHzDY#tJVHc>IDohO{3kg9Wj#|%em5diS^$y;baaI%A z06FY$J0KoN2~Ox1byU#%W~FxPz!@BeUUAwfbL+tfREFin0D&G0zA%c5O1S0vxDyPh zVtvk$(EP*7l4L)X&vsDy4n?)MhxgQo)E6g_S?NaJFjZdc&`#VSwh>&V^q1BKbBQSz z;Hv=lydzovElXQ}p z7wE-B5G>PoZ8Hc-s`y$z*=nE->jRB`ec|(yP&RAe-XRU(80L=^aYeoGgaMUJriU)#_q`EB94X9nEr zrA3elW6Vx3ZA{sn+$evf8NGE8j)C|mW;G;FIa6$BQqeWcxAwYFbxf z_AMt%`##Ek8Ox9G%bl3_w~XgS59x)%pQ%QY6xe^Kq`-O|;OLm3qCmO`P(4K;zll}I z<*d4

36|LqAGt-b+S*2G9DiC`A~>myN{iAt(u;p9$g5U|-*rXmX(T6Q8lF(0XM& zTF>SOI9q?7%f>~TkZ)u8$LVX3CH5uS6Sf-`9gtxMPDxqcjB$Cf&oa}!Dk{lM)g8#xJjj_@`h^Hy?xE59KT*17;QF1?ZxHpl#%2h(vtV9C6it9-V z4(yCSz&&8y1(f%K=n6;C6=_;Tkkt?z6pHoYtd#{Co;3cg92`euAUNmqz<}*uXR`@S z8a5rA&QAhbnVM}C(%*4Hz7fd#kPb^upX`RDML0n5*i zzoB__LBlUtYxdsMn0jx_HgC4^YH%e!F#s5urb1NRYj-?RmgM-CBf_6Kc8a>oa*S=; z#8VS(l@~}ob^u}6wG7yz?=tDJ7?dPMsvLk-1Ah(RT_{mAHF~*2?*4&dWkGjgDbTIg zo88M>CJ8@EhqW{~OHo8wPrC?7CD%ZE{&a`Rm00q$Pzr_} z4K~;F`ZOvN)$h!XnPv-)2p16G5G*9|&!s&nCt1sfMiem$r;=U2?K0r;o|OVx%crl} z3dvi=^ku(^76oz>PZr1(b&D<&ocQ_TEy0W*CWJtu>QoAw6hlR-9P}N@4#}U=O*Mj& zo5$QktDCY2R3m{58g{~_V)k`Oza_W=C)OwIXXEteV(NgL-X6TObi<s-gp-($}5xV#5i#;s~Ugg9T!f(oJ}{iKZ@i zu$UKR-i*4}KNkP$i>fdDakTT>@)S_VNPB%AH~`OkFH*Z^e-_dJkt0fn9gd3E*6moN zZZ?YHrJV06b<0m>{*de*{+|~kH3QvefB@gI6j_V0qDZ-b?3y~SYa5fS-RjbR~9v>VYE;(;2VPM4AV_>`v1C)eTD5Wv*FQy})JLZ05#ct|jR zfIu-~-S?d|OCy zGGxYmH?Q*xASG9cG^86^F9=XlQ8tyzXnX{pV~eJ=Kal?K!A8~W)`$j zd$}|lAXSM@U~ka^$3kJyKR%v#kR1_K@dMt`>EDkVgy20 zAS+#C;rkMQE_L`KxW*7coW0u7_EKL5`z69dNvXyI;2aM8-~oW`)lc>u4`G6Ma&zm(Oo-J5B+{GywT_*Eb6*gj^72w z4_ArdEeJyq>anF5=HW9q;%?ia&`VFDN*cwDh%W(R4>9tPqztKN2RtzQC2tPESglN( z_vBjQW~zL^bMMqnJ}7xN>h50n1{gAdqy^%_%q?UtWGOm@+r-1v{gBbX>+w$|zD}oU zj-BzU=q&g1+155p!%-P!6hEExy`UayI@$0DSvt05FdrJltsR|i`d+Mq9=0CF5KSj=y$A*&e|uEsk< zT7LcI$W3F`X945|toz=SYCN7!+mkfgR5gpB?+2$Nq8v3$o|-)bd;XBbO+=sjDn^C8 z_M~Z6cD^Z?1mmRo4HvUh#}1h#ssf|ujYJxkrT`rjnc>a&bn!-ic7q=tn^KM3DFC7n zld4_kpxa!Ml52QYCpff=5wAWIu$K6^PaN=xQuWwjWkIeHW?H zS{jeKRoBoNsO23sx(=W@1VzG_vQQzybA zAiLMqB_~bQYOV#5n(Qudp`H?up=Ae(Fn>vR6PH89*5D}LAnoYe7p~Y(E9FNVoI*7J zZf}6@Jn(I@fLa;W6f;0-0#2b5ev4#k^4mhJSnr8=tK>CJN!skTk6Z^^Nk#F8KYz`U zeoHysHdp0r=Y?$Z@bKH7@)^7V12YRC*_(f&*ygM|OJfT|`HB;bpg!)#@~mt21U137 z;MgFfW48G?_U)urg!_Nt+3mO8ENI$8(rS|QRmX@NN230>id=4~mwqMB*c>2=g2B9a z%y`Kg1K}NTCLewcsJ3+J1M5Q?xqoA0elRt{LHvG67EQeu?*IULo|>N+#_wDbd}bT6??i{)y|A;TaO-eG}N71hl{eCj$cnP-J!1mnD2B)^wlOQ<>*(l)$DvIWs%A|vUg^3*gOy*P~3Vra;O zTk#{MYi0W}ab%?u_T5nW2V#8I8d{es2C{yG@Z(FlU)bkncz?Tvl0GYOQGJAkrotz> z4a1UB)HU+PF%ufl9s=92Ms)#byjqYTtGUNIZgFFFu{=u1KB*HD1NL8>_ydIEU=m;( zwb}?Km%x#?iNlWX($q8T!$mg0HkS5awz_!3uFpsryU3tk5HNshB=xBZsmXYm$l4WE zhazdNfc_B3R}&TR_6Pdg#lbIKojmQZ*RP`Y%Ln-BJR%N~r>X%WeNeO=50g9x?E*S0 zb(oj+kodwr+lS@z&H3UuB~{qzNdDH+D2(C7*@zoaqd5-;`*s2GU}6$^9WaL`#j{Jx zOWU)%`l&7WDs$xpVQ3Dhuq(^N;6M_>g; zu9760GX4hCq!^pqzEhwc3}jwRW8PdPookaet1$+9A8}I_Ql+l`w$iuKnOmrnyYpc( zIAzdCP!Ox+LUPs4*53jjYu13yVe_@%neB(~*w1VnCOL#&nE&M__m?Vxj=OJ{$d0>}~Ge#r)6AITST|Km^m#P<4(zX@^r>D>#}eh{N!YiMbk8-|fLYVH>O zyfHZBrJF5TpS7B&{!z4EPD3~Ezt@XtU-k{ZO%Pm9ia{z8H{#tOTUf+&9xX+LI%>|v zxLSKLQfC`CuIBwEUW_x^PP#p${+B1-xr3lJ;EaL#bfN_Tqsh*_)-M1O zmp~p(rTq@~zm7uu^@&_rXarK*-~&>Upi)Te*h^E#%>q7GF^5ouikSyOagEaxVkh{Y zUai{A)KyEoPe}*i$>@1-VlwK8HXo2|NLgex0@K*pu@}YJ(Diq|qR^~Bi3JU1UB#WV z=+tBEZM`Y#MKq-C@4<;5#=A5#a=28-eh{M*TA)suA2N?HQN+0{Awbl7*ykbk6EEWW z0SKtkG}U^A3(!_?+mUU#-@mIxTGn~rCl~j*q{y*nx1+|7%cX1XcN9|-WG7sgw3;kt zrJ-luPB9lpfz3IO7hI!(h*>er}EPKTv~ zstHj{p1nS@`LMPBo=yd6~MXj>K_Nxn76Z-w{IX0bJ$8y zK&@jLn1R3sZK1yX?raz4H?)q4-D&Q6{7?9{QSE@6FcqSY1(qc`D#?5XMe-NwH@r#T zRVrA1$%ymi=@m(A9&mr8ppo|1IG|z#f z0)woITi`J247Pa-&AnZ5)(uFl){^&=55?u%+Xj=(@Zaf6%#?*kpjCAdfnYL-X6&Ds!L93vs2KOjU=7xovIO$E^`yN7YrF$}_fx2U_b*$V${F^aMSM46+ zOMMH7=2IY86TJf2odfcvV|2+ds#ChtGp_2haVz;8;lMK{tj(~&KE$<$$3WjAc9 zK}&rgfymNAFG1Nb$$NVdmHi)Ao!7TKj-O7@5eGoE0+)K)G6@+g*5ycaKA1;%u^Q;y z=Jn$jr0pHr5xSASSS&WoW6*lD1A}G@51+BUy-jH`*{^~;nJtJLu69#<2VlCw_1zE` zn<)1|b6;zz?}_0FC0Fgz`s#8@mKl|)Z^NU2LJR4DF_31QQN(++Ke+*q>!17^hU@0e za^=LoRia2)>oV()4B4R}E1tkA6C-(w6k|MqHpjl;lUE%T`wL_LPPZ zi_?WrLQ=AQvXsBRF-}pf4%$*xPZcgGry)JW_~WBHZOm;S@D4Dfz0S(jx#xSsZ;k!@A^Pi};q4s09PW)uofkH)lRaXJlG)rSu1dluzMy$rqwk z1}>l?Ck`ZT0&*avLT{9BRcTR#d{3j+pq;*O z3~0Vug0f>x4^w*JklMKm24bBG9r5Bg3_8_E6ud%lEL%{+Oi&lp+?)jh6{lBqY>5ZI zJ{9{z1{unbZlaLI-XsVeh+dop@@|g--;8%|S*fc!aUD$qe*v<3hC9pkxNVHy;FXx` zL>CgOav8zcp%8bn{^{dB&;D@|C@e$VgytEeg~a#xD1(+BtP(RT`2&esXY<+c@| zHbOqNSw?(G*Im3Lr&7<+jz*cmmh>KPJvcd~W$9ouuo8~;j!=xDsh5+Q%i_=7CsqMH z?bVWEf_PtY-85ZS=wPL+iqe905i0Umxo~KYKqO!$WCXILJaQTVs7%| ztmhzG+b*$o=J%F%)RRm6?No3-WY&)5M(nvVb2ZitWq?hS=mO$m?O+x-WT%AP2B z{6Tk4dgNlC#=EZtytio~i$7%k+|*P%Fr4IL_uqfma(XTEE^Iwv(+G+m4{($*H3J}I2f#2SG}D`!;VX=L9c^Sd8ZDxO&yqA)i+}YhUl0^dp(-Ox_Nh37jQ0K zNpvtKUH4a_sylAN9=qy-1@ zw5YCjwtb+>>)&|Yl`vui-z1x-28(efN6cj=hM~)n`xwrd_KDMazo$$y)FHO2X8#6V zLJ{$o8^+|day@JY^w=bKK?ADQBIDmum>m8gqxuA-?J;aQwT}JgjdmH zjm-?QV3UdX)@Ff*keuQkQV998W?YC1nim^M`~u>y zu3h2c<%mvr1Z#WI6INVgRDLwyG;%-?AwEi6>y=mtWT@Q#LxyT2`|~W4Im{zIq>~Mv zhn=PWa^?4nLGPu%tIlB4MTpHHuSOUZ_^5iAyS>i$G+9vIN}T^_za-JbPTZuV3yE% znug}KjN>5)6P5=38*CxVW8d`|<}@m#t?&SNm3|Q{GP&4D%xZ*Rz8A1~Vbl=U`>3Wy zHpCNOdv0CW1aP(a8e6T;82-9*p~PxbWay>TlpHX_g)qW;a3m+}tq+${zFxMO6Lo&M zaT#NvWGiAwxR=F4rN3Ucon?Gfq%mk1j%gadB2yB>9x) zv6FL%(DQbvJE*mD(<@LlJ+QkK>yX=$4{k&&)aQICTc0HQt`?q!VGnO>2q{qf)gD-j zRD|sKl^k{yyBecNP#IC(N-~+%Ps#D*JNF=^KCn}g$4CXpv?g>RO1epG2m}Zm z>r(gku$dg@`W_Z`|MAfwn;lAvIauC-wqI@E5X?lIXajybB*&*$BNYWeWZ9Hks03-* ziL|2=!C1+SH2OF^#gLkH^}hdb4!N^xQ$0)$#IGZQRb=k8hFF(BRQhU^h)jDiuBuU0 zU!NxNPd>(mah!iX*Z&d94=M12Z{yVfoOhU1o3(u>xUNrxY?m@Q6L(319{=ANAZlf^%!E*EKvG(J5-Y>DMe>cckJD$vsh8~r#v zY@^|Ou7{oy6CYx)}Fm7MJ}Tf4y7x-$1Sv?@asfR=f`zh138m zaI@7Wr}Qi8t#5r)$^FKmA-9v~lpbDLE8?tv@|G z>wir-WwM{(k^I8jcx}^2!WLYZ4Zr!-;-tr_lx)Vjtqbez((#XKb|A0xg<|K2!8~8F z$3)^wpnx99rGv)&7Q$ZBBt$rOpe*vVVEKsQ=-VDAAb;mlzrx@4ZE(O4fq%=dK9upV zpZIg6I=$*~bB^+#mIduzaQ|J6K(>wUQSdH16XOKO=xR#)7H%e_95nDXz`4%5NPu#O=cG?l4 z1IEPgsJ5Y2#F~DI!Lic!wB(r~wrv}ak~jrNQ6J>vBtUGq^jFEcEdFRe7y>H;dgbkS zbpNE$x$>6j`o8-?FGh<#3zcPvg||K`KGYF;HSfbIe&9o|#u@t{J3D*trRu$JN^{$? zMVIO;G-}ppGt%K9()AC2^?7nY!LOSlyvcu9=Loj@%Kl~(AK%ksH{V@^oWICw42#8i zY1`_^hLU0SLV*oovsjOW?lQKKs*kMsgX@)(S(mDpb9ivf-}XU>{-$gC@^iaR4iL^i z{bdNbz~hi>E1!QICG#O8eE_{oxS#jQAHn~ohV)6XhfFSnPxf9|3i^FyYiX~R93{;`SCk3;DI z^8#J-b;!M5_eU^WkQyV%T}5}%=4!AFUi;jv)XB4LO%GQys{oApi?d@mXgWfwPT><{ zO3-(1mLcWZsfWrdx~Qlp-TB;poz#>H#Bqy=4J#!5C>_l^IPwQDsi<>--cOEY!Rm;K z2;Od1zi~u+$y-`APj8ho7t?D~lB& zJprt4E7B0mu@P&QgfBto>Lcn*C)Lz9$j@U^JsIGbHI-}Ye|cBfXetofT7wyLCf!A7 zJogGVuV1X}m@1hxF>{mlljdh1eVDxp1cVmzd$szb0Z#(gH_g2n#V6I8Aa{Y8U%&+d z2B8F&1&}wIT0yu(8}uLg6`_xfuxh!2}|w7 zpGv`h-1ngk-Y`Y#n*3hRh0wH!lFXL~3sW*@Q6H#Zn!79>w-kcP@4TqEcmbF1>mdx3 zknv{=y^(tas1H~>MB>__nyV;K{h- zMs&WX?=u%k%IRe5jkfTw4`v2}38w^&!v#J+FYM0+1|Y2U7lQISF5^5cUSPqozDu=s zzuGggw-nTjQx?R9jTb*2by;$I_V2=7&X%CW_NpzhQs1xU0pMpsvCpXC12eg^__(`okC76{dT5ZN>{xSyzLjVka2?Y)1kw13{E!0Ki#4pXhESn^in~Tt71bTmNZ%-cfdP2a_=r|FD#E}7P0mwD25mXuZ|O?7s; zwQ{LoEP&a#6aGZXzZqKo%Qw>9*pEu*rH)rhyGS?5C znjlTDkG?&J!=p4v-CAGWTX`<<$Za#?TY$GJN%*~pYRFga$KDnjzQAc!1LRsadt|BR zV@5+-HaJ`RSPM9o^txZe#*=f4)w}{QF!hTy^%!HXMQ(wjKaBI4b(r;m@*o2C)T$do z1d(-w%jQHRH)Q=?gwAET&EuFm82Rf6S)H1A)ZK~|$Sq-x5m<%V>}riW_fhPGo{1T8 z@n~GtFW2;fh*Nm0RJ(;(3fMm14Wjkk$+b;>dDc2Y*H~C83431@z2?Cx#O1*Lj8R?X zf9-_)T<^(x$Nf5R{ab00$%|h%eiUB)pX>Qg9rmAh^ppRyKL3J1{QqEmz!-}sdJ(Ql zmjF$>(PKfSKfk?2_$%QYqAD(wSIf#lZckDp8GKG=*HUO6jobf3@!0L5r{%n?e*fh$ zbCidQ?pq0^JYzh;AL6^+fAftIq)}(${3TPP-EO}+V^`zh#kQ`3>#nS$!Sc?R>XMJb z!{ABBMDu`-@r%}7Vn6B@eFgBgresXlOoPrSe{g=mv3&xb#RwvpQ0F`nQY6!t&+?o9A)DW}+6{&LB-sTO(IgplZS-D_E z-?ef--{;4Zz5Q277y9iV`RC7_h(-bP0}}|t?kFO0F*PuGD9O@z_$0}VKUw;%1c<{Eu7hU& zZ^Ar2k0UI~_mpaPAmnqJU*L#Dp~3(w&=;9bvm^b8Cjs>+|C!Lwrd;Z0WaKJpul4!|u?_{?W{KOua2}DjEOGobxf0X(Uw7vd1!gau?{0AHu@uf+)YuCOOA2>T3C9< zLz1nolnXP`0N_Mf%7Zy~W%$dKP7&%E$wW33-vZ}1CIPTo6{^z4jV49dY?*)%Q-WfhnDmo|LE@0P_S9tn~558|DmQjs( zzB+YVw`TNyFB2}1-OFeH#VyEPbhqkvV0_;}+e&DqDM8~e310~t`LJ6-iFWl_TiQw{ z1FSm{m@pqnqIUL)lQ)A$^G@8*8xS2vp6%(8&Y+CSWiuhHXtVev-?5f03n8bbYfP9N zVv=K);d@HU*08VxZMk8s_gol*(y7D35(#^WrpRnVUEqXr6J(6yVi>7-c31sp)fpho zfKl8t;0z8!19i0M^e9oY#H96VaT`J1o3+`*G0oo^PDxWvbyOlYnbzUTz|6Hl+rWWg z`a5(rnN{0=sq=M^K#S8=TXpt=AT2hhgG%J-!eTP+q@696RAaq%CCR0&aC7x@$xM(z zbp|opGHG~s%3QV|`?eI9w{50ye6c)A*KTPMc5sxwobFW^eSx?^swO^&S&ruXkWs^> zICWmf+ZK2)kgo%q8$!sAyScmowIqS}D@c=9_+J$e}%zojCjPF1y; z&*bQ_?;fy7Y-?7hw7QJ8WHVrCu=E?6Uyk?-Y$IVbWc-R0`}N)RN@>N!t{WK1d!o{e zv`VxOe;G;#G-H5mAa#KLts`eLpcV;eO{K6{H+gzxic1HN63Z2trfEO0$721|9whHE z(04FvBrQ;F_Ii^6;8xdccf2eAX~&!;D{pemb7-i&bO0iqqP#D@&m;EE9uy(Sm9WYI zyu@#=cEkF$t+(%vo-j!~MI4`?OG;Oyna)cMq&EC++BSRuWC}zbdI#wlIj-=L%L$dEgah(oUiSbZJa0Hp&8L6 zuLH3p=djU&E6?!0TM-9W9wyLX~I z=?P>-+7@WMVIjihlA;4K);TISFWPt_!KoXx6|UG04ojWwhE%kt*(kSL%S0t5mOJ2BRz4^@WLdr)$!>t+r)0*K2P(3~lfV3Ayk3y=9jD2V1y81Xr4crN} ztZ`|$Pq)mzrzjky7e9WDYpRo)L$fcXOQLfE!c&gqU=B(!nCGSZ&Wr7V_9&-Rf+~>E z-&J&4?g6C88x&_5mO=J{V$hT0M?+bQIp(OeSK*cRon`oGp&eb{ven%{7^0Pg(Fnt!0!SN|UAn4uM_>{R(%yZ+xQS3Gl zVw^1MO>(`t=knVFehQf6{SPa}7yi^NUU6%R6Q-dB&(O6~Y$?=Pp8 z9=!v-aNKM>W2QVWi;FhlUb|1HPS`$g!B8*zi+5qH9G-4Y7O^wKoy4{2*B(vuY#9Ij z+5r1IHF+dm9!WQ%;RM~5?Cl90l2maqg+lA3z(y76gni)49Y7t( zL~ZU(%$ED-Ti)f}vkrxJm6RB4!xh$UjKy1WEyj1|p+>q+-jWu2; zbfv$s?~iftr(Zs+zmhVWPyhi`*J#R0FXO_c-tk7d2PtV5Z@Urls3)8YEhr&eb+EqU zlEXypmhSkz?Bl_0)rA-Rt&d{ll0I-eKS}^gna5b9X&H(*!UkTWL%78><-Zf!stZcnSa-e$IVw{Ck`O>>(q|mt@0pm zU!rU0f!E<`H8hRV_ezZ~#~e3ak5d>>QdP{dg(Ixh{WZTmQM7$V^A*4v0NTJ7hPc2q zr0wSDTct4BK6X#H4~umBN>$l=et8z=H;Y(g8=QQDGV5kGaDOHBe&o>Vj~`*S|F22t zFAP&n$gkX_-BQawa9I4gNssd&k|?cg)t+hEdE0L&cP>N|lP*mPQ5>9K{@|duS#n-8`jPNAU9zBqLb`!~h0E0{ zxY!nTsctY9C5G0xytWybPd3YqvxZr3nSGuqP?oM$dnx^zL75Osk)^uY|VwV7gfiX&K`r<$zWE;+(c&Tu7k6y+igR4_N&FX})U^VpO;9BMe z{K4XO1Ekt_D7wyhsGJjigxlv5qYrp2x;SnX=@Ut!MVyA;>zIyatD-;%UoCB6VJ7B9 z$9r%VXEovc$)N&HZ&-C`_+VO^&@@(m`+G`xsy~Xy-I+ah>a;#(7fc#uupEa+T;XA@ojg~(*_?W z+rk>@#4qa&FOoM95T02|UDGrT$mbYcV34FIMoCJ2`X!qCQoge!c@rG*Vwp?Bx@Z{n z9`SX`GT~{tr#XKp?#g&!qk=5u5sM1Jdk{}o7sI#!+e_3`{yJwLTq`we4?I{hx!g;K z5~cU~qGTX?KkAD=lmJ^CGW?>*K(mhW3Tw$EH(4kMWQ2Dv_(3Q)K~!q&YpBwhruoN2 zN{_2+$jz++TWSc=Lo$%k@3C7eMRJ*GwVSa>7jlCW0EYRuO#iWENpr1gH+_byJb1yA zroc#KI37^8KZjx?0t<9Ln6`{oEW}WQd_zKnlSk}uQ%ELuW&ZsTFLi&bA)A>^>1L#= zAabz*;}VfO75~N)V1b6%rx3GRx-(p@KEpnD`0)+>6<<w@wg<#Z2{BAb?`FXr9n{ zf8i5^zPQ%QM5AMNm|*~Jhf+%?xh;c&pWt_tkgAs!684tZyVtWipjm^fS*#&m(_2cM zJr8&fOvB0QgDd=r`I_khB5&($zT?r>pu&w8F|M_*p-l8wfUFhs61(-W`tFoCThot^ z5^Q)O1Gibv9>4NsKR|A(cvg;96`$uD)D~cBmvj=ThdP5bbvjYS#(JIaY*PBR<=nHX z+K@wpJHY-*B4+|kDD(#@phQRGw{R~7J?TI=g=?op=krQZtt(Q^a({T@HHUUbTg@k63*a<(}8>>zl@NU8avEG-}UfSdOurzK1l(YBX0zHoYSn?ps;Q zpqE+OH*XSt0!+=rg8i__Q0w}OySnuCb4rRF-@Z@koB={Jslo;SV|s72PYD=WA1%#W zpbW`|w^<-IGhxi!cAlGaNyLSAnSJrkf->cCRj!O0Fg(|a#tp}AB5}wKxI@i9F zydbO^BQ8U6^5)nv_nQ0BZx1X8=R(67OC@PdI!!a;&(mNCd~jOWyw7rH+zd0GTsk}< z;k!FV))JKv?m_Ew{qi!WCnj}kEAHm{VX+`@*vR+;tJTBkT1dXWCCpipBVFl9ll@BA zgAt=!d3<(k;pD`erQgLyp8z=RTJ?~Q66yY|7S~uSdADqfXQ2T}NRed0I0w2IE~K~% zWi+Ld_xsAK!a(j`)fD+dMqhgM^7rYFGvY#{&&;XW3xxHAw!i1*5Pja}s9Kmxv)>CZ zKZdq2<%K6D!*@WbQThg5+*hwoa{|tVnI@;@vTrBNIg-V`0>=i}I_USlo_=Dj8P&cJ z!!9T&?>KPA>&o*8B5!JP@g5jaYKny?pORtdBY;*88Jsgfc`lgG{y<{6wN)=A<9g7Q zuy|P!RmWJ2c$y88+Y@g8J9ZLq5Au37B;`kR@ndeZw`drAn{~*d%$fklZ9?&WPD1 zfozfi+4*u%yJIpmENqrMma03APzZYk&7T^%dWJz7TJ}Z!zU+_}b{@B-_k^j!8CPp% z)HpnG6^^;3JV0cFUtbCxA;YE!dpre@iA^wrD^~@(M(hi5L5=67ivarIkuIWo#K}y* zDBQ_+oXi8%K8sl~#C1P`t)jYijGXUcQ6n(D1}Uk(E}R9P(Oo*8B%t zFi&xEQlMM?5^(6{IK*4Nc*`(v3QO@;kSLxxS!IU?0&*&09|uI1rFBIdUQG3F5^key zClGpilEC+ghjs{pYl)hK&7S0K2-RIureI~9Ypq6&Z}NKPrUXAYwo0*raA1h04RJ(= z@F$_lH)3r`YGC17RySng=_@|ZGf=g*?0s96jM@j#%hY#P@MJi4QzJb2xYn%PMu)V@ zvk#CA!|8U%B;X>Wf%o7QZiG_$84Yatiz9B9{OIn14&S-3be*^D6H`XQ@FOj3#les6 z$v{x9@3>$?*d|9|9K;i#YuHNoEdZg3j-GQ8pW&I!%YU55ZfV;6wrz5+xDa_(-7Iwo zJr^T9MuJgqot5p`UAP*u7Uc1A$&4maccC!8MXVR}s+sc=fA}esR*mtbP~Mj&4OxU} zWwml`;gpom$p|I*eL7-zXO$_}G)8RCF<9xXsSRNEu<6ZXH%IJ~BJ+A(dYXcDdRN2C zlg-+)-fgN0Z563k3l~qlid!7+S8gz1WrN&Mt3t$ZA)M#VVt;)emR}H(r zhu|c=pZ)DXCY+VY8Bs}i2RaQ(h`bLwyAJZnEPWIr4**2Z_serJ5oK?OQ~alm^4n&(Pj27Zsw z?(A`E9xD$b9i>IhnXgwcnUk?A+wcAj9lLb6^41w!QK9j+nB>Ec1a9|5R$|}iep1BN z1-q{~U5N7qZVIN=G-XQ4M(?FaFdZ&UZy=9rr{wrq!ykjLVH&<#m>+7j1$2OJ5q%5Q ztiX{oS0;Hw)52*1BTVJ#%b8YR2a;J|?3k0LZxce2(?QcLGx(!ek^FTn;Gb^$A#wb1E7(f{9Lah&quX3@g5=7N}Z1YyljVdG~E@-+& z7-BbPY9-s6E+(sJq34fvweLv!gmHg_?ApDw``M%aN3!*Adg_1o#!N7J1S<0A1M6mcQMFE+$YKCM1z zsS{F;?&v10A$UBF6{yAd=$;*neg^Jzpjm2N=?yCzdNx*j0t#Q}0Xg$d?YH5`q?6fz4v^#Jt!X466d1XBXYFZ!qd}Xs57XMTn88f-%JZE)@ue@n`+18S)vN7! z!REAQ2-SzLI)eYooDW_L+s5*mB)8fBe3>iog8P+Z-!hbPXxwoc7C zdntoHWPV`$$}sc9DT4}M)CVC`R@&`6pORZhD%m~lKGK!C-FmlXuHq-gXjxTL4bq(7 zl~j`3DK>b;2$DBomWW#@3ztG)3Q?bEJKpewctP_*gcSa*e)DVLB?qpB-ADG+!<#jf zB8SkWjpmy$Dp`M~u6nK+#J@j~Vc&gyvb7iH<4K6EMFgdvX*jBolva|rD?1o4q&Lye zhffFll8;Wv1T=46|G;t3dXn>B)SPk#9N6NjUg9?oFx}hQs0$1=wE(%Lr%<$R47KE> z?frjOtp8$N==?D4U;gc8E%F}IG{dZebUyUSL(#9Ht56eHll)|iRTc^N>$CQN2XC|; zu!Z}F_!A}wv+4xnWt01QYxOysU+bjpYBV9Pv?7LI$+H?_U$S1Cu7qd!(k&jxp*Gdy zyIw&HwWuPK%3Ns^yI6UmARl`6L*{e~7Vq-vXdV>trO!I);N;|R<@@*TyJq#@0Ktjb z#(QG&UG%LVGTze)((czBQY1`+?%s?(0Y;Fq3Vl9q%I~{M!;wop=O`s2W3qqWQEgCB zHG5TMrY^GcmgSK+uK28g*nKpDs>)>pim6Ic zh`RMINa`2)aX70q8&=1>+xoY7NmKzWX$}P)2bF`g7l0ee!V=8o8ACFP$xIvkA=7q} zw|Q9$k437X7P?A`=+}I;I2XzVuNb_vJM+LKouF)*#?pz~`$o%Xk?^~V+$^46V%uug zlsF*jn2to1P^w`p*`sZx#3=G61nQOjORqIAiGQ$sOuCeB3WhAXHk{<6ur#fh0T8GC z|MZk?dBG_4ub|f#-qnN&9v0R<4(6hxCxRxAHi=e6hvmC4g8k^kRQFr-^j#oPK6yD{ zkp8q_r64%UrQWw+TcAM_azX65;kyl^!-@jqx(1V)m?fqGaZ3Ez9XYqG6guPjm|0&K zb<E`bE;El@NnU%Qk zFl&)o5V4Mh4_Msq?FQ@IPNO)A{{ ztj6Giqq(?uUpR9j!13y|GfP7E9)H}sXS7IGx%NXwq@u$5vAU*uZNwGF(Oe@(FE zUe*{#JK3xc9>+Zj4_Qtk{T9R@$7}cZOy2-Ha)x^2Qu> zi@dF5&^$OAbsei>{kx+Q7!nu>wd}3KOrf>YzJw3V?v}L{CPAcEIQb90PoO=ivkh6h z_K(umv_7PTOkXlf(ZI)mR*Dm9@Gn2IcXta?(bHVHTEn#8Dks0 z?jL8Lc?+v~i8qpv#V~%;`3eECXFfcvj?%K|NYfD@pWK*+lit*gYLtY4zW4+g&pFry_OS+Z8Y0|Je z&xb8tO+C{XNJ&09U|VuSP37(SV80U55kE{W2RAD}A2c85Ff5(SmkKk)Xog?bHXflw z`q~-UTy^kGPMYr~bmz#TTijCRIY~M}ag2gCwrGgR@hYuthsuXy|_{DGsFkC@J-e_|o|p>yK=&XQZ^r!%RXae=DF8wV z+KXh17Pr@hgpb5c#$E2udM|pPnbf{{^7nv=qqnl9OZEOs(H}?&sy7I207f}|JxGN3 z9V3y+Sn%|4IbDw{yt8tg4f+gzc;`*Pvkjsuhc;%HR0RY21 zXRmoa3m<1aRO;+2cZm|i^n2FJP?Zda-IO7iy@5Kj^>WC~npfXKFCOD(=cf{KF@+*{SNF<;;}|5NiMVP$^AcLR)gxwZv7mGH$JQ$k zZkL$K*C?VIcwB+^DC)3wx9y0Z5_ z1+}@gp0Y)Do)FGbdOh01H=n`4!$@-{{3?p^tzVC0z~F)JlQfB_q`RI@up465Hy$SucG@iFKqzmhwZS^=vk z-(8Z6%YS;$R)G{#f-`t#i=q#Hx^t}*=xR1A*DTr7qY*~WfH7zIUq>ulEacDKUA+nB zr?hWF*s{2oH*Oek86wn@P40An!4Qy_qt9huR8MHJ+T#8z2Zq0YF0;=NgOK)hw&5I4 zKmmd=ZY!5}9DK8r?IbwT^JZELoy;2gVpnhrFFpJ|=`2v+;U&}V>c|>*C0--Bx6cpB zf*{sI=gHM#;)%uQnIG6uQnMDkEf*X2wfY%^wr>ftdDF*ZrWyj^G4_Xybp&d^V~XUW z(rnk3xxw7R?gFin-pVG@wWUFX0`RsdtW~%ssv{~O*F%oA6-n8^Qg~9aHnlULm)K>y zGeHHVI^limS3ckW>*uSPt7zw;o)^-3SZQ!=xDR(#xyatl^Jb_$HPyMC)Zn<)WCrS5I*4IA044mxCcW9%|cR0j!=ai_m(7i~FwAJuk7Vz1h~s zD4rtb*s9!fA3tLj@KDA7FVe(o!2=(lhly0~6=T{1!)5E;4EPfc7e|a%Py9hmHjAWp zPX=UZb?-=AHd8%UNG5E@ISN^P$J;bRz+nSpov0N)8I-s{%L{7k&BU6f0t}_Sx-C)+`lX$nO7}=3FtA&b4>15t=&RO`1X8f8pxHfD2b0>)sJ} zs%ZMu`p;K`nq4~sFBxE3r;NkB8`NG~ytsOo`-Qs$3^V_b3D-Edel>H*%Tcnh&q2c6 z!$;NW8F7_kh*uQ5MO?-D-d((!CB;ZQn$tbsG`$A8>(qx*L_QXxCf8`sWG8j78u{A`&k9VO_%PSzS(h<;rS}oLa7-=HQKC9BO*JH67wBD?Xq^XcFROGh$ zt3VV~8BndYdYk!a9OWpne%EBCkUt$gnGa+`hG(+X0PB|Je=5&(p*&#`70@W@JNx=f zG%9+gP@eya4B>_ox}+~P!A0ijU8wpR=pM(22RKrE{U)dZw!WK@@5*9$`MtKjLG}y_ z3{EynmkJUr%GV?t?O4bseE&m&*S3;QosrVCh73rAReXawMQD#)R3I^?Z&znvrkPZJ ztk~Kw8>(5bO134IUcbvMadNfV0h_?qTX8Naau@(A?y0SoszVyQF!m-l9PeoRWkG3D zIoIpJcr)x&G3j#|)vhx3kN0JXQ>Z}q5d2I0=NR$F@ey<^vAF94D#1}0npRJ~O;Zw_ z@6EYpVFC1B+*pf~ZK4-54N?s9p*ttJGD)){=!62$(~C++J{BTQP9&j(73St;hh%fhm4y@C+gY+!ZL4~QXKe0 z=65HBdZvWhMHyQ{X1*C+P(5ClR~z6FBwy=?_0xog5~WM~=eEa@YH8|U#oAAMa2~a) zdRdS2MumcE_q=aCIa`H-CpB=-$kkcj`p+?X+m@vC{ySCUL`;|1upjjfm59*hkJqxd zQC)cK&7&;+hgd6 zFmlvV>cbZ}%xQoSeD|uThiILF<$*Dp@=cF9(w3dq>ykraqQfErwpm(v`DiNhnKAI< z%(~DmiL;}@jUmr1=bzd5>Tlj3BA6B>%S^}0ZAZC<*m`XdQ|XHadkilOVVawN$fUUP zF)=Vjf{fP>85sU77q*tr#bVU_kWsPEak&JI+kTw~B$-0rvKVev7W-`3`ve=H{wz9n z#Y{HjK$EmuAU+5M13V^RI5wV{^843P69_+t$x7A-?Ic z$f#QL;;FTct(r(^2S0%Oy_164LQ}$F>RP=ff5>cH5Uh&C;(dR}e4llRnBEpE z^I(d$9N1PI+P3%TwZbsJZpw$BW#H0v34RQ&Vh8}|mf@3(JIVSfl1Ur6q_ zjGB4;qRT*p!!L*Gc}+ycF{uJH$QylvjqOu;k6rI&j(liIBdL0u^h~>h%e4;cR}_XaU`r(E(Kp6SxK?oCvq_{nw7#px6uGR7 zk0fEA^jaZ;Rri{^+Ij3eb=63#nzT217Dj|oXV-_e%_}a4P|jZ`5k{|}v-Xv3*LRgA zH`%{$*>cDhOPw5|+|BJov0BG`D+m525q9V#r z1X2aXijX=GWW|Mu6eA9hnJORxVq_Btd0hyCkP2!lD5;)f&*>TMcR+!Jym|A?dtA?bU$@`kx>Ab5anX|O@11*>iywt=CHS>h zlxPF{2zlL}G)x6}5U|Z%+VK#Ni*+1`mEc4arZ^XU(Nci2#|Os07<1O5nwwSWUn411 z`q_-H-Rz@yKXxhsDp}85t7l%MXRs#S&3&tUxn}$sii?Sx$f-?GHxX+GC}FB!?WnWz z>W&ve9rcPPO(NPbV|I0HGH`DeZH4<-luFbMQ1PC2UJZLK4_n%~kN%2rASb<{sLl5R z&!-jHPG03=RxOI?#c#l9fCe`s>GHrF4(7?DK*fg4Vxm&Z=z6Z~9o1pH%EhW((O+B{ zVek+3?p1B8ld1$R@{VdiCVpqqDa>FgK>-e9Ng(9}dtqZ{xTksJ?nZA#`@Ph>To475 z>R~)fK{9{KbNDo;?BI{8rG;`Xu9S{#2|T?urY56-KQ6y-12tkMVke{~9l_QL2K4wh zX}s6u!XrmTMQe?K(`^6=i@LZMg1Giww6b+L1sEzND%KMW6E{6fhBNn*k2bs?J{W-0 zC}H`rpHauA_y^ppRbp*CsugWHzSjw-*_iffP=uXJ8+PMRty>FFaRaNMlHI_RSX||l zXy-h+M8RW;lBrd<@V+q*4>hxENTJgx^9HXvDd(tn)4Z64J$IVyY-=CaY&dXt`|gAL zzH*ghwieT_p~cVtkPecBlS+$Zu8f#Ynv2$fMCxO{6YkQ^QC3EsOT2bdLebf+LwumS z9V^R)0j#qzf$^1z2KQWrVcv>wsneIDUh<`vtTk|}yf=oozdw;G&Vx98Hw?B2u-U={ z5!xl%@H$OM-WYsYPt5755r`98+;jgLs520$I^EIc^F@@?2s>P_2(LMyv_W_u?L?7- zebC}SOsQV=4&1;v8g-P~Fo9ZTg}FdJ=2UavP$ghNTH%;*eBx=*GU07dsw&t(B^&T5 zr?pX^>nzH)&ut%=MqV9C9{GkIgLJrcP;vXsy@;_D%cVq|Lovm6O2Wrm3yeYV&T7#X zKh;yOW7o^PV9k^zD`wCl8M zF@i$LDPQ|yk>)x1jpX6=TH!?!#1^G>9Bf$?82a8#+lp^aj+_Gp@GK*>N8N`E!9fM!?wmDBH zdXYNB2fv$HynT@Y3C?c zDJwy7v+G!?tmP&Z{;j2*2X*xg>P}rAQI0rt)2vGMu5ko<*P*HY+OvZ7!Ys%s7dmT; zW;xv;ZtTxf@Lv=zlNOTo;Bc?@=+2}UD=RnN{x)#jy;t?F^57=4@BP-N1btYS6W=v) zy9K#ew8qc3q-F9Lo@`#E2-fJCSj=c{=(ea47e$jUi|0c7${z_QTL7o2`C$33d}1BT zgtVf=7?R_Y7ooo*E(%MUZTnHZe4g?t;tEkUT>_B4rR=LKwd%X6`QR}B>(|+?iNhlc z%Y{9!zQ1esD7f#gc6UW_q#n(sLKs7^XF^xdS>oli%M59~y(>t`epf5W248*XUsiV% zT*F_d9|Cy|Yr#p8Z+p?D)&gZFX|=6$UT}z>rahpIqz7hx{j4CvSS2I(&GA|i^ft;q z_pPpc0#^>C>yL)z+4xHWd{2brp1i#s|Lq$%%#d0Xy8CCRGC1YPxnP*I6gFc+;({Zy z$4|t@XyATgE)h^&)~IE*th#I?Aq5Zk^SlG_TaFy5+tR5Lp%taOgZ8?`X!vTXACgsB zfeFG&7<@rEoXr_6?eu@uXWLNVmSDGcLG<+msT{uIo!ErP^EJ0HDzWDm?RLa;R;q4a zI(-(s0N#ZbCk5BT`%P>mhad-AIlcipeQHfx4_20$G@peP~0rC5PVOl;rRWd9I3IjcElB~eq z0J~eIFzoSVc|mnC@Zv%H=jbIx@`O$G9i@z=phlzJ+D1BNyNRUa zJC5aZ2awiIUNtYef6Jw*ao*}}l}zl7RRuBT=x{rYRl7kx{muI=7DHHRiULs?ZsavJ z9ps}|*(!=LN4TQ2Qr@Z;u^v!sZQTPceynXkA?Y$fF23LYZd8IF+Ju_bav@ceF;BCCb0nTmR4s#+F3O{1EdOTe+Xtzp$|2oWX$z?FuRF z{?{ierhz88eeAFegHGPY^(_Gj^O-&={3C+%ush$X{mp70u4<3~%?_&v0c0n8 z3b6fmea0vnmU=IGB8(3@kg6lloe?=jE6!2G2-bWQ!IU#v#z4}II2MNRO?w!}mLRP( zQHXXdz@8l&IiE(V>**NSbZWQfuVO+RLkFvH#oQpAE0x-5`=}EJYb=2fEgJh z1K4>tDbzq;unROrG6XF_lsHGp#)OJMm@RINvrcnL(ZgithT`wfwfIWCeLIk0^h1aB zL5Ikl{GG>a@D%PC0n`_;3rm5~yyiy8MRFD4Jm#{&Vs22uN)Td7Ku1opcHTw4nI@v~ ze9}-q)S#i#JDYysUWpWB_R$TL2-2`2=Y~c+pvXxmCCdCtj3Im|bO63+U7>gL6V*Q7 z=b$viTEUm#r1$&006^bOiP1AV$*b@@uaC=i}Oy6!zHs~Yk}t9swFP&&)xkjl70 z8Moubm@uyHWyCh6#bezYids0-s|3ZaI!PlYb}?*KdAL#8SzZx^$vpH8DPWXv@ai|! z>H4~{*+E^TwowpGsP4nAKrSy@1RL#bPFvLRz~lg@Jo|AOy-vj}cteuN&U1kfMykWE zfV~%#6YQX^DUjfw3M8Kh^gW)zMP3%5S^N^O>gwHFqE<+01Mpzv5_cpEo>NgmpmR*vuTBX}>m1LoblNzZu8#vfvMAOjN!(4LtlPaEFP8Rvxy z9}r~XL{;=99AVLw_TjXk_qID&C!&ho<#-pz7ep%Rpw+5Lla#T>nyB%#LS7C&*&0+{ zgt68wS#{E`O6$_|n!HF~^~>KWe}r>)>fKbe?3g#nALLOfr#-%4o_Zii+U(GLfXaW) z_X4j~$_GuBm##g2MUAN+V3f}hQGFjW4peDAE-l}X*VS`GZKQpS27uShaB5lpT`uCQve3zvu;TbmjyPwn%sxF^u zDPwX5CeFqWGzeaWuF*RSJoMcr^;%QPcjF4T)bWnORF5~gIgP_cKC$l=AjZ6KFL~sU zW18s(%1XbN4Kh{qoQohDTDD_~J)X9Oy2`=p%-f{$j%-Hvz2VnPC6%(n^`*vcTr1sS z?oPiHnF-k-z8XQbVPAP-KiNO(&ca7|1>Su(yNrIckDb!YcIKl6D%nscyrOA%OY3AeFqek={(_4{;0TpEOx!AIB1C2Fd4rN|t66uNhNyB@HY?KvIa*)ygZb-^Qfij+NY@yP2>P6;Be#YU0+I%= zN#FxioIFvsq4By013Zi?jGvb~*_^z?Z%wa^*mO%Z&=CJH$)IJ`96eA zTx1B^MN*Qmj|Qu8P0H;QgPE~OkMI-;O;0C0F0l&lra~m#2sm&0EMoVHnphvg^<2p} z5@0u6Wn#jS;q0u&>0OSd@rdF@6hug zw$s+#k$l@AP@{o}kWm-XFhk`c?8>|!^|hP`g$n{)Dneo_1getZVGF*2p9@Zsfa3g^ z?#fTg8U&)Mu@3*l#$Fg$TXrv!h4I~#Be3tnE)*Q#6t-R=KwUyD+Xmb|VWx457d+yY zFg1CJ`(i2j)s8DVEuO^p8-?$J(v}>UN+_2_%XNsB?oBOzL^#4py&4FN?Z(PWXyy)1 z;Hwk`9=A%1cg<&!;=vb&s`q$!4Q1W#NOb1?Yau5kXl>(rn)TFKfx2as?8?$pxNOu- zD}yI)E25ZQ+4U)UrWamkMSJm9xkMW8oHPJTK+3zAgzPJ0R;5 zS30!q?FPe*HL^Y}*L4T4BELi9Rn~MMQLojN)hhY4S>}Hgl#jQZ)+CL`5FOywS~Fig zOS=u9jv4`3o@6DYo)sYdo0XL}|V%dEL-ti~aUMjpc!lnWQD>?3QzKC|xP@8*~G;OwzAcRCM}p zEO4JXNBLGJmbOH+2B5A>X%aN1?Kw2(=2oH&ah<60>d@kt$)T0!$GEin_G|l6mW=U# z6w!oUbZpS7B|XJ2%8Y9ftkRVAg5daco~L-b zI=d)G*f)y%0zh5gf%Mcb(vE=?!zG$^NWwk&#MTMAc}`sn1410|yZe{eB()-Nn` z5?NL$+%r-tJCh+&6ez$(oZzo1`+!wQEhWmP7u>GGJ2E@x(<{F0u4H)KKzNS03=la- z`$RO3@^j)EKN7351a*V4oVc2Bf#Xz)l5v(#Zg6HS({t|f>(0#oF^Aefor*m579XeG z9kE+^+%0t}fh&nxwX__@bFT2&)FD@{$@5r+XzlDlD9m6>5vR8G-V8!1FC{ipv;6)& z-d%ub4c|+PD?*B1p))5-Y|j8bdsTRK7j5al>W+{Lr~+MPfbQByH$8ju%hznwe=50B zu(h7B?#Uol)?kTXIY+;eG;ye2Lv!75^w-g$I8zo&M1RF1hUh%Hx-H>IoC+P1EBabaK76=_yn4#HeJ831 z;9y^~A_~<-!_M0dSZ$7bbozfdzxe44V=ap|wMN4r9b}>9y-GpKd{}TEA!CJ{k^soO z9e8>8aONy~+qVUbi9w{O>H8H8r6Rrc0Jbx0%9aTh_yNbnCjQAe#K&aS-YFkvF20*T zDcA}jpx5K^fMDwbu+Ev)6NBa46k;EA=D~Pg|cp;_Wfaq+FNIEx) zM6c2;5~14_*xaYlyRPzgom(wT`kGXdv}w3ng=}`{W#C>9AJLlB7?BLncJB_(&abr` zZ1&0gsy)?y>)<@LC6ao<376NWkTFzrQvXq6c{Obdjo}*nduB`KrOzK?w*Q+~`dr`t zJ0;xQywA=1f16gHTl4?$nwS4GTXS>s{twUlpW2H5WZwP$n>?6L`u;n;w_hEaKZE!7 z&+Yr4%X6LU`~L-5mmpC6RpZ+DiHWYc0Z3tCIu!INesW0?J|&t3Q2J&8l-pRg(Wf5y zZ+iEe!CQk!0KQT3f&^;~MLYjL^k(kU=SF^R)qQ|iUQ(m`aZ&#VoHkYC`*vYe08R&lj)eOxaoxDwju9Uew;;m5fj{BoBOk1V*etT zJ_0-AKOUi@2#`04@cQuG3`qca&lzohbjW=k=2Oa7N7zWTmx|@BZGzrs9B%q4Xhf_8 z8dGyd^CYRDK<1g*g2*2|-~1EDTRaCOvHdmiX|n*Nc1f1pl>A?K96t<6`44b9&YscC zegEgi;GaP)V0HVWWXcZ{D?jt`yb8ZG(Lo7PGBmA`nPgNBjeTVkXb+aU_k%qPKgftq zZvG%w8Wc(U5tNHr3=Q7)RyRBi4n0BWUhC!oD}$83I*6&zTc7gZPFI31!ue zUHY61*WbEEyY8bS;dAh>3o#M#^ffpxw!=+N02{*PWHd{pj2$qSFF<~ipGzHAhXQ)4 zdtQsDy@4vPp(kGI+|3kh+}hxWIUJ3p8*dDv#i$B1Q9mW3}Q$QH_LW%EK{JYP!D4c zUq4mwOgWu84%B*%_rpC4KcOv2ajAlXfNWQK24s5xNhr5R@#JqYea*f0ztYb9CR5sH zj-LYUQ@vcxAqlQtpbhOv1f^gc?mYRa8RFLf!HszXG=!X;^l}%V&OiRc?>6$q|J{LH zVo&2jfA*{9e*eeDL5%##YO^FtffzlvR^fGTq;P9w_RlT*C^kIhaP=q8f4A^w>skED z*wh^VVMyWk^ON=iMU1Bn0y?KB<}O+2F}WB~A&_$Ix97E=`m1Re_p7Udkcr|-hz{s` zik?p*r!}&ZKJr!&-X}hr9sP4z)aS1ITd4`Z^|ya4Z2?$btAXWZZ44~0Kwx>v{45-Q zj~rI`_fv;`hzQL+{=B5Ef95!?!2Z(^!QY{|#BOr2f}3*4Q!|M7woc}xj~MJOElrUW z1Of7mH1IO-vE@g8GN|hdOB8h$;$tAD<>N?duX)X%i5C4{v}x}BpU|IuFz)lJ zKSrOEX^Q~_vTIOOszVapHU10K_fg$3^T&?xhjqxzA0vKCw0_QO?y+h>j$UDdK>V=e zf%*?u;?a2@M(HPMeiXrv7~YCzmmsHm6iv*2QN5Rze&ShJHGialFX=o5Q2B3RM02nG z>&Is|^zlLi^tB&z-u^U0l1sp9OnEeecw@i-b)iC=l4+m*<+GA(e@kA^or3&sXYJ2+ zqBD02^2f(${~j>y&vNab1N8gIx;q*Dk?Du6^?>fSkU?|&&%@R{J-?{OSI z=e={_-hT|(`kO`heuumEXT0AWxHkvPeU3Ny&%S03-23-~TEFFR{WrZf2kw0UHq8NX z|1%KxuNa#-aBmLi`;P#fbKu@wnDc)ORGb6%=D@xG1RyvE?)_UL)IJC3`ft2u4&0jq z_x^)`;vBd)2k!l|fxFMS-+wQ-2g0$Kx-*DG3z1>GXfYoN^ZcOIZ$=q(3lMr)K^DnAnPB+Zy%YUN{LHaL^br1W40>a|AMGfdx6C{ap z*Dm3ru|ui_VRd=WNJ1yFo!rjMYSjl@=?;|fhQmBuJNfzao#yhi@Z|N8EQtW@hCxv6 z=`IASSz3bFZME`uf5woMzqifvU9FQkBtk~FqEx7n=!s*7C^Gf{v5qD+fl~6j5TNgm z+s?<_)$RdFt+BUe5Y;+U6-AeX(FCa{e%Ml9tBTBJ-x@zPLEcfIjK4z9An<#X>OTp4 z&iI5V;b$0~iJp?lqVUB#0LM?d6^NDo==mRykE0SAQ*lM}BywjH)IX)n7o&_3P6CQ3 z*@rWT%jQ@?lu;BbZF*(4q+n?V$Rdp%PW*m_Y8BT)xY#OKw9pb7GgZQb(%$WBLUXo& zH5cj9S3wFZl7*LZSThKg@6Crz8e7k+8mru@w9|bG z6&n(?9=iG;2~HNhL@TJ{vXh>DQSaseLm4Jj%AqDVlu5$b;(N6oD7hLc3s)IqM|{AAkHrhJ#p zVmE%@u+O#Q<7GHE9&_XITVm?};QA;qMq%d-03qZAgplSPROy3VmU{g}aqB8o!TZS8 zBQps0oqn&Q;@?3fS%5zH-8E}aszc)es35%=5NA5a18uMvaF#r`1#Yq7oflGP5GYADhb@v0{-#M@WWcHXN>Nl+yggO8^ypI zol0g9A=rhqZyH>qm|pdng`WSL(jNX5 zeU%i0X>w)5lDsn5A~~(R_Jp7BsbCE_AD4yGV-fLrJuO&iS=hRG`uaTX!khMB*t0Q7-|b?010JjE?E7nmTUqB>}}1 z4<~8}w79)@^yAuLv}KdV#GzCbX#1g&or7TxW1=Gs#-g=Ph}#J|tp*#6ndl+cByGU| zLvV9UvJL#f*dV}9ua>`U2BB`?A4(}D!NBQxEZ$CrG3u}`H=nH$!^N`AA9M3fUk?#h zcL@V(VvdHDTgZ7he{1yE(q=LH>JX^3UA0aahoKWkES1n2n2F%;fivYi8oDc|9T`sC zM63f2O$3Z8Be(GG>XgN*Mg$sRBF7G~Goy}X$%GJGQWyzUL#hENSge&XU)Qhn zIJdGKz0@y`aj1wRS$MI@HXAq{udK9@`ht@-zg!tc( zC!w?+Ex~^NS%J~(EVLZqAf~NnL=V}8k#dnWP;Is-<5v3fS|ZnU7iMMg(bIb(w)Gk- zL>e|u65YIFR|w+-cyw8z*mK5e(XvYB19XKsc{QwSmd%y+9Wz#O7siCaf zCO+cMiQ$U@GA9aH<@`w`D7*ed-AnOs1IzevDA;4O#}`M%PkzAbR33JsHI5pwCW|ov zy?=Q)if?Z>gZLgN+8cRE^J7LkWQY8uPz)Mdc1IyEwQ#G)ehpHuk?Qn2QT0ZIo0-iu zD{N?r{g_u_z=`ZD=n3=sa)nr|P!M6fnJ*qrd*|E&apnW$=T@RvTHG_qAN@K+*B=15 z2?0=?DS6T-&oAjrt9|>)`#yO(cbgB!bZ%^ZUPp85W^PX<&TWRd%`m56{-SN?HpARz znA;3cHqLF{1&u5SFrx4S(rh}^JtTxXKKGryDAG?;# zaC28Ea=;-4?-QJ@SiL088;NnD`)B!cwbAVs>>0#0nq%4}r5(aYdY+F4$nD6>gdM&q zgR<>g%?i8kws5C1RE)RYs&FWQ6mE^b^|V_LJpG0Gt!@Q6MZ38)!D=k;?rXvh9+YhZ z-w>c44w!Xx;E7H#yg)7UX9ailK@=tZaO(`>N;wj4)*6;Z4@AJ=7{Ii_B2;i#m<@G3 zqGXPi(1NBdLTHYoR}GXJ1o%W}kz6_)u3FxC{8(dwrl&hDOgDVr>vQH~cn^~dZ9zT> zRU4_@eHXo>CRsS*>@kA?K`EPZF+)%XV+!>pZw65^dV?qiH*zM8;A~D>xw(H|u-@Ls zl~BA(`}tVM!kz+3LByd!B5fxCZ7D$pn!?)xIsR8r@pghTlN7>OrH4#4WU0|Yqy+lS z?}c(FxHfm)EAbmC6wd%h#q7fJ+PBp0)|D4k#!?DsbfaDiGrkT%1pt*6ycEugB)%$C zyrW2ku#B_mvAeH5*VVMSz?AurIW^RsarY1^{>R4bq;+YSBBAXPI$m>!_x>^|8!=Fm2Hr$Ghk(eB_k7QO%jX#{<8iQ2^T0 ztJy8=rh%~8Axhi{i|4cqQVH$`av{yN4$uUbg2B@!ZX!s+7D>+jcSvO^>#VrQ>ktze zfl(Wll@BkX{4i*dVT9*}h-y{7HA3D~tZ=BigCvLX=Yul8253h{djb#Q28W{0F&5Oa zhWBA3uu{seRhqm_LO>SXI@uf`4d`rF=p^5~5*F1}ovyvRg&umck&bhuSnMwObPprx+bU6HJD z9ixIhaJfK>Zw3`FA;_^X?Vg9S;2;)i2|Q@raGqeo3OhBDwowXx#W)ynLnTUNWn)>{ z1EQ(2##Pc9uvcafVntHKSCHgZ;wr&X*exE$lB~D~f6Pk()fzGZQwoL_9)@V0HyEvlYc(5b~V!z^;rUq@IC^#eU zsS1b#Iju?#?g@f%!2oS2h41f5%Ql=r1dn==-r(34R|UISrtAe&c%D!SP$GiDvV_hUA&lKm=auni7oQHonal;HMsBkzqco-_pU zHxc#;6D^8qoLi*%es+CUI?66c2hnT39?^;1H|2qcCK{_F3*}0u6L=Lt_Q`l%gEm(M z5mqohuAEkjYF~F$_}xwntb!hPN_&D1&iL|5C!^V<0)V`M& z6Q-T=C_$trB8d>8a+pb5tV@aqlg-!aitVew9+#sCAeq_M?_{(uG5wZu<=C{ zR9Q$SpSFsAkS*NwvfZo996R>PD1z0iSA|pX-%qEYCU~^8{%gtoB@k-{(E+9PBWL#@ zGRJ6$lEv~v;P zmn@|40(E*hRXtO)IS(WVl?)B4b)~rSz8Bs^J4uQYa%D@2ZN?o)QUSQ8QJyTh> zia=<{awhEMCH6Ia!BkzDxn}KWOMg+Bjgw4Q`5-5nY%o^e~ zGeem@pOdIQcg??vAffHClwn^rKexYW_2sC2Z;!#48w5j^q#RUyLhrP9*XY6lIl7WC zwg64A=Zc3YE16b?r>+Dc$_3)dKIh!;>59^0mAH~&K;hht-ImSqy*aUtu~Jk={Gw0_ zhRQsM)9hlc6%d==H4$0+%3bxmXuEECkvbP6kUm~chBBRos(n${iQ@0%kPh6wh^+4f zq~R*@=~@(K2Jr(l-hdG%%pj2B*9xpz6j&7-rj9;KYj+vJt|myfju=#Rp%q=~r-0n_ zKu-AEfee|iXAph&DSV7b9~3ul9H5=(F{g6eMmwg!MSY{z*35>M*Mg*Itj+Y~jy@W{ z?#&EBTvag5*JIR9Qe5|MzKb$I(T$FLuW&O|ZM=e*gbbQx$9W~myCb9sl!572C)zHI z5qKxL_~;-b3U=Th4$8@IO@G|&(<(J}Ob@fwQ-p;0C{L`3Z-DRTRU+&OF( z={dAaumYyANHXyCzT!bAbTA>%H#v}8=3^CJU}xih)56EByyxu@s`pTcGPx#lw{qle zm7A?FlCOX+rYS-tRa~dxz1#rSkxa!$ckgcZ8>}!BM!ce9iWXjv!MQnYrKnD~sdq<- zqAjw`EO2zsU_pMjf%k0r%mqvsVlhJV`YO=ZAVmXJ!p4?@lNY1>-Uu|fGKDD#A>D_{ zpmVv@XF0hMx+D!WYFM^krVcr%77t(MO9-U6lf@JX!TKg|l-yp___9c) zLS8s6VEghdj!K_y8A>A9KNFfd$~JaXF87#9Ui@ARYc9qw{Rg`M}wtE{1Fv|6>W z)0>RsU{HuQf)tG7xH2azp)e)MC?+<@O`y+2%lKg`Oq~-0LH?N9X2+-Qg{lrhdS}n^cR#t$76aAxEMDyUO4Tzfd+?=^hUgf?Qd!H`Th1wR|5s zGcXp!?qmvM+qKzsWCfpoX$TDtO!w%xJHj$W?`=TH~ET|b8*2J z*w;mMlSJFvoGJUr-RdLuo4~-`yn#?uiTF}^;yJz?(R)cm<0wBDZ6lVL(^iYVa6w85 z6#3Q!ci7WAb;`*ulVd>=e>0k6)WgyZJV@`=Rqjccu0~~6joOhp%3b7AT3a>KJeYHw zc`$g_1Ez3M+!ewE6%QMTdI&QOQH+VC33F^&9X+he+Utf%qJeRh4bC^gN8+YcG=Y zJ74;`RyXCm^d@zOELu*K(B@VZlC0w0LtG(@5Fue*Ll_g+0auqz-$sjfKZBOpxLDjB zGx3PDd~3OQ1P!8~@CxSR6jZg;3?hj%$|}4Pir@s$-mH6W=9hM=r2xexvn;NADF&EF z9dFf>VA5m*qfGLjMPjzIFcZ+ZoN*Nc2Z~c}1i1wHqiQi}5ka1Veom4cH28x0x(Mkv zjh1P7m0Li(ZRr zs33hbvkEM+%&J~VlnBp%>~rF%xD1}7T1=fm$o~M3`aW^FYM#sS6)1aH8~J9uwG<`{ zD>;D`ga0$(^i%}=NDWW+QoxM)3>)UorKO2l3j_bQcJ z!VH#n_o42wp4>>i%Ga&0Z<}EzznQZ}{w`}|-bFyIB@qM^rw!N$^O?Xgk())iasj*X z!V(YwssRS{AHC>rA%Kf;*YuD~%zW6NQK}@)Nu|X1`-FwrqKzBb)GPBuB}V*oqc8!u zLebBkU8Vs^uegiajro~YCr7(L6sV!AzqJ>MbQ%9eHu(aDyNeB##oPA``2@MGDkv=+a?uxnb zm|GunyJ0rp3E&T)#R0}E|0WlRpnsPLh`EC_dZ53fwA$o7NM;v%1iSOdF5a37V{KFBT zeDmzn`3H4>mT$-HwY8#=?Bo(S^a5j_Lm2TDt)cq zOSVx&Mqz3Eg&-d!UO6uGwdBRb)}DUQ2dBx|4>`MP29W~VcL}*gva?aQH*~XDBn*%h zm9%33SHTI_D*7$_oTgmeE9kor(5Q=>?FhgljgFZaE;?-px^hPmh}_u+;p5)3AEc7l zG(7wHqf<^t>PFAST~fX+;sISH{_=ag7u`KyA6&C)c06|QpGGLp4)$$O$H)jgIP7xB z-^}pbSs7IUsAFu9WoEVZ+NMV&Qgo=={%u@n*y=8L5X&?LcrKW+wQr;F@p#ZGIhAHXtEubb#MV9qij9Kle#Q;Ni_S`N*@#@FJ`O;>4A5_eK zw9N&`*FCz zmEh=URx_KQc5m=(c^DVEe11||RYR!S{nrk(f&LwQFrDw#lSi98%nZ*iIJRuci{6oL zDD%o| zl^p}We)(Dp9-YN`xSjU$M4fl`alYX6mtPt#7oBF_%yc1E9zJM%5HWAwJjA!)A7Z8h zu^%BefBx)$@U;N^U$}VT!UYQ!E)^GFw0POlWy>U%N=PhUv1;Y=6;dlCBv#6fJg?QDbp@-=ThXyYRB#Y>h-fD5u$BIeH%6Pv$4Y_`?l>Ok;1Vu94c zRqMCyU9{TlwD<;h>Ft+qJzT83FTGgiSUpE&#~F_+OP0#YtywF-ag*xiFSqQ}+@+wet7?@*MhDGhujE_jJkd2F8RBA z(Q)yQ9{-S#_~dCuW>$6%HTPLwNoiSmMdgdCmko_g%`L5O+S-{cc6U#2-@E<+?%4SI z3Em_;H9gy}c?hweyY)-YKIxYf=-2!O3&a+P&-QEHd|&V_CbeMU`fZC=?KKlW?Y?@$ z_REW<_uYD!Uc5wk$1#q~8ISsAK2*Rd=AP|tqp*suL+M=TSY2PRKU z3V}ulmx-!@=RwgW@p(;RZIwfpMr@w%b>x~Xx1 z7}MO0etA>c!58rxBEIR->-**1WGXAohFdsClj`s-L>5tCdAR4T%QAk++ z>oh0+y4ITCf^14dVQW197;2?QYq)inLn=KGI)BkWNA z=wF16ZROko9R4S4HAx{k@GtWD$?udDf8>?(PwU#;68xu2`?)3f84A6k{hbB%I399} zMDZTkKFw}-ZrRqKle83i9@G4U_N!h$ws2qz=~vO%blWa2@k1qy_?JIV#n^J*#(LUV zqrOY_sE=qa{6OWEeTD(hJT7sYN&CfU`M?Iur~G8zKtGuj-|arK?r&O|&wjRVei{Q{ zF#efuh5W^EIQFY>9f5u_x_%l}U~6mReznSewZv2Velod`KP?PkRA2wqDEq)a_&<89 z4@~>~pDp4)=8~CcT8|q=2^P)HBKmL5V%mOVS;Myp7ZZB_Bu>?@t8~`&{KvhyTIpw{ zzvb#tzVe9m{M#G|u>R3I8%oc*ap=G4 z;n;;AH2jx+?%Ln{;9Ea^vbyGXTO$3BCuv!ctFuoc$LiB9Z=YpgHM_yVD&WvN8CRgo zQY|yJXKCF?fPFb5?3b}?jW{nHya*h-DqH zR;kX}U{}rZCfTo&B{tT?I;4miHC>O2V_ZF`N0YNzOXKu}>s}z16Pg=QI`J?h$CrDG0>>>^)oS zjZLpBOTn=or-f(NdUVxZoWAC&uoUveA<1Kv@;s}gdGEue&5q48l<8uuE!yEiRr&%O zj9lLAExC@4nl@z!erz}``cefq3cW**x|t&;qt$vSOX0LKTE4wRRDB=Ot0&?z>XJgjZ7R&bcZ3vxuZ536@uW>22%>@M9f3^;Hci*P$c zQ=$ob^W@Ey(GNQ>KX0vU=ABTkRetBcMZ!7}r+y}vddumGqowjKYmW?Sr%No=Xtk;C zS8>l6A@mKo9MUB{qg2aE1+u@-19$JGHOcjvM(ehZbO_Muo{WW}jdk4BrC)oyo_jyK z>djYS$1-l_G{4P{kJM*qkvC*y%piE00+Hu81i$!l*FeBQo|D_|UjhnWx5SZDln`i?aYck@@<82f4p+><@=p-DKZ$bZ*x zhik)^74A=z&PADrTiFzFsb86$^2db}bW>a!`+ekjP+SzEC2Stta6KjU)H}$Yf1YmCp&{FVyc6RUK55aDG*L=0pFx1Q zxC%9tFgiclVWA9#wfxjO9ohINfuZBacliu!we5rj)%S8zM>RA>n{Z64G1^r~zQCBf zj%7j8(@pcUBy5zuic2uXIqR3y`cz-c%;|66HP+e_PCVI3?VXB&EdWPUO~6JOmIVk> zRrVV!Q`$me7Lu;F9^%xpoii{j$=xw03d2t(Tt};utH7ITa65WC#{}7Q!A3Y7$F*nD z!&phymRpIP>+mhdcJ)%Dcb)4FkAZVuB-1$Z2Ajtvn77`T*@1}a(VKTCqYEdm4++*O zg`de!Iq!Y&S>))^leV?|7j5PY-&$%&E(*? zY{NhUZig%0W5>?(MJ8$*UnvfzGt74b}nk-=6ScD1QmSmS2LHFg=M4zDw0+VA3 zvT>-%*dvVmv8k9RA=CRp(@sMx9w!vzUFhfKq>{PR$vb3^)@yJF%c8t4C>BYspsP0O zZPW@n-y5F2eDx96>rLuz(T3P<7w#22TkCtlajcnW-rfv?SKTM$YgaQ8)0E(6>^db& z!2yobRl$7vx+|kr=`>pIGp^uTm$UZ}ZDj7srKP*lGR1^%aip zN2H%~D*$rR;j9}Y0Dh`GYV@6vu_0cy3==|E!`*1NC><5+aQO0 zM{<~avU|nLhC?-s@%ob%{Ej3{7p?4pMP)k_GDO&$(B3an=Fn3%krE-N7Y$aX8!8pT zRMr(anp?{C;O?Cx6$T(bPMzx3MA_9@ z({a*VAM6pUfi!Pd#a(o@u>9(Pb1Jv&BP@GQnxExAO=grem08C<*m06*KCFP^SC9&@_JFN%q>=$R6D%C)IT;GgqSO}>>AdEvZ*lCh4p#r zCs!sX-y3{B?@I@x%Or%;=;H<>?aU%|!2w$&voB;susg+a2I1z+EvfmjN}-_yG{7=` zs%VVLJ&F!_AG#%|;#oo){Zv~g)~YxVpFhNF_&Q0YgUD+Zq2T52j75Z#PyEt~C!?=t zdh_lvn^E74%WIO(yVty=`QkXQF>U(uL(A$5oSBT(wkEhouI+Y7p7JA+66;>{f@}o* z$tUf7;d*FhOvuCLiCV40vAAgM(KO|tM9)4}-JIm7GHhx$ zBp;^H&!!m^!8h{~%1HB1y_4^WefV&|BvF_-bj)b`i`Ny&v;x}>pAnJlW8Skp@1Jf? zHZ`gct!uE4HJL%IboSZSQOk3V?j6$>Jli!g*5OG=p~B9WsfPI03XHs+AH;m?-x@rz zxcN~*#;K8SPW4(UM>?8!&-_` z6kUJ0ZZv!U_Ku`oZJRpsd%@I?Qo!6No7v=qvzDXxasq#Nm;~ol9?!z%r@pOSw$0|k z*^Y4y5J}uN1?5{?;X-y6I+==I|Jal~nl*!n5o)wE9m0C}jO~J~dBji<$$D+D^n7wP zYdOlLU6@U4RGxAJ!O2uQ(3GOq&L?h!)8Erw!XI}GS`nu2yHABXD>k|5q)q0Gbmm;r zOiV76EcZv&bI)qv~>wzMI=5 zM1Vd%5Iu|EK8nx?;H1$+Wye8`Y3Ysu6l=h2P^Idp$nY{xrR(T2e&UYdwDs=st`>{B z`j7J5sa0JyVC8%ZrkzWDRiVP>nrDr5QA|iZl5^%Hb@1Xatw|MYbJbj_wFk#QiEj!uH+yJQ14^8;N zC9(#d(OfkZd&F?=E;7QVm$Rr@RtP7@irRZ0GKg`CLf^Qk+gte|V*}93a>IeUS$9?<*zyB&8l84x^ zP-1o{Z(F3M993H{v?1bTw};*n+IC*y*hKAUss|A!3|$g^VtJ34)rFK9Vvm>gSnh4n z_sKDNt+M(j?y?0$1MP(?4ilGx*O7-85E*GUiLTxL*%9{=iQYr@+c36GrUnuan=@1o zKB&t&cGc%epoz-hvgJhWiRSxWv~Yy%^tNh`EoXn(;_o~z+Zw1gYERB+yu{!NaTvh* z{aH8sb`_J<>2}~1#0>jA9kB^Hx|`82wPPZ^4;>cS;6??_2^8G|=PSsGQ;2Qq#xYDb zD-3|%-3zOyGdt7Px2{teI?#z`jSh3cocRW+kUmFEy@8Ik7~04&u*pAO^O*gdbaHjp z=l6ba8yxeL8p<`|4fUu>bz`SNCE{hE?*4vvw$p6?T$oVPgdPKdDiit3+f^B(YHL83 zDAS*o;nW-~pi!&_;Q1akr?8U_)piMV%6T%{#$vhC}vYu&lYc zJ4QojHA;4swQv9+L+n&Qd>C`a z9z8}WYV{arjo6kq3M!%o8-(`S#HmK^{&;RP0OW5Gt@xt8 zg7}|4Jz%yfCrzb3)f#hPe6*D~F6*>Ki087ae9D`=Z03vd@84wgZXwJI5H~Hq;OV!i zvsRE|3r;JSz5VB&#u&*V*3XnX?XMr+gnc}=IjA8)dlBmr(e+|`qp91L!T6n~_RWZS z_xs3OFY~wRV-xcQB#9-o1pXNPcH{I{#l zHr6*Y3wxj({=W;KsF3`zJh-Bo{(dg^)}_k{Jh zY(%-#sqpQx&m#Dy$G7eA%n+RP%Id4?ak{e8)8L8rw9ABUl&|@y;=G6P_JWW5Z|R1& z-C0MtPu_sHoCGO{Uo(+nEM)7ei;dr|N@$EX?`FQ6+_H#m)&yWLDqMe9%(3p!TecJ) z*LYC)66TNo9CS$$EPyE!E`!)|^tOBG7spq|`nm>5X=)o#FTnDA&!?JH#x!^gYM4dy zkl88)GDwXV>q11Gn^GH;-UR31BY5Pu4c1t)en1K+N5#w=&(VaQli8AG^NHwPzQ0_~ z7Xd!mk9SUaBza0V%2@$w@~gzA+oqimdG1Tk1iHhCr|j)DHEilg+MkX6hv#cZ{pUh9 z_Saz#i4U8fXdAK`j+w0$(+Df4ltBk;NXJKKJz}2!8DSh?Hm&`+>{v9fhQ|eM0Qv>J z-OzizA@I7p5r-K~S&hf~8;=PBFt~VD2GgFdcC66uRR6#?x=Hnk?&%;jl_{(h9}!cR zB3t{GC$BKlz*a+oqJoBnY>=YJDw1gzbJGAeUaaAm22uk#?o$a*%yCAV6QXvuZu&R3 z4*fRo4(P(Z#KyO)J`(A2l0ARKnnt{W7}XVq#iu5{|9BvYklx{A&(ROV<+u!#)*J|b z9;H5PX{FVt|0y?R%I!%2jvvi^@V+FMLBZ>aqTi70J*o5MQAC-m5G)||^Y_iK`;D32 zoP*^j6jT`oNl?K|+$D;tf^t+| zmO0pAW@TdF_+7vDsZ=M?%QQ|crs=b-?mUM;(v!oTIaZC&1QntBMbw{P=10)1rc7Sz zKGIbFlL_yn2RL5!@3h*sex zh^2G>rBiQLHO!io)+2G_tgXn>!zO4+VARS_rNQ^;DuS~{G?_51^2iB=!OUUF?|o(T zuEtbc8O_fqi;XFK5;@=9Un^HwB_Uc_(sj#&OWyLE?rRmiF0w^T<~{D=3oLbkLj-@o3cr-B zxRDQ|br{%*`&-pBDX)A1-(CEk8gVb`+L_kj(0P-@*KMf2O^<6v;oupllOdn#O0a=r zZ9689bKUnL;TgoZn#Mq{P|Fe11epxi7^142QcN8TzJ2ps_@Q%t#^D+PEFo{=TZ5)k z9>=%x!GEuy9)TzSWL~Z`mD$6e)>usd#owz^_lG_#Fjl%qUkcJx3Y-WwIioSb?(I3as~@`b3GwZ!EQOw z?B5!4cQ`B+{E{5^ovy!2574rJ#Udo{ zTFV}>8jXIyelX^JIOXV|%+~pkAKK2B{;en}p`oD>E3!@Q!u)A!xXOEk>$ZKGX<(dF zyz_&^?qJQYu06Z0`^AfX*BEZ>)<_g%~{7?o#aZ%J72t4%$i=8OOl^IO)r; z<cnl$VU;zO;eSa_Ou z^0)q?J=Aa{j4&2;kBXKZ-F~yb2Z-##YKzvwN4@2TzX;!oi{hAT$gJR|cagE8iC|&gX?CzWFwgGr(}rX0 z7Lzbo_;N`AE9;?eCd)|cp|BROAMkpR=yk^5(Y^ApB+mw4|MDXg$4V557(FJ6r)e2} zZ8Pm2HQBgUrR)wf5N|)BW_eB#4GV@*KA%m*zdd9*nfTTTexp2-t@@v(4rr z!-F|`r2`pLYNJjOzg=Yk7X;40ql3w$q~iJ7ob@ztl79O-rwFfqe>i|?tPb&A8>9|T zwU-i{J7Ngtj2pX?%r&E-j$Vujjeri*91u+6x`BfB2H(2VSJJ&=BgrwPB*bmTuk@Rg zPYaiRQeTc~u)l3dta;o&w_FtPC%#BMgA+MlliNQ!2pgWf*?Q!1m0;Se)&28flV=ji zu6!vh99`^!W+)v~MKb?8Z*U)D_lVn0u+I)I(DKeS2AG&v+ubJwH|!BwEkm6%I!R~fS;-@RQ`pT&N=D!fk8484BP zVhIq}KIXl+tJL?91BD#rUTF>{22E(`opQTGS*u38UA5=DqC@{k4*_GKT%G5JuT>_R zdh}xh>Jkah*iU%QkEP>7cGxNNXXjwW&>~{A^ra}?uW)r^-eU6vtI=@iU`V!Nvp1vU z`?djWD2Xc0r!~|T>h2vd*VObsriLyZr5EbAR8o~mrN^pC(aDvR60M&yq|XWkN(6o& zT=~)8d)#+K1x%>ZHi=43>6nSF_FC6**~;~dfczS%3T-|&;s=iCaGzlY8G9Ir;FxyY zS9#~~I(Vl&?q$FN@JMV^`P_q*UAolv)YL%j+f`3rwVtOSMW%~B zv5(x19_qot`C9W)+Ze0O=3*~-S7pK5Ra-!O^{vPzg$WDSwEfEbIMYjRSN2M@Zsts) z<7`6xqtL@QFLB(y?4YK>N-p>VwBeMgMMF^%NtWNLTj1KXv__+8S$z{G2( zXaT$P>5fU4U)Iz~^wV77G^Rv3bJ$9v3;(!S!-ct_na*3-dYziEYyS)A#>@kR2YB$UO=((gHFi?*jJ1m`e8 zGnQqW(3mDmkVK)hzLj+C=1J*|9bId*p8__i8BI!uglV9Kdev=B8*7vjBZqWA47B^| zo2hbcq2(?5=_LA@@&{m2a$c!kFuqkQwyay zrD7>~)VD+%5`kx6IG*+n1u}FyC?~165Ko^0d;J4#Zl1WV$TcI)OdaaOT8@d+?dF>2 za8&U9ut3nYqc|Xgk1pK_G{51mu@*aFP6<2AaXq3NZq2U8IH2Ex!tAAq77I{_7FNoT zGbGa;GTaI(lxv;2Ws;e)k%lN}l(GV`5MT~6w**m}HW1@q0@ru3KAx41(dp0QkAIqz z(6c>l_b?2GYauNW?hDEeefD|x_WVOeKuqYv1@w(%Zdq-}^ueY4nyIBmI6U}`Srd0t z&-R>7OI8PcjOoy>{j^`z=RIwsM{Q&W*rIco-o(?^SnOggh6T?QV>uNbQZ( zc2hCpp$eGhTh3*p+g6T`Su?xARx8d?y53?iqrq5Itf?H``EUUYWjo#kYcBH*reQ7x z`9#IWusTUjHVt5oWg|mUV=Z^>Xz@&6psZIXKNB61>zI`mx`~^gESJUb1+*tST_oXQ ze&ML6g2=oMwk`&;rI|&}_3pIX*7_X0AH)`ydkiY)#52^H)1Y}bkfs2K0mEPa0UWo@ z+1yW^@=6kTeI$lTwg#r}y3#jljRj4iMIz}O+IE8eF!#W#68M3gMHp-A)QM=Zjr;p* zQ{Q=J-<|YNINP7kF$li9ihcKC+Xm947_7j5BHEoNRIeG)fT(<@=fm8-rJoe!&Uu@Y zo_9vPcDl-IntqXG60%;Xp`bFlk$U`sur`TMg{P}X=hp#l5a8^j@i4lky3Fn}gIVk; zbe(f8r!qQuxHZ9_e|0Xug6_9m4ii!_)(#-3iEbGlMEUy$8q@P;k&yh?sAX&$BSEU4 zxQE{o7J%qW1^d-dx?PqF}nuA3eLK-vCIq5Rs847dnno&x5C^|d;f`+rxIbQE3H_Xd)U#lh^ku!7qt@x=u_=rfdRpW7R z2)!R=4w@SzcXPF)*uZaq8u7d+e*ZTZ>+J3rp`2!aI2W(K)j_|A(k}>bGJ&5_XIrvwI#@#I)bCdVjk4?`k;GT*w0s?c^5lQm&3sL@O zhn=Q&z7#nIK7o`Zh*ZP1BGr7GLC3+EvN1?*$bM7|*PJbNG5>tw;oP|2Jj(3w(|!^z z*+&340wLGpU$vPiyNc6xmv)8mY@~ets4O-n*G0po1GCx;gPLd^<)WNAave3*wU0p! z{!RGEsd%uPB~D}>s$<0r=*KVB zAtJ9_!wu6exnum@VM^CjDTfj3stKgSq_OP>eXnZ|@;8(tC#Oyyt8cOlweMvlXnO^q z)dmJcLaEzu!A6d1mwupPrm&d25vaG@#Yi$W8Aufb+KLz&SJho~8$%YO8J?syP_$n# z%mb^D7j+`2{-a8k+4tf5x(@@c{nksLGvq5__eUtr2ZNr4Lt z-Abl1K`0PLxAi#x%E)MH6vB8uHXu&j0fr+yY`RSd%dbFjRCJuNb;?T-cPevH?bye3 zNW^%`b*yWYCLi~{Z+YZJwlxYm`(^FL-T_nr1g{TRPNCbL;YAR;;XOGQ`dgvmL{!tV zS;tu}_A9beW6~v(LoJeiF`BGB?H@13UDI!rXH=Tp1~94KCMZBh1#H#y`@ecuBgy3}y;czqB`!@LkZ8dN6V6}`*ifQQ9$-ex({{zmIg zxwSXX<>ecU4`$K>%GombbuF!*CTr6o>^07UMB=gM3weA;u`-HFqa~+zmEPldU#zL^ zt=CIS{PnAq{zOfZ92B^P>f7%cnM*kh2EVOZFb-DGK9|;MQ@yDoAtz+J$c>zoFeqoFqkOO zs6fw2@ks2;&~KVb+pF-*vvc#j_cBch52rRO_cSHlMJ5i@o|s!ZfeJXEgGJcSf1!m! zm2RqY8KXQgItSG>EVv_34{U8(%+m!SCyz*MaI?!q(t!48{N*v(b;45F9W|z-aoX%K zxsAF+9>r0|SgstU{b=3TxVSH4uGJnTZmjIGyb;sSHmtDeuW3Rx2Tp+Q zxCA(HQevLi^CvBgY)7t%vUa~aQG4Y?qZi~hm{7GotCq9_ls5zqG;S>JleDXvAQ4wu z2CWmwKm+caa4Dszafomz=~INT7KcVGrZA^L5Y&SlcHbZ6vM(}i!`VjqSs8fz}wxa|6mH<@B*h-Mftfqi?%5dZj?cj-XkGU?G ze378X_Vs`R2OE~8GHaM`r|b1DZC3Q-hLP65eFhs;Plg<{bb z7F&ylTiHq6V;PBox{{q?V4E?k`D=cNgRG0>!Nc+Qdyo>B>J3|3r#u|wBcp7`j zz9DG#AEp%-%|eCM1C=lF($=+Weq(Vc5yJ->879}A9St5DxlD_-_6KL6>-6iVk_VHR+gpdNXsrR}s@SA7+{oQR4ZGQY0yseA8=Xyru%N9lI~V(8{*bd}eR8#(zzyyypOC?R+Ra~Lwm7-2I# zrd*sSR2wWaaW^`&z`KZyv|p*wNq0vCFJ=m(%Pxd9=7dJowiYXkXu65u8qq8lphi}| zX_)}ctem4hbY|&z5Q`SxoD+C4x<=ryVL8T7j>{?SqV?*%D}mBIKJ&7QyeAqDPAA@> z7AN$}2T-^X`0#-Ci^?}q)jeUT*FYh4m+(1omrty~?Ygp6xQt4&*`jXUX)e@$Xqi9W zzJj96f_UIb1Z1hDBPy-sn%zth@fm{nR3qA}WzA`+JoUWjoWiIl$J&Qp=rMx6OBLQs zmJ)-$8cY&gh#bCv7~NX~CK_V^Bup;rm{;3kck|O^MxJKB(@NvY;sdYLNd-*c(~|Q{ zuEpsXvYr+MOagT#qr>$YDidcNan11iFs(rQ|3sIkO zq`fFt+-tfiipLGu`Ge4$f|mES8?9AC&*o~54_;_2Jv<86HH2qbh*B<`$>6P0W9=)R$Wu->Kjb!9*mp9w4pAx8x<)gKpjJY_37fLm8cr>nT12;3 zAqSiwKc#J!KO;pvnBx269|SCy`n<-U@!BIZMaG1O3+E|{RFU|>MZH0yOUJq3)3y-Z z?n4=joC__4<2y^3=zZtI=Z9H*!8fS_TyTv2Z?OkM@JQfLZ7FDKrrtvn#fw9#S|y-K zROk5nsHtL2-e-!O9_?w2<4dGz0^#aRauCneno6s^$ac`yFcRuS#ch-j5FCL50kZgD zcX`!v%k3;_hU7p+4uD8dX$^D1qIN-XqxOhA;t}(6?w(<13rPH8`!Z(Jqsz{8zNwyI zbCI-1YY-p7t`aT31nJ4L<@s9mY8=(wATc74nHO@^xGgt|r-Kb4H%uUw@X^3#slm{j zY1>BM=yx|L_M|)cn4YEA55j*}Cr>-m0cxy57$XP>&8MT5@u*}greXgCvpC#hA=laAecbjaFN1-Xm?0S|Kh;gQ#nI+6mme2kJa;dN7S+`Gy8MUgg61C)5DqgiwX7Qya;vK>NVR zZ4WB-ewozJ+mD_*H{*XBmvmWTCsTtQ6!hTko@MUV-ERG0EN|VTJFHCUEQ&l_%uO+# zp9E#Rs0#pmWg;COPW+%QCE+BUR$0M!Hu_mFrLwCM0|o^Y{$v4q7~z`ti+IB zAN!7E*e_La#Y^?=v#e1VjPj}4RkK?iD0ZpV)m}v*{1J;7p2i!50YSrQuy@!v|CXBc zpmnR_x19P4vQa;H5O>Y~?W&8=HAlyv+|52>X#o-lukdqlwEJXl0FdWRAw6U6!*1rb z2By5y7`pzh|70M8T$7pw*_`;buA+f>g+9l(7xQaCI!IXRA)_U}i&n>#ZgwTQPYA5CLMU@zFgSioFJ=BzE95w#!kezdq{m%4=T(q$1OFLkgAd-o z-(fZ)ma=$FLL-ks$jSbD+)Z8oRbEDE4vxUpzJC2p($kSSU4hZm22L|V-fjvHJWAp znjd=4`s+r# zL~Rp~kgjvfpU|JPBh{W7K0R=n*AAg=H|?TqOoVh;Zu6!ZyEb0-epPK!6-N3Q_3F1?f$l5v8_M3{0CN-ij3c4puWlk4CJq0^lv-gBsUeIu@7FszP z4bN#8oEzyL72=tJqQ_!U)xIt9-~oj zhdq?nZMm7-bReRD+jEuJK_qm+HCm)LFvOhsCGCr?-nTl` zdo(`kJ&$N#M%s&$-0VZGh=e)*xHNje70f2afU@yje=Zj{m1Fu#FMGGJ7T_HuF1mE5 zZJ{80`H69E8IRT`bsz%Okd9EF`ug=x6<}_{hZor@T1}lyn{cnne&l1N1$oP#9bqqv%Bf_tvG1Df7^9*Cy; zK{VqdZ`5bztN~~ZE=!w0D)=UL=K#g&#hm{9{1crF{siyy@CIwR5yw#aoBq|;^VHGk z^s)uFNT}L{3e=yPt~@?)FTp$XlJGOMdJ{LjG>P4Aus`-|-_rnwm-h z{k?L%8BrXeGcq&M8Gp;Vk)`z>Nl>jbC_$`PIzhDN01%+yL;vc&pL{CutUVP1 zRM-A+|9^c$#}DMsZ1FGrd#+!w;X-nk@oUgC91j4$1jQeWPJ2={X z4O9V<2>l^Xt7|2e|K;!1`0JVPgi4P;yLr^#wHEgzAqYHj{#KL;*s??1%afnJ{6qf>h3yK0q%`sKRK ze=tADA6I?i=h$!Nv^Q8lmRZHI{6?gF=BtrB^!=mB8e+7BB!Ly zxV{5W8A1HlcKlZlo*Q65*n|219xw7=|A}+^-?+>l9$@=_nRm42zlbgThn~|e^0w$N zwqE|P8|UxXYQTkK|9!iq`5q?iFS{h~FPklB&mZ^VU+)3-XUc!THv12~+JCx}KOTpF zT;~7tF86E64dL=%JgwVboc5)%Kl=2)aa!19{`;NvKf;RsQ*E<HE7xa$^{r(Y#@XzP`@3Pmw5o7;HLivBL=l@%&*+19wpX>RTlGOkC`1U_gQuwFc z{y%58%30;V6qR7q64nIKfAwEglKxl;rMkTdd)bYa9-LpEZyBJE~~~N1o=LyVqLwhjQ0n)$3mW9J}-Xf?M^! z*ZRlG_TReIZx)mHNkdNko9ote<@kYn|EbE-q)+4d{+AY<@v-7;^B+}a_A8PX6fltT z@7jciH}E=We&squ$=g-I)_#B2s(@d2QY|e)jvP~OW(l{ zVARv9|HYs0|J-w9pesg$JtbC$@H#2=1cQN4FJ99(lUH34y>JyNdjOIh4*d2-)UDN_H43Hk?6^*k@w5~Ls54h?NeYNHDI*Okf zHg34-9eCWe`pElrlET^9UXo5CP$7T$i((*{$pU7W{NMlC+m)Wqt&X=K-)`mM9b8_# zy6O^+R=@{?=QxsyW1%$+!J!{jD`fd3d_*= z%|Jgm`uUnKJTUyp-+ixJLg-NxH^-z2`=^|X>{z;9*XaMD$bR(BhyR_6dVjR~?W)hL z`&MQF(&j8Fxk~#J1v=9RE_M1}y36l6%>NrdwtQSqn@R_Gs{Cx&USX9sMTFx)bPuTi zdULqxyT1Y8JmFQhunl_w!s+Y(;j!kVxN)x0iiFzk zU#`ZTB_3@ZbT$ZPMKu;2x}~z4c*z1vNoL>J+sru$GUzSz0)D)vzt7wn2)^DnDNMZ_ zYWvy`vuUJTaH08Jz&(VDz~t-h=>emq<6EE>Rn`gl_z{tO{_cQ`26%=Mez;cAVz;kz z08rM5k@scC`5I{b2ABqkX#*k+#QV8b>EdxAHT#>LIV^ryctYQ((xmw?y(LcLI6oCf zlne?^2AXHo`|)|!21(H(St=jeV9x@OuqOAO%S#r5w87W(A_f50OVe&@P1WNmrM8cglrn{9Me)c*Y-HpEhSuM1R3n1q1{p2%AJdvdrz>ZLr^|f0Qfzo-f?e?yIPH z&WAr*!+z~~Ad?*iwf+c@i1VV~uKFeI*&fNnrOminoQgEmdg}a!!ZFnM-6BjrGRbM< z99kT(&99Y)Ud+=k#&u5o{L873K8=+yF$9;*9kozo;6oq08MUGpdMfQvOx(WT_83|%-fnG6gEW++me=!EViO0{Bx8>v#?|V!lX3VI(k=fdE{XzlmcjPcG zLUb)5%|gu^--b;(Zz#*uTfl{*(Z9X?y5Y#B{<(8Nma(mw8Kz(2`(DMFVprEBx{jIt z!2GP0xv3xPpK4iUQhk??&K>YTu}zC>M2yqbR2Z&Jg>*erk|v{a4jc%s9PP0mql`ei z4nnTUu&2tAXMg?hobAAEBWFgc&kqUBA|M?3~uuwysQf zH@ddL>-BBY6}HlAU7ciJg$fr0bmO+mKcn`t~Z_@HC3a$`-pi!P9yN8IlS~)?lWsf zA{Y_wX?2JRyc1FfPL3Z@!Pu|+ncLIA`L%{>(6?sF-HvNj2Fv!%Lu5-${AQNQMvnuw z9{ZT4hQX9^;3tCWH7xU@?|u!lXURQ#e(?ve6SFwk2JF|mQlLU`)JM+5i;X_G^T=+C=|u=9lUupmdv=wr#LnbBs-n_BKWimrbB( zPZ@rr&Kd?R4Xrl*d`R+3C?pGUx2k?ZRVklRmwkB(afd*kRgJN(t)%4xl7)UI}f{IFAw&N|a!@G84(qky9;7eBrq zu(PQpy%1B}`;-}IZ4D3;hL!_votkY|%3Sw0IshIpx`jID2Wf!Z81IkM06?+2upMe- zsfRl7*!ngDOHdL<1djVAdJ0Q)8r_-n8OrzF&hqa4{s9~^1YCqO*7`^S;Lo;>%^tqFU zvSwTQ5Qa`MM>t(^x<~_P?e3Q>%!Gy=C~CBJnP|p2DCV@5Yed$L zfGc+es4hG#%Pj^_->C7tjCbRd_lZ+2Y+6s<^CWqR$=~(I#Hqu>`0NQFVrbaxuMUWw z;vCHPZDUa$a*h&A=UI!YQdE@N1@~o)%)70DpR>*B;$7xT@9S6?wdCCai^DCtn~cKL#J3=IPnd^y$I@=Mtpl7{wB|G6H`(D#CSVt!Y-_JlX# z*zi>MuWh4`L1a8Mxo(K{cGb^zML^*Zy0Di`_I|r+`TZ%x5+H?seP?~kUylCWjg7?9 ztyj51?8uzex$$5D#t}<`TYfHQR=*N{pSmZY5oz(Y1*1INPa~4r_YTQc;~t9v8tui` z5ZzYlLSAO=l&{+e?&t2cyHL8Q9k9qtISuiW~4R-eK!Elj^xEi^t<>X%-mdc-0eLciVB>e*2nJJ{TDAs zk%sq0a5%h15VTj@JBkpN-zq&b*shDk-M)Zs!)FVT?mq#qr%&W#5uWHeT@HWndjO?rKYf`nb)k z_UJeYF1nbE&6apXllAWeYz(oo?;IpMPECNY=hjsafE)U50NFvbKo2TRcc@|9s!ZH# zXMpv3|Lv;h@P;?<5c(gWAEg<$C|FrdoDF>wr7LKAjLKi;i2L0?*8d^)8+9{U{v+`b zbb~mfXBKL^RNG%$z;RWi%J4b~TICT5zB|52I?O)j`G#Zx3hY zwjM>NGNk*aHz(a>tB6n0ghq8ml)Q5`4#Gdv!?(OcHzK=KeIy+SL>wb;DFa(Q3HQqR zx%PYcv&?bd4_*L`>^7j`=Hog-MY-EAhq|g*GKyyA3Ne!jv>5&Jy^uGaqi(yiJ}0l|;dIF)V6rjP* zfnLn)NZ>duXSEbG`tAV44i#-kY22HnGoFULNDj%YNvtmIHfJMK&dr^_>LH|KTI1p^^O$-{gt^HFZH!y=w-XnZqN9I49 zPQeIT4w$(B%4LH4HeNZ`E#NL?3CJxeUSbE}o)dEjz#NQ>q8F#_RCp|9yXS=(HK|B6>Aaq_IEOKbzmXbk|gEq#!u)r;tm4<$I=1C+O zy>4pX%;=8#`XXA7Q<15O35#}^gbk!_p9@Yr1_`IdP?ub}BRc`m8hkv?_vAH_`$4Fl$#`-FpRhf1KuDNpy9fYN}cy>-J3tTke-Pj9$ z)*@^mbl6P7J2kjqZhl}VdUuLfdBAzJc$tnJ&aXl6)v+B+%gClw_Y`7wLX=fAJ-`)( zRx003fiSI{!oWFW@R6R$XMo&zg`!V~A%_<(&-CGHrq@tXiT2NN`|h9#_v zZC@!atBE%IiAP)UAuGQoMQoQZCkR;CS9JUXH}ZU)9($K z`t3NuLY3{d2g_<5TwJaElmK1Aq>6MOwK~vjv|*GeE(sk`7wyOG*S&bvnh(Rh+B_dE21#jZg=Bno?G4(ruyaZTEeZKUz)vdfw1KH)Bj0SQrq(97r7wIbl=v$05N!}R(AQZVg|*; zS$;?{hc4wo-%+;jBejSLcsxt}qk=y#@uer3!3cU~oan;fMV{JU!&=#VCe6|DTw;Xy zex9i|sYk4q4g1e6~#y&yO+2)%U0J1A-1(H&`+8k!X@ZN zyWwFnPv#<8o@J?3`fITrD+bv0fQ^~`TH$gxyrr(X@=2vYoo0|uNFBhjy^PafAY2+D zJj7i+Si$%0>RZP_GvWw8C2;7P2G?SsYjyHe$Em=ygM;S>u&6QftuD(ZE$N*={hQ%; z3`PT8J^+9NZKE zkbPM4-KF0z`?}oA+I!u0x@>+^E6{NP0oh&H33?6g@d>4#;R^QaJN6w{j?c7n3mo%t z^rQw4jt1En==;D_%=cN&s{&f&M%Qhydr)Ih3nM$8&sEHe882CmI0oa2PSi&G&3eW< z$JI{(x#8URJ}YC<8@i|Q7&NXU5(`X;^UB7Z>1kTYw@;GJ5UaHvlc&e zGZl}_#v26M)4UF6Et4m)ENh$*@Yfs8Os;z|)OtWiyfd{@wRE2tyVQ+dFh}O_Tr{{z zuo(?g>hNf>?#x&*Nj|CHc-Yd`WUGXhAq6HiSX3T78gUz_aMXY`bu1T60l6cy8L#?g zCfQAjuPD05AVi>-r!bUceAff3_`(}SQGphcaO-ii?=ICB=TF0)EEb(sm&Crpfx@82kNziNeu1z63A&Xn!Lj#) z-GUI;3B2X^@na;iZ^uf378UcK-fZdHQuwBQVV*(+Llb`0eGJ;)6mV%2r3 z?%Q-t9 ziyXi~GE04yNb2!7*hSCYk?uEnL}69z=U}gZqr$eW_EMj$HzRgoDD!GdJt(-i^qX!tOsMC$qbK&@mvbSV zqL1Bz#kRIoLvPQ>S{RM`bhGCbur6&Ajle8_^h;;`?z=rGQ1ETbx7Nm;NUOB)%E;PY zAePuv)SM(=fvCS(Sh>hcjWNx0+U6wNi1c@5CqW9guSC~0#^`q|zfi9EqB{z=y7hc5?e0>r zor}J&1?f$3SQ&-dq35&%SdrW;oGM3m5ex~!kg27a&BuSU$3F;sEGVH-dK*9(K#Ahn zE~HRaYmeszwYJoQOkccrxvD8W9G@^On4g2s?;gZLBFK@pVqxg%A$w@kX8}8zjptzg zn9-NDqS=9)72E6gphw1g*scY98+V*msUM&MRa5M8QO;fM9)2 z#nXO4(jn%YY+rF(=otMG;*-RVF>dpNC>}iMzp?k`QB9xQ{=c2HR*^aY6@*k#P!Lj) zL77suh)8Li2s1f~j4?!ImOxsqpde77kOD_gMj0Xk36UfuDgrV@WJn?jNdzRw5J(6^ zAcNnBo_p_U&pr2h&u`t|{jK#|%Rg8d$neSYc|QBu&))C-+Fx3xI!;)9&h~T<039us z@aRZ}iwEW4np+}59UmE*Q|l7ADGqKf=rmQ|fJ&5Y1;7(-{=9wA3Hs_A2C> zU(JDu#ZDoGH�fmJK0tiFrEjX)O7v?)XobT_ld>AaVJkU+)aJ3vB%AyXHtCa^x^9 z)jqJi@qX!qnORDskl15+`8iYFb)t)^{=|>b(g-3b)gX+SLgZfyQorb%F*B}f%2xZm z4YjVXwo$-Z)U052@6uAL^kY9w(G91*^GO{bfo(w*eumSS%oS`xTSfA% zXI!^ye=bTEd4V!yne}Xeio3`B)SbADyvW)0VO)B0<&<_bJ-nz~tT?B>P>ZL|C~HH&M8= z|GYbkW_O8-a6&GlKVEfD6gGlSW1F?ay6_wGML!#C1!I`n=AA$<8__?h?PuIVMp3(f z*#sMYHQ1RoBnWl>l%m`aT_l|a0Z3omVlnF^8RS?)MjN>KexUI4Y$# z*&&A#l8^KaqxdIh)p5@l&lqAGzBfyXZ$rDDBdgmbogKrt^*m+cN!HWE zCZx$6XO|esF-u_^4psYkuRNO)BglAdjvYBp+6|yvf?7{WZHAfJqD36{M&2 znJ16kZU?RsO+s%6Gk`FnN0I>8W|1$$JgUx^om+hXGpIJuHVgPo7RqMAK`$1s6a zAjAcpJAr?`?X=UW)wt8gtAGEIF~6L{=Yro?16g2(Sl*tGneJEkx=Bo1@(XX`%3KH& zSsjZ7Rw<)hAx1ozaW`SEkp)7g>d!nOpTA!dGF9}c^74RsCu-3GbucV*$ZX)U3kly1 zx;m|5?)*S@O{=(W@wAmFa|Zc2E_83Ao-$Gj&zQAzf$rp}2Sr{jj_lNzkG<%Kz~#pJ zsy?Nrs%)3sLyBxQfYM*_PNn*%k4BYlMTdC1C}(M1GN^=;blSP$R>X;>nn|~sDIM;O zs^?1{TYl&Sfo!rzzMC2>L4t?s$Lkqvn1WUJ>(3RuA(!AQTF)&k&$e~#z6$W{UbvJz zCq((RB5(C8Br)TLGEjnfA)#8ta@wwX4au9e1x|BZww8NF1fb1=t^|I^g?;Uxd*N=+=vKMP|Ampc85j{4M;tn$sBl3C0wlL33Z@BJE`?9-leZT3O|l4k(zS?@R~v{SX=+{US|AkAhde1X zEov8-OVQ*-UkZNFm#xiBD8Uijy&QvpEgk{I$yacj>0irn{;C4?R=I!6DcOQ})96|B z(f*E1Y)(EJ;NGb|S3%S%pB9#aWiVBq4+h5MSg?uaTETB|KWm@PE{?S@I~H@Bfb}q{ z*prcM3>wqKAP;u)$bdV~r%;h!#g+`i#rq6$Mljm3eWSzV^z)>oE(D^td;mSmwc?UD z$H6Qbhm-^`JT~3u+)vsIIWJxo&8S|#U*kQrFqN8-Bv>zJzA32v9A(>Bd2b?y9T5in zDfCzkbH`+#%SM!?{``p97cx-HeLu0^dngVK`Hku!;&y^o zXC|_1CJ9B&+uyGNz9&R}p{aTByOo$WgT3;zij&S|u?4M#R*&WA(cjSL>sdL(P?BE4 zkrKb^E0AoNDY~aqsLGDzw5CEn3bo~vids}~clNv-%?c-(o%!shxslo^2}T36v|ea+ zdH&4UQuC|D!dY4*Oj8+Ag|(8FXO5(4JEflKo6!!5Nnoqz$cp{c9AHHvq*1j`GSa+D z>86fWRQcJO$t`g!<*8SSnU%aa=2B_WiNwi~rao>twUD)kJ4W+HT zRU(*r=0Rx{6x|ortO##MedQHEStf_4^W96`k%}o*u7VZujG<${r(B-8nBMf5MSEcH z75Jc~m^@g4Az9+L5OFPv=FX|5M)2w9u7(1x@-BR{IR^e@#kfW7C;<@EpA8@qkLP~T zvZwjuH}7Ol80=2(sQpX6;5h#+a|h0*tBnm@dG*R0wMlHmaBxzjnKkFBzZr`b3_8>0 z%g&&!YHDaj!|v&DL0kbNb%v97`e<5NcSu?6Tp>&0uKezm<8FCZiw@mj07pdED6Im{ zUx8-tPW0`?%XF4f7y^Ybx>R*9ad&J?n_z?7A)t5?5>5kK`((pM10{18Gp1z#jS^u3 zB4KecX0d78uA+354?!GfIeT3vVGPry%qW3{Wo*SBl9L{|NjJ2p5B@68ICcHyKCJ1L zGPs_PIJqlZWvKE&a~UzJs^ym{``YZwPL`HQfg;3v`^`UTeFE8Ke-HwlTI=__Xyo*_ zI+18sg|TNHeNHK?A99A_so`P*6&<4k(X&F~Zh0@I5N~n5&-P3!&KfM0X}RMug5?+s zG2cJRX-%{)=D7=zv1UjfZ5plkKEL!@@uWcvQ_losW^jX`72G|Vyl%MpnluU>@x*$i zkk(0$8oKuLFHbLbDc!!PRWtpOPVjxc?dQSP6>K1$eNrh8jC?)fBR;Ee2~LOSLhzW} zYH)?Q7r;_HypcDQ4kd%$%R2dvrQBa*m`1Y)3gp;k5ZSssaJq9xd;J8?z#di-d!ObK z{N}3*?1$U)M{r`Jz@Wh8d@Ej~15>>a_Zh35`>>)QTxf9|&EP)>Df#vA_2v!3m^N|z z@EO6e^J4-RFag$T5QtzHUN6DI7878~z&N-U0_sf5i zWBqsHDDS=~SAyobhJpR1AyBi6Uc;HVo4NEGES)Dno)LLD>`WM2y-C`hTgP{fP!~^O z)HlJl2d&`Iy_Y*v3QxB=(|pw3i?$n!!lbw~Vgl?WGLPP2JrRUl4Z$g|k!gYFA#KoP zbh*+lU+b0fpz+K+x`u311YMa`#x(*bw?Ga)s+^3~0W_y4j$b#jEmJdgi6Asa3ve~I z)Pui)xfk@1-!9eEbas*Ov!-V}?qM%T@kz?Khh9^<26*e7ge#lGC#`v7mO=qiZ92yH z$9ZqRyN7X`*c7QiB{&~Rn)8X`HatCew3{KuT`PMmU3fN`Yonc8H#j)h^42+&dXJ@m20|qP=WvT^Y8aZaQ zMG5P+)0#-O+N6Kl%FJ=3-a|!O<$NO$w|Y>taq=#2t({A#lzk z&*Dg)=T3dfj)4TyuA`~6Cap%`jZrrA=qA+BjtT>KDgyAmx-biNxHmAX2+LDzN%ZEo zu|c!W3ddQZ?|yaSER`&e?x!6d(Ud#S7zdMmx=^>g*WU}`iJ%H$i|72QbqIk)9l3Ww z!?DH5=TNPdd#U2=3E_%{t*pH$jK&I5Y!Z^a2<1XM6;gqWZZg?x`di(3oHZWIT`Iaz zdx+qt(Vjw#uiQhyX*}cfC5RMf<9ry+;IJ0myG|c5YUSK=>>VyZ8&4||doK4ctAho6 zrClhcyjfLNGJ$Y}=co$np?TDpyj5~j2RI+_t+9QWt)Y$9wc(HAV3vKR;j&U5Im(M9 z9UsIHyD}clC^Rx&H!cgO9Q}ZT=<2ysYsty>&c?|zdjgZ}3Q)I{)YMSN=~QnW12Yo2 zZ|2f`+MdWB61L$4N8_LcSchX0xT27I8t8a`^vvZ>vVeTrZ){N-pd&qJpTul?v93Zs;E=3(ab>1qxAqZ zTFAXk73!^(I{y7uyGiZ}{VJX%+IXcEDCL(E7mjE*7q?!4DbLoC{@Tf)qRM3fn8k}= zzp(l>)(f+n+pE0>UvmdlNo|}MJS0zKEmANkb^nWkxId}V!1ve{T`&BGEOCC$)Hwq} zs=vgaU~_!vv-n*Au0IX>3`=xNq;^lpkWI?KgwmHauT0}|Bi^s+3Gq?+;EG20zGc^H zZ>miuY{^Mtn(3&@5sf@STD}xzdYl&%pzb6~p$gcFPS+{q65OP?`3hZI2^(k}3T13F z`%5EcIrxER#}42vNZo^a&d7r$mGr@K=9N((XlR%DbT}{uiE|$>t=z%3V?e0%eTIM#`7SYHiHOkZ>GCx4Z==(&J^LZr5aM%I2ek@?_mbQMF4U|d&*R>!XMO-1w>%~iP1y-mYMo^@89UbTv( z7!Muf7s@Dg&J|VJ8^0gm`61$+3cpkvh3OJrC8Urb>nomL#cBDR!`#xPqHNf3i8qXq3MOxq8(wKy|M8vVH`8Cze1%ks5f!kp-$ma&r)S?2yA_% zwyf6Py(YFA!*A@5WD{jDK`1Qg5jH_;JKBa=yylm4$5u1xl8;K$g{Y_kjaCcP-Y#km zuwma~9i=bAJY-?q946qgTP~fooWs$WO;yd?-1F}G-;f@AUbtOCuNYR@oy+2VKLBGN zXSArq1f?A#rRn6}d*_|Do!a$(6MRl3?vTsWT7vrtl}7>=nMYj@n-PLT8&x^r5Wt=t zH%jUN*4e7|`K-40kkdC(qZ+23sYyqIp($>Z#UZzU&TGwIyr2apFl!C55 z!I7n?DC}p8f(h&Z-La=B9_^{6zvIL`KFn%!&DGR@~if zSDzm)jrRXcejA|Nkg2t#9-ua8OsLYkWuIZ!#S`I3B)ZralY&^%PTWMINW>5CuS*`z zU;i~VFW2>`T+g?0bw9OJ|PbMkQB&;d;z`02#glC+6DodQ_PBwWs z=0_Bt9VsuW8I)f`^=w+EET%U~oGZ;_CLKG>s2DsM!&FVmQudB*3LsPDWly6yu zHQ0{6%0Y(uxa^i`C4xRZbP(mPJ|^c63pY&RZ5uP+d^J7$FxM&H#mZ&3qDvMRU$UGS zCY{_j_uRM7uGx6R>dq>cd{~Pe2@!kle4HhEDY9z=VubC{$}SSwy$hDA>tA+nA|IEk zG=00=W;4oFBBqDekiIe$I9`s*HeE2AmMuUu>3r7eqx=9?_34(43Axv3{_ zM!f73qh|Wn{-|`v3@02FIUHxz68(;96X}gpMQRt+*>Yw((9)ub2n2O4a!i*c~(ALC2C; zG%{{QDqbj4Q&A)?4>$4GRM~OB%0KAjvCqD}bO?L4HaF5qCn*Ze*NH9VE$7KEW%fPL80L}(aQ(sM1nhQ z4Z_D&$TQ$>c$Y$`_!}4sJJ-L}O5R^jQff_cT0rmnd^+vT(1&fn5-xk^ED5 z4Q6**u3j!j7Y_1&;8MST_DZyNVr%7$S{tTlM=fqtM$p5F>8nZb~a{8SdHS(;-SoTCaONA3p11h^ry& z1zo&WUZw^Fj6yfGk9bW7%!#8upVjRf3s6s4RLA9re&0S+PB69;`RmT1#9N;>+8#R= zu%|5b$Yth!Gh=0A)^Wdn8 zkXb_ovnfDr^49+JNXFX9d{>`$g7w+Q=s|wuv>KNP67Dv((R<__*ou^D5r%Qw!u&Nj zW>M%}6E(90-c_&==_t%pV>S6EKciwxT6OVvNL>UU4+^SlDru-&*s?0)i$VeQ(jNh; zAOBG{Pxzyt{`Z%C!cuRkNwkz8Q|v$Pu72Q;W?9}9&h?EznjwmA66y^+S-I|ESboxt z(P~5k3jv?^8mFKF`Ago~%X9o<60c?o<&$-nq{Gk5EJ^P=8)H=0xusHh=L_Q@4b z8CymXQg%^PIjXaYFru;D18h<&K~{Azw;{6>et#AggiEs4zRLIWB$0@yri!9dneHAc zF-sQI@TOU_U8ubaY?521yms~JT)OHYCg4$7x%!op0qFr#t1Z|SLJ|%$S=2V zb^WzRJ~&bh)53mB%LbmsFHU!^yaoat(neEqjB-8M>T=|1pRWL#_V?n7XRGl^N`b>Q z&UD@W`Z&Nt#G|hcoLYBY)eN?-Fo=BW^ncv*fH-|3veOh#X)en_6w^E7KkhwV*$d18 z{<$_v&%#ASUWz7Ny~NAUO8FFoL07A2zFw8#{jHYcZ(qB5|2p{U)iwI}ZjXPw_5M>q zNZ81dSUZ}nh+eh>X^Z%XQ=hGpI{(pe{AZ7??7>C2vl=7UQD0}_5ky|kBY&qWWF}8( z2ev*M?tcn-uR3D?Kl>{MBX{<9<>Hz5Yt-LTJXD}i=T)^i!Pj3^{E{mS7aGR^Aa!_H z^}p58oIU}5Vfi1&`?Kb=>Z2Y-3xkY#lghJxz6n($UX5be_5$>=e}B*a>aDgIHY!l4 z9|O_4Q&oV>J&8ed(Pm1SA(B~43R1=c zc}cmx@%uG;CET-`!Kaq9QdTf(eX-P49UluSkv=H}zD^{rrJ24D*Mk8*#hb_?Wq3yD z_YQZDiB6hMFyt}hR_L-ASODdw?DuQZdO^*?qP*<=8V4E-q-OhYQi?;_H;Yl4d3*nr zgMPR8Ys-gY{xHt}Y(oFPHaDVzTGZ=%q(^1ZV%HXH9&Wt(tq`~X8%~S&B{w|4lARJ_ z8ItdDDQ>#;Q-aOQjET8fkSKltE}{#o7ty_?8{nF=`2D%RP1j?^bg)_f&;R{r&wY5u zhq3ze9QrUzK3q|&_T__R_+S}6Scbo?s~>FQ2b=i8CJs1$@GSq)P5fXJKiI?p*pYX|DRc01du#LQJEroJTigPkCw@(NoP}E(R%pZ^4rnn% zdNy3^_A5Zy&zm7HB_e9ikkCTn+Iv8U&X)V+)JxQ!C( zS;035eEI&U!gT}tr)RABA^B*T_5F=@jSZ#;vE7U~d>3-5x{O0RKQdK&TgOpH^48Y& zhyh+h5vH53J>tvhE@YeDPy7l#qB0f2q&oG}P0ck*@%vZwr`R%L7*SO)G(%n}rtvUVZ>pfin zvAFvVfP|2{=2YUYZw*SEF6%<>*dHmA7i+9*Jv~9T5c+gP1Uv}o+I{6juUNJ-vUgf+iy|EuG!nm=4F-6yHh$}wHxEds?9}1%qFr)m3Y~kgoTcZ&mwxU z&KO*91t8Z*l!Z=juliZMZiq{~7!g+h%FGGWnHgk$Mng9Q_3P}r+OH+GZF(J8uhP(% zmGPgk&gkkB?B1T?f~25^yns-xi-=6JsR@u)D}^oIr(?U?3~XovA_>;ktT44=$R&h) zt&?epbkjp;cXi~ zb@zJx10|d`|NT-HJ&%x3@@y$zV`L_u2hYb4U(fh;5{$d+EmUm3I!-z3>Kq_GYJL50 z>A-&j>;0Y@{QdqVISx*yq{ju{4hqcfa?gx0QC7cS(~9WmyTll86RK5a!Jyp5eg-y0 zR(Fyxem;Yi@$>zqCu+ItwYe^ilO5zSARqs@^4BJhZ#c9LM*St+>f4kA$e=Y$HVP(o zB7$+K;Iupn^5ZPhlWoP8FX#{aVzx4Q=AaoTj}$#*8s`Y-5Anzeld83nZP!{EKPh35 zTYG%c(3j5pOa$2FjL&i6gH_Y4IR)*R!nXu_q=E-JK|cEKQG?4^eH+!CjsOCFlx>f^ zI=Hn+I*tZ&lCg-WLBU2!*SUcMFp$1qLm{pNGL-S{>dF3he@JZoDZTyS`9G)o|GyfK zPtuA30;Y$qCpRByX-VAEr#un>$*e@_-cf&lr+zRm)>L$&Ye$i_xEIu9UidH?eTZ8v0QPFb64_eVY>X$zNIf2eCK?QwsrQFnYvGCeje5~$hDF`T z{1c+PdC{s_N|zr&tHP%FYGTj6HqfG3egFPsp>_VE@I~qwcK!^D){3!!H9P^5DXPpg zVN&*(t|4@JgIw!|8&=tPv*xv_UPQCgB_R(D^N$C)WAYI2Tx&3Of8zUEz^J4$(;6d5xzz8vT_8iIkN6~YMSvepmfN9 z1L?hY--ZX`ne*AxzhH&5Km<6FIIrmUYqTe=;5XGq92#^)|BU)&8}iF3-LmpB>z_G# zgisTm95FJJwv-l56`znaDQ|kC^jaPW(Rg{hIx}u=XarJP%Z9`;p>Z z8>BJMmaWX7E)t<~kGFp7TMh;L3(^^FR{gyo;MlGXrClEAcD#&BYCe;)W)7;SJWSz` z(hOVi>aD%l(+`|0RH>(W&Al#y3Tsmz7Yp%F4Rfh+22i8S!sMFI#AOewA9!L9zfx|; zzFLkBt3Ni*RCkLv#=FOusMuliU_Q3$JY8Wo17RQ{^+}_8-vfBzFxNWg;uij#6{CcYm zE(F9RtaQxO=65S_>gCH;Uj$2>~L)?=H% zi2m-t(=QeuQc~yvc3=7Lf4?Tf4znT#3P#d}L7?hF#TI`zhc4Do2yLQ;i_wq3(N-Jv z$Sb!+vVk~v7NV$zmjiV`I}JBOaQv5)ApbrBA8!9O<;?$NoDT7j8uIItg2P!dH{Pyl z^QkzPyb7=04B3q95dmdSA`qMdSV14|txf>&L&4uGlumo%p?*3fr1C-7X8y~dJT#hc z=`W!bO?eHChgjDd(Dyd>$iKrn0YOqeQnd_p7AYnF_<^oZuhFR^8v3Dvz7gZqA!*_FeKH*|o z)V+k(1RaLl;mB&faKB1GUD4}>t7q#1F#s9u0-ho;_L}HrxFr!>ZIba12mWy8L8v#OkW|r`@!>W9!|_=w*ev}dVTx(S5DUOb z0$QZc{i$Fk>%!HabO0yUBf)7+Tc zVZymDL3KFDkFjjmjB{Ms_?e;5srPHbf!Sx==-jBkMj|Bc5zyHL60-9 zw-tDZFnQHI%W{kY9Dk3QX*(CGTqj;+sA>UQu^RamY=kBsln9?p$h-!-1$zeY>b#b@ zr&QI%KI}>BsTIt!Z*9^K@7HiJb9S0P!L~e1+^0NT&yM5>(d zq{`X7yxIxI*abw2$Ak*XG>~cjW(c>+DdWk2UE#xPKLc2lI%&g5W9=J17=rc+3mJY< zg1$QImfhJzf1DX(R^OpKAXWf;p=*L-j~sP`n57t=Udi}Lc^Wc{UNChy8mIMEJ>C1F zo1ll=(#x!{yrHO|^!mF=cq2}n=RG$lt)j}0xhQTdwciRA($l3sWJ+pWt!XvIJ*fty z^yyc zr7d|VNsjq3s?G2+MPkjOt?6^vaE2NZhYN9MGlmU$@7EX_FSfRWTB+p;YBV3z6EP$n zZQd%zZF?8VY%95l>ph;_9l@RCSvTGfG+t@i4q!zp;C7g~DvH(8>1`e_89NAx8;^|K zek;E}LZw!kYr~)|b73}SpVf9PgAde#Z5D z+^~qAg{fnX&7_2kW-n#V1ab$Q1?%H0So0pYl!0tg&vxuFpkRD9yJ?c6yM|86KF21x zYV#sAvKm?GMr!S#Qm#lUX86y0I`83z;(Q%`OHH7m>jbd<4bDN(elID6^HIq!GKBK|U^$oP=tUQ%A=VQwG zDmIy#9_nq)SHghkI;xtZ{#$}8F z!75Y6)XWaL1B?Kxef}2kDB#>J$e$eb`+vyRx;uU=>hNLRRhjICCXdJm`#+dJqYJvNMco{>tqgI+{+n9Ubyw1ZmF%17xl4t=<0!*JkOGMbUW zu~`Cv?3vB0p~>u!=ss_Yj!GZj{ad_O)v1OFe1@P(9vT5lRex;a)BY>Jm~Nldv*=4> z>u$GqzpUPk#H+Wgw?Y9c-wkGEQ3z%T#Jx~6oVvtrwGB;*yRm>W6??0XE!?qZo+?BWI<@{dnicd z7U0_QI(+1c_+@3pHhQq?pyyk6z>ckAo3+>3bH7{iHWk6Xc*hmq1gBoCbCg9oOzP5u zYw#TlD*dge@^*&emm+MW7WMTr>ODL^XsQv*(F*IqqG_P31tE!FN`}61CAd_$jQI+O zzNeOuWw0a%Mm$EKAYy%K_a(9jgIT9o^IC;@h`(lkxD`CfNbyu{N=DkQA099_N*Tk8 z=7Q3X2ZnH~v2M~%8~!6*FHoQTFNual;21eE3e!u zYfTN~3J4c@;pd6`v6{C+*RN5%NK$uwbzI%@fogL$pDbtG_HN!pKP#_PIACFPRWWS? z=F0uJI(Z(+r`aoU@QONfR~rDd)+{FmVW^GtGyt)WgeM#9Xncir2vil7ecRpZv%NGs zTr?!Kyu)0|FNb|BQj>O&m)utVNx{QE7C?M>{P$vzwO~{CH5IZl3Q^zig|Pt#_A){u!T05YVG6NRPI_5A@rKQFnRj^K$JejJ^7r^_8I#O;(pXFBFc#U zg^;F(;z2luk-;84CvPp8;Mf|GN8-0hSbT0M#k!Q8wyiqi3so5-L3_*{&4>ed2vS?( zOOX#u4{K8B0P*ibA|$G}cus!q1I{;L-E};Rj%|t90(Y-G`s6AMPp(OFd(#XVP4$UQ znbg#Zb@r-H_p|UEZ7TSo$vp@W%L_nfIXu<7+Fs zf0{MI=-ngo&0OouGCZccvr^BR)i#YDVqANGh4v|rMUB7#wace(T{5WVWLEJ)>xcID zx9>1%iR2}^2l1EO3(zi7)OQI#z%;|Gz1xaPQ7iuC4WVXL*00UWLj(uIgslozFcKdD z6>wkkzNP-^(W*Z1%5hIDs>QqiU4B{;0Tp*S%GA`0a8cun_FKx_TsH=87K7%|C&kMT zCg_Ji4h0J}zB9ieVY6kh&?@P6Jm#RkKd&0NGofDA&-$un+~+RxnqqAHh9=Q|cD%?93I;Kiw# z-r0BeD`qIlvH*Vf>ui)8u^L-dRWY_)?T8tyXj!6wMqr~XOP)R$ALC>_rzG}Lgo`NL z*M%G|e5@x@bTa2g$}mZe-xNG)T+wf<4yYV@r%NI&CgWoE7t9PNxpim=JLVdN+1+lu z$7seg<}^Vl5dr_y0i(hM5ZN@pxN_xbi7+|fORJ>H3ZdW0>Ge6f+CQ52Q@?UVMNgX= zE`q3A*48&YD{~+~#w{U9itbp|-sY}LiFyEVaU8ctv<7S4gy$TK@VsKKAi~*TOeN&c zaWG2-F30NGER&!^2ZXFFk``;vcJsQno0 z`fV2^c>!743YXmS)Cdb2Iqq1U1e9==PW)n4UKH>J&*xbU zbF8hJFKvS{64OM+f_y6f%TO>;a204bV~6-3Ha5Me%Cd)+{f zWm$V8(S&VP9n`;|xs@+O^?BI{$X@u>9vrB!YOpa4UUYlECOb|7S6w5k)3ciW=UzG- zWuxLakz0@VzM#_QNI|jA&#ndkM6(OLACg<%b+Q3zF3>zsI>(8g4i5@an=nMni8_Wg z$lB3>Cu&%%v%9oM{Lvc+O&50QtHi-lWP4ovx)rbwp2_I;1i7_tkR&cT)_@#5+aAsR zHk2`ph|LO2=em@J!s=#M|1X?-iBxS^McL`~tbMm6*#AhnW3gbNdPAHUA^f{L_K)8x zy2zl=kioBzH$1b2r`yBgil=fnPud1@r*pY(EueZbF%YwuTkbgRvA|hb&Vhm@%8yZ- zImRH)t`sF97wtofR<`B1j_zr}9+bBZYu@%a-2qJ+ZOA^x5~al?r0qucb_=Ix6s$>I zd<#xa!+ZN+k8q6)5{RMK(HJnrG4Y1CaX5j@afU1HxxREpc~ag4 zYKRe!X#V>7Yz@s5`A)pW7o+GtH}%Xc)ki4lV60z#KWun?o#KbtgIzMCIoRyWS*ZGx z#%2VYt)~}D5D%w+Zs=Fnt}Av&&Q$fQB@|BybZ}2(_1#a9G^(f1$kwnJ)X3TbwIdsO zxUo8XIoDwo5uhokDY{d*M6Lg+<{Fjv2WF|r^e{7cW2^m(^u)LgSDrn z`2f9E7;~(Z^0s9n?66|f-wZ0uX^jj-svYqZjl7@G~cf=Sp%OezI49VoX)$D z%PW}!8K7=7LD9xji3f5g79Tl4yVw9wKMvVybx5tPekIVAw$%unldRJA&>W($!pUio z%>G6GakUnPN@ZNG5rw@0<$=AsP_f^!}YKJ>VYf0VR(7@0CG$2;DA zGmgS&C{NB!FHBs3NXK{MEE}Lp*cUM%fM=tynhzx3uuMhj_{sB4-SYW-Vl-Z7*YV}i zJ2UP)Dh7nh$j$rAi#VqgXVesf&lH{^(TUqtxeIB=KiovuTneZM_)*+V#K<1+qQ#0V zOG)sJQI_rrrJ>EO{Uw~d7_`Eescul`&G0DA!EJ>bdg(i3qeqW&rq#kSU$jiDoG|2* z$k6T@!cs0VO2eqft3UV=gP63~Hf&#so(YfzWa22D!fP2&JN1znMcsmhc`eOsxM;1a zIF8s1Yx$C=Bq&HkaJ466B;wkyRlm&ckJ5wR*75ekFNPP`q&(bBBFCE7V5F_h({81KGHNCQRrfn=A-D^ai^29#Edc6AqmeMb|v_uO}eJ*C&BNF z6`*YH+U-SP@<0xC$z!aXoUNv;b2ac&e2wckFwmoNUVy0do!e)ZO<tj43hBLUq z!<<`0tpQ`{@x1%KyTp|KC{!7la@|SMO9ZkZ;Uel${%3OB8)SnVcf9Cys&gHP^%aD| z;&-)C&sc@(sftEw^#&3hv6>Y2E~@nS9g0T^UhPM!-SC3@Gg`$LxULRbrDG`FpOUwC zt~5{%Z|lc?tE!%N3m0%vm`yIj)CcoC>lC|OP)^quDs1U@6)!aBaDBa1AN%D&EC{bFG*p7x+1Vx_q;N4Q8L9bb) zaQg11_A_vEQDCTjNBG4Iwbu-{s#?Wez-@{3aF!-z7~vm=vMJ?7Ho`_~+C}6N1Dw&Y zEZ-^^th-uv80V*{DYcmQwTkl?5B zBYt+zPSqGd{LCsEJVjYfyxplr;_hytwOE)IS*WkdP1KUZ&*~->z2QNLU|v(Qe992& zxti`yl2BgqYz3JXxq-jci=^<+Nr2$5toyBZIaNJZPukboxy7%2{neNI3tAv^W)sK- zF+_cxG=}^L_BL7$1}ESc?%l1a*97!vJvl|NXK)+Xg|E_z64pKCI^SH-2%2?kP*}aJ zi(2H3%eK=78_|53P1jtlq#yVEs+#=W-nll@mBB(UsX~1+`6*KI6>$H0wOX->@|ZWv zblVU|L;20}0^!;)Z_J`A(&725*7LFT0C{YAiRzw{mx#%wCvj*xC9x&vdTST#jzz^3 z4_UG9Bzfs{WQX&4?sU+#EHo_NuaJD+A?bcFCL!Q5-IvWdP?LEAtdE%H(~v0g_{#23 zHImS?X#jSS@#BhrF1KtPEF1H!8QrL+g=*4m4+SqDO}c{J_Xe{;%}lhwB>&P5Nrui> zD@Y+TMt3h_8tNOuGeJ-4Lclr-d#&yeu8-vVC{98@^=y7A<{4#$f__ho{Y;43&Of^{ zHU`cDt4oQmcUvSi6+z4r!1%RUU8J1VMo0=0T#$P74q=aBmZ}K%HVOE}Pe6-OGgKO_ zM`@i@^nT5Sb44re{w>4&we8O+`bnAPKB@wE-Ay!Mc<67QU<8&`C|KWnQCga4Y8@y2 z*b5hI#<>g7p43Dp6*Nd0;Zcac)}Afm%w2>=@1Pgu+xLu=J->z%Zaz0tB_aQFVxgK-(! z1)=&BDlRU^J&wTL3mT*5{y*;*JPxvwp99bSBapTayX(thyxnP|T=#y>k*dfw=k@`F zYZi`U1zftSu$!>aIrxeQFf7+Z0(bC(ZsT91mi$k&7ypy@YWyL{22JzO{jJ~LraY8O z65WZq8!mKfqCN`rVrzSCr!@lU>|91ZmH&q~!0#{{r-o;6?@$0i(tGyRI=iS^FYH!& zy##(;sToJ$`+B<(hW0d1A2+w&59W?1^`Mp}#7&KJvLo`X%p!z^YRuO#(gj;-1CDz`ZHe?9(jS^ijed#=pgtoT ztsi|HS{x|b9+YuFj988v$8`BtJb@%r8nZ{?$$cHe7_AA-k`Qt`7ok^S{K|*&zZz^9-wfNggglXE*5;dc2s#t@5 zr5|e8v^iHnr8QoPd=Oc5%U@f%mUN|Lg1)EEO2b>@8QQT=z0WuUg+}*Qhx-v)Hf6FF)uvE%bvtj&E_~%jW2#COi^wawubMB zHE#z_Q)qp{mPt;_+_xPj^~e(@=_K;#Z&#B-f$MSWQ-TJt1UfSA7 z>d6A&dxgdk^#5*VYfr5^_=d6Glr{yLV?)~;=F%NJzUGl9rOK=5>j zrCOS1Yza9y!R9uLlJ}2!h`F&yN2?*5OZy4L`WZiA3)PC@wC1W{ojm5g(xLw%v3I{y z-Q(<+O^>sVXT|5i#!KsMn1=DBOUTe@?;Ac={IceL?{2cT*z#oCzHdCPjhA4VGR;{; z+P07Kxo!oMw=4Ay`J7HSx^CBaL{xLBvztm04^@N6PJ@>&tOdDV9&-+Vwhs#}p78!_ z!409;grvnTTrrsG5ySLz+xAiS6jGCRV8qOu2ijQJl!kei(R+**=h_ZeWT3+RvMgr& z2r@(|*Y7U-K03jybc=vny{EaQjj;RV`!%tq0as_ZO~6YfKDf8>^*q%TeO#or^9*Qi zI+u>hNkh1}$Dk3H!qL#YJiVIVcq1SX7iIqwHYsJI+>_-KEf&6;rCzO-s3xcWS;2$|yKa;T8!^g`!BzMS z9nol3wf%MKauq@3)7jgAtr41!Er)zkUffhB9ZSVJ;h!dc2YQOsO{7*^K1Le82+en( zlEe8;II5r7N2*uFDWh~V?6*J{=JUqw*z@aMito7{XviRT);K25@(O^=E@7F%=pXHL z_m;at2ZuxTW~ydNhCiA|tosQY7%Khb>5B91{ktAtZ$C%&`7Pk_7xgB9-~W1$OIUZ2KI-NCJBT#(PU>&CQ*wX8Ib+BJ3en-NHaI~tZt2d$&q zb!!o566ud-m9s&bs)jil;9j$U=TaPePXn~Rn_QW_Wf@K5%xg);y0dMv0~Se-bIy;V zPIOWc@aCK|JY2Jfy-!q)=Q|G@-AzT9s<7L{*5IhiXg21zaO6SYX;B-cY?{vK!ef@> zfsmD`m$wP>!d82$nCSfQv`VWICzGLPj8Kfwsma|3Bf!uYW><8L;cXukHRL_=@+1g2QsL+>S}S@oH! zpr@0&3jYs#-vQNhw(g7LsH2G300kj4qToo$NLA{n1BeV_qlJ>0p%X(?N+^NMsDOaL z00RgNpaPA}vTlhzWvH5)x`4#kW28o_m~E?mO?Ud*6NMzHu#=OC|rZ zclNix{e8c}8bw2`!?S7e*?BO^G4Ief>@_{eE?~gO24S#2)WxZzo3ML&g}U2HgMPoC zj@>!x;W*{d`BfGsS;+|)iKowpq>E^cO(V`b-$#$L^HUo~?nW-Q10!ve5!0NeB7!zo zcOshz;Zi0+OI(@ZA$?$3(P%Pn;M9mCi*Os_3?uU=n&VU&>IRKU2=K@prycB*x&zYm zu(;^XLl=+oo&9fK2iyiGmQjM8eG3_xiNTg>5T{hFlP#Qsgj*Xm37*rccXIQ;%P&kT zd-&S%N_E}!%8*Q8ZSvIr%&5CBoV!nU^aWX%o31IMJ&d#rM=2t%r9=!F=MZ1<^{6c< z(7-xII0QGa6$2h2j;MaKer_zRG8NmVYIf*2x|O1E zs*DgB(8jnUWa>89K7QoxQTZdOE`r~!@jm@5@-&-X-M z@YIC}=LWw^J=jJGg|1?ol09UQ+oZt}fmzeW)_kYrupwGM(cBXDy!$BY^|{*bdaPD^ z>S4png#Ds`a1=K^Rl`!Km3)jduQlk9Ic2?U7QdwBWMCs(&8f@)-HZTf{)+d|x|S6Q zVslvUo4@DOc7o+0JGBS<3^@9hyBdFb2A5O%TTeCrzLQ9jC95aMdcRdy|7WV%bk1K- z-~Xf~4wXKly&cB@b;BR>aH-%pvJxfSuAw`4A0={ytpbGp)=i~wv_k{3g4{)0?4`~X zuMWp3rdz1^2^F6=kQ2i9hv?0PJ4BH39WFkwagp&S{QzbTaTa-yK5K*2pHiY!XF_T_ zw|Ce3riaj7;H!aT{c43Z*X37hK(XQ^)s#y~{Cvtu93w8-}8T{H$vpew5iy0Zrm zdqBwvSj96b{3`9%ah2gXrDAzeQ46Oq{TIUKS|5d%We-K!gb;tQwWqm-441&ouan0C z{)jQmFWMt51lU_hqAK|pJr1Q_FjW$+H}kaH=>%B%|+O-AA`&mSf;ZHf@7d!2T$<@SC@y z(0dYF>HWqi#oKsmVwgAlr?NbS;7_t7)%sz)Xm6jwek)w;>S zVVWrf*n}GZgbjVMM#b(E<-l)PD;n)FsjgJG)S3%ZSbkX?dLTM}7~eQ@v|4w-UbQk) zuK{N=iKNhya4~iQKX!bhD+kBkfcaXuVh2_-I&<3_h-uoniykIzT#2A$d{yL6fAT}%`=Hm1F3LxU*g zzPCZQ&*N!yLDkZ200lmbWSkj|^YdqIG&EU9x1I@0KOky(bHL1&7)gcDz>6Q`g_L>} zq+qL|o$pNNm4IF}ay(#Mc66zDCuVmFY=|fi@aUqJ(>KriBf9lWU8Jpd*fFTPHAdDe zoh4NcT-RoG>x)7{v-)R!HVtt3X&o#i&u0p{62}Z*PS$n-k%HyDjv}T1<`!%y0+tbZ4FIM=AR;%MI_oA=+ z=ctB}v{n@oL|)G#0Qqo?l&yuY5+yh|8=i`Ik@M?ZRyP=weoRxZcL4``BRVdHn}XUk z6D@1vvb=j$&9@R~OEa!GC(sur(vA;<*1Nx-KbVpG4WeD;j#V?R>*(7OM~*o5BDQWu z)jR9an)1jc)A20+T1G7vwBY$=GU)93$h?XOOPFW3P= zwBrfJ{`HGcJ*3N2IP)F0&#}7FDnRT(U5;^zmwgtg{Tw#=5PvV|Vvx!TC&yk7s&y%% zlD4q87$+998(E7N?qjwIauNj#tIrkuv`RRX?xZST5+#dYml;*yoQu$>i}9*?G-%iPLrg{+6}U z+Yt-<3B?4BgTl!rMj5ZHaW=}A#K3&h(_d-Q--%YU?Vgl?PEJ8+NYx7wl&g|V-NK5D zo1!latS~_f(XN`leAuJV?yP%`4Y_EF1uWtqd~%2kQZVltRfXA8-8d4i4w^bDw;LhX z9?=T08oxwlbcAcO7FADZX1F+3SOu=sx)4{Jd(FhpSEw4QMNKI6%Azo{TdDwHp5s)o znrg!9T`ibIcFTGJb{T%!9pl-t0T`%0m+cqEzf2E!gLmT4lC`TB-}X-xgl7*0ci|6N zT}}mZ?p+kByH)V2*&B?SAbGI4VX1*PUSB0D@j_s0Y+|cC52d1ZO!}uC1{04qsG4Hd zlcY2AIQ#vel5o)tsN`;Nau>U#UaGetKryh;_mxXd1Uc5;I zjLJOA#{N!uP;zjzpczUlE_gPMV@H-36mOS^0a?DYA(AX(Sua&>!W5Cw=Yc$U1 z)#h0KS7;bdY$^&yZHP>4UJSPSk}6~8?HwAuT}05_At_6E7z)iG(2txMn`cg@Tbn*Pq9=gD+O>obZIfkb$Ji2+sz`5M!^mjfNmZI zD6NXqk0NhgpbGussRcMscJOthRe8mNB#TMr!58D9`hbx0@mC!SvJx^l*LV_~ZfSQU zK3uV*#$?D+uV$;+gT5eyfwVKujc%WZ#^8-Ikz#gq9n4r7jvbjgA?|{Y*vQ~-qdI=E z+A7*8Q?us!S6Zl*Vgp|XF|=?<^oq^mSB?1&EBWClPR5EBK#=*ms`=~_^#TwOtRu~8 zhX}{L6Aix|vgD;duER4Gn>vumNZcfI4Bp%gAOw{`s+Md696pUt32)V*U8 zE9$WE+ET$|PD8=@r$hNOEB2c84yof|z(pw2c)my|U(1w(i@(4G zJaX?Lt@N{_7~a*jh%?=X42(k0&|<=bl}xm8thM*0H}j*i?v^-xqEHLR?b|CFaU0}j zDwx1`!|e`E&uVvnm3;iCRIsku$H?{|^B%6~ybZ(?4*#W07`0`t`>q7S^|-X)$rRyS z(*glm%mh)tAB}zH?jhUcP4f=tLT^Mz;J7-)JA=%o>fcCz5;~)*!sLmmD3hw;Ak7Tl z)I3)a3FM){xy|#^FvVmog_Ky_O5Je2^*EkzQ*R>gH!yzwjoH~A(n+u3ckEiibL%f8 zwj$GVZ&A^RZ1)KUcjb6ozaesPIHYv#M`sj^EDV7cOaW(zCiXMh_9bj$1Uh5-!OYBx z3~nX9IHa!%m`RQlw7n+CzeI5WMZ0a}4raG#t8TG;7)QUF+xOXw>vb<|kb97;wcp|g zxdC5B-+>Hr&bT*w+>V$RAz??P*LF)$S7oc^lRi4KJnSV0Gt{7 zci2+tO`aO2&rlYPl=kIG=ktrjwwPUl#FoCB^{pSHFi%AXUE@MYi?1d(o zMl5Vwk*-jwQcn%0a87nYp~UXs6JII2hpo>V2tih|O?w@!T$)^`K~G~*%L5A^ksPz* zj=ZKGjO0VM!9+VC8t}js96GY0>Iof&tmvh5u~fnCkvd71)FN>bxbY7Xm43%1wvv^) zDCOH5gDvYZus+m1#~5kJri$JjQ)wsmyROERfJ`KUPq-vRKWAF+iOjG#?E|p=$|Eoq zQXguhlby~xU&X_LmP;}dZ9)g=+t`_`XV@)9PKhuo?Qu}njEaico147eN37WUrGdk_ z5mRe```!z@n+xmk{7%*IDGT#vlNB21@cAf;959g5=MN*3#ivOzDYI^u?GN1;D=Z)0d*fW$GOV1g39h{s&GhI2FSZR;Cng=#ZLOVez{UCdkr2ItLr zgS`oJy%Cn`^j+Eqxl6;1C!*AtcK2rnD_7`Gjv-&QQ_#pYk_3z=qi2x1VRV{@+zkXz zPJc%{N?(VrwCL3Z(;}>oIfsDC82<33T%)xlu|@eYA&SE%aQl=*FFG?JYZ?%;j=|B72AG(b>6CImf*h3naZm2ysVqyp# zkI%6MKSZ4&vH8Qr`!RayZPATpcybcPp3`*FX94B~InUe+GXC)U8NP|4f+;3NS}`bq z{Jg|YjMkZMKzKR5`+mgKGG zVPY{7YA52-#}78#Z1dhlzfzL>ea>;d|6rA~dv=k@Yo>4dRok)3u3=aU$230f3p_39 zL2m1MXTKh7(CJC$!o-CIWk;}MwgBIViV6PG5+Ufp&lY{0xLmFpVRvMC8*Kbn3u`F} z>B4l(;rJIF=eVdnWG>)L<{K)R2s>{1O+af3jQ(LjV^D1O{V?A6_>a_#l4O*YW3Sqo ziXKWXx|c{}Rq+95!H@&rAEaT{DD+Fny%(&KPbx$r&;e18`xIX@cCWeVD~~q5VD^ad z2e1bGN`Uj*OAmu9Mg}-#Iv!LWka(Fi3STE_{_IifL^_^}>S}oj&*cl^f>+NSd3^RI zz|^nq$dQq%pUr6O8Upl1KW>3fAbo|QKK}cYUQHdN0mto05^Z_$!!dS@G|RKN*?N;` z{#gy%s=72X0w8VOX$V$;`%RChL8aRKwX4KpR%%2=yDvazy4D3ul~@}a;iXYyPVm{c zQJV z@^~}9IZ&m+hFDfqjPk4MmEJe594x(7Vd1i%*I1zRgl)xo-4;WQ?w_`)BbUE%H6hE0 z$I}y|ZENpMR|k%GtG<$$-+%qAdbFivX3&cV>MRIG3n+Vy^*+t#Pk+7D*dy!7%#jDb zHvb(~A3MH zPu*1ZK@NPUTVHJ^DrHf;0j1CkC6xijOj1b%u(P%ZV~eHQp!D#q>X6GhUW_bqnzp*` zB-2V|tV)D~*!iVmiK86i!hgjZD-^ezDb&^2Sk;!>=pu;|nKQkSkZ60W16&P1 z4}3kZef0EOz}~_BQ0Uq=4jl<^nUFWP9h&DuEz+NS)Z$9jVlk}iAA3obh_IHZ z07}9E!h-}w-QQ3aj@0khRPz#0`yH~j0#JL&99(n`V-A7~4+<#OWGC!~7W&q=fisvJHZTCb^iNNV`sb%*{o9|mWX2sX-GqHxX5!&kU2f5S4 zVwpS>m?vLY)+NYp&=y=EjQu0h&#-Ubi}ywTVH~T18m5XX*NT4_(nDcr%f$hCzD(H) zLqwLT4?a#`EBxz~o6=X%(!y};&wAXA%C&w~SVU}b#Cw<`v>O->vM4ued*N2*2;AZ^o+U!}{VL)Sy3Ih#{XYLPU$zZ}fld2Ld<3k~{yfQv3g~ zO7AHI>uCRBrP_Y7N`E$fR9X1RN>%$bJjnfd<3G&BpF=Iz`sbJH&*k)I0Qoay{!0$| z=O$tF=O*zFnt?n*#=Sxg@*GtAB;Fn&u>8O1`F(;#COCfrfP4D)0F!^V+^^-rBHl!r zd!T~-T7@1}(_TLNFVv@5`J3BBPSTtF1n1VfpIgZbET_of*MdyQS94aMwD#Z*UF$T; z^t77x_4ivwQ7(r;l2@?%6H++rJrb*i>V6AXA7feZVQFtutLuf9NmEuT*_Pd8>&0|4 z9r)RDDtVze{wgaH)vjSEAgmDik4u6MzV!HfNNe%kFF-WJchPDQ+GWBY8-67@B_eQW z@xo~&SN)XQp2yyYOXUvXJcio^O=9k0|q3)v~r<8-T;OI=$Tws}4n z3O)oym`M0~B!t&rYeEOD)pGRf5G@n{+KUKc6LXm)bUP=9h4*>>z6x%*qS zy{@J})kn~gtQW#Jg72ONH1vFaeP;Xm*Ypj2<9?`IJ{flZq2vdFa`mIH?*N2oJamiQ8Mpu$9TEFxJ^FzKc`9j`MLj?F*7P&+w>Z6;`e=! zTT*TCdJYdww766iwDq3XYrX*Ac_Wgq8kmP^cQ5IQai)4lF&9R@ z7Hr}0@ui|c&Rk8TM_csi_Y6H233sh(EGnlc=FqkWqnIfMC7bH(EQ9bRH2X+s^TkN0 zEz&qV)y^&cu>UX1_O}+=G~(PEdjX15`k+@f?8NQeHqn~DeLb8+h`Qf>!dVL$vEJ#6%C}t&9-tfPnYY3`*F$jS%;1PUKD~8~@qS4% zB-?=8H8#{8CV3SWxEOo-65Tlcjw&^e!{P80FAj!Luyw)t)ZbTg(bvw*IcvI2CSEz( z#ViQ*E8tg+6>AHm*=e;vqTv|{ZIU0xKw!>LF4x?=vT~N{H+!^g;b5FO=m)pPnur+Njz>>B&6xu$dQ`!L!MPH*33Q}WtwuZmvmHc;EI z9xG%%gy&9XO`!lxtJhKArFgmNxws#(K3bAMJ;RZfh2@>9L_y=Bn5hF%$>azo8cV6C z%|EQ{+mIBek2zJ)u?p~;&BsdW7}$g#tRpx{OiN(WDv!#Ah|OtD-sR!3p#xkJD#RDFkN*9lb;R7DT);BhLH1s(Xvq#(Jo^(z6e3q6-2&Gr8QRK z>K%6tut!|t?H4L|JpR`uSt#;A$5QBdP;eW`@pdOn9*;yI4PjvBJ zt7>-9{n&Cw_9CtJ$HmfA?7I>GjgAx#Z5X-$H^#O+qk`DlM+If&pFfsOyH?nsw+cS1 z9eI%n=!Ql2eaczN3)s5*3%(gZ8?kC?E$T0ywb?6o0d6I7x-3X2DNdRp%{9?Gm_bh!6uTCD7Y~E;W{H_jB;#6J8WKezdPK}qB-YVQdoBvIWr=0eALNkz zw~D@`X5S+ZTnWJd+zmPE4vy#?=Z~!0K=1d=Nt{qPh4cz5MBB*Ph7QF)Brk--^>1n> zj5}uqOS*yX9_;2bnMI>;z=PFt-#*|WyTkRR|r zfiZhmnEm~j<~lGdp5zLJY6CttG&kLtL-t`zs8^;yt zHPCg#bP7`Coyf!C-!XowZFp)jYuaN9%>z7N7Bh18TeUh@l{fI)bgG%hds^*$otKZJ zFPL3GAppep2(RuwK%eIL`MXrT{8{;5dL(CIaz`qMhp(_NW;uDhfS*q@E^@HB2525V z6>ZVHG5jL7_OcONH4@u8l1pcp)IXeARn{Z%)zn^0#YBiHzRn->%kiaqI}-lolK;BX z`oClAyK*DsL*U^a`Uw-#NjtEcI;4~V)DL|TD8nLdcay>tMCG57vY(jN{4QLVP z&YKL2*)48>Pjicb_38uFbA$Y{G<1b4$)aS*e6YkoH=AzYK*)&W&J9Cs;boG7Ukc)j=w?I#Ze-d*KS* zI5ivlt{_A_G`~&aUf(4A&T5~~E-?gT&^mYXW6qR4O`BpYyUwo}e!Z3#x2SWJH2AxV zN{TT;U1jC2pmk(5XXP7gvvDNVuO~&7zsQwoRcIIr^$UbL6I*^ZD&7u1jdQriwyy|A z)AegQ0#q`El~-mL_!$Ku?52f*_#n`_OoRw;hks)Un`_wQlxh>Q$Z??dcldb_Ij-v_#*1R=mAMZYk+>`IW<^$(T zr>=w%zSBm*1T1SvIizzSnI1>*BHA&6TIb%k!^ z_4?d-({3Vh;b`yifb6;wzrzl zmVhmL&loOx98=z2<7F45oi~XCV!zOCiFHI{$s5J=MgT+KI;$LAo@7*L!V8x==F3xF zPh?;R*dliv%C~%fcV^$YDXWpup<7XFB?O;=xI>W=i8c9^r<;@_c6BEXU`L|joPK9w z`Wl!dkhJA;%hS_aP+yQpy4bo1mWRih6*^be;Flf&Xff!JDxH<2ryl8_ivn6B-tnT( zWe}#<+lJ`Hz#-hmWv$eU78OC7Uq$Fl&{FH5>XGKQf|0~!ggU~FPBe$qc)a%1?di9> zT4S$?6jxW2V1~m2+e^xN8fK^O@2mXoaYZ9x&f5wAoS#{$ajjbq2{sp&*O`T_zr18JrpboZ=>@lc~omz7~g)=mE7C5C_*y9lwr{fL@Y~CdVxTUtbUSoAc`2oHHL+kw0 ztSNCNZ5(uwQdg+khm5?m`r4yw-|HNnAr(}dyh>m2@H$$nqsxvkVN&KX#1|sPHdy;j zA;M9B(Kw#Y)rt@Q(ReJ={s0pFFe)aZF3WD=MGY8z%-E&!bGskRHGwvdy48Y?>*I5E zQN@&p^qKW#acX)JT%{2ySefY6*ihFrphZh@s%8O=roXr5RW;#c4*iv^0c}%Q4?P ziBS`W*Z)!~G{YG@8KXf*XUj!-Le2A{7>=dpg_P6jmxh6Qk=F^MdD7aE+V3L(bdbRg zr;QRIB14XsJ}SXmsR*9JSov-K$Bm@I&4hphS0y)BgYn9f@D&7ETCO@Z(X6pI_NYT> zjCRseJ25A=cT3(Brji*4h=LTa@FN53T@OpjBp>A9uQ(;Jx+m8OUt5JZERB!DAD09O zV_MBL>Pucn4nDVQ$%!U5kHUgo8cNZx3KGQCoeMavc@8SSDbR%J|0&^EYnH}ICL#IcPGf@0cxqMUpfyJ0hC)U-1h6YcfzW4FMp+?;oU?)wep`2 zJ-+bLfLh4Iw!GEbd%-i{;a@lLKmP>$tj_ysT$40s_n$H%fXc25EOze(f!D~h;w{g` zNO#eNFzNV#dlQ zga$=iN4Qk&bEf7cFJ8i0yLA_jguYHYkMvU})QF0$@ys?B6z$=>8#qZki_=Zh{j z5VHzsb203jP~7aeeYZUd6@GQl;Xq7|vDh36oXheXW{zy^9BEnqjkXPQ(l^Hxas_#g zKV|Npex(M=ggND+S91XZGP+VU=m2{6FV(lSUY%~3c>dF%E`6s3BYZViySqN34!OXC z=c0Rv(@W>K#tgVKhHBtSGJ{J>zriGj-caUwHS(vc@jE=De(Y{g6O5v%rs9m ze`e;@G_>2pNtN{eVLAdjuO>p^{_W-)pAs_e& zVK~o+G>!_=YW)s0_*Qp>niO8I=&2Nv z+L?!9ZkSB^yHwC2TN`x*Hb{x%UaB_zTv9MSKlWB`u4?+PHAtWZ2;s1Zt`Ky2nOv9^ zAn#=k3L&zlC4yAN*cXFo5b75rIGP+@u=h|jSkw0sC)TAaUBhYX8#>+4v!Vt zNc>7f3yW+_gf2F;JB?^a8_)20H!czj zOGPrz(_tg0pOVB1G*&96y)gsRsm2Fr{i@;NU;ryC=BB16BOOba%s_PX^%kQ$m4o(1 z2HJw(q5QjsvHW7a>)5RpY7>OdI%Bl{3M(5@U3I7bKG)b)@Vh!%viBjOf9@M|g&pep>{joC z{g*tO8XJ=B^>lw^YVe*^CJz|ef9VWA7Ht^9Eh7n3?lhV!rWnP38E7yKxO=8Mng^)o8L6V10npFRNuXTvz%!^;l-R;J7>FjhUVo93+mB4Y z>Yif~*wwky52Z(`>TmcRHPXF+mRwQ9gPg}0^{k~pwwov_n-IOD4Dg6|G1`7_XU;QT z2)?I=cN<1o{Zxls%|+d1H#2DowT+rWc~?=4AeUoXa19q3b0!fs=$s25*7Hs1YCq2N z$@nS*Gr6dh6^a@6jUm+{WvcT_eV>UQh}(;_MwZJ5^gskMIv(~y&uGm*YmT34ju|i@ z+@%4{Dx4J9C{AT|JeO&`0+oPEEiRqFF7#u$V=xDFP4zIet-QMnp4e7zh1>-qHCjqO-)&Ahyjl> z4?}R;EdAzx1B(3*sq5b}vNRX}NIdBi+)#3QC4#z;+ZVVRvLNYeBBKTUj{_Uxs#j1v zc{PuIgu&SJmD?^(S~lVuec-|-ouS#d8r^=I)F;Y%W~C~;^~$kI6a%zL<0Cq>N_^B? zY-ud7?uB9LmX-#1g6{6VGlO`eZkx57@t3S0Q?YM!U`ChTMUYKyiOtX}zf*-TMK?L~ z@sc0ImD-y)y_#h(k!(0`UTxo9DDwW7DJ5q-XMdv#^?84AqAtE*ee$V|=zI-=Jgf)XmgtG!C(6ifCnu|ng4 zvB*#d8nKr2bP%sauFX7wEP7;K6WyQ6d`6LcO|mZ2y{ z+bX+1$i?bFW#;Y>L2593$piseodW-sfs0F)167$@h>M`BQ|ktBu_kays+~j=mMc}r z?~ty6X?YvWe(>`*)*RI#+WRYX>-k;)K-2_K$uH;tCVASw8hDIdp{=Qs-{0G=D6%C& z*VT;E#fyGGZEXnDJ|1IVjaFjW1yGqSe*MVCjj~;M2U$X|k4!R(T`>OhasD43ozI%$ zD@hU8PU{Vg)DXt=!=3$s*@m<02RU`zNBI=+`%@bM*NU`H+JUa1f&9Qen~eN{d5+Fx z|E==ZN6P-fkN*smDL*fJkoogA*vC5M$MWajQS<*(7w_*; zG5AOPnNN>ie-HfR|F$mPZ>0ZtUA(7%moDCWtFJIFf_KfLC6aK*eWhQ9LIwslWd=@& zdn$bY25fPUlfTMVwL0|6Fmegh-PrXNis|3)aT53(V_0)^24t&J^rKvxDVjlC_gbMh zUMSx@exSORHr(h?8kA$&-9VpOksbf3Fd~7aX80r3<Xlw>>q%c(v& z>Q8VwA;{jGD@d<;t4kcQxq1Kx;M#ThSC&TW=%S2>$9|hf=dv-~bmx?}&LBsiEZ{F< zUb5*cIviISseUQ#CQz2sI6|a6?Z-Hj2Gdu3!h3Q|`(HlU5hvEc(83$mofQm0m7SPs zE3aqWE;~S_Jw@rOA&{_f_d_Ut1oLEnPis%DU9-lEMJ7h2C=P$wlZ3I83=DBQ+L_1MQ zlp^`rpa*rCXF?98`S~S$cRc*3k64|J1J#iBB6M=2rB8WV0I-Q9{x*_QVfWZ()wO$c zvaN7XC#pC$&Up>nbn}i;hYX{#wO>wLtWm+pUM6p|&9B3x{wUS^iz}7s^CmH9^-0oWgr;eYC*IJ$YCO$VfSy`hd<&TI-W{kZq?q~r z9ZEy`%PKDf19`{fdf#JMi^9YgywXfR=fXUPBet@GmkqB?dxr~_7}#cpC{Kzf%XTXg zJ=Qeh&{#idzO_zwpQLsXBV}UKBW4ynr~vplg@2jRP5pJ3f$c)q%3AM-fI1D z%1TZ@$lWth+q^3)OQilx9Fo!$!M}oS9Ad{~7hJ6XTjcdwplo=iq+DsFd-;hKo8Ey3 z;sV?Mwf*qlb04gT?!lu<*k_8P&7<~X=kw(b)5F9OOugksM=3qeB@d8eHiOjfq>i=Z z3)t)A!wJS|#+Pl>oLz|y-|mA8ehtDd?XCr#g7^~IZUw09h6`4-lSl#5xY*{CAX9vG zwhycu<#f>*Bii~_cfhbYMd$6^5dVkET64Y}0E&x;L0SD5c@LsD9mt$SPQ~A}If&DY z#>@Hrn=e&&ezS_?kSbjI`9})NS0JF=x(OKb52uWuvDfrR|uIuHLjuknv|*UL-1Q|wE%X)~je7l*|7J2B@sqyK;T%KfLz z6^w9gH%oUDE&BaSoUDt-0!LUqw|m>6pG27cKSUQ6ILFdHjWBkf%nu?WSq}8*J_!qu zPhuKS@ZKo@x42gKhd@LQ{4aJ_!nJGag^gKfnFmwdN1K!aH|qSaUY&^KYc`V80t+w~ zk2a7ih<}d%KW~tKe%JnatNn9b{WUN8$BQ8q(P{Tl58XS%ugg4lNvGOlA8j=MUqyod zazXI_`G7w-;yLJteEbMji>)=F4{LkZZ8)1;R*LN?II`w);$f<*xT3~@AiL@Mm*&3Q zAJjd}+lmzXF~|qKWr+MMW`(yJ?*^!=iQGNrb+C1f^gmYeHs%T7w@L-xcNoF5s%h2R z&h~Dc$=W)ZY$2(RDnJ_$#5M)eisH6>rH&+{{Y$e*@5R$O*KsR63uv(_UyY>f!T@4n z^Bh(_s3V_1ZIqb5l4(rWzyfm)z8Zw6yg1;lHkHxDAQ~5LaTF?lv;do4 zX(+tK#4sIRxVRNhu@-eOK$#l9cSC0|d^<+15?~8qiMPUZX1%PekG@nZG}*67g!9`g zX-9<;;}XcNrQ<&(9IuP{f_r0SCV5YVcc&bGPzeqptQ0*W1YXc?H74rJRP3 zu=ICx^Fir8D*eWfYciQS`!$y z9Oc7!NAB$iS>((o7%PN|LuOm@9qGhW8pF`7eZ)Khh+?>t(X6##9wE^Pw?Axgb8diq zkU$M#o6K^ZdnKV!(l<`RGvYwgiQcq#LwAt1f<*h?%tG)wJbnpj?viya_S8W0zH%fx z#^5M_twJ0Lx5@CmRO)Wl8P;&?7kt*cdM}DUDpwlNMFVYF8{~y=56mYuZsGK)excH; z0U20ke`%T-u5*NMQNxZ2%>|&;Noyx+TB5R>y!pOTJD3;(CWk={`PDG2y6yO~kedow44% zX9-ukD9(Ablu6JT9{k_KF8-a=RUbtr%Dy!#mPUh`!@c44`&`JH+zfVkR$F!xU~fNx z4lCtx*lQ|Fg!SbVaDIgi5`MFA2h}Ed2cc$*Ohq`{JZ-JWH}W6i=~bahNp;krw*_In zhYE71yqMW&tdd;p7U3SQQeum>LLut%jVW#)Zzof!&N;}`{$M*TDp!<`k7NUj$W4MY zJXh!a)YIw#UeQb>Z}|H=6%?vh53abKYAM{rg|-w!reT}!U#q}a4uYbU&Hb@X!|$uf zg^=Ry2Bzbw9wF>J+;lO+L3Re3PMcG_23`wD&_9$7!}hXA2WN`*2on>+3Qv}t3C9PV zU8t*ZdPm~COBe5*^W{w2R8ONAcd|Ym5~IXX zb!x#TW0k4OB2)|Yt0qBF?wiMRbEP?sUx)Y&9lBxc3OYbhVxm8TlK*76Sjjz7$4NA< ze`RwCB9@!tc+4kr-Ql?A;+LstM*yyEr?n1kSW!?C~gvO2P4>r_uK$<~W~lq?w8HQ}hu@h%YDYzE%OnD6v4@Cta)K(M?r?$99HVM^0}J9uPpa|@BS$3;^4cWdkt_-hOeIsvYR}0Z-?39%6-8k z;YOJC?&tSKiRW*+4ZR&e>R!S7iz-&Tt9}ZZY4Bg(4Ic*Jarcvm}VWU!ZwkFh)dXa@l71?m{YMg*{>fu0dgCV?; zdg%F)L&JFfvVG1M^Oc~$eYyX|YZvCCKATekuOp-`(KIl|g30+C%Z}FWnUH;M%odX= z1gcKQWY{0hVUefc95JAjjPI7-Tf*)ZJ?Lv$PfTodd?R&PI#!e3%0Q30%sm?G-lJns zdqk!>V|74sW{|2KxSF4ntI)HP!FKv#Hlm`^H;GiO=1zqz7C;iVpDC6U|`J9$sFka*_*OHZlGJ9S!+awa^e$HEsk;V*E?F)+l#sK%!fBGKlO;n z+^QCK-R`O6BS1lJC4B?t=QKN%D6b@X?0Ut`Eu}#VYqr%<@KxVX54BVPc9Z}gF&rW zC(4c%bTp9L(s!EVP2iyyDaph7#zA`8gUDQ&W&VJ%AFDosH0d%n)O)JKO_T+lo8EFq zi%J@TzM+XdGtRsk>xE=e&<2w3DLXP+i0SE_IDn*p$IVopIxAq=&{5v^a%N#Eu8XnOT5P17jj1-m}WXv2!0(%S5O zH^~XIG_Q`f>pAztLDBv47V^1cGc~adYU$>yS8Y%mbz4Kzo{0p!k8n$SP7y?? zoXv^xva=h|L3UROblOz7wqiQ2TSv;bp4ZV$9@;Pi*<*F&eepJlQWQ7U?`^Ev=;d4FZ3Ex;uDV$E zRPhq7O{!6N^aO8%>ix8>SR-`5ju8qWUigM8_ zY9!R!w(mhr?!g)M@=J&$8jtZt!rcKb)e>!$gyg8DE7%=RX(f*+!;r&_cA9SHX(IV3 zk5S1C+{l~J;qW|chIO(2={u)KyuW%C9;?)7|D#4RK%!8~jK^Tn(g)TCN|{c15#%14 zVeAagSn-#*z17ltR~pqnH@g+5Ot0HY)Vt&$8+y7x2=U2t_RU%?$fKgbS8=$`wLN17 zcr(bhMHbuC0L5}^g=ue7q{h_x*21bVDWu1X=__WsMzGk;c#k60YT!RhHICGA6rFx- z7as7a?J7f>Q25xGM;@hHv--5Akbsu(EyT4St{c~7z0F8Hh7&tgU2$kVe(JtS`NO#) zPQG~zx-jPqH=SR_qvVnJm5TCX-lDF>X6ud1Py=^~4z5$bu7{>eSEj%Q(PD$B41#3y z&sNliB6E)@t-HK5V}H~tB1z;Z{0`&x%EO)bim0w_pFw-Y4_Aar^(}iS!_K20A=gS* zFsB5vLT>TrvoM#(sFfxwF5MAdl2ZK?cb><31bIBGVQ=<^jWNigO%JG8tCh>*9 zC!(7!q6-hl?5}NCvHCjggzA8Qf*19>;_#6vxJV%sc0d*W%sT0V-0m>ewt+?2E(BEG zu8NeheZfJ@8_=n{($iDfRkvYTNl9SZBEB1DoebYWOjSn72jyCQIjpRM!zxB*&Y!2m zL>=^BnD@!cLx;$q^H_zj{KOW^J*{!-qIqu0a3d1&-3XL#M7cfhpFVfpZg-7?Dh|n_ zh-jnt6p4X^ETj1^+(l|_#hWZHl{sLjUkbnL-a*D%E@heAtARzOPJ!&TX*EL1SU~L# zVvM9({5X;7&RZ}i2{%#ZCry*Cge7D-re>3>7fnO_T-MM>^H-AcT(p9$hj~-fV+F1G z*k65pV5+kwtCzsx>@EfqMa7> zBw%@#{&WQ8hlA#rrz`xim{^XNGbURI7<7t4yADEp{%Xn+)9ahr{O?9oQeq=s5g3|j zS_ziSktr7>1)E$IS=918&KSsMBOod3`LO2?QzBmJhAY@t@^VHWtW{~YR85Kc_3eXDYu&8Zk-ci)oY09)nKtj%icqE;FU~U=Wn{O6^LOJ`{nHX1^VE{Og?lO ztDA{4j0%mN2eeBW*v{*1;xM9?b94*j#5}}1G94!H&aRwpC>6NVl8w7(<(Xf&N*x$> zYJkAR1J;i9I8Y?m&{lzM-u0lZY8*BLdsLGYg1S-)-P8j9$1RnJ)`^{O|M?q`&;~ABIAee}@~6I>KFrsq971{tl6NfZz`FN@#QTOFS*+R=X_vfPf^ z_+((ex2b4LHIa&q2+g4>i8NcuD(roz!^E`*!-tB`59#k8d6_W9 z4*jUn3>ARgw8I9|QW~k~D5UY+C*ILz{YKHqqO7nSlU0QS2H)fAVL)k`=eOoeh37Y! zu7Gfyg%!S&-gtXY@xlY@C1C0lQ!3FFc09)iv`notokv2HyItyw)`J-9CPbFFx2Jpc zw^#;{i)6@(xgcFujT~r(>8%s;RSIAEvd{Dk60N1O!@f zs34$>$`lm=5fLXq2#_i=gcwp}2y@z6K|nyDKp_Q0CLx3fWB?M9Dw7%_lO&Rm#DE}E zAYllB48FV1`hR%r`y9_%>;13y)A&bxs>9-qJ(W6xf;GWBgd^J;k4JK${^o!GYQ|u4mSjZND6ftPXTT?kQB> z6e`|lH1HrmQ;Hh4iDhij1z9qirLE2Zjq#CM-!fp{KNscoQ3dCVTG4#8sgt&31}H-V zl0?4}fOmnp*<93l;N9!A6%DMd%KMb>xGuO;RP79Yq@ zp_2|HU@mCSZy)i%(`%foA4MaJ#qWpU6m-Vbe*0ZX%8(2^dk)q~;cj(e}hg1zD= zk!Ip#Hoyg9EU2TP1igx!BrU-k<~$ezp8Emf4*pGc-V%vMN5_xRj969DsJ{|I9{{}P zxOAj#U3-bz(HR>}N#yIn=fg+Ag>D+24AS3B_3KYI&Ac+6T>M43sfp!yFzKrJU_aY* z)xo&i2QtcJ+65YgFfJXT)W85C8?pg72c-HP&9bQK= zqJcejl#^6`SmB2g2{|O_BlW@hDN6iAhlPOmb4-?RwI(Vom2<2{@^?NhRxWQ7!GI0A zak$%n4en;6GKB9t2$`KFQEpH~yyY>sLy~ngJ(x?9B7M+tl}=6KE%T+@*%NMndZyiY z>{EOjxfRZo(BRj7eM!lDv%kN}Lc%y@i`edh^d9KG$vk$U0T=CYdWAy=Pmdh%)sj-Z z5xKN`7^lAy5NRujZ)S*rdt`QTDSIXC3U}j)ZCGgi2_DKvZs3+#MEny z8k92SDM?vXNlvcj`a`atj*NsJD!0GiD2Zyec>Y$_@T!lt#t8FyQBnylA(TJEZtC^B z3#IMAC7Cxn&K2T`6x#Jl&b}pM(-F=xP*g2xIn>(pR0Qeu*z~OZw-Q`uDaeT%!Via` zVPIl9*s2Ad22AC0npZoKDn?-~Co1!iaVCj;|Uz|_rPW`JH)`M0$9p0tlDMAXLd zuuYYJBRm>mJ-m~HDf-eoa0G;^X`6J=C(+o#uDrdz-p0aa4c6mm5m%6+BERB!|IkST zXYuBuL+B^2IzZrf;hvwn3owS0G|1XrFWogKK;2E*Ev@acUJCT{oy&t!j|6*KylQQS z6ovpr_dd)i{ZXJ)&fauE>~nv91(u^KC3hlix~biV+8)3B3JLa!f&(XMa-9k%%#M7> zO9~f7R7Y+`KbB%#N37`5DrG+&PjM@8)3ipQBmNFKFypu_GlAcU_m4{RJoiXx_ zN>BulIzdj%(6-1yV!Lsho)2P6Ev-AgJh0`lXYrPooowC~P`bT>$M{04NZYb|f_}ZY zP)Pzyo;Vq3`Y8W;ctT-i>|n#g-hEh|mq&sDz_1oCTt!x&A$1>TmM4!dW|jRgOaOe> z77n!Jf;TY8MdXLPg|V z_!rm0=lEeZ?FLSC4irFy&I0#>vzjIVrKdd zpW$}pD_FYbu^|h%R{+=dk9Q{V$miwvdEZG3c9deCVWln`%u~&?eqU#tGmEayz5bYP z^Cze33i&+#_`*7Mfi18?lHfMittFRycZ$zE3t765B}rQr(h_(1+lOk$` zBBE&4v`9%rtT;Y;OnFARJdW5KhYK8{95F4ZdK(={Ej1D8&oVRU!fo{!SD!y2zxw!PV|zwaEV+90Whma&sQ17f*8@X z!{jf&UjC?}QUkEU|FG$N21Cgs0%b^Kx%6wBk19J|C95R)GJp&H>j+Jnp)%AMkYrI6 zhkI@d&u*!HJ461@mgX(OSv z0oB_N@yYc;BrNSi=?CQ(KxMz{(pSvbOHj#Ej$gN42i~ZucRP%*)0KOv1LHt3tazze ztvlVG=v;3tJgviYAi;;t0ai57q8IKni?tnXkVe%Un)s65Y3p2%j>U7n{>@lcI9Vx3 znL{BLMtVeznbze&wba}nnYM{8l2``JpdbRM&SAn>5hF+Bb}2%?&#q==L!3cp*?~7E z1T}EyMqphsLRm8|={Z@QreFq-5r~7BLqiosdpXx=|Nc!cD>~qSh{7UBv<;!$|Fdr8 zv~5IMjce^pdor=~$DixjerKD`w#_Z!=w7$wS^@>=G<+B9>@XZ3$|YY+eQiYqn&E3V zVwZhBS-*c=b-!rw-b&8ax5;VFLk;-MQygmljfjV?WW`8BffVv?5(b1!-_)d27n}1#;{G+M# z$yfAg9WgmvILfvgdv^E_^6e1i9H7X`exz3a*^~EW?R~j!McngIlU1SCMdmxFHp4eq z!&WauaBvOjH%nct`9IIdeGy_3sbp9|qyeC6^|ndQ*+KFA}{r53ER-THe;y*!rWO zP%Ym1^>GIdg=Vn`=gJ+9pgyxjkA#e0HB7nN3j>DcjL&K{ z_5)ifbw4XwC}cQ?i% zcZcwmPtV_7;5nJU+nD_?