From ef270df5b7af6e143bf1449e34a0a577441ab03f Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Wed, 17 Nov 2021 18:09:44 +0300 Subject: [PATCH] docs: fork docs for 0.5 No changes, just a straight copy 0.4->0.5. Signed-off-by: Andrey Smirnov --- .../v0.5/Getting Started/create-workload.md | 124 ++++++++ .../v0.5/Getting Started/expose-services.md | 36 +++ .../images/sidero-cluster-start.png | Bin 0 -> 74471 bytes .../images/sidero-cluster-up.png | Bin 0 -> 73620 bytes .../v0.5/Getting Started/import-machines.md | 73 +++++ .../docs/v0.5/Getting Started/index.md | 61 ++++ .../Getting Started/install-clusterapi.md | 44 +++ .../docs/v0.5/Getting Started/pivot.md | 43 +++ .../v0.5/Getting Started/prereq-cli-tools.md | 60 ++++ .../docs/v0.5/Getting Started/prereq-dhcp.md | 141 +++++++++ .../v0.5/Getting Started/prereq-kubernetes.md | 86 ++++++ .../v0.5/Getting Started/scale-workload.md | 14 + .../v0.5/Getting Started/troubleshooting.md | 77 +++++ .../content/docs/v0.5/Guides/bootstrapping.md | 285 ++++++++++++++++++ .../docs/v0.5/Guides/decommissioning.md | 23 ++ .../content/docs/v0.5/Guides/first-cluster.md | 144 +++++++++ website/content/docs/v0.5/Guides/flow.md | 81 +++++ website/content/docs/v0.5/Guides/iso.md | 23 ++ website/content/docs/v0.5/Guides/patching.md | 57 ++++ .../docs/v0.5/Guides/rpi4-as-servers.md | 268 ++++++++++++++++ .../docs/v0.5/Guides/sidero-on-rpi4.md | 158 ++++++++++ website/content/docs/v0.5/Guides/upgrades.md | 66 ++++ .../docs/v0.5/Overview/architecture.md | 11 + .../docs/v0.5/Overview/images/dc-view.png | Bin 0 -> 129632 bytes .../docs/v0.5/Overview/installation.md | 39 +++ .../docs/v0.5/Overview/introduction.md | 30 ++ .../content/docs/v0.5/Overview/resources.md | 118 ++++++++ .../v0.5/Reference/minimum-requirements.md | 22 ++ .../Resource Configuration/environments.md | 77 +++++ .../v0.5/Resource Configuration/metadata.md | 29 ++ .../Resource Configuration/serverclasses.md | 82 +++++ .../v0.5/Resource Configuration/servers.md | 134 ++++++++ website/content/docs/v0.5/index.md | 22 ++ website/gridsome.config.js | 12 + 34 files changed, 2440 insertions(+) create mode 100644 website/content/docs/v0.5/Getting Started/create-workload.md create mode 100644 website/content/docs/v0.5/Getting Started/expose-services.md create mode 100644 website/content/docs/v0.5/Getting Started/images/sidero-cluster-start.png create mode 100644 website/content/docs/v0.5/Getting Started/images/sidero-cluster-up.png create mode 100644 website/content/docs/v0.5/Getting Started/import-machines.md create mode 100644 website/content/docs/v0.5/Getting Started/index.md create mode 100644 website/content/docs/v0.5/Getting Started/install-clusterapi.md create mode 100644 website/content/docs/v0.5/Getting Started/pivot.md create mode 100644 website/content/docs/v0.5/Getting Started/prereq-cli-tools.md create mode 100644 website/content/docs/v0.5/Getting Started/prereq-dhcp.md create mode 100644 website/content/docs/v0.5/Getting Started/prereq-kubernetes.md create mode 100644 website/content/docs/v0.5/Getting Started/scale-workload.md create mode 100644 website/content/docs/v0.5/Getting Started/troubleshooting.md create mode 100644 website/content/docs/v0.5/Guides/bootstrapping.md create mode 100644 website/content/docs/v0.5/Guides/decommissioning.md create mode 100644 website/content/docs/v0.5/Guides/first-cluster.md create mode 100644 website/content/docs/v0.5/Guides/flow.md create mode 100644 website/content/docs/v0.5/Guides/iso.md create mode 100644 website/content/docs/v0.5/Guides/patching.md create mode 100644 website/content/docs/v0.5/Guides/rpi4-as-servers.md create mode 100644 website/content/docs/v0.5/Guides/sidero-on-rpi4.md create mode 100644 website/content/docs/v0.5/Guides/upgrades.md create mode 100644 website/content/docs/v0.5/Overview/architecture.md create mode 100644 website/content/docs/v0.5/Overview/images/dc-view.png create mode 100644 website/content/docs/v0.5/Overview/installation.md create mode 100755 website/content/docs/v0.5/Overview/introduction.md create mode 100644 website/content/docs/v0.5/Overview/resources.md create mode 100644 website/content/docs/v0.5/Reference/minimum-requirements.md create mode 100644 website/content/docs/v0.5/Resource Configuration/environments.md create mode 100644 website/content/docs/v0.5/Resource Configuration/metadata.md create mode 100644 website/content/docs/v0.5/Resource Configuration/serverclasses.md create mode 100644 website/content/docs/v0.5/Resource Configuration/servers.md create mode 100644 website/content/docs/v0.5/index.md diff --git a/website/content/docs/v0.5/Getting Started/create-workload.md b/website/content/docs/v0.5/Getting Started/create-workload.md new file mode 100644 index 000000000..658977d2c --- /dev/null +++ b/website/content/docs/v0.5/Getting Started/create-workload.md @@ -0,0 +1,124 @@ +--- +description: "Create a Workload Cluster" +weight: 8 +title: "Create a Workload Cluster" +--- + +Once created and accepted, you should see the servers that make up your ServerClasses appear as "available": + +```bash +$ kubectl get serverclass +NAME AVAILABLE IN USE +any ["00000000-0000-0000-0000-d05099d33360"] [] +``` + +## Generate Cluster Manifests + +We are now ready to generate the configuration manifest templates for our first workload +cluster. + +There are several configuration parameters that should be set in order for the templating to work properly: + +- `CONTROL_PLANE_ENDPOINT`: The endpoint used for the Kubernetes API server (e.g. `https://1.2.3.4:6443`). + This is the equivalent of the `endpoint` you would specify in `talosctl gen config`. + There are a variety of ways to configure a control plane endpoint. + Some common ways for an HA setup are to use DNS, a load balancer, or BGP. + A simpler method is to use the IP of a single node. + This has the disadvantage of being a single point of failure, but it can be a simple way to get running. +- `CONTROL_PLANE_SERVERCLASS`: The server class to use for control plane nodes. +- `WORKER_SERVERCLASS`: The server class to use for worker nodes. +- `KUBERNETES_VERSION`: The version of Kubernetes to deploy (e.g. `v1.21.1`). +- `CONTROL_PLANE_PORT`: The port used for the Kubernetes API server (port 6443) + +For instance: + +```bash +export CONTROL_PLANE_SERVERCLASS=any +export WORKER_SERVERCLASS=any +export TALOS_VERSION=v0.13.0 +export KUBERNETES_VERSION=v1.22.2 +export CONTROL_PLANE_PORT=6443 +export CONTROL_PLANE_ENDPOINT=1.2.3.4 + +clusterctl config cluster cluster-0 -i sidero > cluster-0.yaml +``` + +Take a look at this new `cluster-0.yaml` manifest and make any changes as you +see fit. +Feel free to adjust the `replicas` field of the `TalosControlPlane` and `MachineDeployment` objects to match the number of machines you want in your controlplane and worker sets, respecively. +`MachineDeployment` (worker) count is allowed to be 0. + +Of course, these may also be scaled up or down _after_ they have been created, +as well. + +## Create the Cluster + +When you are satisfied with your configuration, go ahead and apply it to Sidero: + +```bash +kubectl apply -f cluster-0.yaml +``` + +At this point, Sidero will allocate Servers according to the requests in the +cluster manifest. +Once allocated, each of those machines will be installed with Talos, given their +configuration, and form a cluster. + +You can watch the progress of the Servers being selected: + +```bash +watch kubectl --context=sidero-demo \ + get servers,machines,clusters +``` + +First, you should see the Cluster created in the `Provisioning` phase. +Once the Cluster is `Provisioned`, a Machine will be created in the +`Provisioning` phase. + +![machine provisioning](./images/sidero-cluster-start.png) + +During the `Provisioning` phase, a Server will become allocated, the hardware +will be powered up, Talos will be installed onto it, and it will be rebooted +into Talos. +Depending on the hardware involved, this may take several minutes. + +Eventually, the Machine should reach the `Running` phase. + +![machine_running](./images/sidero-cluster-up.png) + +The initial controlplane Machine will always be started first. +Any additional nodes will be started after that and will join the cluster when +they are ready. + +## Retrieve the Talosconfig + +In order to interact with the new machines (outside of Kubernetes), you will +need to obtain the `talosctl` client configuration, or `talosconfig`. +You can do this by retrieving the resource of the same type from the Sidero +management cluster: + +```bash +kubectl --context=sidero-demo \ + get talosconfig \ + -l cluster.x-k8s.io/cluster-name=cluster-0 \ + -o jsonpath='{.items[0].status.talosConfig}' \ + > cluster-0-talosconfig.yaml +``` + +## Retrieve the Kubeconfig + +With the talosconfig obtained, the workload cluster's kubeconfig can be retrieved in the normal Talos way: + +```bash +talosctl --talosconfig cluster-0.yaml kubeconfig +``` + +## Check access + +Now, you should have two cluster available: you management cluster +(`sidero-demo`) and your workload cluster (`cluster-0`). + +```bash +kubectl --context=sidero-demo get nodes +kubectl --context=cluster-0 get nodes +``` diff --git a/website/content/docs/v0.5/Getting Started/expose-services.md b/website/content/docs/v0.5/Getting Started/expose-services.md new file mode 100644 index 000000000..32a047afb --- /dev/null +++ b/website/content/docs/v0.5/Getting Started/expose-services.md @@ -0,0 +1,36 @@ +--- +description: "A guide for bootstrapping Sidero management plane" +weight: 6 +title: "Expose Sidero Services" +--- + +> If you built your cluster as specified in the [Prerequisite: Kubernetes] section in this tutorial, your services are already exposed and you can skip this section. + +There are two external Services which Sidero serves and which much be made +reachable by the servers which it will be driving. + +For most servers, TFTP (port 69/udp) will be needed. +This is used for PXE booting, both BIOS and UEFI. +Being a primitive UDP protocl, many load balancers do not support TFTP. +Instead, solutions such as [MetalLB](https://metallb.universe.tf) may be used to expose TFTP over a known IP address. +For servers which support UEFI HTTP Network Boot, TFTP need not be used. + +The kernel, initrd, and all configuration assets are served from the HTTP service +(port 8081/tcp). +It is needed for all servers, but since it is HTTP-based, it +can be easily proxied, load balanced, or run through an ingress controller. + +The main thing to keep in mind is that the services **MUST** match the IP or +hostname specified by the `SIDERO_CONTROLLER_MANAGER_API_ENDPOINT` environment +variable (or configuration parameter) when you installed Sidero. + +It is a good idea to verify that the services are exposed as you think they +should be. + +```bash +$ curl -I http://192.168.1.150:8081/tftp/ipxe.efi +HTTP/1.1 200 OK +Accept-Ranges: bytes +Content-Length: 1020416 +Content-Type: application/octet-stream +``` diff --git a/website/content/docs/v0.5/Getting Started/images/sidero-cluster-start.png b/website/content/docs/v0.5/Getting Started/images/sidero-cluster-start.png new file mode 100644 index 0000000000000000000000000000000000000000..f53c0140fcd31f3e22f81b4f487cb52a38124741 GIT binary patch literal 74471 zcmd?Rc{rA9`!=juB`H%fWF9hQNRc5^=2_+;GDk|3S%V=YGa-q{kRfvre4X;9vhGW>_Ip)_F*Y)MuYtx^VDuY^WIM~_a;^OiR3e$wFqqof1;zsOtZ~5{_Hga|P zO)&Yy#6+3}KI2KU>ieEVMI8*P&CbuK z+9=G(uzsJeM9ieG|8Zq*w3)@6CVi{eK4as4{9lTgTZrZqwjat`(MgvYwsR-J)ek;F{qVvi1KNpOekWaZ#Uk@QKdgvkK$eg58S5&+m6{YR! zT2f{GJ7V|#{mu>!Mx_q1J=50K*2JlJv?a!9tL*Fhccp5cyz;$eiFb$T@KoEELLwsX z<@J6e8EWeInVFfGm>8e6#oYli92}X>)hmzF)6*BSPBW~p&$TIpGsqJ!O!i)x9jZ%? zc%*ygE?tFPM;d}rRCXg_M|wd(YNQ^_QQxIB=W4!0bh(-=;5(nR;YcJiqyn08xDN)P1_f ztel*kJ9gC7)g_<2yp?HwdG`G3<*CWZn>TOzu8wEEe*OB0-?|o0jQX^ZygVBxXI5I; z(90X!WKuPG0&ou}L`2LgU9(#Uo;-O{M>Q`O86#+Tl)aBJT&`gy>RVZNv1LE=I{)*l zQ+5bmy0y5R`%1DaD-+-4s%mLPj#(=y1>@la}E|3kr5GObaXso zt?iE#!bPuqzn7FmO-=1QSe=|`e_D?F+}rRYQWpnKoqO=S6jZkoZQJ% zr@nd3+;nttadC9abqqN8$hPgljT<*SJw3%4rm;_LDN=s3LpzdM-%iUNu(IK#?7b=I zmAgK1Q#XNaw%0br=~Lx#CZ<<|gEd&Y{xYYNBc{)j3=xh0mIv@ByXj8(-&E%>6dpYJ4|xo;)EZCzm((CHthzyU6Sx6jcAw+>f4$ii(cT z(Z;5`r-zd&ezLI0{+3NJD^n@y!Stw!!sKaMoRmq$yfvpXH|>~7>bZ}r2cu-DPe&5bHlK3m-}^&b=f$d-iNjeLo+T1Y3*snw*+44pN>nW%1v+pFteU=--Z;Ul?vA z?-=8ux-jtUGKa+LmtcIn1lT}zaRRj-?BYHEd#4S2eT8>11?8xtR% zASDlJ`uJ>QWo6;sTCj(WQEbnaExCI7`VQ03^!E049AOI)aG&`S5fQPx>@IHfs1Xsj zgbjC}9cpT7`tU^m$Jp4H!A8B)#5;EG#A!^H^zpguF{fx#h$yhv*sX2g)HxSp@u zjk_O}WN`Bu8qTl%ck}Y{s>JaiSq>uP_04?(WPeOd6crbDlG;cr-fFpgoC_KC4)~GRNNckI&(jo8$QhOYA%2&3zLR6OSH_ z&*f(Cd#J7@=G7~U(Raz2>d7HtVWmYyX-ATu3M&0HJ^yo{LPuLWDmuEevh(NI zn4P2Jo$$6}LP9!PTJ{RrteL8DA*mvA2WW%aI|9?6WyLG1@vhvpYMymVVNs;`0Pxu{k(6^!4;`XC*J*GyBug(dp%z zRNxQP2JJ8Bwlpy4K^Y*ELF!XdQesiKyFL?AXj?Z}G_(9wGAV1}dwe!e3AJx>nsi z?c(wa#UHQ?r|PVck&&Tcc3xhXEqQrvmpM`T6~O;C^Ywa(^6y5AE#+r4DDE zoOorjDl5e#C4Et1{C=-wcEt!3EmZTFRUKkrkn~z~tP;D1^nm1Y){*+)me<9q`3+p= z5`^moHvQA{Yx?^7Ys<^I<~6>3CH5^#x1+p1-h2OE+uVFm2> z0?HS!Iy*|mg;>*9sqwlAs32-o$^8rSiIrTm4@ zo}J|9Z){e@6SK$u^ zD3~Loqt7cVhqfezhN_@`cwIX*w6yZRv$M{Hm62l4EJbryw$7upv>E;w-KFV4el9M< z=U1JOW$|Z|+#VGcYJFF`B_bli#KaUtO5cYA==DuI=^BDpSy{Q#?MEPgqu$tHjZ{)= zwfk(E&#>a?lod-6Mk~$LJO(uiFkX2AnUR?ZWr=zw` zT*Zfq$tP;(`VdB5eYH4X{Y7+0>{c4wyxaa&> zPvLn628Nc*t&J}(2%b4}MqOQfdF?cwJtSmEMHvT)m!IEn=F67&=6xh2cW@UXPKW7j z*;PI;_1RrvmC>OURuDL-5loRJNKL#Q$NY1ZM==h}ty{8ocAS*yd3jC_4oAf{Q*(29 z%KXE~(#|wmp3>=j{~igPnwIuSRu*#hAsQMbvhw4oYQ06)$a)6U!r27{qnA$NW&o7k zqt2L`CLeW?m6g@hjL6K)1j4GR@w2e_iX>EARMf|IXbaLc3h4KsOWobw+DS(m^j@Cg zI5o9lgmv2k@aZ5~fMqEyEp;zpKWoDt!Q0S&engjgc+}0z%nVRC`0ibG6_wfw61tNS zd!~d3$u6WfR9dF(TZz3Ltb63KGZE1YlWhLluM0mKG{U;8d^ZxmUp|b-w9MSw-PKi6 z@xA?X%s9fW_|LVUUaaJNJ*m05`NW~9t8A}L?x=@;V0Zpp#l^|_kffu%eP*a`uVhM_ zxV6i4VheyRpu_BHSdZ=7V_5Kv-{E0|3wPW4?j5kt6(_~RNX9!iv`9YbF!P%{Bcq_O zvbC-MHaqd-$Lz1Ik1H!z$2&7|KGK$SIytl}P)t$3ovf|vMqH4ETF*0Z0mK4OQ1cj^ zmQwK7#L`7D$pU8#4GodW(2-(=f{f0*`~|c)^X1ho91R?Y0|yQ)?~A_L$R0d5+Q!Yv z$zxQKm79B~(cxfxa|Zilqu$HAS&trdHrAheAnxHZKh~l1SXI<>o-?Iwvu1Ox=39NZ zPAZ8+5Xq~XBy%_!5z!yR4j(@%BqYSfmeJadQmF05RxC1X#GH_^dW?|V_S4CHiZ?e_ z@O3B&Y#z~WwzR_Y)dkujr#dl^4StU4mse71eBrfZm%ryKqx+q({X4zGDX6K9jg3Qp zr{&~?=+7KtF1;4UnljRZl6e07`HosCOG`^W)5?;oQ+?euU!9`6L`jEZ8np#J2Bt?6 z(>t{vscRQ=-Oi+IX68Hkj{d}n@>jQZWoBdq^GVxSTcd)D2n&l--_YE6!+G>5PD><0 z4|xXX5ct6 zBfiUD(QV`N9?OiolNuh~x_z(Uyur$c9oc3$L*>ZSfb}Im)J%|DJ02@cF7FeoX4;=V zp={&S&K1e(7iY99Lz%7d{Kymmv_z3jNX~T|YpW>wI-JW2{P_NTRPEP+=hrlZb+uLQ zMMs~%cu_qs1!xQHd?;^Jgic)E6538S&ziKfG?cl83SO}n1*ETfdn>A{?i*1|m3Y@Z zbNdljSXdYtd7xTYSa^8WT~t)GMJKNB`5EGh%F4U6C-@i{AL2x$)%b00EN$7crP!tw z{Vvt#LlvmCK#e*lZZoLgYEz>;Wv4|bFozs&9XlAAvo9O1^l#e$5DFm=%uuKJSGPu; zW}KOu>qJc~b4;+~xpDf~<)Js|pf=FfB69$$zkBx%-RWEYMQruZBVGKk!sMc8*+#l_V{7h6y;jg~Q-LBi!i6l>w{za59^%adZ}d5E02qcexY_hcO4f*;Ho8wP*PB6a@pG2wxOe}t^EcfL{Co-2q!l` z|FO*6++2Xn*BCAxK_MYPtsPspB!BS0EnNQg)@k6`0qVS*oINS~l@x5mw3Ti;N`GhI z4zE02|6_7;a@iZ1Z2I$yQyXnQpMi@JdY}(@j~+b?eDmZ9cWB-F?(Vm3Bx2Rl*XzGA z`OkDqqD4UTfz;4?Znit(ZWDr&2T2R&gJCv)kEu`svfB0CC?IB7*iG386o(pl%rWIX*5<&((Dv zX$WWHthTl#fcDf>UO|E1aKi!bZONbG9aWP=T6=ny+oU#gpFFvOEtr`h^Vy=|yAoC5 zvv$?Y?DMrjpP(Swo;|`Ro)sGKcuQthSK~0Fb&{4&ef)SQKUpM@5Y8c1QCCkdBuraw zF#65h4$whe$KEtIUwCu-06@i29-c{nKEPn~H(2QLbU^H2kp`9nF4e=&@)p*mwuw0Z zxh8%AVWt@$GylRs7SC-$oO-$&vUEBsFyEa;=uuq#eG)iXTH{U$ryqrnpp~X ztbt!w=h2`C%PSD$yIb#z&Mo}-h!phb5#ybppdb(x<%7Q5M;p=0%S|^nG#ol{(ZtQ| zcVj z5Rv&n!YeK|mQCzl{C3GuRMOj?`nyuzhh~4lGGHNJUS zSx85mXLnP8bb0^&y%BJqiV83y`r%Gl8JYX{?`L&X>kdZv-@N&{pys!-DLWe*lmF1S zZ>Zm_$N3EPNlKYY<)YRTOm>Yc{xcDJqI(l8|9nV^H?=Esr_5M5dV}vt&X=66fVzZJ zJ|V0_sdy8GY}MuDHlK)7R9mkYbi99m z5P$E(+8~MDHX@>jbF(-u#M^(JWY_ZL+V-+uea%cMiv0ZBJLCQ31!KArGxlVM4^K=^ z-r4j+8vur=sHn*5ch|{t7cPX79h7)B^4I4O=(%krlJ|L~?%cV9=FQ&5hKh!UYw;)J z%xs~&=*t|Q4{x;wc z&d28ZoQ4>`+?FHsfHSXNz1mn^=(ZL5p@{`;jlP8816?1Cj@L%R8*ERKq*?N!S?oJzU#~1 zzuQbKA);dIzwsJ8W#r)4#WXxVPQadM?RkvLNCqzvbu6* z4n-OaG-y5`G$wy>ad8=0+5VQxz)r||Ggi~8to8?m&b_?OrSljk|EWPP$^nCzE2o4+ zvO1@98>mIV;yNikU0n(a3RX5Y&^X&VX7;%>^;{v7Sy)&I2nayZItkJUV#j2k{r>H0 z7yHYmaEdN;=h_P~i^iBVM+noFa(z(9vz75^OpGyFVl#|T4`tm?e0&E>;|Z)-%7X_C z)YKetUqB~4GvO1Fkf#0l^Cz%5F;l9hfxiB=&EFef)X@(0DyJ%LEP>G0dUS>$dT>&d zc>r97YI1@*|IuGQjcSoSh;%|rOY7w5c&Yd^w&LyEGo(Q*hfj!#t{{tb5%^xmA%f=g zGSmOT12a`sRbSuV`=!<&=H^b0j+R^01_Dh2fiU}^vwKn7Oi!XdPD$B|iZy#U*E_w<=2ozlVEEX4tq=yL)u)eWDPfuU7@|{-6 ztgDbrm`iBbDA3LzRV`c6OhSd1pQcFTAP;A$eAE%AZVI{iFsM1(wr!*HK}&o5`0?Q2 zU}7c~mPeolG`XTn3om_rjfR+>KKU<%BEZTjS0>OewXF=%2R#Cdqo6HwYv;bEhK8qQ zWmhj>P9=G1SqM~j1)Q^!(=5M)*J2e&aa?u-XvPs(jf_VK@#+0~d1VFP7!VjZl&`I> z{thhxG!3u$F)jagYIE<)V2#3PPYfmfr6c^#$vNt;dG;*jLe)h(JHUCnjpabBT*qVf z12Uf~-S+O;1N9(<^oZmgKP3$f+d_k9waTP*5ep_-TC*tk$kx`jwzMFmQY1IPrMi0G zy61*V09Fr>d%VGBZb~Yc@agB{u}JstMjOX&(EtYT6Q=T>tZ`rD`h9gbfW@ zqU`ubK$^~nVRA??(OaJL&sTu z@e^>HYtoXvgTvy)haaemO)V{S!gge#3rl9o0L3CnKIoJXlm28uwP4gMDk?1JE)f=v zsO0UZPaEqib6sz)o;~{kM|j}Vr&+e7Ry}?F%m)?AJ6D5iqhDN!NLTW2-`p77L@oSs zW6O>YLhM0h@ra=Dv9a4>PZA(*B%}IQd1!nl6K>q@!W-?dLsW_FOy+pS`4{RWMfnZ9 z+L=s7I>gmle^A|RGQs1=eHJGZ(CUZR>*(rsef$XU zWT5bi7cV-MH2~}rr=sB8xkCb)i$TKk%iwG)(m!ei*j4~z5S}MhOR#6_uB_H8puI{WMKF(3m z^8I^aLP8_gWi8^w7@F)-)f~!Urn5<|cORVU{_%$KN5}xP+hJWbrnNIT&!ClXDzmf4 zQ8J;3A?fbhx3AanDu^2|A?rc|(@Iw^KEAj=j|83umC+Xw*`6wEJb1#cozO2~mrT)y zW@k6n)$Q24n=}pdgRT>O@`VdO09VnPfK_g?-$_UuM3Q{y517bq9A2@zaDl}i{EM7( zes;DN7C}o(n%K0;T|iuXpr_}gnAj@51xZ^>Ol*EGfWvE)k&qp*epq=W!n4*jHRa&; zQRp8XOwY>C#|ONU6elGnZr{4aESrMfgB#^sOl+w0JoGA1ETVSpjCARb9|w{-09w6! z2QhFQhYTr8R(2ag@$A_QZDL~LhYY$;^zx$A^av}kd?7@012a`h5Er{GLdw&;+wlpGPXpj3T#tWyZ(ueoE ztvDMJt%y_OBJ*CFNvJ#r$V1_rn1?EzuL9+Bq z36YV7?z5IW0uO>}TUS9Vd5C`oEj&}~U;9EuU^?fzt=EYkfrpW>j1v|PWr))uCqzJ zQC0TEj};ff`uaej%8H-+HtP=V4vi#v|9+)1XK2}IU_rpDCyUh$XHm{>=?C+(XV0E9 z;S6f@ZXsl^zkLIxZaDu=`qoZ*2~P@VnYz~1Un9+sZ}#ln3)zc6Yy}y)1Qe$e9{BVf z90GiokWg_bHNUo$FYrg2?U_(*ZEct7&k|6pua0chxLP68&MGs85_xOa{y5j|M?@)P zyRUeAucMzrpg|(*=N9$ZOHf$6m!G~EFQ+bIw?5;*%VK<^Lib4GgK>9y8YQ;0>?b0| ztR9`%+zDDXHa5f#k_zHloWZ&0sm1anSx3zH{evD@U+g>HTbM z;4@eP+};NdXR;nS)~#9jhEM3hv>Jr95lG(-HN_aZ*5jw#P?? zg!r|kxKx-x8Od2X2MVUrPf1Iwqo>DUo?Jut2FLStM!SPduB-F*rly}}ztxAHd6lG| z5%?Yy?Ibdr;GOQVPJ|Rv1v(p9U&C_^e{$9xM`Ym-iRzs~R|=xH`B2-QEc2L4`#eKcqfE_~?3H0}G;Hg>OL;I&$x(8~av~;00>BIpU3D5a2 zv+hXBX|

2+9z+hmKDN&_KQ3L>hmzSzUVPt4jq$+zdXDB_m7KEQF`^=9wI<8LX?b zMq7%~T$|#=%f%(?@rzYPQALFtc?yq(mgn^@RWC0u{JkThF6l2SUPha$M;tdaHeSQo zKw!5dpZbWHZ;IuXNxk&)`WDb{U%BnJftm8Lq6hsv2h{dj zzA;K)BJMpA5*i8sbBB81fs|iWXT{cnoCzt~OQhpBB@O!o)>_snh^MK0furbxuo3EL>^!d-#HG)hBt;33pny^Ze zY|1JspeDq<7AJupsw*m1@T^cv-7_`S)W8y4VMmOee@lWmKzyPf21^9?u=E7Adr|Z5 zBKBE_##GrLoF)QBw|qkkzXhBE;HGj^6iDTNbqO(z{QUGBNA@|u1?0&7a_9P#Lq8)_ z*`yVsiBmsg`+t5)sswENCbhY;-;IkaMzi@?RPLAYaV3SLf=6N=2xz~!n>#9^BG-BI zP$AX0gv=rVzKA4+X&iYqc;;hgC%Li3BSTq`{5YqFF5cNrc&`8d*BDWy>$s(@?NW8d z-yd@QZhF}C(=CFJ9zJATO%29j1KsB8NaZMUNEG|_<|c)H5?BpvziTd$ zYQz&=AYhzpQT+ZtmE& zlf>@gMJnR$v$L}}ufnp8WXk?uFP#Jws_|TyK=O=@jRkDU)=P>g00jMU;8zGGcfQ#R zWu0R;!_or}p0nIhlz*@1cJK}wnQqostHh}Yv(?pA7=&Wt;(mflH0UV^*sZ(vqr}U+zzcxg&oXm&njw8LF?&Qq3a4D=mV8*@X zk$mIwyXptvrT9;7F5zTN!Qq1zkhZ}HLDYZ@8%9=nWt2488#)@4%q%%HG}OFC1ddot zo5@}z%0XJ`Sm9PfeO1RdZ*G!A<|rw3D-eg#iMl|cy?psHAiKBZCIH1$laY249`UTc zet2-O$HGMH^XFc6c6K0WQQ9wMtqUu?)6XZ%J)N&WV$E)x66~{^EBXgx^x>oWrUG(h zlH1x36PDI)Wp~5#_`O6^?99wE-xn>HXTD-&(bIqZU`X6ucYO-&O%yW81aqC%QS z;3#`mQK41S)7zUY?g6Q`^YdpjMlujj@;pswSJ5@}t2(vZ6Tn_*>8^Y6)xsCRNQRbf zm-$ib179mIoKWZzx<;TP!qTN^TKW9>-tAk_E{bJbx^xMw6e`PU;=0Q2(uC zH=8Wq0k<}Mejj)2p|5`~S2>yYj;tSUZog-614a!IOG|0?_KtMcA5U^}elPYrLqK(U zJo)u26B%(#Z0zm|73GAs(JLqECItET)Jtmkq|~D3VvkJyvMuy{BWL4MZM7z-1hz1t zOH)8hQ@_RHy)BX47PYISQGK>zRZC_+Ya;ygdZ5GEw%ogsa&u*61zo3_iVFFjfRpI? zg*Z8Z-=)!D!_)x{&}U(SlGNqWB|wI4GIrlv5|D2of?(?abDq%lvdLwOnY znyXi@0z>1}g8t|!y%0ZUxr4kx@8snne;5aT*DQ2@MJ@*ol!=@M7=uJXt&$M@V8z=P zs}1%U3LTovGN*o#qxrg4amqQPn(kg+i2mOzqbXhdkadtP(UrhF6Jkm&f~{oZaj0qetg)z<|ccWS~<+HXt}s zFI|Fv@lKZ}I~%jClsVudoQv?Hi8V6+3I3a-5qYNr|K3nBr*}BV^@(KYW%V>fgX!p~YAX0Koz*Dw9v+^PCwp32av_ol2x!fpeX-xa=Hs6E zg#}b{D64|#W!Y5Xh_`RWL;78`{Er^4WTsQ6ykK}m2M@)cn1n=CQE?f~I|S6roa!Nm z11{LxFN}ANqB(ETVSj|&2lQg`+8+%pJ{$Ho=iZ_bI9t=Ao#o{G!^7Kft^@@Iz5iTz zjI5ad6i~@pnt=dw*TslcmX_S@I61TxuK}o;cI65JLi((Hp7OWh?61dn0evq8HOvKKm z%a>^ctrRUSnHSExxs{fciMRzn|BVn_j+zw3lRYbcWmyPh19s;pI4ZZPzF2k6=!39V z{cR?56j?(qfj{pzco{oowkDXh4B;$@jg?nmCFwomuUYi30hH~ee(u~k#BAAl8JU~N zomo4H6IqQ1-@g40%tJ~_dg|IwakmLwM@PpWBeNMQ@jrosKw9Cx0qwgxI#Q#H4&l(E zx$9z+Rf{T>ZqUzfcZ^K$eze%6+7N%&$6DpDq@g8dqAw`>Q|Q=uV?=+Y#{NHLDl4Zi+onY_F|v z0#d_43o9yoN27~5)yJ*48U10Eitx{?1!RSw0Y5AMGL#aukFk5K(?$!=*CR@DjY>fz zP%-J6n$jORB88s5gOXS2SY*hgD8;w8VNVJQ;w=mZ|IKE!cfo|8o7=d=P7Aspf6cnK zsp$qb8g(wT4jrPf?<|;8AMo4Y!{Y z6NLU5G)!RNPCy*7R354)ZqW*P6p<=1iHV*tUthbn1alO;fK2`%9FN*{v-RbZ!TGrKKecI~A+fUF@9yZt^ncLEk?#BKE+z?SkS>M<0UC>OcCd(j*oj zYa;TQ{Fzx;V621LdZn4aMp4a>;*VQSr6YJhdt!P)SoccxwZ2>hY`>{*aV79i6dLPDKwZEZb0hp4~S zex2UZk2_OQR_@L>O+r8L-~k_d2CO_57EB)=K~Lj^lG$6Fc`pPtJ4M{%CRxbcyN}~e zp{qfX1F>|e+zb8@Fj9}jZz(kiUiXp*oE4sneFL{i_3{urF9nF&+}wfuxgW&H(Qn_q z<2!L8-t&8Ka>84=wiliYO>J%UW_QUvXTC`L_`FC?rcd5N3%lKeTcD#BXJ>oi>+lNN zf|LCpY)R^Jva;t9uHYm@eb=AC(+hJGGQbOm4@Wz0De(a`fRsa$|MKM=S{`8F^|eSA z1)w-AFbFne2>2rN^76)Xg1(5#q>?$mOcHZ*fLic7plGY8E9&r|?^>P#4UD1J@JZQh zuo2^`H7)5b?ilvwIumv{fb3wu%;~t0-BxW(#y5ihLb(SzuD})9W>YM`bgv`G(Ffuv z#wbv*yq~@S$p?7-9T;Pk=rJo7EZbaMBK z+SsLp@g9AV1~*NIQ%XVV-DiUsWiAU;p zy62)7_SP8r^uHUZvXcqKCZQr|q&!Z;4M1YPogu%#`=+dN&-R;03}Dp^(J#Jw1$$!5 z9?N@0E$uDkYLE>8Nyx##$HfIMh+O*ek~A{JafcxIFmR_)G6`dbNJ*1)Pw|893p~Ff zLcWOJ6FC2t(O*vIVI%NF_9nnAE+??@Pbi?!(UIDMFGo&58Ud5Q&i=N(o`Z`kI7A!F zB`!_Phw14hj=e>)L8M%)ia3RxFBXt9?rJvE>KCqE+vXXS2}>O)kaXnA9!qL@YQLk`_eNc}J6{zA@H zZLgk_B@~2|z-M*>GKTJgvz;9TE;#z)UHzP#^3q#_oL*ZN!XJP#P!(2EppE+F zQ=^!pplcV@JYcr=KFDNOW2)hyL1-I0^C)^>My*& z_tebKyXL(8j8?n zd@>*Qud*Mpsd!KjpF8$a-R`{`%sy@>t6e=!t+YVQvOl5!!r&rvHtGA_Y@I8Wp5|2r zlJ7Hj*+of`cvbwORcj!L_MHr>m2y`5qQ*`PMl2*Ih64C=;^AiqZ{YescZ@Q(^E-HW zte`zW=7Pumeq0=TrB|3m(;uD5-`^jER{4(|(qbzj@P$>d<{`* z0y;s4Ks|yAThB!t@EXle`=7psMr_5?%gemNC8PA<@GdpKi=BI{U|{^K_>kt`NlPgm z;{;u74Ul4G<C(@e_i8_8{3tEMDQeDM8FeITmBebspJjpT0M2WN=69d;@B{6`YXKJg z`o52LC!}_UZ_KP1e}obRqXLbXYZfv?baZq>MtAMmz7+)*vtYMhY_^Jz5I~KA!Tj`K4H|;^P_=i|(aFi5 zP#gB|-_Oncguigo>9t?Z@Z8RL{lL0^P?07)0!*Hu^7 zbu@}tGtR5aLFoqtB10-O)!JU|dIOodd?iOLv`!GPUO=GZ<3|Nzn!|^|acItQLovX{ z&dtm`Eh!-kR>7Eg3Fe0Nb#FS);f6?1+PFvfJD^DA85F*5Zznr)?qOEeGl-p_-(c6g za^(tCSsEc5Ix$y8*U*Qs*;`r;f!^C({uWL+F*_qAMv=AvSLsMGqVgCA7|IR7g?4m{ zXbefJoOWcQGZ-p*I=ZX^>-Hc=7MCpDHYS4`B!ANeR&5YPPJ%jwUnNsD;XTR&iX{dT zG^e8?k1Kr#&4YqD=(CgzswXV0)$jLQ3c-Hm6X*_B7F0f}xlx6SHI5w|z{xS-5D9_` zj8!OqPc~&r#gQz#cZ!;?Fn!qL?(tZCzZC7+$Y z$QJ?F0ahCucQaYp+gDurD$}7UrqKwDjBr!pk8iY-@ogWk_g!AkvjmN}2LVG6RMQD2OA6{4yl&L->l0;8IA&gnc zzbs7X!iOYOAg_SVc5!oq8i{H?SaHP`+6G1(e`MdGJ@KxsO+!}p8+b0PB)#O9NXBAa zcx^dLd|$z_{~LPS@}@;?VCy{rSp|j6hY!!e+XG{6nmMCI+9(cmYl2WcCf+hK*kG*X zm8ASejmcOtwwrku+217y1^w3f)wxZ$S5(pA z9}U``)Fa%BJEX*Kjzw&H55Wmv3Mt!X5VOI5uIt|8>3Lg;+Hb&L3g%C_Z~q@@`S0KT z|Mttvnp?=zAkJPmbN&4{9SI|4+M$4fBgsMI(l{dC=B(;xY(s@?%egP)+Iu1U!W(+}*$-qqkvv_=vu1xCFj0|}PmGmc1XzA!cIc=ow z>ltRH46mmZuzZ7Dal{*gx{?qd0QUIe!M3=5dAa4r>C>NJIQ)rR{qtx3lPAU|Cf*n< zMi{FJ$BT?8e0dt6;4kI9zP=tLlVEr#89b(DPtU!&zGWMj>K$99e}wNKmuZZc zvwjW2ug6iu&CtwD^74?}Y6r#`{-+V$67HDmaNQtikZw_gV3N2x+0!vFpemHV{)azh zx&W&)reA)8xkYP_4j1wk)fDYMdNF8JAK$!5hfaW_0+;ae5>D8=2NG-OJfad=iYSRw zwRPA}-{me1Y@$@so0*??l;|w6tP24%aP@YJ)en^-{@NJpGD(`Ee9pIb>DMqWG!fdE ze2c_q=R-9Z9g$>G|WscgK7pW?xMW@&3fof zFh+8!uTCAVHh~qhveHvkwFTb>QWfwYXt2Pf;-)MTI=sq-;IJ{rV{1E#MFO)5g4kc( zn(<$ib!@fny5|&$CRh8s}ahepL3~|^W)?D%Z zSTddRON>#YzU?BVTZYU9Qy65amJt_}eg%%dR~anzu3fvZ0T3$JEowokXiCF$ZGv_l z)+HdKls3PWUu>Qd!$?Y(HQbzb&S1BtUA631evRNp(`l~#7hC=K zpKNuIhY6nO#%WB)?k7xYeFpV_g?1NbATavgG%h~}vR`kp_=guj^xCy+G|ZT?{5MiO zz?U=O56%57veNb1HBc7-fv!VMZD&+@8n%li(!oiJk2TuN&&gTscdqg9^ejs#3JMB3 z&8VrTcTp(Dafb`1sI}nmv*E)>rTRwN{^Gv7*vJzaSE8nxS*_W-ovAG=UxTtGh%GsF z$vdMZw=ssKQw5VwzgSv0u!Ujm@~lRvjkB{94(vcmLtC4a=e(VfQKBa2n^g37SPWRL zv~_hc8RO~bIEi?>6oFY|c#6qnglyjl!`eqo{AF$h)WF-;F>uA;r-Gbc$|)$|01?dn zBs%Of|7ouGC;lu(6*Iom9ykCjcW1LcNdy0nwlVuQ496wK#ho1;u!&SbrotZ;b11y& z7y#!PrVzeu8asF3dzK({qMn%{#jG!1E{sVS1Bs7~SpuZMkUu~*pxC1!WqF(IbWhTN z^73o;_T$i4l{WA|teeW{OCvC!^keB0D+!vd0|300RR1Mr>NMDPAQ5i#XD>wz|KU?0t zJ44*t*Z1B~A|fU1o#*!3;~Wj zrY_7(Okl~r>W~-fxI;`NDn_uP>aU$1GkygVMqM2npv!7NaLceaXoIqt1mhIaJhuQc z%R&P%X{X?sQE=;9BqmM8{|Y{B;xK zsz)UsD2LXkFm1J|Ove!2O zNiraGzR-X$JBNk>N2l`Ylrl#QiKuxIWkV`Sc1}(dZw$}bzo~8^hU=&^9S4+r32N0p zxaoF01+*JXZl6P@%-M32{Y6#PB_4S72xj+8jm`N^4c#oDbbJeh#H&9CJSMubdwP1h zo4;WU39ZxMP+cgXf{%RO@cS7f$%?XK5@%EHHwV`4*DP0a_>Bv=$MWMx;UjB<8~|21w5VifBHoOw!I zoIvvvDDBjLVYDxdG{s^(99?dgRpx2Nm!?kMS0|{|TWG zoOMJ7d6|X*Xf7iokVzpMl5pk07l22F_=QJJvKfG{PCk@sVXA)#iiMK0vNrgHlF$90 zpJCGWnKVoaK1ds2_~Bzis!Gk-cw`Mc(Bl#MhPZ6 zy!hY(QWG2?NylN4HZ0DH_9BzP;lu@{60>J!g_d>Ls_p`Fei30b`^^mvcooG(E30(K z2vEew4Q|jWt0$;?u+>q@Yd6m@Xq`PvFJyCPj7HJ&Z$7&vkDpSh^01Vz_n9+0&2mG- z!vPs>&FHct)<{%61znB4XzX?geUrXamma@1KI=SZkiB65eidUn>vWi<*45G)zu!td zH8jl|`EL`zt6*Q{oFONI*iN@ufG~kuM2Eyxrobj4u>sgmoJz2}90ol#Ix>Q0`V(RP zT^Li6U>xCd64WrBT;!OxexPo$Z(kS?oN0y22(}g4BZj_B(RJsXee#C1KY}SA)wy^#*o&}`kk>Vu zdW=D&v?7y02$a!&NP}qcViWm$_h?JlVgo_^p@MyJsX&Jer)lS7wc78D1U^(3L?QaW zkUMv*ihJ>=5MQu(qTsauW|-_YV=ma_-rKNz&zW z!4Rbgjw{Ta0U38m#IWMPz!?X=w>I92J3_XRtCOoB{aKoPbeCY2!XF|%s)RDL*7`9x zr*jv5vP-hLk<#I5TW^J>F5{hFSQxCkG=V;`;iN91{)gtP#jyR(-=b#?#5N2Znu!>m zH!U74HCcHs3PPKB&z@f(IH5}}E%Ed43{-gtm3E#6PYM4Q5~Qv$ZU@<-uq3NGpeN1} z(}5nphC%W?$<7u%dD1^HP+OWnvnH;T1;@vK1fWR6zQPe1P@rR!nRj?6oKMn|Xk z=~GQ@kbtNcA<5hHbaZ6%NE*%_y*YXg?e8tJgKE+gK+lf7uqz)QkfM5oWyJOH;b{!- zVDK4}Vh5)L6hqK2wS2tV+L;k+|`ID@SCFN4H&{237$mRk*T&^O^NJeV8g<;?>ayNgz#qCylir9pxn zl;pGmg^U%guhur~em=WE{rA9fj-RY-EqqSP-qq=AP@b|EXb6RAIHup&tmD}sm*$!3 zbA<+Av_LLdc545F_Rc(?H+cB3a|=5W04$kI*V^YJq6XLBX)naz4n-O zf<@FcM%*yMh%tv@rbDmxSV5B`K6No6ro6h^tR)YwP&weiK#c<=$lmvpY@N7*ZNybtN6Y!xjt0e z#rhXR&cAhNO6>nMLtZb%_b7ddXSX1E?&sojsFJVlSgQFfIO=4aN&WgT% zy$Ywc%A3Eo1HHmyptNkiZ~rn@ZCUsbe8=r-#x9t_Fmcq;Pkb4Qn|yeRO`!ou{4@^6 zM!Kbc<;4|T-EtfH^E=U z2gvtE_0yTq$V*-5&>E<8YX&N6XdpI6O@-yWqu?BqKg#fo6lT5&Nc@GmOxac@UF{~< zCY6W~P1!+y=-5yk?RAd+3r8N&yE^R6Ha@X7U9+E<_~o?Z*RaSR-Ff{OAz=c_v?;gmN>F`q{x5=v>ac2|M!Zma9(}-T`D+S*z;v_ko-Q2>^gAS=LUh@Z#Te_L5w!|OHR zBMCiD_wT%Uw#`i*Az)}GhHxKEtEE`VZOU0HD&tTx5ls3vN@ zxNzYGD+A92#KihKI>62hV7wM-6-hHqB=f)!vp={(LHGouq#$Vvp~Il$);o0gFeW=< zJO=Q!m?3mINk>bY1RV=fUPgMl<^^JqlX#B`3Ztio2mJJ{ScdoSe}OMUB6#)pu&yHB z<^i1%7c4mkWDs;fPiaAy$Yj8I{yXj7E|snL2bjAg>AIs4wn9&89LGTZL z?qj|X)dDIKl6m#o&r_JB!Ch^xk4o)7B1y4kH3v+Uo0sRcFj49<(u8)gWA0dkUW5aS z5?6Gy%3YQG)L*hWlxS#we))3R$L$P-n4pTojmDMtg$0gWEN{Cx#CvyFdV=07-nZxrhck?2r?>OAwX!X z@Ft~TNuj*qA8*67;-vrxj({e8ruLjf9Bp54DS~~d8AM3b+p(jEw z4Rb#}8>N(*THn-^_ro5Nj8(tIcM|!*=bhH0iMG6E8`!$@roJx4(XIx0>4ygbY9k#g zh_}jT=xtpfozgJQO=F;lsU~I?raZc;w_ajb=qV?9$o@yF`x7c@X?ba$+a}wYWWwxy z{c@*8Qckn01m6Cz@;i32SZJtiaq$ zOG}#w%PmCE$noMSsDp^ZHy^*kmo2SF%D zK_WPbo}%5ydxCDLB_$-}8I?BG)ycC*pViaD+chGWlwlw=F&V&o9iW{dj~<)=Ha6_D zfnr+*_L5~cB{FRU#Gm!>cOZ^6I|Qk2pyCST=Uvs3((<;}EKi%RGX0j%HFTP;?cbqk z+;|?tUWhsi!;#y}O)fiQZF}%ugqfL3U=(3*M#8A7sv_8)Z5u!Cw`Mu0yciHQQk`F= zbzpDfdCF=Y1rzD2meg&xJdzt*TQ|lYg`Y9nOS1FUt8>Q=k(?>E^FB(vQ)m(cQg{xo zr2WBve*X7w|L^_snFQz--SWxzMugA)^OtLb7Ztf@j8bQ^g?}YE*AgeIw;{bbIemij z)9M69RtV#lqE~F*NFC!3KT`^^xu~$vu>2zZ0y8=b4B?cNmxD7WX!Owhj&F#vlYIXm z7k2(e?N^X`et5fBtz=W`jDte}?)#oT-Ll7}H$rE;Up)qMOV1uHI(97~mMK=b_VsHb zB6wag8TH;@PcT9CXlzc4d`n9UT#*1$W~F;Y_Sx6j6vO|rgd=>wkHDq#8WVI8%R&NZ z!(8ueIpzRnRdyj>-YGB&aDI~PtnKSd6kkNLCa0yv8zXpPmHEx9VbtjF>r>VuS2T<@ zO1O6~*X%`KYpWV_GAKfG)pcnUA6 zF+@)an_0|0g-iS|GiJVVqNeos_rrpT2?=ykc+a7PAz40UY^3xR&N&&px8da}HChqJ zXRv-e9V1z)7Tjd+zBA-Qe91Ul?8_6p;TO0?23G)`(dq_gQm#iYfT&`Sctl6BC+GK(49GWR?6N|Q<&G)j}CsK`_qB55K~G)WWfh(w_zlG0#` z<^c^T)$h5q_dT4m&-s1N_i?`KulsTD-EOVVaJ{eVHC>CaKn~K;LH-%1X;C5}WqnmU zW}MGYCRt7w9ho4WJwtV^j>MwUP=RVeCE+xnDd21kcbS=f#?Cvz-X_Q1&1%st5kYow zaSFheo}N1_3>`lD-Gsp6mm%h=opuaedQ5ov+;w&4T{9Xxb_*306=!H*AXH=5E?tf$ z39sLHlZ^SUt_G9$00TxxMa`TwODg29`^WKZAr8ZWn`^RH`ae=Lx8nl7sNbPBT`7N) zU83x;oa(NZ7fc*KE7j>V9$;NvU5~EOx1+|Lg>g|K1Xn}c6ba_{C@sV4;8N~F% zkHvGxsiu7(`*zMHtc0rJOVPLp1fvgc#S+C)H2mNsi{N-U#mEgc7#W4ST0Omc=qu*u zbdJuc0Am6vF36&n98d?#iNeR=0I3R~SeHjB)WXhwG= ze|Yl1+gqCo2GUWTX#c@ICAE&AaNtvrr8)Y>6aVkM5*N#U?A}Fe_R-Jc{SN(f`RQC8 z7&WnCQ&{ll`i6&dsk$#0-QL%u)f~}1F`~C`qtR37kII>_1@dknwyt@%dMsZ2f~(u5 zN9e65mzMVu%!hb@grdctGo%?&Z?4{f*jS%WFDAKk-p-tx>ePntTCH4i0Z1r6O-{m} zriq8I;OWg$KXPQGbpV#!j0@6VrGTelG3nLhuz z2rn#WP3+ch$#HRUX=yVS%}k%pp@%7vvsy&Z(Aq|i>ON9YDRd(~wkU^OCDRO(#JP*g zeW#)rm6HR5sDJm)$Wd#~k|ELGv06lI#`($dsi;UtnBXu-_@MjMnrbiHqpzEEQN1IO z5<1NEouJUcp`o!*+l=0mCrgbQ*6o8>y6gur|1}>O?`Y!^ljI8XeMQ#mIuS7H>8Y-v z5i#3t-Oe^0ruG7@@`CUU5n;!=a-Zo)1`(a`@F}jB&iaA0MTvX=xPz02vxa zW!##HPFh}`7Ht?)I*i#-yOye7KWFI3_jHKYZkoB55fG~h-?(J?&SU6pR;?m8SUbv^ z2{aaAXH?V|p697`84Ph^{KlBuTbJZb?HT2+YogO- zoc!_0hrJMfD21l^{QBwh>w6V|wy1LGKy`K0HcP>*cn;}GfpG?0zL6=2b}-t*O(Ks1 zl%}bvNpo4EZ_dyp`|6U(O_iHJ8WIeAb;G0zsqqgKN{7h(Iyr;Vmpts=^uVzWeLe5` zMigY<8Z9|tY~{s3|Cgx^pH$|2)8EwSS5#g;9m&VVi=Xcv9wYE&gi(T=ds=Yo))F{g zGE4j4?MXT{iYoX&l~uE?)gyqgV{GN=di(a>%=f2qHpySLR1XdcTI1pI?aRY?9R#3+ z_!vR&UKyTB;8a2N@$S{DbgwVqF3ZWy4GQYAd&1rV*M<#28tO7Z=BlsXy>m>OuCezA z6J{<>_tj%YkNzV)UC8~6H~e8z?JN+G7##LSOPB<_w*YP~=wJ~@5Kr=eM9mHO9IqWc zT0@rrBrFhc-DyB6YY{&2iITEss>8>h=XFnYlHBCD5_%DazBTeJznRH|T1uqKY2Mo1MuEQRsu@VBz$5B~3{i6Ms3srTGp5DLz ziPFx$vt`Q`W_ZU0gFY*(eJzaxeR(QGGUlcmR?j*br|-doO)bK|_JD_`XG(B*_XTz< z{A<-@yXV|eOz%~l9V$jiKs^k8#_$6Z8{p@ckeE0acFTBb6@fj>)g1)T!8kg|?;PV% z7ii4^>A2^ZPup|l+}fTT5<-8SY(nA1h$YoSN7lZ2{aUPJ$NVLeB_vbsI<}os(yTm@ zA9uNQPH1)Z+D?(Sos7#D=)Gw?ZlPlo>L1&=rZl=Br0ZqWx}bQRg%ojo*V4Tt)s2)= z$VkmN^{~Bm3;kzeov~pM&(>WKcI3!p;}012&{HsSs+NABDiF{a18XGs!CtjIzmLYz}_1>l5)=O7A`#yj5$_XIz$S2w9vEx%e&0d`eDL2J@l%N`b z(k1m#NlAF2Sl{634f*})W`BohI&4sgJ9X;d{{2p5n^j@%;^SN^Yuw;`iARBgLWCg= z#TsM2#m_b*9YXz%Q|<~n#C4y~=D)eakVFr~!+bgHWzdX)At68t zd*`hckB{y(Y=4|9<0kiW%xFVOn!3$jMWw>$vVYiMo4x z^;*H>C$de2rh}TzE0mlpBz5a-MG@5}%x`()k2+0pkhWX=;zkUA>5>jv@3)qWB zf6kB@6+bzX>l{b$a~!m9+2f4nvvA?DJ$vp7z0$l(+P7QkFR9wCcD-j{&}T52>!18+;t#ZA!I5pin1USP)X9w8C8u8nTH^a^67n7@a<7`^Qg z-s*@5vpWmK1k!sQhOe&FnHQ1aIIVyau%pPfW5?7E7RiU?<%;$c$vyC(Q{r4!B;d!U zJ)NZ4sZrz*z-7MIG0h)xA$bxD$hxs@9KS4ZmZ@rIL0n=Y2Q`sH3GWt82acoVq{NI5 zPJ))@?F}2T7ia|^0Y^%ZYxt{lo(moaJGxkC?xx1Zpy1%gX{(h5z6GubEoAQh;b;xs z7n!Mb;$L3@?Z&oto;UV<#XBNs5cPNzNXY){)kPL1H{Ak9^;9R{iApeo?xGGc?bkIt zBVyg?XE`}$6=F|J&Xo04FxX8%KNkJ$s2FjBqo3@4jBzacWGok1VSRtBSL-gvJ$~1d zZk&!AS)Lgi9>HXWc-{(rbnM++~F#QAG1o(mW zwth)U|8hwIt}mqig9op)jGY))de&T3Vcklg^OdbVv*T=Zq_;SJJu<+2Nno#Pp`haK z-90+guR*#NsluE-6pHx|v~U*Td=6Zn>G)OLevoAyxd2U%X<8B5AqN3!k9FQ(q(>g`mPPgmBH}t6#Q{F_Z&SHY}t5%$Mm zba!Y>@iN?-RI^3)(_UOt>x=G86Yp?mdD9A~hYhN5PC>W&) zr1HkfO#v-oi-6dW({E~?p)SL_|Nc?x4bI!jN@M(8^L~Bn730krf5Azo&u-j*w_H*? z%^hc_F0*O#=Brn(Xk~N@b-oZ98p_Wkm+$zbgA+2JG;HX?*k8Hz`$|eRgcxy%(RnUC zo**Hs{qR9(kiAer_pp?=5)r(=>`6!#jlF}NGd!8Sh*;~N;#57F21zjgLdA;V2R+kQ zpcYwtpZgWRV@MhWVBwL`K6o-4_ZZTgH;bOFsX;*N+`bN*X8B6Mp#$Pz!qj%-+Hq)fR znEvKW(r3%Hnzt3Impnqf8)N%|fE2-gMC<^~b%~C5BYN-h${5wdWx0|em-rtP|jswuwv=bmJe4yQUe3E2G#ZIE8c0Yqi>!I zN(d~d2pqICt^_)Lg6kyc&acH^KWeS#P3w+VJn_E~Qs;?v<_WqP{ z1LQsZUY#!O%1JIdZvs)`KX^ogs<0oR?ipriNMY8|)Fdl0{Fi>G;KR2-q?DCER#&S; zStETB@*vNiohj`aIID+dh$8ZONK3>VgO-{d@Ne1IuK;B$y|XY^(8I>WB%9YHKuYMmF-!r0i@sHkb^y6!s9n}icf_+urryK#$AptRVzBGv&3%G&Te>M zyLW$BUQUI+jSA=XZ8RDuw(iSi!rdM06tzjG&M3(t`1<_Fh=T{emrPXNeNp~T;IsFx z#U(9{(vpiGm6VqchqoQBEb|+4{hxuVzk$>YgPu!d zQ{C!DRPF3B`tT7>qQ{T_Sa73LKDw;M)G5%_JApp)ot1Vk6H0j&F1)bn+2}VGgxd=9 zC<)D|s`6nZM-Q<4+gjTcea-UheQj5d?d&{CaZg%WGi7nayJL#&-&j{ch^>B7{6E81 z!~R#W)o-aw+}vWq!m4X)WqR~zL_+MbSqNGVy4kJo@HrWt;cegVj`>K0E-=}}%a@S> z#nCIu{vGIAL+#fXKD-?7gmx4mfG7jfE?tU>H*~yws*8<7_Q~@`Hgs&Qibf9g4D60m zJhzI8h!j1}K%=c~IM~K$X<6yW&r5eVy(S)dYuM1CNP*OiUu^jCZGG^{BBE7Pq$RzI zkcB(Xojd90dUtmx@?mLcujCaMuYUjd67oN~V8Vw`TB=$wG*YCgOo$vox2ZuBCk`At z_HeMQR7l=quvGlUs?y?c1vspTnB^NW-JC7${egY3YkVPHv$Zxvm;28A z#2Jj#+%&NrxE5YK?ZI6dRn%Q-;yg`{B|TF!FH;(kv}^I3OI`1s?vSkTVN2vA-zV1f z;-~G)ZY${R4;Ptu+Ni;H!h566pY*9}_G9+&#txDRx_EKIyQ_6D1E8QJ&8j74$1SxS zBp-sNuC~73ViiBiR%375RW|i(t1#h%;LYxd$GUYKny&Nb$5E6m)%zGOlXb<<#>cfO z<;amr)}JW%?mhC=T_dF_>N1lK7<9oAaG$JPNIW9hk}YdGcI=cU1miNl*({P}sQu*d1yK@i15^hLY-}Swo;q9JVC|c}Vc6;s4=&U2> zpu}}&U*45J5XxGZv+e9WWN(3ZGNLyVmHmdx_u*1OddWPeJZ`IPpr=tKs$qcuc~x3! zD)*L4Ljv!>PK9&`KrS+4q!Uh@Ae;`IL@{--IEvXP7)1_0b8U=cB#n-rO!Oj`nfdCh}C6sHCT-r?R!Xx9KXn z9lRpEDqAp5L!HYln~*vz`u6US5HO7h>qJx>h2XZgPnxeh<2XUeip&l0QNEGws!a{m z+uEc6H&Beo%4s+uP24Wl75W&?UbwUhJy3138zdiS0MOTk3&S!xanun#L8OXD2q!!@ zmPw@ZGt#sY!F+it366^Od498-RKShrje$R)3OP@kj+z}S5ePW{w7aTa?%H{kRn&%^ z=2FqOf1u|t7)xG?K)^BJctil?^L+7)9OF(?!-}M^$JS|y(z5`J2EW0_?)-#IAG7Js@VN1E8$RN zC7##TGBE|#hNVjFun!%f=VIUVXoepHHVq|-fkLow=1e+ph#mrpRbHOI{~8F@0G~1f zG=gZAmAxBGmn}PKqN1|c9Z(nm?R{02P!I?61!j#f&n0!gCa)1o)r6*X)o%L3hi~xk zczk(fU#}u}Q~;cD08Zqk(*j^&AdkTS=gORO*Pl$XvVu3IarOTCPGRVhAkR+L_Yj2= zJHo?~>V)NC#+g|I!Y!};{I-1El5ARIC(;}bPgedcHcBdBFY81QcZY?=5zwy}s+@Nh zzzQ8J-7Bg)eiM%sS=Q|HNjzUFXa`*u=*I|iw|P8tmv_#o_aGQCKMOfN4>S?|@%LZT zZi)!d)8^g088IgJ=FMx(m7DSHfdlivx4stD3SIi(7%KiI$lR}I{ zT~1J4Q&Un^HE-t3AmJfMEPWE56 zNWX%ZUXwO-o|o~}g@oKb#{^C)Q@f?ZxhqxJ36 z2fQrt#EH&=do*j$4x0)?=WxSFUWrLIi*M$JMLE zrW2#MPiLlC-B=U|enkK@h)2;)lsx-xuAh((28AoYn4R}1iVbpQSx@(=I+C+r#-=)YN7DYYY&_!@gO z1oNq(ysx~Xh*Irei+P6Hee0@glQ>Z=KkoTXBhiV&WDS;dOK+}m2+m%a$cBopMoUZz zT&oxM>vT+M^{m{SPfqj~L$<_Zq|ayI$B|h<&+$g0YCd6&3KV@xPAS z#>7_(SMTsZcMzZgEV$K=cb{@f*I@ow=%r*P*qdpQJhNNiX-n-WhZQq~JIOv?`;L7X zMfVcD-s5LwNm1|J$v{CDn!ol)&YQKG8@9eZlg9fLq}f@3>XXEO!#oRsuh z!yf?9iVy|GFMCGU>&NWc@7t?KkMIKrtXK4hsld$)(Q9uSK)e?Uby30mrAyP18Bs&v z(+?GM_KovFsD@p;|Gq^#W{Xx1$q5Uu3Smaf7VH}HplWMb*D9~OtTA}LlhQ}n}@s8mz2 z^fT3^;byySI}M$2eZHONN>%wIw{nVixWB$#mnVhC3=$){F9898Tt^-%VRXDh#ax6U%y7c z?DuRjOBHoy@v_|l;MAYeslCohy!9QssmaejiKuC`#&W zBBD=fkJ|X*kco=>x^)P_IU+shoB29jcpP`}?Z=OlKeDpoyX2`j`|`^NWJT;3`4=>F zP3n4cE~=>DUTG-`dlYF7UxyCbW>Wp`T?ULxe+$_XLv+ryUArx-M&-G3w*31p=VPqh_~CU$d;dgJ({B9(O-&Y_$Nr*Jng0xq zmfqF;&H2?Vl=8~e7F9|WU6AS|F+wG3Q-?~m$e%g4r7lg>?YZcAr)^%x6ci`T9v{<8 zf1ABhEc$0=?_|X;bRIK?wRau?S(OJ=j=x1|FnTmm3OuU${$4;995+vRB(5r!U42|x zi7;n9fC9`5D&pJ4&f`xj2(oM3*+DyNR-d|@`6`Z&qb${ToOL37X0Xq)aGy;F{9ZlJ zj&^W-BMH0=0)#IxJdes#52*$(bWS&$8yd*@{GmlcOT*CEWx2?x{Or&YN7H_-d3)r(?TD40K7ZOHDD>J*!Dv4~d|a zn_l)q%!`x-5OmKTsiqGpmg>A6k6|$Q>Y15a7=p8Ye$mx$r8`D1Y|sbpFf`Al+qcG{ z%qH*Ozkl)Kc*AfbuOgl-PHO7vezu!^S#{&d0L0f`-`}UTdjG`3hBbdKJ3CiodDI7A zz4{#oMbY959NHXyxa4F@w}1QQ6=QoDd63m!4IKFa87|x2N;ZoKeEIh(R@By<_xER) zsYdrGkjdFjPQ+cIBwKssDH7A}(T4$E=peGNa*&#TB|Uw`)AUB5L5UC_&9^;*r`H+p zm>`u}=8TFyF6E@|tc&=^wFeHI$S#4VU#5*0JpUft%pb9KslfsM86W<70TGOaY!CQ( zw+K{jlaW&E7x7KR1Eew2P8s)O-EY=i7;vzv>e{5Of@XApXOffYFTq3!PW!_|MN>B?XjC4ao~fpr=+O>8{R1iQ+J(Z#1X~3n zjua5o2GKa*uPN4N=|E zkwxwSc*CpE3&LS9*SsnDE&5XcV8#W)J}FDYlEfZ9JgIEL)@zcbLpmIujAfU99Zd@E z4KloShc2;VgEJTd6Nf|c#rSv^3^WX%Lg~@e4gww4X=rN~vL^25kMC$;v{JLx%$Gzt zQ#|{$NUUGA>H}!9P21NmU*@vQ3c?6CELR(wa$EFJyLU!B#t0odckZ0*$TG?+O!>UM zQO+i1!6q~7JW)C$qc$>{W7@M+CpYb#B@{h|d)=&aEB*!4JaPXu=sb-Uv>q=C;5j=% z#2ZIE%f)dO668JdMzPFBy91UnQrvMgO5W?L5Gx zL)nh7!1_GR2-SPj25T?;yd);ExlPV)dG#?8!?&CK2FY#vYA~Uy$-km;KAEl$j z=()mJ{r?8M{0&%c8rIuzS>&-}&n=g4`%7agIqxh_??+^rL?m0T2|IC=2cqheZQ8L zo(k$SnjllMEofF(J$kPADWc?1^RGR(L^|zIn7MQGstmt(T|Ye*4gI6XxagX$!xI@x zAV^HJZl9J+c0>WxNkEvv9JY&VT#P7ibx3xsw{&H550Zpw)4rUXd(O>r(C~v}A#)%) zcD1nlO1fV^9waVM`O~MuPzPaL=~IOvVgiy?OJ1*QS`ADdZxNC-=!UC4)+%8z?%usO z=Ia4wXem8FbI**hVeQ(zmg=Bd)k~uLJB%c4FKGAf^&2+q10-QaEh>UPOgwvmjPHQL7_a@Hyu6cuHD(V2Ckygj&x2$wPio52g$!d`$Op0~ z1G8{yUA}OE?dMY%csZ>mDsMrhLV%IEg>_hXxT&j+z_G%DKaF|4C<@FI_?u~V;~eBy4U$zp>M7j=IKZ>&KLf3O9PSq` z!|Zx>+cwh)6K--`0u+*cnCl{3ULyW_&~htT6=zKz|FdT`evKYE@-(rtBsR8mO_Q^} zDk#bdJ5X~=rLc#@!S_$t4I&Qg(sR#$=yQpE z_&0s-&WpI?L6R8r>f}M!S|_^3dN&nNjPch&)4TmUb>*Ye5Xy#JE0Z) z!?U`1tc44=q$#ud2S_Y|BK6L9nqp+i!VV|SaBAbV^9QcX0q0czMfT_v<9R-YgM)Iy zYEfVFiD_%UIPSmV%OuBjvfpEue%JBl=%Q^A!{*mu4+m8G+f4L;8_?7PFfCcU*m!H(e(6Tf3>3*71i(bA7A~aY zyixDL969BXN7JWIQ~;}YCWw%R$cK#k)wVYGK!0M7RskBo{*%;C`vB->UIE@p@_W>K zVL0^Ft39)V3I<|?qn^87$G?DNmwB8X?Fh?k$BpwzUsZiQQ@CFWNp5X(w$@|(s*p~^ zSG?nG#MOA#ZdmYPvcm}LK#S|Bow@F{17PjU=>wK6XL*Gsxx6^1NF`n35wd*|GvkD( zvPV_@chqk2oJr0u>tT>3br29q3<)?=Q7ZJ-7*2p4yVYB>zZc|JEfE(BJS@8Q^ z2(vC5j2?j`M6V`MH`Pze|@4TYKe2 zxX*T5_j#wuv#y-bsQPFh>g16oJWi~g_hs2m?G9^fv6@L*JOcsfNR6 z@Zd=kCoZ8067Kcttn3}eqH}5SK!rot&QNwDbBi6Z`Ut`A8#Y{q0d>;RC=51_$IB_q zW$QhGeiR0t+^n6>!xUjqY0R){AGJ#t4oPpzkrq!Kt)Qt|9Z#dk{9kH!GifdWIgbzNUS!G z6Y8Ke$+<)F2{QzHGi1mrgesIWN9WmQ?bw;E##+QlJdSne28ALEVT!xJ_++E&W7fZs6|j|Di!B${?30+SI_y}zei>Fa{8a&{@pisKdHFZW#PgqFj@{C%%o2qJ!<U3%T`L~d*)pBXgPuB|5 zBLZ&M4>vRn_p#UMk{0!1!s@6bqdnp%R5SUWC@Zy|m|mZ*`MzC*LX#A!CVO^RTgwB* zzd+R#WzCm%BQuI zYZx!cMzm&H-bEKf`rivvCvA-w*kO|eLL=fX9)l&|8AND0!oYyjXJFkb_ruBO7!!HJ zLOV_ZQ7a3sT>~NJ;pexexnUuEy@OLM`}8hm~>XtW5VLE4=&|+xtx|(^~d^s69fs z{Z@$7{-7s7=c>A1<@J`bYPyN)cfwsT*H`QQXj2^aCOb2Q`c6nU${QV>H2~)jjE$|{t>zPBnze4qrEaja zu<&nl@^i6@TjpJU@6}ix_63Lv>Shd#USc=G^MYYv}0Dif-wiYp&BN43rkf7YZoC9fXI%{5t+_p&n~gE?pX+BqqbW zBxKG0$bV|Kz&iE+O3`ZiqM*HwTQ2B#PN-*XzF_!odRAhog`Y={SWNy2)Yb=lqiIwJ zb77pcM;epTojbP7#kCe)Wk24y9h~Q)v6prid~ULi^pg4WO)Bqiw}BpoVw63w98`B} zZeHHdm^%=MG}|;FFcplNoMfmagAYuFr3*Opt|JhmXPspt|48zv-BK1EQvZ4J5#+O> zP-H|mT)c;QD+EjT$WcP&cq<5ly3VJ(4M%E^0W#W~RzWw^_M$+%- z;GqBN{p>}T%@zoit)OK#_UpFBEIiyNDZC)APMg|%>*G1sE35mYOv;T1CzJ9SJQ~Jg zEjC(4ATU633+b)={QbkHbccwMt^CwqciJ>E$VP#~zIv6v_(Gn`(8g>(LF(d5rfv@b zq%iy@B$)RMHq8*6ICaWq>wuwRcHfW@$mJj;*mOdDNTT2=Dny-Ls)OR z&poW!SPtnIFGmz18w)4oSp23T8@X)Xq7{S+HV-Wf$cncdc6&@6aWj_ zPF{oSX8PpXJF@F+lU8cH>=nDdavukYI)D8y1+F=-KYZ9XPygVAV*oYXo`19C0RL09 zsu{eo&_1qrF#s3M5JhO-*46=e2mTz5Yr@AX?rMs?)O!dkeU`0USyba5m_-vxX2#Eu z1%m6}{~^AO9QRq=j$T8qu&lHwCykcKZNBrm>XDV-pL?7iZ7m<1WE@O=5F)s!qJS3dQ^g@a_1 zUv#^lw6SmH5L4Dy3Q^vdpQtiz94TZfxP1S;&{BBd6Z8t2@%pvff(1wQ+zEk1HO%S~ zVU8F;S)E>ohYEBXf`dZ%H}}RO$TIAQO4`)M*`{z{{m0RBdeo4>Ij z$@wM4u^MMHArNUnqJ0S?Vr<97RSBm?YPNLdwH+3!wQ`O_MAV|Ve3v7Z^OO8 zqzHV8n!xus!P&ZAr}c$z#FnEpEQ3~0&UGkQIB$!y-+5fYxYS4_B~iEX$&<|hx9lfv zEzauQw=dDkT;}_P)M9P9`tcg4hnj{`*t``gz1P`yKyt-8((-Z^S|>NWP<1Kd41Puc zFuf(~OIpj;W6z}RrQ>2IV_+eksu(H9GPQB@I=MyrPCn7K<8~Yf0OK65XfdMqUr0zv z$s!63$u;P%y?rVzC_qiPWkOi;e~TOId;Ra>#v)Pyr1{F=KjJ{I{k|G8lS;^qM5bUc zWBQyG!>^(gA+;A_wMLcp(b^xrzP?ChsFd1E6VIOx3MxQ*JZJ7)$mXrI2{cx%6-V5) z6pdq*`}7&j{^evxFQiu3tTfY|V(tpXumeNewXhO_%Q&5-l#KAV6u6`!3q;Blv@vp; zND5fuN!5V{1{W!u@$uVht#g~&wMdu7Ch2?py&kvY8EYGn`pV9Nzm?A>d(N9#g#01* z!tw})gYVzJ@3k3sY9*(L=AOzMdwAaPl7b;&k`=9bH^XgEoOeft{oJg;e`3rJXV!y5 zQP{ML&k>Z!jEKwv8c(RI*t7{wx~w=NMR{55_%5A_uGyV``Y>vQw#&2^sbQbuthGAr zu(#%}f#4bZOIW~xMPXJud*2yE;PT~|n2NYh{fGXgru{3h;QttZzSH*xz67)h6aSfZ zuy|yNlADa7W4;;-zo~QI>X)XU4@vj< zAB$#_ZN!THC6FL|HXPThb)#F;Apcl(R#!z$NAmx_+*NR(E`BG*#(gx5SddRq5ByM@8%)NzWF#$KexbmV(+B3ejvwpbFmVH&^8o5JeUxeWf3E6}@v}@QE7O;o1Y|nFw zGB%#UXL@`ea)r`useS{oWJOij@#2>W*Xd84^%2?5%8X-EG+_yfX>UnW@gZrD1di0R(O^GJf| zEvY?Ci$>iOWgQvV^n~G-2FuDc-#Cm!9sq_hqV*wCLvlj%8+S<7PZet5f!k12(15>Md^XZc(MFb;9j0OG%T_DrCxBUQm4+Unk0zulAEX@U-8 zQE-FH$+UK)_zir;bfOE0`$1Y!Q`7ix@;WcJ3ZR}~4_SC*q$?gvRA`fXrkp&91nBMS z*D)hjJFi%A+D^0Wqt7qK$}U>=a;>Ke=rRimUZX*IWq5<788qqLyLBVg2)uL3XhB%fG^}a{?!arhT1j^yl@;&|phr1C#T3Fb} zY2S?