*_Iun8`qstJwk z;{dKgB|4_49y{U2^;k{3v_Ym1+Gidz73o-zQoej^#G zCMVwr|T)oo6R zRle@80431HPp#8GJaz`qJPs@*<&Mq}3)2%VJnlT@)Th5kP?q4bK0Yrzty8HwV86em z@ovRTyU}Y-O@QN&UF7#4Rbb)r5ya;#1F>8n(^GZJzc?T~x)SEHyeGD>KDXC!m-~DG zW{n!8n4L(`ksG3)DZgVSxi`XUyLd(;U6G6@s#b(^f}91HT#PkeLPeC2X`fkh)#fuT zE-wTDd*Q)1*6Op1DrVRh^LG>n)v`ySO|Fx@p@?n0U*guht=7*Bea`J%6RrKaqW(?8 z+@tA)i2E(XnWBp=+5A3`5DqD6fZ76F1+sXPl@3Ri$FFXF@rL+&L01h8il4TwqnYKO zY^{Izk&;vZVb9Wx3Y?LUT6`HFIPQ^Oz8E+M$~NzuL`VwJin}$3Fpf1uP0W-2Z%BD7 zr>N1nxc$~B3NQu+`poKXGW3+f1$u|h=Fy+GoBWwOmfUE4*E7|j1=a7xrr3ZIu>qdj z!ZHzcU^PQeFx;cWeOe8l7*X6Bk{hdBMkbHIK6CLex7u4&osWLL;gwl>oOFGGg$=?r6Z@_KhW-5LHjL zw!cyC9js;kz7TNU!%?$MO|fVZG5hAzkN@KU-1QSRW{uw?>GTu?)nft4!Y?K4layi* zg7F%O;gD_9<*Y`S8yMtb*of?1}CH_LzMs1^Da;y54)R9UJ)>mU?1eCEQp zAX3xU4hBBNfnDlqf#I9XAv2Pn((V5ud%IjA-}>H#kCw*aY(${>xtPas;^ zdrF%l0rm)5$o@M?A?&?f2`&cl9-2=5H(|?m;y^UV#BcFx>T|Z&GlmsP$a=}0|<%MX-7T*)*_&a1Z8vgg_d%Rmcu=95LE7@yA_tsjy= z)tuSO{N5VhYWYve1rf}zeKq$jERm9h9g>xLzUZDbIU3C{mZ@K~4Vc3hc^?`A0R%=Q zi*xAM77J7Y?lW8CD$8C&05qiiI^ozbzX%*`D|fq%B(kpwh@u*3CgFbU&RR}40^BQ0H37{|mWc(dfx3qN z9n!;{yl=C;1}sf1oOUM-nU;p?wdN~?^+q2)6Ps+d>g|MV_4nt#=4lMxDp_(aoDCVS z;M*BTc*k;<%}I=9Z$jDKn(MPZ30c%q7$O--652#Q#~hWVEJzG2fb=B%vo@UpIz4O| zk2}ybjJ+K~K?}9a;Q!jxlU4UpmQnbTD~K-!Icr+7gfmyI@bum-de*P`o-Mz`I>VsbfUXuGgs|>iKd00lvcHVb zpyH}W!v~!AGxqsN=4_8lI}py-%&gh{CMhhu+`WfPl}vhddZ&HnnwxF_{{`{*P>yDCsD9qlb>kn2 zv)^4)E*7l;CF_=q*F*BJ1*PildE*czdz2`Y8g{B{`w#ze^dfd4H~W zvAN*0hW5YntI*5;`{)0?j`e9ka7yQY7ysX@c%RgLF8zPqdOjz`s>-vnk18?%b6%;5 z|HO-U$2K_>5^CvC+ga6pXryJVMZ`K7DPMlHBm2LpG=>la3X85nH(31)GoiHkMRSAA z!=o?sQs&?h6HNSpdm%2_&OTYGOmDsLqR*I{%_(=^nW@Ej&yLTX6-n}|{QH&dFx9>9 z;z7J%NJ$y*YtdNA(p!;p| z58@<>4-6Ope_`6IZ0-FUWizWHUZ-eP$|GTjodKuEao@~YU#8c%??YNZSw;=7`gL!^ zn_XKCBfNvdu{T8M=d`c9`CWtV>fu+g}~WBF^a>C^^;`cn$rh7SDY@Vbq4<>t1Li*Bef#6kmO|QJZP$a15#r zRaDjhB&L5Jk*|*wyqX7_Dcs7jf39HO4Ibs+lfS?x^vV5YFM}RfkUR*{QJTTsqW5h!vXQUFnrUl@`HKZzrE*#gP|9^<|w zC+HpaYS*zD;yO?(_zLwSoF=puG6EISD}zr#an&I#Gw9Ct>=TXJK7H9owr61Fr@`S1 z8$ylP&+E$nU!~AAO1qDGzo`xoV`?bhP=nO#14XWfJ8FSUrWrMD`2`tZLfmp>9H+~c z`nkJ94ozGcSgOL* z5{4&i?pw)DTIFny+dKyrRo&(VK4L$JW!dCn;7}9nXiCh)#h!9n8#RacCB5TkaJ#|jYbo-Rb5W9Y3Cv1+VQPK2-pm{9_no6A};(T-+fqd3pb zHJ#iR>Ki|k3V8HfNJ+f!A4c^!8DkAS87QsUyfMW3eN=vpwNe`8(jv~etDf4hTE`q3 zlJKv(kGQ9L2d4&KgP5QZJitgwF?G_+2{a;2shxkdP}|JZm#J!}8ztk=Q$MQsY>Szs ziAT2cJDt{ijz!GJ+_kI`Q`7{S_9{*yLOO^YssEBw z{GZV7?S}7V9GYDUxaudxO@`}q)D#P{Y&;33q8UFl12~l7o_(yHq#{*w9G7!wY-wbN zKRKJ_a3|wKlIr*iO3XX1R@X77gB089Dj(=}e*C5<@R~NWEYzL|$|k}3jREZUBb2N5 zyZ!y%_IVcUJKi`Gafq{gG@Q0JY>pFqxsQ!qT9Y`~4CVMO8{;zW%z(Bf*^S4~r|_{b zYl%C&noTM+H8a(S?P}lX&36Aam6MOMfx%VhaiF_( zxXVNR*@g!{&17L}pnAj%fy2wv4WWjGCq{32702QhEtV~G2tb`lC$96HG$&X9(yGZx zurfY^yNy`69v_u@eIx%cs)50Bx&;g|jSEQIvOl$qI;D_2JT6(#*0DgD1**RRH5 zJV;_^T3U5`4=ysC)daS@z3KUb`aazVenD|c0EZghC*G1{g3mfLcMhPqWhS}n6-j3%)fzIf{N`%s+Qy%@$**yVHVg~5J$Z0a7T6F` zv}{?va1YUOb;R_e%9D1G*}!W3Nk+WYhb%c1ST`-$hU>3_!K1gMw-yd9UuFfBpd1C2 zzV@vX=|$o7&43crxQx&tqWAg)nl`@?5;A{S>E9W)hP_ee=VVsAH$S}nrM8UcpYe)L zR`5pLdHTIE8P>~zo)hKi`iDh}IY}l}e$(I9rY)|Xu#}YsN)RO>c}EU#5IV#Zh}jer z#AWjn$e_J(J*;Qm);2b|o|ecW$wo9J)az!mhf&Xi(ctF`H`;3)*WT;uIcVI&#$hgq zgi{6Zx&U;1jC*<0=#+JEJhA2LG0eU7%ha{%L)dYw#hDR&mi5wfcQWPzQ*x={HpAG+ z@`0n*x|f${AK&DXE}k&8Q#rs__Z$C8|G{>;*x z9?0fd{X;pO%#HVV!mpegIIE+rsa*x>*cWBKeg|le#`u;LzC-@*y(52|Vc`b{&m%Lx zA8ITcTEW8&^7q%1k8pDY!FE((h?Cf<(fJBI?7jQt-n-}58d-`(C2@W#l@)IXH zq?luNI>u>YWcT8>IMXF#2gs#DyO-a~Tt|hsBTTEZLF?0V+iwrzWFACpp!~e3yYO!H z+?_e^y2{xo*RQKZ2L-w4*ul1x>2>fF;`f_B+s+!NLo&;DA-499BbnoAr|$KIC~xJR zcz^q&3f+M&V~oK^$w<*ujR?`Lt`@fhBPVNJj*k$Yp)iXyTl`*U@M9=-1z>~>9C=DF z+2l@{^+?j`8ffIGpFsB)p7f>NBN-c`)VbBI`WWZX@RHyCT#927@AMT)2Jl1X zJwxX8jn{>cV%j?^=cJ&=q`Mzg1c#LaIkHXjD1;2bAkE8=@ufD&>>m+>{`zfV^z%U7 zw2OH_Y?ceYOw#gZ4qPAWzcVnQ2y)s7-;a}Bs5d_EnXa#$`CN6pmN`G%3G{9+K~d2u z0MdlVT@uPTRDc>|`=wFSDD{+9$qV;vAxG?73>Lu*}gbj7ti#~iosW>tDO*)=FU&%YzOkf zC{qFa(CodVzJC}ST3DEJI~T7c*llqyt8?A)3081hJQH-U0&epxp>X~jSO6*V85b?kzM`jau*RQ&CHB)xIXJ9^gw$y{X%=H zd*TV7=oSR55HjuzDO$8T=0MF@5`zDpY1hgmc&bZ{^h^!rAto^c+7xGR_ z1c$(@ebGojOKug^1^Je8`d#^#zTCMImvT@B!YpXmB{0&X`BZ=@f z$wk~OHFWa*jsW-c?G?1*#=H_$FhInho2J>oUb9AcLZ8JWHzI*awT%|I*TNSj-p~@hTtBY5|r|9EOQh z>#k~f)ztH9$l@ryjfyC=kY5wxeu!?Hf8+DV9M4j0+BRXls46w*UjS#Bo_IfE6>#HL zo@z)g(s`S!uCbe;88FRJ-^lN1Z>Mb;lNKiLLp}F|)o^BW$w%O(p?TUx(p#5aX~!vd zlNGb4qN9E8<9fL6*QA4wq>1O7Na*KUc>$yJhI4y6x<@F1w=xj~;{8D)#v(K-!b?UF z7Oz92TVtNi{_yyZ&qr6EMqfLdKjhAxsqaXzeq-p4$3ZWe^7(Up_0iUKtEM z5F7w}+UuJ7qIdnDB^Rb*Dzwi#(5}9L!Wfh-6WBmN?KSN;pnL&?j@!A%bYvtujAC(E zU*dW$CJ7LGgNKj@a>zhIyvY-ixoew-Zzb1KxsO(g}XG0 zVq+v1WyQ%itw+oHr(&x3LljyUY7g$czV0yP$PFL^zMtd-lSqB8nC#Pxt>1$mzPH}~ zB10pgCC1M~t5^RA(PEY*Uroy9xEHVfa##|9d)$!gbRf5Jij=3VT?~L2yvJTW123#p z&sTvOoHmxWkzSyKIhBlAZ?6RD4!kj(z$S$~k*NEYb+DkV5= zsTyR&dN5OF1Y{d#8gb9{w#hneLy8{HVynAK3X3Bxm*A;Kv`N_KI5}RqC}P#d#l(0G z!ms+34Sl%E=0y{a;g1;rhphOI$l0FyOV9{s+gFw0#xy}i6OBgDmC1baXUk5Ai_-1k zfFQ*4OJOC^e%kj;7p=NVLQ32Wmol()kF2l7^%GZhLQ_{5cHWf1>=rC%hGY}F z9b@~PZfH~3hb2%iFJIbHdEga?_!M3Xg9|UTmKn!zjT?fDY>xN#^@id0wX+(iTlv0m zho7Zvp)eO3O%5>^cJU;8iwkaLpFEW3p2j`;ppS}O3kT?u1N$eA4FYjKDvjlBdpKi0 zgf{%1)<$a0m_3nHBWof~bJm{F$*|2Em$py_1Fwo2b#ZFa&YlzvC9`A15`Ms!{$t5+ zyd=@l!54jHp}gRA7cQry-QYe%LvACYI+#$Lo;cl%G48_ua;xkFAVGmIrvxk53jqwd z-IGm($8C(Oy@C5g${cw8Y}t21D-5GK#ONZpWID+)v}TUcj$vTqa6Jl0(Qf5# zFpoMcG+=|Eo-Ogo$n|n0LU!$oCg-2l_!F;rXn$bxS zM`YH{9fNB5^_0Wv{ozZuL)x-J@?(YMAZ{B84#))84~)!TY=~}(-y(UKCfwZr8e&HW zBnvrf#D#Ta^xsp-+dMU=e;N(f8iIL$I|_Y07&zw82h(fF%%U4=va!o%YM#LGaAq_@ z%NO0DdVP2m?VOwyRm*ja{Pu?2F1LMP^N7aF8PINf1FUEK4)l1(?#m^wt;>WaF?)ky zajZp4GvRg)hfOfRQ!ywHGeip5X=rzHK~fA{};0jo65`dyrB zj}HId!n1p3h{Gc*#e3zXoqfFEE|~I7l;s1uVpIb&2vhB%Y78d@{CJxHhB&G{KgYcl zHhHg?n|E?gYF64>!CfDF>K9_Q)?=gcGfZ#JUI^aLmth2e-3^`k<*G3%U}?^{+lt=T z*ytfsd*`|Z{1E)~dRa)It^(l8Wm=%N)nWV9!j4IUIukBt!Wl#~RIMtQM%JkZ$kcpO zw56z8X~=A{6N55hRowG3#^VaYHWspg6ZO#Md+KTPET2T!NbX4rT$Y3Rr700!wr*o0TE zu8i#K3s$iE6n|c$brw;xt+RWtjS%$Cyxa>+4!9J~x~3C9s^Dvp@@;qm>SyKGEJ9}K z8CmDdfwe2?jg{HsVZwzfrF;N$^bScjJ2D8<-#%nT&(Z{QzL|vUOhz~GB9U*h1HHojWaTIixmV6!k_J7Oq+_MbCG&w%grmprp~^s0w9>bS24H>H zyeR;$_Roy~9!*O?MQ?7E%)!T>guGep`31bTrk^sGg#~A5j zU2!syFK5-nF0m8^Y$FHQyWZdI-KwN_ft2X3Lt$Gisr>;g#$30!D1tfGSe-H}$Mo*m zxNiGr!S8DjJ$tXmu;bvDq3_goEejfV;lc!K=~m~Whph^KZI8z%hE>R#{gZ|<@j!M&UaA)=4>iuYOEm-zJC0T@IK;c8zWKSJMzE%3F*)K|+439%H zPj`2(^h51S60Ygg`UG3J1XO;B9hLAPfHh19c{d3ZTsh7Bs1iKfFtH?jx2)rlIn$ON z{??)X{d)DCn{AhX2r>8cKb3jh+?`e8aGe1+>Cf~X#UE0wF!OYS@d3~sS}&>#d;H|aKX3Uz{QRX)eo|r<9s~I%u6iObz^=1o9=Y-J zgV12I>j4u}o)S`mRn8I;7=}N@Jgc7Ck|B>1r)G^Wrnba|o_#Y<$bxml^nrWw^*_ou z{Ku>g>URKbk%hGTTbXNAkV(H61PF(bVs1>QY!ZFAw`hv6M5sgkJh;6ZGxN7^{_2MM zyX)Jo^W%So()s7_55}Rg8Xa}zK0umLKPG(*x8@D%@IFM;9i+t014KvNzh_OhL@2d` z)-hwS;x~?ZQm`L$KhsQZQ585V7LGpgf7^Rtj4bHIR7Yv^FpoxQf9u&1tyz@w3>AMZisqdy4|451neaurq%Ih3yUJ@^{9wu zLPtpt&;NL@1X17xB!l>Ea+;lPqL8(q0yvlE_T)4g-+GX8NtPmLpE@E-d4y6O?ys4!J$2L6X z&e3bFX!(-VI9nai@*8B4n(V& zorT>k&MpnsqZKP9Bf9nP6?5xj*$`yWtDb3D4~2f-K%C3lZ?I}|9W~>@O+a8n8wN`RhD+ifs&=? z+$59ead(G{iJL=Y{sv~n+wb#5dT$s;y{;lqZ;tw?H1rDEua#wD8Z`1Fl?Hc7w2Sir z2$}#TJ{^3yDHDz*FD&@2=Il;#5Ro24m`nj8e^s#j=j59JYuk8h7;Dh?cVS(U#XFRm z^n|D47lF{s$)cQ(3VGX&m_l_l`NW(^tV{Z+qMIEk9vB*QzVz#VAu_IRBIV!S@GgHG z#~ZQX#$A*KGDwS7zh_QzaS9p2LOE*UDuU?$Kox^>{#ef(SM4{vn8F{G$SQxs$xM6P zKtgPS*W{lz0DfZZY(DrER=0Qmf{(ZCm9xb~011TNd%FQ!fya}affN0$>%MSWjF-;> z_F(O*0_C#>2mI@8j}zzdw_n>M6 zVBOIO&{E(y8Jx2%tjL-adu2v**C@{es0w%!vnoscQ(fap=46#vC|_m=a8U2;P^levA;5ey#b4w|egsXRgUiQ=6`^{)MaqTA_3)`$V8FbmjHxBj zWHC)hG1xx$18~xU9J?f`&uKpy9{-_d62#`Kf#$#*UR|Rk@?}W8LilpO*_1gjBXng#Lk-E3*Mj|>a6Qi~@63m#e@&R4SvFo~HHA|V;hZ}1GKE9bn= zHC6=YeXZz=Y~;=<_~YS!NqxpoI9kY0p>(?*lz3+Wcrd@SoeR7R7%RSfo7ED~Goa3K zntV$l(rc$<8Jp2Th#Q+;4CB3Dd>dz<3?b^93U4xxK}WE%M_ZRWh_* zoXUf4jOCf~v?=s*^a>Vrzwnr!e5dG})E~yd0q&=k&g8Ty^S_kSM4I8NFOp7HcUO5- zA1V&jEHZkLbE|OnyWl(BBb73m^%S?4(K_5{Y2qm9Q8mugh0Y6kHW}=5UX@vuKMn!{ zcEaEQ8kcj{=O}gYFHar>H691*ez`!gn7|@CnWkc!u1t5Bd&p&F9zq?`_JCzL9%Pl<#GGh&P*kF&dW;_s)IqIAM7zt0LQzaGtdd2qS_Fjf7q@S^{Ob zQzGH*m%;>e_u}2&O^Ec{_5E9l_6;g(yt$J=--amUpxC%t0^%!xa>VZ*u>uoj8wj9i z`n0qPBN<0Q3oWKTqB@j7YcTenj&tD%8KAFiuGMl#S}30bv1KF1F4Z&ZwHuq5rXVIG zrM4g`C0p6sUA}{G>&=S7z^%EX)fZ<4b8W+uTJubZOXo006H$|oF&1#|7>tf%@e>$C zGg?>Z-b>YdL+~(V3TQ3S$ySfrN_fs*@IKa^lttw4eB`1@f{UZr- zcq4wb7;7lolWEZ(Nk-)B;CT5+I>7LkwgLZ;LAjxxmE`46+K7?F5(ihliO_`1PlKm& zi_>_;l13rTs9xB}xhzEpOoA?YILe;0trWjSSq=G(&4^xpThP*e>H!&P4W4=u4Y{ZP zjcBTRM@3bf-KinMUW-ZI^_hpyjwTiXeNI5$vPA2T;~S>s6MJKh==!lNJ)ABC|5(WM zvnLKMC=Ga4eVG9N9V^Y!?1Rl;wBn$A|K%ctLWMRlr(EYMvmh5G4U6+&bz!*>@f2t) zhsT3LWQaT}DxZujno1Uusql^?$&aSvQCZQlu#^LCb#YO>08L3!kY?#Vn}mzCdywA- z_+icuM&#UiQEp+w&_(?P%W4;k#6L=XCP2GS!(jqo;$6wx80R4@JhR0}CwNR7Z8FpR zB>}yFPY)E1n|(E{Z<@V_g*UMQUk69KKN;=)$?$LNq?}NpD89u;y`{cXf15-zp66)2 z0>Vx*sb=i50dhl0!=4hP7zRK=JMDGH`@acmrs+s*@D{iX(^j-x zANZ|wP+%zyhBfeD*6eVo1f#ZE-IvkAX6OjRbU+bPmA79L*Kw-&W zh=@g1PF0TBDYMava@Rk+BL~ zd%odVSE;5ycdog8a76R?jmX#S3zIhF&vwliL+VOau}Hi3XZ}1eW}O-|PJPo>$cKGwuF`9=a$^ zA!`=^fbR`g{vvSDeI6S!>@;*V8s-9LAZj_TUj+lm6d!GD$&c}%zy35WnAm)H8`WrJ z%|=17x*|2L?bSaZ*6NC&NH--q8Z5oy#qDZK;|pBgc%V)173=K|Lu&V>2&;o zJb$Ns+b|aAP;swmT@1OeY{VK}!=9EL^S#dQ424Ey?z5ImH}&e|wAW+SeAs!4qld9_ zZhxu0**n}8uKc1jw^AzpjzZ4A2KVtCUVVug%&Ho!U98B;X2M_1GS-U1arCQk*1es! zq~{-1wAnDfhL@soy8mbeY*%12p#eGx&r{9mAlhZk=>}65*I?Wvw|BT5(q}gU5>E|V zJyVTHk1;;6@Kxvt@(9Pzy_Ri~^VXRHxi$J;fu;wP1zHO^3VwLODB8VA@|-0-JW@rbb&bNLN4~9d*>rJ`irEPM(Uu_kdt(Y zX@AcCc!l)WA6WD479NdOw6{W_inWFcLGaG;<4MUQUP_%+bpQr&N|f>1Qcu-mfEmj* zpJ7IF*3%SN%(Az__wY-{&0?GT`0`OlsObt>)x`calYcuzcE<$I$|hO3MGV3@IxR`q zHn1*QMyMMHt_Bf|Ic{fCOvZ~TPT1aLIHG2zXyf6VN@}*-m6JMqImkS^u0{Mqp%+KN z#8s|z=z0!DuQWYv`nBh!y9R-je#L5xgWg6nyDFcvaFQkpAlv!wPr?8gfhBpSHE*id zGeaAqnDXL!VxI>t*}Hm(5cf<|Y?96l+ao6f39DT?jk&dRyULqARL?ZMJP=8uAIKOK zDoyG!q=>0{rFM(>Q1v^S!8C2VY2iet8>Tn(F?S4N-eAqUqQIJju=z$W+kz0qK2fOH zjzHG#hb5_(uNbmPX4& z<2jBoC-cN1atl`iD>n4b)1woJHeO>iF4lJF{k=Vx&;2d5`9FH)6=tX`A#&(w&?fZ_ zH2xVdhCv7g7_jgnvz~tK8TLq5EJ&2=hNzp#=bqCr{qnDe0BJsI7ybq@N02-+yHS`Q zRJRU-!tgu{^}D#>@EU)Jyq zw&JpjJ#K>|&$j)2Uv0mE8E`bF;v)(gu1o0?lRa(KT&Kv#aR?{0C*@60{xRL+nhejQ zZfjtAwjM*loeOY%pgbNI`i!d8!YordTyby@hdzY9Zh86S96#m;XRSrC*lvs&S~0P3 z9WL^0dP-~_9*i|9r5HVY{81&^NKVMXBpnx}kZRvvpVikGL^MRNjzSSpwN3|O=Vo-8 z1*mtH>w+Vu@P}cC;MxScRaJlV=sxce50p^aeLUMx-#2cTh)a@o?K!( zjDmPLU(wog{$}Y#nUH<>UUY!I?1m@dI&|Qf>F@~B=&rXekbd8r6n{B~6EKdf7T6VC zhV4}j=(74a1umhc~jlXR{&2Y4QH(Hsvt)`N;)q({6Oxlb(YAan73bBa+9?l zT`V~_wZug)M9_^Elm|KBz>}=oNs(fwze+Y|#q6kvshU-52;T*MaR7Y6duvd@`($Qr z)waq3s|0FA4LiK>&M1%Fi45I8pQn1Cd2TGhoa9$6pluDK?j%^ZYvu-3`n5zHgG!n> zJz!S&_A3(lIFZkKXW;W^^c5aUmM6a*0xRERZ!9R^KCAy-2WuYHeEU{dXvx+>j}|jt z+NAwUWk0V`>sfBUShuH8|2RO^U*i;VKu0|-Nfbg_)`I!_e^eO`ffNMI=rr~Br9jTU zaWs$yc@KjxP({4_#M+lXMX;IUuTJiVrmt5S(X;qAyt!+Z<#(xH4-kGZTj75lhw`M6 z>?+!bLyxl0ab&MvwfSB8eSdk>`QK+>U*`P2JXiir(k_5>czkqqFCJa$7I6#iWd$zu z!9P^P?r+GF{Rz--`Ra4u%6bSXUrS4jA@?>ev{M`TLG5oEZ?7a`{Sc;!^dS38C_QP& zqNm(XqE4VaCk6By`dObD{2JbFzdBU{}-1*#gni?oeYkNu%P2Du{iW@ ze>&tjZmaswUz_N?CTTx%AR{+Nc!Cl8xD@qaHD?7zIvT6dH>f=zZBew{{R$(`<$^3)8 zI8iS3dFC%(WA`iOlla!NE1;bKxd+ue<9pn+ZAd%7bbwI~wq#F)%E)iV@$(Jv74iuo z_WNu$Q-l4mbFY{4$~L?$JwJbARZ0HsrvkO`jhU*}PC4*-7s(72Xo8)jK}UpzL-Bkk(bqWtX> zl_*u?WB|lmRH7m_$mZ>)ym9;iYKy1t6JKnrI`j)Ni2R&%XzN5P^l|XAc1X@~q4#?H z2L#=}_Ai69c4Gd7XIk@10YYO&y)ujx%f|MQBd7f0=N}qn1}~$-7rfU20d^F5NpbKU zZL8b64sHAh(@O8=o`RAsBZqd=_r$N?T(({ahDb7PWL}_5OXHkf{||fb0T9);qzmsR zgJcjC$)F%vvH==JKm;U65D)<+M+FH==td9}1Oz1?B`X;vN^B&E2uRMM$&zVeH_+Yt z-=248&N(x8{<-&^dH3Bn1KMHjysOu)RrRf^uN-8S21n}_!o=oH)<%6TmF312T*L~? zO4cpVO*OKxHk`BynxkGY2rqwNjMx|-FrRHA>+?Th3c>X)rrCszgEb42CxP4!5dGYU zxU3dW>8a0? zq$GdTv{}AF)0laoq*>^8YduHQ@{i^{pP1}-Z}~ok-F%Vm{78IsDQOO}zcm)1g02Ir z?2|Ce_uTX`hlEM4-eOsESCoC9n^7t;cF=-A8kvvSrBo#YykU)erfd<0ns7*YN%@m;^gge!=Lw@MF75CGjav`<4#zP z7mvR@El11`>ALUOS{^Lsiz3Dz=SxNx6u9xsMu-(=Xa<~#FDVWXZ5xGZm!jBxAU8i# zw(iW3dheR-*sVd)i??DYgUmZCKl)9U7!{g{GHJo?h+ zm$7f?7w_61AZ!^>>gQ3YM8*c~N<73AQ_nM4Cg*VGiQ<}qoAV0aTmN@ES3us=oDVoOj`j&a; zu_g|QFdu%Z$$*Qxp_A&C>!tjJ(Fi?EVMQbqMqGai^F2&5yeQ6SU8p7Hc9F^b*cnBe zS2zt!<%C(-rYFJz{`CR&UOT}H1Z2Jka{A`+M7@Rg*50HM?yWtaEmDB+YwurAz-~gb zA+%0VVzTRK-PfU0nBs;X4a&^sXWyPIznGu9%XP)icTeMVbFXZyt0hG44OJ#A^w#Mu zx^ksQjWzV&0`$Lc|AQ#D#1V~}*@*5NT|@{i!$HtE^%*E1`tn8iArUpJffsmeLLe0b zfepy~ddh=|T(aDug~*an$B3-J(Vj;VI_e2W&&rWbIMSL&qr=hod1NOXSyD$9|1*#!jsI-~?ceOl{kLOp|NDFX6IiK#$9?`2T?slXu~_Ikr20J$T?}u)zOcm7?FT`{CujPo)D@y90r4r#H6;P;-0=cuEL+&U*+L zo&^D(Sj3PVMEsKH^b|h3rF*b|I+Oz*dV|2`2G3!>?mKfR`llALUZ{+u`F*W-ljT29 z;{a|D(Ejfk9FCU#BV_`6{>Nm<0dWDM(tBvaAwQbHIpF;(O$wb5@v=93_Y0grQEbHZ zyN2GcnUjAd`{Hk1PI)mO@%4&3j)53#xV%sZ0({h{Dfj{1%`}p9T^#-uv8tHZdGq&O zE{8M|;)#y-1%U~(0BJN)X%=ETaNGfm7#Jb;Gs>ILm7BtMI8cU{R6&53OP5#&5zury zkU|VlfBm^QTK*4{3$4x{`c|$Z&*mDO5O5o@xR77=Yp4GM@!jK`rQh@5LB*7zit2yn zb$-H}c!dSgfY{-9ZzA`56$c!rLA1`L?sg*foRX{1P?2i)N9=KeF>cWieS-rj>bEXu z)N7ie`O$7aDLvW~(cm-y9REXIoZ^8$_CsLeXKlBm*Z)-+{JjO%{+8kN?@$}`KF}oo z%Mdh%hd_}#(D_>*R3Y~a6o!=9SJcXzhjE>_Od^~gVtsrF8(TzgQGSF}8KmZRIBE>b z-1kX`Aws!YD1^o$jU>l6jHq%UmGHRjC(+}R|6&g_n_t&?m<+AQ0&B_oOj+5O?%dGzQo|Id*dh! zN4X05e^L`H<8QYye{XLdegChMTk{{n^PJ*ipxo*{NOugh5~G}Iex=)^cml??2j&k6X6fKE{$&VPg7;5Bh3*q z@;?T#IYLH`5R<x$`=8k{ z&ACa03qtURGgO|*aNsvQ4p>|Rf!Rqo);LxBHyrK=cl+nZ75{m0w=1ce`$7ayOG5Iy z-*-DbN)30&U53Dq>aqjdzbLpx;EyF7~gl zr(OMC#2h<>blrwt-A=oIT66z{a)J~bjv%%_?Zo|AC-4Yj`#%CD{WW;$Xc?>C5yW-` zfBm_M@4rWWM-bal0MehGe*9baKZ4kfAh!Pq68o=Segv`oV`Cuxr^cKdL2Q3Egy3lZ zza82;g4q6a0KpN=_P4=oM-bZ)^!5*f-i{!)BZ%!!51IVEeXu!ki`L5YMp#7Pi%$AjAiTzZagKWPT!eKhkWod?+k903K9tfi7kf)Ut?p`?p4@(Zq=goR>NTy}b=*h?pU zQ7zU7`yQ@Do|Fy5?7$DhzjZe4|K;sqf(C8w{B5j}ERqwpuH`EThFVSex_9kdeQs5i zw#Kgx+wpR9$CuG`vgga{Te0?`MjCiq^DC7&*-INdSRZj9R=-%&HbB{}gYAa#ma$vu|qdy+IC@LKIakLs} zJrc{$u6EQN{_@-(b%%fH4hwse3i!r#_{JO@?~zj(#%DJ^c``EPu#*b~0>>@lSYa(t z%?KGN#QRDu0=o`X)(g)hGNm96j?Y30)f`t;Ob*ZSzf^pj}Z! zSiRz*d_>Oe+ZJv;fvzQ{x-@J1s5<^`%C1z5zU96MHwOrOfD;E}>*EO#@VQZcE)Z}> z9hfWmPam55B3jU=Y8|tj-g09YBA7?JbPr`y-FipmCl+K7^cx!{{i!9zPj}tP@uZld z=)&Q)_siZZ_xsFsv6&MO1S4vQB<(8P#s9!5S1b&fSYB4&o|TrQDnK+HBaN6e9%J61IbZ22l1h{+E}!+{6-RF z5*Jt=*r7#l`rn-Pt8;FdWEkLeFs9>Pp7DDclj12BzolLiXt^P$IV(v&j(c9lQ(7y! zM`wI$s-;it^2up_qe14=YZvbQe0|b3wKJcvob63D^$f>_P(m`=#w@tw?63taZiSX z3OPGl%Xm$BsNi2q`Kjs2bgv@c$uGNN>;B?1yio~w#z4!VdpGrP zodvgsR}Ma5UTIAeC=O=E^r|_Y6f7v3JL}RaTW-h~cYNzWt*#fo;hB-o6?$G)C}W0M zUL36M@X*X2SM#r=?Z{t{^^_Rcnj72pFXYD;ZW~#sPJe&zi9xq=b8D`tEmRytn0;-j zEk9I+C)7ZN;GGu^2Z{@D%G(B;3{Twe`jVLm_G#WPX!UffbRb$L9Ci{rPh;};5uYhH z9e;oTu$q$*Zl%`^rC)!yJUD<*r=Cue<3}4@fmuo`D0ck&Bvkv zOK}7)8IcOPKV5#&hkGcz4)E}`iNcR%`1a&1kx&fj5sjm@|E;8P(fBvI!`^mhuS<~v zZTCCSJDpHZu-^-4#qU5psUAXZpQlm&p4v4}cl9uOf9U}T`2Xw{y5WruHg>j2NvPT~ zSQRu-{UtB^yLo=R@YPJ00T7u;^r=))z`oI~Yo5P%P*Vi({<1(j1f#*`zwlKaG32o*R7 z!K~HFUAc&^-5-SgXb_0(rXU;-+6&MkB8uS~9SFQzbm_9?HsKM31>A$4l!q{snpHrm z0SKh7bRBN2CCxQTO0&wrS#be)(`f;#L#6wsAW%20zNAf@Fe@D;X zk^VW-zenTG(fE60e;nCgNA~AG(*DjuKR(z@AXa@r9nf@BL_PoM;v$AxesU()nZ|E* zI@2^AuOH5|$g45S`d8NiDcNJFJOWiAzl7Kv%>11%as)&DH_cwrc;H1BSzF1{#>uE& zC>VQf%uodKROQ&POcPCN?+IpvpQZgtHngC8+F#`Z&Kv^* z&3B~wr>d*^9*RX6or~mGYI|oz>?v-IGk64eAweNz*!7(>Ee8CQ~g>6Q1F%rw`}* z?FUVohUE9yAD3Rqmr-5Nyd=u$p(*pVry!-GwQ|8?pc3<=@j~U3dQo3v1d0F2O`#@9 z+S|2*M8S$0R3Al(p!l&e&%(O8)xy1}N%t(;c{)nuH>L|^-LC}9vn-E_&Rd3{j`_tXOH9dLVJh5vC+`0=>SR$-k+mbACEQaosj4D_FfpJ6Is4z{ zw+_47i6;(5!}sl{H9~fy$?IHr&g)RtH?`ZR?u72eGBn zoePrjog78;uNDsTD;1{LSFuy6;i(Mx%YHKix!sj_o9@rzJBuU)byvroDiLxOgO+D> z#!@;gClTf4M#fbElh!=y{@S>w@9>hC$ku1&&d#~3>7U9f999Q7bcWcO#@k#bq8+`+9GGiO1kdO?tijw1mCH4djx&#|kyBk(DPxP$raB)l|rT6XNj1@D-$5Nb%54Ah>xlM%#-t;js&3HZBybq?) zZ(FDd&f)v&`p5D^i!UEDG^_@{<<+DRyv9A;j4aptEoq2K7XF5xdb28V_Oq4@OB``| zlb;KnnU+=@dP>$UcNIJ|x6keenk^C)HZk_Cse2^#Akh0r^x~A8ru-6nvA-?```KYSSg-8U zpltC;wD0#@{;C|Vjsn#|m#Qu$9!NLsJ+(kd3>=m(Dhqe}8*Ls=p*|zn>cc3bWs@G} zcir0U0>mt0m=w4|!--*a}^Ug17P2zbvCy_`=opt%+>5v1v69_#&mZLmDVhZC5qyniR;0OK;C4q) z?Z))jR-s?<=Lz$sQEZbW!yVj><*jWM`Ff*Ys$Z10c^to$FBYk=ajC`D))lSLeqDKM zf!eQN?Kir)+F58KtT`2DWO-~iz>S$AlRrX7$y>&)>eYPoyk$}aVIu)&lxHh(EAIFs zW?!LMpHO_jtUHUZxz?fOUQ}p{O}uZvs#ke!6$iz{w#e5S^L6|{;Y=zg51nuE=jyW` z4>dRG<_6y)-c+s*76m%>B}~XH z3>1sLty1%EDO!}bp8!2X6oqQ@+xli^*L7{+l=fa~G`PfRgJY`{= z!t@5M|80zMSX#@2bevyvH(H}`NuHfqgCc$IONn}~Kibb{(sn;7(0Jb=x^|7=dOvWP zSd*%ue}`|%l4itT4!4<)vuqN6SWJ(`1uE$|J}8xCv=DF7SWqv-`bbPbb27!s-To}u z{*u)twYa#c&dXlUyvV(A(b-PS+6mIKsbUFYC1TzAZbqZudU~Vl+6i7C&^4WehgG{z zS@pI5t2tSYj`t_{e`3a**4^VA9ny5~Ev#wip$K_$&vytHOm|X4M*XuTy~y_k2j?vJ z?Rl`)mK%sTS%Rt_A>QkmEJ59|+&$zVq{gNE%>G=Dp!>eP5H{U?0}*dwZd^~uD0jqj zO|_j;$2q=7#S}PKM9dSaP~n4PgwzcMVmt9eub1=2$dGaH=Si8E^3>4e;C&9|8t;1h zVRM|T8)AgGf>=c@6Dx@phsO|OZvxyQ5JyuQo-v;g|0!WAP#7Ms;jkoc*mii-NBm1?eBq&4t>V zCQWbHzq|$NF>a->x*ka}MCn3g^!J{%u^Jyt3FaHRabQ6I<~J_4M|*V`ca2RAS- zib-`vp?nlyY^!DRO4|TmRiu33HyxUy5%2Z!Z|UZqqN1YG{dXvF^8TlaK)}TkH`GEr z*KaKUgl))6ZHq6m9($lv``}9F7GWVWg^;)7BvQRidE@3+y#Ar0qgiEmIh=8kTWAxG z+~qPF)G;A4`7KU|>D%hn+r+eShL^Zn)Y~|fAj-|Td2#I1g^16|XM$u$YjxA(UTFruSG{%!{Z6}HuZ=um3(gqICOVAA%5>RUj)m{z>36TXoS&NK%*Dp=NsmPGwKchmng!Vo<}TqSqN1){oBjiqjmk`A82jLd(X^wr31)!_wsaxl zp5IrKHT5v|o%ZXskSHNJoD zOAPTq9A%%B(r&r?vhwhv^Pq4Z>6fuRYs?zD3C)2s(I32YIbUa16d_=?NuTb+nH<*$ z88d6{lI@X3fy)I>`P=>|xranK96ZZ+X0{RQF^+aLYYlZ9{Gl~awsc&=df&U9`-ib{ zl+nJ8v1JNj-uTX5IO)M*m-uFM!|P3rXA--S@YZ@oObB)?aD+ahAaEuizj8im<~$ou zT;LA3xryx*oNS4Q-e2^cultn>Kb8I#LuJhYEgJN|{t zR5WP_PiZ})%jWBIr|#`icDI?M%NnU<%#UmJmWl0^p3+5YD1}YAhy8lweuu{b48AOU zUzU42IwK$IFt%P&vSwSvqk+4a?XY);tU^b_ur~VhnyBN}?eM7zZMM!m{u%59p9v*>NDxmz*sp0JR43u6>tHB(H#f@Qufz7Vz-UD|p|^7Z7y zKy$Z!L=AE6p{yR|d4(X^m1vH(ndfJ!*?S!kBRU*y6>y=BZ3Tan{2IEY`cvuQrKQ+5 zcUQleXf`P5~rh>3?f(Ak=%#O@~>NnO+$SZN<8mlc03d(@(BJj1emlN^`i*{1lpkJ zaVUF@2NSetxjhX6F;EWBuc6}%SD^W127I&-6gduEEaK?QN76p(VSnbS%HJ*~(qv|j zE!Oj6%wUiHy0tY4_j6}VCMj8>EmVf^+=(| zJ#n%QTERdRNl`m)#rjP+2e$JKQjtke>(aJ1g!u)?Ib@`f6FK1FkRqAvhYm|`jdkQ% zUkDc_xe&mrM*;$L=NvMS%#e1Z>=VvF9?yl|XnZh`YT;?osQXogwA_TY_(`|I^Yf5D zhx$hg)u>R!7H2B44oWY%VkVqV+MAmR9fK6-*sp(?q;m2dq(IImtoK2CO8I+&0Ds{R zLMfDq5?`D5tAa}`(^sK}5NgsT=$dGLUKsgBoI}QwR==A8iy25xsFwF>Ry`H{pE?n` z@1Jptq+PPm%~AGIvg)fG!^>{WKo@c^U>UkD&ZhO=pUUvGGQ?R&Mp-W71&J9_ zgIC@aLg&TH!Y85g@N5|9t7)p<3K+F~ESwfo_VZVOL?_atrguz@)ew2}=T-DW_e7fs z-35|s?FM$^r-s}#EYmlHY2po`ONMR%x(!3*Le65wlPBps;;hDMk?u7boBC=LS+3aJ zNVVg@IaFxMhT8F%T&{~a<8YB@$R=ik44>S>XZi33#7k}Zd3gI`zuht(#6r+(aruZ9}=$jWubK^ z>>fV44}F#XxjpoG&e7A|75Xad<>hE|`#sg6bkr5{9BW(pZ!~f7&~n;yQW8=U=M-h+ zWhA5kvbYUb8|#NZ_l5o#p%)4D&v!NofD&2U4itZDfKdVf>97CEkO1rv?DR9FZYvWw z{b88l1Hjl3zd6Mh`LMF1iZP4dSyS>@4j?2HdPVcP0V7B-3s#|(k`2<9;T~#!z_Xk7 z{qad+(Nd2k(>q(`av<}(GST+8}&k5;!v%!850 zo@IQ4-(*mi9@%bWE=P-+EE5_TK)Z;qWPEu3qALgzX;u=uS-vK1K7tHW-sX*bO;*frRG+!FRo^hTq(h7c!>%t-&W}g&$pWL+$a& zg-*D&p7N^UM6BK@`}H6aX(Zf;p@~EAyMrPBj9n*J8oFvfeI?ng7X$2{7doeUB+BZdgjjjFZg1tP_d&SlTCzB_1NVVSPdsl#|0G z(IuhlbduRNbe!ZMj@;%xwVJ%OY?j740H~1ne@Y{xu(g7xk9_AkSP*YIDf{ZF!NjUI zKn4qHxO5FW40eyy_dBHD3R`C2DaeZ6Z*cT^1J|AQZ;aHr_V#6RMp^OmB+#RjSzNxFekb@P;j24SghH3lTgPxqs+#1G)( zuMzfei~CgkT64+b()=8;vR)gkALLas&6#80IA4v#mXwUY00J8_HB#@rjYO0RIgEhd z4o&urSWECAhSvgM9WP$&0(0oBUs6R}Z;(t2YIs@+6nK=fef7PnOPB(vC{8qTd?S6D z@%0t|7S2Rd5`5lufxaP@N#`w@I=wRg%{35d`XxI0K|JOpOjESu^-`LYDWCc{Kw;4} zF5|~hECe=@A-j+p&XykcuA;W=*9S(OL2&W-^*4g3`MpEQpsdTj-1o(7Kb?4&=qno_ zFi6?T1Fm=RwEJOz8fx)4rC4wexXvmfAS)Kc9}yB4gS3J@TMLgYvB`+U#F*5)rgcOf zOHg;A0h&?V0kCiNqML1jMB?i^E9{(pb3`}(p5j;z%#eR%wAUm08jmgE5ZNGnFeb=o}3lTz-_WIe$7-RlqdCE$@ zH31FRU{xwQDDimHH5rrqq0jH2|pPqDa&4ZK63!lK6M6fpHB?E`Hy_A_njZz^~@844rJ=hpm5 z1Q;vCBfMmx!Ce?oLg01{8PQ}zH>O*4KMgDO`h8#yCF2slI!<8^rQSAOSGH!ZZ|J@sdG1w-M~IGL9tE92iuxT z5hlhsh7WdUX-O%GZ89u_w5hNpsGY3Y*m%@P z0hm+XAYo3g>pCoYpcyYAWD9N^*{6l#0F=s%pA8B}3NNhhs{w=GXGM#rBGy8IQw8J` z_h!0d;2Tq9%`M4tq*|K#todxGKlk$9QP8qn-9(b{HB+6AEBX4p9d<4u*!#z}Wri+D zZDlLSvf50?&WX0J@#KmFuhdT27*?37+No<$iZaP260z7{r z$9ng^$*UajQ`Vx(MVOUv@N>O{7OUI%?kvcX1d_%Y&vf%i zU{wvcEM*{X`$9AO#HV6n)rEmj#EFguDn}1wy2AL!`+{BY_n`Y6RgjAJhE0g+`NhN< zVt3{97bJA621S-r z9(!qRzQI>g-;}^8Sj?sy&m4Degwd4W)H?ePAkj&JDdMSAnK_Ae>B+T{nG00$if_nW zlhfKT%itlhK%I+l#(HnUq&cumPN(R;03MYlM5_M ze%-3uk2yZ@Q;4XGDJtvd|6;(YdAir~u$oHX#iJ;mmIN(gjM&@;7|8nKd(7L6CnbP-pBUx=2@hFMmdI3u z;pk-)zUNMoQNW&hKa-a?Ek!)sXC&cH%lIM!5~Z1?e{60^QDeJMr6fZXLDY4 zKJ887h0_i%Y(f!k=Fxl!Ka;fMc9S$XMuQGIFu z>Fsw4*A^qyOL~^Dx104~^xD=|9Mra8zmrPv2R2EqVq&*%;rOS+$-0xg438OmIqrP5 z*5+Dt$#-S6As^(wHE2mVfN`?ZYG1)qHaH{^8DTUr5suuCh!;>`?_G<=ADw3+>h<L!%F8*dk6WlHV&W_B(8R>H zp`5`8=YGkIg;$CFH0eK0{2z)^@gxWDm%5~F z<#oX7<}bW+d?kfty@D{+?6s6(5W7Py;(zSZ5|BsDR2~q{NM@atc8=V1h7f&eCeqp* zq#tx>Ii~?)4lgk`9Ai0WE?zhmoLxB?wL_wf6nbs-<|Fp|qk&9VC`Mm=B|5}N|2ioT zEDZDlO4C;PVa9Jq@E}ZzB$KQ^+$Oq1uxfSpgVu|MjV$65(=`VDUU<}miyz>$Qjfi( zVtB*wjtL0*I)

2Fe0o|iQC+|9 zV$lWJfyxbSxj$Dw99Ze4!NRGvc)x-0#se2!l`+pUEJO_>}W z7-jrgGh#5|O9qK|!|(KW57CaG!?X&~OIIkA%sId9ObSBxcIrGficzQ*$+?U1z9w`W zd3%yReDh^})Yh}*i2N803uGm2#qgdc2oeCGLL3DbNfq)U&6lEO6Jt-_^odZ{2P9$0 zUk$lb#@pYp3oor#0ANRTctOwOb-+C$-tP1>%8;3s;7q31O^DzU>=ka?zNm=Y;Ixs@}xIG4J90v!uN7Ec9xV))@hMOkHW}8IG+N z+%c)!+aEH~wda{hZp0U+_0IcV+}nU~yhR;2|7xj{2aWq0`~@Z2LFtv##~i|J(|a;! zyQh&y0hHlIKcyiB1T3hvuN6(euZrSVmN@i@eJha(jLsR8_q;+f5LuL~hBe2AD zv!;pJLdLeKxX%Yo7w|eQ>bB>}-nBefCsB*|k5Quk#k=zV3}P$c*;KxU0Yt@jZys;X4qxMbJd-5PW77=2bbBt?{%Q>NZZI;- zeb|i73@CkW`^yjp$W}>YzPn0%8=SG(1>+j)rs#+7T_FttY=}7D%ck0eJUJ?OuM{jZ z)o$O0oK6~7-_*ABh0nWHc2U)<7T%4fT1r|V*f~UHiEHZlQJKtX#xWAZwdb5Wb#H8LV zl9-R-@Z$`1Cv=1zfVG`5!7zyDI0Itxyd!HRl{&!({{X%(I{C$r^4jBRE}orx4UZsm z3kgb$7tGt)2$Zp#bx0Fs*p@IMLw?5b8CLk!;0HCb<2&7@7pftUGq4=|SiQ>F&|Mas z2okZNLHX>WG9Mos9t_q~F`g3+h7>SAN$(qMzUh?@OyLdI#RBzCea4e9a~yya{sd$A~DO#1iEX z2|cHV0%Rh@BQ^GH&*3TC)plCyGO1?7!5t-d-@hru$$!SjXb@vrR(Q&TWwL-j4xUOG z{Hn<0ApVWC zQ9(F5cddwz_pD-LWwO{0YTk^c{QeF3hpN-HBMCo9%@Y>YV>}xb`USokMOIWS=+h)W zR*yDr5w1ON8@BLSK`q}<=%_#+L7xC&+lLAJwy$L=e7%Pj z{Au27*|diX+Nfx@x&V5|wxUL((?G}GSSs=9zg>vDLLxP>_xq*hi!@=kLD&0iQ|?U^ zIang`IE9a#X^q=MA(2_MlciI+ws4tbgLvV`2Ei=OmU%+=HU#~^-nCeMzEjL)<9tiF z!MvpuMf|<1SJkq#|C*jDse+j_^Og)681Q@senR*O2|GN$0_2nr_Y z&avpj@k>qR2y%`MCzs9U*bX*?KXbLfUA3qY*WzL)d23w8A39~4iwFFMW<71#o-m}j zf_S}Zx@c}I6_{F0K~0WT1Xaoz0~a zZ$f%(6;;fpO3X=-cxMYlb`?os7Zsm0M5TFuH~p=9fuaf&=m<{N$0GYq4t;8HlVioh zI&7pQzN9^j`kBx>Xg0Z$jcxXXy0roPpkODd)F!WVO2?|dYTC5=)V>#Wr>pV%2&+ZS zbGTSZ^9j9X&7^?w^zGBy%Q-gmuLft))tp`m>E4`8CLi0pZ*~Ry+Wq%dg_AtgM@mQv zbKExiYMK+hzx4z=A{yWPv=_IJ@LQdwMYSn)!e0SgXI78{wd1B5ElV~W=u&OjyPvOO zak&?0X`243>3Ulx#N6Js#EbiC^lDJfH$1_aT4>Myma0+9SXL?{sQ|eq83Y|mzBlxHaTFu<{<5`1l0QHTJz}5{OCaaFI!YhLS zF-W{=EfxkA-HFHQl)pC$|JT`uHFut?0S}tFLF=aKDakm|aP9 zf4ud-yruE)7KZ=hEfURi0=7p(u6grc6P2#4%lcSlglT;YN%Cd?wR3zz>ucLfY|u}g z_PNn9?GmW$NVAIfki*c-CYYjOU2${Z7)VOqz<6f}V0=FV8cVX{GZ5)wTePA9SkRBR z+Obn-+!=rOsp3C;vs(S15Af$0$dmsZga1>;0AcHneXj-XsHtyNrvNMHaB1mq2Hy>7 z8JwfVYr>{X0PcGIg^i^b0nqK|jy$mK0cUBaE)U2*FebWXo0Rv5RCE-;zuki1{UYzH zPEG-#ip@u7&7n`C!9m`^9hAT9-9>%eb8jz5$@hvnq1bzPnA;q-L0Fe&*Oa@QN&#}p zIB(q5qJ-cBi9&1}A;HIDXwhwRbLwz35nuWXva$z>u>D# z^jHgWjCpunWWmXP|A7gJ`vs{kUBv#_PF#a=mO^wPVe?0lx*w)Wf56Soo!mUWP@7zycRL z0ne3qu(3Oo+9Eg2*aY-8`PlsP{M4F>fV7v!jRzn+Ro!lfc?`oicqJ|pM|#yatKiIjfS1>e zl^h!$5hjUc5w6NJgzDJ#9FnP!u-hlnLB&3OEo4J=M92@-jPNrz6oU6G^LT?TH{_9A z_LE8^$LEktpJ>rn5kx*>;^5EXR@D-EbO_6V>-z&iP5UshNQr@CIq0=AqCd_H=u_L5 z*TCt5i#(x)?8PDsJ`F1R+~M=-Ri9Ly(dnRme(O!<2Q>rrZ7BzHK} zc9I7@u1fnlVd!-T?QqIXj?RsYsT_7HI0#cC&ewtoF$);63OwL389Y#Jl^sl`x7sFP z&{40Mr#ZLkI|DRFcN&A0#A{no6dj&T#xSg%q{Tvn92rp66^8eYO!r}%(K(etoS@o< zK@^wj3(t1dyR z%Q%nMjOQQJw#(;*n^Kj0GmvKtyTn2{5_L2Y<7@L#F)+zt++h++C60CWiaYddnCPY< z@OsAu)Y($27}TOcJ-%~X5E zTov|(nMBn{R^5kGs1bgnACH_rB}Xg1!+gWBcaB{vDm_&`ZEU3aArs~A?!Mv+30k!Q zqDGS2&Q8Vmn5)w8^4E=M-PSm57_|v=Dimq7!__Kd1^H>*b)4;TK0Uf0vn?G%-_4;R z58NFmF;LtHdUkhY-EoTMmFz(KV7)6sohb};G~q$#`t{nDyfJNnXqaX z$@vbTru>@}p(a6$cOD_i0U(=}cw8Jeb!k!UmV@@q=1uLA?PBTTQX)btWl4OTAU3(d zQz*j0f^tA2;=w&Go-i<<_R*F`Jfxdq^y=@ohLp#{oQEe#gJD~3QaxttX5$$WLVgqB zLAZ=3_gKnKIK;Z1ra14OX3ZmF8ddIuTI6r?_}4J=Bz=uxd)rF4kPWGGRcH6(4tG<% zU=tu7xfOt;SJE`(CukRCc0zWp^lhtYdE|W;8o%b(hCEY;KIEIa9=)*%xMc)iWxh-g zdK=~@ce?Eu5A2aNyMR*e6n#IDbs(cS-EGe6rjE#QFT|CKVa(P{E278tlgVkCirT8G z+4BBP-E@13H20@CD>ppGV~`DW86MF6)yMQEmL73PIdkT#@0O}aBfIGUNRKtE9GD znk!zp;TnVG6(t$hQ%n8_d+z}jMb~W!H(4@BQjj2mC|OBL#y}7e5XqrYB-5be+(=Xq z5fBh~2`Wg=p^?;Nlpr}s3r&zLp-J7)p{D%O^_#hOo;&m3duRT6UP5)Hu2XfYYM*oV zUTbaNQ^g9L?&D;O{Pdwxu8JOUJPW;D?Tk4um#Auq_l5Shd>Uv7buU9ElJQ`q?&nma zX}{`)p)L55n2MTa#7{W0vO;jp;9`n3LLu!km{GPg2WPsyolHyt@tA(&S9+IwiWOjn z32#@zge(4NmXOQ=`K-~N1Q(1B5~KCvd`-r(ea3A7ax1}0DjCM#e@+asqcDg62EHM! zo(Y{;k~lGTb<{h~WL%EE?4tI&`h*?rIj`Vavi#!Ek+}=Q+j7$$B+iXt-S^I*nMZ6A zD<04373`=5?0wmX7o{y*5AKbVghs?c^cBvoC;N2jriKUWro7>XyfpGe_`r{GU-mVj zuO=A1$>j=fvEf~WLS|hoV&a7=cWJtQB-|f1>AZ)x$^F{zQxC`C0EjMZn6#&swnCCh z0}=m`xMv=cne)hKUq6bz#u)37he^uBNfYb-69XEMDrPuwfQ-o?&b@F+u<%B z^+`_73Vtp|Urk7dA6aza%)w5FH9=(TPy(v4f5&AwX6Y~% z!`t{^#7rr=3n>;nk?@i52&3>^tsd;boZDr{Xtt2g_j;(DyitXEp`13OoHari=--Da z8T-Lztt4_H4|H?*3CiQjT)X`SyAx5_#akh8`L~l7Jia*^&oa;9(R(8x7IS8>vBh-0 zH8Uu0jU=Soq#LJ|))n{?Q#w)`wB($gGUd06z!s955kkuRb2jOskYeUcMd&0lIB9;2*c|K2}*?EZv%`PO!Yn`~xWx_7@vt@e;q8u#}8SxYQ@ z$DPEzQSK%l{B+l}i;sRc`bDV|+Hov&(2=h$@4K0JJob%yI+vFWD7LcY?gH5%3HYN( zEN~``;<)pH4$XD7d%M0yCzctn z;Z{~=ar=AX_RPR24Ad%F@+3@j5^i9!YcTX3+?vS+{ybfiQ;8cVZjCXh+M`!W#;>+7 z!pZ=MMC;C6g6G!vfqu)U8x}DgYW)7ymKDsd7L!qnJcWlmu3Mag6*iZf-@MYcf2EcV zpC}OvL1%QeJpef5wC7Sj-C?P_2a2)2lEeX$kbW~;0 z8>)QGqj{4OORhZT7iPr@roS2cN%f7w1B^3W!=n#o{o2#!F4uC080|wD1tt(nT7)vo6X( zQx9##b{!^<#=0%4*EvZd)w=?<@vtp|@ha_wrrCXo#_yrWcBq6FP%^x3>%l+S+~4i* zf5rUYy+Xg`*{0U}MLPHk+RG>5uWq9M=W}VNBrggK<|m(yexpY(aOiQxce3vOgxbLQu96F4G0wU-AIytMH=-0oj5e zAczN!2RXyl-Kik;fw{0L()N|X_C*yO?qWgA ziM>|(qSP@40piAyc+m|oUpDmr2PGSy)2rwe%6EH6TypnFhc_X>anY1HNTwtGR#S!l ze4(IBBU%6P?{)Rz_bc^bH=vRFy{-~|t7GGFL-ljW-)l8@f2B zZPCM9EhYv7?Zslz@3r*j^YpL3Ly}THn`T%YNB0sE7JN+%;IIw!{-y^Bj8_c1LNRN| z!(kI%h!zo10v{?v9)mO+BOb$XsXRpV;+ds{EtZ6mtQUV5_Z=ypNJv;jeL}X_ME(0C1pk#$i+^V{LR5vB zq_IkB1!3DGgZCc<@)IJ4h{5_G6fYx8w(xy(a+hNCrzJ4-V381U5O1^8nIWGDV>oFo zc*M5lr32bh(K$}o9JH?~L$9fIqkOKGY}4B`Yb}R=%a@ndo zvufR9m`D5pYvT6-yOT9mj^V+NgBj;rJaHEEV^5bdv()Q8f{A(Q7A!N5ALO|ibh-R6UPaRO(?sZy zvfG%{iBf>8U^U3C0==qaE*szw^dh#yg72l2EN2tOz3jqG=LMqTy8UTwq)g~>$^*?} z1=*KKNzm!ER&i~2wM)Xd*$@VfYdHO#aIQwJIzp8V2&5&-wE{G-gu&u|!HU7Uw2xb5 z-3~bYCC;Ly_@Mh^wH34j!|NGcC)T8Qa*Mr`Vmz?#pFo~>XO6_L96fBqG^Ha}*jI8A zx>~!TpF%!Z5RoQ`nhZ-N*r$DA<6m&OZvU80e2B>6#Y9KH_rZ^+_&U&Hyzeu?c4RfSX1A$jHro|-qW&IuNLW+xUV0dIW(Vqd3(C zWm?AQ9jJZdx8vgXs7un9`I&TMpt{GBzR7(|op+XF$q@H-s+)VL!&=L1w`69cv1!(7 zdVBngd=}~D;J#=v2xcTSS#EEa@eIXU%vF@S_}b9#CSv4T(_~OKE?nG6(;BPg3Z3*Y z-^4UrtFaZBGzAiv&#`JFfXkPU$X)ZyVcNKlOS6EB_Jb;Zx=M=WD~tjT@y4brzwUq6 zSnzcWy|D+or9Zqon_HE8d?!gqTvB3Z@@QrgY*5u?T&h2p?8EHWn_Qo&^CjF45Le?; z)-AVjN%nVaD=S~KfE}cswuZZQdU(lJ)qe|aF!#+WBd&A#1eWTx$~`JO`w(kc2hshH zVX9# zd!&NN-%a&@$`}|}`**1z>4NP_0@$3FgSdvZ?vlEHUe2Yj{SS!c{;yhU2T%?4uPvkd zzqFC;MWjX)sYwf@`bY?i!plLER}P8~t?8=s!W=izdsO3Un{)a^%E_qTmxihJ5(ohZ ze4R}xXvcap;Z4SWiOo}hJ=}kthxM_B$|{>m@m2zq!sNbAA>q>0PIKz$t;}-SxKFgO z$xUotJhA~vni{|IWks`8rY<`4VJsxIfsuJ}GI25IjC|ArK4>sh$#XNP)LgJW$6-Tl zqPe@(SuMsbsET0eimdqK1BMDjY5$OD9DV-!UNjqqU{C?(2F7pT1p@X5= z88b{|>)DAdNrGHyZ5hW)iwx23!s0!?x!d9uy@Zp~pD}JPAe>)opP)3-!)9 z*ndZtK>|U#v^?kDkn#&k))MVKZIrQb=>CG1u{H>8&s8uL5{S_+H%OOl9BldWyLyc3)8*EGYct-Ov(fNxdyuLaT8N9BY zgZVlhf<2?9m55~ibRHO(L=E4+Z;}>?S`_KhCg>=u%IQ(_s#&&HRhfBzc62tm?pu)a zDRhH4TT<6B3rg%w#_s9Sn@olZ2TP48YX%!Dggd^v3^h#Zn3>b=*Bq!;IJpI@^V1wW zC>Ohn@ksDSN3>qYWc9w-kt*X>A@PRX)US*6iMofbz1quNw6D5XA~lO5Za_|MR30GN zog3%MN}MN6`FxI&g`UpcT&_O8+y5!R{K z0Z;4hb8-7p7%@3pG!EZ&gx*D{)jT3iHw|a-|14py*}mYD=XrHYKSMt~{Vz~$X6q#T zX!%5vvEiqZ^s!K3e=qa8-NWvW?^Zi2Y9sVK1aI#jiOGa4ABTdnoAnJIk=d7Wx{`-{ zV3-@|9^Z8`yh*xhCRN>RX={_+%t*!D@naK^TK@^n>>mv(pq1?Mm`%8=P8He=28oaT zeDEFpI1^{OoXh;Ku!3uNN7)18GPeUA4Zg2@;a%Cl;+T6|&s0t}-)+4-8muEb`BJzlcH-x% zS%$IGjM}k7-^(UTFVI<2h@)u_G<`-=!-b=C>XU>Uz>v^j*Vw?=&{G*}{YD)j2M32- zX4t=F8~(G`|9cVPhHLOWX0=0%8tIiw((k;sak6|HtworE4cL94H^jV(%Ntsh;5Vy_ z=C!+9ZI8FQdK1~-5M}9+zE?k);JefG7kQ8U3TDFnCX7jovpuLY(k1=v3h0m>uPf0U z`+(r_+RK|x(wyBRlpu)3`|HhTE9QcwFz0*&^|~^$5HB4jbE~tIQyX6?9li~)M>d!2 zA!aMyfg$P~g4ZHZfAKcw)pFK7_zrxpn-6o?20Rq=cFz_v8DJ-Ax`Y`mucc$-P?bt@3pvgxgPDKN3GG zWnG*Ls2$Y(lI(IETRhUb>@Dq|;Gm?Piai9XypV`gLF@7f#dJvha(VI$It zG&`T>K3l>#j!&o10AE($k9eb~R?tZL5XH)q1% zZIg2wV!t`Xb<`+vaAKXY5g2}Bkm`fpkJ7<}l;EL-lc@-T_Jpj*i$IRql+_M>)}cjg zRBoN~frrGF1L-U$5$;=Dw(oAPHZONz&rY_Fj#uU0sQ0s>!|;_c)h(KPx13v7Y+U1h zxofj+TXyu8@ackct9?j6Hq*0y5(V-i2r3I(M%^PDld8O!mgWpMPx=s}ZZ1TtMQx6l z(39DFqaoClxSFn*EH049eRGMk6u*i#PVKp~zv)lm=0 zR?%SbhT7_ejGmqi{1)3yR;R6rva_aMa3;&;a(G8z{kvU#ylLl5L3G_9R4>`!Q|p+I z9#eOPiG7Ah{KcTn!|=1dTQilj z`kyjg6$YxRLEg@`&Ge+R)^G%}8o3|{=DLltJj&T(#@+Jjol$V?-&e(c!v>?&T8^hi z&U88|2O0#eAU@dS^X$pQww`_^+&y6lhx#SjjDF?e@h{t2dUZz7IQ~MsZ!wrHguLAF zwyiJhJ>Bn&{*96pkK;3S%qMHe6A7oY_5TC5yyTy=u|U2TTNDt2q=>#T07O&5`k$5{ z*8kb|^IthWg#wtoH34*0mWNkvdi~4%8YEx;a1wnuqei54zHCJFK@fct0LTps$fm2B z4T%1cdM+j)Kdt$VHUR45Vkc|>bP zyX2FRuYy9pKKL}Nb*e=+VxKo#sa^=ye*i!I&VJ6sCap(A024(4DR*r+r|v#k&&}0 zCn(fyK&+JET6QNN#Ms@o}=w zir7u@pyn?ee)8*FVD{>6P-(>)6gj1}!71oZ&bRpUR`|pXYDx*G*Z0b1rkJHbGc&e+ zwL^6Yk)hW;qE&fzqqAptXY&-2^~x-5p!#&yovXEpZPnu9C`-S=Jx~kBI=?qMSbu4U z+LgqO@yU*R{|#*sl0B)%wC9?t?`wWO!5y920wN4{hgkgS7vZmDRg~_4T2%}vlr#3o zPhU9BN;Yki0rO?w9r~S6(&V!Jy*Dv>o^Q}kSE zlus+cjO05ok4AL2O#&!C!I?7;X10&$JyCnnY{VZUdwk%3F`R37V06%LMG`%yBUnB? zwG#kW7$g{TMTN3$oN#9DR?oP`alz?o2Sb+o(9Qb-NpgE6Xyyuh5oOa29+E02JlJQK z6hu^OH|1uWiwN=(o@nM?(m$7Br;YmYU~i&%4J&iCBp?WkINm{0d$0` zfJ@?M*+5`*mwAd5WVHKAnml%kE3l?KB~yjDO#D4I%*`177tL&is4woX*BalX`O%B< z4wQL_!=?JM2<-x#^CanXbIjrd_C*{RVszAh-&sI8H|O}a2271L+kmP|!!?=0{?9r5 z{$rea{}$!xZD`|;}JLxeh-d|>v9?E{#hcx`oEJ9FrZ%kEm-8T_1l6I z`PRQ>&HfYDpKY8X1WFOTIbtj`{ywKp_4`;~=T6RM8FKSiKD}WY%l}Q5b}4*IY3LXW z#UG8so#)^~U^9xY&t;4i(ioUnGY9meB4Jub zS*rwm1rhH8nSKw_r)qc9R%hWmC_`ca2r*X$V`rf=Ve*&$Ym4X^moiVo20bMxsUAXL zBcP+>@26jUrjC9(rMlHa9F?usL>lT>=NUIq`^Pn?{r&U}sJl55e!GN(f7B3J)onX4 znaAI&>BB#&2;ye=TS0}t)sZ?6`=4cikJO)ah5GZk`nw(ZcfB8f6R`OgBU2V2+`Tfp zyM-c7xIpr6t9{PIC&AIO0c>zjef&z;*}uXZ?Eki0cKfN12X}EN*sW_ECo3>lb8Z~X zco2PNThN*N_Uw5R>j86QRErC|-Woo{Pw*+0Z)osn0mJ{V>L8$7l~#C%NC5_?+CUf2 zA~?p0Ou~|$VF1YdO*lrj2?QJGzzIHuvkC+}09h(ir~UIAf7aEXPsyL}$DfwrPn-BZ zv<5CJs&nQdNdXN>4&PCt)?@G?BuIG`{ca^S3xdRYEy85EwkO0Ajv1VD4!6AOt&Yq=l(wuY?fKMrg0e@;E}&ujQs>R#)q z4`X~Yg6+#W7R@rDByH3KQ4l*N$B8vSTXsLCOdO(&t=1BPeY%6dh#8H8si%b54YePF zRY~(prkEdw`QCA5lu-B*2vlTlAA}}03_K6_X$Kk^neceye*rji_mx| zs0{9J+AeL46KT)Td)1=Sn!xoO)rBxMX>_aB!lz3<#8blRGF{5Q$#2`6*v~c=ST+TO zD$s`HYD0dBZEA_ef<_G7-ZKFoePxC8yb$J z78h^UT4H8KOMXzTZsq%gsBD_Z;4shNzpArfwv?oktr`D#wq6B!b-N51qsltb%z?4& zsKK$#54})5>;GtZ1%VN+n3MYscQBR=l5k+l*wNh=4OXe+XpTxs+ov z0u=@IVk{RbW-PU*f;})Y`l@1+LQ{1T@>BQ5g~@ywm~S zf_2I1EeV?C@5!MLWiwyPmcaN$IE+>7R2jm?oa~T zm)O2gk7!9x^|%sT?=;~jo}(~p{Rs&{IwC0v4{-2BdNkL1MTNCOT=1=W*wd$iaEB%1 zrsJ~u>f@{K-{&5Y_K9W1#dZDL`=?H179G1J6c*r-?#j1IEUoqJ8N2gqv>XaY-5VNS z&8qH;5|6q32C=TC+pb`~X>Q(}ZvJWAPDHjWBBnc|HMwNQ{AQ6$V(D1@tc#L7m`)>B z+tgJ7lm>gHSdjxvVNIJi9D`=Yj4>HYGR z$YM;d7&4j-ovwNoH`bM59A5##@ZwJ^QP&$Ae@AbYFC}{xgZ!5FAT(=Zb1}asMHtzs z#*Kq(kC&MoF}j*1=v!*Wr+EU9qNXJMbp8IlDJ={#Awm^QwpGc2B_)3`N0U`ts3vBU z_^s{*H=N&{c$p*vrzkJ1}=Q(+&n^YAv%~u1G=hfZ;9D6dK2e z!PG3O5iWzHxK?pY}~K%t4T< zpXXE$nq^y=!w!F*5HJEN?+?1RD+KzcT$xb5T=wPSmRw%M@}AxP0jzHm*@|s+nsac(?BSvs_d3+T_n3yx%m+EKUtr1U>8ssk1 zGWFOjRQVtU9X^?fJvLnu=}^ktiOZOZRfg`4LgPqGjdciXNim*fyk88V;b>@iMo-8E zg~Db(W?Y4X`MX?aLzy<__@-LV`Uhe={7lm_$m;e=m&fh1bzc{En?H6&2CRsQfduqc z3qx$0wC=2<>pxlpj#Yksk`O3~Q;dU_Y(9A{cb474d9y0hXCOx$E=m|g>;xk_%8V|1 zb`_RggY8MNO@nFl*=9_QK} z$~dBzFr)w6<6`YTVGHTFx0RRaJBw5}X+d^kOP2f5vHVP}JZqrHwH!aaOJK@M!GZ!_ zWnbqVy8Q^Rlz<~TIG;D3Z2|%1G9f=Iym9G1yy$M`2%{UD;!?$PR}~R`{lqM5TzL=A3vn)s$zUzvylNf#0MC$EmFfV|(z1Oq ztxq5e)Ljl{*Nd*H=l~glJpC}^W_wrLnV7fLRt3pEvZAQgO`W<>EJznk*|A*4#jnG2 z=0o7OgF!u;poP?kg&am4zsAVJhS4&qW@kHz@!?sWqx3v`duMJ3519dbXiJliAx5hm z$?R{pxEfxoLM;~0+&OnK`b5P;r?MgGnjG^*xg`1I6+EhSUuvL#57B=sWYuHSH3DmT z`29pN7Q;-AGwENb=#7VhT-%%Z{=OjH6tfYb8=syVzV6Pgc2&-!>67m^s7)4d6fvJA zwh%Irvf5Qa?LuFAvrr7t6(VMk^!QU^-tps4_K6NrmY(I4Ca>OvY(qE8qKR`JoB2bf zpm?k8|0;0t&;9=sqj|4Tre47%y0^)L_!V3fqX5X3VX1z>`sh#|;o{ix<)A{TFBcIY zhpGP>0BNEFrDX|41smKkKWj=g3N~c)N`ghkg;DlJ3PTrPT!8mqS8Jh%2N9|_X6mq8 z93}emJJi}U3Y~f?gm^paTBy|4Ai<>mR|=y5O}%MbRf9{1oR#v_jaZ&N#8d&;j2XE=%yp284_fIt0@Lr9tT2^b0K{3 zpZuf-YHJOlLLq(A;4?<;#ece$e>(U+*o;ciYHNSx)xvDpTjUPE;|5rJy4 z$}}JR9W7cW>YQtzGNdXJrflvNF%CG_x!-p(_U%Xbt{Bsy(#_4yQ{V5Zwb#tg`r#h| zke*g4%&YfRwJh~b#Zrk3Ff4LpYbln~BW*|44ZUUh!O(c>t)geP)?&i9&N~y$#znXo zb&T2z0!`sYd9@32Hx8}Epcp3_wJ-Ea`-gF|%hvt{<78s-G=`=P$>>UA7?Gv@II$SQ zP?}*=$5$ldlIjIRtw@Z?Xb zdK5FeCN~wH%LzLzC3x0PAfm4=%0}WF>;}MYtWh{W*0MqR-%4P>yiOy;XrAa)g z7LP5d`;ZtR1_N8!x$=s(R<_J`Ro)2Q1`Kt@V!#ClyCT;lE#ZO8OkBpbB`CqSkz3Sm z`&sg00y7F%({a-J!h2N9xoAeuUhD?yv2migr8_)srI^IJ8($Ei%#-KuF!7^t?4aqA z+j-ZlvJ2hkT)DSriks>SN!)YqKcYYq5VVkwJ*S#K=KRPuLAg~FlRyyIzbV9u)506W zYhWXY&~>=qs;q0%a#SAZsE+}035dtUZ12Kg)_G9kVO{kS#xVxf(dZp$lU2N~_%3?& z%PZLg>4{&^P=T zFXsaLHLd}nRxTx2V>@FoJG-h-4U(E)*A3n%>{V845ciHRo3t;btb7`dLut?jUETh>T%Ki1Ec zgc5A--b|Ae8BRnS=e1xh(;3K7Gvh4Jdi!<=YJw0;;L}ofT9H(bA(p|#Y_3`~0 zZTuzWfYn#zyb|+i{~9on+)u2YWcZk_qtn^o1jXBXgdXdr^b|kXG4e&p$M<1k=xNK1 zR0VlI!_uQE)>;`&v`op;{28k-FlQB~ znXpUK*(eneEVmG(8-GJWrt_q4(*&*@)V!Rb(_BwPpR|ltZyj5@qcd7mV=rvSba~B5 z?ds*cOw+_auIcj5(&W9zFI2pps)FJ`h=GD2+`ZwYbweEfe$a-b1rJ%Z+K}vP--18x zf7nC$^%K!p*LNVJ^Gh>rftCNHKD&J zH^>#u?qBm@_kfH3Nh{yDoWAN{x}|4{j8v8&C;~E>n6_MD`u;gS_s<6HKe0jk-(*%8 zjT{8=((A|e->pK7{d~s{X8DME^hynD9BLsK&(~``wp=~_6Lv^{Ic7&vNXYYbDCcn=5 zGP)ByB%DK}1zej$q)YnS1ss6(kQ_XFnrvtAq?kXx0xz2j=M0aHy+l@q{Z$F)I=4rI zz-kay1;0Y#cKQ44NAP^b{&LbgzfMCfHW{>(kRei(&fm`e1gx50y%ma~|B2CcR$2R7 zt^XI?0BdZo+OcTHDiH*+ja&gQ1P**N(4{%mmR~oXDntSK_4D^n16>MA3CJmMO`}uS z{l9Gb+vF_x>EPiBd+6;Y<>u_`?C$ut4@uY)S#aAK2k(F<;Oy03`-7iXoV`3?;Or$I zALqwb1*h;=U)`W8d}zh+jf1fl~E;C15Q278@%>4EEylj{P?+^nLG;I zS5J-5wK;IFxohK*`HQKySpncAa)SS3CJX?}wMD^X!9U<11^lI`rDcGJlfg`xtkch< zP-Wh{uaibSKg!fSug|6wp>;7`Pj(6o5acp#a4an7E~N&`FAozR;?6vL6-Z09r5nDt zV3hmXX1w9ouY_*&y^e?eb&`_dK=y|O9A)LVyO$I6(|f`o{j>Jxn#(&Lv0^B-FS%F0 zEYswcuDw0)go`@g`!Od92fI2Z4pziprq>7MYDZYsiIE+Or1NsXKKFp@A{&%sXJcmr zE-uRfEExdsX6m^f92juzx>z`-R}Wl%p8>E{bZuf3D?>$~zc#%Y(esa-0^W|qJIMa! zi+dS;;Bg)}gB1pV#{({xeryGgM>4uC_iOP=xt+~lzu5;K6iKqP>S?~=lJM)`gnzjM zxU64?w^pZA0ib?6!1Z?qe=yD90F7Hu`JuT#CuP5^NPexDOMP?k;}B8yV9a@ZdaS6b zz{u|2$DS;`c*RU^HX}zsax2XOydaqT%9ty-A#(g1_zceeb+2Cwc>784%#Ukle*Z22 zw6oVN#RDYGXW|gvi<^xmYNUBNS;%u+|>?+!^TMf(HMU1HhYNC>1&YJ=k=BZQ|KXeH@h{FSQ_$a0@ipvSG}%?YmV&N zBOg}(CyTUs**?W1v`7~yBtFlN_WjVFR3vEjS3hD~z@@bBai3?+2}7uKL}ci@}M z*wW|qUWZeVaG_S6_hW+Ri!Nx{V00-S)5%p`zC2m0jSdo%_}oVGlTJ3^==$0e{;F?$ z4ghErmzSg{>cD}GTQT5SLX13-AJj;>a?$F75@L|na2j&X@8nf|1D59(Sksx zr(7>FamESWjq6{q7DAFllsAnho(M%6IX+{JNO=AR51;3J`eEt2eKWQC{X6@@icSoi z+J*=SS(+D?VXmj-3$WWRATzHtGxh!Lh!i0mU*`)xv?q*U=|!WuB&bIOjn3mm2sPrWTgh9*g0W4XV z-6Jx#<$JE(U5HhqjIBDkh`0bmnmpd{>~{8}^I^9N9n*+UcTXoq=34qzka8ZPyd)la zcfH4&HN8c|y#dxGuWoZyd=IAPe~Rr?OU~c|a1t!frpa9KcmSBE(LQt1&hYU5<=Qd9 zcP1}#fF7N8L!n@eI4C|-z(HW6F44thl?8tInz4%X()JYd+$5Ufim<)h5#O_mN#goy<}C4I){}Z1ikCE|vrV zW6C`Bf!HeckxG?M%+B0OZrnUY;b{?lY*f=Dg8(s&o)H`2X-|}R1Hhe>Ruaq50IovA$>SHzFBiWGgwI8iKNYPp7^ctknwN-6WNbzO zNtlGjc?JJ|0b7bzfT&J$gZ<3m?t`naDv6^qSt(=}6uxv5gS>HF98EZRYZv=y_>=q{ z*{v#Srw}&_w213G>zSx3H_IZhUv*iXY!m1$&W*-hZ1iJN4C!g#PM!^WBQ3CgHIP)`Hi4UzJavMo0+Q^ONYX| zUNsWo^~r9ocK<=$P9x3D3Aw}`k_3B<4yOo!RjzV8rG6*zZOr=VIhvxm*6TY2QEKmu ziF0t`3dBxal+msAg~9X4!jOn7+O}uZj+VkD67$c!KG7-ApsO;WtzYRu;&$J)Vh5QW z2;Y9x!1p&EzIqaO;|J<#0qnVqhC)?ba8^Z3SUR_x(06_(wQ+|P4)u?GQ0C>Z?332^ zKPZH&fsIRpXn4?97HRTn#V0H&jN9;8uh_d)PnD#Aj1m<}g*K`a8a9+L&~}yxJIX>6 zcvXY~-0*;#G-TFRa+9Ak@&y2gT)ZegQpjy_=Xt(al_XOlIi}G9aC`|l&m^EBUY4rq zYexIBnFpbkK|Bq|=~7%4$Z-&G3eCYMXGz&?J`-o-Wsnu#yq`Ht-X>=&5BVvTDox#& zxcSqTVQf|X8N9!7Kvy_ou$1r88Og4jGbHn`B8!7+jX0RpXh97>JES16aI6!XdzM-ORU5kzOsvu+p)9A2i!;piq#>u>KGXKj-#GJn zbzhEQVj+ZI`c_rfnwZ-JwSJ5#@SWOH$$z7ZSP^*1i({ksDYn{Wk3jIiR>~9^pBcbf)z) z89%*mi|$P{zWXJm;)brydLNZ359G{s8n5<>=8lqsHgBR3a-aN71iY+<*mB`~V3R3; zpA4gIKf}hsDr(tdfLmGzfZWu9h{}tPAp$3Br^VQ4hK5WdC3u!A#4&FWojCV>%Fk&hS=7D3ME z14!F#0I->xJD8YNtJd~3z18R5u7EUySgl4?^Il7^0!(8Q(13+7^#Y!w}kjoo>HjVuEbSwlG}>|C-RdK=S1Pc^L(K7BiF*Nh=d zI`-o2YDP(34$mcYL(;Nt;8PaEueu74aZ{%=WL zK-vVpwjGbSvjE$`A;a*qX@kW%S1slfvNn@l706p^K~bq7;uGFN+Z#KT^GTnpbD2Ax zI&R&=uU%ZNn}9bn(iI;QkXy5rkV`k-QioEdNb4XEK3=`525)+sB|8NW8isx8<4$Gc z(g30c_wp-H^LqbN3_F=@+uQ4>g+H3&!yT_3teR%*z1mfxe2{dk0^peY;MdVW=#ywo z_kMP#_z$CzT+d;A+%Z~pr{){I7}S8R#?DGP2QkMaIK0hc-2vtAM;fP(i32XHG-REI32P&L&D!mI}Djbb{6an8jW^8!=J- z)B|Xy@QFzBkVNh{J-$S4w#kwFM$|SF*k+8qOU5}ZtufmFo|3mdUtb6Sb{XbXcTDcV zXP)Igq;#e|Cz?2uL7~x6dC>Qz<70UV!2C*$wA%PuNpa$>EJOz_qO{|(YXG@>_niPU zI1#6nT?6=*K4xErS^*+syI)7X`4h&$0oHCTNj2?QN&N`+S%3?rf zE6V;{R405u2Pi}K=nnb-LC~0JbNL)TKAe)LY7VOx0AQNSf$c%6KGxz3#PK|X+TevbA}vG}(&^)6q%{bP``qG) zXuIG4xUPw!&E$)l5_fakg|HJxD(6qtH*~kv*#)RXBIM^rHJ=Ax8{I&f-+()r*Y2@g z7>s67-m^!2)hByK9e5}4al~@~qjyP(>inUlP$l-TUGt^`HsSc^o`CejE7ta0)=(~u zL2-&N0SZZ>xHDZgBBQsF}4 z0TA=W8<+Af6{6Bz`;qjOsXbML`3>zwof~EB3`$X+mlD68$zU1C17;P8%6@numZ!*9 z=i<|w)Q_DMCDR!IfVD5Yk|Rfn^lrp>hefyZET23qnxyv*yI|4(JYLaa=vZzj`A8_UXwbP*YhE9eq_xQd%ZD@P`hk|=K zz#;4_Z!B4y@H?QDJbdhV9suMB@LeK5&ANxmw+sT@)MwZK__3kQROy`93~~iTmN{o!uvi@johX6$A(?E!R|GSNc%N z!ApuYR^!!{9@YCRa?w*Q$nw*Wx%2^X(T!XKE`0@HbqDZUjF6_mhwJ^!@e4yMO%O~= zuhCw#b*4=d-^S0J3)7_zB0aww?z6KyEI+G9zewzafh=?uPf*m!t#iG`d0TUN4m`c)T@Y?4r1v%RhLNur! z(i*Yvkxu9}tm<{F>u+2=`zlm>2f7my${O|WfimE$$WRuZG7S$Lt^gVTN8WzKum%$9&I~M!ME2LI7Oa^<9&Z<7U`tO zd+q9TXLk8Q%9<=D(-?(}fmNPOg{`2E%rEE?tcq9*q(vcuYNe1W*L67Z_%OGWw;6aA zX44AnBu-loUC2POKpF+o^S(yz&Ti+U?3MYFc+n5fK~zqg`oM}53PcD$d_{=EKU ze(z$2LjK3Q6MpDpG_I^mGomtZKT5U&z)@{XHy^=){r33+jego1lZ&1|toTnk{Gm}K zZO--jE^~*geI0U!rdm)bGX$+MLwz?_p858hRsjDD`jx%=zV6vM?N7Imz$w0s@LHQ_ zw=gHPFB1E7S6udE5XILAv5A?2)S4N8EeMOrK)cPoEZY$%AIV>I650nFMs&W1mFFWetxE?<)kRO$GfK31%PLWZ#aI zmX5Tyzah-a64Bjtg0Ia@K8CNRPQRAyIj8d2XlMTXt7mu2y(b<%)=Dmu1%U8vCmE`~ zs1!FOX`VmWi@k!_^CC=Raxp1r+A>mgjY6EE`3rl~sh{_b;&-@Z&aIGOzj_o>g#a#N}NJpibLAT__98?F2$x&O7?rcvvLWno?ep85nlwrLjHYO+r~7 zJquNNliW`NtPUU@r;158BX0?t9>qKpx|%#Bz$I8=f={$)T89G)v%|h*-9*F{?D&VQ zsE4c_6)Cp!A`m&Z!c7AIkhck%l+jG74tXr~1X5MJxw9j@78&*&lGPUc?DgIH^k#rK zKK%H}z^RX9=O8cLp4uw2RG|{>72ka>-9zKU2dTAF9mMcv#j37dWIJSvv|6frx~(71 zZ;D{0kYQ^V>7Ly3xL|+xbjV1gqV}1b_XAVHq#tb#(uPSn9|C(`KYFAt4II9b{B_EkZ+Aax4%e&9Lu{9pYHv$>?;Uf^=0mofFHf+(=B9qfLVi8? zE^CN|<v(_Kz zx4g{37Zt`DIFO;#Ap+#5IAZUXET4mq8$=pju4R#p`Met@PpuWnZA27({^i27Mx4>) zYfZM9{OIZ%ex2&{UdKM$qxFMTqN#gAg!a68oN3JosV#89Z_Tx-_>3pDCzohntY6`9 z^e{20^U@A+(fis+4IQ(fD%gp}g+K3(vCX5l5K*R4W;4oZH&~ZT;#nsj-OP=p8O_2v z5eNB!#)$2}Dg2!)$=M3w>8~jjvP0PqcU{zd?XItc^QR#RH{3r~4nQY?ahgI4-8uJ$ z=MYLVn&7Gq3)Dq+Dn*aUXToooF4f80U+KSgi<}xmuA&$b{#8)3J*-WJ>XOkw+S_l> zwobiv9Nu28?dW1}<*W*;z`am$i)b)({+R>iju21XLiN6+=(-H-BMNQX+1_~xo_dW8 z8>d2um^7O1G?1}i4c9cz?7E6jvhB8id{`)_!u_OV6Fzr^oU`uC6vc9Th=5*aGoc08 z_&JiyMC^SFj>6v~^H`*lg&(ExYkX_HuFgbG&9T*d`kr}8j4hAbgg-nwj-y{{`g+d9 z3%K(pNQ z%jfBQ+T}m~(GPseg|JXd3NSH4oek#&u;8GCfcEu1`wSw#M8-*ws9f)+f*TFXK_8dn z>!Qh@ebLtAxL6LkveN+RoYIozR{wyW)-<4_Z4mDjlk@Egdg<>%A(1hoo>9IW9Hzy$ z07azo;KT-|y5hBx_3wh&=X|S5}s!6plXb~GHlkGn* z<>*5_x7)K7*PKFClfFNpKG31}-Ta1UB32U_z9>FmR@v zym|xRME&$*&-*pHENLh$Y#rXq04_fqAVzF_PhrKNaE)l^N>S^qXdB=gxjIc~1(}lR zbr(Ujs(sCoXT7MHWe0=NHsLG{7hXltUu3z9M=9g(^>fN-Umd!H!~4us_H2cZ?NXK!&cZ>64y#l8MR5_TI;#e&qnl9Edw({E&POO{j77!Arw9Iaq57e#@OVEyWU~~1gFFZW zXiT4kd*WIrQ(N5rk!I9ipvAwxnKqyU|)H*tg8_VW)f5~TtkoCQ+l8DnEnU$>HZF*z~J>)syHV-*T@{? z%Q+T10EGW|!@#6;8kL`wY~X3P+a3j=@2AEhHD=QW-+2%fD?~Sk6lQ%cs6F zto`9v7}6V9rN+Uw8j9mY$ZrT6T^Y7RywQi;ouceHPJ#XW#*OeZZhl+hLB%DNL}kz9 zS5O=NJNl}|9jizg#4~4QGTm&G|KBp|dt4G9^>*OG@rW(}hbQfs07zB}0h5!|MF{m{ zieth8c2cg$C`$Sf*UgZ#^8^rNMqnsZk5Z82R?6YUz%TE1oCU%@_y!7n#9o;!F&%Ww zCwwi>PPRyeXp##P?Q&+bY~CVBOQTgp(~it?6yRZ;6DG)PF`uVy^QzB2yJ_OchyFgV zJ?Vg)Fgv0o{>EEG7W_SFrzJm`j?@Jr9UoISyV3Q;Q#flExTrcsfsOS|@Jgib0Pgh1?eS|}cOP3Tg~=yhxpJ-m4ZmSRCI)QA zW&nlgZJava_e>!M{MYSfndunh57&Ww-s^+PgNX*Qa*i@D!T0;`%zuZV`^tCX044Mm zI1NJu4MYA_vNUd<9pMEAHM`@GA?~SOqX_59NE3%Y6w@F!$CCGLVpEbpPECCA0C-CM zzogsl4$o4OI>j|Fj!CLiz!43EQ~=U#cD3csjdK_@?_3|7HHek@M;R;7ds8A6_UHQ5 zCt-!FKUW|q;A#MJ_Z_9vyox+|#nvmxII)yd5dMBn5hTPcp>iT{I;R5%Gd?G)Z%@&} z7{HLu9{Ny0Q91nqav}h~v0s9dltc?^Ly${5WWYJZp2f%|Ho=PVCT`UkvQ{<20=#R$ zP@rqMlWqk~upiFw*BG9ck?mgsVAQ+ZJ@ZbC6!^l%YV^4sZxltQ4pgoG4iQGn04a!w zqjSEq$L1%U_Gp@O@y169`YKPc(rbo(GraOpH`Qbr2?-1!Uj-x_70@Nh0R*=I1^jT#D#RXL!O8z z1fAP`5+}QI)lr#!XQ|2>rVMxEVOu3yU!!DKrZ5pIoW^hhGWT-COlSj4_Xc{)ZNy=B z5ddv910Mk3kS0@as(+Rc# zJ+go_oazl-Y>Vb^62+!+N#2tSj~N)SJY$%avV|UR2W%C+x?UdMYp$nx5r2LvMJfAz zio-ung0L;Rny%c@vc=#&yJrzBUT3oQnat!CAS37lZMC6O*$59;dhEof^&Zu$G_48} zE)jDz5Rlg7L%#~#@I{CMnxPfX)xkq&ZJekiGWg}^MgGr0>9n2Uw-1xxnA?N8h<<8| zJPPWF)r^L<=w2cH?|}M3uLaDupOUJD@6Pu&QQ(uI5dgUZys1>+w26T_wJv#vmP9@f zDY+Dw`84iAdN>qHpiTYR18U< z80|efCk`59RO$B~aHALEoL-lyeGxSO+@^=quuX+s2@9eVxIvIE=8LKlJqL2RH*x5>IO% zc^+-_s$lgfdhEC#%<^EMwXeUIrUi7LqiIMl2FV{JC!Mtb5oo4V>IIH>vc9v94+;BE z0(v{%0OZ6-l5F*r*Sg`Gdz2Ue#WXzmKf23=^zPTJ@5u_gxsvi1fHgcKf6>PAiA4N! zf2EWA{AttG+q9q9kJLi4cZ0a6K7un4NK8q`Rfg{)m6pdS7l6VJAfI!XO#u`{tH86M za%f0dJoDQ##%2k66Ix&VEp#IruklstuYn@R8_LZfnWoN+(mD40CR}0$60OS3u5IBG zcc9vi17y8`7I%4}G&!*S{Z-cJ!hWk02PEWHIoOs1D>uV}FVwQ#KwrS_H#Gbvd4|U6^V>eGfAQ|k@20@*nTIhI49;mFmGfKI z!1A=#WHBxPZM|R-2X3Dyw(8zSAj>T>upl==bJL?LetgsBEW`dLHmw`b^>CG;K)XT z$KU342=p;i@rl8G*Nc9Hl%k*Vb!?lg#`HUGtL>JfR{gDhaDB&I$XvJDk0L~XG-!u- z9_`%q83~mH(ummhoy7G8>ZbU=R^I22s-X-hb)+GdX3_YJ-&`}YeWWHB2cS7FoszGA z=WG9o4aPJzO~XWMbD9SYeQ=8R-3VD{VvU-9v?}<6kjopbOCzHOueU+m{piPC-w&nZ zd@I4 zc@}p6PvC8Wo9tVmFO4bpSrDNTT)S&4Lb~aZw?&TgXD?(AS>Km*eZ$C);ZJJLxW_pl zY(xqo#WklRsr+ybA6G;0==3_7{3N!T2$x%q{IHP-QDeW@pnYhraA&+0$=U?X9R+wW z5FB;rfs9(6#{;=-a5>Sr6oP6?rp6hu)4@%Q4kT)^q^UtNVj`7V8yVm)!`XT(WG&mK z;(HALAMhmO`{CdXwHL(iL}{ER2FF$l&xJ%`SfCFL-DW6uAQus~sI=RbbvgI&0Ybtx z5eW>i4AT1cbRn@7*MJ69?dE${?334BmQ%I1T(VNC~M@hK)%ECa6jqoQE%o z_<}skr*||p?CY?)iKbd3Gd^9`A}7N zlp2G_%ouN^%So_8$JoU?XqKpP?CYvYXffa;$%FV$=rV}fCqHo0 zcqMDQlwx1)xj;B)hVGBv8h>slO9*h+141d8#7NklEOet$XgFQt{e*uQJ~(gLOt`?o=5^IlhH ze?{zf82L+@r(iQJeBdg1w}?Q07H;3>a55B~C9F!SQ}tOLd(ZJls;O>=3t+)xfYj(Y zV8Np(!bI)g4vU9vC$o2jMN|*1jVso*V1fTj5#}z}kC%>5$hQukUpYR0BD%(FEB`3v zSokJ`ZNkg=;lMxDfbavrgh%Kqg><79ELTUCaGk7b!jRioKIrHSHZJHT7Cvq|BHz^Y za8$*k&)d9L_3#)R!7Vi8KJeK9{m>GZ@;c}SkzGx*^NNAc~OdM64t`G9%mLQP|Rg>+Zuk$Wz8JtBS5<+UEka`mckTcZrHP^Q8 z*}z4IQr=837wcEL{`w;yezdE~<-OghL4z>(W(8rVj5geP|(>}SAfo-7y;DD5E z(yn(_OXxgap?Uct5I`VQ^vYl{^3J}p@;A!WjAwHq6U97hKTPd1*aA4Sx8+F2tUq3i zn)Fr?*NtdNXjtfbN1cF1ZmkBPTBn&aH8isc&kpjpn8h%LsQY5)xCEDBcSMal> z$*T!tY#1rE@!C_W;A`!V_|#=YYX7kq6hPIsIJcO&vT46gsJOUwNl7&yl=GHgCWF?( zjKNhEU&^~5o1e--IZZeZrQ>F8z76pshWnp+4T~P~jNVE(zOiOM{AI(mr04Hma5P5- zfMNFe)2c?}=i1~e3ZN6z!kIf*7%p^!MFB4kI94Y2))_PhI9@*^8MAiSVtv$%)q zj!7p8AZsmgfV#6+NOSJxjynsRlR8DVx;P3o342cdg5z6_TH7VC$LH@u3Gd6L2-~t4 z-5As_akkaqZLpf#1P}^iTrerO>d~z?Es-;EGo{FgwUUREbzzKSJI6!YG-r0PYxiHDf=4 zn?D~3QGzRQR7x%zou@U|6^vpgappf?JzRUoqEwq=DjEWLoI2KWjHw0L#1 z?H_6KOBue?uUQh`kl%?5sT+^;H>L+KcOSz-0VtqlBEFFt=Sc#a*zPE6&6oaXtBv^e zn0kxblm2m#`}7DGkr|e{al7i)p3T`bD%^qsDyXm)Zs#I=2o*JQOUZu2&u#L_>ZdEO z1PVZ2M)(Raxt9@1A2^m9E#AeP{`EXd4_Ww%-Mkm5?RIE%cH*Uj;%`-pWaM8cZ}$hc z*`G-&n@@LsFBQtfel^jcR#>}poYx+_NWD2Q`= z2Y|yaqav+qNY<6%$DS2(zf#u?D=!_1%#V1$M`{~0k`xQ1kV8omDDAX@`=a%3kqIki zZIZU73QgSZ7E8BJlRC*N3sgTgS3?0Z1}b!~mP}S+@|v`XjI-t+rdPqyp%;ZH6o76U z(27cBjcfK*{&o3j#D237T0IsfH5||%PBsbhSo-RnwUrSWAPbXZgCz4e_*yz*F z(b~m-`yk`=0EN4v2PU1(y47y<4-=?4^>q=fM6}5yr3KW;JA&XYE@meEQ3^3~(T+TL zye3QV-_*zHCERka6!&gD@Vgbl&H7V@4 zelKR6J0A@J$hjowgePAkf2id?I@8%{`uy()7&1dMzf=CiaR#bjV0%B0GUA&Z2FIwa z1yO%I%nv+yPCoS7KNZRfex?bBXEP=r^L>35G(7D7Hpc(g^h8R9S&g_J_QDGX=Ya71 z=CI9W@wYka3!|W{KMO~B%RV>xxtzCnNo~*5Iqs(k&>v6I=nC1BSB16qAwyg3u9J(w zUShoS6vwOO|4ldk+K9d)qyw;UtOd!^i&pe{#+`&Y>Y(Jc* zLQx~{)p)V+O|xcHJdl{=iHR8q5I-Uy?C(xt zq>K%212lkE&!0dRNl;&PnaFVZu+}!>6GO9i{|7zRxq|$Lzj~#0yUmm)4nmoc)*v}q zzPtqKwtqvYEY*5rH~!%0=#|BVzxk2;zkZG%!xGzPWybdizoF08w@I@dQMgXY>at7u z_+>+O6?&!v@{>51!__Ez9X{g9eag>-ACrTr$u>?-azQPkpstMPL;e3*%;-tS;Q0>j zG{PSgxZYwp6}s8lb@C89JzBF+4VPs8H8z0eQ&7rRi?n2&EMaSVAOCHphMhY_{c89a zV;7|@3;O`#GFIuru%I5W6rcEdfZ&`xB!gKZAkD1ARtg+XsA$T1Xal~{x{exl;RTmY zG!Y4Q&6(Mg>O@%V^+>*0m^4DM3l$T&^h|W<=J1x=quW1rR?fg(JIYS9F)S>>D+72J z1IwD>`AwXm6Z-y$I71`ULmt;Ww;P%v&F3OpXoe1o;Uz6-YU=kXiQNA95DMS25PEQ% zS-eG1Wqba62}2>s0#jrgNyMSZJ5*x^D&c3nk#=~fVR8(7NtYWJV4mDrkji` zU++7#i)tdG)wGEXf7Z#I#@};h69$34#{V9GkI}b~bKk)Sl%nPr?kIK9o8cQax5yTe zs%No&Y&w17Jr*X3sec82cZ;a0S_hKa7r~ZQoiC!P`REU z?^A%&p$|`*f9r=zRMdD`tqNKHFLVe(I@i;XeuY}@;foZ|G4C+{1ORr=OnjbwuK*Wg znVWToH?bt-Mq;|V1iuF3o^R-Omon43Z;EOaby%B}l(yjEz{O2ID?yu!kEnG!&I73R zvrp=#gE@W=3fvy&D*W0~jIv3SC8zu;!F2}CE@3DFbjmwhtt7H6-%Zx&rJOryWJ{d4 zpzgZ9z+1p|jtp*#Fieibe`!xehs6pd`TZ~@G$f|toFU^h=({wW7cNUY>CeBNX)pVl;|QjVA_1m7RlgbnhbA8e;a%C23MLVBx~&X@_yF%k9R&`bh3uF6%8>9Kt1uLmaH zN!>QmvVrDSgr9gkf{f|Lt!>_=* zoG&Kh!lDL)I5Ut92*UWSXnrsU*~I!&O^dur9xxKNP;|@+6PtcS0{;V_6NG>~UK}9u?H9$ zk#hyjob13A=Dfb#&B(ALwp#ix$;j~a7!S#%rGE9JH=Bp0VcZ+)8##zJ9g5g!5w$CX zUtv=5u<7{k4!rx!DEnNjPaNfB5Q;_efXtQitlI_OG)xKR_K-76X2?DAxt6j~a0NwO zB)+;7vRGEh%ip7)7g6TViC(J(~YfT<9zC-Y75gBww;c_0k1uqa4(2! zf-!UVtb)FxaGDP)k|;{YdGCYU*zdGx22^nkW3QB)vn%yRFB5pdGW($=dwP#zoD)Nh z`_tBj{%w7w<)!HRTM(RsW^47*A?)`D0cDj(*Aunce|V1dQ9!&NYTv!JUY$r|Aq3|s zjd*ajp*>X8E7%EIuKIU9X=rD{VPu?Yl|Gd{TiOATa1-Kx>i4NP+>(d#04Q(|pyAsl z|E7LlRWTa<#B9&cV1WeH@P7dgwlQt16D?kfGxlJebPk-yG9zqf>}$k z@;&zR4%+OL8qHnNb{PhxWBBwXt~z^@QCsPTLwzzD%keI%mfg6yq&9!uQBBt0iF(kD z*Am>VF0UYYl=gyr5H8j2JwE1_p|52aA38K_9@>=$41gs)WA=aNhIQj`w)G>lyuyVr zy|TE45k_gG^b0y$9Aznm_2`#F1C66?tmb2Jdx5B0G62v+HM;__^$oWl0&b7*a~ zGI#Aitw~(#3@Ja~j*~(>OX? zg&yMPk1<)c6H?y8<{zyK6L8Iy3DZ?Xnn7-=eSPp}8=#qkU8+nD8vQv=?<>>r2*W`> zOq=}$Ke$;>&qsU1_`_4X#7y*+rQ7-2fyDRBWZabfKUBo3nl4kwiNNa+#}_vYnbvNn zOpE_*#6co&)-KrmO0q*ypdUEuXz_T^P4VeJ(mjz%zslxrE|=t6S&{g4^PHlQRvIQ5 zxkUj$IS%46?aOm!GP>Ge&E>M3GQ*7u)PvuCpT6@3<6L8-$p z9^9TD*rleh+8DJ$(OkoC$>f!ckq7yoHJ+hmlrAGC@uCo$%RDyEW2$Rc%hch{-wyGS zwbq==#^^_dMr*!f<@KYv!Q0QK=h+L0g_CsoUO3TDuy>Pm^x3coq3@7?GhTjQ3dcER zYCT8ES!3jS)PkwFneH6bhue(`ba9Zz zOfgEX#(*prUQ$t3KFdr=88q2v0$71opR6IzbuKn!YK<)P*vbueKL3G4#D=p6530`H zn$5H(9qmm`Kasc)<DUpzc>W`tFQAr|lLkiqW9kF2Z@d=FWJCNJ9lfbdjgan zOA<>miiF>-PH#U9^KvqSQb`ro_uOdmkDyZEdT7@THpFr$G^J&@JN}4nm7}X(w0~nj z74`1)rq9pYuRM2;kqBpup8kt_F?YLpT$>rxK2Si6yzpZ%Tv7!(dvf3o- z`C`H^t41Oa@5_!8OQ3OCBmvL@k>;{lc9(`-SPro(Ex`Nd>)1v$Y5A^iMpwWyL&!H~ zIEIl&%knUYt(xka7JlF54QQ}oN@b2EaOEZfa3~Qy&G#J9@rl%TiFPIc7h?Z~0C(+; zlN`5Q>p4zdy6c+Kx^-+(%-d71aAg9>)?U>@LL&VucDof?n zV!*LmYT^-Jox|{$xf}|KupiQjZtiG%nGg!>JA@)7S7Lk1SZz8j8;$SiP7&m>`;s8} z>s(vM#%wWKhO&PCbpA7o)d)P@{y-GMdWHD`=?#HYO-zGddAaMMFRN$rOlNNl$;j-& zyWGxPy#_WA2Pq-913b9O=?Y&9d0aMb7BJ*aI}oOp3Ro0qnviQj8l+LB=a=BcREOe2 z478Z`pAcT>{N0%DQwIGTmN(`+>?99g4{#l(Z_LetK~=-j5IfG(LT+{v?|)ihW4CqE=0{IqzyaIO{4M2==@HChl`CLHrP8DP(;CF%PK zFSjengnDKsf}&5p;8wWQqP|(&8=`$*yd>7NOE`3D{qZ7wtceU?3_}OFLTAMO?mGWn zVWWZ8-3&utef196$8plPkzjGpUVjI>4 zF7H8Q1Y1W2*G*%RDRvVT3yr>J*3MCVJ$2JYx8$YEx;|IiM{!T^kzN>pyuw!>Xf|#6 zi8OTlnikFOz@y(7oY!E5^nhFfLmqa@Cz3M+BrKMpV$RJ^kGJg|7;+Rq_; zn)zSku^~4)9ZLVGbDx!RKZ-_)?@?laKt<5>_4RrbUygN-vkc z2?$ivt!o?Zw5C4vy8Gp`fR7G-dmg~Z{uiZL{an;PKBOC?ajZ{-4gK488QOn;or-L5nSJ<-8UznnD&JY3_biUj6GN&KWOX=Zkm@C3PX}f zBQFv5S*m?Y5h-*<$FqKJf_Hl!%+J%56{X#Y!2Y?EeXd5Upq>zgeyWe_%4Ft~pSc&~qOo+fv9Z?KNUhIKBP3k;p~ImmX=w%^ zvY6dqhSR=Du*IIX{!>zqqrVz@^c4;7#N+a-J>-Jrc~ezvM-LQe=BI-a3kzpaR`e3q z(Vm?X23B$4+4&%!-iqLLawEekEQx6NT{7Dzgq85$irGSG9b7#35VGmk3ASLk4yUkZ zTPPlgHQZOGIq9aL@@K^FQKjaJY={-FGz=ae8)rO1`Inv3;es_{D=@j6kP9$8*?Ccu zZXHooeQS+H&Ev*S$C2yr%y1WREEvCqr;)gW-TMiUhf?Cqesz_Y=9bI?a5c`Wm^=06 zh1z25dhdDrW$~*nIe<052>7FzVwW!p3~O6hvdg1HzG^oT{tYNF|J9W{ zocjYH7;SPq$-jXvU9@UmVwK>|dok{QeAo$2q`Yct~-9=;GM6%Be zcRFg>cHFE;6-FDdV=;YKMk2-s<|nPUpYuTSGGL84=9A(c5jD3Hd)|wLaIn>nUr(aG zaLcdSkcqg#EWJJF0{*vZvjo5!lE%%U~-avsbA@Kypo*bq!dTZE*s+)EgtODBd_mKb_e!u)G{B()RE(CjeKB zOb5u0Lxit#g4^PGiNrTes44d-G#$4}H<=vERtuV$$cSSN7MuC`Oyh!<;%V;11*; zB_vkH|J8oWRQKRDarIjB{zd#Hdm6$KIV5oZ85TP$n;l-h%Rr=>Ksb1%i#b)Pa!T`L z-1W(2Kpj zpz%K4XX%~hsx;;XH<26wToz ziU_(F;^_}ytQ%lM-!VLO*U7^bQz~W@`SgpNjTF$j#g0k%`vAW`1u21Z zYSoL4OQ7@9G{gHTN1DLgymU$ZuN|J)f0Wxcvpk4U_=^%G8s5H~sgR4LY~pL5$M%oem&j z=t1Tx%pgmZ11vEA{I%cG)1&W@2P6N&@wGKFBM2oqVLUnGsDP+&YJ?d~19i6^d{x#)fG24H{ z`w05tC&UDBm#lZDa;#z9E#t|^B|1amaMh5euiw)-MqV{!yJu>01x(i^Q*|77OyB)@ z^b;^x*|hvMPNiz#^>OI3TW=BQj7vji6y%<)3c&Hw*0!eJRezdWFaU}o8gQYBb!+Ln zy|0CkVwkYfN$DR1kcl_TlD1JpQN_B>2X5S60s+{{v(c9_fg5SZvD1hlIdz%9gtoa-*hCSIyu@?X{WU zHxtBt?ZGkW*mjKp))?Inl$VbOkf=#|m6@ObDtaGdLEvjrXQ)ir*U=$w-EJ~YYe9hD zTXuuN1ArF!r#M}XpWv{ zy`2aI)GE~N_W4UcoDMNpi_eeRsj4hoYV&!H!{1AP5J-DmDAAW}eYTa2Z&3yZ-PmN& z`4^rm`+_rl-V{NaM9Yh6q|lX_gM?gRA-ZjoT_1x*!ucrO$Z6Jps^B=s=g<^eT(YP% z!?D{l8jVu1i1#zA-Cj!i3n_l%XS5&^!1d^}InyF4`rnUj0C0d@goC1Q=ab)WZi=l! zzxJV{a$CtOg+`$z2kiB@gCuzB(}hI>HHkH4Xb zVdcyapn&GVcJjs1Ti_?;vxZN488nFdL7#&X6jtwrshzqPg>7nAl~xJ*N&i*p&q8jg zXW8ZOY+GJz58Cb_V#DD<3~Pwaq^&kYN8jA#PTVig27n2|2D#Nkg~!TGgPy7!dd0Uv z5=LQDF5BXWv;oBdsgMaKrzCH>rKQV}Lp{`WC&o@;uh)A>g{E`0e+l($$zk8|u0Fa% z=8{qWWN-dkT!8ENE|Hu-%Tt_gH(hvXX#lkesGy{|Pw?adXg8Fyfcws-8<^Z1Wx#Oy zr<1nI@vq@pMgm~9g?|&*i+}E~NzhvueV|=}9!S+M#Gby7s~Rj8s|HvizTRU++@Pz& z0M$quFS`Wf_UVNw(j#-ce8l4L$I#J|g@X{m0Q?p;!}sm82crDjBT>#5SyN6BEbDLV zm%fVSvvwvVW>AuE^nwOy64O62*@!QoBp@S|?jPelI^@=V(it-Sm?K@sM0>yQL$1d+ zt|7UYtja!%hurYV12=Im|J6htoZ1}X;lT*9Ai!uRTm;1x-rRpD*8HZx5gv9eD%>y& zW|W4uO4523wJm%`0*hJv9!txPEV88;Z957JvI-`7OT>T|Cr^5}A8Al{!QNkb)$prs zKlwK3+M>H_hljLPO}nOiJp;*4Hx+@m}1Y=t^uV07h7^IASYf=c@lOOi;o8 zRy3vdT@Awy^NVwj>-3>-SK({Nl|mEP>1LqITdhY5k$Ug`pX@?xU`2U&x8y}f=5AY= zAMnT1m-S1IMPS*<3p%vrN~fg+-v+5Ie?vU{o1VlQ(CROl`>(b!?PO)S^6kqcaO=x< zXiIY4g)$AtwTR+E(Y;R297pjEGW7ko8$)C{pGujYd(j@sv8|8z0 z9~$}U*CEcrWA`SFkEYtAcuk^w`gMy%+Sn%Ma*(=>g8|~@vy%oTHb=s(58eb4Kv~Et zqi*(OQ2a1t@JmD3OD3<*h&()ugC^>reUmI*ZZ!8bSQ>Arym5pD5fSax;_zxkTq5oN z>h;x%j0UQw3q=8@L8N7kCA^F9`Ld51ilY_+dUX|Ez1ZG-dRgLArpWM-QU8ektp;;N z1yu-MsH*1ZXA09zGSeqU*S(31$1^#+O^}i}dCDH7eX808F1)^ZcsdYN)7S1PZk~~TmXu|Iv;-wqs5ARV}+hEX`yBF+UQ}UX>25 zIDc0e+Gcng+U%Q!EJa6+^WSl_$M?hQ{++BRCTu{SS55M>`i!w_=e6TzhWA%0*0{wo z+$yjc3Bw(<_iYEo?~|JcoZ(Q9)|T}HZ6-TNJ8bV|ENhs={8TKme?sdT?Wleg%npDJ$-kd)8tN3Zwy%2(cc$;3%;kP{(?`i_8+)hDbyAG)vN6(tZ!6M3er(WLGDPF(UD)`aEC;RCP{#Sc*O& zw}p6a@{j$|aGRqZ9CFKLVe zS7%$(h;XjF>hTjtqw%;RzERz0kK6H*UQR0BI|mao*VsxT;gq-HyVllH-EH z&owPz2Q)5!3!$IVq7h#RqkPOJ-faDk?Sfm_GO)@8J`A`jr z%l{julv|KQ*6zw5h`sw5FjWxD_eZ#8#}Dx!TFl-Z znVz~1uqC6NuXohTp9+1(K?dDNs{td(2$beJpt@?Yi&I&W4R0!Tjd4*MFI#ifQ*8V*Sh)cfx6t8-UUnUAA%mM8pS1D zi$neVL!?2AFm8?P4EiLRwdyD(Gf}-No;!v{dC`$Xb^ik=XoQwkf6ixJ-FJ^)0`%n$ zAKfv0@sz`J`5VPE<4?4-*;Hg#Y# z^)Z!Rkrc^;uM$q7&_4NUF`#(~PhO^ePyu3OjbFwB`O&))TJfSQ#@FgcW{vvVILb&#q~wy3(h(gv*IWtv-lM$wh_w1hmn#k zrY{C##1I6@MLll(3ZZWkm)Si^m#DAzksdsz3XP(z5LDMXh}RGcEGD$ zk9u3J`kLQ1jF;yl-6jcGKJ2jvpVEn25L#}H1a;e3f#?4cso_d^>ES>zu6?)}v(Cux zcajYb`U9UpV}4q@sddt4HH-l9bJ*yG02H1QD#9G~=ZheGMwd5c9vP6+zXklH_V;b6 zl1wE}0*1GXll}SEzz2Q+P0D>LAkQcSu-$BsFnGbNMQ7iwuCcJqy|7j)JCr z=;g7^sI`inZveP}_W**hhcsiiIGW_w;OVw*e)=qPklIK;`&>pYgS62`ota;D-N@uUC4UW_Tt3S8iul<8Pa1437di34;J`%@Vahc*Kjr!3B{sqcd(w*XfRmWgc z7(OiGxA{mdKdCzMaIA7Q9+7mm#lZ~xkjfdPCoAV0k!B3WRV4nFeed(FCygB!ln7hm z`FIV6>Jf57FZEvAjwR0lDuwSz<41)u_iNK4c5Q~RPmRI`ZdzV|Rc&E!-%R}ud8{l| z*HVP#(-U2wQMKvLX#5#~CFKUqY!THH%p|s=A5y;uv9<;`WRk@{UCi=5j&zPW2E`PC-6v-IbYa4mU~d` z59RmuJ=-WkREFtNHwAAY5KX3MD|xvX5BAn(Qvvbx`TaKLgV^Bz!I~CRWn&Z1!?d|t zdO<#Pd0=c-;C+41NFD){ybgrV4EU`}`5@kw_{!Clc`RhXmLkNB7-$z*@{i64M#D$` zY@?gG{815~2`rjv7_p-5zr7z(*!qZx^yQb;@_@G}8WY}Uv?01dJ;ALu>0KtMMt8My zbc*{zybk*?F^KLVFTr#%k&r$SzxH>k*z8~s5}q3-Ui^wZ%)_MZED%6-Io}P|mDk~& zD!li<_-)~H*hEV*pH~+^G<>N?{@>LZv$aVyB%DICTb^TJ6XIO(WvV*8-t)A>J0Hhq z$QBri_qTlaEA<29J5{w$!gncQDK}$H((VIuvUJbCNn-OcCM%HIsU;~W*cB$w{uFW~ zL%@9=-xmBgiHvYQ*`UjhMNX~%Ly1OH+1^%WRGlkr;L~#i4{*FxF;#@u+c&)KB@+?nct+U{~R~#>z`(7*od^XR+ zW7VaDADMPq8sgUfo`p0NnMFPS8?PJDcySBE;LhNx-T0R9-wO|$3t(Ff$0bV++|-TH zgzqAe-s4<-uw>$FqUK=`Y_ii652+J{>meQk08TxSJwTA&JQFop*lj}DGRn*$0){$Y z#qE;43hU8S?*yAK$2tLM`Ybgs0CW4sb?XanfSy{b=MK|>SP?*Zg*-5mek|EvT}YRSFD-nH~tlRRkEs2=#O0>eIv< zZI1e&S-N#Wo`gwwo?aq#;hnqon@y++<&4y_QM<2AhB47>eAoC+LlAG^Orf)>c1vvh zwjNLLZ|O#&@p+U5riRra{7c-pe=wFPyQ_j`*t`9&Bi{ZuBBuD&sd*wV?4X1qS6F`P zjVy-jLg#+n_qDC|!W12*Ai3N&1LV8<-zHm2rU}CRKhy>ju`2-WqkELt zf-kVdO)wV095Idh>lzp5k%gNXG7|LNaz-G(;@>FUF5VYU`b;+oVA8*)kmhJ5XQVY1 zEFM^9chcG;K7!k~kRLRk>-yyO_tRFhAf#u@+UGd7?I6VWfYQno=D^vec@tGjF?`fp zD*0`dBaz@q%3wYu8DDVN5g)jiT&;{g7a5Ha!_fqanT|3f<&#X^nx<#Wh{{24@l;pG z->v+WsQ7cGj4?0_o4WH%?<mF0D)K;O!a>=&* z(G-wM2IaNVY?#5SiB{kjABun{*D16=Z!Rxb6JfwGjgeu@`qU%nG*+Y~T?Fz-I+buH z7#%E>Re_Jwr3_1l2>K-x_YhK43fS$)Ms3EB|IMml-5HP%zoisb#jl79P#x#~&= zn`HlK%*pUieO$waOF_s@Wdb+jRmkpQ{rQTOaOfbvzn|f%7f}`faYo>+Az$C0(Pvv+ zc%MDZU5$A<~2yk!XDBY5V=gt5v@ovu91s*UUV%yhw9;JFAa6aM;+i9Z zfiqj+%euu$i#@5~5nZ`X&R1i9?0!v5qV*8qeCBX2AM)LB)33tHgx5N_5;v+Vmk>W( zEBC&z*1bOt+q3^yQPwT6wHXrcc&lpecT(keH9YPJm3)2X-;0N4LQU7xvi1r$sHwTt zPh;l33A@V8yCPTysVif8X@6aRhWSqWM&nYm=GHQnxvca-iw6^+|ny87=M>R$AT)*8r?KziOLP*IjmEX@|Zca7D-@mJ4%SxYdpYlFvv2EzTqGa}=v4%m+YSXovy)2JAKbu{UHK+IQW=;s|SBaC4r z1suU_@Db#r|BwRv0B#vPF%MGS9i{{%|IXr^+9CyB!vGk800dl3mhY-5ST0)fz838v zWi{KESW;2X!}*5b=QMVvS!=g@R7P$ivtRx=b0zk%g(kiG?tDw6@pm~SzkI_R0_3tA zkxE&3TU=hzTyxbd#kD7>;B7nXj<2|r_oQ?P%a@MrA?Cq7n~Oz_+&dW<8s&pQUaz#5 z6vL=pD9b6QP$?KlqzS8a*#=S^k1nMCs5L!%1^trD^ewxAwxe5=69j}S2TtH;hfmpGfO?;wbAF^{#|9< z%{xHcX}I8_5C~T4K^;Pb|+p2EDqD14Mx z0*E4t$`hzJ+;;s!75^f6enA3!7U{Sp`huv^EqS;_Gcw{3b#Jb$Jv6q{JMW3mgoNam zUA5-Dx~oVFr~V|^i)q|Rf8oX~Glp*pd!)_!7S86phc`OOtm23g{UsXOpJElgZ<>gK z)m_qdLVrI%$su%K2522voT}yn&Kgo8kb}VA`x<$+*7pw&ihP5l9}+;ae< z#@?->`H_y9St~As1fJPkB?7rhso3BmSkA^XDrTA2X^b-+%2TZE(>J_QKpmd&Mi#qx zpERz*ZND;}`QLh#^Hw!QC19Ou(!zs*=G%j(;xqrs3en_nWKY_&Es)H104KXr4E)5K zeIh@*s++_;r+fHRpCm7%f_`qt0_N6x4qhzbSD(FmMk3ASCq?uR4c@S0 zG9DrMsrcC$bQwK~mU^^9v@++Xe)a*Pbq-xXV^?BN{pW2;I8P5CB9dPm8&S{9`Oyu< zfFoZk7J~lH#carlYU%=tQSjo}-PaIHs9UGUW?Q!J{XfngJOkz^{q}~8g%Na1F;zX8 znYp-e)n@D_RSz{rw=PqiMZlXQKcatOq%Q7y*(#|=8=z9Y)CE8Q{3B`r$bY3&Z_*`J z4Qm_8%^MS;I3aB{K8=H!AiF*y0i=W@@?$(C_dX_E)>K8rotxawmuCXFK64XCu|3`=zUgY^+CR3VU z_quUF*nlrsbx|fpZpBr*Z=QtJyn#y45ir--uaS`cT==ntCP=k(d79jB24Vh{6%nVP z4|at(+23vW*LOSD|Meb952ak?&ZzSyMySPrt7hlZBj1fT&FRHvZ9J7rK6qB9Md$1T z9C#ocm7ifOvGEjR`QeGlgJzoJ?#)-?!?K`0zdPCX_14ax)}B=y>G6c!&mnW~B6r4m ztk&Au^7>|h{eLW>DD-!qyxTz|ZK;G}j}?-b!_K(cFXfSQ9)CefTB;wDeQmG?@)2EUh|eIEbpX!cBt&(m`Y{s?izRQ8FO_3|L@ zsD4HL10^QDQfubR7jS+YJJUT2?pA6oi;hM9K$FYt_V|O2z_YcXXD015Sple>_rWaE z3_#YP||9e%3JJ|jH(8LB@9fc{S@HYGRtLui!|2cGg;r{-qcvgVYg`uoH zVJ8wA{F6Xw2^j}+6^M;^HSSh)mtS2s7%6^XUx5?Gj^}4OSDmT6zeeY5B=0oU2@<}L zBQ2dv9FiUmzT6At6=4cT*DK7a#M+1Wf(MkIANh}b=4%{yB>LgH8o-qVz&CvVe@XWi z!M^8FiuuBpxF z6)Tk(-J4^i#8(DZ4|v;+DZTX8JmcP-@bozxkxrd!sLB8L#EOToy=7ziWu7{VJA*8oY!UsXLY-d; z027h#YCD*(_Yp{6%G4oUVw!ORCN0mvD8(hCo;ZX@Unf)jjX&sJU|U$Vne41wne*|0 zqT&#YsVTq!`^NJZ^z}Z0ELVK%dg?|fXuOi^vJ{6Iul3d=`sU{#c{86z!0m-{)TTsk zY(qy26$3uPn?$~ML<7#PFjHgZ^b=heBteiz1fv0WOG7amlmufLbphwiNIumy$4Md} z4@4PZ?MWJ^IMSoesuAfqv(o9I3-Jc`Wk!~_672=1Uuqsb3KIrnv1+U_ zoSA}kLjR{%V>$!i3{nqmi8eF@ozZOdvXz+her(GC~SW3Sf601^Xe{$ zv?2l+mRbx1v-@H>o9lJKQxm_M}zxljhBn z|A~$S%MgI|L?Wi!EPla&e-zNAa+qjM6?}Q0^_+hqhL-;Oo#^Om3-!2mTIegC-4u-e z%qs@z$-sh3M>Lmla{!b+3L>f?sethA_ig<3*m`RWAsG0YtgTbg5cU+K-To*d@mW6o z5$%kN!TrpzGpf9_FPlg^X}87`dy3X6U7D??y;fwImHDyOtY?OJae-nZkthDO--3as z5u-eE#no3!murN;HPtE(+YO&{ur86BYmN8NUCP){+_@#v$<^Ya{s|CxBcG z>i$!9^fkk~}$XkEg)Scy#(Z;u0l zJ;JK;ocwlf5acq2pAAU)z?cxNp~xu3aJS+MN=f#pQsFmK3f!~cYm*P7B5G@?>C(ld zFFpVSI*tw@Dq;%%EM2r5()vT}b*?}PlYLmeiXs8p-kKg0$kJQlQyUtOj|>G#V z6lxGZKd1#fk311+H!~^FB>}>f;e*H}#Q@&~OfvtSwsvXXk$FU=DvbeR)}gl{`Uj^2LC?64*+1qz?bAxeUP4MOeZN|y z6%jCJ=m7wz1Hf?ZRzF)P!95M1x9uLp1L4jih zm6y_7>=bl9JrvPi56{=*w2Sxc;*6{V~rtoa>nSDD&rs;Q)dI>kkpt3>Zb|5b7_4 zsZ~xlU6SIdUsmHEVam40C>c^y6aMrgJ%RcL{ylukMQQw9Kyl<*5%dB61$mM41fyUa zfT0N&1Htf1%~TEFrbz{g@Re{w19a-n;K(wUAqBZQ{7#A4{DzJ6LUW86gGC&25!>Qq z_*C+z_0tU-fo+1bb0dxnQ@!l%O4f*^4)4HfQhXW%kitA+jA!z{X}%uCa9vGG%02Bk z)hKN}<2D|MUm!JMsH8a=Zsq+JIIo^e0f^9$>U5>|5HmmKA)JR&f*t;<CtwN5;%n|iR^I!w3ZXHR@Ao>BZ=Vd8VVJDlC59&w zAAC=ml1||d_nYcHZ>pqU=iV@kkZhV<(&aQoZ>}4-q-@2qcf;w5k;^Rl4q-p_C`JZa zN>4ty3Q0S!bNy5YK^1_SoyxOB8sfkyT~UgqfvN>xNT(F@wVQAKj0M4Qj|k zPf%@g$WA6{2W%c$J^03rqLv=d9iwU z+kw&(Tmb=4nB40$X#s1%h`JNbAv$o5zUDl=Tl52D_KV&Jb65aDm;}Zsq;z`^0IET+ zom{6a*I9>;1lDR-LV` z&OMji@WpR}(FAISYHh^ae;9c`z4PVK1Qe6>%o!2h8ip_ecEj%CV5DTs zB}bE%HsLM%5)29+59tc^HJje`Zz6t55_SXPy7jl{e@0`xuCS+5h7;`J#+$c3dP?jc~kU@hLyf{+p zpX~SuJwHTmD@668F9YMIM86S&#yhv9ZDwNCZ>rpxbv+M=WIergivLD!^~UjEGb?RR z1x358z|)(Co}ITW1edvel34=_g4yvv@70EHw0G|!x1MxPwiB;H@p}wZ>^(PTamy2; z(C^JO7}uvKRkY?jcfK0-ES!56zc&9FAIMSmSJrfhYM5dmGGhs^V{ix785*5!-myd4 z#x=ynh10BXonz6(6Iu*=J*v_JZ&fZ?l5Qei}| zhf=^ToAiaSZl48b9!sjn-btc?e8jzA7V~mI8~f?nQdBtQJ zDUd~Zwg)kcz7H-a#*5G`nQm+VJVmM|ycMV|hf;7RLeZq_8%rhcpTv+T8lUbz0PI^F zgs2Jg$Cz>ph5mWoh-p$xX1u%n#-Y!B*pa z(RW|8usCO`bwO#MbdO-n*Ne`vv#iEQ^iz$3r(boF>oN_GG1U5K_EBo<_n3u*Ld`l1^t$v$NO;+_0Pejwa=BoppPMf}j8qOtM@^vJhX zZKy0mwjtnA#~ELq7S;3gdWHLcY)PJM8v&K!YF**&+m}(c={KExYcHp1WCwN(kz;j^ zHB$w0>lFY2nd15b1)%Pq_(AG5Fi6n4g%mQ=N7YbCo3fDpgs#mW;C~IM>PM*ht&XyT zO^PNhjB8J(BSc<(BeXF`oR?ReiW#0WG3RuS>>f1)4|-n;l~6DV;jKH+I99hB>0P?equ0zD(m@0t6}I1oc43gMY#uLn2sBiN z%p|QaHQUZrS0+;#@>J5d?dC?e6`5nq&u@()M<22-Y?t5+-w7$S6kq4`!w-$6I?5NG}%Mcy$Krd<6Nez zbww+sQQ9rQg3IP+Pbc)s6NxMD--8hdfD@{_?c4WiD?AWjZdH7DdD=aWf}|6bX3-4) z^oxrKS+k+OjNWGvWlT4|#7j}j?(^5fQSA?_5(a(~Aa0l9@cz&UtuNp&OtL?Ng8ON) z)>>yT#1J&&hI0!4A@WNisQzQeitsk2>?FuGzCnd{eKiqBElFdySAMkbLE!OKmnnW; z$HfmIlTU}l*@x-9kt0ZkOXEqBKTYn8#Kv@gxw8IxC(IYG^x#4iM_qjzXQ1moTmPRM zC3@&hDs=`qZ?dWj9^&JSfB$JjfNe&BEANC8ZRp7X2{dRX|K3Bwm4(0j23N0rq1lSe zT!7)eR3X_d@YTq=We{s+b+%%aLfK001#%rKS8tDN$g-MLVHItZ+4tAsKIM(#hjP=e zUmBP*afnWoOhA-oI3+RvLWh{*(;m0X1GF?DgyTbG!r_rDd>aQXWybwx{zt<;yGD|7 zNHpUy4Kr!lFDI=i{A~B5#sDrxR1*j1hkQ!251LQ_@(oEtMafTiQ34QR#Vi%igyRWf zu4Yg!$m@u@;ZG4dt3c6Tgz&lBHhQ5n`OewRjDK!}#H>q-!?QO%UOCI2X+`N2mVV%6 zr5W503sa=7H@ZSE!8IZzG8C_0xX}oHUKQ;D6^ouo5~*Y^BP5hx(+VMHawccAZCBLh zAWzw9ZzJLRWdy}2tjEQ-9UFiDwbAxVKnxH&+#t0zqdF{3aWEpg zwquQz+mp9NQ2<`pEqMDQ^}F0glFhLR%;hy58lOF5b=%BQ%K(lj#rjA4Y&e=9=h4EV zanF||=fV?WX`c-3AigS(D7~2m|K2obphYt89sdRMv3@o0l7JPU!Vn-j-aL0wF8%{A z+=_iX_p$74;1S15Notu$bGPGI#!CSGUI2vcZ}R6~>4^_2L#dwo0!@o-#EJ9DQ{SM? ztPlAok|SK2wYLh8TP%yPh`Fn`O~Es(Oyl8%!#`AIux#Ug_Dha@axo>qfZw;SBh&r5 zT*SluUO~I5Bs^pm$x6by38*Iu-1~)a6JYGWV#KjNaP3~{&Qnv0%7dU*@U9g;!elG1 zGik?O@~21sERQf_t$w136cFTDTSM$uF{r?=XP?iS0&e@@LmN!^o4S1%xnTUpLqCZ+ zguix10JE9q;n)ZeTOp*&E0N`XaTz6 zF|{G+IPZW_?!URQEg30ITx1#@^}xHD@^u557ZT4A-m!YVGzqKE(^7;y{lVLa+vo2{ zxdTVc2_gKMDp(M*+=(u}L7TV&TA=I|q|**ur$C(n(6a4%Go5VOk4!0QQ3poLnXH-G zhnqpvJ#y$W8?RFq)$X-@y4Vj~Mvj}?`%!liLuD^u@Vsux+0f)$`sf}#&Ne1Q!zh+E}_#?nTj-PPNJ7OX4pymS(fPjkSi4KZ-WV&E3Q zwc26TA_a_&SmX@#_cuS?D{U};XP&Y9nlwxo8%jI7%u={9yXhVBMn^^`wCyfW_txoG40@`GjE zKY^PNfukpE;uqHG^{Soz0RdzBz_Ipj^D3Ru4fnz@6d{GozrxUcmqH&8^AO?A3B#({ z)4$PtIvqh>d zx;gXycIsOC;+K$Gs`CSxK&AD3S`LnkG=s%cZNb>T1^!jJsm64VrTd1WM}qxU8=&W= zph!dcM;?|?n_t7+&7ef`!1-kkP|qZGc-X`u&Q*{DS=gw=|9;li{JT!`b_N5vXe?wo zK!wz|WV!9~2AAu62>!#K3zV65W^00{vd)?@m26(~5g9Vbv$gL!*rQ|Z^dD3!$XSiM zyT;K79#?RXgGKYmDeJnCUrtPiakj;K(qi0^yH&vovS1^?gbwHbWylsPh=Ry)2xtln zzaF1v22>eqvmAtox3BLavZ?Igy}z!xDB4rWNS70Q2_UJA|KUTW+v&^TmKxvA+YV$= zYL04%=Isj$OO`Vr`819Gff5fe99-;}{1{HFG{em-$h-fuKMfYXsckiLeS{v}ONGe) zQVF~){mG$&k_LK|00bQu5`ss*prf_*x`vDY3}ygaFZ?1wa*$cPAf|*)+d+0-gu#!b z&pZbCkR~xt!^y(>}>g;2AcCpDhf}`1Vt}n3V}$hML>k zd2gzZek#)iAI@xaTk~}MD}-sd1b8U&$+8G+VzQAIE^BQ+qwfWHQW3mZ-KdGpXTFJA z=6Cw69`OwNpYZ5#FJ3{}f0ic?TwpXx@~XD+BQ#U_2f|B5wFl^V3qLJ0-Pj&4^i5}# z%*FfP5P4pqesnGqpk)QbUph?Osw!mzV1l_E{3)#!#&mutg$5Srr!x^{MB2YzM35I= z;%>_zzCI*48%;DrE=3=b>{43dorxLbd#pn8#CB%J(Wp{sTF2)N+2l_48J%YViS?;9 z7aya^e^PVhbtVz?`ne*W7O*GnU2aN|DCUc1Qdwqu7k==TIorks^Z|e^&&7VQb9P4&VmUn#@dL7!PaL4rEe;`=_{KR zy?yyo{rtaVYqgC1*KcEHepZ5QWMjvE(=ZeqIre*6lQb7EEtVb%%up2IR)8bOCtQv9 zgLKf6I1as9b%`-$(OHKWn3V!>XCtigwRjX__`njI3rRx&J#6qV2R&XH$q*2-j_lL= zX0G)qhu0QI@gS2OcgSRwmQ8E%q*2I~$lbJBgD}2yXDaG1fR&TLw?)i3XL#0$amTO; z*3GydyTU|o07H%CK90RF)#6n6`0`=RD~|r&kq;DjzN(=@MduXTi5xKm+iDK(^c^=( z^|T`c%V?p~srlQ)FBVj|oAPUF6vhReKPXmBm94hZHh}s_?d~x9c9KmKQq23GOhVa+ zk}X~9)=>gSF$MHa6X}6Jx1yGW@=|t?{s^PFMr8&HZ4zkh2zc7;8q$SBhakO!2K@9 z`ZSvIsfr+5c~~&AZnx+j+C>-*{ytE6aYg>eC>BtIK+kiRUA*&;c*7I;k}pPiR+QYy z$ye%SDOLv8cb`uW&o#|rARu{}_l@F8ui``!ICrNI##(n&T_bP*+jsuc^a0!d$q+Bkb^cc~^wiENA zfMqNTP$Q?dfNN|TDPxG-p9G<6c&6{>@3&vtD=N1zQOVHOtDUFiF`=-v$_{J4Y4j@U zS?rVF#x|I*f}nQZyCc-}NMc&}SHQLVlSNrxu#lpF;&o)k*$!HZ*BJoNR4ho;c|>oZ)xA{~Aph9r}F zr5y~eal3P_O@&AUY&pYpl0K>y=Mhpf`OiRb9e9z(@FOw52I0bZUx~5f!moudrrraI ztidL{?p&Zb1$=|NLPcbMOh~IquqKp?y3)$Fd+CyW<_t2q!&uI6 zYtdNhr&;96aD+yrjfQi!LGug0UC8K_;K6$#n}6|roi%AbZBbWtQ9u&l3B6ln`k0xS zv+$QSJ@Wa7Z+m%HrpNeD7r4LBYuEc(6+m*#zo8^#7BHY`#}5 z?o0D2&wl7DI^;k+ku7`sw{Emg??OObhEQiXmI?_003;RoQv++3TEEE`}@G z-}Z;1_T%-&0-lF+_{z2urll|d@+yV}afdhF^BQIz0gJ-c>O5IG;?ngV8I(qM4Esd8 zUn6i$102SAYdIk86Mjy?U$!nWt_on$Kp&N@Y-X!G>TA(W4G1!H$jCzO_V`IF6z+?q zQ{;IE*JF$x_6j65G}4UDM^?tHH2(*Z+n@=u-UA9&66}(XK4Ir1YTCac_VQni~%dtaoZ9IeDzO!_C%5Bi#A< z6d?>0{~O(lrvkK}%4l5JDfBB$k?!1zFg=XT!G0{S*6b(~vYQ5c!Ng_<#_!Uq#r9$x zH)77J{IWR@ygpmv?&O5b=q#duOW$%yYz>KOox7!=jebPUwDg*6*Re{?HS!h_!J}48 z2bJlDuR`9uk*qwe5{+9UYdE$K>jgp4Wd!i24Z{@C`6bGDG?=p!DlVZ^!1EdMTb6CU z=3k)o+>r0Po{P)=;;3+2fZT>% z1*T}s^Sb=CydXc@;gnE+TVV}ityD~!aJ#(Tf z%8UYQaIXv+BAL_nXNBs;jFOx(fm8$-I%G<@9#vO2D=WjiDg# zRw?sI9AKl{-`-OlCnGaSU!lX_L}Y&r1YqB4t#I{(-z%xes@2?YFkiIJ0hjMb%F8pu z`O>iQ{Rc6uJ;%&8Tw4jabp7xb=>jA76&u0-wFru!EP{&P|IbCxga0goh74|=t0^d+ zeoXF4ls=GPIEFmqnmr?`Zm)VTz99{~2+J#H{2HMei*>tSk5J9;O;b30x}^4WJ@;X( zTyY|fNJUH)**!f@qIxrP2=1zhV4wgjuu+Xdtd$s-tp6jFr4Ajha`F`yHk@?hBzINt z^Ev>R5Yg5(&1E@7|N0?Bi-;Z$OY;D6DKOw-17%eifj$2%jjUY?P|bwXz9>xVn)Zwh z87XBFqYd1oxEwg-$ZCAgO>akXK}(nN&K4PAzTd9Dk~M0;%KeBu6By!yojJCMn2{8T)%|jxkJVz zwLFtu@YR)OlTSmFqaL@FxP-mnTh{$3%HV->tBPDCromHD18+cd9J?eDca){sdTTZTDqMw6jFyTVKHw-bw&G=~CLpYsI%!D?W=itA zf`J$0rZKQ5`;9~>ddWUXa|JmcI+PMfO>i5o&pBP|&o4i)xvab8#NEri#ORS1dY~xD z^{e~nE%K3fHuv?}QUls_t;a8TPj@k)ANP!L%ed~KeWsxq$DWyFNy#G?5cUXQelmDt zh((v%y9m^2LwsY75}_*u!!}Cnm?w~CThH~Alx-K$;O3$!)yNyoxLId8P0$}zuHd-L zW4i`pkn~0+yw+_wyMOkpA@TWhGPsO&k!rCfs9FwMJI@2}Y40)eCv*2y`<#$ATPshF znK@I9UcF{6RYl(W^s_*7gKTyees>g|hC4;B46gdJ7x!gsn*HmJaU0K7A>9>V5|+iK zqpEdC)6>O%vje{%=AwdKGWHzcHlWBt!{RjMy>o_+ZkNqXkt>$+OWTrmi`Uls4iVuVxchwD2&=ZV_+LtV~YWYu(kY?0z+oPr| zmgOzUZAbtiC96A?raf{gZz=iV13o9YRC^GNqt5}Tgi4~0F&knmznO*jU((!$|4aYd zuFn2BW;I?(B#VhTlI8aAI!LhnaH-%D{;v9j(cJ?Kf81eYgJ@y~Lnq;LHNDGc-HLz^ zToAyx@U^PZ(X;=10xI>Re)MxcvcE`_=CxnGw2xoyXga^ln)a;}&iPH5e^`pl623*i zx0wI5$4O*_%5C$XKY3odG z$y(Ds00tgxNlQ1ee;b)n6C<7`n!#|;gH>f8h1$uoPCG^LB@y|EzL;NVNvweo62-_k z@4rIXy)(UbPrfdTR$dM z){rU4Fn?Y^GkGVMziM)mQMgHt0$1+xODv+Tptk>!Z&@beRF66T>k3X?x$)()H{<5l z6GdIgvG*9B_Fl02y#~d#yW8_UKfp2(d5kkVvR}D)>(5ZPt^P!&(O+Ti78W^PJoS7r zWtTt3knaNBOHM##Hopn*{#5N*K4sl>1Kb`*p2t|i7Y%MIvhjDCm3JhJhjBkze@_Yl z_Gsw-D$lhV?ZB__0qd~te;i%Xi)hKB2(DF437N3Qf;ZWdv+KbCHE^Y0K=Jb%?n_v8 zW@9U%Ata41od)%6w1IFhmOGo7fyP8qk<3!yJe8>)6PmoDn8D8sJP z^1AdL#(|=n@j8B`!e2o)HUWrc`uSTr>Q`~dFlgmF8hjwk=I=h!I;kgmyq2wN?J!TNRyX4W?Po8 zkv;kvOBsI>+PhrA-9xG$cQV#HwyFY_Y5je9w(gOeR$=XQ8Eng#$a zHL4>{J&RixHg7J{rU-B#W~l$>)2ZC-(sH9X%SS&I<(swn>!5RQhNB~E-WksS@1#9y zMWRBRu*eh&^{?67p_*ZPm~@;P#70FPpxw%5d}U$@XbzpbRW3LD_|TJ9M1qwrTC}9Y zSe{UKwL`$>ez1_y{=34{iEZl8bmskPs9B_ivpymknio9<~;T-V~n!lvDd+7 z>Zi1DDTu)slO8MG#T*Un17*!?dHx*Z-f`HDCETT#^$R!(+0MVu_pUx&me~0$?b7-5 z`jb0@fpI!?2+z}EhqsTAJ1^DzGtK-QB6Vp3j1?Z!L`KX(m!x>cY^K+K+<^XkACyFe zRSEdI&_*CfBX5fT!Xfjnao&-}^-=8%{&{yH>DOiOWZ9N}NVmH`<8-*_&wT}YAag_F zRegl^*fY_S{iwT!S-&Lw0tXpdZjocQWin9E2wyMQ#2BpEKomNi27S3%tr9=phSU5@ z*AOvCb$PVPplcmPCH%lMrmdGz&|s4DE-v3bykI@~2fB^J5tq~bL?k_+Valr@$A46F z$h#C6hAeh+opPPjObP(-;=9QtNeb6f-zu6E{X7+)L<>Z?*$UW_MTn-L-lSm7y^f#&x$<^Uch=?puO+%9wVw1J; zi)nP->oDRTU$C+Ah>weXm=oB+oo4P8WX_7?T6nQi;sMYyr>9q#7Q}e}TR?4nT@g&W z?ei?|P8YiMP1a~2#RLYWc}I3qkh-9)c?!5kteKw_VSyTrFQslIX-_BxWaH z$OC7$w%t*?kAJoNr7%^ihpxuzn9~W1Z-8ZVVYEp?YsV(yU|Ais{7+Skp2_e7^{=tPGnJyIhYie5t*tIQ{7Oo76$r2g`1Enj`u%{>$K9 zWu(dH2UaIRj>i*~@#4+-wws%ArsN3g@HF=4Zd0{Ml_AS{f1N^&6Q!SiKRi9RW8Ab} z4dgIzd{qDK`F5wk>lbZoMS~`@hN|KW>G+6?WCTVhv83 zP1R(D$wU~27Jnfb_w3EtFB-KgkC;fm2e<40oLBNl=;sqV&4h8idMSJ>WKt=PZpt%w zH1$kG*9u(^9iEUy|3(J3ZfdTGe|oDUnvB#>%2dYnFu6Ut>_z4zaE z@1X3c=pHzM-*358q=}6fF*J9mOs!60vHo*{_a@oqW>h)L%xlwQy3rz zKP2WBO@&@1ZUqHCvI?jf|9r8*#A$Q>CNm`LBh_zO9lKfhZK*3etweDwvQz(uD&ilP z9Y$(LKT1@Y!T9U$I(4%r3mOpE`BA&UY=imnGAf0}Y>Ml<88@b-m1E|p#pCTiCU*tv0W=fwR2>z2l?anlC%dD3Bd zqWaTfiR2^ZKBmd5i>DIV`&L3Us4xUH9{$S2^wRWxrh%bt@CA@elt3A1xF`r0;RsWn z+8ePq8`6Tb_U>8#Iy|^&b}JS)9dh;d>}V5%|Cs*$+ecC!3oZ4}o&on+#7b=ZHfWH( zX-6LY4?{jwSCR$*GBgz$pga?33a)wl5lp2HPA0S`Ve+{Yg1tT;DoUg%q802D_Ptq- z5N=rBH6L8Pp)+@L`nz>?IBMdJmGq(!wXKFJxj`H_uzN`rByev8bJb9;9{c%KeJr`T zTO6oW^ryWPr}~1W4#OMu>ccOA*a8KAvvsD$m{Ey9$9SQziYSQ1(_q~ED6nFm5*{HK z_PZ7v13h!AZ9e^eWiE+?<8&#&`9Vx_*%+p@Tm$^f=!*1W?^$ZL)&k#UguZMpg;1zG zM^9{Tb%iA*^DRu-p4d4lteY+*#c07Sf*$JXJx%|L4J5h|qpklcQjv+I!?$R1ggqT! zph|Kpcy-9|KBv@;tZ%rEsyq5V&vrRgTKX$aK_|lCA-*fU^3;jU8KEqCyzd>jIqz|i z^E5qsCu2$P0Jxsf4N><27RyFkv7a;Qvy#Sgh>yD0UCwQRs`|;(8xg0Z z;bqnqTZwaJnejDk2O)?3vxh8u^~Y3WHOVJB67$sftR7Z_xd?TEeOBwnljqru}UdI1Jm1J5h@%-49b{S3kg*tdRRxx@$o7#VXxuasZ?Qccl?l1>5rkRQ4u zYB|d;Fge;)GktoXG66hACdBR9s4iD3fDiGfudVL&ELupFlv~9T_S5s;UP<#-QSRZA zYKM7)DJp$c#xsHoT<+xkx4aN7#v%k);8R;4S>;&5>UYHw&A(31CsqBp}Qg#ce z1+inm^|_KkML&my)h!~g(5#u9+*ZysQnjUY^=CEB^Y*RPQ)z(pF1LGSG{f*Jr<(Xx zY49Spyou$yt8BxxZ$Xw+9BID-AnrC*XA@3Nd9@g*<~hd+X~Dczzq@c`17B#` z*l9!8XEmflF8j-`up^M&i>UG9Fovx&@agHRh|x39|O0? zHn3uA;)pFbM#1(g*hhv8UsbLPUfXdbkJ2o57oF$0}CO40ci55rm6dK#z{%; zK5ah;;IglFjD0|joZ?lb<9qQY^w>jE-S+Dwde069o|9T%#a)*tKlRZkDK>_9pq#J`5uUK&6y&{Qb@X zrHZ|cs2{_k+hboxRu>kh$_FR2d@V68_@{-4wkf3)_>d;6iPDe10EjWgbb+`8SC}Ts z#^iOm?QNyb7IF79rclR zzA@R9!&-Qc>mTc=7X2ey$Bcu9fP{x%~Ewh4pV>cEJ_;HZ+TDb+4F|u>4te>wjuAeD2MLI$WO)MFui>Mxk-G?B4MEMq=t82T z=thkYU4$qzdhaz6ogfiJ2$5iPLJ|@}q770=bkUi8=lgr^z2~{l>)dnB^PIE(*tXew z_N+Ct%6omv``!Nh)$zc`e)+QGkMR@-Kf#$-C#iEK;9;ndw!85#F8BHJ8=Ti}EBJmc zE%u{X$22)g=k+C~B(Z?sO=6U6UzE6YJw>M{@Y)+bk^PG>#K9F{j>%@_i%rbPB_~1p zF~eIf?rmIxBO^CL+S3;rnz7eE zmYsB_Q5W4Tj#b%IdAyCW6uh0nl#iXba&D+S>U_X_M%t6S(JpY#txE3vTh7N*r~E2! zh-Y`M*)Y0vu;RYEPsFn zUtQdvF}YOugTzkkfx8a*^dv81vNuO1{UmM9GJ{vfQx>v(o`rC^Q$@UBwL?Q#ctuiN0c)R0jhThzFgiZ z_K`C=b*)Defs_VKlF0%?|90?~Ocp)FO~GX-72kz>sn>ps$(Ibeg;9Uz@mfWNO*hlU zN<~GTZ|m@?LcyenjQgGkq%BB)Pb+$^=Hk135*7I=1uozJRmeB~PYata0Lk77#!YQ$ z0RgtvUq1gXsxkB*boGb*epR_1-ay90y{A{Uw4fNfH{d{lN^6{1s+#EkQ&)0T$*1HR z|Jw`0|CBATtH(F2oIXeMb8axiIbfpDKx7zk9W2y2$K> zYK7B1y}sY6iU0MN9sf%YIbRB`mf&#W?$_9BJ&|eQV57+9XD%3wcGtB@nBI9vZkbl0 zAxq|l#W{hjwf|#v{r@(&f%d=C?708EZ{y#6!k7Q>O*?~Nl(brqGRMEV-hb_2&j*%| zttB~H?m5=EI^7gpW&dv-=>O!|FgQ@ThVf&Z>Z6;ykO(j{<7MA>3sya3+|1$aC%ck3 z7zvESm7LICOO1m8WMtx9zi2}NeUr$PRKz7=xSx~}X(INh?-%V+-cY@}BBMa(@@1q^ z|AivG-g2d<zt4>3(Yj{oU?PDVRD0iuW`)x~eL`iAeH1H7&D}Qhc-v}n zOVB~o@?gW4IinPlGeYHERaniKA}ds>ALk<<*+&O{D2XxKCue=|oXr9({9`=r}6=2mA%FyqMs$Fd2>W1r@?JLcYj-1b@{_sj$S4GsKG9^#nMpMY z$2Qhevf3IQh(B*pp*AA|m@q+b@eE)PzCvjirPl*8>>8*>*3W6eHMOO_JOU4GVLOD@ zpK0#Z1!s7!mEu3gq(C<$U>J(eY~}J+TO56=NdN?}Fc>rBZ7SIdx_uaRrpZ}S(djO= zaS{*&;CaZoj0|lAP7#sAkHgCRJ;OggLLUz0lWgWEFcFUPg?iXFQ?a4sv-M?o!BatE z;YJ26JXn{CM&L}W<6a$o{43^yj9}=^nsc+C$7nm|d}F0lhWpqbHc%Il0}+(!pd}Rz zY5W@u4+X2ld+VsVoFsN^@Kt4kQy~AraY;K;bVXD4IT7!SB-839a%K-r@l9N1@S7B2 z7RbeI!fEe*APV+}HEDpyT?6F(7b|V31MwZl#?|Hfy5L`GYMQ6!`nNDhSfNZtEQ8>J zGUS}c>96KBJ*vB zp6;v0LH3b~2KeqhBk(@e@8*7s2cbjBoW}um(5Ie%xbLD z7f$}NU-O$ZN>>&Ya#fobjijcDX!norS(vOdGI_^vh&=@q^Bs)WPmxEyYe%@VRsg^N zALt>cqhfy$IqX;?#`M+pxK(C40L}k9s|OW5NzD^LCr%E;jE&YgZv(c`L5$Cp)-zZd zT0R+7!eRgnRL2?MhJS6X|Kx}+i;1w48A{{pI>owDnfr3?yRtbog;UNY2@jh*NCxN8 zr`1<9?|_iHv4=DCrz^$%M_}aWWs-{d-;Fy%ru^((>#oo1WA0m%|KxDG#9UV?B zL#cbBT5lvCZ*c$uyAPj9W+z-|E_5NgD?Wb%l*!>3ZF+FYRazkX(Xemt9CNp8bJLeU7+xff{t?DKJBG=~ zkh(313PmYfPHnwdKdR!8S()p6;wRvdOqvm8apc&rYg_;rCJ0#ybe0l7fzKT5JAjGA zI6%^gQ|uK{yk)6sy&KELR8;$Z1+K^Y*y@916h&)#De$eClrvv)y0vJjl6e(-lZ!-k zG9NT>@T*jwAFopSm32K@R>p6|j1~YiDJwvL6WW9iMmlFt>cu+DZ7uSAvgTVDKnCTN zUlM42V41e>S#!Mg_@7b&fTtG#sMK~d-7dG$DSIe*-4$1v`xD|AOcsK=DOAJ2fPVyj(a>ER ziquu>`6|K?#VCK$l=6yQuoLz!V(R{Z&mO>o_$l@zmKnIOg4~(Rn(ve%XJG#ASu!>> z-tosRkZ9kP-(Wb8$|yy$*gk*E>(KfgK+%=Gc8IrU(lv>+N-C>rwKJ0I#?x!k0){yE zr^03&W5t)h&VvB;Iplc@Ls=6j77-ys#}?dgkoZJ(4SS`%10SaIcYKK!zym&``kO!m z@ZxpJ?Yxrx=!E4A#KHMuA^WFI;N`-O)2$T$gr^koGA(fr`3QiP<{8s40BP9*B4axq zkX2I}425a4pW=Pay&}y(Zwm7UGNj(;zhlhP{&fB9m8Sb+4mYYu z*V%~Nr{r0S0bpRvAj?*5N>#A+%kUcHfhD|=5WU^f>YQ6?KOR6e2f${1VirZE0L%5Z z>b7RQq>>zBB*6An*S8QN0d2v3*CYXq20@H45z&`pejQo|*J)15^7jw_bI_2fFLsf` zuFx7lGw8b#6HKJOfRP(3jjSW!uFe~P&kdUDmAkpBN#7Eq(FdCpc}a{Nk*Jjc7@!9P zXWzSjE%CN;j^|F{HU@8}z$3qD24c)bl!2y}|m;fGg z_{adNEf?|fb(dFM?(bcoz zNX?Ev22g~HUI&fSaT(;BMuF9Q`sLge%EbpR*Thcy(UO?PzxX%8eS;S3GL{DlO0fKx!d3QT`qF<=@RoFIXYf@V-~12Axe`K{>cXX zgFzeAf~38lCj3#!Blt(^pHkUhYV)yAEs&>ob*{IL6~*86rdkYM02nSyQ!{n696xWSMvC)kr{n#m zeMq&%>z`OpRmCp&7U?762$ZZ|K4aR}gXum>PUm;M1kMvxHEB8%v!E+=)f4saT4nwG z8}RU-2!ws|YmTg{9L3T>9WSO;u_>oFzwb>&fP2p&j0Ei?rAFBUrz>RG7>Z6)m$2#b z1Y~%#USc3xPoFzig}~x^;jZGE40)594fsL$YD=@e;CAub?p?gBP$Ycnht(}OwbC+b z4Nx|jeS4WER%NnlgMk(5jxj-9S_)#+``fLCwZ8dY1a;t>m`<&f`>JU3;@QuPi7_Zj zi>!0HG!I1>qB#DT|Lm1&YW2N{=iYnMg{PB5W;V?c)Td8q&Zq$s+ik}(&pXGJO+khl z3&&Gz6fBqHkITD1POv}Io8GYdQVKA@sE-;)nXH3~?QfPB{1K5kI(xRM3w|xGN}u;P z_x~T1z|BKkEJDQ{3ox)iV?VQf?oE9HOa82Z>E%l(bU^B2zcsurAHux1s~E;!@lq`6 zJb2FJXhU`KcJR|jWS-AiTR9cp3}uE$P9bv1bbM3BA8B{qRI#c(%DSPy3==^C)S1j` z9NNnvP72Xl>vesf=+J8WNT&6pgkWK$+2EOZt{)EM+MHW7}Y2_bL7 zu>~j-3afW~e6?Rb34KZ%Imr%rfYJkR6!)?~fmezjo@RJ(`QXwV(k|a0ttl~X)Z)zi zV~q`g+%RT1c0QIpedTUKAMK>E5P}!mmg%Mw_v!uRgP+rt0!$%a37Fm|SYlHXPXGwpap$f_s@|N!BQ#5ab5-=- z{ZtU|S$KPbo{$p&;0s{xqh!AHHYTLZ+YE(6g`rlD88Qgx9R_4-@)wB8!4M-Fb5X3T zoBdnpHod*OzX~1e3Rlc8ykJ`MUBj=}^8K)$iab|;o5IuDkmm-uGqC1wOs%gZ$@J)#<=GaNQI?l&*(x?%vE3(npR3wmrOAiF6-8miG z+7Ees!yPxBq2(g34ZrdYJ63n|1z(mU@g{YnN;{npA%KUHQ8qkQS4}%2A?SPzdA3C7 zkbxr+)rB_$B59r`n0z?x41Q>$(Nc7CSI+8JR~u7XaD!!*#|_Vo9|cGqbGaJ8U4#Ap z6I$rE_zUJdzp3jJvIg3JX?;u7vRS6RxCH;?(pWI{V^0KV%qX}i7R3r<>QewzU!!%e z^YQ}btbRjWfHI&i*Q;+#2hcyUZ3F5m$r<*2x4I|}>2(X}@iee#5vyoe1_DRjK6XfI3}Na{@Rsf{T3Dyri*^ryLpC<&kO7Hw{9)|l#rESXy_o7paX{uk2)3uB>r6=n|6 z`diy-Gv6*C{A+7;t&a8?VVWoKl}7#R6in^7oSMtq%i2ynQ2+xC^h)2D$4dCMhKfsB z2qO#ig#ked{x4HYy$-t-x9e*idT6xrd^gT>x2ID_{V}3p-g&GJ8xQA#`hV66W=50E zY8n`b@^}O*-5qy6=1DX~9|Y5R@Ql*pShL@$X!Fh%Z{m{1-VijS|EP`6Drug51HE+KGL)BUYA1M)jGGB>^)r!M%FsD^R3Or zB_K#pgE2?|k(xYQZ`61-pr`Dc`saq9P+h#M?BN4AUVY@q#iOZ2qIiA5SxU2ZtV2~k z0a?~A-nAW1U|W7~4X@B@k*$8y8bTYH+NODHt~#VDGTtr|${L$k}cJs9VZ)8f6MuDT5gmq-k0Xo)K%=gTP*rRmB`%7a%W zHDz3Jpbe?XcmDkfuFJ+!j`b3@CEPD|FL^OS&;rmD|Jy*02zUcVavIYihf38DJ5=|W z)$I!HPTTu$tKVAalA{`^Vxs#@82JP%$@oywnb-nWYxnmsfP1`IPwNAu$a-Lc%(LCX z5hEW*BW{zd=DDveYg5>`bXlt#zc2;&VXFt+8YjfA=b@yVxi6oBP%Rc2E!Nn0HN#Rt z+g&j+L<;Ke?~`{f=RHnM-x~J4RIU>jC(nE2 zpc9A?zzcM20(l&GgQ%NZN?I^}t}|-tB-;-q*6*(Qb=4SdCP!=T?NsUm-)2QS4 z_-Pq{VWir|$7>#+tSvMqJb7XB<7llJmk3~uJz+ULabA1RTyUfrodMyVzAqw)^B+kq zOn0QmPc~lCYww4F2R;lChC1a}Dn>6WqB)Mqqd=>G_noj!iS}^S2Q@>bm&z}3CpEtl2(Mn;3EuASJY062*C1|HUyT|*`p)EhisH=6t^>qXQr+M=l*TD%^Qb{n z(aCAI4jpw#&d!Hs_W9tm34CQY!S;g$;YUtU->Xa25KLr{#%F zBY_x)XRN!<6{mS}dtUdgD55U$*L1@YxfM4|9&p{wmD z3hSQDs7Dm4uajhgv30pJRYFd()UIgfy?xzzR`dWx z763KK+#@_Pm=vmrlqy(yZgC-PZ$Uy3BLh4_@TGm6t&pC|DQX3~;K<8HNOELxb?-&x z0B#~{Q}2XlxW&&=IystF$<~a;R8b;TO^t|bmz;?WRC5cN-*!dse!T;VR9JsylbI@(` zzVvw=I)DEIn0JUoO5Lx4;83i_9d7 z>(<=xnFCi8J0w+v4Z#H~BoGwkYiG=j8Q_B0`%Gy5-2{D^WK9Q~d!f2JI<|X|Qejiz ze%$oTG>a}i@8T`~w1{sF*=8e0KlUFTMW}Z|t$D@EO#7X(d70MSvTB}wC^d7>N}_Lwfie@-W{ln>3??ZY9fDTgzlBw6yiA;b_|?I0;qb)hIt z!l@vTO`x`|zQ_s{6X2ZYrj}IFskHkK67YUMq?O4IejKpu`1ng%1En!$WWcld#xl*S zQae=aD52p;$|~AeeO}OLo_^|M*!){nWQegLO$6I2BaX!T10UvQhphbdvW8Upf?4{o zy5opn9{hIyPqQ?UY?Zjd3a&^&H5+Gs#a}D+cI~<9b7Ehh$$U~wf2mhPtKxY8H*RbE za`(~Rs5^~;7wBBTWW&O(lbwnxIXc>cLq(p(c^kg@6H2}0NK54$ww-eF5cbuOHt1o3lc(6Qyhoo4#K8_x zTHy~0PK3#MZHacVa=qVI}@m0XZsnWF@0y-H#5=4oAI^H&Fm0tLE8*yjQb z+lPl8cW9azb9ZPDa|>Hj@izddW5*w3YUwtOaH#^72eRY--#QFRF19GvHefj_WpHi$r!mS(*aKbEtiT*P>I&N z-<#(Sr~yD5kv&WgFn)S{JLEv8CASr}KZF6)Va9L(3J?&h03lsB3J0 z37&*GgO1@a@NhxG9ft8cWntpe=IlH)q#j6*oA#*x-IWWTxO;g}--FR6Adk5ZB>MtDP9F>FK zezKWKkl%mxzgpVBQ!%D@rMzS#vEoyEIZd$KDYcTBc3i=(C5*YdIosDZaA*IbzZLkG z-*@=m&kO&#b21k%LUA#03#O7Uc}5T)S?!9mB>yf|c))oK(7fUM$nO+Rp)Y-^bJB$B zQ*>C^irYLPrG9+~=dvatCs8_LtIlfDw;J?Ew2Tygt(%hFFNOGX-|@}y2;<~;2|t{{1Chd5(YI>dFRI#qV9BTm4ihZ~TwP}vfJB?kO}386^iuz=3?LXO z4y-?z-=tpOVwdjnO3zVRO%aT{PR@h04fRWVA*14wZ$6Pz zub$!?*Pv6gC!zB|4Wu1NxeJ0BBl<+1JxtOiTC-IY^?t-gWv2i09W; zEzrw#x1dlEP6)2OB`|mEW8Af~3C-CgRy;o-JY>ZYzmz7>3%{8Zh7uH`VfmKMpLrw@ zNVTGpO!h{?pB2Rg5gV6(fs>bBJUbzfYZT ztCZjEPqo4UcnBqAFgWWs+#}gM8M==`l$u^yvd|)p+xeXJ4+>IwTCIZ@Dr%Y~LR?4J z#(>7&1T`~@>WxgrXn4=#$0pvdJ}ev&utq`_=aOz}HY9Y^F98&Z?trEehX8E2e&lSC zTXQP+Y|<%u(rMu;1MN`)07WcJWRRT*ij*2BeH;Vj)-s;)37v5thyEAvbAZ~HPw8Ue zY$9v7|8AoYH%A>lf8<&8;r8MO_u27uVRF+oljjU&W`kQiu%yWDuQF;}$G88=#`A*v zpG}(PyTBx|r_po-2mqJ3teJjJpcYE>>S6V5AY#2V33JtQy7cz~bi!Z&Y^AZ{B^ z+pccN1|m=~N|`j_ubEP^4DS_w;n*zhFKo=Xji1K8&V8XO7kp%q1kGSd8W{GK>(-A2 z!hHrP2>tkH5$7o{fV(W_3KTrYF@E!9+~q1^ArePWN!0k z`vldTxdP7h>V&Z zj-2vsruX@~0@AL0oo^ZO=+bk?XV^D7>HF7j^ytzW_&vWxwo<>C5qluQHg*Py=S)gb zgnbk#W7hkE`=cBsvxevv2Yk`|YLg5}2Hc#pCXM{5&l;b+le@W#C3Ab^i=^biFrhuR zB}l>m-i=poyAT3&WK}v)kd>KCD3O@2Ukn&<34mY$;O|cNwf(IiQ$wxx-)~EUJHceW z1MK4OHVdbyDi$^K1=1E1nR6AT74{8^S6BUmD79v-^NoZYyn0Tgu>SH`g#J+fJ}Kv( zo8tl=1EEo-_<6|NF?T6I*Vc+6JIl5CF+zBSIbSSWt$>4O7VJu@A{B4{r<2Vi2A^~kuj^v#% zI7B%F7Z1o;h3u~_;t%1!IbD2z#P~ntZ^qnyR>4f=lJP-N1^cM7 zHs~c|1Avja^ScXqS$yFiXHl^9wo?sUb36%_3B1i5+e()y39QqUF7&oX174T^Fv2cK zW9XD)=ozXmqGiy6`$msElZ&wfIYp7y5NwzluSb4zqb7p0E{=k9ux z+{{0T;S4P|6_>66sTBCUVjdRvFYC987ieny7Ei=B#sJh_4wGHr8Swtx0hyNyP}V^( z6&HINX5Z+c+eVhgEF0TcHBXTK0?aXd6VuKTnL^<`woK2E=h_Dm$q8=hzGN)Z{g^sL zjUsPoApq3<2oXk5h;rl&Ge-q7FyF}li~v61Mh>$lGnxJ)1@A$=UE0s_^TqAG4^$`jj)={1Hd(UUfpE(dIkKrf<(Udtn^o`iBrw3nZ_k+11_PeHa2DH} z4y+ELcpGRQ=5kGdTgzn~X+a7?teVfs@}Rm-JWLrz&G5M9TgZZ*b?AGd%(W&Vjw>_E z%;qy@2?5ZVE!i_U-StC{Jdw8Z64I<7VHC5}t11Y8G}nL&Cs30YeO67Fj6ivlWLfg+ z^hTp5rNwh$8isQ7V=y?_k=gZ1L+psmisRJ`P9TB0wuzT2&s@8UPL(}}9{k*>>PyLF zZ|W6Z)peIE=2`wi_|UT8FbIZdp&&&6kAp{es0fSM2iN;Sj0tU9&LCc_B=3eac=knx zn`Tzb5>{-%EbsH{tS=Wnz;Ob&F!p32Z*afTWd7>556CBBxA1Y5Vq7yVMir8}_nW3j zN4{xCt`0vt8sXe5Nz0b~d}}RvB{B??&PJU5=T#@2`rE1FMHU3I?q8jwB<;dYQIwaq zx^-Jh>n607Yrz3OO0ANNchP7jS9GaRqIk|kWcF}fF6r$e9!?J_xvbdQ-z8uJZpgra zrW;IJkpkDv^;v*uI_1LY(E7F>sC0u3QQ$W%LBgZ^3gt&pMIxD0OdS8!F=meQd8a+N z!F?A_2N#6*4B5T17`V1A;+lz6gX*0h-zR+XJ7@*Xth3k_PcC$>$mIh3v%!Do-D@P! z*Gh)-L6B%@HuVwwy_13A$D91&|1Iy3{k4Eck6PprlAAF&m$oLQUR3^oOawtTQmC|D zq~cqS46UsmA(QxCdua6}^tu5eHY~y3FQk+*YpL=Tm0t}22LLU@WLKpq2VScj^4l0_ z8zCY|ur0>E`fo7?Pgk|~>&Qf6T|sq~70`R#p}5WCC5kBUfGsrkw9Pw69x7CQE=vB9 zhXMady%v^VBm>XMP~~to1ds_OX%ltsLiqcH4mfbHVZ_7G^z6$CnSPg6fNo=ii5kyQ zU86p2NQ|TYv!0KRFDq>^>5T+)E!CXi?rm%Kjm<*mPu>c~8IP5BP_zbO=nP)f3_0al zm{zT;RxM_w-iTh8^&F@%p5Ap*Zju|2EQA+Z<|z1fK+V}Q1@NE1nrGMlOy!aVsC!g4;u|1VN1$L7)NLeQ(!nA=5Zimz+10DD%BtTecs zenb7*3v#g6p^P1maWtMmS$j3j_7ziR(sT-}dut#)vZ{p@9E81)Sp%@;w0)0N7|lhN zFJw#0Ag~xw3P-UrTS0KXHwk5+{J9BhTWPlFFh(~XcY7<((&InPG``i%SotKsyd?^oh>l(^ zU;_S19~RDPE$@=>D@tjnhpbAX2Qy?P`aJKv;0Dky6A#n0pkKO7lWG1Oz^bH{6FhpY z?k7K---_p5e&5`kZz~>V5qp}3FMf&WA9M(DJsCnCqMH%xy~j@V@{1IL2||XJ@7z8< z9fCj%nAa%(w#j_9G03YUEz0R{@jR~8pVnG6v-xvr}VcB z3RUb{h{|s*N>3*t?h0gENtBRQe=5K-%pyI@di4jHS`W`B+)%es3I`AV39q>d^}&Z! z<5PrX$drmv5nclEh3Smq4Qr-d{u4|ZWYIU3*an1*EM19+dl~K|!4GP1_8!KV+%z90 zj)#&tzjJEPXEwJsFJXBh+WA)0I*7zQ0Ul(dv<8H}j~2d4dQxw68O0As*5<10McS(v zl?O_2>`mThfmS5=yHC4%3a8$CF_4QZEZiW_NAf}lKf98Vj}zo2j!NZIZ`2YC6{{=y z06lU=sk^T{>Cg&=J`76iM)v%SQQ9G|jdJ7**+KvWB1Yc_q)=p@t%xhTjl7cec)ub) z@CbIL!dLIA#>Oe#?gltQtW3V{NEH#*FEdVRzlB@CGnVU8(g`CqUB5C7s$nA6Qg;*R z-y}V6n0Ex+A?5 z;DHqw6M!+bySBD2jdR$`4wHa#0&pypO(eq7WM68J*=FyB#_v}N$}%PBXoA)Jldr8x z8u7+Hr~jlwbd%MINK{&3b(d556fnO3xRxPM@*g^gLZ2jHIyePVJTdlu60r+-WqoD% z^*U-%8xW}f?zP9Hb2+wtFz!ul?I#eHjwkZMatM6S@BtF|U&B}qy)USjo)lEHb$ncJ ztibNyD@UR4w`R4;?nBHy6hNQ&M@vGO=^5C*7_Egsy|4;A6Z-0jI~m6Sw;x1nK2lfO z28iWAf#nr8DDQgPbsi3T=f#ZKDB&CRHX0{Aajuk{_d-MpR}I*RqUcLK0^b>T&F$yz z9b)6rlHa<^Ce^E<2`c}E9&KK&&p-r zx%lq&;i~J;Lgv@d0zz5wVyA&XLV1kt-b3Xifea18`F}6dNwxoFi{-@sDE>mfF;~q zDS(syQs?o&c5p&BBM_`gEq-9vL8{E{UzB%l4~w+!C2Rbh4<%6%oF3ZrYDGjuHSgfS zg(x&6$Mq8KWD8EV;{br4QgZo7Oi7?q3SW1^*Rnqs&rXS0fvnUYcshjKtL^i*&P0&g zIO))?c;f_Gma;4@pJ~UY5dwgR?BWp=>z(_8ctYW7bbyfEJtRn{)mykJe(5>pu@up$ zYQW8TQv-Nc2%u4@#y4^ZBiv76Q!7WIbnrBQ3ApS+?V(4HkDz!LjAn)D63k7AHwy`3 zFh|b7Mq0NvVN(_}V1m)2H$jDt7fkqsX^h(_H9|!rUk3&YC8`!R5RIs>9eX+-{Lz9n zGe-S2Xfq555S0$5631NCVPm%U*(HZSQSheH+|bJ;829+|ViYJi1fLE=Jf&{w2LrRv zLJx&=kk7I6StUoMC~9=-igs^+_u)eZ&PQ~+OykWOSA-RQDS(sAf{ybHmawSw%N1Tj zXvKMmA#Me2yt3OMUUEjndthX}9)}9V`nU2;Z0XB5I+XYdL<_eCzeML=-~ZdPa6%AP z!UF^(T?&PPaUOHmY>%x2K@Yl7R;W0Sr6xcc8>2=_A!x*%R-HiMs5@V#ODH2Ob~VmC za7_M|*YF@Nz8o&$^6>?Nga`yE z#Z3Ju3t$w9Rmxh9;?)tKngNyL{t2!7D(gaKP6>oOK1qNNK@^mh(<=S1nU@@1rKIZM z07b#J==zk45G_*{XW=wmRX$ajOrN&5NMO0IEJ;7asXT2FpB7m^Q&BB_sRVqB2Q&f3 z%QYQd$XB+v8WF{sML7eA^w03uJ1V+N*Dhp(k7Fp5@_*vp^#25EfoJ9LJn=wPRYnqx znxd0e{&54TW2hhq`u3C@rlE+#fFx`P)wgJR=U{ zkqD+5&87#YPTqo#MIqcGt6#~DOdfbrC$T>i2|*+-NTs0_t+U;2ezfYo1Y7B74K#IJ zAzXL29p)8a+;M~w1y<3_(x=lc1ETA2CQ{M~(T=#USSUWm8I0wU7| z7`-3V^0WN~25)axZ*Z>|R}80K>Ly@GRq%hUoKm-K9D-z&p(>wfsU;2Sm*u5J?8tq4b9= z;1RLB`TjBp{w7cE-lgiabv>296P~V(#;)TJI}YHCIBu7O#7IzX>7`-bPz+vSVgkQh z{_OD7GU9lXLJx>dae1hHLsE@(Av*@LG7TA#WIBG7c5}co(nHuzNE{Z- zBV7Qazq-R;CgP>5WvNMFiw#pG$Q}KPD@$cxz`c3Oq-SF9JDm3Ay9Gs?uTOSpbi`rT zBtG2B#u0{11a6 zZc4Oyjb7W5+WoR=wtUoVl$@%TCX^P%L;9{@Cbj>rYkfmDkY44SjKFxOYMu)%CRJn4 zBq?^j$h+e*%AETyca}@XZ9m)y7|@8pTZEcxV)FG4f+2qM?+o6n#oSM-;CYHer({WVosO+>+)A?? zeW|=VNgjFo(xtQLP9Kma3}4DKSLGW_)8f~G=<3UVN55rAw#Cn1^c&5`G(AI($seU2+N{$iaxG}cw|E=bvJ zAWi>|-~d2t+)K|~JIFOZK;MS(IT;fQNZuxBQ%vr{WqwKhe4IDNyPs&3{j6u1-@l}=riCzhBf zd!r4ItAQ~oKN+DwOx`=qCDT=JkkQ_?&F^u+^@+S7F9Sl8w#z6GsljohETW6!DdmMH zxJ`m%okp9yehp4lYu4_E))Vb|sKJ{ZPvM0;uSHFSpk*V%hBO?Fd-29-U%dJ8*?#j8 z9X70>_SXU0DKcN^?oNTP7ENXdO67W3kboYlZ@u7huhhGhmbq}Eadpq_M- zpQX}mdm=Rc6^g3|sZEi>QFgp0^93#6Snu{r)1kZgS#0+U8+rjwgc;)Vdj(PH0Fv&tfKdAU(q?bGbPI@~^*&QD01e z$v{dvb5jKv`{`9J{v6qZ9o=zdHmMZ`UmvZoL1KvGh~y^Rvk zY8m2tM=}v+AtMaCRi}oxlw>id+&ftNDpwX|sU?6_rfskfBp_}?EDtWR#8a+`;V+7x zU%!za>fw~*>1QrIob>F^$?4y2Jb;(I(?e5=(hn3!VfFUotq<;j)ee8Ki<;3Xm9*I) z57SJYZzUMhrLULY-1KoSI?@C7YA6+q8oxcA=y~{swAr-bRJCtxEMTQh{NvD8q?Ww{C`!qWX`8pOm zaPFxt%@EV({AnJad)3}Sowq_)^oM)VcQ%vzK|q!HfIWieH6Klm7RMg9Yj#QA_UUYGZONGv7M3By_EKup5wFrDP?We*X72 za|SJt-0)j{EIZz%D8JgQoj8r68v4AFe99 zx0-^s!Td_y#>y8O;E-e~^9WzQamAPBUF%}tneVwo=JPo(*m*o22p`^*+Wf~Pq0<;BLkr?&VM>sz zL2cf!CB^rBDtgiv%F@Ac;CRyH%3jy;Ha*PM`trDYU*fBLF%cq*EW3aO^o0a?0RN~3 zF_6y-!Za;hcqv1DPZyqp`T61Q#{wp9)uR~9r(xOQeE@SlT)7>Fu31rE=V5VYbRmTWeh$)Q>JMz`H!4AGBFYH?IGW025 zC}GbBkXR1hYsc3}EU|jv`rNNfJQ78db6A*i%sGeU)U(d+$Yray1^qG@1gQVRY_iK#)uL*7O!(iAc^zQ6#@$78~-4 zuBF-F5i6PX-NMf;IGTm72-jWZzBIzs1^Q9kA_5o|NSSzb(~q4+@GqWL` zgFG~&2W59O(NJ_1JlIFfmmksc-C<}Y1~`}2T8}p^4h&903j+PY>rXL zvd+Mr{a>`bcTiK|+bz12&}*pD3B7luBcVzMQ7MA-UZhG>Na(#+0THFER7H>)I*3YF zRHP#yNbivBlizpl-1D88J9F;+<1!frLSWeQzIpe0*0a`n)-$6Ar!J~IQ_Tw@l143o zfO_VhQOK@6XW1ISMg1LJFr^1lM(2-5EDbl#pAVhPmj(5@RXKr@ykOPmlfcZmPs89G z5ise zjW~QnitK!TdQ6xCQzkme+kE{N?Qrdr86uoZO4bPUvN6KMA3AC$k1&>d!r;NPGc3#E z+{r?Zi;GeWuxVFxlQN?hejzD&)C?+>5v7>MU)t}vPFvu&JQwDKz@cpjoF39r1FJhd;TFqj zT2A@Z27zgQBb)%Lg_rPiXy#v6;#n;F2rs)}}Mo;9Nn~^~gh#J-; z;N>|>PT9?#$FZ4Gn6PnlJySS7_kD@#w-zBq9)-l1f!IgRWd4uH&Gv4*eD&rLf&<-% z=Z@~1_yf@-USJzdB6B=uZm?)l8Jw{7oY@0gk%9V$KO(@RURb4*24`3eNug|>J5X$EGF#a*|DB;T{fp-}@JMspj$hW<0taju#|*Br_O zaq4NlG0{QxdvT9mfRnU2jm%%jKQY~3Aoxk1@a`RNvm1C;w)DmE9&6n3r#ekTc2m5s zu0K%IyvjiL3=D;!84x;Wf7xk7^?UR!ewp8=6juYsG8yd=@r?fB2QB*G0xy!n|DTU~ zux^>tW5`vF!@SZ8f3oR>u&6s*5`*L7f ze(aJ(acnz#aYY&5hi!u&3NoH|#?&0^qLPh>^+zN?Bqpci5!#ug3TR+nwzWm zB?w_(1}bMQUL7#*1$9yo${xs*GXk<_OR0AH-=~^97@6`*;4q??g_oRmcNm}!0*;S^d0#q z$=)BdhF2a!THBG>5tLe#N&l%F@s<=ZE35M@IfJpMG^PC-MFNq5p{|SAT<+(mq#Q~F=Ion*!g84t@Tvf(JcQUQwMEQ5(!*CrgCL0HijTy7?eZn`h%GLG!>E;}>5rREqA}gy*}a_$TW>@-hL%&@MK%v{eA1 z5oNPSMlxMZXn-zv3D5i%!P?1q*w(t;yTU#jGR_?EubOyATXdI`@Xlp$+%lt zjd-DSwCWp^To1=08TKsj%vgOHWp~+7gUMyuS=xA!b71mClAlb&M4ivyiIqYz)FIjL zH>PX_!D+F_vdnMtw5n>B;MZ*y0jtc>j9`Ogu<6$X??b#`^5>>7*O!6_zn6)(kqgyb z(pMq0Fh7M)6Cd3KjT1WujtvhZ=-F4+EdNB^0u)ZW4SD%;?yszwt(%B`0DveuT>=bn zXYe4y6(-e66v~bPG#{8OS+BZfuog%#x84yySpd;V2S z`d$$j$__0Z6!-+HMg(t;<^SexM2ELv+PVs~=$e&5_95x+BNOM*g1NtZDjw6Fa9~fD zlE$#$gywSqziv^fa09svP=^PeQrXc4O!!H0`R7&((p4&qsjcGm}7gJTi!n$bd z{4xPoNd7P6O)0kiPj>T2SX5lIl<`eXnbI(D0g1PI5wYo)y^UPUUuG{dRT$z?8fE-M zq+mEooQfd{ROHZ2VZ5iA+peMbh@5Nm3$x2X-BnW4!cE3Hj=nv zzb*VP)^UXiAqvg2Zp!4iIdOB92qVtjb1Gj>>C}JIjvL$NE?F}k;2lg-Rj}uifCi8V zqB!CB?ZRR9qR?rI+EBjmQ5sm!)r30`N0~2I4lX8w^`?$RY0K@R|#TNzsl3tb)8K-oy8(;2% zzs?DCp@Nlc(P_xTnzz-oVX!?jO6~owE zY0azK01}?_Mk$|;;mjU3?IU3dy465hFH*xo1!>h#AgsXza4BacYtUCPh&rLJ2~upE zj@^imvg}J-^mI@f{s+W)yDxCJbK)ccO;?fJSS~Upn+@62D$9{@wBi~Pqo0w}1PQXUQl5sT7qqt{EV=$%VV zp)pol-DEF+w^1PLZ~lrg0YPNF>R5gR!+o(dLJ~TGKN&^oQV!DRhB?oi|5)GixznOE z%ha;m0G^fu9GvHX0|3)7(7;)KOMSt0!Z((`9n#$2GhB1>TpaQH#*BGjRFUrq`5HV@ z-IPMloA}d(-yAU=1wyC{vK!z^0k_J(S#z)b$7jHl(%cC!&+C!3JOCe;|7mS$X?cN$ zlX`jK=e|6>CajBid%ex25}PulpPR<7yB8qVB7IKEB1kb<0ZnXRng_*rjKRMZfdIIipQy3_3 z#T|#tG-lQ~aTc7Y2 zxJLjj(8Q~+!l`$i)%pE&AtDHcf70OBWnjxcnk-!RIkN{fcm)Fg*k#;$s#}(lp>q<{tshQ{5UQCeU>W^2;3k zPst&Pp^jO!?ISRK-u?|1g;zhlETzwu->cnkDPx&~j7Q8+<*w2C+VB9bQrh=7^#t_1 zuxr^+Th>gS04fW9XMhz@wS{;IK6Jyt1yo%!{YgcikNB+^mPD;6Mz8l*>aK)5YJ=#&V?1n+g?vuk(1CxG ztoYu{AQXTmbD+$&oeAxle_R~258U2sV-iU*%O`h{*47+3z3T04U|Y(5`inAFzzWl- zr5SrPalo+MgF65y`bk%IX!`4wTyCFBIcvYmojb3jn11VNF9@OSbkH#C0AVA1l$ zT&Q~c?5fZI_U~|Nk1)44TYRF^04eYQfCVNm5xq;WJtrKrgFm)S{Q1x*HTxT+sxRTC zGYA%i;(?dnBgnsp_NzgQJ>Z%`43R_WNB`NJ@iQp^j-JPaH#;(w`+uMFW2zf{HBPR5 zr-py0=3U@AYCac@NfQ1U3&z+RRY2SY^kbgdJ!7 zNc$ z&zy(0Mb9pzTZ5iFg9?hq*=K+L@>kVvEAnY%l0G`)q~i;K&$1_BAf7GBZAiovM?EEt z<5hbowmcQ;q_SN=Tl5^u7@RaI-rR17VC}<8ZG{Z(JKp`;1;Ds4aFM#6cuqrdQHHIg z8-0Zu&t8+9&EZ=VfV!37;3KVbVVg%NaF|p9pl6fvk<<9Vvj3Md>wv`6CW_rjnuiz> zmMkuqQHOvIs0b2S5>4H@efHB(pO*GeRO7X8&t4(EFO6|Jr{Ijgr_e0I7%*&1pS@Ua z6=4qUh`2i%o4Dyzq z83j6oz^{1@8c($i7)q| z05KtzHRaUDRzNhH)Enod+eD25_)4_fGzlK$RZXboA6LABgf&y5gsM>QlmpWB^DuAp<6GuFFu~( z8>i%C7{Vm+cYOK9i%}3`>&Mw2d)@-;sg;uO*Sx9$1c~P^kBL97;l&u`ukx1;HUy@z z#_Se1=~4;Yl*6 zp$EJQ0Vt3*&LQG#@@U_{!+LCSdk;;6DYLI$FkwB*eYiJgjwXZ<`G?7R6jTswd@Jtu zrZ(`uuX@x)ArwdNgBuZFNqKgGATV`B+>1=R*P)7U+nCcgjq$FY??hRqK78Da!h0Sx z+XmT%(cgi?3h}MVv05w`fawE;2%~bgXiO|V|Z_Mq) zqa+fj9KG|m6RPc~#lww;*3|H;vNo=udLt(%%lViUc^g;8uTD>;bZ4~Rg54V5!K1a& zO1NsRle3WPey3r){ii$cSDSLg*8v)Kb*A;ANAK4;vEk)dwU8i`n##1;eEEuY>I9d%?jjH2y+v!r^={*P|#>@c7_voX{qJC7bX!UIghYozYj5zU z&fn9KJ^pW=)Tg1uN1*{K&_BWsXmpvogG~4m(TI1}`V(*&@yN<@jR88&Hwt#4iLPi* zrzXIdIl~FFSCa;}*I4wpd%)pTc&Q9CNlO!hEge5=R8MHANl{1(ZVB%F))5Omu%MX5 z03-y_sHpTiHJIlio(jMu3DQzbCpkfS92={nEHU*B^#SwyCpAK`S9iquNn|Nh*}EJk z(FIJP1vLblhCXM1r3vC~!Js<+MzV}5S)go|q%R>clvKYcE}Z!6z;mYgK4p?BK|9tL z;J^EYzAhET;A5JX4|(5#fx$4cw)?-W22#oZ3xE{8$wO!V-M^&g3}^*nI8>j%nfk4C zI5}L}&@%q`Y~PR~m77#7FNqa@p##!Jm~=`l-Xt*Z=FlSc&BeXeR@S@ufi7c zRvP$bxrw)!(W)j}S(5Y*s8qJY!SDD_zRf%fPHUJc z78mAU|5c`hiB=(M=aT4N`}ySTG#d%mcBfQSOZAW+(Rd`pdNCaprT2ulv7dp9S{Psb zqvO7kYHPU~-l?BTso6)|$Rw5PxAH?Pa@(N-xuiip#A69RpA!u_UTgjr^{K>K`OH1j z(K!Pf8Q_Aw`T7_52MJJpE@UhewV)O6njn^ea`P1B-yD&kf7}q&DGBr|DScp0R++z-mM}iHAkwWD`(^5V*8GaGwvO<3wKD6H?RHi#k~OTn;eE9ihHbKd5=qDLL9G zKvL)Pf#H`#Q!@+-V`u*$o+uHsfNk6xcf(td!x!fQY)eiScIH$6##XGAHxPISX2a!G z=$x3rGZG9%FXnxY(5)h<;dlJqM)DEGzX$9UCuv31(fe~kJh!F(JUgp+H@C76huzZI z3jF=8n1ZW84X}?7O1J?;eo%g9AONv}H;=}P_5G23^ zE77~*H7*@p-+7oDf#~FH?Drb|;nzWGVkbYZDjs{~p8Bc>QH5So8(!p3b*!TCVYu&s zE#mxYMmZ$?zFFmpm+JF9ocCXs8^6I2N6)V<+)2erH5Voc;9=8O%~+W8lx{z5pFN@JciDKdki|fRB2OcC}JO zSpEC?wXlkTAPO8ffM`aOJ6DK)UeX)tL<2|?0#my81E>tzwCZ6m@^&wuQ?RqyQSUTM z2#g3}6*G#O&(rC&*A{%yzhG~n+#Uvksdza?{71_J#iQA?$VTw&DUye>5Kp|^8sf%# z^yEg6{%_PPH#(y3Gle|kR+KqJQoVNprFILuf%9gq_=zs}4m9E&=xZ z{597Q18d>a%unj}cQB6)Pb(aLrncKt|18~Y^cV*>&Tw)oX5W5Yp8@M-OtSMlLMd8N zBB=nY0v#QlW4KBd>iYX{wPwrlWev_>@9=7g{hnBLhryzj)7qg8A`GmISeM~GDGYv7 z@oGCp)0TBeX4@dyBCZ8F-!JwMKr)%X7XeN2eyx68{LN3ls-AO#;Kh2Hx%!Pq zZv@RnHC!d?I}IsvFB>Od$-PZ6C6!F&kJ$yl@K`mTIht1zpTkaYZM-h(33)=vau)w+ z85CeCw|w~?0tUaK_)*H?dqTTX&1sTvT@c|B;+677d)N3Ch7qU@<E)W}bd@-FOt#P1lILAr**h-?+7E3gwoa3`5<vSS8fLe4w<{a)j?*=w(^2a*If z(R4B+IJ-q9Dl1;p)gtR9o75g@@aa(uM;s&sGd7HoRi_(qLJK|eu zLrLwn1kvYCD%2pjQovcs*_&MO-)g^{oNMBJD$Xs)rQRdHL)6tV+0+sM7whV1gi_le zxR$?r1Q5U2u@9NlLaN1f+Haxh#lA|)$Im@pn6Qy95?YZc)AFtpc|2hihVXik0XqDZ zLLO?fc^>Skh$=p-X9twky zO-fK#57CoSbe)N`rK_DAtl$~CV=C`dQoC|P*4dZiQIM|{k`C{g1<$X79{VxTX{7Fb z){EkKz?TC4Bocteh@CW071|l*pCT;s;>s+{SDpQiQm1OLOI;KUgC4p!X4`*I-2eRR zP%Tv0hJu)ijc*E)tq5rJ@s~_SchESO0SE#hIpsUp8CySAy-?hsZua}EPzMmX2h|;V za5Tk(}1bymS0%}3QqlAOBJsU85o~5P#*WfzNe9K z;$BVw2xqO{fcHyZH$}oKp&tdwNKZt$Ggf!RXFHYbN1`du-NoKx5=9=+2=XR@%CV5i z%nxTK0qw!jLEj0hpYzu4EpWm8681f5O~^YZcO~P*mL8O>h`kqU@+o7Uy7O@EZOD^T zv?vRVj`>WxmPT(I?4DD6M(-+jV}#q0Nd!*3|6vl}Q1uKrJPdckE>W2N()~C?X(YkG$)~wQa5pB&C`w%X6Q7T& z*Rn#58=-X1)BTIv9#pwY@um196FmP)Vh2SlcfyI9rAeyqjT9WAx2T{9VZz&oQj@xI@tG-i8}(9+`l%F}kxZSv_CI`$HcQA%F^X|Bix2 zPDBKs4yh=>weFP3fm|`ndZ>UHsByVST??(#cE&E=i(!G9GXn1!?%$!hHQ_lv$Ljcx ziHR9{`iG2nw5|SZO$UP?3=%1z4?v^lXsPmi$FKSYGdip1gGcn~oq33V^1n)72i)Ld zGw+j@`(}MwnOtBZu!+7!uV>}zoiwR3w1O&uTs#YNPMLAW(b?$(46_5w`alxdN?a@_ zn+mXjJtkpuizH;-i8Dx^|MCJbO&AP@c5Iv4JHlbyn7`5@6VE}RHx($(zeug)82jkJ@T|9#`5VEO%NCbx`5;o}8o6efMsfco$=P1GG*nP;D3( zT$nOzdrp=|X>8#u+aOzTShcx}Gb{3BVrhYzIlJ5Fy6qJ1s19aFr#x%2*?1XWkJI{U zi#@1F1fn`E4cwq-_a%WJhz?0)fOoZoBijxW^a;$`dT2V`{>kC?FfkJ1apU(90yri( z7c~5KrVkl0a(Um6G+o|MV)GhL9EZg7`q`8Jzeu_3=?BBx3(ofq{yP3$s5>f*Rfv7} z)_@3ue=NZ6;mdgc=fb#~_&H@mkFQ1k>%IkUK>!kSfPL}Nn`4qv_iE>}NMfPy!M?kd zEF>zUKdlO)9;B4|Q-kc`uW?7|_*#XmLjqufuF;5!!*z5INNy<$aAKz^L^y6{k3fPR zD22FM=19uG3ElPAZtu#<3p(g(dcT@_UiN(Ps{DKL<*guOB2|ZJ+HwSjBzb*Y`;;03 z$5Xlhg15II`bCXdB}7P?7Ef5gDl#OZbBUW$Mzn4%G(s$)`_a=-8W9JcDSZwt=W@F~dyOOS*?Jb#q)G?o9_a`+T81b8>8Ufzru2BF$R}-K0PJ4^)?< zla9A1+y9*BX|;%_BA>moz}^DiJIS{=xMZUiR*?j-3Yrtj*!qBbNUBI`_GhdG;1UOc zisbUUb+Q{OTMu96N}=2Bn}S3Pu!n%I0RS9pR6ti`?%V~Lr(!7n09!6CsCESp*2@D! zsSzRi<^?YD#w8uhwtBzq{pb4?%1^>?l~9SjEgdyRZEt*O9|t2;+kjr)I#Tsy2KaNU zI56?!XTQ%+e*FUqy0;c>Zb6U`!C#L7TDD5P3d(5~TB_*wFTz(Eo?glkp3l85cWbKf zigtYQCJ4w}wK<@c^`66BAv$a?_*$?EGI>z`|eTviTVmZtLC!?o@ZnAf5 zEfIJy^cOPCGDv?Ec!3v?uo-oAZ-(8cN-P*OER&KuQ264{d*Rj|AN(EE~ zJ$57hXV_i2nD;jXCQ80N4<>?AbvipgjncHGE&$ooLT`=PvHIdNq~kdT?idKr3hsYT!gMYlsWPhCD$|3ud_ zSgHzEY1H@NSO7WS#h(l*LS3kZA8bU-h4zIVyL9E6M3|D>ydoO>CLk=ZN$yuE?6Kgk++)MV37G$R{Z23u|e_DQK|@ zu;BM9-+7XpBE;sSO+H7_5ALfT@bPCZE47+=MJiz1+yrM8tpE&(5u+IiBn7%#suGLE zSaB0N5RZr>@C9^(4402Osn_)Mvrjaq?slkpz$&#*@O#Oa|JVfA5YLcaJ@p0asP)3P zPj1z8;DuR41BfD!$>e$I()HET-Dio7{^`FLsyXW%ub-apuJs>8M zgzK}SXwv0mfp`mki!()S-mc=yeu5e_5ZYDd1b-}>9HGf}cu)0&_CR}8#>}1C`&Sq? z0LCC4!*uZEj!Q^1z~D_@1kt`b^so`!8NZ6*>?OFza^%U`WJa`N<$5`~2wth;!4k7E zlzQpm{h8?tlrCPi-};8VdrGZYBl3UQ((qp~@yb>`ok+8}5MRGPU~t$+aeq{+UT-9p z$n*;H9sfs!$jm7yELH3wU)zt41XsOhRLCq+%y$>t7nAiQz;+tZzRCIFW8#ZBMA&NFWe)) z$-Ky)i5g66@$&=VjA#Jy?YOsMxS+mP>b0RcF+KqUAYr5j2q=(jOu#0d(voq=-Gbv& zFcWMl2oQiFQF56(UmpH!Dx{!pQ#AF(%US;0V|WR|(9uzUXiAlJ2AUAzA)oPg`7wO- zZ=tt(IDh?<)w4i{bnI-UN5}7Lw-!^>74>tWht#Wu0P*;(ut8E>R9Qy2^B$V|$kTfL zWU2A>xS4ea#vH;!K$yQ$Zj(OM6ns{869Q52AJ&r42rWyWfT)}4Ie*}|+;_r?N8t7m zL<;vADaJPixR73ENV+4kMK$ zA_@9y!Csur@9GK3n)Jc!^5vZ<&3lSsZTQK*f%gQbFC}jzq@6BRVE{czZlJd@D`9+1 zv3`^rY8Jfk+aTO0g2lZ5_E3DrfRy^=0#bX|@3p#^ z(9n%dvv?#ltY)hBnqQCij&tcC?m7u>KKdHmSQ=9oT?#1HV`lu@19r-ltE`3|xXU*-wjyvv0nk3AQkJ zq&Uw|56QFi{6aq1V- z$e)~_s!_wRPKtl;Mq}IK>w&Fw@wethUY?@O&^qBs+$_}EyI8}cCvf9p{~Y1TE@1dv z=HE)=*~NDTmnWVFFIIbmq28bGe~np@2r67m^C{*5k_ami1ndalg z+K`XWOqK+70Y&YbCXm5-7r5qHp~-U{!r4$#0;!)aJ>cKU?De&e&L8dH5@>E$E@rui zstk%sg4laKQw<|VI|D&PIjac=kCaEmRb=xd(Y&MaH5ftz!*^Q~XKGPuND^;zg5`yF z9C_f$hny4mKQFO2x5Qq8j>tkNCs)faEk~`8r(;Lo0E*?=GWBgZ@ynCYfg5#Vm1^M3 zF>92z4k^`UN2p&jPTT7a>o}P@^uZZ`pIDQsw}LpiCC_>%?ogTgC$6>u4mW3|&4eem z3v!vLvT%)YTkm}s(*4BhL`7=uyLT0pUG*Ns#@73O3=9LNh zlJKiSK>|KP$*4Z3_I!awr2TTCyKsBxU$OltYC)3BJPiE7%O88BDDaTNsdDpGl(Ix4 zrB7It!@R2D1wB*J%@@mjNPOB`$Xa46{Xg)ViupsAVz3?gXu*TW?(zWE%Rvn{Fv@qj zdo_Om0B9{H?j@Z3ldS7wZ7gEmO9^!~kdtk)e1wZQuVimh#jD|<0KXffiapWimoddw zdXZI+XKsbAU;w1hF4sB0KToG{gG$f)jYan=gHq@gBrr|_JmUl4{-$!7&!TFK#an4s+B7Pddaiz#31B2ao2Mo`ZNH8#vW{}<1joO3tYQ)iXvC!ut_f2-c zTZ%p50L`3&hcfd(izGGoB<*;`Yw#;e;ZDPGwcomS%kS}E`)^MPTxq=OhyY>tX+HwF zRSmn&5jLiPQL&3P!i;~k({}cmwatxAx{BBVm>)4jw)PP(2?cy%8N8bF9F|;_p)Ps4 zMHtEpxzC|+=0PIq%rL?*Qfco=SxQ9qS;9>;WKZ@f4o}vXO;@9 z_8_DO^Wm<7+!(13>i1jNF)Gli6En+?t^(OrMG2jM4J(N$%Bzq7#D?(GNA4mrfzn2 z979A;H`+XI$(ruX!jF1YviM8gm9yy*^EqpgUE5i>+XVb*VYFTFcTZPS*M2BVn?XYM zo9%7gJIQ#R?q^bbkrG+?v^yf4D{QU)3HG1UN3@~i`u87bp`{Y7US~3hM~DX9QQy|k ztx_qS5+QerFd1XmH7Q^EE?-2o=G!m14g4UE81wY4yI1K0-L#*_l8;DZd6V5aYFl4S zk=!}X_~LyY>#@CeIbAxTajymp>13MCBV}M}{MlH5I|Y>0dlOP^-!D~V+StoaU$oh_ zFCJ}DfBa5pSWRR=jr|O%(H;e)%3AUQ^LwUP#4pr#Kl5<=eBVIzt@YA#7}a0Ba$SJJ&mnAD<6Cc4f&+%B!h&s z7Sz+;do_Q{Uvj?q*!Kmp);{bG`9!_i7d3^5<~!;w_3L&H0a;5Ml9Y@2m~jLN zP3nr4Y$}ix)}V$vrcV2zYW#;>YiN`pXzf{cSI;&2TvhJ%Sr%4fg;YTeiVh2=5 zn4~ix`??14&~_`^;0b{jr?Wsu7h%r_a&0=1mmJ*ONW`i1E#1owJEUTYP^a1 z2!LL2M=0epd0)s*I+FtUqX}|5 ze=z5hE3zmt>Bf+heRPEo@4(54qHp)U?$tBLoRXxz-@XV7jp0-%4XIaw3-CUyj9wK7 zMJRV(B3U5sr`A{O@uGhicOv21$TYO&dG9qIi06;!~>T93abR}5&lG(A)ufAs`B+|qS9IEdGR@L206G#}} z4%BkZO>!^bFNc^4T0`bodwBTN)|2dBzQG>0eN0TY-fm$DvTW2R3oRzIlYZb74%5AA zzE7hT>p5JcR;B7;hwgd-~H9@5d6}zgDVF)4mHZntJWgeNo z6QD&@szZZ)!eroxaQ|GFW8$dv1h}h_Yx_kJb()O;_{bQICf>Bs5I#R~*R0;|K5Ke# zJ6($}u#h4;Hre4V{8d+))FT4dK6#T*IqUd{xo@{SCNC>xx2Gi{^2+K@$?v>XOPxrM zpY;7zI;_$0<(oxVZ0W+|&h=vGn~5R$v`{1b-N_;5+~DP#tl@6Ej~Fhb;fjB6?xbz~ z9yq^Ej|%*jg6}ZOy$ZQu8T}ajZ|jIe)Hk0=*$ok+S@yo05-$)qIsF6CXUb9<4w6rs zM0KJG3d^-)=$L;QgXM`tXi=5*sDUA#F%SgpN#qj_NJs9px3Z1Egx}h>UU3osk~qVC zMX;6mN58OO`v89^0Pdax3{+|4F>8vBrhnbVvtNITEM&D~5tQ-4f_>MLU+KkzTCH{v zhI^_Isg*|lP}dH}WYzdTyLuR-$;2@8Xan3lL}VgvmWLKJ zXdW^UzKzMY>stNPrGr(1J=Iqu{hjd8*{=OA(J>noHq$TnX3;+x^4*2dOL%uI6Wa#B zCNKy}&ab{M(;GB~Bmf0Wt1Uxg?&dqN3S!rlsg3){igGRGqvB;C($+qaNh0Gw7WwVXxPjk7s%mMxDqz zct4uWFa^sRxS@uVg?+x?xI}KVY$4%nH1r*~Bevqg=+A|+;A?654Qp`UDK7x@rk^75 z6PIbES+qHcQUJ90Wg#zT&Vu~F6YE8X4(Fh0MH z7Ug0wrM&6i^Eb`!)71#2v~D))vMmt01PydpfGoRP#8w0;$mqxLmGGw%%y@iTgw7K) z6`=LOsd5xWgNGe>P3@?7j~e%(42lf+;y|Dh#yYT7n)dL^&|1sq&ogKGAl7g+#JA`A zVuz^1p0XnpU?g9-6KiH~mfx7@(a|P5mI_{>H@g@dz#T^&#IuM-)U_|3Yyv1kA3bst z@#%{uhzdnO*em{%8%2+#$%mG~_XMT(@`2cig5k&c?LCh*nB)pSWK!m? z&CW+dW3i3_h0WTAUGgFLRXV#@{c@``p-N71P-3{zuwa)y3+&P$)^i#DH%~-F19e47 zG%o4R?5lc+Z{9v@3}tuDx7>b$fu}nb-fD^aOLN=N7y$m_MYYk_+z0o6VHY51|J~eU zRhfz7zTW(C(c8!Ieyl1@sKdtNcL@LuNd;87OP=G`%p)xNe9yIV5u1LO=fU;SIK}P| z8b)CLo|$znv;^Scb_OQ$p6>l#Vj}7>{;!L7Q*YI|37jsfuojGvsC;G$&1gNc55G#X zYfUnp3Ia_Bh)+b!tsCr&Xy9A^QnhF`3U_X8ssR^Rr~qt4TFp?*Vb0_OO7c zMWcvogfc_|KlYSfRg1AQpQnNlANKaTt{YSjKnQ@Vj#fe6Tfy7Qo);N6dH%U zw**$;0d(ej*G4nigF>6(ZZEeI^mBjWTg7vh&^Icr<+~XGd?Q=2FG4+YbfiX!I(pVCi;@E#z(dhg6H(#aeuDvpz4mMndAnoH;H&`(eCw;XBvfLTiJDWVNR|-ce0-ZQtmm5CQ}UJ@nAK0)iANp;zfBozROQMUbLE=tY`QI{%zuR>;iCnhe9<*WTB)f2HHPe9x~T zTCX!_?JA(k*$PNEosm7aMr)#V?WPfV>$;(=suQdJpx#NJ4 z0J|zb+n{-H^Lh5esAt!xBxHK=KTbb0UCR`|Zc~^n0F!?;70a%Elx_x3sZ|W`={H^d z%MIYsWnpUcQ-b0+XvU#Teq$jgJ;uN&!k*!DSy%^n8b6tI#pC#Oj{@7xE*i5%YqvJTawX|7& zAAQn=llD26CHlkjvR(+87<2=!`e0Ml#NyUM5CMaGX7RJ8@@6!GC(db6O35}^@=}2j zAS8C_>;1BCV1#U-%s<}%y>Yuk-S`g2$G9!12D)&7YeN0)ZC`GUaC7dnqJ|ETl$tfIOJaP$pU%t4LSabRFxc<_;5whb^SeclsPAQ@1&ieV&woxC>qsSS6C9fOK~t-8l~g zu_%^>Bl9a6TeZfMqrUIuscsJ3(zud@`B)fTh#;GY%9r%WWAY;v1{p(zr&BZ`J2(KV zPEDwBC`M{DhuyH^uY~04rqVWZ;M89TQ$k@~22hxpWJ$NP@%{T4wF%%t)HfaNl#!o} zf3&@X>$DOEzVE^_sn6XhzX@WB=Y2-c?eap_ z09leZU8hG{HWuyT;VROzaJu7o;dXmPJ0V&zubb5sps8w_1$CO!M#tz`mt2M5d7ra7aYfwm4R)0 zFUGp1+Pr1_RL_H_H8TV}W<&sy{PtHoaA{GjOt1FESv_6mkJyxSoj;0YWU4Dw2@+a( zY7^sQr94t)C`|3#s!TkqZo*fXj(7$tJ_)?D=kEIw)r{?`Sh~FiFXsJu?V60MCz3H7n$>mcUgQ&;ak(Kr;_b{^b zaTm&N+?KlX_L#x&_oPR{Obd~F3J_*MJQOY)VZK7nrp3+N?+27DdW>Px0 z&CW#EQx_P8tLemfS_{7b5C~fS%JoN4eJ>NfLO0m?n1h~vyDtu))gJ1E<>6k*7TnvT zjXThY5Il~rJe!D(z>xz*qy7rr;c^6r1F08e)jQ_!;ckSi>Qss(kOu%ZlB6h?tA2f; zcW#gxL>$Nz-9hq6%#ArFY+60MdP*k4*{{0Ss<*&r_BexyKgU&O1aPk_|ZN! zB|fU8im?xe!uiJZWqSu|N7|_h%Xqycrk}b|mQzoSNXjHEqy6ILHGE$=x6<8@;WwBF`ivQqzhMIp{M4-Jt$M6 zc)xE|ZC+l5Dpm(8g10*#M0 z1|wJ0e?5q?XsdFwt&^H8`u}#q;gI$O@glS`g}GHx!!_vi$F--+V3GFRuS4L;@SvOT z0f}=;l|Y(j9oK=NyLs{|z$!C!bC~!sz|{HolTZ`gzy<1r6bplw1L%KZZa!bE3t&Gf zES3#escy@|u)qf78}S|)e+~m+z{Kff04OB^K6hBRGqqH{P60?%=`8gEIQRhZBr!{Z zDBSjXjcMF+jWXa~^obh$Yrc?@bafUQ`Ah^`n5y>xOkG-sbi{XZYenBY#J3~&wI}W zSa4)AgHWIh*+^*4A7dVj2#1VTK*zG>Nck+a_63W3IuWR{L5UNq3W>_g7zBsp7)I=}G zr5-wN05Fcr5O378?V%z)lJmu*7$9+~4v<$j>01H4+i@@D!8{V|B_k5xL;m6?iL6gJ zEumE&NnIo*?|A$e zk(C0GRcYq-l}LC ze8Cd*Pk()_*deDZ{ulL`j4JjvA z3kVJCo+DR{<$dSh>Ss?dI9a=#c!vsVhQZ(_kAxGtc1%*g#!!cqbZd6l`#C>LgvxYc zFX4hPWTCt{jkfG`6e-Wavg4%6u|j+4mwkN_+apuG#Q7tZ-Awl`m2X0^H!3~jrip^kqA@nYV&V}07r$y(S)aBhS+78+m} zeqUdG{Nw-9FOWz3ACV@0ODG}?9G5SuxwB4W17r0{&7K6j`eWQdmMzsiA@l?ek`!UBEC*Hc#mc-L2fPW{U3B|Ps}iUUu7H;qb0Ilh}?@1Dwi zq#CsuxVa_dneBG3k!W;EpttJrJ+tiH9zCy)YqXJ{BtNiO&Emt_Gak?vZ$nvi%s>CbdcLmfC>i-xN5rBRXntu~czwRIU( z0H$hrt6@^>)9?e(_#(J-z#09`K%Dc-R|Kxj#QLC&pPN9PU{F~BxwmCC=OPj|O(Qj) zws&OytKoxmU{^lvDroll=!Lo1=KkO zm6ofM_~5JogsJ+PP|;ULMPGJF2x*@+0*wE-wwM`P3sQxrg*ZMPIatUKDN)60(9lHB z{atvUzCegzR0`b=X(`t`#3lZ9>>;EC+hD^S)tGtYR&|j8U?DnOsp+R|A4@;n;T>DB z63&}MD6BS0GM&D%;0GQxDRLx*_YGgccXha-5EA;4OoJ9hHwzj65^}=<1YF>noT$@| z1gXn*0JFY(o94H8Or!vcGZvDZRer*Zz;1Bl2Y8I?9h#Zu3p4)IW~iY(NlE)$K| zD!2+B={*&$uauQW-lrXXDabrUVI6hquo4zC6D}j;y4Pmh(1O%@U&}W)hHBX~WTF3` za?Y5DT9Je`jA=QN(K)~ml2(M<%)}6mDCNl#UZ`lyLiX3-5_P~IEvk3RUiwaw!?j2ZPou2a`+nxh8 zc4NPOSG<~ZhEQl=2Y)X5&KLu30Xh~);eqT7E56ADWI{9?W2bSw@u|)aouevZ^mWy+ zM2y|&`v{61A->L(1@AWi=96EQg=$1FB zr9pntqr<3X>{L0?xwAt9V6xx}Gq9_hc$24)SG^!m@)CW8=zWu(j%^67ONo+-w~2bi zFENK5#08YZn*#0C=l3+rvCEvM!)SBQoRb^mDW1BTjkrPZB;8V(>J09@tdrdTsYM~y z?24W-LZSURtA17Jjce6*GHq|qfzty)5Zt)sC)PJ~4`cs!u{5}Vldoo3};pD-G++l*Vh5~-3RZz5S^xZb=v`tqBc z4}ljDnc^v(S9B(=<^Y|EI{5%5SLRW~7j@g6fd7yZKpl}E*~))`<3tb(>(Uc-m$tD~ z%>Cna#cpPa?(9J}tdf>TI_TS1ZGz)2n9cZ_-cr#`(Tv61)Du7mr?5DUelby6C-6^{ z9jWSYv(q}VC+k#QJQD+m;PIm2M{Dcd_t?M%gl-s6OBs(4uWXEU9!$B(3ud8zPJa1& zK-G|k0)S+dF5s}qqC))a{RqISGU9#J9wpF*^=o~(3$PfSi!JXFcQ6BKR4Oe*2-q0utL5jX+YUm^ijJd4Y*V~bKeR< zt2D#`lR7#R_UE!d^uvD*1^_-i39wk22$s*K1-|8QZXQf$;6J%2t05Vklq!PTlq{0U5kST56*m=H}KG`Je2q zp;6JQGfWNxvu6B0ZC+IIqGcd6i*jSGW(4IO@S?|CzR?k^0{|S>Zc6S!x!kFc*S#GY z)GM=JG3>`x(HARsH+(u-g2nK$$o**oMrh=W!ysuM_K1W(tkb#P_bSDxyyYElYtq6K z?sA<>rzhYx4Q&`Fp3xK*)Y46-!LDP)c{iv(V0MLm2g6V2A8TarP;E;F4SwZu`z@)| z*4GSvf}`+HJX=3UsFQoFUo1!KF2Q!pJr{*xryEotJ|Nb)M?AA+!l^3Gqfu`Bjgq!& zG!_+brP5L+itJl=8UZO9mKP2AE8zj1?g%j6F{|$lAmODn{RP__|i-{ zpaI@EOxX|7R11sAvG9AF_Jdv1iRWd!a$`t9XFlEy4&G2Y z1Geb3!Lm^^{Er?A-m`5V5Hg$DeTz*uFGGefpgxor@!VYW1X~}%HZYM^_AbI3!@C3n zJT&Q@=b#3!eB{VgLigh*;Gy&Cd1Pm{L?*P|>((NGzwqEoV__Ug)b(LD6u>{!aa;LK zt_EK>U~lRwu-kwaJDi%|z7Qm@tPr`A={%Od?y4--0iw_!y8b@Nx^|puYS&=HfTY^l z0oNtcogN*!9t3Z3GuX+cC;2?OXQ{xv=67&;L>8(1QZiC*sFq`ZnwZZgmH>VW=0uv< zZtx(D#?hq%uFzj@wi5?QF@oUbGf1)s7Cst6mk6OAqaVr%L*_z>9xOx$l&~tp|34oQ zk6u;%NVK+n-!*);n9QHIc~yZmLlBnkoI*R3*!_aIu)iqB2@_1;rrn(jh~Zh?)&p3N zif&NLFhw${3|AscLp}?2jo|DuYgtAyZqg69Cq6sthkiay$w9$dBhGo>DhIO&r8C?oNmDkNEApx@ zWVhFLnh6QRo-VaHzW?q_m7_EYOah?TT-lOaB+tW8*29DDdCUO>$;4bMpv`tq?S8pW zdcq{+rw}3Q_gKhHLeNKCxE)=P?CE`I+pJASV{bqB`0_hf1)-H4lO)<);%C`G zafSoI3hTM6!G5nMfM5>8`1v+=i&AR7emFp5?sZ;AL}PmM2EBtjVfBk28NKuC=%gdU zSL;#6?>Qr?GsBA9+a>YbutOH-%S_RHWlde`e2*XiYY1ug!nZAOSTN=I@7T1(zyg@N zFjuu`-kBH0Q)d3x((*SsTe}*{oj}a+b7p3k1U+G?f%MVQo|R`RwD+76RXVn_RZ?Kg zdo}EW*o-PLkpH{Fkm#!n6T4T6I6+%20N`W+crr_^VzU#F(f$`?WaB9#-%FyR66VAq z#YB$<6x8Vg3m$(RkAC$iHEvhOixR!m_cTb)c0VJwf}y?NLLPgXHpF0@zf(Nu9ysNl z{-T&Mcoi(g>)7c=*B2xzIf&r@eCU_Urw)nmkAlHg?m2Otpe#^+R?*!*@1#7s@5-9{ z!FQJLf<W9RyyxTeq5vuN31{K#c3k|$jd%i^MQTce*TNcBbqPOY7AQ- zCXbCM;3o;iCmc9=2*ppotGd9@$Z_NJK1l^`phlp< zBF(UOx{P(TY63osv zsBnM*&$h{<)<$FJ5^-ABv}*QNgQz7WC;`eWPIOK$a!_L!%GqB!DX*2f-sp7Yi%u_A zv{&5!gtCoo7E1B_Nx9Kn_>cYz0_pMOo<|xc;7PGZ2L*a%?gs8aO5!s)NfPm4^Csn| zS9#Df=r1r8wv^Cg$$5bz%M7$VVis_<-<~y2wL^H6-_Or%j2TOneZ39ox?yu|Wq!XU za^>E}>1~jjf&l1vi?%qs5=`(bPeC~PW=4r}dc1RdjV5@vr6s?7hy{Km@U=h?q!8^G zOQ)VLk5O%tdc`<*V0D*bb%a|re8 z8=#n;XJJgMJdYYx96nk9qa6d84@G{P>3kk!QIMeHLB)Ivx@mM-=6p@C#&Y- zL36%m(NdcFu#JM+TR9|>$8G=p1mDMO+IecljJqd=E20YB2m!D#D~wQIc>v>t7iE2$ z`Bvn`(=-i2V>vdhg7#7Mu{Z*ab)uKcXi$q^sjJ&#*H-FE0aVTd`UsuBJV>)nq9I~O zuW>3=a--_N#Krm{U|j1;{JvfS6l_80ETDLDo2;f9Ii(rp$nTCn;|c8Sl!sa*Lv*>G zV<+0&B*21vyCg?bQA@G|eD5Gc&~{sEP`yutQzb0%1H3E|H}A*A9_quz8WRnAURi=C zhTH{Wo?<__w(gJtPIefO$bBm-#hitMuyNAy)7ts3z&mV;_-Zy?7>5~g#Jr4Rwuv?u zxX!BFffd++L0}cg`|7fpaT}q6}={N8_n{`3Nu z_05GKug0p^dz=lM{FeBM*RWJ_6i4TcQ04jteDv7Kl^dz*OpiY{iTWWZF((9%lgH}t zX*6}7=;J(Z=>#mSh(|DAvg+~I?^;ZWWM8p$XE@H20FUiSX#o2lhN<3D9$arF(U8Sa zMF{W+a#~$-_}Q~7!0UpfTN~wQBNj$QrE;%A8eAyqu_uig{f9{^XB5dS*oM%1D3ITq zbJL75s9+ax$b=*@g7>FjPNDDXg@8Zz^ZiZwXg<L4+%M(p7Ph5DwW-Y3q-Ep;E7a9B$+KD$cit!=IMrir%$gID zF=N~GS4?V>zQvwDbDDg)oFHS9g0!>Wl zJo9H->VuZV(kSbZVdkALCtad4iXZB<$&T!C@E6ZTF+b(5{fM!AOE*9Kn7?3|_w7%C zb>9kR1@>yTl?}p{^aIU7Uj-tA!(Uoo(Ufd>Dl5UOKuS3D^s9M-I`Aw%@q!1PW6+m= zU2i78>H*lo$51h0KJm0i5jyk*4D(vq1Au~+d`=06jPv=E&B`Kr>vXT)pMCr&UDIda zWCUp_G^Z$u<LIOz79*s7l`E3!1uY*8D z38b^)j@S0_j!2eFNn878z5P49+=rXB703U5O#8ncl``Vu45h0i%2B8FHxdaYHkLh9yzfgw zpk`tB@*(Z{l|T~X3_c)tlmG!u9& z`B%M4B97buO_I^k8h~?JW2HIeKFFmw^060!Sk2LU&pZ2J@*qDOE!_UW%~{*eJJ|AK z)U}gB6&u}aA6MZEy{2TjtBqMIbESwB(tH|EfLX`6;{fVHDc<=_j$q+k@Nen z5*c)={om{6<4v>tLY9XbUGm~;mMfRaLdWV8@ zv^Rb)zn=!l(PxfqZ?CK=ABXjJL!KSN*z`4<-ygU;?DQsFfx$(0RDbD;o; zJWshqoRgt)16a7i)a4}LOKRtE#**Xv`uAt|y}Pv2%-=q>wyGwiluMqn`rvuY{Y6Azp`4&Kj)%^( z`89%|ml4{`h*R@G*Rg=_@H)~W7e=*9JrjNs;A5%q3XG$$iqGC+VT)N+)EK^9Li4&hH4cgoXKZ#S}eWR?v zh?ErD!6yh(g~kVyEu!~_y<9)cHi;)j?O&S~hJm>>{t}8wBQ&`X!nHH&^@^oM`%#(^xd78PRJG+%c%QU#J)U;9{3B!! zFKz~F!BWkl0h=5ogv}q=;0S4(j$6VFVaxewTMduu8PQ3ZUDvq?`$9Br{CQQ{!fW&3H2<@!55N5_@(>mDDsWjIK3eo6bn2}!+dZEO zV|-3ip?7(IMA>r|viFl+00msn@C)RBN>nKlnz+p~_arEHhEMfgsTq0K1319%R_#!% z;rG-@&Q&_LK3Cg)S5(zVse(uQUlx)eB0l)BU{?Rr(8phkY%&wxc`_R)0cV~->bLjv zpZ02q#Z*33OPU1nL>k@i4!6Rp9@DrUMMNKQfuP5m0Atk0Xc=%1R@ol!{qlh90O!)r zw->cbd*GL$hqW+0Cd}2HQ&$Zfx8w zxPuBA93>%7udQzI$JXNnIYF_jVn(V1Ni%s+zTah@? z?7EL{KMYE|s=ZByurqmtCeEI%Gb(k2amA%mt_|P4<{o6cnH8D(**FHMyx&eWJZ`z}K|NgN}Ejbed3*(CD zpeZhloqtVDO_gy_!r$z&wuS&P2Z?tFAN@Ba^`UhP8^nBK(#XRWiy;o#4@tc3nc$y$ z(Sac+LsxFM#=RCl80-VA(DC<^(=#&Bhrs<2K4c8hF$I1|}4nig3dIOkxSA_wMP+?RFzZ zmD^_Ei>s!elSE`*-V`IjafBXq(ZM&1O>OPA1h+&n%{KoO7h@e??**x8+VSy?^OqkR zgJa*bt;|v?=ow`GYWryTWXF`iXe*MX-0MCybhuUJdy|ATq^?hM3@W>#VmRb{3pN(N z98ng}FLFI=5FJa{mN#**?K#r$Ztck2g;tt#C_3Dai<}E0FeYP8sdg@jW!IV6d>~QH zPITD>oGmqr6)_xWZx<>9nF3fqyx=jCsNKi<n~U4Y!W#~&oCy_=_#%xyL?as~?J zmc;u06g^I8QacoJ0m#aK{UcR=0=b2U!p9z^Z~2?N;s#G10U4DLX~(|qr_O_*wVv&? z&-TGN2y&c<@k<-=9&^2ReD3$w}d4Ic4NRW-gX2>KJ7lCt$D%YM*P{^q`ZL ze%u)FY0N)iZ-%-3b)@#%TyY?Z)8%reSn1cR&2WaBxJ&T-i4Pyj>*^lwX)QQGEH)5O14S z;jSH`o_MiljI#_xp--#Y2Kn|K^Sjy0CgdVUtqOc~(q32X zil>*=$bU?M0i#bZGQA_Exqaq_{4&&B^VhQ7IN5T4L#tNj?{c|gufb*UPq^c5k`E)_ zw>Jk<4Gt$G=pcz%DyWXD0!Orz5&~zUt$V!Y-UWR{+OUj812q1%MeagUE!VcV0f;7} zv{xbR{_fj1<0L>#CvD~`R6;`-dK`Tw!=ozz<#Z(hBr3nWS%Q2bb!{sqNs~c2ru5TS z)lL@fzK*W1V5E|A?%=?SuXiS2Wb&;NZ{2>fIR)_1&FemWYQHx7gV?oObc)8vRC{6R z<*JxwdO=A!5y%(Qr9!Yhv=aM~fooqmdz_u)d(5d-^}&_BAxj&ldhG>+AuZCdoRSbkuLl<)qE;?P*t;S4=dbRg3pl_t%9ZgZ3g2Ov0_Y1?{(>Q~X(GQfuUaf$ zZMi$%SYh``&M$bdmI^X|*@rd`LL+|$ddHn1AyB+9j95>DqA#Ame=6;mQQ<+&dE;N< z*TXC+tci)q-YK2pi%ps5Ty9`6ocA1z50UXrW;>y2V;}Th?k|K+Jaox&PiR*{N@sZb zT-J5~74BwPvFkd0)9v-Qa)18=C#pcE1WgNFJVzV_Zneh%fS*?<{J`SWQrhh?D z#XKO!HuYF^J=PmC{Az90x^F5_hgjKL=UlbbyjWlYZe@xs6d*O4j|kv7+Mj{7Y*eg@ z9Fz`4UHrv!_s;~OtnAfO?JlX}eHf5GByZZ5oEi|oypnx`s(Nx)M)uYnKB~5Ew+#T` z8~`}4O)|Y#-a9`$4p2p8P(}N&3@`#3|15F7g%3zZxG=q2z(F93SXP#+zW_Kb&8)yY zbx`M)`Nx#v|J=0!kdM)NjR@_) z(qyhG_oj&YAXizzzeoD#8_?hqUfP$R7PSUNYt-dgpI0xOZ|;9h!_-H4yri@C8`M-_ z1NoH_1gd816Ve3ln6*Z{`F!>rbx$CA7+3r^1+@QpP<5YBSyfo2oem1iY=1~>!vDC4 z68})2Z*RV+l=w&N)A(OhS2Mi)h9L1{R}_=TBJ~cM*BnM`4Fm1zpM^En`SI$S3!#!YNMJL zo5^3p#iU~9Ex~Q1NwMgQ*(+E#o0gc#nf`a5G{u$alt}Lf^TJj*R~VM~7{%5iK|M}NK-hm#7(;jH2?XV(>qTlX7On%!U@EMKrQLer<&Y_yKB~N^R6k7vZmYNEq7q4cg_zzq0=@gI?#o z1tTN4eL2$gQ%=QRI%!#@A;Py)qM=9#vNWu1a8DN1EWW?E|E0 z3RYnr#I7a@E&E4Lk(DO2dn61rr;^GHs-oiVG5kL!wLv%L^9*F=gs}x2^L%2Y$IjLE z|IQ3Tapdqk4G03akcp4yHIWwLG-aBRZM2}!GnoD9X@AQZ{v}{bi=}DL<}*;_4_+^vt5Y`CCZ&znN9f;h8M54?}+Q(?l8M@a#A^I zVO_Vao=nA>@0i4~(`*035yBK?wETy#()DhVI+sN2)HrD zh@nx&-?h&hDy3Mxd-7*iH`D@K`^T&2Y9bVMw5i24TZ?eygP#dmKa~0BrI) zm7}7`d|oIlXryd1$|u7NuYYHYPB?z;$pm}NL37A{Rp0;ZXIOjsv-iI#OGHGD>51R= z5uoZ(_?7;3B%gl5g)F zCZt_E8Muz^0;<6ADxYxSZNc)4=K=p>rI>S-x+*od?}$j|ZT+s@1%&HW8SpmuLVxCs zxs#HcQ3k!2ldmd`P9yu-krh^SPQwBC+%SIs0 z+OV6d?V8{p@p6CwLCOs`g*81ePaK8Ig2d4TZYM6xBXCnq!9(~FxKd7C6RQ{E(%XY2 z72_?yEj_Fn)Z@j|{v2;*xn-PFc+FMa;^#S zSw^22W&EcNv(YEm$Q9Hb5c;O0Cw8-5i`h0rEh!%tfs|pJ{-JF8( zrLlQCOUh<I!7XqzxFOp7(1lZt{-g*~|?`1it?LH7(; z*0IepF+t^Ul@hGObIDp)JbUAd!knNq-2?0B!CfsinsZvP@qEr@fD=R6tIAa+xcJhF zbu{=ed~>sT`!3CMs?zM2$hfajXP9RM0GHC7TOc4<_PhzY^9t-UD>DgI$(H}An(eS4 zvUxns6_GLo*a`t`sq>&NY&S1^ex80~2obV3F~ zfogb#=>v-NZgO&bC-b8nv3eUVyAK=p+neBMgZ$eM=1!#@+9y)c4cLME0L@Kf+?clX zUJoL}ZKNC?iPv-1naeut%|1pQKur^^pPQIA#71UX_08OsRwmCO0fuCN2`a=1K!I|3 zOu7pR*@$T>43)$q)!I%jxv|3KLu-h14Q+@JD~uHMIPcZ`-C}seCXKMDR45$w?%=ZfldhsIxcDs?ktITl7bjf@QPEdR>MOn(=e-TT z_YuM4;+j8f-&)`8Y)&9-J17ho?CgATaaZKp_1Q%i;! zQ5ssoe6@mejR1r}n$NXyH_@+|oU=zAP%9633}GQR^jPVJ9D#h9msy&Hkp z?d|lr2cIWu5mIX%r+)B^&y5&DM~(KRgaLQ5-$?$0IWIRNfMX!>oq{zQ=?ED*l^hbF zsQ@3xma+-MyS2xyKoxqtOG-#1_Uio6L{m--YJt*Z>M3|vqeX3fVj{+_HlYnF)y<-; z|Hl0ZgDt?)n>o-J>2T+u4MrQBk*cTvxm@S>{xAtj@Hx~K;Z!B$Uf;`*peU9?Eb zk!Q`%tBoCeraRwEZn$;^H?v;M~T8LJMS1FxUHT2k*PdVO5^WdkBG2GMjD>kD8g9frAuvj|6K_j|70bG| zhEn^56(q4T+(7fC07Dl$)%++oNLZgMmas92kNV>a31MUfSn>el7f5lOU5m(X;7lZd zMwkS6KV{$ZIyVT^+$%euP^#+?QKQ`Sp${zn?oKD*)K67%Q6ErQ2tR)-rh6M0n$`UE z;G@c*;-9kyYo1CMW55FfGzSOZL_3}mAvZWwEcX!*u7C=2<>xORQvSebDiOYCaTz(! zi%$QB$*Di&kM^Sx^|E|nGMEGYaT6I}DsxtefF%#+9K8{fi{Wwi6UCw7sw`^H8r{Y9 z>gqh9T9ms#+9sT$w%WGADG#kd-cYJ3RtPgY@6Y<2@5!Sx1@gE%!LM@QzxT#~jzT8@N%H``EF< zHFDDCk4L`1ibMGTj1ZS*(sUYU-Z~zzXyN)oCeI(^2WjGr8ey7h76)9rE*&$+l<@zV zRQ$Iy|H?4ZTU4qAGl#JX^SSOYW z4gdfGY#E>*8^>`(4kXkIo}uH3ySPuh9^!7XQV`NweQ{s=XZi+=+D}7;aG?O27t)^u zKui*iHc4zFfGxemkE4+U{rt$YQUFX@62mRL%n!iANBUK-X51$)HC|6Rj?g$eo)dyp zZEK?s86kg47%A;O3>r28L_x zXm5HVU}m8rk;!dbR!tXeea&xD1iw>xuQ{~2%z`VWCg%a!iF#ij24m%`bJuaeU8bo3 zUp=oDcH|%Ixm{TCd+$?#;0b<{!PG zFPwCXuU;1Xf6w<$pf5mOyfmGschT3s+9!`RAI|m{&i{+LQ^*2jGV2vpq(+4xAT3qN zBOgMipE#Sn!zB(r?JG_0$LjA2B8PwLwe9 z9T06|6Xs#*(H1ww<-g|zJ z0~dgu^c(vxOO)XU<@|yM2_Q4I+X4WyBH+m!<1o0i2@7Yi3jax~wiq4J891;5(nYdP zd@v0N=xDD<6eSigtZ?$pFdod}r>E>%K1-?o>Hv2FF(Z;6_Qqgx3QZSA2y~l`N;r#f z(WVV>n@AN=Hs4|BysJ#IdFouTgHgTLd-iad-pS2C8-M}p9_84lF<}w?>N3k^5~~ZO(uMg!BU)uVWUfq?EP%nluRPK z6}R@nX#mbt%O!IuICw3Hy7&v^;?$vT{3b4Ne|AML5|lO~DuAlpO0Npnh*gopQ?DK^uXs z0${(mVK}yWSO#Z6j%zyM=9S0X!DC`5Gbw3#P_oTZ=8=Z{?dsU(Kx@-pX!-+raqw7k zyj;g7S6(vFA^;pTn+^H3f=d$OLIV@H60Ko73x37^0H+fO(rJJWXeLEHh(G|)_kCf}N@l9xyV}v@Vtk8a%s6s{-{(#pwt;{`u)cZzWbyLe z#5{mw zI3rrihfXwJUS^~K1nYF+{u_oLz9Nwoeeb1L-iOILXNlZ~k@`8HNzq71g- zXxR@#VA5)TzC2pfL(~txYvU1|J{%3`NQgO0ohl`++JE6bnu+=YbY^LoY*thbJ$hOc zf#ymJjN@~Tcs(t0zz#rx5g!L#*FR0?<8n++OwW@ar_K1L3r?1HhqGh46owr0L|vsg zCNEQ(m+7s(ME^Ch%$V<^<(f|W%j9!n0T#1!gHIEPtl1S5)@K5B;gDy*EP5d)| zjw;iuxu`4!8Uvq9qD52+>cTF-g4huquY6OVW21+y(t(>jh1J^oJ`u?col;Cei&ruP zjDXbDp*G)c4!_b9|4|l$>m?NZ&V%c)Kb$MG#D8WDa9HI!NnHAN_Lv zsPxott%z0S>)Kr-Xaj_t@bOETM&rTZs1L^KR-*T$B4*|&FxB{jk}5 zfj33p_6dX5H@oT1-#FSl01XclzgzYm)6PwCX14`^3}Lhcr2&CN1*A*DNh=qC_@KxM zy{tfUjIHa~F3nDPwLsq4#1V9GwSzZ(m1g4X=UublS^o!Z?*Y|BxULIN3L*5+JA~c@ zLs5zdp)0*e6M-P22uQPlw1nOT5d{?i5d;+J0#ZW6UH^my%nV^ozM1d+-ts)po5g!#-%Io6%r%?+9P(GcZ^?#oP2fg7@fz9Fwk4_=5@^oHYH#*sG;fmEd4TaDKp~R8bDL43DQqM3?H}*} zv0ON}7f^Yt>Z^8A0l5}YMgY(>lA=U41&f(&ax>xZPq2*hJ?&!A4{ZldFO|0lD25E9 z&T|9Wphk2MHE4GHW{d@>9Ra#p%=RxPlARy$#~i%TP` z7})L4f-!A4Pl!9gKtKlb!)Gv9+6)9S!Th=@+`0i|#_Mh9{yKUqhwKnh|6zflD z962nlVVquKUS2zO>?8bNF*pCqo`ovJz=Cz?KihP28T=Qg`QPqK{g7yI8b zAZb=uVCJ{#WbJ@HzRA=IK&2IPv z7VR7CCBgU7;xT86QCn1@5v25=aFPG_JGED+Jom2+1jK%3zu=YD{V8VJ0gnMN@9`?t zH9-P8g?32K39s0>J7&AZWL&x3TJx`x_%n#?wD^6JX4F&+>-oAPg$Z*Mk@m0l&xz_z zM$CXu?Fb&6r9oue9s@VD3$)(i_uCDbZfv!Mzk$wKK>JvejG0e=wxMvEZ;t z$F>-G=t_A9W$ZQge!TaClcn2HG%f9057jQ}YJP?k|L~9Q5ugp9htLG-C0rNCz9D(J z#Glu<`bdWJYoubwGZv7+dj^c4@X!M>tIQ4oF8W0lAml&M)u(P(kjsRa!=C5sryy%u zf6#F7@P;@TgbeVXIXK1i7< zC2RBipSCC#Lp2t}`DfRA1#kBvHL!`oTYP|q{l)i{>>+~lyJi4i3QPJU!PM9F6qw~p zDxDUMe#Gk*=irgW8!(3N&?0vfSHffIu+VYV>e;})-n};J2%iGet2FPu+n_xk<^Yj% z-6XIZQkRanFlu~62i%F@pHxfm*EkSa9CK;~XyLXBaga<+3oa%;5>-T>CKfuGZpBec zcQ)uz=X7KeqDEF?k%{Nk>WrbabX4LEy7koy^n}fa#B;|v`{PJ=MhUXMG60lV>YUZX^TBc)Jx&pG0gO# z%O`L-+7d1;>3_kbO0&N@7{4lhvp9KOnxV`^TNWJ?!hQ7#Kk;3t28E`C+Nfr5_dxu`~`kHeJ@j-ALMx zJX;jRo*&_Df5{I7=hB@$wU1Rcs4;hTdX&^BngX)UcVTA^Xr%2Q^G}@4+~5gLKRZxrk^{utdC<0CO>}eMTfKREa>k#}#hQFA zvjPMa0J``2Vha!-#UhhQ%EpucI;-5^0?t{d;DzPt@e7umxzOx-AuRJ9Dk&OWxY!mM zj0zxZpe#P?Qn5<+z1#kXeMH$ouJ>LtRKw#=YQ0Lvk8REp6-PNnx$S(DB~5?W5J#Dw zi}f|fS*x*od|Le2d#BPwYG0W0`^R|l7k%UT@=(Ibc48CzU=EH&XSN$0-FL8~RUiG6 z3Q{VS!uO44nz5XyyI0k36pBugSPu&o$+RNpSz2=X6iVg4k@ji*C>Rpu9suMJq!kM7 znrTzCZIb^II)wmBCDut!xZp1qGFXC4jFIDYy5%=BP8Y=f(+LF2fo`=xWDu#O+=qd` zk~*YK7l6#AW~vy2q@f>$mOrC8uY9)Z{9tXkY8-R%J4)&w>zunG2v!}ozU7uu({Gh+ z5nva?YzB+UZU4!2LglC8jN*x%>jn^qIys}UGRtj9A!gNHLapQmr}%$g@uQyky*Mjf z`oH~)|LNq;#V9W&T2ZMVbRQr+XUcPjjMg7fJLX{g=8|U`WH()B8W52mgek0B@K>67 zr%}q5?3r{coy@Wo@Uxoo^=&8qMA&~kfL~Q7z|jkt!N9|6gwoJKY*NM3W9yO`(3eMN zOeG`FmMyzVkw#Qfz_BExA-hk#H>E8Lef}XTc2WD-z-%ngdu?YJxa<(Kl+1bLxUk_p z;2qT*5^i5ICIeDN=_GEA^$8YSoD|H8<~&hgy}N!pe9|Q!(oPWdHE@6^;EXEi773cv zo0PAPHcFH^Z%(Ko{KkkrNcthMzedwuz;1w9dTpRay%{0xOFWTj?IOQNcNVBONlP3u z&uWF}8SS_RzN0_GN%qr|7mYJb8a*=ys+9252NrHTsn_UYGO@;%nY6Z_Dh@6CCOguKe_UH!w`SOl zbq#EuZWECX#$2UqSa2x07lKl|JMyt44$7kR;o{U3+IF0~=HSkJDSi#-&L#TxL9IlD zuIn)nrOWXW7W{<%`p%Nw0Rc#%RS{~>8VVkct>qo6`U0K1BC!1;JlNQQu_rRMyqZ@3 zs>mi_oUhD8SdtNUs&2)CK-?p$vDF=OB;1QRr+`pizO;Tc$M>z+;9MK%4InI`Wlj>B zsl*?RZqR^Wgv=*f9-hV3-pU+ePpBXbcW1 zT;UY+Kum_$k*RtCxuF&*>rf1CN&YL#aJCQp^!bP8yVr=HWkZFjmI5n`;%N%*wYkZx zJj%ZI$gzICjgafY17ZHH7mU0pFNop2&qEs*H4TFpL%1XV$X>O69;kt0{Cw*<$m~pg zXnWF>;U*fK;z@kk;j@@|)*ejj(66T#OE;;G=g9(#YL$nToTQGWq<04Z23pLUGS@}O zo`=5o9b&1Uo}mn5c!YLTh08ytyareF|D*y3@eE-YabB^{QlWX4KXIS(bvC?dL`*Xk ze!77;xO98y+>wf{{9w|LIYKnw^^0`Q%?$1#7GM_TyPi+9P(TD0!z>`L4{ZYl+{&J$ zgb+@89{3Ak4@&?fTe|4^Mvmoo)9i!{T6?YJH}e#8bqpJTNJvLSo6N6 z5FI=-s}d$wbaiCdP~vDDVgY&O1(QvpO6woMKH%Wrlzik7aDVdl7DJ9B9!xwejoOpQ z-y5sr$hsrk#;qHF;(=o;H%nIQuTOb%4d*NzQ!5C+5nb0xxVUpez+`BycTaY5JjDf? z|Dt#t=j#^e({MiX0QL(3q|vq9v)J`_cq@e3;1~a_G4z1BI)}L8_qH99zP8okkS~xSBIzQ4P8P$HCsUo7GpQJ@@ z`3mzm+>clX{UzN-aMTJZZwFf3mPwe@g9HjjSCU_IcG_HKHC%>cX;scVNG8*(WyQYW zV6}nnAQ{U*TE$s@2ITyyZ~MDaA^53971 znBNdhu6D?8iIlxb37jh#`Q-Dvruw!Ibt)V|mO-LIjquc`Q?nca(Y|DomFJr)j+PY4 zEWp@`s^!K7y|1nnIybN<2m{D{e)dEn4o@@qr-`>Wv zW3Kuws6j6lAo_K@z9!hIL`7(RnGDq*Aip=xjG(e1q4cRISgWf8XmgK#P=~Msw!>*- zw)Biq{byCjaAiS~4AtlYJS_7xnKk>DMO`28NKCL@i}0=^J_DNw0Ji)*J380ffRmKB z9|y>BiGH)=o1PTf&Sm8N$V9)>SaTw|*g~$ODUvorD~4YB+`4xk(k_jmtRPVwlXrL~ z20+#VvOs1fkt7-$rM*$>by-+=PW!LKk`xW!t%vjd%rb5JNdl=F7jqXpi5ONw5yIj7 zH!+T>b&?VMtS?PhOJ1hd`mg^bqW&)j{t;gPmm~lC9Y!`j8!b=6^02JHSMw5wZU~7$ zA&)?FeZ@>IQ@UWPpVA>vh=69(Fa!K`Pqh^d(vDv7L#yV;nhr^C4hl2yq!%_aKJviU z%pchCim;vJt2yK-09TA+zyQc_0&DNL8W;!D%Mx3&tC=wA6JpX)Cd9d$RJe?@+2#N= z3@GtpCzH5VBey(w!#F_m=?puQ@_x<^$<|y6F`EPFlrFh?e>V205Ix+Y3 z`&1lkNJ8$bnBv?PH3tJvQmLS2YTpaiw)Nvdiwzs7Lw(Iho=>Wv$oDET7i`{tMsS!~Jx` zt~)GM?F3dGIMqbt ziSbIZsI*(av+6?xnw~1w-$}@A2P<*(g9x+$@JGnKb_pz0q2<=Dqt+_yf>mjyE~{+) zde=Q)nE`6;oJuRR{?6`l`{K-@PU+&zSknVKW|_0}Y~OC5dpGL=6GCQhcUWBb%0>A8 zOK5VnmAE>mB;Nvl&%x0kRAwo9J=8h%D;Rg*5H%!ZF?8SUY7~Y556VRWTyTz2SOOvU z=v#dvv17qOi+F#8fP;#qy8J`;8fOX7KcrLzfr7VXB9u^%G1Bl3OISVFbLF7om>_2T zW#rDd*7daaaMBD9fDxz!Porui%rx9B+xh?=>>bmeqfUHwJs~`Mc@!$_t|6i3U$8rI z@AT4|yFugw)Mr+{Rf_g^HPi(6Q`0*}46@HugQ6B~n4x-yei#&YyX0O`A*vVwDoNPZ)ggyXagd zSbe|toZmK~DN@&V%ml1QGZN4Nih@74d2FTan{nAvkuPbgex*#VB3i&080w$ngj>w} zGB(5fDQlN>7j}Tc=Ct&VaNbwZ%g^@bn(f~H?QnsS$Nj0pC|# z(bQUFK14s}=soYYq{XQ|2y3?@UkBnld?vL2ApJCJz{n=|w+O&Zyku_wQvY*GomCp3 zybYgqQDfE}IMboM2KH15{u5D06uGtSAfS4T)Y+Y0I&bDT4W#EgKA7cd{}90Vnux%e zirFz;nh)gYZ{}he>*wS?C(AT&wK5Nb|xfTz;d-LKND{U4Y+&~h{0}N86N*O}9PD!oxp~`f>sINJL zLv#Xah>5iR>s8+@e}#OD@a1UBTfU)}gcB{LO=H`l%4pWY zmQ17A&V=t+90nz7g$+MES97TGY>{P+d{QBI{xd`plF-OzB>yTJD=k5_=pB(Ma#whn zb8r?VP}<=q0TBtU)udyjvS`VWiVL5gc_9y;vH{nSkN)GqT>jvv-t{TT;Vz20 zzMKr+g%B2vFEY`P9?CXQ{Jjm7EiWL;*D_J5pBg*CAYh|0Iu4Zyce*cq6ZDU4uiyE= z(in3!Ivq)5W5Hb3gz&`Rar>M^eFnu?HgzRAle4&HNsxR=hsTB+ig~l<(5*GfT{6cE zssDA4nGz_PfwNb?D!sYvS0H(Xqd!>8gYH2`$Cc8{6adQ1GV=%-1sj(WxUynQ`M$(s zt#SCshi2ym^Y5tO`Lj^uxB9c8I$=nGD#OA@4TnMC6wj!xEp2A-?b89SK@KU%`y>7) zFSpUwISz?!dz%OwX=xp#FI2`}+;x^dttHq-Jb2m{`FII%Gf>wl@WeD-6JM^s%S(Wt zdZ%k;#U|N8>sEbkR$;V%mT?N|OnUX&+3MuMtUt|~PSytO(%gm^NJ`wMWm@+m2f$Se zR(QUQ(OSRg$;ZRhWa?1##dt+>ZUb7)B;*JgXT;O6vmq?~=*0eMbDbIjiq#Q)*;7jdH_ zO&{g(SVEH8hU+?u=RT&2UyDo)Um)V55H_KB89n;NX+~Ip1?}@kb2VmlkB%c@4{cJ< z>bhVPdymC1v5^uJejvG58NFkGGiW$|sANQMmqHrDL zBY48=42=_he{3k)BA(H~Lgd#%`>gLq4dNgi9kVstf)(0cWB%B4mjQ+-j8Xpn*X?Ow z$a$1Wvk^Pvb@F`#gtBsz@CG{REJ2|EE3}73_scImo6WIyyCX!6`gljX09efQ)sOJE z-vUN}H?jg@@(ZwmtfmsfvJhd)pkxe~b_WCpu=*Q{^O8+3O}O>eK_qRA=0(0i|55ho zjs)7GqG5TkL5E)Li|JLU`YD0Q_!hR*`H0P)1v z?;e)y{{Hh*8)`PM@5WR|Wy(?$F+h@UfG^_%&RD^UDX#mc3`BZ*?7?W7!Fw2<8cf=O z$q8W*uXEaIn^4?S@7HOh(HN@_A#hf!uc#Y1AYU{7W3cpC!3;h?G&NFLTH^yN75RW^ z^!ltG7v^~FJ*kt1zqNtC|2BuO&iA^*1W)lwF`L#Cv)#V=NNL8rjVuC`)}Ga=E|`PpozV-dTVtnM${NR#G*=yy*2@An8fXL~v5)Pvi3 zup}M!UahewJbu{$r)cD_5BvjX!w^nrM9IV!=PrsDgfkB^uG}hQ2tMz2lFBW9j^j8v zh4PD(I2PUe>v2y(<5uZ69yr*phxS1jyyVFd*t?PBr z?LR8A+H=|m5tiRCzQMuHo5K}8&at_>nNuw}H(u&!28OkQK5Q$ZBAMrTR~Wzx>xIO2i4|lH{Cpo_2aU(_^@KZA7~fENa*mpz z{D^lQv%9>FUl?adxCG8AC^04H5xG$D2YKM1lE?C00F=>UIST{PN2rN}v?>;+6iomV zk%NHlWNV~EIu5j|5yR12GFn%B6@CZvxM0y5LT&i7)jV5|yc?MJBhsH4^&6Q{0ADSC z0mIDOpL9W|XpIG+(>flI&UxMHMp;R`dpJX`Perw?P{&H}c@{oa&A>Wns8 z?bQ-^4w60+AVlsck);#+PBW9h84ZQ4@it)761B&eETkl6Ge!x4G_KO}M&3#CYb8Cu zL&`di{za}EJ~m1`fFy>`LDa59ul3dEmIJsS8iep$uLIe(Xd)`T9{;SiQw7fuKf$MN z(Wt32YQ7?*OA}&Vaa%rB&=ISD%E(c8{^x^&3weAftsU;!pXstAkDp6?X^qhF32 zWGmQ4s1kug86s_@W54iM0`U!dS(r21$Njw^(9(sPo$Zg{{uZOadHcW`Pv)cB%2*}e95?N{tQJZ>}SB-M%#-nqD}Ivkufq+* z8~h=}{7UhcY5|%rInS&i6XVK8L=2vUfXDM=E;qKrNW|?eHEnQ*i@^Kq0|&Rp#W;h1 z(J23WX7pcHG!^V7FH^FjvfuqwWl-U|X3qcBmiOSnR^Y9r|Iokv0rnpY$Dt8)yPfzw zoD!d$RG{RF>kLsANF_20+uIluhq)v3z;!6@UeQp?!p|SkWr{@1_POR2lpDhb+PY4F z4~g3j^_gi@ft4lYjeE0jSn=c|L;)o6m*^?_SnF>Rb6M;!Dnd!YShIZ0C;F;;91W_& z7KDUacpIAA{+@}))GX>C3PbdCh1$a-Oe z+p7@}LaS?7g4(_krGUYA6hY zK2RKhV!cZMbSwcljr-jm;*D1TwiEQXkIJ!dx}Nsac2E@uh_3yK!cRrzTBHIWSsrxR$nEa)Cao*d`ma|`PJ{BWzqla|WF6iDS%Ch81u z_96kEME-UzcI(tL7tWIt-~2gJT_1zLFnIA)=8k+G2@a9IE$yOtDF+R@{0H0UzfDvA z&1eeDLbH^gnh76GlGD$f{wjPEUZ#6`kKM~j<;+}7<+wI@@Cb=xdR2VP5$%Yl5JFzM z@gg}$h3x}?LPuKOrtpw>BbT}8O09>9^}_$f>la0=bZ-1);A9}QF=#^D5Qc71;a~1> z-1Tw0!`+ch?HR`RN=&)2MjPCaTe{8ks?OX&85t1wJ|EL|kTzs@Qr(M@2*^UnY~xvC zl!^cS1}-e9AaV3^e|Be`V{d1?Ti;bJAt320h(d3uXxn2(`Wd!pmf)F(@@n2yS131^#k$@o=%~KHH%Lq-tS#$uB?fK3Uu+Z1P!{mA9bij_!ZR=|r zC(u#nD7hHyJ0+AOiu(qs^U*}EjPC$>MPI;~dmUkxe_pGlP>F_Ys_I%l$zXW)<5LRP z5fJ8}0x|mhFX^i`h@ zAWp}gQ9hOWb42y6Z!rk22c0=h0ztg`BEwTgTI>JbrvKy2U&HR83a&`7{Lyn2{FT-P zu-$y5O#n9>g{bum_|oI*Cq+NKE$x2`6Gr8|?`>S%)BN&f-OcwEfSN~dh)?vgg4@FM?MJRI zZR0jls|ZRfRks#KfZVY;1-0#V+J2YwmgjfJUHu0j?8C#4PxlY#e|+yz2Yb;-n%%Ow z8(bb3`Si2^>ZI|=ryYW56`n?#=(>`@#Dr8g2Y3F4Z7^m%!~7|DICq*xwI2DgMk_3y6m-#>vr67Id{O9@cH%*^bU;*SwkTi5CiJjez61pbC zct0$DE#SpAgkcV0n9!h*4FSg7NzG zf54NkYIJHQ0Z_z8eA_mB$}Nuxf(E2HWCT=P_N8y^mkgcOE7(!6B|2#GF3B@JcoGVS zWD8U(!Cr~JY0gz*tZtZp)%tmkP{N)8R6RyHB;2>`^#s0M0NO9;R=f^%qk;nWG3)e1 zIprT^eqbwb?iBs$KF?D0pU~n=FW1n;zAzNRq z&%Iq<50YU@Yxe8Yn*h(dzAvms1ee|fBo*5}=mE?b8?FM@VXh#4mhU|$p_+l&^0e`B zzdOOx-OEwb@Vd@3@;d4{@}++gn@;4(56&!gJ~L~C5p736O|+@*YLT4cgzMwOUnSHU zku+!q7|+wcDjLC)k_X-Bk9Cf)fJlDZr;$r%8AvMB`F;i9L0ofXf3NJa51HV2e5(3! zeiB09mcWujAV-g`3Py+6`tO){k?Qzee{0qJaN2`a|%+IrIC|Kd7!`q zZzf~)X18s4Q72HsN(Xp;=##}-mf&jvpH~3xm5BY9kCh;xo8>zUf_<3Ua3PSo&QPAS zIT~N0Hm8Rj0P!j+&Brd0aovj+;7uypQiOH6F~=u@NJ4}FuvRKu>8*x7Ts)Tcxh5Kx zZ2j2<`lMZ22%61>J-laZpvd1wYojxBe^xg}c)-gqLV7-EOyFHdy zz}-%Gdf(Zx^#i7-Ykuob$Dx0KIW4+@s|E=ABBom+`I@>1*C*Je_Ievi|IK^^Da+H_ zbAdxyNxi|Jgov=8pjUz)c?DiuzJCF~N)+c6BnX{hPE*BC|rnw;ExeIuJE@2|V(fCxfoFX_p44pHr6_NEFZY z;+%juKKVOO{6L}rx!3(5uF*vG#mkVU{dHYn+zK%sR~oFnES6sMHD#NhX6F&ot>`e3-_r6;&XOaFd|s) zYczK^7jc;}$gm8}D%Pk+aTdo`t^#t4OgO?hp6fS;61*)^LCkAY_q?8Sil+t+UexNf z{<^n(vM5DN8;sgT?L6WHSBbB#THo3RzcyTj1H{+%wePzj*WAb-s8el%fP#F{t??ne znIeJ8OoN<+hNHW0GcJNujRi!0IIHd*T5h#4T-U61dE-RmdIS%d^$bJC7GUqNUz3qUcbBKiB?`77z z`kAs5CDJ~~ZnP*jqT^mcX>+invutg1;%wRQ2wL}^X@(=hX`kMo(v3#U7_q=3S|Vwz zs+`6ZnuryKtv9tnh_C+F`eTC+2+Z)&o6iZCm z@jO`ZNxo=tsBiRq&LJT2fyH{#?xv9GP{0Hql=YiA(VT5Om=E<_#-M&}+Mv#Zn) zE~!YCb;oHR*vsA#{ts%}|M(L;=JGT(`R=?AU(Y7eiuc&@W@k+3B|}sjmC369u%!;~ zNaL>qw9A)54QoGw(TzuXGny(y6`j}_U6u24x&4i2zk?C1Oy^Ky0VhTvtgZ#oEWONP z6jow7yDm#=0g77GzJKCm)0E!Euk!6s>{<71ujT~&(Vt!IVan4!QCtndfh@@He;*z6 zikvp~>@n(QmZLD4cD7sm~P0=3Hu z;>900wwxADp3rQ+`DsgPj?Cd>pQi|0$ZZQ)QPZdDaf+FZrhaJzM9jvYGbk++pcvYo zWOZFn|58+x+UE^g7<>G=OjgB{_f05$Ra1{v*1<1b`r_8*o(Doy2WJXu%Fzmm(dF`_ zO{c6>UN2D8CUlCxY=yV)+TtunhJ}Hi&O|^`eB@k!o04tB29K#S18^yR`|zf&e#x?5 zvXkFIRBvdVdXEdLs_VJWh3eCiA;u}s8=?40;5!y~Z?SrziR&E;&^vt5!Fn~MMfaKV zG&ViT^&8To_Ho!sczs&lfh=B#FXmiP;|dX&b%>mY?4`s&PDc%vIO@ZnDiUBH0UOfP z26{cJQIM*Rz2vwffZ^qsQu>*x*=0+a{jftzbVJ5wjzzZ3K*2+<6atsI+TGfLG0N;s zj&^2WP2CUT8ML|S|N#$s~(`XMiu(3 zCRUj&fgbnwZT$8LY_?_<0N$+n50zTTPM$I8N$edfn%GY1DjmLD9a^@gYY-)pg6nfW z(vTeU2zuFNyd~^Nb*x(U3V%t%pnfBT0l!UeE*gDHMifjj1w(@GVdG)|Et0FkGDWf5VtcV!>5Efk)i z+%!WdN|}Jv?qq-}pbzAC^4GO}3RRuH%KvOuF6%^r z|8aT>#m|RCzF8}|5p0IZs&pZC^tfCsT5lnCmR*+|b9_0Nnc_Fa<4}O0X}iZueA zvv-bmqaL6EyoYTDx+H#C9QAyyJ$VQJ6$6JF!FArcB(1NnvQ*L2W;{}qwD%-h%lKxz zUk67B9c8o9{cR1JyU?f@648^@v0p-i-YUQ_D;O#`aj(*eR}cPRfToJmt`y9#`vlXk zGw#x!IS#=h<)ict#Lb;IulTQbLK0dhQ$BwJiug$}K-3e>YfE0$qVG}9R~bVL>@;bf zaAqd0x0TIRsZ?81<8D>(utSm&8qSiFt@F;FT&PJa-hCy}RC?lA^g6R76_WXt)yC9c zuvMTM-*idlRC9(I1sq3cY5HD}k4X`j!(nXbY0gFz4D0p4l`&zBja>kWt)YR}}~<~ZL7V<)^3@lsRq^h$}FU!BdZ6WhHO zk&o%g`;6krN{sTsm5(U11SDDbPM1`P#bq0DR}$4vf<)#R!(;3}-sR%9U^;ju?7;dJvMa+kxRFO1|i$1u+0FfeeTWxtu{Hu1CBt4{N$GCX6^ z3>;Wu@n)yUSvEJY#SqYqGH=eeoTz(Jk_^Qxy&&rNj`j5}rcoPORK5T8_?BiLh{MX& z_C%XrpI3WLo@XiOMF?DetWmf;H|PE6Pr|pixTcoY*T)25C~Cw{Wt0#V75d-sBCgleg1qZaBuM<#~IDgeP&OatweA4b-=} z3SjP-a(uR&K6B?inqxb*yW|_=40(wzXBHZX+e7umb;VYa{w5v#wS?$wZv(o8Ip?P| zb}Rl(U3&{Hb)IE6eH7=~0TjT~Gigo-Tu2FqNMBXT7Z`!{t1K;q5)-79L?x}mbJ-+j zb?(^|>w@r}<@Vst$ZUn`L*<1ECy^tYeHXRTbgv#y9t69YWBl6d+g>r)6DSdY32RBS zE*mM=tWF671TC*zUzkk2dmhJwUTW?(Y1?`v54&i&tx)sbcB6TS`r*P91>LaS-9ES5 zcK2_8%fjP$X?F~zzMqb#%xwN(>?6ACKb0JDv*Z841$f}OA9aY1iy(>^^Yn*ID9=I` zFxNKj8j*8Hul_E6JUO-l4!QeM2Zhe5#wDCT=rtsWv z4M45wz`AFv_`Hx0i*B~pr61F>8w~V%iqVBU6J);hob#?kjX>!^^6oLl&hiWE6>BZd zlIK=!j0ii(J?OKKSI)d00q0janUdpO^lnTg6M3l1p#x1~#F6KPO3jcoTba#O{j~4z z){`#IHC*OpScH9XkB&4%$Rxa6uO?ha67skpbJv#Fgy2x-w|&NgDz_%`$eG@S{(KUr z!To4YLF!XQ1v}IDEHMYdFqgF2i)9ffb1vtw>T_?*`BegLE|#bp6bzm9gJ`E_)?ENL*iIQv-W21rUxec#7+Ah+?Y~cX@mv^H{V6xHacBDk zL>91e*Yt2RnBG3l6j#Tm>wz1yw$@?-=~2L6dgT|06mkuK=)3&L$=PZB2MNyRx$R&0c8#(19T!D zv^UaIqSp6;0_*WJe)iil;B|*noVW3tAEqA9QLu+oEKRQ(bbWBR;aB9=4$(UJ(PZKX z!96)Lk5A?2@1c?Ye_i06>XUN^&fgF?-OaTx?OM@LQY2)h6K7;?uy29~h%+~wnfSlb zfIS2(q;+%y7V38O(Z!1CSvpHAhG9dGgln4MK|cuQJMGh27hl`_1H|3r=n^s3g`bB% z06~I;+%xsxv{!7tQqC@T*gxC%H=e!R+!K-KZ+bh)TJgi>%;+~%^Bnm& z>ri8ts-C8pB<$=^WfOCQ{-xI$E#SA%{~mhu7u)^Jrf=(?pXtQEE%QDrHz>d6XB`;$ z?@#~pJ;|aYS)E`3UFDA(v_$x!FYNp|*MJm-R+4ZMTZa?7M+UW~Jj$or*`&M*D;hg% znaEfhDZHpHV95@vziJ>ZW%SsyNY)uT1Lmu=7GUsrB1mmA?>$z$hUiItom ztODDJ$ZzwXe}CHEg8)B7&{w)+!TjgUYOw~vC7ZmomF3?JKj`IqS<$HX^pZS>bI!X; zJd(E-E?L1(T-O%rT1gHhvZ82Mop7r~4yxs_g2+GLFAt-bm0VvXPs3m8y%jCmm-SaY z^UQmhv=`)_>h`bLVwy z4uk+;wPG1IA!WrrnpJQ0$Cdyev^nRdla}6L0Kd2lG>el}Zk%sfrFyDubr$fjs`au8 zRA!tWuATurEJd(OObRd6nvgaQZ*@*pC)UusUcU%b^CZQV+mQF}q{}5i5_BJqUJ@I? zc#;+OtY?1cH(nK7U%1~O>R_qeTYgDCfH_UW&Nn?E^mv9m3lqY!VmrBm&FH^Iy*yYW zo&6Q?g7IF5+OT>6ck5=%Z#dFh>A+;2&v7p5Jxw~A6wcGuy+GN&pNinL z2WQY=wlqY~>_#VxuhhP2>nJ!I8d*btGuo*bCMd0Qpu=v~9Z}Z}>7?0L2Hdl6vU|z3 zlJfcy>fq_r-(FS%Lkn$M*eft8+T9mg-cl)VssB{%NXq@;fKb$Tf9>6+Tab-ML+Ibp z&WEozsLlEm-LC^l1Kka>Aqae_3pmWs%Y*+U%X}U3u#wtln(=Xib8nLT&!~fr?IFHXrV}9EAhwB(?W?4 z9J$1+q-BamsOmnf=3$lx-OEE?!_nHGa`m_4PU&&bKK**$kL(_N+y0q7r4=duZsHn9 z0vzJj?z1;lYs}3&oz&hJ%BQmGIcDau41GG??6vAUYV)+c*Cd9yc9bl7;_@*g!z2-p z8(}spbVe|mOKuS+vpv0eRr8eP;&^<^bbn`+mu62kd-r1#Y&s;4B8yTOCx1fYcLGVB zAc=*sr}JT5&r414&YyW$moU5367$A1l;f(5DEz~7i|YQRrvt6v5o8{qoIEkC@+?`X zJ&p!tfoYgv=J|ah{liSO-PHPIPZx6>hj*W}^y9_8@$A|wBaCIG2T$S>Guy(~v_@Zu zgn=M=xK`S+>8A8+YE1&N18{5r>iGBXAkrch#2RxJ(VGfQ@I!E!-r-2YIgNY`30$6| z`^wP9+VKV4i+csH7wk~cFs6#)1`{Fw4{h%q)Kt{=i|#ZC5FpY!p-S&40!rv0Aianp zp$Ui-ktPU)CP+sC5s@w(DWW1ZR1s-X1f>KJ1VM`Qntk)0^Ua;_oH=vm{&O>X_9SbP zOtRMAYpv&benl3^TUiwm_oDvId+-AFQ(S-9(q7h3V#d%C#sn#$O_8={B%dj+25J~X zY5W|odJ9xjgcxj{ca{MtNCZPP#cZmW$0m<6(rHY|XO!ysPXr!Pgjc>BTN&t-c6)wc zjRH4=lE4jeXty8MGCa`l%*YP8F7gV{`k;4zEU(=gl5aVJ^wX$tj`h1)@(-}Dl}VK6 z$*8lOTulV-WN%}#EJNozN5s5G8!Q(xKl;^lB<&Ma@vkqK3OfZEoW&D5w2^3EL&i^P zN7Y*=e2wp-p_B##09!7dR&BQQyw$3l8W>Cm&Bqry1xjU{P^JAt&o@Qgpc3DCjy|ux zg5>mJ=QotyO=l}NMK~JYL@@lO@TK5Z*xKNfe5dAvDTk87VZqPPzEvroYr7sWoJq9H zXiraAOb1QsCmQSBr>Xz$y^-E%uM%L6qEa`vkhKfmb8_zK!~poVu6HOp}(qCX+RL17q!Y|JR)J8Jsd(eu>?4 zI_jp0+@`%3Wvg8(~HjWamHkCqCD5Ei!UvdRECap0`Zu zJ$P@q1hY<$=AGukLsLR5PdW9I!7C_?NQR5M{+Q^_ z&?Z0Jr%xzz^lER7Ns+;(;(4GfI{?eMWU+L@_$I6)ixt=3;nv{%d9tD7r9-UbQo(xo zJO&SiBgr{;=gcRE?q<&-FOw3}7yi$god2}`S2kzq+DL8p#jW3v!_N=#jLr@z)_Nu{ z*5%L;GsN&Oq$bcME^7bq$M>IQv+6bAIsI_yig)vC31QX^n@d%kRDGiGMht~gk8-0p>vB(t&(VK4t%d}tDdFSy#@0@Z(9Jz3L-88Q)xNG=(K_4A=;@c75{gHiEuH>%P&oor;O-)kYsJir%a+d&Z2I8&H5xK5%8a&q=@#+lKRg9v93Osg^t6_EVH?K` z5vru^-zawaeTgmb*z>jBNkO@gjnDaTZn#>4j`Rbv1QrT_192jUvEI?2B+yq6g8^ae zW&OX2l$&si!qJ_Dw;+ji&gMR1<)w$o%2%*+mQ4cp*gcjj2*`xkoe-2okodiEyZh*^ zR_VJd$ya<6r)_;4YHS2Lw{&_r9<53w4oLFwg4lRVH~JL=lb=r}$;W>$Qv7ev$NpoK zT@n1~iW>N<0|h86$*>0Q>4yMUMnth@0GwaU(a5=2KA%i1$Myp}o;($FH||H+lhoD~ zdK_#n$TAe023~(tqPBjOF8F|Wy8aZ;7{yU%oy1*W7`Fck9&4f5ctb<|&c1XFxJ4CN zKkH&Y+dw;Fa))&<8&ZA`N!;MG<&^DMk}&mEI|O%~7o%h_*SLyTH4)vo+duLeeV~{t zZv&q#i|pRU%tOv?>4Gd(HtaO(lJV4%x|6ju@@uS%lDqHEM|@TM)4~UPFGeDTz4YJS zR8I>3i5n&W{eDLH#l4F$#^AM!sLl$*n#jTOF8ACc9FJ@{d)^{e*3LbnqZ<#q!u)S^yk`Dh?;3+M>xcz``TF6Kxmdx3tq0{3; zmWp=s{)iLu>!KUO{4I2C-va$-9c+?0zS8bGCA1L^&mPFIQM)gQ-93X8S^b_}FeZ#G zQS?M-xr|3HwjMU9Z4I%yrkrXXrd*>=i%~VJ6-({cf!-xjJteOKs?gE37{IiN&iX%9 zWYRA>`7*X+1*mFaO*B?c>m1*>{ELaDI#of}2RbzIYF4QI5VrF5MZl>I6qnDgt|fU( zjIr>WttTt>YMb1AQm8Cd)x1COK)+YXX)*c7Nf)40pQZtuxrNfTcatkHWV(>-j<-h=(68lkZ-40601C$Usg865S_i{e(OJKCF zY#~UNAC$a$QE#$*W^;*KEHFuo{zUz2(x)!ccR&zI$1Sf=?yZa%)KG!UI7o-`lE9=-&_!`rgEj{pY*RT;( zkv6z71ElFsSX97Ostys)TsCU_H z$j6X}e@75LWSEAunJm0DXL*Z{+{;SA$F9pw{`jy-yZ2yz?X={xYnKme0ipSMyH~nK z3KSyS=8FIV11z8<4UQUPFA2f$C>axo(sKCFPygs_p251nX-_RPF8wDWG$7G37FRIX zkn3`Fn$Y%YEB9~%S@c(=l;_^iQWX}$q$J$yr(n5eM{GeN?zHB$XECR$ysrntTCf6% zs^gW})xf)%)g3_QEu9lM`1_)OMx;;VY!_lzGS69aArly)Hytl{HU}5dMa(lGz?mIC z?x<`_58~+_lhNxtdlRl1LOHNZ*?5*V6-iZ&0a&-%E zyo=%H6va;}ZH((AqIT~)gJt+Wfx5#4uC6o1Vrc%6c!3OQIHuEVsd$5wB_E@XDn!;N`q?4IW;a3(f~IAOj=Zze@g`Ce8;GACaZ? zzVz|2Fqk2p;lT>A8qhZ}DGQ1-5AM8hMsd0qve6FCP{B_GzY)RKAT|o_3v?F^693pJ zo3t1<Hzna4sipUvB>_sKViamjbGJBOhAD9R_Usq^{<8E73a3u5~~9A5;|O;Bau0 z(D`bfVJr8Dp6nKr7)|5Lvi;%D8FbWSyJed|c^38;dnFa1fbmQ;9P9O~i&B=COb%7? z-uVCR2nTI32EeQEQc}LxeDSMeCHBm%?(=n~9#KeGYQpP<-PnaDX4&>G~9u*sx)4ilTz*e!Lv~4t2ug z@MWQ$ixRT2w^IR=Gc|dL*Hf~5nNb`-GJrwiPL|cg(Lqt75b6Snece>;OxnQ6iJ<1j zYZw1bnh1S~07UVbylhFo?4iCw8tKB9&fi4&zV-|Z;Ko}##s=TgyXp-dUfjZ9!+tv% z*Q&M7;bFHrJhIWqs zvEa=KeZ@ntj~=1cZ?(`FC3^is2A&>IpQR_e9hGrj-z|_P+h!gHPPxXO{!leOkA!j) z^whbrsj#tp4>S@Gl~%<=5OK;uj@PH4%El0{ zUrzdH`+0@AAu$?*xa$}0vznalg(;n7|U#qNJ{x6S~H$e2D~`wP2# z9d_v2*PjTGo8sW1EW^^zAIRbGoN=~Cg-~VCMr7;k+AqETpeFf!?#n~oF{` znM6a`5DFcNxQ;l>`HYy=#~AD8(Or0#9`zYvfU!!v7E+W4n_CsOoGzmlMXa zY|CWZQ2#&(@L6Bg+|AJNFf>t!;l7Ne@t?eRG>iBJ+F&dk>|=8llXn>SF2V&wA1*{> zg>w=(qT*afMM^ypZO^*H_5Zh@On$iT1+V)ad#$Z%6YHU$6$2v?EDS`#5|CX$m| zMgHJ=9Lpx;^ZRyzb>H?wxIMteK2+5}Jmzk3m zF7Rf-4e1!7n19+Dd)Dp2=wAwxRl70VYefD%EP$aSEEw2hd3vUa!w?a~ZIPR9Mi;zX zQrhrxRr;oCMiA>}_qL&~`B1+gq?*j(<%D-O?c_Q#bP?tFM#dx!=d8PCdFWpgz(6H- zhxe{LNPGwVnC?XA(n7MKau>h*G4_=cs~S>Z_P1-o4t@BGdavrqhQigeu-)2|4@}pa z15#_sB>ljBooPXY#Je*M(4#^mC=PyTS~x=`aO1nD4MS2ckVwVpc3cyFtM08(@e?8# z0Z}-NJ`%6txhCd-weN`XM?7`nYSp-H?U~m?o)meG%w;G$wAPqBUY}3}b$I;A3Wr!A)NVWoNWl%y| z|5-||jZ3jHKkilwxvN;dY5>T{k(9eCEOQERa5Bj8170uryB_zJy8RnFpKG3b9>~Go3E)$Ph;pP7Nt|5KkLFfV$<3i>x$nhnqCs7bV$FmhgW4aUNRAyN?V?-A>Yf-n;Wai0t%mifstkS5DGsTTl`5)Y=d*e5h57l0qi&^M zks4{5koJen!D9V8t_OiVqxK!`cUDH{orjhKY;cNui;|O#dDZGgfQWnF@8xDT@1GW! zhnjy-h|x`R;#u{4F0_n07nU+ZI2@t~+;Yr4U`k%fU3#>VsPId&A}c|==O_i8EO@zY zB=YVbbF&}S;>I`g`DW$2F_&dn9DKJg%wqATVQYfda|)a=EoEP>gJ;_kiVFz$wAC=w1!<0*~-ukN(7zgAIdnEC2yAIkfP2u8N1OM^qSw zK?m`-Y?xU!&Jh%Y?HX#WA@FO332`3I(FMRzKk94_HX}brh5=*@T4fZSyt{K54S$m> zq!2wYpKnULEZu8<2&pFnhbb>pu>Zl|H@gysb)aen^O?vQs?L&Vp)qgD%X&unUV93C zxsOrM?jsf#6JsfB>x)aU)wR`zXu~K-zIgz3~}Y|x;cN}h5rcveZ#%i zowh!RKw!l^?I&{K|MF?%Re{iDd(Ep)SSy|Kwt%O45r66N8bL@*VDTgCt6R!=GHwsA zawv=np=zD&qXD84xCW*zet$hJR~zftJOq~-!uxluL$^6x0VGA}$Dmi8Pri1MAc@8K zKG*wF-)LXlCBvKjy&kAOaIp*t{Q|WtW5=q=Iqwz1&Xc|ua9jXzv%}yTJ7uL>6L3=o zrCWPQt=yiQ(hrRwY!a_e_b z02={u33(djiw}z8AUKA`lnx2>g%!y-w&^7TfE~64pa4MlL|SjfE2#6hJ@ryvew&+0 zE?BYyOuV^oud;?UtRnFi`LM`_sGpo7%Z$9|Jseqd5Y4H`>sy;_Pr$NRLBrAaN4nll z+xtGccp0x1a32*lkv9uSWKjrAg~V{%_o2iWnUH1_k95=CF-*4 zu5%ieAbl4QAChj)iYC9;V0=l53qIE*76C8aZw%XSx)oCc_TQn$|hTwX2o?7naqss9mr1MzWpAOw+QEF<3`3z58xMYdXEMfz6qwy%an~@KZ2W~AF6v^X^c3MZIOHDTZoxp>kRKS*0J#d| z@e!hA^7*MkY?MKzNa)u;tEhP(3C^>k1k4_Ft9y?zT{w+HhOtQNUehtejP;Tw3ZXQA z$@zq^;{|=IdtL9o`*Zv_2NUy73h^*5@ohMO-XkSev-s~!qpeqs2#l-Rg<;FGb$K%J zJ7R1onmf`QuBe2vuJ`@t>;Dm1?husqZX32|()yAWn+U{H!t!@b;_UrydN}#qD~!^! zNV6tpw%mDJe4qd}_xZ`tN}33r8c#6|Yd?-U-IgS}hLe6pVxWZJsPZFR*{i=4^9nbq z{4j6yDZTLgMvejTAs)_Xm&~nj=qGg|0RUL>cRQP*cMoY=g_iC;&!C3$iPQ`UPybRge)U2Eod|I%`<}$zbpG3s?Q3p z5Nb8&Ao@K=bV4a(34BVI=edNs0fM9|O`gFFv|HKxbm`@Q3EP?Kg?hnPN5GJ1Z;TqH zUah|Jd>R?dff|iNz+X+85`B6{doMbQzTe&an>m3s$8PvsHag^8{8c2+9|8^~eBdA+ zIQ&heUyzV#Bv0@?#{_DflA+ZcV>R|U+P zr?F(8iVja+Ld}8dviN5m2%`PE+ugXudPWmzLeSgtqKNi<0JHx+@Z3$ahf3kOU=Hgo z4d$gdMLzVZR#B z-$qT}m^~Qz=(i?b9`h#6^MNo`HfpyFD|a`FHu-1FBk$Y0^)5sgAV^@~!7^2J_(6uV z$2;$tOv|y;t@PQ6n%Be{UW*Hl!@JY_p3%6r&?qD;DyXEj&gCvqd;t)KOlf=!T~Cuo zjnL#$GXNu(JfWrvl#H`^XKROl6-~Ytq{`&K2`J=XaUo9mE;*s>JOKHGllW_ecE<97n`k~ZXPX;;&vcGGXJ{jm zSvrrAxP}*ZZNc-EG=P>oci?DR*5cS4O1NZ;c$4y@%rzK5954!WB+>nhq+ih{`3UIr z86=xAAtdDUzY({e4@bI8;ovdR@by=P30|t{x{~)~4VVSlwXKT%u)K5h7E1(_;P{t6 zL%&aVJSsWPcrtvf=s{|Y+&_PfiJ!i-p~v5alD&3*>)~0*$;L~+Jy?tnl^9nZ*w8XO zfAw*ODqcp=g;GRPP;TFVc#d~SpkTqcH+0ZiHwU)H;F&rCS?1oCIX(Jt4S;Z9xfrY{ zQfUgcueUz&xqv%Oy1>RilS+ULL;^@vz0Tg>*{{_Q@%^oFDpjASDxN*87x3@VLIC|e znX<*SZ!bGPQu*d2AHW2j#RQi{j8J%HpGtnpyC&3c7Dk;g!pF?ogFk_9_FkfD!9(Ay zAduC>L~4ghDzoXoqrCfbfUgMNBtFa!6A;1YcnyWh&x4x}b5KBUG_C~Vp%6Wf46=jZ z$fMvsCT|%%W``(<2^N7-2ski3-xEy!=7*l#mN0?5V0qAf0}rVXR5x9I{rYVB;CM;f zf^r))>~fi0M+t?`?ckBxQ94IA+3&*5-sC-jq!vgjcURR?JE?7;(V~t$CPrG%84QTw z2YP}g)stO^cc4Bh^7@4VgnkM{y<1rh4t`H3&>O;QJ>{{^Z zofD2n3rtYFw@tc3@amr&AqsUT?biLYqkj<@%JDe)DgoBkAV5j1qefgpudm(0McUyk zsS8C_r6l{Kk9Ay$Z9nc~=NaLNqNB15<@{nFji7%7t4z4fM%fkhW$xZTwbN|gV0Iq| ztDj1+!x0;)w3zS8%~9$!f%YVCB768X@6c~ zZ2Xkl`p}0Kl@{F2hrsv%2{5D#|GAWfNp#k!%e@!}vs+r@Ky^gW?ubj~q4xT~C4v8m za{TiL?X!51;ZHz@IZ89%c&O7)~8(j_To*qu04+RJ;A-%Sf`s^Q% zN}+E)^1aZZeZrx@oqtG$cf{jq@LlegoLi6i`JT63mB=;V`qy4Q)Uc7$sjZH1UUX}ar9<}?D%4$B&rmc z!yjK!ztG;EvhwxkLzGfraDsDG zf-!AeKxKBl)(;;(EUz zAf6_|?~8C0XW*Z4IwycZZ2WH5V&;aqn6>QwfiF=6f@S3CXWm<`e*E9QILoerPv2GH|uacQQPrm6~B&KHpVvKFO-5)m6jxa)p@Ubqi6q(y`OzC+6iYZAZv zlj!t4-(}%~E8z#8Cqwk_jqQs{{wSJ)oj=lYNAdeI4pK0SelCZ`o3D&@!#|lmtoaDu zz>x2R$y|L_~Hmx5S(cBKflv@eoSMo+lgc@jb`}B1rf4kd$Au ztl;haA~i>9kgltydK0N-^v0d;oiO4<*Uiel{)=R6Pny?Y7|`GzJWF9Lxh~7{JASFRUQtVWXLlT6NO9 z6Y%TPZ(d|jted6yt{07t>bNe6B{FsZ(J2AphzQibhA9O}3jiWv$Ojm%-HQ>p4CZ** zaY=hAzr8!roByLw6wH6o2Qbp^>Cx82rQqIuKhdKvwPt#C^HZR7uJ|=F>~2ak6J+^f zPdW+$pplEgu}^*mFLnwJ6t16(Z@u!_Bzjz4|5F)H1Zf`IG|F6mQzuzuN@40ij}Z&b5;}MW!=Z4<* zI={^ge$FX{RtoA;y-({YiCLrEQl3sLdPIg4Ql=&qsl4wZv25e1v^OL!u&KGKPJ+JV z!GUAjw(VZf`$dr5iJxCkx?N|A6VNn*Nl5Th^N8F{F|LBm@3*2v>G_*f0eJziN@^j&RB&w9JLOE@eq_@)+ zDD16X-G>c$?EGOSiAx`JNRbQ6SuU7&Q7BlY%Xi^KParMg1R;N_HeBJpZUHvCc{LfT z%@OfPMs?9kWjnSurO{EekIBj;4J==;emCLJD;FIArk7sCp0`W*-BZ5fNm6RzF$QCr zbe|bDeI$E|HoJTw{kk<~W@mi9e(k+-4LI8M!5xvc0X9c+E1glaJMxeGlxiti?*Bk4 zhdg+`3T|o_DF()cFG!cMLSidyzs=oMYBoj#S|%_8)y&#x*H^{6eRAs~^-}qs zXof%+c(kH2AwC8kUvJCcYzwGwa+f}3J#QfZSjctQd_8&{mp962;5ngxOKrcTYv4qJ z>y}J1?@(3p?h3YL#oh|{{MmZ&zwmeei#$(% z90iwwlp+3>wzi+n$38U(jrjH;&6dTA(Wz;I%u#^>>T}TyXk9$hpk!*K2A#!*;)bDq z`BOz%;S#~|?(D4R<_z~7jsAPnU;Ve;*|nbkZxb0g;;6C9AQq5)@V|V-VBz1g`VXWa zW*&~GpSwR1KHC-%qgh<<@AcIq>&}bPmqWwhU?-IWFa3W)WiSra)p@YMF9I)Mez{E# zplH>;Z6((Pi1;IUQt2l>j|nj6E|Fx5N7bUk-=<6$&5@J|Iul?N+Vnu@v^r91y@piI zdU(+yWvd2H6X|dSvu5jglk^|E;UQUa^^x9~s(5hn)vnyPT)FqzgReD6O$ayV%+FL` zKCZLAe_OMEY6GbiTS>jJ^CzK@*vb`?tq~&mLFBdaVfgYjt)W7=F?}0>&vh4Mf#8xf zjOMR7C0!^x_p18c7v%P_No0_eKI!obPYF?i2++>E*C8IHi%HJwiT&(IxGDE1HCU28 zIwOeVQodoE58vTbM2L1&Kd)6@V&0KNxkwzOvh^F0NN{T_Pg!XIN^o$ExQBE3F9ucb zxP_g!gQYgqWPUf*1|L>Z;r`(^^}Wx0)Kb>*h3~-AY4t?JxOvvN`RWezV`|ychYZSQ zZ0})tRq_}PQPtv*mZFZ0knNw^ISVawCxr{{fTeLFhl?< z3(k2mWM$oculP0O431@{6)dB%xXJa#p5=TYYSl4dz9!wr@U@&x9RVBsAn@1QztiCZ zdHav9Xhf@jca$49N`+rg7c@2Rzkws$-A1$WzqYkqNg|Ty%|o|4&O44iEa|{}RuV-> z#EH{6m>c}T*i2&6BnaMy0>!IRi~U7eMvN)`#D;Ie16X=f%!9masx3VmZqs?6cVLe< z^WpcuhdOOoPV3?G?8jKL_8|{B1p$~q%dQ4#5ERP$n7 zwFSeUI?~}8D|f23DyK!yIj{uiu@G+k%1I5nyL*hYlCSK$H=;4fOC&Jdo8i2_#&9k5 zIT#KIaAHQpbzM1cz>ZZ%2NJU&^%EcoE?=V>WG==Q*ku9wzzM)A1-sQ74h}&V zuy53tJcde3suk{Ft*0p9SHWo`Jb;Hrq{CCcVvCq>62W=eIG83aEx*l7*Vn}GMil&) zI17g4RZZ3lgboh;rx{`G=fnFmAub@1o$Knn5vqJ;Q%#I5*wfzcQnGne&dda;P@aw;6(zS(dabgJV8Sx>~guM9&CXAV^O?e z3-q}W*Gvc?xb3i?Fv>ht+D*Jj+edv;GX21$ z`M79qe`4$Vd$8r7$F`Id6k>+PKx37?%rD$Oe=3&XZm?Wd7>FYMFwd=&eNE9LvdP8O z6>nl*ckzFzmy>+3PXI+VmYcs`he1Xt#G*PCju)K@uSca?ylQ(wmgE)UdZANgYn0#f zFBf5HbE0~UZoYNg=tT~3rQEaG?+Y8LCKlmvAX_EdukyBd{K1l0Xj-xBzFkgOnc+yR&B|J7{C`A8rRQ+C! zO*XeM8VF+fd^g@rZCv_05}?96MmUh2HJ}|dEcj_-ya}%oMsOh!D~?I=adM(UOhKRp z=yUq>3=6gZnu(GV&i226jUcm!I-IYhA(CeD@4dBPbK*XMmGe5(gPxK9AhWCQf?j}( z8N-fRW{U$Lm-26EkeS2e#_nk^fQ%Xfq}*SLrM?*Lid_;*6P#W7b@7l)b@x%X3DM

;;6GF{Ba>dlwgv=#MBo>ljsd->HzII*N!Nd;2LQX@P56TH39H_o>ig0cZ}ssT{?F3#JiI{nIqOg zwxlP595jm5U80FUhJ!{$KE|cVI%X=&I%0$Yfwf+syT8CPk!(!pMuX|)frFa?2P7vb z$kd~5f_>RH#M~I&p2HOooboW_1NjibW!z6ignXq z2n-yFK8U1Kvbb%UgbJKuIQt2R^A14@vc)WGOgg}PxO|9C8=q2%rXTdk6y9!yixD@~ zJB-hks!Q;t=`_Ho=oZ;cdtQ`2y3zwG(x%@vZNyVj)JzG(lw=aQcRRaj?ByN;R_ym- z#Kl*izt&Q12UqJauzygb7ET*xe8Cc=*A09kYqa1uG?`RZ1o8LN3iM97mBXLS6`+6g ze^GpzD_Wnce!7gei)>Q%obC0rr^GassYcg(34~EPb=nK8B4;*9y*G%}rHmJ08SQ?0 zN?quUv6p=7R!uElL#cGw@dh%Oz7DU)=+g09)(Y3o3FUJ95?({xk_uwloJ!rmL=3+? zzMOl1$ox1Lcl+IW6u9flDs$_`AOV@EX8bK8#T?l{C0aInFMAYz%Z4d<=MmX6wOCT2 z%gvQ^g+XD>f`LRb+%o^^Ed<);3A5W7fgb~_9IP;2b=|i1IKdYhFHax{JFF)|W&4W2 zfF>my$V62a=EyYM)7q#G?T|{kqE20)n?5--;KIdPR88ndTJhRd9L_(Jf4ihdC5##n zdTkMZ?iDzWOY7iL-ZK@q1aGk|n!h_l9AW|B{uGPa)x7rk1OVCD06jLeErivj)z(ZUsF5O1>4jv&~E8PPV*|z7?=H z-pIMoM9opcFafUYQ1P2r_W@gX{e%vQmiKMS_`A#Y_2w#+=1igKTbtkBZoSZ>Af-`b zg~g}=Hu@?jp}KN^XlO(2-*5lho|YgkO%*r~*7_o)N5+ryQlvx)k~F9aj3kjze(JP& z;C9&cnfjdJEK?>&GN6}CD*V;qgjwA>N=iyaSvUr3kf=x&bZS(OF+tSB$z>Mq{mJDj zlA>qqamoG{*gmTrulQK_t&sGw{bo9feRRk*h$rXHu{sy}Z{d^<>gkSf`w*~)<5r`! z+bUXwL*hp;`GkzV@|>~vVpw9*BE!2DXn^=?i@OdvBkM7l}Eb!V)qNJXYzK?Po2AyR;(u@Qp>MG z|MDUV+whh9A<{pe+_ffGTBz^ZPkGTz}+!GE_KGu`om$4vvfi3Jurli2N1+lxi zG9dAZ^!wHZzhpToHp3~oPse$I4kU1B3|NP@*c$e@Ha8&QEs0W9M4~;T_GNC0#c^(ib;Q44-@^OKzA!>{yT$fZVjPwO&u5%BPHWX+r;@Igc|X+oDa zwihM?kXU*0GPiwh8;|`I+E+(upDhM^-~r>8q6$+$3R6xUHP0(PiB0Jt;p^a*fh(gCPD+iF4j`{0qo!Sw6TbO2N_2FR>L=cbq_$Gz1sI|G zAemC33R0dmn%~c-(35+1()Nj(le^Rjg;)vICq2y+?#nn57S)IbLox=M;cayay35ug z8h$G$&o_0=90#seKtcnS4Y1M zv@qDW;z(2hT#?VI05af7C`RXasq|yL9WKrh!2YUW=Py>jd~r=XeWB82>ZA*dR9G(W z8L~lA1o;v&+-h&`Zw~(;N|&C$^^BCaIMa{7EUR#hv9Nbk7c^IyVp2`=rj(m3w&@LkfIMHYdb-lqkEx3!ID7x9B!*MrqcSg zxGMwmN?UyT{jJzB;#O3WK&|uoG}|PPT-b+t>jsgaDcEy?muxh+2Ur_crrz!IG~${R zri1$+VSj_pQmX;>gpY=-z4cz=Wfc;EUGrW9v6HHsoV=02!-q4=gyF*FPZ*8*p0pQ~ z)zq+)>CP<3>H7iF@pXD5Ho3P{sBR}Y11{&&`AnM64&Sl`*p{BB0cRUn%EL&VF;m*O zOPw42AHwH$N%dp*JKNl>j8B=Zt+xFo-OeaIR~)LfDb>P>k)n1|y9I;Dtd8Z7 zn)1Q^SD6|H=jJxM8o=pGF2x{2&+ z!b-n~VGmM4LdvR8V-oxJcc-TF0H;~aZZ&gaV`(Ti6T__4(^|kfx>c1n28{dqX1mQ0 zpo4z?0LoN;SMa%kfiU4}av`zg8Sq|Fy5-^tvY?@Z&*mQ+9+NPptxHtf?^yxHA#%gXA2(1u z*K!X@b?lc2Cip&oziz-CG_eB7%JEQqc+DO)R7vsf=b(Aehytw2L<)>Apl?f`KU7C- zOyZ<&>)=xNyh05Qj+T|wq zl*GprO9lJu{;a%|y4NxUXg4+{5CN#MlrM>Z)y15Z^@Xuv&_$K|c1c}j20#M1(Q7sS z!s|39Nm;oT`l`87zGt~HouMW3t&#;A;HH1^wXIJQgW23+)rl4zzR%!I_1bl^}>kL+Q zef8$d;h=Qloly!0$;1=4C>W_;Fp{#Vyi$=WAW73Y8~F=B1mGWB1et~MjXh~z)6ZoM zNk%&d?sbry9Sq=qohy47O@JnoU~zz046d(pqhSBQ@xey!ybv7*671f+LSgX;uI;KRv?IqhP0xLiv4`7 z*{LXC$X-`b`PjWgn2KEseQ(p9Cql0or!<1DoHsbwKYg|Y5qyC(Gj*P7$sy>aX>fzv zW#be55Moa9f}WoaE@^*a6fB!EXrbO@@v1=@BI(tdKA*~}&Vo8q!Nmx2_+5uHOF8>fQioL$T?y z)rp%^p~xjLPwX@hpGjW5uj=vqM3uKhX2FUIFO6#h-|3zV6T;zZouDu_l!XMUff_Nc z$3k}dx!{KI?Fu+?lXtTx;?3tux*}}~S{pN!WKL(3O7H_<-Ou^GKz!n~W6m!@jY&O> zGl4^Pqzl(nWfV^qRHq=ut!8OtudmsDd+0L_-q%iaL0ypQZEghz?bj_X>NMd zB1y_<0cOT=70$^1`%YBKcSs656lbF3oEfVw=dZc1J-ifRBI`nPFR{d>!)ju(>k68O z)|N|k^~}mgknBr_*g1~}X1b^30kUsXG^EYhybEk!(>$*&BrK?u*JuXkE^H`+R(@nr z#!B%{BAJyJa4Got37*RrlqbhVS zh~}0DK9#L;kMLHaXOZVG+ey15G?6M9v@=eecTl0MpaN*aEYdFPn>C22{LtP~`_gXu z$qXQ=(c8Qu6xL;23x9!lRiGqY;*w(!(Yzz{3=nBxr*=3ds>ihLe#VznSU7R!>$?}( za{xctS()3LwZDn}=j*dpHjb^_)K9m2#`!^e*08EdX56LuZ7)f4C z;vaqWoXq$hoKT3O)DLFKIqzCbt>i)V!tc%=jnZQ>8N&<`%HuVO(S4qY02LiMa5^go z-c=C}@Un0y4&Bt2cN+mewch-N;ocMM<&lcFKZK|^S;?-ciml!`)=H|%90{&pSC|q^ zJ|sGz&-O-RKSLuY`RciP3F)D(@rRV`wO}y-gHg800rwZy= zo8%YcWu&<|aD~KROoHTE(8_%~&2-dPz-t_(PDNIQHlD{pm?WHZl7u7M8M^Nn z_5${P+wln7lRhan3FO~cE^2OI;Js`uI+t~AZ$)GYs|)Vkxsv;k_nJ~uKx1(1bfvjQ zr+5l;o>5?e+vEXG6)1vPjYTQkutuY9S z0PSQGrEu9Q^Fa6eO$JC>k|=XUVZNwHpD0^^3MTf819>9m&LzIPOlz7h2ylRL)9auG z;a>-9&PzXe{&7j2WnqQHhc<~H$4BJl*k9%N0UdX;wI(s9_g z=^hpI%Ja_^!V0kk0P;|mNTgc`0D>a#1h+=If!_l{UQjf?b`(@P`3+PAl*xhtTDe8~ za8KKTSt@#rp=@1Q(q+wWC%^{alWaknPNtk4X`rV$9oaY3@El=;)bLsY(Pcd=g=_F@ z-AX)<^kr3de!g+zrOfHDC zE^v+}fnTl1Kb1%w#a_Gz5~|v>(%}RkglSt9*0~b=q=QoW6X&TSN2wEu}HaOw$pbTAI<|uMMCzuH0Xu z1!SAMDNm6+);BwN-JGi%b+r3dICw>oB{GP7bjNtr#qL=%`APSiIC z3?*$xl^4Qm{J=dVJxmg&5~eos<#hER;bm~#yNG-c+beE4J(3lEOcJ@%AXuXUxHkYQRC(lY zVwuE2G&Y#J)uHy`Sb^|o4(HDSO@-4dUE(zd!HFbD53aEC_ivp+zd1%NVCrfZm!7tc z;ADdubz#ibc9v=$+sdQPd-GWU35*<|1nhe6KPYdyz1Pl)0nJ@O58c`XT|!?p;sfUa>RTD zn5G&m$F5TK%8InGMZSy)pt)t+A=}CxT$s<NeYxOQ*-iA?N-0s9mXREFV6Mr9Gt3HCTQkO3a|f1#jJi)KHFkFE+T#JZ`xZlobJ z94E`Xj&u%b&b-lADVWGhhm;V&}lq^5Wz>f1>q@PzjwUK5baxvuPj z-0G=qVIkwG|h5-*^lSYSI5 znW=L-l+#u}Y&F&dtb2egw-SJD!Jkp}r#wPlgiQf!@5MWqRgWc#nT_!y7E^|9qjrN% z*!_RReP>h@!S`iPV1~?)GYlC?lCv@dkt|7qfDAz;2Sv%wkb@{uKtLG;0R_njD##E8 zl%SFXlq@JY=jol_{x^NubN1WThdzC}s=E7BcUQgl?tQoA>SPW?*JePHEb5HOxb_HD zP>C4|XOr)G;V^o7Hq3K;>-W2IFgAb_g;ckf#wHgXwVnhg*KJbFm||4ViF0GKfxn1z zFaBWlAgp(T+U6P{1>)T-5qbV>Wg8r{&;lvC#rVMin)K(n;Cl>wS*YAXxk;}OY{4_< zO0d}V7^R)U>Q?|X&>2_MHI?bgQLbRz=0Rf5;j?SoY=IO!WHs@b2Ch>1Nc@PB4fZiX zK@EBd;>MGD7+QbKq=H`^paUL4(l8nG7Bg@avmx~xruD-cAHq*9_PuOGk}iT(C?EzS zG+At-pi@-=hNhwClnVp&=tWbFIHz|D-VM!w8M;Q_g#H#O`#2A89l%)m$7_s4zZw+rr$dk2_A;o-T5qA|Y^>*G_rW~v`tbo1@&vV|I5>+asC5uTNl?o^PW9r~M&6U?gsy(i-X zM*i>5V_tiZzjLco9hO@~x1=>JQ}%z^g*`E!d*L-vw7JfT?eQzW{wVj+X>S@JAfKW9 zYU-)u8Bt9tvuQu8x4zPWnnc=_P zu=B8dP`6*s!$DM=;IV>b_rzoJ9=o;a=>&28A$o{rPvytpjZp+sSLZynj}<&rqNqLi z<=11x5bL82JlNMS+J>O6$<2wVMnc(H4j`! zY(_ka(Z{x~?ljR32t=62$^o|_NHsWWt6;F3OZ0=&z@xI}PrUp%l9aaU3e{|YoF5aO zWo!2CG;Fe&2h!DSOy0)6$9z+1xq0z>JX~5d%gBI1b^)ADOiZ#*&|7X?MPr_SfxlUP z8JE+Q@artZJo!98lp{ftcy)yJ>)Q*v<-}W?$shi)MnzAFqB*=gjaeo&7l7_322V}%Kk9~&=#@NYp?-FlX zz`*7N?bxudhShywg%@R`b;qvxi{(=|gGA}1p_U88E}#;-*lZpb7)3p&V~coJ#fl21 z5sI?l?N`uFJG}7gL}1m#PH4LdJv+?6dV%JrnXz)_V*rh7x}QB&D}S0U`z*b`{$HvV z_@30c)BJA0)7a5z!JN58Kok)!zVH}5R#d(%wdLgjqm0-iiyPCemj zL+M0+J){C?i1(aVX_T*+LuW#K7+=3n>qOprJHGxUz^R?qr;q)#(qeA=+nv6!`&z*kLI@XK3pQ(Ke*-nJ@cNmU`TMdC|Y$#nSrD zU#9O2YmM4_(gsI03BxrYhAP-J^I_T*gv=Gfy6p80t@8LPr3i#N`T2xn^HA4^LW zxHJ~6W^`S!+y`v!fNSR(xAj3x<3`>bYTnV3k}doo$tDDjaJkBTt}halrMW(KzDSKt zzAuqw`a*;ctB0w~8;LXAHmHl%K2K3J*N_Nb&L{ck$9B`G7>nAz|BT0)Mv1G5{dsIE zTUF=yF@@3dq7L!V6Bc!^*`SK3aYqU7=wc*l0?9@U9PE1WVA@rz%>Y0rpTs||+-tR`Bq$>2|&pz8&GOG*m1pWnw~?Qr>m9_9Gfk14}djO6IjE{okps|L34>b@2Y&z z1o6t0er77o1kRHlElXFX;(Ut9HGArrOeUN~XM?0u3v-P-b%g|6F-*u#5up4%CO&1? zyI>K*1C#F9n&tF!LQxua_qefdb!+cGG?kiD^djSDv|+|dSb3AtTvBZ*lVxK)uH^?B z=#S38SoHq4H3^Sg-)t5w0N$7JJrUnDv8M& zl|Il`S;wgIq9Lr;R2WS8BM&L1IW#jL`nZLYEDClXc5*&B@{jjsQ5SaP?m2#eMHEMM z7l-R6q$>pxdEM(8&#jzr>o{32)l@Znio8jS#qW4tw3pe`zTA^aqv&<6#2xS<5lC!F zdpRgAxYT1*8Y>pcul1{duc)k<{rls=+>eilGS5v^=Wkxn;~C*dub$hERd>m?_*26X#U3pc4ijZ!67)w%Voge>uy<4bWBrXxTBb z&y*5`7Xcyj)HkvM<2|mb9i%xZ*=3g$wr%rW7b3k_2El;8dN+_2j>sqb#8Ca(sLkZ= zm3<3jx-MJ{zl-L8vsAVm>2%_9;aL@|+Ho@FJ=L`d>fszx5DIt7l-DM;+68XQkP*J=z^ePBq`SQuI@hLd>mRBXJi@#YlzcW!QfG3l< z$kwbTmVj>T*S&kyP<8Z73ShiMeX+>sea@uf8ngDPf8-Q^h~Vq2^y)cr+BG;YyQhyD zAh9QBJ!4fqwG*(3ew1ne8(?FsGQk+nVrz;FXMTBY>c&E`R8u! zQi0$T7)v_J!s0R0A@~~;I4azm2!c|gy$%kdSDW@5Qh+D)K)E1G+QB5C4(Z}^*pIuW z)G8KuIVVc1-|j$Sie76UQL`n7r;~Ua7~h;Y<}{N6Kv}uk3H@W@p_O;&?qhP?bpmG& zlqvopYDziuMVx+8sm!V>YlWra9sm>n2<29M_%4Pu%yV16-SoE5UR87P7kB`#H(x+& zg@OFIqO6p8|Cvyo`1viFZz)#^p9!2r|<3Ro#26 z*Z72)^;jQM#~P42J%{W*(arG}qb$9OR4#5;^4$^GmHGrqTxDjpH;v?5Vsx*8Shg0rjQGYSv(BkIK4&QnlASIxG_EmY$O6F=^AO!ag z>kd;wwro8~$sbsQsg`D>jSR!jXEOU6StMo5ZAV`7uSYA5F^W+YZtS6-KwsyN3tqII z$<6O_g?sN1X|_5y!M7wU%Ymct_+#ADZEMbGcQBrZvj?lu{IZU%`VtZ|8mZ>Zoa(puQ zrT5btTMz2a?r@?m%jEnzVW$7(dU3Q6c0t{lOuJpi0`ww`y^epVt}U^jsR!Q~UK#V}){C5^Rb|GkB!rfD>^YVSr;Jkx9!Ox!0d72bIsAe&b zM62~N=P*13yK4M!KPgKKY{RX;y&`ZcTz~|wxb6VWBIRRfbctr0kDVn@1hqNSi<*vL zS)UR&WLE$p99{FlIc|CdjXtq2Ep7GUZ<-C*I#X-~@^QU&4%L0Z4V0E)RJ29+n4>gT zF;I=Iu-Y`oVt+T7PWg3;=6)Anv+)W^vImDdPu?KVUNXh)CL-~+u-4qM4j%0sKMdUF zli{S`*OoM^;5d3{p7E^@T@h4R_kW4xMs2Ym zSQbd;s$Llm?H+`GHkD2TVzgv`)8R;ycVXsM@#T9|3*cvjh2^I*vwW^ldz@c4LT72r zmK-=Fo5$`Fkap^MYQOjgzN{?o-r&CO(Edfuq_9dU)$qvs(<6uhz1d8v9Ms+?tq(to&ILtgl%p@slTOE0IU&vIVa;6~pkBXH%ji`5?Vgb+QATJoA;|7`1>5QG*m-`A45l3} zs{`|bIp0{^PE9VowrI;-sd-6Dyu`ou3}NaFf6h?C+!JcXs?ML63kna?S@2M6^M!_% z>e^og=X0%xB@v>N9y8}027n-plY)oH#4g}}x;GqjQ_qieK4PH3GStF9QpcmCx$z$e z!u?{hh^m*OI_>B$xu`eO1MXJ_2&#z7c*Zvq9;Y*(zSD%-C+g0f9)5MEWKPw}bDu2a zVto14A2e4pCje*)7-R)ZbOTRQC?7m&>AQ6S&eyT9E|-Z~NtC-qxJlZ^BM5@4l$yfZ zwl|Wr5Y8*K#8qcjgAPGH*{dQ5`Eo0|i5Cmq!ZI&JGMq^ry*;l^E>?q6;dPX-Xv(*r z%kj(v<7hM#AqUO)tx;cjGFqPy8TV_L=VuPnrR^sOfa@*R4)Xjk+j21|C9d}FL@TWb z2Xt_r)N7h(%W$<4oA7=&#e*V*!Z0;W)dJb-mqlT=v9v%-2*}?;t#{y!$&TNo)vQ zrMmAVnKGLuU9dMB|xm3H4AkD+^#<$Qt)@di)`7$WBI?vCV=^ z?1+_!T6AR00G+@lOP4xCdEULF)2L%>Y6g6^%FVa2L$Vyby4evK!|8o#AM6jZ z!Mi~0y#veGZNY%5h4upWB<7oaP&=1l;6364k9{uV(m{DZ<`?PTCj+9qFT(jZ#w13g zy5zlKjlNU3U8}rFT_rAXp)!bybD_j92#RP_kTDxYg2m>R!@S;fX=} z)oNqf9Q)eCkUbbrm!=zSL$sj6SNgJ@r|xN+ zmyJSw|F4DQ#?atmzyrT2@{-!|F9Rq802nO-$$(bD7O{X?x5aFKoe0H` zOjb_PL7ERDAC6rGN!1)u#E^6?4Dma{yA1Afbh?~f2%a3reJ`In^jsU+fi{j{{cNXe zH2Po8kj)>#9hV~bjsQIRYZe86I7AG|@u+R8H%R)U7PgDsEL5KQ9qL^ES4cXf1Aj5j@LmrN>__QbY2a2LtB?MYh3$@^3zjU@aXYTX7Cs zqyg`t`TCRHBZJ?M0{-w07@S?mA4>j5r=r*h__6<)XtKDC%Y4IaFF&bLmu>CKmo%?SBJU^y1ZZ3`@VqAj zkBCt1;MuyX>H}Ik<}`eoDiU`mgxLB?IS@lftsj|71!nLJBf&JkVY^B6>-wo|!`}E? zrg>X)#!ZLnh#J~0b>Cg7#WP&bd4$n{>stcbAdAhNvT}vN)QPAY6SW1cGo)5D)!qKO zZZJC>1jEnS{O>9-l;CbqOBlkPy#RAaoxRQY8H7U?H~*v@NQ{2@PKvuRXP|Yf^A+G` zO)*-ZChV9mFiUT0j&)4Fc@rJ|-ER49w~{CNF#&%@v5`^p*U^3TD-q4Yl@-hdo#{6d z$x^LwfX*HFQR=v}TuJx=QTXRdG($bIPTG~xwqYN=EDtaZ4^TydDnIcJQA|ps$e+e* zlWCCHEkZ2v=S=v>&f{B76*H4XjkB*lBl1=~1 z3exbT#^aCjOV_m4a_;riJqJ%HU~GoVZQ#+>3HIYu2LKtxjZQG8@0opC?9bxy^Sjpb zs0HH=9>^8vZ-FJ3;eY=q7BbyTgfW-t*8pfbH{iavjLzC$FKSoNC5@P(S1!-+*jUQo zXIm^a2K-5*FFP&^+IrbAkN73i3UilW>xGIUU8VJYi%on(~;jDi`_fqLd zDWpOY;c*eQgj5I%mMIz_Q*Ksdp-dxs3V5Dh-w7AGCG3o#PJMt6t&f2;O0GD{0xg6= zm#2Cgqk-ga_h_Lr^a^Zar^E&9H5MQ?KBJV6dPLPS=_y_YJUS=|p$UtJH8doiqks++ zTPgpbHHA4<4prfYoxsM5XK@8?a#x~647mjB` z>D*~tj1`lfJsY;Rtk~9io(L$QsM&Tq>Qh@8hnh9jg&IU$nVep~dGN7b+qa)6P3Yg~ z5^DPkd%zE7@_{~DtCxqav_Cd2N2ebC*-N)M&r|1ccrpIs6GXPAQPE>Z@>oN7uY=Jq zEzWm0UGL>nE8e;d(#N@52Q%C*>i6D1vZMI?X`nJ}N{W9C3xOqH`6M*XHA$WIFiv{) zARmC?Uly|yXj$`eosS@RA;2amE29x6c+B2A8bwMT7I*TDjlHrgiKWY! z5m&Ixo;C1Gw5adh;N=a$4aB8a!n*+?;DP$qQ^8s zj}GwXtkKf6fqJ`Ry}6|)FOpYyXD6!*{ZFMaa19$TYILg@NVgv88#eV>z$~uA_FI$y z{(F0_9Q_TBu)pFrzVtusYkGI%kJ&4oE!VcE^#DdCJ^tP#2u?g?%5YN5Z=8f!hJI7~ zu*kp6{J}g&uliirH~;vyZQGZ;P4+k7{*a5evG$d!qFnj0C}j0+Vf}|^K4gFj5(O&N zJvLo1+qwGiRbla7`n@lX3)VkOt{0Yp<&m*22GmL;-Kz$d=Td+kGzB2=d$?sg9TLmR zt?b?zd#&^RH4RX|7pfLzq{@+m{}LbE|1MIBigo=VqhX}n0d5iUix}5pS7?0rNglkj z3BC;K{wo>&{Lksl?Jcr6edtr7M+ys+3*C_Q^BH-N3TO)Ka#PDzLhCnJ$=;w)zNu>ew;9Udan;QTNms9{=Vp73bk&=EWE%L-?zpRcnN!m3 z=O)IAqOHhr&>1{_Nggd+HQ4<+NpaHmY_(RB+_vGLtIcXP`QiN)yK_y)&Wa}I zpr-9`8zhW!c;yHc+*^p`M;Pd0o!52A0$zhr9J^Dit&(e zhyO3dUQKI<--Y%9gC`zWZ3VoeGnI9w_hJQH#iq(Z@c0g)TRWlT3oAl`;Zve;-q99V zYyRwSCt@fuF?2vBT3C#>kl3He(RtbI|0vgvkR*QmtOq?yZV$Tgf0>wPFt8)Ags2L^ zt6I92e12o%mC3293&5egYxlUu8dKbE41pA92VC5j_7VKAe?bhXSTE` zj52@Y7qI+p|Iy5^G7Q8mfH$CGRalk%ISIASF~gks|6F2a0lnLLy7#T!gUNrW2_bzv z;-Ti}xP=6i(SO#qbW`h8z`#{{Vn83mJd(NU1#XU3%}UOdl5wJ9 z@rUsTApi|tfLWXkymomLbgZdV><=+#469Mvpy01Ed3Zk2%y?y>6ZXfj+B0)|t)QSV z0i0W*hYQ4sB7Kqn*O58Gorxj)fdD|1mqHY_#BtdI*)I%&n{Zi~2)`|A+Lf6V2nUSy zW@#(``5V|=SeYIr%luE=_G*HwP^}0qZ7V3D35|xi`&>E+P^Cr#1{9(~mW+c!L`>DY ze^G}c4c)m4_HlxtdcTTi_Na#cnqE?z@<|mF>Fclq(6{C2?{SpLJ-M6t%_0I=QBlsu zL)(AqGj79`_of-tmA<^V@0BA`9JGeIxeFT-P^yd-#%a+04 zhnLvfhT-ie;14!zBClhf~%AO>wyqjjzzHfd;C7Y2#hPsEM9fH5li7HgoZ-vuNS#o3t9Ky)B#?h z&KA*3!6MN92Tp%eNRWZeBMcB-1Q zb}iCuBZ9_@oEUYyme6)Gv7ZRQA?A-pzo3+L$t$4Yg!#=i`6UH&+I?)80L`ENvbCxZ3 z*{9YesTN8bJ#9#!Dv7=+>q~lE6VoLbe!m(#5@yH13c80B?i+%8REz-d9sVhc*e4K@ zFfl=le)ea4tZPiHRel>4fflFTh?^fl9Z^oxr*7ER&#>`NPVNY>;{ znL0`-*aJX2g{F&?fn2QLs zrGyindUqSQh~ETEmsrdJVX+v&xofmAYUp@H?F6k6N%G5Kj63AUg*rcO7%hj!u^;W% z;@T;)YuY&T`-m2O;rPADQ$F(^MmN{ zekB({Lz)HT6PQaiA8u?7KTR&c4?y$IBAqfkMFNDflKFI9QQVZV(=^5H`zf1`X>UR`Tcc{ zH-6G2#N`0rTrxv>(O27(2{DFqg;_(g1OTzy^!=|3K@bUNy*jD-0e^vI4M3;&=9pNY zRWdy0Tn|-78Z}rAyN3+BJL+_WAgyw~N(n^}suFYP}-WS$IWXcZc`>F=jr z>U=(jLc`wTom@}NByzsM1J?A=j#`QohvV)~p4r(fcD4cVSF^xt z0yeJcQ>=)uiicj}AHK9S0CoR45Yr4edMMtQS;qtde?F9v#vF!o0!5QjRJNd;43l{rL}C2YC5hP<^rUBi3SjGY-!|?DaQUsvm8rLpEHppd&9)YT`0E z-+v|TJ^l632C1nsVduLEM$tWtlJSuhL75DK9-Sy|Xd99rmlp z$^|dW>kp9=m#SjA!+jcy{|eBy0)@!GH1kE=TI(iw2!;D(FHR44SVtphKKs7w_&%xP zu!IbUu1OV(V)zq2k+MomeGl$p%xU(Gp8S!a!WMkx@sXhUgm0@-);FDGRW>N z6a}E1=<)7}!$Y5jdx2keDi6v>QB0fQK{_QKK*K*{gy7D zIRH*$`w!gGo`<*23gtR1RkD;v(U~Mpgg{gvO0pKKkp5pqZ~+=7M1b#pstonDua!X& z>`aH}-OrscQ8c&QldrN8nISb%dcE}&I+ckX&s-eR!~_HLo5}Pcl>>~@`$zSy+<0Jj zGNRn}bmGufyy=?)^Fzd4Y;aDeXm6DU^VKQvgVN)=GFUPa+vm}`Lcn@MB_G-qx3%)ww2bNnw}e-(_0I3b0|63zfS~jRa|OnUNg{cX(*+`l zsoxz5qfCDE_4+iE#x4UmDYxNwFO9DqPA+ei`=Mlns9;qcA@?DPNTc@I;HCBzq)Eft zw9vR?;ZXxL`zn6^uE;E>iO$EHGg};fB_B)0>AyX`-elKHq`dt+owOw%_4HOwgr6Q% z&YK);l&pbf&S+7NUI34~r-ZtA|GtQ=0py;%t&3*QNz?cx`_4av9$#|_O6;n&2=+fd zpv2evY0q-}`cw&J(Pyo*+z#o!J^$gTx`wxFRo&>v90G@OJTIo&<$}V&aiHByr`)w>djNuWihqP))22Hnbtu#UL`Ab0BmQPC zM+6eZOW_q9kn<_qhhOeCxn_7QsRsdOe7;d9=3{9w81 zGwkK>wnJvkxe4>5{S0uQ_yKT8BZ$vsl@%?VOZJK2MxRLX4nNE)JVV^149klfSb8|C zpHEI|(mGw{nRh9+vhR71xtex&?1CSwFZMZQNnS{$(>Q4(V9NoBNJ}jGk`bLIdflHx zG@~mB;HkkO%7-yC?(4>r@3V0?;Nec*vu3ih{t{T#7k@$hc>u%`hAsp9IRB&(-nK!@ zTot4KOL;c&mVDDDjF9*xMY*UU#476w2X}rb%Gb*(_HC2S%h{?khV%AslStYuiR-Waef6{;izTUFAc|s_N&*rrX6xc5QfOKF zzVjRq<4rUKJ{+clsSc(FBQijdPHxT2K7+M%3D}FkugH%6*RcmM>iP9Cn4~0I! z{A@yeycdYydn7xmHCJ5xC0MX5uJq$%exE8BWtkFQCq+)7Vqyua@TAbf9YoMPLN?}# z)^)|tTNdE!*1d0H%-X+QE(;wiO0Nd^eXOfD&$Z{9A5eTiL@g^qYF`dP9(w4Sy_Hax zm_t?JRVO}vtPQ|FaiV&1=MHW*5ugClHM#GKXv{hhVO3v62M&I|Bu~I|!dX??p7*ab z17Ty3$1~@;y)nW+OnMyr!Myl&ZM%z(K7zX{O+d08HSkQNB;V}+)nUw(f2XCAgy zi?;+vDB7{_m4;qSN;(TvICwVv5{8Y&%H}Y(Jg-quPFP zdkqE8s*y66RwJutUB{`jx|7k1ZM?Xx8uEIEh*S&#zP^$4@r^3g6Aaa_K1tbH=WgoF)ieL{V>poU5Ew2 zJd;^<$r~3&vsdlVP5?MEfrCqld)yMsm#R1blt|k(IunP_$5eP^ELzPg7#*O}$1wuL z;csEzDtcnmPVf@y2FPyfF(!V; zFa`3~ie4uvuHkcHkYI-AsV}(sA+Z+sRf3o52EN#eY+s7!fct;R#+Fs zB*HHR3Gv)UTCYTvuK0pBm#v~WUg@;k_E<#tP4o zM}?>p3BF+1o=h0Af9TRlON6%aV)Vk?HXGd+xGQFW83&Av8azaqazMEbU!}*Re;_oQ zTV?+7Z<uUA_Eg_ z-WAsX!RBx+56-Lf3rJ2S1J0{3`9UlAsRDz&#M$#qGAWo6@@R7HGYKt5s{u1F`Z^6w zQ>?&d!KIuShLK2p^^@L9KF|T}Yh{#w$oZsGvi#DS@f&j7Fp4O|k08Zn)ZvLuCIHJ~ zINxs|3aloiBMeKQrM#N~`C2KkDLQ6N!$Ozp&+&tO#Q>C1h3j)??TNaH@~@-8|Rda%UyyI9^TU zfqBRDQg<(KQQiU0xGZKq@{OgvDbDQ%5fhKk3y(+gb6RQm%LMYW#3fYcg0 zud;DH>>Q|7Ki6?tj>}{ZZ@J{cTFg)V1ucuPcUuOEzkPS!wxqZSGmt){alPFuWAQ^* z!d7s8Ufho*{AQUXY%J#8)7s)v$q5Dn1i}6U>hn!ui^0ws_8?n0zY)$vt2-*637++* zxG0QjOG};OlD_BRz>YR-jF0Zlx1_*a64- z26hu3Gdb0@I$)$TeKFYpVe12lN#HB8P&S~0n)4l5W*RN^CtsX~>`V|~vHkOrg;I6H z$OYC}8n(JC(lcv-z4sUCf9pqVPqKDLV%0?_&F6=C%fLAeL#;!WdPX9}hnnkt$$*mL zNZFqJ&W2N~MAJ_W5s?@0TuK7t#>?6p&8;)`iMw3|y^POaUa(<5TGRVt9MgdIZ}sI9 zAGBUtfsocHtgk0uhvZ-tPuYf{;SocM?9V-z=*00iZgb(qoqvQ>M84lVyUK{adYKn) zXsiLvkg`3)@ZQhBTsCjn2#dC2w0}L5tFovSe*)cRC+p%uID4-w&y>@%b-YUb^=>v= zYVZdzZag%wCuh!o1J5oYKwp+$VtMvy2`zB>j=BUGOY`R1p83b*Q%H9W@UcnEdNFMA zSnl^4v3FM#kQ_ZKDcc0oSRjJ<({^~>^Al5xCop^1HlqpW{MhLxz{F|%71AEDa_L`G z)-^2qt39%Xso&q4%V*dU4>v@|dAB|9?85Yg`KP6xghT!WqXCo5t4|exVW#V_k%?E; zD|V6KnFoba|GNo2KZv`YiZ#sZW2ysX5L5Y>&DMD6tib*e2@CUbt24pR)62J%Nc107{z{O_^f#A{y`_6E=KB4 z4zihLsHIm77>f#Qyk?ieM(j`a4xS1IL2tygqlxw6F?c$NXekXamk_=)@M37>i|X-p z6)o`7Vsw6rKA?E>jjh{syAEwIMQ4J3WKi8=6goWZX)r@WN8vWU_k!FiQOIjAc6gQ= zRp$OmYc&8N9JDRLelRshQq5=o!(Vy#H$7IT-egYd7PWI}J2}YFZPh^y{s4jdLo)WD zHU~fny^;n5pagYv*lt|&pRaCPB2v6`m<7QXEP@GGiD>g2>Z3%RDbRdcqbZw2Dgfx{ z?Jv6GllC~tiTf0D*NFt%Tnm`)AxNZzSe5gAr}f^J3o!W_N{k~+8w{!@ByF3i0%A;H zM02APYKS0s(eNl3B%)TX2>&>k5*i0Vae??Q=Ng!(r+Xi(RSk7i+~h>0avk(tDMt-j zH@d#l9ga@O5vc?MsH0u6Ey2F#Md}VQ%d2Mz(hW-0IHm-`Yq|3zsvZK zSWs#%k)Tb9%*)&m5%3ut`KbA#Zj6$EM86KZvu~MJO>7hDx09Q+yH85N4EVmp!#M50 z0Gi=paDyd^_hP_L6YK;mC5u`#>k^GZyf=r9EAL%^mTfX!3wU#y{y7YnQMFW*22-^% z{o=G6{nWXJhIk!-R4Ws?A-ml%L{+}5{s_(l2p*H12Ca9_M_LP+0Ij)j`tdhC%{Ztt zSjoBc1`Bxu&*wjtWIYBH4ZNF3bGM_AY64?a&QTgFNF$5KoR+3!`5-qpv)(he(Ls^( zTen@B6f3|@txVgyKW1_v=1NWPhQJWlWJBQ@K!t2C$q?bcxzT2bJIOcI4E<+LDrq}~ z)i}uR|DO_oVwsZF6Qxfx7vJ_Tn?|SsfJP~t=ylZ4p`gERo}%PYceBhr@ATOCpANyP z_s2!y)JBU{d5|wFhUMW;!^k2w_Ay@af1@OExIbR7GEf$-tTgWY4zBT1q2==t7ZD99 zry#jZCd=gfogO$}dj;RwZdfLJdOnI5zH+#;JrL`ogol-FlKyn}NIe+W>D<3CP8zxG zCO3lL{PyU>Aer}uI?jbN41{l9-UJ|@=-C_eT7MNAz z*%k7=@VZN%(nAsy1-m^?DA5Jz@;Hjo3G;H^dgxUJZD)dLFs=E9xJ9tr)~Z(k%+l!` z1a*^M=T)CWav>a(;z)z*AIt7*LJ=3eb1bUcP8adi2{NY8?mu%+NpocS9i_QU4{VnD zr$vXO4IxwEu=UZrnQ?uiI6x0z61!JvpSFZB-T>tOlC@tT95fF<)oH))heId+Y<@cL z_EW(EIPg7ai%E;-WM~Sni9fW!)7v%?oe>z#P0kzqI+@^Mts0=r{~Qo*50qz&=g$PF z0o6POPR(i8kI%Ny%%SEPtz-f@R5f#w4dK0gb=8EJM8v2IcWuWd6&p54t^p9(VdT5l zWaTdpO*I}Z!_$p<@wyr=Z@})dliO}wLZ8?o-Cy!3g)nCa5X4@`?3d!{wMzWjPP(oM zD08PY^R&B9^bGnXFEXHnesk-kM#v5VQR6ou!fk44iE z7|i=Yy~N!swZ8AV?J7(!zfji4=KYE)-GrvB){ld)rr0r;_=VGEzB2R#EI(~~frx3K z7Jz-@%w|?t1#2M~D{b}iAEHvDm!=#c&ce`$yG*C_M%c(ClvZ19vMp2Um7j6y2QT_D z@H=}thEsG|iM`Y+7x-}CDIn+`y<2=iDv=|GD@9kcbuW zGr>Z5v-4Q4!EZ~T`a3xm=g8?+n7~-m%@v**m^y#B1wW2K}5TEo%B8s zulrAj7gNck1e(MXF-P!%!^O&%qlc>oxgFG-H!QUBRV_;?W@5mLCvzT<=cR2Gvjz<4 zF$Ru1OjWK9XT6kfhn5R2q;x6o8??~gnQ`ag! z_+URimxf}yBkirjs3-o;$lYA37o@{qA)6&pmK~?rrh7Q_)J;wIroqwMv zxxw#fs-z1z$Tk1+75Q94@BoI%NvtRU+};U5^~E7MDCBb8D-19GyA;6#kP5%O24aV7;vIu6Ybt)kKJZxYY13wTBexTzk9y&Rana0`{rF-S3EG^3cgL z*ujhFM&7rvE6V)>{!@?##*F^Re94vfVoU|h`4yR29$D{`s)$hz9#9j6XuBm$An1k@ z==-*PUzM;rSGKHtr8jR-vukrz+rE=?j?KaUkk&pu?0)jQDbvdfg+{QxN0ArSV5fio zPS*e^v~WK8y`R{)s3t2n z|McQ$+3!QtF$X}qQ;yT~EvA=k`3H_MVJqMDhxKofOnp*uACD*z^b$IlZp$h%H5!XwA@fAQTY?vGRk<`n;zo9mbebF1iIg4nS`bH&2N);WiZn38g%SN2wma zxyORs`FYr`4)L&e8p+Wa?w*B`Uc#ga`f4Fh&u^o(S_8rMQPuBokec$+S-oWZTsHT? zu|FJTWNtRj8Wn63<*@i2{DisjH|Wk9BmIC&VYQs=+?79JitW3%m1XBx$Yvv_B=Dkd zc~k8JFds~7Y^nl!0Zikf)Ep!!?_HA)=CPj^Jnwd=r{HVCO~`0;w9hDjJ6;s69k-o<_8 z-`7$(^J)PMsFw$#eY`)VU3uHs=Dfy2Hg2T-Pw`6Fl81F0hX;+h!0i+A8zTs?G0JZS z`nXajztgEm>)B9+zryf(h?<8{)MD)=DoQJd&V92&S(m}%Ny3*$F;V&@<$`tRMX_=Z zb+aix&TlS$$GW*P@f4w*3{V49}^2N*T;t_BpY!E>r zx#5?ZE`eu*lvn@{;awjj2QSKYm!}Khxlr{;)hO!T%!wF-$a1XI{}I z&FtSxh^7<>axQrWZZ1Lq+P7^10J@xVr=%_I4G}m*>j-)-)*MU<{NDT5X$a*#P3r3# z7waEV@NnNWr@+5C_5jsj5bnFFuc&`Wm($!MfJj9I-eWm{i@W-^?Ze@Vcu|vfG^C_m z*v1))WLam&3coTt!CUGL-2C|I1k3wCjO$Oa=jjZ<5g{bV=C!lb@o0A#rqUebC@gSo zw--pd`_z7=1`ucRx-ZI?23vT@D#q#-0Flkq0|>w3@-%2?5v*+lp{f@~M^hHmdd4M% zU=h!zL~h|r{rBI*6Qh4_{`5f~s|rWC+bM{&&CJ7-+W&qofat2p((Q7mw1xm~udA(@ zuH*X3IZL*@g|lxAZ2)vvUjJfN^I{jPo&|7U>4+Nu{~PV%_eKzA&|we@@ho?b?kb+z zn@!;|`X!tTcJtUu9D;rj8;a_(ty6x}scgD$8spvDamTuxD>Ii;sJa^iFN>P<wu&38#RNQFHxm`oWa!N7JNJnXr`w;D(wOSi{tq5RSUa?Dazb#) zLZ*$YP06>I-x=3-yuy(z^Yn1wslw<)2wqHw6NXsm-u7|0+!kK7O8TT5Cu}7mqWfkb zjq^g#>(oUh_*Nlil7rEym1F3Vjs9lr* zxbnl9$iu0}a}R|c#Ggl^v3b}A%|z~{meG9gPp9BEsIPqM3V4PWXxaaYfyXyHC#itV z7)5};^hSNzp4#R#o$4|zcfxqY;P(>#1DFshWfbMpLn5JAATKqQm^()${fakHWEKGR zH|3JFhOaBfZqp9&IbYmuKyV&fMg%^;DY}f+FoYe(B*ZUhkF-a)pZJ?~RTq7DnPPA| zMwieza`+awnZ4)rIW&O%$pJHaD*-WoX?8uaSfpdCX|qx%w>n+&`OVGW08DkqM|%8* z{I2VSut$cAvjbQ_>B2B{-$93GNi%iA?e@DV@6XGJg4p6ECFpWhowH~pT2!Bh*>$tMkW^m2y2ROYAH}|689T}p2{c6P7GwR@a zx&E4Rcnorb#!j<$qR|jteW7w^I^SCqrd(^SzvLaqNOS*qRits`S}|oVSo9P6tM(CF z(+6VprhRr#VPrWh1i^e;_KpbWJ+hW-M$}M^YbsYoDpLrA$2s6{x@;~hmB25f(E;Mc zuByf2BLIH!lng2kPRi8Xun`FB2rPiEYtsLsemhNbWU+!$`uCtPR9LfTE~DoW)a?pD z7wjnmaQ*eUA^G6x1|#lFX_#`B6%xvno&wk3%90Fl-Jgk@{wRjKNxTH<2s2gn`=J?S zrcYLUkki!L>JR1b`-hJEklL4A`1bFsGUecKK0E|ZfA=%(#aD4(SLi!4uU~CILB2t+ zL7H4F6Sm7KmSNHDKa##`#jM@<9_w?!&hUP538aevo?LEr@69!#j!oNm<@INlo$Q+- zZ0};W=*^`!07@B~x%b)M>kG@pIEl(XYS#Ok4kjQNil`>d+qyccp85ZR_z(B1SJ#Ib zkZegxD^CPNb^6oxGfSe|HfP1?Vu2i!>wU|!b2GIO5Auhr{)#E_A9=MW{Ws#?Gpea5 z?DsrLD53Y>d+#Vn4ZTQ{B2A>KfFOvXAT9K&^s02ESCJw$bPx~_1f&;{UZjPZGkM=z zW@gR3A7<8_nf>9coqe*ho~)dlz0b3s|L^~s4E;}9E$r^VxWH#^84qL zOFtj`@iKXpzxflwA9vz&{Ai!LIfc zjkMk7(+$sspw${AZe&{HETPc|D_OtBY8zpHRd2qb+O8~=t@)}2?58|Ewwz;jRAaQ_Iu7g7N32LOXhNu4+>pZE>RjgK=Z18H%A>OZI* zw^U!z;joE{XnH7TPX1d4=jds3hKlA*V2!;TK}AB-CCnE1B;4ADMB_Yi>~MOFg8=KH z@|!Ros#JjN6!*dI{nw9f=b&(%FsQwDd9BI)rhU>{En3E$$YjN*+n93&>SyPZUoFbx zY5{XSAPV4Dky~$LjIBIDz$1u5L|??1l)-V0B=wTSE#F7a<(BR9pW1&4uR+b#tosyI8eQkF@C1^WMj??IA?Qf z{NlbIBkS%yhr=Ji8;?xV>~BMDH8B>o+40#l^^0rd-P(*wJLbHP5)=vzn0cw0X4oen zizfFMx>i=25#Mz2?qH4mP7)DcOCEC}w@7Tfd=6#6d?SizZ;x^QF%6m+k7MAb{<3(O zt3e;ce4AGNN+BV+fjM=(mlfNMGBADMs_<0t{ z`)H+d_fD{=aTK!g53vH`vAjmk zn&{oM@nAe`FlsrV_xT7<5?QppW<9T-$@Y_=iz1<6Z^7$jK?2;HrGH{qB)(DXpYn#_ zDRcOCyPBNjaNp9Vt$Udb8B<|V%?k6Fs&K&PVFDF@FdY(RQIUPLG_>*Gwm|9(| zuX*jAU?vI*EBdpWyq%wQ<1;IN{0`qSWuDc6rgr&Yqqu=(4f{6_{tKoLekXG&A?szZG9Vm{vjpMD}{$$gg_IIgANoLQU&U zs_I0eUt5b_V!l7_TgLuiXdVVB5hc;tmQ{|ZthmzIV;&cZyl48KmBFiHEdbv$*o!kw zcmTZR9Awt#O`+=meFR%!@i(TF1kk&E7nQ$Q8(A~DB-iwLJ16+>Iy)an;P3K$A2s1d zXfoenFbLRlX2ntJc$DBTVr)HkG8(WwmG$T8_2pmakvXU$dT)gwz!jhoT5i-K+4mG! zH~L0=ccH^8MlrV}Re~WH1MS2c1!vxqQ`LM-4a}hnd?U0L{lbOTueE>*%u8Ky3d^;8 zQ@LKTbh&k9zD(svXj316>GMy1Auo*J>+aq9fX?FeFU#^)<=Cx?1`A~TZ84O8QKpO> z`$Ep(8b4%Ow_B3SMDI6MtqI>98Zvk?9pq71?l*f_>#<=d zzk_>k3{xvzmIhr5TFf`tcFx`^Uix;ACS~7{cI{YJ2M8SG$AaCK4hKTY*Qu_PAI3T| z`Sh)W&K0Th+A+zXB}tLs|y)o{z@)l@nenuv}@e_gd9+adR&6s;zS|m#G0zi*Yo9_)1COBir8E<9Y9Y* z(jQm25~{neb;s3BefRDAW$wA}?y)3`zbKa1zQp9aMPg{Q0wVp2@8;fu9jOoL!LSFCCPz|!-ZydZQ7v6lsOc~MC^JKp`@`@WeemxV z=bKaVWDw==^>C#nHC*Ke3YjJUG6T#XhOOj|f4?u8S_|C&cDz7q)ID*&{M7RnR1qHh zhAc?!d@BDi)=TQ7n7QR<$CzVG$sN=ZE+n-*6hi{{n<24v337Cn30|-7x1ZYKkGZ2S zj^T9el z-e*{=>>sStVD=)(@-5ESw{=;cvu-kIk=@qm;K_s8ilS)gN$7#6{+pIYJ93v_jr}D& z3EK2@a+M#xs|U7bu3ufypgOi~e#Wog@b#&X8;tWh*Su7yYPOl@sQQaGP-<1%^3;A8|=8`tcFR?77+PF0w##JS!UpFU)B5g~N=n(Sh zCKc1~r2f?x1kU8*Nw3~VDQKkS5h^6v!{0+Ez5K5s)mE@&6uv@z<+WNGyHqxDCLEQ?u-U|_#ETDe;K8wk}=FL z>pf)QsOXYlTX{bceOe=VnEea?IenOQza(?@i zGHLp8tTNb4kU<$wA3LxkhCa_CZ?&JOD#{@bV4yh*xQ$DpSUo&n`jLY67KJX{NwP}8 z5HegGR6Tx-U<@4+Ok=uM8E10pU^rfQyjh9$qym(YMTl&D8J0=#>i1=&lS)n@`p_{? z05^6i%cFgSpoo}lczW&Dss{sSaK?K#FSc(yt8w7;_nNfJ;x13Bt}hiN&5#PLibg1= z6(W}K8KhT8lZM@$#XgJJgViqy5W*wOP~tU`0=0d1JbNC#1}%>5*ad2Nm@h{ILH3M8 zWNt-1V49s%bI}0E(f(n#i?nU3+~PoXGPoTCo*4Kzc6#*Dm(|RpOiI;N&l4;bt*4-_ zlpMcl$PV^UQo50K*WVt`As}Z;X%CK;3k&<3&(i|a(uc39F4prCRH$>9A5gLs9XqpJ zF!*qoUFiW}vvR;+TQD!JTQhsq@c{hsm2xhekmBi=nj<%wBx_dxK9Uz-c00fs^vUg! z_@7eP-9^MgPwRqi}ITA*k=i-wg&WT?;ywTaTD@&4m3@)N?`(56GHd#mj0TT=j zW(-{4w!?e*wM7BdY<1zOG}foy`AiY7=dT)3B}M0XLhao4St)(aqo6C5q1@>oHz=6G zvE0TDxFn~Q_)u_C&zg3g=2h!K=a$H}s4!{K+y?ZnJ@^y_F{Yx>&a8+15}DSKZX!kN zOy1Y#PbA9-_X9_h9M7-qI>6Vyy`pJ4;m>(FD{B;UZjaFcJ+~r(h_lK=`ji2 zvTwWBWfwK|eBgphMA>= zFLjJyg_%A2)@kdnfm7C~zJx}MmXdf>BfODa3<4qw~7wzN~S{D!l+s$acxxs*3U{ z<59@kG|A3Tqk6aAZIN`H*Tbe4pe0dHGIs|y)8P~PuVnYaFbn*o!tegE@9fl{fCh~h zp`xJ3e&=;sZ@Z<6h1a8)$mPL(>C;I!vvFD|cwzm=o|+SX$7ty(N23M6>?zkn_g&|M zc<1#2JH*Tw|MROO3jLr1?bmlI@6yE-E0TdXNx;Au6P65aRPJRc{iF2DL( zsj}?hch!O2g`f-nU9qZq`YxQ5z#t}Qq*UkyY%JsZe&f7Lan?(GxGZ)#a0S5Ws)e7) zU^@DZR8beM8;6D4E=QWBkI}lOH zqTEYGoRIy0Jv5+7r5*K9C-~i|w(xXxKkzZG;jPKN?SLmu%el1ADz4Lc_Y#HuI$6_$ z%&EA0zgP#I5+sED#9EQ+-(C7})_HTM)tNwUNL&858oq~tGjme+vA$uXp?`W%11&<5 zKh^U+=sKRN<4sxcdjT+V`S&+-*;1jC9p9F25%b1?>WyC&+x4mm&fWR{a0!*AXS4yw zpI2-4XNcTDx>&(F6l4o^-t~p=40O!=C??eeUd|ikr!Bh0>XF6;T5=|blq!Pm3OtS> zS>mewN|p0^3bWbLSYkpEE#=`x!EV{4d#uBpON{UX&kgJXph{3Ti>vd^1zG5WmCH8I z@}l((tM;ARw7#YG*$pAwz$7{m4<1>5rTUfg_~ZA zT|>x<490knsSey3R=OW+3dP@qsC1B*Q3WOU{u;Q&ZBxHPuKFp2?#XS{w~OAy7?o$7 zL6E6@=>0#8>7Wnm^%)p|0+{pZaKpu-vi3{D%t-2q>_jY;IS4Hze=!iS+PZhV*>8^Q zea(2a3TVLv*f`a5!wE0%+MN-vxMU?La1QmB1+l(Rf8SSV=Z?9O#-?}~Oqt>9XLr+p zXG}VU--*IzenqJlnbAhQPpQ+|4f#)v& zJ1elA(FKsS9Lwjkk(`%0TV9(OFPttBgIm9N6)3x3&Wl3y?mj(@)K=hOVMvKtNxp&K zk7o+nwD8~SIG<$~b|+O;8{g0Rs5nbp6Mjofnu6x|qgWZAxf<{jHUIYHaw`eD!?KU* z>S(q&@%K1{>4H8Go{!?Ez#9jmhn|G z7x6Wx&fB&D(cu9P!@fV|x8wI)9cY!hul~eXR;sh~{MtAu%sD4RdH=&L))x2aWl;Eq zcrb$((^0|2AoukN5%Yao(CM+9w4MW3!H?<_96zWOJlXEga+vPuw)bZP{|2A;GXKc(WX7Av3aj622#H|4Ss*`! zV>t)E{FlS0Sk55~+gTSeWYjCy+OYghKF=^q>L6M9T(yD0e_G-g7#K$0C{exVy`vMy zsAz?J!IF4uWQTSoJ#Oy|@e+>ZWw`gBjrRW_Tl}AOH4+hk(@hTB*$p{@c}C#u>s5&> z<)gaakC0bYW%9Pqv1{TZkP>?`itYvYub9+*HO0}8;J?L+4HetPM*Lp~ys*t*`S9oy z8-M5qx%9?kz+&m`a%YtC(|^`WxM=P_ww#yul)?C(y5ewsU+yvGH$gkR;+hQG&?ssNx7p@0zPRNT zJj3zeH|+VMoMYeY0L0^pm#A@ypJlf=YRD9XRc=D!M>pOhhB(hZc@B*Fr*kiDaHI_z zCLJDXJd;5OCmPvi6p#A5`oJ0R;UA7l3>zsPGY74PM8d!-=3fMOc0%Ix9%Bwx@tWWv zBwO}AtYAMS%59C$A4X1?b#JT9?GuOA!zx&b-5%4EA*F9lJSk2Bf7947HxO?~@FNw< z@l-4O^aLn#(yw`bI?G4bnBd4RVePJ7Mq=Am2>}x@8`mMEou52~&v!k!{EO!c4zEjg z5bTibr8ety8lqg~$6`yxo#W28$+@*KFkw3*75DBwP3;a>WR|oxb6#(phSKdM03bK> z;NU2v8E+QNVZ^$y$(FETi2!bCUrLM#{t&98pfXBO1#?GfV+Y!CBXZcuaa(lP}Ss~%wzMy>0 zeG>Dn78kKIE@(WFJ0G+z`aYwO(j{7&TpIiq;&wCwheVkMKU&x}+SxhWlPD|{dSugi zup&+Ij=22ah%CW<$30*Rx`sbeFutJIfpdr_SX*iRk|^kiQ6U;-$b%GCrBU7uWyi<; zezOlzp?)DGJ;y>ikasPt_WWxMER6jpo%)epxLm>bcBlGin1?!*R8d@-tbCBt=uNEc0iA*qiBhv}qtU!VVSHcJ) z4XL%gPznr;I*_-g-{Iglx?3}KIrzg`>eqh>;Vufk6UWs|4gAdfN$FNpXfL}INEI+` zscxG{5`U04o=+pw@ z$FyC!d2vs(EcjDwM{il0G&nQ%y8im%R70YPMm$%8c+k&h4l;g^6(FcL;uJmFqXqGw zSSQ}jp-*kX>I-g+QsN5lJX-&C2zs|z4UFocqHw6D5wSXeFiJBd7M-uPss?rCt`g-^ zf(Ihr1tV0|F-e;*p5tE3l6P^Vp`gMcHwReC5!09TS6rbyRIDn(Jy0c(!Qkce$#CEX z@m}Q}waD&uRs9j2yc%^JV*As(0R9|v2d@bjDo*sg>M!w+mYUZ0PKhp_EiZ+NrHaL0 zu01Jszlm3h#PUuFcVZ@4_*pwdTiO2i>EQo|UcYx18|u582PRTAX5g-EP{SN>2`dYD z6@5e$_pFN=LWWbFJm0ET`Hoj+;f5bynuSq)Hjy=9u&cTtwri1HQOqX!tXGqjf6z9Q zy8=WX}49SGD(kH_)e!zL$6mW87XMtt%gHd}P z>Ku-9g;s!~B)i6!Da766k2S)9C=S6tFclIqgvR_mk-|NP$G=BB<+S_8H#+5 zNm^@VEQAl0=AaY&TFPF@*gZrnJ$N&*Q%|P zNk*T;T87(@uVEWbXedx3Wk8Em#gYx1(+@i z*H1%%|1kEY3E?j@I_Cu0`4BH8G<9;;bbR>b+SfADqR{4#h3KSY(}Qqa-}b<}|9JHf z?ZLHARj*2TZ4Stpb6z4X-f6G%YGLZOV9=0)G1zN&@YWe-#C@7X;v4dy&UP6CQ4oi= zXfa5#UbSf7TY+mjh~j)F?REn}ANrw%kB8CBu`V9t<76FPsI@|qjRk&pQI2cx5)j-G zPIxJ8dwuxQMJ-`@8z2ARXzL8M^?2pAqNf~Bv$YttLpDk`LU~W*=v@05!O2sXa)z!Y zBI>(G#&MH#b6Bk?A+`2jM~D7ulOP|v0Gi7>$M=L9PwU_A0^;P^B?=-c8E!VD#0g2u zPAAt3p#_^UHS2$#5lA2vXaI_cL%^YOxqZz-KCc}dw?>f{>t?vD`FQc?TJ}OCP_z&7 zIkZlKhH>m9M*W+PIPcD@k@PZ?Os#W{Mh)L$Dle8Ystb3sk@Ov-I!`a<4i}=w0d}%` zQC1y!NCtnd1gJdgRBp=S$OQu zLQh|?F3!qS)7I|wDQmX?o3CGC$J;Htec5{g`>wQp<0;0rmw`{A6dA)Qr2zT{Fw@G9 zJc`zd$$J5Pg~uc-1wZ;l^+|v^`saI8z#|xeYkD`Rg3b^|N+zsO&p-z^f1X=2>|Y+< z9phfUEZK5^e2aRW!OYZcK+p8;3tA}<_U1#BeMu*x;2nF{jqby~vCf@OyZ=+{!~en) z>lbP_5CD=MteQ9b=%-5me5vB3Av`ng6fGB6?j%c0UKgRm^VunuX7n! zbbEDj4>X4RoTSjn)gSUu#Dl97@*_hH*RbN}Di~x6veW#-@%UUQ+(ZxnsP9}|o zY4~Y<&`$aV9whQ&_N8Lpiw?+b0hCBeS6P^c-82|iDue+q9gGCciep51P6j6dSLA(f z-L}mea@A2D`JgU!xhM^wO_s1dsNjZ;Mrk)poI>X1q2|4jUvDv|218gP9B!=xF}ufW z1yS|Xs!PDBQ2ZOr_?&zWl3WvZwo}>Y910#{Am0UNsYQS`$xny~krSaL-$g$dd1X)Qn#fE?$LGDokOhP-#9CCmfnJfVcB!wUp6tYN>P@s zESKbw5cF6U@n_9s1r}xaL^p7q+-#v)g6EZDqvJb1oVIc=%5o#_t^SvQN#0(16(57l z%Fe7g%ez$sb0W)gBw=i7g@VqN)wb9dtJU$#cZXLq*1BoWZ$8tj5NZA%R3HAgo}?UVzg!gspC z-uUZ%EWrXP9uWLJ>|0JagR=2LVvNW+n!$dy(0=;^9s@dGN^}Q8M5WDHSB+Hu2cvdw zsXTULcTCT)4_ASH$9P2$f9|dTEbnFA2Y17LBJW0?-rlPE$Rnq6(gR`gthQsMz)~vb zl5baniP}K-NTa`r_<$^baOC2E z??@dByFJJ{GQN-MWdXrov?nWBq?87(V1>GUTs){3k|*-q!e~Yd$(`+p-=YQNuuQ)X zum`B-%Ny%4tJxHh0jLmM>ibOWM$pUbpt+||`dY>mK_!F+H`H70EiFp<93Zd#qA^%( zmr}XLyC*w0B>d@C*^}@+pCSiS!1sj*_!KFRLuV~amNzYDMeiR6TUTbGNy zLV}484S$wcG(BhoDXe(X)2m*7-ubV*%64-8<`NP4UAi|%YEQ5lVOVggSnFYmZ?`VN zInZ`6#X6 zF~UL7V&>hu!~NAkR==Q6K3Hqqtk2?vrR6fpH)Oy{USPgLlgYbtBq4(W4}*%~C_?(asFTEg=ubURJr7#q+^bnu@_EWhjvL9#oqJo$bkxtEY)(4R zP0)LUqnKf}grOp%bK(he-BqBxRJAw)FoE~EsilOw{MUrLP~pJ8N$F!0<#B=tIf~=#HW5O-asWGo##${ld)lTDv9Qfj&QA1 zaDf-XOyGs``EE=r603YWct?fT;LC?YqW%!Kv>bm*?l!Ra+56xN*Qr>P~V88vC+!?t7SL9D(zF9z=Ht+)~gESeG^>CX!k z^1JZe5|Gxn2lQ|0smTRWOB10V1#Hi2fnKM86yWolg7?