+aG4DoHv*DT5v5Z~!~epE$AfHXX}O^?f_!2_L9e`k0L@v~)dKtqT*;;&jx{Xf z^fW61V{J9?;hsNt4nFKJXt%thm>BM^WyrpHk%i6crwWui?Gt5G5c7MWE1sYcUa!IC-G|TgI7{h;%>LCj11bb#(mG zTZa3GI?QGi)m2E5kyqCZ7Nn{hJ?8KHoAiQSgFYD}L)3cOwJ8G$FfBOX_ui^kkS;4% zqSmz%WJ8A1nMAFRy3z7-za}qY6Q1gl<tib5QQ4MQ?pcdAt&u)#q1=a6mCRqxD3rZ_0 zlI_meYJ9H=P!6nOeqcsiw`NT%^H0FCZ`*{@>;I&*ZF`LFjR!fxL3RuTR@J?G?o3x8 z6arsHVL(#Wz1eSy_m7t|^01WGaZ-^F>Ac0UU+>=OE_o6tN8r|lxmGhLYcgm8ym0=WbM_uQh!*`Zn5Lx8s`luHT&AMn%U)ejEfqApu?0ZfR=XwGWJThN zx`+QD5&l(~o&I@IQ|CK>M7xCELM*E~G4r>1LTl=A&5>~g26M^@ zd|{-U)(98i%$<9fb|`!U%=CA}C9bRC+C)_c;h2zpGHoZ!4fELTdJph41<9LXcx*1fuy zecSi%Vc$nZJR;N?T%3g9jEohkXMaNEq^+nh%Q(WU$j2r@N3{5J!+FggQ3bBKWhspR zWo3>oU0;i(0~~B*%#k<=4jhp`wPy6Or4}YPeIS(Br@^kYq^15Mb6#2{y!r8$79c)e zmDy|U%gLh;3&Cdae?kC{?EOk~-kVn)T}kT=OE?c36Yq@bk-I6uBEIjGePer7=eD(J2C(jJJG6z3orFJVe+MzM3eg2%+2-kR*tHOolP8YXt?y!f5nWVuK(-nC1%yu;?Ex}cn4^4;7}KyGJ=yujDHn>w-}bss2dKIjCbb#49|EH`TG_Gl`! zlg?uO7$5<_qulr-PvIK3M|52YQe8F&Z5r71g0}>-KVhu9iM@VGYF)0wV-b@iO z=<}WcBjI&DduU#d$S;ABQdjSe|DwCzE@O&V;6HB0zsDP_Z%#dN;$=JbtIYbcDaf#_ ztopw=Cn5;6(h_Qbbgi6Eo~+}TB$I#;kD|r!8MWKGbZ{wJwxjecfD}C_K&OW64$lsg zu@1FayGX=+CSYig-z6wiGHQEV+HNi-Fdl4bp^(}4x{bx#awbyJd(R95%m z@gqwgjpo!V^LKE8S98}wL#F_V;Cc`U5J{JnMebj5+~F~q7_a&oJFc5hvP?xsJ|sg- z>~D3u{~Br#FtWE0LtY&$sRrQ9&op09Z|8F?3fAc&0cc3I=7vywoa=yfzfwDKJo6VxJW@QpG zqXYutH32yny?(Y!KhnqQ3?2-HK7ID=t^)Us z8>0(cf5m2g3JuZvuKX*;?VI6`{aYu!?raum9=6PrWYxi#9^*J`CzUjIisS1bDXP~Z+ z$x_|5dXS8AxTkd0OS^%`a+eJD@`sdWbOdIbI*vD;+SS6wI?<2MGw+>=EKqm@_X%H5 zIq%{>&%06V%kk?#CFYZMp>43SvO2nv@=cm1YSlMh?+#kb+AS@5u)c5Sn3fsFMFt+8 zu~t|1U(Wg57Cd3rUEhE|YAlPN@wE1ej(BM)P}#k4pi4|$>gsVm^XzHrcrz!V(#086 zQZkg75hO>~z7LWXr*#+33x^Mr{y_K>3leNbE7ZG>G*Uum44{WJX4S*)vf>?4XiT0w zS!VT(y~~kqZ}<1lWAK=`yH8%m;}#DsgyR!Jm4tw@o7*TVxKilEl|r#G)CF7;DVfA_ z@ho%u%_Z=F_m>Hx4;ZoH(K+S*eYinH3lW-#d}TgduZ){I9U-YBHx@ZTVxj;6%0 zWzyuyUq62)_UaYmDY|Q2=L}MPOs&vgv)=+tpEA3Gg>2}1Q3ox%-YKR!bU^Y)nh+Z8 z^f_mF{W!?DZiF4aUZUZt6;z}?-G0U6iv@*+%ZTfwxav z%z*>Jx;fjz3wJ5jOms35f=b7@ID+&GI=2v{&A z<7aEMWL1RcR;C4j0RREkQt}ZlBBsTPYH=NQ^Sh_+`~>}CJ9-I(CExlEuB9t)srePB z)J*BJzirsx4_ReTMa4rA5%FxVZXM@*qw}yuULB^YX$-e{yRETazcI!8K#y(BjrFxp zB&t3Q>f<&_bgLf^gKUsFt%Uf|qvHdH%)V?pr_eRBqoCDuqv}2@rSD%qHT(NryY>_9 z3=Rmk4OTsV?8PmivuXV904ziD4}AgE5vbjWu&b?GjSUz1|8xvBa z%%Bmyx)}0gu)aHy9CvN);H_^)vqYZ%5(za-3#gGuxM9?v`uJ6G^n$`fqBzj#AZ+8R zalF&Q#lO%=K6OfW-nFOXZ)(cQ%gMd3xG+##+ge51vMw2*4}gGp49p=lG_|jHnI0(8 z&twy8*%z_5MAmVZP5p(SZ4*N#2r!x(ZXK$c+Icrs++JcEVnr{D)4!7{r8$@0-Vi`Ht^ij zDDF*af?5D+90g5rwy^P5MA-}^NuXL>bQb=OUi-opi)YJs#s+n)9J}7tFy|!g?I?^^TV{F+&(dS!d_D~dY?7dk-B!q(px>P^P;b# zh$ZIxK}kS3@q0(XM{;+Qe4{HO#QVO7TS9$=ja)j&oIV!e)aOixn95t5JLu+Z7A~6S zk|T1-%jzuLAxj={qtsxct-Rit!A=eWj>`J^t?RJ>#Te)8vcRCCQm^?j^)78TNin(K z_j~lXe8%-_n}o%zyDDq_zI^&b@Fnp%s8J~~2r)t3?@Y83goSR@c3Jcyb^jW>K;zn2|1LrPqe8^GsqpE3fz1 z6_MF>&N(X!HZ|U^-|&6zVmFqdg2}1+F{BaXc2fKlYD+uK$cmm^9{+%V=*Y;7mAzI- zoDYT?i_xzK#W|5CsW?*4z@UujQBzi!bzo?C>Fn7(`}iJYC5#?53Slux>t|#2j*ML6 z!s299DFB+ZE-(?jts4)>4b0o&)=gPC_UsHHmj}_NO0v!6oQ0@}SUC+0i7W`tuh}yA z`hy3CWLksUqUQjB{qf@9YEWqfB^#Mh!Jkz6x9qF)xB~2%30a4ZpAX%4%SiR2EM70+ zN>9A18fV7j@HA~%uC}kEn{)OVEcilapD4Q^3Np6xvT>w{+BKsn(B%vEpr7Pxyi`NBKAZxMdprK8Az#1UU(#z0kW zGntPG=(yx7`MjBz@U$?kd>a^g>-OEdKXHc$*ZHzJ4(d-R;J(rN{cFdNJkBph+rGx$ z=>YFUl?peIT$)4~9x>t}d4>FJz9lV*WTIzL@ZQ?%X*=23tTGhV|46J*bd_&6>e`tG z+gRhVm{F^*?-1D*H!o}J*a#PQG6|5jqmjXA15E+hgT3QMgHuGl{h`iX!Yd*`Y2YyD z3`sjB{(K&+7@%@|eCf)gp1ReEt5@bm_%@1MoA9f(*az)~a3fQ9WhHre4QX*OKCi?% z3FkgV=YH3}{>Zj>U%#+AN#BwCm8>*Y8-4%Qt3!`LQpRsAU1aP=x?eAUtC_E@6dHZ- z;9KG@SH}?c1Gw`_vY3mbBK_#`V~24J4PqkK$rzV5TQPhyh7M>Uj^v1w$;ra(M5J)f z_W4KG8V;Hq+_|cc3?@51diEi%mpUo&KCvB4Sy>r3)!8n}&cRD4asdA)e7rn8#XE}Z zwCZbBr+IgWx}IAB9-(>~pJ#iTb$@Q}_E9Y3^ZQ*+GG4O9GKMU^=vgeY;bUdLUcDX; zs@ML|HlWe?h*HJVV~ zCWW&j+|t|%3n%9`*KDNXU4-V;%hu1Yr&_xb=LNLycMq{Xc1T8F)@o08aNqx&) z|5pBzs0AV_FpysJyiJo7Zp4}H04RteE>}jTiRwzA#G6OJEQ^;cxvj%YMA}Hqx7Y*T z5r+?FGTMI2MuG?3{OZjccqOE{{Gd#Vdc?6WSGTuAxR{oceqEhhqGY(tk(3?yS>YCS z<#9uf#v~jrx^sv8PecoVVzj=5h`e67NHuMmzFNRd;*6n<(TgUg(Y*(aAiKj%eEqt0 zcH=O!5>NN>>6IPQoE7L7k8=cNX8zzVOPkTTp@l8`HTSyB@3($+w>9X1XwA|7z8c)J z^j2D@BRpS(d9inidw9gU$8ZnCMq69!dwCUuRQlZu?4kCPd1{_>sqm=tH&%u_grhyIJwr8@&1hf}H$zcZ&!duvh6ZCRpx14u2A9T__HcCy9d-#wsfW?D-$5s9i>nRl9$N)*i6J;2hmP;4y13;_L4C}B=Adw3gqOTXi+oGkWHDn#=)qi zT>9mY<|=URKeqlDohhdLzNI|Oiu>s8;9Z9<{Ozk(_r^?3&O(*abFZc9#5GEh6)#ya zwA0_8&5s^5F-!sDcS`nH-NDv|HqT*VYQ;PDw$WlWfrTDVv~9b}E-}KhQk+ubQ&TxJ zchh*4ZOG`=;1Cg*cdOF^%3kP(17{5*vhUn^hwl7Ul!x5LpAnwQ-PaymblFvRd$EG0 zzJj+=^Vo*5GFD$LBI>`6t-KVN_cFC5>4wd`fj;9FysgSY0OsNB4CdA>Z3a39FW)=! zJ~%TANxlJIIy^V$9#ZX@WRediGs%Ip5nBvqZ(#75P=9KES~d>^}gcRga0NUuxgoQ7OEve0sRl3 z<_~kpmf>(+o%Q4LiAhy*!r6!2O&2%Gu!SH#W|Hu96wHoZQ!_)h)(T~Lk!{iL_Opld&32%*!_kVG5&=eG>LBgi={vn=~UYNj%a`uD#lO>H?FoOm@tG0rkA> z;zv0VHfE;u-;Mek!@j4dr_P-82Fz$?;`9yM_tpNeNkv0Xzpv_dc|`@*o>3@h#s^3h zd=_!GmPu`SG~eOa2+K4>nOh8B#G=z1WjY+HowXzPd#1~UJNw?vZ5SnLrLiOQ<+aY& zCaM-(vpoOw+O4bdsVzqG%IiH}zpeY&^)g?AsIOI(8Bl&#lac}@mi7VhfO!3O))@?& zbVg980g85xj-RWqi~8A_nTh;JKZZ^=BLgDiu=Q0sqInz_5BHg0P_&y#m*(np)x_hiWzYN07QM>KQQ&1qSYAS^z%qNf<6519UilhK?xnw{yFEu zo%}-;C75Qo{Ja)6b2=?uwhUQr-EVDe^XJcpP!Gb%F*2JBHrJ2|O0t^HFfEi{$p3MT zNr?W1!>`O?AEp~TB>PXC82I4I^Y(59v%!_Ov%k}$Ug1=@Qy$m&_3H%jpp;#<+k!TD zFRwnM+Cg~~5;}%0QWF+jsNh81$Q=AJtstmu`=GK04@-8dbRq*g;Rj(B^Buskr9pL*YjF@PJ7Oa;t zKv$nXR{esR`@8_JAP=_8AFrO8xmc$XwjeIf+Z;eSp^;m+&S0==na&8w+wbKWzyYrP z{QPJRPCnyOJ{&Z?CewGKjm;@mjvt6jI83{sKE1|=+?yY+CP$|)Pz`WF6(-()O*dIo zFLQ>B07O-n!57NdB3%CR{X5{SsvkEIm;l2g6^^CqJpLXUL%^sb<3>fy&mcCXDeDKc}+9j2P$bCqM;Y|8pSPgn01pD#{G>FH(| zpNQWp2zGY;rK&-iXALbgrmPZPcNMO?`W5S{9qQlTMCmloJyvWkJUqWP6vwO4*>fte z1tad-wXJB>2pcqHbD8-h>zP?wGh4zxC!VzBZSE^Czj)!o8!tbx{vxTfhOFO#`ke`L z7ywcDA%wE%y|Yo|2yMh2uVd<804?{5vj}A6PGtwRixNFYiT7vu9VZ_=)A}F#AAqee zE4=D!#zn<_fqc|4hut+GhJG|706S`aTwT&>4bOD#&ta&RdifG~S!Q(y=irB@N4mjd zr>$<$bL%F76o6R5v!`;ZkNqx9^JR+L>5R5fvBlk`r0xRIEd8r4fzO>iyK2jpOoMJs z+nQI;@H9G-+s%@p#KuZhUb*ksGbL}$XYJOceFR7XHQKz!+i~6U{Fhri4mJ*M{a8Dx z-g5Oozl!ME^K*P(ykB7zVf6KVO>CM*(rb2+aT0PJfPuV@RzmusiOZr9>ppbje9pTk*Ec)z~-ByL*>Tm5cB-ZH5GHDjZ|ETc)|AJ{+M zys!7cq0ZTBfBoFT(f-XHm|~5V)fl#iODX94IUg=X(aqY-Sr2U%?-oCkV=iSTOitrj ze72_$c)2#joZwUtE-#BX#(af7eXe=8HqjG^_iq z2M=D<{@BWPzhEE&ck{N<3VG}z zo2}QF0`>4EloMW;LQS%>#Pe z*S7CWOXeg)WGEGpq70criY8QwCPfqyQD_huLIaX$M5a_qNs(wU6jI5MnIc0aNt6Z+ z@8`-|Yw!EM_x(Kke*Ssi=k1@p*ILxC>-v7r;W&@uI5)E4hf)mbd`vI1KRR_H9Y1jK zWQjVV82ucdkz30+O;|cQqPUIMkZ7vN3mW48tg>+j0|fSF<>cs;taWwD$1j^1`2a!< z#IlgZgRGUbbaZk^UxHZzy>DK~jrY~jm26Dguz555x$&H?E?qV_JF5azmZ=etpu$kE zp`D$$`jPC_@awPk)wS1P>&TA=kI(NeVs{Zy5Vb&XQo!wxRoHCxLYo12Q)DkV$TH<+ zRr|KWXhXCSfJ>=c>f*CXhCZ^_wCS6^ASGb-m`lNU+*ZbZCT3I5Ldp|nd&$XI`Cj6! zU6SpfQ3hX}tYfK!Poz7Wy$PdK0yU3)ialGw^*tbfGIi!F0yL3J#!UCRrf{DWhIp(Q z=9QP9PuMC~w({QPFJuU;MM!^qF;Nng<`Cf#P_3ml)+jXKeMJQhY#G>G@vSDSs2pn0 z)%r6;8DJVl-Gaj*P;bH0r<*~Z00nBUt*8&mx|Nj)e+7d6KxFxlrwHPJoU3{lbsNxj zLUzg8=o~EXq`&_^;g_=Rt5;7Sn_($`UOK`~^DPHOWi1EglyFeyKEHQQ7xG3~nYY+L z0AK3vtVsPiIWCq;4(z(aL!^e+fNKpLz`GBEATPY^!7j*|UH>l{RN`S#BD&lFSXJT>*+XN^Kg-7Km zIVjn{71^%=dzn!pIs*`mYW+^q<3SJJzFj(RUOr_JR)0a}Z+kCK(pRSa+q8A}lnE1r zYNfE1-4wrWM&VsJxR#?8q}(2as1o zWTiWhRb&%d%~6^g4vN7@&hIC1qO8%8r%xxb@ROl4iA%~D0b`eL$D@?O`&x#HqAHMb|xZ2z$n*u@-~A*J;XtkSPY=6vTMv-rHH z2Q5^6>c)M%mn=DS(El2u%*oiBJj6%#mrRb+uTfRTS@-gmk9&VYUqM8~h(#hx(p;;< zFaHHeN_0D2Fto#Ui%xrQF=Y$H7xquM@!$WS?Jm10hd~n3R*(MkZ=IO*E^T#(MhWo< z-P4&3PyH^u_`+O)a);Jr`DP}~;p107!b_+aZfmw-v)h@{)x-Z5x77WmbzQ%+E{XaS%lyj6o8@Jf$#`d10I_KQ!(|sf* z%RhW5eDOj-O!Vru&62~jRoB10j`EiI>`4Px77798Q}OJ%Gs-v#GCLR^+j0jIQ+9)_a8=BhBdab`Ent{gbAORUkja7zReb(TdR%N^FmtV7 zECs90uQWaE~ey0Hm+_T0v=lD@!gS`ipdPbsxwVxlYhJ+#nHx_9SJ zRK>Bgycp{=*TlsRx3^e_d3KqQTe)?b%BxYbvRSuo!PQDQd-fB&r5R1%I{f%7CNuZG z$i{BBsuv%9c5rL$^kFvHH|8Fb8uy~&dZ%z>8yg!?-qdBc_6!*;Y?c>8yJF%!Pn4FC zAgiF=kQs~-@as&^R_;p)dhFNs&@7pyvEs6|32CL8~TkYy)JpIA?e z{qewZ_RN5~o~gNwjRK2(#6%f47awl-=G3rQ*J)NP9=UdHi~j+<04NFu?0wuk-S0Ps znQQ!L?f!3Jkve3{e+8ZTNE8sUnC58()6XF>M{E@;6|0s{Q;4s@Z_}pVP;p+QEA(DM z?&ij*y?gi090stz!s)N0*+t*n$UGTN-CsbgJu^+fEsBjdy46&z)nRf6)jC(#PEb{S z@040oz$31EY9e!dNVYQ&hrWLI=D;jFk5t#zL#yPgxA`AjHJX7ilAhKk4BhL#ycoXM zykS_5q{xN=2QuG$znzre*;_2J@pn<%U4QhvL@*g;1l#I;H*RPxS$TaQ25A+}1hfTw+0M}y{$2Gy9 zvL;a_;MJ(mfZ6X$OOXK80a58XMEqB9b5`*dTtFBn=H=uB+}cn-@ZE&vXQ ziMqMFgVUkie2%1u45kw43L7tL_U>#OX)m;CWn%^a>8ngwK61<$9LI43gq>RvBjLzZ zc!B$}MimZpJH-alcLzpwt{)gs@13FaKR>`rh(D}lh^kr+t32=6)D)<4C=r+tgAxi_ zDGQ51a*@UlU8W+Z=SUPBojf~U(w~&ZfElnI6r6930v)VYosv!dBR~bsw>4YiAfF@I`u}McqVC61fVFO`W8m5L1!J-{wQp5@GeE3&}#> z`SHQzq@bWhHa4fQuf=ta5iNai8Z&}DDGAzfH|O^35uAH$!kR@mBEP9L`WHwig29uK z90h!5xYwd5Niw)RJd%Om@_FRMaKTHK0&N>Br@F84dbTh4XH{{;y*yLJMHp6b=Z~vz zowD@0h`iA>Dm0k@VVxrcc`dDv(5CPkIP+_ffQ+Wug(4HhRm9@S>(`23*Nocx7*{wO z@!#p|M4o!*p_L(|uxn5j=m@@4R&ud_fc?QGPO5lcZ4$dk@Cjya$%!Rkv*|wa^857b zS#uwa&z;t}dV|~n4&qSHrW@;5Y78(J_N!rqv?O!el9xTFUy@v?)Ti}cROstp`qz_> z@SJ(mK&dDbwwznk^Ed2PRna)4{;&FINR|0-IOkoY<8~otbQG52t)p~2&R~h6q;LVH zH;hXJsnuJ#3hZ|JqsKrmu||e;G~UsbJk9nymeRfy7C`t_9x-C?{e?Q?mk$`f3PhGI zM6*S+@7#gUF+iG;j_0R5$jq?_v#FWPzrtreLp(Q?a=Yb%h98& z&+|TWj18bJp9>Xe=suS+tLWJN21z)y&^v3C$A<@b;ggiH@;@~JZ%!7rHa9h$k?c2U z(6!Z%{M2&T%Wr3>t)L{Po43Bt`X89 zm))z<1>Ol?v|x{iAM<+a{Kx9yaakRg`Y2@R-~O7>F=Otb6LVkmcMEz|2QQ>w#GR7U z@pH$;7_=N0cVqkqFh=7?>8&$$M7C<4$eE91@5KLS^ZOYGsjXuA>`Haqz8s}S#aJ{`y;5prO%a-9@ zS&K*Xk9xM&uEe@wSY3wx*tI66rmj?7(zEw??cGZ|6^YlwqNtRE!vm%BOj3*-yd-9BN*1U8F0Ixl^*=E@Gqs+(NDY6Q!Ue`waU}4Jn^Ydilko`+4U7o+Hue_6(1~UgZ z+4=YGeRlUdrm_Hzt$FF9!*~qlpvL<3V<+6%mHUw@ zown-W%Rb7e1#YBGo`~xs?C{2)rie9HuVx%KcvJ74e_s^&>L#*1bFm){O(4TWVfS}p zhc3%h_x9;ry|t(MOC5$&kZ{C{Phpi}X1wRld!5(Y4}a<;Z?rnBx^!5dzp-5FTc)?9 z{zQu_1{jV+w9uFmRTETqZKvaCK%apV!`Cid`Yp)vLe7owdjUoBMU#}XZBs?^U%faa z>-OcC~_e}~(y?FtwKF=s5l zC0A4{v$_KYgB0<^ z^w@-i2-eK^??1wD`0C%6g6t@W{MjvWb?dK*8h1Iyvf_sR?^ozn17i6phvwTPLJlaK zx>BH^z<1fTY#J>#JF_n0I@2)v=AWf$y-;w-GWQ$W% zXeQ5o6{xRu70;@mL5b^rv%0Pwx%zg*E)}jiyjF9D=rExDdm4|&r;{0E+0#*>6LTl^ zY$GME{_s;h!*cc7CwNkzaBx2}K;6R?h1wct+V^(7`hEb%ZJdkMgr)BB;k9zVUs9`4 z(J^mZ_Tx1-r90{U4GaI~-q6?c%F3=~(sF?lurZj2Pl&&Br&O^2-K*2KFv3(Zh%?}S zr{d=lH;hFH6dyjwCf*yG`UzJw>;ur~Zw8#ri`}mre2Q&-@J%RbFx$d?_ieRn;ZIlq zYE!53c*6=x*|2#fH5IEo?Tu1gMvNb65fI0M(umi7_0Z6@DDK3mF$QjWfkN+^9=#wa$8T8E+j9Oxd}p(Lx{dJ`!|q48Ac=sT9%J^>jgJ zmY*LP5y}Ce)BYDs*(s@Q%)m9bF*!km!MbN!y~wH^?;=%(-(iBzLTwB@1;e}*D`bBx zh$&g4Su$L_SII9akL33j;subeU~**O1i-Wv-VEOR2i=2@GBFZ}E`Rt1UL~R{We*v%;3q$iG%NQ)9n(7m*A}LoqSo@;# zA;px0?_V_)0~zv^RvFOGw6fX(hyf6p?uGNo0Z?jb!0o6Kqy#zxH(W5ao9rYzV@AZ) z#j`vUcbs~q)d?_xe~q;hT)eDsKd&&l5R^6)ZyXM-89oEYuQG6VzlwH&3Iu5<)H%52 z3TtahbH{!(0_p>e0jt2-B1d3Q2Lwnj9QF7de{#}<3EZu5mOiFZ z0^IbQ>>9G_zooT~7w0D+*}*tgY2--nJMW=HZoyxwaL{LoHbV7;<@aZKYz3T-Nf`SO zfA@Q@Uj0hQZ24@zOj+h}w+?@Fry6Ieo#V4fze1lY3MjJD?M%j?LcsD`JDO=8n=#nn zI*aVtIHwrRu6Dms6}=xh{Si7mE+WEu=1jyC3hbmK`eEqp?Y&f8_viF8wc4^T`s)O} zTI?1jv&e3UpJZoS%sLP10v**}`r}Ukxa`(Qk5Qr`HB(3#umxXwX#e|o@?U?ls0SHq zskrzVj68}*rp8^&aA9%zUeJ{l z@3LDXbb0`!Tqq+9<6dpPaducN)|Qw$suN+V_p^c#BEDchNK`O1WbJbK&o75=jY|8( z!)GE06aVRxComEdPMnz8WV+87`$QF$M>#n$Nl6QbiEV8DqB6&KC9@J>31-k>LoDb5 zZ=qH_eD}_sxh13eODALW4>oW)6Gnl$yS- z@0=eXS9G6SJv{#CHH0lT>uhba4d4LL@l%4pJ|)UVgodWV58h)mZQ2m!sZ)O?6{rtl zpHY#wS-w>a1BxTWc-vRF~+xM|P!177xuOcThn_i`L96-(CJw4uy1-=xKSO zb_xvZJMTY!`h*Zk&mjVdJ)d4C?$B8?7RB!!x{WQ<k&1z2H9F+sPlXh%}-o3BzJaahV~j?uV_ds|xT%k(WSDA8{%XPYCVb9yMo z{a58ZTosNBl-c5pV=d+H-ho07u-aMjs;#$>-Jzp*uYW;(w~4=hNf`736n%cjvi%Zs z{Y%VF&GDU@t8LyP0kXZTcB83QhjK^98|%M(4f-!+Sz$xe7}E>e?;(&F#mX9U1A}4M zaKzASnVN?9`E}cSD;10$l$9W^>jR1e>u`@4r9=Q!efUVwQvrQrq*pSvfmC;D^9j~r zvJK!DTj4|}2llEJecnwAtrBZ$ei-u9LOIgN9PqhIb1vO&Gp{*_KxVl?6KWHW2zO8qksC+hI%d=s586WOD z{TfoWH0u!3ur8j~7bs0(%wj786BXQqUDB_gJUMc_0pl-T?zy-)ss8=zSUKDJE3*}U z;$Gdlowi#a)CT0bAX{dn2lGL1{`}*Z1_0!4iUX>ut84unn-Ja36q+Gpe_X*ngjGj_ z7gkj8SEjNt8O1RpNsQu+O-%=Ey0J$Y67?c2En8|@WIX!X+A~F`d$t_?lRwKeKtMX} z>@Krw31ee;lR>W~U6qG=aiC_PI4&TjCOT&u5a1_Di$2Rq2V)u;Bcf znN6NH&4U$)M0ow8GPy+XpYfy(y#1L0Y)tVJgNU_+Qx4fVJYU`IyR1euO~Ux`hkZ<3 znK4o5!7IMbCKT*tI4o2g!rxQg^B=%mm<+67SN$8z<%jV$;6}PrnK44NG&Ox*d2Kqy z?>4G9ih0RK?e?%gU?0lM8~y{{jXQmMc9s5}UVQ@pJUREiI79D&zR}FMm(DUIEUYE7 zwXPMmNOZS}9(sqeRI?d)a_z7XY^`c-afDRMxjsE-mJl)yd25MIR#Ri5id)1mFG710 zpN4t$PPhFM9o1j1zIr}DE!{P!_vNcJH%(?9R{CGxL8-GsnQ<>!rc zRS9u%M}vd8;M2Vxz+htjHm7Pl;2hE-fkukOa%YW^K)I@_&Tt3|^O39Er=NqTQBi@7 zV|x9W%Nw;wI&DPWFrU7XdCC!uU?AdXYLcA3HnrO zM`2MRT1_vpQ>qg~7rkrtdxi>*ugvxDZel+J+=AN{r1M&~m7P%;lm>Mz(B7G4q=1b8 zbvUpBX&Hu98?`~2a^`z7PQ@oASZ8>+X=vQ!(eW1XiXf9cj=v8|D|o$_n}^lUN%PMF z)q73;;sUf0aL?8D7KqTiVLn#y`kDCo z0cDA402kD}KR`&tl#;VDs&WYIIp&E=EX4DjX4-0LoIJQJ^-;*!WjDEds1|67V4S)q zZyWpvhaYT$>hj_8<5{1bWh+r5-u3nEI_h3;4bsnQ_K7DZE_1pu$EL5k(?}4@rsihS zx$*|d2jJH)U+VUFl)P=vBI!8K>ac$Ru$@NWW%nC^U0}cTx}KIy?+LY|akxTO@KOT~ ztiXeRmhv;0J#!yp_}~KhmXjgWgwv-}M`zF^!Vl9{%>7hZxnE4&T2gY{0VzTPvPo29*DdHsZOKx$x&0=FH-jkgt1g8CfH?lZwNLs$2=jUNJfyI!2UF`+SEuJ{8(6M6=o*prDdlzM|CWxs z%M67n6#}EY@Nf%KKBOh?dYPFdWj|0=)R0a_e0b*Ex@D)FyZI<&x8E^r*s!HcL_qpT zt;E4(Z-b=QV--^@SaUyIMh5#EglN&531^lGrn~Ff4`CdWH%+ol`*6s#s)d7F6WDII z`EDO6UncI-URe_klE{nyp$dRz15)2FvTI)Rt5H{FO;hGLH%JUCIc`fsfF zwy}wcVJj#%ON*f3254h$9>glEkdU&fD(YFCsyv%SJ{F~~oRUwdCc>J(Fxm>SfoUeP zZ_kT&-3>Q^Nh8NX5aDt^sAW(IhnVjEQ}{hJkg=tA^}cIEcKAP!C-**B_y*JqQt4*$ z40#FG;4IOHj!pNLoPOq$Jn-S8b^mme*8WsJG&)c^$E0zH>}ltO6{%GNx60e-e1D#@ z*Ym473_mHjxyV3Z_|xO?UO`_YBZdGe{GZ^ueeBW=4>f|2>v%EXn0RYJP;cQudmW_E zr!GMs?cO+UG{1QZTa*G!wan+u+i#`V?jJDjH!8K>8kS1T%!9)mtZ};yjv5LrMYSAe15YyWKgzH{C_7|dl zM|P76hX=q#@A0sq_1=|T{qF=`X{V4+O{9}W@%j>THjfuR=+Jl+Ym3s%4h&46f98p| z#!Is~J5O26R<8<#t+CbU#QoXL<3E7PmD!!{T>|*`wdf z&o^1P@HAEkG#{-k0(##nw#&_g)8xcWb#bZV>h}L<9CyB+-m9yd*7&RYBmW_#ty>(2 zXMahD?e)2j#~Tm6mT_3-vE9D@-=O0Z-@Lg~-IC~GNv?szf;8r2l?iLKR;^lPP~n~v z*ZZVN$lY0@^Nvq5Lx5nuZC5+TzI|GC-@}O@aZ+p)E`W5Y9${^6eoxcA{E-|%UEo_} zY#k*1p=}38bmvac4M-ZbP-Av)`;gQ~H%5k)K|U^O=l}%YH^) zQLMARcdbvNKF2#EbNLi}UvaGhp!P@q{~Ia1`QJ=7eOffGI$`{O zBk@mP|E_%>!4B!aaUwV#7pKUo52hhB&KBn8xEa3$zB50u6VA))qN3w1CA-yJhqBLY z1Ws&na$4k<@1A3uLQ5AYU) z^CPchtD>7R_23F?S+jN4AK&aEgz+c`Y*3_LCw`!CPXBxwfgy{eL3M z%Iq`IZ}NK>2RDx!OAOdGH#1`jK>aY4JXTL8m zpUmPWaw7annh6S9pKGpvTLD!5Ja4nlpXxNm@#TZxFll&B`;0b-Hu&(L5Up=YSLyNi zi9`6Hu-P-Zx8E)yS>{yE3LTeYmxTQbtU&t}D{823sKbX&+34-wSJzHY#_jzJjtC6>NkV{)pN=Q#uJb-|({bsoA$8c6HVG$8oX^8l5!Z!&Ci|t@`l8 zw+(NJJQ$>US85qd4!F*0Qu8U7p-&<0*VOFz!|-C2^!dNkV)v%@O;q_|nx{5$VONpu z#{71micNn5r6SokSA7>3Ni$imCdCPB_&>2A_zQ;p|L6aH>v{cDiwBn104)^BRqQNW zur}xJUA0Z0jhTk0$6}r=>@h4VQim}C7V7@Xv-OuX&dHLJIDh(zeXp)IOSH+xtX$Z& zY`+&x1c}l+xRDKKA3uB;nQX&@bL{1z-kRCktX%6!$|ScU0D8YYdm%k0slm1M&D7?=kb>JYvmOe&w88w?ZwK79s|dZ zR8-to)C!N7Df|kRo^6&6oI147G7?<{5A0*dmH@iNcfAcQcFt58Z&R<@Vd}>NYE&i0 zAq*47<7%+k$$4 zX>?NciJ*JLjx(P8?mwNT^UaFf5oT^`_-@N8G;HV`UR|!70T2r;zN(z@3kcoW*x0Ew zxL}V67z|&WLHq^N7@{X~nV3_junmO@cNwra)3y54g$wJeO9YcSnwYb-SFT*4VP_K6 zLmC0m5gycVuZa%N+0F8+_L=o?FYZ{`F<2HO1-S_lJ}7b#TYrYukKA6B9{EDwD!$}8 zG>_yB%$_Dt=}emBLhXeD_u<28Fl828k5N{Rs@t*Qpjha``O?-|CDXnASLR9TRt{6e zQc>jkkAhCGch?@-cH3vwf(SH$5mEouCq4X zhbE-R3<$PKb#()vMfu=w=_%vGb8=0j7`&HnmeLf>4;lAfxGNc3r`G-eg#-U#EEQOv zIJT#_jOt5;4}PX;ovW+&O`aVyc*Up1{4TD~Ydq6&AX;WBUAUlEFMp7O z2MViMQ2;8BpJjB!?*%SW_lsSMIel1&;piwO|K`eu(`ji(!{VMVly%s)_M`aDYK_Hb z_U{svo)~_fNkE2HiG7c~`yrx6Cp7NY)npyWqTPsH%I%16@&D{?X-O%=agjmA#9Cxk6if!nz zfK54bSHaNn>*g`WR2J?wBax#HAZ;(RwKZ9^=qY?r)Kt6r;q*5ivN^>Y<_&U}c^!NA z>|xazw6$SgV0&U3Af|naOX-A3s~kholLCNLSZMG}Tu|Ns+*h)T~LE<>kyvmfOk0LbpbRtBxF_-Ga9hH-&k?S?pkR0t+1 z1cEHle`+e5W6MDlR|RAZT2#28@vJGQ3%McVP`_*jC&DiEled%-?uPF@p{k zc6tQ>zzh-}^W_c>`@~A%-FFJFKQ|9J-!~rX!|N7z1y}I%7I*BD06GN+5$Nnng3iLw z(8tg3S9w%KS$3D`sdYemC0p18km=EI@$~6kjSTA4R^AtAh@2lH+tq}i4utQYKQ~vm z3@zT`vc@^#aID%`s}sQ*C&d=Tje9>V-5>TEjhKSMWNfbZNPQ$EG?i_3ES35qM~*>r zIsN$<{rd*K>wX9?SYF%e0_+ST^XK%sqSL{rwM1FlJj^SDFi|~yiKQjIweGyTXO*6- zgFx~=!Ke8gLa1Qv#EH#&o+R>JsEq{EErKVovx)9`YZv%w{1b1TVXL$ktvkP&fHgy} zd9bDD!0~0g)tUkbB?L>b6Bvh>svJ^uS%!lzwg}Z@^q;;CypX#1o)7}HJE->D{3iAC z<)1u55T^dcqVJa`3{!o%Mb740?b4L7lV>Yj&Hw%0zFsXyM+Bjy#AOfK?%=?{ABh7f zjw9zND+T{5$?g`QT|)!H=cL>1D_zsn;9Qeg+crA)1x`UX*tF>;dy}7`*@KGFjQbfU zFkEeeOuEVt|2xhbH%b)rWIcYzmtI4%o%9lp?T>B#7z`e_gP z<`Fc(x^# zV%~>H7%65OuKm_qYmvM5s-0EJprPo=lTD0Zz~N4-=Q70z4-6c>tq?lHRkt5@J@@{= zqs+&VY#G&0X)%B+uvz0fZmfG3Cxkz^g#hY7d73CIizG|C>GUmcv#K{w?7lk{kNWn0 z7|u!B+QJq&HgFqTSgc_qZD}dHehwZvA{XEB_6;0+k{90Xoycc)?N#zVlwVvrKnR{= z&xCioOqAfPJc=F5;e)_RnzQhT;04uU3E{MPbHB``r%x(9&x*JJlEK%*83=<04;@-; zv58-{OwW=gZ_=dT;}@yO&>Z=aspl6>t~IzugsSDe5C8VB`5CAR*pV@#6H_EyGO8uMK@zZ zg^Q!6nrrUcIZmeir{=L+&$_bq_wV-%4AjNpitG)759(o=o$?)*+d0I?FD~% zWPSj)cxi2Pah@RSLJx?Eb0ISuTxgys54cNkZ5RaCB_$kOl=O3vZ_=kWjCn(yUMK&5o%aK2?~(LHf79T+?eR zUxCM!o7`#pYi}DiejjrAE0iHH1Fk*7uE+5=;TjPHc|Qx(8_q<%KP|rZ7Sgir%^RSB z0J0{GRZlpI%z$xlA8~Q;ZL5}|YZcE~{_y2lLNRlwkXF+-{@OrA1D$vOib+IxH^%17<9RH|asKhJzV-xm~5&TAi-E@HmviQRZiD75)p zeFjx+MhXBrM1)(?sSFvz`t{#nh)ta`1(;F1Pagv8)iqUboE+H74aumLt&+x)7gK^V zDCr5?w+{?v6e-`&k4e1b{X5U@&{SSqdSfSC6~y9S-dvkBdbHlLOHfd&9SWKP7pSM= z8>TnX+VxmHp9mBYm|KJ~%bNnz7oX*z)N4b8S(#`ftm6 zt(`Gy)Mq|DwdR+Tm6`g$crl+S{TrM7S=Qf7IaF$tPac2J8 zqQ#BuhN4TS0)?~)GXtLq?z^mbda`I*2&pg5GF3%d`ebzUUDf~)iS6STn}lq9;cd*EBz z=yfkHYEhvPWEh^bzAA2Ej4d6Qv+Y;qr2Le)cUMJ3K1?XTaKlrX@r_dOX#7itykvSH zFs7aXaB&DnAA#igY5BtUy3(?sgP-U8zp z2F%y@?`OL_AOGT_d_{W^gJe-@>Y;tu0_*CUQ{!-2G8#X}(l7DwnY*2dit3|*kOaCs zmThpz1%iX%$aCh*$Tu21XneGScn@55Aq_Ydt7jKq;4`8Ky=8cM4wFQ93!~NN90~|H znUJucIiW_|hl&X<3TI1FTwDdWOq$xrO-#;qYn+5O2bBZYBS;un{UmHF34Q;%FZ-rx za#ZxBkEj&6(zj+vQc-=#DM$n*xPtPqtx13*LX!1ho39uD|rK?LYJr$>tRf(5J* z2%e%qNaifac_FVlgF}I_B2Zo#BRP@FX6W@+orb$b3A?JWp{fV8E~M7hBpi0k^kW{##vWlH4BMs zlX)Z5V16@UbN8d~lcH)UPI!PWY}y^wLUToYq)Xsn7^NyXTN$n_$6}8k`Pil* zrZ{oMV3-&rZWNiZl5(z(u~^tdj|Y~8LH|dy+Xkh)UqpTeu?w+l#H%0aQnY{GB}wP$ z4L2v8ytgJ={+acjA9Zeev$p0nF#N}$4DZPC%pgnOd}pBASFpvlFf)5Nbi$v<>3QK$ za3v@Kl>9DOLEr^S<*%gl6-Tb9jID%;S+j2736tUQg5`#?ywb+ey6e|pFc>+F8W(;t zMi_K7NWA)X5KtIownMkpJj7psCMExUby)%iqMz;`8-&B&>Lx`+#iu+mfISpeRfK-u ziiyF##6951*_(Xk>X9{17rHcGSH*|z&DKVKYe;SwIi)b z=1j-6Y=$F-F>W(<+%I;BS$J?RCkkH*yzW}6{XJ#y@@4PEZ3on zWcer}GKoQha^I~#ytCSM8dX2U(nzI}K_-nf{l*qv**2Xzb|mE2wKV^7Os@?J^Rc-< z8gUmwf=S@CRvtoUF|DtP`8sw?M1DnK8PB}~lIZ4*gJ2WLPP3cF&D`(?R&Mxx~*it4}JROrQ z7v|7#ME^x6k@Otv*)k9{Imx2}v<3VhJAarMbPoOeS>es#LenXICOO$S@#h&1QzR|Bm=mX)qYqogaA+4?n!PqQYj@du%g5XM#2!^x zaVS0?RREy8eDPxIw;P>}&tvX%BrI%-d(Em%+ukl7!2!W#9{7i&WGu^i5n3+|Pd&M$ zwy;~tPt~nZiHhc*U~5pBH#P!>qcU{sJAdrhzqkOduFK^F5 zF`FGTaObI?nsIL{+szplJpOz%1z3b?nTa$LvnP2%IN1-jhxEeX^_75uO;2CHKFXl? z)2Fi=N33NKs}lMJVX1GoE!O2prg1Ah&z-P1#cyVOmmwc28LlK20l+}#lH%{B*(ALH zvy!a!YaxwH$I%5K1V}PEFBbXPYf=xFQQk|K%tE&&MRVZ_Qy?qx#n}dAa-=nf(ygzb zhgaYO4x@>QE#AJU))EpN*R0{7veAbx#>I!HI6z54mG7HwBO=Gp+$iSol%b&oDxapz zRqTh<(G^A+Gh}Hmg3=5YHcbB(5kCf8rywY{!HkRRy zaE(Il>l;Op>)n>S@7ZskV>oXT^k>Ep_;}HPm6KxcZy3)D1Q7x{+cS@aBu1^kdc8F$ z3kv;ZnjcF{cyPe#*^3vcxXZTm(3c6I*@wNLe~db2!?tnYYXTGgvV#ua`2PK~34Wgq zRJA}Ni4tC7Z1!t$?$5gd3+@TIWH9(g5oXlsyw19@TUduXdeo@0xks3ID+T6|P$i~1kS6Yi(tH_tm`%M9X1l8;^>#*n($Td`!$qzblcEAF<)! z@p>KP08!G>B+uIQ2mBsF%pI6iAo7G`Qt0k^&y)@b5AAQy6-;Bo4xY`)8by4H$ejLp_Ybqdl+zFr z`D2BS79t`ET`o;=fLF;_K=>gw7RUi?Y`z~FaqRRTZ}FxdrDS|`@PS$Wx6MW!8KQ<6 z#*Pkz0J0e6M&xlngVa;<3PyKu+hJFV3jY~v*V|cH4{}4pzZ|AA+Msq6B%7Bvs^zPi zePJ|o*+z3gE&>*Wf%>^ybH?B8!FCV*7{f=5$+GuA)D5LO0JVaHQ`s9o9&7fn#JpvtH+ZrC*rJ#$q#qe%)+9zptY%h zD_6c0y51dTt$i1B25MGJy;yzjS z4Y)T&uoHzTgX64+y0v_uVaoQxnwzzI?wQt#5trt!Mi)SZO$tRkaB5IO8mPs>HNHK$ zaoKLIhtIC0zZvEQ&3~g~p7Fhcf)v&aQkO-}EZ4wQG!#y3pFXGSLnat1-!FWAe&wBw zhJ!`MoS*UQDz8bmUG%$^Uf7pAu?>otZ`hyA0RcS+yx4)K|xj(&lo z-I_H-?*)BF+tQO#G90@s?Y^emSFT>Y_t9yBb-%dzR-mm$t?c{7 zrwE3r5Og*%l%{AP2cC_LY_70wMSJrcFRt`_Kp-+O!!V}`=Giktps#wJzYHqb;*-K%4xPDB0XX@?X3iAVt}``^q7m_l*wTs zH{u{iWnq89m_W(AjsBGk;R}-avvMkb0+eF(n^WaoBML@%8O+Y4TB9y${Pu44ra6ne zvr7OFH0RF6aW<-rE`9$uF6BG?1nmNEsf#qV-(n9Xvtw$Djg9Yq{Lbm5;$Ty^cec%E zbt9C(mP$ia?ermTF+qchW)sH>tFe@7WKK>!4V2(fQq^SGeW8KD1@^lVuep49-!MSH zUf0almp{p7W;4Zp%sf<7+`%i8`k#w`1Q%0MN{VdaA>hs~UstSLDO?2d_t~P!r_}?r zS1eoBd+=aZN}IXW$E4QNb#WiH=2a+tzLDyYi;113F0P=R^g; zZ542Bq(sq`4ZEz4h4maqo%^`s&!>;7;6N`%$K^VWIR2izkhre6Zdx&$`qfEuijhP&rfTf^qO_+=8IB}fzFfke2@Kzk5?14c-^~$igW5B zOV0@Nx&!UzU5>j?%b!>H`2t-oae5_sI^Z2j0+s}E(ntuCw>FONJ8a@a0o( zc&P7r1qH=vZb^?8ju)gV9oygF5}*L0;vi>7%TIOoWr8y+-9w%rHFBhOxuoiz8kqU4 z=3u=lR;m&aExr2buzEDRUiG)jiX>``I;heevg5$DJb<9Aihoqd}4}p*ykgW#eGvPGnU=j zL&puhl|oTK&gA9KrN&Qj6SQ>99Z0T#>+4=7m%kVnee967EJwRf*WESF?u8cZq7}-c zU9|8~nkFwlM=2Qo|LyGThv!QP>2!Wv8r)k992Es4x01n^h0!KH79c`PD$`@X@17+2 z!|b+YsR3hBMi$?x_#+<&rcPWQKWThSm(bNt&9>^ETg(?X#9?2GpZ24nF)rJ_pyI3E zRJ3Ht2F!oCh7v=st#x#a!lz<=?&r8}OucXG=<8eJ+!1>~tEv=>)qZ{vYaXS}r!_=J zfL3oE$K;LpI1$&?>s#83)Qq2Yvt9arunxwBQ)Yo`aKy=`CXdGb z&qcmXxz*53Qjs zXne6M9S6Tt`-Wa#H8I*I`eqk zJCAA1q++DJ_T(fwrKUYTfjhTTs^x+ORV*Y1u9Zo*w6@N?bm_^B8#_KuP`cU?_Qg`3iS@RULM8A&Z^u}Dw36ZH^TN87nt}Y1 zS1i8*M^B$NZA#@DJfy@m7`yTXYy+D`V@y>0($doK&`|tjxK}h6%%(?ApV?jn7m$N{ZY{2WPJv#J8SV^<(kgd4L3@HKICK`)krWP=3(WHje-I$0;E0)+k(%S9nIcHI6 zT0MVXUxtiebbEUarWl12MPPa3kRiOJ;!CxU^XT>P{S$9trq!q6~8tr z3pOC(5psIyQoPz4_U`2ROqn+O*zCzHi^kTH?~KzbHsSkl1ZAR^EfVd_hdSZ%z^KuK zxpP8B<2f#!Z=hgZh78eg{|F6jbdd~HAPMkxVuohN^bBXT7f~PxVq${&_}@8gvD8=f z@^p{-3sDO@i6r=N^67kbbg(zl}M33s2!Pthd=7bxy*jEkNt3XONC6)OS7H5`_JFl;Om9n8m#*u z6)rI|(@~bh7MY{6t*Lshdk#%fSx*Z}Y)hp~9Puz3T(V@a^amQ053Qeux7$9+j53t` z|06!zfQy1gk>EVP*ZIOnk9h3@SbBD32Y#8fIaA6nU|MR2DGx59=}sTJN>fBj6PI8c z`p#Iq($;p2RoZhrBsaW%&)bRdT%jV_klCO;l2HWMV83QV`M`&h7_Lfy)G7AUlNE=( z0cxF=k%9h`5-&779C5wrhT(tyUS(%)$p>h&wMaWZW}Yb8xHY(Fj~Qdq{RcB}kD7;b zVRHEno;dKyvW024K5>0YOXqrWpI%>HYvB^vPQ<;>rzxcXNw8PiwQKj=Ko5Tu1w}=m zrY&Y>p*F5<*Pq|+-~B2O>IV9;gelNX_$r7Bth=CqW#7vCM^Da}A2vP)q1A}fHNNSq z%T01H42GtG;)V)S*|Q42+R2ksL0FlIJzOyr&v~E~i%a%>oyQ*DmT)pB;PH~VZ@S@u z)%>ft^>}D#0|9)oxDY^Gw?==x09=dZTdvVNWV<;2^-)YE|p7^g2BR9Jzs;1C}naBrB;l}3db>9L1X)l zUc`KwH68O5`;Cy7N4a+<%H>|^4=ixBo0S8!A>;f>RCxR=a+TAEjk$(VUFa1K9z4j+ z-uRr4I&;(B{bK(Z!)eL<^B8VM!lW_jVPjQPSdy`F{`><5BMTos#DAink0!+|@$1dS ztrTOl8$Bke@JJ~YArHp%xl(sT9fwWoNlbZNUDf>WbnDd%=@)-bd1ckVOhIh}wz>0D zq=fml$eW$b=Z1^4zQJ4+X}q@Vxi&gnF%S&Zt3cL0@XQ)&Fc{f3z=p+x0~Xs+lTcLB zAqbY$#P{DbGaiQZ{USMW9j-IO1D4tZuy$5Lg1sPC_v3|k<-Vh}N{A~3Olc7E6NR@S zaG@NCagMl=n>$)Y<|bx(16SCtSrbkRE-sF_%bZRFK*ez$6;gp{3|R$b`MrCGazA<< zWW+)?FuIXtGfr9-ClKgpHMjred}_hgk6*q>VNxV&c5#Icf;3Q0Tr#(E2BV`#PUzG6 z>5L0*fzW6evl4U$N@u|e#+3paI{vSfjq4 zByKPgFn&4(zUfb0U=jX4AiQx&c5AKBy0I8EdH{N6sARDbFRPr!F*oEgV?4`d-2pU z9Vx-yE*VBN2qVz_fbE41=Us`;n!r9ck+|h9;?N{&K%h1q*f=>KZpvL>>W-cCe zg!K?8L)8=%$|)V#@M}Nk%YI!)+Ixm)%q-z=;k$rU3_Y*)iIj;bJCQ%4yE&IKM>Hot zpBf1Wjjjb0wzdAw3=qwkbygwHvm?ncw663O(|=}-40pkGJLdSxF=7@sam^d`Ay7~7U zgUtkjDC!Wk&_BZG4( z9pQ^YwF2}l^r$JDr>88fDJxE6Om-ISDAWjhbTqG)Kp3IM;5Tkz*;Wld{}KfyZkV@z#KL;#9q13 z7KBcPw~W8)vSR7dnY;0N@BlI3LxCTkJh?1Iwjq^0Kzflzqbl=vU8Yk{f3Is^B)-RB;-x7;Z3^nqLNG&MDmi0u_7a|~Hl+1hGVdZ&88uK(cV#;OmF zvZypo9_Fy`tlDe@|)zln{ z(i*62s6`iBt^?Izwnbfx1(YK8ZaKpGv3b0|!j!NNecUpsYbr~RZp8owtBhl`TW z5?iaPJioo26=}FOJ)vgA{G+a)Bmo`@Q=C$d4m>x7V(znGIwzE&u;chFB~|~vo;{r1NSg6 zpy;B3(jVmV-gV(bwvK5@yJcr%qagupGMXJdBPH&$B?H0?^5{4mZ%IRVQcS6UF^c;w z!;YO+th`>nbm<9+eM4SGwd8p@n!77df(aowCK>tHh6dQ^09FYSu8dcFm&=2;;(5pV z3!@8|gW=UYc<`9uT>OKCHKbVdd3v@or#fY}ZmjC~@y21*O*DVHF8j~U3!fuun72T; zYIHO8I)63t;6{bq6;R|RL7f4ghmYGwgF1N2x`Fy~{|SO;)}-5R%DjMk-&vGOaYMu| zWHTnD0&i~vRrTKwXI_l;J&G!7 z;&$7M^|vKq0!nRsl}y%y+721Qc<=sI2M6V?Pzg1foeJN~cmL|1dsUGNQ|`{#l60!> zNCpFnh(R8U*xruI$kL@tSr8=cb>}^cere~8OoIKK_F2fq@My z4)qA-z?|sB0DJd$Dn^o{|H%9Js<2RVMy0^IK2esS&_h(ZM(p%_!}s@&Z#CXyFScfN z^NTtf;e}mi7L<$$&?Z#V(1Etb4mffC{Qe0das)?%{^ zBCD`r8fSSXUKHrZE99Py$}QWyJbQbp2S7GuNx3)p__>I-4&+UXgFkrM3OhSCAg#c_ z4Dx=6itRl{4uajlfaFuBAaWPr3`HrAbfmcavesYVFm^0xOBEIMH=G9xW~!9_>+3aK zScEqI!qRrNR`S_nF`2AN`*8sAFFw_j+H4w#{%DhUg(Wi>?}AEWT?M>R|17gbYmzNc z6-AcmUx@L~#L*hwM14SC!o0AO;Y!myJ+g}}#$rxR-$9QBsx@ItU?XXU5;l2)IV#7vX zH5C=X`Vn$D+;_(Le@w6JIAO324gk#t2Tv85H!i^onf*__VXDH2nqYqzHi+Bz6$@T3 z@la}u>b|CmEwHjC;_AM#bl);HC*z=plqY#1xq^WaKMj`sGrA{~bBQ*)8z&2aDE*bS z;|0X!0s&ve)_3NxD_iQ;Q5PUcNT`u&rBnoAB?UoT#;0JR{geqB-fiYqz|D&oUr@Y* z6|7n{a>ATkwz$EcaDiZ^s=9@T0I3J7mI*mmO5*W%W;64~Hkh^K{rmFjCHnVHz7!E@ zKUPO`mN9ErskMhpT6gqs$anqEFJ|^4Lz;(-@O`AZ_%H-Z4~kV1Ai%P2W_9M|a=dnN z;f)01V;&PT4>~pZodLR^rp&3Xmx__8K**?JGBKTs2vxP}tAat49wSn=fT$$cFLoUA1oA*^KXaLS$~+ zI&-E-x~5Ko;?_S%;54oryw#45Ga$g&*p%pnJl$DP3S(|8T>i%mON`HYpY%|m)#Mzl zb8xU^fk#P)<#}^^I!ms0DpW{6?MPvdNY}UAMkp5v;{C^%uduP9pGl&pqsktYQQV7H zC32!p`!Ddc4Sn2x_W1IpeXo0VBGS|A#NYlu*pw@L-~U^_uIp8|iae@#{{G!3{aoQg O>uAl_jMrGY^Zx-5BoH?M literal 0 HcmV?d00001 diff --git a/website/content/docs/v0.5/Getting Started/images/sidero-cluster-up.png b/website/content/docs/v0.5/Getting Started/images/sidero-cluster-up.png new file mode 100644 index 0000000000000000000000000000000000000000..0eb0ae5b6cc90e263ec7a655e2ea4c3d81b01d5a GIT binary patch literal 73620 zcmc$`c{r7C+cvyNND)GVF(guCsLWGlG9^=_WGp1flqph%B4murBtyv*iUu;2xlv@E zWlpB}_Eo?8d7k$fzVCbAf8Oifwx8|JvevrJ^Ei)VKlXh;u3#N46>6$IR0INnT1{0^ zk3b;1MIewEQIg_cl#g$Xzz=c@4HZSg2JwF>FS4Tu1P+3lqP)I);$)JC+zyp*FZcJ! zykVrJWDDw|3gIC2SJoZp|43@EIi&I8zTSM>l1!x!X%CIa=n|-YzV%cnNntRwKh%F> zR#8cbR*~$LAMdXD-$K)6CpN_&H1_|zw%*xoV>28-;$iLT>gLMiN3)Gh%DwB^W!CWX zhj(ow4|sJJKeE1^bCnWxpE)ZlTm8Ur^WT3Y{!T{WUgf@>G`DszF_m7O`1JPe+k&hk zM~?iQofUWL_0!>)CaQyq* zw{LfLb`HIZ{gvV9>^HFc?*|OO7&f17d>hVQeZDTNx3~BDCJLVY`&U<1^xoIj)L6cc z6B-{MceXuiV{`1{!|6 ztxWp*`dwAttB1x_lAk?$R$5vb&2OmA@;Enl6G8OYvFgo985aXR+-QRpi>#YGznSPL zwawn8E#ZbVa}Lm{-=;4sWoGH1DkU))*ccDRUWXZ@PbMV`btofglje zykp0}$jIkUpU4SMo<8lLUyg`~u(GnUq`!D^;^D)G>%UhG4Gpt1Gm~U}A25uKj?TDC zZQs7#%4#Tdryy2T_S&N6^Ji*NJSP&x+TOp^wbnh%U(q2 z-K3w$v@8G;pcLU=#d)>^%}NloxGF0zilfB)94TUW#qMQoaDYHLXd!XhGHNJoE^?Rknou}Pm)9XH`_0^sYn%%+~IXQe>T*ucs^3qkpFWA|=atLlI zer7u5yRq8y<;$1)dQ}aLcZQG8sAVXrReb zh}s_&8QImpJ~i+G}YBfvv2fa@@|=))p&lM`32x?e9;@&d$Cfo_#WY~w9*w_RfFgfs- z=kG02rnQ^B?HFL2-%7V?V6o|+ym0*On>XiI7k`k+vxqxePIZ;vym^yhN2HsTfPldA z@^WfwYQNqAH>(%de%-9JKU#^M8UK)zQJj+Uva5?_YR{fMI6{@><*&@npC9n|_ka0P z?uO&+>}*i@xxq^Qfm!$X`1nCbC#RXdH@6zhiktO|Bj5JE3fSWRq^xXOUp=#Ha&mHQ zZO!NR3JIZVWt^WaoFe>wd^{bQkYzpXv(<+E$t;qtnkP=&@oBbAqI+2>jGZFLDJZ;7 z6u*MwDj=|5`@y73uMEOH|8!Yo<>(hbT^lQ_&2Bg|wQgz>)Z61eefhF$s`J~o&}^k| z>W&xd^XL@LapY3#wW*ubR7HPzNleP*0n0C!KJU4$q@*Nb{XS08Z3@x(duc?Ee>7HueUsK&?9|vX!>YUOG3JS8avb2+BoNyX5pFW*KfH{>RH9vjY-rP(x zMZ+p_ufg(xjCVzDZQG4EeIGu5j;g$K=Z>eRCl*fMCF>2o^Mwl+KIIuB>3^DK^0z3* zH~2N(LqWjFUB~{O zkeI^Rq$SS1CUb7yo5IAron7Vz^N$}t2!y$;K&nA)jx$wWe8fhNw4-BVuN8I(;iX} zs;jGGV-1arjF2mbo9=6_qELI7Zpf`PMBeEL}4GnuUZIkRcX(@3^E8V8g96$bMbaZrSX^HP-*30*H zG1taF@UexDjE>e@7o9dS5iqaP46z-)-5O8hm*4xpVc2_$XLg3(RgqC{-qMm)?MW-$)_}-sl-o~5k5XKF+Vr=;p4|XPJV`WN;3;% z9l3^&kp{z&lb<}%@%kvAAkO7-bJw0dNE9Ob_64p*-l1x2Y;;=WxZzbzl}gVXBA1mv zSV|tfM=jJQ-a#kJpqHaDm*VVQ{BcKTHA?u-7dS>(UJ`_d1{!9}yg^XCO*a=ey!D>zHYQ8Qxlw9(Pg z7e5zVb#p5#Df#*9*9P)mL)!%mT2jyQCR?%$t{7zeb8=*f^**U+HY&h~!D z*}>jk=J&!$rqF!?hXe(81}k=CohT|TWs~+4t^L_^`_7&HT8VM-@#Xekp8~Ax*spcB zddJ-y5yt!sI(mA55aA0Scu@&}Z0_E@ixV(6!0S?uB{|3x`s(b%+}t9gJguE#dnsSn z)!BS`at`V0o|u3eLVGW2EelQEt5>O)daCp%3FR(hk(HIJNRD6aU5$+5Vq;@*5Irs_ z?>kES z7BMG+%+f9UFHicA2Z3Rd#jgx^WNT|DipdMGkcvAG1_cKjF*v~9%t39 zLDsZQu3WjIrq(e2F}LA}crmA)vT?v3JRtYj$FK+jaExR)%8D z>$~&v4ie-%Jy(!mt+JH9g=8JE{G@6kmHv$bF`$%}cK%g}ANOx2&yO9B z*W~BVmA_|GkuRn(WJ-e_%2@v)Sqcs!hSc!I$0KZhb=; zE5G*3QB6%PcAe9Y4$(nE;Ha`_tlL)luN+sWy#M0iGv&^KrlfQoe5f8+;!Bq<`OXan z-@N(u<@HVFrc*%I-%HO-^CQFn8(D4ieG<=J{9ET3G|)z&Jg{(^&lI+p*PAIm#8@)l=58k!@s3y6qZLA9Kz4`Y?Yd(-%) zZWR&{`S#+P8?bbSS`=z>!$9@g+}8U|4`hAUOD=vU5Z2e%Lzxa$0F$?8YV>VEhWgmv zPA}+=Q&|_rdeXG^PqFq;SsKrM3@}@V_~0U@u}U{VkH90xj)eyWIXOGiQw5GRCk@Om zw>*&M(q5dKOOUvFVPpMwph6#BSyWWCb?a6Vf~mkU9-gcY`s@?;4Njj9eLN{0EUKXZ zOn4O80%w{$;4gJ&`F&jg0zywu&%0&c_@&EpX=f!|d#1=)wF(btjA0ghIF{yQZ;j{hzxdcTq;U&sAA zK=>MWZJV72N&T0HIXOZ{kKSz9dB|h|jSeyy!7nFg?8mpVhQzi{Mo-SZ!WTelLwbLP zvM@SoYj@0gqk_K@X*fGO8zrf@NLos&`GNFBMC;g?no0bhd~ROpO1=J@iGWVoZQw06 z;OJ~I`X#sN@6iq-e*l#XkHYce-#R-jEG&B6M>|U{Ui&qbbokus)Z?Hhl6_XjdVDut z0A0DyEzghO@4CNyp(NPa+jBqu4A6?N#46ac)cF0p%LO%pT(XR}yVQ5IknX)NN!&9Y zJ`8$w_N6YL36=b}@~WzJgc^X}!9$0R96kC#=sXd;Jggy?7{Nx%x8Vq)5TQn`{r>Iy z`{!qYuZl7m#*s9m2FkTtlP>&x&>64p-Ij8mzE3`0I%!vw-v zq=)J04P@8%?=>S-EzuO- zW^6&9l{E=fdj02TbHE=qHnweVH>_m=CPm`k15{u`(d{2OBF@r`Qnc^E!*hQQ_E=DO zcnhF+gUScgcAUQX+1cxrnmi{pG(w*bzuxiCCJa#(K#Z#O`Q!~L-*uL-b+!6FL6go? zC~s+x9}8Zd*G$F-#6(BGDt8SbKc^;DGq^C5uV#-WBh~e zBqZ$Fv113pFEFqcONns)Vqg07>C=b^l(6s$lZQIIUJIji_nTr|Usq2x0vZ7zJ%8~+ z@`r18cQ*;a1_=f^9$ivN$q^|UZ2>+$AyH9LAt4l3WCO3o$@m&>jlVdXeit({0;#*& z*LuV42Ats*+n!|?F%Xz~;x z%jX6P@4AhoaLUk7L$c4@&Fa8`12)Zx9=}(9KGaQ@crf1AcNst&^b=A`X-SEPr|0W| zC*cK%%}0-%ot&POl)S(feitiX22-=UJCA3)#!(|I=fh0R@SHG&_KkGJ=W;v2ShhFCf}N-})w z?&!U0Cr?IUi*Bn0`aj9&s<*cievv|%FOg|8+4VwqKS`&-C|gb)$7w2wqlm2C+sN-X zl|Fd_B!jEpNes!?!NCCyl-U7YL&Ia7oc>MLQANsH zGZX$)*7-9hb#;YK-^NQW=hSrVeWvk!BT>d%LR8cRumdYR`|DRref{AhM>35Bs-FHL zP->70$+}WSSDGGh{nXaBg_3d?FcPxFLv5vrM-+?;u7P9@Y6%=ByF0folz4ug)ZF+Q zQoN_3m@!Rde7A%HA9$In&%#HK;+EYPMs=@VJ@TACHz$Wq+kf#AN(34YSJzT7NKdWa zIevf6cjDMk*e%rI2MGzC+1l*0B?oV9+ntt^qgD{-f%>5o$|PUXyW_|gH|+$`;3n%0 zV)yBvir=4culc;+&e1W(;ppE4$54N1W$&O7nN0e}wl+FhV?)ET{QMtSw?VoHReda& ziAja;#yWBxA2;_6(~SVCrN#ms+88ndI$$oD1qF@0wvxWU?>#=NhoTzt9zX7RYNY{& z zxwB{!rW5o@W_!!MS^v}7 zu4-RjMa3G_kUsNCiNLR8ZD>xGR#rk}Gnr+)mXKO%Y|OjLuTUhMIeBs(OpGFi@wLjvLwzgT(-A_GUI{t-=FG1^c$a`X`-Ysldk90$Xfun6)B7ZJ%rnC6^ zHphyO%vlDd2Zo*jyhbHSHq~w}QWPo&U-n_Z$;!?9;0-(NIz$HXwzdfTFW0_?25MqUJwfimg6G;?lgdk0z(5aT37x)1eW zy1VihknpP`38?RPZr`S1llt;eZzkGI9``~^i9i0;p)K1KFH(mTi!aF;VT;}lun+_+ zHd;mFoMT9l2&c`dQy;&-xR(3q5tty+g9j0Ss%x_4=#lsJ(Sbog^^V$4Nk+Pqex;b9 zt&u>W6hv#S*GAPOX=US=Cz!LVvpMNgP#VQvdg=DlWUS1{xLnG&{T?@?0%xFKLkI-# zzO8R!iWieJgPeqA0A3Gm%#sqYqwXF-hr<4Gz~2eqZ|=K;FWnkR!o1qTkE z6Yv}B+i;oLgo?q=MzI;(Jt&A(6zr*<>g1Rh@{O`@hXU0DLJ(mA!M;?0Btba*dhP0JLBUQc%rt%{`Qll zIwmT5&)rbDFc1XE;LuP*V%?wZ|67j#X~6yue|+EW`Ez^-3{YvwKLp~dvlYrC8~ktT z?*MTvZQt$X?H#Ca?ibT5OJNaV;R_cp#tNE;i8Z}^c@_*mP^bI)n#ZpLauk6V829WU z0(;xGG{=@@u2+qX7r?II_z0R;0eWAsx1U5}`(COS$EH9teLo>#Woe1nYj?lvd-fWo z*Db1Gu|@iDZ!4!=FBCMmmUH{anruXmb z3wG-kR9E}fed|S$0jzkCW6apup^c|yMzSX4`3vdBLW{HV2(4rbo7?+vLN9Hf5cBvhNzXOG^*mzpZwEe?P>wKPW&SID_Cf zJZv2}N`_Vqq(Y3pu&?hj^a`XCx4ze#=jv~4+2Jn5*1sso#~1wEgO;84iBTT5CRzGg zOx-}vqese$ir{^lJ)NeS>L zjy*Q?ph%gt-Qtom}{2cF8gr#|@CCiG22uPqgNs=Nn zq=>u1G|+#Bw1Tzm!|os666;EX&>~z+9x6B}?O1-hEiUY=#^Sc12kh6=RLXa0j?~oE zz3b*fIfDR{k?|pa&s7q1Hx5rOnzbf zqXws%y!`d>aP92!J0LZdW(OJ@H?CQqb9B_Ay%80)qwAEO9=&fvDM&qtMiG_F#~dNk za+OaE3?LQ?3x%RhK=#p+opW%YCY%+HuXO!!fS31d(O3Np+twqTEquJZqmK;ep|#=C z)!kA*7ooZRKSbl0Ty13g^T!1RK7;jizP=k;SB9O-$>ae{In`rhL~gx7kaN40Id&hA z;WbR$*EVz@OrW+%Q8F!Eq{6h=ckG|FA?vo~UuoSfa<=AG%;fHjpDp_C6X{*sBYj`+ zUvYJPAby4C`G@G(Sau1QhhS&9>E(06!f3+l=4WQW-&MKKS~xq;VJlMV{|Bw`Wfg=% zVEy|uWUAOK2zPEh-YOzCWatIHJ+<1J+_HV^)@#U97cLyogenuClys=5YiY^d&CTr@ z^@yycjm`f3`=hq(JZRKAI{FYWuC&LHl9rYue3>+_@E*YDl3ZChS`{%=5)1}GeJyD?B)K}(fZ3*uR7S; zKJ#8ZO7MF(^!?f8H=rLMY0Yo?mlvS6b_nqyoau7m#!b(1v`G&hJZNic(|@}8sTX%g zKv2E>H4^Gh0~asFx&Zx^#Q#>>jZw=!w2k?wrkNRQK03jxNWv(5xw*MWVZ2&r07mJ1 z@%+XAs6zC-VJcax75>s+q*Y~UgnzPr`X=wDJa zg-xG{vGMHkT77-})2G65EN!2?-Op-NZEa;4YV6BbriRec6T4)PVOttRb_?CcTQ5ux~r&yULr3ymvX9W*s>qXkn? zAYFc&Qe5oPc#n_t`q{}Zg>-auUNRextJfj*Ue}9b^pMTZ&7Bw=beS7egNWJI+6v`5 zQOe_~4zKBR_sgcHrt0dAJI%f1GZ80CDJdx$u>wib*N*ZMub`HZDDh**j>X2r6oBMH zmGhG6X=w?6AH!oSNFYFX6S8WAgnuv04ie1{dU~L;n1jZVfCc;4BU=lL!osxl^dc)N zJT*1nBf*0AIA;GvZkA*VYkq6Qar83ccI_D;Y@aqA-^0wDWBVndzuzK4m0`z@^OlwX zOcK`?Cjrs!c1sXr2#Zi3!G+>nAApa8C^sm;(laqW{@ToC5PHhXy)b9QNn9OY{P7JL z`ctLbr2~2rN2n+%>zkU)o}49#YIxs7ynfHtvGZNn*KCvQZ2(lHr>CH_kFryRl25|9 z^^9CVDI+U;+ic2vnf+)$>jvay=a$#d0*9U^oKq|QMQjFos;B$=iJ6Gl4~dJH4}?yk z2v34KYD-f>Bb;lH-~Rb?c4QG53(W|Ki9vxA8fp30c@0x_CL=6M(+kFL^ZqYE)NSA# zz$VhVyCG$@V*7Uch6g0wvK_mJ+RN|jun5-`qPKq+b7-~i7Q4*qWD)2?)bY^jtJ6a3 z9){NE&ZVZMMJ6Xh=rkj|M0Eneq^YhF#v%?4W~?Lo4Gjc30e=3Aqphhkg|^qOT{AOF zQsu_71O){l$f}T%#fR>31kKDiL2?04u!$fgEp1-qWo&AyDQgpttWk}g3G7v4G(S2$ z+#uF|8~Jf=`qX!UO3{mA1H~#IV2=aGgNF_M!^|3DrNHl_9Uf?=pB- z6C!?Qrczkh4C)4w zy}p$?_-_0@=8?z|v|Ge_aAd^1+&L3Wo<__;62e`RC>?cn=Fa)g=yUcV=cruzHQ2Ff;y5q)py> zkmI>r-QVmpS`S9^fs}`{iAm=lG7$x2d}&5ukL@%w*xEgNZr-{DE$Iau8oa!=$l*{1 zcCv@ny?u**ke2WSGD==v9;!ETu(ow`|Ci2Anq7zG*2c(LHT24q>zsQel1jNQR~XtH zSdZTB!mOyl*Z!td;r}g?07szJ&Rq2ds<5?v7$3hoPeFUG#q8_93ENRgNoM-`+^Hd< zp&C|J`^4?@A3uJamsea=6!ql1u5KIXbrJ&PkHOGTIFOLwz_o~#qJJhz-KxJj8jNXr zTUB@&^bQ*Cfz-VQRzjR53?_v~k1oU-+&b>JNV-Qwr4E@aYUj~l#)i=^9=$KGL-ja( zkAzTmsmIaI?y`$ZhBJ&9*mgMp$^d_VFasYy7On%D0L^-?E;=xUGSbmS+`W4kJXKt9 zY3U-Gx|Sr#SeQA6ocC+SJ-P7l5zHJRk13sp-^T+kEKK*vBGR6m6QSvH!`jmx*rAF{jP(Au;rz%q?Cnw}qDFsiGL#!|uKnCI-7jv8H!aLRH>7v8G zaz%vY)>W?pRD+t9mhA+N*|+TZjI6B@0gI%pr`u-fShtf}4sQEnCmsQ@W02T_;>5_1_i_cJMAWk*-A9ZJup0 zGro9{9~k4;uU~U>R9m;^=H+!g_Ye^mk^|O%{TddpSSj;Ur%s(deVS9!nXp&rH&Q{) z$!suC#%OtKYxnW+++=8bZ|uk$^No*$gajEA+mG&{)e#KrG*douCLrrcV`IJ(>UGT$ z5)$;e_R_xV&j-HIE7=AHvDBknlMwpFbu7UT54u7;bas9k5U^?O`CegRy^|-efTsi3 z0d)x4FqAZTd3m5{OZw|_9JG`mJ5iit1k6BC`G{rEQU&4_UNYu}hQEk@B%TxC`p|ty zXal?@Co(VeztZ9brcgtRtOWlM4@|=nE)gdGBPr>m}*@j=_P5K zh>1VtJimlY+JL;v;7hfDg`P_;g8(bA2wBcwa&W*27rON(!WFvf-J^z2P6Dz+OFAMd z+S|mq1*fs_X0daRKzk=0-w)TM%5n4Yly4j+>VXf+PL*-gsorch8rnpDS}(PA_mJzm zZpE^W%*zLp++;-CcJ&CTyxM!;-`b1T||%>u8@i7jt^9H z;snCJeVOn*ut>Sz9oA0nmAp82EpG4en+%MM5lv4)rJ`^Fi6?!3gH})^UXzQ9YnI{# z_$GIB9QT`OsHvM;TK0bqkyFuv7X&336c17v6_IiSL3r!R8%y=gr1EuwJ*pM@=>m3} zcOSKf1aDlIY1(Sic3oXcWBy-fB8`jUsIs@W_p`H?kLj72IUqKDkU&`rwYG)UjF|;K> zQ*m)|cQ5`VHa}AN$hoM?SFe^Ru1`%(0al|o?Kf{t;~D|VM)e0?#)A8c2PvijpXo-V z$$zG#j&=swg{1enjWQ&_LdtD?vnU#0V&?g?%CoY^U3Q|N0>p|OITBb2q-=lm^x7p| z0s&F|?A(P5owIL;d|amVpP8K{22#zf&kI-B#GNyuqd$WArJ&xU_+og} zc`r;e5M|J(0Ywv;>(E;NIzh9F!Ko=3n01fdXJuj<9vZT;wB)8ML3sh?2OA4e19T#u z^9=bSom&ZnqxV5a_I*2ph(CJ&#G)j;h|0>!uU>)EX=I_XK^S&hjo=Teyq3Y+ySApt z!$QVykoWA$NLbAy=JpGUD*SVaT3i$Y)iFs)-DAi4w~@brLlRegJtYBLw*^{Q89rzQ zswYkiIhSvOd?f8j6ga`An4dXAlL>ZUVP=Msni@1mF|d7=S9x&o7E^IKV`C3EypU?~ zktn*`DJkQi?E;9_+AM4)BeS%$^a3Lf%61j+R;x5xU+%R$2O0tl0)iJ(!Rvw9xw*Oe zk>9p_dlc_jauyLyycN%$-IYyDq3Kky&3Ruh@BVMC(rA6o!-ry*`)l%yi$F~d4-Sf= z$Ii&$o?8_t-q*JF`&SR7U~}K!B`=8A?_)h)U>8|~edh|!yy*P&$rV)`aMqW9~aTJ`RRv8@r6@>C>yAx+!Q_(AD_Od)3RT%1QiANUpVD z1yn335a8xkv}ojMN`$ep60i%&00Q&e5nGfNVPRpIx`5W`>FJ3zJ0XGU3YYJEAn(rC zmckxV4*-u65=eP>=9S>L~q0Sd>BBW$xF|n{n zL5nzgzZ*KRkMFZro~q-HU<1yKA{RPxB#G#N%*`z=J-W7uXu_>! zyblzMoki`h8}hVL4ue6-fAdy^`I%}TZ&-g97F=c<;{OC12b@IaC>^*Di7chqZ)n5J z&3oRze_x)6XrGl*m?dBeo$pW_W&~Z5AUCKk+<4mvy3RW z51;Znb3XGq;dp#oG-qhvR1&Svo;~cjFbaL?`N`@6!-odYyKydH)EQq)6pGu<2CGx~ zl@TzZNNjUp6d~aX`_5WkxG+92a0Lh1ae8QUFi$N1@Gi~pwvTK%6w2oKE0+%qm!l^S zEEQ}E3<(Lz%CgRu<%_wg!<#5)!}bmOnTel_N004@=dmVQxM8slR^@Ixdb|J|Zy{`CF37Oi5P>DaSv97?U{J8WUka#Hv=qw+TrG z)>}{U{?R{rW-qtT4ZTCw?>Quq{z9;+8V3JwtG2DBobm9Q!0K7wL-A{y^X=V-ll-S5 zBr>t&>}+Bdwel)SEJAz~SacNbFq z0;bOhZlCjv(=#)pF<>$IRRn!2@CFnFB*ZY17OCgou=@r}oaG z5dRJzgfUxqHcUn6vf|>z&cD44>bOJm-PywikI&>IpFpvN3W)!Ldx(pp>`2QbF8Y4( zju;+l~gq7o|Tt_`@R701tc%w!-tKEZRtX5O)6avMHh$61F*C! zX6-XGHHFF$85PyHo$&a~3-u7#o6DT~UZXQbl1X~gC*?7B!y?sIuoV!e^^krl$8%&d z_aB`{oIk&Mbq<<6Ji?<)Np0U_zg3SWGLCo`=W_s~fv`jomG&~^>4_uhpi>OLA=j4v zc>8vi!v2(Wt*W>hm;La+J5%Jsiy}{}u72rJKXrv8dVCN|PrEZBk~jlcs0q~`m27a=^!9nO7@)4n-?_kO!5HJoTeC!yeZJ;^8PjTJb z%Gw&_^|8J!cWY{D5RB7Rt6|p7l>gn3%Tb_KNy*dJ<=7iQVkhQi#)jr*tS8S70i!1` z+uC%^&8t&W`#$8H1kc_5vyMIvS+JXX-`=iA@Iw0xEWDV$4Qb8gRaW z%f&@GR-?9hZb-9dRe#i$pFjXX3XBI>Q8AIGxp^Uu#5)kE6qFFmCr&a&(b0^_E#bFs zbDJ;lJ*4nqPZeK@ymoK3Zn5Y8bE(ik!rKYyrA1e6p9y5k;7#LtP%>?&HzL|JI*%rps z&oBsdjNdhZ{b?ClU0#m(+D`UkGvVd!-69x*0~Tx-LaMS;P*8vaAJc7kc`w;TdI_S3 zM@?N_&(JVDI2ayq zs9d`q5}q-1u&8RZxL*=q_^Aea>_>WFD74jp&h8@Fa%}_KElZ_ zLIgiFTmZU;MbVoU;;uKVDyK@%NK#g)q=~Ggi8TJ6S^C1sBps%t!fNt}mwY=LM2irZk}p}leaI(*f8_nrgFA`oC}MU1?@)uZ2-x#Z{u)IoIMit+YHx)kqh zjYmsN)GQK5EiPRWlrg*;mITAF>)O&~q^oBa9UM;3)&$XUJ^T<9W-wa6H~y%D3A+5( zA0Xh9$*bx!S;r+4uW+NJw2opF0`!CkHjMJAYiiyza53xvGq#MGP731WTmQu4YI4FP zplCznKK%@k;yIfziE#})FaraFJ<>Od9^L`kD_2WK8Y7u>cJ4{+I@lPnPvy^^0sNvX z%gV^0CF`4*(C8sD#~lIvste*s0{GnP*RQuXs~G8_@OO1diHYs%?D*4M2HnFUTbp|) z2t@|S3z!Y*9UnC4zNeXy`_e(oB*@FZLUzn?Cpn}va=SoKB44cClRVHr%oP;_ecaX8 zH@37#zRSOo{jY+M9VB|XwyqAvcaP)9$jH0r4_vuMg#wEC^J)@L2YamR7j(1JkFu%x z3*4z14R@B6l6erM6n?%<_j6`kMuV)#u1nn&r%s+k+E2ig7)r%83k%NW{l$OnkCu69?&$ZQ2uKo~y<2PnQn+rr_Pge#kv(^(IXaybsa z%6}u28Ipw_QbKgvgx-jniVBQZY;j3vZ$A|@PFCq_|CJ<8Qa8bv1W@t=NjHK0`)|D) z(uzBL?&G6V{DuYhjD{4#ia8@FWrQhdXtY#S{Zv#1Q!;^)j0-ISZ>$4k!7zODy>r`{ zySv3PoaO~?7fHbQpn;;IB8K4rXHzA?jgjPkL|Y2d@^k*_I!j@6cnQ(bL%qFdoaO$6 zLR|pi>&U;e$Xb7yXRoogS?b%sHj$Bf@LHL+^}*o;V=>4O{FkR??-4lS;4Fmtv%O2{ z8ZiJgGppL$Lkv%tw9GKg&O=QN5}Y}tRW_lC@*v-{Dm?bV08Ou>qvK4O5I9%q4ZGcY z#Fd3b>kdq_jkx_p&wg@Do*5e%!E_!u0yh=RG#ZvFG#uPn%k*T#ga{CD5hCxiXTSk>ITOU+QP(<4 z?&IL#z(>Q23lm7E!_rJ&cN!yb4CWmU@bhP?jeRkOsALhHkMXala2AF~jGWHIW|M*t zG{Qj>@XDydCFkZ%auzZT@Wy1M#A)b|kVeq7n9mcGIe0e)V(b4%H;Z;)?$-9gg^KcW zY3~&V0lqAVO+E(#Vvyohl$F)>pQNSvtC!mf)-SX{hG_VKEIT-8NkKueluBvBFOgD$ z8HWF!nufgfM^WUcXt~}o&#QHJf*wvGc*{8M`=X%Z4j_;e&u=CrS(iOuA z{s&C{Q@g)2Z6oKxvVh9$|GMK}+_KB#Uy__n1|YxD22{C>(G&dE$XC1N!y>jN6*k_Y zNNO`IyX`D{R3ueaJls;&Jz7U`$ujmbG~3(OG4_InPA zmMAFF5aiU<>>x&i)w;LXu^;FV$kBJ*%jE%Ie$8|I}Dc36yen(tR8#VFY< zuWrK5hpL%FT_0CmKZIDcw7!8o0GvhMK%^?I(rDMI4cF+YIUkjbuNP)|UlFa96S3U; z_7Roji=XmRPezp0f7`?L;(jZOH=pCZ(7hhV4yoC&e2ZF}n3oi*Bq!*Yndu0(D;_L%oatp@Gr7aeE=nf2(mX*0x zJcn8D>C(^i4&$XKVeK+bileu|`$IZ_UJ}u;uc|uj{0M6P&*`3IuPIwAD^%>w<~K1w zdm^6}6EC|&tZxH#7t3p6Tb{9|$wCjVOP;~5S_iu%=GiaO}= zAeUPw;4;kc7}bL%aVw#BYD$1Uxc9huyq@SNF~^N@UDkMAlFuD;`y?5|z}N0>=_5x< z3JStj%F6$M+q6}dFS}|twzZjI+@KcA`r!k^R6<-F#^h$Jl}HFsczSOFqoMLhRL#m= zBiS1rBNDyBS*%dpTBdRKY%kKV#7Fh4<~cKpoF&7mM76<1nF>?8(v_*oY0P6|CJ7G7 zHTvfBrm#ksm?W?yyt`g3v}w|yvbkog{WMOnf%6U)~>P=?hx>wFpPO?& zU;_8*>~@?c}!MrE?o()z&>5@E(s zhlHr84)n-?`SpT1tuc!87>0_Cj`qg*4E(RSdc5Y*8n|(}vTMG*TiZdO;n@pe zHU~)U&XX@NE@F8A2?TEaGy58(kz=|~mTmNQ75HjdePE?b;V|!=OCtuaT3csA1*@Fg z+~At9cXY%MN<)1;t?w|bI%tuEyq28)Z9)?*KB0Mj?}j~LY~i90Q|MKM4A2rxn!(!S zcEjLqd(ixVVh76{C8)OgbAmX9%D{kmAI!JTV2q#m$Oz`;`+|z)v^-Im&xFv z6*@L+H7SNxFkdg*#Ri2OPrbmofy9blfsUPBaGhd{gzFTfb$$JN0RaIzyaxpYzE@nm zi1`pr!PXB{oQIq-mSdP_1UR6-<%DX{%U?&i@i>je`T1+}!_EQrV2WK$#q^kwA&!e@A5_G%wwDzK6Vp+Z{Zq z4TIS3-N)B;Bc7jVg?VuoDGMq-gSy&lg5LctGRp?)P`rJK)vx&%9op3(}r0oyjdr&({WYtABRB-UbC-b+98>H8K^)DvV|wh;1I}XlU`2&gongN> zu!aZ=KP@g^FstN0dDp=H=rxEZ$R5;Pm}pIaZ5}44&|1(*okcd=VK z;}J12_$BJhA~|Ok7Pf8KQdnHfKuHGU{>oT(GX9Q_IMW;!&Tv6Z)K-JDlaz24wF^}X zL!u@effcO()$e^nGw4%@dP|B}hR3U(p6Y>tjK6N} zs?#pY*US^3k!aSfQnr?+nR7|h3t7KB`<;_WNSjl%>1k@?;W*Wp@m_964kUVh7e1|1 z;z1rtv^VbDY5Jy@a*`qYBdQ1PxuKigXX$#&$TfHOFJHgTx=Z|bW+L0VA#i5!$L z?;c1<=}0SazI+)^DCq3mLx9&Gb8e?#`nN91Q5~}lys1@g%fiZv0fFJ^>1nWzm-TPO zqOzS|}tgz6|zEXAr*1b8pBAFQGyM4PZbB1E(;Soizu`3mx!; zJ1I9BL{N2=(^cv5BL0|cbby7hWd!5KFda!9Il`EQ3555}%`wJ~US7{DDw>@o?Q z#mU75w(^ETA0%G1k`2Ye5vTd%BaYMW+GPZZ853%eD##Eu+QeyQ5s~zVPXJ8*-TK@= zqM0CShoXuG0^_p8`7P8OJiG`GD!2%$trK=^nA-@1*mp$!06q|~dPoLV>UN(f`!*jK zQZFJ;K!gO|yb05Tgrua~sgO^gwTUijsUjo_0)*5V%yP$@q!I(&MM^cZC1QAUe2n5@ z092Stif_UJ0Z|i%0=V6^G&H#ON2Y>~Onbr6HjVu80_{_pfr}@(gw8L21bue44G0F0 z8)40(&VP{in0vAWtAkRu@_%+ckBFT9Pp;>4hv)vCHy%*_-{Ot6`7wj?Kl8?y?)=~3 zjYk}~T_*F=)1&U)%P1&d+d%}Odtk%I2)vFLwdxSdOa0g6H9NxA34?~Rl(LObl>}JKp#00(vra$l!n+b3w z&I7JyxPV-TO(qVbxX*WCVgn5qHLC=JjGz6bOL*qoj$lQY5W$Xv)%mr!$ip79gN%-i zZ3-6mf37eJgwXmzsg^n=2D&4}>>PtE9^) zEuk0AkN#sJqs6xQuuP{my?Fi{^q(Qrjn2+T>FLLn8qXeYqjx0PglwXt(^{`2|B~|c8?Fl^m*i&k_^%)M-oF0) zEL{l)uQ#2N`$L^J!`bu?{ppuF5yfBmlJ&f-ssj2#i*h-!3x_rTk6IgE$*{8G~sq!0p zvIhi&6%;t0J)2_h$zAtyT(hqF(e-}sgatePpFb&Sq-^9GEPKzhlBe&PK3(&A-e}2# zR)E#$jCpi-`IYR#!plg-fJlh8!BZrglUqPmXHT`1V36zcXX3P7Gtm?Rg_%HraHzLk z09qA13RwI4E>9TCKs{wt+|Vncx|%o%9-I`G(@eSvcrYXk z7kH9n;@Z|SZGZc=FZ%6IlKva*6=I#Bs#yCVPBf}b+v6iI%51cKk>$SKR+PDx`+ zhDUUsYe&gAWLB|JQy#Ds4l1W24|pxPqi{xw$%pNR21U$gLo0B7a04SkG5-Tv5#1+- zMN)alfx!SX7Kr#@5krMA_1w)3Q|A~w=4~*zqX_Q{667%rQ2C*4smmQvU4_O2Z%)n#C zUJzp2#lrv_aN#w0J3L9NgXmaLpRg+7)OE1bIR?I2Ozas%<`(9{@z(O{^~~)dzs6GP z4aO(h{8AKn0wQzI9u9ggLKhlYSEaW8v{MC;92POCqYw&t=z}r0*x*5YoEeQ8;8)kW z=>2l1K7Sovkd1>*VitvQUJLU6Mn#P&#i)rokPYIALiaXuIGK-`~QlPgpeUqX`qRaSdu8Efv6-&WQfR6LK;LQLxvPdnVP;7 zLM5S6!XhM+$WS6us1Q-)_xxn7wf8<}?{n{S?(_IP?(ZLGSZMfs-otghrprdlyh0@6 z@d+7M*4EK);-(nK+$|{?MT&xRXFc3Q2uG{WSyS2occ!N5Ms^PCJ96ky(hq9fXPmcZ zRTvr?a$CSxw-udn(8kQ{*?phwVprE=vFQ)@y77`TXPwu3?ie#};9;DqbaN|-bnV>P z2J=f&w+-{O8?>4Bj*gn6OJtK53WXxk zK$9&jsvf$wd2{v&=HAMWLQGdm+}a~cdhhnPtKX<%;<~lRbJ7ROii`JYo{Ec8(K1b5 z2~a?EKth@#Jv9$0Z(8c!FVerBHUJU-rJLGNb``P!j-8m84U-QokXN^o z;K?CHTVfBk>gY2)w6P<>YKKqCk1@-gBmbey7vJ{)z%0*TCd;4~7~T zWTvHsUksTjXTqk$zQ*qZlg%9`*yI*G;^`9Zc6kmpLQ2Uy!|9bO(z#EbJju_us?l3j zALYMx?b2n-*r5hQJ2sBll0MOvm=SaxL|^<0>qTk2JlpGi6yb5en4|hk#+|@chR=68 zY&UhPO1LGM$8gMbc$KUp)I1KA&lZV1e(Te5%Xq`~BSwxyO;hv%p`ymhm7mU>8NxN) zFQiBB-lMI(3~|Gtf?d1zJ9aA6V(5pwQLA5=Hd6kxw5gWc5kr+NPB%`SIdi69%~cRs zMbur9k%@6}^BdORbsCxSD=d`V0tbWP=gFD5fnu@Rg-J6m?Y9mTej&Ok_T6JbLss#nIHMQ_EOOUkK5~xt25+iNP1Im?yr7R z;khgJE5}4TI%OG=py7tJSs-3@C#>fVx6HAfCk_np@9piMIEOGue0rS1z;~QV&#)d7dP(Vh82NQE)^92+kKx3Df_E=7 z^b8I~8;R=@HIP~tiy1RYHneVQqTJa?E~N@+7bOKR8lVzrmpsz07uG79xQb^}{=NCp z-P_*2n7%WwjED>j2YN$?LMQ{2Ohf|lV`H1(L(t50KQEs@R|++!ucsC-yLT_9sQp&Q zQ1#$GIy$F?I60^D)|0#5)UFs=rcQoQH#xaF8f4p<60KW9cUMw=WSk$Tv>z0XUf4wW z0*ELO`hpI~s;}hcl7YqD2*F4dLNfHw>d#WPwsd@>-gEF+t4^~0%3awcYGShdv+3=ZZmEW5CB;FvLo*6JN>QzLm^ z{)Ob=hztzdJ$m%Ogz-^pD~HEXr%n%p@7##)xYu_s=^`ARZ0RiL#ACvua#)-p_fxre z#|wY+43V3b{uo=uU{5Kr>myKlYJOZHEN}3$R}~d-;&;bRoHyk7huNkl3k|w^_OsKx zHm7tAz^)KzrL1@E+;KQiatvR zwFKz!r~8{@Mm>_rTyn$Tc1Pog$0A+~nq1C5;5kuAJ_!BqI~4GA^{$_C{8p@e5-}54 zz~Rg$W^X0k2casvlGBq|ECofy(=`R%v+|=ITF?AgyGy2Dh35r0PjWSS*4aSb^W8?u zemD3k^|8;|X;R~f54$$+^S97>rsk?)1c{0SOX~C_M{&obc-ur1Wt%7|qHf7*o^EHC zxor9Zx5D5n|WvQ@Bf4Q01ZCjn^Y!!M|o~ilD?p<-Cavf?G+Leuq0Ro2*3JH zL&(PE{>eCheiH!Fy6^iR_k%oXO7S48o5SvC^JH*-V8q9dFVc_^_6euD_r{|~zl|7C zoS&a`?AR8it)*p3o6XCy85n44-h|0k4t2`%)q@30Ox$)Ck`L(7qy`LobiXw!EHNlnAxSq$h5N{+V7@ik4M|~p2wyal4%m7q#gvj zy_7n1Z&I3dcuFmw_KT^XG7f zh(3tHqiI#|9C-N=;n#Eu=BiY7%Aw?qYw78Q?~?C$AioqbAEHZbc^OKdxY$@QHFRqz z(zV3J(f3d3YbV;tTz>FiH9ZaRK=^`ZXiqkCMW~BvGw@ zzfC6EedKk3X#F;Az4^zZYZaxZq<1ANq)Ts)nHqgJ@JvUwmeO^2zBOF(a9+Z}$~jUy z;6B3xAK-9TlJ2n6sA)1WS%Zw^yu7>u#p8}7SZIwnfHxN5mg%zc58fokHfEs9D?Ro- zCnpD>ulXDSGu}vvqN9~uU0s2>Wfde!Mgh+E@4ulD0fdmCg?91t1>GYB1EuF-pBIS+ z?D0YAg7}W>-ArcSkRf%%_e4eg^y~5aueGmkU8?eV!?5Ld74q$t^tjfmE~>m# zG3U|l)M?rAtvg!Y3AmgIGJR8`z{T#?%EnvHhr>sW9*vJ`@1$NFN|(O9K7dp;(azEm z`5p-}w3(2N9KlhC4>#9WO|`vR`3V48QsjVf35y-sWxRNLkGy+BMviRYX0GU{3XnN3 zS@4{gom9w0d&hr`ICQA5g2Fd`SFAcIkf6)a6c>6?o|Ds;S61N^iWLA?$#Eg@1mPa+ zFk6-@1sF}M=}{}m^F7#^c$23z*Ze4aOud8Gim;J>V|-Up8eNF8d3XEe2duQrXh{0r5L@$=`$A%3+AvUtsXgC3sUOCh1S{`*iJ zoshN72rLvjcfMCzTJ!Fm?CHyBNUvPM|86rAF&NxeL2HbR%k8^roi9-cc@j)^8pYHPdueJ$YJ0E023W!^Q^Fr-w)Mr#_