%^duc;5*E>fr6(%_2-6V!F z?RdFP1Vh@=UB%x*AEzh34_m%yM53t!x_&r@PqVMDXuH%8MT~t#P&Ta&P*>UiO0{70 zObTVzF}&d?qGbu0-Y8kF0Ui*ooEm>ArzU53*82b&iT%p5B*paVZh7DV zl1`;;mcCraMJ@VB_-=4}ruAnu_GLHI1sss#Fm_St>XKPy;8LXsV}niLQXQih0s&m-&QnpL`3zFz$4lDx9ldG1fe z5L(a>Jx*j%b?mj4*m<%?j>5$nQ6us9G1kF}-F7?`Q6umCdkD^A%}L|aOYvRt&x5BS zE*AAHo@9u3LA~^*Mj6=r4S^@tnKx{v8W9>*7u!wuT2?dWs>-RQLf`Yo;-+t5b4rD(E!P2ctc{m?|2zBO)*G6F5P=h^p$&e31`vdDC2%=Q4dr2Hg}`> z^)6zc+XR^dt0(6(QNuIjU5!U_-$(pH;>P}-xlh6Z4WuvpWzOwd*(k{QR zV}nYz?9+P}Y)Yirmm#-;mE?ow4yFkEStv@+=x!3AUG@C8>86EvR}@T!NJAr3kg4q* z`Jk!CTKCT~UUdAOAD|luY03s8q5uB37=+0JH%+VXK6yo$6O+x=I# zR(Ukv*>SSln2Pc0pT4KZebA%+Cp3CNZ4if*{|G44c;w#N!gag%&jNxYrDwY8jcfnP zNuI>;6~ctp7JbC_gzPV**>3EU9Y;UQU*_Xbq!#lHezUuGG)=~s#*|*)nfO1g zT=~C$;wZA4)$=otI0{gZU&vg+k2$@psU>%pZnTJPMa4YfYYoEeA}NS_4kS}Jl5a!{ zrwrf~_40v^vZ=8~AzQnVWNj!mm!%{BVQl>_pkfFCC-|<^D0RBV%3V3-rZ$kn6bfy{005~w~?sspVr4$76!7UbT}2F<63g(Bk%@u&zd%ndXdf4B9~SyF?y15sEq zq$+hVrKj?f7y>tywL6#W&XlBK;(b~}8ko>M@{oaw6e5Ku=uU3?463MwFI5yCgUsx>_*d2VU4EJR;+wfb-lV|CdPj z5#aP@=n^XVYxT+pC}lp$RYAtWKG!XT20^HmWz*zkDP_vLixt#%9NxD+Rj`UWfR~UT zg_L`9ImJ_OzlI@XtPZ${Ls2ViJAd-F6i87>E_)z87*MN#<5AzC0_+?sIxeJ9MRc9Y z+CRieRZLzT!ZW<027dsU{1GUK#jHVCtCwjghtjjCQPg-?$eP;lBDA2U?afi-6$5qU zV-Nikqj)%+vksqTh>ohjL9CL$qKL4xH>Xp9jZywIvYq`S1Eo$L3RR%%B?EmWApbF7 zNloIz4=!IG9yi+z#)-LOjLeXJQ#Xrd@I+C1pGIM(VHT87byCB-XdYX0GmazpJsmY% z$761W%?Q3E#M7p@aPnidddxF`2kU*RqvY>pH>4jF8BUyL80`E(dwF$e2NGk21>>ZhC)U z$qns)zmNP?#{7tC8!|>$pVJi(Oem{GOmS=cSc!YMFvJtBN%7vQ^)P~!ODBV#+Kt@! z;7r?TGH9psMo~D9Om}6|C*aXdM&5tj`NMAi$-R5`s@l+oan8-EFVwyIdQF_TW}F-Y z6IxXSFYtQkc9#d>95ZKvyy@C_OfQ)L96Y^lL~?zemB)@abF9s#*&&90!mK`=xtKX4 z{**4!I{pz4-spyl4~(P7>cj^BsTj>2H}p|$3Y>!V>rv(QyE-=Sf44NXjWbEt$>L4Z z%^zOi;|CAZ7TLI%3Tar4xG0K4ffdst1vCHCHrEoOeD2l*+D$3JMNv%D#v6|=m(ckH%w z;}?UX|JhVZLHBlhMfz>i@|lx;arAP~L?3ZLG20hCDw>;CnA1UFo|K^nCROGNbRyjY zpnP98(x3;80R#A_8X2+$Bk<>jk8jBD#>`Y^NZHm}yA7Yqail+btgK6JIv}_4Pa3@X z$*NDmIf)+qK&&^t7Z>s+u(O@|-UlQeQ9;JT~!*};`KfG>%-dv#>c6V%T4`C zKuW&z&gO3z9t`uK+~8 zgF7jNy9%wC2*FSz+^&%LCpmF9O{*R)?#l->Wy~_%!!?mliwqX#9E{>r*zU7E^SHh( zT~GAbMw*y*Qza|a;i<=H$HeIT0D8mf{#aaAFuXaA1O^ds=))*Pd-Peo+p|n?VYce$ zw4%GTnc0U!WC2W%PRc*H^nwxMT+)NQ&lwp9ka={Ya98*T6r_Wco^YzE+b7;Y^J2!l z=dPoG;F69mWmlB?<3@qw;I^Vx%qHZw9f3wj@d``m0^C)GhD&Z7*Nm$?wpUNfS-=)s zeQ+TsHf@72llZ!WFl`6}4)?uuaBB0Q39ODt-$};I)*XiH z&Y;rbzE%X)Gk0_tr~lKpa}}5G)p%vJdfA%E?<_7mQTH?(Zx^xfwlxGmx$}J36h_>95&a;z(E}i!r@W`&+8lZrl?rI(>e7nO$1_;ds2Q$2S~h(xdjgn2tJ!zf1u)iYC#4n^bL(uWTz( zlB;hdw?e}3{se2`zGu1FL;E{s*O$jI z^jgH#B6(|Pzzu={1v9SSUJ)_+$FZzZ(*eG)gd{vj&CbhiDUo~UuDXzn{GAHFo*{-`x3MlSt&Ys}6P{KfUJS-%bb_m!=o zDF2`I<>owy5k+yZ$k(ApZ}vqEvFlL~<5X&N$uMDyhqE|*4R z528=u;=;7D1dmyTJe_lLC}^4$@;}*MNm7arzD)oOO}JzA4s0XHqf^#(OTHvwfus?6 z!4_?1$-KRVkKThon##_vw>nkkm~jKxKnyyvy;gIKaRq|a!9)kWlQaCP`BK%s7FGQDJ(T_Ns?lz^DjF73P2RGy)y z4LK9#7NSV8l%T~2>AN3z!+eE3($<)t!COzt@?SVaLwn%>Tj?t>%2S;IH|S(OV4>-fSjToPCP-g{3~ zcJ8&d1fH=!FG|`7`kB*h$whjv;No?-=SvUPGEt&hE!;YK{~-Rj$PobQtfePZENvf0 zV?@y+KLHe%7C@yrx^U(> z&ojtnZk*zqz!jozD~m$kwnWvLhU}>5NZRivr*G0tOtg2V@Sx{rU zzd7cMlc{;z7u#)Ac|4L<)QpCbmBRItC4%)jo|*hRL}wkfhK`1*G_RlEuSoKh0vGmv zo2G-9w(*qbbyT-4I!?+5ZsR!QIq~Pmg)i-%*-?d>i)O0oPTK5??z4h}6pQ|8B{w2a zTye20Uguz=^+t87#>#IGa(C7Ji8AieKQv!bE9VR~Zjeff;_*KM%yI8G-L*cV|8%GE zjd^d+&(EQHq^boz>y_eXe&6UfV%P`6-(Ebhrzj-j+y3s(a0#`{ZSPnE@Tlu#LRn>8 z6(rpAgqM>=lO>t$>Ih#u@D_YizEW320tilC08n9}J8Xy`y(?f9vAOPnNf4IcCk}Xa z?5nDX&X4?H-~fe|Z6bKHN2nNlOUWGE#y-8?djjw-lfwg4!Q>dSTqEi)!$QkTF4PdA zud3Aeo=X#X%U^F@a(dLDJ*xQ=D=e=4kJpgK4cBe5l18B{!CmppADM?X>5N~;2Ue^r z`_NkoUUY7Dgx^W5xwT?m>E&!eX=fI4zHN)J$OQA8tC_6f!qWvcX;oAt&0-wH4p!Ll zV1b`irUVNw5&mhzoWa63i1$nKdI-W;72)ow`|RPR4YM*?=zEOL^LHYp|!^3yw3TK8NfC1dk9Td7#V zx1KP&=d~2c@Jz}SsY7O5$oSd)S5@Lvkp>YD3tu|LDqX?24YQPsplS~VkQ7J`m91K9 z=+(uPnMc-|)JHVyt5m~7Fz3~{-N(Be(x!*;oJ{_n%3gtX6Q17cv~{H`@7)HU(?b(0 z=^-M|VdNe}H9iz{T@-OwztD!?5x6455y`-@GC%JJ1f0Ey6lt`$z3QG~)e#Ht#LGfLeTJ_`hZB$g zqwMg1P4iJ@=D5&E3!AZVi@9r8hY1CH1`>|Mbuu2LQP=KwP)eo+>HR)7*{{1_TVZVc z2hVU9>{V;}Jp1g@1HqX|cYf3Rzgu!_8hZyra(@}e3?^2EEL7lgWm(9qqqM{<>r4J|MLOPKx42&<5*PVSS;!k zH}Ope*AZ=^f9#(z06To%F?F{?WA2g;Ysd57eJK7HbXJMOpllKBxP&>M?tmDef}S8` zU}3Nve~gK2wz~sr}dnM9)5v=rj45?;{*@B(V&&g!#F{oKvYL_P=EH%hX0 z-yK#536(mV*>lce{7h|-MS4xm{09}wFMA&ayb8iRrkA)|b%F(>M~BZyoCDG%PYZ%` zd1(h6Fc-ZCl3(9+`?;6xKAt}B<2g4zKgKRC&FKkdRWCa!=Zycxza4p@V^Jb89uDW5 zg?zB^=)GsCEA1FHJ>`!lWGbDjQ#1=QEO68#76aAUw`T${p7>L%qa=YKMb6X-=7^~W z$2ijJmwN%{&3Ps3mtMRZ0Pd}j_x9Cir}IDz$xREf7FeG++nmJO#=oqF*MB#T?feqw zrea$e*=Z9H&=EOf7^I*7N#%uxgNq_;EiR~&9q(t9mu6%7XZ(2sdLA5HcB{zF!LlD71#-HM1J5BA)yZ_;vNA@UW+d>*ig&@E|9EV=%%F$y4=e ziR+v~-{#Fkuvh@|S~mRXYs_r0g$1=vF1I=h{UiH-dVC`<(~{FnCI>kbhT*M|`iATU zOh4_QD#E(=k=YD<6Kp=oS%mjJt|M@y9#7G8PzqK#frs>fBs0KHKzTpQTkQT|#JNA5 z99c;Bc$JLV{kGGv2uTJQg=g!9xNzByApmwPoqlHv2q45y7xJpEBcdo}JTJ8KMiRU` z9FVA@seB~K4~$GpLV8pi=<-s4UNIWSPQzOgu~EPEeokhAYPjo2x?ADUMVvTSHrLEm zoR(Ynnl@6%@AFgioyA3iG0<=o8J9;$!}(AM$V}l0dPR&64SGgMi5JJw;M0lbSjT;W zBNd^+Yeohxgg{X78{IW=^gZ?(o!?@qg2p__|xL)IgwKr z#A(iY&CnfmLLTJHO)%{5+wB{)sT6Wa{q8c(s|az#(XHnTNc?(+_2m)BB~Hy&|HnUa zdo5Nb)R6NqD1uI{+V^CbhjQwZEz+Ny?qKs)rf^Gwk+IUp?u(PQA&*iGxUea`fXkSL z@pKb>4<(lBB@8KWBYMI69&XOp7a+E@iVW_y3ST+X-OM8~1LvYvd4D8`az`FpUWSlX zsP0-l1F>3r!s9vzyYo@!?TL6dJR*C0E_#pN1xKY=t#BmQ2Yx#ZW8zR zwQNPjdoz6hAG9#3C{W+Ng5d`V+vX!l-Z3Y+_Q&bU zVBLq2^F#FJjg?I4RL~aBBrdx>qsibc+wS>GOpG#kqJBuSW-|0QChs$mrN}ARtnE3ks0jXdcGe0&{iO&JUKL{tg_hf-^`5(HXaUmR{S zwa1*qLfH!=%(bY)owsYiCo4Y)a~0RXhXHIe1|maUwzIkQ!Z2_*wh0qrn-R*Hv1OzY zt=b|ok&;0(ENyU+&5L30Zi1J_=fAx7ix&m!z;mBRPamkb@w_k^u0K>|w;wCd zuSqwPe5h7UowRv6clbU6R`%Z~ivN=618?dEA>?>82{g|vRv?XB?3T{3;jO43bsCXy@xgI z0En?g{V$MMD*%?a>h|OD6l-;4T}bagfb_(@`+k6>Qt|SwE#X+?$c29wQ^ZfxIzwz> zAEl-1!*pL|&<6*QdPLAI$kmk2`a|fH@;s6Oc*h@_&s}jN5svD+NVYBE!crfwS|JF4 z_=5ADRuqv*g*(C^g#nc4s$RE%;0Ve4rq$*BLzHj^3Sk}MEGxugw52qmBZ9M;MS}tV zV}kt84oJ!yl`CJ(;C zW&a~iJS3d>?(5%$n(vw9+*W%!F@S7S{`^Z2k-zVBtdraI$T!y(?Gut~4FCvkbwQvH z>~aG*mCdm3bznVbg8aLPkYPXqL(O928kXm5|ZeNP7uA$=)FZEglLfvB8Z62C_zL^5sB!LAbRh! zzxkc=Kj(YDvevuaGs|MuHe=hf@8`MObzj$o%wR=*dve3_h(?XX`O&=(XBq!Y|iObB% z``8Fnac4y9HJX$S-Ay%xZS9ve!oLu^qu%g@&>?|Q{YH}4w z&>ffgBbQ{=fRs#c@;M!XY$?dY-iZF}e8|waM9tb!RqYlz2f%?5EN~k#a8#lA>-Sx? zHU+}fNWI08IDW!o9Qotu#0ev7yHo|4!>Ec-`LAThpVXgUnguuHRTh&EeoCFTR0Xs6 zW{02J+gVZhb+&;AGbHL8GbdNZC#q+xslJ6NZ9j#*ZyyOu15{+=LW(Q=+vHW4(*FGv zUfd=m(}HyNaPlkYhq#ny%-)$EH8MYLlUA=OfYxiqkg0Vr9?!|eVCU@ru7Wn-8WV%B zWAD{L{^Bd6l9@4|uy?{eIF1{6a6XPZU!irKcQD^4<#?uI?c4d8uqnxJJSD?~3jpx|TfSar_ z-|eWv2I+{qWbw!9MeEWlUC!XMJ7mF9sn0%2I1;QU^{k;qy#QIv&3fWi@AFmDYcI>H zW9hn#T#&Mhv;_q{A8~$+9Oot79{W$mS=hrUh4Y04&e_t6xL_|8T}Kw z(!%bSxXFuG@pL}XrY_&*ivb%SXtbjvCw6q&C1V6y_6PNX+tvcxejHNL?^H%fYx!-eUeZ}bThl!K#rkTNm6l}mlpjc%*SN7&a zI$HXo{53^a+qU{W2!YLMPJIsUNm|N}Y~7GTx1K_!Mmh^{?}WkXXN4+h`%Q=YnPzdL z*C*wlNj{lK`%E2h9aL2S>g?D18`yqZk?RmR?-7*N$o-nBr}dZu0)Ha8); z%czk4>|sn?qFpSWn*Dq9HkKJ6p983OR5h};JqXX-Z3NT?|<7x`}F08LsJ!}==Zj$x)IJ1vhE zXuAlm1!$Ou5?)>omq~em;hh3{`DOItMR-UQLGYaiUSQ`B=g&NCKI_380Du>%x~d0L z5Xj+rDM`lG1`ZdOu)=CW_go-X#?R-hceL+T*n z`{y5GlZUJmEQ4;qwoWYGq#Vv5E6A~|p2csNC$dY3pcbbn=j(-!Efyt*RKWxmM&5=; zX3V0`{nyi6u4Q+gyK&M#xXDFg`DF<-g%Ki9o#x4s#n5+xup=orpwF7_(dMrF8V%*bXBkhn}CWNbF9Yd!QU z9v+Y?Qqh%Qr$rJuBKb58C4{0IKa|`pehUu2(@XErYvyH{C2NOgg^LiTc~p20Q+O`{ z88e6*vY+f7C7bmk+2QKuj*(GsW>`1RyGgq%&lG?rd(dMJXL!qSPz+onk^LT3Nw&SK z>inx5cjJQ-aq;-+ZSR$4cz26x#5am>i(9QT_HfQEGkL1oRw;pt*!Y;sC&%Iwn>r-1 zi`^dH>_23oSP;2A$abKPxl??^Y^5$2GY6{{Qy0IKm3p+bWT>txvV3;*22p~}elOrX zPqHM&Ik-F^5$a4(*%-!61Jdce^o|7qaW%F5WxK=sxK`HzC}p!`ii0Vc-{uTe+6^lD zB`Ytlox|8jEbs`cML=vw7XVM|b$tG=l9B;%~fBw}tYkd? zVaKzSm))59xT$+CmWD@Uxj>V7T}i4;oeg*hkk_Ipi;vaLjq&(7(bITLQ!Mryaf<13 z$2_uF=m#3YaN|Bh)nP51FIUHVV(U}8*e)Qw!i@C|@YfW5uK#V}if8Le`~C~CauYmj zf1j1?s@c9?ac3zz5Krjg~~BKj;Q-GDa3P!pp>ht z1{q{Bw^TJv-alJYJOCIfF#5aiUfo;W6I=k`R}j*3ug)KSUoAVr16V}L62xT1s?FOJ zY;p!DY4Rzr7v8!}q7OwwIimP|!*03%={dxWA+O9jz6TfGs}JG3Ym;gdR#Y{&H^8Xn zUjuzQsu{wQsn|k~x-rfJLk!$2X=V=@ZNf*+{lUdcG(PI4ZTGA%X}S}SwiLWkOjZ8c zrRss`V$Cf0ap<3oRw>Z6R^8gGAksAF!_9_S5ZsLcggB*`pPP!jRI>9yBZR&}x+`59 zFsqy&idN5?nU*@wo==sn9D>E#`62*s>8pzTpUIiGZ`=|&To^ki@a1m^xAQLZVU!to z=f(iE7>QUrmjt8hqBf<>bRcfRHhrpT7Qi!%bxlLut?)AxVA*!7Omyf~rpNNL?ONn- z1oOSK%;<7=OFi?X~)%&E`J{bi&I&6q>TgH*-Kg-UrgV$Zh=FbJd;8 zw~@n=#(C$5l>EX~w@q(w%mgLuco#tp!Ta7C?lp}b0(R?!$gn_qv}E1AXFrUlTC2A$ zXG8u805JesGzowpFhJ`pLCraF2Me08LzC{aVv$S%Y0&1Bd zQ1VJ~x5@{-C7q9E{@EqB$SDzY`nrYr&SlT%qZd-3Lu_aKO{trkc%*c}gXhd#ac|tK z!^rUfh8>tQLDFAt50}iWSqx{CIGd-W^gk+ZiFTZ>Y`11iGr=;GkAp|x=P zchM!20aQG!@L}MKM#AE4Sq+y5T_r!}e0SCg6t(la$Q5Rnv+(Ttwd5Fdb<)P~P)eV> zh1}b~2PNae6VU9+P5hrK5@@3FEsYS^LSmo73Q+f;yz#m5wr*VLeAJmeU=bzvIAjAJ zYk>o|;4+Tvv|0R*{sdpN{)}zeUpIJrNaz>6;5$E>c*wT@CM2@kaR2Hv2e)Je0nNn^|&MB*}mU5(Po+;D=AS&7`0V)U%;J{N6q-C)y`F|-UCfrBbC<_dz zg2B^5(wfkN>{BXi)5Hvt9&73@L^^u;(Rl-zgm18~|rEyn=+?N4GCi%!X1pNOrTFHwkPK{fXwE7Sr-6yPBp)UZT7)3Zw) z_;mrluxriflEBmPca@g1X+LH8I+m;X{^3x+OlbZ75aE$bQQKZ-LN$4=l*8HWhjWyy zbeEYuq6Cda=J9u-8sJ-L6l0<#TS+>EU4kNH?pf}@fN7TcAkEx^k{5<+MVkRt!^pdAFaNw~cx82078t!x=9_6|Vw@@!7GZ4ABLQ676Xfh=| zQ@Y0_t?E?g3>2e$tInx(-S{EP-DK=whnEQW`BL9QVN%bKQB%8uX#$nI*0V@3U} zD!pFa(((|dieIXFsfvU`hOUTg-`F*i{n-yAQ6|VU@y@J%Qei}&39)|dWxz9(J%dol zU*udIx`e-=pPvC1{Bv$XW>oV7MgPD}#V82#O=nJ|a4d(K%>7eZqiy+DOYJkXGQE?a zyT=cQTXgtdX$ljAxZm4PMhm55UX_M9+z+492Z{R<|Kce}deug94;a-AI$ zgwlvpirSI0L$%cYv4a*BSE^xd{OWaH<%o z1k<^c@B%8O5V$rRR_bRyjKa&Uci5wfrNbf{J|rrepo}6)zV{>+T<6p}dw`R6Ne+gM z4aOeJ1o~aQ*2GlP393s&mGaxR_RdS4#6Z zUn+VK{J&$k-khv$sj)?6AY#q$GTSiVo?21b`JJvTco-u!aGCPAG@|BzFRPF(bpHB! zh0b{`W3B|!l8!w7M43f-+J+r`LD6z2sw8)Y&pker-B1p%n3Q6M+RV z2(G!*W;|kIZ3xC8Y@W`0ffxt zc_G@!frp*cu9RqP@37l%U^U-9;x;=?o_o(pyvB>AAO>^ZJAwg`hMl(N=uNPCG3mDgCMi;wK_gi~NVGhr2OPl-7)5%gKy6^`P4v2RM*^MMQT?>^tRHE=Unp3Dq~Yup15 zi!xpSWAi$aw=Zt1e?0w_vcGn( z0^Om~3J)mj%9*0Bdc&e$*)EXbFS2O)aQxhXjLG=0&me%i9wMBuKPbD?Z3{|a3wk$@ zG`b;iN_)(*JLZ+q%6;j=Xe#6(Y+9V+r5&*b_e2Lq$x+4qJlTH~*DiYQPx2xromCV9 zc-RcU2q%CCV}_bZBJ>NoA2@}6ozea=zpjQ3v#+zCvWCQcV?lIPp(o`~F}jmoabAws zU-7mU%xE5gy(AaL%b`Wog}0|X}i^=;P=|qy4X9cOy4#xl(c|3rTFr^WT3 zQY^{Lu}UKq4oUp?|NCDcaW>AL(nyehVy<&$Ooe*z+HavrhDFlI z1bd<;3MjeuCBBm+>{SoI@pJT2e6IN_!HSKPzY}-o=!q|jI;Rim87e~h2tJzMlCysedGT~GWDR!N7#kK zU?Pga(2Js{Uz1X-chdz&U(bS%Q=w$H6bGg=QQ<|DT(5J*T>#-`%(en!X@4dBApm*j$#1Qpk z$g$;i=jIFZ&cJ361ec%~fD5CtYr%VTVpapj{Q|#sS5bD|OcQ_OnEx(&*V9_-*Ts@W z1+k(G5+4ie6LR;!214#2soyol!y-=O)71(J*`fneschPC>qL%fWJws*um)Kg~@ zS5HF+Y5}z)K#3+XEz*Z1WZk8aK`U?38eKlDOYE>csrc417!I3h$MHk|^@KnU>ql8B|6Z$;K3;%EVj!HTuhKJ_pHPk_ z;Heh!GL=pK8>R!@cmDoYz?QvUp3-Ky$et~ZHLNiCbH=q=Eqw;Q2ckup= zcDAc4r5Ak3W3mHd_pch~%`i|1eEKQXu+ zewv>_vrG7s0#Rw^b>hAA3piM?=EIVlvI&Pz-2MRER@By~0VQ7XWa)%$)}LpqZSlg_ zr?-!vR^P#qn!bm`v*0ctB!6n^QaHz(t%|K)=O%#99ydvqS z)=zPO4%&R`eMk7E-CueoiI|soSI8mj2dwCFY%V?O#o8bw@^|M?AYSr`a)i3(jgNO? zM2#izi(z?DW@VA!j1Q0u96hFUN-aLi@lCyd`Md1}zs^f$_>d`?9%$Rx&8WNi9U`qn72@%`mCQpSJ)x~ne=Ugy*g(lSP)E_Bap zx>aaWuQ{IQJ-_@w_#AxsqolFs2X0tenGj)hQNS!&;~cz2dB6F5c78E20ZZa0@d4%} zg_f46y2+*KWBnt#qb2J*^Il$O+sP%URrN3KU9PYZ65+s9d%`BJ>7{1fnnG3@y~NX zgyZ|Ix08b`9cep{?B+=6Ewrr?FaqMHPp2+=y_&Clu}cJ^a~KV;t59(D+nK&T9}rO( zd@g*VdfQvphd)7J0CO{o>qfVHRn=;*+c5``Hg+ma^MBnPNS*0{H~%v@Hqu|gfqh%r zfTWT6so3e9pNIdWt_sxS4>K+-cmPk0-l+ntL=rDw!S$*7)D(Z01NetN+LQCu8(s^9 zEhY$O*K`1H@Bo$;DM~qJ{|Wzs(jM{Q_oj3ah$er{hKJ9w7XYm8;*26l8$FX^Z0QH% zXJ-UG#^S^op`m1vTawb(UR|!qMUszk;qNfKkD-*S0^dbz@+K%r>JBEYuGyuHR()wJ zwba4;@&IsFF1kkW$O7DoOJ<5zCfN@GnK~S$HVgQ~clv!6HmaSQr(q{IFY!#DcpHN% zU5CEBe`l{fEbB(~Uww&6;XF=1oWeuY{2j=>)R&fp3s6c9E?iTv#8)PY*^{V+tyf|N zd10NMc-f%7PXal(_KLr;A@*0rs#okzo64>csPN^^CsDp(0uME)_t<@sPYg%FhDA|b z1zP6)LUTu64di=uO5)B+noH6@*nxjNx~)h>KUNfJF5kDmAUwb9iT95~WPX$76s@9P z?|So|?9YU0aB=WXU7Gd3HO$Wou^)De8^Mk}10IbcLZh|z_-&0gsw<(ZK^xn6Q9wF{ zZ|@=9YubAwA6t$$BUu}!tJ;89C>^29N6#X-wtMyprd8#bvnzyO;I*Iq&COGC=zGNl zHPmgQ%7M~^7XGL{Un&MPEpFZ-6Uxv)@N+ol1?BVQ6Uov%*29U08D~4BQ69kF#s6YE zmWVNsl0teJ%02PQyK{B*7d|%F_s?an_67g zys<@PtL8>rN`1KVpC;$Hi z>F2^jyA7E*@oMzRqbEtP9}|24Ngo6ZfOO$qVL2aoS~Wk6C*C*M*z!lrm#TVglmY%J zuxF-01Zd&ji}yU?4Anl2D7&+$<=cfRs!XSU(Y8AxCN*k@F1NwFbJ8$9}_6^-LJfw^cz15R?{`nD)>By_NylN9h0-UhSD$Bwf!X zjcmNH6`LxdSTJ}RILcpz$CX9+ya0)c#hCa=%-A+HQ*+OHIIg>}F^-Xj49%Y7fO1KM ze8DHM>BS|ap9f4j6Ofvmf8IU*VlsC#kp`wD&?C!laV_2cvZKof9P@*R_mH74$3~$a z;4JRuKEfg{eh+Us+&-dcE54`yS{V1uWS|&^XypUVb~u`oF4r7FzMggcaPT?b9n9Ec za*XtjTUga4`F|*IiU#bx27$a>&Ge_@-zl?Np_=6nez=glTG8l!>#8Z>g3O9yyg4h{ zNfETE?vqN#!0#8$xcl0>&VT)MR;c|N4RWxqJG5M1!ZX%g~xrd5s~e*6j7$LP66FrNZca;N;&>+ z{X*vfZ0E0s&GZ7Q<};LXxAdsOwGj_vNfF1Ey8lx3-;_Zz*Y;38$pWZ~?zg(TTBO zqOxsMz?H2XpO0KvrX=3MxOnt&Q213K3!Y z5Qb|$8xMb}X&(FVHdxI^^;s2DUexJh)mPI9F01k6Ox|m_n!8>M1t=+_Ex|yw_p3hY z#J)hP8w0-ke+pgG8>ZUT;k*}8$C}adL3SA9YcvBNYF1o#aYwjcE8s_^c%-c0ZBkTy zilHqm_!c#X|Gb4qWRvk7^eaD$87-MWn@@&e=1?>h1PfYnH`Dj5s_wlp8G~Ht56!(y z?ZC=_hQ)Z&C{q!Lq1BLoaFfJ~%|6wv4R$X3dqVI)wErLgU?)ztl---}gCNAyZuM^Z z>yobtf@;l|8Gd3R*a1>;YxPvLGw4eIlc@X_1wYuifoC1AoDgi_E&@aGEM)mxv6pjx z_`BY-8@ge$x&GlI>H#OuCRs9NOhaO1%->%l@}y7#0Wi@E)f7-_<7PpGEnG>=$-&l! zlE8h(k`XHFLoF?<(REG94uotbF>b@m5ls-|S%DFibPIMdIi)?s4Qfe*XvLMNA)}P)o=(jBTB1^@yZw) zuWJo3iykzW=W6kMg_zW(0WD7M?XJ) z-hZ~nBeEY90d_p0X{LmW-`Jq|>D1he1@N@?n52_ETO%aO+H|h<1)UE5gMGFVdvXtQ zC>G0Fg^VV1LoU4AGKH;A8$!WqSx@4@8R#NY7c661^czqH1f6S-+z9TSbpwp+h%ed(s1rTSGAC#%H(Af>U)KuKvS zJb1~3$R{}Z#s;x_VJWDwCGOIkOro5gT(zCn^lsM=xhRG`issHix1LC){|Tty*)L+x zZeY$z2Fp{`mRvB3%xPdb|A)_wKdmO%(t6M>x}dk_%_YO^vUP?_$(f zJOk96Vu<38uMr!{n6o|eing8hTZGzo=q#q zrvAhCS&Mqa5zFab5eHRV=LW*~stCY}jQztle^Vsr`r}XF9G?=GNIC*#vRLPV3e-3C z-sC*~)p9y5T#p6XE{=~oe;dkaJscL0XP)lr6Z(ofJc2DPvaCJfIcqY<3T(orKT4X; zO=La}vwD^V4hxgaA9pW!Y~0pR0e2S5Bm| z{}n;~6G;VY&(kV7)Mb;lR3NBX4$pnz<1agV@kuYQ#MYB2#zEn9J8+{3NEBvh8#L|f z-7r@856%r+66Z#m=`*+8Xw-~7Y)(NHlE=CiN8jBTx$=zVn`A>J2`LE~!2;@dM^_f8 zD+NpT$<_pol4_;;hOb)6xM2Ao+KsLL{iJEC z#&?(Jesf0N>0%m@Z6PcB;mhfoJ=r-6mZ!o^wOLhNl%0B0N*87btr_=wXY2uH+BGBZ zac|8XDyy^cyIi=h2!K>`gq1;GBs$9TCm|mHzAcyetH{v zXLU9&(NC#6=O*RcUOuzo<-ee`tI~34`If<8ZnK6wUrSc%h+k^7?<+Df>Yo?wIwCRv zqv)k*1=crj6^72fww$&3YeM7bEiXv=k0%|)X*%;EGd*PNA9UEqBDf!pA#cSikH>~J z83C*?|1Yl;lzYa&DW)}Lm_+`g@cJte^JLe#(LYA}*oE_UHQ|;iQwO+`r-Wp|itM}qmZR`3>svxB$cfgb^2Ij~D*}1b) z-&0&AxDD%Oxbv}oh>T4jZ%#>r{zeOV=0`ajG*^<-D1}jfm`x1jg=Vsu;+k)ga1oY) z7t+s5FDfrgO8`#VuZ) zw_nFTvH#k5IIoEP^U{@p*oG{QW_$M5WpMfW2u+9v0;|(~Su65z-B>Ay%qs^3UqF1j zbA)ZeeQ)3W8xj>KVBlo)_s@Fi{c{2mJ%m0f++n4&gDS}@!sW4q3ofHn{@IZfN=yx} z=(0@fd+;(bU6}}K^6ob$b(w)yl&-AVlngw2S=UA%9r)AhJ+12mr?%`hgD?k2RJO&f z$LiH4W9YL9^>7%aPkc-2Ps;vtKjDIpUrz?s*CO_OJhohJTy)Y)@6fJ!5>+{YfL-t7DoXtLm3kJ`4l9$Rv7CH-3bt%v zVI8JqWKR{RM>03}?a~9{b8wuu>Ej}endz^~-mNy#tamwz>lf@WThd6%#6v5Uq}z0o zM6XQi+T5;99@x1^VVikibk}^{-;9Sl$_YIV4ZT&L7=OKLmZk^3pC50E7ip=MPbW7f z_c8pO@KkkUTZ0&XybcUO%v33S>SV76i&;FofBfQvlw)kX{g8cdcWZsu#N4QkiL2il#zcD^f8#S$TVZ}Z(V%J2hXb<$MeZ3@F(aI&(; zP*y;AcJX~1cQxbRzGr@qo?;P)HOW6K=*@4Gl`n$5C$#5&P|+|0rPCc?5T(FE=p7L| z(_8t$e%izpRB@JJY6pIOM`<;R(a6pDBlcXD_k3aqXYhA;*ScmsCAFd>Pt7Su)XVt6 z!ACXLQ$_8TjB~^b(t0DoKuN0II=B0?#co6VPzzrjKTjo&g24`jwRBI191odJr!V~| zFxC$Y1FMH>^foCWX>eqi2Z2E(471xT;!33W}|O5^G6|J%a`M{3zZwis4U|FJxJn0 z|5b{ZTpH_N580ttS=;Rm=q}49w1Ebjln&y9lm5>X`baYEV3qb0ppQZtHM7{ zLQGfSP047*b}J-e(#2cb(!y| zo#(%;Fwb0m&kFuqpC{ygNW_-1qF^LKY)s-jOF!#rUG35nYH%QyD{!-O6hdmm+DrUA zn~uEEfvAlU)s`@L-LnvS@QTyct`mT(aGPET>h^I5aqxqd;_1Vk#Xw1cj2n#J&tn`f zrjhqm7zRP!Y_TeCd7rMlt%(>Rk+UQ501ooF^4V;LAUp0DxcE>z>DGRYk@`>R&}%5t zZcQ4lF_1#8GV}zrAPuX+%ywlyQmFWpwp5PBy}Y(fy7^k zt|30y(O0TOoyJX1xJ>Y;k1IO{?`}*U zCr*DjUC7lnlL$%v+&F-HZ!;Tt0Fc)JFg*5Yq&?FXwm%xj#qIMl=t&kFe>YXqU5z?) z^Ge#G4;1n%;KQvc%ya@r;j6lPTJILCHYu*m6kw|vc%ILjaXlbSYCwy-&9xA;VCW~H zKiEh_Q~}A`kg<6_Vqw6C!}v&{6Om11hQ*G+=Wj_c?L1;BM_9Mb(BzS)hJ6IFP?{|n zQZh;PNndtf|2VV2CQj_hMBPVP?&oquxNO*N%PtmvsnG1VtG-jn4ci?ER~#8OEzoPH z0m33PXK&ozbM~mPPoQ%1tQP@kwen=~U%l61G!+E*>-*Tc^qh<8L~H+{Bu}5BhmD}g z1^n~HpbaC%E@X|AUQmK6^dk)M0A3H;=wa9u7kq$cigQMY#yNYM%p-aHb=8Z;)UQLQ z@a_(?xty4b9`W!KCDnOu8j)eN5JjT2a3dcd?E_I}x|uVco0Wt^R|vYrbg;S`7s4{+ z`wx;4d5Eml?w(8)bFv)mPjeW2c!BT2uhUOyywq)9{^l`>^3jhR0IBxWj(^=RzqmZy zV{3#Ua0W^(eiHdexk-?Q^oVNoQhacDaK&rCfIzpKjRe>~;KO-fJoX|m$2aqdG?Hh* z0K?Yxo=3e|Vlj#f#pF8m*-I{E(ES;kXs?jQ5MjliKO=WlV@YO+B(eWzsyc&UQ%#$T z!<+(-!OymNS=p#Yi}h6<1ojUTB+^~yGSfK`xPtHI7%Emjt1W#IG+Uv<6?(kGiZWGh zjUu20x$eymQ+*kyk^;{L=l$9z^eybp=P7Fwh1Jt~ZJf6hX7Q(8Ph^9vvgq%x;*Ej% z$kL^_PJwi-)^ADr5lh<{hrtf?glmm>4VA0D7{ThJOn{<6vetP{#$>|E20H?fwLi?c zw03Aj6%zM408ERqi2SI`Q=$YnzF({E>%p_Zdx*X!SsUY3+%*c$3CIli87tlLppz7= zzdnIFFW%xnA(+iwgRlGLK3cSd-TLc$a@>opMb_yU-I#xU-leJjq9<10C33kX!ONx8z<-Kjs+F`u`JLZS{uNOd~a zK-tgxu4-d)M_)t+sm%Z3!OuJc=)HvW--ghEM_#kdb3EPGVjnT&D+xaXznEN=eg6NX z%-4$qD9U~cWOF&=KpohVpZGh1@dUugFLCAmZHOwhngq!1dF&Ma_REFek9G!gDkh(~ zr&V73uOB>kC~qr&{iQmKSSc`igYi25Wg#U1-xILHZ!`nna?Hc^6;7^SRrGlK(mkpH zJ6Y^yda;7Tg1Qnh4*Taoe+3})MK52^<|)`Sjtv57hjt^=(R}Gk%u$;M|NVvk`A$?M zfE>tsqc3yd0&bhp8l$Elo)qL^Tt&V_`?KV(+Au`d@?NsUGAFHy+efmSLUObPFaJXu z;QvJ~;D7%R>4Mq$TeI>CDz#X^{=UQ-N)f5*SMHpEy~C43p7~=>4)R)0ZoOL=jYksy z2on5%ok0x?W0>}91!sP|QYNtQ;p$I_JbJ>lngA?A`bYcoOZM*qjWs>7mZQJ^rYqkq zM33+ygZW9cjwJkqDZLz(%y=I+?Y8NE!%xIDC?@F=nYaEO;*cxi5ZC)%@aduHQH?Cq zU*qa?ns0V2r%U4#ork~Tp}>ewF!5wQ>tZPX_}{%|62oDjOCzpRW8qW#l~GXhb!{1n z-ynqN*?HuMhQa6zI%$TZw>*28N%N1d32yT&<_eAIHLm{T1A0(h`&46nam7Z@H}o+C zH`@YkHQr3fIeuqg$kVX|buPwpi+bLlllrM6Yi}2k?qTKq`Oy!xO}Bqw1vI&z$n^U= zrx!`OB+%?tekKuZ8}JuU)2=xBy}RMZo<^2Ou`V4+DV)ZOy0UZP+>gA8_RW~5e!0dW zcs5kdl#x#A3et+ANhJW%kPu{B&aOZT$*K8}zh{$Ca_;GMj(PFJpb;ZS2oFh6RLOLK zMMm}G=(o1}_zFMrQ97}0@~Lbi4xjd|DVAK+Ldw|>;T*fiPaA&}SRQrG{ys^PpKd3O z1FTA1KWtr+U;!<^f_v;oxpXve@`tg{vB`NsgM{}ADuOIu2G3@gT)>9l**W7ypcbm+ z<8=Bd)xt8PVU|$w+sq$zd7*Or9CNSb%gmT!*zoL$ZPEEe07(y1K1IlN9n`ImAV@!%yqK8i!{c<)6UQ?D8nw#D8FX{(=2j7wsdpVCLyb+g zi1#RHbfe!0*#VS85c_l>#vt_znIq_jilvmk`9AoOHOlNisEcaT|Oubp>%^iaPtcbusKo_?+%pBbtstHUgut_|aXCpn-mN+l3P6Sjv|3 zJl9phd!S2`3+uK?8R4(S11hHQToi#ePVi40mlJDipO@a;1)+XZ`bNBV)MsJr5zglssT2b!z0@~bkRfG{3e9l{#c=m8 zn}Gxv2Wha;5{|Q|*8q=$@ngIlDy#V@sbiirnV&(P=Oe1Za976Y;JdN`S$5~kMrTkg zHUE9gi@y&?|7y`eekX}BrS6UAGTLXN%omF5->)|hx-p}SjJ!W4VF)68%GmUe~scJ zPd35z)McZtQjd(;DOucxG}fICPJ7N>I{^%7=3sP}q_H1W<^Sj|Iz0G=-vnpk88ctd zvF+%OAF4h$2CPs}pNjo~-@22m6!P(s^@0>Tw@lei{Y2c&>OcCis_o0w@k_OVGf}Y` zwq!4rIFj#y-#gp7Zb|T*NHHD^sh9$w_7A})2Zu4!)qM%>pAs)b!EW}IO2z3r@66m- zk^(>R2kEPp?-FPem3xQTl`vc8*N41cB-r%;Q;5G|1k;uzzlhTkghHa+-3!hP8mGeV z<&tCzaEHDG$`o!c6x}x(s&k{q24r4FVW+suO7u_k^Q`75#p?0GE75coLm@)WDd6Fo zXzDM-eQ?oN z&$>EtI?-6hP*sOJ&-**|J<=j#M&RrT61$3Au0J<1Ktiw-y{yrX7i{!=*$LwWnr_`c zJTbFd_T36zKV(>)pQyt;IqLzze@4kX48-GRyN`>J7z4@*Q7@Ig9G*1ISwLX-4B*zm zD$Kfdo0_1KZe*Tr?KA0mC2SHy;B(O%iPz!Re6+8JcCfwr71Fh>0YI%F5!cpML5JDh z(eGQ(aF|FB_sShaEH|YAaTg(#%yPTV8M?_F$G*@L1ZbOaNOMO5 zy>8{|V_^2Xl4k|-cH(eqUIzxP)814n7f+l$K4_-QN60j~Vn!x=dSeEBP0G)BqO{HU9jL`P^O&o?2ptm7 zS+=%LCBql-fOS%ONKZ}{(dJ6UYgh%u1+16^=a?-&2sQ_-L5tmG1(DGN#gbA-;+#8H zw3d0?(F({Jdm7cZWU*vZ>{_!q3r-jFX~5OvYil)C!iqMeQPl*1Gy#5vIY&tnq5cOE zxh1rPpd0quAjwT2Ii)_0LMO0&lc34FYiFn{1e2jblxk!dR45mXDw`sPf7XS?iC@%z?ScwL`?;|$guXi zoJb?5!CpBb4GdJ^_-d~Vg6g8P#&mmh+B9z3^&Vx^j99Tm_tL2L+m&kH)_Sx3vHT`R zI{U+*QVa6^BeoE=q3Vrn0owL}vTO`2*K<=*>w^m-B%uyGdgDR-a=5cs3kAZm*vINs zRCON5%-Ab92MahkE{eP?2hSw-<1cj#cbuh;ceWu+)oIj=IZN(%b)SCfJCd>wo(`gJ zNV0pjnQ#ukzZD=@{X00>?Fc?}_n~NdB0MhVY2It$Ch~i_r@yqz58FvR&u+DF3`$|~ zg_w0zLzoNJpLT-~EktD$v|!l)Iidh4$KKOF?G74OkeFhQ*nN5j0yBYt*6+PKkHWhV z^C`PDz#;%YQvvjhbw+c1Opy@|>3nFGos_BOKg)XnGbCm+5UDOCnwe$;&R}HRV#KSZ zXYU>lh2XXA-rTh?c=_s2WEYh2rT|&TEeHcUmUcdd=ZQ}aY@Ml*rk6+#I ze2g8lC!%6zy%HMi@xH0bir^U@+GCb~DQHK_EtJ*RLwd@@2u6xZUPK-95eRXI9!Xo^c^5Q>eHW-YbR`Z~S z+2yhWhe!pj%k0{y&fxX_7!?SDv%?kJ_?QASFBARhPqaiLVRkaUu|q&oonfQ-KUX^R z8cdY(7lHqN%*!iFpx zGASoF2_Goo4FhfpuAI(P8_SXUZ|8698K!ynItSdTPt7hNU;r4_tfIEhz%_csF$yAD z{Hb-}we3Mcj>3@Dlj7Oe7LV}A8=|df0Ld0XS*vjCPK72w@q7rX>RY}}$x=+V)_0sq zUREHK8hmvv{yPd!GhPRqQjS{fj+J34_{e#%at&g6lO{l5UDbsAh2?9Dv^ep*$hZt-6%o)BoAdLLSL#q<|pwFW6TlF z>o^BgCEeZ?x@)71hkJBl4KsMRv7ZgT^f_ih$>CZqb)!9sF|C%;EvDd|7i+7%9huF` zfD@a_A*yfxOa3S2WUo~4S9D@!Ke>Y-V?D>P0zyVxjZe7xS56I+mn8rGDnZ;7{1%=C zgw&F9WHvx%dS-1>GT2t*nBb(<)N8}9UyIv&MTR-b0S024*MykHH%6ivxNH*QQ|o=n zzls2qUT6sUiO1XW#dCH`caz77&zoo6@r$ChTTT*s&sj;&>2bHT zGE>N;W)mFT(YnWQRy_kQA|W#6Hwy~>q-E>s22w;JH1e*w2(Vaakv*B{@_oXTCVH#$0TAzjie| zD1KB;53Z>8^-okunuJXce2@hbD;)#@+kfE>0j8T|aVcr<$Z+0B za&kkOqjimibtV!8{99Fy42#DOQi84f<9!xpR{kd#{4Pye6D*EltPs9^?-_ALpC7h& zMX5So=c-tHud@?Ez}Ka|nf67NuJ_8`v5xRj~B`bp;cjJBKZk? zsINL=j3q%Bmu-wn7GryH&joUma%;(D_hKm@Ts1=NTY8v=!m40uE}zGKji&K~KfaKY zU%vc$^NF3Amq8)|>M5UQ9A*ZjN&k^yV6ShYGyLQ!7wdn*ARnDd^0&fs(7S*zY` z42E0YNnhs4B|*Wn4t{yGCs!%G!I2bTd4%nv$S(zwQ$O|GK2vg0#ll*sszJ25(;(eL zA*RxW0pZ7L*f16|7=0*(g02siZ@-n1huup|Tz!`d0lXkZTH|^8S2XLI+bgUL@e%wo z=~*xCn>1V&x-$%p7 z3tbrVBqe|mw;p^nnp(x1F=a9#??P-ht{)Ntmm#mo(|`%qhJroN1V*K@Ob`?s6Nq^Vmkdsb|^F(P3F5*^^cVNjXc^0S>VjFxfvLX%)RYE>ajqIUYh4S6M= zme;PgJ>&)-(x`ZR59odnpXJ*$WHi-@rqwIp330YhVq}nv zty4EskP2-iGy;Mdh?G&PkwdLU4wczJenQOvrz%bn2E%LBWDpUR!y2N+bcBg-{kru^ zt;8qiEbs_(a~@hoPatB|sL=tQ$3F}-8Q-ulh9n3NW2ppX!|f67EudE^*(s?LhbsW+ z)18{5s1E?H002@swFyvi`sj0Vp)0{fbvR*s$iFOKsd6ba0-CAoS{zL}F;EF*zXlc>@;F|<-1B^XQ-V-T?ifw~ zgoN1xQz!n2T{+fib(1L;lo}}St?f*J^GEZ)dST$>@d|wDRSL+llnRigOy(F}M^cf8 z_X!970o-kS)_NZoJ*2!G`1Y^e&08UCahBy&H#Fz_mTj51v;A49cg%AC-lSkC7hUL> zBZ=DnL5GhGY23)n(=6|ibgD6JPVZtGb>y=8b{0-)rV8yDd@DALStk(#49TH(7FMW^;&{Jg7D7JPWNy)dPAt8M)wn{1j|qO_C`*p7?-f`C zui1h{t5&fCOxA>O82ex@&t0-&F3TXS_bNc6s9+WzC4Y8dImJf}lSKvqu^nQ!m6zNz z6rq#7$vbS#(n~~UIzfguQ_3t|AtNVp63K7hl)P98Ytt$~NYg7yB5hg{^CU-x-bS>P zVlrvP0pjt)8A3dhAXwqf{WZnq>pKoG__j|Hwc#)r5GZz}&_(!Mxiu2GwFhC=_2R#b z8)ek?NZR~e`IVE14{%KB;D5z*>!46J}Sknt~ChS=#nzZ14^y( zz3;R!yPdiK5@I3*6WgVKb|tHk0g@y3<#zCI;m0O922TNM;EdYZk<-wn<1{`0Mg-eF0Mz5M$j9%RdB=HFExY9JjvZ`T0iUV&Cib7a6RHf|@G@u-K3Wfd7%{OB#NTwP$5D zRVrD;&_K!(zWPV3vmbvofX;ufV&S~}&5HPv&)NTJ+WdbGR4?e1Ap}tA4oaGWADClw zk#wPlsByCD+P|7x64h@or@Xye5T5Lt4UiU!6u1+_l0wfh(~Rqg7HxC+fi7&nbbUNz zsYObuP2qYz2y!@^eHNN<>O2oP#hp~rj!OUl+N`u9xsLheQQC_*Dt=0#Vsqo4HTJ5p z(Viu*C!CBTdua8UxxxyRaz2#|P>iou?n2C$7Wl%o^$uY8huBN5#gifh0F)vpN$DTJ zLUt58KQ61~b=_c;opA}t*n!)VqDE9cix?T02cQ6LD+|2CveCZg&P4hAmhG`AZs8A& zJ(HbR{2ia5BH7p_2B6p68HfvY&l=72H>D;Q9E{d&4*l8np+J3t%~|i$iyvX?(a*r% zONhjTR#_)}0At4W65^YWzzDg5O7}p_fGd8sXNx%@>0QbYba1JOaT&-2-DlVBAanrKX;~=BjX^E~c}=K_1E5F@f2Q`m zd_U~+^esx{--dL0KQQqBvtI0gv#jiS+48P{9%eb(~kg1G=7 zi`jn0eVBC``z_Pl^}Ih5bAlcsr6~XnSb37MX8&ZW@{r<8!Jjvz4USZE6|&2O7B5jn z>~VIN2FL^jfekyheQFY=$~NdDq!qHCn!&SFwo5VnVlD&IDjWI$Vzcx%)5n)HV^>?o zAuFX+um7%MT>^|1`()6*fyoISCzWZs9E(rteLatk3P58y*WN)aJ znO)zq`1}-0dpZ~+dQ2_nXjOW>f=zxXt4B!dax#ygL6$T=wUn&H|8wsJ6Di+CkK?305{MU;z*e2C#LaF%(#8+s0e`LJSNO zBV2=MT?}KexggNBTMBKPvTP!p7OpHgZB4&^83q_`!l`NtMQ5@^Ea4YUKg^L4r$rvCa{BU!!1@B6D`;jY&8q;#m@(Op!;1`%pnAh=D}H*p zaDJECM*H> z1*l7Diyi*fKro-u7c7Y$*-(QbS*P+Fldb}m{>ewn(X{YiOl&3}967gEMF20mRrFPL zP7SVH6}c;9nkTxl%}?x9T|(i^ONMYuIW+oh>*{8R8XF>Bu`KA@;8a~On1+_28c#)( zo%v=`-`hT{p(l*}M}{xf{8q%T$z{yYhDF4^G;;p-oLR+9cd09Dhb>D|R4o{mDJKD! zxHAV^USGYC$eQYtYlI)oHn04D*RjmqI! z@7a8=d`+7*EQ6(n^NaY;I2D_6o|qfi-oY2@>%rsbOZajy>&%N3`P#>cXJjng=BZL(GNceO01utX8*i zfXDs!Mpw0j9fKFalhk6xrHk=#{NxM?m=1&{ev_;bdQW4^1zDElj(+Q>Yck1t-?;Jp zQng-Sle#jmbCKojOv$f8BcT^-0KzKz`K`6wrk1Xq0glKSKX$yNCL~h#dNnaV)Qen! zVb*A>3I%pUuj$mXgm@|Z%+lVyso7vD)u<()?;`J?zIkLI4V{{q`D+^k?#++@5>y(+ zl8-f2R!thk4u(@qyD&pbdCttT;S_yBS z>0hnjJ7gmG0zL56CsMIwL5da@EzIue27#HnLa==}o5n7n4l!h@nEg#~ z9l*f+X}kKti5mxu(PpCG(sFLM2qV$9x33`Ip547DS=02`*gMY_7B(_RjPlI}O(|YQ zol_%O8Ib@#Gyu3Ri=`)O@1H{gX|lrAyM-w4-+cs{Xk0~AcW#39kbj|Hir#`-l7~Y& zuZ5NKER6&r?;G4beL6K0T!8~47c4E5NLo!I;7Ej^W$fX8xCw}Mz2jQBa+>u6OZQtd zJ-c+}j^~^L+0*xu+!Ah>KahJ;cz)u@SK-3^N&e*hG*dwL{Z~A8w;Cq(@WmTDubMvl zC`-NykeCT4ps8|z8|wUmRUdUrEaRz{B-#SsU8tUJ7A0qHYvO6Of~x;E%Sj7?x*+tZrK&69uD@1{66w4NY|~s z4X%~KkvO%)OD^9MEu?ZCP2H0!Kc3lwGNkqcHZ*D!(xh$EkvgoXA2@JB>OIw(zHNm0 zH{Ur;#b$ehgvDOMSIGA@21f$?Q=yJ9RD?;@m}G8lK{M(5icZySN9apM%RP^x$oTyY zsM9fXTEMJCuHF_r0gx%l=gQKtJ#g*3Hr}vEIGjT55-(m%-o|VRZ$|g>D4;mJ*4bv# zT1#q*em$Nv4z-E6nEY;qIh97#yP)e}&dJaxJ=Xd!RAQO`77`=R5_U4bePrE4nd8AN z;ngs}4RX#xc>te&@K}s_HSMW8cqm=8U@slTUbtrroy%HQ6Q$O~I|?vG!}cH0Js2Ze zM^q16`Ja5}I40d|NfWndCQFc36zcJc0XESS+-aA3^loGHQvE|5k6>gwx-_2!cRsfV zZwkqLX@Y2eJuDlq!NEOwRIV;^8}+o2Pb;{Qkw?}KDGV-i zK;beF-BEU}A4W7^Xx4D=BNk(5T~ErMTo9I6p8}VlUY2$|C&zkO^+usDyuJ%x?5`A#w!U;4VKs8-GDyx1~Q3*n(yoc_3&*} zn=)b16b$<(2j_WBhkIun?rrCrV3FwGeDA*FXEo`+gF#wW>?<|;JETtm$guDmMi7dZ z_dnP!J-VOdt|Vzc^oJO986;8~5ESV%j*efzOWB9=73dLPmo#{;7@DM^Qky5*__CnZe)hNHcARe_~LOF&;YZx$U#2!0}K7=Pr2O`tMh&*Hejerra4+ zkT(jOSS6jOxg~sDOo^1vlCoiAefh;#>z=kC^R9Z&KZUcy@WdoD3oSOasS{xu!}gFj zj;PJ1VK?oaH2QzH&g#wgh%xsz7W}~-X8?%^*V?3}#ns{$4tY`cBG*p8y*N_y9AK;{ zo4;GMNGtm_zBtU9GBNTD|C{??`NqQKoewnKq<`9lHljpQ)4Yd>UZ_?eS)d{gj1;Uz z=GoESpQcbhZsH4~dJldo$fCF4x2M+K{dtj-Bo(FcPo~M|)aq}9qd#iIFD@l?c{gB4 z7i~PHJ>59iBNzmeL}<)rlS?al!vBVcFVB=<&JJ#nN~SlcUvYYCn_i7!zp0&2H6peo z#~w`F2vqam%0UsM*<~v$4KWvFbb%z-V}$(!*LwxSIcQG!td$DjqwA=AWH zc&cHKGbtBGij5xGHi)*3CBb&Tf9J6Cz_9z~_(eOTSAx&*=h_9lY1!0VpIWLq@x*vA zy`5j>ea1Ouggk}f5A8JX94f_f2Umqs21Ny#;h-dVt8-AuhDVnESlRhKISwF$yQZe# z3Rxrmu@hr$^izJCfS$+C59%{=Z*9Ms$qh9i#>|DhRF}(1jf{amPP{F)_wIFzNaDL< z%%q4EhSkVOf@{P_jtMB{XzMqg?&S0|yqTo$iP9W1$5>Jgl|QgJ)2LvzD}-XDQq3lh*LBAKc|ZTcdHLN)p2C z#S6*mnA6$Cli>xvx7WMA-N^uFC)zp0?IYF<_H#=Ed7qZOy%Qf-Y0~KO81%sWl`2&B zY2QYjQ-)A9J!BQ?WR?XxQb!fVFkWHzj8@GAFr(e8w00|l~1HeFsf_7Z`vAnKMzk<%mo(7z=WN4(*2hVb1AbB5rf@{WmvfoXoEjk^`{T^;(>q;Wzp`B>1lO4LaZYs&S zlv&);eC@m8Y+hr9C+to%Jb7FDt%*5!Vz@Nu<2DXV%A3wsd|B_kl7LV=0GMikJiBP?YxzU# zPYJomsNdjVXAt;-{*V8`4I!Gi`WOr^rXJ{q-RIyFGkXnvE7Z`U(B3@rZ8V1zH5{IB zz?qo7U%w|_vi*@WR`r4P&A5}Zj*H+k+`s%wDGs{YFv_#9)1IO?-{AUsSjPo}^VJA= zB4z37>*V>PA(iqmPea?}JS*ZomUUJe;k|KO#HnC@KJ zufP0uUBOLUq8c0M`eH+vNAr-W=7e;FObqwFLm8sK-O`m_(n#FKi4S~l(k{Gvi>q;_ zF>-5_Ck^4iBopWzL`s<5#+)+Z- zJ|TfmLQcab&P1gn5uj!u5HD4p!FKbB{eU)0>@Dqp-o;pk=Ur=&_gc=PRyV+91Y>AM z#+kV3S4Q)b@^XfE_h^h1OY6EN+%1Z!L>gSyAvNqvt=SmuxyB=dI3BRV6 z^n3Va8P&(_g*z8@$b^}Dj7n}7(g$uGX)OL#Jc?jJZAtF+hW=vkbWLjN4m|5p5#^$p zon#zW$XSX=+&>nOJ-Vel*ubHJT6!WDX8m`Oz@cWZLP9TylJERDCeNu9sny6bqM zxM0Fc`O!rs15eD>Lh^DNV`<^50$$#zQ+0v3^&iK|7js;G7JvZPL7!N^t-U5VLk(j7 zimz_Frk;{QZtp2M5X}MuUrPG^&u}e*M0b&z1|W!UZ~j!3dWQ8+6s(N+(33D~2MC>R z9$??0MDZ9(Ta`D$7#zZAQhDMJE(AaY3L*zA;^a{A{moWCONeayy86s1gSqrFGciDD zh=$A0x4CxZRN)@y0F&<#zq)7(K>*LzV2@&}V(-pwI<;{g@F4oczs2V$ z43``=KYIXb9;rDACdlgOJ~(Yk(Qe!tSB$$(PtYRZu2xOtJ=1pa;Aye$2qk0>j#0LDZr^NdE z4^bfdvECsZkgWRB0Qv%16t3S)?4_AeH3*&{TK;IRJC198)c6zfr%^+O+>Ac3N#qsk zyp!m~K_li@|0qv<>N@eT`e=egq0}JO3uOcJA%Gb(44l)FgbS6PFliXBDDy3&!xktZ;kKLnieBSdb^ghWsR35F|HjOJExH5>V({z&uMT*Bp}HDlx}igsO% z5tU(vzn?-$h8&2B*v8Hji`sd@N1{`WIm2n5_xtaTK13QWQOOu`%4@CP#aw?@T_6=~ z+b)h}F|kyM0~cm==^k6#Gt$S(%P<*o+B;UQt}ch~^=Ih>1H7n&d%~{}n|8CuvMmn@ zTTDpv?(ZDEl06!aw@$HemA57QrW%5AuVvQzu`M^%KC0pC_0>j?%+m2^Lu`o4;?tXS z3T?WY#P#cOJq=(bW~-m?!fz(mRvV9LAYnl7bjwFXZy1nxyX1eYm zuTBP`sp$Tx99t9otfBEmLx9z}<Sf@DBR%*d>~16N^088W z4bYiy?-2ZhHqtfAFBg9dbymMwYG3%fy&K@JXEV?a>6Ueocr6Ph^Q^xtXsTvGeVqA( zGsU{b5G0-&W=c?`t&`{WfX5Zjx-}O#XYf!NfS;oP{w(yjsC+m`p=+BX)CYZ9Lv~S_ z7@KJR(@OKA^uQDKoQ%HUhx}`TSaIpCu<3ftp&%H*=c54y#6InRdU5D^)+P@q4%x86A9|9Pwi1Y34r-sNu644H=a|k_k6!ZfD&T@kYmo^jmKCoEwi^LbI!ZVl9!|_l~4Yyz>(~# z!>S0??rksxW&j{{OQn`V-~R3{?HCSvhyv5+t(~7+J{tdr6HFYL`z2vWthQwur zJe-9?OEo0PXU*djVuMEXhL+y&VsW|xrDFs#%Zs^6tWlO^n!B@Y1Kh^6f4Lq)k^a81?G} z5pVBt#wL!@CcTovA~h>$Q~=&oavpTt>jTL=F*|5-I>My-F+&%$6mpYnN|NH;JuRK! zHiVGCv(fPQ;3kjNjHRO(tNz`togtmKTj{b_^hQB&`Z<-Y)UoFF?(F>TZU9o2o+t#| zt4?Sr#a;=cw#ggQ9&mT zyAxfNOu2bbEIoMI@bOYM-}Clm@^ZjQ=83>V)?Jn>y++dg^=V#9Z|c-6qu!zBsYEH> zFz(O&o2`OF&`i42D#+k=c&19X!SGjiETF}q$|ehptB?2UH61f`K9YSwO{ zeCpmLFH$zI+fTP`b$1m}MLoBw@x-tM1;+l38)4<3R#rq)KlIWF(V-qWSU{~166Z1jkl9hw@e@>FI6f7z70%%Ibg}-iz ze5MD|X!-?{@#f5!rZqfn>HHTTAaK8SM1fp0@FDoa@QH0hmLqr;uhrW_&?Gt!AIP4- zT!O-k(ur6KfJUHP=Ii?28dU17?XoesMUSD}s3n78Wl~}ynsX+4@V#a2^FC&lx_!Q| z?%vnIEwz}@h7AX>I1Q_H@?b;v%Ui=|y#Y8nXeDi6rm9%Bb!8Bkk<_m4t$0a)x%86w z161&N^v1CeYIvwrUEK#Z&oNQ=4g*4Qgj^i)6D4o`u7+4JuD-pUxDJRx^P*CP%q+A; z+%TM)7m;T824FUO(>)42M9f^;Yypo}$iAA~?XXEPV&I7ro?t2@J(zG~gU|c+Nx?(R z4h-4E(MYWKg0n>deX!^!YGb+XnWaZ7F|UPr#W@d2dVpTNJ?Rq4jce(B%?(ZX&FnXs{SApkzmLvc!&`Pr0QTEgc zfM#izMEf^`7!au(&|+GxdDv={hdc-nymghda+p+h4j`v2oAPg{t=}F~faZKEcQ~`< z8o?zIEFqep8iHhuU`Ky>-}_A4lMRPP2gN&Iz3nSr(PNE+&RdVDf(5)6ExI81h6BPM zaL-);)q26Q^gZ6}cjW5~@CI>5!Yp>TRgkr1M3E$@q1L4dYKmsr_NvTowmWlJSUe#I zzzV|<@2ziAn#(05p-;__pry)MUr;ET)BX8i-^|ZVBq!NqMFx-8t~(X#3BCc344F5x ztOn1A;%=_k>a>|=2KxNgObL2}Sz3C07lTpa0$AAFD<*3%Pgecf(rE-U|!SQhXsK%~YE}%5;3!4=Fg|_lZ643sX12GjB z(4A)-C>TNC$iU}l!xu(@o`*-Nnhtn=4hjolur#~BZ+Q$GO5oN6j|Qo_aYjd)m~~nd z>x6~lSru>>SXmPnsXD&f4PpRc`fR$r!ZsnVbS(cJ7Al0Ip_|?dGUEsvABGi4Fhs$r z&C-Fw4o3H&0-in6xBlzBr;OWEZTYVrmAYR3j;F=zTi4&I^1Sn=J?VnPjzY-#?ygv= z3b57%yeRS3K(bwO|M=xZ4bB-uMZ^D6O;;)CE#1BgaGCa3v}C1uX+1(k7wVD{5*BGs zG+_bJx^?t9dL4H}P0v&KyLvTdDS7grkFJ##=7po!iuhr0J0_;^hjr}&aR%k`?Du6-xH+>Q?13s2s(6GXbt_Vh>myUvs^}4VV%ovQ~aj(=o`d zTzg6*cE+w)Q8Mn+1kRJT!CSY?;G6L7$&6foD5F@jE5DJ$8IyNx;wM|pVtjy|#Zf32 z{vaK`^|1%bT%N1|F5F zfWU|{OAH?Q+jLoMI?n%wa0Y&%$+%Xe4i|YnxL`Ky6RHDBQ_s*8i7-%ZARTD{Au z)1jkhZ4EAeX-JFo-tSg}XP(~^w4QJ1klf1CY*8N&@c%0Y!ol=k%Zkx4HbSyqSn@ zmM$rQDuL3Mnmfui&**+Dvk?3VHgIwSrvPzWZ-UN!MAE4?G(ocYL8r@pBohG}=VtS+ zek?QfNnLlaS2z=|*_e18Dmrmv%=hF&Jwv&X-T*P^v3j}N_jMG<@E;7ANuTIM`CMQ} z$3WsO#Tt~a&+I~&@#a5k-!%qcPGK;*sqaKCJwz|);mpn}sl(NT*7{4o?_9CF^>qGv z-v2rifTvhDX@*1PBpYQxgJnqaZo$&U76PCEn8QZ2I>!l$_AH+W-ws<5GqO8T$b*oMw!*aW>NAr;P6p zF>*2n89=9ORx#QwieK6v9X;EtY(jGjak;7`ZgT0U)=!oY#gD1iaxWb$GMs%rd|m<$ zEXS>Q`->;pUWn&ff)8)y6)2^tqM{%1-F5E-7tG{!pgAlFqg|fS4rkpFGZ0Mg1&2Wy z`VIw?XNqxO^La4^i=D||r4m$5R?*&_G}MlXl?#u0ve$4Fteei}yP539(yw#96M!f!g38y`pRytR*90l@a;)% z`8>W2O1X_PP$3%OY|L8sOwecp*PP9>EJP_ke2xjG2gu=*Q(R)1<*aV6H1`;f%WRV(}%CetBE23Uc$un-&KIQfl+40+=q~xbNly@ zcavMl)aZW=r-b4NcJm7i=kk`r?$_4=N(jYc#*`peYLh?TU%dn)2LXVeNikYX<`t_` zAG#318{4E9UAz#K8Cclv4k?+VTe>r`*LowlD$V!!g`GTkfGWRnb-dzW9*RgamLw$k zW1BhrV0*5eGb^8Oo~lJk*eptCbQ34TJ`vrM<{rrU$mH$p_>D{1|NOt#qo*>>*kJj$ ze)6FTIPU`hnrT@C8>dvN{YGxij&?n2TRsXe_(G05$KJo13;$>@Q-G(qfcQz`7V!P- zM}LNvbvGre<>@KFDITd7u@LXE`uAn*cV_kqSBPS#FvoYMt!q7=tm~l@c3(xLPY^vY z^1<|^%JY6P7UIe&O)0B;@38F%03l11@iD)?pqk#-5M&j?N7DHNP(ToF+t@X9ttTw# z*#T~pUvm^jhmeuE=qIvTv$$oaWe1W8dS*?qB)wGz3CXo@tT)F<&Y^;O=!GZ}A%2I7HQ-qJv&Xm8yA57wQKb200 znW%nvrQY}Kmyp@39FAOOx!;0M*Lu6>Iq&E(XKDY7QpG|dl^yC&PN-oraq2jyMqiDn zRgQpbkCGh6Qcq$>LMCs(d<$Ujivv6GUCS~E!&HP8D+>FRd+QWyW7D);zukRx7-tr@+2*VFm!vTT*&?VuG`w9YbDXRvJ7@Vc5`6Rl*amc( zxaF)Rgfei)@hnvQCzmG`YBK$rGGZXaU)2|#N=Sip>RW1JW$d$K9MxZM5+_h+SM8k( zcrZoZXhE=P>emI`wO#;rEyxt0g*<>uLX4r=6|fhke?yf|Atpt4erXXeRJQBs_3TMr z3Df|^G8J1zb7u%7thq+m!t9U#bj8g*0yOBc#`25j z25T5suo4cCQ!#Q%U;oy}+BZ+ztH^l#R6s-x)0P;MzwLFg=tN?~w9@c4?{G1U>@~SP z_!xF#>5n1c-fSO`Jo%^|yg$7Zu8m})DR*bK!7NyGkz8WEBA5K03`ypWXP8l~Z<5Yo zGjbF!>KRt#XQ6ljWgX@8{jwNakyOK2gX6 z00Kmy1AGMv6kMBHh*R{l4Me>;Fw8+GurzGF`2;I{(ekIK_+IA)#&nOA?@M5~igM2% z>yq=5P(OCEmJ^w8kyR3rg^4Cp` z%>KLbdMxJDZZ-(9zFh-n_K|V$tn+00WRdzAWm``**ZgGlE{vI75EsorMQLHg9g)Oy zQbJfNfIjY6FwhybOQs4(nTwOr*0r-9EiS2IPzx{t8&x^Bk!MPTY;KX5k z1*sjoIN@o?nmDxg@>iPjWK%sQu|Bkfi_9fX?CE_{7w}JmXI@4 zXLR!1v$`c@1Gbw>F$;ZcqXj!4z@tC3^8@*&nJ>s~qb_`C0PYnb;PLX88JA*u4hUN9 zsldWAT==7VvhCj2zJxreObk4@01@ygG!_xO+B8=7tI!#OOvx5gH~UKsMw*5Iua;?G zamq*i+0)@e^8x6eRB+(Yd^RhchbFin$Mfq@x04xEdb+upkBBK?x+GnfIsWKu;Y|)DTOZ4jI4wXKW~nny#NL>{O}!=oD1Gl(7^mCL1?m-4$n zmI^u!wS6bMmJgTzo7`T}`I#HM^Bt>l#sPWBLz#%5iJVpU05Mn*2(I!ycmd0q~!7LNfk%t7F?7|ua($Xe5u=vi8>jP z+VAVxej@$FKaSV})@+b4EzxgYiZahLc)MXC=+;|ysLgp9CY38GUbLPsYg!0f2pOBP z$#9e#3=t?Q)C);e-;so{hH0nJzzg53vsOox;2Y&z=knOW6@t9E(p0OPOW3pj%a{Yq z|9+e2)YXASy$auFaRbM?0`RJ^0A+{MMn3Q4NQmxOOQm*q zS9I;1l+gTURi5+{Pjc*?dx@3rwzMdI5RND9%g&+gv>!k0I(|k>v&&|q^yTnO}iO;n2jPN*JQN!6DVfxs6=>i5usQbPmvFPx)kNP>Y8t5$h+4W z`29P#s7hKEMfkM?_7|#a*=29FEYZZf#FFv(3dWlFxl!LX8HzaR0hs7!ikxbye^`CC zB1Ap)wk^p>IV77=xv9^TaMooCf-6mP57#kU7T9(b?7=W>PtD2X^>Q`eW3$Ko1BB;g z*8i#9xR5Z?0LnH~LIiH%W|&%03QydXI4KrODg#PJ)-SX?__aE?jpb zOm4Oy7&CbGNqIf)gb@6NB7y;Zp;md9MNNaAF4YW2E%ff2AMYN=?KApfriB6S!3#MS zz5s_g+{sTs;1*TGmf(kSHw}(oK*MnK+jKzK4C*}wO;w(bnj_$3fFW5Sj=Mt&pPp+k zbTuBF)-G9(pR8p|@4qZ0QB4zWth4r}OIbRCs;C<9{rIy7ut|4uSDT3&Qv(pekndB6 z<1K4|NpTHR-=1a5pY?NbF`H=@!UZEwsen6kW56Bi8B%RtZuu#|m1ZTz^F`kgr%*t# z$1rpiUUl`S9|x3rL*`d}Lo{tW4)7@LRg2c{E82>+nuI4vS-Vu&1+g)AYQ~z4|&R z$$#4se2%?3>X|^1md@dlgP@je}Dz+iQNV7j= zsilySsxVYxRiI4~zuT8({v$DJAOjR)726>hE#!1x%=x~}rF%nQ?9+QM^;uRwg7HGl ziuRUxuUru>uf95!5Jq3~%l?Oud5*3(KW&@7bJHxVciHdw;g= zqs$0-am3o&yR^qw{9q!IH~`0v6#q`rS-8GIXaw57mMYK8-HyN>4;yIUmQH@<7a_$e znM*jxdWyX3(NYTNDgTb`dQ}H|PNU7MQAr8#WhqchBtV(b;!qAXvZleaZk_ zMDA&jp}6Zq<@4!t;5U8UW9FjdtkNG)b)NMi@_yjRrae#XnT!2{Z_l98%3$=MI zL{jGM{6IM#U^%0W#ElVAYy>}&MG})>aPdk~1hV!e!WsX%*>0eVcP6-7v-iAjiGGQL>D-tDg0G+I zM+$eP!_+98)hJb0cFDZYBKN~v>C9foze^b+5}@4#jgn@kIykL$lr66;PKe4|vhvJ> zg9RfI9Fwd3*+?1cxs=i5xG;(56OCVdrS5lvc+yRsLhEE%n@gLlAh?L0fF~mF(kAun zoJ$q}wmGw=$W@6m`2nCp2>iT*BfZ?=W9QCT+$5Js7E-0k9 zYJ6dPY^CfXtV%47>!^u^O33EoK7J|R)-x3nW)Vw5aQ;R`{?nnnx6F6=b;lOUW(O_L z=4EO*X|5QE_fo|;R}RLr2JwF_d4#e^d!w}`8t=J;t{+j~q}QnN+&5{Be)yb2!HQkQ z;2HIxVN3jHE>WSc3C}Kv^k=;-HLMERN6Eh-@6T`ED|F~#4){S4rad&Ieo3H@@foIt z#D>umR0{J!d{n)YOO#B0SI}q_3bPn``Wa%ev-3U%;|#kfDHR|7rql!MtnK3^fXh$e zwJWn5A4eBj)24?oGGa+SOQ>q!vht%vPY7K>=XQn9?b&7Vv5Ij}!_{eQ<9jP0Q+Et7 z6}#0lJ>w^THJ3eAcHZf6$p)yeX>heNh(t9zX2Ic|a%aup8@pOutvLM}Ta@ueBM~Kb z>no?P$+?F~3pi%fLG_lsIouu%4><6l`V2BqcUT2E^td`YRp1L{g z&S8E_Z-Ldv_xHXZ@OO?>eBzWPb2yj|eZ>#l``mP~*n6f3b9R99Sn$dPEJ8@XyCk8N zchxSaaL`!e}(B(T8#V?rCE|-2Pf!q5uB7~cITI!Om)ALzl^kF)t&J_97{_*RS-=aXVx~qU|VnEd1emlRg{1c(rAH< zyB=*R_M_%sKgTO9_b}$REa(aKBI$yLa+15{xvy>jDEZE|eaq3^2gi~Vuq=qMUD+Xg z<<~ZvF&q8u(~l0G*j7FRz_P<(fGA=NzOE?9+iuTtiTvD=B+!yUr@2Th_!&(>ONHw|sP-*tU^!4P=2>x1sI zE<*PD!zVfy_El}~F4fBL4S(!oOeIDc^LfuQBM~!yR3b-!8??`;qbgT-N+^XvF@W)ql=qhhkHbUDI3L^ zh1Hz57y2lEm844BEzI(&zlbyHF|$WCNb%ct;1Kf{r7(B7)JzggEll!q!9m#Py=KEb zs1$cP-yNwbS-8JZeu%*9lfmK*o0JQ%MgkZ6;DY{zqu>W5A8nt!;JZ1q8#-Spl7KDQ zvO+9MN3XeNmb1Y0mQZu+b#AGHBh?zRgY#H966Jbyb24Y&AfgeRmbUm<*0oFiQuR^7 z`wKc@Yo_1ZCDv`gsq*n71`|hQQ~_yzB}1>hH|R>e6R}Ofq{7Bfm6ry|nh=GsQrELD zz?iPft@OhIijjqmTgAPb_fW%v{CR9H+Nt$;B_mD?}|8!>yJWMWmwIHLKEMWlmV`o2UztxFfAY{W=rxmur@nUI3< zn4POBdd}s=k*_f7JU*Gn)6zy95UQAxGWZvdH@tT0odiEhDf5^6Qn4s+=PxJNUz9)E z+?40_!e2j#yY$iv?U zqp5*EWloc&3cnZ%k7tB`*F33iY9`^~vK7ACHTd>0tY72JkxJ_WQN4~`VCXg8b*F=19k#HmcCRK(Xt z+v}fwH?0_o={oqS4uE)-3@mii!wb za*1Bb#sfxP;fXzZd~XBoOW#$wreSiO>1VViF6|D!##+kdr2inQp0nxbP9DwrLv~$J z7oQ7bFqx@G6S^GlIL03^{}A}TCUV*E2W(Vbaq^W!tLx^%=Gk}S@2uV@%`_goELOuj z+46dR991|71Ts@awOFbG-QPVSaupyu4<1VtDcFnOejS#6jCf~C{GLD;!2S@%HmS~u z8+~}0F$YMT1p2d+0(Ub^UaHHW%8@c-Wt*)`#HIC@9C}9x`oIThk9$5~s#UNI zwKZUj0oMUm7E@m7BwhJRaK4;3KR=hLp`5#&Rr<}-z%wZcvMJaoQy12Om&?Fu5<uUpJ9Q&2nfXev8qVx`wxD#*K1zKLSvNsFPRc zLl!zcLC7LEEFu&b&25(`&C#Ll;z*Gju$Kl`G5`d7)`}#rZ`9gZdFiINpJST)ZXcDq zr<83_i@g^Dm`yi}a1Gssw`)b#fqj`*gY|1G=igel)6}9Wdvxe?s>mK0p%S(eudCJG zObXKE7TN~mKiz)hXp?)7=gYhF+1r-)h#ph$#FL&8UVgXwY3F&et8IiUY*(C` zH8F(W!c5wlMb>9G3T#w8?w8W_Lc+9St_d~q;Q-5Av=jKZy zfa7Rn{&Holc2EDK>k@&l2PF?0YnhRqFf;I#k1USdt_zwyeB z)=17tjDPPtM8anr59Ex#5-Kkeypn=$-Z*4He%QKq;A5^mWO6f3mYHevE@J#z6oCH3q!BG7^}2}l-b4t(laEq4*BpBO zJ-daLq--=>=Sfx1^)YqgSL0}p^$g=#M(vKtTkgXo?j4PM0*3ca|Za?rj8UA(TnvtzC;4o|(Pe&{^pE)b!=&u5MD4hDrG}t1(3kWFuog(d~3il*d;v zC=ar4z(k|KDAuWEW-0_l$_w1$Hj>`+xUP+r(60cmr>a7Pm#Ovm`bjM&t8YzYOZNg6 z2fmau;zx_6qwx8W-&6J1c#2ji$bAQo+9LDDU#TB;yi+DPy%9DLjYqZ3HUU|7Gs{LH z>qXDTM8Fja$H2RQX`$ZQ1)HH1f4Zis&}iukvo)*+Q>SSba?tMK-gUS<8vL#ALNW&>oLN*Ig?Vxx@g83kL+wDF69T3? z)l=*-MzNlpigz}KLsgccEQ2CRZu(W-`j%4W(B#;&B{7h-{`5dtZEOS!!*|6zKXY^0 zF{)bQ5&r)5(>O0{i$<@xAE=93necfe!}D8SVKrNv#>vasfd?PvtD4^$B9H(Ki*AI7 zykoW4SDm>y-QhUau;lGxRIQE*o|j?4Us!~aD>Bae)`o<>l)EdO)GOf}wsZmDf*iOL zF#tvm7sT+g#`;^AlnLj>yLjr8M9og7p0V3(W1GI&`EI4Q3BcpI_{R2J;$KLYNKkul z-agQGND*2ztgrb7YIh)5qD}N{wR-Q!MdUmsDCtcTX2A~=JD*H~lf`=hBml^({}8)$ zh|ntaWNEjb4o-x-jRksx#L0I`s2Q~VL|D@&jM?oUwu z8YuT);_N4W#$5YZt4FQKRs-y}lC19z`uTDKYRw-nKV$ydmOn~!++R#u3X(sjl0{gB z?)K;`!iN2Xp5vi#5KK7nCVT@5_}pt`ygRX*gYeDN#$4Zdr6}X?ss6j){~4lwbOM4}GDB}b5S%+Y z$$I5G<=T@?R(oRT?Clx7+4W+YPI2>GpGJpI=G#=C`M=}&zxmx~{0roj@vpypy1_bE zvx3D@ndSoP+tBu%6XN@#Zrc?sDEqg#tp5)|ZSkwU-v2-3{o?msL%(ji{!o{p-9vu` z(trP3zQOhre`i@Mh+F=rs33pm%YM8FS_e`&-)(v8&UiGuR!+cpVp-Qygb;V z@Bbm`xJBO(zJGV0^DnzWUu=EgI`6orr|_TQkDV-4fXueV07QQHA3PR9W9Kdl5F2j9Dj5fg4Ra))kI>(OK{3>(A){HOx)#eG^qgKlm z|IzQ|{w%QmgC+2-4d5H*s69Mc=ond4r+7tH96OqDB3Y-KGwtvhl#fyFEnCNLznez+ ze|sZb21g2bYciKO?jpEjt#$PCviH^8xxBKj9r@1uoTWjFHVkp}@|}(KQ15y-?A{=G zdf9jVD-C!_r;`6i)yk1;9naeS3MF9?D^U2H3Y5`dUQf%O;-URYA3bNMj|N{Q=xX3Z z0Y1t?uS`N5edn57$r|gkcyD*NgEP=dpkccHJam>CE}PGeDHVHgfjl`ZdI=8*h%2eq zNAm6s)iG1qK90n`zFIma8(7oV9y%kmD6;2#Rq+f3$Du;h=7r}EYY6jngDzY?HOImG zGI;EECd|dikLnEVR29ADf8A$n&%V!JBu@|#QGBV|W8Vr{qi&otm<5FPCO6^ucZpHF zk7!<%%Q%~Q2V~^JzIJynADAtdK4`x3osPf(I5C(TKa#ZgN=4B1)whh18-A8w8;{&8)g4iA`_<3dFu7Cf8GYdF4-S|53%=(w`os3~YA zIP|4xJCjMH$E~ZYW?d{ZFpBXL;wEwU-f0$oz{?fZg!6J$Woh!hCUA|Y+Q4*)r~0#^ z!3!5@VPM--kOKK#1`iRh%X9Uze>eB`2brqw@Vm+VL=CM>2eUa*%z9(8)zAu+8tL3A z;h94L+(y|kVQsSBj~|Zr)&a0vEC`7Y0=jFXvJ>~#>y=J-*mT!kXR(OLYFcuVuQh7H z%x()$eBhLuMP6nXDcE_`_36b6v{%uTJxjx49BYmN->*YcVC4v|+C#pom8+ky!Wx)U z$0Ia0=B~cJ;dN}F*xhV9!B)pbrk& z#4p8T4#t729+)cOu9tJM?K3}4>{)2?dw6HqgTI`n(Xu^5C)U!3l(W#aeR2GB28OQ6 zDNN)C;F>Q?rP|(YZ@(?2nAUpHNq$3?|553``&TAGQRRrhEAMyt5b;9cc#gY>hDD_c z9dQ98OH`dXLU?|IQFd!Bu8hi9PV`5Dk-M zgPYBBj!RIeMuQ9Nh)Dd!5f0YaiP(S%5-?D!(n(TEGaD0tp^x&uKxCE zJa5O!vX=OXYgsbWbL<@h0LDV5@76wv=hqu{?Roi)S#~nkrQz`O#pJ>u_{qe2y#_}r zvNb|JlkT+S2hW@}BEYuqUm;9WeB0h$Wq|2%tPN3`v})H#SA{z)#$L_r-^t)2=U{Lr zIIgaC8bER%s#=fi;Y6x05(`aMOpHlj=~nq8~lg{ao@P55*t?Me*VSI?X7ahiTMM z)0?nb5z4zfg!nnCm#hvyz*9MH@BwGB?Xy$+b8uDf*m@;+8F_@ua!>o7emhVzL+LGj z?FN9nE?b3U)6ci0+4=!+z!;;UoD1)Lse!85e{1LH;!gW1667z?VCf}{xWjmkDWqv7 zUwRl98=ct?+et(r!_BUQikp3n>16g|*DE^mW`0&a$N+r4|7_-+d&P_@I0|0qw);q4 z9AE0Or%Eth*!ve}r+qwGK2%PXf>r1$hgtF*GoY$aVM9D^B|6^OYFaNL1n@CyWR*4c zy7Hdx^HXW&Myn1OU8skzoU|vjE#Ch~f6E^T;4rA8tFhtzj*DBnY6ZN!V4k<`Cu0G_ zJiicejeho1r_?U#IRJRUUK$UgW9Gz8NhyhN+CXT9s+s@?Zdl*90guS3#A{qGU=#i1 zCs-&~WvbE}z>wp@9AOD$-t~rs{Si0qfrQ0GB6*X7Ae|3;&b=@rn>Mm}VEU5y?9)#j zL?9X^epgPwK!%tg4z1}K1L_fbAWs}P`Ot$HDLj{X?YQL~ z!Gm((DI$}Jz*TXI?&8_J`-r#IPssiWk)AgK=8wsE32naAucwUK_k6``C-#Aap~gg2C)$0>d2;~fXYh*pzEr%Ka`dCBnrF1&|Qte=G_)sFGLKC zLA#crGbYPVG?<0&eLjS0us*_MvwSLD6_!m99eruB=GAYil>KmLhMeS!bD8zns;Iqy ze|k{RM#v%i?D5JuAN^C$B8RH7^-Ll3Lu8N#0ESV3LfxF^(VDXhOwp_{LW+i8H+tKy ztphM1nGLPW$@8^3a%A7xz5TpjlWjZ#z<^b(`e`(e@mS9mS^WpNB`#^uJkZ+Ogp_aj~v(Hd-z#rhPlr&w*QfcXe*kvr^5+UM05thR&T zSu_b&w5gu~5@2e8Y9V%q)cAM&;d?haX9qS~e!z&y^%==+2Nnz^z|bRVc31ooj;?|E z$-Gn*fUiE)UGWgK$j*$}Ut#A@20uVP=ddvIw}7l~!Ug>59C|QIKdvaM^Kg}L_l9T# z$=&Q6=fdvA15+CyxRy)YjR#N|KpiI~61CJRL?k-J?#mEl=<$_pcBt~p7Yx@Ox~$*` zdS4>~p&simAzs4>#C}=;1b`VXwwyDMmCs#X&R3p<$DvO?*toE(85Yn36mFTyv?EnDWBF}}?x2$Chn_{w4rFPVoz5LMz%M6BNkpi4()T3k(rvMEy z=w%LwNu-7O1S*$H9PZlaKT+a!s^tEd?|Hs)0M7KqE>Ykx`a##M7{E@E-W#M0d%aF0 za{3vI3tJClpLcN_+++L}57^_F*ugpVe#~2h@Ixh29t$yzPYIag%8I7OM^KGBo198n z6l_6XjNc8E;~bEM!+s&zYH=)H)EzJ37ot38&B3A1FM0rJxJzkyQ6S?K=jJJIrrQA$ zjA5z-kgb6FX#AX~Oa)va0*MHwl_{AI{IIik^ms@2NGr8pC4kRx9y_18qcLJfLDDSZ zC{`39k6A%=c2wOhnKdLadEjJZ_h*ZU)dqNR^K?Fxz2eiEE%%P0UO?dWfmT5LuY81r~6U3Er=}Y z_vBdwImWrdxW5P(Qr~T`mbOZXYe*CQY+1RJtT~RC;SusPbLzINpRp8X>61~+9X)(Y zU>(ojr||y!-@O`$YI=P`4zG93P1!RZT^kYCeEdRg=bffkk9~<^ZTD5`b&ElWgmwIU z2K>VSPHY-(4{3Pg)V&dbFoXM?RiMGb^m?-c({*C`8PRhvj~`kZ`wH|ex&{wB7BSrp z&RAXY^gPAJmD*M)c-~$NcyK4=)v(T&=bl6W3&@R3ku=UK#c3St7lmZQQP~mWM;0zB zoA zUafYs0UB>!Z~!nQAF$j3Z@rK9CO>s;h4~)h@E$4@B^^m5R%|j-R22^54hDlbx#KL8 z&VYMH@Y~ZYS?+*;W^g%^NoAh#zD!1Wm9~MU%S|^mSepv398LDzEQ!u3et+TRgSWJHKCn0u=A~-u6<$Vp7)@YR zfkd-4o0^JxNkWfIWx}|5R+3D{+QW>2AL9O%>mc~rkjSwO$0OXA$87+nl1x!>E;c)r z$-(WixHsE!6^5okb2kUMgQY_onQL4;Nwj#hd)>F~e&E7sD{wmrb0mTk8(k0v*>4yo z0-2^TDR1f?N=o6x(3w4!$BG#q=SJM#oV5BltbQ5++t^)-O=u ze}5`kymtKHz-G$EVvKX~h2xBcq(i3#@B1_^M{WczpVGaZAr0Qkfrbzz2ro7zfpF4u zry+kpip@(h`&GrU=mYzYTJSNV!3|zmuU(J#zzE7uHDSnYe^l|A2NdK_xXwW{Y##JAAuCXfy0RYqiV)s47CVH9u1Xq=@+-{Ge`kJ+7TWg+;a9r!08?UBb1E8 zWusr1elSOIa#|dDR6HrIW+iiA(=NlW^{C_G_okbe$&VM9&S2TBE6d(DHdJ($j~^YW zt~_xI_@L0W%{_YbMVd;yZ}WJ|#{w%05(Vg5wNBe-~(E zL9rb^No2KkdnhwjqXn?u8V0aZpQ9OY)(lfwq|bGv+7oTuA6 z5RfN6oa49>M@+tv=a$lRnltG#t7nIChgbS0u#GU-I8>WG@8KE^uD<}u4QHwSgjsq& zUiUvWzxbOe>B!9vu%NX4Wdd4)swy;J$^x(Zl4@{Mk6k{43hHpdSs zJ!EgQHnOx%GI|X568Bi@ZfyMcVkly3Wbab+-0*RgG{-SY(9yT7PNCyt;lWqroM12`?UlwaDfU*F9gcuBflmmbRO$Z1itpG|#m<0kzs*6O!eqgzx0XPw9RQLlM?7q#!z}OkLf2$pb$E|%4?-J2|&+fA5 zWI=_%I^D#^B0C@(wEfGPYEy{l81wBCs$91%)u2dCO}+Ry{}58Pxr9~D7)!@**9#W{ zM1_`EEKb>NwMuBKd8MT@7hHN+cm>j^3&2|3Rsp}ti#5lu5d)jKZnJd!mJ!z2lv@%= z`K{5v)j%9|e$)S}o1&uP&CPna%WCH@Y?ZTBU_1wxku;)*8PL>N|DyuRM-8q4oIHG= z!ujL3mtalxf7U&7UNq^U+Y(H^!5HEHehWCNTNR@E`)`U^4Z=*0M{7I2Ue&{S0aEw> ztmURzS-4Ct5^>`R?-8Z9NmIZj_VkI5g})jR*N8yfkP5Tt0n{Ffh8W#|3^X)o{L#0I zZmqG8xKDLYA&C8d_C?rM!SCu@agw%yM#UBcekPArj&0-=GA&uL_9qT&{zHVw84czs zH)@c@L!l)YbxrmUD53qv9|ft|i9U2f`V&W8kNg2WA+3FE6Z>24 zPb|S2+x`T-+gY9t8AHh_#EtoX2z2uo`CCnDF4(mFhE;9})?yNO?f!t=4F&CqZV%}m zSiyTK&AdNQK*G2cakPJE$wPk3=du<%wc}5W*}G4_>n$pUDqQ%pLa$#H{z(8D8hRY; z5FF@#0!>6jJR$-@PVk?o*&+a=1aNUxf(KYlgp@h9*mJaq2do+;0Qb3Cs!$?#G)s~p z-*rB2oV^iF#CA72%MD_a5VuoX+#wc5{eqWJeGqW*a}PV<6uRgOg*p$fg)9h_W=-JN zLZ*NMfV*P-z}O$4jfl+3O0Z^vrA#Dr{33v#jSwfXC43E|+x+6XpY2yBX|ugn+TsSz zEjDq3x+!8ZnV(>-E3N(quxPYJ4b^I*JbR{bu#~Yr{x_cZnb!APWq1z^=ejPv@CV3^ zjA*nsDwccwiSoN|@%}ZuehMI|2XU|c!GDRS^|oPAGCz9=+h4jr7@PBpHM6oN+?;%2 zAB=ypM+|DK;eVDrTx53cFvRKnEszMHwRY~eZYkho`}VUhKRJ6VyGsue7(j7MyHGI@ z%=lThl0uzPn*yG!J~8;oT3gNj9hLG3skY3UTX6VE?Y}`%%$Ds>YTBy4r2ro997q2P zbRh9_bKjp_{97G}(3+nF)KCD`{X1z~lQdUIxc!?{{6#G%&O5m(ZV9rjB7aAfb{XHF zZ1+1#MVf^FgxhbuV-fgUtq_{v06sj;>5^i7hhmml)qO~OII{p4c}ogJRzFKWR9o?5 z3bECPVMx9;k$#1v3*g10g>+@!Eijo$La_Y_muP4is{l?^SG==Y^pCiQ_zyx2*KWD3 zg5$PGZL8aRV!_CKSj!^C3&2Az=Wky=%%mYzuy5Z!OEy*wsGJ)otXfV%!a3nLP!3i6 z`Hb-hz8Ih2;_@5xIJa5;dQq)TyC*98L{xkW5D%0pSC?RIJMCOt`ui8Rcu<-2-d!;~ z1rok3TTpR5c%GqWSkd=KyniTmap5Pmiv0EyS`zj6g8+Z02a>wI@akKazv14A=O^w( z6Ceq=RRYxKK6u&|6FQy#1vYV#7nAqCsx6+}8VG(z4D(o;M1%8R;RPHMy;S&b2nQNw zpKVddKjelTURKDw{cBkHoleA<55&>?{}#xO)jXJ5{F7AnZVeP$P=$DGLbLYV*cLfO zZn4M~8aZ_5@9em*Oge-(O#GBw^^Xk`=I)NW-I;vS-cZ|%FN%xa0B((-68YVKWL6!{H{)EJuR!Jc6TgR;i&}26&TrS>fknCWH%SN$D5Wyx(D3jl z#X!6R+1gDKkp3I&Pyfbu0>6L?iGrqBbA>GwY4-o(s5%$9T?y7A99Qoq-4B7vJIhued`Kzvl9t z+kh?}zzSFc7zBVZMtm@!NcoeCqoFVlREW{VqDE6jvi|O`k5&4!Xi-*eQA|jBG z&vYyxDF@AU2GD*-HbTbYs&A^^=r8ba0OPH>N?aLdgLwfMuyt}m2nfgNHPGQwn)ZR_ zkaEulAczL8?T^)7cqJ;603r<5r13uRV#Phrc+H<82L`o>8301gP(OZ#TJcj$CIVOr z07n(zWNiUJ5&#fz6b{)A`QpR?05%M;cu8axIO)YIa2fyrIIAjj+9{XQrcyHlEAM`P8_ubjbs5fi8X#nN zU_h_3y zbVU2!w^?#eU|@=A4zUfVrY8yP0eYN;N;=o(x*jt^&VHTasDoc$3JSRow4KQWFYmv! zvGGY4D+HTik7LTU3dkfP-cO>%^b(y2mtNeGv0&J?D_t7v^2~xK_jW9X0<8NIF#tD8 z@-`4(v1Xb0#DeV`?_G0`vEZQt@5Mo7F-~&QJZU+v%|sbJmwY1<%Gto$~G~9X;XV08EKR{ z*1ZJ*UuPuRX@cz~#~mEnzxJ~%n1+Wsuafc4>sWPxjj_JD1O1zGErt`~T?4M88|xBj zxCWYvpb3r8v=VInc{qn8!$hn3N}gXw_o);I@&v$VL*t9Uz*>2Qu?fTvJ=i$rB#6|n zE^>(dnzd9P0NW%wa=BUcZ!4;;Rmmt6oZt%1qxp|5zU(1~-X#SbL*Fa03anr<9Fo8} z;-AClR%SA=>AIFV+gf14AF+0VzhtqS!8aoi+R^pSzb3*Ov525clDOKK(R~hUQ8e@*T^QZ7L7Z_psLb6O(vL}va?CH!S(c|WpV0i3=7^4Jx9h@ z>rM#L1&5RN@_XEbwlWP_AJ!1zGe4L-ZWtzY48>|{8>c9FY@;h!*g}IZ@&Tx~_H4a~ zQyZj4j&4e&ZgjzO?29X@YIg(2cWQalrGV68=L5k+8&Onz#Rs%ts8jutO(poP*Ip`% zupSaBbQGFr6ZG1l(f3qU4Q>P(fEYdlv|Fpj>>L)|@#TwKt8UqjWYn9}m)LOh6Y%g( zhq)O*Ur7iLU^Ss-oQ?ZN5rUUbstlCAG9og;1A(k?#mOtcJf8L8{!p!?6>ygqp^r=^ z&l^UfAj7KR8W=zV){?|>Mz!N09)2kx2PrS#a!J*OiakX3!F-wyW&LQl7{Ju~G{Atj zg&07zlL))&=(Gs?aZj9h3f|9}8WPO5DPc(BY9Aq+fHV;8BjMt5VpA|;4`)a}Gnr8T ziKxL;ET6u5K-&eEa;C(wdHE`|`y|0>Y32f6j~+8H7oG6^=kBn0%WNq}p$WVC|VK^o3?jec*kxMV1i* zlh)l|7nz0|O6*}L2&nDixS^k@Fvj4+Ubgi?K=BZp z50l}BN{OpV=pLrZcT_#WF@P&jvV@cBwrsI;Bq+qqjh}d8fS~6u@S0e;8lQl7qza^U zB@@Xp-MhQ#lGFLi%&QqKMK2aI`qox<5ax_>Uo8ETzqvk_4{ty!*Yh#VagL4+x^u}T z7ycXGLWQEYoA4j%*{ClzPCLikxB&fo7F}>Ixemp?UfOynfP!8_5>->}ncJv?!LSxi;f+2JGPUb?L|4&Q_J|__wYWA>^&0c zxDun+-|mG4Een!V^n#F~^jgH)G)-lmru9kM=Pq!NwHA!0^eQpP8kqor* z$NItDFoISIy|?dl4O67f9!Gx!eW~AZJJTSr!A$LIue)Rql(*q;3yyUMTM`Mo;S3d$ zpc7UwEq$&$_?-_AnvOZCa)?3`g-yS)T9qd4l6+%;)Mcuyw-*Qr7M?hvL7saM;x92; z11xgQKC8P({IRWH`I1OyGudMW$H!&wP^CJtN54YEpw53?<;x6$zm0|-xi`4KKt_#l0uECk2O(43_Uqf)N*x3ZXw9Jd1cQa_iIW}I{3DEBJ$x$4m zN)!N^08w9h$Y?dz-p@PqHCG?)=FaaGu#`}D^b0B)F&4;k(bt|Pv0abgIh}e9w?1MA zl-R+pP3ALZcnJ}1_5{yar(luXPoai{kqqMWGFk7Wg$jK)iSxN216AM%LSniPl$Fut z>T=9qm3sAE@0w~_(yB*LQ1z90&$a0pIe{w4tVNas-u?)|Mp}U#f8wsMi_EOUqoO1? z@w)WC=r3zC0giuBXBPUG$?puLS*H6I;YXHey@^9EX#MZ#q&N zQaDuYXlO80KN@~W{~|0HJ-hsL5Ja%Z3+dpfub4TlRj-8Hh(@r~5AqZJSI&UQ>o?%x z4;@g`^BbjJyS$w6;+w$~kaM0mBPz~N0_Th-$!+~|4%_ZJ;>Y0+Y;Lr7OHC(J#m>zY z>)I(z-xvKMw%uqmfvOyS-}?<$=tcL%a)g#(*2K5K3X6c@1d=E$RezSFLNv*7p`{1g2C>o8ETbb^Vlll@kJyy}w3 zT_fkanIe&HvZ`8Q(9g7te4V*kM=?g~v5c2akf{-5r^g6zIN{lg`N?3RMD*fxzT-$O z{9OjoKDL1m1|2a58$?;ohDepLJ!4dPl6KCJM;=er7=-Mp0cHf#QURI@>mrw`^s2iP zgIr=Ec!P5tfuAm=OV%%|;O+Jptg80w!OK?MDdhN)Qv#7BuApG>2A83=cnxBPafxWa z>aQ2Nx_voG{ln_4rJxC28t*_kO#)~V5m#Z;69np^rV?d50MaoRgOHgH;S6(?VX|}g z(l;=Uv6b{+rq+w~sC>=FS@FLvArzkwc6=H^)Gu4Owkp{- zd+(|v^6p1QG5nnDw&G9^IX&W4bRFx4AWoD{aIxn&$<;P$5TW8UA+Ta(1V+kNFLU;d zKjj+mP~H=g)doQmVGY5~5b9X3a@_}hFi?6S(sfjt2qO~i ziL51FH=2MO2CCqzmzE7if?_AkC(x@WO7vjXvV-)@ufvgeQN+yy-WO(?y*^Q=O|xKN zm!l!J%&T*qag*r~_Y8vUVkos>Es%cCh2CrMbvf8RWcbQxO*e?#*aT|6EIZi4g2icE zGc5RR!I7)`HikGgjMenj^M7jr!eamH*B7j93w>55(Aj=<5m6oM25gJ zQ|SquGLa!vxePCU#z1c<6Q@apxh6PmoB20e>pG-^mC5kEb9X%7HJUOgj#QQBF5Su|bWUgML@ozpJSk#p$ z%vn7fa&37=rG7og*BpdQcR1>)FM<*4eT#McGtUL8(F_I1c^3K1st0X%za#v>c6Z*< zb!JMxAcCw#2wUdrmth)7aG{BFz%~WLeVDGY5qI|s(mg#(YL!Ax6t&C^l{s|Lmo~XZ z;zQgJebp)>Q%nnhN8eEV2wJ&f+oK(UeKl&K{9^lZqK;i=yD53Nai@0p0ZhT@R?u9= z(xIQ8aow%(5TVxv2s{TLhy?0ns+qW*f(n$g&^coTn5K*cKNDWO; zQL!NwAc$xb5Ksi9WhGPv1S^Or0lT6EMO11+RZtAuLJ*OzC{cnUL+sUEvmB;R3?YL;~`+G8)k6?7TJT}uR_&=CBVdP{UzoE(b^=K$Ik>Hd*tdP(T06(kmVf9 zbKX0KVB`uzOYXvcJ9vuvg!X-Mgz=2{8nYlDRPMx{rEXK2fJAZb*R5wcKf|!h3i0KX z?ztigd4kdGrwN_6tvvT;BJoCt2|- zBk&B@i15SDdC1Nw>Z(fHY- z?R{CltX=b4o{Q$V*<2>QYfb?``2hqMvl(R;tMU{5a!eZ( zv4M+mfFYGEHz;YQ1XF_WH&F43D*)`pMCiNVYw;#$%!cz_+J@sFbL|>JfsG!9drqf? zE{p~ad@%?J#?=PQA}dh5ofYKs2cDz;J^Ii4<=JjQ|c$$~YlJ4$v>g!KheHJ%VNU02) z5Yc9iVLVLi9u*Jp6@kgbH*~29inI6k(>1EdCwem}pGNT#d&b-14vt!LRCGP)j8yRl zXHBaDX`!h}VNTozo6=vbC(!f>)4Oj91sw??pU!>$8J=tw!r2YqQ%U$;BdI}&YjEH# zrzZ_mAwpc82x2@w^{YonmxdkNu^q&0EI1=Z(U&#Vhyjzv^~>*dTJ^s=_%K|oY?b-A zzYe{aQ3r_J$p!(c13)9L1Qbs0pHj5XJ7~gbxsWdgW%TI!Cu4PGmb`2RS)1X`N{8)= zU%6c$OL(UdZjaD^)l+u+;*)q?+6RL2-M0@1u?%Va(eVQ5TrvSKzBu6srJt8qbcGE+ zKPOvT*}!*IRAJ592Waw5FJCRlXXEda3fb*5ya(nZ!^_IK)~M=XHP?}&O-g3fn_?p2 z@KTwLEe9^dDyvE{rKw*~fs=WgwfC-EP)+pTNiJq&3CwN|?sj^0pZA!p)~K2^3r%bO ztOb>cvCs!Xf%^S_xA0~0)z~I7pQgNu)01&4@Kn_Rg6yTh^!2(~h$r7=LI6UGXks5| zPI|eb5##HCb6!a2MV{mP7LkM(F$$f@@}_dQLtC{aJm-@GK!s=k-s$JyuS>U*&b<-= zBVNB$g9FD04y$dEIiKgLs#&X00w1k|%r{WiO?S_!MiczAd*>$3PSgMcfS(+X3IkPL zl{?JOr4g`Jt8p*Bh$4ZG$RHwuWxO=g)Wl`b&b-cIqr2D+kUPt4+>eRd1yJ@90Z?|t z3Wf8(e&rboT}H>F1Au5W5M){SU4NBG0geb#uG|Gbc`_tE?mvMltlBLB{cRmbPwC*$qN94nY8@jV?s&`@ZIL@n>`lFCNw zRG*1AbH>N0LZnJbph5sox+`no47co_$aAkK(S*vN-W?@MWhctV>Qy*6_!rLd`mD@h z+sRL--5BeC0Fu?gd_^fWxy-Tu_c+x|;waEz2@&^m7s$fX<^kMCLN)R32YEr`vu3GN zq_bG&!eOd0YWO#5&IzoyJOLZS2MLa!pAI<86<}IokW8YBlsx9Ga_aeK`Glze!;joN z`K;j@I3L4zPQQicg-9C{l0ZIYaBjZ74O;%!wN1maZO%I#@DlHs0u94umd+MDXYxWT*n-e^k>prDi z*3@lr%hNAQ{k{S2wLAAUW4MnWE3y~BlZ+yU1Cr&J+?d&mb|y|-!&#R zBYY|(auAI+b#d617kBm+X@Ar=;YTifM+>8VrRqxcpTMO!4LUQ%^!Y?!OKk+-(S--rlef7>KNfvB_*%8K?D9+?XoYvCerW zM54NzVfoCjk{*=MUjTG3uVxJfAO(O^S`3pZIOoeJrrgPioNr zWAE(u331L$QWR;&_N2aF%{ylzCe@PHg=XIU+ECpv?C5BB@a6{RM!VUAUv4}#Zb)4| z1*zMz_~Uu({P=x^Dd=)TlycawfG5oJ{<8pE9yCJSAD@3SHUE~OvAr+JYU=fUitctk z3W$bLNv4#L`6=iV@WK4>DX1QTYeAt@JAh4?2zUbKTyli&Qx1jP2neHz)Z(NRo|5-$;v;&f?Zusi{mcaTY$NaaOs#`yrOqdDG=is|#<-b=_BoGPkX*wjBg8LB}*?#C;+PmovNb4_b z8Sg|BKVYjm%GreKU~=O*OYhwYxNK?5{R_$43OuAcGQZxxQ%}76_0e`H-6J5g*#{s( zA#0>O0JuH_yZ|y6-pmCk%G&&o*O%G(*B=ZN;Q%<`Rw2QFkxQE{=v9%nMglRA4(1?0 zAp)viuq)3V%03g@L_z1Hqs~DyJBXo|q-AtzXC*4Oe621IO-F2BsZIqbIsjY+T5OD= z#T|lE(>Q>P5(Go)09NYoCbq7^Gg+zh1@hwdCLOp|G;~6hlWG~TEE`^YfvuzZdLK_A z)SZdmytjM3v$40Hw06}oE*H@CfKXv=2yV3nV0a3Q0x;n2|583=nO)F7l#lycc@;K5 zl!a)HNC0&PIPhRaljTOaqQejX8Unx|7E6w@IcL_bA|n0KA7xHh1K@AmQua^W68Sf5 zxpbp$A<~(j1O>ZLq7eBaaBi1{kO*p|AI8h$V#8p% z@I4e57w+XG|A&u>^7{J4o8~u{NUvSU{}g8;~vxw%8P1Bk~Q`n_$rT5LE5xGb*goOo#VF)FMZ0#Hknl7jL>o+u!NL``V z^6z64b86-W!)M0lG%_3%zEmU(o}!|`0;LZU+8svI?8FyYwvXZYMCZZ7zw4W}-BL56 zd|fK*vx9H7}$T7j33a_PoB!SDb12`DO?qNX9L*h}LjNXY{KHZ&G^V zj7AQH>7!^#qBdF*uAwKc8kWQo*O}mT)Fq03OI}Z8@f8}VWy$K3qVImXR5G-N8J*iY zf+QyfTt1o(_Y*%Yis!3F$G}`gEx<){`4rmS1~;)0`#ObVdG`$!Oc)wZnGR4FA|pS# zAhI4XM4Q(leL$<@H#-JO_tu&9qZD{c`FQ_~ev~GLre>Y=}U=5!Bb7=Q@5A_gw$)Y^SRJ5CPF>$}s<2KG+R#@O~J(zR&N3u82F zU9T(%A#i8m!+KBd9NH__u!B5oXouMV?o12;@^pL*w0YA6T2iEE&)hI{c8x8SRHb|e z)5074<-nI?uCmL0_L2pWf6|O}8>a zK$G8A>ftK9RI8}J6ZXuFx}39~nkR2(UviV(UgHf0J!+0Sj>i68^( z?rJU>v=Oe=TZ>i5(Ev<5im?d`cjtz}b0UoIW(?fC8&=~tjfia(qMgwAXY4H^szoJH zGZ8+XPsaypBzWf)q}4ImThM-i!_kJwv1}r00MH47{Z4`VI7&G$)FZ?nHP5Y-M-P5X zU3vaz7aSn$>Y7fr&bW6Oh=7mEk~_@1`Q)4_ZM&31+;FwwV41=C6j~sgueLxI-PE}a zpydEQj=Mg(TFXp}LiO80o6)O^-sgc`$(X0Ce(uuOru4wI2{2NouW8XlT? zL<=KUnN8M#w~$fjpi1RWeo&aK*kFYmBWElL^o#CdN9%BxyM;)#@?zQj9fEz!-v%xx zw{B%x2Jy`}tDEsKM$Wl_Dr=pyG9}wINhe@m*t3~XkiR~~Se^!0$$((&C#_8qd;X<< zPAnap#u$!Ax>$LKp&Y(6s>5EFFZr~IFI94T%^p<7UL~UvcWeY>=%_)Nq$3XA{$REX zOR?5sZ2rY8IZW3#T7tnEhC!hSb zbxNZvpd}ALx3O1EZD$~rGQ%mi=$He2LUbo{2Wnd$U(Q&ET{=*@ z#nh9hFpxsav&^9LpWdI?B#Bska+jAHRgJItcs^>EH@Y1RJkeP}+`_($dpf%Mo0O$- ze#QwKBZqREae~s3|A#M`YSOFpWF~|nQ%c$2isK~ENADLggcmPD%K!em%EH6takn+} z^HZzQErHnLLKydo_rLX;a z{=?V5KxkyOX;$w*mIs7KFW#vneE4HQ>(j?fRS08Qa`lg+qtnQZhr`@{OgOQ0u#RA9 z{v{f@b^KQ_gqo51{j(NGLQG!pWS&gjz(e zpLApi7#Fr}PZv}8_%UnLyKyO*gC;ad zy~WW+Wh|mym!F{aQfNkUaN_Zu2Uy#cVL}a*x)wetIJ&S`ytV$!vX(P*bo~H{^0#0r zEcS%%gKwf7Fi#U9Q0iSEol6+Q=F+q-1&SFQEUOQ=9vF}%+3}Dq)u4u1B{#E-!!&Nn zjtj`C_TKN=P8m@BUb;h3$tex-I5xc#G{Wo^B8G>rUi}^g8z`WgsGa!Zx1X7ukK-9h zdIJuEcM5~bujNk&2|QJ%RJ?MO5YMfE(6x27Fw<3<=`a2LQnvP>YSShNH- zO%S~+w7Z^M+*pO-C&fNkmY zh|&`e=j1R$E0OlrU5RUQT?8607uI14C2Kq!;CTnWvld2Cbi?E&AG?Q)mLQI%!uSh% zX9;Y&Tz+#&i)AIu;P}GkLqhl)O zIst^M_qKi;DnrRRGT&un;64p}M+L1g?Du&G8Vi96^KAVmBuB7PE@OOxk0sY2Tqe#^ zmWtN@G#c+1fXHv$--(L+1ep5P`alJ@pk4z;bAp_jXnif!M+Zz=(3@4n-`C?Uv<>9b zoN6S?sn!}TF$4<3@4fKGzx(UR>sj&!)t+pNAw;&JMET7~D)o%}G_K(q7UfsO+% z9CNo0;r`F%=eqyl+$2srn*GD|`7Mlxhz~qN?zEGPaBh*W`u_}Z;U9|sf6(ga0ITkl zPh${H?alB$tyu&F322nN5V!RkFW?N82{eE=9-9i!$eE=JQNeXEsc3T$UoOKf=v)#7 zas#H6RJl%Klk)77r(jl|GVzG-pfy75R(I-3uE>*-|3N5P895E^(`DP4#8+(8qy`T5 zp+SRdOVhD%bwWUu6+^V$AV%K`5$qBnZ40-s@I#%3l`}GqT<28Da8`@q1HT8nlJ&sf zA=}_$gFi}X)+lObF;0jCPg3l)R;^leWuX9<>9zH80)6TJK z?+S;(=RknzW|+C#ZZ0rPDHeIIe4uT-0~rm^m2r6fGmN0tWLLSzw_#3rQLM){jw{b8 zvEUf{;syM~TE^bVdTv)9a@$cO#g;LHX^eZz-~tUsr}xfI%$YUzO_^+Fh$Ji&nmU5u z-%^Bq^_y?V5bAr&U7mya9O8!UQhn9Zv8Apl8b#$322Zu8^lgz2W`9wSI5fzvnO!P+ zloGn$$e@_NKrV3dnS}`nI##=-HL@((c*5YEB7ABO8#F}jpfN_qCqQo3Imbwfrz;6eSvER+ge4t3Rk)8hW?ZpUnr=l7^70Rpikj0piI^Zt zYYZ4|Ky8R?=j-bH3%9BA<88IN^D=h~RKdY6Cwm!N7)^i!+KI6!x_$}0BrI7&k z^=!dGpf104%%;Dch=)0((DcWn14S(t1^(a>Ymo_QVtrF^5K4kVWmq#0AeEmFRwm$zye4h$6i%JG{+f-z9LFW(maIGB@c zb1#cS&@ZS)zIwPIV`Mf4X=@QwO~f6tXlYd96Hw5=GJ*XPxn14Q-Hs?X00deLlpP}IDbkvh+KFzP$f!c_ z3;dCnceqJ$e47iJBtPufgYsf;2Y0mVp*CW z0gMK6z6Q}-5zC8do*J{49B@m@5yJP`;|~nZ{-W|_Iyoi_4LoGisO5QqLhkX?UcD>V zsOSgccb{vZj?bEev_-nCR>imkTw#?97pybW^f441W*W!s^nmdnEOZRVAZVZPJ|cu0 z?RLdm*3lEfJhRqMGAqp3TB>#cs*$F`F*cjLh(rxouWr?Z2b-s}`X?)4Li4UK2ug0tEP7;X2BGI*ZS8*}p?vZ`W3wo_U3eBy@@MJ16- zMKogUWHVwLs^ll8_Hg3?Y5~5Id&}uol9h58IcLnX%n@deQv}$vN(RQKGPySzv^v#E znOtBO{N8;l8GpefAq?HT88JID!$UHG@Yf&bH!~({(+e!q-%}j3hc3V&%On4)KoJ)A z@x?sgWy02kH4s-kc4t1ko&OFtq7enHN73k++Feeq!UoK#zA42ii+erJjv!ywAA@=^v z-nneXLfdezs(F}!~2wCvY2?_OgaNk0Pb>&(2bY<9_D(D+U$ zod9O{D&U1%L~Arewvru2!Jg>SDDo{Osi%nN3nrtuiIMA2qc~2oSf zQq)lRUIoZUDdnzd_DF!OD^@cC+iutatz4S8PXC7>a%gEl-U5BV8??*Aw+LPkt3-h9 zv!#-U_PUKx$D76?Z`~&jzDGYe$<_jk!v>s;WYVlLY@)((BQ?{wWgKkI9J1pgJZaAw z_!r97RK!3&n}nbyU?}xVbWIBy)ol#FGLG*V8F5rV3=j-&heov)2y|*UeO9>ve zV0VQyn=c29+3jpG(((BTXU4^>Ihw7H9iSH&AvlT;X!efD)^2S8z@vwuqX@JxEoH-a z0bRaB+zaz7Lo$zK(B;bm-R`J&hQ=o^_1G|l{(X<$ax{AEf6K$l+?E_JM|aJ_5KDQ@ zMw}?z3hn>RFTeLwIER_;|Hr@oRZ?@bhpkNf8G7o|_>U>$k%!A06l}u=!4eS!zc6sU zKh-RspeylGU<_v;Q2)9WO8nEjZ3yAguZ7VX zgos_0&XVZwP&^7#q7C(1<2l)VcFtOe;4XG;+T76ax8m><`Mi)MH28w3YU-p=D&A7I zAOGvU5%{yXlj11K{!Y2c=L=NKWM(!VpCNaPSgjkl3I&+N4J zQFSO!vqn(wzk9{8TE-$IF0;g3r`E|CLJ{W`w}!+W2%%B}I0SGp=p+Fen(7ehy0U!>FF2Gn^`__ z5#96-qvTF$1M@%rx+XH|kT7CR0a> zDh%M#6%oOSWR>q*=BzaM{COP;tkbisEm#h3yH!3<4%}5Spm$$g&+|>;7)qYV1T75in*{J z2aaLBE7iPQu7+5^CS`EC@&XlF6%%VFm9gb~wVGWBT7aG_UWrqrzH`{kv*~Q}Cw;>B zBdOdAm`iA>G_~w;!@vb*bVH)&nNKo&Glf*{J{kCc3+>c)egHgq2~B-JUo3_Bjf`jsmwF%W<9fpfThtm%Fye-_{6~Z}we%o673fCFkFf!?|w%JW|+xDtg@Rfv;IO1`6Wj7nk-F*q- zIHRB>+^^5cKxab6#!axC9o-X27{eE&J4s@kCO58GnsJRW=8-{r%&t$ZG7;*&0P{W~tQJEJAua7Ii$<*~-F&5f; zMjUR~1jSM6pI>n{p9hQG!TECJ*}Qd1G}C&8nJ?cs&T1Tm>=<;jgB}B=bN&RACa#f* z-c>{qkwBjSGjg`;hZonD{Z3%lDsNmx)o@wkVoo_WnE-oDbsn06vwu1djVi?8%_*{# zq824Z(U(@>qGP<7Xmgyat3ANa^VpQW@*vA;uN>p*WCB8W4GZn_tvE{%rnCYq&SI}T zNDZ(;tI9g5v)glfyAMd!1ax#CP!H`^$=sm=;8s-~6ti-h`Szl+vH^gUW#I4vn zT~5T*`Ht+#T(XTsV?N{#bI(6H@Q(8BRG;&R6giM9OGT9Yw59C%;%^kKkVvQ;jSQ9! zfJFv2`Py2W)cYe~#K9{SPKtfC&n!9#F6dO^0}7aTa{z9x6}snSlcN;CoRxo`wc2lx zXGR!rC!4?GEJ@G*WBp`hlBUxYkk0qUnWnOynYwHubWMVB1YwtM=$P4LAvu{g373VP z!WH7heb}(wnkx61?EDo_Vu&k;Ue+PcdvhK51$z&U)o z3QZCa1tXLACJQ(t6)?{lPUGvCv9dH15PA2_SSMV80+dmDN6OGom^$92#w?$DjKuSY z`4k9^RhR;YK>6WD9LUycx`W>3_>B@j3~jq`)Bu1Lj}{syIn8S3>oP`s54bhVeNeFG zUg!igGlZxKp^OiBOfjTQPOBzRTK+{(^bH}f2P!y)Yoh2F%vgg4M=pzO$&Ep@hYzYn zzRF0B+O4T64=(pNkrISf`}L(s>nOrniM?=n42l+C%2&%8GJ78!#0kJ90SAIZN(iOm zrR+$R)4*|$aM4ZO5tEe1d=*7`LPi+D7Kp}=X+EIpBcvIRMuHp_cvb?wbh3_BL_{}7 zsUw*?pxst}Z+OMRy|(WWAAS9_ft>7(nJMv>spm1$Cg~{JUX|^hWX%!LEYsy2L++Z2MP@-9n?vWBzq4Yq64`n7~|tkS#% z9vyD0czZlh5@Gc2MEab3`aTCcfpqd?N+l7)R?;0bIFjsa{M7Y@)A=;9;4re?;rdjb zKI*(ba4Reyat}7ez}%6izzkK)uQKacqiC$~m zDt_MfLX_69RaIWPcDQxO9WK+~1Achw!qm0Z7>K9^@Yw?wH%&S;{LJBoL{Wc?o$s+l zIw!!g(=mtr;8*uGHMzE6I>ZJ?ERMq@Hpxm*V#5 zN>`oPIMdDRK?*)N+vZ4yWy7Un`JqmKn3QvZrtX5?SB~0r_=WGP}Hj}ltZwh?83h>8PZxmwIZeDNU zuw%ECSz{rbRy%^+F3(IB2kw1=UUJg7W*qYQ_+gkJr%0*}bD#Z&WNu(i$(TZ;0yArv z3Y&%P{&n~|)ZBE69PEJy?cfv^xI3njzR$_J$XlB^q<4T?jc%q%2EZMBQN2xjoTHkX z0MC~#fzeE0=UNi!`=u-$aH%YYt!8?7(~miD;?q>JKa}D9xnAzf<;4HL>4!22$i_FM z$nBo&1U^5|_2!ZLPgky7xjcUh>lUG9jBY5DXP;#)PaI0ApNe5+9J#-dc)oayP{e5Y z3MRy6?6V(}a4OZzz{$d)&_m+4>xbSuZ)v4O6M%7{zNHZ%Ino zSQS2tSh^LbFmA?L|6p#g4pz8pO3E`xn;Xr|A<($IrhIb~csIMD!^nm?oNjq>H^(Zx ze9UW8#v|G$HeK~K+!vPv`$QyXOyNl+5_3upsFaHioP3-#XKC=Q%@r2VvaViz0zfRo zA;@xYF0(TxaPnbl{1irzRL@~Zma`$?Kq;&UWBM?%p1Ghd+^5HT{I;B3Z)1+L#h#+9 zU=yD01P9aJSgg66bU8o6ru#uxp!_}=Ozf;$PP>dXp8d>ouUFUXSi@jWN@(xy7{eY5 zN`Q=+;1giXHA1-DMn?5mEU0%Cou})ZnHGpOjxYBV%?lJwU6jjkk-#0)9BN|Ms>b>c z`>b$yfBlOL+eMZ-U>hmqBgnnO?lxLPx%D8;S=uFbD*?jb#>UlmmdJ+!%!!#?v$QaMuWVuaNKekyc)YhU=o`=cRqJg&F$IQlcS$063^H^$$MbI ztiaq3fcVI{EmMde>f#2f6PO$kXj7ggB+~>ET{H1BA|d+(Ekxx&Oxcp=*~AOn{tx;Q z&aWgNxuN+tayx|h4k~%rzJ7uero-bL7@m2%a4|v95M%A|p)U9P#9Xyb@{*eGqa)=> zTEwM~4eyy4ex{m&BMpFBG#&&XftLA*q|g=lBKZty_vvrkSqJJdr9l2W;^`A}tH zcvWHeV@|%Ub?>8+=X6&x1kcA=V^g#*6i8uq;+@QQC0iE3@G==zX~dae|uc9VWno&jb0Z@ zNsF2bBlM9kRP;2{HtQQEXrNfD&{@J808lPJk7Q(dAHL_;I02U z$ox`x74-I>%CB80m% zTO*Vk_FwXn(qCt3X~{EKV3G{Er{~7 zf;h_m>SyPzQ2Rrp;McUauiT%n`?FIvz4>c&EGhxLO0cNg#9y5iWWK1xqWUJ#^N+`& zj#_)8FuA_zBt${J0`*uSG~kkNKx4c&{IUGZ8-o@HF3TlOe>x{|=>?g3&$#tRcUW)BAv8Y=rW)&{KB>+0Tji>d+pTs##2d|p zX7>a398GvY)32tBT);r)*!xgulje5W!35sxRv)S6V$sn3}Sc=vrD1l8aWFRt$u zVZ@+_3c(9Gs;2<>L*I1x^^cd!QpiZnk&8cKWD`k|av=ulOAh@(PB$T{%EKN8mlOdz zxCMS48KTGcpNtxw30bo_cW}>eF#ILBDdZlDVXluOngkux_mgq z?#mR==JIHGxv~bPSo#cZeKS6G{{C0(1HseG0pHmd#%}rDX(vJ&w_KfPU(V3bIw);m zJH0K)SF_$`-gqW9+E5lcx5--}IJBRuT%02;>8VAu{ zuQ~)j>>?VCZPSk@>jKsv)uo;4IN-h2kx*_x?(3;8@!rhAF+;CZ1Isj1MqP1` zIC%e6xNva#JP1GZQcKgaP%7((;oDug;@==@*=by$`t+t*^+RzmO(2KXu3i7ahtS_Y znCplj-mKu5z$XqY;0zC9xpuJgFKn`P#71KpeeLoStdp`8d}SIk64j5=E`?_eQ{eW4 zC(?14%NBE1h<)g}DMtDVYi)$Pjth^brO02;CwmN(ro14!-QA2o&@a1xDOn9cO}x#Q z4xDw*uh(X8MJr-ssSGHx<<)LU-R3Oo4?ro$O4@E%&ApbQNSSXc^R$49*p?r~J=%`q zy{kv^OS=8~}t#;#7Yfu7w^2k%0lB*m=mB=eT7mi-jxjDdUwpGGZ z%M3KiK2S!LgkG0g7Y|3<@B|utU65;X8}W<;zSvM%Z{3#83yas+F3FBRqPmwyX(!6N zr|Ow&(hXYsTiueG7TScM@8DO4l&8(U*{%dDXKmUC>(?5i?;P7!*JG;(0iQ!UA9q3M zMnumeccz*ZDu`pSPBosqr#Dr0RqVhi4+Jz~VRweEZ+6tXCfOHf;lkIWoCn65BTdWJ zSHlujdngnpGa(*E@d{H*-1z0Y_12r;(;E$pMb}j$n`sU1+cgj{7i!o^b!;={)1l$1 zDHH*99@SdEnB3_c7caXF)fzN8Nr!kZNwf7ImeJEVxz17TGQsFyL!BRh;8_IE%hv z0;Vr$)IW_k?HCTD%XVDa|9cIy$!HUG$=+_A`od8T(Kww|O0hXy@`sXJvW?Ltn2(jh zOYhTuPw5^*Tix<>9>|k6Em)_GTqY5}+(SjmGJ##)w7g4G0oGhkVwoC8l^4^g+qXrj zvbUw6NO7`aFtn>=xCFkr;6g|e&`LhG9EG4RVZl0G$mrbRVD{4~Yq-Alv+R6ev(fU( z!?48E^IDR>czLNX!H(BXb?pzzRT_O(P)&vI)c5O}d5}1AQ zcxn(|EP{|ec^0o*(ZDh;m?6f=ffsg7HKnRDo6^A-VeVl7rID{r1p*^!(5?-b4=S~G zApL>-9_}Q$_#s>`T815{met6N6m`R{Z>T+#W=k?8w9dlVlxQQI6*3Ce#@)XfM9`MT zpJ`gK$#wPv5HeTM@KQQ2qkw3H1}$mvT^sdND2LmI4~s}JI&#Qe>DdbA6JRq>Bfj*+ zu?L=?iZiasthn$V?$26#w2GdQ;(uzvnhNqXQpb{S$(0l!B8AgOSUyV3(3R{lG6bmq zyiXh~nqx?(EKT!eX_b-maEen_Yr8*`LPB-3Yz&+o`#Bzdv`d;JP>P8` zQ;SOBPV(yhi2KJ&V^=EIhQOlbwA{zES@6{!-_K+cWN##f4c>{M@QPf2;NANoFY@j` z0+F+@qMHLcDOBaaoN}7d39E+yYy@fa^263k2Y{W=$LE~2+}`hZ zSRrS;%DkFQJ4fTVwCfbHDmCqwTT2|x0cF^WlTEf68pKLG<=D8#_;C0+$5H)m7v=Q@ zhE}LuFA3BzNyIrPg+mpQ_B=`9ZoMlA&Ilm(>_>xLvpB*hbA5-;_ysJTRFO}i@<7+8| zDA0(cD03P1c{k7b;^oo1X=c>K!TsdOcJ-HI>Lv9!dR)i~MXSxA!dDON&vB zq^=YOq%$jKczf8_L5Xe0*^0LGYxu9ji31N6C{$In@pq19lSgAV(!mg2S%y6~9P~&i ziLfVE)s+XpnR`Zw zw^WxtU+vU5Sr2;a2q=P!H@HEWbA@#MMJHkBEyLH|mlh4%gBZx-AJbRuO$cwb!y;dv zg1jONOn6-tl+q~3{C-UD;YGu7i~OS3qzd^m4MFCWkjvFfvg%zlJL&pLmyxW9MM=vr zE|h943bH(-=CEn-Mfd981l@bR@e(#oewmj&HVtw%AcNZmvcjtmij8W%FNE2$V+x_H zM}-G({AtLdE(Pv72$3K&l&_KgHoLQvQdurZkjyB|pSEopr(oyp8@&f_{8PO)Hrv|} z@`oaa3R3>^0{C7lKD|Hqn4RY{bS?$5=Kr$da~G?;_|V_Nc3Aa>S3(ZsUn+76b{+h3 za~RSz9ICB~)2`}+|MCf*{^frCRbh7Cu0JcBybMx&E960WyY&9c$yk04a@xLe3Vent zQ~tE$7kvz!#-M0OTr+utqt%om-i7jT)4kS0s6Q5U<9nI1T*4n$eMn}x?Ea^$t&mwB zv*@nmC19b7FX}b~xw0yY&M(vxf2;PFbMbdyR4U@3Zj?krdMvs>#F*Z1e|pwwMUeN& zDeyK_w!Kby9AsXlgoo4_CZ#rR{9oh+ZQb~%^Yia|_GGmFzsc)`Tym)NYRJd@%Qs)= z@^@8jTaYZskG)Z3dxP@j=Az#Nsk8dajlO^Os?>#&=i3WaLI)auP`;|hpaUjVy)gpF z&tH^f3Z>k-d7~(JvC2&+_sSQB|0N0cW^C;ZXx#n#0Wx{Y3aap5T~PILak#47f}Ci` zBl<_5&Q~d6D;58e7Jm>L1uU0cjX{vV`&TFY-J^^fkUs@^Lmwdhzdim>`2y z{i)u63tSw?|J{cFJ#7B)fuH zr2dzWAB%>Vz4YHRuQ&V|&cVGdJbrB$3V7jp9{sW3{#+0fmHlUu`xh6;$E~eTBOmtX z9&E1pIMKWQw{yCKb7&cd+&zDCmuDS0q_3OfjLB^l6GoC(@rRG)2 zOCD;8cD~diB_J^arIrXQt!Lt79m&SThpTf+QqC5#va{ly)q?JYg$Urlq;@+djj*wotJ3z3zQ)M4m9bla&7%w@rGXdZ%b5lHV?p*Y- zKSG1dYaiB7$?{>XjoambUT2AgEB%u_Y_ybb42NJlgwTGc$}cq+&xvFiBWpR8V#O&R#WSrgo|5IR}; zAYFdznG<1S&(!g-@t~4N3)b9lAK7bu$9*VfY|?wn_TTPKGOOO6HsG1Izvy^fmaS0( z59MJhD!(GRtJ;aE&6J%RVroq|`-qB5zSa$f3YD*VWi`EbC|x0kvE{KzMi0s*x^C1L zfc8Gjqv7C^1=F^5Jo5%Mns?WEp|nYL}GRoFNd~dGh51vIw;9p z7JplqY$>_Xst)kO#aa|8FvT^NaDWpz4N)bcCNaV_tDs#ooUM%xdj20N=C%IWr5BX6 z4QM_6S$sUlxg#h*YdD4kzs-CQT*(#497pqiB{d8R6%h?VPzDLu`^u?JqDLAjF>0=& z>8G|^$Z4a%SGks39i%XEIJPLO>)2$WhP&*3xa}e4^g>~>sc+HB&a>ibMSb*?oc*VZ zxr6c^!7(_BBY0+k$j$_;O-@{)@~Dy}MpRV{#j?fRkeeshAk((7TKmwwh=EV)`b))Y znm#QFvh+oR3ud{N>Etsz7l@rBO74z1Ij|g<0cud^rDo!oK%Gx$^@$Ge>T&12xQ@7^ z*`VdgS6lY{%8OD3w)-kLC%!jAs`Xap-0BUiYX`yv->lw9#as89gO$}-nDEGniYKz& zRBQ2v=)Gg8&08i>?7p1tXT*y8TOF+=L~k!85snYIq%DLuUgFZ$k0T1((ma+TbIVYl-2^9?sgQc?o(SC-1@TUw&{^a`-eWuU+;N(h$Y9!%%KS z!VZR8u9s{K>L>6Rl8@#{Oh?6=(@(|@s_6kG?do~;&(qaU4zit5f#p;~1lzD@(k46Q zo>p^xfJ$pxi-frkdF_9&_a0D9b?v(7N(Vv+J@f=bKm~$|fFck?L`4M@1sephpdz3k zAOupVN>x#?5<~?X1{*3R3Dt_hMl6s3mZ(UA0*R#Eg?``u|9_u-_Stuwd+xaRj57uq zVP&oP&Uel=*IaAO=XswO+1q(R-FoNauSK>9mfnVst}h}RE$>_9eHIohY5%6qiS=&d z{V340vbYlLX#kO>N5>8>UAD&ql5qIaiRO@s=?;Wz)2XcutI!0U;=SYVHLP9^c^eHc zJ!`NlN&3?2=-%}-SGyp0**bE=0n@^O)8)QH!5gngu02VEv0^YsDhNIcy^VN0Gm}+A zNgFV4qysO1vU6fHI`zY4b`D&4EO|7h#Y$wK4rQ->&bR6qxW?F?wE=N&30q5qxGv`0 zOD!xW0G`IAoi0SZT}zBPlvdcF11Okpt(|3Q;4rJiE=Ds0->MC!FKm0|%ZzUi0BGTf+jNRK5jJ_O74U-)l}%fb6o^}?uA6Un7o%6Uo*^+K(M9Q2-;+w<~f0A~74*&yjIu-X-(;RFhWz|n2o1lRh z$;Dg-NoZyY&Ga`k?w}St`3@z;Vh58j=jH=HvLUPYHq+<(%|R9dCI&#$qP=@KXOO`W z8tMQ^SgzjoVXcyrUN%`_9^W(G9DAMlK|g^o-@~RGC|}s384G}nm5O`t1EAuGcC0h^ zAs5&uDo~(UJ&cKYZfZ&3tU_CE5#p9-bc<0gQ~csqIhVHZL#dOxMp8!$ z0CtFUihU+C11&YGS6WG(tgI7$wj1m{13Rrq(5T;Geg2Sdy!j_|+}Y)iN|PsisJyjO zvbo{u6BUA_+49pVuJjyBNY==DnAQTAk8?h^Y2M?lhsY1_wmbnvBQi}s-Hg~hul@^_ zQM`NJr<)t`2#eRdpKib7tu=p2R3er#`|0+k*Sn*itN%MY-u^c`3=`L1pLdckbNFLg z67t7_uo~2;xca(_8!+$W&-K?zKx!FS!S;~v|5A0d3EucQSi6fV-K$;_@@z-bL^>$% zfA-md;R&#)*V&(MzLzkH)4e|5dCa-b9i1l&`)Q@sD;&Y-M}R@vKicTNVAK(IMpWe;)2=SeLQy+u2MDe zg%V&+-fy^z-ctG1Br=1i1#hmDQLpJ3us%0W%Qb{B)d6I-@FdL(9`9bdVBzKRlG<`8l`RmQxT&^mrPkhy?gjQRR_U=nhJ zw$!}a;!)?VOVm8^hSC#5!U}3onehhjnfw!i3C4wtjTv9`$$O*N19ZboOry?}Tnu9J z+@6@+WX@->JNTtYJBt`COjf@M$LnVHCU?EP1;|tWU~HagKrMLBTk?b%_k+DPZ(!$7 z^0Z5tw_hUFZxpdYz|1H@q{HE@L6#ahnAW?0r+7NKw#H$?$v!dVq@)=AF;ul|%bL-F z+ly%dV5Y^#_|b+4x)NDuypPAB%h!@U4kn6I(*R1KgOt_%@kG(^Ya@v=d8dU&vfHF@*4Lo zDzvFxT&_>8(etN5(Ay`GF?}|X%#w<>K)Xg z!%vW6mK7(-54x=U^;INkCmc&6c76tk)d5?`JUs~ToV?T)f;ZoNEGyr&!VcXw0T0d@ zGe}q%6I(Ik$}D(`?og~IC!0pwIuvT2&0K+jle2)+wmnde_hTqI23&VWZ`HjUT|^2z zSiy4)K-~`w4*~*AO*$=>*e&TFql#naM_ zAbp7#m+<`xoOS z`O8?X0tbVrvOr?aRrK9?q}o`GL1^uwc88!dYA)r{43-|m*b~C^`EpZT)F0gAJO1TN z$&O38T$@nSJQE9ep8sgWR+jZZVPQsr`GG|?(1Y*otKS3#flTB2o=3jqrP`?)6`HmB zb}O_;cY)l?E)Y!gP-k_#m?Ka(WF1u(#wqdg<*8o7}gUSe;2ie-s|YxS@0nXT&xRtPlv8 zBHis)mAgDC^LN-2y1?M>yoCqxZ`2I08dF#=eeMx`mp7riIkWRAGw!V>@e}jyBC^{E zIr+@mcjCOO&`0TsS1P<))9`O7@t$FR5&NUb`3Dm$*3T;=)l}8<@kQ*q5XkbeneetM zH3MTJ1P+2Pr&^GoG(KXc#pk18t2ocB6~3vN9LJNc--k-`&Q5QRV_JZfm6Qh9 zKa^CeouD6OukF;!ypoiJBbS=-;~qU5y?Yf7nO!yqo&@K(Bytus;{afF)wh?dF`uDm z$U;Em3N6(4Itd%rxo{3XzZukkP{ihb*1*tN^SSN7{PR)TD7jn_TYc@8g_M9c$b$5i z84C+_fC=ax#*TWGW{qxaVrlSe0GdJZs*<#q35U_)yr+384Y!{f!4b4rY%@LBYO!LE zRv{B8%qc{ZLor9eh{XK_lEp|AwW!pi_1t!PPoUNZ+&)YIlG_Z+dm)Z8f-eBEw>jO3 zwi*lFOJmFrGVSn;;_xQ~M+6v&S-K6Kx`E~f-y(wd*uiKE1^zh{-C(wxMr+cs#>E~oln%#m-hAlKgNLxQcJ zN6OxrK_9J6fX(uWDulP^o1-Ftetb!zZG7Hn^8gTm;7zv)N6hchofS}ujLp!;4<)-s ze|X5f3n_xL$xDFXg;mEsQ|ZJboF{}AqsH0SJ|q?zAMsP@{|YBr5_E5?CLQqD!wCJ{O+u%%ydkgd-2q znYyclFT$r+aWh|55rV)CoKX-#+_1u6W`qgT5?Tax?{(NxqL>Xz$}E5ph9Mop zksn(~OD*o&*X`GRzrsy3#=pg|7r;tAx^y1Qec-x38OdoJiV>yTy|ZoxD)ga#KZ{+! zP{VH;GA{;g18i&0ilhx=aPDQ#B=~~8DmMcc`)#QddWJD=htAzOb6^Wb(Z|oNDOS-G zUU=;IP?Zg^Mh+vFpI%C)f=W>a+mJVCGw6P>PxSMIh)=BfIl4_RZ9f@qGE9azkf+h^ za3<1By|rdokjLD~iRgjC>alf)bWxk>3M%}#LzYX!upBpR z=;*QW=&N>t5J+3CJ4X&R0&P2!AI!T7Z0VU`9T~(dfh8g??a)1UbF>*UynQZ5s~L;T z?sAURnPaApX5vS0+GMyPuOdoy9YlJOmm&4OdHOs3z3Nlnm19pls-F~nMpx)w=yvS6 z4|OcHD(LK;Z>+s_6Z*kH_rmk8+OC?_p_Y)el3c_poJS#q7wSeVQo-Jz3pRZ?jST$i z)EV@BG3z3y>tXCkf-J=)TNs43eqW14kQ^nL>EwE@Bn?Arialqp$#epihLMLuV-WsD zRwYbg5fg89y6~RFn{?BX&UCIZX5y2G<{uGrH&r9`xUneU>*6~#hgKNq71ppw{vWCv zGto(zoYjoG>(=z;5Q@5If*CQ6N3E`GfI>$p7K5^azEep0M*LI1C@iK?a-IVmuy@ih zXKtoXpj+HCbmjn0wOf%MIw}J|EmiEH^K=ShZuOQFZMqy%zg&5QYEDl5dHEo!r54S1 zD&~}0ad=I!TlLIKERzt`^X*WJqbOzcRaHN)5&Qv=*lv+orojZPXeaFR_knA&P8UVz zOStpsEOQ9o4e8fZEnAoU0!E;HKe57|#ZQN++?lQhp6QdnR+ClP1)#8u&SMvP)Z59q zC&rrQxey|*CL9Ic1b)f1Q_HB0Eb zTbvUuTHzExhn50k!$-M@m@%&%Ax@I>To@1ln9a#O-L#VM1V;jMRG_gf?xcg-?#|Cn zgwn&RPmZ5ZPgBH2F=#t=$$@|}4Gvj;aNn(^R&O@eYE|AGyuTNd4r zwpBLaV0`dUj6OIe6Lj}izh`J~roF$p&A*!f$~(s%pu;)#vPZTUGnnJ&lun+lCYPRN zsnr-bz`wmG%@smY z4j?-IPMw3hc=jY!a&F??yLgph1c;5RTYnc(yLBeeTx<B=@kFcrOMw3 zIYnFs5$Y-KR-=@GenuCb$6sY@`|5I%QN!9w`_7wU(WlHhlh0NiBhM`pf?WOL|<=pU6 zg2qVf81?b-Jbk+J(l|Raj)Np(T7`efFovEQW~Boo2arQXM>itWjLogk9(&gLP1=~Y zP!lF)mWGMm=Y-kxaHCfcsw~U_2uE+h`}>8vy&Q@Jg^HjtdE03Y8W(@a@|A~>te@w> zOe8YVb{7CaU%LS<$>RLTsN7BhCSp&xClu30)5LbQ1_3A)58 zY&O@t(`KRZl1}}SSomqu2If|XA;An1;rcN?XXdc)m_6A&nq_7V;pyedg*SVOd&1lM z0axnvY|2&LrSu>ZqJhF6iMB>5~~)*KD}d`&QmLirAHj`JN1%>N?IaqmS|nnk463e5ZoZ`W+A z#O}&9zJ?ojU&y`VR>`>5?%0&`B@P1T}+sfFVg^g3zA&Ob4j}yv>G~z5ErzG zuHA2R&J-U+Xh zYRzE7wR($}S2}Y2;A?SrcQc;OveU;uGx64~x>5b+QmYz_4kwiv`&mMyQLP!nvniWT zEE&_+-L)a!d$VR!P_WG-W)kf!c&)h5Qa6i1&GIUj2i990X1d7-z5zGRzW@3O z%Q~Ak5ozB2ir0H4oNr^Z31z%;o9+xzY%*$y_^phzx*07|Z!zE4jySd4WO1yk6*L1Y zQtbJfNuJSp1GvWWAeg`i01_bUbp2`rAHmShbTJRBa_br%o=&oUk>YZ2F)}OE7J1OI zPA15_=|C1Wd=qp@nqimd(L$~EJzZ2=7wwK7%II|q^G&+HMlz@Ev_n-r$;cV>gs_HI zZP(p2dlYYOGfk+I&9T*xDIuo;X!9}CR>6_8;8OlklEnx8hW4155aw(SL9O?y=%s;$ z&wW?|_e}p7j1&{G$Lj8(1SFSW&U5jAk|Q*3KwOMv1sYq=;VZ()8&jtjXGO9OEIXn1 z;sa9)>FWli_+NGy+lpaLW9RdS{HwSLb{gnKnKoQ++6geWOxH_RXaHfE8o5Hqe#(iK zofkveLvcsUbK)j4Z5Xquq?lG*YHvQv-}s4BO`sQysaTS;BuN{KtjuRRXfigM@OQ;h zmLx#P<83v`*aFy~cN^h=cKG%R!)LM*X0iQDa><};46@CEP_sibwE#*!)jGUztQMtw z1XnxLqDc?K7*4?9Y9OpVDsK}_xFFPAyL(ih6`JIcupSPgH4}7fD^I6ub+NccXd~Y+* zlN!hUbis_{NT%C?CU`Uh!h6eZpx1f$b!sFfu zFLdDJL67~;v%DNF4(Zt8^KTr^dD4b%_xlpoGYMY^9B*t7HUmHr3)}2sY}(hJ5-uit z7R_+>Qx_rcngeyytXYQ0*%`DEGwE%WO$`9l$0Da5j7WwsQK@FuV}EsiSu$-v_oODW zz07*k?bWkk->fSrdLvjzUJfiEP$mFSTMWay7q4VSXf z!Ox(NknK5FJq<4bci;>5_+^2zRd@mF$*EFJs`N9!icX!;O>l+y28WtOwX+cibQ!WY8rI`?R|dDs zd<%R$68XqmYgIX^bVxXuwszUEdpF|M0{Pv=h79X`|51ut=3Y|+9g7Crwd7p83ZP#CWcOFB_F1O?K$bvog zC(kWSj=$2V`chS)yXi~D3xiiu^#rNUsUUh>Y3tu^ru9bjxD~mi{_o{%YHzx`BhE3Q+1uxr1usgLc&5Q^F2Ny*UlM(-S(Dk;jGZ4 z`JWqwV2j4m<@jwwDVZZzPxL!5u#Zc6PFpgzF;ym|SB|zB(33|;aFTz z6Z=(SiH=98jO&z3KOJzl*m*C6ytG@B;LIW6i|Xsc^%_N60aUenU4eZJ=BQDLZ|d90 z_wC_d%c`0S>>>lXh~lp_qUQUQADvteWHW7ym^=5-3RklHB?%J2QFHx)Vv||uv+wK- z@i=e}=_rP-Hf*@EmzRC28wCjTAjKtu@yRIs*X|0R;)=Z>=s#_9sh(7Y;+>e1SPxsGaSl1 zu$D#an1tQOC}xwFB7;fe7aNI%15_)`u{3o+>V(mQs$CAdZashuZ~V4z*0{Fs1s8#; z?x5n)hnz^+&=W_ybuZ#M28laj0)M2|n`~NIOSRxmUKh_!-S#b+g04Fy8D1vb5@*-p z<>_8QJvWMe5RU@xWQ_Y<*>wneQ>~!jAAS6;+^C2fyLCLQ0+_YLS+nU?Ec|L`;M#+ou>_4T|lnFN!t_1w~-pr!nk=Poi7vDc%&hJ_T-I|l5K<7nwt; z?kAwavBX5Xo?^HvsdYBV=7qM%-*0e~kYj>T7xuen1rk=^6fjwWu;zY&~jUk&rW#pf|!%lSz`8#p9mOlx7J-)fwj z_fEzNt$t*fN&Y*H=yMAv0wJ^>JGkjviQpyRytK6AP~PolrWfGI#RuBQ982D?9?rk&o&2oQ0lSFv2=M0Q zB=jshrA%M`FfY(%)!dVT?}SUEtk!Jz%{Vsi#GUZM^YknC{8i3oUlRHL<=(aHAih8u%7F&z0viez?V7+e#VMtc|0pIO= z0QF-BLABz8<-Q2t`6#`1-hCXb%V3dc6V?K3R6-5>)W?>{;Mt?D&N-aXsl8eW%Wjf( zT#7GWu&9D>B0Gs&BupKQ*^JJC#jRBq@df<8qStwTk~w?960P)xIjXC>y1sT^-5p&o zGxY$E9w5CtM)eDwH#X02Z522+URY}fSZ5Q#a1*Cj_286wcXNXUNDZZr&7N<7O7w?^f7-)xmt<_2IZq zRp)Trtp)g_jC?-nwL~UcQ909_-VmWe$b+FqcqQ#A~&1Aa~`G7|hCa^O3BQ96> z<>s;_57%e9aalqGn@e76TXFR7n__`ki;*<`Jmj;TbWn|jiHbJsav(dRs-ikVp--c& zciiFX2HL~ZA=PEUCGaGVu3C#0P1`Z0q~Ee>pe^7rKT>$KN6NKy{8U)#lDM|V2KG#Q z!qXqP#-iP?&Po0Snlf)#+oV8YezpE zYUMIEjXt`xGj&U6;^OK2C+^J*LIH%g0;3N(?FEWIWARX0neQA>+;2K-PTm}!Bi?u^ zdF~ZoW!45*S%+S>*8FHD=W*-L=j(5XcAHF7qK0;pE3l5k7*iMqwLT&#Ft5O}6MM^n za{<}&487x={WI>%m=d|p-LM{J{xRB@x))2?IXh;%Jb}KSep;izDMjTb1UC3AVuBfA z+&1+o4tXzEGdAEvann$ez;$`tU688rypt;Wx!!@d^)5@7z{3}&Vm&WxtXJoxqaNwH z7}xfwM;lR|Jia9)B6zYZ@XL+4_?+~%*Fkv!$4~7RADJ_stfO}@bvnor1vc1$Z_(be z6cIESmhb~hEo|L!<%&vk=WU2z0`|@6NccU=B+Zi=+yZ4V6uBx*NyUZ-fH7X9ab$YS z)vX%U7x(hDP7cldxcb%n&|@nFDYEXh)7R{~wChw1fNE6in0e&Vqw|-yAE@lycWLJ7 z%gZl{8x`ADJr2FS9AZ5$Ftksak-(fPaco)WtFX0^`8Stc-f-cR+ofG62YkW9Yryim z>Mq|O{p2btM<^NQts|9F+iT_8H#xp@LssGqE z2VKDbeF^|Fie>_#mi(!G842KMK2*)U{IwQJb8-bMdlB)E);OA@Kwr76%>SvM-e2Bu z5g;S7$e>r@ZrFb~g7{;;DG?EM2V#VSMtE#|C{tLza?Ogsx#;pJ{k}G>yyV~jZkOxnm zR`_3?d(waPD{usW=O6nIm!Y}cpwA~W=Ujf}G&Rh@21;OnPhkbaXB*fpXTWRX&k6ab zF_-$^oUQ+voomVbd7*!j@%??pfam{T2ME|I)PKISEcw#R^4tILAM8ihLl-WSk-&f8 z?e;(O0oXZMzy&rnC#>eO_WWD#jC6ebaIydIVKyBAZUL}c0F(z{ha8?QxwH$s+AlBx zW7<^qybSj=i~mGXMR_t!voMH@GM*ghuqY#`{y6?|6CYBe_fvcQddD^=3<*Fce_zB<9E$sM#P`H!iBYTq}IJq@Nhl9(A$Ci|1{InfPYm&()e2m$>NpuNsTEb zBv9+7G3<{{5xJ2K837- zafmD5-w}XFpL5$G%WYG_HB(sH6ae}CHW(sW<mRSp9uq+E8n8AH#`}X68twzVm@<8K2SUQ4-{IEFYQFyN2e5gKpo-K~mw?^YH?{LmAnrdO z`j@oNzaBaao?vF_Qd``mT?0-^l|573i(}ed@5Qm%9nxVt$YxN{ybRn&S@s(z|Fb+Xu=)vl90gVbh z*Dm7rmudl@!0IvwQZb?%zb>43CZN4X+9i2XX=q^f^xZyDCqH{dh&9RA*4jqOdoPI@ zp3sYHy(FFDH(^wn1B>`x+J+;ol71Xp0FybqjdC%9k()Oeric(?Mv%V%VGQj_!c+7Q z!1^Q|IPuRhv}751qb;0b7>*`2N}sZYN69U9@l;#}&?s|w*Q~0u;Ky-x%gu0%l4PiI zG==4*4sX#=(o?trRk0B=2LTm)Jwb9-sarNn*0-ATG;!2V;!Tn1OzhyqEdEY`V^!VV zzJ7JftNsp^VY7S!Dhj}^O}Lzh3)k?3CGM&}t{({okW6-T%{Cey5sGa-o zxhuA-js8hza{rJghL4r9h3ppT4ziDILtD#Z zkCgyhB25wBN8Uk@z${Xblp#`sV0xw*%f9>ld8)7>4S3GNQfAY%UVq$JB50HbzoOxT z5Ot?#yj)qUJI#ot$0utUH)MROfHGFCsQGZVUDw-jAPcH($nY(FHl{ko0qX4D4}H_| z-FD9}ssO3qn{~)RgYG>os09+f(qFcC#p;Ym70MKnwDDuci|34#;{LblO%NbQ*QE3G z^b1E`)u<%|lQ=z3ZOHV5bge~`i`h)At8TwmDK=c&C*)GK{V& z^#b2zvCP_1R5ShhSf=4;vv*C{od-wusw^u2pJpRSINu0D&2eX0{(|+A=L0}Dww#p^ z))DD@j@>0Pkb<7|Z@4?FS;-Fy1QTpNI>z1Kz_b*D0k6`@yY@e6=_gvyUfIfF*sBCT zas-xf3f0GGISC9>&eAf`4zQ7Sn)@(i+S}$UeZ6)Zwn4v`Jbfy5c7!scMcOzbuhfdM z5>I{q-&dIUqegLNN@jw)c>*Iy`B@p>vA^K!$NlkF*G|>(Gb0+mZnA6g<2dyicsC34 zZt=c7F0PBeGVog~;*UPT(3rl~yFF9U^M5MXdvSYlVx8=^H`l}#Pxo2Gc`u~xy-wsd35@-C6qmzG!FAos~;KRmM>Qp50 zyZ