%Tx)&g+3rTpe{^2!{$mt%G~ z>^1nZ^F!nD+ei$FGe}5S1guC72#Cw)y1MAs5oAEZzfiNq$HyZ&eHj;GXgPT@D&2~c zH^Ip{pb0pd!^)?=rYJ!VMx&=q1r2@?;k?e`wLaAk;%z`nv(pN=hYrJSQo#YsQwpSG z?}k5-4l@3DT(%TVK`dHq`X9JHi^)Tk6=#I;hyfWn-X~~x|Ky!H?Swsu=vp}bt#_=e z(fT6m-9KsJ5uKzJ7oH-^;z#04r^UUQpJbMtN>B#B3`Zb|h8$YtAtTF%5`2^SA|$q( zfv38Ib}_{*!4e5e9+o0qpyjW2$0fp5fp`{+I58`2MdYP~1P8}@Z4C}?d>+^d7c)xG z#mkocC|KWo|IwrUQQ?nEOHZABDGKOh_*E#F`4x)xQLK*ft_vurL?UtU)~n*8B1|#X ztxK>n=G7B94f*Z?$cLD#*NCM(`)VA-vq$@lHjbz*QjnIyTM6LOW3ZXhQ??Uxxh9l@ z%qCM7l6#Y;+imPByN$oPDLehw34M}1I05##U}S|+W8*0L*WUvX>JE*1xSDRPL0X($ zm$J$?et=!Skrlgp=UYEEJu4Nz@O*>KF6$Z3&)K@=wQ6%%H`--bU2?}jo1G1V=9T+s ze>d2=zp{QiunSEoe5mH&!Oa|IBEhlGum)8%rk*HJ6u-E(9l^#L5sClC>((`cK;=D& zMc+)jj2BJKYKlCe?Kd7Lca_uP;K75m4?RQyTeg_dyZHEw^3Au@(ALJYGnQ@v zNkAzsoZ{kzOPAiBGbG+tBXd^DHWm;c{Am~5#I{x0KYzG?Y@i!}_u?H(RUDVCkra)? zTWnod=xA=f)lQQZQK?fBl@$-w1~jK2O79lQUJz~!Y!C%-J0YaOJa^OZfNh&#`??!3 z`*mG+IcRS-n1S+2kwazj!C!}r>;yAv(3~42T!)dFA)|)bRHe?d6Nc;c- zw)?3v{EJ;j21sx>fZCMog!AFUKOBuc6(J+q8=_ZuV0jh4=i~&Oy#R6zErad=K5Xuy zMdtg0CX$)6CvWfl4Htz2lDH--99lHLbmB-V$2PswjVcBq(rN!tMp7J_>XH|RLk_^U zQ|}Q=Spef+?+yG5zlb)`ei~S}Rc%{H$oj8!{Y7&q+<@NMs@(olt0lcdtQ*_wOgv^5 zXny47X6-C9UHKx{4(A)nZKHCQiHpKoxBnj?r~|EJMF`zErWHqfoje#$hB(ddf5O^ zlvJrFj~|bnywr0^M$980!Z)~*T+~~OYD%-h$Q|ec!=@la|M1iXy0(=yq);Z~29wwinHrGv|!wtD8cAj{a&(B{?DShQft= zK&{7^Kz8roOl<+m3!MsE`^u9vi9DBKG&o@L)KCdsI|V0Muif;*NYrwLPEoyzsJd&?Kp$(=X4l_I6e7 ze)xKBL7+!f&d0{%@3@hTV}_`!-?)FDb1vo5rFGm{MRDuNk3*{#Hl@ZKj2fq6#qqc< z(ieJ&q&GU8_b5L+#t-xw4$8@?kDBqx84DJjdomDvG=>rGbV}j)XTqQ%B}cHu>v!+U z4NH=|b_Yb*lLQFAFFP(?KW(3+)IyI+i*_d&b(aeKfQq5Isw&iC2sip9(fg_i!H+w@ zscUM6Wo&*|Q$v(X+>UST3cC4E-Uc5}{~b_T5j&TMUi3`k{8>6XeSOEtJ8{K)G=rhs zehsoZ%u)(t4U zee~Sq)4mV^ltgO81-E^L{rbB}ZtEiofCCbu+Yb83LkugzR2z7riG?yV%yJxMA z0uOU^EOhdh7SH-@qY=eX- z;0g+vJ|AbC!B)BDO3bb;M41Xxw1R>FK0bP9;?>-c@(I5KaKp=&FG&D;j*^7hi{C9T z>0(TRnYyD*Q@z5d3S%!=KL1N9hCuxUV6j8lg&98sUst|ly;J(`e2m3{f4~lN}-57|b-jw(L0Y>{^A=5}XW9WgPvLT!hnA!TT_7Am<&szWkwetBL=Up`ppgs7f_~!?SOf&T#K@sBnDysup`ak)d zIdxuD4&&3JHl)nAuIel^Ds}u)vE6Zd`B$=ax}erccA7wzlA;~-M2PHCZ1r6&WGCpA z9@#41bNy0>%u9Adbak7^`e(5svVjQU1_TXOX^NDGmZEIM*F>TyknvGMVn4pxr$ zFA0b*NdMMiNHXF9dV8OLsuj3Z@5!S__@+`Jtm&gVS(xqU$ye%%SrVG!;KA=m0ff$Q zM76H-ZZC`dla5-e*MItS|K2?=o|1HT#ZlMHr%Z8YQVeUS%Qiyf-Z4r;IdrR%bjhkV zq9OQAw{De&9tEjf&I~ap!_Kj(wmKAD_3PG*ViW`-y9yzg0H6pZI%;k*LO7{!t}~Lj zc87uiQ{V~@kKN{~{CAFw+Ba|LG)$7r~tWPd`ka+U{8g z^oS5ZBhRUkwVkF3cz*r*^>8fUjJaWQh$*`udG@ zBOC-vM>MekD7Gq2l&i}9I$^{M%CAR9(P6&Xu`qbT9PxY2w9Pm5u7ntg&D1LnN+`}R zw@r&xceVE2+@W2&8RtD>$OT{#aURm|O`0V8BUM$P+^1dD%%5K#xx>w;qtvHMyTijj zGb&8>T=&1?d^OJwST%QudvD-Hj7Y&pbqIs`Gfm;Yi)!lWGK`FnvA=^#s}!RGlX5aP zKOJ~2!9A{n5>j5m?!ZlX{JWpw-F3aae+3kW(a-pc+HMat2^)C)*q3Cg*0WP(K>it4 zP*_@e3C@NGihCwSv4`(y8za}j5#TWXNV-~uti0WOf`94H(f!)@lwIgiReSz}REo~+ z(VYycOLH#BI)`7rTUf|Bz>(?Dxyv>ee4Qc@k{aH3;&`n@JIzq@y&XsLyJOEGpvV2m zw8*HlgyN%x5CXftO?P${63n2Qii*zuay|?3gK4@>G9q;i4H6)V%2;MX4)65M*XD`i z&EVHDOO`I}!$gDEuZ!>BA1`N8>n=Aw-eWUBez$J;yR}2j339=H zhB(~B+4VocqK1EiC0~6y5*t-z-k+-i{YprmQB+l*2r3fvn@khP{}Yeenlq?f10WHZ z?N_*54n#$f%gqUAx%}8me^WiCNr5vJ-MY0sf8kiH3j|BGF}l%x?UF&;HY)410Vlh3 z=ttj5#CRME-?h4We9*yG_Xlbo9A7r>%jcR6D)!yI zixLk${M;T0S*3sfa&BL$@AuOaN%<9x6L{5C65}+(8TRF575>vdl3GR(!Z}?qZYDQ7 z6wI1}mj(Fr*|V|VD!LNo!t_6VTZs4J!_*{1^;)w;qPlNushL5hKCX155{aK0e0k2& zvP-k*=v2ETJMb9eNnMDFvNV&~lE1LFB()OK1Ed7>3i^k`i_k$7%-#APa?OuYlb3n0 z!l%>e8LzykcG8zU@k0EBlLc^U6>AS~2!RTdXPp1l7?|vJ?DE1NC5+yZ;&)})*^vL& zUykwl81HPQb=>D)fw;d!yaXg$a^r+z}(%7lxlr`HgZkdhNOIc@({Syl9anr%-UIihGJ*Q;0HmqW|x z&o?T8CrM4*U}&=k$#h0S!VTW%<5(;=O=sSw78s89crLQSXhsItlP5D5_(T3ow6tuT z8C+1=wari>X+)wuc?LKh;KI1rRi+&;KnJR)_p@Q}4n}meL@2CU<+W;+kUwB;y&HM2uF^~<<+OrX&cF*En9Un_ZNv6JMMZ|a3L|`9A3C0xDCpMdreKP~lnsw$GnPk`1H#14V35J@FFy$V@8Rj5D_3Gbv8ovt78M1f zO8WcCt5N;28qX`c_y;`edO%RR@_T8RrzbOX}51DIBj4X0(x)tJ2)TZkOAM!Dny=v822wn&| z!`@&X&Oo>A2Nyv1Ta=bYs{{qU@b{j9B^!Ai215x^8;Q$6 zda(IN3Ix-;twtaE>5{>^J!M7XaJ=+AL`<5BvNBS3pqFm%h4GDi$N>jxV`hzQK~Ebu z`^SU-3uM%L_v9kM(*uRcH3P>4Bsm}9j8DP-U2VISzkYp`c@Ph+^=dg)%)hw*f_6Xm zxEAIyGjVnO=5b~1IVTAhrCN9_k>1TRW7YQ)j(@)B9m9%aLMlnBMnfbHXdzu3^>>dWb`v>TrN8|bOq|1EmDEBt?qp6&?Ef1GjgA~H)JmP+^S zJ_e=7r=6e^xJ3SxiK{yETj$_hXVOf;;`_|k0{xARodC)ujmYR30u`i+v;?!JV36V$ipk>+-Ke=2agOVn@c#r_fv>wdwgd9EwU z{2ThVUxn07%KApV8y3lz#UhLl@;bpUG=h)A_ch~5-7Mu%vRL#;%- z>$*lv7e{C%FtOedjL_ZTZAW|O%V`*R0*$ev6AvYRjfv~R@n&fJA-ZtrKw!tf zPKGz~@`ULh&=g~Tew%_%&TT-at6?6sA-zWmlQ78t`}Xmb)8KT(vnncqDN@^%YqfT2 z&G0su?e9P4j|JpjZy#Lva%%-&j%k4z$h2eoRxAxF{G}QA-qU21ak>7L5a-XW3KXn| zDSUNksM+AzF(@$X)g`}7_s;DL=9k+%JiSsu`Sj_Vn>+SBE*4L7a{3O^)JjDDJy}{7 zmV_|rav#$2B8R9I1;FMZ7!~3!(@p(+ed!U!wu_+(?Cgrj?1AM@*c70&73l*#%MUm* zk*HIr5ZWuub@fr$NMG}qUB1Am^ zPqg5Om4<|=mUo3U<}fqu?hW5uzA66v+SaEpv#|u>W}0&$Z6#bMEyGiClsLfSH;;>K zfQT1@{75vzdB7;Go}#+zitDXc=ichov*+#+4fXYzgn@DklM#YdxXN5XcJsS~le$!= zaLoD867WlM8@?stoJ8_>sRaqop6lQ5Z)hlt-x39Ia$pW_YH9+LoRnyCLz# zaohSs+ykJt9d@jb{2!{i8<=(f3A(%3u}h6VmLK9;c=AGw9Lg#XP0XZdwodpX@dXQkBM zNm7QzS$@$6$CpRDT&V5$ORnl&6jNzl@8dts3*Z((FujC4Xk>VJsLez|RXEfWuW}ov zf$ZUh@w6xL*{|+-E0GdhtFH(All81w?_n;f{*GE9T~L0Ywl`{8z$Aa-y7Ilc2_9C+ z211|sKpmcbP_C2%sCVxkGZ%vOlk<|yH_xj?6T)oS-7&JF^L`Dd9JINY<5y1GERZMy zen>8;peAuWwVp>n<+Zbyo+dLIi;9@exBX~6O$P7{{20Iidz>MyyuhPT0p8hgqbE*m zzuhTeU7m!7R=8!}w-KZX@E0n&-)!$8j3uYxdi9u@man*5L?Rv_F${u|2h5%e2e$|u z2UFPXJ-c-k>uUv7o6>2rLg*s##7G!;(rf>hiq=qFMotgdqcK`-hoMI;ONUMomAI$r z7K-fm@E8&s#*H{&Q{f-A!gTOs%)$dkcaL%CqTc(+gW(>vX-z4nLQ+lnrezf(S7!N7cTmEH#V6$-@$C$+yygiWuy(1lz3u#O@ zfa?|51@P2*k2(jL5IbUcLFL}x=~#sf1;$zD@^`R2k~5FQ)N&Jw%DYR`r)&%igeinZ zN40B_VZ{viac4LBwc15J=Hl2s_z+j|EBg}PFYgpqyE-O08Yv6WM{**inSt8e#(Zeq z;L6C;tP*@DQ@+bpaZ)Ed!^Xu2nEFP9qIG5`9bonu+WUZuCQfXB;d>Og+3Gbi!a&xL zUAy)z;g;O>y>s8b4D5gwkGEY6EX#?`7v`yw4r!HN)dI0vZCoO}8`Ulr{1LWfrnmvf z!@weBoH}iqshQRvm9KXNC4%U2*NR3{;3%}QtG{L=C+0^q=r`qFb4uy4)`1tlW~~Ro z7g?AX*|m(~h9bPNT}wuOVlG1Bd%gQg1u`bti9@q;r-SJ^;}}8P`n~6-i8ia&?U{c_ zhSwBbp;_Bc{d#Qx+pc%*q^q$N$?jpS1oI@s$xY#}01_w5Vj%`?8!VX7vMzfGB=hyJ06oiLpj*`kO|)gQ)`bE{{QglB!o zdmXwD1}UOCB#C6jilLu>ANvP>>s_(CZ5+{~7lzb}3h&;XLwHVxDG>=NUK>v~RDo8r zI=C`lt=%%u;(St(zOTv)+NuQ$9{5?PcKP)@-|GbLGSatwAUx1#2j-sfj8E@Mo#a1b z@a7lq&#GGXYZ~zF))Lu@gK`2px5UOKQ~;!l-vgO(6*hwUmo11cW2(?TQbdsNFe)YK z>{&an6oq;D3=fYuz>g3XCXv_dH~!c&a38}S{_v@L$E>gSao_*%L%iRfn=cNL6C~WC zoQDtTtFsGK7cv1WrTt6nSm!tZ5xnk_7b$6}JzNsI&nS*=HRl#1T>l+Jx8w8b@vP>G zPJ<&xgF-|#WZL|__Vs7u!|X-HvgyBs^dWsd&e{88*wt|>FwavL5004FObQ~PXo_>O zgmfuUT!3C!UQ)L7YZt7BQfSn=2Y<+2eP^~Fx6CwF0Dad_`vde1ejN1nWKD9%U4JNE z9rK+rY1;=MR>_*Ew9vWwmgmo-e~A_Qru_@-w;}Z3#C`{C{NKZVI-cD1PUnL}< z-rjGtQ}TaX`noO&>1)I27ql_7DwD0ORGNTc#aj0$s)Ac`2FqWhiB%TNB5x-;xbol1$0C_2J;jiA%&;D1?Z`<1*n|41B*4Y9W3v%jTfbsE! zS?BMl&+n@bsqj^Siqc*)oJK)HG$Ev47U>EzG!CU!G_|(;5=6Co;;)7FKTyR^3HbkA z73*1b1Az$|M$$)#L_ELv{s7N!CR^`VW^pjzYZ_FCLIBzHFo%3WSpnj#Vy97+n zc@E2$vPZYv_BWO+X=r#uyKJk#B_^cstV~uuL|N#!z8Bddd_qo+_$PSpt;?1h9?C{Y zEC|&_t%>ppTSe6NZ#QX=gG21TL>JxwU!){MF2Lzb6-N<@P_d`NS<6A~9wK7&8&~f4Nar^8NKB!%KxBPp4IX2Znzf`@WHY*Nkx1s0lCn12XAiziN_h^})_m6tmfAjy_(a0#ot#NTL z=PcRq=Rc|Mlz-X&`K<9Zd*&6T-;*MCBa)O7P+QJ|8_W5ooGHREiRksVv%06bG0B3t zRTw57Z#a&2+3VHKa9#iu3-IEOkdTNU z<8NDiUVN?GgTQGTS#eTtjKtm_cE(7l&DYM8v={BV24(ge-`L28X2tNxX&(<$rA z_2Rr0JF@Y6eS5I;ZwlKM5qoAk++ou?+K(MOcB9hp;ZpBMKjRW1X}6@L!#)ZB*a3t@ zdr=i~sJ{ChNvykjtzknaSy=;c#G|i&mWC73IzT!%FVAB65&rnWP22ht*=r4tC~bu< z7Ksq*(cl9w&uyiNG<)0&8Q0muS-^`8&8n=t!-8 zpnK*^=jLww3vQQx<6vuZ78Rios>#3dFGgF5?{RUq@`x5quhH`PIFG<(5__pLCUE<; z*k)lU=Id)B^p@oFG7(|- z0=i@7uZEvHuzx>-)XB{QDuY22jvhNURT3xid)nW5^9nhO@Jljbx86)m)kEi?p}!+B zX5XJRiPMm4(geY}8vs;+^?2&VJpxZBgoqgm7OG)%=Yq^}L3nJ6y`{<)WmVO9B zV-v%`2v1hQ?TMl@GW^EfJpR=Aze0~=?`SSD9rhnU;+s~gQ%w-5(8KuoWu&IATrc(j zy8ahRTJPO=_Um%qk}2shV+MJtKauYF`1n+G^%L*g^!!h}IJD&qsZxyj6CF19QXwxF z{*3?%-%hu%IEMXzwI*0ivg+A5qq6o{ew$)-GiT{HPfJ=TU(3N%+ezkMN^Tcb57qfc z!L4si8h8~m|3LAC;gHLp>2FjrFff>1d)hus^PR zeH*r&clz^t6@CR8>g;Y`D^CZ2WyB zwoD>;BTRs0L?{9|K4=t=zov0VI}1Pt-8l?FjgnHp@$Q|^GrSAdYQ~v4m!VkvB1jCT z;6ye7QdV&LwyLvx+_*nfwoy2+ot&Q1Mp6D=fZ~V>X=NjrnI*ShiyFOVInDp-_s92w zOeWg(>e0h>`Eurz3xf+lf^1t`Qivn9O{bI`u;<$|{?CSIYg#&{eWq2lf2Wuw1S=4) zLf;m}tmS%}v&u7=)WGHkn|@MU3>Gv3C3)1YMegp?tz;fvh>N=de*4{ruB621a~6^7GpfXq(bb>$>?U3f`X@ z$r*-Up9fO-3e%vLuUfGpIVDAZ zT^u1aY6{ny>TTRkjFkFUa>}tt-VOdBj zbb~_7RcZJ4s3V#7Z7HU20axQkC*3G^_DN;wc_k?epyA2KYcI;VawQIIJ~OjV)73Pz&mqA50ZQjfd z)}Ec|Frx4D3V%F|wOBV)%cwqQ@YFk--(sRk+nBPgl(HJ@HwePYduztG~lXCL$) zXA`0>W$()2(t)$3%{(nrmF&iVN?G+t*|jaYegEwa-u>E-?UXBSeG3$kq`%=KM$|k? zj-$!N>z1h*%?ifJTXeS=vKRG$*E@$%T7=`FM;D29Ls5@84<46r>eQEyAC*_WWqR$b zOz+U@E|&S4S@@*ok|muBLK!87A{k z!Bne@W-~rhnpwW@WHZ4(-$P!W=s1qHVUf2v;E9xI+qP}>)jtK&2j*DKPgDQ>AubSiIf6@2Diy&)tSs9s+E%9y4 zB`+gsOmAq;qetG%ZWQ>lv~21ndO@evb`t$Z9-#2SNLEvlYDTI_LFIL3+bUm;nzngi zhJP34#4v@Pz;5&wkCze2+B&uyKRJ8}R6#cjn|Dj0rqgd0SveVe|e` zrhAI%EgXw+iyj<+A#z*Z<=+l8*m7|A*5tc8e~|WeO?~I9S`oFc z$aW$1Ov;HN$P|F1M*|ybp0s=gjE>)j_C@Ss@oP4V(FYh&5JVLJ&#Q=3)uW0(hmBc+qmO<^#q$c zqAi&x%&pQM+`qpkJhsxj=MLq+NjMi`LdD@+i!2My7u6BsEFM{6)A=?=1SJhrQ@fCn z0U*hZ?Em3f54+!K|MC{5La}lPAIPs+x!Q1}649OH_*cvxZ+5zbC?pyMWNS+Tq!wbFaJyxs` zQtr?IRoFkXE>e+CO7L&o(Z{oY23?(DS?5k2JKiB>Rk{r{&f%f+C-4;jFu1nN7yk>) zR@_G1vI_o%gm+zzSe--7G{wKki<=uViea{5jOM7~ciGEIUE${A^Ym#S5g-Ldu|XM) zk|xK8dvaRgqo!E+NTe{+UJIR-rCa3QLe2 zQH75!i<`P7&Tr&$?9L4}&-OH}8+x_LLuXvPWr+132<~f>eJx3~V{f!wgK4%x-$E3? znP6sOg2<-&&6`I*6y2X+3A4-+Rdw!rsM}viZ>xHPOpO?BDds#9 z1;Bs-SUB2SR%&m%obdZ!D)I;!${#`=W2i49BWDmF45P!(?ovAh935yJBJx^JPBbMP z=oQyUg>2XATT-h2m-1O1gblG4Scb1=E0~-t`Th5WfQ#%#yRNsys_L8q>^xUTQo+7RIp|R@?wX`OBc@A)rX?rU5 zrenJ{8(|r7;RS8k0<1*UM|j8{owi!0f~WuR>F>^IlIaBD>U(jt{YufGAs>t5bY~8=D z7w%taB({}(?LQE`_MRz*3V(|x=xJAExU6-cP22zXb1Yk>u=kBiLuw7`5~h}GmpJ3ymjzt!zWqU^S#Y=h zq2{#vNKWhPoye!qKa0VMxY{a@`EG8#usYh6}OS+4aP z*C5^gniVVBwQujoES2ndIgkpn*YV|}O7sCJI(?~;46H2+XY9RUb3}+U2>VYeWXmru zaW}HD70*hZca3_xTL&}zd}8-yS7W1Zw6E(|_0J^1vgR48Zu;wNGEd8!>c?G|lF_Un z9dJX4x&KG0l)n_JK`2y*pio72GA-%BuGf?Q)B>FROR#GC8^7+~1gl5v88l;IZ{PiM zME*jYea+cF8-9{ZyO5X1b@j8k_GfX?_p&E)1TG>?;M7kPb;^>)^fJJfl8>&`%rD(ziNY;Q)p zI+{R3~^_Wf4nr*<0|ARsGZs-8fPVeYt6 zzMC1o&j2Y#sH-OwoO^ETonO5NgYx)YNY*xOYNP)^VnMOcEB+OVP+2;ouak@`cNQhc z(Pm#izpibJbalsX>+{)1PEvm#+?%$BMpahd8t1Rm6zEr~o+u;>y4+X3S6_Z`nYw}U zmlCCec}DeURz#;`&iV~nBko=vRWmMTkxA^8fB4nn3!E1Y(f@xv&7cWltl2Sp%JbR3 zk@J9(=37R?*{c6Jz&Cc7F9 z%w2Csa-G1Va+#v=6$)6?FMJREeVfKz&!)&@iwcxGQZeG<^rqp|J}<8}uhsAocwQwN zXTNzydDbtl=57nls;Bh+cYsJXjbHqV=6pQXy-NvA3pew9iR)mdgl)D z`x=7>-?@ETd(^1NyzgZ%s9(tmrorL&SjcP&FRw4_n?ETgJ4~|7JD$+geZqvFN3vFS zSoGpezh>2^SJa+LNWJLWt+S-5Tq~nQ_0QpMt-1x-rrAr(t}}isb}$_jY`HzwIPvSE zq!)3El4I4cnGZ6}oY_Y5w33W%8>4a7lRm9`^fT3}b)>e!#^A~Zjgr*SD_)pcFt z>e>N_7v=8w*~5qh>`OzB!3x9-y`l-Wy6e~1f6N;=se0$GU0)g+$a1+!h4-W7vxj(; zFft1P2{}-HZ+eX!~TxHAVE9H|88;nv@3#ysf*%&On%QjWaDa;yRo;$D@ zO4L;m_p;P1Pl-GwP2ZpYmh~gZS41fa4b2Zi(lzSFqpI({xLG8rk;I{4^ z78?>VfmxSR_WsPed%My%8-q`V?|GrZ0F^r=V3bDQti`LmKf$ESsNt?Q#@)#gxvAt3YoV(9i%6 zVjF10!h%CZpqTh1mOCFkNtbO`A3hwZs#<{-nYy89nd2t>XHjGP&LMY(@b7F)6%Okt zP#0=is)Gi-ug(6+f4b!L-jPBV{R}d{?bpK0RloWsY6AT50orv54mVd7AmGn}yNfa! zZ0qN@g7uFVG>*8;tQ9-9&WVA6RM95N;NieflE&)jyb)lZ-Fx*8tz6Ol`{e#uA%Zpr zEgX#9;Mz6Q#*)1T=4W%wI_Ae)>|rF(g2UR=r%fB=cvhXDSPEMf6qUa7x^HTOXhh>2 z8P(?nEDOH?g^Y&65(NdHVXO?eQQ96VQu5uZ2xSr5%4Nzsr&Px?3Viixv$4x^W(H1} zInz&=ST;-7R{p*BlILm4Msq7je1d`g1l&XRMD*;kSY_)Nd)3f5{Z22kNMakY;O1WL zA=2!WHt~HO%QAPH5z+u=#xfzC^#>5R$|k|dF!4jP*Z~O(#=p+SfQgeVEELAB`_7B# z=G#g~ZJWc|r9&3q>m8rp-D3W-WzR^Zpcmo4Lu>b!SozMu(zb37pd;@h7$!`zQxN<=$UJ-|9EB#c$d-4p$g>fVwmxwC@p4r!au@38jT5XVNHeoGBRLsO>At*a3ft_z z-iWzdR8-&4P?qj~WYVeA$BvEUxPXDDy1&h^Lv|>eWLE0J4r#X|$hLiLlD~hb3c`!W z#_7`mORTI05mxP}{*gf`#oHG_+*H_m$HS6{^b1kmN|Z56wFL&AH{zEXOu7 zuH{{6RuhG5)enviep8p=xUSNXi!Y(8P*M`&MCkl@rI>WiZaw27p6lR#;A>+e?bbEg zT36SpUcJfx+OjC9L82caWr%EiY`csGkiDht@{{Dz#(vqBX}KmHuVJ2+GcHuKhDY%H z?I6ZrV$gsw2)0MGp9}v zA00NhKs|8g%uPOtLa?c&@Qb(s6A$gOI5^GEMlpY(;nTJ!GPck5ljnJ8c+nIL1z_kJNLOw7kLMk{I0SZrQRKXr#(!W%cN zgXZuz^UFb9a2wl!{H{LudzS9 zl3tJf#k?U!Dlc@_^)9-(VV#ZF8jjV_086rZ-?&4x#}_!@u~YpFDk)#t-RqV_Zgz{y z?9pea{`|~tq)`&ayOoMOGSI6W(4;oP}+7!tGL{0#b?W^(thCF@;R z99{S6Q-()5CB}u@$zK;;pE-W@kR9leDp3>hAcw9W8KLTFS80^lBVmtC<1M+ql3jlS zp<0h6v;>)s5elb=W7FS=)e`#f^-L)c3x<6yH-o1Lo;c)M$yvFE`!;&|9s@+#F z_g|YeY1Quzw&EMN6zZ(kbgQZz2hw6bF>hu3sWx-Jh%ah4^nLYXo5KK~cTaN0+Awja zr=sFmER5ABcEQQ;{OkRlLd^m2&mr{UXJo~I*}Gr*w)xH({`7*=;O*BCRWPM-*{M4N zyKLhULY&e6Q!jm=JXYShl$2hEYrpR9KYo9DA7>p?@{^#v;b7Xz_N>F|M4Fge6Jaw4 z4;{i5aFf*)7)VEtnrngY7C2LQeqJ=8en0UhMK?)g-tpE^+JrDA=KPLlO@Lai)5|=Rtj=p&ZsL-8+A>Iz(o){$tGp)d{9yx7fMcP&qE#D&}RJJ(Y z7!1Lczvk+%G*#9%1DbT_?+;litK-D&$Z2J-OXRx_0*?|~(1d3xQ3 zP|Y2Eu1wDF;#`|R{SdP;qlo@r}Kupv05oH4a>`%axA_6<`|D^oO2 z(FxN|Kk<>Q;XOju@R5m<)bLXbzg-1Qz?=z6Kz0aXiozon#KKCqYo{>EGyd@5*^C)R z%|L*3g2I6Mhz{zH*B&@>>lM;Lvg0MCq;6&oGk5R=izVUL0gZm=&PHQZ-_uijdZv)f z3*O5xHEJ1xQ;otWtbg5ps*dD=d|b%D6l`J2(vs3va)HKobg6k_4WA*f7mOgZK%U zDtNZOhpPFzr<~a^(MEw%+pfK!2?W(He(*q}ULwX`{-g4Brr)6kq%#;6b=TY1cXH$~ zF>og_fe`GJgrUp#65B>r1jT$5(|} zWQHV8kGb>pk+lX(DM$sl%6Z(l0MbNo%upW#qdPeC{A82zw*P4}<-AMgDNj$`^y`)^ z^U2}%Zwb~iqT124)bId)_Z>xld^C0#wviRN_ok*q1@ZByj>MmT@^Am|=y`N4AYn~M z38!!Q1bm5UKHBY#+l{rhJDNv0wk7|Zt{N3CNu#?;uoQmf*a5<*?@fflaLosrgiRF| zdeUX}ofb{307W2BI0uFM)APyT+f|*~*km5^k_z~etNM5WQUx5jf=Zxn_NiHFS4K&T zW`%tDVt#11f2&#j))r|DwLI73yyg{3n9JoJ75?$(t**}d05~RR%<83Gw+^xg8ztiP z-Ew?WzzaZWWydF(u6F$3EsQnvM^5@)-;H7xC0NW@fAtPqu9WcaaarQ|=71Tbt^L^G z2lvC&VH3DP@TKN5h?vd4)g-pKOzC&?5A}rqtEyflO+&jo*@UAQM1-NfJXv#4$?e-q zk?^r9k@kAy;mnBdi7XSbM-v&Dls6bz1%5;<4k}On+CB8^)~kV=o)6j<@&(}{tUG&> z>lGq@;ONl@9vd>)0)a@sF}`-Q*KBH#m~i}z%i_ldZC|A^YIO}^t2BpBgBxfm5t=eC zQs%@P^@_!>UcS8F=v9cLoZ{nAfBlzPItAIA)U@9F8^|mp_xfFV`P`*Too3G#{DEi# zBYjp%+bFw=9&alDs%16M#d%hztqzOpY>t^s(ro1vUQW!R5CVf1^zmwL+HS_gz#FOQ z_g4)yC+IOQHn(gR={3HzblmJi$ASh@tg_tB`Mj@q{(KHk5EWMSo<&q1ZxX^@S8@JCD zd+Y4}YTkeUms8H!496KccrZ`hm8D0?4oFU@%bVT4;l-N7@lb{|k6v^)nlPa7y?a+} zz2jZ0_1<}H-tkX{rS`(jl9KWmX;X{K>Jwp>#1v9wMve?_^U6~yTJPr0?BjPXUF;{9 zT=+b0m+HVa`kRqeiUS`IqpjK{F)=H-cGb)oGq97jYAuziA^F(E)RFi~LT}crY4Ga% zs4=P1--CKP1rH{>#ouJEs^VGEmW6wYn^OtnpSNCZ440AhEyxa%kv_ z$RTrcAxhu$0#Gnj4h0$8Gk@Cjl%%9(zP=YjLP8)X`G>_xy;o`+9yC*sD+M*bEidoi zWgDHv{yy8?J8ugyH!zpzI`QUqFS7GkCh)t*^24Y?_suU`P9 ziLL#~1Ql1aSu!scPd6}w?K3sKx87pa?+>>(=vd^bmb&*Cc8&)#KeeR3jBE=}E*VSt z6Ma-iwN~nIR?!HJ}+$4&ztQ58!;7|s&(MV9!)k9B`bYrJgO3g zKL9<YDr0Cqg8%4i-{BYCcXXVa1U{I zg@)R&I$17)V7U3w28r4rr0WQTZL?=iInZyIi#g*}xRlwrt4J)546}HrEho*?2)ub5 zR=`eVs2C}pkQ1lb_8c{wfN-$Y?4QjUw*`IQl&Il(xw%60DOsd~1g29 zw90>5yS+|remo}(jVCJK3DQ2kzIZ+M6jYA>?YDyj4#vobK!&YKV93QL>y;~Yvm{?i zX4=io>xuQ1S`7q^$NEI;+7dN6X%x*PeG5?UY`Pn56u94@ZBF{ut7fYGTna01Z1)P< zcXi0TtI||PnVZ4eJGF2B7PyT55q+OtsI10EiLQ!yS_*RujMn-oj`3CfkscdMb84L2 zf9u>DNveIQOTw3Y+i$z`)i?6%^b28mSp}Pl&xI*;bf(z{MY7hSsRBm+3MeV@0+=$^Te?0UcG)kwH>CXw{zPzAGDv?8jzzZ zciF}n`?Dk@zm#)4pjB&P$>kIj7SEf9%6xoT=*@zHBXoT9*~kJAC<+P9T-daRmX_U2 z%hKV2&!h@itE^9+H_!=rgoGI)wCH6!wzwFDIUv8guO^^x-0JnzM9qr`dw)g{}sA%Lxt z6%1rFNBP>Gh=_rq<_xu?U}RZAyC2xIXZ)IIp@#Vy*3EY2%o7LYPfwdQ>(JTLi6;4^ zly0;9a+IjeC=%^UcGxCz-L5E*}KPSZ#k&hF-v|#`*9rtAkNJ6UcsK>z(#nR z@ZMWz$cNC(ux^I~zn%}9pd`omqy6P~HVrANW*QpZMb^3>7c=`lKB0Sb_JHPTr(8U1 zbz99REnJTk#dU|@Cq3OkEvHgeHB$D{>9@Ym{Zzx=ZC4f6iF@bm1@k}HY>7A?jAJ?2 zM46v!gc$D&<|s~uB4-M3R5W~vDu1wL+H&^TPC3VOOCzn-Y@z3vM6 zKKcr38VciSqdE9U+BH@mFkm4YPP%{Fwp-AITaV0+EV@-!Qo~~Os(GrBYIDK$4G*rp zFhoW`h_(&p#3@YmHGe0J_$IFoa&zi>Zfu<{+emW07H`^uq%Wk2f`AxSOtcz66L|fe zV-7?Vb5|ym(J&W|czFLlv;7Vtju9UKj3LzUO84@KzfYvSZA6Buw27~l2HU*pE;`ur zgwPDI?Y>=HEK}vnrb3BLM!;$qO2EX$8l~-JRN78WF-}siTY2&E-WO>?jN*g|n;Gwf zwgp}VNh1^7>KsXM{fTiBJbCY$^M(59GjvL` zRn_)*AL-w7rvKOSE&Q^4cu>oxM{at)Qp!i=V4}xZ0LuaoQNG=_qlr7rn^kUq1+bm;Mpl%I7deufQnZr)(TeE~61%3v*-y$!!@2=ExBvKx57w9{MO*piGQG zW6H|bBaI&R|F!q#VLk6{`>$nKk||`4G$5hK+^nJzl`>bPL1vN$4GS3(rIZTQN<{-A zL(*gl6`?Yxh%}%?X;SUihjow7egBSq9M3-X{%7~c^W68n7Ja{;&-;B1=XqY|HDEC` zeZJkr*s(c!w<^A2Q69ITr$F1KmtpYDkLK&&H+n1>Rw~?HwjD%m9Eus@FUS?Rji>$z zTNE2J#3Ajl{{6Iwq*PA=VuU*|n-W;7a20X|VX?7q#9Nq+GQ&IT=5)49grLECXv@2~ z(~q|yo?>ku{TYs5hhH5K;=j&w_3o0NUA{a%$3bIZGJWOQ%FToi;0b;Qi7lvP-_sai zSM0NyB`LD{RSh&b9+oOf9?t+uuht*=H(tFOE+w0BJ!R^Mb5jO%$aha|9JuQOYc%uu zumlBYskQ6Zp9l@rdw#-C3tVv0V%G{l^Zlb*s}E0T^oY)bhw;zW4Zj)sNwZyF6zIZR zD~j?3007&QrAuEh+gRoE8yy%)TLb&)j4WDX?z+*IZJnj2JXkE-pHR2{^)+){-MgCW zyD`7;moLB#DJ7-ALH&-NncC~)h5=v*bg0yt3_s*ZFV*z(YNEly z*p*6^GBJL1HoEVs!Ee75&;{ee5!M;dJYJGcMxu{BlWMpZ;u8pu0SUg{BB?0 z`)H0joZ$pi zyh=d1#1EtQ+S>2fRE{3lc!y%MnK#h6{<(sNQ8}5)f{{g~($C~PrsJA9^2+~+;r?QQ z@GU(0B68I1YRxYf^|y(GEda1kDQ;S7BR1Vo8uPqMs@W!?CU`60bz zKZ6zp`3QZ~-jBfp*6#6<@J6=|aal+~xx943=_25zlSgxdS0RuV$d1~ph@b`i959Uc z#G4@pLx_HdMye^x$?ZQDNax6i4C)2F&psjS^;=!?0n_y*Ffks{i8!wR`RDbLl89>s zTy4edkb}<-bRARo1IaOPE~GbJH6#$X>^}XM|7_rzgu5ckq%W|v;U?&mJ7+%JEZ=Io zadhst&I97p1M4bA4dCErWV8t&+p06G^4WdB2*EPNQ94ng;jccHelIX7+0?sa(NrMj z_0uu-tDl%Ezi`)#V3~|?F*~b-ysf_-!$C*umD3)qk!b_h`Y^7BQoq|kxc4;WyAwU!85CTN4I zZyeJa7lAyy%KS8jBDlMH^zHTYz$RC(9P$v!0fR?^e`@e6+iG9TX1Rp~(! zfo`zuTQh~4h!i#FNdK{Im*u<M zIK*5;mEW$HMukHSHA>GHNSi--yT2vkh~4wMmq)Qy?^_5G9`G} zwEBC7MBPi^Cwv)%#y8W;o7~1xB>(~Aqdg1w)nC13e_pxiD|`&gK79g|GiDzc{XXs- zY*{Q+DNb` ztDaqVL6mL}3dfqDq_`M$U$vC>Ue;HhTXLZcBAI@`XqnE*ff);q2WU^U2|0T7sohEA zWy@frs+jBH_r1=~-w2!rj#a;7oKTWBX~YfxLeIl9Je%jxJ9AD`U|j*Rft$N^CTjBI z)L-llqXllM>TY>p?6hf5va?5{E#h3W5_SnAww#dg8v<8PM!RKwA;#*&G^&wHmttz| z-o}c`+=W1AsN_k4Ip^>r*DlO!v3RNU-{a(nP5P?;1&hAtp5^kNk>S}<{_leiYILvr zjIsM#)(~oG?c&@1(eb!PqiJq#)K1Q%PnSMZohdjs%MCdH7Euy__g zQCLbt?HE^3`Otk;b?nNEFKE3%E({GnQsPkEoIW)KBkKv6Pq6uJ!XViFnwOWyOG|6v z=5ty`B#OqhTeofuHLLMa7|bcq_d2dTzJ3=IDIaGXXF881ojPsIc74LUiKuK~Xh@wg zoaL8o-Foy_X#{JVFkwCIDaf><;wE|%Qi*7WX57F%>G!rcJ6m0_o&!#La7;nXaX>UC zkWfaz9}CA1X#a|5j~n;ze?o_F_BfmP{*K+|Gz}UzVW{$D< zSQm;X)=qOM6)!AtrzJz0pa+ogGav5;|M=K8O6o!SZve6q_j^8*t%@;xS^d&1_tf7SC6cH`*sV*xle6*r%o;p9X9zF^>{J( zQTYvBi?KEyo6YwE7Vp0G_Fk*rmg8uvXxyc|A^wrx{waEv^_@#5EPDPLv+sR-_u?Cu z#kMi|f&+KoA#txsOv(%_f$f^U;pH}fZX}Q7VXSkfFOV92>1K#3W6Rt({GVw>I7w{& zGL-ZUK*NCl|K{8K`;k~!uh}qT|725D{&}w+JualA3}*M1q80oK8oC%A)|V=UB#T5r zvauJ$WR*a!!nbU7cCOf(N-}+!<(0)|t+@VsSgC`H4KgvTjO&m)ZP%ZC_1ZN8!*^)G z%*=LLe_C5stM$CKdh!)58zGrWxfse1en@j9sKDuR%AItD=Kp;^6;#UnPnX)$RZh)G zm>V(p%S6+LrE{%&8-eI8-e2Hx#^5jT`1!P@g{BfKS7;N z%V-4@Cr>u9dq>m7R>FO^sy3gUG@4waE+cab%#n}}%neW1D;7|nrvOz=Dn?vEw+!NJ zE0=w%d~0Dr0q&7cqjmc-t;Ap1!A_^@>JI0Hb8&S_5vSL@pPNgszuNRG)5HiH-j|gr zZGNK}Wh_S*esIVQ~2E~gX6dqdDzdW=Ashpvm z9ESM4-thGf?z$pB5qI7GM>OwtT5LPQ@4%(9t*KOZd~>B&nAqc!9V>eFeK2iw8zVuK z43}KREvs3(*x#q6vDRPA`r->3DvnoKor_V7=w&shYVq(Q=mY=|AnfVRe(0VK9I!T> zprtoTOwZYrcUpXYRhL_+m^SdG(YP@GwcOsx<=+9}A(r-K8|IYB^zR#Z{dQn(_LTMn zp)dLwIQKMA*$eR@5_sLVrE*5gdVPKlK0l{2@e}V9c@eHoZt8pCi%;mQcuh8dw*|O#8yD_*7};arh*L5e%fyrUKss+%_ z(lX-kVa)|Hw*_s_!6oc<#a50P_@}2Q9vKwh`Ge(}*Z=m;tHI=&`e7_iKZZs5@na9y z+uFjKhz}cPupl$L-l=xD_luAMK`P0*u|U-;g-sO+_c4Yf&&kNhz~X9aujYEAW~^V& zdR<1G#$dlqv7F922IjtfeSAPci_YZoV2RL}V+-C}P=6EV6`(7hl14igg;u9zVjn3@)_D{PRWr7GTR2<0t;-+n|ri{NVo6A6@})~i?d z(}Gg^^DlUpE52#{dS=<67}q#BAe(I0uI#nvmxT7n1G|)28;<=%c;8o4U|Pz{SpH#R zx1X9WI?>>xM?tt@6FDb1yUdc6_0CDW^iK*}!L@r^=>f5?4GrNeoMQdO@dv^_EiG2P zPvGD7S>)1DX2>R3VDFtcvmo1Ta&PCD3rvEu`M*HBXO>-Fi+$yZ$9Fu#MWVP-{Nln zRZB@3ng)T0oRe~_pBC+!vRl2}#1U{WSV0Jj&AGlZ-r!V31K_s#uLo^lUra&*@>sA9 zie=zBBvGdabPmv)iuEbslJ_s|4W|G}{f*TOhKux&L{WQj13fr#qyk=g*{}o-MraNKJ9EoFW4Rw3wR$ZUuG*I49)R_1-6Er8@iqKHWJJXbI#=6#-G*80yAASf6_kY(@m#@z_3Ove63W5bWJzep4>f{Z%p zl5kqiSZ1`)&5A@(Lt&F}P*S6vLLJqOpupBzgI1dpdwOKLESr;-U8+P8a({XK?*O=K@zHfTvnR zrM8i#VV(#NV;0-~3;_Rx2d8>+s0hT<`WKc@DH2`P=Bv1rPU|mWZGPQ932VL5@$fR9 za+%7qA1v2~C>|Pp+LeZnU&(i;15G$i3;|dnUm!~XiBbZs;6751*$h(q_Wk=@5q(94 zgF|%va2P>qi2+Of_Vh)vZ!R0mo5v&o+Gm@KFDSm|p@5#cMojI?;pcxr!=V!D?lX@+ zI2zIajzpl#sXwQ2nb7i8qFQJe{OhJSy9?M+!&@1ZJpFTZyp+vamJ)>^}eRNO~@$Wo&{FtpR`wt$BnS=D9 z_bs6-)VlKH$JM7U{~UC%vdd}Wz!f$&nI{Y!vsG@4QRp9H zfeJfUjPKvUzIBj|f)9M6U$E**X)s9)I%$@9N)yM8n=MjRU0vXO`fu>=P+MBr{}a5s zrz9-f8m^8x)_W@&m3$-y`8H$^wnA%YJb3t2m$Q1;*Nqw1E!jgF?aEv7QBrpz4 zTa+IEmCeN@kC0jR*L6+ZzSIA?5Izd06mkF!^`(VbY|iiEb1P@+ z`rj*Z9Tfjvk-I~q#rxTT+gW^SrJj=op>3l0o7n%T$923VZh&5Ta_#(He`$ChbtnjwR_Z(I*?WPB4> zNB{6ryAJug$8!Tp=8IfZd}5p0>A@=p{a=rCU9X}~!-P!W1lI=4m+|zouyh(20myfW z=!eg)pcVu}7LVv28WtQLK2hz(!SgoWVv!G_e0lZ@)6`|I$CQBlPao{TrtpxO^4QX4 zr=ngyZ<*6?&;LQ9oB5GKEEb&i?6KJMbG(Z=}EinsUE1*%^x*DN&Xe?cHSrnPp^_MHAO8F>#Gd#9^!iTKxL-a}5<<{sK@ zbS7#=&Qt@Wn2P$6iEH1N_i~9#J5X=7oZRa$&eg9dc+^j+bY?V8qbf)u7yfq zKiJ)aL$y7gptwAL?b@+S|MC5O$nD4n-arJA^WMD^eAphPo*|ir;jOh>X+#fu*cR)#DCl$X2+Qp5?g%ku1YY zv#N~egSiG8+OQI#3t|%x?;e>&2RmgeGdm?sDd{O9g=Y6%U7Y<5Xe}UGbxA@zV6O7& zJH0qVJ2lV4^!X)!V>pRY1=%F+iLmboD}BzVuHBQ~t`nsnA1FEf;9k_AWHQO>Ccl}E zXG5D7kNhv-=T9MSJ(Gy|>PYm#lfaHjl7*41LGWzZ8B&I$9A3FSa91om{Sc|eQMQY3 z+&KSiui1}*%IIBMqWcxR@tEpVT?9=64uVqnw~pO!_gQ0A0++}SytURnvMel>TSL!- zW~<&a88K$;*ra8btLak!;-$Wg-u2~gH*)EJL6Tc7Tnx)@=uXI{Q>QH^XQwmO#|wg+ zStf|(I68k}&E1{Bnv0b6do7O<6?glsPFuhbslrMa`I>n|snO^pVx{Ki7QQ;E97Z@F!ZjAw%T8<&IjFgWme( z)h(;Jj5<19+YVnMARq?DWEIH+9gAS5e_?fZ^I>gaibfgYOu@*BV~b7mO3k~8ilRtd zX2ghaYBz9knoypuMcVc`I>Irn+SXNSDs3CK@{|O86fE5W=l6VH^*04?=LP@IDR}j! z`~zaWED}9%K!>#f8Ta3?&yY+*?-1_#-hKOU2}JAB!Zb8kbHR}*b*8G+Dhp2;RXs@z z!B-O7I#w~oSQLZo5KZ{HDb31?cXau;i&CuCSY~-5W_n=Ldj;Z>r;!6+{zPPV3^b@) zCgqKY2jvPEBX9F$D+l2~1r&@l8**g*^c{B&4n?uW_4DG+fr`-r=w(F2JPOo%;qtw{ z9&@C&y1SCZh}0DuO-zKn$#IKsjr)~WkKXx(Co7E@)-GYzPtb_>J95$JCjh(Wsqr>w`U`K>6pi+o+v&@dC|I`j>(3O|&-v>g{Qv*&=M&Hr z9n`iC8#rESDNXSLjW(SPFE|TmAnE!lJt+LxWN?}&`m2J{_#DLch+kTON3RgGbP$lq zU4z8MM|rcd24KJ)u0q&!`SLB40$6LoKrie+X*_Fs+#B-W+)At)ArZqerPb^;p_2{gboaapZ3 zX?(iEf-hgbP;U<(I+PIu2fj8l2SuA%WYB-`V1Zd-VrK5bg;OwAfPfK{?ag0tG0f*? z06+*{*&!6i!XN+&7w<<*#L$NNh%IA6m6>R`5`QsyMa9$3yq(wsmoHrC(WeiNd@B%o z)yw@+n^9h6WQlR1rv0wk$hv!ZhY7yXCr>iJ03L@Lj$Z+yya*q~6)TKtzxA=bC#owU zT0XaT`q?k5MeTxOwi~S@hbzS^B5malq&@g{jD^rw z#!aM}=F^{o60g5NXy;3s&mO=DE*VM-D#_3fu1ak#rUw=5QBuL%!z86YqRS@? z&6O^Sac%xO`pK-)bk~ch50RVPy<35~QIzxb#*(kw#w4MW`E$yR#)mF1?;q}`C2WpI z0Gw)@H>kRnW8uY3!bq@cb!k+urEm9ZM-|8IOd05DbmL%PQ6JHyEhWD{FYv1V_>p<8 z?{D`>UP(=abfB*n+*aAwj5YY6j~#Xz2vPB^q0a=l9pyb!!cTLQ+=K~1u8V%>f#^B% zP5}hNhA$Ck7UbuG5C0Y<%3D6%AL@2L5wpT4ZqMSbdfDx475@|>M@A;2+%J|)nn{7S* zhn$bN#k=&;KRzZHG4Brj@cMPegP!svc<)EQY}7X4hMVQ(wN~ZwH>v|+xaPqFrm~C| zEdrCC5~d%^NB?7L=(9MuB9N%K)S(z6Q5uk64wpn>l~Lo3;}hTY?AeJ8&-mDk*p!~x zFj!bc+fr{*rs)u_a?z5%qt9uJq}1Fzo<0!=YVs9Q7ly!MlV+4yC~v+UFmzhbmEfBu z{l{Iq<7(LS%sdPTjH|(EprkEyTg>pL&;>tziioY5R*fK4w7t4IF**4w?9T4rdnaGH zq5!YDaU;x1&9J)eym8Ur`6eLn3m3{y zDJm$?5_t{dl%9UVpy$t~fE$hxx9R*uYGvrG1e*_kd+u?a!`e}kv`de(8L7%e>!+2~ z_I){#k$FkXx2T2@$DpY`eI+KkDz4w@hPbFpXT|*j^&U^lUw$*IWIT#-)YMFMFgo$p zXTaEYwqbdFU%1$L+qU8?FAc3qKtzgP3ey)EJ7#Dx%+y_q&lnULxrumbXZIb*68Jdq z0dp+t3O$d(u)%@Fmx6o?#HYQx8)3IWi8CkXa*kiyg;+d4im5v5)$Fj%_N z$3YVVT~l_p7?w7}1#Q{B9d6F%!V)An&o8eV9JRNgO(V1MPNmTjA*@ss+I1M6ov%}S zk!?gRGsbA268t04OU!Wj@ zx7){gIJvyMuv!-qBzEz430!XX-O73JAhsPLnkPJ?yL#5ile@01(zFO>LKolVHg@v5 zt4m7Ve!ICcQK_n7300QaOL-1d$`MB7@D|1efw+V(f*Lt%89RpoP*Raw01rLdB)hP& zqrRabws9)fSi~39l?Cfq*^^qMvblnzkl#w$S511OCn9SHfGJ3f)XYOCW-bwhD zgw6Qy(x`!UTs$)!c9C%uP&0uHEH{h~j_)%N->Z*=@fVVRMh9+RX9!xhGsn#BiT-Hdm_ z6LTxa1?a)Tm>L^@L7$EJK)TD$_7pJ@evhUJ_=BnGF3GQgZ3=;a| zoR);qC?i+(Us(4`YG)Y^zaYMN*%EP7gjn^oH$1a?wd2o&`QeL%lc;+m#%p8mG1_xQ zdJmbT=@!t9))8(RVN9Y-L(Mj2o7)a*YvneK9}_J*@8h}?Df^~J1WS1fGZIuDOO`Ju zZ48tuBJ7RyN0}$(@fN2QuF!fOWtGDL-04nwVmN!UV`5h=Ob~a}SI+L>@x@3+Q__DC)aJs2pi^lav)fg7xX%@;3* zUk|Xf0{4ym32f@QMe@-E-qm^g_M@5d(NX7eVTfKC^`t+m32yo)cEtK4Qma zIgV-Tkq^W88Hql}S?Epl^wzXJG25GwaxnkBaNE+$-%NQg03#H(_zf@$2KUL6q7c9y z)&iS|`u1Auy%RRwjxyd@bo~{@op9T1&TZjC{%?NF1cC)e*8>9 z2@FsW*_~C!oVa6GvKBwR5PJN0+SRL=M|=YDIhxY<_ye#~+)P^e5iTX){P&-DAT z9dxqvtTW;s4%Zze*0p>0TDE~-xpL*(y4twsIFK>nbIt$sjq+{; zsNT2lE*wN%hQ#eB!z<3_?%X*;&wfR4?_pEdFkgaz`uf4UKL-l4Mpp$anGi93!!RwR zP8;}#331G+pcp~e6@T(epSvhe7^$P}IGUnO$kx`Y17uHz-5b7DeLCEU_G1*$M5!I75Ffwu<`}G|e;@{^1b4&oj&njk-X@%fF|BGUe zUeT}Fvw;ANKzsI@{JU?>g0s^8{fA$W@YMlfXdF`d;Ei&Tp(DhK!h@j$DmV$N$TF}F zijFGgo2#-y)pZ$yLl=qt;`8TM)6;*z8fbLHH|7Ltr5{q0v_0{;n0_&US z4>f(;|9-;4=e`(IKr>+(Jy}X>HnKrscS88&2J8H8dk?H~k1;;5^L9@G?W^ql{fLX9 zb-Mri#v}hwnoPDhkRC`xV$iF+rUn5dlSG%Oa|85bJ^nl}A^yDOK$LL8ps4p@9cc&5 zisj`EXtq4t+{T(6DoK{Os%?DEer1_QY^%i0)hhe)ugb69r6W!KoPYdjnItz@ObZr5 zUS5OUpHxCvLYkN~hxZ7{gA@KpS;s&jdM>UQwFo$bK>JITJL|1C3RiBx?f@%R>tx4g z-_(7xm*LL%lP&4G?-makeLfqZK2PlyBn%4^2l0!rU$rVqb5s*9k3&X=hKE}i8*6rq zn7ZcC$vM6T1_p6i3EvfaY+AnHxkBg8oq<#F{$3FF8MzXc+U?~bRyJ2~Mm3QWw^o=y zA5rPsy((x#X@wx6%*|bks|Yw2_$#dtupzWite?}?t;=9__?$w3C4Et!Bk_YTpX4yA zT~&HkUTFPEVkv&CkwCY85FQ3hv23%eJ@2&cKjs{hD=sa3b zW(cs7@yo)WF*;RMRc3?GvV);(>YLl^yJsYfQB~#cRRESlO}V~tCv>y^($8i3T1@lR# z>Ee#8@$O)i0eZ-!p81H%|B+V?MRGMQE#+g}x%VEqy8%gcMVN1b(I%ra)|+4Sn=td{ zXvXGDvEOrU zwaieSI`tCS4_oA*S%RP ztB1#?`Bn$QY&wIN0=xU@>=HZR=XYwr;Od<9(C%Pwp_lI6xUq^;FA^nGB+HhWs#AZj zQp)vXSsJJh@u4XEJbjJs+_?zqz6d<=gE?$x2+-$yRk6(nHF z+N^5-j(OC=Z}!Z7<+yJx!oG&M4>ateT0%F*2mFB}GE+7J9x-Gx)-`GKdgH2r%?Sm8 z+{HF}6IB8=5K7Dp>~C4-btPg^&(;eXCuI`o^Pr?=l&j&p6};^G4KM}bfDk9BT>J>{$lPG453TW$H93KriYN1R~p z4Z!cXJTe83=JF8Ar`LkQB`j>5$AshmX`)odBShR^D?IqtPu0=~2H=ncElIZV(UaZk z1ClWE^ zB_QG#U#thpM`Ol_)@X$sX8Hv8DrTe}>cXrY(UWCB9UPNz=U9>dASWkE(d5fhW05h_ zY23&eXv=_2u$U-CIf)Q5#j~DimoW<>P6P%@JC10wbj_l@HM75KeSs82B=|-vjA&!h zdhwD)%nor_fV23!Cd$i$q#cTg7Xk+s$gu^{IeGDNLP9l^SH15CznTjy#FyXMuQ{(2#X;9l%)F)I|pyW85QJXQ>;UOFUoUuo>3u<~U1zfHutP4n9; zyEXKL08cQ`K?(S^K!zrRwju1}ssjXSeo|&R=u|z~{l%ltAszvJ1fPRmsOk_UM8RXj z(VFO7i>!X=?bGnr%U5#ub@%Xyzv%xj)_>Y(V@%3cTyGVT$-XOF($nQHs;P&g?7`7> zC3owOOhv@^nvhBf3H0{#oCR_7c8tx?uAOgy##Lo`AGJ|$&nLFzsAGEFG7%J$wkX0Fb7_1s7CU*VIN06#FZzgRjQ9ZVS zGs?6F!-9*-7af*g<*Clo;C1oMryd6D;*yP+5;FH9v-JFAW?HVYs2M_x0AgfbGW zBi4GYT(-${^_EIbQ5$$&o{f^09tYXT=pd}n%_$e42heqluYcsywl(tZJEu&^8^v1- zpFKNmC`f5&8@Oof(L=f&>=b-zVC2J&SEcQ9Yj=UGzhQw={g*F{t4ao)dVoIv+R#Xu@~20dVD31*hSGdO+Pe$yuAxubYV zNlA)gBI4(ALEG5_aXYi#!zXBDPl?#q4<9a22qDK6+*KzGQi`wokg#y8*(^UmYZMtk zu4y|YbDlk0EFZj`EoAhs6tf_=%@<>fys+tP#&L-CcZw4xu$^UwquYmbj&fWs<=kwI z_PV~`6F0&^vlf`QM1$h;@odVXb1U>kR*gKhC9>+Ozl@WgQq2%Rnl={J(9wCWT=~YT zqh+y{NUP82M$e%ZBYPG{nRa&$d!OIUslXsy)pTt4C!1uP_Ng?^s@As)BM5+N^wUBk z&yMvO=*q#ILaQC1IHw9F+4J;O`L1wqE3YbwV;N+lUQ%kI`m^ra;wog&GUM;K3Rv)7`J|R0rmFSQsd_ zm0E{b3^JO${0O}@)1w{auYqM>Tgux3!=Ig58h!o-Hbjr^Mr}3#0Nez zAAL5oyCTb)xE$QNdPV2d@!}NRXT(l&=%S+f4H`68@*>l}?gVOP zpat+?>C&N6*ks%(D4_E;L-u<8kKce1`S)QgK6$ue)vWcrP0do;DfbTG9`-t6c8NFF z*i{EfnEOSuVPm_-@^18+h$}lt_Ja0hIP%i5A$SXqPgTGC}hw6 zgGSaU@5{Y+4-f4jlU8by!WmmMGU^qM{CFiRF%bc)M_S=;#koP@@O@%`zbPXcx5VU| z+!+zg9i_N)8~N!+@gF;~4l4L}t1*t>oo2MPVwbW*?EI1OM|SIco^I-V)iE+U!sh5I zElA}#zi$kbJSJXXFTwEiRM-*X-5;} z9V0j86<0ipaHMW2E3+m(xtZg5XQs48JLvyds0S1(>%sLfr66!rOzgo>L+h4#p`5XcBatE2{iV)IW^Pg)-g zExdlw&yik|7clWi4(!g0Li1TO_zsMb$z5{mfgVN*g@&^7GKG+eiVD0-5TLK7o*)A2 zWE8!zTetzDB$tAGZXG=4e^j?yZ z3x>CW7lJiChm|0FF#5$}2gr@1k&z3Ym8lnQk<_i0uuZrfr&8P+drf7~Rqfb5HA*?* zJ*#7am0e@z_sKjny}z#7i_u|5-;F#PSS^Ct3)siaooD77Bm@q7{W;|{sf*yqa>Gda zkksMw#f`bMW~~5yJvAzUaoK?l5#Nx!NrXra_xlS zx~{-M%I~)&MP&@G96M&n{dra!)rQ%H8Epqgpu#vF7RGN9>~k8GgU-dxKWN56R8$fT zDW#sY@YxvltU8srbz>$J7*XUl`jW83?EiZUor5d zu*d4t_gMY_C*qYA&7% z4hZP?t@2>nig0z0mv`^lQ#2yKpghA2JMzWuB_tDP=JP%cWY{d!xdj_ejw*blz#yQE zLH`6mC0C!cgBSxatlaltU4J#_7x)~k%-Z*-W_Vz9{me2J@Xi9eA|-6g)P7%E>jlaD z#OnSV%^kIqYH!J%b$nh^l7aa=a}Y23-lkv`W*`Fe#Kpu8A3b^}Xnf6I0pYvRWVchs zCa*^b$!MRvZF1TQiD)|YTk*@~`EA$KuXoCH2%AEj|7QC`0m}i+o4~U*`c#~q`$p`L(a%s^BmT0_72mw zv@Aij6&m0RGTBgHzvhZ5=j~Zx;m71aHw(us6>#ax=g$kyWhN&5q;5ZXVy+Nkm9~9e zu#>s|cs@$Yts6IH%ZV#xs9(){LKlkF(mU*9LqnSyvpN_-ZKn9SKOL%i6?N8z4f8t4 zUf@3;@(j0K_ov4_8WaQ;L)*{(Ot}>ThAvbSuPp{{3&~P5aClKUf9cY&j10Al%17P= zDUa5z+M?r}Vv`ey;$g~fD_wT%U>cchINm5FB}Ed6f5;vY0Ye7Xcx zZ>+opxC#`FDuMJ&1;xO^jP=j2*TjI(IN)R};#v{z{9I8cp}*h=k-9>iiV@rw1&WW3 zR_#M`GqZc;TVdDmxWUSXYIJ)XGL+ICwHd5*rD_6W^z!nGH%r)Dp@b(SniVPpI4FK; zI_@&7S4S5N>Cv?_mS7|OPe(_uwz1*!7d7iuDr6FOX(Z_vXbyQ9vzgAoHVHk|i`8=z zwI&RLal_nKaBM4?YoMpM1Qu3PQ`62)NafVOv9Y7S1@{$h;iLii$pI%$e5$AbC%8s> z#5{)6U3$&QcWHQ^HY%4Q+pbp6ifi+!?73Uw-BM`9H0yWAtA>dUSo{tm@K^cD9<-RYZDa(gA6SJh1w(E)XFy@Fw3L zhe>=NU5rm3oivBr2 z=dHS59Cj>-srzdIB~~7H5RZIF2C>7{u|oYMV1a1Q@o(x}w(00XXKC%H#3o3C+*duo z5xG>@0CD#&i-T$wS6z5CqDHkWBC-C{{eYguR}23t*d1iH zoR*zY;}$45gnXxIB*FIYkCf?A>cuS~!pzVgfBeD42QZxSPMPcc=%sde(EItlYudj1 z;WyQzVFfJvjddys8O2i6Hrw>p=J^Mwb&xjU#0QMi)3Zp zrJGC}5`-abaulTar^-sO)Dw{0OO}NC`u22m+4TCFP!jQUm$51jSQ1BrR`bPuIQjfi zoA!eFBIqPRh76u<*tAKQ{=~CY=mD{C0WpGkm*2KHjS(_l5kR&|sif(!58OCpk~qWw zm!{z$&O~A65?3mDBxDMf>F_F-u3mKktodYOogblwI=FJMENv`i4!~|b_bki@)T6#j z>T<-bD%+CHDL`+ z_jLSP<>gO z{1)O_@`kAmsBS55n!`Ky?o}#!HN%)CBqgCyyT5t6x0s*uX_AMksyniZNRRJf^jrkm z#?P;GUzzu6@pz8AVZP+iH-D=Ji!aN~h;21@o3L%4ivQILc{LTs_kYg@vz=b*6_3j~ zlolcDtruGWI)_zc#M6f?^pY<*&;XSo()H8e-K4Ur(8)TVgWl^2cixFv58GY!{a%fHpS`y-uArjX9xh)igA5Cx~j&oKD>Je z!ji!~D;_=bFZ%=2*@TPd&sTB^5F$DD3SMPrH>iJqrL{$JUApY1o5d?464?O7rtw&RT1(`<{LK3cCd!IYQa>T%{cb2{`(-W4|tcgv^)iAFk>e z*v{r=;sb3PWkU4AMM;)z2q(yPQ}WQ2!z8Q-R^BJ3M2mxM2vQFAC`V($#u&VsT6o5| zqFFqUF9~AjJJ`j3@71f;yk&>p2akCn@ z6TO_U(k`!@?vZeE4t2kRg5A;C;eu5}(t%QoU_$HzOrDW8;>F3QVf_b74Y3Q_+XHojOs@t+KX0xjFBY%Ihbyyv5Wb zS&nfx;^bz1L96&hwE4Ap7&Qk4$G&~KA%o3m0KE?rota@59D$i<-ll9Z6QLsUhb+O^ z_qA&+Xdld7;=2gzu(ccZq$N56vo46-4wMe5NT7T1Ob|77N;=6ibXdC<3Y1P-uy_g| z?BwV;9`PRhM}EF1CSU9X37?;oSyP(jMfSp-r`NEluniqFlK?SmCjQpxIA_IZOkz^f zX)ii6xm6}tg9|OfwMB%~Wn&YA0&q$BH86jml!1?d)f5_{xo{E zjt*8$a$2XRE)3j!fd;9shbObKlutZ!=7%>`&z_|b(fLsd7T4(N&XcQY)TpBvLSec1 z#lf1tj+E%^3VnprZPkfMjHu_0+~-ylXQCB#_{w1sDW16H1?xSRFFVbf*E=I)UQ#aU zbWDFAM%Xlu>+&x-*j>1*&GD{&yyUm*l6M6>;hY6sWvpoxV+LTTp-TzUpMIP5+)mD3GJ}2B|BOwBCv5&W-UV0PO!^KT52V%Ml=TMqgDwE|YNTBX#@n<2qnMqXl|9HCL`)y%6!) zu3f$OHIEXnWy%Yd5I7}u?>%fAf_1HXP?>Y2O$-b~TkkkB$O4SCbLVeq$IHMQs{G+m zzeeuVlmo|0DRJ{{epOt2Uv+MmPAlJ?a|AqFGC={k3+_)WBjU}nQz$i6u#Mdz6X(e9 zdt?5%!92`NJ_E`8h@;2E%07Hp1fpeTcH8m;G|`WbRvmQ1xta2-A0;Y%zo_(6N~rMx zPrGV9zm=Xur#I7XSyW(FvJu;QU>B;wonVH@2Iz2!Qog>vFY==E1qIsw?VmqN>}+kP zZL53~GD7s{ADUy~m1MM&S{xBqXcpSURk%L-cdIJjQCOB3M2$iT#Z!Mpb=A6~;#)KQ zj$lXq>Egqp7xU?75E?Fm>CG6jwc~Qs{2W)4*qYR^W5?R77I-maD?~)Y9>OoG9}|2o zmy3#gU0-A<7#8Ki4rvJrAFZhK{H0^3x1TAw)FcmcG>egW67u#GO^8iOT&zpr8wG>s z0RtSF9T^Og{e813YFRwyCG{#KuN=jbnWK!* z!7g3;f;P&0X%kq~NdHC{`!(y@;XDa2$i9v@nCi#X*at0}p6l>k%uHq^`V8{?27z=#*4ILV9{iF0m6V5YJw`SoS4#8#4}RX=`*6 zWLEi818=>0r9y?w`|0>mq0vK%7V49q<)s^KO?9j7M0MB71)n%^=JaV@FK5r}yr)m6 zGs(tDC5(d&2~junk~NJsE&}b?%*IV>dyvzHSPh_zae^azv+zy?I(hM;8D81ona2fk z=VZ6~HGl~q2~+1vH18nCQ+i%gX1JNi+VMRl>v2}`=zVEM>dx`lEwtoWwI}n2aeqf( zkaFb;=|3`rgQV!@EGI}8ukwvkx`?4)!8C;0p`*d717YfS zo)UYOlzmma$cHmFl@uciWUU~#?s3R)qUxL8b+0Ze!EWIZ_zC0r$&&-bObOo`%i?b3 z=g((qhrv(g9mGu0R=;*Go$OduC_u*iu)%(h6QI!u2??I6Guvgf^lWTw7^#NJ$GcGL z8F(G}4E_iVi6R<&Up})>{i*B_F-*Cs!DnuGIhARuqeln%JyyB)j{8813tl1&Xx+cf z>7z6D%`O8=MnOgPc%4%0||t~>4)Vs29OWJjOM<}A0boo14NE8 zhmVov*`_RY`}ONK$}jq{`+hSG{0fxf=f@W!7~H=fJnT0qS=6ATMqR&iXKxMfrR~R$ z_gh_==7BL6k^05$nv9JXp7X%3%cpDv>vmV~AS)=kOF|1!PXLmT{LW#cH03O#J_L_> z!zX)-{hhwtla1LGC%%Ui(=#OUg!RqyfRAICMIv$VISF2`Fw5T|qD}$+*ym<7Euxis z-5huKAAHg0g_LL5pMOR44AIXd5-xq)Xhg|L+s-M+-`GF_OhGDqCdsM>6R-9aWBH4>om-)BTFtQHewcP?(viG!`R&pkCRiFE&fp+G zh78>P+Vr*eJ%Yzmx9XAyoV3`j6wWr^-;51>i|cI7R@T8X$Ga-^yi9H z?dhi^JSqQoDfYJ52zft=aM=m$jHf?oiH7Yt>6=k`WW`g)j@1oz;*Ed)^odcD?sf+# zSvhAnt&J9_KDpaQUN^M;xvweDCK+bydp)l(Y3aqetKLGko==;}$ANVN<&>L1Z!0Y> zN?BdL)fG<{ge__ntK)yG(76+grryGIX` zC4o8R)KF2zm1Sk7fO{q;m^6UHr_LTT@C*?NuFGBBN*uwN%5bQQWtB5q4cqBFfoEM%H{Rb?GhNMzc!3WS z7wg&6rv>VZskx&$VPU_op+|CsS$liCoF(;iYr{(mYw-ncT{$|~xt<<2)9Np&C> z0|%}A{U)t7eKIu`70#z_gosd2_4V|lgiXXv&PyVyE+){>K9NHOFYXdCcP5?w2E?D4oN>P3MgXoGr!b6xie*DFh z6#LGnh|+G`c;|1-8<+b+G_oUsSGEU~0+-_^jO}nhdko|Ky?|T0HPsys4+-{(TtvB0w{4zHlkR0XIq zJ-@%O=V5OX?>%s#z!PZcFiR(UG9#UlygAbS90vxSI3dufob8Nn`6>`)AsfHtF)cn9@FNop-G_q^wo%91V?q&=0c?~X4+G>`cW1JU$j5I`GJcIQH)$*1y z@0&gA5rFg-5qb3NSyDnm3;b8rN?UI+4UH^5VUMo6kRM>l39!UG|6>Jn)I%L@EV+S^ zv9m*q8U$`Le7ND=D!W=`>Kzapc33gv`ud`M-@*}jj~-2uldH^VEJ4SV6c^XTMFxgm z(3&^7ROO_2$?lVU+Z3GBsH&*1_oOv!n(ywaS^{X#(!>mxI_qoWNb9t*`m+7mbQ~1b z8csa|GA$w{q`^mD=pi0kxVXBq{4*MT(JyqGlESX@DTB4!LUe_Ca+8|LFF3y5nRGLF z;b2a~R-A};**PPuB@W99x>yhn4?q-oPWpKF!