_}$=$oc$l|0OO7WjdD5GBYXJ4o4NkDcjWiKQb?w$&4OeE+~S=|i5v9QS~9t==Mv-_Sa zHY))&u2CS16Wt#3`Pi(P-((!m-cqxQVjvZ?-hC`*rlb$Ue(uSP6-IVOe)s$gNyfH% zA62S|-B#=mtROPcon1}_h3}zJVp-$cj9fthQ=QTw@>Z8Oxp$@6V#K6jA8dREz<1Bc z!mHuEJZ#PLguwf#lxE8IiCI9ifPbZ6L~eN6TFj5dOY$1-{5p1Fz*3%Z4BZOmi<0T8 z^q4r2rg$_{s)%fC1}I@EBBE)ZmK-IO*|B-{PbFc3K9LzxfbdL*G)w1h92^mgg_VLp z@P}9;$-6b{gJ870an=u1i%Rp3jx@D{SWbDrDl3!IqSZW!$*Gz9t5 zTV=}Al2PkZcTfu^bhuQ8(^#ltp5XeTZpPh`^i{MbeQBmr@~Vs0H#VlpP`CAq1?&v) zf-`#)j&8{V6;P$hv0tghoCdN=nKNhyV9B;xTv@S7RVNn{^;(XyxoanIQ4`vievFyR z3J`s2y^K6+d)y(edb;|kf1OfsMrHF{heK5O6XQp%xSLf$)D&uagjmp?a<3I7rBy6+ z=Z2A8&rHDHv7eH0)Pv9EM;XmW`9u~D4+58Wbd(wL^14X47sxJep@n5e+OzMYw+YKh z__NA>3EV@m@Hl5F^0izMkYt8ZzEw}JVP!UrLDoNxX$hoA0*4!=Tqj7Q zt?{8DuH%3>z2iq@lze#p-6A3@6YVY#^hw`UHjci32}#cy*#I2nG0Ws7XQ8~14;r} zTt0mYJmMrmED&J&r7RznKFfX>;Q~vg9>bM9T{~9-cA| zbJrAzP(Q?E`^P+e+^P4GDJ1(kjpo4?tNP?p^hkuRT1FUqeMo25%)) z%ItJwPTDY5g=f~znt%rG2v8H5IEH86v%Fm5h^R#!3D0b$G9EVzo`X3X?yn&75otb> z0KQR4QKMAMw0~c({uzvx&1xB<&4ZB8kmphRWGxT-5VC0MJ>E5twQ9mL=%>5Bb47&@K@c!Lujh#$mIl#gRt1FPL=>p-6*6+C&e@dm? zpp5T)R6wR?qi6*J$IC-_Ph3R~qiznob>?^?)y+i7Md@&mID;}nyhtE5u4%mm6QRV_IC1$BK79e=GE6&gkcw};zNrRq!!%gM& z8B%{RYfq^Tt*J#b20sidv*renopWYV?m#JF^ClqU{#(9=mNSCP%o>F^+2*$Pv@L?$ioV+r$g3|oEG3H_T(^8DYi>KBKOH5iuvv@K;o{($U*5ajysP* zx}K~v`M7v+WMV=eB8z6G^kvf2<~%QYj3zCTjiE|ZTxM+$+56)ygu0lO@hg|j%|J=_ zE}ev`%o=-A#(Z*IouE=V#)t^-lX|3o8`!J@b9Blad5sXIMAon3t|pZ>TyIeLh!^#@ ze-q&(&vvs|c$G$s*5hN6BIECUa)oaE{Rq_rR^jDOB`+}2j79N?+_h>)2Rq1?$HE&2 zhoK54q=`L%=|emM^ifBIfgjkT=EJZw;T4h>B;||BsD-nc5gGMuAW$qwNq;1OyQg=; z?ls))wq#~<<9*ep4wi53s^eV3AMK|>^coIAv}TOjj*yaDau(<8eK zl^4+i9!sH8_nJ=^JL)v#h?$hlSyJjLk|fWmpW{EM?4!T8<~qw|JGhZ)&NDYw&CovNIJHTn3%F)QBO8#mpXu&{=<$MP33H^@h{&^0ZdCsB$o)rj3$Bf_P1m+T~$04;ff}0luKJr zi3K3a4yqZ(`$jJ6FO#J(Go^&yJXYl3MF2AaQy7UCopu`2W>OiuS&ctR22Q3lLkLb# zm3um`LHe3Y6&Cb$F^GH9U1T$ulPLLfJbVLWc%fcAOVUlsx~IIO(3KyHZ;VfvCS?X` z{tT9aym6)YF=YmGgsZf}lbnC0D@>A%IUBR_B3zL`q=}R!LsBN`F~re3kYUfw%Isk9 zQ6{f>3_*Pd=TbXGH&HEgaWZ~;WhYOQcU??gCEqB*nLb^`X|bCK%lNtaz0=cX8ZX2@ z>omz`r>Jj+WebD{QHgiH{E!O+6)I-(!VLmQ{v3;;{IQz zZ~sbXfrRJ(pE_R`!3mChD)=}7qXbaF=Zt_yfEm=NhHFI2jMN*(QSFlyddZNFqqvML zYTuZz&Tcj0K0+X7TpjrQt`DG68dX}Z7`~`Qwpx5qnlS+ZU;58V1z+#ZU>S&`QaU67 zf?n>*i9RBgV$}CNzIjkKL(KFN7YvFT(iQzGqJUi>NS-BYmdB4K8OeGFe~4gpE0N!2 zPHYm7*h1vTT4t*vva@~$`v`BYq$$PH4v`HF_2O4E8%L!+t@)LKyc@vUC^EwhrjWd{ z6o#82$!5T#N*uX?O#IkF%has3+sM8wJomVzJyh2GLi|I79bXWJIAd!EwSX2gu1h;6 z5W7KfA?2e=jqh>bolG!*PnWV8@#ziXf?>@uND$XwMFvAC33YMOFwogTF%#DNE_LW>NHK&p7HkZTSnvk>Ps&^JXb7{I-mvp>SlG)FtLTM z=%a<>j$})J#HsbRjkVa&QkqrMNGr~cWd?fREuxL6+vE9_A9x!+j$t46fsdD^L^0Dq zR#Yhvu=D$PDZYwwa;TylOjdkvNu#Vt@D65uN*~?-IBNMN+!Z=% zr366AXa;W3nbr(bigV}R@Z1!TtTm#tQRXQ8FQel}%{3V;E83QO@oE2V{x@ym1P;5x zt}`~ukvR^LhWRx$}&xjy#hCOA>D?-9P19MOz`#67MKg zRo~W~^cfaZyadi2mo8kT_DfJ{IckAvci&$cO+T|Dt^-UpezRuLFPSrY*U$4ih|CbqWm&=07Q6G-X&R; zu$m&ba>uYwU4UTXYa+P5ho4L3fJ7##+ z4BL^Kk^-Pzo;b#DJzS!{`R>nt>SObt!^D4}cUsbiNdTf^aKY?2-S`Ncus6tPg!psX*9 z-Y$npE!mK~K&c)@Z*`JI19u+n7Mfgv z^OppXM@T=F6l2~3RFGJrQhkEA$c)QSyhui~xS5A>a!9phEkzv2FScU$LHi$L)kQ7+ zW0-;wc7SXRd7~iXn2a(bqc7{e9p+KTXnJ0ec$=K3<1*7orE+i9gk*@&V0285d%C!9 z*s?1-19pH0UyQnezKQwZu<=dJJkw&_~3(82d#;NnjsPnL5oQ zLN%!@X-X~a%3g)_;hNw5A3hM74 zI`w1q_*EC$q2q9%=-G*2)037HGQ#28Ti~(X4uqu+;`VubDDF*s&B2EkO6tk^4lkZ( zJshGgoFVh-7dHYdP;_TwKP>~o>;pp>$%f98&|imqm?{m=J|M)!&i3whwk%DZ2q4Fv zt4SVbHLgFV7{_tEl;xD^ix$aceSpY5Wf;XrHkT;8L@Sv_Kl3VbJSSEeW~7o<`h zWfVz21~E#47VSH)zkh*mS47JgYLRwA$VUJpLV-)^V*;L&BrwWaoQ~DnpvVsP>5tTk zLG|U70p4`comHE&B_;5b{>X?rO)vS^PyC3)8oi61E;e`dv%@m{9h6ga}0*YP=RiWRXmC~ou zivOPR{JP%lo=n5Hec(E}m=Q^8czIgCkC)EhED$S+U9kN982UXA$15%G`6U*Kw!AVt}yHU+!m zPa}SUph}9EOvI&->eR&}@EX5S`U%{I8{1nZ@uL5o}aujI(?H{))_q zAD6yXPkl{Tg#A`D)&%p+*uEH_ig=yM-Lv_34wF9^^4P!ST=|znf9JJX>G3azPJkJ8 zKs);Am$ws+tJDS{9F`baN2F2<#5|q*$GnLdg3a3`D_c}PTzrr~XAS!dmDDu1Wz0vV z*(irt)uG*`(v&tUdCziwq-3R-?J+LSWnzvgc2xMh6De!dTRMiSvmOqNTJN=vLi&oB z2W(qa_8A8=xgVpE1T1CZ=aLWbIq%jyH47WcYK&X)Ek(Wy?U1>}kz@rM`SA|+VI-tR zed3P$ZiUPkXwP?7LQSv5ZDXswekeTg<6htbS+k^HyctY`?DdQ?J4v%&(Q*qbEFtkQ zd9SzunORb<{b_L8G{#Rr#n&nNDe_N6v|fc_IF(I#r)u8RuX3KmvKd8MAik4GvX3H8 zfLSp{+CUt$MSV3gLN;woF09T_Qw;aG^r?nL}FW|tqQSKQDZU$q}Fn+)Qwb3CZH%v%mfUXz$7#O zPe8jp_j&Gp{{Q=X&i((+b51#M%A%;ueCPdoFEHBCQq&SjMVOt$!i`CeAPm1^nXAbWhvLbr{I$Zy5sdGekyzS^Rh|xX z^Fbf!Taof=4`^OXCJZ+=tS%FT5YHgj$SlCjl47W&1or}aFLj2Y{r53)(4cn@tjo)sb?y3lXj{ITgW4x`vCM65IpPq3i7S0M!bhMoY~_S0IH=0UIY~kHR9M|G zv?rW}-8t!D?()Dcn%Fvy2;{Pw`qw?%Fq)+vV7<}4#1!Myt>6G3JjD{Pw7F-6IS?s9 z`NTJ;v4rS3H+3N{59>XglQBErm%!y^q;pMBzlZ(@j{Hh;9Nw3aWuJITzt=WpT+S;h zku7nG)t}gU37EG?Z<_XdB)EPvsloqyb@RWerhg62L}qaaw*LPh5p3lhja;Kq_ceEO zZ(^APZQb-y2?AJ3Bcu6E(U%3x}+E%@GGRsDbR<_=VftEdx{iwq8a$bTS$ zt{dgwLxpcf^v8A;-flChwl7v7{h=SC;;l&HMf3(LmeYn3PTY@x4=vtMoms1D?2J ztSQV%ZKB89A}g?FWo^fRo4~GWiEHs;UpCv-G8L6+!F-mBt}3{tbsG74EDLNV{FH4| z_Q*4?stlSJL?XTOTnDMS4P39qr?x}Fo{jhjT23`BlRQCr=v_1Q!a3nB5JP zq64y=Y!E`CQ5D(&U%n$AgTvx#fxM<6OK%G;Mk<8%%0i%XW@qU|%PT2lA7RcsD;{o} z0%WdG)!U!o)N$;iVNiAn9iR~AyEzV0J{xCxX=sU#t@of__OzZ4?21I_Buy1ixnp&f zx$rH-NiND`aqcAvLv3}hP!~GjuMbt>hf?)+^CmOrtnf_qKW1n0MT*dWU%>Vc5aJ-% z>kJ&#R=U2j3+brE5LW0a4-_tYK^P(t!9taqbOeh)W8ArqhMVlk`QCiEPpMD^Vjpb_ zUG{<{yDJ*cN}|{jOlx^f$w3iufPt_tk~TW#IcerO&jwQ=p(a+Y$R(A~kvDvO|b*=MZAca2DHRl;JYK z+7VaETcqB&FfqcHXQoyH1@oiWn+XKHAXG$JKr#)B41<54$yM*rj_Z+@G>O%xILo2o z>2(~-E9mV9mZlP-<;C%tGPHdYg_{uL9zAu&h0(5J?NGQ!7tQ2I3Z~Mm2$?|S2wlcG zByn06VUlqB!GVo4=E$q^y|Uxk>$HNC6sI^2-Q>h;cM#Pm-u^mUQTu8apt*B47O*gB zqv%BLQSE%in`sA<cnFpN8ulC||p^ z%OhLU*pMI-+1%~pFvAsj=798$RzhfwCDPi>dkOfWtIRldqNk!I?Ueex_=5QTqj% zDA{8BcpPnQP&r$bi1FK0rN%B6Ajx4~srduIL5XU0-O>o}e6PPHyrT(F`Vms_*_pLu z6Va%57N=&frL|kBvU2TTNwSmnF`K-yEaQ6l_77~VeB;4_L1xux@{zc0lm=^@gz&t= zK3Zj%8h%;*UCt@q?L&zL2s7b+s+ty3$Lx~~gx>n4uUJpLpz2y$pKkT&k+v>^1D*;O zx%CU`JGCMG0=eGlwCsJ6qCzn9Im9ww8Ic2@z|Y}r5pgR7F3aEsJ+*1_=w_j^xrtQ$ z%A=U1VQ-$^rgwIoG}a@Itxl2(Mw6|qmIS9I9hE#&DyPb~mD?gO&sK69r+ah{I0Pz+ zIGfUy$;@1Y8Oy|qnz1db+)#O@^M2}fwcg`ep_KBF3#^n_{{{az5nN~I4 z+9cHR<&Pd%-v_7MIX9v+vT=IM)fb=P(7u9v5qX!Z<*IfuGasbME8KE5R+{-bJKI<$ zDV2x2W5&|kMjq~wjfK2?HcuT6mQK#i=v84AaKXTqF5`cP){GaKXarNoA9JXy>R~_u! z33T=8fK_&gI4v1ONjaaDdAcfoTw66mRI1o_!k5tHGen%CT=h3gW&r#dtoQ-*EBHKJ zR0_z|Gp-R5S7A_)t4ZhdZ6H_wu#_jY8T%h@-1*o2DNKFCMUjGV^nw6@c5_DpL)0IC zBHu-hs-0NTOSO&woY3;}L!G_2ee6{swAPS8dcwp86C94-$XTJWdf;WoU1+VmqHC#^ zB#kvVKFEtSL{pCxM=G!;lIRiPK#UG0H4!#W^Ecp&TUu;9?HtSS!pp4gc;^EpcYnF% zwG&g-K#E{UoF8{6PeoFj%6dt+DLhFOoHBfQw&m4Lq>|o8g9b~w;820EZIU?CltE?C zD-P$prh8E*VH3?igQbk>OfAag2z62JND-*=l#kk6jF%CnOkdsrWAA7Udz;E4UP9;{ z86?d`RQ+#8^@uB3mNa##!Zt}_sgl-D;6>spxZ)Co4rRj8sTDm<-+&)UHIr6I0RIex z_Bhg{vphJf=Y``^=Ey~}Br65^chJWk8mCuBJe)8-AShcnD)OzD5<&tlqn9;jc4ftP ztLYWhmz2nMgVTwVScX-zxnA?K02z<>1hZ_MjtMaaIsiv5NzZ&xETqOFqE74iN(|e^ z!BWue7!H1<%_bIdNm6zR>4-y+0M!6jzJ#~(q7ZJi?~|Pw@7Q-bzlhvUbd9^fzY6^3 z%uZ58qCLU>_4(Yp*5NhjhO<22PwwiR)MS;F9)@MtDxzW{f!QqlfveqSuFu7SoGWTs z(A^*CCP<2KdW31iOEAobR7TOmOkSd@Q|&WEyDgPPS1UuILxS<3b5hY1`;3Jq@&}wU z1^BN_oz`>SF)sT?@WORxWg~9JXU^LseSCqSQAgnFbeELS=6GD4l~g6~w)(pei*kg< zXEOV+Jqkxkg;HFX;VfMfj1h*t-krE*MeY>Byvp898lb{iq$c(GZgfTNr+HD=jQw>E z6~zM?*D@ckEyJ(%Z|l=WRPp3H8?7Fb!~qzH>ZB*dQ*?PaR`%DU%~*%i+=#Hk+=#m1 zb<-VH743Y+TJ&VJb>!!-PD7Jl=_$=m01+TH4Zw!6QtT|e{8W#1{z5zm)Q&Q*O;x$3nP?{AA( zHyEK0-#Lg|+*rO1UtC^H*H6F56{2%2jDxcKV}EXz+b0@sUMqDkTQcnmu6E&+{2;UJ zoodn^gJNxO8>^*+X+q*mLTa0w8i(vK4+JSgfz9zxUCmfK(DYciwin-JRAnVxCEE{b zUrHf4mhZ^Nh0d8iUKYH7y?7tv)4urFFz!QvD=F&eh7)4=qkHX5{JT)z*iyn}w zYeyj{!}HC;j{GgRIzo@N%(@t|PDIJsjc*QXT*kT{cz@L-Zxm%L?wxSfb9Qo!Ze-G! zQ3kJ^k?Z}wyWVK2ruNx5lHyWJb+w)v!X<$MtAop*xOBU*%=o@mlWr_&{2L>p%y{qy z-fcWxzLo?_k{Wk)ez^e2;)suD1-=>ow?F0dQTG`Bwq;!4tA;(uR?v+_>SJaZ!u-^+rd<|$MM>v^bxP`-I*6jT9)$@{U6(V>FgRl z5|{7VjQ?Wa?zwldUc&AqkVEf^xJ_g_KQ}5?SWT+#c0LkU@WJ+5_j_bomv2^Myj8rI=I=eQ&-(i5~dL!@YS?a7zW!A^QWZ81@UTI5K+wu>YkM{~omB zXOSzKCHbdp!%aE!)os5?Wx2vxPf}T~SN~@w)ARS$1Y%f+$p2SZvGO|jILrgxJozS~ zhw>)5aJEQ$Tnce46yjL6kq?dEB8X7@9IoC*8!IsB+ufL7@|^Ct-mtfH!D;A28Da`~ zZ&+hX#^=R%^D(k?*3Q&A+S`0&et-m#72ftDzcNO+jk(F_s(XoAzvFMX-J5auONsNs z@o&O@rcPOIGbSg0x&2=6_n$KsoHcqMI@D@m4EI>nmpozPj;S)Y@EzU^U-wV}!{d%^ z_?S)E^9cvz#cviAx}W=mgTNEC0P{2VwLYO3kj}ErOp+%=1-fm`c?DB)HEPQ%$vmB; z50@{c(^$doPVyes_wXLkBh;}0U&Lb%+b?@|d7`@W!6F40FH;lFwF87U@&sH?Nyi?`(<&D^`zi0bA31V8$%hP; z_r9w@fv`Cz9~XSP+z=ZvC;iQk_I)EhJehRL?YX~w|B2Dv^VP4?=-U&P_3vgS`k-?+ zc!-rz4A}~wSsf8$aw_lieUTE`7#K4avt4&vr`>vLR5oS+@Y4oShAD+FaVC`h>xzOQm0r0oy zQ~IL%gKM*geYI@G`J`Egq_-7m*R<`WmXrrrHs7m-+ZStDiJ@ob*m>$=Nh<QB&oZ|?|jXW2`DKx5(U#JGF(%Ito__JDX0g6B)BVm8U(mNe# z+2A|fFU)>0I)S##HC$|{Xz{0WJ??uox6Fv?s8#Ahs3cSb9{J9rauud$+Em68$5(5( zD@1MvsQ5&Xqw>^u3W33-Vh_)0Eh~~qg`ds7S39pO-32mgh2m6^no&NKVLAfKxd0$0 zDn%OCYu7yB{UN^b-+2=bJFZleuq94{K?*74ChzFp8=4bogJ_^{ha|l_vb+2SRhQ^W z?b-)gTQz4jwZGjX-PN)nW>cO2#O?8eiO+PO;lb2m> zpc{qVCZt&u7?3v^lNN8TGFEA*kc)gwsJc^Yt)z=2)uf}1TGGY3NAz}iA>0-bHN{$$ zQhkpQXEx&fqDJw!EQ8Iz&|)KWejY;IXxg$wA|oZyOqEh7YW+?y+kkhiY$7DSONSF( zFLLZvsY@K=(9|_6Wh!`n!|kXL0fXbZZ82Sum~lU?5y&+Zo~4^^pLh+IJn9h&2}>$| z3YS+VDI-%-dIfe8Ls0o94>h*87q3v4(5y^niCp(7A!)`Cm#*hsE2JCa-S`|U570&G z9z@H1SG#7uI@&(Y>?Dov6L)D2WDCeHh$%8(XC+Uur)A^hquw4!>m*Z7)?Ed+C*0}G zAPkvfCDkr&QLs0WkBq~5xGh4*ya6vqIgTRH$Zq<=>sER^-YX(i)EGiajaAcXk4AAw zuE%;TIU(NBhF*9ixug|>(FlZfccL4=t$xQo`cbcaoXvfRTJUeUki}u4LX(OxPr4s= z5ew-9WL&gT>XYk=5!oO{qy&vl%SFY*^+bes-Ff~vYow;ILS5_9KuOKO7D5_d0okDp zvkxTS|3TizxVtOi-!%^O&(Mm26KfzeWc*xNOBz3G8=@5TX(%G!C4y_5E`b8k;mw`H zQ5?|X_9j5vW<(#;e{z7yo!`68@6cEC+KRtjy^Q67JQ6sacA8mo7Ide-ideBO~f|$d}Em*ru`vzp-j`+zKbs5ZHr~S912mOa9TXvK-pCTZj`Sn z#@ET%|1+pud1KYL?RgVWRezd1DJ4m}$$%5~omOt&8+SItzrLz>O6kj4JYx;evQwQs zQgeeNSOCA1=aQo}yEh(cK`f_fAwe?_;(d+AZ}p5%5~$(hAM@>VT%rNWijcc9KJo|f z-3;*wGSF@Is9^G{B1{o+MGj-0S_t-Zxq?0G)MW_PaN5Jn#{AfnCPMGT%;vkDb!!BWu>c7>Ba8^S@A6ik4~)dx!sCsL$F%)RhX5L z5S|#`s&-<`^3K$wjsW7k&w)xAAQuJ1Ahu1hr=rTpU4)*nFQ+I{#PJbG zTvA~H_S)OG>++>Mr4ZBdvq)l}J*H)P$a`SD<7`(*Ksex-yG?BSTR34$0!UG~P8%no zG$8rI=GSB(#gMo`G&jof2M{e^U6vnI%~{jf8q*%el3*zO9G=1p+s%}0TWm1{jF`x; zcp_$XAUtNxqx!VKbX?+G@;GY*^&im0k}MkR6LSo?Bt{?)ugH(%66|GJ^=0giN>iaE zdZYy)vJP?ycC*xL%AorZ$MK?Li}{EzPGl6*Oc8rV;%1t6hI>|xPA{%GoLZ)k;*U2* z4DVF6c%O&7XTzvK94!%t5SZv{ZJ4GA$Foivo50+Rq3w&T=pqFCC0Mo*RZ3c>Io-t9 zO-Usir=TaEPzjTlaqe9;oacVgnN>RaX$L8q#oBMi9jWhk_!^+GvGORow8;G0_hs10T-6oCqEEcgEee5)^1s- z{wd|oMkWc7tgq;imjz&Blstaj#UdF0e~z{MQOQh~&kgT7L-g z47UHD`Jc_l92o|taS&cyu7b1TgVfST11=8Xf#~gX_S4!3z{O%; ze#H=6F`p@Mii5Eww;;%vfnlO1%L+^ap%tfrjzh}`yo10HF1iG4pr<-pV&B;qm#W=F zdXXJYFRWSjiFAXPBXpA@5`;o^@gs+!stiT%wK+76YcfgCCK9|Mh+^W34rdFyU*HH@ zoq^rRSt#*_=gm5-6B|sY9Eoy&K-Kt8q2H-)n3;~Ipbd!xjxY^GD#pdzEc2zWme^xk z5*?925(42$=_brfrMsP2+YjTYA$W4E?6fJvQiWtCJ!KDVaLGb1W>Q5%>_LWERd*6d zE3vCX)q8B}^LY>haZ|r=DlGp_N75lD+(mZ65g-hAcCls?itu7whzKb-k#%pkJqecF zf?x@bBZdK7x%JXoQGXn==TuLqhZ^sRAVBHa-r|qL^@nISMeb3N=2l>M9dRV!n=q9> zy_=MR`9eiPfaIEGp;CHuCwwJs$WVA>z_UJcET(*>gJ+7w#nUc;7^J7SAI@G+rDi?1 zrcV71P*-QST*M$AP$M<6MP1W9Pf{ zO%RbB%G3HcsQ=vCP#yJ51L`gqZC_zIA>V&^S^vEe!Yh$YY4!S;g-s{v{H2E&oYx7y z@XC%I%e=R|60d<=c^&kf7LVQ;{^6mCow|uX$)-kjr$nu>RHiJfs`u0T-dYL?he;#1 z0jKtv;B|II2cc&_{;{&`zVVzh=Esi?Xd1XTc-m-@BSr-$Hrdf%vL3#ht3(986Xa}! z2^oHM>mj6K8^^e3?JrbfFxwJl?M1A?qD#nPw5Vip!ux z6mB5JhGHNR&W>!pd-%zBOIF0LNvO>9qR;QG&5L|g=jeVX?~~1AqLTAB?R}wF>haa^ z+dEF(R|**GqRd6ewf+xJ4eN|xG;M984Ig}7#+bhK7DhjA*LOt}oC&PYd-n9g%|#0m zKdZE4#bhrZHag+#k)n^c=VUWJF7kGtQ&#X-WYn|Dg*zSWACBz*IB@YZ6di`1Sg+}t zxB{Hu85C7?N4wMsCQ!~!HKslfBx0v|U~?nZG~lJ1b`u_=;rB zFy)WFSaZ)w6Q|E_rfAeaTXYGJ1d51JN!kNR#R+99IPJ_;8SPQn1BmmO0<>IhNOiM# zcnjOgXMz>4&yt=+B8Xh=#Pd$uV+^ETcI#@Xe2J{~xq!x2lK7^Oz9S%%Z}PW7nmII+ zBrW#kPnZm$Ul9A)%OZEfrJ=}qqqq!}NsIo?C5$0vJK zEZSU)5z+S1)59$ccehf8KjWL{nXGFu=|}b-U4Hufl#Z8!%y}MeDX~>eIp=Z$C2w?8 zR_e%oU#%iGhuI6h_1!i4{5SjhqGfb&w0r(VRX>lv;h^naTMu@((Mv36xXX%zhcm+5 z4@O15>hZ48??#Vp&&vD8eew1&wNXLpp2CPfQ*Y65D#=PT#VtJ_Xq!Uu zx7}h&epf&n!D#ywfeu!vVx4wE=kTciUHC$l=kZ%eVHviId5f)gmAUfGGRZ*5?{XcN zKw0ap*3Pdx@zQdinU&ApspX4wg@7=iHgf`Ynko>;U-u!@rSdW_viYu_6+K0sH(wr) z^J>%JY}z*|S$kPn|F{VksV!9~0w%T(sG&p#l5HOYHyX=A^BwJcb!-*$V~YUq)W+&d)hvuvN9ydO4{gr1kAv%x!EdM?x#+N18wnnhwN9iLJC4sm}T=Tr1vEE8T$JtEMC3y zP|0%!VI!5pJ|6hLb@4+uxxad!_0)(yq zRHI26Q>1@dDfd6#EEh6x4_%W<(OgU!z7;Gjq~=_+u|ncNoLVk9Pl4j;Xf zu`7*L@uWyjfj%V|uZ+FHcJ2!+&hiX*Zl;d?Me~VdzT@=YCQlcx;YWw=I_nqk8n^nc z1&i^UZD3>}UkfyvXRp=OzY2GUS-w~cUls-XC+C4|Ff8o8Q1t|k#Gpgv1wlF?+ ze($Ueoq7LW&S)D!d-pK@@-7#2&wpKrjolBD#_=t_X*IDO{c;(D=q- zgm&I;Ka6PBuxF%-{OAhx+Y;Q7S!rSx4@N9>@oK2nfQW^{6|p!W!8qlToE7F`0&O5{ z;a5u!{fa5NSa61nAv=VrAi1$E^HZcXV|CNrDfZ+kIQp<7&P<1FATmVvP|J!GxL8!N z(hx*4v!_y4$%3;!9}|6h2+{hL^&jMN(d?ej@nz829BU{GwZu!2tWcN81 zV|^j#-kC3D9PxzJGm@e#vm+YU#M@!z#ZCL@tLWH@7sVqZe3BUz?{B#jM%OUB-917_ zk6&opZr!n)c07}9_g1=nH;}yls{QKo$K$l6-b`B&gXzACvD)kQiZ3RNR@tH!jNkFs z(P3I6!xVKQzkUz@%Fmw`#=d>^Myat-SF3;&hSyLE!@LZ7-IC+Y=OP`U>rI}dBhg#U zD08*C4FxcC5WuJr^F&q-TpkgHfFKQ2Ag=Z@*3csKCCl+giRJ?nk_IUSjIX62SqUB| zmY4D^E5S(pqPx*P1;cii%G1q6_;06}C9%3R~Fx3E>4o)w02r0k~~nA;E=uBGDB+lwez2C1H@Lf$YG4 z@6B)3nD93A@9fdw_Y+UN-_3>MP;B*4*DrBz;Jd`*eY^UaAJXYns}gG@V#$VXYz>yy z`2KQ#dCHqnp-{JWu`4R%bX#fgh48_kR%}tjsp&zRsDaAKjY(qNu(RD7s zG5Fc!AnO@4F}S|WAK%fE(7U4D3^59A^cVM=HJLmi=4xB>#>FdgmLy~OJ|!6Ix&{I? z3pG0(8Ej?b;|_53PF6^)5%$Wwu~_3h1#&~<8*iu=Ck~tJd4pl~s0CqGL!1H6ajt!| zE5BaZ0>6xi!{9CDX#johE)e`$5`!;aOG~HjtAXox(xOg#`0}7MC}g4 zK>}HNMuS&JdxPzIk-ciIuBsv37W?+9NRflDrs2@gACK-Z>#Z92MCW6W&of5m`h}MbvQ*1T$Zg1MKmUPH_}f8WmWTIN z{}Qgy{xMu(%Jf!yVZL1~6jz+h+bOGCgzGq$Qs{uExr&y-T*XIEa}_ekRanv8P6EFR zVO0D3V7uHSgmeUSqlr)?z(5=Jg&B`3K8%yFPVn#Pspw?tF4*}~dLTI`bv~&(W0z}r zO0z?gisX7wwE$c`C{*bf@~qhZ8wiC0s6gz@zDGE^{KimFWK9Ln?k5%a@I>1nm+!(AT!`?w1H(d#e0pEgtF<%AD`g7#$ zwf6V@aOK9u#|w~#HYe6XL$=(RW1mc7})k3uI&_{LpoZ2VT@?4^r{Tn|OwQyejF04WhDT6LkNPs+VG@-X!sH~2YS z$GnODr!e9IT#L%As?3bOCQQ`A`5lZnUPoAJXi%->35>^u_wZh_KvdCk{#O3OSMBFA z@yDC8{nOQ+nLNFr-QP!uH75F!xcWg_sqmVRSnBQdghbdlHqKKNaY{eV>GgQ^mn_R= z#sKJ8W?F4tCgK)wcN6w8*n}7mK@0d=p7e3`g-o;d(XM-hB^`rvgb+hX;}NR|)N`P$ zgj!KwPX_$kSBWH_6;M7k^%56|@FkQw#J)n*hGFnXEjnYFYu=kTQNi7Sr&{JJPydEP zoJgpLLXy<|WC13Zy7-mT>L*iiG@0};tH+sSJ_xgmgGOFU&_VrrMNFG^55{>s=gT00I%X{E7(gTN8|{Wn_naELfh8 zI9rlj^;u5hJP3t^0i<6&4qX|jl;TMs5n+qAYp4Rv5=LbiUYg+UI2YBKKGaN}(~{E>{&^n?3LbU!dxoh0?0_imquk)*<^i^o!ev#N5qYUYmN7Zp^f- z=t`_lzj6`H`VO8KtBD4wjb_etGklY0Uqgkozn75X(O=y^UFu`fv&O?``?qMG(KJ26zz{TnFJWN?y@C5C4zmYKk}n!Kn@x9m}EPoYHDlc+>n ze=bBNFo;SN+MY%wAZ(f02=G}=@eEyY&@dI5|Mt8s0{dG9lu@Q z-t%;q`H%4U^h;L5U-Cu;eaP_jua>dP|00(EY-b=lGuSWQC(-ZlN2XMj+YeRU@OX(V zxhStBF@?h3ttVSf%+gcwD$`O~x*c6~@?2A2**$Y{Cl;yQCKH_^8WZ*acA$p|&VKqM z$JWKudUnaeTaywQqN1ylCy7pS7{2mZH~M*F{iS^^=ZC*qpR(p+qICYYCOdtB^ryVZj-tKRy;^Q#?EZbrM*_BS1N z_J&@2+*p7s4zWIxGY`+$Jo^o1$#9FMoiS?I=M_;^4(O4xktmqM(={CV5~@lb_E^r7 zPx6F-;4>T-eW*qFtkdVXn6VZSVWrwk!eENxKu^K+@OxusEY@Wn9 z*c26WRbq>X#PRG6&RyD65%PpPynLq#d*Fyx;#k9r9yo5-nCp?oHk>@lf$+QJH`F1) zb`Bs%S0*hMNM)&*Fr7A*YB>97tpv~N^6YM-nQEQje82%7B9W>ej<9kVi_2%GZX4+G zDYo4y@{I5Q{__xQ-jAt8&yDeLpQ8>8bI5~^(UgTb>GL;xz4koZpR}^St;Cr$M(y`! z0VZRWU7Y!PP}H~Bnr|GegT=$&9?9FU9U)xuw*}p^64JX~J;*uO`^6^YBIGJ<++6qE zZY@uMmK(oS54;(9*3w7alfkLXv`#q85k$kPHqtK4UgoDC@Kqy?27Rft{w+Cl zHZ>Ufp|8ob>L8BZsk;T$Ye~|A_lnjsOS0MJVGm`CIp5Zg0YQFWzocFWKQ_Px7%#W~ zu8he`HvJwSYMh|W$#3JfB!=bpdv$-r1!J|->z_m#a{sePLs$B*kp`P9(vaq(qJHxy?u zd6B=w8R{oTmaB6X;mWX!1Kq}hPADcQQ^6k_*bXgA5d9=Vi4;%g0Io$f-l~U7eKvQo z;0|UyO^YI#FS_zGq@I;G@=SgM9KUuAw6j471j>wGg zdv4O&{Siih2jHh-kwE05-b;< zUB~sis-McYqsZN>t)lxdB{X(-1)?S{K!a2dS4u*0lbRk+?{?;tkQy_ze}gkGgFy5c zG|&P87z|@f2TQfo8tE#K_@#r1dt=vjv)N1yM};EP)id9|6j#9qNS4_%+oBxFS9ei2>fG?9NeGp z!`%NSjLHlQ4g#INJ)>rDRAF!%sLu6H*a?Ewp5J{aEcZYy?t$NZsAzD|C(wuW@bxo` z5ahkC_`b{1Gis>&N3+u)_zH2MV;Y~jC+d6DA^so}0Q)S~vhJw-veT)zT-5Ykqn}R8 zWN~lEXal!I`CN4Ds!M;F|6|h6dC2_bfy>{UJ=OdA&FW~BqP+RJBN9uNrWC)+{Ad{CL1nJ}hUDbw;i316zFwNg*wX1lsqT)t(Ko%O9=MmiSZ&-@ zjh7Jl_^%Y8)DiG#>L+X$1z@N_(Jyn877q3;4V;;vhySc3zZzuZ+2GA;lP`q3mnsd&D`eUTr>Y<#GDf?D}!(Tvt2O3MM`bse_E!UKk+UbQ9 zEy5Zy2*}W>oMy-UhB}2nRn2y%uPf|}6e2gun`erR$vvc_wQ1SpiD&JJ>^kD^A-Jii z?=Q2whUsP4%t@9KlAy+dG`mv=UaY3vP{Q(Bo%C7|Ml&-^;)!Y*PGlwKh}DHIsh@-F zfc`Pf6_p4$rhWLpq1P@@zF>k`QaJu&hRbaf_i z#-mKL{U9N7n=&Zpw=W^oE{%RgGU)v9dVB zRI(P#U7((Kj~J-CnFNhU&drdHIt!~QwY8Eh62AY$1v7nEiVxEve-Nqoa8=vpQ7eXT zYiko^Pdy#vdtJBWbY)QkeC)28E$}67*PMmV?u307{%ROkAs|2COz)hh0WTK!Ns;XixxFC_e#_3d)OfG5iSA65Mf06~9`10)ld);>}Cm7B$?&JIFi zNr9cHodlFAU9S?kDT2h@)k){SS`#Sv9Ob4e(JJmWiaimMOX8*H1Mv38%cqIrY3ItcBAfQqv`PYYV;4I)04hHI4KA z$|P-)#1XR-)!@R5u$KZte=5;m=cv%JFXNp$e~PCh92t)i8wIW+B`?TFme^k|P=8Yr<-0WkZ%C0y!g4R^=#+xEB<@tT?)L0Zfsv(;% z2)@8A8Hn!r>Sp{dgbhf4c$&_F6VFqjKNGvFr+(cxK?!9Zv?tZCk2iVM4Ynuo&d!*E z>)5-DpUE^gQUVg?q2#w3n~A{c1v7Ag|rYUpzp322;m(e zFf7wPK@sv)_G8lU)EV~cozoingoAo43C2HTQ6on3rKD2WytKS!T-CDrq{V}F<> z`TMIRU70SGpKat-os#5G+ZEr)RPGU0Rxb9B*;%L^)Og`5P58LzTE!B;o?xIK2o5M?K zwt#@ik%eY@O(Hu%=i~9TC&^8qV?)q8TJ6H`aD!#4iJ!3d@IzCBM{85nN8MCzCVQ;S z&k@Oj{xVlh(jft9UnP?;@K-|^bo-U9T}hTSmCapL?Na)$37_^PF-}?1RsOc1Dv(v7 zdY&yPifbbsuqJ{#1SuFQ>~(T18PfVxm(tHMmLsA>A5mB4P)8E`1a#tiN%WH}D^)7O zB>t<_LtSXtAM&f#|7CbyG$u_qRtsmF=_j)xF1)WiyjfV+ zG2kU}gjhM~y8^koFlE`ndWpqe=7rgL3d*dJp{|~!IWEC}x;RLPb%Rd!bn*ky>}BVZ zt^fjC^fZ7FK|=QBGO-Brf_fxbS328`HkQyl_+Lab6{K%@RXNy>1U}tGuJl3HH~=aC zF@2EypQjJn6p%iEuJ6J0LH_U42VX82N*}OjX8y0~gQV$AuJnNt(g$z4(g(W#m_G2w zPsEeeOdd6pazdHZDKecj)=5bY%jsd()|%M&>Y&*mWvi2O2h3gSA2`WL?!0k0bYLz^ z3xLSRQ^o&gQBnn_75v(V)RNXxci29$D^fjRuOZzicHN=eKa6ki923=D>E!)XIZqhj zt%iSlFGeO)u0o`t;f+2-9{J93Vw0IEB^$)8xBY=O!(K@m{zYRK3*#Xr`M&L5v^EnE z6#>`SA6t>^MMfZJursQ^@_`}&W8Ji*LBW4fPTh2yM+y`ioxZjN{)0u(!SW(k z!4d3w4iytEbnR*E|95onS9jvY!K-0G)b$_KF%ACiVPPXh`N@KzdZzKN-}-u>0?(`; z>{NorrNQh$@PyA4Eeqg5$yLu(G1$BGKb&FsPPeb}6aL=n)5iop^=xf#|=gKROKtudCwyer=X? zX#r(Nvx#17ROJ2wnzetU7mjFnDfviT-JskLvrw&EO~D~4;RwK>GzXrLK&hJs5IBul zu6w_VdrtDC_2}yCtSN9j9+LY{scd16vA7f(8}V(<9;q{lDePPTtz?C`wkHk~_6TuD z28DMjo(bjcQABDpZSF1XrNvOz25n}puC|eY9FvChep9NG-@b@!@uN3rUcgX69<_Af z0tkmmlqqmp*$(|+){Jy>OBf6EY|9IBn3wfp*x<2Lg zHvUIF1A6Lh#wYG4@4jujY^@Jwt@wJ&qYB%z^Fn3f=0C6J#6LUj_}QSmk3Kr~f`jpT z)1`@5{hfI70S1#@VssB%{MTcDNq;pGXU3*1RJrFWBN|>yOL*Krd8LdRIpt>@CRP(* z0YzitAI$CIC$U-|W#;bav<}yNCH0BN+A}Z}EKmHV8EG4dq2jGh2*W+AHaN}dGDn*N zVeaR8T}C^x9ub-%4j{W-)gk3;TbcP>Q2XmMVOe6Z7-=B2vx@}<UW*TDj1(Hn3b~rtr?vAdk@Vyz}PxNJF#KIdl642 zBlafIZ&=b0^u!Fy3fE*r;hkC`o*Fb5Uwd)`@!ML~J-8BKr`RV$A?rJg{B;~6q+_Y~ zEGy%^EzmhIbtS`%@!{k@1#dgL1`fr~B%caA|KJ6S`?EEZmrg5w{_y%~8^gO&!#!x4 zxUgeK%Yu(uc_UJM>pxxpLGQ4)I-(?PjL-KBzg_?6dsCa!k?pNxjL;kiefT3|0-Joa zWnR0ynEq@c<}@z1e7W2I8_(>XfHTh``I7JMWoznlWDLbxUvI{+f(xg8pS|xskd`~K zRX&4LvSB@A%!qk!uFiH$?8<=3E_p2Gr5#VFYW@0M5rk-nAn05X1Td&U1R;4~D1sn` zqYoxhJoEZ87-tE2N&yf!%fM&^Zu|z0jin9cdR@FO4$E$*D62;+38Or-NwR&3fh0s; zu0AAQ5!f3L@0JWFxTJM_7YF#-oi=_}jG>n>V-Cc&WvDqMt?j% zA$9mcM@S@HPcf2*EiRZaZ{nX7V=dGLOWyYqzt8j~$t${PXTPGUxl>T&jQOBeH?^JN zKDxu5;Xdbm?MEJX%a^~Kh*%1C*S(3p2?;(we7NxX1F!IW(oi(QxCg#p zUn}H6_W(>l*9?ay2edt$7+NcE>F7l~@Lj$Qn+-1M{Esi4P{j?^)lkeVa&s8!rF?{o z)%8d~X)&Za#&X;4j6Ux_#pH(>OL($*Q8%0aj5sO(cPGE2qi<_=ES_>!0%ayUU=E@{ zk?&bhz6WW>?htwkE3bybs3}r^y3YVzM0Yz)kx;w`lI9~V3J zMNOVR?maf4v4fQpDv&UVzE_AsjS|0RIHV`AyC~d_;9aB&>Oaj-zK46z9FH67GhNgp z9@?NB8G7>rcvRYHHskGV0v-%p?+G5POCoMevMdy0u5bMhoFMQQPQVzwKk$D!!T)lC zCrII+;RGg@^z4&O`Ytb5zpMtY`NlpTLn2-Jy!>V1VEIugERZ5uV{d5xN>OI}8(6-H zXCF^s2l9!=^oLE9<=C_oe^NC$uQzp1W6s}(H!dUcqMwR)CV+oxVdk- zn4Bi6-^*agM#sDDnt$v=j{(A-QW6ggKWaQ@*Ndl zDL-$>xc}22NFYdgh7)QvHeiF5-4d6Nt6di>AW>N0|JQI4#HYV2i#zS2N z^c-bV^%+lkjzS}UB?pC2<}lkeH{ar;TjZ2M-L#Val^nPtSFWM?#c>EW#Xh+`p(~Es z+}A{)JtCnZDERzl9Kn*!Ru7sLhe{i7a{zIYr96x2)OXpCo6!5&PZYnD_T(UU>fF*^?DtP5CqDSXdVGCKe;b6(xb!Uaa{hf;=hv zrr?Ay=mTehZ@?$oGo@3n_z!1<3|p^dxG82_%=+3ZIQMU6&l$nwLjgVRjg>3a9@#~o zem*kfb>_hxjyUj(N^Mt|5ycW2UPxPK{01B7{7Hy=uqyK1G%jwCHRgx&;JQzOE~8kh zyWxHVfo3`T_!mjAR;%&$DWpycJp-!8RlbHj<_8UpgWTY-5@m9&9=e$!6NEG?gQ0HA zn!=Gka`sQi8>hkFy*?{cNMtAGu59-M@n(LC(Ef-)qUif3FSR4|&9tsC0pbV{p0FIT zg;1s`zzx21)fk1+k(ip6FYUdd&A`nvK^8ewW3=p`Tn(Kc6b&)EPA}~`Mc5EHxP@z) zF4XwO38WXB3D?i&U&4W{ zz6gCr)L99?dkYAbS88`12b+JzL;Kq=r?f1HWy;$Go6b0y^3!cO9iJ4QHnfR+ij|+N zI?}M|q-i|&I0Oo|RIR>vvvX_n!;Am-?6Qj!E^F9lqW&ND-UO_vLtWcWAR!E51VmIS zamI=g+p1U*2)eCP6|GgQ2mx)Y)&W!`NQM=HfYny46K+w7ZLMt`z&fCYWDyW;OVw0b zNsGw}I6;Y70U;}pWUc>A5Qm;UobI#F`Of$Ky{_&{tF7+K0$F*V=ecjop-w?fwaI44 zDMHkP@a^lpP6p#CgX;~K>v|AIXP{y(;-?_Y{cKeg7ErI$ni~lr<%^Y+wCRi9gQlx3V>BXz+id(G zM68EFH&o;sILR3PIJGmP)UGEJa{*%HgTTj%N;)$sRZwkYb|(jW^!sS#QOfp!c{Y|a zH}E-=e#qanPv6m6RIkS$)dlG+_Zrv|>0BhBX=wn&2Dzt4=ispTM!`c%g$h~^*Q)BC zA&h2?w7#rSU_wzMu)6|mMvlrmoh!dgS3gA~LcMKzkk2%sC?f!plXGEqz!w=gcMb&!jL|W&?QEVxAZThqcn z2ry#)Q_9i*>g*tFJ1VyK&G?r+3k#gR9$W|ztrXG)Fmg`;KIt$dbEkJ1PRtAO0lLNt z!%kBEenX^#*@ma6_;J@wT!mcU9UNdh4YJXU+FubKmk$~>AIh&ixk05pP}{pgV4TQa zSgOnvP+#N)Q`xAUoin86; zt5D9hCLjtM2WYLxX%6#A6F*WgDr*o~F zbV4_ZDMVA0TB!4XrWqf0gQE^4`HbkCIyKasvgnuKG;3?$B?NR)E@7>4Ko|CzT*2mR z3E`s2Tv?*SXdQtc?*Hm

cjb3-rlfzh`+go=1mYST0-_5fNkJq`#G?S%_ zohvW`Ri&8Lg5YPCS&nK*fYHoUi7NJmG_$v@57q_D-zh^2bB_68AfmLO5;+yyATS&2 z!mbqaekrrf0w`NEf6im9QT9PmKE5o$AI@@hO~cgmSs=1E%zC4O5|Gy8X@7dM6HdCZ z?xY=M;9WJ|<-FHe=Sw70b7OUp9uV$H)dIVDXF>Fcil#-q{E(T4z``T>+z+KaDB5dk zEcjDGxu48wXY(5ay_J~=uf=AxjWhut@O=k6{vkonAqobsQRgGNF0e)wN$cm3$}P?1Z{bc)rZp`Q`K;? zKu~Y>?Uxm~kyKAZu?Jc` zQ8$0^_o__3GyWv1+21XhVmf#&p}Zo>TJ-p~%^(4f1}$wEEDsj%2GlXL>1pP)xcL`G z$SRmVY1o*4UC^j-FInrGvn3zTkI1h*N0RJB#Mm(XLH=?W|6ajQJws~NuVz0DSZ{9R zV~T+4MCG0qrhjt>{mXB{_fL9F{*FiGw=d-?$p0N(*I}w_ixGJx8%V5 zP7R$3wV)ANkiy;~(n49?bff0vXrH1mX-l>I@h7FvCor!PUZr_Wmg|Ho{+1m6en-e} z$pMfYkbt{^=sOK+8D%~LdQWN=Lw-fS`4y79^p6u*k}zaP$TL*8+ZFlYIzH53IoT6+ z^8^t6b}B}`K_bT@Tb+RiRPkMV`uBD)Xg8Riy*v<8{v_Uk+sg7OP6$_v$J9mgzr}u0 z@#%YMA(FQLvW6AvXwtQ+S5{>=JQoWw>llyvM!Ut)K;BT&8loBZC)?fPo@IF3-(oK; z>x%811^!;xmzJqWqG4+$BR=3hh1+|;a%@+>_J-#9u^*99v$AKmtXf_7#wSjvIG`>S zs0A$t(BsVj-zjjoiJ+2V8Esx=n(w2amjf*f(xArbqC0&^bf8Z1qgK>Xp4ucT)(bp=Tfan^8Yybj-p?3+N=2$X_7620*fm80IU2Gv8 zX=Xm7LO{IZ3ypJGv~{BqP3<9TiqM!ug2QQ^yqU>Q(#IW7rNkV66ru`LbaLdX37Q5x zyVCT#dzi=-VO~K;I~Zcl_GheJ&%p+_E5{!!^awFhFH0GP=^A(sjGq|p5RcqNoT3M8 zjO78SA0FFWA!gfje>C;TE%c7Mmmi4X#41rP3*I^Yha)yo$rhHv=ALQ+;ho4}SknfU z73dckWy86h_M{T(qUeJ!yE4?O!(VZ+LD*Im+0i%kBYch~pqH)yzx47MLzPdvg>glh zFAHA&9Gv=T`6QJz(dFb*Rq9oz8pxSpvw}GN7(U!oGhg(*3&{tt6pWeX)L^V2kVPp@ zhzcl!4X$V;^LgF2b26@MO3yr6xcOw7(%{}&Y= z?Ej7M(E3|=_$@sA79M^BF@6IvegiRn12O*J5g!gTGSz7En=^+1*sftHowto8@CB~s z!L?0@!Cq5!CLPe|!!SO?{ntXmrWSE+b*Z8&n;=yzd=s;tnmkrRt#b?j6jK z2PWK?e^+r>Wuy6=om;&_int}0Ze!lPPnX<0zlm;{m4Rw7?YU8SP6rrj3THcKVU$0s`4t@80gwIHCl3w>YrL$Hwb0WUF_ckhdmIY2rTnb)&|InRF zye}u5nrz8-Jk7;d)#sc?86XZ!yWtbCmji<7vR%SjU|P%%X{o^tZbQnAXH-{$^3nrN zrN*3$QfE=&oAfqDV3L?We$S$AbIW%q*bTL-|>A5N?c0kWjdxkR~eIQDcTf}B~ZmkMkVc)mB0xe*DOEEnl>r&0O?iAFr z`ZVKDHeroKmrk9oc3*C$YMYMS3!@TPZpUq>uxuas2PZH|iWfuUU(epF(f^tkRw7s{ zbU=Zf8q9Rh(Z@O&3r?_z>qDz`p%%X81gv_Y;X6lrrxwXC8r)ubeQ5s^E1~&8O4p z6*A=xi*7#g0mufYDvcDYns;f$?Tz{zheg-rp=CXutQ&jJ^HG+9&I{x^Osj;Gdh1wY zSZ7|j!-6<2-+PesiQej>gUEU`k=|O?*;6Bva`}3B)@h*WubQV?rD|qMy%P^YfM5^E z6slcciMM?Lv0}7&uVOL=MF{Kz^1L%*cNhJ&pFdLJOP6pR|GF!>mydTF7~gCI37`$4 z`l#_3x^Q}-12aI^kG5(^DBn0z;i_(Na<;jBLP@~xN@=-yfD(so`Ow*eq*0(+m^&^( zl`f<^*wHiMSSNqf!fgjNiW}m3TLbMe45QtkL8qxJsTQRZXhzT2!V7h1TJKACvFInm z4D={u7J3)A(Y!QP(y3f_^<{(dsKa-1H)NrFG;3r{%7$@q?~NPtJ%Ss4fp)lfX4%R@ zMbE}8?V}E~zeKvE=u=*PGlsuwPD6=f=TlPR%amKAFCGIE)IOZ{)b4f5@OnJ^?k$Cc zf(K<3(Vr4gqnsSrWxU&w?;btU?pk{TS;d+^wIh)b&{LFs_FOzbQWo(HQAwVjl5KMq z_reMNkd}+KsRJHM)9Vdo#oG-#=dN%1zn1YVO38EjWVdEV12giO4l}9~+l!1;dQc+J z(1UEVu@wm+wC#K?hnqhiMvdr|q#8$c7p7eH6forC!@jt39U`h=18rUe2d2TB%ZYVk zNju6Z&YOy157AB%aZnZ3#*p{ISX09~yn4%L@KZTZ+Gl$1UfS?jxm zeeVUm+R3aumX>hSaYnSSpdBbws{h|Wu>4M5`klP=J9+7M^3wlHDNRA(!}sdLH>qb8fBf??u2Zw*cKrA{BaRldtW1|>iTE^7kUYDWMzDIp42QA- z9^&G#X6mG60N;??C=`!AZgqd+8`juNjLT0@(D0U(RkCvWXk93zc(Nj(>Tcn1e1Md1 zn5MPEk3ZS82{*Ec{bUJd5F?bi1@xT809Yap>`9tIr+9I^MzzeSu4*yNeId;FvvG^- zxd}OUQ%3D6XwO;O0|{{pScM%y#21oAHC;I>cADF6*NNgVab8n3>U&#e3jIJ~kBHgO zDAZIfQsR|*S)@$3&{o-q?u8w@T`mkgBSxi4Uk*m?1o9W94zxAu=e>iU{-S$5bGA9* zvRlUOp$+r4{XNp>5&eUGvX{k!L$gY%{>k*zBlSQN3a&y z+{ve|t)>%!owH$&|M@J}w%iW@REvXIOvS`2V_iyNtp-P!5foH5g#&Kk`)0xsqVzE8 zk3q7f=Vpl@I=MJfExu~1>%=p;D1$%XV}nk6gkhUXBI&fAbLx$@fc#)uurH-LiQ{nNz;n<( z6_(PEZA^kDG6p9>14p5?!llgHNs6e&rB|{u zt?Uf?;X3me1s5gwT_!!loJHRH%Mi+opiy{LmK3GDXfIC>FD_H>Ueh zHobm1v1b-A|JPbB3zk6aSEC;y4#4`M=B;Zcpx7tOUDd#0FH4zLd>k6`XsS;=G?*0 z#(`|31|C)M$eMwV0|~fOzzLQmyK7IY|AQpaFt~fN#FMC(&M0+lK*Qv5>8R~)sHoby z00%MbS&vw5uRxElLh(3MvBDKavOy7ktcJ?B!N|VBDvbEqruC3shy!ZCI%T%rpq71E zv26DWmT6ST8pt{Sf$p5^!Du#Y<73{S*GYJ)iLJZV^KZrEHpkDMVP6%@edTd`n!JPo z0QJCmSry0b%~BnL3sHOJGY@^)g?f}Y4CqZ>n=`-k-rnNd=eJs)a(iyVrg9W3X+a$W z;j$lDXPLY+K(Yt_2^y{>tkCg?{;6TOI#hGf=z+?W@hPv>l7a^UKK4dOp0u8J;X2@Z zG9)<~59HnAd6#e9r}uW{oMS!{&ZQ`WEQU1>5ATY&1tBYyD__-HJ`SB*NKvk>?{G_$ zp5c71`fBr&y<=nW_@*^!N<75BseU-r=W)=yZ?pX(^!Dhwq8yrh8z7Z;qA5l;j9o{Ra+min#)uWX4*;#up1$T%w zNQYYza0+l^?3bTMge^Fiklai9qa|X>-;(a@T9iLWf9=;gmWn*HP!&S+SccL% zkX{4gtS?|b1JBjiveJbdL8wR@=?tx^wOR2xo?HG8rQNwYGyobKSo)Dt{yrCVKb8GU0UvwSDWQ`*J<`iPP@rWJZ8nK*=|M6FDmlt9(Vp`{_{} z`Y(y8D_2n~b`OHZ?2XS1OE!otkXUt6oGxbXI-$yyz^?RQJCHW>ld}mKf}NEwhMpS(zt0};PI&l)%vYH?xM1%b4?X#L zomg6)*0=9Nl4fYc-1S*kXw8M4=``mH|#l2`SF_Zme>Uj%M3s(Tkm;!vlIHTzZCmuZeA z`W9T@y!k8v6{E6oK=y)ESA`CNqTOM>ddzG(R5c25Jj*@~q~j#5EF9QqO5<7Qv!FaO zIo~Ba)_ed^4_Q3SS{u4`LSu3KlV;BL-0>j(DZ`?PfdH<0KV76dN)_Fi*4k>Zv)LKc zA-2Z+n6C7Sq>W3VnWMME1;hQ;8Q{oj+pmM1e!!!JOIun`A*rk%_BWc&RX zpENOk$u`ZGKJyM!@ffA-tZ#E6dcnR1exUn%)B$ zuL@rC^-}cLGGNzNSwNilK#R%(*ku{wbp`t&6)N03logqT86Nuc$^%L{&?Zn`NtN1hdViTX6`CA*+yPCaBzCv`85Tf%;FtZptDEU zaUx;8bbdM1lw1tqZZ{m* zQl1FnxD|I*)HwQqa=^6T>q59yWXLtOZx&707NACTK`V9TsKmP7ipr!(4CoK4T2GFA zT!LOElxTC?o4c&8XLMGs!2yy%^8PXV?rj_+`R)G=P3`~Idvc|G)bL9}1JmUxPE4Aa z5!u&m4P7xRPhn#dJtodoc*D zd5};cQ;(Kxo<*%MflwBu+&6HdOr$m5+yU~z3dR+${PJ9hngwUt?6S0f36zrl#K7G* znaqn|2V!tNa;d6(4$Pi)`(f2x0}m+00WzgBt1LXN*ZeJ&)V_F(I!g_(b(41Xmk7T5 zvv{w@z)cTAT}{Ng@IK$D;-24LPL6`Y^&XePbq28>CnJlp3%k7h+#lANzp4n*P02qw z&wI-By=-#-3(jlGi^V@1m&X|P^D346!Po8z_x#C5TP!A5_S1*W%yt2@Ie9#Y@tTf^ ze+SF><+o0%v(Pqe{7^qy$9=I?yVlT6y$)=UE)JT%d9?%JgL7m95f# z2gSN$%N0YAF_AR9XYUki)7WXYPi`!$_)j)pJH;SBLT@R+F;QolOj~yG#z^bpn0C_! z5zc4Eb}b8EM-@`~WZN*>+Ke3YnAvscjN!i&VOv_Lm?!wJi;Tvx4f6_Kqdk0Xt-gmIu&8cq=EX#u(IH)j*x{tjbR7%Z+K2t9~kYMr0ZL{t4;%dKP;cjeg;8}sd@9mY~-N}hS*Q}CZ39O2GBbow^C8AQw>#K{I z9+qi0!&my;4tLIVtLB9-j3&%oTGY7chI!V0ock?qXrX+AxU$ecB~(caDXJJ#&UM4# zR zAVb_q14X*yee$*4Iu%(b(h;k#4Tp~YH}>8$s;RzR_r;2eiXcTmL8U59sYA|Rk3M7op^1OiHnbO8~mkwged1f>KLN|=zqbEfZp&pP{zarQX- zdDj?gkG017kWVnl{AY$a|Mz`g*Y#_W>7z5Qb}+&Z6`Enaat~E~lY4!yE`E=->pi79 zW~BX?=J#KI`R`k0_Mk&#>l)S<7{i0}#Lv><@F5B+b8T!B*X^e|UcyF!tW`4>&ImX< zVDy0@=K>{E{zlyCbW@-9HZ_EQNFh6kEV zX%kmS6o#m+f!LpH%)FRK*3vTj7XFFF3_M+}r%uBh1r#AM9W94hC$`f{A-)`gykZyq zCYG;N68>AXQ@Pq3$;;AtI8#8CB|+T>=+i8oQjRrQ(*_QIpPM{6jL#1DXx)~oAC<{6 zv#-3*(d?{Uuk-3jz?_#6Op}m4lr-aOF5Ooiu3Qpsv$kyB2tz@XoqK{Cwh85ps)`f8 z|5c7)7GXE|G(Zb*-GRJtrprnfNi_m_+jF@6a5A0G*;uU7mr9u-?SR9y)6_P6K=R(( zM3DjERcI`DFBy2UN$ePqbh1Z8bar23jb&0_SL$5_o6?cnCs@WsA_axx5=W1-LvuP_ zICty0eeu2atv8h^kQst91pN=SOP|UI$T#ThLf{uGyPNdu`<{2hDz%tM9nHkeEbPbxNEL zg%KAz>F9BZDJVlqv|}rb7Tn?8&wnY!?ORJXbF!V`n36hqedcHf>9d)6BK@AJ{0gs( zF``oSIzVt`s&_i#ai0_?aTOnzMDg7E0s85L|Y&MHEoI8LgRSarCTXU(sdRsM?I> z{oJnatn}PTu>+s|oim>jV3cP%s!2`GrE>&{ZDsSrMftPhE*Q{M{wb6{Nz^v_`vYhl zEDPJ#?pwzC0gmkUw_Hsi zp_F?L8i_hPyk@?a$S{zJo^RbO9P+Gs)zpzX#|MFVL>>1bb?Kd$GX=BZ;m|t>S9aOf zo4_SQ?_I3*% zr8k&#a-^Q-o*l)acDT$M$PB_W_*E@|6lTJe#s;5QQ!+eMQwZPQm^@+5`ScF*LikRo zf6y#tb+~}I8qOHr=EYKqF@aw_sJJ$0JVA_mWl{j#`1Ey1DvhR&S4x>N#}f3{+S-b) zUUz*eR=2a4&y}ZYP52wan{BaG+5`&=F9vkkUcl3GCsuBCF`%^>TstCtW!dq1 zslXYXw@Uw{at28r1TPjZodUuosq2g#m0r2R^(8WH%>P2e zHtlP!kKB^&)5Uh5m?NFKN4kWQN<76JOnY_6^%F%Cn+~%c~H1>L9YUQAjNvUft^joJ=<0qQPES>PNOA+NgbZJxv7`yYEnIGv%emGUhKTw z@JIW=-FAbyVp|O;As8`N76=bUm*b+>4)M0zI>HmyFj3;Xahi&y8VNAvk%`%?iUD|? zQLcHhE|#fuL;)s>&;ad65af9%$-j$G3j&%*x-_r3hLT9K5pzAhNs)=WF|68dTEb^| z5$mIgI90>Zk?}qjZK75-ooEu_%osGSeABNQY*F(C41%|7`Ru~ZeNTWmcV}~*>O--N z{5eGBYmNeHq=Ax*SB=uqUKpiw2tuChp2y_~Ut(+hkeA504_2w>zVF4PjSokvE9};x zzboOYZl$4Nl%zC7JdrB(NlFy)9KHW3IHMA-OnEz?F{a`!5Mm)-xuhLp*uc{hnewMq zziIf%A{kxt7f<`eCL1b62yC%9M&Ub1NJ(KZ)PspJVaa@(tr8=dT`ic)WO#TkE_b!L zX9UF>e}1z6%~)~=hzw&t268x-$U7`{K^ZVdY%>&UQfDhBT}G^5Pt_jAhXQS&G;`1_;xY%{obrjdLiGDrV;oQc`}NE2+pPVBK^DzDZKKlz(L$2;(qagQ}u|! zU?-_bq6c%GT@HxmbCJXrMGDsr$fL6BfneT9t~|}~FmP+k$K_|`%eq7FCXSY0X2Xm- z-Jf54u(2=kvtHHG4K9{#UYUukhf0y&+{Q)jsm`o}f-oqYhipyL}YZ z4V6GCY!77xFJQ_&m8WpWy!g&@M3a>kK>}~}LTwm2F@N-i%wM`^S#fLys7;`tXnznjJ)xgp3fy-M^&Bracs!LN!Kq}e0mOyKHugI z4;&|v0=PFq4QJVxQvDC2`|9DTV&m%q zvZa4H5d;l4oq|mW6e}9bxiS9 zOaEgZeMVOG{a;^9cNcbjZg&mIP9qvE+nuuA5eQi_|wo&ZWryRC`u`#Z^u1=J}uXg0^Xba>wqy}T7Z8CwDu0=7&x&?mPE8oK+US7PeAUxHJ%;ChYPh?}oc0@O z2tQ70M}(PV{3e$-_gOiGLUIv!k;&(zWd$Km2*DE zawyPSOu5p>?S$2zL3nfQ-bU#7a5v^)ldL~&=^)a%nOIS4aSUN>F6m?49_pk`v{mCH zn|+=ZS#g3C_Bwu(K9i-kJL;)yP%eaKjZ`;KZ?cGB&X-fa_sU`9o`XJ$x*9{Nmo4ceu#c?dn%T$t(Mf`DsyRPa{`c(Op|VYDb$dG zHY+CH;1r_3c5oqJfPXgkBw$xKyDc?3^;{A0-D}f5qwxL9s8hFh-#)+d`l;8?O)|6+ z@BVtQfF)o`Ds#5SNMimL5S8-92EvcZRfadzx?N9^b9{TKMH)y#GaEqgY)K;M>@<1L z@g*ECn98v=)kts^3&@(`^LFrv*Zy>1M!&F1CaUkS$=}<7t$M_?7@)dzEExS|s1a?b zP>Z^YCxLY69jt2JkGJtl})2xGK$u7kJq%L&^)wMN>5V8x;fvMZcUqS9Ipa znSKX+*}_)PLem0ivI{RacWzU1b; z5se(jE;H|J2i`lWXL#J;_jlmJSSF0CVCql_7+`4DML1H4batiUVkbqCjdePoXYQFP z+Wn%Zq&M?Hui1w@n-oy*0<1o#y4IO;KfEebDCsbe)oxd(>vjN!hZ|Z>B<91G5gFIb z7dV!Cvy7hXqfNHHxgu_%aPF#7(al786?YUR8ERpSD_iK6@ayFi6MK6n78fT=$rCGf zZTazMd;U*#{Qon)udZPfW-sVAfi>Xb)jvSq(Y) zx?I|XJ1EbQlDV0fEH3at#QHb1W}tIv+-}OFlOTZTZi5OLs3IQx0ItxDnUfz2fuOEm z)~Rzdqtp+CyIDzZs}B6s3z}7K_qmU~sQ9tzhw@FEn=Yqp8m3{bj)RYX`Z(H-_Lej% z!-X{9I(8Ha)<=Qd?Ra{qpx^-hy0M-TN4L;^v}korI{Q@u-vO~|WF z!2S+ZjrLu{X|PT8>W{VyJ!A=|{nUNZ{wRdjjGp3U*f4)lwQ}h2NXLQ1wLS{pyfv&E z3||oMZVTt_uzOS#_d$T%SLj6)BzGUh{;1F^e>#Proh7wP}n6sq3Cg{d>P!>n;`+HB*kS<=Gr#B}CM za3g&vpV&W9zJSGDV3rn0!T(6pJOF)~c+GU_zU;j~L{V3qkt{pskypu2Xd#eP` zv~V`;msi?1ad;HkV;~u&!&)q2;##G4>p?3J1;#7rIz89{wU=FVKi^CxJQhx3{?YCD=| zk84)2=ET?VweL-TB}ATH>35K($@4VKH?=^ggQwktJ<98qht*%cab4Mfl;n_y`_L9I zn*#sv+uOEWPVAyVpRC~yQ=A;SgZE@K7WKn4GL{c^s}+`2+>SZ>=`LFizb&@?6>OvN zca>kn^GBd}a$RZUu&@;PW5Z~qdN3;Gi{*!;M1iWqw;k$ogG%*xRQ7Ej*g=Q$A+K&# zA$`E$2t*h32yA(h+$veG-+OZ%cc|iAkD{5Rm6co4ii}&=uNh-^cUQ<%cPD?;_K~gJ zZCT_6mPI1cxp>|{P25fE(eKcMq9XnfveU+5y;}2v%8rLeo}Jn2YIQ5r=%T;%%raq( zvKjRIPV>0zFB}v)KaDC;r%H{tvtw9)@g!-&qqlbfhv??;4o5zn`K-e!)Ud|vi3~=!+5<{J~C2Gl1jRg0X@DpBHzA1r^eagMWgCpS&qI*5} zdc@mZkMCkVceZ~PQTgxE?p8pVmXvXb89=}yoxg$jDaVVNONrvViK-eD;A-u6lko)~ z-&3i3Q%~H!{gV$j z=S%c>K8t=&WCUX8G94uoI7 rsnqq5$!RsUr9)Xgcb07IHIE@Qy9HhaN(qO##K73 z-vcblytWFEkLlrdRLrw&9t7E*B^S}i@o(RRM!{87YZ(;+O@MS_kI1no-I2R*0&!Rk zbUgY18pa=ksVzz7y0T&{nUzU&<*V&3S1JklfARQwrOZC+9q!pm4k?3(<@=outf_xh zs4DXqvQh3coh#9f!BZ9{q~bJR1$Gmg@ZXwr3x1>2hz3HxTjZM>YlpEeVv(CJC7}nB_y?hpC&#RIv76-454Wt%D$rU*RFiFr^q^ zYIu8AOd?mH3?O!kXGGB?oDY(K;ck~*-}Kx|dknILsv^_OMIM4 ztQ*nb%m+n#!wT->gknFb=~SJ)^W^ewfvg4e1I#$5lYm$4Y8IWccpBI&e`^#!P#d1Q z;*@32uq zn3Psbl#2|@H_r#oPAHc;_}flA@>~0dGbyRNgZ>Fl(@Amm0B0qx$;m-zF-^m#l*4-a z%aNDH0OW9}Ax+I7^ z40O^kB8Z@FTh`v33i3Rt!P;sml^JsE^cNkkR4!?*vAyZE5qI+CtMOwG;p%>2lz-QN zCfvO@7sFgP<$i>!)l3pCCT;t&!VOT4vq3m+-5-suF`q|#IY*bf>*H2|-a`t%20RW_p>Ja~ z8(Y$SXtIQ^qSFNzqvdMxIk(w)7hiQ@7#{I#=&tQy!cLr_k76<@jgIMpOL=4NiWJ;z z7(yNSJ*GbARk!zB;aJ9Ig)RHEto@)~arT!xeftJ@Gqzqe!8y`MzO4cpfWd+B>`5Vc zzXg@DM89uKd=D?TQUj@|ZHR1#{jm3M9-fiezWXzFKsalru9;9WUpWc!^;{+Qtq%92 zbQ!~~-e@YJ4HIuDre^|LEzoUJ(cthr9*?d8cP!&5iNRkjAD1&F3jfeh3#66*&`@Vr zlM~p6yYy_z9l1N3hmfZE6eUTQJeD+7Bq}(7d?c-Ia@FgMcTBKUL-zVp%leaNS114F zd5z6tvmM-GjzrLf1PL~w`3)$~L1|uXqNC{H0 zeyKUDVd>X$bAZ$#lpxmz7@&zTlUtXfK@`t}ij4k8o1o*tVX0C?_^kNVKLcJeGk!L4|EtB|qV5bYO70x}Wx%NGfCzVIoqFt&64FV$IC+0AG zNC~DW=!S}`z4XhGxtK}yZcN}D0-ucY0pOES>{(9lx$C@XP&#%aF}MK2-dPdtRIi5PF4DxigUT{1CE2Epqi@5i$oD$V-|9FYKBFjA8V?aYem zj(V_+ybX7yl1nirXNfs&5x z(<922a>G+hTs(dta?>zQF2?-H*CEFfQg;a6x+cLHT1S;?YOiQro)Wf>x4@KVjEx+adrI zQ8DkGy!fbLyrUY8xZ3X%9t&|H!p&_V8JG7v-0khPKkXxs>(MTC)X<#_KZuy0vSdkh z;0^(b(9wYGEp3;Y!3DhjjkSe>Ty$NoDnt-ZeX zS?G?>50PqHhVZzL1=HZ{OPIhQ%QZuMN(Ld;Ujx90KYgtE9S~vitz{q3z+P$d--opJ zhEW?!Wd;jX1|u7660?IQD?Yq9^P>=)BbqU@**XB3Wx{?rOmN$RT!!yKv|BnPe{Tx$ z2rSvkbT63L-q6d)&>xh$vw_fk$t-!aW)VZcLq9c((r21kE`RaR2%Y@=ctZOJJ$b63 z01(_3RO7WS8&Fi`WBfbEk-z4KmZH+*KJCxf9$cP|LGz61`IjOf-F+3@Ge8k7?(N_p z7J0F9^2{)PA2z6(A<*uBu5Pz(g!s+*7~flT8^u!D6TY~xz^2TeabsKbmoXOX3tXY6 z2Lh1|TTNK?TD&p8VLe`u2{zB3DCEcU{P*kce+J;3a)1p5MmaXXU=ttHx-~ef^XIwO zaPhIPu(2WiifgI+ZckWNM;@wu7kugZ4@D1Z@`5hs7SaJ|MKe{~FnodXEV<`z=QH@c zWtNI&^rxI;8$g;OBk3tL)mEUT>+^AsHbNriXv= zFP=}h14!kO!vD{cO?*a>sdx{bEN{E&_h9xLpoaAf>|Wdbfkj%-%uie<2CU&zgNIfm znJR)4ZmH5a@9XS-re|n>AK#VD%w!y5#e6cjIMyPM;O$ED1e<8bXG`ZCm78pz+rq{| zc3+XX{ZMT1@;^zAFYCbtg4`Q$fet|Sl$5ynp9S8^%J^R{(5is_PcmY|QrNjnt-3|* z?AUgA!wKznssHJ8q5se6Dv6AlQp~=DefnS)m_oZq7VG7vR(EkEPD&jl+@p~EX#-v0 zJ@cuH5CADP{l^0Tmq+-cgtqcp{=h9Ai5(Ok#E=iK3z7a>Q{T*}E`G2VWLut$z4iyg zsc`y8#Dm}4bhV>xQ1Aju@gU|M0n9%y;POA$=Q;f#$K%Dd(?%k#IYR#i!<4G&AD^W3 z4^0rm#v?!C>jUAp>Q@-w+QFFD^)B=QE+k~iB39>MgUkDp>f*fOA8H$Q)k24+KMUog z@_bU$5|cRF>TvxSK980x=;d;bwP!s(FprmvSM2e{Nsf(OkPdP4Td-9~cTMuUB_M2L z!o$N;c1%LuTGH31p8$CXpv~OEQk5wLL&!4!M9Eo2cLtt_!n1 zY7G*#>qbNeYYq}9rd4x{?yaaBb)~E*?q%19uKgExn(MNyfdP86zx6QK)}rj4hYD-- zt4yCv>wxkj70V{ZO{K56lXlmo+>AVH+L3a~z`AOWF&)b}iZlUEG5zT%49k`75!++~ z+Z)|4hw-4o4??_D5lccTYM(t?@JFH!A3L|A?YGYbpEtD>OQ;!mf)Yg90+2kU6%chA zXs&&y0ZC_?7d1>el5f=uD$l7@Ox|+iyekegusVP8jUu{ap2)2ohUgyniwCm?pAT2X ze=r1Nc>m&&;-XpNoT*<=QTq@C2UbwFOwT(6)QmYX+Ew87t)<7-%#*Hm%4EY{?HTru zY#7w)h@!@zM>LZK5%4x>4f?q%-eOP}is2JM^zN()WqdB1~f8Rc9F<{|+e%(l1EjcOWNQ@(Otte#Bn zJ2<{(I}Fk1 zR|P%B1kO!Fd$$e_-1Hwn4H#S;X)=9VVDOQ;W!M&+28H#W+n>7|+fD|kJ!e1 z!i?h}zyM2So+>-=d{t^cB3}5laxLx{#Or)d;A8QRVSyaY!tFa{0yV!vZtzRgbcXVR zLdhgbwMknJw9C;T+m+^hLffigIQl6~N&tEBThqOOv2RNG(=x+>`}3;nQbWWq+FtUN zslRis{PT$!RGBI%hHW%v2=8}ge`1Ly8puLmX;9g1Oc5E_bu)J^q!5qrh_`Ae6u9>8 z#!JLVoEoJel4rk)k5J$(m8AhQjg~FR(#q1}`Rs5luZe&K3RJ7MreT~6F4!aaNew8< z03F_uyyieQ6~jN5DYCffOo$V;B)|LoZsC4X1;b+>_0F4KR||GcrwyRYF+f@Zj7le% z6hHS&Ddno`gLTKcynAoG#3OawPT9x#inL9JxLVnH`b4@dU)r5~&Dud`P>BAgg2XDPaX*%@3LrMUmbSV)s`A0%n99Ny1-MISv zepJW9yGc*{;`?h?@TR{HX}1w-esvR0Al9t_yQ$=7lB#2Rw+liDWJ!skCe6UdXxHiM z(wSfD|B%~Gq)YfERb09tFZ`!J7sb)$8Uki43o1O?K#^~!?NBI*WM8<_*(MM&Q<1_t`o!5~c>|qJNl%~1t^84c^R;Q0p<#MM$V9VV z{pyBUHxzXGaaBjD-wb2{en%!_t@BOrBM0vWr?E6s_{lH+XK$2s9`mc%%YWZHAGpet zumno;=Oxw0Kz|^-wMFck%jCZ$3(WaV8dW?VC;xD=P>-Dse}9EzB_FI%o(1~Tr`}3x zG3z@F$-G^l1=l0dowXOE%xDsr_y18i5XvOAA55)%KP@YFouX!Z(--CTz}8lyg`ay1 zFb`zLIBsEDbSHr{^Fg>K*(c1H#T%uO9e!n|Yg3`{DLr*4EWtfj?B2`7IJ)Pg%)KVj zs~Xe&X4%*@vtlfCF^RM|WIIyIsWvNdX*RTTkx5;f*sg4m7}1bA77i&F)>{V`d)4T-jEjV5y;`jQRCOt@ z(0QszH5{kyyQo95sLNRQ2@dwQf3>0mYhJ*Swi&d>CFLNeh9&ov+!&@P9TT?{$k1+w z?%_JTb3)j{GE&^USqIB<3kxbUaeKq666Z;-m?hEX`?J^4XQOMNz?crR_t+y>F zQG=ADb~dAWawOFlPzVW)3blQW5;wo#u+i@gD{no786T9k?@+s#Zl`o#PZB*P-%SA7 zPSiKxcV{UcX+cxILIN`p_zwW(PJl%Lkm?!m{UAd&Z*a|wT~iwz;(AZ5PxqR%+oj!K zy$V=H+HBt~-_aJc40C-)AH`lR*O}?G`a79L`Aa}gh(>mGXh=7BmmAk+=K$l{u~?J< zcLyst_80S&6f?zfR{Y?K`Td#OqAyuxiz~rtoVN#GnM(M6|51sG_=i^Q43H4cM7K+U zTD4L{qnTZ}McbI7a z2N2RTVJWtw4iMLz<^JL^2T7q}$`)45VG6$zJHue?#tYZfn%kXZy!E0d=tdKd&|wa3 zHnKvbn(E=N?9kOZtZFURd(m^_;a@zRa86JU&Xx>YwH;Z>k!PcTHJq2h$-!0CX9g`UA-zKt2sor> zA6z3m>}JN-IiBAqv^&q1S5CX%d!cqrpcPlJ{U?)U=PEQgYrQiJY^;KYA3cLHFpy=6 ziHYQzP$~OK{pCN>hca6668V9i2K@@(E8cf2QBDcG=FK>!5SnBj+Sf4T|9&D0V?Fs}!bCgdHWy8XCF-+T*E6K|Lp^u2$2L&!$cPz)*_x|_{l{(`w9`i zmJ@iw!l*ue$h_uO&F89(>-pc+-~L-y0b$0D06M4mCFh|>xqIj#waQ^o2jcCKRR{tr zL)MtrOW=R`r|#vsc4}|`;8vHLx+FX}yQZ0tUDVV_x!spNIsJdv>3{ol|Mmg@5$lr) zX`b}`%HH&Yy+f2k5RU8C%^8ag+rFjm8~QJGu!k{ZFU9(*!t-cj-}kO0y_d8zW9@TdmSPSsc| z)dcd52&0eC-6RNh8e2R6`1EA{T>sA*i-vd)>uG7h{cXvsTcLmPWMp}J+(-AL%~sZi z=6+%Re!epC>eOF6-wW6T)^-ie@DM_q?aCUDeFAvc&W1w)?8 z*x9#bdbVE|%2(%i2Zhe>wz8ywc6zb|Xb;~$?J$nWzWQweOSS{FsS~KlrG=`(U_Ov& z>lpb$9bR9bAvWgo+tFPyBCQW7VCMn4ENk|2pok8QwKGt8&m?xh`AiB<-0wDfwqo_{ zy4&!yS&h5w56iO8n`myR$)opVnQf<=RzlX=nJV#%1AR8+zR}`IqLFGG)Tm!#t=1Vg zH{|m>>rauc$fPXvaZC~2V3FR=zwb|e)F{$C?~Kl`m;lQDNsI83C#|M`YIIR0-me9z zyrIoZRW_VxaDi*u09-?chr)YxxvDnrcj3@qCCa%r$;)^Fks{ zdGz4fW!?}>Spqw6Dkqo%MYAF)01Ne-EFRX? z)t`UmK+E>ld)MiD&_=s#q(yBj!qC%Py`$mhGN#Q846AijLYj;~iahwoXj(i*tp59xxh@F;m3SS^u;xJc{K?6?xV@ z0urwI1Z}rpsrF20$qac%(wqv2pS*fd?Tz`_3ZF;!+&$L|ZY_mt4MHAFvWXDb`T?u0 zUyU^=T(~lRb$RyN1{ADRYJwU3bhM-wluu8BDe;d3>wAbKY-Rq6;3JOOD*Tqp1B{E#_Vvi_dm&wNcr4wuzTIVZ6!*Dfd)4ot_`&xp-Q_ zSK3yvBMN%fICN7xfdGS!FVQk%@E|nn9IK>5S-!oTKe{WE#?Wo6%gidSAlXEYWe4)f zk5CiOtn?Yx%~_nf4~n)Jv*QR1`|DO3(wvpnC3WO$DcwPqWsphzoY?`!rdj6!Wy|U% z-?vg{M5{;O{S~RV?$=`&jMtVMDM~lQ3d5y)CviqK+dd+79IfDn&~aE0E%s$eQKon0 zfLZw#j-{;oJKG=-fO6zO)rf=~OBmN?_{2bkb$t8iu5Cd@XX(qiunMQ%)62P<&Xc~& z=ztw*`=x!z66qyi7DPEaiG@xMG>mdN3hbc!Sa*t_t?@RH7;aJw(cgL&Z6oIm4$_b8 zd3gei(mYISPNUf|)HxTpx3=CHoJDYMk0JxTsZ#MSVjSVFw=JSo;nrpi9P^|x)aT3; z$Pf9~Zb#BH4ptOBlN%I^nDSs;Wb#cdapfs|dKVhlm?;Vv;}`5`+l)hMGnW$JU&a*G zq-tReFU;JZqig$4+W%Tne(ic$_S4FV<&rZuzIu^-e$^239SNG=2F2C&iuEgy?TK2) zHD5-MEioUh>zyT8PfhY#X?KwwT&&$PvuH>qTMjQ_Nn+UIr1&N)X`at>pGvKE>^@@b zT?O`U&aTsPQz{UR4nPuUP5|InJx_ySgS4K?C<5t$@=vmfa87gQmz4{qQV%UZ+=-j$ zRp>YW7xY$x;GLd#YOA}gKWqx#ZMGx`bG(&TF+Lw^5sN%i(E9EN$>s9#Z?$TU1O5+F z+m)>AzsMOU(XQ-@b}vt6lIM#Wlt;IxgPMk}U>aq~xQP;j|WxVxyHs1x1pkHKMAZPuT3`JA6AMfi!*;RO}P>xCYJ-AL1#Ct@pc>Xm2L1 zFcEfVD<7Qjqhqsho&DZjEh<2Ez9|cCHuUpj^gx?PXgAwv6WSRTc+k(H9MZ%t`=<0r z-3P65Qzv4d8phikzu~>OIT5NkcIG=KEMp>IV|}%Tv#C`Xa`-){b_z?NWrJ!_{wJFJ zC%mj+x93PslRJhNHSO{GDwm3Nf!((^qW2zryL1il{nbzVpSG7ffZnH*OE| z8WUCec3w-?XeJE{TXvj)EMA&#Ib-AOmsp{;_v+3Ir(0ezabSd=#H~?ytpeC|G(UP} z2q{_sxV9}jAr-&rSscc~;2K0bbuUNT(m-~=>&l{)yXVbLJvB4=xDmv{kOt@~>6}a3 z-&$mVkNGC=!ZU5Nb_iuviqOz!NeT!1#T$zVuUysmJSXz&?T&OIKMa*H9DK0Z6XhIS zFRKPNPAQ5fW;!z@$Zi|fsVg_^Ov}rao!3{g6!PEgj8}O3AN4w%{0Vwkp4C}d0ydgT z%)YHooIWbC@*GyYIz>#-Q=A$s^{W4i=cwLes=j;EtJ(>R)+(9o zx4K_gUk>#*F1PJ$gi0y;S}&)3n**cegb@QB2InF=YrN}p;IVe*o@>ggMs=w(Aq*Q^ z)0rnfOvIa8SLFPvwZ@NcF->thTNKrbk})!n;#7|EA~npx#av#yFn4U)+y#0*uKU5N z|BZM7zapWQc5gd#Ev!UO;mp>!VN7O+v#7{mgd5Bj#8m{v4HLkpx|583b=gtQ_-$^c&Zd zd6%a&4A|@8MLLuN<;Kp|oeeHgG>e7C*u}hIpI;5pkPEqnHD;nDS5xXexh)P|mzKDJ zyn8#7hHmfolM+A}cDS5p4Z}hkV2Ld!Kib1_C8_-~myg#m^t_ZouE6_^#rx+vv`rIZ zpWn;s)egWec9Ju0^)LJDOE%SGJ~aR8AvDE4_s;1({xwFmQG_T%HV1zu)!aL+xj<~% z(5_AYC?OSr5e+mHa6())2kdBONsdE1G{-Xc#yna-()Bn7(dKKT3sRO+=4}EDW2BC7 zEoh1uUcmcP=vZF4!v^Nz&_ck+;tvt7yTe&!8O{|~-aLKwC@&V|A2G4Np6l7raKgwN z#6`KWd+(zs*%r~8nxoA>&UNil?#c$YaUMx8x{t(P|M5b&r}f2CDUuk;zgeN&SViZK zPkm3&P=c*pW&=iNdc2s_$FYmepF3k2UwfZkWcvdnOTHapd&_G5&PSqLY4H!_VmH;K zQ{TE%TXOF(N*s7bcf`l^Hw;b}<0yvy5Xx ziYXAr$^wqzB3AGtFZ$=BWA4|brC(fLa`}Lf)Z?o_8nZH!0-;CdHy;rT@n%M8Z4Ic8 zdq!?2>N+`4Zb--V$ykVYb>2P5lJBYez@OxzR|{mbOzc_xk-=t%*4kc?ScH(1_M_VA zKl(%%jgbnSrw>YBeJ|3$yzphH<;<04*<;Ic6Geeq`J~2m$1yWw()1Y7#21qM_3^Q3 zi=#%ylKol?#ZvsYvGNxclxu7~GW9a1nq>f2i1iwLwuGE+XeU3TT5$G&M?qim;O_(;B=64fZszg%1 zY+5e&(WoaKB&FXNUv?@41t(({Dpje$U50Ug@$6nJ#|d)fSw%BXOI_?WUy`1`X;l%~ z^-p;WUHqA4sr!$}^dQ@hR8hG&F(IGb1x`p|0A9u8M5D;ZcR z)E)f2DvX>rf;_hsLx2$ypvUm4PbL2dK|oif{rdda z&LIcP4M_*2lMJ79hkxv6#h0Mah14zdcMlNm1O9FYP5$pT>8_riS^uXrrmuPJ_{Zi& zmw)sW|EsL;ib?jw%)%0UW)`lpJ|f${Us5|bvBtAK& zi}+G~F-TG9#`~_uxVF<}@1}Togm1*I_*MFBelPV~fmPi$629`E(IEPt{hW1ik%l{Q zs57(T-3fS1?4&po9=)pdO!;a@u2R--$X4r-N_eqJ?BS$;#f%n z+6|ZBXc4EW%umHP<2o9hr7Y^2M>UtCcZPdg)WlC!#eB_DAUx`?U%W2-GN)o!v?Zu1 zCLBTW|3E4cTlR7TT3B-Fg>&Nlx%GuWOk0+ocv64SPl0~EtFjgAT0Kf?ow~?2H*h|D z^1=hhMYIPdfl`h81V$pBW+g|qC?H*!{U4c8T}jkte^VwS>1&DXXn%S8V^piA#O1rf zpAn29NHnR_(a+BRV&L@eNnv0$bDc{0G;nO5v>iR9QlIy`MXa%*X?R>_`G>{9+ch1w7B3e6VVDD>2cAgb z?b{AiC8gZS41WApyO>gr%c-^nA(?1xB_$9_^vQQE+)e6r`=-1;%~Kum(U@czZ4B7oB3>Hbw0StPSUp8|M2|)`?VY2 z@oo1SB~O_TlCCWQ(`Ov|A?8isOx4V82J12M5t2^cz=EbTl5%K$P@|&vpkWTapC7{P z!iP|Cg1^@tQAH&aratdr>tl?AW5dRsE@uRuxCP$5Q_AyfpS0$8uEf?WLr)w@vd?kE zU^iEgrJaz++-maoK15|mLJE8<=VCu3nR?v!leTm!yG{-2TBzP0fr`ig6Rdg=*P@z? z=Rb;H)k;ypmm##;FJ-w$lN5x_lOn6hZ33?LMAw|&`0m{=&8^rtARs%Y2$9~I_d|l@4BDs~#4M%(AO*)Ow+XcDsH)kjt(0)9iiH+YsedhGG z=KTZcBf@ipU52oMCs1BA)c|myb`n8H&R!t(ms!IQ*dU}5VvrEjgZB`6V71T+@FdY=L3wVnf3L({LeC2&oQJcnb zCuT53_GX^%HJfwGe|DbUzaoA%-Ow#I!}i51tRqEsI%ryGOVGSgKVU+vr{ATIFdYW1 zY;cD5=nrHo8{Yqmhb#gbB^sDp$qP9w6>pB>Xid}mm`_;|=6l*NsfdVPK0N*6)3vI=2aju>+u10aX&YaD39I=`^ z*I?$`DNKK?u8_>wD`&f$d=zv7@NCO?wwwZVX%ulJSk<2oECwD-c6XBC(aOGfXZu-^ zRC45q62>ZC{pjn2uKYO*>4k5&C4=RkMFud%ha_iJA<{3RcTu2dd2`yZv;HJxLw@q> z;CjHs+;EtRbMSDd#^03m+dlvM>03BYknm!|2G%3<$T{s$iU$wEupy`s?7n@gqCbvqlwGWW$xi7^ArKOr@;Q z@!IC!qq3(pMrC}yBK|-lA;_Wf{b&F5H@<3<>R(@07P@>e&t3)DUPccyl>F4^e*kW8F8nhT-m6#=GwmE)KOv zulI{!AEs=WcuN~4Yp5e%?BQWis(qhQDRCIFHB5A9W+xeDAUfx0$d-Fw4sbffEn+Ge ztF&z&Y-e-x;#*gB$d9hn*n1hbpM3sOt|%VMF;yrJ`>GxOvU0J-R8_v8(6DstcEZct zUR!6s6Migd{0s8I7szrZLGj7^Y-jL(COr zk}b=aWCmGgvWFz=WGrJwlx3K)jER}Ke(%2D-YKo{=Yl_+m1Po!FzeW&gXfa z4}3E-n`8_IYIlU{=(EF!p!7t#1gZZZltSqdOsZjOcsBPVgO>q@CtoK=CIoS>(N%a@P&A3N~;3^Fa> zq>-1!adqYx(}J5*>+4-@KsGfER*az~#K65;QrguM9@pNa{oNLA7CV{s3U>vdUKpTd zc()69dDnTbkpbTC{HO+?`&FfFP_>S3@g}!`-0^L&Q@)bVlm+S^sHA#E!b{mp+1=&Z z`f6X+9UFeLW=mEYZc;;R?%0(sFOOugej6iONy`3zaoiP@a~5gZ~76N8BHS$(G7K7 zW#5!R=`N!?{4SE@@A5{dQoyZq3*nNmD?nEqG^#HYRts)N(l9r9)f{-678Ac`Zv1l7 zH@Wh3%NJV=lCO)=O?utQ#WUAwkAsmKY%D# zQ=ZkNxS({vNSjN9V2rxM^sDAVV=4Fl6`|>ND#8+u4G51eigvgiX&|PpFnUpNdm%kv z^U18XYOSjsUg|fZQTxbW^{4OVw(*eL=g^OMc{40m#%MaQ|GTxId{kORMib>^_Yon{ zGoi$KPII*}R=Ids=)*%c6L(ma`QeE1E!G4P{tb2!SkYA14Th?*`nHY-J8;Bblhzwj zNy(bmwDVZM5ceL4q-^Tc+x-%u(xr6JAO1p5< zsh|B(5Oj3F*`GvD1wcJz%*je3Tj0 zg(J1+U&vy_0O*`{FOFXLg9STOFj@k`{ZXUsE`L%&8PFj zQ#@Q13hY4Pcqf}m^9pU!y4tM_5|Jf-b$e5fw%c3on4B<|sfJ!{bnSmIps>gO%Nbzs zrq{V;1Dxk`Xty+zlXT{uiqZwg%~9}yb+Bw#No4ZZq^VE7Tb-XFV~C%t1EbDAl9xC$ zk88^C+ISLStr?G}bkq!4PiC#CuS}wc7K^!KQ=TC3@}oPKJ^g^72SkF0j~19f;wAB(ba z8v+azkao+}|8Hlae(`s+nV2Jxg>X`TQc$ym&EWCW6_SnfUA=3Ae_#8iMYQ|uk`{jQ zo6L_iT~LBh64iEfMEmTzk950Z$Yux^H}0nB0y^tapRXVE^rVAG_Zni1`uM#FlV~cA zs%a&QE9O*SIJ#ZR(xa~3$u`4$r5#ocJDd8Ce3}@ioIR#V;;h!rf=?ekSjd4foKpB^ zGkc9)4I14`c(FmF>2`zbuD;sd`6G8c@_oeH11cs|bi6gy5E=dSUAb&cX3ZJr->c>g zzMv0N%kre`AA^D6RxE#qk=eDwuR@TPdhZJ4&)l|NG9U#F`3?NRp-g7+!osATu>0<_ z8=3xP%!>3KzPN*=#ni_mE>%Q$q^fsA%mEML<-ZVQ+of!cl{% zhZK z&JJFc?DZe&d^^b>>{ZF1Q#)W5^v~ynIfcr?(Cbr6(2pKVbPe5s#on;(J>ITHJhmbJ`PueFmAzXZ07Hqea?PmbUEqY;b7Z?>^ysls>h&Y|W71IHM?Rqv z0SCMfho+pIwXc6{0sJOTX1oB71d#Fk$i~DqiQ@efNw}BXKJ6~+TzG=PIZL`?nJ2CN z^ykAGqPgq+;(QD{>LobA*yJ5tc&u?~!(qtnD5l*_323nF${oC*)<&DcX{mZ<*PeQr zdnlpc$L>T#dY8ohDbx%=JK;FB5U>acvl!IyOS2&}`@yg6#XPgTU5Wu9LH zy{l}FXahp-vBADX6&atTE6yQW=fW=Kjm1RH%%=u`N3DRO z-r*dil!}L2I}lxrHA@$tL(LDjkvd+lzy15whpU{*hmIosQs_MR6W+*7uWcelCOG}b zcgvvn^t-212}+xpyHoAMpkJ!}$Lp`8*d1%tGm?Z8cBb@cGGAy8-cDEjFQSQ71tl2o zK}1wR5kVod_57cbX$~Achxz%DYfhG0<}yyi$V0dP@A(-2 zr~b$PuRizJB>Ff{HiBb&ZPXZA$+uurpP>y4h?0KF>KqU16*@~-ZWU1o(3qHWVXxHF zYfs%hb9H%E#*1X^x_tr-0eT6_d@$m8R@4dFudPVZav1@API?g%`O0Z`jA_t-`F0$F z^7v9^5$oO&op>Ni^Nbxe!|-Zm8_pDOChFleZjC??lC)Ywsv7R-wcfP)t)X7k z(0GOQdlF`j(H+8g!f4N&d9m-%YJ*@eAfE&U#sQM+Yx_32DT(H+TQ#xKvN^7v3Ehg4 zs)xS3Il8!T1{?h+#6sK2v`qe!1wJU;gX(gl0_Wu5W(jk4-{i<#ez!&r6ZIf9U-bhz z{?TE731cS$Uqnz&KEgja)P!IsyKwS9Mld4%5C*mqyh3N5?HgXwvP`w%4x_N3R0z`* z#SCuDj?WHK)G$8-bu%~Fld=5(eRxE83boRSli?#O;koIFO6E{-=T`bBusG}^v8MK1 zw@=W%6-*7@`RR`0!KT48uG44225&1nX}RTWZ~G2XM@)jybs;yf1`P34dnT&reSlGY06x-48gq3^R4%7lg9OQv%WC?-mJn0yA(=k5vS{%nKoTXf3tJu#9? zH+u+)I1KAI$TYujDcC`)tOgm1^@0y9FVvK}wCh!=dH{e6%REk!vF zt~re4U4NfDDDemQ;r{e7p@*D zR*A4R85tqgE^jRY?**<~AQSYxpZkQwYbobT^AOYGFs2;7a6SZ*I)svFYe@YiSLgWc zuDRw_?!d%Vg9(eu6N&rD4k;Ub|AYHyOB1k)*M=_TF_9_x=Xi0!wu;@L#C6KSt7LT! zw)M3{hf~ID)2=1#x#pb0D1=95pllOBO?cQ7|0VIktv)plMT+8!8|z|*vMzJ%yJ%?@ zGZlat&5qswy-I&KyZPBdE|f}p=wHLV+LScKFz!7TQ~BQ0^Q@#n!k6A$gWFWgDq02j zV+9^jK4dA^6Po>TeX}sCHrdzeHz{I%sLu#RkH>fsXoej^lVQLqU^^|EO0t#lDetS~ zA#bwrKQ_7h6&zmT2X)mi$=wPC)Fh*%9~=LHG`Vj3sh<`&E#E@t*^=c@0l_SA3t9c+ z;4%>(0idB7bUFIVN=FZ{&rtBOoZch1PN2(GL>8l{GUw~&>-(e{!gq);E=1xW78JQ z4sT>Ypz&8J%W)ZPS=G?TNxBfoPe7J~3Qrrhf}U|)_>LocUNq#a#0WzgRmKu`hOMej z75Urr^eF18R>VGhhn-$&S9!LnBBsCclyVdV_+ou8#?^S^=S`2ZOValg2Kt8W3cT{I z8*b9~!TLb;P5QZ)iiU}M4=Us|U?c!V`bA~a@fnFHwNqz!uix;%cN+&*7@QMT@$LXz z*3jVg*G$Xcdmya`X*A1vUCTosU%o-zlK-c6qm1vEp4~Lkyhu0qnrt9u=itlI^{e#O%=73v9B0G5go+pt}@mzTlt02=?r!hoF4zanD4ASOTgs@yMI%~e@4 zXNDHE1SJQMYF8B=z)WsgN?{)~R$K=AfXDW1bF(?=9l-Hhw0&e?VTW)R~ubqv5&DZ5!=D=qhn?bQ;alST3J~{ZB7Gwco*mhBUb5rtDWx1!%w8g!r zuP;A1Cw8h|wb_Xa;q)&Ru#LEButec0UIypj;#Icb6GlStj4_!E^@E>i%IM`L(48G> zPJK04%A7%Uo4PRTz~1Aqr(}a_4q>UK0PV(+%VG%Jfs$$gsFRkRANzK)_e4ry=O|Wg zE3FX;pT#!o9JBuUT)&|{Wwz;q7`Xw)p$>LW^*h1cR<6IoM+9MhkV7LKb6Fl=FJiuX z&&=W2y6vzd#%6DTzA*qS0*Wl{C`Vb}t!}OvwZQ}Rt{gM{hN980zb|zke`Ile_wf|m zApK4e^q(JlB6Z zU%p$&q{Y>r-o*qu2vZVO9omR#u-vzGt%De}Tz+Ehc!>XKQuB)!VIN@z^G0FhAkx1g zbx62x4blR=_Mh_JUvMmAn{1~sl5Qxo&io^kfenNKAwN*16i=YzI;2j&>(nw8S}2Vxbo5OP06C6 zvk$LlJ4k(&I+1Es+R ziMPiP%dd=o4rpDT0Fr$Vj@q|PooskN0`@`1moc^_4$L>q70d*jtPC3W2^PV7{*}HB zW~B$5_0Qa!Io4Ashj@Fz01?%xQfraDeFhEYya@2AbIR9f9wsIOc(qAc*oXPeb4u_0 zJ)W-|jKym&tL>Kk>bmRR4?n)Spakp%OTx(rHGZv)p|V;j2l+7fH=ua+p(aD*JHLzW zz6R`Z*LDPLYj27d$i!9Jy4E#i%Hr1#xKBCW@w3o+S?*z zo2eC4sD%CpKteul%?Sl~UKKoSTLY95S4q7^MMKN{4(6Jdm2Ns{ZQ0XV_w%6DD%;r4nRq1uG6+1xWlMTGhS>Zs=U9AtUVZ{!mE79*FuKj zVG9tC^Q}n#O8V_26`jT4FPRySUB7rf9;|-6rgh{(a6{ufp8lh9aA2}oy%wIAbC;&K z1uwxRqr00cbG}j;4+L2%H#qW%#zq`9Aa90YNHZ3buOa+Ni6o;J)TkjP>jOFaO21F^ z>e=kILU&yoKFj{`OttJs)CK7L`D^80fEu$?tjSSlq3cL?IqmsxsDu<#Btto>u$=2EK@QP-zZC&)#-jd(Z zn!U0g_J!m)Xm5u;(VaEb;uw6Kv6b;tKF`tLhWbHB>s0Kf#Hdx#<7IlX6h`p^qGyP_ z2}~A0@!ZoyMwvb zAvw0%r$Ss>0s_ufjkQ`zKYzD8ep?~_vitTi6d8OJ_)q2Q@{$>_1M^W5aZ^zDPQ{Ln ziClNf!1rTBuxD*96GK$1%t)B_I=>vUzr5WESVoC49J8kT52H`>`pOp}{)x5v!2OUsO_z1{ zdGrfXlJ};iY$1pKons02p8K>JQtf3Oa2)%v-sSxJhVdRxhvxM*X~_*#tgWuhLk^ooaAZWml)ZuhF1 z$-ml(7*{VZuGe@i_$TTdFOUIF3>H9EW^f&Zcx*##Zbu2Pf)Pv8{|x(E?>W>}DbMUt zrbv;_q~&bWy%*Tf&xJi7!{>R6^Zse{XWwn}vgww=wT)APl|>+U3?L}P$vaS3CJ=?5 zHBRG5xf;$o*=^FA)CZad_8LO*=z`ttmZR}qfr z)WUKV?w72L8obz_3c$1@S{3UONLuE>$hg{&ixP=i?)7od28Tr!pov^-B%qhpqHf?L5cYl{*eLTeUx zMOOMvok_msli{|YX^L`7;c(>85N90-c-WZQMM3 zc2vu-19m`rpz6x+mZIo|?-MkonCH8X=PZD=W_A@dl5aBGxbN9Ve*(d#^yF|@CoF{` z{)1YH*IMsCjM}rXX9NV1i8D$hX*zr)N_V3Ml*;x)-z9}UOio!5*AEUJpi@`o7n&9B zn2cFjHq-!MhiAV8x7Yd;)*FvX!atMCB~`g>qpGmGLlCz!AOrvGBj z%`x>qzLNT+xB6uHdq~~3oN)B?wvOMF{=hT`oWR%hoH529DSw<)MKg^q8^Pj56v$q!!Uu`b~H?&qn zr{ZWFg=E+kVIpB(8|TQ0<0mVrjjmoGAf2HB-cPiK^D z0SYV|lrB_5S+>^VB)FJXGiD@YYi{PIV5wWSK7I)(X`fI?d79Om`2Oij?(T=-K!VaN zsw4k2Z;?qz#VN4Rp5+VlvD`b9XB*bQvtrEeJ)PcykTDGZiobsnzr!X_v)${^@6{_F zFNn;U1L{muIrL*TCPrw;8|qY~cM;^YvzV|8RU4Z0XIlp3sbjv{j?;Mpja$Q}ow#OY zA5)K6b#u*UYde6(#ieong$Q`_P@RoZ!}XhY@x>#cwUx~ULZn?y7{qodmMO~VPXP{P zuw?Q9b_Xsxs1ad(n`2OBA{fPm`UYw>Kx`fcZCk%Awu+sQI=+hik)=h9-edSwD2meU z*d(heQdm~(wYJ=lXMm7ei?7mtZx2~JFz!i=9>1A8U${f+%V3*ai~9ZOnplEMy?{sr z9TpA(z<~Y;4rNBPt&D`w?y>=1CrRWZ-4C&ygM+6K?V+`|CR{9-KGRnF+X7`CT{EbB zeDd2XPzw1X|15{f%2w%0m*hpbG_k*gkEBj+H2-*HT7Vbi9L`?Wj{eZ8(Ud8z$Md3X z>M)Ab0wsM{>E?*=4SGrK{PN<^JL{Jgj*$7y@jH=06ll=s{4YZXL1qw8U&II8K5hL8 z6p}_8SiF0B^2%sWq?uiwQ?Ax^-;4=7(V!uSs?oFB(>rIT@?!S(`!Bl#z)EE41>6py zCLFd;pCUPbku(<@%#FaCndLavW^gqRk%Iz0@6Vz2{7R{+EWW&_3MI<4hzGI$D&@m? zR76-M1SgGo$cvt$>G|sKGoCT(G}Eb4$7H9W93T93Z08qLMLUg}inc97b+u#hf$tWm zYik6-kGF+c;o+6tA&Pk%W z=6jwMyU>P*GcDGpaMD|Z`-avVQ9p1FoZ#8dF3<^8bMfX^^78i8vx#YPSMQv(xa4FU z839^KoKYDAF$BvbW z!IOU@oAf!FtrxW_FILyTq_eaFJsM)%Twb2Q}(N?l){SZ=XqtCEyG(4@6%KaNwdl!;iVHCL;3XgX}FjLKQ)oMX0ka_GLHS0Y?{!yZ_@ z`51ROm1BJ%qbKG`NW+iQpOps+g~L<3$%2BWJDeReT|!lMU0kr%o;LI956HM&%j7+! zp6KP$KJ1_!@=QHB%uR0McN=grpvAa$n$4e11OlTbs-Z z9FCB!)UiGyVtyp;c?B`xFGXFMOOg)uLe~%>;pc2=;e=XWSfF~Ns~at72q3tHhL}nS zd+9P!rYO)|j$y0V9*$f^!4#wo^ehOWv$f*XkcQyp?=7f9P3fWSSzA}XR+Kj9NRDl-?)t2n@i@t9o$Dc} zBkyoQt#r}6(yMsMLP?4u1QpIeUk3i#Zbzwv2^71~9gb2WB!YQv26a$|YjCI5;%1axtU8L+HN z@{EUnlOaHa_|@?_x$m5RoPqMa^q*s|$D8$737w;Ku2%| z{!X;I+>KG1HuqlZc+pYqj>UR0_(yIj3&ku1t?Ma!BG2F#9LlO zhnpn~zy&A2}Z8|h2crB%$Vy5=;&f`wCmMZSABI->qY-8!zT!>?M1>FM_ zVe3rCSIzVZwOyMXxdXw*roG(zg5qFMVkl;h-pbg|E<@#W?@988Q_}IRPN`+%m#&=4 zvA(U6o0zC(l=L*-9`}!TE~oSG3_cTl$ui3&TY7#ioB^w*USpmsZ{Pb(z+_$^;Z??Nb~SIZ5%!XgCf0%wOjcx zc0WV3gOCbYC(8khn#OiFt&w9Sco~s?;8zxX!g9xlvh2dA3ekIlcPD&0TWFm0eTd?@ zLUVWGw4!weF#yK|ipsP(5qynrf@COB$#A*O@dA;A&-ab6QV81P3v6 z7rZeQLH(RD?6i$nKFcG`9A{8uQ1Mrr;yd$YhqQu|UtdQU^x^ZB>ZiDan(y+h+-~ay z%B3^YCV60@gOsB^X{)iyN(5t|d3Z*KTG2tg)X7rs`Jgz{@-r zruB+^SFk=YU$*AkvO0kHG*ftB&=Ys-mt?Q@#5;@6hxM!3uxSUJJhmN6BXmfJ^9*g+ zRoJ84>Izi3*5$Y65$_PUWzTA9dwJ`8eWvUt(yjiWS;Y6G=^*e&4^a=9qxT8%ay0TRcQ_Q;!&zSLo@ zP}w5e10h_gNt}*V;W6XAS6;oh+gqN$m#6WT*Wcd2eI3Br{uHjA$lwZAk~VtBzq1Gq zy|bO8wPk)=v7Kvc_qD7oD0**?XPQ9%$7dWFPeFlD0#(7y;}~{bAfG@xv-cF}jH`(8 zW?BLu6L1Lt%!LRJj@UmjHWx7>WqURQDxvM-VW+(-cEoaN%V=wJehU+uWV1aAq^rgW ziwlp13W78~oDen8fL&@U<6mZzQ<-9a|3H{7+GTFw^&hB8Tf8@EuB<9?cI~q@QT+?` z9LQ6j2s;{ihi%UcjV6Qs6=}Iv#M>xd2uH@FO^_!#3nSkFp;blym->Un*s&i?*oY1p zEY@CyXnY8X)Cn_)cL2f83|GuY^=?p0OKobKdxVtfC<^$}+lG}`j1tf1Aodw>60K z?jMFYQM7&lT;)Zq(`ORa)<^5HME{SXsQbTh0U{&w0OW&u?*d?c`A;z)PH7kqiL@vg z&T{iKSPTWS?>+$}@at=_HgS;`Cr*yFC##;*RQ-5r z?!o**9jsP#sV`#NiC4kR7y>M^<=Dj9TB=AH?a@u~i1?+vH>gmicW0zGBfppv zLbHwC%1IX_R{9A|ITl%r#m30LDS7Y!Br@XN;V+|`=ZoGR_Iz9_Kgj7)Uh*f$fI*Mi2CuC8inA&MxZ`a9Pc4(aHtVFj}P)a~-_ zTT$PtAmrqhdJzg2a>{Bq^dP0P9ztKB0FMm<$I`wq&=Tx;W`FzQQEPi1oK0zWJ6=2B zo@Vo4#%#d5F|EbpK{c^Y>Rf{E4w+h=%RB$ZLqoaVfKUE?uxXCvR z23b>LFbCHgJ!>u{4kqkjy;JXuiYv)Sue;mbAM zN6Cp$%2Ie?rgPT3@Oh_L%)P_!CQ}0M0_p@nD-vDYB+GF8p8=gexrpH$T3TKiq)A?` zMokt~l==zCwp?};i9QFPCnVvBgr#ccYY?-!?n#p;$H*F{;v02@IJCY^*#EtuC_KDf zJ$eDPp}ywu&+Y7-LkcgXkDx@tK&)VnG=tEAN!`ph;oYg^MQ>X-4e9Z6kXn=}%@=g|z)z zp3xseg8w3JTQ-d9i-X&?;tCGti8!jdjCM|i-QEW+sFlprxwI>#KaR35>I~nTBZjh^ z-fROMLe)50d(}sR+8}2)sbc%H#gC`$^7<}zN-JeY+ptqXR69j7YUdwFyE_Lt6PjcU z^%lgRjx@Ao6Jl7wpxWQhdzBKEBd<_DkAK`t`>_1`>DZH-K+8KASRT~iT5JM48$$9p zSzXD+3*1_{EgRtV)`F3Mhit`M>vS32wiqV-sB^M%1gZM`47sJQ4*JKzZLo$Vh{{D$ z3QRX%HwqOa{}rKn^-KLn1D7uv#5>PT4iyFSI^>2T67FdUrH-~>!rS9n>>xkTjxE)?Rk%g(RfHIZN8^F~+CZ#hSJ zKjpJlVMx;CT{DH%nd^f*5J!oz7cj}&KBXUSvS;=m{Jt=CY>1Q>>D?k!sT)zxwRWz0 zu&v)g+^qHMPR5;Am&#I76HlGauuv5JH~S=>v(sge*l2Qn8YSIEOZ~Z})kl<VM^59OUcjcO{@QMtBLqpBmwlQvuzC==iQ#Gl!6-^oYe$cqsfw zGnk7KywQ)ehkaWoJk3Af(9AAMR!KU`;_HU2{#yQW+i`xE$9QIs!@eCqqAw;jmI!+& zq&?Lfv0FULqNqNhX#>YA%dhTYX`EJ*O2o+mZ?RpPXKQ;UGxb!j9)Eesh&t?4i`vP> z^Tglqk;6juyFg^TxB%nD*Ntxl&ie+>7@97@$ytItt|8^)SAxVC^c?vvK+;%_?(~4> z<;nk_P&f(1oGlnhFxRy7JIvFY&@>a#5#RhLcT>x4NRF!YzuoX*(|#=fJOlicqGTK~ zGu|KTw&zbI1Kyz+aibwVZXG8vF##Lb1AVxEqRGeOO6qE@1H$--;>f@sM`3(>lzuZ0 z&R7|vbWw$BLkP#k+iU^$*@|Z~>1l%4+2?01u3owJ*UL-lY4DLISD+F{m-mqgN>o0| z>*BXLRVOaA0ou6v-iy%me!9mU1u8H_6W)_ z-Xnr=GY%%u=vaNC_)pV}@<@tvwv$LMy!OPyhA^ZxKrua!D<(m!%!;V6DmP~A1 zR7b!&Q0$V5!{9P`$UPYM;lvNe&3$t&yH0pM(>#4Ik!W#`rvP9$cJPdVQEs!f|Dbkr zDbKJSdl5RCO@PzI`9{p~HT|S7@hnCEBB?QV982f3+y#EGm-9EPN5);K{|#&4&p%$z z{&bj>F}w_Iz>8#CchG(&1UWv3UzAH{R8&;-?mUw3kRK#zF=+n5th(;hA3$s#r+1oL z$5vuOf3`^+g6BpR2YP#Z27!q6%XSJ68i;WVs&Wg5z0796KFzr{ko|1O-vmEEpEY6U z%^-fJ0p#t%8F2cEYR<`;f`uHi?l+;_yg_JaYU%f0uN>?}b8@jbF+lY?*&$=%JWM@H zK_^Q^bo&wd0pL2{D#84Pz9&#P&2lHRwO9Q>l^ z`gvcM>*#`fy6wWI6>IP-2SBwo+5jF5MPOU)55vLGkxKO7k--3+E z*Wg5Myr$qny%~{vW^U!|t=qkJ^q9q&#ssB=o$C7s*x;qEZ7crG{4FYju(UCgeyF>6 zLHvH1WdZNzDhsbYtg94u^>!Wh)ZQP3_n$caJx%>XT6@Sl%`Pk`Mbw5@7-)V!?r^uC0`A=!@&%RHUy>vLK&lBmMG%C*64SCTc-|&J*qGm$jIs3V~I!p zqI@8*%$Q)sDZV~?^G_uGUlGaq+KS+Jyr^CvlRicJ)V}+_36ts~U*1Sr>f_lOOs7_X zA)_>fydN+zsU+(iRqJqqc&>1NJ`4H|`nmQnH?p=)F6%B0-_a;|(=BYiZjIc@Lf;F= zKBf4<#`>)|;KUysP!c+_ym_NG6<*96@0!{@&;$qi>|W`p1M3hkKkR8=uMg*A+NV5+ za|YUGHQ#4Uj1+z$3Goz9?}l({33S zWj(CeW|wZpemy%5fxh!HSWPHIY6I>!i#CzUfR-xT_NXHqiDw(z^!=#1%K$>c#$dr3 zVQDjrcN0r?$pBi?ET#b<<*^Ep%ZK$h>2#fpUil?b{P8p4u0%FxP2;lEZ`#k+hVoZWssiE>*C1w zak5#7>&@$DYqVf$uNp%z`USt_mso#Z5!uOD}>Oy?ZYH2Ncoo zY;dbeGFZAYSj(322ht&liW@giyP%((Dq)_#Y_vNgsdGs0TI;bdd+ok=?>fM&qxgZ6 zrO^Jo@d~sRwu=^@NZV4nhJ}n6E8Tx%qtk|v*VjbGt*(Suf1NdVkG^))a_J5y zg5mvXL(&< z_bZbHMDrk$M7!DRw%psZ8LnFHrgdVZQ)opBE#cZwj6%Q72GRdS;sLILpUU3#^gm;W z+u1>c<4*^6N8Pg(kKwb7d$FE5V?eEb%(WQZQ=;KpNw)ihJ#-)lpY9LRG8W(d8?_0^ zvl%@x7`&H=6P=pSuPTtjW)5CHV(Ia#{L6sB(M#%2c8B9WNzf`7{jCV2PWoOFPGJ#C zmLDw{^7ylw)K8Dul1QjxSW7=rtHWL!sX9@Yrs4Y0In3$u+aSB*kstO8fc}{}4N9l) z0~}p)=-YyK8@sAG4*BwFCUz#ety>4{%G!!sG_4M^e~rAcPH?}CR4kHS&d4#iwVW<~ zqiCkw$&v0)`|VmD8FG)TX=1R(ia4vPUqQ_>C#SE>K48;mhH;WNaVvJy^%jB z$9S;I^}{EkwORo8kz`U8a}QIbdq*?Ss=+$Fea`n^5t4Q?r=kmR>Ld!V(>RIw28(C< zgy@G=B=IoBI+qwm*p*ue_xZ$H9Z;T;EI)q#z3zSfP96pDq{%mPLgTS+oZYh}WdSAR zWF{+cx--7&rWVu1rmx0_mR5M;)xlNc2>+(BA9rHP%lEz7U+N`T!R9xZ)((^mg<83| zK`vl*(i>+nngA@>J2<#7oK=^`15Fb;Z4;FZ>UqBG6$U7gv?4k7n*wJGliy50VV7qO z#zI@9^pdN|jyX?{Sz`V6nDV*a+U8^cHisQ+26>6Gas*cCM^sqy-RR?cmJgX_TnC(s@d_t zUS=}@AJPBNpbi%#3I$n0t}2?W5EC4~j^x7=)J;D5Uhi;v(_4E(=x z?%vRt(i*iteX66_^Ym(5cqF)DQlrk=sIx!9jiv9o5{Q9>xP?L{5j9RXrXK>9hnpi& zDs;5Vpzz2d)l_zHMQX^NqfbuPo#$f3>mKS%>|UJ-Y(7`{>Gk5%&sDvxljOk14To{Z@x4kEXPGpQjde1$j8JNGYxb@!n$>G%gF*R-`aAAQg zIHq|VS4N8Ixw?9TEo|I6)Y>L`xrOBO;A5>tLt0>6&!MRa@ZKelBxRA^@rY?K&5UbT zBdAdqyfMC9#`{;qoK1+kU-O=={j`{8*MGYnYg;!YY)yPTxbR4;G1lSv(%Q4e&o`$k zt@Ph65ax?3`M*h4NTr2;-fkjGnJYuxTH}i!e2q|DEtIimz))4NM8ca*+qQtDQ4J~* z<6Q>tr<4a~8w?hf-z6su=Y(je>hJC;N|S%+-&;4`|D7_kk`6rZWLyB-zv3&Q7CWsN z>0Qn@gh?#eFn9hG6)hHkz&|0YCE?PY1i~{(~5`v50o>%*Wup(xdf&m%7As!70^cwyILWj7$lfzOd(=g z?*I>ZOKQl{WIAa3`Y1+Y<;d@dP;_GrDd6_#MIns3Ahilh{7kh0o~m7)5~*7gQ%XEt zc13%>*02^{I1ud4c)fq-R_@`@-8wp#(t7emm1=g#Pz zf?JC;#jQ=R#8qjzuRbsTE%#xbwY%!_Z~lw)FJRr}V~Pt+r#S%9FF-zc$-%ksyvxwg+AKy?F<>fu z09T}>H{CAcg)h@@g63!wuH#b+dvx`izxbYtQ}8@|Af@L+by-06uzSU9^OoE4;_~fC zP+!BWS3uV7$M5i7*$uRT(6uS+o7E7%bP3MSHgF;kV^M;tF+V9QgzU(Rn7zx&GU_%ks>7 zm&26^-K#082R_AWr98j%RkML3%DOW%DbJ)NHr-~V@8_LBZ0uvy)C}pb?E00j9&b}k zv{fA(rCD#g#yX_QUfXQ9%$0OWeq?FAtt%W9iUI@%oDABR_mLyko-a<_0EtcdUOYi> z1;>X&Ka5)i_;Fc}s$JcDt06>p_rIj1PkW#J{P>IcT1y{B)7LkG#z{v&v$>1aMKh?(dMaaI?8TUuD0pptk_Rmzl@NvYK|!fD&mC-nKP+wggu? ziE``!M8VPH>hktoWg59fttpl7pL}`q&&;R4G*{_ldTdn#3~C5d|3MyUga{%L^xozs z0bPk5zmyG><6IurkJR`Cs{yrZJzi|vdgcrtZ2(8FRCx^fV~yU_J2OuzSRA~~ZWB#P ziR!_T_VH2yb68MR-xLt1iK%yvtmioi4{g&~pbtNlF=I^x!`^-lYkb8mo&%r*hVW$2 zf>2X{D;(Uwt2locGVkc>ka$KuN+!D|NBoUv2 zrbL{vCwr3{GfZd#xif1A{lO%%EK2Me3Ca}@_&|%)8C%~DV`QMWH2%Mp6Xx2}xIGd0>Jl7`R{oTzGd_I5|~aPR#B;O{r0r9nZY zYGf<6d4qB~WZvtBU9+_4m;DOVvWs%SGh9mGTmA)h4n9&2=d%gvEGXq+ZVewFy0^dG z`r`NT{xioli3Y7Y7S}{FmVgZaIO+@esG$6z@FLnAxHYowRI?|u@wFMj6+R)5&cX^- zO+=WYy>_9<5c6(nwm%`X+SKecP2oMp3#26cOy2=qgFLdvA|1Fe+a*oylrG#2T)xG0*G0g{Xk5XF zZ^5O2m4aUa-`<^JnTUqIgN#SMo$G4dlI<+eyR|Gfr*kRg|9LQnQ`wlMI-uFpj516l zi2RumsoKQI+v}5VM2jMS6EIQ7*H9M$R6hgaq>x+>CrJ}D%h6I zYR4)*B>NnOd&V+mEM*yH2oq!8=hf%?{hjmuf6T>o zjWOo+@_Id=kH_PFzun*QEU^R;KYp{mzf??m&v?~#(nCE<3+fO3Nzjg}zngyU^U+$! z`r*bGwRv|QSzD?or4~K87y{XVp{;7cVdeS_zjyrMK6$hD32v3t%Kj{fUW)G7WUe#1 zv^pVw&Wj=iv)3NYr!~(1F7b(f74qOaKsVqMurX!(`v{0Q%7HHU#|m{(IjFdtw;)mZfoiW2zxPRhbCE0p`gqH|4?bCfp*klhDh6TAVPGnjOEoJ~ z%LOdjbUFPT+k-!KYpacpY<|vC$6B1o?#GfW?b?9pM#_m*wT14FD-m4Juf%xaYN{+Ds03hW(5z_P*l4?1wRU@dYO)&FPXsB9kmiC}eSv6Sa80Es) zI?o&JjMTc%KR2FRAxX8~yS`WL2QOI&&Xi%$$!y8a!yUGFoU!5HW5o<^UF31?k=s`kv)V_ME< zn@3M2E(A-~uDZVXp>L5h=n_t_DEeG8jAghCgYfoI(t(O8WhX1H*R3QF+?qJ} z$8lWFgJ1W(vOJ0gbO~a@vKvWvs;Tz{7EbX;4un38W*IY#Z{`yuB}aj+&1u)=y)r14 zyN#m3wcNBlKL8a^B~uaL%v7zuDS?{<$FEs$9wyZF&c{R{4E+EmHL{#y-{z-R!H05qtA=@>P!~z8$OD@@WR$?;c4ZqQ!kFQzJD9ZT{d;r^cyaK<1Oo6Iajx| zj{ccYAJ7|jC$^Xh+1z+xS0E&Du5RIvIx$hS+CQtQ=v$+%mEQc%AmfuD<&`|;2AW~a?|3&yu)~LN(E18P!Y^o*l#OoLg=#Kd}W?#)xqriEfoIb5;f9QQM!@KP28GQoilk zh~ILOL5}OGusw_eS>f7IKJ>+60xAAdZ}KDACPzf2K+i1 z_e3RPaTCvayfWxF&MYhSrv8gMEjUJM8n1TNn^3Q7GVq^{coN%t4w-%K{0_7p>S|S@ zS2>~L@G5N)Ug;iEUXb}AUWEvX{a;Nz`k(pzJZ?(!pi!GCo%Rdg3~bZC9ipVgU%vSI z=Sk$poe%MMl{lxr6C_RL1!5ipkxu`uh%3bsrAi;3{#OF8k@g&VZHlJ{!OkeA2o}*t zI`F4PP%?mO1SdzobE!75|A}AP2b%o| zahS6>%ukEKW7#lPkT)Z?GXF zj1?S?z1%rNFR3EXel>8m-kf<5>=auqr36-5i#yOS_BMz-f z+<8;Xw9dDj*oI)-$$3$fpF`UT=-Lyt3@R=z-t`A%@vHtZN5xn4213AN26qzXkphj%v& z5VWfa*KAFhJ_Mjwd`?AUGG-@Z6fZx+6dq}Nm@ht!?CczMAt7%`op94Dh95fK>7;fo z!bd?aasAveiCYo(@=H;?fS>aOLzlcE>H=7ii+haY++@bpBa|2q2|^B;#+<*C_zVV& zZ+yxex(^F8a`+N|jekkU?p(wdUR8{==Hon>g91QeDZx~Bf8O*ng{9!V7v2-|zN-}G z?EZYMI6Ev!byn_izb~;CkQ1GAJ+V3bKHB^82_?||uNwky1IJbBl26)ZHv6{)4LS@> z`}r^V+#tFdgJAMo&ZLi2`L;NxhykhEh@yK~pX}f@zy%FUa6d^h%8FZ;rWMVb7rMOf z>ImpGgnTYcEX;8XKGXUxfFaS^7NEn#PLL;4>LU|Q(R0QAq(t6N+%`^ic|oN{ zhdweKc2JDnd937$`$;A*&7^y;H(m#!zwgl%>Hu`_G}ch1NBsYc(*ZHNM|FX(4K9}B z2&I*$v+Z;nFsX*Si;f-9NEEV&F>gW~o+M(X1xM5frO3GQwpWIOO=Vsj zedY!hM0`090sRzRyPL#(LM!M3YDc?w-Yf-o?p13>jdT6?fSj7Z!pYWj=RwK$SO~;Y zAP?DaRl{&B4J7lJ6NAvm`s4b?$#rst+8^-c)mx9PKak?wsgZs(_*F|FZJr|4dEh3& zPH}&_jpZh}IQ0e}&1^0jfa+v!p6b;qEUU1IIoE!7N1;h75?#YVJ+p5z33HBV&wuWw zKo0;()hEO6wHOuj2f)W>Y=n4ARo8A^^Wn^}5Lf>(lT`vtXP+XcI!UJi^}Cc9vb-Zt zGm9XKs;{G&V+Q@xjaIv0r?hSi_r7}dMi%u&M6>Zv>Ki9Va>TbhLxv|A$TdfLP^jyz zo*$51om$>oK6zrpWPDTAOE;pMxl(;LWk$hv{F%tjp_g*1Csb+)^2)cDEFrD|TdRx3 zmTe73jQPd-zJ7sefTRF;Q)fLZae?S1aaSpdvj^fxw)DazE%a@ z6`a>U{jHyu*FuP1e)=}!Dc0`)(YzmRNi$~(D9%m9v_PNG*?aPZS@OsP$3{j0Isde) znok|7fVxD;57rgHNu0{PpdY z&yFiFTq7O?4zI8*)=`tteIeG5`n}ePm^Ji+jkqW7lWrIQKL9#1D(bB+dg$?|rsKh? z(TC+vURKbO5(}vSbF&7~QikqyZlHA~^a9Vp=(6o&JQrL6DTHL7ZZEn2&zQh991=!?V6*?orHR zZZ?g7$g+tVh6E{L#p2#vLwjp#)xSdK?7RVrR#{Uz4*+ifDBS=`A_1e{rMCl8A3B z#e=E3ZBN3pTZ^(KGPMDNlO{VwA9%Vq%CS^0XvBEkBlNKsIo~g{3vw{?IE3 zxP{@EED}4Dd0{bUK}P%RW*45P9h`!$0cfZffxu{z0AL+c;{!z-X5Tc_?TITH z*oaiLkxM~f(J;ac36z}w4$jqOqRk61jCGb$P8fn|JUvZ53=8;Fw-uTUX)uegdHOx4 zm7Y=)cj&0$K=ZRBUietx_ctA6ueUuy$C7GUxpWW8L^Pz^nQNdfGUPo&5ezr$S=k(T zmu=>agFQ&;GjI}B4SAol@KlK-`5--jhZ}H{4OTFliDvA)JbXg{Q%Yw2yLw&-!<}|}UZdy0e*P*$jh0SeY2a(>x7OE~8tsHGNwoT zdc^s})z{uG>ePdM^S0G4qSyKHvoU)ZTPMX|np-q`> zY7;tt0sV(-pUaL^TG{xON>4y&oHCOwTWf%tsRpcWKBJx$HZhu4R0%$w; z#KrMB8oFacU}YHTWeVm~$RY2)`Sz-tc)nix^q(V5)lc{R`^>F<4vNIqe_aTIS+z1rw~@qPEY&8p=CA%)D|eg|^`cI!9X^D-1?+ zL%N*vcbIe+4rRYH)x-?%tbX|9<2kO58w=x7fMqLkK88S&@*#28qNDLLG1jzSuNm(l zolP12-Vye5q({-iMCja~@4Z{*UE$Psd`6ac4hlghT>%s5!zciLM$g{d@6NszQv}^B zj(tSM7LCFyoSd%&kPs#?_R~j#BB_>qJx{+fK2Otjsr>trPAp=={!Jh|Awsb(tJv{} zdOl35s}*EfK3On=@7B+0cIG^p6esfuYPsQgE{FZ%hAZDtRzI#_M94P1t9%ZKEU%Y;^F+AudsGWw^Fo!!XnILt{5K#!zcXo>dSoig~#=3eqr0d>>>TJk&9qWpc1}#16dv4)R zDv9yK4CQ&L;|x`R`T7qV0V~P?Lu8a{XKr`Ufh0Eh#GyXW5PM=qY^jrGM;}e4a5O>< zrA)5}l)geq>bL|WV*=;L)Kcgri5iy~tG^vDwKk$`l6(W`L1m}eVRJ>UY})GmEm7p& z+bZ7^8r396w{f?vn)G2X?7~N^#v6i1&5et>w;XTW`H=ZGY5QYtMeEOpK*Njr@W|NW z&$_mgEO|FZ+I&Z*JCE+4esk&=Vt ztXPHd`TDJeVd7M)(@O5>c@WyFNDVbcIQXA01dAs_ioXvtCDiVzrm-wi)PG2 zV1-w7N1r&G4IN}(PwJE#%H98(cOOM7<=xaY1IM><;hMpGNCU#GD!qKU>8mJ2F;-nr zY-)L-+Tn`8OOXP*XDtK$B5#;jne(UK^1gj?YS^Z&y1rS+*U3QtOEA9fZ@Vk3+&y%m zSNEGdXOrIUed-r|uY>%*xZakL1LAJJ{03B^A%_Q$ZVCr#oOVUtz6GSPUEH=5vw0F$ zZ1R3uhj!I3PV#(C#;wJ!(}$*wOznn%*^~)gvJIet@E|#y@neq&(OWlbhLM}R!En7t<>{?oD^Q~OVO>BGe1^_pje(*Lm-1q+r2rYVjkIfkVgCSxTo`W zt!g*LF@ybrhs`7^fEM1H%)CuO^D}RZSLVCaS4XRS0g3(E72G{v=p*4Z@*wMT)KEd( z{WL{+J4k9nq}EsM*IUIFP+?q=6-j=o*0~PQBmZ=1)>*F#sXuKxdh5lb0wJM(yE>Bm zdcg@5Mdh$Em(?uC+NqQ`M5YV_6HbX^@_W)o2>dX?DiPn>*8x!Cl5qQx=4<@^mB%m2 z3d@dHGfl`Fr;%XC{4SQ_5JG2a)r-^5Gu)Tf&wKW?i1;y)Ba-GOZl3`mh0$1qG^4A> zxi=2i&r6Z2={?*Q6>#9g8T*ors#~=1{DPdC0QhuN>@%kiCZE_)8}nHNF>t&T|F*jr zppEf4@75Qs-+FK9OSP`m;vtpea3Fo{#kUIwhAtwt&t$920?k2XNDQs?2E2`_8EdArZy#k=&c zelkrx0?lTkmy38`hiNc%&DVycdZfgWr0WbUo$p&efhZZ{=}TX+ zG;BxZp5=tMwtV_lgSa}P>>{4$4!j{yH38P6;BF03=G8`eU`jMz7U^sxyefFfMJW3f zpNT^LIoBLzbxM@IIdBH%hYg~VClxm-_g{W^)6y8=5ES8DIqQbe+i6lp-Plw2CSg8M z(e~+xYvb9Ize3!j0R^i&(Xt10aV$a@X}*J^_morMCoCom4L$-Q>M*L|v6DAxa$eUP z?}7rwUmA>UJVVz+G}3!1Rui4F^D~^C5i&8~k|!+bp7;XstSn6qEobZ`Mq#taIw{|{ z&)Q7?Vf=5zvwzsc+8(4tU203L4cF@>j9>CC3M}SgCxB!aPu?Rtmoe|0O#3W8uJD_9 z!sRw~{41VLTlkjTb9ia+_27;>j%O{QB7&6NOMOPs5Jugo8&SYp9vEBJ(~i9{8r`z+ zp$!TY1zwklv(8YWm-2bG1s-SPbD3Rno-t^}4Ua=An?U7d(3(Hkp>hrNQhd|4Gvr}G zedOOZ5!*W2dr(ZjYe0;Gh-Mm>TlsDjL6C6>dg=9&Z};LbY7g&(m)!EwEZ%pbG>GnE zClh-9VXM|}ZzF;<;`Vk48?h7FlFwwmybn(yx5f~0vH(u;t707PWoC{@PiGo^Dv14T7_MI}~TV!x3e24Dp^5I_np}3s0hlA2<9qg75 zQ2(&?!=}~Rwx{;~qLfk646YK?ouR-KkyWYFO#L~)x2=KTE}|gL^at+T3%rPs8NaYb zT~}9pL-5D{cpqNM-~7sM0O3RWG)RT;#6A3uIzt0iKpmXZyp^##P48K7*)lQP(pUXn z<}6Z1nvl70Qy?nUL3&8U)sDmwp~O7f$S|#p0E%jLfF1g)o;X%nU%-g$4E1c?9*g>I z^M$ilzHn;_Gpg04{101JY_?*YNN{ujx&SYZ9GoleZksHo?8YoHib{}*9rmH<=vpx6 zlm!JY3O?ROnv;;+KB{0peL?SaZTYR|Rj& zDv*FJDDp27Fh{!GZ{w$J;!JQD77E}eG$;dC=R0dcKuYyhH0tPJ!IveSF!c=UoS-e< zbUwI2MvS#-xFQ)nl|r_|km4dF`pZ|oGa~l8W<_g8m>wA5*3)89>WWYG*;(Dm)wg>y z=elZ`<81Jbrq-fVvEu5S^#ToRi-G~5=B}OR^bM*M{bHb+NhjvRFOV`VzjHvvvJK>$ zt(uqwhm~L9Dt;LoCme5K*zMZ;MHXs+!@SD(1po$~BX1_1sA2UFdK&ZgU}D?2KOs1G zA+_16S)!V6i}uZfSH?cBh+ZPV?iJhdp&yXqb;2GrjJ4>)=BAc)IfY%6Efne<6H^N~ zfONLQ5`Lq%|L>SZLiIr~;9TSjCVO!5K_C@eHM6I2qqX#+2^ zKV}7}t5%wD{$&Ou37Jl#?{hh035(D5N+gouE(kwVefKX zVBHp=S&X)5)Ae`Ut7)X59IFr+DActaEtTH)#Q^ z!MCc4Z}8a*6X89iOHCUwZ8&hd5yyN_BmJQbAiglU3PZg-^zNw+;mN|b*HqPGdfPx z{DkPyx_Bo}&B1HL!*5f2Jn2%M8p7V$McsKxhmk<2!20aSKCH`9elanNzo+u0T;Ed> z5WM-)x;>k?eM|>d5b4lSU^|8YsC4t4q5UD6(5C#zyB7MFgWt@*7Rw1xM-x-CTSCufDiH zm+p2HW$$Sz1-f2uCBFli>D;OQn`vTUgz3v}!F%v05Byrn5Rh5Cp&TAPUYQMd)=#$> z*sn(OXvp|%l2t)MD626;JHI(AZSr`lU!`-o?syWS@aC@dv&76;^=)?9ixRzxVKJQksq61=#?FBW$y-ZxVafM4s`p(rs9Nv zR!&0xWH9fH$;YX|z*BX8hG?%$joO~{&Q7cS-JalXkxfQ>fd+tsi^*O9$__Id+}@DeQdm4Aigb<`92c4(6dF;M4eP=(61qZtTajDN=5oj| z$jD;h&FZ>te(kHg0)|hk)T$U{GGtI3Sq_ArFfy>yRux?yT&-*QT)$!EVGZ{Zk3o|3 zpsYbL>11hv)W)+a>5xFC%OcbOd-;!MS>MrjX+Rfe~lF`YX{3~I%@m= zjCXhM4NN1*vaaA*#oMCw(kGQxx2+of%%pUt#D^Bg`xgOaNNYFNKG~xO@cfRkXnfcks z*;YT0AyUYZ0nk)MSMbskzsXn&pUebBppx?EEGZBUYN)}#GUv~{o~N4>-!4J{r^6ph ziME75>H3u9s`;Gb>zQJ!QJT2;VQ@VjV;PGLSR|5KED=AKE&^&eE6@^ z>i=%v8*%RVA7n-7MvUcYrvoO|qlQ8ub5 zHrV%e@%#we$zkB=3APMgGB~O!9hq*L6482BP5#aA_lsHGotLW(%`YTAZ?tgo2(R#S zaqk>V1QNGSz#Jmv7`Nxe1~_e7M~HoJ6Y$;i3bp@?v38a}^4_+;@r2Sk<~`Y%C=0|` zqk=IgD;iId*Z07U)8?0aLNgN(XDXt+av#3DCSxktkt@J^{7Ov#+V2flSW7=H_aGF~ z-^#kSKaCxOj9>?=hX37I>VH4SdH@ODiDq=n@kp!!Z6Ee|r&_fzcZ+n}(OL)+<5B@6 zZXbVf{lgFK4~bV#Kbn!6_PYA-zQ9Bi{9j_8{qc4GO6d-7lF;~f&x85D`vR8 zNR(uw&*JF%?I7Kps}nfJPb*7XAW$6VUvsPGvkb3H!rgE2n*VtsEPzud^*4b$xPoa# z7}4Z_2v1wCv9R5z>9a9TNPX8P*#AR)+PeNw=ijXp1XF zY(robbft9^E8o--263d$hdl6KvscRSNb|>WLy3DM!BWoWUR;bdjJ*13YD*L@z~+0_Luc;T*WHgpmybbzxHi`e=*6@B z&q#d!zx^{$Ph2?s)W~2iW^D{jFX+fSOTPnBkF?6MvX8ksvV_yps|n2nVoj@0cilVP z-Ww#ggq)DlGk-lX3K)_C@}F6wRB5?wy;x49y9@1+A2P*dcsoo2LX{#0M_=r-*s&BT zkcMZ@stN&NZKpQW3+(yoO+Ml4L(*WX+I0aGocoZrA<;($}MbS4aDJ;mzx3 zoeJTVt#`k;U10lD-YF?Oih@%HG&-6LuGNRuz30j;ztwGRq4L6(aQN~UkvaO0aVj>d zg?A1So4xUzrEOJiA^B3HA`^T{$27+}!T*}Y+fyA&N;B=@t!%o}%rgf?#@=87R3Oc& zJ`SXhEIUAx)oV^pWdGjOQcah+9{-h4c8RazY1F+@@sqzb*cqgrJe`Aj&{>T{lxvv} zX|hQu5gzal8&&P91*`usafTXiv=(%Bt$;1mnxk*j;d`DiP2v5%6Hp;brWd*N9<-9B zczel7w$SsUMheT>Fj#c^U>2uZUs~v4od16J>^Z>rK|qV39s#wd3idEVwqv|5LaJ&! zU^@eMbR=Dq2yv=_hz-1gWZiub1@a=DJ+i>wZYWJoGVhsH9cGFZ)LI6Y`<$L6)~?wd zNoz1wy)1VsHIGLkNh6V|R)Q4k-Yb5-4Sk=sdVSQZx-o4gE~zlCPt*3YynnF>+x#bN z84x}Y#sJB%zL5kCRp$R;<8$?ymHvnA>X@NbDFo=ktz5#?I=_xGZI2HLUeaF7gt~{G z`}y657Tq#ycu)pXMb=YD3AiNZ`Sv|fb0FCx{dU-6Mml6+BhvF5ad}w*^JtSE1<1IMMmj{qkpw1(|I-*>|=$Iik8z-Vg z@e)8Wa=}o!4DiEEBpcenDtn&*ndUvB;)0t_ldoqU)@?-{d`*+p&s>Q)Sy5r8FW$A! zKiyr)yfGHR39#rSump`$Zok5c#MMR=bA4ubKq#AM>!XKK=LRQ>-RSvi%M=9hyWZfS%`YKx}^z+AP) zzv@gZ7HGR@UH^9Gl;0tyD(9uh`qJHv<12z~JRk*>{z2+?BdQth&>rjzj#pbqKxCDy z#(P@NmulvJ+B@yBQ^`Lcl#ixiFEh;d4QJ(Ex*Xtn`7IDQAE2a!AVtS_wTP1fYX!-cIDYb#MPI=-6@j@t%v zpd1d$4NX5BKRSaa)qF8(>R)K~sZvTcIm})etP*H{vg-)DOJ-tC#CKpnffrdd7G;_T zmizFd?gMWUH19U1PK4Ba>_5|j;rzDHe6G3Cbzl?m$V2DQyn9VsSE~?()N6barA3z? z8`TqCZ$vx{(M^o6k@Icmi^_PV|M5lJi&xm5 zxq9Yz8Of3#Md&dO?T9%UlOOpwR{+gi&!hNWj}uKJZ@{Kb#i09 zI??ny^5X!L*u!~)=6)3f7fM&usIK{=Bc{7ICa`>HrxZ&`dh45}te|wGy5VHdy{A}> zgA%}3CuTthC1C(6=00Py-*L!vA{u2UKR`$cx%acLOp1E;MslUN4k9;Z@yJsp_OISR z2*v;Ps`YG8fX(KL@P)tP&7YM@?+(Xb6t^*LSNf3Q@Oahq=?&%X$J*KOf9dA`hkpM5 z|N0+3g8#GQa7Hhu#AVqz3SaubV+-@q>E6~oCn5j0iRI5Lv@V^#^6SbOu9G6kVDWZ36`j93J0=ngI zWd?BwO*n%RjJ^gjeg6=3q%R!VN4VJ{`=BO^t<^&WTQlaDiwvp#|m5>@qKCBD4FPn6=% z@O@rcJ5_n=?ZMi!WcN-GKb0c*>(h_iI zp8kkjOtP~(Tmob_9Tc!MXPA~Xj4q-0d)0K^#HjhP-?@^*-z;9IITdfpm^M88!tKfJ z!iRb3=NQy>Dgu~_YawEH+<5}Ov=|^1`jbM{6uheA>W>mfqBcAF4?PckX)qB|3=EuV zecxk|?w7&Qdlhg>ziwl7V~%-?Bm7m(^P2kfO|2;I%Umx4e19M6Va!v0CbFcROg_T; z3m{V_ny(?hB1Aq7&!=70#GBSUmsUCSl5_o>NLA9nTX$|`j594ORuyGO?%&0Y>P&rJ zukbBk54dgCk=o;b;VzHtnZ^>7DsYqY-gB!V8w)ry;sQrUJcfSKrYhjFW@7zX+HpsF zoHRLJSvYVtJm%uzV_sxL%?)VvI@4pG>EN#0Emtv%v07r%V~!VeFyH^F@krcpj7s%|5$nFcAoMOR=ay+COL- z{cVtdBW6vsB`^Apdm3j(M9lLNR{!dzH(h2hTSCJIu=7SlhB`Os5nx-*WTV z4FC0a*U$I)7bc!J>Slxbv`K)JR~=ZYqua&;f6^KAQnXiJc7%nf4R5@}j~q6hRYJ^A zmy_SxdoZukBN@k}qNo*ULNdt_ZY#!n1g$n@RwbfOCGDOuo0&p>(;j#PBe4PaM+Dg{ zgI;V$^Lj58vkfi0u90)=t=zq!Bf(FEFQ*9+9%#?-5#Xx&(^6gbB9%%v?7q{%d;9c2}TlQBWMu28=UM-p^rHz=5-NB#-9 zm2xV_aozQEP@coF5~K>5M39QRl$dSYg+06~da!W*&xrG{CYO3!xe)dc$BbB)ms)08 zrUq9TPw1T8lFI4rvm!J}T*<0+ZGv8kM^V4-C|sl~l27^Zon-$D8<+VRyOiSO2nF42 zM!kI$_4ki#BmG;SM&_z(YV6^Iix7z1V}cXj>)g|-#p;mqz24rzggpT6(V{;OckkKd z_sQd}!Qp7sc@tsS1$gp3>%&i{z(J=VjJWdjh_7wp7?Ai%KK}-wV6)%zO(+YGv4tdw zF3Q#4t$dKWB{_Dz?@^GKnA0oXfxC=}_6e47b3@+X^@+9`wRKq>YzB5!PrY72KJ|S7 z-}SOCxo0gk3SyjZ*|<2}lhJ%|rXL1n)-+msU}8__zfK&@29&p0a-+t%K0=2dCxLt0 zUd$TabByCm)_hwm5VV+4-itx@+C$>hsI~wW3x2=89`_8icE00eg>}yf#Rop+nI4I0 zR#g7En4WyT!7vyAc9c{al^^j)+7@0z89z~Ru870yy*wxJEPcuL$LECyb{LI0p6(k8UfksDmB1@_YFE}CeczLAyS=Hpyw5;-?v{hwy^tdMnhRv_meyNz&OR-NNi@C>& z_IAzqk6gjut-CZco~{!VeCo;5big?oRDU&M`L{0O7Q^qLoECG3QS=bwn{Ga#_6QL$ zShHE>Vy+_Jb1+=ngl-O++t6KOSg5E1q}M z7uhzapBy2{G(rnAuY3=LANv#dc}?irct8l;%X^mN6?lIDQ?KM8_BiBcqBRGPX+YBk zU_b>4)sEnJ_)$u9^;|^7%~YtiySKyXqP1kLxDyW!o87%~$p8AXlQt4U*cq>%n2;22 zOO{YyhU1j;20Dqix}SF|_sII&&@j(~^uS#3z>llx zwyF>$g@&a^)iDSl5?NH}Z=9=q{PjxV^{v!Y@>TX|&&sYYv;g4mKFU;QyrK1ze~Vz0zM;SI*SdGEM>a>auea;ona4IS`fgYu!p{^H z+fyn(Y(vdW2Q&=ILzaD6>#dEsIYgE_Sz{8&KxI6e&$T4SJj4GhM?fz{HPvTUVi=_v z`~>}AS@G4XT8rNsSrx_4CQ4nX;=FV9QLMvE1idY#5_ATsIJXfWh!t?wDGwp%Dt7Ja zUy5orW4S!HM1KDq&tljspL;swiV6I!7#?hk-q8d#mZEX@RS4I+#pEL|^6nR`_nP~C`F z5Gi6G(}bZeT@qSLrH9!`st)5Y>R=vZWalLv(IV0dlxY!ZY9%XkbK1oB)airVXLol` zqpGz8`ARP{9=QXy1>ZXpHQ@e}HNaf~RafDOlbMJd4 zr9R-zP`!BenC!$~qTtlSxs-Nn@~jf0zibtxN3SQgNZliE@L&n9+!K!arsjw5oA?+Dfi!(W<(ywNMQ0N0p9k#E zcv!<;9_oh;8CM%l!U)%%J{S z$1dfSYIlLeSc6hh5!#dB5~d_Wmhumq;1$^U=oJJP(s$+H?#qJDykB`g*(;0HadVG) zeCM|$V<$&|mPe8y0!{1f$Ug$ai6e7vXeT*zWrL&F0kh6ct>a7lkY15AS+VN!V>YqGS}qAB|bY{SKxW>&d1^f#8BCEp>|RtUY+g`^9W~!29H0& z0U;=%q&sOA@PfvKwOzq2H)r1zA<6sK9` z%s9y2eLOcSxHw~dJ^dUqYe$dq2To71X2{Zhwma9S;4sGEs0Q{o^2ED0_~rgukPqmQSPdz&Yi5Ws9Tt1y~wJzPQj zTv!*H(be_1#;nI9pyrCIKiB({4?x%#__HWu#x5;u=LJ2OFi1>h8StFxC%-0-0!W$J zNQ_VF^2^U#XK9QvY0KCG8@Q-B;(YKu{z}J?}_q`XB zK`TG$S);oIccEXP1z4IeJ|u#y0aS&^a@**cO1TlHegQcAQfHA}p=M`A2m7VNKibvb zZJ+rKY|x0{9hZ?dA0wW5jg*#q^b^0^jxf+x!#Wq$423)c(Usv@u64u zJnn?Ol)dBfOqkTmknJVafS!@1L{Z0@|H{;+0BP5#PVTMVZfEp!%u(j%Wbb1x%y@R7 z4R1_ff3?<38upa0b>ZzMMwQUO-GQG$k^oObkft(7%H$JU!1w3I9&~=_| zF%#X@5nqh?9W2sDr+Z8FpKeRl)E+k0>66BxvGLCFsPB^*k*B5N#gklfo{g0noW>DDz-&(CB+JORTIugvMM?<7`Nl<_vQ#EpncNKJjJub1!owQxQCc$1^sZiF9gcpO>)3GboqC3Q5%lz|^D;$a#uehUa$hCTU5%GdQ|aCj z-zi7(leU(zx+eTYO?A+(>|fifRmF((4Ok&@s|MjazU2l1fGI`?Wh|8yH-#Y}o8nuZ z_BfU)I%Q~6yv&klNSn9H8sH7#yT*^q2{CSD`|={Sj+)d*msF$0Bp9+&EC-JJU?favP-$(ry7q(pJmKKl&8%72_Vf zm>tBiK?@z(lGWBk2-1a{kw>)p?tJcE{MrnmPws^pjo2gn3mzVu1=f_P4-@6hu<1vgofqK_cb`JF$Godh5FSebcd&=m3?ZtKRpf1wMZ{Y;exkQ!KXUy2SO$ z8Unhiw-@M|XXm$X#7G_)!=Hs+vIjIpEhO-Fa4xfunv2{yxzlH!uX zjBZh`tIy|YdFjh|ds-lm_qX7y7r|ggSRu;=`^ISlR=lC&F#yUpR)cRfjjx)98NJym z?l7Lr2c{ztO71A37J3~J>j~`5Xk7)2&Iy}nSWZLmpSq_IqSeAzJmdj*QAze_O}E`a zF6+=V;Ox;u#ANFeNL&oGefA9LMjf4xG;f<~^R|oM+4)<^zV+L$9^jpt?l28NPzohI zbI7mD=%rfF2j}%uaD$&XZ9cj}jgJSwM7DJy?B2F8%W!*@FkZe2@4VYqOXoaaJdEs* z`056<`0+GI0%_>;{?{JH z4?Kamkw&&B5Nh>0q432$=u(@+&hi|t?cXEV2JD%4?@K+)J2!@jIOMhrk{d!~@@QBy zQfUcSo15UV7E_2&T>)HIbIOd>etQYz<(W_fJL`MI2|6~WC2$U$vR7G3&M_8sf$FEN zkT{t_A5BER6vt(#c@Doz>m*u+9ASAp0@6ber=lKQEZcP}uP@$)yXRt>Pq-P!)8)wTv_|EXPW^#fQ%OTYQ!!YVe{w0l#{fFfF)LPTeuI z{#hH8^!$=WQj2TpN}Cu<&5FC|!?LJbei@^yJ(MR&$UgdqmwO#F8`Ih4TSjk(rz*U` zyt)*Uc5J|z)=Rb9zpzTGx5w;5n78SQDQnbw%~8J-j8r;j*>(Rf_AaBO|+K zoNQ=|^X$pZbEQimG(H!9`EZ z*gUo}7rU#{X5i%0vETd;TmJS`KlXMCZDK8d|2A@XXWxnzyf#K>w{IBHjSI-VL9(L3 ze{Vob%%T=*Q*C8z11~#$cy#Hh1>4DDGQeKliKW*kZ-b-oTnx^6D+qyj_6Y_VY)Qk- zbRR^IAD<0uGJBA4s^iw8upIjrY40+d^h?5|3nckzAxNaRZC@8@yClCG(`wNC-USO;lb!~Z1gr4N0+@b zB4Il}N|Yl`SEW=Z0jf4Svz%Qqh^RBov-)U&p{br$f(jwEMZ(6>i-Alcl_gZZ@h&_E zNQ)R>of!$AS*UfvLp9$1+qzxoa(;CT)e^(lw`JTeh!}7)Zl;^1JjxQSkEWu;!WG_o za7HQ1jjsZU0C#_xXgxKlycEBKJr*%eI_0qQmX4(!rL*rOGqRh23r%kbWkkWAWU36; z_S1%;orB+C5G%Lik67R0M0=!Dzm_$6@Xl@h!*&Q{#2N(Pqf5Y+83h<_czpyX_@OkU zL$~wK&TuJ0y2;1(hfp={lrnc*Zb5Uu*ojOhqO_O{o5B-2sd(kKn&8zS%%)2b?j(68uQs$pqLqNi;_^&kA+N{Ip#=Lo6+y&A#m%#>xYQ#N=9$>)v9GPq$Kk)`bJ zuOBp&=j~>eHWYU+i=0o>o2hDaIpFwLKHqJ+;6BjIj|KsSwJkj;vvMy#s=`n+Sg*jl zK>)FMy_PL zP7ojY*6jS%>yi!o&%UVmV8wS#pkSP?0XyzI0N|O~U2kZ1} z$2qSkbjM~;Bz|Xv8uU2UGc3B{`gjOeb5BCk9BZfMMcEBy+(Xae+_mjxxU)Odd188K z6A&H8lXj@-ZkW1}UzpOLm;PPZu3|4R&^?PfN4M&IhF3z0Inrk9y-v@1@9n%%%N;%R z{SqSH&cU^>uj}lC^T4*rocVWya`ac5l{;I4NkE+3+W9jrQSB4G6>c$A!7gNN@H&;GWnH5G?Bxfd+ zPRm!Ae)Y-Rd+uKJ@@vX#@~hH$`A?b!!xoC+8et(ggqnbB{+4cwljf3-RXGgi-lq}K z)TmNf1@`hMaj^uLHjFP6V}=RqG*fSaX;*%bTg>XG&88S_558)cQOr770~Zl_boW8% zcu&^8cEqqK3Fw#edAHSUByAWvz#i^2=bs`1UJk3PDyWhz=SdH(bDmjCDk-m@e6F1M zJ7Sf3jsk)sB#`{`tnxCX*I-YUsMSJKJ+PZOy8N=I8cOlBbP6bu`&5@Ud&T(ml%!V8 zRF||9H|)bGpv!nBsW)usPRr>5DtDG956>$6-2g}8|3=+;MK!s_+a47~DIzFcK&7cP zrAkX|bP+`XsZkLjh7eIofDjZZQbGg;6cnUOjY23=5`h3BBGM%YAwf_|AQ1?kBxK)j zpL5T+<38Mnz0bIJjQheH$p~bv^{x4z^EU}g%n+Q%r6{94`O+Ik_h24Hp?>|VM;>@x zK&D7k&)2@Uh1sJ@c`{KM%@)2$ROJH|vErft5>J%n!CP%{`DSRB*buFv^ssyF@TlGRhCygkyG{7L> zl}txU*~a*sc95qX>G%3O!jZ0^%d}Uh2p#%v&w(;k4*cpbJ!;Z~d+-XcCJ-LzCABtG zyh;1CSU6(zG|atmMG0x>x_FD~I8xE-g43k-J07atdP(;8I_EmJCL;cTub<0pPf2DZ zAI0c~4*4(rC>JS`SZ>fdv*WW!`ibL+e~zwk*m}u7f&Hv32ssJVc1_6x8Eiy*rXKqC zqBRR!R`|=vm0HcsagFhqcMB0wBVOpIuoeoKCm>FSQjE()p?oHQse3uc%cagy4YJ@`KBxcjf1`6?>n z)2G4Ok;$sBh!vPaK+{_CJgNF}(*W4}Vv_d=S}T-9(!qfIHkER8hc(L;tn%>p88C6zNiBnVOq#Md;cU3O6`|gg6)ll>yBskb83e8=6@H~Qly438U^#&-Z5ZXR80$c z%w^&NSLD0*pX^F|#9?Y>IX)u@;_GOgf(7ng>`+Oe+OSE4^gphJ0CK) z<`M4NA^r#|i#1x*2kuXIx8o&&=1X<;T+2Ru+}ht4hWzg`pKm>s%P`i%QG8VQu0s-7 zG9b@?C4_0*0o%!Qd*g`)({7#89Ef7mi?wj`F1+tx`ToGEn|e1LO7Fd0*iEa$E(^TR%d0S)2^>&@xe#)?68a$amLudwF6R!-88pURy z`}~cN$0rf)8ga|ZRfqkbm_M9LGO|1xtA7jkI_9p}oq4FTAuSGcFIGXM7pSnrwR>sq z^I>F3tek(-t9EyaXIB~OjoPN0=*K^)a(20T9y^pKxhMIPFj0uYJR2xv#1j~r$`TH2 zk27rb{9+yyh%SaxJu^*1>OLz-X$MxRxZ$ZSUkkn;OP{od%!?G_ilw)-hr-orNj>%J z^Nm-Z71nHpI;@mB-&&t9?%zEG^%bXPd9XRftWvA3?3U;-22N>Q#}Fk(1&lTw&UVQN zJK0u^s;K(6eU0}ONbn4i5(4izx1m%=M)1ZcSuEO*a1b5upnC}+W@jPZ9+riKhvq+@ z_;du<^8U27nu6%|cip>4G2rv_4X)~Z6KHyx+(?qSg71)rJXLS4!W{hCVw2W=bK|Vd z%+R{_`H8@n_JVov>w{-+qSM@N!Ns7UU8&A*X_Bpf1)vjv``u8r5ibeYny{!da1tg#G^SXa#&|EhR%t#-I)~2wm<D(IUi)r+I9)dF)%ND&@2;Pq z?1%}1*+zF<1N9;nvBj5>9A(|9t^Bwu_&_aNIT0fE%llBSS`E=?1B4WeN2C^T9uMht z9G{X&zbecwKN=P~G(tLo5#4%A(gmM*QgQ4ZlqsnJUQ`tvqM1N3Ey5}d>Et)POY-;b z@@*Z}3YdFbN6W@3QUaCs^#<<3G;uH6dl}AG=fDa)`@OygyegLd`Qmr|+K9&hKaewl zSgf_5V`_4oz`6mNtZ~PrI46L;K1XW08j<54O4>_GXI*>0O{XQ}F*%*`K(%Wq?U7rP z@&{NdR-<){NE5@zfb}{-bhnng10LUi&;`GNAFJ{fS$1z6n!_LWBpSW?)bZvBsR~Hs z`eW2U2!#T>u)`Q@nBxQjNR$5_7{la2ZMWsCxv$oSJF=`HNW0_>m}yqk`%LqX_wDE+ z$fcVogegz=Qzz(2{GnXKt=FVO*a6ypSLYFPb*gRx$gF|IMYz1c$~&BL`_qSjSG0-c zjSr|?qv)ArxN6-rmrHqH_?etRc10A=62SFNbQfE_Z#b7#fK=x#t=u`F{QmbuxU@GLmwkuzJ@AjWHx(KD#!s(SbuyRKcz0sLP zQ^1}?m!q}=#%)=y5Cym@aVP}meJeQiQ~PeUbS8-7oS0P67sRPz9*Bs`fAwyHPPEib9v1L++9YW=zAHLGTpQ^^+Ezw3q;L!z<+ zkE}#)z`|g8&Vy7`Bw9H(+7Ct*>Yg$k=F6fLru|Yv@+AFnhelhVMZnGFIj-aH9}+!3 z+YTaCJv`%(pH6fO6;ItwYkn=#QDZy>Y)|s+6(w2j8eR z-s1G6`?rqUODj^8_9(`ruU>kJyNgraQ9m`LB$xXuXQ=qqOf{zoX?WwlaYJ-wljb@o zM`1>3*Io_b}r8@dncR2{$_W;zlmiZkj&+G|DEy+E%cbxm@$xU>Ac;~#|3YgLxWw!LCqGbTCOy--WqyVxl}(i=ACQnKf!efb|44?m$}BE zovL$2(Y_74pC#QiCV%ig^zmFmhbeA)AoIioZaCCs)nWHky!msM!U|I033(TI+=zq! z#e|yCI`M~4!4?O`FANlQklKNcw9foBQPEVOqvGWD?d9WPnd9lFyxukIwsvwa@jo_o zGyha#zbPGICr~PodWaw7p|$2{0r*oe=bK3oW!t%4jX9dJ#|bZ=rtYzE>A|+&(eV)7 zt(UwVGr9_By^SucQ8UXi8Kb;~7f(FG3V9h(Ma;WX(;}&8zMw7xGaCA&$@yRh;l-FY zb?KEYjf}M-3B{X>fX-GQOqXcKU(svkFT#!I2E&F1sroV>pf#o4WM$sD5t5ucMw4xr zTTK7<<7p>&Z&th*_I2dytFgP(2?uk5v<7wa?H#A&RP^b2ODo*dygRiym%xH--7biB zL&JONjs1XMhjG~a!A_CK-`W%eW~FlAKkq#KD!&GvBFzlwQV1)O^8%JELplPy@S)Sh zKa*LhS;PjqJ3sr6H9uLr75G$Cp`P{Zf|X300v(HyK~d8nx;sbr7~i4Nq>HWT-jcOfhlU zA@t60Jpd}f-^L%BGG_O;Akkw`74 za0Y#M%c_eFkoZA|WDH&;1=tO7q{IAg;N;o$k-3lVV}m~^Rz@-Y z*fBk;Kk0ft_g7W)YTjjO+MVP@QpalMD-hmeu1+pT{#1jz>yGNyHRcr617^zFXeTEr zX@6Dj%sl|02zMepBZ}k$vNQ7v`wg3>z66QAOFQr;``m`gm$@ae5P8R?D6R)$vv@8c zAKM!(K|lpFZRV+QuS#Qde`Job&i%}ROWagb`%Mm?eWKvkmvY|~9GmAUV-5_OgJJVH z+QIec1M?B6q#HxI6E3XWIAocl=x77vc2^8zdBm*vGdQh{rFOYzXas?pa1@` zpBKg6o6OFkKqOg&ByFDB0aI*#8GyBj>dHVKYm9~0E{yh-pWWUTpO_C<3puvmz(GR& zyYt^46A44r0pa)U!ZKRM*0Q{`H=qz$0_HLuwI5Ihch!CD(gfYLC=Z85e?u|dtF@7l z$!=Hah3O^&x2{K22v~;X{qwb~1!@5e;DB3{cLjLp7d<`E>b`0}(4t@BUmsCT_J0Cf zI0i=?ghWx`2E7WB#m<5?f{8v3eGTf4<3rtfqAhCo87ra~uhy|jqN6O@%0UTvr6a=A zc+5plWWxUAtn{j8!VcyAP~QoZD0*@F5?h%<5Cb$}Bf&Xa#@@99OLZ1@>q~{X`clkN>Jok5 zrwy^YX_dbf!f-MnZClJBD6y166UVrKlHo?|&*5s~B=pQ6s8ri~*4d!e1#4^KCz!@Z z(?6A|{Bhf@`s7G}!%9Pt1ru5^U-7$ku-}!`zVMeoMR@pp)o9Y_=&X1wZO;;4!=cQv z3Y=FbJPMvvpHyoZX>ogVq1?XlybZGIaPIPKvJ&R8ssy3$u;rhM3fTCLE>jdmSq9MU zCQF!W(xaelM|O?!+$uf2ZA&v6H93yQkjRpzj8a!gRfN#~@Tzowce%eIAR?}ffkJ^O1CRokc(jj(i=9MD)N;}XhU=Jl5S+@mfDkDr{D z9Nlp7QszO|QP%Gv98v{efxnlmdC)6wDUI>b{63>!7?@z_#+mCE1BTi^M$KUrUS7Q= zEn#ZduCGz))W~E!QKd31_CZ6|`|n2zGZ@(8U`kfJUHq|pR!83cKDgm%&hdv~rTudg zlkLB1&IO4~ODA1>rF!VV3Fr72!y@zc+IV@BGN3<20X0dvz3#BCmNkxGM$@;>JkecH#L3u`Wg3LJo{t< z;cERB8SHK%AHW`;LML(cKS&4QzgMSI=b}bUp$2^P?I*gXOby(Q?gyq<~RlivNE?xk81&;zvS_;z}f19-6 zOuYs0R04gCLD2zUNjBzUn=OiNZj<*SziK$RaeE zZj9q=^KL3Bk4~J)7MFvKQy1myUvCENKdZeQ@PpJ~v(%qAXDQJ1d_q>mYsl|jck8FB zilI+iQ_UW=BWvHQ!e4Q=f`|I6TTLf?dU=}M!bVanf$P$;r2(+Zztbm;Rd`P!39(KSbVvah%43wlv3syweSN6s$6f z6jwME-L4zZUqPKedA15tK%-vo`fYF~Q*CubFz8sQW>Ym-dsjgAjZPYyI>GWO#y{6PXZujfVHNrcKtW4lND`+kX&Itrw8wi0{bA*3g=j^0D5@ zmdf>^^aYn&v{_meaiWhl*)+sNHar6gIp+a-2`_*I>|}AA2+g;QCL5@FyRJT0^Y#1@^QUDOZcKdm7Y*R4y}dAxwcqQt%-7aASyNtQ-R{}a zNWId3-UQ}xX6qH%U-tmdk_15M_=nzlV8XVzf>cUJh>Lply`dhL+Ur|y^Z8wz&g}F z=C?cEwGk1E^LsMU;@?~?z5*u&B4r%O9u^UQV{94U523X0L`JE0(Il2Kl-S zD3~N@+uT}-GxvBs1&=7n2~n#rELm_N?Ch-k*y(*t<*uCKwSCSH4yDMC{^O2IC>(Ug zDFIb%!;qCd{bgS8ChVi)dFhDE_jjJq7WVl0iZxIJFRNuZS^uutXM5=Uw;WpF%m}s< zCPR|O>}4lBHoreZPUKs#s>`79s9=Klg3>nDl1$b<+c3c=t!?QJR(<&=XYFFOU|J&9 z58S$^Qu1z5=R=>)x-&m7)loN>I(2+|eVcKc<3{i6X&Epiv*hPt-@kX}rYuS``H_6s z(&|hOUiO-Ma?Z-04!UO7F!S|cS$j1Qrh1-|_Nw!AM_K=8{bH6M=Q`W9vp=cfF9E?2 zM_GTqFxxrDK{P@Gr?q}mqp|6+N%~jq)}pBkz3*x?em|4IjWe21|5|A`1$iA%V%Acx zAJ+}M&MILK0c3{oJZb+xaG&m(NM*rsZ`fi5vLq^QSr^miqE`2W>EdkN*nU%w*1UIh zCHPN-N3?qG%WCFI`MGruYy^BRm+->9*Sfki_5UAamJe8?3QHo(@y@CV!ge+_?(T;L%I6xpG15F-mXg_NrIRlN9Ojw1a`H!Kx;yNtyx@wD8Bzo z;M|B}l3EH`V|m%_;boBkcOY&%dYgQdxHG?jC zrLU4U#?|~PnpX36VLS8cXcP+sg(S~%UFw^uvcJm01T`cQE22d`bE-^=e6Ob3*oEgJ zP@+eKJqw!SzNPlIp&Qzjv{>Say5OIQsrbfqL!daaDvxqWtsL%cK`TZ01xr^Mi$b-g-%@-|o=O!}u z>kE42E3{+Pj63va%qReKZxcx|r2zgLooVB+#J#jD+w#F~##GzOv+|BdPn^>#zJL>U znsfDnD(01zULDDC&$jxW%B8W0?(1Qwy7wWqaM`PuE#3ZaQd<9y^j8-H+!-RyeazYB zQC(HL-J6TX$m>Cy&Jjm<%;R=&cQ|hqRzobVfn@io;_2uE2(egQu`oB01f&itpk>bRsK4|O3~MO2X?z;is)~0$) z$f+ii@-rB#g9<^adB5nwG5eIo3m%xk9%I4U*hHwmgHLzU_U8tXH0i!5MAMPt>xguE zQtHe54Gnf62-6MjK1u70P9P}&kLc(S`~h^kn2$XP3<}qLF|&Z#?)Nfj;JRiXO6=$n zoRiBnf?S%3C?ESmyd;#5!Hz85PHtC{;7`?!gh0grX9K3srFShJ&o30rg*zR1vBx&^ zXi=)gFE_}AW5-|TuD0J@*vC83#G-Y>%_tE9pj zEcs6^t2U$w3X4{LYNUDZuoQ^0VBizo?SL>x;1R32oh*9mT>}uN^kgHuA-TF>q>}vA zow_hQ|MT)0O#__fvD9%!w24=u*|+Ne)P*%dNW}^PoRzNZgYLKUd{Cu#(rqixst^72 zm?%L(#HIo+$E7Ls9h-gf-S`qDy5NDu5WRQ`H?66=8!YJ{9sfGhG|1PV@S-UoLq{1$ znXxW^^7@jjQYa_xAG-NEM*qp_5#S2jugwLlqs~ypcO=ZXQp&aZbieY<$RZrgm0sbo2}H zteV(ADO(~Gp{`4vN?BV^!O@GAm)$RzWe{iH>6pBYQCH3C-FH1NILw~AByCFpu)$eT zs4b#2w#724+%kV5d!%*b`CHaX62{vAXBv4=eKqhFB&yldR!$-|)g&V!yRYtprgs+G z2gb^yw4P(Q#$c5(XIP(2>)!{_7aLK5G+eSdstW&4whpUhHXZQ1+ zm=5p_8waV55BMiozGFB8g;zed>?jH|Ogm&}3$8HJ<4|tEWfHS^wmyAU>dc=a34*6R(Cfmc>BA`NmWlqiOL-UtI-Sp6jTLbcsYR7tE}@o{;c6+$NBUX#4eA zycmSX5FXbzoCIb%bGNZpK&Qr%vW!QkplMw~a$w0wX|4V_)f2BE4re|~QdBIFqh$xN zR|F3onEZh4F~;s1!N4joT0kBHA*OtqeLIa4S>@<-{VlauaA4AEHc`R$xBJO{NTAu+ z(}B~<_JI9NX)MN`j#9>4VhbfA19)fXTd*s`<_e__dRn#B729ej1Oh#lxHq00e@NUu z*+>Ct&O6Ssx_QU9E-K57Uz_~3DV~^88||-(@--_ScofvXJo&uj^Yl9vxsQY$1rHzz zfC_s@+o-ZQPXfVER-}T6<2zHwiSJq(hfh#1G-P8WCOmC>{BLs4>4!fT*vHJ39pZ_U zgBIJL4_cJ-F`n$vxblhlXz8jDkI5Z2V^!;CK+_Ax{7-$l&A8h$-^rW-` zwRy3<5u(7LiGuH=QPy1&-F~ik0qcuv?WY>#kWJNAZ@QTme3MNx4hZ4PxE!1@%=%v; z_y~MEY8(b?cd{gD8s_h`OE9d?ZLz2L4Bc=j1X1PAITx@2xpi{fo68?UgmqLCO{ z5#u2$FxOlb9iTgIb`=-`L!wP#vFj+YU(`i^qbZ5TVTkN6lGanl!8NYLol%F5z{$&7W(Iv^zVWCpi0aJv5f7eE7I}UP##ID#CFDqb5ks?qr~SRRhg~hSX}EjNno= zbH!OtIsQO5JF?3?A;#PUl-NBHI3*JgiljCDmE9^=?$Rmk5UC8}>bceYi#~J`M?lq* z70tQ6l~4B9)P`LG4zuo4ytR_g)}=;W1ETHIe@#@T?;fy8k@QMbJ=6;p;fR4VkCy-E zGY_3owI8jENNhz^=x?v7hF^F7L=|U_x&JYG8oKBkR$6*amk#a$FW6jA0}OGDV}a2| z!^|@JugR9nJG)~;Y=3+mRyl!a)YdL(j6H}H>`X~}DVmlBc2P!by@u$!IljSw;j0;O z=?UuR!%aCI-U?0RYpO?o3*HwDkV;ai7dN|%KkX2K0=)ss98x=(ynQ9$JOw1J=Z83`q@%cM()ll3E*ZR94>Awn1rD575*N1(2DCmZat5_wUPpwH2QIKELgj^h_{zE zE~O!Rv`Xn|WEisKLt697bGJ70@o250pl*d8l_zg1FCPC1{)P`8*QDDmX3asfgyIbG zis&5MxAv{)99e`%A$5&0M(6K&4{ml*ncEXpdd-DPKRZ>nJ=DW~^o9a*tO?4L>L}j` z$m`6;L}Wb*L5f_22?H);S8gNEwln%>pZ1f9-;PLD#Ch>=3qMsB4L08c2K2`Jtyrj3 z>^1~c5_@PI0E>A@S!M94V}lr(+tj!TchyCXN1sXE`Q#q$dxOV38oseqkZOMkgcaLI zmMd2CX!;JYThEZ1D0Ql1!Q)Tf>)fJN?Z`iq^W!0>EHpS#z-sk^DL*Zrx1Sv{`!nwL zZ_H%`g5F%FI#4tXon?U2xThr@3A@g#a=+FJ^19@;XY=7*eOj_TPEMC zZ-Dwb*_A!?dv!>l7R&SvkvnCcod|KW)D9#>HP!tdumnx7`W~HGiar`@$k5hJOWw%$ z!Vq5B(m+0|dAgw!bO>zz$dv_7vKlD4TEmCHXh~;Ye6Shr?6n)B2R_XQrha<(UzO&S zY?&n#o1>dT#e*Ktc>d0j7SPPny&3_4rS? zT$dLM#xQP|U`0~$c92e@OFMHF-;K1KDMc7<_CMl5QRTJ1)16>dwcYcad@_3EP+oA#yPAYx zG@_rR$REtB-Id36`b7p|nlsSHdE?kUEPhUrzrH)5{%P^jSSHO8VV%vgE$^yN*-O)w zSUxFVAg!>&=-`Oj5Nv>u46~3NX{Oy;shJ%i_Gd)dMdE{tYn2aRN^?BZqy-w5sW7DUF9RMwPZvo~U)@Mx;_6&7<0 ztdvxa-^_|xBa5K(JlV7)B2LJuv9697qZxIjx0SR-obz#O4(eO5#HKp4_&5*g^>m20BA?ype#HDFa+*7C zD01rBVK?7;kdB=%d06z*wkc8pDFx8yhVl*pLDf@;DWef{zhc@scJ#SXB+r7btuwgd zSod`;8If#;P;KUaP5$D~cqOc?RcKhC_~Vn8CRiZ&FB5laN5}0~kUld`#|5u^A%`80h4n7_W9fX_!NiC<)T$fSO zp);?k*A_CtChxVXBMQA<=9XL#f@E>QGO%K{;E0u)=poz$;-Gf)zm4I|{hpohz#5Tz ztMOGC+|idk7S+{UOJZJyYqVM5 zJqfWr@?@74=aBpgXcrsz>B=MiV*3El&Rpd|*EVoLjt~DBTh>vLY~wtBJudT9w7E!E z?}mrJ$zrZ19(YC*?N3?RKg}~;07CT=OM4h@hmC8Qr{&?&0xHRoyMlJZ&0n{P)@0}z zTI}fLYq7Fn)^yZ?JEnIQT=IN}vm9H~B|?Orr~h#ZP>Bdn>*9K-1m6kD5cD!u{8^3f z_3-C!A%CkE`4ScDR~O4y2NxFY7x32XhNUaqvjBpVz=kb#Pm{ObQG&3I9|h)$!Lds7 z#!W@=x8*GlRJS{7d$mjZ4+qXPeuk)Qr9v#mdAEl7LYPx5^(yubw?SgFh21oIe+L!! zb5pyIC?oOdMkH9)v@KA@MUoQdnW1v(OI8OSr?icY>gbmR@pgq^eFUQ&b^u+{O>tE^ z&f-6nt_y$TbvnytV9GKi3jTAKv6b`l&u)saqx`@hoWBGl__Vxj>x9Hy^TxN}ev_Iw zQ>ELX?}<(TkE1<2u#Lw~+uF9qNZn*<-7N7?b1J&$`S-;947F($o!<*5XOo=5;M%TK zq$XK4Pp@`r%yG&^L$j|@TZeDAscTjhNc0Nz`;sRJ8jqqSc)mb>6w7mtwbJ>5W zV=sP2#LG&qI*?AAqi#dNji2iMLH>vDTe@G$^`H8_NkUtt*qz>3s;hFHMmIEN3Ni-y zpl$Ucq=#P@!?o^YL%o4l zZ28r5Usc@re-*R1wZZ)Kv#IlWQB!_%XeRHzqwe?8k9@9Y}CN{B6%-Q-`3!~p# z2CJ}CZZON82B5%_Tzr?~-)VbgRsy}A%&3AbF`*n-{95=*HKw?0-n`K{$Nyum&kmK* zrYIH07XCxO)SXeX03jH3?ltrZWxc`J0G9b)lSUL(W<#rdk~@8}d%0w5`l|Lv;Z|eN zH0%!*1jah1Oj#P;TcBaPFAt|!Z;oKgTmi0=ck`S}7qZ0&RE(|I*rRpZ zqJbMH!xPnprRxX#g-=b?rJ&7*(`B?QJU-BfD{YE0T~j*4>o6Q>GAK!K8VJVeI*wp& zOj`(bC0Cpa(AS+X=yRdpXmCbP8-09wVf2%tdC!j9RcIfuNcLsO%0z|BRu%sk@U)u~ z`gXE?(=s=MZsu@y=IX>vq-ti6PU&_yH>t7=wI}yz2Ji8wZpr;3FPP(hLTWGhf0~Sk`!s-KYAfPQ0ET=Met5B=;gk;gHq$3yO;_Tv|bZ^%W z*!fJlYuk+l&5}Wg?l+z&+ocM@65g<7t0!aLhDRh&@UiYvlS2V#FHS@byeY0${El5f zP3=7U{XxYDTA%ZXrHscY&Y%)##9i;p(Jr*krrf7xMrADW2UE`=8_vmoNvcE18OW=E z8#hj6-P6m++}El2vSxIFJvMf6jGIAwRatj^Yw|CF{!QlWSXno?t2l0zwZJ2zN&qv? z9pGVwCp??dbg>v!0vgT3h{Gypf4ke1NgOkMtu+>h+)1ewR{-wf<+&FAL^1K0hPmW;jyiC%dpdgB^3^kK$(knl4J6*gGx zm*hd3$s^zpB>oY-Lfg1=v%ej;gOZ&woNY=CV+#;9K zx(NN<#7BmL$I-~fS4baNp0^mXJWpEw?XCke$odlTPo2}mwSQ3t>iXZvMu7362YE`M zzYKgbzmKlyARS{vAJ>T>5{ZDhCZp;;9fD`r<_}%hCuSyCkLXgr3{1}AVtcii`*3Lj z`%TL6od;;+&FjrBe{|do*5O3L(ed87*{2Oxvx*B=fSz!JoSKO6Zcr8+H|D$o#*H6W zVI_Fm*kO-N!o9$hr9NR~gWSes?6R#dW*c*`c!bjNa%=f~b@ev@#JrPFiUz%Z?ab5#u zGfZn|_6Q*sdkpQjH0( zbfQDa6gXgR&DQL|3XiROssAP5Fjl!1sqN_08hP|*N@paT(|qc@UTcS^D#AQ|a>jD< zZgiwuyR+H>YHiKX7f!@leU&b;3bE|}CjczQKygER2rd)wHJ9PlR~j5FuuixGIW(}Q z8w1g4ZDGA^S3W?cf_xcU1GotBhE9f$`eZ|ej;e6jF~u`dPiJTedHX=mO3BOz+5vO1 zN;Jx&b~nl(D)K_+mj!`eipHJCE2?LGZ#>bHm1rXr{`W46yhpacpK9Jwwt6v~)!;J7 zb1Zz8G-lrlJZ1G-4lhfN9+@+=k2<3}`0=*&=ewV-veUoG4$P}QC1tg?P#ZFnbo&2f zPiZ}0HB=v|t0Ta<`y^zxDU6tzoZ1TeuF&#}6Z-W@JHd0&mu>TSO!vgw#Gxj+3-(DW{=$N&SK5hnV zz2eHItCH6|Y*B~uJ|ppRZcO@<$^^rKJIX|j4|oN*k}lvd6P+9_n~<})y zQ&-g+NRHswEV;!__8=MM&P=?Mq4EiZids6Ysfjq3Uvp^pY7U>SG+R>Rpz86 z1^W#>J2+|e;bM3C1M>!*q)qtX7HT$RU?Io0xymyPZyM&aS+XskL1dcY#L#=rI|p}fcw`=WIJdJ$R?0AI3FHGVz$BOX zqHr4MF$*-mapR5-szpOQmY{H@{z2>wt;_A%y_+>cEm!IZ z<^V*9o%I3yz-|CeJa*l|-v0g97KakRo66X{7GU|&Ub70~;B;zqdtkQn)uy0>X~%@Q zzf(PXGqi&p*1&GqSzox@!t&@Z!wo`7y;p?g8qM|Sq<=Q4>}7vj-uNTX`vEyl<4KH| z-zWq$J6(_lCx7J{)DFMSWh@+;vp-$Wc^a;-)Acd$KdZ@#xn{f_@3#ug18Cv~s6>(i zi(h5fOv*qq)W}`MM+!~i)roblE_3oto_FOj{gODKO8#%16}SJ9h+E3=fa8G#2cV3 zxW8^>vuLepHA1_kf}Q}f?4SxEFL)*_AG&oS#_NsyL{!0Ccl)MPSH8ieWsy0((X>U9gVVZ5<-L;^HqCQ=tZU|-_cWkR%AHgndVeiM z(DfZgV5<--gb^mP$J#CQJKaad;>;a_ifM5E@ll8f5b56Hk!<-~_V&QKSs9a8&%N51 zZuaho!R5DtwyHj;w!FHA4ymnDa|HJc<}`ToP_G8_#STQ6IJ%;pEWB2w$1}*jTf3S) zI^-Io0Ie;sdiVI&{o~cwC}>>=cfQM(yQ}@Dl}QlYw0|Xl+x;WQmTaaD;*)&lD>~kNe-SO+qC*oJF$A~=v%dhu79Ktx2H!Zuk$n7}%@Sywz%W-Ljdk$mA z%IL=P5At?_1wIA}Mj3&1Rr}jF!d#vZZIn*0S}GiQc2=&&>g$& zm)YlB*;4q&B|z0{0Ax<_LFelrk*Q;^XiA+EO9CxzX_ehfZ~x1I2YLdF^Md0Bx(1W6 zne#2_VHmh$8mDfb94gQRU|8ugzBT)FORc30iO(Pd!@njGdXMRpS z>y2T2u~Guvthb)neCacCR>Eq^^R-GkE`Hm!nMbfQ;B)lbt@PkYrO~csZl_2Y2*Ovk zed;|*+UxJFYBTdLGG8@lelxQG*>F)U#*z3Ie)y!hO=XQid|nqgCa>iL0x!yVcgJ`p zU{2L#KgPLnP_2%b)z%cDJ`pbMmfz$bqUzKs_O;asoMUxq6HxN3h zPAD9KEcA{2C4l(dbkV*R&KY2~GN(xrTQ8yh(aOM(3xJx2KA18XFXL)+;eiu zT`N%KNsp+_mxo>%*WSwB+}3uAP(-FzLT}{(?%sNAOHv^t6Hjqz5_SXdl)PPQy89d@ z$K4eobE218tuIHOhrhUyffDICz7suiz^oa*K$C^+!hVCv@QFNl<+S;1Y|Ty zbubj2pyKeXOOw|+4Rn39a~@7>n=rZP)?viUKbM*=u7CgaIAD>Sd#g zgURfB}IY0oWM0gZ?3|;j$1eo&0s<>TeOzv zgDh`53asbmX-OaW$F|Bz@oC*|=>DliDk`2N0@Pk=WK~XqMEfO-S&06x-{D}JL-AGh z$rj2jO3uaE8^aPX7vA|TB19614+Md9Qmb(m1Y9)T+h0j9GqTEPc%m_L z=&C02Ub@_E6!DxMea1DV=OC^b58_Xdtj=h7zdZjdY#-ErC9$G>A$LDgreo?ji_qSx zd4VjZ{!)uKS4SL~j_+Ukl~#FE?%=12%#%u@U7iDTuurs#y20OL;Cgr0-u35wHkdv5 zpK)OiuYPmDl`G5(2GSUKc|e0A?ZO9%c{}Ko(K@DP_h?vC)TfD-w_Qo^M8cw$0+0Ca zJ)rmYP_BL#_A5=$+@5QM31Dl0$05SqrLY3+aV1jh?CSY!TWxRO9d~iXsm6!)6K7?f zVC!JsYz_hJsJ&wv)}fok*L**4>z%w;)hwS0VJu#BbGa3RKv&;BpJJD+k*=1u4S3~Kb|+d4D+9i&5mhUwr_$3uLTe-F zn^ua8(Tf5riCx#vW_H;e@{=O`b0^{$|6h6|-TVLb*_{CmwYB!z|7WsrP@BCql`@AF<$qQ>4!mc(fS0+{vKcYuHt*xL@O=Dvc5!a8;D*d) zuvc_v12L!PMX1qvzEjM}W^-rVaoV(EKT~ezHV|G2_8HMYm~z$RS_Mi%n{RkbO78PX z!{W*XeBGYUT?XKeVh)~XCR;`1+a6GAuOqO^76KKleXb6y+~g8?gvd8god5lofR_hS ze@Qnea_-JM?aG8ZHRTpv`z12BzJ<+2-_}(C9rmC_&>tXaEYkLqRJ{Eo1e4X{IM8^G z@}1$7%-_~0a@9xAx(E0v2-`xRn;g;a)Q%RP|6}2TM`jOX{O{*?*8e?+;xCdYdu3^; z01dK;1PFW$-uXHf{;{Ej#+7$$mlxBKP^L(kw#qB_!PSeVHI(bLdtXv?zEym{z0IOT zsckUjz~SoYkrw!L|6}R~UK?Xvg+_F^duK3k&<>-p?7E?Oi4K`pVF;c4gLiIQVvz5j zPz3F{UyGBcY;|@2)1v6;!c@&3=x-rJ&#!q$PPS&e_sXsKf|27&W5=TRtrH}{23=UK zacZ45*i_y%r9N22J9#gVIG2{;WODe}TzFN>iO0w8B`wR`G}GP5pzTK2et@X9fD^?Q z-8a9Qx?Y`3xHK4okkhV4-coe3DcY9S`WTG9vlEy*xH@RUOn>Tnq{oUfoWF$T5%_Nm#aAx;v%LG&w-d3A}dUvqWetYR^BAfent?zwip?g<^AGU2#F) zfh*iITZwKTK#WY1MnMc*5elQQ^&IL?pepsc4?_fbl5FGTeAZUWeS{dDspL@@SiSJL z5ohan^Pb8j&vF}jXxCC5@t@XMx|A->&-BN8OTK4^#Y1$a7DwGRQp{D<@kV9zRvm@K z3b~!k;ve^t!>hFieYO21p7qIXKl>rQ+0pC2LFy@6z3<-?wK={x_-VP{wcva=5XfEi zn7uWY(~N}qB1l+JS3*qZ5@_K|o)OvRiZ*T2s`usU5ECy$arWFWH+NMUsZ@C2EzYLo=Sl z*lt&+OmV{$SH?xU!Sx4GK<7}hXkUzIM`OtA!W@}L%$2^Luj#+(P6AmLA3l0~3rFuzOi-@|Y(9kijR|JG~o$fck znF~;bI{d>arJ*gRc;gq-5+l;X73PH4u5OW*a3w_;Y?q-uE}&yl$=Jd`BiTz zAP!6eLjilXBOMhF(d1dZz+7*-U}`ahmi{slI9>lDP|cp=;Kj?IiyFCd0^(#sy*ToG zUNHpB_u&5+R5dL|*=2RE^30n_t+~{|AhOusQQ=hO{g|inQMH#G!;2 zT($H6csz=#QLu-XKKgl1xldVaqyB--Pq6b|4X9w}QMBpGk7%MTXBd5M+S&9qvY3A@ z%~R|6RfG6b5;@nkUe})x5x)$xMn`fIxA0nj2_P-EO2By@bpM3?P-TFOV;!D8m8Ukc zG%!!QnbS8}wKL9&l6K9Yc%vr6;bC4nAjF1o?gPiF(PI~fuzF~AFz8rrr`fiU0bM#X zkaj6iw%3&APtD+EF3cbA{NZqL`IBI5+^TSb;$Re6c>r0$rE>SsJi?>C&?49VP(RO^ zYjF2tzfKvvV{6AJPK&wmyyzYirwn!De|BW2v3C@IlCd2eLE4;*Q+Tdl5qCI7>Q6=D zAY?DklPyF^gzWW)ikRC*F@WWg`ls#n5sH-TbcfwOT2|wiJ}GWD@tw%nJ-%aCE0+Of zhOr(oJa~bl8sJ|^Oyd&pjA~e)s~vnwEp>DB<9W5n+O2{-U$<=N$pD7i>jwcz`mh7EvW{X2&bDN&)+_X z{GO=&y@v8zkC@_IVscM^q;(512oVIp>~r9&X|gOvH!ws!&}_U(JTJ8Sge-qLVH zxSzgk_xM~3(JFB!JH%&h+2!{~p|p#}OJ3&-)eF|hgey;h3f33}x*Kxn4s0*R(XeRD zJ)nH&R30=36(&;9BSz7E;C}38aM~V$jF68)hm^&zl00XipCQe{x2?o`A7bCG%GKCk0gcyyGFy}G0A>zkFk)cbB2OCR?XjiHO70*k0poLz zoU+}tI@^=&bKnGR>1zs1$eo6qXX#RA3Za+q9VMhD7^=r>qN=j)R&P#qZZ`NBLRj^| zZo_s)6CIiR**;eQvuRp_X=imQeZ3JSWgA7`I(sHR{FsXAq$Lt%*ly#lj=OO!+x6-0 zH+`M=qm>~d2v{wR!d;0|QX4x&8V>%(Fvji0mBZ(x(@!44y&lol*123?lb5}3_w}o9 z4~-Gg9-Ne|Yy!yyNd6z?oqIUb|NsAWl(!^=5Z*-&36)cY?H!RrB0`8&lEa!+PLtUx zIUg26QWla^EQf7!*m6!t&Y5g%A&0Sr8JqQc_4$5&hwt~ge!uJ2`}6x<*Y9v$ul=#t zb!