= z`M>^$|8sq~-!s<&&>2uDtjBj~OuZhJnHjMf+{+-B#=QBuX&dZ>9kRgd9WUg-iH9WgW)^W zR+g*6`l>fwXVpAaDp88Wvf0f|dB-`bN~kraK5w}vESZB-6^sGei;x@}+{#t4xCFvo kH`K0v< Note: if you are running in a safe environment, you can configure Sidero to +> automatically accept new machines. + +For more information on server acceptance, see the [server docs](../../resource-configuration/servers/#server-acceptance). + +## Create ServerClasses + +By default, Sidero comes with a single ServerClass `any` which matches any +(accepted) server. +This is sufficient for this demo, but you may wish to have +more flexibility by defining your own ServerClasses. + +ServerClasses allow you to group machines which are sufficiently similar to +allow for unnamed allocation. +This is analogous to cloud providers using such classes as `m3.large` or +`c2.small`, but the names are free-form and only need to make sense to you. + +For more information on ServerClasses, see the [ServerClass +docs](../../resource-configuration/serverclasses/). + +## Hardware differences + +In baremetal systems, there are commonly certain small features and +configurations which are unique to the hardware. +In many cases, such small variations may not require special configurations, but +others do. + +If hardware-specific differences do mandate configuration changes, we need a way +to keep those changes local to the hardware specification so that at the higher +level, a Server is just a Server (or a server in a ServerClass is just a Server +like all the others in that Class). + +The most common variations seem to be the installation disk and the console +serial port. + +Some machines have NVMe drives, which show up as something like `/dev/nvme0n1`. +Others may be SATA or SCSI, which show up as something like `/dev/sda`. +Some machines use `/dev/ttyS0` for the serial console; others `/dev/ttyS1`. + +Configuration patches can be applied to either Servers or ServerClasses, and +those patches will be applied to the final machine configuration for those +nodes without having to know anything about those nodes at the allocation level. + +For examples of install disk patching, see the [Installation Disk +doc](../../resource-configuration/servers/#installation-disk). + +For more information about patching in general, see the [Patching +Guide](../../guides/patching). diff --git a/website/content/docs/v0.5/Getting Started/index.md b/website/content/docs/v0.5/Getting Started/index.md new file mode 100644 index 000000000..41643ba9e --- /dev/null +++ b/website/content/docs/v0.5/Getting Started/index.md @@ -0,0 +1,61 @@ +--- +description: "Overview" +weight: 1 +title: "Overview" +--- + +This tutorial will walk you through a complete Sidero setup and the formation, +scaling, and destruction of a workload cluster. + +To complete this tutorial, you will need a few things: + +- ISC DHCP server. + While any DHCP server will do, we will be presenting the + configuration syntax for ISC DHCP. + This is the standard DHCP server available on most Linux distributions (NOT + dnsmasq) as well as on the Ubiquiti EdgeRouter line of products. +- Machine or Virtual Machine on which to run Sidero itself. + The requirements for this machine are very low, but it does need to be x86 for + now, and it should have at least 4GB of RAM. +- Machines on which to run Kubernetes clusters. + These have the same minimum specifications as the Sidero machine. +- Workstation on which `talosctl`, `kubectl`, and `clusterctl` can be run. + +## Steps + +1. Prerequisite: CLI tools +1. Prerequisite: DHCP server +1. Prerequisite: Kubernetes +1. Install Sidero +1. Expose services +1. Import workload machines +1. Create a workload cluster +1. Scale the workload cluster +1. Destroy the workload cluster +1. Optional: Pivot management cluster + +## Useful Terms + +**ClusterAPI** or **CAPI** is the common system for managing Kubernetes clusters +in a declarative fashion. + +**Management Cluster** is the cluster on which Sidero itself runs. +It is generally a special-purpose Kubernetes cluster whose sole responsibility +is maintaining the CRD database of Sidero and providing the services necessary +to manage your workload Kubernetes clusters. + +**Sidero** is the ClusterAPI-powered system which manages baremetal +infrastructure for Kubernetes. + +**Talos** is the Kubernetes-focused Linux operating system built by the same +people who bring to you Sidero. +It is a very small, entirely API-driven OS which is meant to provide a reliable +and self-maintaining base on which Kubernetes clusters may run. +More information about Talos can be found at +[https://talos.dev](https://talos.dev). + +**Workload Cluster** is a cluster, managed by Sidero, on which your Kubernetes +workloads may be run. +The workload clusters are where you run your own applications and infrastruture. +Sidero creates them from your available resources, maintains them over time as +your needs and resources change, and removes them whenever it is told to do so. diff --git a/website/content/docs/v0.5/Getting Started/install-clusterapi.md b/website/content/docs/v0.5/Getting Started/install-clusterapi.md new file mode 100644 index 000000000..05c0f9318 --- /dev/null +++ b/website/content/docs/v0.5/Getting Started/install-clusterapi.md @@ -0,0 +1,44 @@ +--- +description: "Install Sidero" +weight: 5 +title: "Install Sidero" +--- + +Sidero is included as a default infrastructure provider in `clusterctl`, so the +installation of both Sidero and the Cluster API (CAPI) components is as simple +as using the `clusterctl` tool. + +> Note: Because Cluster API upgrades are _stateless_, it is important to keep all Sidero +> configuration for reuse during upgrades. + +Sidero has a number of configuration options which should be supplied at install +time, kept, and reused for upgrades. +These can also be specified in the `clusterctl` configuration file +(`$HOME/.cluster-api/clusterctl.yaml`). +You can reference the `clusterctl` +[docs](https://cluster-api.sigs.k8s.io/clusterctl/configuration.html#clusterctl-configuration-file) +for more information on this. + +For our purposes, we will use environment variables for our configuration +options. + +```bash +export SIDERO_CONTROLLER_MANAGER_HOST_NETWORK=true +export SIDERO_CONTROLLER_MANAGER_API_ENDPOINT=192.168.1.150 + +clusterctl init -b talos -c talos -i sidero +``` + +First, we are telling Sidero to use `hostNetwork: true` so that it binds its +ports directly to the host, rather than being available only from inside the +cluster. +There are many ways of exposing the services, but this is the simplest +path for the single-node management cluster. +When you scale the management cluster, you will need to use an alternative +method, such as an external load balancer or something like +[MetalLB](https://metallb.universe.tf). + +The `192.168.1.150` IP address is the IP address or DNS hostname as seen from the workload +clusters. +In our case, this should be the main IP address of your Docker +workstation. diff --git a/website/content/docs/v0.5/Getting Started/pivot.md b/website/content/docs/v0.5/Getting Started/pivot.md new file mode 100644 index 000000000..098d11a0e --- /dev/null +++ b/website/content/docs/v0.5/Getting Started/pivot.md @@ -0,0 +1,43 @@ +--- +description: "A guide for bootstrapping Sidero management plane" +weight: 11 +title: "Optional: Pivot management cluster" +--- + +Having the Sidero cluster running inside a Docker container is not the most +robust place for it, but it did make for an expedient start. + +Conveniently, you can create a Kubernetes cluster in Sidero and then _pivot_ the +management plane over to it. + +Start by creating a workload cluster as you have already done. +In this example, this new cluster is called `management`. + +After the new cluster is available, install Sidero onto it as we did before, +making sure to set all the environment variables or configuration parameters for +the _new_ management cluster first. + +```bash +export SIDERO_CONTROLLER_MANAGER_API_ENDPOINT=sidero.mydomain.com + +clusterctl init \ + --kubeconfig-context=management + -i sidero -b talos -c talos +``` + +Now, you can move the database from `sidero-demo` to `management`: + +```bash +clusterctl move \ + --kubeconfig-context=sidero-demo \ + --to-kubeconfig-context=management +``` + +## Delete the old Docker Management Cluster + +If you created your `sidero-demo` cluster using Docker as described in this +tutorial, you can now remove it: + +```bash +talosctl cluster destroy --name sidero-demo +``` diff --git a/website/content/docs/v0.5/Getting Started/prereq-cli-tools.md b/website/content/docs/v0.5/Getting Started/prereq-cli-tools.md new file mode 100644 index 000000000..46a138f5f --- /dev/null +++ b/website/content/docs/v0.5/Getting Started/prereq-cli-tools.md @@ -0,0 +1,60 @@ +--- +description: "Prerequisite: CLI tools" +weight: 2 +title: "Prerequisite: CLI tools" +--- + +You will need three CLI tools installed on your workstation in order to interact +with Sidero: + +- `kubectl` +- `clusterctl` +- `talosctl` + +## Install `kubectl` + +Since `kubectl` is the standard Kubernetes control tool, many distributions +already exist for it. +Feel free to check your own package manager to see if it is available natively. + +Otherwise, you may install it directly from the main distribution point. +The main article for this can be found +[here](https://kubernetes.io/docs/tasks/tools/#kubectl). + +```bash +sudo curl -Lo /usr/local/bin/kubectl \ + "https://dl.k8s.io/release/$(\ + curl -L -s https://dl.k8s.io/release/stable.txt\ + )/bin/linux/amd64/kubectl" +sudo chmod +x /usr/local/bin/kubectl +``` + +## Install `clusterctl` + +The `clusterctl` tool is the standard control tool for ClusterAPI (CAPI). +It is less common, so it is also less likely to be in package managers. + +The main article for installing `clusterctl` can be found +[here](https://cluster-api.sigs.k8s.io/user/quick-start.html#install-clusterctl). + +```bash +sudo curl -Lo /usr/local/bin/clusterctl \ + "https://github.com/kubernetes-sigs/cluster-api/releases/download/v0.4.4/clusterctl-$(uname -s | tr '[:upper:]' '[:lower:]')-amd64" \ +sudo chmod +x /usr/local/bin/clusterctl +``` + +> Note: This version of Sidero is only compatible with CAPI v1alpha4, +> so versions of `clusterctl` above v0.4.x will not work. + +## Install `talosctl` + +The `talosctl` tool is used to interact with the Talos (our Kubernetes-focused +operating system) API. +The latest version can be found on our +[Releases](https://github.com/talos-systems/talos/releases) page. + +```bash +sudo curl -Lo /usr/local/bin/talosctl \ + "https://github.com/talos-systems/talos/releases/latest/download/talosctl-$(uname -s | tr '[:upper:]' '[:lower:]')-amd64" +chmod +x /usr/local/bin/talosctl +``` diff --git a/website/content/docs/v0.5/Getting Started/prereq-dhcp.md b/website/content/docs/v0.5/Getting Started/prereq-dhcp.md new file mode 100644 index 000000000..33ab54047 --- /dev/null +++ b/website/content/docs/v0.5/Getting Started/prereq-dhcp.md @@ -0,0 +1,141 @@ +--- +description: "Prerequisite: DHCP Service" +weight: 4 +title: "Prerequisite: DHCP service" +--- + +In order to network boot Talos, we need to set up our DHCP server to supply the +network boot parameters to our servers. +For maximum flexibility, Sidero makes use of iPXE to be able to reference +artifacts via HTTP. +Some modern servers support direct UEFI HTTP boot, but most existing servers +still rely on the old, slow TFTP-based PXE boot first. +Therefore, we need to tell our DHCP server to find the iPXE binary on a TFTP +server. + +Conveniently, Sidero comes with a TFTP server which will serve the appropriate +files. +We need only set up our DHCP server to point to it. + +The tricky bit is that at different phases, we need to serve different assets, +but they all use the same DHCP metadata key. + +In fact, for each architecture, we have as many as four different client types: + +- Legacy BIOS-based PXE boot (undionly.kpxe via TFTP) +- UEFI-based PXE boot (ipxe.efi via TFTP) +- UEFI HTTP boot (ipxe.efi via HTTP URL) +- iPXE (boot.ipxe via HTTP URL) + +## Common client types + +If you are lucky and all of the machines in a given DHCP zone can use the same +network boot client mechanism, your DHCP server only needs to provide two +options: + +- `Server-Name` (option 66) with the IP of the Sidero TFTP service +- `Bootfile-Name` (option 67) with the appropriate value for the boot client type: + - Legacy BIOS PXE boot: `undionly.kpxe` + - UEFI-based PXE boot: `ipxe.efi` + - UEFI HTTP boot: `http://sidero-server-url/tftp/ipxe.efi` + - iPXE boot: `http://sidero-server-url/boot.ipxe` + +In the ISC DHCP server, these options look like: + +```config +next-server 172.16.199.50; +filename "ipxe.efi"; +``` + +## Multiple client types + +Any given server will usually use only one of those, but if you have a mix of +machines, you may need a combination of them. +In this case, you would need a way to provide different images for different +client or machine types. + +Both ISC DHCP server and dnsmasq provide ways to supply such conditional responses. +In this tutorial, we are working with ISC DHCP. + +For modularity, we are breaking the conditional statements into a separate file +and using the `include` statement to load them into the main `dhcpd.conf` file. + +In our example below, `172.16.199.50` is the IP address of our Sidero service. + +`ipxe-metal.conf`: + +```config +allow bootp; +allow booting; + +# IP address for PXE-based TFTP methods +next-server 172.16.199.50; + +# Configuration for iPXE clients +class "ipxeclient" { + match if exists user-class and (option user-class = "iPXE"); + filename "http://172.16.199.50/boot.ipxe"; +} + +# Configuration for legacy BIOS-based PXE boot +class "biosclients" { + match if not exists user-class and substring (option vendor-class-identifier, 15, 5) = "00000"; + filename "undionly.kpxe"; +} + +# Configuration for UEFI-based PXE boot +class "pxeclients" { + match if not exists user-class and substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + filename "ipxe.efi"; +} + +# Configuration for UEFI-based HTTP boot +class "httpclients" { + match if not exists user-class and substring (option vendor-class-identifier, 0, 10) = "HTTPClient"; + option vendor-class-identifier "HTTPClient"; + filename "http://172.16.199.50/tftp/ipxe.efi"; +} +``` + +Once this file is created, we can include it from our main `dhcpd.conf` inside a +`subnet` section. + +```config +shared-network sidero { + subnet 172.16.199.0 netmask 255.255.255.0 { + option domain-name-servers 8.8.8.8, 1.1.1.1; + option routers 172.16.199.1; + include "/etc/dhcp/ipxe-metal.conf"; + } +} +``` + +Since we use a number of Ubiquiti EdgeRouter devices especially in our home test +networks, it is worth mentioning the curious syntax gymnastics we must go +through there. +Essentially, the quotes around the path need to be entered as HTML entities: +`"`. + +Ubiquiti EdgeRouter configuration statement: + +```config +set service dhcp-server shared-network-name sidero \ + subnet 172.16.199.1 \ + subnet-parameters "include "/etc/dhcp/ipxe-metal.conf";" +``` + +Also note the fact that there are two semicolons at the end of the line. +The first is part of the HTML-encoded **"** (`"`) and the second is the actual terminating semicolon. + +## Troubleshooting + +Getting the netboot environment is tricky and debugging it is difficult. +Once running, it will generally stay running; +the problem is nearly always one of a missing or incorrect configuration, since +the process involves several different components. + +We are working toward integrating as much as possible into Sidero, to provide as +much intelligence and automation as can be had, but until then, you will likely +need to figure out how to begin hunting down problems. + +See the Sidero [Troubleshooting](../troubleshooting) guide for more assistance. diff --git a/website/content/docs/v0.5/Getting Started/prereq-kubernetes.md b/website/content/docs/v0.5/Getting Started/prereq-kubernetes.md new file mode 100644 index 000000000..ecafb1a8b --- /dev/null +++ b/website/content/docs/v0.5/Getting Started/prereq-kubernetes.md @@ -0,0 +1,86 @@ +--- +description: "Prerequisite: Kubernetes" +weight: 3 +title: "Prerequisite: Kubernetes" +--- + +In order to run Sidero, you first need a Kubernetes "cluster". +There is nothing special about this cluster. +It can be, for example: + +- a Kubernetes cluster you already have +- a single-node cluster running in Docker on your laptop +- a cluster running inside a virtual machine stack such as VMWare +- a Talos Kubernetes cluster running on a spare machine + +Two important things are needed in this cluster: + +- Kubernetes `v1.18` or later +- Ability to expose tcp and udp Services to the workload cluster machines + +For the purposes of this tutorial, we will create this cluster in Docker on a +workstation, perhaps a laptop. + +If you already have a suitable Kubernetes cluster, feel free to skip this step. + +## Create a Local Management Cluster + +The `talosctl` CLI tool has built-in support for spinning up Talos in docker containers. +Let's use this to our advantage as an easy Kubernetes cluster to start from. + +Issue the following to create a single-node Docker-based Kubernetes cluster: + +```bash +export HOST_IP="192.168.1.150" + +talosctl cluster create \ + --name sidero-demo \ + -p 69:69/udp,8081:8081/tcp \ + --workers 0 \ + --config-patch '[{"op": "add", "path": "/cluster/allowSchedulingOnMasters", "value": true}]' \ + --endpoint $HOST_IP +``` + +The `192.168.1.150` IP address should be changed to the IP address of your Docker +host. +This is _not_ the Docker bridge IP but the standard IP address of the +workstation. + +Note that there are two ports mentioned in the command above. +The first (69) is +for TFTP. +The second (8081) is for the web server (which serves netboot +artifacts and configuration). + +Exposing them here allows us to access the services that will get deployed on this node. +In turn, we will be running our Sidero services with `hostNetwork: true`, +so the Docker host will forward these to the Docker container, +which will in turn be running in the same namespace as the Sidero Kubernetes components. +A full separate management cluster will likely approach this differently, +with a load balancer or a means of sharing an IP address across multiple nodes (such as with MetalLB). + +Finally, the `--config-patch` is optional, +but since we are running a single-node cluster in this Tutorial, +adding this will allow Sidero to run on the controlplane. +Otherwise, you would need to add worker nodes to this management plane cluster to be +able to run the Sidero components on it. + +## Access the cluster + +Once the cluster create command is complete, you can retrieve the kubeconfig for it using the Talos API: + +```bash +talosctl kubeconfig +``` + +> Note: by default, Talos will merge the kubeconfig for this cluster into your +> standard kubeconfig under the context name matching the cluster name your +> created above. +> If this name conflicts, it will be given a `-1`, a `-2` or so +> on, so it is generally safe to run. +> However, if you would prefer to not modify your standard kubeconfig, you can +> supply a directory name as the third parameter, which will cause a new +> kubeconfig to be created there instead. +> Remember that if you choose to not use the standard location, your should set +> your `KUBECONFIG` environment variable or pass the `--kubeconfig` option to +> tell the `kubectl` client the name of the `kubeconfig` file. diff --git a/website/content/docs/v0.5/Getting Started/scale-workload.md b/website/content/docs/v0.5/Getting Started/scale-workload.md new file mode 100644 index 000000000..06b1562d2 --- /dev/null +++ b/website/content/docs/v0.5/Getting Started/scale-workload.md @@ -0,0 +1,14 @@ +--- +description: "A guide for bootstrapping Sidero management plane" +weight: 9 +title: "Scale the Workload Cluster" +--- + +If you have more machines available, you can scale both the controlplane +(`TalosControlPlane`) and the workers (`MachineDeployment`) for any cluster +after it has been deployed. +This is done just like normal Kubernetes `Deployments`. + +```bash +kubectl scale taloscontrolplane cluster-0-cp --replicas=3 +``` diff --git a/website/content/docs/v0.5/Getting Started/troubleshooting.md b/website/content/docs/v0.5/Getting Started/troubleshooting.md new file mode 100644 index 000000000..7e446c605 --- /dev/null +++ b/website/content/docs/v0.5/Getting Started/troubleshooting.md @@ -0,0 +1,77 @@ +--- +description: "Troubleshooting" +weight: 99 +title: "Troubleshooting" +--- + +The first thing to do in troubleshooting problems with the Sidero installation +and operation is to figure out _where_ in the process that failure is occurring. + +Keep in mind the general flow of the pieces. +For instance: + +1. A server is configured by its BIOS/CMOS to attempt a network boot using the PXE firmware on +its network card(s). +1. That firmware requests network and PXE boot configuration via DHCP. +1. DHCP points the firmware to the Sidero TFTP or HTTP server (depending on the firmware type). +1. The second stage boot, iPXE, is loaded and makes an HTTP request to the + Sidero metadata server for its configuration, which contains the URLs for + the kernel and initrd images. +1. The kernel and initrd images are downloaded by iPXE and boot into the Sidero + agent software (if the machine is not yet known and assigned by Sidero). +1. The agent software reports to the Sidero metadata server via HTTP the hardware information of the machine. +1. A (usually human or external API) operator verifies and accepts the new + machine into Sidero. +1. The agent software reboots and wipes the newly-accepted machine, then powers + off the machine to wait for allocation into a cluster. +1. The machine is allocated by Sidero into a Kubernetes Cluster. +1. Sidero tells the machine, via IPMI, to boot into the OS installer + (following all the same network boot steps above). +1. The machine downloads its configuration from the Sidero metadata server via + HTTP. +1. The machine applies its configuration, installs a bootloader, and reboots. +1. The machine, upon reboot from its local disk, joins the Kubernetes cluster + and continues until Sidero tells it to leave the cluster. +1. Sidero tells the machine to leave the cluster and reboots it into network + boot mode, via IPMI. +1. The machine netboots into wipe mode, wherein its disks are again wiped to + come back to the "clean" state. +1. The machine again shuts down and waits to be needed. + +## Device firmware (PXE boot) + +The worst place to fail is also, unfortunately, the most common. +This is the firmware phase, where the network card's built-in firmware attempts +to initiate the PXE boot process. +This is the worst place because the firmware is completely opaque, with very +little logging, and what logging _does_ appear frequently is wiped from the +console faster than you can read it. + +If you fail here, the problem will most likely be with your DHCP configuration, +though it _could_ also be in the Sidero TFTP service configuration. + +## Validate Sidero TFTP service + +The easiest to validate is to use a `tftp` client to validate that the Sidero +TFTP service is available at the IP you are advertising via DHCP. + +```bash + $ atftp 172.16.199.50 + tftp> get ipxe.efi +``` + +TFTP is an old, slow protocol with very little feedback or checking. +Your only real way of telling if this fails is by timeout. +Over a local network, this `get` command should take a few seconds. +If it takes longer than 30 seconds, it is probably not working. + +Success is also not usually indicated: +you just get a prompt returned, and the file should show up in your current +directory. + +If you are failing to connect to TFTP, the problem is most likely with your +Sidero Service exposure: +how are you exposing the TFTP service in your management cluster to the outside +world? +This normally involves either setting host networking on the Deployment or +installing and using something like MetalLB. diff --git a/website/content/docs/v0.5/Guides/bootstrapping.md b/website/content/docs/v0.5/Guides/bootstrapping.md new file mode 100644 index 000000000..9e227b3d5 --- /dev/null +++ b/website/content/docs/v0.5/Guides/bootstrapping.md @@ -0,0 +1,285 @@ +--- +description: "A guide for bootstrapping Sidero management plane" +weight: 1 +title: "Bootstrapping" +--- + +## Introduction + +Imagine a scenario in which you have shown up to a datacenter with only a laptop and your task is to transition a rack of bare metal machines into an HA management plane and multiple Kubernetes clusters created by that management plane. +In this guide, we will go through how to create a bootstrap cluster using a Docker-based Talos cluster, provision the management plane, and pivot over to it. +Guides around post-pivoting setup and subsequent cluster creation should also be found in the "Guides" section of the sidebar. + +Because of the design of Cluster API, there is inherently a "chicken and egg" problem with needing a Kubernetes cluster in order to provision the management plane. +Talos Systems and the Cluster API community have created tools to help make this transition easier. + +## Prerequisites + +First, you need to install the latest `talosctl` by running the following script: + +```bash +curl -Lo /usr/local/bin/talosctl https://github.com/talos-systems/talos/releases/latest/download/talosctl-$(uname -s | tr "[:upper:]" "[:lower:]")-amd64 +chmod +x /usr/local/bin/talosctl +``` + +You can read more about Talos and `talosctl` at [talos.dev](https://www.talos.dev/docs/latest). + +Next, there are two big prerequisites involved with bootstrapping Sidero: routing and DHCP setup. + +From the routing side, the laptop from which you are bootstrapping _must_ be accessible by the bare metal machines that we will be booting. +In the datacenter scenario described above, the easiest way to achieve this is probably to hook the laptop onto the server rack's subnet by plugging it into the top-of-rack switch. +This is needed for TFTP, PXE booting, and for the ability to register machines with the bootstrap plane. + +DHCP configuration is needed to tell the metal servers what their "next server" is when PXE booting. +The configuration of this is different for each environment and each DHCP server, thus it's impossible to give an easy guide. +However, here is an example of the configuration for an Ubiquti EdgeRouter that uses vyatta-dhcpd as the DHCP service: + +This block shows the subnet setup, as well as the extra "subnet-parameters" that tell the DHCP server to include the ipxe-metal.conf file. + +> These commands are run under the `configure` option in EdgeRouter + +```bash +$ show service dhcp-server shared-network-name MetalDHCP + + authoritative enable + subnet 192.168.254.0/24 { + default-router 192.168.254.1 + dns-server 192.168.1.200 + lease 86400 + start 192.168.254.2 { + stop 192.168.254.252 + } + subnet-parameters "include "/etc/dhcp/ipxe-metal.conf";" + } +``` + +Here is the `ipxe-metal.conf` file. + +```bash +$ cat /etc/dhcp/ipxe-metal.conf + +allow bootp; +allow booting; + +next-server 192.168.1.150; +filename "ipxe.efi"; # use "undionly.kpxe" for BIOS netboot or "ipxe.efi" for UEFI netboot + +host talos-mgmt-0 { + fixed-address 192.168.254.2; + hardware ethernet d0:50:99:d3:33:60; +} +``` + +> If you want to boot multiple architectures, you can use the *DHCP Option 93* to specify the architecture. + +First we need to define *option 93* in the DHCP server configuration. + +```bash +set service dhcp-server global-parameters "option system-arch code 93 = unsigned integer 16;" +``` + +Now we can specify condition based on *option 93* in `ipxe-metal.conf` file + +```bash +$ cat /etc/dhcp/ipxe-metal.conf + +allow bootp; +allow booting; + +next-server 192.168.1.150; + +if option system-arch = 00:0b { + filename "ipxe-arm64.efi"; +} else { + filename "ipxe.efi"; +} + +host talos-mgmt-0 { + fixed-address 192.168.254.2; + hardware ethernet d0:50:99:d3:33:60; +} +``` + +Notice that it sets a static address for the management node that I'll be booting, in addition to providing the "next server" info. +This "next server" IP address will match references to `PUBLIC_IP` found below in this guide. + +## Create a Local Cluster + +The `talosctl` CLI tool has built-in support for spinning up Talos in docker containers. +Let's use this to our advantage as an easy Kubernetes cluster to start from. + +Set an environment variable called `PUBLIC_IP` which is the "public" IP of your machine. +Note that "public" is a bit of a misnomer. +We're really looking for the IP of your machine, not the IP of the node on the docker bridge (ex: `192.168.1.150`). + +```bash +export PUBLIC_IP="192.168.1.150" +``` + +We can now create our Docker cluster. +Issue the following to create a single-node cluster: + +```bash +talosctl cluster create \ + --kubernetes-version 1.22.2 \ + -p 69:69/udp,8081:8081/tcp \ + --workers 0 \ + --endpoint $PUBLIC_IP +``` + +Note that there are several ports mentioned in the command above. +These allow us to access the services that will get deployed on this node. + +Once the cluster create command is complete, issue `talosctl kubeconfig /desired/path` to fetch the kubeconfig for this cluster. +You should then set your `KUBECONFIG` environment variable to the path of this file. + +## Untaint Control Plane + +Because this is a single node cluster, we need to remove the "NoSchedule" taint on the node to make sure non-controlplane components can be scheduled. + +```bash +kubectl taint node talos-default-master-1 node-role.kubernetes.io/master:NoSchedule- +``` + +## Install Sidero + +As of Cluster API version 0.3.9, Sidero is included as a default infrastructure provider in clusterctl. + +To install Sidero and the other Talos providers, simply issue: + +```bash +SIDERO_CONTROLLER_MANAGER_HOST_NETWORK=true \ + SIDERO_CONTROLLER_MANAGER_API_ENDPOINT=$PUBLIC_IP \ + clusterctl init -b talos -c talos -i sidero +``` + +We will now want to ensure that the Sidero services that got created are publicly accessible across our subnet. +These variables above will allow the metal machines to speak to these services later. + +## Register the Servers + +At this point, any servers on the same network as Sidero should PXE boot using the Sidero PXE service. +To register a server with Sidero, simply turn it on and Sidero will do the rest. +Once the registration is complete, you should see the servers registered with `kubectl get servers`: + +```bash +$ kubectl get servers -o wide +NAME HOSTNAME ACCEPTED ALLOCATED CLEAN +00000000-0000-0000-0000-d05099d33360 192.168.254.2 false false false +``` + +## Setting up IPMI + +Sidero can use IPMI information to control Server power state, reboot servers and set boot order. +IPMI information will be, by default, setup automatically if possible as part of the acceptance process. +See [IPMI](../../resource-configuration/servers/#ipmi) for more information. + +IMPI connection information can also be set manually in the Server spec after initial registration: + +```bash +kubectl patch server 00000000-0000-0000-0000-d05099d33360 --type='json' -p='[{"op": "add", "path": "/spec/bmc", "value": {"endpoint": "192.168.88.9", "user": "ADMIN", "pass":"ADMIN"}}]' +``` + +If IPMI info is not set, servers should be configured to boot first from network, then from disk. + +## Configuring the installation disk + +Note that for bare-metal setup, you would need to specify an installation disk. +See [Installation Disk](../../resource-configuration/servers/#installation-disk) for details on how to do this. +You should configure this before accepting the server. + +## Accept the Servers + +Note in the output above that the newly registered servers are not `accepted`. +In order for a server to be eligible for consideration, it _must_ be marked as `accepted`. +Before a `Server` is accepted, no write action will be performed against it. +Servers can be accepted by issuing a patch command like: + +```bash +kubectl patch server 00000000-0000-0000-0000-d05099d33360 --type='json' -p='[{"op": "replace", "path": "/spec/accepted", "value": true}]' +``` + +For more information on server acceptance, see the [server docs](../../resource-configuration/servers). + +## Create Management Plane + +We are now ready to template out our management plane. +Using clusterctl, we can create a cluster manifest with: + +```bash +clusterctl config cluster management-plane -i sidero > management-plane.yaml +``` + +Note that there are several variables that should be set in order for the templating to work properly: + +- `CONTROL_PLANE_ENDPOINT` and `CONTROL_PLANE_PORT`: The endpoint (IP address or hostname) and the port used for the Kubernetes API server + (e.g. for `https://1.2.3.4:6443`: `CONTROL_PLANE_ENDPOINT=1.2.3.4` and `CONTROL_PLANE_PORT=6443`). + This is the equivalent of the `endpoint` you would specify in `talosctl gen config`. + There are a variety of ways to configure a control plane endpoint. + Some common ways for an HA setup are to use DNS, a load balancer, or BGP. + A simpler method is to use the IP of a single node. + This has the disadvantage of being a single point of failure, but it can be a simple way to get running. +- `CONTROL_PLANE_SERVERCLASS`: The server class to use for control plane nodes. +- `WORKER_SERVERCLASS`: The server class to use for worker nodes. +- `KUBERNETES_VERSION`: The version of Kubernetes to deploy (e.g. `v1.22.2`). +- `CONTROL_PLANE_PORT`: The port used for the Kubernetes API server (port 6443) +- `TALOS_VERSION`: This should correspond to the minor version of Talos that you will be deploying (e.g. `v0.13`). + This value is used in determining the fields present in the machine configuration that gets generated for Talos nodes. + +For instance: + +```bash +export CONTROL_PLANE_SERVERCLASS=any +export WORKER_SERVERCLASS=any +export TALOS_VERSION=v0.13 +export KUBERNETES_VERSION=v1.22.2 +export CONTROL_PLANE_PORT=6443 +export CONTROL_PLANE_ENDPOINT=1.2.3.4 +clusterctl config cluster management-plane -i sidero > management-plane.yaml +``` + +In addition, you can specify the replicas for control-plane & worker nodes in management-plane.yaml manifest for TalosControlPlane and MachineDeployment objects. +Also, they can be scaled if needed (after applying the `management-plane.yaml` manifest): + +```bash +kubectl get taloscontrolplane +kubectl get machinedeployment +kubectl scale taloscontrolplane management-plane-cp --replicas=3 +``` + +Now that we have the manifest, we can simply apply it: + +```bash +kubectl apply -f management-plane.yaml +``` + +**NOTE: The templated manifest above is meant to act as a starting point.** +**If customizations are needed to ensure proper setup of your Talos cluster, they should be added before applying.** + +Once the management plane is setup, you can fetch the talosconfig by using the cluster label. +Be sure to update the cluster name and issue the following command: + +```bash +kubectl get talosconfig \ + -l cluster.x-k8s.io/cluster-name= \ + -o yaml -o jsonpath='{.items[0].status.talosConfig}' > management-plane-talosconfig.yaml +``` + +With the talosconfig in hand, the management plane's kubeconfig can be fetched with `talosctl --talosconfig management-plane-talosconfig.yaml kubeconfig` + +## Pivoting + +Once we have the kubeconfig for the management cluster, we now have the ability to pivot the cluster from our bootstrap. +Using clusterctl, issue: + +```bash +clusterctl init --kubeconfig=/path/to/management-plane/kubeconfig -i sidero -b talos -c talos +``` + +Followed by: + +```bash +clusterctl move --to-kubeconfig=/path/to/management-plane/kubeconfig +``` + +Upon completion of this command, we can now tear down our bootstrap cluster with `talosctl cluster destroy` and begin using our management plane as our point of creation for all future clusters! diff --git a/website/content/docs/v0.5/Guides/decommissioning.md b/website/content/docs/v0.5/Guides/decommissioning.md new file mode 100644 index 000000000..46e82f300 --- /dev/null +++ b/website/content/docs/v0.5/Guides/decommissioning.md @@ -0,0 +1,23 @@ +--- +description: "A guide for decommissioning servers" +weight: 1 +title: "Decommissioning Servers" +--- + +This guide will detail the process for removing a server from Sidero. +The process is fairly simple with a few pieces of information. + +- For the given server, take note of any serverclasses that are configured to match the server. + +- Take note of any clusters that make use of aforementioned serverclasses. + +- For each matching cluster, edit the cluster resource with `kubectl edit cluster` and set `.spec.paused` to `true`. + Doing this ensures that no new machines will get created for these servers during the decommissioning process. + +- If the server is already part of a cluster (`kubectl get serverbindings` should provide this info), you can now delete the machine that corresponds with this server via `kubectl delete machine `. + +- With the machine deleted, Sideo will reboot the machine and wipe its disks. + +- Once the disk wiping is complete and the server is turned off, you can finally delete the server from Sidero with `kubectl delete server ` and repurpose the server for something else. + +- Finally, unpause any clusters that were edited in step 3 by setting `.spec.paused` to `false`. diff --git a/website/content/docs/v0.5/Guides/first-cluster.md b/website/content/docs/v0.5/Guides/first-cluster.md new file mode 100644 index 000000000..bf1173ac2 --- /dev/null +++ b/website/content/docs/v0.5/Guides/first-cluster.md @@ -0,0 +1,144 @@ +--- +description: "A guide for creating your first cluster with the Sidero management plane" +weight: 2 +title: "Creating Your First Cluster" +--- + +## Introduction + +This guide will detail the steps needed to provision your first bare metal Talos cluster after completing the bootstrap and pivot steps detailed in the previous guide. +There will be two main steps in this guide: reconfiguring the Sidero components now that they have been pivoted and the actual cluster creation. + +## Reconfigure Sidero + +### Patch Services + +In this guide, we will convert the metadata service to a NodePort service and the other services to use host networking. +This is also necessary because some protocols like TFTP don't allow for port configuration. +Along with some nodeSelectors and a scale up of the metal controller manager deployment, creating the services this way allows for the creation of DNS names that point to all management plane nodes and provide an HA experience if desired. +It should also be noted, however, that there are many options for achieving this functionality. +Users can look into projects like MetalLB or KubeRouter with BGP and ECMP if they desire something else. + +Metal Controller Manager: + +```bash +## Use host networking +kubectl patch deploy -n sidero-system sidero-controller-manager --type='json' -p='[{"op": "add", "path": "/spec/template/spec/hostNetwork", "value": true}]' +``` + +#### Update Environment + +The metadata server's information needs to be updated in the default environment. +Edit the environment with `kubectl edit environment default` and update the `talos.config` kernel arg with the IP of one of the management plane nodes (or the DNS entry you created). + +### Update DHCP + +The DHCP options configured in the previous guide should now be updated to point to your new management plane IP or to the DNS name if it was created. + +A revised ipxe-metal.conf file looks like: + +```bash +allow bootp; +allow booting; + +next-server 192.168.254.2; +if exists user-class and option user-class = "iPXE" { + filename "http://192.168.254.2:8081/boot.ipxe"; +} else { + if substring (option vendor-class-identifier, 15, 5) = "00000" { + # BIOS + if substring (option vendor-class-identifier, 0, 10) = "HTTPClient" { + option vendor-class-identifier "HTTPClient"; + filename "http://192.168.254.2:8081/tftp/undionly.kpxe"; + } else { + filename "undionly.kpxe"; + } + } else { + # UEFI + if substring (option vendor-class-identifier, 0, 10) = "HTTPClient" { + option vendor-class-identifier "HTTPClient"; + filename "http://192.168.254.2:8081/tftp/ipxe.efi"; + } else { + filename "ipxe.efi"; + } + } +} + +host talos-mgmt-0 { + fixed-address 192.168.254.2; + hardware ethernet d0:50:99:d3:33:60; +} +``` + +There are multiple ways to boot the via iPXE: + +- if the node has built-in iPXE, direct URL to the iPXE script can be used: `http://192.168.254.2:8081/boot.ipxe`. +- depending on the boot mode (BIOS or UEFI), either `ipxe.efi` or `undionly.kpxe` can be used (these images contain embedded iPXE scripts). +- iPXE binaries can be delivered either over TFTP or HTTP (HTTP support depends on node firmware). + +## Register the Servers + +At this point, any servers on the same network as Sidero should PXE boot using the Sidero PXE service. +To register a server with Sidero, simply turn it on and Sidero will do the rest. +Once the registration is complete, you should see the servers registered with `kubectl get servers`: + +```bash +$ kubectl get servers -o wide +NAME HOSTNAME ACCEPTED ALLOCATED CLEAN +00000000-0000-0000-0000-d05099d33360 192.168.254.2 false false false +``` + +## Accept the Servers + +Note in the output above that the newly registered servers are not `accepted`. +In order for a server to be eligible for consideration, it _must_ be marked as `accepted`. +Before a `Server` is accepted, no write action will be performed against it. +Servers can be accepted by issuing a patch command like: + +```bash +kubectl patch server 00000000-0000-0000-0000-d05099d33360 --type='json' -p='[{"op": "replace", "path": "/spec/accepted", "value": true}]' +``` + +For more information on server acceptance, see the [server docs](../../resource-configuration/servers). + +## Create the Cluster + +The cluster creation process should be identical to what was detailed in the previous guide. +Using clusterctl, we can create a cluster manifest with: + +```bash +clusterctl config cluster workload-cluster -i sidero > workload-cluster.yaml +``` + +Note that there are several variables that should be set in order for the templating to work properly: + +- `CONTROL_PLANE_ENDPOINT` and `CONTROL_PLANE_PORT`: The endpoint (IP address or hostname) and the port used for the Kubernetes API server + (e.g. for `https://1.2.3.4:6443`: `CONTROL_PLANE_ENDPOINT=1.2.3.4` and `CONTROL_PLANE_PORT=6443`). + This is the equivalent of the `endpoint` you would specify in `talosctl gen config`. + There are a variety of ways to configure a control plane endpoint. + Some common ways for an HA setup are to use DNS, a load balancer, or BGP. + A simpler method is to use the IP of a single node. + This has the disadvantage of being a single point of failure, but it can be a simple way to get running. +- `CONTROL_PLANE_SERVERCLASS`: The server class to use for control plane nodes. +- `WORKER_SERVERCLASS`: The server class to use for worker nodes. +- `KUBERNETES_VERSION`: The version of Kubernetes to deploy (e.g. `v1.19.4`). +- `TALOS_VERSION`: This should correspond to the minor version of Talos that you will be deploying (e.g. `v0.10`). + This value is used in determining the fields present in the machine configuration that gets generated for Talos nodes. + Note that the default is currently `v0.13`. + +Now that we have the manifest, we can simply apply it: + +```bash +kubectl apply -f workload-cluster.yaml +``` + +**NOTE: The templated manifest above is meant to act as a starting point.** +**If customizations are needed to ensure proper setup of your Talos cluster, they should be added before applying.** + +Once the workload cluster is setup, you can fetch the talosconfig with a command like: + +```bash +kubectl get talosconfig -o yaml workload-cluster-cp-xxx -o jsonpath='{.status.talosConfig}' > workload-cluster-talosconfig.yaml +``` + +Then the workload cluster's kubeconfig can be fetched with `talosctl --talosconfig workload-cluster-talosconfig.yaml kubeconfig /desired/path`. diff --git a/website/content/docs/v0.5/Guides/flow.md b/website/content/docs/v0.5/Guides/flow.md new file mode 100644 index 000000000..0ed97273c --- /dev/null +++ b/website/content/docs/v0.5/Guides/flow.md @@ -0,0 +1,81 @@ +--- +description: "Diagrams for various flows in Sidero." +weight: 4 +title: "Provisioning Flow" +--- + +```mermaid +graph TD; + Start(Start); + End(End); + + %% Decisions + + IsOn{Is server is powered on?}; + IsRegistered{Is server is registered?}; + IsAccepted{Is server is accepted?}; + IsClean{Is server is clean?}; + IsAllocated{Is server is allocated?}; + + %% Actions + + DoPowerOn[Power server on]; + DoPowerOff[Power server off]; + DoBootAgentEnvironment[Boot agent]; + DoBootEnvironment[Boot environment]; + DoRegister[Register server]; + DoWipe[Wipe server]; + + %% Chart + + Start-->IsOn; + IsOn--Yes-->End; + IsOn--No-->DoPowerOn; + + DoPowerOn--->IsRegistered; + + IsRegistered--Yes--->IsAccepted; + IsRegistered--No--->DoBootAgentEnvironment-->DoRegister; + + DoRegister-->IsRegistered; + + IsAccepted--Yes--->IsAllocated; + IsAccepted--No--->End; + + IsAllocated--Yes--->DoBootEnvironment; + IsAllocated--No--->IsClean; + IsClean--No--->DoWipe-->DoPowerOff; + + IsClean--Yes--->DoPowerOff; + + DoBootEnvironment-->End; + + DoPowerOff-->End; +``` + +## Installation Flow + +```mermaid +graph TD; + Start(Start); + End(End); + + %% Decisions + + IsInstalled{Is installed}; + + %% Actions + + DoInstall[Install]; + DoReboot[Reboot]; + + %% Chart + + Start-->IsInstalled; + IsInstalled--Yes-->End; + IsInstalled--No-->DoInstall; + + DoInstall-->DoReboot; + + DoReboot-->IsInstalled; +``` diff --git a/website/content/docs/v0.5/Guides/iso.md b/website/content/docs/v0.5/Guides/iso.md new file mode 100644 index 000000000..cb9e8958e --- /dev/null +++ b/website/content/docs/v0.5/Guides/iso.md @@ -0,0 +1,23 @@ +--- +description: "A guide for bootstrapping Sidero management plane using the ISO image" +weight: 1 +title: "Building A Management Plane with ISO Image" +--- + +This guide will provide some very basic detail about how you can also build a Sidero management plane using the Talos ISO image instead of following the Docker-based process that we detail in our Getting Started tutorials. + +Using the ISO is a perfectly valid way to build a Talos cluster, but this approach is not recommended for Sidero as it avoids the "pivot" step detailed [here](../../getting-started/pivot). +Skipping this step means that the management plane does not become "self-hosted", in that it cannot be upgraded and scaled using the Sidero processes we follow for workload clusters. +For folks who are willing to take care of their management plane in other ways, however, this approach will work fine. + +The rough outline of this process is very short and sweet, as it relies on other documentation: + +- For each management plane node, boot the ISO and install Talos using the "apply-config" process mentioned in our Talos [Getting Started](https://www.talos.dev/docs/v0.13/introduction/getting-started/) docs. + These docs go into heavy detail on using the ISO, so they will not be recreated here. + +- With a Kubernetes cluster now in hand (and with access to it via `talosctl` and `kubectl`), you can simply pickup the Getting Started tutorial at the "Install Sidero" section [here](../../getting-started/install-clusterapi). + Keep in mind, however, that you will be unable to do the "pivoting" section of the tutorial, so just skip that step when you reach the end of the tutorial. + +> Note: It may also be of interest to view the prereq guides on [CLI](../../getting-started/prereq-cli-tools) and [DHCP](../../getting-started/prereq-dhcp) setup, as they will still apply to this method. + +- For long-term maintenance of a management plane created in this way, refer to the Talos documentation for upgrading [Kubernetes](https://www.talos.dev/docs/v0.13/guides/upgrading-kubernetes/) and [Talos](https://www.talos.dev/docs/v0.13/guides/upgrading-talos/) itself. diff --git a/website/content/docs/v0.5/Guides/patching.md b/website/content/docs/v0.5/Guides/patching.md new file mode 100644 index 000000000..878d1bce8 --- /dev/null +++ b/website/content/docs/v0.5/Guides/patching.md @@ -0,0 +1,57 @@ +--- +description: "A guide describing patching" +weight: 3 +title: "Patching" +--- + +Server resources can be updated by using the `configPatches` section of the custom resource. +Any field of the [Talos machine config](https://www.talos.dev/docs/v0.13/reference/configuration/) +can be overridden on a per-machine basis using this method. +The format of these patches is based on [JSON 6902](http://jsonpatch.com/) that you may be used to in tools like kustomize. + +Any patches specified in the server resource are processed by the Metal Metadata Server before it returns a Talos machine config for a given server at boot time. + +A set of patches may look like this: + +```yaml +apiVersion: metal.sidero.dev/v1alpha1 +kind: Server +metadata: + name: 00000000-0000-0000-0000-d05099d33360 +spec: + configPatches: + - op: replace + path: /machine/install + value: + disk: /dev/sda + - op: replace + path: /cluster/network/cni + value: + name: "custom" + urls: + - "http://192.168.1.199/assets/cilium.yaml" +``` + +## Testing Configuration Patches + +While developing config patches it is usually convenient to test generated config with patches +before actual server is provisioned with the config. + +This can be achieved by querying the metadata server endpoint directly: + +```sh +$ curl http://$PUBLIC_IP:8081/configdata?uuid=$SERVER_UUID +version: v1alpha1 +... +``` + +Replace `$PUBLIC_IP` with the Sidero IP address and `$SERVER_UUID` with the name of the `Server` to test +against. + +If metadata endpoint returns an error on applying JSON patches, make sure config subtree being patched exists in the config. +If it doesn't exist, create it with the `op: add` above the `op: replace` patch. + +## Combining Patches from Multiple Sources + +Config patches might be combined from multiple sources (`Server`, `ServerClass`), which is explained in details +in [Metadata](../../resource-configuration/metadata/) section. diff --git a/website/content/docs/v0.5/Guides/rpi4-as-servers.md b/website/content/docs/v0.5/Guides/rpi4-as-servers.md new file mode 100644 index 000000000..48113624c --- /dev/null +++ b/website/content/docs/v0.5/Guides/rpi4-as-servers.md @@ -0,0 +1,268 @@ +--- +description: "Using Raspberrypi Pi 4 as servers" +weight: 6 +title: "Raspberry Pi4 as Servers" +--- + +This guide will explain on how to use Sidero to manage Raspberrypi-4's as +servers. +This guide goes hand in hand with the [bootstrapping +guide](../../guides/bootstrapping). + +From the bootstrapping guide, reach "Install Sidero" and come back to this +guide. +Once you finish with this guide, you will need to go back to the +bootstrapping guide and continue with "Register the servers". + +The rest of this guide goes with the assumption that you've a cluster setup with +Sidero and ready to accept servers. +This guide will explain the changes that needs to be made to be able to accept RPI4 as server. + +## RPI4 boot process + +To be able to boot talos on the Pi4 via network, we need to undergo a 2-step boot process. +The Pi4 has an EEPROM which contains code to boot up the Pi. +This EEPROM expects a specific boot folder structure as explained on +[this](https://www.raspberrypi.org/documentation/configuration/boot_folder.md) page. +We will use the EEPROM to boot into UEFI, which we will then use to PXE and iPXE boot into sidero & talos. + +## Prerequisites + +### Update EEPROM + +_NOTE:_ If you've updated the EEPROM with the image that was referenced on [the talos docs](https://www.talos.dev/docs/v0.13/single-board-computers/rpi_4/#updating-the-eeprom), +you can either flash it with the one mentioned below, or visit [the EEPROM config docs](https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2711_bootloader_config.md) +and change the boot order of EEPROM to `0xf21`. +Which means try booting from SD first, then try network. + +To enable the EEPROM on the Pi to support network booting, we must update it to +the latest version. +Visit the [release](https://github.com/raspberrypi/rpi-eeprom/releases) page and grab the +latest `rpi-boot-eeprom-recovery-*-network.zip` (as of time of writing, +v2021.0v.29-138a1 was used). +Put this on a SD card and plug it into the Pi. +The +Pi's status light will flash rapidly after a few seconds, this indicates that +the EEPROM has been updated. + +This operation needs to be done once per Pi. + +### Serial number + +Power on the Pi without an SD card in it and hook it up to a monitor, you will +be greeted with the boot screen. +On this screen you will find some information +about the Pi. +For this guide, we are only interested in the serial number. +The +first line under the Pi logo will be something like the following: + +`board: xxxxxx ` + +Write down the 8 character serial. + +### talos-systems/pkg + +Clone the [talos-systems/pkg](https://github.com/talos-systems/pkgs) repo. +Create a new folder called `raspberrypi4-uefi` and `raspberrypi4-uefi/serials`. +Create a file `raspberrypi4-uefi/pkg.yaml` containing the following: + +```yaml +name: raspberrypi4-uefi +variant: alpine +install: + - unzip +steps: +# {{ if eq .ARCH "aarch64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr restricting build to arm64 only + - sources: + - url: https://github.com/pftf/RPi4/releases/download/v1.26/RPi4_UEFI_Firmware_v1.26.zip # <-- update version NR accordingly. + destination: RPi4_UEFI_Firmware.zip + sha256: d6db87484dd98dfbeb64eef203944623130cec8cb71e553eab21f8917e0285f7 + sha512: 96a71086cdd062b51ef94726ebcbf15482b70c56262555a915499bafc04aff959d122410af37214760eda8534b58232a64f6a8a0a8bb99aba6de0f94c739fe98 + prepare: + - | + unzip RPi4_UEFI_Firmware.zip + rm RPi4_UEFI_Firmware.zip + mkdir /rpi4 + mv ./* /rpi4 + install: + - | + mkdir /tftp + ls /pkg/serials | while read serial; do mkdir /tftp/$serial && cp -r /rpi4/* /tftp/$serial && cp -r /pkg/serials/$serial/* /tftp/$serial/; done +# {{ else }} + - install: + - | + mkdir -p /tftp +# {{ end }} +finalize: + - from: / + to: / +``` + +## UEFI / RPi4 + +Now that the EEPROM can network boot, we need to prepare the structure of our +boot folder. +Essentially what the bootloader will do is look for this folder +on the network rather than on the SD card. + +Visit the [release page of RPi4](https://github.com/pftf/RPi4/releases) and grab +the latest `RPi4_UEFI_Firmware_v*.zip` (at the time of writing, v1.26 was used). +Extract the zip into a folder, the structure will look like the following: + +```bash +. +├── RPI_EFI.fd +├── RPi4_UEFI_Firmware_v1.26.zip +├── Readme.md +├── bcm2711-rpi-4-b.dtb +├── bcm2711-rpi-400.dtb +├── bcm2711-rpi-cm4.dtb +├── config.txt +├── firmware +│   ├── LICENCE.txt +│   ├── Readme.txt +│   ├── brcmfmac43455-sdio.bin +│   ├── brcmfmac43455-sdio.clm_blob +│   └── brcmfmac43455-sdio.txt +├── fixup4.dat +├── overlays +│   └── miniuart-bt.dtbo +└── start4.elf +``` + +As a one time operation, we need to configure UEFI to do network booting by +default, remove the 3gb mem limit if it's set and optionally set the CPU clock to +max. +Take these files and put them on the SD card and boot the Pi. +You will see the Pi logo, and the option to hit `esc`. + +### Remove 3GB mem limit + +1. From the home page, visit "Device Manager". +2. Go down to "Raspberry Pi Configuration" and open that menu. +3. Go to "Advanced Configuration". +4. Make sure the option "Limit RAM to 3 GB" is set to `Disabled`. + +### Change CPU to Max (optionally) + +1. From the home page, visit "Device Manager". +2. Go down to "Raspberry Pi Configuration" and open that menu. +3. Go to "CPU Configuration". +4. Change CPU clock to `Max`. + +## Change boot order + +1. From the home page, visit "Boot Maintenance Manager". +2. Go to "Boot Options". +3. Go to "Change Boot Order". +4. Make sure that `UEFI PXEv4` is the first boot option. + +### Persisting changes + +Now that we have made the changes above, we need to persist these changes. +Go back to the home screen and hit `reset` to save the changes to disk. + +When you hit `reset`, the settings will be saved to the `RPI_EFI.fd` file on the +SD card. +This is where we will run into a limitation that is explained in the +following issue: [pftf/RPi4#59](https://github.com/pftf/RPi4/issues/59). +What this mean is that we need to create a `RPI_EFI.fd` file for each Pi that we want to use as server. +This is because the MAC address is also stored in the `RPI_EFI.fd` file, +which makes it invalid when you try to use it in a different Pi. + +Plug the SD card back into your computer and extract the `RPI_EFI.fd` file from +it and place it into the `raspberrypi4-uefi/serials//`. +The dir should look like this: + +```bash +raspberrypi4-uefi/ +├── pkg.yaml +└── serials + └─── XXXXXXXX + └── RPI_EFI.fd +``` + +## Build the image with the boot folder contents + +Now that we have the `RPI_EFI.fd` of our Pi in the correct location, we must now +build a docker image containing the boot folder for the EEPROM. +To do this, run the following command in the pkgs repo: + +`make PLATFORM=linux/arm64 USERNAME=$USERNAME PUSH=true TARGETS=raspberrypi4-uefi` + +This will build and push the following image: +`ghcr.io/$USERNAME/raspberrypi4-uefi:` + +_If you need to change some other settings like registry etc, have a look in the +Makefile to see the available variables that you can override._ + +The content of the `/tftp` folder in the image will be the following: + +```bash +XXXXXXXX +├── RPI_EFI.fd +├── Readme.md +├── bcm2711-rpi-4-b.dtb +├── bcm2711-rpi-400.dtb +├── bcm2711-rpi-cm4.dtb +├── config.txt +├── firmware +│   ├── LICENCE.txt +│   ├── Readme.txt +│   ├── brcmfmac43455-sdio.bin +│   ├── brcmfmac43455-sdio.clm_blob +│   └── brcmfmac43455-sdio.txt +├── fixup4.dat +├── overlays +│   └── miniuart-bt.dtbo +└── start4.elf +``` + +## Patch metal controller + +To enable the 2 boot process, we need to include this EEPROM boot folder into +the sidero's tftp folder. +To achieve this, we will use an init container using +the image we created above to copy the contents of it into the tftp folder. + +Create a file `patch.yaml` with the following contents: + +```yaml +spec: + template: + spec: + volumes: + - name: tftp-folder + emptyDir: {} + initContainers: + - image: ghcr.io//raspberrypi4-uefi:v # <-- change accordingly. + imagePullPolicy: Always + name: tftp-folder-setup + command: + - cp + args: + - -r + - /tftp + - /var/lib/sidero/ + volumeMounts: + - mountPath: /var/lib/sidero/tftp + name: tftp-folder + containers: + - name: manager + volumeMounts: + - mountPath: /var/lib/sidero/tftp + name: tftp-folder +``` + +Followed by this command to apply the patch: + +```bash +kubectl -n sidero-system patch deployments.apps sidero-controller-manager --patch "$(cat patch.yaml)" +``` + +## Profit + +With the patched metal controller, you should now be able to register the Pi4 to +sidero by just connecting it to the network. +From this point you can continue with the [bootstrapping guide](../../guides/bootstrapping#register-the-servers). diff --git a/website/content/docs/v0.5/Guides/sidero-on-rpi4.md b/website/content/docs/v0.5/Guides/sidero-on-rpi4.md new file mode 100644 index 000000000..da0be73b6 --- /dev/null +++ b/website/content/docs/v0.5/Guides/sidero-on-rpi4.md @@ -0,0 +1,158 @@ +--- +description: "Running Sidero on Raspberry Pi 4 to provision bare-metal servers." +title: Sidero on Raspberry Pi 4 +weight: 7 +--- + +Sidero doesn't require a lot of computing resources, so SBCs are a perfect fit to run +the Sidero management cluster. +In this guide, we are going to install Talos on Raspberry Pi4, deploy Sidero and other CAPI components. + +## Prerequisites + +Please see Talos documentation for additional information on [installing Talos on Raspberry Pi4](https://www.talos.dev/docs/v0.13/single-board-computers/rpi_4/). + +Download the `clusterctl` CLI from [CAPI releases](https://github.com/kubernetes-sigs/cluster-api/releases). +The minimum required version is 0.4.3. + +## Installing Talos + +Prepare the SD card with the Talos RPi4 image, and boot the RPi4. +Talos should drop into maintenance mode printing the acquired IP address. +Record the IP address as the environment variable `SIDERO_ENDPOINT`: + +```bash +export SIDERO_ENDPOINT=192.168.x.x +``` + +> Note: it makes sense to transform DHCP lease for RPi4 into a static reservation so that RPi4 always has the same IP address. + +Generate Talos machine configuration for a single-node cluster: + +```bash +talosctl gen config --config-patch='[{"op": "add", "path": "/cluster/allowSchedulingOnMasters", "value": true},{"op": "replace", "path": "/machine/install/disk", "value": "/dev/mmcblk0"}]' rpi4-sidero https://${SIDERO_ENDPOINT}:6443/ +``` + +Submit the generated configuration to Talos: + +```bash +talosctl apply-config --insecure -n ${SIDERO_ENDPOINT} -f controlplane.yaml +``` + +Merge client configuration `talosconfig` into default `~/.talos/config` location: + +```bash +talosctl config merge talosconfig +``` + +Update default endpoint and nodes: + +```bash +talosctl config endpoints ${SIDERO_ENDPOINT} +talosctl config nodes ${SIDERO_ENDPOINT} +``` + +You can verify that Talos has booted by running: + +```bash +$ talosctl version +talosctl version +Client: + Tag: v0.10.3 + SHA: 21018f28 + Built: + Go version: go1.16.3 + OS/Arch: linux/amd64 + +Server: + NODE: 192.168.0.31 + Tag: v0.10.3 + SHA: 8f90c6a8 + Built: + Go version: go1.16.3 + OS/Arch: linux/arm64 +``` + +Bootstrap the etcd cluster: + +```bash +talosctl bootstrap +``` + +At this point, Kubernetes is bootstrapping, and it should be available once all the images are fetched. + +Fetch the `kubeconfig` from the cluster with: + +```bash +talosctl kubeconfig +``` + +You can watch the bootstrap progress by running: + +```bash +talosctl dmesg -f +``` + +Once Talos prints `[talos] boot sequence: done`, Kubernetes should be up: + +```bash +kubectl get nodes +``` + +## Installing Sidero + +Install Sidero with host network mode, exposing the endpoints on the node's address: + +```bash +SIDERO_CONTROLLER_MANAGER_HOST_NETWORK=true SIDERO_CONTROLLER_MANAGER_API_ENDPOINT=${SIDERO_IP} clusterctl init -i sidero -b talos -c talos +``` + +Watch the progress of installation with: + +```bash +watch -n 2 kubectl get pods -A +``` + +Once images are downloaded, all pods should be in running state: + +```bash +$ kubectl get pods -A +NAMESPACE NAME READY STATUS RESTARTS AGE +cabpt-system cabpt-controller-manager-6458494888-d7lnm 1/1 Running 0 29m +cacppt-system cacppt-controller-manager-f98854db8-qgkf9 1/1 Running 0 29m +capi-system capi-controller-manager-58f797cb65-8dwpz 2/2 Running 0 30m +capi-webhook-system cabpt-controller-manager-85fd964c9c-ldzb6 1/1 Running 0 29m +capi-webhook-system cacppt-controller-manager-75c479b7f-5hw89 1/1 Running 0 29m +capi-webhook-system capi-controller-manager-7d596cc4cb-kjrfk 2/2 Running 0 30m +capi-webhook-system caps-controller-manager-79664cf677-zqbvw 1/1 Running 0 29m +cert-manager cert-manager-86cb5dcfdd-v86wr 1/1 Running 0 31m +cert-manager cert-manager-cainjector-84cf775b89-swk25 1/1 Running 0 31m +cert-manager cert-manager-webhook-7f9f4f8dcb-29xm4 1/1 Running 0 31m +kube-system coredns-fcc4c97fb-wkxkg 1/1 Running 0 35m +kube-system coredns-fcc4c97fb-xzqzj 1/1 Running 0 35m +kube-system kube-apiserver-talos-192-168-0-31 1/1 Running 0 33m +kube-system kube-controller-manager-talos-192-168-0-31 1/1 Running 0 33m +kube-system kube-flannel-qmlw6 1/1 Running 0 34m +kube-system kube-proxy-j24hg 1/1 Running 0 34m +kube-system kube-scheduler-talos-192-168-0-31 1/1 Running 0 33m +``` + +Verify Sidero installation and network setup with: + +```bash +$ curl -I http://${SIDERO_ENDPOINT}:8081/tftp/ipxe.efi +HTTP/1.1 200 OK +Accept-Ranges: bytes +Content-Length: 1020416 +Content-Type: application/octet-stream +Last-Modified: Thu, 03 Jun 2021 15:40:58 GMT +Date: Thu, 03 Jun 2021 15:41:51 GMT +``` + +Now Sidero is installed, and it is ready to be used. +Configure your DHCP server to PXE boot your bare metal servers from `$SIDERO_ENDPOINT` (see [Bootstrapping guide](../bootstrapping/) on DHCP configuration). + +## Backup and Recovery + +SD cards are not very reliable, so make sure you are taking regular [etcd backups](https://www.talos.dev/docs/v0.13/guides/disaster-recovery/#backup), +so that you can [recover](https://www.talos.dev/docs/v0.13/guides/disaster-recovery/#recovery) your Sidero installation in case of data loss. diff --git a/website/content/docs/v0.5/Guides/upgrades.md b/website/content/docs/v0.5/Guides/upgrades.md new file mode 100644 index 000000000..645d3fbbe --- /dev/null +++ b/website/content/docs/v0.5/Guides/upgrades.md @@ -0,0 +1,66 @@ +--- +description: "A guide describing upgrades" +title: "Upgrading" +weight: 5 +--- + +Upgrading a running workload cluster or management plane is the same process as describe in the Talos documentation. + +To upgrade the Talos OS, see [here](https://www.talos.dev/docs/v0.13/guides/upgrading-talos). + +In order to upgrade Kubernetes itself, see [here](https://www.talos.dev/docs/v0.13/guides/upgrading-kubernetes/). + +## Upgrading Talos 0.8 -> 0.9 + +It is important, however, to take special consideration for upgrades of the Talos v0.8.x series to v0.9.x. +Because of the move from self-hosted control plane to static pods, some certificate information has changed that needs to be manually updated. +The steps are as follows: + +- Upgrade a single control plane node to the v0.9.x series using the upgrade instructions above. +upgrade + +- After upgrade, carry out a `talosctl convert-k8s` to move from the self-hosted control plane to static pods. + +- Targeting the upgraded node, issue `talosctl read -n /system/state/config.yaml` and copy out the `cluster.aggregatorCA` and `cluster.serviceAccount` sections. + +- In the management cluster, issue `kubectl edit secret -talos`. + +- While in editing view, copy the `data.certs` field and decode it with `echo '' | base64 -d` + +> Note: It may also be a good idea to copy the secret in its entirety as a backup. +> This can be done with a simple `kubectl get secret -talos -o yaml`. + +- Copying the output above to a text editor, update the aggregator and service account sections with the certs and keys copied previously and save it. +The resulting file should look like: + +```yaml +admin: + crt: xxx + key: xxx +etcd: + crt: xxx + key: xxx +k8s: + crt: xxx + key: xxx +k8saggregator: + crt: xxx + key: xxx +k8sserviceaccount: + key: xxx +os: + crt: xxx + key: xxx +``` + +- Re-encode the data with `cat | base64 | tr -d '\n'` + +- With the secret still open for editing, update the `data.certs` field to contain the new base64 data. + +- Edit the cluster's TalosControlPlane resource with `kubectl edit tcp `. +Update the `spec.controlPlaneConfig.[controlplane,init].talosVersion` fields to be `v0.9`. + +- Edit any TalosConfigTemplate resources and update `spec.template.spec.talosVersion` to be the same value. + +- At this point, any new controlplane or worker machines should receive the newer machine config format and join the cluster successfully. +You can also proceed to upgrade existing nodes. diff --git a/website/content/docs/v0.5/Overview/architecture.md b/website/content/docs/v0.5/Overview/architecture.md new file mode 100644 index 000000000..5267bcc0f --- /dev/null +++ b/website/content/docs/v0.5/Overview/architecture.md @@ -0,0 +1,11 @@ +--- +description: "" +weight: 3 +title: "Architecture" +--- + +The overarching architecture of Sidero centers around a "management plane". +This plane is expected to serve as a single interface upon which administrators can create, scale, upgrade, and delete Kubernetes clusters. +At a high level view, the management plane + created clusters should look something like: + +![Alternative text](./images/dc-view.png) diff --git a/website/content/docs/v0.5/Overview/images/dc-view.png b/website/content/docs/v0.5/Overview/images/dc-view.png new file mode 100644 index 0000000000000000000000000000000000000000..6b27997ac736b4142237f73e715ed8a24bd5e2e5 GIT binary patch literal 129632 zcmeFYWmH>h)HNEQr9}!Y?o@Gimr`0NP$(L_xVvkhSc|u~L$TrncUrW#yA^kW2MC0_ z!#U?2-@SkDpYO+;F&L1Ly&qX?%{A9t&;F|P;oT!_3TzMv^hj3bjWP&?6$S#`Pko39 zd}7)viv)gQ*~@4;fk138P(Ntyx#F%M&{L4?8%b67)V&3q*tm5cc4Yod(L;i_5@ZHs zY#3V{I^i6>x`*kXo~y?2Bqyrg^70Al?xt3%k2-xAE1ux7P}HtePfi~npEjDcger`S zlfB}6e^2tw+7BJf=&)ZLf4}%WX44zJ(jSWS5~?&C>QA3bpF!MsPbR+t-YvpTL}1o% z-z69VaWnaV*88#T?fmA(17NEEyh0~hoW!W6o#M&<`y|uc=cKlT^}n|gM}#C8|Gkj` z8F2phx8FSh`nkuqe-9el$9I^E#sB+U0_|!t!-so(a)NipKCbh>k3j?yVBG)SJVguq z-+zGqcT4X4;r~`=7=-=-<|k3=dtDaRUO7}^?g*n@yp=i$@p%!|&x@Kmb#BG~gpCCH zPZksq(C$Q9ic)*@6Vfl@;fozgOt)BRFpzUR?avVApLafa-8YUo5&wO^ajBmFjDHM# zji`q&!e07V3Jq8hpoTkA(nN)cXHqA=`21r}L5E{w@YT4A0ivcP9!u+SyL^%)^l*78 zsx@u!B>5ijO(l`LSjtS8sq%2Dd^B5;duj8_u2`?WqB99xYn!IIlQY;v*QumgdxS4El~N2_x}HT;YnFDpK3TI>14~rYcio6o-@&CT~nN1ht;m&O0y-bGdpUF zI@X#WsT>a9$@iX?$pWK-I;HMV#53z#_S@VRze$st%wjT?Cm+&;sP({&HOn<;l>9;L zix$s?+yB{5hvB<5`hAX_`CKvN;q&_Jlzf0mzth!^Ii9^1Wns|E^zu71-e;`5Z_@em z+oRib4qxw>44WnB!gCb%MZ3=`p#w{1KUsz7Qlln4qtl^^) zauyhGb$O}gU;*A9=CJ?!izCbNbxg0^uD%wf@5SGMM@!w&1CZODDIpO?=;yIK1jv|6P=l`i8Nup( zMAuYnx>k18cQlN)X1H(u!d&d7fWu(x*(M}Cf%7!BpCmRx$5A#0!e1(+UTI|3SbGfk zT5XS!_jYNca$Mi&%97@M@TpH}qo?mhznR_8Hgt8V2Z@1@($&=!@LhS+e%)Ok)!WpmOXZ@dvC$#!P2LpmgEDH}lu{~)*{%3+`VuVi zrin~XAK0)=Fjg2EuwhTW(w}J*YfY?mcwdx1T56e{9iPe@NNHCQztybUh5NEweaf+Z zqZvZ?GI$WVKk_a`)Qw0={)k!34L5ti1-?Ly{p%EyGZ4BHM5^MHtl*h$q-1m+PQD!G zwm7k)K9uNdf{G1bYcJ`>O>fbX)aMsQuAz z{c$GwqBi=HYPo$A*?4;bQFa=qIfADnXDawMTaF;BWV3_>OkJ(*-g{-2;FQI}BKV1+ zyAQAwKf}C7uYi>ieWkr#fU7JASwH(GepnI0+ z$N9l#=jj#TouE#66I60$K<8v2DY|dc;N2U`QPCt48y_F6lK&xJtEgnDu3-5M(nu~o zu&`H7m=}%HezNYfO2fK|R!zBNvF+(!41DLp1rxE(r&72djMZVGCzNxZ=P<}`yDl|- zTD^s)`kur&3ajEhA}RU^W`uP~fyLBTjrGjr8lo;Qi8#B#>2A;0*Lnz3Y^0k?T0Szj zL{|OiCn};d88px~{8DtZB%^h${nd)s{V-FBGw->JRqE}S*@yf|9x=tzIHYI$l7Y2; zVh#MPd0_S_AJW5Um6C!eD=t<7=wKqORJ2 zkkhwRwqUdwVYLeZ&@=Tajf|p?gv%<5OaO;Am|4vA#$`D#g_Q4dpX@pK_+qsHn=7Kz zUbT2jMbzhQnZBQZeuUIxhhqK90I!Og(D2nE+{_MW*BsX--TrZ3J|9+CXRlIyjeP&) z=i|_wou;T~85Px;shm!(m8@TCdGYp~bBIlhlF%|Q+(_npx;RXEPFD;DeCZEXlMHeM z;7(>kxct7}l3_Ma#ZP9Iifu|!tF7$*^H8pOQ}7tt>UuWoynf-O{OY8hD-_*^r zTRKUx*)3En^7Qe0j`^NqNX6>emnt&%FT`IcqTD(Q)mSl~8M-qD`%u){hOrVlVetY$ z%0kYOIg`3!gnK!zj?-J^%-q}cEM5nQb2av+Y5QFljUoJu%f0=QMRCk3fTrK-vt+)tIOk66`PxS z6di4n5@&$Dw@^u0pw~D0lc1xeRC8K6SoK3b6(oijV(GtkG z1;hI7sgKB_Ros8%9(5I}v(_K?GN)X>T;PK8&S)u_))@6~k{v&rB8g?aVM*|?QNT4} zZCH=zgOS!&It1mJw_O}jms(E78(s?ccO#Qw)r@cIfp|T?i&xpFchh) z!3&l#u-2pE*kae27;0LZCgjpEHaDzWV{Jjvm7=OPQEJvp1zYq%Xf@dtcZ?OUs8Ig? z3cx+*;dgSfUer9)11*blNn$Ow)ng-E=%NXjf2}Lmvm<>>)k~9w-E3wb$b%quL8oa$Vj*;IG#!=*J>9eCvp9(gs@``Ti^8N#=3 zF{chh%f)g4K41O*z>BlA#o&VqFL*j#ln69U@=O0w%|twp`iwmkOPo9byzc3@W+nuPKlyr~>3r5|InQ=>5k*J7#?Vu?hAaz5*wrtl0Ye6SQIC&&TYBoBFb!rM3hl zeb&;K$H5T_Ev-kZI2B?a6eF{W0C)=bZ`j%9o;_n>FVkP*39Pl!C?qz)-Eyh+fAvZM zUDgY}zbjoiBfM?}spiwoPP`)`Pi3pJ0Fvy7uBNU&Y20pP&w{BxYlPy`t@k-4#_On! ztJWtpj)9zgkGP07m)BOByqzo}fQ_&#%8qkyJjQ72JrL&~ex?o|nEg2yUYH1V1gMxo zOOzE!w`AXObt_5REH1V3>|V_od&$5h{Ny8R3HYCpE&ie95)l+LO`dXI0qoi})`QD> zJ;X&CyyrU`*8@|;V|jd+Vl_W-HD@{Xd_BexCObWx&T)Xdy`UY^5pmM$&g#PeeO>-G+VB5{eT%eM|z>P8ZpU|QBH*{t`vooug z^wu|ko0bYm^{TE*zU)7x44ar6C2nb$3s0&{5s_+8(_3{7hhBlTvkKCwq%?XaKUZXP zLHHL!D~c2n1qx(c>KJN%u~gN=-q)+bdb^RcDpq6ZJ0>$)#ilhGHa%nF+VO>N6Y)C_ z|G~5u|6rQ+!CsOApID8G_Vr=A;3I}bc76ZPuZb}zv-|o|tZx7cvX<+!2^jtLwzL!l zu$`0{wGP5vvTABJclKs>R>SF?^sQ~w`nY%sjpA=CiQZ`8t_VtVwD_0^uz|*@yzEsw zmYPHxmKIDAfPO{NQNWalkWZc5Hu64;li?9-#1SY1~xb|Hxd7NBD zC^e=-)w&&hngH{gxtQSec14W{up|MIaGTyRtLwHz-EuMo=PQbgPe;_TzUb?dvaqn& zITwK0QHxTz!WLt$(soPJGvI7wz_H@`3wnphFNo*75)D*;jd1@GZZaLzTdUd zst<1DJBw4mrR*&4m_lwvg}Rdd!PQ*b0g6n819B-!Qk`M(2|ZS)NTXo};ySDBGi}_R zY7Ja=T``mQlT7wWYTdJ=Dn?u3rM8kY7o1$1JT*VUoyI3tD16VNT1aTT|N5K$?iYYN z2x}D`lLp8J?c^zXbB*s!&sanHatjT_&ZiFaQU=4t_fOospUorEU_4gjRINkjS0qIn zK6_WY6m6xK%3sP*cpa_!PvQ9F%WuCjpR*zZXAh4L0ZF1pZ!ab@Zar#Mm6_C`HVd__ zHzlg>%#{%aY**)^ty0`EtW?Aq;_B2^W$6@B?@-vsR+c`w-92E&+Ri734^{P{QPc8wAxEf_2`xMY=zBFpc6{lexynsGF?{&m>O~m$o=sug#Paa!{m0@nn zf$a%c=HFd!J^THDHgHZHUXM=^b&G${A}n9h()Iy}I1tuhu2;*rakPHJE*t#;>Jt$5 zd@XV>C99^i^yq0z!Cjg6a{4M^l8>?}^G+C$a3Hu#U-#zJRmO}DfpQ%xjJgm+#CQj_ zGCxsj&n~~MCD%ny4E-$i-9JNP?_`CS<8H{S#lr(H7$0s6AV9PMz`Kuk_YLVCDjZZP z69l8wzx6C+0^@o`Q1KQ{92G+>Y`|9?ic&Y)?~>=m+|K*?AShM@(1ut40IY52@p{2u zjTe__=?t2W5cYH(X@5W#nIaPFoUuSmz9n=gR|ba<&x}oC`rLmX&a;ofV{E|BO)E*%Ru>& z#I!$^`fVhI$@bmu6TG>bOXwTfo*-0truE_OrWIE=m#_GfMPS0PCc;Q6(d4n3 zRJQ|`k|HZtL}{}ZC9>J@Y{yibot;_k#%(W=bNRZ( zryaPkeRwpi{mZdqfwV#~{)`qYcb4tYHeakKSo;#=8 z^&WV~cko@V-46|8kLwNtfQ;n_tVOJtqQ(euUcPxYRjIzPgT0yVWJ|_l|Ec}OBU-WI zp6v7OF?!s_I-YzpA>_H8mM-6Uk^T+S^^QiXh0o=p7c6L%e(~T`Js%jP%-PTS&)?q$ zU<(T}abNF50guofqyNTw8rbRgW+&1fyd9mj+;lRCL#oSDCwo|AIDbKtw$jkhaCk7o z{Rpkn`RCsFw#xEp68FAu6WD~+*QT@pD~eT@0`n9``!am0M%|zrNX4F6zbt zU~S48n;9xTyBUJ>DH?gT{+*v>*pwpfN=!t=7zU&X5f5*!&iAXwz(C!yGXy_aBnIHu z_9wvQLhz_<-M;JrrYrah77`(0j*1}X73xnC=2ul$bNT)7-v#)U0`dY;2{kXT!D{fC z!QAEeozAV@vkyK^*WOCF@0I|b za%3d<;Lm7W_oU7I<3V9~laipXPTgKM?IWkn0a(p{D+1X79m3G}xL->2s+soOZOjT+ z)Vy?t%k;@yk2;rsgt1{~cZXY4KG)z3iyJlkQtW^;K=#zjXDA&I$^Gpw4k-b5tes2s z2mfZ(b=k}63~Rp#4dpO7Hr{9Y*Jm;x014)PSvDHfX-JS?M@NgIE3)LFQI{%_$wYZ6 z5r#2Pzciq0zH2jTJU>wI>2!@#DJ)c_LP__)%TENz-q@o+Vs5W&br-Upu7m2b(mjaR zA$uD|L(EoEEbqKtUK&kKBkXz#cE34mHW*58UXHlBIz*N&*_~;Q5_co_>7(+r)b!kL z9%WS&7II+X|8r~5eHkz=14EH|=|iijQU$gAUNw)IFREwdScLR>=pUS;z)7sW3Pq(K zM3IXNjctQdu0b~s@B+uo2CFVoBed1ElLfhT+}a~%RsT(Q5~RR>dNv1CS1(@@ z4+TY(HGNk}>6zAZ9RG97VLM;PVY&xKgVHE-+IsIW7Zw%ar0Dxp5Bvq|EM8A_Bn9E`e7trDy^quO<@h*9@x{O6SET^sGj~K!$H*lF^0JrUpfIN>g=kJb zl9r!OK11vUE``V+bdvI~F?6{tgQ=pFHFk3(dOj{rKuco37$X$X*$_dgtiQ_4)K)#E zS0s(n;!&@v0N}>ic$1UCucE}`E%~S8N1sWx2V%t;Xt`8NGjl8oIY&j_GZh?=#U>87#p@i!XaC#?R3!_>-Fi|V++j!z{rIAeBNtQJHQip=-L`g{LeuI+$B85AcW7pKPS4{5xR+Mc`Tzdc|~Hao@FX<+iKA>a@N( z($a|{7C)lN_6eknrgXe)5;?8Z!HuR0MOn}g5_UXh^-^4ZR`BCIb$x>$s2KIrGXVe{ zsPmi?>_+S4*dAeE;+9W?Ks?V_Fr5p?2)rD(zn5?1x-2)tm#mJmjAX12=8KfGXt#d) z`XDxlD2hsoa3Ht8FtPy4*l(t}1wC0`-=IQGaZ5QuN?*9f&dz;Hw5)aU5JpJJB|W7|YAcNSTFF3De$qEr6K zKblOpP&5lFjySJvi!CfX3=)Pp{<;H+KeA0qo^UJS_U*BJseONp<^H6~W&0b-0{w_? zY8>fR8=$!~gaSYzXBmN3#SA4rZ}*)VAmP4l^(77LEo2hL14;M;Fe7BMdX>~D<2J$YW4L|k*vtdCEeWvfrk5l z#Zr@$vjiY8(&RvCZl2{J%7)xS1eQxoDjABobVQ7`cn+e02oyfr$KcqdX0J&Mz4 z+pk?9K^gEHY93FY8TS2o@orIG4J*v%xmSaz@w3nq;?`0BiZ02D=>x8sdMZ725&$nt zs$T(p(C2_z|ExwKUtT+Q_NxA+OToE1!_iRH2(g%$pi877oJ(WVsbZiK_GDqvu3;Ic z^{AZ5>j)r6nb_d^czwBMPJFZQuEb#A;v}nqEbV61oPR2GF&1MA>clA+0*KCd>jQim zqN~&GvBS!d?6-XNupo>F`H?2B)y<7=ydE8uuqH~N?MB%GL8U676Y3OxJAJgO*~sIp zn!0*1abb7@{#xw3HLNPv2M&_=1H8iQ`hQNqh?!sSLG0lROvND0PJ;O;QKY+oYkN~U0!cN{F# z_vAu;y_b`dS~@`liuoXdDk>^Ir?+yO4F&V>;N>BGE+VcD4;o>7fxQhvN+e>q(GfI) zTx$Nsg_edtiwk!~yB~mL8tiUn__>z|Au1-EPw9^^&ZB5OUKY>QWpy@275#kZw5d12 zsv#k%@nv6Wbqc3QBjgb!Kd*54H(P~z8^pQ&E^F<>4=8VzV0SC8;j^Br5Zs%sW~M4F zvpagdc^>Ltj=VvHgt1Xjq1@;fj$B)($%|0r^KF3^cU)d?cM;x{e_4&e5)z|;V`e0~ zTZrmqSQ@S28T8`p#4KHQfkYb|NzF~C=F`uq1@bG+uOJ)FQ)AW$gdlpdS!+_mX_GgH zQs!13yxWRcA$DZW@L~gWlaZB4T|pPEi+-D0#-O{xxB1Pg{d5b)17(BkL31kXFyb~g zDuMF9MFD3y(+kTNbM$Q~b}cgnk2Q_jjDS-XsA1TSq~I^YZeQ)qHuCS5b;iex<>}Fw z4kZ~GG721F*GI7fXr$w+>3)zf6m<2%j*s$naZc@Ob(+DyfTwMYa`P>;qt6>@!mhzn zaM-TudN~^IGv!G z<@OLjJ@*lC-m;$z^KjzKgxo55^yDs&_R8rV;((&1YkCcVL``@kbrI!z`e`FfI^Y5g z5xiS^_B;6pk+zE1B_JT!Ec`BR7lzHBw84C@RPcmQyC6Y2_fdsVy-aIjdB*^1IbCi* z8uIPMyI_O%;1J1x2bw?7RWvk6&zq5+KZ}Hk7Jrt(ln}k{Be2+>nD%}_C*2DiQ0Ajo z!}0kEqQt%pduG6D8?P(++QKy}RSC1rJADw`t%#&@H+bn`m{|fpa}dofAB|R%K(TJ4 z`oF8snbtd=(9pv|;88sUlAq;N054uh1iA2}!|rn>b@lkG_q#IgEb2eP^igRs7?*}B zPa&;P7r-7&1J0+ZA|71xw*d$(mQ8AL=cNlMWs0{Shdl55KQR6vfSKdRh4m~!P4nTgz=OA$GO8g;iF5z=eTC&n|G^OMYx#l^-} zU7SFTx_B;q4}sF)&u~@&1itGg2}EgyFi3)O6b(w<=vwQ(?8tXldGJ<(6I%6bZ2= zmE)jQ%=sU1S|LNCu1^35&2)aa2Vh>-`7i(RfN^ReqD2q*!r`DW%=zadHN`O2J-HA( zS)0y(vq1Z$4KIj=6yw>&=hm0FuvVSWmM6YR&_6v zfvULVk+^;h3#uR(WTi7YD-V;CYoCS^8?<$N)sp*O={y1TL7ayG<=EgQyh}qhkTHfn zB*|&R6CV>q^a`-@E1De0)^doJ2t!#inemiX9Mt{CX7c4p8*9c@)eHvcDRgCX;4Wu9 z44e49DCY2d#J@c9{evDuwTfv&X7!hZ&oMF|cZ6oKm+BFx>o*H+!a>{T-&eaLa0uxY zDh8crQGDurpVwe>aLN%cvJzQ(`KnAf_)&gJ7odN61v!R#vTH!EJzAqiuOJ}i&6$h z+}5`^SNz_PMUTxO0DqhpwHg4wYP=eSUr;}% z6gHJ-pcUi_FCe3Q8=J7{LJ4}Ba?$c>0EazrfR|TrAj*&Ia`fBZX+PvmdvOwXd)%0r zd)a*uk%$4OOu4)Cl=$t|ZxZohRQ{L(Okc4Wo&9KcDui^hiEQ!q3^CyQj7I+A<`xdG z&b!-e1GT;& z2}uHyfI!QVedB9C-+f*UggqYhV|+Fi&5E2(3>?}&h6oUfP>{B#<~UIb1@%7Db^4&O@(mYC7DqkaTyhU+D$Glr3thXV-~ zmz^0$O^s0Z54uExr5!Q!xZ;Vy-gGF?BYi{4JZ9Bl)X3gk#kVJJ|1?$1DQ{rly#{6D zK``b06Ewfi0L8%?*P82b?>zq@9oCllJ7AAu7^_vMMa0_kY@!&SBe#&rdwH;tN&;x( zOuY|jcRiRU*IQ~WlPe7F97?%Cz!j^5OVVsqWtn>l>D@VngZ)?f8i1)v?T&kHf8 zIJ;Z-uJstKtTCd}oPqp3kOzuch_tTMqsY7_yNoT%f@#H7D035S=F?8N&RnexPFYKX zU_M+6py$iIJ3IEPpHo-_K*Ls8VUn*qilT0J*l%lVVxrBCKDDhziN#m@$cvDlG-e=G z6NT+sOwd42VJlx3|ILe7KsCRAIF^7%o^1I{&~fb#hxN35+-py8lld$4XGK76ili2g zSHa1(Hq_4T1*(n&b-f*K91!DCbNlyh+P;Db<6;I+pk}Q~%K6zbxxB0IE0}L-qy-e( z%}M2CFMmY>ocsoHFy>0&sbpotSe7cpdW{r?gK0pZ2HghF>BuS9;F$am)rf6F#7{|# z2LP>GHaJb>WC|qmb4Tmj^*Rs4cz~Cq1vYJrenkq@rmEB!GCwbn%LOKVT#9riyrn;0 z6LW^@c@;)<;sl#1v~qbHEeOrEEvq3!#p(&$}O&?~uk zKxIog+gFAqlw`qVW2TFVfRPB-6?IGPh`u~)zc>^SIuZ=(w ziiE&s5h>z&!|Ym8&O*!Fjh)zr zfF5JxCSi@Lg-*9V0;K7E2C;>Cku#9h%WoxYQs{*#DTiAjiM&pEp+=zlOjFU|Jus)o zXonJ~ZBuSA?lxTc-=cqP=k#F&8c0+cj2qgIa+%?F{Gb=_qWCDmO{2TKDMz*?j9P@R5>E!N%B#MMa4J#b(^q{M7nWCMYowh-0;kFhZ#GIOoe9?Qq zwvqJcX_V9;f-N{(?&~w%;`1)WrZuPwmPDm_s8St6WxA{Act^PvizqN^mX1bd8}3`=l7y+ScIx9I=@M+jbMx8GFL z#dknv7`A#CCi(3P?H;Xm1JCZK4Sg52M0H)8f~m3jjAelSRh@>SgZA1p6 zH0zHbPno7I_oEk455G#LV*z{K90YixKcwy!iBcv^F}~7ni9`PyWf{)9_u)3{h>RRx zWJj5ZDm|X7y^gxQY`xb7G)WlJ`*ly+a0F|Uh#qItJHHel5#Q9|HT#e#XjVET1o9wQ z(h#Y(*4&WIq6_TEM05^MqhR)+*-P8Il&m6y_onyoYfxB|20Ew#6$o{xKxhNXchdke zu%kiUkrBU;An3m7_V-ts_yipR7?6v&vbrl8pf541)-h{|6Gx)B6G@>-L#LR$W%$ff z2RG7Yw*1-N{H509PEV35CB~L7H0bQEn6Z47`1~d2WrAET^g?g@KW;+|j2sS({L}sT zZyE9!VrC;w5MY?me8We(lO@qy?&$({`*wlx8-?shgY&nRRJs1wT@vZcqZ?Mmbp$D3Y z#uL572A#ceB{hNX!))m26_bhBGWZ6tbg_H?l?kKw8xDu95l}D#89M_xp0BHf3vvzx_8<`uu$O6(FmYoWX=OD{a9!b0T(h&vR165MK6{Y11NE8#+chK(*7Zu^lLwosKPJVr4>` zH9+YyEAMD5&Tgce{<;J56Dp<4v!1@@G;Xy#+fiR)?u5(e*PWDdeEJ2Fdk8`)mPFBH zLCWI}mS+|)Qqt(=(Bp#~0I%fBG< zn`}@F#4m#CaYOX#)>SfUQUNdnV$a{4k%6R)BSX|GFB5=f_w}1rHs6<4pIG!H&qHp{ zS~YzE363rOm+tX}k%5zfLJFmp9^Z3S#YP=sPJ$P{8=8Q2=Wa7q%2yQe2#}n0Ap6x! ztQg)5>dZbUWe#ZgkmSF_9JZ@F(1NjMf^wJWZ2*!(!tV>TN0ukGZ5?PxL4SahN#yrm z&8Hb)Si9&M#{By!+KQxqH?7YZ0=|~wKoh)297`2~nb5{jEA2GZiu|MZ# ze6u%}I7}un$4bA72(wUO$FJP%=hRmE8%ZrnlJ0XpqonOt-sx|yfCXB6561PZCnNH* z-X1ljWMshXsdDc5Ud*b63USW__v3R^j>T`_A!PQ^`KU`xC!hLr;w2A(_Hh{?^zvz| zb`4LX2(b(Q{8k4;G#NB``bNC2Y$85JEiTSraYDljf+kH@bEF4#RGVZYlC*jcdit&n zaKdULB1$04!BytpiUyu#X<>(VIag&vKd3mKE_YA~gGKfB^|qzC zEfND1e~uXBXByaYl_%vM%HPwW*?Dx=Ya_!r+x3U^FiTTK;XY1d9vky9YnK1W$8ViBcH&tAO~_bl&(Q$Ptj_cXchk35rH zL1dey`!