~fXuh;9j=kxKn-S77f@Lr@RgBzU5y+RfJyeg`^W0X24|2R^trij#NZD5rt3(2%d zKAdwzM&-}ZX`^0{K@H0;HbGY#bbuRmX(;$oh|K92d_hOi`1yLv^O@``S5$8pP6%cH z5IVJ;`G-f_Is6!5kr^`Tkuet0xZ{(+sKjKlwd`)=)Sy<+o&SPtQ6Lm}u zzU1dHEIi@W8YX6Un%oletkBk7*QR|R|J81f<k8x@ zzvjMHJjKMrMZUXGp0IkLLDRSVbaa@P$_h?WRX@IkWIQ;z5o8Z!qxG_}li&{8-tT0& z2J=bXKe+j{=8NViKHm;RhM%N$VoEy}Auj{*_NGHI@ksd{Jo3p^k;~{XG9`LZ}X)#>R14IyFdZ4&6OKn=C|RQSrAO!##$`6x1)Rr zXjR+vnbw3!h!G{qM6R3RGE__>6#!c`+`<~$wuM4&qU}cv&}Gsmhhkg2ZP}qOCOvF> zfC<-;W~g0Vbo$)w_I>M9`C}pKk1LNN(nD7k8ti$#s7{g^x04|r=X;6$CXI`=Wqq@y z+sh#}Kl7c#_?~mF8qjZ;gDd2oB3kJ4ttufyO|DHk|(Dl5=JJK-z&=^QqUqmzg0xKBK2jj z{;-aZM7X_t#gb7txb8pO7!RDuYy*d*nb)Wp)`JO_lAVFIb8=-dOI5%w&2yiRa^xt7-mAO#6) zBThr5v&AX;<5q{OI=~d4$47(KGrKEarcH#WtUEm^^fiDPE|1RlX+xgju}*HlUAkTl z{IgKB?-4`mwV-|A11!kGI(wdeE;&Ruh9*uDLDXMi?@8zv^EK<^8-#>}U-eG^nEvUZ z2E~eC6>2!OKTzDn33UpoG%VPLv~A#Cql*RE4_4e-Sg45RWGQ|$KkDl8c>Ju{xcTl6 z$akMlbjqK2d-a?&)9dtR5lIROYhd?A3-pn`>~92+>Ts~B<4F5G<>qm+ew)!OxAnsJQQw={1x$6pavf#OM!Js^>GPF{YS&cp&^7G zPrc~h)-dYRMqN2Chd~Dely|KF)~p>PUPt?3E;E-{ZN#Xh8-qtDuSWZ1j$S`u`N-;# zo`&$fjf6S!bzCA%6eNsjX;nG}1SJ6)KCbH}Y>QEyYwW7H5I0n`D^9ikp_SJ}r&__y z&rg38n#t&9?kIS#JqT26OGyX#Y6A^0R-zj__g%zfWB|<2UYuKSnQQ-&o3OaA(rBx3 zcyO{i-2*`nsn3Yb2$om3IO6GLVW4GctsPAM#B>+fW~`4F-i(&jaWkwNz2~m;Q^>e8 z+|8)Kq`DbhMPz~*V~Jh%+fbjBOov|&gaD4TX4>jaYeX?<@!7&}HIL6pjGjJHt#23W zAoAxHcd#(fbHeRMI&&){Sw>gbF6k3!8MpPyjyx`BXxPE#O{z1+=)DPGywb}|(2?|Jc1P*C*9gd&;nkDDwTJyxloaJ_MDFYk z&}LkE7}jFC0xYFh*1F5lYyrNnL)&b>*}My}ZO{G#ygLD92R(9+j&Y9_F{o1LWX z0Bzyhb2o8czmxYM50^nKiYTVTmBs!7*r`vMRWNifG$Oz88a-^r`hEL^#)Oj!B-{DP;U>@)z zct+eHfcoG{M6%WCM?qq2i}v&ge|nEm6UV=})8O&b&CI3qr?DA_s|~tp+ooM?q2Y$< zPdxScV4R&n^@wHNtZoh@YrKfI8S1N&FZf8ti^uVy5iFobR*lBs_~%|z%7+UkdAh>X zt_bM1y)tfpUQUX8^myBe`_>1B?H{6c@%^}23|kzq5ZeRV%PnYCI`r1fop+|s1RN9= z5qRi!n(RYW|Gg@Y%O4x2ZE3=xSVl}+-lHAJ0y9dygi!bF{vKUheZ0qXU0dlkTbP|haYM;Av>%j5-R9B=|Y`b0U0n9 zoK)uu6f4ZQ>GbJ%r96(OyWe)lfLf1uewp7(J^g^iOu@CJ584Hx3FBAH<$f@1=ForB zSS;{Gp+e`1fXJ+$ztLY`6;SX5B|Wk+CXg4n=LSvU9+2hvzB)wVD1kVl$R)ky#1TZQ zK27}Vr{LE*ebMiB#eO(E^h9_p)A4kadmVhCjOPGV-isH1bnn~(jWLgt@i#0BDn(o$ zYg(%ckh%TVtg7o)rJRbHs+ruAZH^^H4=yqEv2f^{lf>PcaN?BR22gnX z_U5NhLyqg{I#&m{B7){@f%J3|(eEbV znc)$(Rnj(1O&H*bsvE%r8Vh_&Y(l?W7_ zKK)mcbJ$*^y*sU>t9ciZm(v+x?c*Nw^CZxq$%T>6l(TiiB@<&}Tm3T?{9Za68cKG- zcUdHRd!~dP(K;ac*ZkkMj|!d_#-Sqkk~{7ee!&v_Z8 zV?!ia{sls^38dibEFtt>{)uoW%g=9|^p$S79bf%Jd` zC|oinV)j`_A|9%_GH%&BnVU|ZhZ#0+IRaD~+KK{}TVQ*4!P1P=RMRw=4R{CDyEk7< zb@jZ?LfJ!u0l(&wixE?%j#mLgIWDkwks^DI~Or_UlzJYUxp+!(;g1 zGP}T~LJvedoLyp7{OMYJxwh}6$l?n(j~DUW=#6w;N-W1>7!2?6=DcUiCV>un_@_e- z3$TS_+->J`=fYp%5xxnIb+07O7TY{Q491_J)jbjt7ydf~y{37t!!9PW#NRW@i{W~%CeemtfY2B=t80F zLUpV{Yn-?0%L5~KSmJa*Z&bqaT5F>!c}BF#W& ze_sb02f!iW8R7|K8C}xO`P?J@NO5`>*zn{ESmE-V%bKjw@iILC_WuM|bJ&}v{v(S3 zMC=fM(}8#Cr;s?>A2W&?;gs|NqL`UhnuPWWW{00UDs_@p#kJ{j7&Q1&z98RM)aY-Z zAv45&`^qnHYrBm0OqV3c9vIM!Cc@sA*()Md227mGJrPc=Bl4acEWO-&f*gx4Ypbns zdk_OtcB;#zb;0qr@hbI_Di#VtXVWZ?n8JU|Mg~X1LdtXN?k$vzW_AV!vRIV(SfR51DV;t#Q`m*mM?fK3If56gOrZWbk>nGmiSs%x{H z_z|uCk>|P?G`$`{MDJV(O88b`f-x0zk-Ml!vYrBACW%4PU{2#U!=DW0cmkOmJo3RO z7cI6&@4NWdj{k!mibep6_y2e@Ok-DuDR^=*ef=)U$G5Qp+fa_x-$3&5#82}c<S=aZ_rL0Q{w>X-j|=8$BUh?lMC>aWw>HYeA!Yw-6oLoKydO-C}jJnXMp^Vv00|yvX{uO46O%aQ~9Rt zDwoV!uHJ02f!m^64A{__d>0s%rydzR{8MP)zX*7824={=Wdr7%#Z_QeY3WMNIU<$V zHe=iq6CT{=$p-LUDYK{V&L}c&wUxmg>u*rPww_K{LGMJYas2yC0FwAV;9V#sIOP6I zb_bxuU$|xGS*BP{^k8P{r*i-BB1O0B$KdaLEoE;xPgs7jrGw9Kt#Jr*PS)nD5b&OH z#E5+*7hZzUwPg|GS9=w?Wmca z8Vn3HPvE)n2%&I#W8C!Au!n!dy>i*mfkwdC4nN9B69DU2!VUTTY<*f4xb@qBdoMGw z*yw(U#1`Tx`O~t=3z8QtC-hEAP(ttD2+Pv?-Wvrb!kfio<(bos446~y ziA75EM^^*@elUQ>K{jF8HlijeGU`%Ynr42k0^xCOrre*I2BOntr>;9DKPf1M`G1@2 z9_Oq<>V67kFKle(q&_JyDD_yW%hE03p0$KyYuIU zlm96KUG|s6RwumLCHkDz;(cUx)j!r71!=xsOK-13@IHsoZ z>Na^4c5*CUM}HLAC!4Bz#webc&U^e%j2B=TmpR2is{N)4V;i@g5sSgYp!DtXVudLs za2DC7|6l`tpcPVAN2nfbb(tf%A5y*U(7bD$P}w}f4r6ZN=_AS*9VvK!z8zzlg-H=8 zjea+hAK+Sc@f_Rd#%tCjH!(b`w$pmEANK?nTvhk({7VV0GNW7&27wfI@44Hd4O)3I3xaD=~)vYIqZ+-X1 zq<`GKw@cGW#p$yNgx)JsxPp>lTNb>oDD>xeS_kt+56U`($LnUOH5(OWAAsYlj4X@f z94rRzQ15-`;|Z9hVcMYpOOG>Sa8Mo2RHvebRJ?*#K(&EubYsYVXlX$=N|dFR$5@g= z7|u=%X8|K&M5$%YA7vl5{-ye3=SId?khCCwsFa{DHfW%wrS*cLR!m~NDE z^f3Ee!Y!o59Xd{Y_Bhn_S@fVtaI)ezSJ&a(+up%GZb@yaLq9Oni}rA~GIO1!?9R<* zbR~-KMbv)JJ>AdOGw6sz0+t#rB#puR!QdQ~>)yG&PPJ*GwKGZC$seA{IeKk9v7}R= zbh%JHG;JvIb$|U2>wju9uitGLd)UA94VV9q+^>$Cs_#4oQ%u?N~B_<#UbN zWRgveeHR?V4_U#SJHs7$lx&YodY{GelS$K!%hz#QPFqlCLTL=BK z-0hnc<=Z3eT;5amJ?p1ACs13@mdUF>83<3vz9u*EgH|mI$VqO%AE0ZH5UJIrc$x%G z-*l@*x*1QoB|;n@U}+n!^3+}mdQjU?FF9Hj+kGHaj-ECR815F$S5Q3yod)2#1NH{o zC8GTfpc?wSY<1CZ>p}()%78A!J{f7sz->jMheGUkk8=AN)(u%MT*yS@iT%TNCg)3_ zIvLwDW%@lns4pu3xrGsk8(If@TM^vNr!MiO(4Prp3 zibNk0MrYbPb7|}VzYuL%tNxWu*LJ0CpOJobHHIxGHmlDM1q>7NN3Xnu%i5Jg&q4a-Ury)uP8U9W{2Blq~gO=G~KT4zBt+iD8CgWgPG`ep6iq@ z7x8f#|EEv|)$`tSz%TR$z*FY5XAvpzDDq8QoIJig``2vAWdj}sFN&};(+6ft38|9l zrCWQXt_^Or5^@IbM)d#+>2t{qVWmiI7W_R#K7gv$x9tVAr4ABZv8cOX_||f{ykAfC z^1roel+E#@pP9nPOx zwnon6@po`%=n>-)cC3*mv`m1kl5|cd+oBN@8~8d>$^Ll3XmIJHG2+vtr|JG*-<*D^ zWq*G22{^zL-a*M~exbk#U~keA^doN64mB7-C&p$CME76Ov{oYmvflz>pg6Tv@y?(t z9*|!VxYx-wGs$Q_-8ki%u+|~qUK1fCPA*9!TqnIUUPEHiFUX*R+$jMpb6-xd)$sA% zDL&3!`!T{;t_XXHgXa1gB{Ue*u~OVb2SRO*eN;2)$OuU4yFm4sqTx1UYro(~$IUlP zMe5}*=c_*T?Hb*?MekWL|DxSy4%q__Pn$}&cgeB&k^Gz#=w=*Z{f}yUQdYWky?W7e zOniq|urSN(CUnYW9xEJF{CMoL zZ!yk~o54FT_ym?B2Z$%+f(An%ioo2Fo)v>?yHl(iy`X%le~~oc9fGYo{LN)eWZG@} zVV@{1&8zV>mf_gl$n%?7u!iFd+ynDgv}A+PL^;~IAHFhvulHQl;HuV0RSKfpm4Jm- zKQh<)YS3(1{Q*YR_Z$&k!#_Xlc+sxRSleXD7iSyL&$AgOO=B{9`2Yn-y!C7qM!;IY z>`(QheU~uqoC3O-vKbH&JwMhf(tVI^S6&pe_$uA&0BzS)}puw*S-~{$a?XH(%9*#c}wA9ow`fZLVt2X z*MYk|KP2QHhhL+8(En{vJXtBt+ITi%tfws8FMk1;E|$|fF?xGo1b+`9_T z9FDHZ{2{_`|H975rON&BA;?oEk7tJ5#U`WzRiH;yBOnt!4uST7?esJ80Y>aM0hFlO zw|2V#``EONag}NiI(y&NIqzFnlf&#@e6-o{hy+j6FO-kYYx$EBnIKxli_@zkK7#;! z`G?>m7B8EEx3fJ9Ap2ts=JjQZ!7;nxqboRJ>Q~!qh`fKBAUobqIe%-LP_$xbZnq%?SRknS+BFH+o@_)`^CRbTvLVBd*3DH z(P_X`0v^woV5>BDGO%$n%YbXRK=yM@L@(EZnY|j}sixsvH0Z%Qzn^LuccPVa?`6ti zowl$`fML>0@J);~62TrW2gf%csS<1&z!>gixTANCq603Edk}KzkV+spWPg!mqnJ)&eiyP4c`mjfnAv5na#ECJpyk~g@P!$66z3}UARE(`YX}fD zxJ0jgmFa+685n4BD4(e!4TXKBG)U5Hx{BSj3wDC8pHVpfSCCwGLU@%ALXSSuWIlnG zLvCTy+OTn-x%Pn0s{Vy&D+M0Stk5ltX}$8Os&3%hkV^7Zwb?>v+aifh$;UXd##Hw^ z$C0x%yTAc27nh9O3T9vwXe?j4FKg;bN@8)GSY?LDkzOK#32S$uB5 zqkh(fddPzx;CMvu>2;{B+mLdARCbcTU>E`9VFmH5QQZVIJ`>BHp^GO9{;bHEG?hKy zzam@7vdfqf)DbAYU%cpR-9y(s-1ZFlT#86iQ_<$VUFsJ6o$OcxKDg-Hs=FxxYN^aJ z;dw$z?QL;J`C}hR`;l_o7BAbM8dxRMNSJD?_*`_)uYRL&fGex~&q#>1{w+*W@f$!DcDL zbI9@El311l49O>OjZrI3g2t13B5qZrN{_Zo|4k7-lhXMmQt%uRqNP{iYbfCYfBY}wSh(EqJ+puFPh zml9}*zkD}pXgXSE@_go;+nSZ<0hk7HHZZ4C`vu32h_h>cRj8OXUj>gmU8at+(?M8f z^E6O{bu6aYQGg;wJk&s5m;1nL#! zk(RrTRjyt?NFz1nvatSu4O6GZH{)myS?kredP6KsX^cu01-#8$0DK7WE;4|}2)6y= zhv2R5qNnGd?Ma=CsLvTcS+E|c{_te?;|%nZrEOwOGYMrA@CR50lsclBH#yS+i6R|g z%f{&srmkv>o3mDX#;5Yz>8Ex-ZcX|wJ?fmeCFaiqQVAQj0{Iq>HBgo=Wa#emm;-70 z@hzY)3$by0YZly$y`8O{kw<(-6m$)S$kte9XUe&-8q!|6CSNqKC*+p1qb7Wr(QGt5 z>rpT~PDzbbfnhMA*6b^wgF`ATPIidcP?D1wM^AgP(%Vab*S@>$W^^U9;!{sFqjZt@dL8@D)q;qa`cJ)wADFvSRt3rQZiA+!2BF z^aF;bZ`}aQu09@SU`80xJeYZtcUDhF$pF!v`e6(xq5KOWxZOTINaXQi7!)(W!_4z_HFN#1pW;(@r41WiP3nYw}ZO+*00ir zrX7rSQ7$v?ZZW=aF6jG>=#eqegnyHMNR%*nA z=^Iw9#Z}>l-1eT(+V*(Yd$xESz#%j5Ew_QRM&Jf^P8aJUUYI)$>f}NbOI{?Jq*;Bd zu0O6?shW1zFDyMVWjJg(tZ&`FZfOuYK0QsHqq+w)Y%-k|0)B6mS%U|U_HrKesW%XY zQQHw8KiL^M;|C0OEjH+eDY(&Oz(1kdBuu6s`?G+HXNU5w5Ke3Yc@5n@oo&b8W_2(NYcI37P_hdzWr%GjgV~ZV(oz zUw@M*V`SL8u^(4{1)MXz{#inQFFF0k#Eo&mXY95HPvK;c40nWH)NaV4#W8E7WRv0j zV=luwg##*?2E^LRw8dR*iR)ASH0E7}Py%s%dhBti07vU|TN%j-DX86KqQzU5`Zs0+ z8!^ZGelbiGK-_SufeU$w`h+qeu??|)Iyk^aS7-);O8rI3-*+nT0!Y>hBPHB;bn%6|sa!QG*V%3E$>vswV ztYK4@`ED85qy1oLZw#df&^5(DBtQrGNcM}Vj`#)rL}OET`}7DOfaz zTzR%H+^}o=+mGF43Tay&-%nplo2{saR9BDnnBH3#ZuA}ZSRq#|ITw9gU^S|9V4L}P z;CVkg>``Rs{dUun-_PDa_4@`gSAXLf&9l|13T zGi}$he4!J56NoDCMIS&7p(R1ad`Gr21~4Sshp_o6WY+It%PN0e5OgG})~rxGYzHYX_`yU~@Zc?&Z_4D*lQ(e5tlfVE zZkGp8ger6jNfmj8#1*Gw_Rf;Fup{%2#kL5H2k^!oIoZQ{2ZUcP7;=Hl$>`HFI*}$ z9H=eb(0RbKK()(Y3B{YQec9*QL>0yDE8ogrNXQi)!0CJo9w48VxnxANKY1*|Qkp`08(izkCS3MtD_9!c>x#qu-3;xRzBnCqmecLzy^ z8(tCMt{j`GhnsgtrRxtryZV@}cjttrRoGs$B^A{>&sLZIR=BP^xC(w>ActsS1U9k; zEV)GiD4BVRjXzamxFPb5A62^13UaG*+#D8CVsh6G9wup3vaetEEJfhn{obXj4-NyH zqTGYm12jRNUY%uY)r4`HSH+rF?m<9a1zbNe0fu$wT9;xeGqE~LHQc2ISO`-MdP+z8 zMsL>b#3O)d1Qd4rj~7MTCkCm)TywTBJtU>Dgm1uw&~^8Y`BiqPRo=<_UOnD%wd(j~ z%FX!wXXPIJ;UV|ugXhlVlw8w#ZaUlJGTVd_(wJOZ>tUyBS6yd4Ij{ihyGp>PoIQNQ z>SfBwmWSri1sF8n+Vw<{($ep67E0)Ia216rcRFii@~~5{v=sKEh$q$;;!V!dHeKBDF*j* zUS~M#JU^#uV@Bc^L0B`Kw9V{W06wP;X7mD~SNt=cM$PwhvJ1cKdIMNz*JcQ;ruS`Q z+fsIEE1^oU^kebb{_~a|YuBiei&$M-__u+9jPb@*D^nL*?z8ZsvT5K7m@i?Fe{U7} z1|Fll6LpLa8}?<*G+_XZ1v@kk3gaZ^D2sk~m4DP{UaR}GbF1EwKp%y;b}PmCp}(gc z4ft357p{-!dQs4x`VrwCcWkp^Q{1t@pF*#Rl#a(-T@I4F%2sKw%W45kr?xkERv=<6 z{C8I8`3dCf>Kfi2@0_xpIkOK41XVRwxSM1ooU2JbKoWAqnIN@Nnj-#_S;$DG61IZ4&BDQm?R=^xg|(>0H?&_v;O-B@L1w4W$0 zQF-@juS|f{Cj>|Y0YT0 z$mf@d=$Jw9C-MJ%n%n;~QbFXWL(#+ahi4*}s%&~)LuNp`Hxt27a@@U9RJ!HclnYc|TOL`%UI=o~D zgFU@3JZ&lVKaEey95JlgQ=;l9^nu#C4X}%7;XK&PGI3?kblht!U&GV@2{+v3NoMY& z5k~~7ea5+8od`1>Sv$lz36~0eo&f0~9#y-!tKQ7$5#I(LFOSGDEz6@;k*f@}wVrZjlDP zJAbqPSaE(rm05zu%dP((J%qziE5LT~FX61Eb6HCk`-J|59ZGDTE~*v6>h}@?^cMW1 zOAC;ydCAM0Sv*;$0-IQG=cwtn#Bpz^BMPoW<}KZO=cHEUZx*9{vD}+9 z(;~}w;00co?a>IsbKA{S5UUKKY&o?n~7HXXH(L%SPXD z8>7HZ&kZdV_E(;$x$twBJd0o7acJ~j{o5a#-+?W^(YsSzmx|G)CTIx#bJzXGWb>W?G23(X;-8jB{_g+{8^ zsu&UE_epOAxGN;W1ajhnQdxl`ng>&6eL$}|kbk8A6dLo(zc0?c0p2KvtOLapfJA9I z_)}=e?5EI2dq8)apCAODeEd^rE)PAW4&XZ@=?KhOpyrQmHQErTAeY`!yWlgo#>n0o z<4Mnb6;A-~rui>ig@5Bp-r4fCZ;IDvA*2Lp1h#z+TYzW(amQyT#qYrP{O_HkZEprh zGH5@4&KmH8)SG;Fu_OC@`kKU8xw5YT z1V-o{J%?YX@Hg+>?Y;Ma59(Sg=vo8Lj0yRkq4z(&G5h&vssC{CJ=czxqXA>W6rtA* z%%(t_hy{Wtz~`k7OwTjzj!ys=(_fO>6&H463r}92QSX@*^z6Iz;r#7^yLvNdM$M@H zkEbBG(7Ii1fV`>s0^S=4b&CG8ZaFdL21 WEx<7W+rK}^|BH8M2MvAK-KzpaVEVJEf!hyFc@HW1#=LKg+;C&v5SSxpV&(MyB)U7?~K)ojcEb zp6SBhjrQL~<_j19p8W0PKTXe^rKdl8f$<#Uzg7Nk?M}Y{*w52RoaLgY69b%Kr=w@5 zJM9680swSp{}qo8@LwC<8G44Z=NM^XFw-g^*=XX^)6;}LOOu#ZJDheMz`%Z%*Tf=!%HYX@qfj1frpomUqJGz)HP`t6;(C$8#iz1+|$+5 zH!w7^d}w8D^T^iD)y@5>ho_f!KwwaC2sHFXL}XNSOl(|yYTDcMjLdgg*@Z>LC8cHM z6(8#x8j(%SpIchHx_f&2`oDhrK0YxyH9hlVb`FbM`MJ8b{%d2Cuz&FTka$G;bNp8? zIspBD)S~VGquBqZ7duU_Gk@;^<6ph#&VIGi zlSy3J0?+-#f9wK}gbG%Y@K?2eHTyqP?A8Ax&Hh`l|Iup>aFL#lcJt`j0U!XSfPm=) zu~0`bcq`U8^aY9~;X;2GQ9Ykq(?oT;wnDj|;rbm!fXep1gvFmLE=e{A{1>E6-+f%o zh(y$Zx__Mle2fvZPfh3O4Q~Zc1cl&cue3&(^1R}Nx*0CbholqPq zWUo%L+z|P;7o+L^+~z@Vs!qVUJb4DagTcQ8WIVh5-l0*J$CR>v=1B^*C!clY1Sx+C zaBn7^0*X!n9+71C^@OMKn;4o<;-PC2dp>R7$>%wlGoqe+I|bz3HiG+;??nTzecM0w zIQ%e7bxs}GKio3X-jhE>QbYEBaU8X@I$>mk5496bf8=0)J2#b}w~@ddx?+UKwt7gO zT!vt|3c*uMJ^EhmPID;2<&2B}Xq7GK;470M@3s#955mV7GW%qm_;TzN&;V-)3B!H+ zYa;tQOzleg8uPx2;gL+e19$6Sn1ewk(_y{Pi*TD9ng}}g$(p5z%n496Tcb}%nDhG9 z#;9a9WoN$`VoB@Dd*qe2@JTLQX%lpTa+7djzGw7Nzfh5NLu0l^Xol5+%k}mOK~uro z_^*=eh3fBuea&j9Zr-kn`;_`qz_n*li)Lxr<|Lo6Kk1jtAmMGy&u^BF8KlgUewtOk zj4&zu=Yszy`jo%N=d#UwrDM0xa+&}C<^RA2BGu#&#J4?)+bN*F5(hlFxnT2lrV_r0 z*@ubpo1R!f*by7Uxb`wI`gg}(>!x>T z_I`Y9`PQTS!?`h2834I)P}B%;t>i*~VYXUx2|$vo&3-(MA&86CjbQ1u&fg!-#9t4W zHu^*r02uu}jTY7gaG6=fSQUX^n9=D1I7iLsMF6x~YR!&~+%8j|fWm)@@n;#>Cuvvt zwBMFILa@+!b?NxO`nuNrw;k=uf`mY)Oj>%f`@6j09agFX;$sA_!KO@j|x}0?WU*lc7 z^0Jd=PGe+4Vxy05n&A2zrdFTYmp7fN94nLg96+xl{JCl$B! zwd3$}vYgQ!h_V{Hxa&WEFpV~SCa%ltI~#=QHB9#{P^?NW7{?o@vd2d9=ux~+yj4;$ z<(^{UEcU4MZfZZ*HwlY=F-;?#OLx9Zpr2_tURZf(LQixcxs+|RW=8I+od2Dpp=GUt zj1EyU2IUh^0Z518N3XReCnBvLCYl56{8v~1fKbDj#K^R@nO1U54Hzm;Wx@~=aFAXM z$qK_lF)1WPkF{S$NhSB%UCOUqnjI)rJ|9^LVTtg*xD>h%tMghrcd-|SRC}e%|dCsDeDlAHIbr3-&qY&-b~RIb|!= zp5-?^tvPDtI|W2>E`zp*fSn+G{ATvWl+9GTtz*P{1>PO|z1I~o3v{=>`AD|O#TP%m zW;ZZ?3h+u)?nd3n@5y65c@Lv6`PG^kgV852zH;$-vTi(m+3Q|gDY*Ksefdug2_@N1 zKX$$5#7ss%7mBq#_;?=wY3dJb8+8Ia{;@;lg!fU;6IlC&nU_!2dv?Te67cJIcx5@% zcMGfCAwG0=r=z+DuM+?XdLm^L+%!vk8ZT{-E_8iaRal3pJPKnWkh@O-^b{ZR1B!;v zgX8@h$OK`v1G}f=zO1Qw`F?&PDKfo*eL770D_JfX(mao&)ZQnvz<arhzE&48A3wS0LcE6CzYM5Jrq{2e;*XXfR-}Da#eVc;>^y+s*AdWS@TA zUJ?(Yku@IV4vEgpyWIRrt#x2)thXGa_e8eBA@s$^#>~*z%;(=z8|yVI#GCLHWdfNQ zm{Ro2?=HLE`R0|f!xORO2(()TN&@CgIO?_s#fxy^Uy%gKch~kIyxum+{EdxSsZY}E zX4SLD$`>PqOn_%@417vTh5Q)l`9xZBWTf(}M}V+`&G`3l$Lrt`6+)lMrOc7aYQ~cDC<` z_`GFQ4hf3S<0fc8)9#r#^_gB636b;i5WoJ)2Atq|TS+GKywWdiTORfA7cs9e3`pSX z<`*S{dCFrj<$_-V(Ds>jW8BpivSg%*m@c0z_~OCWJ&E{AA#;uVtWWI1nWZQ7C^d>A zX`aAp*hxG6u?X^YxPFsO_JFuI;2D_CVCkRBRcRhs(H3Jk0(9D`OtSDs}j)(L@AOya3U@EgT7M$XS*=AZ>TIs~}np)h;MTn;2gD>#So5t6kf!L^v$1$;x-@2fN{O%krUVVJz5^qk| zbntQhk033{8tuu9nXAS}Ie|7eJ{w{)qzAJ+QbxqfPO{M6nAw2NJUK#U99)XRHbGG? z+gbvobzA50;UO`5$V%qEj7^O=1z)|A8htqI_yc zV-M_?cAIvB5R)tIvSckNb0>(O!dpOjFvFPCer4rpqDnFwOqIa-L$2yb^r^q7*+ibf z52X=7z1#z~lvlvD6a#mbLx=cc95;Y#YU(6|j zR;jACh7Lx)a{KK0eK`~%;{&fGy9t}(l3EB7@L@Pz6O!QbdYY<;e=lFzlvT~|3!n5z z8=MruFr&8q55J5N|IOPU@@0I)){B9;5(_LFx(!iYA;x|gGjvzdZ02we?&H$? zSlNI(1UDZrUjioVdU zh;zQQWy5o9b+U%6@KkGUD!7y;nLabCQ0*2!*Jqrymb6@q`1NT-5OOi;Yt7cBwo?GZ z5DC4UAD^AsH4=y6(3HgT%fWawZNVQ&ABCOzmQDeN7r)7k^iIUttLkW1$q@0CJ`?g8*gqLN{;fNiBwQy?`;R^1~EhR`o8zd zKMQnb+Su1+Ft3m^9?(p4aQHer+-DzGlJ+LPOC^yDwt$(*-*|lF<1rh4>0cQfW1jigU1lFBY*lnDSd5|>is${2@d#=EHtY2k7f|aX&U{$<} z&qSa(iXu*`sG^7v-oh2f8^b}C`VB4hlPZZ%Zi-BpHGYo5<}JAh7UzhlyR--kKj7zg zw2CRiP#3eiJgMyXQ@|^b2PhiFSBLklD0h4`yP=j{(i8Fq^X2lS+%9S!;YW;B5VO)> zg7sQ43#Gh{pUD=gBq*nr6FFB#w#`@af6VtRvD0p=XEMtsO%~1jzAWw8axbDI0s42Lf31A{}Ok0^^H9?h!wh=8!0m4(CT|RmdZJaI}JG$t$ z-Z`IttHB`8sINqO7{7|14vmO6L*g*u;VLrL(~D>hP%@&yYB-K;<&9`K+TK{M<%Xtw zZBEk}dlI?%qIf{^ZODVq$XB2ng$=8zl7Gxni_TS)Z99`qy->GCDRczEWppfz)vxxX zWV^OKylAAzE>^x!dC@_o*&t!{&UvM;-F{ZWOqT^t0gcT&Livr&@velv0=#7>m1{~Z z3f+dUYONr@s4~}OONT&etYD3?XZIsR7kZEI`apaU&LdX)5^2A`pDNT?*P1=$p5z0v zLUPV6%^M4LYgG|a)qCZD625ed&tkx`k7JXwEU0_GM|41SKU;^<%jioK;7Ku@k2DSu zf<}Cu6WW-E`yH}a;qq*lL~oF z%TTQ2t#u+4ui6|*xjK{jgLGkf#hyBphuglEjkC?S0PpOq-sy5EWNj$rJ$HLoz%U?$ z!W2RQaexwNsTcLvnp))h-p&o^F5r1@r>j%qp6L4D=u61HIzMQ&XQm`>-or<($i-uA zNzIDk`X6K7J7iAk1X1MH7=?*;17~728LuLR2d9tolYiUiiVSPmd$w;?mSwD|o=hq} zHN0@{@%1weN)=^fBkI@|*_iYZB;*X^#>YgdJ~eBN!bG`GAtt7t#9xc73=j9OTrIv0 zd@DY@21LKQiH^i@1)(FTH<}2gQKgT(&uN4ufQMwQ%4+qrtUWy4gsI<5I3X8<$ z8;y$1?@JtCeYMo+MSMC1#KC|BS3{C0gfM~KZN{1C^q3TS-wKHil3g@x%%SC6E;lzm zZNa>!b5nS9>)m^a&##wF$akR^fWlBjA4=rp4OPfXw!q<==A2eu5zbIPNMD8l;iolega65pzmRs#I$}wMJU>hOFfz z>e(&>x%NMRZ6C`BuF8adOl(}+BVBO7cr@bzsh4Rpvp+?T6hPLYfJp4LSeGXqo8ugt z$$m8r=cvBf|-_URc>F~mEnVBt<+bJ}CM848w5JUPAE&1`i0N}d#QCO8)1SA!kGzFaIcW&0Wj_UUp%Ld` zYA2#~w+IpqNttJBpc<@a0J4GTHbC21?fdJXU>=XEdv( zM!>#UcmG2qzne?y$6Fk?Z&i~8Oskxra16G2M;hPOJGwQoBsXKH-4Y5pNrZT@<_3f! zE){q|w2-a$_#>m0*PglXrF>$|g-MfgaI6tjjXKgxY@0E2#m>FD1+U|h^1Nx{+@n0f z1lyGx7_Lw4DW4gHYl7>W_(J@s)BQR#fr*ybneBD_O4sx)uoLqMukpm*uK4tm)@HJ5 zZ^vTq&d;Mn<}Y?28I9O6bzWUV)2xSw$hJ-46O}_%7?8{Y7SSe@MN`yikb)RX3aIje z%Y@B`1AE^rcsCsfh7jwj>VJ$7bIz|fWez|W-7>gerXQ?P>Yu5w{-~L-AvNOvAKMA?supW8j*2#RWtcWw_|usu-xB8nxurQ+*)gW6O7=BbuI2o7 z3;pU8@H9W>#e+2LM(wUoyDY@7Rx7c0b%DK8ezIDj{7C+CwB$YW>xp_e&H!a0X|#8T z_k1^sehemwZ|-`*J=2Zh7^wc0-Ise(AUW8~s&wDNB_LEz;bmbgpsu3lF^507EU?O= z**WuY^Wh|%9;yI}pHuG!vQj6V=%=vLQl1h7$&%;};f!1bqv8-|wRf2eEnm*@xto9X zeM~1_O0d}m;`T1VjG9UMWw7TYk7{s=H*dz$)fhd3a=W&mvFGap2PX$jCg!_us**;0 z54IH>AMp6pscF}d%{Bzek}04SLEvlvHZRBZ!;&c!B{05yXt1-lTXIv`!6Ao;PV-`a z8|x^i_>TH$28MFWKH32XRKR>hg*7$s;$Ntu9j#;pMZ!)yJIJd_b+v;-e$Js}k+Od_ zT{7kTD}&(Z?>_FJilE19I6$I& zLAdDyTc1)UISa-xo5T#$H!Zej98Lj|nHwE16Dw^(1lIp>p$iRGAoWbXUs zo`Q0vO5D#XZ_DjHCV6VZppf+&za#tIy^RlfBNL{U9({em1+L3=SkA!#3JIU*Tw_2 zr2cxIL|nD&U(aLlzj+?ye|sJr<4#L8X=deW4q@Jy#JMcWx|LBOajWWu!>y9unig+j zr6)1-IR@hZOr7p55EGS-|33R<-uAiMNrC2B)}(gO3W62>6>&)=eY8d*&qrj$j3ANG zT9hv0Ja_T9J@q9g%hu0tJf?p=Pf?-Mi*#asVRNmeCC+BsiXi?4bu$L59---q&5vDD z^08Qd(1DNXHcqH^HfzY^qfDRWSdi~}*R2SC`cBU^@NLhgMWZG?EyyIE6e9QdS7$;s zgJOj`cOGREh!!kc*e{W*)H;@<6sRb7& znf5vf;9om)Q3R_TpvjI2#x|pU6@Em1kEZzD$pN-HPQ&$i6QQwwh|qZAl6_wqe6tox z!xFiK+RjseAO(n5@1?5XmlA?jw65aF-L2@@XNQRj(<|RRY~l@S14+I+If_jpQ1Qsu z>RFAu<;yhhoD9>A$NG+RBIw%Ju8Fng_*NzR33!Rla!M<1UT{6w#;2;-^Be8P6-uPB zSF-%jcK2zu(;DQ#b2B_M`2RLc_ulEdZ~Aa z*q$NUI*B@t)2P0Woco$;@-17so@@>6Dll4|J30K#ythHhP}w6%fqEc3-qf?>+T0X3 zJSZ_ACp@%I3U3FV)GEs(-|Ft}mc*NAT}>402Bv>nXmMWb!ma?FS41hCZM3A#7gIr! zR2PQ3-MrZIg-x<#9t&@;U0+PikGU#*eVkbK+?Gj#*WY`QJ%<~F;{Bo(SXkU5rs(p)MJV8~0Inq{lc0|9}NkwfRCK?%T!!)o%YO=;!+81#* z#N#C&nw4|$(96xb4shz57*RWn@|oa*U=SZ%-18K0u^ogsi`+#bgiESsc#f21+Jxv< z=X&MFIiO5j{s#SYR&i%KDtnyq_xBR>SV&kb;w4Ifh6{e%*YbO*^DYTbwd;CRc?CE8 zk=w+7w;p;o&#KAZrN?LZX}4CCBuR*HCUFzaiN-n!jW?d$)va%@Yn?a*YTgL~ z2SFr}J#wRlTw^iuw!AP4eX-r|t=WfQ(|Kw*&k zW14-{^<&mkpTTY6_n(2UdbzoM9V+w*S2Y@`&OcooseRgFIXz3l6EIOi<`?RfQHs7t zxg!k(dzCJ1vUz0(s?p^g*66Oj=av51$D`B4c)$=_7g`g{A{vLTKk7E6VY>QWOdl%? z#cLD>uC%4xLyqQK;G^sOpIPu%)vQ5(HlQYUd@ZcNZf-5sP)S2u-nFP94^QW&r?uFT zi%^d)J5VPpeYY33c`DT%vSSNsl2^SpXcHXbviJR6w$?`hcCK<)8$<5S0Nx}t*ipF` zeHICPDZ+n}2^S>k8%(JVI6B#*FXj5w;5uGPBudx6_FQ_~=8vIy$5Y;H) zJY7jW4+^dHIze;`fjU7^&1gZYoF|A$WrS}cAbeU#9cdsWcH-lTDC`>nsZd&dh zZy`Fz*e|dYQM2Gh6>LcB7P%GEb1cLo;E-okJlZc5+~nexegHmG^vA$|)8k#H z^On`IgK73K2G~MvlA(@cJ~8%zX2JJIVdex;>jr8s;av6A+)H&*F^5B{K5Ms=dY7kE z$o5&BZZCV@^vbaD>+lMK8CUYRkFfbsc_4gDqz_#37h)DJfnSU+UQ)21Cs%70@BW&x zzm#)!!Te0*ACO0eE_1hm0lj4(rb#Vp1qiUEC?(JU2)OvyG)meL?io0XT+7~Fe<@?) z=l5|yC1voXc{KjvnJ1oEx%0{^r+^(DSK9hpt3r(W_WCmD!U&cu7!ER-(p2`V7L2Tm z8JzXj-7N{=yt-k`E4`LldGPX$ht*MSD`x$VKv*>;{~Lx9byAFeiarM)p+)WxxX=c= zaW8^mtCbx4bbPNbvv`YVe532;1^yaqT(9_-byez7{R!D5M=O`sni5#~ttwS%I2 zw3!KJGzeVRv8=455URS+s$PO$Qnkrw(Tavat2uHQ$K1BwO9uJ;cjWGJhpf4 zNeluvkdN6&M?`*FmOKjS1M1GBC*>?-M7`BfDk2=M4S1i!c|qaFCj(w0`*TY-xxd0p znT;8D9kKv(cC|fwKS;2fB&`4f+Tf&^DoAS9kLY18lz{WLOo`yacB=LSN`@lEz4hq- zR9Q=N$GqKV``!e?e%7>c0S8mrNOzVotecjUdog{%txFkmMGilldwPofm=iW!t|yM4 zsqYtO7eCX_+>9U=o)m+g=JQc5PQY2H!)WHBG1wlrc1NvaCpPqV`C!-lw@2x|s?}C& zq8e}Ry^(nA^5m+Xi^x$!vm?luTB2ZM?p2DeMiVhT1W>g0SwtKy>`{TlydmX07;~FZ zJ-@v&iFAKIe@7w_c`@H3-c~K+GOWD+{R+SMI82nx1 zz)Kam8s-p{+Y@}-j&}UnV&!A}Mj4i3eM^U1k1*sR#V&#qdmxL2=yxWJ%7$)e`Zk&65qAK_l5OXYl(pNr1+;6OM zB?nj5^~~62nh*H8L9L(AD$-0Ke$-W3|)O&m}HtM*g_vA1vsX?RyWC}P-dLuQCzzuULC6+ zL(!nEQL}?bH(!+2xfU&L97lipB@tw}Q!)jqt~Phivu2-r`#L?bsr+H0=Dq7u@!#`R zYk^y?-tW74fkQ7$&n-CDjqeIO^hl81OVBw& zc@H~1B8Fn$;T<5!aC9QV2f`1n>=l6YXfa|zFJX$f1Q3S~j>WiF;8LP8#(VB9tm;5( z;UM;H(@|KM`zt1ayH0BJB7=}PM59k;B85F@8F&_U25<9E;EAbqg!y!4=f3ygT;!*! zfeUD2bU`48%E9UtG4={MX8Jm{yd(M6Q$RPOQ_?=m8A3vk81uXoH!QrH2wO8DYDD?x z388*o&l-%mbfeb{W=A#XQn^~A#RW6Vk2P?h?PPrNBRu3Em?hp~-C@FoP?jWyKdhQt zf34CH>iZQbWgm?`p|PB z=A_<&=IAPIPLgRSQQhu$_7ajc%7Q{;`fVyi>Gte|hxm6t4!x_-o+Notd_~)Phyt3) z#G>*%(a1k=P}1BV5x>$$rj_2;y{z{*h60p&1sxnD%%ffZv0aF|lQy6TxMWD5eXO$r zq;O0Sqe%*R{B@Iui>ww??T#zgD9Q!2?2_r!Z}L`KKfltw?A)lr1$$}5N{6oTy8@n6 ze?jqe%vor9yCCjFmd1y`CvUWV8b@A(fEt2w0#tMNGR4qonxP_YrinEzf^Sn&<|i~w z$xld0KI-?!wb?0>ctm$txN`3(G-m++VpHj)>|wJt&jgy7ySg-XKGm$Qzg~H*=@52x z?kMn(qC$(PfMIC;qgiTG%QP&AcIpJ56g|^;!few%EZ#!nDaNcJn$PY|5;zu0LD+{Y*58062v zhtKTi?V;<<)}pGD3dEJmeqRA%|s3&?A@Aaz)q4$l~;(g7EKGT-CG>ht)% zg1G-?A@iahZcO|@4b}4!aP4E8BZx zSh&3-;az6d)@uJKq)wjYW2fM2*-A07s+0VDY#D`ZYoB855AWkx+O+feo4)cgjiyS} zwGwpEF^9R%Iyu&1;g|NqaSIDfD!)?=XyD%}Z%Qh`pUpNzA7v^??aI@}uQiuJLpnj+ znyf1cTO<55#3~)m8l@`Ok^QuC$|c)=01RDHJ7Y_`s2a_=)LgSS~`zfz*E#XUVj@sFP)$JTKex=ekU z`Iwx)H9*R251|3`Tlli=Ng8sYND^wh;VRQwRsc25Yb1N1{x?GW=|lY}pE_?d1*9nCR$$F+wA~&U0QUF%lz{J2?{0L{k6qf@==9bt@wu%QLwM zspYsS7O#IRYG>@VUfTVSZ~l12+50z5&OHo412Z=elj3kl*uRr&J_&5}X$E%3qsSY6 zwQkI3w0>Ab4%3x7XM48Y;=7f;guY!SHE z%{%Jx#iIq|janefhL(6g;M-C}^PG-vPR@V39&P2k;1s8U6~w$vpSCo?I)}h~n`FN1 zd=Xmsm;4lANzjWbx_@-sRKhD3nztL;V`LxJ(NW*Ykaz_s=#%^;GxP8hB8`eV5X9wg zPf2x;FfKs%x)6fx>?=bWCexhvXNvJYy<~*@!mXBAL*jrjLhYtz#j6p<9CpR!&lnnf z)EWz%H?g-xj_)0|IjRXJ6vsQ>J#_csW-f!2m9Vh ziXf}m(jL_f!fqlVzZ1>Y=&0uE!YOQ{XzU0JSWAQj!AEunvy)&yRy7IzSQgiBhah3JzCh1cRZF3Lzh zzJ!}qb*9Zd#AF-`H%+eE*)$q%i3-fAWwY~crDkHui2(yM0+_-5>Rp!MGUa{%=g_`= zBjY+_u!T|~DtUy0UQVE(Ye&H8JAVb`#u&wrHKyHsc@gCJdHfK~b|)l^ zF5A%Bz2`;tDx&*%->E9Jcxg<+-&Y~^vHNxCkzvm4qnc&&`jaxlZH?sA8@ zZyMjLMe|vz>syoM*vTcDdB`wYer3m}5at@wh2PAtFYC?)QrREv$X5-gh2mI$=iXY( zjm`(=R~nNumDJWvGKJL!J2t4JqDY>6!a;ZI)&B{6nEwVoFm=CbWY?qawP#3|unLEs zZ&}8?`;_s!6w+4(6aU8MHHvEU#u2ZG6NDTTe(Zcm9s%J^BQ%W(g1yJi|FrX$AlIs^ zops$y=c;1!o{itQXEEGq=C(h0_vN?CXTVdECkbV3Qz}0+`N>8URf2r(O#Ed$wXX74 zz~%^~V95c(v$kwlR-D=`t1nYUtnlNp%y9hHHlTTS1;IgMUp1u>7`u2e?o*8>MuLml z*rH2y1Dw%!AHL#qyI8@%-pN<1Lr~vwmLJZ&l!fnJ2EC+;mQf_EUrZOA0?y}bj)$Yx zCWh2-cgmd?W%{DM43e%0q<;CN!3ji4TVKn}HD;gQv;FWFbTO&ojAz2(8J!#*yOU_f9<;~3R_yadO1tboI zFKQ!lnz63mN1U#eX&VQYVmqX>qG*(H^XNW58r_{u-}^7Mo5q1RkC@@|f$Wab=_*VQ ztI_!G_s!0j>z!Z!554>^CH=7XKdkO)&9na@W&el7{crnsf2rrXd{RhS72W^WOSl(7 znFtw0dm`qQiOJC`y~m4r4TThwNyI0WaNh3VBh1{4dfw$QzQR=7y=vc^??D29*~;TS|?NNgkR+3K!zghuo@$&Edm1J}xV%_w=Vc>@2r zhSQ6F#6ERN>Gq#Y{!%oBD{sY`)Zsx0uqOpnZX8DBwP)wQR9OQs!_2Y+E%#L1)ma7LmTsWODnZA#+A z$@&2APXSYxa5q;8)~QW1)@clG+2gxmU#s@iiz3*PRygw0?JHPG;pA(S+oVcDZI3g9 zreLL~+O6c6qRF41)B2nwK8;QGyVW-)wAx4TXR-@b`5ROmXxxYsvHA^(%WvxMOirMY z%%kC2(4*!2UMmKi7D|d z$%J)BSABKk|1pg9A<9B28j-+O~0 z+V&RNxlGMS>k(gvEO6f?4tJ?5`Z8^$~`#-b)4KO?LDaC=-P^!+AqJ{iZ@ z2@#;^;di6(oMzbv-6$^ngZx6BaLLu)?+eDf?{+s-hpLOmYur0MnwtMaFvOW%eQIY* zBOJd%Q|S7w_e$d^zbE$43;yT^*6kA<>s<1R?@PQ*H&uM>cNQ}27dC9i)w-$Cz*XVn zV7_ODqUHxRYX(<|NEdwz4bfP1-OxvhRU^rg#?@VI_wqY=d9}LQJ9B191X(w}Gxkm; z&FKd?glN`Nptqif0Kf4+FyhCR{8 zoo&o6$j~USDf-+zDL%fEBv#+a`juFJ2K87X!y;ST>0#>@qV1l?UV!$T{od3`k3h(_ z7x~WSDS)Sn%H-w5Kd#WO`_Zei+%tnny*|E#v3;2|1!gV?Ache=77~QpQ#CaGFI$YY z)@l(FmO;Iy|713`vi7nF3=iY>Z}LBBn6BE3w9vnj^hgqH>&E7ww`px0dSQUS@3+J2 zW9L^i3?%xBmi0$2=kwgb1A8r@HrU-XIT3#R0qic4cPK=Dp;^hnfkshv=SpYFn!J}m zaIpsEUm48PBJi4%z!jwQ8Wb%Sb{GppNZt$979()oDjENlob?(%XD7|@+xZ&%LbKiQ z{0nqj5fEKSKF)-5Q-nz`3C&KQ@kiY|YU5sV+j&P8ZIj3ZNA2Oh#S4|DenBA;X7>FZ zWAp}_%wJ=b20t8!^q_wLaUPMH5NvYH5`TL$YEpFsppQ$mSa~$rIHcBnzgb;*o}Y#6 zZ0Igoq#`rs_-8XszUPLOhn1#OCu@Qe2PxDC2fRQrz{?-SwkzX?WHhwwO~+MxCV=dP zE%9soA6mk~BK2&=F6eZN)oZ*yH@C5K%ap>U(@6yoq+)zg%rI%fNMv9x5IebaaVk26 z;Dw#?twJr#;1}jGoi6N+t@fEugB1rZmc!7JT%T?Y%Xk}Z!jRyd7{}Hum`|~M)tqJ1So!>->W^2uW9MDudsrpR(jls8 zUcC@j_@ELLyy6@K=c0}}U1`NH*2bkWj=}CMlLBeMS!b|h&bN32w^vjRFYJN!y^thq zyozs$v9$Rvh!Nxs{0GEM6({Y{a4WEPPtb1TMQv9W3 z2C3ECyD@&zUk{r6&DitnLrZk@i2 zkOOv!mYe3O3&Q3M-PKrpu)oQ2Yh2L&roc^wU8$Dz$BhZA{Gsj__@_d6+|Ny7Xn|mV zC4_rZiNNmZFPsKt(T@U*r5lqY_ z@mIjCY0Up>6a%yZCPm;i&C+zlZq>$G?>mQA>`njiXy`DJ=UBAxEIe~le*JqK-4k0Q z2fS2Yel$vgG_ic6U9sv1Em7e7GH|wfClkk05K?{8%D?+GgUFnv(xIY>_B76N`O!q^ z6B9H(Cpq`H>{`jx-cKui5iiyH*-%eciY9G73#U#ZxG21?wDklAD7fp$&XJmSQgJa; zl;bzEm&MlyK8Zb_hG40keDC>;4L&mDOaJ*?bz(^rI4SwfDlkvco`JEK{_s}zQWr?< z$wXZrFKGM}%>>KpU7cS@2$L4eWY<*Z(3dgz^|~PU;W2L<0t||P)6-rt{+OA%r=m0v5DXa%#S33Sc=lD2;A)rP$wLS&1>Cs zCgaAqzCidXU{3oRywmM|b^Ey5+HB&iU2ra$4Hnc+YQ~C2%=km~#t-^tL>|1X%8wN= z8BUXBf|WTp+dB-vDIhSJU*(eO`Y4ypI{|alOX2i}Ru7bN0?a!QB|Y zgaVPtJh~x}a^KINkM>sMM>_Io@)D@;`vJuWR74RL*;RNOP4NwAz5$1@8 zJc`jJMAu@&zSX#TB$+ak=8dOU%=jvnj>CJlI6X*0m9FofRKtg8!0;Ir1PjL_ItBN5 z5H9+-5q8@R5bdi2S6)$fbxt|3REAqJoS8NA#rot!i~uYEuirai+l{wbjxNC75YGtR z+eM;zn`*;DC92Nf-GG2E=O9o z$U?c1rr#3tXa;o|17_24b*=D9+lXyCa}NAY)!u%i+E>2o{?fCm(dxGO;d(#*7YCS^ z2(E1u2XxLP%n?7ZW%r<<*lFX|Qaa1gtYk|=Yco`m-L&5Hs+s7EoBC#(Z7DPU>Ww5Y z5l@SYQzx(|&D&(WM(>hv+Lz<$IzP$7qh6r)o>}9Rk84v$!Z31TM_|rR$o!8w+s?kx zuHx4p-sSuIvWHZ3_2BA`e3@y_eljO@MC39_AD7J9OPJmxYjnde9|(wYLKTio2ojtU zK227yjE%>@nqze)_>&T0`U0P}nV{O&&J3`#cvIq=c9Iqj5s;+ z@e1s@eyPa>T9*ZQ!xH`T66?rZYi*(^GUO#(gOu5ABT7puU|&FsbjR#AYH2`RkP?#c zs8!qhvT5CjLK4Twx~|ew{`Oug^H1g8)r2i##7Q>%CgoWJsn!qA+ArW!yvf;O2&M@sX`xXDH^!3h){%xfCXO{4GS z+aV|5!_#vmec4U^rb5$%2PFlzPuV|loV{$YA|9t|3o$c>N-6VP8dTwXh6(iU) zHmx2alcrc2Gp5!2=hFmk_&b?UUFaV(s69;}ds2d@;8%W86-h?~sa|JJl@qmTYM-NE zFIAzVmBkhDjF?%cBbTaSulYvfTFN=ASBjUoq~HCaePH89qr5|UOc2B?C&leIsCeRd5SD1I~^^SZIxZk)Jzx%3_{kBvo7-lOM^x#?#9tG6Yr2$|bqg#ItQBHYQn z)>N*fnZC3|9c;DtJWeeppwv;T<<1T8FNnw-Tl77K0kMnkJua`#SC2lv`8GY%=Lx%()oS|JN5U+8X~#Dh%pN?l>es*luG zDZ$_=hBU&vNPiXuN-`{mF_UVmVDgiB*wXR5%R|BP_YzSOX`o-3>eth+^i3yuSUU*4 zPUm-K)fR@%;LwS*h%(0cQoELRMYVTYsI_(Qs{i`gtOUgiu^;*8^scaTXT6h2)iPb# z+wmxX&a7C~?y!(=kiz;!Su`KjMYT?elj1WiWJ;=n%YEFM>Kami{PDzo3swIU$?^}| zWFTh}NtR*^~wA;eU)*(Q5Mrjn4P$i7Unj%iG? zjf|O6_7Gx1Oip{YEMpxedy(wh$TkzQ&rsu&8FOBr^Zb6V|Mmay5Z(L%zS2! z<9NT{uh;W+m=2cuPZ^oj59*oGm5OFoby&Tqz|^ff?rhCC8F#k>pDv$tdz^Q>YtCk7 z=eJ_$BVD827cj(z=s#Y>pgHq{UQeg<$`RW(PX)a6^#;mI15SGLQ%}}5)HY(y*2me| zmENO1E-9T~dvGVPlzkl6Zx4&97Cs<+_~*{c=`&e0S#Vx?m6@7SgxLJzlf5p!fl|#S zJ!=hjdt<5?eD7l-D_hXHhkcei2&)7u6z&C#aqdHd*X! z(0G%lkVroSi$BD)PIFBkDb9wy?XQpgW^zX8(;M62S9#x($Kmdi0qC?v=`paStZm~$ z88cxdSy)@MXY8xuxi#m>u5{3SzM6R4M0z=Kij>qH>0OPw5TJhZ&Q^`8QvZiG3F_z12?!O_g4SYZ z`(hzS^kiswxejJmhrLY%)T6#`kQ2&`2C zaZ>hvxN@nHyO*F21Pn1R?Lt_pz}yGy0}w7SB?5+}P%KKlJTjn2&o|#JXG&PJwL?oF z_($!V+?dY~xZg}wB(0Mx-QpTmfOuu~va-IRD)Sz^yCLjgmcvbd_e9W1KZ?@6yU>aw7uQ}=1DKkQBZf+p+MD43pwnmjtvZ{K79wi1|tsU*l z{DuYrD7g%JLgeMO`QHoKpgULJw6V~~$JyXyP1a!dmo@r?{F$Mqm}ElBsnXzWc@9PF zIS@K4EXBFc%*teJ&22>b1fY=Cbw>~^i6TPE=PxWP9tjTx#X{xwa|%z-kk|sap{F;R zrQ(J6Ej6^`)Q9swGN!h}IWBofiQ42(&llmb>K2*@n4RW^~*0^*x_r=ZK>SjIf znIqL8g%ScJ(#oULaTzGQyLKF1SkifFe?>DX#B|&x)kL;5%UJe}@e9T7R|er!A1`nR zTHR)>w5OvMTZt1CJJOK-<*77X;cYiWESAsVX|m_6^zmBE*-czy8Tc6`Jx0Ar9KV%Xr|fTdYFit zLis80zv260Z`BKMykuu(>*{Wp-!f)^M|ey%|0P zAB+&s2icnZ#N)ng$L}$Z)GB{nwZE?YVYY>R2M}x1mjj&8vygDWEC$t!- z)NKqk2x!+hfQ?$s_VQ(6-cZsf{(Kv#59~8U6MqA70hG@RzY`{2&^!{DP!quF3~3fw z>gwp}q;IA}i+B;>S?7jIUzZuJt#J(#_ej!qt>!W12_!qP58y^{`0=uDWTj-cM@xDOP?oE)-tE zaRcQYXc)dae6eLi6nk@IUGIvkRt2FwP);hk+>AWR{3iP-opICg;NDf86OVDYk-Rbv zYBvjAO%&qj^y?qO4EBB6u_lESBc)M&?Z`{N&8}~TV6rV`e-4T&VdzIr9%R`G_#~@z z2S0_#QM{lN#q@;E9$2g-Y>yrYK7K!8F1mzdUjAmMI;vzlTf^4ux_R%>{Z47~|CV*6 z+~Cm3?Vw*n+ynm@-r+0tkxT=Y?HEUmZ8nYTB?|mLPqy?gJvf9eSD72q`kXn+tn~G^W8ZGt5LjLLRf7 z(&wfoYs$(C6&atm4rKV}xw!@G^BC;|O%x9S9a>*IbU%>O#pL)htyAV=C)Ry5`{b}e z3AULNFWve6a|G#myM49z^Wj5IkD^@mBZ_GA&@b!XH3j>?J<ydes1)SwEBCxC*DA!CKL1Vrk@lxuwn#F8$3T#cjt|5c=D!b`x4muzBAyU#k^p$W^*LYgej-DDA zf62u~QNw6!aA~IE>>8v5dusqE>ZLC}@LR>Ty+(Zsc)Wzu9P}yq?L`kX5glbI<=51u zI7uB=>mFRUX!PrNnn&auMSqfL_)Uz7T>YD;R5i~tz|~jqhn(JX=TVxhpnqz8jY@uP z^5efQuB-e2+h5PLeInYDDB?fBxlyweW~fV_hglw{FU+~k?!t`9tV-~kGtMuzhmM%?0 z5ac@$w&dL*j&JTXBKePx#a(K6(-8HB>xn;MCigoJ5vV1(=>@BqOu8v^JCZ96eYqMS zYtV7GI!m^`pKMaFd^vR0>s!)i0;}o^vQqwd7EqdlhP}@9X zqXlv#l+q$e9bPLkqsRKmgF}3S`GckWEFb0dHCCH~Ms1daZS9|6s#rM_&pE2o3Kz$E z&gzVjW$EWn4){-5wq>0h(?5l^B|0_?`-fVbKT*HsV`C=TqKwqbQ;0Y(E^aBYc>%3n zN@7p!9AfXl7lP4Ico%ajx-A*-kTqycmu&@F7re+CzInjP&8DzjmsjNNgIZ0KohpCb zopv8^;dMW*7xVd(+X}4Gyt7XjptNNj8us51`je%yCE2#qK}paIt`3#_dCYVs%!Mrdvt(tlf#8xI zkLngM`7tQ|C^Aht4Hf`R|L{StGJ84bX%L6Ml(dE?KBPo~aXetXrb$WAKM2S&L1RXX z3SIb^1LkQ6aZNzw`ifC~8vT%J>B$CBhk8)O9`qAQ69Rgmy$>Ed|xu?<}H)H_oNie8vRo$ZaJggetjt+-O;N)k(+!1#M zy~I(U=CLJ>ksbDzHqa317A{_oPhbjqArqv1US@rnZaZhWG>an=BO5jkiH5-4!7Ifg3iV9CTuE)f3}=& z;N1~yCb`3+f35WNYU|cb-mU)FWQtgL@mMwSE3>=elH;=lokNdrX=@XaKr-7Jt2Eqv z8RN%_1T?@N(iy_sA6bOhmOKIwx-NK+2Hl%zIjnY5R93r}{{3Uzs@szw?f!Qn@CC|j z@&^3J-#oL&6WS>ga9UrBgK20GEsL1nmQz!;n^pt|&>hmwHPnD_0$NS2wo{)~%Ct+u zT{8dj+|1p#>yVPcdil?Z_##V{(Nr6uFYmpx7>PBX%TReDXaTwn)oiC*csEYHLEa~4 zsjti@C%_IHOF5H@Xu|Q3suDS&Iv|KqFbjWGZ6@Q$JVPwRR9=D8w90aP{gBAT)#|E5 z|F?WaFs~=>iK;T^A;*N|w!6xy0xTrZf}Z{S3;hgtX;3)apDlZ8c8YVSs*&xJysx`Y zdTrpZ%`(R??Tc7s!f(MWX#g}lq=k--F`-RtoX+1oN`H>QgCv!sUZb-~8cvXQ2u&5pc<-kCj3-I$;io-Wik*#Y5!?VyX0$q!|8757 zN158$v>VBrj&D~HU7sGZJW)9@)yGHgaM9okt@vJjo9p=e+W7b~_XKww&R?!)$ylL5 zTmI&Go^`JOH`sfNEY+m@Ps=lRn~Obz+z|>%2j(MWRR=g-o-K*)Jm*fFP`J?Eu$!wd zggI;E1Z4#RDl~K9(y>_0UbL;gB6C=}wTHD&w*}1;d8hh9cJO$W#;wJkt5Ueol_^&0 zQV6!3d!w7v5C{(?aqd`{PY`KS`LUif(?;1t)b6bg!MTmgE1mX^*T*a@K6M2&|B%uA zBl~jbkFR>sgZbcMc(u_g3G~vqF~$2LnonS2TY`q{my^deFg9K39)&dH_=8E))S$Xr zxh(8GZOn-aCjueIVcxK3a1or?3Q-7m9QREc%!}I4qDTvinUs3Nj|^FyntR#J&@?T$ zTFPT$o_e$-rX%*t1;wK0Y$I$CaEV#A&hBUy2l#{E13B%|L*C72!OW3k&F@Qfi=g6f z4x)WhM>pijuc|^nz*DvCUMpw$;8q!Rj}EdNOr{q^zh1RUKQ~@6S*?9P7%jV(9jY`etGQv}c>Gx1T$FEnrH` zY+g)=g;&mWCOqF!2V%Q+RO27vt0(U?)b*2{^1WBwpNeO!*1{juWvnJ2sT4UrDN8Q8 zAe_p^n4P^%v>z$0MqW}GL>3Jmn_gbNc*^?WQOTt1MbeweO?bqdGnxE!^OiG! z`v)@o|EcFUhgl zCfv4Zsoi&avN`#A%s%r`J(nW9N6F5aj3P`RQYMg0GJTC3*k7+Q*j~7-KcMpFE^J!# zky{WATp?gO=MggiJhqn&m>0?$r1hjEc6CzUg-ZBo^{ zUPvF`SH!-74cL9BuY;Mq#rzh{fOb+f8D+`tr3L{^#cxcXUn@%Il-uvF4bZf=g=HJm z(#SuAY@>`%8X3?NsEsTH6B-LTAt{EtnROuV_WA(DE`{XU3^|l_kN_%DDTz z@*}uf z53QF#|Edd~cnu180aL>^_fnk-=Tg4^IMzQa*Vr*rP5gux2Q=Ue|CxPcr^8SG=4o$d z-WV!xS9&<$z_ZMHfOq#hX_CJe-%#S}D#ok0#c|!u0nuoDbZzs#=0S?bhNJ`Zh03of z^@ToLAd_#Txj5IpN4}{slz6KqNos!U&~COut5D)%q6lEMjdBWhfOp-=Lj?KsZ4GU} zqmRNr;ycO(kaCa);EO6T7X!Cu=25~oes2f>2{)OC8+`H<8wG+;NImk~;XMnM=!)McA#?b?Qj-oRT#PmIl- zsIR`76td_|joKfx5rnU_QgCQT0z2;JjcbdG&zt6)%7j0H*+QJMi$e60+e*=Fy!<)^u(LdCf?) zkgb!EvfJt|hUQPUbrxj$)XqXBmT;FC-;0E@bC!=xkAG2c8S#j2%T~n5KZzIS&qK(; zk!54}fL|QgTxtvS#ng1q#vqvA!qL4VPlvB=Fg89lA824Mw!&i@B4bv6!NrL}n77N$ zN4Y(=Q2X<45e^oro;nhPu_2k|C&KQ{3o^@egrxGqV@(p6N!g;2}-M7#HaePS8B;awGYq;$*r!Xb8eMQug@#A|j`p?-W9C3zc z3tr^sC`Fii#+)_fH$e54t+l{u~kiKPs~OB%#!`WMYsWqj6NUMfiV`LNr|BFgEDxp zL7Tm!{r#ZyjfAxTThB_PEXQMi4X)X_tDAGHaQ(#z(6f(E_pFZ8Qsz8&#^ss1ERGMw zG%I9QcpoN#hJN*HCUW|SsSaq|$R$-I+#OL_{VVtw=fjYrp082zC)MtQCp^zIq6N8K zcsY)pJ^}q6gEtH&5yijE6<_pVmL(sK{s2wm#;SjLl0QZ4@s+tH;(p>lPbv>%nvZGL z_Z*AJ#SC^*FXaygoP)ZASzOmOJn^_dHu{*}BC)f%00>~iaor6w?FoWESu+QIn@83d z(9aO*aju=Z9`rvR-zURrkd222Sp2z)Ru9<^B zy#pJaiKgpc-i@Xp;E^`gfzsR0P(J0VoNE$cpu0jCNH!lSEBS5rME+w#Sa+~nRsEB) z;=?O4RYs@6&*%u$(r3nzU4QckHuFI{@S@8si)Bm9&SV>CbC;{g^QL0UwMyG(HjjLy zq=_zQzj%~dc{5zp3mz=|e1dazw}g9uBLP&Ec*85lp654n`EW>wh8tA zg-;t4Z|G#(4KU2=AeD1&n5@gZ%;mPVClrqZ$u!AMVZhiU>I;N$`eQ8n@|5Ut#W%L( zrV_{6w}%uT0&EtAAwJfDf`JW;Aw!kk)~uh<`5Gv&8Y96adkU{_C)N?ZfVo^U?zJ_+ zrj5DzG{*xYXRboN%5%&DDYI*TkX%Dk_nwK}WfuF_CHOIJ*G#qKbN9iV21Y!w1pjEI z_%Bs%s*495nm6Em z`U*#KJF>m0&J_jqNrSXNP!TY1&a__8K-ZWW#o1YS!F`3FQ?Z7i86*x46t~OCF|8AV znHhI8t})%4s~aHg3GvC8WJ9H6uQf#`ue?-mzx8>bq%$Z{Zb5Lr1Sf9aj)K^|fqoJH|ohvg0 z2b8!6Rd-?F?`2l*QVv4W`NXJ-rs+YIBxFx+m}FB^3{~9o!TT?oUn|<5B@zOy?j^PJ z82^Sx!9NDAnKH_B;lORKj6;WZc918!V0?+IFjQW)-Z3dos*9PX(oEcI(jq>uryLgg zo9EPL2cAD3FMQv(luq=~Lbcbo%;Gn-hgFoJ64c=L-vx4?ke`&?u{r73Id|va&Ca1U z2smx>o{5zFo98(B(m!GiaF2#Q1QfUJ4Fq_k&4gYFp-bE|r2^j|_VrHnq^q|$Y0t}%e>j0oK8~TuK z$h3(q`3)0CreARua z5Jc63y64L$@k}OrR==LX-)?Udp|$dPv2K`r1^FR(bc`B0RrM#Y6Sb}kRn4x8JQw(- zN$O+J&3B$vpp}4)if>U5pp3&=>5PqMztK@oDbF>55`S4$ zL8EpF*Nz4-|Ix6Tt(T_y>vz3QU?XRoaXQ*|!&ynP3sSk=`OiKH5!LF|F{~dLb-~SAyq@@Os*-%sh{sXEtx}!-B+=t2zaqI9q36 zq7+o9`5ETfRVVfh05%t&$9&-k_DB*5f7wkqArlSgf{G{u(->xsgKL0`Y>(5Vl=S^Q z?$I&}UwHN!r5bI?7LAqD;YMJ|)2OG$6r0V;VHmVH^8+tDbK#*eS9FX(xwuHrBo}xh z;Bh!Mm)hehF!6cspHl{!jSrG+KVo~^7IjTtN~%q19y}3$)&9~!DzM1UdmQ2l3?_7x zjq&3>ag@YqV21So_`=x!L}XM3tZ5k54UC%p`)pnQ^K1#>(34elsSalzzv9W1*G(jB z?A^Z+2XjfFy3Q>=H)@|bih&s?7$lo<2P%e@Imle6xLd>OCCPRrl0IWaBJNvp4PSnE zZa4BhjqDNz&I?E2w6I5+Hm!o@b6xGwv+Xt#1pCmkJf^>s7gr`}Dmq?Jad@artEpoP$~(w`9bpql1MmO66iYE=prCaz4ccfcEVGA(y8n5 z13SHXadJKQJ*+5 zQ`>B9q8! zW76*)VjA4F9`nJuBJkZoR@6Hz~2M>mDI@M~pps7!L7dn3_Hor@-^sTkqkqC7@<7aPq@fzKnV74_Z32VfSc1Y zrTR!XU;;L8Bn>m#xks*E{&lDCNXf_WHj{z3J$~%Lg>F z^#Q`{SQu8GE_?*;@C|E&4$xCaG}NRO+C3Nhuoh42WYJakC8%Grkc^9;D(w+|1b}an z?*wC}lM;qI2f#jHF9YH8K+MAEqB&`}8C=DXwkQ9t;(tFW>A#=U_Sst$UgJ6V55bKR zrw53=$DUxoKf#WBZD&a!Yx_wkOIkqYFNd;%7!wX4Kk#1t)lI9trgDRyYB;DfW1HU7 znMQKf1fBaEEB%W&4URAa_KbTBBT0*FBSxjy)O*q|qF;{g^hG=za<8l-C0+bsxVfQv zE5+YqZQi`?0`TDhdUa zHbqETvGTf->jz$^Jn$XH+U{n9`&@!FM}z^QgkW3+S9@@sb5>>s9AT(2>vKC8paie2P#mEGPL@%`>hksYoLe0-}{ZbHFaInA~GmBRJ!wVmZ* za=Z-5Ht1fgB@n`d*o>86T?85FGxm(H_K#|8Br0zvo%&-#IOV2tw);o+i6<{EmR|)n z*a*;zo_V0D!x!}M%d(r_t;dlQckEGw(4J)^#=taZFptup@j7a<8DawBOq zS_6_2$%M0_ci(Z`8Afg3Z9IGoXqUY#__W;{2yG3cd7#p}qm=|cus6NDPqi9vsY!^r zC9W!nQI09X1Qw=O)|X)cB%g2G8qi2XjDl41cTpmo1sj-sv1FBe0Ts2iG5gvftX2NZ z^v_Noc}Z4at*E1|dxaGHhA%2HRlDt@<-!fYnUEFuZQKBiaZe?P6$gZrdddBhV%+rs z*~6P2p8@NVD&r{nNErV}%o$jyP<@?x6EnxQv$ZW7v=Ue9)N`T3UQ)+ei3c&Jt#H1- zc`C5?a!5-|^H|Ewnp_~HWyf}Di z_U``u0zqXxopKt0Suy84g8({L7@lmI4r$$Kkl$?Nik@GG&7BnOmi``^(nUc0IB}j` ziT%3%NW_!|>Y<#|qc}0Zv{hdWfbPc8;$+LsW5_O`D0Fli!gzh~w4jfEH@&BN)AB#B z^0}J*d$YFht3=Hbez{A+cYM$?cjc9(x5=S%-~~AUKmO^5?dIVGK@e($9m+xV>q8KM zex~kBnRY@$_(D;M{nBWlcF%{~`N-Jf`iEh>(?6f*1{~fzb-1cfi+cvwLKGv*(9H!n zFvk3Mot=n!1`Bp{ITc%4xk>xp06-<;I#aJ|3SAZYQgJGCM%R`1ULY`(;S zGYDzie}p<26-%qa~U00Jy7w?YM2e7i;DYyXf6RHNtqX;4k4{j!0Z z9?Y88sYwWR{g%QO|FMSx#Wx;XJ487fXDhZ^n-z#xL&3`g+K4iGSHPiL_oPM5 zp=6vHam_@UX-I`~=Yby)#!y;KmWcWn8FJ8JSFg-lsn++_DSTj4II&G5v_oVuIjrYE zEnVr#Sqs2iC%j}0r^ErTWLUeijwpZlE;Qrr#{oxbhxCnh<(kbCi4pTD3Yf8Oe+t!< zg&WcfnEgYT#lMni#qrj9_WR!lqP=SS3bmFRkQuRktEutEeFuN!H5?H!PisTRptqw< z5My}#nN#x&Q$oOIb1bF!VjaZ;9o2jin4+P>;6f^5wsnjVZni9|D9CSrCX$a-@+u+7 z@5LET}IHZ|3J-K@O;$dt6>k8uR}!?h+M5m~|vRf1M&CHDGo zxmJ1YwJTpYr(66~3HgzPHGu$SU5RN;TY{A8*NqFW>McUJa8NEDjnAphrIUWa{kFDj zxLLw&MBwb$nhDdPRias!p%cM@1{63WREj!>u($hF@?*ZBd543R0^Su?$N3@e;JzAPzyd*{uNGp6xY%(u=1?wg)$r%6W;RFMA+Eh7!7^+JQR!-%70nF&!a z6h4xBj)`lc5v2e$Z95iU(+ugGYeZnt%)ewUSnXfVzwTCr8_Q%%IXb*_)OkDY`Az)7 z466)4c+$%wr_T@Q3m~uewc_~e8C_AzP%`3ZZ!z_IO91cSHAPz^mX1=e{#4IJ%lRML zqr$2?c6etNWykzZPF%{y=AS2A-1hfiqjq>?`gR*c4EB;^hR^;!Wh83s!PtmV){3<# zQRk`qnC@lzwD5^d_TEM?DUpQ*VM9dUt3=R?DcPO?7^*nj82&A#gaTC};SoW;WBkX;&@@Ukm`+M?szJYm9a`5rpEEI@D}XMNSM}VSi_Se= z^Zf9Un}tz_G$IrKsJ+{{+blu!AS9EL|DYeFRM&#y&9jiMj`DG2J5CblLNZ=}hS4|` zJ^RH^PvJ3Iad3;Ip&M0$56Gklx}>C}4cs&Qh~w2TyVF-U6wk?|T{DlSeDrLe*$+&D zRj)8d!%rx?5J?n%$h0ofuP8#KqaxA{)@Mx-+1JW*D^vTc&-G9J`I%hWu4`r2nk7FA zN+<_8dNoW)I9CCXX16;_Go4dpvq}q=F4GW%r~$_g-^2ZmP2iraoXB@_F40c5b05l| z6(`R<1OeYD50Kne3+HP-3M{r>wk9x^(fhr7a!tZ*8cO zJ)tq}!$ka-^|tmZJ0(A2uC>~y&g14icpHpYk9VeeZ3eUgF~w-w75Nj_ zXoz1I1EwU~)Zo1eD~}(<^;XxWE*JLph^U>r%wN{#v|Fk#4NQU;;^}K*%^BOBP$_!= z*S*ITMHh~Hy?ps~L(EE_`L8AaCwyfB`+QCc)~B`Soc0c11Tzvfr@6zz?5mVd=Euv3 zXWmoE=?8#J&qX{^rms3UY>_SFRWrF6EN7Ao(;;#+mo~QyGLVg2i9hT2o28yKkM80P zdT{433Rq2mK!Zf$sUBNwe#eHP=7}GFaQI}Uu7yWEsHs}rC%*68eiw1YISSw&(wQJu z`x1Bjr)hAo?3*#d6GylK0);?|uBXyy3v+`qUUx&6-2Jb;KKO-aTMo8c6d(wr$Cop^ zSoelO1gC-B4)IF1N5Z2#kVOhv^93oQv~QzdQoj?SM=I;Ty2RG*v23G|DDh+iT9d>5 z-NN4#aqPVz?6o<+_ufmTm~V8pp>oI9px3*ptbn>rY2CtyZ}x+S&9_piY2)t9KQ?Ms zmx77V9`1qku~kDbG#THq0}IoF@h>U)(gcN2NR#1H%+zGnG}R0t=4rb3L4TC|^II3T zoULxZ+LyHFHLe3D{i_^Iy8*Q5NGJX~%}nhK^alhOM?^PBqHf(u^@#SUX$S#U7X#Hk z%g3%A8WiVwa0F>Sx3LCc>tmIG?0@({{2na&Jr(p~)m0CXRQA!2vh)>VcI>W!<_hXP zy90Y{Z>Q3ZtqvTvkY#@ljx_4P*Ff6vQ8U#MvCJMCcs5BPt(#>BSKkkfqNDn?>kFM6 zZl5+SHNQ`|{Ti;LA}PVV5Pjn6tRbNgYht!6lt>{*9Gx=E0s(#h$HFQ=5S;k?(5gD*Z)$C2u%EZ!_dRyP;SC?ppyHN;xNtTS>o7eAO8pHaNy^E zP=}!Zg*vEt@2Lx$UY=f?&05fM_aGS|S}SV_r018YlvQ8$HH4gEzupNwjhtmMAU!0? zKV+A`)84wEpyzZ$WSvn{bwkqVzC+?k_mqp~Z?+myUuuOwSF_p1+^=#HK+Bw&h_Wgd z0`Rv{7_Yt4i@~{sr2SVa={Jk8oAp|mdNcXx>l03OlS213zq+Z+pIGpROv<-Fs)+HL zPB4}e10SVa4HE`p?>CM>%eW^@u8h{yY7-v>RX4u4Gqg|vulf@w@D}?c>A~tj!#Lw^ z$E7Qcv8#J2!?UR(UX=~`H{hz+I(u;#M7MKj{gtP0lyYK zJM({n4*CB99jGAa@K9bY_Fv1|-#o$6X&OhHy+0Igc1M1wz>VM!fMaFLvui4h$=UMg z>V>+7;SDWQS<9}}F~Z$x=Yv-phSn`_hd)|)*0XSZ)8Mg%?Z6*JzWYzXD=GL?-5Dzd zG`}64RR<=;5`5mUu-bjCH9^zbX_jpb!&w)H&J3)->2`UT9!}nL=(aX=_sR((V8%r< zQ-qw0*~(a#k3d>3_T-=nS(hdl;+&XlR?Wc2RhN2e)at%U8vouSTW4h*sG*KBR2{!- z`;^ex2b|lV$utLR$wM5!e9YNSg7i%5t_xJ<%RC%YwiGL4@Vy4TbYp7zKPnqL;iNkBvYuk-HN_0a?QwwG<+gy+Dmjv<@PRtkqEPO{)itnBCBcixoRHMiln|!GAl+gZof~l=*`2m@UY2aE zLf6&*x;mNL^C~+5N+YZZ{^f{$l0lzY?aBw}bKmNNLxT&Q;W`OP%gZtugx8-@1=W?6 zAsCkNm+Fm&x$_L;56+?BEV+ky5fVAg!z6aVq?RbcI5{A2(Q5QJ^0^Sv)hjI+F14fh zOh7|a{JzA)qoP;D>~_N`h^ABU!(IH(e@!{VjxAf-Vtm-GAc9Ydb@(!ScdMM}>Zg1! z>h(tAREq1}uk+WF1Z7x*0J9i-eSqW6+@Kl7G@n82ph&xKsNkh0P9gr%ojW6IP?rch zg}|EN6M^?m9WGW>6Ou&KXM-dBs+l&5D592f2WG-2@}87)jWxY+TNV@oB17 zZcT+bUka(|Ly6CZ%x`~m7T zKwa$a4@hS2GpQeRcR3$ps53gI{>jbg*aaocA8)MU(r;KV;~?BI$R3;|a$2gAVFOkb zbUsGei$d@8%x@`0SmWw+E{nT4sALA#_-3ar(jzYB&`$c;rHxm=L|J`$!OCKsjlf=E zG|YU09nuPMg3pz|${$N*+c4dN0(T--qCAfL5t+E&PhVx8$7@w>W#&9t%Y0P2CB1@A z>|KFWf*nH>gmx#Hk^P&vcglN*etBsvAG}=3r(|38=0w?C6Eei(;z?_Syoc^p-jDpq z4$8;KHM?2#u_c%g*?>{rGxj^q!c1RQbj+cmzL8XC+n%RNiwO!5`9Zv>^*P#J9C1yp z_@Yk^6VHO1N8@Cf(3jwJtXyO%T`sxM3}5WgP(p;kdnwTQ$n#bS~ z_Zg*i1BrMN`!-fCmKD(ijLe#c;Z9Wz=^3Y!oz)rZ_4Goh981>ZO#Hk`nafZqwOBM@V81hR6yU1IgKhwk77^jtoR_CCOwS072N)G@4iD!xOhZHf1tu zQoVX^+Dp{Mjkv{S?CB?!zas7f=TQFzSK(0&q`t^U|AMP+Ah&BRfvdRfVHGZ9q&7ISGk0CH=zoP=^Us|Vsd^@|Ff&Cy2{U7Mt@8={XtJn*fr z^0Nar&BwB*ANb9_hUobj%d?LeeU3yq-%-XBW$Ow*P;SyJNOV44UJdzZP zm-E{4+OE9etAPAq6gX~TYP=*f=}$a6?lR|lGE+EE2S zX1NIk%hIJanOeV6Yq=*XhN{pf@6Xpc^*9xAfWaEMMUn{9+FzvX-=BG~q*2~G{^5i3csRv)Rp}KrtP*r@3i%L&`)bHh($mI8&$| zYy;bO=0|gKmJ?0*`ZAt0c%>e6wVOY$pk`e7;cac=i{KPg+0Oq1IKW(>RAieU;2{GJ zXnzI?&;`=|V)S-`Dw8xz;CFC|Jd?iS+A*f6#^Vl#A)H0DYRj8|XRVG=k^cA*QPh0OzYv)v1wytXy;TntBY zb*`HRoj>(O`p!d*vwc$Te~NWjwYw?g(`?NpuHZ0Mg_+D1ZK17cbJ=Ltu}ZeWU2h!; zV@w?Z{}z>tpPL+7SaB?0lVr-wnRgJQwm~B;R|PS+lZ zOE0<9)sit;H-vJ!1)Jip7mJ_po!N^GokNGuh->1bDgH?8Nug4m zcHs*cYgtLVs-~p*oUXT(%A)lo|HD$FzEXyN-trujN#9u2V&Cxsvqg0A`w%>9)v002j8#G8IRd zyQG!jbZg8R2!qZz3O_&lcxyvACE6%f4?~UPmb->{u`DNYM@Lg%Po7Ow$UE*pE>_M+o3eT+00ssNuW*k+ z2?RKzK$*}IC?CPt{a~+zPpk5!{2yV zBJl1(Df_>9K-hextyvX>%^g|;FQ<&XQUH;oV6c=%?35Alr}V$vgO)6&j``nsaZdfk zp-OUw_?xUM@OxjgVieDwZKnuwuJ2}mn@MEb){>>OpzGaHoPwEOG2Fq)LBIKi^EJ)H z!mv>N^()%@hZbVoOlnu(=o%h7!Ka%9l5|bw`B{(V$mVPb?trt{2o{p-gt0LhHcx=6 zs*vRa<|xMy_DyBk3Sf8@Uq{^6{`apwXG~04-J}^GYKOJME6`nV{uMcqAw5IkmoBx; zk&zKfL_iNdih6o9&7ZZPrjLG44)LmyIwHHNYP%-oqtw9MUK^V$kD3wJ+egPsVq|Fh zo7`vdHO8QkR$tX5h!&eRFO%&yN~;W?iyw8555aH}Ic*k!_flRV>@n32$3Q_Z6Guf9OJqovMDEfzXyxJ@Baa%_&yHO8NT` z>dFvv6@lxAFw7_M5yT^NAmWoi>#dE`b2v^-Urtr`c9tQ9ovwgTHm7Ht8VFy(jaT(# zO=fG2ymDFW577OR2PK~teu;Hp2HivHwBl6lPLoE#n+IG%k(Co=cAP;?-RY=^d|MtGLEb~2dZ*G>^3#S(>W zdmni)#S0c;hPOZFfSNbhE;8MHNjdhONN2ON=8d9b$^CywqYrd+{IX~ zK^EK?oSzSyG!BDn_-DuFTsZVnS=snR0<PCufBLFl81NK{<-OLW``g z;*J2%i-9M7md~}IM^F-Lz9)uNR5Gi0@71+_+$w`YlolV!3BNbbrmm#=VG8avHV(Ox zUoA_dN*1H^82kAKFJ)b_KCATl_`mkMef*cPeI|Ho(2fxjYtjxeIN#$7P2Eszy85&DD_pFZSLus)@ee`$ZA3Q3UBiq^mTQ zCK5qKnh{Y@st}bTS(|dKsrb$fl!p5fQA7=JmYm=d+&SS zd!KdAi*wdq&w0*^Sql~rl9^;?{-58s)Fe0;Y{_H7OM{8AP0W+-WLEl*XRBsx?w;Q%^QqGozFk z11qy6B4nncspJF-+bSfQoB!ZJ3s_n?vHZsg*K+*AjsI}Mq1WBsUy@L4g@AV>j!tM1 z4=}nwudz?iDOIx;yp_5`wR>9Kim=utFA~T4#+{wTm(CwE#`Mp3i$72`);xboe`LKL zzPoSmfb=|N?>g9=$l25h}!r*W{nz24giSD13q zL!BhF23CEH&zX>A)1{0=8MCQiLC66gU+h|m) z%4cCfPLhI*RGz|Ut*N$m3qlNQ(jV1ee6_{Qo)q6ZuiO5;P4QbvJC+sP-ToL=)SOMJ z+8uz*$+;h=J>uP9YlOWxNcO~5DDN$S)mEx|b`_|RBTzK@HTrbWeyqed zJ|%QsaFPvCGg<*V6JmeVDU_0}!Q(qEGFV(v$$ouFe$~}=jc8Hq;7g3pIwQCKw;cj% zmcK$Oh>b{Dp`(z=}~_Sf}JU=>>5pOhr@1{pMUQR8U*#%7T&R70_Xkx zlW0R*W;}~yyJK*GO-gaKkLo_5Q%;pyiw#EF`;)^c8|glC@(N;z4+Rfx>qwsLsSx?j zRIGyZQFC=07t-2^JvqAG{u`){7kFLN6r)(vN9%Iig4IIM{&_C3lHs$_$+V${wwfzA zAj_3<_2JbOh8mb($Ap(aOOI)apfByeRRM1urx6%sQRzg>VZ69>j!w&wq#37_+s`eT z5;En^TJT2kCp^4w!bXb)ORv1ePGk&H){8OI6Z22__5wW3!8W1*QuNW<{Q1`qwR68GID*CroGl{H3nb-!hVm zPyb(tBmNU{{Iq&)qHnE(A_(@Nk20%BRy-6#4*Q=)F z>^nB)F!x5*v-!lxGY2MsrK^c2UMUmL9O#v}_~J@I#eaSM|GZCFo&LP4f8PFW-~8D> z|GfSCtNw2UG{-YuIe@$E&u(Hh6#TQZPX1&2kB9I2=l}7)*w?$Z?mjEh4mbCsPcjwLRS(V$Un zj8kc?gEp_-HM>hJx=tNZ|Kgv4dcJr7%_EK<_&E65CVxS_CzyD&{ z@Pj`1KWNCZ{mh=J`Y(H0>#B~(q)l5SFPH~4gqZSMD}iCe7gA)$0<5|TMSYJe_Mb5% zVS5jVjE+*Er6mDKwQ6DS824E@EAcE$-AJjA3)(ETh0A?S&r#S=x)9VyV*wHs*L)Cr zBKc7`HMIx_-1$D5_0zBVYn@)NF8Y(%Uf;m`y()*i3Yl88XN#Rg-=Hph{fyT3nv*v* z)c+P3wrB9`h+$LZp4vD%PRVye7KFmJR$x^^Y32_2B!&8bA{<}2Dfacpi7wxeEc`lqsy;SU*ydY_tRDhj$3N( zoA|!Hm^Tv(=+_f%QXOD8&=dkfiGP6VxEH9mr?o0yp!r^`MwQ^Or#MdUoxqipGv*w8 zci_^h)SH@XB}FAzjkPhDKl65pn$=vd@d!pjYx~besuP{ND_e< zM=qUqTRr4XDeqWxJGyX}9f zf51mxhXJOUKz z0#~SPw=$avoD(fobsb?CMXdeu%PB$FKAyP9uC^_lZ1sV7gxlw=rW*Q<3+BRpwKqwC zF_j@SzDQ5)nIO!pXvR$&L`HldY`Cs$X?`e zx4l9a+-xBbJW-vF#Fv!$t^_I&G@gq3x$P;_Z#Dq0NJm|N8L@N~$Y&Dg@o{9+P@>(P zIrYFBHi0pm*DCXl3w)gOV)DVs?p?|Yp>F8|ihI`)#FP+hC8L`rV$$-|Ed!qzm6hp` zA)fNN$-{j%*ni-53&i^Zxvno1QkmIA3L>0X2bJ{MGno-kwVX+mx%2r+C&G#2HqwUNb>2Qs{oTtU(iKIZaF(V!KZ9YoEN-l0X z)!zsDy#;=V&YD@#_PwzLg4P>VUJ=If^kq$~)M!heF@N;3uM*eGoL!P@tJb-m9$c1y<5xkOj2B zLDX^MeEBiYmNzSo0e(xns}FXNvTi;|*j_hv*~8|w$oTXIwewB#U8W)961Bhe(PEp3(J*V;!^YsrL2114ld$PisZ zCJYTjkd4BN3P>xaW#+w)w}iJV%wp#!zK+Ka-rqWTUgy^JON8U-M_{3W5;a?ox)!%O zONL=N0kGO}=x2ap#NoP_g`Xy$vX*Hyx69^sY>P(crbowp5ARGDZ@%(L_&#xuVePi< z#|yLA^fkor+xYHCq=RD_M`VQPMSxI@7Nv-Wj+yNq-zE@wT*i`9(W^hV280i8G(H+dJcXRtuwS3*ES6bTZ55Opd9xX z-ePsb1a_nPUh0`=u`vJ5tgGh9#>o|Z#EF^Wct@XE5w#h!NVAsn^eYXNzOYp(;5qnQ zOZF(XZf4vnaxfs9aT7otHva@KvtPqeZiw$|s?)YR5^hZ0Xho?2LQ*&Xz}dWFBEFKYTA zP?Q768d2cSR07%Qva{wDh%OZ)Zk-Ru77grDzUssdk~+I#GM%^Hx(S!%RDzCjUZ@HM z)ZsoDg8I)m<8)>TC!OSTR(7p3O7}Cp`*$dlZBh+=N#|PR{P_CykF}jUZ)$p7SUkHP zPn`HEZ6#eV5B*s?=tB71v8I*gDzL(tl_JchK%Y<=tm09MJgt)?-6F+ z?w8PcqG*k{(G92?e@l@VvSLcC((vXqQshTznymTa`3KO64JL3tQSW}2Lc-P`*U-M##Z&b(Ln zHogbqXrRSa!E_--QO|y}itwhR1EjQD*1!lkE@=8dz?GZGW78zPfRD?m>BWhTypyrb3`eoX0%28M4xOj852yHsSd;`l@bx>C(hNh z6HSuSKDpaO_6G9jh%q$BkLUzJA(c>vI52~9t!uUY67V9CT^hX7j=GSP32|1SxPQT@~II;cdg@RE8*40g;6<#3?c5_*j0!ic| z&F+@%RMi4ossy=&wwUVyc0~KQL4Cmi*rTx3?geXgo%3I~Z`Do<#*2lSl1CeU>9)t!Su z7lO|IEAaROjX>P-j#=66Xa2c)o=7()!7FF7-d>$}dFDXHA0%XwbjGL)5knw!;}=b2II(u0jCtOF#%6e8e53c?;gjf@Z~37vaW>5PZ` zAjV8S`NZbd;+i^ow(15L0M}`IBt!e+%Z@r=>4W(agmN!ac$t{Hs#;Y=60KBMP;i&L zr=M-@V*Is7{|-}^Fwnu2K1-xd_T0_S6#rE51ZdIss%e#JkCDJ|;WB(Aio zgoWH^a{bF(Edpoux+5(0r|#c+m|&WdA_os(9I@JZB$BgdMQ!-aB#CP1Se@IuK8_mF z0}y^-Psm+VRI911|2wCPsK=`|%f3CQK8;cY=v~?3YGMNx`nu{fO*(n@PZ4b%>zKc;&#>cg;L1LoK| zw4<3&y1iyH2ah0zH5svEzTz)tw(Z_dmtqvm7C^P2extriTq!-t{P&$&#H^n`yQm!h zk=6Nx<@Pght+*lj0Bwo~kkl>1QM^#gyB|u3j5BGi8NwMF-6ERG?05|WbbhjdV0Nse zT;#^NgFkXUuYk1znL#!Xuqa$awZ)VgS_!sS0}xZn$VRvdJ1cR*JXu6X<)mL^zfCU} z%mcgk!LXCV*3(8y?T9UC=Pue)rwaoM7tt4~qzL77(YjNz9{hR)`B}}h6k*^jl7@E4h(aAYr3em)T0gnKK{Xs^Neap=^R&A89rL;5L7%369h9f42N8LjAJ z1CDMO4V|W#1#jdIR$AX&99$L1iF$xnQ*@EWzk&|3IGR7>`vOtvrd#e8FxXwRDnX-! zOv{vQhfq}~+xL}7c(mYaMV0DLj4uYWM$zEPr>Rc_(@)}5zC_o`wpunuecau?lW0f? zMXlwAxal;!N>S?U@{Q(wxK|)?>KtDYcw(O5f6$M0Vgp;YR|u<+V^&VGv+~j%rWAbo zCuPx7MZ)(dR5 z62gW_0%5a#JURtVs!uC3a%ZdRxhflaFm_gho72-ylkN9uIG3B9(H8}TN-5ejA1Yz( zh&}lR;N^wzDnxm~A{km7MMaZiyLDHFRi~}9t{sY!3^E`Ki@bdKn@NFuSja|hKd*8O z*drT7OKbx%Cg zCmA#0qF>ng$e}k+3ny&Gpb=PyIO2KwEwBbbT9XNwVDN}>zD0xaw}*?q)8557z9FpQ z;c3;5z3DX*eYah}rV~wNBdQwXcRtNm z-*A2(Dd=u*KJ8fBqHaDE&`zl0Tpa^ZyRZ>ZnvMF+MCM3DI#Tdj>?*@rN1!Tlie5sw z_;GJrPvxCesp>5yX9njM)?;=WvL8u6fI;3mDYJY@ zdl!HoK$eK8p^Y2s_vY<8)*X-2n%;JZ%N~-8j`Y~-3Lo-%nU@^5cNR0So6Dl9~x_18a644aR!aWfX zShNR|g(1S|TVXAlkl0b0n+^QP(ze=e)qCFN&U@xD*UzjzJiF=Ts zC)e9o?`NCcH=X==|JnHG{a0EpB1Y}tJvF;BX`IlJA}TRB8{`ISp#Yk{Hi{(Pz6;5D zrn9Ikc~S3kSILOMBk?vbkqT;N7+SOXM7=>FD&?*!t^Z^3Q*m5b{i$;uCq4C78_#8UERnde&PJ?1 z6ldH_z&MF9MQ=zL1svJJ!%4@z1NOY*6+}JV$PEGC#=XRJ677r+T|KW>Qw+Wr1kh4c zi8+pxIRa7mZdeQL=`9bO8)ahFAqKfv;kj`Sp<$r>gTr(DRRaBtI+NRAYW}$h7@~ex zrf$dO#!iw(M;W5Hn23(W8USo_MP7479jj|uu>48Hos|?JyOhw4FXg&Hx)$z276*5p zoY9TXc~W!LfH@aNO_{OoXx3ooZ@ui;8pi>&T%{iTs@%toGF!_U`Tjhp&()MhoOW7> zL*M!`@XXYF9431(P{tA%0Lx#@XrJTeGFyyzftCk@l_gv*exj1)R7mie_l}%g$&L8V zD#qt*uJ)SjCuk zpnOT*Hy@DzV;Br(FDNx1-^aw!$mh;`|8>ZfjVLX9dE1r@2}<6ZT=Zj#Xytq0tDq$4 zrf@7YLgamHlWn_{w$^Xe$J{>fHoLiarX;z{{f;{dHdoTp7X@N+jexy}KTJQPlnhe! zhKm?HV06E-_4OtFLpLy8ELoQvZdecUpUI^?EG^D&$DSnEW=6m(;2}6|Dw`FxZLB3w zq1AHohbTV~@aTP49`S}XxwP!ra`mG*KL>xAR4*lHLg%7^NX})?DLos)b1i#gIFledP64{~Io*RjHNL;2XU3no9;hrKse^I$i0wr&6=>hT@&!IoJv20I_% z@OCkm%0aFEXg{iWyXomh5JL>iSW~T>b=nwRY0ngbD(1tjr}aEO>)E-w=MFzc1UxD0 z5{4;<_13>h5^qknSxvaPVjXz2TJF~x06JkIEK}gzFC;FwNTos8AYh3mqHR5FTTxME zW8g38wfRhg$>Q^0$C9l*^VxPL+xz~?0Hg3}A*yc#87AniY{Z4KL6nsDNW7U%64L0D zUl)rP@wX7W74)h8Icr_qVYC-GWI>Rt!`y!}xym0Mg|IALG?30kQZhkL%TKGl+=qw5 z_Y;oYc+wM@o8$1;u`J943xb@mhiuU10~iVPkzu!uBIUp{-<+SaMPN=W`KH>$yQ_s% z2Q>%u8f%2?&nGBXb8IPp9ju2&+kLF?w_W+5=eLxv{RMYmrm!y@qcB7lbS!edj9BJ3 z00j)S1$vIo?m1g>Wt~^=-A$HBeBLPe+*&OL>)0m@p4<}{Uw5UZGs$i)%d{^f!p6&bLc9Dn-^4CX0ZCoyzj1{GvV;D*x()eKu-B2f${5 zxvm^4z1k*qd#bsrX@yfAwpm@9>uUVfs->1+B4Kf=qgLS)Up%8{-eVl+^qQ?rW>Q*X zv}fB3$?}S($!%^^J|ZG{s$)l>N1#YZ=1F5)yQmiNm!22e5fcRGOd@R7Y>lS?<#>}? z-Jum>BVRrAYw9*=g71jJNjMQla*MuPn_n8GNPp<>bK`03IoWqm;(>bPnI@ma7yF;- zZWJD}Q7a6Li{zrhBTGj2j4G>#*PuqT8g5FfMQ+YW*HG!;JM~-DJGbZ0$93=A6TE1C zdzik?Sd-sP5?0qT>RejDR`pqEHPOiWTeOr_^*lkug2YYx7T zneH5sobj?Yio-f`68UEx%5wofGPW@ebl~3^liu{UVh?EH_w{n&cGo$3&`_wN=ndDS z1L{7IRwYLo0&D?g2%+8kq5gA<+^9so&x7ldnR`afPXmho?g&^<2leY$N#?lfRjc6J|95gxC9JjLfidAKSN;DnH_4{LGYM(>7n}^2-W#>CD`v z#BO_*Ui@~tyS8Ks_eq1JpDuhhO1XYz4O^HY_KDF+sPqfNndG4$ty<-5t+MP0%QsmA zKLh#>k#u|l#oxy#2&A6g{Cw3s=mUUg6B_wi zRAP<5b5telHoFy94YaxXq{OaD+B^`~%QzSxeeUIZ19rRGdd7j`sx{!PZap}8a~Z;) zTYyXuT-+3>q+9~=@SnS=Wa)Wr8=u`WxP zvp-18?%)v>HV5iknSEns_sv?=RQ=5E&Ie!o^y77iZ>jU`69+Fi+{uZ{#~h{K2P3FY z|LM9=hQ|?(VHAO2g9>ZTJC{c~VhE+Ub40(CEMZ|UM}N%%W#dVMvn=<61iDOHKGw@5 zxMT`3xX>)4IJOzElJzWAD@Gp8Mty|4TWGUVXBZRCttXXrr81&?7&#j+xhJbMDOYbV z&i(GAyQ_b0mj38K{SHPi5tyTS?Z3nG10}a8oUJ9#@#iUw+9LgetR;^% z4?$-o*j4SsbQ?XtF{h@qYn5lV$A#EP41kfDbF&@cnj+GbJ_}aMqL(PW`_cN(UmBX}k+WQYtt!UY+} z(DaLbj@4uwiI+U~U9i~qfu2Oi!VP}!6s$8TmT_V~TO9DA6wczy<+o|aw_oO!6aq&2 z6w?f$P4dN3g-lz|-M}mfF@HtDIcM~wVMw)ZQ9-e@?!FD)#sO(Xs~jt_4WYupRC?JK zY{kR<*FVEk+C)zWOrYdJ-Fh`Y3?&^RZT4I;Qr-OU1 zn8pRMtIU!KSDC!5d^OL5B_aHbqe?|+Dn7PNbjX%g6@h8R&uFFv6cE|<2RGy5QB5lKQ4q|yFtuv zC-78q24x8Er=#t)qJE~U!obs}F$#k!aa|h}Q+y+*@NppYdKxp6owLNfn%oQAy1$@Q5$mJK)>qGiWD#@IX?9g`FdyZ=4pjU7)RY0 zEdr1N$Bq&B14FJVNCAWmJ0cF9D{@+Y>FDAjV z6sftbC&^llznLOQ<(W-{SQD8RMG+v;U|<6$Nt2z66LO+r=FAOjan<#Kn*9%6yB(rY zZcvXXUV;OL085<=`_2=UCWm(Iml z=~3@Tjf2#r1#@O_ZLO8hjIZ0x>(Rq*|0hD@5{`TY(tYJ}reD-{uB`~D8`RSY!ia5n zbx)z&kCK(#HIM`ySh#@chExOre*r%{E9(CQ_}%mNd!^c{JK4jZIyp+PSD}=&yJ2U( z#}b^7VRff4kb$*d>d^av0Ur$VNZL@}!5dXs(_dh3=I!cqkA4muj*sPqnS!8vEvnc_ ztAZII&HN(KI75mmcqz$=wuLD8?NK344we%*Pm5{UiC*PGyz{-6qRzQHjh-$gYZ27K zS;sY&y&G2aYm{DE4qB6_n)t|H3B`Y_f8A_#wA8An%h^_=(O|PX&raZY>67>(H>z^V zpZIFJmT>&X9m(HJy%Mnim2!J-1|IPfWFK8r&Xx@6DC7Pj6~q--i<_?)BH-1Q_+&~l zZA*9YVoBv3Jo(0>myIKF&p~HM33&hF1XJXeX-O-zO1ElBy=O)RYs!lk@goE4@2fV~ zxDQKONOBu-eOrAIw&TZjb%^S?rczAkAaSGZDOzD@t@-8hD^)3ZKzY-yLnV90+gxtq z0Twz>bIB>LHi4H4GrZ4SFZ8{~^g*g1!QLcp)Jkins0v7BQf#CFq{r-)b1Pt8P)iJt z;U-I4t7jMVGqK@?TS#=_asD@_+U>$w9$l_k!j}w{$=E3H|J5;=`^@ehFZf}D4gK2@*jy4F7Z)a#x&AV$qVMi3~uj{qIAFEulx zAKNUBhtyuqOy%k{S$z+kYGPfh_o`0pQ2C!^ezx}=w|9^X*alxJ0}{4FsG+Pe)6VXf z;9yif_zO$;YR6nQIo#V{#koQ_^Vrli-{iA6!5&ZX&(}LU^C8gJF=`qt$`x_rFk0*| zLt%n`tPT*KlZEj13K^;fgVGY661O5F>4mk&&)1>3@YiL!9ZoZ%2Yw+%F=K?I=tp~o zfFqeTYg)XH@->da0I{cK5+U?cMR&oYn$m_!M4Gku^vt;VCm2eVsC}+Y>{(||9Q1`p z2HObM7K~9q^`o_I=a3OE0ml|9ak{s#d-jSZSXgB`EM8-AH0s0$9g%1j&D-w9nce}r zu!XjJ`^yn9ouc1N*I@cf4T*H#fkq3u7!X#BzEulo&t$SKPm5CzscrMUTzaYy?c z`f@|DY%1GglTYn&kx<>oss-a5_Cm7Ztkbi13k#{3Ifu@I4!mpiZ;80 z>R%39>L0SPd#o)P;CE(fQ9&s_(-^D@UF}9v3(3~oVe|m%QLSV2djsn;!~77RlsthoGm`|_ZcnjTb+rdqt*t+^PL;W!0%)(ni-v}qOt33hmZle|WdP_E07lwW zF_8FO4q4p>i66%w;>TANUcLjSF?6%O`h16B*@Ns%o9??^ZLqYRwP1fYw{mPM{|9Lj z{e6xQhSvn{lcO>Zp$#dwOJ=8B1|$$g64pcZ6?GwYF?NR3n;%zdMFi|TKOLS4w#;N< za8J`6sZ%9EpK#9LrG+yhDZ|jJwJyH8>e;#PS%uxQrOlr_^dzHu4i{K<^xVQGkV``hzg<@_CRQ9J~Y(54s#V;u{-i=Os1`&};DbAg}09m~5^ zQ%^XdCysUKmHJivD&DH4GJOiyyz!#h^zP^hBqkS@Le#Xz{bnluo&rW+>h!f5377*H zhpY#Fw&OD$Y032kQn^KC&l5KF_nDX|2OKWl2b+(!G3WMQsbD!!Da}u9lBiLQPe-HX z^m7t*s7V<`9*De<(M~E_0WI{0V zfLbe`)(Q7R-~lpC@TgKlYcNj=B8;iYEcQu{Nk@U;RXMl z`IWcrr!OoE1?wB@Irk*=NGD%k$R&xrw%C71K!iih0%jTlnh0EU1FEnk<&)ov&zw<= zDF0B2`-VjAH}Nu6HRI(ADh)LTb}_lh+KW>?UrHYtq!maZihRJU=QFKP)2D?PnJ_w( za=)Y1i2oa)ItCujls|_vv;jPvxn(oSAoqL5B*G-uar9%)^^CYVy~coz;Ho;&LNGA3 z1uQC{!yM(mMvys=_4?5K=>?X8cR^j*G+FS(7>ixV#iM2GhlG~sV$`8oQd>!6hDiPX zXK!J1D1T0`WNH$j85_FG8in=FIS3A&ZUhaSQW8J-H^VI?K(s*YH;p#?2lkWS`1CVS z?wfN4geuc~MPUdwu-5pniehf$|54`&0hgegJe%Q=L^N}ZkA4+U6<6HgeRzHU3g=lM z;1Bn+xiEwl`HTCx@H=z<;eH*C&aOumE$m;e-MgEh-__W7T%Rom92WnY%RGwqg_N(y z2iTGWU6wb$l5W-XqiG=b%l?b|UCI##xnI^x&%@**1Vor;4jJifg^g8w|KswND1+~C z^cBG5z4?QWpARh_JNelvG3gF;9COFKU_N+h`pkZTCJX(_ehCx;whywTw2GbylwL7P zG#)^EfEY|c#R>)scvxE5@ay}VMSu65bNIW5FR0#Dj*PksQopHuGOS_2ali_sjPw44 zaIC`wyF_~`o}Y@^egJas<(xvb^GG(;;5{}T?3CrOR#`t=l0#V z0^M6!AqLMffdwPEti_>%1O;snZ3bzKRWgRO zD&m?6L0Sj@>&03Hp{%kpx1mm;M<|4pM(B?3 zd?ebJbS+UT6uY_RSHD+Ly?oDgexHBZ-zFvtAu2KAhSr*$Quuy{fUk?4Zg2m}myCFm z9+cx0c}%IC>-|;9#OJ*}m@E5lwVaS4Prs(j_C@?Dk#hvga2~vF%ld|x=C3bLyOZd7 zR-fBxB-gbw`0$bL56e2{`>Av<(1@EU?9C|xbhKtj4y=0DN61{x4^iH;s$cPcVKiSh zF;&*|B*VQ)()hfE_!d_NVhSu*_M%@D{Tup84=WS?K))2?V%&cV{b+xnUt;H7$#b9E z8_{(<#e|VQPO#J0h*;f%KRZZg2fZR;WRcLyqFVz_yH~ykZIJ8m@pn4AjvI3Mo1d1u z9t6&67e78=^ne`BC-nWhCCjizh_KZZDr*seJwDMlYgLhGmMqR^zV@n}y+!Qw#g3W+ z=$y(_oCv0ec#FYC(M+SZ%t;r`1~RvrET<&8V1&yfkFkG=mM9x&&zE$tkc{?Ek=}$B zp4l{ryZEPrrH}%j!>)0D07!TCvovL0G=-?Tm0pF2G0TnMq8$9^G(=H_hn0x^T>TOL zl*94gpXJyd%{gPNZJ_`X{%4h=Qv{yyF>r1jW9ipsjhN{R!;7pi{u%m(XAn=`aF$9S z1~?Uq-I#u#YX0)zwfT#Q?uy^O(~1+xd2y7>-)T>%m2pwHt7=Zuq9bS}FGn9AQGKOz zw>9ogqQct#iEm3FBg{iOBYZ}X4x985serYkQQh10E1(VSUxc7x^lff z=i9gElAe|l6Xt1GbQyx&MrGw!n!Brv#m*hgTkJ@+l#Fo`!NB9^8K8R-Tw*AOFl2|I z%v9MK$7rZlF~azqQ=M+*EV$?>x|V7rf8&IKfOEO@Nmn-c#>E_J*y;i`bJi^UCz6AX z0yAPc!<>t({Y`hnVxdY{+oPxLxM3BIgPrjayl-`cYmT4)WX? zM++Q+Hn+N>bq7Zn!QGV!^L~vy{VF>!K{iljT_(uR;NVU>B0c3qCw1p8%ajy}=r>1r zfpzM{i=fW|$WPsY`@vV{&lWB-cm|=o`JuR)=ufcxZxd35ouZa33XsN^lfD z#eLkRh3)ji)E@*8`IUG4W-5ipxuV6$E9}mzzhs^5hJLx3vr`r12t3a-{_CP(qN)|%qL6vXfGE_Gg>&JtM`-P<(h_! z>xWFEAJTWP0n(mg|L=+kdSox%8XqUlo41 z1KBQW9<86#tJ%vC=6T~h^b)aXY5(J2u3Z`HFudLYn&X3V0Fvp5;-kvSD&SW^mxq^! zc$SXPigB{<Ruy+@bne$D*O&iCT`xFW1$er*yO$Ib&&rlV&q$ z5P?FiAu*>u#5HZAJb$=E-?DjfaHxB$HflR~VL{XV?N~m_YObVtjk9f9g_2QAZ6SwN z&ccOJ?g6p{fk_nR&}fmnBQ9uj(WtblK+;R9^`*ZTILbKp#X8o^*3AktNI0-sWHK`> zdV#uy(!mRK&l*6z@q(36)`q*a!(Zf6Xi+yt)8%6b#P)fA$;l&|AAN>)*F_lcd^)6N z3vvw8L8>&0!N|BkSfFZqmw_)>{-w*VDZ3@1ITSk8W_%*&I{c!!_5JMQA*!rQorAg` z1aq#A;n?0oeFJZOMsL@)-t72 zM5_p8GGP2dX_p;RqF(gCFgmY_>B4KZ#9)ErIfPqWUcvu^B0tYWza5O~*g66E#&lu; zJ_ehhR@0fkJl;>%a%Q1&hR|gT(8sB!Y5sG_v}VL7C$Dk6k9w5?y~h(jN;H4?v2n&N zJf;?u_|+C+z944d|0MDA{v+|5SoZu|;)e$%emN2UCh_zBH;G?zQNaI@#P9y5!EdHi zJrS_UHNB&ez_Y{*Qxzo?FDw0 z7snXhr1_^Yx)*lpebM6+F}R2eD81en-m0BBsIUvb&fb2KUHM_+cH;fUa4Pg+ey^StCK)Tp+KNKg08qA@~< z4;XHgi@D9B3M{bfNBg|<);Ab((Sfv$f$dyFw?JOEf9%`XB+*l*p zg)B!nTtOI*>(FcC`myOUp7g&-xL_9(JJ1LPPe#!F63j`Ug_cI? zYh~BL>G;g1LuTm=?%_&VEW3qsigAmFZGg*|YMo9)Q(38bGR3VT^nRrFf%rF~{)gwF zoF5q-m=gf?9T3{lPT~;*t!i_X4QXZ|&j{>g6n)TnQpU?CaVJtk;3)d-l(puM?Vl;# zkp+7r+{sZ^jG*NBp#Yg3>r*V5&5&@*?biCZ7otZfm_o85mp0bJnJ*>l$M(g^NrOKk zKcY&en62-*fx?f4?)T4KC6@jX`5FE#@*{vEzp;N8`Jt}=E%M8KcEc`O-!9I5K^WK8 z?y0nFLigN%^AH%Ip8L&o_0Iu1gHxoM=+y@skMTFFCfDV~$?YcC2-sE{-qtUX?+m>( zKjm@2C!X>b^27c?emHdy`N?UD)Aii`Ais|&qZ?ES)a_A`>$?FH^=Y97S=RTWtp14n z3jc`w%+Fxu9kdQ21Fk>^pQ4G?Jq2hmm}{)t5VHs(zmh-5&y1V~BEQ=d-G4)VGJlX? z?H}ZK{XdYOz>{l5MnT}a5{Xd))+d@&!8}#)v(x&cPr8U~tv@l*__6lK$IUORPYO@n z?UGPp`sm-0kG{E|L+5`Fn*pUP*4wm^^$-dJ!nq;~hVCWDVcip?TD}_M%t``<73|KG zxkg?MXJy^y?FAg?_+Q{9>5m5KK6~2B=K)NgL9C1}fS{D*pS}|#p%K!2R+1wK3Ff#eV7Q%$3Ju_sr)+}@1TssFkYhMb zmNtNp?7#Sl)>BLCiHTmT9s*%r5k#>1z-C6g>cJ)QUOQq{+UYvA$lp zqIG!6C1tGu4Hj&^ZYHnOZzRajTnFJ3{sz1_4U1{ri%3^#?y}g@nC;~UwSn0l6Mehu z{#furf5;kChXuw3%d1R5ZXs4;GKrS!ImyXYUsz#X5z zWKawH)TkXCby_OMh$k2dw}Z;;w&K@(>Ne{1jp`;OlwDZYGwx{l0=n{L8A#AyXkMmk zf=R4qV4*@4N0>8P(9buyfj3FBS}lRhI)pmYJ2&)JUs_76+v&(lT+mT0XNmEiz5wLz zoucdSXWf@;4)SS{X)S%w&c z3$m-Nj9h0Hj(e?ABc*RQEx^-?z6S)(l9-mM;{Y67bB5BL-Q>h3j48dv`6o|kE{fh2 zib?;J_Uu5-_18W-5uKu?RL;4QCPOn?CW|T29=6yZ&et*8-@AW+!lj?)Te$j0D>qn0Cum&-$=yvid!>J%YOy^ud>xIn$Ue5xKOL=VZsshSk=8 zs2=dvgc!UgAPT6-5Y?V|h5Z!ud*6X5b_NtOw>C4!sV^nRXJWnw@g>~u4;&%$V-J6~ z5xHEv>+GWzr6b>FZ}Mxy6OWt%mkqnN$S zR5~BI4YwC#OD$R_3@jtp&7nf*%Oh8|6k+zTaj7Q_1&*5yto#R}CbO(p!0`vH04gKF z#5!~Ao0gwujOrQSs|&P=%UP6^{YU*fHOFTE{-GBvE`HK}2k&)o2k+JWpSJTM<_6>5 z_G^OhqAonrP#(BCvLm&4AGjQeaV|qUt#l(VSbTYN+$`57wL+TbxV%bkp)ho5WG0)7 zrNx|lh5p%UC_|S^aCtLfc6P8{KA$uNhjmKhP9#q)r*S|2>CYvd^r&6r*<;qw3R`)* zhAqYq!D!X=u0w^q0OfGWZ`^#@$AspcKD`xVw{B{`KgF{DSNrUTM|0%htJPA;X5UUG z3){K;W$4H?0{<}|xd{CrzYL?04=-T%)A^U0=zLA~!*4w*LnMDT1kfGfrUkC95pqxT ziw_-cm76cEY@r7EnOx8tF_V=en4W{m~LJZ5erYbYff>vyCCN?Jb+lx^E#4r8pD zs&pbFau99sZaG&iLy~$C{2x5gvYl$AU6i;(+BJ-^S1}Qmvzlk58b4T(m?Ul-5jcM;cVx z9?C&o>ryh^b$m_CtXgErXUoFF zF_-T>5r|O_mklwX*;31vD0EKt!LvE65GITc2!j?m--AMjOZAc4aTJ?@`cH>O$20ZX z*UfU$sAi_8iVwA3u9C1G(@(hxy0*fmRq)f$-7G!2WfaR3F%6C3rN-HBIQHMYdoKB` zvcPh&MOH43CrWa19`EUV<`u<_oPkxSfQI3512i)qUIo-NUT2SHQ{Wk z94@Ud3NdPv6eE_0A5!N!LHf(n)wDUfTRLuHzo?DUu2t6Qnd~tL1=p5v5cDIIB@mR9 zv$8=$!jGwwDNVIkbP_LLC$tL_GB$)7)MZ04Gg{ppPrjj91&>yeSC{qZmlY%$qTf}XY;;pk)3x0Q!P)7BQS&q@y5g6 zbu%VlZ|el^g&rj}%zVPJ1wiAVyXCN^-;f-*soT1Wo~fvc_q4Il_VZ+=@yvV$Ese1Ec~PW!7KCI&agabUccc^avC;bGYmXQ=kqc%A08adjKyMLvGvSao` zr1`HoY8)6g)4J6cAZ&BoHU1&pVLlpqM>XmQQ54_vh{%J?q-qyZKF)^Npg6w&jvKtM zq-R5^>OdTBkWSo0$r#JEj&q!quBrrSddz7iCy?F5hQTuUIx`BbIjPz*lCcs~h*3|spmWuEsvI@l z-NpBs=X99(ipqz|qz~bzA6*?!c3ND;H4d{zXJ|bZH8^qdnn|n!7T9GfmGfgOaSen5pEJ!F`rC!TFmYjPx;m2RP898;F3Vd6 zZ^N3@(Lv}kr1G$oTA);tbxP2OyF9y+^5U*(m`0N%cWtNW`$1a}tC0}NU)u;uu`XXE zpsel?OKSSpIxORKyv@(F_q4FA?uc{h85ou*{NrGA_QgKmm0?u9$da&o&M0!GJqa|$*mAEuZL(IhXvHnf> z{>{;-`cJ%9V9n1rL$3o-J+RaQ;=K;A@n$+_UE~;88pL99X$HraXVU8gkP@e%0C(6*`a{Bce_59WxIYIfzZ8uH!a- zF}uf%=4x;;a6Gi3#GFwMsf7Gj$X7v$6#|$rp8gE#)K}^#%+bzHeac~fmFXD!Yx3PK z^_IK2xTnXOkL9fo1P3i5h_!$jZ8T})bQ$=;`dPTVKnLiD>gA*Q=P9^@UZ5T1`kN{A zSOD5`3t^P?)xgT&U8|kz%j=RSY;8RQ0zG2Ip4%!r?$6zlZ=m2}e{VGMOJe)7`83b? z^2z~SpDEuur(pnfg+$Ig@PnU7ewG(z>eBMN#^Y>G2_AXm&+e zESO$lP$BuIy79B?aNY%h9|BC=(nt#2>&u7$EYKzj1wy_#wJZ-D!5zu?POZ-0oCa&Vf5<=(dOv7hZpuZKQRp7 z(#MWsc?U2iGi8F9fFZmkpCdYx@~Q3dugo$q@$>mw=zM|2Jb4p18!@ybjVuzgQgd?k z5lcQU{Ai=bvCfYrU{$TY>=%q6%_sAZ<^J*f0T0u`>)2g8L0_nRH|hZRjwl9f7tSvI z)Y(q&`02m2Sy3$>xN!3}Q;hx=1s2`3JPL6A-Jw5wz9Ryf`HCkj|04qW0}*idxc|44 z?K2r0*<9E`cm?#aA5x@&4iWm1As@lw^vn5fc$#kV(6`I}hj?9_$#VSiYX`E{i?r`? znx~DFJB!3SH_o^#9t$RDZNDep=@G*Ak^)-dAYh$$$Tu?>8ct^-OJ6h1D1}nN&xVv4 z9l7F3`903c#LP_G{T5cFun7^82np{IH2H$9}2{wHdoSY%e#I`LPzuK4}iXFg; zF+&R=0+URHDHEiPmCbKd(ja%AF1#fKwDbY5Qp#wN{?J9x~+8}xBOv#d)LswN&?Od z^D!E`eyJ;G@%KUd8~#)6+l+xBNgRTfN#(1fYoo%zMn0<$NP%x(YrQ0-zW%;pHR)(3 zfMh$?8CT37=mdG+YxxgK4~Y9iKV&Z(;bxRgD6QFGAYPkkw%7MxE&8s;ys%z&*CvEu zZov_QxnS{K=)uE3Vc&c>%V#@7nXSRPOr&ij5Ts2gxabUnZ@O7Ekg(!qKcwWX^~3dQ zCUb<-0WtZF<=^ugW# zS)E`gi8%+nf0+rpS=VXW<&;leol^CE>&q%Iy@EZjlDJ#ci%P$_IVY-%3M5|gWQj6w z`O#C_wAlwffEzfLVSnpddl5S2+MlTJz1=eZvHrzh73P->0u`sE8x6me+a9i$g^pMh z!@uMBooS335imj8YpuUCO{w21d0m(MTSqMA_E#$f;TwB)8(;5XB4+r*4P`N|{TQFE zi(dDbL2YJnVsbzRtT3+jv_Fe!F|NRe=+Ed#d{FH(N9~R4sTbc&<}cvc!AXWF zcl4_3NEs?A@-1c`y|s+qje4kSJ)Eswjw+p4sBkhvOMxc}5OUB=4nO@lM*K_n5AB@f zbFHT=K{j8WY2lo+7zA%7f~c<%eXoy%juWj6u%5fP!!suPf$z^ZRY&R+Nc!G%J7IV9 zm$Lf|eCa1emDFNrh|wBhxs`hA4u5**fKF?I1N|>kEA=JN|6nM2;QAAMvLe^uA0A*L z`QX@6JAI_BXBSicA`Kb}G{nrJuArudYWu1@Qhu}Lu7$hR0U3{)jurT}yArEU%WA(z zs_Vzq*FAiEQmhRO!axBGoJ=?kw4(NU9CeZZKm(Om++1hi$+*=BUbCVC@8F~Kp{DU& z=nD?J?V%mVU)IU(r|aO1P61`8&%q&T-x@P>GxZlr47MmVwvbe;p?@PY0cd{)HF1f_ zA1;VBNyVDgoUfr+#si0^p%TlM*44Hg`O4mCxt2TId*=>S@H`UldZ8K_uvygQeT*@qOZNCPVIFUv}EqcAAc&~FjX_(wd5U!-X zBuBiCw@nrvxEK`i%GKjrQog#y$qY}P%vpY^7Z&slMtxX|ef}dqC>MYTn>5GyG$IP{ zJ#hq0G~AL<`w8~)U7E6+pLVX$IP7t_3?^)d-jfKm5cd>a|VGNd_> z4`G~LCpUl^0ppJ>T~Kc>@~x#Ejc1!8CR#jEY;ekn81&voRmT5MR!Eg%<@ zV>F>cq%NNv02W!BG7G<9gZlo{%?b&{g7qlfSoA%HA{7Kjl_azb+aG$!}q=Cx0r#BEw-|SncuT3 z*eSs1hxA(c(Y+J!t^c`i(ecu;#AhsK&ePp;4y$no&VDIe?}?KK;GADD%ea1zAifwE z%?Kd$Qpk-V2U{0}2VI{jSv7cfUq5&2&aU&f^8}58+`;9{3;GDk4+`>DIoU(-U9)ul zXycgs&T@sX(d0(|T6^J2e09}s?MH0d*(8^w4_|ZS#@0I3Pvv&3R8NwB9U-jOc`o{N zvn;mGF4XG8`@$pbZI{JqBlbgDigT5q_r|a2X?dTlV_jFvdRL`Qa!&G07e0fkv-T|a zjK_}44|^E6{0wD(K=`z90-m*%428X6R{g-kP%)9$YohO+g}H9J%S=RS#)|K}#3Bjm znLx6nK$nG!(Qq?55u}-;C6%hnNBqo}VQpC|wA9>18=C-WetCMrYdL0bRv6vuOLm@3|eFPtiZ)kIV0V z&ZF+7=94?=Ue^)p8S+>)Ba&%b?1??bd;NKr!`#t3>w5jyo@k7IXNapP3 zPP+HWm&dHJGJg;Q>7q5Gwe`UTHz9;p?ipq`h&HAl&=0Dthj4LQs)r`Eky~%c*ih)l0}NTMPP)OH6UUf5krO zCJzE+s2&*oe0(HLJuh@eJxNE1B)xx9(Al{=1%4HCgjuw826F*uL-8I&2tfn`r|(bk zsFi$0`X}Cd^1tJ~MgKeA`-6Ct&CmKb-U|x%Kufp{kVfpFiiSt}F6?19PtuM-lr%axrcWgwj2%_j}3y|*34$b;E-J9$2``>i0 zr#}ABC0VZlw=dVw9uK zPQ#_%B%gU4y*g_m6E1VGxxipP9Be3MF=|XY1@Ka|>8mZN6$9(s9m}v5L3Dsw1cU1` zbWFN>zBfx z7qfMG;RunIf(~6RnZ|=#jH~_BB`2=iW~mh8=(7$7UYzEM2I=0vM$T{DWw+o2aJS)4 z(y*NLPg&(!rLU3T8&Y1teBfv(PE-jnwhO4>x|d~MHN1(LJr-9yiEB-G0;srWf!HHm zO&=x#tWi&N{ptM0qv}6Wa31C%`TFW%;d3_G_pQ%>zo081B&8XB~o1O&hG+$xScHR@zE8 z6j-*zOB6j7qgT>O_a| zrDO|x^k6wh;;Z-FyUu*)zdVn*wWWqJ8(^y~68Ex2#UWmM>_sfV`KAAZ^E;9S zf7uDIho~z2^qu>p*GQJYig;jE=w*-Bd*UI7waN}M$D4e{9GR^%O*A@|S}XjZ*~}YSSF!yM)KK@^ z>vxHjK<-<(i)0V$$h6B%Tc+M9%^tb8y0#6S-fnxwgfR@a-(e7Ry=zPb3UO?t6_k6L z4Y(4AFk14F^U;j%Nom2&)%F`FYn|(o-v4PDI;PiF4G}IQh_f&Q__B!i z-*tIN^U-p2NThuHTAO9u9#nikTwylZ*kdM&Te|M+!&(I;-9H|KCM>qy7`^ zO=0w=T>dB88(5M2Wy-`~e^0@t#a#{;wH={P%nbYN`27A)9~K!6%(E2LaXk~}NQib! ziDwo+O?WE%?fL04PO|wMuiDhEH>0P`j?`ehodzvJP6p;3>@Md}erkwFXX3YRV2%#r z5KyLvWn^tzycQDDVx#H?c9^`(T=VMcLv|A|Wqen7nDXprglpUj`@BrU&T`mE@+@cZ zYlZ(#_7bL|*|kpOgkK4Ypm7rF@skSWLBp(>Qq;IptF2z}M&fwTF~;d1Nz1nCO|svg z^qtbx>!`aegYviTusvVI{?gWn69rAkDQ&n)lcugC3h{Dc0MdEqf6oS4b}I*9G%kGe(P6GUu`Cf zVD?Z}`M1+=)&_^jThQT;eY+kgDr>7pA$GSEz`BlBUc1C|`_i>ht6dz4A$u4B0AwTa zc5zCdF4BgCU8Bv8L=nU%(3V#|GB45QFAiW*Yd*$J0iPe@WN8YXS=sh8 ztXlkDQ*lD!*IQ&%SRtGA^S>!hfTz$~nWuzHLX1X8k&N#z^K8RJS z=)W_hQhzp(5}X^y$xr)d1GEMNy4~dafR1T^!6CDP^6` zV?k?ZS-Ayc%-bF2^=NOU)e`$)q%?Pmi>oxOCwZ95N=!fd^mExPK;z%%g)7ewBj_-3 z%|{G1n9oHbSWsd7H&XGG$iNB;A96u2JY{#=a-WGas^Z(+%0h=RBvc_@F#FSW`J6>I zE^#(bqWS|aq;k{YXQn04dk?MmM5RLxV1y~4NfLWJ>{?d0gpN_a3Si5lW75aG`--Q- zO?INa;m99v>~^BPCX5^q?G2%gm~UqS`~p?^)c-@Ym-|n&_oMAQN6fwL=Ro1Zm=eH; zJ%KItN8(eSB@~saK1M40SpbPowqC8xtM)~b6YTweJN-VN=<9`g;>JMzMn78Bk{Lsn zsN7bhNET8Igqq_hdUkm3u`=%!Z!x(jEi2^`0r#~F#RF-)3V-d{M4Ton&wk3R&akx1 zG)g~J(7#g5svKECtr+^!LBYKwONnmL77BJk@;0;;{GD?AR7#oW2a-dhY@BOsz16!9 zD<;Nb$BK5JIX;}72xp4^pN1Gfz<3V9XoJB*UP{4gp28Omv|5~;!XNkE-vpT>=&Y? zQ>oeATOpt7X_`o}uliDC#o6M_r{ZiufVl&3(4H0)-z0lfSGa^2rup3MzZ`ypDya{p zWf-Q)0!`}2m8EV+!|!k(U8qOU%^7EzDO(qr@Mc5k2BoH|p_Sv!#<}hYIT{Bl^&n+rPX2gMTQdqMnS1d#k_hmAAHqn?ppK3+ z1J1{vR2Bj_UOesPNQ85|4Lag~1be^k1bb&eu-9%ItZop&@WWF~MJJkjv#KCyYpGY2 z_&tdpm@x_ewK!h)WySwMaa`PBZLB4V0FAvd2ki~U>__a`dxq63Ml74@ z{E-B%8fN4SH-r<0AQ>i)4BTb+0?oD(U*%N1W;*|nL!aYT{2!Vhq_yl}bvEbm-t`#E zC`qwDG(QDzP52JYFT0{=_DXMu_@%&opPE(TKPt*9B!2DqcnFbCOK3wy;*Jnbq5Xd{ z8hT5dX-+9h35770JQGFPKEnP7%*dN#Dwed%ll!UFmYUrVIRRG*4P7-<0yQ|GK;#H1Ppyyi%G42RJpwJ8$a^MPM)Zi6(~AZu zvjNDpT2ovlzU!)i3ZTEOkVu(=-6fgg|2blXtz|rpof0)eNG51aGnEO=YL8ri*)<^xr zQxi%^6fSTsFjHd98k2MA_T3j&*DGNmj_g?!F!u#brhY=PO){BbjJxH1EYBR~9^)Nv z-=ckdp&tWz8L4LjynPoFkv!h2z}r{(zr1}KfUTmEPcx@peN7v;rXNW!GP_;1Qkxd< zzNOV@vD;GIWWMF_M+Ipby^!;G{Q5FD7)F+*Xcdg8L6$}yb9^Sdx$FpR;rB{@a1nE+ zg)LC2JNfdzaDKEuI6vY1aN*KpErb{#~KId3xmHnOPn!~3py(LPIP%d}rzp=48BAOA|kxx|(cGUGiU#-}ZW)ESH z(j|9H0s`z#+@Z>C7khULh&h4g_{&zOvwSmFDvHXhGWx}*@|eP2nvXS#c*l~YcXi0u zKzlC-41uaY7F(ckgwF@#I`uD$4y5kP0LV*uPl4dW53Y_Lwhm$y|Z4Hn(B4nLk zl+5lW3ai#DQ{(Q;+l;7a5jn@ra4y;h$6I)bjHWjKf>0^G9arC4(Y^!S0^Vji!{p=X zI^Nk)4d@hx3$rhmWixEZ{TV8dL z6vqz$M!h=@HZ}MwL?K^zmv+IA)e2UMXWeON<`3bTVMp)zc6WOIF!b)PSe;sPSQI-`Ff%xl)oC~1N6 ze_1=or(K3j6+9rA7h}Ab=V|;-G{_^i1T(*xpjknKwD{8vOMFT_{rxY0FlKo5+GRRk z_`MV9O&%!DbRFl~mAXgUq37brIyNFL#=8fBwPp3l&_|XiTjyA+bnVRPo+#)Zj5B2$ zW}j%1vk){Au~Opgw_o-B0hweqAop1&LNen&3hTr{?+}6gfJ@&wmuUo&)IPxe&~&TT z^fiG#65+=!nw#(d^>Oqs&%Ai8B#HWhZy|X|8>M$4LQRr-fHyCO@u#&l^G9F}m?aEz ziOYX@eg-2EzY5Bvo<2g#gk3>IEze!N$I}{|3@XiKu~%Sw%n^)N%moURq(Y{&HCjdn zE!3mMa5{q^Rte|f1}@qzPFn+eCZYa<<_cL-?yLqFZ|Do+YF9q=49Kte={0h z&9NnByM)qpmdfZFO~lF|cBlOnZYo^BtN;eHFAGO{tAx+L6ug|kgA%+l(}78Ju~K`m zU-8v;)!!Vqi4b-R*07wG5WR#iR9aWO^-s2U&8`LgZ?;#peb&@J<^9!YpC%n=dNozG z3Cf3SFcoUek_DF?lZdbY8*<~=xn z#`^aCuxR*)jW`S^t%DH`F5<+f0Q<@yRghbAD{@kabdzWq%pv(bGdXIeblLnVcZ&4V z-s;YqG9lb_4MxXyrlAaQ!0+9Dv*NAqh`66mii5UF@(!?6JyCfJRjp@p-21M<&&2t+ z&t=+}-uCQj4y6hm7=G&A55tPAOKz}IdD1`TjI=5~7l%?jg)aQ2mN;CT!PVwo)K=1UBL_T9R2EaaLe%d5f6Lkmy!;lcRjMOn)3Gduzyz9fX#{KNAHonj;wHnbnvS)uvUZsS}ls zfxI1e1YA*jQ7dzdmzDDC*cZ%(}mC=+HG5o|p8>({`WEtPDg4aVBxbMC0KUnkUCgmQ}AUItHeR8wzk+}`@74=}_W zY;BeXJtVscpy!~Rm>ZOB+;uzH)m}W2-+|=hSlnqP7cF*8KXg>s>eY(O9<2cwyBUIK zu?>3JqK-S)h=KK0L5IMjl9@$lo0V?!s!@sPO?m<8$;J3@;TJbY!{B_P`Q2t# zcTIT$e=pc;cw~vQC#%#vah$*S_jbH4EkrN?zScO&N7v$BUF_Fm#(Tz__Z*sc=SR|u zrn4JMTqwSRxsy?;H+ zNy!?@rVmUHSJSwuZ;NQT&GwAvg_E90zGWj5&x~P;Ym}Tx0thmwT_0J^NkkvFy)k2s z8Xewf({(I+j0vEh@z@Zt4KS3Z%N0_T^_H(kv{yeGzhYs8NR^p?zM76spN-;y6Np;~ z)zeO z-l!u|P=jy2u71zZPrpE8)KOo0_cR%b^seBQ&8=$V$1MkbZTV*e7rv~@yPmWA-&Nnk z{TBXM+3lx)bAb1r)5}Iz2NX`+AxbXjWV|iNxbxhz0By+NQdxa2JUn~?9h!W*v{>ev zU4+&C14YCSmd(oYl%6(j2@?mMLnJQ}_Vw$of?Jd4_qD#L4Sz8#w<6|!BKmMLq%trx zFHLh(t>2i-@3%=C{3t<~-3D0N5DJkGbK@iZnjHk%7!Akemn;_KN+e@Kd-Lf#~IfoW3V`mm1U1g3fItA8*zueLj<%e4|@Q!8OCwDLh=!L zUp;jCBNEz=yz}&2?WN8R4GYFS(Jw{sbCT+OT-pt_0f|nh?LGqX*#NYT6q#!^|9)FI z!>iJBb*~=#$AJ>%xti9`qLs_{FippIi`IYYcM0^@`Y>Kw)5GMaWH+OtgGyQ>X+#PG zPu1%%7gO~v(Nva0v^!T_LA~rhal5>fk}l)%rCm(8a0WNFI5W}&7x5%;FcSa-h7B3P zzdfJ(y>>pry9A}$(LVbsLd?ZB-G>$Can_qt-?k9fpr*yEdVagy7b1)x=#&G4R%+gl zpAKFCDD}QCFB1Fm{$8B>M?%_}@P;&xMxJE;ZsWlRy2|2=Fs96w-jAcuM$`f3&o)Wv z0pCwP&F(O|`FF;V>J0EN_Xg}8kK6x9zjvi0;>Fi$fxKC1YqvdJT8ckqFASM6Mrq{3 z>~1K8#Xa*~um*C{5f33osrLRpQ&iOMBVvY+6K`ii@z9hF_9^+t1(rI1MN zH~NM*1Jq3B?AxEM2nIjuuDPjel9KKObXWDc@0g!-cLo+%Q;sr7O*6O#oG@CO$~;|O zO}CBo_TBh+@Nk8(ip+&+&I|YW_LK(2uAR_R4jx%f+A?KAW=tOI^G_%2`B9zm)KDnl z`ecFSw1HkDu)4Mj9iaC67S4T0K&9O(y&0A7>HqaWgfs^C*-3W@Ok~OA7JI(T+zH2V z)S9gm;I0+kHIlMAN@6Jdl@jq~;&EXU&!Gd)76};{=B8y9MxV2JF*rKZ0W2QfDfyx6 z2?AcXNwBcD-|bziQ#P*`ddjX*ZIJI?rQLNtC!45fPPP0Djfd_>YA&11@He1@(O1c~ zHb^wp!b?+-1wluCZERr^wx5+g4BJauG86>e(Syz+2o8ITgPKqhW@wFWsoe}=U8IJS9jpa_KHx{Y#vecO2bj8-AZxiUj zX7s6aH|i?qsON7?zde^s+T3HmN|cO zgb`VLJ{ulqcV~;U`N#|Y@M8o)bmr&6q8DS1=%yyyDuE7BH-2d@X&ml5i3dK* zK18x^Z)bZO@-nN9Xdo~IqH{cp_P8gSFh`rFX8Tj*?S!R@I_Vl%rk(dL$JkpJWvB0n z(w$niE?@`9Tx?~ux@yF4+t$@XI*}-SBwu-v2V)2Q8SV>F@V5|m;`-I`h4gz?=IOiK zJT4W+iB}{=PDTp7Z7G3QTI_cBN*2D1DGDXT3j=D}kdodO}CDOkMnZ@XP zPTYaWId|^0DHyD?wz9pGDX^VHLi5m5MhgU_$b0%Pvsbo>W zRTmyA3ujrl6}KTMJrO~Cp<2ypYn%cG-7lRFzY$NondXo=CX61;Xm~ zm386S&*Y^WP4nir^zbm{DG4pB!iz4=P%%wap~YHai#Rv${sGg7h85Wi|Bt$P z3rZ^~+6&JbP2-*_R=yJ)X|W{9P;8gF=$XwKZ4dQ>K``5X_%$72M)xm7m6oO(W|Vju zwDh<0y>>2eYQX7j=XPj3$sv`fjmCBfT5NxRGqgIJznRi+{tg}-0GjzQ3mv3pQWJocK8mLO z%#SDzJU(eLZrkrP8v=_!5R?R|N=iZyOdB^x+t+>)!`k+Ls$j%`R%2n79Swuy^Cidq z{*|$BBkuLkx})3(!;e<_=r~-(E`w(IX0ml8UEx@!jgG0HRcFiVGr2SHWgQx43;7rj zr}Qp@|7#wj_wwE;71tHt1h+zt8hId;# z4<>$2Ja0I#b%Q;K<6x^|yZy5d){6nm;iBCD%S{E(pG0#%N6X4^$q){udi*NN_dIc3 zP%Z1a;+K4H>Cr3CowNXW(hYb4xGlHe5yVO8nVWQjwq`|?kQeFdCwEV0m$$|rLULes zM-@tCKl!LmeDt|1V;Aw))32D~Re8Dkzd1TsS%9cq_XHm|-g zJ%DNwrHpZ&0g366b(9ENrJJh~{TJ-D?0XZ*qBDg0`~K(M5pH^-N4CFvJm0#_@?*Nu z-EAV9p;oovHNDM5fiD_MNv&X!m#A`#i#NdU~k75Mt{(Mk{`X zDiR5^>s`r@ak7(%b{Pc6ZY)Q-wrVA~dF|+-qj1@cs z5&m9H%8${%3T6-6Y6<)|Dlta zSMAm&{l|L%AMC_;i`n2n;sBd#<~L-?h_2VH8`&bkZBBQOfL~|Y=2n#zjN&Ihhqzl> zaXWf0e+zt&pVrrT#3tG#{?f@ zj4de0O%8Bd==uq&KUzGhQPtNi8gBR$hlGz^;MHIs(Ft>-+lH}%$o#(?<+oJNGg14x zVe=H)yT@xh@7 zQhyE(fa2c!>-oDmC>fcTI1KFGH)u|F24!4H>g~O1x%=UjF>OqBz&J;&3zP9&9u5 z2tkr{U^}<|EIpX&`};+ZQ@HGa`od9RLcV5-sH@%6aYxI&R&sOVVTK3SZNAx7GgTRr z+gaX*Dgb|5PCvNSl5qkwt{Gj!;}bq(IS1~R_(>QV$);^2-8vtL+MkY_yFB&4sP+h{ zwB(ar$A{UuNQ533%yiN}p^|2%WVaKSFiYKjR z0LA6gW)ekLJLYm5J~nbB!DLUWI)PD;B+fX82NWUb))f%v0LcF~g8YE@(H~njbdx3+ zN44#ds_?k=~UfFXyYn*w_(+pdK7+Pbbed*A(js48pu9sM#)|ZJU%4zX~=u#QnHz{4NS{8N?>R# z4?Si*ptv>K^qrYa~!}1Oe7w znm(fai2M^PENZ@P4GIND9+A~vJXc1;8$(<_8UtEd|@Rp z^j-D{ne$E!N~kKVR0g5@rs#XM;^8&Di8jCd7MbzV^1VRh#)YAQLSUr z=|<;)M_ThK!+QyN%ZWr@GHbBhj!32K?QCdvPl3V71abG|sYarQ&?N%pcKk#-GV z_Y1^zeZXmoyB(rO@s7$zR0ALkx$)&?31b6wO3wQf2eaiRR8yr+t9YD>!in$;LdU~h zQ}-M{Jv(@WWwsp-2&Q$^ws5Q{I(S-(WWT8_1ORs)R9idq_nc(() zeK%#$H;6g!JKS$kC4cDiK^gm3?un*6Tw5Oo0Jhnj_0>Oh=cbZ4pWivRp1_nRGXU`a z9wAXJ)jG_D}Iw)Out7f0kSzuBLaIR?$DC&v}v&lbnIeFvrB{);dOcsGfM9X;7nx+>+b znBKp){lvN7e-I(>TYg!SEPPs6qX|F^Q;q&F=H4@?sjmO~ML`jz_a2olO}YXmD$+$1 zl@=i?od^-71PO_a-UI{`gh&&R5~)#2B3(eFgM^wODkYFmLWGd(Y_I#A=YO9w=l%1% zV3=WsA<5pXz1HXVEe-HqnfvKK|KZqn8k(ysp`Hci$8kh11t!!F2otsJ2sTgq>L#@|-9zJ94XBxYh9%!{! zUHvP+^U(lcExwZkJx>Q`k@sLE0rI!lrj~>(Fqz)?cF3UcQ=s zuVKhuXyZ*F7YAx!-kV6q96{XzoMS9_NF;ws(Ml$O3A4Q_!X)HxJSb0{GNWhut&RY=&X}#!z1tV8Zeb9ip-`xkriMDyHH(Q4V2YjM3;AF z72U)^0=^j1_)d!U>xakeL5!rRiZJoMb47y&9omZUQ&EaO1`+Q2(LlH56ilFR4~7Ee zEj3@>6|bwT^bf@qxGCy=*|^mm2COSk+<(@Utl+C1csWZTUS)-GYrhDr>IwkFXY}p` zpF}KM*jba6`><^{Afqdb9NOI22)GDW_AIDXRq51&XQXdBk6qwCQeE(iJp`-kZYRbO zdG4XbXIPQULb{5kuHx`;>Fnt2MZdKL& zHC77QhNl~&zYX4H7VZhmv5ba-b7nw{WG0-_Z+nZ~8>!OX$TwSZXn)i=_F;gra^W5S zBv4OGduGBT#IcVe6X-EweRpdL32HTNs`pSC_paM(p)6$J=(4Lo`;4At%5{9pMkmGJ zQ9SITPzXoLj*D`(|GG$b>Ig7vZ zvWR!;j-(i*x?Nl|%(nVkq}X&*>W29J?!cg(eDRswiJ1V5h-GiFdVmiCy2O;lcg;;c z9Rcz`0_&duTfVb&^PjmCi^1&x&i3r6U4KU>n>78z@tuayRa$;*e%?7c!s}|cX}I+* zupv8S%ZX~VXNOd$gtfjxOHQ(an7Q>HUME^- zAG_qu(SJPptfK1MwG%>f98||MhhHej!K;~vB54>KX4Bi{e>i}nM}1CP=%eRh(qj!V z#hu{~!$j}NPE|aZhE^$dXF7i|jMfnQay0n4hno88rK*B&0}I-#mUMfvN(Z0-Rv!+T z;qJt@XB`|al;F&YNB%3ZS*=xdK;w%kQ%`I6E@-U!cZu^SgT1NMiq zAJrAlz(#EMN%5#&tr;w^vTb;q!>{g?XOOz&+DHI?FJyHhq>yFx5CyY@ zu33@lYW(n)_s8Z>aL11c*P64JhM~`$6OOc5NTGixUH=uv3DLZywWFW$vQGL+#5GHs z|MRRCsft3Dp&@T5Abu@g3 z+VN(@YB&+ko30um>HVoe4_Y+%XVBuC(drp%Pp>UW;KqVH&l6*Ik|FXi^vJ9vy(C^@ z9uSr{GM|JOAq#qfD+3J92KN8hn6&gMt(k`Q0`rP{c%M%`;fi^tCKcHax-)=HB+&Rl z*f?7}6ar-ZY_bI6!J>eKHKhwH1qI4@)BrfH^)0~3l`fZ@C7Sf&pvFY4xzGcvqd7Y| zE7Z2;_30zxZVx?AN=O;|S2mFl;~AG)l#tB!1aM-R!Y`bPCn(?1V<47e#Q{A+Cu zhi2x}uYbnMVeZ-Upsq4wfHXLuUw*J|9~@xc=`J_Y>=ndc6oAuJ_>_LF_T#7)j#a>& ztE%&=AddI#Ti2iU=d|ae=BRx}9lj7ah7$-bF@VIwIu<(k3YiH#H;q$XGekfPCoBW2 z{fnY-_{=6g=*k-pwN`ND+#($E_0vNOU3h`xpEaVwXOS#FN6Qi2-T#xo+UoDG&rwiDNA1(Zow^BCa?vV>I`5?)*;6a;Xrv0vaBN` zG4Mmf$mDP1Uj~pHs`pDSf84wHR_Z`ejBuVyOiu}5umCt+6D;1fJGL28$b`+KizDWn zlJwfxr)Z0W+DJtHvITO{s3I^>8+Sa-HY9t{J|HV*z{#qWcPzuCSFPr~tFAwU_Up-= z^JL3EV&IHo`^x1^l3gLRTXU@Kf{dG+B|^CN^i_8kDF=fdDWBW#b)BE2!|otqj5ma5 zj3>0YwxHpj2T#ety9|xwRm6=F#73;oCB1w%9^e|BcJ=`k z%@clU9te?EziB_4W>1_UmLNLf&cXxd77I2fXyDVMTTQv3YmGx|vor7NbIBQ%RfT!F zz4vXbr94v~obkF_ahB^@c2t3hQANZ{jJOE}_`r=4(E?08V2oy;60FKPK+iF!%k8h_ z`-lxQlY7Uz2b#mhoYh9Oz=LIpkKJW$TfO(1fVGPVoN+@5kcn*!zaLnHDe`_9&6jRR zBPIlkO&~Pu5;lWG({4#*Q`j3M>&oYh*~pKYk}m_!%UhNuP2V6E`KfO76a$eF)thCp z0eeInMAp*>++w?Sd#8|dl%38w8RUdL6S`-%B7d4L7xOv1qWK#AdVAwxd?equ^8E^s zUD{2!0U-|_;UH{+J3ei`cs5E&ypK45Is}ALbGE`H^((J;VdYSeg#jsCJCu6TK2iED z{p6JSqX{PoE7Am2r`)C>I5GT%gP4lSN`qd>Bj*pcuxK5a(DumNVOybTZ-n?m<)undPZS4|E0i1DU&WJyymePfo+ z*ZE0*Zil*$Eu&hB4pF2Kq_k?G#S7hvkObNY<6YA*#CLC9igkOxHW(we>^v*z>>+Cfl*(ya9HKc^3IP5kIk0T{$pW zb?NJl1pi4FD;LpAZ;YbA`b)EN%&AIvHjcU&P7#pu2QDTss@=jRxsD}Qo4P8$^+~J? z9kCT{d}ZdHMoP#>@K)D%#8*pJ>n%#zz_Ml{2`j9ACDDde>?}Yd!Z%VA6i(<((fd`e z-l!F5XYD$XumVKiIX(ahg*_%5XO=LghJO)g>rqko4(&L+c;nUwW+i%3-Lm8hak6W9 zFW?hCX?AVq+Bm0-j?hIUx5PG&67K3H1k`c{SvAl55~Q@_%B z9*viqA|BSeP^K4GiW_5$vJivJf!@FZNKm(HZK1F6TldT}m95CnQA>{oU9xe*wm4R#}n^)-p^ee>qCd z7LqHj7`DERFi_e^ye1S9s9@gU`KR!9e{ydk=KDA%1&APb&;$e3EVvF!y z9A9@#caE`4qbu#1OwU{p1e!dlK0Pi|2k9?LHBUYx$M5B4VYk13?9K*qz-KTkfX?Yf zpH5UkK)Zt9^*8%!rWGdY0__N!-IPv~nr?UBXo1v`ly#cx@>r7x^y!J%dcG@?%t>)*xD^e8D* z1yBO&*xoIs{DL`M^t5GADZm#cN30CT1ub(jB2}&WG-8)PFVf`?q~4WHx+B?pjp#VS z(&%P*?rC?|tRb_#tc~4SDx*59FY^>n4NHVx}h|ia55u%W>)Qh<@HaJ z$&Y@;|3cMEDxwb)zR*;7W-15G3@kE{OD$>looQ(`W(q6oW_9%W<~_l)#PAxkY9tUlrmvSV@L(#0!g6 z&0C5!7V-|O&T`t5#~AfA%Vz|&UV*GDbXv9jcEXVaib zw&0sz;_us7O25LVeM{AJJF{o)(qh1Flp1}RFQMfYp;gigwhek!b5>>AJNpDiyMLqR zQ&-Tg({HB)2z>4_U>rdCk>{kDO^kYInW;&+%W@tlD$5;j95R~C6*O&>D~El3c;8(? z^GCy~a{5=lg0PI|aUO2_Nm^() z5FT@C&*Z{>0a~7!4rN-??H6#=Sd<-Qoo@zShADTuwess~jRtSF>oiQ}!kJoVhDI03 zS|v{FR!23#9o$U;0m^L{#i<4Nzhp^tsrj%2g_!8`EO&TTct@#!xpUuMqf1<{} z|KbVsz&~6poOs3Z-Y*SgD*>WQ7$s+&L?maXW5_vuod^)pc(Z#1I7PkIA*P3gSD2mK z8cO|X#&!SC`@Dbewx3xoTD#xTEmbIY1=%#6?h@DEU@>5Op4EkrB>`zmd>L;@8PgAK z0isYDa0elKziqQm5ij9j$)%cVu{NOa{&5R@4s#Dn3S9sK2&HqJ$H1qN|8+-VCL71G z@0Lz~;k`Dsx}iT=Nw^@J*ia?xq9C9asv!{1vITnC=Rh)6ED-Hjn>*(Qz7j~KyE^_( zB0v6xl5}Q%*iI8;z)(w2cL_Pscfs-EcEs{*rNM zF5t-Va}xd@XBb(qYa6Q&?NaolYE6rMGpO{kn4NGVRQ}ba@&|)hC zz%j^ulyxDRv-dh^k z1rqtek<7oEXyWI}hqg4Jh?2V@F0#^>w%lMCW^`5m>9}R^byZ6b&ggh^-{Q%WVka`- z_MMO#4D|ru_5jNPDqQ>MFh{lu-7Tr|TTK43QpHcNwcHls+^!9zYB6Wz)k3XhP6(fp zR|gUaeYHsmWNb8B8zsXWqNP{?O~Xk}ZD5dQ`BG>oTQ$4GA4HM}g9h@KpSorH?0yZ; z$*iz!#l9D1SwQ>SCT;y1kO=M5O*{fV35;d70|d;R>#45Y_H^^{T(1YDsIiWO(8h{~ z)6;E^zkcc{4xjaVqH*!)wJUZizc3?Jvz|Q!$BFIzP*V|#)9M1?e&d z<4u19!-|QD`kZs-&Fw-~ffdTxJc=%-E2TeqDw!Sl=nVk`Xn^1@<%xtN$){7sP5j&L z{F!vyTKbjT$Z)Td@7JQ&X2-*oYF^tO(z&JhK%LtmzwkcM2F4x(wr#}LIRI2&Z)5Y( zu2dJZOzBZ;#40n|fc?0}YPRjWdb>E~kHDZlk1Rf*>8Y|7ObgyvRLLVznN%&#&L{lHe# zK|gb?z!!S&eN^TpuS3q#c{}s#DXXR`WTG@74iQwstl3@ez6h7QGD~r(dh45M-?Su8rV;Zr2pPZ%lKv(yRQCz#+?Ize*EIu#>uy`ULEOcJ&U+^9Z=>u}Ya&5jT zj%*v|t+kz9V-IM4oKc&5cm&CcE!r~{a)Rzx0HFgiIADnvW~-t{93e9G#Ar5TG(>h4c!qN5$?Gx+Uyj{sO`~wS>CK}e!u!lg_O;j<*{yk zF22=I@*le}-_%!OBB+r4++bYdEH~XWPoL>m=AY@>@X@Jrj+ZUjQ|$LhLqfbvJXNXd zb@bh$4ogTWUKjXolg%%tv_uS}rjXvr~j45M@y_!k&hJ!ixCwa4u|Qa|^h zUG{^bjnC*Bq;}i7sJF~nVn?UqTIz{uI`2!bK3v2(V78MJQ8}qn^Jm9YfgIB|C&{`E zRN=M*#huQs_GND7`a_lMa)if0ODoQt2l10nsVt z$lZyHY26(>Cce8dfaCfd+;KwQ_W4Vmx|O&E-ips+-rRW^0-f4%c|6S6dlGHL+PP<} zV+_ai0mRYS6+M~$sn9q`UH!4<08-H6>bK3Nus-}O_yBrH9w>y|b45xx0u5skFdnA; zXEwLnNsy4+((bbhVG2{$2Bel|@e$iowxzeeO)19aC#nX0J_J0Y*a!E`=Wu_phD=T} zpa)Sy4qRbk=H(8%**cGDafv(L|KPUzz*?i@)XB##xv@8{e(gAwX28~D9RcFw!7G=6 z3gh&ohV#zb{<7YAxGxQ}SZNYK36z z!lmbc1)>=dm^jqg4}|6UsWti{WETD2nmFiVG%s#~@T=H5rMXoz+QVzi zBzi&zOt3CzKn#wTaM#PR9M7*F{fX4DOEBmv3qTmKo(j}eI0>KVK;P4;wz9LIoUk+R ze{b2Dc=~%$F`_wq-TJ%?;UG;SfuM|RvZF~nF+B$^uJE6*K8*DW1p9eM zW<-IX{7Jf7azYhz%8s^J+3^bNI+ouU5#iOkI6f{_e0=MVhew(*Z}tvwpd@fJx#?jH z+#sTEfRxhaniXY`06#&|w6{yRTAOZNUo$cfeUs!kJmi&qfp^X)Nh+~QNT$zE=t^_* zkmEY;&(qMCxG8(X+3pPUJwue$Cj^%-NjaClxQcZVZzRqC#Cr{KGKR{><#1W*;-wm0 zlM|Zk%3~jHczXY2tDsKPv90SebEtFl{iK$LvXVa-;B8&SHzf#Pswq_b`?e~QE2Jb7 zLAT;pP!S8iF@A^?e4aX8J3g3rXvsCBBa{Il!Qh$Q<|A*PU-0uiRHysZBYIXf->tg3 zEpb6{e4Y9k%NqiVPesm=eY)-WnZ4aNM>NQ(!6tH!QX0~vUeZkSI{y1qApeqbyZmOo zE=Bi-)JvyY2is8g+GB!>IKy^*+tex#Ss1kHC*ZDH%F!=+?YsZ16c&Q5wHQ%)`^aY)7*;G>g#X} zGtMjv5gj%U;CiUgRC7T#?FGm0*bau+HZUkA<;)ulBr4Kjt=f{lc>>KeV%L#ohyM9j z^#cl>j1h>$Y5US=Apv3jm8Y6T^iNx7uB%IO6hed;cMTthWAr;kXi(!)_uftf=>qn-Y^cN70`^kDv|>_9SXZsGp`n;B*N zTrXjJlj(Fv{o_u*KalCV8~ya&?3(RCJPGA=KS9oMcIEDwGs59o>>F?7hQN~|Nxiyy z+hJ50I;DFd<#~t|%408h>Ct#SoSr}>9Q`_ZV8)!7_CO#v|RRYh2x32v7Dx_nd`3TAm2RMO4j)iOf%(F%$?nvJ?tq#!1 zKh>|}cV0-0cRuR9>)M3hBV`;WbD&nXQa-T3jx|zGfZss*rrO-7^S?4{>rs5N!%eD< z^`2-{AKA2kBSnyL$=j;Uu)Pa^KeLYSC=)tK&cg;M>qsuq>mh%znQryP8wO25r)-`c zGK?TQG_<0c!*4I6XR}~+1MPF)Yes;Dtqw%hp$JI8kmVGemJiQv42JY;*|un@dxuOL zB$&8(N1uIXVO40Y`PL6@Idg*3gp`xz2227v-S%6>_SWoSz=FHDW3b6o>l#0qb0uBo zn`)BL8}FyK(jgh&@=Ze>Lv?T2>8&Q8d0DF`FUoON1)TfHDTJQD@M8AU)UVW!vQ?NE zdwl%z8eEfviCr}~T;Ck4mN~u{ppsFkC3t#D2W5M7{ zMF#q5m96;${nidA!Wtfa9CVBO=BN7h5FpWe4M^J#|J*JFzVUM_l-S(Ao_KgU@{~^A zSoM76gMl^z@IP-|=EqYC{k|+X0M6U^b9YgwU2^9(b^7r1{K7fD8#lZZi&mdru>r6B zx<;2^1TjC+(%T%tI?R-!CD+T3V$$vmRW;u%0fs6TwI?#wlt;LJGLFoimh;RMyNHwG z7FJ%9Z|mB;PDrr-V6W@fN!}fBK@GY$=#+UsZ0}v_QY(Jm7TY!TZ;ozon@_x$u8EeB@c=_zHgfDjiMSxVG=ZDOhyWyU(l6RaHkry>?Gegpr zt8l{;bF^&(M)#O6iPd1KEm)aCg38@t)?V`IWSoqj@yw`` zPGg~&J^%^U5z36C!sm-$={~mka16L*JeWYYLGPRcGyUz-hpB1U!0q8Bu=2>Zd42P9 zwY1@1tJnJ&&?sI#t|>)X7E!Icj`fH+MtcSrX6f8Xzy}He)?f*Wsc|_ni;QW9G0kze zhdDx<_B;!^x(8bF9G_Z!fu<DI_`lT~EE|$I*%$+iEu(GTPzIt+O{jTD;(q2w&T%+W7;u-^ASigDc7U1N8Rp z4WwUuEcxmmj@>aSNfiSIf+fny=p8|yWpUOrJwoVH?Px6mOfJ`*1mfzUyuO!@hq~Ma zAQ~*JLcF&!sO7;4g$3nv=a(GtUXg&KwDSA-%5XfN=>JhQFA>_*4Dvp# z6NCTNiQx4W$NCaR!KdL36Fh7DYu{HnKi2KwP2*Uzbe#vQ1DQ)Htr%Gt&>yt= z$lsp?{}VR2WW1eMEUFupIN+mEjkvy16Fr@H^aGcWdk;MeLfghl%KET%Ij@2K+)8Uo z;e^X8?7t$;m%6LbRXP!IJ0PChb##m3koQKhb(M|~sv8(yu;M??$V_jhUr9{k%HR?{ ziTe5=zpQ&E0ccs7`*~(FVgS(d0RqmABVQytWrFh5m#LhLZ2BdvWPK0%1bd34xf4qy z^JTVwhDhGqio7v}^mYj>$g_<=EmhCCSlpH{q{~DEG|c%<9kH7E?q5PxAYY)%t2Yrz z6ZRjO34q|W*G>)NtNj5k92=rg`ub*KnsbtEzcgZ3kRbjucvc7#{M06=&mOzNzW6sG zk)>k}{6M|&hM7*Jx4C7~CbhvgEj%9cR3*%pvizJ`MA49LL`ua#_lBq`y}Fl$+tkIH^5zDa<44lDF6Ot-QEBcgRy< z+bVE`8ArTlvO>LUA44jMVTIA3UC41s*t;0e1s*$*=`da~!o zCD*LBxwuDs-BgwLmJ2Y_`vFQ8PaB`OF(S;VU-OquB=~tE+iavcC12?aQ*=e^!-E#X?gFEn7@&Km5yMnHoIpn` zI3)zHB$>1k`49miu?X<-X=Le&k(0PYzWz|zQl?IRx>3&oWG$ENG3rO9^Y2j3KinO z)$Hv>{A#qlC_{B52dQaz9o2onU5dmqcIjd%RI!2q@|>V6vagkWjP{9!c)CV7F}=Kg zs5qxBb4R)+G7X8-^v)7E?(1wTdO1}U?4Y^;30N0L9S6ihwopKE|lp&1x}QYlWdciXJbaaM}{{-yd)ndq=a`s20uHl+u}6UPIksNfT*5N2fL z-bLiIZXwih;K7_^s$2aoog4}36j=_XwU)RRIgUTL+qO22(1*54o_JH`*5h#BX%yor zKr$j5MK^~n49L2!$a6CVA|q(S0U~W1e#VH{5G&}-GzL#$)BfhNZrhg=KW{JJ?Ra1& z^W~%7`h%HAz{2fiGhtgiw##U#K$UU|we9;(DabuDX>=m7h4;(QGQWvZ!7vFXj!}`& zK`8IBXa5fWW~=x22}c|bBUdBN2=^V^Mxm!K&jYej_O&@zvHI{qaA zej;^2YzPAVgJ8qrr%nF2&PHIc^C;^=U+MK&9HdsC@8sHU5Z6d#-nW^eAlYkmHH5Jq zQfgt7eEj>4c}}~bI(Q}QX8o|HJ6GC9NVH*NbMmZ4^=EC3Vh4i(#|NVP)*Qm%5qb%A z4bb>Dl*FJFe2Mkq`NdFN+hns6ML-hizIjU;CDH?bbUaPD5k>_ZZGkEcAHy1jr^D&J z^tBt0`8iu5qU&|ADb5Sb;!;fOWyHDxpJCfLOo(-PET`i=-nUjY{W4IZ_H$HA;k2M$ z(4ji7%o|-pGQAFU?-jS49>u#}n2MBZ2`Is3mh>ApWIZfg4s$i1YTF=v9sD|uw+<5W z3Mi^b)l*E!ORVU%IHGv_)lus=9|I%d%SlEQZXhihkY7o3U?f@R_RCpD9uW)YAXh)p zU>*DFmg7&6cYiKi6|RB2E-7AYUiYmvVEt{XqYaBvQJ_8O6wB}Za>p93V zRBu+(wa$QG!XA9bgq0HeVsm|EKnzHJVqTz&ETkk9(p1{zIQPsPBEq#KZNtUt#A#hQ zKeGLPdd43a<@Zd@usE-h>fX0^0Ts*)t3bB5Vnv(n-yxj#jaMGxuRqTA-nHdNf)DdY($pZR4 z_1f?fd8)=EemYBrf$4g)8t)W@YlKrapBf#Wdh%u=8&CI{_vyeqb$S$uOQ8l6RUGT! zxmtT>bfx4@&U3V; zIXTJJb*#S3al*BBIM9;_^)0NQox4r&5T2}P%IbC73^+6f4GkK9wS3~q&+|SC(^qpO72uWH9NqwGk_j@PfvE4nSz5D(f zf+-6CZ_(hBOxxBuPL`TnM?VE5jC7pqFi!6i@9#|#8(Z95*T@m#4;Jf_(6^$;p8h>B|Z1D*kUzw{&&H#oIQH4*;DVP>_Q@f6of}CIby{x zD+YC>YEF>}*a`QJPlzREUJwr51Ccj9yRgoOI@3(+$_*(+_W9E4$1^Aa#(VaoJ68tL zKiQ;kO@JnUVP@@k%1y!Zm{=N+_0D79Tn7>Lcb99*qzIf-rVS(p&jboK#XlZdnh@#2 zy+B*s{(gLcON0uvB}4(nUre1-`xFrf(KXe}XF}TYuea}}JP!sWT`+;hZ=1&wzHcX} zD@2;6pH2%)7LEoB%T;$HZlED7C+1o4lKEV_3bZ8Z%0ylLs7$8_(&_U~o)m3=yE#Yv z+a$R*#yZcMd?!f#a;kZ%zN))dVkxvZa36zfjuup-Vb5k9`KRpx;%N zT|QA$`}ncj2YbaArEd>@{d)2J)34{b#s@laPhi3XZZK8=D1PreF<$AqVmYSo7CLaV zni%DU%$;wp$#zznJZXH|Qps8HyTJt0-fjO4+Y|*{!YIJ;Y!4im|GkEl6m8%d3J5OS zX+X_R=^Hs^tvA=)Gm|d8uI9rpdY~K#+d9v*e~YrBH8PKaV%WwsNKEi+O??cv3k;c2 zLAD5&nq^Rc0JY_aGNl(^hc7I4*%U-s4c+0K3~pfo+Vp4T8}3-zuNS~u%F|-zQmBy6 z@|=S{V+KjCO96E&GC`SX7GM^~Ve7jWOaD?o7#$D1wpa*1Skao6-f4W&C|20_B=nr# z)u(@y{Zi$%wctK!YR@!cFIe1uIAPFI$!sU%yI`Wf8~L%cZt{AY$&GCLhL!Aq?%1_} zS7L|k+6F>O`|EAUsMy-q{PXRHBGWrTl4vfJ{C;Dzz@F`IAO;N*=Pvi5d3bRQxLx^N z{TuM&ZQs6;xV_nfwe`H6Lq8HNy6>m(4`v=Nvk=JKMPNooJ~aHqn=|JSdS8HEkdvrL z8a_D~5iMO3tv}g(t;#*e7QwfKJ~e^}IR;I|2OEWs?+9o+SgBaK80&phPM_ zHz&Ga+$=v}$>#(OSVN^Il*|>VCrFjKmB zEu%HJa?PkiE3WLAhozIPrmDjiYcKfnwOVF4=+f95n(VuRUv##)yHcheeg>ao;%LvV z(!0A_RNQjf#CJFPD4K`++{Wu#jxIBfXBy2TUqc<5@@B~%A2W^oPTY8U;NbeESl)QG z(cB;tZKiBm23>UABmN@V_del`qCr}s@4#H(kUB(%36R5JP)AQ;i9y)H@O6G>_R7_S z&Y`7Uc0d12!TDM55`%dE+CEjMsN2x+6PNCzI)$yuoET~Q1*mYk2_vhPI0Tu`2ZI6* zLxkp**+O*w^pcgv$dYF_@m%p|D8mIG>%$eS+7r&WDZYqPx;s@=An|fIlDdz9ogOpa z1?eGi?b6t1tP4gl1}+ue9~($6buEsw?CI#MpEVc*iuSEiq;Brx^G~^?<>M-m2~Ksi zoxg=ERI{s%$)v8XZ{nHo*G0F>q)$F|dmVeVFb&CRuq#BGMg?=e&6v~Lzf9iCDU+gt!I6jW(Z!gXgXI9e& zt}{#aZu!rG>D^DkDt18>ZPBI5s?IXs#xoJfwYoU3u>ei2;@Q53IS+V)l9o^Vq*|cX z&F}v42-{%c_7xV&JVIV}ku%Nj8h+^F1CBZ|^#Y>E==OGL&xW8`e~DD+6d}LV%qOtM ziY(e=x|VwJacZNr)V0Gdug@z+>Xfo>i~w_f7AKvX0%D26*y3V8lge(*;^IxOy=6YT zIUH<7(KN{YwCCE5{^^o+@9FHJy)$WN?`B#b5E|GEV-Mnq^${#>=0h?rR-6r{D`yz& zH@41CnwpooS}Xma9XSyV6IA!dO9Xn5et)AyiLV@S+`K@_c6jNy6S}4BklwWMX%kR- z@*{yY3fu9AEr49GiSC2p8>468zBuxyME!i1qy3!C57eA2coRQAYpsNkK#WK9l+~dH zI_+1tYf@5I!H2pUjE}W~Muc~oF#ncW+Fgw^i&8wTN=~x`b!Mi(^EukhJvpDQokm7{ zqkDb9g|b^qXhmbOpLyN(4RNolveoz+^AWR8U+ct)s9xCyT2Y^V0F=q{`$cS%B|KV$ zj)^yj)UzI}lr|i1Mm3HVUB5+Y)i1v%d}MfXEH?hOR9~~{s`>|?@CRL_*+qi8&&VZU zSzk=o3+y|44u2iBbSzNQ4$)$M*rTKP(NQyX5034Xb-RMc8?v~S3#rKu9*y_{?C*P* zAF5mS8Srz72!||>i9gqU-*WRv@^V`J_1>DxpZ{A=p&Ba3cSh$<-*wfu+~HMc4nI>6 zN%I37v*x1zejSVn`8_*YV99yluPe8?hg+s}6Lx&<~Utj%(SfZ#i`2)XY9e0%AfAag7JQfD>2szrHwy zuJEr6{rwBilS`i2@qYdx4ZzD;z^aUJwNX7V>#;iw*mPh1uUGZ|yt@D0-??kilg5Xu zDY&Ukpo+^B;>Sp!nk^h|g8Ljvz5X?0+j`7N#G+|s(kG}CH*Gydp)4yjB40xGpfVF(MJDpDEtsSBH0Dm55E0uAO61!C@sseVI}0U z4U3d~IQm2ryPw8L35yJ3gqQ4{%dNFy-}v{0$VIgpn#n16uXBbY`#0ezN|vtDZ7&U+ zWu@NwlLBAM8X8HEs_H9m={r91dL#7TKI8ZC5F6KGv(p-bwHltdl zoqD~UZNhAQ+h5VSpMUOaSdWKhYuc>LN`2j?hV5lq9r5?FkmtrpO z!u#yMHdVtOFx!D>PB#cZXw8{;dU#9#**Eo(1>i z+-TU-y`Uk!q|ty;urxgmXe9*H9AA$v^4QqTEiy^#0l`xNh{2|S-#8|0t%+TQvMca? z)EyU+01PA}Y(El4wb#=AeafZ5<8q%C`M&1~^*(-xBh8AlN__}IPG+Ag>5Pn+&&+@8 z+lYxZ)qdAq3U7C!zf1S>@d5Bvk1HdhsQv_DjDy3*T9*SrNfiJ}+WU)=ME--4n0;;X zM*)=N^A{z#`2#2^y#qi=@Bd#Y>0YYpN!8IHOv8FSo1b-Uzj%HeEQ!Rnm6P{U1b$~4 zNtZ-X4f1_BTRjfdb-XLZ`Xe+t&bQ?bDf+xVmR_}C9Rhf3-(j(-(w*=hKmrv`?;BbN zCCrSYsdtFyNi&m5mWHPNrEj?=C6er8HR^5QIWD$bnI;Kp#ZjXffyq|g2C!D3NAMwC zqTOAQ?(|%L51IfuvQ$0}kxB=3xLVMiFt|~+=6sTsmXp?xvNP(-u<9Ku zh?djtZbJW+tZ9JdLU9vXm~g{5a=3mj5VTRG`MxKDYiNf3XItuyr{L!45S_bcPbB@g zB{kNy5()dG>==i;iEhCm6c&}Z<;*!v0Hx#V?ZS-Bj{WtANY@%32v_v7n#gncekw8TJXcCR5c7=Uvt*3W);j_~jKWd7EM`!!q_+K&m6di>a~LwqPx_?=;lHjBjf&G36vR0GSV=BT%o55*z{gQ)%m^U- z#e$yIP9(Lrhf2)q0>x$6L#!*q!I8cy(OOjo2hwD6@$M?4%?k8x*G6V|z?}sF zrnMqn)}gb^Qmtdc=m3XJWB+zPmOdlxMopRioc_aG~II}@qF2-@Aoa{L+JoSs-?r`F&(g{VcC(y z6pgK}n7oV4Ry8iHS3>LkRBiHygou{j zwD=sW4Oq;aK=U2CZI>(Nu_+AV1T4f$nA0z|J}kBM=w9@7X>?MRVL5u?7@Ak|n5eNjRf39fpaIA0>;E&_-e ze6&*_Vk|vi&psxfo*fW44_53f2H2q%`X-@EO8#Ta?uv{!