-CxFFx7q$EsaAy5D#oG#pq?cKZ6Wp#&RWu|BQ3$gOv!7j`%rXiZVXp>ge~ z8-;-C8BQo^SQySk{39!7MRsI=t|lm9>h64z#nEp=uio9VW_5F12JA4}tIa#N3i+}A z@};)5!X=;t)Ltwy(6G1s!x{>66p2BH&kQ)XOzw61oj(S!Y>ON~fs>WZXIY$?iJiT< z_@dWJcdFdSE~BoK%>gwik<8`#@p_56ftm>}NCwD{dO5k7V3B(Jn+SgFP&7>})P#pn zou2=*&k#1m41jEmoOy9mG0S|_C;!zHiQncW$zW?iK?_5*x{X=jSn6;Gsv4{?>3eXrib+I3h)r90ODVlstM8O1N9t=zyZNV1z=IB6uZ2* zIO^E{7XymXPcu>VdbQPL)$C`+2FIPM!=yRe6G5ykH7%UHZcD@ebgvP=)DF0`qS(lNzKrMoT7!@XqoMb3xm_y5Y3LCG zcuwN@%Tea9ya>uRVhtT~Kxj2;K?6BD0|eh2<^>^CFVQ4i^kMhng_038E;m@UH5HYS z2>I*%od+&AVq$7rV^nEtZN2ps01kX!MBQFQnNq5|UD$)6hSKhv{o5Q_mOpYaJXNio zZl)k-2?ndoWr2{}D2QDRz#;;$fh|lURGda$e0$dhw1u?1Q&IY}6X481 zVb3);97YW&&&672-qX!)c43r)fO2M!u&EV1$2$E2{(ZXSd;HVVP@>kdsCOFB^6ZBa zT34nyK`#S)4Tq%wXFT}PMh24T?i{idzd#_`{YgIj=!mJ&P}d02wyl4KOD!}mFU3Ap ztG}eAsY%YnUe7}%=F9+8kPS1K-M#+6F(6!F%bK8%*>8i;UcHJZ-g4zkMGlK2jV@-` zeY29uhWAI+y2LKv5d5<GI3k)$;Up| zR74o3XFwaGU}9o}8WfsXPPUemNfymsa=&Zwr!ZM*DrdVE2=q0fbmwU6`z`wkNHzdG zv&x-;bpDwv!093_rc{TCM?nR2CAEtSpD2Dm5Vn6>?Bk$723B5iXBb{zIa&@O6({g@ z*-@pM%E%De z7F4?VN;nBNAO0n2taBgqRQd@EW>uDqzhSfEN&lW;~Dn6P% z66Gf*BKe*~E>XlNaf5#=xD;!*u#?g`J}ZAckhC$mXH7vVk+PMNVduHz5OR4srYNeZ z!AqjtHNlp~Ee{j(*?J5DDdYY&l%V`*>99}cq?4`Qs82 zDwVJ^)n1#>i;McspKwyR$)^ZSglBO03mSrK*togJdNaL`J2p42gH9sbtwgOLYQ!dh zY9k|gFAU8_A_lD$g7i2!Q`>wVh~C-44Qr%ZrE~p>Ayb@(-sL_GJbt`wJQ2EXx{Sk~ z9L&8a|9V4fV-q;%qJ={T8Vw+kRSPXB7>(6p5LLSQw!P5Ezn%!{$f>W0Swf!ID!{~= zEmT4KZ~Y6UJEbSD9ei%g(xK74$_ERTbGWp=q%-QkJe~mazafTiDgUl6^&=FQ05or;xYyGP?A2E@P{J z*JP@V^=Z}TmV8I~1a=<_Oi}`1V?1z3Svc$xT6cxd8CV!NmeLV6UDP0SsgrIG50AW- z(nXyX#~BALEqV2tiEA+*`Px(}p+_LUm+ye?umqD0@I;=d5t}Zu*WodGC#Wi+r-ZYQEspiB7XI3rUUdQC;TubU!HR*Nq7qT&>nHMGiAD-%)4>xam8pg z_7qgC56`>2IT_Nvh1idYgcmAs@Z&z!3};}3c1beLz-n3>X0M}`u9G=|5MvDd#F-iA zdplqG1fvuD1@xE*9vAOPBEpkYAgh25@KK41QNti~eiC-gl}4qaqbL#)A`m)gWLPKi zvmCMU&Zd$=#N~jUuhIPibQyiXb;MR=y8k;1P>wEh(?tvakod`FUga?p=p|u901W~O zSBOeINUxj}O6-#8e+8I`0x*%5q`x7;2eS((*`F)nN@SXURufmwT=yJnmX>Z-NYRAlGH-$^ z!ka5CVrDAsGB&+WZ?hDmsClD&VINhLz%o&2jHRVDll>XDP5HfnSSH+QaNUZpy#7ZI zqIGB(n7J1k-T3Dgy_Pr=sF((PHu}lAVI$pJYJkfSC3X6dC>5YR3SOvkN=q{WeU^`j zXNoCWD0NNV^0pWWI|UBoKICB?MFQ3oGR#bLZH-aDm1qKH<1+Z?(7Pf%H{Ihvv(mED zah6)ffT{6(d`uC68G1G}RNF;+FBDCNR||HWA{T#LqFu5Bocet#_)Qb{%QrgAcvk&o zj~Kf9JRT20lKGt~qHC=U)=8`KajYLTg=iovSXY4S+>5LbZiODOPkwOazi$s> zUU^1(?je@=iD4~Ph4@s5Iy2go{K+rgMJCcC5sH7NadQ&$x}Lg4QJ8c^QYKXB4qjmR zbx8oU%;99`dv4y*JZa?luy+ODi4qhYZY+P>kR0F?)#Y})R9k7Lgz{APf;kDWw$(#K)>cf`cbKdK2?ji7$gVW~V23E$SmpCLW9Hgz+qgP&X zeZjg7&OJ>h=X57M%TkdrdO32g8_3&NNe6YSc$M2}Zq%=m)=-g?u!OAixPBL<5>FuW z1e@rjh$D+d7zhC_>CR5ZnTc@mVRZsQjGA#dcR?AWmVtOLZg4jNF;D?GQh=FA-w z6o6$L{<%wnsk+hO#?z@Tuj>fYM92H8fS$4M5lG_uGcfL#?<5QxLvYMc6PM=B{$%bH z(|gg*v2TI13Vj;^z3;mVtO$7Wz1*BMdSrx%fm27!Ca!wd$A(Ma6}57xg*RxddqDsw1K4ET1>6_;wSr7SO5;Vkn$>~y{jWf? zuzhb%e?29MeuhCH$F9}abRslv!?>NXdnTjReFVVCTOW9mrc+DY=@fPjcbvuvj`|eY z8}d07=pOHC)P>RY6V2ycv{{_p-4F2Ic$alO$EF#}xS{nmznXUlA;wK#R0KK9J$XW5`xLejplY5jn9<_)$s{fgY(H}`8ZmZ|MEX}=}f*)hTf{ns<-A30l z)#BmiQa@<@QnFE(ViSL+8E`W1H2{@A%I$xn7sdMNnm-`-Hw1l8a}8{6x-jXEbQhgx z_cqA7?1o&Kk?;Y~l`_Vi*lUDfWML?GMdm+e9cR<7>91Xjd4Gb-#=voNwa#DvC3i@` z@giE#^|Wq#y5I#rtU5@B#4^QorQ_@25O+3%y}<01WZNO5QUmKN6%*bvdLX=wWyVpQ)t*BhVQ zzb!CdxbQvUw~{kymA2bEJy$ z+3zBFfJlwpDO3|P`!j4XNt^jf$Yp2EBf*E0pPjv-K3aud(SxK%ZKFV=OwY8h#)ff% z|MKQRVmBm}6v~oYVcpN*+Xp*{pp4^Xsm<|ncFl&?^-|H{asqDI9Hv+oN zpLZ!wA3dJ&-`P3LoIE)An62#Uk1pXkS_+PH9DQD#Mkk|&dYbX+$mw-1u86O{A=70} z|6sv2RoO>dh) z%ac_R+aBV9@v7>g`0|yB!oA1x3im^|;X=e1ow%#`Rh57zViMz4pi{q#Br`~NU%}d? zImaO)yph-JAW}8WFE%@XUpS zKaNan@t*Y%JwFdm;O%0i+0f6()TOeFYLKwa4iU3dx1T@8*pDIA_~R7(fkW$#Cnlx0 zQ;^FN;#l;j0z~D=l%?w~ex?l_L$7e` z-P&+vbPz$t@JVmT$`{Ru0#W{i9OU=uIT-gaOSbXyBm*8RH~fiT&FveSUp)y&-d835 z{d;rGP7iDVCbsgSae#NyUL2BSg;V8;Ifnj*$qROaPoT$7EtCqb+^q_1eGO_G;htwP71zgr`SW6 zC>(oZuB)3SsH3u4H%fYYK|j{qZ9`Y4VI9K;?7VN4tl97D&4FiAiBhrO-jOS+2&RB# z*3b7hRuc4uTKGN3|46Wo+m`<15O&>n^oGHFkHYvoS}W2~ImT+_psf=}UArJBYi)f! z+4ttyhxGpKYLZ#<^}LL@MnQ);*C$kR^9HM#SXx;P04Ip3e14vc)f1BtU$S{$Y1SJC z33^_;cbp9S{4fgA%RYWTVmk0;L+kZ?Sne|bOTb)#xlX?%&r4=dd^St7(zAMV=Dj8n zaVi&F+o}KJE4*e-5Ph3XITI`tE=306DSKt~xQli~ZtdcQdcCNfoAHba8k2a;f>~Fr1)Zm;o3;4-sVkhEu{DJn^!oJE?eR*&Ku@sBGR)#w zRg)BQS)`xR-!DH4JTX+2*o(B%S=Km^O>(dLNUxjTD&{B(v4mQWZ;kA`ib*Anx8(uMVTB@=b@HPGLA<_uS z_Xek+=(cGV3Z}3-1CC25?m0Ro1X9!MZqHaw4W{LJpP0VG*+ObI8GltXw3 zb^HBH3IN=elcipLIybv&@0iVLb}Fwt)1iKRvHuTMZyA=w_k9l!AgGi|BOs`VG!oLK zsC0KDjetl9(xHHKOG$Tkw+cv?bP7^RNH;$F{(OJ`7tc#CFXo;(bI#stueJ7`EpNkM zk$X6cWFL0?|D6%?T`EYbRfZ<7UzWd4$`gLmy2FP}<_gecG8h*TMc{4eWF&1emaTBR zO*~Ro(UIXqlMv`$Nh=J5cxlIMzLut^Nj7-_wmQQqNCzt+Z#{SLh#Fjf&~rM@)K&Dii-{Qy@o0?lvaKJpwI4$Wh-<&O<1uoSmEJ$DbC>e_2nx!~o90DNZiw^3(N_va%scVYhE(sRc*oWmbou z`Pi$xl((^i7ZPXOp@Q?$_}_LRTTO+KTPc463+olet7kb@U~g zgtp=BpRw1ggjcBDN@s0JCN(va3&}9B@Nxg?l8f5e+Z=tayLjx8a8@@hU}Iy){F!m- zTcM4xmEE3;vt9v*-c~Oy<4)%GbM3{Rrq)77dPZh0Xto<0*JL)N%i7ScDB@_a)c5@Q zV{Dv{HLbci8TE+wFaxu+uUmCcUoNs^y*!Wje7pa%<7X#1{FWO#=^Od~RrzfI!wrH} zm1N&53&;}4c$#DNVbE+^{5<^C6=gcm>>iq}z}<0)adk%&P))+Y*=lkX$7(IqEu|ds z*_M<4_DETIo44S|I10q34yI?%R-R>ZYYH<=wGWK(I{ZyN`SmyL??bLC1xt~Vo>(>k z5}l)sS&D;`t!aJY%d_vd?)QEOAY5`3+A5co*3%^Df0iEnaLacigo0aRxzKp(2ZJeK z0$YJthfITLn}LgJR2)LZQ**RF*^3pP7Iu+~E_sUM%t1nS^#Xcn*VTju zfw6j)&fFh?-d@RjHgVLFQtfSMx3ZzxIqvMdK25SRm7c4ujFWB+I4&vlJ{|=>ZT{Xc zdO>;B2c7d>X=O;A_BItCe8~MsNIT!AjfFKC$LM!N`T6~sMK}eGOa- zSwc*v@xmRhwh8v5%mW`xMb@*pzTku2Io=t1C+t{@$K)otz-yh2hg4>yta<~YQHinR zTdPr0m2X`BRa%T?KNq-Y`56x{pPLumoC>|Yk<9a1j?n+zZkl7YnN8GBr@8oWqqKD| zcI!vz2x1*%z@Ev%qQeYGcXbyB2m6bKEgCXzfv#$jK7&IZ)8G`(LcCl_1g`}LGqA4b zBGJ;@usb&jg45sKo<#-4x#p$b`{JKX(D%*`L)I^ZTn`=GbUha554_nQEJE&GSAAsW23JfHB|a$ zW+qjV0ecQ4P>@grqX^1W>s!ozl~o3pPzARKh4!ciR9)@vu4O=I&`oqz4xiVU^r$P) zVIqhI7u_+c5VT2+Bf%n~$9l$*`w!`qN0kL6ELy*`@8q-m7#$S|9R_n)T=wPB2Brln zpX@A!!2yV?2nh+@mTjiZFvNih*$QycXM%Z zKV|iWr%F^wkiMRk$Nyzct(%A!7qP|5F&!MD`#}{^QrMHE+x;m5)WL+7;voF6L(E;N z^{)&+I-ROgbImJM>iQmG{pn}79(uQq_KekLdfD7|Y}>aY7AawFZjW1+u8=d2RzV&5 zH&-Us`5{G~zo+@}G`4~B+b*S%cUw5((!d|T>Q5H3^f;|Z$$?a88EodaTMM#0dlA|dG0 z9`0EAZfC3`B)KP9&(U*Ao(K`G++t#RY^D=L)_rGpIGxlv?kYkf`y88Sq=Qn(X1SsK zacdkakCQFym|ku8VNp8fgyy{4M4`KV(nB1-=D9M<*aPuNk;>e}@0iolv8>L`H9t3H zuL~q=Ycs#lud~bQN=f0hy?1`}`Sa`RA}J0z&J394h3*%4%G&y?=6EFX-fOu;hvz4k zOA+LprjP#h9N$k*4Teod>v*oHuWnhbzV*hfWPr*k4z!?-1734IWi%rcTN@^_bEW7S zB8raMaOqt>zHH3ge$}W&yvWS$s`f9HD(sdS?GH-SzuNrxdVc!WCSkbzss*$o z4@)R}8v^t$mnv+N4$?pDy>;3^a&4N?QcZ!O;A=*h@T+R;+238KH+O-_P&*8BeHh9E z%_!2}V}6W}KHtgzl@@%jJCs1u{FWfWfp3$D%VBL_udA`1RF&e*HO)WM_AS<9g?gLc zSFGSnBxKdi=cKp{D`O|_d?Z{7`|k4y^2bl2fgK1eY8TESOYzT5SgGlmEQeOp4u~E( z{{F$B?7rZ&RKe)9&CwKRgoV(gH9y(Am&6?RuaVDlCw(c<^_K$=RLnoYm_ud}`L_F) zWHL_^&{Aq$K*fjOA)>$RwI3j$A45l#)Q#)ke~L-ISqaF&{BxEq%Q^44!OmG(JK+GF z%4%HwYP5w|)`v(*HAlz50}_Itz#Pe+}zp;m@qI? zb|xLg%6RhE=HDf4A2uQyIP$BBZfCZ?=RG(&GPKM>G`f92|mMae1ueTV< z20iM*6Mz&n;dDcU!Wl@IkWl?<=kH19&o>Pi7PwEs#Dr3c=?U6 zk{QV4{5;XJ?cOui0WHPBMU@nRtw-Wv)Hhl*vQkxw&01T%(S-L7*9uOqF6u=qX6dTY+aiz5s{hI+vwhU1@5m}`g1Gk0_D-4fosD0>Xm^EXf-RGE~- zPq~;ejG=0!sEDCSA|jGuZ3Kaml0ITL+Q;oD4vtVPAHdM4c~67~{==KY-@LO}cX>lrsEP8i;np-ai9UKe2vl%E1O)oQr{w2L-ceL{O)I zT%|JfHoFQ^S6iK6lR!Zz!G0yMJ+>U?I{74#RE{-YzA)%7Q+{ZZk_^!( z|0sWBAg435{o*qgzQgOw`s3wTTM@tg&DrUlgP&jXDl{y&zcvcmtR!_*n0@u!21Ld! zz;=A!0Qc{3+_#d1Z?hRMG+Q`7LJ01uY6s-sIbR6?NwiEN>)~}G99ALe-|@q223D8n ztK{1Va#Q?D(A_MCj1X6|c#e70u?W5D#XIuM3XWN)|L-T4b!ML8%Ag6{yGA4(96;FV z$|2zf{8W`eL3{tGmMfP8B-_#hC}O(a#|d9nytmr)*DDG2J!$)z7@xA8NQ-GeK$1_pqgx zX_;8N@cDP+@xeFlZS?>yk_+nGPVA1i<8?WsE?tzL+oKtY@++jqNk!H%C~QC=s=J#0 z?Ks0EoeI+2-`KVPqEELb0sSYPeJegtlIFe2=0%RI>UjW9+de5JQyNQu&gSBHgP4RU zE`8CEp9&#(c4HT;>VMs8yPs0NF>wKIqwBuXAwGKhq8U`Xrsor7$pa(lYkw@q6CRW> zmyw7h_DH13&~yu?71Hc5KNu~Db+WYvqRiC(x$o*3exWqaoezcPOT35_}R-YCQSxy4vg*A@52bVFF&-~4tu-v*GOo?GhI@mDqlW&x%i z!PB*jD}fKvW@dCan>IWK0tylaBiq@sT=$@D@D-ds1(mB`I@P3<9k}%n*uaw?7Bh zic9zAx1j#bzd!Gf@l7z;`;*9ut!7}hR#fjk;kanyu(Yk<(=r}gwY1d=DuBk7gks%> zgu+7RKS_+z4!?gfFf9cn>1lHeCz7|b)~s%Z9$DNv_a)Wia(6wdE?3K?9ggWy@7?!r zq@b>>&Gp?MT(p;1o3hz!!5lM7G*vVsk&DRzi?^AXtH~Eh#AFtoahY$2-OpbV@S<{V zOfG5%X?*`JQWAP1Xm3{^5BV_Y#QkH*`6Wgn;(YWj$L)`r{hy+m|B!+$B(IMUa41=f z%~Q>DRI0L$Dk^Z1sctw+y*Vj&9zUdz^9{@Gni>DZ`WS^rF5nbJUc(GLG1)dyP(95{;};Jd3)i1 z=b7XjT!DV(7>B{M5hMpy$JCLDv82I-{upRR5mt{6&ycp*UUK2Tsruy85OFZkR~EA#m5zA<__TzbJ#Wj;hx4yUi(@c4_N3|d-VQ4wA&FLu)VZkB^Bd;hA^Ng~~-vvV*vn#b6kmO{r# z(P8l2G|S$ep2xn=pR?x{2{>&$di(ZZ1;t4o-gKRQEFScUkvOZD>~OF0NOElt zR^=w^jVuq`$QLl#sh3q(&@4On(cK-reev_hF)yu9P7L7IhJH)DnsTVN>$^ShfL=lA zLHAAlb#7RnJFq^rp*vT#mYRo^>`nixHG=-;tX+BnP1V}cd?&0=_d&#;LX0PwlJEbWf2F2`pXEkLk|Z2RDpiqY(-dWKp6%yWuXDG( zqn2~xS?D7`EX=CuW>lX}$qlH_yZ*YxL_>+(6!aL-<2d{2j}jyI$s!}sCsJHaE#$)^ zIeG;J?dg)R5sP2L>iY4%o*L%Gmk0Sv>HZ`nN*)x57v1@vmh&;);eR!#T{&pj5t$_| z6q_E*4a%G`5e{toG|EpKMp91Y%un;dV3q}R2!wpT;e|s^!>CjD=jE<0eaPDQC zVcT_nGAEOhPx}OhLS<4H9j({>keyT^{{sn|0xBf}l3vd_We=q&BhV!s9wC*SLf_;; z@U0az6dUhyKRPiw|vkYWzCgtEH^a<&0wyel2NM_xw2M?0#Ozo`; zzpfY~NIEc5kqKDt-7-trxZE%bJ6RSu?wEP{b}9ab6dNGD@z4ux8ScZKGJ zelPOuM4G~pq`5TwxyqGfpWE|5x!NZHaz5wa@WUMIpJrkG^s?m@x@d15MNOa{} zCr*M$`@jk%*-C~keU#1dwbr7)Cbu>&6a)Fdz^fPIw*h95zAu5v*Q#Ma;9oqKcYUeK#g7>`OVo53(R` zL}k+MICA^mDAWlbgALeeA9Ty3i`oULghndS151r}0n+hud-5tHrh^DI~U4p1p~=p3B8PsF&<|=#*@g1Ae+fR}#d_d`(krpmJ+?8knhDWYA8112&0@o_2lo zZWI#!^t@YRgC=S!d%RVc?kN@fmEV+WgkhV4t(W+-tx@O&H}5%_OyGbkTGI2RvKVdPnH-2QMK zb?|SaI6a$qy5z5eW6?ufMIjVI;z{gASd%b7jwO9~dP^oh!A6Zl8tipca5?P2WBqc6 zyj2wjk?Tm;_7=NQ;ex(EOa`qGFM{kSt7}_sW;-fpo62TmAj9IB9I`I>+U3U&wysoO z?>l15NJ`|6zV!_sF%LPDk`~(Q>o&}@`UJbd<{F8Z5)9p_`mcmnsp9lPt;KnzLfV2p z59al#JCumm*hovx-m1tp!+Hsa@r~%1p)W|dA5rjsV9z%e$RIE!+Dp^?gq8f!ZEluR z*7b{F?gZYVVcLnQNuGl;x3ozWWI3oeuA47p2QUh3y8Y-!khapg^e-su2JaJ*y)cWD$B59~nI=^j&!4UcxU^`4vOuaCD( zp&7a8(v7ws27kyNh*N8(=&P$!3-`xYm{FO0(dh0rQ zC4(%srQLB69tEZU=)HDS4s^hR9H`WK(EZp_(B?ME5)%6u;_1eP*(c`5pn_bh@n2br zj^9NIan>JdwHB0bYoi7A9-$)yX#kBH&%2raGgpb|Qbcc0)qR~&<%s0Iie$2I1l=t~ z*%Sqqi9<(5@ZaHWEI2H8k2kXrU=zG5nwrwm5|muOGl3%3R=;%(eD$1(vOCq9S07B% zI|E{I#q*+MUVHfgn{IvdR^LbN%&wn$bU15Ha*OES8hg5HTTa-hh1r2pEw z;qM=L$EB?$O*N-C1~K;o*Es#{7ab}$K$e z{yktRh!$b}WLfNa7M<8_3W~nvp4cKpY?jB7zZ1{Kh9il8_L+rL<#iS%dfwyr-C&q^ zpl1AdyzP0y#E%B88T2^8XU@?-De4P4(kPu*NLLCx2|5up!tEp;?0cu?${|F9q>lR#>SOxn)hZIc#osx@e?}i z^*?Ao4Vr6kes>i~mF&JuXMXg0q-X1)CHzwpWv)qacl`3%ikH|UkHdz3(7#W>oS|hm zYKlzIHj*b%_vU8-r~VxQujBfQ!{mMEgu30)EXM|eQ|_{<3LB%W)t4rU?v`J%It8lk zOnNTR_$;C!7XBR3*FINSs=0P&U3nX;dGl>uT@djP;@utZPumHKhfJ=Y@@A521Ux*J zrOvJh+%1a^cs+N2ua{7Ewy;m+`+31 zsI3#AM9#2Dw3g8uBU%Vs=WaaF z?Y@$oTJkBk_;O;Wc+P!G;wW2|3D|ktD|fn^FI3m(n9aqcUKSg?6cB1;$_2#mj^R&` z>k`VIsfPM!QhFA0$0XB1c}2>k^orq6bq^))jV`5XTqImeC3KjIsKhQh7z)F6KY04+ z=Rtb=pZh^OD(xw}&PcvC)+FwPa=-oDW?W+ek3(;Y`$E+FpDjllwu$S`0#Ur{&z9+~ zl0p|;gQIVWR+KBYuvOQ^mC6r3zBj0Z4FT)EI-bR5On$RX8#Nwu27*KQ!JoPPXs6*T zwdHWSZ!(!=s)!CGyPr{RgFMN24D`okhggf_S+X)BZ*)16e{n|HaJgT{C~xl6 z@zyFc`Ahme@zS^-U*kE|^0GTq-uXB_k5cil3y{|=f!=4@*<;#*y*|^eZ)fOl z=(_S&ewj&@M z>%{mUrOC_b3fCG7b6#uA`t|b|c9w@Zi44q?GsZ}Cxdnq*;+*TxMa%+OvF%OZfmN)} zfcYIsPZ8mAcad=?mES_1pcpcpu(WC+yUY$y#K82ge|^3t{Y>NNS&3d#A&tcB^pM8? z{3oYE8?V2D1``iNp++a}EKb_ea^C(+&Lc4{hu|9p`7+klMSSin!EXmXtj#GR*&Ze5 zQ)F`3w=a*EFhVi0F-e)ezdQftYQchtPL1H3x9rMwV*@8{Y5sa^SzXW8*cIN(6Tz@F za%@J2*iKevdIL9f(3>|P1hqCv(PBZ11gIAvdwbEn7nw#;0gNrY~^x~j^bI>!u zV`lBGoI-g_``hb2X5B=O2BR099vTZa!E}XF$^ADSIyiy?w!8L!!a^^=cNw>S(PR~$c|7B$0Bx>ReXGht=twwg^Aq`u zrqR){1TY{|nGJ!tX-3Et*PYN82B94{=jyk(b&i9ONOEAtND;YIvAcJ_nVSUVMqmt^ zRC%NDQE%_JWlxb^Tu8Nyvh4bguEZ~TPb7OjvFzay*^gK{gx>9bR|Scq+1v0nw#=}t zL!-)go^p**O5NmPpt-xPObH2;l68nv*vC$!Jpb8<918QlnxhM`^{$U zN^?c68G)jRf?yj=%usoS@G_F`@LttX`B+fe;;!RLZ~P1);#I4dmwj1WcUNeSHSV8a z2(EsQI`fg6_7nf;PAud~7tmxfC@{~7ty&4lWE70no3Ga+)dh1Nm1lnFdatJRqBv2& z3IFPnIf1;l`jD~7DR_@}s`RgS-!z#Er27-+Q@SzP{S@nf+Mxbu?KL?5dO`h-9}p3- zz<0BIL}{+9SJn=!eM5W5PVC!1lqPsFEK-^|pvl_&mUmmZt~Si)INv<`>*$Xe2yL>* zf+}=-hsiaMPxPq7$$Rga1Sm0lyNSs*DQ#Ns`8pO<`o%vsEVG=ie;14?8S)9Yx76lk&w&Ui5KAPi_qCcrzqhPS8sSXo(Y;|qu z;}qM%{BKa(QnGzo%H-S>6?Qnjme+=c)T(uRb`57GXOjV*4WaR3LktlZNfp^ONdRRTsi<#Nd=d$UCb36 z-tidMZMGiPd81s|CU5=ZNakL@@=+Q(nm-|z_jn1K? znN{CEM9&H_|L($9rRGQ6(^8jO{w>y+>!G4VMXh~l1Ne&vK z1ORiW_}uY}e1c$rTtHh4lR70^wVCPfk({t4Gwk|T#XoeRe&B0%j7?RkF4v$x?xj-5 z5-kHw>jf@{vclNDzp2I(ts*e6D|44QhxP6Wq13QGFyTHCv{5I$UHi& zdReYCUx#t<QYyy8?NOllB|SogQ}mS3-uY2%dLu7SuxUsqQ* zW|*HuqD;!-62a|{BA)oU&m?UX?`q1UA>NKhaqQU@mUt2aGgoy~-+@H-z?ej=K~c)? zNbdNH54z>z^&v}hUaFlc>~h7yK=;U%ulf0OoTLmCu^I9@59k|aX4;iK${45{kD8Zq z_^CIa9pE(EDRZ;6*oBo1?ttK6xl4tuF$Ho6XM9#`?Fz}vzMktCV_rdl&8|?F=o4R? z#vQ*^8JKr_yQU&+<<2!ly7Ht3M}eu6?-2=f@5^Q!*kr(;QPHWIGF34gZ>iamP;S&I z*C`KKGr``TTKZo|wT>0PvO<|F&sn!>K`$7@Mw%=T#DYfYqzk4^VU|aG%HmX9$#AB! z>Ap6zx0hAY%#kuaj=3PCr0jac*D?@5_-%ewf=)i(F!YX)DN4@u@Rh<>3MJ4|nBUe? z8UNC-MGhRC%)szcX9y?Ci^kit3+r(B!;m{eOXF3h}2tU z72!Sa7s%j`EH6o_N;0Bn(kzEyv>78H*k<3&IF_8nv1ezmO&pyg9LinWyWJe55~$R| zb11AHp61hcP+jnN2WU;AfQXws3#BcXv2Z9+Ao0gU-;B zv!m_tjZyt(H@?Mz==R>eq`X4DvgSGa#xHG(O~o+AC3$=K$nx?uq+s9dqZBXJD9GYW zt}#9-Pd$lfs%^hwRT#9PSC~w54{Yaj^Ki$eu?)?)JN#VqjSD5)Y%;jFzYaOzq*;x; ze`6PAW@?=2RN@xm+J;EV^nGFr43lL(Fq~RKH9F-Aas_Rf{%3Zdww6MT@*`I$-YSU^ z8jI+YLhnN7i?=JE;ek-El&>ZFm!_@_JCIr#oLUReyc5b}V$6%N6`dxre6(@yQ=18Z zmr9@X2KjKly#S!WB})^XK<)w!iNX@6Anqs?H8r)Mu+3QO{Gm~{C+W;;6mxUNdio9A z=i+FF-GwXayY>K8;^CuBGA8#4+h)bfK0OS{GS0F|;r94>rsd>UA?$wo%|UO=s49Eo z6~E#eTU*7nrNAoQGRMB(4mQBs21-=}U*z>8d)OyophCGc+{Z6mkL$%`twq#Q0&%Y} z1iY;)h^SH*ScnL3mh{f`@?juKp!E-}oGV4n3)l)$4L#k$Rq#M#ABs+Qh)t#Z;pt`b zM!__eRWVjm(6cT6gaK4K+a^caPu+6(RQ#2FQc&>DMtt=zOfB^D!?FjGLhZ0L^{RZG zCv~*9%;c2TeWfmGUJKjBg*34hY3=H70BQO@xIR=oy@G_>aq%U|pbGoEffC9r4&iyu z*NxC!_6uKv(8GwxdTZDRny6KT5@`$n$ z8?IzExS2?ps;?T)pV&u?Y}Z#L*UbkV4pnqotIbbf;Kdvi_4Mh=$jR{(%w&{zSE)Z0Wkj@_Mg!NnyTl5c zp^H#Hi@t}cn%Cz&QEJAv|Ae$czE#$RnXIkZjS71+A+bj&OA$@K*yIMcmD@CUm~mSt zD`h|m<4AUtQsj;S6JJ6U-gwX4o&3BqpQvr{ux#~VK&vd6);8*H0v(F@h?1wk47&d! zoiIgm*RVfH|LmTpmVsF?IwD~TxS_X`n)*#I-*!oHHMbpfFAvusUeSN?>Tg+_fQ*zJ z{R?^tGihynHKbot zZq64&8f<*5>%=dmIF@qEe13Fa{1xRkBQqsste%1&$Jy2wuvZT@l==|XfT3)L0-Jz> z$FY$7(W4U#V&VzE>a5|17khhsKNJ4^V;f07{XehRI&_l_D_J~jS*0)M#6Wy#L7TA@ zGe3ZV!WF}QL%@9`I)@3r(9fc8!L)DjeGC1I5gj~Re5+7Cm*=1(N?7sjgLGVczvLu^ zfk=aO6svP?f{-ZSe1UdH%~VSt&P@~k?+I)1xq>W-Oyej{C@<`N&V z)g@Ih1K|&N7%6(P8ii)mwO+9#Pg~Da1|$I`l3DH0#ne2YXlw?!JB0f~ zeM%S5B30$`cMr_dbZ}N2wG_s`z^u?b!}H_o$xMoeDv%-2fa~Vn^c(*buDcqH3-)r} z+buD-bswB3M9tTfED?9pJFX8u5NBv@!^C8F&u((d(uO0}=_L30e1>0-`6-&U1Ri$g zu)9G{upv1)xuml@zm3UYMFF2(W|KS<3&U}3ZSJ7$dK%my90`^$ck*pbk^bKv=uM795%RU81!^w%?8%s+ zwY5+U%TO<|vP}*S8VDEW+cjtB(!XAHnzj}aoVTYg;oBmJmw4^rtukav)ZlhfAgbp& zKi5R1Pc1A{s^MDa+DpbnHo4Wb8DmU}fzUo^neEOxiXDzeyjmF%fr$Z!$vvQ02cWW)dWq4@&tb7sU>H30%X!ZY{F0vDI`9IK-x(Z$Jb6 zk1pk(C93$P+BL6l%~3Vn74vs4XWg7^;Q75_=rY@UQHB}&pu&M(pUl!LLsxZFJb*V# zjRIxlxz+ty4LDSqfybj356`|w5_GEOJB(XqVqHaO?|OksPl!?| zg^4cfb4yDn348i__S{PHXmVbP`SUibO?ErYg}xs5)yuJ$dG0Y;Ih^M9GDj{+a6X8x zG#?JS{7HAJg8m^eSxZ*kOw|fctCFC-ddHX)WdUFefbIs4!4}Q#V2jRs%m|GpeZvnh zV^W$G)Fr_=8S!Tj)ohS2PxTy%sSK<$Mfr)zI<_^BvP%G1Pq^hc<Vme5?>fg5u6Z6*EsxcSPv>B>O8alv zS-%8hd~(Kd%rh`re%!bDTGA?>!`E3f>>Jhg7K`VRC3C;tD6+HagaEstC9#Gpjnophg;Sh z4W2-raM?W}A}2ya%-N>iEU9;RekkbWK#(Wdn4>#O9q~2XR&PEpgX1dUfA~0(NV6T7 zQJH~d0mm&asA&C}n2z`T%@UyPXbTleLGHeu)`j7uRt9Z_YK$(lp+Yya7#N?|p{&a# zWW0}T$>)hAP%WXZ=pFk`N&aU#Pl+h^MK$B&|E2tkFSWOncM7ZP#E!GC2@uGb+9zsw zeXtHAeki^5hh|`2O#fqOKH@K3rWX&nWBs~5FG|&Ccs2(+G>C3Z5zS7_kM8){$OoxA z|4t5gC`k*3zcb4K*zdLZie~~!Xcx+-x-nTXUKSv3?~5JWTwqM=p77y2BWPky_oby| zPFDJUs$DZ7O*~pNTA$;B1NMwuiuS|&uQvCrEH1~-x+kYnLBfN&f#qLAsCvWGzNW7# zz63w+|GWSmEe&plMnsdzM2`+>)dH*B?4I?1$jtUUg{r>3Qy)>NQ>AMLaD<8u9( zdwy$)`L=Jw{TCV~M-8OVHcOWKX=EGvANR#LbN_jf99VXSQW4tetxHU{6J=VFYQ@3N ze7t8}n-(krXD=ou#<|}On1+2bg54g*7x7kzXuYB%yHlRE38{eRr68zOH0$A-xVGX_ zyVWDZk#5*CN(`+EAuIi4R>Uqu zImGy5zoe(rN$)&Qe8NJW%SNPAY2S$tbEa)rbs7z-iqLm|^z-rMX+|n|>(`SKZ5(uY z%gcO?ANhGU>A@BqOu2rIpl4&aJwj7vnelxGW7Fv%u03R%y_c#nD6*B$^QR9Ve7}Tu zNh8-&0Ofa)=QCJnZPk@7rx5Y*`L78O+r;W6DQL##TxAI@7 z=DpdB-bemwtF&_C$?4;O+D-;7`WzW5-&9Saet@@qKSC(CJL#-h2=fnf&eX63&486RwoAd;B&0IO{wf`}T>7sSzh+KeuGj|arMN-E!zKD;SkjyE)X z;i{mpJaii5G6IJN2k5r8gccD-yU`3>99kPNT{;w4ZIhumz-GbBTfPAblZ0?K7OJwO zzh>o&aqaZ_!Jp+1&ZMqf+vM`kt$TJQQD3d>E~v7%5t5y(P&^m3!oSeQ_((np zVeW~2YW4GNEhAKMVUS_V0QNb5gJtX_1m^Y0CGM!Gkv<0)uD`!AIpT7JqB%P{*m@%pZp(+q z;r9nyqgBj)xf+LdzH<`yiVN}88B=8F^%`kL=y z$}xG>rQ2WCes0^$)yJHeLgfhdeXWo}L-YQ& z_x_Y6yg8DOW%O~eW8hItBm)a1%xzc;U#jQ4I)t(;0 zsOZly!1id0&Fl82Wz;~$Zjuvz4m7KmUbj}Lw&b<%a9II_vIb|b;Mjy1bX^?H_Jv0d zYYI$>8io7G{@L<8N3w}8-lLm87HVvGA0MM@)wLLFt^-Z|F7~th13x>$QbZpDbWKLj zAf~a-L0*xlzR!R`Bb52zI}1ByJ{#NEe+?p@+i{HfAx=FcbaQ&K0JWVSMn@pqxELw_ zGx3428hKKh-;L5dxwt-8>!mXrMJC0V@H?)V|37QMOT~!wu_6k*>omngy^Thza(l~J z(m%sg2lxIjq1~oH!rw%c2bLj#6G*Ycg*UKYDA63Cnij938yw`vBuCNYQo+lgN-Z>V zIh%O#WE{J>|IcWU8U}KOq|MNr9nWD#v)$#FLyiOXz3%VdA7#97MUAh}R&p#uv7h29 zgB3n0t3sz_U@Mj2Ek^~0B=pSLpnTW@SAwh9R3mubtd%ZNx-75U`T^f7Av{O_N$hq3 z<03wrqJ9HPe?yxh?bR+u?v*>}-rxes-Y`U&xmR-+%wz+BLXw+Fqs@1I5(~cjWE?t$+eC5^1%BA>r&-MEMC`wd`g=K1!VuByEt9?23YBUXKL&S za!D7h+shiQi@RxdG}jbrggVYAUv8E@u&=Bm$PaN6d zVeiA`5IJK~oKGnBYL!jT;qyr8OR*8ung1B*Qve2pYWc7EZ!23IW$m2#GxW`xYT)h5UPq3#zMY@(D_!aS&O3J=hJ9!UfY#%muvC#t*Jp`FGeI-^^24@5HP_&%o@ab!UE}ODx8%3}a zIm9F;TB@>^DyLSh+>3a(Z8N(#NvZSfI>_f*&)UYeY(oT4SD^t;LUFH$aYfGno_LbJ zVFG4~t?^o-F1Gk2Xyz(Dm7`lET}Tx@covKI3UpHIBxvVWK)>o7Tv-60z1AJXi{!TO zxm+hjRdqM`4n+qcp5{L5X5{uUfVYfI@3@&j2it|_4*k*%MASj0t~JS5%s#@HRJssj zbTs>CFL@`s-%WZfn6OO0re&Gy2my3B7s^C{jEc^#UtRuN^08T?j&MldH=VZdcz~}% zp&jHF?j4_60VI&WVb zQL+8Eg<_0n9HML-%b;~~pA$)a9-TJa^wV^rG>wZ6E^A&ql;rzfRxqFnmVf62tZgzN zW#&1hfpM=)V4HG_Z((KEX&r9a03O!VB0>!6?Ekjb?UoJ0Wn$w0uE`A(;NDSCfXCQ8 zx#7ya#CHUpY^6=PAK?ff-`@L_%s!}g+Mbo3Mn}-!8?bZrG`$ad4riHhw}&-*e*pxy z)D|>^eW-;B2wvW~Mb;;1;FItRBWt5e<}RO)QI)Z8eqL-Kgfd%g5lmzIm=%-5JgX}~ zX_6kA?Ha#8w`6SDU$80G7Wc$J40q?MtwUoihqTF=!P7TV8DJ**&m(l)oKRlZnuUc_ z96ndh1MXQ$>WQ;ZfyncGaG#Pqn0s@ztzi|4adS4*by2C!qxT-{lo$q~cc>N?;#V&h zMc+P#ruC13Bo#*um$Pf`;%t^X6!5_)oBg#0p%TreR}bLwHZ~gDCy!bj0TdTyoFEMt z{`lHYreQsK;8aB@rM>c=kz20&@2<;tmL9$<-r5YIShI%~aBi5*<{UrY!h#^JDcn2z z-F^1w!M>x%Q&p}tOM9pmvMQj8K9)pA+^0%8Iv6eKJJYTi>_)sCp$NWb7ds1(39ui; z3}rvE?qmoHJ9CFpodpnn&30f!D_Kl1+15J@oPwPUvuRY}pTYyv0)I7wOB0=uhi4o* zF5i5fxy)y*$3X_Su93WFiUERlm$wn|~;cCqIaAr_a z11>2ns^K%qfc4K2KWnE#61j)|A&5U5`{dQ!^n2US9>LZL;Sg>}>4M`b#Z>L3e_g7B z31!fgQUns!&w!nGW3FL*r;5&qivb)F^|zIDHfrr;iEhct{#^*sj70>;GRn<9R7)= z{#ya?sOmT-{rn>zz&`Q}=ytkj?EXu$xelr_xxLy1Q zML9i1!aJ&8@5rr1W`R-o8`)q>%98zLDb=^~ zMtb`tP^4S{lDScHk?!!#Qq8;CxIU1*f>>;{w#ieH%720^NMN>B`Z9Tdj!=A$vBq=3 z8Ltg^|H_nPAsc(jGYxC1Cg4o$uLNcBZ8lH;3Dg*WT6=FA?1m!{8A3~1nop}VTef7i zt|P;P;N0p32Rs$2p2{zlhY;Nt@Bd%CaU+T6O>p}4{Z^-Cbl-;sM+BJ)6F~Irdtpf8 z`Ypi3_cWOMERK?}?mB+;p9k(A4ps@u{@)(Zr(H9w0oLKU>FPe)A)dK684Qf9D{62g zy-{)J_%Fnr=yWT;sqe1`Q@z`S0Bj9=p)Wl4H#mYiea!_fUhlmkXG6hbZKu;h(yF;| zE&Ilt=e*m{MBG*%k{NT>)4lc=8D9JbRZ1oYVdy z>=l}}tw#IWC1;trxzf4bggusoIe-06k?>VDtc6}cwl)c3yjD1C!f(P+P+=M#D&!yV8XZ8AF5HCT3x za?XwjjXZQoKb7fqPS|_ct3P;)ko|&p&xK#^+q2%!BSSd@S?R^PtYVWB2E{K3ux1~K zMm`9~{UYJP8=*pBY4ZBfN0!arnHK#I)Q8XGE#0L_Tvtzb&t3`PBC1E5+a5ese7DqN zBbc!i1QtWajeS?<=JX&rmv$s*Cs0=_HVS#J4h0DFJIR$#80j>=x%=*Jvm$S?DLSH} z?uPf$q+Fv>Uw~cs&RfU2TX8aliCgAw*pOVR-W6<{uB#HYgE!Z7TxC?vrZl?uaL)2aioykWHEpIoPKNj$1Kg4 zi5rY*1dNEWSR?gxy}kOQPi<{a3NTvhhy2Q4T)D6a8rc2W(Wem^iC%w9@Xn z!*YHcf{YFg4c*bvmm@hrysBt53$a+3nV*re>f_VRss46*m*#u^k+8kK<)WVWy-%$W zH=`!A87PrtZt-D+S3M4+{;{3@oEFJH7(|E?NTLx1cUz|J5o(WPbIP5SS8jb3FvRBf zd6Y4_uG`nBVge+b>MH)7;C}r^vf$O3NzS1i!u4VjM8RT8VJ!7XK1pWwy5}#6dN%>& z@4J#@-donM&9CWs9{pgrg+X5nt8Cz-rGVag$}}Fx(Y(^7{-X1tPp9nx0YW3NxJA5! zXU>GTf24gE8S^zRyB$6AJ(Q<@_WBKEV5|M&?0rgnd{PM3>FG0q)YQe69UP}^tf&zm z0%UAHwuoN6K6))vp=WV`xhv7P;b^1ypcD~ZsjRBT605(biR<+?9nT~rpeMG2Vv?ze zRuLCbTb`c3c%83u%;veXx3=(-SO6_>?MGLsVE}3sgf=&=hc-_H!uqLe(tkPiyE|}y ze0CmhVzccrq?vVg#e;3g0%HR` zouSX&F)-Rr-l_tuZO=*?9Sfz%sa2^ znwh;Ui9h?I3a?Czntgus2l3lkEWvu6^PL~xbr5ew+0*%7(l4ylZ6-)rq`P>D49^lH zwV8zYdrA`9KVps^-oTJPHFznin(%z2vLciYrG8c6yc@wl?-{IDZd+q7_2`DU5S^%h z8f>rVJ5$sx?;c$uY}+M+$)3LC(-mmX(8K=NHKY4G0cvHno@&dtaUh#{T+ zeo{V(&2jd=@RM^$Lt@Fws-{G`uFhP1Z>A;sfmqK_hjK^`LVA3=&!?w5c^(n!H$R|B zyU^&j;9@9JNq7>uh}Zj9FdiIy8!9vA`$ZV2=jG*;vzZmr}R^#$l{4ta`&6ys^>FfxS)_Ah5=MPUmIfVzCXO* zwodya!2Pgd_+6_!-B)0Yx`Ubw_{TTqvW;b4-U|!8 zj1=kYjKjpr$~+Bq=NEivXlSI)#iH>Do1lCL0<7gM=j*PU#BbkPyfFT2{Y*@A6sCCl zCyiaJT#{*&`2yY)gfp+M-Eo=c-T70opZ^epB^6%N+LO;Z+GalFyFko=O(RtIdSGd7 z`m5yxx)!H0f1H@A$U3!)!Fik}Quc>zjl+=ZGj%IbRNY}_VMQ^lzR3ldZK*k|7n9$Q!@#i`d{m%X|EqB!>JY6`M~%QGuo!YIt|&Z95M;U$lgJ@Q>@l zLBkru17%g5h8Pt6_}Z?U`3va{q@fItDrp~I>NJy?T#`_NHwn)p_+~nlBx?o;(yjTz zx4C(jjEszcGEljZl*#VL*v^U=M7fHJiW-ga2$PBV*n&%k!$Q|Z7=F5JFAurPVp!ON zsBZ=LTtu-!mwc!-Uf!DQ|D|}P23E>kj2mSq%9n3x&97D+?6w|bVo3@LdC)&Fz|D$` z9=29)@VDA`-SS!7V^>$sv#?oNO(R7@AJUJ9r=KH5A^Ep%_$=U^XnJcs$MElSDkmt- zJ?RP?`0ac?Y8oyE4me!YJ7Rc6(h&BlSlB2oql%QNb!NqVe_@v0WaP*1v#HZt6=ifx zeZhY=k9G#QPx5u-R!$#!Jgz7|Jc=~7>jD-qyO_TIqy+~t;h#S>6UE=9@&rDjK!&ns zOWu3L#ODD6z)#wPT#Z*ah7K+q?Za^jOQdhbB(i0{0UAVc;d_y$w#$oQvpeq{yRM?# zw5$~wbIW`F=L-y4pX}v{JlfE-e%s3F>ppM26SsbJUGt3kkxm$QXgZ~qW3Zt0vFn!B z=IbKx+U?!L(e&vSO(>n(ii3>va5b=;P<*%;V&L$Xi}%hC<0{%+tNvs(5KjIa9o4@w z+8tHKeE}J%%V67wVOwH&5S^NU49-!n2YR2fd9 zY~jX;PV0yA-j|TYZH6WSZ$8RehITF-L-$%8Kgt%zudt(=DaXy8{Umv5iI@BL)DR2F zxXh(Sxt?XQGLXCO)#VtL(Az{?4ixe@#19R38Z`GP7W54EXGU?uO59s3Xic;l@KXEO zld0?Du0iNfb=cU|>9DlKq)JDIvS0A&Z!>GN!fB$XR*ha;TZJr| zmPVH8Y~4J4ah%K7P9Mn;qjh8W@kb-o)$vzbf3|4dLf!ugd?Y$+Bb9a5M&;9j0|iRY z_~d_{!k^irg!#V8(J__?cttK;h>VH_G1hXRLL{AlUj2k$*_E@pxp!3^l!Hf9Py<|2 zyww@2t3a&JbDxImbFr$-wI8A-k6^F>oAN#LdC?^KL@q2rpje~YNxKBd`~!cNVFj|+ zYrTSj-@j`nXjEa-?58H`qjOAjg`bg1q*0FN?wo>qP`F}=pE=TB!cm)+Qt|xY)v4rO zM|8C6EDwhN4NiwE>x>i*n7Eg7v)f%L^5Ym4RA_v(H85!Rth#`nnHrZ2>c+xQ53D8Y z89KERkmM$#kp0b@+wJR0j_ZOe8mF=3W%y+n?H>@~rbCmGuG$(Dj<&_UT{oKw63zQ7 zGyVoYz1-WTZ4y6_A`?WZOT#Yyg0bo{){2B^VWFWd{%?$mgcG(3NfDjEuMuW)-b0b$ z^r$mv@|!=Ci02cwG;8YSpFbVVrCnXO_l=3Lk^QAk7FSkxrOM1u^07t(qM$(-^Ts%Z zIf^aa+FmAW@vt(Ted2Q+;mimH_RxSC}|o z8Gc>noWX*q*)`Ky#wli8CY~ou*4==IYjq9QX`As+XeT z9bRa4vSq)m#6gXK#fz=3UU}(Hu=6GX>g&cAy_IWg@4sdCE=gIW`ulIC`Vk=)_hz2v z6vLknlLq7otAB%+o?3|(rha&7IM81(5reh7X*-J3XS|-5_uBe3L7@8gJ6CTLAydyi4MyoCZg;w~7RHSQU2rw}*xl4of4&qirYf&rL-=93uNMQzZ zSGhKymhwABI4qN#RMN>Wz>jEVWboH1{>~n4YSi#Sw~Q(TM|DE=ZccV~VEBWMXW&MG z&f10lS|zaC3}z=Hm5)X_1Ur8XulCEGw-ylH125af-BORc)?Cf5&O;?xM^1T?gwWht zrpN=K+>8vdA@7`bAyHYMcI8w4;Y5=o{!BbIjN%@v)u{xEkHB15O4=B0q&_W}P#~3_ z4;PP!(M>a(5R$_i&wn2L-w%C|%~SYx^+vEo1QKhU2^t^&k&)L?pu$wY%qI&83Y5mG$vrc?zhvWeqL$$o6z-4k#p=)g zyfUtH{nZ5vm9vCK|EkF&MMjX|oS3$Em{%K9b6&6W8(pjOV@MOAL9zBtx;`Av&@ZdW z=4!Oy7=CiG3dX{k3a#~9)VPF(eu{(kAYTU2UAcCRiu|8Sx_eygs3D0-|8~dJrmWRqroG{7f8V!V=fpdxu>OW2?Dk{R)0%2;LA#o4@Yd&53 z)CSEkdLVU693Wa+R}KeSS~_9)ruQQ z8uMEXoM*IoY5DNq|NR17?W4cCR`(mqz`v9E-1XTC3azDy8zvmEVL|txx5zmcYohPM$#2 zmo&MPh9#V?@vnXgU`oTcGrTv7ZX`9m^Ke{_#1SUPyo}GQ38+S?#qjG3nwJ+-lzHTWm4L{qj2e@U?c|nQpj;u|H^Rj#~n$%7}aCRo<`cKMgyFP z#lyS2G5lb$y{+wW0rVarCM&e~CYjr0oaSR=bSF%K2Hw(jgdHdEoA)NkN9TV=s#hc= zm?IrK*p|-2RjW-_xx;17t)&F0R|t1*;(9G*X(h!vf^cgM}GQ+1wv`ub|4Di^sT z5xym5UmDIExP~M#wYqd_^vn!gwdIM4CZ6?FLzq|>E$3y@=^GIo90Y$|&LoJ3V}jzT z@qG+S)z;DggRhvp+AnV^eYcSPva*!Q8crC-a5h+gN1uYrvsV z4YcqaN|{8)_Fi=GFBu$|R2#diL;k5MoSJlq0}DY{pQ`9gMiK_)a)xb)Kc9G0KoI-S zC7-E=vXuj2{$6{ApGeZ(6z1LS;>C+K=OA`yQX`J!T>`k!Uc{Acb8ss$G}V^~X^4nC z`}e5Q<8btqDWT$NFoVg#*JL&N6Mj=J_}>=9|MtS~{cW$`f`a^-rxC|HsDixS*Nzl< zLsQU~#SM?E0Cl*0Ekj)+867|Xl2^-Lj7z0@`>B0I3+#P$7y72*I^)pyYj#|u$Y?lG zF2eHy&6nGpsEJghIS^@t#y*?F2k(kd)0x@Gfa zFi(Dw<**X|izrY6-cJ($*-E&-)Es7qwQ)ro+9_>P#1V)$)yAJKEm{EIBJ)tA9L8UO zK$t@zhZby}Jh{~gU?cWt-*9ITeS1ls3HMplDwnH4Ngm*T%&QYV>HPrW$)MB*Aoy=UX->gC<5wRT3Z|A@<;B80>*8n@@9V zt2S_*f1lcSe|E4$AB$gz9H(b*GFtQFj%jGej8ri*R+XeYsKvzU_YY`!oxqLcA+$a_ zT;bYHft_K~4rR?uV&ZwXA<9hF} zATJtT1|PLBv30q5bE`W;TZ#dZK2>(RV}9F?XvXX9$r<~&iQwRx39ErZh|Q~)Ad0m` z4dfZ*OM}BpLBa4k5;!jlNGfkwwH52aCh!lvh6|BWXY+CE^S+kFK!={^IxVOz5FsLE z&Jd+DS~}eFWJ!rjLAZuQGTN4VK)d7%TTC(lup;5Ika4>OZW$^_pfHvWvAEUO(V>eE z0O5+6L8f{m)ILBp;QvIyx#*mx))P9bDVdZ2s5Y;`gG@4Nj6|{5^6dz){fb3jct6kl z+{h0B<}H@(0nLwO*-v~VgckjUx+~97@&yQNA>-chc2kc~cc=j5&WFu%ay8{o&*%b; zg<{n#v)lXfva?U=GSHLOIgM8P;2XZ=%VJ`#@y^3;f}hvlGDrFgmz5s;gMT0}rh66} z%tzxRn#HPn3rA~3ZL>+rC5*t(^~L3C5LbB28<{KO=f>(imv>#rUG>uTo|z&P>p9Ng zgdYIKhCPoU$nRCyJ`|#EwY1~?w1eZ}rhoT-|I8u~^@_>SE zbJvRmkfnxl$hVr85T|^uMqT7Vvq&2h+EB!)&Z}Z2(KIXs+C0I+xjVvqg6#$ZEfiKW*=P%3b~KLj_e^`?X zn%ozmYK{++BKzpJztwFk1w3C!+Km^>@pcp%A1fKTvqx2P3R# zAK{b!`w610xuhpK9}=y!EC^Q*1l~OnAg81xo-pk%6f;lG${NCgSgv?{c4x9SK55+h ztDSLsOD69t0xbQ;mS83IlG#%BM%t?TQNrxES$$jp5Ymcfva+%@rz0XFaOeKI{KZTP z3L-)wD9!2pi9uG}ktg_KX2{vgBul6Ak|sGaSBd0!X1U`2ql%Pp;$jH{aES=1cnf@_ zvxU0tD{&j(eqJAdYfLIh*nKk97Q(Ar$&C-6@K>!I%pHoM<%2}al zilo&YB~YoA+tmBheE2(ovA-_)sP;+f>E+vQ0~GgqJ7g#V!p1wXRwL467OnHa!c~SmG1J!2< zS$yXt)l>3_-=3@8Dc*r+?R-c3*ri5^P}1*nnVZOGQ`vva7?IkYTn%bG zK#z}kNG8Fb-iH9Ka^qXzihY27d@kUhMY4w5BZu*!=}e|>=-)+1_r_O(PV2xi^e7$! z+v!r&V=h=G=Q|Fo?R^pd9gy=Cz{|o0iXP8k8*9^dz@S)glcMUp`MEht_woK;f#(R) zzmY`<5J_zGnZ%spNeHCSO5Npz%IN9Yj%O;FP&A)ME|2lZ-05-egfkNp`N2%f7dznV)F;^#z)t~0j-4{$6%Vt+Bu6y7e? zZ^o=3M40(;Jwf!)!OPFw-Kw1L|3TCM-H>Kd>QKm+;w^l)o(Z`~4-L7-4bWD}&@eE? zoVpFqjx||bp8DOEl@-~l+mLyZLhOKV;jpXffVORT_)i!!J6Io(N2J8!CxUVP1O4Vk z(@2t)>88t-oBeq70;=MxKnvb4KHByA_V3qi9AV1Lx}xrJw5;08qxe zfo(h94L%Ejr$aO-rEscwM6$P!qZ_?k5or4QnzP7$h6%!Ug@uQcx?7vb%35FS>+Svg z>JcR2rM%W}VpDEnVg{7>5?tE^55h)en~YR?wgN82WtEXp^C9a#4WWzq(9lqg_NOWh z8c~#dny-BI_7^s-uT8MA6hI}4@v=$?0*sMaW&>N0CtB~ZFUIy|F&=6 zJVlzpen`19eQ7+7_LX#mmH=D{W#rUv_3xgQIK)+*X;R%gc{C+4Wj`2rw~=(Vk#r7a zYjOHy`)twFn6XyNL&|J{0 zj1-ywZD1K z^|HsIWG{-v289$oPR`;RyhOV)(pt>{#ZQ6Tg5!qI@Fs7ia6++m)_- zQo8rH3tm8lMw5v)HiK?%^SgmH`LT8%?7j-W5 zsJvD|9GN8pMP4P;Ij;p!*F{ZBCLK`^UZy} z&^TVFL*{)@WDR$Hru2EA+kByrEClZ&Q76eHX79rzRz){x z9Sf0UfumzSiOG4Um~0xP7yqRussu@jKX^fcHJ~qb=i$%Neebc28GUYfs-i#;KWXt5 z%@PnOrkqy#n4+p&*4peo0S*H-(d_8h_c)5xkITblTq=sUjus^L)xVX~xP&ds*vMq)5Ikp`cE-v^bwz`WH>$FNET?`R5zs77-Bd5h8rZeT9O>t2%hmPW{`mJT!7FGIl%$mUyw|T;2 zP6p$&oR_$z&c5`=U=6|{=uCGN8~cP1$HwJ<(J`cLjggItO){~md3pjF-PN|RxDr$| z_QV2QQc;qEB0@PhJTfxB69qcNxNT`(c?DgBrV`?m$?c^t6Sn2QSu_3S4W5_6UME7i zvA~l_U$u@$qwk*;6ec`AU+OOR3&l!W4;IrsOsx1>b@W^%(|aRopyv=* z_}dUuBDKCvwu#$aB#;z<^}GWatL^8arLAX6ON(bS6>11lN;%tQl}sjmB9j<;|Ps*I{~47_PdQKP@%K zQ-CAQ+H;}petv%ckV)Qs0B`p_{$fqdz(7B#z#YWmQ+mcZv>xJ#VFo&X2h^7wnIzk^ z$_^qxtUj48bLh$Jbbw9|Pj;*x07dF)=olgsM=FVfkuI)DOhOK*slnUT4Hzs9;4FMZ zIX5KfQMF0nBICUBfQAqocVBI$SEDFL(Zcnh)*@xbdbs>i2(<96HUb|uhK5tmoj@V% znwEZl9dZ=!kYP+H&MHEecRD30oL0X>}Cg` z_qLgkhfHI$T1nBzN11LNQ3C>+nAqb`;dp9(6c#2e%4`&B9tz!{M9)>0wWL;jNYYvH zP`@PwzV5l6HzqM16&3aOJxTDuh;(0%Gp-*aT31)WUO-Mzwpo#`i_nF+QF z{RJZBn)hX`0Eqq2mZLvtmo`^dC!KcU?>Z3TosTIWoDcJq7)?G{XvwB-gkoru(8ae~ zSHz3Hc&<74a+bc4%G&_@Ys+V6O;1V-3yVL26G!9C1`0=CGYDFfQlrVijK&S;*nbM`=NIRdSg8>y zOP@^XyQMr#1978)g+4wnnmPnaT}AqToK{X~f8gffy9>UhMiA>eJ-zBWFy!j|`UJ9H z-iq4oJm%fsbXk*ivqM1w51V04Xw{|U3WLO5W&`g-;RkO0YOS$xG&Uh9-3G>6S{jNG zo(cK!DgBrvT_ag`BUwI@Jp9@Ew$VU0LFtLQot}cis>`!y%Q-6$P?FR*;|KyNf^eLR zpoK{xe8ygxOo-Ay;iK8=Y zj!wh@5`P>E|AviWNSyfxIQ!MZf7nY172RO&z~1?^v>uaE_Ewl|)5lPw(KY&cIL8hE z{sl;Z-sfN?%AN&h;F0BGHxqIG?&3YQ53CYD2JyyW|HQ?Gga79Q`{O*9|6cfp@U=+c zUZ|UeqE92mV@pl&Bb96LiUB4D*5Ke^JoUTk z$j0`qMHQw+iW1Aus+sPYsY@msA!s!a{hJPh?q(a-`|Hz82#}$s`MwD2A??i9uz}tU zU)7z9pjt}wN!B3>(iSY}BF3i6x?9inbyzk3RY`EpK8;Ivc6A+~k2#G-7o4^?z79J; z-Tr~_{yS}DtMq|$qR)SaZpop*dk#f5B=O71ubK=Vg#o8518Z7{PXI&FRcCzR=$8&o zOm?EcaU0|RoIbB6=NUVGx1!1&Amt$cido)TPx$cRL#}faVP`4cRY`qg-1p2f-X25t zCf3h*cMi`iENA+G+<`SHq$dS-E2(y^p^)D{9GIo@Vt6Kb<334LQu+D%8|z74X0-^gVp(U$||PN2_BYXW8G@bHI@K7{Ue40fKCYknvZ-lZSra|%g4 za<$M7r5#Y-2LD1O6LW6pj+ELNS;nB)!e^&& z@2#y;4KnonD&C>m{gqM@yE9D`oNrtg*`Hkld1>^HJ4+1xg5W*5h$4*&)#9VkTQ~lM zaki_Btd8oNliz#%qOS?`UC`xM1Eev}vSd}@Pz1z^+yC{dQRWi>ZGY@iGvY5cc813dZU~Cd@)ym%!Q5S+AEu2zn%nm< zl~W%Z|5Y$sb-1zOAZYDvVrj|!SsA(n>t!N+UDG?7nD~p|Q@n~77*RubXl-3}^JV8x zgdaNq8W4qy%`Ojwa*_4$LyC=^_dVw3yZ&wyF7qX0V_)!8f=hXX;P-_*xPQfm1})sq z)gaO-d&YC~{z8kcP}B*eXcQIo1kgDKE9B0eS(l@v6Job^=+=h8GU6SUxFjzjVLCJ; zC+8~vO3f{(ZUR|B(-NY~Vz9r>B@M#DUvF{=tmWm1NFJzxc(}n6FGk>iGDO+IxsUK= zRCL9@(n>ME&=)uad{Q#^_Py5Ve)C(q2^Zf|-d%|l-ke>_sO7gzexvO?9anY8>=9AY zJ5u5-NEnaIWQ_)`W>2162oH;*pv={NuZUQ@phhuQ1Rf;_hp6xY zw2ns`a1lK#dT=9rwZeE`ZFY8kKE2UcA=Vo;~IQQ0EH-z6^PTH9W)lLI8rmjPeSB*3D8o)dLl&|DM(c_j%+@_-^Ozr`IWs8#OW z>-Dxbvizxp`Iuv)2mfsT6e0=B#JEf>7p_ss4);r|fc=rGm61_r))izVsk3xFbFZX* zO+7%H9(DT(d~7wtv%m<7DxpXsq{yXpCPsCf#==h9inRrE8xCxH@4n}wcdQlHB?BA- zc2P!+K#oneEBuq*i_4_~H#SVW?R;8r``htv_Fh!s(tUt9ayUJ^WAirR4tCQKE@m0E zwDWY;p+1YceT;HuZtyd?zv_j8>n#uy=66e;^}#REUPQM^PBOc@rdntJ&0q9ESL^V=^P<@)KBZ zdO9XDVjA`1eq67+OQXexZXJ6Wjls^-pO{xs3i8LUdu;C5Rgs}|5%9eWny=$k<{SFR5mrkj)9TsaW9{6+d#VTj zrv*4CsihMFsyub)KWrdm-BqtLQ+5Q1nyW-cLTLZ-S+~$1UzAxO!Y8mf?5v)aJy4)r zUh(7I+!TB9@^^OzXTWh}u6z{2mGXT5CxIlt>75c8yG_3kXG6f=v>f1!!B{n%Ro=u_ z9~bKY!0sZAsh1j4Axm%S{<-v!#)r!cM_sTJWtde?B{e=g9@pKE6p7B9d7_#FLE+_7 zOe`nh3<<@1((S{Koxgx^=TuRvzu@u8kCs_rI5JZ|C-MvZmSGfC47IjSv;^TE~cq?{-C5Hg5H!1NoP4ZFHiHrl#is3J76{TmvN|Vfh zgd1xPFq}-|JOi9c(C~K@^-Q;CB?1HJtDySCJS%jH{}6(5Q?Cv0jEHT$oT)A&uU7hLCa7A0emoNADfB;4dcYqGg zm4=D@m{$5IQbpmI0Ahd z+Yi{sYoji|Vovz2;Y$Oi?D!uFfiy)FP|waTMS@bf`=spvF2F0q%{0$XytO%+ed4Ru z4ztnSJ^p7u#o{>3iK0~yPVIuGQ~ce9(}?A5kX8PKz<^zu6>9gd3eWt9rU-bM)S2mK z?V1uO)3yAv>})-3R^M3kbm+oa98Ggo_N-3aJRF#0fkuP0!1U4&=}n*kd`TV zHh`o~4&14=`bVwQ{ZA=Gx{#mEEkstE@gC-R4Z%#VQz4_9#ePZ0TtGqK<#nef2X=;n$t=!)0oa$EbI{yu3O*&x4K41m2WyI?5>f_Tk zIr;TCMv|KRWWX`@A%GvDiqrB=T9t_-7})&s#dPiPkFP%sT2Irl-`^fSaN{DC?1E4% z-Du8W$M64l0nRV=wo&=MaCaXTCJ>b_kzxGA`}iy`(lD_z=;-|EXxpwHz+6PGFt;h# zPTjkgrPDZT3W5$^b}g~`#-%7-UA42=)L`x{-=Hpmpst%hsDE`;=vA@;Ueff*lNx#g z(Yol&?A(pytqPRA+{7y2_FH?T@RY(F)Qyjz?y8C4dtCl;>@=a|VQommg!d$u+sbB7 z#w8TSqPa-Nnr3w=%?=a*4@#c(L$zQ|fjK`hB{jeXG70@Z6qJ-iGb#xaeQw(#BPZOa zw+^CAp#fm_BEd4=be(=^9ysz`On2zaf7AFb&9b&jKutz%0s?$+anv)=TkF??P`LZl z=+!3O-Y&d#DGYkrzqJ47re15bHP@@hvWolnJ^#;*tSP>y(ya<>4DnrdH0( z+R%fC4oiFb=igAGFj|ktnoumAn|AhC+2&?MVNk}4 zX&Hqi=(S)k4zS$#`U~U*+8}U6-7{&OHrfEq(VstrHNE4lT#&Dx;!p!Q zq!fL)aK^FsQ<<-W%}6# z*@~PDUE`~OPW=@jT@@F9VvLC%g}A}dRXDdur%H#>Lnv~C?a;eR;4HZlGua=dvV zvz9`tQO+8T&ef_a0-r;PR|$G(Z=i-qiqOe9Uw`tXVfDBNQLxE(anb|0V+kGl4eGT;Pq!18C4_-(qjhMVF(_ z4d3GgFa7WdxBSAeM#cJC{WoG{F={_P(pyX)8Y&-h+6H#`Lb?_#!(iF*1+yyAX4%ND ze=;WUK@cvwebiP%Gd&?e=zBc$C<04X88!QOsQkShwLOadI#@R!!Znx5j;epdNl(5& zpAgsYB&MoUJBfZc#%%MfK4KUctdfJZkk0+X(ExXj7sx2cC@1M-dS(t>s{P-i=7$I? zuf%kFQ;k|My4)HKJHRySJAnx8q(>~Au@bm-EHjU31Qo2(x7!F z%2`3WXl3xZw===Q(zn;YQ?4J@Fdu$!LM(X@!e1}M=*U%=xhl&N-y;RVy0(DLi69)1 z^-^a>E$|3cKZM%mpDp4qCZ+-;Lb-_%^?F-h9)256O^rXR7Ml_scx01N&TNc8l?Uvt z`RCym+=&m*?|Z*o`E&Bx6;hVVnY@QvSydli zEG>pz|A!d0UasU70sNG4vN+Yig0rNA$;Q2&rx1f(Z;2FR5ar8Z!iolRZ=JQ4A0i#@ zj7vQSG=Nt<^UjN#O0*8+U+cI`O zR)~ei`V*5nt=`YphS_w4ew!Q7n=OUi@?Q~Hb zLTW4hn>C{*+bcs1PS2d)&(h0U+t){oGP9;8BJ{{{Z9IX6lwm<2G((&cXjxH~)tHf5_w;|XuOy81dPn$gRQz)hu+-dm5midHwqC%@j@eUSjg;Dcj5H77?7 z+rBq1hXnByqS$U=HfiwCl+;++$X;UHMKtMYl#_Ke%JdeU1((xPOTZ9Aa#%miUI7JS z1A%D5iu;U64a0;_-5SmiTzGT)T_y#ts$12$eAi_LBMT8~AcZ2jXkuHw0BENrsBVGN7_rP<1@Fn!{ z%iRes8HXsSn1B^T0;g5m&vb{IBeqTwqn9X46V4WKFQB7-Bd##T;}?d?=fVoB@!H2d@p4h}U8;Su52ZpuJqWNJk*UzGVYZ8TZ=6H4+xsCuYM?PJ6ETaySY3K@kT z)JV)PyWHfKhnjg~&c~1FWDb#&yGHGH4uH;)VPJ{50)A*U)^1 z-IE~zVx}~6lo$iPx4xoe8Zplh2ZZc330&FsviQLfRYT$rW)DW+G<>uN+$dcwq&8yY z6IEB@#Jm9j9*REGPiNv5?%b*Q`?CSy5H%Z}8J#{>2`%J)r%>#Ap=BS{B_Fxr;tNfv z^>13+!)3X{iHH^Zvu`0;Uefga=EL>za3{+>a@Xu|0{$ORqF13R4;r7GH@Y^%oXV-D z3h$>Kc4f=h>FNnX)EOSkJ|fqwp?Vdq-)CrIKR3H_@^LyIJn8H)`D@k%hWBJ`%fasc zAz$_NuUeN`CA6c;43&d*!q*rJ;A_(OsQxG|*FIv@&gm*jW?gfB0sC7xNFnBA7rRKf ztWtbfF@BTQADj%2UL=CEd z;O`yGq|`~&RE$qo!GA*!=S3A-!r0IdS#xz&a;zxSs>ksALwuGE2toJ=NP3DUFYj>P z7HUl%Oq_2FULn1RF4Z=6_6r*iOr-kg?(R&$_GH8_2{YvleUc#_n8t5I^npy;Y72s; zgMOf~ecfWKM$8FB<6V@Upuws+iDMW`^}$Fc>s%|K=v{o@V+0M2z7D%WR4T~b6>Z_A z6s3Z2=O^&n<@g|fUcV*`YJ&pf-=U*B4h~cdNNpmcXjtY?=WDVV92GizP?8EXO%O#d zxp&Vb1f!={vhf`N)P3DAOc6)6v%AAJexV0TXfnzur~Y$Tw0s4q9AZASVL+7vgvRJj z(ag+UMty4k7?-87H`_AIdUHPD&9w5!9zTQqe%tjE?f)fTwo*ezq7D8 z&$H3(_fA?+Kc)fpSO#1b5n(9*1>NNvX%duOC}7opmeJ#-y;3bk?Q+Rj1+X8EdllRN zp23FGvMba-=;XpZ=(fw{@9XUC)hI0Ol{lPNS0l%Md%z}Df1<-tZw9S zCU)4^#s0AVeFyAv!O!aNR*933dtvXII9VxX=VK z7DweQk*{z zcH=EjWXs_9$8p-CYSO7xZ`Lz`4Vm^aR*b^IC67!JS&Vov4 z*v0El{Nmb;B#>-_t!IXIYmes}A;!Ielgra%GPJ*!)snn@dzX1sD4CZSRmG=jT&?A~ zQ%2R(ob)s?{>ws-xfr0r8YQ(e_9xnbtP8?5;XOWjaPU{)hyRUHL_D*1@Vga1ND42p zWQMY8y2jz3sv|w6-@Chf9;%=vW=YC?d9e1qb|z%JcJ}5idgLvYt3iiPAHh&0J#T^& z)H(dY)%AJ7)zxVKe*@uRW1I6H{GU5uXWwj5l6)6fZNryfC7r#R; zn1`nsP6tNSdnq1Il;?Hu-)r-%o zH35C3^Q<5GcPIXS*E(fIGy&C|m2?})Mgz$UCZ(B-TexoR&c zA6`O|Ih`PIn7$4Ihu0WRmXfRIZIYu!cQbzxC~B;+EkXyb{{ooRjk@iT{8^$^lcT*6 zDLg0nzIH*(@sC!?Vn2hNWt<8}G(OtyB-Dq&)@0RkSij*k}cTyDl84|PS za~@vviv)@%*6Li!Z&fOle@O*jxU0&0dGDT0l~o1VWb4slt5Wdu8A0|VkF8~~hNk%z z+QU@k_T%oW#9SejqmY>f@QX3<8 zS0YoD9WF;bl)FK7hF?0!Kbhm7xEkWSUv8DibVv%$NuLV$`CYHQaAIK2&CGPK&?ZKq zOSyPpxuQp_HSzh@o6A^W*VanvBYB;~nYKg+~|lT|K;!}yy4oj4W^d=*=a&07jwl zhiKzN@t1H-U2gYq%`!G5(_AWe^qK#nDo&FCBx5C=azc>h3$UcQ=&isJ;F|0vTjDa)47yfB+%*m6UXxoOjEN{3+{ zDW(@%4l`;|79{$KtHpqs-taqj^`F6P+gtsE;(uBd0H}5=;iEuAi6tdM<#}ex{jmn4 zyCSlmgjLZ;(I+|NZ?C5sKm2^95=jHmaI=tKK$ro!U2@kF%F|UIR2+fBtKVZdPGn{2 zM)3P-e;S;g49#XO8u_3q#{YPvb`+##-XVPHKj|BtSBk|>h{I%_q51Kv{RPJoSy;v= zgqj`<<Sv@EfRf&Mm3Xeb>vZmX`pKrv<~c5he5PO)HM8vvBPHZT92XTo&%ov5ll8n09v^CyXyFs0Xp`6^^AG zxCLUu5^a1be&RkvoAsdVdvVTTcc~NpH>mI2Vi2ed7C1QPe>lxkB%ET*qNd;r|?a%FC9icl#b7(Kd>m|Y>7d!HXO zds2|6QmFIkOMSEYOx-6v{!85q*tqq1uB@jNg6gL4+67&gyT-!%9NMSp2-o;BbmkTb zuf*CH#P}}n4eQDuL&o zT!&Z6hkBIxj1S9nRaL`AFc@?edx4g+g}$~e{$6mX8QRDw{@^~vVDs-bJ%dEq$oG5V z@><3(pAU1Z`ZT;tE3ZT6lf`6cT;lP3qb>jLyCpbjH;VoZC7sf; z?6D#HKNLN0mDz>4X*ML)m)KXz7p#Arkkq7tb;(O;AFb(Qh(~DZsZMikI^D|7Dq#o) z?KR@v`CyV=;zW{!*q=VaS~WWL<}kzS)L750{+xSLQDebgBvB_hP9Htr%U6DIEA9MsfeaN_ZRv*d*vf**Es<|; z{1`gKJI@L#J1_N~pHGx4>PKfI|2lX(&&Xln*5=D;%O#HbfS6O9X`DPX$ZbAEHSOEj zMdqZTgsou2!o3yND|1;nGgMZQLq2BqJ|${+yS4Rff$~?YwRY|$i|d=XPwKDBEZEHN zoshis+;FKs-LH4f$?3_V=WF@1W~Ju$H1+hDE1i3`xnXcNH8D4nj>P=3v~wz_m&;b% zeaI#II^L}N>STN@-=##WCTG}u6|~=fzvr((hjkCNOl*k`-eRd25&i}TWNE%Yq|&b1 zuD#i7QTb!Fe!U6Khp&UBIpVHqC{(pV9)7x{;q_zDZ&OmoMEH4ls&5B|M@&U${*a~Db>?+WwNXqn1f84B5C z%CtkXT;LvIFMCt-G&UU@mz*_Vu*bjNtXG*PNPS6*(4wvLr8YRmBEhD2?Q(|Yew$%^ z@i{x=FCR zB5c!e`(SE2_@p5Qd9ZOmd!r_UkZxLpfY`!OK_TN=8p3ld5<4|wV;+AdB;ItyL?13< z3~}{*FUL|9HC5+sNb)g?*@>2yPBF(Z2y;TwKT#j zk_I=o-@GQvJ)d4#IeZ!ES5KKs2toK0k8o;o1^oPGCwuLa`OV-KZo-7L ztzc(f-PDRRVpM4r+&>@PwZwT-H~ywTEyj25+<{wj)%%@Q$y1MS4>?yAfRZ8qi)hDf za2+*SgbqG|)1+apRD(l2@AIYm!gldK@uYzLWJCHXQ8)HXz62ii{Rc}?vl${Qr6P-i z6(X>PY|qN$FFvnyn<*Q~sYH&K)#6?n4n=4l?Uy+ZMytT_pSdS|%)T5$zj*Lo!`b_l zQQW@v8-_evMWl)L@r%n#uhc8EuMPhG?ixus`$ouNhK_S%KFvX+-2dXn z8JPY*uHFKwsx4|8-hhCTDj}g@(I6!tjUpnF0*7v-Q;<#rkXAYb4ieIE=tfBi0cj2; z-QE4Kjo0^k-~Wtp$GCUg!`}PsHRGAjeAZmI81UfDm_Alpbm2YCPT)iW6N20FAaw^k zCNm?Z8F|U;WIlEY@>m@Hmh{^*%=1Q)Jifj1wPWp5d?~$akfOnCYe&GhO@}Ry{V^a1 z{&Vv~)04}%8bs-1d0AN}I#_-O4`8AEyN&&c0d>o0?%C32NXSM{Tcq3-IKbt0lu)`2?yvQLCofv5 zJ#P4@-_WxrQc8KeYTu>)#+z$!d>~QzO9v^7Qm1Y~!DuutR4Jjx`oT6Mmu=P2!NFm? z852^-04Xetr*OI@R8SXkA>~u#9(lPoRKj98Ts>@tfgCg_X^Uik<@agYcqJ&7n~md? z9_QNn>0}LmzP&-3Ak?N*&FivOF<+=**g~w>)D{7W?OzU@<(PRA36O#vrLdhcS~Y%E z_>cZSEx_JdiQL7F4C8}kvUOZ|4#7FtJIxmPwQNT-H*6#{T4kxeWwz8g^(}Wgei5>* zHE?KCOXE_?G3Eye+m#DBteO}0AV?Q87bBzuhb%sa3Y_O360c;{t{7GPRJiE&8&i z1~I=0gnidD?npDR?lVt}8YR8TM-1<^j|e8i%ioG9dMY%JrM4JLZ?uyIg?9B%nAZ?0 z6dEY3#F`}jiqj!Lu~(cDG0;G+8Q{IFu8woyLJN7D(^+W=DM-V(!r-)L+6TtZVD zN7wLEY$UY-Pg@7MJm(h@aRJU8tV7cGn{aS1dRAaKn77fEh3F&{^Y_p7HEf^kF#pEc zc=r80G5;9Ujc-ItF6ch<9KCvlq}NyQmW1zM*%oWZ`>1gjKe@i zw~4SiZq2k}QeZ=3uQNb$vG|h9hMOSljoE{UPgi4Vre}sK-XJROsbmKsSdu?A&d-3_ z>Q%7mZX6E`Z#&7vt~i^`w&ftz+=JcLiPsUUq|lKVSW=>rlC-hByu7t7Hw@^fJEA+k8%i}W4Es&T=1@9}v$Tqdy>v+Fw+M|q0#zQ<+&)-?x^1i!2GM^}| zL15zg=j<3Ei0v(+xTlYj5r1$~OAQMXV&q7X40%DV&^ulucTEf<0Kvz__tLN_hKxn! zKG`d9COV9W2#3`wrfZMaR4d-Ui^|@0tR8Tgi!~8<)2s@|Rrp}19sLxAjY3jDI|+qE zfmW8zg3A^u&s1km!1m9xoUdQ&UqGb(xHRsJ79_jQl9JAQizZ*5Kw(iHAlN3AT%D+y z-s1o!j`_0NAZBw?((?;9$KI%Y*OeA5(pW-5LjHW|TF>cVv;meFt&%#cxDmqWG0?mr zy9sDTSgoG^I^GwQgs@pveErD`1T6UbsDRt87Xzi6nhR6uN_#Pk+(EG>PZ;ooAZWI7 zz~2htbvR@9mec$0wf6?ugE_5KmN`*10BwGG1}zvG-69w4Lu)_)S~EUq@FSL|UT;KoyH_w{(r?&2cVU1_KR@5=ye0NFUU+{g)j={H#wyjE#9}Tm z77x2EYl4cLC_G-&Pl~2%{Xw~fjx*ytNOt;QY`PY6hZ(B=Z)Ze zRC@~Qaq_Fk%Z&rKHp7P#ngX~sgI&n@pf*WM@zK6&cB@)WJ$n$}UuYaXMg_b@*|42G z8(45!L6dnNkJ@*#h`p7APBRMWaO&gVOYm_EO%f{gbq=qS3)AOUa^<$4z> z;#qKB8`W^LZyCsRcdt!2clCc|D!q?|eA6U5+;1`P>KA({Q(~Q7GPiu|RSGOdOKt3? zX9U#rVA45OYEFZJWXMgaDmKt@w6%`RLSd4Y95f$e?N20;Q3SHJS|Twc()-da(}xlt zl`{D%-s8Ygh^fR2Xd3*sf3~6Xm=mJ74KK9oiW+(qM4XG{Xy6EHn?o$dyQqFOOa3S( zYh*LI5fl+JWb6!(690%$(_W)OmVw?%+s#!3b~Cg!ZTT2=@Rptpg`xKc5IE3x7r1~~ zl|-Y_tarse`?IweETd#l60zVVn0yGH9^RN z2rD&9!-f%cU20WsPIdrR0rmSax5ds1S&LfxHS^0I3K&^W)V+2=KoGrF+5-qb?H7rW zIJiO`e1(k+)`8aUJK}i8AiVil9&G5FrHoX#m2G1yq)y>1?NnA4|7hXcoQ^-lG=!R1 zeD&be6g-j6I{N}#LKMCPhqglA{H%h71x65N<$42gsgJw}zi|^Xs3TTza4}tvkXB^0 z6@&3k`&yOg$@KY=pKXSc=A^RT$~f)VasvXAm?PfZmAXvdTSo5Hkj`qvg42AqettMH zS<~EHO!pkS*}7s^MV`o8wKUn6QrLC4imva`N%>s(~e<-nIR za*0BV?ii$~p@5bDqCz`EwBPxBXBzkc5(XgqnSumtQBXE!CtVIKPVSzOtR8`$-sJ!c zG5ucO>yY=hineyb-aS9AcLxw@5(P!ovYQi~&A5{zTwLhoOgCOJAwzy|LJlqQSQO$= zj;vn^_>q*5O_ydt<2??$R=sMeK5FjtxYt@0&|Zf%V6ro{-J~81roy|a_`S_v$9dpU zNb`!Yn+zV|9I%_<2VH5!+8G5E5;l09mm{pG+rq!erH$1dOl4IEW4nGe_}OhcDRDzx z@S^5@v+&5ZaWU1D032y-kpaq}`bM+{!!_j3CcgFc!}fK*3tGUx@q5gk4CKS4vhkCQ zG+sxQfe}ahqZePI$I;-VPqfa9V_)UxI@H$Q+r0=|Z3O}dPkz`J{HWkq0UnvN9-;Yb zFB&InXnmS*EGNhXJd>4`9Z=BJB*F{Ci1;{cpHEZQOlo?*QzGmd?5wBwo*bP zC3}1H>gRis7cmY}Ftyfjw=Z9f(ky%yi5Gjk)cupgbYEXCTJf zUI}5)8YK`S{djR_#Z$d6K}fB8}AGQ+lvD@F4Fg6@J$@=mYu0 zN0ULA5y*0vqg`s7j<^`$pl6rCl>!HayiWg!CmSe8pgmgZOzK=bC3*}9y+xNFy}m27 zc|g*-TrbnRyrdNhX1cJn7Yv0Ei~c-9m&f_TXc6oluLNA=wY)F<+!hhQGO+Tqk!l3x zLoq(%v7GkC&L9OBVH&=)MC}2nqC&yw#>uz`+jNw8uDbL!UB0tl4WZ>U7~YuQ2xlq9 z{Ro&o0?8L?;ADeeTJW3swK0$`uDJdA;dcoHpA`^%C~Q%j_%%1M3`2!ZY!x%vdj;cp zE7maDG^)v6R(`j@JctQf0{|NL^Qkd_F-Pg603^QwcJqQ@0?=o|V{a}H8b687;|2Ws zxp_>v5bIx3B9&IF^%mtkMxvSD)FuGUzG|QQ#h)+nb;P=Y4xrT7c`T663kd>wR>$HU z-FAMygfSs_P7;t(-vZmjVpmxTe2dZ=6h`f8SpFbCx5kWk&o_`q$XTxt!C z8l%K~q2V69KXA0Gt|X%!*r8j{O#*(AjJj`=fIx&F4z!T_JLQ>%xHp$$-uIXR8K`Cu zQN{3>lR^zuqG5@OVmcc;`2})pfFP7cUz>hBTzAUq5**D`y67=8>8BkCiG5}UYx_3p zy;)gy7Bie202ojK-rY1H1C~{|EIIj(N!7PAfKCwQ$C>p&>4hR2w5IPr5(vLZWSEdc~>kJH~`F{ z45Ut{zXR6T)%Z6kdGg{kP0i(i_t3IZp~|5D>%fUqiJ-j&PiWO@wUbDpZ_42(dy*?N zO94$&X|>n(#yzQc9SG@s1$61V??v)w6*<1SSr!8snF8u(#`4#F4jkJv1Hmc~u`D~E zcs3OnpH!)7DuwfeIInIuvU^?wF0{sqA;F{~)!}gKdefjgij5soIBDZz9q1eV;#gH# zDPVJvoD{EWayx)zyDA;WtrLj#iOssZ+0ilfQWLVEu`cj@+UER0Wn6w;9~|aOZ|O$e-OL7yhjT`*#Rrl#~5kZS_8ht2>-OT&&VZ`xuj8y-}VR_6hTKx9L z2ggZg?~xRw1>jwLKi&7c*5GSISP0rT2ZvrKe&2-@3Ut&$` zw_b#xh_45k+vR3)EF7h-zo>vma2vFLgA>0AU1<5^V^EK%Gc#gtqUUYS*SvfI)2RMl zc>MP@&%-_?v?3-poo|1V^NIfks5jIb0`jK~`kxNoffOpij7u`kEM|O|d1%V7sToth zbo(=2P*W*gtbrbDsU{Yq393gyl`RQ0E==B&2gu}9Z}Sn0hMk=LlF)pCRA?*>4;4OA zGv)7#U6P+ z05Wnzi*YTsBm=ro7~|Sw1t^~!AFGNUy;Sk(@6Kd1A~1($8fcf6t1Ja6v+p%C`)@kj zgcQ(i4_F;Dc!cRh7v4So8zUkr)r{`pG~1OJ1yHA>PBknWa1|M7U@-1+FHfn&lxW7Cpda zgQBpp=CzkbtXrZZF7bVsdwWLyehKx}EN@^CwK}6KdZ3_YcYLc83yQdA#fSkdpg?|0 zKQ#>x_Jlg8-r~}}KxZ2T^gF<7D5c5ktw^f5)~xW{@<%*V=~6J+$71()JrU;8lvtFp ziphr*Gth#?=Fzl&OVaaqOBHCjX5wvA!7I@0BIZ0eg)EUu*gUla>rZv#p1C-CC8N;p z^0$UXdHHXrrk3pkXf#zV${8hr{o+~97m93`8FXqen`<;+?4slqrVRSOn?>u8pY0}{ zGg)?B4sMx6VkRi@n-zTQ+~bD0r6u{`(FLLJG}btxE0p z*NR6Fh{*reD&-KL+?Ug^*|+6v6=l0KgeoS30atNJ$p|aK-~RFc!