-fFS{{ zh5s<506QI}%cQFs&~-=gP-Ceay?BhPUT$XB>C}o?IZt zVt83bdlo3u7ABOw*=`Jaj#8^PH7P?{T8@Pj)AlOXPk(GlaIUE_8tKuCQ$~{2YM;m4 z3z`}eNSPBu^L3UnRjwOCc)==glIt?}UyRf$@!uFJ!REg)((vW#j6FIK;QOb z{6?0vug9=;m?aBxkk1f-EvXPqj~gGIH7dwn4%E?V@3sQfL$AL_ne%?V_|&4illTN8 zfT9_gxas#lOL5up&i7-zfCDEkbKjA^3KUaAGl(JASoU1qalK z$%ECIKJ73el+rwqUCI_qra00C;+oYF6glf33Eqp>0Uo%w{$E$pA3X>W1dAXs6#J-& z&w?y4ec-97Nl}kqArsuY(^2VjRIm5j1YSbWFYG#S*F}403TWxx6g*{-aKu>qwChah zUyhXWAC8o>AZJAWhvRXb+V(jg=O)`oaMzqnacYX(eNq16IA9)S#gUr7fO`%T1WU6l za>z#Ub&Bk{Xy3bg{5cVP8()VDOxe8|}=sskz;y$mf4DsEtnUErf+H zDC@lwEEEl&v;~QFjfoC!N)cv8Z&$3cjEb1GmkFbqYob+5gl1)xVwQbs7^*M0T2xJW z-V{Ieg>{+fv!MN4{tST`wlJk05dgK{U=PVv6(9QHoGO0FGjH-o{7ui0+h10Tj1ISq zFtWzkhfp`iO*QkE0Er-2r1QNs&Ogmx{xl8J4$LQkZI85VtX)QZ{~O~Q5BrR*@UZ4& zsqc!Z<$Z>FAceg^NV^<@(u_7_-l6xk6Lf1wgPSCkrRA~jr&`iU->0DXY=dL!_tt|S z{2V%DUr3o-xU zu%>kq(n}*7&%t4XYaudcRHCG<9DOwpd{o_dZ{ZG_H79<(D0LY8mN~Q+h~(~`6Jra) zn7Q*m}=89*UT=YQr=wc_d?6A~e4D?>BATv_IBkGNkwZ7oyxqT>Gf<8JJ`A4Y>! z-0Y*<7+fjc#XK@+Ki^_3!Ju%^UuZNS!TJw0GWicQ%3HaX@)sKYvEx4+$NAdeY{m7P zc`g^5)elbf@cQ=cjr|LaUI1?(41h+NwS>XHO_=iX0S6Μp0+`r*|7P$RMbp+-Uq zvl`^!w2O)v32SNb=&g*s?=t>C5YHwkj%8BHw1wuhH&!t8Zb36PL6^slw>+uIkDjcY zSwIVzIM4r(6+9nfH539Q?~W5dG{zPLI`J~mW4scHF>9e~;l0THT5zj1gJY%C`Lw;O z(c_1F?!WEP2Z+&Y)25n&#LVLd;Y)}{o1fdLYm_AJ z4(W!}0!tykd(;8axXF(0*CtPKn)YNzoT5X|aj;v;R1+h*WxpH?$Yrp6tn+yKPMrRy zb?UglVPb6kF>BA}yaQaP`zVJ394S=NxvIqVBi8~yL?QI$%Jw!>a`5@sh|rdQILvN7<^>feomnG zR&T31-kVqYR&>kWZ0DwT&pkh?e`9?&TXDnI&L!qWuIe{kay%!Oq-$)_)QGNnR(~*j zf97B2Z&QBUU3&guym-azu*+ZO@?Bk+8-Lt;O{BB#*)_u6va8%#GV=oWm#T43&u~m? z_0n0sB&vM>#JtbIPK%lXKjwWjEUR`#vf=}ph}ZP`}+ySrZR zL0puZyn#ngU8HP*pIy#l1;KarAHwZ#1b++sJKH`jSO55ZmVH9*3toMfGv2y!)<@Io zli#EFuD!h}cV2p2l!+y?y?%`FJpO+iT!p{GE4J_d6TQ3tul}a>OZPw6v&8;Q@uG#V z|1)s&o&L|@@qYEs^BtStyykyAk6V9v$D9mLr!QA#HSbBSKK8AA(~EkwkLkjNY|<|k zr>B-|ELCoswfwBFpV#a?>D33Vt#8KrwLjrMVXM9izwa#!4#o?Q7tPcKHd0v$%J@x&mDH z_w8IUXs{1-%$;qqW0IT3BH&Gww!RkDd|v_`7|NKLCRq1B0uID+Z+w-(ci_26paWx4 z#=XOPMFN;+N_=0UcO1x)b-j0Q-<8?3*MZOKZ@=aKvGq6Ok6xc=^+Wp6)r()f-m)@sxeDzDSU6bMuXUnyx z=Wcr_crm_2P+3N&&%n>}G0wW&L&?)9I4BqdU{ r=9OftkFI5S@7lmadRe!la*MTNZ=LzLN@LO9$uF3Io*5~a|Nl(@z!l3N literal 0 HcmV?d00001 diff --git a/content/v3/csidriver/installation/operator/powerflex.md b/content/v3/csidriver/installation/operator/powerflex.md new file mode 100644 index 0000000000..d1f42b6a5b --- /dev/null +++ b/content/v3/csidriver/installation/operator/powerflex.md @@ -0,0 +1,210 @@ +--- +title: PowerFlex +description: > + Installing CSI Driver for PowerFlex via Operator +--- +## Installing CSI Driver for PowerFlex via Operator + +The CSI Driver for Dell EMC PowerFlex can be installed via the Dell CSI Operator. + +To deploy the Operator, follow the instructions available [here](../). + +There are sample manifests provided which can be edited to do an easy installation of the driver. Note that the deployment of the driver using the operator does not use any Helm charts. The installation and configuration parameters will be slightly different from the ones specified via the Helm installer. + +Kubernetes Operators make it easy to deploy and manage the entire lifecycle of complex Kubernetes applications. Operators use Custom Resource Definitions (CRD) which represents the application and use custom controllers to manage them. + +### Prerequisites: +#### SDC Deployment for Operator +- This feature deploys the sdc kernel modules on all nodes with the help of an init container. +- For non-supported versions of the OS also do the manual SDC deployment steps given below. Refer to https://hub.docker.com/r/dellemc/sdc for supported versions. +- **Note:** When the driver is created, MDM value for initContainers in driver CR is set by the operator from mdm attributes in the driver configuration file, + config.yaml. An example of config.yaml is below in this document. Do not set MDM value for initContainers in the driver CR file manually. +- **Note:** To use an sdc-binary module from customer ftp site: + - Create a secret, sdc-repo-secret.yaml to contain the credentials for the private repo. To generate the base64 encoding of a credential: + ```yaml + echo -n | base64 -i +``` + secret sample to use: + ```yaml + apiVersion: v1 + kind: Secret + metadata: + name: sdc-repo-creds + namespace: vxflexos + type: Opaque + data: + # set username to the base64 encoded username, sdc default is + username: + # set password to the base64 encoded password, sdc default is + password: +``` + - Create secret for FTP side by using the command `kubectl create -f sdc-repo-secret.yaml`. +- Optionally, enable sdc monitor by uncommenting the section for sidecar in manifest yaml. +##### Example CR: [config/samples/vxflex_v210_ops_48.yaml](https://github.com/dell/dell-csi-operator/blob/master/samples/vxflex_v210_ops_48.yaml) +```yaml + sideCars: + # Comment the following section if you don't want to run the monitoring sidecar + - name: sdc-monitor + envs: + - name: HOST_PID + value: "1" + - name: MDM + value: "" + - name: external-health-monitor + args: ["--monitor-interval=60s"] + initContainers: + - image: dellemc/sdc:3.6 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.x.x.x,10.x.x.x" +``` + *Note:* Please comment the sdc-monitor sidecar section if you are not using it. Blank values for MDM will result in error. Do not comment the external-health-monitor argument. + +### Manual SDC Deployment + +For detailed PowerFlex installation procedure, see the _Dell EMC PowerFlex Deployment Guide_. Install the PowerFlex SDC as follows: + +**Steps** + +1. Download the PowerFlex SDC from [Dell EMC Online support](https://www.dell.com/support). The filename is EMC-ScaleIO-sdc-*.rpm, where * is the SDC name corresponding to the PowerFlex installation version. +2. Export the shell variable _MDM_IP_ in a comma-separated list using `export MDM_IP=xx.xxx.xx.xx,xx.xxx.xx.xx`, where xxx represents the actual IP address in your environment. This list contains the IP addresses of the MDMs. +3. Install the SDC per the _Dell EMC PowerFlex Deployment Guide_: + - For Red Hat Enterprise Linux and CentOS, run `rpm -iv ./EMC-ScaleIO-sdc-*.x86_64.rpm`, where * is the SDC name corresponding to the PowerFlex installation version. +4. To add more MDM_IP for multi-array support, run `/opt/emc/scaleio/sdc/bin/drv_cfg --add_mdm --ip 10.xx.xx.xx.xx,10.xx.xx.xx` + +### Install Driver + +1. Create namespace: + Run `kubectl create namespace ` command using the desired name to create the namespace. +2. Prepare the config.yaml for driver configuration. + + Example: config.yaml + + ```yaml + # Username for accessing PowerFlex system. + # Required: true + - username: "admin" + # Password for accessing PowerFlex system. + # Required: true + password: "password" + # System name/ID of PowerFlex system. + # Required: true + systemID: "ID1" + # REST API gateway HTTPS endpoint for PowerFlex system. + # Required: true + endpoint: "https://127.0.0.1" + # Determines if the driver is going to validate certs while connecting to PowerFlex REST API interface. + # Allowed values: true or false + # Required: true + # Default value: true + skipCertificateValidation: true + # indicates if this array is the default array + # needed for backwards compatibility + # only one array is allowed to have this set to true + # Required: false + # Default value: false + isDefault: true + # defines the MDM(s) that SDC should register with on start. + # Allowed values: a list of IP addresses or hostnames separated by comma. + # Required: true + # Default value: none + mdm: "10.0.0.1,10.0.0.2" + # Defines all system names used to create powerflex volumes + # Required: false + # Default value: none + AllSystemNames: "name1,name2" + - username: "admin" + password: "Password123" + systemID: "ID2" + endpoint: "https://127.0.0.2" + skipCertificateValidation: true + mdm: "10.0.0.3,10.0.0.4" + AllSystemNames: "name1,name2" + ``` + + After editing the file, run the following command to create a secret called `vxflexos-config` + `kubectl create secret generic vxflexos-config -n --from-file=config=config.yaml` + + Use the following command to replace or update the secret: + + `kubectl create secret generic vxflexos-config -n --from-file=config=config.yaml -o yaml --dry-run=client | kubectl replace -f -` + + *Note:* + + - System ID, MDM configuration, etc. now are taken directly from config.yaml. MDM provided in the input_sample_file.yaml will be overidden with MDM values in config.yaml. + +3. Create a Custom Resource (CR) for PowerFlex using the sample files provided [here](https://github.com/dell/dell-csi-operator/tree/master/samples). +4. Users should configure the parameters in CR. The following table lists the primary configurable parameters of the PowerFlex driver and their default values: + + | Parameter | Description | Required | Default | + | --------- | ----------- | -------- |-------- | + | replicas | Controls the number of controller pods you deploy. If the number of controller pods is greater than the number of available nodes, excess pods will become stay in a pending state. Defaults are 2 which allows for Controller high availability. | Yes | 2 | + | ***Common parameters for node and controller*** | + | X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT | Enable list volume operation to include snapshots (since creating a volume from a snap actually results in a new snap) | No | false | + | X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE | Enable this to automatically delete all snapshots in a consistency group when a snap in the group is deleted | No | false | + | X_CSI_DEBUG | To enable debug mode | No | true | + | X_CSI_ALLOW_RWO_MULTI_POD_ACCESS | Setting allowRWOMultiPodAccess to "true" will allow multiple pods on the same node to access the same RWO volume. This behavior conflicts with the CSI specification version 1.3. NodePublishVolume description that requires an error to be returned in this case. However, some other CSI drivers support this behavior and some customers desire this behavior. Customers use this option at their own risk. | No | false | +5. Execute the `kubectl create -f ` command to create PowerFlex custom resource. This command will deploy the CSI-PowerFlex driver. + - Example CR for PowerFlex Driver + ```yaml + apiVersion: storage.dell.com/v1 + kind: CSIVXFlexOS + metadata: + name: test-vxflexos + namespace: test-vxflexos + spec: + driver: + configVersion: v6 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + common: + image: "dellemc/csi-vxflexos:v2.0.0" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + - name: X_CSI_DEBUG + value: "true" + - name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS + value: "false" + sideCars: + # Uncomment the following section if you want to run the monitoring sidecar + # - name: sdc-monitor + # envs: + # - name: HOST_PID + # value: "1" + # - name: MDM + # value: "" + - name: external-health-monitor + args: ["--monitor-interval=60s"] + initContainers: + - image: dellemc/sdc:3.6 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.x.x.x,10.x.x.x" #provide MDM value + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: vxflexos-config-params + namespace: test-vxflexos + data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "TEXT" + ``` + ### Pre-Requisite for installation with OLM + Please run the following commands for creating the required ConfigMap before installing the dell-csi-operator using OLM. + + 1. git clone https://github.com/dell/dell-csi-operator.git + 2. cd dell-csi-operator + 3. tar -czf config.tar.gz driverconfig/ + # Replace operator-namespace in the below command with the actual namespace where the operator will be deployed by OLM + 4. kubectl create configmap dell-csi-operator-config --from-file config.tar.gz -n diff --git a/content/v3/csidriver/installation/operator/powermax.md b/content/v3/csidriver/installation/operator/powermax.md new file mode 100644 index 0000000000..e0fdae7724 --- /dev/null +++ b/content/v3/csidriver/installation/operator/powermax.md @@ -0,0 +1,301 @@ +--- +title: PowerMax +description: > + Installing CSI Driver for PowerMax via Operator +--- + +## Installing CSI Driver for PowerMax via Operator + +CSI Driver for Dell EMC PowerMax can be installed via the Dell CSI Operator. + +To deploy the Operator, follow the instructions available [here](../). + +There are sample manifests provided which can be edited to do an easy installation of the driver. Please note that the deployment of the driver using the operator does not use any Helm charts and the installation and configuration parameters will be slightly different from the ones specified via the Helm installer. + +Kubernetes Operators make it easy to deploy and manage the entire lifecycle of complex Kubernetes applications. Operators use Custom Resource Definitions (CRD) which represents the application and use custom controllers to manage them. + +### Prerequisite + +#### Create secret for client-side TLS verification (Optional) +Create a secret named powermax-certs in the namespace where the CSI PowerMax driver will be installed. This is an optional step and is only required if you are setting the env variable X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION to false. See the detailed documentation on how to create this secret [here](../../helm/powermax#certificate-validation-for-unisphere-rest-api-calls). + + +### Install Driver + +1. Create namespace: + Run `kubectl create namespace ` using the desired name to create the namespace. +2. Create PowerMax credentials: + Create a file called powermax-creds.yaml with the following content: + ```yaml + apiVersion: v1 + kind: Secret + metadata: + name: powermax-creds + # Replace driver-namespace with the namespace where driver is being deployed + namespace: + type: Opaque + data: + # set username to the base64 encoded username + username: + # set password to the base64 encoded password + password: + # Uncomment the following key if you wish to use ISCSI CHAP authentication (v1.3.0 onwards) + # chapsecret: + ``` + Replace the values for the username and password parameters. These values can be obtained using base64 encoding as described in the following example: + ``` + echo -n "myusername" | base64 + echo -n "mypassword" | base64 + # If mychapsecret is the ISCSI CHAP secret + echo -n "mychapsecret" | base64 + + ``` + Run the `kubectl create -f powermax-creds.yaml` command to create the secret. +3. Create a Custom Resource (CR) for PowerMax using the sample files provided [here](https://github.com/dell/dell-csi-operator/tree/master/samples). +4. Users should configure the parameters in CR. The following table lists the primary configurable parameters of the PowerMax driver and their default values: + + | Parameter | Description | Required | Default | + | --------- | ----------- | -------- |-------- | + | replicas | Controls the number of controller Pods you deploy. If controller Pods are greater than the number of available nodes, excess Pods will become stuck in pending. The default is 2 which allows for Controller high availability. | Yes | 2 | + | ***Common parameters for node and controller*** | + | X_CSI_K8S_CLUSTER_PREFIX | Define a prefix that is appended to all resources created in the array; unique per K8s/CSI deployment; max length - 3 characters | Yes | XYZ | + | X_CSI_POWERMAX_ENDPOINT | IP address of the Unisphere for PowerMax | Yes | https://0.0.0.0:8443 | + | X_CSI_TRANSPORT_PROTOCOL | Choose which transport protocol to use (ISCSI, FC, auto or None) | Yes | auto | + | X_CSI_POWERMAX_PORTGROUPS |List of comma-separated port groups (ISCSI only). Example: "PortGroup1,PortGroup2" | No | - | + | X_CSI_MANAGED_ARRAYS | List of comma-separated array ID(s) which will be managed by the driver | Yes | - | + | X_CSI_POWERMAX_PROXY_SERVICE_NAME | Name of CSI PowerMax ReverseProxy service. Leave blank if not using reverse proxy | No | - | + | X_CSI_GRPC_MAX_THREADS | Number of concurrent grpc requests allowed per client | No | 4 | +| X_CSI_POWERMAX_DRIVER_NAME | Set custom CSI driver name. For more details on this feature see the related [documentation](../../../features/powermax/#custom-driver-name) | No | - | +| ***Node parameters***| + | X_CSI_POWERMAX_ISCSI_ENABLE_CHAP | Enable ISCSI CHAP authentication. For more details on this feature see the related [documentation](../../../features/powermax/#iscsi-chap) | No | false | +5. Execute the following command to create the PowerMax custom resource:`kubectl create -f `. The above command will deploy the CSI-PowerMax driver. + +### CSI PowerMax ReverseProxy + +CSI PowerMax ReverseProxy is an optional component that can be installed with the CSI PowerMax driver. For more details on this feature see the related [documentation](../../../features/powermax#csi-powermax-reverse-proxy). + +When you install CSI PowerMax ReverseProxy, dell-csi-operator will create a Deployment and ClusterIP service as part of the installation + +**Note** - To use the ReverseProxy with the CSI PowerMax driver, the ReverseProxy service should be created before you install the CSIPowerMax driver. + +#### Pre-requisites +Create a TLS secret that holds an SSL certificate and a private key which is required by the reverse proxy server. +Use a tool such as `openssl` to generate this secret using the example below: + +``` + openssl genrsa -out tls.key 2048 + openssl req -new -x509 -sha256 -key tls.key -out tls.crt -days 3650 + kubectl create secret -n powermax tls revproxy-certs --cert=tls.crt --key=tls.key +``` + +#### Set the following parameters in the CSI PowerMaxReverseProxy Spec +* **tlsSecret** : Provide the name of the TLS secret. If using the above example, it should be set to `revproxy-certs` +* **config** : This section contains the details of the Reverse Proxy configuration +* **mode** : This value is set to `Linked` by default. Do not change this value +* **linkConfig** : This section contains the configuration of the `Linked` mode +* **primary** : This section holds details for the primary Unisphere which the Reverse Proxy will connect to +* **backup** : This optional section holds details for a backup Unisphere which the Reverse Proxy can connect +to if the primary Unisphere is unreachable +* **url** : URL of the Unisphere server +* **skipCertificateValidation**: This setting determines if the client-side Unisphere certificate validation is required +* **certSecret**: Secret name which holds the CA certificates which was used to sign Unisphere SSL certificates. Mandatory if skipCertificateValidation is set to `false` +* **standAloneConfig** : This section contains the configuration of the `StandAlone` mode. Refer to the sample below for the detailed config + +>Note: Only one of the `Linked` or `StandAlone` configurations needs to be supplied. The appropriate `mode` needs to be set in the spec as well. + +Here is a sample manifest with each field annotated. A copy of this manifest is provided in the `samples` folder +```yaml +apiVersion: storage.dell.com/v1 +kind: CSIPowerMaxRevProxy +metadata: + name: powermax-reverseproxy # <- Name of the CSIPowerMaxRevProxy object + namespace: test-powermax # <- Set the namespace to where you will install the CSI PowerMax driver +spec: + # Image for CSI PowerMax ReverseProxy + image: dellemc/csipowermax-reverseproxy:v1.4.0 # <- CSI PowerMax Reverse Proxy image + imagePullPolicy: Always + # TLS secret which contains SSL certificate and private key for the Reverse Proxy server + tlsSecret: csirevproxy-tls-secret + config: + mode: Linked + linkConfig: + primary: + url: https://0.0.0.0:8443 #Unisphere URL + skipCertificateValidation: true # This setting determines if client side Unisphere certificate validation is to be skipped + certSecret: "" # Provide this value if skipCertificateValidation is set to false + backup: # This is an optional field and lets you configure a backup unisphere which can be used by proxy server + url: https://0.0.0.0:8443 #Unisphere URL + skipCertificateValidation: true + standAloneConfig: # Set mode to "StandAlone" in order to use this config + storageArrays: + - storageArrayId: "000000000001" + # Unisphere server managing the PowerMax array + primaryURL: https://unisphere-1-addr:8443 + # proxyCredentialSecrets are used by the clients of the proxy to connect to it + # If using proxy in the stand alone mode, then the driver must be provided the + # same secret. + # The format of the proxy credential secret are exactly the same as the unisphere credential secret + # For using the proxy with the driver, use the same proxy credential secrets for + # all the managed storage arrays + proxyCredentialSecrets: + - proxy-creds + - storageArrayId: "000000000002" + primaryURL: https://unisphere-2-addr:8443 + # An optional backup Unisphere server managing the same array + # This can be used by the proxy to fall back to in case the primary + # Unisphere is inaccessible temporarily + backupURL: unisphere-3-addr:8443 + proxyCredentialSecrets: + - proxy-creds + managementServers: + - url: https://unisphere-1-addr:8443 + # Secret containing the credentials of the Unisphere server + arrayCredentialSecret: unsiphere-1-creds + skipCertificateValidation: true + - url: https://unisphere-2-addr:8443 + arrayCredentialSecret: unsiphere-2-creds + skipCertificateValidation: true + - url: https://unisphere-3-addr:8443 + arrayCredentialSecret: unsiphere-3-creds + skipCertificateValidation: true + +``` + +#### Installation +Copy the sample file - `powermax_reverseproxy.yaml` from the `samples` folder or use the sample available in the `OperatorHub` UI +Edit and input all required parameters and then use the `OperatorHub` UI or run the following command to install the CSI PowerMax Reverse Proxy service: + + kubectl create -f powermax_reverseproxy.yaml + +You can query for the deployment and service created as part of the installation using the following commands: + + kubectl get deployment -n + kubectl get svc -n + +There is a new sample file - `powermax_revproxy_standalone_with_driver.yaml` in the `samples` folder which enables installation of +CSI PowerMax ReverseProxy in `StandAlone` mode along with the CSI PowerMax driver. This mode enables the CSI PowerMax driver to connect +to multiple Unisphere servers for managing multiple PowerMax arrays. Please follow the same steps described above to install ReverseProxy +with this new sample file. + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for powermax version 2.0.0. + +### Operator based installation +As part of driver installation, a ConfigMap with the name `powermax-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `powermax-config-params` and update `CSI_LOG_LEVEL` to the desired log level. +``` +kubectl edit configmap -n powermax powermax-config-params +``` +### Sample CRD file for powermax + +``` yaml +apiVersion: storage.dell.com/v1 +kind: CSIPowerMax +metadata: + name: test-powermax + namespace: test-powermax +spec: + driver: + # Config version for CSI PowerMax v2.0.0 driver + configVersion: v2.0.0 + # replica: Define the number of PowerMax controller nodes + # to deploy to the Kubernetes release + # Allowed values: n, where n > 0 + # Default value: None + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + common: + # Image for CSI PowerMax driver v2.0.0 + image: dellemc/csi-powermax:v2.0.0 + # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. + # Allowed values: + # Always: Always pull the image. + # IfNotPresent: Only pull the image if it does not already exist on the node. + # Never: Never pull the image. + # Default value: None + imagePullPolicy: IfNotPresent + envs: + # X_CSI_MANAGED_ARRAYS: Serial ID of the arrays that will be used for provisioning + # Default value: None + # Examples: "000000000001", "000000000002" + - name: X_CSI_MANAGED_ARRAYS + value: "000000000000,000000000001" + # X_CSI_POWERMAX_ENDPOINT: Address of the Unisphere server that is managing the PowerMax arrays + # Default value: None + # Example: https://0.0.0.1:8443 + - name: X_CSI_POWERMAX_ENDPOINT + value: "https://0.0.0.0:8443/" + # X_CSI_K8S_CLUSTER_PREFIX: Define a prefix that is appended onto + # all resources created in the Array + # This should be unique per K8s/CSI deployment + # maximum length of this value is 3 characters + # Default value: None + # Examples: "XYZ", "EMC" + # Examples: "XYZ", "EMC" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "XYZ" + # X_CSI_POWERMAX_PORTGROUPS: Define the set of existing port groups that the driver will use. + # It is a comma separated list of portgroup names. + # Required only in case of iSCSI port groups + # Allowed values: iSCSI Port Group names + # Default value: None + # Examples: "pg1", "pg1, pg2" + - name: "X_CSI_POWERMAX_PORTGROUPS" + value: "" + # "X_CSI_TRANSPORT_PROTOCOL" can be "FC" or "FIBRE" for fibrechannel, + # "ISCSI" for iSCSI, or "" for autoselection. + # Allowed values: + # "FC" - Fiber Channel protocol + # "FIBER" - Fiber Channel protocol + # "ISCSI" - iSCSI protocol + # "" - Automatic selection of transport protocol + # Default value: "" + - name: "X_CSI_TRANSPORT_PROTOCOL" + value: "" + # X_CSI_POWERMAX_PROXY_SERVICE_NAME: Refers to the name of the proxy service in kubernetes + # Set this to "powermax-reverseproxy" if you are installing the proxy + # Allowed values: "powermax-reverseproxy" + # default values: "" + - name: "X_CSI_POWERMAX_PROXY_SERVICE_NAME" + value: "" + # X_CSI_GRPC_MAX_THREADS: Defines the maximum number of concurrent grpc requests. + # Set this value to a higher number (max 50) if you are using the proxy + # Allowed values: n, where n > 4 + # default values: None + - name: "X_CSI_GRPC_MAX_THREADS" + value: "4" + + node: + envs: + # X_CSI_POWERMAX_ISCSI_ENABLE_CHAP: Determine if the driver is going to configure + # ISCSI node databases on the nodes with the CHAP credentials + # If enabled, the CHAP secret must be provided in the credentials secret + # and set to the key "chapsecret" + # Allowed values: + # "true" - CHAP is enabled + # "false" - CHAP is disabled + # Default value: "false" + - name: "X_CSI_POWERMAX_ISCSI_ENABLE_CHAP" + value: "false" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: powermax-config-params + namespace: test-powermax +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "JSON" + +``` + + +Note: + - `dell-csi-operator` does not support the installation of CSI PowerMax ReverseProxy as a sidecar to the controller Pod. This facility is + only present with `dell-csi-helm-installer`. + - `Kubelet config dir path` is not yet configurable in case of Operator based driver installation. + - Also, snapshotter and resizer sidecars are not optional to choose, it comes default with Driver installation. diff --git a/content/v3/installation/operator/powerstore.md b/content/v3/csidriver/installation/operator/powerstore.md similarity index 62% rename from content/v3/installation/operator/powerstore.md rename to content/v3/csidriver/installation/operator/powerstore.md index 6784720789..8fb2f30f95 100644 --- a/content/v3/installation/operator/powerstore.md +++ b/content/v3/csidriver/installation/operator/powerstore.md @@ -1,9 +1,9 @@ --- title: PowerStore description: > - Installing PowerStore CSI Driver via Operator + Installing CSI Driver for PowerStore via Operator --- -## Installing PowerStore CSI Driver via Operator +## Installing CSI Driver for PowerStore via Operator The CSI Driver for Dell EMC PowerStore can be installed via the Dell CSI Operator. @@ -12,7 +12,7 @@ To deploy the Operator, follow the instructions available [here](../). There are sample manifests provided which can be edited to do an easy installation of the driver. Note: The deployment of the driver using the operator does not use any Helm charts. The installation and configuration parameters will be slightly different from the ones specified via the Helm installer. -Kubernetes Operators make it easy to deploy and manage entire lifecycle of complex Kubernetes applications. Operators use Custom Resource Definitions (CRD) which represents the application and use custom controllers to manage them. +Kubernetes Operators make it easy to deploy and manage the entire lifecycle of complex Kubernetes applications. Operators use Custom Resource Definitions (CRD) which represents the application and use custom controllers to manage them. ### Install Driver @@ -25,12 +25,13 @@ Kubernetes Operators make it easy to deploy and manage entire lifecycle of compl ```yaml arrays: - endpoint: "https://10.0.0.1/api/rest" # full URL path to the PowerStore API + globalID: "unique" # unique id of the PowerStore array username: "user" # username for connecting to API password: "password" # password for connecting to API - insecure: true # use insecure connection or not - default: true # treat current array as a default (would be used by storage classes without arrayIP parameter) - block-protocol: "auto" # what SCSI transport protocol use on node side (FC, ISCSI, None, or auto) - nas-name: "nas-server" # what NAS should be used for NFS volumes + skipCertificateValidation: true # indicates if client side validation of (management)server's certificate can be skipped + isDefault: true # treat current array as a default (would be used by storage classes without arrayID parameter) + blockProtocol: "auto" # what SCSI transport protocol use on node side (FC, ISCSI, None, or auto) + nasName: "nas-server" # what NAS should be used for NFS volumes ``` Change the parameters with relevant values for your PowerStore array. @@ -49,7 +50,7 @@ Kubernetes Operators make it easy to deploy and manage entire lifecycle of compl config: CONFIG_YAML ``` - Combine both files and create Kubernetes secret by running following command: + Combine both files and create Kubernetes secret by running the following command: ```bash sed "s/CONFIG_YAML/`cat config.yaml | base64 -w0`/g" secret.yaml | kubectl apply -f - ``` @@ -65,12 +66,23 @@ Kubernetes Operators make it easy to deploy and manage entire lifecycle of compl | X_CSI_POWERSTORE_NODE_NAME_PREFIX | Prefix to add to each node registered by the CSI driver | Yes | "csi-node" | X_CSI_FC_PORTS_FILTER_FILE_PATH | To set path to the file which provides a list of WWPN which should be used by the driver for FC connection on this node | No | "/etc/fc-ports-filter" | | ***Controller parameters*** | - | X_CSI_POWERSTORE_EXTERNAL_ACCESS | allows specifying additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries | No | " "| + | X_CSI_POWERSTORE_EXTERNAL_ACCESS | allows specifying additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries | No | " "| | ***Node parameters*** | | X_CSI_POWERSTORE_ENABLE_CHAP | Set to true if you want to enable iSCSI CHAP feature | No | false | - | ***StorageClass parameters*** - | FsType | Specifies what filesystem type driver should use, possible variants `ext4`, `xfs`, `nfs` | No | "ext4"| - | arrayIP | Specifies what array driver should use to provision volumes | No | "default" | - | allowedTopologies:key | This is to enable topology to allow pods/and volumes to always be scheduled on nodes that have access to the storage. You need to replace the "127.0.0.1-nfs" portion in the key with PowerStore endpoint IP with its value and append -nfs, -fc or -iscsi at the end of it | No | "127.0.0.1-nfs" | 6. Execute the following command to create PowerStore custom resource:`kubectl create -f `. The above command will deploy the CSI-PowerStore driver. - After that the driver should be installed, you can check the condition of driver pods by running `kubectl get all -n ` + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for unity version 2.0.0. + +### Operator based installation +As part of driver installation, a ConfigMap with the name `powerstore-config-params` is created using the manifest located in the sample file. This ConfigMap contains attributes `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver and `CSI_LOG_FORMAT` which specifies the current log format of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `powerstore-config-params` and update `CSI_LOG_LEVEL` to the desired log level and `CSI_LOG_FORMAT` to the desired log format. +``` +kubectl edit configmap -n csi-powerstore powerstore-config-params +``` +**Note** : + 1. "Kubelet config dir path" is not yet configurable in case of Operator based driver installation. + 2. Also, snapshotter and resizer sidecars are not optional to choose, it comes default with Driver installation. diff --git a/content/v3/csidriver/installation/operator/unity.md b/content/v3/csidriver/installation/operator/unity.md new file mode 100644 index 0000000000..f8523f0d01 --- /dev/null +++ b/content/v3/csidriver/installation/operator/unity.md @@ -0,0 +1,139 @@ +--- +title: Unity +description: > + Installing CSI Driver for Unity via Operator +--- + + + +## CSI Driver for Unity +### Pre-requisites +#### Create secret to store Unity credentials +Create a namespace called unity (it can be any user-defined name; But commands in this section assumes that the namespace is unity) +Prepare the secret.yaml for driver configuration. +The following table lists driver configuration parameters for multiple storage arrays. + +| Parameter | Description | Required | Default | +| --------- | ----------- | -------- |-------- | +| username | Username for accessing Unity system | true | - | +| password | Password for accessing Unity system | true | - | +| restGateway | REST API gateway HTTPS endpoint Unity system| true | - | +| arrayId | ArrayID for Unity system | true | - | +| isDefaultArray | An array having isDefaultArray=true is for backward compatibility. This parameter should occur once in the list. | false | false | + +Ex: secret.yaml + +```yaml + + storageArrayList: + - arrayId: "APM00******1" + username: "user" + password: "password" + endpoint: "https://10.1.1.1/" + skipCertificateValidation: true + isDefault: true + + - arrayId: "APM00******2" + username: "user" + password: "password" + endpoint: "https://10.1.1.2/" + skipCertificateValidation: true + +``` + +`kubectl create secret generic unity-creds -n unity --from-file=config=secret.secret` + +Use the following command to replace or update the secret + +`kubectl create secret generic unity-creds -n unity --from-file=config=secret.yaml -o yaml --dry-run | kubectl replace -f -` + +**Note**: The user needs to validate the YAML syntax and array related key/values while replacing the unity-creds secret. +The driver will continue to use previous values in case of an error found in the YAML file. + +#### Create secret for client side TLS verification + +Please refer detailed documentation on how to create this secret [here](../../helm/unity/#certificate-validation-for-unisphere-rest-api-calls) + +If certificate validation is skipped, empty secret must be created. To create an empty secret. Ex: empty-secret.yaml + +```yaml + apiVersion: v1 + kind: Secret + metadata: + name: unity-certs-0 + namespace: unity + type: Opaque + data: + cert-0: "" +``` +Execute command: ```kubectl create -f empty-secret.yaml``` + + +### Modify/Set the following *optional* environment variables + +Users should configure the parameters in CR. The following table lists the primary configurable parameters of the Unity driver and their default values: + + | Parameter | Description | Required | Default | + | ----------------------------------------------- | ------------------------------------------------------------ | -------- | --------------------- | + | ***Common parameters for node and controller*** | | | | + | CSI_ENDPOINT | Specifies the HTTP endpoint for Unity. | No | /var/run/csi/csi.sock | + | X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS | Flag to enable multiple pods use the same pvc on the same node with RWO access mode | No | false | + | ***Controller parameters*** | | | | + | X_CSI_MODE | Driver starting mode | No | controller | + | X_CSI_UNITY_AUTOPROBE | To enable auto probing for driver | No | true | + | ***Node parameters*** | | | | + | X_CSI_MODE | Driver starting mode | No | node | + | X_CSI_ISCSI_CHROOT | Path to which the driver will chroot before running any iscsi commands. | No | /noderoot | + +### Example CR for Unity +Refer samples from [here](https://github.com/dell/dell-csi-operator/tree/master/samples). Below is an example CR: +```yaml +apiVersion: storage.dell.com/v1 +kind: CSIUnity +metadata: + name: test-unity + namespace: test-unity +spec: + driver: + configVersion: v2.0.0 + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + common: + image: "dellemc/csi-unity:v2.0.0" + imagePullPolicy: IfNotPresent + sideCars: + - name: provisioner + args: ["--volume-name-prefix=csiunity","--default-fstype=ext4"] + - name: snapshotter + args: ["--snapshot-name-prefix=csiunitysnap"] +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: unity-config-params + namespace: test-unity +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "info" + ALLOW_RWO_MULTIPOD_ACCESS: "false" + MAX_UNITY_VOLUMES_PER_NODE: "0" + SYNC_NODE_INFO_TIME_INTERVAL: "0" +``` + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for unity version 2.0.0. + +### Operator based installation +As part of driver installation, a ConfigMap with the name `unity-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `unity-config-params` and update `CSI_LOG_LEVEL` to the desired log level. +``` +kubectl edit configmap -n unity unity-config-params +``` + +**Note** : + 1. Prior to CSI Driver for unity version 2.0.0, the log level was allowed to be updated dynamically through `logLevel` attribute in the secret object. + 2. "Kubelet config dir path" is not yet configurable in case of Operator based driver installation. + 3. Also, snapshotter and resizer sidecars are not optional to choose, it comes default with Driver installation. diff --git a/content/v3/installation/test/_index.md b/content/v3/csidriver/installation/test/_index.md similarity index 100% rename from content/v3/installation/test/_index.md rename to content/v3/csidriver/installation/test/_index.md diff --git a/content/v3/installation/test/powerflex.md b/content/v3/csidriver/installation/test/powerflex.md similarity index 59% rename from content/v3/installation/test/powerflex.md rename to content/v3/csidriver/installation/test/powerflex.md index 0057b98192..d5c3d106b9 100644 --- a/content/v3/installation/test/powerflex.md +++ b/content/v3/csidriver/installation/test/powerflex.md @@ -21,7 +21,7 @@ The `starttest.sh` script is located in the `csi-vxflexos/test/helm` directory. **Steps** 1. Navigate to the test/helm directory, which contains the `starttest.sh` and the _2vols_ directories. This directory contains a simple Helm chart that will deploy a pod that uses two PowerFlex volumes. -*NOTE:* Helm tests are designed assuming users are using the default _storageclass_ names (_vxflexos_ and _vxflexos-xfs_). If your _storageclass_ names differ from the default values, such as when deploying with the Dell CSI Operator, please update the templates in 2vols accordingly (located in `test/helm/2vols/templates` directory). You can use `kubectl get sc` to check for the _storageclass_ names. +*NOTE:* Helm tests are designed assuming users are using the _storageclass_ names (_vxflexos_ and _vxflexos-xfs_). If your _storageclass_ names differ from these values, please update the templates in 2vols accordingly (located in `test/helm/2vols/templates` directory). You can use `kubectl get sc` to check for the _storageclass_ names. 2. Run `sh starttest.sh 2vols` to deploy the pod. You should see the following: ``` Normal Pulled 38s kubelet, k8s113a-10-247-102-215.lss.emc.com Successfully pulled image "docker.io/centos:latest" @@ -54,44 +54,45 @@ spec: storageClassName: vxflexos ``` -2. The _volumeMode: Filesystem_ requires a mounted file system, and the _resources.requests.storage_ of 8Gi requires an 8 GB file. In this case, the _storageClassName: vxflexos_ directs the system to use one of the pre-defined storage classes created by the CSI Driver for Dell EMC PowerFlex installation process. This step yields a mounted _ext4_ file system. You can see the storage class definitions in the PowerFlex installation helm chart files _storageclass.yaml_ and _storageclass-xfs.yaml_. -3. If you compare _pvol0.yaml_ and _pvol1.yaml_ , you will find that the latter uses a different storage class; _vxflexos-xfs_. This class gives you an _xfs_ file system. +2. The _volumeMode: Filesystem_ requires a mounted file system, and the _resources.requests.storage_ of 8Gi requires an 8 GB file. In this case, the _storageClassName: vxflexos_ directs the system to use a storage class named _vxflexos_. This step yields a mounted _ext4_ file system. You can create the _vxflexos_ and _vxflexos-xfs_ storage classes by using the yamls located in samples/storageclass. +3. If you compare _pvol0.yaml_ and _pvol1.yaml_, you will find that the latter uses a different storage class; _vxflexos-xfs_. This class gives you an _xfs_ file system. 4. To see the volumes you created, run kubectl get persistentvolumeclaim –n helmtest-vxflexos and kubectl describe persistentvolumeclaim –n helmtest-vxflexos. -*NOTE:* For more information about Kubernetes objects like _StatefulSet_ and _PersistentVolumeClaim_ see [Kubernetes documentation: Concepts](https://kubernetes.io/docs/concepts/). +>*NOTE:* For more information about Kubernetes objects like _StatefulSet_ and _PersistentVolumeClaim_ see [Kubernetes documentation: Concepts](https://kubernetes.io/docs/concepts/). ## Test creating snapshots -Test the workflow for snapshot creation. +Test the workflow for snapshot creation. +>*NOTE:* Starting with version 2.0, CSI Driver for PowerFlex helm tests are designed to work exclusively with v1 snapshots. **Steps** 1. Start the _2vols_ container and leave it running. - - Helm tests are designed assuming users are using the default _storageclass_ names (_vxflexos_ and _vxflexos-xfs_). If your _storageclass_ names differ from the default values, such as when deploying with the Operator, update the templates in 2vols accordingly (located in `test/helm/2vols/templates` directory). You can use `kubectl get sc` to check for the _storageclass_ names. - - Helm tests are designed assuming users are using the default _snapshotclass_ name. If your _snapshotclass_ names differ from the default values, update `snap1.yaml` and `snap2.yaml` accordingly. + - Helm tests are designed assuming users are using the _storageclass_ names (_vxflexos_ and _vxflexos-xfs_). If your _storageclass_ names differ from these values, update the templates in 2vols accordingly (located in `test/helm/2vols/templates` directory). You can use `kubectl get sc` to check for the _storageclass_ names. + - Helm tests are designed assuming users are using the _snapshotclass_ name: _vxflexos-snapclass_ If your _snapshotclass_ name differs from the default values, update `snap1.yaml` and `snap2.yaml` accordingly. 2. Run `sh snaptest.sh` to start the test. This will create a snapshot of each of the volumes in the container using _VolumeSnapshot_ objects defined in `snap1.yaml` and `snap2.yaml`. The following are the contents of `snap1.yaml`: ```yaml -apiVersion: snapshot.storage.k8s.io/v1alpha1 +apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: - name: pvol0-snap + name: pvol0-snap1 namespace: helmtest-vxflexos spec: - snapshotClassName: vxflexos-snapclass + volumeSnapshotClassName: vxflexos-snapclass source: - name: pvol - kind: PersistentVolumeClaim + persistentVolumeClaimName: pvol0 ``` **Results** -The `snaptest.sh` script will create a snapshot using the definitions in the `snap1.yaml` file. The _spec.source_ section contains the volume that will be snapped. For example, if the volume to be snapped is _pvol0_ , then the created snapshot is named _pvol0-snap_. +The `snaptest.sh` script will create a snapshot using the definitions in the `snap1.yaml` file. The _spec.source_ section contains the volume that will be snapped. For example, if the volume to be snapped is _pvol0_, then the created snapshot is named _pvol0-snap1_. -*NOTE:* The `snaptest.sh` shell script creates the snapshots, describes them, and then deletes them. You can see your snapshots using `kubectl get volumesnapshot -n test`. +*NOTE:* The `snaptest.sh` shell script creates the snapshots, describes them, and then deletes them. You can see your snapshots using `kubectl get volumesnapshot -n helmtest-vxflexos`. -Notice that this _VolumeSnapshot_ class has a reference to a _snapshotClassName: vxflexos-snapclass_. The CSI Driver for Dell EMC PowerFlex installation creates this class as its default snapshot class. You can see its definition in the installation directory file `volumesnapshotclass.yaml`. +Notice that this _VolumeSnapshot_ class has a reference to a _snapshotClassName: vxflexos-snapclass_. The CSI Driver for Dell EMC PowerFlex installation does not create this class. You will need +to create instance of _VolumeSnapshotClass_ from one of default samples in `samples/volumesnapshotclass' directory. ## Test restoring from a snapshot @@ -105,17 +106,17 @@ Ensure that you have stopped any previous test instance before performing this p 1. Run `sh snaprestoretest.sh` to start the test. -This script deploys the _2vols_ example, creates a snap of _pvol0_, and then updates the deployed helm chart from the updateddirectory _2vols+restore_. This then adds an additional volume that is created from the snapshot. +This script deploys the _2vols_ example, creates a snap of _pvol0_, and then updates the deployed helm chart from the updated directory _2vols+restore_. This then adds an additional volume that is created from the snapshot. *NOTE:* -- Helm tests are designed assuming users are using the default _storageclass_ names (_vxflexos_ and _vxflexos-xfs_). If your _storageclass_ names differ from the default values, such as when deploying with the Dell CSI Operator, update the templates for snap restore tests accordingly (located in `test/helm/2vols+restore/template` directory). You can use `kubectl get sc` to check for the _storageclass_ names. -- Helm tests are designed assuming users are using the default _snapshotclass_ name. If your _snapshotclass_ names differ from the default values, update `snap1.yaml` and `snap2.yaml` accordingly. +- Helm tests are designed assuming users are using the _storageclass_ names (_vxflexos_ and _vxflexos-xfs_). If your _storageclass_ names differ from these values, update the templates for snap restore tests accordingly (located in `test/helm/2vols+restore/template` directory). You can use `kubectl get sc` to check for the _storageclass_ names. +- Helm tests are designed assuming users are using the _snapshotclass_ name: _vxflexos-snapclass_ If your _snapshotclass_ name differs from the default values, update `snap1.yaml` and `snap2.yaml` accordingly. **Results** An outline of this workflow is described below: 1. The snapshot is taken using `snap1.yaml`. -2. _Helm_ is called to upgrade the deployment with a new definition, which is found in the _2vols+restore_ directory. The `csi-vxflexos/test/helm/2vols+restore/templates` directory contains the newly created `createFromSnap.yaml` file. The script then creates a _PersistentVolumeClaim_ , which is a volume that is dynamically created from the snapshot. Then the helm deployment is upgraded to contain the newly created third volume. In other words, when the `snaprestoretest.sh` creates a new volume with data from the snapshot, the restore operation is tested. The contents of the `createFromSnap.yaml` are described below: +2. _Helm_ is called to upgrade the deployment with a new definition, which is found in the _2vols+restore_ directory. The `csi-vxflexos/test/helm/2vols+restore/templates` directory contains the newly created `createFromSnap.yaml` file. The script then creates a _PersistentVolumeClaim_, which is a volume that is dynamically created from the snapshot. Then the helm deployment is upgraded to contain the newly created third volume. In other words, when the `snaprestoretest.sh` creates a new volume with data from the snapshot, the restore operation is tested. The contents of the `createFromSnap.yaml` are described below: ```yaml apiVersion: v1 @@ -126,7 +127,7 @@ metadata: spec: storageClassName: vxflexos dataSource: - name: pvol0-snap + name: pvol0-snap1 kind: VolumeSnapshot apiGroup: snapshot.storage.k8s.io accessModes: diff --git a/content/v3/installation/test/powermax.md b/content/v3/csidriver/installation/test/powermax.md similarity index 64% rename from content/v3/installation/test/powermax.md rename to content/v3/csidriver/installation/test/powermax.md index 7a53b5bc19..916c07d51b 100644 --- a/content/v3/installation/test/powermax.md +++ b/content/v3/csidriver/installation/test/powermax.md @@ -8,7 +8,7 @@ This section provides multiple methods to test driver functionality in your envi **Note**: To run the test for CSI Driver for Dell EMC PowerMax, install Helm 3. -The _csi-powermax_ repository includes examples of how you can use the CSI Driver for Dell EMC PowerMax. These examples automate the creation of Pods using the default storage classes that were created during installation. The shell scripts are used to automate the installation and uninstallation of helm charts for the creation of Pods with different number of volumes. To test the installation of the CSI driver, perform these tests: +The _csi-powermax_ repository includes examples of how you can use CSI Driver for Dell EMC PowerMax. The shell scripts are used to automate the installation and uninstallation of helm charts for the creation of Pods with a different number of volumes in a given namespace using the storageclass provided. To test the installation of the CSI driver, perform these tests: - Volume clone test - Volume test - Snapshot test @@ -19,12 +19,12 @@ Use this procedure to perform a volume test. 1. Create a namespace with the name _test_. 2. Run the `cd csi-powermax/test/helm` command to go to the `csi-powermax/test/helm` directory, which contains the `starttest.sh` script and the _2vols_ directories. -3. Run the starttest.sh script and provide it with a test name. The following is a sample command that can be used to run the _2vols_ test: `./starttest.sh -t 2vols -n test` +3. Run the starttest.sh script and provide it with a test name. The following sample command can be used to run the _2vols_ test: `./starttest.sh -t 2vols -n -s ` This script installs a helm chart that creates a Pod with a container, creates two PVCs, and mounts them into the created container. You can now log in to the newly created container and check the mounts. -4. Run the `./stoptest.sh -t 2vols -n test` script to stop the test. This script deletes the Pods and the PVCs created during the test and uninstalls the helm chart. +4. Run the `/stoptest.sh -t 2vols -n ` script to stop the test. This script deletes the Pods and the PVCs created during the test and uninstalls the helm chart. ->*NOTE*: Helm tests have been designed assuming that users are using the default storageclass names (powermax and powermax-xfs). If your storageclass names differ from the default values, such as when deploying with the Operator, update the templates in _2vols_ accordingly (located in `test/helm/2vols/templates/` directory). You can use `kubectl get sc` to check for the storageclass names. +>*NOTE*: Helm tests have been designed assuming that users have created storageclass names like `storageclass-name` and `storageclass-name-xfs`. You can use `kubectl get sc` to check for the storageclass names. #### Volume clone test @@ -32,12 +32,12 @@ Use this procedure to perform a volume clone test. 1. Create a namespace with the name _test_. 2. Run the `cd csi-powermax/test/helm` command to go to the `csi-powermax/test/helm` directory, which contains the `volumeclonetest.sh` script. -3. Run the `volumeclonetest.sh` script using the following command: `bash volumeclonetest.sh` +3. Run the `volumeclonetest.sh` script using the following command: `bash volumeclonetest.sh -n -s ` This script does the following: - Installs a helm chart that creates a Pod with a container, creates two PVCs, and mounts them into the created container. - Then it creates a file on one of the PVCs and calculates its checksum. -- After that, it uses that PVC as the data source to create a new PVC and mounts it on the same container. It checks if the file that existed in the source PVC also exists in the new PVC, calculates its checksum and compares it to the checksum previously calculated. +- After that, it uses that PVC as the data source to create a new PVC and mounts it on the same container. It checks if the file that existed in the source PVC also exists in the new PVC, calculates its checksum, and compares it to the checksum previously calculated. - Finally, it cleans up all the resources that are created as part of the test. @@ -47,15 +47,15 @@ Use this procedure to perform a snapshot test. 1. Create a namespace with the name _test_. 2. Run the `cd csi-powermax/test/helm` command to go to the `csi-powermax/test/helm` directory, which contains the `snaprestoretest.sh`script. -3. Run the `snaprestoretest.sh` script by running the command : `bash snaprestoretest.sh` +3. Run the `snaprestoretest.sh` script by running the command : `bash snaprestoretest.sh -n -s ` This script does the following: - Installs a helm chart that creates a Pod with a container, creates two PVCs, and mounts them into the created container. - Writes some data to one of the PVCs. - - After that, it creates a snapshot on that PVC and uses it as a data source to create a new PVC. It mounts the newly created PVC to the container created earlier and then lists the contents of the source and the target PVCs. + - After that, it creates a snapshot of that PVC and uses it as a data source to create a new PVC. It mounts the newly created PVC to the container created earlier and then lists the contents of the source and the target PVCs. - Cleans up all the resources that were created as part of the test. ->*NOTE*: This test has been designed assuming that users are using the snapshot class name `powermax-snapclass` which is created by the Helm-based installer. If you have an operator-based deployment, the name of the snapshot class will differ. You must update the snapshot class name in the file `betaSnap1.yaml` present in the `test/helm` folder based on your method of deployment. To get a list of volume snapshot classes, run the command - `kubectl get volumesnapshotclass` +>*NOTE*: This test has been designed assuming that users are using the snapshot class name `powermax-snapclass`. You must update the snapshot class name in the file `snap1.yaml` present in the test/helm folder based on your method of deployment. To get a list of volume snapshot classes, run the command - `kubectl get volumesnapshotclass` #### Volume Expansion test @@ -63,10 +63,10 @@ Use this procedure to perform a volume expansion test. 1. Create a namespace with the name _test_ 2. Run the `cd csi-powermax/test/helm` command to go to the `csi-powermax/test/helm` directory, which contains the `volumeexpansiontest.sh`script. -3. Run the `volumeexpansiontest.sh` script by running the command : `bash volumeexpansiontest.sh` +3. Run the `volumeexpansiontest.sh` script by running the command : `bash volumeexpansiontest.sh -n -s ` This script does the following: - - Installs a helm chart that creates a Pod with a container, creates one PVC and mounts it into the created container + - Installs a helm chart that creates a Pod with a container, creates one PVC, and mounts it into the created container - Writes some data to the PVC - - After that, it calculates the checksum of the written data, expands the PVC and then recalculates the checksum + - After that, it calculates the checksum of the written data, expands the PVC, and then recalculates the checksum - Cleans up all the resources that were created as part of the test diff --git a/content/v3/csidriver/installation/test/powerscale.md b/content/v3/csidriver/installation/test/powerscale.md new file mode 100644 index 0000000000..7d47368830 --- /dev/null +++ b/content/v3/csidriver/installation/test/powerscale.md @@ -0,0 +1,133 @@ +--- +title: Test PowerScale CSI Driver +linktitle: PowerScale +description: Tests to validate PowerScale CSI Driver installation +--- + +This section provides multiple methods to test driver functionality in your environment. + +**Note**: To run the test for CSI Driver for Dell EMC PowerScale, install Helm 3. + +## Test deploying a simple pod with PowerScale storage + +Test the deployment workflow of a simple pod on PowerScale storage. + +1. **Creating a storage class:** + + Create a file `storageclass.yaml` using sample yaml file located at samples/storageclass/isilon.yaml. Update/uncomment the attributes in this sample file as per the requirements. + + Execute the following command to create a storage class: + ``` + kubectl create -f $PWD/storageclass.yaml + ``` + + Result: After executing the above command storage class will be created in the default namespace, and the user can see the storage class by executing `kubectl get sc`. + + +2. **Creating a volume:** + + Create a file `pvc.yaml` using sample yaml files located at samples/persistentvolumeclaim/pvc.yaml + + Execute the following command to create volume: + + `kubectl create -f $PWD/pvc.yaml` + + Result: After executing the above command PVC will be created in the default namespace, and the user can see the pvc by executing the command kubectl get pvc. + +**Note**: The status of the volume can be either Bound or Pending depending on the VolumeBindingMode specified on the storage class. + + +3. **Attach the volume to Host** + + To attach a volume to a host, create a new application(Pod) and use the PVC created above in the Pod. This scenario is explained using the Nginx application. Create `nginx.yaml` using sample yaml files located at samples/pod/. + + Execute the following command to mount the volume to the Kubernetes node: + ``` + kubectl create -f $PWD/nginx.yaml + ``` + + Result: After executing the above command, a new nginx pod will be successfully created and started in the default namespace. + **Note**: Verify PowerScale system for the host to be part of clients/rootclients field of export created for volume and used by nginx application. + + +4. **Create Snapshot** + + VolumeSnapshotClass is needed for creating the volume snapshots. Starting from v1.6, CSI Driver for PowerScale will not create any default Volume Snapshot class. + + So the user has to create a volume snapshot class. The required sample files are present under samples/volumesnapshotclass/. Choose the file based on Kubernetes version. + + Execute either one of the following commands to create a volume snapshot class. + + `kubectl create -f samples/volumesnapshotclass/isilon-volumesnapshotclass-v1.yaml` OR `kubectl create -f samples/volumesnapshotclass/isilon-volumesnapshotclass-v1beta1.yaml` + + The above-said command will create a volume snapshotclass with the name isilon-snapclass. + + + The following procedure will create a snapshot of the volume in the container using VolumeSnapshot objects defined in snapshot-of-test-pvc.yaml. The sample file for snapshot creation is located at samples/volumesnapshot/. + + Execute the following command to create snapshot: + + `kubectl create -f samples/volumesnapshot/snapshot-of-test-pvc.yaml` + + The spec.source section contains the volume that will be snapped in the default namespace. For example, if the volume to be snapped is test-pvc, then the created snapshot is named snapshot-of-test-pvc. Verify the PowerScale system for the newly created snapshot. + + +**Note**: + +* User can see the snapshots using `kubectl get volumesnapshot` +* Notice that this VolumeSnapshot class has a reference to a snapshotClassName:isilon-snapclass. +* User has to make sure that the IsiPath in the parameters section of the volume snapshot class is matching with a corresponding storage class. + + +5. **Create Volume from Snapshot** + + The following procedure will create a new volume from a given snapshot which is specified in the spec dataSource field. + + The sample file for volume creation from the snapshot is located at samples/persistentvolumeclaim/pvc-from-snapshot.yaml . + + Execute the following command to create a snapshot: + ``` + kubectl create -f samples/persistentvolumeclaim/pvc-from-snapshot.yaml + ``` + + Verify the PowerScale system for newly created volume from the snapshot. + + +6. **Delete Snapshot** + + Execute the following commands to delete the snapshot: + + ``` + kubectl get volumesnapshot + kubectl delete volumesnapshot snapshot-of-test-pvc + ``` + + +7. **Create a new volume from existing volume(volume clone)** + + The following procedure will create a new volume from another existing volume which is specified in the spec dataSource field. + + The sample file for volume creation from volume is located at samples/persistentvolumeclaim/pvc-from-pvc.yaml + + Execute the following command to create a pvc from another pvc: + ``` + kubectl create -f samples/persistentvolumeclaim/pvc-from-pvc.yaml + ``` + + Verify the PowerScale system for newly created volume from volume. + + +8. **To Unattach the volume from Host** + + Delete the nginx application to Unattach the volume from the host: + + `kubectl delete -f nginx.yaml` + + +9. **To delete the volume** + + ``` + kubectl get pvc + kubectl delete pvc testvolclaim1 + kubectl get pvc + ``` diff --git a/content/v3/installation/test/powerstore.md b/content/v3/csidriver/installation/test/powerstore.md similarity index 76% rename from content/v3/installation/test/powerstore.md rename to content/v3/csidriver/installation/test/powerstore.md index 9ed5174b1d..3519534259 100644 --- a/content/v3/installation/test/powerstore.md +++ b/content/v3/csidriver/installation/test/powerstore.md @@ -4,9 +4,9 @@ linktitle: PowerStore description: Tests to validate PowerStore CSI Driver installation --- -In the repository, a simple test manifest exists that creates three different PersistentVolumeClaims using default ext4, xfs and nfs +In the repository, a simple test manifest exists that creates three different PersistentVolumeClaims using default ext4, xfs, and nfs storage classes and automatically mounts them to the pod. ->It assumes that you've created the same basic three storage classes from `helm/samples/storageclass` folder without changing their names. If you've created different storage classes please edit `tests/simple/simple.yaml` and change `PersistentVolumeClaim` definitions to point to correct storage classes. +>It assumes that you've created the same basic three storage classes from `samples/storageclass` folder without changing their names. If you've created different storage classes please edit `tests/simple/simple.yaml` and change `PersistentVolumeClaim` definitions to point to correct storage classes. **Steps** diff --git a/content/v3/installation/test/unity.md b/content/v3/csidriver/installation/test/unity.md similarity index 85% rename from content/v3/installation/test/unity.md rename to content/v3/csidriver/installation/test/unity.md index f0e8da553d..d675756696 100644 --- a/content/v3/installation/test/unity.md +++ b/content/v3/csidriver/installation/test/unity.md @@ -4,13 +4,13 @@ linktitle: Unity description: Tests to validate Unity CSI Driver installation --- -In the repository, a simple test manifest exists that creates three different PersistentVolumeClaims using default NFS and iSCSI and FC storage classes, and automatically mounts them to the pod. +In the repository, a simple test manifest exists that creates three different PersistentVolumeClaims using default NFS and iSCSI and FC storage classes and automatically mounts them to the pod. **Steps** 1. To run this test, run the kubectl command from the root directory of the repository: ```bash - kubectl create -f ./tests/sample.yaml + kubectl create -f ./test/sample.yaml ``` You can find all the created resources in `test-unity` namespace. @@ -24,5 +24,5 @@ You can find all the created resources in `test-unity` namespace. 4. After verifying, you can uninstall the testing PVCs and StatefulSet. ```bash - kubectl delete -f ./tests/sample.yaml + kubectl delete -f ./test/sample.yaml ``` diff --git a/content/v3/dell-csi-driver/isilon.jpeg b/content/v3/csidriver/isilon.jpeg similarity index 100% rename from content/v3/dell-csi-driver/isilon.jpeg rename to content/v3/csidriver/isilon.jpeg diff --git a/content/v3/partners/_index.md b/content/v3/csidriver/partners/_index.md similarity index 100% rename from content/v3/partners/_index.md rename to content/v3/csidriver/partners/_index.md diff --git a/content/v3/partners/docker.md b/content/v3/csidriver/partners/docker.md similarity index 51% rename from content/v3/partners/docker.md rename to content/v3/csidriver/partners/docker.md index 21475fdcab..e7950bf7f7 100644 --- a/content/v3/partners/docker.md +++ b/content/v3/csidriver/partners/docker.md @@ -1,17 +1,17 @@ --- -title: "Docker EE" -Description: "About Docker Enterprise Edition" +title: "MKE" +Description: "About Mirantis Kubernetes Engine" --- -The Dell CSI Drivers support Docker Enterprise Edition (EE) and deployment on clusters bootstrapped with Docker Universal Control Plane (UCP). +The Dell CSI Drivers support Docker Enterprise Edition (EE) and deployment on clusters bootstrapped with Mirantis Kubernetes Engine (MKE). The installation process for the drivers on such clusters remains the same as the installation process on regular Kubernetes clusters. -On UCP based clusters, kubectl may not be installed by default, it is important that kubectl is installed prior to the installation of the driver. +On MKE-based clusters, kubectl may not be installed by default, it is important that kubectl is installed prior to the installation of the driver. -The worker nodes on UCP backed clusters may run any of the OSs which we support with upstream clusters. +The worker nodes on MKE-backed clusters may run any of the OS which we support with upstream clusters. -## Docker EE UI Examples +## MKE UI Examples ![](../first.png) diff --git a/content/v3/partners/driver1.PNG b/content/v3/csidriver/partners/driver1.PNG similarity index 100% rename from content/v3/partners/driver1.PNG rename to content/v3/csidriver/partners/driver1.PNG diff --git a/content/v3/partners/driver2.PNG b/content/v3/csidriver/partners/driver2.PNG similarity index 100% rename from content/v3/partners/driver2.PNG rename to content/v3/csidriver/partners/driver2.PNG diff --git a/content/v3/partners/driver3.png b/content/v3/csidriver/partners/driver3.png similarity index 100% rename from content/v3/partners/driver3.png rename to content/v3/csidriver/partners/driver3.png diff --git a/content/v3/partners/first.png b/content/v3/csidriver/partners/first.png similarity index 100% rename from content/v3/partners/first.png rename to content/v3/csidriver/partners/first.png diff --git a/content/v3/partners/oc1.PNG b/content/v3/csidriver/partners/oc1.PNG similarity index 100% rename from content/v3/partners/oc1.PNG rename to content/v3/csidriver/partners/oc1.PNG diff --git a/content/v3/partners/oc2.PNG b/content/v3/csidriver/partners/oc2.PNG similarity index 100% rename from content/v3/partners/oc2.PNG rename to content/v3/csidriver/partners/oc2.PNG diff --git a/content/v3/partners/oc3.PNG b/content/v3/csidriver/partners/oc3.PNG similarity index 100% rename from content/v3/partners/oc3.PNG rename to content/v3/csidriver/partners/oc3.PNG diff --git a/content/v3/partners/oc4.PNG b/content/v3/csidriver/partners/oc4.PNG similarity index 100% rename from content/v3/partners/oc4.PNG rename to content/v3/csidriver/partners/oc4.PNG diff --git a/content/v3/partners/oc5.PNG b/content/v3/csidriver/partners/oc5.PNG similarity index 100% rename from content/v3/partners/oc5.PNG rename to content/v3/csidriver/partners/oc5.PNG diff --git a/content/v3/csidriver/partners/operator.md b/content/v3/csidriver/partners/operator.md new file mode 100644 index 0000000000..d60c9e6459 --- /dev/null +++ b/content/v3/csidriver/partners/operator.md @@ -0,0 +1,25 @@ +--- +title: "OperatorHub.io" +linkTitle: "OperatorHub.io" +weight: 3 +description: Installing the Dell CSI Operator via OperatorHub.io +--- + +Users can install the Dell CSI Operator via [Operatorhub.io](https://operatorhub.io/) on Kubernetes. The following outlines the process to do so: + +**Steps** +1. Search *dell* in the storage category in [Operatorhub.io](https://operatorhub.io/?keyword=dell). + +![](../ophub1.png) + +2. Click DellEMC Operator. + +![](../ophub2.png) + +3. Check the desired version is selected and click _Install_. Follow the provided instructions. + +![](../ophub3.png) + +## Install CSI Drivers via Operator + +Proceed to [this link](../../installation/operator/#installing-csi-driver-via-operator) for further installing the driver using Operator \ No newline at end of file diff --git a/content/v3/partners/ophub1.png b/content/v3/csidriver/partners/ophub1.png similarity index 100% rename from content/v3/partners/ophub1.png rename to content/v3/csidriver/partners/ophub1.png diff --git a/content/v3/partners/ophub2.png b/content/v3/csidriver/partners/ophub2.png similarity index 100% rename from content/v3/partners/ophub2.png rename to content/v3/csidriver/partners/ophub2.png diff --git a/content/v3/partners/ophub3.png b/content/v3/csidriver/partners/ophub3.png similarity index 100% rename from content/v3/partners/ophub3.png rename to content/v3/csidriver/partners/ophub3.png diff --git a/content/v3/csidriver/partners/rancher.md b/content/v3/csidriver/partners/rancher.md new file mode 100644 index 0000000000..a818009ab1 --- /dev/null +++ b/content/v3/csidriver/partners/rancher.md @@ -0,0 +1,12 @@ +--- +title: "RKE" +Description: "About Rancher Kubernetes Engine" +--- + +The Dell CSI Drivers support Rancher Kubernetes Engine (RKE) v1.2.8. + +The installation process for the drivers on such clusters remains the same as the installation process on regular Kubernetes clusters. Installation on this cluster is done using helm and via Operator has not been qualified. + +## RKE Examples + +![](../rancher1.PNG) \ No newline at end of file diff --git a/content/v3/csidriver/partners/rancher1.PNG b/content/v3/csidriver/partners/rancher1.PNG new file mode 100644 index 0000000000000000000000000000000000000000..55c933e5138f923f128cd774d8384b69f7a9428d GIT binary patch literal 905856 zcmeFY2{@E*`!_y?R4QZ(p)4tD_Cn@cLXt$;V=6l_*$2aXBa}6SA|_eOGG&ip?2;sV zh%sZ!GR#=U&20a>=Xrk1`}@8B_jsS@e;n^|{Ezp0ABWp@-*es9eV(85ysqoqZq^Uh z420*pp|K%k-@bj2za1y-`g)zQ~uUw z)6jrGQd9q<{U6rE!GPb0{bf!3U#T~LG5r?;e!{P1$0gtqmm3{n`?mNRDxF|Wny_FI7A1SLSomYnFLJ^Pd zJ9)VToO3P#f`Y!Gs*FybVZin8y;}q)UbkSKBs(19T zE4ry;hmV`F_kA}PUFH8pZ(ZfzwErhw{*KOny7B*sIZzh=nWO(MXOI`LkG8&_%l!bC ztKgsBZ+%fbuc>(c;+=ofAtepcpx41IJ%4`KLhs z3$DN5`lk^1r#ku28Nr*mVKbS$=x9|6P z|L=pH?f033ot=&S0LOs?fBWM+bnpP@AYJ1Dt>B@=u*uEfC&=kT|wEwtbS2{k;3wc=xe7AQE8ej^l6S{UgT*UhijP=QzL# zlEDRbsNn(0XJZ42<^U-Me+>tJhp_W<96zmc`2e5!eNIVVe$~e*c?YGgd~6l47$8fl zJ@AV>bXZX6gs_Or8QHVvwRQEM8rs@BI=i|*_k0-~ z8Xg%P`!PO2AkNOsFD(9ATBdAlZf#R{fZe^{eC>m<{hclF{CBtEzwpHi^0oiB3^;%D zwQqm$Z^n7qIZmq_IDXlj^S&>ir0U~?{8v))KDHi`QnMfnJn$PhEGVr`kfHo$?Qfj@ z?=cqnFLCzojQs~+6Obcp`#|Bb@j{>wChAvd)`3E|{FU0!+Wa?mo}<({^Ipx&65U>o z3Hkl^pSMc;J-MfuCYnE!Q&!9#Zc4l6iTY^Nf)@mw%!Y7Iq7HX}Qo?%dHlEk6E>XkF zM!mRcNGkW*RzCHWvo&7!-vgV5NYPRhM(TnYik2k`XGIR z)}Q8%@f*TwkV|Kvt1QS2E+JP1xKxOs*#J=??=^DKL{qa{Q8x!yA1>JYZY+%nR+;!q zH#;34V!t*54eB!O9R}Q}W`H+kvJ1+oYe_&9ku#zwSG?~Bk`8ovDB&uzjT!U!AGtvx zVlq)4(PuowoMmk1PDnQ}8$$OU(%YCTs3B&Z(bsg88M*G+wm0`Jie@IEmzJYtyn(6- z*~Qz7m$38p5?)kGb;Ws%acmuI10eqwN2MM6c3E9w>O-u+Z_K=#5^^Rt5&Kg)M;%$m*%5=b`ffY;3Ak0 zM{pr+06d{TIx9Az26GarPWe_ioBWIg@ocDPb`SGexM*LFJis&As4p_5_EX+iuJ2{7 zq^4_C0GT;Bb%q5Yv*$DiPyH%Of1RaY)KnOFEHjb?X_TiEa0riP-7t1O7OZKsoWz}p3_2KRxw8(-|E?(beh2x&+~ni>moZxV>I$}}YRcbr2Sm-JvRBONlh8h<##KVadf zV44R>Z_g%7I{$1;=EeZ_gg9o0qX1CnMb0*;qlm?J%1?3L879?;8D!d5$9+lR30rY{>*nBYc;THzvXSD>fN|;8h{0r^ z&ZK_(FU&jo{Tc4Znz-tn7NH@WTR*qGy9BSUY~B=*)=F8PXt(LPL}K)nVNNC^$9zea zhPRZ?iyhEE=i-gx1*E8kK>RE|5w=h7B(qNi@PR^rVAwESdDaZLt|7c_duDLX&AB1Y zc6xyD>du?1(c&uAuUzig)|4<_+k3%10$C8pX05#nW`nR1zNUeugZgO}+duYJ@754q zkr-~TKdft72>3AJwjrFftq7?yNlL`{;R7+n2qxDTNl}`Un=J_h;z~ zDLEe%|B|;2EC`GYo$Ax=LzhIONK6Re-<9d+M}1j5?% z&W>Q!Doo#b8iy71-9H&KCB^GdaQw_43bJul7icZcBB&#$$a;meW78fmF|2jzFFheB zKNf!kkFdTPb-THKxa;*>(wUmvtJTM`odL!6w%NmU7bkM`eEJzoO3u_-T1D9}D^JplHKU-h( zved;^zu@We^&ZiD`GTjmV#2n@7KeUSW5zMFJ~d?SJB$+b_5GixIR>_$ZZ$GO)=wGO z*Ns0NJ@ec|cCVvXQniARDnE$xU_oN1<$+fq+iqOY+AAp+x!M^Gdrd@en z%4_$--XM(oT3?CjYa4x#G?tWX3|FHW(uDxZ%=);=taYn{5EVsP$Rw{5iZTgPYHgVl z#ZhqY2P4h>B_^8XWihFz#9XtH^Lx_b*Df5CD-QMbWL+D;--PukI@UF&I$8Lyo|$)t^glfS;p$#<3NSAur)klmB1 zEj*<_2<f(6s{;pnpn6PqN#1!!EyH- zB;*s5Y{z_y<(q{aqF*CNWK!5#LK(HCZ&$2%9hdCVUuVDlRF|S(5Em9%Ai`jKOunGK z?K$%PMX{)@j*e`2cxZ@329W-8;e?&~*@3hK*}ktMBNH`g;dMbP8@emR;8h8l5Yl`;u_w zgjJzWU_8%7f^Lsgj$XM!j<)sEh``QEELy(XaO9oA?nM8(73$e;4BJz+vRdo*vDA&G zv7c)=Hi{n%(6A>~qJKvGa1@8{U}d#g5R$*`9*!=8qy5qD+5aYDMEuyNY>#oVh2-G< zX+H#E=aWB=k#Yp)o4G&3=#40VANQ3yCP4w0_RL;Tg_3tAB7>5WAfE+!>V%ugLv88O6}Ns#3_x`l z5O0DqX+h1PAG08oBf)fjWo9fo8V#7^Q5#1k{@a}hz}#prGc_oa$pI1pB}!6c5vUm` z*{p>H0b;b6hXq&={joM2{p>n!_dq7|bOH+!8IAhBL&mTmhjrGOmod|OXIT)7jhlnu zdvP)dos<{{uT3&PWdYQ2K{g#@fwkZ7?T7UUEtivNCdY(1Qx1sTSsRpZFY zz&;j)SLm5eI|~A~A|np6ARQ`b@-6h9LCwy4ni29HGyG=%JY$%A4oGwX;5-iBhKT zht5SPf^^B@1;dy>#Kl07SfQAgu0v-=;Biwd$U|jr6hRisf=FN{v_X9Cs7mZ^fl7D| z^%8~o3BC%N$=t`i0TnW$ig=cTmp?| z3l`*m1Qk^74ta?a&|mAiS}e$u&TbY&tOyMXYgPh2vC<9&Zh*3yV3fQ~-iCsdqv4?H zXYR)CF*+qScTqFEEQl1P*nkCzx{Y@;`I7%M@y=?dpD|BVsDd3cZ?yBQK%T;ex;4(y*OoTPZnlo4YRda!jLeS&B<4=W3>RN^N9 z;3kZwXTj(xsG8}6WkEU(12kz}NfQyUuoUS=Y2km*ajAB7w8B@ybU7ZLk zJvDMaorjBg2u2vU3PX=CtlvpFW?2J0;h6vxFnMwth?F1H)nGx`^S}w_1DIO|;C|p* zR7p#W!nca+i`2wjy4SDk@)fz385Y3V%c#jxdXmVeg+P1YWmfX2ANaODB$Or+@mZYj zvP3k_#Vlse^YNbwx<`vaoZhs_bw9;9qsC1-souqiQmPApdUshe-5rhZxgJkJ}WWne+(n#9LtDlOOZm+xYA>fwS zp_ZN=@w=5T-T9yMdid`R!4n9)VXXp#;~g9bC`2_d2(ItVpl`d$+q zBEqoHaW`f`nxi9NsMf2vnJlyzZss+NXBDYTxkBu=`o4|7NLL}|D5M;F^YP&(Z@yEr z@U3gvDV2Kg^w;~n_QEiaLAlLcVry+Ert|r1+E7G{78IW@T?