}-kv{pv|NZ}Ga{?+gX> z17iyh@UM7hfTGJsQbc@%(=Lt6!Q_`gvCaJ^eD+!j&)vTKu#yQ|_tE4wu>JmT#uV z7pGmq8_&Bn(y+dyyI_~H2P5B0Mi^fyMq`9ctU+jKX-EcTB#(cczRSd2XKse2FhXy)($U`znR}=fmlab-%o7(hIZUU@}4V<_EHvFO8_AR6`$fy>A_Lw)0Jt@cf|e z?9Ot7j$f$z7t4qTm6J!dO*!i16pR$8-QFU3(eO(Gb`=087AIWlT+~7|j}I3!tqgC! zR4do>1boWayC;-^lfMrHlUcI-F`#)xN0lXs2p5m!@i z&kY@S&J&`Xg* z-Az!0Iq?6c;0mq-Gu|pwa_S8LZ&Xy9t_2U+B28Bdo)2qPvMV(Vh~!ChnH%OX*+WdW zYb#Gc3&gJ*N^5It+e^cB>o%K#iwoumce9|{hQLVhI{Yq?)8&n}rNP4bZPe5fsBh{A za!2YN20ef4;6`Ln$W2tIaUKdLNn3$q3w{u}2a!F`X=no+}O2TBr`xH2*QTl;zLOdob$UE1TzseA*Zl z&R$#1465Uw{Kj9!e&$M@Dwf2rX%wo~KMguNz@Tv&VeHlt9(pd6b3A?Y zC6{ReShst*hg-Sp+9-#~nid02z*BnAI1F~_RR!{W^WpP zO&-(&Xv)_E3Q}F`wvBn`r-f&J<_Df5{8~OfIxbyjSlSja5rawH!0EdxZ z9S803=sPIexwvVd12N~n0_`we#Ale%3gf-O6idAab?X`&N5a|7v&7v+t?sq>KuQJ| z&X;_91PL{#rCPcDqT*_j_q)$v2XEoo{$v^=+pd;AG#PL%yUH;tsyF7k&R=BYWWB+> z6Ke2$W!2aBf%xKYz=;&>bk;q8mkdl^R*e9>Ttb&{H@DuIW75^sQ!7?`W zyD>!2PIe();3{Z|tvW{Dcmi&raD9$ljY7n$e`O;d7?A#Pp0>Ku3j}4nsEtm!!2m16 ztpk}H`aNK}AAm-K|3(_9Mi1boPMryar%q7RtTF~#>;oIyUgzr0`6$kLQ=eu%JqL#S zV0Xi@Gtt8b5uTKR2OK-z!1 z0#R^W7zGPpdW}vG0F4*fj(gjt6Jf-vLhL#PWZCw{x@5INHi;zIMj5cy=cp|^8E{LT ztu0G5W$wo#AkIoy8CY3erwYvf?FG8*adGkXa+0P5M=DO@27?}(ajDml3IY&E_XjxC zliA$GQuqi49#73JgttfgrL=^k1#_ufbG0}<+W3J>3tVl^uhOhHL6Q**#8%L6_i^I2 zTCyt~>_{X5t@6xZP2{UaV*93P_a}x)@eV%A_Z|^%QW-8su{|+>#9jhF8)^+_xIoy@ zcQJqJl->t5tS9D&TLqrezB!V@?laRH@$;(p#*@1x7FDC) zgZmrTv?`T-w2-e7Y)o@pJBDog5xSREJK|=gFtndz{|2(0mBL(ytJkqWKM6#X3uZsj zy)_juLtu?4C|+~VjT^PsS2s6r9FT;X)QDc~v<&dvSuoTeAmeTz3?%30R(R6cZ^xza z2v`ch7730>);D|)$-Qi9!IDaK?=4l>H_WPP-BBYpDK0DV8`RYeuMT-ceFtm^x@rb0 zEKr~L!0r0F^F`4QCP`-w&PKZy7y702TPzrj18-=pCunN-`Xw~jAAb&v6w%SB*vg47 z2c6_eT%aqF0d;KU+rnP{ho$EISp_wL6Va%<({OTu8xikz|A~%Bd<#igB5Suht4s)! zapAjvzbHs8;AR8bIn8pU5^+oe;SGe1tY6kWMaxdkpPv?WtDH@AMcyA80vi4`uHrrh|}s*N9jr2-{l!_q#@AVd4iCwkD&@4j3h%?XvXoII^i zSG_!_L~a0`CJ<8BAII}K4R;FA=@^az$0&CkcZVNF@9)Eqk&%&K^Zt6B&zi=0BRMs! znY&9QzKF*thkT>`TjC2|@%gUv06Z#%OQ2Hx03>3am7l3K<+8RgKC!8&2MtPcKHPia z;o-c0x?jYMN^i^x-h@fAjSBUmdW8L)=}W0r|J)qvaZf?_;R5DLTH39dJW(|rLw}B+m0su$acMcR@|ZDdoqpl(z0qNZ8@*#8XmSO=o0CV z#d`@^NN2z>V==)idG`Ky{>F)LSU|FpU41guR@`iN*O z1(S|=tz6l213XoycALIR1S$`K0mCoA6M$y$v2=K$vy?G&bNwX)T2lGX9z z_s2m}a5i#JF0%pId*=EZBKs8^yG?;U-5B0qQ{h$x^gWjFx0=NCvaGEBVR+r;5vSEQ zjVNW)m4?-khJO3`3y37}^Zj1w-o{otyB~;x+9J-QKTijyY)o;nyK$%1dz>vTED6}_ zb_|9}JtU*qm<3g-vvXr9(&cjPe?5I1Fi5gqdn{*XU;n3fd6x!hdK6dJ5Sw*qfB|7GDtf zYwtH%)brU?^gnwbMjH>9J-bHoNSizl;p$>@1bCPfilyKd;1UGUGFgORhBH1K1d2cL zp?=K>QuBTw7C9);w4zU8G3g{2^f+wKiok^E#6kM;)}a=0cSdV}5prnzim9+OWvn2i z<7MS=u)5tfKYE#r>iyf_37^y+6~(#%Xmag3)`H3AzGW6#jbJF>Z92F}g*vcbUCD}B zwPwpaM#Rdzd}}+2n1_c)j_mXS&V>y)u8lejWThrFF&hkOyICD94O-i2V?Yr%;e-o$ z7sb@+>D%SxoO?v~bAMTEb9&YG&Fmyi7WLK zV3h#Cw@J#oLI1)KKa0s5qF`+S57&bphd~%pJ{qx21bh_DK+R!GvC4dfOnx@L^!f?@ z9Zqk|?h5o!ZF>3!@W7$HN!)!KdXIlv023=E%KQYyAEXd;L{}ov4Ax~RxO8ZT8Z_4SOc+54N&b%3C2yF?o|}5g)UbS1lIte z>JUK89hC;@-4t(n0m0uOxL)nnNjMHD3ft|eCMh~F@mii>a~!nsx$@SEGYKejnRT5v zn-ny;Ib{+wZlud(;se^elZ(H}`w*Abniwu0Ks7YFDnX@$Ae-w*yp?x275$+T!@KaJ zp$FPY0c5zaSQFL)30s)5TDvxPs|ls|_xl`f*BKO%*bQ}ee^QuDzd4fK1{_d6>VH90fxYQavgO0Hw`{svO!4N-^{2td?)4?nPJmidZXSu;hb!_fYdV1VKS zEkPU4t;gVC%u0Ij9>5W(#EQwNU_u)|M7E00s|(g_$U9tFKjGmfx(D`9JCaj(5qQlZGTYn8OW9T;k|t&RD!enX6R5Y7ve4J7c+f+_k#is_k)f5 zPkEhxDomahE!@OA?oC41qYPVI`(AJ<&D#!X}m_yzo|7APqDCbFYEP3Sexbwa0 z!J(m9Xv%m*b9s+de%)vr{5l3OZ8EdS~$>Yip=8 zK~P-U!Xo;|Ns$!7HCVv!rvXd5{tZHDfx*Uim-_qr^?&-jZvagwIuC8~^ITDfulH^~ z8oDl*AP{+}UM@*wZ25(LtfCbid;Dwl7)3tBBLWCX`!@-q5aQ|Ohhv9?n$T^{dGbgL zl{zY3AoWn^<1w5KbWTMp%f<7uX>nRaMH-2L1LOR1HK`kLY2Alb+wOoqSUms|TC|wm z`HGP(ic>rTYubY1pjegKMMVvWYnNh)MpFcYNHRZ2DS&%hUo4=R3ols>Dl;%Ga=NPfYQs82e;( zKmyl1v#P4!6&@Zb z4oh@ebj1TOD}noO@WA8(!orzHt~;jA_N&YKztAO{x1#oFjoQT)K9Y8frHwDA}6<3hKm@kJf}6~A2PX9ShTn_F?g1<)URu9 zVP5a^9@j7K3dxhzR4M(A7*rlM6!4rt$;Rcprn|40{m_Zy1!5-X#{`&#%dxue?mqFA zG{(v0SNu891%nWx;BC<46Hh+z<>sbr^^K+FhEihDN6YC(^MBNy^RCkSW-2Y$M=&`s zzwKeGa7MH?w03l+=80!)D9LH?`G>ySFI=R*7$aw z&sm9Xdp1nVi^NtFX%(Bk{9QuAyS^32R}m?z#_EZgT9g<8<}892>{pKAv|eb`das4B zy(GVmX58cabcQ6!q!$QR_*H-=t(c!m)KjZ`rDrkO8vSPe^V6KfLbv_A0{i(qTaeSP z+;miBzU{bLeTW8!2No*!qwK7L(wV~~IAzGeY(>8Ylf6`&uLA12&k-k zW#_3l1VoNvm|e#12_HSsTm7y;%mRE^FnhXR@3vk?D`Jiw%pJf=XfT9TXD5QXKnM`S zq3@oNmq(*%!!jheTHmp^D@5^vjB6yaF zPjB&v(i-<~;oT8?HI9{{F!$>ah>9Vkd?VpZXCw={@?{esV7vgM8a@rfm{772g!M>e z$q1sQKDIP+bKB#D;BP1J-m-ZPfb3{H|?YzwVdth;y!#7aUJVvsOYA%^TB7@`817Pz${j?&THq*$8R(IU4Ul- zW!XW=DYEO91hkgNw^zR~KG>K{jhsn3>mvs_a$q_@pNaFPqtq(MR7-sv_H$$+tMCC5Q&WCT12&_d%A}h2 zDPU3#w15gRJVqa__gf4SEf_jRb-6@OAEukY%LDdZDHFW8Fu*6zoL9u!e{}bay6fPF zXJe`_klqDV4H|!X>~elagZooJxbkfwYSl;; z>~RsDf24RPUrPYDPSJp;Afh%0&+$Q~o|@HaqiyR9QX;U3%?}u8{}UIdcUAeZjgu_%=kEpyrX24XNjd4FL6aae<|oFe&I` zRLXxFG(^F@n042z?;G2}@^fH%A0KNikKRozGwkj;kUb-BJbVVJ{#U@WLVa<=* zI{VGkr!;Z!tpvfXmKPrV-OgAY1P5_s-wfU-pP;M5tt1TfonuuEfK&tZB5&7QZe|?B zhb5F@{le#a;zmYk3ZT&d)ohI)uiqHOv>vHVnV@Z`#%~eph#&ub5wg5Je-K@7~hbt)28_jDd>Dg%N6LIYsv*Lw4Lod_XBzJd$ay z_mcS%`IUF@YbNGIDrJDohqjr#v;9Em6s)WK-*tW0mmsF@^oA%QA^6h`aKk26oHuxg zIltPYFqa#NXJ7b0Uk=X2Vp7Z5-IU;8NDKG&_TJsn&bd6U+flW#Ghe+}b8bus+R6BU zh%(z({K@|J%ot?f%?E$HI{}Mxv|9V??>B{ETzm*S7Y|IeDjmr=k3MZGB4%F3AG&#FBU5}m%=(jn*Hp0{MM|0X&am>eeF7SN znUQG7FxKgeaHe{(qVRHH2`tX0ar|BIzrWpRt^{w5+uu#lQRPD-(mMp}a9qcC!0_1r z9s;6!1=KkACllQLBlDuhoX)*PD_!O#Yv*La_NagFEh2_uoKgwF^CvvuM>6hOooJ?W zB=KRK)2ne(tP30pUkm`220>!ct!WJ6s~#4ceDz>A#dc}TVcfn|*{H!dDfa*R=EF}I zU)5f&N8g{A?h;sQh9i9>QR4%;{|j z=6^qcQJYij4FGETj-ZzoYm!9hhejX0%0pH5fi0#VKrjB~CkvDDSst58$qR3R{|rgc z_(EY5ZrSPYTIBnr&&|=u3aCUKwN<-JqFuJb^%Rq(f4Lc*t~VU{;%tk69v^^Ltn~&r zz)lj!q6BGG-D+Add6==WDjjrOnN@3knvdpvPAX16j$C51_(=nfrEQf5o?jdGCy1!6t}^ zF&|n%Y1A;&8jjrxL~$Sf1p=dQ_KcQ5Lx`J*#?PhHq4z?p>qyat)tqz9MlV1N(}*!H@j!qQx8`@1_?e@LPs%q=S;Y@+{4^5X+j1l2s_He2pGKpv4Tk^Gd>HC5)w=NXP*jO{}wzhZf{qUgOv;u z3@4Vxt^-WL3k`0f2*4PA01Y6wQ&UjY$e*p;0| zT%pUnpDIZn1->mLVUYI$Bl|a68InE#ne@Q)(ko7}QjfvB8E|RgBU3n~rfYHWYw=DO zZX9MCTj&CX8}YyJ%1D*apij%QD*Z$fFqHZYzJ$`u9}uc7VnYkoW!|iOnPS6aMaF5r zg!=KgRp>0NtYkH`_wGM+1lz3m0qnX;svPl_3t-zMmpy6VC^8Ih5`c3e&C<0=1l`spu#TK<97V znkw-^e5AIlRV&u^I8te0l@P;syvKRJAI3_&J${;osa!p+MT<8`8d!e?eNMGz_WD^$iE z!%`VQU^N^py#|}|xd4@+{)xc5@RK?FA%H*MeDbTZ?H|bqwoZ}fzn$VVSsQ&tBYY*) zAy0rjKc8Mcj#T8_hy4TSdqo{@VM3{Ys}1+9Rt7UC5=|})XjUH->5txI@Lcg}!qY!A zB~{=iOYS+u1#d4^8vwB3jxik#u zg7E=?ul*>eF@a5J@Ar7ReQ9pcpvpQAFMW$rou@!YjEJl)0rZF9FBD-&O0~H>C=;Wn zkAb|@q&Fn#=IEE6?lB3VJw`SuIg4LvBi`MFCiAWa5N@i#yKdV()G@rdV2vY) z;Bu&~7Qjz|KM+|c(;I@j7Jx&;Z}4j|bcRK_6ry^m7hM<$Pq)Q#f;(B)29T zTa`djN_U7pJH-tX)g&s}GuO&|@d~9qxKv^ho}Y&KO6i-NEc2(~lS{~}pmTESQWg_5 zh!ZUnm+DGkf>2Tlzxfg_ZecQczEgWrPr6+_JH&w~Bv`FhsH1$Rki+Ke1RgDbPXt8} z{>|6dGqdzZ%4~?;_SRO5RKie3%5b4_&GNq@#Y6Eh`%@Y(dkPrd(8k}RR>4X}FO6Wd z5OqKJVijq(c=NWj(2;3Rz1>m-Q&uPj2Xbn+v7Nn!qSR{Q^CkPrdpayyj>Bn_pj#KU zvx{+h&$Ilt%1vp+Em#^j1b9sT5k#}aw_R$!`z@el2_#1=Kq)Xb6L$q-borZ-jF?r3 zMz+q}q?$rQLe!KE6s{D$;f2B2ZC`R|UDW0Yy(ONRl?=dcGn8P&KiFUS%tgKzK zwq-4q^Z?t-!wg-uwGVotYe|8GV&NtRL??9tFpx5he}1Ps@%qZH*N!Z={qJ~}su;uj z(t|;z<>PW}MLO{1$>|0w{Vqwj2DrjS6PNi--?}yCIa+>&DpXDQ9>QfM05HNGv8tvu zm&8J=&(KR?Y@v-q)vr`<3ang)AE*QOkQSRHFOiP3`WtXRfEJz;;slAcG6oh5btm62 z@?fj2nDe;|Y!2-3VaW)lrmBz1)eJ`}$ZI`(V@e@vtyO+771%Jtqy%0<_<@d!5MXqt z+_Z3sR^&C**CxDf7vD4odv*b*YJeU59~CmWt$Xm~-~>@rqKk=?=5#;X3S_C$mSEM9 z)Z#KzJOF}=SGvB{Z3H1!!#xxiqO#P3lMphE>0~sRPWYnjE^E|s_~%Wf7@Z3gn#QPd zxFEY*pxj>|1hNEI2-|{R~5eg zIj*`Nca{6~L-z2F`-cpI+g)pY%B$nUM}r-&mdC5OkMm<^#^Y9G5N$zZl1>kQvK0vK=O$o7xBb`GV=C-ruV@p)8s?JG$%Sy#%Rcdk3#uA6f? zauK2l{c^O#vgzE}cG%pEM5~(P_uS**X&yv}g>_~b0>UOG30x?O_f-(f zn)0?&=+94^E)~kOKKEQmT8dBi=UYNrza`Opo@0r|BI++g4+Smu&er+_KFd_r9xt zGA&KA7V3VK*_Zf;(zY&@wz2#4cgrlSBcRrNe zB8_Yq{h{e0^By^+>XMT^AgzP0?HhT=^7+xF{jGc<$CaY4nT}X)yQ2=u3iSB+Y_)0q z_qR*p&C&EBvX%QfvD`KyWIWLAXAk=Z+Xs3S`Q3L+%OYQ7-t|?R%jHcc)7W317&I#3 z%&px2HmDmNK}h|oGe^BJA#0~q~*~6c(}-|>}J03wKsuMxiq})LmaJb zZDFI;LQxbLi@TFG&mP`BI-KX(0xaT-?Z|d*xj6a|7nTsS?6!AO;WJ=~?~8~ew&Hj* zrbro3^X2em-FIMM;Z|y%pY5rn%0to?Iv13y&FNIpC(#Ph<7Q`J(hpkj4D819N)7L= z+IhXaCS?d@3MfECfz0t-%iNmx7Ck?IEI=|y;_67@5U)dtvel&O>Qy>3ET8cn?}ZNa zqM-b}_{YD)8I~)pR5O44&NVV>9*pUbiRHD5>qry~1?Thn3F;`_0~R}E6&6z(*U|p# zvl+Lsf&@Wc>R?S7T5Zfig;EwJ{zuOZ!D!F2f~K^^>31!xn)QFy#}R$h<#o zus0=z#kDm8NuD?x8(U$SUG&Y2EH3o$rT3ROKLpw+6f^i6qVFQ=#$D&NE1XW8U6AE5 zyphl!4vmsG(q?95$An`hGPQ^2n2=WrVs}THrEm>hq9m7;S!VSzlMIx3%ZaDB&#Ayq z4|xKgi3&bqA6&9sFO3+7UEHdn=#2Li#^F1P}ie^Ph=d11B0ucOx2$PkYDialLZadGJ>A zX@t#Gj7s0Z$u`yDR3LlWVcV>CLyv`4UGXiF{$>byZsxY!pRMXpHUIOubaeeY{}mo@ zn(mt4@4ntmkqs_?*%U)egZ}@KWPYV!*b#dP>_23-WGNSVSoz~I0cGbHAG#9_> zj~rFbn0jr)SrO%0u$9?$H=a+hK#qB41TZPv76 zg`H>u@ge=M$05Pg1MQ#V;vVSU29{;qm1uaPgWD}wdu7)zE9>10D!1~3$IRehF>lZL zxL2s;Or~`C4y}rRFLXf^y=Mk`L}NG>v&QkQD8uHTHT!b+O#?HM2bbPAH8tCYdhEsC z6jbRoihpscIff3qKD;yT#$|Z)rov|OZk7ck_OZCQ_-9;y_Veplckd6SqW*u@i=61b zV9~&<2y*Q)SIqu6J2&^-T8BpZT}Jv~fu~sss=-h6GrNTamI}3nnMF7-*sa$t*lf%g z$k2yUE2py5Rk?aE!YH~$-$_yR)_kH5Ud_pgFp`dLORaCs0UhhhEZ`WFi_a4otP(dC zCrSk7!-HP3tdDo17I|ur89xt}^3X9hfo)g#`3qkya)p6K#C`bK16cNbe+(j0nVun^ zbo#^I<$UR9W|>0!quVR*fvpYwHFOb+I>%tCOW;rXh5CSHQSv<)xlDy&{YTTv^8Cz0 z(QPVq^kC0-HP&L};c44*>2SY*z{~;+NV{8QaGB4NzEJh6dp%<3A-Wx#U z6V4#5p+PlxSxYK=SV&Ea)jnT4yesq;zM8hUHI8%*887TDMc{A~b=9r(zJY%1FO*@8 zkVzcBMU)IH<0lWdy`Ls6=9b~j#popWh%aC+4su^E*M2-*yr;S_dXDQW%Tz_&*BsQRvaLNr6-uq*zZ6KF^zBnvE%R05%z_E6eUHl z@UBe42t*(LqhZbwy-e6;3bVgz@z(4o78jQc%lYy>)+SMap5l5WZTt+QdzQThj?)~O zaXF106z+~$9hq(Y=E=B7Ntpw>qzgQQ_X7!O1v(B4!v=?o=I;vMzc7)jMy_%9pYaeQ zO^RjXJk1K;4CW==561W|i?*}dT|%Tk@)Nak@Hqb}aX$m=+y=N=yFCykT8^{6hOZ9d9gO%Ye+MCX;4aA;G#1XhszB1kV3v8Z-{W4McJA?PV* z?i4DmxGzJQ^m3$-_szLFTl=a zIl&1_z18p=XPe(vfO1PL`oi_VE57;} zxY2OAe$D4s*FVzx%RXR@0O%>5;Nxu@w>D|nXiWNGv+m;RLd7gFj_x=x;ML1baaKyG zrN`WWMMu+G`FSz-pC}A2`{p-$x4qk4G?i-4$Bi@hAF9!dd-<8x3n7}p-C*0{{h3d? zoi;c3@j`tIL67`!OeQ9ZU+%4lUM&dl!!gCDmwot-8~W0~XO>f3tW3r3Zbcbi8m3)m z77p@l7>G7Tij%KYu6n1uQI%!A$EHp0wXUxrhsm+9{;nm-S!+qIug#CvDjH5n{>g11 zkuHQ-gf#)Bm09JgZX(%*MU{u*nD7BV`z&K18Q!>MXAiIJB~uLC-c%H=@aesKrW!gZ z>9~BYQUVpt_Or#^L8JP$v8@jKE|N#sS6`1INO}X(@z+_xI&wI{h%)@su?-oGO68TI zJ3K9+nzizgpmA{ZGQ4dKHs58__EwNVDO>NoePv|awlZuVbe|OZ{rG+QkplpTL@Ee% zFn`^OC;M$L_V!#`k0h<35ysP}0FN=Lmp#y{ca?K2?MM(!dgTCV_e@+PCcn`xY}hhH z-=Sm##PdUU!08V_Ne{NEnF}-`-(tloL*DmXH07dHRd8;O{|62bLf(uj3TlkgcJ@XS ziNagMC@Se_48kwgY%Jm8{r!cOi;5abm9-G_{TE6%lG1Paf<4u|B88ROaAdO z`o-QR15I=#NlEEyY=p`IfWsL=n?osFZfimhu%J6-lVeUZ(_45cg~_5o3x7GSxcDL1 z;bW3!&_a~S?>TDsYHZ(qcPf8|_I&eOSmNg&qgc?NCwWrj?Nn}|vm&Qh*KB}ig3m{7 zZEWLNKBW zjh~bn?p4Jj!P)bE8dSQQ4HA;l97Pf7ZX~4H zAV?#n0@AT*1XQ|}?){tXInVcf`R{y=EY_NP*2Fc}%xd~&Qf;|HxBokHHI~a%=jU&j z03RC=#2o#gnUa4WL8^j5Z8$)w{@uW<{gd4S9`>EaW{J_eoc03_YD(Q68?h9LA~s*7{p>`yQy`tOZl?a)-$tl zJ{&681yoyio3SlaH}U>wYBjGXor&N#A&feOEV#knQc$eAKi8FF>s50J`I<8((;Uk5 z$myucTzPAk4EJ}W-E28H=H@#f^qixXY~bePiB`+JX+GT&65B9~(rwp_vRpr@x45cD-%3DuDq`#+G*9+O#-;gfMfa!Q z9mT^ltD)(E8;y5x5=zT zI=}G#DTZA$OOnEy75}Lj-_f)R8!q=EVJSZOLn-6NVBx|AEu(qWT9|p2%Q0Z2iyo&fBCCHEb?A4Dc8LJW5?<&SB zM zb(^Wg9sK)WFC#2^|GVJtoGb5dpFz?G)MNNpjneQ2+~4_LR}nity?Lf8cumegzy7Yn zuY<=b^51PMpJ_viJQjOXP*B}dmx#{((M2Mb=?jo(Jib))2b_4g8 z8*!islA$DJoX(?LG4R}eR)w3h{-}RF`0ZO*@SvJY`{`D$TK2e-Qr!Q(`dLPbhey7A z4Q5^$6QRWB&}gN7HJt$Y{D9leO5u(z@4QNsmZ8VK`KY>D_YncVvaWIQR9Ty2I+@O8U!#24wi&wW+=c?6e@3kQNoVCa?P!b zX#GnwWqZc204)%3Ms&eAt`?WJ-koAEz;qSx4+|RP?D@%xDAz!f`;Q;Zwo2^tg8&aw zg#AQp+o{L7OiA)7`(n?(;ZNkuUL9UJ-+Z2G?Zyr(>s!1xf;!jKxY-ZZ-2{vkxp|fj zL9@@Ms#TOSAZitCpzWfgv5wazx86!II^~g(G^~p@WT>bMu83T->?7W&f@3YF) z6R+#vd?8RDd7jGr2bzFQOiYQGf}RzHa+A~Xka-_)=4&C&9)45HG#ekX?f053T@<@tq z!|lr3AAB1a3-ZX8?CB<3lWp!!xlgSm+%j(;$kRhD46PfwH$VRt-t=;oD2ethw?<)j zMS*6BFUh!&V$|s+<<#h6hK35(i&l>({zc9<9VevbGOe!-~n z`FfA*&;$+T?l?DO(okb{O1mRjd?A!PITmh+^*xx!KK?a5opQ?xY#W;_odm z%SJ#Yzzcl?jlOPQw^?K>sWGm6-P<{#@1%<&^wR#5ot25cr= zySMQlMNTBGReq?5|2)@9Ro<$Zr)RC#QJ?GnFKOGjFa~kw_*rr6kg87gVz=n}>5ki( zfy7sYkA~UDS*4GZJP*seeQnD5eCwO^YHfOk!K<$A9Bk*%(bStZ>-W zuku-$E3YIdzR~i=^HsaM7sabm4AgHA=~gsx+jiZ$E~+aN)*W586?{GH*@iSaS=>d2 z_{^1mbnS?*kPW~*sA{K_sW6of8ZUoS%(=F%?I+$2kMy#f-@UF^#bVi$Qdt;ea7gc^ zx3iFW>@f5*os6~T?qOksfaW^tM%`;-HADS+z5h}hgMrkmXO|6*rcW7t==qpeHu#Rrd7Ya6*bTTNq`;{E)WB)oXKwhDRw zeCIc9m03MN4Tj*d3GvB#eewOR$CzD#H#HUSzdnrDJyTdVc9*~# zwmYcriF88nrd1n*M16;iW`i(vGEYyPkeM1XVz1;!HGeAeUi(%n`|U7GS4rwgd3m8? zx5wR$k8rmio;la3q_emc=DSCkxBHyuamL|!+gjS75nqB;cqbo2A2996Dxd3KNS17=nzNM>ObE>;qB&i+zU6E*2kKzF39Zjv3zQqO_R%5gumQT`M5rQnAED=} z_2>ACJGbf#FwODWSV*W!pN>Atv{H$pL1dJIGd`Z;U_Cscxnt zetsH7TE>JFM-)}&es@1OqysY0;SyD8xh{^ewLO+jqdi{Ko8Ir%{AhD=w9i;+<#bl3 zTBf4xCicd?G7L+8MRCVNh05f>il4_28g*H9kf&kYshU@GOgyPZOlb}&rFDE)CCZM? z+?$KK$34(|RmE?%DKAef-`!mKSkd-}H5d>1p;%;nKkrw->4?~hith0o<#+tzKVi4< z^I7&~iH%0_O|Hc~OxouR655MW#FclzmEo;pd` zGL)K{wq-@91iN5hzr(U3@nZPhA?2}evHgSTBQpKUcA51B1KFr)@I%UwZ3{8or)sgb zu|YLZAbu~au50sLzT6c3w~!3NDJU>1WPgiNZBnx3@MhXnNW~Z>RQz_T9ph_=4s%=i zKv>$$;gE|RWcffW8|URK*FbbEuy?c=ky&B;q;7g6)b^f1>h}f*vB; znm-Lfi7&F!=TKG)cYm$kx1$_icFxMo{IaEQe?y#B3_!=cyu3&CPC1J!TOJ;>VZPz! zVRx_KF2U#~N%FmdeYCeJnwzTG|5!FIxrW3T+b5d1HSZZZW-a)H%>Kg$dvM*qKuCOj zF*Ci#c9<`VF=Xoj4*Gxd*n2r^(&$;OJbp$TfIT1fmqEjvTsK?pgpgN=HZ4RNEMKzz(*20_M=4*E;wqse) z8lr8Cg7P>>=DWDtT5_2lDxz5Volp_FFCihe&xV1G&-;@v1J~60p}c}hWt|~Gx$8d| zPe2PNuF8H(lkzPH9{&EFheJ78fXI3K&e)07XlB@sRc!f-hq(mh%I{-1yb3C-gc*;2JfTXA z^}(JS_sgvKvr(*=u^P5jZ=~zBPZIBP$*Ihr)fK4`-`fG~b^Gi+s1DUJl^u!mfWA3g zAJ+Vv@~!J1zUD$BNC8w%gEg#AzS9P;Dl6C&ES{^Rteyz`vZ6^pu$6^=Q6tZIN@#EN zLb;(2O5SRTOLbYa$i9BRh1%hG=J(IE)~v zzwi_v5zsjrFQVYX;S>@Nj{&n*xPADSzrNb3rsK5OA%*?$In zz5i%#1R0*lLjbBT$S0W_!MVc(-zK>NcdZVO11jEaiCsvkWt(!dUp{ z^yj+4kr68o3*shU!~x{+V%WJ&Z}qO&#Dr6(l$x)y6^-+6qnJh454^zwjroH*pUMV* z^<8~Oyq!2{_L|Jy-MIM0PhFQUMZel!kzWwSuG+fM@aSWv;LWl5VH@9rs872mhcds1 zg^lme%Mmo&DNt|r`}0%0w-_yZ0j36vL!HofG-% zns|y7Xc_J}zF*u4vA36g%7b%C$k$WH1X#E@9ivtm@fBJ@wP;HkydUDOZTDzqXV0Ys zL~(SjI^L8GS?b$_H|gzaR`0k8EzDa?-4a?+zv0E5cN)qPJN!BkU%45l`~21nhYI<} z)JD}^pD|GM_9WeEbsS2(v6EzoO;Wo|Cg~ucrbxvrM}6Pz-|t>~9Kb%hU-4srwU%g? zW*b#V%KKNF&-_i4(}u4bJiRF<$bb2tHbUe=zr+f2iJTE#Vx)WqoriRR#GZ)DTyUX5 zorsB?GzG;aj4hV(vTLiv-U`Fsin5AffpGo)oX-45;xnHH9SNuMxpeRfbIQ)YsfgP; zPSjI1Dy!VEjbIZVS3?E0mr_ccK6Dq=2cW?AvzCG`>^9J!Kh1MenqR4G>p=z`{s-i(gz z@p&(?rp%nXvVzOK>y*XLKcW-G6^_YeZeK$)^TEuWnBM(fQ z5Bbr4gt~k+kIXSr!A8dbCw=d-<7o)JS;^i6NqWVgg z>s)T@Lghgs8>5!}f0P1vPA0#I`P6A;kePmYO&PbnEF3R#b)n}qd+_nUuAEV`=iFJ+ zKofmatZ|PV&MAmZ`K}Zd3aoMn+!5my%j_|I@OqD#FZ&fmUgl#!dz|-=o#wk;PDI&eyTcpmiP3_b z$A4tUXM?E9Q+Agd*2OpSg5QNRZwv>sC-!Cp@`7eJT~#aeT#;D0V@~<`By;|dQpq1< z=ER4V5dzj`Yq|q>osh;*K52n zK>2QIb97<5NNSf{>4FlC6r{`Z2WI@2;bN8u7HDdpZ>A13nKH(ni>JaxNu4$0z6<3r z4~;2%er9flP(83q_*$3Sr~30zku%+*_ut(JYgptm=CS*2gexE2g7N3^;XLeDhU*s( z9^;AuAKV7lsfvLmYL<;O5)UR4K3pF^J6d<4KVL{3`jNd-z&AwT+6T)nT?A-Xba z(o{Lx3rbXMY-}-NP|Y^}1@F{G&zNCyg6J6-0MX{lFa^K~ew#j=lUBrix>fguwrtp? zt6IzVx$jstYBZc#nc{1;wpJX>nX!<(0da*--obA^39S2w;TQCZ&!xMm@P_ULIPc!_ z7;X(hMQVVF&33#XtOK&^$6-TEbmo_L;q-7AW3MY^OQ0MH# zbwPa-BD_ZPn*0$dmWuf@$L4S6uFec3+)C*g)KDEeu>c}#pVO6NX>PZLVSwZmYBQh^ zNiUVHiVIj6SAR7Jsg1vVSbS~D=%c-Et|Tv;FSeaK1$)LVZLH{cRCvmZYG^oE2sCpC zhYAx64hgxgsH{MkTz&HWxID~wsJC>zitkY-b$EdM(y+l|tAe zwsQ4oWkIdO8^()J9xlsVwf{Wgr%N0!v#vxZYPWev|K@=Q+Wz`+qoc(b{UKCdhCY#l ze=e55Da1*(#169qtrDH*-p>GD&t!5XrHxjJBa#BRR;1N8wRx_0AF$(mw3yRs(ixml zU{TG8CpM9TYgO%J$w0&E<^3#Uh;&3GeJoO+D6A)pnR2OGorE%x%hdm^K2iWZi0)S!^QY?v4Q#%7>@XlT){BfQ|0f(>mDJ8Bv;^=Yu&vV7rc^^Z&3jUkw(Ux-I= zIXlqA1AT~B@=|AY#x}y88aP-TB(izkLqtOR=rEgqj z|2p$sXHK50yTv@e44Ina^gn2i-y!-^v?1@_eEpArwC|PfSL9Pfg{xf8y*ImrVdpBO z^|LDWMVd;ARWnqK8v9f&yL-3oFzTO2Y>Ii~Vq<$NjR=w@i&x9-3(Hvv*x0{c4r!>YttUFWdJkbul4Z`GmN#smw6fHd&~48sfT&> zi-z?6=FRiXpG^Txy$L`_M~NWk0T8+s+LG90et)ceORYmD&8=d!p~R^xXKrSuwKiVv zS-Db}`{8@BDbL~W`_qTk-+nYnHH4;Gx;3GWPjX~CdC6DD==L|5zi%rlF?qpdlrKo=?RO*FJ4_hoj{T_lu%ZGaEuf*Nd`@bnQ@Q_2)I1_E&CAcX-wv5Mx{nt_ume zh!4ey`{06rs;a7Q%Bs|V*n`pkBJr6{KfuBm9&KozXI62c{Yq>rHTRA)yDgGZ;^;=8 z3A`b39N_;99Qzk8#zV@lMS$b)A1oJVwG@yv;&)3fmGmu~4jdoc+ zu_j|Bp${VtDz8)jQ0#j!kN^nq4RxxJn#|(#rXOqPgP;t39gLSPeeKD(#6s=u#!VM} zyIR}uKKynpT~2p0e|?S9iC1RuyR!pN{8Q{7L`q6|Q=E8aW#y0vz6VOX_S&WabCcdj zdgtNo(}RM`?D}lMXsF#B6&oJ)uRivt`vCRpr{ku4*L@oIE=sOfyJIgK<2=RX$2G~h1{9Vk-iG|0DP>QX%~vtHeE0It~pNNQcX;IzN|VC0A;F`>x0--l$|7w0RXf4uM-LH+N8kIYbq`Znm0TG0nt% z8w5y3BKzCLoR7x^LJQ2ZapE<>%^`k(@zNV!;4_G>iQ)*^k>y3BV_j7oKVHEA1QZt? zEgDiGmyjtNkTnZB@eWEDI1FxJc-XDt_C~1GIPZj*qyM>)mA9!;*uA;V6q_=~0~mJS z?X-=i`z0o8YZ)JvG(NqFDY5xb4q*|>>i0t%-2yeSuWoBKnNkY2G+8nHUagC@?32?J zjL&T>JvsGdIZ!(&JR0A_)z}Es1G?f=!ebX7XQpih0O-w9`c5h6%8#P6y7xaA->R!-L3mq(bkqXk(B6ZfB1 z4ZgE9nBU(&1Q7aZWxZ<|QZZj<9`{CN#Gj~%hx!{KZ@7RYz(ZzgJ$g0l8?M}_C>KDhHu5NeHK~KZO``%)4AYv&; z+tT=kp&<=R3TRYlY=RMCX5p#ZN-0Xx0CZ+thM(F1;N3%u zA-bW{h*8$ z0g%3W;PZPRO6E}9kX}{)&zPeIeP{+*u+BvpDtd2}!XVUVOSBN=<(fUM*oSYW4SnsS z2Th!CYXyhdgV;DYlI#qv?LtT3pCB3f_wM1tdwXj43S6uX`F-jA2VHT0A`^DZzrw7F zMi<=DIZvRRPGc+((HEx?S`9W~h!io(peYFgYohqp=Z3rl3&5T8-{X^9Q7Ufe%3{`%Nhb?UTp&dxS#XT5UTUX^@Yo8We^&)Tn1|H0I!?K(+?W14 zwGEN1iYe4LEo0bxP<{q+cn3nfhz>YL1(|R;u$8EB&}vJ8qKjVWc@A2edO zvI0eLs8$i_R&C`l`XkyaKL$u0q_2GtYp8I?$^vaH(*xoYA-##$8$)=NiFWTqr|3#b z;FC#5F-%R~2oYivjM*kY0{SI_8@9V^W1CP6H}hS9$%G;|!JcAF{II#ijBQl^$0w6) z6(|D<2Fk@9P#gR}3LTJbo%C0!HaB@y`rx5;6(XdubFdBA29FghMMXsZvM~It`g~UD zZHN%HE2_F2wi4O4-w;-SI6Zm9n4u)=$Dplsm97TP>&qXL%nLD zgy_M8n*z;8=^9F}hq+>*1wyn)nRZhahsR6qc6-wEge5>ul|X=y=z!{uS13b0?yDmn z60Gs{mZf5);#Y_%tVaDm=+=3}u%(M}h$gk?Ku!7D_3IU^UuExeN9qB6qqV3*D8gO6H%q_PCv!n^#tUtMSVDF+AjQx;j_6P8Ofi zYwR@h$xAX~q$;&aO#5m06hn_fSJye*^CFUEzwIYd!owTK@cdpbaAX-_xXkbu-$p(8wQK>!iXfU!E~W7)Kvhi^22+BNK#l(vg#|=- zJe0_7f1i6g64zE03cm7qJ6}|QK`|O&-!jiq300tbr-5cpGUP)Jx$J%5x~4t?%ekst5z40!F;8Y$-^?_fI9%7^bNP z!A0HYRjaW-iGZR;Xxn3)OP7D}^R)=7% zN1Qec1`&GWsXCw@pZ?4xW!EVIIZBa>Ga5>Fxwj!Myw|qfX7cC$>-fp{OWA!Wd!Pm) z$+&qfg_MZ&2*eCLcv|RFneWnwk+ht$E3?0Tk<2tqjz9I7gVw6Zs3-+h8nN@a$1}gy z#a6xr4$w6LVS33g;_LMsXldX4-A~x`kd3;e;wMd8`RX+$%cl2%rR$A&m|IisyG;8H zFztwgUKu)X!W~^00Si+CiEJ|2G1oYRHFUxXf;s)1SuELL?1QuiC%*iz>=i1JV!dSR=c0(YwO7!HMwD zvEPWMp59Zhs`fYy<-y${;A{pikE>=+xWob1%4M?N=hy?vMT7<0NA7pZizD~(O{8UQ z7!(3?d%gBgkrN?jN591!$C3C@;aR)p=Q&r2V>Dj49K69A?AQ$dXAP{ZYs~1sLVa9| z7I}lz$}@qTiV)xu$45R(>ylWLOBn)D)lBojoyTXQfC;}}_35+oI|I?(2{&dcBE*5v zd;KoI#FPNFt*qRYyGSFi-qh!@&GEJR$QH*%CUxk81Hys26qE>3!V_QD1I z)%yqwEtqrDya9dzwn3{bJn-RG%Z<&=l;3>oDo3|Y;S_B~C0SZj-dP7)Sk5`@s^36m z^z{RqF$c$+HXIsCtWic?@q!Q)rvxte$X9`3j-b)wbJJtOWtuNG6_dnM)Io3bpdBy! zvKd&83`A0*el-FuCf*Zw>=Yi$)}yb(D< zy(l<8f5$6%ZTt?yl*TMBFEo~j^9Udy9gNU zjp1cV`Yu)tbtkso7@{?Bn(v9jSa!$fJ6Jh}S7aswoV__?0wktKU^30|aRK7$V*zT<~S%qKW&n?e%|6HQ)X z<%B0Ls_Zn%uI)GaREA?83c#`quWo6&Mg=Am&`{AyY zF_~*vWTOPYl|CwUrLdW~!Upd=&hw?=gkLkVY6C$*TSY%_A^hhYuKtmCKR|n}Kvaz( z0vCwh9)!YL>=l&TM6(Voj??F?tj7j+$^+$KGrkt#zWVtD?-)%DdC1QS*6?-k)Ts!) zQE6hlyj?h@dvnkAFcBhkI_4RCge4aD7ogqhFB0eXQ6IWfL+pEPD@(v1$++^S;K*$d zTPlhojr?Uyvz-?)ykE5IJZOTbr}5P#2PNU9k-mq!f(LlKh6i{>;6lvA@DTo2W+h3$ z1>&C&cR5fblm(di$KAhFXADfP&}KtOuhzyYLxIVn9S;e83=JGWx>fp;zx&*3oO)Wo zVa*V)+^AprYVR3{)gUgV2o1UwlA51~_-WlQ9Z>>cFO&{Ex*ruZcX#Ce`bGRv13Ami zW;3j%BQk4dsQ^(>HY4)mA()9+&o@-Tw?daWi!#nNfob`7HUe*mH;Z29uVqNEbA$ED|HP zH6A%eDnct1g-U^Po$cdmRDC_yjqEOHkwArKc5YTXKl@T%UIZX;g&YVAdpM8l<42Do zueRV^f%JU0aH5RMvY)Ot2SOUk2Hpr~4y;C4Xs;>3E3;%zMM-L37 zT>?q}kU8P4Io5qnfZWUcnyo&3M1*rt(v%d12bH${jZ4s>rNK{Z<)=4{i6icJfp<>c z2!b$6lKT!Q7_=-A$$_h|)q(UcJiCJ_xgot)Amii^+DYWB2QGQg85>h}!KY<|LB$#a zk93_6D}NIsTS^KFL0)S?o=Z^-m*byB^YRMudkO z)lBsDo%?wXltDUG-^Q*M;s{l6-%8-Bc4wYNeqZSu;# zfSkQ0fTu&1?mg&vSLU-o1_ADre>YVDn=*x1J@)W=-&?4+Rq5Fj>{HF0plgAknJMK+ z5qsDUjufXq)W}&}uEU#S8h3+YK0O~Y;Hh-n!8CAdK;gc_8)}SKZeIZd@@><;Yjvsy z;%S_z*G?7o++nn!Le4rxMn(nuTNx(as4K`wZg#CofxrXrkvhz*v3PQU0LUYe%}3uw zerRBr;5LgG;c|(H>8V6f&+oT22#|wsMe?n{^uG#Ewn*~y`&(h<8IvYG!^&N6pkH{T zw;dT<;}qn3=#mMTG|AHVces{rKmkM;Z$P*XJ&}9mvQ(L+@#QYUNSfslHe4|VRw~5! zTX8*;zJS$8U(x(eFhX!B4*ttc&aKcN``>RbR1Mj=PvDFfY^AX%pH5u_ltq#)bRk{6 zdFfdEt^m7@z#$EwM=Pi^Pt^Irf#piUCf>6;b%a5nC;IPso-J)%#4NW^UW7-tC7IQ5 zhu3)W>&>Nc+sHi_i#7+)F4AaJnbXH=qf|kRD{aG8Ouv$1n4lZ9wi~<~O`C}iG3BMF)$5ONx_kV~5+JM-9eJTsV3;MbF3_XLI}#P#QZa z7ykLa>IN`qD81QHcWPkWWQ!IXHe8yy1q+(A;!x80^AcvH z1>{Jbk*2!h%V~O65~Q&UPRdi(3E8vTQB;B8ej?#>#4jp>$KonZCsJ@aVP*#R#&_(ai1W4FfdehcmekNHgtt38VKY6%SQ=&|(KThk^6375{ z-s^i^P&moJ=4>DZJpFmnWQSYOD4T4+v{WW(tzh>#Y0*w5j5 za-?o}SEU6;%3OO$OU?q#MHpe_6!Gb_J`kV3=3%)F4(!Mtrh{>RAI~6S4xh4HNL>%F z{DwD$2M6*nJiF)gRwYC`+_Ve|fDknzW(+K0$*E;abBn|?g>55{MJNg*jn8n41Ce+u z1dw-<5Qx87KH+e_Ruv|ZU~Lk=OMAI1_d8x%_N0EH28@^E+MPC`s(hN_vp$0Xlt~7r zR`U7pv$FU%K}W*%OSfg2?M&$*7`tDpg@7DydS{lGcS&V}I+7N{lnYoE@`NEgmWQsZ z$pWNBO%4cRWFDtlH&~o<>z=*lgX*%f1niEOou1Gw3Ph66s?^2gGgCIl+GuTD9;C7` zjt1}ah7Gx6UiIjItNz;&?v>Aoc=)?Q=(82f{>0`1w_!lor7V}nFbSZtXA2)U!T@d( z|MP742VqA?WZA=g?^htM>J&#B)j$MBFvlv}9@mv$W>`Cyb`I{ie-D^K#a87ln?4GJ zRPp5)E_m~Phx;4O_Rwgb-Ky8{EM-W^_?E?DyNc z-f`6VDEQpf_-6>|BbXhNO=8`fgxfZuW$6_5R=EoX;w%fk)6lIh#Poza-C9%?lvEfd zO6aDlltX`X)c4QUgt0J3W&4uK{4V&DWZ{QZE%kMtvyM);$j?-LBWP~s5x(+y`Xly_ zyqp}AJy=Kw)k#9qDvJNOyDKt5EvJ7-sdjfI2EgtGuY2wfUg4(ATswWaR*XDG6%Qc| z0S_yuSoLM=pYOQ-YM46_Zw!6e;XFgHzWNhBE*-&nq1*CRuh`$}e{v4oCPw^I^c@{t zmCsO7B2q98yK+$q_f4tDPsPKbU%W>rwU~v(0^eTrU7ByEEd)Uj&SmpUuk7$VxkrSs zIB#rnJcNp1N^313RR9+4iE<;2=dA9Jz5;jEwpvkOD+VMi8R@j7&PW$QC4d%=roVdiIqmx-Lq876` zn8ZDzQKuv7Vrpj&LYA{%mRN#yF57x(s-2LKZCd&c54lZb%UK&P0^L_hE*#bnI0e6y zA*+1baO;5`vqhZ@o^(#=kWlsW18xn<(B2`7qU=Oye&RWe5T+meHpaZfC1N1_Y%r4s z-@3XYJXG$_Qwdh1fP$$F%tXwnEJ=R8A_*Pig;wYW^}F#6W*h;dJ%wcGxD(U{$Ed?l zAa6J$n`^>Tjd|-Py!PL|lpz(yNS8!lES^yy{2BY5sL19YbYQ8IUPmgzn2Lqilak72 zzEL3wUwkSOxYm%`v=z0>KdvNEa=fBlXkTXQTGwhS(lWyDb(sPyjbuni0+&@pCsYpIh^9Z&yjj^aTM`V1E?eMx0Gy5@I&VX=q%5o{F1L2-y0^ z_k0xl9aJfm$9m(5ckKKm42OWA&hN&>D8Vu3A27PBzrX*pGXZkttyzg3D?4laC5N4r zJ0zhH7P1Ij7Z%nHy#>RlK9a-m7Kx3agR+>jNfN}+!<+h1!DI{+KyjxjeaRXVRc`AF zEnCqk5I6Lh-t(z9FNCo(B`*-aH*hotIk`FEc3aJHk7s~e`7QJU6`S7jDEx9EBjP-r zNm;3V$!NFL2=3pl#IMm2v34HaFpMRk*`PoF>4n5ZMV0#b)Dksk@FLRh;Imz1ykJSc zdv50z;zxQFR>!H>B?nNke=>0@77}!!>z|i|4O|7lU>Eb;OEjx%Kh_xyzi>2>lA;b~gk8DrzB!lu$Hv7`2awP!fgq3fXP7M9C1L(bK*(QtjE!}w zKaqvfT_?We1)xPd44PW+20N++RM!?~w{C`-dO2xi4tfSTRN zq+vrEQ4eXCWjthF&*H%hk=swB!3L)H;rdT+U-Wqg*;2gslb!V0`e)VEo$v=QLugsH zX!K-y;Z7}WG|WJfY5f7oprekrUP1U_1}w-D30C{wYs16v;)av4^s6BK1u+1@-Pf=^ zlgB3-E^}lrB{)V!jir6NV8N0;%=`>>q^c9ruRCB1WP{G=u3 z9I$t1H{7p!c=u?}>%GUb;&rik_xc{R!}^`6`NN4a)W9-tS}HT^Y-|M}i1w zX$XckobX|_+S~D)jzV#C1<-|)X-&rka=*|bxps#4J zTz>k!ir=H}X-f#$^Ngg_)KH5Ld6{1lVMkFM%F@1i+h6m|uueT>7ZCxe8hTl)JUSij zjqS2DLcgK$krIA)>xmjGMo@=duE^#~_ptTeeL=MA*V#A8$?q`nB8?l0%E}McJ=xXu zY5e$JX`EwzcZW)BxYDwc6i+hBOnrK<*6`$B74r+)XqZ?o>bCNxE~EDkM$ro?vLN$g{k#N9y8jv361y zbv&%4$PjM6<(j7AlbtvXd_NivI4H~><|xoahZ@{=dFGJ-7}2*J-ObIus{TQByuC*? z>e5zheS?E+_mE!c#i77q`$@&_EH3Z!M`t9-VS^7- zl7t`deR7mM5E>SqwP6L0B5kPWs1>!qDFy8^=S%gfoz@Y3#;CrGbZ zx{FB-&1`j#IL%IRc+qQm9o5&dsfeV_%0srG3GGjrkGK$SWzdYJwNSo$iiY*k(|!2J z-9%M3%RD>u0CMS@k|tusgyv-K+7Be}TduTIm!d~>Q1ETp3R1ObLL{@EAR38gB>`oq z&AFNjL)PWVp|r@4zRu20nPL@9b)p~Z=H+SMYj?H#@cd{pXlB10E{u@u=Ev}CA2q#v zMJI|xkH&U)Te)V=w-yQ`-14v&5wDr%nhORgNgaz;c*rHC8teR1caYIi9o4mQVHO?a z!@aT$ujkC(dum%_s?F~eXi$h%wR6@$$E{m!uL8-)2^!x<@a&KZxj0MnrKYBK@4vxA z>L;J(=WF$1FjpOsi+}YH^LFFs`-13|?|ms#P56?pwszL?lU5d0#COgiM$Pb{2zv?* znd_cAI&#flB}VoezdzkoL3#M4oLAiS|ky$XC z`^3SX7)j)MDng#r6Dx18OyFk`3Hzz3unjWs+8pXi4x>YUEN2yDRaBM-(o4RMYL&?M z+}M9f^6C_#p#=+KEPHfbvz6vYnX!%HA?S!nFIS&mFJk`N*74!a1HO7eiFciRJTqPc z2x7R}9`n4?eSWU%3UT<)nLw((C>6ABoU@Ay84Xe*^gk*3X}hyx5z>M_#E7 zYv@AQr|||hHBjyTcc=ae0ysp zSXun`O_Mv9RAavG(jwp96%|!|`67+Bh(WZ@sgQ1Fj!uj-9N+ieoa-_<&4{qvuaURT z&8VrX)y+j7$@GLhPVo*y#slTg4xqVRrA+!Rvj(6(p9i_N02P z+D4Q72E32;RM_tOn^YA|H6j+d>xzo3ahAXG`)l3S&x2q~ii(P6@?4fPq`W-VFztLD z`+-$2wkm9Obz$JikEYLV398jzc}|u+Z|M*vFiq#S*T(dBUq_@jC5O=?EaRP>Pq(~s zGfqjaY;iCTiw%!+!;GK}qvhDDkdx}3{1hJ7wa$dU2EIBqMfB312a;CaAJY*aD~l%m zcR}-V^Te9lDVu5ph?#<>oYLQIio^3%oTnIuB%+?KjBwsW!U@1V1QI_xp6l{dmnvB5 zOu)F@nkvufk)=T#^9yWr1wI7obUniBbygw$lexUM^!6mZ9*o^HVoKyUWodqG!9egrEacM|&e` z`L#Fa#`??a%;zgAx(3_Jd87U(^TfXYWL~nAj+Yk53aIQ*H?LZ$R*g3mB6-eCT^7AW zLE}f#W<6WBt37xJVc{D>>w6Y2&G+ZGE&AtiCDc1#OI!s}duuSO<+2pKeOj)yxlvj{ zEv2ccS-KRc-u7#v`7o1-fgy^ASn@IIe)Z{ziD%hf|E~YOAoKN79`d!!5#R4a8lzjSRW%;-zAXJS@_ccmeQ%Vns znwUi-BVY^J1v&WPtW@PX)US$)Y%@0Kx>ZzYU02XTZkryLTfH5>&ehDeA0{4RH#cau zu|4jwF8Vu}lwsxut-K!t2SR3hQ*V_m5+WPCto6(i?i(j`_kVfj(!uQ*Z^!F}0d29@ z%1}BU7?z0^GK8h4G(W>aU4iQ+HLNeY z{k`p;z_GZtM_)2CV{|k7Hck7cLqkJ&f#CA{cPZCDuivIeHX~NFaH4Ay+1LJE{GR$i zS^jDb$)3o3cWQ`1348!KP0hF}JjpXz1-{t@FEyHG6B4Xq$14jiQ6LY_;+9GKe`Ni2 zRFvQM1`MB}6cCFP1VkxGQ3NDpL=gcAl}`q*=>eoeX=wye0qIg&=?>|9 z_wf1t-e*1Q;UCv>&3*3soU`+~_Sr`{iT?!&_KYHfezH?kvJ(pr!b>Y_%g=^yBXu6b zw`R%~DW@=4Rdda~pXtZ-v~(T&bDcAS;MT8eC8sAkmgSWXVB2rN!I2need4AFx~jf;`CQksP=94LA_eOG?W?5^VR)PZjb15 z7uC|$WqLSAgH1}xNSK=))L(gnuH~jXnrRCB$=Jz|-M)G({mny_uaWQG6(k)5$#?^9 z*U9HYO-)UhZc$wa%_s=}zRtIrYm&*hj@=xSd4Svuz?QslDou8hBF?Nn{Y6iyRZ#(n z&S}G#Ga7uiVo1@FO>f~k_cZwFFx{NA$;k|MJZ=Wf_G%HqS`i=$6Lm=oue<^)v>E}(*#wOJ`EyVlY z$-KpvimQV3Q!eL!AJfwGz}qDLZXQDE$y!nV_xp+;g)}3qQps`Osgvl9Pduxw9zCCf zSwXY+^#mzIr>gM%8}7%Qc1F0!PK85vM#K!d6Y7Ngp+O_PGX@4U&aQSJ=}C3|R)76k zuEYsj8ivqDX!Z{g37x?gmDX*uc_9b#b4k!rR(ZJ$^B~xE5T5;M%((-IuBJd{@%cMdkaugo)g-@|p~r^}Q~98$ZmY9*GuL)jFAf@m<5|-h z&%Lv_9}HOZJNL;p!SpstM}&nbbyRq61b31W{=h0FJM|_z=@Yk1QTvLGomHu}AcVBV ze?WE$oTm#*a*lYdK1kCR?N8wAucku0fuBqSH(k9AwD}RUTJEoVQ-ejql33hysL&P- zdcznJa;No%q_~wD$(!(sKP6s}z94lv7AZ0A{b+2p?{{93VI?&!t#h+^!6y>*IzB5) zklDhYHLN-4Wjs)Gyk+iLj5Y z`#y0nTSwUC8YyXBQ(ra}w81G%1D`G>E2hWz7~ER=OL9a7ZF3}AJvQ5t+Jx?wSoYkR?ka%l*s9^_8Grs~ zMzImcG!e6Et`6z)%&%jtoc#kJqereQC`?_qU;p9PMRC{H7Xr}XCY7EQ5^U=S_^!%F z7ogtW{cN|ri;I|h->OD0sWCMg8N852l~zZZP9Uus2E+&T-Y)%_BK*!Zg&Ch@%ym>|AI)$^Gqn79XO4{vMdz9`S&HK!%6h2piF8Sjya(UFuP~LP3=M zYlaeqwv!Nv@Dc*j7*s>J`ubS(tOj(;Xl2GrsS({EG^0zr^r2T3W*98cb*eutn4q0) zaCX5O;d4)%V9tzcZHhITKJ@A9#E*xD5-ziow8XK%JY0XOT4W{gG_xyGzr>n~1fP&m zy~c#}lyh~STF>?!XT?oHO+YLS#P9wwLCRqtjS3_u*_n>YwSY!2yRNWAP(Dl)n zokqIfvgDAEafybwpR-l><_{9=mn_{p?nrFOtSFKesxzg@E%LE*B0#cKw_Ppw*n$j& z)`jt3XtkCUx67?SXAA1;CVb&qJ}S`2ju#eP-89>M5f_s5nj#`P=F9%GfCT$Co1}J| z6wHvlB7@bN0mIVi!=jP~gVoR?mtII!O~InSKZBeL+taC`{}N>Lsy}>QuAZWCg@Lhe z#*h0J7GBaA!n4@l>OL}m6YsI>SR&@@#JSGTsrK~tBs^6~v8^XT`PDN&t#jR6MI;>| z6YU~7HR@0zsbG4TbOk@8!la9k(%O<87y&bXd`Jk7hKDn zYVkdA;x4ErdE7C$@Fp?wjB}oZ=ZL%&^`~oE`so&8)<XuUJ=a4;FowEpKBmJHQ2n_x!HijZuWYRAP}6B z?+nVrP6p5R_iK@zGT&?)ouHI*!w}XXz|$9hnUj-q`=`zQ``qq*#Sa`CpqN|KNDBtS zK_w1NSEZe?Q&nxLpQ1{#IBGdfw5`4#E;FC#(1|&L0pHlZlB7HD5rM2tQ6o-RAk@_8 z-@noK2hbav#vW(q<~S+G>-h+G5JqwV3*~&EOyXkaNFE6?i>f$T#QnRglj}A*%g(w* zm@Bprb2>9pbQds-Z_pe^>@zeeCr1-f}t1s6}mqcq{dbps8{TQ*do0 z!PP>|sU^*iQG4PizmBa4A{;hHo4wA zHlUGQIe#Knk__sl{9F^h>lZl{f_29_e&~HbicJJ5dh&Eo+Q7A?we{`spN9}{@bBVc zT)ts%p{^|c5Cn&ivdRiV!czY?f`--k!Uli@U5tn~`nPVaBEmt?tkNfDfr|hcRv<_2b|V!)?ztgFjm{(7JsRsay9J+5~)) zb)Ai*Cns=#9M*L;eV$qC=%_v32&r&sjz(DY(862BEEenwUp+y0hn-D_!VD68x*h;o zxG@O%o(F#2-p(o+uYXSml_pq6m{D*=Ma4vwV|O+Yw&IH9KyNGxddx&i=CXyR$rs*; zNuMFk$87ioO{?`~*BAyc!B%{*NvB|w%=R9SPal?+lr{*44F8dG>lWNrzM3@RVB*ORmyC643a>e@EY#lY(6 z=~;H|0>tm>|67#S6F{A|kH>=fYjLInN9#J8pv!em_MaJ^EIVd+jWKM>khJREZfj;_mfSp zRy+wl_%~#pwsKeFyevT_Q7R`0WLI}LW6a&To=!7}fuBJmfF**KU+-Hdi%>ogkc<}+~CLd6$leSA#+T(`QVzp7@}77GN_f3*NaO*hKBuL5goZ0>SjtXNX~%ypHe zpDzNbeaU<2L+68FJ2vU}+g(w1;SRP4iM|sH z_vCwya6b7EEnW|m|4J{k^=)Lt}zN3@J?D|@LEhK zm~R5UeBI*mcJ(nU%mTfTigD)Fy?5#Ua8nE`D@)=76?0Eww_iM;TQ%QD|A82pI!H0M z#v@B6OvzA-#J%zFiTASp7Y>=g@6=_S8ktS-480oxO(Vv8yOo~~H7qOmtn$=t@VBd6 z5<{pnA@>*6@7_vr$=0lm4KtVfg`Ma0Ay%7*|-dUgo${r%T0ThxKDa}Sbeuot8`()leQ$f*+^^jh29 z5K^5MJc6VvK&~d3W^HT~_p0zeNIV0Y85t57^JO}@%|^O@v=C|^1Yfl3<}x%iOp0b% zNCG1iJj|mu;N$t|{&gq#KB7ACr^<#26haV{)@dnpg9HVcTTYoSug0=Uk2l%Jx%LM z{1q6VK(ieBt|BXKr|P=8G^(G>2p0}wQF4YDJV3$U{+~05%qLhh1)k^%&$AK6I;mAZ zG5GtRAO4YZ>QG^2tpj*GXaBVbO-XZb@>|`#>$9XSyQS;Y1d+(TX89~3Y)uS%+^fUC zOY;=oUTI`XWdFYxo(Hq{7*-=8B=#LRS%I2g6S)4Uz>3`$>Y$f!)o~Ru zI_8Wu$orN{vha)3uK;Uo+{gX5Yuod@)CK*wze!QRc}YnI)-+HOYYf{J8;A4mV9kms ziE{LY#dWUF_eEQQO;jyr-^4!N*PS+4B&we$5iS($wb|xU(gben0L53vp<|v9JS_iB ziSyQ5C%zu>UaT_}{LjZuyi%2x769kv=9XAf6h@6{U4z!QkceDA_C1*At7TJ z4__5z<>@IcDd(ZD-}aGskgMuyDV&173u>%>DY#Z|WPw^CfmV3H@Fox){B+QR&puj> z%Wnnxwa5N%Ol?SFPRB2OC*s8+KARB$3J*;arJ!hRJh7Wq+Udp!{F3bobO?R;f5WC$ z+Nn7$rKS1N`$5Z1N#dazrUbM z#08Z{NGH&@=lO&oaWRkGJ<*lr_?RBP@yACZIrPij-93{51*zofP(PiHTpS$g;oS9qbJj^E%XROZ!W|_F zrau{4aJDSabAT|;z4Ob}mtWyfDLiG{hbsmtC$do7#lS-SH`|8CyA?96r<#Z#eV%CT zWgaa=y##&&{s<(6uCDs`5nGg5&dG`CX+Mf%d@p`B{nQd=MpaKeHzzGxjW=Cpm3n%6 zYoQQ|_~!{hIx-oBI!={y-a5na6R~I$?m6FnuU|+r2U7hO+--GQcSM{8qlAvo%v6l@Q z-@G&OmVblTp0Z>ib=L0e+B#Dp+~{5A)MQpP4qwNNid^*IDt2-fTKlK_nUyD?@3Z|G z$eFEwyRmhJXV2D^6j(XRs{Tj>NCT(w$NM}IePWgq{Y&=TQ7*sdQFQT7UI{};@$gUe zbKb*XG52i>#_f=8K4`JeTHWFZV@eRC(BZ3R&aCaebKM)M-1=Sz>_{;?55k7wu13)6 zhF!_!djd{<{ zk|zg|x=M;#j1tk2Im&KVo5X=>!BgEfXGZBJ_wS2Ej(7P#vqw5m#dIk+`)F|XDH5d7 z4tH#b&Ua>L@w^Nwn`lQZWU%aj<#0Jc=XTs}wQSvc5g5FjZjo&kIVpi7_UO0mgYHu>G|F}fM<$+E&tjpyE{Cg&S=FLZ0NB`#soJ0 zTR>FnGhn&+m&pKQ0dnL1oGhD^?3~mg(H~8APTYH&YkSWh3bj{m7wsj#8Ga#M@@P8Q z8ACX$!O-ybVd7~GDqTK9MKY8c4sl!`z;|Pw(9Smw78XzC0e3$N%A!z%&60=Uzrs)A zU%=vAm{j7JR632Y1wqn`=D z&Em6jW6G&?OY?inYKbCV?sEohot>I1AP}RV0Q+96-FvqR!%l{$nCdG#8=;eXWxNM0 z>nDTmaXYR=Mjl7@%HpW*#P49P>&lLWh(iG5=yi}8*FM&mL}jsVcLJ%~_Li1rog-#m z0v2*fZ`4K19-58pR(<={q%9+W)D?-gE^2j`w0R2--xbqA>%o5G9r-^DJe=cuwQ9TP z51iSsjENHC@mXlzJJo!ZOiO(&khQh0jU@o#O`}RASOa7YPp~4kmtvupLbI8Udr!Qq zCoW-!rM-C|xJj2FjOgzG7V&4Wr^$sMUQaM~WqG8xgm_M+nFg_=b;}~V!N6TMzQp~+ zu3_IUil=50$9U8zEC3t?b?df~gy*lVM9(Q|wH<%ben_ zwrL*O2L+um_?ICAKUYU0FP=U?gc};-TV9{nIIKGbfqI6!4kFwpsHf^Nn`pwqR{Ei8>FmMnrRxsw z$3b&1`vBxKIZZn`&4?BxKvdH*>p67kuOs|Yo#mC^doxD-G%aK@GBT}K80UqkE}+mp za3RVfUzVk92P^h-jexL<%Rt>@P!JR@sy?shnA8fLq&kDJmjVtS>291ZNL0uYtD>S* zEQKWmgOnJWQC#4tyzF-WexW%WZf8!>%IIXZ>Mu#T#)N<;K$F+t3VxjKQY-hXcN59KG2;g_UjFCS~XMXiJ%dthhBXoz@=rCjGi9iH?{xm*jf zYwRA>p#YeNxK?AIBAEVr{Q059W!YU~2}W_uWoJHO@bljgN_%rk#-ZfswGHG+xa~>K zj0E?ov`rTcU7HM$#$vB67tw*0>2Ccih*>FDrzwfw7bj1NMw7|8s_GqE=}|fte_i@3 z;8SyKJN|nnA|fK-TWNu#A3Yf%p3`sCK#S{G7F4K|wF&ZiDCG{bo@$05ikrC~;;Alb zq-1J_`(z6@7&+Bw0`kKfM+6>Jr@OKW>XB$Dn1^<#)K5Q?K|TsT(USy4W?Jq}5BN-D7*PF4fHN#}P)0?C^r!L?LaekGLp!il;be61GSUGnAS z0Qfm=HrvwJ zQwO+kGo%)xV>DdK49Yy^2l6iD37!C&Z5`6skXrDV*XW7)oYv9(ZF+EpvPDu?%8BuE zrHwpbTyuTJv?`|H6O#10WYVU;ed#QY2=^yPZl309P6tl0bNbOg(*mx+R!^NIzl)e% zZMV0#Ymp%(Vg`&m4$={7soUGzJ8vVVX9?1g0hqr)`%Is~^0!>B64Lz%%fWj8Mv6163f@0>tZ`VC$lO85_Z-pOv#vMZm_7?l7z@yP+cQF z%tL(G4&+(%1r)yM(Iei^nJ)g|+H^|HReXXX>TU!B5jJl+E7#AIr}rN~u62qy<4eRD zyQ^gzvIKDS!*O5USSRRkHvS@a;zmKcYS920dd;!Z&t=VbSP%?ME6n#5alV(K)T453 zhh66Zp1!NSoi^s&c9AZZ1>!A)>uME-jVryq&T2bZsM+;9p1JyzxZs~WwX?r!-fGWE z#t?47F#g10geDn6IYgv6UjcWP+aqaK-~%_6pXm>@htTtOwo#Yek2Jsb|DG1N8}J{9 zvb{)y0-(b0?!HbQq#V3@#y+gY$y5UIpUHPVILjLD5JHb$3-)WdL(1NkjdRu3US6*c z<0n$9pQIIbhdY2?e0vru9neO-hFj+%^BuD`imWZ8(A<5UR(b zof`I>dMD2-YO5$~Yr+}|W;}PA&+gZv!6&~F(83CzynK>IGCv`DWtbgN@x&}-f#_Kk z*HNL-x1Fkz8M98hPOf%A_k*)66-6z8Lq-GO3pW4>01I~O%z1w55J4o zH*4kwHm^P02Y<=KY~@eXzb^H~pj!K-k?*ZKS5JQiE-fppGjeLG&tDURCs8U2$*!j9 zc9Jv568lYzLXQad4VPb(WiPMr8N7UqjPL+xy3g`;3-V*$k4piHRG^0G3OaL4wt41(^6z859Zj`EmJXPb+W%ovmbn zUJF+`Ye-Nr!|~FqPu6Y=vtBZ7MGmJkPJiF7eliN{R}6W#=&w&#QmEv}gH_U8qTUG^ zF13>5qm_%A=ccFg%#dg&ZMD9^pYJ|CgRvvS7mN#YC1o$)BF;VA%X7)Be?g8!0&RRM zc2w?{5b6@*EM5JqPL1S6LM+QaUmPA>%kAm;9bpi=ksIJra+^}!;Az34+3xCWb$}1- z`{C=0E8AmA)m={Z z5G`@!liS)^DQ6FsJ@SzT?5AG>Fc?Mc@d-feB1WmhZiE{NAI>?bdAmEyu(!<~6ErWo z+ilD_{*ms?qGj5e_rIv^Lu35gK=#-41qL`!cb^QWGEAy2phP%s8(!);a1J}|5#?4gB+3_|Bd0Wkd1~PL{z6UB)>Ps4%7=6YjFhwMnN>m>+X|Q zho$&KM-F4BL9rfRJ#hG12ov*(;v)S+=*K%JIoBKOhkXaph%!_?wz}OPAIm&SEOY4B zUGMLdJ*OTqx|N_bb$d9CsvD{rp!k3;z++UfbqJ)?a^IBKhN(>O5XP@C@nto?jbEKa&d9E06`u0(i1#P=Ndi^@w& zg%)>!)Dr|APhD7J=TNO|xH}{aZ=q}scNI?clVAt44eN$}ykor96cn_-1=KvMCqJ@W z*Gdpa8?F82G8>Hw>;vpUt13`nF{wo0Fi9^jFAwHtJU%Gg{IkzT+WFRBsVvvUDeEO7 z9$BpKn^9ytc9#y@=}!zcB{C#=k?2#ioa2L(ku)&X&Evnb^BR}ps*qREg{bP!V^=BJ|+S-jMXi;cB{76Se$`urJ zdDJ^P^iIj~iLR!m`t0R_-SS(1Jw9t0WON2YAwYPbpJl0+tH>oE^O7kO^w|Q3Ub|P5z38D@w92mZpHOmJwQ4ldpA-Wk^oE+jf;Q#)`Jo3a@YDu$K*sAzz`MhhG?+6 z0974>lCCT=^y5fYv}yd#eOEpaYbVh?O?nK0O0J-JnPOO-o(^fft~cfSS3bXYYGeIp z1n#zlTHOC%(CHbE7rqS7f2DfhP zL=8FeUsF)5^7yRe#mQe-Gkg(7*K?dP{^H``_V##iEuKCsd-Zpb6?9O$E3e4FA8%K_ zY3X$A)QtC$(VL~W&A(&tV^oyA%Fmz8z4=9h6?taKIoT)yZ)M3;7vi`zvyY6Y|3Aq1 z^OI7e$I{K8TM?9>Q^jk(E68!f;eNP6`D6S-Iads!#AD4?nWXCVrb4yh<-x5l`p%A< z>mzl<0un8a8y%{HnFlHR5uI`gpJIt6C2Dck)r`6NTs`>1-tY2TbWK5OP?VLg-nAA^ zOc#UErvy&FFm(?P55wZNFY$l=8%8U^MN1BJDLh;0`0>XU7WcE5(Z~}>_r0gn9bd)(`)b1)P|uYG4rf46QU zpJ7;He^Jp^hXSt-=ZLpG>0UZr%u4V5T`tq3C4AT8#KYk00^vLv(jaB25Em>PZXxm%@#KK+I5_~kmVZreYi`oD z|KQ3@7(cOOLScVm;=NXhk^=2a+8)akb7CoUW7vRa*I<#tR}794zRcRgb*lu)(MYv9_T_2u zku}Kcg5$Ytnoy(-(0I0aP2QcCrk)k{c$K=yXYtDJEa#2%ek>1<5+T99fWkZv52vTj)-z@F=JNC=!`(oo zn2Fq#Cno(dws-GV%Kw05OlU{wg6r&5dHpXCkue-33r3K06f{u~H1p#Hii-wzTg!!6 zlw&S?B~O`P@X6~7zj8|YO+J<_y}nBtiv9ehq=Qjh2ZQfY9CU&LGv!T9hKA72*Gn_H z-M*N+Nf04pV{b5I;IF1dF#|MXYl*P55LpUIruLhl(VRVKlj?YaRTB`=;~rubjbKj2EDmt zAi~~*j1bGF$dK_0*7z2YMORscjx(A^sFCQk8&#@%Lq4Nn+GLCbGhle8ytR|`6#M-Rmk|=_^vVl9CEGF@MWDST>`i01c zpO3x?>pYA+%ilbV8F;+2T~$?1W`pXLA#umWK%;8fDN$WAeG`f2|Bb4Iw!@Zfq?wg}P*A7=M<6JB&rv-8^OeL|^DJV1t>_6&wh zin@MOk*89vL#VGbjRuK++ZUo}u=?^&m>=XIuc1wPm2gJF{}7E9#IXxM+QiSw$+_J4 zNkQl%rqo@jotA6a=0Zv2qf6ThvqjSb?=%Z&kWMU7P`2crl)?e25oi!YwK;HPKndz( zSyi?}?huVy;z8f8$tb!(wE_mEB>kP*xAoc<3eHPDH_erV=F)I&sw z$mMgwT`Be)d^B4yQ7)+t(i(l4ReSnSci^D=mO=tG))sU+b>3_5fHSSE{a-g?1bT#v zQwLV$ny`%15I%|y(Fb?Fc5rk1s(?@=XGTdL6>AWWwOiX`k~BB2^#7{`K+Mxux&tw% z)ZpthKIgRdchaluYVb9%q93cfTl1YVd!YCXg80{pMG1!(pK4lD;Ky$8h@`bFuCsMK zmb0=!Iu)6JPiC`{z7Ypeok=>QkWfdY`z}knWD*V5M>?U%BVZPVDJg$}(2*Y|nC1$t z#>!aH9!8=y8;iaZsgs;M;XE0nwH}qb1vrwb^Il?1MNTfWOnB*F0WA}gal;au`nnKy zVl=!E25_*K@E7+qaU&nY7R1MEFw+lIxXL!*#s6+0JOwq2L3?G*VKzz5pEO4$)jw1= zf3R~PMMro%Efk9yRT<}@78gif$Q@HSN^B9Mk}EcT%Zf=Ku<~b93W#|2Sw85Vm`n*47~okk8+H zeU78=Pe~^b!z|g&JlQ(KU)7)So>CsG2BMd3@-RR6K{nTVEB_7i>Iy)h`2bq#z2Ptr zP@6xr)s^v)iXQu%m}5_jSw5V3dIV~^uuqB10ufXHvKiOUUq(Y$(Y!sXws*(DVzFuG zDVwafTrN|X^VXcH!)|>(oUyo3?HUfIC!xr5dh{LHF}y+Bi`>7!#f6L?ph!4%D8RpO zOAdO2RM##gRX2T_-x(6TMUwg{b5LXaJC7$PB3vPQW>*4x#ZKXZnELu<$BC-P6Zk*( zi>$sv&A#_aMrDS_Eco#3gCuX1gKKYiL%F{;mDG-Mj!A2^S0P z+e$btluHbQpNdF`MweB5dXuSNs)a{G7{0%Utwjk~USbUP z7wBjcGu%0-d|_uD;@YbalmC4Eq^;$VK>t2j&(D)G^UNajEqRU#9NZ^@E!y`~$d>+; z8}Drne9K81@cgHeL5j6iWEhSG*^=2HrVMLOk5#ms+*_z21_9hyq+#?~;&T4TlSif& zOz7;(Bdki^8*`;=aoY*b?cbo7m>e}M*QK?$vS>qPec5Kutv}Ym5AS$9$kic!hxcB1 zRDWn6kP1X@5K{c$+EXcQVd}k5!3beWzQKQ!r*)}*DJ-N6U`^-{s*;^Kq?~u*5I(8m z-#6Fkzwza=NWl0;iK<=CAU}Z8=Q<`Y+#-W>alcMbU`PDARFt2u?!p<#XbJnWIj_O3-6PlX>I}|M z;1wK+nAr4Ht`2aGZ+S`Hz;)Q4g+m`6F}@ov>9HD(FzOHfB)H+qb2?n}A5fgC0qo+q z%!%EdhmQ0poX4=0&$@?LINZohEnd{#{YrMhivpbw02Lz^cKB>|H3(BOpyIV>Tz{$K zpLwj4{A+L>EZ^%}9#vken4pU{mPMjhH{k_!Ca})BavpoG-b*1Pn~hOxd(19Ol@CW= zx!uzBS+?*AE=@BocmBs=M4sOUfX-CUrQi8^4uH|u=zYF^2(5VU3=RavQd4$U?nucp zoJ9_5xlC^t$nQ@+#}EB_`Q7j!A_V8!s(Vg%YI`vuHv)8Uk*`dvK73DHJ1zI0c5;^N z!jC|9*<*F)B=;Q$7IpuXqIHV6p`1v+xp;N{IhH=?~>$Ra!p zkm#E+n({kLhpGmpR=*r@e!IRnzZ*M&)DH&NriQG@k7-wKN)2o1Cb1tcdCgi_+9H z;qwsSay?b97{GE5oMgnOq=tL(a88Z8! zWP7BW1QB>S{oYPCiVyk+*FIVE-mwxFN2z2|HOTGc4k@W3VA$txW%SF|L-&^L*o0-d zCG4@w<39iX#VIp9ji%~m2ZHVTQ;+t_I6-LJltepJ)3`XeVei#zgHm5-T7Cb+jP*&c zmp~&CVxeZlQ=}fo*5Op*;?;AP;cNm}CS5@ZG<1a+xo;|eUflVUbMG%XGX9hI<;z46 zIP5vYln)mxQiTdbS9_3#VOPO0`-2D??3Wu1!;f=qZJ+gfA@%!5dQK!myQZMOSw%jf zP?{${zfSDKD6M`Y9S&u(?`%kcrMN2?USQ8R&3y@Je0iG9s%(3JfaCOA#OjKRx0P-o zf;G{|il2d*>jV;0>gDW*q}xy%VoHflv?+G}DKYzeS<&iwz@5p%bkLwmT@#wRs51oD zt}DTf=ZzE1f5u*PokgLVxT2FiLc->tBn>O&>}6q@P@?9(wm8i5l@`u4LQO~dYu3w7 zH{Ls(p631xeVjA`pp8%{Tn1GU49{yQ{`dUKx9N`{%AW*?m2*W#-e=vXiJEBpiWC`d zuK0M!x}OZr^4W6r7LdDi%=Sr!5CygqIuBtZU}3D1To=>eKTeoy(o<8mD;WFKxRZXe z9(*)h>TIVnc=Q0Ck6N*VBf>omaLPXA5^mYuNuNEn>2FKzal0K<7kH}_b@P*rcKZJrTp~`btoAb7iK# zgGnWUCS1Ibr+8*%cAbSTNz@oPZ@`nHDxXKGSt}=X9}ZB-?)DF6NLA+?xqMU`@d;<7 z>)g0ORo6A5*0nzbZ|SGs%9yCgg<)hN8Ts!dEexK;>!sXJ*S4-hYOc9YImHxy8Tu4%7@ zGSYuRq>{;xXp*2m*w@_PWKH^p%7vJ*q#EIC!_lQKD+6{`h&L+p8E#M;@sj@c@XZK& zRL^awDUfg2r1XXY|9vIP&Zl(lAW@j)(_ho~&hO>PB6+)mKmoh6^$!98s!7cj!9Paf`^Gf*&4f)}|@&$4s* ztj(3~myo*_Cmj5Ly(NK$t0B0cSJ+DX6dHL8%ab1rzF7knYV@B+UO+J% zsi!@mJT(0!1)ijS(=axS2@XxB!0Q-nZ3S%PBXBWo8l^7tN@6wx27gbGWF7)l`tkHY z!P*gVtu;7ZeUXIVwA*03S7xgOgI?A0n>8-qvTZB%aD}6AJ?Ssu_V$C_0qwrC92}CI z*GaLzZ!p~Z&F18IX6AV4xh}Wnxmn@fP^2dZi?wvR@06^#MCd*gb8S!7V~x$+{L#4Y z?xhR2NUvxdOkjAfCpYq!{;2R{EN4FDb^D{iFUV*qFXj8oL`HN{hg^y=yWjM|qKVz2 zqoqUW#yb3*#jpnOj2%*sB4J+dNymMWuLuWfiuLlNOxx%Mlr97YHTK92xMjJ)zp(e*n>nbwYV8ES|1=7Q2N>H z<#yIGH)t`E;!W>8Cc&H1`n>!*f9qa`*2g-5Oj7KnS5vpeW zFcl6fD=TTX!{4|MoWM*dhRmOLLZN~tBC1hDE4ptJuP?ezjJ-V*c~W=ge&BOw#Or)Z z)3SfFgxkVovA~mtUF5u`w&ul4mA`b#_$-DQ5M4-db5o;Kq#`X3^BGhh`H3loXor*@ zgGkb4*bnpIddaZ5dS!06jFeO0a@G?w=UvwN?<}d>PUgPTP$4Jq3L55e&i1c)hg_Z3 zzY{`1Q{05dsCPZ9#nC@c_Y?HA&+((i-ckpPYO0-T)4sj&FMtJc@rwo94wMws{ZZ&l z)Bo0IsotPtEx>lkS|^0oziPE{vvP6AcV~UHTI#>&npen!=n}n2DL%wMr4YZA>z1rn zV&=O@LNF86?%xQscV+%cb^J@!!GmH9YZr6ksgdOEz6=4k-REUz-fyqeeIv)eUZlLL zVg(+w!N}t=FX`%JJHUd#Uz>z7Q;CL!E|=0kky zechhU)$7X*3TzJ?mK@_^qLMwWl#-0uBy6^1rQdHLJ=^Iql?VU2vQ#e1&S_TMCU~7k zp%-j;A2{DK6tK-?_N(3G1wd`qeDSaRBdM?72E0qBk6>F_#J%OFTFX5`YW(YF-gkgR ztjawOSBs>f@=FVVbBzO1S`HHm*QGOVLOs(W-*~W&C4{@U@B}lPc#~2bjYiTrX z{XXhs25H?zEo=$tI&+6}rqa`Ya$ZECPo%yFG)UFUh4dhG0j(^92$#8m&Jo;c&XG(0 zz9ALiP13_Zxw|=fZe8b+L^$DFIZ`DY7a3-G4uIM)A$9xw_zx=A{63B|2;A5@a#CV- z>6YP4q*b;`e~GJOD+YJx-*|Jg$AXe+DPTQ|B?wMjb)dne3!3}_d6dM%on^=JFR5%e zJ1gsAB%%wDV{u8i{ry9o>j}=t&-1(UBL#_>y`M$?v60{lZ}WC!?{K0pRULmZ&D7C% z&uLJPQYh_Uv4?hucBN$%D*cV&)ouMN>q@J-ouv<2c7>c!BcBxb=pW+<>o-op7~WG) z7K~%gU7nZy>cKmpj9PkN?{v@oKf}_eZOc)!xWI8P1_nkQiOPF@G1(UpSC;zopPCun zIvOxuInmA!#a~r9d^PECAWzAy<*c*^OD7iDUZ)GAmdJ$m);4qD(eebi%-~HMj{#|q zo`Cgs_uf|J#SI~9V}oeR&1L6V4DRAB6E4@crX!zBh=KCbUpw7x75!hlbgY7+rngr3 zjdxySUbHW-vb!W#x-IP4pZLRBd%p$8@k=M4Nh9qkZG=nnGEs$vSuZ=R|FXE=`7U+$ zyxWhX-AC|RBGAgCY&B%jTCn3V;`3`gY-(~w4}Y=Hb#N=E#vBsTp+%LWL$qCe>?>NhoSW8f1jlNN)knH)7oDBW+Z$kEoy?hqr#Yvp+U&Mh-E6%RUT@|Fajdwyd& z%ber}D39IQxbt1=KovX*|Z@+mCgsflKWjp*Ic4ZMkp} zY4CyQ$_sQ2I_vaqlP7R9M|f@w?b$^XvD1yM&?^ zqev^_@PEv1#)t`ibg^FUyr6lo7Ax~zRT#88 zYVXU{7fepL$M0W$9{D>Uq{(t=t!$2U$?E|-+?COjP~R{pyM7mP)`cAHz;mYa1Lf^i z{Mir7F%oC<*y19(AD>Q->(M!cR4DygZB46jaJkBZFH)pqN{;YhsY3* zpiBODl1KMCH8u6(ka`zL$lgwArH#XD<#*+wLgo42uAjs`Uca=MN0M@VOHof><598A z&v%hOPoyMf6$+OvoUZ(c!R5fl-H>vfw_KWReJrzm=aj z(^~!@qv+R_a;LiE!!+0ozts@6&dX6y{G-;UN0g`JP33!wKll94Nh6+?KCgO4g&;BQ zL#Xj6Lt;M-vx8x>wAa0y)MI|TsO7i_=ICr8vmfiMNbw;QcDm=*m|lhH^ZG`VUy>3V z9g?=(p<~_E>K)v5JiaD%_jvPafc(YMmFceHCM0UrHGJXU+#OR^hiE`(S_Di)B)@)D zG;Z)%@G&2)|M^!IMgLebZ&>0+VE$5BXOTweFAi3zB*#WCmuw4uq^F{h)n`7v$3~xgs@_?eCo-#@zECt2!vGZ3G%bdep_@lxtO8#XSEYY%hNM1_-zIdk<`5P zBj|hkrxcDX-O|E3i?3wZ{9zKj60KBHMn-yMv~#|-`yzSPE=I!ZSc`6fyUM`y%}9yX z`>Z`*1@GB5YGhdni1|_0kiOxUWRNGXH@KD7=0$~0#(iR99c#EZ|3hF-oWXAoI+NnZ zI=Z^XcHTjtIp>a1&zY<6cpa{S@_i3ZjA%I%Lo#O35lO~qFh|s7z2~{uHqXE@z~ZsS<~X`QOFpDNd0Ilosbz>;n}fRv zNOHr;cNF+LM?23t_Dae>_DX^oyCw6&*uVpqY5IEXIp`mf$=eQ^k1pJO>% zUsj)DQZHV~0XGrwDC+np9QE5Nre;1y_39x)KjUO&?Q%}L6!Z#GAeGwt(d#S`{Cp4H zDoBQ|#lDx3x)YWwViPlgYoCjV)t0#^#gyhgy~{s&cOrMZXkR; z9d*yYvGF3V*mK@bT*=T$1r2;%R@E`;^ybEx>0Hbk9tM+lLLO)52fvRsd0)bqO&n}B zni-gE|5xEib`nauOmCukjh{!Fyy5tTxWr(hIZgQW)c~8%(oo=8 zOSLAB%=z>VGg`it8Gby^?0_U_s!i#_+=haVV(%S0{^}F7qe(JRyQ-JxViV#RNInn2 z_e2arf=8RRi)VLhs^$I8)0?4FKixg=4{)<~O7dzQyZbXnR&~w})!)u%ZlZbp;4KZx zx(XXh%YpCfpFhU%ss#p3EG!h8H@Nqu_ZmX^29DI}7c81?e>s6)zG-9ALkxAOkNtC4 z>kAp2JMy}=<3aoRuz82toq#GP?4ws6p{f2cRv01QtT|8KRo?7N%oH1ZnxL zSAFDuQ|Wwy>S&1W>l4duRvQ7m0C}k+k45nH^v#COEaGD^J_6ON>DjAIgw%dW6K;~1 zefzu1t(RU>iQ%`%PL|M$w(>;;7Hr=s*l^R^u8=J*H7(AS zrZ7E167p;Pdodja%I~<1PtHn19?