*6j$-+%7ga;p{WCSV@GbH%ThocSiUDJm`&tzE- ztPgf?E*gZHbwfp&?Rz_`1oC1#XviJ`^7VmNMJ??_>!&pi*Lqyu_k4id)Av2a7ICfP z7U?AK>D?HkR!kHO(kux$Kna%^r3$(d#BdYyuuDQlP2`$ks`>qWw%c4Ymfoj>bp+m; zq}D4+c0~Eoi%G^Pc^Y*jFpS!~XTxZGb=J`AJ+5d^FCK2D*6S74f;xiqrKr(7umW%6 zJIT~2-*T_xmxgbZ*CdD{drYo>In*onguSs!?tK-{vCJ;Bs5%%&O*piDuebxw2}JI# zo7tCs#)=Zp*0={y6nN6+85Z_QxXy1l`Yo+^UDOCfbdFDV>cQRfHzUlK znW56ug%>_Znn76X6I~5*@(gBm>J1$M#FCTRyC=pH>6hOv?Hx<0@Eoh%bA07>ueLd0 zNbw1EhwtvSoy+D|Kc^J9ymD4m`ihH-&|{<^L-E{eSZ=bs6#Y}`qk&%x zf;{2doNIOCigercn`8Hc=OoToz`~7&9OIV3X)p0g&N@ERi@r)?L5_xbZ0II6Bu7CH z=*cj@!+0M?@X=3`@l@PXjk9agRYT12qqvtJS~kA~fBhBp(6`aAUFVVNHO}QyGzYUi zLa&BWlu1q|6u0A#hof8fM(~l~E_1-kQ8~7g$5@~s5gr&WUgk8kmT>A&am?2>aryx8v%?r$io0=`nKoFeWVx`fIgO|T?Pgob}#afC{K9Y-oc2CDB6z# zXe>WwpghE<*}D)Z4o@4`SsiL_4x;lh!jWYNF@ZvY7~c(w?6Zekif&yZ@K};h(YR(! zX{R4`G(H(8Inl1(iCTH>^K%PhFpP79Khe|<>?C1Gv*foM*Y3L|eVa6*JW36Mq=>vy zm-*u>LiCljZ0Z41?x{o;1k>nS?&9?2EXHRPsX=Zt`w`rRI^nIy`-|EvRR!dQ$+W9i%4jx+uSJ`8-z6v|2`fbTDc~M@fLIxx4byTIeAr4*;jZIz(OsAGZbfw}&zK zuQvBW=5-bVF4ta|`gA|1URauKtL`bCmnMZYpsaUc{zM-`xxS=pN&Jb_!7N7zQHtp@ zA_;qCX&!!Rl@109>+a;Q?{7(7Nj@=gqw<5oblATjI)Oy(ly{gs@&2PuSRLq9{tigNw82nh-J1}gW2NdJ7cSsmvEVDP)=8X`{Wm9nhA$aB9smZVX8`Y*#o)Lo* z$C%u7(6EcvCm(}GP6(#YzEcm^+aU(!IT1@64~d&pmUFzQTDJBd|ItgeinA?Jkv2Ec zn!1zt{FBj6#?uy8 z@F>rhSH79KxoM}DV^Ko;5gMr7bA}O0$J9A8gRxo!(AN+EBKzCz?ow6m!tNIE7{Bwp zWouum(xPhiXo>&a@`m>NBxAO$VE{ue?MAWdo%VzsW}a~$SlU}img_FD(+}qulu}iQ zueA}IeJ&7qI_0JR=%)$VB$Y;vZNvSE=0n0L?L>5I|55s_X3EHXVsVVZnufQj0#=J z&IdfBU7=sD0&L0eyG6c4Q@)2%C{$}Z6=dm}<8XEV3D0$+7*X|9 z)_m@+La_|l`C2)t8+zKI(e6{zH|K^LxalR0rHUfd#%5-Z&K^^*AtE-~gDFVSE6-aN zKQlNTf;`oR>fAC{>-qV`G) zHg&h}Q&s=ECi#5+>k-Bp3o^F-Q^R9RE8;w}51e?-93I*dPmw6EJiTn9S=*~NAQ`Kjg$ptJW32|9uw`V*jAMQzwKiJ^a*J4Vx# z=x510U1kYZxdN0#MrZRgx58z+(N9#t%l;Y}Xs1hCz?lE+2*rBUfY2+7IfT?2#p)AY2H*v~NM2zY1)`&hSM}aHrzK~HS7*%nJ$I6u z?Uh;UtQ%CaVlJEFSr8eIkT*2rU{CpxYMdqN_S~NQirEu<6)H*{HJ%Md&qO9?*4rh7 zy_)r!hl^tRiPl{vsG~pJGc@ZA$DQhGz3tkTm#tG|6jff$Uga&ZpiR`HCt!q~R{Ucq z4^ouE*QO^x)~j>Ecv-tRtWt6h=pJp!lYzpx^K#tBBbD?aeO_X2*iGnntJ~b<(J4%1+d6ss;H-XhO<( zSFVDCQ3rH_SIx#gMKW*1v|^sqeQMv`eV=UR(5df=_8Ek6uO1@6V_`f{ul0RM6`-7q zzezESB4Uo)d5FZIOQszscg_1%PiJXW)kj{Iiws(Gy@7runh+dutd5bPcae^)W4zE6 zr74et^Y!is?gLV5wwR*%PN@lwfb~YMQC#b3N1hHI={*wk;dzp!m~C)X`fRT^JWOWZ zi|IAWyxHL*^mVc_u>zk1`k5QnDE$R(`JdG+2p3%m;2?9hqJ-$)+_5$-xI0XcaqPT#t?g`XW zjIIHpPj6{aJLLPDu-#PV>gecWef0k3 zPyf5o;VCq3E6zEhu>$aafc@J;59TBmlk z!PBsST6xKL6SrQ7+tcLhR+Dtu%9T3-r1Z49b~SW7k)mzJo5&G>SFGE0YX5VpW-+^t z;lcBCSJ>xlX5;Nl+Q-aNzZU@;R*qp!mQn7-3u8r~6K^)(;Pzy|afJ2|Ay0rs>t3E| zvY#1ie;IH|$c}u~+8^eTRntd(RW==7NjlT;F=OfL3WV#V-i;Oh0dK)J(KL`V6!APEvx?)&|V1`{yZfXOg@V)eA8HcmS z%uoe;oWxgsK7pU5^&fu5UJsbJDDxPx8A);`eVT(Pq~l)Jm*erN;nGBg1!#D32rNNAQeVwrcq4|GY-D%`EVcn2rw-#m zyl*!i4#=@s-Z=5q+M2gzP=36hy;PD@0jD?B;$tOz`xguHucaSer(a@0GW>Qg%gU^{ zW-TrHIjvvEPd|z9_m*7>7+RTkTG*3cLdPu8Q~+!05m+Mg5+k!3%?EUK6V-FYh8F87 z2gvFS%Gp;N`2x0RX<*EJ5iAu0+6Y(VSJoYrJJQl#X@yQC8FD z8N`aU(v&`@e_{h{LQ}K8NANGhsxsS9iFyz~HV+|dK`~f=TE1NhJ+`b}Kpl#|SbkiP z%^ceha8CwFdUP!Gk$f%V1@jyr+7A7I>56yoqI#39pB4N(N(yk6@5-S zc(pVrm6jQKg+QdQT^+*r2BfB6WWULyT5+dh9{!dDb%RCXxLFV{Xq@;(Ad0Nt9$MTA zI|3*GnTB-^Mz(RI>t;=H%B!%-8+9v>e0*FG`GKh(<|n2SaSaYJ0}EkxW<%+Y)0Nh~ z*Gc2smr-Hq@HP4xY3Ix!+$HcQ@Ffm?r?GBWLnoeQs>F4oC}%F|%SeHH`S3?cbyc-b zmM4#X?R(tImwGSn;XVWYTL&_q1oo-5N61u-1)@1Unorf#WFse(Fp6L79V+zZ61~*b zz>s5wpOo)tll?4;6qQF09ukz`VfIKI*_ygO*-o`n%EY+ua+zGS;0jDUGcx!1 zm1N@WfRESgOI@=vOZEw>=dI<#CWHN(&^K)pB{P<%~#01r}o0 z66Wh&|A^xBR~BB!YS8u}R_-wJbZ^sC0o<(6W4b&M#Z}nxrD4`Hb<&gi!LBz%W~!jp zN^4&pO~Enrm2Pc7il)4Z+{yH%aZ*|Hd?_w9;+-b-p(JBrwxKd2amr)7=GVl=1$?YT zwKo`O)jf_of`pT++M4yqeN9_+6F%`oVBIoc@|~4NhJDDYQn}BAO?LD31e5tsiN;r2 zM0Cw)7D&s{=F4%#TTUQh z{;`}es`s;ODs)4bKWt;(PX>(Tz6iS>N^*T8O4R7kNc-Vv$JKu3rH zvK^s0uWRe3&y$;y-efZGlvwz(`%m|JIXfG=D0;Cgy#HEaZp@hrNYM1XaO_}wh8MVx zJxag}Ac8wb&rc#^+x5=Y)qB}v&X_A4KcwgyNfefPbRBDv*M9yYd)%7dK~$?w^Ch|; zBM<9B(_9+MI`+5>aX@qlY55LFT}G5W9GwV!+>E%N{u7(<_I!!SqEwP+#bcTXBFqNR zk?6i;MC}3`3Vx{~VoZ5@N^F2vg(f5VXRkbWAAB^h@9h1Qnm-?4UhoNVO1PK1W)@~w zZkaa96k$wl&4`bdvuT5-d(~x=)4i1!xy6~^vlip%PM}vV1gL@MC-ei;0`9POYBT3R zL@(7tDlo-0?3tr|={x;rw<&)a$~ zW4H(IRbp`HeB(ujlDwU|ESU>Zi=lG6IqRcK)Zptq_y#-KrfRkM_{6NiK4f;IW8(5y zxLM!`3Jw#2IW9MA4n`cLUmT!^RoL|%E2hXB4fy1ZOblF>&N8X>t)MBtzIW_ zI_F&;*nLutWYqV}cqutv zdjENiQkN0yb4O$|R8Hzd7u9}}9PF48TKaJN=fD@!sr4YHw=HAEXuhbs0Z68j#;^_) zHUho_$HVN09-SLzicGY7<(C&`6uZHL*^h15b?a)54Ro=qUQD?m&!>YbSB<-aAG09)jJeXSTFZ4n;ShhnD04u2=b5fI0WXS>CG0#w9$@mN z3L|ygX3CG)msfwhRw-R+re@+Fd@A5*^Mc3A0QO_@{UybM#32XGUGL42m4$PLs!gL{ z_yZ>O%aoIOn8Tld;zPuCYIClpkdvloyR;n`u?a$}p}mQAqAf_ur)^bgSiDMSwtZ62 z^E-0Mx?pt|gU$(hpob|!ZDxlN-R)Wvv6Hi8{IgN|WtZSOw;cA-;Gi9I&974XG{*&Q zf3-dvjogbfHh9<|(_5zzkcm5B|}Mn?d3Z?Yrd%Y!}3=58n2%<81yzgDRrM0>u4OcQ z=xWpPr4QDl&=37|K__Z2<4FKJfSO74H>E(ISXjCvm5IL!>tlL?j}u3)%^551IMd%$ z-%lbvNkgZVRJ>M_=Zh*Ooi*)p80bxCnb|yiEa}W)-_^0%Ir;$Y8BG<{+AmRsNpgwT zXS~xpz9P=i;1n}jZF}t9{jqgzxiShvKxS#|HFve1II7hIR17qlf0ckG!%2zc?Y=JE zQqc4IZu9eG&YKV+#gl(7vT^u--WH(O48Sa(%pykw|nx5t@q=Y z_kzz&&cloEFmsV{TS5|6E3q&@h|boV8C|XY0L_Gei9;GYJMVLM%$zvBLu9+)3YV$R z#@Vs8f?$O=5s)Dq;Veaqal{%AoB-3kpf8C5GmdZIbTHLha}iAD3Yst@LEj9#^g%fe zTW|1ziBqFzW-uN+YQ~-gNt7U`0cp$_u5~&Wic-wPbu+gbz#sBucE%QNJWu5LqzHs?R*_jQgd`f}CSPsEga{2B^~# zlVIEyrQ!G zKz>(9Pm;24Zlw+hMV4~XF*KQvmm=rut4t)QekYmlLeWF zGJi6wvZ-l|oLeM#axNF=ci{aH3zBr(jHFDvkc6w|j6{*&SAi6!(_aqQqA(-4MbQ3k zLGOy9Iut=C=sU=23s`?3jk1lUW;3#5VH4cH%Nwk0!3^~meVSQBpA&|3bOuhB2eZ$> zJnGB~b0*FTOfG|)#eUQr6o{@z?Hxt|hrzt(-WM=&{DzUm37e2=!2#B`U^beYWJFUt zhO4%Ij3QT5f`ru2vj&Xz7%(PMnSKZ?)c8#Y>hEOiqDPJB8qigcGb7O%C|!OP2awpP z#f+E9W)oU1D8PCg9Fb}ItB{EUY5oTZ5)`gS_$^QhWC5nz_6w+|^7!j5##95XFb0P8Hwma2GkO&Bw2vq=63yI?`^v21Bx%t! zbJ5ijpze^%exvt-Kr@N>W>nk_29d!k3rjZ^q+5Ph1x&Q>)zJYMz{i4|{;z=Au~AbQ zImuG9cu-@>@2Y2j zFk&7CGfM2ghWNt!Nu}he`u;s=T=@d@#Y3;%z_*2z1)ahZjMW-Kg#9R%`3pTb_6#}$ zRtAtwV25M0Gf9E@eRZ|j`O8{h;1ws>e>VsNE)Pdgt%_SycqgE@+!LJ8Xy^e?E;NmH z+Yu&++Ab28nu9By^>JS+j+L=!+$PG)d*4xtn^i{GEiF<}y)NA@^9rhDND2A>fUL!Eo)Rg^T%~Cri+v`Z1g4+2wqwu(I z{O>=W+(xWuCct~x%clE&)u9BxEH(EOZE2rFxILf#R%keqL9uJfY#(!}z! zA8u~{IMclX%V<8rNZx|;BM(i&Pny~L0jV~OJQd3QtWHK)-|tKPI-NtGHRa|PPq6}My9zkoHRHU zu-yPP+{OUf-JL@|;$n$xKw6Sv@#L!Pzx)yLzAU0Q& zE27o6@os%{%vq{LE0pYySrx-v5ds&EW6jd;YTgc$TVW)$FcG=O)w(ZZB<=DG!iLKIljES z^~<{D+JlP$HD2+4XT###4^+fh3W`*?&9|xae7CVHdE6{iC!L)`kz@6g%W?ZbU!$ z7?uhpTf+f)*i+n0ezWorQf8)~+W~SLlg22)U_tb2uxz-OsYb>} zlaNqy*Ma!U*um<$IBKBtA=<8pmDPoltJiiUUe)m&q?fYqjPI3`t{0 zG{S&~)sq)KPhIM$IDVn)ny~A=i>Le@r<`bPo>`-LL}f078#NEO{T`9l7Aju&9ud_> z4b3P~x|h^8ZM^1`WUIbi(~xrYMx*z_3%*Uadu|pt2TZptP||5>o94z|R3B<{fkv81 z@Rw%lD)tlFta@c`P0p7fxH=sr;aDcZchTlvr1^)N}7=TMUgTmQ~J_aaT!zZ)|{jqRtc)_wAIyOKo zB(SR?b+F5%pgv_{=teGk_m9PUMGjy2?>Rrd+uva}ZZ$?2cH|se!@1-3EjtQR7AK)q zNQa`y6_itzVCB;yEnd^2?tt@)Y`u{;wol%gr)^=@Wp^|JFdl;xJf^hA=m9*9FFC6zvpS`ZqW z?aJurfPnRV;RKcUxGHOsy$em%OFK9LtgX@nI6L&D2jK+`Ls%1{N#diQZMK>ZH%J;6 z6vzKiO#Gg)n`AsI3abuYJw)N6`T<67={^lW=?qTLU3)k~@}jQ1X8xj`BB?sl%Fj%I zlwQ?QrO%)6iv9WP$0^ycgSZ)V^C_T;fah2yfknv|$)ug+>Kv2XcWYr`D1D=GYx-^jX=L2Hbh$TE!^C){Z(VkJ5B7~( zgU?Kv1HUanq6pBZB8lbePnetltc5b!X5j_pnp&i-VrP=D{juCTS(W!*7l z*dOk=4+m<9$tRH)$*5?k2Uty(j_EY6D5uL158if2`est1B=~dkdgYRbuV{6JfKB^6 z*+e^mFP>aX)f)oyFt($5Jb)3k81SpJb4VBqYRH+#JUu>kCyvY5ry}9RU_$Af(UI(q zfexDlgM~Sf`yv^g;T$+2o@? zz2r+LmK^204K+UCHf|{T9?1%yFZ+a`mP$2tP1}imy5&_)kswWC5RF96cHFaw(~R5* z(Vlm7jhdJ-BYP9Yo8P9_4vNjyBq6*p`3VP|{Uu*ooe2V~4PDryz9QJDP7M_FlWntS zpmPe z4Q9GYueRKbeu+$MiP0%-cQ1wq;m2T`o>SF7U>+uW%xb;&;2!CO)EmLdP#Ui?-s&1q zVy;qawI&++?Bo01-ZUb&G|nO6rLE7qnP zJm$(UL5o@Hd1v;jC$|P*gS0)oiTxndoduaRgio*$qLbSVfM72N=O3&?x<0@ zK`PsL%ndIa#is8aW2_QjTdB9jK@&8az`o zT1GdJ87T*z_RU?Z&AR%_EIsyT(ozgt&}vEFb=8IUx%Bepo$3b+u@|@Pw2J0!TMd&p zrer3jHyz*Uj4y+WO0($5!vJL-+ZFBNn1_L-VfHUF!euQ|1M9H2{2n}??B&lB%~ScD z7}d_!7v|j$x(%~pVO?k*toiKvVr>>HeY=ZbA%=okhZNx6MZ0e&5-N=)&nKzg zsf?-Ez%vgk6RUwdFi9{ghF`^#o8df2^&vtPdFrc`c6piP1sTrrbf!c4|%G_dwaN+`y@`42EpxRN{1)^ z#poz^48GcBJreudAs*_&9Y)H|t{?3Tky*&e2iini)K{MEKLiF1KYXhF6px6zM0tj+ zJzJ0`rST(T0RKU@LwUTHARbR?SRrB}>9%iHENq_6k;^8MbKL7{2OVsCbggTx`j7V= zu~2nBe#P&Ap*!%eXn*>NA^*Xj<>!?8P2>YcN<(T!GUn#L>?~l@)|;jne7mv(CzGEt zFRhF(^rjiSuj2-4Dlff+oJ@+WvXH z((v==vV&qp(V!7Fg{9ne6x2J;_|VMfc^g6Oz12WYEIW_L(i$H8`lW8)jRrXd1G_`~ zA>}7z5YjxxdN%DDj-i)!JWZM_6g9>&`aIswFQ(Hb2e!e_Lf6nHQ$8W^R_KI$hr|H| ztO;S9&PP}mM4-9^A58*j?GbX3gmR4Tt0&)k7wq~uIxM<&@^}#iXs7lU!a=re3nWE@&Lu6Bs`K%(VLa54)+m*LsDmU3o)1g@ey4>`SIb zGqUOWG#xWS%m_A&fI4miw6{my{k{!53^VnGE9QO5{VAy0$tSg5=Xa~bg`M*-A;qIN zy>!b1xjL7&Ip1i#RGV;ovC+W?UpNR~uk;QaSPl|bV$|p=&nm}+nzecBQ_lkC$5KE+ z*44$1POu=IlBRklZ808}+4gXicq7q$X9GDR)(&yD{d${JcPvAbc@lY*659qpxrE}S zvz1+n`ItYY*qQ#NWuEI`D)+sw=CgD1DQj@WzaYn9}!3ocijtahjAfpn+?slKMX)~c_j0@ z7uNAfZ}upT^t$Dnsh8!?TL{H%DUbV8&wXN)KExzH0bLO8*a(T?fJR~Xwy8uXZ1Q}M zhihuL(1f_V`gnO{Ri8-7W_;?5_knsb`x$r#Nq#ncY;{&5#uZBm$2=?e4y}ARTxE(( zd#PLfO)c{T`;1fCeFL?9R%JSyNgszDB%uwa?>H?@}`=Bd+;T6?aNKPj?`~J8bb! z+`UrFGp1fFLH19aCzw_X&5W0>M>v0%8mUp2`&`gdxwN%i^=UGy6T4A0^Rhk3OSu*O zk(o$Ler$!R7W_oB1q-9669daNQ#2}S+=%Ct%HbV`a7lyeLD?(FGQGLr8|OvqTrTI| z3|Aj3%pROln5?YL44O(NcnYo;za0rJs0}S>l!ODaN31kiklMv|INyq%-1h(nt#+`2 zdL+=>tRq*tYLG-C-Omv*-1M1G6#jG0u%PiC>2?$tkrsw}aEsAZC|&QQkdnY3S}l8Ro|#Ei`%`ZwI+gSnPEKk2Oi62kpJ0!-8u@kiHR~|@wa{$U_``@eJTW;2 z3CjoiuVtHm-%jSLc=G{k?$GBU*#Miczn&lyc{xh_ASCiKMyF8zPF%8^Gz0G1piyZW zSk<(5fw^XZ>gxp@FpP6dQG1vn;7c>a18S}E``wzX+P zx|6L-U2fa*=z{Wj1970E+5YA53x$1!6j_of#o7jlCg7jyiDsLDAJLrt@)3XnkMopi>QncFe<7$Lsv4Lgd4z`FCQa}?Jfv)jZI+Y<@jteXKRGEk!oU_Sx zdT}`?>iz=#BJF{30bMzE2K^N0#vKb97&(|{HAnr;1~p0@Ze7ahoS1xft%9^pY`B)9 zIAE!}{`%w>7rAI%pEzy&7rgXZ=G)MUe(&yaI(==(6kqBw-u%92HK})2xeI@s?miq) zRr0IBF+Lwa-4F?mp{u=Vl@8K2#k|~jNj%;oU14V{oidkUEED8sJDK2HZEh4iP1>z1 zg*U>j_C6e5YCeiIK}DhX1E6uw5n9*A7Qbt-H&qXAk2VNanh8(w;l|x!Zhvg6-~Y#< zKTfD--2OUXDSZ97MbfWVhHCNgvtXh zJO3N!T?fwd{eEqa=kvvYQlDTBpjdF6V0 zcZgfjY73tpWO4T9=ECy!ql|6mo7=3?4-Dv0IBg%tJZIYGz=F0bc_dU8Bw2!rH>{&$rg=|BUD;h^W5cc-V<>qPz+{(`B{-m3x&vQO&^XAHvoiVG1YLkP&_@>GdTs0xxzyglF{;-3dByYS0+W<+8V^P+lRVq#Jp=?_3Ss z|Ic~f>H8{&-d9bwo#bFdfmykK*c9Mo0X}H(lwicHI>c-4l1Cf{M)Ais#o-~pdw_$f zQt{LEnsUH?hs1jqz4xAc<&H5^K&w|Kmr&S^5S#-v(Upox}XeTkc*Q$BDn*#2fhuk;4;4wRD$p`r0UeGPL<& z@W;ZfGg%oUBu&kRAALt{%|!lvB5edm(uFqEssD&Z8~1%AddUvEca5MB?`TyKbI(=pVK-&42ZAuXF2a4nSK< z&xQs5{kY}^c86E3m}}BYh$yuo(}O5ri1!Q)l}G`oSX)L8Fx_)MXIs+8!0e?i9_h>X zWvvB3HpEUHeFFV1@_41G!YPz}W22OXQlBPK#~4_a3wzUXSkFX;iES4TU@qPrUazgr z^Y?DQN*dY_RUrgfe`@L8=_)Pt4LtaCA}E_j?gG`)St=Z{FQfkvIcOZkzrve#W%uQO z)kGOpAV04zbV*9F;+3Utc)C50`6?)QnmDHml%oCInL&+{gSAyuBW5QaU!g8tS4Zlw zvQkRaJATjZ2;-iJh-ma~pZMZ(b4z%uCN(Q-CQ9DYLgjJsq!H9jVcYd}?F!t<^wl7F z6!)3L>SRbH0euitc>$Qc@}kZXq=s&BJpf7+N_@JlJBpr~>hje=qCVtc{~CuLz!G)9Pn zY1nfE()C+OZw(7ncnC^R8(MqR^d!%So6Px>UWH7^AY7@0*uDCC-=6O}kqs4y;jc?WeGe#Q6_+NKcW4K}#6_Yoc1&Nwxe$k^e8A z6^s|+?QuOS}=% zkNSKI?biFv%c?M~(Ic6Y7y=GIPA)3OZIgP4@W~nn*Y3KIhn-?wce38ev6h=mFlG`2_vV}6Iy7(Ut|`ANe8sJp3J6!o#oBv6 zcmmPI@`KP+Dfla1o()xund5hx(pq8o9Cc-wu>N%1jVTq*e|F*YdDp4ecg!!B^a+Pp z{!tZql&g{>AuZ2{KYol2+4X9d8$u|25- z7D>M|Le%oTXEVfUI9wI?e0_eSk6!MZfPApQmIn2dh+96s&{J(>?$`fmA z>3witD3EcniWqQM1>pkUU2uEoLn9$?l_?JbE&Nl_aOB2d--TUoM3ugMUm|CEE2ly9 z-g)*y+6fPEz~!p`cT!z{Y2DfPQl;OkESSOSyC=8#Rj)0cqj4o9fHpHk(QzMF-DYB61yqsTZeU^7+b3fn>% zlCfIaOQ;~Gx}z+jjvpmHm1LDVzxnE9ik9hvqq1_xWqWmRSoG1fIaSF(J3eovi)O;{ zE~$h&tp07F5UVjNeIwuBhz6&9vuyezs+=CJUdO?*(t*G6IvYRs6nzps0+rI6JhY{k zx@j?L9Q4u6dE(@$XM{VqzD*t8x9jk}y>*wge0%#!0`e9h@VUByGs`S|94IV9D{HKZ zK#hoK2pDw>F{UM|0n&t{xA!`+mD(}V0QObzm8i&*fosro8prV1nCWM}1wp9KdtQ{^ zyna9KwmEZ;h2FZ%vl4a~E0Ckw36d}c3wxZw&roJwj7d*B&R#4*NnDr_Smf^P)c?e1 z_>oVxrAjKKK+-s{&5v5VL)Q8*Al9lnf=qAA-Y7{VfS6(|)q9`bdIL%yYQr-o<;uYH zt9=hWemxTpao5}iv`0YEcnlmPGz2)-Ks?f0@_1Z(b3>B0)+5hVfKX!YS3aLYYLA(& zKj&wWmz%j&$amAcJL%kA$F0a1d1gFNiq1x{qP9%dSz)dHH-SKjhy`Ok9f^T8!^cN18dE}X@ar7Jb_jnf9Mp0%_;a&wi&yJrk{V)fFvi*6}l+v5? z2hN|?gDFguMT;4o|DEoR_&+(hmO$!6A#sa%;bn`4o6*4F2Q(K(J54koo+JziyrSS* zrB5u6=(Us8V1>QsX}{|o*SagbEV6N$!XCE`2Zy!LP~w&{yuUSzLh9*u=~nlxA8A=P zMEnY4qVi<7D~aNh$l12UDh{M0Spc9s=H`}BnyAE*y+-Z;2)KDX&oXDIly zb~HdRmvBotqvZgo=NyX#MGKBFXE{Dpydrpsn`O~j7o)7~;p{YyW|?7$m4XnCYF9)HEqGl&91bMDYF6!U1rt z1lCyGhfM-f5M!?jo{#lv7mhLM(lHixOrPjT$#Vq~CaZ#{F~?6Fpg3g6C{|v;3im3y z(D^MC+9s0f7}uma-Uy&G-Bcm%kKeXI&98OsSa%&Bm5t%Ttik{~pr$_#70AYRJh7)G2Qs7@!7(l=aH^Po&1|Jr(8R3+HT{C$5HxhbOL*YX%J0Nh+@cN z6_NICF7|AbjkSpsl{7Asa_MAvbk5Qcd0)2Po0e#s73Dj4S44Y1J4z}f$ zV|JOx9Co~ZdD-~+a~F?=NV$QJTe?Elt;M?`zCB`P4Ya7J|8^Skfqw!O%2r*P<*V=< zm<=7^7l53lb{oXatZq$b-EkMoHMu{;%&62nMq8yAG#)7Nn~*)FD*rNh?0du}YX@h# z6DnCD{D+5|_DQPKmVtF$DB%?Yo+w#&{p^WOXTVxBzjcZSA+G;)Av=R97OWwD021BH zH@LE0jXvi{{X5vljReO#zlQyRC_$81PG2Tgjf@m4zIXgi13pVH%R?Wc?z{*cn#j%= zgHyfO^%R5`9&T4LSsP%}PfJR{MMBY~P6gM#(nX1ei|+coAdcr$MsD?}>1kxoy1-;; zDPTbBKIwByd|AUgDdkf$@gFAcO}`7Sy2-vLJhWYDs>~~3%mN76xTOW#Ccc7TRN+TF z$=Q72K^m;oE$_9ww0vtTC3y|VFt8f+nLaMo)ZJL!>=Zk}5W%W~E=n_La@!v}(THxbma53P#jw zeYSaL7EH=jk+SLsUosv6s+#s~pry*NT-gCI=|#MhkG>Ia-uO9dZlaHSjC-EdHG0rCEh>MnQ*XOk7hcM>?T z@#LpyHGt=pG=}86>&Ul)pq#qxnTnYchBApTCwX|;r*9X}?fZQv*Qgs}MD*U6r16QB zt6@>@&F(#(sy*rUpDk@P_17&|=c_!}yUno9E0JH}4;p`1L7 zGc&io|I?912sHY(~ z<$koiL}KKt!q4s#E*8oX{~U?RMlz0=*T_8Hzx_MWt~>?siMxRw0PVwjRP$^&i(Pp# zvGgDMY+hKWOsJ(y_U+!zuewh@Y&7IpO- zU8gCe$0&^Wpd4J1g!{%HpG3!P{?0t8qHZ|ytXNq#T%$=l`ziys&>NkP(ZEI z!_1@E51&%lF0PV)nz40zXcl@LdNLSBqF6Fzp5leak$moRPFE8n$LxhOFU*nSH8YZY zT7`P}hVsj}FNVM*Uu&Q6z+&oJ}7##(DRPXSaB9sTYbfQJ;Hs}m12@%>f1H>Xmhl$8xq=z?~Rg6 zjRV?zfC|x6TyPgCg?;${pnuZ$36vSGZtOYu5uLi1L5|fB9AU3<@w|-pbIm9(4c!zOvU3a`|2b2`{$l=H+dWKckrQc= zBWso!<%`SX)W2S`?qiERX(M%!G=6X5>kRH@WvizeWgC5FOH-=h5j}x^ux?wstrauuYuc1c5>7@e&o81ktlgaB{>T#7dOdPo?6?0;?rkO|O;5zfp zr&~E#nc7Gr6Blp8?VgCme_!T{O1rYULX+2}yGI{mmG3!NiI-X1ox9XZCDDMEqV2yQ z-T%(B7s5_w7^I*t0&m5J=fPeO*Y}6p=X4L@H>@K1ty05n#H9MdHEhF^AD87c7#%L# zf6{&ym}q%xC!-C9P;MW2K{p2eAa+tG`5Bw-(3-!mOGs+(jPWq3olN~`M}jCyYTh;Nhe2Vs@dP#F$Rpo^l_P;xwg**;Lh z42vDQG5Xe@rrS8|PoX%L*!h-N76Mk!2P=->`h1-8V@VY29d!WUGWW*>zE|zA*@q_! zG}kI7k)hi0&bFk?0S#hD&2~%x;qUqL_ZySzzj}%G7%d>Es*F}H!F2DOB8amRt*0I@ zl$oc2S`2});31~E=2i8aQbnV;o`mz1_fFHMkG{V;@$y8*{c|NP&I2Ps=K2eNOVXnJ^m#!jnfYbt*oeykD_HS;TUZSQTYF$z>6ftVf*> zxu|}oZV5@>r~H9_P@*BW%SwIfOo~BFh_)2`iG^a8Vme3EyybHqPh9= zz;8cVl)ovuu*iVvO!4BBdri?eHVG{`rWdX`y08G+wMe#gJAM0#b zOj!c(Qa+dh4>`fPpnmu!L|*4c(+Qnw`xDQu?0E}^heU-aWMtH)Tj?ggY?nIb^WgE( z9o@=okwv%J_9_aLY4CMLTsy{C4**#=?MpB8eC8!F4B|qPa=(Y~VG6roiCbr*%6}bL zB<>fEki54mfXvO0*T+~n*j~hQ=*Uc`N$lrI+#JYMv%lX5PA{fjuIUABb!b(Lo4HOW zmIeMPJx;7A*|@Fq>2Jy)UGEArON}(Q!G#IBRXkN0R%GQu5HiSuy(b~C(uvagqkw@V zp7f1#9AaLlE4j|oAMx!f+fta0FF&08XV+6#5OB?pPcy4Jx6jOWxJwNMm%9P($u3rv z$ed0&bVAAY`$|qggL5+b>YD#wLeUdG+Q0Ent3x~Pb63%nM0^8SQjbK%FqWS(Sf&sk zEOT!R@uZ8NT-}m&#s0b>&44`xv)?N3kqup*HoZtq$}IZ{Gjw2`;{Su(%K)m-6Fdh9 zXD{G_>LOQ}#9WbfoU{CB7HNFJ0wdljsCH>#*_^)dJ^!*M^ISz?#t)tJ(5TGJkqA08 zBi*I-K&VSt-Ij@N{o-tBvpfIqNW)SeCv$dsPZs+u0bD}mCAqFr&0OeGjxN6z_Mc8a z`VtB;q*$HEx!E;;)=7R}%$w*4u%fUHS_f^{7F%@J;NaR_;7EbN&VHt*p~R8-2D!|v zfWdHhV4#P1`{Xsz^T*#ZC13WmC4N#J)-|yKEJF`td_d!Ws7!DSqRu7`eFkUCaY(=> zEKLn8P2+51*_1OM0#9F2dv;Oz!M8uEnV~n5lb`VEhXh7}rNUpJTJI7(%9*`GNMmD@ z01=Ak9UlHe5wRq&OgY8-)1+m@>D+h!(5tCEs#1S_63@BawU(!p17awtKsQtM+Pu=b zkjJTYauMo7?l7ymGyEsxMlP1)c^?1Gt7is~2^cZy`%sr_c(8Imp>)n2BGO(ySDWl? z#my_Wrx3li>%M1Ji=a8-_slOv6=ZKf#{;P59Pk$$ptBPJkq<-M7P&ie-);Yr#nC~dDIu6bsB5+((Uz#im#KanXh;HA(EEU6^8J*@CQj+ zs0GV%2IN=4ty)8tHOZA#`ccmA$isY$|{BTvEV1++U&Q6&9|Aom$QN}$Dw zOAG*@o+txmLwhT5!mwY#2j|wV6$`xC8|&N}%KXpHAjIxMhZWtN0At#zl;=`ETApfz zyI84OZx>>`=y3qeKoFhA9Do5Zz@86y416w6gX5MOryvNcY1a+==}PYvCt&N06O?ok zL>gX{>7?BQ%uLf0NBfHA3J0?aZf-@;x~o~o4Mxrga#AQ8R#d1J#TeTKXi5lPY@aUu zEl>yIz_rKx$D!7d&w+RGWO1PaV@|(W-ZOIanm-@ zru*mI_YV_nBY`*P*WccpT53|u`~kln6FrR3%00dxYUC=K_wGRYbp9NrA(|+K?xr2* zRKQ4M*K6#39o_M|i>?Cny{ zm_K1_es!TiqRy+OJ{P^5E!Z+i)fVnwED|X3upB^!B+UVoKXJx(p3D?Te!Bf|ou)gD z+qO$e|0G{}{qXk8-p%S8m_zFA0x)AcvNM~N6+_U>pImUxD+*Dl#FhMVsU4cMQQCc@ z;QH>|@%Y>Cr63{>15mb=M4UlA5c{7I4SCPW#2r5c1_g^j;^xyGxFf+PI)6@{44LFw zwtQQbg@o+L)G2v)4f63y2i-jJco`^~* zbnE%{0Cv4alzd)N5CgH7$z56KZHm=0IC8n*Vv>S zndQzdP6?BU%Yb%-5*0Z0ugYn@->fG$GwTiR+W0>GR55h=T=jttsoh=zrR@w;LsU4s zvXn`GE<9Q@Ha#$I#?A6%s*9Gz=v+JeN_YAqArq{_Ji4Y7lO8l3dTqzLPuvFF=2_Ml zknnsNI53A3X*X1<+fubxpys&j z;adntL<^;2FIVhSd5E=iFmGeLj@|q6ipT&abbfMieoN5Ka+=@9yej3ZqWedolC_f# zObn2GB6G<05!OZUqB+`bHtJ5@X1pGR*_eAu^WYPR0^u>GPq`w|H9Ee?^6e3Ira`>1 z3D87IjWB8G1pmsp$$n@mPkI6L;AUF?w3hUhwzod?^@%cHWirQU7ix_o|2eKd2p=Rp z#HAXhY%WD|EV(*ta)%qJZRm6J&@yZY zyKIe%;q|kFruU{2%=q$1(XU&WXM%%6^UY-7);OZ~+qre}duaW>-Lz_B4dZS(^T{JS zt0kXiGri-3Z=?>QqZ}8p3I!wj0r#rYosuXYR z_NmU%;xWmIa|YiGG_LDA8%(82bb&tMSb7XMB?pe)N_&pu^uSV%?eMyqz^cR&4;#JI zj|(i)Y$HC?bG@MZQqAt~o2Pw|C11h?>I^Ie!-ca|6HNa>YAxR3d4AL?m_{76oNn1s zG+(c3>k_}DG_0EIzwAuYS@}Hv+iK`@muvYnh=GkJfY}DzY6MlL6H_Mv zf64qRm3pmMuXZfU5Wn(^RUFpzP9)_(_rPt|G#Qxns4`XCa0w9((L^nt!;;Pd$g8Q| z7xAIFj#QJuuAxp)joJf`c)W%j`8?z3bMEq%0$Sb)1p)e;k9i=5X%7Foz-SP44?uoQ zRT|j(MI5nP^{LA}E=Fo;uwpp&Oczr};f@$N*4!b-SLKGWMb}y42|x!0-3RtsIg0We z3aBJ#Km_Ux?;Q1N$IDs-y6@R9TRuC`x-W#rDIQU z!?~UQ-J+a3G>7-`Uh+}z-IvBPxfA9t`0KK;T#-=+EBWjL<%gh7HuE%@(0D@`0LY$t zn~jMTNEGslH!T1mK*zX-z`eaEb)Fe(*VHsj>wz3Ub1C6f!bRII<9@F7Hm-uG1Z%G9 z032$7T*V-@Vmbw2((%?Qb;%Z4}|ZQ3DuGfPLcglEv6 zUDAe$cQ@f}ayGf2*_hN?w`*+?qwi{97%7iYJ#BfL$dW!dOrEkodsP}zl;{KhmA^_z zPHujGk@VSytYFUPn(&JFvPe&+7ItbI)7hMni7#BB{HQyWwFkfJrf18bJNLmWYIy0) zjf0=b^6`249)Cn8)~7GF;k~qO)GdA=PPc-o9G(3fK{j8?%edsDGN@&}(lcfcD=$$u z--Jim6Y#*R>lZ~1ao5?PFW3~^r;=E~DgV+%ZnI20N?wngu=K~Kwhy#*EeUT`snmE6 z@iM>>a1uncod6|+J-`(B*Jkr7CY&CpUrjC;*DolYv*qPjXE_g51mR4lZ@N5>+U3{i z4Lf?En@rAXpFR_1cMm9Rdhwf44>GH-%JH7I{vqJ8e`Q zQBFB^%;zSZ`>Ui;d!~1`{lpFBSJ_t!&Xh%dN@}f3LlmXkhc03wD2s42;tMY=zicQk z)C~cfRQ=31XdW^jmey9vZ=Xb_ z{Kr|?;cxs~X@+ZSN{{#M=If�IhYwi4owAmO;r6S5_K(FnJ+xR-`4bsTg@jmRa8r zi0}$DE%6B4c}VX_Vxf<^{-f zRM_0=$Fe_e@XfZ9holu=HytqC;X3Sf_DT@KtK=Tv0C1()_V-TxZq`~mVgK$&pKtb< z*Gx%fy>oFOTDGQP*ceg*Kqf1(k#n9IVUkUj(dHH=>I*n(Ib-)&8$wEOGolA74L=F9M!@1{V3+%xzTq1`>kZi*VOY<6jG-PE`=nC0ta#s z_kNaB*_(*^l1Cc0@jh7q|O1Xg$|3Q22dt&j|-2!2SHUuLMK8mUiyv zoQ*-P^UWg$-UYL&Ug{T)yHH(7+Pw~86v`wqLCZV6=}-1v!I2y;iR1Hh9TA@=$wL&w z<)HDb!kl(|0gr0Yg0u7eNvP+Ja@=Z%Cc4TxS)S&(`ndzia=(RV(LFdt;UQ%Dbv7;q zwU@~6Nbg3xC%<3FZ2k;&wE(|TseR(ut0Vs+N0J~<81}y1BX)2b$~V=HHQoW>j#(AF z8fJex)iGGX#a&1jaQq&~_ zJ%^lXtkye4l0z=u;ONZf{WFB9T#p;k(A2=|srj>J!z-s!&B8mly{9D+8K~E)mgdX7 z@Hra3+zDFXUlfWjYdXnrl5&${-h6<02 z;_fvM3Qu17=#IRzO1C65)n_7uqi)m{=ymLul&LTomX@sIqys}hns{bq39fcel09ek4g44^+|dpBYpzkGIK4KT#E+2dJ&l^OjoOA zCtVWk2Ys<+l0tuux>o30?!mch*#tdo6H@4IcF^Yc1hY%3^F-_Bco#$N{-E^WwOCZMLo}L3wbDf6mLzCRJ1fZ@cu=4l-XchR7VMFcb)@HaP-e7R;GQOmF1zi%h)_)2fm5mF595P z#DIZKT5r8zGpzUKLk@)4%+Y){ANKO*4a@iqZSWFe$Emn?XU;#X5ZhTOafO$`zqp8# z0Q@cjnPMw1h=-epb+N}!FXAK#>YRcbW7UWtQ870|E3i#V?)|@0*;g)!)XUn40SJGs z747*H=@~`>;{)uH(RGXLP?RN(>RAQdW^+GgaYL^HApmWUQyA9zIiZX34tM+D6R-DU zB=kN|le`0DzeM5%i7lM5?0-b^H_G0Exv*{{YLv{nk%e5`I~OZ6G)Es_F!XzK zzH;8hTF`4FmY;a;#lIx8JG(EJ_<;%hRs<~S0{z;F^2U@N*PS|-=Ark5lhA!yL@{I* z^H2-}!#m@RV~|AWP0zLt2*4bDOR&tR)q-Z^hm3%L5QEQY=KE70JbYk%G!UCb5Q8(Q zD{?S>v^K|XG^VKc6NRY)_uFd(|Yu*nQ|*`eJL@q_if=as)SK>2u?iDQN%Go2Vp@_Kj)$) z`|POP=H;~T-;WdIQfJ;ooAgCwu`W$%zsTFMozF7eC(y5nWsZHVcARrp9l8 zKtrqGNz25NO|98GU!BNFCaWf=C{p?}P-CowYtpwZg5PYDo$IEXrl201Gbv)YYc2cJ+lH zC>-p(P`6|o?rv`Gb{q5xp7zd5-mHaqkG5sh?No`i_Q?-TYaS=Q)l;vV6k;t#;14&P zjf^HwC#vC-0V4SQPT)DT$c3>9?a|0Go{hEg6bGFX1{Vjr`ab_ps@ z-t~>QlrBDq1-}vhkZu%*M?MFZWj0M$#e*aPm-Z8EVBTv~g_OTFw!#7`J0y*4S2KJB z;^dX78mpkyhyVVv{gjjO_)cQyxogLuy4%>=pmO1ma95^P*!3a*b-*6m(NAWKc8VjO zmjxFm$Vm38>u#oX9zP`=??!#Y{*WNDt;)GO?OpU++8$p-2?(gQHX2&7ioCI%djZue3MF;aE@k=6(@lomCP;R+olhL^e zi=5P*bh(>9V;nO^$*Dnp1kZ&_;+VmD5!yG(?`-9G8Avj`ROLgfodzu0nB%V!e=Wt<-3#htc z)|ziaaZE@OA=Oddn8365HXp*rVNB!#)7#B#3|FF?T6}-D$*`YNC zu^UE7QPvY~kYl(I;(OL zR+rJvouuB!18KI=yGlhnmhr!9o6-jDQ?kzPGk~zMsgFY5)*<^oJz37Y0O9)HJDI+%+WSQ49N!yomNR+1 zO0En%d1tNV^_Y;#%K$~ZE23Cwn;j?NI*F9s|DrR1obv!08 z|ION0!=DSYjuf8jICNuoTg8C|;%*cKyho_d12gAp;8>m+!M0=p08OqM+|;b}%(>q$ zYjnOJ53|S^P0So~AbA?n25i$~xuF~NagEMAZSEu9Ko#opHclvqIuh5uNt9#@tILqr z$d(n*-cmncr1+1eareh|y>{mvK?ij{@r`dEf4DlPqvlW785_yA&H(fk(@fP4EJX*L zD3lx_7%)L%$i#NWc4`tc$#T-tHr=5vo3gvHI`vwR=kLxZgSP@ajUZt4|Bcrs%KvZH{b^?&l|}-~A^)QBCB3@`wUU z*F0CAqmS^)Ii^6>=6K;6AkR01^PV#SxZ)^ciRX0BxnSqM>_0w<6k`Qy$*#wRsW|S3 z?L5M1z*6pZ&dPYp6e4z-EzGJw7Tg@tRnVQZ39h$_l&+Wg{+0p}2~X%fuY8x}jYy&& zK%m7Ipr37$gc1u4W2Rc1hlcpg_+WZcHZ;bwDRFeXvo-hoR&Gp(*uj9I9x=#qnDUip z-`=t?{`5qsgb;8*XtQ3YW9bLIYDQ{XK~6tIMsN_$Xl~Ut6qg9OpYEiV3ffSFru}_< zugU1)WnHZH==&n}T#IVtC8$qH`;7NU)7y7{g;fTi#JoSWI?{2V z#Hu9Nb5F~p>P-N%J>A*@wkvDThH_n)dW_h?FFq=b zZFgRKkXC!3YSg!a%G`$f(p^#WPGO0EdjzDYY~t8YPJ}v5D39&|NE#G`uTjM^=R*QPu$)dWG4YaP4kA!!(d_>a*27gs1UQ~J-@+T<<8 zEDw&f;0gnJ#P^sp_c<`8JWieHD{(#M)(=xAwd5*Zx=sF*p`xRFuC26pvh>?#v%3TQ ztvahBgzj%9)2HY)PD(@J1$lWT*#pqa=#dC#3c3%xCjbTFOuKW!o{kXA;0zP(4)yXIFNeFJ&sRxVCteQt< zMuK!f0AqUq)ATAOGt7(;H~gz)dT(U;dE%q;U1EL0ioB$~Q>R6(}OY zjkvpf^>b916=nXDO{O(J~Y|64cYov~59RwO;IcxXEf1A`_xKcZ>zWcZf^H#l*z zeM>(b7n{LPwY8MqD0v?AA9WnO<@sbk2zGHIB8PTt`?cxGIg$cFiS5J9Vf&<-%9bS6 z9mi{|=pjUVxmC38-(-!@u_w-dtN&IcE-B03tCo-7H?ps%a9WyB@8Z6N?|xmdugAtK za)TO$J)2KV1OB!v>@dq=)6*y;o=tO3!Dq#&fuV=u}lSO{9kBQ6%u%eos_gpvn9cm|;R-j2vKpx1C;!#ch4+ zuC+JbEwzd2!QsbDSo++kHqZO1z3MR(fRss82;u$QIJzB>w__-vo^lMfTntta%U8AacvL1d_ z|A?phW!bhKIFQw19VB$@rV7piCLj1nmoWSrvmh&r7Rwb3E-Om6iK8jKNIS5dM?40j z?+qrUU}~XVQ4U}070(cwo_{q2#~Ld(j~09+KVljsl|ZUA7|$jjA~YSp|5#4jaeRN{ z0Pih8o|d%Jbl6=9?1<$>=CQZay`qs*F59Bl8~N7d$Fm(DMpHxvEkcfd`j&RJ=*vmz zFmnq}mfB|Mkeh!bY?Ph|5AF={<|{(YB8Wx&z37Q-{oKHEAVaCn>Wp-;baaN7m*e6h z-UYVHJ^Q}YCvxEZPKc_=0nE~WMEKXygNmX91-!F-t-i<)fbx*C?!$+-z3P*Q57ED$ zApUHkLwG;>qQ>cXt<6^rSv#%{I~X_FS6LmyPf`Wj{vMFkN}v2O_iS|lzMzF`O0Uox zG&iH`NEGdBbsU2P*2B^F>_1sBPMAA8GY4UO2cFdE-iJ8)#B6s*Dd=@-w{l=#;L*wx zd+9EqqhL>)@#j;*h5{JPaJxzTI~naFe$9RsB&be8R4Qgshg8jU+zA=kdgcMUN+n=(#^C_KYeN46qZi}3a)2% zsQbKzseZ~z+rNv)Kpck-XJ}jq%g=^2DRygg`DFEQwZEDoYG2!#Y5oEdSg51N&gsM` zn5y~$$)d3|*KSxZDfY%JF{k$#Mb|vdY37ksHCf6y^|JCg{T&zgG|%(qx3!J7+v@+_ zZME(CN3E)mxEK8m^Er#Pe_9^58+nA=F~$n0ZB@NJqNg`zD$^N&(0s&FZOr29YLx-Q zkE~54$qD&uGu5b>gCQNfYruH;9&JY>Z;XSO)~aIA_qg$%EkfAOVM2*iz*%qXVf6LY zo_hbtgNMmSgT6fUZoU|P)neA82RoU8dnmM8E!mu3jf#mPOcFy$Q*}{UrN4t6iUm|T-ZC|;=a}G!$1;!jdRmcwQqD>rlW*MJ!Bt{Ew`#&20!0`990VaC!OB<~&U$fCoaQNfT zHU$f5t}1oR=ii^`)mGm+y1Dw>eBHxswgW-2p9Wa)Ll1e7De!ZmBoD)&_BkuqI1Zss zhnziB8glT7g=oKiL3r4C$4pp#SL&gVtL^7s>cdjqRZ70NEs`p&fIMYX}yV~*Nh z2I_>%yQK>l;%LwTWYsN>896SP^}xj7cI^Cm?gQ1d!F6*6;cbSjYyryuennyFNy$-S zIXjL_Po>L&ef}eo2$jUZt3a-PAaR7Qe2PKamg&bNuA|`APQ7F~71GZBZ%jzvC&$r= z<1^ja|3D&ZC-`URJ)`cQ0|wl@yoQzVW-=p1o6Fm$>(CBSva3bpB!N>HBN8DxiNx8a zo7E69m-{W!xaM`wm}Yiq594zamp(pyBjR}ane}cT2N$-|)Mf(7S0dR|fv3k1m4hOm z-?8*+%&nHLz(lwtNU+IA{Z=n6eI(a~0IbZs@{}1CH-m9Z>@|Gz*NB94XJ zZc@)M*bi75nJC13^mo{gODxkmSOW>No(|gA=FCRKQ!-t6zZWH^Cx6qK`4Mhgc-SbP z)k`0w^j9PhRGqnF`PDMd=OM9;9{CgjmT}06k-&) zeQtE9hLdBUd2nmxUp&IK3B;Oa??CdLkna}K<1&zD{GB+f1PH1h8HDlTE7^yJr#JZY z9$;-K;7K*IbrNHj9M-N6P9a>Zrw?}WpRgW%j51Mtem`};V|E$>7kT28VqWmrQh4J* zP}_|Q>UVKANtxCrL=7ybnc9~6p}~#vG50yNz53+v9ZVgKOXfuX6=Yc z=)772*gKQ+i6Dy}-p9wOJZ9S|JTG0=;T}od->|Gc^iJr(zj)4`9A7?1AJ&?C~``yj0YXaCKgbPJ_nqA&Crz_2HRmY=%E zbvQCk#GtI+JHto<@wjbIM37G2Kh9x>h3VXlVB~@^D98TQ_m`!|%cq#7!{Z}NKbB?? zU>U+n?j|*#!BLc;r&iFH=<@Fpf(kU;TjhU(A2m1X@+wyc99xhNo##1o%>Bt8fa0qi zA=-~PjD?M__G5rTpjF&ztr6y9%O*f-si2E@(_U(KtkGGv4lBj8e3_t0pEi>H ziE{qrT$gv=j3t}Z%>OI0&AcNP$#dmd7usYL5MW5W| zPO0*|Y)h+Fy<692zb73jPtRbQa54zmx`_%vuS5*xI)x62LF{mzN?Ve>?#_6SNZk!n z*4P94qQUEXKIxNfU*XY8(R*Dh@btx7Raxd2g@yRiyM*2ZwO&1SI&ex+rUYk+ubBwV z*mEyhE-xyHX!7p{kyolh_a=2$Y4DKY9|uB1CZd0d*tl1$PtrH{Dbb$xXn z3XH7mA`guQ2O&52?z8i$aj*^1``Xo*xqRU!sOm3#R_RlsDv@Lt~ztKPbrzX-uWh&CS3G-J% z0Jw`j<#;y#cpSYFzBm*-Rm7RCq?k{}=K2lJ+IyvM+#KAXNd#^sZV+Jt$2%EQ+|$4b zCct(LlS^Z@cN1j3jw#O7z6tnPmFn<)`F5y5*q7w+Qq!E7&4mcprYXnC>$MRp!k<2v z-je}FLVXp?t#|!fDmOy*bQ1RuzWs|wihGGWoG(ncf*v3W@2r$JA0?b&nC!-|C5JWr z2x9pbl?{zw;d+NdNq~R%l7eBe)9;tJ-I~s3(+9bycIjpme3X%-zYK^|7NQRlLfK>Q zMzuF8RMMvl#dhmlqbZAvQhTAU65#r=){_j&#w0HgoY|AV0?2^XeO z@~lcSCNV3=-@}reFXZe$G}&|UULJ1AJlZSud7`IbHPi&jOO0EdkZ^1?b>;^&!T z2_E{KI0N?s1EkV?R~iFLX`ErnzylV?|16PJUstYbKn;YIAB#gh4}W-e<-wvbNFVJc zqxL@xquFh9{M?IdVHP0uof3VQMD10%-d%x&LS8V}tQ)Huwx|l@;qT3<{|uBFuqLgC zPc1;s{`>AI%sxe5Yr}{cIFgA~EKIl1Y!5lonD(-VIaZVZysh!_riqgllgK~Hnlh^lcgm~ z!Q92Db*`crBZ(`)cT;bCWRf{ zaZ3Qu`zUJ-c*gJ>*!WSgaWd*-C@{`%z2CFUHz&Fd@6h+-?(2nw%%7Q$>|SV`lIBOS zZ8?QtUu>$5PNPp35ugJwVrrxNRZ@tFD7&yvW(Zk6%}ax_(GRc7-A}ukyG|VqW)hZGoZkFR4X6tm2YXJ+Ju;F??fM=i+AUrWbINO6_k>ebIuUqpFMg$ z_yu~*=uZAVtL!I&7rZ#T{K@Hild;&L#OMHp#KsVLi;r)^TqnaCSKj5EVrBrU9MGa|kFI4(p>mfh!(9Un zLF;6O5BJmpP#k`{nf3fkDI=mo*xyA4S2&5AhzSM|Z)OE8BOCBLEGu(jtsL~m-75!@ z_nY6oti)!ORIqlU*~VWD7+0hzg*%6DZy`1p4;&49$tP%?y3s~L z&gj8Xptv2ziYQF%~Ebz|%ORFSLv2`|WZ8xP5Q zGH5YUvz^uvxVM`bV@eGn3lQx=9QTwIV_43}e%P9q(|GvB|b3-;u!FMrbD0BGM zBQpoS!WaCZKpx2xOHw5JLf3NU@a1;SfqCYo!*O?3sNcz+{1}H_>G& zC2>Z2Y$#(1TQJrP{$hR&xC6wpPk2Yb1BDXOAf&}H+~m1zxrk&HawU2B&3AAr5} zDMmN20Og)oo4v#!D@Q$QX_+$$3uDzm8?gG&4jv_W}#O6&386JKh`{d`$FXWc~8_W zRtQxs#z?i1u7(Xpd|h>j;CqSd2r~U&uhznUezk6(%nc2iaE%*HK%H!Kmu}M9($of* z;4=pLS_ZA0O<wE8!{?-sZk;W3Ibbrg2V)Kk}dALK49;(AqZTmZmMP!f&%gnrPlyq)W>`;i0VP6(#ph-DC5Ux#TZtz`O+QF?(3Hc zUk*L;%=)&-rWEQjs|65mHoBRw7_VOX>w%NBn@U3_z+{CQLSz12=xiTey>Kv)ujBg5 zz2)TAcD~r7nV^;?`MH_+rrNyGoMW5Lk)`;xqWt+f3jk+d?#h}gNB95v zwLB}r$zw}Uj>cIz=Q=XNl2k?2b{e3MPE1}*qpg#%u*W9hUJ9maO8klMB27d-mPrfK zI8TYMZA?VI{okY;1hd^#U!+lD$jkrcuDW zJ<>~w!4d9uH>>eE`U&N@0Oy#d@IXxst=uP-^^RA6O#QQJWxD$1bHHc0ok`u^rLcab z@E@epZiJqZ7CfS0{0G;;trBSe8vKXFU_h9_<;%1OlwWo|SMQ!X3u&8Yq52j&vCvuW~g!+Gb#W zJeQK9!`(98daaB>)YR6eQ`&>B-DJj7_u`?=fgX;|UFxYx`vElk7(SwICn6hH$4$5B z{b=rL@)4M5KHdC}z1WG611%sf)BW5?pXJz16s?U67&Q5*-2}G|r8ATGIionl)gNif zz}r(S{qjnX;*T@)6)7bn6#yD_^MyLe;Q2#-~73CEu^P*Kr{@OflUbt43 zCI12ru%Pg|k(yL{_&zUw$Wl0&u8quYpNq{G;;OLTfsV4TumC<$u1kH&EWd0!>COb+ z_NwZVccQ4zMSJ1f=MQDLgE}yi5M}}E26>ZZiB{$I12wzlnM=x05?YQPLQ5gOo(nPP z`FL+Sg75c`VL^XY(_0oE~@-epsW? z_;@-LoeEAU1V<(2H^`j(tmXxnT}C`*hOO9ELV zPf!Qf-@Hfv1gcgEmtgO-Sc#1SShhaSukm~q;n3IgKMG?u?1^_`V`GAU^~ao2+WY3U zr?^mVib((zqo17E-z)(Hg(!hf7VjRUT=&GBAgSi8{f>P3*94fPaL?%WR?^8cpj{`~ z-7$)mgT-49>R@SfzuBnc?mh^e|Ky>`hDxLMZ|D zQ`9+7w+~>!nqGix{1HHeS+D>E%ybcp=0_wKH4$dH( zm`J)~YlCo>NQ7?uJut z1`y8H>N#`1)f|9H#G0dXt8ux+^*PLLMBo95hJpiN@e}m9R3lN=1et##iG5Q%8ZE8+ zqWM7qGPgZz-@@PJapg?slLt9dcN@LKFB0B}Kf$V`fz;BY7WOY^wSSHLi(RI(3xi2jj-STFg&a-^E#>Darhm{s+_ zS*V}qR?55CKTEVA%Zs;#^4C`_b!2_KPcde~po0GnMUXrxOR*p6&`u0VvD-s&h@9pX zXU-5$szAUCLe4oj6=%K@yndAL`Eb39?e3SL(8R=TYg;1MDxk?@f7xuNB%s_HGWMwy z^Bcd?f-5c(vAJ`&)_|WX9Ymf>slmj{oXdMSTBBk+cX#A>$n<9e4dt|S{bxU}mo;83 zxbnA!W$>K>iOw!p&E*tNW*l(d$(AAKsJgACYT~*nMi+edGoy24YKuti#jN}OzCCE> zZlGH;ey%AU`9R=UUFR!Jaj$mNrbi|fGI^E?3?Z9`+)!o=$EY&O$hyPiPLeA^Xk}L~ z_9gzvu1e$szRi$_6`6<1FC_;Adz8Q5!#yfE=W@k0^K#LoQVqeXWoLBghppRSDV#u? z)ZLY@%lWsT=QePl^89bU4guXhn>0r%pz0nYwnkz)CEY8Y`Ao=-Rgha)X77>Zu!t_a zP&mD{^un>kZb?DKmC-rTz=xsk!Hl7 zs<)*={f=6hw+Hq&fYQebZ-j|=r9tH@`7>G79ynq*)ZJsL3I?hHuWyp2J%Q;}g23;L zY-sjl95EX$ll!@YQyrJqZ9igXYPpMVN?ceVaHccbPa;+7ls~*~Qjq$}x_96Vqy%^` zaq^$#i6{~(iYIOuJ{-04^n+MdwVa|VrXU>TDGDlXDSoKRquE`Hj@3nd^3H{ zb%`Z9EL2%mS=EB9JoeWbo;*o^g7K#jXoVGPUd_!|FMtlDHt!e@_MYQMou^mCvt4y+ z=ZO+9{8P7_xES31+R^O;V7+-X-O+MSW;|Fd{Mwg0(LK-Adb1dfm%mI@WY6P(x=QZx z=ucgG@-rM7aTK^|9sfTmN&oqGPa*4(#Ym+NC@}jyV@ol_$s524EZ!k=_3Lnmw4!}u zbF8N5SjRtFiA+HL{QkUGZ4m#DRA#LGKDZScM?9guDZvh8-J?LFT#VimWa!vLZ3N$1 zhQCX?$BL$t*+u;A4oAPE2`_n1Q8H7F=n^NEfcq({z=Ljuv@;vM*fN5U zJrXP~bRGFy;`@)PsKKI$;wYdb^l$^6n9yuY$veWl4e)CMsnV+4_AXwgp?4RKf8Gc= zz5gb{u=6#gAJ?sa`>N=z(c~g&(67&+x39uMoW>ELH=+JnlATZ&Wp!8b?2qw@RN8{ z(PZ7%j8skqikD9OCUb)hP6c8@$F%aqy9h@{3?Pcp0oqDQr7#JvEZ?G9^Sln)5$%Qt zjmDP}bT;LU9d6Cl%x5$GGMJu_=kNHi5R715-MfqCAqd*#3P{hQDx#lo6jXouzN}B* z&5Yez1Z9He?#W2p{kFx50w`-z`E{snPPM>}*2mH{L!tQ3V}7|5f>@&6 zqM+Ne5B?=BuJ80BhVTLRtcOS7KAZ4}$hO3Vly`*n&9#BI?tonki7VT!Tb!V2zh_?= zCHklV1R_Zw^9%W#Ze2u4niFzeb3jXvhM3bz#DZMpl#dsL2QPoK*dxuK-=24bA6)r& z{vsCh0GcA!II%u8Um;{(+)r)~4=RJg;`b}weCq$|#_Mh&Y9me$=M@6~8R;tr{r||Q zw`_!Bx98Z`7lu-Y30F~a4Xl}ufD8mAAFIK!7wJW~4ka8?++-{yo`$$^G~r}U#9lzU zZOMg%w&VAHWKQF@-AmTj=#FH7edNP1?gk5@Pa+ZaEG2UOv3%j>@wHED>Mk=YyOk!K zB&K;5CxE}duRL zhPA_S(mwS%dX~9TZ@heQP@*JzLv0^5%{#E@iaPtH}TZln*^JC&0dlp<<7)-G0_?3c5J^k3Y3oV`hEI82Boh zRuW}hFMJuJ&UeT0Njatc2}q(mcYdM+4;XOGj9H&gL5xk{QuG79}2l^x@ z4N#YMsgB0n;dATg=>F)OSF`RLwdp^Ik8a0O>4 zF@*XsTbqstvIz(C`N_b26I{stYaD%HW;MmHgq2}C3g4bl?fT(`2dU--!L_nAEEm;P zbUIS(b{~69m&9P;J?twCM0dXUeNK*%^o$$o?~wq&P_M8G4_goYIa8`KANA-{^_91k zkJMz>!K=+5I)jW3aSAusSI7#05Tq9EA;ciYP)Cc2!_8nyAyH_>@$6CImfFtDnU>K9 zZ@`I}dJxx`$4V=oW<%)}XFZo2w z>@+^!Q9Hx^f#D-)v!cj|4$v9WAQ>ZoJb*Anm*Sgml*||`LG(lff{ycnT;N004K68 zThNkke6D5GZPIks?}@Ti<&O&ktzT(MKT>Yf`Xve*XD!V2nPcuSm{voESC?D0)pqrt zk&v~?NoZ+GYQg-{`WUeG6yWv}&a!&IZJ1cXb;gO*^4e3fK$BmWK9t|tPb@TBVbVbg zL37umtoq5BzbW2wk+YGEo~fTW3rLuUS;k}x2&qGDB?=mdl3mr#`5|=UwQ`{#V@eYE zl!uu?S~EPTP^!mc=BJ6)UkQ(Fu9(hxs!o?g5&cT&8!=(?KxMKZ9g<|Aq);08$q(ol zIsX)!@zF}%iZZZB`Xlx0XIbE9)B2D=$!tDq;3DA)3X(**x0Aa9ocJnaAmjD?L*+0^ zrP#pcW7hPYj6pfPqsqG!gW)P{=53Fw-eH$}2LK{X+4?Z8b`v&BOT0RiPQ(m`VAQO~ zE5}!%)%Z3kX*~*ag2`angv(v4?)HHfu+vRcRg20$6%3x7aA%oQ^s(Zu z%LK9dEGt+0VV7@f*QVBX%hTh}R~Patl4O&K1D+w0-pRn~KIRla7F+ONn z;n%WV2OvCGXK5AxV3obfYIfC@dLmq1SHi{z_H&`fP!M`)*IadWJn_+7e7-2H`Bb=W zl5(@zM^==>2tqY@sxEOB=BJ`+lB_vx+WKhgQb?@H_cYf>^sy=QE(`&h9@Hf8Px`!#92$jUlx-$P9=g}uH;&8KL9S{XRr>uZx?83bsuI{e#|6ax0L~i~ z%%fv0+4<$ixRAPWS%#MFDv=bsH-7#1>kWd=r0>Jq7D@j+H@$bS=jqbtQx2|hgoP6jkt`;VjJ_MecrcjaUMq*peU3by{Wx=xe=O5 z0R2L~TGm(<2+r{u={2x*?NkOTW~2UcHfS3-Li2f|3%Xcg#d#03qxo>&*W{n}bA%pi z29bm2IcE%|tQzQjIUmwp&rQx=_dbB{wB=REB}?3Mdvo&9h09P4obbY{^r;*NfItQB z-f)0k3YeCS-1Ee^%CT$1o`(HfQak(~(ZK)CPu{0zh~+FtH^5#Mvs2olYdcb2&@i&Y z%NrXT;hYvFSNT0!L+>l!Il-GeiTfv7Nf@?H@UJDZA45D*8F8P$Fj<&L&{q0h)R>aC zQ6L#x8F;eZeJb5FCGon0o8aZoVJ1am=3vvZ;g!wxxm$VJnzqSZ+%es%K-idm@xK?0 z?yh5nIobLLm)N31gzIcr^-nfDQXU%}Y0)PFjsu#1jNZ(b+iRXr5&z*d=vsl6M zp@O5?ya!6G46<4@E#x-anTil}!HW1p&cpn*^lvV<`$(K|&#|nkHqX3!tn7kVujeb4 zA>%40iYOAS20(HIem39KiTZ37aRy6)i8Xv}48C#ioqVwBo7Sm%A5lxzkkzCTY;k>R zB|=HbFefwbbq;#K)`B(%k^krp4-4JD{>R;2W@w%U=1Rzt1>ye3OtUg=F$7PPu4VCemy@OS_quRk~G%C!cX5r3Fxqsf?Z?d;yF5Pw5_E*u#@Lwry`uJeuhb;`JlZ`f0+%JWi`JiKq ztH~9y!svG3&eQHk$C}kLr1Lv@`vvSr9}q_&%(1r)IujPEo)N_*glVfY8;E*E+~ z%DLNixi`Rj#vK$7JS%4+I_Crd+_WV_V10`|YXu?W%5)m_NY4JDp}YV5wJBc~)DDk4 zf8SX4jYwOiCVqe9vYb>gRdV&oSWuT0CT#N055wB5x~VVK3O3o5fe;V#(tq(pL%B-kC10Dc64G2n0$HEXUr?tGA%EC^@>k~ zS**A1b72u=*RXfy^GAyWsgm_>GW3@^T9>uU^cY4#s8XQ#VPqKO9koNUwzi0^<`s~P zXS5>?m_sBh}UeEtGy^Ju9Yo#t9~AHA({DL?4=$M%+&J-DF7vH0w_gL@=SSCUOeeQ0M(8hAPuo+(AmF- z{}#1-=+4o{d+{1*X2S=`wDv#v&FihYoCW><@}71pz3tUt%gG-t+(84t<;@%OF(2)` zy8EZ0;=qF?PR2Yl2%5)8qtxlA{q)oT21YUR9pvP+zoWRrxJHlikfncyJ^-49J!ub) zH4%o-TEv#l)r?2cOKdrB31``U^b@UyysdiKiE1bl1kRZiW;3Q(_tv@J_vKf~l!cLk zLrP1qXF(&+orq#Y|20suBjH4T2dEnQOqs^!Eov`vaq`1UQaV4aF!c3Yrr&7mX59Ca zgVSql^RK=5eT=t~vN>hf#?@f?6tWdY!4I)9f-5qhg9v0Kyn<~jH}bpr@}o@W+PbZC zHGyA+!fB_6IRl*h7%gi~o-vBR3i^+aXVY8K8a3v+k5RnS=1*lJ+D%G_pDcaH&nge zDLIiHUskmXJ*<3zUY@qRAN)IG)he=q42~Zs9y1bQTaOz!&qJP}kJT{3+EXB=2jF(F z^c1X-&=MIg^ZnwVg0Ya}RnO1w4PWJTGRrF9>pdSr=iDNurmu*ir>94V1Jg}wurO6n zD|{yd&kBD43y0>y)k1JDfI2ck#{zUWDfD?6dYs6+jTM!H7rUcw4LuwcyLZe*j1YbO z{*!C=Zx0;bj%MK<9dvDGC*6AZetxgu8@l0Odg9{q^DhK0q-GXL9Ow<@E{}|SAE*Vx zOz*neL7y7E0m6DAGses&R?mr)@{)8IkUV1p@Q&#C+1o){QC5W4Zy=xYg#JM0?iv17 z@w#*Zz_EEDdpk)o4QKM`BW(ac`b5%WZZ8!f>8q0+xax5sx~jSKTKWR*{Z^jng3i~! zyf17jON=$gHhdn*ygrh2a4p#&*V=lmcXq8j&cwXy$=h^R@xpRWV)fQ;q{{y}eY(2& z%WmGMYes3_F%=Bkd_g?Xd=KE?x=v%-WarNT@V2!)Q!9=AMgED#+_IBh;7k3@^^?Q} z9OYUMHZ_Ww!HU2XU|Js;=)Xrf)AN{bN>*o$=%qbpDoUC!E%v9pvYx+PfbuGgcRH+* ztoK6cH{vKO&YWJ6sA6!loF#6-&@QT0&ov%jY)Tzp7QJvvasa8wBYf_0<{5jhw3kok zNSe%q38L>@au`Tz2Xu59Ek3qUfEO1+-rIB#&k{YEfvt5LykuT$gLdTob67;UV@2Zf z!-9K{aV7Ry<%3oWVKW|6a(%0I%-7+=8}A4Rh+(<~Nky$GY=<~GyW~C!h7prrB1x;^ z3Pd`nLydJi<#(LsZLO)5gjf3sLm)ZMj@{_#?fhqRr@>wV3A4hiBV++_bPvhPrKHng zLfOEC0`vm!cW6$jBpKMaO_`{Sel6;~<`|kL_v}yUVK1RA;5c}Ul|VKbPh1=!NFt5f zxfdAl{7Dp?YIS^g!_cxrFv~IXk+54!jZDzT=Hl^_e1*~rQF?W|0Cx?sd6uOxL5?;$ z3*?(+e)ZEo{(+?&W&lf*bozi4?MkrR=o<;|&@HK6rypMrYf5^b5%IkGPl;4TsCv{$ z#ErVK@mc27O1181`5Oa%DBD*psvpxM=bB1Prb`a2kU{es)pTR>T=yIx%AQnd=9|4d zZeR@TozLXqJfN)+E<{@>hq1EH==EzQ2u?;tusw5m65LM+;fH zWEFj@VU*P;m<)(8@_Up!R+uy*knbmy#k~FdSrYOu&BCf@`D;&{@^wo`O0pL!s3i+U z@osZ|xY?O<+E6fl4cGSHy7BK|f7x}T6#yiFCrSf|>H-ZJd6n}>@FTXI?mo#vSNT5&{976{2Cuf=4zhPXpgFIV6Q zQruAh040cNRVzp$4|epsS~lWYJqmdRt695Mye(ow+k-~FkL70?zgx= zAE3|NW|$IjtX?v-3&sI>faI$T#Wr`4%S7$kKNlNXMol_Lp^rn8Rei1;b52Vd~J9|xr=sv<>^@GH?KdfYd$C8!CnZ`S>|gxVqKllber{n(cbN1Z*&gZzUyLG z9z}uu5;sqUTigs$RuXykSGoJGWWaSPmGJ$;4#H~gBk^~3MQ%juf$Kguf9L0(QQ{8H zmU|Hk831Sf`JPdWGO_VHEK+N5vNA&}O*HduX?fkSWyD#}m=jrc1kPijM zB`Xry5IUFw#)9X|W<^*ZC`X4-A@kcA-}IZ!{+STZVSbW(VRe;aMJ`UdlRmrwQR(H+ z%DTnb`RGA23aeU#^i;$=?JsV0F;{F9MvdJN+Zf*_HgjZy_h;PK-|VfKJT;4I4m{9y zTdDR3NgIg*sZwx)>gJ<*!gviPQRgWt?ATQ3Vj|VF>E(BG`L}&xXWyP)GdhI2$%_1d z{x!#oGCR=leRrL1*-howoBacK?N0L-w++Xei@dmjQ&vXR&nhBkP7@X$9i7j_T^yg1ob zBbO8<%lfbB=5WPYeAh1pa}o77>T=PQX>Y52dLB22GZg35*1hLJ3E-;TBtV~?gGq90 zPjo=U0Q8ruK!wdmkE8KZ-7U$?7RCu%I=286yJHA3fq~C- zNAizmIcUzB^Q}+Zt!=CcT`#><)*Zz6UP60YHx{KtR*T078u1`YnDN8!8(GgODWDE< zz0SHO!L!I0zQF7m3V6mi5$=Xm%!Z z#J?F`&hE$}C_mr0NH1$QBcv+SIoFTKYn(lieG>ab|HI#TS2eHr< zS=2Qaj((Pz%2;{^Opq0aR%Jl=YI=G8zZLuCeN4P3T-N++W4b=?S!T;s(JikO`vBX! zeZvMR=ipu5S0dz<0_JipR06UcgK=M2!(rwrt|ZqgsLu95R{5?q8}9&Dd$wFrq>8?R zy3ff6oIEky3!F?;P&xA9L`Tx6fAO>-C<3SEdSPMV74qBP8$9-$0*t^(} ze^Ne0$WmRsibscEUdCCzbazx|;+|s2Oax(bOCfLUyVXp^MnmMl6*aXak8%Hj?oRC~ z^g#Ym?Lm?nRW**DbZhj(NLR@}{h$1IuQW<)bjkSzAmo3eUbdy*4wpEU{K6!%hykPG zJ6d?#p@OKe0|S&T5rdUc9HIg5K_qF}NVlokN@o}d(LLR_<@CHceyqpY=iuaQ*3^Ar z1CJ92n*Nw$T9`>_H%TPF1{;GCVjSrr0SU~}cbA7l8jcZTsl0)Dt*W^tGyJ={09fSQ zXCc??t-_;S(6d#j&xYF>0i?&%0pnl#i-8@NL;Q(4H;1KdhJhO;aTvV@tK$W^7Tr zTO(TFDQqXh55OaaWWJL&a`qZ|*l-Vz`1*}t$N6|J0d*Pm-h1j2dkTM*y=f;96LJ+Q z)@mYhPxwC@7XGXM_GKBjXCS*fpZY}OcHsJu4ExcGHI}r8dn$01Wq53T z>McPJpm`Vq-w@9}&8o2yDv;23VJACeDR%< zp>fBoI-|Hnu3xn5xMhkdchR;##->-Z^7@e@hB3C||0FtwHEp@dwYX1BmYR~x)90FQ z;Js>y?^1{dA+9}JMwN#8cAPB2No4ll3~%B$5Xqm~IV(r^z^ayh2G-f9;d+Di)z6NE z>EwnmKfBETom+GX34cQ|_2M%n(ZB3#+GJaE-m(u-K+on5*)&5LXFcegKBx%F`F(*q zX}R%^XMf}Hdd@Y6Tf8!BP2|@qW+6gjjRym{&5zsY!C1pmWjb!ZHAmgQ!oje-nu#Y(Wj5dLXcSc0GDXJm{T ze+5bUMd#Vb)YoF z?D{F-7d~+V@4^HAYf++hDaWtPRTp^5-AKJl1 zc;F99<<8u4b2njj`?f7Ud1>;-XiH?;{GmDVz!e1$sTom#)A}qGoCFmL*%W~Z`=eD8 zb`V1TTTr(eSl~lZzG_W%n_oUhYT=tOvD)Oqd`{zZ@J8;0*S5>XTSa7-yZkvokV44q zY~R@{Pu!m(6KUp*P4Wr0@cwnedG?*Lnx;}ra=IVM=rbbXLemf&bZ2WZw#|L2EV@eF zPf|L0^1)mE*cAg~#7DLxP{Ml}h-^9Jm#hJS*09#=wV#Q#Dpa6>uv2Ji)x3na@|Cj- zEEje;H*B98gW7!P#v!FD+2?qKW$M~EhlDy<>^`abJB}y;UQ=+ zx)W5hM4O`WLQ`@klDTroUi&(Fej7+|TD7vw1G0pK*f^bTQ}%fXg1maU^84?*A`V8- zjVLqv%-C2ztuGso7q-$G7SHi>s@6Z7-to>{vE^32iir%v_Fy`jJB4{o-86;NyhSen z@GQK`?44BLGtN_*b3CdHS>jPi?~be4Q{CaW_@nPCxHHD9@XXuZ48Ym~}bWy8L26z7e#N?h$e{&)=VQa(A8-bmifEgp~%0 zgPVmvyQRVwau!Q$@5x$2Xn$*X*bp)c5Gx=D)FV=9kp^8Pl|Tu=A63KW5eUC=OJsMPpEQw`sA z-(Bzj%oYJ2ao!k^uPu7mNR)2YAt2>{%{SW?Sztc?TZ}7}tkSV|v@sw*Sa*6_S-t*Y zp~++FQA_s;n#~uM8d-oXcGiqBP)mg?-W%2;N+CV%$5oXn4NkO6@y;~~ilmFlSwh{5 z-o^?O(A>}kcUhUo_E%bJS{fUiH*sY(f3h{gsx&`eG2_=uigbY#l{e>25poW`sAz|V zV-hf4n7F^YJ7>?b{1~eUA>=NZn;#fS!3yAG#;2_6Urc}za6PvB_lelKW7s!{0J+o~ zG8$xi-ROzYxnl+r|Wldi+n@>cICGzfRE3y1T|V zaON{Deg}E%94K>#z*0L{UTzPd>o?zIDA|n}=u^zukOveMkkc!Vn_nhxDzzWW`_U&g zSeI%fJhOZ2^)Y+FlS>6)KS{t;DwH*)vzRlx;&QcTW_9P+@@G+NJIi|#7P=ehNs#K6 z*>QkBf*69DqQ}8!nrJF#ic78@txrM{h^GQMnkY;RN5M8r^{e zfwRx;$qI}9Rr<^*2&W?7@XA{P27)x1&3yt+M!x@QsOQjy-;&$i9KdAyI9yvA?1&-t zQas&P1e;x~Mvz-~x0DOKPxqV+pG>iMR(OTyc~ob3o`^f?TWAn^2w0+ZxBH>_-B3uz z+jjyvrs2((xtE*t9w(24FXT-1{YlV7Z>KjC`zLZ5D1hIcS;UAf`LKpo;S?EQzIY%X zEzx8E)_1daq(S4IUq|}td|tfVY@Bt&LcT`ZPmzVxk?F#0FDzzIXF5@r?)Pgz@N z)(^p)H3$0b{`wO4NEm3i(|=hSn|H17rS;+bJDd`<2Kx}>#5YhZpjm@`5a(EnYnF5v zbb3vUaFt$E{x&DJDC~kCq7^?{UWKZOJsSW1&+sKww}v)SMZ|J8PAvx$27#zDBMN^K zR1r!Tk4QtU$(kP%bhQov8I&sHUPUTFf;Htx-@tnk*Il||K3n>PAR12V^gQ$q{-JrL zRf6y4e9rfe(WGB8jhaKj6(nF7toez8mZEL~DGq=KMXR8OQolI)7wM-%9^` zbwG1aZma)EjZNKbzG^GsUp!-VS_U?hK~W^N!_h;HQIQbB@999y?I(8{{TJ00rvcfjgvd#vMI2CtR3u^JUKmbH&u!<^2Yd6n$}i5&I^M#R6vW< zQcmpR^pE+`(P8WWiFEq}<0Q+&QzB=~-E3m`q}zo$=J7-;uOf=5~wegCz|ejOx18 zpl;G7tg91KjDp8?SOq&mHcVIii!EDb`J#meIvN9(vyD9XojB~$jZPs5{qqF$cArTX zxqs05QPNu|y9fEtCI1(b14gON--aIWy#^b+e`+u)YHdVrye(V%Fy7F-#*eJMeBmtR zm)|-uR^OvKyW0ieSCZ45GiKOfEy}J-VRy_tmnaX+C@Q;!SL`OXkRB7|L%N9Ve&*GI zqdWdb=Yg1*L))E!V8fnf`wZP9m2=H$%FzQ&;|Xvv23?79{>Oe*?OL>8it^HQnI$a zWY2TaQkA<(plzIm$k2L>gosC!sG>UXK4RQ^fvs7$b{m*tQSbq)#2YTFyHFc!Hj0wL zW%O;+ex-kwY5wKflah=?E%}DG1RtX&ZrSdE3yR{U7DNC@^?zt(-~Ml&DMW~|LjwSs zRvQ3w+`^W>nvzVCgGlSnH74u|)wPzhZ_Qt9a_uIF& z_RG5BcrSRehLt8obV3;xac00?@c-zB;}!ltw9rLt5Jm*0{9Tu}Zyge)q&$xkuQ40k zC9Fdp7=i`9%)!Bxqhtc_erR&Asr1$;2A#jdVo-Il^P!ATT};COA}gVBooNQAABxhh zfC*R$rn6^x9y94X^VBlhD!gfBzTe&!3_O(dnN?jkA?411Hkt;o?e#!WI1Y4E{zI-+ znS-i{YojQ1)i65CHG>u0^0Gm3T&boG!iW8>Jejt$IrWgM*C8|WS#qqKc3EE^O58w0 zr^UyS8W^=-Gj-H?hqxTNVu*QQC(bZbY^JKcIZ%fHXt)mbG^L` zP*|ibomZ)W>kAM>>-4pGwivJV^281U!sLO*k5DZXxP9~68xSA0L?SoO!;~y`??BRZ zr^2hnOWaj7LPU8ew7cR=z5L1%Yo&?}K#^$xi=#Bua2^IBTmfuNr*F88OY^e|`vR!q zQQpc3_>n;M;}WL|;t}$(Cx09_1Me4J&1?lBR(TeiR~F$Gez0m0-+NV^H@?sQf;_dg zg`_$U|JPQ37Mr`CH8{zPWzojktcxTnJ(%kdFLJ#ZKp&Q)$Z``{C@Kx0A6dsdY_#-X z>bJOBUG5iG1@{gAXUWhUS~s}^f}R;*$d>`2;jBh|m-G2!^Kyf6U$ntKZ^ueWl8v)1 zNDS>|xH(dP&UMFG0V_Pt5krG*U#IM!r1EbtG_!BE(C=@Xy@21Q=c#_9wVZ1$*e~o( z#;$LEP3K0WkAfsyu_%DoTt$#EiCvGd<%Z~qxaO<7eQgD?!ft|Zr78@Lt^Gs?qIlKk z81dtOWu3#WE4OA&h4>%{M-;6o*3zjAJ>K9yfgLK*qI0;vG6!9HJi;ROK&SNe`$u;K zCY{R1E>60~-(Exea5cw4b?QD{9M~(&;y~BkZh+6zCF$R+KjmX#a~2FxdVuv)vS#b^ zwuqmgE~gg1?MOzLXJF38m!gcc#mlCG%rM`-pt^#se_PJ`=ep3pzg}wN;R}I?K_HNu zl*(m&jXZUuQSR|9KL2ad-T?@OKSF^-Nt$9dzr~Ezo=51N3(h zqzb~jefysmaNq+k0%8IJe0%~@A|gU!a#C_~GEy=!iaRt^6nCiakdaX_P*Ky;(bLnD zQ{H7{pkt(=qo@1lm)ybweg>a_gn)pAj)IJW?!SHf?Ez5}gW~Zv@NRK|Zd2dFqrUaG zAH)s<-68<)_MaR6pU17+z&#QY5tERT0T;liK(}w<;oZi^`{%BKtAl~>gYc;dXgEbx z2x;|fh`2oH#KKYwiMgND_tL+bLi32f@eC&+Ww^`8#LUabfB(Tl2}vnw8Cf~ir)ugN znp)5FUmF-28Jn2e+SxleIyt*|dHeYK`3D3>L`Fr&#Ky&^rGLoC%=(y}Q&e11T2}t0 zqViiqBdn>prM2yQU;n`1(D2BQ>6zKNdHBLF1QNBrvAMOqv%7~mJ~=%*zrg;v{3otk zAiVzw>wib~|BH(ni0d{!J{~^NKXKig?&~k}|5z{?MEv)Y) z;TC^|rhnr(MasYJnc16?G{NPny z8ut<&e*B%#x$B3kl5wzyn@}a$;9O=R!q;WkzU+DRG~eLItp+UgYr%orXG)6N z^?r5&s68^6##LW``qc`Ve^Jiftsu7x-_(&XmdUr@mCo`_iqOYd2U|1XQq!$A~xOWHg%U{l(F3ep+nueMm9q$1tOn}R#rD5 zy8;EA^GD$wv{kq#7=o^t!U0#M3XlFr<}1D6t)|DMHR44LH0pHs@_XPW0cATiXn7S3 zejvdoxeg_c+!rk^TD6pmHpW~ZNM8SVeXo@%kssu@)k)iDs+3fI^Roc2PQsOWRVBeF z;rXna;P1_R&B#eFu6limG#N&L$MDz5oy0ymjGQ`+HEavrxH7x zX#H@-0jbWuCow%hYnC(gJBjVuwY;rMdbeZ@d3u zQkX9+-6;lC=<4_)>>27HD5l26gfH7IT<1WmTjOKdtIwOmV>U8FAz)q+ue^hD)bzE^ zHeIERi1PO%Ov6=*L{VqA@jqHGT-XAjb&FI~Vio8&bxpjulv`S1@l6ZZjQeFg;b0Cb zp%iD*`;-_F`sybR4X;zcX_AY|r>- zAzWv4S$8z|FNk+3>d16CAoSQZh3vl=m{pdW=<)$mhipLpNX#57uQr$St8qp!E8R-K z0_e*X=|0>9{lY03>z+3o@vaFRkPUP*c8C(dBfR}3f}dP2>K14=w{%gtraeyL@NE@~ zx%EvspqT?&V#lnV{fqX2=fKFR!d@FYDVE3-^T|)&x!!aL>|)^1F$+2P?V6e^|8iWu z$W2DZ;uq%&BEt3~0{@^s_$9o*^Ug_Mlb@>YjF0vr*>?V>V`GpHM9AoEA(JPeUomYm zj3{b-MmU7XTm==hKQ8hVfTzU-M_w8fSuAOJ3cbs=i`$G1upu{gU5oaV`ufI5Qev&7 ztpq;4h#U2AG4IT^@@(C@{0jm+jL7!j%nns9=YBt_yZC$8-WhxdR~5L;_=tx}1wSHZ z9)<;@v{ykZ*m+jb+&%_BZAZx~ZRRl1#VBI4py17smyd@>YDZBqF-ILb>nZq7Ij@Aq zy9!I3n*w=~yUd%Zm4}laDf{X^YT;lYdxt0XZs=DRx4*~$v-0v59@NRyx^xZrMNJcxpw}Gn!7l*(Q$T; zDGRF@C`$=A&}G@u|ETYV{ZqZZ{g>V^9iQ(ceH7w(&VJFbM_>S#2$ufdR+?bC-zJ@C zJ)Egluf2docF&D$tKs4L+I$rrN#G)#cSDJAI+Z&Nfj@NwbZ6@DVAVNYt+wT`@5S^E zNy2>UKIFtppA*By2R!Utd5pULQT#}{PFQmaMS{>fY5U&|4=9EZl0xS;rJrt5U0F`k z;rhnzcm^!V)OrCd6QmHNuS+&%fbE{y*|bE=T;Z(Xp=121OiOd@6Xk%7NF`hQ96p4Wiu_Z*kL(aYCS2duaeaaaz2jdBIrJ;3FIMw# zgSfE}nB#hF5j~Ewi_dg36(%RqOLseY={K>zp%-dF($VnVK%*W5j4(j0&;j>90w4kL=g2}yl$#qpQ=CulUyu?e&~wlsfr z6yyG4uf=OO7I06VVqu%9T*TMB%Q<*&A5Al7HFrI+n!RN(4+s%cCgV&>2P$^*Nihr! zWj~BH0?K#wC&}Jxa>#KK;Zp@17`cV8?ogSHashuVudj%~*cLX|CyRHOG!L>n-3Z%L zbAihJ1*HKtE;pUtlh?w}6k@glKGiFTDR^>gaM4sJK6;(}ImL8e8L5j!8!xUD;A3M= zmc**1*?&p1nMXyx7I@ps<2_`$2O!M=mdMiR`YJg%t1WP{bVT^`+vkfW!XiRKuQ0rt7#ndFd|NZ|G--rY zj#;7YFUSg>ney^v_d3LCE?K@0D1SixP~*Zvx=+zYv9LU;SKsBwm7nGNn}@61nj)6r zh?sQw0Zfz;K7T(#I-G2zjY!Ks>iS2G#sR@S}uoXmHl? zvg@r+BVHKfaP;!r{sXdK!m~cxz?hbhHn}_Ncg(jBZk$l@ z>AP>Z;c=H50B%d;LH!qPQ8lF{hDYTdLBi!e6p>Qn?M^1Vc~jI0b_5Ri?;qbYnzJOv zs(ywle?yDJdk>F=aHDT>gMCmAX}&hwI;GkHPNW-^2j+D@2!H#@))feI1F~HX`y`x# z_+5f6W}oF~GTr~ko(=xNoVmP$*6IZdVcV@{>XsxveK6e*?Ujb;C%_f>tNkJUuXg03 zBERlohU-}j`V+?%9(=7;jmD>csA;W&A1+XYx!bGDh&9scob{m)qlVZt984{`Fu=tZ zjyOaRobl>u<0nM_a8`3icH=>|(3B9oi6}TASQzD@G}dg`57&f z57qNc74GPfdqW;VT*JJ)y@QPnSF{iSf3negL}B6os(>8tf|poNGzrt>ih&b=yyVENPG zx=4}eE)EPVWBEKA?3UwGEa^j5=PMRjemfWWJ!+G zK3d+wT>QP#&ayS3?h8$}5(5!DtfK`sN^HlldEB+=SJtfXR!4T`knZz`BVPRWNIg%& zEzZ}s-5*qeuS1mHoz4zoG@{NR1p8TXO3k)>c@<^{CmdN!efRCHHONafIm0-@iFuf( z|5b*OFvJ|mPS@dwEVzSx^`IQq*wl#L%2r$*kwo5koT-xD5H#%GDsSYny;Fs(cv{lt_~#_|StyQ+isdSoo+mEQ zaLO?LiE{Lx>}i{P2RRTt`{-JndH4$=v@&rH$f-vqJZu{wYomJBtcqx8WM$s|N3yWw zm+;l-e(ZtGD|fPX0=++}mZ_MDc>EA! ziK`Fm|Lko}FNdntq2R;XHJ73J1yMIn$2oh@yXfu#WvWjUcG7`AjF~Y znb4i)(hWApk8s->C@01!=9I}N;XsKF_D&rxsu2tk8vmSrZPL=LMgEm=7&M$Pf>*)h z*n1UZHkn{a(%eP*wsih?nspyXVICgdK_c7-eW+cPlCVkze-*%{4WK@i-A;0|Y+U8j zw&7z2Z!g21Hd;MU#u4yiS2wq)=NA7%96p3W0scLNa9#n-yD*Jxrb2La4$PhXX7K$P zE%Wl^#V&KE0?3S?h^Z1#KU*n9vbyYR&K)q1zHGAo_O$=e#%(4OEyGvDoFCq+;M3dz zx3r{;UguWxM1G~genYyw+j(Zvx3LXp*&dp!yy&mGFA0>u?)l{;b!A?#F}=>YJbgAo zBXocmoZ!~*yj}SPQL;w)jP24-`zS>kM>#aCH)nAUIn3x@%h$C~j_hK_MhwmahQ#(Y zZO-$F^^>7rR?QX=#m&pA5{Gde=N7-tYvlincmH(X};9&K#J?GfL zj8*Yb74KMHR+QQ>%g3mfBt2y{b!XU1ycvBF3$$e`vW`|c1|}qoS~WG&9LO9$mX{%r za-Bf;eyA{yCMTW%hniv^tWywacXhYT)T}5f5O#&nyn?m1e#2jvrc&e9CMF8EGw9{G z$E=$WB0Qs@SL>X4$u)K<6;sw%jIgi}{#858)jzhM-q;{d^*Vn+T1iXdsTHC`rzs*n3gq=5XhR-!{1;-mmxUV#1_J+Z8CS(j?@ zrohZ{b{dI`Z*@D=SHxUQwEL88#W61;DIuoQ_DyoxL1L;=%hQ zKfSh3jdxuetp~eoZ9nDHKa%;=7SBe3hD1TtO6$(clU;GjHRco6u!daSOl|KT#-QAH zkK-8gJ{JwElUNt$$iWsdr(`?1``ExwYA%2S=PXX=y2yJG(nz5+p?y{6Oe0E1k~F4G zMacsq;&~6^LDl+?_D-&~kD6(n1+yEp=G>B~Dz*|rnWbqG9}j&TwRR*P199`*i$8#+ zV4J!L-g>8Ab%qWuN(vkusg^z6{yoKhx&N?n2ytIG(8#>zFUaTycA~WqxGb`_I-g&| zrmq%gm{PXGMv8@$Vv7xb3gHYYz*)^wO}>6`@d0O7`j&*CmT=9D0H#t9#oGN>ny!6x z9R_t+B1W!myF==&xVkdZsXDWngALAbn%xQoR`sQv{!>-|_ z(EQh&HnAsz58N1bYC1|~{4`&L7(QfuU4iU&tg^uC&sU!A5Uuk!(}4@Yw0=k~k6n1^ zx)n*uq>SXzej(a6EWI(p!FK^6Yf7P_nq7uRd!`wkHG_q&r78lhL5l+!MUkNak(!4Z zSCzUjp9|$Xr^G^=seqZ;3*;1;peSMw`6=u|eIFzi==u1JD=A}WeuzvhP-iQ*sJZ8W zsGoX=!F>;n4R@78A^BRAU8AhyU-IfdcRS0iulCTfJwC{Xy1qZ;`A*(rWjPp-b_vv0?r#T$SgI#^HWg?@=lWF@SnBQsSq5{H3evWUKgix%fdUpq=_-nWfRD z+wZ1kWUazB2&EANRR;8(u#cgF3bMAgC|_7}3;d8{*1qY@43%xzMoR`V3RjeT^z~uG zDQSs5*s3)c*h2bdo*B{vI&Wh``^tAF?i?ZEv2USbT^ublxEkKVXrvpn|FLbRmTgkF z+w!Q&qus%=Pq#_7_79GdlxU~CCx79dm>=#nQNwX>mW~0ATd7c&$}k zg6P_cwNR=Rr@-+x#Gdb42B%kc*{?ImAMK1)6LW0P$X4fErmUZ*6k>_`5r9jF&m^UD zmt-5{@Mm~>hqwr|$^m{sWEZR)8$rjhmcLQ{1H~K0q5LN-m*G3)wy2!3PNA#o` zh7)}et)N=5e_}rT9-B2ly=yrCQtd&apa)BPfW3qDMyv13+lh{Rt#xtv?C6Uy1r_9h z<@X`g*_yh8eDEZBSzB9P=cm2j(c+3FNZdCm&FpmliFu*Mw7SZZJLd|3q`;B4+3s5y zi+lpvaQ&9q^3$o|Y*1nqNL__!$E7A{=sU(igl&85z1SE+J6 zvKCKFligt6lkmq;uGg`vty#$TzT7#7!*Vchqjln6)z9}2ki_i;r%*yh}RP&?qk>f1s0=h0*LP!J^ z8YS_^N0D-<&Hnng)WstN#S_NxVU!qShwri5t>)V$iD5u%LoeaO2cuW^!p5z>3divm z2imG=%2?P@>@s}9*<3=(6lPqJbA-o z-waw<9&{dE&JxM73hdtCt?aJ4%Ig--n8V$z-ce%x30vG(=6(ieaF{t%n1v`jy)iGi z|7J9LeG5uXkx$k|n*!&W_?Q6hkP4mwzK$n%|W`2**-<5t2 zfvr+WAH4Lf3R)W%RwU(D@hLPhw-glDn2PmlaW)v1#n(y<8x*6g?L+VP<+Ed9>lV6( z==t0r^!D@VKf=QJ`ERR-OT@ntO{{M)%31umVZKpRWb|n+UoS_( z=h)?^URgZPx~s2!k9v{2)jpbQfE$0~;UVu=IZv%KzT(gSfXv7O)lLD9G{ncFe9`6W z)5ZKBm{Q|1_GMez;;@^2ydw*EveF|n|KnMq)ps4@jsdJ6q!=#FJ@=lN`P--gDrQH_ zVo&Zf*}XlJRhTF03%xyx5g23+jXr=`C~J1k@)*08&UPF<)G~fozjc3uBQ5a#-DJ($ zDjh6d#WM8CJdWv$e~c<1tShL+ad&VR)gH$ckYjAg$U~q|vO?x6$mCA4CJoC+bhn4L zFdWqFUtTLD`}KuVmri-B6z!R^WuWqyWphwuLN<=K5k{n}#c3pOQvLAFYp=_lcX>iheZ-JBv# zn=IR-q==`xTw={nlI7leQh0X}0V>k^>jkkPoM>+`V`tOocj;ZlJ{6j~5aPJ+?Ag@W z38J?i>$gkZDL^|+pY)EPoVz&vE&H^=^D`IbY86?u1cG#xCej3tdQN*mYa94AZuSjU z5mO=D`=i^~qd$zy7ySZxX2#Pn3i)T#P+{+)BzuM!@W!9#)r|6*1Em?wAU|Li^oGC{ zJA=9#2{mr(DrOHW`G!%de%i3YYOyjwl0cYg7G$4fqMf%Ym^NJ1vgSRgoT9|0wHD+` zdLY>;ZZ&gO<=EEPF+I@pq(Y#-H`Bk!U3IYU@Vxd}N`kHxRyng6uspQl{)+DI_xq_J z>+#uYhgmnSF+e!#)VHmoRS*A4iix^rEAE>SDEwJo)u1}KGUYt6%ZkolzhBH>`TMa; z7gHEVeX31+lvHt6g13kHLwl09HtK$?i&Y~|mEBhR%^NxyHP_&ZUAPq+jA^TD_A?qD zBLTQEuBu~}{4*!!Uw88M(r8v~edJCJv$jj-g?xOkB3sQ)hSLbf>&s#$xCtx4=4zzv zSZRPOb2F%P8*EaUSDbQr-HCZB5FK_7Etd~pX}_txP?Ud#J@Bc*0*zqjWS?m8mi}t4Pgl$GFzLBg|ktlm^L!M$gXxm^n+Qq z(kpn%h={M&Ig3+y4OM?uMT`*1mhBf%3&VsUnzN0|{F>-?XTcQvI|8V~8B3Se9_FQV^O@k!IWI2u0y|?4ZeLoKS6P{2$-X}ttu|XSbFux=34xXL{P~ny z^m8LE)ZO;pIwQ!4AK4vCq*C8L<95o*-!CU|a$Vxw_W6?rdCMSng~>MK#p;J7tTo}9 zZ@BEU2hNw!?lte<%Gl8TvqM+^_JQUu@wuoolnN-Br@0vh(|K?9B!c7~I6Vq)Hcg8s zO^e@875iC&J?3&UiVNM90Qmk?F7KsFZX*_ov*Mx`!>I0?C2B;3wMcrrZv@>S@XN}``PObhCLaF zImSKrm5i5PUl8H38L0_a$ef0L@##J*{8iWgUFj~sQ>KB+7Q>nsl~%96nC>6she#a( z57TDwWICIr=!7(M7WxF68Nz{ZdZ`>E5lppno?wHYV{5_SPnY)P#`_pAe9RN1EIPss z^7x=1a(>et)h%?(x%n(ORPjkCQST}P5*-r>6QKl}q<+TDvvV|;>o3z^(waZi-cqN` z@L{f<$77+_!uxb$8LS5KyMzx4ERM3@F?Gt}%Rmx)v+TlHlz%(4Ib1yr=a?AxP$*d+ zc@BEK-#czzk6l726<^nt_zQeTD8~+N={QWV)QL%3tI9pTpmkCOOJ?{xO(T}zyBk--H_>!=RfGXQ{ z*g+CJVq*#_{uvtr02?4x2-9D|wZ@xyV`d#Qiv5YNW2tORf-bf?CICX>VU+!Kz)s-r z0vJ)ET?aPBeQI~;hISa5^o*M>io>EhVwlZw_=%`WyWbBFbKOX2fJoHuy2kxH{udaA zB>xe?Hp@!BW9aO}h(TeREOn0qlM%pvz&8?Ad!`jU|3@f3aQ{S}7hC$JJLR;S-eULC zp_uRE6qyCz;Swy;zWA!34H zVxj2yr~4xc|KkbdYen2&y4zmAE6vX8WA=roC7AXp8(-S!Z%R}cem8@jm`ed z`SYgTZ!At!uF3b|{G`RRX#v38BGahX;`-I75DSnOe&PtbXxh-BF=w6P2d;rf{ue(- zB_eI0GY}uD_Z-77dk&Tsu7;EX)K~=tT(Y~@Md(#fqocAl9rDFk7cw&gn3)c5dm$BF=C{10+sykM49I%_r91lWZ?#9;mBt0V=7gw3V33I;0XMW!NJSvQTZ0zJ2 zvK22HFKp0LSGxvkH|rC`s%10P7%X5gS9I)S;qqNJ^XTOh6?bH*(@fBP$KzD#d)plE z119mYRyVX(bk3I?bAsLhkWyo=)>-^PcF|;N-HdyQWHcaockvOtoITiN__6ahupt7H z098im=&Ng$cFuTD1*U7<W8dhf04Pf&}dZeA|#<7wYvE=ernJc`K_c*X2QSH zk_T(v#ng(P(Lr_I+1G@B4oV1iSQb&5Wag=(1(K6_o0z1SQKkc(BgbobXRPby1{t`f z8|ai5pxn=PLRhiiC6sT~Mb-l1s@IU`S7w&&D~hLL#Z0!#&}Bo-Ai)po@KdA&SjXovBq&DMIW9ZoSAu zJ+LddlJjVH6yy?9SH+cRF=q@5(!X$-Pes2udW{*1>ktPNvy+5%DF-|xw+chD;@&dQ z#)&3)aeYGL6>T8ZO+L_1PXf&eihuOLYgpmhp+IrqosGZ15IltJW;*QcTc0EW{YaJI zQWvKKhY8D1dz(oa9!8w=dO{tuxe3v?Z`0oU#7g7#rMvat%oh2yS=)c* zWq-_c^mTX>pa6O#%x&zLCXwN2@TSPPmvoK2L+n=X1?Wou!D==KV!POXf4!+2gNFpF z81!F$?Yi$;GCs-lGF|+p%kl8;MWS&;&ka?p!l#^*oPQAg#@>262{-IFV>e4P6OC@_ zsoRAeS2R^R8;3043GG?xKiP%l%wtp6wUjvgR}JBo;t-0lmZqi&wazxcfLJk2QVoc4 zo-dcs(;UIIevW44pk3TLsuxsbuqVv-gT1Bk?PzIVD9{8`G@My3+l1h z^U?c#?8u}Bwd*S%tDG71BAP$LkQWpII9t3iEMem zmGObcRa}MIN3djohKez2F((FDH{f)`xMJ$Ukbmc=r0bh$ha3v+S3yUTVxrA&jYJ0@ zGwo$>*FBrUrl5%ov0g}4`Tn|Er?&H~Ky;1U(0b*5BeVr=pxyF zT^?#Aj}6Vot7)Khembkni{0{avk=IU z(28O3*sa15E#KWJvo)&GxUKhCsv_HHSH#vd~c>`;*0Fwjd8L}1m{ue~O`WU@A7#8~3 zS&46IqwVe#Vy|rTDednCJN4!qz7g}=BoBS-n3!q~wAW$tbtp>Wed!Py^x_KEMIw4u zm41wR{NCGf(&5yJsz?VxDSV#m<36r>s4{xstcLHxqzy=s3jIS?&mnAoD_V=+jN)G24nAXOEyZ*&iR)kpJ0H`W{6I?0{fIOx$ zKO-&}UG%=kB&M}A9&zED{IH;}AVCi*IqM3OS0=y)>CGKDIv<=-JkdVkF=1R_kS|I6 zg1_zw2!s#1r-ncOg83eoJ4A&VT^X#!Mtig$Es7le*WqM zJVZOI{(9;BH~WrGbWD^RPEE4XRJ+c6VMMY&>?Ma6*^l`ZhdI2^^!z`Ql3U*TyEZ

tGbG(P}B($}8rlHb;+SKw+Eub5u`V)TM67k5L7tgO>VyheID zmykb*jfmm|&5p0Yq%`W_IoE+cUU~M?>}@YqfA)zEdKY{gqwl+Y06NPoBQzo!=77!o z>5GyU=|Spigpd1n0iS_v8u(+W`jmUFOXvnb&8Qu0TpZ~LsA&c^|G!NgXu!KyHj_X= zcwU)Cf2}n2sts-4bT6Kc{K`X=5!)b6sr~DtO@0KwU1aiVWdo1r=lu{^#`od5CeE`XegyeF}%o??Di)_y|#fpC+&kVk;tki=bK_=cb@ zD{)U}rz+6DeN|$4_I` z811f+7p;P$#(L-Vt$j(G*$IZ)LYFcVU#)l;cYbt&a?llf?W`v9+1NFEg~3uDh^Ujg z3{XzAr|S9JyvtM(Vdk#`UVOyS4b|E!6*O}Q!_$FS7GhVdsQcPTn0r`)&zLcBqb)eW zv2Mat#XfY5M`Su!FcQu(!CRl(ki<|#(es|2P5hXt;DoW8t=K%cyCGP}X+%ND2EFTh zVe_e*(va+#r2Xs~8a?u!-MWu}zZ>CLa4JP#m@m=XX__8)r!3p>x95w^q;<-8!E{O4 zRaTzcZ85ZJznn~4FSy_l;ZDQb+l)xo+NL>RWs-(oX6IU@_!64e4;^eOHmE2N9hQho z!f+2`xmL;;KYc3Jtw=OuMR}ab7HL)#1I2Hx{{u@#{I6BvQh*wU9P+Mg4%&L-ewmtBw_bIRh`cPIUq0-8C7y!i+#DT#I{{ZA*sLR2z1T3Su8e$NH>)3wK9>Go@u z4V8V*+ik=tfB*hAx1jVNk8auP{b=ro$&HfzK3Z(U@BF6E{br6v>J`!mt>NF>A9s3+ z#8(^Q8|;G(bdb#%4C84VC4z0k9@pTHJILq8JbQ?vGVs*P3~~Ily~jmQ+=&?Zc)|TYKgV>C z%BIjjlzrA!mjJfhx@^@&s|_ z)VR;OjHXY;6OnGaXslr2S#S_1BYZj~S%K0h+u7$H7hV1uv(-@MMr{PnXwuwEK@I;> z|8*nH`(fDr%FbQY#^!pkUSpv{=rV0`F6!PEnjV<6ZUXbdAL+&VCqio-v1y$E$p`O* z+K;*cH6(^|CNp&M%O5te{ZG3}hO9rmRN(=#tM3aj)JNa`ce$vj(x2iSyvjt2MVqiu zvZi)U>E;H7cl_k|Yw=f9!H)&N;H=_NdZKR`v#<><1^DL&z^5gZq5p;}{|{#mI&HkY z$EKd2r8$;Yst*8X1b{(;SW-%mEhZ$Yp?-Hr{W6F2O;S$*3Y~M`s9)-FgzPYhuv2kV zPm}@@ob&IPT+RAqb~GlcZDV_Td!I{XilaqCoBn*estNJ~qR~{F_kw?i_jD2<+PK&O zeL2s%>HDr}-9{+ER%VXzM&!>_lZV8;JvG6UYGjl)c^5Uac$cwlCg5&vqSUX8{jGTK zOZQvPPq$M-4pXZ9cA$QMCB>6{G*UR96|hn1c!8h(-_PhfIQZJ_+6=U468%CzQg8?W zgAT$bGiQ6Kd?SA0TFWcm`d%bLs{U{>eIZ7ABd)q%4k!3*k(!Q+-wKNdw=IT1Y|77=Xl*A#tdlo7+ z-b0u5=b|%lKzVnMxjl3%UR|)#ae(*lW4Xpi!kT;M0GboB^L}ptkJoG)|Med~nmJjN zSODmdD;KT|SpPeKe~vdAwSy17v-ha-WLl?y>~8&gf5NAsPk@ia{4IZ>&%Xk1!*Bv8 zGy?zQzpYuu``6<5pI;yR|AaVo;nIc*W&i94-rSO;ka{9= z*0GJZU-_?TPOP1Y>da2&7n>;Q~!+*xFyOjG6nZIp;CI_pvfzyz+ZZH>m?YBqBp#DP)m3 zjGf9EZXJwJhdKjR6urSv{g;+HKX#VxTM6;}(Ae=MO)>M{n)UHt2N`68W4-;ZC1;SD z)vp-W!-W(_ZOI)Y!XC~=Vr_SD@DMPCZ9i8r z$_f52|87p>OQLgtyGjaU_hp zPil?7@ns$gWtg>BQ}}`5A$+MJ6FN23`ow3-?VYi>sOY_Oz>l~`BAYalg^K*Mox~l5 zLtTP*(lK%o5fO{^$qRLEHij zi>$3E+pdw3#EI#vTA00Z>TsK702|9Pg!ttfmv@eN3Hc93_IhAmvt1R^c@%qon0;=~ zHYl|r=89Ck4NSkz9QC2&f@e2^bshsJkr<@40QAd(Z!SW((%&FJv}<>{VwdpeN#{w7 zGh=pjA{U#8jc>0ZBo=`K~D>o@VDYzO&$#%as@@mdz%dzueg8U&}HS9r>@LElbe|ZDU zD+mAHR&EEr_^GXuIORACNq7h>Jtey_~#jmb&zY6mdw^uzoCRI z>qRkFcjHHyX5!k_Hm9ejP-cvBxhbmeqG`1MZ@O$dvKK*ALzX)vbB=d;gn#Mv2%p4r z@>)_R>OQ2(17E_STqKOUbCi4BvVd4IT?Hc^48Y_G0RP{05ngUSr2tf%9zC@S^#H4y zn^j0cr78!uYxrT+Bu`23S+zX?UF0C25n}~wf$Dncv#~se3|v4s6H0mu4&m0bi%_)X z5Ok9^HHiE6HB$`GLmhog&A`nFwc1O_KFPaz(P7pT2SdR_P@;6VcQck`Ixi-qQ8xjO z&;p74HrGqP+GlocwZYB6BcgvfuhZyx?t&C?wSL^4g<;Ae`H@i_I5w@_GyKA#?x4Z~ zDd_YYnSC=`d1wY;L6L8OF+GL?uvOQOw@$@qhwiTo_a==cP5vmUFHj_qLp!!b;(*;y z2=ndd+!lok&!2yIWIm5%j%bb=H=2kx7UCQ%k3Pi)T0{0VsK-2qhz*(Eznp$3Er8$H zJYvw(5~I$EuxX^4clWpu2^A6x9b9{8?qkl+4zq$e0y+P&a)dIF^Usd6VBms?Mv44W z!IFHzQU`!cZj%67<-573@fD06zsx0ttbsEroDp-Xs%6M7eKJsmT^iSLc`^gU_tmow z%_S9O<=!Uf9c@|S%L%|2^DA#pVqWKpg5HQA@3Zq6tf0yOL;Qp0lx~@pmk+N!CZ=iR zA2-@RT6pQfs0_qYK~ShN4V%ok4)*6<{snX`7Q)A15$ML7b0^e{ZIn;~D~HY44HN+z z%|AtM(YcJWVgT^QeXka6j(mJ?c!;OCdC&i6SX7r_$Z^YeV|Xpzl+>p2MGTcK+JW`MdMnY?eo?<67HrLw<8TeJLvs5yC(sP=`QyaGO z$8dq#O7{rdnxx~kQsP+9uFP)WYEt!Wlb9jk&}3bs&t~~V2U;<<7?}Wm6ciMc4^mO_ z2qGn0%3(o&+9?TRc8UK9|6RRJ3Q}q@wFCxEgOMh0@+l4?!8P9p9|MX544~c&5trv4Y20e|1q$3!$Gk4#C zh@=#}37LJmZi~(aDkK^pYc=DdgkdElOcyA$E^yq}W!rh5*5gd$LRdaI+e%)9GAkch zr+8I-A3gEeS&+i)rJQK79g!(SD?{dqj~e+~fH}r(0}Q$n$-JA)Uw%qTwbg+1T_x7Q zTXD!V=_`jWJCO;yv9S?DdtXc;BQsNM!iV~XdByEst&*&)EZvHtVbbZI#>MgLkLx}q zd6pN&?kfh&5ifixgJ=ITIBi}YY1Nw)+ack<8Yw!2;Ezeq8n3Obu?3!xFa&I}ED+?U z0Hhq<(}r$YY&l#?7QmW$F(`7vQ0Xudu!@J8!0&*lesNIqsL23@CqWDaj+Ne4G;)Gs z|9Np+a&|6Fatby7d2vTRt0bjZ4_O0n3lWJN$_=2RimVWxZnT~Ui`cs^G<+5RV(_ro z+)4~oMl@>Huzy&HSHfGlwj5O&#Esv_6gXTf-5(oK4S71qyf5LtbC$0#JFc9(VYVZD zYc1i`ajCUu!!}zWbt*1Bej{D4bDHqSPD{7sN>$n8d!JPxJsZ*OR&0j#lQGgGd47#;dp z{v-N~^|3NwiBHrwXa&?NVpj%^yh4jIEks%kYgVN-N@5x_S^zGjr#g$sFLEBiexg7k zLDKzll1YI@KF1J6qSS00jnPY4d(;w%nDFjj^zVAYc9$o^70C9A{fA6Dzk&uSB58w` zpAfRj6#uiz<5mYV=5WQoEaj{sh<|BJjY+0~LsulUz4w(XBI(6TqHz3Zf*>}k;OZ^n zBek!rogaVAJaH+obV%CwL;1QT;)ZsK~Hd5V$Dzh^Th7OWNd8UBn_ zbtC+$;C+f{siY00^A>b7U*VbsW>({jDvQX*eaM>Byegy+H8;)ork ztn$qJE+EXA8B1IWV#ABq1sbYhTDjWY8HkMKPOT;jy(Jbz@B9X_=|1J0s7ltPC8Nd@ zCWlOv;MI*>F-w!Z21k!C&QShsx}2PPsbn{nYgzsK3k=S~8*~Lo z3pJ~}2Ouo;n_Aax-J{Rtvd*(c0;~l8$nghpAK5$@zuLYoBn%6nOs&E!aY5WPZY1m1;HVL@h0?+FSUvs@J{DDk=147NS0-0#5kMq>zFsL1Q_rnMbsrQ%7aEiPu!V z>wMRBkB9(?m9Df^j7xBJ;4C@&!yPqp`qTYCBsOkk<_SaI-*#ByuoX~Fn)?QXG7plz z<4+URBhk?HA-Q}iE3voJE|0W5-?Ul&3QH<)C3WxhOgERi%F~iOj2rwHu!zEq!u^S1 z=883s`~|+C^8MVAV{ydb;0q7rGoL8sKK1Gl+bq8VCw#-G6H+$0MgtS*;MeZ-I?g$_ zUCRsakQpiMLj9I_)K~;%8RVd5VFp?;+tlI-;35o+8ay(ALrN(I7Spryr{n~rT)Y4` z*Bs0SzSRAC@4ZBJ|4kbX(;Cyh5Qw^wU%QvdSQCM4&4JCfE|oRz%YJ^98qxi{Ua~W7 z;RvSN-0TN2Kfi(R%<2s9^uV#o2hnB(Zg>9#>Qwy>5 zk+m}k3rk+(+f}(?t(V1m7vrBXj%q)fZHDO0dfYhSzbJ3$C2y5Aba+q@LAqv~t$sz649|tTJr-i;wix_EhwLpDfn(4LbE6lB$O>Nw*$# zBBfdp`%j-S>;Ku`nTb??BHuciEm5$Sp(RTk`ND8=i*#ad+z`1=>K`EfEBR1qA)_jF zbT9x!(F=W@4gbP$F>MKwV_kBNq zf;@NHw;2$Hf*uQNyMJYsp^IPH4#LYU(-X3W^h}>^n3V+EANrdGjS&6KWLprm7OrqD z6A3&+=E|#SW=7VY<9Dszi@)sJseV*qLb!+MQXtaOh65Xy-Og2Wm3q>(8_U4&2&!tU zMTynd_6+T^p{z&w4>vH*#FRvOMDnq@8-sAhdwnXV#Hk$oXT++-uu|t*(!q_hyD>=x z!3H+dwnN8(T+RD)C;RhvqiEG$Ju#SH%_G`?j$Cn`eUaU5(@SDbP< zOzcFDel{?E(f8Ovq6MIJC#JmTV$Tm^2}6f$#3Ge$eM55_VRK?tL=5z24K5!*T>!r; z?Re6@|2js&abMkMQy!C7?|3~a#$-kC`XGU5B#0|mu=g>+a7?>(vgT7|@y%S#>8*Q3 z9Kmtl7kbPWeGy^&R03JkCzV!u#haB{x;!g3D`kx<7yg8xR7@N^CAERoO=%1#a7Sj~ z;3f7qFXp7dV@wfhmdPs1V2)%|^?V%7#$4$+QSlS7Crw|i^o^eDH#skUKEj6V1pcz9 zTD!t0^i{C5v|(-4<}xCMG8j|t*L&2O++Px+>Y5FXMO_Tvi~x||ezXk4d%}jkb?23z;QdFdo82XhSVCWu7MY>}MXF!oI zC8f`ABk%jY-@WI4=Y03x<39-O+3fhmTF-i(XVtFd`s{&EyDPtM|JhwbaESdF=@a;X ze@#mY1n9Y^O7!D598n@kxW!b{9}Jxh7J^DRO|w>K#Lsa=>^7}rqj*ZZxy8N zwUDEYB&#^`wjYvmI~z23m;FdufNPr?1On{l+`%Y9M$1i#+GMx>CeOX|uTnPlk7tPb~=8Nxp4jva`TKa3hrB ztU^RxEUb^K-->h{C(fw8gsEBPZSQI1zox#AVp!TD^dkD|S+zHk2T)(wxVwVVw+4Qb zO`C+ZZgN@Mu5<-)dE<88UzgcQx4V9AU*5j6U^2F*gnuGTPm@OUXZt;ugP6T6ag75; zIgIVi!?`&iS2x^_Zw-hHJ=Hu?1Domnk5^?KIEeevs|#b6ch)B7S3_7(EDIF6s&XE7`8_UJ|a+&L5?er+YG#GZHD% z#}kat%zfwGn858KvN|-ymnm z1YLlMnyht7^x`-166FrETi;yC`Pv`VJalWP60MZ}4LdhD_1Ja@IhBvmEXc2yD9)f) zcPVPtk(){JsXNPZIG1uDJ5-==7c=*0x#FwiJCqCwFeZ68!Dn%rrieJn*=7{st-Ks0 zj~w9IoNc&49*mxku7wL-^MbGHX^$z~F>DJ`l&yDF5Yf&4^-6*@!AY;dQi4avIKepJ zT0{IYnqWlS*z+L{IlCbqcHj`;WA;5aDmu-5=;@kWtNw`KotY)C13RVGWuvptbajSq zW_|ExEilU{L{c0i5v~?DdgLdDBhlwo^fU14Y`=*oK6DlMO%gZD`bfG+C8wqNG2MGn zIIuL(i%A~cUj=C49jUZ2?knkoAI9dzLv0KEqEBnlJ+5*Y&0iZ(RTdy#y@~MInafJ3 z7En>fORuQrRQUI#s?4#7H2SK_Oyr3d6ixzpdQdJ=er`aY(fmH8fbYq5+{?foyy12} zloE$vDZ$VbE$IY6y;sf2&W|&fmZWRknB=zx?oi{c;0k;apYnG+deM`D3COo($U*0T z`kPD7&v+QKb|vSY_1MG>~<`7O0`m04NwHAY<17CBDR#MHI!xA&n~ML zU|)4{4(B`HMW`c08byVxQ!q6^1T>4T{^$S?{gWpD$t2B1mISNiRwArkk*k%MBVpG% zUn0#j3;$%a6DtF&P8EOk=t(w@3JmlvPC1SbFl(K2RzC%bxTWyy+JhDadAf;_1;IJJ za~)|2$uiP%C3k!}(npMt`m`oi{BXNFcC8B@mU_V^>2{c{P(}A6xv1u4Bv+A7u>%r>|qY{8i=TCG|KjHi)#{9@r z$*-#?xW35K^+bv!W|xtfr3RH%Mo^wz6SH{S_9IsfqMtvD1AUhz}K9` z{^8gadioNlXy})}!e9T^7voOGd;jb#mYW#ne3>^Cc3$yhs5xm3 za;ezKq%4LA_8|n6+aFT-U3<0+=q%_KK~bP=C4z}UBAhqCF{||JGQOsB5^$1CnW7V1 z7eL|N@9$5{?<^F=5|dEGZ3|()kxxIZasw1u7)+G-@6Qg%h_7B)gSgWofX~!{g=|B< z3c`G6ooHnM{QL%#KuX_-Cb|PazuiiI_gPK4LhPKVwB{+_u5Y}d;Klozv)VtDcX4%X zr`FVEg=C}%mCSbMBwJ$GEE&M+S>mCBi)8;DVTz-h0E}(A)6GP_=11}yMIb_leRvBE z1%C45YXX`a{(pTC5CZ-__|uXw?C4Bz0Z(&o7Q&NRNW^D%SdHCQV7@nslgfhs<&EZ9(D5iFqco?vXOl}RyrikeoI z{t4vA6B9Y`rJ*>$2ubfl=d`=9dQ@S!^(ihYkt5BL83wxt*hH}2hZDmV?mKJ(cYuG4 zzm(4Xz#xENWUbK+Z@3j1vCvn2dgT?>SEC+FDSMx|6>{&YTmlv+oHI){A(U;OEhTbA z#6)#(U8_&iIgL|Dm}nr<00^jpR#$qaL zON?t-$^i@pD+H`?N&XAMNVLlX?;+)^YuYFWRDIeh)OtnsUlk0(?yDJ?Y{L61>Lkqf&!{xY(gyYt5p``+78J`7jSgevgTVWWn0TsV zNfG5|`_akYDRN9b+JWqS#P~`+{Zj19E&W5tu*{5DlW&58_y-KuR>?>LjV7b!UO)TH z+Sdj`s(?F>D45L`LTK*0;OF$9lC+zMl#|!@!gUmHIbh((@y3}jw7gkdZJ&iFMr(T{ z85;sDi*jqb86j{pGNCMB6?k2B3HJfq^#hy6K;27ntr}#$+dWXHbhD1pV5DI!g)d?% zJBH2)hee%EL^oEj!B`CSfTuw_ph2@AuJRmSg^D?geO;ejZ@`jXg1ZG{{dhua-D50r zp)C#p3qZ5LpE(X$%pKpy(UG>zM9_!=6pQ%4vd01J~wpi+_J7_F?-HdAgH&cq|M9EC#9n^-psT%cNZ9f`(iWW7hvtsa?C&0o4CjzE4SGa zetq%kuj#;0V>XduRY#fHEOsj)cEQ&|5^3q(R>sK+f!1j$vDhY!n&cAVmOc7vYfPA==?|O+VTjAKLkfz;F-Yp zs>`j0E32M+s^WPzsDNFD%mjgrp?hDkjhgWbAA<3dUFpvXQFF^G`O^k?_vQ%rg6gPHrhgQ+W zZL}k8Q}0^aB9B*VUsL$A@K(R~>s!M!O3L-=r`b)uH=NM_DDYUWOxEyJ!He6>5?) zzdseNY>M4i@Irf^ACA22K{19E+&JOb{@!Oe+4a%36R*pfu}QcUv_La;ib$$@ETCRj2oP`j&Nz@N`r|hX#E(23QFYC0R^h8S`^# z_HKVZSx2X3A-UMaasHu3uD+SRW0{qdL~6f5|Lj}&0*RTFPqTuu2~Iyt%InY*JuxeK z@Im?lGWrFF#)57Sgw3vc{~FKW-Bj#79@T3Et8WCp>9V-@AF<3QF7m38ndW{1R0(K* zIUyP4(uBD3w39NPj+g1o#Klj9HUCSCXh+y2BQQYx?0jR8B~@CZ_w1s63iJ7G?aU7f z1vwqgLn<}!slBz}0wmFU%`i~ulJUg-F79ZYt<#zq8MiySRM-_NmTCTDzE*8$FBpnF<_rC#VbUh*-!NTB@S6sf*N8<%BlF+3vsX(OruG(2D{c)wqpd&ZZE7!kmwhUidd5tn zok)G34E1yiOH7nXBd~cpjy&I`HfyPl?#xiz$9Y}F8gB~uFD^-gd6@`RMr#eu6{8zb zBBdK>2eBMIDs9@*Z9KBcC2G(>csLoDWfYop+s54_IoODKr}xfk!SF_G20u!%L?K{P z8pFA9ygi@vHRZ#fzhPn@O{)7{Wtci@_}2c%`Z1)D8h6}U&0W#>M_dTLnY+a30rL0! zv*&3QUOTI9_;WAu<}@Ni!dLy7^TXyuE!wkZ9p_KotO+E>8$QURkDTj$PRmr(Ek-A) zSiSHa3v)5ckxys7UM1!BVB*y zaET{_pGbrR?gTj8=G#y^F61yHkP6#tKN^j^04&D{bsd) zWwL*3p09x5O&>F)nd0+vh{2E7f90(~t^Z1vdpo|W%4Nz4lP5p-mHtHm!fh(rG^GMN zbsH%=V>vkPbihbd$N;%IQU3NH!XT`eC>ceKnG!P8n{8hGsU;G{#G7VTui%GzeD5aR z;4y+f3>;nkT1IMLpU8^-SHH~{_MTFVA%HlTW?}eLUn$n=}cm74u zuIj(swnVHsoOGgACHazKPbqQ5;iu^SBpv?>(&34;E`M^awRL7l;P#KT9|K zERnzK|6q+67Vih5dl2F~uw_@Tj9A-dTAp!-ar)OL-QNh4Ewg*!V?8~d`MgfL{46!r z>m{ndfwIxPUEbLsz6oDhhnO{xDLQjVp7kdjnLIZ@y+Z!AbnI~TN1ddG=i76htqfy! zu{jg5<>xlv4HH(qGk9Ka%Imf!Bl^`|Wm$lF z&l+GumPJ~u*ba}R&iQ>`l%rN>;~jcgN4t)|faMuZa`t?3&TOH)B$DyxP=2wAy9*h? z7ako~r0-w5gyowfM8skgsr1|kIHQ8aKAPeA)y0C1={?+VuyxZmPN>3F-i>)JV{C}z zO?u_$+J@W-!j^z{@KbjA%Dd_ZMd{yPr>xGH>Iwbo6Fi{2Tjo97>-7~m#ca4p`4oP_ zB(6LEu)?TsH(|i6ZQU+W!fj1$d*!u|kjq*+AWVudP< z;3sRNWX*%lY>zxTo1)Zb1+Oad;9?xSeVQ1fpJitb7;RLK(>To&`~KhR)Ly8LKj(SE zpGJUeZXTOjje1r^x+K)5wjDV7l(O)F)J5>89I&`aN9kw*UmD6=wJ@hK^E*`G?<;pV z>NU2((yYF7A|}F{@1kMsXWYs5;Mn=6sHd}$>q81GQP1*qlf7Hlr%c**Pb4@z*ce;m z@$$2Md_PcQ^-c7fx-?bZyS5SuF5bZo>})39#__|~BgaH<*1F-9e4OW^8yC@j1kseXpTPWYSuye;kes8QzmgN%01 zU(t?tyt(x6`wjg%k)*yXwxXEJ4@(R$-5SyT*?eV8^*K{*)8`Wv20h)Kd)#@^D5=Bd z%(iX=3p}8btL1${f>O>-+}f3m6*jF(9B2LaX08>!`g+k88{gaAhdR;k7n=^Yzi7sK zw>|r*n>cFoH0K-h7Ye0T`&4<`{+e^l#K$=hXFT$0Nl9ReAO8tdZPP8Er{~^l=2v@0 z`Q1A`DD~?@iO(R;WALC)Kr=fp$;a+qQfBQ9QdhfEqs@C;o=sj954?kAF-VE}7k(Y$ zUMn@QQVpDZCt0TP$5T11h?`|&Xi{TEp&^fUiNk?I)>|zrvJ)gP-A1C4OU2GkACli9 zaet>OzGYw5o$;$YyQhKDXwWC&!*NPF88mHn<+W>-mD%R8!3~e)G|k>O6<740i@V}e zBRL%12)BJE)^b{N7rja&68>r~*|Zw7-Q8LC=v{T)4c2`>ThnFHzZ_3HXk~U_Q)KP; z7LxpB&Kj%uWn2AjzOs~QQ}IjuJ~i$peA?aICt-w~iW;vMz>8_mO$hy#`P;OoAcCVc zflOCJkfger#NxCgYlyX~GTzCe@b)eKpU>jfLa+S&6m<=2YLQ_Hc?rAOQue(tAfPZD?Bf|Z@Z4o ziDxWHBV-4Clr!IfrZ4w zpM<~2Uub||fuOA;;LJP%qxirDL%gDU3^@H4@W3&!110mU;Q9VfumlLvJM!4?;Xi`z z{)HcK{1-grd%n>#0H%(t-)pab->)ozIKUn5=p!x6zSmIsD&7Bb!Db3*sxwdkd3<|> zT>MY4(*mFUg;g4#Uo?)R7Fn&hx=n$JzzdT!JHFF5<%L!_Zn&m~6)lWq6hMy9*mt*PKFTZrVjJb40YmyFX{IBg@_Wa~ zov$XG^6fK_f;lI|o84(KO?}rK)i?u#seKa#uVoj%hq8J$|U*607bl{Fd=+HRp?#%5S8Ew*gOzp z{P`^6mmXZxM(Nz^rN#SSNHWG;)D=O00aBI1T=&VTi8~HR>A6M2%&ULk`ger|mxqQ8Z)#Eil)Ei4@UY7v^J4s?_ zimsmr*lTjBHGR_iMs?et36+C4EQC{(bJw5UcY#j~NUywLaFgv!X6 z=U+LQ<&V^4jA`V@s}aFSA?tkTbu?Zadk0|*;!Bp*Xyw4>sK`ze<34=kCsJM|2LI?9Ea5Gh`^_6lmySL?9s~0|GY=e%fa9V5^z`(R!6stV?YI>3*2N=ai(9HS&axfdv00KpgoT}wYB7ztu z51k7-p>G5*P=#7%0JD7l{?hf#8n*Ilb`>z+45>e_Uj}wn#;MrpI>*Sh2a$#EJ}1zN zMn?Z=QEFw}NOm7fH#AZ?ca1Vs*4ju(PDIvgxi~sw3Siq;q6VZTqC_@((O#t;6HYMB z6Mx^L9!&H94x0UyblUeVEzi#Zg{eGXrd>^pYHJl3Q@HFjTLxC!P&lFfg{{FkDTpQNm6@&uC6 zLFZ_iFN{Sa5-V=Y=A#LeTr^2MW()z^a#0RgNOd1u5Wa4qQKWNDN8pn=jVvev!VEZ?*P|fA(XEUG1ukAsvXZS0)cv&Lv#K3K4OUfU$W5mO87P)~sr@ z`-7vPr6RsAOKSE#M~P;KK^S1V_J``BthRvJ7o~8^CKh4pi-4fO6`+SjJ!8&Kz0lBi zv~@g~IMeXhny1a$R(hv2cMdI1%cLwP7#kt$Do?>v`87$t&HjE(n(c*=@FEX)tP9n) z9(dy}cjxF^Tbx4{*cg{Ex5`dW5*1#(16(_x$>SRdvcXNJP*KIl?)~8sb~ULnxG|T; z3Hv1ckiv2~6Y!LzSvc&n+z=;tLQ9l; z@-Z}?K{*np_`{5alQ$Zs!BCApTB@LE0=P!}_ov`{#!gu|y8}IejLohQa=Pf)yLRY__(O1p-c9rW@aW!qh*er0=Qu|`Ly+eytpq|<<_f=3|0mbhsYb9JB!ig z_<7HR^*x$Hp>!$M=0_gKYu}q&vaL)GLJl~KXYTzv*IfrNws2@LEp*&wvS+~5?O0ZU zcxwvy7$bIIj?SV#QMZnsJ(5e**;;=g@b}*Hr@CJvpqUQ3%#gm3_cTyB$8FEAO_?B& z^E+d_+c|Cu!q78Dn$_?PPPTTSD+hqY3D|AkC1Bz^Td-Dg!~1fH^I{(mOA3pF0^rB; zwK(hfIM?9SY6Fc-UCN|+98J;!L;}TOrv*&KuSlAfXqQ-XxHNe@qM%uvx$$!($6f!l z2T|}+Mf-a%37#wN@!h!|60f}kRR}YRv17aeDNc5)3;YrZ+HLGZt$TAbXuF5Tym&;H z=+GX$VLL%bd_0KD*E$CMl8pMs_55AUwYIUy%L(7Uvh(s< zX#Qr$S@Vsc{&LwlRiF%7M0kIh1|1@e+%;9&EJi4(PMGP`|G#%KL1aW$EDi407uk&@$D76FBW(vb`)oXkFR*$ANs5q zi1}U;)!kx$_55r;-KC!S3<ijGb5L@7Cd?TK;@yS_yYtwftiN>Jp$ia@a)+AIFwM~H{R>7 z0D0?f8%~|F(c#l86q@qF_bq?W`&mASRM)8(Iq5`-g5P0{N*l9&f(q{>&UlP-0Fx)fY2KjXP97I8`nRt0rLun5-@4BF z-%UJ=eUGlpyr7rwu?e8)ToGiEq5$r^EJt&7Vl9C@?hf4twCVa%igWery2LljA5lc>+n%I%PR-I zlAEtQIQfDH-6uEYG3StW?>0_3@kHORSh(#Yf_XC1ln-ar<1y$(V;s2jDYf=T<|2R7 z!E>czk`Q^{5+13fed1Nms+k6_HHgUTqTg-Yh6n4{;JIpycK?q+Zx1Gorn}Rw9QlVr zpEZA>T+w5HO;gHjj5!eQ27nqooA-J2Oq57MVUhN6koDntV@JT#o%>lhsd&^Qi+d$B ziFG13*e`~WYjdY2$%fx~LRCxiJGMeYcAKtk8`jmp1euE1fwksEPtFojXV z$yDu>Iv~4OtT$<+WGg3ZE~Jq2{9d4MeP3;BRncAiay>!8fIucEP>_IbCDa&otjOsc z+Pwir#iFT!r2(yy8oA@4YoXdwHMv2q;v&^Kg0#n*KEG0Z17HI%MKysAHkjuZ`peq& zIMu36?Ze0f!~OX2pXG4cQzps*s5+qgUNB=Iro&@YCO0I_wgF{@D?!K(GmAzOO@;^& zZUPt3NXXpEbfj;U&nP;Dkv`l)(Aoe{@1zU?^^TjH*rM7aW{c8tujIMJ4AE$(2QU6c zKyiyL8ofMze*8zLsyBStDt8~*LuRB7?^w7>-xnIsmM?DVd%zgE&VpA<2!;|fFeT`+ zaN;Pb8>RH|jBh^bW=(l*kCu)x&)%=eUi!oB`mqoOm|YcPyWY$Csv>N^s!`&HJ2Hor zcSo*{b!^CIMCi#w_W>0F-eu&}Xoh)r7QUCpewO<+((SDwzF8E8awEU8vB^MphXS<3 zF==N59=#XSRwSaRopCfsS@&3qi~Tl)Zn&mdyY_v)w%LzqX!i1&u{o~qCC@RG3^C$s zZo^lL)eAU)bpU3wCbw*PSx2XAV8`=~HGxddKo{Afey$eFS#?OMd4F*{}qeG{w8*Y{f z{L~Xhe){x@S5S~0_^Jm61_I!|AH8*EMe(R;{4C3mCB&9im#_AFfOM%6$Q!pKsW0%h6*(-XPa!VoOuZH6p#lM85~8 zTAa2#Jbl|WhHCBqTy#BkLIw)x8UF0207jTOr+1ERv}XPBeQRBo837_*dT01ks6((+LMS#s4D2X_^rJCsP4| z1N69$Z}WJ)fg&Xc*8+(d1kwZ@PZhwRxOGJBIR5dN0}M(5|BIs`zQu8B^Y2Ui*OmW2 zWISI1C+Y7*2;zs#zNHpJiVysY1Xl^%SVli3xe_dxx`Cj7?F`ot5H-_pgZ2R2VV*y( zO@UTYCGv1hVAmqBTL}}T2a6Q=Cz)N|4X$`pp6fDS82P~(QO6o+?I5oNEU&a{-OEtT zec$2qzEco{0pq6zerbQ-;ddm%KM(DQ>+&b-3nF3m?725IkKO^I)z6?U+~@^}YNDl4 zQc?m<21ph0)#q@3jW_gg&F4VbZL=ihHlT(dnkN&(Mvu;+rGdxep>86rP|qL#&-1~P zfH2OsMeyLcwsAs|{>WybeHp}m0%15kkNkT-8;DKy_(CD!wI^_4i&j+@Q-`$9G5?$q zSzBA{*vb~$0+BI~Ow@Qgg{!wASLW#pu%6^UsVSt^xTgnDqUm3dXD^8F#31c&E1d9) zqJ-?9!xBM*4E6!h4L`i z(vfKZzoN3TGRPzB-1`$28DObNkllfA<|t^_;I@}0v2zWuh|XX5GsBXB!nOtC)ws>T z$1P%Euu(+b@B|)-`=_Ev1mjeN-rCnZMjC{3#8)5z-yHcqyW3nF8`=bfObS)s0_hj| zPX0!HGG!9~r*)s?Cx4VU`Di>N|1Drhsl#YDO$F3F$K}6x`|(N#pht{ zM-)*0&n8>`wDlT}w8|LQlfF|&E(@2_aRT${qpar6x(NRbVi=bgbb|9}MvPV7>jg%l zRM5f^%;uXk{N+21%9N<{vI4>;C3|A;zu{2A2C)z$1#E9 z44xjz1)CvF>GXx9oTP$3=QY@dj=u~|1HQ2F{bkqAYobx4bYsxRkNybB(T9QhL~ZTy z#Bh~vIR+0t+HCUp=+qQPztt$vvtc^R09PFVSKB<81YL*4(RrIrg;G&bfj@XH2q!S~ zX(JR?SPI?9yQ8Kf01Rh^)J333Y*!@TYx|$FBT^?Rqb8RS;0+iQB1`ZYiu=>^PGq;# z?bs!7-%NMq%pdTg&>WaM`&cna{BER-mnlv8w>t^_ITnNlHyS6fa|FpeSXfjIYfp5n zy#`}o1`oO6gUx8EY%+K*3ENs+>?77g9cf;P9?Mm$@i^?44ie&)X9a_X7^{wzH`^nh z=M{`YxF+A*F4RgGQq#&yaL)4Zn2}iZ@h%~$$3~5&rla*y4$fai9H7&~q0`?LdGRxq zjEpR9o0JFJbMh86AA`ff5+tX9QAm#V>mlK_4nC9aWHDYozH4*Nqg?&CNBW%PEOu2> zmrJbg;sh*vDxEg+E^TFGv~%ZLc|Kux9y5HJDf2qR?ltr1l&f?5M7%`_HV#T3fCYxB zIvcqH615=ha+UpMjWM*O)b2cZt_8xb&l!KLKBNi;mA?<_JUqp zGlV(W>z209Lk_CjKW<2H98UV|QTB_e5J%n+o0CP7J{&Jpcr3?DdeV&g^!JMuC4->R zYT;5$qeBGhW8(O!p;Oq5MPmbP!(lGYvmDH@!gXk5$$!t_@yfwM-Y)oSE}sV>mrifj zhnX=-jTm%jXpqNRr%*ei>sMCj7oEjF7Y_MrVu1x5sv2>B<{Tfgi;m}UV^>?R|9g3* znCg^j*^;=oOMWI}RMVng>LP*_YD~6+@#AP6Z=1$7omo*OSi_MkigPLtF!=UBHc)0t1zy21?FMEnQk zGeDWIq3Zrbrxc4eyuwaM58TGCt)d%IK;DfV^7RRS?J z$R?!Yup4~QX@3&1Mloo;ZJm-xGE-XMH@OtA?|pkY(SPPFOe+!eM)l#BBoTeG6Gj2H zcRR3a9Zg`iSY5+RX{g~5J3OmVUB`81V9a4LsNI@4t;Vt^8}yZFe*v|5$VduVv4+J! zBy5=I6A;#&WuOBH3F+le1+Kvq7^{=M8AriFaLd;fdwh@oR^*RrX_(eCu;v%0ukxB= zS{?hfCM$Tf45=%4wL*8|{1h+WEQqkVoH`RRx-h!0LAyJU1?Cs_PrA3by6WI)2)1(Q2_VVMH zc2)p<8xv|z=Gxv0o1Er#Zp=fxue7$f6L1bDEDl}HLrBt-PLn++HkSzSC|*YFzNGrJ zm95>aaE=6^q;^CWI=?$X6`l#?!Xd3?eq@P#y#C#voc~}Tzv$t~Lzt@`bMrb8ig{e^ z1>KY`G0J6uF#(bw5yZ0p9~lhS7VIR z^<}2>G`-*Icdsrn^FOdA_V5rF@lv#A+;cx!+|rm@vs`3Z_GrD*m(vmlcSL}jrv%H8 z)B1M(;qrp|-ZB+rm?F@QgocUDAJqn73fiAo-I6p3AR{7Nh$cuVUoZ3itBB2O z+S}FY`}Am`bXaT;ebK@ag~E`EUB-EASc;wPN{pj+lf|6k%C9aVprR{|T=%cGh(fIs zw-T_ns_Q2#c~Z%c%#2&}rlE6;Mh%qZ`wcqRQ3+*4RRoeJfQ?xtu#p&9)tRxnu}LA& zZr4(%&|+J2n9jUjFv{Uj`@A+;evT<{qdNns^HA9s<4QIG4T+<7aQ&Rh6|fw*f7kn2 z8jfC$nPx&psoXqeE(;puXm?gu?T#=et)57Fzh2`qD80D9x~Nt+j=vhJ`4_O3VZV-8 zc@ao+XK4N-T?d)_MH)?fY(XgoU?>B2cd6dQ7H7IM$x7IZ1GaoYu#Mp4LaYR#T`=dh`+J}QKP>yTl_&6cLvrDfIe8vLqHvQ@z=vb(kZ?Ag%5K~qNDnJ3u=`@ zSLUy?N3}IFdVD(ARmc@TX@LiF!cAZl2Q1-{`5uetL z)fBq@zBcbsz&e0o!neA7RCsl4?&v0s2++2i;xASdW1Z=HqVw<#>F3c6cNu72A4NCv zpPe-s=1OR*M0l_qaa@S;$I_XKTTgNay!uwS=li(~4bC&df6C#lqfPPBr%mqUC0J&E z3DXqu4T~QS5qQx~rXSLg)Ov}cjmd*d)wYw!`to;IlO%<$)`=HYHQ6c88Df&knM@0> z#)jm5KjGOq%%pndk|Q^H*`v>;Ya5}^ljwx3&gGlFCf_G{Ft_Rd#&%B0D)TPq2+>lX zd5O|O;G!?*Xo!Q{_bSIwt|A0UauI@IiG}9@_sw`f>0_rIQgk5-VJfidUtUEL+!U>c z#dzf7hL^i^D(2Qc-0(o8kWcSDRo`!PG_~FuUM_vS+42#02vX&Yr|S8@;!mPRE24Fy zokoX}s<698))RPrZWGnnmNb!K`H-F82P9&vZ7w)0fzA=Rq&R^S4XePEl1GvFKUi`^ zu>ACjH$A=LVHvqM>=(H~Yl*0-ewO?}{CxrQ0d91>2^I=!Ret^*(>^t-j@|?dp7%7R zmhBRVb--yQogj|tKpc0`21zkdj4E7rrNt!#ltv*n6YSk|_1kh4xO1$HjHem#pFW7b zkE~oWdE&ND!nh9)*{Qn1ZDt(#& literal 0 HcmV?d00001 diff --git a/content/v2/observability/obs_architecture2.png b/content/v2/observability/obs_architecture2.png new file mode 100644 index 0000000000000000000000000000000000000000..541f5b7ec67004e39977d7f48dff7439f193ad00 GIT binary patch literal 40479 zcmd43cTiJZ+cz2updg3>Dj)<@kRqT|=^#x+q!T(KMmmTPkdlBj8%?E1M|zQ!uLIk8GbO53*=phgY zqxNleLkQ$JF9dRw`vfg`Cp?<19{f1sWvF!vg6_OH4}LlBpsK41fqaf(*t4Snzn^@3 z+uRERxiUxncO=A~<{|`=R-vt~YW&n@5qCP(cmR2DP_E5F!}3P?%!xbZ4~~743BMM| zlAuiC*uAY^9JQqRx75v9SiOMt*kZ~B@YsgD&)^n^3&2vL4EHZhS%vcqD zmapH-j`Q7a&B$ca-E{~eD+MSw4Y#EY55s+Z9?gkHrd=uze?t6m)vjkfwCTdeeG}s7Ikcs(K>RvA{sN zchNlP`@q1!&iqeOiq-OU<~Pq1790y)oJVf{A{8BY^ft@Mc&JyL1%DG9qQZPs;H-zM z*~|=Hf6-KTfvv+6J@nlKJ)-M#`nv?ZkEmN5-)eKj9a!1T);HZ{#*c2P&4eYySj~;i zXg72{R0|{KwmSd3UvSaZ)`k)Y7q7S$dg*7_3-Ox?gNgQJ28k*I3UePF~iW@jG`Cj4#%MI=-Bb8&;g;D8cPmR+Xprqx{u75qD%Z&o&UI z`EfS*pFxGv1NTd7K1%uzR_shC_{9p6GryTcI~8c{>Q#}Y_SO)Vh4eh#ZM~+2c+wdQ-?qk!mM&; z*eC!!wAhBL9}>dl>11cB`4WPC+2U_F(sJXoKw6*k=1%sV4;_O=s>Pzg$Lt z7!9Yn;jcGxvBM+QEM~~XdaCl)I_|c7p3c>w((0Ch-396yLWX%x9AOQ&abF;@xv$$x zInXdl@~av7CKVv1920ECf4RL1If}a9rfDyDyeOR^gf8jm3AfoOMv1Y9FkJWaEs{0< zCd;KBzFg5o3z<~GV!M&Q{Cu>^)FWTv1xJ2q!!ldL7jw@?B1DyklQvGF??>hvEty)5 zp!lHY#pZLfIkeACH8E*h3;RbEdb1VYILC36i@lux$%E$sJP9Y?%)K>)&CJv#3tXR~ zt1`w7z_a)FhI!H%kJ*Ud(zq_mTgPXZ@3uhCA}F6 zJ?*6+@axhV;t1J7pMb2-0(-J+h?p*4^ls&tgD>^e!awHRll?(`1%bFl-u>TO+J}4p zFW0}iwspgt-(bXPD7WGD3y>Q^o}5MaFgmE##-x z!&`?R1gC=gc=+l`2+zO!o(y3=e23>Mn8noX|NlD$hkOQQPFT>K;G%xx~=eV zFw$$2T7|?>4FQ+^k)oRoQmK~2q>m_qkFWK;<9kCGK`Lm^zk1xkNS&Qc>2l@-0)FB5 ziMA8v5RQ1aq~ivfUm~ux7G-e2nU0h7>N4&(imP(O<9;$#_g9@PyU0$smfF1XZP62a%1 zXUbK@?rs%#V@-;`dl_+&v!4{TrwLznihFY-$k2GuWxyfi3Omurc04!53SO~L8>8zZ zVQe!(k%u*AcDg11Zd3NSd*s<0l16&r=xsM6d^dE*uu?wDzwl#XLhkAD3)q7l_m^TW z@xn+auZqmCGcg^jZ3hVYY@k4JE3BK{-kaxId9nS~=UV(ehqymejJnL)axbTe~&2`NPo_g}dM;WvYQHmI;Zk z^OH}I?0oVT*QN70O6tq6FuDNdq-pOw@43~4ljhVS5&Lz(dB8riM{>dMd92}gE_bw`@@w~g- z>7cPK9$nMg;@?uH#X*}`K@niNY~RpJm~OTK^DYP!XXF6pfx7#rB_3(`nsTO+h33LSRkB#bF?D}7UEiP!pcVRgmj!%D zjHk%D7Hr*ydVgLzAJz7X5bvaN7hDDJrvN{(qILLdO^BfvA#g3nFWMRV%1yPSQ})ac zRfn16TgUzujD~kT?Edl+WgB2<&ET(WI&Vs2f9u+gnVVWQoiek%ccrosa+2HwdCSql zi`ys47^qy@S-L0GANzkNII-bX4f`+4gH2D4q}UpGP| z5-*DU`sw?tAjq|!?Xr#7Y>}<}kYy;C?U}Lh{esF>NuY!;L46lTrlChNpE_BE?>6r) zMlD}B0$Gg0yFh{i)&HlSM?=F_C^cR8?Cxa@T7C4X$tBIsf3)OI=ewYbHLzWGm2$;@ zf-aVe4{UJ>++_@ve@jCx^O7Y~zAgI9-|*+|UGC4AfBli?ds$nwB&I9K(@5q1LyDSF zlwb*Ls##jfBFMsyfN8auxnpZz5twR+7gOQo>EPOlT)F_pVSEL5BcX=R1QeDE*b-+M zgoD8XC#JaW9gEPk&J}M4`vOO{VD!YfkA`PPK2rO zwh%WktK=d+g-Lw-7?JE~bLF$bVn9yH@-i6;zdm=mJgi;+HJ&emq{(=6-kSb!Btq?_%(fK zov20JnRQ5T;v8~Jiq9{z#=Yh8=PvP8Lm+>Va!X4KyiB^JuB{LYMM*x_3~296l~MfJ z2`nPzlvF`^%D#kCg^h7Wgt&P8`P3Fo#A^ae!ukG*yVgziCt8nQq9IX2vVM?R!-Ka3 zAv{pFo-c9JOEaWS-9|+emJ+c)R_M;Yk0O7N*dmKHeEe2hB+F<`_l@K;ShKU#-mu!H zoUv3DJne3i?S4vUEY%TfTn}>CECQ%IGpsDhEB4JP_J#nGHXee%XUbgy*Mej8kX;uNVir{6?fuj{Sd!LK{kg>a=Szw+wSbZ|ezIaVYr9JF>N zU}Wdrl|zV`d6U(gIcxld-%@SSj{E+%IYc`rXTlG0-m>ctK3cBLC7ohWK4CBUermY- zD5HchKzoiUT=-JF%fRpQrJFqkN{uefNp5>6$!+@xO8!t=R72yp4(wGzdfECBnPKtE z7RKWM5-5I_*qY;qO&t@Jx6(~sXQW<10q!5?!wO)HJncT+W@kuIt7{RWG!kPMVaTQ# zevJ5cP}WOL>J$yw8?MU2C>Bk>PmjQcbH-7P7}FZAukV><`iCadBiu9_jTfUG1D{8d zUM}aiD^?rW%jMvM^6Ko(w&KQ%Miq0>7$J+;!unXK);Ek>`{Sj}`wJ(a3q5IK6(5`9 z2cdn#aZz7!H}uWUiPjv7A+BU;N&c_a_;$UbbLqVTRv+>7I|y=LxKJN8_Xx&H-nFe32#@u*vMZNPGaOyylt@(ufl zfWL3FIxV0ME6Y6eN0yBMP8Dhe7}!ylvP<%Mej2)&bTmQaeiDt{pvrqceIu_&4>>wu zRUvS(uqxN#$+psho9}cVc5N*TPepUd&$K-J+#Dgma%*!LzYI;W?=LVwmzDLpjn&*h zTw~$CdwXD5ocCJrgN?DHk`ta0=IkTxV>O;AbA=RYQ~dEEQ=Io3bQl8jk;@CjK1qx_ zd8V_^i{?sPZYIw&INQctPqsmG$e>ZSRn(Su60>toSGwY86uSg}{4}!z@uPWpvm3q< zM|b8HJw);<%PnIuxMAS5u&t-<{#v4Sh7xk`^Khg0sVszd>VtJ~Dd&hqB$Gt%+3fD} zYc<~@Z+#)NLSkcnhCzZKS=2nX6Y5ia$1&_R)4m$ztq8NPH_E?<{`j#y>cWk0GLX2> z-IXpw#tGlHSEndMR{@qwT#F7Q!hjOwhX2N#aoV?2kzNDXpo6(#cKV|J!9k4LbEcj7 z{z4-qh~4mce^I%6B1Y9`<_C%s@#m-1-C9jbpRU|@ zzI%#Bnf263Mt1S<4$1<|_QNdn>8#?7&-G6{%{U5KJCno=>AoZ9yEG=?@>Tq@`qyAr z31}n-fnG&`C$sFMo#UNGvuz1Na<6KX4#)i;x9J8D4Oxt(PIeN?*N}dtk&D%QIBw%kaO^;tS9x)XD* zrw{}BYBtXpIhR$tN-Up?z@)=OJUaixXvJ`oo`oj37JqrwT(1vfBpPP5unC)PKQT^^ zhLyTe3-&8c`&*fRR+Q#`Zrd17$uHMWJ?coF-e2h2 zZ^!rENXx;Nb{rcq>J50i%==ejJpUgU5uCc+611naMJf%#MR6;R=q5}4Qe1DB=%JD$ z$d8b_FZ|`tCDy!Q$UZNqGv;-uLU#G&%dsC zu($5sku0^8g5P^2*;4CL+AxSikr$U<38P=kTsc7Qq+~0urmKIL{P*nM7tN+l-jL=p z$F@XS)nB$a@y7}|$&&H-w8Bboz*6n(*xz68DD_vk2edCP@xAAb=sOVz>FdVjflQTq5y zbjJ3=4fw+{Y>6|e@oYW%gZ!`wX=RM8kg)EK0ed{qjDEeVcuo(ajPT3MpT%0l`Q5-y z>@W^Q5uB$Ff=t+!md`tn?v@M*bAFQ=fi>0tJ@ryX+88sA!ag9o3t%^QovR%Tn>_Pd z9g7-E{#xPb4k-A8#r%Wa(gWv>_lxznEU+Sp@bY_ka4Z?OJXW{dNZemnK9JaLyP0uj zwb+)@id+eWx^8SuJ9C2@MvmFK@=u|(F=WoFjbP-Q$+vPTrYOOt304DMJ;k&W3I}@; z1k7ds&-U8Z$SDkZR|=csu1yjA=n+QLXz~Xy$L>b=o8Y^j21RW`6Amm8)*8s2s)e7s zuOvt>5=4e45|6|A6Fm?c@SKFgeJ28u==o?kNltTmRNOY^8e#O+2KPU@fOzN5 z9Rd-(D=|GK`Q-0UjPiD<@=c=GxM>EGhf{l5dHkKg@p`=@kewG`%DuF|^l zxj^5a-OKKM?~|K{nVia@x4v#F9kY9GX(3*=|G{$y6_i*|uZtFs*UdyE)*3dT6x;g? z5;t}Ywav6a46 ze^shst6|w~j&R5jr=7AbJzjTtIp zx5|fkvKmV%f$H%TK1-1lvobX_JR2Wo6|nZ}Dvq*+Uq0{=cl~``CSY@+|H7HK8?v*{ zB}Z76wONG@m-+WEak@f?Tp4w}1{teGot{3OJJuQ-8)J?OVG^MaoXdirc?DQ45_|dp z>a&%aGqE_Q__|-LyoWQ{u<^_0x)tU1o$7rORSsz;qwJeb$qbv+UGAyBOyq>lr;o^F zIegt&c}pA}>6Bkq7%H_@1{1_~C|?gcROjpAyZYmN9k-%?jXMrgD{76|_M`z_U;)gH zz^%ruhAz5GCsZmjg0`Ort@t+SLvDSg!wIS>M>avIB2;j66p#8l|JvRdS($@$5~*X+ zUmp7S9kk?eyuH7y?=Lf$UsGVUtD0J9U`sUzt+Q+T6Pc<*p?2=x#a71x4*@aU@JjDM zVvUof+Kz|o=wE5P{(Q4gvC5HHAb-;B`2!hztKApv>>6<@lD5^NAd)be*&Z*Ql>4bk zF_t56&QOf;Y+G#Oeq``*L!A_S9z0%l|Hj)3-NFMcbt>-U#4geX&+Hi7N z^Yg>!2(dY!?iwwQ<&5vslgrwQaA&a^iqN}e7WhDqWU+(XH;s{Rb*{=+@82#e4lNe@ zyf6^47N95O)n&f*8n9Dc`GlICY0_xihWk&8+Y+5>^KdqIFC-URpn&a4s_<)qXGFkzXiZ5>g^70QJ0Xsve&cdaP!Zr;Xxa#dDo&*Q* z!)EaOPmh)us4vXM58kg)^j$YY3D>aRDc{puo=B{n87_OtauowU{DEb18t?v~W;E*5 zOUyxNkoy}mkekDfKzf99?*c(lMc#l})t4?w4&h8#lC*D*T&)%{(dTihO?OGBxgVi`e~le*)%cNQ`DbJu6r>u^ zBzFEhBN5NRZ@ma%=*Wer!Qr{1HJvrG5PAchS<>m3mpZxrE^#RPHc2C}FUwc$2ewbM=q=Y4jS!3 z0b5H-PkVYJ!#~@%V49wv&JQ^rN_TqmS@hbP1Xp22G$9Z1F+DjyxCvmzK+W(f1Fo5l zltdvS0G3N{w76GEr(>uj=Q@xjGPwi+renD63J@h|#d11*>1|XjSO$PUd8omkv^GlZi}S!33ik0{`SW$o+`skaCr>Wc69q*@ zcjUi3G@2yq(1)1OMqonc22r83jBD%{$`C|TsH6UM^{+3GGL+csbj)y)_reBYuu~FlBa#_A_f_8j znt(ZSj8;1eW^X-^#(?H|k_w7}~aAK18r#sW+E&CT$r(H)X ze)(oQzM^gF$C#e)$tD!by&!Nf-J@O}$#9W+IWH{B=w z4kvmK8SYisu=#rL8#(j;xd`aRPaHX+TqMWO5%^Q4{;EO2KR6b50}KbOqPcT^=q#<<-8r8uN$UFesOZ?UVNCZmoYvUE#g_!^!+8v=pI^-<5Oj2 zGy??kmx=1^$;GBC24E=UEqOjUXE~pR_teUceEi1>LFoTgV$(2!m*V5XA>lyh7?T3x z@0CknVye&$)_OS%JhKTgA!M!1?WI9le#J`&6$OwhIC;U72K5^SgB26a9G)8&BzNAoU;Vy z56!h949ksVbXU6miYjcc+HG{EIhu=Dt)1nD-5n^++qCPA51Rab5*yh5{syX%@N{Q7 zk?fZw@F!CcT}atj#^aTplS0HyBRWHAOj+;Gfv%S=9@(h|$P00_+5>#X`cMrNx29!CDX=#rcIcTDji)z@V<;W`9bhvlPaSdq9+zqi(Rd3O}`oTLJu2V0x7MbV`2l@F`g@pYuq1sM^_F+}js6lEW>_O*Th zI|Ww?3zf5ZIuYJjua8-4`phTZV|HqF6lpQ^N?&IyTO|a3OQ26}n9+`1^9Vbq{H@7Q zQ*b~3Jq^LO`vXNLjRDUPJ?|wPqJ#Q>)3qve<0L1oZ{%cUeT#XWxpZ>G=VvUhL)6JP zg?p}!WEXU8GaY*c6mIE=&AK0kTNUP`e-k{)8uX$L>4#mMF}-gSAAw{J-|w1fFvI zu&JJJ<70dv<2kABySKgS*jZ~JE2KBw2->YXkX!bpgJ*Az7GI1XvT`%X$jd1%B|HJk zx@u=1)ZOk)YTadUWUgc6l&%3dSIcXytH2=J0{&Rht@MepjiqzRE;u=!ATUL`Km2yv z^d1;P{}~n8S`e!1$hdA7l2M9SbgnBYUZ8*JU_Mtn18)s;bjJE<;L8}n4WyCr7+2U@ zX*yj8dUFqDZ&rD$EoiemBiEh%!r<3vgLM;!;?Pzu8TVA%JW79m|F%{#ZBr zJ77{{Y}0sst~NgdHDYUGTjiQW?8}eA;>JPm9s3$eN1bueui4!-L~2o;R8}zdP3#A z1wJeF_V2URyqERLlSl4WaNc+j29QT~26P0pzwGsFFAmzX>a+UB(S&NydJjf6vCacU z<(sAOU2<`!MIO@8mR|Iub=}~y&bqL$Fy}zqIGqq^6#rg=i6QKMrAM%Hndn)DbJteh zd4pz6A`W#a%Yg2&6*GvtzxManJ_3x=3J@~GE*BRUWRq22p;7)AXxWr9@8l7WDpmn~ zTm`mG3_I3kq=o^aozgLt<``&3QN{*gplwK&t8JzG^CP(>urpTthOuqD+q3Aq8`Xwf z-`qv$1uiND{-%Q(M~A5Q<>{`su?n0ab2=XErU;mQfCJ6N6Tk>k+lEZ{XTh3J@V110 zrG;hp$x`Z^^Z|2nj@dhRk0oO}jA~9x=6gCfh8%Gj{P;3K@XR&H&rAeTkhsL+KEa>X|DRR(@`TQP!0dFnbG4>_-t zElMqpH;n2{DDdY6raa9Muk^-jPrklPVd#N|iG_*!@;9J$N4<~$xXv8QMxXbbX@*bP7@ILTtHT;A`Th;a+bVL#o z1+QnW7p@mAF4ntbc6*N&=tTUMrnW_JO@Hk#;`ckKg3VGRdC999kE$d0DN~GO0=FM4 z^GHBag@H*dcM2|G<<%kea*Ek8Fx*w*Y#avq==j|8A*$%5)>w$X;HgbEQBjLC|8V1C zvYILceyJcj%ibg}0-<_4%af1QwfpAjbHTUIDlc6T84gM%oMoyg6lE0}GW(-7byMIy zYr0z6!Q)8Ac>7SJqR3A!FE+CUb4bSSI%eH!eV^=__Exr*#M_Ve{+wY$N!=QF8u>JghiGc_d7N1w_8d;fWqD-N!>-H`~DiU&*&!^B; zwhE?y z$N>O5k?ytA=MJ_zJWzcUFvV88G`ghpT)7}W!wyd+IFj}L1!>p!L5;4%;s*koR&C(i ze^Om>u<4fZGy!dklKtE3C^Mw&$Co(B+AAa$5*{2x_oi#RA)+dCYv52VVvM8tN&xL3mu&XS-t3rBFY|$`uyETxMKzH~sE=rLbQN_};sDC9W|ml1V?->g)JwZ< z06+a}T57YX8O6cYF>lt(m0{!3m_YSgI>59OQ1P1WM4VRKh{ejKsl$qN?%XkaXEPdT z{k3r_T7EAOZtO@E4k*NxS3YK%PvaF*J=ocOe(dd&mp#g^>H52QpQ_TuP{P*B8`jVy z*E(OzQKxdwt5---6*$kP0wwUuT_F+*>t7V1b z8>(5hSEhvA-4^d%v^{st><_;6G0Yk)P!?zpXlYsNZBiXx3 zqituk)=AY=r%qWf%U=Jw3eg5M4|jl^P|C?0fxwGlKVW)moRLT6i;0D0R7I@rhJABQ zaxw?@Zc7$VR3{g>*Z0BlqPYVrM#Rgaa{aypA8D+M;MRB+5sQ9bY*%3HFXcSY4H|D9 z5Rab|M=FbLwW1b!dkv}LAvS%`Aao6khtw7oa>P#MOKWcd#K4=~2=i0tk(+ zs*+~=`Kg_zr!3JHHJo|B7D~Um7{AqSZ=?3{Rel?;*8wQO}y4SleB77;0D!XXWTvi<6 zK@*u{20ZGp9qRonu!GWXeVCQXR=72-z!>5E?x9SE$lhTGu#q* zoDGTI^kC;acfv7hON0O1-CkKkO?9JZ9AKENP>=#W(#Pg$jzu*Dv9?8j5~aC=^EjD1 z>=KZ2O-%*XyS0QP&KBCa*YMBiX4+@uJxwb#>1@zUFpm9 zBWdok9@p>we)NcL+H-G`6VsxlwOqPCK@jr*43Fmwh#vD0+RfHl~es_+v` zGlQSGc_e!&c}GrQFs-HkFi%t1Ho|o`<@b9gP8s*Rh#O}RQTqC-tk?Bn%u@UBI!ljo z(+3uu>hW~?qC>;>c5crNXi;K%^vAEHJ_O6 z_QDDHg@Q9yHa1IW3_%Ew%q&Eo;*BqS#xxLYLTKbD*GUv5!D^*eKC})7(r^h031yX} zdOQ`%wHQz_wAh}H4tW>AB5MDm+HFYXp^Mfk^}ZuTe<*ZpM|wmrq8$lI4-Oo ztNx5Biv7bhm=Ofz8{-UDf!kT`!kaRmk$r5`YOH;S5SKW5*9T!li8`VZIpB zXwOOqcXG61z)b@vl8IamC_z3RKf?Mt0fncwGe@>Tiki8=aUO7lSkPL7z4An9i(#ew z3|T+tmrMW3jZ?M5+xeLo``=WHmR>i2;+|!x;_e9!!ho>{AA;spZyKA#teyav@P|LX zMxGP(#{|xaP#Q0@08R?F|Lws0;okpA#r|#h@%lVjFlPu@-w2?>-I2_9Qy?#tQ`z!T zn(z3_8Oc2VhZfxVy8wRoa4Dned)5cTRF0kO&K1SnPk=0T@ZO~;k&y47E}Yi(Ka9IG zijqbx{saPHY@b5LMY2nrP-ndXAUW9R?;sGB9=}Cx8x`0tbjOp0OY6lEmDW+V2C?_4 z5ry6-CHb_E_gVuDrJuESH%f|G=QRPaHTM37{a%IVRI{V|)WXrv;>OEVg8Cea`mLL; zFie?|!LGJJ{pWaX6Q4fPGJ_R|4j_QyjY8?_>J}{(m6mwCoB7e!n=@2oYnA~$*luwc z7#)mRR&Ia%X`QRrU(P0tlPoXz)4<$(o_NhPAwHX;y|=uXD~1$AT+EuCz?;qLj*jBZ zj1#Jc#Ea!ep#Q)p8nvh{5Kh44>LliIR5@F9rpR>ZrpZYmDnW5uENtEb1|jZSI0Fti zXk(y1S(%u`+iDTfpjRedb-rdfWyUy6Ey#>er7`TiEJ`C->L@NL)WDxA+Q)LBX?amW z{E_2aZ5rpT|86dh&Wbi}Kd^;Lb+cI+3>RU`XuYqsUWo;4b4QCE(0_bheZ4~RR3MM) zy5ziBC3HX!&d22of&pDcF;3102@{!A)$vZ6M>aO5b3RVch=WFu+FP$0_#t;URuP7> zBeuQx#bg(>Cun=?vl{QxW4Pp{+0@M|o#VyShI#zO9Jz$2fM%eb@+)NQA1x=7r$Duc z)-9DI(fMJ~5mBJnuS6mH${qBS^}P8|fUp&cUIY=B^_Z;L1g^|x|3p!1E0B1|&UGkX zI&YzcJKz6)(5EAJ*Zh+jqf0i=w-;wFTbY|DDQnW08)I3n-rJr&r1;w2r{tiZL~OJq z&)4)Fp3U{ge^h)AB}&ht(AFNG)sH6!4AvLlS3-d{!k9Nlb z>Ae{LT>R2E_v70AY*SQGefYSLj_TRA9LMOVly;!OWIHed)5D>c=B&5PHHj-1uU^7= z=J)kdS_DIJ%uEG!5I(sIiHquhzI{P5@1 zpb`5nC&9zx*{K18=}STXJnW*++@ERMfS@v#F7deQ8JY7h%>nCvj)5jAwRf*1suT(@R%iZ@8mpeUVk= zb360Dyjyejw*8H{9)W^v4A;%aU$Cb7O_&$ISqDdd`_QjBj$XHaI8x!HRAV=~jH{E0 zUwyU*!pYP!p=uE7y}2-~#GuMZylIU%Ey3Gs&>S2^XV+h2lD!GgeEV;<%j1kH-ao9Z zZ+hq27}J$F*k6!LL@zCm)%Gn8mtQr3(LDHu=Jy;N;4S3!cpELRt+NR&6BXLR`Pxd( z-d)kO*1k4ZeuJai=qo4VrKAlRHkxqB&9H<~zoG1-3PsrhO_wgFp4~ar8o{GE*}^yg zfJlXV&U3}YXSpOSWpgyD`P>Pou_M+Kuw$0Ttj);MasIyvESo7bVhFT^6KYtuSh5L~B0LEdht*xD1h{4ENT$caW z;>-=$9CpZ-{Z$e8KOLk(k!uRDBqZ19x5*!``_fA{Z;tEdVGzf;DBIv9)~R73g(0x& ztAh?uFc@q$ADEG~S2F^8Wya-0fGt+@Kkea(14yg6g9sNI=#)KF!?A)7^alO=REHcy zDJDbDWEJlu@Sd?57|OPB*{}Co-%~JXekOi8nf}4=O-!-~Cd-X%;1f|*jo`og{?BZ& zXad5HII_7~Jn4`2O9H_+qlswwr4_ij^mF+0uxY+DIuYBN#~)I};je*L8j|b-B7#oX zKw#EJaZ3dOy5kN?;(nz#Q=DJssW9(~4j|u9e5j&kR14@OyI-D{-4GHM#(`00|0C*V z09AM9828A%()h0*Foo&h!XiL<){#;mS*<6RJ?h}t8ty_34i(yBQH`Fv8-04@Cni^= z?wO!KyTRK&<)%`n*;3GSloPYHVlZ0Ve%~EbQhmq$Q0Zn^ZKFEQwe$04?z%l3NTD}JFuabj-qDl21HOO0 zJX->RyM4-4D&JCzIJF9g2LvWVCSb!yR*3uofIC2!6(qk-TBCUKt1~kikpcIwJZI z3IzJn^khpN*I@h}+c4PJUsFwsJ<10frj8b=yJwsP4P=Rd_g+zEEcUeUKqZPV6OLuq&Xol}5d@fCD%1q))Ncgs-!J_*$q z$Q4tj3G-Kb2@0d$=KZI+B~6{Ckpe)Ogd~oZd>8X5m4YayH}mihkZ_Iu|Vt@m~l+9j=>FFVZt zue%d`G_UxNyzkNmWgeknZhxiV*+*6%DOwVkOjfWDDfR#h?2BG>-V5Kbn0}-dbr;v_j3|&~HYoQhAdDZ^gUEUf>oxS^PJZIvw-Fb?F0=wIv!s4z7=^bIS&V`u| z$Gutd7&gAFsL&#p-zs{d?fP(f_Fa-m@U7W-K%MR)e*E0r?j(8SAchkVa*;xd1Y}ATpgFFpMLk}GsYU~6x_dvE zH@~6u8b7d0(C<6xM|_M_f