{K3o{GKYmDb|e4d%S?pt9mCn(r6b)@_aM3h1R% zeI*Ue);Zw+|7-6p->Q0pw&8_@f+Er=B4UAbBOQWDgLEt1h#*~xqLL~lASs;^(xFHQ zl6wo%DCt(Zn`f3kz2Eow_WS|&`o?jvS6tUz6X%>W)8ANi<0QT1ML4MFUTUYRNhz6n z_8et#Dz;{*c}O49hKLU1egE40=+{>#8-%#|R&^Wo_CsH0 z;xUq_(8`852%|hVg~*@L(&4j+lUs68QH6L%p<#6z(i03{p^u&^DKnnu7PF#K+e6i! z8kW7)#o3Qcc@ad#qyZ0~qORE*1LM3-+4ppTLo*fq@dA!Sc z2wCnArs$?}@0NLI(n}!L_#l~eGE5JTQLI4R@OnDj4#g~3zpNmBF&>P3Skj8(X4eQ@d=2Mvt6OM8$t8qLA;dt zV8_VsHD-q4&xvS7EUtt4;s?i|D+>J;_7&ZaXn?}}f4 z$6O&y5$k{xJ?1HUoEU~b^$1Ql+0S9Re7l1C&B0~D<>E)Z1Y48wB!p%V%2b-od1D|)X{#uUy?8pQ`UoVdh7gfvU*hQ8vRPueqDwCgYI3#Ukt z?E{0&VK^do|1s|*(i3iK)`jkm?e|-UZ!r?`)_FlOxLr_)rmViZEF_yiptjd;sNHv^Z@}u<;DbX5>jslyX zDIYz@znZd2;e?Hw!@a?B#F+#tFmV&9oeig@3h7h?b72Kk76#a}`xj(S-F?)8-j1X9 zq($E^0p)PLU3uiEu11!!og0sqfK>p7=l614XSv($<~Rkahs7h?QCcP}5{QLw9j2hdhlOLmAs@{B5ZwNZ9JSrH*Y6Vfw>dA8AaW@^rnZl330sh01A=Bj zr_p%#(Be~UEH^SjHu6B<6v7=u|J>m+`;9gXEcO}|1SMDeeM@=?0xtB9nC8NNEQ=Vc zb;z*qg-{ZC}$7>ch8RqUH5doo)Os)0G~Btv?w3T+f~Xh~G@Ay#Oo4&{ArNe1 zmwA@toC1MLMDD^BV$-LNX2nZqsW0FKOi=ep9w%&>h*P|CBE?Kjja`3sIv7zRxEnA@ zNr!K31S-VQ>bXbKUc}}o7f7I-tZrzDS~i2lXiJz4*nc9rlw(x6TXfM(Z)GkaY9sLI z;0XA%@JYg!b33h1M`nSOncpe^qA}a%N9YHMK!%%ei&J+4i&W^6-C0*>xR#{IdOoIM z%p3=ovyYvQX2J`=oCkRlBWO-}AV5p!l8oQO>+G~r!wh-|Pl^~|7yA={U9O|vkjPQU z!*_Rf7Fps;?LK3$P{$SXpm+v9F|3Z5G>tYU&R)aTz)z(Q54P|>Z<5%%oF8-!9*1@=Gq^4fq8#DDjVbpg%8;$sd+G^+PNs3fJ}??YUVaWrf*SN?ZpOJ&T0F7*P@;YB%DKhgz^X9Sg;KBO%T6 zlWuVL&A?WS-F7f_T(UBRCEXqkTie}y36JkvEGl;#9+9$vc#OTd^XF8NYM1DH=qI87 z4zV@^T38o5g%Axj3?QB~h^R^3ed^ z2WcO4*;$dE`#et6OjPi`9>rIM^>aad+C*c1nv)j{Jf3`bpLX6oIZ=qqDe#^c{+O_v zJqjCaLTd)PyFBgsBPrS_P~JSS4)c{=PKZgd4TJs99j+{H3u$>QovIK4#hb$5pU_YP zR%FwJr+@yDDY?Y+Qwp5u`jFG@=A9-p_aky?4yroV+WO|0lyI;@Rd%rtW~W55H7+-J-&e_8IVn~3Y!L|^ z_)7=O2s~x^nP+&z)<(suAoJ7gTFOlk@^=V}g|o>D)_=?9-Zn?wxCro*fx zkd!hw&OE3KvxzX)TtGd^1aM)S(^>$&Uaj}|RgoFb59Q=Bq@hMyDID_bX*WbE>D`e7 z3u(cjZ_}KgZ}g>Q8-tl`zG|Q>z&bY-EIgY{RS5v;+oMsT9ugs8;_BogIwP^N0pk6G zPy&3O{f1oCY!c4%a-&)5g)1}2HDR8IOPcego+hZu;fu^fqs9*dfBk}xZ1o2hhY}FY z+-%Iq$Rm4Aj^JN%Qp>^KiP`V??hm}HH48<4mafiN_;uk08;Qj>uj=K;P6wZ)a5lN{ z0TKvux}m`o;$Is??)r>fg=qVg97#YVKUh!CnsKw6^Oeh#h7b_HJ{C%?FB|qjx6Ejj zok%m@emY!6EB-C(0Y0DQKmh(_bIeo?W=cMCMer(gnfKp{CCkeup(@CJMAvPx>=Tn$ zoy!WuLP=MXBZvj0EQ0xbnm#L;thZd4Gtkqd<0~S?nPAmNkzNsU%(5 zu=2}Q6MA#sBE&O?_|$kz7jmlF8OW(Z%H4_w$yqpfX3s{uPt0D^=}6vNWAuwJcN{a< ze3-TZ{$(bK=|a%=Q@^eK_xBmib6Jic(_kTjseJof7)Qv?i9{uN-47Qc_(0s`SSlm> zJ& zd}wSxGDwGxiwoa0P)K2E5^uYHxTOZ?muK5Ly4YIa_yggiqY*r7489 zFx8jBi6p?1f6nF>s>v56{hZgVr$6HbPyz~4t<)EmeJh@ghShI%z)91GsQtF4S}2Wb zu^x|3*{`seIw@Sp2dh1?Rxx>|;%&|&XLuTp^pKZqUV75_d(dq_or4@7GTEy--_nHBekRlOMc8j2+;V_Vq#vV&W?~x{MFz0%d zg;rgjg_VWIcA1L9>#Y`-nz3opl;oJZ|Hl9y0{(LceMP*{!+1lA9rG=W?NvVp#HH9{`pTD$q9bBHjSym4yPV_zA2ut^n5f?T_bN@@YMEtYDNz8E`t zgjMZVNl3|)p{<+mcaOc24KYp;v%p{RwXS*1GS_WDAP@@|UqM7&~~(VuXCqCzWWfNJ{vg*IVA zgS&R3#7MNF?upw9f3OS+F}KpzF3tc2TFRK-G@)-g%%K&Pc*vV_YwQ~B_<`F;!mrsa zt4myr+RpeaSM#(BJ2Y>xm$4)`ESqCVHDfBrtK4_i9ywG_y2}v=U+BT>(Z5i6&?6}k z^-Iu^eJl9-QPM6=?|wH5gf;RV-PzF}0_z4Et2E4}Rys;cc$&H3-pBRVR+;jC42J@y z_a^{|w7lt^O87Og#@&L|vB~tPRB_0=)<4ldg^Qd86Gu|Y{pO&WW0p;C6qv|=KD+bO z``mX|xhFFwk{i02EHV)AhIER6)9jLnm-1+TnDJogsm)Bjo}|4GanOl#Z#ZkS+jk!Y zui(y!V;YnX-w4(&--yKe{hqJDHrIJ4e8y*0(OmM_tBA-7WE31FH8IkPu3t?)h!leU zR=L$lE-KXv)v36;9R{1(g;8bW9hiX$@yR+a`EV`kYmK`T?Ku{a;@+9wn~WR-ZoD)W z4f_RGaWh;~6{Cc#-6>4hZ}&Z+P5)+W5__Ti4hfYEnPeI{x4?e(Xa3;}^Lh7a=3 z-`RA`)^BeN6E@^KDJ#b>f56ARQr!20-XbMGn`yBJWD?dsEnFla(ieSq{I1OV%qD6c zF4QO=?9)5#NvzLfg&zDGX`4R6dSf1|n&m!bx3kNwzj5PBRB4yU7kWIz`hjx<&sq>Y z=4FIryQWvy`?vKH^8@ALMqYZ#B9oyoSWu0szsMjq$z!FhHcXI-^@`u@!D9NC-Ay6g z4?M*Oy!Hd{)@EWlbM7vV)gE6R>q@jS8x3+*`NoN>b=;2D!MiUfP`rJd##|<=>O!Ri zuDc=rir@V28E9d0gqkG8<~p%(+M1(grwzOQ(GEDi8W!NOutPT7>7n2i>NJZYg%Cu_ z08Kb%3Mh>DPX*_S58Xb}e17J6+WZtKeQJAA&%WLm7c>~9eZf4Vb70$oZ?lpvPq^rr z<~ye?OYOJ~WbF!=03=8(l$v%KG7`ZvJy5^8MZ@!oGJjI7V1}P~?T|XAxvZGa4 z$+!(38Lp_|5dR}IJ&zEKQj?1MF>hp)s9j*3h)RXX2C+KD-XDqR6syFKs@7fdsNRTM zQ-yXa%3bD=;=+xGCExME3vi?Ew!C;FREe>+L8$J%gTYuuIE}J_kdu6!*SbQYh&%5! zshVdB9iWm^2g@VJ5Bk5leo{^rppyz|7VoxtN~$>PCNAnQvUMX;7KGioPTsN{rvc4Jn*R?S> znKtQJy?M!5{qsWXNfx$Z`uU26ZRMSxlMxATwCC*iLvV*rVYUV|c_XHyRE%v-a0NmF zDTJ%)5-GhPdtH@SR1r>*;dF_X|gk z3$s>BKtDCLSX#X9UVR(&@lrHB$`?U!ue#c8KK_rSE{7b)QmRVCZ7^QznWCQD>{+2^ z!=Ohu>@1I1-x}_B{B^=-G<(1MzfsrH%HI^)YY}tYI|(zV$fKLT6PO;|9X6;)2lXhl z-Q+>HIGk0a%`BzoVY)H5*5$4IC8qTebj>+b`IQQ@ZqzQ7I9!eJ*;5~aWYn0n9AP-= zg9kaoRkP`<)enU1KiGuWnyw~$bJne`d?Czx-b|F>;aI(rn`dO7q9qqyOz&9BQ`can zn#P27QH-)Z7T8=U#%rT zUMSKlT$9@;I&sTRyQp31lx4H>_OMf3H0R=Yci=TOjH!-3gvOp(_r^^QEOK$!*6&Av zadjB*FlW&sHls5^NWfF&cyIV+8kNoY(F7a9Sx?eyTE*8yf4es*E>az{c?^7{jNQXY zf6NR>4f!4&zxl09hRtE8hD7)A$nc=)w*u22@sFZnD znGd83QKVmJWKA!S1UMq9n?GNAs@N3{wJb>PNk{X1k224D&S6}g|9!$uUQ_R@y+@|Yo?PE{H zD(?7+c>KKc5u06@tDuqP!?r&dTb~|Jhuo8CG`)9bBB;jw!2|vGUJoLlE?4SB+#cWG zS$FY#_==)tDmih}aEz&SVap$UqL0wA!+6q`zTt3xF~NR8J~tFE>$_}UQwg=$ggc3p zH{jQwf=Cq?`xenuX4me5^J1yzmzc5#t1(~qv7;K_3XQ_Zqh3G|oSv0js4VI}&+5@* zmE>$$Jz36`bycGwaZn5&QikwS@e?z%NS zI=Zkeg=e_W`~E(BV|gAg;1z`nozRGfnU~9#nT}PxLi=c*XhBGXP)7`9C98aiX)t^j zugl)$w`-t*DS)!NM@M^7C)|5_=pC;)+O-dSuXWtt>9{hx>is5J#-#y!=h=Vf`-lbAl5MjEPo}PklGQ zY^ZR}vm&%gz+t@pVu5a5Zre9b!!j1%mB?fz{G!T6EyCd21kHZ?pWi~Tt!7NV5?9uN+8_%#RpV_GtjtgMrL^ z_nt8xi#Csr@8r85IKXbQo+!ppiM0b3k@?{FZwxj5(R6yp>Z=bH(lK2?@jrC;PcY8Qvs-y? z%Z^*9g$H(zHcdk%HwaK9N+}>z&9jPF z#m+h%)XoZJOLcSUz93fRXVw?@wU}u7`rb~*i7dr@ZlGRVeCKl!3DHcc>4AuhnNY+T zi#w@_a%#RnYqD8&_Pb$LxB+}W41|Iw$dDe^gJJ)DE*o!O-^th=E>xBeRyXSt+-A$J zo}$AK?xifXnpKuDQmYxCUwM?A5J=v5Vd6bdFM70rLa(u1V3quyke6B&FUWO@+S)0X^)i}Xp4RF z-N>Zpcr6nbEH?zy3M>6yK`U?&XsjQWP;5#@i0xRHYH4e{?a_s$>$JGeW+#7(-B93; zR5dVhL?i*Mm(e{jbc>+n;J5$w-LdPNp0jTf4ty}OWP?&qy&!1la~OH;e#||bA;Iyq zOWsF3gth%*!=9Y}#!9g3*5@COvKR`kI#n<4XkxR9govUZTDLX;S7oyNO+KhC$`(~M z=hG|(E_TT(-5k32MtXG1#ivPyM$IMYRWy8kef787**HP)*t8H|bSUBE$tx#T%fHl2)FPkGwtdP%IY3Me>{h0W(FJEQKZKO2yRRQ_5}OMmr8l6WsCm#qXZH?~s-d6>bUPJ7dN>XmqRUnm;-@Gm6v{X8 zA7RbZgBTK%t^PK@4sc;~*W|^_yL~2}*E(I{CMr7$Sb9JtZNXKm?)W(LaBbL0_Eou5 zJAOWu%EQ7-PGJC4)FGcY{Us=lWaiW$4xCoZ65f=xjWxT7wW062*20r)Yv=Lhl`mhg znVklp1J4OBWIWp*5N#RF8NGz`q&{wjR0ZrzD(LflK$KSMT_P4nv7txn^O{M}Oz``k zS$1|V%xdvJ2PgMjv0>lx3h@}&S-sdz%Gpsm#vs1%YA7ET5);ZOQ)-qefbyB}yd0R8 zQJB@eNqJG~Fs|MgEAY)QPwq1H#UaBY!}nJlipHHAHE3YFf}g{7L4qemTu#k?rbEwD zbO@knM8#N<)&5wRbnEA!rv8E=QAfE5-R!#G3s;k#AS$;N8&~!8HE(xKB$;*QYT?!& z{8kyTy)DInuxK}$_TZh{p60?dURGSGFaAK+6OZ0+s3pJEKOxCv%M^G<_ezVn_=)D< zW-y^#MOUEkYOW&JlsRm$iPU{9g|!pGuJhkN=D1|3aEf2%$bD8<@3`-5U}zS)L2%R-VU4 z2y2I`|MC# zGuq9C#KP(w7|Ez*;lZK+F}{*PxxF$l8Q&}|rS+LN)cax>CKoh6QXwp-VbMMkfRBsj z*m`*MhhE`oUAmNYOnkM@h?zfo`6%*Kv^Wiyan#sY`Tk?3V(VR3fa{Hn1Ki5tcz60c z8V^;1{$(q&Z1(M)j`hE?z9@PA!SAuod%dY84p&rNi(XQ%79`UPD&@%|DVK;tq{%@6 z>tA<~F4kp7p>Au;5y+U8@$=JY2^7-vURr0o#{FR7Yg>;L--NIgbO%ZY7R9+u3gYK@ zR1w*=JD69^HodPdqZBg^k;3f8p$31+%^PKTmE9f=^FwPJRzBqwv{#5IOa!e-MWlR%PChR&;Hr7=M*U0Y43alsGqF{m25OLa!C!O=*+ zbf&KivH+9DG)$0wr0HvkVK;t*GKXoj=#Tel)nP1R`;LY8UQrP|AEQZ*kF>vdM@L2e zkmtMR*`l-oNV-!~;Uhn#277cBhj^Mx$6x#|RMgVa3JMK&{rQOu8?^o#%f_aYbZ@yF zFh^1bUfEkGQXaGWIp5W<_wgKZePsJG%tlMz?%AoGa))6R*7GzjdHWJBo;wq-d2)0f zymv;BcJO_uPQw$;^YyEEIly^XWHYT8hO=vzMGvE~p1CQhit~taczZSzUpE^RR6@;@ zkLF`gPPpmV*evCQiYbRjZPfn>s4B5qqe_Odg~*w+HA{`hF76Q(B3$VYi~m=uH?Qe^zifqr*~bRuysNLH!;?iqf=yz z!zkK~u)W09FSWFU;R;}Iu=i%&_{8xG=ZO$aU_7wgM#1u@+m*}inO%t@r$w^wpvN!6 z$#EWQ)7&0iMaf5~rL(SpfAr)n)SLROflB>aYL)s3l0ir z-5l@gEcN+?t7AScc0(l=c3w`iT{JpmieX1geRnsMg-+5ta#ADN*BVXLn*4Smlhdj5 zbfy{Zh;1Egr$0aEkt#zBlgFcC``Aq6zr=8IRNiIL(d_*>JX_+rzb=%WBHi}6{E@8< zb#b9lbvoz}y;{QTJ6V)x6>ka|nYi{o!MzIc&N`m!6{pCBKX^~KEXHTEZW9Cjx>SCp zYo5YKwshdZQ>Izl9n49eMQ=Ui$yP$MzJHRo3xB?wi$;!?!-uKBZ@rJQJX`5z^6{ej zo!qbf-=(^Ps4`G8z_)J&s<4Y=X|{}itxkvZksjHyWj~v?iM65MMOhUUi?^OeoRz>G z|5~{+@PyX*62RaS5)-4FZkanf?zcaU1x22Gn(@{pGuGHg{*0hcrFK7pgdGc!Cbs6} z-pJ`n#5z=r#^mPap17!qpvJ4+nU{kV+bb9yYor~CQlE`vo&tYTwWz=-0hCFBTu8P0 z^knAmrpuc?q(iEBdb(o!RCW;Ay4hl{V z!~JQ$@;lo|UnF`PyHkH2lF~deyn9fOJsD)td}HY0{%)4v{;okQ0b&ir3l^pj6T{c% zcIPKOj}sKrasQg>HaHf*OC?>5f>9p{Y5%MxMfc+`v0SPNB$^2vviCyEU0Lz|$dmLp z!?!RP(ZSNp$S60@Ai3Or@P0c7o6Gu~v!BTB94BtBw43IFC^0$7?$X-`Y*(Tvmhs>n zGsCreDb1TFS|c4eJUtt}piu?J0S_`pu%FMLKOJrGU;6lntm>lVrZC6Nlu+62b*PR( zby~{v{oT#1?bVq~tvsEI%Jtg>t(-px`LMYqaOQ{DofS$ru0V_ZIvTEx8=~2MzPsrO z61#dXAxK$GOLXhlXw_=eur|&8G2z)vzHTu-BUJwLOS=?kjeGbK`*K{GUGbhP7eerQ zjpo?y_dqhtQO2{kNWC{RFZzpNY{#=eT^hOJGUD3r`bxM|-J?UK*ud4KaIO6?5a73u ziERnx$yb{&CAS23f{K8Q** z-U~3YGSA=rwf^G(Rq;b2LOBhZU@NG+*Rr@aNokdS+-pNgON-VbSLawnbUl{z>18|~ zgw^oz3K`7h$dQGH^Dj0QhIN*uOO8GM6MM%RdD+YyZvGyZOdMZ*^fj-#`cnicw5)v6 zXqtR4F{Nz8dwd`F(&XR*hha&2n{(^q#g4dAOm>1K3Q0Use{$ggYTk<&J^9f}ura(A z*)OO?#v?)kG-wh|me7->bz*|S{6cw16{QTJoM@W0+(0G6-SQRP?j-T|1?+f(<*)p= zJ~65YpQWMK<;0DO8u@k#*lay}N$o+6_uYh{=$*{tH8KW~*KUhL(ZFwtJjt-btr5-c zD(n5FU(MH*Z-=>CgiV8ioq;s)i9~YMNG(h^j6)9zzs-tKj`!vQN}%T#-g-UY?>1Ju z2F*^gx`9n-o%*?{5vW%#B%A|(0!nbWuNVSgE}%ZjB+jo; z`Tp#JQCviRwyp0ELfUjy{~c^@#DjNA3Hk2h@}lkwN{h9tj*-qHdd1vg_dW!`A&}Av z$4hylzazwVWUnSX=yPKWDSiCj=8pTAJS0t=OHKUKzU!?MSBDu6z}i=>HV_?14(4c7 zPrXtM-}h(Y29t6T)H}+@&jiqz|4(cgU26=)LrdD_p9YS_zv+XUa--R>P+(#qlUM~j zkvEVNx6FpG;44Pxw9-nV)6ytz7>(|fS$v6E+t^^>aLk~hXG}}BYpl)y z^kymcGVP`ct>*d)`%pXNYoj*m8@T4%H92iiWklms4$Nd*A6#=RWKoQg3hUio5Sk*^ z*9Q^*{^i_gJVeSHU2q!F*mJLWF79u&l4U|b#4r5vb>;Xf^wnK9|-TMg$I>D36XHlR4m z*ZJC2UZ#>`7v!i*T)KZRY_AcNq`u2Ozw%UaPX6f0vn&IR2j;|2f#rt00RQ(gr`x4Y zkMA`&W=TJ82ivkzQHI2K{#!Z?3MS`P5?TlXb|hV6qf@zx`E8GV+d zcfJSWXBk~(*C~4&9HY^A7j0rb1+g^msmOYNfysw!*yO!Sf3Pp&X7g1v%Trjl^UHNL zTRn(=NFKn1cwoC{DytR_^!ay-V-up1k3#G0SM=wGi+#Pl{%SalT#0_&^4r>iw_*xz z#6*)uCi=R?D%pMMLHjP@BCRYAs_2FdTlNoI84teH9o8()D>3@-InN}Id(Mt_9G1J$ z}y}?ol{tkJ2GYcwGE9Zct^F#)(1U1Q>4gMGF*82_OVnP-de2V&H%sa1A zvD(@6j6iJzrBOI+<N(vs5uMOB8Px?ewx%FOULsYBom}jZPDcqgitd*+qLLWX91)rYtI^_`PLFqUB zwnNJ9wY{p1G=$TfTjUR11#3c}ValU*nrK#Lu{rI+2Nao@zl0#viyjHgX&KXniHi)! zBcE71oR--6`L@ivJLy%GPqAM5?6x@Xp$|A2>5ik-495dAC=FpW6=(rFaHVIiDA%*C zgNhelYw%C{wsCPdW~IBHn-$H}6d=r3VWrmr+wQ*21i5Y%H1Vtlo)H1b`!e=R!!x{g zn}tR;swywo4c_Mq$gLL{F6Sp^Tz~;E5P-mXvP#YAFRaFW!H)0GA1Vz0{+;mVURlQ8 zXrv3~y^cvDlvcM7Q&b} z!P>DrbbA5pkQaK&1CJUdNDM1wpJ3HP&(`kTNJlp$+*?AE!QJ?CvD|>wc?bz6|CPz3 z*vtZh1j7JuyZ%^v=n_=GZ`twsYk{|r6ZtiLWp>sjY6=JDEMU_P{rGzWwXbEVk4dN< zt{y@H7Y9;m^@y_y3O}QBc*{{j2|25NnWZn#ZiMKm&>Cqp3ya21e=fB(O`1RwA;-PP z{A)Y(mOk%h7K2tM&L9@A|yfgg@4N89>9Ca+ZIRLD+ z$UaIb{j*emewK+QD%K*%EOMVylLSM-cLt!)r@)QzAIO8$}!WYGv;cAxgJaO6Zf(r2O~cZ;plFF;l^} z3avn|U`cNl$bNS3u4R8-D@{IhD!6*}G_$Sn>At3V;9H%MFin>x{O`Fb_V7avis=l{D8Vj-t{ z0+=>7xLd)2JJWyqhsbB=}W z&&?i+qF(!_r~WF|p>Cy6h*Sm?(axZzS22*`aUuS@EpHZ`z^vX+1ho0c?tyqKJ(e<#V@nV5# zpTQMTcX1yuz>IIdev#DM6SRySJWbAIBRY9YXv8(Lhpr&=GE?!n(V8qMzed^UvyFeZ zT+R7$bAUE=YB5B=lJk&Ffw3WE8T0Gwo?MI$cxaynKw1@jcMW3-8xDx(uL@gm5I=t~ zkGULnPJmT|5SlQpohl4b1ex#0VmE3`-=>LcC66H0b#M%PARoj`mdtx%CfA4?K zw9!=RDFEqnP{wS7QhOt;)rF_3f8PeZAkAjhYkU7M^vpZyFNWgp&|p9TaH9Y3xyMmm@MqWG_rK9z4^vZEfTNXXYL+|{2QIKs27~673GyA}r|GCOI@A9Pl z1d`7A)nfm{gEfG8nezo{=1;f;n#KBOI-!zrr{Zm7!TFdoTIBSCJ|31Ge=SEqKZFHQ zp@l{@f;oca=F1an5IARjx_MH_n`zY8dGXiRJe?xI#6Enj(qIl8|KrtFt1*JgL7P6qA1_D%8azmsqfN(7}|rm7^PGHHpAKgHlvMR z!qj}`VxsIlc3Hcot!KGrD5cPACJyt3Q^PYq089Kd;|5-F>bLP1pdTu* z>VJ?j)3?)jT!=Y#)>Wzwfp8>?Mj@d|n{WmH#`#T%*f3eiU z=6_pGMGQ~7u!e3qIhqCRZ#d8&Dznk>f=M(egiK@d$UcBQU$16kpdsSaV4PJ_oQ;`h zzn+x^>&qvmIX7su8ppt74*3%xW)SrXl3*W?fC5>M+LgU{8 z?+Vwp%dy#K{;4txS=|#Ugd~KY8-GO?r3W4*vy}PgZOg%&8k$#3L$~}&G_sUf@=;ck zQH|UDlG#5Q847<#_rd0x@pM7PUl%DbP6{TZX%O8)uISdkzUqIT&Lo*g)p zTzunlyTWml_t0>(#(n2&mPE9O`$5#k%fBD5_TzCgGIVRw)_h3#uhm2t=Ev#&t~dB7 zE6mWD8?L>>`O#w10Pa%+(nofRj<%5}R-Sk&E8Bz2DG`=)8sX4i96J^AKR+aR2I+*q z*O8`wIvGLmO#eBmNB~m&Zy^z>0B8^J_c|~2-y_jKPo0Muet)n3y*(_%|1J(J!v9JR zdL;f|j@5^Qjb`Dj`TseV61D~F9$R+oZlQP0(0ia)0HbpdI>hnM^?%9Nz2sD}uzzk0 dvZOIA$Yr7aMKPK?xElRuc{vr?LYX^{{tqzzfaU-I literal 0 HcmV?d00001 diff --git a/website/content/docs/v0.5/Overview/installation.md b/website/content/docs/v0.5/Overview/installation.md new file mode 100644 index 000000000..35c86cc4d --- /dev/null +++ b/website/content/docs/v0.5/Overview/installation.md @@ -0,0 +1,39 @@ +--- +description: "" +weight: 2 +title: Installation +--- + +As of Cluster API version 0.3.9, Sidero is included as a default infrastructure provider in `clusterctl`. + +To install Sidero and the other Talos providers, simply issue: + +```bash +clusterctl init -b talos -c talos -i sidero +``` + +Sidero supports several variables to configure the installation, these variables can be set either as environment +variables or as variables in the `clusterctl` configuration: + +- `SIDERO_CONTROLLER_MANAGER_HOST_NETWORK` (`false`): run `sidero-controller-manager` on host network +- `SIDERO_CONTROLLER_MANAGER_API_ENDPOINT` (empty): specifies the IP address controller manager can be reached on, defaults to the node IP +- `SIDERO_CONTROLLER_MANAGER_API_PORT` (8081): specifies the port controller manager can be reached on +- `SIDERO_CONTROLLER_MANAGER_CONTAINER_API_PORT` (8081): specifies the controller manager internal container port +- `SIDERO_CONTROLLER_MANAGER_EXTRA_AGENT_KERNEL_ARGS` (empty): specifies additional Linux kernel arguments for the Sidero agent (for example, different console settings) +- `SIDERO_CONTROLLER_MANAGER_AUTO_ACCEPT_SERVERS` (`false`): automatically accept discovered servers, by default `.spec.accepted` should be changed to `true` to accept the server +- `SIDERO_CONTROLLER_MANAGER_AUTO_BMC_SETUP` (`true`): automatically attempt to configure the BMC with a `sidero` user that will be used for all IPMI tasks. +- `SIDERO_CONTROLLER_MANAGER_INSECURE_WIPE` (`true`): wipe only the first megabyte of each disk on the server, otherwise wipe the full disk +- `SIDERO_CONTROLLER_MANAGER_SERVER_REBOOT_TIMEOUT` (`20m`): timeout for the server reboot (how long it might take for the server to be rebooted before Sidero retries an IPMI reboot operation) +- `SIDERO_CONTROLLER_MANAGER_BOOT_FROM_DISK_METHOD` (`ipxe-exit`): configures the way Sidero forces server to boot from disk when server hits iPXE server after initial install: `ipxe-exit` returns iPXE script with `exit` command, `http-404` returns HTTP 404 Not Found error, `ipxe-sanboot` uses iPXE `sanboot` command to boot from the first hard disk + +Sidero provides two endpoints which should be made available to the infrastructure: + +- TCP port 8081 which provides combined iPXE, metadata and gRPC service (external endpoint should be passed to Sidero as `SIDERO_CONTROLLER_MANAGER_API_ENDPOINT` and `SIDERO_CONTROLLER_MANAGER_API_PORT`) +- UDP port 69 for the TFTP service (DHCP server should point the nodes to PXE boot from that IP) + +These endpoints could be exposed to the infrastructure using different strategies: + +- running `sidero-controller-manager` on the host network. +- using Kubernetes load balancers (e.g. MetalLB), ingress controllers, etc. + +> Note: If you want to run `sidero-controller-manager` on the host network using port different from `8081` you should set both `SIDERO_CONTROLLER_MANAGER_API_PORT` and `SIDERO_CONTROLLER_MANAGER_CONTAINER_API_PORT` to the same value. diff --git a/website/content/docs/v0.5/Overview/introduction.md b/website/content/docs/v0.5/Overview/introduction.md new file mode 100755 index 000000000..d9246535b --- /dev/null +++ b/website/content/docs/v0.5/Overview/introduction.md @@ -0,0 +1,30 @@ +--- +description: "" +weight: 1 +title: Introduction +--- + +Sidero ("Iron" in Greek) is a project created by the [Talos Systems](https://www.talos-systems.com/) team. +The goal of this project is to provide lightweight, composable tools that can be used to create bare-metal Talos + Kubernetes clusters. +These tools are built around the Cluster API project. +Sidero is also a subproject of Talos Systems' [Arges](https://github.com/talos-systems/arges) project, which will publish known-good versions of these components (along with others) with each release. + +## Overview + +Sidero is currently made up of two components: + +- Metal Controller Manager: Provides custom resources and controllers for managing the lifecycle of metal machines, iPXE server, metadata service, and gRPC API service +- Cluster API Provider Sidero (CAPS): A Cluster API infrastructure provider that makes use of the pieces above to spin up Kubernetes clusters + +Sidero also needs these co-requisites in order to be useful: + +- [Cluster API](https://github.com/kubernetes-sigs/cluster-api) +- [Cluster API Control Plane Provider Talos](https://github.com/talos-systems/cluster-api-control-plane-provider-talos) +- [Cluster API Bootstrap Provider Talos](https://github.com/talos-systems/cluster-api-bootstrap-provider-talos) + +All components mentioned above can be installed using Cluster API's `clusterctl` tool. + +Because of the design of Cluster API, there is inherently a "chicken and egg" problem with needing an existing Kubernetes cluster in order to provision the management plane. +Talos Systems and the Cluster API community have created tools to help make this transition easier. +That being said, the management plane cluster does not have to be based on Talos. +If you would, however, like to use Talos as the OS of choice for the Sidero management plane, you can find a number of ways to deploy Talos in the [documentation](https://www.talos.dev). diff --git a/website/content/docs/v0.5/Overview/resources.md b/website/content/docs/v0.5/Overview/resources.md new file mode 100644 index 000000000..abc1996b5 --- /dev/null +++ b/website/content/docs/v0.5/Overview/resources.md @@ -0,0 +1,118 @@ +--- +description: "" +weight: 4 +title: Resources +--- + +Sidero, the Talos bootstrap/controlplane providers, and Cluster API each provide several custom resources (CRDs) to Kubernetes. +These CRDs are crucial to understanding the connections between each provider and in troubleshooting problems. +It may also help to look at the [cluster template](https://github.com/talos-systems/sidero/blob/master/templates/cluster-template.yaml) to get an idea of the relationships between these. + +--- + +## Cluster API (CAPI) + +It's worth defining the most basic resources that CAPI provides first, as they are related to several subsequent resources below. + +### `Cluster` + +`Cluster` is the highest level CAPI resource. +It allows users to specify things like network layout of the cluster, as well as contains references to the infrastructure and control plane resources that will be used to create the cluster. + +### `Machines` + +`Machine` represents an infrastructure component hosting a Kubernetes node. +Allows for specification of things like Kubernetes version, as well as contains reference to the infrastructure resource that relates to this machine. + +### `MachineDeployments` + +`MachineDeployments` are similar to a `Deployment` and their relationship to `Pods` in Kubernetes primitives. +A `MachineDeployment` allows for specification of a number of Machine replicas with a given specification. + +--- + +## Cluster API Bootstrap Provider Talos (CABPT) + +### `TalosConfigs` + +The `TalosConfig` resource allows a user to specify the type (init, controlplane, join) for a given machine. +The bootstrap provider will then generate a Talos machine configuration for that machine. +This resource also provides the ability to pass a full, pre-generated machine configuration. +Finally, users have the ability to pass `configPatches`, which are applied to edit a generate machine configuration with user-defined settings. +The `TalosConfig` corresponds to the `bootstrap` sections of Machines, `MachineDeployments`, and the `controlPlaneConfig` section of `TalosControlPlanes`. + +### `TalosConfigTemplates` + +`TalosConfigTemplates` are similar to the `TalosConfig` above, but used when specifying a bootstrap reference in a `MachineDeployment`. + +--- + +## Cluster API Control Plane Provider Talos (CACPPT) + +### `TalosControlPlanes` + +The control plane provider presents a single CRD, the `TalosControlPlane`. +This resource is similar to `MachineDeployments`, but is targeted exclusively for the Kubernetes control plane nodes. +The `TalosControlPlane` allows for specification of the number of replicas, version of Kubernetes for the control plane nodes, references to the infrastructure resource to use (`infrastructureTemplate` section), as well as the configuration of the bootstrap data via the `controlPlaneConfig` section. +This resource is referred to by the CAPI Cluster resource via the `controlPlaneRef` section. + +--- + +## Sidero + +### Cluster API Provider Sidero (CAPS) + +#### `MetalClusters` + +A `MetalCluster` is Sidero's view of the cluster resource. +This resource allows users to define the control plane endpoint that corresponds to the Kubernetes API server. +This resource corresponds to the `infrastructureRef` section of Cluster API's `Cluster` resource. + +#### `MetalMachines` + +A `MetalMachine` is Sidero's view of a machine. +Allows for reference of a single server or a server class from which a physical server will be picked to bootstrap. + +#### `MetalMachineTemplates` + +A `MetalMachineTemplate` is similar to a `MetalMachine` above, but serves as a template that is reused for resources like `MachineDeployments` or `TalosControlPlanes` that allocate multiple `Machines` at once. + +#### `ServerBindings` + +`ServerBindings` represent a one-to-one mapping between a Server resource and a `MetalMachine` resource. +A `ServerBinding` is used internally to keep track of servers that are allocated to a Kubernetes cluster and used to make decisions on cleaning and returning servers to a `ServerClass` upon deallocation. + +### Metal Controller Manager + +#### `Environments` + +These define a desired deployment environment for Talos, including things like which kernel to use, kernel args to pass, and the initrd to use. +Sidero allows you to define a default environment, as well as other environments that may be specific to a subset of nodes. +Users can override the environment at the `ServerClass` or `Server` level, if you have requirements for different kernels or kernel parameters. + +See the [Environments](../../resource-configuration/environments/) section of our Configuration docs for examples and more detail. + +#### `Servers` + +These represent physical machines as resources in the management plane. +These `Servers` are created when the physical machine PXE boots and completes a "discovery" process in which it registers with the management plane and provides SMBIOS information such as the CPU manufacturer and version, and memory information. + +See the [Servers](../../resource-configuration/servers/) section of our Configuration docs for examples and more detail. + +#### `ServerClasses` + +`ServerClasses` are a grouping of the `Servers` mentioned above, grouped to create classes of servers based on Memory, CPU or other attributes. +These can be used to compose a bank of `Servers` that are eligible for provisioning. + +See the [ServerClasses](../../resource-configuration/serverclasses/) section of our Configuration docs for examples and more detail. + +### Metal Metadata Server + +While the metadata server does not present unique CRDs within Kubernetes, it's important to understand the metadata resources that are returned to physical servers during the boot process. + +#### Metadata + +The metadata server may be familiar to you if you have used cloud environments previously. +Using Talos machine configurations created by the Talos Cluster API bootstrap provider, along with patches specified by editing `Server`/`ServerClass` resources or `TalosConfig`/`TalosControlPlane` resources, metadata is returned to servers who query the metadata server at boot time. + +See the [Metadata](../../resource-configuration/metadata/) section of our Configuration docs for examples and more detail. diff --git a/website/content/docs/v0.5/Reference/minimum-requirements.md b/website/content/docs/v0.5/Reference/minimum-requirements.md new file mode 100644 index 000000000..caf188ff5 --- /dev/null +++ b/website/content/docs/v0.5/Reference/minimum-requirements.md @@ -0,0 +1,22 @@ +--- +description: "System Requirements" +weight: 1 +title: System Requirements +--- + +## System Requirements + +Most of the time, Sidero does very little, so it needs very few resources. +However, since it is in charge of any number of workload clusters, it **should** +be built with redundancy. +It is also common, if the cluster is single-purpose, +to combine the controlplane and worker node roles. +Virtual machines are also +perfectly well-suited for this role. + +Minimum suggested dimensions: + +- Node count: 3 +- Node RAM: 4GB +- Node CPU: ARM64 or x86-64 class +- Node storage: 32GB storage on system disk diff --git a/website/content/docs/v0.5/Resource Configuration/environments.md b/website/content/docs/v0.5/Resource Configuration/environments.md new file mode 100644 index 000000000..bf47b23f3 --- /dev/null +++ b/website/content/docs/v0.5/Resource Configuration/environments.md @@ -0,0 +1,77 @@ +--- +description: "" +weight: 1 +title: Environments +--- + +Environments are a custom resource provided by the Metal Controller Manager. +An environment is a codified description of what should be returned by the PXE server when a physical server attempts to PXE boot. + +Especially important in the environment types are the kernel args. +From here, one can tweak the IP to the metadata server as well as various other kernel options that [Talos](https://www.talos.dev/docs/v0.13/reference/kernel/#commandline-parameters) and/or the Linux kernel supports. + +Environments can be supplied to a given server either at the Server or the ServerClass level. +The hierarchy from most to least respected is: + +- `.spec.environmentRef` provided at `Server` level +- `.spec.environmentRef` provided at `ServerClass` level +- `"default"` `Environment` created automatically and modified by an administrator + +A sample environment definition looks like this: + +```yaml +apiVersion: metal.sidero.dev/v1alpha1 +kind: Environment +metadata: + name: default +spec: + kernel: + url: "https://github.com/talos-systems/talos/releases/download/v0.13.0/vmlinuz-amd64" + sha512: "" + args: + - console=tty0 + - console=ttyS1,115200n8 + - consoleblank=0 + - earlyprintk=ttyS1,115200n8 + - ima_appraise=fix + - ima_hash=sha512 + - ima_template=ima-ng + - init_on_alloc=1 + - initrd=initramfs.xz + - nvme_core.io_timeout=4294967295 + - printk.devkmsg=on + - pti=on + - random.trust_cpu=on + - slab_nomerge= + - talos.config=http://$PUBLIC_IP:8081/configdata?uuid= + - talos.platform=metal + initrd: + url: "https://github.com/talos-systems/talos/releases/download/v0.13.0/initramfs-amd64.xz" + sha512: "" +``` + +Example of overriding `"default"` `Environment` at the `Server` level: + +```yaml +apiVersion: metal.sidero.dev/v1alpha1 +kind: Server +... +spec: + environmentRef: + namespace: default + name: boot + ... +``` + +Example of overriding `"default"` `Environment` at the `ServerClass` level: + +```yaml +apiVersion: metal.sidero.dev/v1alpha1 +kind: ServerClass +... +spec: + environmentRef: + namespace: default + name: boot + ... +``` diff --git a/website/content/docs/v0.5/Resource Configuration/metadata.md b/website/content/docs/v0.5/Resource Configuration/metadata.md new file mode 100644 index 000000000..2d0936467 --- /dev/null +++ b/website/content/docs/v0.5/Resource Configuration/metadata.md @@ -0,0 +1,29 @@ +--- +description: "" +weight: 4 +title: Metadata +--- + +The Metadata server manages the Machine metadata. +In terms of Talos (the OS on which the Kubernetes cluster is formed), this is the +"[machine config](https://www.talos.dev/docs/v0.13/reference/configuration/)", +which is used during the automated installation. + +## Talos Machine Configuration + +The configuration of each machine is constructed from a number of sources: + +- The Talos bootstrap provider. +- The `Cluster` of which the `Machine` is a member. +- The `ServerClass` which was used to select the `Server` into the `Cluster`. +- Any `Server`-specific patches. + +The base template is constructed from the Talos bootstrap provider, using data from the associated `Cluster` manifest. +Then, any configuration patches are applied from the `ServerClass` and `Server`. + +Only configuration patches are allowed in the `ServerClass` and `Server` resources. +These patches take the form of an [RFC 6902](https://tools.ietf.org/html/rfc6902) JSON (or YAML) patch. +An example of the use of this patch method can be found in [Patching Guide](../../guides/patching/). + +Also note that while a `Server` can be a member of any number of `ServerClass`es, only the `ServerClass` which is used to select the `Server` into the `Cluster` will be used for the generation of the configuration of the `Machine`. +In this way, `Servers` may have a number of different configuration patch sets based on which `Cluster` they are in at any given time. diff --git a/website/content/docs/v0.5/Resource Configuration/serverclasses.md b/website/content/docs/v0.5/Resource Configuration/serverclasses.md new file mode 100644 index 000000000..2ed27f22c --- /dev/null +++ b/website/content/docs/v0.5/Resource Configuration/serverclasses.md @@ -0,0 +1,82 @@ +--- +description: "" +weight: 3 +title: Server Classes +--- + +Server classes are a way to group distinct server resources. +The `qualifiers` and `selector` keys allow the administrator to specify criteria upon which to group these servers. +If both of these keys are missing, the server class matches all servers that it is watching. +If both of these keys define requirements, these requirements are combined (logical `AND`). + +## `selector` + +`selector` groups server resources by their labels. +The [Kubernetes documentation][label-selector-docs] has more information on how to use this field. + +## `qualifiers` + +There are currently two keys: `cpu`, `systemInformation`. +Each of these keys accepts a list of entries. +The top level keys are a "logical `AND`", while the lists under each key are a "logical `OR`". +Qualifiers that are not specified are not evaluated. + +An example: + +```yaml +apiVersion: metal.sidero.dev/v1alpha1 +kind: ServerClass +metadata: + name: serverclass-sample +spec: + selector: + matchLabels: + common-label: "true" + matchExpressions: + - key: zone + operator: In + values: + - central + - east + - key: environment + operator: NotIn + values: + - prod + qualifiers: + cpu: + - manufacturer: "Intel(R) Corporation" + version: "Intel(R) Atom(TM) CPU C3558 @ 2.20GHz" + - manufacturer: Advanced Micro Devices, Inc. + version: AMD Ryzen 7 2700X Eight-Core Processor + systemInformation: + - manufacturer: Dell Inc. +``` + +Servers would only be added to the above class if they: + +- had _EITHER_ CPU info +- _AND_ the label key/value in `matchLabels` +- _AND_ match the `matchExpressions` + +Additionally, Sidero automatically creates and maintains a server class called `"any"` that includes all (accepted) servers. +Attempts to add qualifiers to it will be reverted. + +[label-selector-docs]: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/label-selector/ + +## `configPatches` + +Server configs of servers matching a server class can be updated by using the `configPatches` section of the custom resource. +See [patching](../guides/patching) for more information on how this works. + +An example of settings the default install disk for all servers matching a server class: + +```yaml +apiVersion: metal.sidero.dev/v1alpha1 +kind: ServerClass +... +spec: + configPatches: + - op: replace + path: /machine/install/disk + value: /dev/sda +``` diff --git a/website/content/docs/v0.5/Resource Configuration/servers.md b/website/content/docs/v0.5/Resource Configuration/servers.md new file mode 100644 index 000000000..ee356bcdb --- /dev/null +++ b/website/content/docs/v0.5/Resource Configuration/servers.md @@ -0,0 +1,134 @@ +--- +description: "" +weight: 2 +title: Servers +--- + +Servers are the basic resource of bare metal in the Metal Controller Manager. +These are created by PXE booting the servers and allowing them to send a registration request to the management plane. + +An example server may look like the following: + +```yaml +apiVersion: metal.sidero.dev/v1alpha1 +kind: Server +metadata: + name: 00000000-0000-0000-0000-d05099d333e0 + labels: + common-label: "true" + zone: east + environment: test +spec: + accepted: false + configPatches: + - op: replace + path: /cluster/network/cni + value: + name: custom + urls: + - http://192.168.1.199/assets/cilium.yaml + cpu: + manufacturer: Intel(R) Corporation + version: Intel(R) Atom(TM) CPU C3558 @ 2.20GHz + system: + manufacturer: Dell Inc. +``` + +## Installation Disk + +An installation disk is required by Talos on bare metal. +This can be specified in a `configPatch`: + +```yaml +apiVersion: metal.sidero.dev/v1alpha1 +kind: Server +... +spec: + accepted: false + configPatches: + - op: replace + path: /machine/install/disk + value: /dev/sda +``` + +The install disk patch can also be set on the `ServerClass`: + +```yaml +apiVersion: metal.sidero.dev/v1alpha1 +kind: ServerClass +... +spec: + configPatches: + - op: replace + path: /machine/install/disk + value: /dev/sda +``` + +## Server Acceptance + +In order for a server to be eligible for consideration, it _must_ be `accepted`. +This is an important separation point which all `Server`s must pass. +Before a `Server` is accepted, no write action will be performed against it. +Thus, it is safe for a computer to be added to a network on which Sidero is operating. +Sidero will never write to or wipe any disk on a computer which is not marked as `accepted`. + +This can be tedious for systems in which all attached computers should be considered to be under the control of Sidero. +Thus, you may also choose to automatically accept any machine into Sidero on its discovery. +Please keep in mind that this means that any newly-connected computer **WILL BE WIPED** automatically. +You can enable auto-acceptance by passing the `--auto-accept-servers=true` flag to `sidero-controller-manager`. + +Once accepted, a server will be reset (all disks wiped) and then made available to Sidero. + +You should never change an accepted `Server` to be _not_ accepted while it is in use. +Because servers which are not accepted will not be modified, if a server which +_was_ accepted is changed to _not_ accepted, the disk will _not_ be wiped upon +its exit. + +## IPMI + +Sidero can use IPMI information to control `Server` power state, reboot servers and set boot order. + +IPMI information will be, by default, setup automatically if possible as part of the acceptance process. +In this design, a "sidero" user will be added to the IPMI user list and a randomly generated password will be issued. +This information is then squirreled away in a Kubernetes secret in the `sidero-system` namespace, with a name format of `-bmc`. +Users wishing to turn off this feature can pass the `--auto-bmc-setup=false` flag to `sidero-controller-manager` + +IMPI connection information can also be set manually in the `Server` spec after initial registration: + +```yaml +apiVersion: metal.sidero.dev/v1alpha1 +kind: Server +... +spec: + bmc: + endpoint: 10.0.0.25 + user: admin + pass: password +``` + +If IPMI information is set, server boot order might be set to boot from disk, then network, Sidero will switch servers +to PXE boot once that is required. + +Without IPMI info, Sidero can still register servers, wipe them and provision clusters, but Sidero won't be able to reboot servers once they are removed from the cluster. +**If IPMI info is not set, servers should be configured to boot first from network, then from disk.** + +Sidero can also fetch IPMI credentials via the `Secret` reference: + +```yaml +apiVersion: metal.sidero.dev/v1alpha1 +kind: Server +... +spec: + bmc: + endpoint: 10.0.0.25 + userFrom: + secretKeyRef: + name: ipmi-credentials + key: username + passFrom: + secretKeyRef: + name: ipmi-credentials + key: password +``` + +As the `Server` resource is not namespaced, `Secret` should be created in the `default` namespace. diff --git a/website/content/docs/v0.5/index.md b/website/content/docs/v0.5/index.md new file mode 100644 index 000000000..bfe179ed0 --- /dev/null +++ b/website/content/docs/v0.5/index.md @@ -0,0 +1,22 @@ +--- +title: "Welcome" +--- + +Welcome to the Sidero documentation. + +## Community + +- Slack: Join our [slack channel](https://slack.dev.talos-systems.io) +- Forum: [community](https://groups.google.com/a/talos-systems.com/forum/#!forum/community) +- Twitter: [@talossystems](https://twitter.com/talossystems) +- Email: [info@talos-systems.com](mailto:info@talos-systems.com) + +If you're interested in this project and would like to help in engineering efforts, or have general usage questions, we are happy to have you! +We hold a weekly meeting that all audiences are welcome to attend. + +### Office Hours + +- When: Mondays at 17:00 UTC. +- Where: [Google Meet](https://meet.google.com/day-pxhv-zky). + +You can subscribe to this meeting by joining the community forum above. diff --git a/website/gridsome.config.js b/website/gridsome.config.js index ffb4af12e..a560dfcf7 100644 --- a/website/gridsome.config.js +++ b/website/gridsome.config.js @@ -21,6 +21,12 @@ module.exports = { links: [{ path: "", title: "Docs" }], }, dropdownOptions: [ + { + version: "v0.5", + url: "/docs/v0.5/", + latest: false, + prerelease: true, + }, { version: "v0.4", url: "/docs/v0.4/", @@ -65,6 +71,12 @@ module.exports = { typeName: "MarkdownPage", pathPrefix: "/docs", sidebarOrder: { + "v0.5": [ + { title: "Overview", method: "weighted" }, + { title: "Getting Started", method: "weighted" }, + { title: "Resource Configuration", method: "alphabetical" }, + { title: "Guides", method: "alphabetical" }, + ], "v0.4": [ { title: "Overview", method: "weighted" }, { title: "Getting Started", method: "weighted" },